2 * COPYRIGHT: See COPYING in the top level directory
3 * PROJECT: ReactOS kernel
4 * PURPOSE: System call definitions
5 * FILE: include/ddk/zw.h
7 * ??/??/??: First few functions (David Welch)
8 * ??/??/??: Complete implementation by Boudewijn Dekker
9 * 13/07/98: Reorganised things a bit (David Welch)
10 * 04/08/98: Added some documentation (Boudewijn Dekker)
11 * 14/08/98: Added type TIME and change variable type from [1] to [0]
19 typedef struct _OBJDIR_INFORMATION
{
20 UNICODE_STRING ObjectName
;
21 UNICODE_STRING ObjectTypeName
; // Directory, Device ...
23 } OBJDIR_INFORMATION
, *POBJDIR_INFORMATION
;
27 * FUNCTION: Closes an object handle
29 * Handle = Handle to the object
32 NTSTATUS
ZwClose(HANDLE Handle
);
35 * FUNCTION: Creates or opens a directory object, which is a container for
38 * DirectoryHandle (OUT) = Points to a variable which stores the
39 * handle for the directory on success
40 * DesiredAccess = Type of access the caller requires to the directory
41 * ObjectAttributes = Structures specifing the object attributes,
42 * initialized with InitializeObjectAttributes
45 NTSTATUS
ZwCreateDirectoryObject(PHANDLE DirectoryHandle
,
46 ACCESS_MASK DesiredAccess
,
47 POBJECT_ATTRIBUTES ObjectAttributes
);
50 * FUNCTION: Creates or opens a registry key
52 * KeyHandle (OUT) = Points to a variable which stores the handle
53 * for the key on success
54 * DesiredAccess = Access desired by the caller to the key
55 * ObjectAttributes = Initialized object attributes for the key
56 * TitleIndex = Who knows?
57 * Class = Object class of the key?
58 * CreateOptions = Options for the key creation
59 * Disposition (OUT) = Points to a variable which a status value
60 * indicating whether a new key was created
63 NTSTATUS
ZwCreateKey(PHANDLE KeyHandle
, ACCESS_MASK DesiredAccess
,
64 POBJECT_ATTRIBUTES ObjectAttributes
,
65 ULONG TitleIndex
, PUNICODE_STRING Class
,
66 ULONG CreateOptions
, PULONG Disposition
);
69 * FUNCTION: Deletes a registry key
71 * KeyHandle = Handle of the key
74 NTSTATUS
ZwDeleteKey(HANDLE KeyHandle
);
77 * FUNCTION: Returns information about the subkeys of an open key
79 * KeyHandle = Handle of the key whose subkeys are to enumerated
80 * Index = zero based index of the subkey for which information is
82 * KeyInformationClass = Type of information returned
83 * KeyInformation (OUT) = Caller allocated buffer for the information
85 * Length = Length in bytes of the KeyInformation buffer
86 * ResultLength (OUT) = Caller allocated storage which holds
87 * the number of bytes of information retrieved
91 NTSTATUS
ZwEnumerateKey(HANDLE KeyHandle
, ULONG Index
,
92 KEY_INFORMATION_CLASS KeyInformationClass
,
93 PVOID KeyInformation
, ULONG Length
,
97 * FUNCTION: Returns information about the value entries of an open key
99 * KeyHandle = Handle of the key whose value entries are to enumerated
100 * Index = zero based index of the subkey for which information is
102 * KeyInformationClass = Type of information returned
103 * KeyInformation (OUT) = Caller allocated buffer for the information
105 * Length = Length in bytes of the KeyInformation buffer
106 * ResultLength (OUT) = Caller allocated storage which holds
107 * the number of bytes of information retrieved
111 NTSTATUS
ZwEnumerateValueKey(HANDLE KeyHandle
, ULONG Index
,
112 KEY_VALUE_INFORMATION_CLASS KeyInformationClass
,
113 PVOID KeyInformation
, ULONG Length
,
114 PULONG ResultLength
);
118 * FUNCTION: Forces a registry key to be committed to disk
120 * KeyHandle = Handle of the key to be written to disk
123 NTSTATUS
ZwFlushKey(HANDLE KeyHandle
);
126 * FUNCTION: Changes the attributes of an object to temporary
128 * Handle = Handle for the object
131 NTSTATUS
ZwMakeTemporaryObject(HANDLE Handle
);
134 * FUNCTION: Maps a view of a section into the virtual address space of a
137 * SectionHandle = Handle of the section
138 * ProcessHandle = Handle of the process
139 * BaseAddress = Desired base address (or NULL) on entry
140 * Actual base address of the view on exit
141 * ZeroBits = Number of high order address bits that must be zero
142 * CommitSize = Size in bytes of the initially committed section of
144 * SectionOffset = Offset in bytes from the beginning of the section
145 * to the beginning of the view
146 * ViewSize = Desired length of map (or zero to map all) on entry
147 * Actual length mapped on exit
148 * InheritDisposition = Specified how the view is to be shared with
150 * AllocateType = Type of allocation for the pages
151 * Protect = Protection for the committed region of the view
154 NTSTATUS
ZwMapViewOfSection(HANDLE SectionHandle
,
155 HANDLE ProcessHandle
,
159 PLARGE_INTEGER SectionOffset
,
161 SECTION_INHERIT InheritDisposition
,
162 ULONG AllocationType
,
166 * FUNCTION: Opens an existing key in the registry
168 * KeyHandle (OUT) = Caller supplied storage for the resulting handle
169 * DesiredAccess = Requested access to the key
170 * ObjectAttribute = Initialized attributes for the object
173 NTSTATUS
ZwOpenKey(PHANDLE KeyHandle
, ACCESS_MASK DesiredAccess
,
174 POBJECT_ATTRIBUTES ObjectAttributes
);
177 * FUNCTION: Opens an existing section object
179 * KeyHandle (OUT) = Caller supplied storage for the resulting handle
180 * DesiredAccess = Requested access to the key
181 * ObjectAttribute = Initialized attributes for the object
184 NTSTATUS
ZwOpenSection(PHANDLE KeyHandle
, ACCESS_MASK DesiredAccess
,
185 POBJECT_ATTRIBUTES ObjectAttributes
);
187 NTSTATUS
ZwQueryDirectoryObject(IN HANDLE DirObjHandle
,
188 OUT POBJDIR_INFORMATION DirObjInformation
,
189 IN ULONG BufferLength
,
190 IN BOOLEAN GetNextIndex
,
191 IN BOOLEAN IgnoreInputIndex
,
192 IN OUT PULONG ObjectIndex
,
193 OUT PULONG DataWritten OPTIONAL
);
196 * FUNCTION: Returns information about an open file
198 * FileHandle = Handle of the file to be queried
199 * IoStatusBlock (OUT) = Caller supplied storage for the result
200 * FileInformation (OUT) = Caller supplied storage for the file
202 * Length = Length in bytes of the buffer for file information
203 * FileInformationClass = Type of information to be returned
206 NTSTATUS
ZwQueryInformationFile(HANDLE FileHandle
,
207 PIO_STATUS_BLOCK IoStatusBlock
,
208 PVOID FileInformation
,
210 FILE_INFORMATION_CLASS FileInformationClass
);
214 NTSTATUS
ZwReadFile(HANDLE FileHandle
,
216 PIO_APC_ROUTINE ApcRoutine
,
218 PIO_STATUS_BLOCK IoStatusBlock
,
221 PLARGE_INTEGER ByteOffset
,
228 #define NtCurrentProcess() ( (HANDLE) 0xFFFFFFFF )
229 #define NtCurrentThread() ( (HANDLE) 0xFFFFFFFE )
235 #define EVENT_READ_ACCESS 1
236 #define EVENT_WRITE_ACCESS 2
239 // file creation flags
241 #define FILE_DIRECTORY_FILE 0x00000001
242 #define FILE_WRITE_THROUGH 0x00000002
243 #define FILE_SEQUENTIAL_ONLY 0x00000004
244 #define FILE_NO_INTERMEDIATE_BUFFERING 0x00000008
246 #define FILE_SYNCHRONOUS_IO_ALERT 0x00000010
247 #define FILE_SYNCHRONOUS_IO_NONALERT 0x00000020
248 #define FILE_NON_DIRECTORY_FILE 0x00000040
249 #define FILE_CREATE_TREE_CONNECTION 0x00000080
251 #define FILE_COMPLETE_IF_OPLOCKED 0x00000100
252 #define FILE_NO_EA_KNOWLEDGE 0x00000200
254 #define FILE_RANDOM_ACCESS 0x00000800
256 #define FILE_DELETE_ON_CLOSE 0x00001000
257 #define FILE_OPEN_BY_FILE_ID 0x00002000
258 #define FILE_OPEN_FOR_BACKUP_INTENT 0x00004000
259 #define FILE_NO_COMPRESSION 0x00008000
261 #define FILE_RESERVE_OPFILTER 0x00100000
262 #define FILE_TRANSACTED_MODE 0x00200000
263 #define FILE_OPEN_OFFLINE_FILE 0x00400000
265 #define FILE_VALID_OPTION_FLAGS 0x007fffff
266 #define FILE_VALID_PIPE_OPTION_FLAGS 0x00000032
267 #define FILE_VALID_MAILSLOT_OPTION_FLAGS 0x00000032
268 #define FILE_VALID_SET_FLAGS 0x00001036
271 // file disposition values
274 #define FILE_SUPERSEDE 0x0000
275 #define FILE_OPEN 0x0001
276 #define FILE_CREATE 0x0002
277 #define FILE_OPEN_IF 0x0003
278 #define FILE_OVERWRITE 0x0004
279 #define FILE_OVERWRITE_IF 0x0005
280 #define FILE_MAXIMUM_DISPOSITION 0x0005
285 //process query / set information class
287 #define ProcessBasicInformation 0
288 #define ProcessQuotaLimits 1
289 #define ProcessIoCounters 2
290 #define ProcessVmCounters 3
291 #define ProcessTimes 4
292 #define ProcessBasePriority 5
293 #define ProcessRaisePriority 6
294 #define ProcessDebugPort 7
295 #define ProcessExceptionPort 8
296 #define ProcessAccessToken 9
297 #define ProcessLdtInformation 10
298 #define ProcessLdtSize 11
299 #define ProcessDefaultHardErrorMode 12
300 #define ProcessIoPortHandlers 13
301 #define ProcessPooledUsageAndLimits 14
302 #define ProcessWorkingSetWatch 15
303 #define ProcessUserModeIOPL 16
304 #define ProcessEnableAlignmentFaultFixup 17
305 #define ProcessPriorityClass 18
306 #define ProcessWx86Information 19
307 #define ProcessHandleCount 20
308 #define ProcessAffinityMask 21
309 #define MaxProcessInfoClass 22
311 // thread query / set information class
312 #define ThreadBasicInformation 0
313 #define ThreadTimes 1
314 #define ThreadPriority 2
315 #define ThreadBasePriority 3
316 #define ThreadAffinityMask 4
317 #define ThreadImpersonationToken 5
318 #define ThreadDescriptorTableEntry 6
319 #define ThreadEnableAlignmentFaultFixup 7
320 #define ThreadEventPair 8
321 #define ThreadQuerySetWin32StartAddress 9
322 #define ThreadZeroTlsCell 10
323 #define ThreadPerformanceCount 11
324 #define ThreadAmILastThread 12
325 #define ThreadIdealProcessor 13
326 #define ThreadPriorityBoost 14
327 #define MaxThreadInfoClass 15
331 // key query information class
333 #define KeyBasicInformation 0
334 #define KeyNodeInformation 1
335 #define KeyFullInformation 2
338 // key set information class
340 #define KeyWriteTimeInformation 0
342 // key value information class
344 #define KeyValueBasicInformation 0
345 #define KeyValueFullInformation 1
346 #define KeyValuePartialInformation 2
348 // object handle information
350 #define ObjectBasicInformation 0
351 #define ObjectNameInformation 1
352 #define ObjectTypeInformation 2
353 #define ObjectAllInformation 3
354 #define ObjectDataInformation 4
356 // semaphore information
358 #define SemaphoreBasicInformation 0
362 #define EventBasicInformation 0
365 // system information
367 #define SystemPerformanceInformation 5
368 #define SystemCacheInformation 21
369 #define SystemTimeAdjustmentInformation 28
375 #define FileDirectoryInformation 1
376 #define FileFullDirectoryInformation 2
377 #define FileBothDirectoryInformation 3
378 #define FileBasicInformation 4
379 #define FileStandardInformation 5
380 #define FileInternalInformation 6
381 #define FileEaInformation 7
382 #define FileAccessInformation 8
383 #define FileNameInformation 9
384 #define FileRenameInformation 10
385 #define FileLinkInformation 11
386 #define FileNamesInformation 12
387 #define FileDispositionInformation 13
388 #define FilePositionInformation 14
389 #define FileFullEaInformation 15
390 #define FileModeInformation 16
391 #define FileAlignmentInformation 17
392 #define FileAllInformation 18
393 #define FileAllocationInformation 19
394 #define FileEndOfFileInformation 20
395 #define FileAlternateNameInformation 21
396 #define FileStreamInformation 22
397 #define FilePipeInformation 23
398 #define FilePipeLocalInformation 24
399 #define FilePipeRemoteInformation 25
