8e345c4c766f1e7536c4ece1fd8429c396c8d96c
[reactos.git] / reactos / include / ddk / zw.h
1 /*
2 * COPYRIGHT: See COPYING in the top level directory
3 * PROJECT: ReactOS kernel
4 * PURPOSE: System call definitions
5 * FILE: include/ddk/zw.h
6 * REVISION HISTORY:
7 * ??/??/??: First few functions (David Welch)
8 * ??/??/??: Complete implementation by Boudewijn Dekker
9 * 13/07/98: Reorganised things a bit (David Welch)
10 * 04/08/98: Added some documentation (Boudewijn Dekker)
11 * 14/08/98: Added type TIME and change variable type from [1] to [0]
12 */
13
14 #ifndef __DDK_ZW_H
15 #define __DDK_ZW_H
16
17 #include <windows.h>
18
19 typedef struct _OBJDIR_INFORMATION {
20 UNICODE_STRING ObjectName;
21 UNICODE_STRING ObjectTypeName; // Directory, Device ...
22 UCHAR Data[0];
23 } OBJDIR_INFORMATION, *POBJDIR_INFORMATION;
24
25
26 /*
27 * FUNCTION: Closes an object handle
28 * ARGUMENTS:
29 * Handle = Handle to the object
30 * RETURNS: Status
31 */
32 NTSTATUS ZwClose(HANDLE Handle);
33
34 /*
35 * FUNCTION: Creates or opens a directory object, which is a container for
36 * other objects
37 * ARGUMENTS:
38 * DirectoryHandle (OUT) = Points to a variable which stores the
39 * handle for the directory on success
40 * DesiredAccess = Type of access the caller requires to the directory
41 * ObjectAttributes = Structures specifing the object attributes,
42 * initialized with InitializeObjectAttributes
43 * RETURNS: Status
44 */
45 NTSTATUS ZwCreateDirectoryObject(PHANDLE DirectoryHandle,
46 ACCESS_MASK DesiredAccess,
47 POBJECT_ATTRIBUTES ObjectAttributes);
48
49 /*
50 * FUNCTION: Creates or opens a registry key
51 * ARGUMENTS:
52 * KeyHandle (OUT) = Points to a variable which stores the handle
53 * for the key on success
54 * DesiredAccess = Access desired by the caller to the key
55 * ObjectAttributes = Initialized object attributes for the key
56 * TitleIndex = Who knows?
57 * Class = Object class of the key?
58 * CreateOptions = Options for the key creation
59 * Disposition (OUT) = Points to a variable which a status value
60 * indicating whether a new key was created
61 * RETURNS: Status
62 */
63 NTSTATUS ZwCreateKey(PHANDLE KeyHandle, ACCESS_MASK DesiredAccess,
64 POBJECT_ATTRIBUTES ObjectAttributes,
65 ULONG TitleIndex, PUNICODE_STRING Class,
66 ULONG CreateOptions, PULONG Disposition);
67
68 /*
69 * FUNCTION: Deletes a registry key
70 * ARGUMENTS:
71 * KeyHandle = Handle of the key
72 * RETURNS: Status
73 */
74 NTSTATUS ZwDeleteKey(HANDLE KeyHandle);
75
76 /*
77 * FUNCTION: Returns information about the subkeys of an open key
78 * ARGUMENTS:
79 * KeyHandle = Handle of the key whose subkeys are to enumerated
80 * Index = zero based index of the subkey for which information is
81 * request
82 * KeyInformationClass = Type of information returned
83 * KeyInformation (OUT) = Caller allocated buffer for the information
84 * about the key
85 * Length = Length in bytes of the KeyInformation buffer
86 * ResultLength (OUT) = Caller allocated storage which holds
87 * the number of bytes of information retrieved
88 * on return
89 * RETURNS: Status
90 */
91 NTSTATUS ZwEnumerateKey(HANDLE KeyHandle, ULONG Index,
92 KEY_INFORMATION_CLASS KeyInformationClass,
93 PVOID KeyInformation, ULONG Length,
94 PULONG ResultLength);
95
96 /*
97 * FUNCTION: Returns information about the value entries of an open key
98 * ARGUMENTS:
99 * KeyHandle = Handle of the key whose value entries are to enumerated
100 * Index = zero based index of the subkey for which information is
101 * request
102 * KeyInformationClass = Type of information returned
103 * KeyInformation (OUT) = Caller allocated buffer for the information
104 * about the key
105 * Length = Length in bytes of the KeyInformation buffer
106 * ResultLength (OUT) = Caller allocated storage which holds
107 * the number of bytes of information retrieved
108 * on return
109 * RETURNS: Status
110 */
111 NTSTATUS ZwEnumerateValueKey(HANDLE KeyHandle, ULONG Index,
112 KEY_VALUE_INFORMATION_CLASS KeyInformationClass,
113 PVOID KeyInformation, ULONG Length,
114 PULONG ResultLength);
115
116
117 /*
118 * FUNCTION: Forces a registry key to be committed to disk
119 * ARGUMENTS:
120 * KeyHandle = Handle of the key to be written to disk
121 * RETURNS: Status
122 */
123 NTSTATUS ZwFlushKey(HANDLE KeyHandle);
124
125 /*
126 * FUNCTION: Changes the attributes of an object to temporary
127 * ARGUMENTS:
128 * Handle = Handle for the object
129 * RETURNS: Status
130 */
131 NTSTATUS ZwMakeTemporaryObject(HANDLE Handle);
132
133 /*
134 * FUNCTION: Maps a view of a section into the virtual address space of a
135 * process
136 * ARGUMENTS:
137 * SectionHandle = Handle of the section
138 * ProcessHandle = Handle of the process
139 * BaseAddress = Desired base address (or NULL) on entry
140 * Actual base address of the view on exit
141 * ZeroBits = Number of high order address bits that must be zero
142 * CommitSize = Size in bytes of the initially committed section of
143 * the view
144 * SectionOffset = Offset in bytes from the beginning of the section
145 * to the beginning of the view
146 * ViewSize = Desired length of map (or zero to map all) on entry
147 * Actual length mapped on exit
148 * InheritDisposition = Specified how the view is to be shared with
149 * child processes
150 * AllocateType = Type of allocation for the pages
151 * Protect = Protection for the committed region of the view
152 * RETURNS: Status
153 */
154 NTSTATUS ZwMapViewOfSection(HANDLE SectionHandle,
155 HANDLE ProcessHandle,
156 PVOID* BaseAddress,
157 ULONG ZeroBits,
158 ULONG CommitSize,
159 PLARGE_INTEGER SectionOffset,
160 PULONG ViewSize,
161 SECTION_INHERIT InheritDisposition,
162 ULONG AllocationType,
163 ULONG Protect);
164
165 /*
166 * FUNCTION: Opens an existing key in the registry
167 * ARGUMENTS:
168 * KeyHandle (OUT) = Caller supplied storage for the resulting handle
169 * DesiredAccess = Requested access to the key
170 * ObjectAttribute = Initialized attributes for the object
171 * RETURNS: Status
172 */
173 NTSTATUS ZwOpenKey(PHANDLE KeyHandle, ACCESS_MASK DesiredAccess,
174 POBJECT_ATTRIBUTES ObjectAttributes);
175
176 /*
177 * FUNCTION: Opens an existing section object
178 * ARGUMENTS:
179 * KeyHandle (OUT) = Caller supplied storage for the resulting handle
180 * DesiredAccess = Requested access to the key
181 * ObjectAttribute = Initialized attributes for the object
182 * RETURNS: Status
183 */
184 NTSTATUS ZwOpenSection(PHANDLE KeyHandle, ACCESS_MASK DesiredAccess,
185 POBJECT_ATTRIBUTES ObjectAttributes);
186
187 NTSTATUS ZwQueryDirectoryObject(IN HANDLE DirObjHandle,
188 OUT POBJDIR_INFORMATION DirObjInformation,
189 IN ULONG BufferLength,
190 IN BOOLEAN GetNextIndex,
191 IN BOOLEAN IgnoreInputIndex,
192 IN OUT PULONG ObjectIndex,
193 OUT PULONG DataWritten OPTIONAL);
194
195 /*
196 * FUNCTION: Returns information about an open file
197 * ARGUMENTS:
198 * FileHandle = Handle of the file to be queried
199 * IoStatusBlock (OUT) = Caller supplied storage for the result
200 * FileInformation (OUT) = Caller supplied storage for the file
201 * information
202 * Length = Length in bytes of the buffer for file information
203 * FileInformationClass = Type of information to be returned
204 * RETURNS: Status
205 */
206 NTSTATUS ZwQueryInformationFile(HANDLE FileHandle,
207 PIO_STATUS_BLOCK IoStatusBlock,
208 PVOID FileInformation,
209 ULONG Length,
210 FILE_INFORMATION_CLASS FileInformationClass);
211
212
213
214 NTSTATUS ZwReadFile(HANDLE FileHandle,
215 HANDLE EventHandle,
216 PIO_APC_ROUTINE ApcRoutine,
217 PVOID ApcContext,
218 PIO_STATUS_BLOCK IoStatusBlock,
219 PVOID Buffer,
220 ULONG Length,
221 PLARGE_INTEGER ByteOffset,
222 PULONG Key);
223
224
225
226
227
228 #define NtCurrentProcess() ( (HANDLE) 0xFFFFFFFF )
229 #define NtCurrentThread() ( (HANDLE) 0xFFFFFFFE )
230
231
232
233 // event access mask
234
235 #define EVENT_READ_ACCESS 1
236 #define EVENT_WRITE_ACCESS 2
237
238
239 // file creation flags
240
241 #define FILE_DIRECTORY_FILE 0x00000001
242 #define FILE_WRITE_THROUGH 0x00000002
243 #define FILE_SEQUENTIAL_ONLY 0x00000004
244 #define FILE_NO_INTERMEDIATE_BUFFERING 0x00000008
245
246 #define FILE_SYNCHRONOUS_IO_ALERT 0x00000010
247 #define FILE_SYNCHRONOUS_IO_NONALERT 0x00000020
248 #define FILE_NON_DIRECTORY_FILE 0x00000040
249 #define FILE_CREATE_TREE_CONNECTION 0x00000080
250
251 #define FILE_COMPLETE_IF_OPLOCKED 0x00000100
252 #define FILE_NO_EA_KNOWLEDGE 0x00000200
253
254 #define FILE_RANDOM_ACCESS 0x00000800
255
256 #define FILE_DELETE_ON_CLOSE 0x00001000
257 #define FILE_OPEN_BY_FILE_ID 0x00002000
258 #define FILE_OPEN_FOR_BACKUP_INTENT 0x00004000
259 #define FILE_NO_COMPRESSION 0x00008000
260
261 #define FILE_RESERVE_OPFILTER 0x00100000
262 #define FILE_TRANSACTED_MODE 0x00200000
263 #define FILE_OPEN_OFFLINE_FILE 0x00400000
264
265 #define FILE_VALID_OPTION_FLAGS 0x007fffff
266 #define FILE_VALID_PIPE_OPTION_FLAGS 0x00000032
267 #define FILE_VALID_MAILSLOT_OPTION_FLAGS 0x00000032
268 #define FILE_VALID_SET_FLAGS 0x00001036
269
270
271 // file disposition values
272
273
274 #define FILE_SUPERSEDE 0x0000
275 #define FILE_OPEN 0x0001
276 #define FILE_CREATE 0x0002
277 #define FILE_OPEN_IF 0x0003
278 #define FILE_OVERWRITE 0x0004
279 #define FILE_OVERWRITE_IF 0x0005
280 #define FILE_MAXIMUM_DISPOSITION 0x0005
281
282
283
284
285 //process query / set information class
286
287 #define ProcessBasicInformation 0
288 #define ProcessQuotaLimits 1
289 #define ProcessIoCounters 2
290 #define ProcessVmCounters 3
291 #define ProcessTimes 4
292 #define ProcessBasePriority 5
293 #define ProcessRaisePriority 6
294 #define ProcessDebugPort 7
295 #define ProcessExceptionPort 8
296 #define ProcessAccessToken 9
297 #define ProcessLdtInformation 10
298 #define ProcessLdtSize 11
299 #define ProcessDefaultHardErrorMode 12
300 #define ProcessIoPortHandlers 13
301 #define ProcessPooledUsageAndLimits 14
302 #define ProcessWorkingSetWatch 15
303 #define ProcessUserModeIOPL 16
304 #define ProcessEnableAlignmentFaultFixup 17
305 #define ProcessPriorityClass 18
306 #define ProcessWx86Information 19
307 #define ProcessHandleCount 20
308 #define ProcessAffinityMask 21
309 #define MaxProcessInfoClass 22
310
311 // thread query / set information class
312 #define ThreadBasicInformation 0
313 #define ThreadTimes 1
314 #define ThreadPriority 2
315 #define ThreadBasePriority 3
316 #define ThreadAffinityMask 4
317 #define ThreadImpersonationToken 5
318 #define ThreadDescriptorTableEntry 6
319 #define ThreadEnableAlignmentFaultFixup 7
320 #define ThreadEventPair 8
321 #define ThreadQuerySetWin32StartAddress 9
322 #define ThreadZeroTlsCell 10
323 #define ThreadPerformanceCount 11
324 #define ThreadAmILastThread 12
325 #define ThreadIdealProcessor 13
326 #define ThreadPriorityBoost 14
327 #define MaxThreadInfoClass 15
328
329
330
331 // key query information class
332
333 #define KeyBasicInformation 0
334 #define KeyNodeInformation 1
335 #define KeyFullInformation 2
336
337
338 // key set information class
339
340 #define KeyWriteTimeInformation 0
341
342 // key value information class
343
344 #define KeyValueBasicInformation 0
345 #define KeyValueFullInformation 1
346 #define KeyValuePartialInformation 2
347
348 // object handle information
349
350 #define ObjectBasicInformation 0
351 #define ObjectNameInformation 1
352 #define ObjectTypeInformation 2
353 #define ObjectAllInformation 3
354 #define ObjectDataInformation 4
355
356 // semaphore information
357
358 #define SemaphoreBasicInformation 0
359
360 // event information
361
362 #define EventBasicInformation 0
363
364
365 // system information
366
367 #define SystemPerformanceInformation 5
368 #define SystemCacheInformation 21
369 #define SystemTimeAdjustmentInformation 28
370
371
372 // file information
373
374
375 #define FileDirectoryInformation 1
376 #define FileFullDirectoryInformation 2
377 #define FileBothDirectoryInformation 3
378 #define FileBasicInformation 4
379 #define FileStandardInformation 5
380 #define FileInternalInformation 6
381 #define FileEaInformation 7
382 #define FileAccessInformation 8
383 #define FileNameInformation 9
384 #define FileRenameInformation 10
385 #define FileLinkInformation 11
386 #define FileNamesInformation 12
387 #define FileDispositionInformation 13
388 #define FilePositionInformation 14
389 #define FileFullEaInformation 15
390 #define FileModeInformation 16
391 #define FileAlignmentInformation 17
392 #define FileAllInformation 18
393 #define FileAllocationInformation 19
394 #define FileEndOfFileInformation 20
395 #define FileAlternateNameInformation 21
396 #define FileStreamInformation 22
397 #define FilePipeInformation 23
398 #define FilePipeLocalInformation 24
399 #define FilePipeRemoteInformation 25
400 #define FileMailslotQueryInformation 26
401 #define FileMailslotSetInformation 27
402 #define FileCompressionInformation 28
403 #define FileCopyOnWriteInformation 29
404 #define FileCompletionInformation 30
405 #define FileMoveClusterInformation 31
406 #define FileOleClassIdInformation 32
407 #define FileOleStateBitsInformation 33
408 #define FileNetworkOpenInformation 34
409 #define FileObjectIdInformation 35
410 #define FileOleAllInformation 36
411 #define FileOleDirectoryInformation 37
412 #define FileContentIndexInformation 38
413 #define FileInheritContentIndexInformation 39
414 #define FileOleInformation 40
415 #define FileMaximumInformation 41
416
417
418
419 //file system information class values
420
421
422
423 #define FileFsVolumeInformation 1
424 #define FileFsLabelInformation 2
425 #define FileFsSizeInformation 3
426 #define FileFsDeviceInformation 4
427 #define FileFsAttributeInformation 5
428 #define FileFsControlInformation 6
429 #define FileFsQuotaQueryInformation 7
430 #define FileFsQuotaSetInformation 8
431 #define FileFsMaximumInformation 9
432
433
434 // shutdown action
435
436 typedef enum SHUTDOWN_ACTION_TAG {
437 ShutdownNoReboot,
438 ShutdownReboot,
439 ShutdownPowerOff
440 } SHUTDOWN_ACTION;
441
442
443
444 // wait type
445
446 #define WaitAll 0
447 #define WaitAny 1
448
449
450 // key restore flags
451
452 #define REG_WHOLE_HIVE_VOLATILE 1
453 #define REG_REFRESH_HIVE 2
454
455
456 // object type access rights
457
458 #define OBJECT_TYPE_CREATE 0x0001
459 #define OBJECT_TYPE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0x1)
460
461
462 // directory access rights
463
464 #define DIRECTORY_QUERY 0x0001
465 #define DIRECTORY_TRAVERSE 0x0002
466 #define DIRECTORY_CREATE_OBJECT 0x0004
467 #define DIRECTORY_CREATE_SUBDIRECTORY 0x0008
468
469 #define DIRECTORY_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0xF)
470
471 // symbolic link access rights
472
473 #define SYMBOLIC_LINK_QUERY 0x0001
474 #define SYMBOLIC_LINK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0x1)
475
476 typedef struct _PROCESS_WS_WATCH_INFORMATION
477 {
478 PVOID FaultingPc;
479 PVOID FaultingVa;
480 } PROCESS_WS_WATCH_INFORMATION, *PPROCESS_WS_WATCH_INFORMATION;
481
482 typedef struct _PROCESS_BASIC_INFORMATION
483 {
484 NTSTATUS ExitStatus;
485 PNT_PEB PebBaseAddress;
486 KAFFINITY AffinityMask;
487 KPRIORITY BasePriority;
488 ULONG UniqueProcessId;
489 ULONG InheritedFromUniqueProcessId;
490 } PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION;
491
492 typedef struct _QUOTA_LIMITS
493 {
494 ULONG PagedPoolLimit;
495 ULONG NonPagedPoolLimit;
496 ULONG MinimumWorkingSetSize;
497 ULONG MaximumWorkingSetSize;
498 ULONG PagefileLimit;
499 TIME TimeLimit;
500 } QUOTA_LIMITS, *PQUOTA_LIMITS;
501
502 typedef struct _IO_COUNTERS
503 {
504 ULONG ReadOperationCount;
505 ULONG WriteOperationCount;
506 ULONG OtherOperationCount;
507 LARGE_INTEGER ReadTransferCount;
