1 /****************************************************************************** 2 * ZwXxx Functions * 3 ******************************************************************************/ 4 5 $if (_WDMDDK_) 6 7 /* Constants */ 8 #define NtCurrentProcess() ( (HANDLE)(LONG_PTR) -1 ) 9 #define ZwCurrentProcess() NtCurrentProcess() 10 #define NtCurrentThread() ( (HANDLE)(LONG_PTR) -2 ) 11 #define ZwCurrentThread() NtCurrentThread() 12 $endif (_WDMDDK_) 13 14 $if (_NTDDK_) 15 _IRQL_requires_max_(PASSIVE_LEVEL) 16 NTSYSAPI 17 NTSTATUS 18 NTAPI 19 ZwAllocateLocallyUniqueId( 20 _Out_ PLUID Luid); 21 22 _IRQL_requires_max_(PASSIVE_LEVEL) 23 NTSYSAPI 24 NTSTATUS 25 NTAPI 26 ZwTerminateProcess( 27 _In_opt_ HANDLE ProcessHandle, 28 _In_ NTSTATUS ExitStatus); 29 30 _IRQL_requires_max_(PASSIVE_LEVEL) 31 NTSYSAPI 32 NTSTATUS 33 NTAPI 34 ZwOpenProcess( 35 _Out_ PHANDLE ProcessHandle, 36 _In_ ACCESS_MASK DesiredAccess, 37 _In_ POBJECT_ATTRIBUTES ObjectAttributes, 38 _In_opt_ PCLIENT_ID ClientId); 39 $endif (_NTDDK_) 40 $if (_NTIFS_) 41 42 _IRQL_requires_max_(PASSIVE_LEVEL) 43 NTSYSAPI 44 NTSTATUS 45 NTAPI 46 ZwQueryEaFile( 47 _In_ HANDLE FileHandle, 48 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 49 _Out_writes_bytes_(Length) PVOID Buffer, 50 _In_ ULONG Length, 51 _In_ BOOLEAN ReturnSingleEntry, 52 _In_reads_bytes_opt_(EaListLength) PVOID EaList, 53 _In_ ULONG EaListLength, 54 _In_opt_ PULONG EaIndex, 55 _In_ BOOLEAN RestartScan); 56 57 _IRQL_requires_max_(PASSIVE_LEVEL) 58 NTSYSAPI 59 NTSTATUS 60 NTAPI 61 ZwSetEaFile( 62 _In_ HANDLE FileHandle, 63 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 64 _In_reads_bytes_(Length) PVOID Buffer, 65 _In_ ULONG Length); 66 67 _IRQL_requires_max_(PASSIVE_LEVEL) 68 NTSYSAPI 69 NTSTATUS 70 NTAPI 71 ZwDuplicateToken( 72 _In_ HANDLE ExistingTokenHandle, 73 _In_ ACCESS_MASK DesiredAccess, 74 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, 75 _In_ BOOLEAN EffectiveOnly, 76 _In_ TOKEN_TYPE TokenType, 77 _Out_ PHANDLE NewTokenHandle); 78 $endif (_NTIFS_) 79 80 #if (NTDDI_VERSION >= NTDDI_WIN2K) 81 $if (_WDMDDK_) 82 83 _IRQL_requires_max_(PASSIVE_LEVEL) 84 NTSYSAPI 85 NTSTATUS 86 NTAPI 87 ZwClose( 88 _In_ HANDLE Handle); 89 90 _IRQL_requires_max_(PASSIVE_LEVEL) 91 NTSYSAPI 92 NTSTATUS 93 NTAPI 94 ZwCreateDirectoryObject( 95 _Out_ PHANDLE DirectoryHandle, 96 _In_ ACCESS_MASK DesiredAccess, 97 _In_ POBJECT_ATTRIBUTES ObjectAttributes); 98 99 _IRQL_requires_max_(PASSIVE_LEVEL) 100 NTSYSAPI 101 NTSTATUS 102 NTAPI 103 ZwCreateFile( 104 _Out_ PHANDLE FileHandle, 105 _In_ ACCESS_MASK DesiredAccess, 106 _In_ POBJECT_ATTRIBUTES ObjectAttributes, 107 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 108 _In_opt_ PLARGE_INTEGER AllocationSize, 109 _In_ ULONG FileAttributes, 110 _In_ ULONG ShareAccess, 111 _In_ ULONG CreateDisposition, 112 _In_ ULONG CreateOptions, 113 _In_reads_bytes_opt_(EaLength) PVOID EaBuffer, 114 _In_ ULONG EaLength 115 ); 116 117 _IRQL_requires_max_(PASSIVE_LEVEL) 118 NTSYSAPI 119 NTSTATUS 120 NTAPI 121 ZwCreateKey( 122 _Out_ PHANDLE KeyHandle, 123 _In_ ACCESS_MASK DesiredAccess, 124 _In_ POBJECT_ATTRIBUTES ObjectAttributes, 125 _Reserved_ ULONG TitleIndex, 126 _In_opt_ PUNICODE_STRING Class, 127 _In_ ULONG CreateOptions, 128 _Out_opt_ PULONG Disposition); 129 130 _IRQL_requires_max_(APC_LEVEL) 131 NTSYSAPI 132 NTSTATUS 133 NTAPI 134 ZwCreateSection( 135 _Out_ PHANDLE SectionHandle, 136 _In_ ACCESS_MASK DesiredAccess, 137 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, 138 _In_opt_ PLARGE_INTEGER MaximumSize, 139 _In_ ULONG SectionPageProtection, 140 _In_ ULONG AllocationAttributes, 141 _In_opt_ HANDLE FileHandle); 142 143 _IRQL_requires_max_(PASSIVE_LEVEL) 144 NTSYSAPI 145 NTSTATUS 146 NTAPI 147 ZwDeleteKey( 148 _In_ HANDLE KeyHandle); 149 150 _IRQL_requires_max_(PASSIVE_LEVEL) 151 NTSYSAPI 152 NTSTATUS 153 NTAPI 154 ZwDeleteValueKey( 155 _In_ HANDLE KeyHandle, 156 _In_ PUNICODE_STRING ValueName); 157 158 _IRQL_requires_max_(PASSIVE_LEVEL) 159 _When_(Length == 0, _Post_satisfies_(return < 0)) 160 _When_(Length > 0, _Post_satisfies_(return <= 0)) 161 NTSYSAPI 162 NTSTATUS 163 NTAPI 164 ZwEnumerateKey( 165 _In_ HANDLE KeyHandle, 166 _In_ ULONG Index, 167 _In_ KEY_INFORMATION_CLASS KeyInformationClass, 168 _Out_writes_bytes_opt_(Length) PVOID KeyInformation, 169 _In_ ULONG Length, 170 _Out_ PULONG ResultLength); 171 172 _IRQL_requires_max_(PASSIVE_LEVEL) 173 _When_(Length == 0, _Post_satisfies_(return < 0)) 174 _When_(Length > 0, _Post_satisfies_(return <= 0)) 175 NTSYSAPI 176 NTSTATUS 177 NTAPI 178 ZwEnumerateValueKey( 179 _In_ HANDLE KeyHandle, 180 _In_ ULONG Index, 181 _In_ KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass, 182 _Out_writes_bytes_opt_(Length) PVOID KeyValueInformation, 183 _In_ ULONG Length, 184 _Out_ PULONG ResultLength); 185 186 _IRQL_requires_max_(PASSIVE_LEVEL) 187 NTSYSAPI 188 NTSTATUS 189 NTAPI 190 ZwFlushKey( 191 _In_ HANDLE KeyHandle); 192 193 _IRQL_requires_max_(PASSIVE_LEVEL) 