initial work on I/O completion
[reactos.git] / reactos / include / ntos / zw.h
1
2 /* $Id: zw.h,v 1.9 2003/03/19 23:16:00 gdalsnes Exp $
3 *
4 * COPYRIGHT: See COPYING in the top level directory
5 * PROJECT: ReactOS kernel
6 * PURPOSE: System call definitions
7 * FILE: include/ddk/zw.h
8 * REVISION HISTORY:
9 * ??/??/??: First few functions (David Welch)
10 * ??/??/??: Complete implementation by Ariadne
11 * 13/07/98: Reorganised things a bit (David Welch)
12 * 04/08/98: Added some documentation (Ariadne)
13 * 14/08/98: Added type TIME and change variable type from [1] to [0]
14 * 14/09/98: Added for each Nt call a corresponding Zw Call
15 */
16
17 #ifndef __DDK_ZW_H
18 #define __DDK_ZW_H
19
20 #include <ntos/security.h>
21 #include <ntos/zwtypes.h>
22 #include <napi/npipe.h>
23
24 #ifndef _RTLGETPROCESSHEAP_DEFINED_
25 #define _RTLGETPROCESSHEAP_DEFINED_
26 #define RtlGetProcessHeap() (NtCurrentPeb()->ProcessHeap)
27 #endif
28
29 // semaphore information
30
31 typedef enum _SEMAPHORE_INFORMATION_CLASS
32 {
33 SemaphoreBasicInformation = 0
34 } SEMAPHORE_INFORMATION_CLASS;
35
36 typedef struct _SEMAPHORE_BASIC_INFORMATION
37 {
38 LONG CurrentCount;
39 LONG MaximumCount;
40 } SEMAPHORE_BASIC_INFORMATION, *PSEMAPHORE_BASIC_INFORMATION;
41
42 // event information
43
44 typedef enum _EVENT_INFORMATION_CLASS
45 {
46 EventBasicInformation = 0
47 } EVENT_INFORMATION_CLASS;
48
49 typedef struct _EVENT_BASIC_INFORMATION
50 {
51 EVENT_TYPE EventType;
52 LONG EventState;
53 } EVENT_BASIC_INFORMATION, *PEVENT_BASIC_INFORMATION;
54
55 //#define LCID ULONG
56 //#define SECURITY_INFORMATION ULONG
57 //typedef ULONG SECURITY_INFORMATION;
58
59 /*
60 * FUNCTION: Adjusts the groups in an access token
61 * ARGUMENTS:
62 * TokenHandle = Specifies the access token
63 * ResetToDefault = If true the NewState parameter is ignored and the groups are set to
64 * their default state, if false the groups specified in
65 * NewState are set.
66 * NewState =
67 * BufferLength = Specifies the size of the buffer for the PreviousState.
68 * PreviousState =
69 * ReturnLength = Bytes written in PreviousState buffer.
70 * REMARKS: The arguments map to the win32 AdjustTokenGroups
71 * RETURNS: Status
72 */
73
74 NTSTATUS
75 STDCALL
76 NtAdjustGroupsToken(
77 IN HANDLE TokenHandle,
78 IN BOOLEAN ResetToDefault,
79 IN PTOKEN_GROUPS NewState,
80 IN ULONG BufferLength,
81 OUT PTOKEN_GROUPS PreviousState OPTIONAL,
82 OUT PULONG ReturnLength
83 );
84
85 NTSTATUS
86 STDCALL
87 ZwAdjustGroupsToken(
88 IN HANDLE TokenHandle,
89 IN BOOLEAN ResetToDefault,
90 IN PTOKEN_GROUPS NewState,
91 IN ULONG BufferLength,
92 OUT PTOKEN_GROUPS PreviousState,
93 OUT PULONG ReturnLength
94 );
95
96
97 /*
98 * FUNCTION:
99 *
100 * ARGUMENTS:
101 * TokenHandle = Handle to the access token
102 * DisableAllPrivileges = The resulting suspend count.
103 NewState =
104 BufferLength =
105 PreviousState =
106 ReturnLength =
107 * REMARK:
108 * The arguments map to the win32 AdjustTokenPrivileges
109 * RETURNS: Status
110 */
111
112 NTSTATUS
113 STDCALL
114 NtAdjustPrivilegesToken(
115 IN HANDLE TokenHandle,
116 IN BOOLEAN DisableAllPrivileges,
117 IN PTOKEN_PRIVILEGES NewState,
118 IN ULONG BufferLength,
119 OUT PTOKEN_PRIVILEGES PreviousState,
120 OUT PULONG ReturnLength
121 );
122
123 NTSTATUS
124 STDCALL
125 ZwAdjustPrivilegesToken(
126 IN HANDLE TokenHandle,
127 IN BOOLEAN DisableAllPrivileges,
128 IN PTOKEN_PRIVILEGES NewState,
129 IN ULONG BufferLength,
130 OUT PTOKEN_PRIVILEGES PreviousState,
131 OUT PULONG ReturnLength
132 );
133
134
135 /*
136 * FUNCTION: Decrements a thread's suspend count and places it in an alerted
137 * state.
138 * ARGUMENTS:
139 * ThreadHandle = Handle to the thread that should be resumed
140 * SuspendCount = The resulting suspend count.
141 * REMARK:
142 * A thread is resumed if its suspend count is 0
143 * RETURNS: Status
144 */
145 NTSTATUS
146 STDCALL
147 NtAlertResumeThread(
148 IN HANDLE ThreadHandle,
149 OUT PULONG SuspendCount
150 );
151
152 NTSTATUS
153 STDCALL
154 ZwAlertResumeThread(
155 IN HANDLE ThreadHandle,
156 OUT PULONG SuspendCount
157 );
158
159 /*
160 * FUNCTION: Puts the thread in a alerted state
161 * ARGUMENTS:
162 * ThreadHandle = Handle to the thread that should be alerted
163 * RETURNS: Status
164 */
165 NTSTATUS
166 STDCALL
167 NtAlertThread(
168 IN HANDLE ThreadHandle
169 );
170
171 NTSTATUS
172 STDCALL
173 ZwAlertThread(
174 IN HANDLE ThreadHandle
175 );
176
177
178 /*
179 * FUNCTION: Allocates a locally unique id
180 * ARGUMENTS:
181 * LocallyUniqueId = Locally unique number
182 * RETURNS: Status
183 */
184 NTSTATUS
185 STDCALL
186 NtAllocateLocallyUniqueId(
187 OUT LUID *LocallyUniqueId
188 );
189
190 NTSTATUS
191 STDCALL
192 ZwAllocateLocallyUniqueId(
193 OUT PLUID Luid
194 );
195
196 /*
197 * FUNCTION: Allocates a block of virtual memory in the process address space
198 * ARGUMENTS:
199 * ProcessHandle = The handle of the process which owns the virtual memory
200 * BaseAddress = A pointer to the virtual memory allocated. If you supply a non zero
201 * value the system will try to allocate the memory at the address supplied. It rounds
202 * it down to a multiple if the page size.
203 * ZeroBits = (OPTIONAL) You can specify the number of high order bits that must be zero, ensuring that
204 * the memory will be allocated at a address below a certain value.
205 * RegionSize = The number of bytes to allocate
206 * AllocationType = Indicates the type of virtual memory you like to allocated,
207 * can be one of the values : MEM_COMMIT, MEM_RESERVE, MEM_RESET, MEM_TOP_DOWN
208 * Protect = Indicates the protection type of the pages allocated, can be a combination of
209 * PAGE_READONLY, PAGE_READWRITE, PAGE_EXECUTE_READ,
210 * PAGE_EXECUTE_READWRITE, PAGE_GUARD, PAGE_NOACCESS, PAGE_NOACCESS
211 * REMARKS:
212 * This function maps to the win32 VirtualAllocEx. Virtual memory is process based so the
213 * protocol starts with a ProcessHandle. I splitted the functionality of obtaining the actual address and specifying
214 * the start address in two parameters ( BaseAddress and StartAddress ) The NumberOfBytesAllocated specify the range
215 * and the AllocationType and ProctectionType map to the other two parameters.
216 * RETURNS: Status
217 */
218 NTSTATUS
219 STDCALL
220 NtAllocateVirtualMemory (
221 IN HANDLE ProcessHandle,
222 IN OUT PVOID *BaseAddress,
223 IN ULONG ZeroBits,
224 IN OUT PULONG RegionSize,
225 IN ULONG AllocationType,
226 IN ULONG Protect
227 );
228
229 NTSTATUS
230 STDCALL
231 ZwAllocateVirtualMemory (
232 IN HANDLE ProcessHandle,
233 IN OUT PVOID *BaseAddress,
234 IN ULONG ZeroBits,
235 IN OUT PULONG RegionSize,
236 IN ULONG AllocationType,
237 IN ULONG Protect);
238
239 /*
240 * FUNCTION: Returns from a callback into user mode
241 * ARGUMENTS:
242 * RETURN Status
243 */
244 //FIXME: this function might need 3 parameters
245 NTSTATUS STDCALL NtCallbackReturn(PVOID Result,
246 ULONG ResultLength,
247 NTSTATUS Status);
248
249 NTSTATUS STDCALL ZwCallbackReturn(PVOID Result,
250 ULONG ResultLength,
251 NTSTATUS Status);
252
253 /*
254 * FUNCTION: Cancels a IO request
255 * ARGUMENTS:
256 * FileHandle = Handle to the file
257 * IoStatusBlock =
258 *
259 * REMARKS:
260 * This function maps to the win32 CancelIo.
261 * RETURNS: Status
262 */
263 NTSTATUS
264 STDCALL
265 NtCancelIoFile(
266 IN HANDLE FileHandle,
267 OUT PIO_STATUS_BLOCK IoStatusBlock
268 );
269
270 NTSTATUS
271 STDCALL
272 ZwCancelIoFile(
273 IN HANDLE FileHandle,
274 OUT PIO_STATUS_BLOCK IoStatusBlock
275 );
276
277 /*
278 * FUNCTION: Sets the status of the event back to non-signaled
279 * ARGUMENTS:
280 * EventHandle = Handle to the event
281 * REMARKS:
282 * This function maps to win32 function ResetEvent.
283 * RETURcNS: Status
284 */
285
286 NTSTATUS
287 STDCALL
288 NtClearEvent(
289 IN HANDLE EventHandle
290 );
291
292 NTSTATUS
293 STDCALL
294 ZwClearEvent(
295 IN HANDLE EventHandle
296 );
297
298 /*
299 * FUNCTION: Closes an object handle
300 * ARGUMENTS:
301 * Handle = Handle to the object
302 * REMARKS:
303 * This function maps to the win32 function CloseHandle.
304 * RETURNS: Status
305 */
306
307 NTSTATUS
308 STDCALL
309 NtClose(
310 IN HANDLE Handle
311 );
312
313 NTSTATUS
314 STDCALL
315 ZwClose(
316 IN HANDLE Handle
317 );
318
319 /*
320 * FUNCTION: Generates an audit message when a handle to an object is dereferenced
321 * ARGUMENTS:
322 * SubsystemName =
323 HandleId = Handle to the object
324 GenerateOnClose =
325 * REMARKS:
326 * This function maps to the win32 function ObjectCloseAuditAlarm.
327 * RETURNS: Status
328 */
329
330 NTSTATUS
331 STDCALL
332 NtCloseObjectAuditAlarm(
333 IN PUNICODE_STRING SubsystemName,
334 IN PVOID HandleId,
335 IN BOOLEAN GenerateOnClose
336 );
337
338 NTSTATUS
339 STDCALL
340 ZwCloseObjectAuditAlarm(
341 IN PUNICODE_STRING SubsystemName,
342 IN PVOID HandleId,
343 IN BOOLEAN GenerateOnClose
344 );
345
346 /*
347 * FUNCTION: Creates a directory object
348 * ARGUMENTS:
349 * DirectoryHandle (OUT) = Caller supplied storage for the resulting handle
350 * DesiredAccess = Specifies access to the directory
351 * ObjectAttribute = Initialized attributes for the object
352 * REMARKS: This function maps to the win32 CreateDirectory. A directory is like a file so it needs a
353 * handle, a access mask and a OBJECT_ATTRIBUTES structure to map the path name and the SECURITY_ATTRIBUTES.
354 * RETURNS: Status
355 */
356
357 NTSTATUS
358 STDCALL
359 NtCreateDirectoryObject(
360 OUT PHANDLE DirectoryHandle,
361 IN ACCESS_MASK DesiredAccess,
362 IN POBJECT_ATTRIBUTES ObjectAttributes
363 );
364
365 NTSTATUS
366 STDCALL
367 ZwCreateDirectoryObject(
368 OUT PHANDLE DirectoryHandle,
369 IN ACCESS_MASK DesiredAccess,
370 IN POBJECT_ATTRIBUTES ObjectAttributes
371 );
372
373 /*
374 * FUNCTION: Creates an event object
375 * ARGUMENTS:
376 * EventHandle (OUT) = Caller supplied storage for the resulting handle
377 * DesiredAccess = Specifies access to the event
378 * ObjectAttribute = Initialized attributes for the object
379 * ManualReset = manual-reset or auto-reset if true you have to reset the state of the event manually
380 * using NtResetEvent/NtClearEvent. if false the system will reset the event to a non-signalled state
381 * automatically after the system has rescheduled a thread waiting on the event.
382 * InitialState = specifies the initial state of the event to be signaled ( TRUE ) or non-signalled (FALSE).
383 * REMARKS: This function maps to the win32 CreateEvent. Demanding a out variable of type HANDLE,
384 * a access mask and a OBJECT_ATTRIBUTES structure mapping to the SECURITY_ATTRIBUTES. ManualReset and InitialState are
385 * both parameters aswell ( possibly the order is reversed ).
386 * RETURNS: Status
387 */
388
389 NTSTATUS
390 STDCALL
391 NtCreateEvent(
392 OUT PHANDLE EventHandle,
393 IN ACCESS_MASK DesiredAccess,
394 IN POBJECT_ATTRIBUTES ObjectAttributes,
395 IN BOOLEAN ManualReset,
396 IN BOOLEAN InitialState
397 );
398
399 NTSTATUS
400 STDCALL
401 ZwCreateEvent(
402 OUT PHANDLE EventHandle,
403 IN ACCESS_MASK DesiredAccess,
404 IN POBJECT_ATTRIBUTES ObjectAttributes,
405 IN BOOLEAN ManualReset,
406 IN BOOLEAN InitialState
407 );
408
409 /*
410 * FUNCTION: Creates an eventpair object
411 * ARGUMENTS:
412 * EventPairHandle (OUT) = Caller supplied storage for the resulting handle
413 * DesiredAccess = Specifies access to the event
414 * ObjectAttribute = Initialized attributes for the object
415 */
416
417 NTSTATUS
418 STDCALL
419 NtCreateEventPair(
420 OUT PHANDLE EventPairHandle,
421 IN ACCESS_MASK DesiredAccess,
422 IN POBJECT_ATTRIBUTES ObjectAttributes
423 );
424
425 NTSTATUS
426 STDCALL
427 ZwCreateEventPair(
428 OUT PHANDLE EventPairHandle,
429 IN ACCESS_MASK DesiredAccess,
430 IN POBJECT_ATTRIBUTES ObjectAttributes
431 );
432
433
434 /*
435 * FUNCTION: Creates or opens a file, directory or device object.
436 * ARGUMENTS:
437 * FileHandle (OUT) = Caller supplied storage for the resulting handle
438 * DesiredAccess = Specifies the allowed or desired access to the file can
439 * be a combination of DELETE | FILE_READ_DATA ..
440 * ObjectAttribute = Initialized attributes for the object, contains the rootdirectory and the filename
441 * IoStatusBlock (OUT) = Caller supplied storage for the resulting status information, indicating if the
442 * the file is created and opened or allready existed and is just opened.
443 * FileAttributes = file attributes can be a combination of FILE_ATTRIBUTE_READONLY | FILE_ATTRIBUTE_HIDDEN ...
444 * ShareAccess = can be a combination of the following: FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE
445 * CreateDisposition = specifies what the behavior of the system if the file allready exists.
446 * CreateOptions = specifies the behavior of the system on file creation.
447 * EaBuffer (OPTIONAL) = Extended Attributes buffer, applies only to files and directories.
448 * EaLength = Extended Attributes buffer size, applies only to files and directories.
449 * REMARKS: This function maps to the win32 CreateFile.
450 * RETURNS: Status
451 */
452
453 NTSTATUS
454 STDCALL
455 NtCreateFile(
456 OUT PHANDLE FileHandle,
457 IN ACCESS_MASK DesiredAccess,
458 IN POBJECT_ATTRIBUTES ObjectAttributes,
459 OUT PIO_STATUS_BLOCK IoStatusBlock,
460 IN PLARGE_INTEGER AllocationSize OPTIONAL,
461 IN ULONG FileAttributes,
462 IN ULONG ShareAccess,
463 IN ULONG CreateDisposition,
464 IN ULONG CreateOptions,
465 IN PVOID EaBuffer OPTIONAL,
466 IN ULONG EaLength
467 );
468
469 NTSTATUS
470 STDCALL
471 ZwCreateFile(
472 OUT PHANDLE FileHandle,
473 IN ACCESS_MASK DesiredAccess,
474 IN POBJECT_ATTRIBUTES ObjectAttributes,
475 OUT PIO_STATUS_BLOCK IoStatusBlock,
476 IN PLARGE_INTEGER AllocationSize OPTIONAL,
477 IN ULONG FileAttributes,
478 IN ULONG ShareAccess,
479 IN ULONG CreateDisposition,
480 IN ULONG CreateOptions,
481 IN PVOID EaBuffer OPTIONAL,
482 IN ULONG EaLength
483 );
484
485 /*
486 * FUNCTION: Creates or opens a file, directory or device object.
