2 /* $Id: zw.h,v 1.27 2000/03/26 22:00:06 dwelch Exp $
4 * COPYRIGHT: See COPYING in the top level directory
5 * PROJECT: ReactOS kernel
6 * PURPOSE: System call definitions
7 * FILE: include/ddk/zw.h
9 * ??/??/??: First few functions (David Welch)
10 * ??/??/??: Complete implementation by Ariadne
11 * 13/07/98: Reorganised things a bit (David Welch)
12 * 04/08/98: Added some documentation (Ariadne)
13 * 14/08/98: Added type TIME and change variable type from [1] to [0]
14 * 14/09/98: Added for each Nt call a corresponding Zw Call
23 //#define SECURITY_INFORMATION ULONG
24 //typedef ULONG SECURITY_INFORMATION;
28 * FUNCTION: Checks a clients access rights to a object
30 * SecurityDescriptor = Security information against which the access is checked
31 * ClientToken = Represents a client
35 * ReturnLength = Bytes written
37 * AccessStatus = Indicates if the ClientToken allows the requested access
38 * REMARKS: The arguments map to the win32 AccessCheck
45 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
46 IN HANDLE ClientToken
,
47 IN ACCESS_MASK DesiredAcces
,
48 IN PGENERIC_MAPPING GenericMapping
,
49 OUT PPRIVILEGE_SET PrivilegeSet
,
50 OUT PULONG ReturnLength
,
51 OUT PULONG GrantedAccess
,
52 OUT PBOOLEAN AccessStatus
58 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
59 IN HANDLE ClientToken
,
60 IN ACCESS_MASK DesiredAcces
,
61 IN PGENERIC_MAPPING GenericMapping
,
62 OUT PPRIVILEGE_SET PrivilegeSet
,
63 OUT PULONG ReturnLength
,
64 OUT PULONG GrantedAccess
,
65 OUT PBOOLEAN AccessStatus
69 * FUNCTION: Checks a clients access rights to a object and issues a audit a alarm. ( it logs the access )
71 * SubsystemName = Specifies the name of the subsystem, can be "WIN32" or "DEBUG"
80 * REMARKS: The arguments map to the win32 AccessCheck
86 NtAccessCheckAndAuditAlarm(
87 IN PUNICODE_STRING SubsystemName
,
88 IN PHANDLE ObjectHandle
,
89 IN POBJECT_ATTRIBUTES ObjectAttributes
,
90 IN ACCESS_MASK DesiredAccess
,
91 IN PGENERIC_MAPPING GenericMapping
,
92 IN BOOLEAN ObjectCreation
,
93 OUT PULONG GrantedAccess
,
94 OUT PBOOLEAN AccessStatus
,
95 OUT PBOOLEAN GenerateOnClose
100 ZwAccessCheckAndAuditAlarm(
101 IN PUNICODE_STRING SubsystemName
,
102 IN PHANDLE ObjectHandle
,
103 IN POBJECT_ATTRIBUTES ObjectAttributes
,
104 IN ACCESS_MASK DesiredAccess
,
105 IN PGENERIC_MAPPING GenericMapping
,
106 IN BOOLEAN ObjectCreation
,
107 OUT PULONG GrantedAccess
,
108 OUT PBOOLEAN AccessStatus
,
109 OUT PBOOLEAN GenerateOnClose
113 * FUNCTION: Adds an atom to the global atom table
115 * Atom (OUT) = Caller supplies storage for the resulting atom.
116 * AtomString = The string to add to the atom table.
117 * REMARKS: The arguments map to the win32 add GlobalAddAtom.
124 IN PUNICODE_STRING AtomString
132 IN PUNICODE_STRING AtomString
137 * FUNCTION: Adjusts the groups in an access token
139 * TokenHandle = Specifies the access token
140 * ResetToDefault = If true the NewState parameter is ignored and the groups are set to
141 * their default state, if false the groups specified in
144 * BufferLength = Specifies the size of the buffer for the PreviousState.
146 * ReturnLength = Bytes written in PreviousState buffer.
147 * REMARKS: The arguments map to the win32 AdjustTokenGroups
154 IN HANDLE TokenHandle
,
155 IN BOOLEAN ResetToDefault
,
156 IN PTOKEN_GROUPS NewState
,
157 IN ULONG BufferLength
,
158 OUT PTOKEN_GROUPS PreviousState OPTIONAL
,
159 OUT PULONG ReturnLength
165 IN HANDLE TokenHandle
,
166 IN BOOLEAN ResetToDefault
,
167 IN PTOKEN_GROUPS NewState
,
168 IN ULONG BufferLength
,
169 OUT PTOKEN_GROUPS PreviousState
,
170 OUT PULONG ReturnLength
178 * TokenHandle = Handle to the access token
179 * DisableAllPrivileges = The resulting suspend count.
185 * The arguments map to the win32 AdjustTokenPrivileges
191 NtAdjustPrivilegesToken(
192 IN HANDLE TokenHandle
,
193 IN BOOLEAN DisableAllPrivileges
,
194 IN PTOKEN_PRIVILEGES NewState
,
195 IN ULONG BufferLength
,
196 OUT PTOKEN_PRIVILEGES PreviousState
,
197 OUT PULONG ReturnLength
202 ZwAdjustPrivilegesToken(
203 IN HANDLE TokenHandle
,
204 IN BOOLEAN DisableAllPrivileges
,
205 IN PTOKEN_PRIVILEGES NewState
,
206 IN ULONG BufferLength
,
207 OUT PTOKEN_PRIVILEGES PreviousState
,
208 OUT PULONG ReturnLength
213 * FUNCTION: Decrements a thread's suspend count and places it in an alerted
216 * ThreadHandle = Handle to the thread that should be resumed
217 * SuspendCount = The resulting suspend count.
219 * A thread is resumed if its suspend count is 0
225 IN HANDLE ThreadHandle
,
226 OUT PULONG SuspendCount
232 IN HANDLE ThreadHandle
,
233 OUT PULONG SuspendCount
237 * FUNCTION: Puts the thread in a alerted state
239 * ThreadHandle = Handle to the thread that should be alerted
245 IN HANDLE ThreadHandle
251 IN HANDLE ThreadHandle
256 * FUNCTION: Allocates a locally unique id
258 * LocallyUniqueId = Locally unique number
263 NtAllocateLocallyUniqueId(
264 OUT LUID
*LocallyUniqueId
269 ZwAllocateLocallyUniqueId(
270 OUT LUID
*LocallyUniqueId
277 PULONG Version
, // ???
285 PULONG Version
, // ???
291 * FUNCTION: Allocates a block of virtual memory in the process address space
293 * ProcessHandle = The handle of the process which owns the virtual memory
294 * BaseAddress = A pointer to the virtual memory allocated. If you supply a non zero
295 * value the system will try to allocate the memory at the address supplied. It rounds
296 * it down to a multiple if the page size.
297 * ZeroBits = (OPTIONAL) You can specify the number of high order bits that must be zero, ensuring that
298 * the memory will be allocated at a address below a certain value.
299 * RegionSize = The number of bytes to allocate
300 * AllocationType = Indicates the type of virtual memory you like to allocated,
301 * can be one of the values : MEM_COMMIT, MEM_RESERVE, MEM_RESET, MEM_TOP_DOWN
302 * Protect = Indicates the protection type of the pages allocated, can be a combination of
303 * PAGE_READONLY, PAGE_READWRITE, PAGE_EXECUTE_READ,
304 * PAGE_EXECUTE_READWRITE, PAGE_GUARD, PAGE_NOACCESS, PAGE_NOACCESS
306 * This function maps to the win32 VirtualAllocEx. Virtual memory is process based so the
307 * protocol starts with a ProcessHandle. I splitted the functionality of obtaining the actual address and specifying
308 * the start address in two parameters ( BaseAddress and StartAddress ) The NumberOfBytesAllocated specify the range
309 * and the AllocationType and ProctectionType map to the other two parameters.
314 NtAllocateVirtualMemory (
315 IN HANDLE ProcessHandle
,
316 IN OUT PVOID
*BaseAddress
,
318 IN OUT PULONG RegionSize
,
319 IN ULONG AllocationType
,
325 ZwAllocateVirtualMemory (
326 IN HANDLE ProcessHandle
,
327 IN OUT PVOID
*BaseAddress
,
329 IN OUT PULONG RegionSize
,
330 IN ULONG AllocationType
,
334 * FUNCTION: Returns from a callback into user mode
338 //FIXME: this function might need 3 parameters
352 * FUNCTION: Cancels a IO request
354 * FileHandle = Handle to the file
358 * This function maps to the win32 CancelIo.
364 IN HANDLE FileHandle
,
365 OUT PIO_STATUS_BLOCK IoStatusBlock
371 IN HANDLE FileHandle
,
372 OUT PIO_STATUS_BLOCK IoStatusBlock
375 * FUNCTION: Cancels a timer
377 * TimerHandle = Handle to the timer
378 * CurrentState = Specifies the state of the timer when cancelled.
380 * The arguments to this function map to the function CancelWaitableTimer.
386 IN HANDLE TimerHandle
,
387 OUT PBOOLEAN CurrentState OPTIONAL
393 IN HANDLE TimerHandle
,
394 OUT ULONG ElapsedTime
397 * FUNCTION: Sets the status of the event back to non-signaled
399 * EventHandle = Handle to the event
401 * This function maps to win32 function ResetEvent.
408 IN HANDLE EventHandle
414 IN HANDLE EventHandle
418 * FUNCTION: Closes an object handle
420 * Handle = Handle to the object
422 * This function maps to the win32 function CloseHandle.
439 * FUNCTION: Generates an audit message when a handle to an object is dereferenced
442 HandleId = Handle to the object
445 * This function maps to the win32 function ObjectCloseAuditAlarm.
453 NtCloseObjectAuditAlarm(
454 IN PUNICODE_STRING SubsystemName
,
456 IN BOOLEAN GenerateOnClose
461 ZwCloseObjectAuditAlarm(
462 IN PUNICODE_STRING SubsystemName
,
464 IN BOOLEAN GenerateOnClose
470 * FUNCTION: Continues a thread with the specified context
472 * Context = Specifies the processor context
473 * IrqLevel = Specifies the Interupt Request Level to continue with. Can
474 * be PASSIVE_LEVEL or APC_LEVEL
476 * NtContinue can be used to continue after an exception or apc.
479 //FIXME This function might need another parameter
488 NTSTATUS STDCALL
ZwContinue(IN PCONTEXT Context
, IN CINT IrqLevel
);
492 * FUNCTION: Creates a directory object
494 * DirectoryHandle (OUT) = Caller supplied storage for the resulting handle
495 * DesiredAccess = Specifies access to the directory
496 * ObjectAttribute = Initialized attributes for the object
497 * REMARKS: This function maps to the win32 CreateDirectory. A directory is like a file so it needs a
498 * handle, a access mask and a OBJECT_ATTRIBUTES structure to map the path name and the SECURITY_ATTRIBUTES.
504 NtCreateDirectoryObject(
505 OUT PHANDLE DirectoryHandle
,
506 IN ACCESS_MASK DesiredAccess
,
507 IN POBJECT_ATTRIBUTES ObjectAttributes
512 ZwCreateDirectoryObject(
513 OUT PHANDLE DirectoryHandle
,
514 IN ACCESS_MASK DesiredAccess
,
515 IN POBJECT_ATTRIBUTES ObjectAttributes
519 * FUNCTION: Creates an event object
521 * EventHandle (OUT) = Caller supplied storage for the resulting handle
522 * DesiredAccess = Specifies access to the event
523 * ObjectAttribute = Initialized attributes for the object
524 * ManualReset = manual-reset or auto-reset if true you have to reset the state of the event manually
525 * using NtResetEvent/NtClearEvent. if false the system will reset the event to a non-signalled state
526 * automatically after the system has rescheduled a thread waiting on the event.
527 * InitialState = specifies the initial state of the event to be signaled ( TRUE ) or non-signalled (FALSE).
528 * REMARKS: This function maps to the win32 CreateEvent. Demanding a out variable of type HANDLE,
529 * a access mask and a OBJECT_ATTRIBUTES structure mapping to the SECURITY_ATTRIBUTES. ManualReset and InitialState are
530 * both parameters aswell ( possibly the order is reversed ).
537 OUT PHANDLE EventHandle
,
538 IN ACCESS_MASK DesiredAccess
,
539 IN POBJECT_ATTRIBUTES ObjectAttributes
,
540 IN BOOLEAN ManualReset
,
541 IN BOOLEAN InitialState
547 OUT PHANDLE EventHandle
,
548 IN ACCESS_MASK DesiredAccess
,
549 IN POBJECT_ATTRIBUTES ObjectAttributes
,
550 IN BOOLEAN ManualReset
,
551 IN BOOLEAN InitialState
555 * FUNCTION: Creates an eventpair object
557 * EventPairHandle (OUT) = Caller supplied storage for the resulting handle
558 * DesiredAccess = Specifies access to the event
559 * ObjectAttribute = Initialized attributes for the object
565 OUT PHANDLE EventPairHandle
,
566 IN ACCESS_MASK DesiredAccess
,
567 IN POBJECT_ATTRIBUTES ObjectAttributes
573 OUT PHANDLE EventPairHandle
,
574 IN ACCESS_MASK DesiredAccess
,
575 IN POBJECT_ATTRIBUTES ObjectAttributes
580 * FUNCTION: Creates or opens a file, directory or device object.
582 * FileHandle (OUT) = Caller supplied storage for the resulting handle
583 * DesiredAccess = Specifies the allowed or desired access to the file can
584 * be a combination of DELETE | FILE_READ_DATA ..
585 * ObjectAttribute = Initialized attributes for the object, contains the rootdirectory and the filename
586 * IoStatusBlock (OUT) = Caller supplied storage for the resulting status information, indicating if the
587 * the file is created and opened or allready existed and is just opened.
588 * FileAttributes = file attributes can be a combination of FILE_ATTRIBUTE_READONLY | FILE_ATTRIBUTE_HIDDEN ...
589 * ShareAccess = can be a combination of the following: FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE
590 * CreateDisposition = specifies what the behavior of the system if the file allready exists.
591 * CreateOptions = specifies the behavior of the system on file creation.
592 * EaBuffer (OPTIONAL) = Extended Attributes buffer, applies only to files and directories.
593 * EaLength = Extended Attributes buffer size, applies only to files and directories.
594 * REMARKS: This function maps to the win32 CreateFile.
601 OUT PHANDLE FileHandle
,
602 IN ACCESS_MASK DesiredAccess
,
603 IN POBJECT_ATTRIBUTES ObjectAttributes
,
604 OUT PIO_STATUS_BLOCK IoStatusBlock
,
605 IN PLARGE_INTEGER AllocationSize OPTIONAL
,
606 IN ULONG FileAttributes
,
607 IN ULONG ShareAccess
,
608 IN ULONG CreateDisposition
,
609 IN ULONG CreateOptions
,
610 IN PVOID EaBuffer OPTIONAL
,
617 OUT PHANDLE FileHandle
,
618 IN ACCESS_MASK DesiredAccess
,
619 IN POBJECT_ATTRIBUTES ObjectAttributes
,
620 OUT PIO_STATUS_BLOCK IoStatusBlock
,
621 IN PLARGE_INTEGER AllocationSize OPTIONAL
,
622 IN ULONG FileAttributes
,
623 IN ULONG ShareAccess
,
624 IN ULONG CreateDisposition
,
625 IN ULONG CreateOptions
,
626 IN PVOID EaBuffer OPTIONAL
,
631 * FUNCTION: Creates or opens a file, directory or device object.
633 * CompletionPort (OUT) = Caller supplied storage for the resulting handle
634 * DesiredAccess = Specifies the allowed or desired access to the port
636 * NumberOfConcurrentThreads =
637 * REMARKS: This function maps to the win32 CreateIoCompletionPort
644 NtCreateIoCompletion(
645 OUT PHANDLE CompletionPort
,
646 IN ACCESS_MASK DesiredAccess
,
647 OUT PIO_STATUS_BLOCK IoStatusBlock
,
648 IN ULONG NumberOfConcurrentThreads
653 ZwCreateIoCompletion(
654 OUT PHANDLE CompletionPort
,
655 IN ACCESS_MASK DesiredAccess
,
656 OUT PIO_STATUS_BLOCK IoStatusBlock
,
657 IN ULONG NumberOfConcurrentThreads
662 * FUNCTION: Creates a mail slot file
664 * MailSlotFileHandle (OUT) = Caller supplied storage for the resulting handle
665 * DesiredAccess = Specifies the allowed or desired access to the file
666 * ObjectAttributes = Contains the name of the mailslotfile.
