2 /* $Id: zw.h,v 1.1 2002/09/07 15:12:21 chorns Exp $
4 * COPYRIGHT: See COPYING in the top level directory
5 * PROJECT: ReactOS kernel
6 * PURPOSE: System call definitions
7 * FILE: include/ddk/zw.h
9 * ??/??/??: First few functions (David Welch)
10 * ??/??/??: Complete implementation by Ariadne
11 * 13/07/98: Reorganised things a bit (David Welch)
12 * 04/08/98: Added some documentation (Ariadne)
13 * 14/08/98: Added type TIME and change variable type from [1] to [0]
14 * 14/09/98: Added for each Nt call a corresponding Zw Call
21 //#define SECURITY_INFORMATION ULONG
22 //typedef ULONG SECURITY_INFORMATION;
26 * FUNCTION: Checks a clients access rights to a object
28 * SecurityDescriptor = Security information against which the access is checked
29 * ClientToken = Represents a client
33 * ReturnLength = Bytes written
35 * AccessStatus = Indicates if the ClientToken allows the requested access
36 * REMARKS: The arguments map to the win32 AccessCheck
43 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
44 IN HANDLE ClientToken
,
45 IN ACCESS_MASK DesiredAcces
,
46 IN PGENERIC_MAPPING GenericMapping
,
47 OUT PPRIVILEGE_SET PrivilegeSet
,
48 OUT PULONG ReturnLength
,
49 OUT PULONG GrantedAccess
,
50 OUT PBOOLEAN AccessStatus
56 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
57 IN HANDLE ClientToken
,
58 IN ACCESS_MASK DesiredAcces
,
59 IN PGENERIC_MAPPING GenericMapping
,
60 OUT PPRIVILEGE_SET PrivilegeSet
,
61 OUT PULONG ReturnLength
,
62 OUT PULONG GrantedAccess
,
63 OUT PBOOLEAN AccessStatus
67 * FUNCTION: Checks a clients access rights to a object and issues a audit a alarm. ( it logs the access )
69 * SubsystemName = Specifies the name of the subsystem, can be "WIN32" or "DEBUG"
78 * REMARKS: The arguments map to the win32 AccessCheck
84 NtAccessCheckAndAuditAlarm(
85 IN PUNICODE_STRING SubsystemName
,
86 IN PHANDLE ObjectHandle
,
87 IN POBJECT_ATTRIBUTES ObjectAttributes
,
88 IN ACCESS_MASK DesiredAccess
,
89 IN PGENERIC_MAPPING GenericMapping
,
90 IN BOOLEAN ObjectCreation
,
91 OUT PULONG GrantedAccess
,
92 OUT PBOOLEAN AccessStatus
,
93 OUT PBOOLEAN GenerateOnClose
101 IN OUT PRTL_ATOM Atom
106 * FUNCTION: Adjusts the groups in an access token
108 * TokenHandle = Specifies the access token
109 * ResetToDefault = If true the NewState parameter is ignored and the groups are set to
110 * their default state, if false the groups specified in
113 * BufferLength = Specifies the size of the buffer for the PreviousState.
115 * ReturnLength = Bytes written in PreviousState buffer.
116 * REMARKS: The arguments map to the win32 AdjustTokenGroups
123 IN HANDLE TokenHandle
,
124 IN BOOLEAN ResetToDefault
,
125 IN PTOKEN_GROUPS NewState
,
126 IN ULONG BufferLength
,
127 OUT PTOKEN_GROUPS PreviousState OPTIONAL
,
128 OUT PULONG ReturnLength
134 IN HANDLE TokenHandle
,
135 IN BOOLEAN ResetToDefault
,
136 IN PTOKEN_GROUPS NewState
,
137 IN ULONG BufferLength
,
138 OUT PTOKEN_GROUPS PreviousState
,
139 OUT PULONG ReturnLength
147 * TokenHandle = Handle to the access token
148 * DisableAllPrivileges = The resulting suspend count.
154 * The arguments map to the win32 AdjustTokenPrivileges
160 NtAdjustPrivilegesToken(
161 IN HANDLE TokenHandle
,
162 IN BOOLEAN DisableAllPrivileges
,
163 IN PTOKEN_PRIVILEGES NewState
,
164 IN ULONG BufferLength
,
165 OUT PTOKEN_PRIVILEGES PreviousState
,
166 OUT PULONG ReturnLength
171 ZwAdjustPrivilegesToken(
172 IN HANDLE TokenHandle
,
173 IN BOOLEAN DisableAllPrivileges
,
174 IN PTOKEN_PRIVILEGES NewState
,
175 IN ULONG BufferLength
,
176 OUT PTOKEN_PRIVILEGES PreviousState
,
177 OUT PULONG ReturnLength
182 * FUNCTION: Decrements a thread's suspend count and places it in an alerted
185 * ThreadHandle = Handle to the thread that should be resumed
186 * SuspendCount = The resulting suspend count.
188 * A thread is resumed if its suspend count is 0
194 IN HANDLE ThreadHandle
,
195 OUT PULONG SuspendCount
201 IN HANDLE ThreadHandle
,
202 OUT PULONG SuspendCount
206 * FUNCTION: Puts the thread in a alerted state
208 * ThreadHandle = Handle to the thread that should be alerted
214 IN HANDLE ThreadHandle
220 IN HANDLE ThreadHandle
225 * FUNCTION: Allocates a locally unique id
227 * LocallyUniqueId = Locally unique number
232 NtAllocateLocallyUniqueId(
233 OUT LUID
*LocallyUniqueId
238 ZwAllocateLocallyUniqueId(
245 PULARGE_INTEGER Time
,
252 * FUNCTION: Allocates a block of virtual memory in the process address space
254 * ProcessHandle = The handle of the process which owns the virtual memory
255 * BaseAddress = A pointer to the virtual memory allocated. If you supply a non zero
256 * value the system will try to allocate the memory at the address supplied. It rounds
257 * it down to a multiple if the page size.
258 * ZeroBits = (OPTIONAL) You can specify the number of high order bits that must be zero, ensuring that
259 * the memory will be allocated at a address below a certain value.
260 * RegionSize = The number of bytes to allocate
261 * AllocationType = Indicates the type of virtual memory you like to allocated,
262 * can be one of the values : MEM_COMMIT, MEM_RESERVE, MEM_RESET, MEM_TOP_DOWN
263 * Protect = Indicates the protection type of the pages allocated, can be a combination of
264 * PAGE_READONLY, PAGE_READWRITE, PAGE_EXECUTE_READ,
265 * PAGE_EXECUTE_READWRITE, PAGE_GUARD, PAGE_NOACCESS, PAGE_NOACCESS
267 * This function maps to the win32 VirtualAllocEx. Virtual memory is process based so the
268 * protocol starts with a ProcessHandle. I splitted the functionality of obtaining the actual address and specifying
269 * the start address in two parameters ( BaseAddress and StartAddress ) The NumberOfBytesAllocated specify the range
270 * and the AllocationType and ProctectionType map to the other two parameters.
275 NtAllocateVirtualMemory (
276 IN HANDLE ProcessHandle
,
277 IN OUT PVOID
*BaseAddress
,
279 IN OUT PULONG RegionSize
,
280 IN ULONG AllocationType
,
286 ZwAllocateVirtualMemory (
287 IN HANDLE ProcessHandle
,
288 IN OUT PVOID
*BaseAddress
,
290 IN OUT PULONG RegionSize
,
291 IN ULONG AllocationType
,
295 * FUNCTION: Returns from a callback into user mode
299 //FIXME: this function might need 3 parameters
300 NTSTATUS STDCALL
NtCallbackReturn(PVOID Result
,
304 NTSTATUS STDCALL
ZwCallbackReturn(PVOID Result
,
309 * FUNCTION: Cancels a IO request
311 * FileHandle = Handle to the file
315 * This function maps to the win32 CancelIo.
321 IN HANDLE FileHandle
,
322 OUT PIO_STATUS_BLOCK IoStatusBlock
328 IN HANDLE FileHandle
,
329 OUT PIO_STATUS_BLOCK IoStatusBlock
332 * FUNCTION: Cancels a timer
334 * TimerHandle = Handle to the timer
335 * CurrentState = Specifies the state of the timer when cancelled.
337 * The arguments to this function map to the function CancelWaitableTimer.
343 IN HANDLE TimerHandle
,
344 OUT PBOOLEAN CurrentState OPTIONAL
348 * FUNCTION: Sets the status of the event back to non-signaled
350 * EventHandle = Handle to the event
352 * This function maps to win32 function ResetEvent.
359 IN HANDLE EventHandle
365 IN HANDLE EventHandle
369 * FUNCTION: Closes an object handle
371 * Handle = Handle to the object
373 * This function maps to the win32 function CloseHandle.
390 * FUNCTION: Generates an audit message when a handle to an object is dereferenced
393 HandleId = Handle to the object
396 * This function maps to the win32 function ObjectCloseAuditAlarm.
402 NtCloseObjectAuditAlarm(
403 IN PUNICODE_STRING SubsystemName
,
405 IN BOOLEAN GenerateOnClose
410 ZwCloseObjectAuditAlarm(
411 IN PUNICODE_STRING SubsystemName
,
413 IN BOOLEAN GenerateOnClose
417 * FUNCTION: Continues a thread with the specified context
419 * Context = Specifies the processor context
420 * IrqLevel = Specifies the Interupt Request Level to continue with. Can
421 * be PASSIVE_LEVEL or APC_LEVEL
423 * NtContinue can be used to continue after an exception or apc.
426 //FIXME This function might need another parameter
437 * FUNCTION: Creates a directory object
439 * DirectoryHandle (OUT) = Caller supplied storage for the resulting handle
440 * DesiredAccess = Specifies access to the directory
441 * ObjectAttribute = Initialized attributes for the object
442 * REMARKS: This function maps to the win32 CreateDirectory. A directory is like a file so it needs a
443 * handle, a access mask and a OBJECT_ATTRIBUTES structure to map the path name and the SECURITY_ATTRIBUTES.
449 NtCreateDirectoryObject(
450 OUT PHANDLE DirectoryHandle
,
451 IN ACCESS_MASK DesiredAccess
,
452 IN POBJECT_ATTRIBUTES ObjectAttributes
457 ZwCreateDirectoryObject(
458 OUT PHANDLE DirectoryHandle
,
459 IN ACCESS_MASK DesiredAccess
,
460 IN POBJECT_ATTRIBUTES ObjectAttributes
464 * FUNCTION: Creates an event object
466 * EventHandle (OUT) = Caller supplied storage for the resulting handle
467 * DesiredAccess = Specifies access to the event
468 * ObjectAttribute = Initialized attributes for the object
469 * ManualReset = manual-reset or auto-reset if true you have to reset the state of the event manually
470 * using NtResetEvent/NtClearEvent. if false the system will reset the event to a non-signalled state
471 * automatically after the system has rescheduled a thread waiting on the event.
472 * InitialState = specifies the initial state of the event to be signaled ( TRUE ) or non-signalled (FALSE).
473 * REMARKS: This function maps to the win32 CreateEvent. Demanding a out variable of type HANDLE,
474 * a access mask and a OBJECT_ATTRIBUTES structure mapping to the SECURITY_ATTRIBUTES. ManualReset and InitialState are
475 * both parameters aswell ( possibly the order is reversed ).
482 OUT PHANDLE EventHandle
,
483 IN ACCESS_MASK DesiredAccess
,
484 IN POBJECT_ATTRIBUTES ObjectAttributes
,
485 IN BOOLEAN ManualReset
,
486 IN BOOLEAN InitialState
492 OUT PHANDLE EventHandle
,
493 IN ACCESS_MASK DesiredAccess
,
494 IN POBJECT_ATTRIBUTES ObjectAttributes
,
495 IN BOOLEAN ManualReset
,
496 IN BOOLEAN InitialState
500 * FUNCTION: Creates an eventpair object
502 * EventPairHandle (OUT) = Caller supplied storage for the resulting handle
503 * DesiredAccess = Specifies access to the event
504 * ObjectAttribute = Initialized attributes for the object
510 OUT PHANDLE EventPairHandle
,
511 IN ACCESS_MASK DesiredAccess
,
512 IN POBJECT_ATTRIBUTES ObjectAttributes
518 OUT PHANDLE EventPairHandle
,
519 IN ACCESS_MASK DesiredAccess
,
520 IN POBJECT_ATTRIBUTES ObjectAttributes
525 * FUNCTION: Creates or opens a file, directory or device object.
527 * FileHandle (OUT) = Caller supplied storage for the resulting handle
528 * DesiredAccess = Specifies the allowed or desired access to the file can
529 * be a combination of DELETE | FILE_READ_DATA ..
530 * ObjectAttribute = Initialized attributes for the object, contains the rootdirectory and the filename
531 * IoStatusBlock (OUT) = Caller supplied storage for the resulting status information, indicating if the
532 * the file is created and opened or allready existed and is just opened.
533 * FileAttributes = file attributes can be a combination of FILE_ATTRIBUTE_READONLY | FILE_ATTRIBUTE_HIDDEN ...
534 * ShareAccess = can be a combination of the following: FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE
535 * CreateDisposition = specifies what the behavior of the system if the file allready exists.
536 * CreateOptions = specifies the behavior of the system on file creation.
537 * EaBuffer (OPTIONAL) = Extended Attributes buffer, applies only to files and directories.
538 * EaLength = Extended Attributes buffer size, applies only to files and directories.
539 * REMARKS: This function maps to the win32 CreateFile.
546 OUT PHANDLE FileHandle
,
547 IN ACCESS_MASK DesiredAccess
,
548 IN POBJECT_ATTRIBUTES ObjectAttributes
,
549 OUT PIO_STATUS_BLOCK IoStatusBlock
,
550 IN PLARGE_INTEGER AllocationSize OPTIONAL
,
551 IN ULONG FileAttributes
,
552 IN ULONG ShareAccess
,
553 IN ULONG CreateDisposition
,
554 IN ULONG CreateOptions
,
555 IN PVOID EaBuffer OPTIONAL
,
562 OUT PHANDLE FileHandle
,
563 IN ACCESS_MASK DesiredAccess
,
564 IN POBJECT_ATTRIBUTES ObjectAttributes
,
565 OUT PIO_STATUS_BLOCK IoStatusBlock
,
566 IN PLARGE_INTEGER AllocationSize OPTIONAL
,
567 IN ULONG FileAttributes
,
568 IN ULONG ShareAccess
,
569 IN ULONG CreateDisposition
,
570 IN ULONG CreateOptions
,
571 IN PVOID EaBuffer OPTIONAL
,
576 * FUNCTION: Creates or opens a file, directory or device object.
