2 /* $Id: zw.h,v 1.17 2003/09/10 06:12:21 vizzini Exp $
4 * COPYRIGHT: See COPYING in the top level directory
5 * PROJECT: ReactOS kernel
6 * PURPOSE: System call definitions
7 * FILE: include/ddk/zw.h
9 * ??/??/??: First few functions (David Welch)
10 * ??/??/??: Complete implementation by Ariadne
11 * 13/07/98: Reorganised things a bit (David Welch)
12 * 04/08/98: Added some documentation (Ariadne)
13 * 14/08/98: Added type TIME and change variable type from [1] to [0]
14 * 14/09/98: Added for each Nt call a corresponding Zw Call
15 * 09/08/03: Added ThreadEventPair routines
21 #include <ntos/security.h>
22 #include <ntos/zwtypes.h>
23 #include <napi/npipe.h>
25 #ifndef _RTLGETPROCESSHEAP_DEFINED_
26 #define _RTLGETPROCESSHEAP_DEFINED_
27 #define RtlGetProcessHeap() (NtCurrentPeb()->ProcessHeap)
30 // semaphore information
32 typedef enum _SEMAPHORE_INFORMATION_CLASS
34 SemaphoreBasicInformation
= 0
35 } SEMAPHORE_INFORMATION_CLASS
;
37 typedef struct _SEMAPHORE_BASIC_INFORMATION
41 } SEMAPHORE_BASIC_INFORMATION
, *PSEMAPHORE_BASIC_INFORMATION
;
45 typedef enum _EVENT_INFORMATION_CLASS
47 EventBasicInformation
= 0
48 } EVENT_INFORMATION_CLASS
;
50 typedef struct _EVENT_BASIC_INFORMATION
54 } EVENT_BASIC_INFORMATION
, *PEVENT_BASIC_INFORMATION
;
57 //#define SECURITY_INFORMATION ULONG
58 //typedef ULONG SECURITY_INFORMATION;
61 * FUNCTION: Adjusts the groups in an access token
63 * TokenHandle = Specifies the access token
64 * ResetToDefault = If true the NewState parameter is ignored and the groups are set to
65 * their default state, if false the groups specified in
68 * BufferLength = Specifies the size of the buffer for the PreviousState.
70 * ReturnLength = Bytes written in PreviousState buffer.
71 * REMARKS: The arguments map to the win32 AdjustTokenGroups
78 IN HANDLE TokenHandle
,
79 IN BOOLEAN ResetToDefault
,
80 IN PTOKEN_GROUPS NewState
,
81 IN ULONG BufferLength
,
82 OUT PTOKEN_GROUPS PreviousState OPTIONAL
,
83 OUT PULONG ReturnLength
89 IN HANDLE TokenHandle
,
90 IN BOOLEAN ResetToDefault
,
91 IN PTOKEN_GROUPS NewState
,
92 IN ULONG BufferLength
,
93 OUT PTOKEN_GROUPS PreviousState
,
94 OUT PULONG ReturnLength
102 * TokenHandle = Handle to the access token
103 * DisableAllPrivileges = The resulting suspend count.
109 * The arguments map to the win32 AdjustTokenPrivileges
115 NtAdjustPrivilegesToken(
116 IN HANDLE TokenHandle
,
117 IN BOOLEAN DisableAllPrivileges
,
118 IN PTOKEN_PRIVILEGES NewState
,
119 IN ULONG BufferLength
,
120 OUT PTOKEN_PRIVILEGES PreviousState
,
121 OUT PULONG ReturnLength
126 ZwAdjustPrivilegesToken(
127 IN HANDLE TokenHandle
,
128 IN BOOLEAN DisableAllPrivileges
,
129 IN PTOKEN_PRIVILEGES NewState
,
130 IN ULONG BufferLength
,
131 OUT PTOKEN_PRIVILEGES PreviousState
,
132 OUT PULONG ReturnLength
137 * FUNCTION: Decrements a thread's suspend count and places it in an alerted
140 * ThreadHandle = Handle to the thread that should be resumed
141 * SuspendCount = The resulting suspend count.
143 * A thread is resumed if its suspend count is 0
149 IN HANDLE ThreadHandle
,
150 OUT PULONG SuspendCount
156 IN HANDLE ThreadHandle
,
157 OUT PULONG SuspendCount
161 * FUNCTION: Puts the thread in a alerted state
163 * ThreadHandle = Handle to the thread that should be alerted
169 IN HANDLE ThreadHandle
175 IN HANDLE ThreadHandle
180 * FUNCTION: Allocates a locally unique id
182 * LocallyUniqueId = Locally unique number
187 NtAllocateLocallyUniqueId(
188 OUT LUID
*LocallyUniqueId
193 ZwAllocateLocallyUniqueId(
198 * FUNCTION: Allocates a block of virtual memory in the process address space
200 * ProcessHandle = The handle of the process which owns the virtual memory
201 * BaseAddress = A pointer to the virtual memory allocated. If you supply a non zero
202 * value the system will try to allocate the memory at the address supplied. It rounds
203 * it down to a multiple if the page size.
204 * ZeroBits = (OPTIONAL) You can specify the number of high order bits that must be zero, ensuring that
205 * the memory will be allocated at a address below a certain value.
206 * RegionSize = The number of bytes to allocate
207 * AllocationType = Indicates the type of virtual memory you like to allocated,
208 * can be one of the values : MEM_COMMIT, MEM_RESERVE, MEM_RESET, MEM_TOP_DOWN
209 * Protect = Indicates the protection type of the pages allocated, can be a combination of
210 * PAGE_READONLY, PAGE_READWRITE, PAGE_EXECUTE_READ,
211 * PAGE_EXECUTE_READWRITE, PAGE_GUARD, PAGE_NOACCESS, PAGE_NOACCESS
213 * This function maps to the win32 VirtualAllocEx. Virtual memory is process based so the
214 * protocol starts with a ProcessHandle. I splitted the functionality of obtaining the actual address and specifying
215 * the start address in two parameters ( BaseAddress and StartAddress ) The NumberOfBytesAllocated specify the range
216 * and the AllocationType and ProctectionType map to the other two parameters.
221 NtAllocateVirtualMemory (
222 IN HANDLE ProcessHandle
,
223 IN OUT PVOID
*BaseAddress
,
225 IN OUT PULONG RegionSize
,
226 IN ULONG AllocationType
,
232 ZwAllocateVirtualMemory (
233 IN HANDLE ProcessHandle
,
234 IN OUT PVOID
*BaseAddress
,
236 IN OUT PULONG RegionSize
,
237 IN ULONG AllocationType
,
241 * FUNCTION: Returns from a callback into user mode
245 //FIXME: this function might need 3 parameters
246 NTSTATUS STDCALL
NtCallbackReturn(PVOID Result
,
250 NTSTATUS STDCALL
ZwCallbackReturn(PVOID Result
,
255 * FUNCTION: Cancels a IO request
257 * FileHandle = Handle to the file
261 * This function maps to the win32 CancelIo.
267 IN HANDLE FileHandle
,
268 OUT PIO_STATUS_BLOCK IoStatusBlock
274 IN HANDLE FileHandle
,
275 OUT PIO_STATUS_BLOCK IoStatusBlock
279 * FUNCTION: Sets the status of the event back to non-signaled
281 * EventHandle = Handle to the event
283 * This function maps to win32 function ResetEvent.
290 IN HANDLE EventHandle
296 IN HANDLE EventHandle
300 * FUNCTION: Closes an object handle
302 * Handle = Handle to the object
304 * This function maps to the win32 function CloseHandle.
321 * FUNCTION: Generates an audit message when a handle to an object is dereferenced
324 HandleId = Handle to the object
327 * This function maps to the win32 function ObjectCloseAuditAlarm.
333 NtCloseObjectAuditAlarm(
334 IN PUNICODE_STRING SubsystemName
,
336 IN BOOLEAN GenerateOnClose
341 ZwCloseObjectAuditAlarm(
342 IN PUNICODE_STRING SubsystemName
,
344 IN BOOLEAN GenerateOnClose
348 * FUNCTION: Creates a directory object
350 * DirectoryHandle (OUT) = Caller supplied storage for the resulting handle
351 * DesiredAccess = Specifies access to the directory
352 * ObjectAttribute = Initialized attributes for the object
353 * REMARKS: This function maps to the win32 CreateDirectory. A directory is like a file so it needs a
354 * handle, a access mask and a OBJECT_ATTRIBUTES structure to map the path name and the SECURITY_ATTRIBUTES.
360 NtCreateDirectoryObject(
361 OUT PHANDLE DirectoryHandle
,
362 IN ACCESS_MASK DesiredAccess
,
363 IN POBJECT_ATTRIBUTES ObjectAttributes
368 ZwCreateDirectoryObject(
369 OUT PHANDLE DirectoryHandle
,
370 IN ACCESS_MASK DesiredAccess
,
371 IN POBJECT_ATTRIBUTES ObjectAttributes
375 * FUNCTION: Creates an event object
377 * EventHandle (OUT) = Caller supplied storage for the resulting handle
378 * DesiredAccess = Specifies access to the event
379 * ObjectAttribute = Initialized attributes for the object
380 * ManualReset = manual-reset or auto-reset if true you have to reset the state of the event manually
381 * using NtResetEvent/NtClearEvent. if false the system will reset the event to a non-signalled state
382 * automatically after the system has rescheduled a thread waiting on the event.
383 * InitialState = specifies the initial state of the event to be signaled ( TRUE ) or non-signalled (FALSE).
384 * REMARKS: This function maps to the win32 CreateEvent. Demanding a out variable of type HANDLE,
385 * a access mask and a OBJECT_ATTRIBUTES structure mapping to the SECURITY_ATTRIBUTES. ManualReset and InitialState are
386 * both parameters aswell ( possibly the order is reversed ).
393 OUT PHANDLE EventHandle
,
394 IN ACCESS_MASK DesiredAccess
,
395 IN POBJECT_ATTRIBUTES ObjectAttributes
,
396 IN BOOLEAN ManualReset
,
397 IN BOOLEAN InitialState
403 OUT PHANDLE EventHandle
,
404 IN ACCESS_MASK DesiredAccess
,
405 IN POBJECT_ATTRIBUTES ObjectAttributes
,
406 IN BOOLEAN ManualReset
,
407 IN BOOLEAN InitialState
411 * FUNCTION: Creates an eventpair object
413 * EventPairHandle (OUT) = Caller supplied storage for the resulting handle
414 * DesiredAccess = Specifies access to the event
415 * ObjectAttribute = Initialized attributes for the object
421 OUT PHANDLE EventPairHandle
,
422 IN ACCESS_MASK DesiredAccess
,
423 IN POBJECT_ATTRIBUTES ObjectAttributes
429 OUT PHANDLE EventPairHandle
,
430 IN ACCESS_MASK DesiredAccess
,
431 IN POBJECT_ATTRIBUTES ObjectAttributes
436 * FUNCTION: Creates or opens a file, directory or device object.
438 * FileHandle (OUT) = Caller supplied storage for the resulting handle
439 * DesiredAccess = Specifies the allowed or desired access to the file can
440 * be a combination of DELETE | FILE_READ_DATA ..
441 * ObjectAttribute = Initialized attributes for the object, contains the rootdirectory and the filename
442 * IoStatusBlock (OUT) = Caller supplied storage for the resulting status information, indicating if the
443 * the file is created and opened or allready existed and is just opened.
444 * FileAttributes = file attributes can be a combination of FILE_ATTRIBUTE_READONLY | FILE_ATTRIBUTE_HIDDEN ...
445 * ShareAccess = can be a combination of the following: FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE
446 * CreateDisposition = specifies what the behavior of the system if the file allready exists.
447 * CreateOptions = specifies the behavior of the system on file creation.
448 * EaBuffer (OPTIONAL) = Extended Attributes buffer, applies only to files and directories.
449 * EaLength = Extended Attributes buffer size, applies only to files and directories.
450 * REMARKS: This function maps to the win32 CreateFile.
457 OUT PHANDLE FileHandle
,
458 IN ACCESS_MASK DesiredAccess
,
459 IN POBJECT_ATTRIBUTES ObjectAttributes
,
460 OUT PIO_STATUS_BLOCK IoStatusBlock
,
461 IN PLARGE_INTEGER AllocationSize OPTIONAL
,
462 IN ULONG FileAttributes
,
463 IN ULONG ShareAccess
,
464 IN ULONG CreateDisposition
,
465 IN ULONG CreateOptions
,
466 IN PVOID EaBuffer OPTIONAL
,
473 OUT PHANDLE FileHandle
,
474 IN ACCESS_MASK DesiredAccess
,
475 IN POBJECT_ATTRIBUTES ObjectAttributes
,
476 OUT PIO_STATUS_BLOCK IoStatusBlock
,
477 IN PLARGE_INTEGER AllocationSize OPTIONAL
,
478 IN ULONG FileAttributes
,
479 IN ULONG ShareAccess
,
480 IN ULONG CreateDisposition
,
481 IN ULONG CreateOptions
,
482 IN PVOID EaBuffer OPTIONAL
,
487 * FUNCTION: Creates or opens a file, directory or device object.
489 * CompletionPort (OUT) = Caller supplied storage for the resulting handle
490 * DesiredAccess = Specifies the allowed or desired access to the port
492 * NumberOfConcurrentThreads =
493 * REMARKS: This function maps to the win32 CreateIoCompletionPort
500 NtCreateIoCompletion(
501 OUT PHANDLE IoCompletionHandle
,
502 IN ACCESS_MASK DesiredAccess
,
503 IN POBJECT_ATTRIBUTES ObjectAttributes
,
504 IN ULONG NumberOfConcurrentThreads
509 ZwCreateIoCompletion(
510 OUT PHANDLE IoCompletionHandle
,
511 IN ACCESS_MASK DesiredAccess
,
512 IN POBJECT_ATTRIBUTES ObjectAttributes
,
513 IN ULONG NumberOfConcurrentThreads
517 * FUNCTION: Creates a registry key
519 * KeyHandle (OUT) = Caller supplied storage for the resulting handle
520 * DesiredAccess = Specifies the allowed or desired access to the key
521 * It can have a combination of the following values:
522 * KEY_READ | KEY_WRITE | KEY_EXECUTE | KEY_ALL_ACCESS
524 * KEY_QUERY_VALUE The values of the key can be queried.
525 * KEY_SET_VALUE The values of the key can be modified.
526 * KEY_CREATE_SUB_KEYS The key may contain subkeys.
527 * KEY_ENUMERATE_SUB_KEYS Subkeys can be queried.
529 * KEY_CREATE_LINK A symbolic link to the key can be created.
530 * ObjectAttributes = The name of the key may be specified directly in the name field
531 * of object attributes or relative to a key in rootdirectory.
532 * TitleIndex = Might specify the position in the sequential order of subkeys.
533 * Class = Specifies the kind of data, for example REG_SZ for string data. [ ??? ]
534 * CreateOptions = Specifies additional options with which the key is created
535 * REG_OPTION_VOLATILE The key is not preserved across boots.
536 * REG_OPTION_NON_VOLATILE The key is preserved accross boots.
537 * REG_OPTION_CREATE_LINK The key is a symbolic link to another key.
538 * REG_OPTION_BACKUP_RESTORE Key is being opened or created for backup/restore operations.
539 * Disposition = Indicates if the call to NtCreateKey resulted in the creation of a key it
540 * can have the following values: REG_CREATED_NEW_KEY | REG_OPENED_EXISTING_KEY
546 NtCreateKey(OUT PHANDLE KeyHandle
,
547 IN ACCESS_MASK DesiredAccess
,
548 IN POBJECT_ATTRIBUTES ObjectAttributes
,
550 IN PUNICODE_STRING Class OPTIONAL
,
551 IN ULONG CreateOptions
,
552 IN PULONG Disposition OPTIONAL
);
555 ZwCreateKey(OUT PHANDLE KeyHandle
,
556 IN ACCESS_MASK DesiredAccess
,
557 IN POBJECT_ATTRIBUTES ObjectAttributes
,
559 IN PUNICODE_STRING Class OPTIONAL
,
560 IN ULONG CreateOptions
,
561 IN PULONG Disposition OPTIONAL
);
564 * FUNCTION: Creates a mail slot file
566 * MailSlotFileHandle (OUT) = Caller supplied storage for the resulting handle
567 * DesiredAccess = Specifies the allowed or desired access to the file
568 * ObjectAttributes = Contains the name of the mailslotfile.
575 * REMARKS: This funciton maps to the win32 function CreateMailSlot
582 NtCreateMailslotFile(
583 OUT PHANDLE MailSlotFileHandle
,
584 IN ACCESS_MASK DesiredAccess
,
585 IN POBJECT_ATTRIBUTES ObjectAttributes
,
586 OUT PIO_STATUS_BLOCK IoStatusBlock
,
587 IN ULONG FileAttributes
,
588 IN ULONG ShareAccess
,
589 IN ULONG MaxMessageSize
,
590 IN PLARGE_INTEGER TimeOut
595 ZwCreateMailslotFile(
596 OUT PHANDLE MailSlotFileHandle
,
597 IN ACCESS_MASK DesiredAccess
,
598 IN POBJECT_ATTRIBUTES ObjectAttributes
,
599 OUT PIO_STATUS_BLOCK IoStatusBlock
,
600 IN ULONG FileAttributes
,
601 IN ULONG ShareAccess
,
602 IN ULONG MaxMessageSize
,
603 IN PLARGE_INTEGER TimeOut
607 * FUNCTION: Creates or opens a mutex
609 * MutantHandle (OUT) = Caller supplied storage for the resulting handle
610 * DesiredAccess = Specifies the allowed or desired access to the port
611 * ObjectAttributes = Contains the name of the mutex.
612 * InitialOwner = If true the calling thread acquires ownership
614 * REMARKS: This funciton maps to the win32 function CreateMutex
621 OUT PHANDLE MutantHandle
,
622 IN ACCESS_MASK DesiredAccess
,
623 IN POBJECT_ATTRIBUTES ObjectAttributes
,
624 IN BOOLEAN InitialOwner
630 OUT PHANDLE MutantHandle
,
631 IN ACCESS_MASK DesiredAccess
,
632 IN POBJECT_ATTRIBUTES ObjectAttributes
,
633 IN BOOLEAN InitialOwner
637 * FUNCTION: Creates a process.
639 * ProcessHandle (OUT) = Caller supplied storage for the resulting handle
640 * DesiredAccess = Specifies the allowed or desired access to the process can
641 * be a combinate of STANDARD_RIGHTS_REQUIRED| ..
642 * ObjectAttribute = Initialized attributes for the object, contains the rootdirectory and the filename
643 * ParentProcess = Handle to the parent process.
644 * InheritObjectTable = Specifies to inherit the objects of the parent process if true.
645 * SectionHandle = Handle to a section object to back the image file
646 * DebugPort = Handle to a DebugPort if NULL the system default debug port will be used.
647 * ExceptionPort = Handle to a exception port.
649 * This function maps to the win32 CreateProcess.