508 LARGE_INTEGER WriteTransferCount;
509 LARGE_INTEGER OtherTransferCount;
510 } IO_COUNTERS, *PIO_COUNTERS;
511
512
513 typedef struct _VM_COUNTERS_
514 {
515 ULONG PeakVirtualSize;
516 ULONG VirtualSize;
517 ULONG PageFaultCount;
518 ULONG PeakWorkingSetSize;
519 ULONG WorkingSetSize;
520 ULONG QuotaPeakPagedPoolUsage;
521 ULONG QuotaPagedPoolUsage;
522 ULONG QuotaPeakNonPagedPoolUsage;
523 ULONG QuotaNonPagedPoolUsage;
524 ULONG PagefileUsage;
525 ULONG PeakPagefileUsage;
526 } VM_COUNTERS, *PVM_COUNTERS;
527
528
529 typedef struct _POOLED_USAGE_AND_LIMITS_
530 {
531 ULONG PeakPagedPoolUsage;
532 ULONG PagedPoolUsage;
533 ULONG PagedPoolLimit;
534 ULONG PeakNonPagedPoolUsage;
535 ULONG NonPagedPoolUsage;
536 ULONG NonPagedPoolLimit;
537 ULONG PeakPagefileUsage;
538 ULONG PagefileUsage;
539 ULONG PagefileLimit;
540 } POOLED_USAGE_AND_LIMITS, *PPOOLED_USAGE_AND_LIMITS;
541
542
543 typedef struct _PROCESS_ACCESS_TOKEN
544 {
545 HANDLE Token;
546 HANDLE Thread;
547 } PROCESS_ACCESS_TOKEN, *PPROCESS_ACCESS_TOKEN;
548
549 typedef struct _KERNEL_USER_TIMES
550 {
551 TIME CreateTime;
552 TIME ExitTime;
553 TIME KernelTime;
554 TIME UserTime;
555 } KERNEL_USER_TIMES;
556 typedef KERNEL_USER_TIMES *PKERNEL_USER_TIMES;
557
558 // thread information
559
560 // incompatible with MS NT
561
562 typedef struct _THREAD_BASIC_INFORMATION
563 {
564 NTSTATUS ExitStatus;
565 PVOID TebBaseAddress;
566 KAFFINITY AffinityMask;
567 KPRIORITY BasePriority;
568 ULONG UniqueThreadId;
569 } THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION;
570
571 // object information
572
573 typedef struct _OBJECT_NAME_INFORMATION
574 {
575 UNICODE_STRING Name;
576 } OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION;
577
578
579
580 typedef struct _OBJECT_DATA_INFORMATION
581 {
582 BOOL bInheritHanlde;
583 BOOL bProtectFromClose;
584 } OBJECT_DATA_INFORMATION, *POBJECT_DATA_INFORMATION;
585
586
587 typedef struct _OBJECT_TYPE_INFORMATION
588 {
589 UNICODE_STRING Name;
590 UNICODE_STRING Type;
591 ULONG TotalHandles;
592 ULONG ReferenceCount;
593 } OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION;
594
595 // system information
596
597 typedef struct _SYSTEM_TIME_ADJUSTMENT
598 {
599 ULONG TimeAdjustment;
600 BOOL TimeAdjustmentDisabled;
601 } SYSTEM_TIME_ADJUSTMENT, *PSYSTEM_TIME_ADJUSTMENT;
602
603 typedef struct _SYSTEM_CONFIGURATION_INFO {
604 union {
605 ULONG OemId;
606 struct {
607 WORD ProcessorArchitecture;
608 WORD Reserved;
609 } tag1;
610 } tag2;
611 ULONG PageSize;
612 PVOID MinimumApplicationAddress;
613 PVOID MaximumApplicationAddress;
614 ULONG ActiveProcessorMask;
615 ULONG NumberOfProcessors;
616 ULONG ProcessorType;
617 ULONG AllocationGranularity;
618 WORD ProcessorLevel;
619 WORD ProcessorRevision;
620 } SYSTEM_CONFIGURATION_INFO, *PSYSTEM_CONFIGURATION_INFO;
621
622
623 typedef struct _SYSTEM_CACHE_INFORMATION {
624 ULONG CurrentSize;
625 ULONG PeakSize;
626 ULONG PageFaultCount;
627 ULONG MinimumWorkingSet;
628 ULONG MaximumWorkingSet;
629 ULONG Unused[4];
630 } SYSTEM_CACHE_INFORMATION;
631
632
633
634 // file information
635
636 typedef struct _FILE_BASIC_INFORMATION
637 {
638 TIME CreationTime;
639 TIME LastAccessTime;
640 TIME LastWriteTime;
641 TIME ChangeTime;
642 ULONG FileAttributes;
643 } FILE_BASIC_INFORMATION, *PFILE_BASIC_INFORMATION;
644
645 typedef struct _FILE_STANDARD_INFORMATION
646 {
647 LARGE_INTEGER AllocationSize;
648 LARGE_INTEGER EndOfFile;
649 ULONG NumberOfLinks;
650 BOOLEAN DeletePending;
651 BOOLEAN Directory;
652 } FILE_STANDARD_INFORMATION, *PFILE_STANDARD_INFORMATION;
653
654 typedef struct _FILE_POSITION_INFORMATION
655 {
656 LARGE_INTEGER CurrentByteOffset;
657 } FILE_POSITION_INFORMATION, *PFILE_POSITION_INFORMATION;
658
659 typedef struct _FILE_ALIGNMENT_INFORMATION
660 {
661 ULONG AlignmentRequirement;
662 } FILE_ALIGNMENT_INFORMATION, *PFILE_ALIGNMENT_INFORMATION;
663
664 typedef struct _FILE_DISPOSITION_INFORMATION
665 {
666 BOOLEAN DeleteFile;
667 } FILE_DISPOSITION_INFORMATION, *PFILE_DISPOSITION_INFORMATION;
668
669 typedef struct _FILE_END_OF_FILE_INFORMATION
670 {
671 LARGE_INTEGER EndOfFile;
672 } FILE_END_OF_FILE_INFORMATION, *PFILE_END_OF_FILE_INFORMATION;
673
674 typedef struct _FILE_NETWORK_OPEN_INFORMATION {
675 TIME CreationTime;
676 TIME LastAccessTime;
677 TIME LastWriteTime;
678 TIME ChangeTime;
679 LARGE_INTEGER AllocationSize;
680 LARGE_INTEGER EndOfFile;
681 ULONG FileAttributes;
682 } FILE_NETWORK_OPEN_INFORMATION, *PFILE_NETWORK_OPEN_INFORMATION;
683
684 typedef struct _FILE_FULL_EA_INFORMATION
685 {
686 ULONG NextEntryOffset;
687 UCHAR Flags;
688 UCHAR EaNameLength;
689 USHORT EaValueLength;
690 CHAR *EaName;
691 } FILE_FULL_EA_INFORMATION, *PFILE_FULL_EA_INFORMATION;
692
693
694 typedef struct _FILE_EA_INFORMATION {
695 ULONG EaSize;
696 } FILE_EA_INFORMATION, *PFILE_EA_INFORMATION;
697
698
699 typedef struct _FILE_GET_EA_INFORMATION {
700 ULONG NextEntryOffset;
701 UCHAR EaNameLength;
702 CHAR EaName[0];
703 } FILE_GET_EA_INFORMATION, *PFILE_GET_EA_INFORMATION;
704
705 typedef struct _FILE_STREAM_INFORMATION {
706 ULONG NextEntryOffset;
707 ULONG StreamNameLength;
708 LARGE_INTEGER StreamSize;
709 LARGE_INTEGER StreamAllocationSize;
710 WCHAR StreamName[0];
711 } FILE_STREAM_INFORMATION, *PFILE_STREAM_INFORMATION;
712
713 typedef struct _FILE_ALLOCATION_INFORMATION {
714 LARGE_INTEGER AllocationSize;
715 } FILE_ALLOCATION_INFORMATION, *PFILE_ALLOCATION_INFORMATION;
716
717 typedef struct _FILE_NAME_INFORMATION {
718 ULONG FileNameLength;
719 WCHAR FileName[0];
720 } FILE_NAME_INFORMATION, *PFILE_NAME_INFORMATION;
721
722 typedef struct _FILE_NAMES_INFORMATION {
723 ULONG NextEntryOffset;
724 ULONG FileIndex;
725 ULONG FileNameLength;
726 WCHAR FileName[0];
727 } FILE_NAMES_INFORMATION, *PFILE_NAMES_INFORMATION;
728
729
730 typedef struct _FILE_RENAME_INFORMATION {
731 BOOLEAN Replace;
732 HANDLE RootDir;
733 ULONG FileNameLength;
734 WCHAR FileName[0];
735 } FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION;
736
737
738 typedef struct _FILE_INTERNAL_INFORMATION {
739 LARGE_INTEGER IndexNumber;
740 } FILE_INTERNAL_INFORMATION, *PFILE_INTERNAL_INFORMATION;
741
742 typedef struct _FILE_ACCESS_INFORMATION {
743 ACCESS_MASK AccessFlags;
744 } FILE_ACCESS_INFORMATION, *PFILE_ACCESS_INFORMATION;
745
746
747 typedef struct _FILE_MODE_INFORMATION {
748 ULONG Mode;
749 } FILE_MODE_INFORMATION, *PFILE_MODE_INFORMATION;
750
751 typedef struct _FILE_COMPRESSION_INFORMATION {
752 LARGE_INTEGER CompressedFileSize;
753 USHORT CompressionFormat;
754 UCHAR CompressionUnitShift;
755 UCHAR ChunkShift;
756 UCHAR ClusterShift;
757 UCHAR Reserved[3];
758 } FILE_COMPRESSION_INFORMATION, *PFILE_COMPRESSION_INFORMATION;
759
760 typedef struct _FILE_ALL_INFORMATION {
761 FILE_BASIC_INFORMATION BasicInformation;
762 FILE_STANDARD_INFORMATION StandardInformation;
763 FILE_INTERNAL_INFORMATION InternalInformation;
764 FILE_EA_INFORMATION EaInformation;
765 FILE_ACCESS_INFORMATION AccessInformation;
766 FILE_POSITION_INFORMATION PositionInformation;
767 FILE_MODE_INFORMATION ModeInformation;
768 FILE_ALIGNMENT_INFORMATION AlignmentInformation;
769 FILE_NAME_INFORMATION NameInformation;
770 } FILE_ALL_INFORMATION, *PFILE_ALL_INFORMATION;
771
772 // file system information structures
773
774 typedef struct _FILE_FS_DEVICE_INFORMATION {
775 DEVICE_TYPE DeviceType;
776 ULONG Characteristics;
777 } FILE_FS_DEVICE_INFORMATION, *PFILE_FS_DEVICE_INFORMATION;
778
779
780 /* device type can be one of the following values:
781
782 FILE_DEVICE_BEEP 0x00000001
783 FILE_DEVICE_CD_ROM 0x00000002
784 FILE_DEVICE_CD_ROM_FILE_SYSTEM 0x00000003
785 FILE_DEVICE_CONTROLLER 0x00000004
786 FILE_DEVICE_DATALINK 0x00000005
787 FILE_DEVICE_DFS 0x00000006
788 FILE_DEVICE_DISK 0x00000007
789 FILE_DEVICE_DISK_FILE_SYSTEM 0x00000008
790 FILE_DEVICE_FILE_SYSTEM 0x00000009
791 FILE_DEVICE_INPORT_PORT 0x0000000a
792 FILE_DEVICE_KEYBOARD 0x0000000b
793 FILE_DEVICE_MAILSLOT 0x0000000c
794 FILE_DEVICE_MIDI_IN 0x0000000d
795 FILE_DEVICE_MIDI_OUT 0x0000000e
796 FILE_DEVICE_MOUSE 0x0000000f
797 FILE_DEVICE_MULTI_UNC_PROVIDER 0x00000010
798 FILE_DEVICE_NAMED_PIPE 0x00000011
799 FILE_DEVICE_NETWORK 0x00000012
800 FILE_DEVICE_NETWORK_BROWSER 0x00000013
801 FILE_DEVICE_NETWORK_FILE_SYSTEM 0x00000014
802 FILE_DEVICE_NULL 0x00000015
803 FILE_DEVICE_PARALLEL_PORT 0x00000016
804 FILE_DEVICE_PHYSICAL_NETCARD 0x00000017
805 FILE_DEVICE_PRINTER 0x00000018
806 FILE_DEVICE_SCANNER 0x00000019
807 FILE_DEVICE_SERIAL_MOUSE_PORT 0x0000001a
808 FILE_DEVICE_SERIAL_PORT 0x0000001b
809 FILE_DEVICE_SCREEN 0x0000001c
810 FILE_DEVICE_SOUND 0x0000001d
811 FILE_DEVICE_STREAMS 0x0000001e
812 FILE_DEVICE_TAPE 0x0000001f
813 FILE_DEVICE_TAPE_FILE_SYSTEM 0x00000020
814 FILE_DEVICE_TRANSPORT 0x00000021
815 FILE_DEVICE_UNKNOWN 0x00000022
816 FILE_DEVICE_VIDEO 0x00000023
817 FILE_DEVICE_VIRTUAL_DISK 0x00000024
818 FILE_DEVICE_WAVE_IN 0x00000025
819 FILE_DEVICE_WAVE_OUT 0x00000026
820 FILE_DEVICE_8042_PORT 0x00000027
821 FILE_DEVICE_NETWORK_REDIRECTOR 0x00000028
822 FILE_DEVICE_BATTERY 0x00000029
823 FILE_DEVICE_BUS_EXTENDER 0x0000002a
824 FILE_DEVICE_MODEM 0x0000002b
825 FILE_DEVICE_VDM 0x0000002c
826 */
827
828 /*
829 characteristics is one of the following values:
830
831 FILE_REMOVABLE_MEDIA 0x00000001
832 FILE_READ_ONLY_DEVICE 0x00000002
833 FILE_FLOPPY_DISKETTE 0x00000004
834 FILE_WRITE_ONCE_MEDIA 0x00000008
835 FILE_REMOTE_DEVICE 0x00000010
836 FILE_DEVICE_IS_MOUNTED 0x00000020
837 FILE_VIRTUAL_VOLUME 0x00000040
838 */
839
840 typedef struct _FILE_FS_VOLUME_INFORMATION {
841 TIME VolumeCreationTime;
842 ULONG VolumeSerialNumber;
843 ULONG VolumeLabelLength;
844 BOOLEAN SupportsObjects;
845 WCHAR VolumeLabel[0];
846 } FILE_FS_VOLUME_INFORMATION;
847
848 typedef struct _FILE_FS_SIZE_INFORMATION {
849 LARGE_INTEGER TotalAllocationUnits;
850 LARGE_INTEGER AvailableAllocationUnits;
851 ULONG SectorsPerAllocationUnit;
852 ULONG BytesPerSector;
853 } FILE_FS_SIZE_INFORMATION, *PFILE_FS_SIZE_INFORMATION;
854
855 typedef struct _FILE_FS_ATTRIBUTE_INFORMATION {
856 ULONG FileSystemAttributes;
857 LONG MaximumComponentNameLength;
858 ULONG FileSystemNameLength;
859 WCHAR FileSystemName[0];
860 } FILE_FS_ATTRIBUTE_INFORMATION;
861
862 /*
863 FileSystemAttributes is one of the following values:
864
865 FILE_CASE_SENSITIVE_SEARCH 0x00000001
866 FILE_CASE_PRESERVED_NAMES 0x00000002
867 FILE_UNICODE_ON_DISK 0x00000004
868 FILE_PERSISTENT_ACLS 0x00000008
869 FILE_FILE_COMPRESSION 0x00000010
870 FILE_VOLUME_QUOTAS 0x00000020
871 FILE_VOLUME_IS_COMPRESSED 0x00008000
872 */
873 typedef struct _FILE_FS_LABEL_INFORMATION {
874 ULONG VolumeLabelLength;
875 WCHAR VolumeLabel[0];
876 } FILE_FS_LABEL_INFORMATION, *PFILE_FS_LABEL_INFORMATION;
877
878 // read file scatter / write file scatter
879 //FIXME I am a win32 struct aswell
880
881 typedef union _FILE_SEGMENT_ELEMENT {
882 PVOID Buffer;
883 ULONG Alignment;
884 }FILE_SEGMENT_ELEMENT, *PFILE_SEGMENT_ELEMENT;
885
886 // directory information
887
888
889 typedef struct _FILE_DIRECTORY_INFORMATION {
890 ULONG NextEntryOffset;
891 ULONG FileIndex;
892 TIME CreationTime;
893 TIME LastAccessTime;
894 TIME LastWriteTime;
895 TIME ChangeTime;
896 LARGE_INTEGER EndOfFile;
897 LARGE_INTEGER AllocationSize;
898 ULONG FileAttributes;
899 ULONG FileNameLength;
900 WCHAR FileName[0];
901 } FILE_DIRECTORY_INFORMATION, *PFILE_DIRECTORY_INFORMATION;
902
903 typedef struct _FILE_FULL_DIRECTORY_INFORMATION {
904 ULONG NextEntryOffset;
905 ULONG FileIndex;
906 TIME CreationTime;
907 TIME LastAccessTime;
908 TIME LastWriteTime;
909 TIME ChangeTime;
910 LARGE_INTEGER EndOfFile;
911 LARGE_INTEGER AllocationSize;
912 ULONG FileAttributes;
913 ULONG FileNameLength;
914 ULONG EaSize;
915 WCHAR FileName[0];
916 } FILE_FULL_DIRECTORY_INFORMATION, *PFILE_FULL_DIRECTORY_INFORMATION;
917
918
919 typedef struct _FILE_BOTH_DIRECTORY_INFORMATION {
920 ULONG NextEntryOffset;
921 ULONG FileIndex;
922 TIME CreationTime;
923 TIME LastAccessTime;
924 TIME LastWriteTime;
925 TIME ChangeTime;
926 LARGE_INTEGER EndOfFile;
927 LARGE_INTEGER AllocationSize;
928 ULONG FileAttributes;
929 ULONG FileNameLength;
930 ULONG EaSize;
931 CHAR ShortNameLength;
932 WCHAR ShortName[12]; // 8.3 name
933 WCHAR FileName[0];
934 } FILE_BOTH_DIRECTORY_INFORMATION, *PFILE_BOTH_DIRECTORY_INFORMATION;
935
936
937 /*
938 NotifyFilter / CompletionFilter:
939
940 FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001
941 FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002
942 FILE_NOTIFY_CHANGE_NAME 0x00000003
943 FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004
944 FILE_NOTIFY_CHANGE_SIZE 0x00000008
945 FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010
946 FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020
947 FILE_NOTIFY_CHANGE_CREATION 0x00000040
948 FILE_NOTIFY_CHANGE_EA 0x00000080
949 FILE_NOTIFY_CHANGE_SECURITY 0x00000100
950 FILE_NOTIFY_CHANGE_STREAM_NAME 0x00000200
951 FILE_NOTIFY_CHANGE_STREAM_SIZE 0x00000400
952 FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800
953 */
954
955 typedef struct _FILE_NOTIFY_INFORMATION {
956 ULONG NextEntryOffset;
957 ULONG Action;
958 ULONG FileNameLength;
959 WCHAR FileName[0];
960 } FILE_NOTIFY_INFORMATION;
961
962
963 /*
964 Action is one of the following values:
965
966 FILE_ACTION_ADDED 0x00000001
967 FILE_ACTION_REMOVED 0x00000002
968 FILE_ACTION_MODIFIED 0x00000003
969 FILE_ACTION_RENAMED_OLD_NAME 0x00000004
970 FILE_ACTION_RENAMED_NEW_NAME 0x00000005
971 FILE_ACTION_ADDED_STREAM 0x00000006
972 FILE_ACTION_REMOVED_STREAM 0x00000007
973 FILE_ACTION_MODIFIED_STREAM 0x00000008
974
975 */
976
977
978 //FIXME: I am a win32 object
979 typedef
980 VOID
981 (*PTIMERAPCROUTINE)(
982 LPVOID lpArgToCompletionRoutine,
983 DWORD dwTimerLowValue,
984 DWORD dwTimerHighValue
985 );
986
987 // NtProcessStartup parameters
988
989 typedef struct _ENVIRONMENT_INFORMATION {
990 ULONG Unknown[21];
991 UNICODE_STRING CommandLine;
992 UNICODE_STRING ImageFile;
993 } ENVIRONMENT_INFORMATION, *PENVIRONMENT_INFORMATION;
994
995
996 typedef struct _STARTUP_ARGUMENT {
997 ULONG Unknown[3];
998 PENVIRONMENT_INFORMATION Environment;
999 } STARTUP_ARGUMENT, *PSTARTUP_ARGUMENT;
1000
1001
1002 // File System Control commands ( related to defragging )
1003
1004 #define FSCTL_READ_MFT_RECORD 0x90068 // NTFS only
1005 #define FSCTL_GET_VOLUME_BITMAP 0x9006F
1006 #define FSCTL_GET_RETRIEVAL_POINTERS 0x90073
1007 #define FSCTL_MOVE_FILE 0x90074
1008
1009 typedef struct _MAPPING_PAIR
1010 {
1011 ULONGLONG Vcn;
1012 ULONGLONG Lcn;
1013 } MAPPING_PAIR, *PMAPPING_PAIR;
1014
1015 typedef struct _GET_RETRIEVAL_DESCRIPTOR
1016 {
1017 ULONG NumberOfPairs;
1018 ULONGLONG StartVcn;
1019 MAPPING_PAIR Pair[0];
1020 } GET_RETRIEVAL_DESCRIPTOR, *PGET_RETRIEVAL_DESCRIPTOR;
1021
1022 typedef struct _BITMAP_DESCRIPTOR
1023 {
1024 ULONGLONG StartLcn;
1025 ULONGLONG ClustersToEndOfVol;
1026 BYTE Map[0];
1027 } BITMAP_DESCRIPTOR, *PBITMAP_DESCRIPTOR;
1028
1029 typedef struct _MOVEFILE_DESCRIPTOR
1030 {
1031 HANDLE FileHandle;
1032 ULONG Reserved;
1033 LARGE_INTEGER StartVcn;
1034 LARGE_INTEGER TargetLcn;
1035 ULONG NumVcns;
1036 ULONG Reserved1;
1037 } MOVEFILE_DESCRIPTOR, *PMOVEFILE_DESCRIPTOR;
1038
1039
1040 // semaphore information
1041
1042 typedef struct _SEMAPHORE_BASIC_INFORMATION
1043 {
1044 ULONG CurrentCount;
1045 ULONG MaximumCount;
1046 } SEMAPHORE_BASIC_INFORMATION, *PSEMAPHORE_BASIC_INFORMATION;
1047
1048 // event information
1049
1050 typedef struct _EVENT_BASIC_INFORMATION
1051 {
1052 BOOL AutomaticReset;
1053 BOOL Signaled;
1054 } EVENT_BASIC_INFORMATION, *PEVENT_INFORMATION;
1055
1056
1057
1058
1059 /*
1060 * FUNCTION: Adds an atom to the global atom table
1061 * ARGUMENTS:
1062 Atom (OUT) = Caller supplies storage for the resulting atom.
1063 * AtomString = The string to add to the atom table.
1064 * REMARKS: The arguments map to the win32 add GlobalAddAtom.
1065 * RETURNS: Status
1066 */
1067 NTSTATUS
1068 STDCALL
1069 NtAddAtom(
1070 OUT ATOM *Atom,
1071 IN PUNICODE_STRING AtomString
1072 );
1073 /*
1074 * FUNCTION: Decrements a thread's suspend count and places it in an alerted
1075 * state.
1076 * ARGUMENTS:
1077 * ThreadHandle = Handle to the thread that should be resumed
1078 * SuspendCount = The resulting suspend count.
1079 * REMARK:
1080 * A thread is resumed if its suspend count is 0
1081 * RETURNS: Status
1082 */
1083 NTSTATUS
1084 STDCALL
1085 NtAlertResumeThread(
1086 IN HANDLE ThreadHandle,
1087 OUT PULONG SuspendCount
1088 );
1089
1090 /*
1091 * FUNCTION: Puts the thread in a alerted state
1092 * ARGUMENTS:
1093 * ThreadHandle = Handle to the thread that should be alerted
1094 * RETURNS: Status
1095 */
1096 NTSTATUS
1097 STDCALL
1098 NtAlertThread(
1099 IN HANDLE ThreadHandle
1100 );
1101
1102 /*
1103 * FUNCTION: Allocates a locally unique id
1104 * ARGUMENTS:
1105 * LocallyUniqueId = Locally unique number
1106 * RETURNS: Status
1107 */
1108 NTSTATUS
1109 STDCALL
1110 NtAllocateLocallyUniqueId(
1111 OUT PVOID LocallyUniqueId
1112 );
1113
1114 /*
1115 * FUNCTION: Allocates a block of virtual memory in the process address space
1116 * ARGUMENTS:
1117 * ProcessHandle = The handle of the process which owns the virtual memory
1118 * BaseAddress = A pointer to the virtual memory allocated. If you supply a non zero
1119 * value the system will try to allocate the memory at the address supplied. It rounds
1120 * it down to a multiple if the page size.
1121 * ZeroBits = (OPTIONAL) You can specify the number of high order bits that must be zero, ensuring that
1122 * the memory will be allocated at a address below a certain value.
1123 * RegionSize = The number of bytes to allocate
1124 * AllocationType = Indicates the type of virtual memory you like to allocated,
1125 * can be one of the values : MEM_COMMIT, MEM_RESERVE, MEM_RESET, MEM_TOP_DOWN
1126 * Protect = Indicates the protection type of the pages allocated, can be a combination of
1127 * PAGE_READONLY, PAGE_READWRITE, PAGE_EXECUTE_READ,
1128 * PAGE_EXECUTE_READWRITE, PAGE_GUARD, PAGE_NOACCESS, PAGE_NOACCESS
1129 * REMARKS:
1130 * This function maps to the win32 VirtualAllocEx. Virtual memory is process based so the
1131 * protocol starts with a ProcessHandle. I splitted the functionality of obtaining the actual address and specifying
1132 * the start address in two parameters ( BaseAddress and StartAddress ) The NumberOfBytesAllocated specify the range
1133 * and the AllocationType and ProctectionType map to the other two parameters.
1134 * RETURNS: Status
1135 */
1136 NTSTATUS
1137 STDCALL
1138 NtAllocateVirtualMemory(
1139 IN HANDLE ProcessHandle,
1140 OUT PVOID *BaseAddress,
1141 IN ULONG ZeroBits,
1142 IN ULONG RegionSize,
1143 IN ULONG AllocationType,
1144 IN ULONG Protect
1145 );
1146
1147 /*
1148 * FUNCTION: Cancels a IO request
1149 * ARGUMENTS:
1150 * FileHandle = Handle to the file
1151 * IoStatusBlock =
1152
1153 * REMARKS:
1154 * This function maps to the win32 CancelIo.
1155 * RETURNS: Status
1156 */
1157 NTSTATUS
1158 STDCALL
1159 NtCancelIoFile(
1160 IN HANDLE FileHandle,
1161 OUT PIO_STATUS_BLOCK IoStatusBlock
1162 );
1163 /*
1164 * FUNCTION: Cancels a timer
1165 * ARGUMENTS:
1166 * TimerHandle = Handle to the timer
1167 ElapsedTime = Specifies the elapsed time the timer has run so far.
1168 * REMARKS:
1169 The arguments to this function map to the function CancelWaitableTimer.
1170 * RETURNS: Status
1171 */
1172 NTSTATUS
1173 STDCALL
1174 NtCancelTimer(
1175 IN HANDLE TimerHandle,
1176 OUT ULONG ElapsedTime
1177 );
1178 /*
1179 * FUNCTION: Sets the status of the event back to non-signaled
1180 * ARGUMENTS:
1181 * EventHandle = Handle to the event
1182 * REMARKS:
1183 * This function maps to win32 function ResetEvent.
1184 * RETURcNS: Status
1185 */
1186
1187 NTSTATUS
1188 STDCALL
1189 NtClearEvent(
1190 IN HANDLE EventHandle
1191 );
1192
1193 /*
1194 * FUNCTION: Closes an object handle
1195 * ARGUMENTS:
1196 * Handle = Handle to the object
1197 * REMARKS:
1198 * This function maps to the win32 function CloseHandle.
1199 * RETURNS: Status
1200 */
1201
1202 NTSTATUS
1203 STDCALL
1204 NtClose(
1205 IN HANDLE Handle
1206 );
1207
1208
1209 /*
1210 * FUNCTION: Continues a thread with the specified context
1211 * ARGUMENTS:
1212 * Context = Specifies the processor context
1213 * REMARKS
1214 * NtContinue can be used to continue after a exception.
1215 * RETURNS: Status
1216 */
1217 //FIXME This function might need another parameter
1218 NTSTATUS
1219 STDCALL
1220 NtContinue(
1221 IN PCONTEXT Context
1222 );
1223
1224 /*
1225 * FUNCTION: Creates a directory object
1226 * ARGUMENTS:
1227 * DirectoryHandle (OUT) = Caller supplied storage for the resulting handle
1228 * DesiredAccess = Specifies access to the directory
1229 * ObjectAttribute = Initialized attributes for the object
1230 * REMARKS: This function maps to the win32 CreateDirectory. A directory is like a file so it needs a
1231 * handle, a access mask and a OBJECT_ATTRIBUTES structure to map the path name and the SECURITY_ATTRIBUTES.
1232 * RETURNS: Status
1233 */
1234 NTSTATUS
1235 STDCALL
1236 NtCreateDirectoryObject(
1237 OUT PHANDLE DirectoryHandle,
1238 IN ACCESS_MASK DesiredAccess,
1239 IN POBJECT_ATTRIBUTES ObjectAttributes
1240 );
1241 /*
1242 * FUNCTION: Creates an event object
1243 * ARGUMENTS:
1244 * EventHandle (OUT) = Caller supplied storage for the resulting handle
1245 * DesiredAccess = Specifies access to the event
1246 * ObjectAttribute = Initialized attributes for the object
1247 * ManualReset = manual-reset or auto-reset if true you have to reset the state of the event manually
1248 using NtResetEvent/NtClearEvent. if false the system will reset the event to a non-signalled state
1249 automatically after the system has rescheduled a thread waiting on the event.
1250 * InitialState = specifies the initial state of the event to be signaled ( TRUE ) or non-signalled (FALSE).
1251 * REMARKS: This function maps to the win32 CreateEvent. Demanding a out variable of type HANDLE,
1252 * a access mask and a OBJECT_ATTRIBUTES structure mapping to the SECURITY_ATTRIBUTES. ManualReset and InitialState are
1253 * both parameters aswell ( possibly the order is reversed ).
1254 * RETURNS: Status
1255 */
1256 NTSTATUS
1257 STDCALL
1258 NtCreateEvent(
1259 OUT PHANDLE FileHandle,
1260 IN ACCESS_MASK DesiredAccess,
1261 IN POBJECT_ATTRIBUTES ObjectAttributes,
1262 IN BOOL ManualReset,
1263 IN BOOL InitialState
1264 );
1265
1266 /*
1267 * FUNCTION: Creates an eventpair object
1268 * ARGUMENTS:
1269 * EventPairHandle (OUT) = Caller supplied storage for the resulting handle
1270 * DesiredAccess = Specifies access to the event
1271 * ObjectAttribute = Initialized attributes for the object
1272 */
1273
1274 NTSTATUS
1275 STDCALL
1276 NtCreateEventPair(
1277 OUT PHANDLE FileHandle,
1278 IN ACCESS_MASK DesiredAccess,
1279 IN POBJECT_ATTRIBUTES ObjectAttributes
1280 );
1281
1282
1283 /*
1284 * FUNCTION: Creates or opens a file, directory or device object.
1285 * ARGUMENTS:
1286 * FileHandle (OUT) = Caller supplied storage for the resulting handle
1287 * DesiredAccess = Specifies the allowed or desired access to the file can
1288 * be a combination of DELETE | FILE_READ_DATA ..
1289 * ObjectAttribute = Initialized attributes for the object, contains the rootdirectory and the filename
1290 * IoStatusBlock (OUT) = Caller supplied storage for the resulting status information, indicating if the
1291 * the file is created and opened or allready existed and is just opened.
1292 * FileAttributes = file attributes can be a combination of FILE_ATTRIBUTE_READONLY | FILE_ATTRIBUTE_HIDDEN ...
1293 * ShareAccess = can be a combination of the following: FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE
1294 * CreateDisposition = specifies what the behavior of the system if the file allready exists.
1295 * CreateOptions = specifies the behavior of the system on file creation.
1296 * EaBuffer (OPTIONAL) = Extended Attributes buffer, applies only to files and directories.
1297 * EaLength = Extended Attributes buffer size, applies only to files and directories.
1298 * REMARKS: This function maps to the win32 CreateFile.
1299 * RETURNS: Status
1300 */
1301 NTSTATUS
1302 STDCALL
1303 NtCreateFile(
1304 OUT PHANDLE FileHandle,
1305 IN ACCESS_MASK DesiredAccess,
1306 IN POBJECT_ATTRIBUTES ObjectAttributes,
1307 OUT PIO_STATUS_BLOCK IoStatusBlock,
1308 IN PLARGE_INTEGER AllocationSize OPTIONAL,
1309 IN ULONG FileAttributes,
1310 IN ULONG ShareAccess,
1311 IN ULONG CreateDisposition,
1312 IN ULONG CreateOptions,
1313 IN PVOID EaBuffer OPTIONAL,
1314 IN ULONG EaLength
1315 );
1316 /*
1317 * FUNCTION: Creates or opens a file, directory or device object.
1318 * ARGUMENTS:
1319 * CompletionPort (OUT) = Caller supplied storage for the resulting handle
1320 * DesiredAccess = Specifies the allowed or desired access to the port
1321 * IoStatusBlock =
1322 * NumberOfConcurrentThreads =
1323 * REMARKS: This function maps to the win32 CreateIoCompletionPort
1324 * RETURNS:
1325 * Status
1326 */
1327 NTSTATUS
1328 STDCALL
1329 NtCreateIoCompletion(
1330 OUT PHANDLE CompletionPort,
1331 IN ACCESS_MASK DesiredAccess,
1332 OUT PIO_STATUS_BLOCK IoStatusBlock,
1333 IN ULONG NumberOfConcurrentThreads
1334 );
1335 /*
1336 * FUNCTION: Creates a registry key
1337 * ARGUMENTS:
1338 * KeyHandle (OUT) = Caller supplied storage for the resulting handle
1339 * DesiredAccess = Specifies the allowed or desired access to the key
1340 * It can have a combination of the following values:
1341 * KEY_READ | KEY_WRITE | KEY_EXECUTE | KEY_ALL_ACCESS
1342 * or
1343 * KEY_QUERY_VALUE The values of the key can be queried.
1344 * KEY_SET_VALUE The values of the key can be modified.
1345 * KEY_CREATE_SUB_KEYS The key may contain subkeys.
1346 * KEY_ENUMERATE_SUB_KEYS Subkeys can be queried.
1347 * KEY_NOTIFY
1348 * KEY_CREATE_LINK A symbolic link to the key can be created.
1349 * ObjectAttributes = The name of the key may be specified directly in the name field
1350 * of object attributes or relative
1351 * to a key in rootdirectory.
1352 * Class = Specifies the kind of data.
1353 * CreateOptions = Specifies additional options with which the key is created
1354 * REG_OPTION_VOLATILE The key is not preserved across boots.
1355 * REG_OPTION_NON_VOLATILE The key is preserved accross boots.
1356 * REG_OPTION_CREATE_LINK The key is a symbolic link to another key.
1357 * REG_OPTION_BACKUP_RESTORE Key is being opened or created for backup/restore operations.
1358 * Disposition = Indicates if the call to NtCreateKey resulted in the creation of a key it
1359 * can have the following values: REG_CREATED_NEW_KEY | REG_OPENED_EXISTING_KEY
1360 * RETURNS:
1361 * Status
1362 */
1363 NTSTATUS
1364 STDCALL
1365 NtCreateKey(
1366 OUT PHANDLE KeyHandle,
1367 IN ACCESS_MASK DesiredAccess,
1368 IN POBJECT_ATTRIBUTES ObjectAttributes,
1369 IN ULONG TitleIndex,
1370 IN PUNICODE_STRING Class OPTIONAL,
1371 IN ULONG CreateOptions,
1372 IN PULONG Disposition OPTIONAL
1373 );
1374
1375
1376 //NtCreateMailslotFile
1377
1378 /*
1379 * FUNCTION: Creates or opens a mutex
1380 * ARGUMENTS:
1381 * MutantHandle (OUT) = Caller supplied storage for the resulting handle
1382 * DesiredAccess = Specifies the allowed or desired access to the port
1383 * ObjectAttributes = Contains the name of the mutex.
1384 * InitialOwner = If true the calling thread acquires ownership
1385 * of the mutex.
1386 * REMARKS: This funciton maps to the win32 function CreateMutex
1387 * RETURNS:
1388 * Status
1389 */
1390 NTSTATUS
1391 STDCALL
1392 NtCreateMutant(
1393 OUT PHANDLE MutantHandle,
1394 IN ACCESS_MASK DesiredAccess,
1395 IN OBJECT_ATTRIBUTES ObjectAttributes,
1396 IN BOOL InitialOwner
1397 );
1398
1399 //NtCreateNamedPipeFile
1400
1401 /*
1402 * FUNCTION: Creates a paging file.
1403 * ARGUMENTS:
1404 * PageFileName = Name of the pagefile
1405 * MinimumSize = Specifies the minimum size
1406 * MaximumSize = Specifies the maximum size
1407 * ActualSize = Specifies the actual size
1408 * RETURNS: Status
1409 */
1410 NTSTATUS
1411 STDCALL
1412 NtCreatePagingFile(
1413 IN PUNICODE_STRING PageFileName,
1414 IN ULONG MiniumSize,
1415 IN ULONG MaxiumSize,
1416 OUT PULONG ActualSize
1417 );
1418 /*
1419 * FUNCTION: Creates a process.
1420 * ARGUMENTS:
1421 * ProcessHandle (OUT) = Caller supplied storage for the resulting handle
1422 * DesiredAccess = Specifies the allowed or desired access to the process can
1423 * be a combinate of STANDARD_RIGHTS_REQUIRED| ..