578 * CompletionPort (OUT) = Caller supplied storage for the resulting handle
579 * DesiredAccess = Specifies the allowed or desired access to the port
581 * NumberOfConcurrentThreads =
582 * REMARKS: This function maps to the win32 CreateIoCompletionPort
589 NtCreateIoCompletion(
590 OUT PHANDLE CompletionPort
,
591 IN ACCESS_MASK DesiredAccess
,
592 OUT PIO_STATUS_BLOCK IoStatusBlock
,
593 IN ULONG NumberOfConcurrentThreads
598 ZwCreateIoCompletion(
599 OUT PHANDLE CompletionPort
,
600 IN ACCESS_MASK DesiredAccess
,
601 OUT PIO_STATUS_BLOCK IoStatusBlock
,
602 IN ULONG NumberOfConcurrentThreads
607 * FUNCTION: Creates a mail slot file
609 * MailSlotFileHandle (OUT) = Caller supplied storage for the resulting handle
610 * DesiredAccess = Specifies the allowed or desired access to the file
611 * ObjectAttributes = Contains the name of the mailslotfile.
618 * REMARKS: This funciton maps to the win32 function CreateMailSlot
625 NtCreateMailslotFile(
626 OUT PHANDLE MailSlotFileHandle
,
627 IN ACCESS_MASK DesiredAccess
,
628 IN POBJECT_ATTRIBUTES ObjectAttributes
,
629 OUT PIO_STATUS_BLOCK IoStatusBlock
,
630 IN ULONG FileAttributes
,
631 IN ULONG ShareAccess
,
632 IN ULONG MaxMessageSize
,
633 IN PLARGE_INTEGER TimeOut
638 ZwCreateMailslotFile(
639 OUT PHANDLE MailSlotFileHandle
,
640 IN ACCESS_MASK DesiredAccess
,
641 IN POBJECT_ATTRIBUTES ObjectAttributes
,
642 OUT PIO_STATUS_BLOCK IoStatusBlock
,
643 IN ULONG FileAttributes
,
644 IN ULONG ShareAccess
,
645 IN ULONG MaxMessageSize
,
646 IN PLARGE_INTEGER TimeOut
650 * FUNCTION: Creates or opens a mutex
652 * MutantHandle (OUT) = Caller supplied storage for the resulting handle
653 * DesiredAccess = Specifies the allowed or desired access to the port
654 * ObjectAttributes = Contains the name of the mutex.
655 * InitialOwner = If true the calling thread acquires ownership
657 * REMARKS: This funciton maps to the win32 function CreateMutex
664 OUT PHANDLE MutantHandle
,
665 IN ACCESS_MASK DesiredAccess
,
666 IN POBJECT_ATTRIBUTES ObjectAttributes
,
667 IN BOOLEAN InitialOwner
673 OUT PHANDLE MutantHandle
,
674 IN ACCESS_MASK DesiredAccess
,
675 IN POBJECT_ATTRIBUTES ObjectAttributes
,
676 IN BOOLEAN InitialOwner
681 * FUNCTION: Creates a paging file.
683 * FileName = Name of the pagefile
684 * InitialSize = Specifies the initial size in bytes
685 * MaximumSize = Specifies the maximum size in bytes
686 * Reserved = Reserved for future use
692 IN PUNICODE_STRING FileName
,
693 IN PLARGE_INTEGER InitialSize
,
694 IN PLARGE_INTEGER MaxiumSize
,
699 * FUNCTION: Creates a process.
701 * ProcessHandle (OUT) = Caller supplied storage for the resulting handle
702 * DesiredAccess = Specifies the allowed or desired access to the process can
703 * be a combinate of STANDARD_RIGHTS_REQUIRED| ..
704 * ObjectAttribute = Initialized attributes for the object, contains the rootdirectory and the filename
705 * ParentProcess = Handle to the parent process.
706 * InheritObjectTable = Specifies to inherit the objects of the parent process if true.
707 * SectionHandle = Handle to a section object to back the image file
708 * DebugPort = Handle to a DebugPort if NULL the system default debug port will be used.
709 * ExceptionPort = Handle to a exception port.
711 * This function maps to the win32 CreateProcess.
717 OUT PHANDLE ProcessHandle
,
718 IN ACCESS_MASK DesiredAccess
,
719 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
720 IN HANDLE ParentProcess
,
721 IN BOOLEAN InheritObjectTable
,
722 IN HANDLE SectionHandle OPTIONAL
,
723 IN HANDLE DebugPort OPTIONAL
,
724 IN HANDLE ExceptionPort OPTIONAL
730 OUT PHANDLE ProcessHandle
,
731 IN ACCESS_MASK DesiredAccess
,
732 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
733 IN HANDLE ParentProcess
,
734 IN BOOLEAN InheritObjectTable
,
735 IN HANDLE SectionHandle OPTIONAL
,
736 IN HANDLE DebugPort OPTIONAL
,
737 IN HANDLE ExceptionPort OPTIONAL
741 * FUNCTION: Creates a profile
743 * ProfileHandle (OUT) = Caller supplied storage for the resulting handle
744 * ObjectAttribute = Initialized attributes for the object
745 * ImageBase = Start address of executable image
746 * ImageSize = Size of the image
747 * Granularity = Bucket size
748 * Buffer = Caller supplies buffer for profiling info
749 * ProfilingSize = Buffer size
750 * ClockSource = Specify 0 / FALSE ??
751 * ProcessorMask = A value of -1 indicates disables per processor profiling,
752 otherwise bit set for the processor to profile.
754 * This function maps to the win32 CreateProcess.
760 NtCreateProfile(OUT PHANDLE ProfileHandle
,
761 IN HANDLE ProcessHandle
,
764 IN ULONG Granularity
,
766 IN ULONG ProfilingSize
,
767 IN KPROFILE_SOURCE Source
,
768 IN ULONG ProcessorMask
);
771 * FUNCTION: Creates a section object.
773 * SectionHandle (OUT) = Caller supplied storage for the resulting handle
774 * DesiredAccess = Specifies the desired access to the section can be a combination of STANDARD_RIGHTS_REQUIRED | SECTION_QUERY | SECTION_MAP_WRITE |
775 * SECTION_MAP_READ | SECTION_MAP_EXECUTE.
776 * ObjectAttribute = Initialized attributes for the object can be used to create a named section
777 * MaxiumSize = Maximizes the size of the memory section. Must be non-NULL for a page-file backed section.
778 * If value specified for a mapped file and the file is not large enough, file will be extended.
779 * SectionPageProtection = Can be a combination of PAGE_READONLY | PAGE_READWRITE | PAGE_WRITEONLY | PAGE_WRITECOPY.
780 * AllocationAttributes = can be a combination of SEC_IMAGE | SEC_RESERVE
781 * FileHanlde = Handle to a file to create a section mapped to a file instead of a memory backed section.
788 OUT PHANDLE SectionHandle
,
789 IN ACCESS_MASK DesiredAccess
,
790 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
791 IN PLARGE_INTEGER MaximumSize OPTIONAL
,
792 IN ULONG SectionPageProtection OPTIONAL
,
793 IN ULONG AllocationAttributes
,
794 IN HANDLE FileHandle OPTIONAL
800 OUT PHANDLE SectionHandle
,
801 IN ACCESS_MASK DesiredAccess
,
802 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
803 IN PLARGE_INTEGER MaximumSize OPTIONAL
,
804 IN ULONG SectionPageProtection OPTIONAL
,
805 IN ULONG AllocationAttributes
,
806 IN HANDLE FileHandle OPTIONAL
810 * FUNCTION: Creates a semaphore object for interprocess synchronization.
812 * SemaphoreHandle (OUT) = Caller supplied storage for the resulting handle
813 * DesiredAccess = Specifies the allowed or desired access to the semaphore.
814 * ObjectAttribute = Initialized attributes for the object.
815 * InitialCount = Not necessary zero, might be smaller than zero.
816 * MaximumCount = Maxiumum count the semaphore can reach.
819 * The semaphore is set to signaled when its count is greater than zero, and non-signaled when its count is zero.
822 //FIXME: should a semaphore's initial count allowed to be smaller than zero ??
826 OUT PHANDLE SemaphoreHandle
,
827 IN ACCESS_MASK DesiredAccess
,
828 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
829 IN LONG InitialCount
,
836 OUT PHANDLE SemaphoreHandle
,
837 IN ACCESS_MASK DesiredAccess
,
838 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
839 IN LONG InitialCount
,
844 * FUNCTION: Creates a symbolic link object
846 * SymbolicLinkHandle (OUT) = Caller supplied storage for the resulting handle
847 * DesiredAccess = Specifies the allowed or desired access to the thread.
848 * ObjectAttributes = Initialized attributes for the object.
849 * Name = Target name of the symbolic link
854 NtCreateSymbolicLinkObject(
855 OUT PHANDLE SymbolicLinkHandle
,
856 IN ACCESS_MASK DesiredAccess
,
857 IN POBJECT_ATTRIBUTES ObjectAttributes
,
858 IN PUNICODE_STRING Name
863 ZwCreateSymbolicLinkObject(
864 OUT PHANDLE SymbolicLinkHandle
,
865 IN ACCESS_MASK DesiredAccess
,
866 IN POBJECT_ATTRIBUTES ObjectAttributes
,
867 IN PUNICODE_STRING Name
871 * FUNCTION: Creates a user mode thread
873 * ThreadHandle (OUT) = Caller supplied storage for the resulting handle
874 * DesiredAccess = Specifies the allowed or desired access to the thread.
875 * ObjectAttributes = Initialized attributes for the object.
876 * ProcessHandle = Handle to the threads parent process.
877 * ClientId (OUT) = Caller supplies storage for returned process id and thread id.
878 * ThreadContext = Initial processor context for the thread.
879 * InitialTeb = Initial user mode stack context for the thread.
880 * CreateSuspended = Specifies if the thread is ready for scheduling
882 * This function maps to the win32 function CreateThread.
888 OUT PHANDLE ThreadHandle
,
889 IN ACCESS_MASK DesiredAccess
,
890 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
891 IN HANDLE ProcessHandle
,
892 OUT PCLIENT_ID ClientId
,
893 IN PCONTEXT ThreadContext
,
894 IN PINITIAL_TEB InitialTeb
,
895 IN BOOLEAN CreateSuspended
899 * FUNCTION: Creates a waitable timer.
901 * TimerHandle (OUT) = Caller supplied storage for the resulting handle
902 * DesiredAccess = Specifies the allowed or desired access to the timer.
903 * ObjectAttributes = Initialized attributes for the object.
904 * TimerType = Specifies if the timer should be reset manually.
906 * This function maps to the win32 CreateWaitableTimer. lpTimerAttributes and lpTimerName map to
907 * corresponding fields in OBJECT_ATTRIBUTES structure.
913 OUT PHANDLE TimerHandle
,
914 IN ACCESS_MASK DesiredAccess
,
915 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
916 IN TIMER_TYPE TimerType
922 OUT PHANDLE TimerHandle
,
923 IN ACCESS_MASK DesiredAccess
,
924 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
925 IN TIMER_TYPE TimerType
929 * FUNCTION: Creates a token.
931 * TokenHandle (OUT) = Caller supplied storage for the resulting handle
932 * DesiredAccess = Specifies the allowed or desired access to the process can
933 * be a combinate of STANDARD_RIGHTS_REQUIRED| ..
934 * ObjectAttribute = Initialized attributes for the object, contains the rootdirectory and the filename
942 * TokenPrimaryGroup =
946 * This function does not map to a win32 function
953 OUT PHANDLE TokenHandle
,
954 IN ACCESS_MASK DesiredAccess
,
955 IN POBJECT_ATTRIBUTES ObjectAttributes
,
956 IN TOKEN_TYPE TokenType
,
957 IN PLUID AuthenticationId
,
958 IN PLARGE_INTEGER ExpirationTime
,
959 IN PTOKEN_USER TokenUser
,
960 IN PTOKEN_GROUPS TokenGroups
,
961 IN PTOKEN_PRIVILEGES TokenPrivileges
,
962 IN PTOKEN_OWNER TokenOwner
,
963 IN PTOKEN_PRIMARY_GROUP TokenPrimaryGroup
,
964 IN PTOKEN_DEFAULT_DACL TokenDefaultDacl
,
965 IN PTOKEN_SOURCE TokenSource
971 OUT PHANDLE TokenHandle
,
972 IN ACCESS_MASK DesiredAccess
,
973 IN POBJECT_ATTRIBUTES ObjectAttributes
,
974 IN TOKEN_TYPE TokenType
,
975 IN PLUID AuthenticationId
,
976 IN PLARGE_INTEGER ExpirationTime
,
977 IN PTOKEN_USER TokenUser
,
978 IN PTOKEN_GROUPS TokenGroups
,
979 IN PTOKEN_PRIVILEGES TokenPrivileges
,
980 IN PTOKEN_OWNER TokenOwner
,
981 IN PTOKEN_PRIMARY_GROUP TokenPrimaryGroup
,
982 IN PTOKEN_DEFAULT_DACL TokenDefaultDacl
,
983 IN PTOKEN_SOURCE TokenSource
987 * FUNCTION: Returns the callers thread TEB.
988 * RETURNS: The resulting teb.
998 * FUNCTION: Delays the execution of the calling thread.
1000 * Alertable = If TRUE the thread is alertable during is wait period
1001 * Interval = Specifies the interval to wait.
1004 NTSTATUS STDCALL
NtDelayExecution(IN ULONG Alertable
, IN TIME
* Interval
);
1007 * FUNCTION: Deletes an atom from the global atom table
1009 * Atom = Identifies the atom to delete
1011 * The function maps to the win32 GlobalDeleteAtom
1027 * FUNCTION: Deletes a file or a directory
1029 * ObjectAttributes = Name of the file which should be deleted
1031 * This system call is functionally equivalent to NtSetInformationFile
1032 * setting the disposition information.
1033 * The function maps to the win32 DeleteFile.
1039 IN POBJECT_ATTRIBUTES ObjectAttributes
1045 IN POBJECT_ATTRIBUTES ObjectAttributes
1049 * FUNCTION: Deletes a registry key
1051 * KeyHandle = Handle of the key
1066 * FUNCTION: Generates a audit message when an object is deleted
1068 * SubsystemName = Spefies the name of the subsystem can be 'WIN32' or 'DEBUG'
1069 * HandleId= Handle to an audit object
1070 * GenerateOnClose = Value returned by NtAccessCheckAndAuditAlarm
1071 * REMARKS: This function maps to the win32 ObjectCloseAuditAlarm
1077 NtDeleteObjectAuditAlarm (
1078 IN PUNICODE_STRING SubsystemName
,
1080 IN BOOLEAN GenerateOnClose
1085 ZwDeleteObjectAuditAlarm (
1086 IN PUNICODE_STRING SubsystemName
,
1088 IN BOOLEAN GenerateOnClose
1093 * FUNCTION: Deletes a value from a registry key
1095 * KeyHandle = Handle of the key
1096 * ValueName = Name of the value to delete
1103 IN HANDLE KeyHandle
,
1104 IN PUNICODE_STRING ValueName
1110 IN HANDLE KeyHandle
,
1111 IN PUNICODE_STRING ValueName
1114 * FUNCTION: Sends IOCTL to the io sub system
1116 * DeviceHandle = Points to the handle that is created by NtCreateFile
1117 * Event = Event to synchronize on STATUS_PENDING
1118 * ApcRoutine = Asynchroneous procedure callback
1119 * ApcContext = Callback context.
1120 * IoStatusBlock = Caller should supply storage for extra information..
