3 * COPYRIGHT: See COPYING in the top level directory
4 * PROJECT: ReactOS kernel
5 * PURPOSE: System call definitions
6 * FILE: include/ddk/zw.h
8 * ??/??/??: First few functions (David Welch)
9 * ??/??/??: Complete implementation by Ariadne
10 * 13/07/98: Reorganised things a bit (David Welch)
11 * 04/08/98: Added some documentation (Ariadne)
12 * 14/08/98: Added type TIME and change variable type from [1] to [0]
13 * 14/09/98: Added for each Nt call a corresponding Zw Call
14 * 09/08/03: Added ThreadEventPair routines
20 #include <ntos/security.h>
21 #include <ntos/zwtypes.h>
22 #include <napi/npipe.h>
24 #ifndef _RTLGETPROCESSHEAP_DEFINED_
25 #define _RTLGETPROCESSHEAP_DEFINED_
26 #define RtlGetProcessHeap() (NtCurrentPeb()->ProcessHeap)
29 // semaphore information
31 typedef enum _SEMAPHORE_INFORMATION_CLASS
33 SemaphoreBasicInformation
= 0
34 } SEMAPHORE_INFORMATION_CLASS
;
36 typedef struct _SEMAPHORE_BASIC_INFORMATION
40 } SEMAPHORE_BASIC_INFORMATION
, *PSEMAPHORE_BASIC_INFORMATION
;
44 typedef enum _EVENT_INFORMATION_CLASS
46 EventBasicInformation
= 0
47 } EVENT_INFORMATION_CLASS
;
49 typedef struct _EVENT_BASIC_INFORMATION
53 } EVENT_BASIC_INFORMATION
, *PEVENT_BASIC_INFORMATION
;
55 // wmi trace event data
56 typedef struct _EVENT_TRACE_HEADER
{
59 USHORT FieldTypeFlags
;
75 LARGE_INTEGER TimeStamp
;
89 ULONG64 ProcessorTime
;
91 } EVENT_TRACE_HEADER
, *PEVENT_TRACE_HEADER
;
94 typedef struct _FILE_USER_QUOTA_INFORMATION
{
95 ULONG NextEntryOffset
;
97 LARGE_INTEGER ChangeTime
;
98 LARGE_INTEGER QuotaUsed
;
99 LARGE_INTEGER QuotaThreshold
;
100 LARGE_INTEGER QuotaLimit
;
102 } FILE_USER_QUOTA_INFORMATION
, *PFILE_USER_QUOTA_INFORMATION
;
106 //#define SECURITY_INFORMATION ULONG
107 //typedef ULONG SECURITY_INFORMATION;
109 #ifndef __USE_NT_LPC__
111 NtAcceptConnectPort (PHANDLE PortHandle
,
112 HANDLE NamedPortHandle
,
113 PLPC_MESSAGE ServerReply
,
115 PLPC_SECTION_WRITE WriteMap
,
116 PLPC_SECTION_READ ReadMap
);
119 NtAcceptConnectPort (PHANDLE PortHandle
,
120 ULONG PortIdentifier
,
121 PLPC_MESSAGE ServerReply
,
123 PLPC_SECTION_WRITE WriteMap
,
124 PLPC_SECTION_READ ReadMap
);
125 #endif /* ndef __USE_NT_LPC__ */
130 IN PUNICODE_STRING EntryName
,
131 IN PUNICODE_STRING EntryValue
137 IN PUNICODE_STRING EntryName
,
138 IN PUNICODE_STRING EntryValue
142 * FUNCTION: Adjusts the groups in an access token
144 * TokenHandle = Specifies the access token
145 * ResetToDefault = If true the NewState parameter is ignored and the groups are set to
146 * their default state, if false the groups specified in
149 * BufferLength = Specifies the size of the buffer for the PreviousState.
151 * ReturnLength = Bytes written in PreviousState buffer.
152 * REMARKS: The arguments map to the win32 AdjustTokenGroups
159 IN HANDLE TokenHandle
,
160 IN BOOLEAN ResetToDefault
,
161 IN PTOKEN_GROUPS NewState
,
162 IN ULONG BufferLength
,
163 OUT PTOKEN_GROUPS PreviousState OPTIONAL
,
164 OUT PULONG ReturnLength
170 IN HANDLE TokenHandle
,
171 IN BOOLEAN ResetToDefault
,
172 IN PTOKEN_GROUPS NewState
,
173 IN ULONG BufferLength
,
174 OUT PTOKEN_GROUPS PreviousState
,
175 OUT PULONG ReturnLength
183 * TokenHandle = Handle to the access token
184 * DisableAllPrivileges = The resulting suspend count.
190 * The arguments map to the win32 AdjustTokenPrivileges
196 NtAdjustPrivilegesToken(
197 IN HANDLE TokenHandle
,
198 IN BOOLEAN DisableAllPrivileges
,
199 IN PTOKEN_PRIVILEGES NewState
,
200 IN ULONG BufferLength
,
201 OUT PTOKEN_PRIVILEGES PreviousState
,
202 OUT PULONG ReturnLength
207 ZwAdjustPrivilegesToken(
208 IN HANDLE TokenHandle
,
209 IN BOOLEAN DisableAllPrivileges
,
210 IN PTOKEN_PRIVILEGES NewState
,
211 IN ULONG BufferLength
,
212 OUT PTOKEN_PRIVILEGES PreviousState
,
213 OUT PULONG ReturnLength
218 * FUNCTION: Decrements a thread's suspend count and places it in an alerted
221 * ThreadHandle = Handle to the thread that should be resumed
222 * SuspendCount = The resulting suspend count.
224 * A thread is resumed if its suspend count is 0
230 IN HANDLE ThreadHandle
,
231 OUT PULONG SuspendCount
237 IN HANDLE ThreadHandle
,
238 OUT PULONG SuspendCount
242 * FUNCTION: Puts the thread in a alerted state
244 * ThreadHandle = Handle to the thread that should be alerted
250 IN HANDLE ThreadHandle
256 IN HANDLE ThreadHandle
261 * FUNCTION: Allocates a locally unique id
263 * LocallyUniqueId = Locally unique number
268 NtAllocateLocallyUniqueId(
269 OUT LUID
*LocallyUniqueId
274 ZwAllocateLocallyUniqueId(
279 * FUNCTION: Allocates a block of virtual memory in the process address space
281 * ProcessHandle = The handle of the process which owns the virtual memory
282 * BaseAddress = A pointer to the virtual memory allocated. If you supply a non zero
283 * value the system will try to allocate the memory at the address supplied. It rounds
284 * it down to a multiple if the page size.
285 * ZeroBits = (OPTIONAL) You can specify the number of high order bits that must be zero, ensuring that
286 * the memory will be allocated at a address below a certain value.
287 * RegionSize = The number of bytes to allocate
288 * AllocationType = Indicates the type of virtual memory you like to allocated,
289 * can be one of the values : MEM_COMMIT, MEM_RESERVE, MEM_RESET, MEM_TOP_DOWN
290 * Protect = Indicates the protection type of the pages allocated, can be a combination of
291 * PAGE_READONLY, PAGE_READWRITE, PAGE_EXECUTE_READ,
292 * PAGE_EXECUTE_READWRITE, PAGE_GUARD, PAGE_NOACCESS, PAGE_NOACCESS
294 * This function maps to the win32 VirtualAllocEx. Virtual memory is process based so the
295 * protocol starts with a ProcessHandle. I splitted the functionality of obtaining the actual address and specifying
296 * the start address in two parameters ( BaseAddress and StartAddress ) The NumberOfBytesAllocated specify the range
297 * and the AllocationType and ProctectionType map to the other two parameters.
302 NtAllocateVirtualMemory (
303 IN HANDLE ProcessHandle
,
304 IN OUT PVOID
*BaseAddress
,
306 IN OUT PULONG RegionSize
,
307 IN ULONG AllocationType
,
313 ZwAllocateVirtualMemory (
314 IN HANDLE ProcessHandle
,
315 IN OUT PVOID
*BaseAddress
,
317 IN OUT PULONG RegionSize
,
318 IN ULONG AllocationType
,
325 NtAssignProcessToJobObject(
327 HANDLE ProcessHandle
);
331 ZwAssignProcessToJobObject(
333 HANDLE ProcessHandle
);
336 * FUNCTION: Returns from a callback into user mode
340 //FIXME: this function might need 3 parameters
341 NTSTATUS STDCALL
NtCallbackReturn(PVOID Result
,
345 NTSTATUS STDCALL
ZwCallbackReturn(PVOID Result
,
350 * FUNCTION: Cancels a IO request
352 * FileHandle = Handle to the file
356 * This function maps to the win32 CancelIo.
362 IN HANDLE FileHandle
,
363 OUT PIO_STATUS_BLOCK IoStatusBlock
369 IN HANDLE FileHandle
,
370 OUT PIO_STATUS_BLOCK IoStatusBlock
374 * FUNCTION: Sets the status of the event back to non-signaled
376 * EventHandle = Handle to the event
378 * This function maps to win32 function ResetEvent.
385 IN HANDLE EventHandle
391 IN HANDLE EventHandle
398 ACCESS_MASK DesiredAccess
,
399 POBJECT_ATTRIBUTES ObjectAttributes
406 ACCESS_MASK DesiredAccess
,
407 POBJECT_ATTRIBUTES ObjectAttributes
412 * FUNCTION: Closes an object handle
414 * Handle = Handle to the object
416 * This function maps to the win32 function CloseHandle.
433 * FUNCTION: Generates an audit message when a handle to an object is dereferenced
436 HandleId = Handle to the object
439 * This function maps to the win32 function ObjectCloseAuditAlarm.
445 NtCloseObjectAuditAlarm(
446 IN PUNICODE_STRING SubsystemName
,
448 IN BOOLEAN GenerateOnClose
453 ZwCloseObjectAuditAlarm(
454 IN PUNICODE_STRING SubsystemName
,
456 IN BOOLEAN GenerateOnClose
461 NtCompleteConnectPort (HANDLE PortHandle
);
464 ZwCompleteConnectPort (HANDLE PortHandle
);
468 NtConnectPort(OUT PHANDLE PortHandle
,
469 IN PUNICODE_STRING PortName
,
470 IN PSECURITY_QUALITY_OF_SERVICE SecurityQos
,
471 IN OUT PLPC_SECTION_WRITE ClientSharedMemory OPTIONAL
,
472 OUT PLPC_SECTION_READ ServerSharedMemory OPTIONAL
,
473 OUT PULONG MaxMessageSize OPTIONAL
,
474 IN PVOID ConnectInfo OPTIONAL
,
475 IN PULONG ConnectInfoLength OPTIONAL
);
478 ZwConnectPort(OUT PHANDLE PortHandle
,
479 IN PUNICODE_STRING PortName
,
480 IN PSECURITY_QUALITY_OF_SERVICE SecurityQos
,
481 IN OUT PLPC_SECTION_WRITE ClientSharedMemory OPTIONAL
,
482 OUT PLPC_SECTION_READ ServerSharedMemory OPTIONAL
,
483 OUT PULONG MaxMessageSize OPTIONAL
,
484 IN PVOID ConnectInfo OPTIONAL
,
485 IN PULONG ConnectInfoLength OPTIONAL
);
488 NtSecureConnectPort(OUT PHANDLE PortHandle
,
489 IN PUNICODE_STRING PortName
,
490 IN PSECURITY_QUALITY_OF_SERVICE SecurityQos
,
491 IN OUT PLPC_SECTION_WRITE ClientSharedMemory OPTIONAL
,
492 IN PSID ServerSid OPTIONAL
,
493 OUT PLPC_SECTION_READ ServerSharedMemory OPTIONAL
,
494 OUT PULONG MaxMessageSize OPTIONAL
,
495 IN PVOID ConnectInfo OPTIONAL
,
496 IN PULONG ConnectInfoLength OPTIONAL
);
499 ZwSecureConnectPort(OUT PHANDLE PortHandle
,
500 IN PUNICODE_STRING PortName
,
501 IN PSECURITY_QUALITY_OF_SERVICE SecurityQos
,
502 IN OUT PLPC_SECTION_WRITE ClientSharedMemory OPTIONAL
,
503 IN PSID ServerSid OPTIONAL
,
504 OUT PLPC_SECTION_READ ServerSharedMemory OPTIONAL
,
505 OUT PULONG MaxMessageSize OPTIONAL
,
506 IN PVOID ConnectInfo OPTIONAL
,
507 IN PULONG ConnectInfoLength OPTIONAL
);
510 * FUNCTION: Creates a directory object
512 * DirectoryHandle (OUT) = Caller supplied storage for the resulting handle
513 * DesiredAccess = Specifies access to the directory
514 * ObjectAttribute = Initialized attributes for the object
515 * REMARKS: This function maps to the win32 CreateDirectory. A directory is like a file so it needs a
516 * handle, a access mask and a OBJECT_ATTRIBUTES structure to map the path name and the SECURITY_ATTRIBUTES.
522 NtCreateDirectoryObject(
523 OUT PHANDLE DirectoryHandle
,
524 IN ACCESS_MASK DesiredAccess
,
525 IN POBJECT_ATTRIBUTES ObjectAttributes
530 ZwCreateDirectoryObject(
531 OUT PHANDLE DirectoryHandle
,
532 IN ACCESS_MASK DesiredAccess
,
533 IN POBJECT_ATTRIBUTES ObjectAttributes
537 * FUNCTION: Creates an event object
539 * EventHandle (OUT) = Caller supplied storage for the resulting handle
540 * DesiredAccess = Specifies access to the event
541 * ObjectAttribute = Initialized attributes for the object
542 * ManualReset = manual-reset or auto-reset if true you have to reset the state of the event manually
543 * using NtResetEvent/NtClearEvent. if false the system will reset the event to a non-signalled state
544 * automatically after the system has rescheduled a thread waiting on the event.
545 * InitialState = specifies the initial state of the event to be signaled ( TRUE ) or non-signalled (FALSE).
546 * REMARKS: This function maps to the win32 CreateEvent. Demanding a out variable of type HANDLE,
547 * a access mask and a OBJECT_ATTRIBUTES structure mapping to the SECURITY_ATTRIBUTES. ManualReset and InitialState are
548 * both parameters aswell ( possibly the order is reversed ).
555 OUT PHANDLE EventHandle
,
556 IN ACCESS_MASK DesiredAccess
,
557 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
558 IN EVENT_TYPE EventType
,
559 IN BOOLEAN InitialState
565 OUT PHANDLE EventHandle
,
566 IN ACCESS_MASK DesiredAccess
,
567 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
568 IN EVENT_TYPE EventType
,
569 IN BOOLEAN InitialState
573 * FUNCTION: Creates an eventpair object
575 * EventPairHandle (OUT) = Caller supplied storage for the resulting handle
576 * DesiredAccess = Specifies access to the event
577 * ObjectAttribute = Initialized attributes for the object
583 OUT PHANDLE EventPairHandle
,
584 IN ACCESS_MASK DesiredAccess
,
585 IN POBJECT_ATTRIBUTES ObjectAttributes
591 OUT PHANDLE EventPairHandle
,
592 IN ACCESS_MASK DesiredAccess
,
593 IN POBJECT_ATTRIBUTES ObjectAttributes
598 * FUNCTION: Creates or opens a file, directory or device object.
600 * FileHandle (OUT) = Caller supplied storage for the resulting handle
601 * DesiredAccess = Specifies the allowed or desired access to the file can
602 * be a combination of DELETE | FILE_READ_DATA ..
603 * ObjectAttribute = Initialized attributes for the object, contains the rootdirectory and the filename
604 * IoStatusBlock (OUT) = Caller supplied storage for the resulting status information, indicating if the
605 * the file is created and opened or allready existed and is just opened.
606 * FileAttributes = file attributes can be a combination of FILE_ATTRIBUTE_READONLY | FILE_ATTRIBUTE_HIDDEN ...
607 * ShareAccess = can be a combination of the following: FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE
608 * CreateDisposition = specifies what the behavior of the system if the file allready exists.
609 * CreateOptions = specifies the behavior of the system on file creation.
610 * EaBuffer (OPTIONAL) = Extended Attributes buffer, applies only to files and directories.
611 * EaLength = Extended Attributes buffer size, applies only to files and directories.
612 * REMARKS: This function maps to the win32 CreateFile.
619 OUT PHANDLE FileHandle
,
620 IN ACCESS_MASK DesiredAccess
,
621 IN POBJECT_ATTRIBUTES ObjectAttributes
,
622 OUT PIO_STATUS_BLOCK IoStatusBlock
,
623 IN PLARGE_INTEGER AllocationSize OPTIONAL
,
624 IN ULONG FileAttributes
,
625 IN ULONG ShareAccess
,
626 IN ULONG CreateDisposition
,
627 IN ULONG CreateOptions
,
628 IN PVOID EaBuffer OPTIONAL
,
635 OUT PHANDLE FileHandle
,
636 IN ACCESS_MASK DesiredAccess
,
637 IN POBJECT_ATTRIBUTES ObjectAttributes
,
638 OUT PIO_STATUS_BLOCK IoStatusBlock
,
639 IN PLARGE_INTEGER AllocationSize OPTIONAL
,
640 IN ULONG FileAttributes
,
641 IN ULONG ShareAccess
,
642 IN ULONG CreateDisposition
,
643 IN ULONG CreateOptions
,
644 IN PVOID EaBuffer OPTIONAL
,
649 * FUNCTION: Creates or opens a file, directory or device object.
651 * CompletionPort (OUT) = Caller supplied storage for the resulting handle
652 * DesiredAccess = Specifies the allowed or desired access to the port
654 * NumberOfConcurrentThreads =
655 * REMARKS: This function maps to the win32 CreateIoCompletionPort
662 NtCreateIoCompletion(
663 OUT PHANDLE IoCompletionHandle
,
664 IN ACCESS_MASK DesiredAccess
,
665 IN POBJECT_ATTRIBUTES ObjectAttributes
,
666 IN ULONG NumberOfConcurrentThreads
671 ZwCreateIoCompletion(
672 OUT PHANDLE IoCompletionHandle
,
673 IN ACCESS_MASK DesiredAccess
,
674 IN POBJECT_ATTRIBUTES ObjectAttributes
,
675 IN ULONG NumberOfConcurrentThreads
679 * FUNCTION: Creates a registry key
681 * KeyHandle (OUT) = Caller supplied storage for the resulting handle
682 * DesiredAccess = Specifies the allowed or desired access to the key
683 * It can have a combination of the following values:
684 * KEY_READ | KEY_WRITE | KEY_EXECUTE | KEY_ALL_ACCESS
686 * KEY_QUERY_VALUE The values of the key can be queried.
687 * KEY_SET_VALUE The values of the key can be modified.
688 * KEY_CREATE_SUB_KEYS The key may contain subkeys.
689 * KEY_ENUMERATE_SUB_KEYS Subkeys can be queried.
691 * KEY_CREATE_LINK A symbolic link to the key can be created.
692 * ObjectAttributes = The name of the key may be specified directly in the name field
693 * of object attributes or relative to a key in rootdirectory.
694 * TitleIndex = Might specify the position in the sequential order of subkeys.
695 * Class = Specifies the kind of data, for example REG_SZ for string data. [ ??? ]
696 * CreateOptions = Specifies additional options with which the key is created
697 * REG_OPTION_VOLATILE The key is not preserved across boots.
698 * REG_OPTION_NON_VOLATILE The key is preserved accross boots.
699 * REG_OPTION_CREATE_LINK The key is a symbolic link to another key.
700 * REG_OPTION_BACKUP_RESTORE Key is being opened or created for backup/restore operations.
701 * Disposition = Indicates if the call to NtCreateKey resulted in the creation of a key it
702 * can have the following values: REG_CREATED_NEW_KEY | REG_OPENED_EXISTING_KEY
708 NtCreateKey(OUT PHANDLE KeyHandle
,
709 IN ACCESS_MASK DesiredAccess
,
710 IN POBJECT_ATTRIBUTES ObjectAttributes
,
712 IN PUNICODE_STRING Class OPTIONAL
,
713 IN ULONG CreateOptions
,
714 IN PULONG Disposition OPTIONAL
);
717 ZwCreateKey(OUT PHANDLE KeyHandle
,
718 IN ACCESS_MASK DesiredAccess
,
719 IN POBJECT_ATTRIBUTES ObjectAttributes
,
721 IN PUNICODE_STRING Class OPTIONAL
,
722 IN ULONG CreateOptions
,
723 IN PULONG Disposition OPTIONAL
);
726 * FUNCTION: Creates a mail slot file
728 * MailSlotFileHandle (OUT) = Caller supplied storage for the resulting handle
729 * DesiredAccess = Specifies the allowed or desired access to the file
730 * ObjectAttributes = Contains the name of the mailslotfile.
737 * REMARKS: This funciton maps to the win32 function CreateMailSlot
744 NtCreateMailslotFile(
745 OUT PHANDLE MailSlotFileHandle
,
746 IN ACCESS_MASK DesiredAccess
,
747 IN POBJECT_ATTRIBUTES ObjectAttributes
,
748 OUT PIO_STATUS_BLOCK IoStatusBlock
,
749 IN ULONG FileAttributes
,
750 IN ULONG ShareAccess
,
751 IN ULONG MaxMessageSize
,
752 IN PLARGE_INTEGER TimeOut
757 ZwCreateMailslotFile(
758 OUT PHANDLE MailSlotFileHandle
,
759 IN ACCESS_MASK DesiredAccess
,
760 IN POBJECT_ATTRIBUTES ObjectAttributes
,
761 OUT PIO_STATUS_BLOCK IoStatusBlock
,
762 IN ULONG FileAttributes
,
763 IN ULONG ShareAccess
,
764 IN ULONG MaxMessageSize
,
765 IN PLARGE_INTEGER TimeOut
769 * FUNCTION: Creates or opens a mutex
771 * MutantHandle (OUT) = Caller supplied storage for the resulting handle
772 * DesiredAccess = Specifies the allowed or desired access to the port
773 * ObjectAttributes = Contains the name of the mutex.
