1 /*++ NDK Version: 0098 2 3 Copyright (c) Alex Ionescu. All rights reserved. 4 5 Header Name: 6 7 psfuncs.h 8 9 Abstract: 10 11 Function definitions for the Process Manager 12 13 Author: 14 15 Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 16 17 --*/ 18 19 #ifndef _PSFUNCS_H 20 #define _PSFUNCS_H 21 22 // 23 // Dependencies 24 // 25 #include <umtypes.h> 26 #include <pstypes.h> 27 28 #ifdef __cplusplus 29 extern "C" { 30 #endif 31 32 #ifndef NTOS_MODE_USER 33 34 // 35 // Win32K Process/Thread Functions 36 // 37 NTKERNELAPI 38 PVOID 39 NTAPI 40 PsGetCurrentThreadWin32Thread( 41 VOID 42 ); 43 44 NTKERNELAPI 45 PVOID 46 NTAPI 47 PsGetCurrentProcessWin32Process( 48 VOID 49 ); 50 51 NTKERNELAPI 52 PVOID 53 NTAPI 54 PsGetProcessWin32Process( 55 _In_ PEPROCESS Process 56 ); 57 58 NTKERNELAPI 59 NTSTATUS 60 NTAPI 61 PsSetProcessWin32Process( 62 _Inout_ PEPROCESS Process, 63 _In_opt_ PVOID Win32Process, 64 _In_opt_ PVOID OldWin32Process 65 ); 66 67 NTKERNELAPI 68 PVOID 69 NTAPI 70 PsSetThreadWin32Thread( 71 _Inout_ PETHREAD Thread, 72 _In_opt_ PVOID Win32Thread, 73 _In_opt_ PVOID OldWin32Thread 74 ); 75 76 NTKERNELAPI 77 PVOID 78 NTAPI 79 PsGetThreadWin32Thread( 80 _In_ PETHREAD Thread 81 ); 82 83 NTKERNELAPI 84 PVOID 85 NTAPI 86 PsGetProcessWin32WindowStation( 87 _In_ PEPROCESS Process 88 ); 89 90 NTKERNELAPI 91 VOID 92 NTAPI 93 PsSetProcessWindowStation( 94 _Inout_ PEPROCESS Process, 95 _In_opt_ PVOID WindowStation 96 ); 97 98 NTKERNELAPI 99 PTEB 100 NTAPI 101 PsGetThreadTeb( 102 _In_ PETHREAD Thread 103 ); 104 105 NTKERNELAPI 106 HANDLE 107 NTAPI 108 PsGetThreadId( 109 _In_ PETHREAD Thread 110 ); 111 112 NTKERNELAPI 113 PEPROCESS 114 NTAPI 115 PsGetThreadProcess( 116 _In_ PETHREAD Thread 117 ); 118 119 NTKERNELAPI 120 ULONG 121 NTAPI 122 PsGetThreadFreezeCount( 123 _In_ PETHREAD Thread 124 ); 125 126 NTKERNELAPI 127 BOOLEAN 128 NTAPI 129 PsGetThreadHardErrorsAreDisabled( 130 _In_ PETHREAD Thread 131 ); 132 133 NTKERNELAPI 134 VOID 135 NTAPI 136 PsSetThreadHardErrorsAreDisabled( 137 _Inout_ PETHREAD Thread, 138 _In_ BOOLEAN Disabled 139 ); 140 141 NTKERNELAPI 142 VOID 143 NTAPI 144 PsEstablishWin32Callouts( 145 _In_ PWIN32_CALLOUTS_FPNS CalloutData 146 ); 147 148 NTKERNELAPI 149 VOID 150 NTAPI 151 PsReturnProcessNonPagedPoolQuota( 152 _In_ PEPROCESS Process, 153 _In_ SIZE_T Amount 154 ); 155 156 NTKERNELAPI 157 ULONG 158 NTAPI 159 PsGetCurrentProcessSessionId( 160 VOID 161 ); 162 163 // 164 // Process Impersonation Functions 165 // 166 NTKERNELAPI 167 BOOLEAN 168 NTAPI 169 PsIsThreadImpersonating( 170 _In_ PETHREAD Thread 171 ); 172 173 NTKERNELAPI 174 VOID 175 NTAPI 176 PsRevertThreadToSelf( 177 _Inout_ PETHREAD Thread 178 ); 179 180 // 181 // Misc. Functions 182 // 183 NTKERNELAPI 184 NTSTATUS 185 NTAPI 186 PsLookupProcessThreadByCid( 