400 #define FileMailslotQueryInformation 26
401 #define FileMailslotSetInformation 27
402 #define FileCompressionInformation 28
403 #define FileCopyOnWriteInformation 29
404 #define FileCompletionInformation 30
405 #define FileMoveClusterInformation 31
406 #define FileOleClassIdInformation 32
407 #define FileOleStateBitsInformation 33
408 #define FileNetworkOpenInformation 34
409 #define FileObjectIdInformation 35
410 #define FileOleAllInformation 36
411 #define FileOleDirectoryInformation 37
412 #define FileContentIndexInformation 38
413 #define FileInheritContentIndexInformation 39
414 #define FileOleInformation 40
415 #define FileMaximumInformation 41
419 //file system information class values
423 #define FileFsVolumeInformation 1
424 #define FileFsLabelInformation 2
425 #define FileFsSizeInformation 3
426 #define FileFsDeviceInformation 4
427 #define FileFsAttributeInformation 5
428 #define FileFsControlInformation 6
429 #define FileFsQuotaQueryInformation 7
430 #define FileFsQuotaSetInformation 8
431 #define FileFsMaximumInformation 9
436 typedef enum SHUTDOWN_ACTION_TAG
{
452 #define REG_WHOLE_HIVE_VOLATILE 1
453 #define REG_REFRESH_HIVE 2
456 // object type access rights
458 #define OBJECT_TYPE_CREATE 0x0001
459 #define OBJECT_TYPE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0x1)
462 // directory access rights
464 #define DIRECTORY_QUERY 0x0001
465 #define DIRECTORY_TRAVERSE 0x0002
466 #define DIRECTORY_CREATE_OBJECT 0x0004
467 #define DIRECTORY_CREATE_SUBDIRECTORY 0x0008
469 #define DIRECTORY_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0xF)
471 // symbolic link access rights
473 #define SYMBOLIC_LINK_QUERY 0x0001
474 #define SYMBOLIC_LINK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0x1)
476 typedef struct _PROCESS_WS_WATCH_INFORMATION
480 } PROCESS_WS_WATCH_INFORMATION
, *PPROCESS_WS_WATCH_INFORMATION
;
482 typedef struct _PROCESS_BASIC_INFORMATION
485 PNT_PEB PebBaseAddress
;
486 KAFFINITY AffinityMask
;
487 KPRIORITY BasePriority
;
488 ULONG UniqueProcessId
;
489 ULONG InheritedFromUniqueProcessId
;
490 } PROCESS_BASIC_INFORMATION
, *PPROCESS_BASIC_INFORMATION
;
492 typedef struct _QUOTA_LIMITS
494 ULONG PagedPoolLimit
;
495 ULONG NonPagedPoolLimit
;
496 ULONG MinimumWorkingSetSize
;
497 ULONG MaximumWorkingSetSize
;
500 } QUOTA_LIMITS
, *PQUOTA_LIMITS
;
502 typedef struct _IO_COUNTERS
504 ULONG ReadOperationCount
;
505 ULONG WriteOperationCount
;
506 ULONG OtherOperationCount
;
507 LARGE_INTEGER ReadTransferCount
;
508 LARGE_INTEGER WriteTransferCount
;
509 LARGE_INTEGER OtherTransferCount
;
510 } IO_COUNTERS
, *PIO_COUNTERS
;
513 typedef struct _VM_COUNTERS_
515 ULONG PeakVirtualSize
;
517 ULONG PageFaultCount
;
518 ULONG PeakWorkingSetSize
;
519 ULONG WorkingSetSize
;
520 ULONG QuotaPeakPagedPoolUsage
;
521 ULONG QuotaPagedPoolUsage
;
522 ULONG QuotaPeakNonPagedPoolUsage
;
523 ULONG QuotaNonPagedPoolUsage
;
525 ULONG PeakPagefileUsage
;
526 } VM_COUNTERS
, *PVM_COUNTERS
;
529 typedef struct _POOLED_USAGE_AND_LIMITS_
531 ULONG PeakPagedPoolUsage
;
532 ULONG PagedPoolUsage
;
533 ULONG PagedPoolLimit
;
534 ULONG PeakNonPagedPoolUsage
;
535 ULONG NonPagedPoolUsage
;
536 ULONG NonPagedPoolLimit
;
537 ULONG PeakPagefileUsage
;
540 } POOLED_USAGE_AND_LIMITS
, *PPOOLED_USAGE_AND_LIMITS
;
543 typedef struct _PROCESS_ACCESS_TOKEN
547 } PROCESS_ACCESS_TOKEN
, *PPROCESS_ACCESS_TOKEN
;
549 typedef struct _KERNEL_USER_TIMES
556 typedef KERNEL_USER_TIMES
*PKERNEL_USER_TIMES
;
558 // thread information
560 // incompatible with MS NT
562 typedef struct _THREAD_BASIC_INFORMATION
565 PVOID TebBaseAddress
;
566 KAFFINITY AffinityMask
;
567 KPRIORITY BasePriority
;
568 ULONG UniqueThreadId
;
569 } THREAD_BASIC_INFORMATION
, *PTHREAD_BASIC_INFORMATION
;
571 // object information
573 typedef struct _OBJECT_NAME_INFORMATION
576 } OBJECT_NAME_INFORMATION
, *POBJECT_NAME_INFORMATION
;
580 typedef struct _OBJECT_DATA_INFORMATION
583 BOOL bProtectFromClose
;
584 } OBJECT_DATA_INFORMATION
, *POBJECT_DATA_INFORMATION
;
587 typedef struct _OBJECT_TYPE_INFORMATION
592 ULONG ReferenceCount
;
593 } OBJECT_TYPE_INFORMATION
, *POBJECT_TYPE_INFORMATION
;
595 // system information
597 typedef struct _SYSTEM_TIME_ADJUSTMENT
599 ULONG TimeAdjustment
;
600 BOOL TimeAdjustmentDisabled
;
601 } SYSTEM_TIME_ADJUSTMENT
, *PSYSTEM_TIME_ADJUSTMENT
;
603 typedef struct _SYSTEM_CONFIGURATION_INFO
{
607 WORD ProcessorArchitecture
;
612 PVOID MinimumApplicationAddress
;
613 PVOID MaximumApplicationAddress
;
614 ULONG ActiveProcessorMask
;
615 ULONG NumberOfProcessors
;
617 ULONG AllocationGranularity
;
619 WORD ProcessorRevision
;
620 } SYSTEM_CONFIGURATION_INFO
, *PSYSTEM_CONFIGURATION_INFO
;
623 typedef struct _SYSTEM_CACHE_INFORMATION
{
626 ULONG PageFaultCount
;
627 ULONG MinimumWorkingSet
;
628 ULONG MaximumWorkingSet
;
630 } SYSTEM_CACHE_INFORMATION
;
636 typedef struct _FILE_BASIC_INFORMATION
642 ULONG FileAttributes
;
643 } FILE_BASIC_INFORMATION
, *PFILE_BASIC_INFORMATION
;
645 typedef struct _FILE_STANDARD_INFORMATION
647 LARGE_INTEGER AllocationSize
;
648 LARGE_INTEGER EndOfFile
;
650 BOOLEAN DeletePending
;
652 } FILE_STANDARD_INFORMATION
, *PFILE_STANDARD_INFORMATION
;
654 typedef struct _FILE_POSITION_INFORMATION
656 LARGE_INTEGER CurrentByteOffset
;
657 } FILE_POSITION_INFORMATION
, *PFILE_POSITION_INFORMATION
;
659 typedef struct _FILE_ALIGNMENT_INFORMATION
661 ULONG AlignmentRequirement
;
662 } FILE_ALIGNMENT_INFORMATION
, *PFILE_ALIGNMENT_INFORMATION
;
664 typedef struct _FILE_DISPOSITION_INFORMATION
667 } FILE_DISPOSITION_INFORMATION
, *PFILE_DISPOSITION_INFORMATION
;
669 typedef struct _FILE_END_OF_FILE_INFORMATION
671 LARGE_INTEGER EndOfFile
;
672 } FILE_END_OF_FILE_INFORMATION
, *PFILE_END_OF_FILE_INFORMATION
;
674 typedef struct _FILE_NETWORK_OPEN_INFORMATION
{
679 LARGE_INTEGER AllocationSize
;
680 LARGE_INTEGER EndOfFile
;
681 ULONG FileAttributes
;
682 } FILE_NETWORK_OPEN_INFORMATION
, *PFILE_NETWORK_OPEN_INFORMATION
;
684 typedef struct _FILE_FULL_EA_INFORMATION
686 ULONG NextEntryOffset
;
689 USHORT EaValueLength
;
691 } FILE_FULL_EA_INFORMATION
, *PFILE_FULL_EA_INFORMATION
;
694 typedef struct _FILE_EA_INFORMATION
{
696 } FILE_EA_INFORMATION
, *PFILE_EA_INFORMATION
;
699 typedef struct _FILE_GET_EA_INFORMATION
{
700 ULONG NextEntryOffset
;
703 } FILE_GET_EA_INFORMATION
, *PFILE_GET_EA_INFORMATION
;
705 typedef struct _FILE_STREAM_INFORMATION
{
706 ULONG NextEntryOffset
;
707 ULONG StreamNameLength
;
708 LARGE_INTEGER StreamSize
;
709 LARGE_INTEGER StreamAllocationSize
;
711 } FILE_STREAM_INFORMATION
, *PFILE_STREAM_INFORMATION
;
713 typedef struct _FILE_ALLOCATION_INFORMATION
{
714 LARGE_INTEGER AllocationSize
;
715 } FILE_ALLOCATION_INFORMATION
, *PFILE_ALLOCATION_INFORMATION
;
717 typedef struct _FILE_NAME_INFORMATION
{
718 ULONG FileNameLength
;
720 } FILE_NAME_INFORMATION
, *PFILE_NAME_INFORMATION
;
722 typedef struct _FILE_NAMES_INFORMATION
{
723 ULONG NextEntryOffset
;
725 ULONG FileNameLength
;
727 } FILE_NAMES_INFORMATION
, *PFILE_NAMES_INFORMATION
;
730 typedef struct _FILE_RENAME_INFORMATION
{
733 ULONG FileNameLength
;
735 } FILE_RENAME_INFORMATION
, *PFILE_RENAME_INFORMATION
;
738 typedef struct _FILE_INTERNAL_INFORMATION
{
739 LARGE_INTEGER IndexNumber
;
740 } FILE_INTERNAL_INFORMATION
, *PFILE_INTERNAL_INFORMATION
;
742 typedef struct _FILE_ACCESS_INFORMATION
{
743 ACCESS_MASK AccessFlags
;
744 } FILE_ACCESS_INFORMATION
, *PFILE_ACCESS_INFORMATION
;
747 typedef struct _FILE_MODE_INFORMATION
{
749 } FILE_MODE_INFORMATION
, *PFILE_MODE_INFORMATION
;
751 typedef struct _FILE_COMPRESSION_INFORMATION
{
752 LARGE_INTEGER CompressedFileSize
;
753 USHORT CompressionFormat
;
754 UCHAR CompressionUnitShift
;
758 } FILE_COMPRESSION_INFORMATION
, *PFILE_COMPRESSION_INFORMATION
;
760 typedef struct _FILE_ALL_INFORMATION
{
761 FILE_BASIC_INFORMATION BasicInformation
;
762 FILE_STANDARD_INFORMATION StandardInformation
;
763 FILE_INTERNAL_INFORMATION InternalInformation
;
764 FILE_EA_INFORMATION EaInformation
;
765 FILE_ACCESS_INFORMATION AccessInformation
;
766 FILE_POSITION_INFORMATION PositionInformation
;
767 FILE_MODE_INFORMATION ModeInformation
;
768 FILE_ALIGNMENT_INFORMATION AlignmentInformation
;
769 FILE_NAME_INFORMATION NameInformation
;
770 } FILE_ALL_INFORMATION
, *PFILE_ALL_INFORMATION
;
772 // file system information structures
774 typedef struct _FILE_FS_DEVICE_INFORMATION
{
775 DEVICE_TYPE DeviceType
;
776 ULONG Characteristics
;
777 } FILE_FS_DEVICE_INFORMATION
, *PFILE_FS_DEVICE_INFORMATION
;
780 /* device type can be one of the following values:
782 FILE_DEVICE_BEEP 0x00000001
783 FILE_DEVICE_CD_ROM 0x00000002
784 FILE_DEVICE_CD_ROM_FILE_SYSTEM 0x00000003
785 FILE_DEVICE_CONTROLLER 0x00000004
786 FILE_DEVICE_DATALINK 0x00000005
787 FILE_DEVICE_DFS 0x00000006
788 FILE_DEVICE_DISK 0x00000007
789 FILE_DEVICE_DISK_FILE_SYSTEM 0x00000008
790 FILE_DEVICE_FILE_SYSTEM 0x00000009
791 FILE_DEVICE_INPORT_PORT 0x0000000a
792 FILE_DEVICE_KEYBOARD 0x0000000b
793 FILE_DEVICE_MAILSLOT 0x0000000c
794 FILE_DEVICE_MIDI_IN 0x0000000d
795 FILE_DEVICE_MIDI_OUT 0x0000000e
796 FILE_DEVICE_MOUSE 0x0000000f
797 FILE_DEVICE_MULTI_UNC_PROVIDER 0x00000010
798 FILE_DEVICE_NAMED_PIPE 0x00000011
799 FILE_DEVICE_NETWORK 0x00000012
800 FILE_DEVICE_NETWORK_BROWSER 0x00000013
801 FILE_DEVICE_NETWORK_FILE_SYSTEM 0x00000014
802 FILE_DEVICE_NULL 0x00000015
803 FILE_DEVICE_PARALLEL_PORT 0x00000016
804 FILE_DEVICE_PHYSICAL_NETCARD 0x00000017
805 FILE_DEVICE_PRINTER 0x00000018
806 FILE_DEVICE_SCANNER 0x00000019
807 FILE_DEVICE_SERIAL_MOUSE_PORT 0x0000001a
808 FILE_DEVICE_SERIAL_PORT 0x0000001b
809 FILE_DEVICE_SCREEN 0x0000001c
810 FILE_DEVICE_SOUND 0x0000001d
811 FILE_DEVICE_STREAMS 0x0000001e
812 FILE_DEVICE_TAPE 0x0000001f
813 FILE_DEVICE_TAPE_FILE_SYSTEM 0x00000020
814 FILE_DEVICE_TRANSPORT 0x00000021
815 FILE_DEVICE_UNKNOWN 0x00000022
816 FILE_DEVICE_VIDEO 0x00000023
817 FILE_DEVICE_VIRTUAL_DISK 0x00000024
818 FILE_DEVICE_WAVE_IN 0x00000025
819 FILE_DEVICE_WAVE_OUT 0x00000026
820 FILE_DEVICE_8042_PORT 0x00000027
821 FILE_DEVICE_NETWORK_REDIRECTOR 0x00000028
822 FILE_DEVICE_BATTERY 0x00000029
823 FILE_DEVICE_BUS_EXTENDER 0x0000002a
824 FILE_DEVICE_MODEM 0x0000002b
825 FILE_DEVICE_VDM 0x0000002c
829 characteristics is one of the following values:
831 FILE_REMOVABLE_MEDIA 0x00000001
832 FILE_READ_ONLY_DEVICE 0x00000002
833 FILE_FLOPPY_DISKETTE 0x00000004
834 FILE_WRITE_ONCE_MEDIA 0x00000008
835 FILE_REMOTE_DEVICE 0x00000010
836 FILE_DEVICE_IS_MOUNTED 0x00000020
837 FILE_VIRTUAL_VOLUME 0x00000040
840 typedef struct _FILE_FS_VOLUME_INFORMATION
{
841 TIME VolumeCreationTime
;
842 ULONG VolumeSerialNumber
;
843 ULONG VolumeLabelLength
;
844 BOOLEAN SupportsObjects
;
845 WCHAR VolumeLabel
[0];
846 } FILE_FS_VOLUME_INFORMATION
;
848 typedef struct _FILE_FS_SIZE_INFORMATION
{
849 LARGE_INTEGER TotalAllocationUnits
;
850 LARGE_INTEGER AvailableAllocationUnits
;
851 ULONG SectorsPerAllocationUnit
;
852 ULONG BytesPerSector
;
853 } FILE_FS_SIZE_INFORMATION
, *PFILE_FS_SIZE_INFORMATION
;
855 typedef struct _FILE_FS_ATTRIBUTE_INFORMATION
{
856 ULONG FileSystemAttributes
;
857 LONG MaximumComponentNameLength
;
858 ULONG FileSystemNameLength
;
859 WCHAR FileSystemName