487 * ARGUMENTS:
488 * CompletionPort (OUT) = Caller supplied storage for the resulting handle
489 * DesiredAccess = Specifies the allowed or desired access to the port
490 * IoStatusBlock =
491 * NumberOfConcurrentThreads =
492 * REMARKS: This function maps to the win32 CreateIoCompletionPort
493 * RETURNS:
494 * Status
495 */
496
497 NTSTATUS
498 STDCALL
499 NtCreateIoCompletion(
500 OUT PHANDLE IoCompletionHandle,
501 IN ACCESS_MASK DesiredAccess,
502 IN POBJECT_ATTRIBUTES ObjectAttributes,
503 IN ULONG NumberOfConcurrentThreads
504 );
505
506 NTSTATUS
507 STDCALL
508 ZwCreateIoCompletion(
509 OUT PHANDLE IoCompletionHandle,
510 IN ACCESS_MASK DesiredAccess,
511 IN POBJECT_ATTRIBUTES ObjectAttributes,
512 IN ULONG NumberOfConcurrentThreads
513 );
514
515 /*
516 * FUNCTION: Creates a registry key
517 * ARGUMENTS:
518 * KeyHandle (OUT) = Caller supplied storage for the resulting handle
519 * DesiredAccess = Specifies the allowed or desired access to the key
520 * It can have a combination of the following values:
521 * KEY_READ | KEY_WRITE | KEY_EXECUTE | KEY_ALL_ACCESS
522 * or
523 * KEY_QUERY_VALUE The values of the key can be queried.
524 * KEY_SET_VALUE The values of the key can be modified.
525 * KEY_CREATE_SUB_KEYS The key may contain subkeys.
526 * KEY_ENUMERATE_SUB_KEYS Subkeys can be queried.
527 * KEY_NOTIFY
528 * KEY_CREATE_LINK A symbolic link to the key can be created.
529 * ObjectAttributes = The name of the key may be specified directly in the name field
530 * of object attributes or relative to a key in rootdirectory.
531 * TitleIndex = Might specify the position in the sequential order of subkeys.
532 * Class = Specifies the kind of data, for example REG_SZ for string data. [ ??? ]
533 * CreateOptions = Specifies additional options with which the key is created
534 * REG_OPTION_VOLATILE The key is not preserved across boots.
535 * REG_OPTION_NON_VOLATILE The key is preserved accross boots.
536 * REG_OPTION_CREATE_LINK The key is a symbolic link to another key.
537 * REG_OPTION_BACKUP_RESTORE Key is being opened or created for backup/restore operations.
538 * Disposition = Indicates if the call to NtCreateKey resulted in the creation of a key it
539 * can have the following values: REG_CREATED_NEW_KEY | REG_OPENED_EXISTING_KEY
540 * RETURNS:
541 * Status
542 */
543
544 NTSTATUS STDCALL
545 NtCreateKey(OUT PHANDLE KeyHandle,
546 IN ACCESS_MASK DesiredAccess,
547 IN POBJECT_ATTRIBUTES ObjectAttributes,
548 IN ULONG TitleIndex,
549 IN PUNICODE_STRING Class OPTIONAL,
550 IN ULONG CreateOptions,
551 IN PULONG Disposition OPTIONAL);
552
553 NTSTATUS STDCALL
554 ZwCreateKey(OUT PHANDLE KeyHandle,
555 IN ACCESS_MASK DesiredAccess,
556 IN POBJECT_ATTRIBUTES ObjectAttributes,
557 IN ULONG TitleIndex,
558 IN PUNICODE_STRING Class OPTIONAL,
559 IN ULONG CreateOptions,
560 IN PULONG Disposition OPTIONAL);
561
562 /*
563 * FUNCTION: Creates a mail slot file
564 * ARGUMENTS:
565 * MailSlotFileHandle (OUT) = Caller supplied storage for the resulting handle
566 * DesiredAccess = Specifies the allowed or desired access to the file
567 * ObjectAttributes = Contains the name of the mailslotfile.
568 * IoStatusBlock =
569 * FileAttributes =
570 * ShareAccess =
571 * MaxMessageSize =
572 * TimeOut =
573 *
574 * REMARKS: This funciton maps to the win32 function CreateMailSlot
575 * RETURNS:
576 * Status
577 */
578
579 NTSTATUS
580 STDCALL
581 NtCreateMailslotFile(
582 OUT PHANDLE MailSlotFileHandle,
583 IN ACCESS_MASK DesiredAccess,
584 IN POBJECT_ATTRIBUTES ObjectAttributes,
585 OUT PIO_STATUS_BLOCK IoStatusBlock,
586 IN ULONG FileAttributes,
587 IN ULONG ShareAccess,
588 IN ULONG MaxMessageSize,
589 IN PLARGE_INTEGER TimeOut
590 );
591
592 NTSTATUS
593 STDCALL
594 ZwCreateMailslotFile(
595 OUT PHANDLE MailSlotFileHandle,
596 IN ACCESS_MASK DesiredAccess,
597 IN POBJECT_ATTRIBUTES ObjectAttributes,
598 OUT PIO_STATUS_BLOCK IoStatusBlock,
599 IN ULONG FileAttributes,
600 IN ULONG ShareAccess,
601 IN ULONG MaxMessageSize,
602 IN PLARGE_INTEGER TimeOut
603 );
604
605 /*
606 * FUNCTION: Creates or opens a mutex
607 * ARGUMENTS:
608 * MutantHandle (OUT) = Caller supplied storage for the resulting handle
609 * DesiredAccess = Specifies the allowed or desired access to the port
610 * ObjectAttributes = Contains the name of the mutex.
611 * InitialOwner = If true the calling thread acquires ownership
612 * of the mutex.
613 * REMARKS: This funciton maps to the win32 function CreateMutex
614 * RETURNS:
615 * Status
616 */
617 NTSTATUS
618 STDCALL
619 NtCreateMutant(
620 OUT PHANDLE MutantHandle,
621 IN ACCESS_MASK DesiredAccess,
622 IN POBJECT_ATTRIBUTES ObjectAttributes,
623 IN BOOLEAN InitialOwner
624 );
625
626 NTSTATUS
627 STDCALL
628 ZwCreateMutant(
629 OUT PHANDLE MutantHandle,
630 IN ACCESS_MASK DesiredAccess,
631 IN POBJECT_ATTRIBUTES ObjectAttributes,
632 IN BOOLEAN InitialOwner
633 );
634
635 /*
636 * FUNCTION: Creates a process.
637 * ARGUMENTS:
638 * ProcessHandle (OUT) = Caller supplied storage for the resulting handle
639 * DesiredAccess = Specifies the allowed or desired access to the process can
640 * be a combinate of STANDARD_RIGHTS_REQUIRED| ..
641 * ObjectAttribute = Initialized attributes for the object, contains the rootdirectory and the filename
642 * ParentProcess = Handle to the parent process.
643 * InheritObjectTable = Specifies to inherit the objects of the parent process if true.
644 * SectionHandle = Handle to a section object to back the image file
645 * DebugPort = Handle to a DebugPort if NULL the system default debug port will be used.
646 * ExceptionPort = Handle to a exception port.
647 * REMARKS:
648 * This function maps to the win32 CreateProcess.
649 * RETURNS: Status
650 */
651 NTSTATUS
652 STDCALL
653 NtCreateProcess(
654 OUT PHANDLE ProcessHandle,
655 IN ACCESS_MASK DesiredAccess,
656 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
657 IN HANDLE ParentProcess,
658 IN BOOLEAN InheritObjectTable,
659 IN HANDLE SectionHandle OPTIONAL,
660 IN HANDLE DebugPort OPTIONAL,
661 IN HANDLE ExceptionPort OPTIONAL
662 );
663
664 NTSTATUS
665 STDCALL
666 ZwCreateProcess(
667 OUT PHANDLE ProcessHandle,
668 IN ACCESS_MASK DesiredAccess,
669 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
670 IN HANDLE ParentProcess,
671 IN BOOLEAN InheritObjectTable,
672 IN HANDLE SectionHandle OPTIONAL,
673 IN HANDLE DebugPort OPTIONAL,
674 IN HANDLE ExceptionPort OPTIONAL
675 );
676
677 /*
678 * FUNCTION: Creates a section object.
679 * ARGUMENTS:
680 * SectionHandle (OUT) = Caller supplied storage for the resulting handle
681 * DesiredAccess = Specifies the desired access to the section can be a combination of STANDARD_RIGHTS_REQUIRED | SECTION_QUERY | SECTION_MAP_WRITE |
682 * SECTION_MAP_READ | SECTION_MAP_EXECUTE.
683 * ObjectAttribute = Initialized attributes for the object can be used to create a named section
684 * MaxiumSize = Maximizes the size of the memory section. Must be non-NULL for a page-file backed section.
685 * If value specified for a mapped file and the file is not large enough, file will be extended.
686 * SectionPageProtection = Can be a combination of PAGE_READONLY | PAGE_READWRITE | PAGE_WRITEONLY | PAGE_WRITECOPY.
687 * AllocationAttributes = can be a combination of SEC_IMAGE | SEC_RESERVE
688 * FileHanlde = Handle to a file to create a section mapped to a file instead of a memory backed section.
689 * RETURNS: Status
690 */
691
692 NTSTATUS
693 STDCALL
694 NtCreateSection(
695 OUT PHANDLE SectionHandle,
696 IN ACCESS_MASK DesiredAccess,
697 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
698 IN PLARGE_INTEGER MaximumSize OPTIONAL,
699 IN ULONG SectionPageProtection OPTIONAL,
700 IN ULONG AllocationAttributes,
701 IN HANDLE FileHandle OPTIONAL
702 );
703
704 NTSTATUS
705 STDCALL
706 ZwCreateSection(
707 OUT PHANDLE SectionHandle,
708 IN ACCESS_MASK DesiredAccess,
709 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
710 IN PLARGE_INTEGER MaximumSize OPTIONAL,
711 IN ULONG SectionPageProtection OPTIONAL,
712 IN ULONG AllocationAttributes,
713 IN HANDLE FileHandle OPTIONAL
714 );
715
716 /*
717 * FUNCTION: Creates a semaphore object for interprocess synchronization.
718 * ARGUMENTS:
719 * SemaphoreHandle (OUT) = Caller supplied storage for the resulting handle
720 * DesiredAccess = Specifies the allowed or desired access to the semaphore.
721 * ObjectAttribute = Initialized attributes for the object.
722 * InitialCount = Not necessary zero, might be smaller than zero.
723 * MaximumCount = Maxiumum count the semaphore can reach.
724 * RETURNS: Status
725 * REMARKS:
726 * The semaphore is set to signaled when its count is greater than zero, and non-signaled when its count is zero.
727 */
728
729 //FIXME: should a semaphore's initial count allowed to be smaller than zero ??
730 NTSTATUS
731 STDCALL
732 NtCreateSemaphore(
733 OUT PHANDLE SemaphoreHandle,
734 IN ACCESS_MASK DesiredAccess,
735 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
736 IN LONG InitialCount,
737 IN LONG MaximumCount
738 );
739
740 NTSTATUS
741 STDCALL
742 ZwCreateSemaphore(
743 OUT PHANDLE SemaphoreHandle,
744 IN ACCESS_MASK DesiredAccess,
745 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
746 IN LONG InitialCount,
747 IN LONG MaximumCount
748 );
749
750 /*
751 * FUNCTION: Creates a symbolic link object
752 * ARGUMENTS:
753 * SymbolicLinkHandle (OUT) = Caller supplied storage for the resulting handle
754 * DesiredAccess = Specifies the allowed or desired access to the thread.
755 * ObjectAttributes = Initialized attributes for the object.
756 * Name = Target name of the symbolic link
757 * RETURNS: Status
758 */
759 NTSTATUS
760 STDCALL
761 NtCreateSymbolicLinkObject(
762 OUT PHANDLE SymbolicLinkHandle,
763 IN ACCESS_MASK DesiredAccess,
764 IN POBJECT_ATTRIBUTES ObjectAttributes,
765 IN PUNICODE_STRING Name
766 );
767
768 NTSTATUS
769 STDCALL
770 ZwCreateSymbolicLinkObject(
771 OUT PHANDLE SymbolicLinkHandle,
772 IN ACCESS_MASK DesiredAccess,
773 IN POBJECT_ATTRIBUTES ObjectAttributes,
774 IN PUNICODE_STRING Name
775 );
776
777 /*
778 * FUNCTION: Creates a waitable timer.
779 * ARGUMENTS:
780 * TimerHandle (OUT) = Caller supplied storage for the resulting handle
781 * DesiredAccess = Specifies the allowed or desired access to the timer.
782 * ObjectAttributes = Initialized attributes for the object.
783 * TimerType = Specifies if the timer should be reset manually.
784 * REMARKS:
785 * This function maps to the win32 CreateWaitableTimer. lpTimerAttributes and lpTimerName map to
786 * corresponding fields in OBJECT_ATTRIBUTES structure.
787 * RETURNS: Status
788 */
789 NTSTATUS
790 STDCALL
791 NtCreateTimer(
792 OUT PHANDLE TimerHandle,
793 IN ACCESS_MASK DesiredAccess,
794 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
795 IN TIMER_TYPE TimerType
796 );
797
798 NTSTATUS
799 STDCALL
800 ZwCreateTimer(
801 OUT PHANDLE TimerHandle,
802 IN ACCESS_MASK DesiredAccess,
803 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
804 IN TIMER_TYPE TimerType
805 );
806
807 /*
808 * FUNCTION: Creates a token.
809 * ARGUMENTS:
810 * TokenHandle (OUT) = Caller supplied storage for the resulting handle
811 * DesiredAccess = Specifies the allowed or desired access to the process can
812 * be a combinate of STANDARD_RIGHTS_REQUIRED| ..
813 * ObjectAttribute = Initialized attributes for the object, contains the rootdirectory and the filename
814 * TokenType =
815 * AuthenticationId =
816 * ExpirationTime =
817 * TokenUser =
818 * TokenGroups =
819 * TokenPrivileges =
820 * TokenOwner =
821 * TokenPrimaryGroup =
822 * TokenDefaultDacl =
823 * TokenSource =
824 * REMARKS:
825 * This function does not map to a win32 function
826 * RETURNS: Status
827 */
828
829 NTSTATUS
830 STDCALL
831 NtCreateToken(
832 OUT PHANDLE TokenHandle,
833 IN ACCESS_MASK DesiredAccess,
834 IN POBJECT_ATTRIBUTES ObjectAttributes,
835 IN TOKEN_TYPE TokenType,
836 IN PLUID AuthenticationId,
837 IN PLARGE_INTEGER ExpirationTime,
838 IN PTOKEN_USER TokenUser,
839 IN PTOKEN_GROUPS TokenGroups,
840 IN PTOKEN_PRIVILEGES TokenPrivileges,
841 IN PTOKEN_OWNER TokenOwner,
842 IN PTOKEN_PRIMARY_GROUP TokenPrimaryGroup,
843 IN PTOKEN_DEFAULT_DACL TokenDefaultDacl,
844 IN PTOKEN_SOURCE TokenSource
845 );
846
847 NTSTATUS
848 STDCALL
849 ZwCreateToken(
850 OUT PHANDLE TokenHandle,
851 IN ACCESS_MASK DesiredAccess,
852 IN POBJECT_ATTRIBUTES ObjectAttributes,
853 IN TOKEN_TYPE TokenType,
854 IN PLUID AuthenticationId,
855 IN PLARGE_INTEGER ExpirationTime,
856 IN PTOKEN_USER TokenUser,
857 IN PTOKEN_GROUPS TokenGroups,
858 IN PTOKEN_PRIVILEGES TokenPrivileges,
859 IN PTOKEN_OWNER TokenOwner,
860 IN PTOKEN_PRIMARY_GROUP TokenPrimaryGroup,
861 IN PTOKEN_DEFAULT_DACL TokenDefaultDacl,
862 IN PTOKEN_SOURCE TokenSource
863 );
864
865 /*
866 * FUNCTION: Returns the callers thread TEB.
867 * RETURNS: The resulting teb.
868 */
869 #if 0
870 NT_TEB *
871 STDCALL
872 NtCurrentTeb(VOID
873 );
874 #endif
875
876 /*
877 * FUNCTION: Deletes an atom from the global atom table
878 * ARGUMENTS:
879 * Atom = Identifies the atom to delete
880 * REMARKS:
881 * The function maps to the win32 GlobalDeleteAtom
882 * RETURNS: Status
883 */
884 NTSTATUS
885 STDCALL
886 NtDeleteAtom(
887 IN RTL_ATOM Atom
888 );
889
890 NTSTATUS
891 STDCALL
892 ZwDeleteAtom(
893 IN RTL_ATOM Atom
894 );
895
896 /*
897 * FUNCTION: Deletes a file or a directory
898 * ARGUMENTS:
899 * ObjectAttributes = Name of the file which should be deleted
900 * REMARKS:
901 * This system call is functionally equivalent to NtSetInformationFile
902 * setting the disposition information.
903 * The function maps to the win32 DeleteFile.
904 * RETURNS: Status
905 */
906 NTSTATUS
907 STDCALL
908 NtDeleteFile(
909 IN POBJECT_ATTRIBUTES ObjectAttributes
910 );
911
912 NTSTATUS
913 STDCALL
914 ZwDeleteFile(
915 IN POBJECT_ATTRIBUTES ObjectAttributes
916 );
917
918 /*
919 * FUNCTION: Deletes a registry key
920 * ARGUMENTS:
921 * KeyHandle = Handle of the key
922 * RETURNS: Status
923 */
924 NTSTATUS
925 STDCALL
926 NtDeleteKey(
927 IN HANDLE KeyHandle
928 );
929 NTSTATUS
930 STDCALL
931 ZwDeleteKey(
932 IN HANDLE KeyHandle
933 );
934
935 /*
936 * FUNCTION: Generates a audit message when an object is deleted
937 * ARGUMENTS:
938 * SubsystemName = Spefies the name of the subsystem can be 'WIN32' or 'DEBUG'
939 * HandleId= Handle to an audit object
940 * GenerateOnClose = Value returned by NtAccessCheckAndAuditAlarm
941 * REMARKS: This function maps to the win32 ObjectCloseAuditAlarm
942 * RETURNS: Status
943 */
944
945 NTSTATUS
946 STDCALL
947 NtDeleteObjectAuditAlarm (
948 IN PUNICODE_STRING SubsystemName,
949 IN PVOID HandleId,
950 IN BOOLEAN GenerateOnClose
951 );
952
953 NTSTATUS
954 STDCALL
955 ZwDeleteObjectAuditAlarm (
956 IN PUNICODE_STRING SubsystemName,
957 IN PVOID HandleId,
958 IN BOOLEAN GenerateOnClose
959 );
960
961
962 /*
963 * FUNCTION: Deletes a value from a registry key
964 * ARGUMENTS:
965 * KeyHandle = Handle of the key
966 * ValueName = Name of the value to delete
967 * RETURNS: Status
968 */
969
970 NTSTATUS
971 STDCALL
972 NtDeleteValueKey(
973 IN HANDLE KeyHandle,
974 IN PUNICODE_STRING ValueName
975 );
976
977 NTSTATUS
978 STDCALL
979 ZwDeleteValueKey(
980 IN HANDLE KeyHandle,
981 IN PUNICODE_STRING ValueName
982 );
983 /*
984 * FUNCTION: Sends IOCTL to the io sub system
985 * ARGUMENTS:
986 * DeviceHandle = Points to the handle that is created by NtCreateFile
987 * Event = Event to synchronize on STATUS_PENDING
988 * ApcRoutine = Asynchroneous procedure callback
989 * ApcContext = Callback context.
