projects / reactos.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Fix NtAccessCheck() prototype.
[reactos.git] / reactos / w32api / include / ddk / ntapi.h
1 /*
2 * ntapi.h
3 *
4 * Windows NT Native API
5 *
6 * Most structures in this file is obtained from Windows NT/2000 Native API
7 * Reference by Gary Nebbett, ISBN 1578701996.
8 *
9 * This file is part of the w32api package.
10 *
11 * Contributors:
12 * Created by Casper S. Hornstrup <chorns@users.sourceforge.net>
13 *
14 * THIS SOFTWARE IS NOT COPYRIGHTED
15 *
16 * This source code is offered for use in the public domain. You may
17 * use, modify or distribute it freely.
18 *
19 * This code is distributed in the hope that it will be useful but
20 * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
21 * DISCLAIMED. This includes but is not limited to warranties of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
23 *
24 */
25
26 #ifndef __NTAPI_H
27 #define __NTAPI_H
28
29 #if __GNUC__ >= 3
30 #pragma GCC system_header
31 #endif
32
33 #ifdef __cplusplus
34 extern "C" {
35 #endif
36
37 #include <stdarg.h>
38 #include <winbase.h>
39 #include "ntddk.h"
40 #include "ntpoapi.h"
41
42 #pragma pack(push,4)
43
44 typedef struct _PEB *PPEB;
45
46 /* FIXME: Unknown definitions */
47 typedef PVOID POBJECT_TYPE_LIST;
48 typedef PVOID PEXECUTION_STATE;
49 typedef PVOID PLANGID;
50
51 #ifndef NtCurrentProcess
52 #define NtCurrentProcess() ( (HANDLE) 0xFFFFFFFF )
53 #endif /* NtCurrentProcess */
54 #ifndef NtCurrentThread
55 #define NtCurrentThread() ( (HANDLE) 0xFFFFFFFE )
56 #endif /* NtCurrentThread */
57
58 /* System information and control */
59
60 typedef enum _SYSTEM_INFORMATION_CLASS {
61 SystemInformationClassMin = 0,
62 SystemBasicInformation = 0,
63 SystemProcessorInformation = 1,
64 SystemPerformanceInformation = 2,
65 SystemTimeOfDayInformation = 3,
66 SystemPathInformation = 4,
67 SystemNotImplemented1 = 4,
68 SystemProcessInformation = 5,
69 SystemProcessesAndThreadsInformation = 5,
70 SystemCallCountInfoInformation = 6,
71 SystemCallCounts = 6,
72 SystemDeviceInformation = 7,
73 SystemConfigurationInformation = 7,
74 SystemProcessorPerformanceInformation = 8,
75 SystemProcessorTimes = 8,
76 SystemFlagsInformation = 9,
77 SystemGlobalFlag = 9,
78 SystemCallTimeInformation = 10,
79 SystemNotImplemented2 = 10,
80 SystemModuleInformation = 11,
81 SystemLocksInformation = 12,
82 SystemLockInformation = 12,
83 SystemStackTraceInformation = 13,
84 SystemNotImplemented3 = 13,
85 SystemPagedPoolInformation = 14,
86 SystemNotImplemented4 = 14,
87 SystemNonPagedPoolInformation = 15,
88 SystemNotImplemented5 = 15,
89 SystemHandleInformation = 16,
90 SystemObjectInformation = 17,
91 SystemPageFileInformation = 18,
92 SystemPagefileInformation = 18,
93 SystemVdmInstemulInformation = 19,
94 SystemInstructionEmulationCounts = 19,
95 SystemVdmBopInformation = 20,
96 SystemInvalidInfoClass1 = 20,
97 SystemFileCacheInformation = 21,
98 SystemCacheInformation = 21,
99 SystemPoolTagInformation = 22,
100 SystemInterruptInformation = 23,
101 SystemProcessorStatistics = 23,
102 SystemDpcBehaviourInformation = 24,
103 SystemDpcInformation = 24,
104 SystemFullMemoryInformation = 25,
105 SystemNotImplemented6 = 25,
106 SystemLoadImage = 26,
107 SystemUnloadImage = 27,
108 SystemTimeAdjustmentInformation = 28,
109 SystemTimeAdjustment = 28,
110 SystemSummaryMemoryInformation = 29,
111 SystemNotImplemented7 = 29,
112 SystemNextEventIdInformation = 30,
113 SystemNotImplemented8 = 30,
114 SystemEventIdsInformation = 31,
115 SystemNotImplemented9 = 31,
116 SystemCrashDumpInformation = 32,
117 SystemExceptionInformation = 33,
118 SystemCrashDumpStateInformation = 34,
119 SystemKernelDebuggerInformation = 35,
120 SystemContextSwitchInformation = 36,
121 SystemRegistryQuotaInformation = 37,
122 SystemLoadAndCallImage = 38,
123 SystemPrioritySeparation = 39,
124 SystemPlugPlayBusInformation = 40,
125 SystemNotImplemented10 = 40,
126 SystemDockInformation = 41,
127 SystemNotImplemented11 = 41,
128 /* SystemPowerInformation = 42, Conflicts with POWER_INFORMATION_LEVEL 1 */
129 SystemInvalidInfoClass2 = 42,
130 SystemProcessorSpeedInformation = 43,
131 SystemInvalidInfoClass3 = 43,
132 SystemCurrentTimeZoneInformation = 44,
133 SystemTimeZoneInformation = 44,
134 SystemLookasideInformation = 45,
135 SystemSetTimeSlipEvent = 46,
136 SystemCreateSession = 47,
137 SystemDeleteSession = 48,
138 SystemInvalidInfoClass4 = 49,
139 SystemRangeStartInformation = 50,
140 SystemVerifierInformation = 51,
141 SystemAddVerifier = 52,
142 SystemSessionProcessesInformation = 53,
143 SystemInformationClassMax
144 } SYSTEM_INFORMATION_CLASS;
145
146 typedef struct _SYSTEM_BASIC_INFORMATION {
147 ULONG Unknown;
148 ULONG MaximumIncrement;
149 ULONG PhysicalPageSize;
150 ULONG NumberOfPhysicalPages;
151 ULONG LowestPhysicalPage;
152 ULONG HighestPhysicalPage;
153 ULONG AllocationGranularity;
154 ULONG LowestUserAddress;
155 ULONG HighestUserAddress;
156 ULONG ActiveProcessors;
157 UCHAR NumberProcessors;
158 } SYSTEM_BASIC_INFORMATION, *PSYSTEM_BASIC_INFORMATION;
159
160 typedef struct _SYSTEM_PROCESSOR_INFORMATION {
161 USHORT ProcessorArchitecture;
162 USHORT ProcessorLevel;
163 USHORT ProcessorRevision;
164 USHORT Unknown;
165 ULONG FeatureBits;
166 } SYSTEM_PROCESSOR_INFORMATION, *PSYSTEM_PROCESSOR_INFORMATION;
167
168 typedef struct _SYSTEM_PERFORMANCE_INFORMATION {
169 LARGE_INTEGER IdleTime;
170 LARGE_INTEGER ReadTransferCount;
171 LARGE_INTEGER WriteTransferCount;
172 LARGE_INTEGER OtherTransferCount;
173 ULONG ReadOperationCount;
174 ULONG WriteOperationCount;
175 ULONG OtherOperationCount;
176 ULONG AvailablePages;
177 ULONG TotalCommittedPages;
178 ULONG TotalCommitLimit;
179 ULONG PeakCommitment;
180 ULONG PageFaults;
181 ULONG WriteCopyFaults;
182 ULONG TransitionFaults;
183 ULONG CacheTransitionFaults;
184 ULONG DemandZeroFaults;
185 ULONG PagesRead;
186 ULONG PageReadIos;
187 ULONG CacheReads;
188 ULONG CacheIos;
189 ULONG PagefilePagesWritten;
190 ULONG PagefilePageWriteIos;
191 ULONG MappedFilePagesWritten;
192 ULONG MappedFilePageWriteIos;
193 ULONG PagedPoolUsage;
194 ULONG NonPagedPoolUsage;
195 ULONG PagedPoolAllocs;
196 ULONG PagedPoolFrees;
197 ULONG NonPagedPoolAllocs;
198 ULONG NonPagedPoolFrees;
199 ULONG TotalFreeSystemPtes;
200 ULONG SystemCodePage;
201 ULONG TotalSystemDriverPages;
202 ULONG TotalSystemCodePages;
203 ULONG SmallNonPagedLookasideListAllocateHits;
204 ULONG SmallPagedLookasideListAllocateHits;
205 ULONG Reserved3;
206 ULONG MmSystemCachePage;
207 ULONG PagedPoolPage;
208 ULONG SystemDriverPage;
209 ULONG FastReadNoWait;
210 ULONG FastReadWait;
211 ULONG FastReadResourceMiss;
212 ULONG FastReadNotPossible;
213 ULONG FastMdlReadNoWait;
214 ULONG FastMdlReadWait;
215 ULONG FastMdlReadResourceMiss;
216 ULONG FastMdlReadNotPossible;
217 ULONG MapDataNoWait;
218 ULONG MapDataWait;
219 ULONG MapDataNoWaitMiss;
220 ULONG MapDataWaitMiss;
221 ULONG PinMappedDataCount;
222 ULONG PinReadNoWait;
223 ULONG PinReadWait;
224 ULONG PinReadNoWaitMiss;
225 ULONG PinReadWaitMiss;
226 ULONG CopyReadNoWait;
227 ULONG CopyReadWait;
228 ULONG CopyReadNoWaitMiss;
229 ULONG CopyReadWaitMiss;
230 ULONG MdlReadNoWait;
231 ULONG MdlReadWait;
232 ULONG MdlReadNoWaitMiss;
233 ULONG MdlReadWaitMiss;
234 ULONG ReadAheadIos;
235 ULONG LazyWriteIos;
236 ULONG LazyWritePages;
237 ULONG DataFlushes;
238 ULONG DataPages;
239 ULONG ContextSwitches;
240 ULONG FirstLevelTbFills;
241 ULONG SecondLevelTbFills;
242 ULONG SystemCalls;
243 } SYSTEM_PERFORMANCE_INFORMATION, *PSYSTEM_PERFORMANCE_INFORMATION;
244
245 typedef struct _SYSTEM_TIME_OF_DAY_INFORMATION {
246 LARGE_INTEGER BootTime;
247 LARGE_INTEGER CurrentTime;
248 LARGE_INTEGER TimeZoneBias;
249 ULONG CurrentTimeZoneId;
250 } SYSTEM_TIME_OF_DAY_INFORMATION, *PSYSTEM_TIME_OF_DAY_INFORMATION;
251
252 typedef struct _VM_COUNTERS {
253 ULONG PeakVirtualSize;
254 ULONG VirtualSize;
255 ULONG PageFaultCount;
256 ULONG PeakWorkingSetSize;
257 ULONG WorkingSetSize;
258 ULONG QuotaPeakPagedPoolUsage;
259 ULONG QuotaPagedPoolUsage;
260 ULONG QuotaPeakNonPagedPoolUsage;
261 ULONG QuotaNonPagedPoolUsage;
262 ULONG PagefileUsage;
263 ULONG PeakPagefileUsage;
264 } VM_COUNTERS;
265
266 typedef enum _THREAD_STATE {
267 StateInitialized,
268 StateReady,
269 StateRunning,
270 StateStandby,
271 StateTerminated,
272 StateWait,
273 StateTransition,
274 StateUnknown
275 } THREAD_STATE;
276
277 typedef struct _SYSTEM_THREADS {
278 LARGE_INTEGER KernelTime;
279 LARGE_INTEGER UserTime;
280 LARGE_INTEGER CreateTime;
281 ULONG WaitTime;
282 PVOID StartAddress;
283 CLIENT_ID ClientId;
284 KPRIORITY Priority;
285 KPRIORITY BasePriority;
286 ULONG ContextSwitchCount;
287 THREAD_STATE State;
288 KWAIT_REASON WaitReason;
289 } SYSTEM_THREADS, *PSYSTEM_THREADS;
290
291 typedef struct _SYSTEM_PROCESSES {
292 ULONG NextEntryDelta;
293 ULONG ThreadCount;
294 ULONG Reserved1[6];
295 LARGE_INTEGER CreateTime;
296 LARGE_INTEGER UserTime;
297 LARGE_INTEGER KernelTime;
298 UNICODE_STRING ProcessName;
299 KPRIORITY BasePriority;
300 ULONG ProcessId;
301 ULONG InheritedFromProcessId;
302 ULONG HandleCount;
303 ULONG Reserved2[2];
304 VM_COUNTERS VmCounters;
305 IO_COUNTERS IoCounters;
306 SYSTEM_THREADS Threads[1];
