This commit was generated by cvs2svn to compensate for changes in r52,
[reactos.git] / reactos / include / ddk / zw.h
1 /*
2 * COPYRIGHT: See COPYING in the top level directory
3 * PROJECT: ReactOS kernel
4 * PURPOSE: System call definitions
5 * FILE: include/ddk/zw.h
6 * REVISION HISTORY:
7 * ??/??/??: First few functions (David Welch)
8 * ??/??/??: Complete implementation by Boudewijn Dekker
9 * 13/07/98: Reorganised things a bit (David Welch)
10 * 04/08/98: Added some documentation (Boudewijn Dekker)
11 * 14/08/98: Added type TIME and change variable type from [1] to [0]
12 * 14/09/98: Added for each Nt call a corresponding Zw Call
13 */
14
15 #ifndef __DDK_ZW_H
16 #define __DDK_ZW_H
17
18 #include <windows.h>
19
20 NTSTATUS
21 STDCALL
22 NtAccessCheck(
23 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
24 IN HANDLE ClientToken,
25 IN ULONG DesiredAcces,
26 IN PGENERIC_MAPPING GenericMapping,
27 OUT PRIVILEGE_SET PrivilegeSet,
28 OUT PULONG ReturnLength,
29 OUT PULONG GrantedAccess,
30 OUT PULONG AccessStatus
31 );
32 NTSTATUS
33 STDCALL
34 ZwAccessCheck(
35 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
36 IN HANDLE ClientToken,
37 IN ULONG DesiredAcces,
38 IN PGENERIC_MAPPING GenericMapping,
39 OUT PRIVILEGE_SET PrivilegeSet,
40 OUT PULONG ReturnLength,
41 OUT PULONG GrantedAccess,
42 OUT PULONG AccessStatus
43 );
44
45 /*
46 * FUNCTION: Adds an atom to the global atom table
47 * ARGUMENTS:
48 * Atom (OUT) = Caller supplies storage for the resulting atom.
49 * AtomString = The string to add to the atom table.
50 * REMARKS: The arguments map to the win32 add GlobalAddAtom.
51 * RETURNS: Status
52 */
53 NTSTATUS
54 STDCALL
55 NtAddAtom(
56 OUT ATOM *Atom,
57 IN PUNICODE_STRING AtomString
58 );
59
60
61 NTSTATUS
62 STDCALL
63 ZwAddAtom(
64 OUT ATOM *Atom,
65 IN PUNICODE_STRING AtomString
66 );
67 /*
68 * FUNCTION: Decrements a thread's suspend count and places it in an alerted
69 * state.
70 * ARGUMENTS:
71 * ThreadHandle = Handle to the thread that should be resumed
72 * SuspendCount = The resulting suspend count.
73 * REMARK:
74 * A thread is resumed if its suspend count is 0
75 * RETURNS: Status
76 */
77 NTSTATUS
78 STDCALL
79 NtAlertResumeThread(
80 IN HANDLE ThreadHandle,
81 OUT PULONG SuspendCount
82 );
83
84 NTSTATUS
85 STDCALL
86 ZwAlertResumeThread(
87 IN HANDLE ThreadHandle,
88 OUT PULONG SuspendCount
89 );
90
91 /*
92 * FUNCTION: Puts the thread in a alerted state
93 * ARGUMENTS:
94 * ThreadHandle = Handle to the thread that should be alerted
95 * RETURNS: Status
96 */
97 NTSTATUS
98 STDCALL
99 NtAlertThread(
100 IN HANDLE ThreadHandle
101 );
102
103 NTSTATUS
104 STDCALL
105 ZwAlertThread(
106 IN HANDLE ThreadHandle
107 );
108
109
110 /*
111 * FUNCTION: Allocates a locally unique id
112 * ARGUMENTS:
113 * LocallyUniqueId = Locally unique number
114 * RETURNS: Status
115 */
116 NTSTATUS
117 STDCALL
118 NtAllocateLocallyUniqueId(
119 OUT PVOID LocallyUniqueId
120 );
121
122 NTSTATUS
123 STDCALL
124 ZwAllocateLocallyUniqueId(
125 OUT PVOID LocallyUniqueId
126 );
127
128
129 /*
130 * FUNCTION: Allocates a block of virtual memory in the process address space
131 * ARGUMENTS:
132 * ProcessHandle = The handle of the process which owns the virtual memory
133 * BaseAddress = A pointer to the virtual memory allocated. If you supply a non zero
134 * value the system will try to allocate the memory at the address supplied. It rounds
135 * it down to a multiple if the page size.
136 * ZeroBits = (OPTIONAL) You can specify the number of high order bits that must be zero, ensuring that
137 * the memory will be allocated at a address below a certain value.
138 * RegionSize = The number of bytes to allocate
139 * AllocationType = Indicates the type of virtual memory you like to allocated,
140 * can be one of the values : MEM_COMMIT, MEM_RESERVE, MEM_RESET, MEM_TOP_DOWN
141 * Protect = Indicates the protection type of the pages allocated, can be a combination of
142 * PAGE_READONLY, PAGE_READWRITE, PAGE_EXECUTE_READ,
143 * PAGE_EXECUTE_READWRITE, PAGE_GUARD, PAGE_NOACCESS, PAGE_NOACCESS
144 * REMARKS:
145 * This function maps to the win32 VirtualAllocEx. Virtual memory is process based so the
146 * protocol starts with a ProcessHandle. I splitted the functionality of obtaining the actual address and specifying
147 * the start address in two parameters ( BaseAddress and StartAddress ) The NumberOfBytesAllocated specify the range
148 * and the AllocationType and ProctectionType map to the other two parameters.
149 * RETURNS: Status
150 */
151 NTSTATUS
152 STDCALL
153 NtAllocateVirtualMemory(
154 IN HANDLE ProcessHandle,
155 OUT PVOID *BaseAddress,
156 IN ULONG ZeroBits,
157 IN ULONG RegionSize,
158 IN ULONG AllocationType,
159 IN ULONG Protect
160 );
161
162 NTSTATUS
163 STDCALL
164 ZwAllocateVirtualMemory(
165 IN HANDLE ProcessHandle,
166 OUT PVOID *BaseAddress,
167 IN ULONG ZeroBits,
168 IN ULONG RegionSize,
169 IN ULONG AllocationType,
170 IN ULONG Protect
171 );
172 /*
173 * FUNCTION: Returns from a callback into user mode
174 * ARGUMENTS:
175 * RETURN Status
176 */
177 //FIXME: this function might need 3 parameters
178 NTSTATUS
179 STDCALL
180 NtCallbackReturn(
181 VOID
182 );
183
184 NTSTATUS
185 STDCALL
186 ZwCallbackReturn(
187 VOID
188 );
189
190 /*
191 * FUNCTION: Cancels a IO request
192 * ARGUMENTS:
193 * FileHandle = Handle to the file
194 * IoStatusBlock =
195
196 * REMARKS:
197 * This function maps to the win32 CancelIo.
198 * RETURNS: Status
199 */
200 NTSTATUS
201 STDCALL
202 NtCancelIoFile(
203 IN HANDLE FileHandle,
204 OUT PIO_STATUS_BLOCK IoStatusBlock
205 );
206
207 NTSTATUS
208 STDCALL
209 ZwCancelIoFile(
210 IN HANDLE FileHandle,
211 OUT PIO_STATUS_BLOCK IoStatusBlock
212 );
213 /*
214 * FUNCTION: Cancels a timer
215 * ARGUMENTS:
216 * TimerHandle = Handle to the timer
217 * CurrentState = Specifies the state of the timer when cancelled.
218 * REMARKS:
219 * The arguments to this function map to the function CancelWaitableTimer.
220 * RETURNS: Status
221 */
222 NTSTATUS
223 STDCALL
224 NtCancelTimer(
225 IN HANDLE TimerHandle,
226 OUT PBOOLEAN CurrentState OPTIONAL
227 );
228
229 NTSTATUS
230 STDCALL
231 ZwCancelTimer(
232 IN HANDLE TimerHandle,
233 OUT ULONG ElapsedTime
234 );
235 /*
236 * FUNCTION: Sets the status of the event back to non-signaled
237 * ARGUMENTS:
238 * EventHandle = Handle to the event
239 * REMARKS:
240 * This function maps to win32 function ResetEvent.
241 * RETURcNS: Status
242 */
243
244 NTSTATUS
245 STDCALL
246 NtClearEvent(
247 IN HANDLE EventHandle
248 );
249
250 NTSTATUS
251 STDCALL
252 ZwClearEvent(
253 IN HANDLE EventHandle
254 );
255
256 /*
257 * FUNCTION: Closes an object handle
258 * ARGUMENTS:
259 * Handle = Handle to the object
260 * REMARKS:
261 * This function maps to the win32 function CloseHandle.
262 * RETURNS: Status
263 */
264
265 NTSTATUS
266 STDCALL
267 NtClose(
268 IN HANDLE Handle
269 );
270
271 NTSTATUS
272 STDCALL
273 ZwClose(
274 IN HANDLE Handle
275 );
276
277
278 /*
279 * FUNCTION: Continues a thread with the specified context
280 * ARGUMENTS:
281 * Context = Specifies the processor context
282 * IrqLevel = Specifies the Interupt Request Level to continue with. Can
283 * be PASSIVE_LEVEL or APC_LEVEL
284 * REMARKS
285 * NtContinue can be used to continue after an exception or apc.
286 * RETURNS: Status
287 */
288 //FIXME This function might need another parameter
289
290 NTSTATUS
291 STDCALL
292 NtContinue(
293 IN PCONTEXT Context,
294 IN CINT IrqLevel
295 );
296
297 NTSTATUS
298 STDCALL
299 ZwContinue(
300 IN PCONTEXT Context,
301 IN CINT IrqLevel
302 );
303
304
305 /*
306 * FUNCTION: Creates a directory object
307 * ARGUMENTS:
308 * DirectoryHandle (OUT) = Caller supplied storage for the resulting handle
309 * DesiredAccess = Specifies access to the directory
310 * ObjectAttribute = Initialized attributes for the object
311 * REMARKS: This function maps to the win32 CreateDirectory. A directory is like a file so it needs a
312 * handle, a access mask and a OBJECT_ATTRIBUTES structure to map the path name and the SECURITY_ATTRIBUTES.
313 * RETURNS: Status
314 */
315
316 NTSTATUS
317 STDCALL
318 NtCreateDirectoryObject(
319 OUT PHANDLE DirectoryHandle,
320 IN ACCESS_MASK DesiredAccess,
321 IN POBJECT_ATTRIBUTES ObjectAttributes
322 );
323
324 NTSTATUS
325 STDCALL
326 ZwCreateDirectoryObject(
327 OUT PHANDLE DirectoryHandle,
328 IN ACCESS_MASK DesiredAccess,
329 IN POBJECT_ATTRIBUTES ObjectAttributes
330 );
331
332 /*
333 * FUNCTION: Creates an event object
334 * ARGUMENTS:
335 * EventHandle (OUT) = Caller supplied storage for the resulting handle
336 * DesiredAccess = Specifies access to the event
337 * ObjectAttribute = Initialized attributes for the object
338 * ManualReset = manual-reset or auto-reset if true you have to reset the state of the event manually
339 * using NtResetEvent/NtClearEvent. if false the system will reset the event to a non-signalled state
340 * automatically after the system has rescheduled a thread waiting on the event.
341 * InitialState = specifies the initial state of the event to be signaled ( TRUE ) or non-signalled (FALSE).
342 * REMARKS: This function maps to the win32 CreateEvent. Demanding a out variable of type HANDLE,
343 * a access mask and a OBJECT_ATTRIBUTES structure mapping to the SECURITY_ATTRIBUTES. ManualReset and InitialState are
344 * both parameters aswell ( possibly the order is reversed ).
345 * RETURNS: Status
346 */
347
348 NTSTATUS
349 STDCALL
350 NtCreateEvent(
351 OUT PHANDLE FileHandle,
352 IN ACCESS_MASK DesiredAccess,
353 IN POBJECT_ATTRIBUTES ObjectAttributes,
354 IN BOOLEAN ManualReset,
355 IN BOOLEAN InitialState
356 );
357
358 NTSTATUS
359 STDCALL
360 ZwCreateEvent(
361 OUT PHANDLE FileHandle,
362 IN ACCESS_MASK DesiredAccess,
363 IN POBJECT_ATTRIBUTES ObjectAttributes,
364 IN BOOLEAN ManualReset,
365 IN BOOLEAN InitialState
366 );
367
368 /*
369 * FUNCTION: Creates an eventpair object
370 * ARGUMENTS:
371 * EventPairHandle (OUT) = Caller supplied storage for the resulting handle
372 * DesiredAccess = Specifies access to the event
373 * ObjectAttribute = Initialized attributes for the object
374 */
375
376 NTSTATUS
377 STDCALL
378 NtCreateEventPair(
379 OUT PHANDLE FileHandle,
380 IN ACCESS_MASK DesiredAccess,
381 IN POBJECT_ATTRIBUTES ObjectAttributes
382 );
383
384 NTSTATUS
385 STDCALL
386 ZwCreateEventPair(
387 OUT PHANDLE FileHandle,
388 IN ACCESS_MASK DesiredAccess,
389 IN POBJECT_ATTRIBUTES ObjectAttributes
390 );
391
392
393 /*
394 * FUNCTION: Creates or opens a file, directory or device object.
395 * ARGUMENTS:
396 * FileHandle (OUT) = Caller supplied storage for the resulting handle
397 * DesiredAccess = Specifies the allowed or desired access to the file can
398 * be a combination of DELETE | FILE_READ_DATA ..
399 * ObjectAttribute = Initialized attributes for the object, contains the rootdirectory and the filename
400 * IoStatusBlock (OUT) = Caller supplied storage for the resulting status information, indicating if the
401 * the file is created and opened or allready existed and is just opened.
402 * FileAttributes = file attributes can be a combination of FILE_ATTRIBUTE_READONLY | FILE_ATTRIBUTE_HIDDEN ...
403 * ShareAccess = can be a combination of the following: FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE
404 * CreateDisposition = specifies what the behavior of the system if the file allready exists.
405 * CreateOptions = specifies the behavior of the system on file creation.
406 * EaBuffer (OPTIONAL) = Extended Attributes buffer, applies only to files and directories.
407 * EaLength = Extended Attributes buffer size, applies only to files and directories.
408 * REMARKS: This function maps to the win32 CreateFile.
409 * RETURNS: Status
410 */
411
412 NTSTATUS
413 STDCALL
414 NtCreateFile(
415 OUT PHANDLE FileHandle,
416 IN ACCESS_MASK DesiredAccess,
417 IN POBJECT_ATTRIBUTES ObjectAttributes,
418 OUT PIO_STATUS_BLOCK IoStatusBlock,
419 IN PLARGE_INTEGER AllocationSize OPTIONAL,
420 IN ULONG FileAttributes,
421 IN ULONG ShareAccess,
422 IN ULONG CreateDisposition,
423 IN ULONG CreateOptions,
424 IN PVOID EaBuffer OPTIONAL,
425 IN ULONG EaLength
426 );
427
428 NTSTATUS
429 STDCALL
430 ZwCreateFile(
431 OUT PHANDLE FileHandle,
432 IN ACCESS_MASK DesiredAccess,
433 IN POBJECT_ATTRIBUTES ObjectAttributes,
434 OUT PIO_STATUS_BLOCK IoStatusBlock,
435 IN PLARGE_INTEGER AllocationSize OPTIONAL,
436 IN ULONG FileAttributes,
437 IN ULONG ShareAccess,
438 IN ULONG CreateDisposition,
439 IN ULONG CreateOptions,
440 IN PVOID EaBuffer OPTIONAL,
441 IN ULONG EaLength
442 );
443
444 /*
445 * FUNCTION: Creates or opens a file, directory or device object.
446 * ARGUMENTS:
447 * CompletionPort (OUT) = Caller supplied storage for the resulting handle
448 * DesiredAccess = Specifies the allowed or desired access to the port
449 * IoStatusBlock =
450 * NumberOfConcurrentThreads =
451 * REMARKS: This function maps to the win32 CreateIoCompletionPort
452 * RETURNS:
453 * Status
454 */
455
456 NTSTATUS
457 STDCALL
458 NtCreateIoCompletion(
459 OUT PHANDLE CompletionPort,
460 IN ACCESS_MASK DesiredAccess,
461 OUT PIO_STATUS_BLOCK IoStatusBlock,
462 IN ULONG NumberOfConcurrentThreads
463 );
464
465 NTSTATUS
466 STDCALL
467 ZwCreateIoCompletion(
468 OUT PHANDLE CompletionPort,
469 IN ACCESS_MASK DesiredAccess,
470 OUT PIO_STATUS_BLOCK IoStatusBlock,
471 IN ULONG NumberOfConcurrentThreads
472 );
473
474 /*
475 * FUNCTION: Creates a registry key
476 * ARGUMENTS:
477 * KeyHandle (OUT) = Caller supplied storage for the resulting handle
478 * DesiredAccess = Specifies the allowed or desired access to the key
479 * It can have a combination of the following values:
480 * KEY_READ | KEY_WRITE | KEY_EXECUTE | KEY_ALL_ACCESS
481 * or
482 * KEY_QUERY_VALUE The values of the key can be queried.
483 * KEY_SET_VALUE The values of the key can be modified.
484 * KEY_CREATE_SUB_KEYS The key may contain subkeys.
485 * KEY_ENUMERATE_SUB_KEYS Subkeys can be queried.
486 * KEY_NOTIFY
487 * KEY_CREATE_LINK A symbolic link to the key can be created.
488 * ObjectAttributes = The name of the key may be specified directly in the name field
489 * of object attributes or relative to a key in rootdirectory.
490 * TitleIndex = Might specify the position in the sequential order of subkeys.
491 * Class = Specifies the kind of data, for example REG_SZ for string data. [ ??? ]
492 * CreateOptions = Specifies additional options with which the key is created
493 * REG_OPTION_VOLATILE The key is not preserved across boots.
494 * REG_OPTION_NON_VOLATILE The key is preserved accross boots.
495 * REG_OPTION_CREATE_LINK The key is a symbolic link to another key.
496 * REG_OPTION_BACKUP_RESTORE Key is being opened or created for backup/restore operations.