990 * IoStatusBlock = Caller should supply storage for extra information..
991 * IoControlCode = Contains the IO Control command. This is an
992 * index to the structures in InputBuffer and OutputBuffer.
993 * InputBuffer = Caller should supply storage for input buffer if IOTL expects one.
994 * InputBufferSize = Size of the input bufffer
995 * OutputBuffer = Caller should supply storage for output buffer if IOTL expects one.
996 * OutputBufferSize = Size of the input bufffer
997 * RETURNS: Status
998 */
999
1000 NTSTATUS
1001 STDCALL
1002 NtDeviceIoControlFile(
1003 IN HANDLE DeviceHandle,
1004 IN HANDLE Event OPTIONAL,
1005 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL,
1006 IN PVOID UserApcContext OPTIONAL,
1007 OUT PIO_STATUS_BLOCK IoStatusBlock,
1008 IN ULONG IoControlCode,
1009 IN PVOID InputBuffer,
1010 IN ULONG InputBufferSize,
1011 OUT PVOID OutputBuffer,
1012 IN ULONG OutputBufferSize
1013 );
1014
1015 NTSTATUS
1016 STDCALL
1017 ZwDeviceIoControlFile(
1018 IN HANDLE DeviceHandle,
1019 IN HANDLE Event OPTIONAL,
1020 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL,
1021 IN PVOID UserApcContext OPTIONAL,
1022 OUT PIO_STATUS_BLOCK IoStatusBlock,
1023 IN ULONG IoControlCode,
1024 IN PVOID InputBuffer,
1025 IN ULONG InputBufferSize,
1026 OUT PVOID OutputBuffer,
1027 IN ULONG OutputBufferSize
1028 );
1029 /*
1030 * FUNCTION: Displays a string on the blue screen
1031 * ARGUMENTS:
1032 * DisplayString = The string to display
1033 * RETURNS: Status
1034 */
1035
1036 NTSTATUS
1037 STDCALL
1038 NtDisplayString(
1039 IN PUNICODE_STRING DisplayString
1040 );
1041
1042 NTSTATUS
1043 STDCALL
1044 ZwDisplayString(
1045 IN PUNICODE_STRING DisplayString
1046 );
1047
1048 /*
1049 * FUNCTION: Returns information about the subkeys of an open key
1050 * ARGUMENTS:
1051 * KeyHandle = Handle of the key whose subkeys are to enumerated
1052 * Index = zero based index of the subkey for which information is
1053 * request
1054 * KeyInformationClass = Type of information returned
1055 * KeyInformation (OUT) = Caller allocated buffer for the information
1056 * about the key
1057 * Length = Length in bytes of the KeyInformation buffer
1058 * ResultLength (OUT) = Caller allocated storage which holds
1059 * the number of bytes of information retrieved
1060 * on return
1061 * RETURNS: Status
1062 */
1063 NTSTATUS
1064 STDCALL
1065 NtEnumerateKey(
1066 IN HANDLE KeyHandle,
1067 IN ULONG Index,
1068 IN KEY_INFORMATION_CLASS KeyInformationClass,
1069 OUT PVOID KeyInformation,
1070 IN ULONG Length,
1071 OUT PULONG ResultLength
1072 );
1073
1074 NTSTATUS
1075 STDCALL
1076 ZwEnumerateKey(
1077 IN HANDLE KeyHandle,
1078 IN ULONG Index,
1079 IN KEY_INFORMATION_CLASS KeyInformationClass,
1080 OUT PVOID KeyInformation,
1081 IN ULONG Length,
1082 OUT PULONG ResultLength
1083 );
1084 /*
1085 * FUNCTION: Returns information about the value entries of an open key
1086 * ARGUMENTS:
1087 * KeyHandle = Handle of the key whose value entries are to enumerated
1088 * Index = zero based index of the subkey for which information is
1089 * request
1090 * KeyInformationClass = Type of information returned
1091 * KeyInformation (OUT) = Caller allocated buffer for the information
1092 * about the key
1093 * Length = Length in bytes of the KeyInformation buffer
1094 * ResultLength (OUT) = Caller allocated storage which holds
1095 * the number of bytes of information retrieved
1096 * on return
1097 * RETURNS: Status
1098 */
1099 NTSTATUS
1100 STDCALL
1101 NtEnumerateValueKey(
1102 IN HANDLE KeyHandle,
1103 IN ULONG Index,
1104 IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass,
1105 OUT PVOID KeyValueInformation,
1106 IN ULONG Length,
1107 OUT PULONG ResultLength
1108 );
1109
1110 NTSTATUS
1111 STDCALL
1112 ZwEnumerateValueKey(
1113 IN HANDLE KeyHandle,
1114 IN ULONG Index,
1115 IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass,
1116 OUT PVOID KeyValueInformation,
1117 IN ULONG Length,
1118 OUT PULONG ResultLength
1119 );
1120
1121 /*
1122 * FUNCTION: Flushes chached file data to disk
1123 * ARGUMENTS:
1124 * FileHandle = Points to the file
1125 * IoStatusBlock = Caller must supply storage to receive the result of the flush
1126 * buffers operation. The information field is set to number of bytes
1127 * flushed to disk.
1128 * RETURNS: Status
1129 * REMARKS:
1130 * This funciton maps to the win32 FlushFileBuffers
1131 */
1132 NTSTATUS
1133 STDCALL
1134 NtFlushBuffersFile(
1135 IN HANDLE FileHandle,
1136 OUT PIO_STATUS_BLOCK IoStatusBlock
1137 );
1138
1139 NTSTATUS
1140 STDCALL
1141 ZwFlushBuffersFile(
1142 IN HANDLE FileHandle,
1143 OUT PIO_STATUS_BLOCK IoStatusBlock
1144 );
1145
1146 /*
1147 * FUNCTION: Flushes a registry key to disk
1148 * ARGUMENTS:
1149 * KeyHandle = Points to the registry key handle
1150 * RETURNS: Status
1151 * REMARKS:
1152 * This funciton maps to the win32 RegFlushKey.
1153 */
1154 NTSTATUS
1155 STDCALL
1156 NtFlushKey(
1157 IN HANDLE KeyHandle
1158 );
1159
1160 NTSTATUS
1161 STDCALL
1162 ZwFlushKey(
1163 IN HANDLE KeyHandle
1164 );
1165
1166 /*
1167 * FUNCTION: Flushes the dirty pages to file
1168 * RETURNS: Status
1169 * FIXME: Not sure this does (how is the file specified)
1170 */
1171 NTSTATUS STDCALL NtFlushWriteBuffer(VOID);
1172 NTSTATUS STDCALL ZwFlushWriteBuffer(VOID);
1173
1174 /*
1175 * FUNCTION: Frees a range of virtual memory
1176 * ARGUMENTS:
1177 * ProcessHandle = Points to the process that allocated the virtual
1178 * memory
1179 * BaseAddress = Points to the memory address, rounded down to a
1180 * multiple of the pagesize
1181 * RegionSize = Limits the range to free, rounded up to a multiple of
1182 * the paging size
1183 * FreeType = Can be one of the values: MEM_DECOMMIT, or MEM_RELEASE
1184 * RETURNS: Status
1185 */
1186 NTSTATUS STDCALL NtFreeVirtualMemory(IN HANDLE ProcessHandle,
1187 IN PVOID *BaseAddress,
1188 IN PULONG RegionSize,
1189 IN ULONG FreeType);
1190 NTSTATUS STDCALL ZwFreeVirtualMemory(IN HANDLE ProcessHandle,
1191 IN PVOID *BaseAddress,
1192 IN PULONG RegionSize,
1193 IN ULONG FreeType);
1194
1195 /*
1196 * FUNCTION: Sends FSCTL to the filesystem
1197 * ARGUMENTS:
1198 * DeviceHandle = Points to the handle that is created by NtCreateFile
1199 * Event = Event to synchronize on STATUS_PENDING
1200 * ApcRoutine =
1201 * ApcContext =
1202 * IoStatusBlock = Caller should supply storage for
1203 * IoControlCode = Contains the File System Control command. This is an
1204 * index to the structures in InputBuffer and OutputBuffer.
1205 * FSCTL_GET_RETRIEVAL_POINTERS MAPPING_PAIR
1206 * FSCTL_GET_RETRIEVAL_POINTERS GET_RETRIEVAL_DESCRIPTOR
1207 * FSCTL_GET_VOLUME_BITMAP BITMAP_DESCRIPTOR
1208 * FSCTL_MOVE_FILE MOVEFILE_DESCRIPTOR
1209 *
1210 * InputBuffer = Caller should supply storage for input buffer if FCTL expects one.
1211 * InputBufferSize = Size of the input bufffer
1212 * OutputBuffer = Caller should supply storage for output buffer if FCTL expects one.
1213 * OutputBufferSize = Size of the input bufffer
1214 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES |
1215 * STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST ]
1216 */
1217 NTSTATUS
1218 STDCALL
1219 NtFsControlFile(
1220 IN HANDLE DeviceHandle,
1221 IN HANDLE Event OPTIONAL,
1222 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
1223 IN PVOID ApcContext OPTIONAL,
1224 OUT PIO_STATUS_BLOCK IoStatusBlock,
1225 IN ULONG IoControlCode,
1226 IN PVOID InputBuffer,
1227 IN ULONG InputBufferSize,
1228 OUT PVOID OutputBuffer,
1229 IN ULONG OutputBufferSize
1230 );
1231
1232 NTSTATUS
1233 STDCALL
1234 ZwFsControlFile(
1235 IN HANDLE DeviceHandle,
1236 IN HANDLE Event OPTIONAL,
1237 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
1238 IN PVOID ApcContext OPTIONAL,
1239 OUT PIO_STATUS_BLOCK IoStatusBlock,
1240 IN ULONG IoControlCode,
1241 IN PVOID InputBuffer,
1242 IN ULONG InputBufferSize,
1243 OUT PVOID OutputBuffer,
1244 IN ULONG OutputBufferSize
1245 );
1246
1247 /*
1248 * FUNCTION: Retrieves the processor context of a thread
1249 * ARGUMENTS:
1250 * ThreadHandle = Handle to a thread
1251 * Context (OUT) = Caller allocated storage for the processor context
1252 * RETURNS: Status
1253 */
1254
1255 NTSTATUS
1256 STDCALL
1257 NtGetContextThread(
1258 IN HANDLE ThreadHandle,
1259 OUT PCONTEXT Context
1260 );
1261
1262 NTSTATUS
1263 STDCALL
1264 ZwGetContextThread(
1265 IN HANDLE ThreadHandle,
1266 OUT PCONTEXT Context
1267 );
1268
1269 /*
1270 * FUNCTION: Sets a thread to impersonate another
1271 * ARGUMENTS:
1272 * ThreadHandle = Server thread that will impersonate a client.
1273 ThreadToImpersonate = Client thread that will be impersonated
1274 SecurityQualityOfService = Specifies the impersonation level.
1275 * RETURNS: Status
1276 */
1277
1278 NTSTATUS
1279 STDCALL
1280 NtImpersonateThread(
1281 IN HANDLE ThreadHandle,
1282 IN HANDLE ThreadToImpersonate,
1283 IN PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService
1284 );
1285
1286 NTSTATUS
1287 STDCALL
1288 ZwImpersonateThread(
1289 IN HANDLE ThreadHandle,
1290 IN HANDLE ThreadToImpersonate,
1291 IN PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService
1292 );
1293
1294 /*
1295 * FUNCTION: Initializes the registry.
1296 * ARGUMENTS:
1297 * SetUpBoot = This parameter is true for a setup boot.
1298 * RETURNS: Status
1299 */
1300 NTSTATUS
1301 STDCALL
1302 NtInitializeRegistry(
1303 BOOLEAN SetUpBoot
1304 );
1305 NTSTATUS
1306 STDCALL
1307 ZwInitializeRegistry(
1308 BOOLEAN SetUpBoot
1309 );
1310
1311 /*
1312 * FUNCTION: Loads a driver.
1313 * ARGUMENTS:
1314 * DriverServiceName = Name of the driver to load
1315 * RETURNS: Status
1316 */
1317 NTSTATUS
1318 STDCALL
1319 NtLoadDriver(
1320 IN PUNICODE_STRING DriverServiceName
1321 );
1322
1323 NTSTATUS
1324 STDCALL
1325 ZwLoadDriver(
1326 IN PUNICODE_STRING DriverServiceName
1327 );
1328
1329 /*
1330 * FUNCTION: Locks a range of bytes in a file.
1331 * ARGUMENTS:
1332 * FileHandle = Handle to the file
1333 * Event = Should be null if apc is specified.
1334 * ApcRoutine = Asynchroneous Procedure Callback
1335 * ApcContext = Argument to the callback
1336 * IoStatusBlock (OUT) = Caller should supply storage for a structure containing
1337 * the completion status and information about the requested lock operation.
1338 * ByteOffset = Offset
1339 * Length = Number of bytes to lock.
1340 * Key = Special value to give other threads the possibility to unlock the file
1341 by supplying the key in a call to NtUnlockFile.
1342 * FailImmediatedly = If false the request will block untill the lock is obtained.
1343 * ExclusiveLock = Specifies whether a exclusive or a shared lock is obtained.
1344 * REMARK:
1345 This procedure maps to the win32 procedure LockFileEx. STATUS_PENDING is returned if the lock could
1346 not be obtained immediately, the device queue is busy and the IRP is queued.
1347 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES |
1348 STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_LOCK_NOT_GRANTED ]
1349
1350 */
1351 NTSTATUS
1352 STDCALL
1353 NtLockFile(
1354 IN HANDLE FileHandle,
1355 IN HANDLE Event OPTIONAL,
1356 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
1357 IN PVOID ApcContext OPTIONAL,
1358 OUT PIO_STATUS_BLOCK IoStatusBlock,
1359 IN PLARGE_INTEGER ByteOffset,
1360 IN PLARGE_INTEGER Length,
1361 IN PULONG Key,
1362 IN BOOLEAN FailImmediatedly,
1363 IN BOOLEAN ExclusiveLock
1364 );
1365
1366 NTSTATUS
1367 STDCALL
1368 ZwLockFile(
1369 IN HANDLE FileHandle,
1370 IN HANDLE Event OPTIONAL,
1371 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
1372 IN PVOID ApcContext OPTIONAL,
1373 OUT PIO_STATUS_BLOCK IoStatusBlock,
1374 IN PLARGE_INTEGER ByteOffset,
1375 IN PLARGE_INTEGER Length,
1376 IN PULONG Key,
1377 IN BOOLEAN FailImmediatedly,
1378 IN BOOLEAN ExclusiveLock
1379 );
1380
1381 /*
1382 * FUNCTION: Makes temporary object that will be removed at next boot.
1383 * ARGUMENTS:
1384 * Handle = Handle to object
1385 * RETURNS: Status
1386 */
1387
1388 NTSTATUS
1389 STDCALL
1390 NtMakeTemporaryObject(
1391 IN HANDLE Handle
1392 );
1393
1394 NTSTATUS
1395 STDCALL
1396 ZwMakeTemporaryObject(
1397 IN HANDLE Handle
1398 );
1399 /*
1400 * FUNCTION: Maps a view of a section into the virtual address space of a
1401 * process
1402 * ARGUMENTS:
1403 * SectionHandle = Handle of the section
1404 * ProcessHandle = Handle of the process
1405 * BaseAddress = Desired base address (or NULL) on entry
1406 * Actual base address of the view on exit
1407 * ZeroBits = Number of high order address bits that must be zero
1408 * CommitSize = Size in bytes of the initially committed section of
1409 * the view
1410 * SectionOffset = Offset in bytes from the beginning of the section
1411 * to the beginning of the view
1412 * ViewSize = Desired length of map (or zero to map all) on entry
1413 * Actual length mapped on exit
1414 * InheritDisposition = Specified how the view is to be shared with
1415 * child processes
1416 * AllocateType = Type of allocation for the pages
1417 * Protect = Protection for the committed region of the view
1418 * RETURNS: Status
1419 */
1420 NTSTATUS
1421 STDCALL
1422 NtMapViewOfSection(
1423 IN HANDLE SectionHandle,
1424 IN HANDLE ProcessHandle,
1425 IN OUT PVOID *BaseAddress,
1426 IN ULONG ZeroBits,
1427 IN ULONG CommitSize,
1428 IN OUT PLARGE_INTEGER SectionOffset OPTIONAL,
1429 IN OUT PULONG ViewSize,
1430 IN SECTION_INHERIT InheritDisposition,
1431 IN ULONG AllocationType,
1432 IN ULONG AccessProtection
1433 );
1434
1435 NTSTATUS
1436 STDCALL
1437 ZwMapViewOfSection(
1438 IN HANDLE SectionHandle,
1439 IN HANDLE ProcessHandle,
1440 IN OUT PVOID *BaseAddress,
1441 IN ULONG ZeroBits,
1442 IN ULONG CommitSize,
1443 IN OUT PLARGE_INTEGER SectionOffset OPTIONAL,
1444 IN OUT PULONG ViewSize,
1445 IN SECTION_INHERIT InheritDisposition,
1446 IN ULONG AllocationType,
1447 IN ULONG AccessProtection
1448 );
1449
1450 /*
1451 * FUNCTION: Installs a notify for the change of a directory's contents
1452 * ARGUMENTS:
1453 * FileHandle = Handle to the directory
1454 Event =
1455 * ApcRoutine = Start address
1456 * ApcContext = Delimits the range of virtual memory
1457 * for which the new access protection holds
1458 * IoStatusBlock = The new access proctection for the pages
1459 * Buffer = Caller supplies storage for resulting information --> FILE_NOTIFY_INFORMATION