194 NTSYSAPI 195 NTSTATUS 196 NTAPI 197 ZwLoadDriver( 198 _In_ PUNICODE_STRING DriverServiceName); 199 200 _IRQL_requires_max_(PASSIVE_LEVEL) 201 NTSYSAPI 202 NTSTATUS 203 NTAPI 204 ZwMakeTemporaryObject( 205 _In_ HANDLE Handle); 206 207 _IRQL_requires_max_(PASSIVE_LEVEL) 208 NTSYSAPI 209 NTSTATUS 210 NTAPI 211 ZwMapViewOfSection( 212 _In_ HANDLE SectionHandle, 213 _In_ HANDLE ProcessHandle, 214 _Outptr_result_bytebuffer_(*ViewSize) PVOID *BaseAddress, 215 _In_ ULONG_PTR ZeroBits, 216 _In_ SIZE_T CommitSize, 217 _Inout_opt_ PLARGE_INTEGER SectionOffset, 218 _Inout_ PSIZE_T ViewSize, 219 _In_ SECTION_INHERIT InheritDisposition, 220 _In_ ULONG AllocationType, 221 _In_ ULONG Protect); 222 223 _IRQL_requires_max_(PASSIVE_LEVEL) 224 NTSYSAPI 225 NTSTATUS 226 NTAPI 227 ZwOpenFile( 228 _Out_ PHANDLE FileHandle, 229 _In_ ACCESS_MASK DesiredAccess, 230 _In_ POBJECT_ATTRIBUTES ObjectAttributes, 231 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 232 _In_ ULONG ShareAccess, 233 _In_ ULONG OpenOptions); 234 235 _IRQL_requires_max_(PASSIVE_LEVEL) 236 NTSYSAPI 237 NTSTATUS 238 NTAPI 239 ZwOpenKey( 240 _Out_ PHANDLE KeyHandle, 241 _In_ ACCESS_MASK DesiredAccess, 242 _In_ POBJECT_ATTRIBUTES ObjectAttributes); 243 244 _IRQL_requires_max_(PASSIVE_LEVEL) 245 NTSYSAPI 246 NTSTATUS 247 NTAPI 248 ZwOpenSection( 249 _Out_ PHANDLE SectionHandle, 250 _In_ ACCESS_MASK DesiredAccess, 251 _In_ POBJECT_ATTRIBUTES ObjectAttributes); 252 253 _IRQL_requires_max_(PASSIVE_LEVEL) 254 NTSYSAPI 255 NTSTATUS 256 NTAPI 257 ZwOpenSymbolicLinkObject( 258 _Out_ PHANDLE LinkHandle, 259 _In_ ACCESS_MASK DesiredAccess, 260 _In_ POBJECT_ATTRIBUTES ObjectAttributes); 261 262 _IRQL_requires_max_(PASSIVE_LEVEL) 263 NTSYSAPI 264 NTSTATUS 265 NTAPI 266 ZwQueryInformationFile( 267 _In_ HANDLE FileHandle, 268 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 269 _Out_writes_bytes_(Length) PVOID FileInformation, 270 _In_ ULONG Length, 271 _In_ FILE_INFORMATION_CLASS FileInformationClass); 272 273 _IRQL_requires_max_(PASSIVE_LEVEL) 274 _When_(Length == 0, _Post_satisfies_(return < 0)) 275 _When_(Length > 0, _Post_satisfies_(return <= 0)) 276 NTSYSAPI 277 NTSTATUS 278 NTAPI 279 ZwQueryKey( 280 _In_ HANDLE KeyHandle, 281 _In_ KEY_INFORMATION_CLASS KeyInformationClass, 282 _Out_writes_bytes_opt_(Length) PVOID KeyInformation, 283 _In_ ULONG Length, 284 _Out_ PULONG ResultLength); 285 286 _IRQL_requires_max_(PASSIVE_LEVEL) 287 NTSYSAPI 288 NTSTATUS 289 NTAPI 290 ZwQuerySymbolicLinkObject( 291 _In_ HANDLE LinkHandle, 292 _Inout_ PUNICODE_STRING LinkTarget, 293 _Out_opt_ PULONG ReturnedLength); 294 295 _IRQL_requires_max_(PASSIVE_LEVEL) 296 _When_(Length == 0, _Post_satisfies_(return < 0)) 297 _When_(Length > 0, _Post_satisfies_(return <= 0)) 298 NTSYSAPI 299 NTSTATUS 300 NTAPI 301 ZwQueryValueKey( 302 _In_ HANDLE KeyHandle, 303 _In_ PUNICODE_STRING ValueName, 304 _In_ KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass, 305 _Out_writes_bytes_opt_(Length) PVOID KeyValueInformation, 306 _In_ ULONG Length, 307 _Out_ PULONG ResultLength); 308 309 _IRQL_requires_max_(PASSIVE_LEVEL) 310 NTSYSAPI 311 NTSTATUS 312 NTAPI 313 ZwReadFile( 314 _In_ HANDLE FileHandle, 315 _In_opt_ HANDLE Event, 316 _In_opt_ PIO_APC_ROUTINE ApcRoutine, 317 _In_opt_ PVOID ApcContext, 318 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 319 _Out_writes_bytes_(Length) PVOID Buffer, 320 _In_ ULONG Length, 321 _In_opt_ PLARGE_INTEGER ByteOffset, 322 _In_opt_ PULONG Key); 323 324 _IRQL_requires_max_(PASSIVE_LEVEL) 325 NTSYSAPI 326 NTSTATUS 327 NTAPI 328 ZwSetInformationFile( 329 _In_ HANDLE FileHandle, 330 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 331 _In_reads_bytes_(Length) PVOID FileInformation, 332 _In_ ULONG Length, 333 _In_ FILE_INFORMATION_CLASS FileInformationClass); 334 335 _IRQL_requires_max_(PASSIVE_LEVEL) 336 NTSYSAPI 337 NTSTATUS 338 NTAPI 339 ZwSetValueKey( 340 _In_ HANDLE KeyHandle, 341 _In_ PUNICODE_STRING ValueName, 342 _In_opt_ ULONG TitleIndex, 343 _In_ ULONG Type, 344 _In_reads_bytes_opt_(DataSize) PVOID Data, 345 _In_ ULONG DataSize); 346 347 _IRQL_requires_max_(PASSIVE_LEVEL) 348 NTSYSAPI 349 NTSTATUS 350 NTAPI 351 ZwUnloadDriver( 352 _In_ PUNICODE_STRING DriverServiceName); 353 354 _IRQL_requires_max_(PASSIVE_LEVEL) 355 NTSYSAPI 356 NTSTATUS 357 NTAPI 358 ZwUnmapViewOfSection( 359 _In_ HANDLE ProcessHandle, 360 _In_opt_ PVOID BaseAddress); 361 362 _IRQL_requires_max_(PASSIVE_LEVEL) 363 NTSYSAPI 364 NTSTATUS 365 NTAPI 366 ZwWriteFile( 367 _In_ HANDLE FileHandle, 368 _In_opt_ HANDLE Event, 369 _In_opt_ PIO_APC_ROUTINE ApcRoutine, 370 _In_opt_ PVOID ApcContext, 371 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 372 _In_reads_bytes_(Length) PVOID Buffer, 373 _In_ ULONG Length, 374 _In_opt_ PLARGE_INTEGER ByteOffset, 375 _In_opt_ PULONG Key); 376 377 _IRQL_requires_max_(PASSIVE_LEVEL) 378 NTSYSAPI 379 NTSTATUS 380 NTAPI 381 ZwQueryFullAttributesFile( 382 _In_ POBJECT_ATTRIBUTES