[0];
860 } FILE_FS_ATTRIBUTE_INFORMATION
;
863 FileSystemAttributes is one of the following values:
865 FILE_CASE_SENSITIVE_SEARCH 0x00000001
866 FILE_CASE_PRESERVED_NAMES 0x00000002
867 FILE_UNICODE_ON_DISK 0x00000004
868 FILE_PERSISTENT_ACLS 0x00000008
869 FILE_FILE_COMPRESSION 0x00000010
870 FILE_VOLUME_QUOTAS 0x00000020
871 FILE_VOLUME_IS_COMPRESSED 0x00008000
873 typedef struct _FILE_FS_LABEL_INFORMATION
{
874 ULONG VolumeLabelLength
;
875 WCHAR VolumeLabel
[0];
876 } FILE_FS_LABEL_INFORMATION
, *PFILE_FS_LABEL_INFORMATION
;
878 // read file scatter / write file scatter
879 //FIXME I am a win32 struct aswell
881 typedef union _FILE_SEGMENT_ELEMENT
{
884 }FILE_SEGMENT_ELEMENT
, *PFILE_SEGMENT_ELEMENT
;
886 // directory information
889 typedef struct _FILE_DIRECTORY_INFORMATION
{
890 ULONG NextEntryOffset
;
896 LARGE_INTEGER EndOfFile
;
897 LARGE_INTEGER AllocationSize
;
898 ULONG FileAttributes
;
899 ULONG FileNameLength
;
901 } FILE_DIRECTORY_INFORMATION
, *PFILE_DIRECTORY_INFORMATION
;
903 typedef struct _FILE_FULL_DIRECTORY_INFORMATION
{
904 ULONG NextEntryOffset
;
910 LARGE_INTEGER EndOfFile
;
911 LARGE_INTEGER AllocationSize
;
912 ULONG FileAttributes
;
913 ULONG FileNameLength
;
916 } FILE_FULL_DIRECTORY_INFORMATION
, *PFILE_FULL_DIRECTORY_INFORMATION
;
919 typedef struct _FILE_BOTH_DIRECTORY_INFORMATION
{
920 ULONG NextEntryOffset
;
926 LARGE_INTEGER EndOfFile
;
927 LARGE_INTEGER AllocationSize
;
928 ULONG FileAttributes
;
929 ULONG FileNameLength
;
931 CHAR ShortNameLength
;
932 WCHAR ShortName
[12]; // 8.3 name
934 } FILE_BOTH_DIRECTORY_INFORMATION
, *PFILE_BOTH_DIRECTORY_INFORMATION
;
938 NotifyFilter / CompletionFilter:
940 FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001
941 FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002
942 FILE_NOTIFY_CHANGE_NAME 0x00000003
943 FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004
944 FILE_NOTIFY_CHANGE_SIZE 0x00000008
945 FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010
946 FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020
947 FILE_NOTIFY_CHANGE_CREATION 0x00000040
948 FILE_NOTIFY_CHANGE_EA 0x00000080
949 FILE_NOTIFY_CHANGE_SECURITY 0x00000100
950 FILE_NOTIFY_CHANGE_STREAM_NAME 0x00000200
951 FILE_NOTIFY_CHANGE_STREAM_SIZE 0x00000400
952 FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800
955 typedef struct _FILE_NOTIFY_INFORMATION
{
956 ULONG NextEntryOffset
;
958 ULONG FileNameLength
;
960 } FILE_NOTIFY_INFORMATION
;
964 Action is one of the following values:
966 FILE_ACTION_ADDED 0x00000001
967 FILE_ACTION_REMOVED 0x00000002
968 FILE_ACTION_MODIFIED 0x00000003
969 FILE_ACTION_RENAMED_OLD_NAME 0x00000004
970 FILE_ACTION_RENAMED_NEW_NAME 0x00000005
971 FILE_ACTION_ADDED_STREAM 0x00000006
972 FILE_ACTION_REMOVED_STREAM 0x00000007
973 FILE_ACTION_MODIFIED_STREAM 0x00000008
978 //FIXME: I am a win32 object
982 LPVOID lpArgToCompletionRoutine
,
983 DWORD dwTimerLowValue
,
984 DWORD dwTimerHighValue
987 // NtProcessStartup parameters
989 typedef struct _ENVIRONMENT_INFORMATION
{
991 UNICODE_STRING CommandLine
;
992 UNICODE_STRING ImageFile
;
993 } ENVIRONMENT_INFORMATION
, *PENVIRONMENT_INFORMATION
;
996 typedef struct _STARTUP_ARGUMENT
{
998 PENVIRONMENT_INFORMATION Environment
;
999 } STARTUP_ARGUMENT
, *PSTARTUP_ARGUMENT
;
1002 // File System Control commands ( related to defragging )
1004 #define FSCTL_READ_MFT_RECORD 0x90068 // NTFS only
1005 #define FSCTL_GET_VOLUME_BITMAP 0x9006F
1006 #define FSCTL_GET_RETRIEVAL_POINTERS 0x90073
1007 #define FSCTL_MOVE_FILE 0x90074
1009 typedef struct _MAPPING_PAIR
1013 } MAPPING_PAIR
, *PMAPPING_PAIR
;
1015 typedef struct _GET_RETRIEVAL_DESCRIPTOR
1017 ULONG NumberOfPairs
;
1019 MAPPING_PAIR Pair
[0];
1020 } GET_RETRIEVAL_DESCRIPTOR
, *PGET_RETRIEVAL_DESCRIPTOR
;
1022 typedef struct _BITMAP_DESCRIPTOR
1025 ULONGLONG ClustersToEndOfVol
;
1027 } BITMAP_DESCRIPTOR
, *PBITMAP_DESCRIPTOR
;
1029 typedef struct _MOVEFILE_DESCRIPTOR
1033 LARGE_INTEGER StartVcn
;
1034 LARGE_INTEGER TargetLcn
;
1037 } MOVEFILE_DESCRIPTOR
, *PMOVEFILE_DESCRIPTOR
;
1040 // semaphore information
1042 typedef struct _SEMAPHORE_BASIC_INFORMATION
1046 } SEMAPHORE_BASIC_INFORMATION
, *PSEMAPHORE_BASIC_INFORMATION
;
1048 // event information
1050 typedef struct _EVENT_BASIC_INFORMATION
1052 BOOL AutomaticReset
;
1054 } EVENT_BASIC_INFORMATION
, *PEVENT_INFORMATION
;
1060 * FUNCTION: Adds an atom to the global atom table
1062 Atom (OUT) = Caller supplies storage for the resulting atom.
1063 * AtomString = The string to add to the atom table.
1064 * REMARKS: The arguments map to the win32 add GlobalAddAtom.
1071 IN PUNICODE_STRING AtomString
1074 * FUNCTION: Decrements a thread's suspend count and places it in an alerted
1077 * ThreadHandle = Handle to the thread that should be resumed
1078 * SuspendCount = The resulting suspend count.
1080 * A thread is resumed if its suspend count is 0
1085 NtAlertResumeThread(
1086 IN HANDLE ThreadHandle
,
1087 OUT PULONG SuspendCount
1091 * FUNCTION: Puts the thread in a alerted state
1093 * ThreadHandle = Handle to the thread that should be alerted
1099 IN HANDLE ThreadHandle
1103 * FUNCTION: Allocates a locally unique id
1105 * LocallyUniqueId = Locally unique number
1110 NtAllocateLocallyUniqueId(
1111 OUT PVOID LocallyUniqueId
1115 * FUNCTION: Allocates a block of virtual memory in the process address space
1117 * ProcessHandle = The handle of the process which owns the virtual memory
1118 * BaseAddress = A pointer to the virtual memory allocated. If you supply a non zero
1119 * value the system will try to allocate the memory at the address supplied. It rounds
1120 * it down to a multiple if the page size.
1121 * ZeroBits = (OPTIONAL) You can specify the number of high order bits that must be zero, ensuring that
1122 * the memory will be allocated at a address below a certain value.
1123 * RegionSize = The number of bytes to allocate
1124 * AllocationType = Indicates the type of virtual memory you like to allocated,
1125 * can be one of the values : MEM_COMMIT, MEM_RESERVE, MEM_RESET, MEM_TOP_DOWN
1126 * Protect = Indicates the protection type of the pages allocated, can be a combination of
1127 * PAGE_READONLY, PAGE_READWRITE, PAGE_EXECUTE_READ,
1128 * PAGE_EXECUTE_READWRITE, PAGE_GUARD, PAGE_NOACCESS, PAGE_NOACCESS
1130 * This function maps to the win32 VirtualAllocEx. Virtual memory is process based so the
1131 * protocol starts with a ProcessHandle. I splitted the functionality of obtaining the actual address and specifying
1132 * the start address in two parameters ( BaseAddress and StartAddress ) The NumberOfBytesAllocated specify the range
1133 * and the AllocationType and ProctectionType map to the other two parameters.
1138 NtAllocateVirtualMemory(
1139 IN HANDLE ProcessHandle
,
1140 OUT PVOID
*BaseAddress
,
1142 IN ULONG RegionSize
,
1143 IN ULONG AllocationType
,
1148 * FUNCTION: Cancels a IO request
1150 * FileHandle = Handle to the file
1154 * This function maps to the win32 CancelIo.
1160 IN HANDLE FileHandle
,
1161 OUT PIO_STATUS_BLOCK IoStatusBlock
1164 * FUNCTION: Cancels a timer
1166 * TimerHandle = Handle to the timer
1167 ElapsedTime = Specifies the elapsed time the timer has run so far.
1169 The arguments to this function map to the function CancelWaitableTimer.
1175 IN HANDLE TimerHandle
,
1176 OUT ULONG ElapsedTime
1179 * FUNCTION: Sets the status of the event back to non-signaled
1181 * EventHandle = Handle to the event
1183 * This function maps to win32 function ResetEvent.
1190 IN HANDLE EventHandle
1194 * FUNCTION: Closes an object handle
1196 * Handle = Handle to the object
1198 * This function maps to the win32 function CloseHandle.
1210 * FUNCTION: Continues a thread with the specified context
1212 * Context = Specifies the processor context
1214 * NtContinue can be used to continue after a exception.
1217 //FIXME This function might need another parameter
1225 * FUNCTION: Creates a directory object
1227 * DirectoryHandle (OUT) = Caller supplied storage for the resulting handle
1228 * DesiredAccess = Specifies access to the directory
1229 * ObjectAttribute = Initialized attributes for the object
1230 * REMARKS: This function maps to the win32 CreateDirectory. A directory is like a file so it needs a
1231 * handle, a access mask and a OBJECT_ATTRIBUTES structure to map the path name and the SECURITY_ATTRIBUTES.
1236 NtCreateDirectoryObject(
1237 OUT PHANDLE DirectoryHandle
,
1238 IN ACCESS_MASK DesiredAccess
,
1239 IN POBJECT_ATTRIBUTES ObjectAttributes
1242 * FUNCTION: Creates an event object
1244 * EventHandle (OUT) = Caller supplied storage for the resulting handle
1245 * DesiredAccess = Specifies access to the event
1246 * ObjectAttribute = Initialized attributes for the object
1247 * ManualReset = manual-reset or auto-reset if true you have to reset the state of the event manually
1248 using NtResetEvent/NtClearEvent. if false the system will reset the event to a non-signalled state
1249 automatically after the system has rescheduled a thread waiting on the event.
1250 * InitialState = specifies the initial state of the event to be signaled ( TRUE ) or non-signalled (FALSE).
1251 * REMARKS: This function maps to the win32 CreateEvent. Demanding a out variable of type HANDLE,
1252 * a access mask and a OBJECT_ATTRIBUTES structure mapping to the SECURITY_ATTRIBUTES. ManualReset and InitialState are
1253 * both parameters aswell ( possibly the order is reversed ).
1259 OUT PHANDLE FileHandle
,
1260 IN ACCESS_MASK DesiredAccess
,
1261 IN POBJECT_ATTRIBUTES ObjectAttributes
,
1262 IN BOOL ManualReset
,
1263 IN BOOL InitialState
1267 * FUNCTION: Creates an eventpair object
1269 * EventPairHandle (OUT) = Caller supplied storage for the resulting handle
1270 * DesiredAccess = Specifies access to the event
1271 * ObjectAttribute = Initialized attributes for the object
1277 OUT PHANDLE FileHandle
,
1278 IN ACCESS_MASK DesiredAccess
,
1279 IN POBJECT_ATTRIBUTES ObjectAttributes
1284 * FUNCTION: Creates or opens a file, directory or device object.
1286 * FileHandle (OUT) = Caller supplied storage for the resulting handle
1287 * DesiredAccess = Specifies the allowed or desired access to the file can
1288 * be a combination of DELETE | FILE_READ_DATA ..
1289 * ObjectAttribute = Initialized attributes for the object, contains the rootdirectory and the filename
1290 * IoStatusBlock (OUT) = Caller supplied storage for the resulting status information, indicating if the
1291 * the file is created and opened or allready existed and is just opened.
1292 * FileAttributes = file attributes can be a combination of FILE_ATTRIBUTE_READONLY | FILE_ATTRIBUTE_HIDDEN ...
1293 * ShareAccess = can be a combination of the following: FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE
1294 * CreateDisposition = specifies what the behavior of the system if the file allready exists.
1295 * CreateOptions = specifies the behavior of the system on file creation.
1296 * EaBuffer (OPTIONAL) = Extended Attributes buffer, applies only to files and directories.
1297 * EaLength = Extended Attributes buffer size, applies only to files and directories.
1298 * REMARKS: This function maps to the win32 CreateFile.