655 OUT PHANDLE ProcessHandle
,
656 IN ACCESS_MASK DesiredAccess
,
657 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
658 IN HANDLE ParentProcess
,
659 IN BOOLEAN InheritObjectTable
,
660 IN HANDLE SectionHandle OPTIONAL
,
661 IN HANDLE DebugPort OPTIONAL
,
662 IN HANDLE ExceptionPort OPTIONAL
668 OUT PHANDLE ProcessHandle
,
669 IN ACCESS_MASK DesiredAccess
,
670 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
671 IN HANDLE ParentProcess
,
672 IN BOOLEAN InheritObjectTable
,
673 IN HANDLE SectionHandle OPTIONAL
,
674 IN HANDLE DebugPort OPTIONAL
,
675 IN HANDLE ExceptionPort OPTIONAL
679 * FUNCTION: Creates a section object.
681 * SectionHandle (OUT) = Caller supplied storage for the resulting handle
682 * DesiredAccess = Specifies the desired access to the section can be a combination of STANDARD_RIGHTS_REQUIRED | SECTION_QUERY | SECTION_MAP_WRITE |
683 * SECTION_MAP_READ | SECTION_MAP_EXECUTE.
684 * ObjectAttribute = Initialized attributes for the object can be used to create a named section
685 * MaxiumSize = Maximizes the size of the memory section. Must be non-NULL for a page-file backed section.
686 * If value specified for a mapped file and the file is not large enough, file will be extended.
687 * SectionPageProtection = Can be a combination of PAGE_READONLY | PAGE_READWRITE | PAGE_WRITEONLY | PAGE_WRITECOPY.
688 * AllocationAttributes = can be a combination of SEC_IMAGE | SEC_RESERVE
689 * FileHanlde = Handle to a file to create a section mapped to a file instead of a memory backed section.
696 OUT PHANDLE SectionHandle
,
697 IN ACCESS_MASK DesiredAccess
,
698 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
699 IN PLARGE_INTEGER MaximumSize OPTIONAL
,
700 IN ULONG SectionPageProtection OPTIONAL
,
701 IN ULONG AllocationAttributes
,
702 IN HANDLE FileHandle OPTIONAL
708 OUT PHANDLE SectionHandle
,
709 IN ACCESS_MASK DesiredAccess
,
710 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
711 IN PLARGE_INTEGER MaximumSize OPTIONAL
,
712 IN ULONG SectionPageProtection OPTIONAL
,
713 IN ULONG AllocationAttributes
,
714 IN HANDLE FileHandle OPTIONAL
718 * FUNCTION: Creates a semaphore object for interprocess synchronization.
720 * SemaphoreHandle (OUT) = Caller supplied storage for the resulting handle
721 * DesiredAccess = Specifies the allowed or desired access to the semaphore.
722 * ObjectAttribute = Initialized attributes for the object.
723 * InitialCount = Not necessary zero, might be smaller than zero.
724 * MaximumCount = Maxiumum count the semaphore can reach.
727 * The semaphore is set to signaled when its count is greater than zero, and non-signaled when its count is zero.
730 //FIXME: should a semaphore's initial count allowed to be smaller than zero ??
734 OUT PHANDLE SemaphoreHandle
,
735 IN ACCESS_MASK DesiredAccess
,
736 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
737 IN LONG InitialCount
,
744 OUT PHANDLE SemaphoreHandle
,
745 IN ACCESS_MASK DesiredAccess
,
746 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
747 IN LONG InitialCount
,
752 * FUNCTION: Creates a symbolic link object
754 * SymbolicLinkHandle (OUT) = Caller supplied storage for the resulting handle
755 * DesiredAccess = Specifies the allowed or desired access to the thread.
756 * ObjectAttributes = Initialized attributes for the object.
757 * Name = Target name of the symbolic link
762 NtCreateSymbolicLinkObject(
763 OUT PHANDLE SymbolicLinkHandle
,
764 IN ACCESS_MASK DesiredAccess
,
765 IN POBJECT_ATTRIBUTES ObjectAttributes
,
766 IN PUNICODE_STRING Name
771 ZwCreateSymbolicLinkObject(
772 OUT PHANDLE SymbolicLinkHandle
,
773 IN ACCESS_MASK DesiredAccess
,
774 IN POBJECT_ATTRIBUTES ObjectAttributes
,
775 IN PUNICODE_STRING Name
779 * FUNCTION: Creates a waitable timer.
781 * TimerHandle (OUT) = Caller supplied storage for the resulting handle
782 * DesiredAccess = Specifies the allowed or desired access to the timer.
783 * ObjectAttributes = Initialized attributes for the object.
784 * TimerType = Specifies if the timer should be reset manually.
786 * This function maps to the win32 CreateWaitableTimer. lpTimerAttributes and lpTimerName map to
787 * corresponding fields in OBJECT_ATTRIBUTES structure.
793 OUT PHANDLE TimerHandle
,
794 IN ACCESS_MASK DesiredAccess
,
795 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
796 IN TIMER_TYPE TimerType
802 OUT PHANDLE TimerHandle
,
803 IN ACCESS_MASK DesiredAccess
,
804 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
805 IN TIMER_TYPE TimerType
809 * FUNCTION: Creates a token.
811 * TokenHandle (OUT) = Caller supplied storage for the resulting handle
812 * DesiredAccess = Specifies the allowed or desired access to the process can
813 * be a combinate of STANDARD_RIGHTS_REQUIRED| ..
814 * ObjectAttribute = Initialized attributes for the object, contains the rootdirectory and the filename
822 * TokenPrimaryGroup =
826 * This function does not map to a win32 function
833 OUT PHANDLE TokenHandle
,
834 IN ACCESS_MASK DesiredAccess
,
835 IN POBJECT_ATTRIBUTES ObjectAttributes
,
836 IN TOKEN_TYPE TokenType
,
837 IN PLUID AuthenticationId
,
838 IN PLARGE_INTEGER ExpirationTime
,
839 IN PTOKEN_USER TokenUser
,
840 IN PTOKEN_GROUPS TokenGroups
,
841 IN PTOKEN_PRIVILEGES TokenPrivileges
,
842 IN PTOKEN_OWNER TokenOwner
,
843 IN PTOKEN_PRIMARY_GROUP TokenPrimaryGroup
,
844 IN PTOKEN_DEFAULT_DACL TokenDefaultDacl
,
845 IN PTOKEN_SOURCE TokenSource
851 OUT PHANDLE TokenHandle
,
852 IN ACCESS_MASK DesiredAccess
,
853 IN POBJECT_ATTRIBUTES ObjectAttributes
,
854 IN TOKEN_TYPE TokenType
,
855 IN PLUID AuthenticationId
,
856 IN PLARGE_INTEGER ExpirationTime
,
857 IN PTOKEN_USER TokenUser
,
858 IN PTOKEN_GROUPS TokenGroups
,
859 IN PTOKEN_PRIVILEGES TokenPrivileges
,
860 IN PTOKEN_OWNER TokenOwner
,
861 IN PTOKEN_PRIMARY_GROUP TokenPrimaryGroup
,
862 IN PTOKEN_DEFAULT_DACL TokenDefaultDacl
,
863 IN PTOKEN_SOURCE TokenSource
867 * FUNCTION: Returns the callers thread TEB.
868 * RETURNS: The resulting teb.
878 * FUNCTION: Deletes an atom from the global atom table
880 * Atom = Identifies the atom to delete
882 * The function maps to the win32 GlobalDeleteAtom
898 * FUNCTION: Deletes a file or a directory
900 * ObjectAttributes = Name of the file which should be deleted
902 * This system call is functionally equivalent to NtSetInformationFile
903 * setting the disposition information.
904 * The function maps to the win32 DeleteFile.
910 IN POBJECT_ATTRIBUTES ObjectAttributes
916 IN POBJECT_ATTRIBUTES ObjectAttributes
920 * FUNCTION: Deletes a registry key
922 * KeyHandle = Handle of the key
937 * FUNCTION: Generates a audit message when an object is deleted
939 * SubsystemName = Spefies the name of the subsystem can be 'WIN32' or 'DEBUG'
940 * HandleId= Handle to an audit object
941 * GenerateOnClose = Value returned by NtAccessCheckAndAuditAlarm
942 * REMARKS: This function maps to the win32 ObjectCloseAuditAlarm
948 NtDeleteObjectAuditAlarm (
949 IN PUNICODE_STRING SubsystemName
,
951 IN BOOLEAN GenerateOnClose
956 ZwDeleteObjectAuditAlarm (
957 IN PUNICODE_STRING SubsystemName
,
959 IN BOOLEAN GenerateOnClose
964 * FUNCTION: Deletes a value from a registry key
966 * KeyHandle = Handle of the key
967 * ValueName = Name of the value to delete
975 IN PUNICODE_STRING ValueName
982 IN PUNICODE_STRING ValueName
985 * FUNCTION: Sends IOCTL to the io sub system
987 * DeviceHandle = Points to the handle that is created by NtCreateFile
988 * Event = Event to synchronize on STATUS_PENDING
989 * ApcRoutine = Asynchroneous procedure callback
990 * ApcContext = Callback context.
991 * IoStatusBlock = Caller should supply storage for extra information..
992 * IoControlCode = Contains the IO Control command. This is an
993 * index to the structures in InputBuffer and OutputBuffer.
994 * InputBuffer = Caller should supply storage for input buffer if IOTL expects one.
995 * InputBufferSize = Size of the input bufffer
996 * OutputBuffer = Caller should supply storage for output buffer if IOTL expects one.
997 * OutputBufferSize = Size of the input bufffer
1003 NtDeviceIoControlFile(
1004 IN HANDLE DeviceHandle
,
1005 IN HANDLE Event OPTIONAL
,
1006 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL
,
1007 IN PVOID UserApcContext OPTIONAL
,
1008 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1009 IN ULONG IoControlCode
,
1010 IN PVOID InputBuffer
,
1011 IN ULONG InputBufferSize
,
1012 OUT PVOID OutputBuffer
,
1013 IN ULONG OutputBufferSize
1018 ZwDeviceIoControlFile(
1019 IN HANDLE DeviceHandle
,
1020 IN HANDLE Event OPTIONAL
,
1021 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL
,
1022 IN PVOID UserApcContext OPTIONAL
,
1023 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1024 IN ULONG IoControlCode
,
1025 IN PVOID InputBuffer
,
1026 IN ULONG InputBufferSize
,
1027 OUT PVOID OutputBuffer
,
1028 IN ULONG OutputBufferSize
1031 * FUNCTION: Displays a string on the blue screen
1033 * DisplayString = The string to display
1040 IN PUNICODE_STRING DisplayString
1046 IN PUNICODE_STRING DisplayString
1050 * FUNCTION: Returns information about the subkeys of an open key
1052 * KeyHandle = Handle of the key whose subkeys are to enumerated
1053 * Index = zero based index of the subkey for which information is
1055 * KeyInformationClass = Type of information returned
1056 * KeyInformation (OUT) = Caller allocated buffer for the information
1058 * Length = Length in bytes of the KeyInformation buffer
1059 * ResultLength (OUT) = Caller allocated storage which holds
1060 * the number of bytes of information retrieved
1067 IN HANDLE KeyHandle
,
1069 IN KEY_INFORMATION_CLASS KeyInformationClass
,
1070 OUT PVOID KeyInformation
,
1072 OUT PULONG ResultLength
1078 IN HANDLE KeyHandle
,
1080 IN KEY_INFORMATION_CLASS KeyInformationClass
,
1081 OUT PVOID KeyInformation
,
1083 OUT PULONG ResultLength
1086 * FUNCTION: Returns information about the value entries of an open key
1088 * KeyHandle = Handle of the key whose value entries are to enumerated
1089 * Index = zero based index of the subkey for which information is
1091 * KeyInformationClass = Type of information returned
1092 * KeyInformation (OUT) = Caller allocated buffer for the information
1094 * Length = Length in bytes of the KeyInformation buffer
1095 * ResultLength (OUT) = Caller allocated storage which holds
1096 * the number of bytes of information retrieved
1102 NtEnumerateValueKey(
1103 IN HANDLE KeyHandle
,
1105 IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass
,
1106 OUT PVOID KeyValueInformation
,
1108 OUT PULONG ResultLength
1113 ZwEnumerateValueKey(
1114 IN HANDLE KeyHandle
,
1116 IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass
,
1117 OUT PVOID KeyValueInformation
,
1119 OUT PULONG ResultLength
1123 * FUNCTION: Flushes chached file data to disk
1125 * FileHandle = Points to the file
1126 * IoStatusBlock = Caller must supply storage to receive the result of the flush
1127 * buffers operation. The information field is set to number of bytes
1131 * This funciton maps to the win32 FlushFileBuffers
1136 IN HANDLE FileHandle
,
1137 OUT PIO_STATUS_BLOCK IoStatusBlock
1143 IN HANDLE FileHandle
,
1144 OUT PIO_STATUS_BLOCK IoStatusBlock
1148 * FUNCTION: Flushes a registry key to disk
1150 * KeyHandle = Points to the registry key handle
1153 * This funciton maps to the win32 RegFlushKey.
1168 * FUNCTION: Flushes the dirty pages to file
1170 * FIXME: Not sure this does (how is the file specified)
1172 NTSTATUS STDCALL
NtFlushWriteBuffer(VOID
);
1173 NTSTATUS STDCALL
ZwFlushWriteBuffer(VOID
);
1176 * FUNCTION: Frees a range of virtual memory
1178 * ProcessHandle = Points to the process that allocated the virtual
1180 * BaseAddress = Points to the memory address, rounded down to a
1181 * multiple of the pagesize
1182 * RegionSize = Limits the range to free, rounded up to a multiple of
1184 * FreeType = Can be one of the values: MEM_DECOMMIT, or MEM_RELEASE
1187 NTSTATUS STDCALL
NtFreeVirtualMemory(IN HANDLE ProcessHandle
,
1188 IN PVOID
*BaseAddress
,
1189 IN PULONG RegionSize
,
1191 NTSTATUS STDCALL
ZwFreeVirtualMemory(IN HANDLE ProcessHandle
,
1192 IN PVOID
*BaseAddress
,
1193 IN PULONG RegionSize
,
1197 * FUNCTION: Sends FSCTL to the filesystem
1199 * DeviceHandle = Points to the handle that is created by NtCreateFile
1200 * Event = Event to synchronize on STATUS_PENDING
1203 * IoStatusBlock = Caller should supply storage for
1204 * IoControlCode = Contains the File System Control command. This is an
1205 * index to the structures in InputBuffer and OutputBuffer.
1206 * FSCTL_GET_RETRIEVAL_POINTERS MAPPING_PAIR
1207 * FSCTL_GET_RETRIEVAL_POINTERS GET_RETRIEVAL_DESCRIPTOR
1208 * FSCTL_GET_VOLUME_BITMAP BITMAP_DESCRIPTOR
1209 * FSCTL_MOVE_FILE MOVEFILE_DESCRIPTOR
1211 * InputBuffer = Caller should supply storage for input buffer if FCTL expects one.
1212 * InputBufferSize = Size of the input bufffer
1213 * OutputBuffer = Caller should supply storage for output buffer if FCTL expects one.
1214 * OutputBufferSize = Size of the input bufffer
1215 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES |
1216 * STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST ]
1221 IN HANDLE DeviceHandle
,
1222 IN HANDLE Event OPTIONAL
,
1223 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
1224 IN PVOID ApcContext OPTIONAL
,
1225 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1226 IN ULONG IoControlCode
,
1227 IN PVOID InputBuffer
,
1228 IN ULONG InputBufferSize
,
1229 OUT PVOID OutputBuffer
,
1230 IN ULONG OutputBufferSize
1236 IN HANDLE DeviceHandle
,
1237 IN HANDLE Event OPTIONAL
,
1238 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
1239 IN PVOID ApcContext OPTIONAL
,
1240 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1241 IN ULONG IoControlCode
,
1242 IN PVOID InputBuffer
,
1243 IN ULONG InputBufferSize
,
1244 OUT PVOID OutputBuffer
,
1245 IN ULONG OutputBufferSize
1249 * FUNCTION: Retrieves the processor context of a thread
1251 * ThreadHandle = Handle to a thread
1252 * Context (OUT) = Caller allocated storage for the processor context
1259 IN HANDLE ThreadHandle
,
1260 OUT PCONTEXT Context
1266 IN HANDLE ThreadHandle
,
1267 OUT PCONTEXT Context
1271 * FUNCTION: Sets a thread to impersonate another
1273 * ThreadHandle = Server thread that will impersonate a client.
1274 ThreadToImpersonate = Client thread that will be impersonated
1275 SecurityQualityOfService = Specifies the impersonation level.
1281 NtImpersonateThread(
1282 IN HANDLE ThreadHandle
,
1283 IN HANDLE ThreadToImpersonate
,
1284 IN PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService
1289 ZwImpersonateThread(
1290 IN HANDLE ThreadHandle
,
1291 IN HANDLE ThreadToImpersonate
,
1292 IN PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService
1296 * FUNCTION: Initializes the registry.
1298 * SetUpBoot = This parameter is true for a setup boot.
1303 NtInitializeRegistry(
1308 ZwInitializeRegistry(
1313 * FUNCTION: Loads a driver.
1315 * DriverServiceName = Name of the driver to load
1321 IN PUNICODE_STRING DriverServiceName
1327 IN PUNICODE_STRING DriverServiceName
1331 * FUNCTION: Locks a range of bytes in a file.
1333 * FileHandle = Handle to the file
1334 * Event = Should be null if apc is specified.
1335 * ApcRoutine = Asynchroneous Procedure Callback
1336 * ApcContext = Argument to the callback
1337 * IoStatusBlock (OUT) = Caller should supply storage for a structure containing
1338 * the completion status and information about the requested lock operation.
1339 * ByteOffset = Offset
1340 * Length = Number of bytes to lock.
1341 * Key = Special value to give other threads the possibility to unlock the file
1342 by supplying the key in a call to NtUnlockFile.
1343 * FailImmediatedly = If false the request will block untill the lock is obtained.
1344 * ExclusiveLock = Specifies whether a exclusive or a shared lock is obtained.
1346 This procedure maps to the win32 procedure LockFileEx. STATUS_PENDING is returned if the lock could
1347 not be obtained immediately, the device queue is busy and the IRP is queued.
1348 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES |
1349 STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_LOCK_NOT_GRANTED ]
1355 IN HANDLE FileHandle
,
1356 IN HANDLE Event OPTIONAL
,
1357 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
1358 IN PVOID ApcContext OPTIONAL
,
1359 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1360 IN PLARGE_INTEGER ByteOffset
,
1361 IN PLARGE_INTEGER Length
,
1363 IN BOOLEAN FailImmediatedly
,
1364 IN BOOLEAN ExclusiveLock
1370 IN HANDLE FileHandle
,
1371 IN HANDLE Event OPTIONAL
,
1372 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
1373 IN PVOID ApcContext OPTIONAL
,
1374 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1375 IN PLARGE_INTEGER ByteOffset
,
1376 IN PLARGE_INTEGER Length
,
1378 IN BOOLEAN FailImmediatedly
,
1379 IN BOOLEAN ExclusiveLock
1383 * FUNCTION: Makes temporary object that will be removed at next boot.
