2 /* $Id: zw.h,v 1.33 2004/10/24 17:14:26 weiden Exp $
4 * COPYRIGHT: See COPYING in the top level directory
5 * PROJECT: ReactOS kernel
6 * PURPOSE: System call definitions
7 * FILE: include/ddk/zw.h
9 * ??/??/??: First few functions (David Welch)
10 * ??/??/??: Complete implementation by Ariadne
11 * 13/07/98: Reorganised things a bit (David Welch)
12 * 04/08/98: Added some documentation (Ariadne)
13 * 14/08/98: Added type TIME and change variable type from [1] to [0]
14 * 14/09/98: Added for each Nt call a corresponding Zw Call
15 * 09/08/03: Added ThreadEventPair routines
21 #include <ntos/security.h>
22 #include <ntos/zwtypes.h>
23 #include <napi/npipe.h>
25 #ifndef _RTLGETPROCESSHEAP_DEFINED_
26 #define _RTLGETPROCESSHEAP_DEFINED_
27 #define RtlGetProcessHeap() (NtCurrentPeb()->ProcessHeap)
30 // semaphore information
32 typedef enum _SEMAPHORE_INFORMATION_CLASS
34 SemaphoreBasicInformation
= 0
35 } SEMAPHORE_INFORMATION_CLASS
;
37 typedef struct _SEMAPHORE_BASIC_INFORMATION
41 } SEMAPHORE_BASIC_INFORMATION
, *PSEMAPHORE_BASIC_INFORMATION
;
45 typedef enum _EVENT_INFORMATION_CLASS
47 EventBasicInformation
= 0
48 } EVENT_INFORMATION_CLASS
;
50 typedef struct _EVENT_BASIC_INFORMATION
54 } EVENT_BASIC_INFORMATION
, *PEVENT_BASIC_INFORMATION
;
56 // wmi trace event data
57 typedef struct _EVENT_TRACE_HEADER
{
60 USHORT FieldTypeFlags
;
76 LARGE_INTEGER TimeStamp
;
90 ULONG64 ProcessorTime
;
92 } EVENT_TRACE_HEADER
, *PEVENT_TRACE_HEADER
;
95 typedef struct _FILE_USER_QUOTA_INFORMATION
{
96 ULONG NextEntryOffset
;
98 LARGE_INTEGER ChangeTime
;
99 LARGE_INTEGER QuotaUsed
;
100 LARGE_INTEGER QuotaThreshold
;
101 LARGE_INTEGER QuotaLimit
;
103 } FILE_USER_QUOTA_INFORMATION
, *PFILE_USER_QUOTA_INFORMATION
;
107 //#define SECURITY_INFORMATION ULONG
108 //typedef ULONG SECURITY_INFORMATION;
110 #ifndef __USE_NT_LPC__
112 NtAcceptConnectPort (PHANDLE PortHandle
,
113 HANDLE NamedPortHandle
,
114 PLPC_MESSAGE ServerReply
,
116 PLPC_SECTION_WRITE WriteMap
,
117 PLPC_SECTION_READ ReadMap
);
120 NtAcceptConnectPort (PHANDLE PortHandle
,
121 ULONG PortIdentifier
,
122 PLPC_MESSAGE ServerReply
,
124 PLPC_SECTION_WRITE WriteMap
,
125 PLPC_SECTION_READ ReadMap
);
126 #endif /* ndef __USE_NT_LPC__ */
131 IN PUNICODE_STRING EntryName
,
132 IN PUNICODE_STRING EntryValue
138 IN PUNICODE_STRING EntryName
,
139 IN PUNICODE_STRING EntryValue
143 * FUNCTION: Adjusts the groups in an access token
145 * TokenHandle = Specifies the access token
146 * ResetToDefault = If true the NewState parameter is ignored and the groups are set to
147 * their default state, if false the groups specified in
150 * BufferLength = Specifies the size of the buffer for the PreviousState.
152 * ReturnLength = Bytes written in PreviousState buffer.
153 * REMARKS: The arguments map to the win32 AdjustTokenGroups
160 IN HANDLE TokenHandle
,
161 IN BOOLEAN ResetToDefault
,
162 IN PTOKEN_GROUPS NewState
,
163 IN ULONG BufferLength
,
164 OUT PTOKEN_GROUPS PreviousState OPTIONAL
,
165 OUT PULONG ReturnLength
171 IN HANDLE TokenHandle
,
172 IN BOOLEAN ResetToDefault
,
173 IN PTOKEN_GROUPS NewState
,
174 IN ULONG BufferLength
,
175 OUT PTOKEN_GROUPS PreviousState
,
176 OUT PULONG ReturnLength
184 * TokenHandle = Handle to the access token
185 * DisableAllPrivileges = The resulting suspend count.
191 * The arguments map to the win32 AdjustTokenPrivileges
197 NtAdjustPrivilegesToken(
198 IN HANDLE TokenHandle
,
199 IN BOOLEAN DisableAllPrivileges
,
200 IN PTOKEN_PRIVILEGES NewState
,
201 IN ULONG BufferLength
,
202 OUT PTOKEN_PRIVILEGES PreviousState
,
203 OUT PULONG ReturnLength
208 ZwAdjustPrivilegesToken(
209 IN HANDLE TokenHandle
,
210 IN BOOLEAN DisableAllPrivileges
,
211 IN PTOKEN_PRIVILEGES NewState
,
212 IN ULONG BufferLength
,
213 OUT PTOKEN_PRIVILEGES PreviousState
,
214 OUT PULONG ReturnLength
219 * FUNCTION: Decrements a thread's suspend count and places it in an alerted
222 * ThreadHandle = Handle to the thread that should be resumed
223 * SuspendCount = The resulting suspend count.
225 * A thread is resumed if its suspend count is 0
231 IN HANDLE ThreadHandle
,
232 OUT PULONG SuspendCount
238 IN HANDLE ThreadHandle
,
239 OUT PULONG SuspendCount
243 * FUNCTION: Puts the thread in a alerted state
245 * ThreadHandle = Handle to the thread that should be alerted
251 IN HANDLE ThreadHandle
257 IN HANDLE ThreadHandle
262 * FUNCTION: Allocates a locally unique id
264 * LocallyUniqueId = Locally unique number
269 NtAllocateLocallyUniqueId(
270 OUT LUID
*LocallyUniqueId
275 ZwAllocateLocallyUniqueId(
280 * FUNCTION: Allocates a block of virtual memory in the process address space
282 * ProcessHandle = The handle of the process which owns the virtual memory
283 * BaseAddress = A pointer to the virtual memory allocated. If you supply a non zero
284 * value the system will try to allocate the memory at the address supplied. It rounds
285 * it down to a multiple if the page size.
286 * ZeroBits = (OPTIONAL) You can specify the number of high order bits that must be zero, ensuring that
287 * the memory will be allocated at a address below a certain value.
288 * RegionSize = The number of bytes to allocate
289 * AllocationType = Indicates the type of virtual memory you like to allocated,
290 * can be one of the values : MEM_COMMIT, MEM_RESERVE, MEM_RESET, MEM_TOP_DOWN
291 * Protect = Indicates the protection type of the pages allocated, can be a combination of
292 * PAGE_READONLY, PAGE_READWRITE, PAGE_EXECUTE_READ,
293 * PAGE_EXECUTE_READWRITE, PAGE_GUARD, PAGE_NOACCESS, PAGE_NOACCESS
295 * This function maps to the win32 VirtualAllocEx. Virtual memory is process based so the
296 * protocol starts with a ProcessHandle. I splitted the functionality of obtaining the actual address and specifying
297 * the start address in two parameters ( BaseAddress and StartAddress ) The NumberOfBytesAllocated specify the range
298 * and the AllocationType and ProctectionType map to the other two parameters.
303 NtAllocateVirtualMemory (
304 IN HANDLE ProcessHandle
,
305 IN OUT PVOID
*BaseAddress
,
307 IN OUT PULONG RegionSize
,
308 IN ULONG AllocationType
,
314 ZwAllocateVirtualMemory (
315 IN HANDLE ProcessHandle
,
316 IN OUT PVOID
*BaseAddress
,
318 IN OUT PULONG RegionSize
,
319 IN ULONG AllocationType
,
326 NtAssignProcessToJobObject(
328 HANDLE ProcessHandle
);
332 ZwAssignProcessToJobObject(
334 HANDLE ProcessHandle
);
337 * FUNCTION: Returns from a callback into user mode
341 //FIXME: this function might need 3 parameters
342 NTSTATUS STDCALL
NtCallbackReturn(PVOID Result
,
346 NTSTATUS STDCALL
ZwCallbackReturn(PVOID Result
,
351 * FUNCTION: Cancels a IO request
353 * FileHandle = Handle to the file
357 * This function maps to the win32 CancelIo.
363 IN HANDLE FileHandle
,
364 OUT PIO_STATUS_BLOCK IoStatusBlock
370 IN HANDLE FileHandle
,
371 OUT PIO_STATUS_BLOCK IoStatusBlock
375 * FUNCTION: Sets the status of the event back to non-signaled
377 * EventHandle = Handle to the event
379 * This function maps to win32 function ResetEvent.
386 IN HANDLE EventHandle
392 IN HANDLE EventHandle
399 ACCESS_MASK DesiredAccess
,
400 POBJECT_ATTRIBUTES ObjectAttributes
407 ACCESS_MASK DesiredAccess
,
408 POBJECT_ATTRIBUTES ObjectAttributes
413 * FUNCTION: Closes an object handle
415 * Handle = Handle to the object
417 * This function maps to the win32 function CloseHandle.
434 * FUNCTION: Generates an audit message when a handle to an object is dereferenced
437 HandleId = Handle to the object
440 * This function maps to the win32 function ObjectCloseAuditAlarm.
446 NtCloseObjectAuditAlarm(
447 IN PUNICODE_STRING SubsystemName
,
449 IN BOOLEAN GenerateOnClose
454 ZwCloseObjectAuditAlarm(
455 IN PUNICODE_STRING SubsystemName
,
457 IN BOOLEAN GenerateOnClose
462 NtCompleteConnectPort (HANDLE PortHandle
);
465 ZwCompleteConnectPort (HANDLE PortHandle
);
469 NtConnectPort (PHANDLE PortHandle
,
470 PUNICODE_STRING PortName
,
471 PSECURITY_QUALITY_OF_SERVICE SecurityQos
,
472 PLPC_SECTION_WRITE SectionInfo
,
473 PLPC_SECTION_READ MapInfo
,
474 PULONG MaxMessageSize
,
476 PULONG ConnectInfoLength
);
479 ZwConnectPort (PHANDLE PortHandle
,
480 PUNICODE_STRING PortName
,
481 PSECURITY_QUALITY_OF_SERVICE SecurityQos
,
482 PLPC_SECTION_WRITE SectionInfo
,
483 PLPC_SECTION_READ MapInfo
,
484 PULONG MaxMessageSize
,
486 PULONG ConnectInfoLength
);
489 * FUNCTION: Creates a directory object
491 * DirectoryHandle (OUT) = Caller supplied storage for the resulting handle
492 * DesiredAccess = Specifies access to the directory
493 * ObjectAttribute = Initialized attributes for the object
494 * REMARKS: This function maps to the win32 CreateDirectory. A directory is like a file so it needs a
495 * handle, a access mask and a OBJECT_ATTRIBUTES structure to map the path name and the SECURITY_ATTRIBUTES.
501 NtCreateDirectoryObject(
502 OUT PHANDLE DirectoryHandle
,
503 IN ACCESS_MASK DesiredAccess
,
504 IN POBJECT_ATTRIBUTES ObjectAttributes
509 ZwCreateDirectoryObject(
510 OUT PHANDLE DirectoryHandle
,
511 IN ACCESS_MASK DesiredAccess
,
512 IN POBJECT_ATTRIBUTES ObjectAttributes
516 * FUNCTION: Creates an event object
518 * EventHandle (OUT) = Caller supplied storage for the resulting handle
519 * DesiredAccess = Specifies access to the event
520 * ObjectAttribute = Initialized attributes for the object
521 * ManualReset = manual-reset or auto-reset if true you have to reset the state of the event manually
522 * using NtResetEvent/NtClearEvent. if false the system will reset the event to a non-signalled state
523 * automatically after the system has rescheduled a thread waiting on the event.
524 * InitialState = specifies the initial state of the event to be signaled ( TRUE ) or non-signalled (FALSE).
525 * REMARKS: This function maps to the win32 CreateEvent. Demanding a out variable of type HANDLE,
526 * a access mask and a OBJECT_ATTRIBUTES structure mapping to the SECURITY_ATTRIBUTES. ManualReset and InitialState are
527 * both parameters aswell ( possibly the order is reversed ).
534 OUT PHANDLE EventHandle
,
535 IN ACCESS_MASK DesiredAccess
,
536 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
537 IN EVENT_TYPE EventType
,
538 IN BOOLEAN InitialState
544 OUT PHANDLE EventHandle
,
545 IN ACCESS_MASK DesiredAccess
,
546 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
547 IN EVENT_TYPE EventType
,
548 IN BOOLEAN InitialState
552 * FUNCTION: Creates an eventpair object
554 * EventPairHandle (OUT) = Caller supplied storage for the resulting handle
555 * DesiredAccess = Specifies access to the event
556 * ObjectAttribute = Initialized attributes for the object
562 OUT PHANDLE EventPairHandle
,
563 IN ACCESS_MASK DesiredAccess
,
564 IN POBJECT_ATTRIBUTES ObjectAttributes
570 OUT PHANDLE EventPairHandle
,
571 IN ACCESS_MASK DesiredAccess
,
572 IN POBJECT_ATTRIBUTES ObjectAttributes
577 * FUNCTION: Creates or opens a file, directory or device object.
579 * FileHandle (OUT) = Caller supplied storage for the resulting handle
580 * DesiredAccess = Specifies the allowed or desired access to the file can
581 * be a combination of DELETE | FILE_READ_DATA ..
582 * ObjectAttribute = Initialized attributes for the object, contains the rootdirectory and the filename
583 * IoStatusBlock (OUT) = Caller supplied storage for the resulting status information, indicating if the
584 * the file is created and opened or allready existed and is just opened.
585 * FileAttributes = file attributes can be a combination of FILE_ATTRIBUTE_READONLY | FILE_ATTRIBUTE_HIDDEN ...
586 * ShareAccess = can be a combination of the following: FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE
587 * CreateDisposition = specifies what the behavior of the system if the file allready exists.
588 * CreateOptions = specifies the behavior of the system on file creation.
589 * EaBuffer (OPTIONAL) = Extended Attributes buffer, applies only to files and directories.
590 * EaLength = Extended Attributes buffer size, applies only to files and directories.
591 * REMARKS: This function maps to the win32 CreateFile.
598 OUT PHANDLE FileHandle
,
599 IN ACCESS_MASK DesiredAccess
,
600 IN POBJECT_ATTRIBUTES ObjectAttributes
,
601 OUT PIO_STATUS_BLOCK IoStatusBlock
,
602 IN PLARGE_INTEGER AllocationSize OPTIONAL
,
603 IN ULONG FileAttributes
,
604 IN ULONG ShareAccess
,
605 IN ULONG CreateDisposition
,
606 IN ULONG CreateOptions
,
607 IN PVOID EaBuffer OPTIONAL
,
614 OUT PHANDLE FileHandle
,
615 IN ACCESS_MASK DesiredAccess
,
616 IN POBJECT_ATTRIBUTES ObjectAttributes
,
617 OUT PIO_STATUS_BLOCK IoStatusBlock
,
618 IN PLARGE_INTEGER AllocationSize OPTIONAL
,
619 IN ULONG FileAttributes
,
620 IN ULONG ShareAccess
,
621 IN ULONG CreateDisposition
,
622 IN ULONG CreateOptions
,
623 IN PVOID EaBuffer OPTIONAL
,
628 * FUNCTION: Creates or opens a file, directory or device object.
630 * CompletionPort (OUT) = Caller supplied storage for the resulting handle
631 * DesiredAccess = Specifies the allowed or desired access to the port
633 * NumberOfConcurrentThreads =
634 * REMARKS: This function maps to the win32 CreateIoCompletionPort
641 NtCreateIoCompletion(
642 OUT PHANDLE IoCompletionHandle
,
643 IN ACCESS_MASK DesiredAccess
,
644 IN POBJECT_ATTRIBUTES ObjectAttributes
,
645 IN ULONG NumberOfConcurrentThreads
650 ZwCreateIoCompletion(
651 OUT PHANDLE IoCompletionHandle
,
652 IN ACCESS_MASK DesiredAccess
,
653 IN POBJECT_ATTRIBUTES ObjectAttributes
,
654 IN ULONG NumberOfConcurrentThreads
658 * FUNCTION: Creates a registry key
660 * KeyHandle (OUT) = Caller supplied storage for the resulting handle
661 * DesiredAccess = Specifies the allowed or desired access to the key
662 * It can have a combination of the following values:
663 * KEY_READ | KEY_WRITE | KEY_EXECUTE | KEY_ALL_ACCESS
665 * KEY_QUERY_VALUE The values of the key can be queried.
666 * KEY_SET_VALUE The values of the key can be modified.
667 * KEY_CREATE_SUB_KEYS The key may contain subkeys.
668 * KEY_ENUMERATE_SUB_KEYS Subkeys can be queried.
670 * KEY_CREATE_LINK A symbolic link to the key can be created.
671 * ObjectAttributes = The name of the key may be specified directly in the name field
672 * of object attributes or relative to a key in rootdirectory.
673 * TitleIndex = Might specify the position in the sequential order of subkeys.
674 * Class = Specifies the kind of data, for example REG_SZ for string data. [ ??? ]
675 * CreateOptions = Specifies additional options with which the key is created
676 * REG_OPTION_VOLATILE The key is not preserved across boots.
677 * REG_OPTION_NON_VOLATILE The key is preserved accross boots.
678 * REG_OPTION_CREATE_LINK The key is a symbolic link to another key.
679 * REG_OPTION_BACKUP_RESTORE Key is being opened or created for backup/restore operations.
680 * Disposition = Indicates if the call to NtCreateKey resulted in the creation of a key it
681 * can have the following values: REG_CREATED_NEW_KEY | REG_OPENED_EXISTING_KEY
687 NtCreateKey(OUT PHANDLE KeyHandle
,
688 IN ACCESS_MASK DesiredAccess
,
689 IN POBJECT_ATTRIBUTES ObjectAttributes
,
691 IN PUNICODE_STRING Class OPTIONAL
,
692 IN ULONG CreateOptions
,
693 IN PULONG Disposition OPTIONAL
);
696 ZwCreateKey(OUT PHANDLE KeyHandle
,
697 IN ACCESS_MASK DesiredAccess
,
698 IN POBJECT_ATTRIBUTES ObjectAttributes
,
700 IN PUNICODE_STRING Class OPTIONAL
,
701 IN ULONG CreateOptions
,
702 IN PULONG Disposition OPTIONAL
);
705 * FUNCTION: Creates a mail slot file
707 * MailSlotFileHandle (OUT) = Caller supplied storage for the resulting handle
708 * DesiredAccess = Specifies the allowed or desired access to the file
709 * ObjectAttributes = Contains the name of the mailslotfile.
716 * REMARKS: This funciton maps to the win32 function CreateMailSlot
723 NtCreateMailslotFile(
724 OUT PHANDLE MailSlotFileHandle
,
725 IN ACCESS_MASK DesiredAccess
,
726 IN POBJECT_ATTRIBUTES ObjectAttributes
,
727 OUT PIO_STATUS_BLOCK IoStatusBlock
,
728 IN ULONG FileAttributes
,
729 IN ULONG ShareAccess
,
730 IN ULONG MaxMessageSize
,
731 IN PLARGE_INTEGER TimeOut
736 ZwCreateMailslotFile(
737 OUT PHANDLE MailSlotFileHandle
,
738 IN ACCESS_MASK DesiredAccess
,
739 IN POBJECT_ATTRIBUTES ObjectAttributes
,
740 OUT PIO_STATUS_BLOCK IoStatusBlock
,
741 IN ULONG FileAttributes
,
742 IN ULONG ShareAccess
,
743 IN ULONG MaxMessageSize
,
744 IN PLARGE_INTEGER TimeOut
748 * FUNCTION: Creates or opens a mutex
750 * MutantHandle (OUT) = Caller supplied storage for the resulting handle
751 * DesiredAccess = Specifies the allowed or desired access to the port
752 * ObjectAttributes = Contains the name of the mutex.
753 * InitialOwner = If true the calling thread acquires ownership
755 * REMARKS: This funciton maps to the win32 function CreateMutex
762 OUT PHANDLE MutantHandle
,
763 IN ACCESS_MASK DesiredAccess
,
764 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
765 IN BOOLEAN InitialOwner
771 OUT PHANDLE MutantHandle
,
772 IN ACCESS_MASK DesiredAccess
,
773 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
774 IN BOOLEAN InitialOwner
778 * FUNCTION: Creates a named pipe
780 * NamedPipeFileHandle (OUT) = Caller supplied storage for the
782 * DesiredAccess = Specifies the type of access that the caller
783 * requires to the file boject
784 * ObjectAttributes = Points to a structure that specifies the
786 * IoStatusBlock = Points to a variable that receives the final
787 * completion status and information
788 * ShareAccess = Specifies the limitations on sharing of the file.