187 _In_ PCLIENT_ID Cid, 188 _Out_opt_ PEPROCESS *Process, 189 _Out_ PETHREAD *Thread 190 ); 191 192 BOOLEAN 193 NTAPI 194 PsIsProtectedProcess( 195 _In_ PEPROCESS Process 196 ); 197 198 NTKERNELAPI 199 BOOLEAN 200 NTAPI 201 PsIsSystemProcess( 202 _In_ PEPROCESS Process 203 ); 204 205 VOID 206 NTAPI 207 PsSetProcessPriorityByClass( 208 _In_ PEPROCESS Process, 209 _In_ PSPROCESSPRIORITYMODE Type 210 ); 211 212 HANDLE 213 NTAPI 214 PsGetProcessInheritedFromUniqueProcessId( 215 _In_ PEPROCESS Process 216 ); 217 218 NTKERNELAPI 219 NTSTATUS 220 NTAPI 221 PsGetProcessExitStatus( 222 _In_ PEPROCESS Process 223 ); 224 225 NTKERNELAPI 226 ULONG 227 NTAPI 228 PsGetProcessSessionId( 229 _In_ PEPROCESS Process 230 ); 231 232 NTKERNELAPI 233 BOOLEAN 234 NTAPI 235 PsGetProcessExitProcessCalled( 236 _In_ PEPROCESS Process 237 ); 238 239 // 240 // Quota Functions 241 // 242 NTKERNELAPI 243 VOID 244 NTAPI 245 PsChargePoolQuota( 246 _In_ PEPROCESS Process, 247 _In_ POOL_TYPE PoolType, 248 _In_ SIZE_T Amount 249 ); 250 251 NTKERNELAPI 252 NTSTATUS 253 NTAPI 254 PsChargeProcessNonPagedPoolQuota( 255 _In_ PEPROCESS Process, 256 _In_ SIZE_T Amount 257 ); 258 259 NTKERNELAPI 260 NTSTATUS 261 NTAPI 262 PsChargeProcessPagedPoolQuota( 263 _In_ PEPROCESS Process, 264 _In_ SIZE_T Amount 265 ); 266 267 NTKERNELAPI 268 NTSTATUS 269 NTAPI 270 PsChargeProcessPoolQuota( 271 _In_ PEPROCESS Process, 272 _In_ POOL_TYPE PoolType, 273 _In_ SIZE_T Amount 274 ); 275 276 NTKERNELAPI 277 VOID 278 NTAPI 279 PsReturnPoolQuota( 280 _In_ PEPROCESS Process, 281 _In_ POOL_TYPE PoolType, 282 _In_ SIZE_T Amount 283 ); 284 285 NTKERNELAPI 286 VOID 287 NTAPI 288 PsReturnProcessNonPagedPoolQuota( 289 _In_ PEPROCESS Process, 290 _In_ SIZE_T Amount 291 ); 292 293 NTKERNELAPI 294 VOID 295 NTAPI 296 PsReturnProcessPagedPoolQuota( 297 _In_ PEPROCESS Process, 298 _In_ SIZE_T Amount 299 ); 300 301 NTKERNELAPI 302 PVOID 303 NTAPI 304 PsGetProcessSecurityPort( 305 _In_ PEPROCESS Process 306 ); 307 308 NTKERNELAPI 309 NTSTATUS 310 NTAPI 311 PsSetProcessSecurityPort( 312 _Inout_ PEPROCESS Process, 313 _In_ PVOID SecurityPort 314 ); 315 316 NTKERNELAPI 317 HANDLE 318 NTAPI 319 PsGetCurrentThreadProcessId( 320 VOID 321 ); 322 323 #endif 324 325 // 326 // Native Calls 327 // 328 NTSYSCALLAPI 329 NTSTATUS 330 NTAPI 331 NtAlertResumeThread( 332 _In_ HANDLE ThreadHandle, 333 _Out_opt_ PULONG SuspendCount 334 ); 335 336 NTSYSCALLAPI 337 NTSTATUS 338 NTAPI 339 NtApphelpCacheControl( 340 _In_ APPHELPCACHESERVICECLASS Service, 341 _In_opt_ PAPPHELP_CACHE_SERVICE_LOOKUP ServiceData 342 ); 343 344 NTSYSCALLAPI 345 NTSTATUS 346 NTAPI 347 NtAlertThread( 348 _In_ HANDLE ThreadHandle 349 ); 350 351 NTSYSCALLAPI 352 NTSTATUS 353 NTAPI 354 NtAssignProcessToJobObject( 355 _In_ HANDLE JobHandle, 