1460 * BufferSize = Size of the buffer
1461 CompletionFilter = Can be one of the following values:
1462 FILE_NOTIFY_CHANGE_FILE_NAME
1463 FILE_NOTIFY_CHANGE_DIR_NAME
1464 FILE_NOTIFY_CHANGE_NAME ( FILE_NOTIFY_CHANGE_FILE_NAME | FILE_NOTIFY_CHANGE_DIR_NAME )
1465 FILE_NOTIFY_CHANGE_ATTRIBUTES
1466 FILE_NOTIFY_CHANGE_SIZE
1467 FILE_NOTIFY_CHANGE_LAST_WRITE
1468 FILE_NOTIFY_CHANGE_LAST_ACCESS
1469 FILE_NOTIFY_CHANGE_CREATION ( change of creation timestamp )
1470 FILE_NOTIFY_CHANGE_EA
1471 FILE_NOTIFY_CHANGE_SECURITY
1472 FILE_NOTIFY_CHANGE_STREAM_NAME
1473 FILE_NOTIFY_CHANGE_STREAM_SIZE
1474 FILE_NOTIFY_CHANGE_STREAM_WRITE
1475 WatchTree = If true the notify will be installed recursively on the targetdirectory and all subdirectories.
1476 *
1477 * REMARKS:
1478 * The function maps to the win32 FindFirstChangeNotification, FindNextChangeNotification
1479 * RETURNS: Status
1480 */
1481 NTSTATUS
1482 STDCALL
1483 NtNotifyChangeDirectoryFile(
1484 IN HANDLE FileHandle,
1485 IN HANDLE Event OPTIONAL,
1486 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
1487 IN PVOID ApcContext OPTIONAL,
1488 OUT PIO_STATUS_BLOCK IoStatusBlock,
1489 OUT PVOID Buffer,
1490 IN ULONG BufferSize,
1491 IN ULONG CompletionFilter,
1492 IN BOOLEAN WatchTree
1493 );
1494
1495 NTSTATUS
1496 STDCALL
1497 ZwNotifyChangeDirectoryFile(
1498 IN HANDLE FileHandle,
1499 IN HANDLE Event OPTIONAL,
1500 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
1501 IN PVOID ApcContext OPTIONAL,
1502 OUT PIO_STATUS_BLOCK IoStatusBlock,
1503 OUT PVOID Buffer,
1504 IN ULONG BufferSize,
1505 IN ULONG CompletionFilter,
1506 IN BOOLEAN WatchTree
1507 );
1508
1509 /*
1510 * FUNCTION: Installs a notfication callback on registry changes
1511 * ARGUMENTS:
1512 KeyHandle = Handle to the registry key
1513 Event = Event that should be signalled on modification of the key
1514 ApcRoutine = Routine that should be called on modification of the key
1515 ApcContext = Argument to the ApcRoutine
1516 IoStatusBlock = ???
1517 CompletionFilter = Specifies the kind of notification the caller likes to receive.
1518 Can be a combination of the following values:
1519
1520 REG_NOTIFY_CHANGE_NAME
1521 REG_NOTIFY_CHANGE_ATTRIBUTES
1522 REG_NOTIFY_CHANGE_LAST_SET
1523 REG_NOTIFY_CHANGE_SECURITY
1524
1525
1526 Asynchroneous = If TRUE the changes are reported by signalling an event if false
1527 the function will not return before a change occurs.
1528 ChangeBuffer = Will return the old value
1529 Length = Size of the change buffer
1530 WatchSubtree = Indicates if the caller likes to receive a notification of changes in
1531 sub keys or not.
1532 * REMARKS: If the key is closed the event is signalled aswell.
1533 * RETURNS: Status
1534 */
1535
1536 NTSTATUS
1537 STDCALL
1538 NtNotifyChangeKey(
1539 IN HANDLE KeyHandle,
1540 IN HANDLE Event,
1541 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
1542 IN PVOID ApcContext OPTIONAL,
1543 OUT PIO_STATUS_BLOCK IoStatusBlock,
1544 IN ULONG CompletionFilter,
1545 IN BOOLEAN Asynchroneous,
1546 OUT PVOID ChangeBuffer,
1547 IN ULONG Length,
1548 IN BOOLEAN WatchSubtree
1549 );
1550
1551 NTSTATUS
1552 STDCALL
1553 ZwNotifyChangeKey(
1554 IN HANDLE KeyHandle,
1555 IN HANDLE Event,
1556 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
1557 IN PVOID ApcContext OPTIONAL,
1558 OUT PIO_STATUS_BLOCK IoStatusBlock,
1559 IN ULONG CompletionFilter,
1560 IN BOOLEAN Asynchroneous,
1561 OUT PVOID ChangeBuffer,
1562 IN ULONG Length,
1563 IN BOOLEAN WatchSubtree
1564 );
1565
1566 /*
1567 * FUNCTION: Opens an existing directory object
1568 * ARGUMENTS:
1569 * FileHandle (OUT) = Caller supplied storage for the resulting handle
1570 * DesiredAccess = Requested access to the directory
1571 * ObjectAttributes = Initialized attributes for the object
1572 * RETURNS: Status
1573 */
1574
1575 NTSTATUS
1576 STDCALL
1577 NtOpenDirectoryObject(
1578 OUT PHANDLE FileHandle,
1579 IN ACCESS_MASK DesiredAccess,
1580 IN POBJECT_ATTRIBUTES ObjectAttributes
1581 );
1582 NTSTATUS
1583 STDCALL
1584 ZwOpenDirectoryObject(
1585 OUT PHANDLE FileHandle,
1586 IN ACCESS_MASK DesiredAccess,
1587 IN POBJECT_ATTRIBUTES ObjectAttributes
1588 );
1589
1590 /*
1591 * FUNCTION: Opens an existing event
1592 * ARGUMENTS:
1593 * EventHandle (OUT) = Caller supplied storage for the resulting handle
1594 * DesiredAccess = Requested access to the event
1595 * ObjectAttributes = Initialized attributes for the object
1596 * RETURNS: Status
1597 */
1598 NTSTATUS
1599 STDCALL
1600 NtOpenEvent(
1601 OUT PHANDLE EventHandle,
1602 IN ACCESS_MASK DesiredAccess,
1603 IN POBJECT_ATTRIBUTES ObjectAttributes
1604 );
1605
1606 NTSTATUS
1607 STDCALL
1608 ZwOpenEvent(
1609 OUT PHANDLE EventHandle,
1610 IN ACCESS_MASK DesiredAccess,
1611 IN POBJECT_ATTRIBUTES ObjectAttributes
1612 );
1613
1614 /*
1615 * FUNCTION: Opens an existing event pair
1616 * ARGUMENTS:
1617 * EventHandle (OUT) = Caller supplied storage for the resulting handle
1618 * DesiredAccess = Requested access to the event
1619 * ObjectAttributes = Initialized attributes for the object
1620 * RETURNS: Status
1621 */
1622
1623 NTSTATUS
1624 STDCALL
1625 NtOpenEventPair(
1626 OUT PHANDLE EventPairHandle,
1627 IN ACCESS_MASK DesiredAccess,
1628 IN POBJECT_ATTRIBUTES ObjectAttributes
1629 );
1630
1631 NTSTATUS
1632 STDCALL
1633 ZwOpenEventPair(
1634 OUT PHANDLE EventPairHandle,
1635 IN ACCESS_MASK DesiredAccess,
1636 IN POBJECT_ATTRIBUTES ObjectAttributes
1637 );
1638 /*
1639 * FUNCTION: Opens an existing file
1640 * ARGUMENTS:
1641 * FileHandle (OUT) = Caller supplied storage for the resulting handle
1642 * DesiredAccess = Requested access to the file
1643 * ObjectAttributes = Initialized attributes for the object
1644 * IoStatusBlock =
1645 * ShareAccess =
1646 * OpenOptions =
1647 * RETURNS: Status
1648 */
1649 NTSTATUS
1650 STDCALL
1651 NtOpenFile(
1652 OUT PHANDLE FileHandle,
1653 IN ACCESS_MASK DesiredAccess,
1654 IN POBJECT_ATTRIBUTES ObjectAttributes,
1655 OUT PIO_STATUS_BLOCK IoStatusBlock,
1656 IN ULONG ShareAccess,
1657 IN ULONG OpenOptions
1658 );
1659
1660 NTSTATUS
1661 STDCALL
1662 ZwOpenFile(
1663 OUT PHANDLE FileHandle,
1664 IN ACCESS_MASK DesiredAccess,
1665 IN POBJECT_ATTRIBUTES ObjectAttributes,
1666 OUT PIO_STATUS_BLOCK IoStatusBlock,
1667 IN ULONG ShareAccess,
1668 IN ULONG OpenOptions
1669 );
1670
1671 /*
1672 * FUNCTION: Opens an existing io completion object
1673 * ARGUMENTS:
1674 * CompletionPort (OUT) = Caller supplied storage for the resulting handle
1675 * DesiredAccess = Requested access to the io completion object
1676 * ObjectAttributes = Initialized attributes for the object
1677 * RETURNS: Status
1678 */
1679
1680 NTSTATUS
1681 STDCALL
1682 NtOpenIoCompletion(
1683 OUT PHANDLE CompetionPort,
1684 IN ACCESS_MASK DesiredAccess,
1685 IN POBJECT_ATTRIBUTES ObjectAttributes
1686 );
1687
1688 NTSTATUS
1689 STDCALL
1690 ZwOpenIoCompletion(
1691 OUT PHANDLE CompetionPort,
1692 IN ACCESS_MASK DesiredAccess,
1693 IN POBJECT_ATTRIBUTES ObjectAttributes
1694 );
1695
1696 /*
1697 * FUNCTION: Opens an existing key in the registry
1698 * ARGUMENTS:
1699 * KeyHandle (OUT) = Caller supplied storage for the resulting handle
1700 * DesiredAccess = Requested access to the key
1701 * ObjectAttributes = Initialized attributes for the object
1702 * RETURNS: Status
1703 */
1704 NTSTATUS
1705 STDCALL
1706 NtOpenKey(
1707 OUT PHANDLE KeyHandle,
1708 IN ACCESS_MASK DesiredAccess,
1709 IN POBJECT_ATTRIBUTES ObjectAttributes
1710 );
1711
1712 NTSTATUS
1713 STDCALL
1714 ZwOpenKey(
1715 OUT PHANDLE KeyHandle,
1716 IN ACCESS_MASK DesiredAccess,
1717 IN POBJECT_ATTRIBUTES ObjectAttributes
1718 );
1719 /*
1720 * FUNCTION: Opens an existing key in the registry
1721 * ARGUMENTS:
1722 * MutantHandle (OUT) = Caller supplied storage for the resulting handle
1723 * DesiredAccess = Requested access to the mutant
1724 * ObjectAttribute = Initialized attributes for the object
1725 * RETURNS: Status
1726 */
1727 NTSTATUS
1728 STDCALL
1729 NtOpenMutant(
1730 OUT PHANDLE MutantHandle,
1731 IN ACCESS_MASK DesiredAccess,
1732 IN POBJECT_ATTRIBUTES ObjectAttributes
1733 );
1734 NTSTATUS
1735 STDCALL
1736 ZwOpenMutant(
1737 OUT PHANDLE MutantHandle,
1738 IN ACCESS_MASK DesiredAccess,
1739 IN POBJECT_ATTRIBUTES ObjectAttributes
1740 );
1741
1742 /*
1743 * FUNCTION: Opens an existing process
1744 * ARGUMENTS:
1745 * ProcessHandle (OUT) = Caller supplied storage for the resulting handle
1746 * DesiredAccess = Requested access to the process
1747 * ObjectAttribute = Initialized attributes for the object
1748 * ClientId = Identifies the process id to open
1749 * RETURNS: Status
1750 */
1751 NTSTATUS
1752 STDCALL
1753 NtOpenProcess (
1754 OUT PHANDLE ProcessHandle,
1755 IN ACCESS_MASK DesiredAccess,
1756 IN POBJECT_ATTRIBUTES ObjectAttributes,
1757 IN PCLIENT_ID ClientId
1758 );
1759 NTSTATUS
1760 STDCALL
1761 ZwOpenProcess (
1762 OUT PHANDLE ProcessHandle,
1763 IN ACCESS_MASK DesiredAccess,
1764 IN POBJECT_ATTRIBUTES ObjectAttributes,
1765 IN PCLIENT_ID ClientId
1766 );
1767 /*
1768 * FUNCTION: Opens an existing process
1769 * ARGUMENTS:
1770 * ProcessHandle = Handle of the process of which owns the token
1771 * DesiredAccess = Requested access to the token
1772 * TokenHandle (OUT) = Caller supplies storage for the resulting token.
1773 * REMARKS:
1774 This function maps to the win32
1775 * RETURNS: Status
1776 */
1777
1778 NTSTATUS
1779 STDCALL
1780 NtOpenProcessToken(
1781 IN HANDLE ProcessHandle,
1782 IN ACCESS_MASK DesiredAccess,
1783 OUT PHANDLE TokenHandle
1784 );
1785
1786 NTSTATUS
1787 STDCALL
1788 ZwOpenProcessToken(
1789 IN HANDLE ProcessHandle,
1790 IN ACCESS_MASK DesiredAccess,
1791 OUT PHANDLE TokenHandle
1792 );
1793
1794 /*
1795 * FUNCTION: Opens an existing section object
1796 * ARGUMENTS:
1797 * KeyHandle (OUT) = Caller supplied storage for the resulting handle
1798 * DesiredAccess = Requested access to the key
1799 * ObjectAttribute = Initialized attributes for the object
1800 * RETURNS: Status
1801 */
1802
1803 NTSTATUS
1804 STDCALL
1805 NtOpenSection(
1806 OUT PHANDLE SectionHandle,
1807 IN ACCESS_MASK DesiredAccess,
1808 IN POBJECT_ATTRIBUTES ObjectAttributes
1809 );
1810 NTSTATUS
1811 STDCALL
1812 ZwOpenSection(
1813 OUT PHANDLE SectionHandle,
1814 IN ACCESS_MASK DesiredAccess,
1815 IN POBJECT_ATTRIBUTES ObjectAttributes
1816 );
1817 /*
1818 * FUNCTION: Opens an existing semaphore
1819 * ARGUMENTS:
1820 * SemaphoreHandle (OUT) = Caller supplied storage for the resulting handle
1821 * DesiredAccess = Requested access to the semaphore
1822 * ObjectAttribute = Initialized attributes for the object
1823 * RETURNS: Status
1824 */
1825 NTSTATUS
1826 STDCALL
1827 NtOpenSemaphore(
1828 IN HANDLE SemaphoreHandle,
1829 IN ACCESS_MASK DesiredAcces,
1830 IN POBJECT_ATTRIBUTES ObjectAttributes
1831 );
1832 NTSTATUS
1833 STDCALL
1834 ZwOpenSemaphore(
1835 IN HANDLE SemaphoreHandle,
1836 IN ACCESS_MASK DesiredAcces,
1837 IN POBJECT_ATTRIBUTES ObjectAttributes
1838 );
1839 /*
1840 * FUNCTION: Opens an existing symbolic link
1841 * ARGUMENTS:
1842 * SymbolicLinkHandle (OUT) = Caller supplied storage for the resulting handle
1843 * DesiredAccess = Requested access to the symbolic link
1844 * ObjectAttribute = Initialized attributes for the object
1845 * RETURNS: Status
1846 */
1847 NTSTATUS
1848 STDCALL
1849 NtOpenSymbolicLinkObject(
1850 OUT PHANDLE SymbolicLinkHandle,
1851 IN ACCESS_MASK DesiredAccess,
1852 IN POBJECT_ATTRIBUTES ObjectAttributes
1853 );
1854 NTSTATUS
1855 STDCALL
1856 ZwOpenSymbolicLinkObject(
1857 OUT PHANDLE SymbolicLinkHandle,
1858 IN ACCESS_MASK DesiredAccess,
1859 IN POBJECT_ATTRIBUTES ObjectAttributes
1860 );
1861 /*
1862 * FUNCTION: Opens an existing thread
1863 * ARGUMENTS:
1864 * ThreadHandle (OUT) = Caller supplied storage for the resulting handle
1865 * DesiredAccess = Requested access to the thread
1866 * ObjectAttribute = Initialized attributes for the object
1867 * ClientId = Identifies the thread to open.
1868 * RETURNS: Status
1869 */
1870 NTSTATUS
1871 STDCALL
1872 NtOpenThread(
1873 OUT PHANDLE ThreadHandle,
1874 IN ACCESS_MASK DesiredAccess,
1875 IN POBJECT_ATTRIBUTES ObjectAttributes,
1876 IN PCLIENT_ID ClientId
1877 );
1878 NTSTATUS
1879 STDCALL
1880 ZwOpenThread(
1881 OUT PHANDLE ThreadHandle,
1882 IN ACCESS_MASK DesiredAccess,
1883 IN POBJECT_ATTRIBUTES ObjectAttributes,
1884 IN PCLIENT_ID ClientId
1885 );
1886
1887 NTSTATUS
1888 STDCALL
1889 NtOpenThreadToken(
1890 IN HANDLE ThreadHandle,
1891 IN ACCESS_MASK DesiredAccess,
1892 IN BOOLEAN OpenAsSelf,
1893 OUT PHANDLE TokenHandle
1894 );
1895
1896 NTSTATUS
1897 STDCALL
1898 ZwOpenThreadToken(
1899 IN HANDLE ThreadHandle,
1900 IN ACCESS_MASK DesiredAccess,
1901 IN BOOLEAN OpenAsSelf,
1902 OUT PHANDLE TokenHandle
1903 );
1904 /*
1905 * FUNCTION: Opens an existing timer
1906 * ARGUMENTS:
1907 * TimerHandle (OUT) = Caller supplied storage for the resulting handle
1908 * DesiredAccess = Requested access to the timer
1909 * ObjectAttribute = Initialized attributes for the object
1910 * RETURNS: Status
1911 */
1912 NTSTATUS
1913 STDCALL
1914 NtOpenTimer(
1915 OUT PHANDLE TimerHandle,
1916 IN ACCESS_MASK DesiredAccess,
1917 IN POBJECT_ATTRIBUTES ObjectAttributes
1918 );
1919 NTSTATUS
1920 STDCALL
1921 ZwOpenTimer(
1922 OUT PHANDLE TimerHandle,
1923 IN ACCESS_MASK DesiredAccess,
1924 IN POBJECT_ATTRIBUTES ObjectAttributes
1925 );
1926
1927 /*
1928 * FUNCTION: Checks an access token for specific privileges
1929 * ARGUMENTS:
1930 * ClientToken = Handle to a access token structure
1931 * RequiredPrivileges = Specifies the requested privileges.
