projects / reactos.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
- don't use the UNIMPLEMENTED macro in ObFindHandleForObject because it's actually...
[reactos.git] / reactos / w32api / include / ddk / ntapi.h
1 /*
2 * ntapi.h
3 *
4 * Windows NT Native API
5 *
6 * Most structures in this file is obtained from Windows NT/2000 Native API
7 * Reference by Gary Nebbett, ISBN 1578701996.
8 *
9 * This file is part of the w32api package.
10 *
11 * Contributors:
12 * Created by Casper S. Hornstrup <chorns@users.sourceforge.net>
13 *
14 * THIS SOFTWARE IS NOT COPYRIGHTED
15 *
16 * This source code is offered for use in the public domain. You may
17 * use, modify or distribute it freely.
18 *
19 * This code is distributed in the hope that it will be useful but
20 * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
21 * DISCLAIMED. This includes but is not limited to warranties of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
23 *
24 */
25
26 #ifndef __NTAPI_H
27 #define __NTAPI_H
28
29 #if __GNUC__ >= 3
30 #pragma GCC system_header
31 #endif
32
33 #include <stdarg.h>
34 #include <winbase.h>
35 #include "ntddk.h"
36 #include "ntpoapi.h"
37
38 #ifdef __cplusplus
39 extern "C" {
40 #endif
41
42 typedef struct _PEB *PPEB;
43
44 /* FIXME: Unknown definitions */
45 typedef PVOID POBJECT_TYPE_LIST;
46 typedef PVOID PEXECUTION_STATE;
47
48 typedef unsigned short LANGID, *PLANGID;
49
50 #ifndef NtCurrentProcess
51 #define NtCurrentProcess() ( (HANDLE) 0xFFFFFFFF )
52 #endif /* NtCurrentProcess */
53 #ifndef NtCurrentThread
54 #define NtCurrentThread() ( (HANDLE) 0xFFFFFFFE )
55 #endif /* NtCurrentThread */
56
57 /* System information and control */
58
59 typedef enum _SYSTEM_INFORMATION_CLASS {
60 SystemInformationClassMin = 0,
61 SystemBasicInformation = 0,
62 SystemProcessorInformation = 1,
63 SystemPerformanceInformation = 2,
64 SystemTimeOfDayInformation = 3,
65 SystemPathInformation = 4,
66 SystemNotImplemented1 = 4,
67 SystemProcessInformation = 5,
68 SystemProcessesAndThreadsInformation = 5,
69 SystemCallCountInfoInformation = 6,
70 SystemCallCounts = 6,
71 SystemDeviceInformation = 7,
72 SystemConfigurationInformation = 7,
73 SystemProcessorPerformanceInformation = 8,
74 SystemProcessorTimes = 8,
75 SystemFlagsInformation = 9,
76 SystemGlobalFlag = 9,
77 SystemCallTimeInformation = 10,
78 SystemNotImplemented2 = 10,
79 SystemModuleInformation = 11,
80 SystemLocksInformation = 12,
81 SystemLockInformation = 12,
82 SystemStackTraceInformation = 13,
83 SystemNotImplemented3 = 13,
84 SystemPagedPoolInformation = 14,
85 SystemNotImplemented4 = 14,
86 SystemNonPagedPoolInformation = 15,
87 SystemNotImplemented5 = 15,
88 SystemHandleInformation = 16,
89 SystemObjectInformation = 17,
90 SystemPageFileInformation = 18,
91 SystemPagefileInformation = 18,
92 SystemVdmInstemulInformation = 19,