1121 * IoControlCode = Contains the IO Control command. This is an
1122 * index to the structures in InputBuffer and OutputBuffer.
1123 * InputBuffer = Caller should supply storage for input buffer if IOTL expects one.
1124 * InputBufferSize = Size of the input bufffer
1125 * OutputBuffer = Caller should supply storage for output buffer if IOTL expects one.
1126 * OutputBufferSize = Size of the input bufffer
1132 NtDeviceIoControlFile(
1133 IN HANDLE DeviceHandle
,
1134 IN HANDLE Event OPTIONAL
,
1135 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL
,
1136 IN PVOID UserApcContext OPTIONAL
,
1137 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1138 IN ULONG IoControlCode
,
1139 IN PVOID InputBuffer
,
1140 IN ULONG InputBufferSize
,
1141 OUT PVOID OutputBuffer
,
1142 IN ULONG OutputBufferSize
1147 ZwDeviceIoControlFile(
1148 IN HANDLE DeviceHandle
,
1149 IN HANDLE Event OPTIONAL
,
1150 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL
,
1151 IN PVOID UserApcContext OPTIONAL
,
1152 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1153 IN ULONG IoControlCode
,
1154 IN PVOID InputBuffer
,
1155 IN ULONG InputBufferSize
,
1156 OUT PVOID OutputBuffer
,
1157 IN ULONG OutputBufferSize
1160 * FUNCTION: Displays a string on the blue screen
1162 * DisplayString = The string to display
1169 IN PUNICODE_STRING DisplayString
1175 IN PUNICODE_STRING DisplayString
1179 * FUNCTION: Returns information about the subkeys of an open key
1181 * KeyHandle = Handle of the key whose subkeys are to enumerated
1182 * Index = zero based index of the subkey for which information is
1184 * KeyInformationClass = Type of information returned
1185 * KeyInformation (OUT) = Caller allocated buffer for the information
1187 * Length = Length in bytes of the KeyInformation buffer
1188 * ResultLength (OUT) = Caller allocated storage which holds
1189 * the number of bytes of information retrieved
1196 IN HANDLE KeyHandle
,
1198 IN KEY_INFORMATION_CLASS KeyInformationClass
,
1199 OUT PVOID KeyInformation
,
1201 OUT PULONG ResultLength
1207 IN HANDLE KeyHandle
,
1209 IN KEY_INFORMATION_CLASS KeyInformationClass
,
1210 OUT PVOID KeyInformation
,
1212 OUT PULONG ResultLength
1215 * FUNCTION: Returns information about the value entries of an open key
1217 * KeyHandle = Handle of the key whose value entries are to enumerated
1218 * Index = zero based index of the subkey for which information is
1220 * KeyInformationClass = Type of information returned
1221 * KeyInformation (OUT) = Caller allocated buffer for the information
1223 * Length = Length in bytes of the KeyInformation buffer
1224 * ResultLength (OUT) = Caller allocated storage which holds
1225 * the number of bytes of information retrieved
1231 NtEnumerateValueKey(
1232 IN HANDLE KeyHandle
,
1234 IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass
,
1235 OUT PVOID KeyValueInformation
,
1237 OUT PULONG ResultLength
1242 ZwEnumerateValueKey(
1243 IN HANDLE KeyHandle
,
1245 IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass
,
1246 OUT PVOID KeyValueInformation
,
1248 OUT PULONG ResultLength
1251 * FUNCTION: Extends a section
1253 * SectionHandle = Handle to the section
1254 * NewMaximumSize = Adjusted size
1260 IN HANDLE SectionHandle
,
1261 IN ULONG NewMaximumSize
1268 OUT PRTL_ATOM Atom OPTIONAL
1272 * FUNCTION: Flushes chached file data to disk
1274 * FileHandle = Points to the file
1275 * IoStatusBlock = Caller must supply storage to receive the result of the flush
1276 * buffers operation. The information field is set to number of bytes
1280 * This funciton maps to the win32 FlushFileBuffers
1285 IN HANDLE FileHandle
,
1286 OUT PIO_STATUS_BLOCK IoStatusBlock
1292 IN HANDLE FileHandle
,
1293 OUT PIO_STATUS_BLOCK IoStatusBlock
1296 * FUNCTION: Flushes a the processors instruction cache
1298 * ProcessHandle = Points to the process owning the cache
1299 * BaseAddress = // might this be a image address ????
1300 * NumberOfBytesToFlush =
1303 * This funciton is used by debuggers
1307 NtFlushInstructionCache(
1308 IN HANDLE ProcessHandle
,
1309 IN PVOID BaseAddress
,
1310 IN UINT NumberOfBytesToFlush
1313 * FUNCTION: Flushes a registry key to disk
1315 * KeyHandle = Points to the registry key handle
1318 * This funciton maps to the win32 RegFlushKey.
1333 * FUNCTION: Flushes virtual memory to file
1335 * ProcessHandle = Points to the process that allocated the virtual memory
1336 * BaseAddress = Points to the memory address
1337 * NumberOfBytesToFlush = Limits the range to flush,
1338 * NumberOfBytesFlushed = Actual number of bytes flushed
1341 * Check return status on STATUS_NOT_MAPPED_DATA
1345 NtFlushVirtualMemory(
1346 IN HANDLE ProcessHandle
,
1347 IN PVOID BaseAddress
,
1348 IN ULONG NumberOfBytesToFlush
,
1349 OUT PULONG NumberOfBytesFlushed OPTIONAL
1353 * FUNCTION: Flushes the dirty pages to file
1355 * FIXME: Not sure this does (how is the file specified)
1357 NTSTATUS STDCALL
NtFlushWriteBuffer(VOID
);
1358 NTSTATUS STDCALL
ZwFlushWriteBuffer(VOID
);
1361 * FUNCTION: Frees a range of virtual memory
1363 * ProcessHandle = Points to the process that allocated the virtual
1365 * BaseAddress = Points to the memory address, rounded down to a
1366 * multiple of the pagesize
1367 * RegionSize = Limits the range to free, rounded up to a multiple of
1369 * FreeType = Can be one of the values: MEM_DECOMMIT, or MEM_RELEASE
1372 NTSTATUS STDCALL
NtFreeVirtualMemory(IN HANDLE ProcessHandle
,
1373 IN PVOID
*BaseAddress
,
1374 IN PULONG RegionSize
,
1376 NTSTATUS STDCALL
ZwFreeVirtualMemory(IN HANDLE ProcessHandle
,
1377 IN PVOID
*BaseAddress
,
1378 IN PULONG RegionSize
,
1382 * FUNCTION: Sends FSCTL to the filesystem
1384 * DeviceHandle = Points to the handle that is created by NtCreateFile
1385 * Event = Event to synchronize on STATUS_PENDING
1388 * IoStatusBlock = Caller should supply storage for
1389 * IoControlCode = Contains the File System Control command. This is an
1390 * index to the structures in InputBuffer and OutputBuffer.
1391 * FSCTL_GET_RETRIEVAL_POINTERS MAPPING_PAIR
1392 * FSCTL_GET_RETRIEVAL_POINTERS GET_RETRIEVAL_DESCRIPTOR
1393 * FSCTL_GET_VOLUME_BITMAP BITMAP_DESCRIPTOR
1394 * FSCTL_MOVE_FILE MOVEFILE_DESCRIPTOR
1396 * InputBuffer = Caller should supply storage for input buffer if FCTL expects one.
1397 * InputBufferSize = Size of the input bufffer
1398 * OutputBuffer = Caller should supply storage for output buffer if FCTL expects one.
1399 * OutputBufferSize = Size of the input bufffer
1400 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES |
1401 * STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST ]
1406 IN HANDLE DeviceHandle
,
1407 IN HANDLE Event OPTIONAL
,
1408 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
1409 IN PVOID ApcContext OPTIONAL
,
1410 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1411 IN ULONG IoControlCode
,
1412 IN PVOID InputBuffer
,
1413 IN ULONG InputBufferSize
,
1414 OUT PVOID OutputBuffer
,
1415 IN ULONG OutputBufferSize
1421 IN HANDLE DeviceHandle
,
1422 IN HANDLE Event OPTIONAL
,
1423 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
1424 IN PVOID ApcContext OPTIONAL
,
1425 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1426 IN ULONG IoControlCode
,
1427 IN PVOID InputBuffer
,
1428 IN ULONG InputBufferSize
,
1429 OUT PVOID OutputBuffer
,
1430 IN ULONG OutputBufferSize
1434 * FUNCTION: Retrieves the processor context of a thread
1436 * ThreadHandle = Handle to a thread
1437 * Context (OUT) = Caller allocated storage for the processor context
1444 IN HANDLE ThreadHandle
,
1445 OUT PCONTEXT Context
1451 IN HANDLE ThreadHandle
,
1452 OUT PCONTEXT Context
1455 * FUNCTION: Retrieves the uptime of the system
1457 * UpTime = Number of clock ticks since boot.
1467 * FUNCTION: Sets a thread to impersonate another
1469 * ThreadHandle = Server thread that will impersonate a client.
1470 ThreadToImpersonate = Client thread that will be impersonated
1471 SecurityQualityOfService = Specifies the impersonation level.
1477 NtImpersonateThread(
1478 IN HANDLE ThreadHandle
,
1479 IN HANDLE ThreadToImpersonate
,
1480 IN PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService
1485 ZwImpersonateThread(
1486 IN HANDLE ThreadHandle
,
1487 IN HANDLE ThreadToImpersonate
,
1488 IN PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService
1492 * FUNCTION: Initializes the registry.
1494 * SetUpBoot = This parameter is true for a setup boot.
1499 NtInitializeRegistry(
1504 ZwInitializeRegistry(
1509 * FUNCTION: Loads a driver.
1511 * DriverServiceName = Name of the driver to load
1517 IN PUNICODE_STRING DriverServiceName
1523 IN PUNICODE_STRING DriverServiceName
1527 * FUNCTION: Loads a registry key.
1529 * KeyHandle = Handle to the registry key
1530 * ObjectAttributes = ???
1532 * This procedure maps to the win32 procedure RegLoadKey
1539 POBJECT_ATTRIBUTES ObjectAttributes
1543 * FUNCTION: Loads a registry key.
1545 * KeyHandle = Handle to the registry key
1546 * ObjectAttributes = ???
1549 * This procedure maps to the win32 procedure RegLoadKey
1556 POBJECT_ATTRIBUTES ObjectAttributes
,
1561 * FUNCTION: Locks a range of bytes in a file.
1563 * FileHandle = Handle to the file
1564 * Event = Should be null if apc is specified.
1565 * ApcRoutine = Asynchroneous Procedure Callback
1566 * ApcContext = Argument to the callback
1567 * IoStatusBlock (OUT) = Caller should supply storage for a structure containing
1568 * the completion status and information about the requested lock operation.
1569 * ByteOffset = Offset
1570 * Length = Number of bytes to lock.
1571 * Key = Special value to give other threads the possibility to unlock the file
1572 by supplying the key in a call to NtUnlockFile.
1573 * FailImmediatedly = If false the request will block untill the lock is obtained.
1574 * ExclusiveLock = Specifies whether a exclusive or a shared lock is obtained.
1576 This procedure maps to the win32 procedure LockFileEx. STATUS_PENDING is returned if the lock could
1577 not be obtained immediately, the device queue is busy and the IRP is queued.
1578 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES |
1579 STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_LOCK_NOT_GRANTED ]
1585 IN HANDLE FileHandle
,
1586 IN HANDLE Event OPTIONAL
,
1587 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
1588 IN PVOID ApcContext OPTIONAL
,
1589 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1590 IN PLARGE_INTEGER ByteOffset
,
1591 IN PLARGE_INTEGER Length
,
1593 IN BOOLEAN FailImmediatedly
,
1594 IN BOOLEAN ExclusiveLock
1600 IN HANDLE FileHandle
,
1601 IN HANDLE Event OPTIONAL
,
1602 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
1603 IN PVOID ApcContext OPTIONAL
,
1604 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1605 IN PLARGE_INTEGER ByteOffset
,
1606 IN PLARGE_INTEGER Length
,
1608 IN BOOLEAN FailImmediatedly
,
1609 IN BOOLEAN ExclusiveLock
1612 * FUNCTION: Locks a range of virtual memory.
1614 * ProcessHandle = Handle to the process
1615 * BaseAddress = Lower boundary of the range of bytes to lock.
1616 * NumberOfBytesLock = Offset to the upper boundary.
1617 * NumberOfBytesLocked (OUT) = Number of bytes actually locked.
1619 This procedure maps to the win32 procedure VirtualLock
1620 * RETURNS: Status [STATUS_SUCCESS | STATUS_WAS_LOCKED ]
1624 NtLockVirtualMemory(
1625 HANDLE ProcessHandle
,
1627 ULONG NumberOfBytesToLock
,
1628 PULONG NumberOfBytesLocked
1632 * FUNCTION: Makes temporary object that will be removed at next boot.
