3 * COPYRIGHT: See COPYING in the top level directory
4 * PROJECT: ReactOS kernel
5 * PURPOSE: System call definitions
6 * FILE: include/ddk/zw.h
8 * ??/??/??: First few functions (David Welch)
9 * ??/??/??: Complete implementation by Ariadne
10 * 13/07/98: Reorganised things a bit (David Welch)
11 * 04/08/98: Added some documentation (Ariadne)
12 * 14/08/98: Added type TIME and change variable type from [1] to [0]
13 * 14/09/98: Added for each Nt call a corresponding Zw Call
14 * 09/08/03: Added ThreadEventPair routines
20 #include <ntos/security.h>
21 #include <ntos/zwtypes.h>
22 #include <napi/npipe.h>
24 #ifndef _RTLGETPROCESSHEAP_DEFINED_
25 #define _RTLGETPROCESSHEAP_DEFINED_
26 #define RtlGetProcessHeap() (NtCurrentPeb()->ProcessHeap)
29 // semaphore information
31 typedef enum _SEMAPHORE_INFORMATION_CLASS
33 SemaphoreBasicInformation
= 0
34 } SEMAPHORE_INFORMATION_CLASS
;
36 typedef struct _SEMAPHORE_BASIC_INFORMATION
40 } SEMAPHORE_BASIC_INFORMATION
, *PSEMAPHORE_BASIC_INFORMATION
;
44 typedef enum _EVENT_INFORMATION_CLASS
46 EventBasicInformation
= 0
47 } EVENT_INFORMATION_CLASS
;
49 typedef struct _EVENT_BASIC_INFORMATION
53 } EVENT_BASIC_INFORMATION
, *PEVENT_BASIC_INFORMATION
;
55 // wmi trace event data
56 typedef struct _EVENT_TRACE_HEADER
{
59 USHORT FieldTypeFlags
;
75 LARGE_INTEGER TimeStamp
;
89 ULONG64 ProcessorTime
;
91 } EVENT_TRACE_HEADER
, *PEVENT_TRACE_HEADER
;
94 typedef struct _FILE_USER_QUOTA_INFORMATION
{
95 ULONG NextEntryOffset
;
97 LARGE_INTEGER ChangeTime
;
98 LARGE_INTEGER QuotaUsed
;
99 LARGE_INTEGER QuotaThreshold
;
100 LARGE_INTEGER QuotaLimit
;
102 } FILE_USER_QUOTA_INFORMATION
, *PFILE_USER_QUOTA_INFORMATION
;
106 //#define SECURITY_INFORMATION ULONG
107 //typedef ULONG SECURITY_INFORMATION;
109 #ifndef __USE_NT_LPC__
111 NtAcceptConnectPort (OUT PHANDLE PortHandle
,
113 IN PLPC_MESSAGE ServerReply
,
115 IN PLPC_SECTION_WRITE WriteMap
,
116 IN PLPC_SECTION_READ ReadMap
);
119 NtAcceptConnectPort (PHANDLE PortHandle
,
120 ULONG PortIdentifier
,
121 PLPC_MESSAGE ServerReply
,
123 PLPC_SECTION_WRITE WriteMap
,
124 PLPC_SECTION_READ ReadMap
);
125 #endif /* ndef __USE_NT_LPC__ */
130 IN PUNICODE_STRING EntryName
,
131 IN PUNICODE_STRING EntryValue
137 IN PUNICODE_STRING EntryName
,
138 IN PUNICODE_STRING EntryValue
142 * FUNCTION: Adjusts the groups in an access token
144 * TokenHandle = Specifies the access token
145 * ResetToDefault = If true the NewState parameter is ignored and the groups are set to
146 * their default state, if false the groups specified in
149 * BufferLength = Specifies the size of the buffer for the PreviousState.
151 * ReturnLength = Bytes written in PreviousState buffer.
152 * REMARKS: The arguments map to the win32 AdjustTokenGroups
159 IN HANDLE TokenHandle
,
160 IN BOOLEAN ResetToDefault
,
161 IN PTOKEN_GROUPS NewState
,
162 IN ULONG BufferLength
,
163 OUT PTOKEN_GROUPS PreviousState OPTIONAL
,
164 OUT PULONG ReturnLength
170 IN HANDLE TokenHandle
,
171 IN BOOLEAN ResetToDefault
,
172 IN PTOKEN_GROUPS NewState
,
173 IN ULONG BufferLength
,
174 OUT PTOKEN_GROUPS PreviousState
,
175 OUT PULONG ReturnLength
183 * TokenHandle = Handle to the access token
184 * DisableAllPrivileges = The resulting suspend count.
190 * The arguments map to the win32 AdjustTokenPrivileges
196 NtAdjustPrivilegesToken(
197 IN HANDLE TokenHandle
,
198 IN BOOLEAN DisableAllPrivileges
,
199 IN PTOKEN_PRIVILEGES NewState
,
200 IN ULONG BufferLength
,
201 OUT PTOKEN_PRIVILEGES PreviousState
,
202 OUT PULONG ReturnLength
207 ZwAdjustPrivilegesToken(
208 IN HANDLE TokenHandle
,
209 IN BOOLEAN DisableAllPrivileges
,
210 IN PTOKEN_PRIVILEGES NewState
,
211 IN ULONG BufferLength
,
212 OUT PTOKEN_PRIVILEGES PreviousState
,
213 OUT PULONG ReturnLength
218 * FUNCTION: Decrements a thread's suspend count and places it in an alerted
221 * ThreadHandle = Handle to the thread that should be resumed
222 * SuspendCount = The resulting suspend count.
224 * A thread is resumed if its suspend count is 0
230 IN HANDLE ThreadHandle
,
231 OUT PULONG SuspendCount
237 IN HANDLE ThreadHandle
,
238 OUT PULONG SuspendCount
242 * FUNCTION: Puts the thread in a alerted state
244 * ThreadHandle = Handle to the thread that should be alerted
250 IN HANDLE ThreadHandle
256 IN HANDLE ThreadHandle
261 * FUNCTION: Allocates a locally unique id
263 * LocallyUniqueId = Locally unique number
268 NtAllocateLocallyUniqueId(
269 OUT LUID
*LocallyUniqueId
274 ZwAllocateLocallyUniqueId(
279 * FUNCTION: Allocates a block of virtual memory in the process address space
281 * ProcessHandle = The handle of the process which owns the virtual memory
282 * BaseAddress = A pointer to the virtual memory allocated. If you supply a non zero
283 * value the system will try to allocate the memory at the address supplied. It rounds
284 * it down to a multiple if the page size.
285 * ZeroBits = (OPTIONAL) You can specify the number of high order bits that must be zero, ensuring that
286 * the memory will be allocated at a address below a certain value.
287 * RegionSize = The number of bytes to allocate
288 * AllocationType = Indicates the type of virtual memory you like to allocated,
289 * can be one of the values : MEM_COMMIT, MEM_RESERVE, MEM_RESET, MEM_TOP_DOWN
290 * Protect = Indicates the protection type of the pages allocated, can be a combination of
291 * PAGE_READONLY, PAGE_READWRITE, PAGE_EXECUTE_READ,
292 * PAGE_EXECUTE_READWRITE, PAGE_GUARD, PAGE_NOACCESS, PAGE_NOACCESS
294 * This function maps to the win32 VirtualAllocEx. Virtual memory is process based so the
295 * protocol starts with a ProcessHandle. I splitted the functionality of obtaining the actual address and specifying
296 * the start address in two parameters ( BaseAddress and StartAddress ) The NumberOfBytesAllocated specify the range
297 * and the AllocationType and ProctectionType map to the other two parameters.
302 NtAllocateVirtualMemory (
303 IN HANDLE ProcessHandle
,
304 IN OUT PVOID
*BaseAddress
,
306 IN OUT PULONG RegionSize
,
307 IN ULONG AllocationType
,
313 ZwAllocateVirtualMemory (
314 IN HANDLE ProcessHandle
,
315 IN OUT PVOID
*BaseAddress
,
317 IN OUT PULONG RegionSize
,
318 IN ULONG AllocationType
,
325 NtAssignProcessToJobObject(
327 HANDLE ProcessHandle
);
331 ZwAssignProcessToJobObject(
333 HANDLE ProcessHandle
);
336 * FUNCTION: Returns from a callback into user mode
340 //FIXME: this function might need 3 parameters
341 NTSTATUS STDCALL
NtCallbackReturn(PVOID Result
,
345 NTSTATUS STDCALL
ZwCallbackReturn(PVOID Result
,
350 * FUNCTION: Cancels a IO request
352 * FileHandle = Handle to the file
356 * This function maps to the win32 CancelIo.
362 IN HANDLE FileHandle
,
363 OUT PIO_STATUS_BLOCK IoStatusBlock
369 IN HANDLE FileHandle
,
370 OUT PIO_STATUS_BLOCK IoStatusBlock
374 * FUNCTION: Sets the status of the event back to non-signaled
376 * EventHandle = Handle to the event
378 * This function maps to win32 function ResetEvent.
385 IN HANDLE EventHandle
391 IN HANDLE EventHandle
398 ACCESS_MASK DesiredAccess
,
399 POBJECT_ATTRIBUTES ObjectAttributes
406 ACCESS_MASK DesiredAccess
,
407 POBJECT_ATTRIBUTES ObjectAttributes
412 * FUNCTION: Closes an object handle
414 * Handle = Handle to the object
416 * This function maps to the win32 function CloseHandle.
433 * FUNCTION: Generates an audit message when a handle to an object is dereferenced
436 HandleId = Handle to the object
439 * This function maps to the win32 function ObjectCloseAuditAlarm.
445 NtCloseObjectAuditAlarm(
446 IN PUNICODE_STRING SubsystemName
,
448 IN BOOLEAN GenerateOnClose
453 ZwCloseObjectAuditAlarm(
454 IN PUNICODE_STRING SubsystemName
,
456 IN BOOLEAN GenerateOnClose
461 NtCompleteConnectPort (HANDLE PortHandle
);
464 ZwCompleteConnectPort (HANDLE PortHandle
);
468 NtConnectPort (PHANDLE PortHandle
,
469 PUNICODE_STRING PortName
,
470 PSECURITY_QUALITY_OF_SERVICE SecurityQos
,
471 PLPC_SECTION_WRITE SectionInfo
,
472 PLPC_SECTION_READ MapInfo
,
473 PULONG MaxMessageSize
,
475 PULONG ConnectInfoLength
);
478 ZwConnectPort (PHANDLE PortHandle
,
479 PUNICODE_STRING PortName
,
480 PSECURITY_QUALITY_OF_SERVICE SecurityQos
,
481 PLPC_SECTION_WRITE SectionInfo
,
482 PLPC_SECTION_READ MapInfo
,
483 PULONG MaxMessageSize
,
485 PULONG ConnectInfoLength
);
488 * FUNCTION: Creates a directory object
490 * DirectoryHandle (OUT) = Caller supplied storage for the resulting handle
491 * DesiredAccess = Specifies access to the directory
492 * ObjectAttribute = Initialized attributes for the object
493 * REMARKS: This function maps to the win32 CreateDirectory. A directory is like a file so it needs a
494 * handle, a access mask and a OBJECT_ATTRIBUTES structure to map the path name and the SECURITY_ATTRIBUTES.
500 NtCreateDirectoryObject(
501 OUT PHANDLE DirectoryHandle
,
502 IN ACCESS_MASK DesiredAccess
,
503 IN POBJECT_ATTRIBUTES ObjectAttributes
508 ZwCreateDirectoryObject(
509 OUT PHANDLE DirectoryHandle
,
510 IN ACCESS_MASK DesiredAccess
,
511 IN POBJECT_ATTRIBUTES ObjectAttributes
515 * FUNCTION: Creates an event object
517 * EventHandle (OUT) = Caller supplied storage for the resulting handle
518 * DesiredAccess = Specifies access to the event
519 * ObjectAttribute = Initialized attributes for the object
520 * ManualReset = manual-reset or auto-reset if true you have to reset the state of the event manually
521 * using NtResetEvent/NtClearEvent. if false the system will reset the event to a non-signalled state
522 * automatically after the system has rescheduled a thread waiting on the event.
523 * InitialState = specifies the initial state of the event to be signaled ( TRUE ) or non-signalled (FALSE).
524 * REMARKS: This function maps to the win32 CreateEvent. Demanding a out variable of type HANDLE,
525 * a access mask and a OBJECT_ATTRIBUTES structure mapping to the SECURITY_ATTRIBUTES. ManualReset and InitialState are
526 * both parameters aswell ( possibly the order is reversed ).
533 OUT PHANDLE EventHandle
,
534 IN ACCESS_MASK DesiredAccess
,
535 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
536 IN EVENT_TYPE EventType
,
537 IN BOOLEAN InitialState
543 OUT PHANDLE EventHandle
,
544 IN ACCESS_MASK DesiredAccess
,
545 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
546 IN EVENT_TYPE EventType
,
547 IN BOOLEAN InitialState
551 * FUNCTION: Creates an eventpair object
553 * EventPairHandle (OUT) = Caller supplied storage for the resulting handle
554 * DesiredAccess = Specifies access to the event
555 * ObjectAttribute = Initialized attributes for the object
561 OUT PHANDLE EventPairHandle
,
562 IN ACCESS_MASK DesiredAccess
,
563 IN POBJECT_ATTRIBUTES ObjectAttributes
569 OUT PHANDLE EventPairHandle
,
570 IN ACCESS_MASK DesiredAccess
,
571 IN POBJECT_ATTRIBUTES ObjectAttributes
576 * FUNCTION: Creates or opens a file, directory or device object.
578 * FileHandle (OUT) = Caller supplied storage for the resulting handle
579 * DesiredAccess = Specifies the allowed or desired access to the file can
580 * be a combination of DELETE | FILE_READ_DATA ..
581 * ObjectAttribute = Initialized attributes for the object, contains the rootdirectory and the filename
582 * IoStatusBlock (OUT) = Caller supplied storage for the resulting status information, indicating if the
583 * the file is created and opened or allready existed and is just opened.
584 * FileAttributes = file attributes can be a combination of FILE_ATTRIBUTE_READONLY | FILE_ATTRIBUTE_HIDDEN ...
585 * ShareAccess = can be a combination of the following: FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE
586 * CreateDisposition = specifies what the behavior of the system if the file allready exists.
587 * CreateOptions = specifies the behavior of the system on file creation.
588 * EaBuffer (OPTIONAL) = Extended Attributes buffer, applies only to files and directories.
589 * EaLength = Extended Attributes buffer size, applies only to files and directories.
590 * REMARKS: This function maps to the win32 CreateFile.
597 OUT PHANDLE FileHandle
,
598 IN ACCESS_MASK DesiredAccess
,
599 IN POBJECT_ATTRIBUTES ObjectAttributes
,
600 OUT PIO_STATUS_BLOCK IoStatusBlock
,
601 IN PLARGE_INTEGER AllocationSize OPTIONAL
,
602 IN ULONG FileAttributes
,
603 IN ULONG ShareAccess
,
604 IN ULONG CreateDisposition
,
605 IN ULONG CreateOptions
,
606 IN PVOID EaBuffer OPTIONAL
,
613 OUT PHANDLE FileHandle
,
614 IN ACCESS_MASK DesiredAccess
,
615 IN POBJECT_ATTRIBUTES ObjectAttributes
,
616 OUT PIO_STATUS_BLOCK IoStatusBlock
,
617 IN PLARGE_INTEGER AllocationSize OPTIONAL
,
618 IN ULONG FileAttributes
,
619 IN ULONG ShareAccess
,
620 IN ULONG CreateDisposition
,
621 IN ULONG CreateOptions
,
622 IN PVOID EaBuffer OPTIONAL
,
627 * FUNCTION: Creates or opens a file, directory or device object.
629 * CompletionPort (OUT) = Caller supplied storage for the resulting handle
630 * DesiredAccess = Specifies the allowed or desired access to the port
632 * NumberOfConcurrentThreads =
633 * REMARKS: This function maps to the win32 CreateIoCompletionPort
640 NtCreateIoCompletion(
641 OUT PHANDLE IoCompletionHandle
,
642 IN ACCESS_MASK DesiredAccess
,
643 IN POBJECT_ATTRIBUTES ObjectAttributes
,
644 IN ULONG NumberOfConcurrentThreads
649 ZwCreateIoCompletion(
650 OUT PHANDLE IoCompletionHandle
,
651 IN ACCESS_MASK DesiredAccess
,
652 IN POBJECT_ATTRIBUTES ObjectAttributes
,
653 IN ULONG NumberOfConcurrentThreads
657 * FUNCTION: Creates a registry key
659 * KeyHandle (OUT) = Caller supplied storage for the resulting handle
660 * DesiredAccess = Specifies the allowed or desired access to the key
661 * It can have a combination of the following values:
662 * KEY_READ | KEY_WRITE | KEY_EXECUTE | KEY_ALL_ACCESS
664 * KEY_QUERY_VALUE The values of the key can be queried.
665 * KEY_SET_VALUE The values of the key can be modified.
666 * KEY_CREATE_SUB_KEYS The key may contain subkeys.
667 * KEY_ENUMERATE_SUB_KEYS Subkeys can be queried.
669 * KEY_CREATE_LINK A symbolic link to the key can be created.
670 * ObjectAttributes = The name of the key may be specified directly in the name field
671 * of object attributes or relative to a key in rootdirectory.
672 * TitleIndex = Might specify the position in the sequential order of subkeys.
673 * Class = Specifies the kind of data, for example REG_SZ for string data. [ ??? ]
674 * CreateOptions = Specifies additional options with which the key is created
675 * REG_OPTION_VOLATILE The key is not preserved across boots.
676 * REG_OPTION_NON_VOLATILE The key is preserved accross boots.
677 * REG_OPTION_CREATE_LINK The key is a symbolic link to another key.
678 * REG_OPTION_BACKUP_RESTORE Key is being opened or created for backup/restore operations.
679 * Disposition = Indicates if the call to NtCreateKey resulted in the creation of a key it
680 * can have the following values: REG_CREATED_NEW_KEY | REG_OPENED_EXISTING_KEY
686 NtCreateKey(OUT PHANDLE KeyHandle
,
687 IN ACCESS_MASK DesiredAccess
,
688 IN POBJECT_ATTRIBUTES ObjectAttributes
,
690 IN PUNICODE_STRING Class OPTIONAL
,
691 IN ULONG CreateOptions
,
692 IN PULONG Disposition OPTIONAL
);
695 ZwCreateKey(OUT PHANDLE KeyHandle
,
696 IN ACCESS_MASK DesiredAccess
,
697 IN POBJECT_ATTRIBUTES ObjectAttributes
,
699 IN PUNICODE_STRING Class OPTIONAL
,
700 IN ULONG CreateOptions
,
701 IN PULONG Disposition OPTIONAL
);
704 * FUNCTION: Creates a mail slot file
706 * MailSlotFileHandle (OUT) = Caller supplied storage for the resulting handle
707 * DesiredAccess = Specifies the allowed or desired access to the file
708 * ObjectAttributes = Contains the name of the mailslotfile.
715 * REMARKS: This funciton maps to the win32 function CreateMailSlot
722 NtCreateMailslotFile(
723 OUT PHANDLE MailSlotFileHandle
,
724 IN ACCESS_MASK DesiredAccess
,
725 IN POBJECT_ATTRIBUTES ObjectAttributes
,
726 OUT PIO_STATUS_BLOCK IoStatusBlock
,
727 IN ULONG FileAttributes
,
728 IN ULONG ShareAccess
,
729 IN ULONG MaxMessageSize
,
730 IN PLARGE_INTEGER TimeOut
735 ZwCreateMailslotFile(
736 OUT PHANDLE MailSlotFileHandle
,
737 IN ACCESS_MASK DesiredAccess
,
738 IN POBJECT_ATTRIBUTES ObjectAttributes
,
739 OUT PIO_STATUS_BLOCK IoStatusBlock
,
740 IN ULONG FileAttributes
,
741 IN ULONG ShareAccess
,
742 IN ULONG MaxMessageSize
,
743 IN PLARGE_INTEGER TimeOut
747 * FUNCTION: Creates or opens a mutex
749 * MutantHandle (OUT) = Caller supplied storage for the resulting handle
750 * DesiredAccess = Specifies the allowed or desired access to the port
751 * ObjectAttributes = Contains the name of the mutex.
752 * InitialOwner = If true the calling thread acquires ownership
754 * REMARKS: This funciton maps to the win32 function CreateMutex
761 OUT PHANDLE MutantHandle
,
762 IN ACCESS_MASK DesiredAccess
,
763 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
764 IN BOOLEAN InitialOwner
770 OUT PHANDLE MutantHandle
,
771 IN ACCESS_MASK DesiredAccess
,
772 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
773 IN BOOLEAN InitialOwner
777 * FUNCTION: Creates a named pipe
779 * NamedPipeFileHandle (OUT) = Caller supplied storage for the
781 * DesiredAccess = Specifies the type of access that the caller
782 * requires to the file boject
783 * ObjectAttributes = Points to a structure that specifies the
785 * IoStatusBlock = Points to a variable that receives the final
786 * completion status and information
787 * ShareAccess = Specifies the limitations on sharing of the file.