307 } SYSTEM_PROCESSES, *PSYSTEM_PROCESSES;
308
309 typedef struct _SYSTEM_CALLS_INFORMATION {
310 ULONG Size;
311 ULONG NumberOfDescriptorTables;
312 ULONG NumberOfRoutinesInTable[1];
313 ULONG CallCounts[ANYSIZE_ARRAY];
314 } SYSTEM_CALLS_INFORMATION, *PSYSTEM_CALLS_INFORMATION;
315
316 typedef struct _SYSTEM_CONFIGURATION_INFORMATION {
317 ULONG DiskCount;
318 ULONG FloppyCount;
319 ULONG CdRomCount;
320 ULONG TapeCount;
321 ULONG SerialCount;
322 ULONG ParallelCount;
323 } SYSTEM_CONFIGURATION_INFORMATION, *PSYSTEM_CONFIGURATION_INFORMATION;
324
325 typedef struct _SYSTEM_PROCESSOR_TIMES {
326 LARGE_INTEGER IdleTime;
327 LARGE_INTEGER KernelTime;
328 LARGE_INTEGER UserTime;
329 LARGE_INTEGER DpcTime;
330 LARGE_INTEGER InterruptTime;
331 ULONG InterruptCount;
332 } SYSTEM_PROCESSOR_TIMES, *PSYSTEM_PROCESSOR_TIMES;
333
334 /* SYSTEM_GLOBAL_FLAG.GlobalFlag constants */
335 #define FLG_STOP_ON_EXCEPTION 0x00000001
336 #define FLG_SHOW_LDR_SNAPS 0x00000002
337 #define FLG_DEBUG_INITIAL_COMMAND 0x00000004
338 #define FLG_STOP_ON_HUNG_GUI 0x00000008
339 #define FLG_HEAP_ENABLE_TAIL_CHECK 0x00000010
340 #define FLG_HEAP_ENABLE_FREE_CHECK 0x00000020
341 #define FLG_HEAP_VALIDATE_PARAMETERS 0x00000040
342 #define FLG_HEAP_VALIDATE_ALL 0x00000080
343 #define FLG_POOL_ENABLE_TAIL_CHECK 0x00000100
344 #define FLG_POOL_ENABLE_FREE_CHECK 0x00000200
345 #define FLG_POOL_ENABLE_TAGGING 0x00000400
346 #define FLG_HEAP_ENABLE_TAGGING 0x00000800
347 #define FLG_USER_STACK_TRACE_DB 0x00001000
348 #define FLG_KERNEL_STACK_TRACE_DB 0x00002000
349 #define FLG_MAINTAIN_OBJECT_TYPELIST 0x00004000
350 #define FLG_HEAP_ENABLE_TAG_BY_DLL 0x00008000
351 #define FLG_IGNORE_DEBUG_PRIV 0x00010000
352 #define FLG_ENABLE_CSRDEBUG 0x00020000
353 #define FLG_ENABLE_KDEBUG_SYMBOL_LOAD 0x00040000
354 #define FLG_DISABLE_PAGE_KERNEL_STACKS 0x00080000
355 #define FLG_HEAP_ENABLE_CALL_TRACING 0x00100000
356 #define FLG_HEAP_DISABLE_COALESCING 0x00200000
357 #define FLG_ENABLE_CLOSE_EXCEPTIONS 0x00400000
358 #define FLG_ENABLE_EXCEPTION_LOGGING 0x00800000
359 #define FLG_ENABLE_DBGPRINT_BUFFERING 0x08000000
360
361 typedef struct _SYSTEM_GLOBAL_FLAG {
362 ULONG GlobalFlag;
363 } SYSTEM_GLOBAL_FLAG, *PSYSTEM_GLOBAL_FLAG;
364
365 typedef struct _SYSTEM_MODULE_INFORMATION_ENTRY {
366 ULONG Unknown1;
367 ULONG Unknown2;
368 PVOID Base;
369 ULONG Size;
370 ULONG Flags;
371 USHORT Index;
372 /* Length of module name not including the path, this
373 field contains valid value only for NTOSKRNL module */
374 USHORT NameLength;
375 USHORT LoadCount;
376 USHORT PathLength;
377 CHAR ImageName[256];
378 } SYSTEM_MODULE_INFORMATION_ENTRY, *PSYSTEM_MODULE_INFORMATION_ENTRY;
379
380 typedef struct _SYSTEM_MODULE_INFORMATION {
381 ULONG Count;
382 SYSTEM_MODULE_INFORMATION_ENTRY Module[1];
383 } SYSTEM_MODULE_INFORMATION, *PSYSTEM_MODULE_INFORMATION;
384
385 typedef struct _SYSTEM_LOCK_INFORMATION {
386 PVOID Address;
387 USHORT Type;
388 USHORT Reserved1;
389 ULONG ExclusiveOwnerThreadId;
390 ULONG ActiveCount;
391 ULONG ContentionCount;
392 ULONG Reserved2[2];
393 ULONG NumberOfSharedWaiters;
394 ULONG NumberOfExclusiveWaiters;
395 } SYSTEM_LOCK_INFORMATION, *PSYSTEM_LOCK_INFORMATION;
396
397 /*SYSTEM_HANDLE_INFORMATION.Flags cosntants */
398 #define PROTECT_FROM_CLOSE 0x01
399 #define INHERIT 0x02
400
401 typedef struct _SYSTEM_HANDLE_INFORMATION {
402 ULONG ProcessId;
403 UCHAR ObjectTypeNumber;
404 UCHAR Flags;
405 USHORT Handle;
406 PVOID Object;
407 ACCESS_MASK GrantedAccess;
408 } SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;
409
410 typedef struct _SYSTEM_OBJECT_TYPE_INFORMATION {
411 ULONG NextEntryOffset;
412 ULONG ObjectCount;
413 ULONG HandleCount;
414 ULONG TypeNumber;
415 ULONG InvalidAttributes;
416 GENERIC_MAPPING GenericMapping;
417 ACCESS_MASK ValidAccessMask;
418 POOL_TYPE PoolType;
419 UCHAR Unknown;
420 UNICODE_STRING Name;
421 } SYSTEM_OBJECT_TYPE_INFORMATION, *PSYSTEM_OBJECT_TYPE_INFORMATION;
422
423 /* SYSTEM_OBJECT_INFORMATION.Flags constants */
424 #define FLG_SYSOBJINFO_SINGLE_HANDLE_ENTRY 0x40
425 #define FLG_SYSOBJINFO_DEFAULT_SECURITY_QUOTA 0x20
426 #define FLG_SYSOBJINFO_PERMANENT 0x10
427 #define FLG_SYSOBJINFO_EXCLUSIVE 0x08
428 #define FLG_SYSOBJINFO_CREATOR_INFO 0x04
429 #define FLG_SYSOBJINFO_KERNEL_MODE 0x02
430
431 typedef struct _SYSTEM_OBJECT_INFORMATION {
432 ULONG NextEntryOffset;
433 PVOID Object;
434 ULONG CreatorProcessId;
435 USHORT Unknown;
436 USHORT Flags;
437 ULONG PointerCount;
438 ULONG HandleCount;
439 ULONG PagedPoolUsage;
440 ULONG NonPagedPoolUsage;
441 ULONG ExclusiveProcessId;
442 PSECURITY_DESCRIPTOR SecurityDescriptor;
443 UNICODE_STRING Name;
444 } SYSTEM_OBJECT_INFORMATION, *PSYSTEM_OBJECT_INFORMATION;
445
446 typedef struct _SYSTEM_PAGEFILE_INFORMATION {
447 ULONG NextEntryOffset;
448 ULONG CurrentSize;
449 ULONG TotalUsed;
450 ULONG PeakUsed;
451 UNICODE_STRING FileName;
452 } SYSTEM_PAGEFILE_INFORMATION, *PSYSTEM_PAGEFILE_INFORMATION;
453
454 typedef struct _SYSTEM_INSTRUCTION_EMULATION_INFORMATION {
455 ULONG SegmentNotPresent;
456 ULONG TwoByteOpcode;
457 ULONG ESprefix;
458 ULONG CSprefix;
459 ULONG SSprefix;
460 ULONG DSprefix;
461 ULONG FSPrefix;
462 ULONG GSprefix;
463 ULONG OPER32prefix;
464 ULONG ADDR32prefix;
465 ULONG INSB;
466 ULONG INSW;
467 ULONG OUTSB;
468 ULONG OUTSW;
469 ULONG PUSHFD;
470 ULONG POPFD;
471 ULONG INTnn;
472 ULONG INTO;
473 ULONG IRETD;
474 ULONG INBimm;
475 ULONG INWimm;
476 ULONG OUTBimm;
477 ULONG OUTWimm;
478 ULONG INB;
479 ULONG INW;
480 ULONG OUTB;
481 ULONG OUTW;
482 ULONG LOCKprefix;
483 ULONG REPNEprefix;
484 ULONG REPprefix;
485 ULONG HLT;
486 ULONG CLI;
487 ULONG STI;
488 ULONG GenericInvalidOpcode;
489 } SYSTEM_INSTRUCTION_EMULATION_INFORMATION, *PSYSTEM_INSTRUCTION_EMULATION_INFORMATION;
490
491 typedef struct _SYSTEM_POOL_TAG_INFORMATION {
492 CHAR Tag[4];
493 ULONG PagedPoolAllocs;
494 ULONG PagedPoolFrees;
495 ULONG PagedPoolUsage;
496 ULONG NonPagedPoolAllocs;
497 ULONG NonPagedPoolFrees;
498 ULONG NonPagedPoolUsage;
499 } SYSTEM_POOL_TAG_INFORMATION, *PSYSTEM_POOL_TAG_INFORMATION;
500
501 typedef struct _SYSTEM_PROCESSOR_STATISTICS {
502 ULONG ContextSwitches;
503 ULONG DpcCount;
504 ULONG DpcRequestRate;
505 ULONG TimeIncrement;
506 ULONG DpcBypassCount;
507 ULONG ApcBypassCount;
508 } SYSTEM_PROCESSOR_STATISTICS, *PSYSTEM_PROCESSOR_STATISTICS;
509
510 typedef struct _SYSTEM_DPC_INFORMATION {
511 ULONG Reserved;
512 ULONG MaximumDpcQueueDepth;
513 ULONG MinimumDpcRate;
514 ULONG AdjustDpcThreshold;
515 ULONG IdealDpcRate;
516 } SYSTEM_DPC_INFORMATION, *PSYSTEM_DPC_INFORMATION;
517
518 typedef struct _SYSTEM_LOAD_IMAGE {
519 UNICODE_STRING ModuleName;
520 PVOID ModuleBase;
521 PVOID SectionPointer;
522 PVOID EntryPoint;
523 PVOID ExportDirectory;
524 } SYSTEM_LOAD_IMAGE, *PSYSTEM_LOAD_IMAGE;
525
526 typedef struct _SYSTEM_UNLOAD_IMAGE {
527 PVOID ModuleBase;
528 } SYSTEM_UNLOAD_IMAGE, *PSYSTEM_UNLOAD_IMAGE;
529
530 typedef struct _SYSTEM_QUERY_TIME_ADJUSTMENT {
531 ULONG TimeAdjustment;
532 ULONG MaximumIncrement;
533 BOOLEAN TimeSynchronization;
534 } SYSTEM_QUERY_TIME_ADJUSTMENT, *PSYSTEM_QUERY_TIME_ADJUSTMENT;
535
536 typedef struct _SYSTEM_SET_TIME_ADJUSTMENT {
537 ULONG TimeAdjustment;
538 BOOLEAN TimeSynchronization;
539 } SYSTEM_SET_TIME_ADJUSTMENT, *PSYSTEM_SET_TIME_ADJUSTMENT;
540
541 typedef struct _SYSTEM_CRASH_DUMP_INFORMATION {
542 HANDLE CrashDumpSectionHandle;
543 HANDLE Unknown;
544 } SYSTEM_CRASH_DUMP_INFORMATION, *PSYSTEM_CRASH_DUMP_INFORMATION;
545
546 typedef struct _SYSTEM_EXCEPTION_INFORMATION {
547 ULONG AlignmentFixupCount;
548 ULONG ExceptionDispatchCount;
549 ULONG FloatingEmulationCount;
550 ULONG Reserved;
551 } SYSTEM_EXCEPTION_INFORMATION, *PSYSTEM_EXCEPTION_INFORMATION;
552
553 typedef struct _SYSTEM_CRASH_DUMP_STATE_INFORMATION {
554 ULONG CrashDumpSectionExists;
555 ULONG Unknown;
556 } SYSTEM_CRASH_DUMP_STATE_INFORMATION, *PSYSTEM_CRASH_DUMP_STATE_INFORMATION;
557
558 typedef struct _SYSTEM_KERNEL_DEBUGGER_INFORMATION {
559 BOOLEAN DebuggerEnabled;
560 BOOLEAN DebuggerNotPresent;
561 } SYSTEM_KERNEL_DEBUGGER_INFORMATION, *PSYSTEM_KERNEL_DEBUGGER_INFORMATION;
562
563 typedef struct _SYSTEM_CONTEXT_SWITCH_INFORMATION {
564 ULONG ContextSwitches;
565 ULONG ContextSwitchCounters[11];
566 } SYSTEM_CONTEXT_SWITCH_INFORMATION, *PSYSTEM_CONTEXT_SWITCH_INFORMATION;
567
568 typedef struct _SYSTEM_REGISTRY_QUOTA_INFORMATION {
569 ULONG RegistryQuota;
570 ULONG RegistryQuotaInUse;
571 ULONG PagedPoolSize;
572 } SYSTEM_REGISTRY_QUOTA_INFORMATION, *PSYSTEM_REGISTRY_QUOTA_INFORMATION;
573
574 typedef struct _SYSTEM_LOAD_AND_CALL_IMAGE {
575 UNICODE_STRING ModuleName;
576 } SYSTEM_LOAD_AND_CALL_IMAGE, *PSYSTEM_LOAD_AND_CALL_IMAGE;
577
578 typedef struct _SYSTEM_PRIORITY_SEPARATION {
579 ULONG PrioritySeparation;
580 } SYSTEM_PRIORITY_SEPARATION, *PSYSTEM_PRIORITY_SEPARATION;
581
582 typedef struct _SYSTEM_TIME_ZONE_INFORMATION {
583 LONG Bias;
584 WCHAR StandardName[32];
585 LARGE_INTEGER StandardDate;
586 LONG StandardBias;
587 WCHAR DaylightName[32];
588 LARGE_INTEGER DaylightDate;
589 LONG DaylightBias;
590 } SYSTEM_TIME_ZONE_INFORMATION, *PSYSTEM_TIME_ZONE_INFORMATION;
591
592 typedef struct _SYSTEM_LOOKASIDE_INFORMATION {
593 USHORT Depth;