1304 OUT PHANDLE FileHandle
,
1305 IN ACCESS_MASK DesiredAccess
,
1306 IN POBJECT_ATTRIBUTES ObjectAttributes
,
1307 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1308 IN PLARGE_INTEGER AllocationSize OPTIONAL
,
1309 IN ULONG FileAttributes
,
1310 IN ULONG ShareAccess
,
1311 IN ULONG CreateDisposition
,
1312 IN ULONG CreateOptions
,
1313 IN PVOID EaBuffer OPTIONAL
,
1317 * FUNCTION: Creates or opens a file, directory or device object.
1319 * CompletionPort (OUT) = Caller supplied storage for the resulting handle
1320 * DesiredAccess = Specifies the allowed or desired access to the port
1322 * NumberOfConcurrentThreads =
1323 * REMARKS: This function maps to the win32 CreateIoCompletionPort
1329 NtCreateIoCompletion(
1330 OUT PHANDLE CompletionPort
,
1331 IN ACCESS_MASK DesiredAccess
,
1332 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1333 IN ULONG NumberOfConcurrentThreads
1336 * FUNCTION: Creates a registry key
1338 * KeyHandle (OUT) = Caller supplied storage for the resulting handle
1339 * DesiredAccess = Specifies the allowed or desired access to the key
1340 * It can have a combination of the following values:
1341 * KEY_READ | KEY_WRITE | KEY_EXECUTE | KEY_ALL_ACCESS
1343 * KEY_QUERY_VALUE The values of the key can be queried.
1344 * KEY_SET_VALUE The values of the key can be modified.
1345 * KEY_CREATE_SUB_KEYS The key may contain subkeys.
1346 * KEY_ENUMERATE_SUB_KEYS Subkeys can be queried.
1348 * KEY_CREATE_LINK A symbolic link to the key can be created.
1349 * ObjectAttributes = The name of the key may be specified directly in the name field
1350 * of object attributes or relative
1351 * to a key in rootdirectory.
1352 * Class = Specifies the kind of data.
1353 * CreateOptions = Specifies additional options with which the key is created
1354 * REG_OPTION_VOLATILE The key is not preserved across boots.
1355 * REG_OPTION_NON_VOLATILE The key is preserved accross boots.
1356 * REG_OPTION_CREATE_LINK The key is a symbolic link to another key.
1357 * REG_OPTION_BACKUP_RESTORE Key is being opened or created for backup/restore operations.
1358 * Disposition = Indicates if the call to NtCreateKey resulted in the creation of a key it
1359 * can have the following values: REG_CREATED_NEW_KEY | REG_OPENED_EXISTING_KEY
1366 OUT PHANDLE KeyHandle
,
1367 IN ACCESS_MASK DesiredAccess
,
1368 IN POBJECT_ATTRIBUTES ObjectAttributes
,
1369 IN ULONG TitleIndex
,
1370 IN PUNICODE_STRING Class OPTIONAL
,
1371 IN ULONG CreateOptions
,
1372 IN PULONG Disposition OPTIONAL
1376 //NtCreateMailslotFile
1379 * FUNCTION: Creates or opens a mutex
1381 * MutantHandle (OUT) = Caller supplied storage for the resulting handle
1382 * DesiredAccess = Specifies the allowed or desired access to the port
1383 * ObjectAttributes = Contains the name of the mutex.
1384 * InitialOwner = If true the calling thread acquires ownership
1386 * REMARKS: This funciton maps to the win32 function CreateMutex
1393 OUT PHANDLE MutantHandle
,
1394 IN ACCESS_MASK DesiredAccess
,
1395 IN OBJECT_ATTRIBUTES ObjectAttributes
,
1396 IN BOOL InitialOwner
1399 //NtCreateNamedPipeFile
1402 * FUNCTION: Creates a paging file.
1404 * PageFileName = Name of the pagefile
1405 * MinimumSize = Specifies the minimum size
1406 * MaximumSize = Specifies the maximum size
1407 * ActualSize = Specifies the actual size
1413 IN PUNICODE_STRING PageFileName
,
1414 IN ULONG MiniumSize
,
1415 IN ULONG MaxiumSize
,
1416 OUT PULONG ActualSize
1419 * FUNCTION: Creates a process.
1421 * ProcessHandle (OUT) = Caller supplied storage for the resulting handle
1422 * DesiredAccess = Specifies the allowed or desired access to the process can
1423 * be a combinate of STANDARD_RIGHTS_REQUIRED| ..
1424 * ObjectAttribute = Initialized attributes for the object, contains the rootdirectory and the filename
1425 * ParentProcess = Handle to the parent process.
1426 * InheritObjectTable = Specifies to inherit the objects of the parent process if true.
1427 * SectionHandle = Handle to a section object to back the image file
1428 * DebugPort = Handle to a DebugPort if NULL the system default debug port will be used.
1429 * ExceptionPort = Handle to a exception port.
1431 * This function maps to the win32 CreateProcess.
1437 OUT PHANDLE ProcessHandle
,
1438 IN ACCESS_MASK DesiredAccess
,
1439 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
1440 IN HANDLE ParentProcess
,
1441 IN BOOLEAN InheritObjectTable
,
1442 IN HANDLE SectionHandle OPTIONAL
,
1443 IN HANDLE DebugPort OPTIONAL
,
1444 IN HANDLE ExceptionPort OPTIONAL
1447 * FUNCTION: Creates a section object.
1449 * SectionHandle (OUT) = Caller supplied storage for the resulting handle
1450 * DesiredAccess = Specifies the desired access to the section can be a combination of STANDARD_RIGHTS_REQUIRED | SECTION_QUERY | SECTION_MAP_WRITE |
1451 * SECTION_MAP_READ | SECTION_MAP_EXECUTE.
1452 * ObjectAttribute = Initialized attributes for the object can be used to create a named section
1453 * MaxiumSize = Maximizes the size of the memory section. Must be non-NULL for a page-file backed section.
1454 * If value specified for a mapped file and the file is not large enough, file will be extended.
1455 * SectionPageProtection = Can be a combination of PAGE_READONLY | PAGE_READWRITE | PAGE_WRITEONLY | PAGE_WRITECOPY.
1456 * AllocationAttributes = can be a combination of SEC_IMAGE | SEC_RESERVE
1457 * FileHanlde = Handle to a file to create a section mapped to a file instead of a memory backed section.
1463 OUT PHANDLE SectionHandle
,
1464 IN ACCESS_MASK DesiredAccess
,
1465 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
1466 IN PLARGE_INTEGER MaximumSize OPTIONAL
,
1467 IN ULONG SectionPageProtection OPTIONAL
,
1468 IN ULONG AllocationAttributes
,
1469 IN HANDLE FileHandle OPTIONAL
1472 * FUNCTION: Creates a semaphore object for interprocess synchronization.
1474 * SemaphoreHandle (OUT) = Caller supplied storage for the resulting handle
1475 * DesiredAccess = Specifies the allowed or desired access to the semaphore.
1476 * ObjectAttribute = Initialized attributes for the object.
1477 * InitialCount = Not necessary zero, might be smaller than zero.
1478 * MaximumCount = Maxiumum count the semaphore can reach.
1481 * The semaphore is set to signaled when its count is greater than zero, and non-signaled when its count is zero.
1484 //FIXME: should a semaphore's initial count allowed to be smaller than zero ??
1488 OUT PHANDLE SemaphoreHandle
,
1489 IN ACCESS_MASK DesiredAccess
,
1490 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
1491 IN ULONG InitialCount
,
1492 IN ULONG MaximumCount
1495 * FUNCTION: Creates a symbolic link object
1497 * SymbolicLinkHandle (OUT) = Caller supplied storage for the resulting handle
1498 * DesiredAccess = Specifies the allowed or desired access to the thread.
1499 * ObjectAttributes = Initialized attributes for the object.
1502 * This function map to the win32 function CreateThread.
1507 NtCreateSymbolicLinkObject(
1508 OUT PHANDLE SymbolicLinkHandle
,
1509 IN ACCESS_MASK DesiredAccess
,
1510 IN POBJECT_ATTRIBUTES ObjectAttributes
,
1511 IN PUNICODE_STRING Name
1514 * FUNCTION: Creates a user mode thread
1516 * ThreadHandle (OUT) = Caller supplied storage for the resulting handle
1517 * DesiredAccess = Specifies the allowed or desired access to the thread.
1518 * ObjectAttributes = Initialized attributes for the object.
1519 * ProcessHandle = Handle to the threads parent process.
1520 * ClientId (OUT) = Caller supplies storage for returned process id and thread id.
1521 * ThreadContext = Initial processor context for the thread.
1522 * InitialTeb = Initial Thread Environment Block for the Thread.
1523 * CreateSuspended = Specifies if the thread is ready for scheduling
1525 * This function maps to the win32 function CreateThread. The exact arguments are from the usenet. [<6f7cqj$tq9$1@nnrp1.dejanews.com>]
1531 OUT PHANDLE ThreadHandle
,
1532 IN ACCESS_MASK DesiredAccess
,
1533 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
1534 IN HANDLE ProcessHandle
,
1535 OUT PCLIENT_ID ClientId
,
1536 IN PCONTEXT ThreadContext
,
1537 IN PINITIAL_TEB InitialTeb
,
1538 IN BOOLEAN CreateSuspended
1541 * FUNCTION: Creates a waitable timer.
1543 * TimerHandle (OUT) = Caller supplied storage for the resulting handle
1544 * DesiredAccess = Specifies the allowed or desired access to the timer.
1545 * ObjectAttributes = Initialized attributes for the object.
1546 * ManualReset = Specifies if the timer should be reset manually.
1548 * This function maps to the win32 CreateWaitableTimer. lpTimerAttributes and lpTimerName map to
1549 * corresponding fields in OBJECT_ATTRIBUTES structure.
1556 OUT PHANDLE TimerHandle
,
1557 IN ACCESS_MASK DesiredAccess
,
1558 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
1562 * FUNCTION: Returns the callers thread TEB.
1564 * Teb (OUT) = Caller supplied storage for the resulting TEB.
1574 * FUNCTION: Delays the execution of the calling thread.
1576 * Alertable = If TRUE the thread is alertable during is wait period
1577 * Interval = Specifies the interval to wait.
1584 IN PLARGE_INTEGER Interval
1588 * FUNCTION: Deletes an atom from the global atom table
1590 * Atom = Atom to delete
1592 The function maps to the win32 GlobalDeleteAtom
1602 * FUNCTION: Deletes a file
1604 * ObjectAttributes = Handle to the file which should be deleted
1606 This system call is functionally equivalent to NtSetInformationFile
1607 setting the disposition information.
1608 * The function maps to the win32 DeleteFile.
1614 IN POBJECT_ATTRIBUTES ObjectAttributes
1618 * FUNCTION: Deletes a registry key
1620 * KeyHandle = Handle of the key
1629 * FUNCTION: Deletes a value from a registry key
1631 * KeyHandle = Handle of the key
1632 * ValueName = Name of the value to delete
1639 IN HANDLE KeyHandle
,
1640 IN PUNICODE_STRING ValueName
1643 * FUNCTION: Sends IOCTL to the io sub system
1645 * DeviceHandle = Points to the handle that is created by NtCreateFile
1646 * Event = Event to synchronize on STATUS_PENDING
1649 * IoStatusBlock = Caller should supply storage for
1650 * IoControlCode = Contains the IO Control command. This is an
1651 * index to the structures in InputBuffer and OutputBuffer.
1652 * InputBuffer = Caller should supply storage for input buffer if IOTL expects one.
1653 * InputBufferSize = Size of the input bufffer
1654 * OutputBuffer = Caller should supply storage for output buffer if IOTL expects one.
1655 * OutputBufferSize = Size of the input bufffer
1661 NtDeviceIoControlFile(
1662 IN HANDLE DeviceHandle
,
1663 IN HANDLE Event OPTIONAL
,
1664 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL
,
1665 IN PVOID UserApcContext OPTIONAL
,
1666 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1667 IN ULONG IoControlCode
,
1668 IN PVOID InputBuffer
,
1669 IN ULONG InputBufferSize
,
1670 OUT PVOID OutputBuffer
,
1671 IN ULONG OutputBufferSize
1674 * FUNCTION: Displays a string on the blue screen
1676 * DisplayString = The string to display
1683 IN PUNICODE_STRING DisplayString
1686 * FUNCTION: Displays a string on the blue screen
1688 * SourceProcessHandle = The string to display
1690 TargetProcessHandle =
1700 IN HANDLE SourceProcessHandle
,
1701 IN PHANDLE SourceHandle
,
1702 IN HANDLE TargetProcessHandle
,
1703 OUT PHANDLE TargetHandle
,
1704 IN ULONG DesiredAccess
,
1705 IN BOOL InheritHandle
1708 * FUNCTION: Returns information about the subkeys of an open key
1710 * KeyHandle = Handle of the key whose subkeys are to enumerated
1711 * Index = zero based index of the subkey for which information is
1713 * KeyInformationClass = Type of information returned
1714 * KeyInformation (OUT) = Caller allocated buffer for the information
1716 * Length = Length in bytes of the KeyInformation buffer
1717 * ResultLength (OUT) = Caller allocated storage which holds
1718 * the number of bytes of information retrieved
1725 IN HANDLE KeyHandle
,
1727 IN CINT KeyInformationClass
,
1728 OUT PVOID KeyInformation
,
1730 OUT PULONG ResultLength
1733 * FUNCTION: Returns information about the value entries of an open key
1735 * KeyHandle = Handle of the key whose value entries are to enumerated
1736 * Index = zero based index of the subkey for which information is
1738 * KeyInformationClass = Type of information returned
1739 * KeyInformation (OUT) = Caller allocated buffer for the information
1741 * Length = Length in bytes of the KeyInformation buffer
1742 * ResultLength (OUT) = Caller allocated storage which holds
1743 * the number of bytes of information retrieved
1749 NtEnumerateValueKey(
1750 IN HANDLE KeyHandle
,
1752 IN CINT KeyValueInformationClass
,
1753 OUT PVOID KeyValueInformation
,
1755 OUT PULONG ResultLength
1758 * FUNCTION: Extends a section
1760 * SectionHandle = Handle to the section
1761 * NewMaximumSize = Adjusted size
1767 IN HANDLE SectionHandle
,
1768 IN ULONG NewMaximumSize
1771 * FUNCTION: Finds a atom
1773 * Atom = Caller supplies storage for the resulting atom
1774 * AtomString = String to search for.