497 * Disposition = Indicates if the call to NtCreateKey resulted in the creation of a key it
498 * can have the following values: REG_CREATED_NEW_KEY | REG_OPENED_EXISTING_KEY
499 * RETURNS:
500 * Status
501 */
502
503 NTSTATUS
504 STDCALL
505 NtCreateKey(
506 OUT PHANDLE KeyHandle,
507 IN ACCESS_MASK DesiredAccess,
508 IN POBJECT_ATTRIBUTES ObjectAttributes,
509 IN ULONG TitleIndex,
510 IN PUNICODE_STRING Class OPTIONAL,
511 IN ULONG CreateOptions,
512 IN PULONG Disposition OPTIONAL
513 );
514
515 NTSTATUS
516 STDCALL
517 ZwCreateKey(
518 OUT PHANDLE KeyHandle,
519 IN ACCESS_MASK DesiredAccess,
520 IN POBJECT_ATTRIBUTES ObjectAttributes,
521 IN ULONG TitleIndex,
522 IN PUNICODE_STRING Class OPTIONAL,
523 IN ULONG CreateOptions,
524 IN PULONG Disposition OPTIONAL
525 );
526
527
528 //NtCreateMailslotFile
529
530 /*
531 * FUNCTION: Creates or opens a mutex
532 * ARGUMENTS:
533 * MutantHandle (OUT) = Caller supplied storage for the resulting handle
534 * DesiredAccess = Specifies the allowed or desired access to the port
535 * ObjectAttributes = Contains the name of the mutex.
536 * InitialOwner = If true the calling thread acquires ownership
537 * of the mutex.
538 * REMARKS: This funciton maps to the win32 function CreateMutex
539 * RETURNS:
540 * Status
541 */
542 NTSTATUS
543 STDCALL
544 NtCreateMutant(
545 OUT PHANDLE MutantHandle,
546 IN ACCESS_MASK DesiredAccess,
547 IN OBJECT_ATTRIBUTES ObjectAttributes,
548 IN BOOLEAN InitialOwner
549 );
550
551 NTSTATUS
552 STDCALL
553 ZwCreateMutant(
554 OUT PHANDLE MutantHandle,
555 IN ACCESS_MASK DesiredAccess,
556 IN OBJECT_ATTRIBUTES ObjectAttributes,
557 IN BOOLEAN InitialOwner
558 );
559
560 //NtCreateNamedPipeFile
561
562 /*
563 * FUNCTION: Creates a paging file.
564 * ARGUMENTS:
565 * PageFileName = Name of the pagefile
566 * MinimumSize = Specifies the minimum size
567 * MaximumSize = Specifies the maximum size
568 * ActualSize(OUT) = Specifies the actual size
569 * RETURNS: Status
570 */
571
572 NTSTATUS
573 STDCALL
574 NtCreatePagingFile(
575 IN PUNICODE_STRING PageFileName,
576 IN ULONG MiniumSize,
577 IN ULONG MaxiumSize,
578 OUT PULONG ActualSize
579 );
580
581 NTSTATUS
582 STDCALL
583 ZwCreatePagingFile(
584 IN PUNICODE_STRING PageFileName,
585 IN ULONG MiniumSize,
586 IN ULONG MaxiumSize,
587 OUT PULONG ActualSize
588 );
589
590 /*
591 * FUNCTION: Creates a process.
592 * ARGUMENTS:
593 * ProcessHandle (OUT) = Caller supplied storage for the resulting handle
594 * DesiredAccess = Specifies the allowed or desired access to the process can
595 * be a combinate of STANDARD_RIGHTS_REQUIRED| ..
596 * ObjectAttribute = Initialized attributes for the object, contains the rootdirectory and the filename
597 * ParentProcess = Handle to the parent process.
598 * InheritObjectTable = Specifies to inherit the objects of the parent process if true.
599 * SectionHandle = Handle to a section object to back the image file
600 * DebugPort = Handle to a DebugPort if NULL the system default debug port will be used.
601 * ExceptionPort = Handle to a exception port.
602 * REMARKS:
603 * This function maps to the win32 CreateProcess.
604 * RETURNS: Status
605 */
606 NTSTATUS
607 STDCALL
608 NtCreateProcess(
609 OUT PHANDLE ProcessHandle,
610 IN ACCESS_MASK DesiredAccess,
611 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
612 IN HANDLE ParentProcess,
613 IN BOOLEAN InheritObjectTable,
614 IN HANDLE SectionHandle OPTIONAL,
615 IN HANDLE DebugPort OPTIONAL,
616 IN HANDLE ExceptionPort OPTIONAL
617 );
618
619 NTSTATUS
620 STDCALL
621 ZwCreateProcess(
622 OUT PHANDLE ProcessHandle,
623 IN ACCESS_MASK DesiredAccess,
624 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
625 IN HANDLE ParentProcess,
626 IN BOOLEAN InheritObjectTable,
627 IN HANDLE SectionHandle OPTIONAL,
628 IN HANDLE DebugPort OPTIONAL,
629 IN HANDLE ExceptionPort OPTIONAL
630 );
631
632 /*
633 * FUNCTION: Creates a section object.
634 * ARGUMENTS:
635 * SectionHandle (OUT) = Caller supplied storage for the resulting handle
636 * DesiredAccess = Specifies the desired access to the section can be a combination of STANDARD_RIGHTS_REQUIRED | SECTION_QUERY | SECTION_MAP_WRITE |
637 * SECTION_MAP_READ | SECTION_MAP_EXECUTE.
638 * ObjectAttribute = Initialized attributes for the object can be used to create a named section
639 * MaxiumSize = Maximizes the size of the memory section. Must be non-NULL for a page-file backed section.
640 * If value specified for a mapped file and the file is not large enough, file will be extended.
641 * SectionPageProtection = Can be a combination of PAGE_READONLY | PAGE_READWRITE | PAGE_WRITEONLY | PAGE_WRITECOPY.
642 * AllocationAttributes = can be a combination of SEC_IMAGE | SEC_RESERVE
643 * FileHanlde = Handle to a file to create a section mapped to a file instead of a memory backed section.
644 * RETURNS: Status
645 */
646
647 NTSTATUS
648 STDCALL
649 NtCreateSection(
650 OUT PHANDLE SectionHandle,
651 IN ACCESS_MASK DesiredAccess,
652 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
653 IN PLARGE_INTEGER MaximumSize OPTIONAL,
654 IN ULONG SectionPageProtection OPTIONAL,
655 IN ULONG AllocationAttributes,
656 IN HANDLE FileHandle OPTIONAL
657 );
658
659 NTSTATUS
660 STDCALL
661 ZwCreateSection(
662 OUT PHANDLE SectionHandle,
663 IN ACCESS_MASK DesiredAccess,
664 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
665 IN PLARGE_INTEGER MaximumSize OPTIONAL,
666 IN ULONG SectionPageProtection OPTIONAL,
667 IN ULONG AllocationAttributes,
668 IN HANDLE FileHandle OPTIONAL
669 );
670
671 /*
672 * FUNCTION: Creates a semaphore object for interprocess synchronization.
673 * ARGUMENTS:
674 * SemaphoreHandle (OUT) = Caller supplied storage for the resulting handle
675 * DesiredAccess = Specifies the allowed or desired access to the semaphore.
676 * ObjectAttribute = Initialized attributes for the object.
677 * InitialCount = Not necessary zero, might be smaller than zero.
678 * MaximumCount = Maxiumum count the semaphore can reach.
679 * RETURNS: Status
680 * REMARKS:
681 * The semaphore is set to signaled when its count is greater than zero, and non-signaled when its count is zero.
682 */
683
684 //FIXME: should a semaphore's initial count allowed to be smaller than zero ??
685 NTSTATUS
686 STDCALL
687 NtCreateSemaphore(
688 OUT PHANDLE SemaphoreHandle,
689 IN ACCESS_MASK DesiredAccess,
690 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
691 IN ULONG InitialCount,
692 IN ULONG MaximumCount
693 );
694
695 NTSTATUS
696 STDCALL
697 ZwCreateSemaphore(
698 OUT PHANDLE SemaphoreHandle,
699 IN ACCESS_MASK DesiredAccess,
700 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
701 IN ULONG InitialCount,
702 IN ULONG MaximumCount
703 );
704
705 /*
706 * FUNCTION: Creates a symbolic link object
707 * ARGUMENTS:
708 * SymbolicLinkHandle (OUT) = Caller supplied storage for the resulting handle
709 * DesiredAccess = Specifies the allowed or desired access to the thread.
710 * ObjectAttributes = Initialized attributes for the object.
711 * Name = Target name of the symbolic link
712 * RETURNS: Status
713 */
714 NTSTATUS
715 STDCALL
716 NtCreateSymbolicLinkObject(
717 OUT PHANDLE SymbolicLinkHandle,
718 IN ACCESS_MASK DesiredAccess,
719 IN POBJECT_ATTRIBUTES ObjectAttributes,
720 IN PUNICODE_STRING Name
721 );
722
723 NTSTATUS
724 STDCALL
725 ZwCreateSymbolicLinkObject(
726 OUT PHANDLE SymbolicLinkHandle,
727 IN ACCESS_MASK DesiredAccess,
728 IN POBJECT_ATTRIBUTES ObjectAttributes,
729 IN PUNICODE_STRING Name
730 );
731
732 /*
733 * FUNCTION: Creates a user mode thread
734 * ARGUMENTS:
735 * ThreadHandle (OUT) = Caller supplied storage for the resulting handle
736 * DesiredAccess = Specifies the allowed or desired access to the thread.
737 * ObjectAttributes = Initialized attributes for the object.
738 * ProcessHandle = Handle to the threads parent process.
739 * ClientId (OUT) = Caller supplies storage for returned process id and thread id.
740 * ThreadContext = Initial processor context for the thread.
741 * InitialTeb = Initial user mode stack context for the thread.
742 * CreateSuspended = Specifies if the thread is ready for scheduling
743 * REMARKS:
744 * This function maps to the win32 function CreateThread.
745 * RETURNS: Status
746 */
747 NTSTATUS
748 STDCALL
749 NtCreateThread(
750 OUT PHANDLE ThreadHandle,
751 IN ACCESS_MASK DesiredAccess,
752 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
753 IN HANDLE ProcessHandle,
754 OUT PCLIENT_ID ClientId,
755 IN PCONTEXT ThreadContext,
756 IN PINITIAL_TEB InitialTeb,
757 IN BOOLEAN CreateSuspended
758 );
759
760 NTSTATUS
761 STDCALL
762 ZwCreateThread(
763 OUT PHANDLE ThreadHandle,
764 IN ACCESS_MASK DesiredAccess,
765 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
766 IN HANDLE ProcessHandle,
767 OUT PCLIENT_ID ClientId,
768 IN PCONTEXT ThreadContext,
769 IN PINITIAL_TEB InitialTeb,
770 IN BOOLEAN CreateSuspended
771 );
772 /*
773 * FUNCTION: Creates a waitable timer.
774 * ARGUMENTS:
775 * TimerHandle (OUT) = Caller supplied storage for the resulting handle
776 * DesiredAccess = Specifies the allowed or desired access to the timer.
777 * ObjectAttributes = Initialized attributes for the object.
778 * TimerType = Specifies if the timer should be reset manually.
779 * REMARKS:
780 * This function maps to the win32 CreateWaitableTimer. lpTimerAttributes and lpTimerName map to
781 * corresponding fields in OBJECT_ATTRIBUTES structure.
782 * RETURNS: Status
783 */
784
785 NTSTATUS
786 STDCALL
787 NtCreateTimer(
788 OUT PHANDLE TimerHandle,
789 IN ACCESS_MASK DesiredAccess,
790 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
791 IN CINT TimerType
792 );
793
794 NTSTATUS
795 STDCALL
796 ZwCreateTimer(
797 OUT PHANDLE TimerHandle,
798 IN ACCESS_MASK DesiredAccess,
799 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
800 IN CINT TimerType
801 );
802
803
804 /*
805 * FUNCTION: Returns the callers thread TEB.
806 * RETURNS: The resulting teb.
807 */
808 NT_TEB *
809 STDCALL
810 NtCurrentTeb(VOID
811 );
812
813 /*
814 * FUNCTION: Delays the execution of the calling thread.
815 * ARGUMENTS:
816 * Alertable = If TRUE the thread is alertable during is wait period
817 * Interval = Specifies the interval to wait.
818 * RETURNS: Status
819 */
820 NTSTATUS
821 STDCALL
822 NtDelayExecution(
823 IN BOOLEAN Alertable,
824 IN TIME *Interval
825 );
826
827 NTSTATUS
828 STDCALL
829 ZwDelayExecution(
830 IN BOOLEAN Alertable,
831 IN TIME *Interval
832 );
833
834
835 /*
836 * FUNCTION: Deletes an atom from the global atom table
837 * ARGUMENTS:
838 * Atom = Identifies the atom to delete
839 * REMARKS:
840 * The function maps to the win32 GlobalDeleteAtom
841 * RETURNS: Status
842 */
843 NTSTATUS
844 STDCALL
845 NtDeleteAtom(
846 IN ATOM Atom
847 );
848
849 NTSTATUS
850 STDCALL
851 ZwDeleteAtom(
852 IN ATOM Atom
853 );
854
855 /*
856 * FUNCTION: Deletes a file
857 * ARGUMENTS:
858 * ObjectAttributes = Name of the file which should be deleted
859 * REMARKS:
860 * This system call is functionally equivalent to NtSetInformationFile
861 * setting the disposition information.
862 * The function maps to the win32 DeleteFile.
863 * RETURNS: Status
864 */
865 NTSTATUS
866 STDCALL
867 NtDeleteFile(
868 IN POBJECT_ATTRIBUTES ObjectAttributes
869 );
870
871 NTSTATUS
872 STDCALL
873 ZwDeleteFile(
874 IN POBJECT_ATTRIBUTES ObjectAttributes
875 );
876
877 /*
878 * FUNCTION: Deletes a registry key
879 * ARGUMENTS:
880 * KeyHandle = Handle of the key
881 * RETURNS: Status
882 */
883 NTSTATUS
884 STDCALL
885 NtDeleteKey(
886 IN HANDLE KeyHandle
887 );
888 NTSTATUS
889 STDCALL
890 ZwDeleteKey(
891 IN HANDLE KeyHandle
892 );
893
894 /*
895 * FUNCTION: Deletes a value from a registry key
896 * ARGUMENTS:
897 * KeyHandle = Handle of the key
898 * ValueName = Name of the value to delete
899 * RETURNS: Status
900 */
901
902 NTSTATUS
903 STDCALL
904 NtDeleteValueKey(
905 IN HANDLE KeyHandle,
906 IN PUNICODE_STRING ValueName
907 );
908
909 NTSTATUS
910 STDCALL
911 ZwDeleteValueKey(
912 IN HANDLE KeyHandle,
913 IN PUNICODE_STRING ValueName
914 );
915 /*
916 * FUNCTION: Sends IOCTL to the io sub system
917 * ARGUMENTS:
918 * DeviceHandle = Points to the handle that is created by NtCreateFile
919 * Event = Event to synchronize on STATUS_PENDING
920 * ApcRoutine = Asynchroneous procedure callback
921 * ApcContext = Callback context.
922 * IoStatusBlock = Caller should supply storage for extra information..
923 * IoControlCode = Contains the IO Control command. This is an
924 * index to the structures in InputBuffer and OutputBuffer.
925 * InputBuffer = Caller should supply storage for input buffer if IOTL expects one.
926 * InputBufferSize = Size of the input bufffer
927 * OutputBuffer = Caller should supply storage for output buffer if IOTL expects one.
928 * OutputBufferSize = Size of the input bufffer
929 * RETURNS: Status
930 */
931
932 NTSTATUS
933 STDCALL
934 NtDeviceIoControlFile(
935 IN HANDLE DeviceHandle,
936 IN HANDLE Event OPTIONAL,
937 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL,
938 IN PVOID UserApcContext OPTIONAL,
939 OUT PIO_STATUS_BLOCK IoStatusBlock,
940 IN ULONG IoControlCode,
941 IN PVOID InputBuffer,
942 IN ULONG InputBufferSize,
943 OUT PVOID OutputBuffer,
944 IN ULONG OutputBufferSize
945 );
946
947 NTSTATUS
948 STDCALL
949 ZwDeviceIoControlFile(
950 IN HANDLE DeviceHandle,
951 IN HANDLE Event OPTIONAL,
952 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL,
953 IN PVOID UserApcContext OPTIONAL,
954 OUT PIO_STATUS_BLOCK IoStatusBlock,
955 IN ULONG IoControlCode,
956 IN PVOID InputBuffer,
957 IN ULONG InputBufferSize,
958 OUT PVOID OutputBuffer,
959 IN ULONG OutputBufferSize
960 );
961 /*
962 * FUNCTION: Displays a string on the blue screen
963 * ARGUMENTS:
964 * DisplayString = The string to display
965 * RETURNS: Status
966 */
967
968 NTSTATUS
969 STDCALL
970 NtDisplayString(
971 IN PUNICODE_STRING DisplayString
972 );
973
974 NTSTATUS
975 STDCALL
976 ZwDisplayString(
977 IN PUNICODE_STRING DisplayString
978 );
979
980 /*
981 * FUNCTION: Copies a handle from one process space to another
982 * ARGUMENTS:
983 * SourceProcessHandle = The source process owning the handle. The source process should have opened
984 * the SourceHandle with PROCESS_DUP_HANDLE access.
985 * SourceHandle = The handle to the object.
986 * TargetProcessHandle = The destination process owning the handle
987 * TargetHandle (OUT) = Caller should supply storage for the duplicated handle.
988 * DesiredAccess = The desired access to the handle.
989 * InheritHandle = Indicates wheter the new handle will be inheritable or not.
990 * Options = Specifies special actions upon duplicating the handle. Can be
991 * one of the values DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS.
992 * DUPLICATE_CLOSE_SOURCE specifies that the source handle should be
993 * closed after duplicating. DUPLICATE_SAME_ACCESS specifies to ignore
994 * the DesiredAccess paramter and just grant the same access to the new
995 * handle.
996 * RETURNS: Status
997 * REMARKS: This function maps to the win32 DuplicateHandle.
