43f7ce72a5e8487ec6a4e62758289d6f818a3e6c
[reactos.git] / reactos / include / ntos / zw.h
1
2 /* $Id: zw.h,v 1.8 2003/02/27 22:49:06 ekohl Exp $
3 *
4 * COPYRIGHT: See COPYING in the top level directory
5 * PROJECT: ReactOS kernel
6 * PURPOSE: System call definitions
7 * FILE: include/ddk/zw.h
8 * REVISION HISTORY:
9 * ??/??/??: First few functions (David Welch)
10 * ??/??/??: Complete implementation by Ariadne
11 * 13/07/98: Reorganised things a bit (David Welch)
12 * 04/08/98: Added some documentation (Ariadne)
13 * 14/08/98: Added type TIME and change variable type from [1] to [0]
14 * 14/09/98: Added for each Nt call a corresponding Zw Call
15 */
16
17 #ifndef __DDK_ZW_H
18 #define __DDK_ZW_H
19
20 #include <ntos/security.h>
21 #include <ntos/zwtypes.h>
22 #include <napi/npipe.h>
23
24 #ifndef _RTLGETPROCESSHEAP_DEFINED_
25 #define _RTLGETPROCESSHEAP_DEFINED_
26 #define RtlGetProcessHeap() (NtCurrentPeb()->ProcessHeap)
27 #endif
28
29 // semaphore information
30
31 typedef enum _SEMAPHORE_INFORMATION_CLASS
32 {
33 SemaphoreBasicInformation = 0
34 } SEMAPHORE_INFORMATION_CLASS;
35
36 typedef struct _SEMAPHORE_BASIC_INFORMATION
37 {
38 LONG CurrentCount;
39 LONG MaximumCount;
40 } SEMAPHORE_BASIC_INFORMATION, *PSEMAPHORE_BASIC_INFORMATION;
41
42 // event information
43
44 typedef enum _EVENT_INFORMATION_CLASS
45 {
46 EventBasicInformation = 0
47 } EVENT_INFORMATION_CLASS;
48
49 typedef struct _EVENT_BASIC_INFORMATION
50 {
51 EVENT_TYPE EventType;
52 LONG EventState;
53 } EVENT_BASIC_INFORMATION, *PEVENT_BASIC_INFORMATION;
54
55 //#define LCID ULONG
56 //#define SECURITY_INFORMATION ULONG
57 //typedef ULONG SECURITY_INFORMATION;
58
59 /*
60 * FUNCTION: Adjusts the groups in an access token
61 * ARGUMENTS:
62 * TokenHandle = Specifies the access token
63 * ResetToDefault = If true the NewState parameter is ignored and the groups are set to
64 * their default state, if false the groups specified in
65 * NewState are set.
66 * NewState =
67 * BufferLength = Specifies the size of the buffer for the PreviousState.
68 * PreviousState =
69 * ReturnLength = Bytes written in PreviousState buffer.
70 * REMARKS: The arguments map to the win32 AdjustTokenGroups
71 * RETURNS: Status
72 */
73
74 NTSTATUS
75 STDCALL
76 NtAdjustGroupsToken(
77 IN HANDLE TokenHandle,
78 IN BOOLEAN ResetToDefault,
79 IN PTOKEN_GROUPS NewState,
80 IN ULONG BufferLength,
81 OUT PTOKEN_GROUPS PreviousState OPTIONAL,
82 OUT PULONG ReturnLength
83 );
84
85 NTSTATUS
86 STDCALL
87 ZwAdjustGroupsToken(
88 IN HANDLE TokenHandle,
89 IN BOOLEAN ResetToDefault,
90 IN PTOKEN_GROUPS NewState,
91 IN ULONG BufferLength,
92 OUT PTOKEN_GROUPS PreviousState,
93 OUT PULONG ReturnLength
94 );
95
96
97 /*
98 * FUNCTION:
99 *
100 * ARGUMENTS:
101 * TokenHandle = Handle to the access token
102 * DisableAllPrivileges = The resulting suspend count.
103 NewState =
104 BufferLength =
105 PreviousState =
106 ReturnLength =
107 * REMARK:
108 * The arguments map to the win32 AdjustTokenPrivileges
109 * RETURNS: Status
110 */
111
112 NTSTATUS
113 STDCALL
114 NtAdjustPrivilegesToken(
115 IN HANDLE TokenHandle,
116 IN BOOLEAN DisableAllPrivileges,
117 IN PTOKEN_PRIVILEGES NewState,
118 IN ULONG BufferLength,
119 OUT PTOKEN_PRIVILEGES PreviousState,
120 OUT PULONG ReturnLength
121 );
122
123 NTSTATUS
124 STDCALL
125 ZwAdjustPrivilegesToken(
126 IN HANDLE TokenHandle,
127 IN BOOLEAN DisableAllPrivileges,
128 IN PTOKEN_PRIVILEGES NewState,
129 IN ULONG BufferLength,
130 OUT PTOKEN_PRIVILEGES PreviousState,
131 OUT PULONG ReturnLength
132 );
133
134
135 /*
136 * FUNCTION: Decrements a thread's suspend count and places it in an alerted
137 * state.
138 * ARGUMENTS:
139 * ThreadHandle = Handle to the thread that should be resumed
140 * SuspendCount = The resulting suspend count.
141 * REMARK:
142 * A thread is resumed if its suspend count is 0
143 * RETURNS: Status
144 */
145 NTSTATUS
146 STDCALL
147 NtAlertResumeThread(
148 IN HANDLE ThreadHandle,
149 OUT PULONG SuspendCount
150 );
151
152 NTSTATUS
153 STDCALL
154 ZwAlertResumeThread(
155 IN HANDLE ThreadHandle,
156 OUT PULONG SuspendCount
157 );
158
159 /*
160 * FUNCTION: Puts the thread in a alerted state
161 * ARGUMENTS:
162 * ThreadHandle = Handle to the thread that should be alerted
163 * RETURNS: Status
164 */
165 NTSTATUS
166 STDCALL
167 NtAlertThread(
168 IN HANDLE ThreadHandle
169 );
170
171 NTSTATUS
172 STDCALL
173 ZwAlertThread(
174 IN HANDLE ThreadHandle
175 );
176
177
178 /*
179 * FUNCTION: Allocates a locally unique id
180 * ARGUMENTS:
181 * LocallyUniqueId = Locally unique number
182 * RETURNS: Status
183 */
184 NTSTATUS
185 STDCALL
186 NtAllocateLocallyUniqueId(
187 OUT LUID *LocallyUniqueId
188 );
189
190 NTSTATUS
191 STDCALL
192 ZwAllocateLocallyUniqueId(
193 OUT PLUID Luid
194 );
195
196 /*
197 * FUNCTION: Allocates a block of virtual memory in the process address space
198 * ARGUMENTS:
199 * ProcessHandle = The handle of the process which owns the virtual memory
200 * BaseAddress = A pointer to the virtual memory allocated. If you supply a non zero
201 * value the system will try to allocate the memory at the address supplied. It rounds
202 * it down to a multiple if the page size.
203 * ZeroBits = (OPTIONAL) You can specify the number of high order bits that must be zero, ensuring that
204 * the memory will be allocated at a address below a certain value.
205 * RegionSize = The number of bytes to allocate
206 * AllocationType = Indicates the type of virtual memory you like to allocated,
207 * can be one of the values : MEM_COMMIT, MEM_RESERVE, MEM_RESET, MEM_TOP_DOWN
208 * Protect = Indicates the protection type of the pages allocated, can be a combination of
209 * PAGE_READONLY, PAGE_READWRITE, PAGE_EXECUTE_READ,
210 * PAGE_EXECUTE_READWRITE, PAGE_GUARD, PAGE_NOACCESS, PAGE_NOACCESS
211 * REMARKS:
212 * This function maps to the win32 VirtualAllocEx. Virtual memory is process based so the
213 * protocol starts with a ProcessHandle. I splitted the functionality of obtaining the actual address and specifying
214 * the start address in two parameters ( BaseAddress and StartAddress ) The NumberOfBytesAllocated specify the range
215 * and the AllocationType and ProctectionType map to the other two parameters.
216 * RETURNS: Status
217 */
218 NTSTATUS
219 STDCALL
220 NtAllocateVirtualMemory (
221 IN HANDLE ProcessHandle,
222 IN OUT PVOID *BaseAddress,
223 IN ULONG ZeroBits,
224 IN OUT PULONG RegionSize,
225 IN ULONG AllocationType,
226 IN ULONG Protect
227 );
228
229 NTSTATUS
230 STDCALL
231 ZwAllocateVirtualMemory (
232 IN HANDLE ProcessHandle,
233 IN OUT PVOID *BaseAddress,
234 IN ULONG ZeroBits,
235 IN OUT PULONG RegionSize,
236 IN ULONG AllocationType,
237 IN ULONG Protect);
238
239 /*
240 * FUNCTION: Returns from a callback into user mode
241 * ARGUMENTS:
242 * RETURN Status
243 */
244 //FIXME: this function might need 3 parameters
245 NTSTATUS STDCALL NtCallbackReturn(PVOID Result,
246 ULONG ResultLength,
247 NTSTATUS Status);
248
249 NTSTATUS STDCALL ZwCallbackReturn(PVOID Result,
250 ULONG ResultLength,
251 NTSTATUS Status);
252
253 /*
254 * FUNCTION: Cancels a IO request
255 * ARGUMENTS:
256 * FileHandle = Handle to the file
257 * IoStatusBlock =
258 *
259 * REMARKS:
260 * This function maps to the win32 CancelIo.
261 * RETURNS: Status
262 */
263 NTSTATUS
264 STDCALL
265 NtCancelIoFile(
266 IN HANDLE FileHandle,
267 OUT PIO_STATUS_BLOCK IoStatusBlock
268 );
269
270 NTSTATUS
271 STDCALL
272 ZwCancelIoFile(
273 IN HANDLE FileHandle,
274 OUT PIO_STATUS_BLOCK IoStatusBlock
275 );
276
277 /*
278 * FUNCTION: Sets the status of the event back to non-signaled
279 * ARGUMENTS:
280 * EventHandle = Handle to the event
281 * REMARKS:
282 * This function maps to win32 function ResetEvent.
283 * RETURcNS: Status
284 */
285
286 NTSTATUS
287 STDCALL
288 NtClearEvent(
289 IN HANDLE EventHandle
290 );
291
292 NTSTATUS
293 STDCALL
294 ZwClearEvent(
295 IN HANDLE EventHandle
296 );
297
298 /*
299 * FUNCTION: Closes an object handle
300 * ARGUMENTS:
301 * Handle = Handle to the object
302 * REMARKS:
303 * This function maps to the win32 function CloseHandle.
304 * RETURNS: Status
305 */
306
307 NTSTATUS
308 STDCALL
309 NtClose(
310 IN HANDLE Handle
311 );
312
313 NTSTATUS
314 STDCALL
315 ZwClose(
316 IN HANDLE Handle
317 );
318
319 /*
320 * FUNCTION: Generates an audit message when a handle to an object is dereferenced
321 * ARGUMENTS:
322 * SubsystemName =
323 HandleId = Handle to the object
324 GenerateOnClose =
325 * REMARKS:
326 * This function maps to the win32 function ObjectCloseAuditAlarm.
327 * RETURNS: Status
328 */
329
330 NTSTATUS
331 STDCALL
332 NtCloseObjectAuditAlarm(
333 IN PUNICODE_STRING SubsystemName,
334 IN PVOID HandleId,
335 IN BOOLEAN GenerateOnClose
336 );
337
338 NTSTATUS
339 STDCALL
340 ZwCloseObjectAuditAlarm(
341 IN PUNICODE_STRING SubsystemName,
342 IN PVOID HandleId,
343 IN BOOLEAN GenerateOnClose
344 );
345
346 /*
347 * FUNCTION: Creates a directory object
348 * ARGUMENTS:
349 * DirectoryHandle (OUT) = Caller supplied storage for the resulting handle
350 * DesiredAccess = Specifies access to the directory
351 * ObjectAttribute = Initialized attributes for the object
352 * REMARKS: This function maps to the win32 CreateDirectory. A directory is like a file so it needs a
353 * handle, a access mask and a OBJECT_ATTRIBUTES structure to map the path name and the SECURITY_ATTRIBUTES.
354 * RETURNS: Status
355 */
356
357 NTSTATUS
358 STDCALL
359 NtCreateDirectoryObject(
360 OUT PHANDLE DirectoryHandle,
361 IN ACCESS_MASK DesiredAccess,
362 IN POBJECT_ATTRIBUTES ObjectAttributes
363 );
364
365 NTSTATUS
366 STDCALL
367 ZwCreateDirectoryObject(
368 OUT PHANDLE DirectoryHandle,
369 IN ACCESS_MASK DesiredAccess,
370 IN POBJECT_ATTRIBUTES ObjectAttributes
371 );
372
373 /*
374 * FUNCTION: Creates an event object
375 * ARGUMENTS:
376 * EventHandle (OUT) = Caller supplied storage for the resulting handle
377 * DesiredAccess = Specifies access to the event
378 * ObjectAttribute = Initialized attributes for the object
379 * ManualReset = manual-reset or auto-reset if true you have to reset the state of the event manually
380 * using NtResetEvent/NtClearEvent. if false the system will reset the event to a non-signalled state
381 * automatically after the system has rescheduled a thread waiting on the event.
382 * InitialState = specifies the initial state of the event to be signaled ( TRUE ) or non-signalled (FALSE).
383 * REMARKS: This function maps to the win32 CreateEvent. Demanding a out variable of type HANDLE,
384 * a access mask and a OBJECT_ATTRIBUTES structure mapping to the SECURITY_ATTRIBUTES. ManualReset and InitialState are
385 * both parameters aswell ( possibly the order is reversed ).
386 * RETURNS: Status
387 */
388
389 NTSTATUS
390 STDCALL
391 NtCreateEvent(
392 OUT PHANDLE EventHandle,
393 IN ACCESS_MASK DesiredAccess,
394 IN POBJECT_ATTRIBUTES ObjectAttributes,
395 IN BOOLEAN ManualReset,
396 IN BOOLEAN InitialState
397 );
398
399 NTSTATUS
400 STDCALL
401 ZwCreateEvent(
402 OUT PHANDLE EventHandle,
403 IN ACCESS_MASK DesiredAccess,
404 IN POBJECT_ATTRIBUTES ObjectAttributes,
405 IN BOOLEAN ManualReset,
406 IN BOOLEAN InitialState
407 );
408
409 /*
410 * FUNCTION: Creates an eventpair object
411 * ARGUMENTS:
412 * EventPairHandle (OUT) = Caller supplied storage for the resulting handle
413 * DesiredAccess = Specifies access to the event
414 * ObjectAttribute = Initialized attributes for the object
415 */
416
417 NTSTATUS
418 STDCALL
419 NtCreateEventPair(
420 OUT PHANDLE EventPairHandle,
421 IN ACCESS_MASK DesiredAccess,
422 IN POBJECT_ATTRIBUTES ObjectAttributes
423 );
424
425 NTSTATUS
426 STDCALL
427 ZwCreateEventPair(
428 OUT PHANDLE EventPairHandle,
429 IN ACCESS_MASK DesiredAccess,
430 IN POBJECT_ATTRIBUTES ObjectAttributes
431 );
432
433
434 /*
435 * FUNCTION: Creates or opens a file, directory or device object.
436 * ARGUMENTS:
437 * FileHandle (OUT) = Caller supplied storage for the resulting handle
438 * DesiredAccess = Specifies the allowed or desired access to the file can
439 * be a combination of DELETE | FILE_READ_DATA ..
440 * ObjectAttribute = Initialized attributes for the object, contains the rootdirectory and the filename
441 * IoStatusBlock (OUT) = Caller supplied storage for the resulting status information, indicating if the
442 * the file is created and opened or allready existed and is just opened.
443 * FileAttributes = file attributes can be a combination of FILE_ATTRIBUTE_READONLY | FILE_ATTRIBUTE_HIDDEN ...
444 * ShareAccess = can be a combination of the following: FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE
445 * CreateDisposition = specifies what the behavior of the system if the file allready exists.
446 * CreateOptions = specifies the behavior of the system on file creation.
447 * EaBuffer (OPTIONAL) = Extended Attributes buffer, applies only to files and directories.
448 * EaLength = Extended Attributes buffer size, applies only to files and directories.
449 * REMARKS: This function maps to the win32 CreateFile.
450 * RETURNS: Status
451 */
452
453 NTSTATUS
454 STDCALL
455 NtCreateFile(
456 OUT PHANDLE FileHandle,
457 IN ACCESS_MASK DesiredAccess,
458 IN POBJECT_ATTRIBUTES ObjectAttributes,
459 OUT PIO_STATUS_BLOCK IoStatusBlock,
460 IN PLARGE_INTEGER AllocationSize OPTIONAL,
461 IN ULONG FileAttributes,
462 IN ULONG ShareAccess,
463 IN ULONG CreateDisposition,
464 IN ULONG CreateOptions,
465 IN PVOID EaBuffer OPTIONAL,
466 IN ULONG EaLength
467 );
468
469 NTSTATUS
470 STDCALL
471 ZwCreateFile(
472 OUT PHANDLE FileHandle,
473 IN ACCESS_MASK DesiredAccess,
474 IN POBJECT_ATTRIBUTES ObjectAttributes,
475 OUT PIO_STATUS_BLOCK IoStatusBlock,
476 IN PLARGE_INTEGER AllocationSize OPTIONAL,
477 IN ULONG FileAttributes,
478 IN ULONG ShareAccess,
479 IN ULONG CreateDisposition,
480 IN ULONG CreateOptions,
481 IN PVOID EaBuffer OPTIONAL,
482 IN ULONG EaLength
483 );
484
485 /*
486 * FUNCTION: Creates or opens a file, directory or device object.
487 * ARGUMENTS:
488 * CompletionPort (OUT) = Caller supplied storage for the resulting handle
489 * DesiredAccess = Specifies the allowed or desired access to the port
490 * IoStatusBlock =
491 * NumberOfConcurrentThreads =
492 * REMARKS: This function maps to the win32 CreateIoCompletionPort
493 * RETURNS:
494 * Status
495 */
496
497 NTSTATUS
498 STDCALL
499 NtCreateIoCompletion(
500 OUT PHANDLE CompletionPort,
501 IN ACCESS_MASK DesiredAccess,
502 OUT PIO_STATUS_BLOCK IoStatusBlock,
503 IN ULONG NumberOfConcurrentThreads
504 );
505
506 NTSTATUS
507 STDCALL
508 ZwCreateIoCompletion(
509 OUT PHANDLE CompletionPort,
510 IN ACCESS_MASK DesiredAccess,
511 OUT PIO_STATUS_BLOCK IoStatusBlock,
512 IN ULONG NumberOfConcurrentThreads
513 );
514
515
516 /*
517 * FUNCTION: Creates a registry key
518 * ARGUMENTS:
519 * KeyHandle (OUT) = Caller supplied storage for the resulting handle
520 * DesiredAccess = Specifies the allowed or desired access to the key
521 * It can have a combination of the following values:
522 * KEY_READ | KEY_WRITE | KEY_EXECUTE | KEY_ALL_ACCESS
523 * or
524 * KEY_QUERY_VALUE The values of the key can be queried.
525 * KEY_SET_VALUE The values of the key can be modified.
526 * KEY_CREATE_SUB_KEYS The key may contain subkeys.
527 * KEY_ENUMERATE_SUB_KEYS Subkeys can be queried.
528 * KEY_NOTIFY
529 * KEY_CREATE_LINK A symbolic link to the key can be created.
530 * ObjectAttributes = The name of the key may be specified directly in the name field
531 * of object attributes or relative to a key in rootdirectory.
532 * TitleIndex = Might specify the position in the sequential order of subkeys.
533 * Class = Specifies the kind of data, for example REG_SZ for string data. [ ??? ]
534 * CreateOptions = Specifies additional options with which the key is created
535 * REG_OPTION_VOLATILE The key is not preserved across boots.
536 * REG_OPTION_NON_VOLATILE The key is preserved accross boots.
537 * REG_OPTION_CREATE_LINK The key is a symbolic link to another key.
538 * REG_OPTION_BACKUP_RESTORE Key is being opened or created for backup/restore operations.
539 * Disposition = Indicates if the call to NtCreateKey resulted in the creation of a key it
540 * can have the following values: REG_CREATED_NEW_KEY | REG_OPENED_EXISTING_KEY
541 * RETURNS:
542 * Status
543 */
544
545 NTSTATUS STDCALL
546 NtCreateKey(OUT PHANDLE KeyHandle,
547 IN ACCESS_MASK DesiredAccess,
548 IN POBJECT_ATTRIBUTES ObjectAttributes,
549 IN ULONG TitleIndex,
550 IN PUNICODE_STRING Class OPTIONAL,
551 IN ULONG CreateOptions,
552 IN PULONG Disposition OPTIONAL);
553
554 NTSTATUS STDCALL
555 ZwCreateKey(OUT PHANDLE KeyHandle,
556 IN ACCESS_MASK DesiredAccess,
557 IN POBJECT_ATTRIBUTES ObjectAttributes,
558 IN ULONG TitleIndex,
559 IN PUNICODE_STRING Class OPTIONAL,
560 IN ULONG CreateOptions,
561 IN PULONG Disposition OPTIONAL);
562
563 /*
564 * FUNCTION: Creates a mail slot file
565 * ARGUMENTS:
566 * MailSlotFileHandle (OUT) = Caller supplied storage for the resulting handle
567 * DesiredAccess = Specifies the allowed or desired access to the file
568 * ObjectAttributes = Contains the name of the mailslotfile.