788 * This parameter can be zero or any compatible
789 * combination of the following flags
792 * CreateDisposition = Specifies what to do depending on whether
793 * the file already exists. This must be one of
794 * the following values
798 * CreateOptions = Specifies the options to be applied when
799 * creating or opening the file, as a compatible
800 * combination of the following flags
802 * FILE_SYNCHRONOUS_IO_ALERT
803 * FILE_SYNCHRONOUS_IO_NONALERT
804 * TypeMessage = Specifies whether the data written to the pipe is
805 * interpreted as a sequence of messages or as a
807 * ReadModeMessage = Specifies whether the data read from the pipe
808 * is interpreted as a sequence of messages or as
810 * NonBlocking = Specifies whether non-blocking mode is enabled
811 * MaxInstances = Specifies the maximum number of instancs that can
812 * be created for this pipe
813 * InBufferSize = Specifies the number of bytes to reserve for the
815 * OutBufferSize = Specifies the number of bytes to reserve for the
817 * DefaultTimeout = Optionally points to a variable that specifies
818 * the default timeout value in units of
820 * REMARKS: This funciton maps to the win32 function CreateNamedPipe
825 NtCreateNamedPipeFile (OUT PHANDLE NamedPipeFileHandle
,
826 IN ACCESS_MASK DesiredAccess
,
827 IN POBJECT_ATTRIBUTES ObjectAttributes
,
828 OUT PIO_STATUS_BLOCK IoStatusBlock
,
829 IN ULONG ShareAccess
,
830 IN ULONG CreateDisposition
,
831 IN ULONG CreateOptions
,
832 IN ULONG NamedPipeType
,
834 IN ULONG CompletionMode
,
835 IN ULONG MaxInstances
,
836 IN ULONG InBufferSize
,
837 IN ULONG OutBufferSize
,
838 IN PLARGE_INTEGER DefaultTimeOut
);
841 ZwCreateNamedPipeFile (OUT PHANDLE NamedPipeFileHandle
,
842 IN ACCESS_MASK DesiredAccess
,
843 IN POBJECT_ATTRIBUTES ObjectAttributes
,
844 OUT PIO_STATUS_BLOCK IoStatusBlock
,
845 IN ULONG ShareAccess
,
846 IN ULONG CreateDisposition
,
847 IN ULONG CreateOptions
,
848 IN ULONG NamedPipeType
,
850 IN ULONG CompletionMode
,
851 IN ULONG MaxInstances
,
852 IN ULONG InBufferSize
,
853 IN ULONG OutBufferSize
,
854 IN PLARGE_INTEGER DefaultTimeOut
);
858 NtCreatePort (PHANDLE PortHandle
,
859 POBJECT_ATTRIBUTES ObjectAttributes
,
860 ULONG MaxConnectInfoLength
,
862 ULONG NPMessageQueueSize OPTIONAL
);
865 NtCreatePort (PHANDLE PortHandle
,
866 POBJECT_ATTRIBUTES ObjectAttributes
,
867 ULONG MaxConnectInfoLength
,
869 ULONG NPMessageQueueSize OPTIONAL
);
873 * FUNCTION: Creates a process.
875 * ProcessHandle (OUT) = Caller supplied storage for the resulting handle
876 * DesiredAccess = Specifies the allowed or desired access to the process can
877 * be a combinate of STANDARD_RIGHTS_REQUIRED| ..
878 * ObjectAttribute = Initialized attributes for the object, contains the rootdirectory and the filename
879 * ParentProcess = Handle to the parent process.
880 * InheritObjectTable = Specifies to inherit the objects of the parent process if true.
881 * SectionHandle = Handle to a section object to back the image file
882 * DebugPort = Handle to a DebugPort if NULL the system default debug port will be used.
883 * ExceptionPort = Handle to a exception port.
885 * This function maps to the win32 CreateProcess.
891 OUT PHANDLE ProcessHandle
,
892 IN ACCESS_MASK DesiredAccess
,
893 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
894 IN HANDLE ParentProcess
,
895 IN BOOLEAN InheritObjectTable
,
896 IN HANDLE SectionHandle OPTIONAL
,
897 IN HANDLE DebugPort OPTIONAL
,
898 IN HANDLE ExceptionPort OPTIONAL
904 OUT PHANDLE ProcessHandle
,
905 IN ACCESS_MASK DesiredAccess
,
906 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
907 IN HANDLE ParentProcess
,
908 IN BOOLEAN InheritObjectTable
,
909 IN HANDLE SectionHandle OPTIONAL
,
910 IN HANDLE DebugPort OPTIONAL
,
911 IN HANDLE ExceptionPort OPTIONAL
915 * FUNCTION: Creates a section object.
917 * SectionHandle (OUT) = Caller supplied storage for the resulting handle
918 * DesiredAccess = Specifies the desired access to the section can be a combination of STANDARD_RIGHTS_REQUIRED | SECTION_QUERY | SECTION_MAP_WRITE |
919 * SECTION_MAP_READ | SECTION_MAP_EXECUTE.
920 * ObjectAttribute = Initialized attributes for the object can be used to create a named section
921 * MaxiumSize = Maximizes the size of the memory section. Must be non-NULL for a page-file backed section.
922 * If value specified for a mapped file and the file is not large enough, file will be extended.
923 * SectionPageProtection = Can be a combination of PAGE_READONLY | PAGE_READWRITE | PAGE_WRITEONLY | PAGE_WRITECOPY.
924 * AllocationAttributes = can be a combination of SEC_IMAGE | SEC_RESERVE
925 * FileHanlde = Handle to a file to create a section mapped to a file instead of a memory backed section.
932 OUT PHANDLE SectionHandle
,
933 IN ACCESS_MASK DesiredAccess
,
934 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
935 IN PLARGE_INTEGER MaximumSize OPTIONAL
,
936 IN ULONG SectionPageProtection OPTIONAL
,
937 IN ULONG AllocationAttributes
,
938 IN HANDLE FileHandle OPTIONAL
944 OUT PHANDLE SectionHandle
,
945 IN ACCESS_MASK DesiredAccess
,
946 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
947 IN PLARGE_INTEGER MaximumSize OPTIONAL
,
948 IN ULONG SectionPageProtection OPTIONAL
,
949 IN ULONG AllocationAttributes
,
950 IN HANDLE FileHandle OPTIONAL
954 * FUNCTION: Creates a semaphore object for interprocess synchronization.
956 * SemaphoreHandle (OUT) = Caller supplied storage for the resulting handle
957 * DesiredAccess = Specifies the allowed or desired access to the semaphore.
958 * ObjectAttribute = Initialized attributes for the object.
959 * InitialCount = Not necessary zero, might be smaller than zero.
960 * MaximumCount = Maxiumum count the semaphore can reach.
963 * The semaphore is set to signaled when its count is greater than zero, and non-signaled when its count is zero.
966 //FIXME: should a semaphore's initial count allowed to be smaller than zero ??
970 OUT PHANDLE SemaphoreHandle
,
971 IN ACCESS_MASK DesiredAccess
,
972 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
973 IN LONG InitialCount
,
980 OUT PHANDLE SemaphoreHandle
,
981 IN ACCESS_MASK DesiredAccess
,
982 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
983 IN LONG InitialCount
,
988 * FUNCTION: Creates a symbolic link object
990 * SymbolicLinkHandle (OUT) = Caller supplied storage for the resulting handle
991 * DesiredAccess = Specifies the allowed or desired access to the thread.
992 * ObjectAttributes = Initialized attributes for the object.
993 * Name = Target name of the symbolic link
998 NtCreateSymbolicLinkObject(
999 OUT PHANDLE LinkHandle
,
1000 IN ACCESS_MASK DesiredAccess
,
1001 IN POBJECT_ATTRIBUTES ObjectAttributes
,
1002 IN PUNICODE_STRING LinkTarget
1007 ZwCreateSymbolicLinkObject(
1008 OUT PHANDLE LinkHandle
,
1009 IN ACCESS_MASK DesiredAccess
,
1010 IN POBJECT_ATTRIBUTES ObjectAttributes
,
1011 IN PUNICODE_STRING LinkTarget
1015 * FUNCTION: Creates a waitable timer.
1017 * TimerHandle (OUT) = Caller supplied storage for the resulting handle
1018 * DesiredAccess = Specifies the allowed or desired access to the timer.
1019 * ObjectAttributes = Initialized attributes for the object.
1020 * TimerType = Specifies if the timer should be reset manually.
1022 * This function maps to the win32 CreateWaitableTimer. lpTimerAttributes and lpTimerName map to
1023 * corresponding fields in OBJECT_ATTRIBUTES structure.
1029 OUT PHANDLE TimerHandle
,
1030 IN ACCESS_MASK DesiredAccess
,
1031 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
1032 IN TIMER_TYPE TimerType
1038 OUT PHANDLE TimerHandle
,
1039 IN ACCESS_MASK DesiredAccess
,
1040 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
1041 IN TIMER_TYPE TimerType
1045 * FUNCTION: Creates a token.
1047 * TokenHandle (OUT) = Caller supplied storage for the resulting handle
1048 * DesiredAccess = Specifies the allowed or desired access to the process can
1049 * be a combinate of STANDARD_RIGHTS_REQUIRED| ..
1050 * ObjectAttribute = Initialized attributes for the object, contains the rootdirectory and the filename
1052 * AuthenticationId =
1058 * TokenPrimaryGroup =
1059 * TokenDefaultDacl =
1062 * This function does not map to a win32 function
1069 OUT PHANDLE TokenHandle
,
1070 IN ACCESS_MASK DesiredAccess
,
1071 IN POBJECT_ATTRIBUTES ObjectAttributes
,
1072 IN TOKEN_TYPE TokenType
,
1073 IN PLUID AuthenticationId
,
1074 IN PLARGE_INTEGER ExpirationTime
,
1075 IN PTOKEN_USER TokenUser
,
1076 IN PTOKEN_GROUPS TokenGroups
,
1077 IN PTOKEN_PRIVILEGES TokenPrivileges
,
1078 IN PTOKEN_OWNER TokenOwner
,
1079 IN PTOKEN_PRIMARY_GROUP TokenPrimaryGroup
,
1080 IN PTOKEN_DEFAULT_DACL TokenDefaultDacl
,
1081 IN PTOKEN_SOURCE TokenSource
1087 OUT PHANDLE TokenHandle
,
1088 IN ACCESS_MASK DesiredAccess
,
1089 IN POBJECT_ATTRIBUTES ObjectAttributes
,
1090 IN TOKEN_TYPE TokenType
,
1091 IN PLUID AuthenticationId
,
1092 IN PLARGE_INTEGER ExpirationTime
,
1093 IN PTOKEN_USER TokenUser
,
1094 IN PTOKEN_GROUPS TokenGroups
,
1095 IN PTOKEN_PRIVILEGES TokenPrivileges
,
1096 IN PTOKEN_OWNER TokenOwner
,
1097 IN PTOKEN_PRIMARY_GROUP TokenPrimaryGroup
,
1098 IN PTOKEN_DEFAULT_DACL TokenDefaultDacl
,
1099 IN PTOKEN_SOURCE TokenSource
1103 * FUNCTION: Returns the callers thread TEB.
1104 * RETURNS: The resulting teb.
1115 NtCreateWaitablePort (PHANDLE PortHandle
,
1116 POBJECT_ATTRIBUTES ObjectAttributes
,
1117 ULONG MaxConnectInfoLength
,
1118 ULONG MaxDataLength
,
1119 ULONG NPMessageQueueSize OPTIONAL
);
1122 ZwCreateWaitablePort (PHANDLE PortHandle
,
1123 POBJECT_ATTRIBUTES ObjectAttributes
,
1124 ULONG MaxConnectInfoLength
,
1125 ULONG MaxDataLength
,
1126 ULONG NPMessageQueueSize OPTIONAL
);
1130 * FUNCTION: Deletes an atom from the global atom table
1132 * Atom = Identifies the atom to delete
1134 * The function maps to the win32 GlobalDeleteAtom
1152 IN PUNICODE_STRING EntryName
,
1153 IN PUNICODE_STRING EntryValue
1159 IN PUNICODE_STRING EntryName
,
1160 IN PUNICODE_STRING EntryValue
1164 * FUNCTION: Deletes a file or a directory
1166 * ObjectAttributes = Name of the file which should be deleted
1168 * This system call is functionally equivalent to NtSetInformationFile
1169 * setting the disposition information.
1170 * The function maps to the win32 DeleteFile.
1176 IN POBJECT_ATTRIBUTES ObjectAttributes
1182 IN POBJECT_ATTRIBUTES ObjectAttributes
1186 * FUNCTION: Deletes a registry key
1188 * KeyHandle = Handle of the key
1203 * FUNCTION: Generates a audit message when an object is deleted
1205 * SubsystemName = Spefies the name of the subsystem can be 'WIN32' or 'DEBUG'
1206 * HandleId= Handle to an audit object
1207 * GenerateOnClose = Value returned by NtAccessCheckAndAuditAlarm
1208 * REMARKS: This function maps to the win32 ObjectCloseAuditAlarm
1214 NtDeleteObjectAuditAlarm (
1215 IN PUNICODE_STRING SubsystemName
,
1217 IN BOOLEAN GenerateOnClose
1222 ZwDeleteObjectAuditAlarm (
1223 IN PUNICODE_STRING SubsystemName
,
1225 IN BOOLEAN GenerateOnClose
1230 * FUNCTION: Deletes a value from a registry key
1232 * KeyHandle = Handle of the key
1233 * ValueName = Name of the value to delete
1240 IN HANDLE KeyHandle
,
1241 IN PUNICODE_STRING ValueName
1247 IN HANDLE KeyHandle
,
1248 IN PUNICODE_STRING ValueName
1251 * FUNCTION: Sends IOCTL to the io sub system
1253 * DeviceHandle = Points to the handle that is created by NtCreateFile
1254 * Event = Event to synchronize on STATUS_PENDING
1255 * ApcRoutine = Asynchroneous procedure callback
1256 * ApcContext = Callback context.
1257 * IoStatusBlock = Caller should supply storage for extra information..
1258 * IoControlCode = Contains the IO Control command. This is an
1259 * index to the structures in InputBuffer and OutputBuffer.
1260 * InputBuffer = Caller should supply storage for input buffer if IOTL expects one.
1261 * InputBufferSize = Size of the input bufffer
1262 * OutputBuffer = Caller should supply storage for output buffer if IOTL expects one.
1263 * OutputBufferSize = Size of the input bufffer
1269 NtDeviceIoControlFile(
1270 IN HANDLE DeviceHandle
,
1271 IN HANDLE Event OPTIONAL
,
1272 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL
,
1273 IN PVOID UserApcContext OPTIONAL
,
1274 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1275 IN ULONG IoControlCode
,
1276 IN PVOID InputBuffer
,
1277 IN ULONG InputBufferSize
,
1278 OUT PVOID OutputBuffer
,
1279 IN ULONG OutputBufferSize
1284 ZwDeviceIoControlFile(
1285 IN HANDLE DeviceHandle
,
1286 IN HANDLE Event OPTIONAL
,
1287 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL
,
1288 IN PVOID UserApcContext OPTIONAL
,
1289 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1290 IN ULONG IoControlCode
,
1291 IN PVOID InputBuffer
,
1292 IN ULONG InputBufferSize
,
1293 OUT PVOID OutputBuffer
,
1294 IN ULONG OutputBufferSize
1297 * FUNCTION: Displays a string on the blue screen
1299 * DisplayString = The string to display
1306 IN PUNICODE_STRING DisplayString
1312 IN PUNICODE_STRING DisplayString
1318 NtEnumerateBootEntries(
1325 ZwEnumerateBootEntries(
1332 * FUNCTION: Returns information about the subkeys of an open key
1334 * KeyHandle = Handle of the key whose subkeys are to enumerated
1335 * Index = zero based index of the subkey for which information is
1337 * KeyInformationClass = Type of information returned
1338 * KeyInformation (OUT) = Caller allocated buffer for the information
1340 * Length = Length in bytes of the KeyInformation buffer
1341 * ResultLength (OUT) = Caller allocated storage which holds
1342 * the number of bytes of information retrieved
1349 IN HANDLE KeyHandle
,
1351 IN KEY_INFORMATION_CLASS KeyInformationClass
,
1352 OUT PVOID KeyInformation
,
1354 OUT PULONG ResultLength
1360 IN HANDLE KeyHandle
,
1362 IN KEY_INFORMATION_CLASS KeyInformationClass
,
1363 OUT PVOID KeyInformation
,
1365 OUT PULONG ResultLength
1368 * FUNCTION: Returns information about the value entries of an open key
1370 * KeyHandle = Handle of the key whose value entries are to enumerated
1371 * Index = zero based index of the subkey for which information is
1373 * KeyInformationClass = Type of information returned
1374 * KeyInformation (OUT) = Caller allocated buffer for the information
1376 * Length = Length in bytes of the KeyInformation buffer
1377 * ResultLength (OUT) = Caller allocated storage which holds
1378 * the number of bytes of information retrieved
1384 NtEnumerateValueKey(
1385 IN HANDLE KeyHandle
,
1387 IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass
,
1388 OUT PVOID KeyValueInformation
,
1390 OUT PULONG ResultLength
1395 ZwEnumerateValueKey(
1396 IN HANDLE KeyHandle
,
1398 IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass
,
1399 OUT PVOID KeyValueInformation
,
1401 OUT PULONG ResultLength
1405 * FUNCTION: Flushes chached file data to disk
1407 * FileHandle = Points to the file
1408 * IoStatusBlock = Caller must supply storage to receive the result of the flush
1409 * buffers operation. The information field is set to number of bytes
1413 * This funciton maps to the win32 FlushFileBuffers
1418 IN HANDLE FileHandle
,
1419 OUT PIO_STATUS_BLOCK IoStatusBlock
1425 IN HANDLE FileHandle
,
1426 OUT PIO_STATUS_BLOCK IoStatusBlock
1430 * FUNCTION: Flushes a registry key to disk
1432 * KeyHandle = Points to the registry key handle
1435 * This funciton maps to the win32 RegFlushKey.
1450 * FUNCTION: Flushes the dirty pages to file
1452 * FIXME: Not sure this does (how is the file specified)
1454 NTSTATUS STDCALL
NtFlushWriteBuffer(VOID
);
1455 NTSTATUS STDCALL
ZwFlushWriteBuffer(VOID
);
1458 * FUNCTION: Frees a range of virtual memory
1460 * ProcessHandle = Points to the process that allocated the virtual
1462 * BaseAddress = Points to the memory address, rounded down to a
1463 * multiple of the pagesize
1464 * RegionSize = Limits the range to free, rounded up to a multiple of
1466 * FreeType = Can be one of the values: MEM_DECOMMIT, or MEM_RELEASE
1469 NTSTATUS STDCALL
NtFreeVirtualMemory(IN HANDLE ProcessHandle
,
1470 IN PVOID
*BaseAddress
,
1471 IN PULONG RegionSize
,
1473 NTSTATUS STDCALL
ZwFreeVirtualMemory(IN HANDLE ProcessHandle
,
1474 IN PVOID
*BaseAddress
,
1475 IN PULONG RegionSize
,
1479 * FUNCTION: Sends FSCTL to the filesystem
1481 * DeviceHandle = Points to the handle that is created by NtCreateFile
1482 * Event = Event to synchronize on STATUS_PENDING
1485 * IoStatusBlock = Caller should supply storage for
1486 * IoControlCode = Contains the File System Control command. This is an
1487 * index to the structures in InputBuffer and OutputBuffer.
1488 * FSCTL_GET_RETRIEVAL_POINTERS [Input/Output] RETRIEVAL_POINTERS_BUFFER
1489 * FSCTL_GET_VOLUME_BITMAP [Input] STARTING_LCN_INPUT_BUFFER
1490 * FSCTL_GET_VOLUME_BITMAP [Output] VOLUME_BITMAP_BUFFER
1491 * FSCTL_MOVE_FILE [Input] MOVE_FILE_DATA
1493 * InputBuffer = Caller should supply storage for input buffer if FSCTL expects one.
1494 * InputBufferSize = Size of the input bufffer
1495 * OutputBuffer = Caller should supply storage for output buffer if FSCTL expects one.
1496 * OutputBufferSize = Size of the input bufffer
1497 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES |
1498 * STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST ]
1503 IN HANDLE DeviceHandle
,
1504 IN HANDLE Event OPTIONAL
,
1505 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
1506 IN PVOID ApcContext OPTIONAL
,
1507 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1508 IN ULONG IoControlCode
,
1509 IN PVOID InputBuffer
,
1510 IN ULONG InputBufferSize
,
1511 OUT PVOID OutputBuffer
,
1512 IN ULONG OutputBufferSize
1518 IN HANDLE DeviceHandle
,
1519 IN HANDLE Event OPTIONAL
,
1520 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
1521 IN PVOID ApcContext OPTIONAL
,
1522 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1523 IN ULONG IoControlCode
,
1524 IN PVOID InputBuffer
,
1525 IN ULONG InputBufferSize
,
1526 OUT PVOID OutputBuffer
,
1527 IN ULONG OutputBufferSize
1531 * FUNCTION: Retrieves the processor context of a thread
1533 * ThreadHandle = Handle to a thread
1534 * ThreadContext (OUT) = Caller allocated storage for the processor context
1541 IN HANDLE ThreadHandle
,
1542 OUT PCONTEXT ThreadContext
1548 IN HANDLE ThreadHandle
,
1549 OUT PCONTEXT ThreadContext
1554 NtImpersonateClientOfPort (HANDLE PortHandle
,
1555 PLPC_MESSAGE ClientMessage
);
1558 ZwImpersonateClientOfPort (HANDLE PortHandle
,
1559 PLPC_MESSAGE ClientMessage
);
1562 * FUNCTION: Sets a thread to impersonate another
1564 * ThreadHandle = Server thread that will impersonate a client.
1565 ThreadToImpersonate = Client thread that will be impersonated
1566 SecurityQualityOfService = Specifies the impersonation level.
1572 NtImpersonateThread(
1573 IN HANDLE ThreadHandle
,
1574 IN HANDLE ThreadToImpersonate
,
1575 IN PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService
1580 ZwImpersonateThread(
1581 IN HANDLE ThreadHandle
,
1582 IN HANDLE ThreadToImpersonate
,
1583 IN PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService
1588 NtInitiatePowerAction (
1589 IN POWER_ACTION SystemAction
,
1590 IN SYSTEM_POWER_STATE MinSystemState
,
1592 IN BOOLEAN Asynchronous
1597 ZwInitiatePowerAction (
1598 IN POWER_ACTION SystemAction
,
1599 IN SYSTEM_POWER_STATE MinSystemState
,
1601 IN BOOLEAN Asynchronous
1604 * FUNCTION: Initializes the registry.