774 * InitialOwner = If true the calling thread acquires ownership
776 * REMARKS: This funciton maps to the win32 function CreateMutex
783 OUT PHANDLE MutantHandle
,
784 IN ACCESS_MASK DesiredAccess
,
785 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
786 IN BOOLEAN InitialOwner
792 OUT PHANDLE MutantHandle
,
793 IN ACCESS_MASK DesiredAccess
,
794 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
795 IN BOOLEAN InitialOwner
799 * FUNCTION: Creates a named pipe
801 * NamedPipeFileHandle (OUT) = Caller supplied storage for the
803 * DesiredAccess = Specifies the type of access that the caller
804 * requires to the file boject
805 * ObjectAttributes = Points to a structure that specifies the
807 * IoStatusBlock = Points to a variable that receives the final
808 * completion status and information
809 * ShareAccess = Specifies the limitations on sharing of the file.
810 * This parameter can be zero or any compatible
811 * combination of the following flags
814 * CreateDisposition = Specifies what to do depending on whether
815 * the file already exists. This must be one of
816 * the following values
820 * CreateOptions = Specifies the options to be applied when
821 * creating or opening the file, as a compatible
822 * combination of the following flags
824 * FILE_SYNCHRONOUS_IO_ALERT
825 * FILE_SYNCHRONOUS_IO_NONALERT
826 * TypeMessage = Specifies whether the data written to the pipe is
827 * interpreted as a sequence of messages or as a
829 * ReadModeMessage = Specifies whether the data read from the pipe
830 * is interpreted as a sequence of messages or as
832 * NonBlocking = Specifies whether non-blocking mode is enabled
833 * MaxInstances = Specifies the maximum number of instancs that can
834 * be created for this pipe
835 * InBufferSize = Specifies the number of bytes to reserve for the
837 * OutBufferSize = Specifies the number of bytes to reserve for the
839 * DefaultTimeout = Optionally points to a variable that specifies
840 * the default timeout value in units of
842 * REMARKS: This funciton maps to the win32 function CreateNamedPipe
847 NtCreateNamedPipeFile (OUT PHANDLE NamedPipeFileHandle
,
848 IN ACCESS_MASK DesiredAccess
,
849 IN POBJECT_ATTRIBUTES ObjectAttributes
,
850 OUT PIO_STATUS_BLOCK IoStatusBlock
,
851 IN ULONG ShareAccess
,
852 IN ULONG CreateDisposition
,
853 IN ULONG CreateOptions
,
854 IN ULONG NamedPipeType
,
856 IN ULONG CompletionMode
,
857 IN ULONG MaxInstances
,
858 IN ULONG InBufferSize
,
859 IN ULONG OutBufferSize
,
860 IN PLARGE_INTEGER DefaultTimeOut
);
863 ZwCreateNamedPipeFile (OUT PHANDLE NamedPipeFileHandle
,
864 IN ACCESS_MASK DesiredAccess
,
865 IN POBJECT_ATTRIBUTES ObjectAttributes
,
866 OUT PIO_STATUS_BLOCK IoStatusBlock
,
867 IN ULONG ShareAccess
,
868 IN ULONG CreateDisposition
,
869 IN ULONG CreateOptions
,
870 IN ULONG NamedPipeType
,
872 IN ULONG CompletionMode
,
873 IN ULONG MaxInstances
,
874 IN ULONG InBufferSize
,
875 IN ULONG OutBufferSize
,
876 IN PLARGE_INTEGER DefaultTimeOut
);
880 NtCreatePort (PHANDLE PortHandle
,
881 POBJECT_ATTRIBUTES ObjectAttributes
,
882 ULONG MaxConnectInfoLength
,
884 ULONG NPMessageQueueSize OPTIONAL
);
887 NtCreatePort (PHANDLE PortHandle
,
888 POBJECT_ATTRIBUTES ObjectAttributes
,
889 ULONG MaxConnectInfoLength
,
891 ULONG NPMessageQueueSize OPTIONAL
);
895 * FUNCTION: Creates a process.
897 * ProcessHandle (OUT) = Caller supplied storage for the resulting handle
898 * DesiredAccess = Specifies the allowed or desired access to the process can
899 * be a combinate of STANDARD_RIGHTS_REQUIRED| ..
900 * ObjectAttribute = Initialized attributes for the object, contains the rootdirectory and the filename
901 * ParentProcess = Handle to the parent process.
902 * InheritObjectTable = Specifies to inherit the objects of the parent process if true.
903 * SectionHandle = Handle to a section object to back the image file
904 * DebugPort = Handle to a DebugPort if NULL the system default debug port will be used.
905 * ExceptionPort = Handle to a exception port.
907 * This function maps to the win32 CreateProcess.
913 OUT PHANDLE ProcessHandle
,
914 IN ACCESS_MASK DesiredAccess
,
915 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
916 IN HANDLE ParentProcess
,
917 IN BOOLEAN InheritObjectTable
,
918 IN HANDLE SectionHandle OPTIONAL
,
919 IN HANDLE DebugPort OPTIONAL
,
920 IN HANDLE ExceptionPort OPTIONAL
926 OUT PHANDLE ProcessHandle
,
927 IN ACCESS_MASK DesiredAccess
,
928 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
929 IN HANDLE ParentProcess
,
930 IN BOOLEAN InheritObjectTable
,
931 IN HANDLE SectionHandle OPTIONAL
,
932 IN HANDLE DebugPort OPTIONAL
,
933 IN HANDLE ExceptionPort OPTIONAL
937 * FUNCTION: Creates a section object.
939 * SectionHandle (OUT) = Caller supplied storage for the resulting handle
940 * DesiredAccess = Specifies the desired access to the section can be a combination of STANDARD_RIGHTS_REQUIRED | SECTION_QUERY | SECTION_MAP_WRITE |
941 * SECTION_MAP_READ | SECTION_MAP_EXECUTE.
942 * ObjectAttribute = Initialized attributes for the object can be used to create a named section
943 * MaxiumSize = Maximizes the size of the memory section. Must be non-NULL for a page-file backed section.
944 * If value specified for a mapped file and the file is not large enough, file will be extended.
945 * SectionPageProtection = Can be a combination of PAGE_READONLY | PAGE_READWRITE | PAGE_WRITEONLY | PAGE_WRITECOPY.
946 * AllocationAttributes = can be a combination of SEC_IMAGE | SEC_RESERVE
947 * FileHanlde = Handle to a file to create a section mapped to a file instead of a memory backed section.
954 OUT PHANDLE SectionHandle
,
955 IN ACCESS_MASK DesiredAccess
,
956 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
957 IN PLARGE_INTEGER MaximumSize OPTIONAL
,
958 IN ULONG SectionPageProtection OPTIONAL
,
959 IN ULONG AllocationAttributes
,
960 IN HANDLE FileHandle OPTIONAL
966 OUT PHANDLE SectionHandle
,
967 IN ACCESS_MASK DesiredAccess
,
968 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
969 IN PLARGE_INTEGER MaximumSize OPTIONAL
,
970 IN ULONG SectionPageProtection OPTIONAL
,
971 IN ULONG AllocationAttributes
,
972 IN HANDLE FileHandle OPTIONAL
976 * FUNCTION: Creates a semaphore object for interprocess synchronization.
978 * SemaphoreHandle (OUT) = Caller supplied storage for the resulting handle
979 * DesiredAccess = Specifies the allowed or desired access to the semaphore.
980 * ObjectAttribute = Initialized attributes for the object.
981 * InitialCount = Not necessary zero, might be smaller than zero.
982 * MaximumCount = Maxiumum count the semaphore can reach.
985 * The semaphore is set to signaled when its count is greater than zero, and non-signaled when its count is zero.
988 //FIXME: should a semaphore's initial count allowed to be smaller than zero ??
992 OUT PHANDLE SemaphoreHandle
,
993 IN ACCESS_MASK DesiredAccess
,
994 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
995 IN LONG InitialCount
,
1002 OUT PHANDLE SemaphoreHandle
,
1003 IN ACCESS_MASK DesiredAccess
,
1004 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
1005 IN LONG InitialCount
,
1006 IN LONG MaximumCount
1010 * FUNCTION: Creates a symbolic link object
1012 * SymbolicLinkHandle (OUT) = Caller supplied storage for the resulting handle
1013 * DesiredAccess = Specifies the allowed or desired access to the thread.
1014 * ObjectAttributes = Initialized attributes for the object.
1015 * Name = Target name of the symbolic link
1020 NtCreateSymbolicLinkObject(
1021 OUT PHANDLE LinkHandle
,
1022 IN ACCESS_MASK DesiredAccess
,
1023 IN POBJECT_ATTRIBUTES ObjectAttributes
,
1024 IN PUNICODE_STRING LinkTarget
1029 ZwCreateSymbolicLinkObject(
1030 OUT PHANDLE LinkHandle
,
1031 IN ACCESS_MASK DesiredAccess
,
1032 IN POBJECT_ATTRIBUTES ObjectAttributes
,
1033 IN PUNICODE_STRING LinkTarget
1037 * FUNCTION: Creates a waitable timer.
1039 * TimerHandle (OUT) = Caller supplied storage for the resulting handle
1040 * DesiredAccess = Specifies the allowed or desired access to the timer.
1041 * ObjectAttributes = Initialized attributes for the object.
1042 * TimerType = Specifies if the timer should be reset manually.
1044 * This function maps to the win32 CreateWaitableTimer. lpTimerAttributes and lpTimerName map to
1045 * corresponding fields in OBJECT_ATTRIBUTES structure.
1051 OUT PHANDLE TimerHandle
,
1052 IN ACCESS_MASK DesiredAccess
,
1053 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
1054 IN TIMER_TYPE TimerType
1060 OUT PHANDLE TimerHandle
,
1061 IN ACCESS_MASK DesiredAccess
,
1062 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
1063 IN TIMER_TYPE TimerType
1067 * FUNCTION: Creates a token.
1069 * TokenHandle (OUT) = Caller supplied storage for the resulting handle
1070 * DesiredAccess = Specifies the allowed or desired access to the process can
1071 * be a combinate of STANDARD_RIGHTS_REQUIRED| ..
1072 * ObjectAttribute = Initialized attributes for the object, contains the rootdirectory and the filename
1074 * AuthenticationId =
1080 * TokenPrimaryGroup =
1081 * TokenDefaultDacl =
1084 * This function does not map to a win32 function
1091 OUT PHANDLE TokenHandle
,
1092 IN ACCESS_MASK DesiredAccess
,
1093 IN POBJECT_ATTRIBUTES ObjectAttributes
,
1094 IN TOKEN_TYPE TokenType
,
1095 IN PLUID AuthenticationId
,
1096 IN PLARGE_INTEGER ExpirationTime
,
1097 IN PTOKEN_USER TokenUser
,
1098 IN PTOKEN_GROUPS TokenGroups
,
1099 IN PTOKEN_PRIVILEGES TokenPrivileges
,
1100 IN PTOKEN_OWNER TokenOwner
,
1101 IN PTOKEN_PRIMARY_GROUP TokenPrimaryGroup
,
1102 IN PTOKEN_DEFAULT_DACL TokenDefaultDacl
,
1103 IN PTOKEN_SOURCE TokenSource
1109 OUT PHANDLE TokenHandle
,
1110 IN ACCESS_MASK DesiredAccess
,
1111 IN POBJECT_ATTRIBUTES ObjectAttributes
,
1112 IN TOKEN_TYPE TokenType
,
1113 IN PLUID AuthenticationId
,
1114 IN PLARGE_INTEGER ExpirationTime
,
1115 IN PTOKEN_USER TokenUser
,
1116 IN PTOKEN_GROUPS TokenGroups
,
1117 IN PTOKEN_PRIVILEGES TokenPrivileges
,
1118 IN PTOKEN_OWNER TokenOwner
,
1119 IN PTOKEN_PRIMARY_GROUP TokenPrimaryGroup
,
1120 IN PTOKEN_DEFAULT_DACL TokenDefaultDacl
,
1121 IN PTOKEN_SOURCE TokenSource
1125 * FUNCTION: Returns the callers thread TEB.
1126 * RETURNS: The resulting teb.
1137 NtCreateWaitablePort (PHANDLE PortHandle
,
1138 POBJECT_ATTRIBUTES ObjectAttributes
,
1139 ULONG MaxConnectInfoLength
,
1140 ULONG MaxDataLength
,
1141 ULONG NPMessageQueueSize OPTIONAL
);
1144 ZwCreateWaitablePort (PHANDLE PortHandle
,
1145 POBJECT_ATTRIBUTES ObjectAttributes
,
1146 ULONG MaxConnectInfoLength
,
1147 ULONG MaxDataLength
,
1148 ULONG NPMessageQueueSize OPTIONAL
);
1152 * FUNCTION: Deletes an atom from the global atom table
1154 * Atom = Identifies the atom to delete
1156 * The function maps to the win32 GlobalDeleteAtom
1174 IN PUNICODE_STRING EntryName
,
1175 IN PUNICODE_STRING EntryValue
1181 IN PUNICODE_STRING EntryName
,
1182 IN PUNICODE_STRING EntryValue
1186 * FUNCTION: Deletes a file or a directory
1188 * ObjectAttributes = Name of the file which should be deleted
1190 * This system call is functionally equivalent to NtSetInformationFile
1191 * setting the disposition information.
1192 * The function maps to the win32 DeleteFile.
1198 IN POBJECT_ATTRIBUTES ObjectAttributes
1204 IN POBJECT_ATTRIBUTES ObjectAttributes
1208 * FUNCTION: Deletes a registry key
1210 * KeyHandle = Handle of the key
1225 * FUNCTION: Generates a audit message when an object is deleted
1227 * SubsystemName = Spefies the name of the subsystem can be 'WIN32' or 'DEBUG'
1228 * HandleId= Handle to an audit object
1229 * GenerateOnClose = Value returned by NtAccessCheckAndAuditAlarm
1230 * REMARKS: This function maps to the win32 ObjectCloseAuditAlarm
1236 NtDeleteObjectAuditAlarm (
1237 IN PUNICODE_STRING SubsystemName
,
1239 IN BOOLEAN GenerateOnClose
1244 ZwDeleteObjectAuditAlarm (
1245 IN PUNICODE_STRING SubsystemName
,
1247 IN BOOLEAN GenerateOnClose
1252 * FUNCTION: Deletes a value from a registry key
1254 * KeyHandle = Handle of the key
1255 * ValueName = Name of the value to delete
1262 IN HANDLE KeyHandle
,
1263 IN PUNICODE_STRING ValueName
1269 IN HANDLE KeyHandle
,
1270 IN PUNICODE_STRING ValueName
1273 * FUNCTION: Sends IOCTL to the io sub system
1275 * DeviceHandle = Points to the handle that is created by NtCreateFile
1276 * Event = Event to synchronize on STATUS_PENDING
1277 * ApcRoutine = Asynchroneous procedure callback
1278 * ApcContext = Callback context.
1279 * IoStatusBlock = Caller should supply storage for extra information..
1280 * IoControlCode = Contains the IO Control command. This is an
1281 * index to the structures in InputBuffer and OutputBuffer.
1282 * InputBuffer = Caller should supply storage for input buffer if IOTL expects one.
1283 * InputBufferSize = Size of the input bufffer
1284 * OutputBuffer = Caller should supply storage for output buffer if IOTL expects one.
1285 * OutputBufferSize = Size of the input bufffer
1291 NtDeviceIoControlFile(
1292 IN HANDLE DeviceHandle
,
1293 IN HANDLE Event OPTIONAL
,
1294 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL
,
1295 IN PVOID UserApcContext OPTIONAL
,
1296 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1297 IN ULONG IoControlCode
,
1298 IN PVOID InputBuffer
,
1299 IN ULONG InputBufferSize
,
1300 OUT PVOID OutputBuffer
,
1301 IN ULONG OutputBufferSize
1306 ZwDeviceIoControlFile(
1307 IN HANDLE DeviceHandle
,
1308 IN HANDLE Event OPTIONAL
,
1309 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL
,
1310 IN PVOID UserApcContext OPTIONAL
,
1311 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1312 IN ULONG IoControlCode
,
1313 IN PVOID InputBuffer
,
1314 IN ULONG InputBufferSize
,
1315 OUT PVOID OutputBuffer
,
1316 IN ULONG OutputBufferSize
1319 * FUNCTION: Displays a string on the blue screen
1321 * DisplayString = The string to display
1328 IN PUNICODE_STRING DisplayString
1334 IN PUNICODE_STRING DisplayString
1340 NtEnumerateBootEntries(
1347 ZwEnumerateBootEntries(
1354 * FUNCTION: Returns information about the subkeys of an open key
1356 * KeyHandle = Handle of the key whose subkeys are to enumerated
1357 * Index = zero based index of the subkey for which information is
1359 * KeyInformationClass = Type of information returned
1360 * KeyInformation (OUT) = Caller allocated buffer for the information
1362 * Length = Length in bytes of the KeyInformation buffer
1363 * ResultLength (OUT) = Caller allocated storage which holds
1364 * the number of bytes of information retrieved
1371 IN HANDLE KeyHandle
,
1373 IN KEY_INFORMATION_CLASS KeyInformationClass
,
1374 OUT PVOID KeyInformation
,
1376 OUT PULONG ResultLength
1382 IN HANDLE KeyHandle
,
1384 IN KEY_INFORMATION_CLASS KeyInformationClass
,
1385 OUT PVOID KeyInformation
,
1387 OUT PULONG ResultLength
1390 * FUNCTION: Returns information about the value entries of an open key
1392 * KeyHandle = Handle of the key whose value entries are to enumerated
1393 * Index = zero based index of the subkey for which information is
1395 * KeyInformationClass = Type of information returned
1396 * KeyInformation (OUT) = Caller allocated buffer for the information
1398 * Length = Length in bytes of the KeyInformation buffer
1399 * ResultLength (OUT) = Caller allocated storage which holds
1400 * the number of bytes of information retrieved
1406 NtEnumerateValueKey(
1407 IN HANDLE KeyHandle
,
1409 IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass
,
1410 OUT PVOID KeyValueInformation
,
1412 OUT PULONG ResultLength
1417 ZwEnumerateValueKey(
1418 IN HANDLE KeyHandle
,
1420 IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass
,
1421 OUT PVOID KeyValueInformation
,
1423 OUT PULONG ResultLength
1427 * FUNCTION: Flushes chached file data to disk
1429 * FileHandle = Points to the file
1430 * IoStatusBlock = Caller must supply storage to receive the result of the flush
1431 * buffers operation. The information field is set to number of bytes
1435 * This funciton maps to the win32 FlushFileBuffers
1440 IN HANDLE FileHandle
,
1441 OUT PIO_STATUS_BLOCK IoStatusBlock
1447 IN HANDLE FileHandle
,
1448 OUT PIO_STATUS_BLOCK IoStatusBlock
1452 * FUNCTION: Flushes a registry key to disk
1454 * KeyHandle = Points to the registry key handle
1457 * This funciton maps to the win32 RegFlushKey.
1472 * FUNCTION: Flushes the dirty pages to file
1474 * FIXME: Not sure this does (how is the file specified)
1476 NTSTATUS STDCALL
NtFlushWriteBuffer(VOID
);
1477 NTSTATUS STDCALL
ZwFlushWriteBuffer(VOID
);
1480 * FUNCTION: Frees a range of virtual memory
1482 * ProcessHandle = Points to the process that allocated the virtual
1484 * BaseAddress = Points to the memory address, rounded down to a
1485 * multiple of the pagesize
1486 * RegionSize = Limits the range to free, rounded up to a multiple of
1488 * FreeType = Can be one of the values: MEM_DECOMMIT, or MEM_RELEASE
1491 NTSTATUS STDCALL
NtFreeVirtualMemory(IN HANDLE ProcessHandle
,
1492 IN PVOID
*BaseAddress
,
1493 IN PULONG RegionSize
,
1495 NTSTATUS STDCALL
ZwFreeVirtualMemory(IN HANDLE ProcessHandle
,
1496 IN PVOID
*BaseAddress
,
1497 IN PULONG RegionSize
,
1501 * FUNCTION: Sends FSCTL to the filesystem
1503 * DeviceHandle = Points to the handle that is created by NtCreateFile
1504 * Event = Event to synchronize on STATUS_PENDING
1507 * IoStatusBlock = Caller should supply storage for
1508 * IoControlCode = Contains the File System Control command. This is an
1509 * index to the structures in InputBuffer and OutputBuffer.
1510 * FSCTL_GET_RETRIEVAL_POINTERS [Input/Output] RETRIEVAL_POINTERS_BUFFER
1511 * FSCTL_GET_VOLUME_BITMAP [Input] STARTING_LCN_INPUT_BUFFER
1512 * FSCTL_GET_VOLUME_BITMAP [Output] VOLUME_BITMAP_BUFFER
1513 * FSCTL_MOVE_FILE [Input] MOVE_FILE_DATA
1515 * InputBuffer = Caller should supply storage for input buffer if FSCTL expects one.
1516 * InputBufferSize = Size of the input bufffer
1517 * OutputBuffer = Caller should supply storage for output buffer if FSCTL expects one.
