2 /* $Id: zw.h,v 1.23 2004/04/20 20:39:19 jimtabor Exp $
4 * COPYRIGHT: See COPYING in the top level directory
5 * PROJECT: ReactOS kernel
6 * PURPOSE: System call definitions
7 * FILE: include/ddk/zw.h
9 * ??/??/??: First few functions (David Welch)
10 * ??/??/??: Complete implementation by Ariadne
11 * 13/07/98: Reorganised things a bit (David Welch)
12 * 04/08/98: Added some documentation (Ariadne)
13 * 14/08/98: Added type TIME and change variable type from [1] to [0]
14 * 14/09/98: Added for each Nt call a corresponding Zw Call
15 * 09/08/03: Added ThreadEventPair routines
21 #include <ntos/security.h>
22 #include <ntos/zwtypes.h>
23 #include <napi/npipe.h>
25 #ifndef _RTLGETPROCESSHEAP_DEFINED_
26 #define _RTLGETPROCESSHEAP_DEFINED_
27 #define RtlGetProcessHeap() (NtCurrentPeb()->ProcessHeap)
30 // semaphore information
32 typedef enum _SEMAPHORE_INFORMATION_CLASS
34 SemaphoreBasicInformation
= 0
35 } SEMAPHORE_INFORMATION_CLASS
;
37 typedef struct _SEMAPHORE_BASIC_INFORMATION
41 } SEMAPHORE_BASIC_INFORMATION
, *PSEMAPHORE_BASIC_INFORMATION
;
45 typedef enum _EVENT_INFORMATION_CLASS
47 EventBasicInformation
= 0
48 } EVENT_INFORMATION_CLASS
;
50 typedef struct _EVENT_BASIC_INFORMATION
54 } EVENT_BASIC_INFORMATION
, *PEVENT_BASIC_INFORMATION
;
57 //#define SECURITY_INFORMATION ULONG
58 //typedef ULONG SECURITY_INFORMATION;
60 #ifndef __USE_NT_LPC__
62 NtAcceptConnectPort (PHANDLE PortHandle
,
63 HANDLE NamedPortHandle
,
64 PLPC_MESSAGE ServerReply
,
66 PLPC_SECTION_WRITE WriteMap
,
67 PLPC_SECTION_READ ReadMap
);
70 NtAcceptConnectPort (PHANDLE PortHandle
,
72 PLPC_MESSAGE ServerReply
,
74 PLPC_SECTION_WRITE WriteMap
,
75 PLPC_SECTION_READ ReadMap
);
76 #endif /* ndef __USE_NT_LPC__ */
79 * FUNCTION: Adjusts the groups in an access token
81 * TokenHandle = Specifies the access token
82 * ResetToDefault = If true the NewState parameter is ignored and the groups are set to
83 * their default state, if false the groups specified in
86 * BufferLength = Specifies the size of the buffer for the PreviousState.
88 * ReturnLength = Bytes written in PreviousState buffer.
89 * REMARKS: The arguments map to the win32 AdjustTokenGroups
96 IN HANDLE TokenHandle
,
97 IN BOOLEAN ResetToDefault
,
98 IN PTOKEN_GROUPS NewState
,
99 IN ULONG BufferLength
,
100 OUT PTOKEN_GROUPS PreviousState OPTIONAL
,
101 OUT PULONG ReturnLength
107 IN HANDLE TokenHandle
,
108 IN BOOLEAN ResetToDefault
,
109 IN PTOKEN_GROUPS NewState
,
110 IN ULONG BufferLength
,
111 OUT PTOKEN_GROUPS PreviousState
,
112 OUT PULONG ReturnLength
120 * TokenHandle = Handle to the access token
121 * DisableAllPrivileges = The resulting suspend count.
127 * The arguments map to the win32 AdjustTokenPrivileges
133 NtAdjustPrivilegesToken(
134 IN HANDLE TokenHandle
,
135 IN BOOLEAN DisableAllPrivileges
,
136 IN PTOKEN_PRIVILEGES NewState
,
137 IN ULONG BufferLength
,
138 OUT PTOKEN_PRIVILEGES PreviousState
,
139 OUT PULONG ReturnLength
144 ZwAdjustPrivilegesToken(
145 IN HANDLE TokenHandle
,
146 IN BOOLEAN DisableAllPrivileges
,
147 IN PTOKEN_PRIVILEGES NewState
,
148 IN ULONG BufferLength
,
149 OUT PTOKEN_PRIVILEGES PreviousState
,
150 OUT PULONG ReturnLength
155 * FUNCTION: Decrements a thread's suspend count and places it in an alerted
158 * ThreadHandle = Handle to the thread that should be resumed
159 * SuspendCount = The resulting suspend count.
161 * A thread is resumed if its suspend count is 0
167 IN HANDLE ThreadHandle
,
168 OUT PULONG SuspendCount
174 IN HANDLE ThreadHandle
,
175 OUT PULONG SuspendCount
179 * FUNCTION: Puts the thread in a alerted state
181 * ThreadHandle = Handle to the thread that should be alerted
187 IN HANDLE ThreadHandle
193 IN HANDLE ThreadHandle
198 * FUNCTION: Allocates a locally unique id
200 * LocallyUniqueId = Locally unique number
205 NtAllocateLocallyUniqueId(
206 OUT LUID
*LocallyUniqueId
211 ZwAllocateLocallyUniqueId(
216 * FUNCTION: Allocates a block of virtual memory in the process address space
218 * ProcessHandle = The handle of the process which owns the virtual memory
219 * BaseAddress = A pointer to the virtual memory allocated. If you supply a non zero
220 * value the system will try to allocate the memory at the address supplied. It rounds
221 * it down to a multiple if the page size.
222 * ZeroBits = (OPTIONAL) You can specify the number of high order bits that must be zero, ensuring that
223 * the memory will be allocated at a address below a certain value.
224 * RegionSize = The number of bytes to allocate
225 * AllocationType = Indicates the type of virtual memory you like to allocated,
226 * can be one of the values : MEM_COMMIT, MEM_RESERVE, MEM_RESET, MEM_TOP_DOWN
227 * Protect = Indicates the protection type of the pages allocated, can be a combination of
228 * PAGE_READONLY, PAGE_READWRITE, PAGE_EXECUTE_READ,
229 * PAGE_EXECUTE_READWRITE, PAGE_GUARD, PAGE_NOACCESS, PAGE_NOACCESS
231 * This function maps to the win32 VirtualAllocEx. Virtual memory is process based so the
232 * protocol starts with a ProcessHandle. I splitted the functionality of obtaining the actual address and specifying
233 * the start address in two parameters ( BaseAddress and StartAddress ) The NumberOfBytesAllocated specify the range
234 * and the AllocationType and ProctectionType map to the other two parameters.
239 NtAllocateVirtualMemory (
240 IN HANDLE ProcessHandle
,
241 IN OUT PVOID
*BaseAddress
,
243 IN OUT PULONG RegionSize
,
244 IN ULONG AllocationType
,
250 ZwAllocateVirtualMemory (
251 IN HANDLE ProcessHandle
,
252 IN OUT PVOID
*BaseAddress
,
254 IN OUT PULONG RegionSize
,
255 IN ULONG AllocationType
,
259 * FUNCTION: Returns from a callback into user mode
263 //FIXME: this function might need 3 parameters
264 NTSTATUS STDCALL
NtCallbackReturn(PVOID Result
,
268 NTSTATUS STDCALL
ZwCallbackReturn(PVOID Result
,
273 * FUNCTION: Cancels a IO request
275 * FileHandle = Handle to the file
279 * This function maps to the win32 CancelIo.
285 IN HANDLE FileHandle
,
286 OUT PIO_STATUS_BLOCK IoStatusBlock
292 IN HANDLE FileHandle
,
293 OUT PIO_STATUS_BLOCK IoStatusBlock
297 * FUNCTION: Sets the status of the event back to non-signaled
299 * EventHandle = Handle to the event
301 * This function maps to win32 function ResetEvent.
308 IN HANDLE EventHandle
314 IN HANDLE EventHandle
318 * FUNCTION: Closes an object handle
320 * Handle = Handle to the object
322 * This function maps to the win32 function CloseHandle.
339 * FUNCTION: Generates an audit message when a handle to an object is dereferenced
342 HandleId = Handle to the object
345 * This function maps to the win32 function ObjectCloseAuditAlarm.
351 NtCloseObjectAuditAlarm(
352 IN PUNICODE_STRING SubsystemName
,
354 IN BOOLEAN GenerateOnClose
359 ZwCloseObjectAuditAlarm(
360 IN PUNICODE_STRING SubsystemName
,
362 IN BOOLEAN GenerateOnClose
367 NtCompleteConnectPort (HANDLE PortHandle
);
370 ZwCompleteConnectPort (HANDLE PortHandle
);
374 NtConnectPort (PHANDLE PortHandle
,
375 PUNICODE_STRING PortName
,
376 PSECURITY_QUALITY_OF_SERVICE SecurityQos
,
377 PLPC_SECTION_WRITE SectionInfo
,
378 PLPC_SECTION_READ MapInfo
,
379 PULONG MaxMessageSize
,
381 PULONG ConnectInfoLength
);
384 ZwConnectPort (PHANDLE PortHandle
,
385 PUNICODE_STRING PortName
,
386 PSECURITY_QUALITY_OF_SERVICE SecurityQos
,
387 PLPC_SECTION_WRITE SectionInfo
,
388 PLPC_SECTION_READ MapInfo
,
389 PULONG MaxMessageSize
,
391 PULONG ConnectInfoLength
);
394 * FUNCTION: Creates a directory object
396 * DirectoryHandle (OUT) = Caller supplied storage for the resulting handle
397 * DesiredAccess = Specifies access to the directory
398 * ObjectAttribute = Initialized attributes for the object
399 * REMARKS: This function maps to the win32 CreateDirectory. A directory is like a file so it needs a
400 * handle, a access mask and a OBJECT_ATTRIBUTES structure to map the path name and the SECURITY_ATTRIBUTES.
406 NtCreateDirectoryObject(
407 OUT PHANDLE DirectoryHandle
,
408 IN ACCESS_MASK DesiredAccess
,
409 IN POBJECT_ATTRIBUTES ObjectAttributes
414 ZwCreateDirectoryObject(
415 OUT PHANDLE DirectoryHandle
,
416 IN ACCESS_MASK DesiredAccess
,
417 IN POBJECT_ATTRIBUTES ObjectAttributes
421 * FUNCTION: Creates an event object
423 * EventHandle (OUT) = Caller supplied storage for the resulting handle
424 * DesiredAccess = Specifies access to the event
425 * ObjectAttribute = Initialized attributes for the object
426 * ManualReset = manual-reset or auto-reset if true you have to reset the state of the event manually
427 * using NtResetEvent/NtClearEvent. if false the system will reset the event to a non-signalled state
428 * automatically after the system has rescheduled a thread waiting on the event.
429 * InitialState = specifies the initial state of the event to be signaled ( TRUE ) or non-signalled (FALSE).
430 * REMARKS: This function maps to the win32 CreateEvent. Demanding a out variable of type HANDLE,
431 * a access mask and a OBJECT_ATTRIBUTES structure mapping to the SECURITY_ATTRIBUTES. ManualReset and InitialState are
432 * both parameters aswell ( possibly the order is reversed ).
439 OUT PHANDLE EventHandle
,
440 IN ACCESS_MASK DesiredAccess
,
441 IN POBJECT_ATTRIBUTES ObjectAttributes
,
442 IN BOOLEAN ManualReset
,
443 IN BOOLEAN InitialState
449 OUT PHANDLE EventHandle
,
450 IN ACCESS_MASK DesiredAccess
,
451 IN POBJECT_ATTRIBUTES ObjectAttributes
,
452 IN BOOLEAN ManualReset
,
453 IN BOOLEAN InitialState
457 * FUNCTION: Creates an eventpair object
459 * EventPairHandle (OUT) = Caller supplied storage for the resulting handle
460 * DesiredAccess = Specifies access to the event
461 * ObjectAttribute = Initialized attributes for the object
467 OUT PHANDLE EventPairHandle
,
468 IN ACCESS_MASK DesiredAccess
,
469 IN POBJECT_ATTRIBUTES ObjectAttributes
475 OUT PHANDLE EventPairHandle
,
476 IN ACCESS_MASK DesiredAccess
,
477 IN POBJECT_ATTRIBUTES ObjectAttributes
482 * FUNCTION: Creates or opens a file, directory or device object.
484 * FileHandle (OUT) = Caller supplied storage for the resulting handle
485 * DesiredAccess = Specifies the allowed or desired access to the file can
486 * be a combination of DELETE | FILE_READ_DATA ..
487 * ObjectAttribute = Initialized attributes for the object, contains the rootdirectory and the filename
488 * IoStatusBlock (OUT) = Caller supplied storage for the resulting status information, indicating if the
489 * the file is created and opened or allready existed and is just opened.
490 * FileAttributes = file attributes can be a combination of FILE_ATTRIBUTE_READONLY | FILE_ATTRIBUTE_HIDDEN ...
491 * ShareAccess = can be a combination of the following: FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE
492 * CreateDisposition = specifies what the behavior of the system if the file allready exists.
493 * CreateOptions = specifies the behavior of the system on file creation.
494 * EaBuffer (OPTIONAL) = Extended Attributes buffer, applies only to files and directories.
495 * EaLength = Extended Attributes buffer size, applies only to files and directories.
496 * REMARKS: This function maps to the win32 CreateFile.
503 OUT PHANDLE FileHandle
,
504 IN ACCESS_MASK DesiredAccess
,
505 IN POBJECT_ATTRIBUTES ObjectAttributes
,
506 OUT PIO_STATUS_BLOCK IoStatusBlock
,
507 IN PLARGE_INTEGER AllocationSize OPTIONAL
,
508 IN ULONG FileAttributes
,
509 IN ULONG ShareAccess
,
510 IN ULONG CreateDisposition
,
511 IN ULONG CreateOptions
,
512 IN PVOID EaBuffer OPTIONAL
,
519 OUT PHANDLE FileHandle
,
520 IN ACCESS_MASK DesiredAccess
,
521 IN POBJECT_ATTRIBUTES ObjectAttributes
,
522 OUT PIO_STATUS_BLOCK IoStatusBlock
,
523 IN PLARGE_INTEGER AllocationSize OPTIONAL
,
524 IN ULONG FileAttributes
,
525 IN ULONG ShareAccess
,
526 IN ULONG CreateDisposition
,
527 IN ULONG CreateOptions
,
528 IN PVOID EaBuffer OPTIONAL
,
533 * FUNCTION: Creates or opens a file, directory or device object.
535 * CompletionPort (OUT) = Caller supplied storage for the resulting handle
536 * DesiredAccess = Specifies the allowed or desired access to the port
538 * NumberOfConcurrentThreads =
539 * REMARKS: This function maps to the win32 CreateIoCompletionPort
546 NtCreateIoCompletion(
547 OUT PHANDLE IoCompletionHandle
,
548 IN ACCESS_MASK DesiredAccess
,
549 IN POBJECT_ATTRIBUTES ObjectAttributes
,
550 IN ULONG NumberOfConcurrentThreads
555 ZwCreateIoCompletion(
556 OUT PHANDLE IoCompletionHandle
,
557 IN ACCESS_MASK DesiredAccess
,
558 IN POBJECT_ATTRIBUTES ObjectAttributes
,
559 IN ULONG NumberOfConcurrentThreads
563 * FUNCTION: Creates a registry key
565 * KeyHandle (OUT) = Caller supplied storage for the resulting handle
566 * DesiredAccess = Specifies the allowed or desired access to the key
567 * It can have a combination of the following values:
568 * KEY_READ | KEY_WRITE | KEY_EXECUTE | KEY_ALL_ACCESS
570 * KEY_QUERY_VALUE The values of the key can be queried.
571 * KEY_SET_VALUE The values of the key can be modified.
572 * KEY_CREATE_SUB_KEYS The key may contain subkeys.
573 * KEY_ENUMERATE_SUB_KEYS Subkeys can be queried.
575 * KEY_CREATE_LINK A symbolic link to the key can be created.
576 * ObjectAttributes = The name of the key may be specified directly in the name field
577 * of object attributes or relative to a key in rootdirectory.
578 * TitleIndex = Might specify the position in the sequential order of subkeys.
579 * Class = Specifies the kind of data, for example REG_SZ for string data. [ ??? ]
580 * CreateOptions = Specifies additional options with which the key is created
581 * REG_OPTION_VOLATILE The key is not preserved across boots.
582 * REG_OPTION_NON_VOLATILE The key is preserved accross boots.
583 * REG_OPTION_CREATE_LINK The key is a symbolic link to another key.
584 * REG_OPTION_BACKUP_RESTORE Key is being opened or created for backup/restore operations.
585 * Disposition = Indicates if the call to NtCreateKey resulted in the creation of a key it
586 * can have the following values: REG_CREATED_NEW_KEY | REG_OPENED_EXISTING_KEY
592 NtCreateKey(OUT PHANDLE KeyHandle
,
593 IN ACCESS_MASK DesiredAccess
,
594 IN POBJECT_ATTRIBUTES ObjectAttributes
,
596 IN PUNICODE_STRING Class OPTIONAL
,
597 IN ULONG CreateOptions
,
598 IN PULONG Disposition OPTIONAL
);
601 ZwCreateKey(OUT PHANDLE KeyHandle
,
602 IN ACCESS_MASK DesiredAccess
,
603 IN POBJECT_ATTRIBUTES ObjectAttributes
,
605 IN PUNICODE_STRING Class OPTIONAL
,
606 IN ULONG CreateOptions
,
607 IN PULONG Disposition OPTIONAL
);
610 * FUNCTION: Creates a mail slot file
612 * MailSlotFileHandle (OUT) = Caller supplied storage for the resulting handle
613 * DesiredAccess = Specifies the allowed or desired access to the file
614 * ObjectAttributes = Contains the name of the mailslotfile.
621 * REMARKS: This funciton maps to the win32 function CreateMailSlot
628 NtCreateMailslotFile(
629 OUT PHANDLE MailSlotFileHandle
,
630 IN ACCESS_MASK DesiredAccess
,
631 IN POBJECT_ATTRIBUTES ObjectAttributes
,
632 OUT PIO_STATUS_BLOCK IoStatusBlock
,
633 IN ULONG FileAttributes
,
634 IN ULONG ShareAccess
,
635 IN ULONG MaxMessageSize
,
636 IN PLARGE_INTEGER TimeOut
641 ZwCreateMailslotFile(
642 OUT PHANDLE MailSlotFileHandle
,
643 IN ACCESS_MASK DesiredAccess
,
644 IN POBJECT_ATTRIBUTES ObjectAttributes
,
645 OUT PIO_STATUS_BLOCK IoStatusBlock
,
646 IN ULONG FileAttributes
,
647 IN ULONG ShareAccess
,
648 IN ULONG MaxMessageSize
,
649 IN PLARGE_INTEGER TimeOut
653 * FUNCTION: Creates or opens a mutex
655 * MutantHandle (OUT) = Caller supplied storage for the resulting handle
656 * DesiredAccess = Specifies the allowed or desired access to the port
657 * ObjectAttributes = Contains the name of the mutex.
658 * InitialOwner = If true the calling thread acquires ownership
660 * REMARKS: This funciton maps to the win32 function CreateMutex
667 OUT PHANDLE MutantHandle
,
668 IN ACCESS_MASK DesiredAccess
,
669 IN POBJECT_ATTRIBUTES ObjectAttributes
,
670 IN BOOLEAN InitialOwner
676 OUT PHANDLE MutantHandle
,
677 IN ACCESS_MASK DesiredAccess
,
678 IN POBJECT_ATTRIBUTES ObjectAttributes
,
679 IN BOOLEAN InitialOwner
683 * FUNCTION: Creates a named pipe
685 * NamedPipeFileHandle (OUT) = Caller supplied storage for the
687 * DesiredAccess = Specifies the type of access that the caller
688 * requires to the file boject
689 * ObjectAttributes = Points to a structure that specifies the
691 * IoStatusBlock = Points to a variable that receives the final
692 * completion status and information
693 * ShareAccess = Specifies the limitations on sharing of the file.