1932 * Result = Caller supplies storage for the result. If PRIVILEGE_SET_ALL_NECESSARY is
1933 set in the Control member of PRIVILEGES_SET Result
1934 will only be TRUE if all privileges are present in the access token.
1935 * RETURNS: Status
1936 */
1937
1938 NTSTATUS
1939 STDCALL
1940 NtPrivilegeCheck(
1941 IN HANDLE ClientToken,
1942 IN PPRIVILEGE_SET RequiredPrivileges,
1943 IN PBOOLEAN Result
1944 );
1945
1946 NTSTATUS
1947 STDCALL
1948 ZwPrivilegeCheck(
1949 IN HANDLE ClientToken,
1950 IN PPRIVILEGE_SET RequiredPrivileges,
1951 IN PBOOLEAN Result
1952 );
1953
1954 NTSTATUS
1955 STDCALL
1956 NtPrivilegedServiceAuditAlarm(
1957 IN PUNICODE_STRING SubsystemName,
1958 IN PUNICODE_STRING ServiceName,
1959 IN HANDLE ClientToken,
1960 IN PPRIVILEGE_SET Privileges,
1961 IN BOOLEAN AccessGranted
1962 );
1963
1964 NTSTATUS
1965 STDCALL
1966 ZwPrivilegedServiceAuditAlarm(
1967 IN PUNICODE_STRING SubsystemName,
1968 IN PUNICODE_STRING ServiceName,
1969 IN HANDLE ClientToken,
1970 IN PPRIVILEGE_SET Privileges,
1971 IN BOOLEAN AccessGranted
1972 );
1973
1974 NTSTATUS
1975 STDCALL
1976 NtPrivilegeObjectAuditAlarm(
1977 IN PUNICODE_STRING SubsystemName,
1978 IN PVOID HandleId,
1979 IN HANDLE ClientToken,
1980 IN ULONG DesiredAccess,
1981 IN PPRIVILEGE_SET Privileges,
1982 IN BOOLEAN AccessGranted
1983 );
1984
1985 NTSTATUS
1986 STDCALL
1987 ZwPrivilegeObjectAuditAlarm(
1988 IN PUNICODE_STRING SubsystemName,
1989 IN PVOID HandleId,
1990 IN HANDLE ClientToken,
1991 IN ULONG DesiredAccess,
1992 IN PPRIVILEGE_SET Privileges,
1993 IN BOOLEAN AccessGranted
1994 );
1995
1996 /*
1997 * FUNCTION: Entry point for native applications
1998 * ARGUMENTS:
1999 * Peb = Pointes to the Process Environment Block (PEB)
2000 * REMARKS:
2001 * Native applications should use this function instead of a main.
2002 * Calling proces should terminate itself.
2003 * RETURNS: Status
2004 */
2005 VOID STDCALL
2006 NtProcessStartup(
2007 IN PPEB Peb
2008 );
2009
2010
2011 /*
2012 * FUNCTION: Signals an event and resets it afterwards.
2013 * ARGUMENTS:
2014 * EventHandle = Handle to the event
2015 * PulseCount = Number of times the action is repeated
2016 * RETURNS: Status
2017 */
2018 NTSTATUS
2019 STDCALL
2020 NtPulseEvent(
2021 IN HANDLE EventHandle,
2022 IN PULONG PulseCount OPTIONAL
2023 );
2024
2025 NTSTATUS
2026 STDCALL
2027 ZwPulseEvent(
2028 IN HANDLE EventHandle,
2029 IN PULONG PulseCount OPTIONAL
2030 );
2031
2032 /*
2033 * FUNCTION: Queries the attributes of a file
2034 * ARGUMENTS:
2035 * ObjectAttributes = Initialized attributes for the object
2036 * Buffer = Caller supplies storage for the attributes
2037 * RETURNS: Status
2038 */
2039
2040 NTSTATUS STDCALL
2041 NtQueryAttributesFile(IN POBJECT_ATTRIBUTES ObjectAttributes,
2042 OUT PFILE_BASIC_INFORMATION FileInformation);
2043
2044 NTSTATUS STDCALL
2045 ZwQueryAttributesFile(IN POBJECT_ATTRIBUTES ObjectAttributes,
2046 OUT PFILE_BASIC_INFORMATION FileInformation);
2047
2048 /*
2049 * FUNCTION: Queries the default locale id
2050 * ARGUMENTS:
2051 * UserProfile = Type of locale id
2052 * TRUE: thread locale id
2053 * FALSE: system locale id
2054 * DefaultLocaleId = Caller supplies storage for the locale id
2055 * RETURNS: Status
2056 */
2057
2058 NTSTATUS
2059 STDCALL
2060 NtQueryDefaultLocale(
2061 IN BOOLEAN UserProfile,
2062 OUT PLCID DefaultLocaleId
2063 );
2064
2065 NTSTATUS
2066 STDCALL
2067 ZwQueryDefaultLocale(
2068 IN BOOLEAN UserProfile,
2069 OUT PLCID DefaultLocaleId
2070 );
2071
2072 /*
2073 * FUNCTION: Queries a directory file.
2074 * ARGUMENTS:
2075 * FileHandle = Handle to a directory file
2076 * EventHandle = Handle to the event signaled on completion
2077 * ApcRoutine = Asynchroneous procedure callback, called on completion
2078 * ApcContext = Argument to the apc.
2079 * IoStatusBlock = Caller supplies storage for extended status information.
2080 * FileInformation = Caller supplies storage for the resulting information.
2081 *
2082 * FileNameInformation FILE_NAMES_INFORMATION
2083 * FileDirectoryInformation FILE_DIRECTORY_INFORMATION
2084 * FileFullDirectoryInformation FILE_FULL_DIRECTORY_INFORMATION
2085 * FileBothDirectoryInformation FILE_BOTH_DIR_INFORMATION
2086 *
2087 * Length = Size of the storage supplied
2088 * FileInformationClass = Indicates the type of information requested.
2089 * ReturnSingleEntry = Specify true if caller only requests the first directory found.
2090 * FileName = Initial directory name to query, that may contain wild cards.
2091 * RestartScan = Number of times the action should be repeated
2092 * RETURNS: Status [ STATUS_SUCCESS, STATUS_ACCESS_DENIED, STATUS_INSUFFICIENT_RESOURCES,
2093 * STATUS_INVALID_PARAMETER, STATUS_INVALID_DEVICE_REQUEST, STATUS_BUFFER_OVERFLOW,
2094 * STATUS_INVALID_INFO_CLASS, STATUS_NO_SUCH_FILE, STATUS_NO_MORE_FILES ]
2095 */
2096
2097 NTSTATUS
2098 STDCALL
2099 NtQueryDirectoryFile(
2100 IN HANDLE FileHandle,
2101 IN HANDLE Event OPTIONAL,
2102 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
2103 IN PVOID ApcContext OPTIONAL,
2104 OUT PIO_STATUS_BLOCK IoStatusBlock,
2105 OUT PVOID FileInformation,
2106 IN ULONG Length,
2107 IN FILE_INFORMATION_CLASS FileInformationClass,
2108 IN BOOLEAN ReturnSingleEntry,
2109 IN PUNICODE_STRING FileName OPTIONAL,
2110 IN BOOLEAN RestartScan
2111 );
2112
2113 NTSTATUS
2114 STDCALL
2115 ZwQueryDirectoryFile(
2116 IN HANDLE FileHandle,
2117 IN HANDLE Event OPTIONAL,
2118 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
2119 IN PVOID ApcContext OPTIONAL,
2120 OUT PIO_STATUS_BLOCK IoStatusBlock,
2121 OUT PVOID FileInformation,
2122 IN ULONG Length,
2123 IN FILE_INFORMATION_CLASS FileInformationClass,
2124 IN BOOLEAN ReturnSingleEntry,
2125 IN PUNICODE_STRING FileName OPTIONAL,
2126 IN BOOLEAN RestartScan
2127 );
2128
2129 /*
2130 * FUNCTION: Queries the extended attributes of a file
2131 * ARGUMENTS:
2132 * FileHandle = Handle to the event
2133 * IoStatusBlock = Number of times the action is repeated
2134 * Buffer
2135 * Length
2136 * ReturnSingleEntry
2137 * EaList
2138 * EaListLength
2139 * EaIndex
2140 * RestartScan
2141 * RETURNS: Status
2142 */
2143
2144 NTSTATUS
2145 STDCALL
2146 NtQueryEaFile(
2147 IN HANDLE FileHandle,
2148 OUT PIO_STATUS_BLOCK IoStatusBlock,
2149 OUT PVOID Buffer,
2150 IN ULONG Length,
2151 IN BOOLEAN ReturnSingleEntry,
2152 IN PVOID EaList OPTIONAL,
2153 IN ULONG EaListLength,
2154 IN PULONG EaIndex OPTIONAL,
2155 IN BOOLEAN RestartScan
2156 );
2157
2158 NTSTATUS
2159 STDCALL
2160 ZwQueryEaFile(
2161 IN HANDLE FileHandle,
2162 OUT PIO_STATUS_BLOCK IoStatusBlock,
2163 OUT PVOID Buffer,
2164 IN ULONG Length,
2165 IN BOOLEAN ReturnSingleEntry,
2166 IN PVOID EaList OPTIONAL,
2167 IN ULONG EaListLength,
2168 IN PULONG EaIndex OPTIONAL,
2169 IN BOOLEAN RestartScan
2170 );
2171
2172 /*
2173 * FUNCTION: Queries an event
2174 * ARGUMENTS:
2175 * EventHandle = Handle to the event
2176 * EventInformationClass = Index of the information structure
2177
2178 EventBasicInformation EVENT_BASIC_INFORMATION
2179
2180 * EventInformation = Caller supplies storage for the information structure
2181 * EventInformationLength = Size of the information structure
2182 * ReturnLength = Data written
2183 * RETURNS: Status
2184 */
2185 NTSTATUS
2186 STDCALL
2187 NtQueryEvent(
2188 IN HANDLE EventHandle,
2189 IN EVENT_INFORMATION_CLASS EventInformationClass,
2190 OUT PVOID EventInformation,
2191 IN ULONG EventInformationLength,
2192 OUT PULONG ReturnLength
2193 );
2194 NTSTATUS
2195 STDCALL
2196 ZwQueryEvent(
2197 IN HANDLE EventHandle,
2198 IN EVENT_INFORMATION_CLASS EventInformationClass,
2199 OUT PVOID EventInformation,
2200 IN ULONG EventInformationLength,
2201 OUT PULONG ReturnLength
2202 );
2203
2204 NTSTATUS STDCALL
2205 NtQueryFullAttributesFile(IN POBJECT_ATTRIBUTES ObjectAttributes,
2206 OUT PFILE_NETWORK_OPEN_INFORMATION FileInformation);
2207
2208 NTSTATUS STDCALL
2209 ZwQueryFullAttributesFile(IN POBJECT_ATTRIBUTES ObjectAttributes,
2210 OUT PFILE_NETWORK_OPEN_INFORMATION FileInformation);
2211
2212 /*
2213 * FUNCTION: Queries the information of a file object.
2214 * ARGUMENTS:
2215 * FileHandle = Handle to the file object
2216 * IoStatusBlock = Caller supplies storage for extended information
2217 * on the current operation.
2218 * FileInformation = Storage for the new file information
2219 * Lenght = Size of the storage for the file information.
2220 * FileInformationClass = Indicates which file information is queried
2221
2222 FileDirectoryInformation FILE_DIRECTORY_INFORMATION
2223 FileFullDirectoryInformation FILE_FULL_DIRECTORY_INFORMATION
2224 FileBothDirectoryInformation FILE_BOTH_DIRECTORY_INFORMATION
2225 FileBasicInformation FILE_BASIC_INFORMATION
2226 FileStandardInformation FILE_STANDARD_INFORMATION
2227 FileInternalInformation FILE_INTERNAL_INFORMATION
2228 FileEaInformation FILE_EA_INFORMATION
2229 FileAccessInformation FILE_ACCESS_INFORMATION
2230 FileNameInformation FILE_NAME_INFORMATION
2231 FileRenameInformation FILE_RENAME_INFORMATION
2232 FileLinkInformation
2233 FileNamesInformation FILE_NAMES_INFORMATION
2234 FileDispositionInformation FILE_DISPOSITION_INFORMATION
2235 FilePositionInformation FILE_POSITION_INFORMATION
2236 FileFullEaInformation FILE_FULL_EA_INFORMATION
2237 FileModeInformation FILE_MODE_INFORMATION
2238 FileAlignmentInformation FILE_ALIGNMENT_INFORMATION
2239 FileAllInformation FILE_ALL_INFORMATION
2240
2241 FileEndOfFileInformation FILE_END_OF_FILE_INFORMATION
2242 FileAlternateNameInformation
2243 FileStreamInformation FILE_STREAM_INFORMATION
2244 FilePipeInformation
2245 FilePipeLocalInformation
2246 FilePipeRemoteInformation
2247 FileMailslotQueryInformation
2248 FileMailslotSetInformation
2249 FileCompressionInformation FILE_COMPRESSION_INFORMATION
2250 FileCopyOnWriteInformation
2251 FileCompletionInformation IO_COMPLETION_CONTEXT
2252 FileMoveClusterInformation
2253 FileOleClassIdInformation
2254 FileOleStateBitsInformation
2255 FileNetworkOpenInformation FILE_NETWORK_OPEN_INFORMATION
2256 FileObjectIdInformation
2257 FileOleAllInformation
2258 FileOleDirectoryInformation
2259 FileContentIndexInformation
2260 FileInheritContentIndexInformation
2261 FileOleInformation
2262 FileMaximumInformation
2263
2264 * REMARK:
2265 * This procedure maps to the win32 GetShortPathName, GetLongPathName,
2266 GetFullPathName, GetFileType, GetFileSize, GetFileTime functions.
2267 * RETURNS: Status
2268 */
2269 NTSTATUS
2270 STDCALL
2271 NtQueryInformationFile(
2272 IN HANDLE FileHandle,
2273 OUT PIO_STATUS_BLOCK IoStatusBlock,
2274 OUT PVOID FileInformation,
2275 IN ULONG Length,
2276 IN FILE_INFORMATION_CLASS FileInformationClass
2277 );
2278
2279 NTSTATUS
2280 STDCALL
2281 ZwQueryInformationFile(
2282 HANDLE FileHandle,
2283 PIO_STATUS_BLOCK IoStatusBlock,
2284 PVOID FileInformation,
2285 ULONG Length,
2286 FILE_INFORMATION_CLASS FileInformationClass
2287 );
2288
2289
2290 /*
2291 * FUNCTION: Queries the information of a thread object.
2292 * ARGUMENTS:
2293 * ThreadHandle = Handle to the thread object
2294 * ThreadInformationClass = Index to a certain information structure
2295
2296 ThreadBasicInformation THREAD_BASIC_INFORMATION
2297 ThreadTimes KERNEL_USER_TIMES
2298 ThreadPriority KPRIORITY
2299 ThreadBasePriority KPRIORITY
2300 ThreadAffinityMask KAFFINITY
2301 ThreadImpersonationToken
2302 ThreadDescriptorTableEntry
2303 ThreadEnableAlignmentFaultFixup
2304 ThreadEventPair
2305 ThreadQuerySetWin32StartAddress
2306 ThreadZeroTlsCell
2307 ThreadPerformanceCount
2308 ThreadAmILastThread BOOLEAN
2309 ThreadIdealProcessor ULONG
2310 ThreadPriorityBoost ULONG
2311 MaxThreadInfoClass
2312
2313
2314 * ThreadInformation = Caller supplies torage for the thread information
2315 * ThreadInformationLength = Size of the thread information structure
2316 * ReturnLength = Actual number of bytes written
2317
2318 * REMARK:
2319 * This procedure maps to the win32 GetThreadTimes, GetThreadPriority,
2320 GetThreadPriorityBoost functions.
2321 * RETURNS: Status
2322 */
2323
2324
2325 NTSTATUS
2326 STDCALL
2327 NtQueryInformationThread(
2328 IN HANDLE ThreadHandle,
2329 IN THREADINFOCLASS ThreadInformationClass,
2330 OUT PVOID ThreadInformation,
2331 IN ULONG ThreadInformationLength,
2332 OUT PULONG ReturnLength
2333 );
2334
2335
2336 NTSTATUS
2337 STDCALL
2338 NtQueryInformationToken(
2339 IN HANDLE TokenHandle,
2340 IN TOKEN_INFORMATION_CLASS TokenInformationClass,
2341 OUT PVOID TokenInformation,
2342 IN ULONG TokenInformationLength,
2343 OUT PULONG ReturnLength
2344 );
2345
2346 NTSTATUS
2347 STDCALL
2348 ZwQueryInformationToken(
2349 IN HANDLE TokenHandle,
2350 IN TOKEN_INFORMATION_CLASS TokenInformationClass,
2351 OUT PVOID TokenInformation,
2352 IN ULONG TokenInformationLength,
2353 OUT PULONG ReturnLength
2354 );
2355
2356 NTSTATUS
2357 STDCALL
2358 NtQueryIoCompletion(
2359 IN HANDLE IoCompletionHandle,
2360 IN IO_COMPLETION_INFORMATION_CLASS IoCompletionInformationClass,
2361 OUT PVOID IoCompletionInformation,
2362 IN ULONG IoCompletionInformationLength,
2363 OUT PULONG ResultLength OPTIONAL
2364 );
2365
2366 NTSTATUS
2367 STDCALL
2368 ZwQueryIoCompletion(
2369 IN HANDLE IoCompletionHandle,
2370 IN IO_COMPLETION_INFORMATION_CLASS IoCompletionInformationClass,
2371 OUT PVOID IoCompletionInformation,
2372 IN ULONG IoCompletionInformationLength,
2373 OUT PULONG ResultLength OPTIONAL
2374 );
2375
2376 /*
2377 * FUNCTION: Queries the information of a registry key object.