1518 * OutputBufferSize = Size of the input bufffer
1519 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES |
1520 * STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST ]
1525 IN HANDLE DeviceHandle
,
1526 IN HANDLE Event OPTIONAL
,
1527 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
1528 IN PVOID ApcContext OPTIONAL
,
1529 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1530 IN ULONG IoControlCode
,
1531 IN PVOID InputBuffer
,
1532 IN ULONG InputBufferSize
,
1533 OUT PVOID OutputBuffer
,
1534 IN ULONG OutputBufferSize
1540 IN HANDLE DeviceHandle
,
1541 IN HANDLE Event OPTIONAL
,
1542 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
1543 IN PVOID ApcContext OPTIONAL
,
1544 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1545 IN ULONG IoControlCode
,
1546 IN PVOID InputBuffer
,
1547 IN ULONG InputBufferSize
,
1548 OUT PVOID OutputBuffer
,
1549 IN ULONG OutputBufferSize
1553 * FUNCTION: Retrieves the processor context of a thread
1555 * ThreadHandle = Handle to a thread
1556 * ThreadContext (OUT) = Caller allocated storage for the processor context
1563 IN HANDLE ThreadHandle
,
1564 OUT PCONTEXT ThreadContext
1570 IN HANDLE ThreadHandle
,
1571 OUT PCONTEXT ThreadContext
1576 NtImpersonateClientOfPort (HANDLE PortHandle
,
1577 PLPC_MESSAGE ClientMessage
);
1580 ZwImpersonateClientOfPort (HANDLE PortHandle
,
1581 PLPC_MESSAGE ClientMessage
);
1584 * FUNCTION: Sets a thread to impersonate another
1586 * ThreadHandle = Server thread that will impersonate a client.
1587 ThreadToImpersonate = Client thread that will be impersonated
1588 SecurityQualityOfService = Specifies the impersonation level.
1594 NtImpersonateThread(
1595 IN HANDLE ThreadHandle
,
1596 IN HANDLE ThreadToImpersonate
,
1597 IN PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService
1602 ZwImpersonateThread(
1603 IN HANDLE ThreadHandle
,
1604 IN HANDLE ThreadToImpersonate
,
1605 IN PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService
1610 NtInitiatePowerAction (
1611 IN POWER_ACTION SystemAction
,
1612 IN SYSTEM_POWER_STATE MinSystemState
,
1614 IN BOOLEAN Asynchronous
1619 ZwInitiatePowerAction (
1620 IN POWER_ACTION SystemAction
,
1621 IN SYSTEM_POWER_STATE MinSystemState
,
1623 IN BOOLEAN Asynchronous
1626 * FUNCTION: Initializes the registry.
1628 * SetUpBoot = This parameter is true for a setup boot.
1633 NtInitializeRegistry(
1638 ZwInitializeRegistry(
1645 IN HANDLE ProcessHandle
, // ProcessHandle must grant PROCESS_QUERY_INFORMATION access.
1646 IN HANDLE JobHandle OPTIONAL
// JobHandle must JOB_OBJECT_QUERY grant access. Defaults to the current process's job object.
1652 IN HANDLE ProcessHandle
, // ProcessHandle must grant PROCESS_QUERY_INFORMATION access.
1653 IN HANDLE JobHandle OPTIONAL
// JobHandle must JOB_OBJECT_QUERY grant access. Defaults to the current process's job object.
1657 NtListenPort (HANDLE PortHandle
,
1658 PLPC_MESSAGE LpcMessage
);
1661 ZwListenPort (HANDLE PortHandle
,
1662 PLPC_MESSAGE LpcMessage
);
1666 * FUNCTION: Loads a driver.
1668 * DriverServiceName = Name of the driver to load
1674 IN PUNICODE_STRING DriverServiceName
1680 IN PUNICODE_STRING DriverServiceName
1684 * FUNCTION: Locks a range of bytes in a file.
1686 * FileHandle = Handle to the file
1687 * Event = Should be null if apc is specified.
1688 * ApcRoutine = Asynchroneous Procedure Callback
1689 * ApcContext = Argument to the callback
1690 * IoStatusBlock (OUT) = Caller should supply storage for a structure containing
1691 * the completion status and information about the requested lock operation.
1692 * ByteOffset = Offset
1693 * Length = Number of bytes to lock.
1694 * Key = Special value to give other threads the possibility to unlock the file
1695 by supplying the key in a call to NtUnlockFile.
1696 * FailImmediatedly = If false the request will block untill the lock is obtained.
1697 * ExclusiveLock = Specifies whether a exclusive or a shared lock is obtained.
1699 This procedure maps to the win32 procedure LockFileEx. STATUS_PENDING is returned if the lock could
1700 not be obtained immediately, the device queue is busy and the IRP is queued.
1701 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES |
1702 STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_LOCK_NOT_GRANTED ]
1708 IN HANDLE FileHandle
,
1709 IN HANDLE Event OPTIONAL
,
1710 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
1711 IN PVOID ApcContext OPTIONAL
,
1712 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1713 IN PLARGE_INTEGER ByteOffset
,
1714 IN PLARGE_INTEGER Length
,
1716 IN BOOLEAN FailImmediatedly
,
1717 IN BOOLEAN ExclusiveLock
1723 IN HANDLE FileHandle
,
1724 IN HANDLE Event OPTIONAL
,
1725 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
1726 IN PVOID ApcContext OPTIONAL
,
1727 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1728 IN PLARGE_INTEGER ByteOffset
,
1729 IN PLARGE_INTEGER Length
,
1731 IN BOOLEAN FailImmediatedly
,
1732 IN BOOLEAN ExclusiveLock
1736 * FUNCTION: Makes temporary object that will be removed at next boot.
1738 * Handle = Handle to object
1745 NtMakePermanentObject(
1746 IN HANDLE ObjectHandle
1751 ZwMakePermanentObject(
1752 IN HANDLE ObjectHandle
1757 NtMakeTemporaryObject(
1758 IN HANDLE ObjectHandle
1763 ZwMakeTemporaryObject(
1764 IN HANDLE ObjectHandle
1767 * FUNCTION: Maps a view of a section into the virtual address space of a
1770 * SectionHandle = Handle of the section
1771 * ProcessHandle = Handle of the process
1772 * BaseAddress = Desired base address (or NULL) on entry
1773 * Actual base address of the view on exit
1774 * ZeroBits = Number of high order address bits that must be zero
1775 * CommitSize = Size in bytes of the initially committed section of
1777 * SectionOffset = Offset in bytes from the beginning of the section
1778 * to the beginning of the view
1779 * ViewSize = Desired length of map (or zero to map all) on entry
1780 * Actual length mapped on exit
1781 * InheritDisposition = Specified how the view is to be shared with
1783 * AllocateType = Type of allocation for the pages
1784 * Protect = Protection for the committed region of the view
1790 IN HANDLE SectionHandle
,
1791 IN HANDLE ProcessHandle
,
1792 IN OUT PVOID
*BaseAddress
,
1794 IN ULONG CommitSize
,
1795 IN OUT PLARGE_INTEGER SectionOffset OPTIONAL
,
1796 IN OUT PULONG ViewSize
,
1797 IN SECTION_INHERIT InheritDisposition
,
1798 IN ULONG AllocationType
,
1799 IN ULONG AccessProtection
1805 IN HANDLE SectionHandle
,
1806 IN HANDLE ProcessHandle
,
1807 IN OUT PVOID
*BaseAddress
,
1809 IN ULONG CommitSize
,
1810 IN OUT PLARGE_INTEGER SectionOffset OPTIONAL
,
1811 IN OUT PULONG ViewSize
,
1812 IN SECTION_INHERIT InheritDisposition
,
1813 IN ULONG AllocationType
,
1814 IN ULONG AccessProtection
1818 * FUNCTION: Installs a notify for the change of a directory's contents
1820 * FileHandle = Handle to the directory
1822 * ApcRoutine = Start address
1823 * ApcContext = Delimits the range of virtual memory
1824 * for which the new access protection holds
1825 * IoStatusBlock = The new access proctection for the pages
1826 * Buffer = Caller supplies storage for resulting information --> FILE_NOTIFY_INFORMATION
1827 * BufferSize = Size of the buffer
1828 CompletionFilter = Can be one of the following values:
1829 FILE_NOTIFY_CHANGE_FILE_NAME
1830 FILE_NOTIFY_CHANGE_DIR_NAME
1831 FILE_NOTIFY_CHANGE_NAME ( FILE_NOTIFY_CHANGE_FILE_NAME | FILE_NOTIFY_CHANGE_DIR_NAME )
1832 FILE_NOTIFY_CHANGE_ATTRIBUTES
1833 FILE_NOTIFY_CHANGE_SIZE
1834 FILE_NOTIFY_CHANGE_LAST_WRITE
1835 FILE_NOTIFY_CHANGE_LAST_ACCESS
1836 FILE_NOTIFY_CHANGE_CREATION ( change of creation timestamp )
1837 FILE_NOTIFY_CHANGE_EA
1838 FILE_NOTIFY_CHANGE_SECURITY
1839 FILE_NOTIFY_CHANGE_STREAM_NAME
1840 FILE_NOTIFY_CHANGE_STREAM_SIZE
1841 FILE_NOTIFY_CHANGE_STREAM_WRITE
1842 WatchTree = If true the notify will be installed recursively on the targetdirectory and all subdirectories.
1845 * The function maps to the win32 FindFirstChangeNotification, FindNextChangeNotification
1850 NtNotifyChangeDirectoryFile(
1851 IN HANDLE FileHandle
,
1852 IN HANDLE Event OPTIONAL
,
1853 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
1854 IN PVOID ApcContext OPTIONAL
,
1855 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1857 IN ULONG BufferSize
,
1858 IN ULONG CompletionFilter
,
1859 IN BOOLEAN WatchTree
1864 ZwNotifyChangeDirectoryFile(
1865 IN HANDLE FileHandle
,
1866 IN HANDLE Event OPTIONAL
,
1867 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
1868 IN PVOID ApcContext OPTIONAL
,
1869 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1871 IN ULONG BufferSize
,
1872 IN ULONG CompletionFilter
,
1873 IN BOOLEAN WatchTree
1877 * FUNCTION: Installs a notfication callback on registry changes
1879 KeyHandle = Handle to the registry key
1880 Event = Event that should be signalled on modification of the key
1881 ApcRoutine = Routine that should be called on modification of the key
1882 ApcContext = Argument to the ApcRoutine
1884 CompletionFilter = Specifies the kind of notification the caller likes to receive.
1885 Can be a combination of the following values:
1887 REG_NOTIFY_CHANGE_NAME
1888 REG_NOTIFY_CHANGE_ATTRIBUTES
1889 REG_NOTIFY_CHANGE_LAST_SET
1890 REG_NOTIFY_CHANGE_SECURITY
1893 Asynchroneous = If TRUE the changes are reported by signalling an event if false
1894 the function will not return before a change occurs.
1895 ChangeBuffer = Will return the old value
1896 Length = Size of the change buffer
1897 WatchSubtree = Indicates if the caller likes to receive a notification of changes in
1899 * REMARKS: If the key is closed the event is signalled aswell.
1906 IN HANDLE KeyHandle
,
1908 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
1909 IN PVOID ApcContext OPTIONAL
,
1910 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1911 IN ULONG CompletionFilter
,
1912 IN BOOLEAN WatchSubtree
,
1915 IN BOOLEAN Asynchronous
1921 IN HANDLE KeyHandle
,
1923 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
1924 IN PVOID ApcContext OPTIONAL
,
1925 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1926 IN ULONG CompletionFilter
,
1927 IN BOOLEAN WatchSubtree
,
1930 IN BOOLEAN Asynchronous
1934 * FUNCTION: Opens an existing directory object
1936 * FileHandle (OUT) = Caller supplied storage for the resulting handle
1937 * DesiredAccess = Requested access to the directory
1938 * ObjectAttributes = Initialized attributes for the object
1944 NtOpenDirectoryObject(
1945 OUT PHANDLE FileHandle
,
1946 IN ACCESS_MASK DesiredAccess
,
1947 IN POBJECT_ATTRIBUTES ObjectAttributes
1951 ZwOpenDirectoryObject(
1952 OUT PHANDLE FileHandle
,
1953 IN ACCESS_MASK DesiredAccess
,
1954 IN POBJECT_ATTRIBUTES ObjectAttributes
1958 * FUNCTION: Opens an existing event
1960 * EventHandle (OUT) = Caller supplied storage for the resulting handle
1961 * DesiredAccess = Requested access to the event
1962 * ObjectAttributes = Initialized attributes for the object
1968 OUT PHANDLE EventHandle
,
1969 IN ACCESS_MASK DesiredAccess
,
1970 IN POBJECT_ATTRIBUTES ObjectAttributes
1976 OUT PHANDLE EventHandle
,
1977 IN ACCESS_MASK DesiredAccess
,
1978 IN POBJECT_ATTRIBUTES ObjectAttributes
1982 * FUNCTION: Opens an existing event pair
1984 * EventHandle (OUT) = Caller supplied storage for the resulting handle
1985 * DesiredAccess = Requested access to the event
1986 * ObjectAttributes = Initialized attributes for the object
1993 OUT PHANDLE EventPairHandle
,
1994 IN ACCESS_MASK DesiredAccess
,
1995 IN POBJECT_ATTRIBUTES ObjectAttributes
2001 OUT PHANDLE EventPairHandle
,
2002 IN ACCESS_MASK DesiredAccess
,
2003 IN POBJECT_ATTRIBUTES ObjectAttributes
2006 * FUNCTION: Opens an existing file
2008 * FileHandle (OUT) = Caller supplied storage for the resulting handle
2009 * DesiredAccess = Requested access to the file
2010 * ObjectAttributes = Initialized attributes for the object
2019 OUT PHANDLE FileHandle
,
2020 IN ACCESS_MASK DesiredAccess
,
2021 IN POBJECT_ATTRIBUTES ObjectAttributes
,
2022 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2023 IN ULONG ShareAccess
,
2024 IN ULONG OpenOptions
2030 OUT PHANDLE FileHandle
,
2031 IN ACCESS_MASK DesiredAccess
,
2032 IN POBJECT_ATTRIBUTES ObjectAttributes
,
2033 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2034 IN ULONG ShareAccess
,
2035 IN ULONG OpenOptions
2039 * FUNCTION: Opens an existing io completion object
2041 * CompletionPort (OUT) = Caller supplied storage for the resulting handle
2042 * DesiredAccess = Requested access to the io completion object
2043 * ObjectAttributes = Initialized attributes for the object
2050 OUT PHANDLE CompetionPort
,
2051 IN ACCESS_MASK DesiredAccess
,
2052 IN POBJECT_ATTRIBUTES ObjectAttributes
2058 OUT PHANDLE CompetionPort
,
2059 IN ACCESS_MASK DesiredAccess
,
2060 IN POBJECT_ATTRIBUTES ObjectAttributes
2068 ACCESS_MASK DesiredAccess
,
2069 POBJECT_ATTRIBUTES ObjectAttributes
2076 ACCESS_MASK DesiredAccess
,
2077 POBJECT_ATTRIBUTES ObjectAttributes
2080 * FUNCTION: Opens an existing key in the registry
2082 * KeyHandle (OUT) = Caller supplied storage for the resulting handle
2083 * DesiredAccess = Requested access to the key
2084 * ObjectAttributes = Initialized attributes for the object
2090 OUT PHANDLE KeyHandle
,
2091 IN ACCESS_MASK DesiredAccess
,
2092 IN POBJECT_ATTRIBUTES ObjectAttributes
2098 OUT PHANDLE KeyHandle
,
2099 IN ACCESS_MASK DesiredAccess
,
2100 IN POBJECT_ATTRIBUTES ObjectAttributes
2103 * FUNCTION: Opens an existing key in the registry
2105 * MutantHandle (OUT) = Caller supplied storage for the resulting handle
2106 * DesiredAccess = Requested access to the mutant
2107 * ObjectAttribute = Initialized attributes for the object
2113 OUT PHANDLE MutantHandle
,
2114 IN ACCESS_MASK DesiredAccess
,
2115 IN POBJECT_ATTRIBUTES ObjectAttributes
2120 OUT PHANDLE MutantHandle
,
2121 IN ACCESS_MASK DesiredAccess
,
2122 IN POBJECT_ATTRIBUTES ObjectAttributes
2126 * FUNCTION: Opens an existing process
2128 * ProcessHandle (OUT) = Caller supplied storage for the resulting handle
2129 * DesiredAccess = Requested access to the process
2130 * ObjectAttribute = Initialized attributes for the object
2131 * ClientId = Identifies the process id to open
2137 OUT PHANDLE ProcessHandle
,
2138 IN ACCESS_MASK DesiredAccess
,
2139 IN POBJECT_ATTRIBUTES ObjectAttributes
,
2140 IN PCLIENT_ID ClientId
2145 OUT PHANDLE ProcessHandle
,
2146 IN ACCESS_MASK DesiredAccess
,
2147 IN POBJECT_ATTRIBUTES ObjectAttributes
,
2148 IN PCLIENT_ID ClientId
2151 * FUNCTION: Opens an existing process
2153 * ProcessHandle = Handle of the process of which owns the token
2154 * DesiredAccess = Requested access to the token
2155 * TokenHandle (OUT) = Caller supplies storage for the resulting token.
2157 This function maps to the win32
2164 IN HANDLE ProcessHandle
,
2165 IN ACCESS_MASK DesiredAccess
,
2166 OUT PHANDLE TokenHandle
2172 IN HANDLE ProcessHandle
,
2173 IN ACCESS_MASK DesiredAccess
,
2174 OUT PHANDLE TokenHandle
2180 NtOpenProcessTokenEx(
2181 IN HANDLE ProcessHandle
,
2182 IN ACCESS_MASK DesiredAccess
,
2183 IN ULONG HandleAttributes
,
2184 OUT PHANDLE TokenHandle
2190 ZwOpenProcessTokenEx(
2191 IN HANDLE ProcessHandle
,
2192 IN ACCESS_MASK DesiredAccess
,
2193 IN ULONG HandleAttributes
,
2194 OUT PHANDLE TokenHandle
2197 * FUNCTION: Opens an existing section object
2199 * KeyHandle (OUT) = Caller supplied storage for the resulting handle
2200 * DesiredAccess = Requested access to the key
2201 * ObjectAttribute = Initialized attributes for the object
2208 OUT PHANDLE SectionHandle
,
2209 IN ACCESS_MASK DesiredAccess
,
2210 IN POBJECT_ATTRIBUTES ObjectAttributes
2215 OUT PHANDLE SectionHandle
,
2216 IN ACCESS_MASK DesiredAccess
,
2217 IN POBJECT_ATTRIBUTES ObjectAttributes
2220 * FUNCTION: Opens an existing semaphore
2222 * SemaphoreHandle (OUT) = Caller supplied storage for the resulting handle
2223 * DesiredAccess = Requested access to the semaphore
2224 * ObjectAttribute = Initialized attributes for the object
2230 OUT PHANDLE SemaphoreHandle
,
2231 IN ACCESS_MASK DesiredAcces
,
2232 IN POBJECT_ATTRIBUTES ObjectAttributes
2237 OUT PHANDLE SemaphoreHandle
,
2238 IN ACCESS_MASK DesiredAcces
,
2239 IN POBJECT_ATTRIBUTES ObjectAttributes
2242 * FUNCTION: Opens an existing symbolic link
2244 * SymbolicLinkHandle (OUT) = Caller supplied storage for the resulting handle
2245 * DesiredAccess = Requested access to the symbolic link
2246 * ObjectAttribute = Initialized attributes for the object
2251 NtOpenSymbolicLinkObject(
2252 OUT PHANDLE LinkHandle
,
2253 IN ACCESS_MASK DesiredAccess
,
2254 IN POBJECT_ATTRIBUTES ObjectAttributes
2258 ZwOpenSymbolicLinkObject(
2259 OUT PHANDLE LinkHandle
,
2260 IN ACCESS_MASK DesiredAccess
,
2261 IN POBJECT_ATTRIBUTES ObjectAttributes
2264 * FUNCTION: Opens an existing thread
2266 * ThreadHandle (OUT) = Caller supplied storage for the resulting handle
2267 * DesiredAccess = Requested access to the thread
2268 * ObjectAttribute = Initialized attributes for the object
2269 * ClientId = Identifies the thread to open.
2275 OUT PHANDLE ThreadHandle
,
2276 IN ACCESS_MASK DesiredAccess
,
2277 IN POBJECT_ATTRIBUTES ObjectAttributes
,
2278 IN PCLIENT_ID ClientId
2283 OUT PHANDLE ThreadHandle
,
2284 IN ACCESS_MASK DesiredAccess
,
2285 IN POBJECT_ATTRIBUTES ObjectAttributes
,
2286 IN PCLIENT_ID ClientId
2292 IN HANDLE ThreadHandle
,
2293 IN ACCESS_MASK DesiredAccess
,
2294 IN BOOLEAN OpenAsSelf
,
2295 OUT PHANDLE TokenHandle
2301 IN HANDLE ThreadHandle
,
2302 IN ACCESS_MASK DesiredAccess
,
2303 IN BOOLEAN OpenAsSelf
,
2304 OUT PHANDLE TokenHandle
2309 NtOpenThreadTokenEx(
2310 IN HANDLE ThreadHandle
,
2311 IN ACCESS_MASK DesiredAccess
,
2312 IN BOOLEAN OpenAsSelf
,
2313 IN ULONG HandleAttributes
,
2314 OUT PHANDLE TokenHandle
2320 ZwOpenThreadTokenEx(
2321 IN HANDLE ThreadHandle
,
2322 IN ACCESS_MASK DesiredAccess
,
2323 IN BOOLEAN OpenAsSelf
,
2324 IN ULONG HandleAttributes
,
2325 OUT PHANDLE TokenHandle
2329 * FUNCTION: Opens an existing timer
2331 * TimerHandle (OUT) = Caller supplied storage for the resulting handle
2332 * DesiredAccess = Requested access to the timer
2333 * ObjectAttribute = Initialized attributes for the object
2339 OUT PHANDLE TimerHandle
,
2340 IN ACCESS_MASK DesiredAccess
,
2341 IN POBJECT_ATTRIBUTES ObjectAttributes
2346 OUT PHANDLE TimerHandle
,
2347 IN ACCESS_MASK DesiredAccess
,
2348 IN POBJECT_ATTRIBUTES ObjectAttributes
2352 * FUNCTION: Checks an access token for specific privileges
2354 * ClientToken = Handle to a access token structure
2355 * RequiredPrivileges = Specifies the requested privileges.