ObjectAttributes, 383 _Out_ PFILE_NETWORK_OPEN_INFORMATION FileInformation); 384 385 $endif (_WDMDDK_) 386 $if (_NTDDK_) 387 388 _IRQL_requires_max_(PASSIVE_LEVEL) 389 NTSTATUS 390 NTAPI 391 ZwCancelTimer( 392 _In_ HANDLE TimerHandle, 393 _Out_opt_ PBOOLEAN CurrentState); 394 395 _IRQL_requires_max_(PASSIVE_LEVEL) 396 _When_(return == 0, __drv_allocatesMem(TimerObject)) 397 NTSTATUS 398 NTAPI 399 ZwCreateTimer( 400 _Out_ PHANDLE TimerHandle, 401 _In_ ACCESS_MASK DesiredAccess, 402 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, 403 _In_ TIMER_TYPE TimerType); 404 405 _IRQL_requires_max_(PASSIVE_LEVEL) 406 NTSTATUS 407 NTAPI 408 ZwOpenTimer( 409 _Out_ PHANDLE TimerHandle, 410 _In_ ACCESS_MASK DesiredAccess, 411 _In_ POBJECT_ATTRIBUTES ObjectAttributes); 412 413 _IRQL_requires_max_(PASSIVE_LEVEL) 414 NTSYSAPI 415 NTSTATUS 416 NTAPI 417 ZwSetInformationThread( 418 _In_ HANDLE ThreadHandle, 419 _In_ THREADINFOCLASS ThreadInformationClass, 420 _In_reads_bytes_(ThreadInformationLength) PVOID ThreadInformation, 421 _In_ ULONG ThreadInformationLength); 422 423 _IRQL_requires_max_(PASSIVE_LEVEL) 424 NTSTATUS 425 NTAPI 426 ZwSetTimer( 427 _In_ HANDLE TimerHandle, 428 _In_ PLARGE_INTEGER DueTime, 429 _In_opt_ PTIMER_APC_ROUTINE TimerApcRoutine, 430 _In_opt_ PVOID TimerContext, 431 _In_ BOOLEAN ResumeTimer, 432 _In_opt_ LONG Period, 433 _Out_opt_ PBOOLEAN PreviousState); 434 435 _IRQL_requires_max_(PASSIVE_LEVEL) 436 NTSYSAPI 437 NTSTATUS 438 NTAPI 439 ZwDisplayString( 440 _In_ PUNICODE_STRING String); 441 442 _IRQL_requires_max_(PASSIVE_LEVEL) 443 NTSYSAPI 444 NTSTATUS 445 NTAPI 446 ZwPowerInformation( 447 _In_ POWER_INFORMATION_LEVEL PowerInformationLevel, 448 _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer, 449 _In_ ULONG InputBufferLength, 450 _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer, 451 _In_ ULONG OutputBufferLength); 452 453 _IRQL_requires_max_(PASSIVE_LEVEL) 454 NTSYSAPI 455 NTSTATUS 456 NTAPI 457 ZwQueryVolumeInformationFile( 458 _In_ HANDLE FileHandle, 459 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 460 _Out_writes_bytes_(Length) PVOID FsInformation, 461 _In_ ULONG Length, 462 _In_ FS_INFORMATION_CLASS FsInformationClass); 463 464 _IRQL_requires_max_(PASSIVE_LEVEL) 465 NTSYSAPI 466 NTSTATUS 467 NTAPI 468 ZwDeviceIoControlFile( 469 _In_ HANDLE FileHandle, 470 _In_opt_ HANDLE Event, 471 _In_opt_ PIO_APC_ROUTINE ApcRoutine, 472 _In_opt_ PVOID ApcContext, 473 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 474 _In_ ULONG IoControlCode, 475 _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer, 476 _In_ ULONG InputBufferLength, 477 _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer, 478 _In_ ULONG OutputBufferLength); 479 480 $endif (_NTDDK_) 481 $if (_NTIFS_) 482 483 _IRQL_requires_max_(PASSIVE_LEVEL) 484 NTSYSAPI 485 NTSTATUS 486 NTAPI 487 ZwQueryObject( 488 _In_opt_ HANDLE Handle, 489 _In_ OBJECT_INFORMATION_CLASS ObjectInformationClass, 490 _Out_writes_bytes_opt_(ObjectInformationLength) PVOID ObjectInformation, 491 _In_ ULONG ObjectInformationLength, 492 _Out_opt_ PULONG ReturnLength); 493 494 _IRQL_requires_max_(PASSIVE_LEVEL) 495 NTSYSAPI 496 NTSTATUS 497 NTAPI 498 ZwNotifyChangeKey( 499 _In_ HANDLE KeyHandle, 500 _In_opt_ HANDLE EventHandle, 501 _In_opt_ PIO_APC_ROUTINE ApcRoutine, 502 _In_opt_ PVOID ApcContext, 503 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 504 _In_ ULONG NotifyFilter, 505 _In_ BOOLEAN WatchSubtree, 506 _Out_writes_bytes_opt_(BufferLength) PVOID Buffer, 507 _In_ ULONG BufferLength, 508 _In_ BOOLEAN Asynchronous); 509 510 _IRQL_requires_max_(PASSIVE_LEVEL) 511 NTSYSAPI 512 NTSTATUS 513 NTAPI 514 ZwCreateEvent( 515 _Out_ PHANDLE EventHandle, 516 _In_ ACCESS_MASK DesiredAccess, 517 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, 518 _In_ EVENT_TYPE EventType, 519 _In_ BOOLEAN InitialState); 520 521 _IRQL_requires_max_(PASSIVE_LEVEL) 522 NTSYSAPI 523 NTSTATUS 524 NTAPI 525 ZwDeleteFile( 526 _In_ POBJECT_ATTRIBUTES ObjectAttributes); 527 528 _IRQL_requires_max_(PASSIVE_LEVEL) 529 NTSYSAPI 530 NTSTATUS 531 NTAPI 532 ZwQueryDirectoryFile( 533 _In_ HANDLE FileHandle, 534 _In_opt_ HANDLE Event, 535 _In_opt_ PIO_APC_ROUTINE ApcRoutine, 536 _In_opt_ PVOID ApcContext, 537 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 538 _Out_writes_bytes_(Length) PVOID FileInformation, 539 _In_ ULONG Length, 540 _In_ FILE_INFORMATION_CLASS FileInformationClass, 541 _In_ BOOLEAN ReturnSingleEntry, 542 _In_opt_ PUNICODE_STRING FileName, 543 _In_ BOOLEAN RestartScan); 544 545 _IRQL_requires_max_(PASSIVE_LEVEL) 546 NTSYSAPI 547 NTSTATUS 548 NTAPI 549 ZwSetVolumeInformationFile( 550 _In_ HANDLE FileHandle, 551 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 552 _In_reads_bytes_(Length) PVOID FsInformation, 553 _In_ ULONG Length, 554 _In_ FS_INFORMATION_CLASS FsInformationClass); 555 556 _IRQL_requires_max_(PASSIVE_LEVEL) 557 NTSYSAPI 558 NTSTATUS 559 NTAPI 560 ZwFsControlFile( 561 _In_ HANDLE