789 * This parameter can be zero or any compatible
790 * combination of the following flags
793 * CreateDisposition = Specifies what to do depending on whether
794 * the file already exists. This must be one of
795 * the following values
799 * CreateOptions = Specifies the options to be applied when
800 * creating or opening the file, as a compatible
801 * combination of the following flags
803 * FILE_SYNCHRONOUS_IO_ALERT
804 * FILE_SYNCHRONOUS_IO_NONALERT
805 * TypeMessage = Specifies whether the data written to the pipe is
806 * interpreted as a sequence of messages or as a
808 * ReadModeMessage = Specifies whether the data read from the pipe
809 * is interpreted as a sequence of messages or as
811 * NonBlocking = Specifies whether non-blocking mode is enabled
812 * MaxInstances = Specifies the maximum number of instancs that can
813 * be created for this pipe
814 * InBufferSize = Specifies the number of bytes to reserve for the
816 * OutBufferSize = Specifies the number of bytes to reserve for the
818 * DefaultTimeout = Optionally points to a variable that specifies
819 * the default timeout value in units of
821 * REMARKS: This funciton maps to the win32 function CreateNamedPipe
826 NtCreateNamedPipeFile (OUT PHANDLE NamedPipeFileHandle
,
827 IN ACCESS_MASK DesiredAccess
,
828 IN POBJECT_ATTRIBUTES ObjectAttributes
,
829 OUT PIO_STATUS_BLOCK IoStatusBlock
,
830 IN ULONG ShareAccess
,
831 IN ULONG CreateDisposition
,
832 IN ULONG CreateOptions
,
833 IN BOOLEAN WriteModeMessage
,
834 IN BOOLEAN ReadModeMessage
,
835 IN BOOLEAN NonBlocking
,
836 IN ULONG MaxInstances
,
837 IN ULONG InBufferSize
,
838 IN ULONG OutBufferSize
,
839 IN PLARGE_INTEGER DefaultTimeOut
);
842 ZwCreateNamedPipeFile (OUT PHANDLE NamedPipeFileHandle
,
843 IN ACCESS_MASK DesiredAccess
,
844 IN POBJECT_ATTRIBUTES ObjectAttributes
,
845 OUT PIO_STATUS_BLOCK IoStatusBlock
,
846 IN ULONG ShareAccess
,
847 IN ULONG CreateDisposition
,
848 IN ULONG CreateOptions
,
849 IN BOOLEAN WriteModeMessage
,
850 IN BOOLEAN ReadModeMessage
,
851 IN BOOLEAN NonBlocking
,
852 IN ULONG MaxInstances
,
853 IN ULONG InBufferSize
,
854 IN ULONG OutBufferSize
,
855 IN PLARGE_INTEGER DefaultTimeOut
);
859 NtCreatePort (PHANDLE PortHandle
,
860 POBJECT_ATTRIBUTES ObjectAttributes
,
861 ULONG MaxConnectInfoLength
,
863 ULONG NPMessageQueueSize OPTIONAL
);
866 NtCreatePort (PHANDLE PortHandle
,
867 POBJECT_ATTRIBUTES ObjectAttributes
,
868 ULONG MaxConnectInfoLength
,
870 ULONG NPMessageQueueSize OPTIONAL
);
874 * FUNCTION: Creates a process.
876 * ProcessHandle (OUT) = Caller supplied storage for the resulting handle
877 * DesiredAccess = Specifies the allowed or desired access to the process can
878 * be a combinate of STANDARD_RIGHTS_REQUIRED| ..
879 * ObjectAttribute = Initialized attributes for the object, contains the rootdirectory and the filename
880 * ParentProcess = Handle to the parent process.
881 * InheritObjectTable = Specifies to inherit the objects of the parent process if true.
882 * SectionHandle = Handle to a section object to back the image file
883 * DebugPort = Handle to a DebugPort if NULL the system default debug port will be used.
884 * ExceptionPort = Handle to a exception port.
886 * This function maps to the win32 CreateProcess.
892 OUT PHANDLE ProcessHandle
,
893 IN ACCESS_MASK DesiredAccess
,
894 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
895 IN HANDLE ParentProcess
,
896 IN BOOLEAN InheritObjectTable
,
897 IN HANDLE SectionHandle OPTIONAL
,
898 IN HANDLE DebugPort OPTIONAL
,
899 IN HANDLE ExceptionPort OPTIONAL
905 OUT PHANDLE ProcessHandle
,
906 IN ACCESS_MASK DesiredAccess
,
907 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
908 IN HANDLE ParentProcess
,
909 IN BOOLEAN InheritObjectTable
,
910 IN HANDLE SectionHandle OPTIONAL
,
911 IN HANDLE DebugPort OPTIONAL
,
912 IN HANDLE ExceptionPort OPTIONAL
916 * FUNCTION: Creates a section object.
918 * SectionHandle (OUT) = Caller supplied storage for the resulting handle
919 * DesiredAccess = Specifies the desired access to the section can be a combination of STANDARD_RIGHTS_REQUIRED | SECTION_QUERY | SECTION_MAP_WRITE |
920 * SECTION_MAP_READ | SECTION_MAP_EXECUTE.
921 * ObjectAttribute = Initialized attributes for the object can be used to create a named section
922 * MaxiumSize = Maximizes the size of the memory section. Must be non-NULL for a page-file backed section.
923 * If value specified for a mapped file and the file is not large enough, file will be extended.
924 * SectionPageProtection = Can be a combination of PAGE_READONLY | PAGE_READWRITE | PAGE_WRITEONLY | PAGE_WRITECOPY.
925 * AllocationAttributes = can be a combination of SEC_IMAGE | SEC_RESERVE
926 * FileHanlde = Handle to a file to create a section mapped to a file instead of a memory backed section.
933 OUT PHANDLE SectionHandle
,
934 IN ACCESS_MASK DesiredAccess
,
935 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
936 IN PLARGE_INTEGER MaximumSize OPTIONAL
,
937 IN ULONG SectionPageProtection OPTIONAL
,
938 IN ULONG AllocationAttributes
,
939 IN HANDLE FileHandle OPTIONAL
945 OUT PHANDLE SectionHandle
,
946 IN ACCESS_MASK DesiredAccess
,
947 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
948 IN PLARGE_INTEGER MaximumSize OPTIONAL
,
949 IN ULONG SectionPageProtection OPTIONAL
,
950 IN ULONG AllocationAttributes
,
951 IN HANDLE FileHandle OPTIONAL
955 * FUNCTION: Creates a semaphore object for interprocess synchronization.
957 * SemaphoreHandle (OUT) = Caller supplied storage for the resulting handle
958 * DesiredAccess = Specifies the allowed or desired access to the semaphore.
959 * ObjectAttribute = Initialized attributes for the object.
960 * InitialCount = Not necessary zero, might be smaller than zero.
961 * MaximumCount = Maxiumum count the semaphore can reach.
964 * The semaphore is set to signaled when its count is greater than zero, and non-signaled when its count is zero.
967 //FIXME: should a semaphore's initial count allowed to be smaller than zero ??
971 OUT PHANDLE SemaphoreHandle
,
972 IN ACCESS_MASK DesiredAccess
,
973 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
974 IN LONG InitialCount
,
981 OUT PHANDLE SemaphoreHandle
,
982 IN ACCESS_MASK DesiredAccess
,
983 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
984 IN LONG InitialCount
,
989 * FUNCTION: Creates a symbolic link object
991 * SymbolicLinkHandle (OUT) = Caller supplied storage for the resulting handle
992 * DesiredAccess = Specifies the allowed or desired access to the thread.
993 * ObjectAttributes = Initialized attributes for the object.
994 * Name = Target name of the symbolic link
999 NtCreateSymbolicLinkObject(
1000 OUT PHANDLE SymbolicLinkHandle
,
1001 IN ACCESS_MASK DesiredAccess
,
1002 IN POBJECT_ATTRIBUTES ObjectAttributes
,
1003 IN PUNICODE_STRING Name
1008 ZwCreateSymbolicLinkObject(
1009 OUT PHANDLE SymbolicLinkHandle
,
1010 IN ACCESS_MASK DesiredAccess
,
1011 IN POBJECT_ATTRIBUTES ObjectAttributes
,
1012 IN PUNICODE_STRING Name
1016 * FUNCTION: Creates a waitable timer.
1018 * TimerHandle (OUT) = Caller supplied storage for the resulting handle
1019 * DesiredAccess = Specifies the allowed or desired access to the timer.
1020 * ObjectAttributes = Initialized attributes for the object.
1021 * TimerType = Specifies if the timer should be reset manually.
1023 * This function maps to the win32 CreateWaitableTimer. lpTimerAttributes and lpTimerName map to
1024 * corresponding fields in OBJECT_ATTRIBUTES structure.
1030 OUT PHANDLE TimerHandle
,
1031 IN ACCESS_MASK DesiredAccess
,
1032 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
1033 IN TIMER_TYPE TimerType
1039 OUT PHANDLE TimerHandle
,
1040 IN ACCESS_MASK DesiredAccess
,
1041 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
1042 IN TIMER_TYPE TimerType
1046 * FUNCTION: Creates a token.
1048 * TokenHandle (OUT) = Caller supplied storage for the resulting handle
1049 * DesiredAccess = Specifies the allowed or desired access to the process can
1050 * be a combinate of STANDARD_RIGHTS_REQUIRED| ..
1051 * ObjectAttribute = Initialized attributes for the object, contains the rootdirectory and the filename
1053 * AuthenticationId =
1059 * TokenPrimaryGroup =
1060 * TokenDefaultDacl =
1063 * This function does not map to a win32 function
1070 OUT PHANDLE TokenHandle
,
1071 IN ACCESS_MASK DesiredAccess
,
1072 IN POBJECT_ATTRIBUTES ObjectAttributes
,
1073 IN TOKEN_TYPE TokenType
,
1074 IN PLUID AuthenticationId
,
1075 IN PLARGE_INTEGER ExpirationTime
,
1076 IN PTOKEN_USER TokenUser
,
1077 IN PTOKEN_GROUPS TokenGroups
,
1078 IN PTOKEN_PRIVILEGES TokenPrivileges
,
1079 IN PTOKEN_OWNER TokenOwner
,
1080 IN PTOKEN_PRIMARY_GROUP TokenPrimaryGroup
,
1081 IN PTOKEN_DEFAULT_DACL TokenDefaultDacl
,
1082 IN PTOKEN_SOURCE TokenSource
1088 OUT PHANDLE TokenHandle
,
1089 IN ACCESS_MASK DesiredAccess
,
1090 IN POBJECT_ATTRIBUTES ObjectAttributes
,
1091 IN TOKEN_TYPE TokenType
,
1092 IN PLUID AuthenticationId
,
1093 IN PLARGE_INTEGER ExpirationTime
,
1094 IN PTOKEN_USER TokenUser
,
1095 IN PTOKEN_GROUPS TokenGroups
,
1096 IN PTOKEN_PRIVILEGES TokenPrivileges
,
1097 IN PTOKEN_OWNER TokenOwner
,
1098 IN PTOKEN_PRIMARY_GROUP TokenPrimaryGroup
,
1099 IN PTOKEN_DEFAULT_DACL TokenDefaultDacl
,
1100 IN PTOKEN_SOURCE TokenSource
1104 * FUNCTION: Returns the callers thread TEB.
1105 * RETURNS: The resulting teb.
1116 NtCreateWaitablePort (PHANDLE PortHandle
,
1117 POBJECT_ATTRIBUTES ObjectAttributes
,
1118 ULONG MaxConnectInfoLength
,
1119 ULONG MaxDataLength
,
1120 ULONG NPMessageQueueSize OPTIONAL
);
1123 ZwCreateWaitablePort (PHANDLE PortHandle
,
1124 POBJECT_ATTRIBUTES ObjectAttributes
,
1125 ULONG MaxConnectInfoLength
,
1126 ULONG MaxDataLength
,
1127 ULONG NPMessageQueueSize OPTIONAL
);
1131 * FUNCTION: Deletes an atom from the global atom table
1133 * Atom = Identifies the atom to delete
1135 * The function maps to the win32 GlobalDeleteAtom
1153 IN PUNICODE_STRING EntryName
,
1154 IN PUNICODE_STRING EntryValue
1160 IN PUNICODE_STRING EntryName
,
1161 IN PUNICODE_STRING EntryValue
1165 * FUNCTION: Deletes a file or a directory
1167 * ObjectAttributes = Name of the file which should be deleted
1169 * This system call is functionally equivalent to NtSetInformationFile
1170 * setting the disposition information.
1171 * The function maps to the win32 DeleteFile.
1177 IN POBJECT_ATTRIBUTES ObjectAttributes
1183 IN POBJECT_ATTRIBUTES ObjectAttributes
1187 * FUNCTION: Deletes a registry key
1189 * KeyHandle = Handle of the key
1204 * FUNCTION: Generates a audit message when an object is deleted
1206 * SubsystemName = Spefies the name of the subsystem can be 'WIN32' or 'DEBUG'
1207 * HandleId= Handle to an audit object
1208 * GenerateOnClose = Value returned by NtAccessCheckAndAuditAlarm
1209 * REMARKS: This function maps to the win32 ObjectCloseAuditAlarm
1215 NtDeleteObjectAuditAlarm (
1216 IN PUNICODE_STRING SubsystemName
,
1218 IN BOOLEAN GenerateOnClose
1223 ZwDeleteObjectAuditAlarm (
1224 IN PUNICODE_STRING SubsystemName
,
1226 IN BOOLEAN GenerateOnClose
1231 * FUNCTION: Deletes a value from a registry key
1233 * KeyHandle = Handle of the key
1234 * ValueName = Name of the value to delete
1241 IN HANDLE KeyHandle
,
1242 IN PUNICODE_STRING ValueName
1248 IN HANDLE KeyHandle
,
1249 IN PUNICODE_STRING ValueName
1252 * FUNCTION: Sends IOCTL to the io sub system
1254 * DeviceHandle = Points to the handle that is created by NtCreateFile
1255 * Event = Event to synchronize on STATUS_PENDING
1256 * ApcRoutine = Asynchroneous procedure callback
1257 * ApcContext = Callback context.
1258 * IoStatusBlock = Caller should supply storage for extra information..
1259 * IoControlCode = Contains the IO Control command. This is an
1260 * index to the structures in InputBuffer and OutputBuffer.
1261 * InputBuffer = Caller should supply storage for input buffer if IOTL expects one.
1262 * InputBufferSize = Size of the input bufffer
1263 * OutputBuffer = Caller should supply storage for output buffer if IOTL expects one.
1264 * OutputBufferSize = Size of the input bufffer
1270 NtDeviceIoControlFile(
1271 IN HANDLE DeviceHandle
,
1272 IN HANDLE Event OPTIONAL
,
1273 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL
,
1274 IN PVOID UserApcContext OPTIONAL
,
1275 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1276 IN ULONG IoControlCode
,
1277 IN PVOID InputBuffer
,
1278 IN ULONG InputBufferSize
,
1279 OUT PVOID OutputBuffer
,
1280 IN ULONG OutputBufferSize
1285 ZwDeviceIoControlFile(
1286 IN HANDLE DeviceHandle
,
1287 IN HANDLE Event OPTIONAL
,
1288 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL
,
1289 IN PVOID UserApcContext OPTIONAL
,
1290 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1291 IN ULONG IoControlCode
,
1292 IN PVOID InputBuffer
,
1293 IN ULONG InputBufferSize
,
1294 OUT PVOID OutputBuffer
,
1295 IN ULONG OutputBufferSize
1298 * FUNCTION: Displays a string on the blue screen
1300 * DisplayString = The string to display
1307 IN PUNICODE_STRING DisplayString
1313 IN PUNICODE_STRING DisplayString
1319 NtEnumerateBootEntries(
1326 ZwEnumerateBootEntries(
1333 * FUNCTION: Returns information about the subkeys of an open key
1335 * KeyHandle = Handle of the key whose subkeys are to enumerated
1336 * Index = zero based index of the subkey for which information is
1338 * KeyInformationClass = Type of information returned
1339 * KeyInformation (OUT) = Caller allocated buffer for the information
1341 * Length = Length in bytes of the KeyInformation buffer
1342 * ResultLength (OUT) = Caller allocated storage which holds
1343 * the number of bytes of information retrieved
1350 IN HANDLE KeyHandle
,
1352 IN KEY_INFORMATION_CLASS KeyInformationClass
,
1353 OUT PVOID KeyInformation
,
1355 OUT PULONG ResultLength
1361 IN HANDLE KeyHandle
,
1363 IN KEY_INFORMATION_CLASS KeyInformationClass
,
1364 OUT PVOID KeyInformation
,
1366 OUT PULONG ResultLength
1369 * FUNCTION: Returns information about the value entries of an open key
1371 * KeyHandle = Handle of the key whose value entries are to enumerated
1372 * Index = zero based index of the subkey for which information is
1374 * KeyInformationClass = Type of information returned
1375 * KeyInformation (OUT) = Caller allocated buffer for the information
1377 * Length = Length in bytes of the KeyInformation buffer
1378 * ResultLength (OUT) = Caller allocated storage which holds
1379 * the number of bytes of information retrieved
1385 NtEnumerateValueKey(
1386 IN HANDLE KeyHandle
,
1388 IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass
,
1389 OUT PVOID KeyValueInformation
,
1391 OUT PULONG ResultLength
1396 ZwEnumerateValueKey(
1397 IN HANDLE KeyHandle
,
1399 IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass
,
1400 OUT PVOID KeyValueInformation
,
1402 OUT PULONG ResultLength
1406 * FUNCTION: Flushes chached file data to disk
1408 * FileHandle = Points to the file
1409 * IoStatusBlock = Caller must supply storage to receive the result of the flush
1410 * buffers operation. The information field is set to number of bytes
1414 * This funciton maps to the win32 FlushFileBuffers
1419 IN HANDLE FileHandle
,
1420 OUT PIO_STATUS_BLOCK IoStatusBlock
1426 IN HANDLE FileHandle
,
1427 OUT PIO_STATUS_BLOCK IoStatusBlock
1431 * FUNCTION: Flushes a registry key to disk
1433 * KeyHandle = Points to the registry key handle
1436 * This funciton maps to the win32 RegFlushKey.
1451 * FUNCTION: Flushes the dirty pages to file
1453 * FIXME: Not sure this does (how is the file specified)
1455 NTSTATUS STDCALL
NtFlushWriteBuffer(VOID
);
1456 NTSTATUS STDCALL
ZwFlushWriteBuffer(VOID
);
1459 * FUNCTION: Frees a range of virtual memory
1461 * ProcessHandle = Points to the process that allocated the virtual
1463 * BaseAddress = Points to the memory address, rounded down to a
1464 * multiple of the pagesize
1465 * RegionSize = Limits the range to free, rounded up to a multiple of
1467 * FreeType = Can be one of the values: MEM_DECOMMIT, or MEM_RELEASE
1470 NTSTATUS STDCALL
NtFreeVirtualMemory(IN HANDLE ProcessHandle
,
1471 IN PVOID
*BaseAddress
,
1472 IN PULONG RegionSize
,
1474 NTSTATUS STDCALL
ZwFreeVirtualMemory(IN HANDLE ProcessHandle
,
1475 IN PVOID
*BaseAddress
,
1476 IN PULONG RegionSize
,
1480 * FUNCTION: Sends FSCTL to the filesystem
1482 * DeviceHandle = Points to the handle that is created by NtCreateFile
1483 * Event = Event to synchronize on STATUS_PENDING
1486 * IoStatusBlock = Caller should supply storage for
1487 * IoControlCode = Contains the File System Control command. This is an
1488 * index to the structures in InputBuffer and OutputBuffer.
1489 * FSCTL_GET_RETRIEVAL_POINTERS MAPPING_PAIR
1490 * FSCTL_GET_RETRIEVAL_POINTERS GET_RETRIEVAL_DESCRIPTOR
1491 * FSCTL_GET_VOLUME_BITMAP BITMAP_DESCRIPTOR
1492 * FSCTL_MOVE_FILE MOVEFILE_DESCRIPTOR
1494 * InputBuffer = Caller should supply storage for input buffer if FCTL expects one.
1495 * InputBufferSize = Size of the input bufffer
1496 * OutputBuffer = Caller should supply storage for output buffer if FCTL expects one.
1497 * OutputBufferSize = Size of the input bufffer
1498 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES |
1499 * STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST ]
1504 IN HANDLE DeviceHandle
,
1505 IN HANDLE Event OPTIONAL
,
1506 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
1507 IN PVOID ApcContext OPTIONAL
,
1508 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1509 IN ULONG IoControlCode
,
1510 IN PVOID InputBuffer
,
1511 IN ULONG InputBufferSize
,
1512 OUT PVOID OutputBuffer
,
1513 IN ULONG OutputBufferSize
1519 IN HANDLE DeviceHandle
,
1520 IN HANDLE Event OPTIONAL
,
1521 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
1522 IN PVOID ApcContext OPTIONAL
,
1523 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1524 IN ULONG IoControlCode
,
1525 IN PVOID InputBuffer
,
1526 IN ULONG InputBufferSize
,
1527 OUT PVOID OutputBuffer
,
1528 IN ULONG OutputBufferSize
1532 * FUNCTION: Retrieves the processor context of a thread
1534 * ThreadHandle = Handle to a thread
1535 * Context (OUT) = Caller allocated storage for the processor context
1542 IN HANDLE ThreadHandle
,
1543 OUT PCONTEXT Context
1549 IN HANDLE ThreadHandle
,
1550 OUT PCONTEXT Context
1555 NtImpersonateClientOfPort (HANDLE PortHandle
,
1556 PLPC_MESSAGE ClientMessage
);
1559 ZwImpersonateClientOfPort (HANDLE PortHandle
,
1560 PLPC_MESSAGE ClientMessage
);
1563 * FUNCTION: Sets a thread to impersonate another
1565 * ThreadHandle = Server thread that will impersonate a client.