1777 This funciton maps to the win32 GlobalFindAtom
1783 IN PUNICODE_STRING AtomString
1786 * FUNCTION: Flushes chached file data to disk
1788 * FileHandle = Points to the file
1789 IoStatusBlock = Caller must supply storage to receive the result of the flush
1790 buffers operation. The information field is set to number of bytes
1794 This funciton maps to the win32 FlushFileBuffers
1799 IN HANDLE FileHandle
,
1800 OUT PIO_STATUS_BLOCK IoStatusBlock
1803 * FUNCTION: Flushes a the processors instruction cache
1805 * ProcessHandle = Points to the process owning the cache
1806 BaseAddress = // might this be a image address ????
1807 NumberOfBytesToFlush =
1810 This funciton is used by debuggers
1814 NtFlushInstructionCache(
1815 IN HANDLE ProcessHandle
,
1816 IN PVOID BaseAddress
,
1817 IN UINT NumberOfBytesToFlush
1820 * FUNCTION: Flushes a registry key to disk
1822 * KeyHandle = Points to the registry key handle
1825 This funciton maps to the win32 RegFlushKey.
1834 * FUNCTION: Flushes virtual memory to file
1836 * ProcessHandle = Points to the process that allocated the virtual memory
1837 * BaseAddress = Points to the memory address
1838 * NumberOfBytesToFlush = Limits the range to flush,
1839 * NumberOfBytesFlushed = Actual number of bytes flushed
1842 Check return status on STATUS_NOT_MAPPED_DATA
1846 NtFlushVirtualMemory(
1847 IN HANDLE ProcessHandle
,
1848 IN PVOID BaseAddress
,
1849 IN ULONG NumberOfBytesToFlush
,
1850 OUT PULONG NumberOfBytesFlushed OPTIONAL
1853 * FUNCTION: Flushes virtual memory to file
1855 * ProcessHandle = Points to the process that allocated the virtual memory
1856 * BaseAddress = Points to the memory address
1857 * NumberOfBytesToFlush = Limits the range to flush,
1858 * NumberOfBytesFlushed = Actual number of bytes flushed
1861 Check return status on STATUS_NOT_MAPPED_DATA
1865 NtFlushWriteBuffer (
1869 * FUNCTION: Frees a range of virtual memory
1871 * ProcessHandle = Points to the process that allocated the virtual memory
1872 * BaseAddress = Points to the memory address, rounded down to a multiple of the pagesize
1873 * RegionSize = Limits the range to free, rounded up to a multiple of the paging size
1874 * FreeType = Can be one of the values: MEM_DECOMMIT, or MEM_RELEASE
1880 NtFreeVirtualMemory(
1881 IN PHANDLE ProcessHandle
,
1882 IN PVOID
*BaseAddress
,
1883 IN ULONG RegionSize
,
1888 * FUNCTION: Sends FSCTL to the filesystem
1890 * DeviceHandle = Points to the handle that is created by NtCreateFile
1891 * Event = Event to synchronize on STATUS_PENDING
1894 * IoStatusBlock = Caller should supply storage for
1895 * IoControlCode = Contains the File System Control command. This is an
1896 index to the structures in InputBuffer and OutputBuffer.
1897 FSCTL_GET_RETRIEVAL_POINTERS MAPPING_PAIR
1898 FSCTL_GET_RETRIEVAL_POINTERS GET_RETRIEVAL_DESCRIPTOR
1899 FSCTL_GET_VOLUME_BITMAP BITMAP_DESCRIPTOR
1900 FSCTL_MOVE_FILE MOVEFILE_DESCRIPTOR
1902 * InputBuffer = Caller should supply storage for input buffer if FCTL expects one.
1903 * InputBufferSize = Size of the input bufffer
1904 * OutputBuffer = Caller should supply storage for output buffer if FCTL expects one.
1905 * OutputBufferSize = Size of the input bufffer
1911 IN HANDLE DeviceHandle
,
1912 IN HANDLE Event OPTIONAL
,
1913 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
1914 IN PVOID ApcContext OPTIONAL
,
1915 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1916 IN ULONG IoControlCode
,
1917 IN PVOID InputBuffer
,
1918 IN ULONG InputBufferSize
,
1919 OUT PVOID OutputBuffer
,
1920 IN ULONG OutputBufferSize
1924 * FUNCTION: Retrieves the processor context of a thread
1926 * ThreadHandle = Handle to a thread
1927 * Context (OUT) = Caller allocated storage for the processor context
1934 IN HANDLE ThreadHandle
,
1935 OUT PCONTEXT Context
1938 * FUNCTION: Retrieves the uptime of the system
1940 * UpTime = Number of clock ticks since boot.
1949 //-- NtImpersonateThread
1952 * FUNCTION: Initializes the registry.
1954 * SetUpBoot = This parameter is true for a setup boot.
1959 NtInitializeRegistry(
1963 * FUNCTION: Loads a driver.
1965 * DriverServiceName = Name of the driver to load
1971 IN PUNICODE_STRING DriverServiceName
1976 * FUNCTION: Loads a registry key.
1978 * KeyHandle = Handle to the registry key
1979 ObjectAttributes = ???
1981 This procedure maps to the win32 procedure RegLoadKey
1988 OBJECT_ATTRIBUTES ObjectAttributes
1991 * FUNCTION: Locks a range of bytes in a file.
1993 * FileHandle = Handle to the file
1994 * Event = Should be null if apc is specified.
1995 * ApcRoutine = Asynchroneous Procedure Callback
1996 * ApcContext = Argument to the callback
1997 * IoStatusBlock (OUT) = Caller should supply storage for a structure containing
1998 * the completion status and information about the requested lock operation.
1999 * ByteOffset = Offset
2000 * Length = Number of bytes to lock.
2002 * FailImmediatedly =
2005 This procedure maps to the win32 procedure LockFileEx
2011 IN HANDLE FileHandle
,
2012 IN HANDLE Event OPTIONAL
,
2013 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
2014 IN PVOID ApcContext OPTIONAL
,
2015 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2016 IN PLARGE_INTEGER ByteOffset
,
2017 IN PLARGE_INTEGER Length
,
2019 IN BOOLEAN FailImmediatedly
,
2020 IN BOOLEAN ExclusiveLock
2023 * FUNCTION: Locks a range of virtual memory.
2025 * ProcessHandle = Handle to the process
2026 * BaseAddress = Lower boundary of the range of bytes to lock.
2027 * NumberOfBytesLock = Offset to the upper boundary.
2028 * NumberOfBytesLocked (OUT) = Number of bytes actually locked.
2030 This procedure maps to the win32 procedure VirtualLock
2035 NtLockVirtualMemory(
2036 HANDLE ProcessHandle
,
2038 ULONG NumberOfBytesToLock
,
2039 PULONG NumberOfBytesLocked
2042 * FUNCTION: Makes temporary object that will be removed at next boot.
2044 * Handle = Handle to object
2050 NtMakeTemporaryObject(
2054 * FUNCTION: Maps a view of a section into the virtual address space of a
2057 * SectionHandle = Handle of the section
2058 * ProcessHandle = Handle of the process
2059 * BaseAddress = Desired base address (or NULL) on entry
2060 * Actual base address of the view on exit
2061 * ZeroBits = Number of high order address bits that must be zero
2062 * CommitSize = Size in bytes of the initially committed section of
2064 * SectionOffset = Offset in bytes from the beginning of the section
2065 * to the beginning of the view
2066 * ViewSize = Desired length of map (or zero to map all) on entry
2067 * Actual length mapped on exit
2068 * InheritDisposition = Specified how the view is to be shared with
2070 * AllocateType = Type of allocation for the pages
2071 * Protect = Protection for the committed region of the view
2076 IN HANDLE SectionHandle
,
2077 IN HANDLE ProcessHandle
,
2078 IN OUT PVOID
*BaseAddress
,
2080 IN ULONG CommitSize
,
2081 IN OUT PLARGE_INTEGER SectionOffset OPTIONAL
,
2082 IN OUT PULONG ViewSize
,
2083 IN SECTION_INHERIT InheritDisposition
,
2084 IN ULONG AllocationType
,
2085 IN ULONG AccessProtection
2089 * FUNCTION: Installs a notify for the change of a directory's contents
2091 * FileHandle = Handle to the directory
2093 * ApcRoutine = Start address
2094 * ApcContext = Delimits the range of virtual memory
2095 * for which the new access protection holds
2096 * IoStatusBlock = The new access proctection for the pages
2097 * Buffer = Caller supplies storage for resulting information --> FILE_NOTIFY_INFORMATION
2098 * BufferSize = Size of the buffer
2099 CompletionFilter = Can be one of the following values:
2100 FILE_NOTIFY_CHANGE_FILE_NAME
2101 FILE_NOTIFY_CHANGE_DIR_NAME
2102 FILE_NOTIFY_CHANGE_NAME ( FILE_NOTIFY_CHANGE_FILE_NAME | FILE_NOTIFY_CHANGE_DIR_NAME )
2103 FILE_NOTIFY_CHANGE_ATTRIBUTES
2104 FILE_NOTIFY_CHANGE_SIZE
2105 FILE_NOTIFY_CHANGE_LAST_WRITE
2106 FILE_NOTIFY_CHANGE_LAST_ACCESS
2107 FILE_NOTIFY_CHANGE_CREATION ( change of creation timestamp )
2108 FILE_NOTIFY_CHANGE_EA
2109 FILE_NOTIFY_CHANGE_SECURITY
2110 FILE_NOTIFY_CHANGE_STREAM_NAME
2111 FILE_NOTIFY_CHANGE_STREAM_SIZE
2112 FILE_NOTIFY_CHANGE_STREAM_WRITE
2113 WatchTree = If true the notify will be installed recursively on the targetdirectory and all subdirectories.
2116 * The function maps to the win32 FindFirstChangeNotification, FindNextChangeNotification
2121 NtNotifyChangeDirectoryFile(
2122 IN HANDLE FileHandle
,
2123 IN HANDLE Event OPTIONAL
,
2124 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
2125 IN PVOID ApcContext OPTIONAL
,
2126 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2128 IN ULONG BufferSize
,
2129 IN ULONG CompletionFilter
,
2135 IN HANDLE KeyHandle
,
2137 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
2138 IN PVOID ApcContext OPTIONAL
,
2139 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2140 IN ULONG CompletionFilter
,
2141 IN BOOLEAN Asynchroneous
,
2142 OUT PVOID ChangeBuffer
,
2144 IN BOOLEAN WatchSubtree
2148 * FUNCTION: Opens an existing directory object
2150 * FileHandle (OUT) = Caller supplied storage for the resulting handle
2151 * DesiredAccess = Requested access to the directory
2152 * ObjectAttributes = Initialized attributes for the object
2158 NtOpenDirectoryObject(
2159 OUT PHANDLE FileHandle
,
2160 IN ACCESS_MASK DesiredAccess
,
2161 IN POBJECT_ATTRIBUTES ObjectAttributes
2164 * FUNCTION: Opens an existing event
2166 * EventHandle (OUT) = Caller supplied storage for the resulting handle
2167 * DesiredAccess = Requested access to the event
2168 * ObjectAttributes = Initialized attributes for the object
2174 OUT PHANDLE EventHandle
,
2175 IN ACCESS_MASK DesiredAccess
,
2176 IN POBJECT_ATTRIBUTES ObjectAttributes
2179 * FUNCTION: Opens an existing file
2181 * FileHandle (OUT) = Caller supplied storage for the resulting handle
2182 * DesiredAccess = Requested access to the file
2183 * ObjectAttributes = Initialized attributes for the object
2192 OUT PHANDLE FileHandle
,
2193 IN ACCESS_MASK DesiredAccess
,
2194 IN POBJECT_ATTRIBUTES ObjectAttributes
,
2195 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2196 IN ULONG ShareAccess
,
2197 IN ULONG OpenOptions
2201 * FUNCTION: Opens an existing io completion object
2203 * CompletionPort (OUT) = Caller supplied storage for the resulting handle
2204 * DesiredAccess = Requested access to the io completion object
2205 * ObjectAttributes = Initialized attributes for the object
2212 OUT PHANDLE CompetionPort
,
2213 IN ACCESS_MASK DesiredAccess
,
2214 IN POBJECT_ATTRIBUTES ObjectAttributes
2218 * FUNCTION: Opens an existing key in the registry
2220 * KeyHandle (OUT) = Caller supplied storage for the resulting handle
2221 * DesiredAccess = Requested access to the key
2222 * ObjectAttributes = Initialized attributes for the object
2228 OUT PHANDLE KeyHandle
,
2229 IN ACCESS_MASK DesiredAccess
,
2230 IN POBJECT_ATTRIBUTES ObjectAttributes
2233 * FUNCTION: Opens an existing key in the registry
2235 * MutantHandle (OUT) = Caller supplied storage for the resulting handle
2236 * DesiredAccess = Requested access to the mutant
2237 * ObjectAttribute = Initialized attributes for the object
2243 OUT PHANDLE MutantHandle
,
2244 IN ACCESS_MASK DesiredAccess
,
2245 IN POBJECT_ATTRIBUTES ObjectAttributes
2249 * FUNCTION: Opens an existing process
2251 * ProcessHandle (OUT) = Caller supplied storage for the resulting handle
2252 * DesiredAccess = Requested access to the process
2253 * ObjectAttribute = Initialized attributes for the object
2254 * ClientId = Identifies the process id to open
2260 OUT PHANDLE ProcessHandle
,
2261 IN ACCESS_MASK DesiredAccess
,
2262 IN POBJECT_ATTRIBUTES ObjectAttributes
,
2263 IN PCLIENT_ID ClientId
2266 * FUNCTION: Opens an existing section object
2268 * KeyHandle (OUT) = Caller supplied storage for the resulting handle
2269 * DesiredAccess = Requested access to the key
2270 * ObjectAttribute = Initialized attributes for the object
2276 OUT PHANDLE SectionHandle
,
2277 IN ACCESS_MASK DesiredAccess
,
2278 IN POBJECT_ATTRIBUTES ObjectAttributes
2281 * FUNCTION: Opens an existing semaphore
2283 * SemaphoreHandle (OUT) = Caller supplied storage for the resulting handle
2284 * DesiredAccess = Requested access to the semaphore
2285 * ObjectAttribute = Initialized attributes for the object
2291 IN HANDLE SemaphoreHandle
,
2292 IN ACCESS_MASK DesiredAcces
,
2293 IN POBJECT_ATTRIBUTES ObjectAttributes
2296 * FUNCTION: Opens an existing symbolic link
2298 * SymbolicLinkHandle (OUT) = Caller supplied storage for the resulting handle
2299 * DesiredAccess = Requested access to the symbolic link
2300 * ObjectAttribute = Initialized attributes for the object
2305 NtOpenSymbolicLinkObject(
2306 OUT PHANDLE SymbolicLinkHandle
,
2307 IN ACCESS_MASK DesiredAccess
,
2308 IN POBJECT_ATTRIBUTES ObjectAttributes
2311 * FUNCTION: Opens an existing thread
2313 * ThreadHandle (OUT) = Caller supplied storage for the resulting handle
2314 * DesiredAccess = Requested access to the thread
2315 * ObjectAttribute = Initialized attributes for the object
2316 * ClientId = Identifies the thread to open.