569 * IoStatusBlock =
570 * FileAttributes =
571 * ShareAccess =
572 * MaxMessageSize =
573 * TimeOut =
574 *
575 * REMARKS: This funciton maps to the win32 function CreateMailSlot
576 * RETURNS:
577 * Status
578 */
579
580 NTSTATUS
581 STDCALL
582 NtCreateMailslotFile(
583 OUT PHANDLE MailSlotFileHandle,
584 IN ACCESS_MASK DesiredAccess,
585 IN POBJECT_ATTRIBUTES ObjectAttributes,
586 OUT PIO_STATUS_BLOCK IoStatusBlock,
587 IN ULONG FileAttributes,
588 IN ULONG ShareAccess,
589 IN ULONG MaxMessageSize,
590 IN PLARGE_INTEGER TimeOut
591 );
592
593 NTSTATUS
594 STDCALL
595 ZwCreateMailslotFile(
596 OUT PHANDLE MailSlotFileHandle,
597 IN ACCESS_MASK DesiredAccess,
598 IN POBJECT_ATTRIBUTES ObjectAttributes,
599 OUT PIO_STATUS_BLOCK IoStatusBlock,
600 IN ULONG FileAttributes,
601 IN ULONG ShareAccess,
602 IN ULONG MaxMessageSize,
603 IN PLARGE_INTEGER TimeOut
604 );
605
606 /*
607 * FUNCTION: Creates or opens a mutex
608 * ARGUMENTS:
609 * MutantHandle (OUT) = Caller supplied storage for the resulting handle
610 * DesiredAccess = Specifies the allowed or desired access to the port
611 * ObjectAttributes = Contains the name of the mutex.
612 * InitialOwner = If true the calling thread acquires ownership
613 * of the mutex.
614 * REMARKS: This funciton maps to the win32 function CreateMutex
615 * RETURNS:
616 * Status
617 */
618 NTSTATUS
619 STDCALL
620 NtCreateMutant(
621 OUT PHANDLE MutantHandle,
622 IN ACCESS_MASK DesiredAccess,
623 IN POBJECT_ATTRIBUTES ObjectAttributes,
624 IN BOOLEAN InitialOwner
625 );
626
627 NTSTATUS
628 STDCALL
629 ZwCreateMutant(
630 OUT PHANDLE MutantHandle,
631 IN ACCESS_MASK DesiredAccess,
632 IN POBJECT_ATTRIBUTES ObjectAttributes,
633 IN BOOLEAN InitialOwner
634 );
635
636 /*
637 * FUNCTION: Creates a process.
638 * ARGUMENTS:
639 * ProcessHandle (OUT) = Caller supplied storage for the resulting handle
640 * DesiredAccess = Specifies the allowed or desired access to the process can
641 * be a combinate of STANDARD_RIGHTS_REQUIRED| ..
642 * ObjectAttribute = Initialized attributes for the object, contains the rootdirectory and the filename
643 * ParentProcess = Handle to the parent process.
644 * InheritObjectTable = Specifies to inherit the objects of the parent process if true.
645 * SectionHandle = Handle to a section object to back the image file
646 * DebugPort = Handle to a DebugPort if NULL the system default debug port will be used.
647 * ExceptionPort = Handle to a exception port.
648 * REMARKS:
649 * This function maps to the win32 CreateProcess.
650 * RETURNS: Status
651 */
652 NTSTATUS
653 STDCALL
654 NtCreateProcess(
655 OUT PHANDLE ProcessHandle,
656 IN ACCESS_MASK DesiredAccess,
657 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
658 IN HANDLE ParentProcess,
659 IN BOOLEAN InheritObjectTable,
660 IN HANDLE SectionHandle OPTIONAL,
661 IN HANDLE DebugPort OPTIONAL,
662 IN HANDLE ExceptionPort OPTIONAL
663 );
664
665 NTSTATUS
666 STDCALL
667 ZwCreateProcess(
668 OUT PHANDLE ProcessHandle,
669 IN ACCESS_MASK DesiredAccess,
670 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
671 IN HANDLE ParentProcess,
672 IN BOOLEAN InheritObjectTable,
673 IN HANDLE SectionHandle OPTIONAL,
674 IN HANDLE DebugPort OPTIONAL,
675 IN HANDLE ExceptionPort OPTIONAL
676 );
677
678 /*
679 * FUNCTION: Creates a section object.
680 * ARGUMENTS:
681 * SectionHandle (OUT) = Caller supplied storage for the resulting handle
682 * DesiredAccess = Specifies the desired access to the section can be a combination of STANDARD_RIGHTS_REQUIRED | SECTION_QUERY | SECTION_MAP_WRITE |
683 * SECTION_MAP_READ | SECTION_MAP_EXECUTE.
684 * ObjectAttribute = Initialized attributes for the object can be used to create a named section
685 * MaxiumSize = Maximizes the size of the memory section. Must be non-NULL for a page-file backed section.
686 * If value specified for a mapped file and the file is not large enough, file will be extended.
687 * SectionPageProtection = Can be a combination of PAGE_READONLY | PAGE_READWRITE | PAGE_WRITEONLY | PAGE_WRITECOPY.
688 * AllocationAttributes = can be a combination of SEC_IMAGE | SEC_RESERVE
689 * FileHanlde = Handle to a file to create a section mapped to a file instead of a memory backed section.
690 * RETURNS: Status
691 */
692
693 NTSTATUS
694 STDCALL
695 NtCreateSection(
696 OUT PHANDLE SectionHandle,
697 IN ACCESS_MASK DesiredAccess,
698 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
699 IN PLARGE_INTEGER MaximumSize OPTIONAL,
700 IN ULONG SectionPageProtection OPTIONAL,
701 IN ULONG AllocationAttributes,
702 IN HANDLE FileHandle OPTIONAL
703 );
704
705 NTSTATUS
706 STDCALL
707 ZwCreateSection(
708 OUT PHANDLE SectionHandle,
709 IN ACCESS_MASK DesiredAccess,
710 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
711 IN PLARGE_INTEGER MaximumSize OPTIONAL,
712 IN ULONG SectionPageProtection OPTIONAL,
713 IN ULONG AllocationAttributes,
714 IN HANDLE FileHandle OPTIONAL
715 );
716
717 /*
718 * FUNCTION: Creates a semaphore object for interprocess synchronization.
719 * ARGUMENTS:
720 * SemaphoreHandle (OUT) = Caller supplied storage for the resulting handle
721 * DesiredAccess = Specifies the allowed or desired access to the semaphore.
722 * ObjectAttribute = Initialized attributes for the object.
723 * InitialCount = Not necessary zero, might be smaller than zero.
724 * MaximumCount = Maxiumum count the semaphore can reach.
725 * RETURNS: Status
726 * REMARKS:
727 * The semaphore is set to signaled when its count is greater than zero, and non-signaled when its count is zero.
728 */
729
730 //FIXME: should a semaphore's initial count allowed to be smaller than zero ??
731 NTSTATUS
732 STDCALL
733 NtCreateSemaphore(
734 OUT PHANDLE SemaphoreHandle,
735 IN ACCESS_MASK DesiredAccess,
736 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
737 IN LONG InitialCount,
738 IN LONG MaximumCount
739 );
740
741 NTSTATUS
742 STDCALL
743 ZwCreateSemaphore(
744 OUT PHANDLE SemaphoreHandle,
745 IN ACCESS_MASK DesiredAccess,
746 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
747 IN LONG InitialCount,
748 IN LONG MaximumCount
749 );
750
751 /*
752 * FUNCTION: Creates a symbolic link object
753 * ARGUMENTS:
754 * SymbolicLinkHandle (OUT) = Caller supplied storage for the resulting handle
755 * DesiredAccess = Specifies the allowed or desired access to the thread.
756 * ObjectAttributes = Initialized attributes for the object.
757 * Name = Target name of the symbolic link
758 * RETURNS: Status
759 */
760 NTSTATUS
761 STDCALL
762 NtCreateSymbolicLinkObject(
763 OUT PHANDLE SymbolicLinkHandle,
764 IN ACCESS_MASK DesiredAccess,
765 IN POBJECT_ATTRIBUTES ObjectAttributes,
766 IN PUNICODE_STRING Name
767 );
768
769 NTSTATUS
770 STDCALL
771 ZwCreateSymbolicLinkObject(
772 OUT PHANDLE SymbolicLinkHandle,
773 IN ACCESS_MASK DesiredAccess,
774 IN POBJECT_ATTRIBUTES ObjectAttributes,
775 IN PUNICODE_STRING Name
776 );
777
778 /*
779 * FUNCTION: Creates a waitable timer.
780 * ARGUMENTS:
781 * TimerHandle (OUT) = Caller supplied storage for the resulting handle
782 * DesiredAccess = Specifies the allowed or desired access to the timer.
783 * ObjectAttributes = Initialized attributes for the object.
784 * TimerType = Specifies if the timer should be reset manually.
785 * REMARKS:
786 * This function maps to the win32 CreateWaitableTimer. lpTimerAttributes and lpTimerName map to
787 * corresponding fields in OBJECT_ATTRIBUTES structure.
788 * RETURNS: Status
789 */
790 NTSTATUS
791 STDCALL
792 NtCreateTimer(
793 OUT PHANDLE TimerHandle,
794 IN ACCESS_MASK DesiredAccess,
795 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
796 IN TIMER_TYPE TimerType
797 );
798
799 NTSTATUS
800 STDCALL
801 ZwCreateTimer(
802 OUT PHANDLE TimerHandle,
803 IN ACCESS_MASK DesiredAccess,
804 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
805 IN TIMER_TYPE TimerType
806 );
807
808 /*
809 * FUNCTION: Creates a token.
810 * ARGUMENTS:
811 * TokenHandle (OUT) = Caller supplied storage for the resulting handle
812 * DesiredAccess = Specifies the allowed or desired access to the process can
813 * be a combinate of STANDARD_RIGHTS_REQUIRED| ..
814 * ObjectAttribute = Initialized attributes for the object, contains the rootdirectory and the filename
815 * TokenType =
816 * AuthenticationId =
817 * ExpirationTime =
818 * TokenUser =
819 * TokenGroups =
820 * TokenPrivileges =
821 * TokenOwner =
822 * TokenPrimaryGroup =
823 * TokenDefaultDacl =
824 * TokenSource =
825 * REMARKS:
826 * This function does not map to a win32 function
827 * RETURNS: Status
828 */
829
830 NTSTATUS
831 STDCALL
832 NtCreateToken(
833 OUT PHANDLE TokenHandle,
834 IN ACCESS_MASK DesiredAccess,
835 IN POBJECT_ATTRIBUTES ObjectAttributes,
836 IN TOKEN_TYPE TokenType,
837 IN PLUID AuthenticationId,
838 IN PLARGE_INTEGER ExpirationTime,
839 IN PTOKEN_USER TokenUser,
840 IN PTOKEN_GROUPS TokenGroups,
841 IN PTOKEN_PRIVILEGES TokenPrivileges,
842 IN PTOKEN_OWNER TokenOwner,
843 IN PTOKEN_PRIMARY_GROUP TokenPrimaryGroup,
844 IN PTOKEN_DEFAULT_DACL TokenDefaultDacl,
845 IN PTOKEN_SOURCE TokenSource
846 );
847
848 NTSTATUS
849 STDCALL
850 ZwCreateToken(
851 OUT PHANDLE TokenHandle,
852 IN ACCESS_MASK DesiredAccess,
853 IN POBJECT_ATTRIBUTES ObjectAttributes,
854 IN TOKEN_TYPE TokenType,
855 IN PLUID AuthenticationId,
856 IN PLARGE_INTEGER ExpirationTime,
857 IN PTOKEN_USER TokenUser,
858 IN PTOKEN_GROUPS TokenGroups,
859 IN PTOKEN_PRIVILEGES TokenPrivileges,
860 IN PTOKEN_OWNER TokenOwner,
861 IN PTOKEN_PRIMARY_GROUP TokenPrimaryGroup,
862 IN PTOKEN_DEFAULT_DACL TokenDefaultDacl,
863 IN PTOKEN_SOURCE TokenSource
864 );
865
866 /*
867 * FUNCTION: Returns the callers thread TEB.
868 * RETURNS: The resulting teb.
869 */
870 #if 0
871 NT_TEB *
872 STDCALL
873 NtCurrentTeb(VOID
874 );
875 #endif
876
877 /*
878 * FUNCTION: Deletes an atom from the global atom table
879 * ARGUMENTS:
880 * Atom = Identifies the atom to delete
881 * REMARKS:
882 * The function maps to the win32 GlobalDeleteAtom
883 * RETURNS: Status
884 */
885 NTSTATUS
886 STDCALL
887 NtDeleteAtom(
888 IN RTL_ATOM Atom
889 );
890
891 NTSTATUS
892 STDCALL
893 ZwDeleteAtom(
894 IN RTL_ATOM Atom
895 );
896
897 /*
898 * FUNCTION: Deletes a file or a directory
899 * ARGUMENTS:
900 * ObjectAttributes = Name of the file which should be deleted
901 * REMARKS:
902 * This system call is functionally equivalent to NtSetInformationFile
903 * setting the disposition information.
904 * The function maps to the win32 DeleteFile.
905 * RETURNS: Status
906 */
907 NTSTATUS
908 STDCALL
909 NtDeleteFile(
910 IN POBJECT_ATTRIBUTES ObjectAttributes
911 );
912
913 NTSTATUS
914 STDCALL
915 ZwDeleteFile(
916 IN POBJECT_ATTRIBUTES ObjectAttributes
917 );
918
919 /*
920 * FUNCTION: Deletes a registry key
921 * ARGUMENTS:
922 * KeyHandle = Handle of the key
923 * RETURNS: Status
924 */
925 NTSTATUS
926 STDCALL
927 NtDeleteKey(
928 IN HANDLE KeyHandle
929 );
930 NTSTATUS
931 STDCALL
932 ZwDeleteKey(
933 IN HANDLE KeyHandle
934 );
935
936 /*
937 * FUNCTION: Generates a audit message when an object is deleted
938 * ARGUMENTS:
939 * SubsystemName = Spefies the name of the subsystem can be 'WIN32' or 'DEBUG'
940 * HandleId= Handle to an audit object
941 * GenerateOnClose = Value returned by NtAccessCheckAndAuditAlarm
942 * REMARKS: This function maps to the win32 ObjectCloseAuditAlarm
943 * RETURNS: Status
944 */
945
946 NTSTATUS
947 STDCALL
948 NtDeleteObjectAuditAlarm (
949 IN PUNICODE_STRING SubsystemName,
950 IN PVOID HandleId,
951 IN BOOLEAN GenerateOnClose
952 );
953
954 NTSTATUS
955 STDCALL
956 ZwDeleteObjectAuditAlarm (
957 IN PUNICODE_STRING SubsystemName,
958 IN PVOID HandleId,
959 IN BOOLEAN GenerateOnClose
960 );
961
962
963 /*
964 * FUNCTION: Deletes a value from a registry key
965 * ARGUMENTS:
966 * KeyHandle = Handle of the key
967 * ValueName = Name of the value to delete
968 * RETURNS: Status
969 */
970
971 NTSTATUS
972 STDCALL
973 NtDeleteValueKey(
974 IN HANDLE KeyHandle,
975 IN PUNICODE_STRING ValueName
976 );
977
978 NTSTATUS
979 STDCALL
980 ZwDeleteValueKey(
981 IN HANDLE KeyHandle,
982 IN PUNICODE_STRING ValueName
983 );
984 /*
985 * FUNCTION: Sends IOCTL to the io sub system
986 * ARGUMENTS:
987 * DeviceHandle = Points to the handle that is created by NtCreateFile
988 * Event = Event to synchronize on STATUS_PENDING
989 * ApcRoutine = Asynchroneous procedure callback
990 * ApcContext = Callback context.
991 * IoStatusBlock = Caller should supply storage for extra information..
992 * IoControlCode = Contains the IO Control command. This is an
993 * index to the structures in InputBuffer and OutputBuffer.
994 * InputBuffer = Caller should supply storage for input buffer if IOTL expects one.
995 * InputBufferSize = Size of the input bufffer
996 * OutputBuffer = Caller should supply storage for output buffer if IOTL expects one.
997 * OutputBufferSize = Size of the input bufffer
998 * RETURNS: Status
999 */
1000
1001 NTSTATUS
1002 STDCALL
1003 NtDeviceIoControlFile(
1004 IN HANDLE DeviceHandle,
1005 IN HANDLE Event OPTIONAL,
1006 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL,
1007 IN PVOID UserApcContext OPTIONAL,
1008 OUT PIO_STATUS_BLOCK IoStatusBlock,
1009 IN ULONG IoControlCode,
1010 IN PVOID InputBuffer,
1011 IN ULONG InputBufferSize,
1012 OUT PVOID OutputBuffer,
1013 IN ULONG OutputBufferSize
1014 );
1015
1016 NTSTATUS
1017 STDCALL
1018 ZwDeviceIoControlFile(
1019 IN HANDLE DeviceHandle,
1020 IN HANDLE Event OPTIONAL,
1021 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL,
1022 IN PVOID UserApcContext OPTIONAL,
1023 OUT PIO_STATUS_BLOCK IoStatusBlock,
1024 IN ULONG IoControlCode,
1025 IN PVOID InputBuffer,
1026 IN ULONG InputBufferSize,
1027 OUT PVOID OutputBuffer,
1028 IN ULONG OutputBufferSize
1029 );
1030 /*
1031 * FUNCTION: Displays a string on the blue screen
1032 * ARGUMENTS:
1033 * DisplayString = The string to display
1034 * RETURNS: Status
1035 */
1036
1037 NTSTATUS
1038 STDCALL
1039 NtDisplayString(
1040 IN PUNICODE_STRING DisplayString
1041 );
1042
1043 NTSTATUS
1044 STDCALL
1045 ZwDisplayString(
1046 IN PUNICODE_STRING DisplayString
1047 );
1048
1049 /*
1050 * FUNCTION: Returns information about the subkeys of an open key
1051 * ARGUMENTS:
1052 * KeyHandle = Handle of the key whose subkeys are to enumerated
1053 * Index = zero based index of the subkey for which information is
1054 * request
1055 * KeyInformationClass = Type of information returned
1056 * KeyInformation (OUT) = Caller allocated buffer for the information
1057 * about the key
1058 * Length = Length in bytes of the KeyInformation buffer
1059 * ResultLength (OUT) = Caller allocated storage which holds
1060 * the number of bytes of information retrieved
1061 * on return
1062 * RETURNS: Status
1063 */
1064 NTSTATUS
1065 STDCALL
1066 NtEnumerateKey(
1067 IN HANDLE KeyHandle,
1068 IN ULONG Index,
1069 IN KEY_INFORMATION_CLASS KeyInformationClass,
1070 OUT PVOID KeyInformation,
1071 IN ULONG Length,
1072 OUT PULONG ResultLength
1073 );
1074
1075 NTSTATUS
1076 STDCALL
1077 ZwEnumerateKey(
1078 IN HANDLE KeyHandle,
1079 IN ULONG Index,
1080 IN KEY_INFORMATION_CLASS KeyInformationClass,
1081 OUT PVOID KeyInformation,
1082 IN ULONG Length,
1083 OUT PULONG ResultLength
1084 );
1085 /*
1086 * FUNCTION: Returns information about the value entries of an open key
1087 * ARGUMENTS:
1088 * KeyHandle = Handle of the key whose value entries are to enumerated
1089 * Index = zero based index of the subkey for which information is
1090 * request
1091 * KeyInformationClass = Type of information returned
1092 * KeyInformation (OUT) = Caller allocated buffer for the information
1093 * about the key
1094 * Length = Length in bytes of the KeyInformation buffer
1095 * ResultLength (OUT) = Caller allocated storage which holds
1096 * the number of bytes of information retrieved
1097 * on return
1098 * RETURNS: Status
1099 */
1100 NTSTATUS
1101 STDCALL
1102 NtEnumerateValueKey(
1103 IN HANDLE KeyHandle,
1104 IN ULONG Index,
1105 IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass,
1106 OUT PVOID KeyValueInformation,
1107 IN ULONG Length,
1108 OUT PULONG ResultLength
1109 );
1110
1111 NTSTATUS
1112 STDCALL
1113 ZwEnumerateValueKey(
1114 IN HANDLE KeyHandle,
1115 IN ULONG Index,
1116 IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass,
1117 OUT PVOID KeyValueInformation,
1118 IN ULONG Length,
1119 OUT PULONG ResultLength
1120 );
1121
1122 /*
1123 * FUNCTION: Flushes chached file data to disk
1124 * ARGUMENTS:
1125 * FileHandle = Points to the file
1126 * IoStatusBlock = Caller must supply storage to receive the result of the flush
1127 * buffers operation. The information field is set to number of bytes
1128 * flushed to disk.
1129 * RETURNS: Status
1130 * REMARKS:
1131 * This funciton maps to the win32 FlushFileBuffers
1132 */
1133 NTSTATUS
1134 STDCALL
1135 NtFlushBuffersFile(
1136 IN HANDLE FileHandle,
1137 OUT PIO_STATUS_BLOCK IoStatusBlock
1138 );
1139
1140 NTSTATUS
1141 STDCALL
1142 ZwFlushBuffersFile(
1143 IN HANDLE FileHandle,
1144 OUT PIO_STATUS_BLOCK IoStatusBlock
1145 );
1146
1147 /*
1148 * FUNCTION: Flushes a registry key to disk
1149 * ARGUMENTS:
1150 * KeyHandle = Points to the registry key handle
1151 * RETURNS: Status
1152 * REMARKS:
1153 * This funciton maps to the win32 RegFlushKey.