93 SystemInstructionEmulationCounts = 19,
94 SystemVdmBopInformation = 20,
95 SystemInvalidInfoClass1 = 20,
96 SystemFileCacheInformation = 21,
97 SystemCacheInformation = 21,
98 SystemPoolTagInformation = 22,
99 SystemInterruptInformation = 23,
100 SystemProcessorStatistics = 23,
101 SystemDpcBehaviourInformation = 24,
102 SystemDpcInformation = 24,
103 SystemFullMemoryInformation = 25,
104 SystemNotImplemented6 = 25,
105 SystemLoadImage = 26,
106 SystemUnloadImage = 27,
107 SystemTimeAdjustmentInformation = 28,
108 SystemTimeAdjustment = 28,
109 SystemSummaryMemoryInformation = 29,
110 SystemNotImplemented7 = 29,
111 SystemNextEventIdInformation = 30,
112 SystemNotImplemented8 = 30,
113 SystemEventIdsInformation = 31,
114 SystemNotImplemented9 = 31,
115 SystemCrashDumpInformation = 32,
116 SystemExceptionInformation = 33,
117 SystemCrashDumpStateInformation = 34,
118 SystemKernelDebuggerInformation = 35,
119 SystemContextSwitchInformation = 36,
120 SystemRegistryQuotaInformation = 37,
121 SystemLoadAndCallImage = 38,
122 SystemPrioritySeparation = 39,
123 SystemPlugPlayBusInformation = 40,
124 SystemNotImplemented10 = 40,
125 SystemDockInformation = 41,
126 SystemNotImplemented11 = 41,
127 /* SystemPowerInformation = 42, Conflicts with POWER_INFORMATION_LEVEL 1 */
128 SystemInvalidInfoClass2 = 42,
129 SystemProcessorSpeedInformation = 43,
130 SystemInvalidInfoClass3 = 43,
131 SystemCurrentTimeZoneInformation = 44,
132 SystemTimeZoneInformation = 44,
133 SystemLookasideInformation = 45,
134 SystemSetTimeSlipEvent = 46,
135 SystemCreateSession = 47,
136 SystemDeleteSession = 48,
137 SystemInvalidInfoClass4 = 49,
138 SystemRangeStartInformation = 50,
139 SystemVerifierInformation = 51,
140 SystemAddVerifier = 52,
141 SystemSessionProcessesInformation = 53,
142 SystemInformationClassMax
143 } SYSTEM_INFORMATION_CLASS;
144
145 typedef struct _SYSTEM_BASIC_INFORMATION {
146 ULONG Unknown;
147 ULONG MaximumIncrement;
148 ULONG PhysicalPageSize;
149 ULONG NumberOfPhysicalPages;
150 ULONG LowestPhysicalPage;
151 ULONG HighestPhysicalPage;
152 ULONG AllocationGranularity;
153 ULONG LowestUserAddress;
154 ULONG HighestUserAddress;
155 ULONG ActiveProcessors;
156 UCHAR NumberProcessors;
157 } SYSTEM_BASIC_INFORMATION, *PSYSTEM_BASIC_INFORMATION;
158
159 typedef struct _SYSTEM_PROCESSOR_INFORMATION {
160 USHORT ProcessorArchitecture;
161 USHORT ProcessorLevel;
162 USHORT ProcessorRevision;
163 USHORT Unknown;
164 ULONG FeatureBits;
165 } SYSTEM_PROCESSOR_INFORMATION, *PSYSTEM_PROCESSOR_INFORMATION;
166
167 typedef struct _SYSTEM_PERFORMANCE_INFORMATION {
168 LARGE_INTEGER IdleTime;
169 LARGE_INTEGER ReadTransferCount;
170 LARGE_INTEGER WriteTransferCount;
171 LARGE_INTEGER OtherTransferCount;
172 ULONG ReadOperationCount;
173 ULONG WriteOperationCount;
174 ULONG OtherOperationCount;
175 ULONG AvailablePages;