2322 OUT PHANDLE ThreadHandle
,
2323 IN ACCESS_MASK DesiredAccess
,
2324 IN POBJECT_ATTRIBUTES ObjectAttributes
,
2325 IN PCLIENT_ID ClientId
2328 * FUNCTION: Opens an existing timer
2330 * TimerHandle (OUT) = Caller supplied storage for the resulting handle
2331 * DesiredAccess = Requested access to the timer
2332 * ObjectAttribute = Initialized attributes for the object
2338 OUT PHANDLE TimerHandle
,
2339 IN ACCESS_MASK DesiredAccess
,
2340 IN POBJECT_ATTRIBUTES ObjectAttributes
2343 * FUNCTION: Entry point for native applications
2345 * Argument = Arguments passed to the application by the system [ at boot time ]
2347 * Native applications should use this function instead of a main.
2350 void NtProcessStartup(
2351 IN PSTARTUP_ARGUMENT Argument
2355 * FUNCTION: Set the access protection of a range of virtual memory
2357 * ProcessHandle = Handle to process owning the virtual address space
2358 * BaseAddress = Start address
2359 * NumberOfBytesToProtect = Delimits the range of virtual memory
2360 * for which the new access protection holds
2361 * NewAccessProtection = The new access proctection for the pages
2362 * OldAccessProtection = Caller should supply storage for the old
2366 * The function maps to the win32 VirtualProtectEx
2371 NtProtectVirtualMemory(
2372 IN HANDLE ProcessHandle
,
2373 IN PVOID BaseAddress
,
2374 IN ULONG NumberOfBytesToProtect
,
2375 IN ULONG NewAccessProtection
,
2376 OUT PULONG OldAccessProtection
2380 * FUNCTION: Signals an event and resets it afterwards.
2382 * EventHandle = Handle to the event
2383 * PulseCount = Number of times the action should be repeated
2389 IN HANDLE EventHandle
,
2390 IN PULONG PulseCount OPTIONAL
2393 //-- NtQueryAttributesFile
2395 // FileNameInformation - FILE_NAMES_INFORMATION
2399 NtQueryDirectoryFile(
2400 IN HANDLE FileHandle
,
2401 IN HANDLE Event OPTIONAL
,
2402 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
2403 IN PVOID ApcContext OPTIONAL
,
2404 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2405 OUT PVOID FileInformation
,
2407 IN FILE_INFORMATION_CLASS FileInformationClass
,
2408 IN BOOLEAN ReturnSingleEntry
,
2409 IN PUNICODE_STRING FileName OPTIONAL
,
2410 IN BOOLEAN RestartScan
2414 * FUNCTION: Query information about the content of a directory object
2416 DirObjInformation = Buffer must be large enough to hold the name strings too
2417 GetNextIndex = If TRUE :return the index of the next object in this directory in ObjectIndex
2418 If FALSE: return the number of objects in this directory in ObjectIndex
2419 IgnoreInputIndex= If TRUE: ignore input value of ObjectIndex always start at index 0
2420 If FALSE use input value of ObjectIndex
2421 ObjectIndex = zero based index of object in the directory depends on GetNextIndex and IgnoreInputIndex
2422 DataWritten = Actual size of the ObjectIndex ???
2427 NtQueryDirectoryObject(
2428 IN HANDLE DirObjHandle
,
2429 OUT POBJDIR_INFORMATION DirObjInformation
,
2430 IN ULONG BufferLength
,
2431 IN BOOLEAN GetNextIndex
,
2432 IN BOOLEAN IgnoreInputIndex
,
2433 IN OUT PULONG ObjectIndex
,
2434 OUT PULONG DataWritten OPTIONAL
2440 IN HANDLE FileHandle
,
2441 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2444 IN BOOLEAN ReturnSingleEntry
,
2445 IN PVOID EaList OPTIONAL
,
2446 IN ULONG EaListLength
,
2447 IN PULONG EaIndex OPTIONAL
,
2448 IN BOOLEAN RestartScan
2451 * FUNCTION: Queries an event
2453 * EventHandle = Handle to the event
2454 * EventInformationClass = Index of the information structure
2456 EventBasicInformation EVENT_BASIC_INFORMATION
2458 * EventInformation = Caller supplies storage for the information structure
2459 * EventInformationLength = Size of the information structure
2460 * ReturnLength = Data written
2468 IN HANDLE EventHandle
,
2469 IN CINT EventInformationClass
,
2470 OUT PVOID EventInformation
,
2471 IN ULONG EventInformationLength
,
2472 OUT PULONG ReturnLength
2474 //-- NtQueryFullAttributesFile
2475 //-- NtQueryInformationAtom
2480 * FUNCTION: Queries the information of a file object.
2482 * FileHandle = Handle to the file object
2483 * IoStatusBlock = Caller supplies storage for extended information
2484 * on the current operation.
2485 * FileInformation = Storage for the new file information
2486 * Lenght = Size of the storage for the file information.
2487 * FileInformationClass = Indicates which file information is queried
2489 FileDirectoryInformation FILE_DIRECTORY_INFORMATION
2490 FileFullDirectoryInformation FILE_FULL_DIRECTORY_INFORMATION
2491 FileBothDirectoryInformation FILE_BOTH_DIRECTORY_INFORMATION
2492 FileBasicInformation FILE_BASIC_INFORMATION
2493 FileStandardInformation FILE_STANDARD_INFORMATION
2494 FileInternalInformation FILE_INTERNAL_INFORMATION
2495 FileEaInformation FILE_EA_INFORMATION
2496 FileAccessInformation FILE_ACCESS_INFORMATION
2497 FileNameInformation FILE_NAME_INFORMATION
2498 FileRenameInformation FILE_RENAME_INFORMATION
2500 FileNamesInformation FILE_NAMES_INFORMATION
2501 FileDispositionInformation FILE_DISPOSITION_INFORMATION
2502 FilePositionInformation FILE_POSITION_INFORMATION
2503 FileFullEaInformation FILE_FULL_EA_INFORMATION
2504 FileModeInformation FILE_MODE_INFORMATION
2505 FileAlignmentInformation FILE_ALIGNMENT_INFORMATION
2506 FileAllInformation FILE_ALL_INFORMATION
2507 FileAllocationInformation FILE_ALLOCATION_INFORMATION
2508 FileEndOfFileInformation FILE_END_OF_FILE_INFORMATION
2509 FileAlternateNameInformation
2510 FileStreamInformation FILE_STREAM_INFORMATION
2512 FilePipeLocalInformation
2513 FilePipeRemoteInformation
2514 FileMailslotQueryInformation
2515 FileMailslotSetInformation
2516 FileCompressionInformation FILE_COMPRESSION_INFORMATION
2517 FileCopyOnWriteInformation
2518 FileCompletionInformation IO_COMPLETION_CONTEXT
2519 FileMoveClusterInformation
2520 FileOleClassIdInformation
2521 FileOleStateBitsInformation
2522 FileNetworkOpenInformation FILE_NETWORK_OPEN_INFORMATION
2523 FileObjectIdInformation
2524 FileOleAllInformation
2525 FileOleDirectoryInformation
2526 FileContentIndexInformation
2527 FileInheritContentIndexInformation
2529 FileMaximumInformation
2532 * This procedure maps to the win32 GetShortPathName, GetLongPathName,
2533 GetFullPathName, GetFileType, GetFileSize, GetFileTime functions.
2538 NtQueryInformationFile(
2539 IN HANDLE FileHandle
,
2540 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2541 OUT PVOID FileInformation
,
2543 IN CINT FileInformationClass
2547 * FUNCTION: Queries the information of a process object.
2549 * ProcessHandle = Handle to the process object
2550 * ProcessInformation = Index to a certain information structure
2552 ProcessBasicInformation PROCESS_BASIC_INFORMATION
2553 ProcessQuotaLimits QUOTA_LIMITS
2554 ProcessIoCounters IO_COUNTERS
2555 ProcessVmCounters VM_COUNTERS
2556 ProcessTimes KERNEL_USER_TIMES
2557 ProcessBasePriority KPRIORITY
2558 ProcessRaisePriority KPRIORITY
2559 ProcessDebugPort HANDLE
2560 ProcessExceptionPort HANDLE
2561 ProcessAccessToken PROCESS_ACCESS_TOKEN
2562 ProcessLdtInformation LDT_ENTRY ??
2564 ProcessDefaultHardErrorMode ULONG
2565 ProcessIoPortHandlers // kernel mode only
2566 ProcessPooledUsageAndLimits POOLED_USAGE_AND_LIMITS
2567 ProcessWorkingSetWatch PROCESS_WS_WATCH_INFORMATION
2568 ProcessUserModeIOPL (I/O Privilege Level)
2569 ProcessEnableAlignmentFaultFixup BOOLEAN
2570 ProcessPriorityClass ULONG
2571 ProcessWx86Information ULONG
2572 ProcessHandleCount ULONG
2573 ProcessAffinityMask ULONG
2574 ProcessPooledQuotaLimits QUOTA_LIMITS
2575 MaxProcessInfoClass ??
2577 * ProcessInformation = Caller supplies storage for the process information structure
2578 * ProcessInformationLength = Size of the process information structure
2579 * ReturnLength = Actual number of bytes written
2582 * This procedure maps to the win32 GetProcessTimes, GetProcessVersion,
2583 GetProcessWorkingSetSize, GetProcessPriorityBoost, GetProcessAffinityMask, GetPriorityClass,
2584 GetProcessShutdownParameters functions.
2593 NtQueryInformationProcess(
2594 IN HANDLE ProcessHandle
,
2595 IN CINT ProcessInformationClass
,
2596 OUT PVOID ProcessInformation
,
2597 IN ULONG ProcessInformationLength
,
2598 OUT PULONG ReturnLength
2604 * FUNCTION: Queries the information of a thread object.
2606 * ThreadHandle = Handle to the thread object
2607 * ThreadInformationClass = Index to a certain information structure
2609 ThreadBasicInformation THREAD_BASIC_INFORMATION
2610 ThreadTimes KERNEL_USER_TIMES
2611 ThreadPriority KPRIORITY
2612 ThreadBasePriority KPRIORITY
2613 ThreadAffinityMask KAFFINITY
2614 ThreadImpersonationToken
2615 ThreadDescriptorTableEntry
2616 ThreadEnableAlignmentFaultFixup
2618 ThreadQuerySetWin32StartAddress
2620 ThreadPerformanceCount
2621 ThreadAmILastThread BOOLEAN
2622 ThreadIdealProcessor ULONG
2623 ThreadPriorityBoost ULONG
2627 * ThreadInformation = Caller supplies torage for the thread information
2628 * ThreadInformationLength = Size of the thread information structure
2629 * ReturnLength = Actual number of bytes written
2632 * This procedure maps to the win32 GetThreadTimes, GetThreadPriority,
2633 GetThreadPriorityBoost functions.
2640 NtQueryInformationThread(
2641 IN HANDLE ThreadHandle
,
2642 IN CINT ThreadInformationClass
,
2643 OUT PVOID ThreadInformation
,
2644 IN ULONG ThreadInformationLength
,
2645 OUT PULONG ReturnLength
2650 NtQueryIoCompletion(
2651 IN HANDLE CompletionPort
,
2652 IN CINT CompletionInformationClass
,
2653 OUT PVOID CompletionInformation
,
2655 OUT PULONG ReturnLength
2660 * FUNCTION: Queries the information of a registry key object.
2662 KeyHandle = Handle to a registry key
2663 KeyInformationClass = Index to a certain information structure
2664 KeyInformation = Caller supplies storage for resulting information
2665 Length = Size of the supplied storage
2666 ResultLength = Bytes written
2671 IN HANDLE KeyHandle
,
2672 IN CINT KeyInformationClass
,
2673 OUT PVOID KeyInformation
,
2675 OUT PULONG ResultLength
2680 // preliminary guess
2684 NtQueryMultipleValueKey(
2686 PVALENT ListOfValuesToQuery
,
2687 ULONG NumberOfItems
,
2688 PVOID MultipleValueInformation
,
2694 * FUNCTION: Queries the information of a mutant object.
2696 MutantHandle = Handle to a mutant
2697 MutantInformationClass = Index to a certain information structure
2698 MutantInformation = Caller supplies storage for resulting information
2699 Length = Size of the supplied storage
2700 ResultLength = Bytes written
2705 IN HANDLE MutantHandle
,
2706 IN CINT MutantInformationClass
,
2707 OUT PVOID MutantInformation
,
2709 OUT PULONG ResultLength
2713 * FUNCTION: Queries the information of a object.
2715 ObjectHandle = Handle to a object
2716 ObjectInformationClass = Index to a certain information structure
2718 ObjectBasicInformation
2719 ObjectTypeInformation OBJECT_TYPE_INFORMATION
2720 ObjectNameInformation OBJECT_NAME_INFORMATION
2721 ObjectDataInformation OBJECT_DATA_INFORMATION
2723 ObjectInformation = Caller supplies storage for resulting information
2724 Length = Size of the supplied storage
2725 ResultLength = Bytes written
2731 IN HANDLE ObjectHandle
,
2732 IN CINT ObjectInformationClass
,
2733 OUT PVOID ObjectInformation
,
2735 OUT PULONG ResultLength
2739 * FUNCTION: Queries the system ( high-resolution ) performance counter.
2741 * Counter = Performance counter
2742 * Frequency = Performance frequency
2744 This procedure queries a tick count faster than 10ms ( The resolution for Intel®-based CPUs is about 0.8 microseconds.)
2745 This procedure maps to the win32 QueryPerformanceCounter, QueryPerformanceFrequency
2751 NtQueryPerformanceCounter(
2752 IN PLARGE_INTEGER Counter
,
2753 IN PLARGE_INTEGER Frequency
2756 * FUNCTION: Queries the information of a section object.