1566 ThreadToImpersonate = Client thread that will be impersonated
1567 SecurityQualityOfService = Specifies the impersonation level.
1573 NtImpersonateThread(
1574 IN HANDLE ThreadHandle
,
1575 IN HANDLE ThreadToImpersonate
,
1576 IN PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService
1581 ZwImpersonateThread(
1582 IN HANDLE ThreadHandle
,
1583 IN HANDLE ThreadToImpersonate
,
1584 IN PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService
1589 NtInitiatePowerAction (
1590 POWER_ACTION SystemAction
,
1591 SYSTEM_POWER_STATE MinSystemState
,
1593 BOOLEAN Asynchronous
1598 ZwInitiatePowerAction (
1599 POWER_ACTION SystemAction
,
1600 SYSTEM_POWER_STATE MinSystemState
,
1602 BOOLEAN Asynchronous
1605 * FUNCTION: Initializes the registry.
1607 * SetUpBoot = This parameter is true for a setup boot.
1612 NtInitializeRegistry(
1617 ZwInitializeRegistry(
1624 IN HANDLE ProcessHandle
, // ProcessHandle must grant PROCESS_QUERY_INFORMATION access.
1625 IN HANDLE JobHandle OPTIONAL
// JobHandle must JOB_OBJECT_QUERY grant access. Defaults to the current process's job object.
1631 IN HANDLE ProcessHandle
, // ProcessHandle must grant PROCESS_QUERY_INFORMATION access.
1632 IN HANDLE JobHandle OPTIONAL
// JobHandle must JOB_OBJECT_QUERY grant access. Defaults to the current process's job object.
1636 NtListenPort (HANDLE PortHandle
,
1637 PLPC_MESSAGE LpcMessage
);
1640 ZwListenPort (HANDLE PortHandle
,
1641 PLPC_MESSAGE LpcMessage
);
1645 * FUNCTION: Loads a driver.
1647 * DriverServiceName = Name of the driver to load
1653 IN PUNICODE_STRING DriverServiceName
1659 IN PUNICODE_STRING DriverServiceName
1663 * FUNCTION: Locks a range of bytes in a file.
1665 * FileHandle = Handle to the file
1666 * Event = Should be null if apc is specified.
1667 * ApcRoutine = Asynchroneous Procedure Callback
1668 * ApcContext = Argument to the callback
1669 * IoStatusBlock (OUT) = Caller should supply storage for a structure containing
1670 * the completion status and information about the requested lock operation.
1671 * ByteOffset = Offset
1672 * Length = Number of bytes to lock.
1673 * Key = Special value to give other threads the possibility to unlock the file
1674 by supplying the key in a call to NtUnlockFile.
1675 * FailImmediatedly = If false the request will block untill the lock is obtained.
1676 * ExclusiveLock = Specifies whether a exclusive or a shared lock is obtained.
1678 This procedure maps to the win32 procedure LockFileEx. STATUS_PENDING is returned if the lock could
1679 not be obtained immediately, the device queue is busy and the IRP is queued.
1680 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES |
1681 STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_LOCK_NOT_GRANTED ]
1687 IN HANDLE FileHandle
,
1688 IN HANDLE Event OPTIONAL
,
1689 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
1690 IN PVOID ApcContext OPTIONAL
,
1691 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1692 IN PLARGE_INTEGER ByteOffset
,
1693 IN PLARGE_INTEGER Length
,
1695 IN BOOLEAN FailImmediatedly
,
1696 IN BOOLEAN ExclusiveLock
1702 IN HANDLE FileHandle
,
1703 IN HANDLE Event OPTIONAL
,
1704 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
1705 IN PVOID ApcContext OPTIONAL
,
1706 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1707 IN PLARGE_INTEGER ByteOffset
,
1708 IN PLARGE_INTEGER Length
,
1710 IN BOOLEAN FailImmediatedly
,
1711 IN BOOLEAN ExclusiveLock
1715 * FUNCTION: Makes temporary object that will be removed at next boot.
1717 * Handle = Handle to object
1724 NtMakePermanentObject(
1730 ZwMakePermanentObject(
1736 NtMakeTemporaryObject(
1742 ZwMakeTemporaryObject(
1746 * FUNCTION: Maps a view of a section into the virtual address space of a
1749 * SectionHandle = Handle of the section
1750 * ProcessHandle = Handle of the process
1751 * BaseAddress = Desired base address (or NULL) on entry
1752 * Actual base address of the view on exit
1753 * ZeroBits = Number of high order address bits that must be zero
1754 * CommitSize = Size in bytes of the initially committed section of
1756 * SectionOffset = Offset in bytes from the beginning of the section
1757 * to the beginning of the view
1758 * ViewSize = Desired length of map (or zero to map all) on entry
1759 * Actual length mapped on exit
1760 * InheritDisposition = Specified how the view is to be shared with
1762 * AllocateType = Type of allocation for the pages
1763 * Protect = Protection for the committed region of the view
1769 IN HANDLE SectionHandle
,
1770 IN HANDLE ProcessHandle
,
1771 IN OUT PVOID
*BaseAddress
,
1773 IN ULONG CommitSize
,
1774 IN OUT PLARGE_INTEGER SectionOffset OPTIONAL
,
1775 IN OUT PULONG ViewSize
,
1776 IN SECTION_INHERIT InheritDisposition
,
1777 IN ULONG AllocationType
,
1778 IN ULONG AccessProtection
1784 IN HANDLE SectionHandle
,
1785 IN HANDLE ProcessHandle
,
1786 IN OUT PVOID
*BaseAddress
,
1788 IN ULONG CommitSize
,
1789 IN OUT PLARGE_INTEGER SectionOffset OPTIONAL
,
1790 IN OUT PULONG ViewSize
,
1791 IN SECTION_INHERIT InheritDisposition
,
1792 IN ULONG AllocationType
,
1793 IN ULONG AccessProtection
1797 * FUNCTION: Installs a notify for the change of a directory's contents
1799 * FileHandle = Handle to the directory
1801 * ApcRoutine = Start address
1802 * ApcContext = Delimits the range of virtual memory
1803 * for which the new access protection holds
1804 * IoStatusBlock = The new access proctection for the pages
1805 * Buffer = Caller supplies storage for resulting information --> FILE_NOTIFY_INFORMATION
1806 * BufferSize = Size of the buffer
1807 CompletionFilter = Can be one of the following values:
1808 FILE_NOTIFY_CHANGE_FILE_NAME
1809 FILE_NOTIFY_CHANGE_DIR_NAME
1810 FILE_NOTIFY_CHANGE_NAME ( FILE_NOTIFY_CHANGE_FILE_NAME | FILE_NOTIFY_CHANGE_DIR_NAME )
1811 FILE_NOTIFY_CHANGE_ATTRIBUTES
1812 FILE_NOTIFY_CHANGE_SIZE
1813 FILE_NOTIFY_CHANGE_LAST_WRITE
1814 FILE_NOTIFY_CHANGE_LAST_ACCESS
1815 FILE_NOTIFY_CHANGE_CREATION ( change of creation timestamp )
1816 FILE_NOTIFY_CHANGE_EA
1817 FILE_NOTIFY_CHANGE_SECURITY
1818 FILE_NOTIFY_CHANGE_STREAM_NAME
1819 FILE_NOTIFY_CHANGE_STREAM_SIZE
1820 FILE_NOTIFY_CHANGE_STREAM_WRITE
1821 WatchTree = If true the notify will be installed recursively on the targetdirectory and all subdirectories.
1824 * The function maps to the win32 FindFirstChangeNotification, FindNextChangeNotification
1829 NtNotifyChangeDirectoryFile(
1830 IN HANDLE FileHandle
,
1831 IN HANDLE Event OPTIONAL
,
1832 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
1833 IN PVOID ApcContext OPTIONAL
,
1834 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1836 IN ULONG BufferSize
,
1837 IN ULONG CompletionFilter
,
1838 IN BOOLEAN WatchTree
1843 ZwNotifyChangeDirectoryFile(
1844 IN HANDLE FileHandle
,
1845 IN HANDLE Event OPTIONAL
,
1846 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
1847 IN PVOID ApcContext OPTIONAL
,
1848 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1850 IN ULONG BufferSize
,
1851 IN ULONG CompletionFilter
,
1852 IN BOOLEAN WatchTree
1856 * FUNCTION: Installs a notfication callback on registry changes
1858 KeyHandle = Handle to the registry key
1859 Event = Event that should be signalled on modification of the key
1860 ApcRoutine = Routine that should be called on modification of the key
1861 ApcContext = Argument to the ApcRoutine
1863 CompletionFilter = Specifies the kind of notification the caller likes to receive.
1864 Can be a combination of the following values:
1866 REG_NOTIFY_CHANGE_NAME
1867 REG_NOTIFY_CHANGE_ATTRIBUTES
1868 REG_NOTIFY_CHANGE_LAST_SET
1869 REG_NOTIFY_CHANGE_SECURITY
1872 Asynchroneous = If TRUE the changes are reported by signalling an event if false
1873 the function will not return before a change occurs.
1874 ChangeBuffer = Will return the old value
1875 Length = Size of the change buffer
1876 WatchSubtree = Indicates if the caller likes to receive a notification of changes in
1878 * REMARKS: If the key is closed the event is signalled aswell.
1885 IN HANDLE KeyHandle
,
1887 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
1888 IN PVOID ApcContext OPTIONAL
,
1889 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1890 IN ULONG CompletionFilter
,
1891 IN BOOLEAN Asynchroneous
,
1892 OUT PVOID ChangeBuffer
,
1894 IN BOOLEAN WatchSubtree
1900 IN HANDLE KeyHandle
,
1902 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
1903 IN PVOID ApcContext OPTIONAL
,
1904 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1905 IN ULONG CompletionFilter
,
1906 IN BOOLEAN Asynchroneous
,
1907 OUT PVOID ChangeBuffer
,
1909 IN BOOLEAN WatchSubtree
1913 * FUNCTION: Opens an existing directory object
1915 * FileHandle (OUT) = Caller supplied storage for the resulting handle
1916 * DesiredAccess = Requested access to the directory
1917 * ObjectAttributes = Initialized attributes for the object
1923 NtOpenDirectoryObject(
1924 OUT PHANDLE FileHandle
,
1925 IN ACCESS_MASK DesiredAccess
,
1926 IN POBJECT_ATTRIBUTES ObjectAttributes
1930 ZwOpenDirectoryObject(
1931 OUT PHANDLE FileHandle
,
1932 IN ACCESS_MASK DesiredAccess
,
1933 IN POBJECT_ATTRIBUTES ObjectAttributes
1937 * FUNCTION: Opens an existing event
1939 * EventHandle (OUT) = Caller supplied storage for the resulting handle
1940 * DesiredAccess = Requested access to the event
1941 * ObjectAttributes = Initialized attributes for the object
1947 OUT PHANDLE EventHandle
,
1948 IN ACCESS_MASK DesiredAccess
,
1949 IN POBJECT_ATTRIBUTES ObjectAttributes
1955 OUT PHANDLE EventHandle
,
1956 IN ACCESS_MASK DesiredAccess
,
1957 IN POBJECT_ATTRIBUTES ObjectAttributes
1961 * FUNCTION: Opens an existing event pair
1963 * EventHandle (OUT) = Caller supplied storage for the resulting handle
1964 * DesiredAccess = Requested access to the event
1965 * ObjectAttributes = Initialized attributes for the object
1972 OUT PHANDLE EventPairHandle
,
1973 IN ACCESS_MASK DesiredAccess
,
1974 IN POBJECT_ATTRIBUTES ObjectAttributes
1980 OUT PHANDLE EventPairHandle
,
1981 IN ACCESS_MASK DesiredAccess
,
1982 IN POBJECT_ATTRIBUTES ObjectAttributes
1985 * FUNCTION: Opens an existing file
1987 * FileHandle (OUT) = Caller supplied storage for the resulting handle
1988 * DesiredAccess = Requested access to the file
1989 * ObjectAttributes = Initialized attributes for the object
1998 OUT PHANDLE FileHandle
,
1999 IN ACCESS_MASK DesiredAccess
,
2000 IN POBJECT_ATTRIBUTES ObjectAttributes
,
2001 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2002 IN ULONG ShareAccess
,
2003 IN ULONG OpenOptions
2009 OUT PHANDLE FileHandle
,
2010 IN ACCESS_MASK DesiredAccess
,
2011 IN POBJECT_ATTRIBUTES ObjectAttributes
,
2012 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2013 IN ULONG ShareAccess
,
2014 IN ULONG OpenOptions
2018 * FUNCTION: Opens an existing io completion object
2020 * CompletionPort (OUT) = Caller supplied storage for the resulting handle
2021 * DesiredAccess = Requested access to the io completion object
2022 * ObjectAttributes = Initialized attributes for the object
2029 OUT PHANDLE CompetionPort
,
2030 IN ACCESS_MASK DesiredAccess
,
2031 IN POBJECT_ATTRIBUTES ObjectAttributes
2037 OUT PHANDLE CompetionPort
,
2038 IN ACCESS_MASK DesiredAccess
,
2039 IN POBJECT_ATTRIBUTES ObjectAttributes
2047 ACCESS_MASK DesiredAccess
,
2048 POBJECT_ATTRIBUTES ObjectAttributes
2055 ACCESS_MASK DesiredAccess
,
2056 POBJECT_ATTRIBUTES ObjectAttributes
2059 * FUNCTION: Opens an existing key in the registry
2061 * KeyHandle (OUT) = Caller supplied storage for the resulting handle
2062 * DesiredAccess = Requested access to the key
2063 * ObjectAttributes = Initialized attributes for the object
2069 OUT PHANDLE KeyHandle
,
2070 IN ACCESS_MASK DesiredAccess
,
2071 IN POBJECT_ATTRIBUTES ObjectAttributes
2077 OUT PHANDLE KeyHandle
,
2078 IN ACCESS_MASK DesiredAccess
,
2079 IN POBJECT_ATTRIBUTES ObjectAttributes
2082 * FUNCTION: Opens an existing key in the registry
2084 * MutantHandle (OUT) = Caller supplied storage for the resulting handle
2085 * DesiredAccess = Requested access to the mutant
2086 * ObjectAttribute = Initialized attributes for the object
2092 OUT PHANDLE MutantHandle
,
2093 IN ACCESS_MASK DesiredAccess
,
2094 IN POBJECT_ATTRIBUTES ObjectAttributes
2099 OUT PHANDLE MutantHandle
,
2100 IN ACCESS_MASK DesiredAccess
,
2101 IN POBJECT_ATTRIBUTES ObjectAttributes
2105 * FUNCTION: Opens an existing process
2107 * ProcessHandle (OUT) = Caller supplied storage for the resulting handle
2108 * DesiredAccess = Requested access to the process
2109 * ObjectAttribute = Initialized attributes for the object
2110 * ClientId = Identifies the process id to open
2116 OUT PHANDLE ProcessHandle
,
2117 IN ACCESS_MASK DesiredAccess
,
2118 IN POBJECT_ATTRIBUTES ObjectAttributes
,
2119 IN PCLIENT_ID ClientId
2124 OUT PHANDLE ProcessHandle
,
2125 IN ACCESS_MASK DesiredAccess
,
2126 IN POBJECT_ATTRIBUTES ObjectAttributes
,
2127 IN PCLIENT_ID ClientId
2130 * FUNCTION: Opens an existing process
2132 * ProcessHandle = Handle of the process of which owns the token
2133 * DesiredAccess = Requested access to the token
2134 * TokenHandle (OUT) = Caller supplies storage for the resulting token.
2136 This function maps to the win32
2143 IN HANDLE ProcessHandle
,
2144 IN ACCESS_MASK DesiredAccess
,
2145 OUT PHANDLE TokenHandle
2151 IN HANDLE ProcessHandle
,
2152 IN ACCESS_MASK DesiredAccess
,
2153 OUT PHANDLE TokenHandle
2159 NtOpenProcessTokenEx(
2160 IN HANDLE ProcessHandle
,
2161 IN ACCESS_MASK DesiredAccess
,
2162 IN ULONG HandleAttributes
,
2163 OUT PHANDLE TokenHandle
2169 ZwOpenProcessTokenEx(
2170 IN HANDLE ProcessHandle
,
2171 IN ACCESS_MASK DesiredAccess
,
2172 IN ULONG HandleAttributes
,
2173 OUT PHANDLE TokenHandle
2176 * FUNCTION: Opens an existing section object
2178 * KeyHandle (OUT) = Caller supplied storage for the resulting handle
2179 * DesiredAccess = Requested access to the key
2180 * ObjectAttribute = Initialized attributes for the object
2187 OUT PHANDLE SectionHandle
,
2188 IN ACCESS_MASK DesiredAccess
,
2189 IN POBJECT_ATTRIBUTES ObjectAttributes
2194 OUT PHANDLE SectionHandle
,
2195 IN ACCESS_MASK DesiredAccess
,
2196 IN POBJECT_ATTRIBUTES ObjectAttributes
2199 * FUNCTION: Opens an existing semaphore
2201 * SemaphoreHandle (OUT) = Caller supplied storage for the resulting handle
2202 * DesiredAccess = Requested access to the semaphore
2203 * ObjectAttribute = Initialized attributes for the object
2209 IN HANDLE SemaphoreHandle
,
2210 IN ACCESS_MASK DesiredAcces
,
2211 IN POBJECT_ATTRIBUTES ObjectAttributes
2216 IN HANDLE SemaphoreHandle
,
2217 IN ACCESS_MASK DesiredAcces
,
2218 IN POBJECT_ATTRIBUTES ObjectAttributes
2221 * FUNCTION: Opens an existing symbolic link
2223 * SymbolicLinkHandle (OUT) = Caller supplied storage for the resulting handle
2224 * DesiredAccess = Requested access to the symbolic link
2225 * ObjectAttribute = Initialized attributes for the object
2230 NtOpenSymbolicLinkObject(
2231 OUT PHANDLE SymbolicLinkHandle
,
2232 IN ACCESS_MASK DesiredAccess
,
2233 IN POBJECT_ATTRIBUTES ObjectAttributes
2237 ZwOpenSymbolicLinkObject(
2238 OUT PHANDLE SymbolicLinkHandle
,
2239 IN ACCESS_MASK DesiredAccess
,
2240 IN POBJECT_ATTRIBUTES ObjectAttributes
2243 * FUNCTION: Opens an existing thread
2245 * ThreadHandle (OUT) = Caller supplied storage for the resulting handle
2246 * DesiredAccess = Requested access to the thread
2247 * ObjectAttribute = Initialized attributes for the object
2248 * ClientId = Identifies the thread to open.
2254 OUT PHANDLE ThreadHandle
,
2255 IN ACCESS_MASK DesiredAccess
,
2256 IN POBJECT_ATTRIBUTES ObjectAttributes
,
2257 IN PCLIENT_ID ClientId
2262 OUT PHANDLE ThreadHandle
,
2263 IN ACCESS_MASK DesiredAccess
,
2264 IN POBJECT_ATTRIBUTES ObjectAttributes
,
2265 IN PCLIENT_ID ClientId
2271 IN HANDLE ThreadHandle
,
2272 IN ACCESS_MASK DesiredAccess
,
2273 IN BOOLEAN OpenAsSelf
,
2274 OUT PHANDLE TokenHandle
2280 IN HANDLE ThreadHandle
,
2281 IN ACCESS_MASK DesiredAccess
,
2282 IN BOOLEAN OpenAsSelf
,
2283 OUT PHANDLE TokenHandle
2288 NtOpenThreadTokenEx(
2289 IN HANDLE ThreadHandle
,
2290 IN ACCESS_MASK DesiredAccess
,
2291 IN BOOLEAN OpenAsSelf
,
2292 IN ULONG HandleAttributes
,
2293 OUT PHANDLE TokenHandle
2299 ZwOpenThreadTokenEx(
2300 IN HANDLE ThreadHandle
,
2301 IN ACCESS_MASK DesiredAccess
,
2302 IN BOOLEAN OpenAsSelf
,
2303 IN ULONG HandleAttributes
,
2304 OUT PHANDLE TokenHandle
2308 * FUNCTION: Opens an existing timer
2310 * TimerHandle (OUT) = Caller supplied storage for the resulting handle
2311 * DesiredAccess = Requested access to the timer
2312 * ObjectAttribute = Initialized attributes for the object
2318 OUT PHANDLE TimerHandle
,
2319 IN ACCESS_MASK DesiredAccess
,
2320 IN POBJECT_ATTRIBUTES ObjectAttributes
2325 OUT PHANDLE TimerHandle
,
2326 IN ACCESS_MASK DesiredAccess
,
2327 IN POBJECT_ATTRIBUTES ObjectAttributes
2331 * FUNCTION: Checks an access token for specific privileges
2333 * ClientToken = Handle to a access token structure
2334 * RequiredPrivileges = Specifies the requested privileges.
2335 * Result = Caller supplies storage for the result. If PRIVILEGE_SET_ALL_NECESSARY is
2336 set in the Control member of PRIVILEGES_SET Result
2337 will only be TRUE if all privileges are present in the access token.