673 * REMARKS: This funciton maps to the win32 function CreateMailSlot
680 NtCreateMailslotFile(
681 OUT PHANDLE MailSlotFileHandle
,
682 IN ACCESS_MASK DesiredAccess
,
683 IN POBJECT_ATTRIBUTES ObjectAttributes
,
684 OUT PIO_STATUS_BLOCK IoStatusBlock
,
685 IN ULONG FileAttributes
,
686 IN ULONG ShareAccess
,
687 IN ULONG MaxMessageSize
,
688 IN PLARGE_INTEGER TimeOut
693 ZwCreateMailslotFile(
694 OUT PHANDLE MailSlotFileHandle
,
695 IN ACCESS_MASK DesiredAccess
,
696 IN POBJECT_ATTRIBUTES ObjectAttributes
,
697 OUT PIO_STATUS_BLOCK IoStatusBlock
,
698 IN ULONG FileAttributes
,
699 IN ULONG ShareAccess
,
700 IN ULONG MaxMessageSize
,
701 IN PLARGE_INTEGER TimeOut
705 * FUNCTION: Creates or opens a mutex
707 * MutantHandle (OUT) = Caller supplied storage for the resulting handle
708 * DesiredAccess = Specifies the allowed or desired access to the port
709 * ObjectAttributes = Contains the name of the mutex.
710 * InitialOwner = If true the calling thread acquires ownership
712 * REMARKS: This funciton maps to the win32 function CreateMutex
719 OUT PHANDLE MutantHandle
,
720 IN ACCESS_MASK DesiredAccess
,
721 IN POBJECT_ATTRIBUTES ObjectAttributes
,
722 IN BOOLEAN InitialOwner
728 OUT PHANDLE MutantHandle
,
729 IN ACCESS_MASK DesiredAccess
,
730 IN POBJECT_ATTRIBUTES ObjectAttributes
,
731 IN BOOLEAN InitialOwner
735 * FUNCTION: Creates a named pipe
737 * NamedPipeFileHandle (OUT) = Caller supplied storage for the resulting handle
738 * DesiredAccess = Specifies the allowed or desired access to the mutex
739 * ObjectAttributes = Contains the name of the mutex.
751 * REMARKS: This funciton maps to the win32 function CreateNamedPipe
758 NtCreateNamedPipeFile(
759 OUT PHANDLE NamedPipeFileHandle
,
760 IN ACCESS_MASK DesiredAccess
,
761 IN POBJECT_ATTRIBUTES ObjectAttributes
,
762 OUT PIO_STATUS_BLOCK IoStatusBlock
,
763 IN ULONG FileAttributes
,
764 IN ULONG ShareAccess
,
769 IN ULONG MaxInstances
,
770 IN ULONG InBufferSize
,
771 IN ULONG OutBufferSize
,
772 IN PLARGE_INTEGER TimeOut
777 ZwCreateNamedPipeFile(
778 OUT PHANDLE NamedPipeFileHandle
,
779 IN ACCESS_MASK DesiredAccess
,
780 IN POBJECT_ATTRIBUTES ObjectAttributes
,
781 OUT PIO_STATUS_BLOCK IoStatusBlock
,
782 IN ULONG FileAttributes
,
783 IN ULONG ShareAccess
,
788 IN ULONG MaxInstances
,
789 IN ULONG InBufferSize
,
790 IN ULONG OutBufferSize
,
791 IN PLARGE_INTEGER TimeOut
796 * FUNCTION: Creates a paging file.
798 * PageFileName = Name of the pagefile
799 * MinimumSize = Specifies the minimum size
800 * MaximumSize = Specifies the maximum size
801 * ActualSize(OUT) = Specifies the actual size
808 IN PUNICODE_STRING PageFileName
,
811 OUT PULONG ActualSize
817 IN PUNICODE_STRING PageFileName
,
820 OUT PULONG ActualSize
824 * FUNCTION: Creates a process.
826 * ProcessHandle (OUT) = Caller supplied storage for the resulting handle
827 * DesiredAccess = Specifies the allowed or desired access to the process can
828 * be a combinate of STANDARD_RIGHTS_REQUIRED| ..
829 * ObjectAttribute = Initialized attributes for the object, contains the rootdirectory and the filename
830 * ParentProcess = Handle to the parent process.
831 * InheritObjectTable = Specifies to inherit the objects of the parent process if true.
832 * SectionHandle = Handle to a section object to back the image file
833 * DebugPort = Handle to a DebugPort if NULL the system default debug port will be used.
834 * ExceptionPort = Handle to a exception port.
836 * This function maps to the win32 CreateProcess.
842 OUT PHANDLE ProcessHandle
,
843 IN ACCESS_MASK DesiredAccess
,
844 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
845 IN HANDLE ParentProcess
,
846 IN BOOLEAN InheritObjectTable
,
847 IN HANDLE SectionHandle OPTIONAL
,
848 IN HANDLE DebugPort OPTIONAL
,
849 IN HANDLE ExceptionPort OPTIONAL
855 OUT PHANDLE ProcessHandle
,
856 IN ACCESS_MASK DesiredAccess
,
857 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
858 IN HANDLE ParentProcess
,
859 IN BOOLEAN InheritObjectTable
,
860 IN HANDLE SectionHandle OPTIONAL
,
861 IN HANDLE DebugPort OPTIONAL
,
862 IN HANDLE ExceptionPort OPTIONAL
866 * FUNCTION: Creates a profile
868 * ProfileHandle (OUT) = Caller supplied storage for the resulting handle
869 * ObjectAttribute = Initialized attributes for the object
870 * ImageBase = Start address of executable image
871 * ImageSize = Size of the image
872 * Granularity = Bucket size
873 * Buffer = Caller supplies buffer for profiling info
874 * ProfilingSize = Buffer size
875 * ClockSource = Specify 0 / FALSE ??
876 * ProcessorMask = A value of -1 indicates disables per processor profiling,
877 otherwise bit set for the processor to profile.
879 * This function maps to the win32 CreateProcess.
886 OUT PHANDLE ProfileHandle
,
887 IN POBJECT_ATTRIBUTES ObjectAttributes
,
890 IN ULONG Granularity
,
892 IN ULONG ProfilingSize
,
893 IN ULONG ClockSource
,
894 IN ULONG ProcessorMask
900 OUT PHANDLE ProfileHandle
,
901 IN POBJECT_ATTRIBUTES ObjectAttributes
,
904 IN ULONG Granularity
,
906 IN ULONG ProfilingSize
,
907 IN ULONG ClockSource
,
908 IN ULONG ProcessorMask
912 * FUNCTION: Creates a section object.
914 * SectionHandle (OUT) = Caller supplied storage for the resulting handle
915 * DesiredAccess = Specifies the desired access to the section can be a combination of STANDARD_RIGHTS_REQUIRED | SECTION_QUERY | SECTION_MAP_WRITE |
916 * SECTION_MAP_READ | SECTION_MAP_EXECUTE.
917 * ObjectAttribute = Initialized attributes for the object can be used to create a named section
918 * MaxiumSize = Maximizes the size of the memory section. Must be non-NULL for a page-file backed section.
919 * If value specified for a mapped file and the file is not large enough, file will be extended.
920 * SectionPageProtection = Can be a combination of PAGE_READONLY | PAGE_READWRITE | PAGE_WRITEONLY | PAGE_WRITECOPY.
921 * AllocationAttributes = can be a combination of SEC_IMAGE | SEC_RESERVE
922 * FileHanlde = Handle to a file to create a section mapped to a file instead of a memory backed section.
929 OUT PHANDLE SectionHandle
,
930 IN ACCESS_MASK DesiredAccess
,
931 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
932 IN PLARGE_INTEGER MaximumSize OPTIONAL
,
933 IN ULONG SectionPageProtection OPTIONAL
,
934 IN ULONG AllocationAttributes
,
935 IN HANDLE FileHandle OPTIONAL
941 OUT PHANDLE SectionHandle
,
942 IN ACCESS_MASK DesiredAccess
,
943 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
944 IN PLARGE_INTEGER MaximumSize OPTIONAL
,
945 IN ULONG SectionPageProtection OPTIONAL
,
946 IN ULONG AllocationAttributes
,
947 IN HANDLE FileHandle OPTIONAL
951 * FUNCTION: Creates a semaphore object for interprocess synchronization.
953 * SemaphoreHandle (OUT) = Caller supplied storage for the resulting handle
954 * DesiredAccess = Specifies the allowed or desired access to the semaphore.
955 * ObjectAttribute = Initialized attributes for the object.
956 * InitialCount = Not necessary zero, might be smaller than zero.
957 * MaximumCount = Maxiumum count the semaphore can reach.
960 * The semaphore is set to signaled when its count is greater than zero, and non-signaled when its count is zero.
963 //FIXME: should a semaphore's initial count allowed to be smaller than zero ??
967 OUT PHANDLE SemaphoreHandle
,
968 IN ACCESS_MASK DesiredAccess
,
969 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
970 IN ULONG InitialCount
,
971 IN ULONG MaximumCount
977 OUT PHANDLE SemaphoreHandle
,
978 IN ACCESS_MASK DesiredAccess
,
979 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
980 IN ULONG InitialCount
,
981 IN ULONG MaximumCount
985 * FUNCTION: Creates a symbolic link object
987 * SymbolicLinkHandle (OUT) = Caller supplied storage for the resulting handle
988 * DesiredAccess = Specifies the allowed or desired access to the thread.
989 * ObjectAttributes = Initialized attributes for the object.
990 * Name = Target name of the symbolic link
995 NtCreateSymbolicLinkObject(
996 OUT PHANDLE SymbolicLinkHandle
,
997 IN ACCESS_MASK DesiredAccess
,
998 IN POBJECT_ATTRIBUTES ObjectAttributes
,
999 IN PUNICODE_STRING Name
1004 ZwCreateSymbolicLinkObject(
1005 OUT PHANDLE SymbolicLinkHandle
,
1006 IN ACCESS_MASK DesiredAccess
,
1007 IN POBJECT_ATTRIBUTES ObjectAttributes
,
1008 IN PUNICODE_STRING Name
1012 * FUNCTION: Creates a user mode thread
1014 * ThreadHandle (OUT) = Caller supplied storage for the resulting handle
1015 * DesiredAccess = Specifies the allowed or desired access to the thread.
1016 * ObjectAttributes = Initialized attributes for the object.
1017 * ProcessHandle = Handle to the threads parent process.
1018 * ClientId (OUT) = Caller supplies storage for returned process id and thread id.
1019 * ThreadContext = Initial processor context for the thread.
1020 * InitialTeb = Initial user mode stack context for the thread.
1021 * CreateSuspended = Specifies if the thread is ready for scheduling
1023 * This function maps to the win32 function CreateThread.
1029 OUT PHANDLE ThreadHandle
,
1030 IN ACCESS_MASK DesiredAccess
,
1031 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
1032 IN HANDLE ProcessHandle
,
1033 OUT PCLIENT_ID ClientId
,
1034 IN PCONTEXT ThreadContext
,
1035 IN PINITIAL_TEB InitialTeb
,
1036 IN BOOLEAN CreateSuspended
1042 OUT PHANDLE ThreadHandle
,
1043 IN ACCESS_MASK DesiredAccess
,
1044 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
1045 IN HANDLE ProcessHandle
,
1046 OUT PCLIENT_ID ClientId
,
1047 IN PCONTEXT ThreadContext
,
1048 IN PINITIAL_TEB InitialTeb
,
1049 IN BOOLEAN CreateSuspended
1052 * FUNCTION: Creates a waitable timer.
1054 * TimerHandle (OUT) = Caller supplied storage for the resulting handle
1055 * DesiredAccess = Specifies the allowed or desired access to the timer.
1056 * ObjectAttributes = Initialized attributes for the object.
1057 * TimerType = Specifies if the timer should be reset manually.
1059 * This function maps to the win32 CreateWaitableTimer. lpTimerAttributes and lpTimerName map to
1060 * corresponding fields in OBJECT_ATTRIBUTES structure.
1067 OUT PHANDLE TimerHandle
,
1068 IN ACCESS_MASK DesiredAccess
,
1069 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
1076 OUT PHANDLE TimerHandle
,
1077 IN ACCESS_MASK DesiredAccess
,
1078 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
1083 * FUNCTION: Creates a token.
1085 * TokenHandle (OUT) = Caller supplied storage for the resulting handle
1086 * DesiredAccess = Specifies the allowed or desired access to the process can
1087 * be a combinate of STANDARD_RIGHTS_REQUIRED| ..
1088 * ObjectAttribute = Initialized attributes for the object, contains the rootdirectory and the filename
1090 * AuthenticationId =
1096 * TokenPrimaryGroup =
1097 * TokenDefaultDacl =
1100 * This function does not map to a win32 function
1107 OUT PHANDLE TokenHandle
,
1108 IN ACCESS_MASK DesiredAccess
,
1109 IN POBJECT_ATTRIBUTES ObjectAttributes
,
1110 IN TOKEN_TYPE TokenType
,
1111 IN PLUID AuthenticationId
,
1112 IN PLARGE_INTEGER ExpirationTime
,
1113 IN PTOKEN_USER TokenUser
,
1114 IN PTOKEN_GROUPS TokenGroups
,
1115 IN PTOKEN_PRIVILEGES TokenPrivileges
,
1116 IN PTOKEN_OWNER TokenOwner
,
1117 IN PTOKEN_PRIMARY_GROUP TokenPrimaryGroup
,
1118 IN PTOKEN_DEFAULT_DACL TokenDefaultDacl
,
1119 IN PTOKEN_SOURCE TokenSource
1125 OUT PHANDLE TokenHandle
,
1126 IN ACCESS_MASK DesiredAccess
,
1127 IN POBJECT_ATTRIBUTES ObjectAttributes
,
1128 IN TOKEN_TYPE TokenType
,
1129 IN PLUID AuthenticationId
,
1130 IN PLARGE_INTEGER ExpirationTime
,
1131 IN PTOKEN_USER TokenUser
,
1132 IN PTOKEN_GROUPS TokenGroups
,
1133 IN PTOKEN_PRIVILEGES TokenPrivileges
,
1134 IN PTOKEN_OWNER TokenOwner
,
1135 IN PTOKEN_PRIMARY_GROUP TokenPrimaryGroup
,
1136 IN PTOKEN_DEFAULT_DACL TokenDefaultDacl
,
1137 IN PTOKEN_SOURCE TokenSource
1141 * FUNCTION: Returns the callers thread TEB.
1142 * RETURNS: The resulting teb.
1152 * FUNCTION: Delays the execution of the calling thread.
1154 * Alertable = If TRUE the thread is alertable during is wait period
1155 * Interval = Specifies the interval to wait.
1158 NTSTATUS STDCALL
NtDelayExecution(IN ULONG Alertable
, IN TIME
* Interval
);
1163 IN BOOLEAN Alertable
,
1169 * FUNCTION: Deletes an atom from the global atom table
1171 * Atom = Identifies the atom to delete
1173 * The function maps to the win32 GlobalDeleteAtom
1189 * FUNCTION: Deletes a file or a directory
1191 * ObjectAttributes = Name of the file which should be deleted
1193 * This system call is functionally equivalent to NtSetInformationFile
1194 * setting the disposition information.
1195 * The function maps to the win32 DeleteFile.
1201 IN POBJECT_ATTRIBUTES ObjectAttributes
1207 IN POBJECT_ATTRIBUTES ObjectAttributes
1211 * FUNCTION: Deletes a registry key
1213 * KeyHandle = Handle of the key
1228 * FUNCTION: Generates a audit message when an object is deleted
1230 * SubsystemName = Spefies the name of the subsystem can be 'WIN32' or 'DEBUG'
1231 * HandleId= Handle to an audit object
1232 * GenerateOnClose = Value returned by NtAccessCheckAndAuditAlarm
1233 * REMARKS: This function maps to the win32 ObjectCloseAuditAlarm
1239 NtDeleteObjectAuditAlarm (
1240 IN PUNICODE_STRING SubsystemName
,
1242 IN BOOLEAN GenerateOnClose
1247 ZwDeleteObjectAuditAlarm (
1248 IN PUNICODE_STRING SubsystemName
,
1250 IN BOOLEAN GenerateOnClose
1255 * FUNCTION: Deletes a value from a registry key
1257 * KeyHandle = Handle of the key
1258 * ValueName = Name of the value to delete
1265 IN HANDLE KeyHandle
,
1266 IN PUNICODE_STRING ValueName
1272 IN HANDLE KeyHandle
,
1273 IN PUNICODE_STRING ValueName
1276 * FUNCTION: Sends IOCTL to the io sub system
1278 * DeviceHandle = Points to the handle that is created by NtCreateFile
1279 * Event = Event to synchronize on STATUS_PENDING
1280 * ApcRoutine = Asynchroneous procedure callback
1281 * ApcContext = Callback context.
1282 * IoStatusBlock = Caller should supply storage for extra information..
1283 * IoControlCode = Contains the IO Control command. This is an
1284 * index to the structures in InputBuffer and OutputBuffer.
1285 * InputBuffer = Caller should supply storage for input buffer if IOTL expects one.
1286 * InputBufferSize = Size of the input bufffer
1287 * OutputBuffer = Caller should supply storage for output buffer if IOTL expects one.