2758 * SectionHandle = Handle to the section link object
2759 * SectionInformationClass = Index to a certain information structure
2760 * SectionInformation (OUT)= Caller supplies storage for resulting information
2761 * Length = Size of the supplied storage
2762 * ResultLength = Data written
2769 IN HANDLE SectionHandle
,
2770 IN CINT SectionInformationClass
,
2771 OUT PVOID SectionInformation
,
2773 OUT PULONG ResultLength
2778 * FUNCTION: Queries the information of a semaphore.
2780 * SemaphoreHandle = Handle to the semaphore object
2781 * SemaphoreInformationClass = Index to a certain information structure
2783 SemaphoreBasicInformation SEMAPHORE_BASIC_INFORMATION
2785 * SemaphoreInformation = Caller supplies storage for the semaphore information structure
2786 * Length = Size of the infomation structure
2792 HANDLE SemaphoreHandle
,
2793 CINT SemaphoreInformationClass
,
2794 OUT PVOID SemaphoreInformation
,
2800 * FUNCTION: Queries the information of a symbolic link object.
2802 * SymbolicLinkHandle = Handle to the symbolic link object
2803 * LinkName = resolved name of link
2804 * DataWritten = size of the LinkName.
2810 NtQuerySymbolicLinkObject(
2811 IN HANDLE SymLinkObjHandle
,
2812 OUT PUNICODE_STRING LinkName
,
2813 OUT PULONG DataWritten OPTIONAL
2815 //-- NtQuerySystemEnvironmentValue
2819 * FUNCTION: Queries the system information.
2821 * SystemInformationClass = Index to a certain information structure
2823 SystemTimeAdjustmentInformation SYSTEM_TIME_ADJUSTMENT
2824 SystemCacheInformation SYSTEM_CACHE_INFORMATION
2826 * SystemInformation = caller supplies storage for the information structure
2827 * Length = size of the structure
2828 ResultLength = Data written
2834 NtQuerySystemInformation(
2835 IN CINT SystemInformationClass
,
2836 OUT PVOID SystemInformation
,
2838 OUT PULONG ResultLength
2842 * FUNCTION: Retrieves the system time
2844 * CurrentTime (OUT) = Caller should supply storage for the resulting time.
2852 OUT PLARGE_INTEGER CurrentTime
2857 * FUNCTION: Queries the timer resolution
2859 * MinimumResolution (OUT) = Caller should supply storage for the resulting time.
2860 Maximum Resolution (OUT) = Caller should supply storage for the resulting time.
2861 ActualResolution (OUT) = Caller should supply storage for the resulting time.
2868 NtQueryTimerResolution (
2869 OUT PULONG MinimumResolution
,
2870 OUT PULONG MaximumResolution
,
2871 OUT PULONG ActualResolution
2875 * FUNCTION: Queries a registry key value
2877 * KeyHandle = Handle to the registry key
2878 ValueName = Name of the value in the registry key
2879 KeyValueInformationClass = Index to a certain information structure
2881 KeyValueBasicInformation = KEY_VALUE_BASIC_INFORMATION
2882 KeyValueFullInformation = KEY_FULL_INFORMATION
2883 KeyValuePartialInformation = KEY_VALUE_PARTIAL_INFORMATION
2885 KeyValueInformation = Caller supplies storage for the information structure
2886 Length = Size of the information structure
2887 ResultLength = Data written
2894 IN HANDLE KeyHandle
,
2895 IN PUNICODE_STRING ValueName
,
2896 IN CINT KeyValueInformationClass
,
2897 OUT PVOID KeyValueInformation
,
2899 OUT PULONG ResultLength
2905 * FUNCTION: Queries the virtual memory information.
2907 ProcessHandle = Process owning the virtual address space
2908 BaseAddress = Points to the page where the information is queried for.
2909 * VirtualMemoryInformationClass = Index to a certain information structure
2911 MemoryBasicInformation MEMORY_BASIC_INFORMATION
2913 * VirtualMemoryInformation = caller supplies storage for the information structure
2914 * Length = size of the structure
2915 ResultLength = Data written
2922 NtQueryVirtualMemory(
2923 IN HANDLE ProcessHandle
,
2925 IN IN CINT VirtualMemoryInformationClass
,
2926 OUT PVOID VirtualMemoryInformation
,
2928 OUT PULONG ResultLength
2931 * FUNCTION: Queries the volume information
2934 ReturnLength = DataWritten
2935 FSInformation = Caller should supply storage for the information structure.
2936 Length = Size of the information structure
2937 FSInformationClass = Index to a information structure
2939 FileFsVolumeInformation FILE_FS_VOLUME_INFORMATION
2940 FileFsLabelInformation FILE_FS_LABEL_INFORMATION
2941 FileFsSizeInformation FILE_FS_SIZE_INFORMATION
2942 FileFsDeviceInformation FILE_FS_DEVICE_INFORMATION
2943 FileFsAttributeInformation FILE_FS_ATTRIBUTE_INFORMATION
2944 FileFsControlInformation
2945 FileFsQuotaQueryInformation --
2946 FileFsQuotaSetInformation --
2947 FileFsMaximumInformation
2954 NtQueryVolumeInformationFile(
2955 IN HANDLE FileHandle
,
2956 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2957 OUT PVOID FSInformation
,
2959 IN CINT FSInformationClass
2963 * FUNCTION: Raises an exception
2965 ExceptionRecord = Structure specifying the exception
2966 Context = Context in which the excpetion is raised
2976 IN PEXCEPTION_RECORD ExceptionRecord
,
2977 IN PCONTEXT Context
,
2978 IN BOOL IsDebugger OPTIONAL
2983 * FUNCTION: Read a file
2985 FileHandle = Handle of a file to read
2986 Event = This event is signalled when the read operation completes
2987 * UserApcRoutine = Call back , if supplied Event should be NULL
2988 UserApcContext = Argument to the callback
2989 IoStatusBlock = Caller should supply storage for additional status information
2990 Buffer = Caller should supply storage to receive the information
2991 BufferLength = Size of the buffer
2992 ByteOffset = Offset to start reading the file
3002 IN HANDLE FileHandle
,
3003 IN HANDLE Event OPTIONAL
,
3004 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL
,
3005 IN PVOID UserApcContext OPTIONAL
,
3006 OUT PIO_STATUS_BLOCK IoStatusBlock
,
3008 IN ULONG BufferLength
,
3009 IN PLARGE_INTEGER ByteOffset OPTIONAL
,
3010 IN PULONG Key OPTIONAL
3013 * FUNCTION: Read a file using scattered io
3015 FileHandle = Handle of a file to read
3016 Event = This event is signalled when the read operation completes
3017 * UserApcRoutine = Call back , if supplied Event should be NULL
3018 UserApcContext = Argument to the callback
3019 IoStatusBlock = Caller should supply storage for additional status information
3020 BufferDescription = Caller should supply storage to receive the information
3021 BufferLength = Size of the buffer
3022 ByteOffset = Offset to start reading the file
3030 IN HANDLE FileHandle
,
3031 IN HANDLE Event OPTIONAL
,
3032 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL
,
3033 IN PVOID UserApcContext OPTIONAL
,
3034 OUT PIO_STATUS_BLOCK UserIoStatusBlock
,
3035 IN FILE_SEGMENT_ELEMENT BufferDescription
[],
3036 IN ULONG BufferLength
,
3037 IN PLARGE_INTEGER ByteOffset
,
3038 IN PULONG Key OPTIONAL
3041 * FUNCTION: Copies a range of virtual memory to a buffer
3043 * ProcessHandle = Specifies the process owning the virtual address space
3044 * BaseAddress = Points to the address of virtual memory to start the read
3045 * Buffer = Caller supplies storage to copy the virtual memory to.
3046 * NumberOfBytesToRead = Limits the range to read
3047 * NumberOfBytesRead = The actual number of bytes read.
3053 NtReadVirtualMemory(
3054 IN HANDLE ProcessHandle
,
3055 IN PVOID BaseAddress
,
3057 IN ULONG NumberOfBytesToRead
,
3058 OUT PULONG NumberOfBytesRead
3060 //FIXME: Is the parameters correctly named ? ThreadHandle might be a TerminationPort
3062 * FUNCTION: Debugger can register for thread termination
3070 NtRegisterThreadTerminatePort(
3074 * FUNCTION: Releases a mutant
3083 IN HANDLE MutantHandle
,
3084 IN PULONG ReleaseCount OPTIONAL
3087 * FUNCTION: Releases a semaphore
3089 * SemaphoreHandle = Handle to the semaphore object
3097 IN HANDLE SemaphoreHandle
,
3098 IN ULONG ReleaseCount
,
3099 IN PULONG PreviousCount
3102 * FUNCTION: Removes an io completion
3104 * CompletionPort (OUT) = Caller supplied storage for the resulting handle
3105 * CompletionKey = Requested access to the key
3107 * ObjectAttribute = Initialized attributes for the object
3108 * CompletionStatus =
3114 NtRemoveIoCompletion(
3115 IN HANDLE CompletionPort
,
3116 OUT PULONG CompletionKey
,
3117 OUT PIO_STATUS_BLOCK IoStatusBlock
,
3118 OUT PULONG CompletionStatus
,
3122 * FUNCTION: Replaces one registry key with another
3124 * ObjectAttributes = Specifies the attributes of the key
3125 * Key = Handle to the key
3126 * ReplacedObjectAttributes = The function returns the old object attributes
3132 IN POBJECT_ATTRIBUTES ObjectAttributes
,
3134 IN POBJECT_ATTRIBUTES ReplacedObjectAttributes
3137 * FUNCTION: Resets a event to a non signaled state
3139 * EventHandle = Handle to the event that should be reset
3140 * NumberOfWaitingThreads = The number of threads released.
3147 PULONG NumberOfWaitingThreads OPTIONAL
3158 * FUNCTION: Decrements a thread's resume count
3160 * ThreadHandle = Handle to the thread that should be resumed
3161 * ResumeCount = The resulting resume count.
3163 * A thread is resumed if its suspend count is 0. This procedure maps to
3164 * the win32 ResumeThread function. ( documentation about the the suspend count can be found here aswell )
3170 IN HANDLE ThreadHandle
,
3171 IN PULONG SuspendCount
3174 * FUNCTION: Writes the content of a registry key to ascii file
3176 * KeyHandle = Handle to the key
3177 * FileHandle = Handle of the file
3179 This function maps to the Win32 RegSaveKey.
3186 IN HANDLE KeyHandle
,
3187 IN HANDLE FileHandle
3190 * FUNCTION: Sets the context of a specified thread.
3192 * ThreadHandle = Handle to the thread
3193 * Context = The processor context.
3200 IN HANDLE ThreadHandle
,
3204 * FUNCTION: Sets the extended attributes of a file.
3206 * FileHandle = Handle to the file
3207 * IoStatusBlock = Storage for a resulting status and information
3208 * on the current operation.
3209 * EaBuffer = Extended Attributes buffer.
3210 * EaBufferSize = Size of the extended attributes buffer
3216 IN HANDLE FileHandle
,
3217 IN PIO_STATUS_BLOCK IoStatusBlock
,
3222 //FIXME Shoud I have input EVENT_BASIC_INFORMATION ??
3225 * FUNCTION: Sets the attributes of an event.
3227 * EventHandle = Handle to the event
3228 * Count = The resulting count.
3230 * This procedure maps to the win32 SetEvent function.
3237 IN HANDLE EventHandle
,
3242 * FUNCTION: Sets the high part of an event pair
3244 EventPair = Handle to the event pair
3255 * FUNCTION: Sets the high part of an event pair and wait for the low part
3257 EventPair = Handle to the event pair
3262 NtSetHighWaitLowEventPair(
3267 * FUNCTION: Sets the information of a file object.
3269 * FileHandle = Handle to the file object
3270 * IoStatusBlock = Caller supplies storage for extended information
3271 * on the current operation.
3272 * FileInformation = Storage for the new file information
3273 * Lenght = Size of the new file information.
3274 * FileInformationClass = Indicates to a certain information structure
3276 FileNameInformation FILE_NAME_INFORMATION
3277 FileRenameInformation FILE_RENAME_INFORMATION
3278 FileStreamInformation FILE_STREAM_INFORMATION
3279 * FileCompletionInformation IO_COMPLETION_CONTEXT
3282 * This procedure maps to the win32 SetEndOfFile, SetFileAttributes,
3283 * SetNamedPipeHandleState, SetMailslotInfo functions.
3290 NtSetInformationFile(
3291 IN HANDLE FileHandle
,
3292 IN PIO_STATUS_BLOCK IoStatusBlock
,
3293 IN PVOID FileInformation
,
3295 IN CINT FileInformationClass
3300 * FUNCTION: Sets the information of a registry key.
3302 * KeyHandle = Handle to the registry key
3303 * KeyInformationClass = Index to the a certain information structure.
3304 Can be one of the following values:
3306 * KeyWriteTimeInformation KEY_WRITE_TIME_INFORMATION
3308 KeyInformation = Storage for the new information
3309 * KeyInformationLength = Size of the information strucure
3315 NtSetInformationKey(
3316 IN HANDLE KeyHandle
,
3317 IN CINT KeyInformationClass
,
3318 IN PVOID KeyInformation
,
3319 IN ULONG KeyInformationLength
3322 * FUNCTION: Changes a set of object specific parameters
3325 * ObjectInformationClass = Index to the set of parameters to change.
3328 ObjectBasicInformation
3329 ObjectTypeInformation OBJECT_TYPE_INFORMATION
3330 ObjectAllInformation
3331 ObjectDataInformation OBJECT_DATA_INFORMATION
3332 ObjectNameInformation OBJECT_NAME_INFORMATION
3335 * ObjectInformation = Caller supplies storage for parameters to set.
3336 * Length = Size of the storage supplied
3341 NtSetInformationObject(
3342 IN HANDLE ObjectHandle
,
3343 IN CINT ObjectInformationClass
,
3344 IN PVOID ObjectInformation
,
3349 * FUNCTION: Changes a set of process specific parameters
3351 * ProcessHandle = Handle to the process
3352 * ProcessInformationClass = Index to a information structure.
3354 * ProcessBasicInformation PROCESS_BASIC_INFORMATION
3355 * ProcessQuotaLimits QUOTA_LIMITS
3356 * ProcessBasePriority KPRIORITY
3357 * ProcessRaisePriority KPRIORITY
3358 * ProcessDebugPort HANDLE
3359 * ProcessExceptionPort HANDLE
3360 * ProcessAccessToken PROCESS_ACCESS_TOKEN
3361 * ProcessDefaultHardErrorMode ULONG
3362 * ProcessPriorityClass ULONG
3363 * ProcessAffinityMask KAFFINITY //??
