1 /*++ NDK Version: 0098 2 3 Copyright (c) Alex Ionescu. All rights reserved. 4 5 Header Name: 6 7 psfuncs.h 8 9 Abstract: 10 11 Function definitions for the Process Manager 12 13 Author: 14 15 Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 16 17 --*/ 18 19 #ifndef _PSFUNCS_H 20 #define _PSFUNCS_H 21 22 // 23 // Dependencies 24 // 25 #include <umtypes.h> 26 #include <pstypes.h> 27 28 #ifdef __cplusplus 29 extern "C" { 30 #endif 31 32 #ifndef NTOS_MODE_USER 33 34 // 35 // Win32K Process/Thread Functions 36 // 37 NTKERNELAPI 38 PVOID 39 NTAPI 40 PsGetCurrentThreadWin32Thread( 41 VOID 42 ); 43 44 NTKERNELAPI 45 PVOID 46 NTAPI 47 PsGetCurrentProcessWin32Process( 48 VOID 49 ); 50 51 NTKERNELAPI 52 PVOID 53 NTAPI 54 PsGetProcessWin32Process( 55 _In_ PEPROCESS Process 56 ); 57 58 NTKERNELAPI 59 NTSTATUS 60 NTAPI 61 PsSetProcessWin32Process( 62 _Inout_ PEPROCESS Process, 63 _In_opt_ PVOID Win32Process, 64 _In_opt_ PVOID OldWin32Process 65 ); 66 67 NTKERNELAPI 68 PVOID 69 NTAPI 70 PsSetThreadWin32Thread( 71 _Inout_ PETHREAD Thread, 72 _In_opt_ PVOID Win32Thread, 73 _In_opt_ PVOID OldWin32Thread 74 ); 75 76 NTKERNELAPI 77 PVOID 78 NTAPI 79 PsGetThreadWin32Thread( 80 _In_ PETHREAD Thread 81 ); 82 83 NTKERNELAPI 84 PVOID 85 NTAPI 86 PsGetProcessWin32WindowStation( 87 _In_ PEPROCESS Process 88 ); 89 90 NTKERNELAPI 91 VOID 92 NTAPI 93 PsSetProcessWindowStation( 94 _Inout_ PEPROCESS Process, 95 _In_opt_ PVOID WindowStation 96 ); 97 98 NTKERNELAPI 99 PTEB 100 NTAPI 101 PsGetThreadTeb( 102 _In_ PETHREAD Thread 103 ); 104 105 NTKERNELAPI 106 HANDLE 107 NTAPI 108 PsGetThreadId( 109 _In_ PETHREAD Thread 110 ); 111 112 NTKERNELAPI 113 PEPROCESS 114 NTAPI 115 PsGetThreadProcess( 116 _In_ PETHREAD Thread 117 ); 118 119 NTKERNELAPI 120 ULONG 121 NTAPI 122 PsGetThreadFreezeCount( 123 _In_ PETHREAD Thread 124 ); 125 126 NTKERNELAPI 127 BOOLEAN 128 NTAPI 129 PsGetThreadHardErrorsAreDisabled( 130 _In_ PETHREAD Thread 131 ); 132 133 NTKERNELAPI 134 VOID 135 NTAPI 136 PsSetThreadHardErrorsAreDisabled( 137 _Inout_ PETHREAD Thread, 138 _In_ BOOLEAN Disabled 139 ); 140 141 NTKERNELAPI 142 VOID 143 NTAPI 144 PsEstablishWin32Callouts( 145 _In_ PWIN32_CALLOUTS_FPNS CalloutData 146 ); 147 148 NTKERNELAPI 149 VOID 150 NTAPI 151 PsReturnProcessNonPagedPoolQuota( 152 _In_ PEPROCESS Process, 153 _In_ SIZE_T Amount 154 ); 155 156 NTKERNELAPI 157 ULONG 158 NTAPI 159 PsGetCurrentProcessSessionId( 160 VOID 161 ); 