1288 * OutputBufferSize = Size of the input bufffer
1294 NtDeviceIoControlFile(
1295 IN HANDLE DeviceHandle
,
1296 IN HANDLE Event OPTIONAL
,
1297 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL
,
1298 IN PVOID UserApcContext OPTIONAL
,
1299 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1300 IN ULONG IoControlCode
,
1301 IN PVOID InputBuffer
,
1302 IN ULONG InputBufferSize
,
1303 OUT PVOID OutputBuffer
,
1304 IN ULONG OutputBufferSize
1309 ZwDeviceIoControlFile(
1310 IN HANDLE DeviceHandle
,
1311 IN HANDLE Event OPTIONAL
,
1312 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL
,
1313 IN PVOID UserApcContext OPTIONAL
,
1314 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1315 IN ULONG IoControlCode
,
1316 IN PVOID InputBuffer
,
1317 IN ULONG InputBufferSize
,
1318 OUT PVOID OutputBuffer
,
1319 IN ULONG OutputBufferSize
1322 * FUNCTION: Displays a string on the blue screen
1324 * DisplayString = The string to display
1331 IN PUNICODE_STRING DisplayString
1337 IN PUNICODE_STRING DisplayString
1341 * FUNCTION: Copies a handle from one process space to another
1343 * SourceProcessHandle = The source process owning the handle. The source process should have opened
1344 * the SourceHandle with PROCESS_DUP_HANDLE access.
1345 * SourceHandle = The handle to the object.
1346 * TargetProcessHandle = The destination process owning the handle
1347 * TargetHandle (OUT) = Caller should supply storage for the duplicated handle.
1348 * DesiredAccess = The desired access to the handle.
1349 * InheritHandle = Indicates wheter the new handle will be inheritable or not.
1350 * Options = Specifies special actions upon duplicating the handle. Can be
1351 * one of the values DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS.
1352 * DUPLICATE_CLOSE_SOURCE specifies that the source handle should be
1353 * closed after duplicating. DUPLICATE_SAME_ACCESS specifies to ignore
1354 * the DesiredAccess paramter and just grant the same access to the new
1357 * REMARKS: This function maps to the win32 DuplicateHandle.
1363 IN HANDLE SourceProcessHandle
,
1364 IN PHANDLE SourceHandle
,
1365 IN HANDLE TargetProcessHandle
,
1366 OUT PHANDLE TargetHandle
,
1367 IN ACCESS_MASK DesiredAccess
,
1368 IN BOOLEAN InheritHandle
,
1375 IN HANDLE SourceProcessHandle
,
1376 IN PHANDLE SourceHandle
,
1377 IN HANDLE TargetProcessHandle
,
1378 OUT PHANDLE TargetHandle
,
1379 IN ACCESS_MASK DesiredAccess
,
1380 IN BOOLEAN InheritHandle
,
1387 IN HANDLE ExistingToken
,
1388 IN ACCESS_MASK DesiredAccess
,
1389 IN POBJECT_ATTRIBUTES ObjectAttributes
,
1390 IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
,
1391 IN TOKEN_TYPE TokenType
,
1392 OUT PHANDLE NewToken
1398 IN HANDLE ExistingToken
,
1399 IN ACCESS_MASK DesiredAccess
,
1400 IN POBJECT_ATTRIBUTES ObjectAttributes
,
1401 IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
,
1402 IN TOKEN_TYPE TokenType
,
1403 OUT PHANDLE NewToken
1406 * FUNCTION: Returns information about the subkeys of an open key
1408 * KeyHandle = Handle of the key whose subkeys are to enumerated
1409 * Index = zero based index of the subkey for which information is
1411 * KeyInformationClass = Type of information returned
1412 * KeyInformation (OUT) = Caller allocated buffer for the information
1414 * Length = Length in bytes of the KeyInformation buffer
1415 * ResultLength (OUT) = Caller allocated storage which holds
1416 * the number of bytes of information retrieved
1423 IN HANDLE KeyHandle
,
1425 IN KEY_INFORMATION_CLASS KeyInformationClass
,
1426 OUT PVOID KeyInformation
,
1428 OUT PULONG ResultLength
1434 IN HANDLE KeyHandle
,
1436 IN KEY_INFORMATION_CLASS KeyInformationClass
,
1437 OUT PVOID KeyInformation
,
1439 OUT PULONG ResultLength
1442 * FUNCTION: Returns information about the value entries of an open key
1444 * KeyHandle = Handle of the key whose value entries are to enumerated
1445 * Index = zero based index of the subkey for which information is
1447 * KeyInformationClass = Type of information returned
1448 * KeyInformation (OUT) = Caller allocated buffer for the information
1450 * Length = Length in bytes of the KeyInformation buffer
1451 * ResultLength (OUT) = Caller allocated storage which holds
1452 * the number of bytes of information retrieved
1458 NtEnumerateValueKey(
1459 IN HANDLE KeyHandle
,
1461 IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass
,
1462 OUT PVOID KeyValueInformation
,
1464 OUT PULONG ResultLength
1469 ZwEnumerateValueKey(
1470 IN HANDLE KeyHandle
,
1472 IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass
,
1473 OUT PVOID KeyValueInformation
,
1475 OUT PULONG ResultLength
1478 * FUNCTION: Extends a section
1480 * SectionHandle = Handle to the section
1481 * NewMaximumSize = Adjusted size
1487 IN HANDLE SectionHandle
,
1488 IN ULONG NewMaximumSize
1493 IN HANDLE SectionHandle
,
1494 IN ULONG NewMaximumSize
1498 * FUNCTION: Finds a atom
1500 * Atom = Caller supplies storage for the resulting atom
1501 * AtomString = String to search for.
1504 * This funciton maps to the win32 GlobalFindAtom
1510 IN PUNICODE_STRING AtomString
1517 IN PUNICODE_STRING AtomString
1520 * FUNCTION: Flushes chached file data to disk
1522 * FileHandle = Points to the file
1523 * IoStatusBlock = Caller must supply storage to receive the result of the flush
1524 * buffers operation. The information field is set to number of bytes
1528 * This funciton maps to the win32 FlushFileBuffers
1533 IN HANDLE FileHandle
,
1534 OUT PIO_STATUS_BLOCK IoStatusBlock
1540 IN HANDLE FileHandle
,
1541 OUT PIO_STATUS_BLOCK IoStatusBlock
1544 * FUNCTION: Flushes a the processors instruction cache
1546 * ProcessHandle = Points to the process owning the cache
1547 * BaseAddress = // might this be a image address ????
1548 * NumberOfBytesToFlush =
1551 * This funciton is used by debuggers
1555 NtFlushInstructionCache(
1556 IN HANDLE ProcessHandle
,
1557 IN PVOID BaseAddress
,
1558 IN UINT NumberOfBytesToFlush
1562 ZwFlushInstructionCache(
1563 IN HANDLE ProcessHandle
,
1564 IN PVOID BaseAddress
,
1565 IN UINT NumberOfBytesToFlush
1568 * FUNCTION: Flushes a registry key to disk
1570 * KeyHandle = Points to the registry key handle
1573 * This funciton maps to the win32 RegFlushKey.
1588 * FUNCTION: Flushes virtual memory to file
1590 * ProcessHandle = Points to the process that allocated the virtual memory
1591 * BaseAddress = Points to the memory address
1592 * NumberOfBytesToFlush = Limits the range to flush,
1593 * NumberOfBytesFlushed = Actual number of bytes flushed
1596 * Check return status on STATUS_NOT_MAPPED_DATA
1600 NtFlushVirtualMemory(
1601 IN HANDLE ProcessHandle
,
1602 IN PVOID BaseAddress
,
1603 IN ULONG NumberOfBytesToFlush
,
1604 OUT PULONG NumberOfBytesFlushed OPTIONAL
1608 ZwFlushVirtualMemory(
1609 IN HANDLE ProcessHandle
,
1610 IN PVOID BaseAddress
,
1611 IN ULONG NumberOfBytesToFlush
,
1612 OUT PULONG NumberOfBytesFlushed OPTIONAL
1616 * FUNCTION: Flushes the dirty pages to file
1618 * FIXME: Not sure this does (how is the file specified)
1620 NTSTATUS STDCALL
NtFlushWriteBuffer(VOID
);
1621 NTSTATUS STDCALL
ZwFlushWriteBuffer(VOID
);
1624 * FUNCTION: Frees a range of virtual memory
1626 * ProcessHandle = Points to the process that allocated the virtual
1628 * BaseAddress = Points to the memory address, rounded down to a
1629 * multiple of the pagesize
1630 * RegionSize = Limits the range to free, rounded up to a multiple of
1632 * FreeType = Can be one of the values: MEM_DECOMMIT, or MEM_RELEASE
1635 NTSTATUS STDCALL
NtFreeVirtualMemory(IN HANDLE ProcessHandle
,
1636 IN PVOID
*BaseAddress
,
1637 IN PULONG RegionSize
,
1639 NTSTATUS STDCALL
ZwFreeVirtualMemory(IN HANDLE ProcessHandle
,
1640 IN PVOID
*BaseAddress
,
1641 IN PULONG RegionSize
,
1645 * FUNCTION: Sends FSCTL to the filesystem
1647 * DeviceHandle = Points to the handle that is created by NtCreateFile
1648 * Event = Event to synchronize on STATUS_PENDING
1651 * IoStatusBlock = Caller should supply storage for
1652 * IoControlCode = Contains the File System Control command. This is an
1653 * index to the structures in InputBuffer and OutputBuffer.
1654 * FSCTL_GET_RETRIEVAL_POINTERS MAPPING_PAIR
1655 * FSCTL_GET_RETRIEVAL_POINTERS GET_RETRIEVAL_DESCRIPTOR
1656 * FSCTL_GET_VOLUME_BITMAP BITMAP_DESCRIPTOR
1657 * FSCTL_MOVE_FILE MOVEFILE_DESCRIPTOR
1659 * InputBuffer = Caller should supply storage for input buffer if FCTL expects one.
1660 * InputBufferSize = Size of the input bufffer
1661 * OutputBuffer = Caller should supply storage for output buffer if FCTL expects one.
1662 * OutputBufferSize = Size of the input bufffer
1663 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES |
1664 * STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST ]
1669 IN HANDLE DeviceHandle
,
1670 IN HANDLE Event OPTIONAL
,
1671 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
1672 IN PVOID ApcContext OPTIONAL
,
1673 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1674 IN ULONG IoControlCode
,
1675 IN PVOID InputBuffer
,
1676 IN ULONG InputBufferSize
,
1677 OUT PVOID OutputBuffer
,
1678 IN ULONG OutputBufferSize
1684 IN HANDLE DeviceHandle
,
1685 IN HANDLE Event OPTIONAL
,
1686 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
1687 IN PVOID ApcContext OPTIONAL
,
1688 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1689 IN ULONG IoControlCode
,
1690 IN PVOID InputBuffer
,
1691 IN ULONG InputBufferSize
,
1692 OUT PVOID OutputBuffer
,
1693 IN ULONG OutputBufferSize
1697 * FUNCTION: Retrieves the processor context of a thread
1699 * ThreadHandle = Handle to a thread
1700 * Context (OUT) = Caller allocated storage for the processor context
1707 IN HANDLE ThreadHandle
,
1708 OUT PCONTEXT Context
1714 IN HANDLE ThreadHandle
,
1715 OUT PCONTEXT Context
1718 * FUNCTION: Retrieves the uptime of the system
1720 * UpTime = Number of clock ticks since boot.
1736 * FUNCTION: Sets a thread to impersonate another
1738 * ThreadHandle = Server thread that will impersonate a client.
1739 ThreadToImpersonate = Client thread that will be impersonated
1740 SecurityQualityOfService = Specifies the impersonation level.
1746 NtImpersonateThread(
1747 IN HANDLE ThreadHandle
,
1748 IN HANDLE ThreadToImpersonate
,
1749 IN PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService
1754 ZwImpersonateThread(
1755 IN HANDLE ThreadHandle
,
1756 IN HANDLE ThreadToImpersonate
,
1757 IN PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService
1761 * FUNCTION: Initializes the registry.
1763 * SetUpBoot = This parameter is true for a setup boot.
1768 NtInitializeRegistry(
1773 ZwInitializeRegistry(
1778 * FUNCTION: Loads a driver.
1780 * DriverServiceName = Name of the driver to load
1786 IN PUNICODE_STRING DriverServiceName
1792 IN PUNICODE_STRING DriverServiceName
1797 * FUNCTION: Loads a registry key.
1799 * KeyHandle = Handle to the registry key
1800 ObjectAttributes = ???
1802 This procedure maps to the win32 procedure RegLoadKey
1809 OBJECT_ATTRIBUTES ObjectAttributes
1815 OBJECT_ATTRIBUTES ObjectAttributes
1818 * FUNCTION: Locks a range of bytes in a file.
1820 * FileHandle = Handle to the file
1821 * Event = Should be null if apc is specified.
1822 * ApcRoutine = Asynchroneous Procedure Callback
1823 * ApcContext = Argument to the callback
1824 * IoStatusBlock (OUT) = Caller should supply storage for a structure containing
1825 * the completion status and information about the requested lock operation.
1826 * ByteOffset = Offset
1827 * Length = Number of bytes to lock.
1828 * Key = Special value to give other threads the possibility to unlock the file
1829 by supplying the key in a call to NtUnlockFile.
1830 * FailImmediatedly = If false the request will block untill the lock is obtained.
1831 * ExclusiveLock = Specifies whether a exclusive or a shared lock is obtained.
1833 This procedure maps to the win32 procedure LockFileEx. STATUS_PENDING is returned if the lock could
1834 not be obtained immediately, the device queue is busy and the IRP is queued.
1835 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES |
1836 STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_LOCK_NOT_GRANTED ]
1842 IN HANDLE FileHandle
,
1843 IN HANDLE Event OPTIONAL
,
1844 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
1845 IN PVOID ApcContext OPTIONAL
,
1846 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1847 IN PLARGE_INTEGER ByteOffset
,
1848 IN PLARGE_INTEGER Length
,
1850 IN BOOLEAN FailImmediatedly
,
1851 IN BOOLEAN ExclusiveLock
1857 IN HANDLE FileHandle
,
1858 IN HANDLE Event OPTIONAL
,
1859 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
1860 IN PVOID ApcContext OPTIONAL
,
1861 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1862 IN PLARGE_INTEGER ByteOffset
,
1863 IN PLARGE_INTEGER Length
,
1865 IN BOOLEAN FailImmediatedly
,
1866 IN BOOLEAN ExclusiveLock
1869 * FUNCTION: Locks a range of virtual memory.
1871 * ProcessHandle = Handle to the process
1872 * BaseAddress = Lower boundary of the range of bytes to lock.
1873 * NumberOfBytesLock = Offset to the upper boundary.
1874 * NumberOfBytesLocked (OUT) = Number of bytes actually locked.
1876 This procedure maps to the win32 procedure VirtualLock
1877 * RETURNS: Status [STATUS_SUCCESS | STATUS_WAS_LOCKED ]
1881 NtLockVirtualMemory(
1882 HANDLE ProcessHandle
,
1884 ULONG NumberOfBytesToLock
,
1885 PULONG NumberOfBytesLocked
1889 ZwLockVirtualMemory(
1890 HANDLE ProcessHandle
,
1892 ULONG NumberOfBytesToLock
,
1893 PULONG NumberOfBytesLocked
1896 * FUNCTION: Makes temporary object that will be removed at next boot.