1154 */
1155 NTSTATUS
1156 STDCALL
1157 NtFlushKey(
1158 IN HANDLE KeyHandle
1159 );
1160
1161 NTSTATUS
1162 STDCALL
1163 ZwFlushKey(
1164 IN HANDLE KeyHandle
1165 );
1166
1167 /*
1168 * FUNCTION: Flushes the dirty pages to file
1169 * RETURNS: Status
1170 * FIXME: Not sure this does (how is the file specified)
1171 */
1172 NTSTATUS STDCALL NtFlushWriteBuffer(VOID);
1173 NTSTATUS STDCALL ZwFlushWriteBuffer(VOID);
1174
1175 /*
1176 * FUNCTION: Frees a range of virtual memory
1177 * ARGUMENTS:
1178 * ProcessHandle = Points to the process that allocated the virtual
1179 * memory
1180 * BaseAddress = Points to the memory address, rounded down to a
1181 * multiple of the pagesize
1182 * RegionSize = Limits the range to free, rounded up to a multiple of
1183 * the paging size
1184 * FreeType = Can be one of the values: MEM_DECOMMIT, or MEM_RELEASE
1185 * RETURNS: Status
1186 */
1187 NTSTATUS STDCALL NtFreeVirtualMemory(IN HANDLE ProcessHandle,
1188 IN PVOID *BaseAddress,
1189 IN PULONG RegionSize,
1190 IN ULONG FreeType);
1191 NTSTATUS STDCALL ZwFreeVirtualMemory(IN HANDLE ProcessHandle,
1192 IN PVOID *BaseAddress,
1193 IN PULONG RegionSize,
1194 IN ULONG FreeType);
1195
1196 /*
1197 * FUNCTION: Sends FSCTL to the filesystem
1198 * ARGUMENTS:
1199 * DeviceHandle = Points to the handle that is created by NtCreateFile
1200 * Event = Event to synchronize on STATUS_PENDING
1201 * ApcRoutine =
1202 * ApcContext =
1203 * IoStatusBlock = Caller should supply storage for
1204 * IoControlCode = Contains the File System Control command. This is an
1205 * index to the structures in InputBuffer and OutputBuffer.
1206 * FSCTL_GET_RETRIEVAL_POINTERS MAPPING_PAIR
1207 * FSCTL_GET_RETRIEVAL_POINTERS GET_RETRIEVAL_DESCRIPTOR
1208 * FSCTL_GET_VOLUME_BITMAP BITMAP_DESCRIPTOR
1209 * FSCTL_MOVE_FILE MOVEFILE_DESCRIPTOR
1210 *
1211 * InputBuffer = Caller should supply storage for input buffer if FCTL expects one.
1212 * InputBufferSize = Size of the input bufffer
1213 * OutputBuffer = Caller should supply storage for output buffer if FCTL expects one.
1214 * OutputBufferSize = Size of the input bufffer
1215 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES |
1216 * STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST ]
1217 */
1218 NTSTATUS
1219 STDCALL
1220 NtFsControlFile(
1221 IN HANDLE DeviceHandle,
1222 IN HANDLE Event OPTIONAL,
1223 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
1224 IN PVOID ApcContext OPTIONAL,
1225 OUT PIO_STATUS_BLOCK IoStatusBlock,
1226 IN ULONG IoControlCode,
1227 IN PVOID InputBuffer,
1228 IN ULONG InputBufferSize,
1229 OUT PVOID OutputBuffer,
1230 IN ULONG OutputBufferSize
1231 );
1232
1233 NTSTATUS
1234 STDCALL
1235 ZwFsControlFile(
1236 IN HANDLE DeviceHandle,
1237 IN HANDLE Event OPTIONAL,
1238 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
1239 IN PVOID ApcContext OPTIONAL,
1240 OUT PIO_STATUS_BLOCK IoStatusBlock,
1241 IN ULONG IoControlCode,
1242 IN PVOID InputBuffer,
1243 IN ULONG InputBufferSize,
1244 OUT PVOID OutputBuffer,
1245 IN ULONG OutputBufferSize
1246 );
1247
1248 /*
1249 * FUNCTION: Retrieves the processor context of a thread
1250 * ARGUMENTS:
1251 * ThreadHandle = Handle to a thread
1252 * Context (OUT) = Caller allocated storage for the processor context
1253 * RETURNS: Status
1254 */
1255
1256 NTSTATUS
1257 STDCALL
1258 NtGetContextThread(
1259 IN HANDLE ThreadHandle,
1260 OUT PCONTEXT Context
1261 );
1262
1263 NTSTATUS
1264 STDCALL
1265 ZwGetContextThread(
1266 IN HANDLE ThreadHandle,
1267 OUT PCONTEXT Context
1268 );
1269
1270 /*
1271 * FUNCTION: Sets a thread to impersonate another
1272 * ARGUMENTS:
1273 * ThreadHandle = Server thread that will impersonate a client.
1274 ThreadToImpersonate = Client thread that will be impersonated
1275 SecurityQualityOfService = Specifies the impersonation level.
1276 * RETURNS: Status
1277 */
1278
1279 NTSTATUS
1280 STDCALL
1281 NtImpersonateThread(
1282 IN HANDLE ThreadHandle,
1283 IN HANDLE ThreadToImpersonate,
1284 IN PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService
1285 );
1286
1287 NTSTATUS
1288 STDCALL
1289 ZwImpersonateThread(
1290 IN HANDLE ThreadHandle,
1291 IN HANDLE ThreadToImpersonate,
1292 IN PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService
1293 );
1294
1295 /*
1296 * FUNCTION: Initializes the registry.
1297 * ARGUMENTS:
1298 * SetUpBoot = This parameter is true for a setup boot.
1299 * RETURNS: Status
1300 */
1301 NTSTATUS
1302 STDCALL
1303 NtInitializeRegistry(
1304 BOOLEAN SetUpBoot
1305 );
1306 NTSTATUS
1307 STDCALL
1308 ZwInitializeRegistry(
1309 BOOLEAN SetUpBoot
1310 );
1311
1312 /*
1313 * FUNCTION: Loads a driver.
1314 * ARGUMENTS:
1315 * DriverServiceName = Name of the driver to load
1316 * RETURNS: Status
1317 */
1318 NTSTATUS
1319 STDCALL
1320 NtLoadDriver(
1321 IN PUNICODE_STRING DriverServiceName
1322 );
1323
1324 NTSTATUS
1325 STDCALL
1326 ZwLoadDriver(
1327 IN PUNICODE_STRING DriverServiceName
1328 );
1329
1330 /*
1331 * FUNCTION: Locks a range of bytes in a file.
1332 * ARGUMENTS:
1333 * FileHandle = Handle to the file
1334 * Event = Should be null if apc is specified.
1335 * ApcRoutine = Asynchroneous Procedure Callback
1336 * ApcContext = Argument to the callback
1337 * IoStatusBlock (OUT) = Caller should supply storage for a structure containing
1338 * the completion status and information about the requested lock operation.
1339 * ByteOffset = Offset
1340 * Length = Number of bytes to lock.
1341 * Key = Special value to give other threads the possibility to unlock the file
1342 by supplying the key in a call to NtUnlockFile.
1343 * FailImmediatedly = If false the request will block untill the lock is obtained.
1344 * ExclusiveLock = Specifies whether a exclusive or a shared lock is obtained.
1345 * REMARK:
1346 This procedure maps to the win32 procedure LockFileEx. STATUS_PENDING is returned if the lock could
1347 not be obtained immediately, the device queue is busy and the IRP is queued.
1348 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES |
1349 STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_LOCK_NOT_GRANTED ]
1350
1351 */
1352 NTSTATUS
1353 STDCALL
1354 NtLockFile(
1355 IN HANDLE FileHandle,
1356 IN HANDLE Event OPTIONAL,
1357 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
1358 IN PVOID ApcContext OPTIONAL,
1359 OUT PIO_STATUS_BLOCK IoStatusBlock,
1360 IN PLARGE_INTEGER ByteOffset,
1361 IN PLARGE_INTEGER Length,
1362 IN PULONG Key,
1363 IN BOOLEAN FailImmediatedly,
1364 IN BOOLEAN ExclusiveLock
1365 );
1366
1367 NTSTATUS
1368 STDCALL
1369 ZwLockFile(
1370 IN HANDLE FileHandle,
1371 IN HANDLE Event OPTIONAL,
1372 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
1373 IN PVOID ApcContext OPTIONAL,
1374 OUT PIO_STATUS_BLOCK IoStatusBlock,
1375 IN PLARGE_INTEGER ByteOffset,
1376 IN PLARGE_INTEGER Length,
1377 IN PULONG Key,
1378 IN BOOLEAN FailImmediatedly,
1379 IN BOOLEAN ExclusiveLock
1380 );
1381
1382 /*
1383 * FUNCTION: Makes temporary object that will be removed at next boot.
1384 * ARGUMENTS:
1385 * Handle = Handle to object
1386 * RETURNS: Status
1387 */
1388
1389 NTSTATUS
1390 STDCALL
1391 NtMakeTemporaryObject(
1392 IN HANDLE Handle
1393 );
1394
1395 NTSTATUS
1396 STDCALL
1397 ZwMakeTemporaryObject(
1398 IN HANDLE Handle
1399 );
1400 /*
1401 * FUNCTION: Maps a view of a section into the virtual address space of a
1402 * process
1403 * ARGUMENTS:
1404 * SectionHandle = Handle of the section
1405 * ProcessHandle = Handle of the process
1406 * BaseAddress = Desired base address (or NULL) on entry
1407 * Actual base address of the view on exit
1408 * ZeroBits = Number of high order address bits that must be zero
1409 * CommitSize = Size in bytes of the initially committed section of
1410 * the view
1411 * SectionOffset = Offset in bytes from the beginning of the section
1412 * to the beginning of the view
1413 * ViewSize = Desired length of map (or zero to map all) on entry
1414 * Actual length mapped on exit
1415 * InheritDisposition = Specified how the view is to be shared with
1416 * child processes
1417 * AllocateType = Type of allocation for the pages
1418 * Protect = Protection for the committed region of the view
1419 * RETURNS: Status
1420 */
1421 NTSTATUS
1422 STDCALL
1423 NtMapViewOfSection(
1424 IN HANDLE SectionHandle,
1425 IN HANDLE ProcessHandle,
1426 IN OUT PVOID *BaseAddress,
1427 IN ULONG ZeroBits,
1428 IN ULONG CommitSize,
1429 IN OUT PLARGE_INTEGER SectionOffset OPTIONAL,
1430 IN OUT PULONG ViewSize,
1431 IN SECTION_INHERIT InheritDisposition,
1432 IN ULONG AllocationType,
1433 IN ULONG AccessProtection
1434 );
1435
1436 NTSTATUS
1437 STDCALL
1438 ZwMapViewOfSection(
1439 IN HANDLE SectionHandle,
1440 IN HANDLE ProcessHandle,
1441 IN OUT PVOID *BaseAddress,
1442 IN ULONG ZeroBits,
1443 IN ULONG CommitSize,
1444 IN OUT PLARGE_INTEGER SectionOffset OPTIONAL,
1445 IN OUT PULONG ViewSize,
1446 IN SECTION_INHERIT InheritDisposition,
1447 IN ULONG AllocationType,
1448 IN ULONG AccessProtection
1449 );
1450
1451 /*
1452 * FUNCTION: Installs a notify for the change of a directory's contents
1453 * ARGUMENTS:
1454 * FileHandle = Handle to the directory
1455 Event =
1456 * ApcRoutine = Start address
1457 * ApcContext = Delimits the range of virtual memory
1458 * for which the new access protection holds
1459 * IoStatusBlock = The new access proctection for the pages
1460 * Buffer = Caller supplies storage for resulting information --> FILE_NOTIFY_INFORMATION
1461 * BufferSize = Size of the buffer
1462 CompletionFilter = Can be one of the following values:
1463 FILE_NOTIFY_CHANGE_FILE_NAME
1464 FILE_NOTIFY_CHANGE_DIR_NAME
1465 FILE_NOTIFY_CHANGE_NAME ( FILE_NOTIFY_CHANGE_FILE_NAME | FILE_NOTIFY_CHANGE_DIR_NAME )
1466 FILE_NOTIFY_CHANGE_ATTRIBUTES
1467 FILE_NOTIFY_CHANGE_SIZE
1468 FILE_NOTIFY_CHANGE_LAST_WRITE
1469 FILE_NOTIFY_CHANGE_LAST_ACCESS
1470 FILE_NOTIFY_CHANGE_CREATION ( change of creation timestamp )
1471 FILE_NOTIFY_CHANGE_EA
1472 FILE_NOTIFY_CHANGE_SECURITY
1473 FILE_NOTIFY_CHANGE_STREAM_NAME
1474 FILE_NOTIFY_CHANGE_STREAM_SIZE
1475 FILE_NOTIFY_CHANGE_STREAM_WRITE
1476 WatchTree = If true the notify will be installed recursively on the targetdirectory and all subdirectories.
1477 *
1478 * REMARKS:
1479 * The function maps to the win32 FindFirstChangeNotification, FindNextChangeNotification
1480 * RETURNS: Status
1481 */
1482 NTSTATUS
1483 STDCALL
1484 NtNotifyChangeDirectoryFile(
1485 IN HANDLE FileHandle,
1486 IN HANDLE Event OPTIONAL,
1487 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
1488 IN PVOID ApcContext OPTIONAL,
1489 OUT PIO_STATUS_BLOCK IoStatusBlock,
1490 OUT PVOID Buffer,
1491 IN ULONG BufferSize,
1492 IN ULONG CompletionFilter,
1493 IN BOOLEAN WatchTree
1494 );
1495
1496 NTSTATUS
1497 STDCALL
1498 ZwNotifyChangeDirectoryFile(
1499 IN HANDLE FileHandle,
1500 IN HANDLE Event OPTIONAL,
1501 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
1502 IN PVOID ApcContext OPTIONAL,
1503 OUT PIO_STATUS_BLOCK IoStatusBlock,
1504 OUT PVOID Buffer,
1505 IN ULONG BufferSize,
1506 IN ULONG CompletionFilter,
1507 IN BOOLEAN WatchTree
1508 );
1509
1510 /*
1511 * FUNCTION: Installs a notfication callback on registry changes
1512 * ARGUMENTS:
1513 KeyHandle = Handle to the registry key
1514 Event = Event that should be signalled on modification of the key
1515 ApcRoutine = Routine that should be called on modification of the key
1516 ApcContext = Argument to the ApcRoutine
1517 IoStatusBlock = ???
1518 CompletionFilter = Specifies the kind of notification the caller likes to receive.
1519 Can be a combination of the following values:
1520
1521 REG_NOTIFY_CHANGE_NAME
1522 REG_NOTIFY_CHANGE_ATTRIBUTES
1523 REG_NOTIFY_CHANGE_LAST_SET
1524 REG_NOTIFY_CHANGE_SECURITY
1525
1526
1527 Asynchroneous = If TRUE the changes are reported by signalling an event if false
1528 the function will not return before a change occurs.
1529 ChangeBuffer = Will return the old value
1530 Length = Size of the change buffer
1531 WatchSubtree = Indicates if the caller likes to receive a notification of changes in
1532 sub keys or not.
1533 * REMARKS: If the key is closed the event is signalled aswell.
1534 * RETURNS: Status
1535 */
1536
1537 NTSTATUS
1538 STDCALL
1539 NtNotifyChangeKey(
1540 IN HANDLE KeyHandle,
1541 IN HANDLE Event,
1542 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
1543 IN PVOID ApcContext OPTIONAL,
1544 OUT PIO_STATUS_BLOCK IoStatusBlock,
1545 IN ULONG CompletionFilter,
1546 IN BOOLEAN Asynchroneous,
1547 OUT PVOID ChangeBuffer,
1548 IN ULONG Length,
1549 IN BOOLEAN WatchSubtree
1550 );
1551
1552 NTSTATUS
1553 STDCALL
1554 ZwNotifyChangeKey(
1555 IN HANDLE KeyHandle,
1556 IN HANDLE Event,
1557 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
1558 IN PVOID ApcContext OPTIONAL,
1559 OUT PIO_STATUS_BLOCK IoStatusBlock,
1560 IN ULONG CompletionFilter,
1561 IN BOOLEAN Asynchroneous,
1562 OUT PVOID ChangeBuffer,
1563 IN ULONG Length,
1564 IN BOOLEAN WatchSubtree
1565 );
1566
1567 /*
1568 * FUNCTION: Opens an existing directory object
1569 * ARGUMENTS:
1570 * FileHandle (OUT) = Caller supplied storage for the resulting handle
1571 * DesiredAccess = Requested access to the directory
1572 * ObjectAttributes = Initialized attributes for the object
1573 * RETURNS: Status
1574 */
1575
1576 NTSTATUS
1577 STDCALL
1578 NtOpenDirectoryObject(
1579 OUT PHANDLE FileHandle,
1580 IN ACCESS_MASK DesiredAccess,
1581 IN POBJECT_ATTRIBUTES ObjectAttributes
1582 );
1583 NTSTATUS
1584 STDCALL
1585 ZwOpenDirectoryObject(
1586 OUT PHANDLE FileHandle,
1587 IN ACCESS_MASK DesiredAccess,
1588 IN POBJECT_ATTRIBUTES ObjectAttributes
1589 );
1590
1591 /*
1592 * FUNCTION: Opens an existing event
1593 * ARGUMENTS:
1594 * EventHandle (OUT) = Caller supplied storage for the resulting handle
1595 * DesiredAccess = Requested access to the event
1596 * ObjectAttributes = Initialized attributes for the object
1597 * RETURNS: Status
1598 */
1599 NTSTATUS
1600 STDCALL
1601 NtOpenEvent(
1602 OUT PHANDLE EventHandle,
1603 IN ACCESS_MASK DesiredAccess,
1604 IN POBJECT_ATTRIBUTES ObjectAttributes
1605 );
1606
1607 NTSTATUS
1608 STDCALL
1609 ZwOpenEvent(
1610 OUT PHANDLE EventHandle,
1611 IN ACCESS_MASK DesiredAccess,
1612 IN POBJECT_ATTRIBUTES ObjectAttributes
1613 );
1614
1615 /*
1616 * FUNCTION: Opens an existing event pair
1617 * ARGUMENTS:
1618 * EventHandle (OUT) = Caller supplied storage for the resulting handle
1619 * DesiredAccess = Requested access to the event
1620 * ObjectAttributes = Initialized attributes for the object
1621 * RETURNS: Status
1622 */
1623
1624 NTSTATUS
1625 STDCALL
1626 NtOpenEventPair(
1627 OUT PHANDLE EventPairHandle,
1628 IN ACCESS_MASK DesiredAccess,
1629 IN POBJECT_ATTRIBUTES ObjectAttributes
1630 );
1631
1632 NTSTATUS
1633 STDCALL
1634 ZwOpenEventPair(
1635 OUT PHANDLE EventPairHandle,
1636 IN ACCESS_MASK DesiredAccess,
1637 IN POBJECT_ATTRIBUTES ObjectAttributes
1638 );
1639 /*
1640 * FUNCTION: Opens an existing file
1641 * ARGUMENTS:
1642 * FileHandle (OUT) = Caller supplied storage for the resulting handle
1643 * DesiredAccess = Requested access to the file
1644 * ObjectAttributes = Initialized attributes for the object
1645 * IoStatusBlock =
1646 * ShareAccess =
1647 * OpenOptions =
1648 * RETURNS: Status
1649 */
1650 NTSTATUS
1651 STDCALL
1652 NtOpenFile(
1653 OUT PHANDLE FileHandle,
1654 IN ACCESS_MASK DesiredAccess,
1655 IN POBJECT_ATTRIBUTES ObjectAttributes,
1656 OUT PIO_STATUS_BLOCK IoStatusBlock,
1657 IN ULONG ShareAccess,
1658 IN ULONG OpenOptions
1659 );
1660
1661 NTSTATUS
1662 STDCALL
1663 ZwOpenFile(
1664 OUT PHANDLE FileHandle,
1665 IN ACCESS_MASK DesiredAccess,
1666 IN POBJECT_ATTRIBUTES ObjectAttributes,
1667 OUT PIO_STATUS_BLOCK IoStatusBlock,
1668 IN ULONG ShareAccess,
1669 IN ULONG OpenOptions
1670 );
1671
1672 /*
1673 * FUNCTION: Opens an existing io completion object
1674 * ARGUMENTS:
1675 * CompletionPort (OUT) = Caller supplied storage for the resulting handle
1676 * DesiredAccess = Requested access to the io completion object
1677 * ObjectAttributes = Initialized attributes for the object
1678 * RETURNS: Status
1679 */
1680
1681 NTSTATUS
1682 STDCALL
1683 NtOpenIoCompletion(
1684 OUT PHANDLE CompetionPort,
1685 IN ACCESS_MASK DesiredAccess,
1686 IN POBJECT_ATTRIBUTES ObjectAttributes
1687 );
1688
1689 NTSTATUS
1690 STDCALL
1691 ZwOpenIoCompletion(
1692 OUT PHANDLE CompetionPort,
1693 IN ACCESS_MASK DesiredAccess,
1694 IN POBJECT_ATTRIBUTES ObjectAttributes
1695 );
1696
1697 /*
1698 * FUNCTION: Opens an existing key in the registry
1699 * ARGUMENTS:
1700 * KeyHandle (OUT) = Caller supplied storage for the resulting handle
1701 * DesiredAccess = Requested access to the key
1702 * ObjectAttributes = Initialized attributes for the object
1703 * RETURNS: Status
1704 */
1705 NTSTATUS
1706 STDCALL
1707 NtOpenKey(
1708 OUT PHANDLE KeyHandle,
1709 IN ACCESS_MASK DesiredAccess,
1710 IN POBJECT_ATTRIBUTES ObjectAttributes
1711 );
1712
1713 NTSTATUS
1714 STDCALL
1715 ZwOpenKey(
1716 OUT PHANDLE KeyHandle,
1717 IN ACCESS_MASK DesiredAccess,
1718 IN POBJECT_ATTRIBUTES ObjectAttributes
1719 );
1720 /*
1721 * FUNCTION: Opens an existing key in the registry
1722 * ARGUMENTS:
1723 * MutantHandle (OUT) = Caller supplied storage for the resulting handle
1724 * DesiredAccess = Requested access to the mutant
1725 * ObjectAttribute = Initialized attributes for the object
1726 * RETURNS: Status
1727 */
1728 NTSTATUS
1729 STDCALL
1730 NtOpenMutant(
1731 OUT PHANDLE MutantHandle,
1732 IN ACCESS_MASK DesiredAccess,
1733 IN POBJECT_ATTRIBUTES ObjectAttributes
1734 );
1735 NTSTATUS
1736 STDCALL
1737 ZwOpenMutant(
1738 OUT PHANDLE MutantHandle,
1739 IN ACCESS_MASK DesiredAccess,
1740 IN POBJECT_ATTRIBUTES ObjectAttributes
1741 );
1742
1743 /*
1744 * FUNCTION: Opens an existing process
1745 * ARGUMENTS:
1746 * ProcessHandle (OUT) = Caller supplied storage for the resulting handle
1747 * DesiredAccess = Requested access to the process
1748 * ObjectAttribute = Initialized attributes for the object
1749 * ClientId = Identifies the process id to open
1750 * RETURNS: Status
1751 */
1752 NTSTATUS
1753 STDCALL
1754 NtOpenProcess (
1755 OUT PHANDLE ProcessHandle,
1756 IN ACCESS_MASK DesiredAccess,
1757 IN POBJECT_ATTRIBUTES ObjectAttributes,
1758 IN PCLIENT_ID ClientId
1759 );
1760 NTSTATUS
1761 STDCALL
1762 ZwOpenProcess (
1763 OUT PHANDLE ProcessHandle,
1764 IN ACCESS_MASK DesiredAccess,
1765 IN POBJECT_ATTRIBUTES ObjectAttributes,
1766 IN PCLIENT_ID ClientId
1767 );
1768 /*
1769 * FUNCTION: Opens an existing process
1770 * ARGUMENTS:
1771 * ProcessHandle = Handle of the process of which owns the token
1772 * DesiredAccess = Requested access to the token
1773 * TokenHandle (OUT) = Caller supplies storage for the resulting token.