1634 * Handle = Handle to object
1640 NtMakeTemporaryObject(
1646 ZwMakeTemporaryObject(
1650 * FUNCTION: Maps a view of a section into the virtual address space of a
1653 * SectionHandle = Handle of the section
1654 * ProcessHandle = Handle of the process
1655 * BaseAddress = Desired base address (or NULL) on entry
1656 * Actual base address of the view on exit
1657 * ZeroBits = Number of high order address bits that must be zero
1658 * CommitSize = Size in bytes of the initially committed section of
1660 * SectionOffset = Offset in bytes from the beginning of the section
1661 * to the beginning of the view
1662 * ViewSize = Desired length of map (or zero to map all) on entry
1663 * Actual length mapped on exit
1664 * InheritDisposition = Specified how the view is to be shared with
1666 * AllocateType = Type of allocation for the pages
1667 * Protect = Protection for the committed region of the view
1673 IN HANDLE SectionHandle
,
1674 IN HANDLE ProcessHandle
,
1675 IN OUT PVOID
*BaseAddress
,
1677 IN ULONG CommitSize
,
1678 IN OUT PLARGE_INTEGER SectionOffset OPTIONAL
,
1679 IN OUT PULONG ViewSize
,
1680 IN SECTION_INHERIT InheritDisposition
,
1681 IN ULONG AllocationType
,
1682 IN ULONG AccessProtection
1688 IN HANDLE SectionHandle
,
1689 IN HANDLE ProcessHandle
,
1690 IN OUT PVOID
*BaseAddress
,
1692 IN ULONG CommitSize
,
1693 IN OUT PLARGE_INTEGER SectionOffset OPTIONAL
,
1694 IN OUT PULONG ViewSize
,
1695 IN SECTION_INHERIT InheritDisposition
,
1696 IN ULONG AllocationType
,
1697 IN ULONG AccessProtection
1701 * FUNCTION: Installs a notify for the change of a directory's contents
1703 * FileHandle = Handle to the directory
1705 * ApcRoutine = Start address
1706 * ApcContext = Delimits the range of virtual memory
1707 * for which the new access protection holds
1708 * IoStatusBlock = The new access proctection for the pages
1709 * Buffer = Caller supplies storage for resulting information --> FILE_NOTIFY_INFORMATION
1710 * BufferSize = Size of the buffer
1711 CompletionFilter = Can be one of the following values:
1712 FILE_NOTIFY_CHANGE_FILE_NAME
1713 FILE_NOTIFY_CHANGE_DIR_NAME
1714 FILE_NOTIFY_CHANGE_NAME ( FILE_NOTIFY_CHANGE_FILE_NAME | FILE_NOTIFY_CHANGE_DIR_NAME )
1715 FILE_NOTIFY_CHANGE_ATTRIBUTES
1716 FILE_NOTIFY_CHANGE_SIZE
1717 FILE_NOTIFY_CHANGE_LAST_WRITE
1718 FILE_NOTIFY_CHANGE_LAST_ACCESS
1719 FILE_NOTIFY_CHANGE_CREATION ( change of creation timestamp )
1720 FILE_NOTIFY_CHANGE_EA
1721 FILE_NOTIFY_CHANGE_SECURITY
1722 FILE_NOTIFY_CHANGE_STREAM_NAME
1723 FILE_NOTIFY_CHANGE_STREAM_SIZE
1724 FILE_NOTIFY_CHANGE_STREAM_WRITE
1725 WatchTree = If true the notify will be installed recursively on the targetdirectory and all subdirectories.
1728 * The function maps to the win32 FindFirstChangeNotification, FindNextChangeNotification
1733 NtNotifyChangeDirectoryFile(
1734 IN HANDLE FileHandle
,
1735 IN HANDLE Event OPTIONAL
,
1736 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
1737 IN PVOID ApcContext OPTIONAL
,
1738 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1740 IN ULONG BufferSize
,
1741 IN ULONG CompletionFilter
,
1742 IN BOOLEAN WatchTree
1747 ZwNotifyChangeDirectoryFile(
1748 IN HANDLE FileHandle
,
1749 IN HANDLE Event OPTIONAL
,
1750 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
1751 IN PVOID ApcContext OPTIONAL
,
1752 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1754 IN ULONG BufferSize
,
1755 IN ULONG CompletionFilter
,
1756 IN BOOLEAN WatchTree
1760 * FUNCTION: Installs a notfication callback on registry changes
1762 KeyHandle = Handle to the registry key
1763 Event = Event that should be signalled on modification of the key
1764 ApcRoutine = Routine that should be called on modification of the key
1765 ApcContext = Argument to the ApcRoutine
1767 CompletionFilter = Specifies the kind of notification the caller likes to receive.
1768 Can be a combination of the following values:
1770 REG_NOTIFY_CHANGE_NAME
1771 REG_NOTIFY_CHANGE_ATTRIBUTES
1772 REG_NOTIFY_CHANGE_LAST_SET
1773 REG_NOTIFY_CHANGE_SECURITY
1776 Asynchroneous = If TRUE the changes are reported by signalling an event if false
1777 the function will not return before a change occurs.
1778 ChangeBuffer = Will return the old value
1779 Length = Size of the change buffer
1780 WatchSubtree = Indicates if the caller likes to receive a notification of changes in
1782 * REMARKS: If the key is closed the event is signalled aswell.
1789 IN HANDLE KeyHandle
,
1791 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
1792 IN PVOID ApcContext OPTIONAL
,
1793 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1794 IN ULONG CompletionFilter
,
1795 IN BOOLEAN Asynchroneous
,
1796 OUT PVOID ChangeBuffer
,
1798 IN BOOLEAN WatchSubtree
1804 IN HANDLE KeyHandle
,
1806 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
1807 IN PVOID ApcContext OPTIONAL
,
1808 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1809 IN ULONG CompletionFilter
,
1810 IN BOOLEAN Asynchroneous
,
1811 OUT PVOID ChangeBuffer
,
1813 IN BOOLEAN WatchSubtree
1817 * FUNCTION: Opens an existing directory object
1819 * FileHandle (OUT) = Caller supplied storage for the resulting handle
1820 * DesiredAccess = Requested access to the directory
1821 * ObjectAttributes = Initialized attributes for the object
1827 NtOpenDirectoryObject(
1828 OUT PHANDLE FileHandle
,
1829 IN ACCESS_MASK DesiredAccess
,
1830 IN POBJECT_ATTRIBUTES ObjectAttributes
1834 ZwOpenDirectoryObject(
1835 OUT PHANDLE FileHandle
,
1836 IN ACCESS_MASK DesiredAccess
,
1837 IN POBJECT_ATTRIBUTES ObjectAttributes
1841 * FUNCTION: Opens an existing event
1843 * EventHandle (OUT) = Caller supplied storage for the resulting handle
1844 * DesiredAccess = Requested access to the event
1845 * ObjectAttributes = Initialized attributes for the object
1851 OUT PHANDLE EventHandle
,
1852 IN ACCESS_MASK DesiredAccess
,
1853 IN POBJECT_ATTRIBUTES ObjectAttributes
1859 OUT PHANDLE EventHandle
,
1860 IN ACCESS_MASK DesiredAccess
,
1861 IN POBJECT_ATTRIBUTES ObjectAttributes
1865 * FUNCTION: Opens an existing event pair
1867 * EventHandle (OUT) = Caller supplied storage for the resulting handle
1868 * DesiredAccess = Requested access to the event
1869 * ObjectAttributes = Initialized attributes for the object
1876 OUT PHANDLE EventPairHandle
,
1877 IN ACCESS_MASK DesiredAccess
,
1878 IN POBJECT_ATTRIBUTES ObjectAttributes
1884 OUT PHANDLE EventPairHandle
,
1885 IN ACCESS_MASK DesiredAccess
,
1886 IN POBJECT_ATTRIBUTES ObjectAttributes
1889 * FUNCTION: Opens an existing file
1891 * FileHandle (OUT) = Caller supplied storage for the resulting handle
1892 * DesiredAccess = Requested access to the file
1893 * ObjectAttributes = Initialized attributes for the object
1902 OUT PHANDLE FileHandle
,
1903 IN ACCESS_MASK DesiredAccess
,
1904 IN POBJECT_ATTRIBUTES ObjectAttributes
,
1905 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1906 IN ULONG ShareAccess
,
1907 IN ULONG OpenOptions
1913 OUT PHANDLE FileHandle
,
1914 IN ACCESS_MASK DesiredAccess
,
1915 IN POBJECT_ATTRIBUTES ObjectAttributes
,
1916 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1917 IN ULONG ShareAccess
,
1918 IN ULONG OpenOptions
1922 * FUNCTION: Opens an existing io completion object
1924 * CompletionPort (OUT) = Caller supplied storage for the resulting handle
1925 * DesiredAccess = Requested access to the io completion object
1926 * ObjectAttributes = Initialized attributes for the object
1933 OUT PHANDLE CompetionPort
,
1934 IN ACCESS_MASK DesiredAccess
,
1935 IN POBJECT_ATTRIBUTES ObjectAttributes
1941 OUT PHANDLE CompetionPort
,
1942 IN ACCESS_MASK DesiredAccess
,
1943 IN POBJECT_ATTRIBUTES ObjectAttributes
1947 * FUNCTION: Opens an existing key in the registry
1949 * KeyHandle (OUT) = Caller supplied storage for the resulting handle
1950 * DesiredAccess = Requested access to the key
1951 * ObjectAttributes = Initialized attributes for the object
1957 OUT PHANDLE KeyHandle
,
1958 IN ACCESS_MASK DesiredAccess
,
1959 IN POBJECT_ATTRIBUTES ObjectAttributes
1965 OUT PHANDLE KeyHandle
,
1966 IN ACCESS_MASK DesiredAccess
,
1967 IN POBJECT_ATTRIBUTES ObjectAttributes
1970 * FUNCTION: Opens an existing key in the registry
1972 * MutantHandle (OUT) = Caller supplied storage for the resulting handle
1973 * DesiredAccess = Requested access to the mutant
1974 * ObjectAttribute = Initialized attributes for the object
1980 OUT PHANDLE MutantHandle
,
1981 IN ACCESS_MASK DesiredAccess
,
1982 IN POBJECT_ATTRIBUTES ObjectAttributes
1987 OUT PHANDLE MutantHandle
,
1988 IN ACCESS_MASK DesiredAccess
,
1989 IN POBJECT_ATTRIBUTES ObjectAttributes
1994 NtOpenObjectAuditAlarm(
1995 IN PUNICODE_STRING SubsystemName
,
1997 IN POBJECT_ATTRIBUTES ObjectAttributes
,
1998 IN HANDLE ClientToken
,
1999 IN ULONG DesiredAccess
,
2000 IN ULONG GrantedAccess
,
2001 IN PPRIVILEGE_SET Privileges
,
2002 IN BOOLEAN ObjectCreation
,
2003 IN BOOLEAN AccessGranted
,
2004 OUT PBOOLEAN GenerateOnClose
2008 * FUNCTION: Opens an existing process
2010 * ProcessHandle (OUT) = Caller supplied storage for the resulting handle
2011 * DesiredAccess = Requested access to the process
2012 * ObjectAttribute = Initialized attributes for the object
2013 * ClientId = Identifies the process id to open
2019 OUT PHANDLE ProcessHandle
,
2020 IN ACCESS_MASK DesiredAccess
,
2021 IN POBJECT_ATTRIBUTES ObjectAttributes
,
2022 IN PCLIENT_ID ClientId
2027 OUT PHANDLE ProcessHandle
,
2028 IN ACCESS_MASK DesiredAccess
,
2029 IN POBJECT_ATTRIBUTES ObjectAttributes
,
2030 IN PCLIENT_ID ClientId
2033 * FUNCTION: Opens an existing process
2035 * ProcessHandle = Handle of the process of which owns the token
2036 * DesiredAccess = Requested access to the token
2037 * TokenHandle (OUT) = Caller supplies storage for the resulting token.
2039 This function maps to the win32
2046 IN HANDLE ProcessHandle
,
2047 IN ACCESS_MASK DesiredAccess
,
2048 OUT PHANDLE TokenHandle
2054 IN HANDLE ProcessHandle
,
2055 IN ACCESS_MASK DesiredAccess
,
2056 OUT PHANDLE TokenHandle
2060 * FUNCTION: Opens an existing section object
2062 * KeyHandle (OUT) = Caller supplied storage for the resulting handle
2063 * DesiredAccess = Requested access to the key
2064 * ObjectAttribute = Initialized attributes for the object
2071 OUT PHANDLE SectionHandle
,
2072 IN ACCESS_MASK DesiredAccess
,
2073 IN POBJECT_ATTRIBUTES ObjectAttributes
2078 OUT PHANDLE SectionHandle
,
2079 IN ACCESS_MASK DesiredAccess
,
2080 IN POBJECT_ATTRIBUTES ObjectAttributes
2083 * FUNCTION: Opens an existing semaphore
2085 * SemaphoreHandle (OUT) = Caller supplied storage for the resulting handle
2086 * DesiredAccess = Requested access to the semaphore
2087 * ObjectAttribute = Initialized attributes for the object
2093 IN HANDLE SemaphoreHandle
,
2094 IN ACCESS_MASK DesiredAcces
,
2095 IN POBJECT_ATTRIBUTES ObjectAttributes
2100 IN HANDLE SemaphoreHandle
,
2101 IN ACCESS_MASK DesiredAcces
,
2102 IN POBJECT_ATTRIBUTES ObjectAttributes
2105 * FUNCTION: Opens an existing symbolic link
2107 * SymbolicLinkHandle (OUT) = Caller supplied storage for the resulting handle
2108 * DesiredAccess = Requested access to the symbolic link
2109 * ObjectAttribute = Initialized attributes for the object
2114 NtOpenSymbolicLinkObject(
2115 OUT PHANDLE SymbolicLinkHandle
,
2116 IN ACCESS_MASK DesiredAccess
,
2117 IN POBJECT_ATTRIBUTES ObjectAttributes
2121 ZwOpenSymbolicLinkObject(
2122 OUT PHANDLE SymbolicLinkHandle
,
2123 IN ACCESS_MASK DesiredAccess
,
2124 IN POBJECT_ATTRIBUTES ObjectAttributes
2127 * FUNCTION: Opens an existing thread
2129 * ThreadHandle (OUT) = Caller supplied storage for the resulting handle
2130 * DesiredAccess = Requested access to the thread
2131 * ObjectAttribute = Initialized attributes for the object
2132 * ClientId = Identifies the thread to open.
2138 OUT PHANDLE ThreadHandle
,
2139 IN ACCESS_MASK DesiredAccess
,
2140 IN POBJECT_ATTRIBUTES ObjectAttributes
,
2141 IN PCLIENT_ID ClientId
2146 OUT PHANDLE ThreadHandle
,
2147 IN ACCESS_MASK DesiredAccess
,
2148 IN POBJECT_ATTRIBUTES ObjectAttributes
,
2149 IN PCLIENT_ID ClientId
2155 IN HANDLE ThreadHandle
,
2156 IN ACCESS_MASK DesiredAccess
,
2157 IN BOOLEAN OpenAsSelf
,
2158 OUT PHANDLE TokenHandle
2164 IN HANDLE ThreadHandle
,
2165 IN ACCESS_MASK DesiredAccess
,
2166 IN BOOLEAN OpenAsSelf
,
2167 OUT PHANDLE TokenHandle
2170 * FUNCTION: Opens an existing timer
2172 * TimerHandle (OUT) = Caller supplied storage for the resulting handle
2173 * DesiredAccess = Requested access to the timer
2174 * ObjectAttribute = Initialized attributes for the object
2180 OUT PHANDLE TimerHandle
,
2181 IN ACCESS_MASK DesiredAccess
,
2182 IN POBJECT_ATTRIBUTES ObjectAttributes
2187 OUT PHANDLE TimerHandle
,
2188 IN ACCESS_MASK DesiredAccess
,
2189 IN POBJECT_ATTRIBUTES ObjectAttributes
2193 * FUNCTION: Checks an access token for specific privileges
2195 * ClientToken = Handle to a access token structure
2196 * RequiredPrivileges = Specifies the requested privileges.
2197 * Result = Caller supplies storage for the result. If PRIVILEGE_SET_ALL_NECESSARY is
2198 set in the Control member of PRIVILEGES_SET Result
2199 will only be TRUE if all privileges are present in the access token.
2206 IN HANDLE ClientToken
,
2207 IN PPRIVILEGE_SET RequiredPrivileges
,
2214 IN HANDLE ClientToken
,
2215 IN PPRIVILEGE_SET RequiredPrivileges
,
2221 NtPrivilegedServiceAuditAlarm(
2222 IN PUNICODE_STRING SubsystemName
,
2223 IN PUNICODE_STRING ServiceName
,
2224 IN HANDLE ClientToken
,
2225 IN PPRIVILEGE_SET Privileges
,
2226 IN BOOLEAN AccessGranted
2231 ZwPrivilegedServiceAuditAlarm(
2232 IN PUNICODE_STRING SubsystemName
,
2233 IN PUNICODE_STRING ServiceName
,
2234 IN HANDLE ClientToken
,
2235 IN PPRIVILEGE_SET Privileges
,
2236 IN BOOLEAN AccessGranted
2241 NtPrivilegeObjectAuditAlarm(
2242 IN PUNICODE_STRING SubsystemName
,
2244 IN HANDLE ClientToken
,
2245 IN ULONG DesiredAccess
,
2246 IN PPRIVILEGE_SET Privileges
,
2247 IN BOOLEAN AccessGranted
2252 ZwPrivilegeObjectAuditAlarm(
2253 IN PUNICODE_STRING SubsystemName
,
2255 IN HANDLE ClientToken
,
2256 IN ULONG DesiredAccess
,
2257 IN PPRIVILEGE_SET Privileges
,
2258 IN BOOLEAN AccessGranted
2262 * FUNCTION: Entry point for native applications
2264 * Peb = Pointes to the Process Environment Block (PEB)
2266 * Native applications should use this function instead of a main.