2356 * Result = Caller supplies storage for the result. If PRIVILEGE_SET_ALL_NECESSARY is
2357 set in the Control member of PRIVILEGES_SET Result
2358 will only be TRUE if all privileges are present in the access token.
2366 IN POWER_INFORMATION_LEVEL PowerInformationLevel
,
2367 IN PVOID InputBuffer OPTIONAL
,
2368 IN ULONG InputBufferLength
,
2369 OUT PVOID OutputBuffer OPTIONAL
,
2370 IN ULONG OutputBufferLength
2376 IN POWER_INFORMATION_LEVEL PowerInformationLevel
,
2377 IN PVOID InputBuffer OPTIONAL
,
2378 IN ULONG InputBufferLength
,
2379 OUT PVOID OutputBuffer OPTIONAL
,
2380 IN ULONG OutputBufferLength
2386 IN HANDLE ClientToken
,
2387 IN PPRIVILEGE_SET RequiredPrivileges
,
2394 IN HANDLE ClientToken
,
2395 IN PPRIVILEGE_SET RequiredPrivileges
,
2401 NtPrivilegedServiceAuditAlarm(
2402 IN PUNICODE_STRING SubsystemName
,
2403 IN PUNICODE_STRING ServiceName
,
2404 IN HANDLE ClientToken
,
2405 IN PPRIVILEGE_SET Privileges
,
2406 IN BOOLEAN AccessGranted
2411 ZwPrivilegedServiceAuditAlarm(
2412 IN PUNICODE_STRING SubsystemName
,
2413 IN PUNICODE_STRING ServiceName
,
2414 IN HANDLE ClientToken
,
2415 IN PPRIVILEGE_SET Privileges
,
2416 IN BOOLEAN AccessGranted
2421 NtPrivilegeObjectAuditAlarm(
2422 IN PUNICODE_STRING SubsystemName
,
2424 IN HANDLE ClientToken
,
2425 IN ULONG DesiredAccess
,
2426 IN PPRIVILEGE_SET Privileges
,
2427 IN BOOLEAN AccessGranted
2432 ZwPrivilegeObjectAuditAlarm(
2433 IN PUNICODE_STRING SubsystemName
,
2435 IN HANDLE ClientToken
,
2436 IN ULONG DesiredAccess
,
2437 IN PPRIVILEGE_SET Privileges
,
2438 IN BOOLEAN AccessGranted
2442 * FUNCTION: Entry point for native applications
2444 * Peb = Pointes to the Process Environment Block (PEB)
2446 * Native applications should use this function instead of a main.
2447 * Calling proces should terminate itself.
2457 * FUNCTION: Signals an event and resets it afterwards.
2459 * EventHandle = Handle to the event
2460 * PulseCount = Number of times the action is repeated
2466 IN HANDLE EventHandle
,
2467 OUT PLONG PreviousState OPTIONAL
2473 IN HANDLE EventHandle
,
2474 OUT PLONG PreviousState OPTIONAL
2478 * FUNCTION: Queries the attributes of a file
2480 * ObjectAttributes = Initialized attributes for the object
2481 * Buffer = Caller supplies storage for the attributes
2487 NtQueryAttributesFile(
2488 IN POBJECT_ATTRIBUTES ObjectAttributes
,
2489 OUT PFILE_BASIC_INFORMATION FileInformation
2494 ZwQueryAttributesFile(
2495 IN POBJECT_ATTRIBUTES ObjectAttributes
,
2496 OUT PFILE_BASIC_INFORMATION FileInformation
2502 NtQueryBootEntryOrder(
2509 ZwQueryBootEntryOrder(
2528 * FUNCTION: Queries the default locale id
2530 * UserProfile = Type of locale id
2531 * TRUE: thread locale id
2532 * FALSE: system locale id
2533 * DefaultLocaleId = Caller supplies storage for the locale id
2539 NtQueryDefaultLocale(
2540 IN BOOLEAN UserProfile
,
2541 OUT PLCID DefaultLocaleId
2546 ZwQueryDefaultLocale(
2547 IN BOOLEAN UserProfile
,
2548 OUT PLCID DefaultLocaleId
2553 NtQueryDefaultUILanguage(
2559 ZwQueryDefaultUILanguage(
2564 * FUNCTION: Queries a directory file.
2566 * FileHandle = Handle to a directory file
2567 * EventHandle = Handle to the event signaled on completion
2568 * ApcRoutine = Asynchroneous procedure callback, called on completion
2569 * ApcContext = Argument to the apc.
2570 * IoStatusBlock = Caller supplies storage for extended status information.
2571 * FileInformation = Caller supplies storage for the resulting information.
2573 * FileNameInformation FILE_NAMES_INFORMATION
2574 * FileDirectoryInformation FILE_DIRECTORY_INFORMATION
2575 * FileFullDirectoryInformation FILE_FULL_DIRECTORY_INFORMATION
2576 * FileBothDirectoryInformation FILE_BOTH_DIR_INFORMATION
2578 * Length = Size of the storage supplied
2579 * FileInformationClass = Indicates the type of information requested.
2580 * ReturnSingleEntry = Specify true if caller only requests the first directory found.
2581 * FileName = Initial directory name to query, that may contain wild cards.
2582 * RestartScan = Number of times the action should be repeated
2583 * RETURNS: Status [ STATUS_SUCCESS, STATUS_ACCESS_DENIED, STATUS_INSUFFICIENT_RESOURCES,
2584 * STATUS_INVALID_PARAMETER, STATUS_INVALID_DEVICE_REQUEST, STATUS_BUFFER_OVERFLOW,
2585 * STATUS_INVALID_INFO_CLASS, STATUS_NO_SUCH_FILE, STATUS_NO_MORE_FILES ]
2590 NtQueryDirectoryFile(
2591 IN HANDLE FileHandle
,
2592 IN HANDLE Event OPTIONAL
,
2593 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
2594 IN PVOID ApcContext OPTIONAL
,
2595 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2596 OUT PVOID FileInformation
,
2598 IN FILE_INFORMATION_CLASS FileInformationClass
,
2599 IN BOOLEAN ReturnSingleEntry
,
2600 IN PUNICODE_STRING FileName OPTIONAL
,
2601 IN BOOLEAN RestartScan
2606 ZwQueryDirectoryFile(
2607 IN HANDLE FileHandle
,
2608 IN HANDLE Event OPTIONAL
,
2609 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
2610 IN PVOID ApcContext OPTIONAL
,
2611 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2612 OUT PVOID FileInformation
,
2614 IN FILE_INFORMATION_CLASS FileInformationClass
,
2615 IN BOOLEAN ReturnSingleEntry
,
2616 IN PUNICODE_STRING FileName OPTIONAL
,
2617 IN BOOLEAN RestartScan
2621 * FUNCTION: Queries the extended attributes of a file
2623 * FileHandle = Handle to the event
2624 * IoStatusBlock = Number of times the action is repeated
2638 IN HANDLE FileHandle
,
2639 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2642 IN BOOLEAN ReturnSingleEntry
,
2643 IN PVOID EaList OPTIONAL
,
2644 IN ULONG EaListLength
,
2645 IN PULONG EaIndex OPTIONAL
,
2646 IN BOOLEAN RestartScan
2652 IN HANDLE FileHandle
,
2653 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2656 IN BOOLEAN ReturnSingleEntry
,
2657 IN PVOID EaList OPTIONAL
,
2658 IN ULONG EaListLength
,
2659 IN PULONG EaIndex OPTIONAL
,
2660 IN BOOLEAN RestartScan
2664 * FUNCTION: Queries an event
2666 * EventHandle = Handle to the event
2667 * EventInformationClass = Index of the information structure
2669 EventBasicInformation EVENT_BASIC_INFORMATION
2671 * EventInformation = Caller supplies storage for the information structure
2672 * EventInformationLength = Size of the information structure
2673 * ReturnLength = Data written
2679 IN HANDLE EventHandle
,
2680 IN EVENT_INFORMATION_CLASS EventInformationClass
,
2681 OUT PVOID EventInformation
,
2682 IN ULONG EventInformationLength
,
2683 OUT PULONG ReturnLength OPTIONAL
2688 IN HANDLE EventHandle
,
2689 IN EVENT_INFORMATION_CLASS EventInformationClass
,
2690 OUT PVOID EventInformation
,
2691 IN ULONG EventInformationLength
,
2692 OUT PULONG ReturnLength OPTIONAL
2696 NtQueryFullAttributesFile(IN POBJECT_ATTRIBUTES ObjectAttributes
,
2697 OUT PFILE_NETWORK_OPEN_INFORMATION FileInformation
);
2700 ZwQueryFullAttributesFile(IN POBJECT_ATTRIBUTES ObjectAttributes
,
2701 OUT PFILE_NETWORK_OPEN_INFORMATION FileInformation
);
2704 * FUNCTION: Queries the information of a file object.
2706 * FileHandle = Handle to the file object
2707 * IoStatusBlock = Caller supplies storage for extended information
2708 * on the current operation.
2709 * FileInformation = Storage for the new file information
2710 * Lenght = Size of the storage for the file information.
2711 * FileInformationClass = Indicates which file information is queried
2713 FileDirectoryInformation FILE_DIRECTORY_INFORMATION
2714 FileFullDirectoryInformation FILE_FULL_DIRECTORY_INFORMATION
2715 FileBothDirectoryInformation FILE_BOTH_DIRECTORY_INFORMATION
2716 FileBasicInformation FILE_BASIC_INFORMATION
2717 FileStandardInformation FILE_STANDARD_INFORMATION
2718 FileInternalInformation FILE_INTERNAL_INFORMATION
2719 FileEaInformation FILE_EA_INFORMATION
2720 FileAccessInformation FILE_ACCESS_INFORMATION
2721 FileNameInformation FILE_NAME_INFORMATION
2722 FileRenameInformation FILE_RENAME_INFORMATION
2724 FileNamesInformation FILE_NAMES_INFORMATION
2725 FileDispositionInformation FILE_DISPOSITION_INFORMATION
2726 FilePositionInformation FILE_POSITION_INFORMATION
2727 FileFullEaInformation FILE_FULL_EA_INFORMATION
2728 FileModeInformation FILE_MODE_INFORMATION
2729 FileAlignmentInformation FILE_ALIGNMENT_INFORMATION
2730 FileAllInformation FILE_ALL_INFORMATION
2732 FileEndOfFileInformation FILE_END_OF_FILE_INFORMATION
2733 FileAlternateNameInformation
2734 FileStreamInformation FILE_STREAM_INFORMATION
2736 FilePipeLocalInformation
2737 FilePipeRemoteInformation
2738 FileMailslotQueryInformation
2739 FileMailslotSetInformation
2740 FileCompressionInformation FILE_COMPRESSION_INFORMATION
2741 FileCopyOnWriteInformation
2742 FileCompletionInformation IO_COMPLETION_CONTEXT
2743 FileMoveClusterInformation
2744 FileOleClassIdInformation
2745 FileOleStateBitsInformation
2746 FileNetworkOpenInformation FILE_NETWORK_OPEN_INFORMATION
2747 FileObjectIdInformation
2748 FileOleAllInformation
2749 FileOleDirectoryInformation
2750 FileContentIndexInformation
2751 FileInheritContentIndexInformation
2753 FileMaximumInformation
2756 * This procedure maps to the win32 GetShortPathName, GetLongPathName,
2757 GetFullPathName, GetFileType, GetFileSize, GetFileTime functions.
2762 NtQueryInformationFile(
2763 IN HANDLE FileHandle
,
2764 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2765 OUT PVOID FileInformation
,
2767 IN FILE_INFORMATION_CLASS FileInformationClass
2772 ZwQueryInformationFile(
2774 PIO_STATUS_BLOCK IoStatusBlock
,
2775 PVOID FileInformation
,
2777 FILE_INFORMATION_CLASS FileInformationClass
2782 NtQueryInformationJobObject(
2784 JOBOBJECTINFOCLASS JobInformationClass
,
2785 PVOID JobInformation
,
2786 ULONG JobInformationLength
,
2792 ZwQueryInformationJobObject(
2794 JOBOBJECTINFOCLASS JobInformationClass
,
2795 PVOID JobInformation
,
2796 ULONG JobInformationLength
,
2801 NtQueryInformationPort (HANDLE PortHandle
,
2802 CINT PortInformationClass
,
2803 PVOID PortInformation
,
2804 ULONG PortInformationLength
,
2805 PULONG ReturnLength
);
2807 #ifndef __USE_W32API
2809 ZwQueryInformationPort (HANDLE PortHandle
,
2810 CINT PortInformationClass
,
2811 PVOID PortInformation
,
2812 ULONG PortInformationLength
,
2813 PULONG ReturnLength
);
2817 * FUNCTION: Queries the information of a thread object.
2819 * ThreadHandle = Handle to the thread object
2820 * ThreadInformationClass = Index to a certain information structure
2822 ThreadBasicInformation THREAD_BASIC_INFORMATION
2823 ThreadTimes KERNEL_USER_TIMES
2824 ThreadPriority KPRIORITY
2825 ThreadBasePriority KPRIORITY
2826 ThreadAffinityMask KAFFINITY
2827 ThreadImpersonationToken
2828 ThreadDescriptorTableEntry
2829 ThreadEnableAlignmentFaultFixup
2831 ThreadQuerySetWin32StartAddress
2833 ThreadPerformanceCount
2834 ThreadAmILastThread BOOLEAN
2835 ThreadIdealProcessor ULONG
2836 ThreadPriorityBoost ULONG
2840 * ThreadInformation = Caller supplies torage for the thread information
2841 * ThreadInformationLength = Size of the thread information structure
2842 * ReturnLength = Actual number of bytes written
2845 * This procedure maps to the win32 GetThreadTimes, GetThreadPriority,
2846 GetThreadPriorityBoost functions.
2853 NtQueryInformationThread(
2854 IN HANDLE ThreadHandle
,
2855 IN THREADINFOCLASS ThreadInformationClass
,
2856 OUT PVOID ThreadInformation
,
2857 IN ULONG ThreadInformationLength
,
2858 OUT PULONG ReturnLength OPTIONAL
2863 ZwQueryInformationThread(
2864 IN HANDLE ThreadHandle
,
2865 IN THREADINFOCLASS ThreadInformationClass
,
2866 OUT PVOID ThreadInformation
,
2867 IN ULONG ThreadInformationLength
,
2868 OUT PULONG ReturnLength OPTIONAL
2874 NtQueryInformationToken(
2875 IN HANDLE TokenHandle
,
2876 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
2877 OUT PVOID TokenInformation
,
2878 IN ULONG TokenInformationLength
,
2879 OUT PULONG ReturnLength
2884 ZwQueryInformationToken(
2885 IN HANDLE TokenHandle
,
2886 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
2887 OUT PVOID TokenInformation
,
2888 IN ULONG TokenInformationLength
,
2889 OUT PULONG ReturnLength
2894 NtQueryInstallUILanguage(
2900 ZwQueryInstallUILanguage(
2906 NtQueryIoCompletion(
2907 IN HANDLE IoCompletionHandle
,
2908 IN IO_COMPLETION_INFORMATION_CLASS IoCompletionInformationClass
,
2909 OUT PVOID IoCompletionInformation
,
2910 IN ULONG IoCompletionInformationLength
,
2911 OUT PULONG ResultLength OPTIONAL
2916 ZwQueryIoCompletion(
2917 IN HANDLE IoCompletionHandle
,
2918 IN IO_COMPLETION_INFORMATION_CLASS IoCompletionInformationClass
,
2919 OUT PVOID IoCompletionInformation
,
2920 IN ULONG IoCompletionInformationLength
,
2921 OUT PULONG ResultLength OPTIONAL
2925 * FUNCTION: Queries the information of a registry key object.
2927 KeyHandle = Handle to a registry key
2928 KeyInformationClass = Index to a certain information structure
2929 KeyInformation = Caller supplies storage for resulting information
2930 Length = Size of the supplied storage
2931 ResultLength = Bytes written
2936 IN HANDLE KeyHandle
,
2937 IN KEY_INFORMATION_CLASS KeyInformationClass
,
2938 OUT PVOID KeyInformation
,
2940 OUT PULONG ResultLength
2946 IN HANDLE KeyHandle
,
2947 IN KEY_INFORMATION_CLASS KeyInformationClass
,
2948 OUT PVOID KeyInformation
,
2950 OUT PULONG ResultLength
2957 NtQueryQuotaInformationFile(
2958 IN HANDLE FileHandle
,
2959 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2962 IN BOOLEAN ReturnSingleEntry
,
2963 IN PVOID SidList OPTIONAL
,
2964 IN ULONG SidListLength
,
2965 IN PSID StartSid OPTIONAL
,
2966 IN BOOLEAN RestartScan
2972 ZwQueryQuotaInformationFile(
2973 IN HANDLE FileHandle
,
2974 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2977 IN BOOLEAN ReturnSingleEntry
,
2978 IN PVOID SidList OPTIONAL
,
2979 IN ULONG SidListLength
,
2980 IN PSID StartSid OPTIONAL
,
2981 IN BOOLEAN RestartScan
2987 NtQueryMultipleValueKey(
2988 IN HANDLE KeyHandle
,
2989 IN OUT PKEY_VALUE_ENTRY ValueList
,
2990 IN ULONG NumberOfValues
,
2992 IN OUT PULONG Length
,
2993 OUT PULONG ReturnLength
2998 ZwQueryMultipleValueKey(
2999 IN HANDLE KeyHandle
,
3000 IN OUT PKEY_VALUE_ENTRY ValueList
,
3001 IN ULONG NumberOfValues
,
3003 IN OUT PULONG Length
,
3004 OUT PULONG ReturnLength
3008 * FUNCTION: Queries the information of a mutant object.
3010 MutantHandle = Handle to a mutant
3011 MutantInformationClass = Index to a certain information structure
3012 MutantInformation = Caller supplies storage for resulting information
3013 Length = Size of the supplied storage
3014 ResultLength = Bytes written
3019 IN HANDLE MutantHandle
,
3020 IN MUTANT_INFORMATION_CLASS MutantInformationClass
,
3021 OUT PVOID MutantInformation
,
3022 IN ULONG MutantInformationLength
,
3023 OUT PULONG ResultLength OPTIONAL
3029 IN HANDLE MutantHandle
,
3030 IN MUTANT_INFORMATION_CLASS MutantInformationClass
,
3031 OUT PVOID MutantInformation
,
3032 IN ULONG MutantInformationLength
,
3033 OUT PULONG ResultLength OPTIONAL
3037 * FUNCTION: Queries the system ( high-resolution ) performance counter.
3039 * PerformanceCounter = Performance counter
3040 * PerformanceFrequency = Performance frequency
3042 This procedure queries a tick count faster than 10ms ( The resolution for Intel®-based CPUs is about 0.8 microseconds.)
3043 This procedure maps to the win32 QueryPerformanceCounter, QueryPerformanceFrequency
3049 NtQueryPerformanceCounter(
3050 OUT PLARGE_INTEGER PerformanceCounter
,
3051 OUT PLARGE_INTEGER PerformanceFrequency OPTIONAL
3056 ZwQueryPerformanceCounter(
3057 OUT PLARGE_INTEGER PerformanceCounter
,
3058 OUT PLARGE_INTEGER PerformanceFrequency OPTIONAL
3062 * FUNCTION: Queries the information of a semaphore.
3064 * SemaphoreHandle = Handle to the semaphore object
3065 * SemaphoreInformationClass = Index to a certain information structure
3067 SemaphoreBasicInformation SEMAPHORE_BASIC_INFORMATION
3069 * SemaphoreInformation = Caller supplies storage for the semaphore information structure
3070 * Length = Size of the infomation structure
3075 IN HANDLE SemaphoreHandle
,
3076 IN SEMAPHORE_INFORMATION_CLASS SemaphoreInformationClass
,
3077 OUT PVOID SemaphoreInformation
,
3079 OUT PULONG ReturnLength OPTIONAL
3085 IN HANDLE SemaphoreHandle
,
3086 IN SEMAPHORE_INFORMATION_CLASS SemaphoreInformationClass
,
3087 OUT PVOID SemaphoreInformation
,
3089 OUT PULONG ReturnLength OPTIONAL
3094 * FUNCTION: Queries the information of a symbolic link object.
3096 * SymbolicLinkHandle = Handle to the symbolic link object
3097 * LinkTarget = resolved name of link
3098 * DataWritten = size of the LinkName.
3104 NtQuerySymbolicLinkObject(
3105 IN HANDLE LinkHandle
,
3106 OUT PUNICODE_STRING LinkTarget
,
3107 OUT PULONG ResultLength OPTIONAL
3112 ZwQuerySymbolicLinkObject(
3113 IN HANDLE LinkHandle
,
3114 OUT PUNICODE_STRING LinkTarget
,
3115 OUT PULONG ResultLength OPTIONAL
3120 * FUNCTION: Queries a system environment variable.
3122 * Name = Name of the variable
3123 * Value (OUT) = value of the variable
3124 * Length = size of the buffer
3125 * ReturnLength = data written
3131 NtQuerySystemEnvironmentValue(
3132 IN PUNICODE_STRING VariableName
,
3133 OUT PWCHAR ValueBuffer
,
3134 IN ULONG ValueBufferLength
,
3135 OUT PULONG ReturnLength OPTIONAL
3140 ZwQuerySystemEnvironmentValue(
3141 IN PUNICODE_STRING VariableName
,
3142 OUT PWCHAR ValueBuffer
,
3143 IN ULONG ValueBufferLength
,
3144 OUT PULONG ReturnLength OPTIONAL
3149 * FUNCTION: Queries the system information.