1774 * REMARKS:
1775 This function maps to the win32
1776 * RETURNS: Status
1777 */
1778
1779 NTSTATUS
1780 STDCALL
1781 NtOpenProcessToken(
1782 IN HANDLE ProcessHandle,
1783 IN ACCESS_MASK DesiredAccess,
1784 OUT PHANDLE TokenHandle
1785 );
1786
1787 NTSTATUS
1788 STDCALL
1789 ZwOpenProcessToken(
1790 IN HANDLE ProcessHandle,
1791 IN ACCESS_MASK DesiredAccess,
1792 OUT PHANDLE TokenHandle
1793 );
1794
1795 /*
1796 * FUNCTION: Opens an existing section object
1797 * ARGUMENTS:
1798 * KeyHandle (OUT) = Caller supplied storage for the resulting handle
1799 * DesiredAccess = Requested access to the key
1800 * ObjectAttribute = Initialized attributes for the object
1801 * RETURNS: Status
1802 */
1803
1804 NTSTATUS
1805 STDCALL
1806 NtOpenSection(
1807 OUT PHANDLE SectionHandle,
1808 IN ACCESS_MASK DesiredAccess,
1809 IN POBJECT_ATTRIBUTES ObjectAttributes
1810 );
1811 NTSTATUS
1812 STDCALL
1813 ZwOpenSection(
1814 OUT PHANDLE SectionHandle,
1815 IN ACCESS_MASK DesiredAccess,
1816 IN POBJECT_ATTRIBUTES ObjectAttributes
1817 );
1818 /*
1819 * FUNCTION: Opens an existing semaphore
1820 * ARGUMENTS:
1821 * SemaphoreHandle (OUT) = Caller supplied storage for the resulting handle
1822 * DesiredAccess = Requested access to the semaphore
1823 * ObjectAttribute = Initialized attributes for the object
1824 * RETURNS: Status
1825 */
1826 NTSTATUS
1827 STDCALL
1828 NtOpenSemaphore(
1829 IN HANDLE SemaphoreHandle,
1830 IN ACCESS_MASK DesiredAcces,
1831 IN POBJECT_ATTRIBUTES ObjectAttributes
1832 );
1833 NTSTATUS
1834 STDCALL
1835 ZwOpenSemaphore(
1836 IN HANDLE SemaphoreHandle,
1837 IN ACCESS_MASK DesiredAcces,
1838 IN POBJECT_ATTRIBUTES ObjectAttributes
1839 );
1840 /*
1841 * FUNCTION: Opens an existing symbolic link
1842 * ARGUMENTS:
1843 * SymbolicLinkHandle (OUT) = Caller supplied storage for the resulting handle
1844 * DesiredAccess = Requested access to the symbolic link
1845 * ObjectAttribute = Initialized attributes for the object
1846 * RETURNS: Status
1847 */
1848 NTSTATUS
1849 STDCALL
1850 NtOpenSymbolicLinkObject(
1851 OUT PHANDLE SymbolicLinkHandle,
1852 IN ACCESS_MASK DesiredAccess,
1853 IN POBJECT_ATTRIBUTES ObjectAttributes
1854 );
1855 NTSTATUS
1856 STDCALL
1857 ZwOpenSymbolicLinkObject(
1858 OUT PHANDLE SymbolicLinkHandle,
1859 IN ACCESS_MASK DesiredAccess,
1860 IN POBJECT_ATTRIBUTES ObjectAttributes
1861 );
1862 /*
1863 * FUNCTION: Opens an existing thread
1864 * ARGUMENTS:
1865 * ThreadHandle (OUT) = Caller supplied storage for the resulting handle
1866 * DesiredAccess = Requested access to the thread
1867 * ObjectAttribute = Initialized attributes for the object
1868 * ClientId = Identifies the thread to open.
1869 * RETURNS: Status
1870 */
1871 NTSTATUS
1872 STDCALL
1873 NtOpenThread(
1874 OUT PHANDLE ThreadHandle,
1875 IN ACCESS_MASK DesiredAccess,
1876 IN POBJECT_ATTRIBUTES ObjectAttributes,
1877 IN PCLIENT_ID ClientId
1878 );
1879 NTSTATUS
1880 STDCALL
1881 ZwOpenThread(
1882 OUT PHANDLE ThreadHandle,
1883 IN ACCESS_MASK DesiredAccess,
1884 IN POBJECT_ATTRIBUTES ObjectAttributes,
1885 IN PCLIENT_ID ClientId
1886 );
1887
1888 NTSTATUS
1889 STDCALL
1890 NtOpenThreadToken(
1891 IN HANDLE ThreadHandle,
1892 IN ACCESS_MASK DesiredAccess,
1893 IN BOOLEAN OpenAsSelf,
1894 OUT PHANDLE TokenHandle
1895 );
1896
1897 NTSTATUS
1898 STDCALL
1899 ZwOpenThreadToken(
1900 IN HANDLE ThreadHandle,
1901 IN ACCESS_MASK DesiredAccess,
1902 IN BOOLEAN OpenAsSelf,
1903 OUT PHANDLE TokenHandle
1904 );
1905 /*
1906 * FUNCTION: Opens an existing timer
1907 * ARGUMENTS:
1908 * TimerHandle (OUT) = Caller supplied storage for the resulting handle
1909 * DesiredAccess = Requested access to the timer
1910 * ObjectAttribute = Initialized attributes for the object
1911 * RETURNS: Status
1912 */
1913 NTSTATUS
1914 STDCALL
1915 NtOpenTimer(
1916 OUT PHANDLE TimerHandle,
1917 IN ACCESS_MASK DesiredAccess,
1918 IN POBJECT_ATTRIBUTES ObjectAttributes
1919 );
1920 NTSTATUS
1921 STDCALL
1922 ZwOpenTimer(
1923 OUT PHANDLE TimerHandle,
1924 IN ACCESS_MASK DesiredAccess,
1925 IN POBJECT_ATTRIBUTES ObjectAttributes
1926 );
1927
1928 /*
1929 * FUNCTION: Checks an access token for specific privileges
1930 * ARGUMENTS:
1931 * ClientToken = Handle to a access token structure
1932 * RequiredPrivileges = Specifies the requested privileges.
1933 * Result = Caller supplies storage for the result. If PRIVILEGE_SET_ALL_NECESSARY is
1934 set in the Control member of PRIVILEGES_SET Result
1935 will only be TRUE if all privileges are present in the access token.
1936 * RETURNS: Status
1937 */
1938
1939 NTSTATUS
1940 STDCALL
1941 NtPrivilegeCheck(
1942 IN HANDLE ClientToken,
1943 IN PPRIVILEGE_SET RequiredPrivileges,
1944 IN PBOOLEAN Result
1945 );
1946
1947 NTSTATUS
1948 STDCALL
1949 ZwPrivilegeCheck(
1950 IN HANDLE ClientToken,
1951 IN PPRIVILEGE_SET RequiredPrivileges,
1952 IN PBOOLEAN Result
1953 );
1954
1955 NTSTATUS
1956 STDCALL
1957 NtPrivilegedServiceAuditAlarm(
1958 IN PUNICODE_STRING SubsystemName,
1959 IN PUNICODE_STRING ServiceName,
1960 IN HANDLE ClientToken,
1961 IN PPRIVILEGE_SET Privileges,
1962 IN BOOLEAN AccessGranted
1963 );
1964
1965 NTSTATUS
1966 STDCALL
1967 ZwPrivilegedServiceAuditAlarm(
1968 IN PUNICODE_STRING SubsystemName,
1969 IN PUNICODE_STRING ServiceName,
1970 IN HANDLE ClientToken,
1971 IN PPRIVILEGE_SET Privileges,
1972 IN BOOLEAN AccessGranted
1973 );
1974
1975 NTSTATUS
1976 STDCALL
1977 NtPrivilegeObjectAuditAlarm(
1978 IN PUNICODE_STRING SubsystemName,
1979 IN PVOID HandleId,
1980 IN HANDLE ClientToken,
1981 IN ULONG DesiredAccess,
1982 IN PPRIVILEGE_SET Privileges,
1983 IN BOOLEAN AccessGranted
1984 );
1985
1986 NTSTATUS
1987 STDCALL
1988 ZwPrivilegeObjectAuditAlarm(
1989 IN PUNICODE_STRING SubsystemName,
1990 IN PVOID HandleId,
1991 IN HANDLE ClientToken,
1992 IN ULONG DesiredAccess,
1993 IN PPRIVILEGE_SET Privileges,
1994 IN BOOLEAN AccessGranted
1995 );
1996
1997 /*
1998 * FUNCTION: Entry point for native applications
1999 * ARGUMENTS:
2000 * Peb = Pointes to the Process Environment Block (PEB)
2001 * REMARKS:
2002 * Native applications should use this function instead of a main.
2003 * Calling proces should terminate itself.
2004 * RETURNS: Status
2005 */
2006 VOID STDCALL
2007 NtProcessStartup(
2008 IN PPEB Peb
2009 );
2010
2011
2012 /*
2013 * FUNCTION: Signals an event and resets it afterwards.
2014 * ARGUMENTS:
2015 * EventHandle = Handle to the event
2016 * PulseCount = Number of times the action is repeated
2017 * RETURNS: Status
2018 */
2019 NTSTATUS
2020 STDCALL
2021 NtPulseEvent(
2022 IN HANDLE EventHandle,
2023 IN PULONG PulseCount OPTIONAL
2024 );
2025
2026 NTSTATUS
2027 STDCALL
2028 ZwPulseEvent(
2029 IN HANDLE EventHandle,
2030 IN PULONG PulseCount OPTIONAL
2031 );
2032
2033 /*
2034 * FUNCTION: Queries the attributes of a file
2035 * ARGUMENTS:
2036 * ObjectAttributes = Initialized attributes for the object
2037 * Buffer = Caller supplies storage for the attributes
2038 * RETURNS: Status
2039 */
2040
2041 NTSTATUS STDCALL
2042 NtQueryAttributesFile(IN POBJECT_ATTRIBUTES ObjectAttributes,
2043 OUT PFILE_BASIC_INFORMATION FileInformation);
2044
2045 NTSTATUS STDCALL
2046 ZwQueryAttributesFile(IN POBJECT_ATTRIBUTES ObjectAttributes,
2047 OUT PFILE_BASIC_INFORMATION FileInformation);
2048
2049 /*
2050 * FUNCTION: Queries the default locale id
2051 * ARGUMENTS:
2052 * UserProfile = Type of locale id
2053 * TRUE: thread locale id
2054 * FALSE: system locale id
2055 * DefaultLocaleId = Caller supplies storage for the locale id
2056 * RETURNS: Status
2057 */
2058
2059 NTSTATUS
2060 STDCALL
2061 NtQueryDefaultLocale(
2062 IN BOOLEAN UserProfile,
2063 OUT PLCID DefaultLocaleId
2064 );
2065
2066 NTSTATUS
2067 STDCALL
2068 ZwQueryDefaultLocale(
2069 IN BOOLEAN UserProfile,
2070 OUT PLCID DefaultLocaleId
2071 );
2072
2073 /*
2074 * FUNCTION: Queries a directory file.
2075 * ARGUMENTS:
2076 * FileHandle = Handle to a directory file
2077 * EventHandle = Handle to the event signaled on completion
2078 * ApcRoutine = Asynchroneous procedure callback, called on completion
2079 * ApcContext = Argument to the apc.
2080 * IoStatusBlock = Caller supplies storage for extended status information.
2081 * FileInformation = Caller supplies storage for the resulting information.
2082 *
2083 * FileNameInformation FILE_NAMES_INFORMATION
2084 * FileDirectoryInformation FILE_DIRECTORY_INFORMATION
2085 * FileFullDirectoryInformation FILE_FULL_DIRECTORY_INFORMATION
2086 * FileBothDirectoryInformation FILE_BOTH_DIR_INFORMATION
2087 *
2088 * Length = Size of the storage supplied
2089 * FileInformationClass = Indicates the type of information requested.
2090 * ReturnSingleEntry = Specify true if caller only requests the first directory found.
2091 * FileName = Initial directory name to query, that may contain wild cards.
2092 * RestartScan = Number of times the action should be repeated
2093 * RETURNS: Status [ STATUS_SUCCESS, STATUS_ACCESS_DENIED, STATUS_INSUFFICIENT_RESOURCES,
2094 * STATUS_INVALID_PARAMETER, STATUS_INVALID_DEVICE_REQUEST, STATUS_BUFFER_OVERFLOW,
2095 * STATUS_INVALID_INFO_CLASS, STATUS_NO_SUCH_FILE, STATUS_NO_MORE_FILES ]
2096 */
2097
2098 NTSTATUS
2099 STDCALL
2100 NtQueryDirectoryFile(
2101 IN HANDLE FileHandle,
2102 IN HANDLE Event OPTIONAL,
2103 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
2104 IN PVOID ApcContext OPTIONAL,
2105 OUT PIO_STATUS_BLOCK IoStatusBlock,
2106 OUT PVOID FileInformation,
2107 IN ULONG Length,
2108 IN FILE_INFORMATION_CLASS FileInformationClass,
2109 IN BOOLEAN ReturnSingleEntry,
2110 IN PUNICODE_STRING FileName OPTIONAL,
2111 IN BOOLEAN RestartScan
2112 );
2113
2114 NTSTATUS
2115 STDCALL
2116 ZwQueryDirectoryFile(
2117 IN HANDLE FileHandle,
2118 IN HANDLE Event OPTIONAL,
2119 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
2120 IN PVOID ApcContext OPTIONAL,
2121 OUT PIO_STATUS_BLOCK IoStatusBlock,
2122 OUT PVOID FileInformation,
2123 IN ULONG Length,
2124 IN FILE_INFORMATION_CLASS FileInformationClass,
2125 IN BOOLEAN ReturnSingleEntry,
2126 IN PUNICODE_STRING FileName OPTIONAL,
2127 IN BOOLEAN RestartScan
2128 );
2129
2130 /*
2131 * FUNCTION: Queries the extended attributes of a file
2132 * ARGUMENTS:
2133 * FileHandle = Handle to the event
2134 * IoStatusBlock = Number of times the action is repeated
2135 * Buffer
2136 * Length
2137 * ReturnSingleEntry
2138 * EaList
2139 * EaListLength
2140 * EaIndex
2141 * RestartScan
2142 * RETURNS: Status
2143 */
2144
2145 NTSTATUS
2146 STDCALL
2147 NtQueryEaFile(
2148 IN HANDLE FileHandle,
2149 OUT PIO_STATUS_BLOCK IoStatusBlock,
2150 OUT PVOID Buffer,
2151 IN ULONG Length,
2152 IN BOOLEAN ReturnSingleEntry,
2153 IN PVOID EaList OPTIONAL,
2154 IN ULONG EaListLength,
2155 IN PULONG EaIndex OPTIONAL,
2156 IN BOOLEAN RestartScan
2157 );
2158
2159 NTSTATUS
2160 STDCALL
2161 ZwQueryEaFile(
2162 IN HANDLE FileHandle,
2163 OUT PIO_STATUS_BLOCK IoStatusBlock,
2164 OUT PVOID Buffer,
2165 IN ULONG Length,
2166 IN BOOLEAN ReturnSingleEntry,
2167 IN PVOID EaList OPTIONAL,
2168 IN ULONG EaListLength,
2169 IN PULONG EaIndex OPTIONAL,
2170 IN BOOLEAN RestartScan
2171 );
2172
2173 /*
2174 * FUNCTION: Queries an event
2175 * ARGUMENTS:
2176 * EventHandle = Handle to the event
2177 * EventInformationClass = Index of the information structure
2178
2179 EventBasicInformation EVENT_BASIC_INFORMATION
2180
2181 * EventInformation = Caller supplies storage for the information structure
2182 * EventInformationLength = Size of the information structure
2183 * ReturnLength = Data written
2184 * RETURNS: Status
2185 */
2186 NTSTATUS
2187 STDCALL
2188 NtQueryEvent(
2189 IN HANDLE EventHandle,
2190 IN EVENT_INFORMATION_CLASS EventInformationClass,
2191 OUT PVOID EventInformation,
2192 IN ULONG EventInformationLength,
2193 OUT PULONG ReturnLength
2194 );
2195 NTSTATUS
2196 STDCALL
2197 ZwQueryEvent(
2198 IN HANDLE EventHandle,
2199 IN EVENT_INFORMATION_CLASS EventInformationClass,
2200 OUT PVOID EventInformation,
2201 IN ULONG EventInformationLength,
2202 OUT PULONG ReturnLength
2203 );
2204
2205 NTSTATUS STDCALL
2206 NtQueryFullAttributesFile(IN POBJECT_ATTRIBUTES ObjectAttributes,
2207 OUT PFILE_NETWORK_OPEN_INFORMATION FileInformation);
2208
2209 NTSTATUS STDCALL
2210 ZwQueryFullAttributesFile(IN POBJECT_ATTRIBUTES ObjectAttributes,
2211 OUT PFILE_NETWORK_OPEN_INFORMATION FileInformation);
2212
2213 /*
2214 * FUNCTION: Queries the information of a file object.
2215 * ARGUMENTS:
2216 * FileHandle = Handle to the file object
2217 * IoStatusBlock = Caller supplies storage for extended information
2218 * on the current operation.
2219 * FileInformation = Storage for the new file information
2220 * Lenght = Size of the storage for the file information.
2221 * FileInformationClass = Indicates which file information is queried
2222
2223 FileDirectoryInformation FILE_DIRECTORY_INFORMATION
2224 FileFullDirectoryInformation FILE_FULL_DIRECTORY_INFORMATION
2225 FileBothDirectoryInformation FILE_BOTH_DIRECTORY_INFORMATION
2226 FileBasicInformation FILE_BASIC_INFORMATION
2227 FileStandardInformation FILE_STANDARD_INFORMATION
2228 FileInternalInformation FILE_INTERNAL_INFORMATION
2229 FileEaInformation FILE_EA_INFORMATION
2230 FileAccessInformation FILE_ACCESS_INFORMATION
2231 FileNameInformation FILE_NAME_INFORMATION
2232 FileRenameInformation FILE_RENAME_INFORMATION
2233 FileLinkInformation
2234 FileNamesInformation FILE_NAMES_INFORMATION
2235 FileDispositionInformation FILE_DISPOSITION_INFORMATION
2236 FilePositionInformation FILE_POSITION_INFORMATION
2237 FileFullEaInformation FILE_FULL_EA_INFORMATION
2238 FileModeInformation FILE_MODE_INFORMATION
2239 FileAlignmentInformation FILE_ALIGNMENT_INFORMATION
2240 FileAllInformation FILE_ALL_INFORMATION
2241
2242 FileEndOfFileInformation FILE_END_OF_FILE_INFORMATION
2243 FileAlternateNameInformation
2244 FileStreamInformation FILE_STREAM_INFORMATION
2245 FilePipeInformation
2246 FilePipeLocalInformation
2247 FilePipeRemoteInformation
2248 FileMailslotQueryInformation
2249 FileMailslotSetInformation
2250 FileCompressionInformation FILE_COMPRESSION_INFORMATION
2251 FileCopyOnWriteInformation
2252 FileCompletionInformation IO_COMPLETION_CONTEXT
2253 FileMoveClusterInformation
2254 FileOleClassIdInformation
2255 FileOleStateBitsInformation
2256 FileNetworkOpenInformation FILE_NETWORK_OPEN_INFORMATION
2257 FileObjectIdInformation
2258 FileOleAllInformation
2259 FileOleDirectoryInformation
2260 FileContentIndexInformation
2261 FileInheritContentIndexInformation
2262 FileOleInformation
2263 FileMaximumInformation
2264
2265 * REMARK:
2266 * This procedure maps to the win32 GetShortPathName, GetLongPathName,
2267 GetFullPathName, GetFileType, GetFileSize, GetFileTime functions.
2268 * RETURNS: Status
2269 */
2270 NTSTATUS
2271 STDCALL
2272 NtQueryInformationFile(
2273 IN HANDLE FileHandle,
2274 OUT PIO_STATUS_BLOCK IoStatusBlock,
2275 OUT PVOID FileInformation,
2276 IN ULONG Length,
2277 IN FILE_INFORMATION_CLASS FileInformationClass
2278 );
2279
2280 NTSTATUS
2281 STDCALL
2282 ZwQueryInformationFile(
2283 HANDLE FileHandle,
2284 PIO_STATUS_BLOCK IoStatusBlock,
2285 PVOID FileInformation,
2286 ULONG Length,
2287 FILE_INFORMATION_CLASS FileInformationClass
2288 );
2289
2290
2291 /*
2292 * FUNCTION: Queries the information of a thread object.