1385 * Handle = Handle to object
1391 NtMakeTemporaryObject(
1397 ZwMakeTemporaryObject(
1401 * FUNCTION: Maps a view of a section into the virtual address space of a
1404 * SectionHandle = Handle of the section
1405 * ProcessHandle = Handle of the process
1406 * BaseAddress = Desired base address (or NULL) on entry
1407 * Actual base address of the view on exit
1408 * ZeroBits = Number of high order address bits that must be zero
1409 * CommitSize = Size in bytes of the initially committed section of
1411 * SectionOffset = Offset in bytes from the beginning of the section
1412 * to the beginning of the view
1413 * ViewSize = Desired length of map (or zero to map all) on entry
1414 * Actual length mapped on exit
1415 * InheritDisposition = Specified how the view is to be shared with
1417 * AllocateType = Type of allocation for the pages
1418 * Protect = Protection for the committed region of the view
1424 IN HANDLE SectionHandle
,
1425 IN HANDLE ProcessHandle
,
1426 IN OUT PVOID
*BaseAddress
,
1428 IN ULONG CommitSize
,
1429 IN OUT PLARGE_INTEGER SectionOffset OPTIONAL
,
1430 IN OUT PULONG ViewSize
,
1431 IN SECTION_INHERIT InheritDisposition
,
1432 IN ULONG AllocationType
,
1433 IN ULONG AccessProtection
1439 IN HANDLE SectionHandle
,
1440 IN HANDLE ProcessHandle
,
1441 IN OUT PVOID
*BaseAddress
,
1443 IN ULONG CommitSize
,
1444 IN OUT PLARGE_INTEGER SectionOffset OPTIONAL
,
1445 IN OUT PULONG ViewSize
,
1446 IN SECTION_INHERIT InheritDisposition
,
1447 IN ULONG AllocationType
,
1448 IN ULONG AccessProtection
1452 * FUNCTION: Installs a notify for the change of a directory's contents
1454 * FileHandle = Handle to the directory
1456 * ApcRoutine = Start address
1457 * ApcContext = Delimits the range of virtual memory
1458 * for which the new access protection holds
1459 * IoStatusBlock = The new access proctection for the pages
1460 * Buffer = Caller supplies storage for resulting information --> FILE_NOTIFY_INFORMATION
1461 * BufferSize = Size of the buffer
1462 CompletionFilter = Can be one of the following values:
1463 FILE_NOTIFY_CHANGE_FILE_NAME
1464 FILE_NOTIFY_CHANGE_DIR_NAME
1465 FILE_NOTIFY_CHANGE_NAME ( FILE_NOTIFY_CHANGE_FILE_NAME | FILE_NOTIFY_CHANGE_DIR_NAME )
1466 FILE_NOTIFY_CHANGE_ATTRIBUTES
1467 FILE_NOTIFY_CHANGE_SIZE
1468 FILE_NOTIFY_CHANGE_LAST_WRITE
1469 FILE_NOTIFY_CHANGE_LAST_ACCESS
1470 FILE_NOTIFY_CHANGE_CREATION ( change of creation timestamp )
1471 FILE_NOTIFY_CHANGE_EA
1472 FILE_NOTIFY_CHANGE_SECURITY
1473 FILE_NOTIFY_CHANGE_STREAM_NAME
1474 FILE_NOTIFY_CHANGE_STREAM_SIZE
1475 FILE_NOTIFY_CHANGE_STREAM_WRITE
1476 WatchTree = If true the notify will be installed recursively on the targetdirectory and all subdirectories.
1479 * The function maps to the win32 FindFirstChangeNotification, FindNextChangeNotification
1484 NtNotifyChangeDirectoryFile(
1485 IN HANDLE FileHandle
,
1486 IN HANDLE Event OPTIONAL
,
1487 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
1488 IN PVOID ApcContext OPTIONAL
,
1489 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1491 IN ULONG BufferSize
,
1492 IN ULONG CompletionFilter
,
1493 IN BOOLEAN WatchTree
1498 ZwNotifyChangeDirectoryFile(
1499 IN HANDLE FileHandle
,
1500 IN HANDLE Event OPTIONAL
,
1501 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
1502 IN PVOID ApcContext OPTIONAL
,
1503 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1505 IN ULONG BufferSize
,
1506 IN ULONG CompletionFilter
,
1507 IN BOOLEAN WatchTree
1511 * FUNCTION: Installs a notfication callback on registry changes
1513 KeyHandle = Handle to the registry key
1514 Event = Event that should be signalled on modification of the key
1515 ApcRoutine = Routine that should be called on modification of the key
1516 ApcContext = Argument to the ApcRoutine
1518 CompletionFilter = Specifies the kind of notification the caller likes to receive.
1519 Can be a combination of the following values:
1521 REG_NOTIFY_CHANGE_NAME
1522 REG_NOTIFY_CHANGE_ATTRIBUTES
1523 REG_NOTIFY_CHANGE_LAST_SET
1524 REG_NOTIFY_CHANGE_SECURITY
1527 Asynchroneous = If TRUE the changes are reported by signalling an event if false
1528 the function will not return before a change occurs.
1529 ChangeBuffer = Will return the old value
1530 Length = Size of the change buffer
1531 WatchSubtree = Indicates if the caller likes to receive a notification of changes in
1533 * REMARKS: If the key is closed the event is signalled aswell.
1540 IN HANDLE KeyHandle
,
1542 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
1543 IN PVOID ApcContext OPTIONAL
,
1544 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1545 IN ULONG CompletionFilter
,
1546 IN BOOLEAN Asynchroneous
,
1547 OUT PVOID ChangeBuffer
,
1549 IN BOOLEAN WatchSubtree
1555 IN HANDLE KeyHandle
,
1557 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
1558 IN PVOID ApcContext OPTIONAL
,
1559 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1560 IN ULONG CompletionFilter
,
1561 IN BOOLEAN Asynchroneous
,
1562 OUT PVOID ChangeBuffer
,
1564 IN BOOLEAN WatchSubtree
1568 * FUNCTION: Opens an existing directory object
1570 * FileHandle (OUT) = Caller supplied storage for the resulting handle
1571 * DesiredAccess = Requested access to the directory
1572 * ObjectAttributes = Initialized attributes for the object
1578 NtOpenDirectoryObject(
1579 OUT PHANDLE FileHandle
,
1580 IN ACCESS_MASK DesiredAccess
,
1581 IN POBJECT_ATTRIBUTES ObjectAttributes
1585 ZwOpenDirectoryObject(
1586 OUT PHANDLE FileHandle
,
1587 IN ACCESS_MASK DesiredAccess
,
1588 IN POBJECT_ATTRIBUTES ObjectAttributes
1592 * FUNCTION: Opens an existing event
1594 * EventHandle (OUT) = Caller supplied storage for the resulting handle
1595 * DesiredAccess = Requested access to the event
1596 * ObjectAttributes = Initialized attributes for the object
1602 OUT PHANDLE EventHandle
,
1603 IN ACCESS_MASK DesiredAccess
,
1604 IN POBJECT_ATTRIBUTES ObjectAttributes
1610 OUT PHANDLE EventHandle
,
1611 IN ACCESS_MASK DesiredAccess
,
1612 IN POBJECT_ATTRIBUTES ObjectAttributes
1616 * FUNCTION: Opens an existing event pair
1618 * EventHandle (OUT) = Caller supplied storage for the resulting handle
1619 * DesiredAccess = Requested access to the event
1620 * ObjectAttributes = Initialized attributes for the object
1627 OUT PHANDLE EventPairHandle
,
1628 IN ACCESS_MASK DesiredAccess
,
1629 IN POBJECT_ATTRIBUTES ObjectAttributes
1635 OUT PHANDLE EventPairHandle
,
1636 IN ACCESS_MASK DesiredAccess
,
1637 IN POBJECT_ATTRIBUTES ObjectAttributes
1640 * FUNCTION: Opens an existing file
1642 * FileHandle (OUT) = Caller supplied storage for the resulting handle
1643 * DesiredAccess = Requested access to the file
1644 * ObjectAttributes = Initialized attributes for the object
1653 OUT PHANDLE FileHandle
,
1654 IN ACCESS_MASK DesiredAccess
,
1655 IN POBJECT_ATTRIBUTES ObjectAttributes
,
1656 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1657 IN ULONG ShareAccess
,
1658 IN ULONG OpenOptions
1664 OUT PHANDLE FileHandle
,
1665 IN ACCESS_MASK DesiredAccess
,
1666 IN POBJECT_ATTRIBUTES ObjectAttributes
,
1667 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1668 IN ULONG ShareAccess
,
1669 IN ULONG OpenOptions
1673 * FUNCTION: Opens an existing io completion object
1675 * CompletionPort (OUT) = Caller supplied storage for the resulting handle
1676 * DesiredAccess = Requested access to the io completion object
1677 * ObjectAttributes = Initialized attributes for the object
1684 OUT PHANDLE CompetionPort
,
1685 IN ACCESS_MASK DesiredAccess
,
1686 IN POBJECT_ATTRIBUTES ObjectAttributes
1692 OUT PHANDLE CompetionPort
,
1693 IN ACCESS_MASK DesiredAccess
,
1694 IN POBJECT_ATTRIBUTES ObjectAttributes
1698 * FUNCTION: Opens an existing key in the registry
1700 * KeyHandle (OUT) = Caller supplied storage for the resulting handle
1701 * DesiredAccess = Requested access to the key
1702 * ObjectAttributes = Initialized attributes for the object
1708 OUT PHANDLE KeyHandle
,
1709 IN ACCESS_MASK DesiredAccess
,
1710 IN POBJECT_ATTRIBUTES ObjectAttributes
1716 OUT PHANDLE KeyHandle
,
1717 IN ACCESS_MASK DesiredAccess
,
1718 IN POBJECT_ATTRIBUTES ObjectAttributes
1721 * FUNCTION: Opens an existing key in the registry
1723 * MutantHandle (OUT) = Caller supplied storage for the resulting handle
1724 * DesiredAccess = Requested access to the mutant
1725 * ObjectAttribute = Initialized attributes for the object
1731 OUT PHANDLE MutantHandle
,
1732 IN ACCESS_MASK DesiredAccess
,
1733 IN POBJECT_ATTRIBUTES ObjectAttributes
1738 OUT PHANDLE MutantHandle
,
1739 IN ACCESS_MASK DesiredAccess
,
1740 IN POBJECT_ATTRIBUTES ObjectAttributes
1744 * FUNCTION: Opens an existing process
1746 * ProcessHandle (OUT) = Caller supplied storage for the resulting handle
1747 * DesiredAccess = Requested access to the process
1748 * ObjectAttribute = Initialized attributes for the object
1749 * ClientId = Identifies the process id to open
1755 OUT PHANDLE ProcessHandle
,
1756 IN ACCESS_MASK DesiredAccess
,
1757 IN POBJECT_ATTRIBUTES ObjectAttributes
,
1758 IN PCLIENT_ID ClientId
1763 OUT PHANDLE ProcessHandle
,
1764 IN ACCESS_MASK DesiredAccess
,
1765 IN POBJECT_ATTRIBUTES ObjectAttributes
,
1766 IN PCLIENT_ID ClientId
1769 * FUNCTION: Opens an existing process
1771 * ProcessHandle = Handle of the process of which owns the token
1772 * DesiredAccess = Requested access to the token
1773 * TokenHandle (OUT) = Caller supplies storage for the resulting token.
1775 This function maps to the win32
1782 IN HANDLE ProcessHandle
,
1783 IN ACCESS_MASK DesiredAccess
,
1784 OUT PHANDLE TokenHandle
1790 IN HANDLE ProcessHandle
,
1791 IN ACCESS_MASK DesiredAccess
,
1792 OUT PHANDLE TokenHandle
1796 * FUNCTION: Opens an existing section object
1798 * KeyHandle (OUT) = Caller supplied storage for the resulting handle
1799 * DesiredAccess = Requested access to the key
1800 * ObjectAttribute = Initialized attributes for the object
1807 OUT PHANDLE SectionHandle
,
1808 IN ACCESS_MASK DesiredAccess
,
1809 IN POBJECT_ATTRIBUTES ObjectAttributes
1814 OUT PHANDLE SectionHandle
,
1815 IN ACCESS_MASK DesiredAccess
,
1816 IN POBJECT_ATTRIBUTES ObjectAttributes
1819 * FUNCTION: Opens an existing semaphore
1821 * SemaphoreHandle (OUT) = Caller supplied storage for the resulting handle
1822 * DesiredAccess = Requested access to the semaphore
1823 * ObjectAttribute = Initialized attributes for the object
1829 IN HANDLE SemaphoreHandle
,
1830 IN ACCESS_MASK DesiredAcces
,
1831 IN POBJECT_ATTRIBUTES ObjectAttributes
1836 IN HANDLE SemaphoreHandle
,
1837 IN ACCESS_MASK DesiredAcces
,
1838 IN POBJECT_ATTRIBUTES ObjectAttributes
1841 * FUNCTION: Opens an existing symbolic link
1843 * SymbolicLinkHandle (OUT) = Caller supplied storage for the resulting handle
1844 * DesiredAccess = Requested access to the symbolic link
1845 * ObjectAttribute = Initialized attributes for the object
1850 NtOpenSymbolicLinkObject(
1851 OUT PHANDLE SymbolicLinkHandle
,
1852 IN ACCESS_MASK DesiredAccess
,
1853 IN POBJECT_ATTRIBUTES ObjectAttributes
1857 ZwOpenSymbolicLinkObject(
1858 OUT PHANDLE SymbolicLinkHandle
,
1859 IN ACCESS_MASK DesiredAccess
,
1860 IN POBJECT_ATTRIBUTES ObjectAttributes
1863 * FUNCTION: Opens an existing thread
1865 * ThreadHandle (OUT) = Caller supplied storage for the resulting handle
1866 * DesiredAccess = Requested access to the thread
1867 * ObjectAttribute = Initialized attributes for the object
1868 * ClientId = Identifies the thread to open.
1874 OUT PHANDLE ThreadHandle
,
1875 IN ACCESS_MASK DesiredAccess
,
1876 IN POBJECT_ATTRIBUTES ObjectAttributes
,
1877 IN PCLIENT_ID ClientId
1882 OUT PHANDLE ThreadHandle
,
1883 IN ACCESS_MASK DesiredAccess
,
1884 IN POBJECT_ATTRIBUTES ObjectAttributes
,
1885 IN PCLIENT_ID ClientId
1891 IN HANDLE ThreadHandle
,
1892 IN ACCESS_MASK DesiredAccess
,
1893 IN BOOLEAN OpenAsSelf
,
1894 OUT PHANDLE TokenHandle
1900 IN HANDLE ThreadHandle
,
1901 IN ACCESS_MASK DesiredAccess
,
1902 IN BOOLEAN OpenAsSelf
,
1903 OUT PHANDLE TokenHandle
1906 * FUNCTION: Opens an existing timer
1908 * TimerHandle (OUT) = Caller supplied storage for the resulting handle
1909 * DesiredAccess = Requested access to the timer
1910 * ObjectAttribute = Initialized attributes for the object
1916 OUT PHANDLE TimerHandle
,
1917 IN ACCESS_MASK DesiredAccess
,
1918 IN POBJECT_ATTRIBUTES ObjectAttributes
1923 OUT PHANDLE TimerHandle
,
1924 IN ACCESS_MASK DesiredAccess
,
1925 IN POBJECT_ATTRIBUTES ObjectAttributes
1929 * FUNCTION: Checks an access token for specific privileges
1931 * ClientToken = Handle to a access token structure
1932 * RequiredPrivileges = Specifies the requested privileges.
1933 * Result = Caller supplies storage for the result. If PRIVILEGE_SET_ALL_NECESSARY is
1934 set in the Control member of PRIVILEGES_SET Result
1935 will only be TRUE if all privileges are present in the access token.
1942 IN HANDLE ClientToken
,
1943 IN PPRIVILEGE_SET RequiredPrivileges
,
1950 IN HANDLE ClientToken
,
1951 IN PPRIVILEGE_SET RequiredPrivileges
,
1957 NtPrivilegedServiceAuditAlarm(
1958 IN PUNICODE_STRING SubsystemName
,
1959 IN PUNICODE_STRING ServiceName
,
1960 IN HANDLE ClientToken
,
1961 IN PPRIVILEGE_SET Privileges
,
1962 IN BOOLEAN AccessGranted
1967 ZwPrivilegedServiceAuditAlarm(
1968 IN PUNICODE_STRING SubsystemName
,
1969 IN PUNICODE_STRING ServiceName
,
1970 IN HANDLE ClientToken
,
1971 IN PPRIVILEGE_SET Privileges
,
1972 IN BOOLEAN AccessGranted
1977 NtPrivilegeObjectAuditAlarm(
1978 IN PUNICODE_STRING SubsystemName
,
1980 IN HANDLE ClientToken
,
1981 IN ULONG DesiredAccess
,
1982 IN PPRIVILEGE_SET Privileges
,
1983 IN BOOLEAN AccessGranted
1988 ZwPrivilegeObjectAuditAlarm(
1989 IN PUNICODE_STRING SubsystemName
,
1991 IN HANDLE ClientToken
,
1992 IN ULONG DesiredAccess
,
1993 IN PPRIVILEGE_SET Privileges
,
1994 IN BOOLEAN AccessGranted
1998 * FUNCTION: Entry point for native applications
2000 * Peb = Pointes to the Process Environment Block (PEB)
2002 * Native applications should use this function instead of a main.
2003 * Calling proces should terminate itself.
2013 * FUNCTION: Signals an event and resets it afterwards.
2015 * EventHandle = Handle to the event
2016 * PulseCount = Number of times the action is repeated
2022 IN HANDLE EventHandle
,
2023 IN PULONG PulseCount OPTIONAL
2029 IN HANDLE EventHandle
,
2030 IN PULONG PulseCount OPTIONAL
2034 * FUNCTION: Queries the attributes of a file
2036 * ObjectAttributes = Initialized attributes for the object
2037 * Buffer = Caller supplies storage for the attributes
2042 NtQueryAttributesFile(IN POBJECT_ATTRIBUTES ObjectAttributes
,
2043 OUT PFILE_BASIC_INFORMATION FileInformation
);
2046 ZwQueryAttributesFile(IN POBJECT_ATTRIBUTES ObjectAttributes
,
2047 OUT PFILE_BASIC_INFORMATION FileInformation
);
2050 * FUNCTION: Queries the default locale id
2052 * UserProfile = Type of locale id
2053 * TRUE: thread locale id
2054 * FALSE: system locale id
2055 * DefaultLocaleId = Caller supplies storage for the locale id
2061 NtQueryDefaultLocale(
2062 IN BOOLEAN UserProfile
,
2063 OUT PLCID DefaultLocaleId
2068 ZwQueryDefaultLocale(
2069 IN BOOLEAN UserProfile
,
2070 OUT PLCID DefaultLocaleId
2074 * FUNCTION: Queries a directory file.
2076 * FileHandle = Handle to a directory file
2077 * EventHandle = Handle to the event signaled on completion
2078 * ApcRoutine = Asynchroneous procedure callback, called on completion
2079 * ApcContext = Argument to the apc.
2080 * IoStatusBlock = Caller supplies storage for extended status information.
2081 * FileInformation = Caller supplies storage for the resulting information.