694 * This parameter can be zero or any compatible
695 * combination of the following flags
698 * CreateDisposition = Specifies what to do depending on whether
699 * the file already exists. This must be one of
700 * the following values
704 * CreateOptions = Specifies the options to be applied when
705 * creating or opening the file, as a compatible
706 * combination of the following flags
708 * FILE_SYNCHRONOUS_IO_ALERT
709 * FILE_SYNCHRONOUS_IO_NONALERT
710 * TypeMessage = Specifies whether the data written to the pipe is
711 * interpreted as a sequence of messages or as a
713 * ReadModeMessage = Specifies whether the data read from the pipe
714 * is interpreted as a sequence of messages or as
716 * NonBlocking = Specifies whether non-blocking mode is enabled
717 * MaxInstances = Specifies the maximum number of instancs that can
718 * be created for this pipe
719 * InBufferSize = Specifies the number of bytes to reserve for the
721 * OutBufferSize = Specifies the number of bytes to reserve for the
723 * DefaultTimeout = Optionally points to a variable that specifies
724 * the default timeout value in units of
726 * REMARKS: This funciton maps to the win32 function CreateNamedPipe
731 NtCreateNamedPipeFile (OUT PHANDLE NamedPipeFileHandle
,
732 IN ACCESS_MASK DesiredAccess
,
733 IN POBJECT_ATTRIBUTES ObjectAttributes
,
734 OUT PIO_STATUS_BLOCK IoStatusBlock
,
735 IN ULONG ShareAccess
,
736 IN ULONG CreateDisposition
,
737 IN ULONG CreateOptions
,
738 IN BOOLEAN WriteModeMessage
,
739 IN BOOLEAN ReadModeMessage
,
740 IN BOOLEAN NonBlocking
,
741 IN ULONG MaxInstances
,
742 IN ULONG InBufferSize
,
743 IN ULONG OutBufferSize
,
744 IN PLARGE_INTEGER DefaultTimeOut
);
747 ZwCreateNamedPipeFile (OUT PHANDLE NamedPipeFileHandle
,
748 IN ACCESS_MASK DesiredAccess
,
749 IN POBJECT_ATTRIBUTES ObjectAttributes
,
750 OUT PIO_STATUS_BLOCK IoStatusBlock
,
751 IN ULONG ShareAccess
,
752 IN ULONG CreateDisposition
,
753 IN ULONG CreateOptions
,
754 IN BOOLEAN WriteModeMessage
,
755 IN BOOLEAN ReadModeMessage
,
756 IN BOOLEAN NonBlocking
,
757 IN ULONG MaxInstances
,
758 IN ULONG InBufferSize
,
759 IN ULONG OutBufferSize
,
760 IN PLARGE_INTEGER DefaultTimeOut
);
764 NtCreatePort (PHANDLE PortHandle
,
765 POBJECT_ATTRIBUTES ObjectAttributes
,
766 ULONG MaxConnectInfoLength
,
768 ULONG NPMessageQueueSize OPTIONAL
);
771 NtCreatePort (PHANDLE PortHandle
,
772 POBJECT_ATTRIBUTES ObjectAttributes
,
773 ULONG MaxConnectInfoLength
,
775 ULONG NPMessageQueueSize OPTIONAL
);
779 * FUNCTION: Creates a process.
781 * ProcessHandle (OUT) = Caller supplied storage for the resulting handle
782 * DesiredAccess = Specifies the allowed or desired access to the process can
783 * be a combinate of STANDARD_RIGHTS_REQUIRED| ..
784 * ObjectAttribute = Initialized attributes for the object, contains the rootdirectory and the filename
785 * ParentProcess = Handle to the parent process.
786 * InheritObjectTable = Specifies to inherit the objects of the parent process if true.
787 * SectionHandle = Handle to a section object to back the image file
788 * DebugPort = Handle to a DebugPort if NULL the system default debug port will be used.
789 * ExceptionPort = Handle to a exception port.
791 * This function maps to the win32 CreateProcess.
797 OUT PHANDLE ProcessHandle
,
798 IN ACCESS_MASK DesiredAccess
,
799 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
800 IN HANDLE ParentProcess
,
801 IN BOOLEAN InheritObjectTable
,
802 IN HANDLE SectionHandle OPTIONAL
,
803 IN HANDLE DebugPort OPTIONAL
,
804 IN HANDLE ExceptionPort OPTIONAL
810 OUT PHANDLE ProcessHandle
,
811 IN ACCESS_MASK DesiredAccess
,
812 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
813 IN HANDLE ParentProcess
,
814 IN BOOLEAN InheritObjectTable
,
815 IN HANDLE SectionHandle OPTIONAL
,
816 IN HANDLE DebugPort OPTIONAL
,
817 IN HANDLE ExceptionPort OPTIONAL
821 * FUNCTION: Creates a section object.
823 * SectionHandle (OUT) = Caller supplied storage for the resulting handle
824 * DesiredAccess = Specifies the desired access to the section can be a combination of STANDARD_RIGHTS_REQUIRED | SECTION_QUERY | SECTION_MAP_WRITE |
825 * SECTION_MAP_READ | SECTION_MAP_EXECUTE.
826 * ObjectAttribute = Initialized attributes for the object can be used to create a named section
827 * MaxiumSize = Maximizes the size of the memory section. Must be non-NULL for a page-file backed section.
828 * If value specified for a mapped file and the file is not large enough, file will be extended.
829 * SectionPageProtection = Can be a combination of PAGE_READONLY | PAGE_READWRITE | PAGE_WRITEONLY | PAGE_WRITECOPY.
830 * AllocationAttributes = can be a combination of SEC_IMAGE | SEC_RESERVE
831 * FileHanlde = Handle to a file to create a section mapped to a file instead of a memory backed section.
838 OUT PHANDLE SectionHandle
,
839 IN ACCESS_MASK DesiredAccess
,
840 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
841 IN PLARGE_INTEGER MaximumSize OPTIONAL
,
842 IN ULONG SectionPageProtection OPTIONAL
,
843 IN ULONG AllocationAttributes
,
844 IN HANDLE FileHandle OPTIONAL
850 OUT PHANDLE SectionHandle
,
851 IN ACCESS_MASK DesiredAccess
,
852 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
853 IN PLARGE_INTEGER MaximumSize OPTIONAL
,
854 IN ULONG SectionPageProtection OPTIONAL
,
855 IN ULONG AllocationAttributes
,
856 IN HANDLE FileHandle OPTIONAL
860 * FUNCTION: Creates a semaphore object for interprocess synchronization.
862 * SemaphoreHandle (OUT) = Caller supplied storage for the resulting handle
863 * DesiredAccess = Specifies the allowed or desired access to the semaphore.
864 * ObjectAttribute = Initialized attributes for the object.
865 * InitialCount = Not necessary zero, might be smaller than zero.
866 * MaximumCount = Maxiumum count the semaphore can reach.
869 * The semaphore is set to signaled when its count is greater than zero, and non-signaled when its count is zero.
872 //FIXME: should a semaphore's initial count allowed to be smaller than zero ??
876 OUT PHANDLE SemaphoreHandle
,
877 IN ACCESS_MASK DesiredAccess
,
878 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
879 IN LONG InitialCount
,
886 OUT PHANDLE SemaphoreHandle
,
887 IN ACCESS_MASK DesiredAccess
,
888 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
889 IN LONG InitialCount
,
894 * FUNCTION: Creates a symbolic link object
896 * SymbolicLinkHandle (OUT) = Caller supplied storage for the resulting handle
897 * DesiredAccess = Specifies the allowed or desired access to the thread.
898 * ObjectAttributes = Initialized attributes for the object.
899 * Name = Target name of the symbolic link
904 NtCreateSymbolicLinkObject(
905 OUT PHANDLE SymbolicLinkHandle
,
906 IN ACCESS_MASK DesiredAccess
,
907 IN POBJECT_ATTRIBUTES ObjectAttributes
,
908 IN PUNICODE_STRING Name
913 ZwCreateSymbolicLinkObject(
914 OUT PHANDLE SymbolicLinkHandle
,
915 IN ACCESS_MASK DesiredAccess
,
916 IN POBJECT_ATTRIBUTES ObjectAttributes
,
917 IN PUNICODE_STRING Name
921 * FUNCTION: Creates a waitable timer.
923 * TimerHandle (OUT) = Caller supplied storage for the resulting handle
924 * DesiredAccess = Specifies the allowed or desired access to the timer.
925 * ObjectAttributes = Initialized attributes for the object.
926 * TimerType = Specifies if the timer should be reset manually.
928 * This function maps to the win32 CreateWaitableTimer. lpTimerAttributes and lpTimerName map to
929 * corresponding fields in OBJECT_ATTRIBUTES structure.
935 OUT PHANDLE TimerHandle
,
936 IN ACCESS_MASK DesiredAccess
,
937 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
938 IN TIMER_TYPE TimerType
944 OUT PHANDLE TimerHandle
,
945 IN ACCESS_MASK DesiredAccess
,
946 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
947 IN TIMER_TYPE TimerType
951 * FUNCTION: Creates a token.
953 * TokenHandle (OUT) = Caller supplied storage for the resulting handle
954 * DesiredAccess = Specifies the allowed or desired access to the process can
955 * be a combinate of STANDARD_RIGHTS_REQUIRED| ..
956 * ObjectAttribute = Initialized attributes for the object, contains the rootdirectory and the filename
964 * TokenPrimaryGroup =
968 * This function does not map to a win32 function
975 OUT PHANDLE TokenHandle
,
976 IN ACCESS_MASK DesiredAccess
,
977 IN POBJECT_ATTRIBUTES ObjectAttributes
,
978 IN TOKEN_TYPE TokenType
,
979 IN PLUID AuthenticationId
,
980 IN PLARGE_INTEGER ExpirationTime
,
981 IN PTOKEN_USER TokenUser
,
982 IN PTOKEN_GROUPS TokenGroups
,
983 IN PTOKEN_PRIVILEGES TokenPrivileges
,
984 IN PTOKEN_OWNER TokenOwner
,
985 IN PTOKEN_PRIMARY_GROUP TokenPrimaryGroup
,
986 IN PTOKEN_DEFAULT_DACL TokenDefaultDacl
,
987 IN PTOKEN_SOURCE TokenSource
993 OUT PHANDLE TokenHandle
,
994 IN ACCESS_MASK DesiredAccess
,
995 IN POBJECT_ATTRIBUTES ObjectAttributes
,
996 IN TOKEN_TYPE TokenType
,
997 IN PLUID AuthenticationId
,
998 IN PLARGE_INTEGER ExpirationTime
,
999 IN PTOKEN_USER TokenUser
,
1000 IN PTOKEN_GROUPS TokenGroups
,
1001 IN PTOKEN_PRIVILEGES TokenPrivileges
,
1002 IN PTOKEN_OWNER TokenOwner
,
1003 IN PTOKEN_PRIMARY_GROUP TokenPrimaryGroup
,
1004 IN PTOKEN_DEFAULT_DACL TokenDefaultDacl
,
1005 IN PTOKEN_SOURCE TokenSource
1009 * FUNCTION: Returns the callers thread TEB.
1010 * RETURNS: The resulting teb.
1021 NtCreateWaitablePort (PHANDLE PortHandle
,
1022 POBJECT_ATTRIBUTES ObjectAttributes
,
1023 ULONG MaxConnectInfoLength
,
1024 ULONG MaxDataLength
,
1025 ULONG NPMessageQueueSize OPTIONAL
);
1028 ZwCreateWaitablePort (PHANDLE PortHandle
,
1029 POBJECT_ATTRIBUTES ObjectAttributes
,
1030 ULONG MaxConnectInfoLength
,
1031 ULONG MaxDataLength
,
1032 ULONG NPMessageQueueSize OPTIONAL
);
1036 * FUNCTION: Deletes an atom from the global atom table
1038 * Atom = Identifies the atom to delete
1040 * The function maps to the win32 GlobalDeleteAtom
1056 * FUNCTION: Deletes a file or a directory
1058 * ObjectAttributes = Name of the file which should be deleted
1060 * This system call is functionally equivalent to NtSetInformationFile
1061 * setting the disposition information.
1062 * The function maps to the win32 DeleteFile.
1068 IN POBJECT_ATTRIBUTES ObjectAttributes
1074 IN POBJECT_ATTRIBUTES ObjectAttributes
1078 * FUNCTION: Deletes a registry key
1080 * KeyHandle = Handle of the key
1095 * FUNCTION: Generates a audit message when an object is deleted
1097 * SubsystemName = Spefies the name of the subsystem can be 'WIN32' or 'DEBUG'
1098 * HandleId= Handle to an audit object
1099 * GenerateOnClose = Value returned by NtAccessCheckAndAuditAlarm
1100 * REMARKS: This function maps to the win32 ObjectCloseAuditAlarm
1106 NtDeleteObjectAuditAlarm (
1107 IN PUNICODE_STRING SubsystemName
,
1109 IN BOOLEAN GenerateOnClose
1114 ZwDeleteObjectAuditAlarm (
1115 IN PUNICODE_STRING SubsystemName
,
1117 IN BOOLEAN GenerateOnClose
1122 * FUNCTION: Deletes a value from a registry key
1124 * KeyHandle = Handle of the key
1125 * ValueName = Name of the value to delete
1132 IN HANDLE KeyHandle
,
1133 IN PUNICODE_STRING ValueName
1139 IN HANDLE KeyHandle
,
1140 IN PUNICODE_STRING ValueName
1143 * FUNCTION: Sends IOCTL to the io sub system
1145 * DeviceHandle = Points to the handle that is created by NtCreateFile
1146 * Event = Event to synchronize on STATUS_PENDING
1147 * ApcRoutine = Asynchroneous procedure callback
1148 * ApcContext = Callback context.
1149 * IoStatusBlock = Caller should supply storage for extra information..
1150 * IoControlCode = Contains the IO Control command. This is an
1151 * index to the structures in InputBuffer and OutputBuffer.
1152 * InputBuffer = Caller should supply storage for input buffer if IOTL expects one.
1153 * InputBufferSize = Size of the input bufffer
1154 * OutputBuffer = Caller should supply storage for output buffer if IOTL expects one.
1155 * OutputBufferSize = Size of the input bufffer
1161 NtDeviceIoControlFile(
1162 IN HANDLE DeviceHandle
,
1163 IN HANDLE Event OPTIONAL
,
1164 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL
,
1165 IN PVOID UserApcContext OPTIONAL
,
1166 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1167 IN ULONG IoControlCode
,
1168 IN PVOID InputBuffer
,
1169 IN ULONG InputBufferSize
,
1170 OUT PVOID OutputBuffer
,
1171 IN ULONG OutputBufferSize
1176 ZwDeviceIoControlFile(
1177 IN HANDLE DeviceHandle
,
1178 IN HANDLE Event OPTIONAL
,
1179 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL
,
1180 IN PVOID UserApcContext OPTIONAL
,
1181 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1182 IN ULONG IoControlCode
,
1183 IN PVOID InputBuffer
,
1184 IN ULONG InputBufferSize
,
1185 OUT PVOID OutputBuffer
,
1186 IN ULONG OutputBufferSize
1189 * FUNCTION: Displays a string on the blue screen
1191 * DisplayString = The string to display
1198 IN PUNICODE_STRING DisplayString
1204 IN PUNICODE_STRING DisplayString
1208 * FUNCTION: Returns information about the subkeys of an open key
1210 * KeyHandle = Handle of the key whose subkeys are to enumerated
1211 * Index = zero based index of the subkey for which information is
1213 * KeyInformationClass = Type of information returned
1214 * KeyInformation (OUT) = Caller allocated buffer for the information
1216 * Length = Length in bytes of the KeyInformation buffer
1217 * ResultLength (OUT) = Caller allocated storage which holds
1218 * the number of bytes of information retrieved
1225 IN HANDLE KeyHandle
,
1227 IN KEY_INFORMATION_CLASS KeyInformationClass
,
1228 OUT PVOID KeyInformation
,
1230 OUT PULONG ResultLength
1236 IN HANDLE KeyHandle
,
1238 IN KEY_INFORMATION_CLASS KeyInformationClass
,
1239 OUT PVOID KeyInformation
,
1241 OUT PULONG ResultLength
1244 * FUNCTION: Returns information about the value entries of an open key
1246 * KeyHandle = Handle of the key whose value entries are to enumerated
1247 * Index = zero based index of the subkey for which information is
1249 * KeyInformationClass = Type of information returned
1250 * KeyInformation (OUT) = Caller allocated buffer for the information
1252 * Length = Length in bytes of the KeyInformation buffer
1253 * ResultLength (OUT) = Caller allocated storage which holds
1254 * the number of bytes of information retrieved
1260 NtEnumerateValueKey(
1261 IN HANDLE KeyHandle
,
1263 IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass
,
1264 OUT PVOID KeyValueInformation
,
1266 OUT PULONG ResultLength
1271 ZwEnumerateValueKey(
1272 IN HANDLE KeyHandle
,
1274 IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass
,
1275 OUT PVOID KeyValueInformation
,
1277 OUT PULONG ResultLength
1281 * FUNCTION: Flushes chached file data to disk
1283 * FileHandle = Points to the file
1284 * IoStatusBlock = Caller must supply storage to receive the result of the flush
1285 * buffers operation. The information field is set to number of bytes
1289 * This funciton maps to the win32 FlushFileBuffers
1294 IN HANDLE FileHandle
,
1295 OUT PIO_STATUS_BLOCK IoStatusBlock
1301 IN HANDLE FileHandle
,
1302 OUT PIO_STATUS_BLOCK IoStatusBlock
1306 * FUNCTION: Flushes a registry key to disk
1308 * KeyHandle = Points to the registry key handle
1311 * This funciton maps to the win32 RegFlushKey.
1326 * FUNCTION: Flushes the dirty pages to file
1328 * FIXME: Not sure this does (how is the file specified)
1330 NTSTATUS STDCALL
NtFlushWriteBuffer(VOID
);
1331 NTSTATUS STDCALL
ZwFlushWriteBuffer(VOID
);
1334 * FUNCTION: Frees a range of virtual memory
1336 * ProcessHandle = Points to the process that allocated the virtual
1338 * BaseAddress = Points to the memory address, rounded down to a
1339 * multiple of the pagesize
1340 * RegionSize = Limits the range to free, rounded up to a multiple of
1342 * FreeType = Can be one of the values: MEM_DECOMMIT, or MEM_RELEASE
1345 NTSTATUS STDCALL
NtFreeVirtualMemory(IN HANDLE ProcessHandle
,
1346 IN PVOID
*BaseAddress
,
1347 IN PULONG RegionSize
,
1349 NTSTATUS STDCALL
ZwFreeVirtualMemory(IN HANDLE ProcessHandle
,
1350 IN PVOID
*BaseAddress
,
1351 IN PULONG RegionSize
,
1355 * FUNCTION: Sends FSCTL to the filesystem
1357 * DeviceHandle = Points to the handle that is created by NtCreateFile
1358 * Event = Event to synchronize on STATUS_PENDING
1361 * IoStatusBlock = Caller should supply storage for
1362 * IoControlCode = Contains the File System Control command. This is an
1363 * index to the structures in InputBuffer and OutputBuffer.
1364 * FSCTL_GET_RETRIEVAL_POINTERS MAPPING_PAIR
1365 * FSCTL_GET_RETRIEVAL_POINTERS GET_RETRIEVAL_DESCRIPTOR
1366 * FSCTL_GET_VOLUME_BITMAP BITMAP_DESCRIPTOR
1367 * FSCTL_MOVE_FILE MOVEFILE_DESCRIPTOR
1369 * InputBuffer = Caller should supply storage for input buffer if FCTL expects one.
1370 * InputBufferSize = Size of the input bufffer
1371 * OutputBuffer = Caller should supply storage for output buffer if FCTL expects one.