2293 * ARGUMENTS:
2294 * ThreadHandle = Handle to the thread object
2295 * ThreadInformationClass = Index to a certain information structure
2296
2297 ThreadBasicInformation THREAD_BASIC_INFORMATION
2298 ThreadTimes KERNEL_USER_TIMES
2299 ThreadPriority KPRIORITY
2300 ThreadBasePriority KPRIORITY
2301 ThreadAffinityMask KAFFINITY
2302 ThreadImpersonationToken
2303 ThreadDescriptorTableEntry
2304 ThreadEnableAlignmentFaultFixup
2305 ThreadEventPair
2306 ThreadQuerySetWin32StartAddress
2307 ThreadZeroTlsCell
2308 ThreadPerformanceCount
2309 ThreadAmILastThread BOOLEAN
2310 ThreadIdealProcessor ULONG
2311 ThreadPriorityBoost ULONG
2312 MaxThreadInfoClass
2313
2314
2315 * ThreadInformation = Caller supplies torage for the thread information
2316 * ThreadInformationLength = Size of the thread information structure
2317 * ReturnLength = Actual number of bytes written
2318
2319 * REMARK:
2320 * This procedure maps to the win32 GetThreadTimes, GetThreadPriority,
2321 GetThreadPriorityBoost functions.
2322 * RETURNS: Status
2323 */
2324
2325
2326 NTSTATUS
2327 STDCALL
2328 NtQueryInformationThread(
2329 IN HANDLE ThreadHandle,
2330 IN THREADINFOCLASS ThreadInformationClass,
2331 OUT PVOID ThreadInformation,
2332 IN ULONG ThreadInformationLength,
2333 OUT PULONG ReturnLength
2334 );
2335
2336
2337 NTSTATUS
2338 STDCALL
2339 NtQueryInformationToken(
2340 IN HANDLE TokenHandle,
2341 IN TOKEN_INFORMATION_CLASS TokenInformationClass,
2342 OUT PVOID TokenInformation,
2343 IN ULONG TokenInformationLength,
2344 OUT PULONG ReturnLength
2345 );
2346
2347 NTSTATUS
2348 STDCALL
2349 ZwQueryInformationToken(
2350 IN HANDLE TokenHandle,
2351 IN TOKEN_INFORMATION_CLASS TokenInformationClass,
2352 OUT PVOID TokenInformation,
2353 IN ULONG TokenInformationLength,
2354 OUT PULONG ReturnLength
2355 );
2356
2357 NTSTATUS
2358 STDCALL
2359 NtQueryIoCompletion(
2360 IN HANDLE CompletionPort,
2361 IN ULONG CompletionKey,
2362 OUT PIO_STATUS_BLOCK IoStatusBlock,
2363 OUT PULONG NumberOfBytesTransferred
2364 );
2365 NTSTATUS
2366 STDCALL
2367 ZwQueryIoCompletion(
2368 IN HANDLE CompletionPort,
2369 IN ULONG CompletionKey,
2370 OUT PIO_STATUS_BLOCK IoStatusBlock,
2371 OUT PULONG NumberOfBytesTransferred
2372 );
2373
2374
2375 /*
2376 * FUNCTION: Queries the information of a registry key object.
2377 * ARGUMENTS:
2378 KeyHandle = Handle to a registry key
2379 KeyInformationClass = Index to a certain information structure
2380 KeyInformation = Caller supplies storage for resulting information
2381 Length = Size of the supplied storage
2382 ResultLength = Bytes written
2383 */
2384 NTSTATUS
2385 STDCALL
2386 NtQueryKey(
2387 IN HANDLE KeyHandle,
2388 IN KEY_INFORMATION_CLASS KeyInformationClass,
2389 OUT PVOID KeyInformation,
2390 IN ULONG Length,
2391 OUT PULONG ResultLength
2392 );
2393
2394 NTSTATUS
2395 STDCALL
2396 ZwQueryKey(
2397 IN HANDLE KeyHandle,
2398 IN KEY_INFORMATION_CLASS KeyInformationClass,
2399 OUT PVOID KeyInformation,
2400 IN ULONG Length,
2401 OUT PULONG ResultLength
2402 );
2403
2404
2405 // draft
2406
2407 NTSTATUS
2408 STDCALL
2409 NtQueryMultipleValueKey(
2410 IN HANDLE KeyHandle,
2411 IN OUT PKEY_VALUE_ENTRY ValueList,
2412 IN ULONG NumberOfValues,
2413 OUT PVOID Buffer,
2414 IN OUT PULONG Length,
2415 OUT PULONG ReturnLength
2416 );
2417
2418 NTSTATUS
2419 STDCALL
2420 ZwQueryMultipleValueKey(
2421 IN HANDLE KeyHandle,
2422 IN OUT PKEY_VALUE_ENTRY ValueList,
2423 IN ULONG NumberOfValues,
2424 OUT PVOID Buffer,
2425 IN OUT PULONG Length,
2426 OUT PULONG ReturnLength
2427 );
2428
2429 /*
2430 * FUNCTION: Queries the information of a mutant object.
2431 * ARGUMENTS:
2432 MutantHandle = Handle to a mutant
2433 MutantInformationClass = Index to a certain information structure
2434 MutantInformation = Caller supplies storage for resulting information
2435 Length = Size of the supplied storage
2436 ResultLength = Bytes written
2437 */
2438 NTSTATUS
2439 STDCALL
2440 NtQueryMutant(
2441 IN HANDLE MutantHandle,
2442 IN CINT MutantInformationClass,
2443 OUT PVOID MutantInformation,
2444 IN ULONG Length,
2445 OUT PULONG ResultLength
2446 );
2447
2448 NTSTATUS
2449 STDCALL
2450 ZwQueryMutant(
2451 IN HANDLE MutantHandle,
2452 IN CINT MutantInformationClass,
2453 OUT PVOID MutantInformation,
2454 IN ULONG Length,
2455 OUT PULONG ResultLength
2456 );
2457
2458 /*
2459 * FUNCTION: Queries the system ( high-resolution ) performance counter.
2460 * ARGUMENTS:
2461 * Counter = Performance counter
2462 * Frequency = Performance frequency
2463 * REMARKS:
2464 This procedure queries a tick count faster than 10ms ( The resolution for IntelĀ®-based CPUs is about 0.8 microseconds.)
2465 This procedure maps to the win32 QueryPerformanceCounter, QueryPerformanceFrequency
2466 * RETURNS: Status
2467 *
2468 */
2469 NTSTATUS
2470 STDCALL
2471 NtQueryPerformanceCounter(
2472 IN PLARGE_INTEGER Counter,
2473 IN PLARGE_INTEGER Frequency
2474 );
2475
2476 NTSTATUS
2477 STDCALL
2478 ZwQueryPerformanceCounter(
2479 IN PLARGE_INTEGER Counter,
2480 IN PLARGE_INTEGER Frequency
2481 );
2482
2483 /*
2484 * FUNCTION: Queries the information of a semaphore.
2485 * ARGUMENTS:
2486 * SemaphoreHandle = Handle to the semaphore object
2487 * SemaphoreInformationClass = Index to a certain information structure
2488
2489 SemaphoreBasicInformation SEMAPHORE_BASIC_INFORMATION
2490
2491 * SemaphoreInformation = Caller supplies storage for the semaphore information structure
2492 * Length = Size of the infomation structure
2493 */
2494 NTSTATUS
2495 STDCALL
2496 NtQuerySemaphore(
2497 IN HANDLE SemaphoreHandle,
2498 IN SEMAPHORE_INFORMATION_CLASS SemaphoreInformationClass,
2499 OUT PVOID SemaphoreInformation,
2500 IN ULONG Length,
2501 OUT PULONG ReturnLength
2502 );
2503
2504 NTSTATUS
2505 STDCALL
2506 ZwQuerySemaphore(
2507 IN HANDLE SemaphoreHandle,
2508 IN SEMAPHORE_INFORMATION_CLASS SemaphoreInformationClass,
2509 OUT PVOID SemaphoreInformation,
2510 IN ULONG Length,
2511 OUT PULONG ReturnLength
2512 );
2513
2514
2515 /*
2516 * FUNCTION: Queries the information of a symbolic link object.
2517 * ARGUMENTS:
2518 * SymbolicLinkHandle = Handle to the symbolic link object
2519 * LinkTarget = resolved name of link
2520 * DataWritten = size of the LinkName.
2521 * RETURNS: Status
2522 *
2523 */
2524 NTSTATUS
2525 STDCALL
2526 NtQuerySymbolicLinkObject(
2527 IN HANDLE SymLinkObjHandle,
2528 OUT PUNICODE_STRING LinkTarget,
2529 OUT PULONG DataWritten OPTIONAL
2530 );
2531
2532 NTSTATUS
2533 STDCALL
2534 ZwQuerySymbolicLinkObject(
2535 IN HANDLE SymLinkObjHandle,
2536 OUT PUNICODE_STRING LinkName,
2537 OUT PULONG DataWritten OPTIONAL
2538 );
2539
2540
2541 /*
2542 * FUNCTION: Queries a system environment variable.
2543 * ARGUMENTS:
2544 * Name = Name of the variable
2545 * Value (OUT) = value of the variable
2546 * Length = size of the buffer
2547 * ReturnLength = data written
2548 * RETURNS: Status
2549 *
2550 */
2551 NTSTATUS
2552 STDCALL
2553 NtQuerySystemEnvironmentValue(
2554 IN PUNICODE_STRING Name,
2555 OUT PVOID Value,
2556 ULONG Length,
2557 PULONG ReturnLength
2558 );
2559
2560 NTSTATUS
2561 STDCALL
2562 ZwQuerySystemEnvironmentValue(
2563 IN PUNICODE_STRING Name,
2564 OUT PVOID Value,
2565 ULONG Length,
2566 PULONG ReturnLength
2567 );
2568
2569
2570 /*
2571 * FUNCTION: Queries the system information.
2572 * ARGUMENTS:
2573 * SystemInformationClass = Index to a certain information structure
2574
2575 SystemTimeAdjustmentInformation SYSTEM_TIME_ADJUSTMENT
2576 SystemCacheInformation SYSTEM_CACHE_INFORMATION
2577 SystemConfigurationInformation CONFIGURATION_INFORMATION
2578
2579 * SystemInformation = caller supplies storage for the information structure
2580 * Length = size of the structure
2581 ResultLength = Data written
2582 * RETURNS: Status
2583 *
2584 */
2585 NTSTATUS
2586 STDCALL
2587 NtQuerySystemInformation(
2588 IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
2589 OUT PVOID SystemInformation,
2590 IN ULONG Length,
2591 OUT PULONG ResultLength
2592 );
2593
2594 NTSTATUS
2595 STDCALL
2596 ZwQuerySystemInformation(
2597 IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
2598 OUT PVOID SystemInformation,
2599 IN ULONG Length,
2600 OUT PULONG ResultLength
2601 );
2602
2603 /*
2604 * FUNCTION: Queries information about a timer
2605 * ARGUMENTS:
2606 * TimerHandle = Handle to the timer
2607 TimerValueInformationClass = Index to a certain information structure
2608 TimerValueInformation = Caller supplies storage for the information structure
2609 Length = Size of the information structure
2610 ResultLength = Data written
2611 * RETURNS: Status
2612 *
2613 */
2614 NTSTATUS
2615 STDCALL
2616 NtQueryTimer(
2617 IN HANDLE TimerHandle,
2618 IN CINT TimerInformationClass,
2619 OUT PVOID TimerInformation,
2620 IN ULONG Length,
2621 OUT PULONG ResultLength
2622 );
2623 NTSTATUS
2624 STDCALL
2625 ZwQueryTimer(
2626 IN HANDLE TimerHandle,
2627 IN CINT TimerInformationClass,
2628 OUT PVOID TimerInformation,
2629 IN ULONG Length,
2630 OUT PULONG ResultLength
2631 );
2632
2633 /*
2634 * FUNCTION: Queries the timer resolution
2635 * ARGUMENTS:
2636 * MinimumResolution (OUT) = Caller should supply storage for the resulting time.
2637 Maximum Resolution (OUT) = Caller should supply storage for the resulting time.
2638 ActualResolution (OUT) = Caller should supply storage for the resulting time.
2639 * RETURNS: Status
2640 *
2641 */
2642
2643
2644 NTSTATUS
2645 STDCALL
2646 NtQueryTimerResolution (
2647 OUT PULONG MinimumResolution,
2648 OUT PULONG MaximumResolution,
2649 OUT PULONG ActualResolution
2650 );
2651
2652 NTSTATUS
2653 STDCALL
2654 ZwQueryTimerResolution (
2655 OUT PULONG MinimumResolution,
2656 OUT PULONG MaximumResolution,
2657 OUT PULONG ActualResolution
2658 );
2659
2660 /*
2661 * FUNCTION: Queries a registry key value
2662 * ARGUMENTS:
2663 * KeyHandle = Handle to the registry key
2664 ValueName = Name of the value in the registry key
2665 KeyValueInformationClass = Index to a certain information structure
2666
2667 KeyValueBasicInformation = KEY_VALUE_BASIC_INFORMATION
2668 KeyValueFullInformation = KEY_FULL_INFORMATION
2669 KeyValuePartialInformation = KEY_VALUE_PARTIAL_INFORMATION
2670
2671 KeyValueInformation = Caller supplies storage for the information structure
2672 Length = Size of the information structure
2673 ResultLength = Data written
2674 * RETURNS: Status
2675 *
2676 */
2677 NTSTATUS
2678 STDCALL
2679 NtQueryValueKey(
2680 IN HANDLE KeyHandle,
2681 IN PUNICODE_STRING ValueName,
2682 IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass,
2683 OUT PVOID KeyValueInformation,
2684 IN ULONG Length,
2685 OUT PULONG ResultLength
2686 );
2687
2688 NTSTATUS
2689 STDCALL
2690 ZwQueryValueKey(
2691 IN HANDLE KeyHandle,
2692 IN PUNICODE_STRING ValueName,
2693 IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass,
2694 OUT PVOID KeyValueInformation,
2695 IN ULONG Length,
2696 OUT PULONG ResultLength
2697 );
2698
2699 /*
2700 * FUNCTION: Queries the volume information
2701 * ARGUMENTS:
2702 * FileHandle = Handle to a file object on the target volume
2703 * IoStatusBlock = Caller should supply storage for additional status information
2704 * ReturnLength = DataWritten
2705 * FsInformation = Caller should supply storage for the information structure.
2706 * Length = Size of the information structure
2707 * FsInformationClass = Index to a information structure
2708
2709 FileFsVolumeInformation FILE_FS_VOLUME_INFORMATION
2710 FileFsLabelInformation FILE_FS_LABEL_INFORMATION
2711 FileFsSizeInformation FILE_FS_SIZE_INFORMATION
2712 FileFsDeviceInformation FILE_FS_DEVICE_INFORMATION
2713 FileFsAttributeInformation FILE_FS_ATTRIBUTE_INFORMATION
2714 FileFsControlInformation
2715 FileFsQuotaQueryInformation --
2716 FileFsQuotaSetInformation --
2717 FileFsMaximumInformation
2718
2719 * RETURNS: Status [ STATUS_SUCCESS | STATUS_INSUFFICIENT_RESOURCES | STATUS_INVALID_PARAMETER |
2720 STATUS_INVALID_DEVICE_REQUEST | STATUS_BUFFER_OVERFLOW ]
2721 *
2722 */
2723 NTSTATUS
2724 STDCALL
2725 NtQueryVolumeInformationFile(
2726 IN HANDLE FileHandle,
2727 OUT PIO_STATUS_BLOCK IoStatusBlock,
2728 OUT PVOID FsInformation,
2729 IN ULONG Length,
2730 IN FS_INFORMATION_CLASS FsInformationClass
2731 );
2732
2733 NTSTATUS
2734 STDCALL
2735 ZwQueryVolumeInformationFile(
2736 IN HANDLE FileHandle,
2737 OUT PIO_STATUS_BLOCK IoStatusBlock,
2738 OUT PVOID FsInformation,
2739 IN ULONG Length,
2740 IN FS_INFORMATION_CLASS FsInformationClass
2741 );
2742 // draft
2743 // FIXME: Should I specify if the apc is user or kernel mode somewhere ??
2744 /*
2745 * FUNCTION: Queues a (user) apc to a thread.
2746 * ARGUMENTS:
2747 ThreadHandle = Thread to which the apc is queued.
2748 ApcRoutine = Points to the apc routine
2749 NormalContext = Argument to Apc Routine
2750 * SystemArgument1 = Argument of the Apc Routine
2751 SystemArgument2 = Argument of the Apc Routine
2752 * REMARK: If the apc is queued against a thread of a different process than the calling thread
2753 the apc routine should be specified in the address space of the queued thread's process.
2754 * RETURNS: Status
2755 */
2756
2757 NTSTATUS
2758 STDCALL
2759 NtQueueApcThread(
2760 HANDLE ThreadHandle,
2761 PKNORMAL_ROUTINE ApcRoutine,
2762 PVOID NormalContext,
2763 PVOID SystemArgument1,
2764 PVOID SystemArgument2);
2765
2766 NTSTATUS
2767 STDCALL
2768 ZwQueueApcThread(
2769 HANDLE ThreadHandle,
2770 PKNORMAL_ROUTINE ApcRoutine,
2771 PVOID NormalContext,
2772 PVOID SystemArgument1,
2773 PVOID SystemArgument2);
2774
2775
2776 /*
2777 * FUNCTION: Raises an exception
2778 * ARGUMENTS:
2779 * ExceptionRecord = Structure specifying the exception
2780 * Context = Context in which the excpetion is raised
2781 * IsDebugger =
2782 * RETURNS: Status
2783 *
2784 */
2785
2786 NTSTATUS
2787 STDCALL
2788 NtRaiseException(
2789 IN PEXCEPTION_RECORD ExceptionRecord,
2790 IN PCONTEXT Context,
2791 IN BOOLEAN SearchFrames
2792 );
2793
2794 NTSTATUS
2795 STDCALL
2796 ZwRaiseException(
2797 IN PEXCEPTION_RECORD ExceptionRecord,
2798 IN PCONTEXT Context,
2799 IN BOOLEAN SearchFrames
2800 );
2801
2802 /*
2803 * FUNCTION: Read a file
2804 * ARGUMENTS:
2805 * FileHandle = Handle of a file to read
2806 * Event = This event is signalled when the read operation completes
2807 * UserApcRoutine = Call back , if supplied Event should be NULL
2808 * UserApcContext = Argument to the callback
2809 * IoStatusBlock = Caller should supply storage for additional status information
2810 * Buffer = Caller should supply storage to receive the information
2811 * BufferLength = Size of the buffer
2812 * ByteOffset = Offset to start reading the file
2813 * Key = If a range is lock a matching key will allow the read to continue.
2814 * RETURNS: Status
2815 *
2816 */
2817
2818 NTSTATUS
2819 STDCALL
2820 NtReadFile(
2821 IN HANDLE FileHandle,
2822 IN HANDLE Event OPTIONAL,
2823 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL,
2824 IN PVOID UserApcContext OPTIONAL,
2825 OUT PIO_STATUS_BLOCK IoStatusBlock,
2826 OUT PVOID Buffer,
2827 IN ULONG BufferLength,
2828 IN PLARGE_INTEGER ByteOffset OPTIONAL,
2829 IN PULONG Key OPTIONAL
2830 );
2831
2832 NTSTATUS
2833 STDCALL
2834 ZwReadFile(
2835 IN HANDLE FileHandle,
2836 IN HANDLE Event OPTIONAL,
2837 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL,
2838 IN PVOID UserApcContext OPTIONAL,
2839 OUT PIO_STATUS_BLOCK IoStatusBlock,
2840 OUT PVOID Buffer,
2841 IN ULONG BufferLength,
2842 IN PLARGE_INTEGER ByteOffset OPTIONAL,
2843 IN PULONG Key OPTIONAL
2844 );
2845 /*
2846 * FUNCTION: Read a file using scattered io
2847 * ARGUMENTS:
2848 FileHandle = Handle of a file to read
2849 Event = This event is signalled when the read operation completes
2850 * UserApcRoutine = Call back , if supplied Event should be NULL
2851 UserApcContext = Argument to the callback
2852 IoStatusBlock = Caller should supply storage for additional status information
2853 BufferDescription = Caller should supply storage to receive the information
2854 BufferLength = Size of the buffer
2855 ByteOffset = Offset to start reading the file
2856 Key = Key = If a range is lock a matching key will allow the read to continue.
2857 * RETURNS: Status
2858 *
2859 */
2860 NTSTATUS
2861 STDCALL
2862 NtReadFileScatter(
2863 IN HANDLE FileHandle,
2864 IN HANDLE Event OPTIONAL,
2865 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL,
2866 IN PVOID UserApcContext OPTIONAL,
2867 OUT PIO_STATUS_BLOCK UserIoStatusBlock,
2868 IN FILE_SEGMENT_ELEMENT BufferDescription[],
2869 IN ULONG BufferLength,
2870 IN PLARGE_INTEGER ByteOffset,
2871 IN PULONG Key OPTIONAL
2872 );
2873
2874 NTSTATUS
2875 STDCALL
2876 ZwReadFileScatter(
2877 IN HANDLE FileHandle,
2878 IN HANDLE Event OPTIONAL,
2879 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL,
2880 IN PVOID UserApcContext OPTIONAL,
2881 OUT PIO_STATUS_BLOCK UserIoStatusBlock,
2882 IN FILE_SEGMENT_ELEMENT BufferDescription[],
2883 IN ULONG BufferLength,
2884 IN PLARGE_INTEGER ByteOffset,
2885 IN PULONG Key OPTIONAL
2886 );
2887 /*
2888 * FUNCTION: Copies a range of virtual memory to a buffer
2889 * ARGUMENTS:
2890 * ProcessHandle = Specifies the process owning the virtual address space
2891 * BaseAddress = Points to the address of virtual memory to start the read
2892 * Buffer = Caller supplies storage to copy the virtual memory to.