2345 POWER_INFORMATION_LEVEL PowerInformationLevel
,
2347 ULONG InputBufferLength
,
2349 ULONG OutputBufferLength
2355 POWER_INFORMATION_LEVEL PowerInformationLevel
,
2357 ULONG InputBufferLength
,
2359 ULONG OutputBufferLength
2365 IN HANDLE ClientToken
,
2366 IN PPRIVILEGE_SET RequiredPrivileges
,
2373 IN HANDLE ClientToken
,
2374 IN PPRIVILEGE_SET RequiredPrivileges
,
2380 NtPrivilegedServiceAuditAlarm(
2381 IN PUNICODE_STRING SubsystemName
,
2382 IN PUNICODE_STRING ServiceName
,
2383 IN HANDLE ClientToken
,
2384 IN PPRIVILEGE_SET Privileges
,
2385 IN BOOLEAN AccessGranted
2390 ZwPrivilegedServiceAuditAlarm(
2391 IN PUNICODE_STRING SubsystemName
,
2392 IN PUNICODE_STRING ServiceName
,
2393 IN HANDLE ClientToken
,
2394 IN PPRIVILEGE_SET Privileges
,
2395 IN BOOLEAN AccessGranted
2400 NtPrivilegeObjectAuditAlarm(
2401 IN PUNICODE_STRING SubsystemName
,
2403 IN HANDLE ClientToken
,
2404 IN ULONG DesiredAccess
,
2405 IN PPRIVILEGE_SET Privileges
,
2406 IN BOOLEAN AccessGranted
2411 ZwPrivilegeObjectAuditAlarm(
2412 IN PUNICODE_STRING SubsystemName
,
2414 IN HANDLE ClientToken
,
2415 IN ULONG DesiredAccess
,
2416 IN PPRIVILEGE_SET Privileges
,
2417 IN BOOLEAN AccessGranted
2421 * FUNCTION: Entry point for native applications
2423 * Peb = Pointes to the Process Environment Block (PEB)
2425 * Native applications should use this function instead of a main.
2426 * Calling proces should terminate itself.
2436 * FUNCTION: Signals an event and resets it afterwards.
2438 * EventHandle = Handle to the event
2439 * PulseCount = Number of times the action is repeated
2445 IN HANDLE EventHandle
,
2446 OUT PLONG PreviousState OPTIONAL
2452 IN HANDLE EventHandle
,
2453 OUT PLONG PreviousState OPTIONAL
2457 * FUNCTION: Queries the attributes of a file
2459 * ObjectAttributes = Initialized attributes for the object
2460 * Buffer = Caller supplies storage for the attributes
2466 NtQueryAttributesFile(
2467 IN POBJECT_ATTRIBUTES ObjectAttributes
,
2468 OUT PFILE_BASIC_INFORMATION FileInformation
2473 ZwQueryAttributesFile(
2474 IN POBJECT_ATTRIBUTES ObjectAttributes
,
2475 OUT PFILE_BASIC_INFORMATION FileInformation
2481 NtQueryBootEntryOrder(
2488 ZwQueryBootEntryOrder(
2507 * FUNCTION: Queries the default locale id
2509 * UserProfile = Type of locale id
2510 * TRUE: thread locale id
2511 * FALSE: system locale id
2512 * DefaultLocaleId = Caller supplies storage for the locale id
2518 NtQueryDefaultLocale(
2519 IN BOOLEAN UserProfile
,
2520 OUT PLCID DefaultLocaleId
2525 ZwQueryDefaultLocale(
2526 IN BOOLEAN UserProfile
,
2527 OUT PLCID DefaultLocaleId
2532 NtQueryDefaultUILanguage(
2538 ZwQueryDefaultUILanguage(
2543 * FUNCTION: Queries a directory file.
2545 * FileHandle = Handle to a directory file
2546 * EventHandle = Handle to the event signaled on completion
2547 * ApcRoutine = Asynchroneous procedure callback, called on completion
2548 * ApcContext = Argument to the apc.
2549 * IoStatusBlock = Caller supplies storage for extended status information.
2550 * FileInformation = Caller supplies storage for the resulting information.
2552 * FileNameInformation FILE_NAMES_INFORMATION
2553 * FileDirectoryInformation FILE_DIRECTORY_INFORMATION
2554 * FileFullDirectoryInformation FILE_FULL_DIRECTORY_INFORMATION
2555 * FileBothDirectoryInformation FILE_BOTH_DIR_INFORMATION
2557 * Length = Size of the storage supplied
2558 * FileInformationClass = Indicates the type of information requested.
2559 * ReturnSingleEntry = Specify true if caller only requests the first directory found.
2560 * FileName = Initial directory name to query, that may contain wild cards.
2561 * RestartScan = Number of times the action should be repeated
2562 * RETURNS: Status [ STATUS_SUCCESS, STATUS_ACCESS_DENIED, STATUS_INSUFFICIENT_RESOURCES,
2563 * STATUS_INVALID_PARAMETER, STATUS_INVALID_DEVICE_REQUEST, STATUS_BUFFER_OVERFLOW,
2564 * STATUS_INVALID_INFO_CLASS, STATUS_NO_SUCH_FILE, STATUS_NO_MORE_FILES ]
2569 NtQueryDirectoryFile(
2570 IN HANDLE FileHandle
,
2571 IN HANDLE Event OPTIONAL
,
2572 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
2573 IN PVOID ApcContext OPTIONAL
,
2574 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2575 OUT PVOID FileInformation
,
2577 IN FILE_INFORMATION_CLASS FileInformationClass
,
2578 IN BOOLEAN ReturnSingleEntry
,
2579 IN PUNICODE_STRING FileName OPTIONAL
,
2580 IN BOOLEAN RestartScan
2585 ZwQueryDirectoryFile(
2586 IN HANDLE FileHandle
,
2587 IN HANDLE Event OPTIONAL
,
2588 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
2589 IN PVOID ApcContext OPTIONAL
,
2590 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2591 OUT PVOID FileInformation
,
2593 IN FILE_INFORMATION_CLASS FileInformationClass
,
2594 IN BOOLEAN ReturnSingleEntry
,
2595 IN PUNICODE_STRING FileName OPTIONAL
,
2596 IN BOOLEAN RestartScan
2600 * FUNCTION: Queries the extended attributes of a file
2602 * FileHandle = Handle to the event
2603 * IoStatusBlock = Number of times the action is repeated
2617 IN HANDLE FileHandle
,
2618 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2621 IN BOOLEAN ReturnSingleEntry
,
2622 IN PVOID EaList OPTIONAL
,
2623 IN ULONG EaListLength
,
2624 IN PULONG EaIndex OPTIONAL
,
2625 IN BOOLEAN RestartScan
2631 IN HANDLE FileHandle
,
2632 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2635 IN BOOLEAN ReturnSingleEntry
,
2636 IN PVOID EaList OPTIONAL
,
2637 IN ULONG EaListLength
,
2638 IN PULONG EaIndex OPTIONAL
,
2639 IN BOOLEAN RestartScan
2643 * FUNCTION: Queries an event
2645 * EventHandle = Handle to the event
2646 * EventInformationClass = Index of the information structure
2648 EventBasicInformation EVENT_BASIC_INFORMATION
2650 * EventInformation = Caller supplies storage for the information structure
2651 * EventInformationLength = Size of the information structure
2652 * ReturnLength = Data written
2658 IN HANDLE EventHandle
,
2659 IN EVENT_INFORMATION_CLASS EventInformationClass
,
2660 OUT PVOID EventInformation
,
2661 IN ULONG EventInformationLength
,
2662 OUT PULONG ReturnLength OPTIONAL
2667 IN HANDLE EventHandle
,
2668 IN EVENT_INFORMATION_CLASS EventInformationClass
,
2669 OUT PVOID EventInformation
,
2670 IN ULONG EventInformationLength
,
2671 OUT PULONG ReturnLength OPTIONAL
2675 NtQueryFullAttributesFile(IN POBJECT_ATTRIBUTES ObjectAttributes
,
2676 OUT PFILE_NETWORK_OPEN_INFORMATION FileInformation
);
2679 ZwQueryFullAttributesFile(IN POBJECT_ATTRIBUTES ObjectAttributes
,
2680 OUT PFILE_NETWORK_OPEN_INFORMATION FileInformation
);
2683 * FUNCTION: Queries the information of a file object.
2685 * FileHandle = Handle to the file object
2686 * IoStatusBlock = Caller supplies storage for extended information
2687 * on the current operation.
2688 * FileInformation = Storage for the new file information
2689 * Lenght = Size of the storage for the file information.
2690 * FileInformationClass = Indicates which file information is queried
2692 FileDirectoryInformation FILE_DIRECTORY_INFORMATION
2693 FileFullDirectoryInformation FILE_FULL_DIRECTORY_INFORMATION
2694 FileBothDirectoryInformation FILE_BOTH_DIRECTORY_INFORMATION
2695 FileBasicInformation FILE_BASIC_INFORMATION
2696 FileStandardInformation FILE_STANDARD_INFORMATION
2697 FileInternalInformation FILE_INTERNAL_INFORMATION
2698 FileEaInformation FILE_EA_INFORMATION
2699 FileAccessInformation FILE_ACCESS_INFORMATION
2700 FileNameInformation FILE_NAME_INFORMATION
2701 FileRenameInformation FILE_RENAME_INFORMATION
2703 FileNamesInformation FILE_NAMES_INFORMATION
2704 FileDispositionInformation FILE_DISPOSITION_INFORMATION
2705 FilePositionInformation FILE_POSITION_INFORMATION
2706 FileFullEaInformation FILE_FULL_EA_INFORMATION
2707 FileModeInformation FILE_MODE_INFORMATION
2708 FileAlignmentInformation FILE_ALIGNMENT_INFORMATION
2709 FileAllInformation FILE_ALL_INFORMATION
2711 FileEndOfFileInformation FILE_END_OF_FILE_INFORMATION
2712 FileAlternateNameInformation
2713 FileStreamInformation FILE_STREAM_INFORMATION
2715 FilePipeLocalInformation
2716 FilePipeRemoteInformation
2717 FileMailslotQueryInformation
2718 FileMailslotSetInformation
2719 FileCompressionInformation FILE_COMPRESSION_INFORMATION
2720 FileCopyOnWriteInformation
2721 FileCompletionInformation IO_COMPLETION_CONTEXT
2722 FileMoveClusterInformation
2723 FileOleClassIdInformation
2724 FileOleStateBitsInformation
2725 FileNetworkOpenInformation FILE_NETWORK_OPEN_INFORMATION
2726 FileObjectIdInformation
2727 FileOleAllInformation
2728 FileOleDirectoryInformation
2729 FileContentIndexInformation
2730 FileInheritContentIndexInformation
2732 FileMaximumInformation
2735 * This procedure maps to the win32 GetShortPathName, GetLongPathName,
2736 GetFullPathName, GetFileType, GetFileSize, GetFileTime functions.
2741 NtQueryInformationFile(
2742 IN HANDLE FileHandle
,
2743 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2744 OUT PVOID FileInformation
,
2746 IN FILE_INFORMATION_CLASS FileInformationClass
2751 ZwQueryInformationFile(
2753 PIO_STATUS_BLOCK IoStatusBlock
,
2754 PVOID FileInformation
,
2756 FILE_INFORMATION_CLASS FileInformationClass
2761 NtQueryInformationJobObject(
2763 JOBOBJECTINFOCLASS JobInformationClass
,
2764 PVOID JobInformation
,
2765 ULONG JobInformationLength
,
2771 ZwQueryInformationJobObject(
2773 JOBOBJECTINFOCLASS JobInformationClass
,
2774 PVOID JobInformation
,
2775 ULONG JobInformationLength
,
2780 NtQueryInformationPort (HANDLE PortHandle
,
2781 CINT PortInformationClass
,
2782 PVOID PortInformation
,
2783 ULONG PortInformationLength
,
2784 PULONG ReturnLength
);
2786 #ifndef __USE_W32API
2788 ZwQueryInformationPort (HANDLE PortHandle
,
2789 CINT PortInformationClass
,
2790 PVOID PortInformation
,
2791 ULONG PortInformationLength
,
2792 PULONG ReturnLength
);
2796 * FUNCTION: Queries the information of a thread object.
2798 * ThreadHandle = Handle to the thread object
2799 * ThreadInformationClass = Index to a certain information structure
2801 ThreadBasicInformation THREAD_BASIC_INFORMATION
2802 ThreadTimes KERNEL_USER_TIMES
2803 ThreadPriority KPRIORITY
2804 ThreadBasePriority KPRIORITY
2805 ThreadAffinityMask KAFFINITY
2806 ThreadImpersonationToken
2807 ThreadDescriptorTableEntry
2808 ThreadEnableAlignmentFaultFixup
2810 ThreadQuerySetWin32StartAddress
2812 ThreadPerformanceCount
2813 ThreadAmILastThread BOOLEAN
2814 ThreadIdealProcessor ULONG
2815 ThreadPriorityBoost ULONG
2819 * ThreadInformation = Caller supplies torage for the thread information
2820 * ThreadInformationLength = Size of the thread information structure
2821 * ReturnLength = Actual number of bytes written
2824 * This procedure maps to the win32 GetThreadTimes, GetThreadPriority,
2825 GetThreadPriorityBoost functions.
2832 NtQueryInformationThread(
2833 IN HANDLE ThreadHandle
,
2834 IN THREADINFOCLASS ThreadInformationClass
,
2835 OUT PVOID ThreadInformation
,
2836 IN ULONG ThreadInformationLength
,
2837 OUT PULONG ReturnLength
2842 ZwQueryInformationThread(
2843 IN HANDLE ThreadHandle
,
2844 IN THREADINFOCLASS ThreadInformationClass
,
2845 OUT PVOID ThreadInformation
,
2846 IN ULONG ThreadInformationLength
,
2847 OUT PULONG ReturnLength
2853 NtQueryInformationToken(
2854 IN HANDLE TokenHandle
,
2855 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
2856 OUT PVOID TokenInformation
,
2857 IN ULONG TokenInformationLength
,
2858 OUT PULONG ReturnLength
2863 ZwQueryInformationToken(
2864 IN HANDLE TokenHandle
,
2865 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
2866 OUT PVOID TokenInformation
,
2867 IN ULONG TokenInformationLength
,
2868 OUT PULONG ReturnLength
2873 NtQueryInstallUILanguage(
2879 ZwQueryInstallUILanguage(
2885 NtQueryIoCompletion(
2886 IN HANDLE IoCompletionHandle
,
2887 IN IO_COMPLETION_INFORMATION_CLASS IoCompletionInformationClass
,
2888 OUT PVOID IoCompletionInformation
,
2889 IN ULONG IoCompletionInformationLength
,
2890 OUT PULONG ResultLength OPTIONAL
2895 ZwQueryIoCompletion(
2896 IN HANDLE IoCompletionHandle
,
2897 IN IO_COMPLETION_INFORMATION_CLASS IoCompletionInformationClass
,
2898 OUT PVOID IoCompletionInformation
,
2899 IN ULONG IoCompletionInformationLength
,
2900 OUT PULONG ResultLength OPTIONAL
2904 * FUNCTION: Queries the information of a registry key object.
2906 KeyHandle = Handle to a registry key
2907 KeyInformationClass = Index to a certain information structure
2908 KeyInformation = Caller supplies storage for resulting information
2909 Length = Size of the supplied storage
2910 ResultLength = Bytes written
2915 IN HANDLE KeyHandle
,
2916 IN KEY_INFORMATION_CLASS KeyInformationClass
,
2917 OUT PVOID KeyInformation
,
2919 OUT PULONG ResultLength
2925 IN HANDLE KeyHandle
,
2926 IN KEY_INFORMATION_CLASS KeyInformationClass
,
2927 OUT PVOID KeyInformation
,
2929 OUT PULONG ResultLength
2936 NtQueryQuotaInformationFile(
2937 IN HANDLE FileHandle
,
2938 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2941 IN BOOLEAN ReturnSingleEntry
,
2942 IN PVOID SidList OPTIONAL
,
2943 IN ULONG SidListLength
,
2944 IN PSID StartSid OPTIONAL
,
2945 IN BOOLEAN RestartScan
2951 ZwQueryQuotaInformationFile(
2952 IN HANDLE FileHandle
,
2953 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2956 IN BOOLEAN ReturnSingleEntry
,
2957 IN PVOID SidList OPTIONAL
,
2958 IN ULONG SidListLength
,
2959 IN PSID StartSid OPTIONAL
,
2960 IN BOOLEAN RestartScan
2966 NtQueryMultipleValueKey(
2967 IN HANDLE KeyHandle
,
2968 IN OUT PKEY_VALUE_ENTRY ValueList
,
2969 IN ULONG NumberOfValues
,
2971 IN OUT PULONG Length
,
2972 OUT PULONG ReturnLength
2977 ZwQueryMultipleValueKey(
2978 IN HANDLE KeyHandle
,
2979 IN OUT PKEY_VALUE_ENTRY ValueList
,
2980 IN ULONG NumberOfValues
,
2982 IN OUT PULONG Length
,
2983 OUT PULONG ReturnLength
2987 * FUNCTION: Queries the information of a mutant object.
2989 MutantHandle = Handle to a mutant
2990 MutantInformationClass = Index to a certain information structure
2991 MutantInformation = Caller supplies storage for resulting information
2992 Length = Size of the supplied storage
2993 ResultLength = Bytes written
2998 IN HANDLE MutantHandle
,
2999 IN MUTANT_INFORMATION_CLASS MutantInformationClass
,
3000 OUT PVOID MutantInformation
,
3001 IN ULONG MutantInformationLength
,
3002 OUT PULONG ResultLength OPTIONAL
3008 IN HANDLE MutantHandle
,
3009 IN MUTANT_INFORMATION_CLASS MutantInformationClass
,
3010 OUT PVOID MutantInformation
,
3011 IN ULONG MutantInformationLength
,
3012 OUT PULONG ResultLength OPTIONAL
3016 * FUNCTION: Queries the system ( high-resolution ) performance counter.
3018 * Counter = Performance counter
3019 * Frequency = Performance frequency
3021 This procedure queries a tick count faster than 10ms ( The resolution for Intel®-based CPUs is about 0.8 microseconds.)
3022 This procedure maps to the win32 QueryPerformanceCounter, QueryPerformanceFrequency
3028 NtQueryPerformanceCounter(
3029 IN PLARGE_INTEGER Counter
,
3030 IN PLARGE_INTEGER Frequency
3035 ZwQueryPerformanceCounter(
3036 IN PLARGE_INTEGER Counter
,
3037 IN PLARGE_INTEGER Frequency
3041 * FUNCTION: Queries the information of a semaphore.
3043 * SemaphoreHandle = Handle to the semaphore object
3044 * SemaphoreInformationClass = Index to a certain information structure
3046 SemaphoreBasicInformation SEMAPHORE_BASIC_INFORMATION
3048 * SemaphoreInformation = Caller supplies storage for the semaphore information structure
3049 * Length = Size of the infomation structure
3054 IN HANDLE SemaphoreHandle
,
3055 IN SEMAPHORE_INFORMATION_CLASS SemaphoreInformationClass
,
3056 OUT PVOID SemaphoreInformation
,
3058 OUT PULONG ReturnLength OPTIONAL
3064 IN HANDLE SemaphoreHandle
,
3065 IN SEMAPHORE_INFORMATION_CLASS SemaphoreInformationClass
,
3066 OUT PVOID SemaphoreInformation
,
3068 OUT PULONG ReturnLength OPTIONAL
3073 * FUNCTION: Queries the information of a symbolic link object.
3075 * SymbolicLinkHandle = Handle to the symbolic link object
3076 * LinkTarget = resolved name of link
3077 * DataWritten = size of the LinkName.
3083 NtQuerySymbolicLinkObject(
3084 IN HANDLE SymLinkObjHandle
,
3085 OUT PUNICODE_STRING LinkTarget
,
3086 OUT PULONG DataWritten OPTIONAL
3091 ZwQuerySymbolicLinkObject(
3092 IN HANDLE SymLinkObjHandle
,
3093 OUT PUNICODE_STRING LinkName
,
3094 OUT PULONG DataWritten OPTIONAL
3099 * FUNCTION: Queries a system environment variable.
3101 * Name = Name of the variable
3102 * Value (OUT) = value of the variable
3103 * Length = size of the buffer
3104 * ReturnLength = data written
3110 NtQuerySystemEnvironmentValue(
3111 IN PUNICODE_STRING Name
,
3119 ZwQuerySystemEnvironmentValue(
3120 IN PUNICODE_STRING Name
,
3128 * FUNCTION: Queries the system information.