1372 * OutputBufferSize = Size of the input bufffer
1373 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES |
1374 * STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST ]
1379 IN HANDLE DeviceHandle
,
1380 IN HANDLE Event OPTIONAL
,
1381 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
1382 IN PVOID ApcContext OPTIONAL
,
1383 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1384 IN ULONG IoControlCode
,
1385 IN PVOID InputBuffer
,
1386 IN ULONG InputBufferSize
,
1387 OUT PVOID OutputBuffer
,
1388 IN ULONG OutputBufferSize
1394 IN HANDLE DeviceHandle
,
1395 IN HANDLE Event OPTIONAL
,
1396 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
1397 IN PVOID ApcContext OPTIONAL
,
1398 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1399 IN ULONG IoControlCode
,
1400 IN PVOID InputBuffer
,
1401 IN ULONG InputBufferSize
,
1402 OUT PVOID OutputBuffer
,
1403 IN ULONG OutputBufferSize
1407 * FUNCTION: Retrieves the processor context of a thread
1409 * ThreadHandle = Handle to a thread
1410 * Context (OUT) = Caller allocated storage for the processor context
1417 IN HANDLE ThreadHandle
,
1418 OUT PCONTEXT Context
1424 IN HANDLE ThreadHandle
,
1425 OUT PCONTEXT Context
1430 NtImpersonateClientOfPort (HANDLE PortHandle
,
1431 PLPC_MESSAGE ClientMessage
);
1434 ZwImpersonateClientOfPort (HANDLE PortHandle
,
1435 PLPC_MESSAGE ClientMessage
);
1438 * FUNCTION: Sets a thread to impersonate another
1440 * ThreadHandle = Server thread that will impersonate a client.
1441 ThreadToImpersonate = Client thread that will be impersonated
1442 SecurityQualityOfService = Specifies the impersonation level.
1448 NtImpersonateThread(
1449 IN HANDLE ThreadHandle
,
1450 IN HANDLE ThreadToImpersonate
,
1451 IN PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService
1456 ZwImpersonateThread(
1457 IN HANDLE ThreadHandle
,
1458 IN HANDLE ThreadToImpersonate
,
1459 IN PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService
1463 * FUNCTION: Initializes the registry.
1465 * SetUpBoot = This parameter is true for a setup boot.
1470 NtInitializeRegistry(
1475 ZwInitializeRegistry(
1481 NtListenPort (HANDLE PortHandle
,
1482 PLPC_MESSAGE LpcMessage
);
1485 ZwListenPort (HANDLE PortHandle
,
1486 PLPC_MESSAGE LpcMessage
);
1490 * FUNCTION: Loads a driver.
1492 * DriverServiceName = Name of the driver to load
1498 IN PUNICODE_STRING DriverServiceName
1504 IN PUNICODE_STRING DriverServiceName
1508 * FUNCTION: Locks a range of bytes in a file.
1510 * FileHandle = Handle to the file
1511 * Event = Should be null if apc is specified.
1512 * ApcRoutine = Asynchroneous Procedure Callback
1513 * ApcContext = Argument to the callback
1514 * IoStatusBlock (OUT) = Caller should supply storage for a structure containing
1515 * the completion status and information about the requested lock operation.
1516 * ByteOffset = Offset
1517 * Length = Number of bytes to lock.
1518 * Key = Special value to give other threads the possibility to unlock the file
1519 by supplying the key in a call to NtUnlockFile.
1520 * FailImmediatedly = If false the request will block untill the lock is obtained.
1521 * ExclusiveLock = Specifies whether a exclusive or a shared lock is obtained.
1523 This procedure maps to the win32 procedure LockFileEx. STATUS_PENDING is returned if the lock could
1524 not be obtained immediately, the device queue is busy and the IRP is queued.
1525 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES |
1526 STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_LOCK_NOT_GRANTED ]
1532 IN HANDLE FileHandle
,
1533 IN HANDLE Event OPTIONAL
,
1534 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
1535 IN PVOID ApcContext OPTIONAL
,
1536 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1537 IN PLARGE_INTEGER ByteOffset
,
1538 IN PLARGE_INTEGER Length
,
1540 IN BOOLEAN FailImmediatedly
,
1541 IN BOOLEAN ExclusiveLock
1547 IN HANDLE FileHandle
,
1548 IN HANDLE Event OPTIONAL
,
1549 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
1550 IN PVOID ApcContext OPTIONAL
,
1551 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1552 IN PLARGE_INTEGER ByteOffset
,
1553 IN PLARGE_INTEGER Length
,
1555 IN BOOLEAN FailImmediatedly
,
1556 IN BOOLEAN ExclusiveLock
1560 * FUNCTION: Makes temporary object that will be removed at next boot.
1562 * Handle = Handle to object
1568 NtMakeTemporaryObject(
1574 ZwMakeTemporaryObject(
1578 * FUNCTION: Maps a view of a section into the virtual address space of a
1581 * SectionHandle = Handle of the section
1582 * ProcessHandle = Handle of the process
1583 * BaseAddress = Desired base address (or NULL) on entry
1584 * Actual base address of the view on exit
1585 * ZeroBits = Number of high order address bits that must be zero
1586 * CommitSize = Size in bytes of the initially committed section of
1588 * SectionOffset = Offset in bytes from the beginning of the section
1589 * to the beginning of the view
1590 * ViewSize = Desired length of map (or zero to map all) on entry
1591 * Actual length mapped on exit
1592 * InheritDisposition = Specified how the view is to be shared with
1594 * AllocateType = Type of allocation for the pages
1595 * Protect = Protection for the committed region of the view
1601 IN HANDLE SectionHandle
,
1602 IN HANDLE ProcessHandle
,
1603 IN OUT PVOID
*BaseAddress
,
1605 IN ULONG CommitSize
,
1606 IN OUT PLARGE_INTEGER SectionOffset OPTIONAL
,
1607 IN OUT PULONG ViewSize
,
1608 IN SECTION_INHERIT InheritDisposition
,
1609 IN ULONG AllocationType
,
1610 IN ULONG AccessProtection
1616 IN HANDLE SectionHandle
,
1617 IN HANDLE ProcessHandle
,
1618 IN OUT PVOID
*BaseAddress
,
1620 IN ULONG CommitSize
,
1621 IN OUT PLARGE_INTEGER SectionOffset OPTIONAL
,
1622 IN OUT PULONG ViewSize
,
1623 IN SECTION_INHERIT InheritDisposition
,
1624 IN ULONG AllocationType
,
1625 IN ULONG AccessProtection
1629 * FUNCTION: Installs a notify for the change of a directory's contents
1631 * FileHandle = Handle to the directory
1633 * ApcRoutine = Start address
1634 * ApcContext = Delimits the range of virtual memory
1635 * for which the new access protection holds
1636 * IoStatusBlock = The new access proctection for the pages
1637 * Buffer = Caller supplies storage for resulting information --> FILE_NOTIFY_INFORMATION
1638 * BufferSize = Size of the buffer
1639 CompletionFilter = Can be one of the following values:
1640 FILE_NOTIFY_CHANGE_FILE_NAME
1641 FILE_NOTIFY_CHANGE_DIR_NAME
1642 FILE_NOTIFY_CHANGE_NAME ( FILE_NOTIFY_CHANGE_FILE_NAME | FILE_NOTIFY_CHANGE_DIR_NAME )
1643 FILE_NOTIFY_CHANGE_ATTRIBUTES
1644 FILE_NOTIFY_CHANGE_SIZE
1645 FILE_NOTIFY_CHANGE_LAST_WRITE
1646 FILE_NOTIFY_CHANGE_LAST_ACCESS
1647 FILE_NOTIFY_CHANGE_CREATION ( change of creation timestamp )
1648 FILE_NOTIFY_CHANGE_EA
1649 FILE_NOTIFY_CHANGE_SECURITY
1650 FILE_NOTIFY_CHANGE_STREAM_NAME
1651 FILE_NOTIFY_CHANGE_STREAM_SIZE
1652 FILE_NOTIFY_CHANGE_STREAM_WRITE
1653 WatchTree = If true the notify will be installed recursively on the targetdirectory and all subdirectories.
1656 * The function maps to the win32 FindFirstChangeNotification, FindNextChangeNotification
1661 NtNotifyChangeDirectoryFile(
1662 IN HANDLE FileHandle
,
1663 IN HANDLE Event OPTIONAL
,
1664 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
1665 IN PVOID ApcContext OPTIONAL
,
1666 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1668 IN ULONG BufferSize
,
1669 IN ULONG CompletionFilter
,
1670 IN BOOLEAN WatchTree
1675 ZwNotifyChangeDirectoryFile(
1676 IN HANDLE FileHandle
,
1677 IN HANDLE Event OPTIONAL
,
1678 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
1679 IN PVOID ApcContext OPTIONAL
,
1680 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1682 IN ULONG BufferSize
,
1683 IN ULONG CompletionFilter
,
1684 IN BOOLEAN WatchTree
1688 * FUNCTION: Installs a notfication callback on registry changes
1690 KeyHandle = Handle to the registry key
1691 Event = Event that should be signalled on modification of the key
1692 ApcRoutine = Routine that should be called on modification of the key
1693 ApcContext = Argument to the ApcRoutine
1695 CompletionFilter = Specifies the kind of notification the caller likes to receive.
1696 Can be a combination of the following values:
1698 REG_NOTIFY_CHANGE_NAME
1699 REG_NOTIFY_CHANGE_ATTRIBUTES
1700 REG_NOTIFY_CHANGE_LAST_SET
1701 REG_NOTIFY_CHANGE_SECURITY
1704 Asynchroneous = If TRUE the changes are reported by signalling an event if false
1705 the function will not return before a change occurs.
1706 ChangeBuffer = Will return the old value
1707 Length = Size of the change buffer
1708 WatchSubtree = Indicates if the caller likes to receive a notification of changes in
1710 * REMARKS: If the key is closed the event is signalled aswell.
1717 IN HANDLE KeyHandle
,
1719 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
1720 IN PVOID ApcContext OPTIONAL
,
1721 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1722 IN ULONG CompletionFilter
,
1723 IN BOOLEAN Asynchroneous
,
1724 OUT PVOID ChangeBuffer
,
1726 IN BOOLEAN WatchSubtree
1732 IN HANDLE KeyHandle
,
1734 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
1735 IN PVOID ApcContext OPTIONAL
,
1736 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1737 IN ULONG CompletionFilter
,
1738 IN BOOLEAN Asynchroneous
,
1739 OUT PVOID ChangeBuffer
,
1741 IN BOOLEAN WatchSubtree
1745 * FUNCTION: Opens an existing directory object
1747 * FileHandle (OUT) = Caller supplied storage for the resulting handle
1748 * DesiredAccess = Requested access to the directory
1749 * ObjectAttributes = Initialized attributes for the object
1755 NtOpenDirectoryObject(
1756 OUT PHANDLE FileHandle
,
1757 IN ACCESS_MASK DesiredAccess
,
1758 IN POBJECT_ATTRIBUTES ObjectAttributes
1762 ZwOpenDirectoryObject(
1763 OUT PHANDLE FileHandle
,
1764 IN ACCESS_MASK DesiredAccess
,
1765 IN POBJECT_ATTRIBUTES ObjectAttributes
1769 * FUNCTION: Opens an existing event
1771 * EventHandle (OUT) = Caller supplied storage for the resulting handle
1772 * DesiredAccess = Requested access to the event
1773 * ObjectAttributes = Initialized attributes for the object
1779 OUT PHANDLE EventHandle
,
1780 IN ACCESS_MASK DesiredAccess
,
1781 IN POBJECT_ATTRIBUTES ObjectAttributes
1787 OUT PHANDLE EventHandle
,
1788 IN ACCESS_MASK DesiredAccess
,
1789 IN POBJECT_ATTRIBUTES ObjectAttributes
1793 * FUNCTION: Opens an existing event pair
1795 * EventHandle (OUT) = Caller supplied storage for the resulting handle
1796 * DesiredAccess = Requested access to the event
1797 * ObjectAttributes = Initialized attributes for the object
1804 OUT PHANDLE EventPairHandle
,
1805 IN ACCESS_MASK DesiredAccess
,
1806 IN POBJECT_ATTRIBUTES ObjectAttributes
1812 OUT PHANDLE EventPairHandle
,
1813 IN ACCESS_MASK DesiredAccess
,
1814 IN POBJECT_ATTRIBUTES ObjectAttributes
1817 * FUNCTION: Opens an existing file
1819 * FileHandle (OUT) = Caller supplied storage for the resulting handle
1820 * DesiredAccess = Requested access to the file
1821 * ObjectAttributes = Initialized attributes for the object
1830 OUT PHANDLE FileHandle
,
1831 IN ACCESS_MASK DesiredAccess
,
1832 IN POBJECT_ATTRIBUTES ObjectAttributes
,
1833 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1834 IN ULONG ShareAccess
,
1835 IN ULONG OpenOptions
1841 OUT PHANDLE FileHandle
,
1842 IN ACCESS_MASK DesiredAccess
,
1843 IN POBJECT_ATTRIBUTES ObjectAttributes
,
1844 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1845 IN ULONG ShareAccess
,
1846 IN ULONG OpenOptions
1850 * FUNCTION: Opens an existing io completion object
1852 * CompletionPort (OUT) = Caller supplied storage for the resulting handle
1853 * DesiredAccess = Requested access to the io completion object
1854 * ObjectAttributes = Initialized attributes for the object
1861 OUT PHANDLE CompetionPort
,
1862 IN ACCESS_MASK DesiredAccess
,
1863 IN POBJECT_ATTRIBUTES ObjectAttributes
1869 OUT PHANDLE CompetionPort
,
1870 IN ACCESS_MASK DesiredAccess
,
1871 IN POBJECT_ATTRIBUTES ObjectAttributes
1875 * FUNCTION: Opens an existing key in the registry
1877 * KeyHandle (OUT) = Caller supplied storage for the resulting handle
1878 * DesiredAccess = Requested access to the key
1879 * ObjectAttributes = Initialized attributes for the object
1885 OUT PHANDLE KeyHandle
,
1886 IN ACCESS_MASK DesiredAccess
,
1887 IN POBJECT_ATTRIBUTES ObjectAttributes
1893 OUT PHANDLE KeyHandle
,
1894 IN ACCESS_MASK DesiredAccess
,
1895 IN POBJECT_ATTRIBUTES ObjectAttributes
1898 * FUNCTION: Opens an existing key in the registry
1900 * MutantHandle (OUT) = Caller supplied storage for the resulting handle
1901 * DesiredAccess = Requested access to the mutant
1902 * ObjectAttribute = Initialized attributes for the object
1908 OUT PHANDLE MutantHandle
,
1909 IN ACCESS_MASK DesiredAccess
,
1910 IN POBJECT_ATTRIBUTES ObjectAttributes
1915 OUT PHANDLE MutantHandle
,
1916 IN ACCESS_MASK DesiredAccess
,
1917 IN POBJECT_ATTRIBUTES ObjectAttributes
1921 * FUNCTION: Opens an existing process
1923 * ProcessHandle (OUT) = Caller supplied storage for the resulting handle
1924 * DesiredAccess = Requested access to the process
1925 * ObjectAttribute = Initialized attributes for the object
1926 * ClientId = Identifies the process id to open
1932 OUT PHANDLE ProcessHandle
,
1933 IN ACCESS_MASK DesiredAccess
,
1934 IN POBJECT_ATTRIBUTES ObjectAttributes
,
1935 IN PCLIENT_ID ClientId
1940 OUT PHANDLE ProcessHandle
,
1941 IN ACCESS_MASK DesiredAccess
,
1942 IN POBJECT_ATTRIBUTES ObjectAttributes
,
1943 IN PCLIENT_ID ClientId
1946 * FUNCTION: Opens an existing process
1948 * ProcessHandle = Handle of the process of which owns the token
1949 * DesiredAccess = Requested access to the token
1950 * TokenHandle (OUT) = Caller supplies storage for the resulting token.
1952 This function maps to the win32
1959 IN HANDLE ProcessHandle
,
1960 IN ACCESS_MASK DesiredAccess
,
1961 OUT PHANDLE TokenHandle
1967 IN HANDLE ProcessHandle
,
1968 IN ACCESS_MASK DesiredAccess
,
1969 OUT PHANDLE TokenHandle
1973 * FUNCTION: Opens an existing section object
1975 * KeyHandle (OUT) = Caller supplied storage for the resulting handle
1976 * DesiredAccess = Requested access to the key
1977 * ObjectAttribute = Initialized attributes for the object
1984 OUT PHANDLE SectionHandle
,
1985 IN ACCESS_MASK DesiredAccess
,
1986 IN POBJECT_ATTRIBUTES ObjectAttributes
1991 OUT PHANDLE SectionHandle
,
1992 IN ACCESS_MASK DesiredAccess
,
1993 IN POBJECT_ATTRIBUTES ObjectAttributes
1996 * FUNCTION: Opens an existing semaphore
1998 * SemaphoreHandle (OUT) = Caller supplied storage for the resulting handle
1999 * DesiredAccess = Requested access to the semaphore
2000 * ObjectAttribute = Initialized attributes for the object
2006 IN HANDLE SemaphoreHandle
,
2007 IN ACCESS_MASK DesiredAcces
,
2008 IN POBJECT_ATTRIBUTES ObjectAttributes
2013 IN HANDLE SemaphoreHandle
,
2014 IN ACCESS_MASK DesiredAcces
,
2015 IN POBJECT_ATTRIBUTES ObjectAttributes
2018 * FUNCTION: Opens an existing symbolic link
2020 * SymbolicLinkHandle (OUT) = Caller supplied storage for the resulting handle
2021 * DesiredAccess = Requested access to the symbolic link
2022 * ObjectAttribute = Initialized attributes for the object
2027 NtOpenSymbolicLinkObject(
2028 OUT PHANDLE SymbolicLinkHandle
,
2029 IN ACCESS_MASK DesiredAccess
,
2030 IN POBJECT_ATTRIBUTES ObjectAttributes
2034 ZwOpenSymbolicLinkObject(
2035 OUT PHANDLE SymbolicLinkHandle
,
2036 IN ACCESS_MASK DesiredAccess
,
2037 IN POBJECT_ATTRIBUTES ObjectAttributes
2040 * FUNCTION: Opens an existing thread
2042 * ThreadHandle (OUT) = Caller supplied storage for the resulting handle
2043 * DesiredAccess = Requested access to the thread
2044 * ObjectAttribute = Initialized attributes for the object
2045 * ClientId = Identifies the thread to open.
2051 OUT PHANDLE ThreadHandle
,
2052 IN ACCESS_MASK DesiredAccess
,
2053 IN POBJECT_ATTRIBUTES ObjectAttributes
,
2054 IN PCLIENT_ID ClientId
2059 OUT PHANDLE ThreadHandle
,
2060 IN ACCESS_MASK DesiredAccess
,
2061 IN POBJECT_ATTRIBUTES ObjectAttributes
,
2062 IN PCLIENT_ID ClientId
2068 IN HANDLE ThreadHandle
,
2069 IN ACCESS_MASK DesiredAccess
,
2070 IN BOOLEAN OpenAsSelf
,
2071 OUT PHANDLE TokenHandle
2077 IN HANDLE ThreadHandle
,
2078 IN ACCESS_MASK DesiredAccess
,
2079 IN BOOLEAN OpenAsSelf
,
2080 OUT PHANDLE TokenHandle
2083 * FUNCTION: Opens an existing timer
2085 * TimerHandle (OUT) = Caller supplied storage for the resulting handle
2086 * DesiredAccess = Requested access to the timer
2087 * ObjectAttribute = Initialized attributes for the object
2093 OUT PHANDLE TimerHandle
,
2094 IN ACCESS_MASK DesiredAccess
,
2095 IN POBJECT_ATTRIBUTES ObjectAttributes
2100 OUT PHANDLE TimerHandle
,
2101 IN ACCESS_MASK DesiredAccess
,
2102 IN POBJECT_ATTRIBUTES ObjectAttributes
2106 * FUNCTION: Checks an access token for specific privileges
2108 * ClientToken = Handle to a access token structure
2109 * RequiredPrivileges = Specifies the requested privileges.
2110 * Result = Caller supplies storage for the result. If PRIVILEGE_SET_ALL_NECESSARY is
2111 set in the Control member of PRIVILEGES_SET Result
2112 will only be TRUE if all privileges are present in the access token.