2267 * Calling proces should terminate itself.
2276 * FUNCTION: Set the access protection of a range of virtual memory
2278 * ProcessHandle = Handle to process owning the virtual address space
2279 * BaseAddress = Start address
2280 * NumberOfBytesToProtect = Delimits the range of virtual memory
2281 * for which the new access protection holds
2282 * NewAccessProtection = The new access proctection for the pages
2283 * OldAccessProtection = Caller should supply storage for the old
2287 * The function maps to the win32 VirtualProtectEx
2292 NtProtectVirtualMemory(
2293 IN HANDLE ProcessHandle
,
2294 IN PVOID BaseAddress
,
2295 IN ULONG NumberOfBytesToProtect
,
2296 IN ULONG NewAccessProtection
,
2297 OUT PULONG OldAccessProtection
2301 * FUNCTION: Signals an event and resets it afterwards.
2303 * EventHandle = Handle to the event
2304 * PulseCount = Number of times the action is repeated
2310 IN HANDLE EventHandle
,
2311 IN PULONG PulseCount OPTIONAL
2317 IN HANDLE EventHandle
,
2318 IN PULONG PulseCount OPTIONAL
2323 NtQueryAttributesFile(
2324 IN POBJECT_ATTRIBUTES ObjectAttributes
,
2325 OUT PFILE_BASIC_INFORMATION FileInformation
);
2329 ZwQueryAttributesFile(
2330 IN POBJECT_ATTRIBUTES ObjectAttributes
,
2331 OUT PFILE_BASIC_INFORMATION FileInformation
);
2334 * FUNCTION: Queries the default locale id
2336 * UserProfile = Type of locale id
2337 * TRUE: thread locale id
2338 * FALSE: system locale id
2339 * DefaultLocaleId = Caller supplies storage for the locale id
2345 NtQueryDefaultLocale(
2346 IN BOOLEAN UserProfile
,
2347 OUT PLCID DefaultLocaleId
2352 ZwQueryDefaultLocale(
2353 IN BOOLEAN UserProfile
,
2354 OUT PLCID DefaultLocaleId
2358 * FUNCTION: Queries a directory file.
2360 * FileHandle = Handle to a directory file
2361 * EventHandle = Handle to the event signaled on completion
2362 * ApcRoutine = Asynchroneous procedure callback, called on completion
2363 * ApcContext = Argument to the apc.
2364 * IoStatusBlock = Caller supplies storage for extended status information.
2365 * FileInformation = Caller supplies storage for the resulting information.
2367 * FileNameInformation FILE_NAMES_INFORMATION
2368 * FileDirectoryInformation FILE_DIRECTORY_INFORMATION
2369 * FileFullDirectoryInformation FILE_FULL_DIRECTORY_INFORMATION
2370 * FileBothDirectoryInformation FILE_BOTH_DIR_INFORMATION
2372 * Length = Size of the storage supplied
2373 * FileInformationClass = Indicates the type of information requested.
2374 * ReturnSingleEntry = Specify true if caller only requests the first directory found.
2375 * FileName = Initial directory name to query, that may contain wild cards.
2376 * RestartScan = Number of times the action should be repeated
2377 * RETURNS: Status [ STATUS_SUCCESS, STATUS_ACCESS_DENIED, STATUS_INSUFFICIENT_RESOURCES,
2378 * STATUS_INVALID_PARAMETER, STATUS_INVALID_DEVICE_REQUEST, STATUS_BUFFER_OVERFLOW,
2379 * STATUS_INVALID_INFO_CLASS, STATUS_NO_SUCH_FILE, STATUS_NO_MORE_FILES ]
2384 NtQueryDirectoryFile(
2385 IN HANDLE FileHandle
,
2386 IN HANDLE Event OPTIONAL
,
2387 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
2388 IN PVOID ApcContext OPTIONAL
,
2389 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2390 OUT PVOID FileInformation
,
2392 IN FILE_INFORMATION_CLASS FileInformationClass
,
2393 IN BOOLEAN ReturnSingleEntry
,
2394 IN PUNICODE_STRING FileName OPTIONAL
,
2395 IN BOOLEAN RestartScan
2400 ZwQueryDirectoryFile(
2401 IN HANDLE FileHandle
,
2402 IN HANDLE Event OPTIONAL
,
2403 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
2404 IN PVOID ApcContext OPTIONAL
,
2405 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2406 OUT PVOID FileInformation
,
2408 IN FILE_INFORMATION_CLASS FileInformationClass
,
2409 IN BOOLEAN ReturnSingleEntry
,
2410 IN PUNICODE_STRING FileName OPTIONAL
,
2411 IN BOOLEAN RestartScan
2415 * FUNCTION: Query information about the content of a directory object
2417 DirObjInformation = Buffer must be large enough to hold the name strings too
2418 GetNextIndex = If TRUE :return the index of the next object in this directory in ObjectIndex
2419 If FALSE: return the number of objects in this directory in ObjectIndex
2420 IgnoreInputIndex= If TRUE: ignore input value of ObjectIndex always start at index 0
2421 If FALSE use input value of ObjectIndex
2422 ObjectIndex = zero based index of object in the directory depends on GetNextIndex and IgnoreInputIndex
2423 DataWritten = Actual size of the ObjectIndex ???
2428 NtQueryDirectoryObject(
2429 IN HANDLE DirObjHandle
,
2430 OUT POBJDIR_INFORMATION DirObjInformation
,
2431 IN ULONG BufferLength
,
2432 IN BOOLEAN GetNextIndex
,
2433 IN BOOLEAN IgnoreInputIndex
,
2434 IN OUT PULONG ObjectIndex
,
2435 OUT PULONG DataWritten OPTIONAL
2439 * FUNCTION: Queries the extended attributes of a file
2441 * FileHandle = Handle to the event
2442 * IoStatusBlock = Number of times the action is repeated
2456 IN HANDLE FileHandle
,
2457 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2460 IN BOOLEAN ReturnSingleEntry
,
2461 IN PVOID EaList OPTIONAL
,
2462 IN ULONG EaListLength
,
2463 IN PULONG EaIndex OPTIONAL
,
2464 IN BOOLEAN RestartScan
2470 IN HANDLE FileHandle
,
2471 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2474 IN BOOLEAN ReturnSingleEntry
,
2475 IN PVOID EaList OPTIONAL
,
2476 IN ULONG EaListLength
,
2477 IN PULONG EaIndex OPTIONAL
,
2478 IN BOOLEAN RestartScan
2482 * FUNCTION: Queries an event
2484 * EventHandle = Handle to the event
2485 * EventInformationClass = Index of the information structure
2487 EventBasicInformation EVENT_BASIC_INFORMATION
2489 * EventInformation = Caller supplies storage for the information structure
2490 * EventInformationLength = Size of the information structure
2491 * ReturnLength = Data written
2497 IN HANDLE EventHandle
,
2498 IN EVENT_INFORMATION_CLASS EventInformationClass
,
2499 OUT PVOID EventInformation
,
2500 IN ULONG EventInformationLength
,
2501 OUT PULONG ReturnLength
2506 IN HANDLE EventHandle
,
2507 IN EVENT_INFORMATION_CLASS EventInformationClass
,
2508 OUT PVOID EventInformation
,
2509 IN ULONG EventInformationLength
,
2510 OUT PULONG ReturnLength
2515 NtQueryFullAttributesFile(
2516 IN POBJECT_ATTRIBUTES ObjectAttributes
,
2517 OUT PFILE_NETWORK_OPEN_INFORMATION FileInformation
);
2521 ZwQueryFullAttributesFile(
2522 IN POBJECT_ATTRIBUTES ObjectAttributes
,
2523 OUT PFILE_NETWORK_OPEN_INFORMATION FileInformation
);
2527 NtQueryInformationAtom(
2529 IN ATOM_INFORMATION_CLASS AtomInformationClass
,
2530 OUT PVOID AtomInformation
,
2531 IN ULONG AtomInformationLength
,
2532 OUT PULONG ReturnLength OPTIONAL
2537 NtQueryInformationFile(
2538 IN HANDLE FileHandle
,
2539 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2540 OUT PVOID FileInformation
,
2542 IN FILE_INFORMATION_CLASS FileInformationClass
2547 ZwQueryInformationFile(
2549 PIO_STATUS_BLOCK IoStatusBlock
,
2550 PVOID FileInformation
,
2552 FILE_INFORMATION_CLASS FileInformationClass
2556 * FUNCTION: Queries the information of a thread object.
2558 * ThreadHandle = Handle to the thread object
2559 * ThreadInformationClass = Index to a certain information structure
2561 ThreadBasicInformation THREAD_BASIC_INFORMATION
2562 ThreadTimes KERNEL_USER_TIMES
2563 ThreadPriority KPRIORITY
2564 ThreadBasePriority KPRIORITY
2565 ThreadAffinityMask KAFFINITY
2566 ThreadImpersonationToken
2567 ThreadDescriptorTableEntry
2568 ThreadEnableAlignmentFaultFixup
2570 ThreadQuerySetWin32StartAddress
2572 ThreadPerformanceCount
2573 ThreadAmILastThread BOOLEAN
2574 ThreadIdealProcessor ULONG
2575 ThreadPriorityBoost ULONG
2579 * ThreadInformation = Caller supplies torage for the thread information
2580 * ThreadInformationLength = Size of the thread information structure
2581 * ReturnLength = Actual number of bytes written
2584 * This procedure maps to the win32 GetThreadTimes, GetThreadPriority,
2585 GetThreadPriorityBoost functions.
2592 NtQueryInformationThread(
2593 IN HANDLE ThreadHandle
,
2594 IN THREADINFOCLASS ThreadInformationClass
,
2595 OUT PVOID ThreadInformation
,
2596 IN ULONG ThreadInformationLength
,
2597 OUT PULONG ReturnLength
2603 NtQueryInformationToken(
2604 IN HANDLE TokenHandle
,
2605 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
2606 OUT PVOID TokenInformation
,
2607 IN ULONG TokenInformationLength
,
2608 OUT PULONG ReturnLength
2613 ZwQueryInformationToken(
2614 IN HANDLE TokenHandle
,
2615 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
2616 OUT PVOID TokenInformation
,
2617 IN ULONG TokenInformationLength
,
2618 OUT PULONG ReturnLength
2622 * FUNCTION: Query the interval and the clocksource for profiling
2630 NtQueryIntervalProfile(
2631 OUT PULONG Interval
,
2632 OUT KPROFILE_SOURCE ClockSource
2637 NtQueryIoCompletion(
2638 IN HANDLE CompletionPort
,
2639 IN ULONG CompletionKey
,
2640 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2641 OUT PULONG NumberOfBytesTransferred
2645 ZwQueryIoCompletion(
2646 IN HANDLE CompletionPort
,
2647 IN ULONG CompletionKey
,
2648 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2649 OUT PULONG NumberOfBytesTransferred
2654 * FUNCTION: Queries the information of a registry key object.
2656 KeyHandle = Handle to a registry key
2657 KeyInformationClass = Index to a certain information structure
2658 KeyInformation = Caller supplies storage for resulting information
2659 Length = Size of the supplied storage
2660 ResultLength = Bytes written
2665 IN HANDLE KeyHandle
,
2666 IN KEY_INFORMATION_CLASS KeyInformationClass
,
2667 OUT PVOID KeyInformation
,
2669 OUT PULONG ResultLength
2675 IN HANDLE KeyHandle
,
2676 IN KEY_INFORMATION_CLASS KeyInformationClass
,
2677 OUT PVOID KeyInformation
,
2679 OUT PULONG ResultLength
2687 NtQueryMultipleValueKey(
2688 IN HANDLE KeyHandle
,
2689 IN OUT PKEY_VALUE_ENTRY ValueList
,
2690 IN ULONG NumberOfValues
,
2692 IN OUT PULONG Length
,
2693 OUT PULONG ReturnLength
2698 ZwQueryMultipleValueKey(
2699 IN HANDLE KeyHandle
,
2700 IN OUT PKEY_VALUE_ENTRY ValueList
,
2701 IN ULONG NumberOfValues
,
2703 IN OUT PULONG Length
,
2704 OUT PULONG ReturnLength
2708 * FUNCTION: Queries the information of a mutant object.
2710 MutantHandle = Handle to a mutant
2711 MutantInformationClass = Index to a certain information structure
2712 MutantInformation = Caller supplies storage for resulting information
2713 Length = Size of the supplied storage
2714 ResultLength = Bytes written
2719 IN HANDLE MutantHandle
,
2720 IN CINT MutantInformationClass
,
2721 OUT PVOID MutantInformation
,
2723 OUT PULONG ResultLength
2729 IN HANDLE MutantHandle
,
2730 IN CINT MutantInformationClass
,
2731 OUT PVOID MutantInformation
,
2733 OUT PULONG ResultLength
2736 * FUNCTION: Queries the information of a object.
2738 ObjectHandle = Handle to a object
2739 ObjectInformationClass = Index to a certain information structure
2741 ObjectBasicInformation
2742 ObjectTypeInformation OBJECT_TYPE_INFORMATION
2743 ObjectNameInformation OBJECT_NAME_INFORMATION
2744 ObjectDataInformation OBJECT_DATA_INFORMATION
2746 ObjectInformation = Caller supplies storage for resulting information
2747 Length = Size of the supplied storage
2748 ResultLength = Bytes written
2754 IN HANDLE ObjectHandle
,
2755 IN CINT ObjectInformationClass
,
2756 OUT PVOID ObjectInformation
,
2758 OUT PULONG ResultLength
2762 * FUNCTION: Queries the system ( high-resolution ) performance counter.
2764 * Counter = Performance counter
2765 * Frequency = Performance frequency
2767 This procedure queries a tick count faster than 10ms ( The resolution for Intel®-based CPUs is about 0.8 microseconds.)
2768 This procedure maps to the win32 QueryPerformanceCounter, QueryPerformanceFrequency
2774 NtQueryPerformanceCounter(
2775 IN PLARGE_INTEGER Counter
,
2776 IN PLARGE_INTEGER Frequency
2781 ZwQueryPerformanceCounter(
2782 IN PLARGE_INTEGER Counter
,
2783 IN PLARGE_INTEGER Frequency
2786 * FUNCTION: Queries the information of a section object.