3130 * SystemInformationClass = Index to a certain information structure
3132 SystemTimeAdjustmentInformation SYSTEM_TIME_ADJUSTMENT
3133 SystemCacheInformation SYSTEM_CACHE_INFORMATION
3134 SystemConfigurationInformation CONFIGURATION_INFORMATION
3136 * SystemInformation = caller supplies storage for the information structure
3137 * Length = size of the structure
3138 ResultLength = Data written
3144 NtQuerySystemInformation(
3145 IN SYSTEM_INFORMATION_CLASS SystemInformationClass
,
3146 OUT PVOID SystemInformation
,
3148 OUT PULONG ResultLength
3153 ZwQuerySystemInformation(
3154 IN SYSTEM_INFORMATION_CLASS SystemInformationClass
,
3155 OUT PVOID SystemInformation
,
3157 OUT PULONG ResultLength
3161 * FUNCTION: Queries information about a timer
3163 * TimerHandle = Handle to the timer
3164 TimerValueInformationClass = Index to a certain information structure
3165 TimerValueInformation = Caller supplies storage for the information structure
3166 Length = Size of the information structure
3167 ResultLength = Data written
3174 IN HANDLE TimerHandle
,
3175 IN TIMER_INFORMATION_CLASS TimerInformationClass
,
3176 OUT PVOID TimerInformation
,
3177 IN ULONG TimerInformationLength
,
3178 OUT PULONG ReturnLength OPTIONAL
3183 IN HANDLE TimerHandle
,
3184 IN TIMER_INFORMATION_CLASS TimerInformationClass
,
3185 OUT PVOID TimerInformation
,
3186 IN ULONG TimerInformationLength
,
3187 OUT PULONG ReturnLength OPTIONAL
3191 * FUNCTION: Queries the timer resolution
3193 * MinimumResolution (OUT) = Caller should supply storage for the resulting time.
3194 Maximum Resolution (OUT) = Caller should supply storage for the resulting time.
3195 ActualResolution (OUT) = Caller should supply storage for the resulting time.
3203 NtQueryTimerResolution (
3204 OUT PULONG MinimumResolution
,
3205 OUT PULONG MaximumResolution
,
3206 OUT PULONG ActualResolution
3211 ZwQueryTimerResolution (
3212 OUT PULONG MinimumResolution
,
3213 OUT PULONG MaximumResolution
,
3214 OUT PULONG ActualResolution
3218 * FUNCTION: Queries a registry key value
3220 * KeyHandle = Handle to the registry key
3221 ValueName = Name of the value in the registry key
3222 KeyValueInformationClass = Index to a certain information structure
3224 KeyValueBasicInformation = KEY_VALUE_BASIC_INFORMATION
3225 KeyValueFullInformation = KEY_FULL_INFORMATION
3226 KeyValuePartialInformation = KEY_VALUE_PARTIAL_INFORMATION
3228 KeyValueInformation = Caller supplies storage for the information structure
3229 Length = Size of the information structure
3230 ResultLength = Data written
3237 IN HANDLE KeyHandle
,
3238 IN PUNICODE_STRING ValueName
,
3239 IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass
,
3240 OUT PVOID KeyValueInformation
,
3242 OUT PULONG ResultLength
3248 IN HANDLE KeyHandle
,
3249 IN PUNICODE_STRING ValueName
,
3250 IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass
,
3251 OUT PVOID KeyValueInformation
,
3253 OUT PULONG ResultLength
3257 * FUNCTION: Queries the volume information
3259 * FileHandle = Handle to a file object on the target volume
3260 * IoStatusBlock = Caller should supply storage for additional status information
3261 * ReturnLength = DataWritten
3262 * FsInformation = Caller should supply storage for the information structure.
3263 * Length = Size of the information structure
3264 * FsInformationClass = Index to a information structure
3266 FileFsVolumeInformation FILE_FS_VOLUME_INFORMATION
3267 FileFsLabelInformation FILE_FS_LABEL_INFORMATION
3268 FileFsSizeInformation FILE_FS_SIZE_INFORMATION
3269 FileFsDeviceInformation FILE_FS_DEVICE_INFORMATION
3270 FileFsAttributeInformation FILE_FS_ATTRIBUTE_INFORMATION
3271 FileFsControlInformation
3272 FileFsQuotaQueryInformation --
3273 FileFsQuotaSetInformation --
3274 FileFsMaximumInformation
3276 * RETURNS: Status [ STATUS_SUCCESS | STATUS_INSUFFICIENT_RESOURCES | STATUS_INVALID_PARAMETER |
3277 STATUS_INVALID_DEVICE_REQUEST | STATUS_BUFFER_OVERFLOW ]
3282 NtQueryVolumeInformationFile(
3283 IN HANDLE FileHandle
,
3284 OUT PIO_STATUS_BLOCK IoStatusBlock
,
3285 OUT PVOID FsInformation
,
3287 IN FS_INFORMATION_CLASS FsInformationClass
3292 ZwQueryVolumeInformationFile(
3293 IN HANDLE FileHandle
,
3294 OUT PIO_STATUS_BLOCK IoStatusBlock
,
3295 OUT PVOID FsInformation
,
3297 IN FS_INFORMATION_CLASS FsInformationClass
3300 // FIXME: Should I specify if the apc is user or kernel mode somewhere ??
3302 * FUNCTION: Queues a (user) apc to a thread.
3304 ThreadHandle = Thread to which the apc is queued.
3305 ApcRoutine = Points to the apc routine
3306 NormalContext = Argument to Apc Routine
3307 * SystemArgument1 = Argument of the Apc Routine
3308 SystemArgument2 = Argument of the Apc Routine
3309 * REMARK: If the apc is queued against a thread of a different process than the calling thread
3310 the apc routine should be specified in the address space of the queued thread's process.
3317 HANDLE ThreadHandle
,
3318 PKNORMAL_ROUTINE ApcRoutine
,
3319 PVOID NormalContext
,
3320 PVOID SystemArgument1
,
3321 PVOID SystemArgument2
);
3326 HANDLE ThreadHandle
,
3327 PKNORMAL_ROUTINE ApcRoutine
,
3328 PVOID NormalContext
,
3329 PVOID SystemArgument1
,
3330 PVOID SystemArgument2
);
3334 * FUNCTION: Raises an exception
3336 * ExceptionRecord = Structure specifying the exception
3337 * Context = Context in which the excpetion is raised
3346 IN PEXCEPTION_RECORD ExceptionRecord
,
3347 IN PCONTEXT Context
,
3348 IN BOOLEAN SearchFrames
3354 IN PEXCEPTION_RECORD ExceptionRecord
,
3355 IN PCONTEXT Context
,
3356 IN BOOLEAN SearchFrames
3360 * FUNCTION: Read a file
3362 * FileHandle = Handle of a file to read
3363 * Event = This event is signalled when the read operation completes
3364 * UserApcRoutine = Call back , if supplied Event should be NULL
3365 * UserApcContext = Argument to the callback
3366 * IoStatusBlock = Caller should supply storage for additional status information
3367 * Buffer = Caller should supply storage to receive the information
3368 * BufferLength = Size of the buffer
3369 * ByteOffset = Offset to start reading the file
3370 * Key = If a range is lock a matching key will allow the read to continue.
3378 IN HANDLE FileHandle
,
3379 IN HANDLE Event OPTIONAL
,
3380 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL
,
3381 IN PVOID UserApcContext OPTIONAL
,
3382 OUT PIO_STATUS_BLOCK IoStatusBlock
,
3384 IN ULONG BufferLength
,
3385 IN PLARGE_INTEGER ByteOffset OPTIONAL
,
3386 IN PULONG Key OPTIONAL
3392 IN HANDLE FileHandle
,
3393 IN HANDLE Event OPTIONAL
,
3394 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL
,
3395 IN PVOID UserApcContext OPTIONAL
,
3396 OUT PIO_STATUS_BLOCK IoStatusBlock
,
3398 IN ULONG BufferLength
,
3399 IN PLARGE_INTEGER ByteOffset OPTIONAL
,
3400 IN PULONG Key OPTIONAL
3403 * FUNCTION: Read a file using scattered io
3405 FileHandle = Handle of a file to read
3406 Event = This event is signalled when the read operation completes
3407 * UserApcRoutine = Call back , if supplied Event should be NULL
3408 UserApcContext = Argument to the callback
3409 IoStatusBlock = Caller should supply storage for additional status information
3410 BufferDescription = Caller should supply storage to receive the information
3411 BufferLength = Size of the buffer
3412 ByteOffset = Offset to start reading the file
3413 Key = Key = If a range is lock a matching key will allow the read to continue.
3420 IN HANDLE FileHandle
,
3421 IN HANDLE Event OPTIONAL
,
3422 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL
,
3423 IN PVOID UserApcContext OPTIONAL
,
3424 OUT PIO_STATUS_BLOCK UserIoStatusBlock
,
3425 IN FILE_SEGMENT_ELEMENT BufferDescription
[],
3426 IN ULONG BufferLength
,
3427 IN PLARGE_INTEGER ByteOffset
,
3428 IN PULONG Key OPTIONAL
3434 IN HANDLE FileHandle
,
3435 IN HANDLE Event OPTIONAL
,
3436 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL
,
3437 IN PVOID UserApcContext OPTIONAL
,
3438 OUT PIO_STATUS_BLOCK UserIoStatusBlock
,
3439 IN FILE_SEGMENT_ELEMENT BufferDescription
[],
3440 IN ULONG BufferLength
,
3441 IN PLARGE_INTEGER ByteOffset
,
3442 IN PULONG Key OPTIONAL
3447 NtReadRequestData (HANDLE PortHandle
,
3448 PLPC_MESSAGE Message
,
3452 PULONG ReturnLength
);
3455 ZwReadRequestData (HANDLE PortHandle
,
3456 PLPC_MESSAGE Message
,
3460 PULONG ReturnLength
);
3464 * FUNCTION: Copies a range of virtual memory to a buffer
3466 * ProcessHandle = Specifies the process owning the virtual address space
3467 * BaseAddress = Points to the address of virtual memory to start the read
3468 * Buffer = Caller supplies storage to copy the virtual memory to.
3469 * NumberOfBytesToRead = Limits the range to read
3470 * NumberOfBytesRead = The actual number of bytes read.
3476 NtReadVirtualMemory(
3477 IN HANDLE ProcessHandle
,
3478 IN PVOID BaseAddress
,
3480 IN ULONG NumberOfBytesToRead
,
3481 OUT PULONG NumberOfBytesRead
3485 ZwReadVirtualMemory(
3486 IN HANDLE ProcessHandle
,
3487 IN PVOID BaseAddress
,
3489 IN ULONG NumberOfBytesToRead
,
3490 OUT PULONG NumberOfBytesRead
3495 * FUNCTION: Debugger can register for thread termination
3497 * TerminationPort = Port on which the debugger likes to be notified.
3502 NtRegisterThreadTerminatePort(
3503 HANDLE TerminationPort
3507 ZwRegisterThreadTerminatePort(
3508 HANDLE TerminationPort
3512 * FUNCTION: Releases a mutant
3514 * MutantHandle = Handle to the mutant
3521 IN HANDLE MutantHandle
,
3522 IN PLONG PreviousCount OPTIONAL
3528 IN HANDLE MutantHandle
,
3529 IN PLONG PreviousCount OPTIONAL
3533 * FUNCTION: Releases a semaphore
3535 * SemaphoreHandle = Handle to the semaphore object
3536 * ReleaseCount = Number to decrease the semaphore count
3537 * PreviousCount = Previous semaphore count
3543 IN HANDLE SemaphoreHandle
,
3544 IN LONG ReleaseCount
,
3545 OUT PLONG PreviousCount OPTIONAL
3551 IN HANDLE SemaphoreHandle
,
3552 IN LONG ReleaseCount
,
3553 OUT PLONG PreviousCount OPTIONAL
3557 * FUNCTION: Removes an io completion
3559 * CompletionPort (OUT) = Caller supplied storage for the resulting handle
3560 * CompletionKey = Requested access to the key
3561 * IoStatusBlock = Caller provides storage for extended status information
3562 * CompletionStatus = Current status of the io operation.
3563 * WaitTime = Time to wait if ..
3568 NtRemoveIoCompletion(
3569 IN HANDLE IoCompletionHandle
,
3570 OUT PULONG CompletionKey
,
3571 OUT PULONG CompletionValue
,
3572 OUT PIO_STATUS_BLOCK IoStatusBlock
,
3573 IN PLARGE_INTEGER Timeout OPTIONAL
3578 ZwRemoveIoCompletion(
3579 IN HANDLE IoCompletionHandle
,
3580 OUT PULONG CompletionKey
,
3581 OUT PULONG CompletionValue
,
3582 OUT PIO_STATUS_BLOCK IoStatusBlock
,
3583 IN PLARGE_INTEGER Timeout OPTIONAL
3587 * FUNCTION: Replaces one registry key with another
3589 * ObjectAttributes = Specifies the attributes of the key
3590 * Key = Handle to the key
3591 * ReplacedObjectAttributes = The function returns the old object attributes
3597 IN POBJECT_ATTRIBUTES ObjectAttributes
,
3599 IN POBJECT_ATTRIBUTES ReplacedObjectAttributes
3604 IN POBJECT_ATTRIBUTES ObjectAttributes
,
3606 IN POBJECT_ATTRIBUTES ReplacedObjectAttributes
3611 NtReplyPort (HANDLE PortHandle
,
3612 PLPC_MESSAGE LpcReply
);
3615 ZwReplyPort (HANDLE PortHandle
,
3616 PLPC_MESSAGE LpcReply
);
3620 NtReplyWaitReceivePort (HANDLE PortHandle
,
3622 PLPC_MESSAGE MessageReply
,
3623 PLPC_MESSAGE MessageRequest
);
3626 ZwReplyWaitReceivePort (HANDLE PortHandle
,
3628 PLPC_MESSAGE MessageReply
,
3629 PLPC_MESSAGE MessageRequest
);
3633 NtReplyWaitReplyPort (HANDLE PortHandle
,
3634 PLPC_MESSAGE ReplyMessage
);
3637 ZwReplyWaitReplyPort (HANDLE PortHandle
,
3638 PLPC_MESSAGE ReplyMessage
);
3642 NtRequestPort (HANDLE PortHandle
,
3643 PLPC_MESSAGE LpcMessage
);
3646 ZwRequestPort (HANDLE PortHandle
,
3647 PLPC_MESSAGE LpcMessage
);
3651 NtRequestWaitReplyPort (HANDLE PortHandle
,
3652 PLPC_MESSAGE LpcReply
,
3653 PLPC_MESSAGE LpcRequest
);
3656 ZwRequestWaitReplyPort (HANDLE PortHandle
,
3657 PLPC_MESSAGE LpcReply
,
3658 PLPC_MESSAGE LpcRequest
);
3661 * FUNCTION: Resets a event to a non signaled state
3663 * EventHandle = Handle to the event that should be reset
3664 * NumberOfWaitingThreads = The number of threads released.
3671 OUT PLONG PreviousState OPTIONAL
3677 OUT PLONG PreviousState OPTIONAL
3696 * FUNCTION: Decrements a thread's resume count
3698 * ThreadHandle = Handle to the thread that should be resumed
3699 * ResumeCount = The resulting resume count.
3701 * A thread is resumed if its suspend count is 0. This procedure maps to
3702 * the win32 ResumeThread function. ( documentation about the the suspend count can be found here aswell )
3708 IN HANDLE ThreadHandle
,
3709 OUT PULONG SuspendCount
3714 IN HANDLE ThreadHandle
,
3715 OUT PULONG SuspendCount
3718 * FUNCTION: Writes the content of a registry key to ascii file
3720 * KeyHandle = Handle to the key
3721 * FileHandle = Handle of the file
3723 This function maps to the Win32 RegSaveKey.
3730 IN HANDLE KeyHandle
,
3731 IN HANDLE FileHandle
3736 IN HANDLE KeyHandle
,
3737 IN HANDLE FileHandle
3743 IN HANDLE KeyHandle
,
3744 IN HANDLE FileHandle
,
3745 IN ULONG Flags
// REG_STANDARD_FORMAT, etc..
3751 IN HANDLE KeyHandle
,
3752 IN HANDLE FileHandle
,
3753 IN ULONG Flags
// REG_STANDARD_FORMAT, etc..
3758 NtSetBootEntryOrder(
3765 ZwSetBootEntryOrder(
3786 * FUNCTION: Sets the context of a specified thread.
3788 * ThreadHandle = Handle to the thread
3789 * Context = The processor context.
3796 IN HANDLE ThreadHandle
,
3802 IN HANDLE ThreadHandle
,
3807 * FUNCTION: Sets the default locale id
3809 * UserProfile = Type of locale id
3810 * TRUE: thread locale id
3811 * FALSE: system locale id
3812 * DefaultLocaleId = Locale id
3819 IN BOOLEAN UserProfile
,
3820 IN LCID DefaultLocaleId
3826 IN BOOLEAN UserProfile
,
3827 IN LCID DefaultLocaleId
3832 NtSetDefaultUILanguage(
3838 ZwSetDefaultUILanguage(
3842 * FUNCTION: Sets the default hard error port
3844 * PortHandle = Handle to the port
3845 * NOTE: The hard error port is used for first change exception handling
3850 NtSetDefaultHardErrorPort(
3851 IN HANDLE PortHandle
3855 ZwSetDefaultHardErrorPort(
3856 IN HANDLE PortHandle
3860 * FUNCTION: Sets the extended attributes of a file.
3862 * FileHandle = Handle to the file
3863 * IoStatusBlock = Storage for a resulting status and information
3864 * on the current operation.
3865 * EaBuffer = Extended Attributes buffer.
3866 * EaBufferSize = Size of the extended attributes buffer
3872 IN HANDLE FileHandle
,
3873 IN PIO_STATUS_BLOCK IoStatusBlock
,
3880 IN HANDLE FileHandle
,
3881 IN PIO_STATUS_BLOCK IoStatusBlock
,
3886 //FIXME: should I return the event state ?
3889 * FUNCTION: Sets the event to a signalled state.
3891 * EventHandle = Handle to the event
3892 * NumberOfThreadsReleased = The number of threads released
3894 * This procedure maps to the win32 SetEvent function.
3901 IN HANDLE EventHandle
,
3902 OUT PLONG PreviousState OPTIONAL
3908 IN HANDLE EventHandle
,
3909 OUT PLONG PreviousState OPTIONAL
3913 * FUNCTION: Sets the high part of an event pair
3915 EventPair = Handle to the event pair
3922 IN HANDLE EventPairHandle
3928 IN HANDLE EventPairHandle
3931 * FUNCTION: Sets the high part of an event pair and wait for the low part
3933 EventPair = Handle to the event pair
3938 NtSetHighWaitLowEventPair(
3939 IN HANDLE EventPairHandle
3943 ZwSetHighWaitLowEventPair(
3944 IN HANDLE EventPairHandle
3948 * FUNCTION: Sets the information of a file object.
3950 * FileHandle = Handle to the file object
3951 * IoStatusBlock = Caller supplies storage for extended information
3952 * on the current operation.
3953 * FileInformation = Storage for the new file information
3954 * Lenght = Size of the new file information.
3955 * FileInformationClass = Indicates to a certain information structure
3957 FileNameInformation FILE_NAME_INFORMATION
3958 FileRenameInformation FILE_RENAME_INFORMATION
3959 FileStreamInformation FILE_STREAM_INFORMATION
3960 * FileCompletionInformation IO_COMPLETION_CONTEXT
3963 * This procedure maps to the win32 SetEndOfFile, SetFileAttributes,
3964 * SetNamedPipeHandleState, SetMailslotInfo functions.
3971 NtSetInformationFile(
3972 IN HANDLE FileHandle
,
3973 IN PIO_STATUS_BLOCK IoStatusBlock
,
3974 IN PVOID FileInformation
,
3976 IN FILE_INFORMATION_CLASS FileInformationClass
3980 ZwSetInformationFile(
3981 IN HANDLE FileHandle
,
3982 IN PIO_STATUS_BLOCK IoStatusBlock
,
3983 IN PVOID FileInformation
,
3985 IN FILE_INFORMATION_CLASS FileInformationClass
3990 NtSetInformationJobObject(
3992 JOBOBJECTINFOCLASS JobInformationClass
,
3993 PVOID JobInformation
,
3994 ULONG JobInformationLength
3999 ZwSetInformationJobObject(
4001 JOBOBJECTINFOCLASS JobInformationClass
,
4002 PVOID JobInformation
,
4003 ULONG JobInformationLength
4006 * FUNCTION: Changes a set of thread specific parameters
4008 * ThreadHandle = Handle to the thread
4009 * ThreadInformationClass = Index to the set of parameters to change.
4010 * Can be one of the following values:
4012 * ThreadBasicInformation THREAD_BASIC_INFORMATION
4013 * ThreadPriority KPRIORITY //???
4014 * ThreadBasePriority KPRIORITY
4015 * ThreadAffinityMask KAFFINITY //??
4016 * ThreadImpersonationToken ACCESS_TOKEN
4017 * ThreadIdealProcessor ULONG
4018 * ThreadPriorityBoost ULONG
4020 * ThreadInformation = Caller supplies storage for parameters to set.
4021 * ThreadInformationLength = Size of the storage supplied
4026 NtSetInformationThread(
4027 IN HANDLE ThreadHandle
,
4028 IN THREADINFOCLASS ThreadInformationClass
,
4029 IN PVOID ThreadInformation
,
4030 IN ULONG ThreadInformationLength
4034 ZwSetInformationThread(
4035 IN HANDLE ThreadHandle
,
4036 IN THREADINFOCLASS ThreadInformationClass
,
4037 IN PVOID ThreadInformation
,
4038 IN ULONG ThreadInformationLength
4042 * FUNCTION: Changes a set of token specific parameters
4044 * TokenHandle = Handle to the token
4045 * TokenInformationClass = Index to a certain information structure.