2119 IN HANDLE ClientToken
,
2120 IN PPRIVILEGE_SET RequiredPrivileges
,
2127 IN HANDLE ClientToken
,
2128 IN PPRIVILEGE_SET RequiredPrivileges
,
2134 NtPrivilegedServiceAuditAlarm(
2135 IN PUNICODE_STRING SubsystemName
,
2136 IN PUNICODE_STRING ServiceName
,
2137 IN HANDLE ClientToken
,
2138 IN PPRIVILEGE_SET Privileges
,
2139 IN BOOLEAN AccessGranted
2144 ZwPrivilegedServiceAuditAlarm(
2145 IN PUNICODE_STRING SubsystemName
,
2146 IN PUNICODE_STRING ServiceName
,
2147 IN HANDLE ClientToken
,
2148 IN PPRIVILEGE_SET Privileges
,
2149 IN BOOLEAN AccessGranted
2154 NtPrivilegeObjectAuditAlarm(
2155 IN PUNICODE_STRING SubsystemName
,
2157 IN HANDLE ClientToken
,
2158 IN ULONG DesiredAccess
,
2159 IN PPRIVILEGE_SET Privileges
,
2160 IN BOOLEAN AccessGranted
2165 ZwPrivilegeObjectAuditAlarm(
2166 IN PUNICODE_STRING SubsystemName
,
2168 IN HANDLE ClientToken
,
2169 IN ULONG DesiredAccess
,
2170 IN PPRIVILEGE_SET Privileges
,
2171 IN BOOLEAN AccessGranted
2175 * FUNCTION: Entry point for native applications
2177 * Peb = Pointes to the Process Environment Block (PEB)
2179 * Native applications should use this function instead of a main.
2180 * Calling proces should terminate itself.
2190 * FUNCTION: Signals an event and resets it afterwards.
2192 * EventHandle = Handle to the event
2193 * PulseCount = Number of times the action is repeated
2199 IN HANDLE EventHandle
,
2200 IN PULONG PulseCount OPTIONAL
2206 IN HANDLE EventHandle
,
2207 IN PULONG PulseCount OPTIONAL
2211 * FUNCTION: Queries the attributes of a file
2213 * ObjectAttributes = Initialized attributes for the object
2214 * Buffer = Caller supplies storage for the attributes
2219 NtQueryAttributesFile(IN POBJECT_ATTRIBUTES ObjectAttributes
,
2220 OUT PFILE_BASIC_INFORMATION FileInformation
);
2223 ZwQueryAttributesFile(IN POBJECT_ATTRIBUTES ObjectAttributes
,
2224 OUT PFILE_BASIC_INFORMATION FileInformation
);
2227 * FUNCTION: Queries the default locale id
2229 * UserProfile = Type of locale id
2230 * TRUE: thread locale id
2231 * FALSE: system locale id
2232 * DefaultLocaleId = Caller supplies storage for the locale id
2238 NtQueryDefaultLocale(
2239 IN BOOLEAN UserProfile
,
2240 OUT PLCID DefaultLocaleId
2245 ZwQueryDefaultLocale(
2246 IN BOOLEAN UserProfile
,
2247 OUT PLCID DefaultLocaleId
2251 * FUNCTION: Queries a directory file.
2253 * FileHandle = Handle to a directory file
2254 * EventHandle = Handle to the event signaled on completion
2255 * ApcRoutine = Asynchroneous procedure callback, called on completion
2256 * ApcContext = Argument to the apc.
2257 * IoStatusBlock = Caller supplies storage for extended status information.
2258 * FileInformation = Caller supplies storage for the resulting information.
2260 * FileNameInformation FILE_NAMES_INFORMATION
2261 * FileDirectoryInformation FILE_DIRECTORY_INFORMATION
2262 * FileFullDirectoryInformation FILE_FULL_DIRECTORY_INFORMATION
2263 * FileBothDirectoryInformation FILE_BOTH_DIR_INFORMATION
2265 * Length = Size of the storage supplied
2266 * FileInformationClass = Indicates the type of information requested.
2267 * ReturnSingleEntry = Specify true if caller only requests the first directory found.
2268 * FileName = Initial directory name to query, that may contain wild cards.
2269 * RestartScan = Number of times the action should be repeated
2270 * RETURNS: Status [ STATUS_SUCCESS, STATUS_ACCESS_DENIED, STATUS_INSUFFICIENT_RESOURCES,
2271 * STATUS_INVALID_PARAMETER, STATUS_INVALID_DEVICE_REQUEST, STATUS_BUFFER_OVERFLOW,
2272 * STATUS_INVALID_INFO_CLASS, STATUS_NO_SUCH_FILE, STATUS_NO_MORE_FILES ]
2277 NtQueryDirectoryFile(
2278 IN HANDLE FileHandle
,
2279 IN HANDLE Event OPTIONAL
,
2280 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
2281 IN PVOID ApcContext OPTIONAL
,
2282 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2283 OUT PVOID FileInformation
,
2285 IN FILE_INFORMATION_CLASS FileInformationClass
,
2286 IN BOOLEAN ReturnSingleEntry
,
2287 IN PUNICODE_STRING FileName OPTIONAL
,
2288 IN BOOLEAN RestartScan
2293 ZwQueryDirectoryFile(
2294 IN HANDLE FileHandle
,
2295 IN HANDLE Event OPTIONAL
,
2296 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
2297 IN PVOID ApcContext OPTIONAL
,
2298 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2299 OUT PVOID FileInformation
,
2301 IN FILE_INFORMATION_CLASS FileInformationClass
,
2302 IN BOOLEAN ReturnSingleEntry
,
2303 IN PUNICODE_STRING FileName OPTIONAL
,
2304 IN BOOLEAN RestartScan
2308 * FUNCTION: Queries the extended attributes of a file
2310 * FileHandle = Handle to the event
2311 * IoStatusBlock = Number of times the action is repeated
2325 IN HANDLE FileHandle
,
2326 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2329 IN BOOLEAN ReturnSingleEntry
,
2330 IN PVOID EaList OPTIONAL
,
2331 IN ULONG EaListLength
,
2332 IN PULONG EaIndex OPTIONAL
,
2333 IN BOOLEAN RestartScan
2339 IN HANDLE FileHandle
,
2340 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2343 IN BOOLEAN ReturnSingleEntry
,
2344 IN PVOID EaList OPTIONAL
,
2345 IN ULONG EaListLength
,
2346 IN PULONG EaIndex OPTIONAL
,
2347 IN BOOLEAN RestartScan
2351 * FUNCTION: Queries an event
2353 * EventHandle = Handle to the event
2354 * EventInformationClass = Index of the information structure
2356 EventBasicInformation EVENT_BASIC_INFORMATION
2358 * EventInformation = Caller supplies storage for the information structure
2359 * EventInformationLength = Size of the information structure
2360 * ReturnLength = Data written
2366 IN HANDLE EventHandle
,
2367 IN EVENT_INFORMATION_CLASS EventInformationClass
,
2368 OUT PVOID EventInformation
,
2369 IN ULONG EventInformationLength
,
2370 OUT PULONG ReturnLength
2375 IN HANDLE EventHandle
,
2376 IN EVENT_INFORMATION_CLASS EventInformationClass
,
2377 OUT PVOID EventInformation
,
2378 IN ULONG EventInformationLength
,
2379 OUT PULONG ReturnLength
2383 NtQueryFullAttributesFile(IN POBJECT_ATTRIBUTES ObjectAttributes
,
2384 OUT PFILE_NETWORK_OPEN_INFORMATION FileInformation
);
2387 ZwQueryFullAttributesFile(IN POBJECT_ATTRIBUTES ObjectAttributes
,
2388 OUT PFILE_NETWORK_OPEN_INFORMATION FileInformation
);
2391 * FUNCTION: Queries the information of a file object.
2393 * FileHandle = Handle to the file object
2394 * IoStatusBlock = Caller supplies storage for extended information
2395 * on the current operation.
2396 * FileInformation = Storage for the new file information
2397 * Lenght = Size of the storage for the file information.
2398 * FileInformationClass = Indicates which file information is queried
2400 FileDirectoryInformation FILE_DIRECTORY_INFORMATION
2401 FileFullDirectoryInformation FILE_FULL_DIRECTORY_INFORMATION
2402 FileBothDirectoryInformation FILE_BOTH_DIRECTORY_INFORMATION
2403 FileBasicInformation FILE_BASIC_INFORMATION
2404 FileStandardInformation FILE_STANDARD_INFORMATION
2405 FileInternalInformation FILE_INTERNAL_INFORMATION
2406 FileEaInformation FILE_EA_INFORMATION
2407 FileAccessInformation FILE_ACCESS_INFORMATION
2408 FileNameInformation FILE_NAME_INFORMATION
2409 FileRenameInformation FILE_RENAME_INFORMATION
2411 FileNamesInformation FILE_NAMES_INFORMATION
2412 FileDispositionInformation FILE_DISPOSITION_INFORMATION
2413 FilePositionInformation FILE_POSITION_INFORMATION
2414 FileFullEaInformation FILE_FULL_EA_INFORMATION
2415 FileModeInformation FILE_MODE_INFORMATION
2416 FileAlignmentInformation FILE_ALIGNMENT_INFORMATION
2417 FileAllInformation FILE_ALL_INFORMATION
2419 FileEndOfFileInformation FILE_END_OF_FILE_INFORMATION
2420 FileAlternateNameInformation
2421 FileStreamInformation FILE_STREAM_INFORMATION
2423 FilePipeLocalInformation
2424 FilePipeRemoteInformation
2425 FileMailslotQueryInformation
2426 FileMailslotSetInformation
2427 FileCompressionInformation FILE_COMPRESSION_INFORMATION
2428 FileCopyOnWriteInformation
2429 FileCompletionInformation IO_COMPLETION_CONTEXT
2430 FileMoveClusterInformation
2431 FileOleClassIdInformation
2432 FileOleStateBitsInformation
2433 FileNetworkOpenInformation FILE_NETWORK_OPEN_INFORMATION
2434 FileObjectIdInformation
2435 FileOleAllInformation
2436 FileOleDirectoryInformation
2437 FileContentIndexInformation
2438 FileInheritContentIndexInformation
2440 FileMaximumInformation
2443 * This procedure maps to the win32 GetShortPathName, GetLongPathName,
2444 GetFullPathName, GetFileType, GetFileSize, GetFileTime functions.
2449 NtQueryInformationFile(
2450 IN HANDLE FileHandle
,
2451 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2452 OUT PVOID FileInformation
,
2454 IN FILE_INFORMATION_CLASS FileInformationClass
2459 ZwQueryInformationFile(
2461 PIO_STATUS_BLOCK IoStatusBlock
,
2462 PVOID FileInformation
,
2464 FILE_INFORMATION_CLASS FileInformationClass
2469 NtQueryInformationPort (HANDLE PortHandle
,
2470 CINT PortInformationClass
,
2471 PVOID PortInformation
,
2472 ULONG PortInformationLength
,
2473 PULONG ReturnLength
);
2475 #ifndef __USE_W32API
2477 ZwQueryInformationPort (HANDLE PortHandle
,
2478 CINT PortInformationClass
,
2479 PVOID PortInformation
,
2480 ULONG PortInformationLength
,
2481 PULONG ReturnLength
);
2485 * FUNCTION: Queries the information of a thread object.
2487 * ThreadHandle = Handle to the thread object
2488 * ThreadInformationClass = Index to a certain information structure
2490 ThreadBasicInformation THREAD_BASIC_INFORMATION
2491 ThreadTimes KERNEL_USER_TIMES
2492 ThreadPriority KPRIORITY
2493 ThreadBasePriority KPRIORITY
2494 ThreadAffinityMask KAFFINITY
2495 ThreadImpersonationToken
2496 ThreadDescriptorTableEntry
2497 ThreadEnableAlignmentFaultFixup
2499 ThreadQuerySetWin32StartAddress
2501 ThreadPerformanceCount
2502 ThreadAmILastThread BOOLEAN
2503 ThreadIdealProcessor ULONG
2504 ThreadPriorityBoost ULONG
2508 * ThreadInformation = Caller supplies torage for the thread information
2509 * ThreadInformationLength = Size of the thread information structure
2510 * ReturnLength = Actual number of bytes written
2513 * This procedure maps to the win32 GetThreadTimes, GetThreadPriority,
2514 GetThreadPriorityBoost functions.
2521 NtQueryInformationThread(
2522 IN HANDLE ThreadHandle
,
2523 IN THREADINFOCLASS ThreadInformationClass
,
2524 OUT PVOID ThreadInformation
,
2525 IN ULONG ThreadInformationLength
,
2526 OUT PULONG ReturnLength
2532 NtQueryInformationToken(
2533 IN HANDLE TokenHandle
,
2534 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
2535 OUT PVOID TokenInformation
,
2536 IN ULONG TokenInformationLength
,
2537 OUT PULONG ReturnLength
2542 ZwQueryInformationToken(
2543 IN HANDLE TokenHandle
,
2544 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
2545 OUT PVOID TokenInformation
,
2546 IN ULONG TokenInformationLength
,
2547 OUT PULONG ReturnLength
2552 NtQueryIoCompletion(
2553 IN HANDLE IoCompletionHandle
,
2554 IN IO_COMPLETION_INFORMATION_CLASS IoCompletionInformationClass
,
2555 OUT PVOID IoCompletionInformation
,
2556 IN ULONG IoCompletionInformationLength
,
2557 OUT PULONG ResultLength OPTIONAL
2562 ZwQueryIoCompletion(
2563 IN HANDLE IoCompletionHandle
,
2564 IN IO_COMPLETION_INFORMATION_CLASS IoCompletionInformationClass
,
2565 OUT PVOID IoCompletionInformation
,
2566 IN ULONG IoCompletionInformationLength
,
2567 OUT PULONG ResultLength OPTIONAL
2571 * FUNCTION: Queries the information of a registry key object.
2573 KeyHandle = Handle to a registry key
2574 KeyInformationClass = Index to a certain information structure
2575 KeyInformation = Caller supplies storage for resulting information
2576 Length = Size of the supplied storage
2577 ResultLength = Bytes written
2582 IN HANDLE KeyHandle
,
2583 IN KEY_INFORMATION_CLASS KeyInformationClass
,
2584 OUT PVOID KeyInformation
,
2586 OUT PULONG ResultLength
2592 IN HANDLE KeyHandle
,
2593 IN KEY_INFORMATION_CLASS KeyInformationClass
,
2594 OUT PVOID KeyInformation
,
2596 OUT PULONG ResultLength
2604 NtQueryMultipleValueKey(
2605 IN HANDLE KeyHandle
,
2606 IN OUT PKEY_VALUE_ENTRY ValueList
,
2607 IN ULONG NumberOfValues
,
2609 IN OUT PULONG Length
,
2610 OUT PULONG ReturnLength
2615 ZwQueryMultipleValueKey(
2616 IN HANDLE KeyHandle
,
2617 IN OUT PKEY_VALUE_ENTRY ValueList
,
2618 IN ULONG NumberOfValues
,
2620 IN OUT PULONG Length
,
2621 OUT PULONG ReturnLength
2625 * FUNCTION: Queries the information of a mutant object.
2627 MutantHandle = Handle to a mutant
2628 MutantInformationClass = Index to a certain information structure
2629 MutantInformation = Caller supplies storage for resulting information
2630 Length = Size of the supplied storage
2631 ResultLength = Bytes written
2636 IN HANDLE MutantHandle
,
2637 IN CINT MutantInformationClass
,
2638 OUT PVOID MutantInformation
,
2640 OUT PULONG ResultLength
2646 IN HANDLE MutantHandle
,
2647 IN CINT MutantInformationClass
,
2648 OUT PVOID MutantInformation
,
2650 OUT PULONG ResultLength
2654 * FUNCTION: Queries the system ( high-resolution ) performance counter.
2656 * Counter = Performance counter
2657 * Frequency = Performance frequency
2659 This procedure queries a tick count faster than 10ms ( The resolution for Intel®-based CPUs is about 0.8 microseconds.)
2660 This procedure maps to the win32 QueryPerformanceCounter, QueryPerformanceFrequency
2666 NtQueryPerformanceCounter(
2667 IN PLARGE_INTEGER Counter
,
2668 IN PLARGE_INTEGER Frequency
2673 ZwQueryPerformanceCounter(
2674 IN PLARGE_INTEGER Counter
,
2675 IN PLARGE_INTEGER Frequency
2679 * FUNCTION: Queries the information of a semaphore.
2681 * SemaphoreHandle = Handle to the semaphore object
2682 * SemaphoreInformationClass = Index to a certain information structure
2684 SemaphoreBasicInformation SEMAPHORE_BASIC_INFORMATION
2686 * SemaphoreInformation = Caller supplies storage for the semaphore information structure
2687 * Length = Size of the infomation structure
2692 IN HANDLE SemaphoreHandle
,
2693 IN SEMAPHORE_INFORMATION_CLASS SemaphoreInformationClass
,
2694 OUT PVOID SemaphoreInformation
,
2696 OUT PULONG ReturnLength
2702 IN HANDLE SemaphoreHandle
,
2703 IN SEMAPHORE_INFORMATION_CLASS SemaphoreInformationClass
,
2704 OUT PVOID SemaphoreInformation
,
2706 OUT PULONG ReturnLength
2711 * FUNCTION: Queries the information of a symbolic link object.
2713 * SymbolicLinkHandle = Handle to the symbolic link object
2714 * LinkTarget = resolved name of link
2715 * DataWritten = size of the LinkName.
2721 NtQuerySymbolicLinkObject(
2722 IN HANDLE SymLinkObjHandle
,
2723 OUT PUNICODE_STRING LinkTarget
,
2724 OUT PULONG DataWritten OPTIONAL
2729 ZwQuerySymbolicLinkObject(
2730 IN HANDLE SymLinkObjHandle
,
2731 OUT PUNICODE_STRING LinkName
,
2732 OUT PULONG DataWritten OPTIONAL
2737 * FUNCTION: Queries a system environment variable.
2739 * Name = Name of the variable
2740 * Value (OUT) = value of the variable
2741 * Length = size of the buffer
2742 * ReturnLength = data written
2748 NtQuerySystemEnvironmentValue(
2749 IN PUNICODE_STRING Name
,
2757 ZwQuerySystemEnvironmentValue(
2758 IN PUNICODE_STRING Name
,
2766 * FUNCTION: Queries the system information.
2768 * SystemInformationClass = Index to a certain information structure
2770 SystemTimeAdjustmentInformation SYSTEM_TIME_ADJUSTMENT
2771 SystemCacheInformation SYSTEM_CACHE_INFORMATION
2772 SystemConfigurationInformation CONFIGURATION_INFORMATION
2774 * SystemInformation = caller supplies storage for the information structure
2775 * Length = size of the structure
2776 ResultLength = Data written
2782 NtQuerySystemInformation(
2783 IN SYSTEM_INFORMATION_CLASS SystemInformationClass
,
2784 OUT PVOID SystemInformation
,
2786 OUT PULONG ResultLength
2791 ZwQuerySystemInformation(
2792 IN SYSTEM_INFORMATION_CLASS SystemInformationClass
,
2793 OUT PVOID SystemInformation
,
2795 OUT PULONG ResultLength
2799 * FUNCTION: Queries information about a timer
2801 * TimerHandle = Handle to the timer
2802 TimerValueInformationClass = Index to a certain information structure
2803 TimerValueInformation = Caller supplies storage for the information structure
2804 Length = Size of the information structure
2805 ResultLength = Data written
2812 IN HANDLE TimerHandle
,
2813 IN CINT TimerInformationClass
,
2814 OUT PVOID TimerInformation
,
2816 OUT PULONG ResultLength
2821 IN HANDLE TimerHandle
,
2822 IN CINT TimerInformationClass
,
2823 OUT PVOID TimerInformation
,
2825 OUT PULONG ResultLength
2829 * FUNCTION: Queries the timer resolution
2831 * MinimumResolution (OUT) = Caller should supply storage for the resulting time.