162 163 // 164 // Process Impersonation Functions 165 // 166 NTKERNELAPI 167 BOOLEAN 168 NTAPI 169 PsIsThreadImpersonating( 170 _In_ PETHREAD Thread 171 ); 172 173 NTKERNELAPI 174 VOID 175 NTAPI 176 PsRevertThreadToSelf( 177 _Inout_ PETHREAD Thread 178 ); 179 180 // 181 // Misc. Functions 182 // 183 NTKERNELAPI 184 NTSTATUS 185 NTAPI 186 PsLookupProcessThreadByCid( 187 _In_ PCLIENT_ID Cid, 188 _Out_opt_ PEPROCESS *Process, 189 _Out_ PETHREAD *Thread 190 ); 191 192 BOOLEAN 193 NTAPI 194 PsIsProtectedProcess( 195 _In_ PEPROCESS Process 196 ); 197 198 NTKERNELAPI 199 BOOLEAN 200 NTAPI 201 PsIsSystemProcess( 202 _In_ PEPROCESS Process 203 ); 204 205 VOID 206 NTAPI 207 PsSetProcessPriorityByClass( 208 _In_ PEPROCESS Process, 209 _In_ PSPROCESSPRIORITYMODE Type 210 ); 211 212 HANDLE 213 NTAPI 214 PsGetProcessInheritedFromUniqueProcessId( 215 _In_ PEPROCESS Process 216 ); 217 218 NTKERNELAPI 219 NTSTATUS 220 NTAPI 221 PsGetProcessExitStatus( 222 _In_ PEPROCESS Process 223 ); 224 225 NTKERNELAPI 226 ULONG 227 NTAPI 228 PsGetProcessSessionId( 229 _In_ PEPROCESS Process 230 ); 231 232 NTKERNELAPI 233 BOOLEAN 234 NTAPI 235 PsGetProcessExitProcessCalled( 236 _In_ PEPROCESS Process 237 ); 238 239 // 240 // Quota Functions 241 // 242 NTKERNELAPI 243 VOID 244 NTAPI 245 PsChargePoolQuota( 246 _In_ PEPROCESS Process, 247 _In_ POOL_TYPE PoolType, 248 _In_ SIZE_T Amount 249 ); 250 251 NTKERNELAPI 252 NTSTATUS 253 NTAPI 254 PsChargeProcessNonPagedPoolQuota( 255 _In_ PEPROCESS Process, 256 _In_ SIZE_T Amount 257 ); 258 259 NTKERNELAPI 260 NTSTATUS 261 NTAPI 262 PsChargeProcessPagedPoolQuota( 263 _In_ PEPROCESS Process, 264 _In_ SIZE_T Amount 265 ); 266 267 NTKERNELAPI 268 NTSTATUS 269 NTAPI 270 PsChargeProcessPoolQuota( 271 _In_ PEPROCESS Process, 272 _In_ POOL_TYPE PoolType, 273 _In_ SIZE_T Amount 274 ); 275 276 NTKERNELAPI 277 VOID 278 NTAPI 279 PsReturnPoolQuota( 280 _In_ PEPROCESS Process, 281 _In_ POOL_TYPE PoolType, 282 _In_ SIZE_T Amount 283 ); 284 285 NTKERNELAPI 286 VOID 287 NTAPI 288 PsReturnProcessNonPagedPoolQuota( 289 _In_ PEPROCESS Process, 290 _In_ SIZE_T Amount 291 ); 292 293 NTKERNELAPI 294 VOID 295 NTAPI 296 PsReturnProcessPagedPoolQuota( 297 _In_ PEPROCESS Process, 298 _In_ SIZE_T Amount 299 ); 300 301 NTKERNELAPI 302 PVOID 303 NTAPI 304 PsGetProcessSecurityPort( 305 _In_ PEPROCESS Process 306 ); 307 308 NTKERNELAPI 309 NTSTATUS 310 NTAPI 311 PsSetProcessSecurityPort( 312 _Inout_ PEPROCESS Process, 313 _In_ PVOID SecurityPort 314 ); 315 316 NTKERNELAPI 317 HANDLE 318 NTAPI 319 PsGetCurrentThreadProcessId( 320 VOID 321 ); 322 323 #endif 324 325 // 326 // Native Calls 327 // 328 NTSYSCALLAPI 329 NTSTATUS 330 NTAPI 331 NtAlertResumeThread( 332 _In_ HANDLE ThreadHandle, 333 _Out_opt_ PULONG SuspendCount 334 ); 335 336 NTSYSCALLAPI 337 NTSTATUS 338 NTAPI 339 NtApphelpCacheControl( 340 _In_ APPHELPCACHESERVICECLASS Service, 341 _In_opt_ PAPPHELP_CACHE_SERVICE_LOOKUP ServiceData 342 ); 343 344 NTSYSCALLAPI 345 NTSTATUS 346 NTAPI 347 NtAlertThread( 348 _In_ HANDLE ThreadHandle 349 ); 350 351 NTSYSCALLAPI 352 NTSTATUS 353 NTAPI 354 NtAssignProcessToJobObject( 355 _In_ HANDLE JobHandle, 356 _In_ HANDLE ProcessHandle 357 ); 358 359 NTSYSCALLAPI 360 NTSTATUS 361 NTAPI 362 NtCreateJobObject( 363 _Out_ PHANDLE JobHandle, 364 _In_ ACCESS_MASK DesiredAccess, 365 _In_ POBJECT_ATTRIBUTES ObjectAttributes 366 ); 367 368 NTSTATUS 369 NTAPI 370 NtCreateJobSet( 371 _In_ ULONG NumJob, 372 _In_ PJOB_SET_ARRAY UserJobSet, 373 _In_ ULONG Flags 374 ); 375 376 NTSYSCALLAPI 377 NTSTATUS 378 NTAPI 379 NtCreateProcess( 380 _Out_ PHANDLE ProcessHandle, 381 _In_ ACCESS_MASK DesiredAccess, 382 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, 383 _In_ HANDLE ParentProcess, 384 _In_ BOOLEAN InheritObjectTable, 385 _In_opt_ HANDLE SectionHandle, 386 _In_opt_ HANDLE DebugPort, 387 _In_opt_ HANDLE ExceptionPort 388 ); 389 390 NTSYSCALLAPI 391 NTSTATUS 392 NTAPI 393 NtCreateProcessEx( 394 _Out_ PHANDLE ProcessHandle, 395 _In_ ACCESS_MASK DesiredAccess, 396 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, 397 _In_ HANDLE ParentProcess, 398 _In_ ULONG Flags, 399 _In_opt_ HANDLE SectionHandle, 400 _In_opt_ HANDLE DebugPort, 401 _In_opt_ HANDLE ExceptionPort, 402 _In_ BOOLEAN InJob 403 ); 404 405 NTSYSCALLAPI 406 NTSTATUS 407 NTAPI 408 NtCreateThread( 409 _Out_ PHANDLE ThreadHandle, 410 _In_ ACCESS_MASK DesiredAccess, 411 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, 412 _In_ HANDLE ProcessHandle, 413 _Out_ PCLIENT_ID ClientId, 414 _In_ PCONTEXT ThreadContext, 415 _In_ PINITIAL_TEB UserStack, 416 _In_ BOOLEAN CreateSuspended 417 ); 418 419 #ifndef NTOS_MODE_USER 420 FORCEINLINE struct _TEB * NtCurrentTeb(VOID) 421 { 422 #if defined(_M_IX86) 423 return (struct _TEB *)__readfsdword(0x18); 424 #elif defined (_M_AMD64) 425 return (struct _TEB *)__readgsqword(FIELD_OFFSET(NT_TIB, Self)); 