998 */
999
1000 NTSTATUS
1001 STDCALL
1002 NtDuplicateObject(
1003 IN HANDLE SourceProcessHandle,
1004 IN PHANDLE SourceHandle,
1005 IN HANDLE TargetProcessHandle,
1006 OUT PHANDLE TargetHandle,
1007 IN ACCESS_MASK DesiredAccess,
1008 IN BOOLEAN InheritHandle,
1009 ULONG Options
1010 );
1011
1012 NTSTATUS
1013 STDCALL
1014 ZwDuplicateObject(
1015 IN HANDLE SourceProcessHandle,
1016 IN PHANDLE SourceHandle,
1017 IN HANDLE TargetProcessHandle,
1018 OUT PHANDLE TargetHandle,
1019 IN ACCESS_MASK DesiredAccess,
1020 IN BOOLEAN InheritHandle,
1021 ULONG Options
1022 );
1023 /*
1024 * FUNCTION: Returns information about the subkeys of an open key
1025 * ARGUMENTS:
1026 * KeyHandle = Handle of the key whose subkeys are to enumerated
1027 * Index = zero based index of the subkey for which information is
1028 * request
1029 * KeyInformationClass = Type of information returned
1030 * KeyInformation (OUT) = Caller allocated buffer for the information
1031 * about the key
1032 * Length = Length in bytes of the KeyInformation buffer
1033 * ResultLength (OUT) = Caller allocated storage which holds
1034 * the number of bytes of information retrieved
1035 * on return
1036 * RETURNS: Status
1037 */
1038 NTSTATUS
1039 STDCALL
1040 NtEnumerateKey(
1041 IN HANDLE KeyHandle,
1042 IN ULONG Index,
1043 IN KEY_INFORMATION_CLASS KeyInformationClass,
1044 OUT PVOID KeyInformation,
1045 IN ULONG Length,
1046 OUT PULONG ResultLength
1047 );
1048
1049 NTSTATUS
1050 STDCALL
1051 ZwEnumerateKey(
1052 IN HANDLE KeyHandle,
1053 IN ULONG Index,
1054 IN KEY_INFORMATION_CLASS KeyInformationClass,
1055 OUT PVOID KeyInformation,
1056 IN ULONG Length,
1057 OUT PULONG ResultLength
1058 );
1059 /*
1060 * FUNCTION: Returns information about the value entries of an open key
1061 * ARGUMENTS:
1062 * KeyHandle = Handle of the key whose value entries are to enumerated
1063 * Index = zero based index of the subkey for which information is
1064 * request
1065 * KeyInformationClass = Type of information returned
1066 * KeyInformation (OUT) = Caller allocated buffer for the information
1067 * about the key
1068 * Length = Length in bytes of the KeyInformation buffer
1069 * ResultLength (OUT) = Caller allocated storage which holds
1070 * the number of bytes of information retrieved
1071 * on return
1072 * RETURNS: Status
1073 */
1074 NTSTATUS
1075 STDCALL
1076 NtEnumerateValueKey(
1077 IN HANDLE KeyHandle,
1078 IN ULONG Index,
1079 IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass,
1080 OUT PVOID KeyValueInformation,
1081 IN ULONG Length,
1082 OUT PULONG ResultLength
1083 );
1084
1085 NTSTATUS
1086 STDCALL
1087 ZwEnumerateValueKey(
1088 IN HANDLE KeyHandle,
1089 IN ULONG Index,
1090 IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass,
1091 OUT PVOID KeyValueInformation,
1092 IN ULONG Length,
1093 OUT PULONG ResultLength
1094 );
1095 /*
1096 * FUNCTION: Extends a section
1097 * ARGUMENTS:
1098 * SectionHandle = Handle to the section
1099 * NewMaximumSize = Adjusted size
1100 * RETURNS: Status
1101 */
1102 NTSTATUS
1103 STDCALL
1104 NtExtendSection(
1105 IN HANDLE SectionHandle,
1106 IN ULONG NewMaximumSize
1107 );
1108 NTSTATUS
1109 STDCALL
1110 ZwExtendSection(
1111 IN HANDLE SectionHandle,
1112 IN ULONG NewMaximumSize
1113 );
1114
1115 /*
1116 * FUNCTION: Finds a atom
1117 * ARGUMENTS:
1118 * Atom = Caller supplies storage for the resulting atom
1119 * AtomString = String to search for.
1120 * RETURNS: Status
1121 * REMARKS:
1122 * This funciton maps to the win32 GlobalFindAtom
1123 */
1124 NTSTATUS
1125 STDCALL
1126 NtFindAtom(
1127 OUT ATOM *Atom,
1128 IN PUNICODE_STRING AtomString
1129 );
1130
1131 NTSTATUS
1132 STDCALL
1133 ZwFindAtom(
1134 OUT ATOM *Atom,
1135 IN PUNICODE_STRING AtomString
1136 );
1137 /*
1138 * FUNCTION: Flushes chached file data to disk
1139 * ARGUMENTS:
1140 * FileHandle = Points to the file
1141 * IoStatusBlock = Caller must supply storage to receive the result of the flush
1142 * buffers operation. The information field is set to number of bytes
1143 * flushed to disk.
1144 * RETURNS: Status
1145 * REMARKS:
1146 * This funciton maps to the win32 FlushFileBuffers
1147 */
1148 NTSTATUS
1149 STDCALL
1150 NtFlushBuffersFile(
1151 IN HANDLE FileHandle,
1152 OUT PIO_STATUS_BLOCK IoStatusBlock
1153 );
1154
1155 NTSTATUS
1156 STDCALL
1157 ZwFlushBuffersFile(
1158 IN HANDLE FileHandle,
1159 OUT PIO_STATUS_BLOCK IoStatusBlock
1160 );
1161 /*
1162 * FUNCTION: Flushes a the processors instruction cache
1163 * ARGUMENTS:
1164 * ProcessHandle = Points to the process owning the cache
1165 * BaseAddress = // might this be a image address ????
1166 * NumberOfBytesToFlush =
1167 * RETURNS: Status
1168 * REMARKS:
1169 * This funciton is used by debuggers
1170 */
1171 NTSTATUS
1172 STDCALL
1173 NtFlushInstructionCache(
1174 IN HANDLE ProcessHandle,
1175 IN PVOID BaseAddress,
1176 IN UINT NumberOfBytesToFlush
1177 );
1178 NTSTATUS
1179 STDCALL
1180 ZwFlushInstructionCache(
1181 IN HANDLE ProcessHandle,
1182 IN PVOID BaseAddress,
1183 IN UINT NumberOfBytesToFlush
1184 );
1185 /*
1186 * FUNCTION: Flushes a registry key to disk
1187 * ARGUMENTS:
1188 * KeyHandle = Points to the registry key handle
1189 * RETURNS: Status
1190 * REMARKS:
1191 * This funciton maps to the win32 RegFlushKey.
1192 */
1193 NTSTATUS
1194 STDCALL
1195 NtFlushKey(
1196 IN HANDLE KeyHandle
1197 );
1198
1199 NTSTATUS
1200 STDCALL
1201 ZwFlushKey(
1202 IN HANDLE KeyHandle
1203 );
1204
1205 /*
1206 * FUNCTION: Flushes virtual memory to file
1207 * ARGUMENTS:
1208 * ProcessHandle = Points to the process that allocated the virtual memory
1209 * BaseAddress = Points to the memory address
1210 * NumberOfBytesToFlush = Limits the range to flush,
1211 * NumberOfBytesFlushed = Actual number of bytes flushed
1212 * RETURNS: Status
1213 * REMARKS:
1214 * Check return status on STATUS_NOT_MAPPED_DATA
1215 */
1216 NTSTATUS
1217 STDCALL
1218 NtFlushVirtualMemory(
1219 IN HANDLE ProcessHandle,
1220 IN PVOID BaseAddress,
1221 IN ULONG NumberOfBytesToFlush,
1222 OUT PULONG NumberOfBytesFlushed OPTIONAL
1223 );
1224 NTSTATUS
1225 STDCALL
1226 ZwFlushVirtualMemory(
1227 IN HANDLE ProcessHandle,
1228 IN PVOID BaseAddress,
1229 IN ULONG NumberOfBytesToFlush,
1230 OUT PULONG NumberOfBytesFlushed OPTIONAL
1231 );
1232 /*
1233 * FUNCTION: Flushes the dirty pages to file
1234 * RETURNS: Status
1235 */
1236 NTSTATUS
1237 STDCALL
1238 NtFlushWriteBuffer (
1239 VOID
1240 );
1241 NTSTATUS
1242 STDCALL
1243 ZwFlushWriteBuffer (
1244 VOID
1245 );
1246 /*
1247 * FUNCTION: Frees a range of virtual memory
1248 * ARGUMENTS:
1249 * ProcessHandle = Points to the process that allocated the virtual memory
1250 * BaseAddress = Points to the memory address, rounded down to a multiple of the pagesize
1251 * RegionSize = Limits the range to free, rounded up to a multiple of the paging size
1252 * FreeType = Can be one of the values: MEM_DECOMMIT, or MEM_RELEASE
1253 * RETURNS: Status
1254 */
1255
1256 NTSTATUS
1257 STDCALL
1258 NtFreeVirtualMemory(
1259 IN HANDLE ProcessHandle,
1260 IN PVOID *BaseAddress,
1261 IN ULONG RegionSize,
1262 IN ULONG FreeType
1263 );
1264
1265 NTSTATUS
1266 STDCALL
1267 ZwFreeVirtualMemory(
1268 IN HANDLE ProcessHandle,
1269 IN PVOID *BaseAddress,
1270 IN ULONG RegionSize,
1271 IN ULONG FreeType
1272 );
1273
1274 /*
1275 * FUNCTION: Sends FSCTL to the filesystem
1276 * ARGUMENTS:
1277 * DeviceHandle = Points to the handle that is created by NtCreateFile
1278 * Event = Event to synchronize on STATUS_PENDING
1279 * ApcRoutine =
1280 * ApcContext =
1281 * IoStatusBlock = Caller should supply storage for
1282 * IoControlCode = Contains the File System Control command. This is an
1283 * index to the structures in InputBuffer and OutputBuffer.
1284 * FSCTL_GET_RETRIEVAL_POINTERS MAPPING_PAIR
1285 * FSCTL_GET_RETRIEVAL_POINTERS GET_RETRIEVAL_DESCRIPTOR
1286 * FSCTL_GET_VOLUME_BITMAP BITMAP_DESCRIPTOR
1287 * FSCTL_MOVE_FILE MOVEFILE_DESCRIPTOR
1288 *
1289 * InputBuffer = Caller should supply storage for input buffer if FCTL expects one.
1290 * InputBufferSize = Size of the input bufffer
1291 * OutputBuffer = Caller should supply storage for output buffer if FCTL expects one.
1292 * OutputBufferSize = Size of the input bufffer
1293 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES |
1294 * STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST ]
1295 */
1296 NTSTATUS
1297 STDCALL
1298 NtFsControlFile(
1299 IN HANDLE DeviceHandle,
1300 IN HANDLE Event OPTIONAL,
1301 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
1302 IN PVOID ApcContext OPTIONAL,
1303 OUT PIO_STATUS_BLOCK IoStatusBlock,
1304 IN ULONG IoControlCode,
1305 IN PVOID InputBuffer,
1306 IN ULONG InputBufferSize,
1307 OUT PVOID OutputBuffer,
1308 IN ULONG OutputBufferSize
1309 );
1310
1311 NTSTATUS
1312 STDCALL
1313 ZwFsControlFile(
1314 IN HANDLE DeviceHandle,
1315 IN HANDLE Event OPTIONAL,
1316 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
1317 IN PVOID ApcContext OPTIONAL,
1318 OUT PIO_STATUS_BLOCK IoStatusBlock,
1319 IN ULONG IoControlCode,
1320 IN PVOID InputBuffer,
1321 IN ULONG InputBufferSize,
1322 OUT PVOID OutputBuffer,
1323 IN ULONG OutputBufferSize
1324 );
1325
1326 /*
1327 * FUNCTION: Retrieves the processor context of a thread
1328 * ARGUMENTS:
1329 * ThreadHandle = Handle to a thread
1330 * Context (OUT) = Caller allocated storage for the processor context
1331 * RETURNS: Status
1332 */
1333
1334 NTSTATUS
1335 STDCALL
1336 NtGetContextThread(
1337 IN HANDLE ThreadHandle,
1338 OUT PCONTEXT Context
1339 );
1340
1341 NTSTATUS
1342 STDCALL
1343 ZwGetContextThread(
1344 IN HANDLE ThreadHandle,
1345 OUT PCONTEXT Context
1346 );
1347 /*
1348 * FUNCTION: Retrieves the uptime of the system
1349 * ARGUMENTS:
1350 * UpTime = Number of clock ticks since boot.
1351 * RETURNS: Status
1352 */
1353 NTSTATUS
1354 STDCALL
1355 NtGetTickCount(
1356 PULONG UpTime
1357 );
1358
1359 NTSTATUS
1360 STDCALL
1361 ZwGetTickCount(
1362 PULONG UpTime
1363 );
1364
1365 //-- NtImpersonateThread
1366
1367 /*
1368 * FUNCTION: Initializes the registry.
1369 * ARGUMENTS:
1370 * SetUpBoot = This parameter is true for a setup boot.
1371 * RETURNS: Status
1372 */
1373 NTSTATUS
1374 STDCALL
1375 NtInitializeRegistry(
1376 BOOLEAN SetUpBoot
1377 );
1378 NTSTATUS
1379 STDCALL
1380 ZwInitializeRegistry(
1381 BOOLEAN SetUpBoot
1382 );
1383
1384 /*
1385 * FUNCTION: Loads a driver.
1386 * ARGUMENTS:
1387 * DriverServiceName = Name of the driver to load
1388 * RETURNS: Status
1389 */
1390 NTSTATUS
1391 STDCALL
1392 NtLoadDriver(
1393 IN PUNICODE_STRING DriverServiceName
1394 );
1395
1396 NTSTATUS
1397 STDCALL
1398 ZwLoadDriver(
1399 IN PUNICODE_STRING DriverServiceName
1400 );
1401
1402 //-- NtLoadKey2
1403 /*
1404 * FUNCTION: Loads a registry key.
1405 * ARGUMENTS:
1406 * KeyHandle = Handle to the registry key
1407 ObjectAttributes = ???
1408 * REMARK:
1409 This procedure maps to the win32 procedure RegLoadKey
1410 * RETURNS: Status
1411 */
1412 NTSTATUS
1413 STDCALL
1414 NtLoadKey(
1415 PHANDLE KeyHandle,
1416 OBJECT_ATTRIBUTES ObjectAttributes
1417 );
1418 NTSTATUS
1419 STDCALL
1420 ZwLoadKey(
1421 PHANDLE KeyHandle,
1422 OBJECT_ATTRIBUTES ObjectAttributes
1423 );
1424 /*
1425 * FUNCTION: Locks a range of bytes in a file.
1426 * ARGUMENTS:
1427 * FileHandle = Handle to the file
1428 * Event = Should be null if apc is specified.
1429 * ApcRoutine = Asynchroneous Procedure Callback
1430 * ApcContext = Argument to the callback
1431 * IoStatusBlock (OUT) = Caller should supply storage for a structure containing
1432 * the completion status and information about the requested lock operation.
1433 * ByteOffset = Offset
1434 * Length = Number of bytes to lock.
1435 * Key = Special value to give other threads the possibility to unlock the file
1436 by supplying the key in a call to NtUnlockFile.
1437 * FailImmediatedly = If false the request will block untill the lock is obtained.
1438 * ExclusiveLock = Specifies whether a exclusive or a shared lock is obtained.
1439 * REMARK:
1440 This procedure maps to the win32 procedure LockFileEx. STATUS_PENDING is returned if the lock could
1441 not be obtained immediately, the device queue is busy and the IRP is queued.
1442 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES |
1443 STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_LOCK_NOT_GRANTED ]
1444
1445 */
1446 NTSTATUS
1447 STDCALL
1448 NtLockFile(
1449 IN HANDLE FileHandle,
1450 IN HANDLE Event OPTIONAL,
1451 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
1452 IN PVOID ApcContext OPTIONAL,
1453 OUT PIO_STATUS_BLOCK IoStatusBlock,
1454 IN PLARGE_INTEGER ByteOffset,
1455 IN PLARGE_INTEGER Length,
1456 IN PULONG Key,
1457 IN BOOLEAN FailImmediatedly,
1458 IN BOOLEAN ExclusiveLock
1459 );
1460
1461 NTSTATUS
1462 STDCALL
1463 ZwLockFile(
1464 IN HANDLE FileHandle,
1465 IN HANDLE Event OPTIONAL,
1466 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
1467 IN PVOID ApcContext OPTIONAL,
1468 OUT PIO_STATUS_BLOCK IoStatusBlock,
1469 IN PLARGE_INTEGER ByteOffset,
1470 IN PLARGE_INTEGER Length,
1471 IN PULONG Key,
1472 IN BOOLEAN FailImmediatedly,
1473 IN BOOLEAN ExclusiveLock
1474 );
1475 /*
1476 * FUNCTION: Locks a range of virtual memory.
1477 * ARGUMENTS:
1478 * ProcessHandle = Handle to the process
1479 * BaseAddress = Lower boundary of the range of bytes to lock.
1480 * NumberOfBytesLock = Offset to the upper boundary.
1481 * NumberOfBytesLocked (OUT) = Number of bytes actually locked.
1482 * REMARK:
1483 This procedure maps to the win32 procedure VirtualLock
1484 * RETURNS: Status [STATUS_SUCCESS | STATUS_WAS_LOCKED ]
1485 */
1486 NTSTATUS
1487 STDCALL
1488 NtLockVirtualMemory(
1489 HANDLE ProcessHandle,
1490 PVOID BaseAddress,
1491 ULONG NumberOfBytesToLock,
1492 PULONG NumberOfBytesLocked
1493 );
1494 NTSTATUS
1495 STDCALL
1496 ZwLockVirtualMemory(
1497 HANDLE ProcessHandle,
1498 PVOID BaseAddress,
1499 ULONG NumberOfBytesToLock,
1500 PULONG NumberOfBytesLocked
1501 );
1502 /*
1503 * FUNCTION: Makes temporary object that will be removed at next boot.