2832 Maximum Resolution (OUT) = Caller should supply storage for the resulting time.
2833 ActualResolution (OUT) = Caller should supply storage for the resulting time.
2841 NtQueryTimerResolution (
2842 OUT PULONG MinimumResolution
,
2843 OUT PULONG MaximumResolution
,
2844 OUT PULONG ActualResolution
2849 ZwQueryTimerResolution (
2850 OUT PULONG MinimumResolution
,
2851 OUT PULONG MaximumResolution
,
2852 OUT PULONG ActualResolution
2856 * FUNCTION: Queries a registry key value
2858 * KeyHandle = Handle to the registry key
2859 ValueName = Name of the value in the registry key
2860 KeyValueInformationClass = Index to a certain information structure
2862 KeyValueBasicInformation = KEY_VALUE_BASIC_INFORMATION
2863 KeyValueFullInformation = KEY_FULL_INFORMATION
2864 KeyValuePartialInformation = KEY_VALUE_PARTIAL_INFORMATION
2866 KeyValueInformation = Caller supplies storage for the information structure
2867 Length = Size of the information structure
2868 ResultLength = Data written
2875 IN HANDLE KeyHandle
,
2876 IN PUNICODE_STRING ValueName
,
2877 IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass
,
2878 OUT PVOID KeyValueInformation
,
2880 OUT PULONG ResultLength
2886 IN HANDLE KeyHandle
,
2887 IN PUNICODE_STRING ValueName
,
2888 IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass
,
2889 OUT PVOID KeyValueInformation
,
2891 OUT PULONG ResultLength
2895 * FUNCTION: Queries the volume information
2897 * FileHandle = Handle to a file object on the target volume
2898 * IoStatusBlock = Caller should supply storage for additional status information
2899 * ReturnLength = DataWritten
2900 * FsInformation = Caller should supply storage for the information structure.
2901 * Length = Size of the information structure
2902 * FsInformationClass = Index to a information structure
2904 FileFsVolumeInformation FILE_FS_VOLUME_INFORMATION
2905 FileFsLabelInformation FILE_FS_LABEL_INFORMATION
2906 FileFsSizeInformation FILE_FS_SIZE_INFORMATION
2907 FileFsDeviceInformation FILE_FS_DEVICE_INFORMATION
2908 FileFsAttributeInformation FILE_FS_ATTRIBUTE_INFORMATION
2909 FileFsControlInformation
2910 FileFsQuotaQueryInformation --
2911 FileFsQuotaSetInformation --
2912 FileFsMaximumInformation
2914 * RETURNS: Status [ STATUS_SUCCESS | STATUS_INSUFFICIENT_RESOURCES | STATUS_INVALID_PARAMETER |
2915 STATUS_INVALID_DEVICE_REQUEST | STATUS_BUFFER_OVERFLOW ]
2920 NtQueryVolumeInformationFile(
2921 IN HANDLE FileHandle
,
2922 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2923 OUT PVOID FsInformation
,
2925 IN FS_INFORMATION_CLASS FsInformationClass
2930 ZwQueryVolumeInformationFile(
2931 IN HANDLE FileHandle
,
2932 OUT PIO_STATUS_BLOCK IoStatusBlock
,
2933 OUT PVOID FsInformation
,
2935 IN FS_INFORMATION_CLASS FsInformationClass
2938 // FIXME: Should I specify if the apc is user or kernel mode somewhere ??
2940 * FUNCTION: Queues a (user) apc to a thread.
2942 ThreadHandle = Thread to which the apc is queued.
2943 ApcRoutine = Points to the apc routine
2944 NormalContext = Argument to Apc Routine
2945 * SystemArgument1 = Argument of the Apc Routine
2946 SystemArgument2 = Argument of the Apc Routine
2947 * REMARK: If the apc is queued against a thread of a different process than the calling thread
2948 the apc routine should be specified in the address space of the queued thread's process.
2955 HANDLE ThreadHandle
,
2956 PKNORMAL_ROUTINE ApcRoutine
,
2957 PVOID NormalContext
,
2958 PVOID SystemArgument1
,
2959 PVOID SystemArgument2
);
2964 HANDLE ThreadHandle
,
2965 PKNORMAL_ROUTINE ApcRoutine
,
2966 PVOID NormalContext
,
2967 PVOID SystemArgument1
,
2968 PVOID SystemArgument2
);
2972 * FUNCTION: Raises an exception
2974 * ExceptionRecord = Structure specifying the exception
2975 * Context = Context in which the excpetion is raised
2984 IN PEXCEPTION_RECORD ExceptionRecord
,
2985 IN PCONTEXT Context
,
2986 IN BOOLEAN SearchFrames
2992 IN PEXCEPTION_RECORD ExceptionRecord
,
2993 IN PCONTEXT Context
,
2994 IN BOOLEAN SearchFrames
2998 * FUNCTION: Read a file
3000 * FileHandle = Handle of a file to read
3001 * Event = This event is signalled when the read operation completes
3002 * UserApcRoutine = Call back , if supplied Event should be NULL
3003 * UserApcContext = Argument to the callback
3004 * IoStatusBlock = Caller should supply storage for additional status information
3005 * Buffer = Caller should supply storage to receive the information
3006 * BufferLength = Size of the buffer
3007 * ByteOffset = Offset to start reading the file
3008 * Key = If a range is lock a matching key will allow the read to continue.
3016 IN HANDLE FileHandle
,
3017 IN HANDLE Event OPTIONAL
,
3018 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL
,
3019 IN PVOID UserApcContext OPTIONAL
,
3020 OUT PIO_STATUS_BLOCK IoStatusBlock
,
3022 IN ULONG BufferLength
,
3023 IN PLARGE_INTEGER ByteOffset OPTIONAL
,
3024 IN PULONG Key OPTIONAL
3030 IN HANDLE FileHandle
,
3031 IN HANDLE Event OPTIONAL
,
3032 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL
,
3033 IN PVOID UserApcContext OPTIONAL
,
3034 OUT PIO_STATUS_BLOCK IoStatusBlock
,
3036 IN ULONG BufferLength
,
3037 IN PLARGE_INTEGER ByteOffset OPTIONAL
,
3038 IN PULONG Key OPTIONAL
3041 * FUNCTION: Read a file using scattered io
3043 FileHandle = Handle of a file to read
3044 Event = This event is signalled when the read operation completes
3045 * UserApcRoutine = Call back , if supplied Event should be NULL
3046 UserApcContext = Argument to the callback
3047 IoStatusBlock = Caller should supply storage for additional status information
3048 BufferDescription = Caller should supply storage to receive the information
3049 BufferLength = Size of the buffer
3050 ByteOffset = Offset to start reading the file
3051 Key = Key = If a range is lock a matching key will allow the read to continue.
3058 IN HANDLE FileHandle
,
3059 IN HANDLE Event OPTIONAL
,
3060 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL
,
3061 IN PVOID UserApcContext OPTIONAL
,
3062 OUT PIO_STATUS_BLOCK UserIoStatusBlock
,
3063 IN FILE_SEGMENT_ELEMENT BufferDescription
[],
3064 IN ULONG BufferLength
,
3065 IN PLARGE_INTEGER ByteOffset
,
3066 IN PULONG Key OPTIONAL
3072 IN HANDLE FileHandle
,
3073 IN HANDLE Event OPTIONAL
,
3074 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL
,
3075 IN PVOID UserApcContext OPTIONAL
,
3076 OUT PIO_STATUS_BLOCK UserIoStatusBlock
,
3077 IN FILE_SEGMENT_ELEMENT BufferDescription
[],
3078 IN ULONG BufferLength
,
3079 IN PLARGE_INTEGER ByteOffset
,
3080 IN PULONG Key OPTIONAL
3085 NtReadRequestData (HANDLE PortHandle
,
3086 PLPC_MESSAGE Message
,
3090 PULONG ReturnLength
);
3093 ZwReadRequestData (HANDLE PortHandle
,
3094 PLPC_MESSAGE Message
,
3098 PULONG ReturnLength
);
3102 * FUNCTION: Copies a range of virtual memory to a buffer
3104 * ProcessHandle = Specifies the process owning the virtual address space
3105 * BaseAddress = Points to the address of virtual memory to start the read
3106 * Buffer = Caller supplies storage to copy the virtual memory to.
3107 * NumberOfBytesToRead = Limits the range to read
3108 * NumberOfBytesRead = The actual number of bytes read.
3114 NtReadVirtualMemory(
3115 IN HANDLE ProcessHandle
,
3116 IN PVOID BaseAddress
,
3118 IN ULONG NumberOfBytesToRead
,
3119 OUT PULONG NumberOfBytesRead
3123 ZwReadVirtualMemory(
3124 IN HANDLE ProcessHandle
,
3125 IN PVOID BaseAddress
,
3127 IN ULONG NumberOfBytesToRead
,
3128 OUT PULONG NumberOfBytesRead
3133 * FUNCTION: Debugger can register for thread termination
3135 * TerminationPort = Port on which the debugger likes to be notified.
3140 NtRegisterThreadTerminatePort(
3141 HANDLE TerminationPort
3145 ZwRegisterThreadTerminatePort(
3146 HANDLE TerminationPort
3150 * FUNCTION: Releases a mutant
3152 * MutantHandle = Handle to the mutant
3159 IN HANDLE MutantHandle
,
3160 IN PULONG ReleaseCount OPTIONAL
3166 IN HANDLE MutantHandle
,
3167 IN PULONG ReleaseCount OPTIONAL
3171 * FUNCTION: Releases a semaphore
3173 * SemaphoreHandle = Handle to the semaphore object
3174 * ReleaseCount = Number to decrease the semaphore count
3175 * PreviousCount = Previous semaphore count
3181 IN HANDLE SemaphoreHandle
,
3182 IN LONG ReleaseCount
,
3183 OUT PLONG PreviousCount
3189 IN HANDLE SemaphoreHandle
,
3190 IN LONG ReleaseCount
,
3191 OUT PLONG PreviousCount
3195 * FUNCTION: Removes an io completion
3197 * CompletionPort (OUT) = Caller supplied storage for the resulting handle
3198 * CompletionKey = Requested access to the key
3199 * IoStatusBlock = Caller provides storage for extended status information
3200 * CompletionStatus = Current status of the io operation.
3201 * WaitTime = Time to wait if ..
3206 NtRemoveIoCompletion(
3207 IN HANDLE IoCompletionHandle
,
3208 OUT PULONG CompletionKey
,
3209 OUT PULONG CompletionValue
,
3210 OUT PIO_STATUS_BLOCK IoStatusBlock
,
3211 IN PLARGE_INTEGER Timeout OPTIONAL
3216 ZwRemoveIoCompletion(
3217 IN HANDLE IoCompletionHandle
,
3218 OUT PULONG CompletionKey
,
3219 OUT PULONG CompletionValue
,
3220 OUT PIO_STATUS_BLOCK IoStatusBlock
,
3221 IN PLARGE_INTEGER Timeout OPTIONAL
3225 * FUNCTION: Replaces one registry key with another
3227 * ObjectAttributes = Specifies the attributes of the key
3228 * Key = Handle to the key
3229 * ReplacedObjectAttributes = The function returns the old object attributes
3235 IN POBJECT_ATTRIBUTES ObjectAttributes
,
3237 IN POBJECT_ATTRIBUTES ReplacedObjectAttributes
3242 IN POBJECT_ATTRIBUTES ObjectAttributes
,
3244 IN POBJECT_ATTRIBUTES ReplacedObjectAttributes
3249 NtReplyPort (HANDLE PortHandle
,
3250 PLPC_MESSAGE LpcReply
);
3253 ZwReplyPort (HANDLE PortHandle
,
3254 PLPC_MESSAGE LpcReply
);
3258 NtReplyWaitReceivePort (HANDLE PortHandle
,
3260 PLPC_MESSAGE MessageReply
,
3261 PLPC_MESSAGE MessageRequest
);
3264 ZwReplyWaitReceivePort (HANDLE PortHandle
,
3266 PLPC_MESSAGE MessageReply
,
3267 PLPC_MESSAGE MessageRequest
);
3271 NtReplyWaitReplyPort (HANDLE PortHandle
,
3272 PLPC_MESSAGE ReplyMessage
);
3275 ZwReplyWaitReplyPort (HANDLE PortHandle
,
3276 PLPC_MESSAGE ReplyMessage
);
3280 NtRequestPort (HANDLE PortHandle
,
3281 PLPC_MESSAGE LpcMessage
);
3284 ZwRequestPort (HANDLE PortHandle
,
3285 PLPC_MESSAGE LpcMessage
);
3289 NtRequestWaitReplyPort (HANDLE PortHandle
,
3290 PLPC_MESSAGE LpcReply
,
3291 PLPC_MESSAGE LpcRequest
);
3294 ZwRequestWaitReplyPort (HANDLE PortHandle
,
3295 PLPC_MESSAGE LpcReply
,
3296 PLPC_MESSAGE LpcRequest
);
3299 * FUNCTION: Resets a event to a non signaled state
3301 * EventHandle = Handle to the event that should be reset
3302 * NumberOfWaitingThreads = The number of threads released.
3309 PULONG NumberOfWaitingThreads OPTIONAL
3315 PULONG NumberOfWaitingThreads OPTIONAL
3334 * FUNCTION: Decrements a thread's resume count
3336 * ThreadHandle = Handle to the thread that should be resumed
3337 * ResumeCount = The resulting resume count.
3339 * A thread is resumed if its suspend count is 0. This procedure maps to
3340 * the win32 ResumeThread function. ( documentation about the the suspend count can be found here aswell )
3346 IN HANDLE ThreadHandle
,
3347 OUT PULONG SuspendCount
3352 IN HANDLE ThreadHandle
,
3353 OUT PULONG SuspendCount
3356 * FUNCTION: Writes the content of a registry key to ascii file
3358 * KeyHandle = Handle to the key
3359 * FileHandle = Handle of the file
3361 This function maps to the Win32 RegSaveKey.
3368 IN HANDLE KeyHandle
,
3369 IN HANDLE FileHandle
3374 IN HANDLE KeyHandle
,
3375 IN HANDLE FileHandle
3379 * FUNCTION: Sets the context of a specified thread.
3381 * ThreadHandle = Handle to the thread
3382 * Context = The processor context.
3389 IN HANDLE ThreadHandle
,
3395 IN HANDLE ThreadHandle
,
3400 * FUNCTION: Sets the default locale id
3402 * UserProfile = Type of locale id
3403 * TRUE: thread locale id
3404 * FALSE: system locale id
3405 * DefaultLocaleId = Locale id
3412 IN BOOLEAN UserProfile
,
3413 IN LCID DefaultLocaleId
3419 IN BOOLEAN UserProfile
,
3420 IN LCID DefaultLocaleId
3424 * FUNCTION: Sets the default hard error port
3426 * PortHandle = Handle to the port
3427 * NOTE: The hard error port is used for first change exception handling
3432 NtSetDefaultHardErrorPort(
3433 IN HANDLE PortHandle
3437 ZwSetDefaultHardErrorPort(
3438 IN HANDLE PortHandle
3442 * FUNCTION: Sets the extended attributes of a file.
3444 * FileHandle = Handle to the file
3445 * IoStatusBlock = Storage for a resulting status and information
3446 * on the current operation.
3447 * EaBuffer = Extended Attributes buffer.
3448 * EaBufferSize = Size of the extended attributes buffer
3454 IN HANDLE FileHandle
,
3455 IN PIO_STATUS_BLOCK IoStatusBlock
,
3462 IN HANDLE FileHandle
,
3463 IN PIO_STATUS_BLOCK IoStatusBlock
,
3468 //FIXME: should I return the event state ?
3471 * FUNCTION: Sets the event to a signalled state.
3473 * EventHandle = Handle to the event
3474 * NumberOfThreadsReleased = The number of threads released
3476 * This procedure maps to the win32 SetEvent function.
3483 IN HANDLE EventHandle
,
3484 PULONG NumberOfThreadsReleased
3490 IN HANDLE EventHandle
,
3491 PULONG NumberOfThreadsReleased
3495 * FUNCTION: Sets the high part of an event pair
3497 EventPair = Handle to the event pair
3504 IN HANDLE EventPairHandle
3510 IN HANDLE EventPairHandle
3513 * FUNCTION: Sets the high part of an event pair and wait for the low part
3515 EventPair = Handle to the event pair
3520 NtSetHighWaitLowEventPair(
3521 IN HANDLE EventPairHandle
3525 ZwSetHighWaitLowEventPair(
3526 IN HANDLE EventPairHandle
3530 * FUNCTION: Sets the information of a file object.
3532 * FileHandle = Handle to the file object
3533 * IoStatusBlock = Caller supplies storage for extended information
3534 * on the current operation.
3535 * FileInformation = Storage for the new file information
3536 * Lenght = Size of the new file information.
3537 * FileInformationClass = Indicates to a certain information structure
3539 FileNameInformation FILE_NAME_INFORMATION
3540 FileRenameInformation FILE_RENAME_INFORMATION
3541 FileStreamInformation FILE_STREAM_INFORMATION
3542 * FileCompletionInformation IO_COMPLETION_CONTEXT
3545 * This procedure maps to the win32 SetEndOfFile, SetFileAttributes,
3546 * SetNamedPipeHandleState, SetMailslotInfo functions.
3553 NtSetInformationFile(
3554 IN HANDLE FileHandle
,
3555 IN PIO_STATUS_BLOCK IoStatusBlock
,
3556 IN PVOID FileInformation
,
3558 IN FILE_INFORMATION_CLASS FileInformationClass
3562 ZwSetInformationFile(
3563 IN HANDLE FileHandle
,
3564 IN PIO_STATUS_BLOCK IoStatusBlock
,
3565 IN PVOID FileInformation
,
3567 IN FILE_INFORMATION_CLASS FileInformationClass
3571 * FUNCTION: Changes a set of thread specific parameters
3573 * ThreadHandle = Handle to the thread
3574 * ThreadInformationClass = Index to the set of parameters to change.
3575 * Can be one of the following values:
3577 * ThreadBasicInformation THREAD_BASIC_INFORMATION
3578 * ThreadPriority KPRIORITY //???
3579 * ThreadBasePriority KPRIORITY
3580 * ThreadAffinityMask KAFFINITY //??
3581 * ThreadImpersonationToken ACCESS_TOKEN
3582 * ThreadIdealProcessor ULONG
3583 * ThreadPriorityBoost ULONG
3585 * ThreadInformation = Caller supplies storage for parameters to set.
3586 * ThreadInformationLength = Size of the storage supplied
3591 NtSetInformationThread(
3592 IN HANDLE ThreadHandle
,
3593 IN THREADINFOCLASS ThreadInformationClass
,
3594 IN PVOID ThreadInformation
,
3595 IN ULONG ThreadInformationLength
3599 ZwSetInformationThread(
3600 IN HANDLE ThreadHandle
,
3601 IN THREADINFOCLASS ThreadInformationClass
,
3602 IN PVOID ThreadInformation
,
3603 IN ULONG ThreadInformationLength
3607 * FUNCTION: Changes a set of token specific parameters
3609 * TokenHandle = Handle to the token
3610 * TokenInformationClass = Index to a certain information structure.
3611 * Can be one of the following values:
3613 TokenUser TOKEN_USER
3614 TokenGroups TOKEN_GROUPS
3615 TokenPrivileges TOKEN_PRIVILEGES
3616 TokenOwner TOKEN_OWNER
3617 TokenPrimaryGroup TOKEN_PRIMARY_GROUP
3618 TokenDefaultDacl TOKEN_DEFAULT_DACL
3619 TokenSource TOKEN_SOURCE
3620 TokenType TOKEN_TYPE
3621 TokenImpersonationLevel TOKEN_IMPERSONATION_LEVEL
3622 TokenStatistics TOKEN_STATISTICS
3624 * TokenInformation = Caller supplies storage for information structure.
3625 * TokenInformationLength = Size of the information structure
3631 NtSetInformationToken(
3632 IN HANDLE TokenHandle
,
3633 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
3634 OUT PVOID TokenInformation
,
3635 IN ULONG TokenInformationLength
3640 ZwSetInformationToken(
3641 IN HANDLE TokenHandle
,
3642 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
3643 OUT PVOID TokenInformation
,
3644 IN ULONG TokenInformationLength
3649 * FUNCTION: Sets an io completion
3654 * NumberOfBytesToTransfer =
3655 * NumberOfBytesTransferred =
3661 IN HANDLE IoCompletionPortHandle
,
3662 IN ULONG CompletionKey
,
3663 IN ULONG CompletionValue
,
3664 IN NTSTATUS CompletionStatus
,
3665 IN ULONG CompletionInformation
3671 IN HANDLE IoCompletionPortHandle
,
3672 IN ULONG CompletionKey
,
3673 IN ULONG CompletionValue
,
3674 IN NTSTATUS CompletionStatus
,
3675 IN ULONG CompletionInformation
3679 * FUNCTION: Set properties for profiling
3689 NtSetIntervalProfile(
3691 KPROFILE_SOURCE ClockSource
3696 ZwSetIntervalProfile(
3698 KPROFILE_SOURCE ClockSource
3703 * FUNCTION: Sets the low part of an event pair
3705 EventPair = Handle to the event pair
3720 * FUNCTION: Sets the low part of an event pair and wait for the high part
3722 EventPair = Handle to the event pair
3727 NtSetLowWaitHighEventPair(
3732 ZwSetLowWaitHighEventPair(
3736 /* NtSetLowWaitHighThread effectively invokes NtSetLowWaitHighEventPair on the
3737 * event pair of the thread.