1898 * Handle = Handle to object
1904 NtMakeTemporaryObject(
1910 ZwMakeTemporaryObject(
1914 * FUNCTION: Maps a view of a section into the virtual address space of a
1917 * SectionHandle = Handle of the section
1918 * ProcessHandle = Handle of the process
1919 * BaseAddress = Desired base address (or NULL) on entry
1920 * Actual base address of the view on exit
1921 * ZeroBits = Number of high order address bits that must be zero
1922 * CommitSize = Size in bytes of the initially committed section of
1924 * SectionOffset = Offset in bytes from the beginning of the section
1925 * to the beginning of the view
1926 * ViewSize = Desired length of map (or zero to map all) on entry
1927 * Actual length mapped on exit
1928 * InheritDisposition = Specified how the view is to be shared with
1930 * AllocateType = Type of allocation for the pages
1931 * Protect = Protection for the committed region of the view
1937 IN HANDLE SectionHandle
,
1938 IN HANDLE ProcessHandle
,
1939 IN OUT PVOID
*BaseAddress
,
1941 IN ULONG CommitSize
,
1942 IN OUT PLARGE_INTEGER SectionOffset OPTIONAL
,
1943 IN OUT PULONG ViewSize
,
1944 IN SECTION_INHERIT InheritDisposition
,
1945 IN ULONG AllocationType
,
1946 IN ULONG AccessProtection
1952 IN HANDLE SectionHandle
,
1953 IN HANDLE ProcessHandle
,
1954 IN OUT PVOID
*BaseAddress
,
1956 IN ULONG CommitSize
,
1957 IN OUT PLARGE_INTEGER SectionOffset OPTIONAL
,
1958 IN OUT PULONG ViewSize
,
1959 IN SECTION_INHERIT InheritDisposition
,
1960 IN ULONG AllocationType
,
1961 IN ULONG AccessProtection
1965 * FUNCTION: Installs a notify for the change of a directory's contents
1967 * FileHandle = Handle to the directory
1969 * ApcRoutine = Start address
1970 * ApcContext = Delimits the range of virtual memory
1971 * for which the new access protection holds
1972 * IoStatusBlock = The new access proctection for the pages
1973 * Buffer = Caller supplies storage for resulting information --> FILE_NOTIFY_INFORMATION
1974 * BufferSize = Size of the buffer
1975 CompletionFilter = Can be one of the following values:
1976 FILE_NOTIFY_CHANGE_FILE_NAME
1977 FILE_NOTIFY_CHANGE_DIR_NAME
1978 FILE_NOTIFY_CHANGE_NAME ( FILE_NOTIFY_CHANGE_FILE_NAME | FILE_NOTIFY_CHANGE_DIR_NAME )
1979 FILE_NOTIFY_CHANGE_ATTRIBUTES
1980 FILE_NOTIFY_CHANGE_SIZE
1981 FILE_NOTIFY_CHANGE_LAST_WRITE
1982 FILE_NOTIFY_CHANGE_LAST_ACCESS
1983 FILE_NOTIFY_CHANGE_CREATION ( change of creation timestamp )
1984 FILE_NOTIFY_CHANGE_EA
1985 FILE_NOTIFY_CHANGE_SECURITY
1986 FILE_NOTIFY_CHANGE_STREAM_NAME
1987 FILE_NOTIFY_CHANGE_STREAM_SIZE
1988 FILE_NOTIFY_CHANGE_STREAM_WRITE
1989 WatchTree = If true the notify will be installed recursively on the targetdirectory and all subdirectories.
1992 * The function maps to the win32 FindFirstChangeNotification, FindNextChangeNotification
1997 NtNotifyChangeDirectoryFile(
1998 IN HANDLE FileHandle
,
1999 IN HANDLE Event OPTIONAL
,
2000 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
2001 IN PVOID ApcContext OPTIONAL
,
2002 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2004 IN ULONG BufferSize
,
2005 IN ULONG CompletionFilter
,
2006 IN BOOLEAN WatchTree
2011 ZwNotifyChangeDirectoryFile(
2012 IN HANDLE FileHandle
,
2013 IN HANDLE Event OPTIONAL
,
2014 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
2015 IN PVOID ApcContext OPTIONAL
,
2016 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2018 IN ULONG BufferSize
,
2019 IN ULONG CompletionFilter
,
2020 IN BOOLEAN WatchTree
2024 * FUNCTION: Installs a notfication callback on registry changes
2026 KeyHandle = Handle to the registry key
2027 Event = Event that should be signalled on modification of the key
2028 ApcRoutine = Routine that should be called on modification of the key
2029 ApcContext = Argument to the ApcRoutine
2031 CompletionFilter = Specifies the kind of notification the caller likes to receive.
2032 Can be a combination of the following values:
2034 REG_NOTIFY_CHANGE_NAME
2035 REG_NOTIFY_CHANGE_ATTRIBUTES
2036 REG_NOTIFY_CHANGE_LAST_SET
2037 REG_NOTIFY_CHANGE_SECURITY
2040 Asynchroneous = If TRUE the changes are reported by signalling an event if false
2041 the function will not return before a change occurs.
2042 ChangeBuffer = Will return the old value
2043 Length = Size of the change buffer
2044 WatchSubtree = Indicates if the caller likes to receive a notification of changes in
2046 * REMARKS: If the key is closed the event is signalled aswell.
2053 IN HANDLE KeyHandle
,
2055 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
2056 IN PVOID ApcContext OPTIONAL
,
2057 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2058 IN ULONG CompletionFilter
,
2059 IN BOOLEAN Asynchroneous
,
2060 OUT PVOID ChangeBuffer
,
2062 IN BOOLEAN WatchSubtree
2068 IN HANDLE KeyHandle
,
2070 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
2071 IN PVOID ApcContext OPTIONAL
,
2072 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2073 IN ULONG CompletionFilter
,
2074 IN BOOLEAN Asynchroneous
,
2075 OUT PVOID ChangeBuffer
,
2077 IN BOOLEAN WatchSubtree
2081 * FUNCTION: Opens an existing directory object
2083 * FileHandle (OUT) = Caller supplied storage for the resulting handle
2084 * DesiredAccess = Requested access to the directory
2085 * ObjectAttributes = Initialized attributes for the object
2091 NtOpenDirectoryObject(
2092 OUT PHANDLE FileHandle
,
2093 IN ACCESS_MASK DesiredAccess
,
2094 IN POBJECT_ATTRIBUTES ObjectAttributes
2098 ZwOpenDirectoryObject(
2099 OUT PHANDLE FileHandle
,
2100 IN ACCESS_MASK DesiredAccess
,
2101 IN POBJECT_ATTRIBUTES ObjectAttributes
2105 * FUNCTION: Opens an existing event
2107 * EventHandle (OUT) = Caller supplied storage for the resulting handle
2108 * DesiredAccess = Requested access to the event
2109 * ObjectAttributes = Initialized attributes for the object
2115 OUT PHANDLE EventHandle
,
2116 IN ACCESS_MASK DesiredAccess
,
2117 IN POBJECT_ATTRIBUTES ObjectAttributes
2123 OUT PHANDLE EventHandle
,
2124 IN ACCESS_MASK DesiredAccess
,
2125 IN POBJECT_ATTRIBUTES ObjectAttributes
2129 * FUNCTION: Opens an existing event pair
2131 * EventHandle (OUT) = Caller supplied storage for the resulting handle
2132 * DesiredAccess = Requested access to the event
2133 * ObjectAttributes = Initialized attributes for the object
2140 OUT PHANDLE EventPairHandle
,
2141 IN ACCESS_MASK DesiredAccess
,
2142 IN POBJECT_ATTRIBUTES ObjectAttributes
2148 OUT PHANDLE EventPairHandle
,
2149 IN ACCESS_MASK DesiredAccess
,
2150 IN POBJECT_ATTRIBUTES ObjectAttributes
2153 * FUNCTION: Opens an existing file
2155 * FileHandle (OUT) = Caller supplied storage for the resulting handle
2156 * DesiredAccess = Requested access to the file
2157 * ObjectAttributes = Initialized attributes for the object
2166 OUT PHANDLE FileHandle
,
2167 IN ACCESS_MASK DesiredAccess
,
2168 IN POBJECT_ATTRIBUTES ObjectAttributes
,
2169 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2170 IN ULONG ShareAccess
,
2171 IN ULONG OpenOptions
2177 OUT PHANDLE FileHandle
,
2178 IN ACCESS_MASK DesiredAccess
,
2179 IN POBJECT_ATTRIBUTES ObjectAttributes
,
2180 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2181 IN ULONG ShareAccess
,
2182 IN ULONG OpenOptions
2186 * FUNCTION: Opens an existing io completion object
2188 * CompletionPort (OUT) = Caller supplied storage for the resulting handle
2189 * DesiredAccess = Requested access to the io completion object
2190 * ObjectAttributes = Initialized attributes for the object
2197 OUT PHANDLE CompetionPort
,
2198 IN ACCESS_MASK DesiredAccess
,
2199 IN POBJECT_ATTRIBUTES ObjectAttributes
2205 OUT PHANDLE CompetionPort
,
2206 IN ACCESS_MASK DesiredAccess
,
2207 IN POBJECT_ATTRIBUTES ObjectAttributes
2211 * FUNCTION: Opens an existing key in the registry
2213 * KeyHandle (OUT) = Caller supplied storage for the resulting handle
2214 * DesiredAccess = Requested access to the key
2215 * ObjectAttributes = Initialized attributes for the object
2221 OUT PHANDLE KeyHandle
,
2222 IN ACCESS_MASK DesiredAccess
,
2223 IN POBJECT_ATTRIBUTES ObjectAttributes
2229 OUT PHANDLE KeyHandle
,
2230 IN ACCESS_MASK DesiredAccess
,
2231 IN POBJECT_ATTRIBUTES ObjectAttributes
2234 * FUNCTION: Opens an existing key in the registry
2236 * MutantHandle (OUT) = Caller supplied storage for the resulting handle
2237 * DesiredAccess = Requested access to the mutant
2238 * ObjectAttribute = Initialized attributes for the object
2244 OUT PHANDLE MutantHandle
,
2245 IN ACCESS_MASK DesiredAccess
,
2246 IN POBJECT_ATTRIBUTES ObjectAttributes
2251 OUT PHANDLE MutantHandle
,
2252 IN ACCESS_MASK DesiredAccess
,
2253 IN POBJECT_ATTRIBUTES ObjectAttributes
2258 NtOpenObjectAuditAlarm(
2259 IN PUNICODE_STRING SubsystemName
,
2261 IN POBJECT_ATTRIBUTES ObjectAttributes
,
2262 IN HANDLE ClientToken
,
2263 IN ULONG DesiredAccess
,
2264 IN ULONG GrantedAccess
,
2265 IN PPRIVILEGE_SET Privileges
,
2266 IN BOOLEAN ObjectCreation
,
2267 IN BOOLEAN AccessGranted
,
2268 OUT PBOOLEAN GenerateOnClose
2273 ZwOpenObjectAuditAlarm(
2274 IN PUNICODE_STRING SubsystemName
,
2276 IN POBJECT_ATTRIBUTES ObjectAttributes
,
2277 IN HANDLE ClientToken
,
2278 IN ULONG DesiredAccess
,
2279 IN ULONG GrantedAccess
,
2280 IN PPRIVILEGE_SET Privileges
,
2281 IN BOOLEAN ObjectCreation
,
2282 IN BOOLEAN AccessGranted
,
2283 OUT PBOOLEAN GenerateOnClose
2286 * FUNCTION: Opens an existing process
2288 * ProcessHandle (OUT) = Caller supplied storage for the resulting handle
2289 * DesiredAccess = Requested access to the process
2290 * ObjectAttribute = Initialized attributes for the object
2291 * ClientId = Identifies the process id to open
2297 OUT PHANDLE ProcessHandle
,
2298 IN ACCESS_MASK DesiredAccess
,
2299 IN POBJECT_ATTRIBUTES ObjectAttributes
,
2300 IN PCLIENT_ID ClientId
2305 OUT PHANDLE ProcessHandle
,
2306 IN ACCESS_MASK DesiredAccess
,
2307 IN POBJECT_ATTRIBUTES ObjectAttributes
,
2308 IN PCLIENT_ID ClientId
2311 * FUNCTION: Opens an existing process
2313 * ProcessHandle = Handle of the process of which owns the token
2314 * DesiredAccess = Requested access to the token
2315 * TokenHandle (OUT) = Caller supplies storage for the resulting token.
2317 This function maps to the win32
2324 IN HANDLE ProcessHandle
,
2325 IN ACCESS_MASK DesiredAccess
,
2326 OUT PHANDLE TokenHandle
2332 IN HANDLE ProcessHandle
,
2333 IN ACCESS_MASK DesiredAccess
,
2334 OUT PHANDLE TokenHandle
2338 * FUNCTION: Opens an existing section object
2340 * KeyHandle (OUT) = Caller supplied storage for the resulting handle
2341 * DesiredAccess = Requested access to the key
2342 * ObjectAttribute = Initialized attributes for the object
2349 OUT PHANDLE SectionHandle
,
2350 IN ACCESS_MASK DesiredAccess
,
2351 IN POBJECT_ATTRIBUTES ObjectAttributes
2356 OUT PHANDLE SectionHandle
,
2357 IN ACCESS_MASK DesiredAccess
,
2358 IN POBJECT_ATTRIBUTES ObjectAttributes
2361 * FUNCTION: Opens an existing semaphore
2363 * SemaphoreHandle (OUT) = Caller supplied storage for the resulting handle
2364 * DesiredAccess = Requested access to the semaphore
2365 * ObjectAttribute = Initialized attributes for the object
2371 IN HANDLE SemaphoreHandle
,
2372 IN ACCESS_MASK DesiredAcces
,
2373 IN POBJECT_ATTRIBUTES ObjectAttributes
2378 IN HANDLE SemaphoreHandle
,
2379 IN ACCESS_MASK DesiredAcces
,
2380 IN POBJECT_ATTRIBUTES ObjectAttributes
2383 * FUNCTION: Opens an existing symbolic link
2385 * SymbolicLinkHandle (OUT) = Caller supplied storage for the resulting handle
2386 * DesiredAccess = Requested access to the symbolic link
2387 * ObjectAttribute = Initialized attributes for the object
2392 NtOpenSymbolicLinkObject(
2393 OUT PHANDLE SymbolicLinkHandle
,
2394 IN ACCESS_MASK DesiredAccess
,
2395 IN POBJECT_ATTRIBUTES ObjectAttributes
2399 ZwOpenSymbolicLinkObject(
2400 OUT PHANDLE SymbolicLinkHandle
,
2401 IN ACCESS_MASK DesiredAccess
,
2402 IN POBJECT_ATTRIBUTES ObjectAttributes
2405 * FUNCTION: Opens an existing thread
2407 * ThreadHandle (OUT) = Caller supplied storage for the resulting handle
2408 * DesiredAccess = Requested access to the thread
2409 * ObjectAttribute = Initialized attributes for the object
2410 * ClientId = Identifies the thread to open.
2416 OUT PHANDLE ThreadHandle
,
2417 IN ACCESS_MASK DesiredAccess
,
2418 IN POBJECT_ATTRIBUTES ObjectAttributes
,
2419 IN PCLIENT_ID ClientId
2424 OUT PHANDLE ThreadHandle
,
2425 IN ACCESS_MASK DesiredAccess
,
2426 IN POBJECT_ATTRIBUTES ObjectAttributes
,
2427 IN PCLIENT_ID ClientId
2433 IN HANDLE ThreadHandle
,
2434 IN ACCESS_MASK DesiredAccess
,
2435 IN BOOLEAN OpenAsSelf
,
2436 OUT PHANDLE TokenHandle
2442 IN HANDLE ThreadHandle
,
2443 IN ACCESS_MASK DesiredAccess
,
2444 IN BOOLEAN OpenAsSelf
,
2445 OUT PHANDLE TokenHandle
2448 * FUNCTION: Opens an existing timer
2450 * TimerHandle (OUT) = Caller supplied storage for the resulting handle
2451 * DesiredAccess = Requested access to the timer
2452 * ObjectAttribute = Initialized attributes for the object
2458 OUT PHANDLE TimerHandle
,
2459 IN ACCESS_MASK DesiredAccess
,
2460 IN POBJECT_ATTRIBUTES ObjectAttributes
2465 OUT PHANDLE TimerHandle
,
2466 IN ACCESS_MASK DesiredAccess
,
2467 IN POBJECT_ATTRIBUTES ObjectAttributes
2471 * FUNCTION: Checks an access token for specific privileges
2473 * ClientToken = Handle to a access token structure
2474 * RequiredPrivileges = Specifies the requested privileges.
2475 * Result = Caller supplies storage for the result. If PRIVILEGE_SET_ALL_NECESSARY is
2476 set in the Control member of PRIVILEGES_SET Result
2477 will only be TRUE if all privileges are present in the access token.
2484 IN HANDLE ClientToken
,
2485 IN PPRIVILEGE_SET RequiredPrivileges
,
2492 IN HANDLE ClientToken
,
2493 IN PPRIVILEGE_SET RequiredPrivileges
,
2499 NtPrivilegedServiceAuditAlarm(
2500 IN PUNICODE_STRING SubsystemName
,
2501 IN PUNICODE_STRING ServiceName
,
2502 IN HANDLE ClientToken
,
2503 IN PPRIVILEGE_SET Privileges
,
2504 IN BOOLEAN AccessGranted
2509 ZwPrivilegedServiceAuditAlarm(
2510 IN PUNICODE_STRING SubsystemName
,
2511 IN PUNICODE_STRING ServiceName
,
2512 IN HANDLE ClientToken
,
2513 IN PPRIVILEGE_SET Privileges
,
2514 IN BOOLEAN AccessGranted
2519 NtPrivilegeObjectAuditAlarm(
2520 IN PUNICODE_STRING SubsystemName
,
2522 IN HANDLE ClientToken
,
2523 IN ULONG DesiredAccess
,
2524 IN PPRIVILEGE_SET Privileges
,
2525 IN BOOLEAN AccessGranted
2530 ZwPrivilegeObjectAuditAlarm(
2531 IN PUNICODE_STRING SubsystemName
,
2533 IN HANDLE ClientToken
,
2534 IN ULONG DesiredAccess
,
2535 IN PPRIVILEGE_SET Privileges
,
2536 IN BOOLEAN AccessGranted
2540 * FUNCTION: Entry point for native applications
2542 * Peb = Pointes to the Process Environment Block (PEB)
2544 * Native applications should use this function instead of a main.
2545 * Calling proces should terminate itself.
2554 * FUNCTION: Set the access protection of a range of virtual memory
2556 * ProcessHandle = Handle to process owning the virtual address space
2557 * BaseAddress = Start address
2558 * NumberOfBytesToProtect = Delimits the range of virtual memory
2559 * for which the new access protection holds
2560 * NewAccessProtection = The new access proctection for the pages
2561 * OldAccessProtection = Caller should supply storage for the old
2565 * The function maps to the win32 VirtualProtectEx
2570 NtProtectVirtualMemory(
2571 IN HANDLE ProcessHandle
,
2572 IN PVOID BaseAddress
,
2573 IN ULONG NumberOfBytesToProtect
,
2574 IN ULONG NewAccessProtection
,
2575 OUT PULONG OldAccessProtection
2580 ZwProtectVirtualMemory(
2581 IN HANDLE ProcessHandle
,
2582 IN PVOID BaseAddress
,
2583 IN ULONG NumberOfBytesToProtect
,
2584 IN ULONG NewAccessProtection
,
2585 OUT PULONG OldAccessProtection
2590 * FUNCTION: Signals an event and resets it afterwards.