FileHandle, 562 _In_opt_ HANDLE Event, 563 _In_opt_ PIO_APC_ROUTINE ApcRoutine, 564 _In_opt_ PVOID ApcContext, 565 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 566 _In_ ULONG FsControlCode, 567 _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer, 568 _In_ ULONG InputBufferLength, 569 _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer, 570 _In_ ULONG OutputBufferLength); 571 572 _IRQL_requires_max_(PASSIVE_LEVEL) 573 NTSYSAPI 574 NTSTATUS 575 NTAPI 576 ZwDuplicateObject( 577 _In_ HANDLE SourceProcessHandle, 578 _In_ HANDLE SourceHandle, 579 _In_opt_ HANDLE TargetProcessHandle, 580 _Out_opt_ PHANDLE TargetHandle, 581 _In_ ACCESS_MASK DesiredAccess, 582 _In_ ULONG HandleAttributes, 583 _In_ ULONG Options); 584 585 _IRQL_requires_max_(PASSIVE_LEVEL) 586 NTSYSAPI 587 NTSTATUS 588 NTAPI 589 ZwOpenDirectoryObject( 590 _Out_ PHANDLE DirectoryHandle, 591 _In_ ACCESS_MASK DesiredAccess, 592 _In_ POBJECT_ATTRIBUTES ObjectAttributes); 593 594 _Must_inspect_result_ 595 _At_(*BaseAddress, __drv_allocatesMem(Mem)) 596 __kernel_entry 597 NTSYSAPI 598 NTSTATUS 599 NTAPI 600 ZwAllocateVirtualMemory( 601 _In_ HANDLE ProcessHandle, 602 _Inout_ _Outptr_result_buffer_(*RegionSize) PVOID *BaseAddress, 603 _In_ ULONG_PTR ZeroBits, 604 _Inout_ PSIZE_T RegionSize, 605 _In_ ULONG AllocationType, 606 _In_ ULONG Protect); 607 608 _IRQL_requires_max_(PASSIVE_LEVEL) 609 NTSYSAPI 610 NTSTATUS 611 NTAPI 612 ZwFreeVirtualMemory( 613 _In_ HANDLE ProcessHandle, 614 _Inout_ __drv_freesMem(Mem) PVOID *BaseAddress, 615 _Inout_ PSIZE_T RegionSize, 616 _In_ ULONG FreeType); 617 618 _When_(Timeout == NULL, _IRQL_requires_max_(APC_LEVEL)) 619 _When_(Timeout->QuadPart != 0, _IRQL_requires_max_(APC_LEVEL)) 620 _When_(Timeout->QuadPart == 0, _IRQL_requires_max_(DISPATCH_LEVEL)) 621 NTSYSAPI 622 NTSTATUS 623 NTAPI 624 ZwWaitForSingleObject( 625 _In_ HANDLE Handle, 626 _In_ BOOLEAN Alertable, 627 _In_opt_ PLARGE_INTEGER Timeout); 628 629 _IRQL_requires_max_(DISPATCH_LEVEL) 630 NTSYSAPI 631 NTSTATUS 632 NTAPI 633 ZwSetEvent( 634 _In_ HANDLE EventHandle, 635 _Out_opt_ PLONG PreviousState); 636 637 _IRQL_requires_max_(APC_LEVEL) 638 NTSYSAPI 639 NTSTATUS 640 NTAPI 641 ZwFlushVirtualMemory( 642 _In_ HANDLE ProcessHandle, 643 _Inout_ PVOID *BaseAddress, 644 _Inout_ PSIZE_T RegionSize, 645 _Out_ PIO_STATUS_BLOCK IoStatusBlock); 646 647 _IRQL_requires_max_(PASSIVE_LEVEL) 648 NTSYSAPI 649 NTSTATUS 650 NTAPI 651 ZwQueryInformationToken( 652 _In_ HANDLE TokenHandle, 653 _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, 654 _Out_writes_bytes_to_opt_(Length,*ResultLength) PVOID TokenInformation, 655 _In_ ULONG Length, 656 _Out_ PULONG ResultLength); 657 658 _IRQL_requires_max_(PASSIVE_LEVEL) 659 NTSYSAPI 660 NTSTATUS 661 NTAPI 662 ZwSetSecurityObject( 663 _In_ HANDLE Handle, 664 _In_ SECURITY_INFORMATION SecurityInformation, 665 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor); 666 667 _IRQL_requires_max_(PASSIVE_LEVEL) 668 NTSYSAPI 669 NTSTATUS 670 NTAPI 671 ZwQuerySecurityObject( 672 _In_ HANDLE FileHandle, 673 _In_ SECURITY_INFORMATION SecurityInformation, 674 _Out_writes_bytes_to_(Length,*ResultLength) PSECURITY_DESCRIPTOR SecurityDescriptor, 675 _In_ ULONG Length, 676 _Out_ PULONG ResultLength); 677 $endif (_NTIFS_) 678 #endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ 679 680 $if (_NTIFS_) 681 #if (NTDDI_VERSION >= NTDDI_WINXP) 682 683 _IRQL_requires_max_(PASSIVE_LEVEL) 684 NTSYSAPI 685 NTSTATUS 686 NTAPI 687 ZwOpenProcessTokenEx( 688 _In_ HANDLE ProcessHandle, 689 _In_ ACCESS_MASK DesiredAccess, 690 _In_ ULONG HandleAttributes, 691 _Out_ PHANDLE TokenHandle); 692 693 _IRQL_requires_max_(PASSIVE_LEVEL) 694 NTSYSAPI 695 NTSTATUS 696 NTAPI 697 ZwOpenThreadTokenEx( 698 _In_ HANDLE ThreadHandle, 699 _In_ ACCESS_MASK DesiredAccess, 700 _In_ BOOLEAN OpenAsSelf, 701 _In_ ULONG HandleAttributes, 702 _Out_ PHANDLE TokenHandle); 703 704 #endif /* (NTDDI_VERSION >= NTDDI_WINXP) */ 705 $endif (_NTIFS_) 706 $if (_WDMDDK_) 707 708 #if (NTDDI_VERSION >= NTDDI_WS03) 709 _IRQL_requires_max_(PASSIVE_LEVEL) 710 NTSYSCALLAPI 711 NTSTATUS 712 NTAPI 713 ZwOpenEvent( 714 _Out_ PHANDLE EventHandle, 715 _In_ ACCESS_MASK DesiredAccess, 716 _In_ POBJECT_ATTRIBUTES ObjectAttributes); 717 #endif 718 $endif (_WDMDDK_) 719 720 $if (_WDMDDK_ || _NTIFS_) 721 #if (NTDDI_VERSION >= NTDDI_VISTA) 722 $endif (_WDMDDK_ || _NTIFS_) 723 $if (_WDMDDK_) 724 725 _IRQL_requires_max_(PASSIVE_LEVEL) 726 NTSYSAPI 727 NTSTATUS 728 ZwCreateKeyTransacted( 729 _Out_ PHANDLE KeyHandle, 730 _In_ ACCESS_MASK DesiredAccess, 731 _In_ POBJECT_ATTRIBUTES ObjectAttributes, 732 _Reserved_ ULONG TitleIndex, 733 _In_opt_ PUNICODE_STRING Class, 734 _In_ ULONG CreateOptions, 735 _In_ HANDLE TransactionHandle, 736 _Out_opt_ PULONG Disposition); 737 738 _IRQL_requires_max_(PASSIVE_LEVEL) 739 NTSYSAPI 740 NTSTATUS 741 NTAPI 742 ZwOpenKeyTransacted( 743 _Out_ PHANDLE KeyHandle, 744 _In_ ACCESS_MASK DesiredAccess, 745 _In_ POBJECT_ATTRIBUTES