356 _In_ HANDLE ProcessHandle 357 ); 358 359 NTSYSCALLAPI 360 NTSTATUS 361 NTAPI 362 NtCreateJobObject( 363 _Out_ PHANDLE JobHandle, 364 _In_ ACCESS_MASK DesiredAccess, 365 _In_ POBJECT_ATTRIBUTES ObjectAttributes 366 ); 367 368 NTSTATUS 369 NTAPI 370 NtCreateJobSet( 371 _In_ ULONG NumJob, 372 _In_ PJOB_SET_ARRAY UserJobSet, 373 _In_ ULONG Flags 374 ); 375 376 NTSYSCALLAPI 377 NTSTATUS 378 NTAPI 379 NtCreateProcess( 380 _Out_ PHANDLE ProcessHandle, 381 _In_ ACCESS_MASK DesiredAccess, 382 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, 383 _In_ HANDLE ParentProcess, 384 _In_ BOOLEAN InheritObjectTable, 385 _In_opt_ HANDLE SectionHandle, 386 _In_opt_ HANDLE DebugPort, 387 _In_opt_ HANDLE ExceptionPort 388 ); 389 390 NTSYSCALLAPI 391 NTSTATUS 392 NTAPI 393 NtCreateProcessEx( 394 _Out_ PHANDLE ProcessHandle, 395 _In_ ACCESS_MASK DesiredAccess, 396 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, 397 _In_ HANDLE ParentProcess, 398 _In_ ULONG Flags, 399 _In_opt_ HANDLE SectionHandle, 400 _In_opt_ HANDLE DebugPort, 401 _In_opt_ HANDLE ExceptionPort, 402 _In_ BOOLEAN InJob 403 ); 404 405 NTSYSCALLAPI 406 NTSTATUS 407 NTAPI 408 NtCreateThread( 409 _Out_ PHANDLE ThreadHandle, 410 _In_ ACCESS_MASK DesiredAccess, 411 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, 412 _In_ HANDLE ProcessHandle, 413 _Out_ PCLIENT_ID ClientId, 414 _In_ PCONTEXT ThreadContext, 415 _In_ PINITIAL_TEB UserStack, 416 _In_ BOOLEAN CreateSuspended 417 ); 418 419 #ifndef NTOS_MODE_USER 420 FORCEINLINE struct _TEB * NtCurrentTeb(VOID) 421 { 422 #if defined(_M_IX86) 423 return (PTEB)__readfsdword(0x18); 424 #elif defined (_M_AMD64) 425 return (struct _TEB *)__readgsqword(FIELD_OFFSET(NT_TIB, Self)); 426 #elif defined (_M_ARM) 427 return (struct _TEB *)KeGetPcr()->Used_Self; 428 #endif 429 } 430 #else 431 struct _TEB * NtCurrentTeb(void); 432 #endif 433 434 NTSYSCALLAPI 435 NTSTATUS 436 NTAPI 437 NtImpersonateThread( 438 _In_ HANDLE ThreadHandle, 439 _In_ HANDLE ThreadToImpersonate, 440 _In_ PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService 441 ); 442 443 NTSYSCALLAPI 444 NTSTATUS 445 NTAPI 446 NtIsProcessInJob( 447 _In_ HANDLE ProcessHandle, 448 _In_opt_ HANDLE JobHandle 449 ); 450 451 __kernel_entry 452 NTSYSCALLAPI 453 NTSTATUS 454 NTAPI 455 NtOpenProcess( 456 _Out_ PHANDLE ProcessHandle, 457 _In_ ACCESS_MASK DesiredAccess, 458 _In_ POBJECT_ATTRIBUTES ObjectAttributes, 459 _In_opt_ PCLIENT_ID ClientId 460 ); 461 462 _Must_inspect_result_ 463 __kernel_entry 464 NTSYSCALLAPI 465 NTSTATUS 466 NTAPI 467 NtOpenProcessToken( 468 _In_ HANDLE ProcessHandle, 469 _In_ ACCESS_MASK DesiredAccess, 470 _Out_ PHANDLE TokenHandle 471 ); 472 473 NTSYSCALLAPI 474 NTSTATUS 475 NTAPI 476 NtOpenThread( 477 _Out_ PHANDLE ThreadHandle, 478 _In_ ACCESS_MASK