4046 * Can be one of the following values:
4048 TokenUser TOKEN_USER
4049 TokenGroups TOKEN_GROUPS
4050 TokenPrivileges TOKEN_PRIVILEGES
4051 TokenOwner TOKEN_OWNER
4052 TokenPrimaryGroup TOKEN_PRIMARY_GROUP
4053 TokenDefaultDacl TOKEN_DEFAULT_DACL
4054 TokenSource TOKEN_SOURCE
4055 TokenType TOKEN_TYPE
4056 TokenImpersonationLevel TOKEN_IMPERSONATION_LEVEL
4057 TokenStatistics TOKEN_STATISTICS
4059 * TokenInformation = Caller supplies storage for information structure.
4060 * TokenInformationLength = Size of the information structure
4066 NtSetInformationToken(
4067 IN HANDLE TokenHandle
,
4068 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
4069 OUT PVOID TokenInformation
,
4070 IN ULONG TokenInformationLength
4075 ZwSetInformationToken(
4076 IN HANDLE TokenHandle
,
4077 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
4078 OUT PVOID TokenInformation
,
4079 IN ULONG TokenInformationLength
4084 * FUNCTION: Sets an io completion
4089 * NumberOfBytesToTransfer =
4090 * NumberOfBytesTransferred =
4096 IN HANDLE IoCompletionPortHandle
,
4097 IN ULONG CompletionKey
,
4098 IN ULONG CompletionValue
,
4099 IN NTSTATUS CompletionStatus
,
4100 IN ULONG CompletionInformation
4106 IN HANDLE IoCompletionPortHandle
,
4107 IN ULONG CompletionKey
,
4108 IN ULONG CompletionValue
,
4109 IN NTSTATUS CompletionStatus
,
4110 IN ULONG CompletionInformation
4114 * FUNCTION: Set properties for profiling
4124 NtSetIntervalProfile(
4126 KPROFILE_SOURCE ClockSource
4131 ZwSetIntervalProfile(
4133 KPROFILE_SOURCE ClockSource
4138 * FUNCTION: Sets the low part of an event pair
4140 EventPair = Handle to the event pair
4155 * FUNCTION: Sets the low part of an event pair and wait for the high part
4157 EventPair = Handle to the event pair
4162 NtSetLowWaitHighEventPair(
4167 ZwSetLowWaitHighEventPair(
4171 /* NtSetLowWaitHighThread effectively invokes NtSetLowWaitHighEventPair on the
4172 * event pair of the thread.
4176 NtSetLowWaitHighThread(
4179 /* ZwSetLowWaitHighThread effectively invokes ZwSetLowWaitHighEventPair on the
4180 * event pair of the thread.
4184 ZwSetLowWaitHighThread(
4188 /* NtSetHighWaitLowThread effectively invokes NtSetHighWaitLowEventPair on the
4189 * event pair of the thread.
4193 NtSetHighWaitLowThread(
4197 /* ZwSetHighWaitLowThread effectively invokes ZwSetHighWaitLowEventPair on the
4198 * event pair of the thread.
4202 ZwSetHighWaitLowThread(
4208 NtSetQuotaInformationFile(
4210 PIO_STATUS_BLOCK IoStatusBlock
,
4211 PFILE_USER_QUOTA_INFORMATION Buffer
,
4217 ZwSetQuotaInformationFile(
4219 PIO_STATUS_BLOCK IoStatusBlock
,
4220 PFILE_USER_QUOTA_INFORMATION Buffer
,
4226 NtSetSecurityObject(
4228 IN SECURITY_INFORMATION SecurityInformation
,
4229 IN PSECURITY_DESCRIPTOR SecurityDescriptor
4234 ZwSetSecurityObject(
4236 IN SECURITY_INFORMATION SecurityInformation
,
4237 IN PSECURITY_DESCRIPTOR SecurityDescriptor
4242 * FUNCTION: Sets a system environment variable
4244 * ValueName = Name of the environment variable
4245 * Value = Value of the environment variable
4250 NtSetSystemEnvironmentValue(
4251 IN PUNICODE_STRING VariableName
,
4252 IN PUNICODE_STRING Value
4256 ZwSetSystemEnvironmentValue(
4257 IN PUNICODE_STRING VariableName
,
4258 IN PUNICODE_STRING Value
4261 * FUNCTION: Sets system parameters
4263 * SystemInformationClass = Index to a particular set of system parameters
4264 * Can be one of the following values:
4266 * SystemTimeAdjustmentInformation SYSTEM_TIME_ADJUSTMENT
4268 * SystemInformation = Structure containing the parameters.
4269 * SystemInformationLength = Size of the structure.
4274 NtSetSystemInformation(
4275 IN SYSTEM_INFORMATION_CLASS SystemInformationClass
,
4276 IN PVOID SystemInformation
,
4277 IN ULONG SystemInformationLength
4282 ZwSetSystemInformation(
4283 IN SYSTEM_INFORMATION_CLASS SystemInformationClass
,
4284 IN PVOID SystemInformation
,
4285 IN ULONG SystemInformationLength
4289 * FUNCTION: Sets the system time
4291 * SystemTime = Old System time
4292 * NewSystemTime = New System time
4298 IN PLARGE_INTEGER SystemTime
,
4299 IN PLARGE_INTEGER NewSystemTime OPTIONAL
4304 IN PLARGE_INTEGER SystemTime
,
4305 IN PLARGE_INTEGER NewSystemTime OPTIONAL
4309 * FUNCTION: Sets the frequency of the system timer
4311 * RequestedResolution =
4313 * ActualResolution =
4318 NtSetTimerResolution(
4319 IN ULONG DesiredResolution
,
4320 IN BOOLEAN SetResolution
,
4321 OUT PULONG CurrentResolution
4325 ZwSetTimerResolution(
4326 IN ULONG DesiredResolution
,
4327 IN BOOLEAN SetResolution
,
4328 OUT PULONG CurrentResolution
4332 * FUNCTION: Sets the value of a registry key
4334 * KeyHandle = Handle to a registry key
4335 * ValueName = Name of the value entry to change
4336 * TitleIndex = pointer to a structure containing the new volume information
4337 * Type = Type of the registry key. Can be one of the values:
4338 * REG_BINARY Unspecified binary data
4339 * REG_DWORD A 32 bit value
4340 * REG_DWORD_LITTLE_ENDIAN Same as REG_DWORD
4341 * REG_DWORD_BIG_ENDIAN A 32 bit value whose least significant byte is at the highest address
4342 * REG_EXPAND_SZ A zero terminated wide character string with unexpanded environment variables ( "%PATH%" )
4343 * REG_LINK A zero terminated wide character string referring to a symbolic link.
4344 * REG_MULTI_SZ A series of zero-terminated strings including a additional trailing zero
4345 * REG_NONE Unspecified type
4346 * REG_SZ A wide character string ( zero terminated )
4347 * REG_RESOURCE_LIST ??
4348 * REG_RESOURCE_REQUIREMENTS_LIST ??
4349 * REG_FULL_RESOURCE_DESCRIPTOR ??
4350 * Data = Contains the data for the registry key.
4351 * DataSize = size of the data.
4357 IN HANDLE KeyHandle
,
4358 IN PUNICODE_STRING ValueName
,
4359 IN ULONG TitleIndex OPTIONAL
,
4367 IN HANDLE KeyHandle
,
4368 IN PUNICODE_STRING ValueName
,
4369 IN ULONG TitleIndex OPTIONAL
,
4376 * FUNCTION: Sets the volume information.
4378 * FileHandle = Handle to the file
4379 * IoStatusBlock = Caller should supply storage for additional status information
4380 * VolumeInformation = pointer to a structure containing the new volume information
4381 * Length = size of the structure.
4382 * VolumeInformationClass = specifies the particular volume information to set
4387 NtSetVolumeInformationFile(
4388 IN HANDLE FileHandle
,
4389 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4390 IN PVOID FsInformation
,
4392 IN FS_INFORMATION_CLASS FsInformationClass
4397 ZwSetVolumeInformationFile(
4398 IN HANDLE FileHandle
,
4399 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4400 IN PVOID FsInformation
,
4402 IN FS_INFORMATION_CLASS FsInformationClass
4406 * FUNCTION: Shuts the system down
4408 * Action = Specifies the type of shutdown, it can be one of the following values:
4409 * ShutdownNoReboot, ShutdownReboot, ShutdownPowerOff
4415 IN SHUTDOWN_ACTION Action
4421 IN SHUTDOWN_ACTION Action
4425 * FUNCTION: Signals an object and wait for an other one.
4427 * SignalObject = Handle to the object that should be signaled
4428 * WaitObject = Handle to the object that should be waited for
4429 * Alertable = True if the wait is alertable
4430 * Time = The time to wait
4435 NtSignalAndWaitForSingleObject(
4436 IN HANDLE SignalObject
,
4437 IN HANDLE WaitObject
,
4438 IN BOOLEAN Alertable
,
4439 IN PLARGE_INTEGER Time
4444 NtSignalAndWaitForSingleObject(
4445 IN HANDLE SignalObject
,
4446 IN HANDLE WaitObject
,
4447 IN BOOLEAN Alertable
,
4448 IN PLARGE_INTEGER Time
4452 * FUNCTION: Starts profiling
4454 * ProfileHandle = Handle to the profile
4461 HANDLE ProfileHandle
4467 HANDLE ProfileHandle
4471 * FUNCTION: Stops profiling
4473 * ProfileHandle = Handle to the profile
4480 HANDLE ProfileHandle
4486 HANDLE ProfileHandle
4489 /* --- PROCESS MANAGEMENT --- */
4491 //--NtSystemDebugControl
4493 * FUNCTION: Terminates the execution of a process.
4495 * ThreadHandle = Handle to the process
4496 * ExitStatus = The exit status of the process to terminate with.
4498 * Native applications should kill themselves using this function.
4504 IN HANDLE ProcessHandle
,
4505 IN NTSTATUS ExitStatus
4510 IN HANDLE ProcessHandle
,
4511 IN NTSTATUS ExitStatus
4516 NtTerminateJobObject(
4523 ZwTerminateJobObject(
4531 IN ULONG TraceHandle
,
4533 IN ULONG TraceHeaderLength
,
4534 IN
struct _EVENT_TRACE_HEADER
* TraceHeader
4540 IN ULONG TraceHandle
,
4542 IN ULONG TraceHeaderLength
,
4543 IN
struct _EVENT_TRACE_HEADER
* TraceHeader
4548 NtTranslateFilePath(
4557 ZwTranslateFilePath(
4563 * FUNCTION: Unloads a driver.
4565 * DriverServiceName = Name of the driver to unload
4571 IN PUNICODE_STRING DriverServiceName
4576 IN PUNICODE_STRING DriverServiceName
4580 * FUNCTION: Unmaps a piece of virtual memory backed by a file.
4582 * ProcessHandle = Handle to the process
4583 * BaseAddress = The address where the mapping begins
4585 This procedure maps to the win32 UnMapViewOfFile
4590 NtUnmapViewOfSection(
4591 IN HANDLE ProcessHandle
,
4592 IN PVOID BaseAddress
4596 ZwUnmapViewOfSection(
4597 IN HANDLE ProcessHandle
,
4598 IN PVOID BaseAddress
4603 NtWriteRequestData (HANDLE PortHandle
,
4604 PLPC_MESSAGE Message
,
4608 PULONG ReturnLength
);
4611 ZwWriteRequestData (HANDLE PortHandle
,
4612 PLPC_MESSAGE Message
,
4616 PULONG ReturnLength
);
4620 * FUNCTION: Writes a range of virtual memory
4622 * ProcessHandle = The handle to the process owning the address space.
4623 * BaseAddress = The points to the address to write to
4624 * Buffer = Pointer to the buffer to write
4625 * NumberOfBytesToWrite = Offset to the upper boundary to write
4626 * NumberOfBytesWritten = Total bytes written
4628 * This function maps to the win32 WriteProcessMemory
4633 NtWriteVirtualMemory(
4634 IN HANDLE ProcessHandle
,
4635 IN PVOID BaseAddress
,
4637 IN ULONG NumberOfBytesToWrite
,
4638 OUT PULONG NumberOfBytesWritten
4643 ZwWriteVirtualMemory(
4644 IN HANDLE ProcessHandle
,
4645 IN PVOID BaseAddress
,
4647 IN ULONG NumberOfBytesToWrite
,
4648 OUT PULONG NumberOfBytesWritten
4653 * FUNCTION: Waits for an object to become signalled.
4655 * Object = The object handle
4656 * Alertable = If true the wait is alertable.
4657 * Time = The maximum wait time.
4659 * This function maps to the win32 WaitForSingleObjectEx.
4664 NtWaitForSingleObject (
4666 IN BOOLEAN Alertable
,
4667 IN PLARGE_INTEGER Time
4672 ZwWaitForSingleObject (
4674 IN BOOLEAN Alertable
,
4675 IN PLARGE_INTEGER Time
4678 /* --- EVENT PAIR OBJECT --- */
4681 * FUNCTION: Waits for the high part of an eventpair to become signalled
4683 * EventPairHandle = Handle to the event pair.
4689 NtWaitHighEventPair(
4690 IN HANDLE EventPairHandle
4695 ZwWaitHighEventPair(
4696 IN HANDLE EventPairHandle
4700 * FUNCTION: Waits for the low part of an eventpair to become signalled
4702 * EventPairHandle = Handle to the event pair.
4708 IN HANDLE EventPairHandle
4714 IN HANDLE EventPairHandle
4717 /* --- FILE MANAGEMENT --- */
4720 * FUNCTION: Unlocks a range of bytes in a file.
4722 * FileHandle = Handle to the file
4723 * IoStatusBlock = Caller should supply storage for a structure containing
4724 * the completion status and information about the requested unlock operation.
4725 The information field is set to the number of bytes unlocked.
4726 * ByteOffset = Offset to start the range of bytes to unlock
4727 * Length = Number of bytes to unlock.
4728 * Key = Special value to enable other threads to unlock a file than the
4729 thread that locked the file. The key supplied must match with the one obtained
4730 in a previous call to NtLockFile.
4732 This procedure maps to the win32 procedure UnlockFileEx. STATUS_PENDING is returned if the lock could
4733 not be obtained immediately, the device queue is busy and the IRP is queued.
4734 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES |
4735 STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_RANGE_NOT_LOCKED ]
4740 IN HANDLE FileHandle
,
4741 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4742 IN PLARGE_INTEGER ByteOffset
,
4743 IN PLARGE_INTEGER Lenght
,
4744 OUT PULONG Key OPTIONAL
4749 IN HANDLE FileHandle
,
4750 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4751 IN PLARGE_INTEGER ByteOffset
,
4752 IN PLARGE_INTEGER Lenght
,
4753 OUT PULONG Key OPTIONAL
4757 * FUNCTION: Writes data to a file
4759 * FileHandle = The handle a file ( from NtCreateFile )
4760 * Event = Specifies a event that will become signalled when the write operation completes.
4761 * ApcRoutine = Asynchroneous Procedure Callback [ Should not be used by device drivers ]
4762 * ApcContext = Argument to the Apc Routine
4763 * IoStatusBlock = Caller should supply storage for a structure containing the completion status and information about the requested write operation.
4764 * Buffer = Caller should supply storage for a buffer that will contain the information to be written to file.
4765 * Length = Size in bytest of the buffer
4766 * ByteOffset = Points to a file offset. If a combination of Length and BytesOfSet is past the end-of-file mark the file will be enlarged.
4767 * BytesOffset is ignored if the file is created with FILE_APPEND_DATA in the DesiredAccess. BytesOffset is also ignored if
4768 * the file is created with CreateOptions flags FILE_SYNCHRONOUS_IO_ALERT or FILE_SYNCHRONOUS_IO_NONALERT set, in that case a offset
4769 * should be created by specifying FILE_USE_FILE_POINTER_POSITION.
4772 * This function maps to the win32 WriteFile.
4773 * Callers to NtWriteFile should run at IRQL PASSIVE_LEVEL.
4774 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES
4775 STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_FILE_LOCK_CONFLICT ]
4780 IN HANDLE FileHandle
,
4781 IN HANDLE Event OPTIONAL
,
4782 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
4783 IN PVOID ApcContext OPTIONAL
,
4784 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4787 IN PLARGE_INTEGER ByteOffset
,
4788 IN PULONG Key OPTIONAL
4794 IN HANDLE FileHandle
,
4795 IN HANDLE Event OPTIONAL
,
4796 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
4797 IN PVOID ApcContext OPTIONAL
,
4798 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4801 IN PLARGE_INTEGER ByteOffset
,
4802 IN PULONG Key OPTIONAL
4806 * FUNCTION: Writes a file
4808 * FileHandle = The handle of the file
4810 * ApcRoutine = Asynchroneous Procedure Callback [ Should not be used by device drivers ]
4811 * ApcContext = Argument to the Apc Routine
4812 * IoStatusBlock = Caller should supply storage for a structure containing the completion status and information about the requested write operation.
4813 * BufferDescription = Caller should supply storage for a buffer that will contain the information to be written to file.
4814 * BufferLength = Size in bytest of the buffer
4815 * ByteOffset = Points to a file offset. If a combination of Length and BytesOfSet is past the end-of-file mark the file will be enlarged.
4816 * BytesOffset is ignored if the file is created with FILE_APPEND_DATA in the DesiredAccess. BytesOffset is also ignored if
4817 * the file is created with CreateOptions flags FILE_SYNCHRONOUS_IO_ALERT or FILE_SYNCHRONOUS_IO_NONALERT set, in that case a offset
4818 * should be created by specifying FILE_USE_FILE_POINTER_POSITION. Use FILE_WRITE_TO_END_OF_FILE to write to the EOF.
4819 * Key = If a matching key [ a key provided at NtLockFile ] is provided the write operation will continue even if a byte range is locked.
4821 * This function maps to the win32 WriteFile.
4822 * Callers to NtWriteFile should run at IRQL PASSIVE_LEVEL.
4823 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES
4824 STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_FILE_LOCK_CONFLICT ]
4830 IN HANDLE FileHandle
,
4831 IN HANDLE Event OPTIONAL
,
4832 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
4833 IN PVOID ApcContext OPTIONAL
,
4834 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4835 IN FILE_SEGMENT_ELEMENT BufferDescription
[],
4836 IN ULONG BufferLength
,
4837 IN PLARGE_INTEGER ByteOffset
,
4838 IN PULONG Key OPTIONAL
4844 IN HANDLE FileHandle
,
4845 IN HANDLE Event OPTIONAL
,
4846 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
4847 IN PVOID ApcContext OPTIONAL
,
4848 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4849 IN FILE_SEGMENT_ELEMENT BufferDescription
[],
4850 IN ULONG BufferLength
,
4851 IN PLARGE_INTEGER ByteOffset
,
4852 IN PULONG Key OPTIONAL
4856 /* --- THREAD MANAGEMENT --- */
4859 * FUNCTION: Increments a thread's resume count
4861 * ThreadHandle = Handle to the thread that should be resumed
4862 * PreviousSuspendCount = The resulting/previous suspend count.
4864 * A thread will be suspended if its suspend count is greater than 0. This procedure maps to
4865 * the win32 SuspendThread function. ( documentation about the the suspend count can be found here aswell )
4866 * The suspend count is not increased if it is greater than MAXIMUM_SUSPEND_COUNT.
4872 IN HANDLE ThreadHandle
,
4873 IN PULONG PreviousSuspendCount
4879 IN HANDLE ThreadHandle
,
4880 IN PULONG PreviousSuspendCount
4884 * FUNCTION: Terminates the execution of a thread.
4886 * ThreadHandle = Handle to the thread
4887 * ExitStatus = The exit status of the thread to terminate with.
4893 IN HANDLE ThreadHandle
,
4894 IN NTSTATUS ExitStatus
4899 IN HANDLE ThreadHandle
,
4900 IN NTSTATUS ExitStatus
4903 * FUNCTION: Tests to see if there are any pending alerts for the calling thread
4918 * FUNCTION: Yields the callers thread.
4933 /* --- PLUG AND PLAY --- */
4937 NtPlugPlayControl (DWORD Unknown1
,
4943 NtGetPlugPlayEvent (ULONG Reserved1
,
4946 ULONG BufferLength
);
4948 /* --- POWER MANAGEMENT --- */
4950 #ifndef __USE_W32API
4952 NtSetSystemPowerState(IN POWER_ACTION SystemAction
,
4953 IN SYSTEM_POWER_STATE MinSystemState
,
4957 /* --- DEBUG SUBSYSTEM --- */
4960 NtSystemDebugControl(DEBUG_CONTROL_CODE ControlCode
,
4962 ULONG InputBufferLength
,
4964 ULONG OutputBufferLength
,
4965 PULONG ReturnLength
);
4967 /* --- VIRTUAL DOS MACHINE (VDM) --- */
4971 NtVdmControl (ULONG ControlCode
, PVOID ControlData
);
4977 NtW32Call(IN ULONG RoutineIndex
,
4979 IN ULONG ArgumentLength
,
4980 OUT PVOID
* Result OPTIONAL
,
4981 OUT PULONG ResultLength OPTIONAL
);
4983 /* --- CHANNELS --- */
5005 NtReplyWaitSendChannel (
5011 NtSendWaitReplyChannel (
5017 NtSetContextChannel (
5021 /* --- MISCELLANEA --- */
5023 //NTSTATUS STDCALL NtSetLdtEntries(VOID);
5026 NtSetLdtEntries (ULONG Selector1
,
5027 LDT_ENTRY LdtEntry1
,
5029 LDT_ENTRY LdtEntry2
);
5033 NtQueryOleDirectoryFile (
5038 * FUNCTION: Checks a clients access rights to a object
5040 * SecurityDescriptor = Security information against which the access is checked
5041 * ClientToken = Represents a client
5045 * ReturnLength = Bytes written
5047 * AccessStatus = Indicates if the ClientToken allows the requested access
5048 * REMARKS: The arguments map to the win32 AccessCheck
5049 * Gary Nebbett is wrong:
5050 * The 7th argument is a PACCESS_MASK, not a PULONG.