176 ULONG TotalCommittedPages;
177 ULONG TotalCommitLimit;
178 ULONG PeakCommitment;
179 ULONG PageFaults;
180 ULONG WriteCopyFaults;
181 ULONG TransitionFaults;
182 ULONG CacheTransitionFaults;
183 ULONG DemandZeroFaults;
184 ULONG PagesRead;
185 ULONG PageReadIos;
186 ULONG CacheReads;
187 ULONG CacheIos;
188 ULONG PagefilePagesWritten;
189 ULONG PagefilePageWriteIos;
190 ULONG MappedFilePagesWritten;
191 ULONG MappedFilePageWriteIos;
192 ULONG PagedPoolUsage;
193 ULONG NonPagedPoolUsage;
194 ULONG PagedPoolAllocs;
195 ULONG PagedPoolFrees;
196 ULONG NonPagedPoolAllocs;
197 ULONG NonPagedPoolFrees;
198 ULONG TotalFreeSystemPtes;
199 ULONG SystemCodePage;
200 ULONG TotalSystemDriverPages;
201 ULONG TotalSystemCodePages;
202 ULONG SmallNonPagedLookasideListAllocateHits;
203 ULONG SmallPagedLookasideListAllocateHits;
204 ULONG Reserved3;
205 ULONG MmSystemCachePage;
206 ULONG PagedPoolPage;
207 ULONG SystemDriverPage;
208 ULONG FastReadNoWait;
209 ULONG FastReadWait;
210 ULONG FastReadResourceMiss;
211 ULONG FastReadNotPossible;
212 ULONG FastMdlReadNoWait;
213 ULONG FastMdlReadWait;
214 ULONG FastMdlReadResourceMiss;
215 ULONG FastMdlReadNotPossible;
216 ULONG MapDataNoWait;
217 ULONG MapDataWait;
218 ULONG MapDataNoWaitMiss;
219 ULONG MapDataWaitMiss;
220 ULONG PinMappedDataCount;
221 ULONG PinReadNoWait;
222 ULONG PinReadWait;
223 ULONG PinReadNoWaitMiss;
224 ULONG PinReadWaitMiss;
225 ULONG CopyReadNoWait;
226 ULONG CopyReadWait;
227 ULONG CopyReadNoWaitMiss;
228 ULONG CopyReadWaitMiss;
229 ULONG MdlReadNoWait;
230 ULONG MdlReadWait;
231 ULONG MdlReadNoWaitMiss;
232 ULONG MdlReadWaitMiss;
233 ULONG ReadAheadIos;
234 ULONG LazyWriteIos;
235 ULONG LazyWritePages;
236 ULONG DataFlushes;
237 ULONG DataPages;
238 ULONG ContextSwitches;
239 ULONG FirstLevelTbFills;
240 ULONG SecondLevelTbFills;
241 ULONG SystemCalls;
242 } SYSTEM_PERFORMANCE_INFORMATION, *PSYSTEM_PERFORMANCE_INFORMATION;
243
244 typedef struct _SYSTEM_TIME_OF_DAY_INFORMATION {
245 LARGE_INTEGER BootTime;
246 LARGE_INTEGER CurrentTime;
247 LARGE_INTEGER TimeZoneBias;
248 ULONG CurrentTimeZoneId;
249 } SYSTEM_TIME_OF_DAY_INFORMATION, *PSYSTEM_TIME_OF_DAY_INFORMATION;
250
251 typedef enum _THREAD_STATE {
252 Initialized,
253 Ready,
254 Running,
255 Standby,
256 Terminated,
257 Waiting,
258 Transition,
259 DeferredReady
260 } THREAD_STATE;
261
262 typedef struct _SYSTEM_CALLS_INFORMATION {
263 ULONG Size;
264 ULONG NumberOfDescriptorTables;
265 ULONG NumberOfRoutinesInTable[1];
266 ULONG CallCounts[ANYSIZE_ARRAY];
267 } SYSTEM_CALLS_INFORMATION, *PSYSTEM_CALLS_INFORMATION;
268
269 typedef struct _SYSTEM_CONFIGURATION_INFORMATION {
270 ULONG DiskCount;
271 ULONG FloppyCount;
272 ULONG CdRomCount;
273 ULONG TapeCount;
274 ULONG SerialCount;
275 ULONG ParallelCount;
276 } SYSTEM_CONFIGURATION_INFORMATION, *PSYSTEM_CONFIGURATION_INFORMATION;