426 #elif defined (_M_ARM) 427 // return (struct _TEB *)KeGetPcr()->Used_Self; 428 return (struct _TEB *)(ULONG_PTR)_MoveFromCoprocessor(CP15_TPIDRURW); 429 #elif defined (_M_ARM64) 430 //UNIMPLEMENTED; 431 return 0; 432 // #elif defined(_M_PPC) 433 // return (struct _TEB *)_read_teb_dword(0x18); 434 #else 435 #error Unsupported architecture 436 #endif 437 } 438 #else 439 struct _TEB * NtCurrentTeb(VOID); 440 #endif 441 442 NTSYSCALLAPI 443 NTSTATUS 444 NTAPI 445 NtImpersonateThread( 446 _In_ HANDLE ThreadHandle, 447 _In_ HANDLE ThreadToImpersonate, 448 _In_ PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService 449 ); 450 451 NTSYSCALLAPI 452 NTSTATUS 453 NTAPI 454 NtIsProcessInJob( 455 _In_ HANDLE ProcessHandle, 456 _In_opt_ HANDLE JobHandle 457 ); 458 459 __kernel_entry 460 NTSYSCALLAPI 461 NTSTATUS 462 NTAPI 463 NtOpenProcess( 464 _Out_ PHANDLE ProcessHandle, 465 _In_ ACCESS_MASK DesiredAccess, 466 _In_ POBJECT_ATTRIBUTES ObjectAttributes, 467 _In_opt_ PCLIENT_ID ClientId 468 ); 469 470 _Must_inspect_result_ 471 __kernel_entry 472 NTSYSCALLAPI 473 NTSTATUS 474 NTAPI 475 NtOpenProcessToken( 476 _In_ HANDLE ProcessHandle, 477 _In_ ACCESS_MASK DesiredAccess, 478 _Out_ PHANDLE TokenHandle 479 ); 480 481 NTSYSCALLAPI 482 NTSTATUS 483 NTAPI 484 NtOpenThread( 485 _Out_ PHANDLE ThreadHandle, 486 _In_ ACCESS_MASK DesiredAccess, 487 _In_ POBJECT_ATTRIBUTES ObjectAttributes, 488 _In_ PCLIENT_ID ClientId 489 ); 490 491 NTSYSCALLAPI 492 NTSTATUS 493 NTAPI 494 NtOpenThreadToken( 495 _In_ HANDLE ThreadHandle, 496 _In_ ACCESS_MASK DesiredAccess, 497 _In_ BOOLEAN OpenAsSelf, 498 _Out_ PHANDLE TokenHandle 499 ); 500 501 NTSYSCALLAPI 502 NTSTATUS 503 NTAPI 504 NtOpenThreadTokenEx( 505 _In_ HANDLE ThreadHandle, 506 _In_ ACCESS_MASK DesiredAccess, 507 _In_ BOOLEAN OpenAsSelf, 508 _In_ ULONG HandleAttributes, 509 _Out_ PHANDLE TokenHandle 510 ); 511 512 NTSYSCALLAPI 513 NTSTATUS 514 NTAPI 515 NtQueryInformationJobObject( 516 _In_ HANDLE JobHandle, 517 _In_ JOBOBJECTINFOCLASS JobInformationClass, 518 _Out_bytecap_(JobInformationLength) PVOID JobInformation, 519 _In_ ULONG JobInformationLength, 520 _Out_ PULONG ReturnLength 521 ); 522 523 #ifndef _NTDDK_ 524 __kernel_entry 525 NTSYSCALLAPI 526 NTSTATUS 527 NTAPI 528 NtQueryInformationProcess( 529 _In_ HANDLE ProcessHandle, 530 _In_ PROCESSINFOCLASS ProcessInformationClass, 531 _Out_ PVOID ProcessInformation, 532 _In_ ULONG