2893 * NumberOfBytesToRead = Limits the range to read
2894 * NumberOfBytesRead = The actual number of bytes read.
2895 * RETURNS: Status
2896 */
2897
2898 NTSTATUS
2899 STDCALL
2900 NtReadVirtualMemory(
2901 IN HANDLE ProcessHandle,
2902 IN PVOID BaseAddress,
2903 OUT PVOID Buffer,
2904 IN ULONG NumberOfBytesToRead,
2905 OUT PULONG NumberOfBytesRead
2906 );
2907 NTSTATUS
2908 STDCALL
2909 ZwReadVirtualMemory(
2910 IN HANDLE ProcessHandle,
2911 IN PVOID BaseAddress,
2912 OUT PVOID Buffer,
2913 IN ULONG NumberOfBytesToRead,
2914 OUT PULONG NumberOfBytesRead
2915 );
2916
2917
2918 /*
2919 * FUNCTION: Debugger can register for thread termination
2920 * ARGUMENTS:
2921 * TerminationPort = Port on which the debugger likes to be notified.
2922 * RETURNS: Status
2923 */
2924 NTSTATUS
2925 STDCALL
2926 NtRegisterThreadTerminatePort(
2927 HANDLE TerminationPort
2928 );
2929 NTSTATUS
2930 STDCALL
2931 ZwRegisterThreadTerminatePort(
2932 HANDLE TerminationPort
2933 );
2934
2935 /*
2936 * FUNCTION: Releases a mutant
2937 * ARGUMENTS:
2938 * MutantHandle = Handle to the mutant
2939 * ReleaseCount =
2940 * RETURNS: Status
2941 */
2942 NTSTATUS
2943 STDCALL
2944 NtReleaseMutant(
2945 IN HANDLE MutantHandle,
2946 IN PULONG ReleaseCount OPTIONAL
2947 );
2948
2949 NTSTATUS
2950 STDCALL
2951 ZwReleaseMutant(
2952 IN HANDLE MutantHandle,
2953 IN PULONG ReleaseCount OPTIONAL
2954 );
2955
2956 /*
2957 * FUNCTION: Releases a semaphore
2958 * ARGUMENTS:
2959 * SemaphoreHandle = Handle to the semaphore object
2960 * ReleaseCount = Number to decrease the semaphore count
2961 * PreviousCount = Previous semaphore count
2962 * RETURNS: Status
2963 */
2964 NTSTATUS
2965 STDCALL
2966 NtReleaseSemaphore(
2967 IN HANDLE SemaphoreHandle,
2968 IN LONG ReleaseCount,
2969 OUT PLONG PreviousCount
2970 );
2971
2972 NTSTATUS
2973 STDCALL
2974 ZwReleaseSemaphore(
2975 IN HANDLE SemaphoreHandle,
2976 IN LONG ReleaseCount,
2977 OUT PLONG PreviousCount
2978 );
2979
2980 /*
2981 * FUNCTION: Removes an io completion
2982 * ARGUMENTS:
2983 * CompletionPort (OUT) = Caller supplied storage for the resulting handle
2984 * CompletionKey = Requested access to the key
2985 * IoStatusBlock = Caller provides storage for extended status information
2986 * CompletionStatus = Current status of the io operation.
2987 * WaitTime = Time to wait if ..
2988 * RETURNS: Status
2989 */
2990 NTSTATUS
2991 STDCALL
2992 NtRemoveIoCompletion(
2993 IN HANDLE CompletionPort,
2994 OUT PULONG CompletionKey,
2995 OUT PIO_STATUS_BLOCK IoStatusBlock,
2996 OUT PULONG CompletionStatus,
2997 IN PLARGE_INTEGER WaitTime
2998 );
2999
3000 NTSTATUS
3001 STDCALL
3002 ZwRemoveIoCompletion(
3003 IN HANDLE CompletionPort,
3004 OUT PULONG CompletionKey,
3005 OUT PIO_STATUS_BLOCK IoStatusBlock,
3006 OUT PULONG CompletionStatus,
3007 IN PLARGE_INTEGER WaitTime
3008 );
3009 /*
3010 * FUNCTION: Replaces one registry key with another
3011 * ARGUMENTS:
3012 * ObjectAttributes = Specifies the attributes of the key
3013 * Key = Handle to the key
3014 * ReplacedObjectAttributes = The function returns the old object attributes
3015 * RETURNS: Status
3016 */
3017 NTSTATUS
3018 STDCALL
3019 NtReplaceKey(
3020 IN POBJECT_ATTRIBUTES ObjectAttributes,
3021 IN HANDLE Key,
3022 IN POBJECT_ATTRIBUTES ReplacedObjectAttributes
3023 );
3024 NTSTATUS
3025 STDCALL
3026 ZwReplaceKey(
3027 IN POBJECT_ATTRIBUTES ObjectAttributes,
3028 IN HANDLE Key,
3029 IN POBJECT_ATTRIBUTES ReplacedObjectAttributes
3030 );
3031
3032 /*
3033 * FUNCTION: Resets a event to a non signaled state
3034 * ARGUMENTS:
3035 * EventHandle = Handle to the event that should be reset
3036 * NumberOfWaitingThreads = The number of threads released.
3037 * RETURNS: Status
3038 */
3039 NTSTATUS
3040 STDCALL
3041 NtResetEvent(
3042 HANDLE EventHandle,
3043 PULONG NumberOfWaitingThreads OPTIONAL
3044 );
3045 NTSTATUS
3046 STDCALL
3047 ZwResetEvent(
3048 HANDLE EventHandle,
3049 PULONG NumberOfWaitingThreads OPTIONAL
3050 );
3051 //draft
3052 NTSTATUS
3053 STDCALL
3054 NtRestoreKey(
3055 HANDLE KeyHandle,
3056 HANDLE FileHandle,
3057 ULONG RestoreFlags
3058 );
3059
3060 NTSTATUS
3061 STDCALL
3062 ZwRestoreKey(
3063 HANDLE KeyHandle,
3064 HANDLE FileHandle,
3065 ULONG RestoreFlags
3066 );
3067 /*
3068 * FUNCTION: Decrements a thread's resume count
3069 * ARGUMENTS:
3070 * ThreadHandle = Handle to the thread that should be resumed
3071 * ResumeCount = The resulting resume count.
3072 * REMARK:
3073 * A thread is resumed if its suspend count is 0. This procedure maps to
3074 * the win32 ResumeThread function. ( documentation about the the suspend count can be found here aswell )
3075 * RETURNS: Status
3076 */
3077 NTSTATUS
3078 STDCALL
3079 NtResumeThread(
3080 IN HANDLE ThreadHandle,
3081 OUT PULONG SuspendCount
3082 );
3083 NTSTATUS
3084 STDCALL
3085 ZwResumeThread(
3086 IN HANDLE ThreadHandle,
3087 OUT PULONG SuspendCount
3088 );
3089 /*
3090 * FUNCTION: Writes the content of a registry key to ascii file
3091 * ARGUMENTS:
3092 * KeyHandle = Handle to the key
3093 * FileHandle = Handle of the file
3094 * REMARKS:
3095 This function maps to the Win32 RegSaveKey.
3096 * RETURNS: Status
3097 */
3098
3099 NTSTATUS
3100 STDCALL
3101 NtSaveKey(
3102 IN HANDLE KeyHandle,
3103 IN HANDLE FileHandle
3104 );
3105 NTSTATUS
3106 STDCALL
3107 ZwSaveKey(
3108 IN HANDLE KeyHandle,
3109 IN HANDLE FileHandle
3110 );
3111
3112 /*
3113 * FUNCTION: Sets the context of a specified thread.
3114 * ARGUMENTS:
3115 * ThreadHandle = Handle to the thread
3116 * Context = The processor context.
3117 * RETURNS: Status
3118 */
3119
3120 NTSTATUS
3121 STDCALL
3122 NtSetContextThread(
3123 IN HANDLE ThreadHandle,
3124 IN PCONTEXT Context
3125 );
3126 NTSTATUS
3127 STDCALL
3128 ZwSetContextThread(
3129 IN HANDLE ThreadHandle,
3130 IN PCONTEXT Context
3131 );
3132
3133 /*
3134 * FUNCTION: Sets the default locale id
3135 * ARGUMENTS:
3136 * UserProfile = Type of locale id
3137 * TRUE: thread locale id
3138 * FALSE: system locale id
3139 * DefaultLocaleId = Locale id
3140 * RETURNS: Status
3141 */
3142
3143 NTSTATUS
3144 STDCALL
3145 NtSetDefaultLocale(
3146 IN BOOLEAN UserProfile,
3147 IN LCID DefaultLocaleId
3148 );
3149
3150 NTSTATUS
3151 STDCALL
3152 ZwSetDefaultLocale(
3153 IN BOOLEAN UserProfile,
3154 IN LCID DefaultLocaleId
3155 );
3156
3157 /*
3158 * FUNCTION: Sets the default hard error port
3159 * ARGUMENTS:
3160 * PortHandle = Handle to the port
3161 * NOTE: The hard error port is used for first change exception handling
3162 * RETURNS: Status
3163 */
3164 NTSTATUS
3165 STDCALL
3166 NtSetDefaultHardErrorPort(
3167 IN HANDLE PortHandle
3168 );
3169 NTSTATUS
3170 STDCALL
3171 ZwSetDefaultHardErrorPort(
3172 IN HANDLE PortHandle
3173 );
3174
3175 /*
3176 * FUNCTION: Sets the extended attributes of a file.
3177 * ARGUMENTS:
3178 * FileHandle = Handle to the file
3179 * IoStatusBlock = Storage for a resulting status and information
3180 * on the current operation.
3181 * EaBuffer = Extended Attributes buffer.
3182 * EaBufferSize = Size of the extended attributes buffer
3183 * RETURNS: Status
3184 */
3185 NTSTATUS
3186 STDCALL
3187 NtSetEaFile(
3188 IN HANDLE FileHandle,
3189 IN PIO_STATUS_BLOCK IoStatusBlock,
3190 PVOID EaBuffer,
3191 ULONG EaBufferSize
3192 );
3193 NTSTATUS
3194 STDCALL
3195 ZwSetEaFile(
3196 IN HANDLE FileHandle,
3197 IN PIO_STATUS_BLOCK IoStatusBlock,
3198 PVOID EaBuffer,
3199 ULONG EaBufferSize
3200 );
3201
3202 //FIXME: should I return the event state ?
3203
3204 /*
3205 * FUNCTION: Sets the event to a signalled state.
3206 * ARGUMENTS:
3207 * EventHandle = Handle to the event
3208 * NumberOfThreadsReleased = The number of threads released
3209 * REMARK:
3210 * This procedure maps to the win32 SetEvent function.
3211 * RETURNS: Status
3212 */
3213
3214 NTSTATUS
3215 STDCALL
3216 NtSetEvent(
3217 IN HANDLE EventHandle,
3218 PULONG NumberOfThreadsReleased
3219 );
3220
3221 NTSTATUS
3222 STDCALL
3223 ZwSetEvent(
3224 IN HANDLE EventHandle,
3225 PULONG NumberOfThreadsReleased
3226 );
3227
3228 /*
3229 * FUNCTION: Sets the high part of an event pair
3230 * ARGUMENTS:
3231 EventPair = Handle to the event pair
3232 * RETURNS: Status
3233 */
3234
3235 NTSTATUS
3236 STDCALL
3237 NtSetHighEventPair(
3238 IN HANDLE EventPairHandle
3239 );
3240
3241 NTSTATUS
3242 STDCALL
3243 ZwSetHighEventPair(
3244 IN HANDLE EventPairHandle
3245 );
3246 /*
3247 * FUNCTION: Sets the high part of an event pair and wait for the low part
3248 * ARGUMENTS:
3249 EventPair = Handle to the event pair
3250 * RETURNS: Status
3251 */
3252 NTSTATUS
3253 STDCALL
3254 NtSetHighWaitLowEventPair(
3255 IN HANDLE EventPairHandle
3256 );
3257 NTSTATUS
3258 STDCALL
3259 ZwSetHighWaitLowEventPair(
3260 IN HANDLE EventPairHandle
3261 );
3262
3263 /*
3264 * FUNCTION: Sets the information of a file object.
3265 * ARGUMENTS:
3266 * FileHandle = Handle to the file object
3267 * IoStatusBlock = Caller supplies storage for extended information
3268 * on the current operation.
3269 * FileInformation = Storage for the new file information
3270 * Lenght = Size of the new file information.
3271 * FileInformationClass = Indicates to a certain information structure
3272
3273 FileNameInformation FILE_NAME_INFORMATION
3274 FileRenameInformation FILE_RENAME_INFORMATION
3275 FileStreamInformation FILE_STREAM_INFORMATION
3276 * FileCompletionInformation IO_COMPLETION_CONTEXT
3277
3278 * REMARK:
3279 * This procedure maps to the win32 SetEndOfFile, SetFileAttributes,
3280 * SetNamedPipeHandleState, SetMailslotInfo functions.
3281 * RETURNS: Status
3282 */
3283
3284
3285 NTSTATUS
3286 STDCALL
3287 NtSetInformationFile(
3288 IN HANDLE FileHandle,
3289 IN PIO_STATUS_BLOCK IoStatusBlock,
3290 IN PVOID FileInformation,
3291 IN ULONG Length,
3292 IN FILE_INFORMATION_CLASS FileInformationClass
3293 );
3294 NTSTATUS
3295 STDCALL
3296 ZwSetInformationFile(
3297 IN HANDLE FileHandle,
3298 IN PIO_STATUS_BLOCK IoStatusBlock,
3299 IN PVOID FileInformation,
3300 IN ULONG Length,
3301 IN FILE_INFORMATION_CLASS FileInformationClass
3302 );
3303
3304 /*
3305 * FUNCTION: Changes a set of thread specific parameters
3306 * ARGUMENTS:
3307 * ThreadHandle = Handle to the thread
3308 * ThreadInformationClass = Index to the set of parameters to change.
3309 * Can be one of the following values:
3310 *
3311 * ThreadBasicInformation THREAD_BASIC_INFORMATION
3312 * ThreadPriority KPRIORITY //???
3313 * ThreadBasePriority KPRIORITY
3314 * ThreadAffinityMask KAFFINITY //??
3315 * ThreadImpersonationToken ACCESS_TOKEN
3316 * ThreadIdealProcessor ULONG
3317 * ThreadPriorityBoost ULONG
3318 *
3319 * ThreadInformation = Caller supplies storage for parameters to set.
3320 * ThreadInformationLength = Size of the storage supplied
3321 * RETURNS: Status
3322 */
3323 NTSTATUS
3324 STDCALL
3325 NtSetInformationThread(
3326 IN HANDLE ThreadHandle,
3327 IN THREADINFOCLASS ThreadInformationClass,
3328 IN PVOID ThreadInformation,
3329 IN ULONG ThreadInformationLength
3330 );
3331 NTSTATUS
3332 STDCALL
3333 ZwSetInformationThread(
3334 IN HANDLE ThreadHandle,
3335 IN THREADINFOCLASS ThreadInformationClass,
3336 IN PVOID ThreadInformation,
3337 IN ULONG ThreadInformationLength
3338 );
3339
3340 /*
3341 * FUNCTION: Changes a set of token specific parameters
3342 * ARGUMENTS:
3343 * TokenHandle = Handle to the token
3344 * TokenInformationClass = Index to a certain information structure.
3345 * Can be one of the following values:
3346 *
3347 TokenUser TOKEN_USER
3348 TokenGroups TOKEN_GROUPS
3349 TokenPrivileges TOKEN_PRIVILEGES
3350 TokenOwner TOKEN_OWNER
3351 TokenPrimaryGroup TOKEN_PRIMARY_GROUP
3352 TokenDefaultDacl TOKEN_DEFAULT_DACL
3353 TokenSource TOKEN_SOURCE
3354 TokenType TOKEN_TYPE
3355 TokenImpersonationLevel TOKEN_IMPERSONATION_LEVEL
3356 TokenStatistics TOKEN_STATISTICS
3357 *
3358 * TokenInformation = Caller supplies storage for information structure.
3359 * TokenInformationLength = Size of the information structure
3360 * RETURNS: Status
3361 */
3362
3363 NTSTATUS
3364 STDCALL
3365 NtSetInformationToken(
3366 IN HANDLE TokenHandle,
3367 IN TOKEN_INFORMATION_CLASS TokenInformationClass,
3368 OUT PVOID TokenInformation,
3369 IN ULONG TokenInformationLength
3370 );
3371
3372 NTSTATUS
3373 STDCALL
3374 ZwSetInformationToken(
3375 IN HANDLE TokenHandle,
3376 IN TOKEN_INFORMATION_CLASS TokenInformationClass,
3377 OUT PVOID TokenInformation,
3378 IN ULONG TokenInformationLength
3379 );
3380
3381
3382 /*
3383 * FUNCTION: Sets an io completion
3384 * ARGUMENTS:
3385 * CompletionPort =
3386 * CompletionKey =
3387 * IoStatusBlock =
3388 * NumberOfBytesToTransfer =
3389 * NumberOfBytesTransferred =
3390 * RETURNS: Status
3391 */
3392 NTSTATUS
3393 STDCALL
3394 NtSetIoCompletion(
3395 IN HANDLE CompletionPort,
3396 IN ULONG CompletionKey,
3397 OUT PIO_STATUS_BLOCK IoStatusBlock,
3398 IN ULONG NumberOfBytesToTransfer,
3399 OUT PULONG NumberOfBytesTransferred
3400 );
3401 NTSTATUS
3402 STDCALL
3403 ZwSetIoCompletion(
3404 IN HANDLE CompletionPort,
3405 IN ULONG CompletionKey,
3406 OUT PIO_STATUS_BLOCK IoStatusBlock,
3407 IN ULONG NumberOfBytesToTransfer,
3408 OUT PULONG NumberOfBytesTransferred
3409 );
3410
3411 /*
3412 * FUNCTION: Set properties for profiling
3413 * ARGUMENTS:
3414 * Interval =
3415 * ClockSource =
3416 * RETURNS: Status
3417 *
3418 */
3419
3420 NTSTATUS
3421 STDCALL
3422 NtSetIntervalProfile(
3423 ULONG Interval,
3424 KPROFILE_SOURCE ClockSource
3425 );
3426
3427 NTSTATUS
3428 STDCALL
3429 ZwSetIntervalProfile(
3430 ULONG Interval,
3431 KPROFILE_SOURCE ClockSource
3432 );
3433
3434
3435 /*
3436 * FUNCTION: Sets the low part of an event pair
3437 * ARGUMENTS:
3438 EventPair = Handle to the event pair
3439 * RETURNS: Status
3440 */
3441
3442 NTSTATUS
3443 STDCALL
3444 NtSetLowEventPair(
3445 HANDLE EventPair
3446 );
3447 NTSTATUS
3448 STDCALL
3449 ZwSetLowEventPair(
3450 HANDLE EventPair
3451 );
3452 /*
3453 * FUNCTION: Sets the low part of an event pair and wait for the high part
3454 * ARGUMENTS:
3455 EventPair = Handle to the event pair
3456 * RETURNS: Status
3457 */
3458 NTSTATUS
3459 STDCALL
3460 NtSetLowWaitHighEventPair(
3461 HANDLE EventPair
3462 );
3463 NTSTATUS
3464 STDCALL
3465 ZwSetLowWaitHighEventPair(
3466 HANDLE EventPair
3467 );
3468
3469 NTSTATUS
3470 STDCALL
3471 NtSetSecurityObject(
3472 IN HANDLE Handle,
3473 IN SECURITY_INFORMATION SecurityInformation,
3474 IN PSECURITY_DESCRIPTOR SecurityDescriptor
3475 );
3476
3477 NTSTATUS
3478 STDCALL
3479 ZwSetSecurityObject(
3480 IN HANDLE Handle,
3481 IN SECURITY_INFORMATION SecurityInformation,
3482 IN PSECURITY_DESCRIPTOR SecurityDescriptor
3483 );
3484
3485
3486 /*
3487 * FUNCTION: Sets a system environment variable
3488 * ARGUMENTS:
3489 * ValueName = Name of the environment variable
3490 * Value = Value of the environment variable
3491 * RETURNS: Status
3492 */
3493 NTSTATUS
3494 STDCALL
3495 NtSetSystemEnvironmentValue(
3496 IN PUNICODE_STRING VariableName,
3497 IN PUNICODE_STRING Value
3498 );
3499 NTSTATUS
3500 STDCALL
3501 ZwSetSystemEnvironmentValue(
3502 IN PUNICODE_STRING VariableName,
3503 IN PUNICODE_STRING Value
3504 );
3505 /*
3506 * FUNCTION: Sets system parameters
3507 * ARGUMENTS:
3508 * SystemInformationClass = Index to a particular set of system parameters
3509 * Can be one of the following values:
3510 *
3511 * SystemTimeAdjustmentInformation SYSTEM_TIME_ADJUSTMENT
3512 *
3513 * SystemInformation = Structure containing the parameters.
3514 * SystemInformationLength = Size of the structure.