1504 * ARGUMENTS:
1505 * Handle = Handle to object
1506 * RETURNS: Status
1507 */
1508
1509 NTSTATUS
1510 STDCALL
1511 NtMakeTemporaryObject(
1512 IN HANDLE Handle
1513 );
1514
1515 NTSTATUS
1516 STDCALL
1517 ZwMakeTemporaryObject(
1518 IN HANDLE Handle
1519 );
1520 /*
1521 * FUNCTION: Maps a view of a section into the virtual address space of a
1522 * process
1523 * ARGUMENTS:
1524 * SectionHandle = Handle of the section
1525 * ProcessHandle = Handle of the process
1526 * BaseAddress = Desired base address (or NULL) on entry
1527 * Actual base address of the view on exit
1528 * ZeroBits = Number of high order address bits that must be zero
1529 * CommitSize = Size in bytes of the initially committed section of
1530 * the view
1531 * SectionOffset = Offset in bytes from the beginning of the section
1532 * to the beginning of the view
1533 * ViewSize = Desired length of map (or zero to map all) on entry
1534 * Actual length mapped on exit
1535 * InheritDisposition = Specified how the view is to be shared with
1536 * child processes
1537 * AllocateType = Type of allocation for the pages
1538 * Protect = Protection for the committed region of the view
1539 * RETURNS: Status
1540 */
1541 NTSTATUS
1542 STDCALL
1543 NtMapViewOfSection(
1544 IN HANDLE SectionHandle,
1545 IN HANDLE ProcessHandle,
1546 IN OUT PVOID *BaseAddress,
1547 IN ULONG ZeroBits,
1548 IN ULONG CommitSize,
1549 IN OUT PLARGE_INTEGER SectionOffset OPTIONAL,
1550 IN OUT PULONG ViewSize,
1551 IN SECTION_INHERIT InheritDisposition,
1552 IN ULONG AllocationType,
1553 IN ULONG AccessProtection
1554 );
1555
1556 NTSTATUS
1557 STDCALL
1558 ZwMapViewOfSection(
1559 IN HANDLE SectionHandle,
1560 IN HANDLE ProcessHandle,
1561 IN OUT PVOID *BaseAddress,
1562 IN ULONG ZeroBits,
1563 IN ULONG CommitSize,
1564 IN OUT PLARGE_INTEGER SectionOffset OPTIONAL,
1565 IN OUT PULONG ViewSize,
1566 IN SECTION_INHERIT InheritDisposition,
1567 IN ULONG AllocationType,
1568 IN ULONG AccessProtection
1569 );
1570
1571 /*
1572 * FUNCTION: Installs a notify for the change of a directory's contents
1573 * ARGUMENTS:
1574 * FileHandle = Handle to the directory
1575 Event =
1576 * ApcRoutine = Start address
1577 * ApcContext = Delimits the range of virtual memory
1578 * for which the new access protection holds
1579 * IoStatusBlock = The new access proctection for the pages
1580 * Buffer = Caller supplies storage for resulting information --> FILE_NOTIFY_INFORMATION
1581 * BufferSize = Size of the buffer
1582 CompletionFilter = Can be one of the following values:
1583 FILE_NOTIFY_CHANGE_FILE_NAME
1584 FILE_NOTIFY_CHANGE_DIR_NAME
1585 FILE_NOTIFY_CHANGE_NAME ( FILE_NOTIFY_CHANGE_FILE_NAME | FILE_NOTIFY_CHANGE_DIR_NAME )
1586 FILE_NOTIFY_CHANGE_ATTRIBUTES
1587 FILE_NOTIFY_CHANGE_SIZE
1588 FILE_NOTIFY_CHANGE_LAST_WRITE
1589 FILE_NOTIFY_CHANGE_LAST_ACCESS
1590 FILE_NOTIFY_CHANGE_CREATION ( change of creation timestamp )
1591 FILE_NOTIFY_CHANGE_EA
1592 FILE_NOTIFY_CHANGE_SECURITY
1593 FILE_NOTIFY_CHANGE_STREAM_NAME
1594 FILE_NOTIFY_CHANGE_STREAM_SIZE
1595 FILE_NOTIFY_CHANGE_STREAM_WRITE
1596 WatchTree = If true the notify will be installed recursively on the targetdirectory and all subdirectories.
1597 *
1598 * REMARKS:
1599 * The function maps to the win32 FindFirstChangeNotification, FindNextChangeNotification
1600 * RETURNS: Status
1601 */
1602 NTSTATUS
1603 STDCALL
1604 NtNotifyChangeDirectoryFile(
1605 IN HANDLE FileHandle,
1606 IN HANDLE Event OPTIONAL,
1607 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
1608 IN PVOID ApcContext OPTIONAL,
1609 OUT PIO_STATUS_BLOCK IoStatusBlock,
1610 OUT PVOID Buffer,
1611 IN ULONG BufferSize,
1612 IN ULONG CompletionFilter,
1613 IN BOOLEAN WatchTree
1614 );
1615
1616 NTSTATUS
1617 STDCALL
1618 ZwNotifyChangeDirectoryFile(
1619 IN HANDLE FileHandle,
1620 IN HANDLE Event OPTIONAL,
1621 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
1622 IN PVOID ApcContext OPTIONAL,
1623 OUT PIO_STATUS_BLOCK IoStatusBlock,
1624 OUT PVOID Buffer,
1625 IN ULONG BufferSize,
1626 IN ULONG CompletionFilter,
1627 IN BOOLEAN WatchTree
1628 );
1629
1630 /*
1631 * FUNCTION: Installs a notfication callback on registry changes
1632 * ARGUMENTS:
1633 KeyHandle = Handle to the registry key
1634 Event = Event that should be signalled on modification of the key
1635 ApcRoutine = Routine that should be called on modification of the key
1636 ApcContext = Argument to the ApcRoutine
1637 IoStatusBlock = ???
1638 CompletionFilter = Specifies the kind of notification the caller likes to receive.
1639 Can be a combination of the following values:
1640
1641 REG_NOTIFY_CHANGE_NAME
1642 REG_NOTIFY_CHANGE_ATTRIBUTES
1643 REG_NOTIFY_CHANGE_LAST_SET
1644 REG_NOTIFY_CHANGE_SECURITY
1645
1646
1647 Asynchroneous = If TRUE the changes are reported by signalling an event if false
1648 the function will not return before a change occurs.
1649 ChangeBuffer = Will return the old value
1650 Length = Size of the change buffer
1651 WatchSubtree = Indicates if the caller likes to receive a notification of changes in
1652 sub keys or not.
1653 * REMARKS: If the key is closed the event is signalled aswell.
1654 * RETURNS: Status
1655 */
1656
1657 NTSTATUS
1658 STDCALL
1659 NtNotifyChangeKey(
1660 IN HANDLE KeyHandle,
1661 IN HANDLE Event,
1662 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
1663 IN PVOID ApcContext OPTIONAL,
1664 OUT PIO_STATUS_BLOCK IoStatusBlock,
1665 IN ULONG CompletionFilter,
1666 IN BOOLEAN Asynchroneous,
1667 OUT PVOID ChangeBuffer,
1668 IN ULONG Length,
1669 IN BOOLEAN WatchSubtree
1670 );
1671
1672 NTSTATUS
1673 STDCALL
1674 ZwNotifyChangeKey(
1675 IN HANDLE KeyHandle,
1676 IN HANDLE Event,
1677 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
1678 IN PVOID ApcContext OPTIONAL,
1679 OUT PIO_STATUS_BLOCK IoStatusBlock,
1680 IN ULONG CompletionFilter,
1681 IN BOOLEAN Asynchroneous,
1682 OUT PVOID ChangeBuffer,
1683 IN ULONG Length,
1684 IN BOOLEAN WatchSubtree
1685 );
1686
1687 /*
1688 * FUNCTION: Opens an existing directory object
1689 * ARGUMENTS:
1690 * FileHandle (OUT) = Caller supplied storage for the resulting handle
1691 * DesiredAccess = Requested access to the directory
1692 * ObjectAttributes = Initialized attributes for the object
1693 * RETURNS: Status
1694 */
1695
1696 NTSTATUS
1697 STDCALL
1698 NtOpenDirectoryObject(
1699 OUT PHANDLE FileHandle,
1700 IN ACCESS_MASK DesiredAccess,
1701 IN POBJECT_ATTRIBUTES ObjectAttributes
1702 );
1703 NTSTATUS
1704 STDCALL
1705 ZwOpenDirectoryObject(
1706 OUT PHANDLE FileHandle,
1707 IN ACCESS_MASK DesiredAccess,
1708 IN POBJECT_ATTRIBUTES ObjectAttributes
1709 );
1710
1711 /*
1712 * FUNCTION: Opens an existing event
1713 * ARGUMENTS:
1714 * EventHandle (OUT) = Caller supplied storage for the resulting handle
1715 * DesiredAccess = Requested access to the event
1716 * ObjectAttributes = Initialized attributes for the object
1717 * RETURNS: Status
1718 */
1719 NTSTATUS
1720 STDCALL
1721 NtOpenEvent(
1722 OUT PHANDLE EventHandle,
1723 IN ACCESS_MASK DesiredAccess,
1724 IN POBJECT_ATTRIBUTES ObjectAttributes
1725 );
1726
1727 NTSTATUS
1728 STDCALL
1729 ZwOpenEvent(
1730 OUT PHANDLE EventHandle,
1731 IN ACCESS_MASK DesiredAccess,
1732 IN POBJECT_ATTRIBUTES ObjectAttributes
1733 );
1734 /*
1735 * FUNCTION: Opens an existing file
1736 * ARGUMENTS:
1737 * FileHandle (OUT) = Caller supplied storage for the resulting handle
1738 * DesiredAccess = Requested access to the file
1739 * ObjectAttributes = Initialized attributes for the object
1740 * IoStatusBlock =
1741 * ShareAccess =
1742 * OpenOptions =
1743 * RETURNS: Status
1744 */
1745 NTSTATUS
1746 STDCALL
1747 NtOpenFile(
1748 OUT PHANDLE FileHandle,
1749 IN ACCESS_MASK DesiredAccess,
1750 IN POBJECT_ATTRIBUTES ObjectAttributes,
1751 OUT PIO_STATUS_BLOCK IoStatusBlock,
1752 IN ULONG ShareAccess,
1753 IN ULONG OpenOptions
1754 );
1755
1756 NTSTATUS
1757 STDCALL
1758 ZwOpenFile(
1759 OUT PHANDLE FileHandle,
1760 IN ACCESS_MASK DesiredAccess,
1761 IN POBJECT_ATTRIBUTES ObjectAttributes,
1762 OUT PIO_STATUS_BLOCK IoStatusBlock,
1763 IN ULONG ShareAccess,
1764 IN ULONG OpenOptions
1765 );
1766
1767 /*
1768 * FUNCTION: Opens an existing io completion object
1769 * ARGUMENTS:
1770 * CompletionPort (OUT) = Caller supplied storage for the resulting handle
1771 * DesiredAccess = Requested access to the io completion object
1772 * ObjectAttributes = Initialized attributes for the object
1773 * RETURNS: Status
1774 */
1775
1776 NTSTATUS
1777 STDCALL
1778 NtOpenIoCompletion(
1779 OUT PHANDLE CompetionPort,
1780 IN ACCESS_MASK DesiredAccess,
1781 IN POBJECT_ATTRIBUTES ObjectAttributes
1782 );
1783
1784 NTSTATUS
1785 STDCALL
1786 ZwOpenIoCompletion(
1787 OUT PHANDLE CompetionPort,
1788 IN ACCESS_MASK DesiredAccess,
1789 IN POBJECT_ATTRIBUTES ObjectAttributes
1790 );
1791
1792 /*
1793 * FUNCTION: Opens an existing key in the registry
1794 * ARGUMENTS:
1795 * KeyHandle (OUT) = Caller supplied storage for the resulting handle
1796 * DesiredAccess = Requested access to the key
1797 * ObjectAttributes = Initialized attributes for the object
1798 * RETURNS: Status
1799 */
1800 NTSTATUS
1801 STDCALL
1802 NtOpenKey(
1803 OUT PHANDLE KeyHandle,
1804 IN ACCESS_MASK DesiredAccess,
1805 IN POBJECT_ATTRIBUTES ObjectAttributes
1806 );
1807
1808 NTSTATUS
1809 STDCALL
1810 ZwOpenKey(
1811 OUT PHANDLE KeyHandle,
1812 IN ACCESS_MASK DesiredAccess,
1813 IN POBJECT_ATTRIBUTES ObjectAttributes
1814 );
1815 /*
1816 * FUNCTION: Opens an existing key in the registry
1817 * ARGUMENTS:
1818 * MutantHandle (OUT) = Caller supplied storage for the resulting handle
1819 * DesiredAccess = Requested access to the mutant
1820 * ObjectAttribute = Initialized attributes for the object
1821 * RETURNS: Status
1822 */
1823 NTSTATUS
1824 STDCALL
1825 NtOpenMutant(
1826 OUT PHANDLE MutantHandle,
1827 IN ACCESS_MASK DesiredAccess,
1828 IN POBJECT_ATTRIBUTES ObjectAttributes
1829 );
1830 NTSTATUS
1831 STDCALL
1832 ZwOpenMutant(
1833 OUT PHANDLE MutantHandle,
1834 IN ACCESS_MASK DesiredAccess,
1835 IN POBJECT_ATTRIBUTES ObjectAttributes
1836 );
1837
1838 /*
1839 * FUNCTION: Opens an existing process
1840 * ARGUMENTS:
1841 * ProcessHandle (OUT) = Caller supplied storage for the resulting handle
1842 * DesiredAccess = Requested access to the process
1843 * ObjectAttribute = Initialized attributes for the object
1844 * ClientId = Identifies the process id to open
1845 * RETURNS: Status
1846 */
1847 NTSTATUS
1848 STDCALL
1849 NtOpenProcess (
1850 OUT PHANDLE ProcessHandle,
1851 IN ACCESS_MASK DesiredAccess,
1852 IN POBJECT_ATTRIBUTES ObjectAttributes,
1853 IN PCLIENT_ID ClientId
1854 );
1855 NTSTATUS
1856 STDCALL
1857 ZwOpenProcess (
1858 OUT PHANDLE ProcessHandle,
1859 IN ACCESS_MASK DesiredAccess,
1860 IN POBJECT_ATTRIBUTES ObjectAttributes,
1861 IN PCLIENT_ID ClientId
1862 );
1863 /*
1864 * FUNCTION: Opens an existing section object
1865 * ARGUMENTS:
1866 * KeyHandle (OUT) = Caller supplied storage for the resulting handle
1867 * DesiredAccess = Requested access to the key
1868 * ObjectAttribute = Initialized attributes for the object
1869 * RETURNS: Status
1870 */
1871 NTSTATUS
1872 STDCALL
1873 NtOpenSection(
1874 OUT PHANDLE SectionHandle,
1875 IN ACCESS_MASK DesiredAccess,
1876 IN POBJECT_ATTRIBUTES ObjectAttributes
1877 );
1878 NTSTATUS
1879 STDCALL
1880 ZwOpenSection(
1881 OUT PHANDLE SectionHandle,
1882 IN ACCESS_MASK DesiredAccess,
1883 IN POBJECT_ATTRIBUTES ObjectAttributes
1884 );
1885 /*
1886 * FUNCTION: Opens an existing semaphore
1887 * ARGUMENTS:
1888 * SemaphoreHandle (OUT) = Caller supplied storage for the resulting handle
1889 * DesiredAccess = Requested access to the semaphore
1890 * ObjectAttribute = Initialized attributes for the object
1891 * RETURNS: Status
1892 */
1893 NTSTATUS
1894 STDCALL
1895 NtOpenSemaphore(
1896 IN HANDLE SemaphoreHandle,
1897 IN ACCESS_MASK DesiredAcces,
1898 IN POBJECT_ATTRIBUTES ObjectAttributes
1899 );
1900 NTSTATUS
1901 STDCALL
1902 ZwOpenSemaphore(
1903 IN HANDLE SemaphoreHandle,
1904 IN ACCESS_MASK DesiredAcces,
1905 IN POBJECT_ATTRIBUTES ObjectAttributes
1906 );
1907 /*
1908 * FUNCTION: Opens an existing symbolic link
1909 * ARGUMENTS:
1910 * SymbolicLinkHandle (OUT) = Caller supplied storage for the resulting handle
1911 * DesiredAccess = Requested access to the symbolic link
1912 * ObjectAttribute = Initialized attributes for the object
1913 * RETURNS: Status
1914 */
1915 NTSTATUS
1916 STDCALL
1917 NtOpenSymbolicLinkObject(
1918 OUT PHANDLE SymbolicLinkHandle,
1919 IN ACCESS_MASK DesiredAccess,
1920 IN POBJECT_ATTRIBUTES ObjectAttributes
1921 );
1922 NTSTATUS
1923 STDCALL
1924 ZwOpenSymbolicLinkObject(
1925 OUT PHANDLE SymbolicLinkHandle,
1926 IN ACCESS_MASK DesiredAccess,
1927 IN POBJECT_ATTRIBUTES ObjectAttributes
1928 );
1929 /*
1930 * FUNCTION: Opens an existing thread
1931 * ARGUMENTS:
1932 * ThreadHandle (OUT) = Caller supplied storage for the resulting handle
1933 * DesiredAccess = Requested access to the thread
1934 * ObjectAttribute = Initialized attributes for the object
1935 * ClientId = Identifies the thread to open.
1936 * RETURNS: Status
1937 */
1938 NTSTATUS
1939 STDCALL
1940 NtOpenThread(
1941 OUT PHANDLE ThreadHandle,
1942 IN ACCESS_MASK DesiredAccess,
1943 IN POBJECT_ATTRIBUTES ObjectAttributes,
1944 IN PCLIENT_ID ClientId
1945 );
1946 NTSTATUS
1947 STDCALL
1948 ZwOpenThread(
1949 OUT PHANDLE ThreadHandle,
1950 IN ACCESS_MASK DesiredAccess,
1951 IN POBJECT_ATTRIBUTES ObjectAttributes,
1952 IN PCLIENT_ID ClientId
1953 );
1954 /*
1955 * FUNCTION: Opens an existing timer
1956 * ARGUMENTS:
1957 * TimerHandle (OUT) = Caller supplied storage for the resulting handle
1958 * DesiredAccess = Requested access to the timer
1959 * ObjectAttribute = Initialized attributes for the object
1960 * RETURNS: Status
1961 */
1962 NTSTATUS
1963 STDCALL
1964 NtOpenTimer(
1965 OUT PHANDLE TimerHandle,
1966 IN ACCESS_MASK DesiredAccess,
1967 IN POBJECT_ATTRIBUTES ObjectAttributes
1968 );
1969 NTSTATUS
1970 STDCALL
1971 ZwOpenTimer(
1972 OUT PHANDLE TimerHandle,
1973 IN ACCESS_MASK DesiredAccess,
1974 IN POBJECT_ATTRIBUTES ObjectAttributes
1975 );
1976 /*
1977 * FUNCTION: Entry point for native applications
1978 * ARGUMENTS:
1979 * Argument = Arguments passed to the application by the system [ at boot time ]
1980 * REMARKS:
1981 * Native applications should use this function instead of a main. Calling proces should terminate itself.