2083 * FileNameInformation FILE_NAMES_INFORMATION
2084 * FileDirectoryInformation FILE_DIRECTORY_INFORMATION
2085 * FileFullDirectoryInformation FILE_FULL_DIRECTORY_INFORMATION
2086 * FileBothDirectoryInformation FILE_BOTH_DIR_INFORMATION
2088 * Length = Size of the storage supplied
2089 * FileInformationClass = Indicates the type of information requested.
2090 * ReturnSingleEntry = Specify true if caller only requests the first directory found.
2091 * FileName = Initial directory name to query, that may contain wild cards.
2092 * RestartScan = Number of times the action should be repeated
2093 * RETURNS: Status [ STATUS_SUCCESS, STATUS_ACCESS_DENIED, STATUS_INSUFFICIENT_RESOURCES,
2094 * STATUS_INVALID_PARAMETER, STATUS_INVALID_DEVICE_REQUEST, STATUS_BUFFER_OVERFLOW,
2095 * STATUS_INVALID_INFO_CLASS, STATUS_NO_SUCH_FILE, STATUS_NO_MORE_FILES ]
2100 NtQueryDirectoryFile(
2101 IN HANDLE FileHandle
,
2102 IN HANDLE Event OPTIONAL
,
2103 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
2104 IN PVOID ApcContext OPTIONAL
,
2105 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2106 OUT PVOID FileInformation
,
2108 IN FILE_INFORMATION_CLASS FileInformationClass
,
2109 IN BOOLEAN ReturnSingleEntry
,
2110 IN PUNICODE_STRING FileName OPTIONAL
,
2111 IN BOOLEAN RestartScan
2116 ZwQueryDirectoryFile(
2117 IN HANDLE FileHandle
,
2118 IN HANDLE Event OPTIONAL
,
2119 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
2120 IN PVOID ApcContext OPTIONAL
,
2121 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2122 OUT PVOID FileInformation
,
2124 IN FILE_INFORMATION_CLASS FileInformationClass
,
2125 IN BOOLEAN ReturnSingleEntry
,
2126 IN PUNICODE_STRING FileName OPTIONAL
,
2127 IN BOOLEAN RestartScan
2131 * FUNCTION: Queries the extended attributes of a file
2133 * FileHandle = Handle to the event
2134 * IoStatusBlock = Number of times the action is repeated
2148 IN HANDLE FileHandle
,
2149 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2152 IN BOOLEAN ReturnSingleEntry
,
2153 IN PVOID EaList OPTIONAL
,
2154 IN ULONG EaListLength
,
2155 IN PULONG EaIndex OPTIONAL
,
2156 IN BOOLEAN RestartScan
2162 IN HANDLE FileHandle
,
2163 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2166 IN BOOLEAN ReturnSingleEntry
,
2167 IN PVOID EaList OPTIONAL
,
2168 IN ULONG EaListLength
,
2169 IN PULONG EaIndex OPTIONAL
,
2170 IN BOOLEAN RestartScan
2174 * FUNCTION: Queries an event
2176 * EventHandle = Handle to the event
2177 * EventInformationClass = Index of the information structure
2179 EventBasicInformation EVENT_BASIC_INFORMATION
2181 * EventInformation = Caller supplies storage for the information structure
2182 * EventInformationLength = Size of the information structure
2183 * ReturnLength = Data written
2189 IN HANDLE EventHandle
,
2190 IN EVENT_INFORMATION_CLASS EventInformationClass
,
2191 OUT PVOID EventInformation
,
2192 IN ULONG EventInformationLength
,
2193 OUT PULONG ReturnLength
2198 IN HANDLE EventHandle
,
2199 IN EVENT_INFORMATION_CLASS EventInformationClass
,
2200 OUT PVOID EventInformation
,
2201 IN ULONG EventInformationLength
,
2202 OUT PULONG ReturnLength
2206 NtQueryFullAttributesFile(IN POBJECT_ATTRIBUTES ObjectAttributes
,
2207 OUT PFILE_NETWORK_OPEN_INFORMATION FileInformation
);
2210 ZwQueryFullAttributesFile(IN POBJECT_ATTRIBUTES ObjectAttributes
,
2211 OUT PFILE_NETWORK_OPEN_INFORMATION FileInformation
);
2214 * FUNCTION: Queries the information of a file object.
2216 * FileHandle = Handle to the file object
2217 * IoStatusBlock = Caller supplies storage for extended information
2218 * on the current operation.
2219 * FileInformation = Storage for the new file information
2220 * Lenght = Size of the storage for the file information.
2221 * FileInformationClass = Indicates which file information is queried
2223 FileDirectoryInformation FILE_DIRECTORY_INFORMATION
2224 FileFullDirectoryInformation FILE_FULL_DIRECTORY_INFORMATION
2225 FileBothDirectoryInformation FILE_BOTH_DIRECTORY_INFORMATION
2226 FileBasicInformation FILE_BASIC_INFORMATION
2227 FileStandardInformation FILE_STANDARD_INFORMATION
2228 FileInternalInformation FILE_INTERNAL_INFORMATION
2229 FileEaInformation FILE_EA_INFORMATION
2230 FileAccessInformation FILE_ACCESS_INFORMATION
2231 FileNameInformation FILE_NAME_INFORMATION
2232 FileRenameInformation FILE_RENAME_INFORMATION
2234 FileNamesInformation FILE_NAMES_INFORMATION
2235 FileDispositionInformation FILE_DISPOSITION_INFORMATION
2236 FilePositionInformation FILE_POSITION_INFORMATION
2237 FileFullEaInformation FILE_FULL_EA_INFORMATION
2238 FileModeInformation FILE_MODE_INFORMATION
2239 FileAlignmentInformation FILE_ALIGNMENT_INFORMATION
2240 FileAllInformation FILE_ALL_INFORMATION
2242 FileEndOfFileInformation FILE_END_OF_FILE_INFORMATION
2243 FileAlternateNameInformation
2244 FileStreamInformation FILE_STREAM_INFORMATION
2246 FilePipeLocalInformation
2247 FilePipeRemoteInformation
2248 FileMailslotQueryInformation
2249 FileMailslotSetInformation
2250 FileCompressionInformation FILE_COMPRESSION_INFORMATION
2251 FileCopyOnWriteInformation
2252 FileCompletionInformation IO_COMPLETION_CONTEXT
2253 FileMoveClusterInformation
2254 FileOleClassIdInformation
2255 FileOleStateBitsInformation
2256 FileNetworkOpenInformation FILE_NETWORK_OPEN_INFORMATION
2257 FileObjectIdInformation
2258 FileOleAllInformation
2259 FileOleDirectoryInformation
2260 FileContentIndexInformation
2261 FileInheritContentIndexInformation
2263 FileMaximumInformation
2266 * This procedure maps to the win32 GetShortPathName, GetLongPathName,
2267 GetFullPathName, GetFileType, GetFileSize, GetFileTime functions.
2272 NtQueryInformationFile(
2273 IN HANDLE FileHandle
,
2274 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2275 OUT PVOID FileInformation
,
2277 IN FILE_INFORMATION_CLASS FileInformationClass
2282 ZwQueryInformationFile(
2284 PIO_STATUS_BLOCK IoStatusBlock
,
2285 PVOID FileInformation
,
2287 FILE_INFORMATION_CLASS FileInformationClass
2292 * FUNCTION: Queries the information of a thread object.
2294 * ThreadHandle = Handle to the thread object
2295 * ThreadInformationClass = Index to a certain information structure
2297 ThreadBasicInformation THREAD_BASIC_INFORMATION
2298 ThreadTimes KERNEL_USER_TIMES
2299 ThreadPriority KPRIORITY
2300 ThreadBasePriority KPRIORITY
2301 ThreadAffinityMask KAFFINITY
2302 ThreadImpersonationToken
2303 ThreadDescriptorTableEntry
2304 ThreadEnableAlignmentFaultFixup
2306 ThreadQuerySetWin32StartAddress
2308 ThreadPerformanceCount
2309 ThreadAmILastThread BOOLEAN
2310 ThreadIdealProcessor ULONG
2311 ThreadPriorityBoost ULONG
2315 * ThreadInformation = Caller supplies torage for the thread information
2316 * ThreadInformationLength = Size of the thread information structure
2317 * ReturnLength = Actual number of bytes written
2320 * This procedure maps to the win32 GetThreadTimes, GetThreadPriority,
2321 GetThreadPriorityBoost functions.
2328 NtQueryInformationThread(
2329 IN HANDLE ThreadHandle
,
2330 IN THREADINFOCLASS ThreadInformationClass
,
2331 OUT PVOID ThreadInformation
,
2332 IN ULONG ThreadInformationLength
,
2333 OUT PULONG ReturnLength
2339 NtQueryInformationToken(
2340 IN HANDLE TokenHandle
,
2341 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
2342 OUT PVOID TokenInformation
,
2343 IN ULONG TokenInformationLength
,
2344 OUT PULONG ReturnLength
2349 ZwQueryInformationToken(
2350 IN HANDLE TokenHandle
,
2351 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
2352 OUT PVOID TokenInformation
,
2353 IN ULONG TokenInformationLength
,
2354 OUT PULONG ReturnLength
2359 NtQueryIoCompletion(
2360 IN HANDLE IoCompletionHandle
,
2361 IN IO_COMPLETION_INFORMATION_CLASS IoCompletionInformationClass
,
2362 OUT PVOID IoCompletionInformation
,
2363 IN ULONG IoCompletionInformationLength
,
2364 OUT PULONG ResultLength OPTIONAL
2369 ZwQueryIoCompletion(
2370 IN HANDLE IoCompletionHandle
,
2371 IN IO_COMPLETION_INFORMATION_CLASS IoCompletionInformationClass
,
2372 OUT PVOID IoCompletionInformation
,
2373 IN ULONG IoCompletionInformationLength
,
2374 OUT PULONG ResultLength OPTIONAL
2378 * FUNCTION: Queries the information of a registry key object.
2380 KeyHandle = Handle to a registry key
2381 KeyInformationClass = Index to a certain information structure
2382 KeyInformation = Caller supplies storage for resulting information
2383 Length = Size of the supplied storage
2384 ResultLength = Bytes written
2389 IN HANDLE KeyHandle
,
2390 IN KEY_INFORMATION_CLASS KeyInformationClass
,
2391 OUT PVOID KeyInformation
,
2393 OUT PULONG ResultLength
2399 IN HANDLE KeyHandle
,
2400 IN KEY_INFORMATION_CLASS KeyInformationClass
,
2401 OUT PVOID KeyInformation
,
2403 OUT PULONG ResultLength
2411 NtQueryMultipleValueKey(
2412 IN HANDLE KeyHandle
,
2413 IN OUT PKEY_VALUE_ENTRY ValueList
,
2414 IN ULONG NumberOfValues
,
2416 IN OUT PULONG Length
,
2417 OUT PULONG ReturnLength
2422 ZwQueryMultipleValueKey(
2423 IN HANDLE KeyHandle
,
2424 IN OUT PKEY_VALUE_ENTRY ValueList
,
2425 IN ULONG NumberOfValues
,
2427 IN OUT PULONG Length
,
2428 OUT PULONG ReturnLength
2432 * FUNCTION: Queries the information of a mutant object.
2434 MutantHandle = Handle to a mutant
2435 MutantInformationClass = Index to a certain information structure
2436 MutantInformation = Caller supplies storage for resulting information
2437 Length = Size of the supplied storage
2438 ResultLength = Bytes written
2443 IN HANDLE MutantHandle
,
2444 IN CINT MutantInformationClass
,
2445 OUT PVOID MutantInformation
,
2447 OUT PULONG ResultLength
2453 IN HANDLE MutantHandle
,
2454 IN CINT MutantInformationClass
,
2455 OUT PVOID MutantInformation
,
2457 OUT PULONG ResultLength
2461 * FUNCTION: Queries the system ( high-resolution ) performance counter.
2463 * Counter = Performance counter
2464 * Frequency = Performance frequency
2466 This procedure queries a tick count faster than 10ms ( The resolution for Intel®-based CPUs is about 0.8 microseconds.)
2467 This procedure maps to the win32 QueryPerformanceCounter, QueryPerformanceFrequency
2473 NtQueryPerformanceCounter(
2474 IN PLARGE_INTEGER Counter
,
2475 IN PLARGE_INTEGER Frequency
2480 ZwQueryPerformanceCounter(
2481 IN PLARGE_INTEGER Counter
,
2482 IN PLARGE_INTEGER Frequency
2486 * FUNCTION: Queries the information of a semaphore.
2488 * SemaphoreHandle = Handle to the semaphore object
2489 * SemaphoreInformationClass = Index to a certain information structure
2491 SemaphoreBasicInformation SEMAPHORE_BASIC_INFORMATION
2493 * SemaphoreInformation = Caller supplies storage for the semaphore information structure
2494 * Length = Size of the infomation structure
2499 IN HANDLE SemaphoreHandle
,
2500 IN SEMAPHORE_INFORMATION_CLASS SemaphoreInformationClass
,
2501 OUT PVOID SemaphoreInformation
,
2503 OUT PULONG ReturnLength
2509 IN HANDLE SemaphoreHandle
,
2510 IN SEMAPHORE_INFORMATION_CLASS SemaphoreInformationClass
,
2511 OUT PVOID SemaphoreInformation
,
2513 OUT PULONG ReturnLength
2518 * FUNCTION: Queries the information of a symbolic link object.
2520 * SymbolicLinkHandle = Handle to the symbolic link object
2521 * LinkTarget = resolved name of link
2522 * DataWritten = size of the LinkName.
2528 NtQuerySymbolicLinkObject(
2529 IN HANDLE SymLinkObjHandle
,
2530 OUT PUNICODE_STRING LinkTarget
,
2531 OUT PULONG DataWritten OPTIONAL
2536 ZwQuerySymbolicLinkObject(
2537 IN HANDLE SymLinkObjHandle
,
2538 OUT PUNICODE_STRING LinkName
,
2539 OUT PULONG DataWritten OPTIONAL
2544 * FUNCTION: Queries a system environment variable.
2546 * Name = Name of the variable
2547 * Value (OUT) = value of the variable
2548 * Length = size of the buffer
2549 * ReturnLength = data written
2555 NtQuerySystemEnvironmentValue(
2556 IN PUNICODE_STRING Name
,
2564 ZwQuerySystemEnvironmentValue(
2565 IN PUNICODE_STRING Name
,
2573 * FUNCTION: Queries the system information.
2575 * SystemInformationClass = Index to a certain information structure
2577 SystemTimeAdjustmentInformation SYSTEM_TIME_ADJUSTMENT
2578 SystemCacheInformation SYSTEM_CACHE_INFORMATION
2579 SystemConfigurationInformation CONFIGURATION_INFORMATION
2581 * SystemInformation = caller supplies storage for the information structure
2582 * Length = size of the structure
2583 ResultLength = Data written
2589 NtQuerySystemInformation(
2590 IN SYSTEM_INFORMATION_CLASS SystemInformationClass
,
2591 OUT PVOID SystemInformation
,
2593 OUT PULONG ResultLength
2598 ZwQuerySystemInformation(
2599 IN SYSTEM_INFORMATION_CLASS SystemInformationClass
,
2600 OUT PVOID SystemInformation
,
2602 OUT PULONG ResultLength
2606 * FUNCTION: Queries information about a timer
2608 * TimerHandle = Handle to the timer
2609 TimerValueInformationClass = Index to a certain information structure
2610 TimerValueInformation = Caller supplies storage for the information structure
2611 Length = Size of the information structure
2612 ResultLength = Data written
2619 IN HANDLE TimerHandle
,
2620 IN CINT TimerInformationClass
,
2621 OUT PVOID TimerInformation
,
2623 OUT PULONG ResultLength
2628 IN HANDLE TimerHandle
,
2629 IN CINT TimerInformationClass
,
2630 OUT PVOID TimerInformation
,
2632 OUT PULONG ResultLength
2636 * FUNCTION: Queries the timer resolution
2638 * MinimumResolution (OUT) = Caller should supply storage for the resulting time.
2639 Maximum Resolution (OUT) = Caller should supply storage for the resulting time.
2640 ActualResolution (OUT) = Caller should supply storage for the resulting time.
2648 NtQueryTimerResolution (
2649 OUT PULONG MinimumResolution
,
2650 OUT PULONG MaximumResolution
,
2651 OUT PULONG ActualResolution
2656 ZwQueryTimerResolution (
2657 OUT PULONG MinimumResolution
,
2658 OUT PULONG MaximumResolution
,
2659 OUT PULONG ActualResolution
2663 * FUNCTION: Queries a registry key value
2665 * KeyHandle = Handle to the registry key
2666 ValueName = Name of the value in the registry key
2667 KeyValueInformationClass = Index to a certain information structure
2669 KeyValueBasicInformation = KEY_VALUE_BASIC_INFORMATION
2670 KeyValueFullInformation = KEY_FULL_INFORMATION
2671 KeyValuePartialInformation = KEY_VALUE_PARTIAL_INFORMATION
2673 KeyValueInformation = Caller supplies storage for the information structure
2674 Length = Size of the information structure
2675 ResultLength = Data written
2682 IN HANDLE KeyHandle
,
2683 IN PUNICODE_STRING ValueName
,
2684 IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass
,
2685 OUT PVOID KeyValueInformation
,
2687 OUT PULONG ResultLength
2693 IN HANDLE KeyHandle
,
2694 IN PUNICODE_STRING ValueName
,
2695 IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass
,
2696 OUT PVOID KeyValueInformation
,
2698 OUT PULONG ResultLength
2702 * FUNCTION: Queries the volume information
2704 * FileHandle = Handle to a file object on the target volume
2705 * IoStatusBlock = Caller should supply storage for additional status information
2706 * ReturnLength = DataWritten
2707 * FsInformation = Caller should supply storage for the information structure.
2708 * Length = Size of the information structure
2709 * FsInformationClass = Index to a information structure
2711 FileFsVolumeInformation FILE_FS_VOLUME_INFORMATION
2712 FileFsLabelInformation FILE_FS_LABEL_INFORMATION
2713 FileFsSizeInformation FILE_FS_SIZE_INFORMATION
2714 FileFsDeviceInformation FILE_FS_DEVICE_INFORMATION
2715 FileFsAttributeInformation FILE_FS_ATTRIBUTE_INFORMATION
2716 FileFsControlInformation
2717 FileFsQuotaQueryInformation --
2718 FileFsQuotaSetInformation --
2719 FileFsMaximumInformation
2721 * RETURNS: Status [ STATUS_SUCCESS | STATUS_INSUFFICIENT_RESOURCES | STATUS_INVALID_PARAMETER |
2722 STATUS_INVALID_DEVICE_REQUEST | STATUS_BUFFER_OVERFLOW ]
2727 NtQueryVolumeInformationFile(
2728 IN HANDLE FileHandle
,
2729 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2730 OUT PVOID FsInformation
,
2732 IN FS_INFORMATION_CLASS FsInformationClass
2737 ZwQueryVolumeInformationFile(
2738 IN HANDLE FileHandle
,
2739 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2740 OUT PVOID FsInformation
,
2742 IN FS_INFORMATION_CLASS FsInformationClass
2745 // FIXME: Should I specify if the apc is user or kernel mode somewhere ??