277
278 typedef struct _SYSTEM_PROCESSOR_TIMES {
279 LARGE_INTEGER IdleTime;
280 LARGE_INTEGER KernelTime;
281 LARGE_INTEGER UserTime;
282 LARGE_INTEGER DpcTime;
283 LARGE_INTEGER InterruptTime;
284 ULONG InterruptCount;
285 } SYSTEM_PROCESSOR_TIMES, *PSYSTEM_PROCESSOR_TIMES;
286
287 /* SYSTEM_GLOBAL_FLAG.GlobalFlag constants */
288 #define FLG_STOP_ON_EXCEPTION 0x00000001
289 #define FLG_SHOW_LDR_SNAPS 0x00000002
290 #define FLG_DEBUG_INITIAL_COMMAND 0x00000004
291 #define FLG_STOP_ON_HUNG_GUI 0x00000008
292 #define FLG_HEAP_ENABLE_TAIL_CHECK 0x00000010
293 #define FLG_HEAP_ENABLE_FREE_CHECK 0x00000020
294 #define FLG_HEAP_VALIDATE_PARAMETERS 0x00000040
295 #define FLG_HEAP_VALIDATE_ALL 0x00000080
296 #define FLG_POOL_ENABLE_TAIL_CHECK 0x00000100
297 #define FLG_POOL_ENABLE_FREE_CHECK 0x00000200
298 #define FLG_POOL_ENABLE_TAGGING 0x00000400
299 #define FLG_HEAP_ENABLE_TAGGING 0x00000800
300 #define FLG_USER_STACK_TRACE_DB 0x00001000
301 #define FLG_KERNEL_STACK_TRACE_DB 0x00002000
302 #define FLG_MAINTAIN_OBJECT_TYPELIST 0x00004000
303 #define FLG_HEAP_ENABLE_TAG_BY_DLL 0x00008000
304 #define FLG_IGNORE_DEBUG_PRIV 0x00010000
305 #define FLG_ENABLE_CSRDEBUG 0x00020000
306 #define FLG_ENABLE_KDEBUG_SYMBOL_LOAD 0x00040000
307 #define FLG_DISABLE_PAGE_KERNEL_STACKS 0x00080000
308 #define FLG_HEAP_ENABLE_CALL_TRACING 0x00100000
309 #define FLG_HEAP_DISABLE_COALESCING 0x00200000
310 #define FLG_ENABLE_CLOSE_EXCEPTIONS 0x00400000
311 #define FLG_ENABLE_EXCEPTION_LOGGING 0x00800000
312 #define FLG_ENABLE_DBGPRINT_BUFFERING 0x08000000
313
314 typedef struct _SYSTEM_GLOBAL_FLAG {
315 ULONG GlobalFlag;
316 } SYSTEM_GLOBAL_FLAG, *PSYSTEM_GLOBAL_FLAG;
317
318 typedef struct _SYSTEM_MODULE_INFORMATION_ENTRY {
319 ULONG Unknown1;
320 ULONG Unknown2;
321 PVOID Base;
322 ULONG Size;
323 ULONG Flags;
324 USHORT Index;
325 /* Length of module name not including the path, this
326 field contains valid value only for NTOSKRNL module */
327 USHORT NameLength;
328 USHORT LoadCount;
329 USHORT PathLength;
330 CHAR ImageName[256];
331 } SYSTEM_MODULE_INFORMATION_ENTRY, *PSYSTEM_MODULE_INFORMATION_ENTRY;
332
333 typedef struct _SYSTEM_MODULE_INFORMATION {
334 ULONG Count;
335 SYSTEM_MODULE_INFORMATION_ENTRY Module[1];
336 } SYSTEM_MODULE_INFORMATION, *PSYSTEM_MODULE_INFORMATION;
337
338 typedef struct _SYSTEM_LOCK_INFORMATION {
339 PVOID Address;
340 USHORT Type;
341 USHORT Reserved1;
342 ULONG ExclusiveOwnerThreadId;
343 ULONG ActiveCount;
344 ULONG ContentionCount;
345 ULONG Reserved2[2];
346 ULONG NumberOfSharedWaiters;
347 ULONG NumberOfExclusiveWaiters;
348 } SYSTEM_LOCK_INFORMATION, *PSYSTEM_LOCK_INFORMATION;
349
350 /*SYSTEM_HANDLE_INFORMATION.Flags cosntants */
351 #define PROTECT_FROM_CLOSE 0x01
352 #define INHERIT 0x02
353
354 typedef struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO {
355 USHORT UniqueProcessId;