1982 * RETURNS: Status
1983 */
1984 void NtProcessStartup(
1985 IN PSTARTUP_ARGUMENT Argument
1986 );
1987
1988 /*
1989 * FUNCTION: Set the access protection of a range of virtual memory
1990 * ARGUMENTS:
1991 * ProcessHandle = Handle to process owning the virtual address space
1992 * BaseAddress = Start address
1993 * NumberOfBytesToProtect = Delimits the range of virtual memory
1994 * for which the new access protection holds
1995 * NewAccessProtection = The new access proctection for the pages
1996 * OldAccessProtection = Caller should supply storage for the old
1997 * access protection
1998 *
1999 * REMARKS:
2000 * The function maps to the win32 VirtualProtectEx
2001 * RETURNS: Status
2002 */
2003 NTSTATUS
2004 STDCALL
2005 NtProtectVirtualMemory(
2006 IN HANDLE ProcessHandle,
2007 IN PVOID BaseAddress,
2008 IN ULONG NumberOfBytesToProtect,
2009 IN ULONG NewAccessProtection,
2010 OUT PULONG OldAccessProtection
2011 );
2012 NTSTATUS
2013 STDCALL
2014 ZwProtectVirtualMemory(
2015 IN HANDLE ProcessHandle,
2016 IN PVOID BaseAddress,
2017 IN ULONG NumberOfBytesToProtect,
2018 IN ULONG NewAccessProtection,
2019 OUT PULONG OldAccessProtection
2020 );
2021
2022
2023 /*
2024 * FUNCTION: Signals an event and resets it afterwards.
2025 * ARGUMENTS:
2026 * EventHandle = Handle to the event
2027 * PulseCount = Number of times the action is repeated
2028 * RETURNS: Status
2029 */
2030 NTSTATUS
2031 STDCALL
2032 NtPulseEvent(
2033 IN HANDLE EventHandle,
2034 IN PULONG PulseCount OPTIONAL
2035 );
2036
2037 NTSTATUS
2038 STDCALL
2039 ZwPulseEvent(
2040 IN HANDLE EventHandle,
2041 IN PULONG PulseCount OPTIONAL
2042 );
2043
2044 /*
2045 * FUNCTION: Queries the attributes of a file
2046 * ARGUMENTS:
2047 * FileHandle = Handle to the file
2048 * Buffer = Caller supplies storage for the attributes
2049 * RETURNS: Status
2050 */
2051
2052 NTSTATUS
2053 STDCALL
2054 NtQueryAttributesFile(
2055 IN HANDLE FileHandle,
2056 IN PVOID Buffer
2057 );
2058
2059 NTSTATUS
2060 STDCALL
2061 ZwQueryAttributesFile(
2062 IN HANDLE FileHandle,
2063 IN PVOID Buffer
2064 );
2065
2066
2067 /*
2068 * FUNCTION: Queries a directory file.
2069 * ARGUMENTS:
2070 * FileHandle = Handle to a directory file
2071 * EventHandle = Handle to the event signaled on completion
2072 * ApcRoutine = Asynchroneous procedure callback, called on completion
2073 * ApcContext = Argument to the apc.
2074 * IoStatusBlock = Caller supplies storage for extended status information.
2075 * FileInformation = Caller supplies storage for the resulting information.
2076 *
2077 * FileNameInformation FILE_NAMES_INFORMATION
2078 * FileDirectoryInformation FILE_DIRECTORY_INFORMATION
2079 * FileFullDirectoryInformation FILE_FULL_DIRECTORY_INFORMATION
2080 * FileBothDirectoryInformation FILE_BOTH_DIR_INFORMATION
2081 *
2082 * Length = Size of the storage supplied
2083 * FileInformationClass = Indicates the type of information requested.
2084 * ReturnSingleEntry = Specify true if caller only requests the first directory found.
2085 * FileName = Initial directory name to query, that may contain wild cards.
2086 * RestartScan = Number of times the action should be repeated
2087 * RETURNS: Status [ STATUS_SUCCESS, STATUS_ACCESS_DENIED, STATUS_INSUFFICIENT_RESOURCES,
2088 * STATUS_INVALID_PARAMETER, STATUS_INVALID_DEVICE_REQUEST, STATUS_BUFFER_OVERFLOW,
2089 * STATUS_INVALID_INFO_CLASS, STATUS_NO_SUCH_FILE, STATUS_NO_MORE_FILES ]
2090 */
2091
2092 NTSTATUS
2093 STDCALL
2094 NtQueryDirectoryFile(
2095 IN HANDLE FileHandle,
2096 IN HANDLE Event OPTIONAL,
2097 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
2098 IN PVOID ApcContext OPTIONAL,
2099 OUT PIO_STATUS_BLOCK IoStatusBlock,
2100 OUT PVOID FileInformation,
2101 IN ULONG Length,
2102 IN FILE_INFORMATION_CLASS FileInformationClass,
2103 IN BOOLEAN ReturnSingleEntry,
2104 IN PUNICODE_STRING FileName OPTIONAL,
2105 IN BOOLEAN RestartScan
2106 );
2107
2108 NTSTATUS
2109 STDCALL
2110 ZwQueryDirectoryFile(
2111 IN HANDLE FileHandle,
2112 IN HANDLE Event OPTIONAL,
2113 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
2114 IN PVOID ApcContext OPTIONAL,
2115 OUT PIO_STATUS_BLOCK IoStatusBlock,
2116 OUT PVOID FileInformation,
2117 IN ULONG Length,
2118 IN FILE_INFORMATION_CLASS FileInformationClass,
2119 IN BOOLEAN ReturnSingleEntry,
2120 IN PUNICODE_STRING FileName OPTIONAL,
2121 IN BOOLEAN RestartScan
2122 );
2123
2124 /*
2125 * FUNCTION: Query information about the content of a directory object
2126 * ARGUMENTS:
2127 DirObjInformation = Buffer must be large enough to hold the name strings too
2128 GetNextIndex = If TRUE :return the index of the next object in this directory in ObjectIndex
2129 If FALSE: return the number of objects in this directory in ObjectIndex
2130 IgnoreInputIndex= If TRUE: ignore input value of ObjectIndex always start at index 0
2131 If FALSE use input value of ObjectIndex
2132 ObjectIndex = zero based index of object in the directory depends on GetNextIndex and IgnoreInputIndex
2133 DataWritten = Actual size of the ObjectIndex ???
2134 * RETURNS: Status
2135 */
2136 NTSTATUS
2137 STDCALL
2138 NtQueryDirectoryObject(
2139 IN HANDLE DirObjHandle,
2140 OUT POBJDIR_INFORMATION DirObjInformation,
2141 IN ULONG BufferLength,
2142 IN BOOLEAN GetNextIndex,
2143 IN BOOLEAN IgnoreInputIndex,
2144 IN OUT PULONG ObjectIndex,
2145 OUT PULONG DataWritten OPTIONAL
2146 );
2147
2148 NTSTATUS
2149 STDCALL
2150 ZwQueryDirectoryObject(
2151 IN HANDLE DirObjHandle,
2152 OUT POBJDIR_INFORMATION DirObjInformation,
2153 IN ULONG BufferLength,
2154 IN BOOLEAN GetNextIndex,
2155 IN BOOLEAN IgnoreInputIndex,
2156 IN OUT PULONG ObjectIndex,
2157 OUT PULONG DataWritten OPTIONAL
2158 );
2159
2160 /*
2161 * FUNCTION: Queries the extended attributes of a file
2162 * ARGUMENTS:
2163 * FileHandle = Handle to the event
2164 * IoStatusBlock = Number of times the action is repeated
2165 * Buffer
2166 * Length
2167 * ReturnSingleEntry
2168 * EaList
2169 * EaListLength
2170 * EaIndex
2171 * RestartScan
2172 * RETURNS: Status
2173 */
2174
2175 NTSTATUS
2176 STDCALL
2177 NtQueryEaFile(
2178 IN HANDLE FileHandle,
2179 OUT PIO_STATUS_BLOCK IoStatusBlock,
2180 OUT PVOID Buffer,
2181 IN ULONG Length,
2182 IN BOOLEAN ReturnSingleEntry,
2183 IN PVOID EaList OPTIONAL,
2184 IN ULONG EaListLength,
2185 IN PULONG EaIndex OPTIONAL,
2186 IN BOOLEAN RestartScan
2187 );
2188
2189 NTSTATUS
2190 STDCALL
2191 ZwQueryEaFile(
2192 IN HANDLE FileHandle,
2193 OUT PIO_STATUS_BLOCK IoStatusBlock,
2194 OUT PVOID Buffer,
2195 IN ULONG Length,
2196 IN BOOLEAN ReturnSingleEntry,
2197 IN PVOID EaList OPTIONAL,
2198 IN ULONG EaListLength,
2199 IN PULONG EaIndex OPTIONAL,
2200 IN BOOLEAN RestartScan
2201 );
2202 /*
2203 * FUNCTION: Queries an event
2204 * ARGUMENTS:
2205 * EventHandle = Handle to the event
2206 * EventInformationClass = Index of the information structure
2207
2208 EventBasicInformation EVENT_BASIC_INFORMATION
2209
2210 * EventInformation = Caller supplies storage for the information structure
2211 * EventInformationLength = Size of the information structure
2212 * ReturnLength = Data written
2213 * RETURNS: Status
2214 */
2215
2216
2217 NTSTATUS
2218 STDCALL
2219 NtQueryEvent(
2220 IN HANDLE EventHandle,
2221 IN CINT EventInformationClass,
2222 OUT PVOID EventInformation,
2223 IN ULONG EventInformationLength,
2224 OUT PULONG ReturnLength
2225 );
2226
2227 NTSTATUS
2228 STDCALL
2229 ZwQueryEvent(
2230 IN HANDLE EventHandle,
2231 IN CINT EventInformationClass,
2232 OUT PVOID EventInformation,
2233 IN ULONG EventInformationLength,
2234 OUT PULONG ReturnLength
2235 );
2236 NTSTATUS
2237 STDCALL
2238 NtQueryFullAttributesFile(
2239 IN HANDLE FileHandle,
2240 IN PVOID Attributes
2241 );
2242 NTSTATUS
2243 STDCALL
2244 ZwQueryFullAttributesFile(
2245 IN HANDLE FileHandle,
2246 IN PVOID Attributes
2247 );
2248
2249 NTSTATUS
2250 STDCALL
2251 NtQueryInformationAtom(
2252 IN HANDLE AtomHandle,
2253 IN CINT AtomInformationClass,
2254 OUT PVOID AtomInformation,
2255 IN ULONG AtomInformationLength,
2256 OUT PULONG ReturnLength
2257 );
2258 NTSTATUS
2259 STDCALL
2260 NtQueryInformationAtom(
2261 IN HANDLE AtomHandle,
2262 IN CINT AtomInformationClass,
2263 OUT PVOID AtomInformation,
2264 IN ULONG AtomInformationLength,
2265 OUT PULONG ReturnLength
2266 );
2267
2268
2269
2270 /*
2271 * FUNCTION: Queries the information of a file object.
2272 * ARGUMENTS:
2273 * FileHandle = Handle to the file object
2274 * IoStatusBlock = Caller supplies storage for extended information
2275 * on the current operation.
2276 * FileInformation = Storage for the new file information
2277 * Lenght = Size of the storage for the file information.
2278 * FileInformationClass = Indicates which file information is queried
2279
2280 FileDirectoryInformation FILE_DIRECTORY_INFORMATION
2281 FileFullDirectoryInformation FILE_FULL_DIRECTORY_INFORMATION
2282 FileBothDirectoryInformation FILE_BOTH_DIRECTORY_INFORMATION
2283 FileBasicInformation FILE_BASIC_INFORMATION
2284 FileStandardInformation FILE_STANDARD_INFORMATION
2285 FileInternalInformation FILE_INTERNAL_INFORMATION
2286 FileEaInformation FILE_EA_INFORMATION
2287 FileAccessInformation FILE_ACCESS_INFORMATION
2288 FileNameInformation FILE_NAME_INFORMATION
2289 FileRenameInformation FILE_RENAME_INFORMATION
2290 FileLinkInformation
2291 FileNamesInformation FILE_NAMES_INFORMATION
2292 FileDispositionInformation FILE_DISPOSITION_INFORMATION
2293 FilePositionInformation FILE_POSITION_INFORMATION
2294 FileFullEaInformation FILE_FULL_EA_INFORMATION
2295 FileModeInformation FILE_MODE_INFORMATION
2296 FileAlignmentInformation FILE_ALIGNMENT_INFORMATION
2297 FileAllInformation FILE_ALL_INFORMATION
2298 FileAllocationInformation FILE_ALLOCATION_INFORMATION
2299 FileEndOfFileInformation FILE_END_OF_FILE_INFORMATION
2300 FileAlternateNameInformation
2301 FileStreamInformation FILE_STREAM_INFORMATION
2302 FilePipeInformation
2303 FilePipeLocalInformation
2304 FilePipeRemoteInformation
2305 FileMailslotQueryInformation
2306 FileMailslotSetInformation
2307 FileCompressionInformation FILE_COMPRESSION_INFORMATION
2308 FileCopyOnWriteInformation
2309 FileCompletionInformation IO_COMPLETION_CONTEXT
2310 FileMoveClusterInformation
2311 FileOleClassIdInformation
2312 FileOleStateBitsInformation
2313 FileNetworkOpenInformation FILE_NETWORK_OPEN_INFORMATION
2314 FileObjectIdInformation
2315 FileOleAllInformation
2316 FileOleDirectoryInformation
2317 FileContentIndexInformation
2318 FileInheritContentIndexInformation
2319 FileOleInformation
2320 FileMaximumInformation
2321
2322 * REMARK:
2323 * This procedure maps to the win32 GetShortPathName, GetLongPathName,
2324 GetFullPathName, GetFileType, GetFileSize, GetFileTime functions.
2325 * RETURNS: Status
2326 */
2327 NTSTATUS
2328 STDCALL
2329 NtQueryInformationFile(
2330 IN HANDLE FileHandle,
2331 OUT PIO_STATUS_BLOCK IoStatusBlock,
2332 OUT PVOID FileInformation,
2333 IN ULONG Length,
2334 IN FILE_INFORMATION_CLASS FileInformationClass
2335 );
2336
2337 NTSTATUS ZwQueryInformationFile(HANDLE FileHandle,
2338 PIO_STATUS_BLOCK IoStatusBlock,
2339 PVOID FileInformation,
2340 ULONG Length,
2341 FILE_INFORMATION_CLASS FileInformationClass);
2342
2343 /*
2344 * FUNCTION: Queries the information of a process object.
2345 * ARGUMENTS:
2346 * ProcessHandle = Handle to the process object
2347 * ProcessInformation = Index to a certain information structure
2348
2349 ProcessBasicInformation PROCESS_BASIC_INFORMATION
2350 ProcessQuotaLimits QUOTA_LIMITS
2351 ProcessIoCounters IO_COUNTERS
2352 ProcessVmCounters VM_COUNTERS
2353 ProcessTimes KERNEL_USER_TIMES
2354 ProcessBasePriority KPRIORITY
2355 ProcessRaisePriority KPRIORITY
2356 ProcessDebugPort HANDLE
2357 ProcessExceptionPort HANDLE
2358 ProcessAccessToken PROCESS_ACCESS_TOKEN
2359 ProcessLdtInformation LDT_ENTRY ??
2360 ProcessLdtSize ULONG
2361 ProcessDefaultHardErrorMode ULONG
2362 ProcessIoPortHandlers // kernel mode only
2363 ProcessPooledUsageAndLimits POOLED_USAGE_AND_LIMITS
2364 ProcessWorkingSetWatch PROCESS_WS_WATCH_INFORMATION
2365 ProcessUserModeIOPL (I/O Privilege Level)
2366 ProcessEnableAlignmentFaultFixup BOOLEAN
2367 ProcessPriorityClass ULONG
2368 ProcessWx86Information ULONG
2369 ProcessHandleCount ULONG
2370 ProcessAffinityMask ULONG
2371 ProcessPooledQuotaLimits QUOTA_LIMITS
2372 MaxProcessInfoClass
2373
2374 * ProcessInformation = Caller supplies storage for the process information structure
2375 * ProcessInformationLength = Size of the process information structure
2376 * ReturnLength = Actual number of bytes written
2377
2378 * REMARK:
2379 * This procedure maps to the win32 GetProcessTimes, GetProcessVersion,
2380 GetProcessWorkingSetSize, GetProcessPriorityBoost, GetProcessAffinityMask, GetPriorityClass,
2381 GetProcessShutdownParameters functions.
2382 * RETURNS: Status
2383 */
2384
2385
2386
2387
2388 NTSTATUS
2389 STDCALL
2390 NtQueryInformationProcess(
2391 IN HANDLE ProcessHandle,
2392 IN CINT ProcessInformationClass,
2393 OUT PVOID ProcessInformation,
2394 IN ULONG ProcessInformationLength,
2395 OUT PULONG ReturnLength
2396 );
2397
2398 NTSTATUS
2399 STDCALL
2400 ZwQueryInformationProcess(
2401 IN HANDLE ProcessHandle,
2402 IN CINT ProcessInformationClass,
2403 OUT PVOID ProcessInformation,
2404 IN ULONG ProcessInformationLength,
2405 OUT PULONG ReturnLength
2406 );
2407
2408
2409
2410 /*
2411 * FUNCTION: Queries the information of a thread object.