2592 * EventHandle = Handle to the event
2593 * PulseCount = Number of times the action is repeated
2599 IN HANDLE EventHandle
,
2600 IN PULONG PulseCount OPTIONAL
2606 IN HANDLE EventHandle
,
2607 IN PULONG PulseCount OPTIONAL
2611 * FUNCTION: Queries the attributes of a file
2613 * FileHandle = Handle to the file
2614 * Buffer = Caller supplies storage for the attributes
2620 NtQueryAttributesFile(
2621 IN HANDLE FileHandle
,
2627 ZwQueryAttributesFile(
2628 IN HANDLE FileHandle
,
2634 * FUNCTION: Queries a directory file.
2636 * FileHandle = Handle to a directory file
2637 * EventHandle = Handle to the event signaled on completion
2638 * ApcRoutine = Asynchroneous procedure callback, called on completion
2639 * ApcContext = Argument to the apc.
2640 * IoStatusBlock = Caller supplies storage for extended status information.
2641 * FileInformation = Caller supplies storage for the resulting information.
2643 * FileNameInformation FILE_NAMES_INFORMATION
2644 * FileDirectoryInformation FILE_DIRECTORY_INFORMATION
2645 * FileFullDirectoryInformation FILE_FULL_DIRECTORY_INFORMATION
2646 * FileBothDirectoryInformation FILE_BOTH_DIR_INFORMATION
2648 * Length = Size of the storage supplied
2649 * FileInformationClass = Indicates the type of information requested.
2650 * ReturnSingleEntry = Specify true if caller only requests the first directory found.
2651 * FileName = Initial directory name to query, that may contain wild cards.
2652 * RestartScan = Number of times the action should be repeated
2653 * RETURNS: Status [ STATUS_SUCCESS, STATUS_ACCESS_DENIED, STATUS_INSUFFICIENT_RESOURCES,
2654 * STATUS_INVALID_PARAMETER, STATUS_INVALID_DEVICE_REQUEST, STATUS_BUFFER_OVERFLOW,
2655 * STATUS_INVALID_INFO_CLASS, STATUS_NO_SUCH_FILE, STATUS_NO_MORE_FILES ]
2660 NtQueryDirectoryFile(
2661 IN HANDLE FileHandle
,
2662 IN HANDLE Event OPTIONAL
,
2663 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
2664 IN PVOID ApcContext OPTIONAL
,
2665 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2666 OUT PVOID FileInformation
,
2668 IN FILE_INFORMATION_CLASS FileInformationClass
,
2669 IN BOOLEAN ReturnSingleEntry
,
2670 IN PUNICODE_STRING FileName OPTIONAL
,
2671 IN BOOLEAN RestartScan
2676 ZwQueryDirectoryFile(
2677 IN HANDLE FileHandle
,
2678 IN HANDLE Event OPTIONAL
,
2679 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
2680 IN PVOID ApcContext OPTIONAL
,
2681 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2682 OUT PVOID FileInformation
,
2684 IN FILE_INFORMATION_CLASS FileInformationClass
,
2685 IN BOOLEAN ReturnSingleEntry
,
2686 IN PUNICODE_STRING FileName OPTIONAL
,
2687 IN BOOLEAN RestartScan
2691 * FUNCTION: Query information about the content of a directory object
2693 DirObjInformation = Buffer must be large enough to hold the name strings too
2694 GetNextIndex = If TRUE :return the index of the next object in this directory in ObjectIndex
2695 If FALSE: return the number of objects in this directory in ObjectIndex
2696 IgnoreInputIndex= If TRUE: ignore input value of ObjectIndex always start at index 0
2697 If FALSE use input value of ObjectIndex
2698 ObjectIndex = zero based index of object in the directory depends on GetNextIndex and IgnoreInputIndex
2699 DataWritten = Actual size of the ObjectIndex ???
2704 NtQueryDirectoryObject(
2705 IN HANDLE DirObjHandle
,
2706 OUT POBJDIR_INFORMATION DirObjInformation
,
2707 IN ULONG BufferLength
,
2708 IN BOOLEAN GetNextIndex
,
2709 IN BOOLEAN IgnoreInputIndex
,
2710 IN OUT PULONG ObjectIndex
,
2711 OUT PULONG DataWritten OPTIONAL
2716 ZwQueryDirectoryObject(
2717 IN HANDLE DirObjHandle
,
2718 OUT POBJDIR_INFORMATION DirObjInformation
,
2719 IN ULONG BufferLength
,
2720 IN BOOLEAN GetNextIndex
,
2721 IN BOOLEAN IgnoreInputIndex
,
2722 IN OUT PULONG ObjectIndex
,
2723 OUT PULONG DataWritten OPTIONAL
2727 * FUNCTION: Queries the extended attributes of a file
2729 * FileHandle = Handle to the event
2730 * IoStatusBlock = Number of times the action is repeated
2744 IN HANDLE FileHandle
,
2745 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2748 IN BOOLEAN ReturnSingleEntry
,
2749 IN PVOID EaList OPTIONAL
,
2750 IN ULONG EaListLength
,
2751 IN PULONG EaIndex OPTIONAL
,
2752 IN BOOLEAN RestartScan
2758 IN HANDLE FileHandle
,
2759 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2762 IN BOOLEAN ReturnSingleEntry
,
2763 IN PVOID EaList OPTIONAL
,
2764 IN ULONG EaListLength
,
2765 IN PULONG EaIndex OPTIONAL
,
2766 IN BOOLEAN RestartScan
2769 * FUNCTION: Queries an event
2771 * EventHandle = Handle to the event
2772 * EventInformationClass = Index of the information structure
2774 EventBasicInformation EVENT_BASIC_INFORMATION
2776 * EventInformation = Caller supplies storage for the information structure
2777 * EventInformationLength = Size of the information structure
2778 * ReturnLength = Data written
2786 IN HANDLE EventHandle
,
2787 IN CINT EventInformationClass
,
2788 OUT PVOID EventInformation
,
2789 IN ULONG EventInformationLength
,
2790 OUT PULONG ReturnLength
2796 IN HANDLE EventHandle
,
2797 IN CINT EventInformationClass
,
2798 OUT PVOID EventInformation
,
2799 IN ULONG EventInformationLength
,
2800 OUT PULONG ReturnLength
2804 NtQueryFullAttributesFile(
2805 IN HANDLE FileHandle
,
2810 ZwQueryFullAttributesFile(
2811 IN HANDLE FileHandle
,
2817 NtQueryInformationAtom(
2818 IN HANDLE AtomHandle
,
2819 IN CINT AtomInformationClass
,
2820 OUT PVOID AtomInformation
,
2821 IN ULONG AtomInformationLength
,
2822 OUT PULONG ReturnLength
2826 NtQueryInformationAtom(
2827 IN HANDLE AtomHandle
,
2828 IN CINT AtomInformationClass
,
2829 OUT PVOID AtomInformation
,
2830 IN ULONG AtomInformationLength
,
2831 OUT PULONG ReturnLength
2837 * FUNCTION: Queries the information of a file object.
2839 * FileHandle = Handle to the file object
2840 * IoStatusBlock = Caller supplies storage for extended information
2841 * on the current operation.
2842 * FileInformation = Storage for the new file information
2843 * Lenght = Size of the storage for the file information.
2844 * FileInformationClass = Indicates which file information is queried
2846 FileDirectoryInformation FILE_DIRECTORY_INFORMATION
2847 FileFullDirectoryInformation FILE_FULL_DIRECTORY_INFORMATION
2848 FileBothDirectoryInformation FILE_BOTH_DIRECTORY_INFORMATION
2849 FileBasicInformation FILE_BASIC_INFORMATION
2850 FileStandardInformation FILE_STANDARD_INFORMATION
2851 FileInternalInformation FILE_INTERNAL_INFORMATION
2852 FileEaInformation FILE_EA_INFORMATION
2853 FileAccessInformation FILE_ACCESS_INFORMATION
2854 FileNameInformation FILE_NAME_INFORMATION
2855 FileRenameInformation FILE_RENAME_INFORMATION
2857 FileNamesInformation FILE_NAMES_INFORMATION
2858 FileDispositionInformation FILE_DISPOSITION_INFORMATION
2859 FilePositionInformation FILE_POSITION_INFORMATION
2860 FileFullEaInformation FILE_FULL_EA_INFORMATION
2861 FileModeInformation FILE_MODE_INFORMATION
2862 FileAlignmentInformation FILE_ALIGNMENT_INFORMATION
2863 FileAllInformation FILE_ALL_INFORMATION
2865 FileEndOfFileInformation FILE_END_OF_FILE_INFORMATION
2866 FileAlternateNameInformation
2867 FileStreamInformation FILE_STREAM_INFORMATION
2869 FilePipeLocalInformation
2870 FilePipeRemoteInformation
2871 FileMailslotQueryInformation
2872 FileMailslotSetInformation
2873 FileCompressionInformation FILE_COMPRESSION_INFORMATION
2874 FileCopyOnWriteInformation
2875 FileCompletionInformation IO_COMPLETION_CONTEXT
2876 FileMoveClusterInformation
2877 FileOleClassIdInformation
2878 FileOleStateBitsInformation
2879 FileNetworkOpenInformation FILE_NETWORK_OPEN_INFORMATION
2880 FileObjectIdInformation
2881 FileOleAllInformation
2882 FileOleDirectoryInformation
2883 FileContentIndexInformation
2884 FileInheritContentIndexInformation
2886 FileMaximumInformation
2889 * This procedure maps to the win32 GetShortPathName, GetLongPathName,
2890 GetFullPathName, GetFileType, GetFileSize, GetFileTime functions.
2895 NtQueryInformationFile(
2896 IN HANDLE FileHandle
,
2897 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2898 OUT PVOID FileInformation
,
2900 IN FILE_INFORMATION_CLASS FileInformationClass
2905 ZwQueryInformationFile(
2907 PIO_STATUS_BLOCK IoStatusBlock
,
2908 PVOID FileInformation
,
2910 FILE_INFORMATION_CLASS FileInformationClass
2914 * FUNCTION: Queries the information of a process object.
2916 * ProcessHandle = Handle to the process object
2917 * ProcessInformation = Index to a certain information structure
2919 ProcessBasicInformation PROCESS_BASIC_INFORMATION
2920 ProcessQuotaLimits QUOTA_LIMITS
2921 ProcessIoCounters IO_COUNTERS
2922 ProcessVmCounters VM_COUNTERS
2923 ProcessTimes KERNEL_USER_TIMES
2924 ProcessBasePriority KPRIORITY
2925 ProcessRaisePriority KPRIORITY
2926 ProcessDebugPort HANDLE
2927 ProcessExceptionPort HANDLE
2928 ProcessAccessToken PROCESS_ACCESS_TOKEN
2929 ProcessLdtInformation LDT_ENTRY ??
2930 ProcessLdtSize ULONG
2931 ProcessDefaultHardErrorMode ULONG
2932 ProcessIoPortHandlers // kernel mode only
2933 ProcessPooledUsageAndLimits POOLED_USAGE_AND_LIMITS
2934 ProcessWorkingSetWatch PROCESS_WS_WATCH_INFORMATION
2935 ProcessUserModeIOPL (I/O Privilege Level)
2936 ProcessEnableAlignmentFaultFixup BOOLEAN
2937 ProcessPriorityClass ULONG
2938 ProcessWx86Information ULONG
2939 ProcessHandleCount ULONG
2940 ProcessAffinityMask ULONG
2941 ProcessPooledQuotaLimits QUOTA_LIMITS
2944 * ProcessInformation = Caller supplies storage for the process information structure
2945 * ProcessInformationLength = Size of the process information structure
2946 * ReturnLength = Actual number of bytes written
2949 * This procedure maps to the win32 GetProcessTimes, GetProcessVersion,
2950 GetProcessWorkingSetSize, GetProcessPriorityBoost, GetProcessAffinityMask, GetPriorityClass,
2951 GetProcessShutdownParameters functions.
2957 NtQueryInformationProcess(
2958 IN HANDLE ProcessHandle
,
2959 IN CINT ProcessInformationClass
,
2960 OUT PVOID ProcessInformation
,
2961 IN ULONG ProcessInformationLength
,
2962 OUT PULONG ReturnLength
2967 ZwQueryInformationProcess(
2968 IN HANDLE ProcessHandle
,
2969 IN CINT ProcessInformationClass
,
2970 OUT PVOID ProcessInformation
,
2971 IN ULONG ProcessInformationLength
,
2972 OUT PULONG ReturnLength
2977 * FUNCTION: Queries the information of a thread object.
2979 * ThreadHandle = Handle to the thread object
2980 * ThreadInformationClass = Index to a certain information structure
2982 ThreadBasicInformation THREAD_BASIC_INFORMATION
2983 ThreadTimes KERNEL_USER_TIMES
2984 ThreadPriority KPRIORITY
2985 ThreadBasePriority KPRIORITY
2986 ThreadAffinityMask KAFFINITY
2987 ThreadImpersonationToken
2988 ThreadDescriptorTableEntry
2989 ThreadEnableAlignmentFaultFixup
2991 ThreadQuerySetWin32StartAddress
2993 ThreadPerformanceCount
2994 ThreadAmILastThread BOOLEAN
2995 ThreadIdealProcessor ULONG
2996 ThreadPriorityBoost ULONG
3000 * ThreadInformation = Caller supplies torage for the thread information
3001 * ThreadInformationLength = Size of the thread information structure
3002 * ReturnLength = Actual number of bytes written
3005 * This procedure maps to the win32 GetThreadTimes, GetThreadPriority,
3006 GetThreadPriorityBoost functions.
3013 NtQueryInformationThread(
3014 IN HANDLE ThreadHandle
,
3015 IN THREADINFOCLASS ThreadInformationClass
,
3016 OUT PVOID ThreadInformation
,
3017 IN ULONG ThreadInformationLength
,
3018 OUT PULONG ReturnLength
3024 NtQueryInformationToken(
3025 IN HANDLE TokenHandle
,
3026 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
3027 OUT PVOID TokenInformation
,
3028 IN ULONG TokenInformationLength
,
3029 OUT PULONG ReturnLength
3034 ZwQueryInformationToken(
3035 IN HANDLE TokenHandle
,
3036 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
3037 OUT PVOID TokenInformation
,
3038 IN ULONG TokenInformationLength
,
3039 OUT PULONG ReturnLength
3043 * FUNCTION: Query the interval and the clocksource for profiling
3051 NtQueryIntervalProfile(
3052 OUT PULONG Interval
,
3053 OUT PULONG ClockSource
3058 ZwQueryIntervalProfile(
3059 OUT PULONG Interval
,
3060 OUT PULONG ClockSource
3067 NtQueryIoCompletion(
3068 IN HANDLE CompletionPort
,
3069 IN ULONG CompletionKey
,
3070 OUT PIO_STATUS_BLOCK IoStatusBlock
,
3071 OUT PULONG NumberOfBytesTransferred
3075 ZwQueryIoCompletion(
3076 IN HANDLE CompletionPort
,
3077 IN ULONG CompletionKey
,
3078 OUT PIO_STATUS_BLOCK IoStatusBlock
,
3079 OUT PULONG NumberOfBytesTransferred
3084 * FUNCTION: Queries the information of a registry key object.
3086 KeyHandle = Handle to a registry key
3087 KeyInformationClass = Index to a certain information structure
3088 KeyInformation = Caller supplies storage for resulting information
3089 Length = Size of the supplied storage
3090 ResultLength = Bytes written
3095 IN HANDLE KeyHandle
,
3096 IN KEY_INFORMATION_CLASS KeyInformationClass
,
3097 OUT PVOID KeyInformation
,
3099 OUT PULONG ResultLength
3105 IN HANDLE KeyHandle
,
3106 IN KEY_INFORMATION_CLASS KeyInformationClass
,
3107 OUT PVOID KeyInformation
,
3109 OUT PULONG ResultLength
3117 NtQueryMultipleValueKey(
3119 PVALENT ListOfValuesToQuery
,
3120 ULONG NumberOfItems
,
3121 PVOID MultipleValueInformation
,
3128 ZwQueryMultipleValueKey(
3130 PVALENT ListOfValuesToQuery
,
3131 ULONG NumberOfItems
,
3132 PVOID MultipleValueInformation
,
3138 * FUNCTION: Queries the information of a mutant object.
3140 MutantHandle = Handle to a mutant
3141 MutantInformationClass = Index to a certain information structure
3142 MutantInformation = Caller supplies storage for resulting information
3143 Length = Size of the supplied storage
3144 ResultLength = Bytes written
3149 IN HANDLE MutantHandle
,
3150 IN CINT MutantInformationClass
,
3151 OUT PVOID MutantInformation
,
3153 OUT PULONG ResultLength
3159 IN HANDLE MutantHandle
,
3160 IN CINT MutantInformationClass
,
3161 OUT PVOID MutantInformation
,
3163 OUT PULONG ResultLength
3166 * FUNCTION: Queries the information of a object.