594 USHORT MaximumDepth;
595 ULONG TotalAllocates;
596 ULONG AllocateMisses;
597 ULONG TotalFrees;
598 ULONG FreeMisses;
599 POOL_TYPE Type;
600 ULONG Tag;
601 ULONG Size;
602 } SYSTEM_LOOKASIDE_INFORMATION, *PSYSTEM_LOOKASIDE_INFORMATION;
603
604 typedef struct _SYSTEM_SET_TIME_SLIP_EVENT {
605 HANDLE TimeSlipEvent;
606 } SYSTEM_SET_TIME_SLIP_EVENT, *PSYSTEM_SET_TIME_SLIP_EVENT;
607
608 typedef struct _SYSTEM_CREATE_SESSION {
609 ULONG SessionId;
610 } SYSTEM_CREATE_SESSION, *PSYSTEM_CREATE_SESSION;
611
612 typedef struct _SYSTEM_DELETE_SESSION {
613 ULONG SessionId;
614 } SYSTEM_DELETE_SESSION, *PSYSTEM_DELETE_SESSION;
615
616 typedef struct _SYSTEM_RANGE_START_INFORMATION {
617 PVOID SystemRangeStart;
618 } SYSTEM_RANGE_START_INFORMATION, *PSYSTEM_RANGE_START_INFORMATION;
619
620 typedef struct _SYSTEM_SESSION_PROCESSES_INFORMATION {
621 ULONG SessionId;
622 ULONG BufferSize;
623 PVOID Buffer;
624 } SYSTEM_SESSION_PROCESSES_INFORMATION, *PSYSTEM_SESSION_PROCESSES_INFORMATION;
625
626 typedef struct _SYSTEM_POOL_BLOCK {
627 BOOLEAN Allocated;
628 USHORT Unknown;
629 ULONG Size;
630 CHAR Tag[4];
631 } SYSTEM_POOL_BLOCK, *PSYSTEM_POOL_BLOCK;
632
633 typedef struct _SYSTEM_POOL_BLOCKS_INFORMATION {
634 ULONG PoolSize;
635 PVOID PoolBase;
636 USHORT Unknown;
637 ULONG NumberOfBlocks;
638 SYSTEM_POOL_BLOCK PoolBlocks[1];
639 } SYSTEM_POOL_BLOCKS_INFORMATION, *PSYSTEM_POOL_BLOCKS_INFORMATION;
640
641 typedef struct _SYSTEM_MEMORY_USAGE {
642 PVOID Name;
643 USHORT Valid;
644 USHORT Standby;
645 USHORT Modified;
646 USHORT PageTables;
647 } SYSTEM_MEMORY_USAGE, *PSYSTEM_MEMORY_USAGE;
648
649 typedef struct _SYSTEM_MEMORY_USAGE_INFORMATION {
650 ULONG Reserved;
651 PVOID EndOfData;
652 SYSTEM_MEMORY_USAGE MemoryUsage[1];
653 } SYSTEM_MEMORY_USAGE_INFORMATION, *PSYSTEM_MEMORY_USAGE_INFORMATION;
654
655 NTOSAPI
656 NTSTATUS
657 NTAPI
658 NtQuerySystemInformation(
659 IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
660 IN OUT PVOID SystemInformation,
661 IN ULONG SystemInformationLength,
662 OUT PULONG ReturnLength OPTIONAL);
663
664 NTOSAPI
665 NTSTATUS
666 NTAPI
667 ZwQuerySystemInformation(
668 IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
669 IN OUT PVOID SystemInformation,
670 IN ULONG SystemInformationLength,
671 OUT PULONG ReturnLength OPTIONAL);
672
673 NTOSAPI
674 NTSTATUS
675 NTAPI
676 ZwSetSystemInformation(
677 IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
678 IN OUT PVOID SystemInformation,
679 IN ULONG SystemInformationLength);
680
681 NTOSAPI
682 NTSTATUS
683 NTAPI
684 ZwQuerySystemEnvironmentValue(
685 IN PUNICODE_STRING Name,
686 OUT PVOID Value,
687 IN ULONG ValueLength,
688 OUT PULONG ReturnLength OPTIONAL);
689
690 NTOSAPI
691 NTSTATUS
692 NTAPI
693 ZwSetSystemEnvironmentValue(
694 IN PUNICODE_STRING Name,
695 IN PUNICODE_STRING Value);
696
697 typedef enum _SHUTDOWN_ACTION {
698 ShutdownNoReboot,
699 ShutdownReboot,
700 ShutdownPowerOff
701 } SHUTDOWN_ACTION;
702
703 NTOSAPI
704 NTSTATUS
705 NTAPI
706 NtShutdownSystem(
707 IN SHUTDOWN_ACTION Action);
708
709 typedef enum _DEBUG_CONTROL_CODE {
710 DebugGetTraceInformation = 1,
711 DebugSetInternalBreakpoint,
712 DebugSetSpecialCall,
713 DebugClearSpecialCalls,
714 DebugQuerySpecialCalls,
715 DebugDbgBreakPoint,
716 DebugMaximum
717 } DEBUG_CONTROL_CODE;
718
719
720 NTOSAPI
721 NTSTATUS
722 NTAPI
723 ZwSystemDebugControl(
724 IN DEBUG_CONTROL_CODE ControlCode,
725 IN PVOID InputBuffer OPTIONAL,
726 IN ULONG InputBufferLength,
727 OUT PVOID OutputBuffer OPTIONAL,
728 IN ULONG OutputBufferLength,
729 OUT PULONG ReturnLength OPTIONAL);
730
731
732
733 /* Objects, Object directories, and symbolic links */
734
735 typedef enum _OBJECT_INFORMATION_CLASS {
736 ObjectBasicInformation,
737 ObjectNameInformation,
738 ObjectTypeInformation,
739 ObjectAllTypesInformation,
740 ObjectHandleInformation
741 } OBJECT_INFORMATION_CLASS;
742
743 NTOSAPI
744 NTSTATUS
745 NTAPI
746 ZwQueryObject(
747 IN HANDLE ObjectHandle,
748 IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
749 OUT PVOID ObjectInformation,
750 IN ULONG ObjectInformationLength,
751 OUT PULONG ReturnLength OPTIONAL);
752
753 NTOSAPI
754 NTSTATUS
755 NTAPI
756 ZwSetInformationObject(
757 IN HANDLE ObjectHandle,
758 IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
759 IN PVOID ObjectInformation,
760 IN ULONG ObjectInformationLength);
761
762 /* OBJECT_BASIC_INFORMATION.Attributes constants */
763 /* also in winbase.h */
764 #define HANDLE_FLAG_INHERIT 0x01
765 #define HANDLE_FLAG_PROTECT_FROM_CLOSE 0x02
766 /* end winbase.h */
767 #define PERMANENT 0x10
768 #define EXCLUSIVE 0x20
769
770 typedef struct _OBJECT_BASIC_INFORMATION {
771 ULONG Attributes;
772 ACCESS_MASK GrantedAccess;
773 ULONG HandleCount;
774 ULONG PointerCount;
775 ULONG PagedPoolUsage;
776 ULONG NonPagedPoolUsage;
777 ULONG Reserved[3];
778 ULONG NameInformationLength;
779 ULONG TypeInformationLength;
780 ULONG SecurityDescriptorLength;
781 LARGE_INTEGER CreateTime;
782 } OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION;
783 #if 0
784 /* FIXME: Enable later */
785 typedef struct _OBJECT_TYPE_INFORMATION {
786 UNICODE_STRING Name;
787 ULONG ObjectCount;
788 ULONG HandleCount;
789 ULONG Reserved1[4];
790 ULONG PeakObjectCount;
791 ULONG PeakHandleCount;
792 ULONG Reserved2[4];
793 ULONG InvalidAttributes;
794 GENERIC_MAPPING GenericMapping;
795 ULONG ValidAccess;
796 UCHAR Unknown;
797 BOOLEAN MaintainHandleDatabase;
798 POOL_TYPE PoolType;
799 ULONG PagedPoolUsage;
800 ULONG NonPagedPoolUsage;
801 } OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION;
802
803 typedef struct _OBJECT_ALL_TYPES_INFORMATION {
804 ULONG NumberOfTypes;
805 OBJECT_TYPE_INFORMATION TypeInformation;
806 } OBJECT_ALL_TYPES_INFORMATION, *POBJECT_ALL_TYPES_INFORMATION;
807 #endif
808 typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFORMATION {
809 BOOLEAN Inherit;
810 BOOLEAN ProtectFromClose;
811 } OBJECT_HANDLE_ATTRIBUTE_INFORMATION, *POBJECT_HANDLE_ATTRIBUTE_INFORMATION;
812
813 NTOSAPI
814 NTSTATUS
815 NTAPI
816 NtDuplicateObject(
817 IN HANDLE SourceProcessHandle,
818 IN HANDLE SourceHandle,
819 IN HANDLE TargetProcessHandle,
820 OUT PHANDLE TargetHandle OPTIONAL,
821 IN ACCESS_MASK DesiredAccess,
822 IN ULONG Attributes,
823 IN ULONG Options);
824
825 NTOSAPI
826 NTSTATUS
827 NTAPI
828 ZwDuplicateObject(
829 IN HANDLE SourceProcessHandle,
830 IN HANDLE SourceHandle,
831 IN HANDLE TargetProcessHandle,
832 OUT PHANDLE TargetHandle OPTIONAL,
833 IN ACCESS_MASK DesiredAccess,
834 IN ULONG Attributes,
835 IN ULONG Options);
836
837 NTOSAPI
838 NTSTATUS
839 NTAPI
840 NtQuerySecurityObject(
841 IN HANDLE Handle,
842 IN SECURITY_INFORMATION SecurityInformation,
843 OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
844 IN ULONG SecurityDescriptorLength,
845 OUT PULONG ReturnLength);
846
847 NTOSAPI
848 NTSTATUS
849 NTAPI
850 ZwQuerySecurityObject(
851 IN HANDLE Handle,
852 IN SECURITY_INFORMATION SecurityInformation,
853 OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
854 IN ULONG SecurityDescriptorLength,
855 OUT PULONG ReturnLength);
856
857 NTOSAPI
858 NTSTATUS
859 NTAPI
860 NtSetSecurityObject(
861 IN HANDLE Handle,
862 IN SECURITY_INFORMATION SecurityInformation,
863 IN PSECURITY_DESCRIPTOR SecurityDescriptor);
864
865 NTOSAPI
866 NTSTATUS
867 NTAPI
868 ZwSetSecurityObject(
869 IN HANDLE Handle,
870 IN SECURITY_INFORMATION SecurityInformation,
871 IN PSECURITY_DESCRIPTOR SecurityDescriptor);
872
873 NTOSAPI
874 NTSTATUS
875 NTAPI
876 ZwOpenDirectoryObject(
877 OUT PHANDLE DirectoryHandle,
878 IN ACCESS_MASK DesiredAccess,
879 IN POBJECT_ATTRIBUTES ObjectAttributes);
880
881 NTOSAPI
882 NTSTATUS
883 NTAPI
884 ZwQueryDirectoryObject(
885 IN HANDLE DirectoryHandle,
886 OUT PVOID Buffer,
887 IN ULONG BufferLength,
888 IN BOOLEAN ReturnSingleEntry,
889 IN BOOLEAN RestartScan,
890 IN OUT PULONG Context,
891 OUT PULONG ReturnLength OPTIONAL);
892
893 typedef struct _DIRECTORY_BASIC_INFORMATION {
894 UNICODE_STRING ObjectName;
895 UNICODE_STRING ObjectTypeName;
896 } DIRECTORY_BASIC_INFORMATION, *PDIRECTORY_BASIC_INFORMATION;
897
898 NTOSAPI
899 NTSTATUS
900 NTAPI
901 ZwCreateSymbolicLinkObject(
902 OUT PHANDLE SymbolicLinkHandle,
903 IN ACCESS_MASK DesiredAccess,
904 IN POBJECT_ATTRIBUTES ObjectAttributes,
905 IN PUNICODE_STRING TargetName);
906
907
908
909
910 /* Virtual memory */
911
912 typedef enum _MEMORY_INFORMATION_CLASS {
913 MemoryBasicInformation,
914 MemoryWorkingSetList,
915 MemorySectionName,
916 MemoryBasicVlmInformation
917 } MEMORY_INFORMATION_CLASS;
918
919 NTOSAPI
920 NTSTATUS
921 NTAPI
922 NtAllocateVirtualMemory(
923 IN HANDLE ProcessHandle,
924 IN OUT PVOID *BaseAddress,
925 IN ULONG ZeroBits,
926 IN OUT PULONG AllocationSize,
927 IN ULONG AllocationType,
928 IN ULONG Protect);
929
930 NTOSAPI
931 NTSTATUS
932 NTAPI
933 ZwAllocateVirtualMemory(
934 IN HANDLE ProcessHandle,
935 IN OUT PVOID *BaseAddress,
936 IN ULONG ZeroBits,
937 IN OUT PULONG AllocationSize,
938 IN ULONG AllocationType,
939 IN ULONG Protect);
940
941 NTOSAPI
942 NTSTATUS
943 NTAPI
944 NtFreeVirtualMemory(
945 IN HANDLE ProcessHandle,
946 IN OUT PVOID *BaseAddress,
947 IN OUT PULONG FreeSize,
948 IN ULONG FreeType);
949
950 NTOSAPI
951 NTSTATUS