3741 NtSetLowWaitHighThread(
3744 /* ZwSetLowWaitHighThread effectively invokes ZwSetLowWaitHighEventPair on the
3745 * event pair of the thread.
3749 ZwSetLowWaitHighThread(
3753 /* NtSetHighWaitLowThread effectively invokes NtSetHighWaitLowEventPair on the
3754 * event pair of the thread.
3758 NtSetHighWaitLowThread(
3762 /* ZwSetHighWaitLowThread effectively invokes ZwSetHighWaitLowEventPair on the
3763 * event pair of the thread.
3767 ZwSetHighWaitLowThread(
3773 NtSetSecurityObject(
3775 IN SECURITY_INFORMATION SecurityInformation
,
3776 IN PSECURITY_DESCRIPTOR SecurityDescriptor
3781 ZwSetSecurityObject(
3783 IN SECURITY_INFORMATION SecurityInformation
,
3784 IN PSECURITY_DESCRIPTOR SecurityDescriptor
3789 * FUNCTION: Sets a system environment variable
3791 * ValueName = Name of the environment variable
3792 * Value = Value of the environment variable
3797 NtSetSystemEnvironmentValue(
3798 IN PUNICODE_STRING VariableName
,
3799 IN PUNICODE_STRING Value
3803 ZwSetSystemEnvironmentValue(
3804 IN PUNICODE_STRING VariableName
,
3805 IN PUNICODE_STRING Value
3808 * FUNCTION: Sets system parameters
3810 * SystemInformationClass = Index to a particular set of system parameters
3811 * Can be one of the following values:
3813 * SystemTimeAdjustmentInformation SYSTEM_TIME_ADJUSTMENT
3815 * SystemInformation = Structure containing the parameters.
3816 * SystemInformationLength = Size of the structure.
3821 NtSetSystemInformation(
3822 IN SYSTEM_INFORMATION_CLASS SystemInformationClass
,
3823 IN PVOID SystemInformation
,
3824 IN ULONG SystemInformationLength
3829 ZwSetSystemInformation(
3830 IN SYSTEM_INFORMATION_CLASS SystemInformationClass
,
3831 IN PVOID SystemInformation
,
3832 IN ULONG SystemInformationLength
3836 * FUNCTION: Sets the system time
3838 * SystemTime = Old System time
3839 * NewSystemTime = New System time
3845 IN PLARGE_INTEGER SystemTime
,
3846 IN PLARGE_INTEGER NewSystemTime OPTIONAL
3851 IN PLARGE_INTEGER SystemTime
,
3852 IN PLARGE_INTEGER NewSystemTime OPTIONAL
3856 * FUNCTION: Sets the frequency of the system timer
3858 * RequestedResolution =
3860 * ActualResolution =
3865 NtSetTimerResolution(
3866 IN ULONG RequestedResolution
,
3868 OUT PULONG ActualResolution
3872 ZwSetTimerResolution(
3873 IN ULONG RequestedResolution
,
3875 OUT PULONG ActualResolution
3879 * FUNCTION: Sets the value of a registry key
3881 * KeyHandle = Handle to a registry key
3882 * ValueName = Name of the value entry to change
3883 * TitleIndex = pointer to a structure containing the new volume information
3884 * Type = Type of the registry key. Can be one of the values:
3885 * REG_BINARY Unspecified binary data
3886 * REG_DWORD A 32 bit value
3887 * REG_DWORD_LITTLE_ENDIAN Same as REG_DWORD
3888 * REG_DWORD_BIG_ENDIAN A 32 bit value whose least significant byte is at the highest address
3889 * REG_EXPAND_SZ A zero terminated wide character string with unexpanded environment variables ( "%PATH%" )
3890 * REG_LINK A zero terminated wide character string referring to a symbolic link.
3891 * REG_MULTI_SZ A series of zero-terminated strings including a additional trailing zero
3892 * REG_NONE Unspecified type
3893 * REG_SZ A wide character string ( zero terminated )
3894 * REG_RESOURCE_LIST ??
3895 * REG_RESOURCE_REQUIREMENTS_LIST ??
3896 * REG_FULL_RESOURCE_DESCRIPTOR ??
3897 * Data = Contains the data for the registry key.
3898 * DataSize = size of the data.
3904 IN HANDLE KeyHandle
,
3905 IN PUNICODE_STRING ValueName
,
3906 IN ULONG TitleIndex OPTIONAL
,
3914 IN HANDLE KeyHandle
,
3915 IN PUNICODE_STRING ValueName
,
3916 IN ULONG TitleIndex OPTIONAL
,
3923 * FUNCTION: Sets the volume information.
3925 * FileHandle = Handle to the file
3926 * IoStatusBlock = Caller should supply storage for additional status information
3927 * VolumeInformation = pointer to a structure containing the new volume information
3928 * Length = size of the structure.
3929 * VolumeInformationClass = specifies the particular volume information to set
3934 NtSetVolumeInformationFile(
3935 IN HANDLE FileHandle
,
3936 OUT PIO_STATUS_BLOCK IoStatusBlock
,
3937 IN PVOID FsInformation
,
3939 IN FS_INFORMATION_CLASS FsInformationClass
3944 ZwSetVolumeInformationFile(
3945 IN HANDLE FileHandle
,
3946 OUT PIO_STATUS_BLOCK IoStatusBlock
,
3947 IN PVOID FsInformation
,
3949 IN FS_INFORMATION_CLASS FsInformationClass
3953 * FUNCTION: Shuts the system down
3955 * Action = Specifies the type of shutdown, it can be one of the following values:
3956 * ShutdownNoReboot, ShutdownReboot, ShutdownPowerOff
3962 IN SHUTDOWN_ACTION Action
3968 IN SHUTDOWN_ACTION Action
3972 * FUNCTION: Signals an object and wait for an other one.
3974 * SignalObject = Handle to the object that should be signaled
3975 * WaitObject = Handle to the object that should be waited for
3976 * Alertable = True if the wait is alertable
3977 * Time = The time to wait
3982 NtSignalAndWaitForSingleObject(
3983 IN HANDLE SignalObject
,
3984 IN HANDLE WaitObject
,
3985 IN BOOLEAN Alertable
,
3986 IN PLARGE_INTEGER Time
3991 NtSignalAndWaitForSingleObject(
3992 IN HANDLE SignalObject
,
3993 IN HANDLE WaitObject
,
3994 IN BOOLEAN Alertable
,
3995 IN PLARGE_INTEGER Time
3999 * FUNCTION: Starts profiling
4001 * ProfileHandle = Handle to the profile
4008 HANDLE ProfileHandle
4014 HANDLE ProfileHandle
4018 * FUNCTION: Stops profiling
4020 * ProfileHandle = Handle to the profile
4027 HANDLE ProfileHandle
4033 HANDLE ProfileHandle
4036 /* --- PROCESS MANAGEMENT --- */
4038 //--NtSystemDebugControl
4040 * FUNCTION: Terminates the execution of a process.
4042 * ThreadHandle = Handle to the process
4043 * ExitStatus = The exit status of the process to terminate with.
4045 * Native applications should kill themselves using this function.
4051 IN HANDLE ProcessHandle
,
4052 IN NTSTATUS ExitStatus
4057 IN HANDLE ProcessHandle
,
4058 IN NTSTATUS ExitStatus
4062 * FUNCTION: Unloads a driver.
4064 * DriverServiceName = Name of the driver to unload
4070 IN PUNICODE_STRING DriverServiceName
4075 IN PUNICODE_STRING DriverServiceName
4079 * FUNCTION: Unmaps a piece of virtual memory backed by a file.
4081 * ProcessHandle = Handle to the process
4082 * BaseAddress = The address where the mapping begins
4084 This procedure maps to the win32 UnMapViewOfFile
4089 NtUnmapViewOfSection(
4090 IN HANDLE ProcessHandle
,
4091 IN PVOID BaseAddress
4095 ZwUnmapViewOfSection(
4096 IN HANDLE ProcessHandle
,
4097 IN PVOID BaseAddress
4102 NtWriteRequestData (HANDLE PortHandle
,
4103 PLPC_MESSAGE Message
,
4107 PULONG ReturnLength
);
4110 ZwWriteRequestData (HANDLE PortHandle
,
4111 PLPC_MESSAGE Message
,
4115 PULONG ReturnLength
);
4119 * FUNCTION: Writes a range of virtual memory
4121 * ProcessHandle = The handle to the process owning the address space.
4122 * BaseAddress = The points to the address to write to
4123 * Buffer = Pointer to the buffer to write
4124 * NumberOfBytesToWrite = Offset to the upper boundary to write
4125 * NumberOfBytesWritten = Total bytes written
4127 * This function maps to the win32 WriteProcessMemory
4132 NtWriteVirtualMemory(
4133 IN HANDLE ProcessHandle
,
4134 IN PVOID BaseAddress
,
4136 IN ULONG NumberOfBytesToWrite
,
4137 OUT PULONG NumberOfBytesWritten
4142 ZwWriteVirtualMemory(
4143 IN HANDLE ProcessHandle
,
4144 IN PVOID BaseAddress
,
4146 IN ULONG NumberOfBytesToWrite
,
4147 OUT PULONG NumberOfBytesWritten
4152 * FUNCTION: Waits for an object to become signalled.
4154 * Object = The object handle
4155 * Alertable = If true the wait is alertable.
4156 * Time = The maximum wait time.
4158 * This function maps to the win32 WaitForSingleObjectEx.
4163 NtWaitForSingleObject (
4165 IN BOOLEAN Alertable
,
4166 IN PLARGE_INTEGER Time
4171 ZwWaitForSingleObject (
4173 IN BOOLEAN Alertable
,
4174 IN PLARGE_INTEGER Time
4177 /* --- EVENT PAIR OBJECT --- */
4180 * FUNCTION: Waits for the high part of an eventpair to become signalled
4182 * EventPairHandle = Handle to the event pair.
4188 NtWaitHighEventPair(
4189 IN HANDLE EventPairHandle
4194 ZwWaitHighEventPair(
4195 IN HANDLE EventPairHandle
4199 * FUNCTION: Waits for the low part of an eventpair to become signalled
4201 * EventPairHandle = Handle to the event pair.
4207 IN HANDLE EventPairHandle
4213 IN HANDLE EventPairHandle
4216 /* --- FILE MANAGEMENT --- */
4219 * FUNCTION: Unlocks a range of bytes in a file.
4221 * FileHandle = Handle to the file
4222 * IoStatusBlock = Caller should supply storage for a structure containing
4223 * the completion status and information about the requested unlock operation.
4224 The information field is set to the number of bytes unlocked.
4225 * ByteOffset = Offset to start the range of bytes to unlock
4226 * Length = Number of bytes to unlock.
4227 * Key = Special value to enable other threads to unlock a file than the
4228 thread that locked the file. The key supplied must match with the one obtained
4229 in a previous call to NtLockFile.
4231 This procedure maps to the win32 procedure UnlockFileEx. STATUS_PENDING is returned if the lock could
4232 not be obtained immediately, the device queue is busy and the IRP is queued.
4233 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES |
4234 STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_RANGE_NOT_LOCKED ]
4239 IN HANDLE FileHandle
,
4240 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4241 IN PLARGE_INTEGER ByteOffset
,
4242 IN PLARGE_INTEGER Lenght
,
4243 OUT PULONG Key OPTIONAL
4248 IN HANDLE FileHandle
,
4249 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4250 IN PLARGE_INTEGER ByteOffset
,
4251 IN PLARGE_INTEGER Lenght
,
4252 OUT PULONG Key OPTIONAL
4256 * FUNCTION: Writes data to a file
4258 * FileHandle = The handle a file ( from NtCreateFile )
4259 * Event = Specifies a event that will become signalled when the write operation completes.
4260 * ApcRoutine = Asynchroneous Procedure Callback [ Should not be used by device drivers ]
4261 * ApcContext = Argument to the Apc Routine
4262 * IoStatusBlock = Caller should supply storage for a structure containing the completion status and information about the requested write operation.
4263 * Buffer = Caller should supply storage for a buffer that will contain the information to be written to file.
4264 * Length = Size in bytest of the buffer
4265 * ByteOffset = Points to a file offset. If a combination of Length and BytesOfSet is past the end-of-file mark the file will be enlarged.
4266 * BytesOffset is ignored if the file is created with FILE_APPEND_DATA in the DesiredAccess. BytesOffset is also ignored if
4267 * the file is created with CreateOptions flags FILE_SYNCHRONOUS_IO_ALERT or FILE_SYNCHRONOUS_IO_NONALERT set, in that case a offset
4268 * should be created by specifying FILE_USE_FILE_POINTER_POSITION.
4271 * This function maps to the win32 WriteFile.
4272 * Callers to NtWriteFile should run at IRQL PASSIVE_LEVEL.
4273 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES
4274 STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_FILE_LOCK_CONFLICT ]
4279 IN HANDLE FileHandle
,
4280 IN HANDLE Event OPTIONAL
,
4281 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
4282 IN PVOID ApcContext OPTIONAL
,
4283 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4286 IN PLARGE_INTEGER ByteOffset
,
4287 IN PULONG Key OPTIONAL
4293 IN HANDLE FileHandle
,
4294 IN HANDLE Event OPTIONAL
,
4295 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
4296 IN PVOID ApcContext OPTIONAL
,
4297 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4300 IN PLARGE_INTEGER ByteOffset
,
4301 IN PULONG Key OPTIONAL
4305 * FUNCTION: Writes a file
4307 * FileHandle = The handle of the file
4309 * ApcRoutine = Asynchroneous Procedure Callback [ Should not be used by device drivers ]
4310 * ApcContext = Argument to the Apc Routine
4311 * IoStatusBlock = Caller should supply storage for a structure containing the completion status and information about the requested write operation.
4312 * BufferDescription = Caller should supply storage for a buffer that will contain the information to be written to file.
4313 * BufferLength = Size in bytest of the buffer
4314 * ByteOffset = Points to a file offset. If a combination of Length and BytesOfSet is past the end-of-file mark the file will be enlarged.
4315 * BytesOffset is ignored if the file is created with FILE_APPEND_DATA in the DesiredAccess. BytesOffset is also ignored if
4316 * the file is created with CreateOptions flags FILE_SYNCHRONOUS_IO_ALERT or FILE_SYNCHRONOUS_IO_NONALERT set, in that case a offset
4317 * should be created by specifying FILE_USE_FILE_POINTER_POSITION. Use FILE_WRITE_TO_END_OF_FILE to write to the EOF.
4318 * Key = If a matching key [ a key provided at NtLockFile ] is provided the write operation will continue even if a byte range is locked.
4320 * This function maps to the win32 WriteFile.
4321 * Callers to NtWriteFile should run at IRQL PASSIVE_LEVEL.
4322 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES
4323 STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_FILE_LOCK_CONFLICT ]
4329 IN HANDLE FileHandle
,
4330 IN HANDLE Event OPTIONAL
,
4331 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
4332 IN PVOID ApcContext OPTIONAL
,
4333 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4334 IN FILE_SEGMENT_ELEMENT BufferDescription
[],
4335 IN ULONG BufferLength
,
4336 IN PLARGE_INTEGER ByteOffset
,
4337 IN PULONG Key OPTIONAL
4343 IN HANDLE FileHandle
,
4344 IN HANDLE Event OPTIONAL
,
4345 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
4346 IN PVOID ApcContext OPTIONAL
,
4347 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4348 IN FILE_SEGMENT_ELEMENT BufferDescription
[],
4349 IN ULONG BufferLength
,
4350 IN PLARGE_INTEGER ByteOffset
,
4351 IN PULONG Key OPTIONAL
4355 /* --- THREAD MANAGEMENT --- */
4358 * FUNCTION: Increments a thread's resume count
4360 * ThreadHandle = Handle to the thread that should be resumed
4361 * PreviousSuspendCount = The resulting/previous suspend count.
4363 * A thread will be suspended if its suspend count is greater than 0. This procedure maps to
4364 * the win32 SuspendThread function. ( documentation about the the suspend count can be found here aswell )
4365 * The suspend count is not increased if it is greater than MAXIMUM_SUSPEND_COUNT.
4371 IN HANDLE ThreadHandle
,
4372 IN PULONG PreviousSuspendCount
4378 IN HANDLE ThreadHandle
,
4379 IN PULONG PreviousSuspendCount
4383 * FUNCTION: Terminates the execution of a thread.
4385 * ThreadHandle = Handle to the thread
4386 * ExitStatus = The exit status of the thread to terminate with.
4392 IN HANDLE ThreadHandle
,
4393 IN NTSTATUS ExitStatus
4398 IN HANDLE ThreadHandle
,
4399 IN NTSTATUS ExitStatus
4402 * FUNCTION: Tests to see if there are any pending alerts for the calling thread
4417 * FUNCTION: Yields the callers thread.
4432 /* --- PLUG AND PLAY --- */
4436 NtPlugPlayControl (DWORD Unknown1
,
4442 NtGetPlugPlayEvent (ULONG Reserved1
,
4445 ULONG BufferLength
);
4447 /* --- POWER MANAGEMENT --- */
4449 #ifndef __USE_W32API
4451 NtSetSystemPowerState(IN POWER_ACTION SystemAction
,
4452 IN SYSTEM_POWER_STATE MinSystemState
,
4456 /* --- DEBUG SUBSYSTEM --- */
4459 NtSystemDebugControl(DEBUG_CONTROL_CODE ControlCode
,
4461 ULONG InputBufferLength
,
4463 ULONG OutputBufferLength
,
4464 PULONG ReturnLength
);
4466 /* --- VIRTUAL DOS MACHINE (VDM) --- */
4470 NtVdmControl (ULONG ControlCode
, PVOID ControlData
);
4476 NtW32Call(IN ULONG RoutineIndex
,
4478 IN ULONG ArgumentLength
,
4479 OUT PVOID
* Result OPTIONAL
,
4480 OUT PULONG ResultLength OPTIONAL
);
4482 /* --- CHANNELS --- */
4504 NtReplyWaitSendChannel (
4510 NtSendWaitReplyChannel (
4516 NtSetContextChannel (
4520 /* --- MISCELLANEA --- */
4522 //NTSTATUS STDCALL NtSetLdtEntries(VOID);
4525 NtSetLdtEntries (ULONG Selector1
,
4526 LDT_ENTRY LdtEntry1
,
4528 LDT_ENTRY LdtEntry2
);
4532 NtQueryOleDirectoryFile (
4537 * FUNCTION: Checks a clients access rights to a object
4539 * SecurityDescriptor = Security information against which the access is checked
4540 * ClientToken = Represents a client
4544 * ReturnLength = Bytes written
4546 * AccessStatus = Indicates if the ClientToken allows the requested access
4547 * REMARKS: The arguments map to the win32 AccessCheck
4554 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
4555 IN HANDLE ClientToken
,
4556 IN ACCESS_MASK DesiredAcces
,
4557 IN PGENERIC_MAPPING GenericMapping
,
4558 OUT PPRIVILEGE_SET PrivilegeSet
,
4559 OUT PULONG ReturnLength
,
4560 OUT PULONG GrantedAccess
,
4561 OUT PBOOLEAN AccessStatus
4567 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
4568 IN HANDLE ClientToken
,
4569 IN ACCESS_MASK DesiredAcces
,
4570 IN PGENERIC_MAPPING GenericMapping
,
4571 OUT PPRIVILEGE_SET PrivilegeSet
,
4572 OUT PULONG ReturnLength
,
4573 OUT PULONG GrantedAccess
,
4574 OUT PBOOLEAN AccessStatus
4580 IN ACCESS_MASK DesiredAccess
,
4581 OUT PHANDLE KeyHandle
);
4584 * FUNCTION: Checks a clients access rights to a object and issues a audit a alarm. ( it logs the access )
4586 * SubsystemName = Specifies the name of the subsystem, can be "WIN32" or "DEBUG"
4590 * SecurityDescriptor =
4597 * REMARKS: The arguments map to the win32 AccessCheck
4603 NtAccessCheckAndAuditAlarm(
4604 IN PUNICODE_STRING SubsystemName
,
4605 IN PHANDLE ObjectHandle
,
4606 IN PUNICODE_STRING ObjectTypeName
,
4607 IN PUNICODE_STRING ObjectName
,
4608 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
4609 IN ACCESS_MASK DesiredAccess
,
4610 IN PGENERIC_MAPPING GenericMapping
,
4611 IN BOOLEAN ObjectCreation
,
4612 OUT PACCESS_MASK GrantedAccess
,
4613 OUT PNTSTATUS AccessStatus
,
4614 OUT PBOOLEAN GenerateOnClose
4618 * FUNCTION: Cancels a timer
4620 * TimerHandle = Handle to the timer
4621 * CurrentState = Specifies the state of the timer when cancelled.