ObjectAttributes, 746 _In_ HANDLE TransactionHandle); 747 748 _IRQL_requires_max_(PASSIVE_LEVEL) 749 NTSYSCALLAPI 750 NTSTATUS 751 NTAPI 752 ZwCreateTransactionManager( 753 _Out_ PHANDLE TmHandle, 754 _In_ ACCESS_MASK DesiredAccess, 755 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, 756 _In_opt_ PUNICODE_STRING LogFileName, 757 _In_opt_ ULONG CreateOptions, 758 _In_opt_ ULONG CommitStrength); 759 760 _IRQL_requires_max_(PASSIVE_LEVEL) 761 NTSYSCALLAPI 762 NTSTATUS 763 NTAPI 764 ZwOpenTransactionManager( 765 _Out_ PHANDLE TmHandle, 766 _In_ ACCESS_MASK DesiredAccess, 767 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, 768 _In_opt_ PUNICODE_STRING LogFileName, 769 _In_opt_ LPGUID TmIdentity, 770 _In_opt_ ULONG OpenOptions); 771 772 _IRQL_requires_max_(PASSIVE_LEVEL) 773 NTSYSCALLAPI 774 NTSTATUS 775 NTAPI 776 ZwRollforwardTransactionManager( 777 _In_ HANDLE TransactionManagerHandle, 778 _In_opt_ PLARGE_INTEGER TmVirtualClock); 779 780 _IRQL_requires_max_(PASSIVE_LEVEL) 781 NTSYSCALLAPI 782 NTSTATUS 783 NTAPI 784 ZwRecoverTransactionManager( 785 _In_ HANDLE TransactionManagerHandle); 786 787 _IRQL_requires_max_(PASSIVE_LEVEL) 788 NTSYSCALLAPI 789 NTSTATUS 790 NTAPI 791 ZwQueryInformationTransactionManager( 792 _In_ HANDLE TransactionManagerHandle, 793 _In_ TRANSACTIONMANAGER_INFORMATION_CLASS TransactionManagerInformationClass, 794 _Out_writes_bytes_(TransactionManagerInformationLength) PVOID TransactionManagerInformation, 795 _In_ ULONG TransactionManagerInformationLength, 796 _Out_opt_ PULONG ReturnLength); 797 798 _IRQL_requires_max_(PASSIVE_LEVEL) 799 NTSYSCALLAPI 800 NTSTATUS 801 NTAPI 802 ZwSetInformationTransactionManager( 803 _In_ HANDLE TmHandle, 804 _In_ TRANSACTIONMANAGER_INFORMATION_CLASS TransactionManagerInformationClass, 805 _In_ PVOID TransactionManagerInformation, 806 _In_ ULONG TransactionManagerInformationLength); 807 808 _IRQL_requires_max_(PASSIVE_LEVEL) 809 NTSYSCALLAPI 810 NTSTATUS 811 NTAPI 812 ZwEnumerateTransactionObject( 813 _In_opt_ HANDLE RootObjectHandle, 814 _In_ KTMOBJECT_TYPE QueryType, 815 _Inout_updates_bytes_(ObjectCursorLength) PKTMOBJECT_CURSOR ObjectCursor, 816 _In_ ULONG ObjectCursorLength, 817 _Out_ PULONG ReturnLength); 818 819 _IRQL_requires_max_(PASSIVE_LEVEL) 820 NTSYSCALLAPI 821 NTSTATUS 822 NTAPI 823 ZwCreateTransaction( 824 _Out_ PHANDLE TransactionHandle, 825 _In_ ACCESS_MASK DesiredAccess, 826 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, 827 _In_opt_ LPGUID Uow, 828 _In_opt_ HANDLE TmHandle, 829 _In_opt_ ULONG CreateOptions, 830 _In_opt_ ULONG IsolationLevel, 831 _In_opt_ ULONG IsolationFlags, 832 _In_opt_ PLARGE_INTEGER Timeout, 833 _In_opt_ PUNICODE_STRING Description); 834 835 _IRQL_requires_max_(PASSIVE_LEVEL) 836 NTSYSCALLAPI 837 NTSTATUS 838 NTAPI 839 ZwOpenTransaction( 840 _Out_ PHANDLE TransactionHandle, 841 _In_ ACCESS_MASK DesiredAccess, 842 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, 843 _In_ LPGUID Uow, 844 _In_opt_ HANDLE TmHandle); 845 846 _IRQL_requires_max_(PASSIVE_LEVEL) 847 NTSYSCALLAPI 848 NTSTATUS 849 NTAPI 850 ZwQueryInformationTransaction( 851 _In_ HANDLE TransactionHandle, 852 _In_ TRANSACTION_INFORMATION_CLASS TransactionInformationClass, 853 _Out_writes_bytes_(TransactionInformationLength) PVOID TransactionInformation, 854 _In_ ULONG TransactionInformationLength, 855 _Out_opt_ PULONG ReturnLength); 856 857 _IRQL_requires_max_(PASSIVE_LEVEL) 858 NTSYSCALLAPI 859 NTSTATUS 860 NTAPI 861 ZwSetInformationTransaction( 862 _In_ HANDLE TransactionHandle, 863 _In_ TRANSACTION_INFORMATION_CLASS TransactionInformationClass, 864 _In_ PVOID TransactionInformation, 865 _In_ ULONG TransactionInformationLength); 866 867 _IRQL_requires_max_(PASSIVE_LEVEL) 868 NTSYSCALLAPI 869 NTSTATUS 870 NTAPI 871 ZwCommitTransaction( 872 _In_ HANDLE TransactionHandle, 873 _In_ BOOLEAN Wait); 874 875 _IRQL_requires_max_(PASSIVE_LEVEL) 876 NTSYSCALLAPI 877 NTSTATUS 878 NTAPI 879 ZwRollbackTransaction( 880 _In_ HANDLE TransactionHandle, 881 _In_ BOOLEAN Wait); 882 883 _IRQL_requires_max_(PASSIVE_LEVEL) 884 NTSYSCALLAPI 885 NTSTATUS 886 NTAPI 887 ZwCreateResourceManager( 888 _Out_ PHANDLE ResourceManagerHandle, 889 _In_ ACCESS_MASK DesiredAccess, 890 _In_ HANDLE TmHandle, 891 _In_opt_ LPGUID ResourceManagerGuid, 892 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, 893 _In_opt_ ULONG CreateOptions, 894 _In_opt_ PUNICODE_STRING Description); 895 896 _IRQL_requires_max_(PASSIVE_LEVEL) 897 NTSYSCALLAPI 898 NTSTATUS 899 NTAPI 900 ZwOpenResourceManager( 901 _Out_ PHANDLE ResourceManagerHandle, 902 _In_ ACCESS_MASK DesiredAccess, 903 _In_ HANDLE TmHandle, 904 _In_ LPGUID ResourceManagerGuid, 905 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes); 906 907 _IRQL_requires_max_(PASSIVE_LEVEL) 908 NTSYSCALLAPI 909 NTSTATUS 910 NTAPI 911 ZwRecoverResourceManager( 912 _In_ HANDLE ResourceManagerHandle); 913 914 _IRQL_requires_max_(PASSIVE_LEVEL) 915 NTSYSCALLAPI 916 NTSTATUS 917 