952 NTAPI
953 ZwFreeVirtualMemory(
954 IN HANDLE ProcessHandle,
955 IN OUT PVOID *BaseAddress,
956 IN OUT PULONG FreeSize,
957 IN ULONG FreeType);
958
959 NTOSAPI
960 NTSTATUS
961 NTAPI
962 ZwQueryVirtualMemory(
963 IN HANDLE ProcessHandle,
964 IN PVOID BaseAddress,
965 IN MEMORY_INFORMATION_CLASS MemoryInformationClass,
966 OUT PVOID MemoryInformation,
967 IN ULONG MemoryInformationLength,
968 OUT PULONG ReturnLength OPTIONAL);
969
970 /* MEMORY_WORKING_SET_LIST.WorkingSetList constants */
971 #define WSLE_PAGE_READONLY 0x001
972 #define WSLE_PAGE_EXECUTE 0x002
973 #define WSLE_PAGE_READWRITE 0x004
974 #define WSLE_PAGE_EXECUTE_READ 0x003
975 #define WSLE_PAGE_WRITECOPY 0x005
976 #define WSLE_PAGE_EXECUTE_READWRITE 0x006
977 #define WSLE_PAGE_EXECUTE_WRITECOPY 0x007
978 #define WSLE_PAGE_SHARE_COUNT_MASK 0x0E0
979 #define WSLE_PAGE_SHAREABLE 0x100
980
981 typedef struct _MEMORY_WORKING_SET_LIST {
982 ULONG NumberOfPages;
983 ULONG WorkingSetList[1];
984 } MEMORY_WORKING_SET_LIST, *PMEMORY_WORKING_SET_LIST;
985
986 typedef struct _MEMORY_SECTION_NAME {
987 UNICODE_STRING SectionFileName;
988 } MEMORY_SECTION_NAME, *PMEMORY_SECTION_NAME;
989
990 /* Zw[Lock|Unlock]VirtualMemory.LockType constants */
991 #define LOCK_VM_IN_WSL 0x01
992 #define LOCK_VM_IN_RAM 0x02
993
994 NTOSAPI
995 NTSTATUS
996 NTAPI
997 ZwLockVirtualMemory(
998 IN HANDLE ProcessHandle,
999 IN OUT PVOID *BaseAddress,
1000 IN OUT PULONG LockSize,
1001 IN ULONG LockType);
1002
1003 NTOSAPI
1004 NTSTATUS
1005 NTAPI
1006 ZwUnlockVirtualMemory(
1007 IN HANDLE ProcessHandle,
1008 IN OUT PVOID *BaseAddress,
1009 IN OUT PULONG LockSize,
1010 IN ULONG LockType);
1011
1012 NTOSAPI
1013 NTSTATUS
1014 NTAPI
1015 ZwReadVirtualMemory(
1016 IN HANDLE ProcessHandle,
1017 IN PVOID BaseAddress,
1018 OUT PVOID Buffer,
1019 IN ULONG BufferLength,
1020 OUT PULONG ReturnLength OPTIONAL);
1021
1022 NTOSAPI
1023 NTSTATUS
1024 NTAPI
1025 ZwWriteVirtualMemory(
1026 IN HANDLE ProcessHandle,
1027 IN PVOID BaseAddress,
1028 IN PVOID Buffer,
1029 IN ULONG BufferLength,
1030 OUT PULONG ReturnLength OPTIONAL);
1031
1032 NTOSAPI
1033 NTSTATUS
1034 NTAPI
1035 ZwProtectVirtualMemory(
1036 IN HANDLE ProcessHandle,
1037 IN OUT PVOID *BaseAddress,
1038 IN OUT PULONG ProtectSize,
1039 IN ULONG NewProtect,
1040 OUT PULONG OldProtect);
1041
1042 NTOSAPI
1043 NTSTATUS
1044 NTAPI
1045 ZwFlushVirtualMemory(
1046 IN HANDLE ProcessHandle,
1047 IN OUT PVOID *BaseAddress,
1048 IN OUT PULONG FlushSize,
1049 OUT PIO_STATUS_BLOCK IoStatusBlock);
1050
1051 NTOSAPI
1052 NTSTATUS
1053 NTAPI
1054 ZwAllocateUserPhysicalPages(
1055 IN HANDLE ProcessHandle,
1056 IN PULONG NumberOfPages,
1057 OUT PULONG PageFrameNumbers);
1058
1059 NTOSAPI
1060 NTSTATUS
1061 NTAPI
1062 ZwFreeUserPhysicalPages(
1063 IN HANDLE ProcessHandle,
1064 IN OUT PULONG NumberOfPages,
1065 IN PULONG PageFrameNumbers);
1066
1067 NTOSAPI
1068 NTSTATUS
1069 NTAPI
1070 ZwMapUserPhysicalPages(
1071 IN PVOID BaseAddress,
1072 IN PULONG NumberOfPages,
1073 IN PULONG PageFrameNumbers);
1074
1075 NTOSAPI
1076 NTSTATUS
1077 NTAPI
1078 ZwMapUserPhysicalPagesScatter(
1079 IN PVOID *BaseAddresses,
1080 IN PULONG NumberOfPages,
1081 IN PULONG PageFrameNumbers);
1082
1083 NTOSAPI
1084 NTSTATUS
1085 NTAPI
1086 ZwGetWriteWatch(
1087 IN HANDLE ProcessHandle,
1088 IN ULONG Flags,
1089 IN PVOID BaseAddress,
1090 IN ULONG RegionSize,
1091 OUT PULONG Buffer,
1092 IN OUT PULONG BufferEntries,
1093 OUT PULONG Granularity);
1094
1095 NTOSAPI
1096 NTSTATUS
1097 NTAPI
1098 ZwResetWriteWatch(
1099 IN HANDLE ProcessHandle,
1100 IN PVOID BaseAddress,
1101 IN ULONG RegionSize);
1102
1103
1104
1105
1106 /* Sections */
1107
1108 typedef enum _SECTION_INFORMATION_CLASS {
1109 SectionBasicInformation,
1110 SectionImageInformation
1111 } SECTION_INFORMATION_CLASS;
1112
1113 NTOSAPI
1114 NTSTATUS
1115 NTAPI
1116 NtCreateSection(
1117 OUT PHANDLE SectionHandle,
1118 IN ACCESS_MASK DesiredAccess,
1119 IN POBJECT_ATTRIBUTES ObjectAttributes,
1120 IN PLARGE_INTEGER SectionSize OPTIONAL,
1121 IN ULONG Protect,
1122 IN ULONG Attributes,
1123 IN HANDLE FileHandle);
1124
1125 NTOSAPI
1126 NTSTATUS
1127 NTAPI
1128 ZwCreateSection(
1129 OUT PHANDLE SectionHandle,
1130 IN ACCESS_MASK DesiredAccess,
1131 IN POBJECT_ATTRIBUTES ObjectAttributes,
1132 IN PLARGE_INTEGER SectionSize OPTIONAL,
1133 IN ULONG Protect,
1134 IN ULONG Attributes,
1135 IN HANDLE FileHandle);
1136
1137 NTOSAPI
1138 NTSTATUS
1139 NTAPI
1140 ZwQuerySection(
1141 IN HANDLE SectionHandle,
1142 IN SECTION_INFORMATION_CLASS SectionInformationClass,
1143 OUT PVOID SectionInformation,
1144 IN ULONG SectionInformationLength,
1145 OUT PULONG ResultLength OPTIONAL);
1146
1147 NTOSAPI
1148 NTSTATUS
1149 NTAPI
1150 ZwExtendSection(
1151 IN HANDLE SectionHandle,
1152 IN PLARGE_INTEGER SectionSize);
1153
1154 NTOSAPI
1155 NTSTATUS
1156 NTAPI
1157 ZwAreMappedFilesTheSame(
1158 IN PVOID Address1,
1159 IN PVOID Address2);
1160
1161
1162
1163
1164 /* Threads */
1165
1166 typedef struct _USER_STACK {
1167 PVOID FixedStackBase;
1168 PVOID FixedStackLimit;
1169 PVOID ExpandableStackBase;
1170 PVOID ExpandableStackLimit;
1171 PVOID ExpandableStackBottom;
1172 } USER_STACK, *PUSER_STACK;
1173
1174 NTOSAPI
1175 NTSTATUS
1176 NTAPI
1177 ZwCreateThread(
1178 OUT PHANDLE ThreadHandle,
1179 IN ACCESS_MASK DesiredAccess,
1180 IN POBJECT_ATTRIBUTES ObjectAttributes,
1181 IN HANDLE ProcessHandle,
1182 OUT PCLIENT_ID ClientId,
1183 IN PCONTEXT ThreadContext,
1184 IN PUSER_STACK UserStack,
1185 IN BOOLEAN CreateSuspended);
1186
1187 NTOSAPI
1188 NTSTATUS
1189 NTAPI
1190 NtOpenThread(
1191 OUT PHANDLE ThreadHandle,
1192 IN ACCESS_MASK DesiredAccess,
1193 IN POBJECT_ATTRIBUTES ObjectAttributes,
1194 IN PCLIENT_ID ClientId);
1195
1196 NTOSAPI
1197 NTSTATUS
1198 NTAPI
1199 ZwOpenThread(
1200 OUT PHANDLE ThreadHandle,
1201 IN ACCESS_MASK DesiredAccess,
1202 IN POBJECT_ATTRIBUTES ObjectAttributes,
1203 IN PCLIENT_ID ClientId);
1204
1205 NTOSAPI
1206 NTSTATUS
1207 NTAPI
1208 ZwTerminateThread(
1209 IN HANDLE ThreadHandle OPTIONAL,
1210 IN NTSTATUS ExitStatus);
1211
1212 NTOSAPI
1213 NTSTATUS
1214 NTAPI
1215 NtQueryInformationThread(
1216 IN HANDLE ThreadHandle,
1217 IN THREADINFOCLASS ThreadInformationClass,
1218 OUT PVOID ThreadInformation,
1219 IN ULONG ThreadInformationLength,
1220 OUT PULONG ReturnLength OPTIONAL);
1221
1222 NTOSAPI
1223 NTSTATUS
1224 NTAPI
1225 ZwQueryInformationThread(
1226 IN HANDLE ThreadHandle,
1227 IN THREADINFOCLASS ThreadInformationClass,
1228 OUT PVOID ThreadInformation,
1229 IN ULONG ThreadInformationLength,
1230 OUT PULONG ReturnLength OPTIONAL);
1231
1232 NTOSAPI
1233 NTSTATUS
1234 NTAPI
1235 NtSetInformationThread(
1236 IN HANDLE ThreadHandle,
1237 IN THREADINFOCLASS ThreadInformationClass,
1238 IN PVOID ThreadInformation,
1239 IN ULONG ThreadInformationLength);
1240
1241 typedef struct _THREAD_BASIC_INFORMATION {
1242 NTSTATUS ExitStatus;
1243 PNT_TIB TebBaseAddress;
1244 CLIENT_ID ClientId;
1245 KAFFINITY AffinityMask;
1246 KPRIORITY Priority;
1247 KPRIORITY BasePriority;
1248 } THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION;
1249
1250 typedef struct _KERNEL_USER_TIMES {
1251 LARGE_INTEGER CreateTime;
1252 LARGE_INTEGER ExitTime;
1253 LARGE_INTEGER KernelTime;
1254 LARGE_INTEGER UserTime;
1255 } KERNEL_USER_TIMES, *PKERNEL_USER_TIMES;
1256
1257 NTOSAPI
1258 NTSTATUS
1259 NTAPI
1260 ZwSuspendThread(
1261 IN HANDLE ThreadHandle,
1262 OUT PULONG PreviousSuspendCount OPTIONAL);
1263
1264 NTOSAPI
1265 NTSTATUS
1266 NTAPI
1267 ZwResumeThread(
1268 IN HANDLE ThreadHandle,
1269 OUT PULONG PreviousSuspendCount OPTIONAL);
1270
1271 NTOSAPI
1272 NTSTATUS
1273 NTAPI
1274 ZwGetContextThread(
1275 IN HANDLE ThreadHandle,
1276 OUT PCONTEXT Context);
1277
1278 NTOSAPI
1279 NTSTATUS
1280 NTAPI
1281 ZwSetContextThread(
1282 IN HANDLE ThreadHandle,
1283 IN PCONTEXT Context);
1284
1285 NTOSAPI
1286 NTSTATUS
1287 NTAPI
1288 ZwQueueApcThread(
1289 IN HANDLE ThreadHandle,
1290 IN PKNORMAL_ROUTINE ApcRoutine,
1291 IN PVOID ApcContext OPTIONAL,
1292 IN PVOID Argument1 OPTIONAL,
1293 IN PVOID Argument2 OPTIONAL);
1294
1295 NTOSAPI
1296 NTSTATUS
1297 NTAPI
1298 ZwTestAlert(
1299 VOID);
1300
1301 NTOSAPI
1302 NTSTATUS
1303 NTAPI
1304 ZwAlertThread(
1305 IN HANDLE ThreadHandle);
1306
1307 NTOSAPI
1308 NTSTATUS
1309 NTAPI
1310 ZwAlertResumeThread(
1311 IN HANDLE ThreadHandle,
1312 OUT PULONG PreviousSuspendCount OPTIONAL);
1313
1314 NTOSAPI
1315 NTSTATUS
1316 NTAPI
1317 ZwRegisterThreadTerminatePort(
1318 IN HANDLE PortHandle);
1319
1320 NTOSAPI
1321 NTSTATUS
1322 NTAPI
1323 ZwImpersonateThread(
1324 IN HANDLE ThreadHandle,
1325 IN HANDLE TargetThreadHandle,
1326 IN PSECURITY_QUALITY_OF_SERVICE SecurityQos);
1327
1328 NTOSAPI
1329 NTSTATUS
1330 NTAPI
1331 ZwImpersonateAnonymousToken(
1332 IN HANDLE ThreadHandle);
1333
1334
1335
1336
1337 /* Processes */
1338
1339 NTOSAPI
1340 NTSTATUS
1341 NTAPI
1342 ZwCreateProcess(
1343 OUT PHANDLE ProcessHandle,
1344 IN ACCESS_MASK DesiredAccess,
1345 IN POBJECT_ATTRIBUTES ObjectAttributes,
1346 IN HANDLE InheritFromProcessHandle,
1347 IN BOOLEAN InheritHandles,
1348 IN HANDLE SectionHandle OPTIONAL,
1349 IN HANDLE DebugPort OPTIONAL,
1350 IN HANDLE ExceptionPort OPTIONAL);
1351
1352 NTOSAPI
1353 NTSTATUS
1354 NTAPI