2747 * FUNCTION: Queues a (user) apc to a thread.
2749 ThreadHandle = Thread to which the apc is queued.
2750 ApcRoutine = Points to the apc routine
2751 NormalContext = Argument to Apc Routine
2752 * SystemArgument1 = Argument of the Apc Routine
2753 SystemArgument2 = Argument of the Apc Routine
2754 * REMARK: If the apc is queued against a thread of a different process than the calling thread
2755 the apc routine should be specified in the address space of the queued thread's process.
2762 HANDLE ThreadHandle
,
2763 PKNORMAL_ROUTINE ApcRoutine
,
2764 PVOID NormalContext
,
2765 PVOID SystemArgument1
,
2766 PVOID SystemArgument2
);
2771 HANDLE ThreadHandle
,
2772 PKNORMAL_ROUTINE ApcRoutine
,
2773 PVOID NormalContext
,
2774 PVOID SystemArgument1
,
2775 PVOID SystemArgument2
);
2779 * FUNCTION: Raises an exception
2781 * ExceptionRecord = Structure specifying the exception
2782 * Context = Context in which the excpetion is raised
2791 IN PEXCEPTION_RECORD ExceptionRecord
,
2792 IN PCONTEXT Context
,
2793 IN BOOLEAN SearchFrames
2799 IN PEXCEPTION_RECORD ExceptionRecord
,
2800 IN PCONTEXT Context
,
2801 IN BOOLEAN SearchFrames
2805 * FUNCTION: Read a file
2807 * FileHandle = Handle of a file to read
2808 * Event = This event is signalled when the read operation completes
2809 * UserApcRoutine = Call back , if supplied Event should be NULL
2810 * UserApcContext = Argument to the callback
2811 * IoStatusBlock = Caller should supply storage for additional status information
2812 * Buffer = Caller should supply storage to receive the information
2813 * BufferLength = Size of the buffer
2814 * ByteOffset = Offset to start reading the file
2815 * Key = If a range is lock a matching key will allow the read to continue.
2823 IN HANDLE FileHandle
,
2824 IN HANDLE Event OPTIONAL
,
2825 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL
,
2826 IN PVOID UserApcContext OPTIONAL
,
2827 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2829 IN ULONG BufferLength
,
2830 IN PLARGE_INTEGER ByteOffset OPTIONAL
,
2831 IN PULONG Key OPTIONAL
2837 IN HANDLE FileHandle
,
2838 IN HANDLE Event OPTIONAL
,
2839 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL
,
2840 IN PVOID UserApcContext OPTIONAL
,
2841 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2843 IN ULONG BufferLength
,
2844 IN PLARGE_INTEGER ByteOffset OPTIONAL
,
2845 IN PULONG Key OPTIONAL
2848 * FUNCTION: Read a file using scattered io
2850 FileHandle = Handle of a file to read
2851 Event = This event is signalled when the read operation completes
2852 * UserApcRoutine = Call back , if supplied Event should be NULL
2853 UserApcContext = Argument to the callback
2854 IoStatusBlock = Caller should supply storage for additional status information
2855 BufferDescription = Caller should supply storage to receive the information
2856 BufferLength = Size of the buffer
2857 ByteOffset = Offset to start reading the file
2858 Key = Key = If a range is lock a matching key will allow the read to continue.
2865 IN HANDLE FileHandle
,
2866 IN HANDLE Event OPTIONAL
,
2867 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL
,
2868 IN PVOID UserApcContext OPTIONAL
,
2869 OUT PIO_STATUS_BLOCK UserIoStatusBlock
,
2870 IN FILE_SEGMENT_ELEMENT BufferDescription
[],
2871 IN ULONG BufferLength
,
2872 IN PLARGE_INTEGER ByteOffset
,
2873 IN PULONG Key OPTIONAL
2879 IN HANDLE FileHandle
,
2880 IN HANDLE Event OPTIONAL
,
2881 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL
,
2882 IN PVOID UserApcContext OPTIONAL
,
2883 OUT PIO_STATUS_BLOCK UserIoStatusBlock
,
2884 IN FILE_SEGMENT_ELEMENT BufferDescription
[],
2885 IN ULONG BufferLength
,
2886 IN PLARGE_INTEGER ByteOffset
,
2887 IN PULONG Key OPTIONAL
2890 * FUNCTION: Copies a range of virtual memory to a buffer
2892 * ProcessHandle = Specifies the process owning the virtual address space
2893 * BaseAddress = Points to the address of virtual memory to start the read
2894 * Buffer = Caller supplies storage to copy the virtual memory to.
2895 * NumberOfBytesToRead = Limits the range to read
2896 * NumberOfBytesRead = The actual number of bytes read.
2902 NtReadVirtualMemory(
2903 IN HANDLE ProcessHandle
,
2904 IN PVOID BaseAddress
,
2906 IN ULONG NumberOfBytesToRead
,
2907 OUT PULONG NumberOfBytesRead
2911 ZwReadVirtualMemory(
2912 IN HANDLE ProcessHandle
,
2913 IN PVOID BaseAddress
,
2915 IN ULONG NumberOfBytesToRead
,
2916 OUT PULONG NumberOfBytesRead
2921 * FUNCTION: Debugger can register for thread termination
2923 * TerminationPort = Port on which the debugger likes to be notified.
2928 NtRegisterThreadTerminatePort(
2929 HANDLE TerminationPort
2933 ZwRegisterThreadTerminatePort(
2934 HANDLE TerminationPort
2938 * FUNCTION: Releases a mutant
2940 * MutantHandle = Handle to the mutant
2947 IN HANDLE MutantHandle
,
2948 IN PULONG ReleaseCount OPTIONAL
2954 IN HANDLE MutantHandle
,
2955 IN PULONG ReleaseCount OPTIONAL
2959 * FUNCTION: Releases a semaphore
2961 * SemaphoreHandle = Handle to the semaphore object
2962 * ReleaseCount = Number to decrease the semaphore count
2963 * PreviousCount = Previous semaphore count
2969 IN HANDLE SemaphoreHandle
,
2970 IN LONG ReleaseCount
,
2971 OUT PLONG PreviousCount
2977 IN HANDLE SemaphoreHandle
,
2978 IN LONG ReleaseCount
,
2979 OUT PLONG PreviousCount
2983 * FUNCTION: Removes an io completion
2985 * CompletionPort (OUT) = Caller supplied storage for the resulting handle
2986 * CompletionKey = Requested access to the key
2987 * IoStatusBlock = Caller provides storage for extended status information
2988 * CompletionStatus = Current status of the io operation.
2989 * WaitTime = Time to wait if ..
2994 NtRemoveIoCompletion(
2995 IN HANDLE IoCompletionHandle
,
2996 OUT PULONG CompletionKey
,
2997 OUT PULONG CompletionValue
,
2998 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2999 IN PLARGE_INTEGER Timeout OPTIONAL
3004 ZwRemoveIoCompletion(
3005 IN HANDLE IoCompletionHandle
,
3006 OUT PULONG CompletionKey
,
3007 OUT PULONG CompletionValue
,
3008 OUT PIO_STATUS_BLOCK IoStatusBlock
,
3009 IN PLARGE_INTEGER Timeout OPTIONAL
3013 * FUNCTION: Replaces one registry key with another
3015 * ObjectAttributes = Specifies the attributes of the key
3016 * Key = Handle to the key
3017 * ReplacedObjectAttributes = The function returns the old object attributes
3023 IN POBJECT_ATTRIBUTES ObjectAttributes
,
3025 IN POBJECT_ATTRIBUTES ReplacedObjectAttributes
3030 IN POBJECT_ATTRIBUTES ObjectAttributes
,
3032 IN POBJECT_ATTRIBUTES ReplacedObjectAttributes
3036 * FUNCTION: Resets a event to a non signaled state
3038 * EventHandle = Handle to the event that should be reset
3039 * NumberOfWaitingThreads = The number of threads released.
3046 PULONG NumberOfWaitingThreads OPTIONAL
3052 PULONG NumberOfWaitingThreads OPTIONAL
3071 * FUNCTION: Decrements a thread's resume count
3073 * ThreadHandle = Handle to the thread that should be resumed
3074 * ResumeCount = The resulting resume count.
3076 * A thread is resumed if its suspend count is 0. This procedure maps to
3077 * the win32 ResumeThread function. ( documentation about the the suspend count can be found here aswell )
3083 IN HANDLE ThreadHandle
,
3084 OUT PULONG SuspendCount
3089 IN HANDLE ThreadHandle
,
3090 OUT PULONG SuspendCount
3093 * FUNCTION: Writes the content of a registry key to ascii file
3095 * KeyHandle = Handle to the key
3096 * FileHandle = Handle of the file
3098 This function maps to the Win32 RegSaveKey.
3105 IN HANDLE KeyHandle
,
3106 IN HANDLE FileHandle
3111 IN HANDLE KeyHandle
,
3112 IN HANDLE FileHandle
3116 * FUNCTION: Sets the context of a specified thread.
3118 * ThreadHandle = Handle to the thread
3119 * Context = The processor context.
3126 IN HANDLE ThreadHandle
,
3132 IN HANDLE ThreadHandle
,
3137 * FUNCTION: Sets the default locale id
3139 * UserProfile = Type of locale id
3140 * TRUE: thread locale id
3141 * FALSE: system locale id
3142 * DefaultLocaleId = Locale id
3149 IN BOOLEAN UserProfile
,
3150 IN LCID DefaultLocaleId
3156 IN BOOLEAN UserProfile
,
3157 IN LCID DefaultLocaleId
3161 * FUNCTION: Sets the default hard error port
3163 * PortHandle = Handle to the port
3164 * NOTE: The hard error port is used for first change exception handling
3169 NtSetDefaultHardErrorPort(
3170 IN HANDLE PortHandle
3174 ZwSetDefaultHardErrorPort(
3175 IN HANDLE PortHandle
3179 * FUNCTION: Sets the extended attributes of a file.
3181 * FileHandle = Handle to the file
3182 * IoStatusBlock = Storage for a resulting status and information
3183 * on the current operation.
3184 * EaBuffer = Extended Attributes buffer.
3185 * EaBufferSize = Size of the extended attributes buffer
3191 IN HANDLE FileHandle
,
3192 IN PIO_STATUS_BLOCK IoStatusBlock
,
3199 IN HANDLE FileHandle
,
3200 IN PIO_STATUS_BLOCK IoStatusBlock
,
3205 //FIXME: should I return the event state ?
3208 * FUNCTION: Sets the event to a signalled state.
3210 * EventHandle = Handle to the event
3211 * NumberOfThreadsReleased = The number of threads released
3213 * This procedure maps to the win32 SetEvent function.
3220 IN HANDLE EventHandle
,
3221 PULONG NumberOfThreadsReleased
3227 IN HANDLE EventHandle
,
3228 PULONG NumberOfThreadsReleased
3232 * FUNCTION: Sets the high part of an event pair
3234 EventPair = Handle to the event pair
3241 IN HANDLE EventPairHandle
3247 IN HANDLE EventPairHandle
3250 * FUNCTION: Sets the high part of an event pair and wait for the low part
3252 EventPair = Handle to the event pair
3257 NtSetHighWaitLowEventPair(
3258 IN HANDLE EventPairHandle
3262 ZwSetHighWaitLowEventPair(
3263 IN HANDLE EventPairHandle
3267 * FUNCTION: Sets the information of a file object.
3269 * FileHandle = Handle to the file object
3270 * IoStatusBlock = Caller supplies storage for extended information
3271 * on the current operation.
3272 * FileInformation = Storage for the new file information
3273 * Lenght = Size of the new file information.
3274 * FileInformationClass = Indicates to a certain information structure
3276 FileNameInformation FILE_NAME_INFORMATION
3277 FileRenameInformation FILE_RENAME_INFORMATION
3278 FileStreamInformation FILE_STREAM_INFORMATION
3279 * FileCompletionInformation IO_COMPLETION_CONTEXT
3282 * This procedure maps to the win32 SetEndOfFile, SetFileAttributes,
3283 * SetNamedPipeHandleState, SetMailslotInfo functions.
3290 NtSetInformationFile(
3291 IN HANDLE FileHandle
,
3292 IN PIO_STATUS_BLOCK IoStatusBlock
,
3293 IN PVOID FileInformation
,
3295 IN FILE_INFORMATION_CLASS FileInformationClass
3299 ZwSetInformationFile(
3300 IN HANDLE FileHandle
,
3301 IN PIO_STATUS_BLOCK IoStatusBlock
,
3302 IN PVOID FileInformation
,
3304 IN FILE_INFORMATION_CLASS FileInformationClass
3308 * FUNCTION: Changes a set of thread specific parameters
3310 * ThreadHandle = Handle to the thread
3311 * ThreadInformationClass = Index to the set of parameters to change.
3312 * Can be one of the following values:
3314 * ThreadBasicInformation THREAD_BASIC_INFORMATION
3315 * ThreadPriority KPRIORITY //???
3316 * ThreadBasePriority KPRIORITY
3317 * ThreadAffinityMask KAFFINITY //??
3318 * ThreadImpersonationToken ACCESS_TOKEN
3319 * ThreadIdealProcessor ULONG
3320 * ThreadPriorityBoost ULONG
3322 * ThreadInformation = Caller supplies storage for parameters to set.
3323 * ThreadInformationLength = Size of the storage supplied
3328 NtSetInformationThread(
3329 IN HANDLE ThreadHandle
,
3330 IN THREADINFOCLASS ThreadInformationClass
,
3331 IN PVOID ThreadInformation
,
3332 IN ULONG ThreadInformationLength
3336 ZwSetInformationThread(
3337 IN HANDLE ThreadHandle
,
3338 IN THREADINFOCLASS ThreadInformationClass
,
3339 IN PVOID ThreadInformation
,
3340 IN ULONG ThreadInformationLength
3344 * FUNCTION: Changes a set of token specific parameters
3346 * TokenHandle = Handle to the token
3347 * TokenInformationClass = Index to a certain information structure.
3348 * Can be one of the following values:
3350 TokenUser TOKEN_USER
3351 TokenGroups TOKEN_GROUPS
3352 TokenPrivileges TOKEN_PRIVILEGES
3353 TokenOwner TOKEN_OWNER
3354 TokenPrimaryGroup TOKEN_PRIMARY_GROUP
3355 TokenDefaultDacl TOKEN_DEFAULT_DACL
3356 TokenSource TOKEN_SOURCE
3357 TokenType TOKEN_TYPE
3358 TokenImpersonationLevel TOKEN_IMPERSONATION_LEVEL
3359 TokenStatistics TOKEN_STATISTICS
3361 * TokenInformation = Caller supplies storage for information structure.
3362 * TokenInformationLength = Size of the information structure
3368 NtSetInformationToken(
3369 IN HANDLE TokenHandle
,
3370 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
3371 OUT PVOID TokenInformation
,
3372 IN ULONG TokenInformationLength
3377 ZwSetInformationToken(
3378 IN HANDLE TokenHandle
,
3379 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
3380 OUT PVOID TokenInformation
,
3381 IN ULONG TokenInformationLength
3386 * FUNCTION: Sets an io completion
3391 * NumberOfBytesToTransfer =
3392 * NumberOfBytesTransferred =
3398 IN HANDLE IoCompletionPortHandle
,
3399 IN ULONG CompletionKey
,
3400 IN ULONG CompletionValue
,
3401 IN NTSTATUS CompletionStatus
,
3402 IN ULONG CompletionInformation
3408 IN HANDLE IoCompletionPortHandle
,
3409 IN ULONG CompletionKey
,
3410 IN ULONG CompletionValue
,
3411 IN NTSTATUS CompletionStatus
,
3412 IN ULONG CompletionInformation
3416 * FUNCTION: Set properties for profiling
3426 NtSetIntervalProfile(
3428 KPROFILE_SOURCE ClockSource
3433 ZwSetIntervalProfile(
3435 KPROFILE_SOURCE ClockSource
3440 * FUNCTION: Sets the low part of an event pair
3442 EventPair = Handle to the event pair
3457 * FUNCTION: Sets the low part of an event pair and wait for the high part
3459 EventPair = Handle to the event pair
3464 NtSetLowWaitHighEventPair(
3469 ZwSetLowWaitHighEventPair(
3473 /* NtSetLowWaitHighThread effectively invokes NtSetLowWaitHighEventPair on the
3474 * event pair of the thread.
3478 NtSetLowWaitHighThread(
3481 /* ZwSetLowWaitHighThread effectively invokes ZwSetLowWaitHighEventPair on the
3482 * event pair of the thread.
3486 ZwSetLowWaitHighThread(
3490 /* NtSetHighWaitLowThread effectively invokes NtSetHighWaitLowEventPair on the
3491 * event pair of the thread.
3495 NtSetHighWaitLowThread(
3499 /* ZwSetHighWaitLowThread effectively invokes ZwSetHighWaitLowEventPair on the
3500 * event pair of the thread.
3504 ZwSetHighWaitLowThread(
3510 NtSetSecurityObject(
3512 IN SECURITY_INFORMATION SecurityInformation
,
3513 IN PSECURITY_DESCRIPTOR SecurityDescriptor
3518 ZwSetSecurityObject(
3520 IN SECURITY_INFORMATION SecurityInformation
,
3521 IN PSECURITY_DESCRIPTOR SecurityDescriptor
3526 * FUNCTION: Sets a system environment variable
3528 * ValueName = Name of the environment variable
3529 * Value = Value of the environment variable
3534 NtSetSystemEnvironmentValue(
3535 IN PUNICODE_STRING VariableName
,
3536 IN PUNICODE_STRING Value
3540 ZwSetSystemEnvironmentValue(
3541 IN PUNICODE_STRING VariableName
,
3542 IN PUNICODE_STRING Value
3545 * FUNCTION: Sets system parameters
3547 * SystemInformationClass = Index to a particular set of system parameters
3548 * Can be one of the following values:
3550 * SystemTimeAdjustmentInformation SYSTEM_TIME_ADJUSTMENT
3552 * SystemInformation = Structure containing the parameters.
3553 * SystemInformationLength = Size of the structure.
3558 NtSetSystemInformation(
3559 IN SYSTEM_INFORMATION_CLASS SystemInformationClass
,
3560 IN PVOID SystemInformation
,
3561 IN ULONG SystemInformationLength
3566 ZwSetSystemInformation(
3567 IN SYSTEM_INFORMATION_CLASS SystemInformationClass
,
3568 IN PVOID SystemInformation
,
3569 IN ULONG SystemInformationLength
3573 * FUNCTION: Sets the system time
3575 * SystemTime = Old System time
3576 * NewSystemTime = New System time
3582 IN PLARGE_INTEGER SystemTime
,
3583 IN PLARGE_INTEGER NewSystemTime OPTIONAL
3588 IN PLARGE_INTEGER SystemTime
,
3589 IN PLARGE_INTEGER NewSystemTime OPTIONAL
3593 * FUNCTION: Sets the frequency of the system timer
3595 * RequestedResolution =
3597 * ActualResolution =
3602 NtSetTimerResolution(
3603 IN ULONG RequestedResolution
,
3605 OUT PULONG ActualResolution
3609 ZwSetTimerResolution(
3610 IN ULONG RequestedResolution
,
3612 OUT PULONG ActualResolution
3616 * FUNCTION: Sets the value of a registry key
3618 * KeyHandle = Handle to a registry key
3619 * ValueName = Name of the value entry to change
3620 * TitleIndex = pointer to a structure containing the new volume information
3621 * Type = Type of the registry key. Can be one of the values:
3622 * REG_BINARY Unspecified binary data
3623 * REG_DWORD A 32 bit value
3624 * REG_DWORD_LITTLE_ENDIAN Same as REG_DWORD
3625 * REG_DWORD_BIG_ENDIAN A 32 bit value whose least significant byte is at the highest address
3626 * REG_EXPAND_SZ A zero terminated wide character string with unexpanded environment variables ( "%PATH%" )
3627 * REG_LINK A zero terminated wide character string referring to a symbolic link.