1424 * ObjectAttribute = Initialized attributes for the object, contains the rootdirectory and the filename
1425 * ParentProcess = Handle to the parent process.
1426 * InheritObjectTable = Specifies to inherit the objects of the parent process if true.
1427 * SectionHandle = Handle to a section object to back the image file
1428 * DebugPort = Handle to a DebugPort if NULL the system default debug port will be used.
1429 * ExceptionPort = Handle to a exception port.
1430 * REMARKS:
1431 * This function maps to the win32 CreateProcess.
1432 * RETURNS: Status
1433 */
1434 NTSTATUS
1435 STDCALL
1436 NtCreateProcess(
1437 OUT PHANDLE ProcessHandle,
1438 IN ACCESS_MASK DesiredAccess,
1439 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
1440 IN HANDLE ParentProcess,
1441 IN BOOLEAN InheritObjectTable,
1442 IN HANDLE SectionHandle OPTIONAL,
1443 IN HANDLE DebugPort OPTIONAL,
1444 IN HANDLE ExceptionPort OPTIONAL
1445 );
1446 /*
1447 * FUNCTION: Creates a section object.
1448 * ARGUMENTS:
1449 * SectionHandle (OUT) = Caller supplied storage for the resulting handle
1450 * DesiredAccess = Specifies the desired access to the section can be a combination of STANDARD_RIGHTS_REQUIRED | SECTION_QUERY | SECTION_MAP_WRITE |
1451 * SECTION_MAP_READ | SECTION_MAP_EXECUTE.
1452 * ObjectAttribute = Initialized attributes for the object can be used to create a named section
1453 * MaxiumSize = Maximizes the size of the memory section. Must be non-NULL for a page-file backed section.
1454 * If value specified for a mapped file and the file is not large enough, file will be extended.
1455 * SectionPageProtection = Can be a combination of PAGE_READONLY | PAGE_READWRITE | PAGE_WRITEONLY | PAGE_WRITECOPY.
1456 * AllocationAttributes = can be a combination of SEC_IMAGE | SEC_RESERVE
1457 * FileHanlde = Handle to a file to create a section mapped to a file instead of a memory backed section.
1458 * RETURNS: Status
1459 */
1460 NTSTATUS
1461 STDCALL
1462 NtCreateSection(
1463 OUT PHANDLE SectionHandle,
1464 IN ACCESS_MASK DesiredAccess,
1465 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
1466 IN PLARGE_INTEGER MaximumSize OPTIONAL,
1467 IN ULONG SectionPageProtection OPTIONAL,
1468 IN ULONG AllocationAttributes,
1469 IN HANDLE FileHandle OPTIONAL
1470 );
1471 /*
1472 * FUNCTION: Creates a semaphore object for interprocess synchronization.
1473 * ARGUMENTS:
1474 * SemaphoreHandle (OUT) = Caller supplied storage for the resulting handle
1475 * DesiredAccess = Specifies the allowed or desired access to the semaphore.
1476 * ObjectAttribute = Initialized attributes for the object.
1477 * InitialCount = Not necessary zero, might be smaller than zero.
1478 * MaximumCount = Maxiumum count the semaphore can reach.
1479 * RETURNS: Status
1480 * REMARKS:
1481 * The semaphore is set to signaled when its count is greater than zero, and non-signaled when its count is zero.
1482 */
1483
1484 //FIXME: should a semaphore's initial count allowed to be smaller than zero ??
1485 NTSTATUS
1486 STDCALL
1487 NtCreateSemaphore(
1488 OUT PHANDLE SemaphoreHandle,
1489 IN ACCESS_MASK DesiredAccess,
1490 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
1491 IN ULONG InitialCount,
1492 IN ULONG MaximumCount
1493 );
1494 /*
1495 * FUNCTION: Creates a symbolic link object
1496 * ARGUMENTS:
1497 * SymbolicLinkHandle (OUT) = Caller supplied storage for the resulting handle
1498 * DesiredAccess = Specifies the allowed or desired access to the thread.
1499 * ObjectAttributes = Initialized attributes for the object.
1500 * Name =
1501 * REMARKS:
1502 * This function map to the win32 function CreateThread.
1503 * RETURNS: Status
1504 */
1505 NTSTATUS
1506 STDCALL
1507 NtCreateSymbolicLinkObject(
1508 OUT PHANDLE SymbolicLinkHandle,
1509 IN ACCESS_MASK DesiredAccess,
1510 IN POBJECT_ATTRIBUTES ObjectAttributes,
1511 IN PUNICODE_STRING Name
1512 );
1513 /*
1514 * FUNCTION: Creates a user mode thread
1515 * ARGUMENTS:
1516 * ThreadHandle (OUT) = Caller supplied storage for the resulting handle
1517 * DesiredAccess = Specifies the allowed or desired access to the thread.
1518 * ObjectAttributes = Initialized attributes for the object.
1519 * ProcessHandle = Handle to the threads parent process.
1520 * ClientId (OUT) = Caller supplies storage for returned process id and thread id.
1521 * ThreadContext = Initial processor context for the thread.
1522 * InitialTeb = Initial Thread Environment Block for the Thread.
1523 * CreateSuspended = Specifies if the thread is ready for scheduling
1524 * REMARKS:
1525 * This function maps to the win32 function CreateThread. The exact arguments are from the usenet. [<6f7cqj$tq9$1@nnrp1.dejanews.com>]
1526 * RETURNS: Status
1527 */
1528 NTSTATUS
1529 STDCALL
1530 NtCreateThread(
1531 OUT PHANDLE ThreadHandle,
1532 IN ACCESS_MASK DesiredAccess,
1533 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
1534 IN HANDLE ProcessHandle,
1535 OUT PCLIENT_ID ClientId,
1536 IN PCONTEXT ThreadContext,
1537 IN PINITIAL_TEB InitialTeb,
1538 IN BOOLEAN CreateSuspended
1539 );
1540 /*
1541 * FUNCTION: Creates a waitable timer.
1542 * ARGUMENTS:
1543 * TimerHandle (OUT) = Caller supplied storage for the resulting handle
1544 * DesiredAccess = Specifies the allowed or desired access to the timer.
1545 * ObjectAttributes = Initialized attributes for the object.
1546 * ManualReset = Specifies if the timer should be reset manually.
1547 * REMARKS:
1548 * This function maps to the win32 CreateWaitableTimer. lpTimerAttributes and lpTimerName map to
1549 * corresponding fields in OBJECT_ATTRIBUTES structure.
1550 * RETURNS: Status
1551 */
1552
1553 NTSTATUS
1554 STDCALL
1555 NtCreateTimer(
1556 OUT PHANDLE TimerHandle,
1557 IN ACCESS_MASK DesiredAccess,
1558 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
1559 IN BOOL ManualReset
1560 );
1561 /*
1562 * FUNCTION: Returns the callers thread TEB.
1563 * ARGUMENTS:
1564 * Teb (OUT) = Caller supplied storage for the resulting TEB.
1565 * RETURNS: Status
1566 */
1567 NTSTATUS
1568 STDCALL
1569 NtCurrentTeb(
1570 NT_TEB *CurrentTeb
1571 );
1572
1573 /*
1574 * FUNCTION: Delays the execution of the calling thread.
1575 * ARGUMENTS:
1576 * Alertable = If TRUE the thread is alertable during is wait period
1577 * Interval = Specifies the interval to wait.
1578 * RETURNS: Status
1579 */
1580 NTSTATUS
1581 STDCALL
1582 NtDelayExecution(
1583 IN BOOL Alertable,
1584 IN PLARGE_INTEGER Interval
1585 );
1586
1587 /*
1588 * FUNCTION: Deletes an atom from the global atom table
1589 * ARGUMENTS:
1590 * Atom = Atom to delete
1591 * REMARKS:
1592 The function maps to the win32 GlobalDeleteAtom
1593 * RETURNS: Status
1594 */
1595 NTSTATUS
1596 STDCALL
1597 NtDeleteAtom(
1598 IN ATOM Atom
1599 );
1600
1601 /*
1602 * FUNCTION: Deletes a file
1603 * ARGUMENTS:
1604 * ObjectAttributes = Handle to the file which should be deleted
1605 * REMARKS:
1606 This system call is functionally equivalent to NtSetInformationFile
1607 setting the disposition information.
1608 * The function maps to the win32 DeleteFile.
1609 * RETURNS: Status
1610 */
1611 NTSTATUS
1612 STDCALL
1613 NtDeleteFile(
1614 IN POBJECT_ATTRIBUTES ObjectAttributes
1615 );
1616
1617 /*
1618 * FUNCTION: Deletes a registry key
1619 * ARGUMENTS:
1620 * KeyHandle = Handle of the key
1621 * RETURNS: Status
1622 */
1623 NTSTATUS
1624 STDCALL
1625 NtDeleteKey(
1626 IN HANDLE KeyHandle
1627 );
1628 /*
1629 * FUNCTION: Deletes a value from a registry key
1630 * ARGUMENTS:
1631 * KeyHandle = Handle of the key
1632 * ValueName = Name of the value to delete
1633 * RETURNS: Status
1634 */
1635
1636 NTSTATUS
1637 STDCALL
1638 NtDeleteValueKey(
1639 IN HANDLE KeyHandle,
1640 IN PUNICODE_STRING ValueName
1641 );
1642 /*
1643 * FUNCTION: Sends IOCTL to the io sub system
1644 * ARGUMENTS:
1645 * DeviceHandle = Points to the handle that is created by NtCreateFile
1646 * Event = Event to synchronize on STATUS_PENDING
1647 * ApcRoutine =
1648 * ApcContext =
1649 * IoStatusBlock = Caller should supply storage for
1650 * IoControlCode = Contains the IO Control command. This is an
1651 * index to the structures in InputBuffer and OutputBuffer.
1652 * InputBuffer = Caller should supply storage for input buffer if IOTL expects one.
1653 * InputBufferSize = Size of the input bufffer
1654 * OutputBuffer = Caller should supply storage for output buffer if IOTL expects one.
1655 * OutputBufferSize = Size of the input bufffer
1656 * RETURNS: Status
1657 */
1658
1659 NTSTATUS
1660 STDCALL
1661 NtDeviceIoControlFile(
1662 IN HANDLE DeviceHandle,
1663 IN HANDLE Event OPTIONAL,
1664 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL,
1665 IN PVOID UserApcContext OPTIONAL,
1666 OUT PIO_STATUS_BLOCK IoStatusBlock,
1667 IN ULONG IoControlCode,
1668 IN PVOID InputBuffer,
1669 IN ULONG InputBufferSize,
1670 OUT PVOID OutputBuffer,
1671 IN ULONG OutputBufferSize
1672 );
1673 /*
1674 * FUNCTION: Displays a string on the blue screen
1675 * ARGUMENTS:
1676 * DisplayString = The string to display
1677 * RETURNS: Status
1678 */
1679
1680 NTSTATUS
1681 STDCALL
1682 NtDisplayString(
1683 IN PUNICODE_STRING DisplayString
1684 );
1685 /*
1686 * FUNCTION: Displays a string on the blue screen
1687 * ARGUMENTS:
1688 * SourceProcessHandle = The string to display
1689 SourceHandle =
1690 TargetProcessHandle =
1691 TargetHandle =
1692 DesiredAccess =
1693 InheritHandle =
1694 * RETURNS: Status
1695 */
1696
1697 NTSTATUS
1698 STDCALL
1699 NtDuplicateObject(
1700 IN HANDLE SourceProcessHandle,
1701 IN PHANDLE SourceHandle,
1702 IN HANDLE TargetProcessHandle,
1703 OUT PHANDLE TargetHandle,
1704 IN ULONG DesiredAccess,
1705 IN BOOL InheritHandle
1706 );
1707 /*
1708 * FUNCTION: Returns information about the subkeys of an open key
1709 * ARGUMENTS:
1710 * KeyHandle = Handle of the key whose subkeys are to enumerated
1711 * Index = zero based index of the subkey for which information is
1712 * request
1713 * KeyInformationClass = Type of information returned
1714 * KeyInformation (OUT) = Caller allocated buffer for the information
1715 * about the key
1716 * Length = Length in bytes of the KeyInformation buffer
1717 * ResultLength (OUT) = Caller allocated storage which holds
1718 * the number of bytes of information retrieved
1719 * on return
1720 * RETURNS: Status
1721 */
1722 NTSTATUS
1723 STDCALL
1724 NtEnumerateKey(
1725 IN HANDLE KeyHandle,
1726 IN ULONG Index,
1727 IN CINT KeyInformationClass,
1728 OUT PVOID KeyInformation,
1729 IN ULONG Length,
1730 OUT PULONG ResultLength
1731 );
1732 /*
1733 * FUNCTION: Returns information about the value entries of an open key
1734 * ARGUMENTS:
1735 * KeyHandle = Handle of the key whose value entries are to enumerated
1736 * Index = zero based index of the subkey for which information is
1737 * request
1738 * KeyInformationClass = Type of information returned
1739 * KeyInformation (OUT) = Caller allocated buffer for the information
1740 * about the key
1741 * Length = Length in bytes of the KeyInformation buffer
1742 * ResultLength (OUT) = Caller allocated storage which holds
1743 * the number of bytes of information retrieved
1744 * on return
1745 * RETURNS: Status
1746 */
1747 NTSTATUS
1748 STDCALL
1749 NtEnumerateValueKey(
1750 IN HANDLE KeyHandle,
1751 IN ULONG Index,
1752 IN CINT KeyValueInformationClass,
1753 OUT PVOID KeyValueInformation,
1754 IN ULONG Length,
1755 OUT PULONG ResultLength
1756 );
1757 /*
1758 * FUNCTION: Extends a section
1759 * ARGUMENTS:
1760 * SectionHandle = Handle to the section
1761 * NewMaximumSize = Adjusted size
1762 * RETURNS: Status
1763 */
1764 NTSTATUS
1765 STDCALL
1766 NtExtendSection(
1767 IN HANDLE SectionHandle,
1768 IN ULONG NewMaximumSize
1769 );
1770 /*
1771 * FUNCTION: Finds a atom
1772 * ARGUMENTS:
1773 * Atom = Caller supplies storage for the resulting atom
1774 * AtomString = String to search for.
1775 * RETURNS: Status
1776 * REMARKS:
1777 This funciton maps to the win32 GlobalFindAtom
1778 */
1779 NTSTATUS
1780 STDCALL
1781 NtFindAtom(
1782 OUT ATOM *Atom,
1783 IN PUNICODE_STRING AtomString
1784 );
1785 /*
1786 * FUNCTION: Flushes chached file data to disk
1787 * ARGUMENTS:
1788 * FileHandle = Points to the file
1789 IoStatusBlock = Caller must supply storage to receive the result of the flush
1790 buffers operation. The information field is set to number of bytes
1791 flushed to disk.
1792 * RETURNS: Status
1793 * REMARKS:
1794 This funciton maps to the win32 FlushFileBuffers
1795 */
1796 NTSTATUS
1797 STDCALL
1798 NtFlushBuffersFile(
1799 IN HANDLE FileHandle,
1800 OUT PIO_STATUS_BLOCK IoStatusBlock
1801 );
1802 /*
1803 * FUNCTION: Flushes a the processors instruction cache
1804 * ARGUMENTS:
1805 * ProcessHandle = Points to the process owning the cache
1806 BaseAddress = // might this be a image address ????
1807 NumberOfBytesToFlush =
1808 * RETURNS: Status
1809 * REMARKS:
1810 This funciton is used by debuggers
1811 */
1812 NTSTATUS
1813 STDCALL
1814 NtFlushInstructionCache(
1815 IN HANDLE ProcessHandle,
1816 IN PVOID BaseAddress,
1817 IN UINT NumberOfBytesToFlush
1818 );
1819 /*
1820 * FUNCTION: Flushes a registry key to disk
1821 * ARGUMENTS:
1822 * KeyHandle = Points to the registry key handle
1823 * RETURNS: Status
1824 * REMARKS:
1825 This funciton maps to the win32 RegFlushKey.
1826 */
1827 NTSTATUS
1828 STDCALL
1829 NtFlushKey(
1830 IN HANDLE KeyHandle
1831 );
1832
1833 /*
1834 * FUNCTION: Flushes virtual memory to file
1835 * ARGUMENTS:
1836 * ProcessHandle = Points to the process that allocated the virtual memory
1837 * BaseAddress = Points to the memory address
1838 * NumberOfBytesToFlush = Limits the range to flush,
1839 * NumberOfBytesFlushed = Actual number of bytes flushed
1840 * RETURNS: Status
1841 * REMARKS:
1842 Check return status on STATUS_NOT_MAPPED_DATA
1843 */
1844 NTSTATUS
1845 STDCALL
1846 NtFlushVirtualMemory(
1847 IN HANDLE ProcessHandle,
1848 IN PVOID BaseAddress,
1849 IN ULONG NumberOfBytesToFlush,
1850 OUT PULONG NumberOfBytesFlushed OPTIONAL
1851 );
1852 /*
1853 * FUNCTION: Flushes virtual memory to file
1854 * ARGUMENTS:
1855 * ProcessHandle = Points to the process that allocated the virtual memory
1856 * BaseAddress = Points to the memory address
1857 * NumberOfBytesToFlush = Limits the range to flush,
1858 * NumberOfBytesFlushed = Actual number of bytes flushed
1859 * RETURNS: Status
1860 * REMARKS:
1861 Check return status on STATUS_NOT_MAPPED_DATA
1862 */
1863 VOID
1864 STDCALL
1865 NtFlushWriteBuffer (
1866 VOID
1867 );
1868 /*
1869 * FUNCTION: Frees a range of virtual memory
1870 * ARGUMENTS:
1871 * ProcessHandle = Points to the process that allocated the virtual memory
1872 * BaseAddress = Points to the memory address, rounded down to a multiple of the pagesize
1873 * RegionSize = Limits the range to free, rounded up to a multiple of the paging size
1874 * FreeType = Can be one of the values: MEM_DECOMMIT, or MEM_RELEASE
1875 * RETURNS: Status
1876 */
1877
1878 NTSTATUS
1879 STDCALL
1880 NtFreeVirtualMemory(
1881 IN PHANDLE ProcessHandle,
1882 IN PVOID *BaseAddress,
1883 IN ULONG RegionSize,
1884 IN ULONG FreeType
1885 );
1886
1887 /*
1888 * FUNCTION: Sends FSCTL to the filesystem
1889 * ARGUMENTS:
1890 * DeviceHandle = Points to the handle that is created by NtCreateFile
1891 * Event = Event to synchronize on STATUS_PENDING
1892 * ApcRoutine =
1893 * ApcContext =
1894 * IoStatusBlock = Caller should supply storage for
1895 * IoControlCode = Contains the File System Control command. This is an
1896 index to the structures in InputBuffer and OutputBuffer.
1897 FSCTL_GET_RETRIEVAL_POINTERS MAPPING_PAIR
1898 FSCTL_GET_RETRIEVAL_POINTERS GET_RETRIEVAL_DESCRIPTOR
1899 FSCTL_GET_VOLUME_BITMAP BITMAP_DESCRIPTOR
1900 FSCTL_MOVE_FILE MOVEFILE_DESCRIPTOR
1901
1902 * InputBuffer = Caller should supply storage for input buffer if FCTL expects one.