3515 * RETURNS: Status
3516 */
3517 NTSTATUS
3518 STDCALL
3519 NtSetSystemInformation(
3520 IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
3521 IN PVOID SystemInformation,
3522 IN ULONG SystemInformationLength
3523 );
3524
3525 NTSTATUS
3526 STDCALL
3527 ZwSetSystemInformation(
3528 IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
3529 IN PVOID SystemInformation,
3530 IN ULONG SystemInformationLength
3531 );
3532
3533 /*
3534 * FUNCTION: Sets the system time
3535 * ARGUMENTS:
3536 * SystemTime = Old System time
3537 * NewSystemTime = New System time
3538 * RETURNS: Status
3539 */
3540 NTSTATUS
3541 STDCALL
3542 NtSetSystemTime(
3543 IN PLARGE_INTEGER SystemTime,
3544 IN PLARGE_INTEGER NewSystemTime OPTIONAL
3545 );
3546 NTSTATUS
3547 STDCALL
3548 ZwSetSystemTime(
3549 IN PLARGE_INTEGER SystemTime,
3550 IN PLARGE_INTEGER NewSystemTime OPTIONAL
3551 );
3552
3553 /*
3554 * FUNCTION: Sets the frequency of the system timer
3555 * ARGUMENTS:
3556 * RequestedResolution =
3557 * SetOrUnset =
3558 * ActualResolution =
3559 * RETURNS: Status
3560 */
3561 NTSTATUS
3562 STDCALL
3563 NtSetTimerResolution(
3564 IN ULONG RequestedResolution,
3565 IN BOOL SetOrUnset,
3566 OUT PULONG ActualResolution
3567 );
3568 NTSTATUS
3569 STDCALL
3570 ZwSetTimerResolution(
3571 IN ULONG RequestedResolution,
3572 IN BOOL SetOrUnset,
3573 OUT PULONG ActualResolution
3574 );
3575
3576 /*
3577 * FUNCTION: Sets the value of a registry key
3578 * ARGUMENTS:
3579 * KeyHandle = Handle to a registry key
3580 * ValueName = Name of the value entry to change
3581 * TitleIndex = pointer to a structure containing the new volume information
3582 * Type = Type of the registry key. Can be one of the values:
3583 * REG_BINARY Unspecified binary data
3584 * REG_DWORD A 32 bit value
3585 * REG_DWORD_LITTLE_ENDIAN Same as REG_DWORD
3586 * REG_DWORD_BIG_ENDIAN A 32 bit value whose least significant byte is at the highest address
3587 * REG_EXPAND_SZ A zero terminated wide character string with unexpanded environment variables ( "%PATH%" )
3588 * REG_LINK A zero terminated wide character string referring to a symbolic link.
3589 * REG_MULTI_SZ A series of zero-terminated strings including a additional trailing zero
3590 * REG_NONE Unspecified type
3591 * REG_SZ A wide character string ( zero terminated )
3592 * REG_RESOURCE_LIST ??
3593 * REG_RESOURCE_REQUIREMENTS_LIST ??
3594 * REG_FULL_RESOURCE_DESCRIPTOR ??
3595 * Data = Contains the data for the registry key.
3596 * DataSize = size of the data.
3597 * RETURNS: Status
3598 */
3599 NTSTATUS
3600 STDCALL
3601 NtSetValueKey(
3602 IN HANDLE KeyHandle,
3603 IN PUNICODE_STRING ValueName,
3604 IN ULONG TitleIndex OPTIONAL,
3605 IN ULONG Type,
3606 IN PVOID Data,
3607 IN ULONG DataSize
3608 );
3609 NTSTATUS
3610 STDCALL
3611 ZwSetValueKey(
3612 IN HANDLE KeyHandle,
3613 IN PUNICODE_STRING ValueName,
3614 IN ULONG TitleIndex OPTIONAL,
3615 IN ULONG Type,
3616 IN PVOID Data,
3617 IN ULONG DataSize
3618 );
3619
3620 /*
3621 * FUNCTION: Sets the volume information.
3622 * ARGUMENTS:
3623 * FileHandle = Handle to the file
3624 * IoStatusBlock = Caller should supply storage for additional status information
3625 * VolumeInformation = pointer to a structure containing the new volume information
3626 * Length = size of the structure.
3627 * VolumeInformationClass = specifies the particular volume information to set
3628 * RETURNS: Status
3629 */
3630 NTSTATUS
3631 STDCALL
3632 NtSetVolumeInformationFile(
3633 IN HANDLE FileHandle,
3634 OUT PIO_STATUS_BLOCK IoStatusBlock,
3635 IN PVOID FsInformation,
3636 IN ULONG Length,
3637 IN FS_INFORMATION_CLASS FsInformationClass
3638 );
3639
3640 NTSTATUS
3641 STDCALL
3642 ZwSetVolumeInformationFile(
3643 IN HANDLE FileHandle,
3644 OUT PIO_STATUS_BLOCK IoStatusBlock,
3645 IN PVOID FsInformation,
3646 IN ULONG Length,
3647 IN FS_INFORMATION_CLASS FsInformationClass
3648 );
3649
3650 /*
3651 * FUNCTION: Shuts the system down
3652 * ARGUMENTS:
3653 * Action = Specifies the type of shutdown, it can be one of the following values:
3654 * ShutdownNoReboot, ShutdownReboot, ShutdownPowerOff
3655 * RETURNS: Status
3656 */
3657 NTSTATUS
3658 STDCALL
3659 NtShutdownSystem(
3660 IN SHUTDOWN_ACTION Action
3661 );
3662
3663 NTSTATUS
3664 STDCALL
3665 ZwShutdownSystem(
3666 IN SHUTDOWN_ACTION Action
3667 );
3668
3669
3670 /* --- PROFILING --- */
3671
3672 /*
3673 * FUNCTION: Starts profiling
3674 * ARGUMENTS:
3675 * ProfileHandle = Handle to the profile
3676 * RETURNS: Status
3677 */
3678
3679 NTSTATUS
3680 STDCALL
3681 NtStartProfile(
3682 HANDLE ProfileHandle
3683 );
3684
3685 NTSTATUS
3686 STDCALL
3687 ZwStartProfile(
3688 HANDLE ProfileHandle
3689 );
3690
3691 /*
3692 * FUNCTION: Stops profiling
3693 * ARGUMENTS:
3694 * ProfileHandle = Handle to the profile
3695 * RETURNS: Status
3696 */
3697
3698 NTSTATUS
3699 STDCALL
3700 NtStopProfile(
3701 HANDLE ProfileHandle
3702 );
3703
3704 NTSTATUS
3705 STDCALL
3706 ZwStopProfile(
3707 HANDLE ProfileHandle
3708 );
3709
3710 /* --- PROCESS MANAGEMENT --- */
3711
3712 //--NtSystemDebugControl
3713 /*
3714 * FUNCTION: Terminates the execution of a process.
3715 * ARGUMENTS:
3716 * ThreadHandle = Handle to the process
3717 * ExitStatus = The exit status of the process to terminate with.
3718 * REMARKS
3719 Native applications should kill themselves using this function.
3720 * RETURNS: Status
3721 */
3722 NTSTATUS
3723 STDCALL
3724 NtTerminateProcess(
3725 IN HANDLE ProcessHandle ,
3726 IN NTSTATUS ExitStatus
3727 );
3728 NTSTATUS
3729 STDCALL
3730 ZwTerminateProcess(
3731 IN HANDLE ProcessHandle ,
3732 IN NTSTATUS ExitStatus
3733 );
3734
3735 /* --- DEVICE DRIVER CONTROL --- */
3736
3737 /*
3738 * FUNCTION: Unloads a driver.
3739 * ARGUMENTS:
3740 * DriverServiceName = Name of the driver to unload
3741 * RETURNS: Status
3742 */
3743 NTSTATUS
3744 STDCALL
3745 NtUnloadDriver(
3746 IN PUNICODE_STRING DriverServiceName
3747 );
3748 NTSTATUS
3749 STDCALL
3750 ZwUnloadDriver(
3751 IN PUNICODE_STRING DriverServiceName
3752 );
3753
3754 /* --- VIRTUAL MEMORY MANAGEMENT --- */
3755
3756 /*
3757 * FUNCTION: Writes a range of virtual memory
3758 * ARGUMENTS:
3759 * ProcessHandle = The handle to the process owning the address space.
3760 * BaseAddress = The points to the address to write to
3761 * Buffer = Pointer to the buffer to write
3762 * NumberOfBytesToWrite = Offset to the upper boundary to write
3763 * NumberOfBytesWritten = Total bytes written
3764 * REMARKS:
3765 * This function maps to the win32 WriteProcessMemory
3766 * RETURNS: Status
3767 */
3768 NTSTATUS
3769 STDCALL
3770 NtWriteVirtualMemory(
3771 IN HANDLE ProcessHandle,
3772 IN PVOID BaseAddress,
3773 IN PVOID Buffer,
3774 IN ULONG NumberOfBytesToWrite,
3775 OUT PULONG NumberOfBytesWritten
3776 );
3777
3778 NTSTATUS
3779 STDCALL
3780 ZwWriteVirtualMemory(
3781 IN HANDLE ProcessHandle,
3782 IN PVOID BaseAddress,
3783 IN PVOID Buffer,
3784 IN ULONG NumberOfBytesToWrite,
3785 OUT PULONG NumberOfBytesWritten
3786 );
3787
3788 /*
3789 * FUNCTION: Unmaps a piece of virtual memory backed by a file.
3790 * ARGUMENTS:
3791 * ProcessHandle = Handle to the process
3792 * BaseAddress = The address where the mapping begins
3793 * REMARK:
3794 This procedure maps to the win32 UnMapViewOfFile
3795 * RETURNS: Status
3796 */
3797 NTSTATUS
3798 STDCALL
3799 NtUnmapViewOfSection(
3800 IN HANDLE ProcessHandle,
3801 IN PVOID BaseAddress
3802 );
3803 NTSTATUS
3804 STDCALL
3805 ZwUnmapViewOfSection(
3806 IN HANDLE ProcessHandle,
3807 IN PVOID BaseAddress
3808 );
3809
3810 /* --- OBJECT SYNCHRONIZATION --- */
3811
3812 /*
3813 * FUNCTION: Signals an object and wait for an other one.
3814 * ARGUMENTS:
3815 * SignalObject = Handle to the object that should be signaled
3816 * WaitObject = Handle to the object that should be waited for
3817 * Alertable = True if the wait is alertable
3818 * Time = The time to wait
3819 * RETURNS: Status
3820 */
3821 NTSTATUS
3822 STDCALL
3823 NtSignalAndWaitForSingleObject(
3824 IN HANDLE SignalObject,
3825 IN HANDLE WaitObject,
3826 IN BOOLEAN Alertable,
3827 IN PLARGE_INTEGER Time
3828 );
3829
3830 NTSTATUS
3831 STDCALL
3832 NtSignalAndWaitForSingleObject(
3833 IN HANDLE SignalObject,
3834 IN HANDLE WaitObject,
3835 IN BOOLEAN Alertable,
3836 IN PLARGE_INTEGER Time
3837 );
3838
3839 /*
3840 * FUNCTION: Waits for an object to become signalled.
3841 * ARGUMENTS:
3842 * Object = The object handle
3843 * Alertable = If true the wait is alertable.
3844 * Time = The maximum wait time.
3845 * REMARKS:
3846 * This function maps to the win32 WaitForSingleObjectEx.
3847 * RETURNS: Status
3848 */
3849 NTSTATUS
3850 STDCALL
3851 NtWaitForSingleObject (
3852 IN HANDLE Object,
3853 IN BOOLEAN Alertable,
3854 IN PLARGE_INTEGER Time
3855 );
3856
3857 NTSTATUS
3858 STDCALL
3859 ZwWaitForSingleObject (
3860 IN HANDLE Object,
3861 IN BOOLEAN Alertable,
3862 IN PLARGE_INTEGER Time
3863 );
3864
3865 /* --- EVENT PAIR OBJECT --- */
3866
3867 /*
3868 * FUNCTION: Waits for the high part of an eventpair to become signalled
3869 * ARGUMENTS:
3870 * EventPairHandle = Handle to the event pair.
3871 * RETURNS: Status
3872 */
3873
3874 NTSTATUS
3875 STDCALL
3876 NtWaitHighEventPair(
3877 IN HANDLE EventPairHandle
3878 );
3879
3880 NTSTATUS
3881 STDCALL
3882 ZwWaitHighEventPair(
3883 IN HANDLE EventPairHandle
3884 );
3885
3886 /*
3887 * FUNCTION: Waits for the low part of an eventpair to become signalled
3888 * ARGUMENTS:
3889 * EventPairHandle = Handle to the event pair.
3890 * RETURNS: Status
3891 */
3892 NTSTATUS
3893 STDCALL
3894 NtWaitLowEventPair(
3895 IN HANDLE EventPairHandle
3896 );
3897
3898 NTSTATUS
3899 STDCALL
3900 ZwWaitLowEventPair(
3901 IN HANDLE EventPairHandle
3902 );
3903
3904 /* --- FILE MANAGEMENT --- */
3905
3906 /*
3907 * FUNCTION: Unlocks a range of bytes in a file.
3908 * ARGUMENTS:
3909 * FileHandle = Handle to the file
3910 * IoStatusBlock = Caller should supply storage for a structure containing
3911 * the completion status and information about the requested unlock operation.
3912 The information field is set to the number of bytes unlocked.
3913 * ByteOffset = Offset to start the range of bytes to unlock
3914 * Length = Number of bytes to unlock.
3915 * Key = Special value to enable other threads to unlock a file than the
3916 thread that locked the file. The key supplied must match with the one obtained
3917 in a previous call to NtLockFile.
3918 * REMARK:
3919 This procedure maps to the win32 procedure UnlockFileEx. STATUS_PENDING is returned if the lock could
3920 not be obtained immediately, the device queue is busy and the IRP is queued.
3921 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES |
3922 STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_RANGE_NOT_LOCKED ]
3923 */
3924 NTSTATUS
3925 STDCALL
3926 NtUnlockFile(
3927 IN HANDLE FileHandle,
3928 OUT PIO_STATUS_BLOCK IoStatusBlock,
3929 IN PLARGE_INTEGER ByteOffset,
3930 IN PLARGE_INTEGER Lenght,
3931 OUT PULONG Key OPTIONAL
3932 );
3933 NTSTATUS
3934 STDCALL
3935 ZwUnlockFile(
3936 IN HANDLE FileHandle,
3937 OUT PIO_STATUS_BLOCK IoStatusBlock,
3938 IN PLARGE_INTEGER ByteOffset,
3939 IN PLARGE_INTEGER Lenght,
3940 OUT PULONG Key OPTIONAL
3941 );
3942
3943 /*
3944 * FUNCTION: Writes data to a file
3945 * ARGUMENTS:
3946 * FileHandle = The handle a file ( from NtCreateFile )
3947 * Event = Specifies a event that will become signalled when the write operation completes.
3948 * ApcRoutine = Asynchroneous Procedure Callback [ Should not be used by device drivers ]
3949 * ApcContext = Argument to the Apc Routine
3950 * IoStatusBlock = Caller should supply storage for a structure containing the completion status and information about the requested write operation.
3951 * Buffer = Caller should supply storage for a buffer that will contain the information to be written to file.
3952 * Length = Size in bytest of the buffer
3953 * ByteOffset = Points to a file offset. If a combination of Length and BytesOfSet is past the end-of-file mark the file will be enlarged.
3954 * BytesOffset is ignored if the file is created with FILE_APPEND_DATA in the DesiredAccess. BytesOffset is also ignored if
3955 * the file is created with CreateOptions flags FILE_SYNCHRONOUS_IO_ALERT or FILE_SYNCHRONOUS_IO_NONALERT set, in that case a offset
3956 * should be created by specifying FILE_USE_FILE_POINTER_POSITION.
3957 * Key = Unused
3958 * REMARKS:
3959 * This function maps to the win32 WriteFile.
3960 * Callers to NtWriteFile should run at IRQL PASSIVE_LEVEL.
3961 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES
3962 STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_FILE_LOCK_CONFLICT ]
3963 */
3964 NTSTATUS
3965 STDCALL
3966 NtWriteFile(
3967 IN HANDLE FileHandle,
3968 IN HANDLE Event OPTIONAL,
3969 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
3970 IN PVOID ApcContext OPTIONAL,
3971 OUT PIO_STATUS_BLOCK IoStatusBlock,
3972 IN PVOID Buffer,
3973 IN ULONG Length,
3974 IN PLARGE_INTEGER ByteOffset,
3975 IN PULONG Key OPTIONAL
3976 );
3977
3978 NTSTATUS
3979 STDCALL
3980 ZwWriteFile(
3981 IN HANDLE FileHandle,
3982 IN HANDLE Event OPTIONAL,
3983 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
3984 IN PVOID ApcContext OPTIONAL,
3985 OUT PIO_STATUS_BLOCK IoStatusBlock,
3986 IN PVOID Buffer,
3987 IN ULONG Length,
3988 IN PLARGE_INTEGER ByteOffset ,
3989 IN PULONG Key OPTIONAL
3990 );
3991
3992 /*
3993 * FUNCTION: Writes a file
3994 * ARGUMENTS:
3995 * FileHandle = The handle of the file
3996 * Event =
3997 * ApcRoutine = Asynchroneous Procedure Callback [ Should not be used by device drivers ]
3998 * ApcContext = Argument to the Apc Routine
3999 * IoStatusBlock = Caller should supply storage for a structure containing the completion status and information about the requested write operation.
4000 * BufferDescription = Caller should supply storage for a buffer that will contain the information to be written to file.
4001 * BufferLength = Size in bytest of the buffer
4002 * ByteOffset = Points to a file offset. If a combination of Length and BytesOfSet is past the end-of-file mark the file will be enlarged.
4003 * BytesOffset is ignored if the file is created with FILE_APPEND_DATA in the DesiredAccess. BytesOffset is also ignored if
4004 * the file is created with CreateOptions flags FILE_SYNCHRONOUS_IO_ALERT or FILE_SYNCHRONOUS_IO_NONALERT set, in that case a offset
4005 * should be created by specifying FILE_USE_FILE_POINTER_POSITION. Use FILE_WRITE_TO_END_OF_FILE to write to the EOF.
4006 * Key = If a matching key [ a key provided at NtLockFile ] is provided the write operation will continue even if a byte range is locked.
4007 * REMARKS:
4008 * This function maps to the win32 WriteFile.
4009 * Callers to NtWriteFile should run at IRQL PASSIVE_LEVEL.
4010 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES
4011 STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_FILE_LOCK_CONFLICT ]
4012 */
4013
4014 NTSTATUS
4015 STDCALL
4016 NtWriteFileGather(
4017 IN HANDLE FileHandle,
4018 IN HANDLE Event OPTIONAL,
4019 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
4020 IN PVOID ApcContext OPTIONAL,
4021 OUT PIO_STATUS_BLOCK IoStatusBlock,
4022 IN FILE_SEGMENT_ELEMENT BufferDescription[],
4023 IN ULONG BufferLength,
4024 IN PLARGE_INTEGER ByteOffset,
4025 IN PULONG Key OPTIONAL
4026 );
4027
4028 NTSTATUS
4029 STDCALL
4030 ZwWriteFileGather(
4031 IN HANDLE FileHandle,
4032 IN HANDLE Event OPTIONAL,
4033 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
4034 IN PVOID ApcContext OPTIONAL,
4035 OUT PIO_STATUS_BLOCK IoStatusBlock,
4036 IN FILE_SEGMENT_ELEMENT BufferDescription[],
4037 IN ULONG BufferLength,
4038 IN PLARGE_INTEGER ByteOffset,
4039 IN PULONG Key OPTIONAL
4040 );
4041
4042
4043 /* --- THREAD MANAGEMENT --- */
4044
4045 /*
4046 * FUNCTION: Increments a thread's resume count
4047 * ARGUMENTS:
4048 * ThreadHandle = Handle to the thread that should be resumed
4049 * PreviousSuspendCount = The resulting/previous suspend count.
4050 * REMARK:
4051 * A thread will be suspended if its suspend count is greater than 0. This procedure maps to
4052 * the win32 SuspendThread function. ( documentation about the the suspend count can be found here aswell )
4053 * The suspend count is not increased if it is greater than MAXIMUM_SUSPEND_COUNT.
4054 * RETURNS: Status
4055 */
4056 NTSTATUS
4057 STDCALL
4058 NtSuspendThread(
4059 IN HANDLE ThreadHandle,
4060 IN PULONG PreviousSuspendCount
4061 );
4062
4063 NTSTATUS
4064 STDCALL
4065 ZwSuspendThread(
4066 IN HANDLE ThreadHandle,
4067 IN PULONG PreviousSuspendCount
4068 );
4069
4070 /*
4071 * FUNCTION: Terminates the execution of a thread.
4072 * ARGUMENTS:
4073 * ThreadHandle = Handle to the thread
4074 * ExitStatus = The exit status of the thread to terminate with.
4075 * RETURNS: Status
4076 */
4077 NTSTATUS
4078 STDCALL
4079 NtTerminateThread(
4080 IN HANDLE ThreadHandle ,
4081 IN NTSTATUS ExitStatus
4082 );
4083 NTSTATUS
4084 STDCALL
4085 ZwTerminateThread(
4086 IN HANDLE ThreadHandle ,
4087 IN NTSTATUS ExitStatus
4088 );
4089 /*
4090 * FUNCTION: Tests to see if there are any pending alerts for the calling thread
4091 * RETURNS: Status
4092 */
4093 NTSTATUS
4094 STDCALL
4095 NtTestAlert(
4096 VOID
4097 );
4098 NTSTATUS
4099 STDCALL
4100 ZwTestAlert(
4101 VOID
4102 );
4103
4104 /*
4105 * FUNCTION: Yields the callers thread.