NTAPI 918 ZwGetNotificationResourceManager( 919 _In_ HANDLE ResourceManagerHandle, 920 _Out_ PTRANSACTION_NOTIFICATION TransactionNotification, 921 _In_ ULONG NotificationLength, 922 _In_ PLARGE_INTEGER Timeout, 923 _Out_opt_ PULONG ReturnLength, 924 _In_ ULONG Asynchronous, 925 _In_opt_ ULONG_PTR AsynchronousContext); 926 927 _IRQL_requires_max_(PASSIVE_LEVEL) 928 NTSYSCALLAPI 929 NTSTATUS 930 NTAPI 931 ZwQueryInformationResourceManager( 932 _In_ HANDLE ResourceManagerHandle, 933 _In_ RESOURCEMANAGER_INFORMATION_CLASS ResourceManagerInformationClass, 934 _Out_writes_bytes_(ResourceManagerInformationLength) PVOID ResourceManagerInformation, 935 _In_ ULONG ResourceManagerInformationLength, 936 _Out_opt_ PULONG ReturnLength); 937 938 _IRQL_requires_max_(PASSIVE_LEVEL) 939 NTSYSCALLAPI 940 NTSTATUS 941 NTAPI 942 ZwSetInformationResourceManager( 943 _In_ HANDLE ResourceManagerHandle, 944 _In_ RESOURCEMANAGER_INFORMATION_CLASS ResourceManagerInformationClass, 945 _In_reads_bytes_(ResourceManagerInformationLength) PVOID ResourceManagerInformation, 946 _In_ ULONG ResourceManagerInformationLength); 947 948 _IRQL_requires_max_(PASSIVE_LEVEL) 949 NTSYSCALLAPI 950 NTSTATUS 951 NTAPI 952 ZwCreateEnlistment( 953 _Out_ PHANDLE EnlistmentHandle, 954 _In_ ACCESS_MASK DesiredAccess, 955 _In_ HANDLE ResourceManagerHandle, 956 _In_ HANDLE TransactionHandle, 957 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, 958 _In_opt_ ULONG CreateOptions, 959 _In_ NOTIFICATION_MASK NotificationMask, 960 _In_opt_ PVOID EnlistmentKey); 961 962 _IRQL_requires_max_(PASSIVE_LEVEL) 963 NTSYSCALLAPI 964 NTSTATUS 965 NTAPI 966 ZwOpenEnlistment( 967 _Out_ PHANDLE EnlistmentHandle, 968 _In_ ACCESS_MASK DesiredAccess, 969 _In_ HANDLE RmHandle, 970 _In_ LPGUID EnlistmentGuid, 971 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes); 972 973 _IRQL_requires_max_(PASSIVE_LEVEL) 974 NTSYSCALLAPI 975 NTSTATUS 976 NTAPI 977 ZwQueryInformationEnlistment( 978 _In_ HANDLE EnlistmentHandle, 979 _In_ ENLISTMENT_INFORMATION_CLASS EnlistmentInformationClass, 980 _Out_writes_bytes_(EnlistmentInformationLength) PVOID EnlistmentInformation, 981 _In_ ULONG EnlistmentInformationLength, 982 _Out_opt_ PULONG ReturnLength); 983 984 _IRQL_requires_max_(PASSIVE_LEVEL) 985 NTSYSCALLAPI 986 NTSTATUS 987 NTAPI 988 ZwSetInformationEnlistment( 989 _In_ HANDLE EnlistmentHandle, 990 _In_ ENLISTMENT_INFORMATION_CLASS EnlistmentInformationClass, 991 _In_reads_bytes_(EnlistmentInformationLength) PVOID EnlistmentInformation, 992 _In_ ULONG EnlistmentInformationLength); 993 994 _IRQL_requires_max_(PASSIVE_LEVEL) 995 NTSYSCALLAPI 996 NTSTATUS 997 NTAPI 998 ZwRecoverEnlistment( 999 _In_ HANDLE EnlistmentHandle, 1000 _In_opt_ PVOID EnlistmentKey); 1001 1002 _IRQL_requires_max_(PASSIVE_LEVEL) 1003 NTSYSCALLAPI 1004 NTSTATUS 1005 NTAPI 1006 ZwPrePrepareEnlistment( 1007 _In_ HANDLE EnlistmentHandle, 1008 _In_opt_ PLARGE_INTEGER TmVirtualClock); 1009 1010 _IRQL_requires_max_(PASSIVE_LEVEL) 1011 NTSYSCALLAPI 1012 NTSTATUS 1013 NTAPI 1014 ZwPrepareEnlistment( 1015 _In_ HANDLE EnlistmentHandle, 1016 _In_opt_ PLARGE_INTEGER TmVirtualClock); 1017 1018 _IRQL_requires_max_(PASSIVE_LEVEL) 1019 NTSYSCALLAPI 1020 NTSTATUS 1021 NTAPI 1022 ZwCommitEnlistment( 1023 _In_ HANDLE EnlistmentHandle, 1024 _In_opt_ PLARGE_INTEGER TmVirtualClock); 1025 1026 _IRQL_requires_max_(PASSIVE_LEVEL) 1027 NTSYSCALLAPI 1028 NTSTATUS 1029 NTAPI 1030 ZwRollbackEnlistment( 1031 _In_ HANDLE EnlistmentHandle, 1032 _In_opt_ PLARGE_INTEGER TmVirtualClock); 1033 1034 _IRQL_requires_max_(PASSIVE_LEVEL) 1035 NTSYSCALLAPI 1036 NTSTATUS 1037 NTAPI 1038 ZwPrePrepareComplete( 1039 _In_ HANDLE EnlistmentHandle, 1040 _In_opt_ PLARGE_INTEGER TmVirtualClock); 1041 1042 _IRQL_requires_max_(PASSIVE_LEVEL) 1043 NTSYSCALLAPI 1044 NTSTATUS 1045 NTAPI 1046 ZwPrepareComplete( 1047 _In_ HANDLE EnlistmentHandle, 1048 _In_opt_ PLARGE_INTEGER TmVirtualClock); 1049 1050 _IRQL_requires_max_(PASSIVE_LEVEL) 1051 NTSYSCALLAPI 1052 NTSTATUS 1053 NTAPI 1054 ZwCommitComplete( 1055 _In_ HANDLE EnlistmentHandle, 1056 _In_opt_ PLARGE_INTEGER TmVirtualClock); 1057 1058 _IRQL_requires_max_(PASSIVE_LEVEL) 1059 NTSYSCALLAPI 1060 NTSTATUS 1061 NTAPI 1062 ZwReadOnlyEnlistment( 1063 _In_ HANDLE EnlistmentHandle, 1064 _In_opt_ PLARGE_INTEGER TmVirtualClock); 1065 1066 NTSYSCALLAPI 1067 NTSTATUS 1068 NTAPI 1069 ZwRollbackComplete( 1070 _In_ HANDLE EnlistmentHandle, 1071 _In_opt_ PLARGE_INTEGER TmVirtualClock); 1072 1073 NTSYSCALLAPI 1074 NTSTATUS 1075 NTAPI 1076 ZwSinglePhaseReject( 1077 _In_ HANDLE EnlistmentHandle, 1078 _In_opt_ PLARGE_INTEGER TmVirtualClock); 1079 $endif (_WDMDDK_) 1080 $if (_NTIFS_) 1081 1082 _IRQL_requires_max_(PASSIVE_LEVEL) 1083 NTSYSAPI 1084 NTSTATUS 1085 NTAPI 1086 ZwLockFile( 1087 _In_ HANDLE FileHandle, 1088 _In_opt_ HANDLE Event, 1089 _In_opt_ PIO_APC_ROUTINE ApcRoutine, 1090 _In_opt_ PVOID ApcContext, 1091 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 1092 _In_ PLARGE_INTEGER