DesiredAccess, 479 _In_ POBJECT_ATTRIBUTES ObjectAttributes, 480 _In_ PCLIENT_ID ClientId 481 ); 482 483 NTSYSCALLAPI 484 NTSTATUS 485 NTAPI 486 NtOpenThreadToken( 487 _In_ HANDLE ThreadHandle, 488 _In_ ACCESS_MASK DesiredAccess, 489 _In_ BOOLEAN OpenAsSelf, 490 _Out_ PHANDLE TokenHandle 491 ); 492 493 NTSYSCALLAPI 494 NTSTATUS 495 NTAPI 496 NtOpenThreadTokenEx( 497 _In_ HANDLE ThreadHandle, 498 _In_ ACCESS_MASK DesiredAccess, 499 _In_ BOOLEAN OpenAsSelf, 500 _In_ ULONG HandleAttributes, 501 _Out_ PHANDLE TokenHandle 502 ); 503 504 NTSYSCALLAPI 505 NTSTATUS 506 NTAPI 507 NtQueryInformationJobObject( 508 _In_ HANDLE JobHandle, 509 _In_ JOBOBJECTINFOCLASS JobInformationClass, 510 _Out_bytecap_(JobInformationLength) PVOID JobInformation, 511 _In_ ULONG JobInformationLength, 512 _Out_ PULONG ReturnLength 513 ); 514 515 #ifndef _NTDDK_ 516 __kernel_entry 517 NTSYSCALLAPI 518 NTSTATUS 519 NTAPI 520 NtQueryInformationProcess( 521 _In_ HANDLE ProcessHandle, 522 _In_ PROCESSINFOCLASS ProcessInformationClass, 523 _Out_ PVOID ProcessInformation, 524 _In_ ULONG ProcessInformationLength, 525 _Out_opt_ PULONG ReturnLength 526 ); 527 #endif 528 529 NTSYSCALLAPI 530 NTSTATUS 531 NTAPI 532 NtQueryInformationThread( 533 _In_ HANDLE ThreadHandle, 534 _In_ THREADINFOCLASS ThreadInformationClass, 535 _Out_ PVOID ThreadInformation, 536 _In_ ULONG ThreadInformationLength, 537 _Out_opt_ PULONG ReturnLength 538 ); 539 540 NTSYSCALLAPI 541 NTSTATUS 542 NTAPI 543 NtRegisterThreadTerminatePort( 544 _In_ HANDLE TerminationPort 545 ); 546 547 NTSYSCALLAPI 548 NTSTATUS 549 NTAPI 550 NtResumeThread( 551 _In_ HANDLE ThreadHandle, 552 _Out_opt_ PULONG SuspendCount 553 ); 554 555 NTSYSCALLAPI 556 NTSTATUS 557 NTAPI 558 NtResumeProcess( 559 _In_ HANDLE ProcessHandle 560 ); 561 562 NTSYSCALLAPI 563 NTSTATUS 564 NTAPI 565 NtSetInformationJobObject( 566 _In_ HANDLE JobHandle, 567 _In_ JOBOBJECTINFOCLASS JobInformationClass, 568 _In_bytecount_(JobInformationLength) PVOID JobInformation, 569 _In_ ULONG JobInformationLength 570 ); 571 572 NTSYSCALLAPI 573 NTSTATUS 574 NTAPI 575 NtSetInformationProcess( 576 _In_ HANDLE ProcessHandle, 577 _In_ PROCESSINFOCLASS ProcessInformationClass, 578 _In_ PVOID ProcessInformation, 579 _In_ ULONG ProcessInformationLength 580 ); 581 582 __kernel_entry 583 NTSYSCALLAPI 584 NTSTATUS 585 NTAPI 586 NtSetInformationThread( 587 _In_ HANDLE ThreadHandle, 588 _In_ THREADINFOCLASS ThreadInformationClass, 589 _In_reads_bytes_(ThreadInformationLength) PVOID ThreadInformation, 590 _In_ ULONG ThreadInformationLength 591 ); 592 593 NTSYSCALLAPI 594 NTSTATUS 595 NTAPI 596 NtSuspendProcess( 597 _In_ HANDLE ProcessHandle 598 ); 599 600 NTSYSCALLAPI 601 NTSTATUS 602 NTAPI 603 NtSuspendThread( 604 _In_ HANDLE ThreadHandle, 605 _In_ PULONG