2412 * ARGUMENTS:
2413 * ThreadHandle = Handle to the thread object
2414 * ThreadInformationClass = Index to a certain information structure
2415
2416 ThreadBasicInformation THREAD_BASIC_INFORMATION
2417 ThreadTimes KERNEL_USER_TIMES
2418 ThreadPriority KPRIORITY
2419 ThreadBasePriority KPRIORITY
2420 ThreadAffinityMask KAFFINITY
2421 ThreadImpersonationToken
2422 ThreadDescriptorTableEntry
2423 ThreadEnableAlignmentFaultFixup
2424 ThreadEventPair
2425 ThreadQuerySetWin32StartAddress
2426 ThreadZeroTlsCell
2427 ThreadPerformanceCount
2428 ThreadAmILastThread BOOLEAN
2429 ThreadIdealProcessor ULONG
2430 ThreadPriorityBoost ULONG
2431 MaxThreadInfoClass
2432
2433
2434 * ThreadInformation = Caller supplies torage for the thread information
2435 * ThreadInformationLength = Size of the thread information structure
2436 * ReturnLength = Actual number of bytes written
2437
2438 * REMARK:
2439 * This procedure maps to the win32 GetThreadTimes, GetThreadPriority,
2440 GetThreadPriorityBoost functions.
2441 * RETURNS: Status
2442 */
2443
2444
2445 NTSTATUS
2446 STDCALL
2447 NtQueryInformationThread(
2448 IN HANDLE ThreadHandle,
2449 IN THREADINFOCLASS ThreadInformationClass,
2450 OUT PVOID ThreadInformation,
2451 IN ULONG ThreadInformationLength,
2452 OUT PULONG ReturnLength
2453 );
2454
2455 NTSTATUS
2456 STDCALL
2457 ZwQueryIoCompletion(
2458 IN HANDLE CompletionPort,
2459 IN CINT CompletionInformationClass,
2460 OUT PVOID CompletionInformation,
2461 IN ULONG Length,
2462 OUT PULONG ReturnLength
2463 );
2464
2465
2466 /*
2467 * FUNCTION: Queries the information of a registry key object.
2468 * ARGUMENTS:
2469 KeyHandle = Handle to a registry key
2470 KeyInformationClass = Index to a certain information structure
2471 KeyInformation = Caller supplies storage for resulting information
2472 Length = Size of the supplied storage
2473 ResultLength = Bytes written
2474 */
2475 NTSTATUS
2476 STDCALL
2477 NtQueryKey(
2478 IN HANDLE KeyHandle,
2479 IN KEY_INFORMATION_CLASS KeyInformationClass,
2480 OUT PVOID KeyInformation,
2481 IN ULONG Length,
2482 OUT PULONG ResultLength
2483 );
2484
2485 NTSTATUS
2486 STDCALL
2487 ZwQueryKey(
2488 IN HANDLE KeyHandle,
2489 IN KEY_INFORMATION_CLASS KeyInformationClass,
2490 OUT PVOID KeyInformation,
2491 IN ULONG Length,
2492 OUT PULONG ResultLength
2493 );
2494
2495
2496 // draft
2497
2498 NTSTATUS
2499 STDCALL
2500 NtQueryMultipleValueKey(
2501 HANDLE KeyHandle,
2502 PVALENT ListOfValuesToQuery,
2503 ULONG NumberOfItems,
2504 PVOID MultipleValueInformation,
2505 ULONG Length,
2506 PULONG ReturnLength
2507 );
2508
2509 NTSTATUS
2510 STDCALL
2511 ZwQueryMultipleValueKey(
2512 HANDLE KeyHandle,
2513 PVALENT ListOfValuesToQuery,
2514 ULONG NumberOfItems,
2515 PVOID MultipleValueInformation,
2516 ULONG Length,
2517 PULONG ReturnLength
2518 );
2519
2520 /*
2521 * FUNCTION: Queries the information of a mutant object.
2522 * ARGUMENTS:
2523 MutantHandle = Handle to a mutant
2524 MutantInformationClass = Index to a certain information structure
2525 MutantInformation = Caller supplies storage for resulting information
2526 Length = Size of the supplied storage
2527 ResultLength = Bytes written
2528 */
2529 NTSTATUS
2530 STDCALL
2531 NtQueryMutant(
2532 IN HANDLE MutantHandle,
2533 IN CINT MutantInformationClass,
2534 OUT PVOID MutantInformation,
2535 IN ULONG Length,
2536 OUT PULONG ResultLength
2537 );
2538
2539 NTSTATUS
2540 STDCALL
2541 ZwQueryMutant(
2542 IN HANDLE MutantHandle,
2543 IN CINT MutantInformationClass,
2544 OUT PVOID MutantInformation,
2545 IN ULONG Length,
2546 OUT PULONG ResultLength
2547 );
2548 /*
2549 * FUNCTION: Queries the information of a object.
2550 * ARGUMENTS:
2551 ObjectHandle = Handle to a object
2552 ObjectInformationClass = Index to a certain information structure
2553
2554 ObjectBasicInformation
2555 ObjectTypeInformation OBJECT_TYPE_INFORMATION
2556 ObjectNameInformation OBJECT_NAME_INFORMATION
2557 ObjectDataInformation OBJECT_DATA_INFORMATION
2558
2559 ObjectInformation = Caller supplies storage for resulting information
2560 Length = Size of the supplied storage
2561 ResultLength = Bytes written
2562 */
2563
2564 NTSTATUS
2565 STDCALL
2566 NtQueryObject(
2567 IN HANDLE ObjectHandle,
2568 IN CINT ObjectInformationClass,
2569 OUT PVOID ObjectInformation,
2570 IN ULONG Length,
2571 OUT PULONG ResultLength
2572 );
2573 NTSTATUS
2574 STDCALL
2575 ZwQueryObject(
2576 IN HANDLE ObjectHandle,
2577 IN CINT ObjectInformationClass,
2578 OUT PVOID ObjectInformation,
2579 IN ULONG Length,
2580 OUT PULONG ResultLength
2581 );
2582
2583 /*
2584 * FUNCTION: Queries the system ( high-resolution ) performance counter.
2585 * ARGUMENTS:
2586 * Counter = Performance counter
2587 * Frequency = Performance frequency
2588 * REMARKS:
2589 This procedure queries a tick count faster than 10ms ( The resolution for IntelĀ®-based CPUs is about 0.8 microseconds.)
2590 This procedure maps to the win32 QueryPerformanceCounter, QueryPerformanceFrequency
2591 * RETURNS: Status
2592 *
2593 */
2594 NTSTATUS
2595 STDCALL
2596 NtQueryPerformanceCounter(
2597 IN PLARGE_INTEGER Counter,
2598 IN PLARGE_INTEGER Frequency
2599 );
2600
2601 NTSTATUS
2602 STDCALL
2603 ZwQueryPerformanceCounter(
2604 IN PLARGE_INTEGER Counter,
2605 IN PLARGE_INTEGER Frequency
2606 );
2607 /*
2608 * FUNCTION: Queries the information of a section object.
2609 * ARGUMENTS:
2610 * SectionHandle = Handle to the section link object
2611 * SectionInformationClass = Index to a certain information structure
2612 * SectionInformation (OUT)= Caller supplies storage for resulting information
2613 * Length = Size of the supplied storage
2614 * ResultLength = Data written
2615 * RETURNS: Status
2616 *
2617 */
2618 NTSTATUS
2619 STDCALL
2620 NtQuerySection(
2621 IN HANDLE SectionHandle,
2622 IN CINT SectionInformationClass,
2623 OUT PVOID SectionInformation,
2624 IN ULONG Length,
2625 OUT PULONG ResultLength
2626 );
2627 NTSTATUS
2628 STDCALL
2629 ZwQuerySection(
2630 IN HANDLE SectionHandle,
2631 IN CINT SectionInformationClass,
2632 OUT PVOID SectionInformation,
2633 IN ULONG Length,
2634 OUT PULONG ResultLength
2635 );
2636
2637
2638 /*
2639 * FUNCTION: Queries the information of a semaphore.
2640 * ARGUMENTS:
2641 * SemaphoreHandle = Handle to the semaphore object
2642 * SemaphoreInformationClass = Index to a certain information structure
2643
2644 SemaphoreBasicInformation SEMAPHORE_BASIC_INFORMATION
2645
2646 * SemaphoreInformation = Caller supplies storage for the semaphore information structure
2647 * Length = Size of the infomation structure
2648 */
2649
2650 NTSTATUS
2651 STDCALL
2652 NtQuerySemaphore(
2653 HANDLE SemaphoreHandle,
2654 CINT SemaphoreInformationClass,
2655 OUT PVOID SemaphoreInformation,
2656 ULONG Length,
2657 PULONG ReturnLength
2658 );
2659 NTSTATUS
2660 STDCALL
2661 ZwQuerySemaphore(
2662 HANDLE SemaphoreHandle,
2663 CINT SemaphoreInformationClass,
2664 OUT PVOID SemaphoreInformation,
2665 ULONG Length,
2666 PULONG ReturnLength
2667 );
2668
2669 /*
2670 * FUNCTION: Queries the information of a symbolic link object.
2671 * ARGUMENTS:
2672 * SymbolicLinkHandle = Handle to the symbolic link object
2673 * LinkTarget = resolved name of link
2674 * DataWritten = size of the LinkName.
2675 * RETURNS: Status
2676 *
2677 */
2678 NTSTATUS
2679 STDCALL
2680 NtQuerySymbolicLinkObject(
2681 IN HANDLE SymLinkObjHandle,
2682 OUT PUNICODE_STRING LinkTarget,
2683 OUT PULONG DataWritten OPTIONAL
2684 );
2685
2686 NTSTATUS
2687 STDCALL
2688 ZwQuerySymbolicLinkObject(
2689 IN HANDLE SymLinkObjHandle,
2690 OUT PUNICODE_STRING LinkName,
2691 OUT PULONG DataWritten OPTIONAL
2692 );
2693
2694
2695 /*
2696 * FUNCTION: Queries a system environment variable.
2697 * ARGUMENTS:
2698 * Name = Name of the variable
2699 * Value (OUT) = value of the variable
2700 * Length = size of the buffer
2701 * ReturnLength = data written
2702 * RETURNS: Status
2703 *
2704 */
2705 NTSTATUS
2706 STDCALL
2707 NtQuerySystemEnvironmentValue(
2708 IN PUNICODE_STRING Name,
2709 OUT PVOID Value,
2710 ULONG Length,
2711 PULONG ReturnLength
2712 );
2713 NTSTATUS
2714 STDCALL
2715 ZwQuerySystemEnvironmentValue(
2716 IN PUNICODE_STRING Name,
2717 OUT PVOID Value,
2718 ULONG Length,
2719 PULONG ReturnLength
2720 );
2721
2722
2723 /*
2724 * FUNCTION: Queries the system information.
2725 * ARGUMENTS:
2726 * SystemInformationClass = Index to a certain information structure
2727
2728 SystemTimeAdjustmentInformation SYSTEM_TIME_ADJUSTMENT
2729 SystemCacheInformation SYSTEM_CACHE_INFORMATION
2730 SystemConfigurationInformation CONFIGURATION_INFORMATION
2731
2732 * SystemInformation = caller supplies storage for the information structure
2733 * Length = size of the structure
2734 ResultLength = Data written
2735 * RETURNS: Status
2736 *
2737 */
2738 NTSTATUS
2739 STDCALL
2740 NtQuerySystemInformation(
2741 IN CINT SystemInformationClass,
2742 OUT PVOID SystemInformation,
2743 IN ULONG Length,
2744 OUT PULONG ResultLength
2745 );
2746 NTSTATUS
2747 STDCALL
2748 ZwQuerySystemInformation(
2749 IN CINT SystemInformationClass,
2750 OUT PVOID SystemInformation,
2751 IN ULONG Length,
2752 OUT PULONG ResultLength
2753 );
2754
2755 /*
2756 * FUNCTION: Retrieves the system time
2757 * ARGUMENTS:
2758 * CurrentTime (OUT) = Caller should supply storage for the resulting time.
2759 * RETURNS: Status
2760 *
2761 */
2762
2763 NTSTATUS
2764 STDCALL
2765 NtQuerySystemTime (
2766 OUT TIME *CurrentTime
2767 );
2768
2769 NTSTATUS
2770 STDCALL
2771 ZwQuerySystemTime (
2772 OUT TIME *CurrentTime
2773 );
2774
2775 /*
2776 * FUNCTION: Queries information about a timer
2777 * ARGUMENTS:
2778 * TimerHandle = Handle to the timer
2779 TimerValueInformationClass = Index to a certain information structure
2780 TimerValueInformation = Caller supplies storage for the information structure
2781 Length = Size of the information structure
2782 ResultLength = Data written
2783 * RETURNS: Status
2784 *
2785 */
2786 NTSTATUS
2787 STDCALL
2788 NtQueryTimer(
2789 IN HANDLE TimerHandle,
2790 IN CINT TimerInformationClass,
2791 OUT PVOID TimerInformation,
2792 IN ULONG Length,
2793 OUT PULONG ResultLength
2794 );
2795 NTSTATUS
2796 STDCALL
2797 ZwQueryTimer(
2798 IN HANDLE TimerHandle,
2799 IN CINT TimerInformationClass,
2800 OUT PVOID TimerInformation,
2801 IN ULONG Length,
2802 OUT PULONG ResultLength
2803 );
2804
2805 /*
2806 * FUNCTION: Queries the timer resolution
2807 * ARGUMENTS:
2808 * MinimumResolution (OUT) = Caller should supply storage for the resulting time.
2809 Maximum Resolution (OUT) = Caller should supply storage for the resulting time.
2810 ActualResolution (OUT) = Caller should supply storage for the resulting time.
2811 * RETURNS: Status
2812 *
2813 */
2814
2815
2816 NTSTATUS
2817 STDCALL
2818 NtQueryTimerResolution (
2819 OUT PULONG MinimumResolution,
2820 OUT PULONG MaximumResolution,
2821 OUT PULONG ActualResolution
2822 );
2823
2824 NTSTATUS
2825 STDCALL
2826 ZwQueryTimerResolution (
2827 OUT PULONG MinimumResolution,
2828 OUT PULONG MaximumResolution,
2829 OUT PULONG ActualResolution
2830 );
2831
2832 /*
2833 * FUNCTION: Queries a registry key value
2834 * ARGUMENTS:
2835 * KeyHandle = Handle to the registry key
2836 ValueName = Name of the value in the registry key
2837 KeyValueInformationClass = Index to a certain information structure
2838
2839 KeyValueBasicInformation = KEY_VALUE_BASIC_INFORMATION
2840 KeyValueFullInformation = KEY_FULL_INFORMATION
2841 KeyValuePartialInformation = KEY_VALUE_PARTIAL_INFORMATION
2842
2843 KeyValueInformation = Caller supplies storage for the information structure
2844 Length = Size of the information structure
2845 ResultLength = Data written
2846 * RETURNS: Status
2847 *
2848 */
2849 NTSTATUS
2850 STDCALL
2851 NtQueryValueKey(
2852 IN HANDLE KeyHandle,
2853 IN PUNICODE_STRING ValueName,
2854 IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass,
2855 OUT PVOID KeyValueInformation,
2856 IN ULONG Length,
2857 OUT PULONG ResultLength
2858 );
2859
2860 NTSTATUS
2861 STDCALL
2862 ZwQueryValueKey(
2863 IN HANDLE KeyHandle,
2864 IN PUNICODE_STRING ValueName,
2865 IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass,
2866 OUT PVOID KeyValueInformation,
2867 IN ULONG Length,
2868 OUT PULONG ResultLength
2869 );
2870
2871
2872
2873
2874 /*
2875 * FUNCTION: Queries the virtual memory information.
2876 * ARGUMENTS:
2877 ProcessHandle = Process owning the virtual address space
2878 BaseAddress = Points to the page where the information is queried for.
2879 * VirtualMemoryInformationClass = Index to a certain information structure
2880
2881 MemoryBasicInformation MEMORY_BASIC_INFORMATION
2882
2883 * VirtualMemoryInformation = caller supplies storage for the information structure
2884 * Length = size of the structure
2885 ResultLength = Data written
2886 * RETURNS: Status
2887 *
2888 */
2889
2890 NTSTATUS
2891 STDCALL
2892 NtQueryVirtualMemory(
2893 IN HANDLE ProcessHandle,
2894 IN PVOID Address,
2895 IN IN CINT VirtualMemoryInformationClass,
2896 OUT PVOID VirtualMemoryInformation,
2897 IN ULONG Length,
2898 OUT PULONG ResultLength
2899 );
2900 NTSTATUS
2901 STDCALL
2902 ZwQueryVirtualMemory(
2903 IN HANDLE ProcessHandle,
2904 IN PVOID Address,
2905 IN IN CINT VirtualMemoryInformationClass,
2906 OUT PVOID VirtualMemoryInformation,
2907 IN ULONG Length,
2908 OUT PULONG ResultLength
2909 );
2910
2911 /*
2912 * FUNCTION: Queries the volume information
2913 * ARGUMENTS:
2914 * FileHandle = Handle to a file object on the target volume
2915 ReturnLength = DataWritten
2916 FSInformation = Caller should supply storage for the information structure.
2917 Length = Size of the information structure
2918 FSInformationClass = Index to a information structure
2919
2920 FileFsVolumeInformation FILE_FS_VOLUME_INFORMATION
2921 FileFsLabelInformation FILE_FS_LABEL_INFORMATION
2922 FileFsSizeInformation FILE_FS_SIZE_INFORMATION
2923 FileFsDeviceInformation FILE_FS_DEVICE_INFORMATION
2924 FileFsAttributeInformation FILE_FS_ATTRIBUTE_INFORMATION
2925 FileFsControlInformation
2926 FileFsQuotaQueryInformation --
2927 FileFsQuotaSetInformation --
2928 FileFsMaximumInformation
2929
2930 * RETURNS: Status [ STATUS_SUCCESS | STATUS_INSUFFICIENT_RESOURCES | STATUS_INVALID_PARAMETER |
2931 STATUS_INVALID_DEVICE_REQUEST | STATUS_BUFFER_OVERFLOW ]
2932 *
2933 */
2934 NTSTATUS
2935 STDCALL
2936 NtQueryVolumeInformationFile(
2937 IN HANDLE FileHandle,
2938 OUT PIO_STATUS_BLOCK IoStatusBlock,
2939 OUT PVOID FSInformation,
2940 IN ULONG Length,
2941 IN CINT FSInformationClass
2942 );
2943
2944 NTSTATUS
2945 STDCALL
2946 ZwQueryVolumeInformationFile(
2947 IN HANDLE FileHandle,
2948 OUT PIO_STATUS_BLOCK IoStatusBlock,
2949 OUT PVOID FSInformation,
2950 IN ULONG Length,
2951 IN CINT FSInformationClass
2952 );
2953 // draft
2954 // FIXME: Should I specify if the apc is user or kernel mode somewhere ??