ProcessInformationLength, 533 _Out_opt_ PULONG ReturnLength 534 ); 535 #endif 536 537 NTSYSCALLAPI 538 NTSTATUS 539 NTAPI 540 NtQueryInformationThread( 541 _In_ HANDLE ThreadHandle, 542 _In_ THREADINFOCLASS ThreadInformationClass, 543 _Out_ PVOID ThreadInformation, 544 _In_ ULONG ThreadInformationLength, 545 _Out_opt_ PULONG ReturnLength 546 ); 547 548 NTSYSCALLAPI 549 NTSTATUS 550 NTAPI 551 NtRegisterThreadTerminatePort( 552 _In_ HANDLE TerminationPort 553 ); 554 555 NTSYSCALLAPI 556 NTSTATUS 557 NTAPI 558 NtResumeThread( 559 _In_ HANDLE ThreadHandle, 560 _Out_opt_ PULONG SuspendCount 561 ); 562 563 NTSYSCALLAPI 564 NTSTATUS 565 NTAPI 566 NtResumeProcess( 567 _In_ HANDLE ProcessHandle 568 ); 569 570 NTSYSCALLAPI 571 NTSTATUS 572 NTAPI 573 NtSetInformationJobObject( 574 _In_ HANDLE JobHandle, 575 _In_ JOBOBJECTINFOCLASS JobInformationClass, 576 _In_bytecount_(JobInformationLength) PVOID JobInformation, 577 _In_ ULONG JobInformationLength 578 ); 579 580 NTSYSCALLAPI 581 NTSTATUS 582 NTAPI 583 NtSetInformationProcess( 584 _In_ HANDLE ProcessHandle, 585 _In_ PROCESSINFOCLASS ProcessInformationClass, 586 _In_ PVOID ProcessInformation, 587 _In_ ULONG ProcessInformationLength 588 ); 589 590 __kernel_entry 591 NTSYSCALLAPI 592 NTSTATUS 593 NTAPI 594 NtSetInformationThread( 595 _In_ HANDLE ThreadHandle, 596 _In_ THREADINFOCLASS ThreadInformationClass, 597 _In_reads_bytes_(ThreadInformationLength) PVOID ThreadInformation, 598 _In_ ULONG ThreadInformationLength 599 ); 600 601 NTSYSCALLAPI 602 NTSTATUS 603 NTAPI 604 NtSuspendProcess( 605 _In_ HANDLE ProcessHandle 606 ); 607 608 NTSYSCALLAPI 609 NTSTATUS 610 NTAPI 611 NtSuspendThread( 612 _In_ HANDLE ThreadHandle, 613 _In_ PULONG PreviousSuspendCount 614 ); 615 616 NTSYSCALLAPI 617 NTSTATUS 618 NTAPI 619 NtTerminateProcess( 620 _In_ HANDLE ProcessHandle, 621 _In_ NTSTATUS ExitStatus 622 ); 623 624 NTSYSCALLAPI 625 NTSTATUS 626 NTAPI 627 NtTerminateThread( 628 _In_ HANDLE ThreadHandle, 629 _In_ NTSTATUS ExitStatus 630 ); 631 632 NTSYSCALLAPI 633 NTSTATUS 634 NTAPI 635 NtTerminateJobObject( 636 _In_ HANDLE JobHandle, 637 _In_ NTSTATUS ExitStatus 638 ); 639 640 NTSYSAPI 641 NTSTATUS 642 NTAPI 643 ZwAlertResumeThread( 644 _In_ HANDLE ThreadHandle, 645 _Out_opt_ PULONG SuspendCount 646 ); 647 648 NTSYSAPI 649 NTSTATUS 650 NTAPI 651 ZwAlertThread( 652 _In_ HANDLE ThreadHandle 653 ); 654 655 NTSYSAPI 656 NTSTATUS 657 NTAPI 658 ZwAssignProcessToJobObject( 