2378 * ARGUMENTS:
2379 KeyHandle = Handle to a registry key
2380 KeyInformationClass = Index to a certain information structure
2381 KeyInformation = Caller supplies storage for resulting information
2382 Length = Size of the supplied storage
2383 ResultLength = Bytes written
2384 */
2385 NTSTATUS
2386 STDCALL
2387 NtQueryKey(
2388 IN HANDLE KeyHandle,
2389 IN KEY_INFORMATION_CLASS KeyInformationClass,
2390 OUT PVOID KeyInformation,
2391 IN ULONG Length,
2392 OUT PULONG ResultLength
2393 );
2394
2395 NTSTATUS
2396 STDCALL
2397 ZwQueryKey(
2398 IN HANDLE KeyHandle,
2399 IN KEY_INFORMATION_CLASS KeyInformationClass,
2400 OUT PVOID KeyInformation,
2401 IN ULONG Length,
2402 OUT PULONG ResultLength
2403 );
2404
2405
2406 // draft
2407
2408 NTSTATUS
2409 STDCALL
2410 NtQueryMultipleValueKey(
2411 IN HANDLE KeyHandle,
2412 IN OUT PKEY_VALUE_ENTRY ValueList,
2413 IN ULONG NumberOfValues,
2414 OUT PVOID Buffer,
2415 IN OUT PULONG Length,
2416 OUT PULONG ReturnLength
2417 );
2418
2419 NTSTATUS
2420 STDCALL
2421 ZwQueryMultipleValueKey(
2422 IN HANDLE KeyHandle,
2423 IN OUT PKEY_VALUE_ENTRY ValueList,
2424 IN ULONG NumberOfValues,
2425 OUT PVOID Buffer,
2426 IN OUT PULONG Length,
2427 OUT PULONG ReturnLength
2428 );
2429
2430 /*
2431 * FUNCTION: Queries the information of a mutant object.
2432 * ARGUMENTS:
2433 MutantHandle = Handle to a mutant
2434 MutantInformationClass = Index to a certain information structure
2435 MutantInformation = Caller supplies storage for resulting information
2436 Length = Size of the supplied storage
2437 ResultLength = Bytes written
2438 */
2439 NTSTATUS
2440 STDCALL
2441 NtQueryMutant(
2442 IN HANDLE MutantHandle,
2443 IN CINT MutantInformationClass,
2444 OUT PVOID MutantInformation,
2445 IN ULONG Length,
2446 OUT PULONG ResultLength
2447 );
2448
2449 NTSTATUS
2450 STDCALL
2451 ZwQueryMutant(
2452 IN HANDLE MutantHandle,
2453 IN CINT MutantInformationClass,
2454 OUT PVOID MutantInformation,
2455 IN ULONG Length,
2456 OUT PULONG ResultLength
2457 );
2458
2459 /*
2460 * FUNCTION: Queries the system ( high-resolution ) performance counter.
2461 * ARGUMENTS:
2462 * Counter = Performance counter
2463 * Frequency = Performance frequency
2464 * REMARKS:
2465 This procedure queries a tick count faster than 10ms ( The resolution for IntelĀ®-based CPUs is about 0.8 microseconds.)
2466 This procedure maps to the win32 QueryPerformanceCounter, QueryPerformanceFrequency
2467 * RETURNS: Status
2468 *
2469 */
2470 NTSTATUS
2471 STDCALL
2472 NtQueryPerformanceCounter(
2473 IN PLARGE_INTEGER Counter,
2474 IN PLARGE_INTEGER Frequency
2475 );
2476
2477 NTSTATUS
2478 STDCALL
2479 ZwQueryPerformanceCounter(
2480 IN PLARGE_INTEGER Counter,
2481 IN PLARGE_INTEGER Frequency
2482 );
2483
2484 /*
2485 * FUNCTION: Queries the information of a semaphore.
2486 * ARGUMENTS:
2487 * SemaphoreHandle = Handle to the semaphore object
2488 * SemaphoreInformationClass = Index to a certain information structure
2489
2490 SemaphoreBasicInformation SEMAPHORE_BASIC_INFORMATION
2491
2492 * SemaphoreInformation = Caller supplies storage for the semaphore information structure
2493 * Length = Size of the infomation structure
2494 */
2495 NTSTATUS
2496 STDCALL
2497 NtQuerySemaphore(
2498 IN HANDLE SemaphoreHandle,
2499 IN SEMAPHORE_INFORMATION_CLASS SemaphoreInformationClass,
2500 OUT PVOID SemaphoreInformation,
2501 IN ULONG Length,
2502 OUT PULONG ReturnLength
2503 );
2504
2505 NTSTATUS
2506 STDCALL
2507 ZwQuerySemaphore(
2508 IN HANDLE SemaphoreHandle,
2509 IN SEMAPHORE_INFORMATION_CLASS SemaphoreInformationClass,
2510 OUT PVOID SemaphoreInformation,
2511 IN ULONG Length,
2512 OUT PULONG ReturnLength
2513 );
2514
2515
2516 /*
2517 * FUNCTION: Queries the information of a symbolic link object.
2518 * ARGUMENTS:
2519 * SymbolicLinkHandle = Handle to the symbolic link object
2520 * LinkTarget = resolved name of link
2521 * DataWritten = size of the LinkName.
2522 * RETURNS: Status
2523 *
2524 */
2525 NTSTATUS
2526 STDCALL
2527 NtQuerySymbolicLinkObject(
2528 IN HANDLE SymLinkObjHandle,
2529 OUT PUNICODE_STRING LinkTarget,
2530 OUT PULONG DataWritten OPTIONAL
2531 );
2532
2533 NTSTATUS
2534 STDCALL
2535 ZwQuerySymbolicLinkObject(
2536 IN HANDLE SymLinkObjHandle,
2537 OUT PUNICODE_STRING LinkName,
2538 OUT PULONG DataWritten OPTIONAL
2539 );
2540
2541
2542 /*
2543 * FUNCTION: Queries a system environment variable.
2544 * ARGUMENTS:
2545 * Name = Name of the variable
2546 * Value (OUT) = value of the variable
2547 * Length = size of the buffer
2548 * ReturnLength = data written
2549 * RETURNS: Status
2550 *
2551 */
2552 NTSTATUS
2553 STDCALL
2554 NtQuerySystemEnvironmentValue(
2555 IN PUNICODE_STRING Name,
2556 OUT PVOID Value,
2557 ULONG Length,
2558 PULONG ReturnLength
2559 );
2560
2561 NTSTATUS
2562 STDCALL
2563 ZwQuerySystemEnvironmentValue(
2564 IN PUNICODE_STRING Name,
2565 OUT PVOID Value,
2566 ULONG Length,
2567 PULONG ReturnLength
2568 );
2569
2570
2571 /*
2572 * FUNCTION: Queries the system information.
2573 * ARGUMENTS:
2574 * SystemInformationClass = Index to a certain information structure
2575
2576 SystemTimeAdjustmentInformation SYSTEM_TIME_ADJUSTMENT
2577 SystemCacheInformation SYSTEM_CACHE_INFORMATION
2578 SystemConfigurationInformation CONFIGURATION_INFORMATION
2579
2580 * SystemInformation = caller supplies storage for the information structure
2581 * Length = size of the structure
2582 ResultLength = Data written
2583 * RETURNS: Status
2584 *
2585 */
2586 NTSTATUS
2587 STDCALL
2588 NtQuerySystemInformation(
2589 IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
2590 OUT PVOID SystemInformation,
2591 IN ULONG Length,
2592 OUT PULONG ResultLength
2593 );
2594
2595 NTSTATUS
2596 STDCALL
2597 ZwQuerySystemInformation(
2598 IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
2599 OUT PVOID SystemInformation,
2600 IN ULONG Length,
2601 OUT PULONG ResultLength
2602 );
2603
2604 /*
2605 * FUNCTION: Queries information about a timer
2606 * ARGUMENTS:
2607 * TimerHandle = Handle to the timer
2608 TimerValueInformationClass = Index to a certain information structure
2609 TimerValueInformation = Caller supplies storage for the information structure
2610 Length = Size of the information structure
2611 ResultLength = Data written
2612 * RETURNS: Status
2613 *
2614 */
2615 NTSTATUS
2616 STDCALL
2617 NtQueryTimer(
2618 IN HANDLE TimerHandle,
2619 IN CINT TimerInformationClass,
2620 OUT PVOID TimerInformation,
2621 IN ULONG Length,
2622 OUT PULONG ResultLength
2623 );
2624 NTSTATUS
2625 STDCALL
2626 ZwQueryTimer(
2627 IN HANDLE TimerHandle,
2628 IN CINT TimerInformationClass,
2629 OUT PVOID TimerInformation,
2630 IN ULONG Length,
2631 OUT PULONG ResultLength
2632 );
2633
2634 /*
2635 * FUNCTION: Queries the timer resolution
2636 * ARGUMENTS:
2637 * MinimumResolution (OUT) = Caller should supply storage for the resulting time.
2638 Maximum Resolution (OUT) = Caller should supply storage for the resulting time.
2639 ActualResolution (OUT) = Caller should supply storage for the resulting time.
2640 * RETURNS: Status
2641 *
2642 */
2643
2644
2645 NTSTATUS
2646 STDCALL
2647 NtQueryTimerResolution (
2648 OUT PULONG MinimumResolution,
2649 OUT PULONG MaximumResolution,
2650 OUT PULONG ActualResolution
2651 );
2652
2653 NTSTATUS
2654 STDCALL
2655 ZwQueryTimerResolution (
2656 OUT PULONG MinimumResolution,
2657 OUT PULONG MaximumResolution,
2658 OUT PULONG ActualResolution
2659 );
2660
2661 /*
2662 * FUNCTION: Queries a registry key value
2663 * ARGUMENTS:
2664 * KeyHandle = Handle to the registry key
2665 ValueName = Name of the value in the registry key
2666 KeyValueInformationClass = Index to a certain information structure
2667
2668 KeyValueBasicInformation = KEY_VALUE_BASIC_INFORMATION
2669 KeyValueFullInformation = KEY_FULL_INFORMATION
2670 KeyValuePartialInformation = KEY_VALUE_PARTIAL_INFORMATION
2671
2672 KeyValueInformation = Caller supplies storage for the information structure
2673 Length = Size of the information structure
2674 ResultLength = Data written
2675 * RETURNS: Status
2676 *
2677 */
2678 NTSTATUS
2679 STDCALL
2680 NtQueryValueKey(
2681 IN HANDLE KeyHandle,
2682 IN PUNICODE_STRING ValueName,
2683 IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass,
2684 OUT PVOID KeyValueInformation,
2685 IN ULONG Length,
2686 OUT PULONG ResultLength
2687 );
2688
2689 NTSTATUS
2690 STDCALL
2691 ZwQueryValueKey(
2692 IN HANDLE KeyHandle,
2693 IN PUNICODE_STRING ValueName,
2694 IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass,
2695 OUT PVOID KeyValueInformation,
2696 IN ULONG Length,
2697 OUT PULONG ResultLength
2698 );
2699
2700 /*
2701 * FUNCTION: Queries the volume information
2702 * ARGUMENTS:
2703 * FileHandle = Handle to a file object on the target volume
2704 * IoStatusBlock = Caller should supply storage for additional status information
2705 * ReturnLength = DataWritten
2706 * FsInformation = Caller should supply storage for the information structure.
2707 * Length = Size of the information structure
2708 * FsInformationClass = Index to a information structure
2709
2710 FileFsVolumeInformation FILE_FS_VOLUME_INFORMATION
2711 FileFsLabelInformation FILE_FS_LABEL_INFORMATION
2712 FileFsSizeInformation FILE_FS_SIZE_INFORMATION
2713 FileFsDeviceInformation FILE_FS_DEVICE_INFORMATION
2714 FileFsAttributeInformation FILE_FS_ATTRIBUTE_INFORMATION
2715 FileFsControlInformation
2716 FileFsQuotaQueryInformation --
2717 FileFsQuotaSetInformation --
2718 FileFsMaximumInformation
2719
2720 * RETURNS: Status [ STATUS_SUCCESS | STATUS_INSUFFICIENT_RESOURCES | STATUS_INVALID_PARAMETER |
2721 STATUS_INVALID_DEVICE_REQUEST | STATUS_BUFFER_OVERFLOW ]
2722 *
2723 */
2724 NTSTATUS
2725 STDCALL
2726 NtQueryVolumeInformationFile(
2727 IN HANDLE FileHandle,
2728 OUT PIO_STATUS_BLOCK IoStatusBlock,
2729 OUT PVOID FsInformation,
2730 IN ULONG Length,
2731 IN FS_INFORMATION_CLASS FsInformationClass
2732 );
2733
2734 NTSTATUS
2735 STDCALL
2736 ZwQueryVolumeInformationFile(
2737 IN HANDLE FileHandle,
2738 OUT PIO_STATUS_BLOCK IoStatusBlock,
2739 OUT PVOID FsInformation,
2740 IN ULONG Length,
2741 IN FS_INFORMATION_CLASS FsInformationClass
2742 );
2743 // draft
2744 // FIXME: Should I specify if the apc is user or kernel mode somewhere ??
2745 /*
2746 * FUNCTION: Queues a (user) apc to a thread.
2747 * ARGUMENTS:
2748 ThreadHandle = Thread to which the apc is queued.
2749 ApcRoutine = Points to the apc routine
2750 NormalContext = Argument to Apc Routine
2751 * SystemArgument1 = Argument of the Apc Routine
2752 SystemArgument2 = Argument of the Apc Routine
2753 * REMARK: If the apc is queued against a thread of a different process than the calling thread
2754 the apc routine should be specified in the address space of the queued thread's process.
2755 * RETURNS: Status
2756 */
2757
2758 NTSTATUS
2759 STDCALL
2760 NtQueueApcThread(
2761 HANDLE ThreadHandle,
2762 PKNORMAL_ROUTINE ApcRoutine,
2763 PVOID NormalContext,
2764 PVOID SystemArgument1,
2765 PVOID SystemArgument2);
2766
2767 NTSTATUS
2768 STDCALL
2769 ZwQueueApcThread(
2770 HANDLE ThreadHandle,
2771 PKNORMAL_ROUTINE ApcRoutine,
2772 PVOID NormalContext,
2773 PVOID SystemArgument1,
2774 PVOID SystemArgument2);
2775
2776
2777 /*
2778 * FUNCTION: Raises an exception
2779 * ARGUMENTS:
2780 * ExceptionRecord = Structure specifying the exception
2781 * Context = Context in which the excpetion is raised
2782 * IsDebugger =
2783 * RETURNS: Status
2784 *
2785 */
2786
2787 NTSTATUS
2788 STDCALL
2789 NtRaiseException(
2790 IN PEXCEPTION_RECORD ExceptionRecord,
2791 IN PCONTEXT Context,
2792 IN BOOLEAN SearchFrames
2793 );
2794
2795 NTSTATUS
2796 STDCALL
2797 ZwRaiseException(
2798 IN PEXCEPTION_RECORD ExceptionRecord,
2799 IN PCONTEXT Context,
2800 IN BOOLEAN SearchFrames
2801 );
2802
2803 /*
2804 * FUNCTION: Read a file
2805 * ARGUMENTS:
2806 * FileHandle = Handle of a file to read
2807 * Event = This event is signalled when the read operation completes
2808 * UserApcRoutine = Call back , if supplied Event should be NULL
2809 * UserApcContext = Argument to the callback
2810 * IoStatusBlock = Caller should supply storage for additional status information
2811 * Buffer = Caller should supply storage to receive the information
2812 * BufferLength = Size of the buffer
2813 * ByteOffset = Offset to start reading the file
2814 * Key = If a range is lock a matching key will allow the read to continue.
2815 * RETURNS: Status
2816 *
2817 */
2818
2819 NTSTATUS
2820 STDCALL
2821 NtReadFile(
2822 IN HANDLE FileHandle,
2823 IN HANDLE Event OPTIONAL,
2824 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL,
2825 IN PVOID UserApcContext OPTIONAL,
2826 OUT PIO_STATUS_BLOCK IoStatusBlock,
2827 OUT PVOID Buffer,
2828 IN ULONG BufferLength,
2829 IN PLARGE_INTEGER ByteOffset OPTIONAL,
2830 IN PULONG Key OPTIONAL
2831 );
2832
2833 NTSTATUS
2834 STDCALL
2835 ZwReadFile(
2836 IN HANDLE FileHandle,
2837 IN HANDLE Event OPTIONAL,
2838 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL,
2839 IN PVOID UserApcContext OPTIONAL,
2840 OUT PIO_STATUS_BLOCK IoStatusBlock,
2841 OUT PVOID Buffer,
2842 IN ULONG BufferLength,
2843 IN PLARGE_INTEGER ByteOffset OPTIONAL,
2844 IN PULONG Key OPTIONAL
2845 );
2846 /*
2847 * FUNCTION: Read a file using scattered io
2848 * ARGUMENTS:
2849 FileHandle = Handle of a file to read
2850 Event = This event is signalled when the read operation completes
2851 * UserApcRoutine = Call back , if supplied Event should be NULL
2852 UserApcContext = Argument to the callback
2853 IoStatusBlock = Caller should supply storage for additional status information
2854 BufferDescription = Caller should supply storage to receive the information
2855 BufferLength = Size of the buffer
2856 ByteOffset = Offset to start reading the file
2857 Key = Key = If a range is lock a matching key will allow the read to continue.
2858 * RETURNS: Status
2859 *
2860 */
2861 NTSTATUS
2862 STDCALL
2863 NtReadFileScatter(
2864 IN HANDLE FileHandle,
2865 IN HANDLE Event OPTIONAL,
2866 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL,
2867 IN PVOID UserApcContext OPTIONAL,
2868 OUT PIO_STATUS_BLOCK UserIoStatusBlock,
2869 IN FILE_SEGMENT_ELEMENT BufferDescription[],
2870 IN ULONG BufferLength,
2871 IN PLARGE_INTEGER ByteOffset,
2872 IN PULONG Key OPTIONAL
2873 );
2874
2875 NTSTATUS
2876 STDCALL
2877 ZwReadFileScatter(
2878 IN HANDLE FileHandle,
2879 IN HANDLE Event OPTIONAL,
2880 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL,
2881 IN PVOID UserApcContext OPTIONAL,
2882 OUT PIO_STATUS_BLOCK UserIoStatusBlock,
2883 IN FILE_SEGMENT_ELEMENT BufferDescription[],
2884 IN ULONG BufferLength,
2885 IN PLARGE_INTEGER ByteOffset,
2886 IN PULONG Key OPTIONAL
2887 );
2888 /*
2889 * FUNCTION: Copies a range of virtual memory to a buffer
2890 * ARGUMENTS:
2891 * ProcessHandle = Specifies the process owning the virtual address space
2892 * BaseAddress = Points to the address of virtual memory to start the read
2893 * Buffer = Caller supplies storage to copy the virtual memory to.