ByteOffset, 1093 _In_ PLARGE_INTEGER Length, 1094 _In_ ULONG Key, 1095 _In_ BOOLEAN FailImmediately, 1096 _In_ BOOLEAN ExclusiveLock); 1097 1098 _IRQL_requires_max_(PASSIVE_LEVEL) 1099 NTSYSAPI 1100 NTSTATUS 1101 NTAPI 1102 ZwUnlockFile( 1103 _In_ HANDLE FileHandle, 1104 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 1105 _In_ PLARGE_INTEGER ByteOffset, 1106 _In_ PLARGE_INTEGER Length, 1107 _In_ ULONG Key); 1108 1109 _IRQL_requires_max_(PASSIVE_LEVEL) 1110 NTSYSAPI 1111 NTSTATUS 1112 NTAPI 1113 ZwQueryQuotaInformationFile( 1114 _In_ HANDLE FileHandle, 1115 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 1116 _Out_writes_bytes_(Length) PVOID Buffer, 1117 _In_ ULONG Length, 1118 _In_ BOOLEAN ReturnSingleEntry, 1119 _In_reads_bytes_opt_(SidListLength) PVOID SidList, 1120 _In_ ULONG SidListLength, 1121 _In_opt_ PSID StartSid, 1122 _In_ BOOLEAN RestartScan); 1123 1124 _IRQL_requires_max_(PASSIVE_LEVEL) 1125 NTSYSAPI 1126 NTSTATUS 1127 NTAPI 1128 ZwSetQuotaInformationFile( 1129 _In_ HANDLE FileHandle, 1130 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 1131 _In_reads_bytes_(Length) PVOID Buffer, 1132 _In_ ULONG Length); 1133 1134 _IRQL_requires_max_(PASSIVE_LEVEL) 1135 NTSYSAPI 1136 NTSTATUS 1137 NTAPI 1138 ZwFlushBuffersFile( 1139 _In_ HANDLE FileHandle, 1140 _Out_ PIO_STATUS_BLOCK IoStatusBlock); 1141 $endif (_NTIFS_) 1142 $if (_WDMDDK_ || _NTIFS_) 1143 #endif /* (NTDDI_VERSION >= NTDDI_VISTA) */ 1144 $endif (_WDMDDK_ || _NTIFS_) 1145 #if (NTDDI_VERSION >= NTDDI_WIN7) 1146 $if (_WDMDDK_) 1147 1148 _IRQL_requires_max_(PASSIVE_LEVEL) 1149 NTSYSAPI 1150 NTSTATUS 1151 NTAPI 1152 ZwOpenKeyEx( 1153 _Out_ PHANDLE KeyHandle, 1154 _In_ ACCESS_MASK DesiredAccess, 1155 _In_ POBJECT_ATTRIBUTES ObjectAttributes, 1156 _In_ ULONG OpenOptions); 1157 1158 _IRQL_requires_max_(PASSIVE_LEVEL) 1159 NTSYSAPI 1160 NTSTATUS 1161 NTAPI 1162 ZwOpenKeyTransactedEx( 1163 _Out_ PHANDLE KeyHandle, 1164 _In_ ACCESS_MASK DesiredAccess, 1165 _In_ POBJECT_ATTRIBUTES ObjectAttributes, 1166 _In_ ULONG OpenOptions, 1167 _In_ HANDLE TransactionHandle); 1168 1169 NTSYSAPI 1170 NTSTATUS 1171 NTAPI 1172 ZwNotifyChangeMultipleKeys( 1173 _In_ HANDLE MasterKeyHandle, 1174 _In_opt_ ULONG Count, 1175 _In_opt_ OBJECT_ATTRIBUTES SubordinateObjects[], 1176 _In_opt_ HANDLE Event, 1177 _In_opt_ PIO_APC_ROUTINE ApcRoutine, 1178 _In_opt_ PVOID ApcContext, 1179 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 1180 _In_ ULONG CompletionFilter, 1181 _In_ BOOLEAN WatchTree, 1182 _Out_opt_ PVOID Buffer, 1183 _In_ ULONG BufferSize, 1184 _In_ BOOLEAN Asynchronous); 1185 1186 NTSYSAPI 1187 NTSTATUS 1188 NTAPI 1189 ZwQueryMultipleValueKey( 1190 _In_ HANDLE KeyHandle, 1191 _Inout_ PKEY_VALUE_ENTRY ValueEntries, 1192 _In_ ULONG EntryCount, 1193 _Out_ PVOID ValueBuffer, 1194 _Inout_ PULONG BufferLength, 1195 _Out_opt_ PULONG RequiredBufferLength); 1196 1197 _IRQL_requires_max_(PASSIVE_LEVEL) 1198 NTSYSAPI 1199 NTSTATUS 1200 NTAPI 1201 ZwRenameKey( 1202 _In_ HANDLE KeyHandle, 1203 _In_ PUNICODE_STRING NewName); 1204 1205 _IRQL_requires_max_(PASSIVE_LEVEL) 1206 NTSYSAPI 1207 NTSTATUS 1208 NTAPI 1209 ZwSetInformationKey( 1210 _In_ HANDLE KeyHandle, 1211 _In_ __drv_strictTypeMatch(__drv_typeConst) KEY_SET_INFORMATION_CLASS KeySetInformationClass, 1212 _In_reads_bytes_(KeySetInformationLength) PVOID KeySetInformation, 1213 _In_ ULONG KeySetInformationLength); 1214 1215 $endif (_WDMDDK_) 1216 $if (_NTDDK_) 1217 1218 _IRQL_requires_max_(PASSIVE_LEVEL) 1219 NTSTATUS 1220 NTAPI 1221 ZwSetTimerEx( 1222 _In_ HANDLE TimerHandle, 1223 _In_ TIMER_SET_INFORMATION_CLASS TimerSetInformationClass, 1224 _Inout_updates_bytes_opt_(TimerSetInformationLength) PVOID TimerSetInformation, 1225 _In_ ULONG TimerSetInformationLength); 1226 $endif (_NTDDK_) 1227 $if (_NTIFS_) 1228 1229 _IRQL_requires_max_(PASSIVE_LEVEL) 1230 NTSYSAPI 1231 NTSTATUS 1232 NTAPI 1233 ZwSetInformationToken( 1234 _In_ HANDLE TokenHandle, 1235 _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, 1236 _In_reads_bytes_(TokenInformationLength) PVOID TokenInformation, 1237 _In_ ULONG TokenInformationLength); 1238 1239 #if (VER_PRODUCTBUILD >= 2195) 1240 NTSYSAPI 1241 NTSTATUS 1242 NTAPI 1243 ZwAdjustPrivilegesToken ( 1244 _In_ HANDLE TokenHandle, 1245 _In_ BOOLEAN DisableAllPrivileges, 1246 _In_ PTOKEN_PRIVILEGES NewState, 1247 _In_ ULONG BufferLength, 1248 _Out_opt_ PTOKEN_PRIVILEGES PreviousState, 1249 _Out_ PULONG ReturnLength 1250 ); 1251 #endif /* (VER_PRODUCTBUILD >= 2195) */ 1252 1253 NTSYSAPI 1254 NTSTATUS 1255 NTAPI 1256 ZwAlertThread ( 1257 _In_ HANDLE ThreadHandle 1258 ); 1259 1260 NTSYSAPI 1261 NTSTATUS 1262 NTAPI 1263 ZwAccessCheckAndAuditAlarm ( 1264 _In_ PUNICODE_STRING SubsystemName, 1265 _In_ PVOID HandleId, 1266 _In_ PUNICODE_STRING ObjectTypeName, 1267 _In_ PUNICODE_STRING ObjectName, 1268 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 1269 _In_ ACCESS_MASK DesiredAccess, 1270 _In_ PGENERIC_MAPPING GenericMapping, 1271 _In_ BOOLEAN ObjectCreation, 1272 _Out_ PACCESS_MASK GrantedAccess, 1273 _Out_ PBOOLEAN AccessStatus, 1274 _Out_ PBOOLEAN GenerateOnClose 1275 ); 1276 1277 #if (VER_PRODUCTBUILD >= 2195) 1278 NTSYSAPI 1279 NTSTATUS 1280 NTAPI 1281 ZwCancelIoFile ( 1282 _In_ HANDLE FileHandle, 1283 _Out_ PIO_STATUS_BLOCK IoStatusBlock 1284 ); 1285 #endif /* (VER_PRODUCTBUILD >= 2195) */ 1286 1287 NTSYSAPI 1288 NTSTATUS 1289 NTAPI 1290 ZwClearEvent ( 1291 _In_ HANDLE EventHandle 1292 ); 1293 1294 NTSYSAPI 1295 NTSTATUS 1296 NTAPI 1297 ZwCloseObjectAuditAlarm ( 1298 _In_ PUNICODE_STRING SubsystemName, 1299 _In_ PVOID HandleId, 1300 _In_ BOOLEAN GenerateOnClose 1301 ); 1302 1303 NTSYSAPI 1304 NTSTATUS 1305 NTAPI 1306 ZwCreateSymbolicLinkObject ( 1307 _Out_ PHANDLE SymbolicLinkHandle, 1308 _In_ ACCESS_MASK DesiredAccess, 1309 _In_ POBJECT_ATTRIBUTES ObjectAttributes, 1310 _In_ PUNICODE_STRING TargetName 1311 ); 1312 1313 NTSYSAPI 1314 NTSTATUS 1315 NTAPI 1316 ZwFlushInstructionCache ( 1317 _In_ HANDLE ProcessHandle, 1318 _In_opt_ PVOID BaseAddress, 1319 _In_ ULONG FlushSize 1320 ); 1321 1322 NTSYSAPI 1323 NTSTATUS 1324 NTAPI 1325 ZwFlushBuffersFile( 1326 _In_ HANDLE FileHandle, 1327 _Out_ PIO_STATUS_BLOCK IoStatusBlock 1328 ); 1329 1330 #if (VER_PRODUCTBUILD >= 2195) 1331 NTSYSAPI 1332 NTSTATUS 1333 NTAPI 1334 ZwInitiatePowerAction ( 1335 _In_ POWER_ACTION SystemAction, 1336 _In_ SYSTEM_POWER_STATE MinSystemState, 1337 _In_ ULONG Flags, 1338 _In_ BOOLEAN Asynchronous 1339 ); 1340 #endif /* (VER_PRODUCTBUILD >= 2195) */ 1341 1342 NTSYSAPI 1343 NTSTATUS 1344 NTAPI 1345 ZwLoadKey ( 1346 _In_ POBJECT_ATTRIBUTES KeyObjectAttributes, 1347 _In_ POBJECT_ATTRIBUTES FileObjectAttributes 1348 ); 1349 1350 NTSYSAPI 1351 NTSTATUS 1352 NTAPI 1353 ZwOpenProcessToken ( 1354 _In_ HANDLE ProcessHandle, 1355 _In_ ACCESS_MASK DesiredAccess, 1356 _Out_ PHANDLE TokenHandle 1357 ); 1358 1359 NTSYSAPI 1360 NTSTATUS 1361 NTAPI 1362 ZwOpenThread ( 1363 _Out_ PHANDLE ThreadHandle, 1364 _In_ ACCESS_MASK DesiredAccess, 1365 _In_ POBJECT_ATTRIBUTES ObjectAttributes, 1366 _In_ PCLIENT_ID ClientId 1367 ); 1368 1369 NTSYSAPI 1370 NTSTATUS 1371 NTAPI 1372 ZwOpenThreadToken ( 1373 _In_ HANDLE ThreadHandle, 1374 _In_ ACCESS_MASK DesiredAccess, 1375 _In_ BOOLEAN OpenAsSelf, 1376 _Out_ PHANDLE TokenHandle 1377 ); 1378 1379 NTSYSAPI 1380 NTSTATUS 1381 NTAPI 1382 ZwPulseEvent ( 1383 _In_ HANDLE EventHandle, 1384 _In_opt_ PLONG PulseCount 1385 ); 1386 1387 NTSYSAPI 1388 NTSTATUS 1389 NTAPI 1390 ZwQueryDefaultLocale ( 1391 _In_ BOOLEAN UserProfile, 1392 _Out_ PLCID DefaultLocaleId 1393 ); 1394 1395 #if (VER_PRODUCTBUILD >= 2195) 1396 _IRQL_requires_max_(PASSIVE_LEVEL) 1397 NTSYSAPI 1398 NTSTATUS 1399 NTAPI 1400 ZwQueryDirectoryObject( 1401 _In_ HANDLE DirectoryHandle, 1402 _Out_ PVOID Buffer, 1403 _In_ ULONG BufferLength, 1404 _In_ BOOLEAN ReturnSingleEntry, 1405 _In_ BOOLEAN RestartScan, 1406 _Inout_ PULONG Context, 1407 _Out_opt_ PULONG ReturnLength 1408 ); 1409 #endif /* (VER_PRODUCTBUILD >= 2195) */ 1410 1411 NTSYSAPI 1412 NTSTATUS 1413 NTAPI 1414 ZwReplaceKey ( 1415 _In_ POBJECT_ATTRIBUTES NewFileObjectAttributes, 1416 _In_ HANDLE KeyHandle, 1417 _In_ POBJECT_ATTRIBUTES OldFileObjectAttributes 1418 ); 1419 1420 NTSYSAPI 1421 NTSTATUS 1422 NTAPI 1423 ZwResetEvent ( 1424 _In_ HANDLE EventHandle, 1425 _Out_opt_ PLONG NumberOfWaitingThreads 1426 ); 1427 1428 #if (VER_PRODUCTBUILD >= 2195) 1429 NTSYSAPI 1430 NTSTATUS 1431 NTAPI 1432 ZwRestoreKey ( 1433 _In_ HANDLE KeyHandle, 1434 _In_ HANDLE FileHandle, 1435 _In_ ULONG Flags 1436 ); 1437 #endif /* (VER_PRODUCTBUILD >= 2195) */ 1438 1439 NTSYSAPI 1440 NTSTATUS 1441 NTAPI 1442 ZwSaveKey ( 1443 _In_ HANDLE KeyHandle, 1444 _In_ HANDLE FileHandle 1445 ); 1446 1447 NTSYSAPI 1448 NTSTATUS 1449 NTAPI 1450 ZwSetDefaultLocale ( 1451 _In_ BOOLEAN UserProfile, 1452 _In_ LCID DefaultLocaleId 1453 ); 1454 1455 #if (VER_PRODUCTBUILD >= 2195) 1456 NTSYSAPI 1457 NTSTATUS 1458 NTAPI 1459 ZwSetDefaultUILanguage ( 1460 _In_ LANGID LanguageId 1461 ); 1462 #endif /* (VER_PRODUCTBUILD >= 2195) */ 1463 1464 NTSYSAPI 1465 NTSTATUS 1466 NTAPI 1467 ZwSetInformationProcess ( 1468 _In_ HANDLE ProcessHandle, 1469 _In_ PROCESSINFOCLASS ProcessInformationClass, 1470 _In_ PVOID ProcessInformation, 1471 _In_ ULONG ProcessInformationLength 1472 ); 1473 1474 NTSYSAPI 1475 NTSTATUS 1476 NTAPI 1477 ZwSetSystemTime ( 1478 _In_ PLARGE_INTEGER NewTime, 1479 _Out_opt_ PLARGE_INTEGER OldTime 1480 ); 1481 1482 NTSYSAPI 1483 NTSTATUS 1484 NTAPI 1485 ZwUnloadKey ( 1486 _In_ POBJECT_ATTRIBUTES KeyObjectAttributes 1487 ); 1488 1489 NTSYSAPI 1490 NTSTATUS 1491 NTAPI 1492 ZwWaitForMultipleObjects ( 1493 _In_ ULONG HandleCount, 1494 _In_ PHANDLE Handles, 1495 _In_ WAIT_TYPE WaitType, 1496 _In_ BOOLEAN Alertable, 1497 _In_opt_ PLARGE_INTEGER Timeout 1498 ); 1499 1500 NTSYSAPI 1501 NTSTATUS 1502 NTAPI 1503 ZwYieldExecution ( 1504 VOID 1505 ); 1506 1507 $endif (_NTIFS_) 1508 #endif /* (NTDDI_VERSION >= NTDDI_WIN7) */ 1509 1510