659 _In_ HANDLE JobHandle, 660 _In_ HANDLE ProcessHandle 661 ); 662 663 NTSYSAPI 664 NTSTATUS 665 NTAPI 666 ZwCreateJobObject( 667 _Out_ PHANDLE JobHandle, 668 _In_ ACCESS_MASK DesiredAccess, 669 _In_ POBJECT_ATTRIBUTES ObjectAttributes 670 ); 671 672 NTSYSAPI 673 NTSTATUS 674 NTAPI 675 ZwCreateProcess( 676 _Out_ PHANDLE ProcessHandle, 677 _In_ ACCESS_MASK DesiredAccess, 678 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, 679 _In_ HANDLE ParentProcess, 680 _In_ BOOLEAN InheritObjectTable, 681 _In_opt_ HANDLE SectionHandle, 682 _In_opt_ HANDLE DebugPort, 683 _In_opt_ HANDLE ExceptionPort 684 ); 685 686 NTSYSAPI 687 NTSTATUS 688 NTAPI 689 ZwCreateThread( 690 _Out_ PHANDLE ThreadHandle, 691 _In_ ACCESS_MASK DesiredAccess, 692 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, 693 _In_ HANDLE ProcessHandle, 694 _Out_ PCLIENT_ID ClientId, 695 _In_ PCONTEXT ThreadContext, 696 _In_ PINITIAL_TEB UserStack, 697 _In_ BOOLEAN CreateSuspended 698 ); 699 700 NTSYSAPI 701 NTSTATUS 702 NTAPI 703 ZwImpersonateThread( 704 _In_ HANDLE ThreadHandle, 705 _In_ HANDLE ThreadToImpersonate, 706 _In_ PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService 707 ); 708 709 NTSYSAPI 710 NTSTATUS 711 NTAPI 712 ZwIsProcessInJob( 713 _In_ HANDLE ProcessHandle, 714 _In_opt_ HANDLE JobHandle 715 ); 716 717 _IRQL_requires_max_(PASSIVE_LEVEL) 718 NTSYSAPI 719 NTSTATUS 720 NTAPI 721 ZwOpenProcessTokenEx( 722 _In_ HANDLE ProcessHandle, 723 _In_ ACCESS_MASK DesiredAccess, 724 _In_ ULONG HandleAttributes, 725 _Out_ PHANDLE TokenHandle 726 ); 727 728 NTSYSAPI 729 NTSTATUS 730 NTAPI 731 ZwOpenThread( 732 _Out_ PHANDLE ThreadHandle, 733 _In_ ACCESS_MASK DesiredAccess, 734 _In_ POBJECT_ATTRIBUTES ObjectAttributes, 735 _In_ PCLIENT_ID ClientId 736 ); 737 738 NTSYSAPI 739 NTSTATUS 740 NTAPI 741 ZwOpenThreadToken( 742 _In_ HANDLE ThreadHandle, 743 _In_ ACCESS_MASK DesiredAccess, 744 _In_ BOOLEAN OpenAsSelf, 745 _Out_ PHANDLE TokenHandle 746 ); 747 748 NTSYSAPI 749 NTSTATUS 750 NTAPI 751 ZwOpenThreadTokenEx( 752 _In_ HANDLE ThreadHandle, 753 _In_ ACCESS_MASK DesiredAccess, 754 _In_ BOOLEAN OpenAsSelf, 755 _In_ ULONG HandleAttributes, 756 _Out_ PHANDLE TokenHandle 757 ); 758 759 NTSYSAPI 760 NTSTATUS 761 NTAPI 762 ZwQueryInformationJobObject( 763 _In_ HANDLE JobHandle, 764 _In_ JOBOBJECTINFOCLASS JobInformationClass, 765 _Out_bytecap_(JobInformationLength) PVOID JobInformation, 766 _In_ ULONG