4623 * The arguments to this function map to the function CancelWaitableTimer.
4629 IN HANDLE TimerHandle
,
4630 OUT PBOOLEAN CurrentState OPTIONAL
4634 * FUNCTION: Continues a thread with the specified context
4636 * Context = Specifies the processor context
4637 * IrqLevel = Specifies the Interupt Request Level to continue with. Can
4638 * be PASSIVE_LEVEL or APC_LEVEL
4640 * NtContinue can be used to continue after an exception or apc.
4643 //FIXME This function might need another parameter
4648 IN PCONTEXT Context
,
4649 IN BOOLEAN TestAlert
4653 * FUNCTION: Creates a paging file.
4655 * FileName = Name of the pagefile
4656 * InitialSize = Specifies the initial size in bytes
4657 * MaximumSize = Specifies the maximum size in bytes
4658 * Reserved = Reserved for future use
4664 IN PUNICODE_STRING FileName
,
4665 IN PLARGE_INTEGER InitialSize
,
4666 IN PLARGE_INTEGER MaxiumSize
,
4672 * FUNCTION: Creates a profile
4674 * ProfileHandle (OUT) = Caller supplied storage for the resulting handle
4675 * ObjectAttribute = Initialized attributes for the object
4676 * ImageBase = Start address of executable image
4677 * ImageSize = Size of the image
4678 * Granularity = Bucket size
4679 * Buffer = Caller supplies buffer for profiling info
4680 * ProfilingSize = Buffer size
4681 * ClockSource = Specify 0 / FALSE ??
4682 * ProcessorMask = A value of -1 indicates disables per processor profiling,
4683 otherwise bit set for the processor to profile.
4685 * This function maps to the win32 CreateProcess.
4691 NtCreateProfile(OUT PHANDLE ProfileHandle
,
4692 IN HANDLE ProcessHandle
,
4695 IN ULONG Granularity
,
4697 IN ULONG ProfilingSize
,
4698 IN KPROFILE_SOURCE Source
,
4699 IN ULONG ProcessorMask
);
4702 * FUNCTION: Creates a user mode thread
4704 * ThreadHandle (OUT) = Caller supplied storage for the resulting handle
4705 * DesiredAccess = Specifies the allowed or desired access to the thread.
4706 * ObjectAttributes = Initialized attributes for the object.
4707 * ProcessHandle = Handle to the threads parent process.
4708 * ClientId (OUT) = Caller supplies storage for returned process id and thread id.
4709 * ThreadContext = Initial processor context for the thread.
4710 * InitialTeb = Initial user mode stack context for the thread.
4711 * CreateSuspended = Specifies if the thread is ready for scheduling
4713 * This function maps to the win32 function CreateThread.
4719 OUT PHANDLE ThreadHandle
,
4720 IN ACCESS_MASK DesiredAccess
,
4721 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
4722 IN HANDLE ProcessHandle
,
4723 OUT PCLIENT_ID ClientId
,
4724 IN PCONTEXT ThreadContext
,
4725 IN PUSER_STACK UserStack
,
4726 IN BOOLEAN CreateSuspended
4730 * FUNCTION: Delays the execution of the calling thread.
4732 * Alertable = If TRUE the thread is alertable during is wait period
4733 * Interval = Specifies the interval to wait.
4745 * FUNCTION: Extends a section
4747 * SectionHandle = Handle to the section
4748 * NewMaximumSize = Adjusted size
4754 IN HANDLE SectionHandle
,
4755 IN ULONG NewMaximumSize
4759 * FUNCTION: Flushes a the processors instruction cache
4761 * ProcessHandle = Points to the process owning the cache
4762 * BaseAddress = // might this be a image address ????
4763 * NumberOfBytesToFlush =
4766 * This funciton is used by debuggers
4770 NtFlushInstructionCache(
4771 IN HANDLE ProcessHandle
,
4772 IN PVOID BaseAddress
,
4773 IN UINT NumberOfBytesToFlush
4777 * FUNCTION: Flushes virtual memory to file
4779 * ProcessHandle = Points to the process that allocated the virtual memory
4780 * BaseAddress = Points to the memory address
4781 * NumberOfBytesToFlush = Limits the range to flush,
4782 * NumberOfBytesFlushed = Actual number of bytes flushed
4785 * Check return status on STATUS_NOT_MAPPED_DATA
4789 NtFlushVirtualMemory(
4790 IN HANDLE ProcessHandle
,
4791 IN PVOID BaseAddress
,
4792 IN ULONG NumberOfBytesToFlush
,
4793 OUT PULONG NumberOfBytesFlushed OPTIONAL
4797 * FUNCTION: Retrieves the uptime of the system
4799 * UpTime = Number of clock ticks since boot.
4809 * FUNCTION: Loads a registry key.
4811 * KeyObjectAttributes = Key to be loaded
4812 * FileObjectAttributes = File to load the key from
4814 * This procedure maps to the win32 procedure RegLoadKey
4820 IN POBJECT_ATTRIBUTES KeyObjectAttributes
,
4821 IN POBJECT_ATTRIBUTES FileObjectAttributes
4826 * FUNCTION: Locks a range of virtual memory.
4828 * ProcessHandle = Handle to the process
4829 * BaseAddress = Lower boundary of the range of bytes to lock.
4830 * NumberOfBytesLock = Offset to the upper boundary.
4831 * NumberOfBytesLocked (OUT) = Number of bytes actually locked.
4833 This procedure maps to the win32 procedure VirtualLock.
4834 * RETURNS: Status [STATUS_SUCCESS | STATUS_WAS_LOCKED ]
4838 NtLockVirtualMemory(
4839 HANDLE ProcessHandle
,
4841 ULONG NumberOfBytesToLock
,
4842 PULONG NumberOfBytesLocked
4847 NtOpenObjectAuditAlarm(
4848 IN PUNICODE_STRING SubsystemName
,
4850 IN PUNICODE_STRING ObjectTypeName
,
4851 IN PUNICODE_STRING ObjectName
,
4852 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
4853 IN HANDLE ClientToken
,
4854 IN ULONG DesiredAccess
,
4855 IN ULONG GrantedAccess
,
4856 IN PPRIVILEGE_SET Privileges
,
4857 IN BOOLEAN ObjectCreation
,
4858 IN BOOLEAN AccessGranted
,
4859 OUT PBOOLEAN GenerateOnClose
4863 * FUNCTION: Set the access protection of a range of virtual memory
4865 * ProcessHandle = Handle to process owning the virtual address space
4866 * BaseAddress = Start address
4867 * NumberOfBytesToProtect = Delimits the range of virtual memory
4868 * for which the new access protection holds
4869 * NewAccessProtection = The new access proctection for the pages
4870 * OldAccessProtection = Caller should supply storage for the old
4874 * The function maps to the win32 VirtualProtectEx
4879 NtProtectVirtualMemory(
4880 IN HANDLE ProcessHandle
,
4881 IN PVOID BaseAddress
,
4882 IN ULONG NumberOfBytesToProtect
,
4883 IN ULONG NewAccessProtection
,
4884 OUT PULONG OldAccessProtection
4888 * FUNCTION: Query information about the content of a directory object
4891 Buffer = Buffer must be large enough to hold the name strings too
4892 ReturnSingleEntry = If TRUE :return the index of the next object in this directory in ObjectIndex
4893 If FALSE: return the number of objects in this directory in ObjectIndex
4894 RestartScan = If TRUE: ignore input value of ObjectIndex always start at index 0
4895 If FALSE use input value of ObjectIndex
4896 Context = zero based index of object in the directory depends on GetNextIndex and IgnoreInputIndex
4897 ReturnLength = Actual size of the ObjectIndex ???
4902 NtQueryDirectoryObject(
4903 IN HANDLE DirectoryHandle
,
4905 IN ULONG BufferLength
,
4906 IN BOOLEAN ReturnSingleEntry
,
4907 IN BOOLEAN RestartScan
,
4908 IN OUT PULONG Context
,
4909 OUT PULONG ReturnLength OPTIONAL
4913 * FUNCTION: Query the interval and the clocksource for profiling
4921 NtQueryIntervalProfile(
4922 OUT PULONG Interval
,
4923 OUT KPROFILE_SOURCE ClockSource
4927 * FUNCTION: Queries the information of a section object.
4929 * SectionHandle = Handle to the section link object
4930 * SectionInformationClass = Index to a certain information structure
4931 * SectionInformation (OUT)= Caller supplies storage for resulting information
4932 * Length = Size of the supplied storage
4933 * ResultLength = Data written
4940 IN HANDLE SectionHandle
,
4941 IN CINT SectionInformationClass
,
4942 OUT PVOID SectionInformation
,
4944 OUT PULONG ResultLength
4948 * FUNCTION: Queries the virtual memory information.
4950 ProcessHandle = Process owning the virtual address space
4951 BaseAddress = Points to the page where the information is queried for.
4952 * VirtualMemoryInformationClass = Index to a certain information structure
4954 MemoryBasicInformation MEMORY_BASIC_INFORMATION
4956 * VirtualMemoryInformation = caller supplies storage for the information structure
4957 * Length = size of the structure
4958 ResultLength = Data written
4965 NtQueryVirtualMemory(
4966 IN HANDLE ProcessHandle
,
4968 IN IN CINT VirtualMemoryInformationClass
,
4969 OUT PVOID VirtualMemoryInformation
,
4971 OUT PULONG ResultLength
4975 * FUNCTION: Raises a hard error (stops the system)
4977 * Status = Status code of the hard error
4999 * FUNCTION: Sets the information of a registry key.
5001 * KeyHandle = Handle to the registry key
5002 * KeyInformationClass = Index to the a certain information structure.
5003 * Can be one of the following values:
5005 * KeyLastWriteTimeInformation KEY_LAST_WRITE_TIME_INFORMATION
5007 * KeyInformation = Storage for the new information
5008 * KeyInformationLength = Size of the information strucure
5014 NtSetInformationKey(
5015 IN HANDLE KeyHandle
,
5016 IN KEY_SET_INFORMATION_CLASS KeyInformationClass
,
5017 IN PVOID KeyInformation
,
5018 IN ULONG KeyInformationLength
5022 * FUNCTION: Changes a set of object specific parameters
5025 * ObjectInformationClass = Index to the set of parameters to change.
5027 ObjectHandleInformation OBJECT_HANDLE_ATTRIBUTE_INFORMATION
5030 * ObjectInformation = Caller supplies storage for parameters to set.
5031 * Length = Size of the storage supplied
5036 NtSetInformationObject(
5037 IN HANDLE ObjectHandle
,
5038 IN OBJECT_INFORMATION_CLASS ObjectInformationClass
,
5039 IN PVOID ObjectInformation
,
5044 * FUNCTION: Sets the characteristics of a timer
5046 * TimerHandle = Handle to the timer
5047 * DueTime = Time before the timer becomes signalled for the first time.
5048 * TimerApcRoutine = Completion routine can be called on time completion
5049 * TimerContext = Argument to the completion routine
5050 * Resume = Specifies if the timer should repeated after completing one cycle
5051 * Period = Cycle of the timer
5052 * REMARKS: This routine maps to the win32 SetWaitableTimer.
5058 IN HANDLE TimerHandle
,
5059 IN PLARGE_INTEGER DueTime
,
5060 IN PTIMERAPCROUTINE TimerApcRoutine
,
5061 IN PVOID TimerContext
,
5063 IN ULONG Period OPTIONAL
,
5064 OUT PBOOLEAN PreviousState OPTIONAL
5068 * FUNCTION: Unloads a registry key.
5070 * KeyHandle = Handle to the registry key
5072 * This procedure maps to the win32 procedure RegUnloadKey
5078 IN POBJECT_ATTRIBUTES KeyObjectAttributes
5082 * FUNCTION: Unlocks a range of virtual memory.
5084 * ProcessHandle = Handle to the process
5085 * BaseAddress = Lower boundary of the range of bytes to unlock.
5086 * NumberOfBytesToUnlock = Offset to the upper boundary to unlock.
5087 * NumberOfBytesUnlocked (OUT) = Number of bytes actually unlocked.
5089 This procedure maps to the win32 procedure VirtualUnlock
5090 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PAGE_WAS_ULOCKED ]
5094 NtUnlockVirtualMemory(
5095 IN HANDLE ProcessHandle
,
5096 IN PVOID BaseAddress
,
5097 IN ULONG NumberOfBytesToUnlock
,
5098 OUT PULONG NumberOfBytesUnlocked OPTIONAL
5102 * FUNCTION: Waits for multiple objects to become signalled.
5104 * Count = The number of objects
5105 * Object = The array of object handles
5106 * WaitType = Can be one of the values UserMode or KernelMode
5107 * Alertable = If true the wait is alertable.
5108 * Time = The maximum wait time.
5110 * This function maps to the win32 WaitForMultipleObjectEx.
5115 NtWaitForMultipleObjects (
5118 IN WAIT_TYPE WaitType
,
5119 IN BOOLEAN Alertable
,
5120 IN PLARGE_INTEGER Time
5127 #ifndef __USE_W32API
5130 * FUNCTION: Continues a thread with the specified context
5132 * Context = Specifies the processor context
5133 * IrqLevel = Specifies the Interupt Request Level to continue with. Can
5134 * be PASSIVE_LEVEL or APC_LEVEL
5136 * NtContinue can be used to continue after an exception or apc.
5139 //FIXME This function might need another parameter
5141 NTSTATUS STDCALL
ZwContinue(IN PCONTEXT Context
, IN CINT IrqLevel
);
5144 * FUNCTION: Retrieves the system time
5146 * CurrentTime (OUT) = Caller should supply storage for the resulting time.
5154 OUT PLARGE_INTEGER CurrentTime
5158 * FUNCTION: Copies a handle from one process space to another
5160 * SourceProcessHandle = The source process owning the handle. The source process should have opened
5161 * the SourceHandle with PROCESS_DUP_HANDLE access.
5162 * SourceHandle = The handle to the object.
5163 * TargetProcessHandle = The destination process owning the handle
5164 * TargetHandle (OUT) = Caller should supply storage for the duplicated handle.
5165 * DesiredAccess = The desired access to the handle.
5166 * InheritHandle = Indicates wheter the new handle will be inheritable or not.
5167 * Options = Specifies special actions upon duplicating the handle. Can be
5168 * one of the values DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS.
5169 * DUPLICATE_CLOSE_SOURCE specifies that the source handle should be
5170 * closed after duplicating. DUPLICATE_SAME_ACCESS specifies to ignore
5171 * the DesiredAccess paramter and just grant the same access to the new
5174 * REMARKS: This function maps to the win32 DuplicateHandle.
5180 IN HANDLE SourceProcessHandle
,
5181 IN HANDLE SourceHandle
,
5182 IN HANDLE TargetProcessHandle
,
5183 OUT PHANDLE TargetHandle
,
5184 IN ACCESS_MASK DesiredAccess
,
5185 IN BOOLEAN InheritHandle
,
5192 IN HANDLE SourceProcessHandle
,
5193 IN PHANDLE SourceHandle
,
5194 IN HANDLE TargetProcessHandle
,
5195 OUT PHANDLE TargetHandle
,
5196 IN ACCESS_MASK DesiredAccess
,
5197 IN BOOLEAN InheritHandle
,
5202 * FUNCTION: Checks a clients access rights to a object and issues a audit a alarm. ( it logs the access )
5204 * SubsystemName = Specifies the name of the subsystem, can be "WIN32" or "DEBUG"
5208 * SecurityDescriptor =
5215 * REMARKS: The arguments map to the win32 AccessCheck
5221 ZwAccessCheckAndAuditAlarm(
5222 IN PUNICODE_STRING SubsystemName
,
5223 IN PHANDLE ObjectHandle
,
5224 IN PUNICODE_STRING ObjectTypeName
,
5225 IN PUNICODE_STRING ObjectName
,
5226 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5227 IN ACCESS_MASK DesiredAccess
,
5228 IN PGENERIC_MAPPING GenericMapping
,
5229 IN BOOLEAN ObjectCreation
,
5230 OUT PACCESS_MASK GrantedAccess
,
5231 OUT PNTSTATUS AccessStatus
,
5232 OUT PBOOLEAN GenerateOnClose
5236 * FUNCTION: Adds an atom to the global atom table
5238 * AtomString = The string to add to the atom table.
5239 * Atom (OUT) = Caller supplies storage for the resulting atom.
5240 * REMARKS: The arguments map to the win32 add GlobalAddAtom.
5247 IN OUT PRTL_ATOM Atom
5255 IN OUT PRTL_ATOM Atom
5261 PULARGE_INTEGER Time
,
5269 PULARGE_INTEGER Time
,
5277 IN HANDLE TimerHandle
,
5278 OUT ULONG ElapsedTime
5282 * FUNCTION: Creates a paging file.
5284 * FileName = Name of the pagefile
5285 * InitialSize = Specifies the initial size in bytes
5286 * MaximumSize = Specifies the maximum size in bytes
5287 * Reserved = Reserved for future use
5293 IN PUNICODE_STRING FileName
,
5294 IN PLARGE_INTEGER InitialSize
,
5295 IN PLARGE_INTEGER MaxiumSize
,
5300 * FUNCTION: Creates a user mode thread
5302 * ThreadHandle (OUT) = Caller supplied storage for the resulting handle
5303 * DesiredAccess = Specifies the allowed or desired access to the thread.
5304 * ObjectAttributes = Initialized attributes for the object.
5305 * ProcessHandle = Handle to the threads parent process.
5306 * ClientId (OUT) = Caller supplies storage for returned process id and thread id.
5307 * ThreadContext = Initial processor context for the thread.
5308 * InitialTeb = Initial user mode stack context for the thread.
5309 * CreateSuspended = Specifies if the thread is ready for scheduling
5311 * This function maps to the win32 function CreateThread.
5317 OUT PHANDLE ThreadHandle
,
5318 IN ACCESS_MASK DesiredAccess
,
5319 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
5320 IN HANDLE ProcessHandle
,
5321 OUT PCLIENT_ID ClientId
,
5322 IN PCONTEXT ThreadContext
,
5323 IN PUSER_STACK UserStack
,
5324 IN BOOLEAN CreateSuspended
5330 IN HANDLE ExistingToken
,
5331 IN ACCESS_MASK DesiredAccess
,
5332 IN POBJECT_ATTRIBUTES ObjectAttributes
,
5333 IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
,
5334 IN TOKEN_TYPE TokenType
,
5335 OUT PHANDLE NewToken
5341 IN HANDLE ExistingToken
,
5342 IN ACCESS_MASK DesiredAccess
,
5343 IN POBJECT_ATTRIBUTES ObjectAttributes
,
5344 IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
,
5345 IN TOKEN_TYPE TokenType
,
5346 OUT PHANDLE NewToken
5350 * FUNCTION: Finds a atom
5352 * AtomName = Name to search for.
5353 * Atom = Caller supplies storage for the resulting atom
5356 * This funciton maps to the win32 GlobalFindAtom
5362 OUT PRTL_ATOM Atom OPTIONAL
5369 OUT PRTL_ATOM Atom OPTIONAL
5373 * FUNCTION: Flushes a the processors instruction cache
5375 * ProcessHandle = Points to the process owning the cache
5376 * BaseAddress = // might this be a image address ????