3168 ObjectHandle = Handle to a object
3169 ObjectInformationClass = Index to a certain information structure
3171 ObjectBasicInformation
3172 ObjectTypeInformation OBJECT_TYPE_INFORMATION
3173 ObjectNameInformation OBJECT_NAME_INFORMATION
3174 ObjectDataInformation OBJECT_DATA_INFORMATION
3176 ObjectInformation = Caller supplies storage for resulting information
3177 Length = Size of the supplied storage
3178 ResultLength = Bytes written
3184 IN HANDLE ObjectHandle
,
3185 IN CINT ObjectInformationClass
,
3186 OUT PVOID ObjectInformation
,
3188 OUT PULONG ResultLength
3194 IN HANDLE ObjectHandle
,
3195 IN CINT ObjectInformationClass
,
3196 OUT PVOID ObjectInformation
,
3198 OUT PULONG ResultLength
3202 * FUNCTION: Queries the system ( high-resolution ) performance counter.
3204 * Counter = Performance counter
3205 * Frequency = Performance frequency
3207 This procedure queries a tick count faster than 10ms ( The resolution for Intel®-based CPUs is about 0.8 microseconds.)
3208 This procedure maps to the win32 QueryPerformanceCounter, QueryPerformanceFrequency
3214 NtQueryPerformanceCounter(
3215 IN PLARGE_INTEGER Counter
,
3216 IN PLARGE_INTEGER Frequency
3221 ZwQueryPerformanceCounter(
3222 IN PLARGE_INTEGER Counter
,
3223 IN PLARGE_INTEGER Frequency
3226 * FUNCTION: Queries the information of a section object.
3228 * SectionHandle = Handle to the section link object
3229 * SectionInformationClass = Index to a certain information structure
3230 * SectionInformation (OUT)= Caller supplies storage for resulting information
3231 * Length = Size of the supplied storage
3232 * ResultLength = Data written
3239 IN HANDLE SectionHandle
,
3240 IN CINT SectionInformationClass
,
3241 OUT PVOID SectionInformation
,
3243 OUT PULONG ResultLength
3249 IN HANDLE SectionHandle
,
3250 IN CINT SectionInformationClass
,
3251 OUT PVOID SectionInformation
,
3253 OUT PULONG ResultLength
3258 NtQuerySecurityObject(
3260 IN CINT SecurityObjectInformationClass
,
3261 OUT PVOID SecurityObjectInformation
,
3263 OUT PULONG ReturnLength
3268 ZwQuerySecurityObject(
3270 IN CINT SecurityObjectInformationClass
,
3271 OUT PVOID SecurityObjectInformation
,
3273 OUT PULONG ReturnLength
3278 * FUNCTION: Queries the information of a semaphore.
3280 * SemaphoreHandle = Handle to the semaphore object
3281 * SemaphoreInformationClass = Index to a certain information structure
3283 SemaphoreBasicInformation SEMAPHORE_BASIC_INFORMATION
3285 * SemaphoreInformation = Caller supplies storage for the semaphore information structure
3286 * Length = Size of the infomation structure
3292 HANDLE SemaphoreHandle
,
3293 CINT SemaphoreInformationClass
,
3294 OUT PVOID SemaphoreInformation
,
3302 HANDLE SemaphoreHandle
,
3303 CINT SemaphoreInformationClass
,
3304 OUT PVOID SemaphoreInformation
,
3310 * FUNCTION: Queries the information of a symbolic link object.
3312 * SymbolicLinkHandle = Handle to the symbolic link object
3313 * LinkTarget = resolved name of link
3314 * DataWritten = size of the LinkName.
3320 NtQuerySymbolicLinkObject(
3321 IN HANDLE SymLinkObjHandle
,
3322 OUT PUNICODE_STRING LinkTarget
,
3323 OUT PULONG DataWritten OPTIONAL
3328 ZwQuerySymbolicLinkObject(
3329 IN HANDLE SymLinkObjHandle
,
3330 OUT PUNICODE_STRING LinkName
,
3331 OUT PULONG DataWritten OPTIONAL
3336 * FUNCTION: Queries a system environment variable.
3338 * Name = Name of the variable
3339 * Value (OUT) = value of the variable
3340 * Length = size of the buffer
3341 * ReturnLength = data written
3347 NtQuerySystemEnvironmentValue(
3348 IN PUNICODE_STRING Name
,
3356 ZwQuerySystemEnvironmentValue(
3357 IN PUNICODE_STRING Name
,
3365 * FUNCTION: Queries the system information.
3367 * SystemInformationClass = Index to a certain information structure
3369 SystemTimeAdjustmentInformation SYSTEM_TIME_ADJUSTMENT
3370 SystemCacheInformation SYSTEM_CACHE_INFORMATION
3371 SystemConfigurationInformation CONFIGURATION_INFORMATION
3373 * SystemInformation = caller supplies storage for the information structure
3374 * Length = size of the structure
3375 ResultLength = Data written
3381 NtQuerySystemInformation(
3382 IN CINT SystemInformationClass
,
3383 OUT PVOID SystemInformation
,
3385 OUT PULONG ResultLength
3390 ZwQuerySystemInformation(
3391 IN CINT SystemInformationClass
,
3392 OUT PVOID SystemInformation
,
3394 OUT PULONG ResultLength
3398 * FUNCTION: Retrieves the system time
3400 * CurrentTime (OUT) = Caller should supply storage for the resulting time.
3408 OUT TIME
*CurrentTime
3414 OUT TIME
*CurrentTime
3418 * FUNCTION: Queries information about a timer
3420 * TimerHandle = Handle to the timer
3421 TimerValueInformationClass = Index to a certain information structure
3422 TimerValueInformation = Caller supplies storage for the information structure
3423 Length = Size of the information structure
3424 ResultLength = Data written
3431 IN HANDLE TimerHandle
,
3432 IN CINT TimerInformationClass
,
3433 OUT PVOID TimerInformation
,
3435 OUT PULONG ResultLength
3440 IN HANDLE TimerHandle
,
3441 IN CINT TimerInformationClass
,
3442 OUT PVOID TimerInformation
,
3444 OUT PULONG ResultLength
3448 * FUNCTION: Queries the timer resolution
3450 * MinimumResolution (OUT) = Caller should supply storage for the resulting time.
3451 Maximum Resolution (OUT) = Caller should supply storage for the resulting time.
3452 ActualResolution (OUT) = Caller should supply storage for the resulting time.
3460 NtQueryTimerResolution (
3461 OUT PULONG MinimumResolution
,
3462 OUT PULONG MaximumResolution
,
3463 OUT PULONG ActualResolution
3468 ZwQueryTimerResolution (
3469 OUT PULONG MinimumResolution
,
3470 OUT PULONG MaximumResolution
,
3471 OUT PULONG ActualResolution
3475 * FUNCTION: Queries a registry key value
3477 * KeyHandle = Handle to the registry key
3478 ValueName = Name of the value in the registry key
3479 KeyValueInformationClass = Index to a certain information structure
3481 KeyValueBasicInformation = KEY_VALUE_BASIC_INFORMATION
3482 KeyValueFullInformation = KEY_FULL_INFORMATION
3483 KeyValuePartialInformation = KEY_VALUE_PARTIAL_INFORMATION
3485 KeyValueInformation = Caller supplies storage for the information structure
3486 Length = Size of the information structure
3487 ResultLength = Data written
3494 IN HANDLE KeyHandle
,
3495 IN PUNICODE_STRING ValueName
,
3496 IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass
,
3497 OUT PVOID KeyValueInformation
,
3499 OUT PULONG ResultLength
3505 IN HANDLE KeyHandle
,
3506 IN PUNICODE_STRING ValueName
,
3507 IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass
,
3508 OUT PVOID KeyValueInformation
,
3510 OUT PULONG ResultLength
3517 * FUNCTION: Queries the virtual memory information.
3519 ProcessHandle = Process owning the virtual address space
3520 BaseAddress = Points to the page where the information is queried for.
3521 * VirtualMemoryInformationClass = Index to a certain information structure
3523 MemoryBasicInformation MEMORY_BASIC_INFORMATION
3525 * VirtualMemoryInformation = caller supplies storage for the information structure
3526 * Length = size of the structure
3527 ResultLength = Data written
3534 NtQueryVirtualMemory(
3535 IN HANDLE ProcessHandle
,
3537 IN IN CINT VirtualMemoryInformationClass
,
3538 OUT PVOID VirtualMemoryInformation
,
3540 OUT PULONG ResultLength
3544 ZwQueryVirtualMemory(
3545 IN HANDLE ProcessHandle
,
3547 IN IN CINT VirtualMemoryInformationClass
,
3548 OUT PVOID VirtualMemoryInformation
,
3550 OUT PULONG ResultLength
3554 * FUNCTION: Queries the volume information
3556 * FileHandle = Handle to a file object on the target volume
3557 ReturnLength = DataWritten
3558 FsInformation = Caller should supply storage for the information structure.
3559 Length = Size of the information structure
3560 FsInformationClass = Index to a information structure
3562 FileFsVolumeInformation FILE_FS_VOLUME_INFORMATION
3563 FileFsLabelInformation FILE_FS_LABEL_INFORMATION
3564 FileFsSizeInformation FILE_FS_SIZE_INFORMATION
3565 FileFsDeviceInformation FILE_FS_DEVICE_INFORMATION
3566 FileFsAttributeInformation FILE_FS_ATTRIBUTE_INFORMATION
3567 FileFsControlInformation
3568 FileFsQuotaQueryInformation --
3569 FileFsQuotaSetInformation --
3570 FileFsMaximumInformation
3572 * RETURNS: Status [ STATUS_SUCCESS | STATUS_INSUFFICIENT_RESOURCES | STATUS_INVALID_PARAMETER |
3573 STATUS_INVALID_DEVICE_REQUEST | STATUS_BUFFER_OVERFLOW ]
3578 NtQueryVolumeInformationFile(
3579 IN HANDLE FileHandle
,
3580 OUT PIO_STATUS_BLOCK IoStatusBlock
,
3581 OUT PVOID FsInformation
,
3583 IN FS_INFORMATION_CLASS FsInformationClass
3588 ZwQueryVolumeInformationFile(
3589 IN HANDLE FileHandle
,
3590 OUT PIO_STATUS_BLOCK IoStatusBlock
,
3591 OUT PVOID FsInformation
,
3593 IN FS_INFORMATION_CLASS FsInformationClass
3596 // FIXME: Should I specify if the apc is user or kernel mode somewhere ??
3598 * FUNCTION: Queues a (user) apc to a thread.
3600 ThreadHandle = Thread to which the apc is queued.
3601 ApcRoutine = Points to the apc routine
3602 NormalContext = Argument to Apc Routine
3603 * SystemArgument1 = Argument of the Apc Routine
3604 SystemArgument2 = Argument of the Apc Routine
3605 * REMARK: If the apc is queued against a thread of a different process than the calling thread
3606 the apc routine should be specified in the address space of the queued thread's process.
3613 HANDLE ThreadHandle
,
3614 PKNORMAL_ROUTINE ApcRoutine
,
3615 PVOID NormalContext
,
3616 PVOID SystemArgument1
,
3617 PVOID SystemArgument2
);
3622 HANDLE ThreadHandle
,
3623 PKNORMAL_ROUTINE ApcRoutine
,
3624 PVOID NormalContext
,
3625 PVOID SystemArgument1
,
3626 PVOID SystemArgument2
);
3630 * FUNCTION: Raises an exception
3632 ExceptionRecord = Structure specifying the exception
3633 Context = Context in which the excpetion is raised
3642 IN PEXCEPTION_RECORD ExceptionRecord
,
3643 IN PCONTEXT Context
,
3644 IN BOOL IsDebugger OPTIONAL
3650 IN PEXCEPTION_RECORD ExceptionRecord
,
3651 IN PCONTEXT Context
,
3652 IN BOOL IsDebugger OPTIONAL
3657 * FUNCTION: Read a file
3659 FileHandle = Handle of a file to read
3660 Event = This event is signalled when the read operation completes
3661 * UserApcRoutine = Call back , if supplied Event should be NULL
3662 UserApcContext = Argument to the callback
3663 IoStatusBlock = Caller should supply storage for additional status information
3664 Buffer = Caller should supply storage to receive the information
3665 BufferLength = Size of the buffer
3666 ByteOffset = Offset to start reading the file
3667 Key = If a range is lock a matching key will allow the read to continue.
3676 IN HANDLE FileHandle
,
3677 IN HANDLE Event OPTIONAL
,
3678 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL
,
3679 IN PVOID UserApcContext OPTIONAL
,
3680 OUT PIO_STATUS_BLOCK IoStatusBlock
,
3682 IN ULONG BufferLength
,
3683 IN PLARGE_INTEGER ByteOffset OPTIONAL
,
3684 IN PULONG Key OPTIONAL
3690 IN HANDLE FileHandle
,
3691 IN HANDLE Event OPTIONAL
,
3692 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL
,
3693 IN PVOID UserApcContext OPTIONAL
,
3694 OUT PIO_STATUS_BLOCK IoStatusBlock
,
3696 IN ULONG BufferLength
,
3697 IN PLARGE_INTEGER ByteOffset OPTIONAL
,
3698 IN PULONG Key OPTIONAL
3701 * FUNCTION: Read a file using scattered io
3703 FileHandle = Handle of a file to read
3704 Event = This event is signalled when the read operation completes
3705 * UserApcRoutine = Call back , if supplied Event should be NULL
3706 UserApcContext = Argument to the callback
3707 IoStatusBlock = Caller should supply storage for additional status information
3708 BufferDescription = Caller should supply storage to receive the information
3709 BufferLength = Size of the buffer
3710 ByteOffset = Offset to start reading the file
3711 Key = Key = If a range is lock a matching key will allow the read to continue.
3718 IN HANDLE FileHandle
,
3719 IN HANDLE Event OPTIONAL
,
3720 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL
,
3721 IN PVOID UserApcContext OPTIONAL
,
3722 OUT PIO_STATUS_BLOCK UserIoStatusBlock
,
3723 IN FILE_SEGMENT_ELEMENT BufferDescription
[],
3724 IN ULONG BufferLength
,
3725 IN PLARGE_INTEGER ByteOffset
,
3726 IN PULONG Key OPTIONAL
3732 IN HANDLE FileHandle
,
3733 IN HANDLE Event OPTIONAL
,
3734 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL
,
3735 IN PVOID UserApcContext OPTIONAL
,
3736 OUT PIO_STATUS_BLOCK UserIoStatusBlock
,
3737 IN FILE_SEGMENT_ELEMENT BufferDescription
[],
3738 IN ULONG BufferLength
,
3739 IN PLARGE_INTEGER ByteOffset
,
3740 IN PULONG Key OPTIONAL
3743 * FUNCTION: Copies a range of virtual memory to a buffer
3745 * ProcessHandle = Specifies the process owning the virtual address space
3746 * BaseAddress = Points to the address of virtual memory to start the read
3747 * Buffer = Caller supplies storage to copy the virtual memory to.
3748 * NumberOfBytesToRead = Limits the range to read
3749 * NumberOfBytesRead = The actual number of bytes read.
3755 NtReadVirtualMemory(
3756 IN HANDLE ProcessHandle
,
3757 IN PVOID BaseAddress
,
3759 IN ULONG NumberOfBytesToRead
,
3760 OUT PULONG NumberOfBytesRead
3764 ZwReadVirtualMemory(
3765 IN HANDLE ProcessHandle
,
3766 IN PVOID BaseAddress
,
3768 IN ULONG NumberOfBytesToRead
,
3769 OUT PULONG NumberOfBytesRead
3774 * FUNCTION: Debugger can register for thread termination
3776 * TerminationPort = Port on which the debugger likes to be notified.
3782 NtRegisterThreadTerminatePort(
3783 HANDLE TerminationPort
3787 ZwRegisterThreadTerminatePort(
3788 HANDLE TerminationPort
3791 * FUNCTION: Releases a mutant
3793 * MutantHandle = Handle to the mutant
3800 IN HANDLE MutantHandle
,
3801 IN PULONG ReleaseCount OPTIONAL
3807 IN HANDLE MutantHandle
,
3808 IN PULONG ReleaseCount OPTIONAL
3811 * FUNCTION: Releases a semaphore
3813 * SemaphoreHandle = Handle to the semaphore object
3814 * ReleaseCount = Number to decrease the semaphore count
3815 * PreviousCount = Previous semaphore count
3821 IN HANDLE SemaphoreHandle
,
3822 IN ULONG ReleaseCount
,
3823 IN PULONG PreviousCount
3829 IN HANDLE SemaphoreHandle
,
3830 IN ULONG ReleaseCount
,
3831 IN PULONG PreviousCount
3834 * FUNCTION: Removes an io completion
3836 * CompletionPort (OUT) = Caller supplied storage for the resulting handle
3837 * CompletionKey = Requested access to the key
3838 * IoStatusBlock = Caller provides storage for extended status information
3839 * CompletionStatus = Current status of the io operation.
3840 * WaitTime = Time to wait if ..