JobInformationLength, 767 _Out_ PULONG ReturnLength 768 ); 769 770 NTSYSAPI 771 NTSTATUS 772 NTAPI 773 ZwQueryInformationProcess( 774 _In_ HANDLE ProcessHandle, 775 _In_ PROCESSINFOCLASS ProcessInformationClass, 776 _Out_ PVOID ProcessInformation, 777 _In_ ULONG ProcessInformationLength, 778 _Out_opt_ PULONG ReturnLength 779 ); 780 781 NTSYSAPI 782 NTSTATUS 783 NTAPI 784 ZwQueryInformationThread( 785 _In_ HANDLE ThreadHandle, 786 _In_ THREADINFOCLASS ThreadInformationClass, 787 _Out_ PVOID ThreadInformation, 788 _In_ ULONG ThreadInformationLength, 789 _Out_opt_ PULONG ReturnLength 790 ); 791 792 NTSYSAPI 793 NTSTATUS 794 NTAPI 795 ZwRegisterThreadTerminatePort( 796 _In_ HANDLE TerminationPort 797 ); 798 799 NTSYSAPI 800 NTSTATUS 801 NTAPI 802 ZwResumeThread( 803 _In_ HANDLE ThreadHandle, 804 _Out_opt_ PULONG SuspendCount 805 ); 806 807 NTSYSAPI 808 NTSTATUS 809 NTAPI 810 ZwResumeProcess( 811 _In_ HANDLE ProcessHandle 812 ); 813 814 NTSYSAPI 815 NTSTATUS 816 NTAPI 817 ZwSetInformationJobObject( 818 _In_ HANDLE JobHandle, 819 _In_ JOBOBJECTINFOCLASS JobInformationClass, 820 _In_ PVOID JobInformation, 821 _In_ ULONG JobInformationLength 822 ); 823 824 NTSYSAPI 825 NTSTATUS 826 NTAPI 827 ZwSetInformationProcess( 828 _In_ HANDLE ProcessHandle, 829 _In_ PROCESSINFOCLASS ProcessInformationClass, 830 _In_ PVOID ProcessInformation, 831 _In_ ULONG ProcessInformationLength 832 ); 833 834 _IRQL_requires_max_(PASSIVE_LEVEL) 835 NTSYSAPI 836 NTSTATUS 837 NTAPI 838 ZwSetInformationThread( 839 _In_ HANDLE ThreadHandle, 840 _In_ THREADINFOCLASS ThreadInformationClass, 841 _In_reads_bytes_(ThreadInformationLength) PVOID ThreadInformation, 842 _In_ ULONG ThreadInformationLength 843 ); 844 845 NTSYSAPI 846 NTSTATUS 847 NTAPI 848 ZwSuspendProcess( 849 _In_ HANDLE ProcessHandle 850 ); 851 852 NTSYSAPI 853 NTSTATUS 854 NTAPI 855 ZwSuspendThread( 856 _In_ HANDLE ThreadHandle, 857 _In_ PULONG PreviousSuspendCount 858 ); 859 860 _IRQL_requires_max_(PASSIVE_LEVEL) 861 NTSYSAPI 862 NTSTATUS 863 NTAPI 864 ZwTerminateProcess ( 865 _In_opt_ HANDLE ProcessHandle, 866 _In_ NTSTATUS ExitStatus 867 ); 868 869 NTSYSAPI 870 NTSTATUS 871 NTAPI 872 ZwTerminateThread( 873 _In_ HANDLE ThreadHandle, 874 _In_ NTSTATUS ExitStatus 875 ); 876 877 NTSYSAPI 878 NTSTATUS 879 NTAPI 880 ZwTerminateJobObject( 881 _In_ HANDLE JobHandle, 882 _In_ NTSTATUS ExitStatus 883 ); 884 885 #ifdef __cplusplus 886 } 887 #endif 888 889 #endif 890