3628 * REG_MULTI_SZ A series of zero-terminated strings including a additional trailing zero
3629 * REG_NONE Unspecified type
3630 * REG_SZ A wide character string ( zero terminated )
3631 * REG_RESOURCE_LIST ??
3632 * REG_RESOURCE_REQUIREMENTS_LIST ??
3633 * REG_FULL_RESOURCE_DESCRIPTOR ??
3634 * Data = Contains the data for the registry key.
3635 * DataSize = size of the data.
3641 IN HANDLE KeyHandle
,
3642 IN PUNICODE_STRING ValueName
,
3643 IN ULONG TitleIndex OPTIONAL
,
3651 IN HANDLE KeyHandle
,
3652 IN PUNICODE_STRING ValueName
,
3653 IN ULONG TitleIndex OPTIONAL
,
3660 * FUNCTION: Sets the volume information.
3662 * FileHandle = Handle to the file
3663 * IoStatusBlock = Caller should supply storage for additional status information
3664 * VolumeInformation = pointer to a structure containing the new volume information
3665 * Length = size of the structure.
3666 * VolumeInformationClass = specifies the particular volume information to set
3671 NtSetVolumeInformationFile(
3672 IN HANDLE FileHandle
,
3673 OUT PIO_STATUS_BLOCK IoStatusBlock
,
3674 IN PVOID FsInformation
,
3676 IN FS_INFORMATION_CLASS FsInformationClass
3681 ZwSetVolumeInformationFile(
3682 IN HANDLE FileHandle
,
3683 OUT PIO_STATUS_BLOCK IoStatusBlock
,
3684 IN PVOID FsInformation
,
3686 IN FS_INFORMATION_CLASS FsInformationClass
3690 * FUNCTION: Shuts the system down
3692 * Action = Specifies the type of shutdown, it can be one of the following values:
3693 * ShutdownNoReboot, ShutdownReboot, ShutdownPowerOff
3699 IN SHUTDOWN_ACTION Action
3705 IN SHUTDOWN_ACTION Action
3709 /* --- PROFILING --- */
3712 * FUNCTION: Starts profiling
3714 * ProfileHandle = Handle to the profile
3721 HANDLE ProfileHandle
3727 HANDLE ProfileHandle
3731 * FUNCTION: Stops profiling
3733 * ProfileHandle = Handle to the profile
3740 HANDLE ProfileHandle
3746 HANDLE ProfileHandle
3749 /* --- PROCESS MANAGEMENT --- */
3751 //--NtSystemDebugControl
3753 * FUNCTION: Terminates the execution of a process.
3755 * ThreadHandle = Handle to the process
3756 * ExitStatus = The exit status of the process to terminate with.
3758 Native applications should kill themselves using this function.
3764 IN HANDLE ProcessHandle
,
3765 IN NTSTATUS ExitStatus
3770 IN HANDLE ProcessHandle
,
3771 IN NTSTATUS ExitStatus
3774 /* --- DEVICE DRIVER CONTROL --- */
3777 * FUNCTION: Unloads a driver.
3779 * DriverServiceName = Name of the driver to unload
3785 IN PUNICODE_STRING DriverServiceName
3790 IN PUNICODE_STRING DriverServiceName
3793 /* --- VIRTUAL MEMORY MANAGEMENT --- */
3796 * FUNCTION: Writes a range of virtual memory
3798 * ProcessHandle = The handle to the process owning the address space.
3799 * BaseAddress = The points to the address to write to
3800 * Buffer = Pointer to the buffer to write
3801 * NumberOfBytesToWrite = Offset to the upper boundary to write
3802 * NumberOfBytesWritten = Total bytes written
3804 * This function maps to the win32 WriteProcessMemory
3809 NtWriteVirtualMemory(
3810 IN HANDLE ProcessHandle
,
3811 IN PVOID BaseAddress
,
3813 IN ULONG NumberOfBytesToWrite
,
3814 OUT PULONG NumberOfBytesWritten
3819 ZwWriteVirtualMemory(
3820 IN HANDLE ProcessHandle
,
3821 IN PVOID BaseAddress
,
3823 IN ULONG NumberOfBytesToWrite
,
3824 OUT PULONG NumberOfBytesWritten
3828 * FUNCTION: Unmaps a piece of virtual memory backed by a file.
3830 * ProcessHandle = Handle to the process
3831 * BaseAddress = The address where the mapping begins
3833 This procedure maps to the win32 UnMapViewOfFile
3838 NtUnmapViewOfSection(
3839 IN HANDLE ProcessHandle
,
3840 IN PVOID BaseAddress
3844 ZwUnmapViewOfSection(
3845 IN HANDLE ProcessHandle
,
3846 IN PVOID BaseAddress
3849 /* --- OBJECT SYNCHRONIZATION --- */
3852 * FUNCTION: Signals an object and wait for an other one.
3854 * SignalObject = Handle to the object that should be signaled
3855 * WaitObject = Handle to the object that should be waited for
3856 * Alertable = True if the wait is alertable
3857 * Time = The time to wait
3862 NtSignalAndWaitForSingleObject(
3863 IN HANDLE SignalObject
,
3864 IN HANDLE WaitObject
,
3865 IN BOOLEAN Alertable
,
3866 IN PLARGE_INTEGER Time
3871 NtSignalAndWaitForSingleObject(
3872 IN HANDLE SignalObject
,
3873 IN HANDLE WaitObject
,
3874 IN BOOLEAN Alertable
,
3875 IN PLARGE_INTEGER Time
3879 * FUNCTION: Waits for an object to become signalled.
3881 * Object = The object handle
3882 * Alertable = If true the wait is alertable.
3883 * Time = The maximum wait time.
3885 * This function maps to the win32 WaitForSingleObjectEx.
3890 NtWaitForSingleObject (
3892 IN BOOLEAN Alertable
,
3893 IN PLARGE_INTEGER Time
3898 ZwWaitForSingleObject (
3900 IN BOOLEAN Alertable
,
3901 IN PLARGE_INTEGER Time
3904 /* --- EVENT PAIR OBJECT --- */
3907 * FUNCTION: Waits for the high part of an eventpair to become signalled
3909 * EventPairHandle = Handle to the event pair.
3915 NtWaitHighEventPair(
3916 IN HANDLE EventPairHandle
3921 ZwWaitHighEventPair(
3922 IN HANDLE EventPairHandle
3926 * FUNCTION: Waits for the low part of an eventpair to become signalled
3928 * EventPairHandle = Handle to the event pair.
3934 IN HANDLE EventPairHandle
3940 IN HANDLE EventPairHandle
3943 /* --- FILE MANAGEMENT --- */
3946 * FUNCTION: Unlocks a range of bytes in a file.
3948 * FileHandle = Handle to the file
3949 * IoStatusBlock = Caller should supply storage for a structure containing
3950 * the completion status and information about the requested unlock operation.
3951 The information field is set to the number of bytes unlocked.
3952 * ByteOffset = Offset to start the range of bytes to unlock
3953 * Length = Number of bytes to unlock.
3954 * Key = Special value to enable other threads to unlock a file than the
3955 thread that locked the file. The key supplied must match with the one obtained
3956 in a previous call to NtLockFile.
3958 This procedure maps to the win32 procedure UnlockFileEx. STATUS_PENDING is returned if the lock could
3959 not be obtained immediately, the device queue is busy and the IRP is queued.
3960 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES |
3961 STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_RANGE_NOT_LOCKED ]
3966 IN HANDLE FileHandle
,
3967 OUT PIO_STATUS_BLOCK IoStatusBlock
,
3968 IN PLARGE_INTEGER ByteOffset
,
3969 IN PLARGE_INTEGER Lenght
,
3970 OUT PULONG Key OPTIONAL
3975 IN HANDLE FileHandle
,
3976 OUT PIO_STATUS_BLOCK IoStatusBlock
,
3977 IN PLARGE_INTEGER ByteOffset
,
3978 IN PLARGE_INTEGER Lenght
,
3979 OUT PULONG Key OPTIONAL
3983 * FUNCTION: Writes data to a file
3985 * FileHandle = The handle a file ( from NtCreateFile )
3986 * Event = Specifies a event that will become signalled when the write operation completes.
3987 * ApcRoutine = Asynchroneous Procedure Callback [ Should not be used by device drivers ]
3988 * ApcContext = Argument to the Apc Routine
3989 * IoStatusBlock = Caller should supply storage for a structure containing the completion status and information about the requested write operation.
3990 * Buffer = Caller should supply storage for a buffer that will contain the information to be written to file.
3991 * Length = Size in bytest of the buffer
3992 * ByteOffset = Points to a file offset. If a combination of Length and BytesOfSet is past the end-of-file mark the file will be enlarged.
3993 * BytesOffset is ignored if the file is created with FILE_APPEND_DATA in the DesiredAccess. BytesOffset is also ignored if
3994 * the file is created with CreateOptions flags FILE_SYNCHRONOUS_IO_ALERT or FILE_SYNCHRONOUS_IO_NONALERT set, in that case a offset
3995 * should be created by specifying FILE_USE_FILE_POINTER_POSITION.
3998 * This function maps to the win32 WriteFile.
3999 * Callers to NtWriteFile should run at IRQL PASSIVE_LEVEL.
4000 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES
4001 STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_FILE_LOCK_CONFLICT ]
4006 IN HANDLE FileHandle
,
4007 IN HANDLE Event OPTIONAL
,
4008 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
4009 IN PVOID ApcContext OPTIONAL
,
4010 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4013 IN PLARGE_INTEGER ByteOffset
,
4014 IN PULONG Key OPTIONAL
4020 IN HANDLE FileHandle
,
4021 IN HANDLE Event OPTIONAL
,
4022 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
4023 IN PVOID ApcContext OPTIONAL
,
4024 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4027 IN PLARGE_INTEGER ByteOffset
,
4028 IN PULONG Key OPTIONAL
4032 * FUNCTION: Writes a file
4034 * FileHandle = The handle of the file
4036 * ApcRoutine = Asynchroneous Procedure Callback [ Should not be used by device drivers ]
4037 * ApcContext = Argument to the Apc Routine
4038 * IoStatusBlock = Caller should supply storage for a structure containing the completion status and information about the requested write operation.
4039 * BufferDescription = Caller should supply storage for a buffer that will contain the information to be written to file.
4040 * BufferLength = Size in bytest of the buffer
4041 * ByteOffset = Points to a file offset. If a combination of Length and BytesOfSet is past the end-of-file mark the file will be enlarged.
4042 * BytesOffset is ignored if the file is created with FILE_APPEND_DATA in the DesiredAccess. BytesOffset is also ignored if
4043 * the file is created with CreateOptions flags FILE_SYNCHRONOUS_IO_ALERT or FILE_SYNCHRONOUS_IO_NONALERT set, in that case a offset
4044 * should be created by specifying FILE_USE_FILE_POINTER_POSITION. Use FILE_WRITE_TO_END_OF_FILE to write to the EOF.
4045 * Key = If a matching key [ a key provided at NtLockFile ] is provided the write operation will continue even if a byte range is locked.
4047 * This function maps to the win32 WriteFile.
4048 * Callers to NtWriteFile should run at IRQL PASSIVE_LEVEL.
4049 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES
4050 STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_FILE_LOCK_CONFLICT ]
4056 IN HANDLE FileHandle
,
4057 IN HANDLE Event OPTIONAL
,
4058 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
4059 IN PVOID ApcContext OPTIONAL
,
4060 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4061 IN FILE_SEGMENT_ELEMENT BufferDescription
[],
4062 IN ULONG BufferLength
,
4063 IN PLARGE_INTEGER ByteOffset
,
4064 IN PULONG Key OPTIONAL
4070 IN HANDLE FileHandle
,
4071 IN HANDLE Event OPTIONAL
,
4072 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
4073 IN PVOID ApcContext OPTIONAL
,
4074 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4075 IN FILE_SEGMENT_ELEMENT BufferDescription
[],
4076 IN ULONG BufferLength
,
4077 IN PLARGE_INTEGER ByteOffset
,
4078 IN PULONG Key OPTIONAL
4082 /* --- THREAD MANAGEMENT --- */
4085 * FUNCTION: Increments a thread's resume count
4087 * ThreadHandle = Handle to the thread that should be resumed
4088 * PreviousSuspendCount = The resulting/previous suspend count.
4090 * A thread will be suspended if its suspend count is greater than 0. This procedure maps to
4091 * the win32 SuspendThread function. ( documentation about the the suspend count can be found here aswell )
4092 * The suspend count is not increased if it is greater than MAXIMUM_SUSPEND_COUNT.
4098 IN HANDLE ThreadHandle
,
4099 IN PULONG PreviousSuspendCount
4105 IN HANDLE ThreadHandle
,
4106 IN PULONG PreviousSuspendCount
4110 * FUNCTION: Terminates the execution of a thread.
4112 * ThreadHandle = Handle to the thread
4113 * ExitStatus = The exit status of the thread to terminate with.
4119 IN HANDLE ThreadHandle
,
4120 IN NTSTATUS ExitStatus
4125 IN HANDLE ThreadHandle
,
4126 IN NTSTATUS ExitStatus
4129 * FUNCTION: Tests to see if there are any pending alerts for the calling thread
4144 * FUNCTION: Yields the callers thread.
4159 /* --- PLUG AND PLAY --- */
4169 NtGetPlugPlayEvent (
4173 /* --- POWER MANAGEMENT --- */
4176 NtSetSystemPowerState(IN POWER_ACTION SystemAction
,
4177 IN SYSTEM_POWER_STATE MinSystemState
,
4180 /* --- DEBUG SUBSYSTEM --- */
4183 NtSystemDebugControl(DEBUG_CONTROL_CODE ControlCode
,
4185 ULONG InputBufferLength
,
4187 ULONG OutputBufferLength
,
4188 PULONG ReturnLength
);
4190 /* --- VIRTUAL DOS MACHINE (VDM) --- */
4194 NtVdmControl (ULONG ControlCode
, PVOID ControlData
);
4200 NtW32Call(IN ULONG RoutineIndex
,
4202 IN ULONG ArgumentLength
,
4203 OUT PVOID
* Result OPTIONAL
,
4204 OUT PULONG ResultLength OPTIONAL
);
4206 /* --- CHANNELS --- */
4228 NtReplyWaitSendChannel (
4234 NtSendWaitReplyChannel (
4240 NtSetContextChannel (
4244 /* --- MISCELLANEA --- */
4246 //NTSTATUS STDCALL NtSetLdtEntries(VOID);
4249 NtSetLdtEntries (ULONG Selector1
,
4250 LDT_ENTRY LdtEntry1
,
4252 LDT_ENTRY LdtEntry2
);
4256 NtQueryOleDirectoryFile (
4261 * FUNCTION: Checks a clients access rights to a object
4263 * SecurityDescriptor = Security information against which the access is checked
4264 * ClientToken = Represents a client
4268 * ReturnLength = Bytes written
4270 * AccessStatus = Indicates if the ClientToken allows the requested access
4271 * REMARKS: The arguments map to the win32 AccessCheck
4278 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
4279 IN HANDLE ClientToken
,
4280 IN ACCESS_MASK DesiredAcces
,
4281 IN PGENERIC_MAPPING GenericMapping
,
4282 OUT PPRIVILEGE_SET PrivilegeSet
,
4283 OUT PULONG ReturnLength
,
4284 OUT PULONG GrantedAccess
,
4285 OUT PBOOLEAN AccessStatus
4291 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
4292 IN HANDLE ClientToken
,
4293 IN ACCESS_MASK DesiredAcces
,
4294 IN PGENERIC_MAPPING GenericMapping
,
4295 OUT PPRIVILEGE_SET PrivilegeSet
,
4296 OUT PULONG ReturnLength
,
4297 OUT PULONG GrantedAccess
,
4298 OUT PBOOLEAN AccessStatus
4304 IN ACCESS_MASK DesiredAccess
,
4305 OUT PHANDLE KeyHandle
);
4308 * FUNCTION: Checks a clients access rights to a object and issues a audit a alarm. ( it logs the access )
4310 * SubsystemName = Specifies the name of the subsystem, can be "WIN32" or "DEBUG"
4314 * SecurityDescriptor =
4321 * REMARKS: The arguments map to the win32 AccessCheck
4327 NtAccessCheckAndAuditAlarm(
4328 IN PUNICODE_STRING SubsystemName
,
4329 IN PHANDLE ObjectHandle
,
4330 IN PUNICODE_STRING ObjectTypeName
,
4331 IN PUNICODE_STRING ObjectName
,
4332 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
4333 IN ACCESS_MASK DesiredAccess
,
4334 IN PGENERIC_MAPPING GenericMapping
,
4335 IN BOOLEAN ObjectCreation
,
4336 OUT PACCESS_MASK GrantedAccess
,
4337 OUT PNTSTATUS AccessStatus
,
4338 OUT PBOOLEAN GenerateOnClose
4342 * FUNCTION: Cancels a timer
4344 * TimerHandle = Handle to the timer
4345 * CurrentState = Specifies the state of the timer when cancelled.
4347 * The arguments to this function map to the function CancelWaitableTimer.
4353 IN HANDLE TimerHandle
,
4354 OUT PBOOLEAN CurrentState OPTIONAL
4358 * FUNCTION: Continues a thread with the specified context
4360 * Context = Specifies the processor context
4361 * IrqLevel = Specifies the Interupt Request Level to continue with. Can
4362 * be PASSIVE_LEVEL or APC_LEVEL
4364 * NtContinue can be used to continue after an exception or apc.
4367 //FIXME This function might need another parameter
4372 IN PCONTEXT Context
,
4373 IN BOOLEAN TestAlert
4377 * FUNCTION: Creates a paging file.
4379 * FileName = Name of the pagefile
4380 * InitialSize = Specifies the initial size in bytes
4381 * MaximumSize = Specifies the maximum size in bytes
4382 * Reserved = Reserved for future use
4388 IN PUNICODE_STRING FileName
,
4389 IN PLARGE_INTEGER InitialSize
,
4390 IN PLARGE_INTEGER MaxiumSize
,
4396 * FUNCTION: Creates a profile
4398 * ProfileHandle (OUT) = Caller supplied storage for the resulting handle
4399 * ObjectAttribute = Initialized attributes for the object
4400 * ImageBase = Start address of executable image
4401 * ImageSize = Size of the image
4402 * Granularity = Bucket size
4403 * Buffer = Caller supplies buffer for profiling info
4404 * ProfilingSize = Buffer size
4405 * ClockSource = Specify 0 / FALSE ??