2955 /*
2956 * FUNCTION: Queues a (user) apc to a thread.
2957 * ARGUMENTS:
2958 ThreadHandle = Thread to which the apc is queued.
2959 ApcRoutine = Points to the apc routine
2960 NormalContext = Argument to Apc Routine
2961 * SystemArgument1 = Argument of the Apc Routine
2962 SystemArgument2 = Argument of the Apc Routine
2963 * REMARK: If the apc is queued against a thread of a different process than the calling thread
2964 the apc routine should be specified in the address space of the queued thread's process.
2965 * RETURNS: Status
2966 */
2967
2968 NTSTATUS
2969 STDCALL
2970 NtQueueApcThread(
2971 HANDLE ThreadHandle,
2972 PKNORMAL_ROUTINE ApcRoutine,
2973 PVOID NormalContext,
2974 PVOID SystemArgument1,
2975 PVOID SystemArgument2);
2976
2977 NTSTATUS
2978 STDCALL
2979 ZwQueueApcThread(
2980 HANDLE ThreadHandle,
2981 PKNORMAL_ROUTINE ApcRoutine,
2982 PVOID NormalContext,
2983 PVOID SystemArgument1,
2984 PVOID SystemArgument2);
2985 /*
2986 * FUNCTION: Raises an exception
2987 * ARGUMENTS:
2988 ExceptionRecord = Structure specifying the exception
2989 Context = Context in which the excpetion is raised
2990 * IsDebugger =
2991 * RETURNS: Status
2992 *
2993 */
2994
2995
2996 NTSTATUS
2997 STDCALL
2998 NtRaiseException(
2999 IN PEXCEPTION_RECORD ExceptionRecord,
3000 IN PCONTEXT Context,
3001 IN BOOL IsDebugger OPTIONAL
3002 );
3003
3004 NTSTATUS
3005 STDCALL
3006 ZwRaiseException(
3007 IN PEXCEPTION_RECORD ExceptionRecord,
3008 IN PCONTEXT Context,
3009 IN BOOL IsDebugger OPTIONAL
3010 );
3011
3012 //NtRaiseHardError
3013 /*
3014 * FUNCTION: Read a file
3015 * ARGUMENTS:
3016 FileHandle = Handle of a file to read
3017 Event = This event is signalled when the read operation completes
3018 * UserApcRoutine = Call back , if supplied Event should be NULL
3019 UserApcContext = Argument to the callback
3020 IoStatusBlock = Caller should supply storage for additional status information
3021 Buffer = Caller should supply storage to receive the information
3022 BufferLength = Size of the buffer
3023 ByteOffset = Offset to start reading the file
3024 Key = If a range is lock a matching key will allow the read to continue.
3025 * RETURNS: Status
3026 *
3027 */
3028
3029
3030 NTSTATUS
3031 STDCALL
3032 NtReadFile(
3033 IN HANDLE FileHandle,
3034 IN HANDLE Event OPTIONAL,
3035 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL,
3036 IN PVOID UserApcContext OPTIONAL,
3037 OUT PIO_STATUS_BLOCK IoStatusBlock,
3038 OUT PVOID Buffer,
3039 IN ULONG BufferLength,
3040 IN PLARGE_INTEGER ByteOffset OPTIONAL,
3041 IN PULONG Key OPTIONAL
3042 );
3043
3044 NTSTATUS
3045 STDCALL
3046 ZwReadFile(
3047 IN HANDLE FileHandle,
3048 IN HANDLE Event OPTIONAL,
3049 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL,
3050 IN PVOID UserApcContext OPTIONAL,
3051 OUT PIO_STATUS_BLOCK IoStatusBlock,
3052 OUT PVOID Buffer,
3053 IN ULONG BufferLength,
3054 IN PLARGE_INTEGER ByteOffset OPTIONAL,
3055 IN PULONG Key OPTIONAL
3056 );
3057 /*
3058 * FUNCTION: Read a file using scattered io
3059 * ARGUMENTS:
3060 FileHandle = Handle of a file to read
3061 Event = This event is signalled when the read operation completes
3062 * UserApcRoutine = Call back , if supplied Event should be NULL
3063 UserApcContext = Argument to the callback
3064 IoStatusBlock = Caller should supply storage for additional status information
3065 BufferDescription = Caller should supply storage to receive the information
3066 BufferLength = Size of the buffer
3067 ByteOffset = Offset to start reading the file
3068 Key = Key = If a range is lock a matching key will allow the read to continue.
3069 * RETURNS: Status
3070 *
3071 */
3072 NTSTATUS
3073 STDCALL
3074 NtReadFileScatter(
3075 IN HANDLE FileHandle,
3076 IN HANDLE Event OPTIONAL,
3077 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL,
3078 IN PVOID UserApcContext OPTIONAL,
3079 OUT PIO_STATUS_BLOCK UserIoStatusBlock,
3080 IN FILE_SEGMENT_ELEMENT BufferDescription[],
3081 IN ULONG BufferLength,
3082 IN PLARGE_INTEGER ByteOffset,
3083 IN PULONG Key OPTIONAL
3084 );
3085
3086 NTSTATUS
3087 STDCALL
3088 ZwReadFileScatter(
3089 IN HANDLE FileHandle,
3090 IN HANDLE Event OPTIONAL,
3091 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL,
3092 IN PVOID UserApcContext OPTIONAL,
3093 OUT PIO_STATUS_BLOCK UserIoStatusBlock,
3094 IN FILE_SEGMENT_ELEMENT BufferDescription[],
3095 IN ULONG BufferLength,
3096 IN PLARGE_INTEGER ByteOffset,
3097 IN PULONG Key OPTIONAL
3098 );
3099 /*
3100 * FUNCTION: Copies a range of virtual memory to a buffer
3101 * ARGUMENTS:
3102 * ProcessHandle = Specifies the process owning the virtual address space
3103 * BaseAddress = Points to the address of virtual memory to start the read
3104 * Buffer = Caller supplies storage to copy the virtual memory to.
3105 * NumberOfBytesToRead = Limits the range to read
3106 * NumberOfBytesRead = The actual number of bytes read.
3107 * RETURNS: Status
3108 */
3109
3110 NTSTATUS
3111 STDCALL
3112 NtReadVirtualMemory(
3113 IN HANDLE ProcessHandle,
3114 IN PVOID BaseAddress,
3115 OUT PVOID Buffer,
3116 IN ULONG NumberOfBytesToRead,
3117 OUT PULONG NumberOfBytesRead
3118 );
3119 NTSTATUS
3120 STDCALL
3121 ZwReadVirtualMemory(
3122 IN HANDLE ProcessHandle,
3123 IN PVOID BaseAddress,
3124 OUT PVOID Buffer,
3125 IN ULONG NumberOfBytesToRead,
3126 OUT PULONG NumberOfBytesRead
3127 );
3128
3129
3130 /*
3131 * FUNCTION: Debugger can register for thread termination
3132 * ARGUMENTS:
3133 * TerminationPort = Port on which the debugger likes to be notified.
3134 * RETURNS: Status
3135 */
3136
3137 NTSTATUS
3138 STDCALL
3139 NtRegisterThreadTerminatePort(
3140 HANDLE TerminationPort
3141 );
3142 NTSTATUS
3143 STDCALL
3144 ZwRegisterThreadTerminatePort(
3145 HANDLE TerminationPort
3146 );
3147 /*
3148 * FUNCTION: Releases a mutant
3149 * ARGUMENTS:
3150 * MutantHandle = Handle to the mutant
3151 * ReleaseCount =
3152 * RETURNS: Status
3153 */
3154 NTSTATUS
3155 STDCALL
3156 NtReleaseMutant(
3157 IN HANDLE MutantHandle,
3158 IN PULONG ReleaseCount OPTIONAL
3159 );
3160
3161 NTSTATUS
3162 STDCALL
3163 ZwReleaseMutant(
3164 IN HANDLE MutantHandle,
3165 IN PULONG ReleaseCount OPTIONAL
3166 );
3167 /*
3168 * FUNCTION: Releases a semaphore
3169 * ARGUMENTS:
3170 * SemaphoreHandle = Handle to the semaphore object
3171 * ReleaseCount = Number to decrease the semaphore count
3172 * PreviousCount = Previous semaphore count
3173 * RETURNS: Status
3174 */
3175 NTSTATUS
3176 STDCALL
3177 NtReleaseSemaphore(
3178 IN HANDLE SemaphoreHandle,
3179 IN ULONG ReleaseCount,
3180 IN PULONG PreviousCount
3181 );
3182
3183 NTSTATUS
3184 STDCALL
3185 ZwReleaseSemaphore(
3186 IN HANDLE SemaphoreHandle,
3187 IN ULONG ReleaseCount,
3188 IN PULONG PreviousCount
3189 );
3190 /*
3191 * FUNCTION: Removes an io completion
3192 * ARGUMENTS:
3193 * CompletionPort (OUT) = Caller supplied storage for the resulting handle
3194 * CompletionKey = Requested access to the key
3195 * IoStatusBlock = Caller provides storage for extended status information
3196 * CompletionStatus = Current status of the io operation.
3197 * WaitTime = Time to wait if ..
3198 * RETURNS: Status
3199 */
3200 NTSTATUS
3201 STDCALL
3202 NtRemoveIoCompletion(
3203 IN HANDLE CompletionPort,
3204 OUT PULONG CompletionKey,
3205 OUT PIO_STATUS_BLOCK IoStatusBlock,
3206 OUT PULONG CompletionStatus,
3207 ULONG WaitTime
3208 );
3209
3210 NTSTATUS
3211 STDCALL
3212 ZwRemoveIoCompletion(
3213 IN HANDLE CompletionPort,
3214 OUT PULONG CompletionKey,
3215 OUT PIO_STATUS_BLOCK IoStatusBlock,
3216 OUT PULONG CompletionStatus,
3217 ULONG WaitTime
3218 );
3219 /*
3220 * FUNCTION: Replaces one registry key with another
3221 * ARGUMENTS:
3222 * ObjectAttributes = Specifies the attributes of the key
3223 * Key = Handle to the key
3224 * ReplacedObjectAttributes = The function returns the old object attributes
3225 * RETURNS: Status
3226 */
3227 NTSTATUS
3228 STDCALL
3229 NtReplaceKey(
3230 IN POBJECT_ATTRIBUTES ObjectAttributes,
3231 IN HANDLE Key,
3232 IN POBJECT_ATTRIBUTES ReplacedObjectAttributes
3233 );
3234 NTSTATUS
3235 STDCALL
3236 ZwReplaceKey(
3237 IN POBJECT_ATTRIBUTES ObjectAttributes,
3238 IN HANDLE Key,
3239 IN POBJECT_ATTRIBUTES ReplacedObjectAttributes
3240 );
3241
3242 /*
3243 * FUNCTION: Resets a event to a non signaled state
3244 * ARGUMENTS:
3245 * EventHandle = Handle to the event that should be reset
3246 * NumberOfWaitingThreads = The number of threads released.
3247 * RETURNS: Status
3248 */
3249 NTSTATUS
3250 STDCALL
3251 NtResetEvent(
3252 HANDLE EventHandle,
3253 PULONG NumberOfWaitingThreads OPTIONAL
3254 );
3255 NTSTATUS
3256 STDCALL
3257 ZwResetEvent(
3258 HANDLE EventHandle,
3259 PULONG NumberOfWaitingThreads OPTIONAL
3260 );
3261 //draft
3262 NTSTATUS
3263 STDCALL
3264 NtRestoreKey(
3265 HANDLE KeyHandle,
3266 HANDLE FileHandle,
3267 ULONG RestoreFlags
3268 );
3269
3270 NTSTATUS
3271 STDCALL
3272 ZwRestoreKey(
3273 HANDLE KeyHandle,
3274 HANDLE FileHandle,
3275 ULONG RestoreFlags
3276 );
3277 /*
3278 * FUNCTION: Decrements a thread's resume count
3279 * ARGUMENTS:
3280 * ThreadHandle = Handle to the thread that should be resumed
3281 * ResumeCount = The resulting resume count.
3282 * REMARK:
3283 * A thread is resumed if its suspend count is 0. This procedure maps to
3284 * the win32 ResumeThread function. ( documentation about the the suspend count can be found here aswell )
3285 * RETURNS: Status
3286 */
3287 NTSTATUS
3288 STDCALL
3289 NtResumeThread(
3290 IN HANDLE ThreadHandle,
3291 IN PULONG SuspendCount
3292 );
3293 NTSTATUS
3294 STDCALL
3295 ZwResumeThread(
3296 IN HANDLE ThreadHandle,
3297 IN PULONG SuspendCount
3298 );
3299 /*
3300 * FUNCTION: Writes the content of a registry key to ascii file
3301 * ARGUMENTS:
3302 * KeyHandle = Handle to the key
3303 * FileHandle = Handle of the file
3304 * REMARKS:
3305 This function maps to the Win32 RegSaveKey.
3306 * RETURNS: Status
3307 */
3308
3309 NTSTATUS
3310 STDCALL
3311 NtSaveKey(
3312 IN HANDLE KeyHandle,
3313 IN HANDLE FileHandle
3314 );
3315 NTSTATUS
3316 STDCALL
3317 ZwSaveKey(
3318 IN HANDLE KeyHandle,
3319 IN HANDLE FileHandle
3320 );
3321 /*
3322 * FUNCTION: Sets the context of a specified thread.
3323 * ARGUMENTS:
3324 * ThreadHandle = Handle to the thread
3325 * Context = The processor context.
3326 * RETURNS: Status
3327 */
3328
3329 NTSTATUS
3330 STDCALL
3331 NtSetContextThread(
3332 IN HANDLE ThreadHandle,
3333 IN PCONTEXT Context
3334 );
3335 NTSTATUS
3336 STDCALL
3337 ZwSetContextThread(
3338 IN HANDLE ThreadHandle,
3339 IN PCONTEXT Context
3340 );
3341 /*
3342 * FUNCTION: Sets the extended attributes of a file.
3343 * ARGUMENTS:
3344 * FileHandle = Handle to the file
3345 * IoStatusBlock = Storage for a resulting status and information
3346 * on the current operation.
3347 * EaBuffer = Extended Attributes buffer.
3348 * EaBufferSize = Size of the extended attributes buffer
3349 * RETURNS: Status
3350 */
3351 NTSTATUS
3352 STDCALL
3353 NtSetEaFile(
3354 IN HANDLE FileHandle,
3355 IN PIO_STATUS_BLOCK IoStatusBlock,
3356 PVOID EaBuffer,
3357 ULONG EaBufferSize
3358 );
3359 NTSTATUS
3360 STDCALL
3361 ZwSetEaFile(
3362 IN HANDLE FileHandle,
3363 IN PIO_STATUS_BLOCK IoStatusBlock,
3364 PVOID EaBuffer,
3365 ULONG EaBufferSize
3366 );
3367
3368 //FIXME: should I return the event state ?
3369
3370 /*
3371 * FUNCTION: Sets the event to a signalled state.
3372 * ARGUMENTS:
3373 * EventHandle = Handle to the event
3374 * NumberOfThreadsReleased = The number of threads released
3375 * REMARK:
3376 * This procedure maps to the win32 SetEvent function.
3377 * RETURNS: Status
3378 */
3379
3380 NTSTATUS
3381 STDCALL
3382 NtSetEvent(
3383 IN HANDLE EventHandle,
3384 PULONG NumberOfThreadsReleased
3385 );
3386
3387 NTSTATUS
3388 STDCALL
3389 ZwSetEvent(
3390 IN HANDLE EventHandle,
3391 PULONG NumberOfThreadsReleased
3392 );
3393
3394 /*
3395 * FUNCTION: Sets the high part of an event pair
3396 * ARGUMENTS:
3397 EventPair = Handle to the event pair
3398 * RETURNS: Status
3399 */
3400
3401 NTSTATUS
3402 STDCALL
3403 NtSetHighEventPair(
3404 IN HANDLE EventPair
3405 );
3406
3407 NTSTATUS
3408 STDCALL
3409 ZwSetHighEventPair(
3410 IN HANDLE EventPair
3411 );
3412 /*
3413 * FUNCTION: Sets the high part of an event pair and wait for the low part
3414 * ARGUMENTS:
3415 EventPair = Handle to the event pair
3416 * RETURNS: Status
3417 */
3418 NTSTATUS
3419 STDCALL
3420 NtSetHighWaitLowEventPair(
3421 IN HANDLE EventPair
3422 );
3423 NTSTATUS
3424 STDCALL
3425 ZwSetHighWaitLowEventPair(
3426 IN HANDLE EventPair
3427 );
3428
3429 /*
3430 * FUNCTION: Sets the information of a file object.
3431 * ARGUMENTS:
3432 * FileHandle = Handle to the file object
3433 * IoStatusBlock = Caller supplies storage for extended information
3434 * on the current operation.
3435 * FileInformation = Storage for the new file information
3436 * Lenght = Size of the new file information.
3437 * FileInformationClass = Indicates to a certain information structure
3438
3439 FileNameInformation FILE_NAME_INFORMATION
3440 FileRenameInformation FILE_RENAME_INFORMATION
3441 FileStreamInformation FILE_STREAM_INFORMATION
3442 * FileCompletionInformation IO_COMPLETION_CONTEXT
3443
3444 * REMARK:
3445 * This procedure maps to the win32 SetEndOfFile, SetFileAttributes,
3446 * SetNamedPipeHandleState, SetMailslotInfo functions.
3447 * RETURNS: Status
3448 */
3449
3450
3451 NTSTATUS
3452 STDCALL
3453 NtSetInformationFile(
3454 IN HANDLE FileHandle,
3455 IN PIO_STATUS_BLOCK IoStatusBlock,
3456 IN PVOID FileInformation,
3457 IN ULONG Length,
3458 IN FILE_INFORMATION_CLASS FileInformationClass
3459 );
3460 NTSTATUS
3461 STDCALL
3462 ZwSetInformationFile(
3463 IN HANDLE FileHandle,
3464 IN PIO_STATUS_BLOCK IoStatusBlock,
3465 IN PVOID FileInformation,
3466 IN ULONG Length,
3467 IN FILE_INFORMATION_CLASS FileInformationClass
3468 );
3469
3470
3471
3472 /*
3473 * FUNCTION: Sets the information of a registry key.