2788 * SectionHandle = Handle to the section link object
2789 * SectionInformationClass = Index to a certain information structure
2790 * SectionInformation (OUT)= Caller supplies storage for resulting information
2791 * Length = Size of the supplied storage
2792 * ResultLength = Data written
2799 IN HANDLE SectionHandle
,
2800 IN CINT SectionInformationClass
,
2801 OUT PVOID SectionInformation
,
2803 OUT PULONG ResultLength
2807 * FUNCTION: Queries the information of a semaphore.
2809 * SemaphoreHandle = Handle to the semaphore object
2810 * SemaphoreInformationClass = Index to a certain information structure
2812 SemaphoreBasicInformation SEMAPHORE_BASIC_INFORMATION
2814 * SemaphoreInformation = Caller supplies storage for the semaphore information structure
2815 * Length = Size of the infomation structure
2820 IN HANDLE SemaphoreHandle
,
2821 IN SEMAPHORE_INFORMATION_CLASS SemaphoreInformationClass
,
2822 OUT PVOID SemaphoreInformation
,
2824 OUT PULONG ReturnLength
2830 IN HANDLE SemaphoreHandle
,
2831 IN SEMAPHORE_INFORMATION_CLASS SemaphoreInformationClass
,
2832 OUT PVOID SemaphoreInformation
,
2834 OUT PULONG ReturnLength
2839 * FUNCTION: Queries the information of a symbolic link object.
2841 * SymbolicLinkHandle = Handle to the symbolic link object
2842 * LinkTarget = resolved name of link
2843 * DataWritten = size of the LinkName.
2849 NtQuerySymbolicLinkObject(
2850 IN HANDLE SymLinkObjHandle
,
2851 OUT PUNICODE_STRING LinkTarget
,
2852 OUT PULONG DataWritten OPTIONAL
2857 ZwQuerySymbolicLinkObject(
2858 IN HANDLE SymLinkObjHandle
,
2859 OUT PUNICODE_STRING LinkName
,
2860 OUT PULONG DataWritten OPTIONAL
2865 * FUNCTION: Queries a system environment variable.
2867 * Name = Name of the variable
2868 * Value (OUT) = value of the variable
2869 * Length = size of the buffer
2870 * ReturnLength = data written
2876 NtQuerySystemEnvironmentValue(
2877 IN PUNICODE_STRING Name
,
2885 ZwQuerySystemEnvironmentValue(
2886 IN PUNICODE_STRING Name
,
2894 * FUNCTION: Queries the system information.
2896 * SystemInformationClass = Index to a certain information structure
2898 SystemTimeAdjustmentInformation SYSTEM_TIME_ADJUSTMENT
2899 SystemCacheInformation SYSTEM_CACHE_INFORMATION
2900 SystemConfigurationInformation CONFIGURATION_INFORMATION
2902 * SystemInformation = caller supplies storage for the information structure
2903 * Length = size of the structure
2904 ResultLength = Data written
2910 NtQuerySystemInformation(
2911 IN SYSTEM_INFORMATION_CLASS SystemInformationClass
,
2912 OUT PVOID SystemInformation
,
2914 OUT PULONG ResultLength
2919 ZwQuerySystemInformation(
2920 IN SYSTEM_INFORMATION_CLASS SystemInformationClass
,
2921 OUT PVOID SystemInformation
,
2923 OUT PULONG ResultLength
2927 * FUNCTION: Retrieves the system time
2929 * CurrentTime (OUT) = Caller should supply storage for the resulting time.
2937 OUT TIME
*CurrentTime
2941 * FUNCTION: Queries information about a timer
2943 * TimerHandle = Handle to the timer
2944 TimerValueInformationClass = Index to a certain information structure
2945 TimerValueInformation = Caller supplies storage for the information structure
2946 Length = Size of the information structure
2947 ResultLength = Data written
2954 IN HANDLE TimerHandle
,
2955 IN CINT TimerInformationClass
,
2956 OUT PVOID TimerInformation
,
2958 OUT PULONG ResultLength
2963 IN HANDLE TimerHandle
,
2964 IN CINT TimerInformationClass
,
2965 OUT PVOID TimerInformation
,
2967 OUT PULONG ResultLength
2971 * FUNCTION: Queries the timer resolution
2973 * MinimumResolution (OUT) = Caller should supply storage for the resulting time.
2974 Maximum Resolution (OUT) = Caller should supply storage for the resulting time.
2975 ActualResolution (OUT) = Caller should supply storage for the resulting time.
2983 NtQueryTimerResolution (
2984 OUT PULONG MinimumResolution
,
2985 OUT PULONG MaximumResolution
,
2986 OUT PULONG ActualResolution
2991 ZwQueryTimerResolution (
2992 OUT PULONG MinimumResolution
,
2993 OUT PULONG MaximumResolution
,
2994 OUT PULONG ActualResolution
2998 * FUNCTION: Queries a registry key value
3000 * KeyHandle = Handle to the registry key
3001 ValueName = Name of the value in the registry key
3002 KeyValueInformationClass = Index to a certain information structure
3004 KeyValueBasicInformation = KEY_VALUE_BASIC_INFORMATION
3005 KeyValueFullInformation = KEY_FULL_INFORMATION
3006 KeyValuePartialInformation = KEY_VALUE_PARTIAL_INFORMATION
3008 KeyValueInformation = Caller supplies storage for the information structure
3009 Length = Size of the information structure
3010 ResultLength = Data written
3017 IN HANDLE KeyHandle
,
3018 IN PUNICODE_STRING ValueName
,
3019 IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass
,
3020 OUT PVOID KeyValueInformation
,
3022 OUT PULONG ResultLength
3028 IN HANDLE KeyHandle
,
3029 IN PUNICODE_STRING ValueName
,
3030 IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass
,
3031 OUT PVOID KeyValueInformation
,
3033 OUT PULONG ResultLength
3040 * FUNCTION: Queries the virtual memory information.
3042 ProcessHandle = Process owning the virtual address space
3043 BaseAddress = Points to the page where the information is queried for.
3044 * VirtualMemoryInformationClass = Index to a certain information structure
3046 MemoryBasicInformation MEMORY_BASIC_INFORMATION
3048 * VirtualMemoryInformation = caller supplies storage for the information structure
3049 * Length = size of the structure
3050 ResultLength = Data written
3057 NtQueryVirtualMemory(
3058 IN HANDLE ProcessHandle
,
3060 IN IN CINT VirtualMemoryInformationClass
,
3061 OUT PVOID VirtualMemoryInformation
,
3063 OUT PULONG ResultLength
3067 * FUNCTION: Queries the volume information
3069 * FileHandle = Handle to a file object on the target volume
3070 * IoStatusBlock = Caller should supply storage for additional status information
3071 * ReturnLength = DataWritten
3072 * FsInformation = Caller should supply storage for the information structure.
3073 * Length = Size of the information structure
3074 * FsInformationClass = Index to a information structure
3076 FileFsVolumeInformation FILE_FS_VOLUME_INFORMATION
3077 FileFsLabelInformation FILE_FS_LABEL_INFORMATION
3078 FileFsSizeInformation FILE_FS_SIZE_INFORMATION
3079 FileFsDeviceInformation FILE_FS_DEVICE_INFORMATION
3080 FileFsAttributeInformation FILE_FS_ATTRIBUTE_INFORMATION
3081 FileFsControlInformation
3082 FileFsQuotaQueryInformation --
3083 FileFsQuotaSetInformation --
3084 FileFsMaximumInformation
3086 * RETURNS: Status [ STATUS_SUCCESS | STATUS_INSUFFICIENT_RESOURCES | STATUS_INVALID_PARAMETER |
3087 STATUS_INVALID_DEVICE_REQUEST | STATUS_BUFFER_OVERFLOW ]
3092 NtQueryVolumeInformationFile(
3093 IN HANDLE FileHandle
,
3094 OUT PIO_STATUS_BLOCK IoStatusBlock
,
3095 OUT PVOID FsInformation
,
3097 IN FS_INFORMATION_CLASS FsInformationClass
3102 ZwQueryVolumeInformationFile(
3103 IN HANDLE FileHandle
,
3104 OUT PIO_STATUS_BLOCK IoStatusBlock
,
3105 OUT PVOID FsInformation
,
3107 IN FS_INFORMATION_CLASS FsInformationClass
3110 // FIXME: Should I specify if the apc is user or kernel mode somewhere ??
3112 * FUNCTION: Queues a (user) apc to a thread.
3114 ThreadHandle = Thread to which the apc is queued.
3115 ApcRoutine = Points to the apc routine
3116 NormalContext = Argument to Apc Routine
3117 * SystemArgument1 = Argument of the Apc Routine
3118 SystemArgument2 = Argument of the Apc Routine
3119 * REMARK: If the apc is queued against a thread of a different process than the calling thread
3120 the apc routine should be specified in the address space of the queued thread's process.
3127 HANDLE ThreadHandle
,
3128 PKNORMAL_ROUTINE ApcRoutine
,
3129 PVOID NormalContext
,
3130 PVOID SystemArgument1
,
3131 PVOID SystemArgument2
);
3136 HANDLE ThreadHandle
,
3137 PKNORMAL_ROUTINE ApcRoutine
,
3138 PVOID NormalContext
,
3139 PVOID SystemArgument1
,
3140 PVOID SystemArgument2
);
3144 * FUNCTION: Raises an exception
3146 * ExceptionRecord = Structure specifying the exception
3147 * Context = Context in which the excpetion is raised
3156 IN PEXCEPTION_RECORD ExceptionRecord
,
3157 IN PCONTEXT Context
,
3158 IN BOOLEAN SearchFrames
3164 IN PEXCEPTION_RECORD ExceptionRecord
,
3165 IN PCONTEXT Context
,
3166 IN BOOLEAN SearchFrames
3170 * FUNCTION: Raises a hard error (stops the system)
3172 * Status = Status code of the hard error
3194 * FUNCTION: Read a file
3196 * FileHandle = Handle of a file to read
3197 * Event = This event is signalled when the read operation completes
3198 * UserApcRoutine = Call back , if supplied Event should be NULL
3199 * UserApcContext = Argument to the callback
3200 * IoStatusBlock = Caller should supply storage for additional status information
3201 * Buffer = Caller should supply storage to receive the information
3202 * BufferLength = Size of the buffer
3203 * ByteOffset = Offset to start reading the file
3204 * Key = If a range is lock a matching key will allow the read to continue.
3212 IN HANDLE FileHandle
,
3213 IN HANDLE Event OPTIONAL
,
3214 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL
,
3215 IN PVOID UserApcContext OPTIONAL
,
3216 OUT PIO_STATUS_BLOCK IoStatusBlock
,
3218 IN ULONG BufferLength
,
3219 IN PLARGE_INTEGER ByteOffset OPTIONAL
,
3220 IN PULONG Key OPTIONAL
3226 IN HANDLE FileHandle
,
3227 IN HANDLE Event OPTIONAL
,
3228 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL
,
3229 IN PVOID UserApcContext OPTIONAL
,
3230 OUT PIO_STATUS_BLOCK IoStatusBlock
,
3232 IN ULONG BufferLength
,
3233 IN PLARGE_INTEGER ByteOffset OPTIONAL
,
3234 IN PULONG Key OPTIONAL
3237 * FUNCTION: Read a file using scattered io
3239 FileHandle = Handle of a file to read
3240 Event = This event is signalled when the read operation completes
3241 * UserApcRoutine = Call back , if supplied Event should be NULL
3242 UserApcContext = Argument to the callback
3243 IoStatusBlock = Caller should supply storage for additional status information
3244 BufferDescription = Caller should supply storage to receive the information
3245 BufferLength = Size of the buffer
3246 ByteOffset = Offset to start reading the file
3247 Key = Key = If a range is lock a matching key will allow the read to continue.
3254 IN HANDLE FileHandle
,
3255 IN HANDLE Event OPTIONAL
,
3256 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL
,
3257 IN PVOID UserApcContext OPTIONAL
,
3258 OUT PIO_STATUS_BLOCK UserIoStatusBlock
,
3259 IN FILE_SEGMENT_ELEMENT BufferDescription
[],
3260 IN ULONG BufferLength
,
3261 IN PLARGE_INTEGER ByteOffset
,
3262 IN PULONG Key OPTIONAL
3268 IN HANDLE FileHandle
,
3269 IN HANDLE Event OPTIONAL
,
3270 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL
,
3271 IN PVOID UserApcContext OPTIONAL
,
3272 OUT PIO_STATUS_BLOCK UserIoStatusBlock
,
3273 IN FILE_SEGMENT_ELEMENT BufferDescription
[],
3274 IN ULONG BufferLength
,
3275 IN PLARGE_INTEGER ByteOffset
,
3276 IN PULONG Key OPTIONAL
3279 * FUNCTION: Copies a range of virtual memory to a buffer
3281 * ProcessHandle = Specifies the process owning the virtual address space
3282 * BaseAddress = Points to the address of virtual memory to start the read
3283 * Buffer = Caller supplies storage to copy the virtual memory to.
3284 * NumberOfBytesToRead = Limits the range to read
3285 * NumberOfBytesRead = The actual number of bytes read.
3291 NtReadVirtualMemory(
3292 IN HANDLE ProcessHandle
,
3293 IN PVOID BaseAddress
,
3295 IN ULONG NumberOfBytesToRead
,
3296 OUT PULONG NumberOfBytesRead
3300 ZwReadVirtualMemory(
3301 IN HANDLE ProcessHandle
,
3302 IN PVOID BaseAddress
,
3304 IN ULONG NumberOfBytesToRead
,
3305 OUT PULONG NumberOfBytesRead
3310 * FUNCTION: Debugger can register for thread termination
3312 * TerminationPort = Port on which the debugger likes to be notified.
3317 NtRegisterThreadTerminatePort(
3318 HANDLE TerminationPort
3322 ZwRegisterThreadTerminatePort(
3323 HANDLE TerminationPort
3327 * FUNCTION: Releases a mutant
3329 * MutantHandle = Handle to the mutant
3336 IN HANDLE MutantHandle
,
3337 IN PULONG ReleaseCount OPTIONAL
3343 IN HANDLE MutantHandle
,
3344 IN PULONG ReleaseCount OPTIONAL
3348 * FUNCTION: Releases a semaphore
3350 * SemaphoreHandle = Handle to the semaphore object
3351 * ReleaseCount = Number to decrease the semaphore count
3352 * PreviousCount = Previous semaphore count
3358 IN HANDLE SemaphoreHandle
,
3359 IN LONG ReleaseCount
,
3360 OUT PLONG PreviousCount
3366 IN HANDLE SemaphoreHandle
,
3367 IN LONG ReleaseCount
,
3368 OUT PLONG PreviousCount
3372 * FUNCTION: Removes an io completion
3374 * CompletionPort (OUT) = Caller supplied storage for the resulting handle
3375 * CompletionKey = Requested access to the key
3376 * IoStatusBlock = Caller provides storage for extended status information
3377 * CompletionStatus = Current status of the io operation.
3378 * WaitTime = Time to wait if ..