1903 * InputBufferSize = Size of the input bufffer
1904 * OutputBuffer = Caller should supply storage for output buffer if FCTL expects one.
1905 * OutputBufferSize = Size of the input bufffer
1906 * RETURNS: Status
1907 */
1908 NTSTATUS
1909 STDCALL
1910 NtFsControlFile(
1911 IN HANDLE DeviceHandle,
1912 IN HANDLE Event OPTIONAL,
1913 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
1914 IN PVOID ApcContext OPTIONAL,
1915 OUT PIO_STATUS_BLOCK IoStatusBlock,
1916 IN ULONG IoControlCode,
1917 IN PVOID InputBuffer,
1918 IN ULONG InputBufferSize,
1919 OUT PVOID OutputBuffer,
1920 IN ULONG OutputBufferSize
1921 );
1922
1923 /*
1924 * FUNCTION: Retrieves the processor context of a thread
1925 * ARGUMENTS:
1926 * ThreadHandle = Handle to a thread
1927 * Context (OUT) = Caller allocated storage for the processor context
1928 * RETURNS: Status
1929 */
1930
1931 NTSTATUS
1932 STDCALL
1933 NtGetContextThread(
1934 IN HANDLE ThreadHandle,
1935 OUT PCONTEXT Context
1936 );
1937 /*
1938 * FUNCTION: Retrieves the uptime of the system
1939 * ARGUMENTS:
1940 * UpTime = Number of clock ticks since boot.
1941 * RETURNS: Status
1942 */
1943 NTSTATUS
1944 STDCALL
1945 NtGetTickCount(
1946 PULONG UpTime
1947 );
1948
1949 //-- NtImpersonateThread
1950
1951 /*
1952 * FUNCTION: Initializes the registry.
1953 * ARGUMENTS:
1954 * SetUpBoot = This parameter is true for a setup boot.
1955 * RETURNS: Status
1956 */
1957 NTSTATUS
1958 STDCALL
1959 NtInitializeRegistry(
1960 BOOL SetUpBoot
1961 );
1962 /*
1963 * FUNCTION: Loads a driver.
1964 * ARGUMENTS:
1965 * DriverServiceName = Name of the driver to load
1966 * RETURNS: Status
1967 */
1968 NTSTATUS
1969 STDCALL
1970 NtLoadDriver(
1971 IN PUNICODE_STRING DriverServiceName
1972 );
1973
1974 //-- NtLoadKey2
1975 /*
1976 * FUNCTION: Loads a registry key.
1977 * ARGUMENTS:
1978 * KeyHandle = Handle to the registry key
1979 ObjectAttributes = ???
1980 * REMARK:
1981 This procedure maps to the win32 procedure RegLoadKey
1982 * RETURNS: Status
1983 */
1984 NTSTATUS
1985 STDCALL
1986 NtLoadKey(
1987 PHANDLE KeyHandle,
1988 OBJECT_ATTRIBUTES ObjectAttributes
1989 );
1990 /*
1991 * FUNCTION: Locks a range of bytes in a file.
1992 * ARGUMENTS:
1993 * FileHandle = Handle to the file
1994 * Event = Should be null if apc is specified.
1995 * ApcRoutine = Asynchroneous Procedure Callback
1996 * ApcContext = Argument to the callback
1997 * IoStatusBlock (OUT) = Caller should supply storage for a structure containing
1998 * the completion status and information about the requested lock operation.
1999 * ByteOffset = Offset
2000 * Length = Number of bytes to lock.
2001 * Key =
2002 * FailImmediatedly =
2003 * ExclusiveLock =
2004 * REMARK:
2005 This procedure maps to the win32 procedure LockFileEx
2006 * RETURNS: Status
2007 */
2008 NTSTATUS
2009 STDCALL
2010 NtLockFile(
2011 IN HANDLE FileHandle,
2012 IN HANDLE Event OPTIONAL,
2013 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
2014 IN PVOID ApcContext OPTIONAL,
2015 OUT PIO_STATUS_BLOCK IoStatusBlock,
2016 IN PLARGE_INTEGER ByteOffset,
2017 IN PLARGE_INTEGER Length,
2018 IN ULONG Key,
2019 IN BOOLEAN FailImmediatedly,
2020 IN BOOLEAN ExclusiveLock
2021 );
2022 /*
2023 * FUNCTION: Locks a range of virtual memory.
2024 * ARGUMENTS:
2025 * ProcessHandle = Handle to the process
2026 * BaseAddress = Lower boundary of the range of bytes to lock.
2027 * NumberOfBytesLock = Offset to the upper boundary.
2028 * NumberOfBytesLocked (OUT) = Number of bytes actually locked.
2029 * REMARK:
2030 This procedure maps to the win32 procedure VirtualLock
2031 * RETURNS: Status
2032 */
2033 NTSTATUS
2034 STDCALL
2035 NtLockVirtualMemory(
2036 HANDLE ProcessHandle,
2037 PVOID BaseAddress,
2038 ULONG NumberOfBytesToLock,
2039 PULONG NumberOfBytesLocked
2040 );
2041 /*
2042 * FUNCTION: Makes temporary object that will be removed at next boot.
2043 * ARGUMENTS:
2044 * Handle = Handle to object
2045 * RETURNS: Status
2046 */
2047
2048 NTSTATUS
2049 STDCALL
2050 NtMakeTemporaryObject(
2051 IN HANDLE Handle
2052 );
2053 /*
2054 * FUNCTION: Maps a view of a section into the virtual address space of a
2055 * process
2056 * ARGUMENTS:
2057 * SectionHandle = Handle of the section
2058 * ProcessHandle = Handle of the process
2059 * BaseAddress = Desired base address (or NULL) on entry
2060 * Actual base address of the view on exit
2061 * ZeroBits = Number of high order address bits that must be zero
2062 * CommitSize = Size in bytes of the initially committed section of
2063 * the view
2064 * SectionOffset = Offset in bytes from the beginning of the section
2065 * to the beginning of the view
2066 * ViewSize = Desired length of map (or zero to map all) on entry
2067 * Actual length mapped on exit
2068 * InheritDisposition = Specified how the view is to be shared with
2069 * child processes
2070 * AllocateType = Type of allocation for the pages
2071 * Protect = Protection for the committed region of the view
2072 * RETURNS: Status
2073 */
2074 NTSTATUS STDCALL
2075 NtMapViewOfSection(
2076 IN HANDLE SectionHandle,
2077 IN HANDLE ProcessHandle,
2078 IN OUT PVOID *BaseAddress,
2079 IN ULONG ZeroBits,
2080 IN ULONG CommitSize,
2081 IN OUT PLARGE_INTEGER SectionOffset OPTIONAL,
2082 IN OUT PULONG ViewSize,
2083 IN SECTION_INHERIT InheritDisposition,
2084 IN ULONG AllocationType,
2085 IN ULONG AccessProtection
2086 );
2087
2088 /*
2089 * FUNCTION: Installs a notify for the change of a directory's contents
2090 * ARGUMENTS:
2091 * FileHandle = Handle to the directory
2092 Event =
2093 * ApcRoutine = Start address
2094 * ApcContext = Delimits the range of virtual memory
2095 * for which the new access protection holds
2096 * IoStatusBlock = The new access proctection for the pages
2097 * Buffer = Caller supplies storage for resulting information --> FILE_NOTIFY_INFORMATION
2098 * BufferSize = Size of the buffer
2099 CompletionFilter = Can be one of the following values:
2100 FILE_NOTIFY_CHANGE_FILE_NAME
2101 FILE_NOTIFY_CHANGE_DIR_NAME
2102 FILE_NOTIFY_CHANGE_NAME ( FILE_NOTIFY_CHANGE_FILE_NAME | FILE_NOTIFY_CHANGE_DIR_NAME )
2103 FILE_NOTIFY_CHANGE_ATTRIBUTES
2104 FILE_NOTIFY_CHANGE_SIZE
2105 FILE_NOTIFY_CHANGE_LAST_WRITE
2106 FILE_NOTIFY_CHANGE_LAST_ACCESS
2107 FILE_NOTIFY_CHANGE_CREATION ( change of creation timestamp )
2108 FILE_NOTIFY_CHANGE_EA
2109 FILE_NOTIFY_CHANGE_SECURITY
2110 FILE_NOTIFY_CHANGE_STREAM_NAME
2111 FILE_NOTIFY_CHANGE_STREAM_SIZE
2112 FILE_NOTIFY_CHANGE_STREAM_WRITE
2113 WatchTree = If true the notify will be installed recursively on the targetdirectory and all subdirectories.
2114 *
2115 * REMARKS:
2116 * The function maps to the win32 FindFirstChangeNotification, FindNextChangeNotification
2117 * RETURNS: Status
2118 */
2119 NTSTATUS
2120 STDCALL
2121 NtNotifyChangeDirectoryFile(
2122 IN HANDLE FileHandle,
2123 IN HANDLE Event OPTIONAL,
2124 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
2125 IN PVOID ApcContext OPTIONAL,
2126 OUT PIO_STATUS_BLOCK IoStatusBlock,
2127 OUT PVOID Buffer,
2128 IN ULONG BufferSize,
2129 IN ULONG CompletionFilter,
2130 IN BOOL WatchTree
2131 );
2132 NTSTATUS
2133 STDCALL
2134 NtNotifyChangeKey(
2135 IN HANDLE KeyHandle,
2136 IN HANDLE Event,
2137 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
2138 IN PVOID ApcContext OPTIONAL,
2139 OUT PIO_STATUS_BLOCK IoStatusBlock,
2140 IN ULONG CompletionFilter,
2141 IN BOOLEAN Asynchroneous,
2142 OUT PVOID ChangeBuffer,
2143 IN ULONG Length,
2144 IN BOOLEAN WatchSubtree
2145 );
2146
2147 /*
2148 * FUNCTION: Opens an existing directory object
2149 * ARGUMENTS:
2150 * FileHandle (OUT) = Caller supplied storage for the resulting handle
2151 * DesiredAccess = Requested access to the directory
2152 * ObjectAttributes = Initialized attributes for the object
2153 * RETURNS: Status
2154 */
2155
2156 NTSTATUS
2157 STDCALL
2158 NtOpenDirectoryObject(
2159 OUT PHANDLE FileHandle,
2160 IN ACCESS_MASK DesiredAccess,
2161 IN POBJECT_ATTRIBUTES ObjectAttributes
2162 );
2163 /*
2164 * FUNCTION: Opens an existing event
2165 * ARGUMENTS:
2166 * EventHandle (OUT) = Caller supplied storage for the resulting handle
2167 * DesiredAccess = Requested access to the event
2168 * ObjectAttributes = Initialized attributes for the object
2169 * RETURNS: Status
2170 */
2171 NTSTATUS
2172 STDCALL
2173 NtOpenEvent(
2174 OUT PHANDLE EventHandle,
2175 IN ACCESS_MASK DesiredAccess,
2176 IN POBJECT_ATTRIBUTES ObjectAttributes
2177 );
2178 /*
2179 * FUNCTION: Opens an existing file
2180 * ARGUMENTS:
2181 * FileHandle (OUT) = Caller supplied storage for the resulting handle
2182 * DesiredAccess = Requested access to the file
2183 * ObjectAttributes = Initialized attributes for the object
2184 * IoStatusBlock =
2185 * ShareAccess =
2186 * OpenOptions =
2187 * RETURNS: Status
2188 */
2189 NTSTATUS
2190 STDCALL
2191 NtOpenFile(
2192 OUT PHANDLE FileHandle,
2193 IN ACCESS_MASK DesiredAccess,
2194 IN POBJECT_ATTRIBUTES ObjectAttributes,
2195 OUT PIO_STATUS_BLOCK IoStatusBlock,
2196 IN ULONG ShareAccess,
2197 IN ULONG OpenOptions
2198 );
2199
2200 /*
2201 * FUNCTION: Opens an existing io completion object
2202 * ARGUMENTS:
2203 * CompletionPort (OUT) = Caller supplied storage for the resulting handle
2204 * DesiredAccess = Requested access to the io completion object
2205 * ObjectAttributes = Initialized attributes for the object
2206 * RETURNS: Status
2207 */
2208
2209 NTSTATUS
2210 STDCALL
2211 NtOpenIoCompletion(
2212 OUT PHANDLE CompetionPort,
2213 IN ACCESS_MASK DesiredAccess,
2214 IN POBJECT_ATTRIBUTES ObjectAttributes
2215 );
2216
2217 /*
2218 * FUNCTION: Opens an existing key in the registry
2219 * ARGUMENTS:
2220 * KeyHandle (OUT) = Caller supplied storage for the resulting handle
2221 * DesiredAccess = Requested access to the key
2222 * ObjectAttributes = Initialized attributes for the object
2223 * RETURNS: Status
2224 */
2225 NTSTATUS
2226 STDCALL
2227 NtOpenKey(
2228 OUT PHANDLE KeyHandle,
2229 IN ACCESS_MASK DesiredAccess,
2230 IN POBJECT_ATTRIBUTES ObjectAttributes
2231 );
2232 /*
2233 * FUNCTION: Opens an existing key in the registry
2234 * ARGUMENTS:
2235 * MutantHandle (OUT) = Caller supplied storage for the resulting handle
2236 * DesiredAccess = Requested access to the mutant
2237 * ObjectAttribute = Initialized attributes for the object
2238 * RETURNS: Status
2239 */
2240 NTSTATUS
2241 STDCALL
2242 NtOpenMutant(
2243 OUT PHANDLE MutantHandle,
2244 IN ACCESS_MASK DesiredAccess,
2245 IN POBJECT_ATTRIBUTES ObjectAttributes
2246 );
2247
2248 /*
2249 * FUNCTION: Opens an existing process
2250 * ARGUMENTS:
2251 * ProcessHandle (OUT) = Caller supplied storage for the resulting handle
2252 * DesiredAccess = Requested access to the process
2253 * ObjectAttribute = Initialized attributes for the object
2254 * ClientId = Identifies the process id to open
2255 * RETURNS: Status
2256 */
2257 NTSTATUS
2258 STDCALL
2259 NtOpenProcess (
2260 OUT PHANDLE ProcessHandle,
2261 IN ACCESS_MASK DesiredAccess,
2262 IN POBJECT_ATTRIBUTES ObjectAttributes,
2263 IN PCLIENT_ID ClientId
2264 );
2265 /*
2266 * FUNCTION: Opens an existing section object
2267 * ARGUMENTS:
2268 * KeyHandle (OUT) = Caller supplied storage for the resulting handle
2269 * DesiredAccess = Requested access to the key
2270 * ObjectAttribute = Initialized attributes for the object
2271 * RETURNS: Status
2272 */
2273 NTSTATUS
2274 STDCALL
2275 NtOpenSection(
2276 OUT PHANDLE SectionHandle,
2277 IN ACCESS_MASK DesiredAccess,
2278 IN POBJECT_ATTRIBUTES ObjectAttributes
2279 );
2280 /*
2281 * FUNCTION: Opens an existing semaphore
2282 * ARGUMENTS:
2283 * SemaphoreHandle (OUT) = Caller supplied storage for the resulting handle
2284 * DesiredAccess = Requested access to the semaphore
2285 * ObjectAttribute = Initialized attributes for the object
2286 * RETURNS: Status
2287 */
2288 NTSTATUS
2289 STDCALL
2290 NtOpenSemaphore(
2291 IN HANDLE SemaphoreHandle,
2292 IN ACCESS_MASK DesiredAcces,
2293 IN POBJECT_ATTRIBUTES ObjectAttributes
2294 );
2295 /*
2296 * FUNCTION: Opens an existing symbolic link
2297 * ARGUMENTS:
2298 * SymbolicLinkHandle (OUT) = Caller supplied storage for the resulting handle
2299 * DesiredAccess = Requested access to the symbolic link
2300 * ObjectAttribute = Initialized attributes for the object
2301 * RETURNS: Status
2302 */
2303 NTSTATUS
2304 STDCALL
2305 NtOpenSymbolicLinkObject(
2306 OUT PHANDLE SymbolicLinkHandle,
2307 IN ACCESS_MASK DesiredAccess,
2308 IN POBJECT_ATTRIBUTES ObjectAttributes
2309 );
2310 /*
2311 * FUNCTION: Opens an existing thread
2312 * ARGUMENTS:
2313 * ThreadHandle (OUT) = Caller supplied storage for the resulting handle
2314 * DesiredAccess = Requested access to the thread
2315 * ObjectAttribute = Initialized attributes for the object
2316 * ClientId = Identifies the thread to open.
2317 * RETURNS: Status
2318 */
2319 NTSTATUS
2320 STDCALL
2321 NtOpenThread(
2322 OUT PHANDLE ThreadHandle,
2323 IN ACCESS_MASK DesiredAccess,
2324 IN POBJECT_ATTRIBUTES ObjectAttributes,
2325 IN PCLIENT_ID ClientId
2326 );
2327 /*
2328 * FUNCTION: Opens an existing timer
2329 * ARGUMENTS:
2330 * TimerHandle (OUT) = Caller supplied storage for the resulting handle
2331 * DesiredAccess = Requested access to the timer
2332 * ObjectAttribute = Initialized attributes for the object
2333 * RETURNS: Status
2334 */
2335 NTSTATUS
2336 STDCALL
2337 NtOpenTimer(
2338 OUT PHANDLE TimerHandle,
2339 IN ACCESS_MASK DesiredAccess,
2340 IN POBJECT_ATTRIBUTES ObjectAttributes
2341 );
2342 /*
2343 * FUNCTION: Entry point for native applications
2344 * ARGUMENTS:
2345 * Argument = Arguments passed to the application by the system [ at boot time ]
2346 * REMARKS:
2347 * Native applications should use this function instead of a main.
2348 * RETURNS: Status
2349 */
2350 void NtProcessStartup(
2351 IN PSTARTUP_ARGUMENT Argument
2352 );
2353
2354 /*
2355 * FUNCTION: Set the access protection of a range of virtual memory
2356 * ARGUMENTS:
2357 * ProcessHandle = Handle to process owning the virtual address space
2358 * BaseAddress = Start address
2359 * NumberOfBytesToProtect = Delimits the range of virtual memory
2360 * for which the new access protection holds
2361 * NewAccessProtection = The new access proctection for the pages
2362 * OldAccessProtection = Caller should supply storage for the old
2363 * access protection
2364 *
2365 * REMARKS:
2366 * The function maps to the win32 VirtualProtectEx
2367 * RETURNS: Status
2368 */
2369 NTSTATUS
2370 STDCALL
2371 NtProtectVirtualMemory(
2372 IN HANDLE ProcessHandle,
2373 IN PVOID BaseAddress,
2374 IN ULONG NumberOfBytesToProtect,
2375 IN ULONG NewAccessProtection,
2376 OUT PULONG OldAccessProtection
2377 );
2378
2379 /*
2380 * FUNCTION: Signals an event and resets it afterwards.