3151 * SystemInformationClass = Index to a certain information structure
3153 SystemTimeAdjustmentInformation SYSTEM_TIME_ADJUSTMENT
3154 SystemCacheInformation SYSTEM_CACHE_INFORMATION
3155 SystemConfigurationInformation CONFIGURATION_INFORMATION
3157 * SystemInformation = caller supplies storage for the information structure
3158 * Length = size of the structure
3159 ResultLength = Data written
3165 NtQuerySystemInformation(
3166 IN SYSTEM_INFORMATION_CLASS SystemInformationClass
,
3167 OUT PVOID SystemInformation
,
3169 OUT PULONG ResultLength
3174 ZwQuerySystemInformation(
3175 IN SYSTEM_INFORMATION_CLASS SystemInformationClass
,
3176 OUT PVOID SystemInformation
,
3178 OUT PULONG ResultLength
3182 * FUNCTION: Queries information about a timer
3184 * TimerHandle = Handle to the timer
3185 TimerValueInformationClass = Index to a certain information structure
3186 TimerValueInformation = Caller supplies storage for the information structure
3187 Length = Size of the information structure
3188 ResultLength = Data written
3195 IN HANDLE TimerHandle
,
3196 IN TIMER_INFORMATION_CLASS TimerInformationClass
,
3197 OUT PVOID TimerInformation
,
3198 IN ULONG TimerInformationLength
,
3199 OUT PULONG ReturnLength OPTIONAL
3204 IN HANDLE TimerHandle
,
3205 IN TIMER_INFORMATION_CLASS TimerInformationClass
,
3206 OUT PVOID TimerInformation
,
3207 IN ULONG TimerInformationLength
,
3208 OUT PULONG ReturnLength OPTIONAL
3212 * FUNCTION: Queries the timer resolution
3214 * MinimumResolution (OUT) = Caller should supply storage for the resulting time.
3215 Maximum Resolution (OUT) = Caller should supply storage for the resulting time.
3216 ActualResolution (OUT) = Caller should supply storage for the resulting time.
3224 NtQueryTimerResolution (
3225 OUT PULONG MinimumResolution
,
3226 OUT PULONG MaximumResolution
,
3227 OUT PULONG ActualResolution
3232 ZwQueryTimerResolution (
3233 OUT PULONG MinimumResolution
,
3234 OUT PULONG MaximumResolution
,
3235 OUT PULONG ActualResolution
3239 * FUNCTION: Queries a registry key value
3241 * KeyHandle = Handle to the registry key
3242 ValueName = Name of the value in the registry key
3243 KeyValueInformationClass = Index to a certain information structure
3245 KeyValueBasicInformation = KEY_VALUE_BASIC_INFORMATION
3246 KeyValueFullInformation = KEY_FULL_INFORMATION
3247 KeyValuePartialInformation = KEY_VALUE_PARTIAL_INFORMATION
3249 KeyValueInformation = Caller supplies storage for the information structure
3250 Length = Size of the information structure
3251 ResultLength = Data written
3258 IN HANDLE KeyHandle
,
3259 IN PUNICODE_STRING ValueName
,
3260 IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass
,
3261 OUT PVOID KeyValueInformation
,
3263 OUT PULONG ResultLength
3269 IN HANDLE KeyHandle
,
3270 IN PUNICODE_STRING ValueName
,
3271 IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass
,
3272 OUT PVOID KeyValueInformation
,
3274 OUT PULONG ResultLength
3278 * FUNCTION: Queries the volume information
3280 * FileHandle = Handle to a file object on the target volume
3281 * IoStatusBlock = Caller should supply storage for additional status information
3282 * ReturnLength = DataWritten
3283 * FsInformation = Caller should supply storage for the information structure.
3284 * Length = Size of the information structure
3285 * FsInformationClass = Index to a information structure
3287 FileFsVolumeInformation FILE_FS_VOLUME_INFORMATION
3288 FileFsLabelInformation FILE_FS_LABEL_INFORMATION
3289 FileFsSizeInformation FILE_FS_SIZE_INFORMATION
3290 FileFsDeviceInformation FILE_FS_DEVICE_INFORMATION
3291 FileFsAttributeInformation FILE_FS_ATTRIBUTE_INFORMATION
3292 FileFsControlInformation
3293 FileFsQuotaQueryInformation --
3294 FileFsQuotaSetInformation --
3295 FileFsMaximumInformation
3297 * RETURNS: Status [ STATUS_SUCCESS | STATUS_INSUFFICIENT_RESOURCES | STATUS_INVALID_PARAMETER |
3298 STATUS_INVALID_DEVICE_REQUEST | STATUS_BUFFER_OVERFLOW ]
3303 NtQueryVolumeInformationFile(
3304 IN HANDLE FileHandle
,
3305 OUT PIO_STATUS_BLOCK IoStatusBlock
,
3306 OUT PVOID FsInformation
,
3308 IN FS_INFORMATION_CLASS FsInformationClass
3313 ZwQueryVolumeInformationFile(
3314 IN HANDLE FileHandle
,
3315 OUT PIO_STATUS_BLOCK IoStatusBlock
,
3316 OUT PVOID FsInformation
,
3318 IN FS_INFORMATION_CLASS FsInformationClass
3321 // FIXME: Should I specify if the apc is user or kernel mode somewhere ??
3323 * FUNCTION: Queues a (user) apc to a thread.
3325 ThreadHandle = Thread to which the apc is queued.
3326 ApcRoutine = Points to the apc routine
3327 NormalContext = Argument to Apc Routine
3328 * SystemArgument1 = Argument of the Apc Routine
3329 SystemArgument2 = Argument of the Apc Routine
3330 * REMARK: If the apc is queued against a thread of a different process than the calling thread
3331 the apc routine should be specified in the address space of the queued thread's process.
3338 HANDLE ThreadHandle
,
3339 PKNORMAL_ROUTINE ApcRoutine
,
3340 PVOID NormalContext
,
3341 PVOID SystemArgument1
,
3342 PVOID SystemArgument2
);
3347 HANDLE ThreadHandle
,
3348 PKNORMAL_ROUTINE ApcRoutine
,
3349 PVOID NormalContext
,
3350 PVOID SystemArgument1
,
3351 PVOID SystemArgument2
);
3355 * FUNCTION: Raises an exception
3357 * ExceptionRecord = Structure specifying the exception
3358 * Context = Context in which the excpetion is raised
3367 IN PEXCEPTION_RECORD ExceptionRecord
,
3368 IN PCONTEXT Context
,
3369 IN BOOLEAN SearchFrames
3375 IN PEXCEPTION_RECORD ExceptionRecord
,
3376 IN PCONTEXT Context
,
3377 IN BOOLEAN SearchFrames
3381 * FUNCTION: Read a file
3383 * FileHandle = Handle of a file to read
3384 * Event = This event is signalled when the read operation completes
3385 * UserApcRoutine = Call back , if supplied Event should be NULL
3386 * UserApcContext = Argument to the callback
3387 * IoStatusBlock = Caller should supply storage for additional status information
3388 * Buffer = Caller should supply storage to receive the information
3389 * BufferLength = Size of the buffer
3390 * ByteOffset = Offset to start reading the file
3391 * Key = If a range is lock a matching key will allow the read to continue.
3399 IN HANDLE FileHandle
,
3400 IN HANDLE Event OPTIONAL
,
3401 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL
,
3402 IN PVOID UserApcContext OPTIONAL
,
3403 OUT PIO_STATUS_BLOCK IoStatusBlock
,
3405 IN ULONG BufferLength
,
3406 IN PLARGE_INTEGER ByteOffset OPTIONAL
,
3407 IN PULONG Key OPTIONAL
3413 IN HANDLE FileHandle
,
3414 IN HANDLE Event OPTIONAL
,
3415 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL
,
3416 IN PVOID UserApcContext OPTIONAL
,
3417 OUT PIO_STATUS_BLOCK IoStatusBlock
,
3419 IN ULONG BufferLength
,
3420 IN PLARGE_INTEGER ByteOffset OPTIONAL
,
3421 IN PULONG Key OPTIONAL
3424 * FUNCTION: Read a file using scattered io
3426 FileHandle = Handle of a file to read
3427 Event = This event is signalled when the read operation completes
3428 * UserApcRoutine = Call back , if supplied Event should be NULL
3429 UserApcContext = Argument to the callback
3430 IoStatusBlock = Caller should supply storage for additional status information
3431 BufferDescription = Caller should supply storage to receive the information
3432 BufferLength = Size of the buffer
3433 ByteOffset = Offset to start reading the file
3434 Key = Key = If a range is lock a matching key will allow the read to continue.
3441 IN HANDLE FileHandle
,
3442 IN HANDLE Event OPTIONAL
,
3443 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL
,
3444 IN PVOID UserApcContext OPTIONAL
,
3445 OUT PIO_STATUS_BLOCK UserIoStatusBlock
,
3446 IN FILE_SEGMENT_ELEMENT BufferDescription
[],
3447 IN ULONG BufferLength
,
3448 IN PLARGE_INTEGER ByteOffset
,
3449 IN PULONG Key OPTIONAL
3455 IN HANDLE FileHandle
,
3456 IN HANDLE Event OPTIONAL
,
3457 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL
,
3458 IN PVOID UserApcContext OPTIONAL
,
3459 OUT PIO_STATUS_BLOCK UserIoStatusBlock
,
3460 IN FILE_SEGMENT_ELEMENT BufferDescription
[],
3461 IN ULONG BufferLength
,
3462 IN PLARGE_INTEGER ByteOffset
,
3463 IN PULONG Key OPTIONAL
3468 NtReadRequestData (HANDLE PortHandle
,
3469 PLPC_MESSAGE Message
,
3473 PULONG ReturnLength
);
3476 ZwReadRequestData (HANDLE PortHandle
,
3477 PLPC_MESSAGE Message
,
3481 PULONG ReturnLength
);
3485 * FUNCTION: Copies a range of virtual memory to a buffer
3487 * ProcessHandle = Specifies the process owning the virtual address space
3488 * BaseAddress = Points to the address of virtual memory to start the read
3489 * Buffer = Caller supplies storage to copy the virtual memory to.
3490 * NumberOfBytesToRead = Limits the range to read
3491 * NumberOfBytesRead = The actual number of bytes read.
3497 NtReadVirtualMemory(
3498 IN HANDLE ProcessHandle
,
3499 IN PVOID BaseAddress
,
3501 IN ULONG NumberOfBytesToRead
,
3502 OUT PULONG NumberOfBytesRead
3506 ZwReadVirtualMemory(
3507 IN HANDLE ProcessHandle
,
3508 IN PVOID BaseAddress
,
3510 IN ULONG NumberOfBytesToRead
,
3511 OUT PULONG NumberOfBytesRead
3516 * FUNCTION: Debugger can register for thread termination
3518 * TerminationPort = Port on which the debugger likes to be notified.
3523 NtRegisterThreadTerminatePort(
3528 ZwRegisterThreadTerminatePort(
3533 * FUNCTION: Releases a mutant
3535 * MutantHandle = Handle to the mutant
3542 IN HANDLE MutantHandle
,
3543 IN PLONG PreviousCount OPTIONAL
3549 IN HANDLE MutantHandle
,
3550 IN PLONG PreviousCount OPTIONAL
3554 * FUNCTION: Releases a semaphore
3556 * SemaphoreHandle = Handle to the semaphore object
3557 * ReleaseCount = Number to decrease the semaphore count
3558 * PreviousCount = Previous semaphore count
3564 IN HANDLE SemaphoreHandle
,
3565 IN LONG ReleaseCount
,
3566 OUT PLONG PreviousCount OPTIONAL
3572 IN HANDLE SemaphoreHandle
,
3573 IN LONG ReleaseCount
,
3574 OUT PLONG PreviousCount OPTIONAL
3578 * FUNCTION: Removes an io completion
3580 * CompletionPort (OUT) = Caller supplied storage for the resulting handle
3581 * CompletionKey = Requested access to the key
3582 * IoStatusBlock = Caller provides storage for extended status information
3583 * CompletionStatus = Current status of the io operation.
3584 * WaitTime = Time to wait if ..
3589 NtRemoveIoCompletion(
3590 IN HANDLE IoCompletionHandle
,
3591 OUT PVOID
*CompletionKey
,
3592 OUT PVOID
*CompletionContext
,
3593 OUT PIO_STATUS_BLOCK IoStatusBlock
,
3594 IN PLARGE_INTEGER Timeout OPTIONAL
3599 ZwRemoveIoCompletion(
3600 IN HANDLE IoCompletionHandle
,
3601 OUT PVOID
*CompletionKey
,
3602 OUT PVOID
*CompletionValue
,
3603 OUT PIO_STATUS_BLOCK IoStatusBlock
,
3604 IN PLARGE_INTEGER Timeout OPTIONAL
3608 * FUNCTION: Replaces one registry key with another
3610 * ObjectAttributes = Specifies the attributes of the key
3611 * Key = Handle to the key
3612 * ReplacedObjectAttributes = The function returns the old object attributes
3618 IN POBJECT_ATTRIBUTES ObjectAttributes
,
3620 IN POBJECT_ATTRIBUTES ReplacedObjectAttributes
3625 IN POBJECT_ATTRIBUTES ObjectAttributes
,
3627 IN POBJECT_ATTRIBUTES ReplacedObjectAttributes
3632 NtReplyPort (HANDLE PortHandle
,
3633 PLPC_MESSAGE LpcReply
);
3636 ZwReplyPort (HANDLE PortHandle
,
3637 PLPC_MESSAGE LpcReply
);
3641 NtReplyWaitReceivePort (HANDLE PortHandle
,
3643 PLPC_MESSAGE MessageReply
,
3644 PLPC_MESSAGE MessageRequest
);
3647 ZwReplyWaitReceivePort (HANDLE PortHandle
,
3649 PLPC_MESSAGE MessageReply
,
3650 PLPC_MESSAGE MessageRequest
);
3654 NtReplyWaitReplyPort (HANDLE PortHandle
,
3655 PLPC_MESSAGE ReplyMessage
);
3658 ZwReplyWaitReplyPort (HANDLE PortHandle
,
3659 PLPC_MESSAGE ReplyMessage
);
3663 NtRequestPort (HANDLE PortHandle
,
3664 PLPC_MESSAGE LpcMessage
);
3667 ZwRequestPort (HANDLE PortHandle
,
3668 PLPC_MESSAGE LpcMessage
);
3672 NtRequestWaitReplyPort (HANDLE PortHandle
,
3673 PLPC_MESSAGE LpcReply
,
3674 PLPC_MESSAGE LpcRequest
);
3677 ZwRequestWaitReplyPort (HANDLE PortHandle
,
3678 PLPC_MESSAGE LpcReply
,
3679 PLPC_MESSAGE LpcRequest
);
3682 * FUNCTION: Resets a event to a non signaled state
3684 * EventHandle = Handle to the event that should be reset
3685 * NumberOfWaitingThreads = The number of threads released.
3692 OUT PLONG PreviousState OPTIONAL
3698 OUT PLONG PreviousState OPTIONAL
3717 * FUNCTION: Decrements a thread's resume count
3719 * ThreadHandle = Handle to the thread that should be resumed
3720 * ResumeCount = The resulting resume count.
3722 * A thread is resumed if its suspend count is 0. This procedure maps to
3723 * the win32 ResumeThread function. ( documentation about the the suspend count can be found here aswell )
3729 IN HANDLE ThreadHandle
,
3730 OUT PULONG SuspendCount OPTIONAL
3735 IN HANDLE ThreadHandle
,
3736 OUT PULONG SuspendCount OPTIONAL
3739 * FUNCTION: Writes the content of a registry key to ascii file
3741 * KeyHandle = Handle to the key
3742 * FileHandle = Handle of the file
3744 This function maps to the Win32 RegSaveKey.
3751 IN HANDLE KeyHandle
,
3752 IN HANDLE FileHandle
3757 IN HANDLE KeyHandle
,
3758 IN HANDLE FileHandle
3764 IN HANDLE KeyHandle
,
3765 IN HANDLE FileHandle
,
3766 IN ULONG Flags
// REG_STANDARD_FORMAT, etc..
3772 IN HANDLE KeyHandle
,
3773 IN HANDLE FileHandle
,
3774 IN ULONG Flags
// REG_STANDARD_FORMAT, etc..
3779 NtSetBootEntryOrder(
3786 ZwSetBootEntryOrder(
3807 * FUNCTION: Sets the context of a specified thread.
3809 * ThreadHandle = Handle to the thread
3810 * ThreadContext = The processor context.
3817 IN HANDLE ThreadHandle
,
3818 IN PCONTEXT ThreadContext
3823 IN HANDLE ThreadHandle
,
3824 IN PCONTEXT ThreadContext
3828 * FUNCTION: Sets the default locale id
3830 * UserProfile = Type of locale id
3831 * TRUE: thread locale id
3832 * FALSE: system locale id
3833 * DefaultLocaleId = Locale id
3840 IN BOOLEAN UserProfile
,
3841 IN LCID DefaultLocaleId
3847 IN BOOLEAN UserProfile
,
3848 IN LCID DefaultLocaleId
3853 NtSetDefaultUILanguage(
3859 ZwSetDefaultUILanguage(
3863 * FUNCTION: Sets the default hard error port
3865 * PortHandle = Handle to the port
3866 * NOTE: The hard error port is used for first change exception handling
3871 NtSetDefaultHardErrorPort(
3872 IN HANDLE PortHandle
3876 ZwSetDefaultHardErrorPort(
3877 IN HANDLE PortHandle
3881 * FUNCTION: Sets the extended attributes of a file.
3883 * FileHandle = Handle to the file
3884 * IoStatusBlock = Storage for a resulting status and information
3885 * on the current operation.
3886 * EaBuffer = Extended Attributes buffer.
3887 * EaBufferSize = Size of the extended attributes buffer
3893 IN HANDLE FileHandle
,
3894 IN PIO_STATUS_BLOCK IoStatusBlock
,
3901 IN HANDLE FileHandle
,
3902 IN PIO_STATUS_BLOCK IoStatusBlock
,
3907 //FIXME: should I return the event state ?
3910 * FUNCTION: Sets the event to a signalled state.
3912 * EventHandle = Handle to the event
3913 * NumberOfThreadsReleased = The number of threads released
3915 * This procedure maps to the win32 SetEvent function.
3922 IN HANDLE EventHandle
,
3923 OUT PLONG PreviousState OPTIONAL
3929 IN HANDLE EventHandle
,
3930 OUT PLONG PreviousState OPTIONAL
3934 * FUNCTION: Sets the high part of an event pair
3936 EventPair = Handle to the event pair
3943 IN HANDLE EventPairHandle
3949 IN HANDLE EventPairHandle
3952 * FUNCTION: Sets the high part of an event pair and wait for the low part
3954 EventPair = Handle to the event pair
3959 NtSetHighWaitLowEventPair(
3960 IN HANDLE EventPairHandle
3964 ZwSetHighWaitLowEventPair(
3965 IN HANDLE EventPairHandle
3969 * FUNCTION: Sets the information of a file object.
3971 * FileHandle = Handle to the file object
3972 * IoStatusBlock = Caller supplies storage for extended information
3973 * on the current operation.
3974 * FileInformation = Storage for the new file information
3975 * Lenght = Size of the new file information.
3976 * FileInformationClass = Indicates to a certain information structure
3978 FileNameInformation FILE_NAME_INFORMATION
3979 FileRenameInformation FILE_RENAME_INFORMATION
3980 FileStreamInformation FILE_STREAM_INFORMATION
3981 * FileCompletionInformation IO_COMPLETION_CONTEXT
3984 * This procedure maps to the win32 SetEndOfFile, SetFileAttributes,
3985 * SetNamedPipeHandleState, SetMailslotInfo functions.
3992 NtSetInformationFile(
3993 IN HANDLE FileHandle
,
3994 IN PIO_STATUS_BLOCK IoStatusBlock
,
3995 IN PVOID FileInformation
,
3997 IN FILE_INFORMATION_CLASS FileInformationClass
4001 ZwSetInformationFile(
4002 IN HANDLE FileHandle
,
4003 IN PIO_STATUS_BLOCK IoStatusBlock
,
4004 IN PVOID FileInformation
,
4006 IN FILE_INFORMATION_CLASS FileInformationClass
4011 NtSetInformationJobObject(
4013 JOBOBJECTINFOCLASS JobInformationClass
,
4014 PVOID JobInformation
,
4015 ULONG JobInformationLength
4020 ZwSetInformationJobObject(
4022 JOBOBJECTINFOCLASS JobInformationClass
,
4023 PVOID JobInformation
,
4024 ULONG JobInformationLength
4027 * FUNCTION: Changes a set of thread specific parameters
4029 * ThreadHandle = Handle to the thread
4030 * ThreadInformationClass = Index to the set of parameters to change.
4031 * Can be one of the following values:
4033 * ThreadBasicInformation THREAD_BASIC_INFORMATION
4034 * ThreadPriority KPRIORITY //???
4035 * ThreadBasePriority KPRIORITY
4036 * ThreadAffinityMask KAFFINITY //??
4037 * ThreadImpersonationToken ACCESS_TOKEN
4038 * ThreadIdealProcessor ULONG
4039 * ThreadPriorityBoost ULONG
4041 * ThreadInformation = Caller supplies storage for parameters to set.
4042 * ThreadInformationLength = Size of the storage supplied
4047 NtSetInformationThread(
4048 IN HANDLE ThreadHandle
,
4049 IN THREADINFOCLASS ThreadInformationClass
,
4050 IN PVOID ThreadInformation
,
4051 IN ULONG ThreadInformationLength
4055 ZwSetInformationThread(
4056 IN HANDLE ThreadHandle
,
4057 IN THREADINFOCLASS ThreadInformationClass
,
4058 IN PVOID ThreadInformation
,
4059 IN ULONG ThreadInformationLength
4063 * FUNCTION: Changes a set of token specific parameters
4065 * TokenHandle = Handle to the token
4066 * TokenInformationClass = Index to a certain information structure.