5051 * The 8th argument is a PNTSTATUS, not a PBOOLEAN.
5058 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5059 IN HANDLE ClientToken
,
5060 IN ACCESS_MASK DesiredAcces
,
5061 IN PGENERIC_MAPPING GenericMapping
,
5062 OUT PPRIVILEGE_SET PrivilegeSet
,
5063 OUT PULONG ReturnLength
,
5064 OUT PACCESS_MASK GrantedAccess
,
5065 OUT PNTSTATUS AccessStatus
5071 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5072 IN HANDLE ClientToken
,
5073 IN ACCESS_MASK DesiredAcces
,
5074 IN PGENERIC_MAPPING GenericMapping
,
5075 OUT PPRIVILEGE_SET PrivilegeSet
,
5076 OUT PULONG ReturnLength
,
5077 OUT PACCESS_MASK GrantedAccess
,
5078 OUT PNTSTATUS AccessStatus
5084 IN ACCESS_MASK DesiredAccess
,
5085 OUT PHANDLE KeyHandle
);
5088 * FUNCTION: Checks a clients access rights to a object and issues a audit a alarm. ( it logs the access )
5090 * SubsystemName = Specifies the name of the subsystem, can be "WIN32" or "DEBUG"
5094 * SecurityDescriptor =
5101 * REMARKS: The arguments map to the win32 AccessCheck
5107 NtAccessCheckAndAuditAlarm(
5108 IN PUNICODE_STRING SubsystemName
,
5109 IN PHANDLE ObjectHandle
,
5110 IN PUNICODE_STRING ObjectTypeName
,
5111 IN PUNICODE_STRING ObjectName
,
5112 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5113 IN ACCESS_MASK DesiredAccess
,
5114 IN PGENERIC_MAPPING GenericMapping
,
5115 IN BOOLEAN ObjectCreation
,
5116 OUT PACCESS_MASK GrantedAccess
,
5117 OUT PNTSTATUS AccessStatus
,
5118 OUT PBOOLEAN GenerateOnClose
5122 * FUNCTION: Cancels a timer
5124 * TimerHandle = Handle to the timer
5125 * CurrentState = Specifies the state of the timer when cancelled.
5127 * The arguments to this function map to the function CancelWaitableTimer.
5133 IN HANDLE TimerHandle
,
5134 OUT PBOOLEAN CurrentState OPTIONAL
5138 * FUNCTION: Continues a thread with the specified context
5140 * Context = Specifies the processor context
5141 * IrqLevel = Specifies the Interupt Request Level to continue with. Can
5142 * be PASSIVE_LEVEL or APC_LEVEL
5144 * NtContinue can be used to continue after an exception or apc.
5147 //FIXME This function might need another parameter
5152 IN PCONTEXT Context
,
5153 IN BOOLEAN TestAlert
5157 * FUNCTION: Creates a paging file.
5159 * FileName = Name of the pagefile
5160 * InitialSize = Specifies the initial size in bytes
5161 * MaximumSize = Specifies the maximum size in bytes
5162 * Reserved = Reserved for future use
5168 IN PUNICODE_STRING FileName
,
5169 IN PLARGE_INTEGER InitialSize
,
5170 IN PLARGE_INTEGER MaxiumSize
,
5176 * FUNCTION: Creates a profile
5178 * ProfileHandle (OUT) = Caller supplied storage for the resulting handle
5179 * ObjectAttribute = Initialized attributes for the object
5180 * ImageBase = Start address of executable image
5181 * ImageSize = Size of the image
5182 * Granularity = Bucket size
5183 * Buffer = Caller supplies buffer for profiling info
5184 * ProfilingSize = Buffer size
5185 * ClockSource = Specify 0 / FALSE ??
5186 * ProcessorMask = A value of -1 indicates disables per processor profiling,
5187 otherwise bit set for the processor to profile.
5189 * This function maps to the win32 CreateProcess.
5195 NtCreateProfile(OUT PHANDLE ProfileHandle
,
5196 IN HANDLE Process OPTIONAL
,
5199 IN ULONG BucketSize
,
5201 IN ULONG BufferSize
,
5202 IN KPROFILE_SOURCE ProfileSource
,
5203 IN KAFFINITY Affinity
);
5206 * FUNCTION: Creates a user mode thread
5208 * ThreadHandle (OUT) = Caller supplied storage for the resulting handle
5209 * DesiredAccess = Specifies the allowed or desired access to the thread.
5210 * ObjectAttributes = Initialized attributes for the object.
5211 * ProcessHandle = Handle to the threads parent process.
5212 * ClientId (OUT) = Caller supplies storage for returned process id and thread id.
5213 * ThreadContext = Initial processor context for the thread.
5214 * InitialTeb = Initial user mode stack context for the thread.
5215 * CreateSuspended = Specifies if the thread is ready for scheduling
5217 * This function maps to the win32 function CreateThread.
5223 OUT PHANDLE ThreadHandle
,
5224 IN ACCESS_MASK DesiredAccess
,
5225 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
5226 IN HANDLE ProcessHandle
,
5227 OUT PCLIENT_ID ClientId
,
5228 IN PCONTEXT ThreadContext
,
5229 IN PUSER_STACK UserStack
,
5230 IN BOOLEAN CreateSuspended
5234 * FUNCTION: Delays the execution of the calling thread.
5236 * Alertable = If TRUE the thread is alertable during is wait period
5237 * Interval = Specifies the interval to wait.
5249 * FUNCTION: Extends a section
5251 * SectionHandle = Handle to the section
5252 * NewMaximumSize = Adjusted size
5258 IN HANDLE SectionHandle
,
5259 IN PLARGE_INTEGER NewMaximumSize
5263 * FUNCTION: Flushes a the processors instruction cache
5265 * ProcessHandle = Points to the process owning the cache
5266 * BaseAddress = // might this be a image address ????
5267 * NumberOfBytesToFlush =
5270 * This funciton is used by debuggers
5274 NtFlushInstructionCache(
5275 IN HANDLE ProcessHandle
,
5276 IN PVOID BaseAddress
,
5277 IN UINT NumberOfBytesToFlush
5281 * FUNCTION: Flushes virtual memory to file
5283 * ProcessHandle = Points to the process that allocated the virtual memory
5284 * BaseAddress = Points to the memory address
5285 * NumberOfBytesToFlush = Limits the range to flush,
5286 * NumberOfBytesFlushed = Actual number of bytes flushed
5289 * Check return status on STATUS_NOT_MAPPED_DATA
5293 NtFlushVirtualMemory(
5294 IN HANDLE ProcessHandle
,
5295 IN PVOID BaseAddress
,
5296 IN ULONG NumberOfBytesToFlush
,
5297 OUT PULONG NumberOfBytesFlushed OPTIONAL
5301 * FUNCTION: Retrieves the uptime of the system
5303 * UpTime = Number of clock ticks since boot.
5313 * FUNCTION: Loads a registry key.
5315 * KeyObjectAttributes = Key to be loaded
5316 * FileObjectAttributes = File to load the key from
5318 * This procedure maps to the win32 procedure RegLoadKey
5324 IN POBJECT_ATTRIBUTES KeyObjectAttributes
,
5325 IN POBJECT_ATTRIBUTES FileObjectAttributes
5330 * FUNCTION: Locks a range of virtual memory.
5332 * ProcessHandle = Handle to the process
5333 * BaseAddress = Lower boundary of the range of bytes to lock.
5334 * NumberOfBytesLock = Offset to the upper boundary.
5335 * NumberOfBytesLocked (OUT) = Number of bytes actually locked.
5337 This procedure maps to the win32 procedure VirtualLock.
5338 * RETURNS: Status [STATUS_SUCCESS | STATUS_WAS_LOCKED ]
5342 NtLockVirtualMemory(
5343 HANDLE ProcessHandle
,
5345 ULONG NumberOfBytesToLock
,
5346 PULONG NumberOfBytesLocked
5351 NtOpenObjectAuditAlarm(
5352 IN PUNICODE_STRING SubsystemName
,
5354 IN PUNICODE_STRING ObjectTypeName
,
5355 IN PUNICODE_STRING ObjectName
,
5356 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5357 IN HANDLE ClientToken
,
5358 IN ULONG DesiredAccess
,
5359 IN ULONG GrantedAccess
,
5360 IN PPRIVILEGE_SET Privileges
,
5361 IN BOOLEAN ObjectCreation
,
5362 IN BOOLEAN AccessGranted
,
5363 OUT PBOOLEAN GenerateOnClose
5367 * FUNCTION: Set the access protection of a range of virtual memory
5369 * ProcessHandle = Handle to process owning the virtual address space
5370 * BaseAddress = Start address
5371 * NumberOfBytesToProtect = Delimits the range of virtual memory
5372 * for which the new access protection holds
5373 * NewAccessProtection = The new access proctection for the pages
5374 * OldAccessProtection = Caller should supply storage for the old
5378 * The function maps to the win32 VirtualProtectEx
5383 NtProtectVirtualMemory(
5384 IN HANDLE ProcessHandle
,
5385 IN PVOID
*BaseAddress
,
5386 IN ULONG
*NumberOfBytesToProtect
,
5387 IN ULONG NewAccessProtection
,
5388 OUT PULONG OldAccessProtection
5392 * FUNCTION: Query information about the content of a directory object
5395 Buffer = Buffer must be large enough to hold the name strings too
5396 ReturnSingleEntry = If TRUE :return the index of the next object in this directory in ObjectIndex
5397 If FALSE: return the number of objects in this directory in ObjectIndex
5398 RestartScan = If TRUE: ignore input value of ObjectIndex always start at index 0
5399 If FALSE use input value of ObjectIndex
5400 Context = zero based index of object in the directory depends on GetNextIndex and IgnoreInputIndex
5401 ReturnLength = Actual size of the ObjectIndex ???
5406 NtQueryDirectoryObject(
5407 IN HANDLE DirectoryHandle
,
5409 IN ULONG BufferLength
,
5410 IN BOOLEAN ReturnSingleEntry
,
5411 IN BOOLEAN RestartScan
,
5412 IN OUT PULONG Context
,
5413 OUT PULONG ReturnLength OPTIONAL
5417 * FUNCTION: Query the interval and the clocksource for profiling
5425 NtQueryIntervalProfile(
5426 IN KPROFILE_SOURCE ProfileSource
,
5431 * FUNCTION: Queries the information of a section object.
5433 * SectionHandle = Handle to the section link object
5434 * SectionInformationClass = Index to a certain information structure
5435 * SectionInformation (OUT)= Caller supplies storage for resulting information
5436 * Length = Size of the supplied storage
5437 * ResultLength = Data written
5444 IN HANDLE SectionHandle
,
5445 IN CINT SectionInformationClass
,
5446 OUT PVOID SectionInformation
,
5448 OUT PULONG ResultLength
5452 * FUNCTION: Queries the virtual memory information.
5454 ProcessHandle = Process owning the virtual address space
5455 BaseAddress = Points to the page where the information is queried for.
5456 * VirtualMemoryInformationClass = Index to a certain information structure
5458 MemoryBasicInformation MEMORY_BASIC_INFORMATION
5460 * VirtualMemoryInformation = caller supplies storage for the information structure
5461 * Length = size of the structure
5462 ResultLength = Data written
5469 NtQueryVirtualMemory(
5470 IN HANDLE ProcessHandle
,
5472 IN IN CINT VirtualMemoryInformationClass
,
5473 OUT PVOID VirtualMemoryInformation
,
5475 OUT PULONG ResultLength
5479 * FUNCTION: Raises a hard error (stops the system)
5481 * Status = Status code of the hard error
5503 * FUNCTION: Sets the information of a registry key.
5505 * KeyHandle = Handle to the registry key
5506 * KeyInformationClass = Index to the a certain information structure.
5507 * Can be one of the following values:
5509 * KeyLastWriteTimeInformation KEY_LAST_WRITE_TIME_INFORMATION
5511 * KeyInformation = Storage for the new information
5512 * KeyInformationLength = Size of the information strucure
5518 NtSetInformationKey(
5519 IN HANDLE KeyHandle
,
5520 IN KEY_SET_INFORMATION_CLASS KeyInformationClass
,
5521 IN PVOID KeyInformation
,
5522 IN ULONG KeyInformationLength
5526 * FUNCTION: Changes a set of object specific parameters
5529 * ObjectInformationClass = Index to the set of parameters to change.
5531 ObjectHandleInformation OBJECT_HANDLE_ATTRIBUTE_INFORMATION
5534 * ObjectInformation = Caller supplies storage for parameters to set.
5535 * Length = Size of the storage supplied
5540 NtSetInformationObject(
5541 IN HANDLE ObjectHandle
,
5542 IN OBJECT_INFORMATION_CLASS ObjectInformationClass
,
5543 IN PVOID ObjectInformation
,
5548 * FUNCTION: Sets the characteristics of a timer
5550 * TimerHandle = Handle to the timer
5551 * DueTime = Time before the timer becomes signalled for the first time.
5552 * TimerApcRoutine = Completion routine can be called on time completion
5553 * TimerContext = Argument to the completion routine
5554 * Resume = Specifies if the timer should repeated after completing one cycle
5555 * Period = Cycle of the timer
5556 * REMARKS: This routine maps to the win32 SetWaitableTimer.
5562 IN HANDLE TimerHandle
,
5563 IN PLARGE_INTEGER DueTime
,
5564 IN PTIMER_APC_ROUTINE TimerApcRoutine OPTIONAL
,
5565 IN PVOID TimerContext OPTIONAL
,
5566 IN BOOLEAN ResumeTimer
,
5567 IN LONG Period OPTIONAL
,
5568 OUT PBOOLEAN PreviousState OPTIONAL
5572 * FUNCTION: Unloads a registry key.
5574 * KeyHandle = Handle to the registry key
5576 * This procedure maps to the win32 procedure RegUnloadKey
5582 IN POBJECT_ATTRIBUTES KeyObjectAttributes
5586 * FUNCTION: Unlocks a range of virtual memory.
5588 * ProcessHandle = Handle to the process
5589 * BaseAddress = Lower boundary of the range of bytes to unlock.
5590 * NumberOfBytesToUnlock = Offset to the upper boundary to unlock.
5591 * NumberOfBytesUnlocked (OUT) = Number of bytes actually unlocked.
5593 This procedure maps to the win32 procedure VirtualUnlock
5594 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PAGE_WAS_ULOCKED ]
5598 NtUnlockVirtualMemory(
5599 IN HANDLE ProcessHandle
,
5600 IN PVOID BaseAddress
,
5601 IN ULONG NumberOfBytesToUnlock
,
5602 OUT PULONG NumberOfBytesUnlocked OPTIONAL
5606 * FUNCTION: Waits for multiple objects to become signalled.
5608 * Count = The number of objects
5609 * Object = The array of object handles
5610 * WaitType = Can be one of the values UserMode or KernelMode
5611 * Alertable = If true the wait is alertable.
5612 * Time = The maximum wait time.
5614 * This function maps to the win32 WaitForMultipleObjectEx.
5619 NtWaitForMultipleObjects (
5622 IN WAIT_TYPE WaitType
,
5623 IN BOOLEAN Alertable
,
5624 IN PLARGE_INTEGER Time
5631 #ifndef __USE_W32API
5634 * FUNCTION: Continues a thread with the specified context
5636 * Context = Specifies the processor context
5637 * IrqLevel = Specifies the Interupt Request Level to continue with. Can
5638 * be PASSIVE_LEVEL or APC_LEVEL
5640 * NtContinue can be used to continue after an exception or apc.
5643 //FIXME This function might need another parameter
5645 NTSTATUS STDCALL
ZwContinue(IN PCONTEXT Context
, IN CINT IrqLevel
);
5648 * FUNCTION: Retrieves the system time
5650 * CurrentTime (OUT) = Caller should supply storage for the resulting time.
5658 OUT PLARGE_INTEGER CurrentTime
5662 * FUNCTION: Copies a handle from one process space to another
5664 * SourceProcessHandle = The source process owning the handle. The source process should have opened
5665 * the SourceHandle with PROCESS_DUP_HANDLE access.
5666 * SourceHandle = The handle to the object.
5667 * TargetProcessHandle = The destination process owning the handle
5668 * TargetHandle (OUT) = Caller should supply storage for the duplicated handle.
5669 * DesiredAccess = The desired access to the handle.
5670 * InheritHandle = Indicates wheter the new handle will be inheritable or not.
5671 * Options = Specifies special actions upon duplicating the handle. Can be
5672 * one of the values DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS.
5673 * DUPLICATE_CLOSE_SOURCE specifies that the source handle should be
5674 * closed after duplicating. DUPLICATE_SAME_ACCESS specifies to ignore
5675 * the DesiredAccess paramter and just grant the same access to the new
5678 * REMARKS: This function maps to the win32 DuplicateHandle.
5684 IN HANDLE SourceProcessHandle
,
5685 IN HANDLE SourceHandle
,
5686 IN HANDLE TargetProcessHandle
,
5687 OUT PHANDLE TargetHandle
,
5688 IN ACCESS_MASK DesiredAccess
,
5689 IN BOOLEAN InheritHandle
,
5696 IN HANDLE SourceProcessHandle
,
5697 IN PHANDLE SourceHandle
,
5698 IN HANDLE TargetProcessHandle
,
5699 OUT PHANDLE TargetHandle
,
5700 IN ACCESS_MASK DesiredAccess
,
5701 IN BOOLEAN InheritHandle
,
5706 * FUNCTION: Checks a clients access rights to a object and issues a audit a alarm. ( it logs the access )
5708 * SubsystemName = Specifies the name of the subsystem, can be "WIN32" or "DEBUG"
5712 * SecurityDescriptor =
5719 * REMARKS: The arguments map to the win32 AccessCheck
5725 ZwAccessCheckAndAuditAlarm(
5726 IN PUNICODE_STRING SubsystemName
,
5727 IN PHANDLE ObjectHandle
,
5728 IN PUNICODE_STRING ObjectTypeName
,
5729 IN PUNICODE_STRING ObjectName
,
5730 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5731 IN ACCESS_MASK DesiredAccess
,
5732 IN PGENERIC_MAPPING GenericMapping
,
5733 IN BOOLEAN ObjectCreation
,
5734 OUT PACCESS_MASK GrantedAccess
,
5735 OUT PNTSTATUS AccessStatus
,
5736 OUT PBOOLEAN GenerateOnClose
5740 * FUNCTION: Adds an atom to the global atom table
5742 * AtomName = The string to add to the atom table.
5743 * AtomNameLength = Length of the atom name
5744 * Atom (OUT) = Caller supplies storage for the resulting atom.
5745 * REMARKS: The arguments map to the win32 add GlobalAddAtom.
5752 IN ULONG AtomNameLength
,
5753 IN OUT PRTL_ATOM Atom
5761 IN ULONG AtomNameLength
,
5762 IN OUT PRTL_ATOM Atom
5768 PULARGE_INTEGER Time
,
5776 PULARGE_INTEGER Time
,
5784 IN HANDLE TimerHandle
,
5785 OUT ULONG ElapsedTime
5789 * FUNCTION: Creates a paging file.
5791 * FileName = Name of the pagefile
5792 * InitialSize = Specifies the initial size in bytes
5793 * MaximumSize = Specifies the maximum size in bytes
5794 * Reserved = Reserved for future use
5800 IN PUNICODE_STRING FileName
,
5801 IN PLARGE_INTEGER InitialSize
,
5802 IN PLARGE_INTEGER MaxiumSize
,
5807 * FUNCTION: Creates a user mode thread
5809 * ThreadHandle (OUT) = Caller supplied storage for the resulting handle
5810 * DesiredAccess = Specifies the allowed or desired access to the thread.
5811 * ObjectAttributes = Initialized attributes for the object.
5812 * ProcessHandle = Handle to the threads parent process.
5813 * ClientId (OUT) = Caller supplies storage for returned process id and thread id.
5814 * ThreadContext = Initial processor context for the thread.
5815 * InitialTeb = Initial user mode stack context for the thread.
5816 * CreateSuspended = Specifies if the thread is ready for scheduling
5818 * This function maps to the win32 function CreateThread.
5824 OUT PHANDLE ThreadHandle
,
5825 IN ACCESS_MASK DesiredAccess
,
5826 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
5827 IN HANDLE ProcessHandle
,
5828 OUT PCLIENT_ID ClientId
,
5829 IN PCONTEXT ThreadContext
,
5830 IN PUSER_STACK UserStack
,
5831 IN BOOLEAN CreateSuspended
5837 IN HANDLE ExistingToken
,
5838 IN ACCESS_MASK DesiredAccess
,
5839 IN POBJECT_ATTRIBUTES ObjectAttributes
,
5840 IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
,
5841 IN TOKEN_TYPE TokenType
,
5842 OUT PHANDLE NewToken
5848 IN HANDLE ExistingToken
,
5849 IN ACCESS_MASK DesiredAccess
,
5850 IN POBJECT_ATTRIBUTES ObjectAttributes
,
5851 IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
,
5852 IN TOKEN_TYPE TokenType
,
5853 OUT PHANDLE NewToken
5857 * FUNCTION: Finds a atom
5859 * AtomName = Name to search for.