3845 NtRemoveIoCompletion(
3846 IN HANDLE CompletionPort
,
3847 OUT PULONG CompletionKey
,
3848 OUT PIO_STATUS_BLOCK IoStatusBlock
,
3849 OUT PULONG CompletionStatus
,
3850 IN PLARGE_INTEGER WaitTime
3855 ZwRemoveIoCompletion(
3856 IN HANDLE CompletionPort
,
3857 OUT PULONG CompletionKey
,
3858 OUT PIO_STATUS_BLOCK IoStatusBlock
,
3859 OUT PULONG CompletionStatus
,
3860 IN PLARGE_INTEGER WaitTime
3863 * FUNCTION: Replaces one registry key with another
3865 * ObjectAttributes = Specifies the attributes of the key
3866 * Key = Handle to the key
3867 * ReplacedObjectAttributes = The function returns the old object attributes
3873 IN POBJECT_ATTRIBUTES ObjectAttributes
,
3875 IN POBJECT_ATTRIBUTES ReplacedObjectAttributes
3880 IN POBJECT_ATTRIBUTES ObjectAttributes
,
3882 IN POBJECT_ATTRIBUTES ReplacedObjectAttributes
3886 * FUNCTION: Resets a event to a non signaled state
3888 * EventHandle = Handle to the event that should be reset
3889 * NumberOfWaitingThreads = The number of threads released.
3896 PULONG NumberOfWaitingThreads OPTIONAL
3902 PULONG NumberOfWaitingThreads OPTIONAL
3921 * FUNCTION: Decrements a thread's resume count
3923 * ThreadHandle = Handle to the thread that should be resumed
3924 * ResumeCount = The resulting resume count.
3926 * A thread is resumed if its suspend count is 0. This procedure maps to
3927 * the win32 ResumeThread function. ( documentation about the the suspend count can be found here aswell )
3933 IN HANDLE ThreadHandle
,
3934 OUT PULONG SuspendCount
3939 IN HANDLE ThreadHandle
,
3940 OUT PULONG SuspendCount
3943 * FUNCTION: Writes the content of a registry key to ascii file
3945 * KeyHandle = Handle to the key
3946 * FileHandle = Handle of the file
3948 This function maps to the Win32 RegSaveKey.
3955 IN HANDLE KeyHandle
,
3956 IN HANDLE FileHandle
3961 IN HANDLE KeyHandle
,
3962 IN HANDLE FileHandle
3965 * FUNCTION: Sets the context of a specified thread.
3967 * ThreadHandle = Handle to the thread
3968 * Context = The processor context.
3975 IN HANDLE ThreadHandle
,
3981 IN HANDLE ThreadHandle
,
3986 * FUNCTION: Sets the default hard error port
3988 * PortHandle = Handle to the port
3989 * NOTE: The hard error port is used for first change exception handling
3994 NtSetDefaultHardErrorPort(
3995 IN HANDLE PortHandle
3999 ZwSetDefaultHardErrorPort(
4000 IN HANDLE PortHandle
4003 * FUNCTION: Sets the extended attributes of a file.
4005 * FileHandle = Handle to the file
4006 * IoStatusBlock = Storage for a resulting status and information
4007 * on the current operation.
4008 * EaBuffer = Extended Attributes buffer.
4009 * EaBufferSize = Size of the extended attributes buffer
4015 IN HANDLE FileHandle
,
4016 IN PIO_STATUS_BLOCK IoStatusBlock
,
4023 IN HANDLE FileHandle
,
4024 IN PIO_STATUS_BLOCK IoStatusBlock
,
4029 //FIXME: should I return the event state ?
4032 * FUNCTION: Sets the event to a signalled state.
4034 * EventHandle = Handle to the event
4035 * NumberOfThreadsReleased = The number of threads released
4037 * This procedure maps to the win32 SetEvent function.
4044 IN HANDLE EventHandle
,
4045 PULONG NumberOfThreadsReleased
4051 IN HANDLE EventHandle
,
4052 PULONG NumberOfThreadsReleased
4056 * FUNCTION: Sets the high part of an event pair
4058 EventPair = Handle to the event pair
4065 IN HANDLE EventPairHandle
4071 IN HANDLE EventPairHandle
4074 * FUNCTION: Sets the high part of an event pair and wait for the low part
4076 EventPair = Handle to the event pair
4081 NtSetHighWaitLowEventPair(
4082 IN HANDLE EventPairHandle
4086 ZwSetHighWaitLowEventPair(
4087 IN HANDLE EventPairHandle
4091 * FUNCTION: Sets the information of a file object.
4093 * FileHandle = Handle to the file object
4094 * IoStatusBlock = Caller supplies storage for extended information
4095 * on the current operation.
4096 * FileInformation = Storage for the new file information
4097 * Lenght = Size of the new file information.
4098 * FileInformationClass = Indicates to a certain information structure
4100 FileNameInformation FILE_NAME_INFORMATION
4101 FileRenameInformation FILE_RENAME_INFORMATION
4102 FileStreamInformation FILE_STREAM_INFORMATION
4103 * FileCompletionInformation IO_COMPLETION_CONTEXT
4106 * This procedure maps to the win32 SetEndOfFile, SetFileAttributes,
4107 * SetNamedPipeHandleState, SetMailslotInfo functions.
4114 NtSetInformationFile(
4115 IN HANDLE FileHandle
,
4116 IN PIO_STATUS_BLOCK IoStatusBlock
,
4117 IN PVOID FileInformation
,
4119 IN FILE_INFORMATION_CLASS FileInformationClass
4123 ZwSetInformationFile(
4124 IN HANDLE FileHandle
,
4125 IN PIO_STATUS_BLOCK IoStatusBlock
,
4126 IN PVOID FileInformation
,
4128 IN FILE_INFORMATION_CLASS FileInformationClass
4134 * FUNCTION: Sets the information of a registry key.
4136 * KeyHandle = Handle to the registry key
4137 * KeyInformationClass = Index to the a certain information structure.
4138 Can be one of the following values:
4140 * KeyWriteTimeInformation KEY_WRITE_TIME_INFORMATION
4142 KeyInformation = Storage for the new information
4143 * KeyInformationLength = Size of the information strucure
4149 NtSetInformationKey(
4150 IN HANDLE KeyHandle
,
4151 IN CINT KeyInformationClass
,
4152 IN PVOID KeyInformation
,
4153 IN ULONG KeyInformationLength
4158 ZwSetInformationKey(
4159 IN HANDLE KeyHandle
,
4160 IN CINT KeyInformationClass
,
4161 IN PVOID KeyInformation
,
4162 IN ULONG KeyInformationLength
4165 * FUNCTION: Changes a set of object specific parameters
4168 * ObjectInformationClass = Index to the set of parameters to change.
4171 ObjectBasicInformation
4172 ObjectTypeInformation OBJECT_TYPE_INFORMATION
4173 ObjectAllInformation
4174 ObjectDataInformation OBJECT_DATA_INFORMATION
4175 ObjectNameInformation OBJECT_NAME_INFORMATION
4178 * ObjectInformation = Caller supplies storage for parameters to set.
4179 * Length = Size of the storage supplied
4184 NtSetInformationObject(
4185 IN HANDLE ObjectHandle
,
4186 IN CINT ObjectInformationClass
,
4187 IN PVOID ObjectInformation
,
4193 ZwSetInformationObject(
4194 IN HANDLE ObjectHandle
,
4195 IN CINT ObjectInformationClass
,
4196 IN PVOID ObjectInformation
,
4201 * FUNCTION: Changes a set of process specific parameters
4203 * ProcessHandle = Handle to the process
4204 * ProcessInformationClass = Index to a information structure.
4206 * ProcessBasicInformation PROCESS_BASIC_INFORMATION
4207 * ProcessQuotaLimits QUOTA_LIMITS
4208 * ProcessBasePriority KPRIORITY
4209 * ProcessRaisePriority KPRIORITY
4210 * ProcessDebugPort HANDLE
4211 * ProcessExceptionPort HANDLE
4212 * ProcessAccessToken PROCESS_ACCESS_TOKEN
4213 * ProcessDefaultHardErrorMode ULONG
4214 * ProcessPriorityClass ULONG
4215 * ProcessAffinityMask KAFFINITY //??
4217 * ProcessInformation = Caller supplies storage for information to set.
4218 * ProcessInformationLength = Size of the information structure
4223 NtSetInformationProcess(
4224 IN HANDLE ProcessHandle
,
4225 IN CINT ProcessInformationClass
,
4226 IN PVOID ProcessInformation
,
4227 IN ULONG ProcessInformationLength
4231 ZwSetInformationProcess(
4232 IN HANDLE ProcessHandle
,
4233 IN CINT ProcessInformationClass
,
4234 IN PVOID ProcessInformation
,
4235 IN ULONG ProcessInformationLength
4238 * FUNCTION: Changes a set of thread specific parameters
4240 * ThreadHandle = Handle to the thread
4241 * ThreadInformationClass = Index to the set of parameters to change.
4242 * Can be one of the following values:
4244 * ThreadBasicInformation THREAD_BASIC_INFORMATION
4245 * ThreadPriority KPRIORITY //???
4246 * ThreadBasePriority KPRIORITY
4247 * ThreadAffinityMask KAFFINITY //??
4248 * ThreadImpersonationToken ACCESS_TOKEN
4249 * ThreadIdealProcessor ULONG
4250 * ThreadPriorityBoost ULONG
4252 * ThreadInformation = Caller supplies storage for parameters to set.
4253 * ThreadInformationLength = Size of the storage supplied
4258 NtSetInformationThread(
4259 IN HANDLE ThreadHandle
,
4260 IN THREADINFOCLASS ThreadInformationClass
,
4261 IN PVOID ThreadInformation
,
4262 IN ULONG ThreadInformationLength
4266 ZwSetInformationThread(
4267 IN HANDLE ThreadHandle
,
4268 IN THREADINFOCLASS ThreadInformationClass
,
4269 IN PVOID ThreadInformation
,
4270 IN ULONG ThreadInformationLength
4274 * FUNCTION: Changes a set of token specific parameters
4276 * TokenHandle = Handle to the token
4277 * TokenInformationClass = Index to a certain information structure.
4278 * Can be one of the following values:
4280 TokenUser TOKEN_USER
4281 TokenGroups TOKEN_GROUPS
4282 TokenPrivileges TOKEN_PRIVILEGES
4283 TokenOwner TOKEN_OWNER
4284 TokenPrimaryGroup TOKEN_PRIMARY_GROUP
4285 TokenDefaultDacl TOKEN_DEFAULT_DACL
4286 TokenSource TOKEN_SOURCE
4287 TokenType TOKEN_TYPE
4288 TokenImpersonationLevel TOKEN_IMPERSONATION_LEVEL
4289 TokenStatistics TOKEN_STATISTICS
4291 * TokenInformation = Caller supplies storage for information structure.
4292 * TokenInformationLength = Size of the information structure
4298 NtSetInformationToken(
4299 IN HANDLE TokenHandle
,
4300 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
4301 OUT PVOID TokenInformation
,
4302 IN ULONG TokenInformationLength
4307 ZwSetInformationToken(
4308 IN HANDLE TokenHandle
,
4309 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
4310 OUT PVOID TokenInformation
,
4311 IN ULONG TokenInformationLength
4316 * FUNCTION: Sets an io completion
4321 * NumberOfBytesToTransfer =
4322 * NumberOfBytesTransferred =
4328 IN HANDLE CompletionPort
,
4329 IN ULONG CompletionKey
,
4330 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4331 IN ULONG NumberOfBytesToTransfer
,
4332 OUT PULONG NumberOfBytesTransferred
4337 IN HANDLE CompletionPort
,
4338 IN ULONG CompletionKey
,
4339 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4340 IN ULONG NumberOfBytesToTransfer
,
4341 OUT PULONG NumberOfBytesTransferred
4345 * FUNCTION: Set properties for profiling
4355 NtSetIntervalProfile(
4362 ZwSetIntervalProfile(
4369 * FUNCTION: Sets the low part of an event pair
4371 EventPair = Handle to the event pair
4386 * FUNCTION: Sets the low part of an event pair and wait for the high part
4388 EventPair = Handle to the event pair
4393 NtSetLowWaitHighEventPair(
4398 ZwSetLowWaitHighEventPair(
4404 NtSetSecurityObject(
4406 IN SECURITY_INFORMATION SecurityInformation
,
4407 IN PSECURITY_DESCRIPTOR SecurityDescriptor
4412 ZwSetSecurityObject(
4414 IN SECURITY_INFORMATION SecurityInformation
,
4415 IN PSECURITY_DESCRIPTOR SecurityDescriptor
4420 * FUNCTION: Sets a system environment variable
4422 * ValueName = Name of the environment variable
4423 * Value = Value of the environment variable
4428 NtSetSystemEnvironmentValue(
4429 IN PUNICODE_STRING VariableName
,
4430 IN PUNICODE_STRING Value
4434 ZwSetSystemEnvironmentValue(
4435 IN PUNICODE_STRING VariableName
,
4436 IN PUNICODE_STRING Value
4439 * FUNCTION: Sets system parameters
4441 * SystemInformationClass = Index to a particular set of system parameters
4442 * Can be one of the following values:
4444 * SystemTimeAdjustmentInformation SYSTEM_TIME_ADJUSTMENT
4446 * SystemInformation = Structure containing the parameters.
4447 * SystemInformationLength = Size of the structure.
4452 NtSetSystemInformation(
4453 IN CINT SystemInformationClass
,
4454 IN PVOID SystemInformation
,
4455 IN ULONG SystemInformationLength
4460 ZwSetSystemInformation(
4461 IN CINT SystemInformationClass
,
4462 IN PVOID SystemInformation
,
4463 IN ULONG SystemInformationLength
4467 * FUNCTION: Sets the system time
4469 * SystemTime = Old System time
4470 * NewSystemTime = New System time
4476 IN PLARGE_INTEGER SystemTime
,
4477 IN PLARGE_INTEGER NewSystemTime OPTIONAL
4482 IN PLARGE_INTEGER SystemTime
,
4483 IN PLARGE_INTEGER NewSystemTime OPTIONAL
4486 * FUNCTION: Sets the characteristics of a timer
4488 * TimerHandle = Handle to the timer
4489 * DueTime = Time before the timer becomes signalled for the first time.
4490 * TimerApcRoutine = Completion routine can be called on time completion
4491 * TimerContext = Argument to the completion routine
4492 * Resume = Specifies if the timer should repeated after completing one cycle
4493 * Period = Cycle of the timer
4494 * REMARKS: This routine maps to the win32 SetWaitableTimer.
4500 IN HANDLE TimerHandle
,
4501 IN PLARGE_INTEGER DueTime
,
4502 IN PTIMERAPCROUTINE TimerApcRoutine
,
4503 IN PVOID TimerContext
,
4505 IN ULONG Period OPTIONAL
,
4506 OUT PBOOLEAN PreviousState OPTIONAL
4511 IN HANDLE TimerHandle
,
4512 IN PLARGE_INTEGER DueTime
,
4513 IN PTIMERAPCROUTINE TimerApcRoutine
,
4514 IN PVOID TimerContext
,
4516 IN ULONG Period OPTIONAL
,
4517 OUT PBOOLEAN PreviousState OPTIONAL
4520 * FUNCTION: Sets the frequency of the system timer
4522 * RequestedResolution =
4524 * ActualResolution =
4529 NtSetTimerResolution(
4530 IN ULONG RequestedResolution
,
4532 OUT PULONG ActualResolution
4536 ZwSetTimerResolution(
4537 IN ULONG RequestedResolution
,
4539 OUT PULONG ActualResolution
4542 * FUNCTION: Sets the value of a registry key
4544 * KeyHandle = Handle to a registry key
4545 * ValueName = Name of the value entry to change
4546 * TitleIndex = pointer to a structure containing the new volume information
4547 * Type = Type of the registry key. Can be one of the values:
4548 * REG_BINARY Unspecified binary data
4549 * REG_DWORD A 32 bit value
4550 * REG_DWORD_LITTLE_ENDIAN Same as REG_DWORD
4551 * REG_DWORD_BIG_ENDIAN A 32 bit value whose least significant byte is at the highest address
4552 * REG_EXPAND_SZ A zero terminated wide character string with unexpanded environment variables ( "%PATH%" )
4553 * REG_LINK A zero terminated wide character string referring to a symbolic link.
4554 * REG_MULTI_SZ A series of zero-terminated strings including a additional trailing zero
4555 * REG_NONE Unspecified type
4556 * REG_SZ A wide character string ( zero terminated )
4557 * REG_RESOURCE_LIST ??
4558 * REG_RESOURCE_REQUIREMENTS_LIST ??
4559 * REG_FULL_RESOURCE_DESCRIPTOR ??
4560 * Data = Contains the data for the registry key.
4561 * DataSize = size of the data.
4567 IN HANDLE KeyHandle
,
4568 IN PUNICODE_STRING ValueName
,
4569 IN ULONG TitleIndex OPTIONAL
,
4577 IN HANDLE KeyHandle
,
4578 IN PUNICODE_STRING ValueName
,
4579 IN ULONG TitleIndex OPTIONAL
,
4585 * FUNCTION: Sets the volume information of a file.
4587 * FileHandle = Handle to the file
4588 * VolumeInformationClass = specifies the particular volume information to set
4589 * VolumeInformation = pointer to a structure containing the new volume information
4590 * Length = size of the structure.