4067 * Can be one of the following values:
4069 TokenUser TOKEN_USER
4070 TokenGroups TOKEN_GROUPS
4071 TokenPrivileges TOKEN_PRIVILEGES
4072 TokenOwner TOKEN_OWNER
4073 TokenPrimaryGroup TOKEN_PRIMARY_GROUP
4074 TokenDefaultDacl TOKEN_DEFAULT_DACL
4075 TokenSource TOKEN_SOURCE
4076 TokenType TOKEN_TYPE
4077 TokenImpersonationLevel TOKEN_IMPERSONATION_LEVEL
4078 TokenStatistics TOKEN_STATISTICS
4080 * TokenInformation = Caller supplies storage for information structure.
4081 * TokenInformationLength = Size of the information structure
4087 NtSetInformationToken(
4088 IN HANDLE TokenHandle
,
4089 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
4090 OUT PVOID TokenInformation
,
4091 IN ULONG TokenInformationLength
4096 ZwSetInformationToken(
4097 IN HANDLE TokenHandle
,
4098 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
4099 OUT PVOID TokenInformation
,
4100 IN ULONG TokenInformationLength
4105 * FUNCTION: Sets an io completion
4110 * NumberOfBytesToTransfer =
4111 * NumberOfBytesTransferred =
4117 IN HANDLE IoCompletionPortHandle
,
4118 IN PVOID CompletionKey
,
4119 IN PVOID CompletionContext
,
4120 IN NTSTATUS CompletionStatus
,
4121 IN ULONG CompletionInformation
4127 IN HANDLE IoCompletionPortHandle
,
4128 IN PVOID CompletionKey
,
4129 IN PVOID CompletionContext
,
4130 IN NTSTATUS CompletionStatus
,
4131 IN ULONG CompletionInformation
4135 * FUNCTION: Set properties for profiling
4145 NtSetIntervalProfile(
4147 KPROFILE_SOURCE ClockSource
4152 ZwSetIntervalProfile(
4154 KPROFILE_SOURCE ClockSource
4159 * FUNCTION: Sets the low part of an event pair
4161 EventPair = Handle to the event pair
4176 * FUNCTION: Sets the low part of an event pair and wait for the high part
4178 EventPair = Handle to the event pair
4183 NtSetLowWaitHighEventPair(
4188 ZwSetLowWaitHighEventPair(
4192 /* NtSetLowWaitHighThread effectively invokes NtSetLowWaitHighEventPair on the
4193 * event pair of the thread.
4197 NtSetLowWaitHighThread(
4200 /* ZwSetLowWaitHighThread effectively invokes ZwSetLowWaitHighEventPair on the
4201 * event pair of the thread.
4205 ZwSetLowWaitHighThread(
4209 /* NtSetHighWaitLowThread effectively invokes NtSetHighWaitLowEventPair on the
4210 * event pair of the thread.
4214 NtSetHighWaitLowThread(
4218 /* ZwSetHighWaitLowThread effectively invokes ZwSetHighWaitLowEventPair on the
4219 * event pair of the thread.
4223 ZwSetHighWaitLowThread(
4229 NtSetQuotaInformationFile(
4231 PIO_STATUS_BLOCK IoStatusBlock
,
4232 PFILE_USER_QUOTA_INFORMATION Buffer
,
4238 ZwSetQuotaInformationFile(
4240 PIO_STATUS_BLOCK IoStatusBlock
,
4241 PFILE_USER_QUOTA_INFORMATION Buffer
,
4247 NtSetSecurityObject(
4249 IN SECURITY_INFORMATION SecurityInformation
,
4250 IN PSECURITY_DESCRIPTOR SecurityDescriptor
4255 ZwSetSecurityObject(
4257 IN SECURITY_INFORMATION SecurityInformation
,
4258 IN PSECURITY_DESCRIPTOR SecurityDescriptor
4263 * FUNCTION: Sets a system environment variable
4265 * ValueName = Name of the environment variable
4266 * Value = Value of the environment variable
4271 NtSetSystemEnvironmentValue(
4272 IN PUNICODE_STRING VariableName
,
4273 IN PUNICODE_STRING Value
4277 ZwSetSystemEnvironmentValue(
4278 IN PUNICODE_STRING VariableName
,
4279 IN PUNICODE_STRING Value
4282 * FUNCTION: Sets system parameters
4284 * SystemInformationClass = Index to a particular set of system parameters
4285 * Can be one of the following values:
4287 * SystemTimeAdjustmentInformation SYSTEM_TIME_ADJUSTMENT
4289 * SystemInformation = Structure containing the parameters.
4290 * SystemInformationLength = Size of the structure.
4295 NtSetSystemInformation(
4296 IN SYSTEM_INFORMATION_CLASS SystemInformationClass
,
4297 IN PVOID SystemInformation
,
4298 IN ULONG SystemInformationLength
4303 ZwSetSystemInformation(
4304 IN SYSTEM_INFORMATION_CLASS SystemInformationClass
,
4305 IN PVOID SystemInformation
,
4306 IN ULONG SystemInformationLength
4310 * FUNCTION: Sets the system time
4312 * SystemTime = Old System time
4313 * NewSystemTime = New System time
4319 IN PLARGE_INTEGER SystemTime
,
4320 IN PLARGE_INTEGER NewSystemTime OPTIONAL
4325 IN PLARGE_INTEGER SystemTime
,
4326 IN PLARGE_INTEGER NewSystemTime OPTIONAL
4330 * FUNCTION: Sets the frequency of the system timer
4332 * RequestedResolution =
4334 * ActualResolution =
4339 NtSetTimerResolution(
4340 IN ULONG DesiredResolution
,
4341 IN BOOLEAN SetResolution
,
4342 OUT PULONG CurrentResolution
4346 ZwSetTimerResolution(
4347 IN ULONG DesiredResolution
,
4348 IN BOOLEAN SetResolution
,
4349 OUT PULONG CurrentResolution
4353 * FUNCTION: Sets the value of a registry key
4355 * KeyHandle = Handle to a registry key
4356 * ValueName = Name of the value entry to change
4357 * TitleIndex = pointer to a structure containing the new volume information
4358 * Type = Type of the registry key. Can be one of the values:
4359 * REG_BINARY Unspecified binary data
4360 * REG_DWORD A 32 bit value
4361 * REG_DWORD_LITTLE_ENDIAN Same as REG_DWORD
4362 * REG_DWORD_BIG_ENDIAN A 32 bit value whose least significant byte is at the highest address
4363 * REG_EXPAND_SZ A zero terminated wide character string with unexpanded environment variables ( "%PATH%" )
4364 * REG_LINK A zero terminated wide character string referring to a symbolic link.
4365 * REG_MULTI_SZ A series of zero-terminated strings including a additional trailing zero
4366 * REG_NONE Unspecified type
4367 * REG_SZ A wide character string ( zero terminated )
4368 * REG_RESOURCE_LIST ??
4369 * REG_RESOURCE_REQUIREMENTS_LIST ??
4370 * REG_FULL_RESOURCE_DESCRIPTOR ??
4371 * Data = Contains the data for the registry key.
4372 * DataSize = size of the data.
4378 IN HANDLE KeyHandle
,
4379 IN PUNICODE_STRING ValueName
,
4380 IN ULONG TitleIndex OPTIONAL
,
4388 IN HANDLE KeyHandle
,
4389 IN PUNICODE_STRING ValueName
,
4390 IN ULONG TitleIndex OPTIONAL
,
4397 * FUNCTION: Sets the volume information.
4399 * FileHandle = Handle to the file
4400 * IoStatusBlock = Caller should supply storage for additional status information
4401 * VolumeInformation = pointer to a structure containing the new volume information
4402 * Length = size of the structure.
4403 * VolumeInformationClass = specifies the particular volume information to set
4408 NtSetVolumeInformationFile(
4409 IN HANDLE FileHandle
,
4410 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4411 IN PVOID FsInformation
,
4413 IN FS_INFORMATION_CLASS FsInformationClass
4418 ZwSetVolumeInformationFile(
4419 IN HANDLE FileHandle
,
4420 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4421 IN PVOID FsInformation
,
4423 IN FS_INFORMATION_CLASS FsInformationClass
4427 * FUNCTION: Shuts the system down
4429 * Action = Specifies the type of shutdown, it can be one of the following values:
4430 * ShutdownNoReboot, ShutdownReboot, ShutdownPowerOff
4436 IN SHUTDOWN_ACTION Action
4442 IN SHUTDOWN_ACTION Action
4446 * FUNCTION: Signals an object and wait for an other one.
4448 * SignalObject = Handle to the object that should be signaled
4449 * WaitObject = Handle to the object that should be waited for
4450 * Alertable = True if the wait is alertable
4451 * Time = The time to wait
4456 NtSignalAndWaitForSingleObject(
4457 IN HANDLE SignalObject
,
4458 IN HANDLE WaitObject
,
4459 IN BOOLEAN Alertable
,
4460 IN PLARGE_INTEGER Time
4465 NtSignalAndWaitForSingleObject(
4466 IN HANDLE SignalObject
,
4467 IN HANDLE WaitObject
,
4468 IN BOOLEAN Alertable
,
4469 IN PLARGE_INTEGER Time
4473 * FUNCTION: Starts profiling
4475 * ProfileHandle = Handle to the profile
4482 HANDLE ProfileHandle
4488 HANDLE ProfileHandle
4492 * FUNCTION: Stops profiling
4494 * ProfileHandle = Handle to the profile
4501 HANDLE ProfileHandle
4507 HANDLE ProfileHandle
4510 /* --- PROCESS MANAGEMENT --- */
4512 //--NtSystemDebugControl
4514 * FUNCTION: Terminates the execution of a process.
4516 * ThreadHandle = Handle to the process
4517 * ExitStatus = The exit status of the process to terminate with.
4519 * Native applications should kill themselves using this function.
4525 IN HANDLE ProcessHandle OPTIONAL
,
4526 IN NTSTATUS ExitStatus
4531 IN HANDLE ProcessHandle OPTIONAL
,
4532 IN NTSTATUS ExitStatus
4537 NtTerminateJobObject(
4544 ZwTerminateJobObject(
4552 IN ULONG TraceHandle
,
4554 IN ULONG TraceHeaderLength
,
4555 IN
struct _EVENT_TRACE_HEADER
* TraceHeader
4561 IN ULONG TraceHandle
,
4563 IN ULONG TraceHeaderLength
,
4564 IN
struct _EVENT_TRACE_HEADER
* TraceHeader
4569 NtTranslateFilePath(
4578 ZwTranslateFilePath(
4584 * FUNCTION: Unloads a driver.
4586 * DriverServiceName = Name of the driver to unload
4592 IN PUNICODE_STRING DriverServiceName
4597 IN PUNICODE_STRING DriverServiceName
4601 * FUNCTION: Unmaps a piece of virtual memory backed by a file.
4603 * ProcessHandle = Handle to the process
4604 * BaseAddress = The address where the mapping begins
4606 This procedure maps to the win32 UnMapViewOfFile
4611 NtUnmapViewOfSection(
4612 IN HANDLE ProcessHandle
,
4613 IN PVOID BaseAddress
4617 ZwUnmapViewOfSection(
4618 IN HANDLE ProcessHandle
,
4619 IN PVOID BaseAddress
4624 NtWriteRequestData (HANDLE PortHandle
,
4625 PLPC_MESSAGE Message
,
4629 PULONG ReturnLength
);
4632 ZwWriteRequestData (HANDLE PortHandle
,
4633 PLPC_MESSAGE Message
,
4637 PULONG ReturnLength
);
4641 * FUNCTION: Writes a range of virtual memory
4643 * ProcessHandle = The handle to the process owning the address space.
4644 * BaseAddress = The points to the address to write to
4645 * Buffer = Pointer to the buffer to write
4646 * NumberOfBytesToWrite = Offset to the upper boundary to write
4647 * NumberOfBytesWritten = Total bytes written
4649 * This function maps to the win32 WriteProcessMemory
4654 NtWriteVirtualMemory(
4655 IN HANDLE ProcessHandle
,
4656 IN PVOID BaseAddress
,
4658 IN ULONG NumberOfBytesToWrite
,
4659 OUT PULONG NumberOfBytesWritten
4664 ZwWriteVirtualMemory(
4665 IN HANDLE ProcessHandle
,
4666 IN PVOID BaseAddress
,
4668 IN ULONG NumberOfBytesToWrite
,
4669 OUT PULONG NumberOfBytesWritten
4674 * FUNCTION: Waits for an object to become signalled.
4676 * Object = The object handle
4677 * Alertable = If true the wait is alertable.
4678 * Time = The maximum wait time.
4680 * This function maps to the win32 WaitForSingleObjectEx.
4685 NtWaitForSingleObject (
4687 IN BOOLEAN Alertable
,
4688 IN PLARGE_INTEGER Time
4693 ZwWaitForSingleObject (
4695 IN BOOLEAN Alertable
,
4696 IN PLARGE_INTEGER Time
4699 /* --- EVENT PAIR OBJECT --- */
4702 * FUNCTION: Waits for the high part of an eventpair to become signalled
4704 * EventPairHandle = Handle to the event pair.
4710 NtWaitHighEventPair(
4711 IN HANDLE EventPairHandle
4716 ZwWaitHighEventPair(
4717 IN HANDLE EventPairHandle
4721 * FUNCTION: Waits for the low part of an eventpair to become signalled
4723 * EventPairHandle = Handle to the event pair.
4729 IN HANDLE EventPairHandle
4735 IN HANDLE EventPairHandle
4738 /* --- FILE MANAGEMENT --- */
4741 * FUNCTION: Unlocks a range of bytes in a file.
4743 * FileHandle = Handle to the file
4744 * IoStatusBlock = Caller should supply storage for a structure containing
4745 * the completion status and information about the requested unlock operation.
4746 The information field is set to the number of bytes unlocked.
4747 * ByteOffset = Offset to start the range of bytes to unlock
4748 * Length = Number of bytes to unlock.
4749 * Key = Special value to enable other threads to unlock a file than the
4750 thread that locked the file. The key supplied must match with the one obtained
4751 in a previous call to NtLockFile.
4753 This procedure maps to the win32 procedure UnlockFileEx. STATUS_PENDING is returned if the lock could
4754 not be obtained immediately, the device queue is busy and the IRP is queued.
4755 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES |
4756 STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_RANGE_NOT_LOCKED ]
4761 IN HANDLE FileHandle
,
4762 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4763 IN PLARGE_INTEGER ByteOffset
,
4764 IN PLARGE_INTEGER Lenght
,
4765 OUT PULONG Key OPTIONAL
4770 IN HANDLE FileHandle
,
4771 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4772 IN PLARGE_INTEGER ByteOffset
,
4773 IN PLARGE_INTEGER Lenght
,
4774 OUT PULONG Key OPTIONAL
4778 * FUNCTION: Writes data to a file
4780 * FileHandle = The handle a file ( from NtCreateFile )
4781 * Event = Specifies a event that will become signalled when the write operation completes.
4782 * ApcRoutine = Asynchroneous Procedure Callback [ Should not be used by device drivers ]
4783 * ApcContext = Argument to the Apc Routine
4784 * IoStatusBlock = Caller should supply storage for a structure containing the completion status and information about the requested write operation.
4785 * Buffer = Caller should supply storage for a buffer that will contain the information to be written to file.
4786 * Length = Size in bytest of the buffer
4787 * ByteOffset = Points to a file offset. If a combination of Length and BytesOfSet is past the end-of-file mark the file will be enlarged.
4788 * BytesOffset is ignored if the file is created with FILE_APPEND_DATA in the DesiredAccess. BytesOffset is also ignored if
4789 * the file is created with CreateOptions flags FILE_SYNCHRONOUS_IO_ALERT or FILE_SYNCHRONOUS_IO_NONALERT set, in that case a offset
4790 * should be created by specifying FILE_USE_FILE_POINTER_POSITION.
4793 * This function maps to the win32 WriteFile.
4794 * Callers to NtWriteFile should run at IRQL PASSIVE_LEVEL.
4795 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES
4796 STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_FILE_LOCK_CONFLICT ]
4801 IN HANDLE FileHandle
,
4802 IN HANDLE Event OPTIONAL
,
4803 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
4804 IN PVOID ApcContext OPTIONAL
,
4805 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4808 IN PLARGE_INTEGER ByteOffset
,
4809 IN PULONG Key OPTIONAL
4815 IN HANDLE FileHandle
,
4816 IN HANDLE Event OPTIONAL
,
4817 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
4818 IN PVOID ApcContext OPTIONAL
,
4819 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4822 IN PLARGE_INTEGER ByteOffset
,
4823 IN PULONG Key OPTIONAL
4827 * FUNCTION: Writes a file
4829 * FileHandle = The handle of the file
4831 * ApcRoutine = Asynchroneous Procedure Callback [ Should not be used by device drivers ]
4832 * ApcContext = Argument to the Apc Routine
4833 * IoStatusBlock = Caller should supply storage for a structure containing the completion status and information about the requested write operation.
4834 * BufferDescription = Caller should supply storage for a buffer that will contain the information to be written to file.
4835 * BufferLength = Size in bytest of the buffer
4836 * ByteOffset = Points to a file offset. If a combination of Length and BytesOfSet is past the end-of-file mark the file will be enlarged.
4837 * BytesOffset is ignored if the file is created with FILE_APPEND_DATA in the DesiredAccess. BytesOffset is also ignored if
4838 * the file is created with CreateOptions flags FILE_SYNCHRONOUS_IO_ALERT or FILE_SYNCHRONOUS_IO_NONALERT set, in that case a offset
4839 * should be created by specifying FILE_USE_FILE_POINTER_POSITION. Use FILE_WRITE_TO_END_OF_FILE to write to the EOF.
4840 * Key = If a matching key [ a key provided at NtLockFile ] is provided the write operation will continue even if a byte range is locked.
4842 * This function maps to the win32 WriteFile.
4843 * Callers to NtWriteFile should run at IRQL PASSIVE_LEVEL.
4844 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES
4845 STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_FILE_LOCK_CONFLICT ]
4851 IN HANDLE FileHandle
,
4852 IN HANDLE Event OPTIONAL
,
4853 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
4854 IN PVOID ApcContext OPTIONAL
,
4855 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4856 IN FILE_SEGMENT_ELEMENT BufferDescription
[],
4857 IN ULONG BufferLength
,
4858 IN PLARGE_INTEGER ByteOffset
,
4859 IN PULONG Key OPTIONAL
4865 IN HANDLE FileHandle
,
4866 IN HANDLE Event OPTIONAL
,
4867 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
4868 IN PVOID ApcContext OPTIONAL
,
4869 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4870 IN FILE_SEGMENT_ELEMENT BufferDescription
[],
4871 IN ULONG BufferLength
,
4872 IN PLARGE_INTEGER ByteOffset
,
4873 IN PULONG Key OPTIONAL
4877 /* --- THREAD MANAGEMENT --- */
4880 * FUNCTION: Increments a thread's resume count
4882 * ThreadHandle = Handle to the thread that should be resumed
4883 * PreviousSuspendCount = The resulting/previous suspend count.
4885 * A thread will be suspended if its suspend count is greater than 0. This procedure maps to
4886 * the win32 SuspendThread function. ( documentation about the the suspend count can be found here aswell )
4887 * The suspend count is not increased if it is greater than MAXIMUM_SUSPEND_COUNT.
4893 IN HANDLE ThreadHandle
,
4894 OUT PULONG PreviousSuspendCount OPTIONAL
4900 IN HANDLE ThreadHandle
,
4901 OUT PULONG PreviousSuspendCount OPTIONAL
4905 * FUNCTION: Terminates the execution of a thread.
4907 * ThreadHandle = Handle to the thread
4908 * ExitStatus = The exit status of the thread to terminate with.
4914 IN HANDLE ThreadHandle
,
4915 IN NTSTATUS ExitStatus
4920 IN HANDLE ThreadHandle
,
4921 IN NTSTATUS ExitStatus
4924 * FUNCTION: Tests to see if there are any pending alerts for the calling thread
4939 * FUNCTION: Yields the callers thread.
4954 /* --- PLUG AND PLAY --- */
4958 NtPlugPlayControl (DWORD Unknown1
,
4964 NtGetPlugPlayEvent (ULONG Reserved1
,
4967 ULONG BufferLength
);
4969 /* --- POWER MANAGEMENT --- */
4971 #ifndef __USE_W32API
4973 NtSetSystemPowerState(IN POWER_ACTION SystemAction
,
4974 IN SYSTEM_POWER_STATE MinSystemState
,
4978 /* --- DEBUG SUBSYSTEM --- */
4981 NtSystemDebugControl(DEBUG_CONTROL_CODE ControlCode
,
4983 ULONG InputBufferLength
,
4985 ULONG OutputBufferLength
,
4986 PULONG ReturnLength
);
4988 /* --- VIRTUAL DOS MACHINE (VDM) --- */
4992 NtVdmControl (ULONG ControlCode
, PVOID ControlData
);
4998 NtW32Call(IN ULONG RoutineIndex
,
5000 IN ULONG ArgumentLength
,
5001 OUT PVOID
* Result OPTIONAL
,
5002 OUT PULONG ResultLength OPTIONAL
);
5004 /* --- CHANNELS --- */
5026 NtReplyWaitSendChannel (
5032 NtSendWaitReplyChannel (
5038 NtSetContextChannel (
5042 /* --- MISCELLANEA --- */
5044 //NTSTATUS STDCALL NtSetLdtEntries(VOID);
5047 NtSetLdtEntries (ULONG Selector1
,
5048 LDT_ENTRY LdtEntry1
,
5050 LDT_ENTRY LdtEntry2
);
5054 NtQueryOleDirectoryFile (
5059 * FUNCTION: Checks a clients access rights to a object
5061 * SecurityDescriptor = Security information against which the access is checked
5062 * ClientToken = Represents a client
5066 * ReturnLength = Bytes written
5068 * AccessStatus = Indicates if the ClientToken allows the requested access
5069 * REMARKS: The arguments map to the win32 AccessCheck
5070 * Gary Nebbett is wrong:
5071 * The 7th argument is a PACCESS_MASK, not a PULONG.