356 USHORT CreatorBackTraceIndex;
357 UCHAR ObjectTypeIndex;
358 UCHAR HandleAttributes;
359 USHORT HandleValue;
360 PVOID Object;
361 ULONG GrantedAccess;
362 } SYSTEM_HANDLE_TABLE_ENTRY_INFO, *PSYSTEM_HANDLE_TABLE_ENTRY_INFO;
363
364 typedef struct _SYSTEM_HANDLE_INFORMATION {
365 ULONG NumberOfHandles;
366 SYSTEM_HANDLE_TABLE_ENTRY_INFO Handles[1];
367
368 } SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;
369
370 typedef struct _SYSTEM_OBJECT_TYPE_INFORMATION {
371 ULONG NextEntryOffset;
372 ULONG ObjectCount;
373 ULONG HandleCount;
374 ULONG TypeNumber;
375 ULONG InvalidAttributes;
376 GENERIC_MAPPING GenericMapping;
377 ACCESS_MASK ValidAccessMask;
378 POOL_TYPE PoolType;
379 UCHAR Unknown;
380 UNICODE_STRING Name;
381 } SYSTEM_OBJECT_TYPE_INFORMATION, *PSYSTEM_OBJECT_TYPE_INFORMATION;
382
383 /* SYSTEM_OBJECT_INFORMATION.Flags constants */
384 #define FLG_SYSOBJINFO_SINGLE_HANDLE_ENTRY 0x40
385 #define FLG_SYSOBJINFO_DEFAULT_SECURITY_QUOTA 0x20
386 #define FLG_SYSOBJINFO_PERMANENT 0x10
387 #define FLG_SYSOBJINFO_EXCLUSIVE 0x08
388 #define FLG_SYSOBJINFO_CREATOR_INFO 0x04
389 #define FLG_SYSOBJINFO_KERNEL_MODE 0x02
390
391 typedef struct _SYSTEM_OBJECT_INFORMATION {
392 ULONG NextEntryOffset;
393 PVOID Object;
394 ULONG CreatorProcessId;
395 USHORT Unknown;
396 USHORT Flags;
397 ULONG PointerCount;
398 ULONG HandleCount;
399 ULONG PagedPoolUsage;
400 ULONG NonPagedPoolUsage;
401 ULONG ExclusiveProcessId;
402 PSECURITY_DESCRIPTOR SecurityDescriptor;
403 UNICODE_STRING Name;
404 } SYSTEM_OBJECT_INFORMATION, *PSYSTEM_OBJECT_INFORMATION;
405
406 typedef struct _SYSTEM_PAGEFILE_INFORMATION {
407 ULONG NextEntryOffset;
408 ULONG TotalSize;
409 ULONG TotalInUse;
410 ULONG PeakUsage;
411 UNICODE_STRING PageFileName;
412 } SYSTEM_PAGEFILE_INFORMATION, *PSYSTEM_PAGEFILE_INFORMATION;
413
414 typedef struct _SYSTEM_INSTRUCTION_EMULATION_INFORMATION {
415 ULONG SegmentNotPresent;
416 ULONG TwoByteOpcode;
417 ULONG ESprefix;
418 ULONG CSprefix;
419 ULONG SSprefix;
420 ULONG DSprefix;
421 ULONG FSPrefix;
422 ULONG GSprefix;
423 ULONG OPER32prefix;
424 ULONG ADDR32prefix;
425 ULONG INSB;
426 ULONG INSW;
427 ULONG OUTSB;
428 ULONG OUTSW;
429 ULONG PUSHFD;
430 ULONG POPFD;
431 ULONG INTnn;
432 ULONG INTO;
433 ULONG IRETD;
434 ULONG INBimm;
435 ULONG INWimm;
436 ULONG OUTBimm;
437 ULONG OUTWimm;
438 ULONG INB;
439 ULONG INW;
440 ULONG OUTB;
441 ULONG OUTW;
442 ULONG LOCKprefix;
443 ULONG REPNEprefix;
444 ULONG REPprefix;
445 ULONG HLT;
446 ULONG CLI;
447 ULONG STI;
448 ULONG GenericInvalidOpcode;
449 } SYSTEM_INSTRUCTION_EMULATION_INFORMATION, *PSYSTEM_INSTRUCTION_EMULATION_INFORMATION;
450
451 typedef struct _SYSTEM_CACHE_INFORMATION {
452 ULONG CurrentSize;
453 ULONG PeakSize;
454 ULONG PageFaultCount;
455 ULONG MinimumWorkingSet;
456 ULONG MaximumWorkingSet;
457 ULONG Unused[4];