3383 NtRemoveIoCompletion(
3384 IN HANDLE CompletionPort
,
3385 OUT PULONG CompletionKey
,
3386 OUT PIO_STATUS_BLOCK IoStatusBlock
,
3387 OUT PULONG CompletionStatus
,
3388 IN PLARGE_INTEGER WaitTime
3393 ZwRemoveIoCompletion(
3394 IN HANDLE CompletionPort
,
3395 OUT PULONG CompletionKey
,
3396 OUT PIO_STATUS_BLOCK IoStatusBlock
,
3397 OUT PULONG CompletionStatus
,
3398 IN PLARGE_INTEGER WaitTime
3401 * FUNCTION: Replaces one registry key with another
3403 * ObjectAttributes = Specifies the attributes of the key
3404 * Key = Handle to the key
3405 * ReplacedObjectAttributes = The function returns the old object attributes
3411 IN POBJECT_ATTRIBUTES ObjectAttributes
,
3413 IN POBJECT_ATTRIBUTES ReplacedObjectAttributes
3418 IN POBJECT_ATTRIBUTES ObjectAttributes
,
3420 IN POBJECT_ATTRIBUTES ReplacedObjectAttributes
3424 * FUNCTION: Resets a event to a non signaled state
3426 * EventHandle = Handle to the event that should be reset
3427 * NumberOfWaitingThreads = The number of threads released.
3434 PULONG NumberOfWaitingThreads OPTIONAL
3440 PULONG NumberOfWaitingThreads OPTIONAL
3459 * FUNCTION: Decrements a thread's resume count
3461 * ThreadHandle = Handle to the thread that should be resumed
3462 * ResumeCount = The resulting resume count.
3464 * A thread is resumed if its suspend count is 0. This procedure maps to
3465 * the win32 ResumeThread function. ( documentation about the the suspend count can be found here aswell )
3471 IN HANDLE ThreadHandle
,
3472 OUT PULONG SuspendCount
3477 IN HANDLE ThreadHandle
,
3478 OUT PULONG SuspendCount
3481 * FUNCTION: Writes the content of a registry key to ascii file
3483 * KeyHandle = Handle to the key
3484 * FileHandle = Handle of the file
3486 This function maps to the Win32 RegSaveKey.
3493 IN HANDLE KeyHandle
,
3494 IN HANDLE FileHandle
3499 IN HANDLE KeyHandle
,
3500 IN HANDLE FileHandle
3504 * FUNCTION: Sets the context of a specified thread.
3506 * ThreadHandle = Handle to the thread
3507 * Context = The processor context.
3514 IN HANDLE ThreadHandle
,
3520 IN HANDLE ThreadHandle
,
3525 * FUNCTION: Sets the default locale id
3527 * UserProfile = Type of locale id
3528 * TRUE: thread locale id
3529 * FALSE: system locale id
3530 * DefaultLocaleId = Locale id
3537 IN BOOLEAN UserProfile
,
3538 IN LCID DefaultLocaleId
3544 IN BOOLEAN UserProfile
,
3545 IN LCID DefaultLocaleId
3549 * FUNCTION: Sets the default hard error port
3551 * PortHandle = Handle to the port
3552 * NOTE: The hard error port is used for first change exception handling
3557 NtSetDefaultHardErrorPort(
3558 IN HANDLE PortHandle
3562 ZwSetDefaultHardErrorPort(
3563 IN HANDLE PortHandle
3567 * FUNCTION: Sets the extended attributes of a file.
3569 * FileHandle = Handle to the file
3570 * IoStatusBlock = Storage for a resulting status and information
3571 * on the current operation.
3572 * EaBuffer = Extended Attributes buffer.
3573 * EaBufferSize = Size of the extended attributes buffer
3579 IN HANDLE FileHandle
,
3580 IN PIO_STATUS_BLOCK IoStatusBlock
,
3587 IN HANDLE FileHandle
,
3588 IN PIO_STATUS_BLOCK IoStatusBlock
,
3593 //FIXME: should I return the event state ?
3596 * FUNCTION: Sets the event to a signalled state.
3598 * EventHandle = Handle to the event
3599 * NumberOfThreadsReleased = The number of threads released
3601 * This procedure maps to the win32 SetEvent function.
3608 IN HANDLE EventHandle
,
3609 PULONG NumberOfThreadsReleased
3615 IN HANDLE EventHandle
,
3616 PULONG NumberOfThreadsReleased
3620 * FUNCTION: Sets the high part of an event pair
3622 EventPair = Handle to the event pair
3629 IN HANDLE EventPairHandle
3635 IN HANDLE EventPairHandle
3638 * FUNCTION: Sets the high part of an event pair and wait for the low part
3640 EventPair = Handle to the event pair
3645 NtSetHighWaitLowEventPair(
3646 IN HANDLE EventPairHandle
3650 ZwSetHighWaitLowEventPair(
3651 IN HANDLE EventPairHandle
3655 * FUNCTION: Sets the information of a file object.
3657 * FileHandle = Handle to the file object
3658 * IoStatusBlock = Caller supplies storage for extended information
3659 * on the current operation.
3660 * FileInformation = Storage for the new file information
3661 * Lenght = Size of the new file information.
3662 * FileInformationClass = Indicates to a certain information structure
3664 FileNameInformation FILE_NAME_INFORMATION
3665 FileRenameInformation FILE_RENAME_INFORMATION
3666 FileStreamInformation FILE_STREAM_INFORMATION
3667 * FileCompletionInformation IO_COMPLETION_CONTEXT
3670 * This procedure maps to the win32 SetEndOfFile, SetFileAttributes,
3671 * SetNamedPipeHandleState, SetMailslotInfo functions.
3678 NtSetInformationFile(
3679 IN HANDLE FileHandle
,
3680 IN PIO_STATUS_BLOCK IoStatusBlock
,
3681 IN PVOID FileInformation
,
3683 IN FILE_INFORMATION_CLASS FileInformationClass
3687 ZwSetInformationFile(
3688 IN HANDLE FileHandle
,
3689 IN PIO_STATUS_BLOCK IoStatusBlock
,
3690 IN PVOID FileInformation
,
3692 IN FILE_INFORMATION_CLASS FileInformationClass
3698 * FUNCTION: Sets the information of a registry key.
3700 * KeyHandle = Handle to the registry key
3701 * KeyInformationClass = Index to the a certain information structure.
3702 Can be one of the following values:
3704 * KeyWriteTimeInformation KEY_WRITE_TIME_INFORMATION
3706 KeyInformation = Storage for the new information
3707 * KeyInformationLength = Size of the information strucure
3713 NtSetInformationKey(
3714 IN HANDLE KeyHandle
,
3715 IN CINT KeyInformationClass
,
3716 IN PVOID KeyInformation
,
3717 IN ULONG KeyInformationLength
3721 * FUNCTION: Changes a set of thread specific parameters
3723 * ThreadHandle = Handle to the thread
3724 * ThreadInformationClass = Index to the set of parameters to change.
3725 * Can be one of the following values:
3727 * ThreadBasicInformation THREAD_BASIC_INFORMATION
3728 * ThreadPriority KPRIORITY //???
3729 * ThreadBasePriority KPRIORITY
3730 * ThreadAffinityMask KAFFINITY //??
3731 * ThreadImpersonationToken ACCESS_TOKEN
3732 * ThreadIdealProcessor ULONG
3733 * ThreadPriorityBoost ULONG
3735 * ThreadInformation = Caller supplies storage for parameters to set.
3736 * ThreadInformationLength = Size of the storage supplied
3741 NtSetInformationThread(
3742 IN HANDLE ThreadHandle
,
3743 IN THREADINFOCLASS ThreadInformationClass
,
3744 IN PVOID ThreadInformation
,
3745 IN ULONG ThreadInformationLength
3749 ZwSetInformationThread(
3750 IN HANDLE ThreadHandle
,
3751 IN THREADINFOCLASS ThreadInformationClass
,
3752 IN PVOID ThreadInformation
,
3753 IN ULONG ThreadInformationLength
3757 * FUNCTION: Changes a set of token specific parameters
3759 * TokenHandle = Handle to the token
3760 * TokenInformationClass = Index to a certain information structure.
3761 * Can be one of the following values:
3763 TokenUser TOKEN_USER
3764 TokenGroups TOKEN_GROUPS
3765 TokenPrivileges TOKEN_PRIVILEGES
3766 TokenOwner TOKEN_OWNER
3767 TokenPrimaryGroup TOKEN_PRIMARY_GROUP
3768 TokenDefaultDacl TOKEN_DEFAULT_DACL
3769 TokenSource TOKEN_SOURCE
3770 TokenType TOKEN_TYPE
3771 TokenImpersonationLevel TOKEN_IMPERSONATION_LEVEL
3772 TokenStatistics TOKEN_STATISTICS
3774 * TokenInformation = Caller supplies storage for information structure.
3775 * TokenInformationLength = Size of the information structure
3781 NtSetInformationToken(
3782 IN HANDLE TokenHandle
,
3783 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
3784 OUT PVOID TokenInformation
,
3785 IN ULONG TokenInformationLength
3790 ZwSetInformationToken(
3791 IN HANDLE TokenHandle
,
3792 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
3793 OUT PVOID TokenInformation
,
3794 IN ULONG TokenInformationLength
3799 * FUNCTION: Sets an io completion
3804 * NumberOfBytesToTransfer =
3805 * NumberOfBytesTransferred =
3811 IN HANDLE CompletionPort
,
3812 IN ULONG CompletionKey
,
3813 OUT PIO_STATUS_BLOCK IoStatusBlock
,
3814 IN ULONG NumberOfBytesToTransfer
,
3815 OUT PULONG NumberOfBytesTransferred
3820 IN HANDLE CompletionPort
,
3821 IN ULONG CompletionKey
,
3822 OUT PIO_STATUS_BLOCK IoStatusBlock
,
3823 IN ULONG NumberOfBytesToTransfer
,
3824 OUT PULONG NumberOfBytesTransferred
3828 * FUNCTION: Set properties for profiling
3838 NtSetIntervalProfile(
3840 KPROFILE_SOURCE ClockSource
3845 ZwSetIntervalProfile(
3847 KPROFILE_SOURCE ClockSource
3852 * FUNCTION: Sets the low part of an event pair
3854 EventPair = Handle to the event pair
3869 * FUNCTION: Sets the low part of an event pair and wait for the high part
3871 EventPair = Handle to the event pair
3876 NtSetLowWaitHighEventPair(
3881 ZwSetLowWaitHighEventPair(
3887 NtSetSecurityObject(
3889 IN SECURITY_INFORMATION SecurityInformation
,
3890 IN PSECURITY_DESCRIPTOR SecurityDescriptor
3895 ZwSetSecurityObject(
3897 IN SECURITY_INFORMATION SecurityInformation
,
3898 IN PSECURITY_DESCRIPTOR SecurityDescriptor
3903 * FUNCTION: Sets a system environment variable
3905 * ValueName = Name of the environment variable
3906 * Value = Value of the environment variable
3911 NtSetSystemEnvironmentValue(
3912 IN PUNICODE_STRING VariableName
,
3913 IN PUNICODE_STRING Value
3917 ZwSetSystemEnvironmentValue(
3918 IN PUNICODE_STRING VariableName
,
3919 IN PUNICODE_STRING Value
3922 * FUNCTION: Sets system parameters
3924 * SystemInformationClass = Index to a particular set of system parameters
3925 * Can be one of the following values:
3927 * SystemTimeAdjustmentInformation SYSTEM_TIME_ADJUSTMENT
3929 * SystemInformation = Structure containing the parameters.
3930 * SystemInformationLength = Size of the structure.
3935 NtSetSystemInformation(
3936 IN SYSTEM_INFORMATION_CLASS SystemInformationClass
,
3937 IN PVOID SystemInformation
,
3938 IN ULONG SystemInformationLength
3943 ZwSetSystemInformation(
3944 IN SYSTEM_INFORMATION_CLASS SystemInformationClass
,
3945 IN PVOID SystemInformation
,
3946 IN ULONG SystemInformationLength
3950 * FUNCTION: Sets the system time
3952 * SystemTime = Old System time
3953 * NewSystemTime = New System time
3959 IN PLARGE_INTEGER SystemTime
,
3960 IN PLARGE_INTEGER NewSystemTime OPTIONAL
3965 IN PLARGE_INTEGER SystemTime
,
3966 IN PLARGE_INTEGER NewSystemTime OPTIONAL
3969 * FUNCTION: Sets the characteristics of a timer
3971 * TimerHandle = Handle to the timer
3972 * DueTime = Time before the timer becomes signalled for the first time.
3973 * TimerApcRoutine = Completion routine can be called on time completion
3974 * TimerContext = Argument to the completion routine
3975 * Resume = Specifies if the timer should repeated after completing one cycle
3976 * Period = Cycle of the timer
3977 * REMARKS: This routine maps to the win32 SetWaitableTimer.
3983 IN HANDLE TimerHandle
,
3984 IN PLARGE_INTEGER DueTime
,
3985 IN PTIMERAPCROUTINE TimerApcRoutine
,
3986 IN PVOID TimerContext
,
3988 IN ULONG Period OPTIONAL
,
3989 OUT PBOOLEAN PreviousState OPTIONAL
3993 * FUNCTION: Sets the frequency of the system timer
3995 * RequestedResolution =
3997 * ActualResolution =
4002 NtSetTimerResolution(
4003 IN ULONG RequestedResolution
,
4005 OUT PULONG ActualResolution
4009 ZwSetTimerResolution(
4010 IN ULONG RequestedResolution
,
4012 OUT PULONG ActualResolution
4016 * FUNCTION: Sets the value of a registry key
4018 * KeyHandle = Handle to a registry key
4019 * ValueName = Name of the value entry to change
4020 * TitleIndex = pointer to a structure containing the new volume information
4021 * Type = Type of the registry key. Can be one of the values:
4022 * REG_BINARY Unspecified binary data
4023 * REG_DWORD A 32 bit value
4024 * REG_DWORD_LITTLE_ENDIAN Same as REG_DWORD
4025 * REG_DWORD_BIG_ENDIAN A 32 bit value whose least significant byte is at the highest address
4026 * REG_EXPAND_SZ A zero terminated wide character string with unexpanded environment variables ( "%PATH%" )
4027 * REG_LINK A zero terminated wide character string referring to a symbolic link.
4028 * REG_MULTI_SZ A series of zero-terminated strings including a additional trailing zero
4029 * REG_NONE Unspecified type
4030 * REG_SZ A wide character string ( zero terminated )
4031 * REG_RESOURCE_LIST ??
4032 * REG_RESOURCE_REQUIREMENTS_LIST ??
4033 * REG_FULL_RESOURCE_DESCRIPTOR ??
4034 * Data = Contains the data for the registry key.
4035 * DataSize = size of the data.
4041 IN HANDLE KeyHandle
,
4042 IN PUNICODE_STRING ValueName
,
4043 IN ULONG TitleIndex OPTIONAL
,
4051 IN HANDLE KeyHandle
,
4052 IN PUNICODE_STRING ValueName
,
4053 IN ULONG TitleIndex OPTIONAL
,
4060 * FUNCTION: Sets the volume information.