1355 ZwCreateProcess(
1356 OUT PHANDLE ProcessHandle,
1357 IN ACCESS_MASK DesiredAccess,
1358 IN POBJECT_ATTRIBUTES ObjectAttributes,
1359 IN HANDLE InheritFromProcessHandle,
1360 IN BOOLEAN InheritHandles,
1361 IN HANDLE SectionHandle OPTIONAL,
1362 IN HANDLE DebugPort OPTIONAL,
1363 IN HANDLE ExceptionPort OPTIONAL);
1364
1365 NTOSAPI
1366 NTSTATUS
1367 NTAPI
1368 ZwTerminateProcess(
1369 IN HANDLE ProcessHandle OPTIONAL,
1370 IN NTSTATUS ExitStatus);
1371
1372 NTOSAPI
1373 NTSTATUS
1374 NTAPI
1375 ZwQueryInformationProcess(
1376 IN HANDLE ProcessHandle,
1377 IN PROCESSINFOCLASS ProcessInformationClass,
1378 OUT PVOID ProcessInformation,
1379 IN ULONG ProcessInformationLength,
1380 OUT PULONG ReturnLength OPTIONAL);
1381
1382 NTOSAPI
1383 NTSTATUS
1384 NTAPI
1385 NtSetInformationProcess(
1386 IN HANDLE ProcessHandle,
1387 IN PROCESSINFOCLASS ProcessInformationClass,
1388 IN PVOID ProcessInformation,
1389 IN ULONG ProcessInformationLength);
1390
1391 NTOSAPI
1392 NTSTATUS
1393 NTAPI
1394 ZwSetInformationProcess(
1395 IN HANDLE ProcessHandle,
1396 IN PROCESSINFOCLASS ProcessInformationClass,
1397 IN PVOID ProcessInformation,
1398 IN ULONG ProcessInformationLength);
1399
1400 typedef struct _PROCESS_BASIC_INFORMATION {
1401 NTSTATUS ExitStatus;
1402 PPEB PebBaseAddress;
1403 KAFFINITY AffinityMask;
1404 KPRIORITY BasePriority;
1405 ULONG UniqueProcessId;
1406 ULONG InheritedFromUniqueProcessId;
1407 } PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION;
1408
1409 typedef struct _PROCESS_ACCESS_TOKEN {
1410 HANDLE Token;
1411 HANDLE Thread;
1412 } PROCESS_ACCESS_TOKEN, *PPROCESS_ACCESS_TOKEN;
1413
1414 /* DefaultHardErrorMode constants */
1415 /* also in winbase.h */
1416 #define SEM_FAILCRITICALERRORS 0x0001
1417 #define SEM_NOGPFAULTERRORBOX 0x0002
1418 #define SEM_NOALIGNMENTFAULTEXCEPT 0x0004
1419 #define SEM_NOOPENFILEERRORBOX 0x8000
1420 /* end winbase.h */
1421 typedef struct _POOLED_USAGE_AND_LIMITS {
1422 ULONG PeakPagedPoolUsage;
1423 ULONG PagedPoolUsage;
1424 ULONG PagedPoolLimit;
1425 ULONG PeakNonPagedPoolUsage;
1426 ULONG NonPagedPoolUsage;
1427 ULONG NonPagedPoolLimit;
1428 ULONG PeakPagefileUsage;
1429 ULONG PagefileUsage;
1430 ULONG PagefileLimit;
1431 } POOLED_USAGE_AND_LIMITS, *PPOOLED_USAGE_AND_LIMITS;
1432
1433 typedef struct _PROCESS_WS_WATCH_INFORMATION {
1434 PVOID FaultingPc;
1435 PVOID FaultingVa;
1436 } PROCESS_WS_WATCH_INFORMATION, *PPROCESS_WS_WATCH_INFORMATION;
1437
1438 /* PROCESS_PRIORITY_CLASS.PriorityClass constants */
1439 #define PC_IDLE 1
1440 #define PC_NORMAL 2
1441 #define PC_HIGH 3
1442 #define PC_REALTIME 4
1443 #define PC_BELOW_NORMAL 5
1444 #define PC_ABOVE_NORMAL 6
1445
1446 typedef struct _PROCESS_PRIORITY_CLASS {
1447 BOOLEAN Foreground;
1448 UCHAR PriorityClass;
1449 } PROCESS_PRIORITY_CLASS, *PPROCESS_PRIORITY_CLASS;
1450
1451 /* PROCESS_DEVICEMAP_INFORMATION.DriveType constants */
1452 #define DRIVE_UNKNOWN 0
1453 #define DRIVE_NO_ROOT_DIR 1
1454 #define DRIVE_REMOVABLE 2
1455 #define DRIVE_FIXED 3
1456 #define DRIVE_REMOTE 4
1457 #define DRIVE_CDROM 5
1458 #define DRIVE_RAMDISK 6
1459
1460 typedef struct _PROCESS_DEVICEMAP_INFORMATION {
1461 _ANONYMOUS_UNION union {
1462 struct {
1463 HANDLE DirectoryHandle;
1464 } Set;
1465 struct {
1466 ULONG DriveMap;
1467 UCHAR DriveType[32];
1468 } Query;
1469 } DUMMYUNIONNAME;
1470 } PROCESS_DEVICEMAP_INFORMATION, *PPROCESS_DEVICEMAP_INFORMATION;
1471
1472 typedef struct _PROCESS_SESSION_INFORMATION {
1473 ULONG SessionId;
1474 } PROCESS_SESSION_INFORMATION, *PPROCESS_SESSION_INFORMATION;
1475
1476 typedef struct _RTL_USER_PROCESS_PARAMETERS {
1477 ULONG AllocationSize;
1478 ULONG Size;
1479 ULONG Flags;
1480 ULONG DebugFlags;
1481 HANDLE hConsole;
1482 ULONG ProcessGroup;
1483 HANDLE hStdInput;
1484 HANDLE hStdOutput;
1485 HANDLE hStdError;
1486 UNICODE_STRING CurrentDirectoryName;
1487 HANDLE CurrentDirectoryHandle;
1488 UNICODE_STRING DllPath;
1489 UNICODE_STRING ImagePathName;
1490 UNICODE_STRING CommandLine;
1491 PWSTR Environment;
1492 ULONG dwX;
1493 ULONG dwY;
1494 ULONG dwXSize;
1495 ULONG dwYSize;
1496 ULONG dwXCountChars;
1497 ULONG dwYCountChars;
1498 ULONG dwFillAttribute;
1499 ULONG dwFlags;
1500 ULONG wShowWindow;
1501 UNICODE_STRING WindowTitle;
1502 UNICODE_STRING DesktopInfo;
1503 UNICODE_STRING ShellInfo;
1504 UNICODE_STRING RuntimeInfo;
1505 } RTL_USER_PROCESS_PARAMETERS, *PRTL_USER_PROCESS_PARAMETERS;
1506
1507 NTSTATUS
1508 NTAPI
1509 RtlCreateProcessParameters(
1510 OUT PRTL_USER_PROCESS_PARAMETERS *ProcessParameters,
1511 IN PUNICODE_STRING ImageFile,
1512 IN PUNICODE_STRING DllPath OPTIONAL,
1513 IN PUNICODE_STRING CurrentDirectory OPTIONAL,
1514 IN PUNICODE_STRING CommandLine OPTIONAL,
1515 IN PWSTR Environment OPTIONAL,
1516 IN PUNICODE_STRING WindowTitle OPTIONAL,
1517 IN PUNICODE_STRING DesktopInfo OPTIONAL,
1518 IN PUNICODE_STRING ShellInfo OPTIONAL,
1519 IN PUNICODE_STRING RuntimeInfo OPTIONAL);
1520
1521 NTSTATUS
1522 NTAPI
1523 RtlDestroyProcessParameters(
1524 IN PRTL_USER_PROCESS_PARAMETERS ProcessParameters);
1525
1526 typedef struct _DEBUG_BUFFER {
1527 HANDLE SectionHandle;
1528 PVOID SectionBase;
1529 PVOID RemoteSectionBase;
1530 ULONG SectionBaseDelta;
1531 HANDLE EventPairHandle;
1532 ULONG Unknown[2];
1533 HANDLE RemoteThreadHandle;
1534 ULONG InfoClassMask;
1535 ULONG SizeOfInfo;
1536 ULONG AllocatedSize;
1537 ULONG SectionSize;
1538 PVOID ModuleInformation;
1539 PVOID BackTraceInformation;
1540 PVOID HeapInformation;
1541 PVOID LockInformation;
1542 PVOID Reserved[8];
1543 } DEBUG_BUFFER, *PDEBUG_BUFFER;
1544
1545 PDEBUG_BUFFER
1546 NTAPI
1547 RtlCreateQueryDebugBuffer(
1548 IN ULONG Size,
1549 IN BOOLEAN EventPair);
1550
1551 /* RtlQueryProcessDebugInformation.DebugInfoClassMask constants */
1552 #define PDI_MODULES 0x01
1553 #define PDI_BACKTRACE 0x02
1554 #define PDI_HEAPS 0x04
1555 #define PDI_HEAP_TAGS 0x08
1556 #define PDI_HEAP_BLOCKS 0x10
1557 #define PDI_LOCKS 0x20
1558
1559 NTSTATUS
1560 NTAPI
1561 RtlQueryProcessDebugInformation(
1562 IN ULONG ProcessId,
1563 IN ULONG DebugInfoClassMask,
1564 IN OUT PDEBUG_BUFFER DebugBuffer);
1565
1566 NTSTATUS
1567 NTAPI
1568 RtlDestroyQueryDebugBuffer(
1569 IN PDEBUG_BUFFER DebugBuffer);
1570
1571 /* DEBUG_MODULE_INFORMATION.Flags constants */
1572 #define LDRP_STATIC_LINK 0x00000002
1573 #define LDRP_IMAGE_DLL 0x00000004
1574 #define LDRP_LOAD_IN_PROGRESS 0x00001000
1575 #define LDRP_UNLOAD_IN_PROGRESS 0x00002000
1576 #define LDRP_ENTRY_PROCESSED 0x00004000
1577 #define LDRP_ENTRY_INSERTED 0x00008000
1578 #define LDRP_CURRENT_LOAD 0x00010000
1579 #define LDRP_FAILED_BUILTIN_LOAD 0x00020000
1580 #define LDRP_DONT_CALL_FOR_THREADS 0x00040000
1581 #define LDRP_PROCESS_ATTACH_CALLED 0x00080000
1582 #define LDRP_DEBUG_SYMBOLS_LOADED 0x00100000
1583 #define LDRP_IMAGE_NOT_AT_BASE 0x00200000
1584 #define LDRP_WX86_IGNORE_MACHINETYPE 0x00400000
1585
1586 typedef struct _DEBUG_MODULE_INFORMATION {
1587 ULONG Reserved[2];
1588 ULONG Base;
1589 ULONG Size;
1590 ULONG Flags;
1591 USHORT Index;
1592 USHORT Unknown;
1593 USHORT LoadCount;
1594 USHORT ModuleNameOffset;
1595 CHAR ImageName[256];
1596 } DEBUG_MODULE_INFORMATION, *PDEBUG_MODULE_INFORMATION;
1597
1598 typedef struct _DEBUG_HEAP_INFORMATION {
1599 ULONG Base;
1600 ULONG Flags;
1601 USHORT Granularity;
1602 USHORT Unknown;
1603 ULONG Allocated;
1604 ULONG Committed;
1605 ULONG TagCount;
1606 ULONG BlockCount;
1607 ULONG Reserved[7];
1608 PVOID Tags;
1609 PVOID Blocks;
1610 } DEBUG_HEAP_INFORMATION, *PDEBUG_HEAP_INFORMATION;
1611
1612 typedef struct _DEBUG_LOCK_INFORMATION {
1613 PVOID Address;
1614 USHORT Type;
1615 USHORT CreatorBackTraceIndex;
1616 ULONG OwnerThreadId;
1617 ULONG ActiveCount;
1618 ULONG ContentionCount;
1619 ULONG EntryCount;
1620 ULONG RecursionCount;
1621 ULONG NumberOfSharedWaiters;
1622 ULONG NumberOfExclusiveWaiters;
1623 } DEBUG_LOCK_INFORMATION, *PDEBUG_LOCK_INFORMATION;
1624
1625
1626
1627 /* Jobs */
1628
1629 NTOSAPI
1630 NTSTATUS
1631 NTAPI
1632 ZwCreateJobObject(
1633 OUT PHANDLE JobHandle,
1634 IN ACCESS_MASK DesiredAccess,
1635 IN POBJECT_ATTRIBUTES ObjectAttributes);
1636
1637 NTOSAPI
1638 NTSTATUS
1639 NTAPI
1640 ZwOpenJobObject(
1641 OUT PHANDLE JobHandle,
1642 IN ACCESS_MASK DesiredAccess,
1643 IN POBJECT_ATTRIBUTES ObjectAttributes);
1644
1645 NTOSAPI
1646 NTSTATUS
1647 NTAPI
1648 ZwTerminateJobObject(
1649 IN HANDLE JobHandle,
1650 IN NTSTATUS ExitStatus);
1651
1652 NTOSAPI
1653 NTSTATUS
1654 NTAPI
1655 ZwAssignProcessToJobObject(
1656 IN HANDLE JobHandle,
1657 IN HANDLE ProcessHandle);
1658
1659 NTOSAPI
1660 NTSTATUS
1661 NTAPI
1662 ZwQueryInformationJobObject(
1663 IN HANDLE JobHandle,
1664 IN JOBOBJECTINFOCLASS JobInformationClass,
1665 OUT PVOID JobInformation,
1666 IN ULONG JobInformationLength,
1667 OUT PULONG ReturnLength OPTIONAL);
1668
1669 NTOSAPI
1670 NTSTATUS
1671 NTAPI
1672 ZwSetInformationJobObject(
1673 IN HANDLE JobHandle,
1674 IN JOBOBJECTINFOCLASS JobInformationClass,
1675 IN PVOID JobInformation,
1676 IN ULONG JobInformationLength);
1677
1678
1679 /* Tokens */
1680
1681 NTOSAPI
1682 NTSTATUS
1683 NTAPI
1684 ZwCreateToken(
1685 OUT PHANDLE TokenHandle,
1686 IN ACCESS_MASK DesiredAccess,
1687 IN POBJECT_ATTRIBUTES ObjectAttributes,
1688 IN TOKEN_TYPE Type,