PreviousSuspendCount 606 ); 607 608 NTSYSCALLAPI 609 NTSTATUS 610 NTAPI 611 NtTerminateProcess( 612 _In_ HANDLE ProcessHandle, 613 _In_ NTSTATUS ExitStatus 614 ); 615 616 NTSYSCALLAPI 617 NTSTATUS 618 NTAPI 619 NtTerminateThread( 620 _In_ HANDLE ThreadHandle, 621 _In_ NTSTATUS ExitStatus 622 ); 623 624 NTSYSCALLAPI 625 NTSTATUS 626 NTAPI 627 NtTerminateJobObject( 628 _In_ HANDLE JobHandle, 629 _In_ NTSTATUS ExitStatus 630 ); 631 632 NTSYSAPI 633 NTSTATUS 634 NTAPI 635 ZwAlertResumeThread( 636 _In_ HANDLE ThreadHandle, 637 _Out_opt_ PULONG SuspendCount 638 ); 639 640 NTSYSAPI 641 NTSTATUS 642 NTAPI 643 ZwAlertThread( 644 _In_ HANDLE ThreadHandle 645 ); 646 647 NTSYSAPI 648 NTSTATUS 649 NTAPI 650 ZwAssignProcessToJobObject( 651 _In_ HANDLE JobHandle, 652 _In_ HANDLE ProcessHandle 653 ); 654 655 NTSYSAPI 656 NTSTATUS 657 NTAPI 658 ZwCreateJobObject( 659 _Out_ PHANDLE JobHandle, 660 _In_ ACCESS_MASK DesiredAccess, 661 _In_ POBJECT_ATTRIBUTES ObjectAttributes 662 ); 663 664 NTSYSAPI 665 NTSTATUS 666 NTAPI 667 ZwCreateProcess( 668 _Out_ PHANDLE ProcessHandle, 669 _In_ ACCESS_MASK DesiredAccess, 670 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, 671 _In_ HANDLE ParentProcess, 672 _In_ BOOLEAN InheritObjectTable, 673 _In_opt_ HANDLE SectionHandle, 674 _In_opt_ HANDLE DebugPort, 675 _In_opt_ HANDLE ExceptionPort 676 ); 677 678 NTSYSAPI 679 NTSTATUS 680 NTAPI 681 ZwCreateThread( 682 _Out_ PHANDLE ThreadHandle, 683 _In_ ACCESS_MASK DesiredAccess, 684 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, 685 _In_ HANDLE ProcessHandle, 686 _Out_ PCLIENT_ID ClientId, 687 _In_ PCONTEXT ThreadContext, 688 _In_ PINITIAL_TEB UserStack, 689 _In_ BOOLEAN CreateSuspended 690 ); 691 692 NTSYSAPI 693 NTSTATUS 694 NTAPI 695 ZwImpersonateThread( 696 _In_ HANDLE ThreadHandle, 697 _In_ HANDLE ThreadToImpersonate, 698 _In_ PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService 699 ); 700 701 NTSYSAPI 702 NTSTATUS 703 NTAPI 704 ZwIsProcessInJob( 705 _In_ HANDLE ProcessHandle, 706 _In_opt_ HANDLE JobHandle 707 ); 708 709 _IRQL_requires_max_(PASSIVE_LEVEL) 710 NTSYSAPI 711 NTSTATUS 712 NTAPI 713 ZwOpenProcessTokenEx( 714 _In_ HANDLE ProcessHandle, 715 _In_ ACCESS_MASK DesiredAccess, 716 _In_ ULONG HandleAttributes, 717 _Out_ PHANDLE TokenHandle 718 ); 719 720 NTSYSAPI 721 NTSTATUS 722 NTAPI 723 ZwOpenThread( 724 _Out_ PHANDLE ThreadHandle, 725 _In_ ACCESS_MASK DesiredAccess, 726 _In_ POBJECT_ATTRIBUTES ObjectAttributes, 727 _In_ PCLIENT_ID ClientId 728 ); 729 730 NTSYSAPI 731 NTSTATUS 732 NTAPI 733 ZwOpenThreadToken( 734 _In_ HANDLE ThreadHandle, 735 _In_ ACCESS_MASK DesiredAccess, 736 _In_ BOOLEAN OpenAsSelf, 737 _Out_ PHANDLE TokenHandle 738 ); 739 740 NTSYSAPI 741 NTSTATUS 742 NTAPI 743 ZwOpenThreadTokenEx( 744 _In_ HANDLE ThreadHandle, 745 _In_ ACCESS_MASK DesiredAccess, 746 _In_ BOOLEAN OpenAsSelf, 747 _In_ ULONG HandleAttributes, 748 _Out_ PHANDLE TokenHandle 749 ); 750 751 NTSYSAPI 752 NTSTATUS 753 NTAPI 754 ZwQueryInformationJobObject( 755 _In_ HANDLE JobHandle, 756 _In_ JOBOBJECTINFOCLASS JobInformationClass, 757 _Out_bytecap_(JobInformationLength) PVOID JobInformation, 758 _In_ ULONG JobInformationLength, 759 _Out_ PULONG ReturnLength 760 ); 761 762 NTSYSAPI 763 NTSTATUS 764 NTAPI 765 ZwQueryInformationProcess( 766 _In_ HANDLE ProcessHandle, 767 _In_ PROCESSINFOCLASS ProcessInformationClass, 768 _Out_ PVOID ProcessInformation, 769 _In_ ULONG ProcessInformationLength, 770 _Out_opt_ PULONG ReturnLength 771 ); 772 773 NTSYSAPI 774 NTSTATUS 775 NTAPI 776 ZwQueryInformationThread( 777 _In_ HANDLE ThreadHandle, 778 _In_ THREADINFOCLASS ThreadInformationClass, 779 _Out_ PVOID ThreadInformation, 780 _In_ ULONG ThreadInformationLength, 781 _Out_opt_ PULONG ReturnLength 782 ); 783 784 NTSYSAPI 785 NTSTATUS 786 NTAPI 787 ZwRegisterThreadTerminatePort( 788 _In_ HANDLE TerminationPort 789 ); 790 791 NTSYSAPI 792 NTSTATUS 793 NTAPI 794 ZwResumeThread( 795 _In_ HANDLE ThreadHandle, 796 _Out_opt_ PULONG SuspendCount 797 ); 798 799 NTSYSAPI 800 NTSTATUS 801 NTAPI 802 ZwResumeProcess( 803 _In_ HANDLE ProcessHandle 804 ); 805 806 NTSYSAPI 807 NTSTATUS 808 NTAPI 809 ZwSetInformationJobObject( 810 _In_ HANDLE JobHandle, 811 _In_ JOBOBJECTINFOCLASS JobInformationClass, 812 _In_ PVOID JobInformation, 813 _In_ ULONG JobInformationLength 814 ); 815 816 NTSYSAPI 817 NTSTATUS 818 NTAPI 819 ZwSetInformationProcess( 820 _In_ HANDLE ProcessHandle, 821 _In_ PROCESSINFOCLASS ProcessInformationClass, 822 _In_ PVOID ProcessInformation, 823 _In_ ULONG ProcessInformationLength 824 ); 825 826 _IRQL_requires_max_(PASSIVE_LEVEL) 827 NTSYSAPI 828 NTSTATUS 829 NTAPI 830 ZwSetInformationThread( 831 _In_ HANDLE ThreadHandle, 832 _In_ THREADINFOCLASS ThreadInformationClass, 833 _In_reads_bytes_(ThreadInformationLength) PVOID ThreadInformation, 834 _In_ ULONG ThreadInformationLength 835 ); 836 837 NTSYSAPI 838 NTSTATUS 839 NTAPI 840 ZwSuspendProcess( 841 _In_ HANDLE ProcessHandle 842 ); 843 844 NTSYSAPI 845 NTSTATUS 846 NTAPI 847 ZwSuspendThread( 848 _In_ HANDLE ThreadHandle, 849 _In_ PULONG PreviousSuspendCount 850 ); 851 852 _IRQL_requires_max_(PASSIVE_LEVEL) 853 NTSYSAPI 854 NTSTATUS 855 NTAPI 856 ZwTerminateProcess ( 857 _In_opt_ HANDLE ProcessHandle, 858 _In_ NTSTATUS ExitStatus 859 ); 860 861 NTSYSAPI 862 NTSTATUS 863 NTAPI 864 ZwTerminateThread( 865 _In_ HANDLE ThreadHandle, 866 _In_ NTSTATUS ExitStatus 867 ); 868 869 NTSYSAPI 870 NTSTATUS 871 NTAPI 872 ZwTerminateJobObject( 873 _In_ HANDLE JobHandle, 874 _In_ NTSTATUS ExitStatus 875 ); 876 877 #ifdef __cplusplus 878 } 879 #endif 880 881 #endif 882