2894 * NumberOfBytesToRead = Limits the range to read
2895 * NumberOfBytesRead = The actual number of bytes read.
2896 * RETURNS: Status
2897 */
2898
2899 NTSTATUS
2900 STDCALL
2901 NtReadVirtualMemory(
2902 IN HANDLE ProcessHandle,
2903 IN PVOID BaseAddress,
2904 OUT PVOID Buffer,
2905 IN ULONG NumberOfBytesToRead,
2906 OUT PULONG NumberOfBytesRead
2907 );
2908 NTSTATUS
2909 STDCALL
2910 ZwReadVirtualMemory(
2911 IN HANDLE ProcessHandle,
2912 IN PVOID BaseAddress,
2913 OUT PVOID Buffer,
2914 IN ULONG NumberOfBytesToRead,
2915 OUT PULONG NumberOfBytesRead
2916 );
2917
2918
2919 /*
2920 * FUNCTION: Debugger can register for thread termination
2921 * ARGUMENTS:
2922 * TerminationPort = Port on which the debugger likes to be notified.
2923 * RETURNS: Status
2924 */
2925 NTSTATUS
2926 STDCALL
2927 NtRegisterThreadTerminatePort(
2928 HANDLE TerminationPort
2929 );
2930 NTSTATUS
2931 STDCALL
2932 ZwRegisterThreadTerminatePort(
2933 HANDLE TerminationPort
2934 );
2935
2936 /*
2937 * FUNCTION: Releases a mutant
2938 * ARGUMENTS:
2939 * MutantHandle = Handle to the mutant
2940 * ReleaseCount =
2941 * RETURNS: Status
2942 */
2943 NTSTATUS
2944 STDCALL
2945 NtReleaseMutant(
2946 IN HANDLE MutantHandle,
2947 IN PULONG ReleaseCount OPTIONAL
2948 );
2949
2950 NTSTATUS
2951 STDCALL
2952 ZwReleaseMutant(
2953 IN HANDLE MutantHandle,
2954 IN PULONG ReleaseCount OPTIONAL
2955 );
2956
2957 /*
2958 * FUNCTION: Releases a semaphore
2959 * ARGUMENTS:
2960 * SemaphoreHandle = Handle to the semaphore object
2961 * ReleaseCount = Number to decrease the semaphore count
2962 * PreviousCount = Previous semaphore count
2963 * RETURNS: Status
2964 */
2965 NTSTATUS
2966 STDCALL
2967 NtReleaseSemaphore(
2968 IN HANDLE SemaphoreHandle,
2969 IN LONG ReleaseCount,
2970 OUT PLONG PreviousCount
2971 );
2972
2973 NTSTATUS
2974 STDCALL
2975 ZwReleaseSemaphore(
2976 IN HANDLE SemaphoreHandle,
2977 IN LONG ReleaseCount,
2978 OUT PLONG PreviousCount
2979 );
2980
2981 /*
2982 * FUNCTION: Removes an io completion
2983 * ARGUMENTS:
2984 * CompletionPort (OUT) = Caller supplied storage for the resulting handle
2985 * CompletionKey = Requested access to the key
2986 * IoStatusBlock = Caller provides storage for extended status information
2987 * CompletionStatus = Current status of the io operation.
2988 * WaitTime = Time to wait if ..
2989 * RETURNS: Status
2990 */
2991 NTSTATUS
2992 STDCALL
2993 NtRemoveIoCompletion(
2994 IN HANDLE IoCompletionHandle,
2995 OUT PULONG CompletionKey,
2996 OUT PULONG CompletionValue,
2997 OUT PIO_STATUS_BLOCK IoStatusBlock,
2998 IN PLARGE_INTEGER Timeout OPTIONAL
2999 );
3000
3001 NTSTATUS
3002 STDCALL
3003 ZwRemoveIoCompletion(
3004 IN HANDLE IoCompletionHandle,
3005 OUT PULONG CompletionKey,
3006 OUT PULONG CompletionValue,
3007 OUT PIO_STATUS_BLOCK IoStatusBlock,
3008 IN PLARGE_INTEGER Timeout OPTIONAL
3009 );
3010
3011 /*
3012 * FUNCTION: Replaces one registry key with another
3013 * ARGUMENTS:
3014 * ObjectAttributes = Specifies the attributes of the key
3015 * Key = Handle to the key
3016 * ReplacedObjectAttributes = The function returns the old object attributes
3017 * RETURNS: Status
3018 */
3019 NTSTATUS
3020 STDCALL
3021 NtReplaceKey(
3022 IN POBJECT_ATTRIBUTES ObjectAttributes,
3023 IN HANDLE Key,
3024 IN POBJECT_ATTRIBUTES ReplacedObjectAttributes
3025 );
3026 NTSTATUS
3027 STDCALL
3028 ZwReplaceKey(
3029 IN POBJECT_ATTRIBUTES ObjectAttributes,
3030 IN HANDLE Key,
3031 IN POBJECT_ATTRIBUTES ReplacedObjectAttributes
3032 );
3033
3034 /*
3035 * FUNCTION: Resets a event to a non signaled state
3036 * ARGUMENTS:
3037 * EventHandle = Handle to the event that should be reset
3038 * NumberOfWaitingThreads = The number of threads released.
3039 * RETURNS: Status
3040 */
3041 NTSTATUS
3042 STDCALL
3043 NtResetEvent(
3044 HANDLE EventHandle,
3045 PULONG NumberOfWaitingThreads OPTIONAL
3046 );
3047 NTSTATUS
3048 STDCALL
3049 ZwResetEvent(
3050 HANDLE EventHandle,
3051 PULONG NumberOfWaitingThreads OPTIONAL
3052 );
3053 //draft
3054 NTSTATUS
3055 STDCALL
3056 NtRestoreKey(
3057 HANDLE KeyHandle,
3058 HANDLE FileHandle,
3059 ULONG RestoreFlags
3060 );
3061
3062 NTSTATUS
3063 STDCALL
3064 ZwRestoreKey(
3065 HANDLE KeyHandle,
3066 HANDLE FileHandle,
3067 ULONG RestoreFlags
3068 );
3069 /*
3070 * FUNCTION: Decrements a thread's resume count
3071 * ARGUMENTS:
3072 * ThreadHandle = Handle to the thread that should be resumed
3073 * ResumeCount = The resulting resume count.
3074 * REMARK:
3075 * A thread is resumed if its suspend count is 0. This procedure maps to
3076 * the win32 ResumeThread function. ( documentation about the the suspend count can be found here aswell )
3077 * RETURNS: Status
3078 */
3079 NTSTATUS
3080 STDCALL
3081 NtResumeThread(
3082 IN HANDLE ThreadHandle,
3083 OUT PULONG SuspendCount
3084 );
3085 NTSTATUS
3086 STDCALL
3087 ZwResumeThread(
3088 IN HANDLE ThreadHandle,
3089 OUT PULONG SuspendCount
3090 );
3091 /*
3092 * FUNCTION: Writes the content of a registry key to ascii file
3093 * ARGUMENTS:
3094 * KeyHandle = Handle to the key
3095 * FileHandle = Handle of the file
3096 * REMARKS:
3097 This function maps to the Win32 RegSaveKey.
3098 * RETURNS: Status
3099 */
3100
3101 NTSTATUS
3102 STDCALL
3103 NtSaveKey(
3104 IN HANDLE KeyHandle,
3105 IN HANDLE FileHandle
3106 );
3107 NTSTATUS
3108 STDCALL
3109 ZwSaveKey(
3110 IN HANDLE KeyHandle,
3111 IN HANDLE FileHandle
3112 );
3113
3114 /*
3115 * FUNCTION: Sets the context of a specified thread.
3116 * ARGUMENTS:
3117 * ThreadHandle = Handle to the thread
3118 * Context = The processor context.
3119 * RETURNS: Status
3120 */
3121
3122 NTSTATUS
3123 STDCALL
3124 NtSetContextThread(
3125 IN HANDLE ThreadHandle,
3126 IN PCONTEXT Context
3127 );
3128 NTSTATUS
3129 STDCALL
3130 ZwSetContextThread(
3131 IN HANDLE ThreadHandle,
3132 IN PCONTEXT Context
3133 );
3134
3135 /*
3136 * FUNCTION: Sets the default locale id
3137 * ARGUMENTS:
3138 * UserProfile = Type of locale id
3139 * TRUE: thread locale id
3140 * FALSE: system locale id
3141 * DefaultLocaleId = Locale id
3142 * RETURNS: Status
3143 */
3144
3145 NTSTATUS
3146 STDCALL
3147 NtSetDefaultLocale(
3148 IN BOOLEAN UserProfile,
3149 IN LCID DefaultLocaleId
3150 );
3151
3152 NTSTATUS
3153 STDCALL
3154 ZwSetDefaultLocale(
3155 IN BOOLEAN UserProfile,
3156 IN LCID DefaultLocaleId
3157 );
3158
3159 /*
3160 * FUNCTION: Sets the default hard error port
3161 * ARGUMENTS:
3162 * PortHandle = Handle to the port
3163 * NOTE: The hard error port is used for first change exception handling
3164 * RETURNS: Status
3165 */
3166 NTSTATUS
3167 STDCALL
3168 NtSetDefaultHardErrorPort(
3169 IN HANDLE PortHandle
3170 );
3171 NTSTATUS
3172 STDCALL
3173 ZwSetDefaultHardErrorPort(
3174 IN HANDLE PortHandle
3175 );
3176
3177 /*
3178 * FUNCTION: Sets the extended attributes of a file.
3179 * ARGUMENTS:
3180 * FileHandle = Handle to the file
3181 * IoStatusBlock = Storage for a resulting status and information
3182 * on the current operation.
3183 * EaBuffer = Extended Attributes buffer.
3184 * EaBufferSize = Size of the extended attributes buffer
3185 * RETURNS: Status
3186 */
3187 NTSTATUS
3188 STDCALL
3189 NtSetEaFile(
3190 IN HANDLE FileHandle,
3191 IN PIO_STATUS_BLOCK IoStatusBlock,
3192 PVOID EaBuffer,
3193 ULONG EaBufferSize
3194 );
3195 NTSTATUS
3196 STDCALL
3197 ZwSetEaFile(
3198 IN HANDLE FileHandle,
3199 IN PIO_STATUS_BLOCK IoStatusBlock,
3200 PVOID EaBuffer,
3201 ULONG EaBufferSize
3202 );
3203
3204 //FIXME: should I return the event state ?
3205
3206 /*
3207 * FUNCTION: Sets the event to a signalled state.
3208 * ARGUMENTS:
3209 * EventHandle = Handle to the event
3210 * NumberOfThreadsReleased = The number of threads released
3211 * REMARK:
3212 * This procedure maps to the win32 SetEvent function.
3213 * RETURNS: Status
3214 */
3215
3216 NTSTATUS
3217 STDCALL
3218 NtSetEvent(
3219 IN HANDLE EventHandle,
3220 PULONG NumberOfThreadsReleased
3221 );
3222
3223 NTSTATUS
3224 STDCALL
3225 ZwSetEvent(
3226 IN HANDLE EventHandle,
3227 PULONG NumberOfThreadsReleased
3228 );
3229
3230 /*
3231 * FUNCTION: Sets the high part of an event pair
3232 * ARGUMENTS:
3233 EventPair = Handle to the event pair
3234 * RETURNS: Status
3235 */
3236
3237 NTSTATUS
3238 STDCALL
3239 NtSetHighEventPair(
3240 IN HANDLE EventPairHandle
3241 );
3242
3243 NTSTATUS
3244 STDCALL
3245 ZwSetHighEventPair(
3246 IN HANDLE EventPairHandle
3247 );
3248 /*
3249 * FUNCTION: Sets the high part of an event pair and wait for the low part
3250 * ARGUMENTS:
3251 EventPair = Handle to the event pair
3252 * RETURNS: Status
3253 */
3254 NTSTATUS
3255 STDCALL
3256 NtSetHighWaitLowEventPair(
3257 IN HANDLE EventPairHandle
3258 );
3259 NTSTATUS
3260 STDCALL
3261 ZwSetHighWaitLowEventPair(
3262 IN HANDLE EventPairHandle
3263 );
3264
3265 /*
3266 * FUNCTION: Sets the information of a file object.
3267 * ARGUMENTS:
3268 * FileHandle = Handle to the file object
3269 * IoStatusBlock = Caller supplies storage for extended information
3270 * on the current operation.
3271 * FileInformation = Storage for the new file information
3272 * Lenght = Size of the new file information.
3273 * FileInformationClass = Indicates to a certain information structure
3274
3275 FileNameInformation FILE_NAME_INFORMATION
3276 FileRenameInformation FILE_RENAME_INFORMATION
3277 FileStreamInformation FILE_STREAM_INFORMATION
3278 * FileCompletionInformation IO_COMPLETION_CONTEXT
3279
3280 * REMARK:
3281 * This procedure maps to the win32 SetEndOfFile, SetFileAttributes,
3282 * SetNamedPipeHandleState, SetMailslotInfo functions.
3283 * RETURNS: Status
3284 */
3285
3286
3287 NTSTATUS
3288 STDCALL
3289 NtSetInformationFile(
3290 IN HANDLE FileHandle,
3291 IN PIO_STATUS_BLOCK IoStatusBlock,
3292 IN PVOID FileInformation,
3293 IN ULONG Length,
3294 IN FILE_INFORMATION_CLASS FileInformationClass
3295 );
3296 NTSTATUS
3297 STDCALL
3298 ZwSetInformationFile(
3299 IN HANDLE FileHandle,
3300 IN PIO_STATUS_BLOCK IoStatusBlock,
3301 IN PVOID FileInformation,
3302 IN ULONG Length,
3303 IN FILE_INFORMATION_CLASS FileInformationClass
3304 );
3305
3306 /*
3307 * FUNCTION: Changes a set of thread specific parameters
3308 * ARGUMENTS:
3309 * ThreadHandle = Handle to the thread
3310 * ThreadInformationClass = Index to the set of parameters to change.
3311 * Can be one of the following values:
3312 *
3313 * ThreadBasicInformation THREAD_BASIC_INFORMATION
3314 * ThreadPriority KPRIORITY //???
3315 * ThreadBasePriority KPRIORITY
3316 * ThreadAffinityMask KAFFINITY //??
3317 * ThreadImpersonationToken ACCESS_TOKEN
3318 * ThreadIdealProcessor ULONG
3319 * ThreadPriorityBoost ULONG
3320 *
3321 * ThreadInformation = Caller supplies storage for parameters to set.
3322 * ThreadInformationLength = Size of the storage supplied
3323 * RETURNS: Status
3324 */
3325 NTSTATUS
3326 STDCALL
3327 NtSetInformationThread(
3328 IN HANDLE ThreadHandle,
3329 IN THREADINFOCLASS ThreadInformationClass,
3330 IN PVOID ThreadInformation,
3331 IN ULONG ThreadInformationLength
3332 );
3333 NTSTATUS
3334 STDCALL
3335 ZwSetInformationThread(
3336 IN HANDLE ThreadHandle,
3337 IN THREADINFOCLASS ThreadInformationClass,
3338 IN PVOID ThreadInformation,
3339 IN ULONG ThreadInformationLength
3340 );
3341
3342 /*
3343 * FUNCTION: Changes a set of token specific parameters
3344 * ARGUMENTS:
3345 * TokenHandle = Handle to the token
3346 * TokenInformationClass = Index to a certain information structure.
3347 * Can be one of the following values:
3348 *
3349 TokenUser TOKEN_USER
3350 TokenGroups TOKEN_GROUPS
3351 TokenPrivileges TOKEN_PRIVILEGES
3352 TokenOwner TOKEN_OWNER
3353 TokenPrimaryGroup TOKEN_PRIMARY_GROUP
3354 TokenDefaultDacl TOKEN_DEFAULT_DACL
3355 TokenSource TOKEN_SOURCE
3356 TokenType TOKEN_TYPE
3357 TokenImpersonationLevel TOKEN_IMPERSONATION_LEVEL
3358 TokenStatistics TOKEN_STATISTICS
3359 *
3360 * TokenInformation = Caller supplies storage for information structure.