1606 * SetUpBoot = This parameter is true for a setup boot.
1611 NtInitializeRegistry(
1616 ZwInitializeRegistry(
1623 IN HANDLE ProcessHandle
, // ProcessHandle must grant PROCESS_QUERY_INFORMATION access.
1624 IN HANDLE JobHandle OPTIONAL
// JobHandle must JOB_OBJECT_QUERY grant access. Defaults to the current process's job object.
1630 IN HANDLE ProcessHandle
, // ProcessHandle must grant PROCESS_QUERY_INFORMATION access.
1631 IN HANDLE JobHandle OPTIONAL
// JobHandle must JOB_OBJECT_QUERY grant access. Defaults to the current process's job object.
1635 NtListenPort (HANDLE PortHandle
,
1636 PLPC_MESSAGE LpcMessage
);
1639 ZwListenPort (HANDLE PortHandle
,
1640 PLPC_MESSAGE LpcMessage
);
1644 * FUNCTION: Loads a driver.
1646 * DriverServiceName = Name of the driver to load
1652 IN PUNICODE_STRING DriverServiceName
1658 IN PUNICODE_STRING DriverServiceName
1662 * FUNCTION: Locks a range of bytes in a file.
1664 * FileHandle = Handle to the file
1665 * Event = Should be null if apc is specified.
1666 * ApcRoutine = Asynchroneous Procedure Callback
1667 * ApcContext = Argument to the callback
1668 * IoStatusBlock (OUT) = Caller should supply storage for a structure containing
1669 * the completion status and information about the requested lock operation.
1670 * ByteOffset = Offset
1671 * Length = Number of bytes to lock.
1672 * Key = Special value to give other threads the possibility to unlock the file
1673 by supplying the key in a call to NtUnlockFile.
1674 * FailImmediatedly = If false the request will block untill the lock is obtained.
1675 * ExclusiveLock = Specifies whether a exclusive or a shared lock is obtained.
1677 This procedure maps to the win32 procedure LockFileEx. STATUS_PENDING is returned if the lock could
1678 not be obtained immediately, the device queue is busy and the IRP is queued.
1679 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES |
1680 STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_LOCK_NOT_GRANTED ]
1686 IN HANDLE FileHandle
,
1687 IN HANDLE Event OPTIONAL
,
1688 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
1689 IN PVOID ApcContext OPTIONAL
,
1690 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1691 IN PLARGE_INTEGER ByteOffset
,
1692 IN PLARGE_INTEGER Length
,
1694 IN BOOLEAN FailImmediatedly
,
1695 IN BOOLEAN ExclusiveLock
1701 IN HANDLE FileHandle
,
1702 IN HANDLE Event OPTIONAL
,
1703 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
1704 IN PVOID ApcContext OPTIONAL
,
1705 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1706 IN PLARGE_INTEGER ByteOffset
,
1707 IN PLARGE_INTEGER Length
,
1709 IN BOOLEAN FailImmediatedly
,
1710 IN BOOLEAN ExclusiveLock
1714 * FUNCTION: Makes temporary object that will be removed at next boot.
1716 * Handle = Handle to object
1723 NtMakePermanentObject(
1724 IN HANDLE ObjectHandle
1729 ZwMakePermanentObject(
1730 IN HANDLE ObjectHandle
1735 NtMakeTemporaryObject(
1736 IN HANDLE ObjectHandle
1741 ZwMakeTemporaryObject(
1742 IN HANDLE ObjectHandle
1745 * FUNCTION: Maps a view of a section into the virtual address space of a
1748 * SectionHandle = Handle of the section
1749 * ProcessHandle = Handle of the process
1750 * BaseAddress = Desired base address (or NULL) on entry
1751 * Actual base address of the view on exit
1752 * ZeroBits = Number of high order address bits that must be zero
1753 * CommitSize = Size in bytes of the initially committed section of
1755 * SectionOffset = Offset in bytes from the beginning of the section
1756 * to the beginning of the view
1757 * ViewSize = Desired length of map (or zero to map all) on entry
1758 * Actual length mapped on exit
1759 * InheritDisposition = Specified how the view is to be shared with
1761 * AllocateType = Type of allocation for the pages
1762 * Protect = Protection for the committed region of the view
1768 IN HANDLE SectionHandle
,
1769 IN HANDLE ProcessHandle
,
1770 IN OUT PVOID
*BaseAddress
,
1772 IN ULONG CommitSize
,
1773 IN OUT PLARGE_INTEGER SectionOffset OPTIONAL
,
1774 IN OUT PULONG ViewSize
,
1775 IN SECTION_INHERIT InheritDisposition
,
1776 IN ULONG AllocationType
,
1777 IN ULONG AccessProtection
1783 IN HANDLE SectionHandle
,
1784 IN HANDLE ProcessHandle
,
1785 IN OUT PVOID
*BaseAddress
,
1787 IN ULONG CommitSize
,
1788 IN OUT PLARGE_INTEGER SectionOffset OPTIONAL
,
1789 IN OUT PULONG ViewSize
,
1790 IN SECTION_INHERIT InheritDisposition
,
1791 IN ULONG AllocationType
,
1792 IN ULONG AccessProtection
1796 * FUNCTION: Installs a notify for the change of a directory's contents
1798 * FileHandle = Handle to the directory
1800 * ApcRoutine = Start address
1801 * ApcContext = Delimits the range of virtual memory
1802 * for which the new access protection holds
1803 * IoStatusBlock = The new access proctection for the pages
1804 * Buffer = Caller supplies storage for resulting information --> FILE_NOTIFY_INFORMATION
1805 * BufferSize = Size of the buffer
1806 CompletionFilter = Can be one of the following values:
1807 FILE_NOTIFY_CHANGE_FILE_NAME
1808 FILE_NOTIFY_CHANGE_DIR_NAME
1809 FILE_NOTIFY_CHANGE_NAME ( FILE_NOTIFY_CHANGE_FILE_NAME | FILE_NOTIFY_CHANGE_DIR_NAME )
1810 FILE_NOTIFY_CHANGE_ATTRIBUTES
1811 FILE_NOTIFY_CHANGE_SIZE
1812 FILE_NOTIFY_CHANGE_LAST_WRITE
1813 FILE_NOTIFY_CHANGE_LAST_ACCESS
1814 FILE_NOTIFY_CHANGE_CREATION ( change of creation timestamp )
1815 FILE_NOTIFY_CHANGE_EA
1816 FILE_NOTIFY_CHANGE_SECURITY
1817 FILE_NOTIFY_CHANGE_STREAM_NAME
1818 FILE_NOTIFY_CHANGE_STREAM_SIZE
1819 FILE_NOTIFY_CHANGE_STREAM_WRITE
1820 WatchTree = If true the notify will be installed recursively on the targetdirectory and all subdirectories.
1823 * The function maps to the win32 FindFirstChangeNotification, FindNextChangeNotification
1828 NtNotifyChangeDirectoryFile(
1829 IN HANDLE FileHandle
,
1830 IN HANDLE Event OPTIONAL
,
1831 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
1832 IN PVOID ApcContext OPTIONAL
,
1833 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1835 IN ULONG BufferSize
,
1836 IN ULONG CompletionFilter
,
1837 IN BOOLEAN WatchTree
1842 ZwNotifyChangeDirectoryFile(
1843 IN HANDLE FileHandle
,
1844 IN HANDLE Event OPTIONAL
,
1845 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
1846 IN PVOID ApcContext OPTIONAL
,
1847 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1849 IN ULONG BufferSize
,
1850 IN ULONG CompletionFilter
,
1851 IN BOOLEAN WatchTree
1855 * FUNCTION: Installs a notfication callback on registry changes
1857 KeyHandle = Handle to the registry key
1858 Event = Event that should be signalled on modification of the key
1859 ApcRoutine = Routine that should be called on modification of the key
1860 ApcContext = Argument to the ApcRoutine
1862 CompletionFilter = Specifies the kind of notification the caller likes to receive.
1863 Can be a combination of the following values:
1865 REG_NOTIFY_CHANGE_NAME
1866 REG_NOTIFY_CHANGE_ATTRIBUTES
1867 REG_NOTIFY_CHANGE_LAST_SET
1868 REG_NOTIFY_CHANGE_SECURITY
1871 Asynchroneous = If TRUE the changes are reported by signalling an event if false
1872 the function will not return before a change occurs.
1873 ChangeBuffer = Will return the old value
1874 Length = Size of the change buffer
1875 WatchSubtree = Indicates if the caller likes to receive a notification of changes in
1877 * REMARKS: If the key is closed the event is signalled aswell.
1884 IN HANDLE KeyHandle
,
1886 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
1887 IN PVOID ApcContext OPTIONAL
,
1888 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1889 IN ULONG CompletionFilter
,
1890 IN BOOLEAN WatchSubtree
,
1893 IN BOOLEAN Asynchronous
1899 IN HANDLE KeyHandle
,
1901 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
1902 IN PVOID ApcContext OPTIONAL
,
1903 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1904 IN ULONG CompletionFilter
,
1905 IN BOOLEAN WatchSubtree
,
1908 IN BOOLEAN Asynchronous
1912 * FUNCTION: Opens an existing directory object
1914 * FileHandle (OUT) = Caller supplied storage for the resulting handle
1915 * DesiredAccess = Requested access to the directory
1916 * ObjectAttributes = Initialized attributes for the object
1922 NtOpenDirectoryObject(
1923 OUT PHANDLE FileHandle
,
1924 IN ACCESS_MASK DesiredAccess
,
1925 IN POBJECT_ATTRIBUTES ObjectAttributes
1929 ZwOpenDirectoryObject(
1930 OUT PHANDLE FileHandle
,
1931 IN ACCESS_MASK DesiredAccess
,
1932 IN POBJECT_ATTRIBUTES ObjectAttributes
1936 * FUNCTION: Opens an existing event
1938 * EventHandle (OUT) = Caller supplied storage for the resulting handle
1939 * DesiredAccess = Requested access to the event
1940 * ObjectAttributes = Initialized attributes for the object
1946 OUT PHANDLE EventHandle
,
1947 IN ACCESS_MASK DesiredAccess
,
1948 IN POBJECT_ATTRIBUTES ObjectAttributes
1954 OUT PHANDLE EventHandle
,
1955 IN ACCESS_MASK DesiredAccess
,
1956 IN POBJECT_ATTRIBUTES ObjectAttributes
1960 * FUNCTION: Opens an existing event pair
1962 * EventHandle (OUT) = Caller supplied storage for the resulting handle
1963 * DesiredAccess = Requested access to the event
1964 * ObjectAttributes = Initialized attributes for the object
1971 OUT PHANDLE EventPairHandle
,
1972 IN ACCESS_MASK DesiredAccess
,
1973 IN POBJECT_ATTRIBUTES ObjectAttributes
1979 OUT PHANDLE EventPairHandle
,
1980 IN ACCESS_MASK DesiredAccess
,
1981 IN POBJECT_ATTRIBUTES ObjectAttributes
1984 * FUNCTION: Opens an existing file
1986 * FileHandle (OUT) = Caller supplied storage for the resulting handle
1987 * DesiredAccess = Requested access to the file
1988 * ObjectAttributes = Initialized attributes for the object
1997 OUT PHANDLE FileHandle
,
1998 IN ACCESS_MASK DesiredAccess
,
1999 IN POBJECT_ATTRIBUTES ObjectAttributes
,
2000 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2001 IN ULONG ShareAccess
,
2002 IN ULONG OpenOptions
2008 OUT PHANDLE FileHandle
,
2009 IN ACCESS_MASK DesiredAccess
,
2010 IN POBJECT_ATTRIBUTES ObjectAttributes
,
2011 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2012 IN ULONG ShareAccess
,
2013 IN ULONG OpenOptions
2017 * FUNCTION: Opens an existing io completion object
2019 * CompletionPort (OUT) = Caller supplied storage for the resulting handle
2020 * DesiredAccess = Requested access to the io completion object
2021 * ObjectAttributes = Initialized attributes for the object
2028 OUT PHANDLE CompetionPort
,
2029 IN ACCESS_MASK DesiredAccess
,
2030 IN POBJECT_ATTRIBUTES ObjectAttributes
2036 OUT PHANDLE CompetionPort
,
2037 IN ACCESS_MASK DesiredAccess
,
2038 IN POBJECT_ATTRIBUTES ObjectAttributes
2046 ACCESS_MASK DesiredAccess
,
2047 POBJECT_ATTRIBUTES ObjectAttributes
2054 ACCESS_MASK DesiredAccess
,
2055 POBJECT_ATTRIBUTES ObjectAttributes
2058 * FUNCTION: Opens an existing key in the registry
2060 * KeyHandle (OUT) = Caller supplied storage for the resulting handle
2061 * DesiredAccess = Requested access to the key
2062 * ObjectAttributes = Initialized attributes for the object
2068 OUT PHANDLE KeyHandle
,
2069 IN ACCESS_MASK DesiredAccess
,
2070 IN POBJECT_ATTRIBUTES ObjectAttributes
2076 OUT PHANDLE KeyHandle
,
2077 IN ACCESS_MASK DesiredAccess
,
2078 IN POBJECT_ATTRIBUTES ObjectAttributes
2081 * FUNCTION: Opens an existing key in the registry
2083 * MutantHandle (OUT) = Caller supplied storage for the resulting handle
2084 * DesiredAccess = Requested access to the mutant
2085 * ObjectAttribute = Initialized attributes for the object
2091 OUT PHANDLE MutantHandle
,
2092 IN ACCESS_MASK DesiredAccess
,
2093 IN POBJECT_ATTRIBUTES ObjectAttributes
2098 OUT PHANDLE MutantHandle
,
2099 IN ACCESS_MASK DesiredAccess
,
2100 IN POBJECT_ATTRIBUTES ObjectAttributes
2104 * FUNCTION: Opens an existing process
2106 * ProcessHandle (OUT) = Caller supplied storage for the resulting handle
2107 * DesiredAccess = Requested access to the process
2108 * ObjectAttribute = Initialized attributes for the object
2109 * ClientId = Identifies the process id to open
2115 OUT PHANDLE ProcessHandle
,
2116 IN ACCESS_MASK DesiredAccess
,
2117 IN POBJECT_ATTRIBUTES ObjectAttributes
,
2118 IN PCLIENT_ID ClientId
2123 OUT PHANDLE ProcessHandle
,
2124 IN ACCESS_MASK DesiredAccess
,
2125 IN POBJECT_ATTRIBUTES ObjectAttributes
,
2126 IN PCLIENT_ID ClientId
2129 * FUNCTION: Opens an existing process
2131 * ProcessHandle = Handle of the process of which owns the token
2132 * DesiredAccess = Requested access to the token
2133 * TokenHandle (OUT) = Caller supplies storage for the resulting token.
2135 This function maps to the win32
2142 IN HANDLE ProcessHandle
,
2143 IN ACCESS_MASK DesiredAccess
,
2144 OUT PHANDLE TokenHandle
2150 IN HANDLE ProcessHandle
,
2151 IN ACCESS_MASK DesiredAccess
,
2152 OUT PHANDLE TokenHandle
2158 NtOpenProcessTokenEx(
2159 IN HANDLE ProcessHandle
,
2160 IN ACCESS_MASK DesiredAccess
,
2161 IN ULONG HandleAttributes
,
2162 OUT PHANDLE TokenHandle
2168 ZwOpenProcessTokenEx(
2169 IN HANDLE ProcessHandle
,
2170 IN ACCESS_MASK DesiredAccess
,
2171 IN ULONG HandleAttributes
,
2172 OUT PHANDLE TokenHandle
2175 * FUNCTION: Opens an existing section object
2177 * KeyHandle (OUT) = Caller supplied storage for the resulting handle
2178 * DesiredAccess = Requested access to the key
2179 * ObjectAttribute = Initialized attributes for the object
2186 OUT PHANDLE SectionHandle
,
2187 IN ACCESS_MASK DesiredAccess
,
2188 IN POBJECT_ATTRIBUTES ObjectAttributes
2193 OUT PHANDLE SectionHandle
,
2194 IN ACCESS_MASK DesiredAccess
,
2195 IN POBJECT_ATTRIBUTES ObjectAttributes
2198 * FUNCTION: Opens an existing semaphore
2200 * SemaphoreHandle (OUT) = Caller supplied storage for the resulting handle
2201 * DesiredAccess = Requested access to the semaphore
2202 * ObjectAttribute = Initialized attributes for the object
2208 OUT PHANDLE SemaphoreHandle
,
2209 IN ACCESS_MASK DesiredAcces
,
2210 IN POBJECT_ATTRIBUTES ObjectAttributes
2215 OUT PHANDLE SemaphoreHandle
,
2216 IN ACCESS_MASK DesiredAcces
,
2217 IN POBJECT_ATTRIBUTES ObjectAttributes
2220 * FUNCTION: Opens an existing symbolic link
2222 * SymbolicLinkHandle (OUT) = Caller supplied storage for the resulting handle
2223 * DesiredAccess = Requested access to the symbolic link
2224 * ObjectAttribute = Initialized attributes for the object
2229 NtOpenSymbolicLinkObject(
2230 OUT PHANDLE LinkHandle
,
2231 IN ACCESS_MASK DesiredAccess
,
2232 IN POBJECT_ATTRIBUTES ObjectAttributes
2236 ZwOpenSymbolicLinkObject(
2237 OUT PHANDLE LinkHandle
,
2238 IN ACCESS_MASK DesiredAccess
,
2239 IN POBJECT_ATTRIBUTES ObjectAttributes
2242 * FUNCTION: Opens an existing thread
2244 * ThreadHandle (OUT) = Caller supplied storage for the resulting handle
2245 * DesiredAccess = Requested access to the thread
2246 * ObjectAttribute = Initialized attributes for the object
2247 * ClientId = Identifies the thread to open.
2253 OUT PHANDLE ThreadHandle
,
2254 IN ACCESS_MASK DesiredAccess
,
2255 IN POBJECT_ATTRIBUTES ObjectAttributes
,
2256 IN PCLIENT_ID ClientId
2261 OUT PHANDLE ThreadHandle
,
2262 IN ACCESS_MASK DesiredAccess
,
2263 IN POBJECT_ATTRIBUTES ObjectAttributes
,
2264 IN PCLIENT_ID ClientId
2270 IN HANDLE ThreadHandle
,
2271 IN ACCESS_MASK DesiredAccess
,
2272 IN BOOLEAN OpenAsSelf
,
2273 OUT PHANDLE TokenHandle
2279 IN HANDLE ThreadHandle
,
2280 IN ACCESS_MASK DesiredAccess
,
2281 IN BOOLEAN OpenAsSelf
,
2282 OUT PHANDLE TokenHandle
2287 NtOpenThreadTokenEx(
2288 IN HANDLE ThreadHandle
,
2289 IN ACCESS_MASK DesiredAccess
,
2290 IN BOOLEAN OpenAsSelf
,
2291 IN ULONG HandleAttributes
,
2292 OUT PHANDLE TokenHandle
2298 ZwOpenThreadTokenEx(
2299 IN HANDLE ThreadHandle
,
2300 IN ACCESS_MASK DesiredAccess
,
2301 IN BOOLEAN OpenAsSelf
,
2302 IN ULONG HandleAttributes
,
2303 OUT PHANDLE TokenHandle
2307 * FUNCTION: Opens an existing timer
2309 * TimerHandle (OUT) = Caller supplied storage for the resulting handle
2310 * DesiredAccess = Requested access to the timer
2311 * ObjectAttribute = Initialized attributes for the object
2317 OUT PHANDLE TimerHandle
,
2318 IN ACCESS_MASK DesiredAccess
,
2319 IN POBJECT_ATTRIBUTES ObjectAttributes
2324 OUT PHANDLE TimerHandle
,
2325 IN ACCESS_MASK DesiredAccess
,
2326 IN POBJECT_ATTRIBUTES ObjectAttributes
2330 * FUNCTION: Checks an access token for specific privileges
2332 * ClientToken = Handle to a access token structure
2333 * RequiredPrivileges = Specifies the requested privileges.
2334 * Result = Caller supplies storage for the result. If PRIVILEGE_SET_ALL_NECESSARY is
2335 set in the Control member of PRIVILEGES_SET Result
2336 will only be TRUE if all privileges are present in the access token.
2344 IN POWER_INFORMATION_LEVEL PowerInformationLevel
,
2345 IN PVOID InputBuffer OPTIONAL
,
2346 IN ULONG InputBufferLength
,
2347 OUT PVOID OutputBuffer OPTIONAL
,
2348 IN ULONG OutputBufferLength
2354 IN POWER_INFORMATION_LEVEL PowerInformationLevel
,
2355 IN PVOID InputBuffer OPTIONAL
,
2356 IN ULONG InputBufferLength
,
2357 OUT PVOID OutputBuffer OPTIONAL
,
2358 IN ULONG OutputBufferLength
2364 IN HANDLE ClientToken
,
2365 IN PPRIVILEGE_SET RequiredPrivileges
,
2372 IN HANDLE ClientToken
,
2373 IN PPRIVILEGE_SET RequiredPrivileges
,
2379 NtPrivilegedServiceAuditAlarm(
2380 IN PUNICODE_STRING SubsystemName
,
2381 IN PUNICODE_STRING ServiceName
,
2382 IN HANDLE ClientToken
,
2383 IN PPRIVILEGE_SET Privileges
,
2384 IN BOOLEAN AccessGranted
2389 ZwPrivilegedServiceAuditAlarm(
2390 IN PUNICODE_STRING SubsystemName
,
2391 IN PUNICODE_STRING ServiceName
,
2392 IN HANDLE ClientToken
,
2393 IN PPRIVILEGE_SET Privileges
,
2394 IN BOOLEAN AccessGranted
2399 NtPrivilegeObjectAuditAlarm(
2400 IN PUNICODE_STRING SubsystemName
,
2402 IN HANDLE ClientToken
,
2403 IN ULONG DesiredAccess
,
2404 IN PPRIVILEGE_SET Privileges
,
2405 IN BOOLEAN AccessGranted
2410 ZwPrivilegeObjectAuditAlarm(
2411 IN PUNICODE_STRING SubsystemName
,
2413 IN HANDLE ClientToken
,
2414 IN ULONG DesiredAccess
,
2415 IN PPRIVILEGE_SET Privileges
,
2416 IN BOOLEAN AccessGranted
2420 * FUNCTION: Entry point for native applications
2422 * Peb = Pointes to the Process Environment Block (PEB)
2424 * Native applications should use this function instead of a main.