5377 * NumberOfBytesToFlush =
5380 * This funciton is used by debuggers
5384 ZwFlushInstructionCache(
5385 IN HANDLE ProcessHandle
,
5386 IN PVOID BaseAddress
,
5387 IN UINT NumberOfBytesToFlush
5391 * FUNCTION: Flushes virtual memory to file
5393 * ProcessHandle = Points to the process that allocated the virtual memory
5394 * BaseAddress = Points to the memory address
5395 * NumberOfBytesToFlush = Limits the range to flush,
5396 * NumberOfBytesFlushed = Actual number of bytes flushed
5399 * Check return status on STATUS_NOT_MAPPED_DATA
5403 ZwFlushVirtualMemory(
5404 IN HANDLE ProcessHandle
,
5405 IN PVOID BaseAddress
,
5406 IN ULONG NumberOfBytesToFlush
,
5407 OUT PULONG NumberOfBytesFlushed OPTIONAL
5411 * FUNCTION: Retrieves the uptime of the system
5413 * UpTime = Number of clock ticks since boot.
5423 * FUNCTION: Loads a registry key.
5425 * KeyObjectAttributes = Key to be loaded
5426 * FileObjectAttributes = File to load the key from
5428 * This procedure maps to the win32 procedure RegLoadKey
5434 IN POBJECT_ATTRIBUTES KeyObjectAttributes
,
5435 IN POBJECT_ATTRIBUTES FileObjectAttributes
5439 * FUNCTION: Locks a range of virtual memory.
5441 * ProcessHandle = Handle to the process
5442 * BaseAddress = Lower boundary of the range of bytes to lock.
5443 * NumberOfBytesLock = Offset to the upper boundary.
5444 * NumberOfBytesLocked (OUT) = Number of bytes actually locked.
5446 This procedure maps to the win32 procedure VirtualLock.
5447 * RETURNS: Status [STATUS_SUCCESS | STATUS_WAS_LOCKED ]
5451 ZwLockVirtualMemory(
5452 HANDLE ProcessHandle
,
5454 ULONG NumberOfBytesToLock
,
5455 PULONG NumberOfBytesLocked
5460 ZwOpenObjectAuditAlarm(
5461 IN PUNICODE_STRING SubsystemName
,
5463 IN PUNICODE_STRING ObjectTypeName
,
5464 IN PUNICODE_STRING ObjectName
,
5465 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5466 IN HANDLE ClientToken
,
5467 IN ULONG DesiredAccess
,
5468 IN ULONG GrantedAccess
,
5469 IN PPRIVILEGE_SET Privileges
,
5470 IN BOOLEAN ObjectCreation
,
5471 IN BOOLEAN AccessGranted
,
5472 OUT PBOOLEAN GenerateOnClose
5476 * FUNCTION: Set the access protection of a range of virtual memory
5478 * ProcessHandle = Handle to process owning the virtual address space
5479 * BaseAddress = Start address
5480 * NumberOfBytesToProtect = Delimits the range of virtual memory
5481 * for which the new access protection holds
5482 * NewAccessProtection = The new access proctection for the pages
5483 * OldAccessProtection = Caller should supply storage for the old
5487 * The function maps to the win32 VirtualProtectEx
5492 ZwProtectVirtualMemory(
5493 IN HANDLE ProcessHandle
,
5494 IN PVOID BaseAddress
,
5495 IN ULONG NumberOfBytesToProtect
,
5496 IN ULONG NewAccessProtection
,
5497 OUT PULONG OldAccessProtection
5502 NtQueryInformationAtom(
5504 IN ATOM_INFORMATION_CLASS AtomInformationClass
,
5505 OUT PVOID AtomInformation
,
5506 IN ULONG AtomInformationLength
,
5507 OUT PULONG ReturnLength OPTIONAL
5512 ZwQueryInformationAtom(
5514 IN ATOM_INFORMATION_CLASS AtomInformationClass
,
5515 OUT PVOID AtomInformation
,
5516 IN ULONG AtomInformationLength
,
5517 OUT PULONG ReturnLength OPTIONAL
5521 * FUNCTION: Query information about the content of a directory object
5524 Buffer = Buffer must be large enough to hold the name strings too
5525 ReturnSingleEntry = If TRUE :return the index of the next object in this directory in ObjectIndex
5526 If FALSE: return the number of objects in this directory in ObjectIndex
5527 RestartScan = If TRUE: ignore input value of ObjectIndex always start at index 0
5528 If FALSE use input value of ObjectIndex
5529 Context = zero based index of object in the directory depends on GetNextIndex and IgnoreInputIndex
5530 ReturnLength = Actual size of the ObjectIndex ???
5535 ZwQueryDirectoryObject(
5536 IN HANDLE DirectoryHandle
,
5538 IN ULONG BufferLength
,
5539 IN BOOLEAN ReturnSingleEntry
,
5540 IN BOOLEAN RestartScan
,
5541 IN OUT PULONG Context
,
5542 OUT PULONG ReturnLength OPTIONAL
5546 * FUNCTION: Queries the information of a process object.
5548 * ProcessHandle = Handle to the process object
5549 * ProcessInformation = Index to a certain information structure
5551 ProcessBasicInformation PROCESS_BASIC_INFORMATION
5552 ProcessQuotaLimits QUOTA_LIMITS
5553 ProcessIoCounters IO_COUNTERS
5554 ProcessVmCounters VM_COUNTERS
5555 ProcessTimes KERNEL_USER_TIMES
5556 ProcessBasePriority KPRIORITY
5557 ProcessRaisePriority KPRIORITY
5558 ProcessDebugPort HANDLE
5559 ProcessExceptionPort HANDLE
5560 ProcessAccessToken PROCESS_ACCESS_TOKEN
5561 ProcessLdtInformation LDT_ENTRY ??
5562 ProcessLdtSize ULONG
5563 ProcessDefaultHardErrorMode ULONG
5564 ProcessIoPortHandlers // kernel mode only
5565 ProcessPooledUsageAndLimits POOLED_USAGE_AND_LIMITS
5566 ProcessWorkingSetWatch PROCESS_WS_WATCH_INFORMATION
5567 ProcessUserModeIOPL (I/O Privilege Level)
5568 ProcessEnableAlignmentFaultFixup BOOLEAN
5569 ProcessPriorityClass ULONG
5570 ProcessWx86Information ULONG
5571 ProcessHandleCount ULONG
5572 ProcessAffinityMask ULONG
5573 ProcessPooledQuotaLimits QUOTA_LIMITS
5576 * ProcessInformation = Caller supplies storage for the process information structure
5577 * ProcessInformationLength = Size of the process information structure
5578 * ReturnLength = Actual number of bytes written
5581 * This procedure maps to the win32 GetProcessTimes, GetProcessVersion,
5582 GetProcessWorkingSetSize, GetProcessPriorityBoost, GetProcessAffinityMask, GetPriorityClass,
5583 GetProcessShutdownParameters functions.
5589 NtQueryInformationProcess(
5590 IN HANDLE ProcessHandle
,
5591 IN CINT ProcessInformationClass
,
5592 OUT PVOID ProcessInformation
,
5593 IN ULONG ProcessInformationLength
,
5594 OUT PULONG ReturnLength
5599 ZwQueryInformationProcess(
5600 IN HANDLE ProcessHandle
,
5601 IN CINT ProcessInformationClass
,
5602 OUT PVOID ProcessInformation
,
5603 IN ULONG ProcessInformationLength
,
5604 OUT PULONG ReturnLength
5608 * FUNCTION: Query the interval and the clocksource for profiling
5616 ZwQueryIntervalProfile(
5617 OUT PULONG Interval
,
5618 OUT KPROFILE_SOURCE ClockSource
5622 * FUNCTION: Queries the information of a object.
5624 ObjectHandle = Handle to a object
5625 ObjectInformationClass = Index to a certain information structure
5627 ObjectBasicInformation OBJECT_BASIC_INFORMATION
5628 ObjectNameInformation OBJECT_NAME_INFORMATION
5629 ObjectTypeInformation OBJECT_TYPE_INFORMATION
5630 ObjectAllTypesInformation OBJECT_ALL_TYPES_INFORMATION
5631 ObjectHandleInformation OBJECT_HANDLE_ATTRIBUTES_INFORMATION
5633 ObjectInformation = Caller supplies storage for resulting information
5634 Length = Size of the supplied storage
5635 ResultLength = Bytes written
5641 IN HANDLE ObjectHandle
,
5642 IN OBJECT_INFORMATION_CLASS ObjectInformationClass
,
5643 OUT PVOID ObjectInformation
,
5645 OUT PULONG ResultLength OPTIONAL
5650 NtQuerySecurityObject(
5652 IN SECURITY_INFORMATION SecurityInformation
,
5653 OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
5655 OUT PULONG ResultLength
5660 ZwQuerySecurityObject(
5662 IN SECURITY_INFORMATION SecurityInformation
,
5663 OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
5665 OUT PULONG ResultLength
5669 * FUNCTION: Queries the virtual memory information.
5671 ProcessHandle = Process owning the virtual address space
5672 BaseAddress = Points to the page where the information is queried for.
5673 * VirtualMemoryInformationClass = Index to a certain information structure
5675 MemoryBasicInformation MEMORY_BASIC_INFORMATION
5677 * VirtualMemoryInformation = caller supplies storage for the information structure
5678 * Length = size of the structure
5679 ResultLength = Data written
5686 ZwQueryVirtualMemory(
5687 IN HANDLE ProcessHandle
,
5689 IN IN CINT VirtualMemoryInformationClass
,
5690 OUT PVOID VirtualMemoryInformation
,
5692 OUT PULONG ResultLength
5696 * FUNCTION: Raises a hard error (stops the system)
5698 * Status = Status code of the hard error
5719 * FUNCTION: Sets the information of a registry key.
5721 * KeyHandle = Handle to the registry key
5722 * KeyInformationClass = Index to the a certain information structure.
5723 Can be one of the following values:
5725 * KeyLastWriteTimeInformation KEY_LAST_WRITE_TIME_INFORMATION
5727 KeyInformation = Storage for the new information
5728 * KeyInformationLength = Size of the information strucure
5734 ZwSetInformationKey(
5735 IN HANDLE KeyHandle
,
5736 IN KEY_SET_INFORMATION_CLASS KeyInformationClass
,
5737 IN PVOID KeyInformation
,
5738 IN ULONG KeyInformationLength
5742 * FUNCTION: Changes a set of object specific parameters
5745 * ObjectInformationClass = Index to the set of parameters to change.
5747 ObjectHandleInformation OBJECT_HANDLE_ATTRIBUTE_INFORMATION
5750 * ObjectInformation = Caller supplies storage for parameters to set.
5751 * Length = Size of the storage supplied
5756 ZwSetInformationObject(
5757 IN HANDLE ObjectHandle
,
5758 IN OBJECT_INFORMATION_CLASS ObjectInformationClass
,
5759 IN PVOID ObjectInformation
,
5764 * FUNCTION: Changes a set of process specific parameters
5766 * ProcessHandle = Handle to the process
5767 * ProcessInformationClass = Index to a information structure.
5769 * ProcessBasicInformation PROCESS_BASIC_INFORMATION
5770 * ProcessQuotaLimits QUOTA_LIMITS
5771 * ProcessBasePriority KPRIORITY
5772 * ProcessRaisePriority KPRIORITY
5773 * ProcessDebugPort HANDLE
5774 * ProcessExceptionPort HANDLE
5775 * ProcessAccessToken PROCESS_ACCESS_TOKEN
5776 * ProcessDefaultHardErrorMode ULONG
5777 * ProcessPriorityClass ULONG
5778 * ProcessAffinityMask KAFFINITY //??
5780 * ProcessInformation = Caller supplies storage for information to set.
5781 * ProcessInformationLength = Size of the information structure
5786 NtSetInformationProcess(
5787 IN HANDLE ProcessHandle
,
5788 IN CINT ProcessInformationClass
,
5789 IN PVOID ProcessInformation
,
5790 IN ULONG ProcessInformationLength
5795 ZwSetInformationProcess(
5796 IN HANDLE ProcessHandle
,
5797 IN CINT ProcessInformationClass
,
5798 IN PVOID ProcessInformation
,
5799 IN ULONG ProcessInformationLength
5803 * FUNCTION: Sets the characteristics of a timer
5805 * TimerHandle = Handle to the timer
5806 * DueTime = Time before the timer becomes signalled for the first time.
5807 * TimerApcRoutine = Completion routine can be called on time completion
5808 * TimerContext = Argument to the completion routine
5809 * Resume = Specifies if the timer should repeated after completing one cycle
5810 * Period = Cycle of the timer
5811 * REMARKS: This routine maps to the win32 SetWaitableTimer.
5817 IN HANDLE TimerHandle
,
5818 IN PLARGE_INTEGER DueTime
,
5819 IN PTIMERAPCROUTINE TimerApcRoutine
,
5820 IN PVOID TimerContext
,
5822 IN ULONG Period OPTIONAL
,
5823 OUT PBOOLEAN PreviousState OPTIONAL
5827 * FUNCTION: Unloads a registry key.
5829 * KeyHandle = Handle to the registry key
5831 * This procedure maps to the win32 procedure RegUnloadKey
5837 IN POBJECT_ATTRIBUTES KeyObjectAttributes
5841 * FUNCTION: Unlocks a range of virtual memory.
5843 * ProcessHandle = Handle to the process
5844 * BaseAddress = Lower boundary of the range of bytes to unlock.
5845 * NumberOfBytesToUnlock = Offset to the upper boundary to unlock.
5846 * NumberOfBytesUnlocked (OUT) = Number of bytes actually unlocked.
5848 This procedure maps to the win32 procedure VirtualUnlock
5849 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PAGE_WAS_ULOCKED ]
5853 ZwUnlockVirtualMemory(
5854 IN HANDLE ProcessHandle
,
5855 IN PVOID BaseAddress
,
5856 IN ULONG NumberOfBytesToUnlock
,
5857 OUT PULONG NumberOfBytesUnlocked OPTIONAL
5861 * FUNCTION: Waits for multiple objects to become signalled.
5863 * Count = The number of objects
5864 * Object = The array of object handles
5865 * WaitType = Can be one of the values UserMode or KernelMode
5866 * Alertable = If true the wait is alertable.
5867 * Time = The maximum wait time.
5869 * This function maps to the win32 WaitForMultipleObjectEx.
5874 ZwWaitForMultipleObjects (
5877 IN WAIT_TYPE WaitType
,
5878 IN BOOLEAN Alertable
,
5879 IN PLARGE_INTEGER Time
5883 * FUNCTION: Creates a profile
5885 * ProfileHandle (OUT) = Caller supplied storage for the resulting handle
5886 * ObjectAttribute = Initialized attributes for the object
5887 * ImageBase = Start address of executable image
5888 * ImageSize = Size of the image
5889 * Granularity = Bucket size
5890 * Buffer = Caller supplies buffer for profiling info
5891 * ProfilingSize = Buffer size
5892 * ClockSource = Specify 0 / FALSE ??
5893 * ProcessorMask = A value of -1 indicates disables per processor profiling,
5894 otherwise bit set for the processor to profile.
5896 * This function maps to the win32 CreateProcess.
5903 OUT PHANDLE ProfileHandle
,
5904 IN POBJECT_ATTRIBUTES ObjectAttributes
,
5907 IN ULONG Granularity
,
5909 IN ULONG ProfilingSize
,
5910 IN ULONG ClockSource
,
5911 IN ULONG ProcessorMask
5915 * FUNCTION: Delays the execution of the calling thread.
5917 * Alertable = If TRUE the thread is alertable during is wait period
5918 * Interval = Specifies the interval to wait.
5924 IN BOOLEAN Alertable
,
5929 * FUNCTION: Extends a section
5931 * SectionHandle = Handle to the section
5932 * NewMaximumSize = Adjusted size
5938 IN HANDLE SectionHandle
,
5939 IN ULONG NewMaximumSize
5943 * FUNCTION: Queries the information of a section object.
5945 * SectionHandle = Handle to the section link object
5946 * SectionInformationClass = Index to a certain information structure
5947 * SectionInformation (OUT)= Caller supplies storage for resulting information
5948 * Length = Size of the supplied storage
5949 * ResultLength = Data written
5956 IN HANDLE SectionHandle
,
5957 IN CINT SectionInformationClass
,
5958 OUT PVOID SectionInformation
,
5960 OUT PULONG ResultLength
5963 typedef struct _SECTION_IMAGE_INFORMATION
5970 USHORT MinorSubsystemVersion
;
5971 USHORT MajorSubsystemVersion
;
5973 ULONG Characteristics
;
5978 } SECTION_IMAGE_INFORMATION
, *PSECTION_IMAGE_INFORMATION
;
5980 #endif /* !__USE_W32API */
5983 * FUNCTION: Loads a registry key.
5985 * KeyObjectAttributes = Key to be loaded
5986 * FileObjectAttributes = File to load the key from
5989 * This procedure maps to the win32 procedure RegLoadKey
5995 IN POBJECT_ATTRIBUTES KeyObjectAttributes
,
5996 IN POBJECT_ATTRIBUTES FileObjectAttributes
,
6003 IN POBJECT_ATTRIBUTES KeyObjectAttributes
,
6004 IN POBJECT_ATTRIBUTES FileObjectAttributes
,
6009 * FUNCTION: Retrieves the system time
6011 * CurrentTime (OUT) = Caller should supply storage for the resulting time.
6019 OUT PLARGE_INTEGER CurrentTime
6023 * FUNCTION: Queries the information of a object.
6025 ObjectHandle = Handle to a object
6026 ObjectInformationClass = Index to a certain information structure
6028 ObjectBasicInformation OBJECT_BASIC_INFORMATION
6029 ObjectNameInformation OBJECT_NAME_INFORMATION
6030 ObjectTypeInformation OBJECT_TYPE_INFORMATION
6031 ObjectAllTypesInformation OBJECT_ALL_TYPES_INFORMATION
6032 ObjectHandleInformation OBJECT_HANDLE_ATTRIBUTE_INFORMATION
6034 ObjectInformation = Caller supplies storage for resulting information
6035 Length = Size of the supplied storage
6036 ResultLength = Bytes written
6042 IN HANDLE ObjectHandle
,
6043 IN OBJECT_INFORMATION_CLASS ObjectInformationClass
,
6044 OUT PVOID ObjectInformation
,
6046 OUT PULONG ResultLength OPTIONAL
6049 /* BEGIN REACTOS ONLY */
6052 ExInitializeBinaryTree(IN PBINARY_TREE Tree
,
6053 IN PKEY_COMPARATOR Compare
,
6054 IN BOOLEAN UseNonPagedPool
);
6057 ExDeleteBinaryTree(IN PBINARY_TREE Tree
);
6060 ExInsertBinaryTree(IN PBINARY_TREE Tree
,
6065 ExSearchBinaryTree(IN PBINARY_TREE Tree
,
6070 ExRemoveBinaryTree(IN PBINARY_TREE Tree
,
6075 ExTraverseBinaryTree(IN PBINARY_TREE Tree
,
6076 IN TRAVERSE_METHOD Method
,
6077 IN PTRAVERSE_ROUTINE Routine
,
6081 ExInitializeSplayTree(IN PSPLAY_TREE Tree
,
6082 IN PKEY_COMPARATOR Compare
,
6083 IN BOOLEAN Weighted
,
6084 IN BOOLEAN UseNonPagedPool
);
6087 ExDeleteSplayTree(IN PSPLAY_TREE Tree
);
6090 ExInsertSplayTree(IN PSPLAY_TREE Tree
,
6095 ExSearchSplayTree(IN PSPLAY_TREE Tree
,
6100 ExRemoveSplayTree(IN PSPLAY_TREE Tree
,
6105 ExWeightOfSplayTree(IN PSPLAY_TREE Tree
,
6109 ExTraverseSplayTree(IN PSPLAY_TREE Tree
,
6110 IN TRAVERSE_METHOD Method
,
6111 IN PTRAVERSE_ROUTINE Routine
,
6115 ExInitializeHashTable(IN PHASH_TABLE HashTable
,
6116 IN ULONG HashTableSize
,
6117 IN PKEY_COMPARATOR Compare OPTIONAL
,
6118 IN BOOLEAN UseNonPagedPool
);
6121 ExDeleteHashTable(IN PHASH_TABLE HashTable
);
6124 ExInsertHashTable(IN PHASH_TABLE HashTable
,
6130 ExSearchHashTable(IN PHASH_TABLE HashTable
,
6136 ExRemoveHashTable(IN PHASH_TABLE HashTable
,
6141 /* END REACTOS ONLY */
6143 #endif /* __DDK_ZW_H */