1689 IN PLUID AuthenticationId,
1690 IN PLARGE_INTEGER ExpirationTime,
1691 IN PTOKEN_USER User,
1692 IN PTOKEN_GROUPS Groups,
1693 IN PTOKEN_PRIVILEGES Privileges,
1694 IN PTOKEN_OWNER Owner,
1695 IN PTOKEN_PRIMARY_GROUP PrimaryGroup,
1696 IN PTOKEN_DEFAULT_DACL DefaultDacl,
1697 IN PTOKEN_SOURCE Source
1698 );
1699
1700 NTOSAPI
1701 NTSTATUS
1702 NTAPI
1703 NtOpenProcessToken(
1704 IN HANDLE ProcessHandle,
1705 IN ACCESS_MASK DesiredAccess,
1706 OUT PHANDLE TokenHandle);
1707
1708 NTOSAPI
1709 NTSTATUS
1710 NTAPI
1711 ZwOpenProcessToken(
1712 IN HANDLE ProcessHandle,
1713 IN ACCESS_MASK DesiredAccess,
1714 OUT PHANDLE TokenHandle);
1715
1716 NTOSAPI
1717 NTSTATUS
1718 NTAPI
1719 NtOpenThreadToken(
1720 IN HANDLE ThreadHandle,
1721 IN ACCESS_MASK DesiredAccess,
1722 IN BOOLEAN OpenAsSelf,
1723 OUT PHANDLE TokenHandle);
1724
1725 NTOSAPI
1726 NTSTATUS
1727 NTAPI
1728 ZwOpenThreadToken(
1729 IN HANDLE ThreadHandle,
1730 IN ACCESS_MASK DesiredAccess,
1731 IN BOOLEAN OpenAsSelf,
1732 OUT PHANDLE TokenHandle);
1733
1734 NTOSAPI
1735 NTSTATUS
1736 NTAPI
1737 NtDuplicateToken(
1738 IN HANDLE ExistingTokenHandle,
1739 IN ACCESS_MASK DesiredAccess,
1740 IN POBJECT_ATTRIBUTES ObjectAttributes,
1741 IN BOOLEAN EffectiveOnly,
1742 IN TOKEN_TYPE TokenType,
1743 OUT PHANDLE NewTokenHandle);
1744
1745 NTOSAPI
1746 NTSTATUS
1747 NTAPI
1748 ZwDuplicateToken(
1749 IN HANDLE ExistingTokenHandle,
1750 IN ACCESS_MASK DesiredAccess,
1751 IN POBJECT_ATTRIBUTES ObjectAttributes,
1752 IN BOOLEAN EffectiveOnly,
1753 IN TOKEN_TYPE TokenType,
1754 OUT PHANDLE NewTokenHandle);
1755
1756 NTOSAPI
1757 NTSTATUS
1758 NTAPI
1759 ZwFilterToken(
1760 IN HANDLE ExistingTokenHandle,
1761 IN ULONG Flags,
1762 IN PTOKEN_GROUPS SidsToDisable,
1763 IN PTOKEN_PRIVILEGES PrivilegesToDelete,
1764 IN PTOKEN_GROUPS SidsToRestricted,
1765 OUT PHANDLE NewTokenHandle);
1766
1767 NTOSAPI
1768 NTSTATUS
1769 NTAPI
1770 NtAdjustPrivilegesToken(
1771 IN HANDLE TokenHandle,
1772 IN BOOLEAN DisableAllPrivileges,
1773 IN PTOKEN_PRIVILEGES NewState,
1774 IN ULONG BufferLength,
1775 OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL,
1776 OUT PULONG ReturnLength);
1777
1778 NTOSAPI
1779 NTSTATUS
1780 NTAPI
1781 ZwAdjustPrivilegesToken(
1782 IN HANDLE TokenHandle,
1783 IN BOOLEAN DisableAllPrivileges,
1784 IN PTOKEN_PRIVILEGES NewState,
1785 IN ULONG BufferLength,
1786 OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL,
1787 OUT PULONG ReturnLength);
1788
1789 NTOSAPI
1790 NTSTATUS
1791 NTAPI
1792 ZwAdjustGroupsToken(
1793 IN HANDLE TokenHandle,
1794 IN BOOLEAN ResetToDefault,
1795 IN PTOKEN_GROUPS NewState,
1796 IN ULONG BufferLength,
1797 OUT PTOKEN_GROUPS PreviousState OPTIONAL,
1798 OUT PULONG ReturnLength);
1799
1800 NTOSAPI
1801 NTSTATUS
1802 NTAPI
1803 NtQueryInformationToken(
1804 IN HANDLE TokenHandle,
1805 IN TOKEN_INFORMATION_CLASS TokenInformationClass,
1806 OUT PVOID TokenInformation,
1807 IN ULONG TokenInformationLength,
1808 OUT PULONG ReturnLength);
1809
1810 NTOSAPI
1811 NTSTATUS
1812 NTAPI
1813 ZwQueryInformationToken(
1814 IN HANDLE TokenHandle,
1815 IN TOKEN_INFORMATION_CLASS TokenInformationClass,
1816 OUT PVOID TokenInformation,
1817 IN ULONG TokenInformationLength,
1818 OUT PULONG ReturnLength);
1819
1820 NTOSAPI
1821 NTSTATUS
1822 NTAPI
1823 ZwSetInformationToken(
1824 IN HANDLE TokenHandle,
1825 IN TOKEN_INFORMATION_CLASS TokenInformationClass,
1826 IN PVOID TokenInformation,
1827 IN ULONG TokenInformationLength);
1828
1829
1830
1831
1832 /* Time */
1833
1834 NTOSAPI
1835 NTSTATUS
1836 NTAPI
1837 ZwQuerySystemTime(
1838 OUT PLARGE_INTEGER CurrentTime);
1839
1840 NTOSAPI
1841 NTSTATUS
1842 NTAPI
1843 ZwSetSystemTime(
1844 IN PLARGE_INTEGER NewTime,
1845 OUT PLARGE_INTEGER OldTime OPTIONAL);
1846
1847 NTOSAPI
1848 NTSTATUS
1849 NTAPI
1850 ZwQueryPerformanceCounter(
1851 OUT PLARGE_INTEGER PerformanceCount,
1852 OUT PLARGE_INTEGER PerformanceFrequency OPTIONAL);
1853
1854 NTOSAPI
1855 NTSTATUS
1856 NTAPI
1857 ZwQueryPerformanceCounter(
1858 OUT PLARGE_INTEGER PerformanceCount,
1859 OUT PLARGE_INTEGER PerformanceFrequency OPTIONAL);
1860
1861 NTOSAPI
1862 NTSTATUS
1863 NTAPI
1864 ZwQueryTimerResolution(
1865 OUT PULONG CoarsestResolution,
1866 OUT PULONG FinestResolution,
1867 OUT PULONG ActualResolution);
1868
1869 NTOSAPI
1870 NTSTATUS
1871 NTAPI
1872 ZwDelayExecution(
1873 IN BOOLEAN Alertable,
1874 IN PLARGE_INTEGER Interval);
1875
1876 NTOSAPI
1877 NTSTATUS
1878 NTAPI
1879 ZwYieldExecution(
1880 VOID);
1881
1882 NTOSAPI
1883 ULONG
1884 NTAPI
1885 ZwGetTickCount(
1886 VOID);
1887
1888
1889
1890
1891 /* Execution profiling */
1892
1893 NTOSAPI
1894 NTSTATUS
1895 NTAPI
1896 ZwCreateProfile(
1897 OUT PHANDLE ProfileHandle,
1898 IN HANDLE ProcessHandle,
1899 IN PVOID Base,
1900 IN ULONG Size,
1901 IN ULONG BucketShift,
1902 IN PULONG Buffer,
1903 IN ULONG BufferLength,
1904 IN KPROFILE_SOURCE Source,
1905 IN ULONG ProcessorMask);
1906
1907 NTOSAPI
1908 NTSTATUS
1909 NTAPI
1910 ZwSetIntervalProfile(
1911 IN ULONG Interval,
1912 IN KPROFILE_SOURCE Source);
1913
1914 NTOSAPI
1915 NTSTATUS
1916 NTAPI
1917 ZwQueryIntervalProfile(
1918 IN KPROFILE_SOURCE Source,
1919 OUT PULONG Interval);
1920
1921 NTOSAPI
1922 NTSTATUS
1923 NTAPI
1924 ZwStartProfile(
1925 IN HANDLE ProfileHandle);
1926
1927 NTOSAPI
1928 NTSTATUS
1929 NTAPI
1930 ZwStopProfile(
1931 IN HANDLE ProfileHandle);
1932
1933 /* Local Procedure Call (LPC) */
1934
1935 typedef struct _LPC_MESSAGE {
1936 USHORT DataSize;
1937 USHORT MessageSize;
1938 USHORT MessageType;
1939 USHORT VirtualRangesOffset;
1940 CLIENT_ID ClientId;
1941 ULONG MessageId;
1942 ULONG SectionSize;
1943 UCHAR Data[ANYSIZE_ARRAY];
1944 } LPC_MESSAGE, *PLPC_MESSAGE;
1945
1946 #define LPC_MESSAGE_BASE_SIZE 24
1947
1948 typedef enum _LPC_TYPE {
1949 LPC_NEW_MESSAGE,
1950 LPC_REQUEST,
1951 LPC_REPLY,
1952 LPC_DATAGRAM,
1953 LPC_LOST_REPLY,
1954 LPC_PORT_CLOSED,
1955 LPC_CLIENT_DIED,
1956 LPC_EXCEPTION,
1957 LPC_DEBUG_EVENT,
1958 LPC_ERROR_EVENT,
1959 LPC_CONNECTION_REQUEST,
1960 LPC_CONNECTION_REFUSED,
1961 LPC_MAXIMUM
1962 } LPC_TYPE;
1963
1964 typedef struct _LPC_SECTION_WRITE {
1965 ULONG Length;
1966 HANDLE SectionHandle;
1967 ULONG SectionOffset;
1968 ULONG ViewSize;
1969 PVOID ViewBase;
1970 PVOID TargetViewBase;
1971 } LPC_SECTION_WRITE, *PLPC_SECTION_WRITE;
1972
1973 typedef struct _LPC_SECTION_READ {
1974 ULONG Length;
1975 ULONG ViewSize;
1976 PVOID ViewBase;
1977 } LPC_SECTION_READ, *PLPC_SECTION_READ;
1978
1979 NTOSAPI
1980 NTSTATUS
1981 NTAPI
1982 ZwCreatePort(
1983 OUT PHANDLE PortHandle,
1984 IN POBJECT_ATTRIBUTES ObjectAttributes,
1985 IN ULONG MaxDataSize,
1986 IN ULONG MaxMessageSize,
1987 IN ULONG Reserved);
1988
1989 NTOSAPI
1990 NTSTATUS
1991 NTAPI
1992 ZwCreateWaitablePort(
1993 OUT PHANDLE PortHandle,
1994 IN POBJECT_ATTRIBUTES ObjectAttributes,
1995 IN ULONG MaxDataSize,
1996 IN ULONG MaxMessageSize,
1997 IN ULONG Reserved);
1998
1999 NTOSAPI
2000 NTSTATUS
2001 NTAPI
2002 NtConnectPort(
2003 OUT PHANDLE PortHandle,
2004 IN PUNICODE_STRING PortName,
2005 IN PSECURITY_QUALITY_OF_SERVICE SecurityQos,
2006 IN OUT PLPC_SECTION_WRITE WriteSection OPTIONAL,
2007 IN OUT PLPC_SECTION_READ ReadSection OPTIONAL,
2008 OUT PULONG MaxMessageSize OPTIONAL,
2009 IN OUT PVOID ConnectData OPTIONAL,
2010 IN OUT PULONG ConnectDataLength OPTIONAL);
2011
2012 NTOSAPI
2013 NTSTATUS
2014 NTAPI
2015 ZwConnectPort(
2016 OUT PHANDLE PortHandle,
2017 IN PUNICODE_STRING PortName,
2018 IN PSECURITY_QUALITY_OF_SERVICE SecurityQos,
2019 IN OUT PLPC_SECTION_WRITE WriteSection OPTIONAL,
2020 IN OUT PLPC_SECTION_READ ReadSection OPTIONAL,
2021 OUT PULONG MaxMessageSize OPTIONAL,
2022 IN OUT PVOID ConnectData OPTIONAL,
2023 IN OUT PULONG ConnectDataLength OPTIONAL);
2024
2025 NTOSAPI
2026 NTSTATUS
2027 NTAPI
2028 ZwConnectPort(
2029 OUT PHANDLE PortHandle,
2030 IN PUNICODE_STRING PortName,
2031 IN PSECURITY_QUALITY_OF_SERVICE SecurityQos,
2032 IN OUT PLPC_SECTION_WRITE WriteSection OPTIONAL,
2033 IN OUT PLPC_SECTION_READ ReadSection OPTIONAL,
2034 OUT PULONG MaxMessageSize OPTIONAL,
2035 IN OUT PVOID ConnectData OPTIONAL,
2036 IN OUT PULONG ConnectDataLength OPTIONAL);
2037
2038 NTOSAPI
2039 NTSTATUS
2040 NTAPI
2041 ZwListenPort(
2042 IN HANDLE PortHandle,
2043 OUT PLPC_MESSAGE Message);
2044
2045 NTOSAPI
2046 NTSTATUS
2047 NTAPI
2048 ZwAcceptConnectPort(
2049 OUT PHANDLE PortHandle,
2050 IN ULONG PortIdentifier,
2051 IN PLPC_MESSAGE Message,
2052 IN BOOLEAN Accept,
2053 IN OUT PLPC_SECTION_WRITE WriteSection OPTIONAL,
2054 IN OUT PLPC_SECTION_READ ReadSection OPTIONAL);
2055
2056 NTOSAPI
2057 NTSTATUS
2058 NTAPI
2059 ZwCompleteConnectPort(
2060 IN HANDLE PortHandle);
2061
2062 NTOSAPI
2063 NTSTATUS
2064 NTAPI
2065 NtRequestPort(
2066 IN HANDLE PortHandle,
2067 IN PLPC_MESSAGE RequestMessage);
2068
2069 NTOSAPI
2070 NTSTATUS
2071 NTAPI
2072 NtRequestWaitReplyPort(
2073 IN HANDLE PortHandle,
2074 IN PLPC_MESSAGE RequestMessage,
2075 OUT PLPC_MESSAGE ReplyMessage);
2076
2077 NTOSAPI
2078 NTSTATUS
2079 NTAPI
2080 ZwRequestWaitReplyPort(
2081 IN HANDLE PortHandle,
2082 IN PLPC_MESSAGE RequestMessage,
2083 OUT PLPC_MESSAGE ReplyMessage);
2084
2085 NTOSAPI
2086 NTSTATUS
2087 NTAPI
2088 ZwReplyPort(
2089 IN HANDLE PortHandle,
2090 IN PLPC_MESSAGE ReplyMessage);
2091