2425 * Calling proces should terminate itself.
2435 * FUNCTION: Signals an event and resets it afterwards.
2437 * EventHandle = Handle to the event
2438 * PulseCount = Number of times the action is repeated
2444 IN HANDLE EventHandle
,
2445 OUT PLONG PreviousState OPTIONAL
2451 IN HANDLE EventHandle
,
2452 OUT PLONG PreviousState OPTIONAL
2456 * FUNCTION: Queries the attributes of a file
2458 * ObjectAttributes = Initialized attributes for the object
2459 * Buffer = Caller supplies storage for the attributes
2465 NtQueryAttributesFile(
2466 IN POBJECT_ATTRIBUTES ObjectAttributes
,
2467 OUT PFILE_BASIC_INFORMATION FileInformation
2472 ZwQueryAttributesFile(
2473 IN POBJECT_ATTRIBUTES ObjectAttributes
,
2474 OUT PFILE_BASIC_INFORMATION FileInformation
2480 NtQueryBootEntryOrder(
2487 ZwQueryBootEntryOrder(
2506 * FUNCTION: Queries the default locale id
2508 * UserProfile = Type of locale id
2509 * TRUE: thread locale id
2510 * FALSE: system locale id
2511 * DefaultLocaleId = Caller supplies storage for the locale id
2517 NtQueryDefaultLocale(
2518 IN BOOLEAN UserProfile
,
2519 OUT PLCID DefaultLocaleId
2524 ZwQueryDefaultLocale(
2525 IN BOOLEAN UserProfile
,
2526 OUT PLCID DefaultLocaleId
2531 NtQueryDefaultUILanguage(
2537 ZwQueryDefaultUILanguage(
2542 * FUNCTION: Queries a directory file.
2544 * FileHandle = Handle to a directory file
2545 * EventHandle = Handle to the event signaled on completion
2546 * ApcRoutine = Asynchroneous procedure callback, called on completion
2547 * ApcContext = Argument to the apc.
2548 * IoStatusBlock = Caller supplies storage for extended status information.
2549 * FileInformation = Caller supplies storage for the resulting information.
2551 * FileNameInformation FILE_NAMES_INFORMATION
2552 * FileDirectoryInformation FILE_DIRECTORY_INFORMATION
2553 * FileFullDirectoryInformation FILE_FULL_DIRECTORY_INFORMATION
2554 * FileBothDirectoryInformation FILE_BOTH_DIR_INFORMATION
2556 * Length = Size of the storage supplied
2557 * FileInformationClass = Indicates the type of information requested.
2558 * ReturnSingleEntry = Specify true if caller only requests the first directory found.
2559 * FileName = Initial directory name to query, that may contain wild cards.
2560 * RestartScan = Number of times the action should be repeated
2561 * RETURNS: Status [ STATUS_SUCCESS, STATUS_ACCESS_DENIED, STATUS_INSUFFICIENT_RESOURCES,
2562 * STATUS_INVALID_PARAMETER, STATUS_INVALID_DEVICE_REQUEST, STATUS_BUFFER_OVERFLOW,
2563 * STATUS_INVALID_INFO_CLASS, STATUS_NO_SUCH_FILE, STATUS_NO_MORE_FILES ]
2568 NtQueryDirectoryFile(
2569 IN HANDLE FileHandle
,
2570 IN HANDLE Event OPTIONAL
,
2571 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
2572 IN PVOID ApcContext OPTIONAL
,
2573 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2574 OUT PVOID FileInformation
,
2576 IN FILE_INFORMATION_CLASS FileInformationClass
,
2577 IN BOOLEAN ReturnSingleEntry
,
2578 IN PUNICODE_STRING FileName OPTIONAL
,
2579 IN BOOLEAN RestartScan
2584 ZwQueryDirectoryFile(
2585 IN HANDLE FileHandle
,
2586 IN HANDLE Event OPTIONAL
,
2587 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
2588 IN PVOID ApcContext OPTIONAL
,
2589 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2590 OUT PVOID FileInformation
,
2592 IN FILE_INFORMATION_CLASS FileInformationClass
,
2593 IN BOOLEAN ReturnSingleEntry
,
2594 IN PUNICODE_STRING FileName OPTIONAL
,
2595 IN BOOLEAN RestartScan
2599 * FUNCTION: Queries the extended attributes of a file
2601 * FileHandle = Handle to the event
2602 * IoStatusBlock = Number of times the action is repeated
2616 IN HANDLE FileHandle
,
2617 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2620 IN BOOLEAN ReturnSingleEntry
,
2621 IN PVOID EaList OPTIONAL
,
2622 IN ULONG EaListLength
,
2623 IN PULONG EaIndex OPTIONAL
,
2624 IN BOOLEAN RestartScan
2630 IN HANDLE FileHandle
,
2631 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2634 IN BOOLEAN ReturnSingleEntry
,
2635 IN PVOID EaList OPTIONAL
,
2636 IN ULONG EaListLength
,
2637 IN PULONG EaIndex OPTIONAL
,
2638 IN BOOLEAN RestartScan
2642 * FUNCTION: Queries an event
2644 * EventHandle = Handle to the event
2645 * EventInformationClass = Index of the information structure
2647 EventBasicInformation EVENT_BASIC_INFORMATION
2649 * EventInformation = Caller supplies storage for the information structure
2650 * EventInformationLength = Size of the information structure
2651 * ReturnLength = Data written
2657 IN HANDLE EventHandle
,
2658 IN EVENT_INFORMATION_CLASS EventInformationClass
,
2659 OUT PVOID EventInformation
,
2660 IN ULONG EventInformationLength
,
2661 OUT PULONG ReturnLength OPTIONAL
2666 IN HANDLE EventHandle
,
2667 IN EVENT_INFORMATION_CLASS EventInformationClass
,
2668 OUT PVOID EventInformation
,
2669 IN ULONG EventInformationLength
,
2670 OUT PULONG ReturnLength OPTIONAL
2674 NtQueryFullAttributesFile(IN POBJECT_ATTRIBUTES ObjectAttributes
,
2675 OUT PFILE_NETWORK_OPEN_INFORMATION FileInformation
);
2678 ZwQueryFullAttributesFile(IN POBJECT_ATTRIBUTES ObjectAttributes
,
2679 OUT PFILE_NETWORK_OPEN_INFORMATION FileInformation
);
2682 * FUNCTION: Queries the information of a file object.
2684 * FileHandle = Handle to the file object
2685 * IoStatusBlock = Caller supplies storage for extended information
2686 * on the current operation.
2687 * FileInformation = Storage for the new file information
2688 * Lenght = Size of the storage for the file information.
2689 * FileInformationClass = Indicates which file information is queried
2691 FileDirectoryInformation FILE_DIRECTORY_INFORMATION
2692 FileFullDirectoryInformation FILE_FULL_DIRECTORY_INFORMATION
2693 FileBothDirectoryInformation FILE_BOTH_DIRECTORY_INFORMATION
2694 FileBasicInformation FILE_BASIC_INFORMATION
2695 FileStandardInformation FILE_STANDARD_INFORMATION
2696 FileInternalInformation FILE_INTERNAL_INFORMATION
2697 FileEaInformation FILE_EA_INFORMATION
2698 FileAccessInformation FILE_ACCESS_INFORMATION
2699 FileNameInformation FILE_NAME_INFORMATION
2700 FileRenameInformation FILE_RENAME_INFORMATION
2702 FileNamesInformation FILE_NAMES_INFORMATION
2703 FileDispositionInformation FILE_DISPOSITION_INFORMATION
2704 FilePositionInformation FILE_POSITION_INFORMATION
2705 FileFullEaInformation FILE_FULL_EA_INFORMATION
2706 FileModeInformation FILE_MODE_INFORMATION
2707 FileAlignmentInformation FILE_ALIGNMENT_INFORMATION
2708 FileAllInformation FILE_ALL_INFORMATION
2710 FileEndOfFileInformation FILE_END_OF_FILE_INFORMATION
2711 FileAlternateNameInformation
2712 FileStreamInformation FILE_STREAM_INFORMATION
2714 FilePipeLocalInformation
2715 FilePipeRemoteInformation
2716 FileMailslotQueryInformation
2717 FileMailslotSetInformation
2718 FileCompressionInformation FILE_COMPRESSION_INFORMATION
2719 FileCopyOnWriteInformation
2720 FileCompletionInformation IO_COMPLETION_CONTEXT
2721 FileMoveClusterInformation
2722 FileOleClassIdInformation
2723 FileOleStateBitsInformation
2724 FileNetworkOpenInformation FILE_NETWORK_OPEN_INFORMATION
2725 FileObjectIdInformation
2726 FileOleAllInformation
2727 FileOleDirectoryInformation
2728 FileContentIndexInformation
2729 FileInheritContentIndexInformation
2731 FileMaximumInformation
2734 * This procedure maps to the win32 GetShortPathName, GetLongPathName,
2735 GetFullPathName, GetFileType, GetFileSize, GetFileTime functions.
2740 NtQueryInformationFile(
2741 IN HANDLE FileHandle
,
2742 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2743 OUT PVOID FileInformation
,
2745 IN FILE_INFORMATION_CLASS FileInformationClass
2750 ZwQueryInformationFile(
2752 PIO_STATUS_BLOCK IoStatusBlock
,
2753 PVOID FileInformation
,
2755 FILE_INFORMATION_CLASS FileInformationClass
2760 NtQueryInformationJobObject(
2762 JOBOBJECTINFOCLASS JobInformationClass
,
2763 PVOID JobInformation
,
2764 ULONG JobInformationLength
,
2770 ZwQueryInformationJobObject(
2772 JOBOBJECTINFOCLASS JobInformationClass
,
2773 PVOID JobInformation
,
2774 ULONG JobInformationLength
,
2779 NtQueryInformationPort (HANDLE PortHandle
,
2780 CINT PortInformationClass
,
2781 PVOID PortInformation
,
2782 ULONG PortInformationLength
,
2783 PULONG ReturnLength
);
2785 #ifndef __USE_W32API
2787 ZwQueryInformationPort (HANDLE PortHandle
,
2788 CINT PortInformationClass
,
2789 PVOID PortInformation
,
2790 ULONG PortInformationLength
,
2791 PULONG ReturnLength
);
2795 * FUNCTION: Queries the information of a thread object.
2797 * ThreadHandle = Handle to the thread object
2798 * ThreadInformationClass = Index to a certain information structure
2800 ThreadBasicInformation THREAD_BASIC_INFORMATION
2801 ThreadTimes KERNEL_USER_TIMES
2802 ThreadPriority KPRIORITY
2803 ThreadBasePriority KPRIORITY
2804 ThreadAffinityMask KAFFINITY
2805 ThreadImpersonationToken
2806 ThreadDescriptorTableEntry
2807 ThreadEnableAlignmentFaultFixup
2809 ThreadQuerySetWin32StartAddress
2811 ThreadPerformanceCount
2812 ThreadAmILastThread BOOLEAN
2813 ThreadIdealProcessor ULONG
2814 ThreadPriorityBoost ULONG
2818 * ThreadInformation = Caller supplies torage for the thread information
2819 * ThreadInformationLength = Size of the thread information structure
2820 * ReturnLength = Actual number of bytes written
2823 * This procedure maps to the win32 GetThreadTimes, GetThreadPriority,
2824 GetThreadPriorityBoost functions.
2831 NtQueryInformationThread(
2832 IN HANDLE ThreadHandle
,
2833 IN THREADINFOCLASS ThreadInformationClass
,
2834 OUT PVOID ThreadInformation
,
2835 IN ULONG ThreadInformationLength
,
2836 OUT PULONG ReturnLength OPTIONAL
2841 ZwQueryInformationThread(
2842 IN HANDLE ThreadHandle
,
2843 IN THREADINFOCLASS ThreadInformationClass
,
2844 OUT PVOID ThreadInformation
,
2845 IN ULONG ThreadInformationLength
,
2846 OUT PULONG ReturnLength OPTIONAL
2852 NtQueryInformationToken(
2853 IN HANDLE TokenHandle
,
2854 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
2855 OUT PVOID TokenInformation
,
2856 IN ULONG TokenInformationLength
,
2857 OUT PULONG ReturnLength
2862 ZwQueryInformationToken(
2863 IN HANDLE TokenHandle
,
2864 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
2865 OUT PVOID TokenInformation
,
2866 IN ULONG TokenInformationLength
,
2867 OUT PULONG ReturnLength
2872 NtQueryInstallUILanguage(
2878 ZwQueryInstallUILanguage(
2884 NtQueryIoCompletion(
2885 IN HANDLE IoCompletionHandle
,
2886 IN IO_COMPLETION_INFORMATION_CLASS IoCompletionInformationClass
,
2887 OUT PVOID IoCompletionInformation
,
2888 IN ULONG IoCompletionInformationLength
,
2889 OUT PULONG ResultLength OPTIONAL
2894 ZwQueryIoCompletion(
2895 IN HANDLE IoCompletionHandle
,
2896 IN IO_COMPLETION_INFORMATION_CLASS IoCompletionInformationClass
,
2897 OUT PVOID IoCompletionInformation
,
2898 IN ULONG IoCompletionInformationLength
,
2899 OUT PULONG ResultLength OPTIONAL
2903 * FUNCTION: Queries the information of a registry key object.
2905 KeyHandle = Handle to a registry key
2906 KeyInformationClass = Index to a certain information structure
2907 KeyInformation = Caller supplies storage for resulting information
2908 Length = Size of the supplied storage
2909 ResultLength = Bytes written
2914 IN HANDLE KeyHandle
,
2915 IN KEY_INFORMATION_CLASS KeyInformationClass
,
2916 OUT PVOID KeyInformation
,
2918 OUT PULONG ResultLength
2924 IN HANDLE KeyHandle
,
2925 IN KEY_INFORMATION_CLASS KeyInformationClass
,
2926 OUT PVOID KeyInformation
,
2928 OUT PULONG ResultLength
2935 NtQueryQuotaInformationFile(
2936 IN HANDLE FileHandle
,
2937 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2940 IN BOOLEAN ReturnSingleEntry
,
2941 IN PVOID SidList OPTIONAL
,
2942 IN ULONG SidListLength
,
2943 IN PSID StartSid OPTIONAL
,
2944 IN BOOLEAN RestartScan
2950 ZwQueryQuotaInformationFile(
2951 IN HANDLE FileHandle
,
2952 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2955 IN BOOLEAN ReturnSingleEntry
,
2956 IN PVOID SidList OPTIONAL
,
2957 IN ULONG SidListLength
,
2958 IN PSID StartSid OPTIONAL
,
2959 IN BOOLEAN RestartScan
2965 NtQueryMultipleValueKey(
2966 IN HANDLE KeyHandle
,
2967 IN OUT PKEY_VALUE_ENTRY ValueList
,
2968 IN ULONG NumberOfValues
,
2970 IN OUT PULONG Length
,
2971 OUT PULONG ReturnLength
2976 ZwQueryMultipleValueKey(
2977 IN HANDLE KeyHandle
,
2978 IN OUT PKEY_VALUE_ENTRY ValueList
,
2979 IN ULONG NumberOfValues
,
2981 IN OUT PULONG Length
,
2982 OUT PULONG ReturnLength
2986 * FUNCTION: Queries the information of a mutant object.
2988 MutantHandle = Handle to a mutant
2989 MutantInformationClass = Index to a certain information structure
2990 MutantInformation = Caller supplies storage for resulting information
2991 Length = Size of the supplied storage
2992 ResultLength = Bytes written
2997 IN HANDLE MutantHandle
,
2998 IN MUTANT_INFORMATION_CLASS MutantInformationClass
,
2999 OUT PVOID MutantInformation
,
3000 IN ULONG MutantInformationLength
,
3001 OUT PULONG ResultLength OPTIONAL
3007 IN HANDLE MutantHandle
,
3008 IN MUTANT_INFORMATION_CLASS MutantInformationClass
,
3009 OUT PVOID MutantInformation
,
3010 IN ULONG MutantInformationLength
,
3011 OUT PULONG ResultLength OPTIONAL
3015 * FUNCTION: Queries the system ( high-resolution ) performance counter.
3017 * PerformanceCounter = Performance counter
3018 * PerformanceFrequency = Performance frequency
3020 This procedure queries a tick count faster than 10ms ( The resolution for Intel®-based CPUs is about 0.8 microseconds.)
3021 This procedure maps to the win32 QueryPerformanceCounter, QueryPerformanceFrequency
3027 NtQueryPerformanceCounter(
3028 OUT PLARGE_INTEGER PerformanceCounter
,
3029 OUT PLARGE_INTEGER PerformanceFrequency OPTIONAL
3034 ZwQueryPerformanceCounter(
3035 OUT PLARGE_INTEGER PerformanceCounter
,
3036 OUT PLARGE_INTEGER PerformanceFrequency OPTIONAL
3040 * FUNCTION: Queries the information of a semaphore.
3042 * SemaphoreHandle = Handle to the semaphore object
3043 * SemaphoreInformationClass = Index to a certain information structure
3045 SemaphoreBasicInformation SEMAPHORE_BASIC_INFORMATION
3047 * SemaphoreInformation = Caller supplies storage for the semaphore information structure
3048 * Length = Size of the infomation structure
3053 IN HANDLE SemaphoreHandle
,
3054 IN SEMAPHORE_INFORMATION_CLASS SemaphoreInformationClass
,
3055 OUT PVOID SemaphoreInformation
,
3057 OUT PULONG ReturnLength OPTIONAL
3063 IN HANDLE SemaphoreHandle
,
3064 IN SEMAPHORE_INFORMATION_CLASS SemaphoreInformationClass
,
3065 OUT PVOID SemaphoreInformation
,
3067 OUT PULONG ReturnLength OPTIONAL
3072 * FUNCTION: Queries the information of a symbolic link object.
3074 * SymbolicLinkHandle = Handle to the symbolic link object
3075 * LinkTarget = resolved name of link
3076 * DataWritten = size of the LinkName.
3082 NtQuerySymbolicLinkObject(
3083 IN HANDLE LinkHandle
,
3084 OUT PUNICODE_STRING LinkTarget
,
3085 OUT PULONG ResultLength OPTIONAL
3090 ZwQuerySymbolicLinkObject(
3091 IN HANDLE LinkHandle
,
3092 OUT PUNICODE_STRING LinkTarget
,
3093 OUT PULONG ResultLength OPTIONAL
3098 * FUNCTION: Queries a system environment variable.
3100 * Name = Name of the variable
3101 * Value (OUT) = value of the variable
3102 * Length = size of the buffer
3103 * ReturnLength = data written
3109 NtQuerySystemEnvironmentValue(
3110 IN PUNICODE_STRING VariableName
,
3111 OUT PWCHAR ValueBuffer
,
3112 IN ULONG ValueBufferLength
,
3113 OUT PULONG ReturnLength OPTIONAL
3118 ZwQuerySystemEnvironmentValue(
3119 IN PUNICODE_STRING VariableName
,
3120 OUT PWCHAR ValueBuffer
,
3121 IN ULONG ValueBufferLength
,
3122 OUT PULONG ReturnLength OPTIONAL
3127 * FUNCTION: Queries the system information.
3129 * SystemInformationClass = Index to a certain information structure
3131 SystemTimeAdjustmentInformation SYSTEM_TIME_ADJUSTMENT
3132 SystemCacheInformation SYSTEM_CACHE_INFORMATION
3133 SystemConfigurationInformation CONFIGURATION_INFORMATION
3135 * SystemInformation = caller supplies storage for the information structure
3136 * Length = size of the structure
3137 ResultLength = Data written
3143 NtQuerySystemInformation(
3144 IN SYSTEM_INFORMATION_CLASS SystemInformationClass
,
3145 OUT PVOID SystemInformation
,
3147 OUT PULONG ResultLength
3152 ZwQuerySystemInformation(
3153 IN SYSTEM_INFORMATION_CLASS SystemInformationClass
,
3154 OUT PVOID SystemInformation
,
3156 OUT PULONG ResultLength
3160 * FUNCTION: Queries information about a timer
3162 * TimerHandle = Handle to the timer
3163 TimerValueInformationClass = Index to a certain information structure
3164 TimerValueInformation = Caller supplies storage for the information structure
3165 Length = Size of the information structure
3166 ResultLength = Data written
3173 IN HANDLE TimerHandle
,
3174 IN TIMER_INFORMATION_CLASS TimerInformationClass
,
3175 OUT PVOID TimerInformation
,
3176 IN ULONG TimerInformationLength
,
3177 OUT PULONG ReturnLength OPTIONAL
3182 IN HANDLE TimerHandle
,
3183 IN TIMER_INFORMATION_CLASS TimerInformationClass
,
3184 OUT PVOID TimerInformation
,
3185 IN ULONG TimerInformationLength
,
3186 OUT PULONG ReturnLength OPTIONAL
3190 * FUNCTION: Queries the timer resolution
3192 * MinimumResolution (OUT) = Caller should supply storage for the resulting time.