3361 * TokenInformationLength = Size of the information structure
3362 * RETURNS: Status
3363 */
3364
3365 NTSTATUS
3366 STDCALL
3367 NtSetInformationToken(
3368 IN HANDLE TokenHandle,
3369 IN TOKEN_INFORMATION_CLASS TokenInformationClass,
3370 OUT PVOID TokenInformation,
3371 IN ULONG TokenInformationLength
3372 );
3373
3374 NTSTATUS
3375 STDCALL
3376 ZwSetInformationToken(
3377 IN HANDLE TokenHandle,
3378 IN TOKEN_INFORMATION_CLASS TokenInformationClass,
3379 OUT PVOID TokenInformation,
3380 IN ULONG TokenInformationLength
3381 );
3382
3383
3384 /*
3385 * FUNCTION: Sets an io completion
3386 * ARGUMENTS:
3387 * CompletionPort =
3388 * CompletionKey =
3389 * IoStatusBlock =
3390 * NumberOfBytesToTransfer =
3391 * NumberOfBytesTransferred =
3392 * RETURNS: Status
3393 */
3394 NTSTATUS
3395 STDCALL
3396 NtSetIoCompletion(
3397 IN HANDLE IoCompletionPortHandle,
3398 IN ULONG CompletionKey,
3399 IN ULONG CompletionValue,
3400 IN NTSTATUS CompletionStatus,
3401 IN ULONG CompletionInformation
3402 );
3403
3404 NTSTATUS
3405 STDCALL
3406 ZwSetIoCompletion(
3407 IN HANDLE IoCompletionPortHandle,
3408 IN ULONG CompletionKey,
3409 IN ULONG CompletionValue,
3410 IN NTSTATUS CompletionStatus,
3411 IN ULONG CompletionInformation
3412 );
3413
3414 /*
3415 * FUNCTION: Set properties for profiling
3416 * ARGUMENTS:
3417 * Interval =
3418 * ClockSource =
3419 * RETURNS: Status
3420 *
3421 */
3422
3423 NTSTATUS
3424 STDCALL
3425 NtSetIntervalProfile(
3426 ULONG Interval,
3427 KPROFILE_SOURCE ClockSource
3428 );
3429
3430 NTSTATUS
3431 STDCALL
3432 ZwSetIntervalProfile(
3433 ULONG Interval,
3434 KPROFILE_SOURCE ClockSource
3435 );
3436
3437
3438 /*
3439 * FUNCTION: Sets the low part of an event pair
3440 * ARGUMENTS:
3441 EventPair = Handle to the event pair
3442 * RETURNS: Status
3443 */
3444
3445 NTSTATUS
3446 STDCALL
3447 NtSetLowEventPair(
3448 HANDLE EventPair
3449 );
3450 NTSTATUS
3451 STDCALL
3452 ZwSetLowEventPair(
3453 HANDLE EventPair
3454 );
3455 /*
3456 * FUNCTION: Sets the low part of an event pair and wait for the high part
3457 * ARGUMENTS:
3458 EventPair = Handle to the event pair
3459 * RETURNS: Status
3460 */
3461 NTSTATUS
3462 STDCALL
3463 NtSetLowWaitHighEventPair(
3464 HANDLE EventPair
3465 );
3466 NTSTATUS
3467 STDCALL
3468 ZwSetLowWaitHighEventPair(
3469 HANDLE EventPair
3470 );
3471
3472 NTSTATUS
3473 STDCALL
3474 NtSetSecurityObject(
3475 IN HANDLE Handle,
3476 IN SECURITY_INFORMATION SecurityInformation,
3477 IN PSECURITY_DESCRIPTOR SecurityDescriptor
3478 );
3479
3480 NTSTATUS
3481 STDCALL
3482 ZwSetSecurityObject(
3483 IN HANDLE Handle,
3484 IN SECURITY_INFORMATION SecurityInformation,
3485 IN PSECURITY_DESCRIPTOR SecurityDescriptor
3486 );
3487
3488
3489 /*
3490 * FUNCTION: Sets a system environment variable
3491 * ARGUMENTS:
3492 * ValueName = Name of the environment variable
3493 * Value = Value of the environment variable
3494 * RETURNS: Status
3495 */
3496 NTSTATUS
3497 STDCALL
3498 NtSetSystemEnvironmentValue(
3499 IN PUNICODE_STRING VariableName,
3500 IN PUNICODE_STRING Value
3501 );
3502 NTSTATUS
3503 STDCALL
3504 ZwSetSystemEnvironmentValue(
3505 IN PUNICODE_STRING VariableName,
3506 IN PUNICODE_STRING Value
3507 );
3508 /*
3509 * FUNCTION: Sets system parameters
3510 * ARGUMENTS:
3511 * SystemInformationClass = Index to a particular set of system parameters
3512 * Can be one of the following values:
3513 *
3514 * SystemTimeAdjustmentInformation SYSTEM_TIME_ADJUSTMENT
3515 *
3516 * SystemInformation = Structure containing the parameters.
3517 * SystemInformationLength = Size of the structure.
3518 * RETURNS: Status
3519 */
3520 NTSTATUS
3521 STDCALL
3522 NtSetSystemInformation(
3523 IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
3524 IN PVOID SystemInformation,
3525 IN ULONG SystemInformationLength
3526 );
3527
3528 NTSTATUS
3529 STDCALL
3530 ZwSetSystemInformation(
3531 IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
3532 IN PVOID SystemInformation,
3533 IN ULONG SystemInformationLength
3534 );
3535
3536 /*
3537 * FUNCTION: Sets the system time
3538 * ARGUMENTS:
3539 * SystemTime = Old System time
3540 * NewSystemTime = New System time
3541 * RETURNS: Status
3542 */
3543 NTSTATUS
3544 STDCALL
3545 NtSetSystemTime(
3546 IN PLARGE_INTEGER SystemTime,
3547 IN PLARGE_INTEGER NewSystemTime OPTIONAL
3548 );
3549 NTSTATUS
3550 STDCALL
3551 ZwSetSystemTime(
3552 IN PLARGE_INTEGER SystemTime,
3553 IN PLARGE_INTEGER NewSystemTime OPTIONAL
3554 );
3555
3556 /*
3557 * FUNCTION: Sets the frequency of the system timer
3558 * ARGUMENTS:
3559 * RequestedResolution =
3560 * SetOrUnset =
3561 * ActualResolution =
3562 * RETURNS: Status
3563 */
3564 NTSTATUS
3565 STDCALL
3566 NtSetTimerResolution(
3567 IN ULONG RequestedResolution,
3568 IN BOOL SetOrUnset,
3569 OUT PULONG ActualResolution
3570 );
3571 NTSTATUS
3572 STDCALL
3573 ZwSetTimerResolution(
3574 IN ULONG RequestedResolution,
3575 IN BOOL SetOrUnset,
3576 OUT PULONG ActualResolution
3577 );
3578
3579 /*
3580 * FUNCTION: Sets the value of a registry key
3581 * ARGUMENTS:
3582 * KeyHandle = Handle to a registry key
3583 * ValueName = Name of the value entry to change
3584 * TitleIndex = pointer to a structure containing the new volume information
3585 * Type = Type of the registry key. Can be one of the values:
3586 * REG_BINARY Unspecified binary data
3587 * REG_DWORD A 32 bit value
3588 * REG_DWORD_LITTLE_ENDIAN Same as REG_DWORD
3589 * REG_DWORD_BIG_ENDIAN A 32 bit value whose least significant byte is at the highest address
3590 * REG_EXPAND_SZ A zero terminated wide character string with unexpanded environment variables ( "%PATH%" )
3591 * REG_LINK A zero terminated wide character string referring to a symbolic link.
3592 * REG_MULTI_SZ A series of zero-terminated strings including a additional trailing zero
3593 * REG_NONE Unspecified type
3594 * REG_SZ A wide character string ( zero terminated )
3595 * REG_RESOURCE_LIST ??
3596 * REG_RESOURCE_REQUIREMENTS_LIST ??
3597 * REG_FULL_RESOURCE_DESCRIPTOR ??
3598 * Data = Contains the data for the registry key.
3599 * DataSize = size of the data.
3600 * RETURNS: Status
3601 */
3602 NTSTATUS
3603 STDCALL
3604 NtSetValueKey(
3605 IN HANDLE KeyHandle,
3606 IN PUNICODE_STRING ValueName,
3607 IN ULONG TitleIndex OPTIONAL,
3608 IN ULONG Type,
3609 IN PVOID Data,
3610 IN ULONG DataSize
3611 );
3612 NTSTATUS
3613 STDCALL
3614 ZwSetValueKey(
3615 IN HANDLE KeyHandle,
3616 IN PUNICODE_STRING ValueName,
3617 IN ULONG TitleIndex OPTIONAL,
3618 IN ULONG Type,
3619 IN PVOID Data,
3620 IN ULONG DataSize
3621 );
3622
3623 /*
3624 * FUNCTION: Sets the volume information.
3625 * ARGUMENTS:
3626 * FileHandle = Handle to the file
3627 * IoStatusBlock = Caller should supply storage for additional status information
3628 * VolumeInformation = pointer to a structure containing the new volume information
3629 * Length = size of the structure.
3630 * VolumeInformationClass = specifies the particular volume information to set
3631 * RETURNS: Status
3632 */
3633 NTSTATUS
3634 STDCALL
3635 NtSetVolumeInformationFile(
3636 IN HANDLE FileHandle,
3637 OUT PIO_STATUS_BLOCK IoStatusBlock,
3638 IN PVOID FsInformation,
3639 IN ULONG Length,
3640 IN FS_INFORMATION_CLASS FsInformationClass
3641 );
3642
3643 NTSTATUS
3644 STDCALL
3645 ZwSetVolumeInformationFile(
3646 IN HANDLE FileHandle,
3647 OUT PIO_STATUS_BLOCK IoStatusBlock,
3648 IN PVOID FsInformation,
3649 IN ULONG Length,
3650 IN FS_INFORMATION_CLASS FsInformationClass
3651 );
3652
3653 /*
3654 * FUNCTION: Shuts the system down
3655 * ARGUMENTS:
3656 * Action = Specifies the type of shutdown, it can be one of the following values:
3657 * ShutdownNoReboot, ShutdownReboot, ShutdownPowerOff
3658 * RETURNS: Status
3659 */
3660 NTSTATUS
3661 STDCALL
3662 NtShutdownSystem(
3663 IN SHUTDOWN_ACTION Action
3664 );
3665
3666 NTSTATUS
3667 STDCALL
3668 ZwShutdownSystem(
3669 IN SHUTDOWN_ACTION Action
3670 );
3671
3672
3673 /* --- PROFILING --- */
3674
3675 /*
3676 * FUNCTION: Starts profiling
3677 * ARGUMENTS:
3678 * ProfileHandle = Handle to the profile
3679 * RETURNS: Status
3680 */
3681
3682 NTSTATUS
3683 STDCALL
3684 NtStartProfile(
3685 HANDLE ProfileHandle
3686 );
3687
3688 NTSTATUS
3689 STDCALL
3690 ZwStartProfile(
3691 HANDLE ProfileHandle
3692 );
3693
3694 /*
3695 * FUNCTION: Stops profiling
3696 * ARGUMENTS:
3697 * ProfileHandle = Handle to the profile
3698 * RETURNS: Status
3699 */
3700
3701 NTSTATUS
3702 STDCALL
3703 NtStopProfile(
3704 HANDLE ProfileHandle
3705 );
3706
3707 NTSTATUS
3708 STDCALL
3709 ZwStopProfile(
3710 HANDLE ProfileHandle
3711 );
3712
3713 /* --- PROCESS MANAGEMENT --- */
3714
3715 //--NtSystemDebugControl
3716 /*
3717 * FUNCTION: Terminates the execution of a process.
3718 * ARGUMENTS:
3719 * ThreadHandle = Handle to the process
3720 * ExitStatus = The exit status of the process to terminate with.
3721 * REMARKS
3722 Native applications should kill themselves using this function.
3723 * RETURNS: Status
3724 */
3725 NTSTATUS
3726 STDCALL
3727 NtTerminateProcess(
3728 IN HANDLE ProcessHandle ,
3729 IN NTSTATUS ExitStatus
3730 );
3731 NTSTATUS
3732 STDCALL
3733 ZwTerminateProcess(
3734 IN HANDLE ProcessHandle ,
3735 IN NTSTATUS ExitStatus
3736 );
3737
3738 /* --- DEVICE DRIVER CONTROL --- */
3739
3740 /*
3741 * FUNCTION: Unloads a driver.
3742 * ARGUMENTS:
3743 * DriverServiceName = Name of the driver to unload
3744 * RETURNS: Status
3745 */
3746 NTSTATUS
3747 STDCALL
3748 NtUnloadDriver(
3749 IN PUNICODE_STRING DriverServiceName
3750 );
3751 NTSTATUS
3752 STDCALL
3753 ZwUnloadDriver(
3754 IN PUNICODE_STRING DriverServiceName
3755 );
3756
3757 /* --- VIRTUAL MEMORY MANAGEMENT --- */
3758
3759 /*
3760 * FUNCTION: Writes a range of virtual memory
3761 * ARGUMENTS:
3762 * ProcessHandle = The handle to the process owning the address space.
3763 * BaseAddress = The points to the address to write to
3764 * Buffer = Pointer to the buffer to write
3765 * NumberOfBytesToWrite = Offset to the upper boundary to write
3766 * NumberOfBytesWritten = Total bytes written
3767 * REMARKS:
3768 * This function maps to the win32 WriteProcessMemory
3769 * RETURNS: Status
3770 */
3771 NTSTATUS
3772 STDCALL
3773 NtWriteVirtualMemory(
3774 IN HANDLE ProcessHandle,
3775 IN PVOID BaseAddress,
3776 IN PVOID Buffer,
3777 IN ULONG NumberOfBytesToWrite,
3778 OUT PULONG NumberOfBytesWritten
3779 );
3780
3781 NTSTATUS
3782 STDCALL
3783 ZwWriteVirtualMemory(
3784 IN HANDLE ProcessHandle,
3785 IN PVOID BaseAddress,
3786 IN PVOID Buffer,
3787 IN ULONG NumberOfBytesToWrite,
3788 OUT PULONG NumberOfBytesWritten
3789 );
3790
3791 /*
3792 * FUNCTION: Unmaps a piece of virtual memory backed by a file.
3793 * ARGUMENTS:
3794 * ProcessHandle = Handle to the process
3795 * BaseAddress = The address where the mapping begins
3796 * REMARK:
3797 This procedure maps to the win32 UnMapViewOfFile
3798 * RETURNS: Status
3799 */
3800 NTSTATUS
3801 STDCALL
3802 NtUnmapViewOfSection(
3803 IN HANDLE ProcessHandle,
3804 IN PVOID BaseAddress
3805 );
3806 NTSTATUS
3807 STDCALL
3808 ZwUnmapViewOfSection(
3809 IN HANDLE ProcessHandle,
3810 IN PVOID BaseAddress
3811 );
3812
3813 /* --- OBJECT SYNCHRONIZATION --- */
3814
3815 /*
3816 * FUNCTION: Signals an object and wait for an other one.
3817 * ARGUMENTS:
3818 * SignalObject = Handle to the object that should be signaled
3819 * WaitObject = Handle to the object that should be waited for
3820 * Alertable = True if the wait is alertable
3821 * Time = The time to wait
3822 * RETURNS: Status
3823 */
3824 NTSTATUS
3825 STDCALL
3826 NtSignalAndWaitForSingleObject(
3827 IN HANDLE SignalObject,
3828 IN HANDLE WaitObject,
3829 IN BOOLEAN Alertable,
3830 IN PLARGE_INTEGER Time
3831 );
3832
3833 NTSTATUS
3834 STDCALL
3835 NtSignalAndWaitForSingleObject(
3836 IN HANDLE SignalObject,
3837 IN HANDLE WaitObject,
3838 IN BOOLEAN Alertable,
3839 IN PLARGE_INTEGER Time
3840 );
3841
3842 /*
3843 * FUNCTION: Waits for an object to become signalled.
3844 * ARGUMENTS:
3845 * Object = The object handle
3846 * Alertable = If true the wait is alertable.
3847 * Time = The maximum wait time.
3848 * REMARKS:
3849 * This function maps to the win32 WaitForSingleObjectEx.
3850 * RETURNS: Status
3851 */
3852 NTSTATUS
3853 STDCALL
3854 NtWaitForSingleObject (
3855 IN HANDLE Object,
3856 IN BOOLEAN Alertable,
3857 IN PLARGE_INTEGER Time
3858 );
3859
3860 NTSTATUS
3861 STDCALL
3862 ZwWaitForSingleObject (
3863 IN HANDLE Object,
3864 IN BOOLEAN Alertable,
3865 IN PLARGE_INTEGER Time
3866 );
3867
3868 /* --- EVENT PAIR OBJECT --- */
3869
3870 /*
3871 * FUNCTION: Waits for the high part of an eventpair to become signalled
3872 * ARGUMENTS:
3873 * EventPairHandle = Handle to the event pair.
3874 * RETURNS: Status
3875 */
3876
3877 NTSTATUS
3878 STDCALL
3879 NtWaitHighEventPair(
3880 IN HANDLE EventPairHandle
3881 );
3882
3883 NTSTATUS
3884 STDCALL
3885 ZwWaitHighEventPair(
3886 IN HANDLE EventPairHandle
3887 );
3888
3889 /*
3890 * FUNCTION: Waits for the low part of an eventpair to become signalled
3891 * ARGUMENTS:
3892 * EventPairHandle = Handle to the event pair.
3893 * RETURNS: Status
3894 */
3895 NTSTATUS
3896 STDCALL
3897 NtWaitLowEventPair(
3898 IN HANDLE EventPairHandle
3899 );
3900
3901 NTSTATUS
3902 STDCALL
3903 ZwWaitLowEventPair(
3904 IN HANDLE EventPairHandle
3905 );
3906
3907 /* --- FILE MANAGEMENT --- */
3908
3909 /*
3910 * FUNCTION: Unlocks a range of bytes in a file.
3911 * ARGUMENTS:
3912 * FileHandle = Handle to the file
3913 * IoStatusBlock = Caller should supply storage for a structure containing
3914 * the completion status and information about the requested unlock operation.
3915 The information field is set to the number of bytes unlocked.
3916 * ByteOffset = Offset to start the range of bytes to unlock
3917 * Length = Number of bytes to unlock.
3918 * Key = Special value to enable other threads to unlock a file than the
3919 thread that locked the file. The key supplied must match with the one obtained
3920 in a previous call to NtLockFile.
3921 * REMARK:
3922 This procedure maps to the win32 procedure UnlockFileEx. STATUS_PENDING is returned if the lock could
3923 not be obtained immediately, the device queue is busy and the IRP is queued.
3924 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES |
3925 STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_RANGE_NOT_LOCKED ]
3926 */
3927 NTSTATUS
3928 STDCALL
3929 NtUnlockFile(
3930 IN HANDLE FileHandle,
3931 OUT PIO_STATUS_BLOCK IoStatusBlock,
3932 IN PLARGE_INTEGER ByteOffset,
3933 IN PLARGE_INTEGER Lenght,
3934 OUT PULONG Key OPTIONAL
3935 );
3936 NTSTATUS
3937 STDCALL
3938 ZwUnlockFile(
3939 IN HANDLE FileHandle,
3940 OUT PIO_STATUS_BLOCK IoStatusBlock,
3941 IN PLARGE_INTEGER ByteOffset,
3942 IN PLARGE_INTEGER Lenght,
3943 OUT PULONG Key OPTIONAL
3944 );
3945
3946 /*
3947 * FUNCTION: Writes data to a file
3948 * ARGUMENTS:
3949 * FileHandle = The handle a file ( from NtCreateFile )
3950 * Event = Specifies a event that will become signalled when the write operation completes.
3951 * ApcRoutine = Asynchroneous Procedure Callback [ Should not be used by device drivers ]
3952 * ApcContext = Argument to the Apc Routine
3953 * IoStatusBlock = Caller should supply storage for a structure containing the completion status and information about the requested write operation.
3954 * Buffer = Caller should supply storage for a buffer that will contain the information to be written to file.
3955 * Length = Size in bytest of the buffer
3956 * ByteOffset = Points to a file offset. If a combination of Length and BytesOfSet is past the end-of-file mark the file will be enlarged.
3957 * BytesOffset is ignored if the file is created with FILE_APPEND_DATA in the DesiredAccess. BytesOffset is also ignored if
3958 * the file is created with CreateOptions flags FILE_SYNCHRONOUS_IO_ALERT or FILE_SYNCHRONOUS_IO_NONALERT set, in that case a offset
3959 * should be created by specifying FILE_USE_FILE_POINTER_POSITION.
3960 * Key = Unused
3961 * REMARKS:
3962