2092 NTOSAPI
2093 NTSTATUS
2094 NTAPI
2095 ZwReplyWaitReplyPort(
2096 IN HANDLE PortHandle,
2097 IN OUT PLPC_MESSAGE ReplyMessage);
2098
2099 NTOSAPI
2100 NTSTATUS
2101 NTAPI
2102 ZwReplyWaitReceivePort(
2103 IN HANDLE PortHandle,
2104 OUT PULONG PortIdentifier OPTIONAL,
2105 IN PLPC_MESSAGE ReplyMessage OPTIONAL,
2106 OUT PLPC_MESSAGE Message);
2107
2108 NTOSAPI
2109 NTSTATUS
2110 NTAPI
2111 ZwReplyWaitReceivePortEx(
2112 IN HANDLE PortHandle,
2113 OUT PULONG PortIdentifier OPTIONAL,
2114 IN PLPC_MESSAGE ReplyMessage OPTIONAL,
2115 OUT PLPC_MESSAGE Message,
2116 IN PLARGE_INTEGER Timeout);
2117
2118 NTOSAPI
2119 NTSTATUS
2120 NTAPI
2121 ZwReadRequestData(
2122 IN HANDLE PortHandle,
2123 IN PLPC_MESSAGE Message,
2124 IN ULONG Index,
2125 OUT PVOID Buffer,
2126 IN ULONG BufferLength,
2127 OUT PULONG ReturnLength OPTIONAL);
2128
2129 NTOSAPI
2130 NTSTATUS
2131 NTAPI
2132 ZwWriteRequestData(
2133 IN HANDLE PortHandle,
2134 IN PLPC_MESSAGE Message,
2135 IN ULONG Index,
2136 IN PVOID Buffer,
2137 IN ULONG BufferLength,
2138 OUT PULONG ReturnLength OPTIONAL);
2139
2140 typedef enum _PORT_INFORMATION_CLASS {
2141 PortBasicInformation
2142 } PORT_INFORMATION_CLASS;
2143
2144 NTOSAPI
2145 NTSTATUS
2146 NTAPI
2147 ZwQueryInformationPort(
2148 IN HANDLE PortHandle,
2149 IN PORT_INFORMATION_CLASS PortInformationClass,
2150 OUT PVOID PortInformation,
2151 IN ULONG PortInformationLength,
2152 OUT PULONG ReturnLength OPTIONAL);
2153
2154 NTOSAPI
2155 NTSTATUS
2156 NTAPI
2157 ZwImpersonateClientOfPort(
2158 IN HANDLE PortHandle,
2159 IN PLPC_MESSAGE Message);
2160
2161
2162
2163
2164 /* Files */
2165
2166 NTOSAPI
2167 NTSTATUS
2168 NTAPI
2169 NtDeleteFile(
2170 IN POBJECT_ATTRIBUTES ObjectAttributes);
2171
2172 NTOSAPI
2173 NTSTATUS
2174 NTAPI
2175 ZwDeleteFile(
2176 IN POBJECT_ATTRIBUTES ObjectAttributes);
2177
2178 NTOSAPI
2179 NTSTATUS
2180 NTAPI
2181 ZwFlushBuffersFile(
2182 IN HANDLE FileHandle,
2183 OUT PIO_STATUS_BLOCK IoStatusBlock);
2184
2185 NTOSAPI
2186 NTSTATUS
2187 NTAPI
2188 ZwCancelIoFile(
2189 IN HANDLE FileHandle,
2190 OUT PIO_STATUS_BLOCK IoStatusBlock);
2191
2192 NTOSAPI
2193 NTSTATUS
2194 NTAPI
2195 ZwReadFileScatter(
2196 IN HANDLE FileHandle,
2197 IN HANDLE Event OPTIONAL,
2198 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
2199 IN PVOID ApcContext OPTIONAL,
2200 OUT PIO_STATUS_BLOCK IoStatusBlock,
2201 IN PFILE_SEGMENT_ELEMENT Buffer,
2202 IN ULONG Length,
2203 IN PLARGE_INTEGER ByteOffset OPTIONAL,
2204 IN PULONG Key OPTIONAL);
2205
2206 NTOSAPI
2207 NTSTATUS
2208 NTAPI
2209 ZwWriteFileGather(
2210 IN HANDLE FileHandle,
2211 IN HANDLE Event OPTIONAL,
2212 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
2213 IN PVOID ApcContext OPTIONAL,
2214 OUT PIO_STATUS_BLOCK IoStatusBlock,
2215 IN PFILE_SEGMENT_ELEMENT Buffer,
2216 IN ULONG Length,
2217 IN PLARGE_INTEGER ByteOffset OPTIONAL,
2218 IN PULONG Key OPTIONAL);
2219
2220
2221
2222
2223 /* Registry keys */
2224
2225 NTOSAPI
2226 NTSTATUS
2227 NTAPI
2228 ZwSaveKey(
2229 IN HANDLE KeyHandle,
2230 IN HANDLE FileHandle);
2231
2232 NTOSAPI
2233 NTSTATUS
2234 NTAPI
2235 ZwSaveMergedKeys(
2236 IN HANDLE KeyHandle1,
2237 IN HANDLE KeyHandle2,
2238 IN HANDLE FileHandle);
2239
2240 NTOSAPI
2241 NTSTATUS
2242 NTAPI
2243 ZwRestoreKey(
2244 IN HANDLE KeyHandle,
2245 IN HANDLE FileHandle,
2246 IN ULONG Flags);
2247
2248 NTOSAPI
2249 NTSTATUS
2250 NTAPI
2251 ZwLoadKey(
2252 IN POBJECT_ATTRIBUTES KeyObjectAttributes,
2253 IN POBJECT_ATTRIBUTES FileObjectAttributes);
2254
2255 NTOSAPI
2256 NTSTATUS
2257 NTAPI
2258 ZwLoadKey2(
2259 IN POBJECT_ATTRIBUTES KeyObjectAttributes,
2260 IN POBJECT_ATTRIBUTES FileObjectAttributes,
2261 IN ULONG Flags);
2262
2263 NTOSAPI
2264 NTSTATUS
2265 NTAPI
2266 ZwUnloadKey(
2267 IN POBJECT_ATTRIBUTES KeyObjectAttributes);
2268
2269 NTOSAPI
2270 NTSTATUS
2271 NTAPI
2272 ZwQueryOpenSubKeys(
2273 IN POBJECT_ATTRIBUTES KeyObjectAttributes,
2274 OUT PULONG NumberOfKeys);
2275
2276 NTOSAPI
2277 NTSTATUS
2278 NTAPI
2279 ZwReplaceKey(
2280 IN POBJECT_ATTRIBUTES NewFileObjectAttributes,
2281 IN HANDLE KeyHandle,
2282 IN POBJECT_ATTRIBUTES OldFileObjectAttributes);
2283
2284 typedef enum _KEY_SET_INFORMATION_CLASS {
2285 KeyLastWriteTimeInformation
2286 } KEY_SET_INFORMATION_CLASS;
2287
2288 NTOSAPI
2289 NTSTATUS
2290 NTAPI
2291 ZwSetInformationKey(
2292 IN HANDLE KeyHandle,
2293 IN KEY_SET_INFORMATION_CLASS KeyInformationClass,
2294 IN PVOID KeyInformation,
2295 IN ULONG KeyInformationLength);
2296
2297 typedef struct _KEY_LAST_WRITE_TIME_INFORMATION {
2298 LARGE_INTEGER LastWriteTime;
2299 } KEY_LAST_WRITE_TIME_INFORMATION, *PKEY_LAST_WRITE_TIME_INFORMATION;
2300
2301 typedef struct _KEY_NAME_INFORMATION {
2302 ULONG NameLength;
2303 WCHAR Name[1];
2304 } KEY_NAME_INFORMATION, *PKEY_NAME_INFORMATION;
2305
2306 NTOSAPI
2307 NTSTATUS
2308 NTAPI
2309 ZwNotifyChangeKey(
2310 IN HANDLE KeyHandle,
2311 IN HANDLE EventHandle OPTIONAL,
2312 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
2313 IN PVOID ApcContext OPTIONAL,
2314 OUT PIO_STATUS_BLOCK IoStatusBlock,
2315 IN ULONG NotifyFilter,
2316 IN BOOLEAN WatchSubtree,
2317 IN PVOID Buffer,
2318 IN ULONG BufferLength,
2319 IN BOOLEAN Asynchronous);
2320
2321 /* ZwNotifyChangeMultipleKeys.Flags constants */
2322 #define REG_MONITOR_SINGLE_KEY 0x00
2323 #define REG_MONITOR_SECOND_KEY 0x01
2324
2325 NTOSAPI
2326 NTSTATUS
2327 NTAPI
2328 ZwNotifyChangeMultipleKeys(
2329 IN HANDLE KeyHandle,
2330 IN ULONG Flags,
2331 IN POBJECT_ATTRIBUTES KeyObjectAttributes,
2332 IN HANDLE EventHandle OPTIONAL,
2333 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
2334 IN PVOID ApcContext OPTIONAL,
2335 OUT PIO_STATUS_BLOCK IoStatusBlock,
2336 IN ULONG NotifyFilter,
2337 IN BOOLEAN WatchSubtree,
2338 IN PVOID Buffer,
2339 IN ULONG BufferLength,
2340 IN BOOLEAN Asynchronous);
2341
2342 NTOSAPI
2343 NTSTATUS
2344 NTAPI
2345 ZwQueryMultipleValueKey(
2346 IN HANDLE KeyHandle,
2347 IN OUT PKEY_VALUE_ENTRY ValueList,
2348 IN ULONG NumberOfValues,
2349 OUT PVOID Buffer,
2350 IN OUT PULONG Length,
2351 OUT PULONG ReturnLength);
2352
2353 NTOSAPI
2354 NTSTATUS
2355 NTAPI
2356 ZwInitializeRegistry(
2357 IN BOOLEAN Setup);
2358
2359
2360
2361
2362 /* Security and auditing */
2363
2364 NTOSAPI
2365 NTSTATUS
2366 NTAPI
2367 ZwPrivilegeCheck(
2368 IN HANDLE TokenHandle,
2369 IN PPRIVILEGE_SET RequiredPrivileges,
2370 OUT PBOOLEAN Result);
2371
2372 NTOSAPI
2373 NTSTATUS
2374 NTAPI
2375 ZwPrivilegeObjectAuditAlarm(
2376 IN PUNICODE_STRING SubsystemName,
2377 IN PVOID HandleId,
2378 IN HANDLE TokenHandle,
2379 IN ACCESS_MASK DesiredAccess,
2380 IN PPRIVILEGE_SET Privileges,
2381 IN BOOLEAN AccessGranted);
2382
2383 NTOSAPI
2384 NTSTATUS
2385 NTAPI
2386 ZwPrivilegeObjectAuditAlarm(
2387 IN PUNICODE_STRING SubsystemName,
2388 IN PVOID HandleId,
2389 IN HANDLE TokenHandle,
2390 IN ACCESS_MASK DesiredAccess,
2391 IN PPRIVILEGE_SET Privileges,
2392 IN BOOLEAN AccessGranted);
2393
2394 NTOSAPI
2395 NTSTATUS
2396 NTAPI
2397 ZwAccessCheck(
2398 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
2399 IN HANDLE TokenHandle,
2400 IN ACCESS_MASK DesiredAccess,
2401 IN PGENERIC_MAPPING GenericMapping,
2402 IN PPRIVILEGE_SET PrivilegeSet,
2403 IN PULONG PrivilegeSetLength,
2404 OUT PACCESS_MASK GrantedAccess,
2405 OUT PNTSTATUS AccessStatus);
2406
2407 NTOSAPI
2408 NTSTATUS
2409 NTAPI
2410 ZwAccessCheckAndAuditAlarm(
2411 IN PUNICODE_STRING SubsystemName,
2412 IN PVOID HandleId,
2413 IN PUNICODE_STRING ObjectTypeName,
2414 IN PUNICODE_STRING ObjectName,
2415 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
2416 IN ACCESS_MASK DesiredAccess,
2417 IN PGENERIC_MAPPING GenericMapping,
2418 IN BOOLEAN ObjectCreation,
2419 OUT PACCESS_MASK GrantedAccess,
2420 OUT PBOOLEAN AccessStatus,
2421 OUT PBOOLEAN GenerateOnClose);
2422
2423 NTOSAPI
2424 NTSTATUS
2425 NTAPI
2426 ZwAccessCheckByType(
2427 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
2428 IN PSID PrincipalSelfSid,
2429 IN HANDLE TokenHandle,
2430 IN ULONG DesiredAccess,
2431 IN POBJECT_TYPE_LIST ObjectTypeList,
2432 IN ULONG ObjectTypeListLength,
2433 IN PGENERIC_MAPPING GenericMapping,
2434 IN PPRIVILEGE_SET PrivilegeSet,
2435 IN PULONG PrivilegeSetLength,
2436 OUT PACCESS_MASK GrantedAccess,
2437 OUT PULONG AccessStatus);
2438
2439 typedef enum _AUDIT_EVENT_TYPE {
2440 AuditEventObjectAccess,
2441 AuditEventDirectoryServiceAccess
2442 } AUDIT_EVENT_TYPE, *PAUDIT_EVENT_TYPE;
2443
2444 NTOSAPI
2445 NTSTATUS
2446 NTAPI
2447 ZwAccessCheckByTypeAndAuditAlarm(
2448 IN PUNICODE_STRING SubsystemName,
2449 IN PVOID HandleId,
2450 IN PUNICODE_STRING ObjectTypeName,
2451 IN PUNICODE_STRING ObjectName,
2452 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
2453 IN PSID PrincipalSelfSid,
2454 IN ACCESS_MASK DesiredAccess,
2455 IN AUDIT_EVENT_TYPE AuditType,
2456 IN ULONG Flags,
2457 IN POBJECT_TYPE_LIST ObjectTypeList,
2458 IN ULONG ObjectTypeListLength,
2459 IN PGENERIC_MAPPING GenericMapping,
2460 IN BOOLEAN ObjectCreation,
2461 OUT PACCESS_MASK GrantedAccess,
2462 OUT PULONG AccessStatus,
2463 OUT PBOOLEAN GenerateOnClose);
2464
2465 NTOSAPI
2466 NTSTATUS
2467 NTAPI
2468 ZwAccessCheckByTypeResultList(
2469 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
2470 IN PSID PrincipalSelfSid,
2471 IN HANDLE TokenHandle,