3193 Maximum Resolution (OUT) = Caller should supply storage for the resulting time.
3194 ActualResolution (OUT) = Caller should supply storage for the resulting time.
3202 NtQueryTimerResolution (
3203 OUT PULONG MinimumResolution
,
3204 OUT PULONG MaximumResolution
,
3205 OUT PULONG ActualResolution
3210 ZwQueryTimerResolution (
3211 OUT PULONG MinimumResolution
,
3212 OUT PULONG MaximumResolution
,
3213 OUT PULONG ActualResolution
3217 * FUNCTION: Queries a registry key value
3219 * KeyHandle = Handle to the registry key
3220 ValueName = Name of the value in the registry key
3221 KeyValueInformationClass = Index to a certain information structure
3223 KeyValueBasicInformation = KEY_VALUE_BASIC_INFORMATION
3224 KeyValueFullInformation = KEY_FULL_INFORMATION
3225 KeyValuePartialInformation = KEY_VALUE_PARTIAL_INFORMATION
3227 KeyValueInformation = Caller supplies storage for the information structure
3228 Length = Size of the information structure
3229 ResultLength = Data written
3236 IN HANDLE KeyHandle
,
3237 IN PUNICODE_STRING ValueName
,
3238 IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass
,
3239 OUT PVOID KeyValueInformation
,
3241 OUT PULONG ResultLength
3247 IN HANDLE KeyHandle
,
3248 IN PUNICODE_STRING ValueName
,
3249 IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass
,
3250 OUT PVOID KeyValueInformation
,
3252 OUT PULONG ResultLength
3256 * FUNCTION: Queries the volume information
3258 * FileHandle = Handle to a file object on the target volume
3259 * IoStatusBlock = Caller should supply storage for additional status information
3260 * ReturnLength = DataWritten
3261 * FsInformation = Caller should supply storage for the information structure.
3262 * Length = Size of the information structure
3263 * FsInformationClass = Index to a information structure
3265 FileFsVolumeInformation FILE_FS_VOLUME_INFORMATION
3266 FileFsLabelInformation FILE_FS_LABEL_INFORMATION
3267 FileFsSizeInformation FILE_FS_SIZE_INFORMATION
3268 FileFsDeviceInformation FILE_FS_DEVICE_INFORMATION
3269 FileFsAttributeInformation FILE_FS_ATTRIBUTE_INFORMATION
3270 FileFsControlInformation
3271 FileFsQuotaQueryInformation --
3272 FileFsQuotaSetInformation --
3273 FileFsMaximumInformation
3275 * RETURNS: Status [ STATUS_SUCCESS | STATUS_INSUFFICIENT_RESOURCES | STATUS_INVALID_PARAMETER |
3276 STATUS_INVALID_DEVICE_REQUEST | STATUS_BUFFER_OVERFLOW ]
3281 NtQueryVolumeInformationFile(
3282 IN HANDLE FileHandle
,
3283 OUT PIO_STATUS_BLOCK IoStatusBlock
,
3284 OUT PVOID FsInformation
,
3286 IN FS_INFORMATION_CLASS FsInformationClass
3291 ZwQueryVolumeInformationFile(
3292 IN HANDLE FileHandle
,
3293 OUT PIO_STATUS_BLOCK IoStatusBlock
,
3294 OUT PVOID FsInformation
,
3296 IN FS_INFORMATION_CLASS FsInformationClass
3299 // FIXME: Should I specify if the apc is user or kernel mode somewhere ??
3301 * FUNCTION: Queues a (user) apc to a thread.
3303 ThreadHandle = Thread to which the apc is queued.
3304 ApcRoutine = Points to the apc routine
3305 NormalContext = Argument to Apc Routine
3306 * SystemArgument1 = Argument of the Apc Routine
3307 SystemArgument2 = Argument of the Apc Routine
3308 * REMARK: If the apc is queued against a thread of a different process than the calling thread
3309 the apc routine should be specified in the address space of the queued thread's process.
3316 HANDLE ThreadHandle
,
3317 PKNORMAL_ROUTINE ApcRoutine
,
3318 PVOID NormalContext
,
3319 PVOID SystemArgument1
,
3320 PVOID SystemArgument2
);
3325 HANDLE ThreadHandle
,
3326 PKNORMAL_ROUTINE ApcRoutine
,
3327 PVOID NormalContext
,
3328 PVOID SystemArgument1
,
3329 PVOID SystemArgument2
);
3333 * FUNCTION: Raises an exception
3335 * ExceptionRecord = Structure specifying the exception
3336 * Context = Context in which the excpetion is raised
3345 IN PEXCEPTION_RECORD ExceptionRecord
,
3346 IN PCONTEXT Context
,
3347 IN BOOLEAN SearchFrames
3353 IN PEXCEPTION_RECORD ExceptionRecord
,
3354 IN PCONTEXT Context
,
3355 IN BOOLEAN SearchFrames
3359 * FUNCTION: Read a file
3361 * FileHandle = Handle of a file to read
3362 * Event = This event is signalled when the read operation completes
3363 * UserApcRoutine = Call back , if supplied Event should be NULL
3364 * UserApcContext = Argument to the callback
3365 * IoStatusBlock = Caller should supply storage for additional status information
3366 * Buffer = Caller should supply storage to receive the information
3367 * BufferLength = Size of the buffer
3368 * ByteOffset = Offset to start reading the file
3369 * Key = If a range is lock a matching key will allow the read to continue.
3377 IN HANDLE FileHandle
,
3378 IN HANDLE Event OPTIONAL
,
3379 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL
,
3380 IN PVOID UserApcContext OPTIONAL
,
3381 OUT PIO_STATUS_BLOCK IoStatusBlock
,
3383 IN ULONG BufferLength
,
3384 IN PLARGE_INTEGER ByteOffset OPTIONAL
,
3385 IN PULONG Key OPTIONAL
3391 IN HANDLE FileHandle
,
3392 IN HANDLE Event OPTIONAL
,
3393 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL
,
3394 IN PVOID UserApcContext OPTIONAL
,
3395 OUT PIO_STATUS_BLOCK IoStatusBlock
,
3397 IN ULONG BufferLength
,
3398 IN PLARGE_INTEGER ByteOffset OPTIONAL
,
3399 IN PULONG Key OPTIONAL
3402 * FUNCTION: Read a file using scattered io
3404 FileHandle = Handle of a file to read
3405 Event = This event is signalled when the read operation completes
3406 * UserApcRoutine = Call back , if supplied Event should be NULL
3407 UserApcContext = Argument to the callback
3408 IoStatusBlock = Caller should supply storage for additional status information
3409 BufferDescription = Caller should supply storage to receive the information
3410 BufferLength = Size of the buffer
3411 ByteOffset = Offset to start reading the file
3412 Key = Key = If a range is lock a matching key will allow the read to continue.
3419 IN HANDLE FileHandle
,
3420 IN HANDLE Event OPTIONAL
,
3421 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL
,
3422 IN PVOID UserApcContext OPTIONAL
,
3423 OUT PIO_STATUS_BLOCK UserIoStatusBlock
,
3424 IN FILE_SEGMENT_ELEMENT BufferDescription
[],
3425 IN ULONG BufferLength
,
3426 IN PLARGE_INTEGER ByteOffset
,
3427 IN PULONG Key OPTIONAL
3433 IN HANDLE FileHandle
,
3434 IN HANDLE Event OPTIONAL
,
3435 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL
,
3436 IN PVOID UserApcContext OPTIONAL
,
3437 OUT PIO_STATUS_BLOCK UserIoStatusBlock
,
3438 IN FILE_SEGMENT_ELEMENT BufferDescription
[],
3439 IN ULONG BufferLength
,
3440 IN PLARGE_INTEGER ByteOffset
,
3441 IN PULONG Key OPTIONAL
3446 NtReadRequestData (HANDLE PortHandle
,
3447 PLPC_MESSAGE Message
,
3451 PULONG ReturnLength
);
3454 ZwReadRequestData (HANDLE PortHandle
,
3455 PLPC_MESSAGE Message
,
3459 PULONG ReturnLength
);
3463 * FUNCTION: Copies a range of virtual memory to a buffer
3465 * ProcessHandle = Specifies the process owning the virtual address space
3466 * BaseAddress = Points to the address of virtual memory to start the read
3467 * Buffer = Caller supplies storage to copy the virtual memory to.
3468 * NumberOfBytesToRead = Limits the range to read
3469 * NumberOfBytesRead = The actual number of bytes read.
3475 NtReadVirtualMemory(
3476 IN HANDLE ProcessHandle
,
3477 IN PVOID BaseAddress
,
3479 IN ULONG NumberOfBytesToRead
,
3480 OUT PULONG NumberOfBytesRead
3484 ZwReadVirtualMemory(
3485 IN HANDLE ProcessHandle
,
3486 IN PVOID BaseAddress
,
3488 IN ULONG NumberOfBytesToRead
,
3489 OUT PULONG NumberOfBytesRead
3494 * FUNCTION: Debugger can register for thread termination
3496 * TerminationPort = Port on which the debugger likes to be notified.
3501 NtRegisterThreadTerminatePort(
3506 ZwRegisterThreadTerminatePort(
3511 * FUNCTION: Releases a mutant
3513 * MutantHandle = Handle to the mutant
3520 IN HANDLE MutantHandle
,
3521 IN PLONG PreviousCount OPTIONAL
3527 IN HANDLE MutantHandle
,
3528 IN PLONG PreviousCount OPTIONAL
3532 * FUNCTION: Releases a semaphore
3534 * SemaphoreHandle = Handle to the semaphore object
3535 * ReleaseCount = Number to decrease the semaphore count
3536 * PreviousCount = Previous semaphore count
3542 IN HANDLE SemaphoreHandle
,
3543 IN LONG ReleaseCount
,
3544 OUT PLONG PreviousCount OPTIONAL
3550 IN HANDLE SemaphoreHandle
,
3551 IN LONG ReleaseCount
,
3552 OUT PLONG PreviousCount OPTIONAL
3556 * FUNCTION: Removes an io completion
3558 * CompletionPort (OUT) = Caller supplied storage for the resulting handle
3559 * CompletionKey = Requested access to the key
3560 * IoStatusBlock = Caller provides storage for extended status information
3561 * CompletionStatus = Current status of the io operation.
3562 * WaitTime = Time to wait if ..
3567 NtRemoveIoCompletion(
3568 IN HANDLE IoCompletionHandle
,
3569 OUT PVOID
*CompletionKey
,
3570 OUT PVOID
*CompletionContext
,
3571 OUT PIO_STATUS_BLOCK IoStatusBlock
,
3572 IN PLARGE_INTEGER Timeout OPTIONAL
3577 ZwRemoveIoCompletion(
3578 IN HANDLE IoCompletionHandle
,
3579 OUT PVOID
*CompletionKey
,
3580 OUT PVOID
*CompletionValue
,
3581 OUT PIO_STATUS_BLOCK IoStatusBlock
,
3582 IN PLARGE_INTEGER Timeout OPTIONAL
3586 * FUNCTION: Replaces one registry key with another
3588 * ObjectAttributes = Specifies the attributes of the key
3589 * Key = Handle to the key
3590 * ReplacedObjectAttributes = The function returns the old object attributes
3596 IN POBJECT_ATTRIBUTES ObjectAttributes
,
3598 IN POBJECT_ATTRIBUTES ReplacedObjectAttributes
3603 IN POBJECT_ATTRIBUTES ObjectAttributes
,
3605 IN POBJECT_ATTRIBUTES ReplacedObjectAttributes
3610 NtReplyPort (HANDLE PortHandle
,
3611 PLPC_MESSAGE LpcReply
);
3614 ZwReplyPort (HANDLE PortHandle
,
3615 PLPC_MESSAGE LpcReply
);
3619 NtReplyWaitReceivePort (HANDLE PortHandle
,
3621 PLPC_MESSAGE MessageReply
,
3622 PLPC_MESSAGE MessageRequest
);
3625 ZwReplyWaitReceivePort (HANDLE PortHandle
,
3627 PLPC_MESSAGE MessageReply
,
3628 PLPC_MESSAGE MessageRequest
);
3632 NtReplyWaitReplyPort (HANDLE PortHandle
,
3633 PLPC_MESSAGE ReplyMessage
);
3636 ZwReplyWaitReplyPort (HANDLE PortHandle
,
3637 PLPC_MESSAGE ReplyMessage
);
3641 NtRequestPort (HANDLE PortHandle
,
3642 PLPC_MESSAGE LpcMessage
);
3645 ZwRequestPort (HANDLE PortHandle
,
3646 PLPC_MESSAGE LpcMessage
);
3650 NtRequestWaitReplyPort (HANDLE PortHandle
,
3651 PLPC_MESSAGE LpcReply
,
3652 PLPC_MESSAGE LpcRequest
);
3655 ZwRequestWaitReplyPort (HANDLE PortHandle
,
3656 PLPC_MESSAGE LpcReply
,
3657 PLPC_MESSAGE LpcRequest
);
3660 * FUNCTION: Resets a event to a non signaled state
3662 * EventHandle = Handle to the event that should be reset
3663 * NumberOfWaitingThreads = The number of threads released.
3670 OUT PLONG PreviousState OPTIONAL
3676 OUT PLONG PreviousState OPTIONAL
3695 * FUNCTION: Decrements a thread's resume count
3697 * ThreadHandle = Handle to the thread that should be resumed
3698 * ResumeCount = The resulting resume count.
3700 * A thread is resumed if its suspend count is 0. This procedure maps to
3701 * the win32 ResumeThread function. ( documentation about the the suspend count can be found here aswell )
3707 IN HANDLE ThreadHandle
,
3708 OUT PULONG SuspendCount OPTIONAL
3713 IN HANDLE ThreadHandle
,
3714 OUT PULONG SuspendCount OPTIONAL
3717 * FUNCTION: Writes the content of a registry key to ascii file
3719 * KeyHandle = Handle to the key
3720 * FileHandle = Handle of the file
3722 This function maps to the Win32 RegSaveKey.
3729 IN HANDLE KeyHandle
,
3730 IN HANDLE FileHandle
3735 IN HANDLE KeyHandle
,
3736 IN HANDLE FileHandle
3742 IN HANDLE KeyHandle
,
3743 IN HANDLE FileHandle
,
3744 IN ULONG Flags
// REG_STANDARD_FORMAT, etc..
3750 IN HANDLE KeyHandle
,
3751 IN HANDLE FileHandle
,
3752 IN ULONG Flags
// REG_STANDARD_FORMAT, etc..
3757 NtSetBootEntryOrder(
3764 ZwSetBootEntryOrder(
3785 * FUNCTION: Sets the context of a specified thread.
3787 * ThreadHandle = Handle to the thread
3788 * ThreadContext = The processor context.
3795 IN HANDLE ThreadHandle
,
3796 IN PCONTEXT ThreadContext
3801 IN HANDLE ThreadHandle
,
3802 IN PCONTEXT ThreadContext
3806 * FUNCTION: Sets the default locale id
3808 * UserProfile = Type of locale id
3809 * TRUE: thread locale id
3810 * FALSE: system locale id
3811 * DefaultLocaleId = Locale id
3818 IN BOOLEAN UserProfile
,
3819 IN LCID DefaultLocaleId
3825 IN BOOLEAN UserProfile
,
3826 IN LCID DefaultLocaleId
3831 NtSetDefaultUILanguage(
3837 ZwSetDefaultUILanguage(
3841 * FUNCTION: Sets the default hard error port
3843 * PortHandle = Handle to the port
3844 * NOTE: The hard error port is used for first change exception handling
3849 NtSetDefaultHardErrorPort(
3850 IN HANDLE PortHandle
3854 ZwSetDefaultHardErrorPort(
3855 IN HANDLE PortHandle
3859 * FUNCTION: Sets the extended attributes of a file.
3861 * FileHandle = Handle to the file
3862 * IoStatusBlock = Storage for a resulting status and information
3863 * on the current operation.
3864 * EaBuffer = Extended Attributes buffer.
3865 * EaBufferSize = Size of the extended attributes buffer
3871 IN HANDLE FileHandle
,
3872 IN PIO_STATUS_BLOCK IoStatusBlock
,
3879 IN HANDLE FileHandle
,
3880 IN PIO_STATUS_BLOCK IoStatusBlock
,
3885 //FIXME: should I return the event state ?
3888 * FUNCTION: Sets the event to a signalled state.
3890 * EventHandle = Handle to the event
3891 * NumberOfThreadsReleased = The number of threads released
3893 * This procedure maps to the win32 SetEvent function.
3900 IN HANDLE EventHandle
,
3901 OUT PLONG PreviousState OPTIONAL
3907 IN HANDLE EventHandle
,
3908 OUT PLONG PreviousState OPTIONAL
3912 * FUNCTION: Sets the high part of an event pair
3914 EventPair = Handle to the event pair
3921 IN HANDLE EventPairHandle
3927 IN HANDLE EventPairHandle
3930 * FUNCTION: Sets the high part of an event pair and wait for the low part
3932 EventPair = Handle to the event pair
3937 NtSetHighWaitLowEventPair(
3938 IN HANDLE EventPairHandle
3942 ZwSetHighWaitLowEventPair(
3943 IN HANDLE EventPairHandle
3947 * FUNCTION: Sets the information of a file object.
3949 * FileHandle = Handle to the file object
3950 * IoStatusBlock = Caller supplies storage for extended information
3951 * on the current operation.
3952 * FileInformation = Storage for the new file information
3953 * Lenght = Size of the new file information.
3954 * FileInformationClass = Indicates to a certain information structure
3956 FileNameInformation FILE_NAME_INFORMATION
3957 FileRenameInformation FILE_RENAME_INFORMATION
3958 FileStreamInformation FILE_STREAM_INFORMATION
3959 * FileCompletionInformation IO_COMPLETION_CONTEXT
3962 * This procedure maps to the win32 SetEndOfFile, SetFileAttributes,
3963 * SetNamedPipeHandleState, SetMailslotInfo functions.
3970 NtSetInformationFile(
3971 IN HANDLE FileHandle
,
3972 IN PIO_STATUS_BLOCK IoStatusBlock
,
3973 IN PVOID FileInformation
,
3975 IN FILE_INFORMATION_CLASS FileInformationClass
3979 ZwSetInformationFile(
3980 IN HANDLE FileHandle
,
3981 IN PIO_STATUS_BLOCK IoStatusBlock
,
3982 IN PVOID FileInformation
,
3984 IN FILE_INFORMATION_CLASS FileInformationClass
3989 NtSetInformationJobObject(
3991 JOBOBJECTINFOCLASS JobInformationClass
,
3992 PVOID JobInformation
,
3993 ULONG JobInformationLength
3998 ZwSetInformationJobObject(
4000 JOBOBJECTINFOCLASS JobInformationClass
,
4001 PVOID JobInformation
,
4002 ULONG JobInformationLength
4005 * FUNCTION: Changes a set of thread specific parameters
4007 * ThreadHandle = Handle to the thread
4008 * ThreadInformationClass = Index to the set of parameters to change.
4009 * Can be one of the following values:
4011 * ThreadBasicInformation THREAD_BASIC_INFORMATION
4012 * ThreadPriority KPRIORITY //???
4013 * ThreadBasePriority KPRIORITY
4014 * ThreadAffinityMask KAFFINITY //??
4015 * ThreadImpersonationToken ACCESS_TOKEN
4016 * ThreadIdealProcessor ULONG
4017 * ThreadPriorityBoost ULONG
4019 * ThreadInformation = Caller supplies storage for parameters to set.
4020 * ThreadInformationLength = Size of the storage supplied
4025 NtSetInformationThread(
4026 IN HANDLE ThreadHandle
,
4027 IN THREADINFOCLASS ThreadInformationClass
,
4028 IN PVOID ThreadInformation
,
4029 IN ULONG ThreadInformationLength
4033 ZwSetInformationThread(
4034 IN HANDLE ThreadHandle
,
4035 IN THREADINFOCLASS ThreadInformationClass
,
4036 IN PVOID ThreadInformation
,
4037 IN ULONG ThreadInformationLength
4041 * FUNCTION: Changes a set of token specific parameters
4043 * TokenHandle = Handle to the token
4044 * TokenInformationClass = Index to a certain information structure.
4045 * Can be one of the following values:
4047 TokenUser TOKEN_USER
4048 TokenGroups TOKEN_GROUPS
4049 TokenPrivileges TOKEN_PRIVILEGES
4050 TokenOwner TOKEN_OWNER
4051 TokenPrimaryGroup TOKEN_PRIMARY_GROUP
4052 TokenDefaultDacl TOKEN_DEFAULT_DACL
4053 TokenSource TOKEN_SOURCE
4054 TokenType TOKEN_TYPE
4055 TokenImpersonationLevel TOKEN_IMPERSONATION_LEVEL
4056 TokenStatistics TOKEN_STATISTICS
4058 * TokenInformation = Caller supplies storage for information structure.