2381 * ARGUMENTS:
2382 * EventHandle = Handle to the event
2383 * PulseCount = Number of times the action should be repeated
2384 * RETURNS: Status
2385 */
2386 NTSTATUS
2387 STDCALL
2388 NtPulseEvent(
2389 IN HANDLE EventHandle,
2390 IN PULONG PulseCount OPTIONAL
2391 );
2392
2393 //-- NtQueryAttributesFile
2394
2395 // FileNameInformation - FILE_NAMES_INFORMATION
2396
2397 NTSTATUS
2398 STDCALL
2399 NtQueryDirectoryFile(
2400 IN HANDLE FileHandle,
2401 IN HANDLE Event OPTIONAL,
2402 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
2403 IN PVOID ApcContext OPTIONAL,
2404 OUT PIO_STATUS_BLOCK IoStatusBlock,
2405 OUT PVOID FileInformation,
2406 IN ULONG Length,
2407 IN FILE_INFORMATION_CLASS FileInformationClass,
2408 IN BOOLEAN ReturnSingleEntry,
2409 IN PUNICODE_STRING FileName OPTIONAL,
2410 IN BOOLEAN RestartScan
2411 );
2412
2413 /*
2414 * FUNCTION: Query information about the content of a directory object
2415 * ARGUMENTS:
2416 DirObjInformation = Buffer must be large enough to hold the name strings too
2417 GetNextIndex = If TRUE :return the index of the next object in this directory in ObjectIndex
2418 If FALSE: return the number of objects in this directory in ObjectIndex
2419 IgnoreInputIndex= If TRUE: ignore input value of ObjectIndex always start at index 0
2420 If FALSE use input value of ObjectIndex
2421 ObjectIndex = zero based index of object in the directory depends on GetNextIndex and IgnoreInputIndex
2422 DataWritten = Actual size of the ObjectIndex ???
2423 * RETURNS: Status
2424 */
2425 NTSTATUS
2426 STDCALL
2427 NtQueryDirectoryObject(
2428 IN HANDLE DirObjHandle,
2429 OUT POBJDIR_INFORMATION DirObjInformation,
2430 IN ULONG BufferLength,
2431 IN BOOLEAN GetNextIndex,
2432 IN BOOLEAN IgnoreInputIndex,
2433 IN OUT PULONG ObjectIndex,
2434 OUT PULONG DataWritten OPTIONAL
2435 );
2436
2437 NTSTATUS
2438 STDCALL
2439 NtQueryEaFile(
2440 IN HANDLE FileHandle,
2441 OUT PIO_STATUS_BLOCK IoStatusBlock,
2442 OUT PVOID Buffer,
2443 IN ULONG Length,
2444 IN BOOLEAN ReturnSingleEntry,
2445 IN PVOID EaList OPTIONAL,
2446 IN ULONG EaListLength,
2447 IN PULONG EaIndex OPTIONAL,
2448 IN BOOLEAN RestartScan
2449 );
2450 /*
2451 * FUNCTION: Queries an event
2452 * ARGUMENTS:
2453 * EventHandle = Handle to the event
2454 * EventInformationClass = Index of the information structure
2455
2456 EventBasicInformation EVENT_BASIC_INFORMATION
2457
2458 * EventInformation = Caller supplies storage for the information structure
2459 * EventInformationLength = Size of the information structure
2460 * ReturnLength = Data written
2461 * RETURNS: Status
2462 */
2463
2464
2465 NTSTATUS
2466 STDCALL
2467 NtQueryEvent(
2468 IN HANDLE EventHandle,
2469 IN CINT EventInformationClass,
2470 OUT PVOID EventInformation,
2471 IN ULONG EventInformationLength,
2472 OUT PULONG ReturnLength
2473 );
2474 //-- NtQueryFullAttributesFile
2475 //-- NtQueryInformationAtom
2476
2477
2478
2479 /*
2480 * FUNCTION: Queries the information of a file object.
2481 * ARGUMENTS:
2482 * FileHandle = Handle to the file object
2483 * IoStatusBlock = Caller supplies storage for extended information
2484 * on the current operation.
2485 * FileInformation = Storage for the new file information
2486 * Lenght = Size of the storage for the file information.
2487 * FileInformationClass = Indicates which file information is queried
2488
2489 FileDirectoryInformation FILE_DIRECTORY_INFORMATION
2490 FileFullDirectoryInformation FILE_FULL_DIRECTORY_INFORMATION
2491 FileBothDirectoryInformation FILE_BOTH_DIRECTORY_INFORMATION
2492 FileBasicInformation FILE_BASIC_INFORMATION
2493 FileStandardInformation FILE_STANDARD_INFORMATION
2494 FileInternalInformation FILE_INTERNAL_INFORMATION
2495 FileEaInformation FILE_EA_INFORMATION
2496 FileAccessInformation FILE_ACCESS_INFORMATION
2497 FileNameInformation FILE_NAME_INFORMATION
2498 FileRenameInformation FILE_RENAME_INFORMATION
2499 FileLinkInformation
2500 FileNamesInformation FILE_NAMES_INFORMATION
2501 FileDispositionInformation FILE_DISPOSITION_INFORMATION
2502 FilePositionInformation FILE_POSITION_INFORMATION
2503 FileFullEaInformation FILE_FULL_EA_INFORMATION
2504 FileModeInformation FILE_MODE_INFORMATION
2505 FileAlignmentInformation FILE_ALIGNMENT_INFORMATION
2506 FileAllInformation FILE_ALL_INFORMATION
2507 FileAllocationInformation FILE_ALLOCATION_INFORMATION
2508 FileEndOfFileInformation FILE_END_OF_FILE_INFORMATION
2509 FileAlternateNameInformation
2510 FileStreamInformation FILE_STREAM_INFORMATION
2511 FilePipeInformation
2512 FilePipeLocalInformation
2513 FilePipeRemoteInformation
2514 FileMailslotQueryInformation
2515 FileMailslotSetInformation
2516 FileCompressionInformation FILE_COMPRESSION_INFORMATION
2517 FileCopyOnWriteInformation
2518 FileCompletionInformation IO_COMPLETION_CONTEXT
2519 FileMoveClusterInformation
2520 FileOleClassIdInformation
2521 FileOleStateBitsInformation
2522 FileNetworkOpenInformation FILE_NETWORK_OPEN_INFORMATION
2523 FileObjectIdInformation
2524 FileOleAllInformation
2525 FileOleDirectoryInformation
2526 FileContentIndexInformation
2527 FileInheritContentIndexInformation
2528 FileOleInformation
2529 FileMaximumInformation
2530
2531 * REMARK:
2532 * This procedure maps to the win32 GetShortPathName, GetLongPathName,
2533 GetFullPathName, GetFileType, GetFileSize, GetFileTime functions.
2534 * RETURNS: Status
2535 */
2536 NTSTATUS
2537 STDCALL
2538 NtQueryInformationFile(
2539 IN HANDLE FileHandle,
2540 OUT PIO_STATUS_BLOCK IoStatusBlock,
2541 OUT PVOID FileInformation,
2542 IN ULONG Length,
2543 IN CINT FileInformationClass
2544 );
2545
2546 /*
2547 * FUNCTION: Queries the information of a process object.
2548 * ARGUMENTS:
2549 * ProcessHandle = Handle to the process object
2550 * ProcessInformation = Index to a certain information structure
2551
2552 ProcessBasicInformation PROCESS_BASIC_INFORMATION
2553 ProcessQuotaLimits QUOTA_LIMITS
2554 ProcessIoCounters IO_COUNTERS
2555 ProcessVmCounters VM_COUNTERS
2556 ProcessTimes KERNEL_USER_TIMES
2557 ProcessBasePriority KPRIORITY
2558 ProcessRaisePriority KPRIORITY
2559 ProcessDebugPort HANDLE
2560 ProcessExceptionPort HANDLE
2561 ProcessAccessToken PROCESS_ACCESS_TOKEN
2562 ProcessLdtInformation LDT_ENTRY ??
2563 ProcessLdtSize ??
2564 ProcessDefaultHardErrorMode ULONG
2565 ProcessIoPortHandlers // kernel mode only
2566 ProcessPooledUsageAndLimits POOLED_USAGE_AND_LIMITS
2567 ProcessWorkingSetWatch PROCESS_WS_WATCH_INFORMATION
2568 ProcessUserModeIOPL (I/O Privilege Level)
2569 ProcessEnableAlignmentFaultFixup BOOLEAN
2570 ProcessPriorityClass ULONG
2571 ProcessWx86Information ULONG
2572 ProcessHandleCount ULONG
2573 ProcessAffinityMask ULONG
2574 ProcessPooledQuotaLimits QUOTA_LIMITS
2575 MaxProcessInfoClass ??
2576
2577 * ProcessInformation = Caller supplies storage for the process information structure
2578 * ProcessInformationLength = Size of the process information structure
2579 * ReturnLength = Actual number of bytes written
2580
2581 * REMARK:
2582 * This procedure maps to the win32 GetProcessTimes, GetProcessVersion,
2583 GetProcessWorkingSetSize, GetProcessPriorityBoost, GetProcessAffinityMask, GetPriorityClass,
2584 GetProcessShutdownParameters functions.
2585 * RETURNS: Status
2586 */
2587
2588
2589
2590
2591 NTSTATUS
2592 STDCALL
2593 NtQueryInformationProcess(
2594 IN HANDLE ProcessHandle,
2595 IN CINT ProcessInformationClass,
2596 OUT PVOID ProcessInformation,
2597 IN ULONG ProcessInformationLength,
2598 OUT PULONG ReturnLength
2599 );
2600
2601
2602
2603 /*
2604 * FUNCTION: Queries the information of a thread object.
2605 * ARGUMENTS:
2606 * ThreadHandle = Handle to the thread object
2607 * ThreadInformationClass = Index to a certain information structure
2608
2609 ThreadBasicInformation THREAD_BASIC_INFORMATION
2610 ThreadTimes KERNEL_USER_TIMES
2611 ThreadPriority KPRIORITY
2612 ThreadBasePriority KPRIORITY
2613 ThreadAffinityMask KAFFINITY
2614 ThreadImpersonationToken
2615 ThreadDescriptorTableEntry
2616 ThreadEnableAlignmentFaultFixup
2617 ThreadEventPair
2618 ThreadQuerySetWin32StartAddress
2619 ThreadZeroTlsCell
2620 ThreadPerformanceCount
2621 ThreadAmILastThread BOOLEAN
2622 ThreadIdealProcessor ULONG
2623 ThreadPriorityBoost ULONG
2624 MaxThreadInfoClass
2625
2626
2627 * ThreadInformation = Caller supplies torage for the thread information
2628 * ThreadInformationLength = Size of the thread information structure
2629 * ReturnLength = Actual number of bytes written
2630
2631 * REMARK:
2632 * This procedure maps to the win32 GetThreadTimes, GetThreadPriority,
2633 GetThreadPriorityBoost functions.
2634 * RETURNS: Status
2635 */
2636
2637
2638 NTSTATUS
2639 STDCALL
2640 NtQueryInformationThread(
2641 IN HANDLE ThreadHandle,
2642 IN CINT ThreadInformationClass,
2643 OUT PVOID ThreadInformation,
2644 IN ULONG ThreadInformationLength,
2645 OUT PULONG ReturnLength
2646 );
2647
2648 NTSTATUS
2649 STDCALL
2650 NtQueryIoCompletion(
2651 IN HANDLE CompletionPort,
2652 IN CINT CompletionInformationClass,
2653 OUT PVOID CompletionInformation,
2654 IN ULONG Length,
2655 OUT PULONG ReturnLength
2656 );
2657
2658
2659 /*
2660 * FUNCTION: Queries the information of a registry key object.
2661 * ARGUMENTS:
2662 KeyHandle = Handle to a registry key
2663 KeyInformationClass = Index to a certain information structure
2664 KeyInformation = Caller supplies storage for resulting information
2665 Length = Size of the supplied storage
2666 ResultLength = Bytes written
2667 */
2668 NTSTATUS
2669 STDCALL
2670 NtQueryKey(
2671 IN HANDLE KeyHandle,
2672 IN CINT KeyInformationClass,
2673 OUT PVOID KeyInformation,
2674 IN ULONG Length,
2675 OUT PULONG ResultLength
2676 );
2677
2678
2679
2680 // preliminary guess
2681
2682 NTSTATUS
2683 STDCALL
2684 NtQueryMultipleValueKey(
2685 HANDLE KeyHandle,
2686 PVALENT ListOfValuesToQuery,
2687 ULONG NumberOfItems,
2688 PVOID MultipleValueInformation,
2689 ULONG Length,
2690 PULONG ReturnLength
2691 );
2692
2693 /*
2694 * FUNCTION: Queries the information of a mutant object.
2695 * ARGUMENTS:
2696 MutantHandle = Handle to a mutant
2697 MutantInformationClass = Index to a certain information structure
2698 MutantInformation = Caller supplies storage for resulting information
2699 Length = Size of the supplied storage
2700 ResultLength = Bytes written
2701 */
2702 NTSTATUS
2703 STDCALL
2704 NtQueryMutant(
2705 IN HANDLE MutantHandle,
2706 IN CINT MutantInformationClass,
2707 OUT PVOID MutantInformation,
2708 IN ULONG Length,
2709 OUT PULONG ResultLength
2710 );
2711
2712 /*
2713 * FUNCTION: Queries the information of a object.
2714 * ARGUMENTS:
2715 ObjectHandle = Handle to a object
2716 ObjectInformationClass = Index to a certain information structure
2717
2718 ObjectBasicInformation
2719 ObjectTypeInformation OBJECT_TYPE_INFORMATION
2720 ObjectNameInformation OBJECT_NAME_INFORMATION
2721 ObjectDataInformation OBJECT_DATA_INFORMATION
2722
2723 ObjectInformation = Caller supplies storage for resulting information
2724 Length = Size of the supplied storage
2725 ResultLength = Bytes written
2726 */
2727
2728 NTSTATUS
2729 STDCALL
2730 NtQueryObject(
2731 IN HANDLE ObjectHandle,
2732 IN CINT ObjectInformationClass,
2733 OUT PVOID ObjectInformation,
2734 IN ULONG Length,
2735 OUT PULONG ResultLength
2736 );
2737
2738 /*
2739 * FUNCTION: Queries the system ( high-resolution ) performance counter.
2740 * ARGUMENTS:
2741 * Counter = Performance counter
2742 * Frequency = Performance frequency
2743 * REMARKS:
2744 This procedure queries a tick count faster than 10ms ( The resolution for IntelĀ®-based CPUs is about 0.8 microseconds.)
2745 This procedure maps to the win32 QueryPerformanceCounter, QueryPerformanceFrequency
2746 * RETURNS: Status
2747 *
2748 */
2749 NTSTATUS
2750 STDCALL
2751 NtQueryPerformanceCounter(
2752 IN PLARGE_INTEGER Counter,
2753 IN PLARGE_INTEGER Frequency
2754 );
2755 /*
2756 * FUNCTION: Queries the information of a section object.
2757 * ARGUMENTS:
2758 * SectionHandle = Handle to the section link object
2759 * SectionInformationClass = Index to a certain information structure
2760 * SectionInformation (OUT)= Caller supplies storage for resulting information
2761 * Length = Size of the supplied storage
2762 * ResultLength = Data written
2763 * RETURNS: Status
2764 *
2765 */
2766 NTSTATUS
2767 STDCALL
2768 NtQuerySection(
2769 IN HANDLE SectionHandle,
2770 IN CINT SectionInformationClass,
2771 OUT PVOID SectionInformation,
2772 IN ULONG Length,
2773 OUT PULONG ResultLength
2774 );
2775
2776
2777 /*
2778 * FUNCTION: Queries the information of a semaphore.
2779 * ARGUMENTS:
2780 * SemaphoreHandle = Handle to the semaphore object
2781 * SemaphoreInformationClass = Index to a certain information structure
2782
2783 SemaphoreBasicInformation SEMAPHORE_BASIC_INFORMATION
2784
2785 * SemaphoreInformation = Caller supplies storage for the semaphore information structure
2786 * Length = Size of the infomation structure
2787 */
2788
2789 NTSTATUS
2790 STDCALL
2791 NtQuerySemaphore(
2792 HANDLE SemaphoreHandle,
2793 CINT SemaphoreInformationClass,
2794 OUT PVOID SemaphoreInformation,
2795 ULONG Length,
2796 PULONG ReturnLength
2797 );
2798
2799 /*
2800 * FUNCTION: Queries the information of a symbolic link object.
2801 * ARGUMENTS:
2802 * SymbolicLinkHandle = Handle to the symbolic link object
2803 * LinkName = resolved name of link
2804 * DataWritten = size of the LinkName.
2805 * RETURNS: Status
2806 *
2807 */
2808 NTSTATUS
2809 STDCALL
2810 NtQuerySymbolicLinkObject(
2811 IN HANDLE SymLinkObjHandle,
2812 OUT PUNICODE_STRING LinkName,
2813 OUT PULONG DataWritten OPTIONAL
2814 );
2815 //-- NtQuerySystemEnvironmentValue
2816
2817
2818 /*
2819 * FUNCTION: Queries the system information.
2820 * ARGUMENTS:
2821 * SystemInformationClass = Index to a certain information structure
2822
2823 SystemTimeAdjustmentInformation SYSTEM_TIME_ADJUSTMENT
2824 SystemCacheInformation SYSTEM_CACHE_INFORMATION
2825
2826 * SystemInformation = caller supplies storage for the information structure
2827 * Length = size of the structure
2828 ResultLength = Data written
2829 * RETURNS: Status
2830 *
2831 */
2832 NTSTATUS
2833 STDCALL
2834 NtQuerySystemInformation(
2835 IN CINT SystemInformationClass,
2836 OUT PVOID SystemInformation,
2837 IN ULONG Length,
2838 OUT PULONG ResultLength
2839 );
2840
2841 /*
2842 * FUNCTION: Retrieves the system time
2843 * ARGUMENTS:
2844 * CurrentTime (OUT) = Caller should supply storage for the resulting time.
2845 * RETURNS: Status
2846 *
2847 */
2848
2849 NTSTATUS
2850 STDCALL
2851 NtQuerySystemTime (
2852 OUT PLARGE_INTEGER CurrentTime
2853 );
2854 //-- NtQueryTimer
2855
2856 /*
2857 * FUNCTION: Queries the timer resolution
2858 * ARGUMENTS:
2859 * MinimumResolution (OUT) = Caller should supply storage for the resulting time.
2860 Maximum Resolution (OUT) = Caller should supply storage for the resulting time.
2861 ActualResolution (OUT) = Caller should supply storage for the resulting time.
2862 * RETURNS: Status
2863 *
2864 */
2865
2866
2867 NTSTATUS
2868 NtQueryTimerResolution (
2869 OUT PULONG MinimumResolution,
2870 OUT PULONG MaximumResolution,
2871 OUT PULONG ActualResolution
2872 );
2873
2874 /*
2875 * FUNCTION: Queries a registry key value
2876 * ARGUMENTS:
2877 * KeyHandle = Handle to the registry key
2878 ValueName = Name of the value in the registry key
2879 KeyValueInformationClass = Index to a certain information structure
2880
2881 KeyValueBasicInformation = KEY_VALUE_BASIC_INFORMATION
2882 KeyValueFullInformation = KEY_FULL_INFORMATION
2883 KeyValuePartialInformation = KEY_VALUE_PARTIAL_INFORMATION
2884
2885 KeyValueInformation = Caller supplies storage for the information structure
2886 Length = Size of the information structure
2887 ResultLength = Data written
2888 * RETURNS: Status
2889 *
2890 */
2891 NTSTATUS
2892 STDCALL
2893 NtQueryValueKey(
2894 IN HANDLE KeyHandle,
2895 IN PUNICODE_STRING ValueName,
2896 IN CINT KeyValueInformationClass,
2897 OUT PVOID KeyValueInformation,
2898 IN ULONG Length,
2899 OUT PULONG ResultLength
2900 );
2901
2902
2903
2904 /*
2905 * FUNCTION: Queries the virtual memory information.