2472 IN ACCESS_MASK DesiredAccess,
2473 IN POBJECT_TYPE_LIST ObjectTypeList,
2474 IN ULONG ObjectTypeListLength,
2475 IN PGENERIC_MAPPING GenericMapping,
2476 IN PPRIVILEGE_SET PrivilegeSet,
2477 IN PULONG PrivilegeSetLength,
2478 OUT PACCESS_MASK GrantedAccessList,
2479 OUT PULONG AccessStatusList);
2480
2481 NTOSAPI
2482 NTSTATUS
2483 NTAPI
2484 ZwAccessCheckByTypeResultListAndAuditAlarm(
2485 IN PUNICODE_STRING SubsystemName,
2486 IN PVOID HandleId,
2487 IN PUNICODE_STRING ObjectTypeName,
2488 IN PUNICODE_STRING ObjectName,
2489 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
2490 IN PSID PrincipalSelfSid,
2491 IN ACCESS_MASK DesiredAccess,
2492 IN AUDIT_EVENT_TYPE AuditType,
2493 IN ULONG Flags,
2494 IN POBJECT_TYPE_LIST ObjectTypeList,
2495 IN ULONG ObjectTypeListLength,
2496 IN PGENERIC_MAPPING GenericMapping,
2497 IN BOOLEAN ObjectCreation,
2498 OUT PACCESS_MASK GrantedAccessList,
2499 OUT PULONG AccessStatusList,
2500 OUT PULONG GenerateOnClose);
2501
2502 NTOSAPI
2503 NTSTATUS
2504 NTAPI
2505 ZwAccessCheckByTypeResultListAndAuditAlarmByHandle(
2506 IN PUNICODE_STRING SubsystemName,
2507 IN PVOID HandleId,
2508 IN HANDLE TokenHandle,
2509 IN PUNICODE_STRING ObjectTypeName,
2510 IN PUNICODE_STRING ObjectName,
2511 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
2512 IN PSID PrincipalSelfSid,
2513 IN ACCESS_MASK DesiredAccess,
2514 IN AUDIT_EVENT_TYPE AuditType,
2515 IN ULONG Flags,
2516 IN POBJECT_TYPE_LIST ObjectTypeList,
2517 IN ULONG ObjectTypeListLength,
2518 IN PGENERIC_MAPPING GenericMapping,
2519 IN BOOLEAN ObjectCreation,
2520 OUT PACCESS_MASK GrantedAccessList,
2521 OUT PULONG AccessStatusList,
2522 OUT PULONG GenerateOnClose);
2523
2524 NTOSAPI
2525 NTSTATUS
2526 NTAPI
2527 ZwOpenObjectAuditAlarm(
2528 IN PUNICODE_STRING SubsystemName,
2529 IN PVOID *HandleId,
2530 IN PUNICODE_STRING ObjectTypeName,
2531 IN PUNICODE_STRING ObjectName,
2532 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
2533 IN HANDLE TokenHandle,
2534 IN ACCESS_MASK DesiredAccess,
2535 IN ACCESS_MASK GrantedAccess,
2536 IN PPRIVILEGE_SET Privileges OPTIONAL,
2537 IN BOOLEAN ObjectCreation,
2538 IN BOOLEAN AccessGranted,
2539 OUT PBOOLEAN GenerateOnClose);
2540
2541 NTOSAPI
2542 NTSTATUS
2543 NTAPI
2544 ZwCloseObjectAuditAlarm(
2545 IN PUNICODE_STRING SubsystemName,
2546 IN PVOID HandleId,
2547 IN BOOLEAN GenerateOnClose);
2548
2549 NTOSAPI
2550 NTSTATUS
2551 NTAPI
2552 ZwDeleteObjectAuditAlarm(
2553 IN PUNICODE_STRING SubsystemName,
2554 IN PVOID HandleId,
2555 IN BOOLEAN GenerateOnClose);
2556
2557
2558
2559
2560 /* Plug and play and power management */
2561
2562 NTOSAPI
2563 NTSTATUS
2564 NTAPI
2565 ZwRequestWakeupLatency(
2566 IN LATENCY_TIME Latency);
2567
2568 NTOSAPI
2569 NTSTATUS
2570 NTAPI
2571 ZwRequestDeviceWakeup(
2572 IN HANDLE DeviceHandle);
2573
2574 NTOSAPI
2575 NTSTATUS
2576 NTAPI
2577 ZwCancelDeviceWakeupRequest(
2578 IN HANDLE DeviceHandle);
2579
2580 NTOSAPI
2581 BOOLEAN
2582 NTAPI
2583 ZwIsSystemResumeAutomatic(
2584 VOID);
2585
2586 NTOSAPI
2587 NTSTATUS
2588 NTAPI
2589 ZwSetThreadExecutionState(
2590 IN EXECUTION_STATE ExecutionState,
2591 OUT PEXECUTION_STATE PreviousExecutionState);
2592
2593 NTOSAPI
2594 NTSTATUS
2595 NTAPI
2596 ZwGetDevicePowerState(
2597 IN HANDLE DeviceHandle,
2598 OUT PDEVICE_POWER_STATE DevicePowerState);
2599
2600 NTOSAPI
2601 NTSTATUS
2602 NTAPI
2603 ZwSetSystemPowerState(
2604 IN POWER_ACTION SystemAction,
2605 IN SYSTEM_POWER_STATE MinSystemState,
2606 IN ULONG Flags);
2607
2608 NTOSAPI
2609 NTSTATUS
2610 NTAPI
2611 ZwInitiatePowerAction(
2612 IN POWER_ACTION SystemAction,
2613 IN SYSTEM_POWER_STATE MinSystemState,
2614 IN ULONG Flags,
2615 IN BOOLEAN Asynchronous);
2616
2617 NTOSAPI
2618 NTSTATUS
2619 NTAPI
2620 ZwPowerInformation(
2621 IN POWER_INFORMATION_LEVEL PowerInformationLevel,
2622 IN PVOID InputBuffer OPTIONAL,
2623 IN ULONG InputBufferLength,
2624 OUT PVOID OutputBuffer OPTIONAL,
2625 IN ULONG OutputBufferLength);
2626
2627 NTOSAPI
2628 NTSTATUS
2629 NTAPI
2630 ZwPlugPlayControl(
2631 IN ULONG ControlCode,
2632 IN OUT PVOID Buffer,
2633 IN ULONG BufferLength);
2634
2635 NTOSAPI
2636 NTSTATUS
2637 NTAPI
2638 ZwGetPlugPlayEvent(
2639 IN ULONG Reserved1,
2640 IN ULONG Reserved2,
2641 OUT PVOID Buffer,
2642 IN ULONG BufferLength);
2643
2644
2645
2646
2647 /* Miscellany */
2648
2649 NTOSAPI
2650 NTSTATUS
2651 NTAPI
2652 ZwRaiseException(
2653 IN PEXCEPTION_RECORD ExceptionRecord,
2654 IN PCONTEXT Context,
2655 IN BOOLEAN SearchFrames);
2656
2657 NTOSAPI
2658 NTSTATUS
2659 NTAPI
2660 ZwContinue(
2661 IN PCONTEXT Context,
2662 IN BOOLEAN TestAlert);
2663
2664 NTOSAPI
2665 NTSTATUS
2666 NTAPI
2667 ZwW32Call(
2668 IN ULONG RoutineIndex,
2669 IN PVOID Argument,
2670 IN ULONG ArgumentLength,
2671 OUT PVOID *Result OPTIONAL,
2672 OUT PULONG ResultLength OPTIONAL);
2673
2674 NTOSAPI
2675 NTSTATUS
2676 NTAPI
2677 ZwSetLowWaitHighThread(
2678 VOID);
2679
2680 NTOSAPI
2681 NTSTATUS
2682 NTAPI
2683 ZwSetHighWaitLowThread(
2684 VOID);
2685
2686 NTOSAPI
2687 NTSTATUS
2688 NTAPI
2689 ZwLoadDriver(
2690 IN PUNICODE_STRING DriverServiceName);
2691
2692 NTOSAPI
2693 NTSTATUS
2694 NTAPI
2695 ZwUnloadDriver(
2696 IN PUNICODE_STRING DriverServiceName);
2697
2698 NTOSAPI
2699 NTSTATUS
2700 NTAPI
2701 ZwFlushInstructionCache(
2702 IN HANDLE ProcessHandle,
2703 IN PVOID BaseAddress OPTIONAL,
2704 IN ULONG FlushSize);
2705
2706 NTOSAPI
2707 NTSTATUS
2708 NTAPI
2709 ZwFlushWriteBuffer(
2710 VOID);
2711
2712 NTOSAPI
2713 NTSTATUS
2714 NTAPI
2715 ZwQueryDefaultLocale(
2716 IN BOOLEAN ThreadOrSystem,
2717 OUT PLCID Locale);
2718
2719 NTOSAPI
2720 NTSTATUS
2721 NTAPI
2722 ZwSetDefaultLocale(
2723 IN BOOLEAN ThreadOrSystem,
2724 IN LCID Locale);
2725
2726 NTOSAPI
2727 NTSTATUS
2728 NTAPI
2729 ZwQueryDefaultUILanguage(
2730 OUT PLANGID LanguageId);
2731
2732 NTOSAPI
2733 NTSTATUS
2734 NTAPI
2735 ZwSetDefaultUILanguage(
2736 IN LANGID LanguageId);
2737
2738 NTOSAPI
2739 NTSTATUS
2740 NTAPI
2741 ZwQueryInstallUILanguage(
2742 OUT PLANGID LanguageId);
2743
2744 NTOSAPI
2745 NTSTATUS
2746 NTAPI
2747 NtAllocateLocallyUniqueId(
2748 OUT PLUID Luid);
2749
2750 NTOSAPI
2751 NTSTATUS
2752 NTAPI
2753 NtAllocateUuids(
2754 OUT PLARGE_INTEGER UuidLastTimeAllocated,
2755 OUT PULONG UuidDeltaTime,
2756 OUT PULONG UuidSequenceNumber,
2757 OUT PUCHAR UuidSeed);
2758
2759 NTOSAPI
2760 NTSTATUS
2761 NTAPI
2762 ZwSetUuidSeed(
2763 IN PUCHAR UuidSeed);
2764
2765 typedef enum _HARDERROR_RESPONSE_OPTION {
2766 OptionAbortRetryIgnore,
2767 OptionOk,
2768 OptionOkCancel,
2769 OptionRetryCancel,
2770 OptionYesNo,
2771 OptionYesNoCancel,
2772 OptionShutdownSystem
2773 } HARDERROR_RESPONSE_OPTION, *PHARDERROR_RESPONSE_OPTION;
2774
2775 typedef enum _HARDERROR_RESPONSE {
2776 ResponseReturnToCaller,
2777 ResponseNotHandled,
2778 ResponseAbort,
2779 ResponseCancel,
2780 ResponseIgnore,
2781 ResponseNo,
2782 ResponseOk,
2783 ResponseRetry,
2784 ResponseYes
2785 } HARDERROR_RESPONSE, *PHARDERROR_RESPONSE;
2786
2787 NTOSAPI
2788 NTSTATUS
2789 NTAPI
2790 ZwRaiseHardError(
2791 IN NTSTATUS Status,
2792 IN ULONG NumberOfArguments,
2793 IN ULONG StringArgumentsMask,
2794 IN PULONG Arguments,
2795 IN HARDERROR_RESPONSE_OPTION ResponseOption,
2796 OUT PHARDERROR_RESPONSE Response);
2797
2798 NTOSAPI
2799 NTSTATUS
2800 NTAPI
2801 ZwSetDefaultHardErrorPort(
2802 IN HANDLE PortHandle);
2803
2804 NTOSAPI
2805 NTSTATUS
2806 NTAPI
2807 ZwDisplayString(
2808 IN PUNICODE_STRING String);
2809
2810 NTOSAPI
2811 NTSTATUS
2812 NTAPI
2813 ZwCreatePagingFile(
2814 IN PUNICODE_STRING FileName,
2815 IN PULARGE_INTEGER InitialSize,
2816 IN PULARGE_INTEGER MaximumSize,
2817 IN ULONG Reserved);
2818
2819 typedef USHORT RTL_ATOM, *PRTL_ATOM;
2820
2821 NTOSAPI
2822 NTSTATUS
2823 NTAPI
2824 NtAddAtom(
2825 IN PWSTR AtomName,
2826 IN ULONG AtomNameLength,
2827 OUT PRTL_ATOM Atom);
2828
2829 NTOSAPI
2830 NTSTATUS
2831 NTAPI
2832 NtFindAtom(
2833 IN PWSTR AtomName,
2834 IN ULONG AtomNameLength,
2835 OUT PRTL_ATOM Atom);
2836
2837 NTOSAPI
2838 NTSTATUS
2839 NTAPI
2840 NtDeleteAtom(
2841 IN RTL_ATOM Atom);
2842
2843 typedef enum _ATOM_INFORMATION_CLASS {
2844 AtomBasicInformation,
2845 AtomListInformation
2846 } ATOM_INFORMATION_CLASS;
2847
2848 NTOSAPI
2849 NTSTATUS
2850 NTAPI
2851 NtQueryInformationAtom(
2852 IN RTL_ATOM Atom,
2853 IN ATOM_INFORMATION_CLASS AtomInformationClass,
2854 OUT PVOID AtomInformation,
2855 IN ULONG AtomInformationLength,
2856 OUT PULONG ReturnLength OPTIONAL);
2857
2858 typedef struct _ATOM_BASIC_INFORMATION {
2859 USHORT ReferenceCount;
2860 USHORT Pinned;
2861 USHORT NameLength;
2862 WCHAR Name[1];
2863 } ATOM_BASIC_INFORMATION, *PATOM_BASIC_INFORMATION;
2864
2865 typedef struct _ATOM_LIST_INFORMATION {
2866 ULONG NumberOfAtoms;
2867 ATOM Atoms[1];
2868 } ATOM_LIST_INFORMATION, *PATOM_LIST_INFORMATION;
2869
2870 NTOSAPI
2871 NTSTATUS
2872 NTAPI
2873 ZwSetLdtEntries(
2874 IN ULONG Selector1,
2875 IN LDT_ENTRY LdtEntry1,
2876 IN ULONG Selector2,
2877 IN LDT_ENTRY LdtEntry2);
2878
2879 NTOSAPI
2880 NTSTATUS
2881 NTAPI
2882 NtVdmControl(
2883 IN ULONG ControlCode,
2884 IN PVOID ControlData);
2885
2886 #pragma pack(pop)
2887
2888 #ifdef __cplusplus
2889 }
2890 #endif
2891
2892 #endif /* __NTAPI_H */
A free Windows-compatible Operating System