4059 * TokenInformationLength = Size of the information structure
4065 NtSetInformationToken(
4066 IN HANDLE TokenHandle
,
4067 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
4068 OUT PVOID TokenInformation
,
4069 IN ULONG TokenInformationLength
4074 ZwSetInformationToken(
4075 IN HANDLE TokenHandle
,
4076 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
4077 OUT PVOID TokenInformation
,
4078 IN ULONG TokenInformationLength
4083 * FUNCTION: Sets an io completion
4088 * NumberOfBytesToTransfer =
4089 * NumberOfBytesTransferred =
4095 IN HANDLE IoCompletionPortHandle
,
4096 IN PVOID CompletionKey
,
4097 IN PVOID CompletionContext
,
4098 IN NTSTATUS CompletionStatus
,
4099 IN ULONG CompletionInformation
4105 IN HANDLE IoCompletionPortHandle
,
4106 IN PVOID CompletionKey
,
4107 IN PVOID CompletionContext
,
4108 IN NTSTATUS CompletionStatus
,
4109 IN ULONG CompletionInformation
4113 * FUNCTION: Set properties for profiling
4123 NtSetIntervalProfile(
4125 KPROFILE_SOURCE ClockSource
4130 ZwSetIntervalProfile(
4132 KPROFILE_SOURCE ClockSource
4137 * FUNCTION: Sets the low part of an event pair
4139 EventPair = Handle to the event pair
4154 * FUNCTION: Sets the low part of an event pair and wait for the high part
4156 EventPair = Handle to the event pair
4161 NtSetLowWaitHighEventPair(
4166 ZwSetLowWaitHighEventPair(
4170 /* NtSetLowWaitHighThread effectively invokes NtSetLowWaitHighEventPair on the
4171 * event pair of the thread.
4175 NtSetLowWaitHighThread(
4178 /* ZwSetLowWaitHighThread effectively invokes ZwSetLowWaitHighEventPair on the
4179 * event pair of the thread.
4183 ZwSetLowWaitHighThread(
4187 /* NtSetHighWaitLowThread effectively invokes NtSetHighWaitLowEventPair on the
4188 * event pair of the thread.
4192 NtSetHighWaitLowThread(
4196 /* ZwSetHighWaitLowThread effectively invokes ZwSetHighWaitLowEventPair on the
4197 * event pair of the thread.
4201 ZwSetHighWaitLowThread(
4207 NtSetQuotaInformationFile(
4209 PIO_STATUS_BLOCK IoStatusBlock
,
4210 PFILE_USER_QUOTA_INFORMATION Buffer
,
4216 ZwSetQuotaInformationFile(
4218 PIO_STATUS_BLOCK IoStatusBlock
,
4219 PFILE_USER_QUOTA_INFORMATION Buffer
,
4225 NtSetSecurityObject(
4227 IN SECURITY_INFORMATION SecurityInformation
,
4228 IN PSECURITY_DESCRIPTOR SecurityDescriptor
4233 ZwSetSecurityObject(
4235 IN SECURITY_INFORMATION SecurityInformation
,
4236 IN PSECURITY_DESCRIPTOR SecurityDescriptor
4241 * FUNCTION: Sets a system environment variable
4243 * ValueName = Name of the environment variable
4244 * Value = Value of the environment variable
4249 NtSetSystemEnvironmentValue(
4250 IN PUNICODE_STRING VariableName
,
4251 IN PUNICODE_STRING Value
4255 ZwSetSystemEnvironmentValue(
4256 IN PUNICODE_STRING VariableName
,
4257 IN PUNICODE_STRING Value
4260 * FUNCTION: Sets system parameters
4262 * SystemInformationClass = Index to a particular set of system parameters
4263 * Can be one of the following values:
4265 * SystemTimeAdjustmentInformation SYSTEM_TIME_ADJUSTMENT
4267 * SystemInformation = Structure containing the parameters.
4268 * SystemInformationLength = Size of the structure.
4273 NtSetSystemInformation(
4274 IN SYSTEM_INFORMATION_CLASS SystemInformationClass
,
4275 IN PVOID SystemInformation
,
4276 IN ULONG SystemInformationLength
4281 ZwSetSystemInformation(
4282 IN SYSTEM_INFORMATION_CLASS SystemInformationClass
,
4283 IN PVOID SystemInformation
,
4284 IN ULONG SystemInformationLength
4288 * FUNCTION: Sets the system time
4290 * SystemTime = Old System time
4291 * NewSystemTime = New System time
4297 IN PLARGE_INTEGER SystemTime
,
4298 IN PLARGE_INTEGER NewSystemTime OPTIONAL
4303 IN PLARGE_INTEGER SystemTime
,
4304 IN PLARGE_INTEGER NewSystemTime OPTIONAL
4308 * FUNCTION: Sets the frequency of the system timer
4310 * RequestedResolution =
4312 * ActualResolution =
4317 NtSetTimerResolution(
4318 IN ULONG DesiredResolution
,
4319 IN BOOLEAN SetResolution
,
4320 OUT PULONG CurrentResolution
4324 ZwSetTimerResolution(
4325 IN ULONG DesiredResolution
,
4326 IN BOOLEAN SetResolution
,
4327 OUT PULONG CurrentResolution
4331 * FUNCTION: Sets the value of a registry key
4333 * KeyHandle = Handle to a registry key
4334 * ValueName = Name of the value entry to change
4335 * TitleIndex = pointer to a structure containing the new volume information
4336 * Type = Type of the registry key. Can be one of the values:
4337 * REG_BINARY Unspecified binary data
4338 * REG_DWORD A 32 bit value
4339 * REG_DWORD_LITTLE_ENDIAN Same as REG_DWORD
4340 * REG_DWORD_BIG_ENDIAN A 32 bit value whose least significant byte is at the highest address
4341 * REG_EXPAND_SZ A zero terminated wide character string with unexpanded environment variables ( "%PATH%" )
4342 * REG_LINK A zero terminated wide character string referring to a symbolic link.
4343 * REG_MULTI_SZ A series of zero-terminated strings including a additional trailing zero
4344 * REG_NONE Unspecified type
4345 * REG_SZ A wide character string ( zero terminated )
4346 * REG_RESOURCE_LIST ??
4347 * REG_RESOURCE_REQUIREMENTS_LIST ??
4348 * REG_FULL_RESOURCE_DESCRIPTOR ??
4349 * Data = Contains the data for the registry key.
4350 * DataSize = size of the data.
4356 IN HANDLE KeyHandle
,
4357 IN PUNICODE_STRING ValueName
,
4358 IN ULONG TitleIndex OPTIONAL
,
4366 IN HANDLE KeyHandle
,
4367 IN PUNICODE_STRING ValueName
,
4368 IN ULONG TitleIndex OPTIONAL
,
4375 * FUNCTION: Sets the volume information.
4377 * FileHandle = Handle to the file
4378 * IoStatusBlock = Caller should supply storage for additional status information
4379 * VolumeInformation = pointer to a structure containing the new volume information
4380 * Length = size of the structure.
4381 * VolumeInformationClass = specifies the particular volume information to set
4386 NtSetVolumeInformationFile(
4387 IN HANDLE FileHandle
,
4388 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4389 IN PVOID FsInformation
,
4391 IN FS_INFORMATION_CLASS FsInformationClass
4396 ZwSetVolumeInformationFile(
4397 IN HANDLE FileHandle
,
4398 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4399 IN PVOID FsInformation
,
4401 IN FS_INFORMATION_CLASS FsInformationClass
4405 * FUNCTION: Shuts the system down
4407 * Action = Specifies the type of shutdown, it can be one of the following values:
4408 * ShutdownNoReboot, ShutdownReboot, ShutdownPowerOff
4414 IN SHUTDOWN_ACTION Action
4420 IN SHUTDOWN_ACTION Action
4424 * FUNCTION: Signals an object and wait for an other one.
4426 * ObjectHandleToSignal = Handle to the object that should be signaled
4427 * WaitableObjectHandle = Handle to the object that should be waited for
4428 * Alertable = True if the wait is alertable
4429 * TimeOut = The time to wait
4434 NtSignalAndWaitForSingleObject(
4435 IN HANDLE ObjectHandleToSignal
,
4436 IN HANDLE WaitableObjectHandle
,
4437 IN BOOLEAN Alertable
,
4438 IN PLARGE_INTEGER TimeOut OPTIONAL
4443 NtSignalAndWaitForSingleObject(
4444 IN HANDLE ObjectHandleToSignal
,
4445 IN HANDLE WaitableObjectHandle
,
4446 IN BOOLEAN Alertable
,
4447 IN PLARGE_INTEGER TimeOut OPTIONAL
4451 * FUNCTION: Starts profiling
4453 * ProfileHandle = Handle to the profile
4460 HANDLE ProfileHandle
4466 HANDLE ProfileHandle
4470 * FUNCTION: Stops profiling
4472 * ProfileHandle = Handle to the profile
4479 HANDLE ProfileHandle
4485 HANDLE ProfileHandle
4488 /* --- PROCESS MANAGEMENT --- */
4490 //--NtSystemDebugControl
4492 * FUNCTION: Terminates the execution of a process.
4494 * ThreadHandle = Handle to the process
4495 * ExitStatus = The exit status of the process to terminate with.
4497 * Native applications should kill themselves using this function.
4503 IN HANDLE ProcessHandle OPTIONAL
,
4504 IN NTSTATUS ExitStatus
4509 IN HANDLE ProcessHandle OPTIONAL
,
4510 IN NTSTATUS ExitStatus
4515 NtTerminateJobObject(
4522 ZwTerminateJobObject(
4530 IN ULONG TraceHandle
,
4532 IN ULONG TraceHeaderLength
,
4533 IN
struct _EVENT_TRACE_HEADER
* TraceHeader
4539 IN ULONG TraceHandle
,
4541 IN ULONG TraceHeaderLength
,
4542 IN
struct _EVENT_TRACE_HEADER
* TraceHeader
4547 NtTranslateFilePath(
4556 ZwTranslateFilePath(
4562 * FUNCTION: Unloads a driver.
4564 * DriverServiceName = Name of the driver to unload
4570 IN PUNICODE_STRING DriverServiceName
4575 IN PUNICODE_STRING DriverServiceName
4579 * FUNCTION: Unmaps a piece of virtual memory backed by a file.
4581 * ProcessHandle = Handle to the process
4582 * BaseAddress = The address where the mapping begins
4584 This procedure maps to the win32 UnMapViewOfFile
4589 NtUnmapViewOfSection(
4590 IN HANDLE ProcessHandle
,
4591 IN PVOID BaseAddress
4595 ZwUnmapViewOfSection(
4596 IN HANDLE ProcessHandle
,
4597 IN PVOID BaseAddress
4602 NtWriteRequestData (HANDLE PortHandle
,
4603 PLPC_MESSAGE Message
,
4607 PULONG ReturnLength
);
4610 ZwWriteRequestData (HANDLE PortHandle
,
4611 PLPC_MESSAGE Message
,
4615 PULONG ReturnLength
);
4619 * FUNCTION: Writes a range of virtual memory
4621 * ProcessHandle = The handle to the process owning the address space.
4622 * BaseAddress = The points to the address to write to
4623 * Buffer = Pointer to the buffer to write
4624 * NumberOfBytesToWrite = Offset to the upper boundary to write
4625 * NumberOfBytesWritten = Total bytes written
4627 * This function maps to the win32 WriteProcessMemory
4632 NtWriteVirtualMemory(
4633 IN HANDLE ProcessHandle
,
4634 IN PVOID BaseAddress
,
4636 IN ULONG NumberOfBytesToWrite
,
4637 OUT PULONG NumberOfBytesWritten
4642 ZwWriteVirtualMemory(
4643 IN HANDLE ProcessHandle
,
4644 IN PVOID BaseAddress
,
4646 IN ULONG NumberOfBytesToWrite
,
4647 OUT PULONG NumberOfBytesWritten
4652 * FUNCTION: Waits for an object to become signalled.
4654 * ObjectHandle = The object handle
4655 * Alertable = If true the wait is alertable.
4656 * TimeOut = The maximum wait time.
4658 * This function maps to the win32 WaitForSingleObjectEx.
4663 NtWaitForSingleObject (
4664 IN HANDLE ObjectHandle
,
4665 IN BOOLEAN Alertable
,
4666 IN PLARGE_INTEGER TimeOut OPTIONAL
4671 ZwWaitForSingleObject (
4672 IN HANDLE ObjectHandle
,
4673 IN BOOLEAN Alertable
,
4674 IN PLARGE_INTEGER TimeOut OPTIONAL
4677 /* --- EVENT PAIR OBJECT --- */
4680 * FUNCTION: Waits for the high part of an eventpair to become signalled
4682 * EventPairHandle = Handle to the event pair.
4688 NtWaitHighEventPair(
4689 IN HANDLE EventPairHandle
4694 ZwWaitHighEventPair(
4695 IN HANDLE EventPairHandle
4699 * FUNCTION: Waits for the low part of an eventpair to become signalled
4701 * EventPairHandle = Handle to the event pair.
4707 IN HANDLE EventPairHandle
4713 IN HANDLE EventPairHandle
4716 /* --- FILE MANAGEMENT --- */
4719 * FUNCTION: Unlocks a range of bytes in a file.
4721 * FileHandle = Handle to the file
4722 * IoStatusBlock = Caller should supply storage for a structure containing
4723 * the completion status and information about the requested unlock operation.
4724 The information field is set to the number of bytes unlocked.
4725 * ByteOffset = Offset to start the range of bytes to unlock
4726 * Length = Number of bytes to unlock.
4727 * Key = Special value to enable other threads to unlock a file than the
4728 thread that locked the file. The key supplied must match with the one obtained
4729 in a previous call to NtLockFile.
4731 This procedure maps to the win32 procedure UnlockFileEx. STATUS_PENDING is returned if the lock could
4732 not be obtained immediately, the device queue is busy and the IRP is queued.
4733 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES |
4734 STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_RANGE_NOT_LOCKED ]
4739 IN HANDLE FileHandle
,
4740 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4741 IN PLARGE_INTEGER ByteOffset
,
4742 IN PLARGE_INTEGER Lenght
,
4743 OUT PULONG Key OPTIONAL
4748 IN HANDLE FileHandle
,
4749 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4750 IN PLARGE_INTEGER ByteOffset
,
4751 IN PLARGE_INTEGER Lenght
,
4752 OUT PULONG Key OPTIONAL
4756 * FUNCTION: Writes data to a file
4758 * FileHandle = The handle a file ( from NtCreateFile )
4759 * Event = Specifies a event that will become signalled when the write operation completes.
4760 * ApcRoutine = Asynchroneous Procedure Callback [ Should not be used by device drivers ]
4761 * ApcContext = Argument to the Apc Routine
4762 * IoStatusBlock = Caller should supply storage for a structure containing the completion status and information about the requested write operation.
4763 * Buffer = Caller should supply storage for a buffer that will contain the information to be written to file.
4764 * Length = Size in bytest of the buffer
4765 * ByteOffset = Points to a file offset. If a combination of Length and BytesOfSet is past the end-of-file mark the file will be enlarged.
4766 * BytesOffset is ignored if the file is created with FILE_APPEND_DATA in the DesiredAccess. BytesOffset is also ignored if
4767 * the file is created with CreateOptions flags FILE_SYNCHRONOUS_IO_ALERT or FILE_SYNCHRONOUS_IO_NONALERT set, in that case a offset
4768 * should be created by specifying FILE_USE_FILE_POINTER_POSITION.
4771 * This function maps to the win32 WriteFile.
4772 * Callers to NtWriteFile should run at IRQL PASSIVE_LEVEL.
4773 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES
4774 STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_FILE_LOCK_CONFLICT ]
4779 IN HANDLE FileHandle
,
4780 IN HANDLE Event OPTIONAL
,
4781 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
4782 IN PVOID ApcContext OPTIONAL
,
4783 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4786 IN PLARGE_INTEGER ByteOffset
,
4787 IN PULONG Key OPTIONAL
4793 IN HANDLE FileHandle
,
4794 IN HANDLE Event OPTIONAL
,
4795 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
4796 IN PVOID ApcContext OPTIONAL
,
4797 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4800 IN PLARGE_INTEGER ByteOffset
,
4801 IN PULONG Key OPTIONAL
4805 * FUNCTION: Writes a file
4807 * FileHandle = The handle of the file
4809 * ApcRoutine = Asynchroneous Procedure Callback [ Should not be used by device drivers ]
4810 * ApcContext = Argument to the Apc Routine
4811 * IoStatusBlock = Caller should supply storage for a structure containing the completion status and information about the requested write operation.
4812 * BufferDescription = Caller should supply storage for a buffer that will contain the information to be written to file.
4813 * BufferLength = Size in bytest of the buffer
4814 * ByteOffset = Points to a file offset. If a combination of Length and BytesOfSet is past the end-of-file mark the file will be enlarged.
4815 * BytesOffset is ignored if the file is created with FILE_APPEND_DATA in the DesiredAccess. BytesOffset is also ignored if
4816 * the file is created with CreateOptions flags FILE_SYNCHRONOUS_IO_ALERT or FILE_SYNCHRONOUS_IO_NONALERT set, in that case a offset
4817 * should be created by specifying FILE_USE_FILE_POINTER_POSITION. Use FILE_WRITE_TO_END_OF_FILE to write to the EOF.
4818 * Key = If a matching key [ a key provided at NtLockFile ] is provided the write operation will continue even if a byte range is locked.
4820 * This function maps to the win32 WriteFile.
4821 * Callers to NtWriteFile should run at IRQL PASSIVE_LEVEL.
4822 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES
4823 STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_FILE_LOCK_CONFLICT ]
4829 IN HANDLE FileHandle
,
4830 IN HANDLE Event OPTIONAL
,
4831 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
4832 IN PVOID ApcContext OPTIONAL
,
4833 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4834 IN FILE_SEGMENT_ELEMENT BufferDescription
[],
4835 IN ULONG BufferLength
,
4836 IN PLARGE_INTEGER ByteOffset
,
4837 IN PULONG Key OPTIONAL
4843 IN HANDLE FileHandle
,
4844 IN HANDLE Event OPTIONAL
,
4845 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
4846 IN PVOID ApcContext OPTIONAL
,
4847 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4848 IN FILE_SEGMENT_ELEMENT BufferDescription
[],
4849 IN ULONG BufferLength
,
4850 IN PLARGE_INTEGER ByteOffset
,
4851 IN PULONG Key OPTIONAL
4855 /* --- THREAD MANAGEMENT --- */
4858 * FUNCTION: Increments a thread's resume count
4860 * ThreadHandle = Handle to the thread that should be resumed
4861 * PreviousSuspendCount = The resulting/previous suspend count.
4863 * A thread will be suspended if its suspend count is greater than 0. This procedure maps to
4864 * the win32 SuspendThread function. ( documentation about the the suspend count can be found here aswell )
4865 * The suspend count is not increased if it is greater than MAXIMUM_SUSPEND_COUNT.
4871 IN HANDLE ThreadHandle
,
4872 OUT PULONG PreviousSuspendCount OPTIONAL
4878 IN HANDLE ThreadHandle
,
4879 OUT PULONG PreviousSuspendCount OPTIONAL
4883 * FUNCTION: Terminates the execution of a thread.
4885 * ThreadHandle = Handle to the thread
4886 * ExitStatus = The exit status of the thread to terminate with.
4892 IN HANDLE ThreadHandle
,
4893 IN NTSTATUS ExitStatus
4898 IN HANDLE ThreadHandle
,
4899 IN NTSTATUS ExitStatus
4902 * FUNCTION: Tests to see if there are any pending alerts for the calling thread
4917 * FUNCTION: Yields the callers thread.
4932 /* --- POWER MANAGEMENT --- */
4934 #ifndef __USE_W32API
4936 NtSetSystemPowerState(IN POWER_ACTION SystemAction
,
4937 IN SYSTEM_POWER_STATE MinSystemState
,
4941 /* --- DEBUG SUBSYSTEM --- */
4944 NtSystemDebugControl(DEBUG_CONTROL_CODE ControlCode
,
4946 ULONG InputBufferLength
,
4948 ULONG OutputBufferLength
,
4949 PULONG ReturnLength
);
4951 /* --- VIRTUAL DOS MACHINE (VDM) --- */
4955 NtVdmControl (ULONG ControlCode
, PVOID ControlData
);
4961 NtW32Call(IN ULONG RoutineIndex
,
4963 IN ULONG ArgumentLength
,
4964 OUT PVOID
* Result OPTIONAL
,
4965 OUT PULONG ResultLength OPTIONAL
);
4967 /* --- CHANNELS --- */
4989 NtReplyWaitSendChannel (
4995 NtSendWaitReplyChannel (
5001 NtSetContextChannel (
5005 /* --- MISCELLANEA --- */
5007 //NTSTATUS STDCALL NtSetLdtEntries(VOID);
5010 NtSetLdtEntries (ULONG Selector1
,
5011 LDT_ENTRY LdtEntry1
,
5013 LDT_ENTRY LdtEntry2
);
5016 * FUNCTION: Checks a clients access rights to a object
5018 * SecurityDescriptor = Security information against which the access is checked
5019 * ClientToken = Represents a client
5023 * ReturnLength = Bytes written
5025 * AccessStatus = Indicates if the ClientToken allows the requested access
5026 * REMARKS: The arguments map to the win32 AccessCheck
5027 * Gary Nebbett is wrong:
5028 * The 7th argument is a PACCESS_MASK, not a PULONG.
5029 * The 8th argument is a PNTSTATUS, not a PBOOLEAN.
5036 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5037 IN HANDLE ClientToken
,
5038 IN ACCESS_MASK DesiredAcces
,
5039 IN PGENERIC_MAPPING GenericMapping
,
5040 OUT PPRIVILEGE_SET PrivilegeSet
,
5041 OUT PULONG ReturnLength
,
5042 OUT PACCESS_MASK GrantedAccess
,
5043 OUT PNTSTATUS AccessStatus
5049 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5050 IN HANDLE ClientToken
,
5051 IN ACCESS_MASK DesiredAcces
,
5052 IN PGENERIC_MAPPING GenericMapping
,
5053 OUT PPRIVILEGE_SET PrivilegeSet
,
5054 OUT PULONG ReturnLength
,
5055 OUT PACCESS_MASK GrantedAccess
,
5056 OUT PNTSTATUS AccessStatus
5062 IN ACCESS_MASK DesiredAccess
,
5063 OUT PHANDLE KeyHandle
);
5066 * FUNCTION: Checks a clients access rights to a object and issues a audit a alarm. ( it logs the access )
5068 * SubsystemName = Specifies the name of the subsystem, can be "WIN32" or "DEBUG"
5072 * SecurityDescriptor =
5079 * REMARKS: The arguments map to the win32 AccessCheck
5085 NtAccessCheckAndAuditAlarm(
5086 IN PUNICODE_STRING SubsystemName
,
5087 IN PHANDLE ObjectHandle
,
5088 IN PUNICODE_STRING ObjectTypeName
,
5089 IN PUNICODE_STRING ObjectName
,
5090 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5091 IN ACCESS_MASK DesiredAccess
,
5092 IN PGENERIC_MAPPING GenericMapping
,
5093 IN BOOLEAN ObjectCreation
,
5094 OUT PACCESS_MASK GrantedAccess
,
5095 OUT PNTSTATUS AccessStatus
,
5096 OUT PBOOLEAN GenerateOnClose
5100 * FUNCTION: Cancels a timer
5102 * TimerHandle = Handle to the timer
5103 * CurrentState = Specifies the state of the timer when cancelled.