3365 * ProcessInformation = Caller supplies storage for information to set.
3366 * ProcessInformationLength = Size of the information structure
3371 NtSetInformationProcess(
3372 IN HANDLE ProcessHandle
,
3373 IN CINT ProcessInformationClass
,
3374 IN PVOID ProcessInformation
,
3375 IN ULONG ProcessInformationLength
3378 * FUNCTION: Changes a set of thread specific parameters
3380 * ThreadHandle = Handle to the thread
3381 * ThreadInformationClass = Index to the set of parameters to change.
3382 * Can be one of the following values:
3384 * ThreadBasicInformation THREAD_BASIC_INFORMATION
3385 * ThreadPriority KPRIORITY //???
3386 * ThreadBasePriority KPRIORITY
3387 * ThreadAffinityMask KAFFINITY //??
3388 * ThreadImpersonationToken ACCESS_TOKEN
3389 * ThreadIdealProcessor ULONG
3390 * ThreadPriorityBoost ULONG
3392 * ThreadInformation = Caller supplies storage for parameters to set.
3393 * ThreadInformationLength = Size of the storage supplied
3398 NtSetInformationThread(
3399 IN HANDLE ThreadHandle
,
3400 IN CINT ThreadInformationClass
,
3401 IN PVOID ThreadInformation
,
3402 IN ULONG ThreadInformationLength
3404 //FIXME: Are the arguments correct
3405 // Might be a ordinary set function
3407 * FUNCTION: Sets an io completion
3412 * NumberOfBytesToTransfer =
3413 * NumberOfBytesTransferred =
3419 IN HANDLE CompletionPort
,
3420 IN ULONG CompletionKey
,
3421 OUT PIO_STATUS_BLOCK IoStatusBlock
,
3422 IN ULONG NumberOfBytesToTransfer
,
3423 OUT PULONG NumberOfBytesTransferred
3425 //FIXME: Should I have more parameters ?
3427 * FUNCTION: Initializes the Local Descriptor Table
3436 HANDLE ProcessHandle
,
3437 PVOID LdtEntry
// LDT_ENTR
3441 * FUNCTION: Sets the low part of an event pair
3443 EventPair = Handle to the event pair
3454 * FUNCTION: Sets the low part of an event pair and wait for the high part
3456 EventPair = Handle to the event pair
3461 NtSetLowWaitHighEventPair(
3465 //FIXME: Should Value be a void pointer or a pointer to a unicode string ?
3467 * FUNCTION: Sets a system environment variable
3469 * ValueName = Name of the environment variable
3470 * Value = Value of the environment variable
3475 NtSetSystemEnvironmentValue(
3476 IN PUNICODE_STRING ValueName
,
3481 * FUNCTION: Sets system parameters
3483 * SystemInformationClass = Index to a particular set of system parameters
3484 * Can be one of the following values:
3486 * SystemTimeAdjustmentInformation SYSTEM_TIME_ADJUSTMENT
3488 * SystemInformation = Structure containing the parameters.
3489 * SystemInformationLength = Size of the structure.
3494 NtSetSystemInformation(
3495 IN CINT SystemInformationClass
,
3496 IN PVOID SystemInformation
,
3497 IN ULONG SystemInformationLength
3501 * FUNCTION: Sets the system time
3503 * SystemTime = Old System time
3504 * NewSystemTime = New System time
3510 IN PLARGE_INTEGER SystemTime
,
3511 IN PLARGE_INTEGER NewSystemTime OPTIONAL
3514 * FUNCTION: Sets the characteristics of a timer
3518 * CompletionRoutine =
3519 * ArgToCompletionRoutine =
3527 IN HANDLE TimerHandle
,
3528 IN PLARGE_INTEGER DueTime
,
3529 IN PTIMERAPCROUTINE CompletionRoutine
,
3530 IN PVOID ArgToCompletionRoutine
,
3535 * FUNCTION: Sets the frequency of the system timer
3537 * RequestedResolution =
3539 * ActualResolution =
3544 NtSetTimerResolution(
3545 IN ULONG RequestedResolution
,
3547 OUT PULONG ActualResolution
3550 * FUNCTION: Sets the value of a registry key
3552 * KeyHandle = Handle to a registry key
3553 * ValueName = Name of the value entry to change
3554 * TitleIndex = pointer to a structure containing the new volume information
3555 * Type = Type of the registry key. Can be one of the values:
3557 * REG_DWORD A 32 bit value
3558 * REG_DWORD_LITTLE_ENDIAN Same as REG_DWORD
3559 * REG_DWORD_BIG_ENDIAN A 32 bit value whose least significant byte is at the highest address
3560 * REG_EXPAND_SZ A zero terminated wide character string with unexpanded environment variables ( "%PATH%" )
3561 * REG_LINK A zero terminated wide character string referring to a symbolic link.
3562 * REG_MULTI_SZ A series of zero-terminated strings including a additional trailing zero
3563 * REG_NONE Unspecified type
3564 * REG_SZ A wide character string ( zero terminated )
3565 * REG_RESOURCE_LIST ??
3566 * REG_RESOURCE_REQUIREMENTS_LIST ??
3567 * REG_FULL_RESOURCE_DESCRIPTOR ??
3568 * Data = Contains the data for the registry key.
3569 * DataSize = size of the data.
3575 IN HANDLE KeyHandle
,
3576 IN PUNICODE_STRING ValueName
,
3577 IN ULONG TitleIndex OPTIONAL
,
3583 * FUNCTION: Sets the volume information of a file.
3585 * FileHandle = Handle to the file
3586 * VolumeInformationClass = specifies the particular volume information to set
3587 * VolumeInformation = pointer to a structure containing the new volume information
3588 * Length = size of the structure.
3593 NtSetVolumeInformationFile(
3594 IN HANDLE FileHandle
,
3595 IN CINT VolumeInformationClass
,
3596 PVOID VolumeInformation
,
3600 * FUNCTION: Shuts the system down
3608 IN SHUTDOWN_ACTION Action
3611 * FUNCTION: Signals an event and wait for it to be signaled again.
3613 * EventHandle = Handle to the event that should be signaled
3614 * Alertable = True if the wait is alertable
3615 * Time = The time to wait
3616 * NumberOfWaitingThreads = Number of waiting threads
3622 NtSignalAndWaitForSingleObject(
3623 IN HANDLE EventHandle
,
3624 IN BOOLEAN Alertable
,
3625 IN PLARGE_INTEGER Time
,
3626 PULONG NumberOfWaitingThreads OPTIONAL
3629 * FUNCTION: Increments a thread's resume count
3631 * ThreadHandle = Handle to the thread that should be resumed
3632 * PreviousSuspendCount = The resulting/previous suspend count.
3634 * A thread will be suspended if its suspend count is greater than 0. This procedure maps to
3635 * the win32 SuspendThread function. ( documentation about the the suspend count can be found here aswell )
3636 * The suspend count is not increased if it is greater than MAXIMUM_SUSPEND_COUNT.
3642 IN HANDLE ThreadHandle
,
3643 IN PULONG PreviousSuspendCount
3646 //--NtSystemDebugControl
3648 * FUNCTION: Terminates the execution of a process.
3650 * ThreadHandle = Handle to the process
3651 * ExitStatus = The exit status of the process to terminate with.
3653 Native applications should kill themselves using this function.
3659 IN HANDLE ProcessHandle
,
3660 IN NTSTATUS ExitStatus
3663 * FUNCTION: Terminates the execution of a thread.
3665 * ThreadHandle = Handle to the thread
3666 * ExitStatus = The exit status of the thread to terminate with.
3672 IN HANDLE ThreadHandle
,
3673 IN NTSTATUS ExitStatus
3676 * FUNCTION: Test to see if there are any pending alerts for the calling thread
3685 * FUNCTION: Unloads a driver.
3687 * DriverServiceName = Name of the driver to unload
3693 IN PUNICODE_STRING DriverServiceName
3696 //FIXME: NtUnloadKey needs more arguments
3698 * FUNCTION: Unload a registry key.
3700 * KeyHandle = Handle to the registry key
3702 This procedure maps to the win32 procedure RegUnloadKey
3712 * FUNCTION: Unlocks a range of bytes in a file.
3714 * FileHandle = Handle to the file
3715 * IoStatusBlock = Caller should supply storage for a structure containing
3716 * the completion status and information about the requested unlock operation.
3717 The information field is set to the number of bytes unlocked.
3718 * ByteOffset = Offset to start the range of bytes to unlock
3719 * Length = Number of bytes to unlock.
3722 This procedure maps to the win32 procedure UnlockFileEx
3728 IN HANDLE FileHandle
,
3729 OUT IO_STATUS_BLOCK IoStatusBlock
,
3730 IN LARGE_INTEGER ByteOffset
,
3731 IN LARGE_INTEGER Lenght
,
3732 OUT PULONG Key OPTIONAL
3736 * FUNCTION: Unlocks a range of virtual memory.
3738 * ProcessHandle = Handle to the process
3739 * BaseAddress = Lower boundary of the range of bytes to unlock.
3740 * NumberOfBytesToUnlock = Offset to the upper boundary to unlock.
3741 * NumberOfBytesUnlocked (OUT) = Number of bytes actually unlocked.
3743 This procedure maps to the win32 procedure VirtualUnlock
3748 NtUnlockVirtualMemory(
3749 HANDLE ProcessHandle
,
3751 ULONG NumberOfBytesToUnlock
,
3752 PULONG NumberOfBytesUnlocked OPTIONAL
3755 * FUNCTION: Unmaps a piece of virtual memory backed by a file.
3757 * ProcessHandle = Handle to the process
3758 * BaseAddress = The address where the mapping begins
3760 This procedure maps to the win32 UnMapViewOfFile
3765 NtUnmapViewOfSection(
3766 IN HANDLE ProcessHandle
,
3767 IN PVOID BaseAddress
3770 * FUNCTION: Waits for multiple objects to become signalled.
3772 * Count = The number of objects
3773 * Object = The array of object handles
3775 * Alertable = If true the wait is alertable.
3776 * Time = The maximum wait time.
3778 * This function maps to the win32 WaitForMultipleObjectEx.
3783 NtWaitForMultipleObjects (
3785 IN PHANDLE Object
[0],
3787 IN BOOLEAN Alertable
,
3788 IN PLARGE_INTEGER Time
3791 * FUNCTION: Waits for an object to become signalled.
3793 * Object = The object handle
3794 * Alertable = If true the wait is alertable.
3795 * Time = The maximum wait time.
3797 * This function maps to the win32 WaitForSingleObjectEx.
3802 NtWaitForSingleObject (
3804 IN BOOLEAN Alertable
,
3805 IN PLARGE_INTEGER Time
3808 * FUNCTION: Writes data to a file
3810 * FileHandle = The handle a file ( from NtCreateFile )
3812 * ApcRoutine = Asynchroneous Procedure Callback [ Should not be used by device drivers ]
3813 * ApcContext = Argument to the Apc Routine
3814 * IoStatusBlock = Caller should supply storage for a structure containing the completion status and information about the requested write operation.
3815 * Buffer = Caller should supply storage for a buffer that will contain the information to be written to file.
3816 * Length = Size in bytest of the buffer
3817 * ByteOffset = Points to a file offset. If a combination of Length and BytesOfSet is past the end-of-file mark the file will be enlarged.
3818 * BytesOffset is ignored if the file is created with FILE_APPEND_DATA in the DesiredAccess. BytesOffset is also ignored if
3819 * the file is created with CreateOptions flags FILE_SYNCHRONOUS_IO_ALERT or FILE_SYNCHRONOUS_IO_NONALERT set, in that case a offset
3820 * should be created by specifying FILE_USE_FILE_POINTER_POSITION.
3823 * This function maps to the win32 WriteFile.
3824 * Callers to NtWriteFile should run at IRQL PASSIVE_LEVEL.
3830 IN HANDLE FileHandle
,
3831 IN HANDLE Event OPTIONAL
,
3832 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
3833 IN PVOID ApcContext OPTIONAL
,
3834 OUT PIO_STATUS_BLOCK IoStatusBlock
,
3837 IN PLARGE_INTEGER ByteOffset
,
3838 IN PULONG Key OPTIONAL
3842 * FUNCTION: Writes a file
3844 * FileHandle = The handle of the file
3846 * ApcRoutine = Asynchroneous Procedure Callback [ Should not be used by device drivers ]
3847 * ApcContext = Argument to the Apc Routine
3848 * IoStatusBlock = Caller should supply storage for a structure containing the completion status and information about the requested write operation.
3849 * BufferDescription = Caller should supply storage for a buffer that will contain the information to be written to file.
3850 * BufferLength = Size in bytest of the buffer
3851 * ByteOffset = Points to a file offset. If a combination of Length and BytesOfSet is past the end-of-file mark the file will be enlarged.
3852 * BytesOffset is ignored if the file is created with FILE_APPEND_DATA in the DesiredAccess. BytesOffset is also ignored if
3853 * the file is created with CreateOptions flags FILE_SYNCHRONOUS_IO_ALERT or FILE_SYNCHRONOUS_IO_NONALERT set, in that case a offset
3854 * should be created by specifying FILE_USE_FILE_POINTER_POSITION.
3857 * This function maps to the win32 WriteFile.
3858 * Callers to NtWriteFile should run at IRQL PASSIVE_LEVEL.
3863 STDCALL
NtWriteFileScatter(
3864 IN HANDLE FileHandle
,
3865 IN HANDLE Event OPTIONAL
,
3866 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
3867 IN PVOID ApcContext OPTIONAL
,
3868 OUT PIO_STATUS_BLOCK IoStatusBlock
,
3869 IN FILE_SEGMENT_ELEMENT BufferDescription
[],
3870 IN ULONG BufferLength
,
3871 IN PLARGE_INTEGER ByteOffset
,
3872 IN PULONG Key OPTIONAL
3876 * FUNCTION: Writes a range of virtual memory
3878 * ProcessHandle = The handle to the process owning the address space.
3879 * BaseAddress = The points to the address to write to
3880 * Buffer = Pointer to the buffer to write
3881 * NumberOfBytesToWrite = Offset to the upper boundary to write
3882 * NumberOfBytesWritten = Total bytes written
3884 * This function maps to the win32 WriteProcessMemory
3889 NtWriteVirtualMemory(
3890 IN HANDLE ProcessHandle
,
3891 IN PVOID BaseAddress
,
3893 IN ULONG NumberOfBytesToWrite
,
3894 OUT PULONG NumberOfBytesWritten
3897 * FUNCTION: Yields the callers thread.
3908 #endif /* __DDK_ZW_H */