4062 * FileHandle = Handle to the file
4063 * IoStatusBlock = Caller should supply storage for additional status information
4064 * VolumeInformation = pointer to a structure containing the new volume information
4065 * Length = size of the structure.
4066 * VolumeInformationClass = specifies the particular volume information to set
4071 NtSetVolumeInformationFile(
4072 IN HANDLE FileHandle
,
4073 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4074 IN PVOID FsInformation
,
4076 IN FS_INFORMATION_CLASS FsInformationClass
4081 ZwSetVolumeInformationFile(
4082 IN HANDLE FileHandle
,
4083 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4084 IN PVOID FsInformation
,
4086 IN FS_INFORMATION_CLASS FsInformationClass
4090 * FUNCTION: Shuts the system down
4092 * Action = Specifies the type of shutdown, it can be one of the following values:
4093 * ShutdownNoReboot, ShutdownReboot, ShutdownPowerOff
4099 IN SHUTDOWN_ACTION Action
4105 IN SHUTDOWN_ACTION Action
4109 /* --- PROFILING --- */
4112 * FUNCTION: Starts profiling
4114 * ProfileHandle = Handle to the profile
4121 HANDLE ProfileHandle
4127 HANDLE ProfileHandle
4131 * FUNCTION: Stops profiling
4133 * ProfileHandle = Handle to the profile
4140 HANDLE ProfileHandle
4146 HANDLE ProfileHandle
4149 /* --- PROCESS MANAGEMENT --- */
4151 //--NtSystemDebugControl
4153 * FUNCTION: Terminates the execution of a process.
4155 * ThreadHandle = Handle to the process
4156 * ExitStatus = The exit status of the process to terminate with.
4158 Native applications should kill themselves using this function.
4164 IN HANDLE ProcessHandle
,
4165 IN NTSTATUS ExitStatus
4170 IN HANDLE ProcessHandle
,
4171 IN NTSTATUS ExitStatus
4174 /* --- DEVICE DRIVER CONTROL --- */
4177 * FUNCTION: Unloads a driver.
4179 * DriverServiceName = Name of the driver to unload
4185 IN PUNICODE_STRING DriverServiceName
4190 IN PUNICODE_STRING DriverServiceName
4193 /* --- VIRTUAL MEMORY MANAGEMENT --- */
4196 * FUNCTION: Writes a range of virtual memory
4198 * ProcessHandle = The handle to the process owning the address space.
4199 * BaseAddress = The points to the address to write to
4200 * Buffer = Pointer to the buffer to write
4201 * NumberOfBytesToWrite = Offset to the upper boundary to write
4202 * NumberOfBytesWritten = Total bytes written
4204 * This function maps to the win32 WriteProcessMemory
4209 NtWriteVirtualMemory(
4210 IN HANDLE ProcessHandle
,
4211 IN PVOID BaseAddress
,
4213 IN ULONG NumberOfBytesToWrite
,
4214 OUT PULONG NumberOfBytesWritten
4219 ZwWriteVirtualMemory(
4220 IN HANDLE ProcessHandle
,
4221 IN PVOID BaseAddress
,
4223 IN ULONG NumberOfBytesToWrite
,
4224 OUT PULONG NumberOfBytesWritten
4228 * FUNCTION: Unlocks a range of virtual memory.
4230 * ProcessHandle = Handle to the process
4231 * BaseAddress = Lower boundary of the range of bytes to unlock.
4232 * NumberOfBytesToUnlock = Offset to the upper boundary to unlock.
4233 * NumberOfBytesUnlocked (OUT) = Number of bytes actually unlocked.
4235 This procedure maps to the win32 procedure VirtualUnlock
4236 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PAGE_WAS_ULOCKED ]
4240 NtUnlockVirtualMemory(
4241 IN HANDLE ProcessHandle
,
4242 IN PVOID BaseAddress
,
4243 IN ULONG NumberOfBytesToUnlock
,
4244 OUT PULONG NumberOfBytesUnlocked OPTIONAL
4248 * FUNCTION: Unmaps a piece of virtual memory backed by a file.
4250 * ProcessHandle = Handle to the process
4251 * BaseAddress = The address where the mapping begins
4253 This procedure maps to the win32 UnMapViewOfFile
4258 NtUnmapViewOfSection(
4259 IN HANDLE ProcessHandle
,
4260 IN PVOID BaseAddress
4264 ZwUnmapViewOfSection(
4265 IN HANDLE ProcessHandle
,
4266 IN PVOID BaseAddress
4269 /* --- OBJECT SYNCHRONIZATION --- */
4272 * FUNCTION: Signals an object and wait for an other one.
4274 * SignalObject = Handle to the object that should be signaled
4275 * WaitObject = Handle to the object that should be waited for
4276 * Alertable = True if the wait is alertable
4277 * Time = The time to wait
4282 NtSignalAndWaitForSingleObject(
4283 IN HANDLE SignalObject
,
4284 IN HANDLE WaitObject
,
4285 IN BOOLEAN Alertable
,
4286 IN PLARGE_INTEGER Time
4291 ZwSignalAndWaitForSingleObject(
4292 IN HANDLE SignalObject
,
4293 IN HANDLE WaitObject
,
4294 IN BOOLEAN Alertable
,
4295 IN PLARGE_INTEGER Time
4299 * FUNCTION: Waits for multiple objects to become signalled.
4301 * Count = The number of objects
4302 * Object = The array of object handles
4303 * WaitType = Can be one of the values UserMode or KernelMode
4304 * Alertable = If true the wait is alertable.
4305 * Time = The maximum wait time.
4307 * This function maps to the win32 WaitForMultipleObjectEx.
4312 NtWaitForMultipleObjects (
4316 IN BOOLEAN Alertable
,
4317 IN PLARGE_INTEGER Time
4321 * FUNCTION: Waits for an object to become signalled.
4323 * Object = The object handle
4324 * Alertable = If true the wait is alertable.
4325 * Time = The maximum wait time.
4327 * This function maps to the win32 WaitForSingleObjectEx.
4332 NtWaitForSingleObject (
4334 IN BOOLEAN Alertable
,
4335 IN PLARGE_INTEGER Time
4340 ZwWaitForSingleObject (
4342 IN BOOLEAN Alertable
,
4343 IN PLARGE_INTEGER Time
4346 /* --- EVENT PAIR OBJECT --- */
4349 * FUNCTION: Waits for the high part of an eventpair to become signalled
4351 * EventPairHandle = Handle to the event pair.
4357 NtWaitHighEventPair(
4358 IN HANDLE EventPairHandle
4363 ZwWaitHighEventPair(
4364 IN HANDLE EventPairHandle
4368 * FUNCTION: Waits for the low part of an eventpair to become signalled
4370 * EventPairHandle = Handle to the event pair.
4376 IN HANDLE EventPairHandle
4382 IN HANDLE EventPairHandle
4385 /* --- FILE MANAGEMENT --- */
4388 * FUNCTION: Unlocks a range of bytes in a file.
4390 * FileHandle = Handle to the file
4391 * IoStatusBlock = Caller should supply storage for a structure containing
4392 * the completion status and information about the requested unlock operation.
4393 The information field is set to the number of bytes unlocked.
4394 * ByteOffset = Offset to start the range of bytes to unlock
4395 * Length = Number of bytes to unlock.
4396 * Key = Special value to enable other threads to unlock a file than the
4397 thread that locked the file. The key supplied must match with the one obtained
4398 in a previous call to NtLockFile.
4400 This procedure maps to the win32 procedure UnlockFileEx. STATUS_PENDING is returned if the lock could
4401 not be obtained immediately, the device queue is busy and the IRP is queued.
4402 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES |
4403 STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_RANGE_NOT_LOCKED ]
4408 IN HANDLE FileHandle
,
4409 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4410 IN PLARGE_INTEGER ByteOffset
,
4411 IN PLARGE_INTEGER Lenght
,
4412 OUT PULONG Key OPTIONAL
4417 IN HANDLE FileHandle
,
4418 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4419 IN PLARGE_INTEGER ByteOffset
,
4420 IN PLARGE_INTEGER Lenght
,
4421 OUT PULONG Key OPTIONAL
4425 * FUNCTION: Writes data to a file
4427 * FileHandle = The handle a file ( from NtCreateFile )
4428 * Event = Specifies a event that will become signalled when the write operation completes.
4429 * ApcRoutine = Asynchroneous Procedure Callback [ Should not be used by device drivers ]
4430 * ApcContext = Argument to the Apc Routine
4431 * IoStatusBlock = Caller should supply storage for a structure containing the completion status and information about the requested write operation.
4432 * Buffer = Caller should supply storage for a buffer that will contain the information to be written to file.
4433 * Length = Size in bytest of the buffer
4434 * ByteOffset = Points to a file offset. If a combination of Length and BytesOfSet is past the end-of-file mark the file will be enlarged.
4435 * BytesOffset is ignored if the file is created with FILE_APPEND_DATA in the DesiredAccess. BytesOffset is also ignored if
4436 * the file is created with CreateOptions flags FILE_SYNCHRONOUS_IO_ALERT or FILE_SYNCHRONOUS_IO_NONALERT set, in that case a offset
4437 * should be created by specifying FILE_USE_FILE_POINTER_POSITION.
4440 * This function maps to the win32 WriteFile.
4441 * Callers to NtWriteFile should run at IRQL PASSIVE_LEVEL.
4442 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES
4443 STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_FILE_LOCK_CONFLICT ]
4448 IN HANDLE FileHandle
,
4449 IN HANDLE Event OPTIONAL
,
4450 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
4451 IN PVOID ApcContext OPTIONAL
,
4452 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4455 IN PLARGE_INTEGER ByteOffset
,
4456 IN PULONG Key OPTIONAL
4462 IN HANDLE FileHandle
,
4463 IN HANDLE Event OPTIONAL
,
4464 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
4465 IN PVOID ApcContext OPTIONAL
,
4466 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4469 IN PLARGE_INTEGER ByteOffset
,
4470 IN PULONG Key OPTIONAL
4474 * FUNCTION: Writes a file
4476 * FileHandle = The handle of the file
4478 * ApcRoutine = Asynchroneous Procedure Callback [ Should not be used by device drivers ]
4479 * ApcContext = Argument to the Apc Routine
4480 * IoStatusBlock = Caller should supply storage for a structure containing the completion status and information about the requested write operation.
4481 * BufferDescription = Caller should supply storage for a buffer that will contain the information to be written to file.
4482 * BufferLength = Size in bytest of the buffer
4483 * ByteOffset = Points to a file offset. If a combination of Length and BytesOfSet is past the end-of-file mark the file will be enlarged.
4484 * BytesOffset is ignored if the file is created with FILE_APPEND_DATA in the DesiredAccess. BytesOffset is also ignored if
4485 * the file is created with CreateOptions flags FILE_SYNCHRONOUS_IO_ALERT or FILE_SYNCHRONOUS_IO_NONALERT set, in that case a offset
4486 * should be created by specifying FILE_USE_FILE_POINTER_POSITION. Use FILE_WRITE_TO_END_OF_FILE to write to the EOF.
4487 * Key = If a matching key [ a key provided at NtLockFile ] is provided the write operation will continue even if a byte range is locked.
4489 * This function maps to the win32 WriteFile.
4490 * Callers to NtWriteFile should run at IRQL PASSIVE_LEVEL.
4491 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES
4492 STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_FILE_LOCK_CONFLICT ]
4498 IN HANDLE FileHandle
,
4499 IN HANDLE Event OPTIONAL
,
4500 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
4501 IN PVOID ApcContext OPTIONAL
,
4502 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4503 IN FILE_SEGMENT_ELEMENT BufferDescription
[],
4504 IN ULONG BufferLength
,
4505 IN PLARGE_INTEGER ByteOffset
,
4506 IN PULONG Key OPTIONAL
4512 IN HANDLE FileHandle
,
4513 IN HANDLE Event OPTIONAL
,
4514 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
4515 IN PVOID ApcContext OPTIONAL
,
4516 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4517 IN FILE_SEGMENT_ELEMENT BufferDescription
[],
4518 IN ULONG BufferLength
,
4519 IN PLARGE_INTEGER ByteOffset
,
4520 IN PULONG Key OPTIONAL
4524 /* --- THREAD MANAGEMENT --- */
4527 * FUNCTION: Increments a thread's resume count
4529 * ThreadHandle = Handle to the thread that should be resumed
4530 * PreviousSuspendCount = The resulting/previous suspend count.
4532 * A thread will be suspended if its suspend count is greater than 0. This procedure maps to
4533 * the win32 SuspendThread function. ( documentation about the the suspend count can be found here aswell )
4534 * The suspend count is not increased if it is greater than MAXIMUM_SUSPEND_COUNT.
4540 IN HANDLE ThreadHandle
,
4541 IN PULONG PreviousSuspendCount
4547 IN HANDLE ThreadHandle
,
4548 IN PULONG PreviousSuspendCount
4552 * FUNCTION: Terminates the execution of a thread.
4554 * ThreadHandle = Handle to the thread
4555 * ExitStatus = The exit status of the thread to terminate with.
4561 IN HANDLE ThreadHandle
,
4562 IN NTSTATUS ExitStatus
4567 IN HANDLE ThreadHandle
,
4568 IN NTSTATUS ExitStatus
4571 * FUNCTION: Tests to see if there are any pending alerts for the calling thread
4586 * FUNCTION: Yields the callers thread.
4603 * --- Local Procedure Call Facility
4604 * These prototypes are unknown as yet
4605 * (stack sizes by Peter-Michael Hager)
4608 /* --- REGISTRY --- */
4611 * FUNCTION: Unloads a registry key.
4613 * KeyHandle = Handle to the registry key
4615 * This procedure maps to the win32 procedure RegUnloadKey
4624 /* --- PLUG AND PLAY --- */
4634 NtGetPlugPlayEvent (
4638 /* --- POWER MANAGEMENT --- */
4641 NtSetSystemPowerState(IN POWER_ACTION SystemAction
,
4642 IN SYSTEM_POWER_STATE MinSystemState
,
4645 /* --- DEBUG SUBSYSTEM --- */
4648 NtSystemDebugControl(DEBUG_CONTROL_CODE ControlCode
,
4650 ULONG InputBufferLength
,
4652 ULONG OutputBufferLength
,
4653 PULONG ReturnLength
);
4655 /* --- VIRTUAL DOS MACHINE (VDM) --- */
4659 NtVdmControl (ULONG ControlCode
, PVOID ControlData
);
4665 NtW32Call(IN ULONG RoutineIndex
,
4667 IN ULONG ArgumentLength
,
4668 OUT PVOID
* Result OPTIONAL
,
4669 OUT PULONG ResultLength OPTIONAL
);
4671 /* --- CHANNELS --- */
4693 NtReplyWaitSendChannel (
4699 NtSendWaitReplyChannel (
4705 NtSetContextChannel (
4709 /* --- MISCELLANEA --- */
4711 //NTSTATUS STDCALL NtSetLdtEntries(VOID);
4723 NtQueryOleDirectoryFile (
4727 #endif /* __DDK_ZW_H */
projects / reactos.git / blob