2906 * ARGUMENTS:
2907 ProcessHandle = Process owning the virtual address space
2908 BaseAddress = Points to the page where the information is queried for.
2909 * VirtualMemoryInformationClass = Index to a certain information structure
2910
2911 MemoryBasicInformation MEMORY_BASIC_INFORMATION
2912
2913 * VirtualMemoryInformation = caller supplies storage for the information structure
2914 * Length = size of the structure
2915 ResultLength = Data written
2916 * RETURNS: Status
2917 *
2918 */
2919
2920 NTSTATUS
2921 STDCALL
2922 NtQueryVirtualMemory(
2923 IN HANDLE ProcessHandle,
2924 IN PVOID Address,
2925 IN IN CINT VirtualMemoryInformationClass,
2926 OUT PVOID VirtualMemoryInformation,
2927 IN ULONG Length,
2928 OUT PULONG ResultLength
2929 );
2930 /*
2931 * FUNCTION: Queries the volume information
2932 * ARGUMENTS:
2933 * FileHandle =
2934 ReturnLength = DataWritten
2935 FSInformation = Caller should supply storage for the information structure.
2936 Length = Size of the information structure
2937 FSInformationClass = Index to a information structure
2938
2939 FileFsVolumeInformation FILE_FS_VOLUME_INFORMATION
2940 FileFsLabelInformation FILE_FS_LABEL_INFORMATION
2941 FileFsSizeInformation FILE_FS_SIZE_INFORMATION
2942 FileFsDeviceInformation FILE_FS_DEVICE_INFORMATION
2943 FileFsAttributeInformation FILE_FS_ATTRIBUTE_INFORMATION
2944 FileFsControlInformation
2945 FileFsQuotaQueryInformation --
2946 FileFsQuotaSetInformation --
2947 FileFsMaximumInformation
2948
2949 * RETURNS: Status
2950 *
2951 */
2952 NTSTATUS
2953 STDCALL
2954 NtQueryVolumeInformationFile(
2955 IN HANDLE FileHandle,
2956 OUT PIO_STATUS_BLOCK IoStatusBlock,
2957 OUT PVOID FSInformation,
2958 IN ULONG Length,
2959 IN CINT FSInformationClass
2960 );
2961 // NtQueueApcThread
2962 /*
2963 * FUNCTION: Raises an exception
2964 * ARGUMENTS:
2965 ExceptionRecord = Structure specifying the exception
2966 Context = Context in which the excpetion is raised
2967 * IsDebugger =
2968 * RETURNS: Status
2969 *
2970 */
2971
2972
2973 NTSTATUS
2974 STDCALL
2975 NtRaiseException(
2976 IN PEXCEPTION_RECORD ExceptionRecord,
2977 IN PCONTEXT Context,
2978 IN BOOL IsDebugger OPTIONAL
2979 );
2980
2981 //NtRaiseHardError
2982 /*
2983 * FUNCTION: Read a file
2984 * ARGUMENTS:
2985 FileHandle = Handle of a file to read
2986 Event = This event is signalled when the read operation completes
2987 * UserApcRoutine = Call back , if supplied Event should be NULL
2988 UserApcContext = Argument to the callback
2989 IoStatusBlock = Caller should supply storage for additional status information
2990 Buffer = Caller should supply storage to receive the information
2991 BufferLength = Size of the buffer
2992 ByteOffset = Offset to start reading the file
2993 Key = unused
2994 * RETURNS: Status
2995 *
2996 */
2997
2998
2999 NTSTATUS
3000 STDCALL
3001 NtReadFile(
3002 IN HANDLE FileHandle,
3003 IN HANDLE Event OPTIONAL,
3004 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL,
3005 IN PVOID UserApcContext OPTIONAL,
3006 OUT PIO_STATUS_BLOCK IoStatusBlock,
3007 OUT PVOID Buffer,
3008 IN ULONG BufferLength,
3009 IN PLARGE_INTEGER ByteOffset OPTIONAL,
3010 IN PULONG Key OPTIONAL
3011 );
3012 /*
3013 * FUNCTION: Read a file using scattered io
3014 * ARGUMENTS:
3015 FileHandle = Handle of a file to read
3016 Event = This event is signalled when the read operation completes
3017 * UserApcRoutine = Call back , if supplied Event should be NULL
3018 UserApcContext = Argument to the callback
3019 IoStatusBlock = Caller should supply storage for additional status information
3020 BufferDescription = Caller should supply storage to receive the information
3021 BufferLength = Size of the buffer
3022 ByteOffset = Offset to start reading the file
3023 Key = unused
3024 * RETURNS: Status
3025 *
3026 */
3027 NTSTATUS
3028 STDCALL
3029 NtReadFileScatter(
3030 IN HANDLE FileHandle,
3031 IN HANDLE Event OPTIONAL,
3032 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL,
3033 IN PVOID UserApcContext OPTIONAL,
3034 OUT PIO_STATUS_BLOCK UserIoStatusBlock,
3035 IN FILE_SEGMENT_ELEMENT BufferDescription[],
3036 IN ULONG BufferLength,
3037 IN PLARGE_INTEGER ByteOffset,
3038 IN PULONG Key OPTIONAL
3039 );
3040 /*
3041 * FUNCTION: Copies a range of virtual memory to a buffer
3042 * ARGUMENTS:
3043 * ProcessHandle = Specifies the process owning the virtual address space
3044 * BaseAddress = Points to the address of virtual memory to start the read
3045 * Buffer = Caller supplies storage to copy the virtual memory to.
3046 * NumberOfBytesToRead = Limits the range to read
3047 * NumberOfBytesRead = The actual number of bytes read.
3048 * RETURNS: Status
3049 */
3050
3051 NTSTATUS
3052 STDCALL
3053 NtReadVirtualMemory(
3054 IN HANDLE ProcessHandle,
3055 IN PVOID BaseAddress,
3056 OUT PVOID Buffer,
3057 IN ULONG NumberOfBytesToRead,
3058 OUT PULONG NumberOfBytesRead
3059 );
3060 //FIXME: Is the parameters correctly named ? ThreadHandle might be a TerminationPort
3061 /*
3062 * FUNCTION: Debugger can register for thread termination
3063 * ARGUMENTS:
3064 * ThreadHandle =
3065 * RETURNS: Status
3066 */
3067
3068 NTSTATUS
3069 STDCALL
3070 NtRegisterThreadTerminatePort(
3071 HANDLE ThreadHandle
3072 );
3073 /*
3074 * FUNCTION: Releases a mutant
3075 * ARGUMENTS:
3076 * MutantHandle =
3077 * ReleaseCount =
3078 * RETURNS: Status
3079 */
3080 NTSTATUS
3081 STDCALL
3082 NtReleaseMutant(
3083 IN HANDLE MutantHandle,
3084 IN PULONG ReleaseCount OPTIONAL
3085 );
3086 /*
3087 * FUNCTION: Releases a semaphore
3088 * ARGUMENTS:
3089 * SemaphoreHandle = Handle to the semaphore object
3090 * ReleaseCount =
3091 * PreviousCount =
3092 * RETURNS: Status
3093 */
3094 NTSTATUS
3095 STDCALL
3096 NtReleaseSemaphore(
3097 IN HANDLE SemaphoreHandle,
3098 IN ULONG ReleaseCount,
3099 IN PULONG PreviousCount
3100 );
3101 /*
3102 * FUNCTION: Removes an io completion
3103 * ARGUMENTS:
3104 * CompletionPort (OUT) = Caller supplied storage for the resulting handle
3105 * CompletionKey = Requested access to the key
3106 * IoStatusBlock =
3107 * ObjectAttribute = Initialized attributes for the object
3108 * CompletionStatus =
3109 * WaitTime =
3110 * RETURNS: Status
3111 */
3112 NTSTATUS
3113 STDCALL
3114 NtRemoveIoCompletion(
3115 IN HANDLE CompletionPort,
3116 OUT PULONG CompletionKey,
3117 OUT PIO_STATUS_BLOCK IoStatusBlock,
3118 OUT PULONG CompletionStatus,
3119 ULONG WaitTime
3120 );
3121 /*
3122 * FUNCTION: Replaces one registry key with another
3123 * ARGUMENTS:
3124 * ObjectAttributes = Specifies the attributes of the key
3125 * Key = Handle to the key
3126 * ReplacedObjectAttributes = The function returns the old object attributes
3127 * RETURNS: Status
3128 */
3129 NTSTATUS
3130 STDCALL
3131 NtReplaceKey(
3132 IN POBJECT_ATTRIBUTES ObjectAttributes,
3133 IN HANDLE Key,
3134 IN POBJECT_ATTRIBUTES ReplacedObjectAttributes
3135 );
3136 /*
3137 * FUNCTION: Resets a event to a non signaled state
3138 * ARGUMENTS:
3139 * EventHandle = Handle to the event that should be reset
3140 * NumberOfWaitingThreads = The number of threads released.
3141 * RETURNS: Status
3142 */
3143 NTSTATUS
3144 STDCALL
3145 NtResetEvent(
3146 HANDLE EventHandle,
3147 PULONG NumberOfWaitingThreads OPTIONAL
3148 );
3149 //Preliminary guess
3150 NTSTATUS
3151 STDCALL
3152 NtRestoreKey(
3153 HANDLE KeyHandle,
3154 HANDLE FileHandle,
3155 ULONG RestoreFlags
3156 );
3157 /*
3158 * FUNCTION: Decrements a thread's resume count
3159 * ARGUMENTS:
3160 * ThreadHandle = Handle to the thread that should be resumed
3161 * ResumeCount = The resulting resume count.
3162 * REMARK:
3163 * A thread is resumed if its suspend count is 0. This procedure maps to
3164 * the win32 ResumeThread function. ( documentation about the the suspend count can be found here aswell )
3165 * RETURNS: Status
3166 */
3167 NTSTATUS
3168 STDCALL
3169 NtResumeThread(
3170 IN HANDLE ThreadHandle,
3171 IN PULONG SuspendCount
3172 );
3173 /*
3174 * FUNCTION: Writes the content of a registry key to ascii file
3175 * ARGUMENTS:
3176 * KeyHandle = Handle to the key
3177 * FileHandle = Handle of the file
3178 * REMARKS:
3179 This function maps to the Win32 RegSaveKey.
3180 * RETURNS: Status
3181 */
3182
3183 NTSTATUS
3184 STDCALL
3185 NtSaveKey(
3186 IN HANDLE KeyHandle,
3187 IN HANDLE FileHandle
3188 );
3189 /*
3190 * FUNCTION: Sets the context of a specified thread.
3191 * ARGUMENTS:
3192 * ThreadHandle = Handle to the thread
3193 * Context = The processor context.
3194 * RETURNS: Status
3195 */
3196
3197 NTSTATUS
3198 STDCALL
3199 NtSetContextThread(
3200 IN HANDLE ThreadHandle,
3201 IN PCONTEXT Context
3202 );
3203 /*
3204 * FUNCTION: Sets the extended attributes of a file.
3205 * ARGUMENTS:
3206 * FileHandle = Handle to the file
3207 * IoStatusBlock = Storage for a resulting status and information
3208 * on the current operation.
3209 * EaBuffer = Extended Attributes buffer.
3210 * EaBufferSize = Size of the extended attributes buffer
3211 * RETURNS: Status
3212 */
3213 NTSTATUS
3214 STDCALL
3215 NtSetEaFile(
3216 IN HANDLE FileHandle,
3217 IN PIO_STATUS_BLOCK IoStatusBlock,
3218 PVOID EaBuffer,
3219 ULONG EaBufferSize
3220 );
3221
3222 //FIXME Shoud I have input EVENT_BASIC_INFORMATION ??
3223
3224 /*
3225 * FUNCTION: Sets the attributes of an event.
3226 * ARGUMENTS:
3227 * EventHandle = Handle to the event
3228 * Count = The resulting count.
3229 * REMARK:
3230 * This procedure maps to the win32 SetEvent function.
3231 * RETURNS: Status
3232 */
3233
3234 NTSTATUS
3235 STDCALL
3236 NtSetEvent(
3237 IN HANDLE EventHandle,
3238 PULONG Count
3239 );
3240
3241 /*
3242 * FUNCTION: Sets the high part of an event pair
3243 * ARGUMENTS:
3244 EventPair = Handle to the event pair
3245 * RETURNS: Status
3246 */
3247
3248 NTSTATUS
3249 STDCALL
3250 NtSetHighEventPair(
3251 IN HANDLE EventPair
3252 );
3253
3254 /*
3255 * FUNCTION: Sets the high part of an event pair and wait for the low part
3256 * ARGUMENTS:
3257 EventPair = Handle to the event pair
3258 * RETURNS: Status
3259 */
3260 NTSTATUS
3261 STDCALL
3262 NtSetHighWaitLowEventPair(
3263 IN HANDLE EventPair
3264 );
3265
3266 /*
3267 * FUNCTION: Sets the information of a file object.
3268 * ARGUMENTS:
3269 * FileHandle = Handle to the file object
3270 * IoStatusBlock = Caller supplies storage for extended information
3271 * on the current operation.
3272 * FileInformation = Storage for the new file information
3273 * Lenght = Size of the new file information.
3274 * FileInformationClass = Indicates to a certain information structure
3275
3276 FileNameInformation FILE_NAME_INFORMATION
3277 FileRenameInformation FILE_RENAME_INFORMATION
3278 FileStreamInformation FILE_STREAM_INFORMATION
3279 * FileCompletionInformation IO_COMPLETION_CONTEXT
3280
3281 * REMARK:
3282 * This procedure maps to the win32 SetEndOfFile, SetFileAttributes,
3283 * SetNamedPipeHandleState, SetMailslotInfo functions.
3284 * RETURNS: Status
3285 */
3286
3287
3288 NTSTATUS
3289 STDCALL
3290 NtSetInformationFile(
3291 IN HANDLE FileHandle,
3292 IN PIO_STATUS_BLOCK IoStatusBlock,
3293 IN PVOID FileInformation,
3294 IN ULONG Length,
3295 IN CINT FileInformationClass
3296 );
3297
3298
3299 /*
3300 * FUNCTION: Sets the information of a registry key.
3301 * ARGUMENTS:
3302 * KeyHandle = Handle to the registry key
3303 * KeyInformationClass = Index to the a certain information structure.
3304 Can be one of the following values:
3305
3306 * KeyWriteTimeInformation KEY_WRITE_TIME_INFORMATION
3307
3308 KeyInformation = Storage for the new information
3309 * KeyInformationLength = Size of the information strucure
3310 * RETURNS: Status
3311 */
3312
3313 NTSTATUS
3314 STDCALL
3315 NtSetInformationKey(
3316 IN HANDLE KeyHandle,
3317 IN CINT KeyInformationClass,
3318 IN PVOID KeyInformation,
3319 IN ULONG KeyInformationLength
3320 );
3321 /*
3322 * FUNCTION: Changes a set of object specific parameters
3323 * ARGUMENTS:
3324 * ObjectHandle =
3325 * ObjectInformationClass = Index to the set of parameters to change.
3326
3327
3328 ObjectBasicInformation
3329 ObjectTypeInformation OBJECT_TYPE_INFORMATION
3330 ObjectAllInformation
3331 ObjectDataInformation OBJECT_DATA_INFORMATION
3332 ObjectNameInformation OBJECT_NAME_INFORMATION
3333
3334
3335 * ObjectInformation = Caller supplies storage for parameters to set.
3336 * Length = Size of the storage supplied
3337 * RETURNS: Status
3338 */
3339 NTSTATUS
3340 STDCALL
3341 NtSetInformationObject(
3342 IN HANDLE ObjectHandle,
3343 IN CINT ObjectInformationClass,
3344 IN PVOID ObjectInformation,
3345 IN ULONG Length
3346 );
3347
3348 /*
3349 * FUNCTION: Changes a set of process specific parameters
3350 * ARGUMENTS:
3351 * ProcessHandle = Handle to the process
3352 * ProcessInformationClass = Index to a information structure.
3353 *
3354 * ProcessBasicInformation PROCESS_BASIC_INFORMATION
3355 * ProcessQuotaLimits QUOTA_LIMITS
3356 * ProcessBasePriority KPRIORITY
3357 * ProcessRaisePriority KPRIORITY
3358 * ProcessDebugPort HANDLE
3359 * ProcessExceptionPort HANDLE
3360 * ProcessAccessToken PROCESS_ACCESS_TOKEN
3361 * ProcessDefaultHardErrorMode ULONG
3362 * ProcessPriorityClass ULONG
3363 * ProcessAffinityMask KAFFINITY //??
3364 *
3365 * ProcessInformation = Caller supplies storage for information to set.
3366 * ProcessInformationLength = Size of the information structure
3367 * RETURNS: Status
3368 */
3369 NTSTATUS
3370 STDCALL
3371 NtSetInformationProcess(
3372 IN HANDLE ProcessHandle,
3373 IN CINT ProcessInformationClass,
3374 IN PVOID ProcessInformation,
3375 IN ULONG ProcessInformationLength
3376 );
3377 /*
3378 * FUNCTION: Changes a set of thread specific parameters
3379 * ARGUMENTS:
3380 * ThreadHandle = Handle to the thread
3381 * ThreadInformationClass = Index to the set of parameters to change.
3382 * Can be one of the following values:
3383 *
3384 * ThreadBasicInformation THREAD_BASIC_INFORMATION
3385 * ThreadPriority KPRIORITY //???
3386 * ThreadBasePriority KPRIORITY
3387 * ThreadAffinityMask KAFFINITY //??
3388 * ThreadImpersonationToken ACCESS_TOKEN
3389 * ThreadIdealProcessor ULONG
3390 * ThreadPriorityBoost ULONG
3391 *
3392 * ThreadInformation = Caller supplies storage for parameters to set.
3393 * ThreadInformationLength = Size of the storage supplied
3394 * RETURNS: Status
3395 */
3396 NTSTATUS
3397 STDCALL
3398 NtSetInformationThread(
3399 IN HANDLE ThreadHandle,
3400 IN CINT ThreadInformationClass,
3401 IN PVOID ThreadInformation,
3402 IN ULONG ThreadInformationLength
3403 );
3404 //FIXME: Are the arguments correct
3405 // Might be a ordinary set function
3406 /*
3407 * FUNCTION: Sets an io completion
3408 * ARGUMENTS:
3409 * CompletionPort =
3410 * CompletionKey =
3411 * IoStatusBlock =
3412 * NumberOfBytesToTransfer =
3413 * NumberOfBytesTransferred =
3414 * RETURNS: Status
3415 */
3416 NTSTATUS
3417 STDCALL
3418 NtSetIoCompletion(
3419 IN HANDLE CompletionPort,
3420 IN ULONG CompletionKey,
3421 OUT PIO_STATUS_BLOCK IoStatusBlock,
3422 IN ULONG NumberOfBytesToTransfer,
3423 OUT PULONG NumberOfBytesTransferred
3424 );
3425 //FIXME: Should I have more parameters ?