4406 * ProcessorMask = A value of -1 indicates disables per processor profiling,
4407 otherwise bit set for the processor to profile.
4409 * This function maps to the win32 CreateProcess.
4415 NtCreateProfile(OUT PHANDLE ProfileHandle
,
4416 IN HANDLE ProcessHandle
,
4419 IN ULONG Granularity
,
4421 IN ULONG ProfilingSize
,
4422 IN KPROFILE_SOURCE Source
,
4423 IN ULONG ProcessorMask
);
4426 * FUNCTION: Creates a user mode thread
4428 * ThreadHandle (OUT) = Caller supplied storage for the resulting handle
4429 * DesiredAccess = Specifies the allowed or desired access to the thread.
4430 * ObjectAttributes = Initialized attributes for the object.
4431 * ProcessHandle = Handle to the threads parent process.
4432 * ClientId (OUT) = Caller supplies storage for returned process id and thread id.
4433 * ThreadContext = Initial processor context for the thread.
4434 * InitialTeb = Initial user mode stack context for the thread.
4435 * CreateSuspended = Specifies if the thread is ready for scheduling
4437 * This function maps to the win32 function CreateThread.
4443 OUT PHANDLE ThreadHandle
,
4444 IN ACCESS_MASK DesiredAccess
,
4445 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
4446 IN HANDLE ProcessHandle
,
4447 OUT PCLIENT_ID ClientId
,
4448 IN PCONTEXT ThreadContext
,
4449 IN PUSER_STACK UserStack
,
4450 IN BOOLEAN CreateSuspended
4454 * FUNCTION: Delays the execution of the calling thread.
4456 * Alertable = If TRUE the thread is alertable during is wait period
4457 * Interval = Specifies the interval to wait.
4469 * FUNCTION: Extends a section
4471 * SectionHandle = Handle to the section
4472 * NewMaximumSize = Adjusted size
4478 IN HANDLE SectionHandle
,
4479 IN ULONG NewMaximumSize
4483 * FUNCTION: Flushes a the processors instruction cache
4485 * ProcessHandle = Points to the process owning the cache
4486 * BaseAddress = // might this be a image address ????
4487 * NumberOfBytesToFlush =
4490 * This funciton is used by debuggers
4494 NtFlushInstructionCache(
4495 IN HANDLE ProcessHandle
,
4496 IN PVOID BaseAddress
,
4497 IN UINT NumberOfBytesToFlush
4501 * FUNCTION: Flushes virtual memory to file
4503 * ProcessHandle = Points to the process that allocated the virtual memory
4504 * BaseAddress = Points to the memory address
4505 * NumberOfBytesToFlush = Limits the range to flush,
4506 * NumberOfBytesFlushed = Actual number of bytes flushed
4509 * Check return status on STATUS_NOT_MAPPED_DATA
4513 NtFlushVirtualMemory(
4514 IN HANDLE ProcessHandle
,
4515 IN PVOID BaseAddress
,
4516 IN ULONG NumberOfBytesToFlush
,
4517 OUT PULONG NumberOfBytesFlushed OPTIONAL
4521 * FUNCTION: Retrieves the uptime of the system
4523 * UpTime = Number of clock ticks since boot.
4533 * FUNCTION: Loads a registry key.
4535 * KeyObjectAttributes = Key to be loaded
4536 * FileObjectAttributes = File to load the key from
4538 * This procedure maps to the win32 procedure RegLoadKey
4544 IN POBJECT_ATTRIBUTES KeyObjectAttributes
,
4545 IN POBJECT_ATTRIBUTES FileObjectAttributes
4550 * FUNCTION: Locks a range of virtual memory.
4552 * ProcessHandle = Handle to the process
4553 * BaseAddress = Lower boundary of the range of bytes to lock.
4554 * NumberOfBytesLock = Offset to the upper boundary.
4555 * NumberOfBytesLocked (OUT) = Number of bytes actually locked.
4557 This procedure maps to the win32 procedure VirtualLock.
4558 * RETURNS: Status [STATUS_SUCCESS | STATUS_WAS_LOCKED ]
4562 NtLockVirtualMemory(
4563 HANDLE ProcessHandle
,
4565 ULONG NumberOfBytesToLock
,
4566 PULONG NumberOfBytesLocked
4571 NtOpenObjectAuditAlarm(
4572 IN PUNICODE_STRING SubsystemName
,
4574 IN PUNICODE_STRING ObjectTypeName
,
4575 IN PUNICODE_STRING ObjectName
,
4576 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
4577 IN HANDLE ClientToken
,
4578 IN ULONG DesiredAccess
,
4579 IN ULONG GrantedAccess
,
4580 IN PPRIVILEGE_SET Privileges
,
4581 IN BOOLEAN ObjectCreation
,
4582 IN BOOLEAN AccessGranted
,
4583 OUT PBOOLEAN GenerateOnClose
4587 * FUNCTION: Set the access protection of a range of virtual memory
4589 * ProcessHandle = Handle to process owning the virtual address space
4590 * BaseAddress = Start address
4591 * NumberOfBytesToProtect = Delimits the range of virtual memory
4592 * for which the new access protection holds
4593 * NewAccessProtection = The new access proctection for the pages
4594 * OldAccessProtection = Caller should supply storage for the old
4598 * The function maps to the win32 VirtualProtectEx
4603 NtProtectVirtualMemory(
4604 IN HANDLE ProcessHandle
,
4605 IN PVOID BaseAddress
,
4606 IN ULONG NumberOfBytesToProtect
,
4607 IN ULONG NewAccessProtection
,
4608 OUT PULONG OldAccessProtection
4612 * FUNCTION: Query information about the content of a directory object
4615 Buffer = Buffer must be large enough to hold the name strings too
4616 ReturnSingleEntry = If TRUE :return the index of the next object in this directory in ObjectIndex
4617 If FALSE: return the number of objects in this directory in ObjectIndex
4618 RestartScan = If TRUE: ignore input value of ObjectIndex always start at index 0
4619 If FALSE use input value of ObjectIndex
4620 Context = zero based index of object in the directory depends on GetNextIndex and IgnoreInputIndex
4621 ReturnLength = Actual size of the ObjectIndex ???
4626 NtQueryDirectoryObject(
4627 IN HANDLE DirectoryHandle
,
4629 IN ULONG BufferLength
,
4630 IN BOOLEAN ReturnSingleEntry
,
4631 IN BOOLEAN RestartScan
,
4632 IN OUT PULONG Context
,
4633 OUT PULONG ReturnLength OPTIONAL
4637 * FUNCTION: Query the interval and the clocksource for profiling
4645 NtQueryIntervalProfile(
4646 OUT PULONG Interval
,
4647 OUT KPROFILE_SOURCE ClockSource
4651 * FUNCTION: Queries the information of a section object.
4653 * SectionHandle = Handle to the section link object
4654 * SectionInformationClass = Index to a certain information structure
4655 * SectionInformation (OUT)= Caller supplies storage for resulting information
4656 * Length = Size of the supplied storage
4657 * ResultLength = Data written
4664 IN HANDLE SectionHandle
,
4665 IN CINT SectionInformationClass
,
4666 OUT PVOID SectionInformation
,
4668 OUT PULONG ResultLength
4672 * FUNCTION: Queries the virtual memory information.
4674 ProcessHandle = Process owning the virtual address space
4675 BaseAddress = Points to the page where the information is queried for.
4676 * VirtualMemoryInformationClass = Index to a certain information structure
4678 MemoryBasicInformation MEMORY_BASIC_INFORMATION
4680 * VirtualMemoryInformation = caller supplies storage for the information structure
4681 * Length = size of the structure
4682 ResultLength = Data written
4689 NtQueryVirtualMemory(
4690 IN HANDLE ProcessHandle
,
4692 IN IN CINT VirtualMemoryInformationClass
,
4693 OUT PVOID VirtualMemoryInformation
,
4695 OUT PULONG ResultLength
4699 * FUNCTION: Raises a hard error (stops the system)
4701 * Status = Status code of the hard error
4723 * FUNCTION: Sets the information of a registry key.
4725 * KeyHandle = Handle to the registry key
4726 * KeyInformationClass = Index to the a certain information structure.
4727 Can be one of the following values:
4729 * KeyWriteTimeInformation KEY_WRITE_TIME_INFORMATION
4731 KeyInformation = Storage for the new information
4732 * KeyInformationLength = Size of the information strucure
4738 NtSetInformationKey(
4739 IN HANDLE KeyHandle
,
4740 IN CINT KeyInformationClass
,
4741 IN PVOID KeyInformation
,
4742 IN ULONG KeyInformationLength
4746 * FUNCTION: Changes a set of object specific parameters
4749 * ObjectInformationClass = Index to the set of parameters to change.
4752 ObjectBasicInformation
4753 ObjectTypeInformation OBJECT_TYPE_INFORMATION
4754 ObjectAllInformation
4755 ObjectDataInformation OBJECT_DATA_INFORMATION
4756 ObjectNameInformation OBJECT_NAME_INFORMATION
4759 * ObjectInformation = Caller supplies storage for parameters to set.
4760 * Length = Size of the storage supplied
4765 NtSetInformationObject(
4766 IN HANDLE ObjectHandle
,
4767 IN CINT ObjectInformationClass
,
4768 IN PVOID ObjectInformation
,
4773 * FUNCTION: Sets the characteristics of a timer
4775 * TimerHandle = Handle to the timer
4776 * DueTime = Time before the timer becomes signalled for the first time.
4777 * TimerApcRoutine = Completion routine can be called on time completion
4778 * TimerContext = Argument to the completion routine
4779 * Resume = Specifies if the timer should repeated after completing one cycle
4780 * Period = Cycle of the timer
4781 * REMARKS: This routine maps to the win32 SetWaitableTimer.
4787 IN HANDLE TimerHandle
,
4788 IN PLARGE_INTEGER DueTime
,
4789 IN PTIMERAPCROUTINE TimerApcRoutine
,
4790 IN PVOID TimerContext
,
4792 IN ULONG Period OPTIONAL
,
4793 OUT PBOOLEAN PreviousState OPTIONAL
4797 * FUNCTION: Unloads a registry key.
4799 * KeyHandle = Handle to the registry key
4801 * This procedure maps to the win32 procedure RegUnloadKey
4807 IN POBJECT_ATTRIBUTES KeyObjectAttributes
4811 * FUNCTION: Unlocks a range of virtual memory.
4813 * ProcessHandle = Handle to the process
4814 * BaseAddress = Lower boundary of the range of bytes to unlock.
4815 * NumberOfBytesToUnlock = Offset to the upper boundary to unlock.
4816 * NumberOfBytesUnlocked (OUT) = Number of bytes actually unlocked.
4818 This procedure maps to the win32 procedure VirtualUnlock
4819 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PAGE_WAS_ULOCKED ]
4823 NtUnlockVirtualMemory(
4824 IN HANDLE ProcessHandle
,
4825 IN PVOID BaseAddress
,
4826 IN ULONG NumberOfBytesToUnlock
,
4827 OUT PULONG NumberOfBytesUnlocked OPTIONAL
4831 * FUNCTION: Waits for multiple objects to become signalled.
4833 * Count = The number of objects
4834 * Object = The array of object handles
4835 * WaitType = Can be one of the values UserMode or KernelMode
4836 * Alertable = If true the wait is alertable.
4837 * Time = The maximum wait time.
4839 * This function maps to the win32 WaitForMultipleObjectEx.
4844 NtWaitForMultipleObjects (
4847 IN WAIT_TYPE WaitType
,
4848 IN BOOLEAN Alertable
,
4849 IN PLARGE_INTEGER Time
4856 #ifndef __USE_W32API
4859 * FUNCTION: Continues a thread with the specified context
4861 * Context = Specifies the processor context
4862 * IrqLevel = Specifies the Interupt Request Level to continue with. Can
4863 * be PASSIVE_LEVEL or APC_LEVEL
4865 * NtContinue can be used to continue after an exception or apc.
4868 //FIXME This function might need another parameter
4870 NTSTATUS STDCALL
ZwContinue(IN PCONTEXT Context
, IN CINT IrqLevel
);
4873 * FUNCTION: Retrieves the system time
4875 * CurrentTime (OUT) = Caller should supply storage for the resulting time.
4883 OUT PLARGE_INTEGER CurrentTime
4887 * FUNCTION: Copies a handle from one process space to another
4889 * SourceProcessHandle = The source process owning the handle. The source process should have opened
4890 * the SourceHandle with PROCESS_DUP_HANDLE access.
4891 * SourceHandle = The handle to the object.
4892 * TargetProcessHandle = The destination process owning the handle
4893 * TargetHandle (OUT) = Caller should supply storage for the duplicated handle.
4894 * DesiredAccess = The desired access to the handle.
4895 * InheritHandle = Indicates wheter the new handle will be inheritable or not.
4896 * Options = Specifies special actions upon duplicating the handle. Can be
4897 * one of the values DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS.
4898 * DUPLICATE_CLOSE_SOURCE specifies that the source handle should be
4899 * closed after duplicating. DUPLICATE_SAME_ACCESS specifies to ignore
4900 * the DesiredAccess paramter and just grant the same access to the new
4903 * REMARKS: This function maps to the win32 DuplicateHandle.
4909 IN HANDLE SourceProcessHandle
,
4910 IN HANDLE SourceHandle
,
4911 IN HANDLE TargetProcessHandle
,
4912 OUT PHANDLE TargetHandle
,
4913 IN ACCESS_MASK DesiredAccess
,
4914 IN BOOLEAN InheritHandle
,
4921 IN HANDLE SourceProcessHandle
,
4922 IN PHANDLE SourceHandle
,
4923 IN HANDLE TargetProcessHandle
,
4924 OUT PHANDLE TargetHandle
,
4925 IN ACCESS_MASK DesiredAccess
,
4926 IN BOOLEAN InheritHandle
,
4931 * FUNCTION: Checks a clients access rights to a object and issues a audit a alarm. ( it logs the access )
4933 * SubsystemName = Specifies the name of the subsystem, can be "WIN32" or "DEBUG"
4937 * SecurityDescriptor =
4944 * REMARKS: The arguments map to the win32 AccessCheck
4950 ZwAccessCheckAndAuditAlarm(
4951 IN PUNICODE_STRING SubsystemName
,
4952 IN PHANDLE ObjectHandle
,
4953 IN PUNICODE_STRING ObjectTypeName
,
4954 IN PUNICODE_STRING ObjectName
,
4955 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
4956 IN ACCESS_MASK DesiredAccess
,
4957 IN PGENERIC_MAPPING GenericMapping
,
4958 IN BOOLEAN ObjectCreation
,
4959 OUT PACCESS_MASK GrantedAccess
,
4960 OUT PNTSTATUS AccessStatus
,
4961 OUT PBOOLEAN GenerateOnClose
4965 * FUNCTION: Adds an atom to the global atom table
4967 * AtomString = The string to add to the atom table.
4968 * Atom (OUT) = Caller supplies storage for the resulting atom.
4969 * REMARKS: The arguments map to the win32 add GlobalAddAtom.
4976 IN OUT PRTL_ATOM Atom
4984 IN OUT PRTL_ATOM Atom
4990 PULARGE_INTEGER Time
,
4998 PULARGE_INTEGER Time
,
5006 IN HANDLE TimerHandle
,
5007 OUT ULONG ElapsedTime
5011 * FUNCTION: Creates a paging file.
5013 * FileName = Name of the pagefile
5014 * InitialSize = Specifies the initial size in bytes
5015 * MaximumSize = Specifies the maximum size in bytes
5016 * Reserved = Reserved for future use
5022 IN PUNICODE_STRING FileName
,
5023 IN PLARGE_INTEGER InitialSize
,
5024 IN PLARGE_INTEGER MaxiumSize
,
5029 * FUNCTION: Creates a user mode thread
5031 * ThreadHandle (OUT) = Caller supplied storage for the resulting handle
5032 * DesiredAccess = Specifies the allowed or desired access to the thread.
5033 * ObjectAttributes = Initialized attributes for the object.
5034 * ProcessHandle = Handle to the threads parent process.
5035 * ClientId (OUT) = Caller supplies storage for returned process id and thread id.
5036 * ThreadContext = Initial processor context for the thread.
5037 * InitialTeb = Initial user mode stack context for the thread.
5038 * CreateSuspended = Specifies if the thread is ready for scheduling
5040 * This function maps to the win32 function CreateThread.
5046 OUT PHANDLE ThreadHandle
,
5047 IN ACCESS_MASK DesiredAccess
,
5048 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
5049 IN HANDLE ProcessHandle
,
5050 OUT PCLIENT_ID ClientId
,
5051 IN PCONTEXT ThreadContext
,
5052 IN PUSER_STACK UserStack
,
5053 IN BOOLEAN CreateSuspended
5059 IN HANDLE ExistingToken
,
5060 IN ACCESS_MASK DesiredAccess
,
5061 IN POBJECT_ATTRIBUTES ObjectAttributes
,
5062 IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
,
5063 IN TOKEN_TYPE TokenType
,
5064 OUT PHANDLE NewToken
5070 IN HANDLE ExistingToken
,
5071 IN ACCESS_MASK DesiredAccess
,
5072 IN POBJECT_ATTRIBUTES ObjectAttributes
,
5073 IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
,
5074 IN TOKEN_TYPE TokenType
,
5075 OUT PHANDLE NewToken
5079 * FUNCTION: Finds a atom
5081 * AtomName = Name to search for.
5082 * Atom = Caller supplies storage for the resulting atom
5085 * This funciton maps to the win32 GlobalFindAtom
5091 OUT PRTL_ATOM Atom OPTIONAL
5098 OUT PRTL_ATOM Atom OPTIONAL
5102 * FUNCTION: Flushes a the processors instruction cache
5104 * ProcessHandle = Points to the process owning the cache
5105 * BaseAddress = // might this be a image address ????
5106 * NumberOfBytesToFlush =
5109 * This funciton is used by debuggers
5113 ZwFlushInstructionCache(
5114 IN HANDLE ProcessHandle
,
5115 IN PVOID BaseAddress
,
5116 IN UINT NumberOfBytesToFlush
5120 * FUNCTION: Flushes virtual memory to file
5122 * ProcessHandle = Points to the process that allocated the virtual memory
5123 * BaseAddress = Points to the memory address
5124 * NumberOfBytesToFlush = Limits the range to flush,
5125 * NumberOfBytesFlushed = Actual number of bytes flushed
5128 * Check return status on STATUS_NOT_MAPPED_DATA
5132 ZwFlushVirtualMemory(
5133 IN HANDLE ProcessHandle
,
5134 IN PVOID BaseAddress
,
5135 IN ULONG NumberOfBytesToFlush
,
5136 OUT PULONG NumberOfBytesFlushed OPTIONAL
5140 * FUNCTION: Retrieves the uptime of the system
5142 * UpTime = Number of clock ticks since boot.
5152 * FUNCTION: Loads a registry key.