3474 * ARGUMENTS:
3475 * KeyHandle = Handle to the registry key
3476 * KeyInformationClass = Index to the a certain information structure.
3477 Can be one of the following values:
3478
3479 * KeyWriteTimeInformation KEY_WRITE_TIME_INFORMATION
3480
3481 KeyInformation = Storage for the new information
3482 * KeyInformationLength = Size of the information strucure
3483 * RETURNS: Status
3484 */
3485
3486 NTSTATUS
3487 STDCALL
3488 NtSetInformationKey(
3489 IN HANDLE KeyHandle,
3490 IN CINT KeyInformationClass,
3491 IN PVOID KeyInformation,
3492 IN ULONG KeyInformationLength
3493 );
3494
3495 NTSTATUS
3496 STDCALL
3497 ZwSetInformationKey(
3498 IN HANDLE KeyHandle,
3499 IN CINT KeyInformationClass,
3500 IN PVOID KeyInformation,
3501 IN ULONG KeyInformationLength
3502 );
3503 /*
3504 * FUNCTION: Changes a set of object specific parameters
3505 * ARGUMENTS:
3506 * ObjectHandle =
3507 * ObjectInformationClass = Index to the set of parameters to change.
3508
3509
3510 ObjectBasicInformation
3511 ObjectTypeInformation OBJECT_TYPE_INFORMATION
3512 ObjectAllInformation
3513 ObjectDataInformation OBJECT_DATA_INFORMATION
3514 ObjectNameInformation OBJECT_NAME_INFORMATION
3515
3516
3517 * ObjectInformation = Caller supplies storage for parameters to set.
3518 * Length = Size of the storage supplied
3519 * RETURNS: Status
3520 */
3521 NTSTATUS
3522 STDCALL
3523 NtSetInformationObject(
3524 IN HANDLE ObjectHandle,
3525 IN CINT ObjectInformationClass,
3526 IN PVOID ObjectInformation,
3527 IN ULONG Length
3528 );
3529
3530 NTSTATUS
3531 STDCALL
3532 ZwSetInformationObject(
3533 IN HANDLE ObjectHandle,
3534 IN CINT ObjectInformationClass,
3535 IN PVOID ObjectInformation,
3536 IN ULONG Length
3537 );
3538
3539 /*
3540 * FUNCTION: Changes a set of process specific parameters
3541 * ARGUMENTS:
3542 * ProcessHandle = Handle to the process
3543 * ProcessInformationClass = Index to a information structure.
3544 *
3545 * ProcessBasicInformation PROCESS_BASIC_INFORMATION
3546 * ProcessQuotaLimits QUOTA_LIMITS
3547 * ProcessBasePriority KPRIORITY
3548 * ProcessRaisePriority KPRIORITY
3549 * ProcessDebugPort HANDLE
3550 * ProcessExceptionPort HANDLE
3551 * ProcessAccessToken PROCESS_ACCESS_TOKEN
3552 * ProcessDefaultHardErrorMode ULONG
3553 * ProcessPriorityClass ULONG
3554 * ProcessAffinityMask KAFFINITY //??
3555 *
3556 * ProcessInformation = Caller supplies storage for information to set.
3557 * ProcessInformationLength = Size of the information structure
3558 * RETURNS: Status
3559 */
3560 NTSTATUS
3561 STDCALL
3562 NtSetInformationProcess(
3563 IN HANDLE ProcessHandle,
3564 IN CINT ProcessInformationClass,
3565 IN PVOID ProcessInformation,
3566 IN ULONG ProcessInformationLength
3567 );
3568 NTSTATUS
3569 STDCALL
3570 ZwSetInformationProcess(
3571 IN HANDLE ProcessHandle,
3572 IN CINT ProcessInformationClass,
3573 IN PVOID ProcessInformation,
3574 IN ULONG ProcessInformationLength
3575 );
3576 /*
3577 * FUNCTION: Changes a set of thread specific parameters
3578 * ARGUMENTS:
3579 * ThreadHandle = Handle to the thread
3580 * ThreadInformationClass = Index to the set of parameters to change.
3581 * Can be one of the following values:
3582 *
3583 * ThreadBasicInformation THREAD_BASIC_INFORMATION
3584 * ThreadPriority KPRIORITY //???
3585 * ThreadBasePriority KPRIORITY
3586 * ThreadAffinityMask KAFFINITY //??
3587 * ThreadImpersonationToken ACCESS_TOKEN
3588 * ThreadIdealProcessor ULONG
3589 * ThreadPriorityBoost ULONG
3590 *
3591 * ThreadInformation = Caller supplies storage for parameters to set.
3592 * ThreadInformationLength = Size of the storage supplied
3593 * RETURNS: Status
3594 */
3595 NTSTATUS
3596 STDCALL
3597 NtSetInformationThread(
3598 IN HANDLE ThreadHandle,
3599 IN THREADINFOCLASS ThreadInformationClass,
3600 IN PVOID ThreadInformation,
3601 IN ULONG ThreadInformationLength
3602 );
3603 NTSTATUS
3604 STDCALL
3605 ZwSetInformationThread(
3606 IN HANDLE ThreadHandle,
3607 IN THREADINFOCLASS ThreadInformationClass,
3608 IN PVOID ThreadInformation,
3609 IN ULONG ThreadInformationLength
3610 );
3611
3612 //FIXME: Are the arguments correct
3613 // Might be a ordinary set function
3614 /*
3615 * FUNCTION: Sets an io completion
3616 * ARGUMENTS:
3617 * CompletionPort =
3618 * CompletionKey =
3619 * IoStatusBlock =
3620 * NumberOfBytesToTransfer =
3621 * NumberOfBytesTransferred =
3622 * RETURNS: Status
3623 */
3624 NTSTATUS
3625 STDCALL
3626 NtSetIoCompletion(
3627 IN HANDLE CompletionPort,
3628 IN ULONG CompletionKey,
3629 OUT PIO_STATUS_BLOCK IoStatusBlock,
3630 IN ULONG NumberOfBytesToTransfer,
3631 OUT PULONG NumberOfBytesTransferred
3632 );
3633 NTSTATUS
3634 STDCALL
3635 ZwSetIoCompletion(
3636 IN HANDLE CompletionPort,
3637 IN ULONG CompletionKey,
3638 OUT PIO_STATUS_BLOCK IoStatusBlock,
3639 IN ULONG NumberOfBytesToTransfer,
3640 OUT PULONG NumberOfBytesTransferred
3641 );
3642 //FIXME: Should I have more parameters ?
3643 /*
3644 * FUNCTION: Initializes the Local Descriptor Table
3645 * ARGUMENTS:
3646 ProcessHandle =
3647 LdtEntry =
3648 * RETURNS: Status
3649 */
3650 //NTSTATUS
3651 //STDCALL
3652 //NtSetLdtEntries(
3653 // HANDLE ProcessHandle,
3654 // PVOID LdtEntry // LDT_ENTR
3655 // );
3656
3657 /*
3658 * FUNCTION: Sets the low part of an event pair
3659 * ARGUMENTS:
3660 EventPair = Handle to the event pair
3661 * RETURNS: Status
3662 */
3663
3664 NTSTATUS
3665 STDCALL
3666 NtSetLowEventPair(
3667 HANDLE EventPair
3668 );
3669 NTSTATUS
3670 STDCALL
3671 ZwSetLowEventPair(
3672 HANDLE EventPair
3673 );
3674 /*
3675 * FUNCTION: Sets the low part of an event pair and wait for the high part
3676 * ARGUMENTS:
3677 EventPair = Handle to the event pair
3678 * RETURNS: Status
3679 */
3680 NTSTATUS
3681 STDCALL
3682 NtSetLowWaitHighEventPair(
3683 HANDLE EventPair
3684 );
3685 NTSTATUS
3686 STDCALL
3687 ZwSetLowWaitHighEventPair(
3688 HANDLE EventPair
3689 );
3690
3691 //FIXME: Should Value be a void pointer or a pointer to a unicode string ?
3692 /*
3693 * FUNCTION: Sets a system environment variable
3694 * ARGUMENTS:
3695 * ValueName = Name of the environment variable
3696 * Value = Value of the environment variable
3697 * RETURNS: Status
3698 */
3699 NTSTATUS
3700 STDCALL
3701 NtSetSystemEnvironmentValue(
3702 IN PUNICODE_STRING VariableName,
3703 IN PUNICODE_STRING Value
3704 );
3705 NTSTATUS
3706 STDCALL
3707 ZwSetSystemEnvironmentValue(
3708 IN PUNICODE_STRING VariableName,
3709 IN PUNICODE_STRING Value
3710 );
3711 /*
3712 * FUNCTION: Sets system parameters
3713 * ARGUMENTS:
3714 * SystemInformationClass = Index to a particular set of system parameters
3715 * Can be one of the following values:
3716 *
3717 * SystemTimeAdjustmentInformation SYSTEM_TIME_ADJUSTMENT
3718 *
3719 * SystemInformation = Structure containing the parameters.
3720 * SystemInformationLength = Size of the structure.
3721 * RETURNS: Status
3722 */
3723 NTSTATUS
3724 STDCALL
3725 NtSetSystemInformation(
3726 IN CINT SystemInformationClass,
3727 IN PVOID SystemInformation,
3728 IN ULONG SystemInformationLength
3729 );
3730
3731 NTSTATUS
3732 STDCALL
3733 ZwSetSystemInformation(
3734 IN CINT SystemInformationClass,
3735 IN PVOID SystemInformation,
3736 IN ULONG SystemInformationLength
3737 );
3738
3739 /*
3740 * FUNCTION: Sets the system time
3741 * ARGUMENTS:
3742 * SystemTime = Old System time
3743 * NewSystemTime = New System time
3744 * RETURNS: Status
3745 */
3746 NTSTATUS
3747 STDCALL
3748 NtSetSystemTime(
3749 IN PLARGE_INTEGER SystemTime,
3750 IN PLARGE_INTEGER NewSystemTime OPTIONAL
3751 );
3752 NTSTATUS
3753 STDCALL
3754 ZwSetSystemTime(
3755 IN PLARGE_INTEGER SystemTime,
3756 IN PLARGE_INTEGER NewSystemTime OPTIONAL
3757 );
3758 /*
3759 * FUNCTION: Sets the characteristics of a timer
3760 * ARGUMENTS:
3761 * TimerHandle = Handle to the timer
3762 * DueTime = Time before the timer becomes signalled for the first time.
3763 * TimerApcRoutine = Completion routine can be called on time completion
3764 * TimerContext = Argument to the completion routine
3765 * Resume = Specifies if the timer should repeated after completing one cycle
3766 * Period = Cycle of the timer
3767 * REMARKS: This routine maps to the win32 SetWaitableTimer.
3768 * RETURNS: Status
3769 */
3770 NTSTATUS
3771 STDCALL
3772 NtSetTimer(
3773 IN HANDLE TimerHandle,
3774 IN PLARGE_INTEGER DueTime,
3775 IN PTIMERAPCROUTINE TimerApcRoutine,
3776 IN PVOID TimerContext,
3777 IN BOOL WakeTimer,
3778 IN ULONG Period OPTIONAL,
3779 OUT PBOOLEAN PreviousState OPTIONAL
3780 );
3781 NTSTATUS
3782 STDCALL
3783 ZwSetTimer(
3784 IN HANDLE TimerHandle,
3785 IN PLARGE_INTEGER DueTime,
3786 IN PTIMERAPCROUTINE TimerApcRoutine,
3787 IN PVOID TimerContext,
3788 IN BOOL WakeTimer,
3789 IN ULONG Period OPTIONAL,
3790 OUT PBOOLEAN PreviousState OPTIONAL
3791 );
3792 /*
3793 * FUNCTION: Sets the frequency of the system timer
3794 * ARGUMENTS:
3795 * RequestedResolution =
3796 * SetOrUnset =
3797 * ActualResolution =
3798 * RETURNS: Status
3799 */
3800 NTSTATUS
3801 STDCALL
3802 NtSetTimerResolution(
3803 IN ULONG RequestedResolution,
3804 IN BOOL SetOrUnset,
3805 OUT PULONG ActualResolution
3806 );
3807 NTSTATUS
3808 STDCALL
3809 ZwSetTimerResolution(
3810 IN ULONG RequestedResolution,
3811 IN BOOL SetOrUnset,
3812 OUT PULONG ActualResolution
3813 );
3814 /*
3815 * FUNCTION: Sets the value of a registry key
3816 * ARGUMENTS:
3817 * KeyHandle = Handle to a registry key
3818 * ValueName = Name of the value entry to change
3819 * TitleIndex = pointer to a structure containing the new volume information
3820 * Type = Type of the registry key. Can be one of the values:
3821 * REG_BINARY Unspecified binary data
3822 * REG_DWORD A 32 bit value
3823 * REG_DWORD_LITTLE_ENDIAN Same as REG_DWORD
3824 * REG_DWORD_BIG_ENDIAN A 32 bit value whose least significant byte is at the highest address
3825 * REG_EXPAND_SZ A zero terminated wide character string with unexpanded environment variables ( "%PATH%" )
3826 * REG_LINK A zero terminated wide character string referring to a symbolic link.
3827 * REG_MULTI_SZ A series of zero-terminated strings including a additional trailing zero
3828 * REG_NONE Unspecified type
3829 * REG_SZ A wide character string ( zero terminated )
3830 * REG_RESOURCE_LIST ??
3831 * REG_RESOURCE_REQUIREMENTS_LIST ??
3832 * REG_FULL_RESOURCE_DESCRIPTOR ??
3833 * Data = Contains the data for the registry key.
3834 * DataSize = size of the data.
3835 * RETURNS: Status
3836 */
3837 NTSTATUS
3838 STDCALL
3839 NtSetValueKey(
3840 IN HANDLE KeyHandle,
3841 IN PUNICODE_STRING ValueName,
3842 IN ULONG TitleIndex OPTIONAL,
3843 IN ULONG Type,
3844 IN PVOID Data,
3845 IN ULONG DataSize
3846 );
3847 NTSTATUS
3848 STDCALL
3849 ZwSetValueKey(
3850 IN HANDLE KeyHandle,
3851 IN PUNICODE_STRING ValueName,
3852 IN ULONG TitleIndex OPTIONAL,
3853 IN ULONG Type,
3854 IN PVOID Data,
3855 IN ULONG DataSize
3856 );
3857 /*
3858 * FUNCTION: Sets the volume information of a file.
3859 * ARGUMENTS:
3860 * FileHandle = Handle to the file
3861 * VolumeInformationClass = specifies the particular volume information to set
3862 * VolumeInformation = pointer to a structure containing the new volume information
3863 * Length = size of the structure.
3864 * RETURNS: Status
3865 */
3866 NTSTATUS
3867 STDCALL
3868 NtSetVolumeInformationFile(
3869 IN HANDLE FileHandle,
3870 IN CINT VolumeInformationClass,
3871 PVOID VolumeInformation,
3872 ULONG Length
3873 );
3874
3875 NTSTATUS
3876 STDCALL
3877 ZwSetVolumeInformationFile(
3878 IN HANDLE FileHandle,
3879 IN CINT VolumeInformationClass,
3880 PVOID VolumeInformation,
3881 ULONG Length
3882 );
3883 /*
3884 * FUNCTION: Shuts the system down
3885 * ARGUMENTS:
3886 * Action: Specifies the type of shutdown, it can be one of the following values:
3887 ShutdownNoReboot, ShutdownReboot, ShutdownPowerOff
3888 * RETURNS: Status
3889 */
3890 NTSTATUS
3891 STDCALL
3892 NtShutdownSystem(
3893 IN SHUTDOWN_ACTION Action
3894 );
3895
3896 NTSTATUS
3897 STDCALL
3898 ZwShutdownSystem(
3899 IN SHUTDOWN_ACTION Action
3900 );
3901 /*
3902 * FUNCTION: Signals an event and wait for it to be signaled again.
3903 * ARGUMENTS:
3904 * EventHandle = Handle to the event that should be signaled
3905 * Alertable = True if the wait is alertable
3906 * Time = The time to wait
3907 * NumberOfWaitingThreads = Number of waiting threads
3908 * RETURNS: Status
3909 */
3910
3911 NTSTATUS
3912 STDCALL
3913 NtSignalAndWaitForSingleObject(
3914 IN HANDLE EventHandle,
3915 IN BOOLEAN Alertable,
3916 IN PLARGE_INTEGER Time,
3917 PULONG NumberOfWaitingThreads OPTIONAL
3918 );
3919
3920 NTSTATUS
3921 STDCALL
3922 ZwSignalAndWaitForSingleObject(
3923 IN HANDLE EventHandle,
3924 IN BOOLEAN Alertable,
3925 IN PLARGE_INTEGER Time,
3926 PULONG NumberOfWaitingThreads OPTIONAL
3927 );
3928 /*
3929 * FUNCTION: Increments a thread's resume count
3930 * ARGUMENTS:
3931 * ThreadHandle = Handle to the thread that should be resumed
3932 * PreviousSuspendCount = The resulting/previous suspend count.
3933 * REMARK:
3934 * A thread will be suspended if its suspend count is greater than 0. This procedure maps to
3935 * the win32 SuspendThread function. ( documentation about the the suspend count can be found here aswell )
3936 * The suspend count is not increased if it is greater than MAXIMUM_SUSPEND_COUNT.
3937 * RETURNS: Status
3938 */
3939 NTSTATUS
3940 STDCALL
3941 NtSuspendThread(
3942 IN HANDLE ThreadHandle,
3943 IN PULONG PreviousSuspendCount
3944 );
3945 NTSTATUS
3946 STDCALL
3947 ZwSuspendThread(
3948 IN HANDLE ThreadHandle,
3949 IN PULONG PreviousSuspendCount
3950 );
3951
3952 //--NtSystemDebugControl
3953 /*
3954 * FUNCTION: Terminates the execution of a process.
3955 * ARGUMENTS:
3956 * ThreadHandle = Handle to the process
3957 * ExitStatus = The exit status of the process to terminate with.
3958 * REMARKS
3959 Native applications should kill themselves using this function.
3960 * RETURNS: Status
3961 */
3962 NTSTATUS
3963 STDCALL
3964 NtTerminateProcess(
3965 IN HANDLE ProcessHandle ,
3966 IN NTSTATUS ExitStatus
3967 );
3968 NTSTATUS