5860 * AtomNameLength = Length of the atom name
5861 * Atom = Caller supplies storage for the resulting atom
5864 * This funciton maps to the win32 GlobalFindAtom
5870 IN ULONG AtomNameLength
,
5871 OUT PRTL_ATOM Atom OPTIONAL
5878 IN ULONG AtomNameLength
,
5879 OUT PRTL_ATOM Atom OPTIONAL
5883 * FUNCTION: Flushes a the processors instruction cache
5885 * ProcessHandle = Points to the process owning the cache
5886 * BaseAddress = // might this be a image address ????
5887 * NumberOfBytesToFlush =
5890 * This funciton is used by debuggers
5894 ZwFlushInstructionCache(
5895 IN HANDLE ProcessHandle
,
5896 IN PVOID BaseAddress
,
5897 IN UINT NumberOfBytesToFlush
5901 * FUNCTION: Flushes virtual memory to file
5903 * ProcessHandle = Points to the process that allocated the virtual memory
5904 * BaseAddress = Points to the memory address
5905 * NumberOfBytesToFlush = Limits the range to flush,
5906 * NumberOfBytesFlushed = Actual number of bytes flushed
5909 * Check return status on STATUS_NOT_MAPPED_DATA
5913 ZwFlushVirtualMemory(
5914 IN HANDLE ProcessHandle
,
5915 IN PVOID BaseAddress
,
5916 IN ULONG NumberOfBytesToFlush
,
5917 OUT PULONG NumberOfBytesFlushed OPTIONAL
5921 * FUNCTION: Retrieves the uptime of the system
5923 * UpTime = Number of clock ticks since boot.
5933 * FUNCTION: Loads a registry key.
5935 * KeyObjectAttributes = Key to be loaded
5936 * FileObjectAttributes = File to load the key from
5938 * This procedure maps to the win32 procedure RegLoadKey
5944 IN POBJECT_ATTRIBUTES KeyObjectAttributes
,
5945 IN POBJECT_ATTRIBUTES FileObjectAttributes
5949 * FUNCTION: Locks a range of virtual memory.
5951 * ProcessHandle = Handle to the process
5952 * BaseAddress = Lower boundary of the range of bytes to lock.
5953 * NumberOfBytesLock = Offset to the upper boundary.
5954 * NumberOfBytesLocked (OUT) = Number of bytes actually locked.
5956 This procedure maps to the win32 procedure VirtualLock.
5957 * RETURNS: Status [STATUS_SUCCESS | STATUS_WAS_LOCKED ]
5961 ZwLockVirtualMemory(
5962 HANDLE ProcessHandle
,
5964 ULONG NumberOfBytesToLock
,
5965 PULONG NumberOfBytesLocked
5970 ZwOpenObjectAuditAlarm(
5971 IN PUNICODE_STRING SubsystemName
,
5973 IN PUNICODE_STRING ObjectTypeName
,
5974 IN PUNICODE_STRING ObjectName
,
5975 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5976 IN HANDLE ClientToken
,
5977 IN ULONG DesiredAccess
,
5978 IN ULONG GrantedAccess
,
5979 IN PPRIVILEGE_SET Privileges
,
5980 IN BOOLEAN ObjectCreation
,
5981 IN BOOLEAN AccessGranted
,
5982 OUT PBOOLEAN GenerateOnClose
5986 * FUNCTION: Set the access protection of a range of virtual memory
5988 * ProcessHandle = Handle to process owning the virtual address space
5989 * BaseAddress = Start address
5990 * NumberOfBytesToProtect = Delimits the range of virtual memory
5991 * for which the new access protection holds
5992 * NewAccessProtection = The new access proctection for the pages
5993 * OldAccessProtection = Caller should supply storage for the old
5997 * The function maps to the win32 VirtualProtectEx
6002 ZwProtectVirtualMemory(
6003 IN HANDLE ProcessHandle
,
6004 IN PVOID
*BaseAddress
,
6005 IN ULONG
*NumberOfBytesToProtect
,
6006 IN ULONG NewAccessProtection
,
6007 OUT PULONG OldAccessProtection
6012 NtQueryInformationAtom(
6014 IN ATOM_INFORMATION_CLASS AtomInformationClass
,
6015 OUT PVOID AtomInformation
,
6016 IN ULONG AtomInformationLength
,
6017 OUT PULONG ReturnLength OPTIONAL
6022 ZwQueryInformationAtom(
6024 IN ATOM_INFORMATION_CLASS AtomInformationClass
,
6025 OUT PVOID AtomInformation
,
6026 IN ULONG AtomInformationLength
,
6027 OUT PULONG ReturnLength OPTIONAL
6031 * FUNCTION: Query information about the content of a directory object
6034 Buffer = Buffer must be large enough to hold the name strings too
6035 ReturnSingleEntry = If TRUE :return the index of the next object in this directory in ObjectIndex
6036 If FALSE: return the number of objects in this directory in ObjectIndex
6037 RestartScan = If TRUE: ignore input value of ObjectIndex always start at index 0
6038 If FALSE use input value of ObjectIndex
6039 Context = zero based index of object in the directory depends on GetNextIndex and IgnoreInputIndex
6040 ReturnLength = Actual size of the ObjectIndex ???
6045 ZwQueryDirectoryObject(
6046 IN HANDLE DirectoryHandle
,
6048 IN ULONG BufferLength
,
6049 IN BOOLEAN ReturnSingleEntry
,
6050 IN BOOLEAN RestartScan
,
6051 IN OUT PULONG Context
,
6052 OUT PULONG ReturnLength OPTIONAL
6056 * FUNCTION: Queries the information of a process object.
6058 * ProcessHandle = Handle to the process object
6059 * ProcessInformation = Index to a certain information structure
6061 ProcessBasicInformation PROCESS_BASIC_INFORMATION
6062 ProcessQuotaLimits QUOTA_LIMITS
6063 ProcessIoCounters IO_COUNTERS
6064 ProcessVmCounters VM_COUNTERS
6065 ProcessTimes KERNEL_USER_TIMES
6066 ProcessBasePriority KPRIORITY
6067 ProcessRaisePriority KPRIORITY
6068 ProcessDebugPort HANDLE
6069 ProcessExceptionPort HANDLE
6070 ProcessAccessToken PROCESS_ACCESS_TOKEN
6071 ProcessLdtInformation LDT_ENTRY ??
6072 ProcessLdtSize ULONG
6073 ProcessDefaultHardErrorMode ULONG
6074 ProcessIoPortHandlers // kernel mode only
6075 ProcessPooledUsageAndLimits POOLED_USAGE_AND_LIMITS
6076 ProcessWorkingSetWatch PROCESS_WS_WATCH_INFORMATION
6077 ProcessUserModeIOPL (I/O Privilege Level)
6078 ProcessEnableAlignmentFaultFixup BOOLEAN
6079 ProcessPriorityClass ULONG
6080 ProcessWx86Information ULONG
6081 ProcessHandleCount ULONG
6082 ProcessAffinityMask ULONG
6083 ProcessPooledQuotaLimits QUOTA_LIMITS
6086 * ProcessInformation = Caller supplies storage for the process information structure
6087 * ProcessInformationLength = Size of the process information structure
6088 * ReturnLength = Actual number of bytes written
6091 * This procedure maps to the win32 GetProcessTimes, GetProcessVersion,
6092 GetProcessWorkingSetSize, GetProcessPriorityBoost, GetProcessAffinityMask, GetPriorityClass,
6093 GetProcessShutdownParameters functions.
6099 NtQueryInformationProcess(
6100 IN HANDLE ProcessHandle
,
6101 IN CINT ProcessInformationClass
,
6102 OUT PVOID ProcessInformation
,
6103 IN ULONG ProcessInformationLength
,
6104 OUT PULONG ReturnLength
6109 ZwQueryInformationProcess(
6110 IN HANDLE ProcessHandle
,
6111 IN CINT ProcessInformationClass
,
6112 OUT PVOID ProcessInformation
,
6113 IN ULONG ProcessInformationLength
,
6114 OUT PULONG ReturnLength
6118 * FUNCTION: Query the interval and the clocksource for profiling
6126 ZwQueryIntervalProfile(
6127 IN KPROFILE_SOURCE ProfileSource
,
6132 * FUNCTION: Queries the information of a object.
6134 ObjectHandle = Handle to a object
6135 ObjectInformationClass = Index to a certain information structure
6137 ObjectBasicInformation OBJECT_BASIC_INFORMATION
6138 ObjectNameInformation OBJECT_NAME_INFORMATION
6139 ObjectTypeInformation OBJECT_TYPE_INFORMATION
6140 ObjectAllTypesInformation OBJECT_ALL_TYPES_INFORMATION
6141 ObjectHandleInformation OBJECT_HANDLE_ATTRIBUTES_INFORMATION
6143 ObjectInformation = Caller supplies storage for resulting information
6144 Length = Size of the supplied storage
6145 ResultLength = Bytes written
6151 IN HANDLE ObjectHandle
,
6152 IN OBJECT_INFORMATION_CLASS ObjectInformationClass
,
6153 OUT PVOID ObjectInformation
,
6155 OUT PULONG ResultLength OPTIONAL
6160 NtQuerySecurityObject(
6162 IN SECURITY_INFORMATION SecurityInformation
,
6163 OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
6165 OUT PULONG ResultLength
6170 ZwQuerySecurityObject(
6172 IN SECURITY_INFORMATION SecurityInformation
,
6173 OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
6175 OUT PULONG ResultLength
6179 * FUNCTION: Queries the virtual memory information.
6181 ProcessHandle = Process owning the virtual address space
6182 BaseAddress = Points to the page where the information is queried for.
6183 * VirtualMemoryInformationClass = Index to a certain information structure
6185 MemoryBasicInformation MEMORY_BASIC_INFORMATION
6187 * VirtualMemoryInformation = caller supplies storage for the information structure
6188 * Length = size of the structure
6189 ResultLength = Data written
6196 ZwQueryVirtualMemory(
6197 IN HANDLE ProcessHandle
,
6199 IN IN CINT VirtualMemoryInformationClass
,
6200 OUT PVOID VirtualMemoryInformation
,
6202 OUT PULONG ResultLength
6206 * FUNCTION: Raises a hard error (stops the system)
6208 * Status = Status code of the hard error
6229 * FUNCTION: Sets the information of a registry key.
6231 * KeyHandle = Handle to the registry key
6232 * KeyInformationClass = Index to the a certain information structure.
6233 Can be one of the following values:
6235 * KeyLastWriteTimeInformation KEY_LAST_WRITE_TIME_INFORMATION
6237 KeyInformation = Storage for the new information
6238 * KeyInformationLength = Size of the information strucure
6244 ZwSetInformationKey(
6245 IN HANDLE KeyHandle
,
6246 IN KEY_SET_INFORMATION_CLASS KeyInformationClass
,
6247 IN PVOID KeyInformation
,
6248 IN ULONG KeyInformationLength
6252 * FUNCTION: Changes a set of object specific parameters
6255 * ObjectInformationClass = Index to the set of parameters to change.
6257 ObjectHandleInformation OBJECT_HANDLE_ATTRIBUTE_INFORMATION
6260 * ObjectInformation = Caller supplies storage for parameters to set.
6261 * Length = Size of the storage supplied
6266 ZwSetInformationObject(
6267 IN HANDLE ObjectHandle
,
6268 IN OBJECT_INFORMATION_CLASS ObjectInformationClass
,
6269 IN PVOID ObjectInformation
,
6274 * FUNCTION: Changes a set of process specific parameters
6276 * ProcessHandle = Handle to the process
6277 * ProcessInformationClass = Index to a information structure.
6279 * ProcessBasicInformation PROCESS_BASIC_INFORMATION
6280 * ProcessQuotaLimits QUOTA_LIMITS
6281 * ProcessBasePriority KPRIORITY
6282 * ProcessRaisePriority KPRIORITY
6283 * ProcessDebugPort HANDLE
6284 * ProcessExceptionPort HANDLE
6285 * ProcessAccessToken PROCESS_ACCESS_TOKEN
6286 * ProcessDefaultHardErrorMode ULONG
6287 * ProcessPriorityClass ULONG
6288 * ProcessAffinityMask KAFFINITY //??
6290 * ProcessInformation = Caller supplies storage for information to set.
6291 * ProcessInformationLength = Size of the information structure
6296 NtSetInformationProcess(
6297 IN HANDLE ProcessHandle
,
6298 IN CINT ProcessInformationClass
,
6299 IN PVOID ProcessInformation
,
6300 IN ULONG ProcessInformationLength
6305 ZwSetInformationProcess(
6306 IN HANDLE ProcessHandle
,
6307 IN CINT ProcessInformationClass
,
6308 IN PVOID ProcessInformation
,
6309 IN ULONG ProcessInformationLength
6313 * FUNCTION: Sets the characteristics of a timer
6315 * TimerHandle = Handle to the timer
6316 * DueTime = Time before the timer becomes signalled for the first time.
6317 * TimerApcRoutine = Completion routine can be called on time completion
6318 * TimerContext = Argument to the completion routine
6319 * Resume = Specifies if the timer should repeated after completing one cycle
6320 * Period = Cycle of the timer
6321 * REMARKS: This routine maps to the win32 SetWaitableTimer.
6327 IN HANDLE TimerHandle
,
6328 IN PLARGE_INTEGER DueTime
,
6329 IN PTIMER_APC_ROUTINE TimerApcRoutine OPTIONAL
,
6330 IN PVOID TimerContext OPTIONAL
,
6331 IN BOOLEAN ResumeTimer
,
6332 IN LONG Period OPTIONAL
,
6333 OUT PBOOLEAN PreviousState OPTIONAL
6337 * FUNCTION: Unloads a registry key.
6339 * KeyHandle = Handle to the registry key
6341 * This procedure maps to the win32 procedure RegUnloadKey
6347 IN POBJECT_ATTRIBUTES KeyObjectAttributes
6351 * FUNCTION: Unlocks a range of virtual memory.
6353 * ProcessHandle = Handle to the process
6354 * BaseAddress = Lower boundary of the range of bytes to unlock.
6355 * NumberOfBytesToUnlock = Offset to the upper boundary to unlock.
6356 * NumberOfBytesUnlocked (OUT) = Number of bytes actually unlocked.
6358 This procedure maps to the win32 procedure VirtualUnlock
6359 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PAGE_WAS_ULOCKED ]
6363 ZwUnlockVirtualMemory(
6364 IN HANDLE ProcessHandle
,
6365 IN PVOID BaseAddress
,
6366 IN ULONG NumberOfBytesToUnlock
,
6367 OUT PULONG NumberOfBytesUnlocked OPTIONAL
6371 * FUNCTION: Waits for multiple objects to become signalled.
6373 * Count = The number of objects
6374 * Object = The array of object handles
6375 * WaitType = Can be one of the values UserMode or KernelMode
6376 * Alertable = If true the wait is alertable.
6377 * Time = The maximum wait time.
6379 * This function maps to the win32 WaitForMultipleObjectEx.
6384 ZwWaitForMultipleObjects (
6387 IN WAIT_TYPE WaitType
,
6388 IN BOOLEAN Alertable
,
6389 IN PLARGE_INTEGER Time
6393 * FUNCTION: Creates a profile
6395 * ProfileHandle (OUT) = Caller supplied storage for the resulting handle
6396 * ObjectAttribute = Initialized attributes for the object
6397 * ImageBase = Start address of executable image
6398 * ImageSize = Size of the image
6399 * Granularity = Bucket size
6400 * Buffer = Caller supplies buffer for profiling info
6401 * ProfilingSize = Buffer size
6402 * ClockSource = Specify 0 / FALSE ??
6403 * ProcessorMask = A value of -1 indicates disables per processor profiling,
6404 otherwise bit set for the processor to profile.
6406 * This function maps to the win32 CreateProcess.
6413 OUT PHANDLE ProfileHandle
,
6414 IN HANDLE Process OPTIONAL
,
6417 IN ULONG BucketSize
,
6419 IN ULONG BufferSize
,
6420 IN KPROFILE_SOURCE ProfileSource
,
6421 IN KAFFINITY Affinity
6425 * FUNCTION: Delays the execution of the calling thread.
6427 * Alertable = If TRUE the thread is alertable during is wait period
6428 * Interval = Specifies the interval to wait.
6434 IN BOOLEAN Alertable
,
6439 * FUNCTION: Extends a section
6441 * SectionHandle = Handle to the section
6442 * NewMaximumSize = Adjusted size
6448 IN HANDLE SectionHandle
,
6449 IN PLARGE_INTEGER NewMaximumSize
6453 * FUNCTION: Queries the information of a section object.
6455 * SectionHandle = Handle to the section link object
6456 * SectionInformationClass = Index to a certain information structure
6457 * SectionInformation (OUT)= Caller supplies storage for resulting information
6458 * Length = Size of the supplied storage
6459 * ResultLength = Data written
6466 IN HANDLE SectionHandle
,
6467 IN CINT SectionInformationClass
,
6468 OUT PVOID SectionInformation
,
6470 OUT PULONG ResultLength
6473 typedef struct _SECTION_IMAGE_INFORMATION
6480 USHORT MinorSubsystemVersion
;
6481 USHORT MajorSubsystemVersion
;
6483 ULONG Characteristics
;
6488 } SECTION_IMAGE_INFORMATION
, *PSECTION_IMAGE_INFORMATION
;
6490 #endif /* !__USE_W32API */
6493 * FUNCTION: Loads a registry key.
6495 * KeyObjectAttributes = Key to be loaded
6496 * FileObjectAttributes = File to load the key from
6499 * This procedure maps to the win32 procedure RegLoadKey
6505 IN POBJECT_ATTRIBUTES KeyObjectAttributes
,
6506 IN POBJECT_ATTRIBUTES FileObjectAttributes
,
6513 IN POBJECT_ATTRIBUTES KeyObjectAttributes
,
6514 IN POBJECT_ATTRIBUTES FileObjectAttributes
,
6519 * FUNCTION: Retrieves the system time
6521 * CurrentTime (OUT) = Caller should supply storage for the resulting time.
6529 OUT PLARGE_INTEGER CurrentTime
6533 * FUNCTION: Queries the information of a object.
6535 ObjectHandle = Handle to a object
6536 ObjectInformationClass = Index to a certain information structure
6538 ObjectBasicInformation OBJECT_BASIC_INFORMATION
6539 ObjectNameInformation OBJECT_NAME_INFORMATION
6540 ObjectTypeInformation OBJECT_TYPE_INFORMATION
6541 ObjectAllTypesInformation OBJECT_ALL_TYPES_INFORMATION
6542 ObjectHandleInformation OBJECT_HANDLE_ATTRIBUTE_INFORMATION
6544 ObjectInformation = Caller supplies storage for resulting information
6545 Length = Size of the supplied storage
6546 ResultLength = Bytes written
6552 IN HANDLE ObjectHandle
,
6553 IN OBJECT_INFORMATION_CLASS ObjectInformationClass
,
6554 OUT PVOID ObjectInformation
,
6556 OUT PULONG ResultLength OPTIONAL
6559 /* BEGIN REACTOS ONLY */
6562 ExInitializeBinaryTree(IN PBINARY_TREE Tree
,
6563 IN PKEY_COMPARATOR Compare
,
6564 IN BOOLEAN UseNonPagedPool
);
6567 ExDeleteBinaryTree(IN PBINARY_TREE Tree
);
6570 ExInsertBinaryTree(IN PBINARY_TREE Tree
,
6575 ExSearchBinaryTree(IN PBINARY_TREE Tree
,
6580 ExRemoveBinaryTree(IN PBINARY_TREE Tree
,
6585 ExTraverseBinaryTree(IN PBINARY_TREE Tree
,
6586 IN TRAVERSE_METHOD Method
,
6587 IN PTRAVERSE_ROUTINE Routine
,
6591 ExInitializeSplayTree(IN PSPLAY_TREE Tree
,
6592 IN PKEY_COMPARATOR Compare
,
6593 IN BOOLEAN Weighted
,
6594 IN BOOLEAN UseNonPagedPool
);
6597 ExDeleteSplayTree(IN PSPLAY_TREE Tree
);
6600 ExInsertSplayTree(IN PSPLAY_TREE Tree
,
6605 ExSearchSplayTree(IN PSPLAY_TREE Tree
,
6610 ExRemoveSplayTree(IN PSPLAY_TREE Tree
,
6615 ExWeightOfSplayTree(IN PSPLAY_TREE Tree
,
6619 ExTraverseSplayTree(IN PSPLAY_TREE Tree
,
6620 IN TRAVERSE_METHOD Method
,
6621 IN PTRAVERSE_ROUTINE Routine
,
6625 ExInitializeHashTable(IN PHASH_TABLE HashTable
,
6626 IN ULONG HashTableSize
,
6627 IN PKEY_COMPARATOR Compare OPTIONAL
,
6628 IN BOOLEAN UseNonPagedPool
);
6631 ExDeleteHashTable(IN PHASH_TABLE HashTable
);
6634 ExInsertHashTable(IN PHASH_TABLE HashTable
,
6640 ExSearchHashTable(IN PHASH_TABLE HashTable
,
6646 ExRemoveHashTable(IN PHASH_TABLE HashTable
,
6651 /* END REACTOS ONLY */
6653 #endif /* __DDK_ZW_H */
projects / reactos.git / blob