5154 * KeyObjectAttributes = Key to be loaded
5155 * FileObjectAttributes = File to load the key from
5157 * This procedure maps to the win32 procedure RegLoadKey
5163 IN POBJECT_ATTRIBUTES KeyObjectAttributes
,
5164 IN POBJECT_ATTRIBUTES FileObjectAttributes
5168 * FUNCTION: Locks a range of virtual memory.
5170 * ProcessHandle = Handle to the process
5171 * BaseAddress = Lower boundary of the range of bytes to lock.
5172 * NumberOfBytesLock = Offset to the upper boundary.
5173 * NumberOfBytesLocked (OUT) = Number of bytes actually locked.
5175 This procedure maps to the win32 procedure VirtualLock.
5176 * RETURNS: Status [STATUS_SUCCESS | STATUS_WAS_LOCKED ]
5180 ZwLockVirtualMemory(
5181 HANDLE ProcessHandle
,
5183 ULONG NumberOfBytesToLock
,
5184 PULONG NumberOfBytesLocked
5189 ZwOpenObjectAuditAlarm(
5190 IN PUNICODE_STRING SubsystemName
,
5192 IN PUNICODE_STRING ObjectTypeName
,
5193 IN PUNICODE_STRING ObjectName
,
5194 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5195 IN HANDLE ClientToken
,
5196 IN ULONG DesiredAccess
,
5197 IN ULONG GrantedAccess
,
5198 IN PPRIVILEGE_SET Privileges
,
5199 IN BOOLEAN ObjectCreation
,
5200 IN BOOLEAN AccessGranted
,
5201 OUT PBOOLEAN GenerateOnClose
5205 * FUNCTION: Set the access protection of a range of virtual memory
5207 * ProcessHandle = Handle to process owning the virtual address space
5208 * BaseAddress = Start address
5209 * NumberOfBytesToProtect = Delimits the range of virtual memory
5210 * for which the new access protection holds
5211 * NewAccessProtection = The new access proctection for the pages
5212 * OldAccessProtection = Caller should supply storage for the old
5216 * The function maps to the win32 VirtualProtectEx
5221 ZwProtectVirtualMemory(
5222 IN HANDLE ProcessHandle
,
5223 IN PVOID BaseAddress
,
5224 IN ULONG NumberOfBytesToProtect
,
5225 IN ULONG NewAccessProtection
,
5226 OUT PULONG OldAccessProtection
5231 NtQueryInformationAtom(
5233 IN ATOM_INFORMATION_CLASS AtomInformationClass
,
5234 OUT PVOID AtomInformation
,
5235 IN ULONG AtomInformationLength
,
5236 OUT PULONG ReturnLength OPTIONAL
5241 ZwQueryInformationAtom(
5243 IN ATOM_INFORMATION_CLASS AtomInformationClass
,
5244 OUT PVOID AtomInformation
,
5245 IN ULONG AtomInformationLength
,
5246 OUT PULONG ReturnLength OPTIONAL
5250 * FUNCTION: Query information about the content of a directory object
5253 Buffer = Buffer must be large enough to hold the name strings too
5254 ReturnSingleEntry = If TRUE :return the index of the next object in this directory in ObjectIndex
5255 If FALSE: return the number of objects in this directory in ObjectIndex
5256 RestartScan = If TRUE: ignore input value of ObjectIndex always start at index 0
5257 If FALSE use input value of ObjectIndex
5258 Context = zero based index of object in the directory depends on GetNextIndex and IgnoreInputIndex
5259 ReturnLength = Actual size of the ObjectIndex ???
5264 ZwQueryDirectoryObject(
5265 IN HANDLE DirectoryHandle
,
5267 IN ULONG BufferLength
,
5268 IN BOOLEAN ReturnSingleEntry
,
5269 IN BOOLEAN RestartScan
,
5270 IN OUT PULONG Context
,
5271 OUT PULONG ReturnLength OPTIONAL
5275 * FUNCTION: Queries the information of a process object.
5277 * ProcessHandle = Handle to the process object
5278 * ProcessInformation = Index to a certain information structure
5280 ProcessBasicInformation PROCESS_BASIC_INFORMATION
5281 ProcessQuotaLimits QUOTA_LIMITS
5282 ProcessIoCounters IO_COUNTERS
5283 ProcessVmCounters VM_COUNTERS
5284 ProcessTimes KERNEL_USER_TIMES
5285 ProcessBasePriority KPRIORITY
5286 ProcessRaisePriority KPRIORITY
5287 ProcessDebugPort HANDLE
5288 ProcessExceptionPort HANDLE
5289 ProcessAccessToken PROCESS_ACCESS_TOKEN
5290 ProcessLdtInformation LDT_ENTRY ??
5291 ProcessLdtSize ULONG
5292 ProcessDefaultHardErrorMode ULONG
5293 ProcessIoPortHandlers // kernel mode only
5294 ProcessPooledUsageAndLimits POOLED_USAGE_AND_LIMITS
5295 ProcessWorkingSetWatch PROCESS_WS_WATCH_INFORMATION
5296 ProcessUserModeIOPL (I/O Privilege Level)
5297 ProcessEnableAlignmentFaultFixup BOOLEAN
5298 ProcessPriorityClass ULONG
5299 ProcessWx86Information ULONG
5300 ProcessHandleCount ULONG
5301 ProcessAffinityMask ULONG
5302 ProcessPooledQuotaLimits QUOTA_LIMITS
5305 * ProcessInformation = Caller supplies storage for the process information structure
5306 * ProcessInformationLength = Size of the process information structure
5307 * ReturnLength = Actual number of bytes written
5310 * This procedure maps to the win32 GetProcessTimes, GetProcessVersion,
5311 GetProcessWorkingSetSize, GetProcessPriorityBoost, GetProcessAffinityMask, GetPriorityClass,
5312 GetProcessShutdownParameters functions.
5318 NtQueryInformationProcess(
5319 IN HANDLE ProcessHandle
,
5320 IN CINT ProcessInformationClass
,
5321 OUT PVOID ProcessInformation
,
5322 IN ULONG ProcessInformationLength
,
5323 OUT PULONG ReturnLength
5328 ZwQueryInformationProcess(
5329 IN HANDLE ProcessHandle
,
5330 IN CINT ProcessInformationClass
,
5331 OUT PVOID ProcessInformation
,
5332 IN ULONG ProcessInformationLength
,
5333 OUT PULONG ReturnLength
5337 * FUNCTION: Query the interval and the clocksource for profiling
5345 ZwQueryIntervalProfile(
5346 OUT PULONG Interval
,
5347 OUT KPROFILE_SOURCE ClockSource
5351 * FUNCTION: Queries the information of a object.
5353 ObjectHandle = Handle to a object
5354 ObjectInformationClass = Index to a certain information structure
5356 ObjectBasicInformation
5357 ObjectTypeInformation OBJECT_TYPE_INFORMATION
5358 ObjectNameInformation OBJECT_NAME_INFORMATION
5359 ObjectDataInformation OBJECT_DATA_INFORMATION
5361 ObjectInformation = Caller supplies storage for resulting information
5362 Length = Size of the supplied storage
5363 ResultLength = Bytes written
5369 IN HANDLE ObjectHandle
,
5370 IN CINT ObjectInformationClass
,
5371 OUT PVOID ObjectInformation
,
5373 OUT PULONG ResultLength
5378 NtQuerySecurityObject(
5380 IN SECURITY_INFORMATION SecurityInformation
,
5381 OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
5383 OUT PULONG ResultLength
5388 ZwQuerySecurityObject(
5390 IN SECURITY_INFORMATION SecurityInformation
,
5391 OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
5393 OUT PULONG ResultLength
5397 * FUNCTION: Queries the virtual memory information.
5399 ProcessHandle = Process owning the virtual address space
5400 BaseAddress = Points to the page where the information is queried for.
5401 * VirtualMemoryInformationClass = Index to a certain information structure
5403 MemoryBasicInformation MEMORY_BASIC_INFORMATION
5405 * VirtualMemoryInformation = caller supplies storage for the information structure
5406 * Length = size of the structure
5407 ResultLength = Data written
5414 ZwQueryVirtualMemory(
5415 IN HANDLE ProcessHandle
,
5417 IN IN CINT VirtualMemoryInformationClass
,
5418 OUT PVOID VirtualMemoryInformation
,
5420 OUT PULONG ResultLength
5424 * FUNCTION: Raises a hard error (stops the system)
5426 * Status = Status code of the hard error
5447 * FUNCTION: Sets the information of a registry key.
5449 * KeyHandle = Handle to the registry key
5450 * KeyInformationClass = Index to the a certain information structure.
5451 Can be one of the following values:
5453 * KeyWriteTimeInformation KEY_WRITE_TIME_INFORMATION
5455 KeyInformation = Storage for the new information
5456 * KeyInformationLength = Size of the information strucure
5462 ZwSetInformationKey(
5463 IN HANDLE KeyHandle
,
5464 IN CINT KeyInformationClass
,
5465 IN PVOID KeyInformation
,
5466 IN ULONG KeyInformationLength
5470 * FUNCTION: Changes a set of object specific parameters
5473 * ObjectInformationClass = Index to the set of parameters to change.
5476 ObjectBasicInformation
5477 ObjectTypeInformation OBJECT_TYPE_INFORMATION
5478 ObjectAllInformation
5479 ObjectDataInformation OBJECT_DATA_INFORMATION
5480 ObjectNameInformation OBJECT_NAME_INFORMATION
5483 * ObjectInformation = Caller supplies storage for parameters to set.
5484 * Length = Size of the storage supplied
5489 ZwSetInformationObject(
5490 IN HANDLE ObjectHandle
,
5491 IN CINT ObjectInformationClass
,
5492 IN PVOID ObjectInformation
,
5497 * FUNCTION: Changes a set of process specific parameters
5499 * ProcessHandle = Handle to the process
5500 * ProcessInformationClass = Index to a information structure.
5502 * ProcessBasicInformation PROCESS_BASIC_INFORMATION
5503 * ProcessQuotaLimits QUOTA_LIMITS
5504 * ProcessBasePriority KPRIORITY
5505 * ProcessRaisePriority KPRIORITY
5506 * ProcessDebugPort HANDLE
5507 * ProcessExceptionPort HANDLE
5508 * ProcessAccessToken PROCESS_ACCESS_TOKEN
5509 * ProcessDefaultHardErrorMode ULONG
5510 * ProcessPriorityClass ULONG
5511 * ProcessAffinityMask KAFFINITY //??
5513 * ProcessInformation = Caller supplies storage for information to set.
5514 * ProcessInformationLength = Size of the information structure
5519 NtSetInformationProcess(
5520 IN HANDLE ProcessHandle
,
5521 IN CINT ProcessInformationClass
,
5522 IN PVOID ProcessInformation
,
5523 IN ULONG ProcessInformationLength
5528 ZwSetInformationProcess(
5529 IN HANDLE ProcessHandle
,
5530 IN CINT ProcessInformationClass
,
5531 IN PVOID ProcessInformation
,
5532 IN ULONG ProcessInformationLength
5536 * FUNCTION: Sets the characteristics of a timer
5538 * TimerHandle = Handle to the timer
5539 * DueTime = Time before the timer becomes signalled for the first time.
5540 * TimerApcRoutine = Completion routine can be called on time completion
5541 * TimerContext = Argument to the completion routine
5542 * Resume = Specifies if the timer should repeated after completing one cycle
5543 * Period = Cycle of the timer
5544 * REMARKS: This routine maps to the win32 SetWaitableTimer.
5550 IN HANDLE TimerHandle
,
5551 IN PLARGE_INTEGER DueTime
,
5552 IN PTIMERAPCROUTINE TimerApcRoutine
,
5553 IN PVOID TimerContext
,
5555 IN ULONG Period OPTIONAL
,
5556 OUT PBOOLEAN PreviousState OPTIONAL
5560 * FUNCTION: Unloads a registry key.
5562 * KeyHandle = Handle to the registry key
5564 * This procedure maps to the win32 procedure RegUnloadKey
5570 IN POBJECT_ATTRIBUTES KeyObjectAttributes
5574 * FUNCTION: Unlocks a range of virtual memory.
5576 * ProcessHandle = Handle to the process
5577 * BaseAddress = Lower boundary of the range of bytes to unlock.
5578 * NumberOfBytesToUnlock = Offset to the upper boundary to unlock.
5579 * NumberOfBytesUnlocked (OUT) = Number of bytes actually unlocked.
5581 This procedure maps to the win32 procedure VirtualUnlock
5582 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PAGE_WAS_ULOCKED ]
5586 ZwUnlockVirtualMemory(
5587 IN HANDLE ProcessHandle
,
5588 IN PVOID BaseAddress
,
5589 IN ULONG NumberOfBytesToUnlock
,
5590 OUT PULONG NumberOfBytesUnlocked OPTIONAL
5594 * FUNCTION: Waits for multiple objects to become signalled.
5596 * Count = The number of objects
5597 * Object = The array of object handles
5598 * WaitType = Can be one of the values UserMode or KernelMode
5599 * Alertable = If true the wait is alertable.
5600 * Time = The maximum wait time.
5602 * This function maps to the win32 WaitForMultipleObjectEx.
5607 ZwWaitForMultipleObjects (
5610 IN WAIT_TYPE WaitType
,
5611 IN BOOLEAN Alertable
,
5612 IN PLARGE_INTEGER Time
5616 * FUNCTION: Creates a profile
5618 * ProfileHandle (OUT) = Caller supplied storage for the resulting handle
5619 * ObjectAttribute = Initialized attributes for the object
5620 * ImageBase = Start address of executable image
5621 * ImageSize = Size of the image
5622 * Granularity = Bucket size
5623 * Buffer = Caller supplies buffer for profiling info
5624 * ProfilingSize = Buffer size
5625 * ClockSource = Specify 0 / FALSE ??
5626 * ProcessorMask = A value of -1 indicates disables per processor profiling,
5627 otherwise bit set for the processor to profile.
5629 * This function maps to the win32 CreateProcess.
5636 OUT PHANDLE ProfileHandle
,
5637 IN POBJECT_ATTRIBUTES ObjectAttributes
,
5640 IN ULONG Granularity
,
5642 IN ULONG ProfilingSize
,
5643 IN ULONG ClockSource
,
5644 IN ULONG ProcessorMask
5648 * FUNCTION: Delays the execution of the calling thread.
5650 * Alertable = If TRUE the thread is alertable during is wait period
5651 * Interval = Specifies the interval to wait.
5657 IN BOOLEAN Alertable
,
5662 * FUNCTION: Extends a section
5664 * SectionHandle = Handle to the section
5665 * NewMaximumSize = Adjusted size
5671 IN HANDLE SectionHandle
,
5672 IN ULONG NewMaximumSize
5676 * FUNCTION: Queries the information of a section object.
5678 * SectionHandle = Handle to the section link object
5679 * SectionInformationClass = Index to a certain information structure
5680 * SectionInformation (OUT)= Caller supplies storage for resulting information
5681 * Length = Size of the supplied storage
5682 * ResultLength = Data written
5689 IN HANDLE SectionHandle
,
5690 IN CINT SectionInformationClass
,
5691 OUT PVOID SectionInformation
,
5693 OUT PULONG ResultLength
5696 typedef struct _SECTION_IMAGE_INFORMATION
5703 USHORT MinorSubsystemVersion
;
5704 USHORT MajorSubsystemVersion
;
5706 ULONG Characteristics
;
5711 } SECTION_IMAGE_INFORMATION
, *PSECTION_IMAGE_INFORMATION
;
5713 #endif /* !__USE_W32API */
5716 * FUNCTION: Loads a registry key.
5718 * KeyObjectAttributes = Key to be loaded
5719 * FileObjectAttributes = File to load the key from
5722 * This procedure maps to the win32 procedure RegLoadKey
5728 IN POBJECT_ATTRIBUTES KeyObjectAttributes
,
5729 IN POBJECT_ATTRIBUTES FileObjectAttributes
,
5736 IN POBJECT_ATTRIBUTES KeyObjectAttributes
,
5737 IN POBJECT_ATTRIBUTES FileObjectAttributes
,
5742 * FUNCTION: Retrieves the system time
5744 * CurrentTime (OUT) = Caller should supply storage for the resulting time.
5752 OUT PLARGE_INTEGER CurrentTime
5756 * FUNCTION: Queries the information of a object.
5758 ObjectHandle = Handle to a object
5759 ObjectInformationClass = Index to a certain information structure
5761 ObjectBasicInformation
5762 ObjectTypeInformation OBJECT_TYPE_INFORMATION
5763 ObjectNameInformation OBJECT_NAME_INFORMATION
5764 ObjectDataInformation OBJECT_DATA_INFORMATION
5766 ObjectInformation = Caller supplies storage for resulting information
5767 Length = Size of the supplied storage
5768 ResultLength = Bytes written
5774 IN HANDLE ObjectHandle
,
5775 IN CINT ObjectInformationClass
,
5776 OUT PVOID ObjectInformation
,
5778 OUT PULONG ResultLength
5781 /* BEGIN REACTOS ONLY */
5784 ExInitializeBinaryTree(IN PBINARY_TREE Tree
,
5785 IN PKEY_COMPARATOR Compare
,
5786 IN BOOLEAN UseNonPagedPool
);
5789 ExDeleteBinaryTree(IN PBINARY_TREE Tree
);
5792 ExInsertBinaryTree(IN PBINARY_TREE Tree
,
5797 ExSearchBinaryTree(IN PBINARY_TREE Tree
,
5802 ExRemoveBinaryTree(IN PBINARY_TREE Tree
,
5807 ExTraverseBinaryTree(IN PBINARY_TREE Tree
,
5808 IN TRAVERSE_METHOD Method
,
5809 IN PTRAVERSE_ROUTINE Routine
,
5813 ExInitializeSplayTree(IN PSPLAY_TREE Tree
,
5814 IN PKEY_COMPARATOR Compare
,
5815 IN BOOLEAN Weighted
,
5816 IN BOOLEAN UseNonPagedPool
);
5819 ExDeleteSplayTree(IN PSPLAY_TREE Tree
);
5822 ExInsertSplayTree(IN PSPLAY_TREE Tree
,
5827 ExSearchSplayTree(IN PSPLAY_TREE Tree
,
5832 ExRemoveSplayTree(IN PSPLAY_TREE Tree
,
5837 ExWeightOfSplayTree(IN PSPLAY_TREE Tree
,
5841 ExTraverseSplayTree(IN PSPLAY_TREE Tree
,
5842 IN TRAVERSE_METHOD Method
,
5843 IN PTRAVERSE_ROUTINE Routine
,
5847 ExInitializeHashTable(IN PHASH_TABLE HashTable
,
5848 IN ULONG HashTableSize
,
5849 IN PKEY_COMPARATOR Compare OPTIONAL
,
5850 IN BOOLEAN UseNonPagedPool
);
5853 ExDeleteHashTable(IN PHASH_TABLE HashTable
);
5856 ExInsertHashTable(IN PHASH_TABLE HashTable
,
5862 ExSearchHashTable(IN PHASH_TABLE HashTable
,
5868 ExRemoveHashTable(IN PHASH_TABLE HashTable
,
5873 /* END REACTOS ONLY */
5875 #endif /* __DDK_ZW_H */