3426 /*
3427 * FUNCTION: Initializes the Local Descriptor Table
3428 * ARGUMENTS:
3429 ProcessHandle =
3430 LdtEntry =
3431 * RETURNS: Status
3432 */
3433 NTSTATUS
3434 STDCALL
3435 NtSetLdtEntries(
3436 HANDLE ProcessHandle,
3437 PVOID LdtEntry // LDT_ENTR
3438 );
3439
3440 /*
3441 * FUNCTION: Sets the low part of an event pair
3442 * ARGUMENTS:
3443 EventPair = Handle to the event pair
3444 * RETURNS: Status
3445 */
3446
3447 NTSTATUS
3448 STDCALL
3449 NtSetLowEventPair(
3450 HANDLE EventPair
3451 );
3452
3453 /*
3454 * FUNCTION: Sets the low part of an event pair and wait for the high part
3455 * ARGUMENTS:
3456 EventPair = Handle to the event pair
3457 * RETURNS: Status
3458 */
3459 NTSTATUS
3460 STDCALL
3461 NtSetLowWaitHighEventPair(
3462 HANDLE EventPair
3463 );
3464
3465 //FIXME: Should Value be a void pointer or a pointer to a unicode string ?
3466 /*
3467 * FUNCTION: Sets a system environment variable
3468 * ARGUMENTS:
3469 * ValueName = Name of the environment variable
3470 * Value = Value of the environment variable
3471 * RETURNS: Status
3472 */
3473 NTSTATUS
3474 STDCALL
3475 NtSetSystemEnvironmentValue(
3476 IN PUNICODE_STRING ValueName,
3477 IN PVOID Value
3478 );
3479
3480 /*
3481 * FUNCTION: Sets system parameters
3482 * ARGUMENTS:
3483 * SystemInformationClass = Index to a particular set of system parameters
3484 * Can be one of the following values:
3485 *
3486 * SystemTimeAdjustmentInformation SYSTEM_TIME_ADJUSTMENT
3487 *
3488 * SystemInformation = Structure containing the parameters.
3489 * SystemInformationLength = Size of the structure.
3490 * RETURNS: Status
3491 */
3492 NTSTATUS
3493 STDCALL
3494 NtSetSystemInformation(
3495 IN CINT SystemInformationClass,
3496 IN PVOID SystemInformation,
3497 IN ULONG SystemInformationLength
3498 );
3499
3500 /*
3501 * FUNCTION: Sets the system time
3502 * ARGUMENTS:
3503 * SystemTime = Old System time
3504 * NewSystemTime = New System time
3505 * RETURNS: Status
3506 */
3507 NTSTATUS
3508 STDCALL
3509 NtSetSystemTime(
3510 IN PLARGE_INTEGER SystemTime,
3511 IN PLARGE_INTEGER NewSystemTime OPTIONAL
3512 );
3513 /*
3514 * FUNCTION: Sets the characteristics of a timer
3515 * ARGUMENTS:
3516 * TimerHandle =
3517 * DueTime =
3518 * CompletionRoutine =
3519 * ArgToCompletionRoutine =
3520 * Resume =
3521 * Period =
3522 * RETURNS: Status
3523 */
3524 NTSTATUS
3525 STDCALL
3526 NtSetTimer(
3527 IN HANDLE TimerHandle,
3528 IN PLARGE_INTEGER DueTime,
3529 IN PTIMERAPCROUTINE CompletionRoutine,
3530 IN PVOID ArgToCompletionRoutine,
3531 IN BOOL Resume,
3532 IN ULONG Period
3533 );
3534 /*
3535 * FUNCTION: Sets the frequency of the system timer
3536 * ARGUMENTS:
3537 * RequestedResolution =
3538 * SetOrUnset =
3539 * ActualResolution =
3540 * RETURNS: Status
3541 */
3542 NTSTATUS
3543 STDCALL
3544 NtSetTimerResolution(
3545 IN ULONG RequestedResolution,
3546 IN BOOL SetOrUnset,
3547 OUT PULONG ActualResolution
3548 );
3549 /*
3550 * FUNCTION: Sets the value of a registry key
3551 * ARGUMENTS:
3552 * KeyHandle = Handle to a registry key
3553 * ValueName = Name of the value entry to change
3554 * TitleIndex = pointer to a structure containing the new volume information
3555 * Type = Type of the registry key. Can be one of the values:
3556 * REG_BINARY
3557 * REG_DWORD A 32 bit value
3558 * REG_DWORD_LITTLE_ENDIAN Same as REG_DWORD
3559 * REG_DWORD_BIG_ENDIAN A 32 bit value whose least significant byte is at the highest address
3560 * REG_EXPAND_SZ A zero terminated wide character string with unexpanded environment variables ( "%PATH%" )
3561 * REG_LINK A zero terminated wide character string referring to a symbolic link.
3562 * REG_MULTI_SZ A series of zero-terminated strings including a additional trailing zero
3563 * REG_NONE Unspecified type
3564 * REG_SZ A wide character string ( zero terminated )
3565 * REG_RESOURCE_LIST ??
3566 * REG_RESOURCE_REQUIREMENTS_LIST ??
3567 * REG_FULL_RESOURCE_DESCRIPTOR ??
3568 * Data = Contains the data for the registry key.
3569 * DataSize = size of the data.
3570 * RETURNS: Status
3571 */
3572 NTSTATUS
3573 STDCALL
3574 NtSetValueKey(
3575 IN HANDLE KeyHandle,
3576 IN PUNICODE_STRING ValueName,
3577 IN ULONG TitleIndex OPTIONAL,
3578 IN ULONG Type,
3579 IN PVOID Data,
3580 IN ULONG DataSize
3581 );
3582 /*
3583 * FUNCTION: Sets the volume information of a file.
3584 * ARGUMENTS:
3585 * FileHandle = Handle to the file
3586 * VolumeInformationClass = specifies the particular volume information to set
3587 * VolumeInformation = pointer to a structure containing the new volume information
3588 * Length = size of the structure.
3589 * RETURNS: Status
3590 */
3591 NTSTATUS
3592 STDCALL
3593 NtSetVolumeInformationFile(
3594 IN HANDLE FileHandle,
3595 IN CINT VolumeInformationClass,
3596 PVOID VolumeInformation,
3597 ULONG Length
3598 );
3599 /*
3600 * FUNCTION: Shuts the system down
3601 * ARGUMENTS:
3602 * Action:
3603 * RETURNS: Status
3604 */
3605 NTSTATUS
3606 STDCALL
3607 NtShutdownSystem(
3608 IN SHUTDOWN_ACTION Action
3609 );
3610 /*
3611 * FUNCTION: Signals an event and wait for it to be signaled again.
3612 * ARGUMENTS:
3613 * EventHandle = Handle to the event that should be signaled
3614 * Alertable = True if the wait is alertable
3615 * Time = The time to wait
3616 * NumberOfWaitingThreads = Number of waiting threads
3617 * RETURNS: Status
3618 */
3619
3620 NTSTATUS
3621 STDCALL
3622 NtSignalAndWaitForSingleObject(
3623 IN HANDLE EventHandle,
3624 IN BOOLEAN Alertable,
3625 IN PLARGE_INTEGER Time,
3626 PULONG NumberOfWaitingThreads OPTIONAL
3627 );
3628 /*
3629 * FUNCTION: Increments a thread's resume count
3630 * ARGUMENTS:
3631 * ThreadHandle = Handle to the thread that should be resumed
3632 * PreviousSuspendCount = The resulting/previous suspend count.
3633 * REMARK:
3634 * A thread will be suspended if its suspend count is greater than 0. This procedure maps to
3635 * the win32 SuspendThread function. ( documentation about the the suspend count can be found here aswell )
3636 * The suspend count is not increased if it is greater than MAXIMUM_SUSPEND_COUNT.
3637 * RETURNS: Status
3638 */
3639 NTSTATUS
3640 STDCALL
3641 NtSuspendThread(
3642 IN HANDLE ThreadHandle,
3643 IN PULONG PreviousSuspendCount
3644 );
3645
3646 //--NtSystemDebugControl
3647 /*
3648 * FUNCTION: Terminates the execution of a process.
3649 * ARGUMENTS:
3650 * ThreadHandle = Handle to the process
3651 * ExitStatus = The exit status of the process to terminate with.
3652 * REMARKS
3653 Native applications should kill themselves using this function.
3654 * RETURNS: Status
3655 */
3656 NTSTATUS
3657 STDCALL
3658 NtTerminateProcess(
3659 IN HANDLE ProcessHandle ,
3660 IN NTSTATUS ExitStatus
3661 );
3662 /*
3663 * FUNCTION: Terminates the execution of a thread.
3664 * ARGUMENTS:
3665 * ThreadHandle = Handle to the thread
3666 * ExitStatus = The exit status of the thread to terminate with.
3667 * RETURNS: Status
3668 */
3669 NTSTATUS
3670 STDCALL
3671 NtTerminateThread(
3672 IN HANDLE ThreadHandle ,
3673 IN NTSTATUS ExitStatus
3674 );
3675 /*
3676 * FUNCTION: Test to see if there are any pending alerts for the calling thread
3677 * RETURNS: Status
3678 */
3679 NTSTATUS
3680 STDCALL
3681 NtTestAlert(
3682 VOID
3683 );
3684 /*
3685 * FUNCTION: Unloads a driver.
3686 * ARGUMENTS:
3687 * DriverServiceName = Name of the driver to unload
3688 * RETURNS: Status
3689 */
3690 NTSTATUS
3691 STDCALL
3692 NtUnloadDriver(
3693 IN PUNICODE_STRING DriverServiceName
3694 );
3695
3696 //FIXME: NtUnloadKey needs more arguments
3697 /*
3698 * FUNCTION: Unload a registry key.
3699 * ARGUMENTS:
3700 * KeyHandle = Handle to the registry key
3701 * REMARK:
3702 This procedure maps to the win32 procedure RegUnloadKey
3703 * RETURNS: Status
3704 */
3705 NTSTATUS
3706 STDCALL
3707 NtUnloadKey(
3708 HANDLE KeyHandle
3709 );
3710
3711 /*
3712 * FUNCTION: Unlocks a range of bytes in a file.
3713 * ARGUMENTS:
3714 * FileHandle = Handle to the file
3715 * IoStatusBlock = Caller should supply storage for a structure containing
3716 * the completion status and information about the requested unlock operation.
3717 The information field is set to the number of bytes unlocked.
3718 * ByteOffset = Offset to start the range of bytes to unlock
3719 * Length = Number of bytes to unlock.
3720 * Key =
3721 * REMARK:
3722 This procedure maps to the win32 procedure UnlockFileEx
3723 * RETURNS: Status
3724 */
3725 NTSTATUS
3726 STDCALL
3727 NtUnlockFile(
3728 IN HANDLE FileHandle,
3729 OUT IO_STATUS_BLOCK IoStatusBlock,
3730 IN LARGE_INTEGER ByteOffset,
3731 IN LARGE_INTEGER Lenght,
3732 OUT PULONG Key OPTIONAL
3733 );
3734
3735 /*
3736 * FUNCTION: Unlocks a range of virtual memory.
3737 * ARGUMENTS:
3738 * ProcessHandle = Handle to the process
3739 * BaseAddress = Lower boundary of the range of bytes to unlock.
3740 * NumberOfBytesToUnlock = Offset to the upper boundary to unlock.
3741 * NumberOfBytesUnlocked (OUT) = Number of bytes actually unlocked.
3742 * REMARK:
3743 This procedure maps to the win32 procedure VirtualUnlock
3744 * RETURNS: Status
3745 */
3746 NTSTATUS
3747 STDCALL
3748 NtUnlockVirtualMemory(
3749 HANDLE ProcessHandle,
3750 PVOID BaseAddress,
3751 ULONG NumberOfBytesToUnlock,
3752 PULONG NumberOfBytesUnlocked OPTIONAL
3753 );
3754 /*
3755 * FUNCTION: Unmaps a piece of virtual memory backed by a file.
3756 * ARGUMENTS:
3757 * ProcessHandle = Handle to the process
3758 * BaseAddress = The address where the mapping begins
3759 * REMARK:
3760 This procedure maps to the win32 UnMapViewOfFile
3761 * RETURNS: Status
3762 */
3763 NTSTATUS
3764 STDCALL
3765 NtUnmapViewOfSection(
3766 IN HANDLE ProcessHandle,
3767 IN PVOID BaseAddress
3768 );
3769 /*
3770 * FUNCTION: Waits for multiple objects to become signalled.
3771 * ARGUMENTS:
3772 * Count = The number of objects
3773 * Object = The array of object handles
3774 * WaitType =
3775 * Alertable = If true the wait is alertable.
3776 * Time = The maximum wait time.
3777 * REMARKS:
3778 * This function maps to the win32 WaitForMultipleObjectEx.
3779 * RETURNS: Status
3780 */
3781 NTSTATUS
3782 STDCALL
3783 NtWaitForMultipleObjects (
3784 IN ULONG Count,
3785 IN PHANDLE Object[0],
3786 IN CINT WaitType,
3787 IN BOOLEAN Alertable,
3788 IN PLARGE_INTEGER Time
3789 );
3790 /*
3791 * FUNCTION: Waits for an object to become signalled.
3792 * ARGUMENTS:
3793 * Object = The object handle
3794 * Alertable = If true the wait is alertable.
3795 * Time = The maximum wait time.
3796 * REMARKS:
3797 * This function maps to the win32 WaitForSingleObjectEx.
3798 * RETURNS: Status
3799 */
3800 NTSTATUS
3801 STDCALL
3802 NtWaitForSingleObject (
3803 IN PHANDLE Object,
3804 IN BOOLEAN Alertable,
3805 IN PLARGE_INTEGER Time
3806 );
3807 /*
3808 * FUNCTION: Writes data to a file
3809 * ARGUMENTS:
3810 * FileHandle = The handle a file ( from NtCreateFile )
3811 * Event =
3812 * ApcRoutine = Asynchroneous Procedure Callback [ Should not be used by device drivers ]
3813 * ApcContext = Argument to the Apc Routine
3814 * IoStatusBlock = Caller should supply storage for a structure containing the completion status and information about the requested write operation.
3815 * Buffer = Caller should supply storage for a buffer that will contain the information to be written to file.
3816 * Length = Size in bytest of the buffer
3817 * ByteOffset = Points to a file offset. If a combination of Length and BytesOfSet is past the end-of-file mark the file will be enlarged.
3818 * BytesOffset is ignored if the file is created with FILE_APPEND_DATA in the DesiredAccess. BytesOffset is also ignored if
3819 * the file is created with CreateOptions flags FILE_SYNCHRONOUS_IO_ALERT or FILE_SYNCHRONOUS_IO_NONALERT set, in that case a offset
3820 * should be created by specifying FILE_USE_FILE_POINTER_POSITION.
3821 * Key = Unused
3822 * REMARKS:
3823 * This function maps to the win32 WriteFile.
3824 * Callers to NtWriteFile should run at IRQL PASSIVE_LEVEL.
3825 * RETURNS: Status
3826 */
3827 NTSTATUS
3828 STDCALL
3829 NtWriteFile(
3830 IN HANDLE FileHandle,
3831 IN HANDLE Event OPTIONAL,
3832 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
3833 IN PVOID ApcContext OPTIONAL,
3834 OUT PIO_STATUS_BLOCK IoStatusBlock,
3835 IN PVOID Buffer,
3836 IN ULONG Length,
3837 IN PLARGE_INTEGER ByteOffset ,
3838 IN PULONG Key OPTIONAL
3839 );
3840
3841 /*
3842 * FUNCTION: Writes a file
3843 * ARGUMENTS:
3844 * FileHandle = The handle of the file
3845 * Event =
3846 * ApcRoutine = Asynchroneous Procedure Callback [ Should not be used by device drivers ]
3847 * ApcContext = Argument to the Apc Routine
3848 * IoStatusBlock = Caller should supply storage for a structure containing the completion status and information about the requested write operation.
3849 * BufferDescription = Caller should supply storage for a buffer that will contain the information to be written to file.
3850 * BufferLength = Size in bytest of the buffer
3851 * ByteOffset = Points to a file offset. If a combination of Length and BytesOfSet is past the end-of-file mark the file will be enlarged.
3852 * BytesOffset is ignored if the file is created with FILE_APPEND_DATA in the DesiredAccess. BytesOffset is also ignored if
3853 * the file is created with CreateOptions flags FILE_SYNCHRONOUS_IO_ALERT or FILE_SYNCHRONOUS_IO_NONALERT set, in that case a offset
3854 * should be created by specifying FILE_USE_FILE_POINTER_POSITION.
3855 * Key = Unused
3856 * REMARKS:
3857 * This function maps to the win32 WriteFile.
3858 * Callers to NtWriteFile should run at IRQL PASSIVE_LEVEL.
3859 * RETURNS: Status
3860 */
3861
3862 NTSTATUS
3863 STDCALL NtWriteFileScatter(
3864 IN HANDLE FileHandle,
3865 IN HANDLE Event OPTIONAL,
3866 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
3867 IN PVOID ApcContext OPTIONAL,
3868 OUT PIO_STATUS_BLOCK IoStatusBlock,
3869 IN FILE_SEGMENT_ELEMENT BufferDescription[],
3870 IN ULONG BufferLength,
3871 IN PLARGE_INTEGER ByteOffset,
3872 IN PULONG Key OPTIONAL
3873 );
3874
3875 /*
3876 * FUNCTION: Writes a range of virtual memory
3877 * ARGUMENTS:
3878 * ProcessHandle = The handle to the process owning the address space.
3879 * BaseAddress = The points to the address to write to
3880 * Buffer = Pointer to the buffer to write
3881 * NumberOfBytesToWrite = Offset to the upper boundary to write
3882 * NumberOfBytesWritten = Total bytes written
3883 * REMARKS:
3884 * This function maps to the win32 WriteProcessMemory
3885 * RETURNS: Status
3886 */
3887 NTSTATUS
3888 STDCALL
3889 NtWriteVirtualMemory(
3890 IN HANDLE ProcessHandle,
3891 IN PVOID BaseAddress,
3892 IN PVOID Buffer,
3893 IN ULONG NumberOfBytesToWrite,
3894 OUT PULONG NumberOfBytesWritten
3895 );
3896 /*
3897 * FUNCTION: Yields the callers thread.
3898 * RETURNS: Status
3899 */
3900 NTSTATUS
3901 STDCALL
3902 NtYieldExecution(
3903 VOID
3904 );
3905
3906
3907
3908 #endif /* __DDK_ZW_H */