5105 * The arguments to this function map to the function CancelWaitableTimer.
5111 IN HANDLE TimerHandle
,
5112 OUT PBOOLEAN CurrentState OPTIONAL
5116 * FUNCTION: Continues a thread with the specified context
5118 * Context = Specifies the processor context
5119 * IrqLevel = Specifies the Interupt Request Level to continue with. Can
5120 * be PASSIVE_LEVEL or APC_LEVEL
5122 * NtContinue can be used to continue after an exception or apc.
5125 //FIXME This function might need another parameter
5130 IN PCONTEXT Context
,
5131 IN BOOLEAN TestAlert
5135 * FUNCTION: Creates a paging file.
5137 * FileName = Name of the pagefile
5138 * InitialSize = Specifies the initial size in bytes
5139 * MaximumSize = Specifies the maximum size in bytes
5140 * Reserved = Reserved for future use
5146 IN PUNICODE_STRING FileName
,
5147 IN PLARGE_INTEGER InitialSize
,
5148 IN PLARGE_INTEGER MaxiumSize
,
5154 * FUNCTION: Creates a profile
5156 * ProfileHandle (OUT) = Caller supplied storage for the resulting handle
5157 * ObjectAttribute = Initialized attributes for the object
5158 * ImageBase = Start address of executable image
5159 * ImageSize = Size of the image
5160 * Granularity = Bucket size
5161 * Buffer = Caller supplies buffer for profiling info
5162 * ProfilingSize = Buffer size
5163 * ClockSource = Specify 0 / FALSE ??
5164 * ProcessorMask = A value of -1 indicates disables per processor profiling,
5165 otherwise bit set for the processor to profile.
5167 * This function maps to the win32 CreateProcess.
5173 NtCreateProfile(OUT PHANDLE ProfileHandle
,
5174 IN HANDLE Process OPTIONAL
,
5177 IN ULONG BucketSize
,
5179 IN ULONG BufferSize
,
5180 IN KPROFILE_SOURCE ProfileSource
,
5181 IN KAFFINITY Affinity
);
5184 * FUNCTION: Creates a user mode thread
5186 * ThreadHandle (OUT) = Caller supplied storage for the resulting handle
5187 * DesiredAccess = Specifies the allowed or desired access to the thread.
5188 * ObjectAttributes = Initialized attributes for the object.
5189 * ProcessHandle = Handle to the threads parent process.
5190 * ClientId (OUT) = Caller supplies storage for returned process id and thread id.
5191 * ThreadContext = Initial processor context for the thread.
5192 * InitialTeb = Initial user mode stack context for the thread.
5193 * CreateSuspended = Specifies if the thread is ready for scheduling
5195 * This function maps to the win32 function CreateThread.
5201 OUT PHANDLE ThreadHandle
,
5202 IN ACCESS_MASK DesiredAccess
,
5203 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
5204 IN HANDLE ProcessHandle
,
5205 OUT PCLIENT_ID ClientId
,
5206 IN PCONTEXT ThreadContext
,
5207 IN PINITIAL_TEB InitialTeb
,
5208 IN BOOLEAN CreateSuspended
5212 * FUNCTION: Delays the execution of the calling thread.
5214 * Alertable = If TRUE the thread is alertable during is wait period
5215 * Interval = Specifies the interval to wait.
5222 IN BOOLEAN Alertable
,
5223 IN PLARGE_INTEGER DelayInterval
5227 * FUNCTION: Extends a section
5229 * SectionHandle = Handle to the section
5230 * NewMaximumSize = Adjusted size
5236 IN HANDLE SectionHandle
,
5237 IN PLARGE_INTEGER NewMaximumSize
5241 * FUNCTION: Flushes a the processors instruction cache
5243 * ProcessHandle = Points to the process owning the cache
5244 * BaseAddress = // might this be a image address ????
5245 * NumberOfBytesToFlush =
5248 * This funciton is used by debuggers
5252 NtFlushInstructionCache(
5253 IN HANDLE ProcessHandle
,
5254 IN PVOID BaseAddress
,
5255 IN UINT NumberOfBytesToFlush
5259 * FUNCTION: Flushes virtual memory to file
5261 * ProcessHandle = Points to the process that allocated the virtual memory
5262 * BaseAddress = Points to the memory address
5263 * NumberOfBytesToFlush = Limits the range to flush,
5264 * NumberOfBytesFlushed = Actual number of bytes flushed
5267 * Check return status on STATUS_NOT_MAPPED_DATA
5271 NtFlushVirtualMemory(
5272 IN HANDLE ProcessHandle
,
5273 IN PVOID BaseAddress
,
5274 IN ULONG NumberOfBytesToFlush
,
5275 OUT PULONG NumberOfBytesFlushed OPTIONAL
5279 * FUNCTION: Retrieves the uptime of the system
5281 * UpTime = Number of clock ticks since boot.
5291 * FUNCTION: Loads a registry key.
5293 * KeyObjectAttributes = Key to be loaded
5294 * FileObjectAttributes = File to load the key from
5296 * This procedure maps to the win32 procedure RegLoadKey
5302 IN POBJECT_ATTRIBUTES KeyObjectAttributes
,
5303 IN POBJECT_ATTRIBUTES FileObjectAttributes
5308 * FUNCTION: Locks a range of virtual memory.
5310 * ProcessHandle = Handle to the process
5311 * BaseAddress = Lower boundary of the range of bytes to lock.
5312 * NumberOfBytesLock = Offset to the upper boundary.
5313 * NumberOfBytesLocked (OUT) = Number of bytes actually locked.
5315 This procedure maps to the win32 procedure VirtualLock.
5316 * RETURNS: Status [STATUS_SUCCESS | STATUS_WAS_LOCKED ]
5320 NtLockVirtualMemory(
5321 HANDLE ProcessHandle
,
5323 ULONG NumberOfBytesToLock
,
5324 PULONG NumberOfBytesLocked
5329 NtOpenObjectAuditAlarm(
5330 IN PUNICODE_STRING SubsystemName
,
5332 IN PUNICODE_STRING ObjectTypeName
,
5333 IN PUNICODE_STRING ObjectName
,
5334 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5335 IN HANDLE ClientToken
,
5336 IN ULONG DesiredAccess
,
5337 IN ULONG GrantedAccess
,
5338 IN PPRIVILEGE_SET Privileges
,
5339 IN BOOLEAN ObjectCreation
,
5340 IN BOOLEAN AccessGranted
,
5341 OUT PBOOLEAN GenerateOnClose
5345 * FUNCTION: Set the access protection of a range of virtual memory
5347 * ProcessHandle = Handle to process owning the virtual address space
5348 * BaseAddress = Start address
5349 * NumberOfBytesToProtect = Delimits the range of virtual memory
5350 * for which the new access protection holds
5351 * NewAccessProtection = The new access proctection for the pages
5352 * OldAccessProtection = Caller should supply storage for the old
5356 * The function maps to the win32 VirtualProtectEx
5361 NtProtectVirtualMemory(
5362 IN HANDLE ProcessHandle
,
5363 IN PVOID
*BaseAddress
,
5364 IN ULONG
*NumberOfBytesToProtect
,
5365 IN ULONG NewAccessProtection
,
5366 OUT PULONG OldAccessProtection
5370 * FUNCTION: Query information about the content of a directory object
5373 Buffer = Buffer must be large enough to hold the name strings too
5374 ReturnSingleEntry = If TRUE :return the index of the next object in this directory in ObjectIndex
5375 If FALSE: return the number of objects in this directory in ObjectIndex
5376 RestartScan = If TRUE: ignore input value of ObjectIndex always start at index 0
5377 If FALSE use input value of ObjectIndex
5378 Context = zero based index of object in the directory depends on GetNextIndex and IgnoreInputIndex
5379 ReturnLength = Actual size of the ObjectIndex ???
5384 NtQueryDirectoryObject(
5385 IN HANDLE DirectoryHandle
,
5387 IN ULONG BufferLength
,
5388 IN BOOLEAN ReturnSingleEntry
,
5389 IN BOOLEAN RestartScan
,
5390 IN OUT PULONG Context
,
5391 OUT PULONG ReturnLength OPTIONAL
5395 * FUNCTION: Query the interval and the clocksource for profiling
5403 NtQueryIntervalProfile(
5404 IN KPROFILE_SOURCE ProfileSource
,
5409 * FUNCTION: Queries the information of a section object.
5411 * SectionHandle = Handle to the section link object
5412 * SectionInformationClass = Index to a certain information structure
5413 * SectionInformation (OUT)= Caller supplies storage for resulting information
5414 * Length = Size of the supplied storage
5415 * ResultLength = Data written
5422 IN HANDLE SectionHandle
,
5423 IN SECTION_INFORMATION_CLASS SectionInformationClass
,
5424 OUT PVOID SectionInformation
,
5425 IN ULONG SectionInformationLength
,
5426 OUT PULONG ResultLength OPTIONAL
5430 * FUNCTION: Queries the virtual memory information.
5432 ProcessHandle = Process owning the virtual address space
5433 BaseAddress = Points to the page where the information is queried for.
5434 * VirtualMemoryInformationClass = Index to a certain information structure
5436 MemoryBasicInformation MEMORY_BASIC_INFORMATION
5438 * VirtualMemoryInformation = caller supplies storage for the information structure
5439 * Length = size of the structure
5440 ResultLength = Data written
5447 NtQueryVirtualMemory(
5448 IN HANDLE ProcessHandle
,
5450 IN IN CINT VirtualMemoryInformationClass
,
5451 OUT PVOID VirtualMemoryInformation
,
5453 OUT PULONG ResultLength
5457 * FUNCTION: Raises a hard error (stops the system)
5459 * Status = Status code of the hard error
5460 * NumberOfParameters = Number of (optional) parameters in Parameters
5461 * UnicodeStringParameterMask = (optional) string parameter, one per error code
5462 * Parameters = An Array of pointers for use in the error message string
5463 * ResponseOption = Specifies the type of the message box
5464 * Response = Specifies the user's response
5472 IN NTSTATUS ErrorStatus
,
5473 IN ULONG NumberOfParameters
,
5474 IN PUNICODE_STRING UnicodeStringParameterMask OPTIONAL
,
5475 IN PVOID
*Parameters
,
5476 IN HARDERROR_RESPONSE_OPTION ResponseOption
,
5477 OUT PHARDERROR_RESPONSE Response
5481 * FUNCTION: Sets the information of a registry key.
5483 * KeyHandle = Handle to the registry key
5484 * KeyInformationClass = Index to the a certain information structure.
5485 * Can be one of the following values:
5487 * KeyLastWriteTimeInformation KEY_LAST_WRITE_TIME_INFORMATION
5489 * KeyInformation = Storage for the new information
5490 * KeyInformationLength = Size of the information strucure
5496 NtSetInformationKey(
5497 IN HANDLE KeyHandle
,
5498 IN KEY_SET_INFORMATION_CLASS KeyInformationClass
,
5499 IN PVOID KeyInformation
,
5500 IN ULONG KeyInformationLength
5504 * FUNCTION: Changes a set of object specific parameters
5507 * ObjectInformationClass = Index to the set of parameters to change.
5509 ObjectHandleInformation OBJECT_HANDLE_ATTRIBUTE_INFORMATION
5512 * ObjectInformation = Caller supplies storage for parameters to set.
5513 * Length = Size of the storage supplied
5518 NtSetInformationObject(
5519 IN HANDLE ObjectHandle
,
5520 IN OBJECT_INFORMATION_CLASS ObjectInformationClass
,
5521 IN PVOID ObjectInformation
,
5526 * FUNCTION: Sets the characteristics of a timer
5528 * TimerHandle = Handle to the timer
5529 * DueTime = Time before the timer becomes signalled for the first time.
5530 * TimerApcRoutine = Completion routine can be called on time completion
5531 * TimerContext = Argument to the completion routine
5532 * Resume = Specifies if the timer should repeated after completing one cycle
5533 * Period = Cycle of the timer
5534 * REMARKS: This routine maps to the win32 SetWaitableTimer.
5540 IN HANDLE TimerHandle
,
5541 IN PLARGE_INTEGER DueTime
,
5542 IN PTIMER_APC_ROUTINE TimerApcRoutine OPTIONAL
,
5543 IN PVOID TimerContext OPTIONAL
,
5544 IN BOOLEAN ResumeTimer
,
5545 IN LONG Period OPTIONAL
,
5546 OUT PBOOLEAN PreviousState OPTIONAL
5550 * FUNCTION: Unloads a registry key.
5552 * KeyHandle = Handle to the registry key
5554 * This procedure maps to the win32 procedure RegUnloadKey
5560 IN POBJECT_ATTRIBUTES KeyObjectAttributes
5564 * FUNCTION: Unlocks a range of virtual memory.
5566 * ProcessHandle = Handle to the process
5567 * BaseAddress = Lower boundary of the range of bytes to unlock.
5568 * NumberOfBytesToUnlock = Offset to the upper boundary to unlock.
5569 * NumberOfBytesUnlocked (OUT) = Number of bytes actually unlocked.
5571 This procedure maps to the win32 procedure VirtualUnlock
5572 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PAGE_WAS_ULOCKED ]
5576 NtUnlockVirtualMemory(
5577 IN HANDLE ProcessHandle
,
5578 IN PVOID BaseAddress
,
5579 IN ULONG NumberOfBytesToUnlock
,
5580 OUT PULONG NumberOfBytesUnlocked OPTIONAL
5584 * FUNCTION: Waits for multiple objects to become signalled.
5586 * ObjectCount = The number of objects
5587 * ObjectsArray = The array of object handles
5588 * WaitType = Can be one of the values UserMode or KernelMode
5589 * Alertable = If true the wait is alertable.
5590 * TimeOut = The maximum wait time.
5592 * This function maps to the win32 WaitForMultipleObjectEx.
5597 NtWaitForMultipleObjects (
5598 IN ULONG ObjectCount
,
5599 IN PHANDLE ObjectsArray
,
5600 IN WAIT_TYPE WaitType
,
5601 IN BOOLEAN Alertable
,
5602 IN PLARGE_INTEGER TimeOut OPTIONAL
5609 #ifndef __USE_W32API
5612 * FUNCTION: Continues a thread with the specified context
5614 * Context = Specifies the processor context
5615 * IrqLevel = Specifies the Interupt Request Level to continue with. Can
5616 * be PASSIVE_LEVEL or APC_LEVEL
5618 * NtContinue can be used to continue after an exception or apc.
5621 //FIXME This function might need another parameter
5623 NTSTATUS STDCALL
ZwContinue(IN PCONTEXT Context
, IN CINT IrqLevel
);
5626 * FUNCTION: Retrieves the system time
5628 * CurrentTime (OUT) = Caller should supply storage for the resulting time.
5636 OUT PLARGE_INTEGER CurrentTime
5640 * FUNCTION: Copies a handle from one process space to another
5642 * SourceProcessHandle = The source process owning the handle. The source process should have opened
5643 * the SourceHandle with PROCESS_DUP_HANDLE access.
5644 * SourceHandle = The handle to the object.
5645 * TargetProcessHandle = The destination process owning the handle
5646 * TargetHandle (OUT) = Caller should supply storage for the duplicated handle.
5647 * DesiredAccess = The desired access to the handle.
5648 * InheritHandle = Indicates wheter the new handle will be inheritable or not.
5649 * Options = Specifies special actions upon duplicating the handle. Can be
5650 * one of the values DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS.
5651 * DUPLICATE_CLOSE_SOURCE specifies that the source handle should be
5652 * closed after duplicating. DUPLICATE_SAME_ACCESS specifies to ignore
5653 * the DesiredAccess paramter and just grant the same access to the new
5656 * REMARKS: This function maps to the win32 DuplicateHandle.
5662 IN HANDLE SourceProcessHandle
,
5663 IN HANDLE SourceHandle
,
5664 IN HANDLE TargetProcessHandle
,
5665 OUT PHANDLE TargetHandle
,
5666 IN ACCESS_MASK DesiredAccess
,
5667 IN BOOLEAN InheritHandle
,
5674 IN HANDLE SourceProcessHandle
,
5675 IN PHANDLE SourceHandle
,
5676 IN HANDLE TargetProcessHandle
,
5677 OUT PHANDLE TargetHandle
,
5678 IN ACCESS_MASK DesiredAccess
,
5679 IN BOOLEAN InheritHandle
,
5684 * FUNCTION: Checks a clients access rights to a object and issues a audit a alarm. ( it logs the access )
5686 * SubsystemName = Specifies the name of the subsystem, can be "WIN32" or "DEBUG"
5690 * SecurityDescriptor =
5697 * REMARKS: The arguments map to the win32 AccessCheck
5703 ZwAccessCheckAndAuditAlarm(
5704 IN PUNICODE_STRING SubsystemName
,
5705 IN PHANDLE ObjectHandle
,
5706 IN PUNICODE_STRING ObjectTypeName
,
5707 IN PUNICODE_STRING ObjectName
,
5708 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5709 IN ACCESS_MASK DesiredAccess
,
5710 IN PGENERIC_MAPPING GenericMapping
,
5711 IN BOOLEAN ObjectCreation
,
5712 OUT PACCESS_MASK GrantedAccess
,
5713 OUT PNTSTATUS AccessStatus
,
5714 OUT PBOOLEAN GenerateOnClose
5718 * FUNCTION: Adds an atom to the global atom table
5720 * AtomName = The string to add to the atom table.
5721 * AtomNameLength = Length of the atom name
5722 * Atom (OUT) = Caller supplies storage for the resulting atom.
5723 * REMARKS: The arguments map to the win32 add GlobalAddAtom.
5730 IN ULONG AtomNameLength
,
5731 IN OUT PRTL_ATOM Atom
5739 IN ULONG AtomNameLength
,
5740 IN OUT PRTL_ATOM Atom
5746 OUT PULARGE_INTEGER Time
,
5748 OUT PULONG Sequence
,
5755 OUT PULARGE_INTEGER Time
,
5757 OUT PULONG Sequence
,
5764 IN HANDLE TimerHandle
,
5765 OUT ULONG ElapsedTime
5769 * FUNCTION: Creates a paging file.
5771 * FileName = Name of the pagefile
5772 * InitialSize = Specifies the initial size in bytes
5773 * MaximumSize = Specifies the maximum size in bytes
5774 * Reserved = Reserved for future use
5780 IN PUNICODE_STRING FileName
,
5781 IN PLARGE_INTEGER InitialSize
,
5782 IN PLARGE_INTEGER MaxiumSize
,
5787 * FUNCTION: Creates a user mode thread
5789 * ThreadHandle (OUT) = Caller supplied storage for the resulting handle
5790 * DesiredAccess = Specifies the allowed or desired access to the thread.
5791 * ObjectAttributes = Initialized attributes for the object.
5792 * ProcessHandle = Handle to the threads parent process.
5793 * ClientId (OUT) = Caller supplies storage for returned process id and thread id.
5794 * ThreadContext = Initial processor context for the thread.
5795 * InitialTeb = Initial user mode stack context for the thread.
5796 * CreateSuspended = Specifies if the thread is ready for scheduling
5798 * This function maps to the win32 function CreateThread.
5804 OUT PHANDLE ThreadHandle
,
5805 IN ACCESS_MASK DesiredAccess
,
5806 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
5807 IN HANDLE ProcessHandle
,
5808 OUT PCLIENT_ID ClientId
,
5809 IN PCONTEXT ThreadContext
,
5810 IN PINITIAL_TEB InitialTeb
,
5811 IN BOOLEAN CreateSuspended
5817 IN HANDLE ExistingToken
,
5818 IN ACCESS_MASK DesiredAccess
,
5819 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
5820 IN BOOLEAN EffectiveOnly
,
5821 IN TOKEN_TYPE TokenType
,
5822 OUT PHANDLE NewToken
5828 IN HANDLE ExistingToken
,
5829 IN ACCESS_MASK DesiredAccess
,
5830 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
5831 IN BOOLEAN EffectiveOnly
,
5832 IN TOKEN_TYPE TokenType
,
5833 OUT PHANDLE NewToken
5837 * FUNCTION: Finds a atom
5839 * AtomName = Name to search for.
5840 * AtomNameLength = Length of the atom name
5841 * Atom = Caller supplies storage for the resulting atom
5844 * This funciton maps to the win32 GlobalFindAtom
5850 IN ULONG AtomNameLength
,
5851 OUT PRTL_ATOM Atom OPTIONAL
5858 IN ULONG AtomNameLength
,
5859 OUT PRTL_ATOM Atom OPTIONAL
5863 * FUNCTION: Flushes a the processors instruction cache
5865 * ProcessHandle = Points to the process owning the cache
5866 * BaseAddress = // might this be a image address ????