4595 NtSetVolumeInformationFile(
4596 IN HANDLE FileHandle
,
4597 IN CINT VolumeInformationClass
,
4598 PVOID VolumeInformation
,
4604 ZwSetVolumeInformationFile(
4605 IN HANDLE FileHandle
,
4606 IN CINT VolumeInformationClass
,
4607 PVOID VolumeInformation
,
4610 /* --- PROFILING --- */
4613 * FUNCTION: Starts profiling
4615 * ProfileHandle = Handle to the profile
4623 HANDLE ProfileHandle
4629 HANDLE ProfileHandle
4633 * FUNCTION: Stops profiling
4635 * ProfileHandle = Handle to the profile
4642 HANDLE ProfileHandle
4648 HANDLE ProfileHandle
4651 /* --- PROCESS MANAGEMENT --- */
4653 //--NtSystemDebugControl
4655 * FUNCTION: Terminates the execution of a process.
4657 * ThreadHandle = Handle to the process
4658 * ExitStatus = The exit status of the process to terminate with.
4660 Native applications should kill themselves using this function.
4666 IN HANDLE ProcessHandle
,
4667 IN NTSTATUS ExitStatus
4672 IN HANDLE ProcessHandle
,
4673 IN NTSTATUS ExitStatus
4676 /* --- DEVICE DRIVER CONTROL --- */
4679 * FUNCTION: Unloads a driver.
4681 * DriverServiceName = Name of the driver to unload
4687 IN PUNICODE_STRING DriverServiceName
4692 IN PUNICODE_STRING DriverServiceName
4695 /* --- VIRTUAL MEMORY MANAGEMENT --- */
4698 * FUNCTION: Writes a range of virtual memory
4700 * ProcessHandle = The handle to the process owning the address space.
4701 * BaseAddress = The points to the address to write to
4702 * Buffer = Pointer to the buffer to write
4703 * NumberOfBytesToWrite = Offset to the upper boundary to write
4704 * NumberOfBytesWritten = Total bytes written
4706 * This function maps to the win32 WriteProcessMemory
4711 NtWriteVirtualMemory(
4712 IN HANDLE ProcessHandle
,
4713 IN PVOID BaseAddress
,
4715 IN ULONG NumberOfBytesToWrite
,
4716 OUT PULONG NumberOfBytesWritten
4721 ZwWriteVirtualMemory(
4722 IN HANDLE ProcessHandle
,
4723 IN PVOID BaseAddress
,
4725 IN ULONG NumberOfBytesToWrite
,
4726 OUT PULONG NumberOfBytesWritten
4730 * FUNCTION: Unlocks a range of virtual memory.
4732 * ProcessHandle = Handle to the process
4733 * BaseAddress = Lower boundary of the range of bytes to unlock.
4734 * NumberOfBytesToUnlock = Offset to the upper boundary to unlock.
4735 * NumberOfBytesUnlocked (OUT) = Number of bytes actually unlocked.
4737 This procedure maps to the win32 procedure VirtualUnlock
4738 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PAGE_WAS_ULOCKED ]
4742 NtUnlockVirtualMemory(
4743 IN HANDLE ProcessHandle
,
4744 IN PVOID BaseAddress
,
4745 IN ULONG NumberOfBytesToUnlock
,
4746 OUT PULONG NumberOfBytesUnlocked OPTIONAL
4751 ZwUnlockVirtualMemory(
4752 IN HANDLE ProcessHandle
,
4753 IN PVOID BaseAddress
,
4754 IN ULONG NumberOfBytesToUnlock
,
4755 OUT PULONG NumberOfBytesUnlocked OPTIONAL
4758 * FUNCTION: Unmaps a piece of virtual memory backed by a file.
4760 * ProcessHandle = Handle to the process
4761 * BaseAddress = The address where the mapping begins
4763 This procedure maps to the win32 UnMapViewOfFile
4768 NtUnmapViewOfSection(
4769 IN HANDLE ProcessHandle
,
4770 IN PVOID BaseAddress
4774 ZwUnmapViewOfSection(
4775 IN HANDLE ProcessHandle
,
4776 IN PVOID BaseAddress
4779 /* --- OBJECT SYNCHRONIZATION --- */
4782 * FUNCTION: Signals an event and wait for it to be signaled again.
4784 * EventHandle = Handle to the event that should be signaled
4785 * Alertable = True if the wait is alertable
4786 * Time = The time to wait
4787 * NumberOfWaitingThreads = Number of waiting threads
4793 NtSignalAndWaitForSingleObject(
4794 IN HANDLE EventHandle
,
4795 IN BOOLEAN Alertable
,
4796 IN PLARGE_INTEGER Time
,
4797 PULONG NumberOfWaitingThreads OPTIONAL
4802 ZwSignalAndWaitForSingleObject(
4803 IN HANDLE EventHandle
,
4804 IN BOOLEAN Alertable
,
4805 IN PLARGE_INTEGER Time
,
4806 PULONG NumberOfWaitingThreads OPTIONAL
4810 * FUNCTION: Waits for multiple objects to become signalled.
4812 * Count = The number of objects
4813 * Object = The array of object handles
4814 * WaitType = Can be one of the values UserMode or KernelMode
4815 * Alertable = If true the wait is alertable.
4816 * Time = The maximum wait time.
4818 * This function maps to the win32 WaitForMultipleObjectEx.
4823 NtWaitForMultipleObjects (
4827 IN BOOLEAN Alertable
,
4828 IN PLARGE_INTEGER Time
4833 ZwWaitForMultipleObjects (
4837 IN BOOLEAN Alertable
,
4838 IN PLARGE_INTEGER Time
4841 * FUNCTION: Waits for an object to become signalled.
4843 * Object = The object handle
4844 * Alertable = If true the wait is alertable.
4845 * Time = The maximum wait time.
4847 * This function maps to the win32 WaitForSingleObjectEx.
4852 NtWaitForSingleObject (
4854 IN BOOLEAN Alertable
,
4855 IN PLARGE_INTEGER Time
4860 ZwWaitForSingleObject (
4862 IN BOOLEAN Alertable
,
4863 IN PLARGE_INTEGER Time
4866 /* --- EVENT PAIR OBJECT --- */
4869 * FUNCTION: Waits for the high part of an eventpair to become signalled
4871 * EventPairHandle = Handle to the event pair.
4877 NtWaitHighEventPair(
4878 IN HANDLE EventPairHandle
4883 ZwWaitHighEventPair(
4884 IN HANDLE EventPairHandle
4891 IN HANDLE EventPairHandle
4897 IN HANDLE EventPairHandle
4900 /* --- FILE MANAGEMENT --- */
4903 * FUNCTION: Unlocks a range of bytes in a file.
4905 * FileHandle = Handle to the file
4906 * IoStatusBlock = Caller should supply storage for a structure containing
4907 * the completion status and information about the requested unlock operation.
4908 The information field is set to the number of bytes unlocked.
4909 * ByteOffset = Offset to start the range of bytes to unlock
4910 * Length = Number of bytes to unlock.
4911 * Key = Special value to enable other threads to unlock a file than the
4912 thread that locked the file. The key supplied must match with the one obtained
4913 in a previous call to NtLockFile.
4915 This procedure maps to the win32 procedure UnlockFileEx. STATUS_PENDING is returned if the lock could
4916 not be obtained immediately, the device queue is busy and the IRP is queued.
4917 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES |
4918 STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_RANGE_NOT_LOCKED ]
4923 IN HANDLE FileHandle
,
4924 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4925 IN PLARGE_INTEGER ByteOffset
,
4926 IN PLARGE_INTEGER Lenght
,
4927 OUT PULONG Key OPTIONAL
4932 IN HANDLE FileHandle
,
4933 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4934 IN PLARGE_INTEGER ByteOffset
,
4935 IN PLARGE_INTEGER Lenght
,
4936 OUT PULONG Key OPTIONAL
4940 * FUNCTION: Writes data to a file
4942 * FileHandle = The handle a file ( from NtCreateFile )
4943 * Event = Specifies a event that will become signalled when the write operation completes.
4944 * ApcRoutine = Asynchroneous Procedure Callback [ Should not be used by device drivers ]
4945 * ApcContext = Argument to the Apc Routine
4946 * IoStatusBlock = Caller should supply storage for a structure containing the completion status and information about the requested write operation.
4947 * Buffer = Caller should supply storage for a buffer that will contain the information to be written to file.
4948 * Length = Size in bytest of the buffer
4949 * ByteOffset = Points to a file offset. If a combination of Length and BytesOfSet is past the end-of-file mark the file will be enlarged.
4950 * BytesOffset is ignored if the file is created with FILE_APPEND_DATA in the DesiredAccess. BytesOffset is also ignored if
4951 * the file is created with CreateOptions flags FILE_SYNCHRONOUS_IO_ALERT or FILE_SYNCHRONOUS_IO_NONALERT set, in that case a offset
4952 * should be created by specifying FILE_USE_FILE_POINTER_POSITION.
4955 * This function maps to the win32 WriteFile.
4956 * Callers to NtWriteFile should run at IRQL PASSIVE_LEVEL.
4957 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES
4958 STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_FILE_LOCK_CONFLICT ]
4963 IN HANDLE FileHandle
,
4964 IN HANDLE Event OPTIONAL
,
4965 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
4966 IN PVOID ApcContext OPTIONAL
,
4967 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4970 IN PLARGE_INTEGER ByteOffset
,
4971 IN PULONG Key OPTIONAL
4977 IN HANDLE FileHandle
,
4978 IN HANDLE Event OPTIONAL
,
4979 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
4980 IN PVOID ApcContext OPTIONAL
,
4981 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4984 IN PLARGE_INTEGER ByteOffset
,
4985 IN PULONG Key OPTIONAL
4989 * FUNCTION: Writes a file
4991 * FileHandle = The handle of the file
4993 * ApcRoutine = Asynchroneous Procedure Callback [ Should not be used by device drivers ]
4994 * ApcContext = Argument to the Apc Routine
4995 * IoStatusBlock = Caller should supply storage for a structure containing the completion status and information about the requested write operation.
4996 * BufferDescription = Caller should supply storage for a buffer that will contain the information to be written to file.
4997 * BufferLength = Size in bytest of the buffer
4998 * ByteOffset = Points to a file offset. If a combination of Length and BytesOfSet is past the end-of-file mark the file will be enlarged.
4999 * BytesOffset is ignored if the file is created with FILE_APPEND_DATA in the DesiredAccess. BytesOffset is also ignored if
5000 * the file is created with CreateOptions flags FILE_SYNCHRONOUS_IO_ALERT or FILE_SYNCHRONOUS_IO_NONALERT set, in that case a offset
5001 * should be created by specifying FILE_USE_FILE_POINTER_POSITION. Use FILE_WRITE_TO_END_OF_FILE to write to the EOF.
5002 * Key = If a matching key [ a key provided at NtLockFile ] is provided the write operation will continue even if a byte range is locked.
5004 * This function maps to the win32 WriteFile.
5005 * Callers to NtWriteFile should run at IRQL PASSIVE_LEVEL.
5006 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES
5007 STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_FILE_LOCK_CONFLICT ]
5013 IN HANDLE FileHandle
,
5014 IN HANDLE Event OPTIONAL
,
5015 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
5016 IN PVOID ApcContext OPTIONAL
,
5017 OUT PIO_STATUS_BLOCK IoStatusBlock
,
5018 IN FILE_SEGMENT_ELEMENT BufferDescription
[],
5019 IN ULONG BufferLength
,
5020 IN PLARGE_INTEGER ByteOffset
,
5021 IN PULONG Key OPTIONAL
5027 IN HANDLE FileHandle
,
5028 IN HANDLE Event OPTIONAL
,
5029 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
5030 IN PVOID ApcContext OPTIONAL
,
5031 OUT PIO_STATUS_BLOCK IoStatusBlock
,
5032 IN FILE_SEGMENT_ELEMENT BufferDescription
[],
5033 IN ULONG BufferLength
,
5034 IN PLARGE_INTEGER ByteOffset
,
5035 IN PULONG Key OPTIONAL
5039 /* --- THREAD MANAGEMENT --- */
5042 * FUNCTION: Increments a thread's resume count
5044 * ThreadHandle = Handle to the thread that should be resumed
5045 * PreviousSuspendCount = The resulting/previous suspend count.
5047 * A thread will be suspended if its suspend count is greater than 0. This procedure maps to
5048 * the win32 SuspendThread function. ( documentation about the the suspend count can be found here aswell )
5049 * The suspend count is not increased if it is greater than MAXIMUM_SUSPEND_COUNT.
5055 IN HANDLE ThreadHandle
,
5056 IN PULONG PreviousSuspendCount
5062 IN HANDLE ThreadHandle
,
5063 IN PULONG PreviousSuspendCount
5067 * FUNCTION: Terminates the execution of a thread.
5069 * ThreadHandle = Handle to the thread
5070 * ExitStatus = The exit status of the thread to terminate with.
5076 IN HANDLE ThreadHandle
,
5077 IN NTSTATUS ExitStatus
5082 IN HANDLE ThreadHandle
,
5083 IN NTSTATUS ExitStatus
5086 * FUNCTION: Tests to see if there are any pending alerts for the calling thread
5101 * FUNCTION: Yields the callers thread.
5118 * --- Local Procedure Call Facility
5119 * These prototypes are unknown as yet
5120 * (stack sizes by Peter-Michael Hager)
5122 NTSTATUS STDCALL
NtAcceptConnectPort (PHANDLE PortHandle
,
5123 HANDLE NamedPortHandle
,
5124 PLPCMESSAGE ServerReply
,
5127 PLPCSECTIONMAPINFO MapInfo
);
5129 NTSTATUS STDCALL
NtCompleteConnectPort (IN HANDLE PortHandle
);
5131 NTSTATUS STDCALL
NtConnectPort(OUT PHANDLE PortHandle
,
5132 IN PUNICODE_STRING PortName
,
5134 IN PLPCSECTIONINFO SectionInfo
,
5135 IN PLPCSECTIONMAPINFO MapInfo
,
5137 IN PVOID ConnectInfo
,
5138 IN PULONG ConnectInfoLength
);
5140 NTSTATUS STDCALL
NtReplyWaitReplyPort(PVOID Unknown1
,
5144 NTSTATUS STDCALL
NtCreatePort(PHANDLE PortHandle
,
5145 POBJECT_ATTRIBUTES ObjectAttributes
,
5146 ULONG MaxConnectInfoLength
,
5147 ULONG MaxDataLength
,
5150 NTSTATUS STDCALL
NtImpersonateClientOfPort (IN HANDLE PortHandle
,
5151 IN PLPCMESSAGE ClientMessage
);
5153 NTSTATUS STDCALL
NtListenPort (IN HANDLE PortHAndle
,
5154 IN PLPCMESSAGE LpcMessage
);
5158 NtQueryInformationPort ( /* @20 */
5159 IN HANDLE PortHandle
,
5160 IN CINT PortInformationClass
, /* guess */
5161 OUT PVOID PortInformation
, /* guess */
5162 IN ULONG PortInformationLength
, /* guess */
5163 OUT PULONG ReturnLength
/* guess */
5165 NTSTATUS STDCALL
NtReplyPort (IN HANDLE PortHandle
,
5166 IN PLPCMESSAGE LpcReply
);
5167 NTSTATUS STDCALL
NtReplyWaitReceivePort (IN HANDLE PortHandle
,
5169 PLPCMESSAGE MessageReply
,
5170 PLPCMESSAGE MessageRequest
);
5171 NTSTATUS STDCALL
NtRequestPort ( IN HANDLE PortHandle
,
5172 IN PLPCMESSAGE LpcMessage
);
5173 NTSTATUS STDCALL
NtRequestWaitReplyPort (IN HANDLE PortHandle
,
5174 IN OUT PLPCMESSAGE LpcReply
,
5175 OUT PLPCMESSAGE LpcRequest
);
5178 NtReadRequestData ( /* @24 */
5188 NtWriteRequestData ( /* @24 */
5198 /* --- REGISTRY --- */
5200 //FIXME: NtUnloadKey needs more arguments
5202 * FUNCTION: Unloads a registry key.
5204 * KeyHandle = Handle to the registry key
5206 This procedure maps to the win32 procedure RegUnloadKey
5226 /* --- PLUG AND PLAY --- */
5236 NtGetPlugPlayEvent (
5240 /* --- NATIONAL LANGUAGE SUPPORT (NLS) --- */
5244 NtQueryDefaultLocale (
5250 NtSetDefaultLocale (
5254 /* --- POWER MANAGEMENT --- */
5258 NtSetSystemPowerState (
5262 /* --- DEBUG SUBSYSTEM --- */
5266 NtSystemDebugControl (
5271 /* --- VIRTUAL DOS MACHINE (VDM) --- */
5287 /* --- CHANNELS --- */
5309 NtReplyWaitSendChannel (
5315 NtSendWaitReplyChannel (
5321 NtSetContextChannel (
5325 /* --- MISCELLANEA --- */
5327 //NTSTATUS STDCALL NtSetLdtEntries(VOID);
5337 * FUNCTION: Shuts the system down
5339 * Action: Specifies the type of shutdown, it can be one of the following values:
5340 ShutdownNoReboot, ShutdownReboot, ShutdownPowerOff
5346 IN SHUTDOWN_ACTION Action
5352 IN SHUTDOWN_ACTION Action
5357 NtQueryOleDirectoryFile (
5368 #endif /* __DDK_ZW_H */
projects / reactos.git / blob