5072 * The 8th argument is a PNTSTATUS, not a PBOOLEAN.
5079 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5080 IN HANDLE ClientToken
,
5081 IN ACCESS_MASK DesiredAcces
,
5082 IN PGENERIC_MAPPING GenericMapping
,
5083 OUT PPRIVILEGE_SET PrivilegeSet
,
5084 OUT PULONG ReturnLength
,
5085 OUT PACCESS_MASK GrantedAccess
,
5086 OUT PNTSTATUS AccessStatus
5092 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5093 IN HANDLE ClientToken
,
5094 IN ACCESS_MASK DesiredAcces
,
5095 IN PGENERIC_MAPPING GenericMapping
,
5096 OUT PPRIVILEGE_SET PrivilegeSet
,
5097 OUT PULONG ReturnLength
,
5098 OUT PACCESS_MASK GrantedAccess
,
5099 OUT PNTSTATUS AccessStatus
5105 IN ACCESS_MASK DesiredAccess
,
5106 OUT PHANDLE KeyHandle
);
5109 * FUNCTION: Checks a clients access rights to a object and issues a audit a alarm. ( it logs the access )
5111 * SubsystemName = Specifies the name of the subsystem, can be "WIN32" or "DEBUG"
5115 * SecurityDescriptor =
5122 * REMARKS: The arguments map to the win32 AccessCheck
5128 NtAccessCheckAndAuditAlarm(
5129 IN PUNICODE_STRING SubsystemName
,
5130 IN PHANDLE ObjectHandle
,
5131 IN PUNICODE_STRING ObjectTypeName
,
5132 IN PUNICODE_STRING ObjectName
,
5133 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5134 IN ACCESS_MASK DesiredAccess
,
5135 IN PGENERIC_MAPPING GenericMapping
,
5136 IN BOOLEAN ObjectCreation
,
5137 OUT PACCESS_MASK GrantedAccess
,
5138 OUT PNTSTATUS AccessStatus
,
5139 OUT PBOOLEAN GenerateOnClose
5143 * FUNCTION: Cancels a timer
5145 * TimerHandle = Handle to the timer
5146 * CurrentState = Specifies the state of the timer when cancelled.
5148 * The arguments to this function map to the function CancelWaitableTimer.
5154 IN HANDLE TimerHandle
,
5155 OUT PBOOLEAN CurrentState OPTIONAL
5159 * FUNCTION: Continues a thread with the specified context
5161 * Context = Specifies the processor context
5162 * IrqLevel = Specifies the Interupt Request Level to continue with. Can
5163 * be PASSIVE_LEVEL or APC_LEVEL
5165 * NtContinue can be used to continue after an exception or apc.
5168 //FIXME This function might need another parameter
5173 IN PCONTEXT Context
,
5174 IN BOOLEAN TestAlert
5178 * FUNCTION: Creates a paging file.
5180 * FileName = Name of the pagefile
5181 * InitialSize = Specifies the initial size in bytes
5182 * MaximumSize = Specifies the maximum size in bytes
5183 * Reserved = Reserved for future use
5189 IN PUNICODE_STRING FileName
,
5190 IN PLARGE_INTEGER InitialSize
,
5191 IN PLARGE_INTEGER MaxiumSize
,
5197 * FUNCTION: Creates a profile
5199 * ProfileHandle (OUT) = Caller supplied storage for the resulting handle
5200 * ObjectAttribute = Initialized attributes for the object
5201 * ImageBase = Start address of executable image
5202 * ImageSize = Size of the image
5203 * Granularity = Bucket size
5204 * Buffer = Caller supplies buffer for profiling info
5205 * ProfilingSize = Buffer size
5206 * ClockSource = Specify 0 / FALSE ??
5207 * ProcessorMask = A value of -1 indicates disables per processor profiling,
5208 otherwise bit set for the processor to profile.
5210 * This function maps to the win32 CreateProcess.
5216 NtCreateProfile(OUT PHANDLE ProfileHandle
,
5217 IN HANDLE Process OPTIONAL
,
5220 IN ULONG BucketSize
,
5222 IN ULONG BufferSize
,
5223 IN KPROFILE_SOURCE ProfileSource
,
5224 IN KAFFINITY Affinity
);
5227 * FUNCTION: Creates a user mode thread
5229 * ThreadHandle (OUT) = Caller supplied storage for the resulting handle
5230 * DesiredAccess = Specifies the allowed or desired access to the thread.
5231 * ObjectAttributes = Initialized attributes for the object.
5232 * ProcessHandle = Handle to the threads parent process.
5233 * ClientId (OUT) = Caller supplies storage for returned process id and thread id.
5234 * ThreadContext = Initial processor context for the thread.
5235 * InitialTeb = Initial user mode stack context for the thread.
5236 * CreateSuspended = Specifies if the thread is ready for scheduling
5238 * This function maps to the win32 function CreateThread.
5244 OUT PHANDLE ThreadHandle
,
5245 IN ACCESS_MASK DesiredAccess
,
5246 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
5247 IN HANDLE ProcessHandle
,
5248 OUT PCLIENT_ID ClientId
,
5249 IN PCONTEXT ThreadContext
,
5250 IN PINITIAL_TEB InitialTeb
,
5251 IN BOOLEAN CreateSuspended
5255 * FUNCTION: Delays the execution of the calling thread.
5257 * Alertable = If TRUE the thread is alertable during is wait period
5258 * Interval = Specifies the interval to wait.
5265 IN BOOLEAN Alertable
,
5266 IN PLARGE_INTEGER DelayInterval
5270 * FUNCTION: Extends a section
5272 * SectionHandle = Handle to the section
5273 * NewMaximumSize = Adjusted size
5279 IN HANDLE SectionHandle
,
5280 IN PLARGE_INTEGER NewMaximumSize
5284 * FUNCTION: Flushes a the processors instruction cache
5286 * ProcessHandle = Points to the process owning the cache
5287 * BaseAddress = // might this be a image address ????
5288 * NumberOfBytesToFlush =
5291 * This funciton is used by debuggers
5295 NtFlushInstructionCache(
5296 IN HANDLE ProcessHandle
,
5297 IN PVOID BaseAddress
,
5298 IN UINT NumberOfBytesToFlush
5302 * FUNCTION: Flushes virtual memory to file
5304 * ProcessHandle = Points to the process that allocated the virtual memory
5305 * BaseAddress = Points to the memory address
5306 * NumberOfBytesToFlush = Limits the range to flush,
5307 * NumberOfBytesFlushed = Actual number of bytes flushed
5310 * Check return status on STATUS_NOT_MAPPED_DATA
5314 NtFlushVirtualMemory(
5315 IN HANDLE ProcessHandle
,
5316 IN PVOID BaseAddress
,
5317 IN ULONG NumberOfBytesToFlush
,
5318 OUT PULONG NumberOfBytesFlushed OPTIONAL
5322 * FUNCTION: Retrieves the uptime of the system
5324 * UpTime = Number of clock ticks since boot.
5334 * FUNCTION: Loads a registry key.
5336 * KeyObjectAttributes = Key to be loaded
5337 * FileObjectAttributes = File to load the key from
5339 * This procedure maps to the win32 procedure RegLoadKey
5345 IN POBJECT_ATTRIBUTES KeyObjectAttributes
,
5346 IN POBJECT_ATTRIBUTES FileObjectAttributes
5351 * FUNCTION: Locks a range of virtual memory.
5353 * ProcessHandle = Handle to the process
5354 * BaseAddress = Lower boundary of the range of bytes to lock.
5355 * NumberOfBytesLock = Offset to the upper boundary.
5356 * NumberOfBytesLocked (OUT) = Number of bytes actually locked.
5358 This procedure maps to the win32 procedure VirtualLock.
5359 * RETURNS: Status [STATUS_SUCCESS | STATUS_WAS_LOCKED ]
5363 NtLockVirtualMemory(
5364 HANDLE ProcessHandle
,
5366 ULONG NumberOfBytesToLock
,
5367 PULONG NumberOfBytesLocked
5372 NtOpenObjectAuditAlarm(
5373 IN PUNICODE_STRING SubsystemName
,
5375 IN PUNICODE_STRING ObjectTypeName
,
5376 IN PUNICODE_STRING ObjectName
,
5377 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5378 IN HANDLE ClientToken
,
5379 IN ULONG DesiredAccess
,
5380 IN ULONG GrantedAccess
,
5381 IN PPRIVILEGE_SET Privileges
,
5382 IN BOOLEAN ObjectCreation
,
5383 IN BOOLEAN AccessGranted
,
5384 OUT PBOOLEAN GenerateOnClose
5388 * FUNCTION: Set the access protection of a range of virtual memory
5390 * ProcessHandle = Handle to process owning the virtual address space
5391 * BaseAddress = Start address
5392 * NumberOfBytesToProtect = Delimits the range of virtual memory
5393 * for which the new access protection holds
5394 * NewAccessProtection = The new access proctection for the pages
5395 * OldAccessProtection = Caller should supply storage for the old
5399 * The function maps to the win32 VirtualProtectEx
5404 NtProtectVirtualMemory(
5405 IN HANDLE ProcessHandle
,
5406 IN PVOID
*BaseAddress
,
5407 IN ULONG
*NumberOfBytesToProtect
,
5408 IN ULONG NewAccessProtection
,
5409 OUT PULONG OldAccessProtection
5413 * FUNCTION: Query information about the content of a directory object
5416 Buffer = Buffer must be large enough to hold the name strings too
5417 ReturnSingleEntry = If TRUE :return the index of the next object in this directory in ObjectIndex
5418 If FALSE: return the number of objects in this directory in ObjectIndex
5419 RestartScan = If TRUE: ignore input value of ObjectIndex always start at index 0
5420 If FALSE use input value of ObjectIndex
5421 Context = zero based index of object in the directory depends on GetNextIndex and IgnoreInputIndex
5422 ReturnLength = Actual size of the ObjectIndex ???
5427 NtQueryDirectoryObject(
5428 IN HANDLE DirectoryHandle
,
5430 IN ULONG BufferLength
,
5431 IN BOOLEAN ReturnSingleEntry
,
5432 IN BOOLEAN RestartScan
,
5433 IN OUT PULONG Context
,
5434 OUT PULONG ReturnLength OPTIONAL
5438 * FUNCTION: Query the interval and the clocksource for profiling
5446 NtQueryIntervalProfile(
5447 IN KPROFILE_SOURCE ProfileSource
,
5452 * FUNCTION: Queries the information of a section object.
5454 * SectionHandle = Handle to the section link object
5455 * SectionInformationClass = Index to a certain information structure
5456 * SectionInformation (OUT)= Caller supplies storage for resulting information
5457 * Length = Size of the supplied storage
5458 * ResultLength = Data written
5465 IN HANDLE SectionHandle
,
5466 IN CINT SectionInformationClass
,
5467 OUT PVOID SectionInformation
,
5469 OUT PULONG ResultLength
5473 * FUNCTION: Queries the virtual memory information.
5475 ProcessHandle = Process owning the virtual address space
5476 BaseAddress = Points to the page where the information is queried for.
5477 * VirtualMemoryInformationClass = Index to a certain information structure
5479 MemoryBasicInformation MEMORY_BASIC_INFORMATION
5481 * VirtualMemoryInformation = caller supplies storage for the information structure
5482 * Length = size of the structure
5483 ResultLength = Data written
5490 NtQueryVirtualMemory(
5491 IN HANDLE ProcessHandle
,
5493 IN IN CINT VirtualMemoryInformationClass
,
5494 OUT PVOID VirtualMemoryInformation
,
5496 OUT PULONG ResultLength
5500 * FUNCTION: Raises a hard error (stops the system)
5502 * Status = Status code of the hard error
5524 * FUNCTION: Sets the information of a registry key.
5526 * KeyHandle = Handle to the registry key
5527 * KeyInformationClass = Index to the a certain information structure.
5528 * Can be one of the following values:
5530 * KeyLastWriteTimeInformation KEY_LAST_WRITE_TIME_INFORMATION
5532 * KeyInformation = Storage for the new information
5533 * KeyInformationLength = Size of the information strucure
5539 NtSetInformationKey(
5540 IN HANDLE KeyHandle
,
5541 IN KEY_SET_INFORMATION_CLASS KeyInformationClass
,
5542 IN PVOID KeyInformation
,
5543 IN ULONG KeyInformationLength
5547 * FUNCTION: Changes a set of object specific parameters
5550 * ObjectInformationClass = Index to the set of parameters to change.
5552 ObjectHandleInformation OBJECT_HANDLE_ATTRIBUTE_INFORMATION
5555 * ObjectInformation = Caller supplies storage for parameters to set.
5556 * Length = Size of the storage supplied
5561 NtSetInformationObject(
5562 IN HANDLE ObjectHandle
,
5563 IN OBJECT_INFORMATION_CLASS ObjectInformationClass
,
5564 IN PVOID ObjectInformation
,
5569 * FUNCTION: Sets the characteristics of a timer
5571 * TimerHandle = Handle to the timer
5572 * DueTime = Time before the timer becomes signalled for the first time.
5573 * TimerApcRoutine = Completion routine can be called on time completion
5574 * TimerContext = Argument to the completion routine
5575 * Resume = Specifies if the timer should repeated after completing one cycle
5576 * Period = Cycle of the timer
5577 * REMARKS: This routine maps to the win32 SetWaitableTimer.
5583 IN HANDLE TimerHandle
,
5584 IN PLARGE_INTEGER DueTime
,
5585 IN PTIMER_APC_ROUTINE TimerApcRoutine OPTIONAL
,
5586 IN PVOID TimerContext OPTIONAL
,
5587 IN BOOLEAN ResumeTimer
,
5588 IN LONG Period OPTIONAL
,
5589 OUT PBOOLEAN PreviousState OPTIONAL
5593 * FUNCTION: Unloads a registry key.
5595 * KeyHandle = Handle to the registry key
5597 * This procedure maps to the win32 procedure RegUnloadKey
5603 IN POBJECT_ATTRIBUTES KeyObjectAttributes
5607 * FUNCTION: Unlocks a range of virtual memory.
5609 * ProcessHandle = Handle to the process
5610 * BaseAddress = Lower boundary of the range of bytes to unlock.
5611 * NumberOfBytesToUnlock = Offset to the upper boundary to unlock.
5612 * NumberOfBytesUnlocked (OUT) = Number of bytes actually unlocked.
5614 This procedure maps to the win32 procedure VirtualUnlock
5615 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PAGE_WAS_ULOCKED ]
5619 NtUnlockVirtualMemory(
5620 IN HANDLE ProcessHandle
,
5621 IN PVOID BaseAddress
,
5622 IN ULONG NumberOfBytesToUnlock
,
5623 OUT PULONG NumberOfBytesUnlocked OPTIONAL
5627 * FUNCTION: Waits for multiple objects to become signalled.
5629 * Count = The number of objects
5630 * Object = The array of object handles
5631 * WaitType = Can be one of the values UserMode or KernelMode
5632 * Alertable = If true the wait is alertable.
5633 * Time = The maximum wait time.
5635 * This function maps to the win32 WaitForMultipleObjectEx.
5640 NtWaitForMultipleObjects (
5643 IN WAIT_TYPE WaitType
,
5644 IN BOOLEAN Alertable
,
5645 IN PLARGE_INTEGER Time
5652 #ifndef __USE_W32API
5655 * FUNCTION: Continues a thread with the specified context
5657 * Context = Specifies the processor context
5658 * IrqLevel = Specifies the Interupt Request Level to continue with. Can
5659 * be PASSIVE_LEVEL or APC_LEVEL
5661 * NtContinue can be used to continue after an exception or apc.
5664 //FIXME This function might need another parameter
5666 NTSTATUS STDCALL
ZwContinue(IN PCONTEXT Context
, IN CINT IrqLevel
);
5669 * FUNCTION: Retrieves the system time
5671 * CurrentTime (OUT) = Caller should supply storage for the resulting time.
5679 OUT PLARGE_INTEGER CurrentTime
5683 * FUNCTION: Copies a handle from one process space to another
5685 * SourceProcessHandle = The source process owning the handle. The source process should have opened
5686 * the SourceHandle with PROCESS_DUP_HANDLE access.
5687 * SourceHandle = The handle to the object.
5688 * TargetProcessHandle = The destination process owning the handle
5689 * TargetHandle (OUT) = Caller should supply storage for the duplicated handle.
5690 * DesiredAccess = The desired access to the handle.
5691 * InheritHandle = Indicates wheter the new handle will be inheritable or not.
5692 * Options = Specifies special actions upon duplicating the handle. Can be
5693 * one of the values DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS.
5694 * DUPLICATE_CLOSE_SOURCE specifies that the source handle should be
5695 * closed after duplicating. DUPLICATE_SAME_ACCESS specifies to ignore
5696 * the DesiredAccess paramter and just grant the same access to the new
5699 * REMARKS: This function maps to the win32 DuplicateHandle.
5705 IN HANDLE SourceProcessHandle
,
5706 IN HANDLE SourceHandle
,
5707 IN HANDLE TargetProcessHandle
,
5708 OUT PHANDLE TargetHandle
,
5709 IN ACCESS_MASK DesiredAccess
,
5710 IN BOOLEAN InheritHandle
,
5717 IN HANDLE SourceProcessHandle
,
5718 IN PHANDLE SourceHandle
,
5719 IN HANDLE TargetProcessHandle
,
5720 OUT PHANDLE TargetHandle
,
5721 IN ACCESS_MASK DesiredAccess
,
5722 IN BOOLEAN InheritHandle
,
5727 * FUNCTION: Checks a clients access rights to a object and issues a audit a alarm. ( it logs the access )
5729 * SubsystemName = Specifies the name of the subsystem, can be "WIN32" or "DEBUG"
5733 * SecurityDescriptor =
5740 * REMARKS: The arguments map to the win32 AccessCheck
5746 ZwAccessCheckAndAuditAlarm(
5747 IN PUNICODE_STRING SubsystemName
,
5748 IN PHANDLE ObjectHandle
,
5749 IN PUNICODE_STRING ObjectTypeName
,
5750 IN PUNICODE_STRING ObjectName
,
5751 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5752 IN ACCESS_MASK DesiredAccess
,
5753 IN PGENERIC_MAPPING GenericMapping
,
5754 IN BOOLEAN ObjectCreation
,
5755 OUT PACCESS_MASK GrantedAccess
,
5756 OUT PNTSTATUS AccessStatus
,
5757 OUT PBOOLEAN GenerateOnClose
5761 * FUNCTION: Adds an atom to the global atom table
5763 * AtomName = The string to add to the atom table.
5764 * AtomNameLength = Length of the atom name
5765 * Atom (OUT) = Caller supplies storage for the resulting atom.
5766 * REMARKS: The arguments map to the win32 add GlobalAddAtom.
5773 IN ULONG AtomNameLength
,
5774 IN OUT PRTL_ATOM Atom
5782 IN ULONG AtomNameLength
,
5783 IN OUT PRTL_ATOM Atom
5789 OUT PULARGE_INTEGER Time
,
5791 OUT PULONG Sequence
,
5798 OUT PULARGE_INTEGER Time
,
5800 OUT PULONG Sequence
,
5807 IN HANDLE TimerHandle
,
5808 OUT ULONG ElapsedTime
5812 * FUNCTION: Creates a paging file.
5814 * FileName = Name of the pagefile
5815 * InitialSize = Specifies the initial size in bytes
5816 * MaximumSize = Specifies the maximum size in bytes
5817 * Reserved = Reserved for future use
5823 IN PUNICODE_STRING FileName
,
5824 IN PLARGE_INTEGER InitialSize
,
5825 IN PLARGE_INTEGER MaxiumSize
,
5830 * FUNCTION: Creates a user mode thread
5832 * ThreadHandle (OUT) = Caller supplied storage for the resulting handle
5833 * DesiredAccess = Specifies the allowed or desired access to the thread.
5834 * ObjectAttributes = Initialized attributes for the object.
5835 * ProcessHandle = Handle to the threads parent process.
5836 * ClientId (OUT) = Caller supplies storage for returned process id and thread id.
5837 * ThreadContext = Initial processor context for the thread.
5838 * InitialTeb = Initial user mode stack context for the thread.
5839 * CreateSuspended = Specifies if the thread is ready for scheduling
5841 * This function maps to the win32 function CreateThread.
5847 OUT PHANDLE ThreadHandle
,
5848 IN ACCESS_MASK DesiredAccess
,
5849 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
5850 IN HANDLE ProcessHandle
,
5851 OUT PCLIENT_ID ClientId
,
5852 IN PCONTEXT ThreadContext
,
5853 IN PINITIAL_TEB InitialTeb
,
5854 IN BOOLEAN CreateSuspended
5860 IN HANDLE ExistingToken
,
5861 IN ACCESS_MASK DesiredAccess
,
5862 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
5863 IN BOOLEAN EffectiveOnly
,
5864 IN TOKEN_TYPE TokenType
,
5865 OUT PHANDLE NewToken
5871 IN HANDLE ExistingToken
,
5872 IN ACCESS_MASK DesiredAccess
,
5873 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
5874 IN BOOLEAN EffectiveOnly
,
5875 IN TOKEN_TYPE TokenType
,
5876 OUT PHANDLE NewToken
5880 * FUNCTION: Finds a atom
5882 * AtomName = Name to search for.