5867 * NumberOfBytesToFlush =
5870 * This funciton is used by debuggers
5874 ZwFlushInstructionCache(
5875 IN HANDLE ProcessHandle
,
5876 IN PVOID BaseAddress
,
5877 IN UINT NumberOfBytesToFlush
5881 * FUNCTION: Flushes virtual memory to file
5883 * ProcessHandle = Points to the process that allocated the virtual memory
5884 * BaseAddress = Points to the memory address
5885 * NumberOfBytesToFlush = Limits the range to flush,
5886 * NumberOfBytesFlushed = Actual number of bytes flushed
5889 * Check return status on STATUS_NOT_MAPPED_DATA
5893 ZwFlushVirtualMemory(
5894 IN HANDLE ProcessHandle
,
5895 IN PVOID BaseAddress
,
5896 IN ULONG NumberOfBytesToFlush
,
5897 OUT PULONG NumberOfBytesFlushed OPTIONAL
5901 * FUNCTION: Retrieves the uptime of the system
5903 * UpTime = Number of clock ticks since boot.
5913 * FUNCTION: Loads a registry key.
5915 * KeyObjectAttributes = Key to be loaded
5916 * FileObjectAttributes = File to load the key from
5918 * This procedure maps to the win32 procedure RegLoadKey
5924 IN POBJECT_ATTRIBUTES KeyObjectAttributes
,
5925 IN POBJECT_ATTRIBUTES FileObjectAttributes
5929 * FUNCTION: Locks a range of virtual memory.
5931 * ProcessHandle = Handle to the process
5932 * BaseAddress = Lower boundary of the range of bytes to lock.
5933 * NumberOfBytesLock = Offset to the upper boundary.
5934 * NumberOfBytesLocked (OUT) = Number of bytes actually locked.
5936 This procedure maps to the win32 procedure VirtualLock.
5937 * RETURNS: Status [STATUS_SUCCESS | STATUS_WAS_LOCKED ]
5941 ZwLockVirtualMemory(
5942 HANDLE ProcessHandle
,
5944 ULONG NumberOfBytesToLock
,
5945 PULONG NumberOfBytesLocked
5950 ZwOpenObjectAuditAlarm(
5951 IN PUNICODE_STRING SubsystemName
,
5953 IN PUNICODE_STRING ObjectTypeName
,
5954 IN PUNICODE_STRING ObjectName
,
5955 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5956 IN HANDLE ClientToken
,
5957 IN ULONG DesiredAccess
,
5958 IN ULONG GrantedAccess
,
5959 IN PPRIVILEGE_SET Privileges
,
5960 IN BOOLEAN ObjectCreation
,
5961 IN BOOLEAN AccessGranted
,
5962 OUT PBOOLEAN GenerateOnClose
5966 * FUNCTION: Set the access protection of a range of virtual memory
5968 * ProcessHandle = Handle to process owning the virtual address space
5969 * BaseAddress = Start address
5970 * NumberOfBytesToProtect = Delimits the range of virtual memory
5971 * for which the new access protection holds
5972 * NewAccessProtection = The new access proctection for the pages
5973 * OldAccessProtection = Caller should supply storage for the old
5977 * The function maps to the win32 VirtualProtectEx
5982 ZwProtectVirtualMemory(
5983 IN HANDLE ProcessHandle
,
5984 IN PVOID
*BaseAddress
,
5985 IN ULONG
*NumberOfBytesToProtect
,
5986 IN ULONG NewAccessProtection
,
5987 OUT PULONG OldAccessProtection
5992 NtQueryInformationAtom(
5994 IN ATOM_INFORMATION_CLASS AtomInformationClass
,
5995 OUT PVOID AtomInformation
,
5996 IN ULONG AtomInformationLength
,
5997 OUT PULONG ReturnLength OPTIONAL
6002 ZwQueryInformationAtom(
6004 IN ATOM_INFORMATION_CLASS AtomInformationClass
,
6005 OUT PVOID AtomInformation
,
6006 IN ULONG AtomInformationLength
,
6007 OUT PULONG ReturnLength OPTIONAL
6011 * FUNCTION: Query information about the content of a directory object
6014 Buffer = Buffer must be large enough to hold the name strings too
6015 ReturnSingleEntry = If TRUE :return the index of the next object in this directory in ObjectIndex
6016 If FALSE: return the number of objects in this directory in ObjectIndex
6017 RestartScan = If TRUE: ignore input value of ObjectIndex always start at index 0
6018 If FALSE use input value of ObjectIndex
6019 Context = zero based index of object in the directory depends on GetNextIndex and IgnoreInputIndex
6020 ReturnLength = Actual size of the ObjectIndex ???
6025 ZwQueryDirectoryObject(
6026 IN HANDLE DirectoryHandle
,
6028 IN ULONG BufferLength
,
6029 IN BOOLEAN ReturnSingleEntry
,
6030 IN BOOLEAN RestartScan
,
6031 IN OUT PULONG Context
,
6032 OUT PULONG ReturnLength OPTIONAL
6036 * FUNCTION: Queries the information of a process object.
6038 * ProcessHandle = Handle to the process object
6039 * ProcessInformation = Index to a certain information structure
6041 ProcessBasicInformation PROCESS_BASIC_INFORMATION
6042 ProcessQuotaLimits QUOTA_LIMITS
6043 ProcessIoCounters IO_COUNTERS
6044 ProcessVmCounters VM_COUNTERS
6045 ProcessTimes KERNEL_USER_TIMES
6046 ProcessBasePriority KPRIORITY
6047 ProcessRaisePriority KPRIORITY
6048 ProcessDebugPort HANDLE
6049 ProcessExceptionPort HANDLE
6050 ProcessAccessToken PROCESS_ACCESS_TOKEN
6051 ProcessLdtInformation LDT_ENTRY ??
6052 ProcessLdtSize ULONG
6053 ProcessDefaultHardErrorMode ULONG
6054 ProcessIoPortHandlers // kernel mode only
6055 ProcessPooledUsageAndLimits POOLED_USAGE_AND_LIMITS
6056 ProcessWorkingSetWatch PROCESS_WS_WATCH_INFORMATION
6057 ProcessUserModeIOPL (I/O Privilege Level)
6058 ProcessEnableAlignmentFaultFixup BOOLEAN
6059 ProcessPriorityClass ULONG
6060 ProcessWx86Information ULONG
6061 ProcessHandleCount ULONG
6062 ProcessAffinityMask ULONG
6063 ProcessPooledQuotaLimits QUOTA_LIMITS
6066 * ProcessInformation = Caller supplies storage for the process information structure
6067 * ProcessInformationLength = Size of the process information structure
6068 * ReturnLength = Actual number of bytes written
6071 * This procedure maps to the win32 GetProcessTimes, GetProcessVersion,
6072 GetProcessWorkingSetSize, GetProcessPriorityBoost, GetProcessAffinityMask, GetPriorityClass,
6073 GetProcessShutdownParameters functions.
6079 NtQueryInformationProcess(
6080 IN HANDLE ProcessHandle
,
6081 IN PROCESSINFOCLASS ProcessInformationClass
,
6082 OUT PVOID ProcessInformation
,
6083 IN ULONG ProcessInformationLength
,
6084 OUT PULONG ReturnLength OPTIONAL
6089 ZwQueryInformationProcess(
6090 IN HANDLE ProcessHandle
,
6091 IN PROCESSINFOCLASS ProcessInformationClass
,
6092 OUT PVOID ProcessInformation
,
6093 IN ULONG ProcessInformationLength
,
6094 OUT PULONG ReturnLength OPTIONAL
6098 * FUNCTION: Query the interval and the clocksource for profiling
6106 ZwQueryIntervalProfile(
6107 IN KPROFILE_SOURCE ProfileSource
,
6112 * FUNCTION: Queries the information of a object.
6114 ObjectHandle = Handle to a object
6115 ObjectInformationClass = Index to a certain information structure
6117 ObjectBasicInformation OBJECT_BASIC_INFORMATION
6118 ObjectNameInformation OBJECT_NAME_INFORMATION
6119 ObjectTypeInformation OBJECT_TYPE_INFORMATION
6120 ObjectAllTypesInformation OBJECT_ALL_TYPES_INFORMATION
6121 ObjectHandleInformation OBJECT_HANDLE_ATTRIBUTES_INFORMATION
6123 ObjectInformation = Caller supplies storage for resulting information
6124 Length = Size of the supplied storage
6125 ResultLength = Bytes written
6131 IN HANDLE ObjectHandle
,
6132 IN OBJECT_INFORMATION_CLASS ObjectInformationClass
,
6133 OUT PVOID ObjectInformation
,
6135 OUT PULONG ResultLength OPTIONAL
6140 NtQuerySecurityObject(
6142 IN SECURITY_INFORMATION SecurityInformation
,
6143 OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
6145 OUT PULONG ResultLength
6150 ZwQuerySecurityObject(
6152 IN SECURITY_INFORMATION SecurityInformation
,
6153 OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
6155 OUT PULONG ResultLength
6159 * FUNCTION: Queries the virtual memory information.
6161 ProcessHandle = Process owning the virtual address space
6162 BaseAddress = Points to the page where the information is queried for.
6163 * VirtualMemoryInformationClass = Index to a certain information structure
6165 MemoryBasicInformation MEMORY_BASIC_INFORMATION
6167 * VirtualMemoryInformation = caller supplies storage for the information structure
6168 * Length = size of the structure
6169 ResultLength = Data written
6176 ZwQueryVirtualMemory(
6177 IN HANDLE ProcessHandle
,
6179 IN IN CINT VirtualMemoryInformationClass
,
6180 OUT PVOID VirtualMemoryInformation
,
6182 OUT PULONG ResultLength
6186 * FUNCTION: Raises a hard error (stops the system)
6188 * Status = Status code of the hard error
6189 * NumberOfParameters = Number of (optional) parameters in Parameters
6190 * UnicodeStringParameterMask = (optional) string parameter, one per error code
6191 * Parameters = An Array of pointers for use in the error message string
6192 * ResponseOption = Specifies the type of the message box
6193 * Response = Specifies the user's response
6201 IN NTSTATUS ErrorStatus
,
6202 IN ULONG NumberOfParameters
,
6203 IN PUNICODE_STRING UnicodeStringParameterMask OPTIONAL
,
6204 IN PVOID
*Parameters
,
6205 IN HARDERROR_RESPONSE_OPTION ResponseOption
,
6206 OUT PHARDERROR_RESPONSE Response
6210 * FUNCTION: Sets the information of a registry key.
6212 * KeyHandle = Handle to the registry key
6213 * KeyInformationClass = Index to the a certain information structure.
6214 Can be one of the following values:
6216 * KeyLastWriteTimeInformation KEY_LAST_WRITE_TIME_INFORMATION
6218 KeyInformation = Storage for the new information
6219 * KeyInformationLength = Size of the information strucure
6225 ZwSetInformationKey(
6226 IN HANDLE KeyHandle
,
6227 IN KEY_SET_INFORMATION_CLASS KeyInformationClass
,
6228 IN PVOID KeyInformation
,
6229 IN ULONG KeyInformationLength
6233 * FUNCTION: Changes a set of object specific parameters
6236 * ObjectInformationClass = Index to the set of parameters to change.
6238 ObjectHandleInformation OBJECT_HANDLE_ATTRIBUTE_INFORMATION
6241 * ObjectInformation = Caller supplies storage for parameters to set.
6242 * Length = Size of the storage supplied
6247 ZwSetInformationObject(
6248 IN HANDLE ObjectHandle
,
6249 IN OBJECT_INFORMATION_CLASS ObjectInformationClass
,
6250 IN PVOID ObjectInformation
,
6255 * FUNCTION: Changes a set of process specific parameters
6257 * ProcessHandle = Handle to the process
6258 * ProcessInformationClass = Index to a information structure.
6260 * ProcessBasicInformation PROCESS_BASIC_INFORMATION
6261 * ProcessQuotaLimits QUOTA_LIMITS
6262 * ProcessBasePriority KPRIORITY
6263 * ProcessRaisePriority KPRIORITY
6264 * ProcessDebugPort HANDLE
6265 * ProcessExceptionPort HANDLE
6266 * ProcessAccessToken PROCESS_ACCESS_TOKEN
6267 * ProcessDefaultHardErrorMode ULONG
6268 * ProcessPriorityClass ULONG
6269 * ProcessAffinityMask KAFFINITY //??
6271 * ProcessInformation = Caller supplies storage for information to set.
6272 * ProcessInformationLength = Size of the information structure
6277 NtSetInformationProcess(
6278 IN HANDLE ProcessHandle
,
6279 IN PROCESSINFOCLASS ProcessInformationClass
,
6280 IN PVOID ProcessInformation
,
6281 IN ULONG ProcessInformationLength
6286 ZwSetInformationProcess(
6287 IN HANDLE ProcessHandle
,
6288 IN PROCESSINFOCLASS ProcessInformationClass
,
6289 IN PVOID ProcessInformation
,
6290 IN ULONG ProcessInformationLength
6294 * FUNCTION: Sets the characteristics of a timer
6296 * TimerHandle = Handle to the timer
6297 * DueTime = Time before the timer becomes signalled for the first time.
6298 * TimerApcRoutine = Completion routine can be called on time completion
6299 * TimerContext = Argument to the completion routine
6300 * Resume = Specifies if the timer should repeated after completing one cycle
6301 * Period = Cycle of the timer
6302 * REMARKS: This routine maps to the win32 SetWaitableTimer.
6308 IN HANDLE TimerHandle
,
6309 IN PLARGE_INTEGER DueTime
,
6310 IN PTIMER_APC_ROUTINE TimerApcRoutine OPTIONAL
,
6311 IN PVOID TimerContext OPTIONAL
,
6312 IN BOOLEAN ResumeTimer
,
6313 IN LONG Period OPTIONAL
,
6314 OUT PBOOLEAN PreviousState OPTIONAL
6318 NtSetUuidSeed(IN PUCHAR Seed
);
6321 ZwSetUuidSeed(IN PUCHAR Seed
);
6324 * FUNCTION: Unloads a registry key.
6326 * KeyHandle = Handle to the registry key
6328 * This procedure maps to the win32 procedure RegUnloadKey
6334 IN POBJECT_ATTRIBUTES KeyObjectAttributes
6338 * FUNCTION: Unlocks a range of virtual memory.
6340 * ProcessHandle = Handle to the process
6341 * BaseAddress = Lower boundary of the range of bytes to unlock.
6342 * NumberOfBytesToUnlock = Offset to the upper boundary to unlock.
6343 * NumberOfBytesUnlocked (OUT) = Number of bytes actually unlocked.
6345 This procedure maps to the win32 procedure VirtualUnlock
6346 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PAGE_WAS_ULOCKED ]
6350 ZwUnlockVirtualMemory(
6351 IN HANDLE ProcessHandle
,
6352 IN PVOID BaseAddress
,
6353 IN ULONG NumberOfBytesToUnlock
,
6354 OUT PULONG NumberOfBytesUnlocked OPTIONAL
6358 * FUNCTION: Waits for multiple objects to become signalled.
6360 * ObjectCount = The number of objects
6361 * ObjectsArray = The array of object handles
6362 * WaitType = Can be one of the values UserMode or KernelMode
6363 * Alertable = If true the wait is alertable.
6364 * TimeOut = The maximum wait time.
6366 * This function maps to the win32 WaitForMultipleObjectEx.
6371 ZwWaitForMultipleObjects (
6372 IN ULONG ObjectCount
,
6373 IN PHANDLE ObjectsArray
,
6374 IN WAIT_TYPE WaitType
,
6375 IN BOOLEAN Alertable
,
6376 IN PLARGE_INTEGER TimeOut OPTIONAL
6380 * FUNCTION: Creates a profile
6382 * ProfileHandle (OUT) = Caller supplied storage for the resulting handle
6383 * ObjectAttribute = Initialized attributes for the object
6384 * ImageBase = Start address of executable image
6385 * ImageSize = Size of the image
6386 * Granularity = Bucket size
6387 * Buffer = Caller supplies buffer for profiling info
6388 * ProfilingSize = Buffer size
6389 * ClockSource = Specify 0 / FALSE ??
6390 * ProcessorMask = A value of -1 indicates disables per processor profiling,
6391 otherwise bit set for the processor to profile.
6393 * This function maps to the win32 CreateProcess.
6400 OUT PHANDLE ProfileHandle
,
6401 IN HANDLE Process OPTIONAL
,
6404 IN ULONG BucketSize
,
6406 IN ULONG BufferSize
,
6407 IN KPROFILE_SOURCE ProfileSource
,
6408 IN KAFFINITY Affinity
6412 * FUNCTION: Delays the execution of the calling thread.
6414 * Alertable = If TRUE the thread is alertable during is wait period
6415 * Interval = Specifies the interval to wait.
6421 IN BOOLEAN Alertable
,
6422 IN PLARGE_INTEGER DelayInterval
6426 * FUNCTION: Extends a section
6428 * SectionHandle = Handle to the section
6429 * NewMaximumSize = Adjusted size
6435 IN HANDLE SectionHandle
,
6436 IN PLARGE_INTEGER NewMaximumSize
6440 * FUNCTION: Queries the information of a section object.
6442 * SectionHandle = Handle to the section link object
6443 * SectionInformationClass = Index to a certain information structure
6444 * SectionInformation (OUT)= Caller supplies storage for resulting information
6445 * Length = Size of the supplied storage
6446 * ResultLength = Data written
6453 IN HANDLE SectionHandle
,
6454 IN SECTION_INFORMATION_CLASS SectionInformationClass
,
6455 OUT PVOID SectionInformation
,
6456 IN ULONG SectionInformationLength
,
6457 OUT PULONG ResultLength OPTIONAL
6460 typedef struct _SECTION_IMAGE_INFORMATION
6462 ULONG_PTR EntryPoint
;
6464 ULONG_PTR StackReserve
;
6465 ULONG_PTR StackCommit
;
6467 USHORT MinorSubsystemVersion
;
6468 USHORT MajorSubsystemVersion
;
6470 ULONG Characteristics
;
6475 } SECTION_IMAGE_INFORMATION
, *PSECTION_IMAGE_INFORMATION
;
6477 #endif /* !__USE_W32API */
6480 * FUNCTION: Loads a registry key.
6482 * KeyObjectAttributes = Key to be loaded
6483 * FileObjectAttributes = File to load the key from
6486 * This procedure maps to the win32 procedure RegLoadKey
6492 IN POBJECT_ATTRIBUTES KeyObjectAttributes
,
6493 IN POBJECT_ATTRIBUTES FileObjectAttributes
,
6500 IN POBJECT_ATTRIBUTES KeyObjectAttributes
,
6501 IN POBJECT_ATTRIBUTES FileObjectAttributes
,
6506 * FUNCTION: Retrieves the system time
6508 * CurrentTime (OUT) = Caller should supply storage for the resulting time.
6516 OUT PLARGE_INTEGER CurrentTime
6520 * FUNCTION: Queries the information of a object.
6522 ObjectHandle = Handle to a object
6523 ObjectInformationClass = Index to a certain information structure
6525 ObjectBasicInformation OBJECT_BASIC_INFORMATION
6526 ObjectNameInformation OBJECT_NAME_INFORMATION
6527 ObjectTypeInformation OBJECT_TYPE_INFORMATION
6528 ObjectAllTypesInformation OBJECT_ALL_TYPES_INFORMATION
6529 ObjectHandleInformation OBJECT_HANDLE_ATTRIBUTE_INFORMATION
6531 ObjectInformation = Caller supplies storage for resulting information
6532 Length = Size of the supplied storage
6533 ResultLength = Bytes written
6539 IN HANDLE ObjectHandle
,
6540 IN OBJECT_INFORMATION_CLASS ObjectInformationClass
,
6541 OUT PVOID ObjectInformation
,
6543 OUT PULONG ResultLength OPTIONAL
6546 /* BEGIN REACTOS ONLY */
6549 ExInitializeBinaryTree(IN PBINARY_TREE Tree
,
6550 IN PKEY_COMPARATOR Compare
,
6551 IN BOOLEAN UseNonPagedPool
);
6554 ExDeleteBinaryTree(IN PBINARY_TREE Tree
);
6557 ExInsertBinaryTree(IN PBINARY_TREE Tree
,
6562 ExSearchBinaryTree(IN PBINARY_TREE Tree
,
6567 ExRemoveBinaryTree(IN PBINARY_TREE Tree
,
6572 ExTraverseBinaryTree(IN PBINARY_TREE Tree
,
6573 IN TRAVERSE_METHOD Method
,
6574 IN PTRAVERSE_ROUTINE Routine
,
6578 ExInitializeSplayTree(IN PSPLAY_TREE Tree
,
6579 IN PKEY_COMPARATOR Compare
,
6580 IN BOOLEAN Weighted
,
6581 IN BOOLEAN UseNonPagedPool
);
6584 ExDeleteSplayTree(IN PSPLAY_TREE Tree
);
6587 ExInsertSplayTree(IN PSPLAY_TREE Tree
,
6592 ExSearchSplayTree(IN PSPLAY_TREE Tree
,
6597 ExRemoveSplayTree(IN PSPLAY_TREE Tree
,
6602 ExWeightOfSplayTree(IN PSPLAY_TREE Tree
,
6606 ExTraverseSplayTree(IN PSPLAY_TREE Tree
,
6607 IN TRAVERSE_METHOD Method
,
6608 IN PTRAVERSE_ROUTINE Routine
,
6612 ExInitializeHashTable(IN PHASH_TABLE HashTable
,
6613 IN ULONG HashTableSize
,
6614 IN PKEY_COMPARATOR Compare OPTIONAL
,
6615 IN BOOLEAN UseNonPagedPool
);
6618 ExDeleteHashTable(IN PHASH_TABLE HashTable
);
6621 ExInsertHashTable(IN PHASH_TABLE HashTable
,
6627 ExSearchHashTable(IN PHASH_TABLE HashTable
,
6633 ExRemoveHashTable(IN PHASH_TABLE HashTable
,
6638 /* END REACTOS ONLY */
6640 #endif /* __DDK_ZW_H */