4106 * RETURNS: Status
4107 */
4108 NTSTATUS
4109 STDCALL
4110 NtYieldExecution(
4111 VOID
4112 );
4113
4114 NTSTATUS
4115 STDCALL
4116 ZwYieldExecution(
4117 VOID
4118 );
4119
4120 /* --- PLUG AND PLAY --- */
4121
4122 NTSTATUS
4123 STDCALL
4124 NtPlugPlayControl (
4125 VOID
4126 );
4127
4128 NTSTATUS
4129 STDCALL
4130 NtGetPlugPlayEvent (
4131 VOID
4132 );
4133
4134 /* --- POWER MANAGEMENT --- */
4135
4136 NTSTATUS STDCALL
4137 NtSetSystemPowerState(IN POWER_ACTION SystemAction,
4138 IN SYSTEM_POWER_STATE MinSystemState,
4139 IN ULONG Flags);
4140
4141 /* --- DEBUG SUBSYSTEM --- */
4142
4143 NTSTATUS STDCALL
4144 NtSystemDebugControl(DEBUG_CONTROL_CODE ControlCode,
4145 PVOID InputBuffer,
4146 ULONG InputBufferLength,
4147 PVOID OutputBuffer,
4148 ULONG OutputBufferLength,
4149 PULONG ReturnLength);
4150
4151 /* --- VIRTUAL DOS MACHINE (VDM) --- */
4152
4153 NTSTATUS
4154 STDCALL
4155 NtVdmControl (ULONG ControlCode, PVOID ControlData);
4156
4157
4158 /* --- WIN32 --- */
4159
4160 NTSTATUS STDCALL
4161 NtW32Call(IN ULONG RoutineIndex,
4162 IN PVOID Argument,
4163 IN ULONG ArgumentLength,
4164 OUT PVOID* Result OPTIONAL,
4165 OUT PULONG ResultLength OPTIONAL);
4166
4167 /* --- CHANNELS --- */
4168
4169 NTSTATUS
4170 STDCALL
4171 NtCreateChannel (
4172 VOID
4173 );
4174
4175 NTSTATUS
4176 STDCALL
4177 NtListenChannel (
4178 VOID
4179 );
4180
4181 NTSTATUS
4182 STDCALL
4183 NtOpenChannel (
4184 VOID
4185 );
4186
4187 NTSTATUS
4188 STDCALL
4189 NtReplyWaitSendChannel (
4190 VOID
4191 );
4192
4193 NTSTATUS
4194 STDCALL
4195 NtSendWaitReplyChannel (
4196 VOID
4197 );
4198
4199 NTSTATUS
4200 STDCALL
4201 NtSetContextChannel (
4202 VOID
4203 );
4204
4205 /* --- MISCELLANEA --- */
4206
4207 //NTSTATUS STDCALL NtSetLdtEntries(VOID);
4208 NTSTATUS
4209 STDCALL
4210 NtSetLdtEntries (
4211 HANDLE Thread,
4212 ULONG FirstEntry,
4213 PULONG Entries
4214 );
4215
4216 NTSTATUS
4217 STDCALL
4218 NtQueryOleDirectoryFile (
4219 VOID
4220 );
4221
4222 /*
4223 * FUNCTION: Checks a clients access rights to a object
4224 * ARGUMENTS:
4225 * SecurityDescriptor = Security information against which the access is checked
4226 * ClientToken = Represents a client
4227 * DesiredAcces =
4228 * GenericMapping =
4229 * PrivilegeSet =
4230 * ReturnLength = Bytes written
4231 * GrantedAccess =
4232 * AccessStatus = Indicates if the ClientToken allows the requested access
4233 * REMARKS: The arguments map to the win32 AccessCheck
4234 * RETURNS: Status
4235 */
4236
4237 NTSTATUS
4238 STDCALL
4239 NtAccessCheck(
4240 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
4241 IN HANDLE ClientToken,
4242 IN ACCESS_MASK DesiredAcces,
4243 IN PGENERIC_MAPPING GenericMapping,
4244 OUT PPRIVILEGE_SET PrivilegeSet,
4245 OUT PULONG ReturnLength,
4246 OUT PULONG GrantedAccess,
4247 OUT PBOOLEAN AccessStatus
4248 );
4249
4250 NTSTATUS
4251 STDCALL
4252 ZwAccessCheck(
4253 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
4254 IN HANDLE ClientToken,
4255 IN ACCESS_MASK DesiredAcces,
4256 IN PGENERIC_MAPPING GenericMapping,
4257 OUT PPRIVILEGE_SET PrivilegeSet,
4258 OUT PULONG ReturnLength,
4259 OUT PULONG GrantedAccess,
4260 OUT PBOOLEAN AccessStatus
4261 );
4262
4263 NTSTATUS
4264 STDCALL
4265 RtlOpenCurrentUser(
4266 IN ACCESS_MASK DesiredAccess,
4267 OUT PHANDLE KeyHandle);
4268
4269
4270 #ifndef __USE_W32API
4271
4272 /*
4273 * FUNCTION: Continues a thread with the specified context
4274 * ARGUMENTS:
4275 * Context = Specifies the processor context
4276 * IrqLevel = Specifies the Interupt Request Level to continue with. Can
4277 * be PASSIVE_LEVEL or APC_LEVEL
4278 * REMARKS
4279 * NtContinue can be used to continue after an exception or apc.
4280 * RETURNS: Status
4281 */
4282 //FIXME This function might need another parameter
4283
4284 NTSTATUS
4285 STDCALL
4286 NtContinue(
4287 IN PCONTEXT Context,
4288 IN BOOLEAN TestAlert
4289 );
4290
4291 NTSTATUS STDCALL ZwContinue(IN PCONTEXT Context, IN CINT IrqLevel);
4292
4293 /*
4294 * FUNCTION: Retrieves the system time
4295 * ARGUMENTS:
4296 * CurrentTime (OUT) = Caller should supply storage for the resulting time.
4297 * RETURNS: Status
4298 *
4299 */
4300
4301 NTSTATUS
4302 STDCALL
4303 NtQuerySystemTime (
4304 OUT TIME *CurrentTime
4305 );
4306
4307 NTSTATUS
4308 STDCALL
4309 ZwQuerySystemTime (
4310 OUT TIME *CurrentTime
4311 );
4312
4313 /*
4314 * FUNCTION: Loads a registry key.
4315 * ARGUMENTS:
4316 * KeyHandle = Handle to the registry key
4317 * ObjectAttributes = ???
4318 * Unknown3 = ???
4319 * REMARK:
4320 * This procedure maps to the win32 procedure RegLoadKey
4321 * RETURNS: Status
4322 */
4323 NTSTATUS
4324 STDCALL
4325 NtLoadKey2 (
4326 PHANDLE KeyHandle,
4327 POBJECT_ATTRIBUTES ObjectAttributes,
4328 ULONG Unknown3
4329 );
4330 NTSTATUS
4331 STDCALL
4332 ZwLoadKey2 (
4333 PHANDLE KeyHandle,
4334 POBJECT_ATTRIBUTES ObjectAttributes,
4335 ULONG Unknown3
4336 );
4337
4338 /*
4339 * FUNCTION: Copies a handle from one process space to another
4340 * ARGUMENTS:
4341 * SourceProcessHandle = The source process owning the handle. The source process should have opened
4342 * the SourceHandle with PROCESS_DUP_HANDLE access.
4343 * SourceHandle = The handle to the object.
4344 * TargetProcessHandle = The destination process owning the handle
4345 * TargetHandle (OUT) = Caller should supply storage for the duplicated handle.
4346 * DesiredAccess = The desired access to the handle.
4347 * InheritHandle = Indicates wheter the new handle will be inheritable or not.
4348 * Options = Specifies special actions upon duplicating the handle. Can be
4349 * one of the values DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS.
4350 * DUPLICATE_CLOSE_SOURCE specifies that the source handle should be
4351 * closed after duplicating. DUPLICATE_SAME_ACCESS specifies to ignore
4352 * the DesiredAccess paramter and just grant the same access to the new
4353 * handle.
4354 * RETURNS: Status
4355 * REMARKS: This function maps to the win32 DuplicateHandle.
4356 */
4357
4358 NTSTATUS
4359 STDCALL
4360 NtDuplicateObject(
4361 IN HANDLE SourceProcessHandle,
4362 IN HANDLE SourceHandle,
4363 IN HANDLE TargetProcessHandle,
4364 OUT PHANDLE TargetHandle,
4365 IN ACCESS_MASK DesiredAccess,
4366 IN BOOLEAN InheritHandle,
4367 IN ULONG Options
4368 );
4369
4370 NTSTATUS
4371 STDCALL
4372 ZwDuplicateObject(
4373 IN HANDLE SourceProcessHandle,
4374 IN PHANDLE SourceHandle,
4375 IN HANDLE TargetProcessHandle,
4376 OUT PHANDLE TargetHandle,
4377 IN ACCESS_MASK DesiredAccess,
4378 IN BOOLEAN InheritHandle,
4379 IN ULONG Options
4380 );
4381
4382 /*
4383 * FUNCTION: Checks a clients access rights to a object and issues a audit a alarm. ( it logs the access )
4384 * ARGUMENTS:
4385 * SubsystemName = Specifies the name of the subsystem, can be "WIN32" or "DEBUG"
4386 * ObjectHandle =
4387 * ObjectAttributes =
4388 * DesiredAcces =
4389 * GenericMapping =
4390 * ObjectCreation =
4391 * GrantedAccess =
4392 * AccessStatus =
4393 * GenerateOnClose =
4394 * REMARKS: The arguments map to the win32 AccessCheck
4395 * RETURNS: Status
4396 */
4397
4398 NTSTATUS
4399 STDCALL
4400 NtAccessCheckAndAuditAlarm(
4401 IN PUNICODE_STRING SubsystemName,
4402 IN PHANDLE ObjectHandle,
4403 IN POBJECT_ATTRIBUTES ObjectAttributes,
4404 IN ACCESS_MASK DesiredAccess,
4405 IN PGENERIC_MAPPING GenericMapping,
4406 IN BOOLEAN ObjectCreation,
4407 OUT PULONG GrantedAccess,
4408 OUT PBOOLEAN AccessStatus,
4409 OUT PBOOLEAN GenerateOnClose
4410 );
4411
4412 NTSTATUS
4413 STDCALL
4414 ZwAccessCheckAndAuditAlarm(
4415 IN PUNICODE_STRING SubsystemName,
4416 IN PHANDLE ObjectHandle,
4417 IN POBJECT_ATTRIBUTES ObjectAttributes,
4418 IN ACCESS_MASK DesiredAccess,
4419 IN PGENERIC_MAPPING GenericMapping,
4420 IN BOOLEAN ObjectCreation,
4421 OUT PULONG GrantedAccess,
4422 OUT PBOOLEAN AccessStatus,
4423 OUT PBOOLEAN GenerateOnClose
4424 );
4425
4426 /*
4427 * FUNCTION: Adds an atom to the global atom table
4428 * ARGUMENTS:
4429 * AtomString = The string to add to the atom table.
4430 * Atom (OUT) = Caller supplies storage for the resulting atom.
4431 * REMARKS: The arguments map to the win32 add GlobalAddAtom.
4432 * RETURNS: Status
4433 */
4434 NTSTATUS
4435 STDCALL
4436 NtAddAtom(
4437 IN PWSTR AtomName,
4438 IN OUT PRTL_ATOM Atom
4439 );
4440
4441
4442 NTSTATUS
4443 STDCALL
4444 ZwAddAtom(
4445 IN PWSTR AtomName,
4446 IN OUT PRTL_ATOM Atom
4447 );
4448
4449 NTSTATUS
4450 STDCALL
4451 NtAllocateUuids(
4452 PULARGE_INTEGER Time,
4453 PULONG Range,
4454 PULONG Sequence
4455 );
4456
4457 NTSTATUS
4458 STDCALL
4459 ZwAllocateUuids(
4460 PULARGE_INTEGER Time,
4461 PULONG Range,
4462 PULONG Sequence
4463 );
4464
4465 /*
4466 * FUNCTION: Cancels a timer
4467 * ARGUMENTS:
4468 * TimerHandle = Handle to the timer
4469 * CurrentState = Specifies the state of the timer when cancelled.
4470 * REMARKS:
4471 * The arguments to this function map to the function CancelWaitableTimer.
4472 * RETURNS: Status
4473 */
4474 NTSTATUS
4475 STDCALL
4476 NtCancelTimer(
4477 IN HANDLE TimerHandle,
4478 OUT PBOOLEAN CurrentState OPTIONAL
4479 );
4480
4481 NTSTATUS
4482 STDCALL
4483 ZwCancelTimer(
4484 IN HANDLE TimerHandle,
4485 OUT ULONG ElapsedTime
4486 );
4487
4488 /*
4489 * FUNCTION: Creates a paging file.
4490 * ARGUMENTS:
4491 * FileName = Name of the pagefile
4492 * InitialSize = Specifies the initial size in bytes
4493 * MaximumSize = Specifies the maximum size in bytes
4494 * Reserved = Reserved for future use
4495 * RETURNS: Status
4496 */
4497 NTSTATUS
4498 STDCALL
4499 NtCreatePagingFile(
4500 IN PUNICODE_STRING FileName,
4501 IN PLARGE_INTEGER InitialSize,
4502 IN PLARGE_INTEGER MaxiumSize,
4503 IN ULONG Reserved
4504 );
4505
4506 NTSTATUS
4507 STDCALL
4508 ZwCreatePagingFile(
4509 IN PUNICODE_STRING FileName,
4510 IN PLARGE_INTEGER InitialSize,
4511 IN PLARGE_INTEGER MaxiumSize,
4512 IN ULONG Reserved
4513 );
4514
4515 /*
4516 * FUNCTION: Creates a user mode thread
4517 * ARGUMENTS:
4518 * ThreadHandle (OUT) = Caller supplied storage for the resulting handle
4519 * DesiredAccess = Specifies the allowed or desired access to the thread.
4520 * ObjectAttributes = Initialized attributes for the object.
4521 * ProcessHandle = Handle to the threads parent process.
4522 * ClientId (OUT) = Caller supplies storage for returned process id and thread id.
4523 * ThreadContext = Initial processor context for the thread.
4524 * InitialTeb = Initial user mode stack context for the thread.
4525 * CreateSuspended = Specifies if the thread is ready for scheduling
4526 * REMARKS:
4527 * This function maps to the win32 function CreateThread.
4528 * RETURNS: Status
4529 */
4530 NTSTATUS
4531 STDCALL
4532 NtCreateThread(
4533 OUT PHANDLE ThreadHandle,
4534 IN ACCESS_MASK DesiredAccess,
4535 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
4536 IN HANDLE ProcessHandle,
4537 OUT PCLIENT_ID ClientId,
4538 IN PCONTEXT ThreadContext,
4539 IN PINITIAL_TEB InitialTeb,
4540 IN BOOLEAN CreateSuspended
4541 );
4542
4543 NTSTATUS
4544 STDCALL
4545 ZwCreateThread(
4546 OUT PHANDLE ThreadHandle,
4547 IN ACCESS_MASK DesiredAccess,
4548 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
4549 IN HANDLE ProcessHandle,
4550 OUT PCLIENT_ID ClientId,
4551 IN PCONTEXT ThreadContext,
4552 IN PINITIAL_TEB InitialTeb,
4553 IN BOOLEAN CreateSuspended
4554 );
4555
4556 NTSTATUS
4557 STDCALL
4558 NtDuplicateToken(
4559 IN HANDLE ExistingToken,
4560 IN ACCESS_MASK DesiredAccess,
4561 IN POBJECT_ATTRIBUTES ObjectAttributes,
4562 IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
4563 IN TOKEN_TYPE TokenType,
4564 OUT PHANDLE NewToken
4565 );
4566
4567 NTSTATUS
4568 STDCALL
4569 ZwDuplicateToken(
4570 IN HANDLE ExistingToken,
4571 IN ACCESS_MASK DesiredAccess,
4572 IN POBJECT_ATTRIBUTES ObjectAttributes,
4573 IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
4574 IN TOKEN_TYPE TokenType,
4575 OUT PHANDLE NewToken
4576 );
4577
4578 /*
4579 * FUNCTION: Finds a atom
4580 * ARGUMENTS:
4581 * AtomName = Name to search for.
4582 * Atom = Caller supplies storage for the resulting atom
4583 * RETURNS: Status
4584 * REMARKS:
4585 * This funciton maps to the win32 GlobalFindAtom
4586 */
4587 NTSTATUS
4588 STDCALL
4589 NtFindAtom(
4590 IN PWSTR AtomName,
4591 OUT PRTL_ATOM Atom OPTIONAL
4592 );
4593
4594 NTSTATUS
4595 STDCALL
4596 ZwFindAtom(
4597 IN PWSTR AtomName,
4598 OUT PRTL_ATOM Atom OPTIONAL
4599 );
4600
4601 /*
4602 * FUNCTION: Flushes a the processors instruction cache
4603 * ARGUMENTS:
4604 * ProcessHandle = Points to the process owning the cache
4605 * BaseAddress = // might this be a image address ????
4606 * NumberOfBytesToFlush =
4607 * RETURNS: Status
4608 * REMARKS:
4609 * This funciton is used by debuggers
4610 */
4611 NTSTATUS
4612 STDCALL
4613 NtFlushInstructionCache(
4614 IN HANDLE ProcessHandle,
4615 IN PVOID BaseAddress,
4616 IN UINT NumberOfBytesToFlush
4617 );
4618
4619 NTSTATUS
4620 STDCALL
4621 ZwFlushInstructionCache(
4622 IN HANDLE ProcessHandle,
4623 IN PVOID BaseAddress,
4624 IN UINT NumberOfBytesToFlush
4625 );
4626
4627 /*
4628 * FUNCTION: Flushes virtual memory to file
4629 * ARGUMENTS:
4630 * ProcessHandle = Points to the process that allocated the virtual memory
4631 * BaseAddress = Points to the memory address
4632 * NumberOfBytesToFlush = Limits the range to flush,
4633 * NumberOfBytesFlushed = Actual number of bytes flushed
4634 * RETURNS: Status
4635 * REMARKS:
4636 * Check return status on STATUS_NOT_MAPPED_DATA
4637 */
4638 NTSTATUS
4639 STDCALL
4640 NtFlushVirtualMemory(
4641 IN HANDLE ProcessHandle,
4642 IN PVOID BaseAddress,
4643 IN ULONG NumberOfBytesToFlush,
4644 OUT PULONG NumberOfBytesFlushed OPTIONAL
4645 );
4646
4647 NTSTATUS
4648 STDCALL
4649 ZwFlushVirtualMemory(
4650 IN HANDLE ProcessHandle,
4651 IN PVOID BaseAddress,
4652 IN ULONG NumberOfBytesToFlush,
4653 OUT PULONG NumberOfBytesFlushed OPTIONAL
4654 );
4655
4656 /*
4657 * FUNCTION: Retrieves the uptime of the system
4658 * ARGUMENTS:
4659 * UpTime = Number of clock ticks since boot.
4660 * RETURNS: Status
4661 */
4662 NTSTATUS
4663 STDCALL
4664 NtGetTickCount(
4665 PULONG UpTime
4666 );
4667
4668 NTSTATUS
4669 STDCALL
4670 ZwGetTickCount(
4671 PULONG UpTime
4672 );
4673
4674 /*
4675 * FUNCTION: Loads a registry key.
4676 * ARGUMENTS:
4677 * KeyHandle = Handle to the registry key
4678 * ObjectAttributes = ???
4679 * REMARK:
4680 * This procedure maps to the win32 procedure RegLoadKey
4681 * RETURNS: Status
4682 */
4683 NTSTATUS
4684 STDCALL
4685 NtLoadKey(
4686 PHANDLE KeyHandle,
4687 POBJECT_ATTRIBUTES ObjectAttributes
4688 );
4689
4690 NTSTATUS
4691 STDCALL
4692 ZwLoadKey(
4693 PHANDLE KeyHandle,
4694 POBJECT_ATTRIBUTES ObjectAttributes
4695 );
4696
4697 /*
4698 * FUNCTION: Locks a range of virtual memory.
4699 * ARGUMENTS:
4700 * ProcessHandle = Handle to the process
4701 * BaseAddress = Lower boundary of the range of bytes to lock.
4702 * NumberOfBytesLock = Offset to the upper boundary.
4703 * NumberOfBytesLocked (OUT) = Number of bytes actually locked.
4704 * REMARK:
4705 This procedure maps to the win32 procedure VirtualLock
4706 * RETURNS: Status [STATUS_SUCCESS | STATUS_WAS_LOCKED ]
4707 */
4708 NTSTATUS
4709 STDCALL
4710 NtLockVirtualMemory(
4711 HANDLE ProcessHandle,
4712 PVOID BaseAddress,
4713 ULONG NumberOfBytesToLock,
4714 PULONG NumberOfBytesLocked
4715 );
4716
4717 NTSTATUS
4718 STDCALL
4719 ZwLockVirtualMemory(
4720 HANDLE ProcessHandle,
4721 PVOID BaseAddress,
4722 ULONG NumberOfBytesToLock,
4723 PULONG NumberOfBytesLocked
4724 );
4725
4726 NTSTATUS
4727 STDCALL
4728 NtOpenObjectAuditAlarm(
4729 IN PUNICODE_STRING SubsystemName,
4730 IN PVOID HandleId,
4731 IN POBJECT_ATTRIBUTES ObjectAttributes,
4732 IN HANDLE ClientToken,
4733 IN ULONG DesiredAccess,
4734 IN ULONG GrantedAccess,
4735 IN PPRIVILEGE_SET Privileges,
4736 IN BOOLEAN ObjectCreation,
4737 IN BOOLEAN AccessGranted,
4738 OUT PBOOLEAN GenerateOnClose
4739 );
4740
4741 NTSTATUS
4742 STDCALL
4743 ZwOpenObjectAuditAlarm(
4744 IN PUNICODE_STRING SubsystemName,
4745 IN PVOID HandleId,
4746 IN POBJECT_ATTRIBUTES ObjectAttributes,
4747 IN HANDLE ClientToken,
4748 IN ULONG DesiredAccess,
4749 IN ULONG GrantedAccess,
4750 IN PPRIVILEGE_SET Privileges,
4751 IN BOOLEAN ObjectCreation,
4752 IN BOOLEAN AccessGranted,
4753 OUT PBOOLEAN GenerateOnClose
4754 );
4755
4756 /*
4757 * FUNCTION: Set the access protection of a range of virtual memory
4758 * ARGUMENTS:
4759 * ProcessHandle = Handle to process owning the virtual address space
4760 * BaseAddress = Start address
4761 * NumberOfBytesToProtect = Delimits the range of virtual memory
4762 * for which the new access protection holds
4763 * NewAccessProtection = The new access proctection for the pages
4764 * OldAccessProtection = Caller should supply storage for the old
4765 * access protection
4766 *
4767 * REMARKS:
4768 * The function maps to the win32 VirtualProtectEx
4769 * RETURNS: Status
4770 */
4771 NTSTATUS
4772 STDCALL
4773 NtProtectVirtualMemory(
4774 IN