5883 * AtomNameLength = Length of the atom name
5884 * Atom = Caller supplies storage for the resulting atom
5887 * This funciton maps to the win32 GlobalFindAtom
5893 IN ULONG AtomNameLength
,
5894 OUT PRTL_ATOM Atom OPTIONAL
5901 IN ULONG AtomNameLength
,
5902 OUT PRTL_ATOM Atom OPTIONAL
5906 * FUNCTION: Flushes a the processors instruction cache
5908 * ProcessHandle = Points to the process owning the cache
5909 * BaseAddress = // might this be a image address ????
5910 * NumberOfBytesToFlush =
5913 * This funciton is used by debuggers
5917 ZwFlushInstructionCache(
5918 IN HANDLE ProcessHandle
,
5919 IN PVOID BaseAddress
,
5920 IN UINT NumberOfBytesToFlush
5924 * FUNCTION: Flushes virtual memory to file
5926 * ProcessHandle = Points to the process that allocated the virtual memory
5927 * BaseAddress = Points to the memory address
5928 * NumberOfBytesToFlush = Limits the range to flush,
5929 * NumberOfBytesFlushed = Actual number of bytes flushed
5932 * Check return status on STATUS_NOT_MAPPED_DATA
5936 ZwFlushVirtualMemory(
5937 IN HANDLE ProcessHandle
,
5938 IN PVOID BaseAddress
,
5939 IN ULONG NumberOfBytesToFlush
,
5940 OUT PULONG NumberOfBytesFlushed OPTIONAL
5944 * FUNCTION: Retrieves the uptime of the system
5946 * UpTime = Number of clock ticks since boot.
5956 * FUNCTION: Loads a registry key.
5958 * KeyObjectAttributes = Key to be loaded
5959 * FileObjectAttributes = File to load the key from
5961 * This procedure maps to the win32 procedure RegLoadKey
5967 IN POBJECT_ATTRIBUTES KeyObjectAttributes
,
5968 IN POBJECT_ATTRIBUTES FileObjectAttributes
5972 * FUNCTION: Locks a range of virtual memory.
5974 * ProcessHandle = Handle to the process
5975 * BaseAddress = Lower boundary of the range of bytes to lock.
5976 * NumberOfBytesLock = Offset to the upper boundary.
5977 * NumberOfBytesLocked (OUT) = Number of bytes actually locked.
5979 This procedure maps to the win32 procedure VirtualLock.
5980 * RETURNS: Status [STATUS_SUCCESS | STATUS_WAS_LOCKED ]
5984 ZwLockVirtualMemory(
5985 HANDLE ProcessHandle
,
5987 ULONG NumberOfBytesToLock
,
5988 PULONG NumberOfBytesLocked
5993 ZwOpenObjectAuditAlarm(
5994 IN PUNICODE_STRING SubsystemName
,
5996 IN PUNICODE_STRING ObjectTypeName
,
5997 IN PUNICODE_STRING ObjectName
,
5998 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5999 IN HANDLE ClientToken
,
6000 IN ULONG DesiredAccess
,
6001 IN ULONG GrantedAccess
,
6002 IN PPRIVILEGE_SET Privileges
,
6003 IN BOOLEAN ObjectCreation
,
6004 IN BOOLEAN AccessGranted
,
6005 OUT PBOOLEAN GenerateOnClose
6009 * FUNCTION: Set the access protection of a range of virtual memory
6011 * ProcessHandle = Handle to process owning the virtual address space
6012 * BaseAddress = Start address
6013 * NumberOfBytesToProtect = Delimits the range of virtual memory
6014 * for which the new access protection holds
6015 * NewAccessProtection = The new access proctection for the pages
6016 * OldAccessProtection = Caller should supply storage for the old
6020 * The function maps to the win32 VirtualProtectEx
6025 ZwProtectVirtualMemory(
6026 IN HANDLE ProcessHandle
,
6027 IN PVOID
*BaseAddress
,
6028 IN ULONG
*NumberOfBytesToProtect
,
6029 IN ULONG NewAccessProtection
,
6030 OUT PULONG OldAccessProtection
6035 NtQueryInformationAtom(
6037 IN ATOM_INFORMATION_CLASS AtomInformationClass
,
6038 OUT PVOID AtomInformation
,
6039 IN ULONG AtomInformationLength
,
6040 OUT PULONG ReturnLength OPTIONAL
6045 ZwQueryInformationAtom(
6047 IN ATOM_INFORMATION_CLASS AtomInformationClass
,
6048 OUT PVOID AtomInformation
,
6049 IN ULONG AtomInformationLength
,
6050 OUT PULONG ReturnLength OPTIONAL
6054 * FUNCTION: Query information about the content of a directory object
6057 Buffer = Buffer must be large enough to hold the name strings too
6058 ReturnSingleEntry = If TRUE :return the index of the next object in this directory in ObjectIndex
6059 If FALSE: return the number of objects in this directory in ObjectIndex
6060 RestartScan = If TRUE: ignore input value of ObjectIndex always start at index 0
6061 If FALSE use input value of ObjectIndex
6062 Context = zero based index of object in the directory depends on GetNextIndex and IgnoreInputIndex
6063 ReturnLength = Actual size of the ObjectIndex ???
6068 ZwQueryDirectoryObject(
6069 IN HANDLE DirectoryHandle
,
6071 IN ULONG BufferLength
,
6072 IN BOOLEAN ReturnSingleEntry
,
6073 IN BOOLEAN RestartScan
,
6074 IN OUT PULONG Context
,
6075 OUT PULONG ReturnLength OPTIONAL
6079 * FUNCTION: Queries the information of a process object.
6081 * ProcessHandle = Handle to the process object
6082 * ProcessInformation = Index to a certain information structure
6084 ProcessBasicInformation PROCESS_BASIC_INFORMATION
6085 ProcessQuotaLimits QUOTA_LIMITS
6086 ProcessIoCounters IO_COUNTERS
6087 ProcessVmCounters VM_COUNTERS
6088 ProcessTimes KERNEL_USER_TIMES
6089 ProcessBasePriority KPRIORITY
6090 ProcessRaisePriority KPRIORITY
6091 ProcessDebugPort HANDLE
6092 ProcessExceptionPort HANDLE
6093 ProcessAccessToken PROCESS_ACCESS_TOKEN
6094 ProcessLdtInformation LDT_ENTRY ??
6095 ProcessLdtSize ULONG
6096 ProcessDefaultHardErrorMode ULONG
6097 ProcessIoPortHandlers // kernel mode only
6098 ProcessPooledUsageAndLimits POOLED_USAGE_AND_LIMITS
6099 ProcessWorkingSetWatch PROCESS_WS_WATCH_INFORMATION
6100 ProcessUserModeIOPL (I/O Privilege Level)
6101 ProcessEnableAlignmentFaultFixup BOOLEAN
6102 ProcessPriorityClass ULONG
6103 ProcessWx86Information ULONG
6104 ProcessHandleCount ULONG
6105 ProcessAffinityMask ULONG
6106 ProcessPooledQuotaLimits QUOTA_LIMITS
6109 * ProcessInformation = Caller supplies storage for the process information structure
6110 * ProcessInformationLength = Size of the process information structure
6111 * ReturnLength = Actual number of bytes written
6114 * This procedure maps to the win32 GetProcessTimes, GetProcessVersion,
6115 GetProcessWorkingSetSize, GetProcessPriorityBoost, GetProcessAffinityMask, GetPriorityClass,
6116 GetProcessShutdownParameters functions.
6122 NtQueryInformationProcess(
6123 IN HANDLE ProcessHandle
,
6124 IN PROCESSINFOCLASS ProcessInformationClass
,
6125 OUT PVOID ProcessInformation
,
6126 IN ULONG ProcessInformationLength
,
6127 OUT PULONG ReturnLength OPTIONAL
6132 ZwQueryInformationProcess(
6133 IN HANDLE ProcessHandle
,
6134 IN PROCESSINFOCLASS ProcessInformationClass
,
6135 OUT PVOID ProcessInformation
,
6136 IN ULONG ProcessInformationLength
,
6137 OUT PULONG ReturnLength OPTIONAL
6141 * FUNCTION: Query the interval and the clocksource for profiling
6149 ZwQueryIntervalProfile(
6150 IN KPROFILE_SOURCE ProfileSource
,
6155 * FUNCTION: Queries the information of a object.
6157 ObjectHandle = Handle to a object
6158 ObjectInformationClass = Index to a certain information structure
6160 ObjectBasicInformation OBJECT_BASIC_INFORMATION
6161 ObjectNameInformation OBJECT_NAME_INFORMATION
6162 ObjectTypeInformation OBJECT_TYPE_INFORMATION
6163 ObjectAllTypesInformation OBJECT_ALL_TYPES_INFORMATION
6164 ObjectHandleInformation OBJECT_HANDLE_ATTRIBUTES_INFORMATION
6166 ObjectInformation = Caller supplies storage for resulting information
6167 Length = Size of the supplied storage
6168 ResultLength = Bytes written
6174 IN HANDLE ObjectHandle
,
6175 IN OBJECT_INFORMATION_CLASS ObjectInformationClass
,
6176 OUT PVOID ObjectInformation
,
6178 OUT PULONG ResultLength OPTIONAL
6183 NtQuerySecurityObject(
6185 IN SECURITY_INFORMATION SecurityInformation
,
6186 OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
6188 OUT PULONG ResultLength
6193 ZwQuerySecurityObject(
6195 IN SECURITY_INFORMATION SecurityInformation
,
6196 OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
6198 OUT PULONG ResultLength
6202 * FUNCTION: Queries the virtual memory information.
6204 ProcessHandle = Process owning the virtual address space
6205 BaseAddress = Points to the page where the information is queried for.
6206 * VirtualMemoryInformationClass = Index to a certain information structure
6208 MemoryBasicInformation MEMORY_BASIC_INFORMATION
6210 * VirtualMemoryInformation = caller supplies storage for the information structure
6211 * Length = size of the structure
6212 ResultLength = Data written
6219 ZwQueryVirtualMemory(
6220 IN HANDLE ProcessHandle
,
6222 IN IN CINT VirtualMemoryInformationClass
,
6223 OUT PVOID VirtualMemoryInformation
,
6225 OUT PULONG ResultLength
6229 * FUNCTION: Raises a hard error (stops the system)
6231 * Status = Status code of the hard error
6252 * FUNCTION: Sets the information of a registry key.
6254 * KeyHandle = Handle to the registry key
6255 * KeyInformationClass = Index to the a certain information structure.
6256 Can be one of the following values:
6258 * KeyLastWriteTimeInformation KEY_LAST_WRITE_TIME_INFORMATION
6260 KeyInformation = Storage for the new information
6261 * KeyInformationLength = Size of the information strucure
6267 ZwSetInformationKey(
6268 IN HANDLE KeyHandle
,
6269 IN KEY_SET_INFORMATION_CLASS KeyInformationClass
,
6270 IN PVOID KeyInformation
,
6271 IN ULONG KeyInformationLength
6275 * FUNCTION: Changes a set of object specific parameters
6278 * ObjectInformationClass = Index to the set of parameters to change.
6280 ObjectHandleInformation OBJECT_HANDLE_ATTRIBUTE_INFORMATION
6283 * ObjectInformation = Caller supplies storage for parameters to set.
6284 * Length = Size of the storage supplied
6289 ZwSetInformationObject(
6290 IN HANDLE ObjectHandle
,
6291 IN OBJECT_INFORMATION_CLASS ObjectInformationClass
,
6292 IN PVOID ObjectInformation
,
6297 * FUNCTION: Changes a set of process specific parameters
6299 * ProcessHandle = Handle to the process
6300 * ProcessInformationClass = Index to a information structure.
6302 * ProcessBasicInformation PROCESS_BASIC_INFORMATION
6303 * ProcessQuotaLimits QUOTA_LIMITS
6304 * ProcessBasePriority KPRIORITY
6305 * ProcessRaisePriority KPRIORITY
6306 * ProcessDebugPort HANDLE
6307 * ProcessExceptionPort HANDLE
6308 * ProcessAccessToken PROCESS_ACCESS_TOKEN
6309 * ProcessDefaultHardErrorMode ULONG
6310 * ProcessPriorityClass ULONG
6311 * ProcessAffinityMask KAFFINITY //??
6313 * ProcessInformation = Caller supplies storage for information to set.
6314 * ProcessInformationLength = Size of the information structure
6319 NtSetInformationProcess(
6320 IN HANDLE ProcessHandle
,
6321 IN PROCESSINFOCLASS ProcessInformationClass
,
6322 IN PVOID ProcessInformation
,
6323 IN ULONG ProcessInformationLength
6328 ZwSetInformationProcess(
6329 IN HANDLE ProcessHandle
,
6330 IN PROCESSINFOCLASS ProcessInformationClass
,
6331 IN PVOID ProcessInformation
,
6332 IN ULONG ProcessInformationLength
6336 * FUNCTION: Sets the characteristics of a timer
6338 * TimerHandle = Handle to the timer
6339 * DueTime = Time before the timer becomes signalled for the first time.
6340 * TimerApcRoutine = Completion routine can be called on time completion
6341 * TimerContext = Argument to the completion routine
6342 * Resume = Specifies if the timer should repeated after completing one cycle
6343 * Period = Cycle of the timer
6344 * REMARKS: This routine maps to the win32 SetWaitableTimer.
6350 IN HANDLE TimerHandle
,
6351 IN PLARGE_INTEGER DueTime
,
6352 IN PTIMER_APC_ROUTINE TimerApcRoutine OPTIONAL
,
6353 IN PVOID TimerContext OPTIONAL
,
6354 IN BOOLEAN ResumeTimer
,
6355 IN LONG Period OPTIONAL
,
6356 OUT PBOOLEAN PreviousState OPTIONAL
6360 NtSetUuidSeed(IN PUCHAR Seed
);
6363 ZwSetUuidSeed(IN PUCHAR Seed
);
6366 * FUNCTION: Unloads a registry key.
6368 * KeyHandle = Handle to the registry key
6370 * This procedure maps to the win32 procedure RegUnloadKey
6376 IN POBJECT_ATTRIBUTES KeyObjectAttributes
6380 * FUNCTION: Unlocks a range of virtual memory.
6382 * ProcessHandle = Handle to the process
6383 * BaseAddress = Lower boundary of the range of bytes to unlock.
6384 * NumberOfBytesToUnlock = Offset to the upper boundary to unlock.
6385 * NumberOfBytesUnlocked (OUT) = Number of bytes actually unlocked.
6387 This procedure maps to the win32 procedure VirtualUnlock
6388 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PAGE_WAS_ULOCKED ]
6392 ZwUnlockVirtualMemory(
6393 IN HANDLE ProcessHandle
,
6394 IN PVOID BaseAddress
,
6395 IN ULONG NumberOfBytesToUnlock
,
6396 OUT PULONG NumberOfBytesUnlocked OPTIONAL
6400 * FUNCTION: Waits for multiple objects to become signalled.
6402 * Count = The number of objects
6403 * Object = The array of object handles
6404 * WaitType = Can be one of the values UserMode or KernelMode
6405 * Alertable = If true the wait is alertable.
6406 * Time = The maximum wait time.
6408 * This function maps to the win32 WaitForMultipleObjectEx.
6413 ZwWaitForMultipleObjects (
6416 IN WAIT_TYPE WaitType
,
6417 IN BOOLEAN Alertable
,
6418 IN PLARGE_INTEGER Time
6422 * FUNCTION: Creates a profile
6424 * ProfileHandle (OUT) = Caller supplied storage for the resulting handle
6425 * ObjectAttribute = Initialized attributes for the object
6426 * ImageBase = Start address of executable image
6427 * ImageSize = Size of the image
6428 * Granularity = Bucket size
6429 * Buffer = Caller supplies buffer for profiling info
6430 * ProfilingSize = Buffer size
6431 * ClockSource = Specify 0 / FALSE ??
6432 * ProcessorMask = A value of -1 indicates disables per processor profiling,
6433 otherwise bit set for the processor to profile.
6435 * This function maps to the win32 CreateProcess.
6442 OUT PHANDLE ProfileHandle
,
6443 IN HANDLE Process OPTIONAL
,
6446 IN ULONG BucketSize
,
6448 IN ULONG BufferSize
,
6449 IN KPROFILE_SOURCE ProfileSource
,
6450 IN KAFFINITY Affinity
6454 * FUNCTION: Delays the execution of the calling thread.
6456 * Alertable = If TRUE the thread is alertable during is wait period
6457 * Interval = Specifies the interval to wait.
6463 IN BOOLEAN Alertable
,
6464 IN PLARGE_INTEGER DelayInterval
6468 * FUNCTION: Extends a section
6470 * SectionHandle = Handle to the section
6471 * NewMaximumSize = Adjusted size
6477 IN HANDLE SectionHandle
,
6478 IN PLARGE_INTEGER NewMaximumSize
6482 * FUNCTION: Queries the information of a section object.
6484 * SectionHandle = Handle to the section link object
6485 * SectionInformationClass = Index to a certain information structure
6486 * SectionInformation (OUT)= Caller supplies storage for resulting information
6487 * Length = Size of the supplied storage
6488 * ResultLength = Data written
6495 IN HANDLE SectionHandle
,
6496 IN CINT SectionInformationClass
,
6497 OUT PVOID SectionInformation
,
6499 OUT PULONG ResultLength
6502 typedef struct _SECTION_IMAGE_INFORMATION
6504 ULONG_PTR EntryPoint
;
6506 ULONG_PTR StackReserve
;
6507 ULONG_PTR StackCommit
;
6509 USHORT MinorSubsystemVersion
;
6510 USHORT MajorSubsystemVersion
;
6512 ULONG Characteristics
;
6517 } SECTION_IMAGE_INFORMATION
, *PSECTION_IMAGE_INFORMATION
;
6519 #endif /* !__USE_W32API */
6522 * FUNCTION: Loads a registry key.
6524 * KeyObjectAttributes = Key to be loaded
6525 * FileObjectAttributes = File to load the key from
6528 * This procedure maps to the win32 procedure RegLoadKey
6534 IN POBJECT_ATTRIBUTES KeyObjectAttributes
,
6535 IN POBJECT_ATTRIBUTES FileObjectAttributes
,
6542 IN POBJECT_ATTRIBUTES KeyObjectAttributes
,
6543 IN POBJECT_ATTRIBUTES FileObjectAttributes
,
6548 * FUNCTION: Retrieves the system time
6550 * CurrentTime (OUT) = Caller should supply storage for the resulting time.
6558 OUT PLARGE_INTEGER CurrentTime
6562 * FUNCTION: Queries the information of a object.
6564 ObjectHandle = Handle to a object
6565 ObjectInformationClass = Index to a certain information structure
6567 ObjectBasicInformation OBJECT_BASIC_INFORMATION
6568 ObjectNameInformation OBJECT_NAME_INFORMATION
6569 ObjectTypeInformation OBJECT_TYPE_INFORMATION
6570 ObjectAllTypesInformation OBJECT_ALL_TYPES_INFORMATION
6571 ObjectHandleInformation OBJECT_HANDLE_ATTRIBUTE_INFORMATION
6573 ObjectInformation = Caller supplies storage for resulting information
6574 Length = Size of the supplied storage
6575 ResultLength = Bytes written
6581 IN HANDLE ObjectHandle
,
6582 IN OBJECT_INFORMATION_CLASS ObjectInformationClass
,
6583 OUT PVOID ObjectInformation
,
6585 OUT PULONG ResultLength OPTIONAL
6588 /* BEGIN REACTOS ONLY */
6591 ExInitializeBinaryTree(IN PBINARY_TREE Tree
,
6592 IN PKEY_COMPARATOR Compare
,
6593 IN BOOLEAN UseNonPagedPool
);
6596 ExDeleteBinaryTree(IN PBINARY_TREE Tree
);
6599 ExInsertBinaryTree(IN PBINARY_TREE Tree
,
6604 ExSearchBinaryTree(IN PBINARY_TREE Tree
,
6609 ExRemoveBinaryTree(IN PBINARY_TREE Tree
,
6614 ExTraverseBinaryTree(IN PBINARY_TREE Tree
,
6615 IN TRAVERSE_METHOD Method
,
6616 IN PTRAVERSE_ROUTINE Routine
,
6620 ExInitializeSplayTree(IN PSPLAY_TREE Tree
,
6621 IN PKEY_COMPARATOR Compare
,
6622 IN BOOLEAN Weighted
,
6623 IN BOOLEAN UseNonPagedPool
);
6626 ExDeleteSplayTree(IN PSPLAY_TREE Tree
);
6629 ExInsertSplayTree(IN PSPLAY_TREE Tree
,
6634 ExSearchSplayTree(IN PSPLAY_TREE Tree
,
6639 ExRemoveSplayTree(IN PSPLAY_TREE Tree
,
6644 ExWeightOfSplayTree(IN PSPLAY_TREE Tree
,
6648 ExTraverseSplayTree(IN PSPLAY_TREE Tree
,
6649 IN TRAVERSE_METHOD Method
,
6650 IN PTRAVERSE_ROUTINE Routine
,
6654 ExInitializeHashTable(IN PHASH_TABLE HashTable
,
6655 IN ULONG HashTableSize
,
6656 IN PKEY_COMPARATOR Compare OPTIONAL
,
6657 IN BOOLEAN UseNonPagedPool
);
6660 ExDeleteHashTable(IN PHASH_TABLE HashTable
);
6663 ExInsertHashTable(IN PHASH_TABLE HashTable
,
6669 ExSearchHashTable(IN PHASH_TABLE HashTable
,
6675 ExRemoveHashTable(IN PHASH_TABLE HashTable
,
6680 /* END REACTOS ONLY */
6682 #endif /* __DDK_ZW_H */