458 } SYSTEM_CACHE_INFORMATION, *PSYSTEM_CACHE_INFORMATION;
459
460 typedef struct _SYSTEM_POOL_TAG_INFORMATION {
461 CHAR Tag[4];
462 ULONG PagedPoolAllocs;
463 ULONG PagedPoolFrees;
464 ULONG PagedPoolUsage;
465 ULONG NonPagedPoolAllocs;
466 ULONG NonPagedPoolFrees;
467 ULONG NonPagedPoolUsage;
468 } SYSTEM_POOL_TAG_INFORMATION, *PSYSTEM_POOL_TAG_INFORMATION;
469
470 typedef struct _SYSTEM_INTERRUPT_INFORMATION {
471 ULONG ContextSwitches;
472 ULONG DpcCount;
473 ULONG DpcRate;
474 ULONG TimeIncrement;
475 ULONG DpcBypassCount;
476 ULONG ApcBypassCount;
477 } SYSTEM_INTERRUPT_INFORMATION, *PSYSTEM_INTERRUPT_INFORMATION;
478
479 typedef struct _SYSTEM_PROCESSOR_STATISTICS {
480 ULONG ContextSwitches;
481 ULONG DpcCount;
482 ULONG DpcRequestRate;
483 ULONG TimeIncrement;
484 ULONG DpcBypassCount;
485 ULONG ApcBypassCount;
486 } SYSTEM_PROCESSOR_STATISTICS, *PSYSTEM_PROCESSOR_STATISTICS;
487
488 typedef struct _SYSTEM_DPC_INFORMATION {
489 ULONG Reserved;
490 ULONG MaximumDpcQueueDepth;
491 ULONG MinimumDpcRate;
492 ULONG AdjustDpcThreshold;
493 ULONG IdealDpcRate;
494 } SYSTEM_DPC_INFORMATION, *PSYSTEM_DPC_INFORMATION;
495
496 typedef struct _SYSTEM_LOAD_IMAGE {
497 UNICODE_STRING ModuleName;
498 PVOID ModuleBase;
499 PVOID SectionPointer;
500 PVOID EntryPoint;
501 PVOID ExportDirectory;
502 } SYSTEM_LOAD_IMAGE, *PSYSTEM_LOAD_IMAGE;
503
504 typedef struct _SYSTEM_UNLOAD_IMAGE {
505 PVOID ModuleBase;
506 } SYSTEM_UNLOAD_IMAGE, *PSYSTEM_UNLOAD_IMAGE;
507
508 typedef struct _SYSTEM_QUERY_TIME_ADJUSTMENT {
509 ULONG TimeAdjustment;
510 ULONG MaximumIncrement;
511 BOOLEAN TimeSynchronization;
512 } SYSTEM_QUERY_TIME_ADJUSTMENT, *PSYSTEM_QUERY_TIME_ADJUSTMENT;
513
514 typedef struct _SYSTEM_SET_TIME_ADJUSTMENT {
515 ULONG TimeAdjustment;
516 BOOLEAN TimeSynchronization;
517 } SYSTEM_SET_TIME_ADJUSTMENT, *PSYSTEM_SET_TIME_ADJUSTMENT;
518
519 typedef struct _SYSTEM_CRASH_DUMP_INFORMATION {
520 HANDLE CrashDumpSectionHandle;
521 HANDLE Unknown;
522 } SYSTEM_CRASH_DUMP_INFORMATION, *PSYSTEM_CRASH_DUMP_INFORMATION;
523
524 typedef struct _SYSTEM_EXCEPTION_INFORMATION {
525 ULONG AlignmentFixupCount;
526 ULONG ExceptionDispatchCount;
527 ULONG FloatingEmulationCount;
528 ULONG Reserved;
529 } SYSTEM_EXCEPTION_INFORMATION, *PSYSTEM_EXCEPTION_INFORMATION;
530
531 typedef struct _SYSTEM_CRASH_DUMP_STATE_INFORMATION {
532 ULONG CrashDumpSectionExists;
533 ULONG Unknown;
534 } SYSTEM_CRASH_DUMP_STATE_INFORMATION, *PSYSTEM_CRASH_DUMP_STATE_INFORMATION;
535
536 typedef struct _SYSTEM_KERNEL_DEBUGGER_INFORMATION {
537 BOOLEAN DebuggerEnabled;
538 BOOLEAN DebuggerNotPresent;
539 } SYSTEM_KERNEL_DEBUGGER_INFORMATION, *PSYSTEM_KERNEL_DEBUGGER_INFORMATION;
540
541 typedef struct _SYSTEM_CONTEXT_SWITCH_INFORMATION {
542 ULONG ContextSwitches;
543 ULONG ContextSwitchCounters[11];
544 } SYSTEM_CONTEXT_SWITCH_INFORMATION, *PSYSTEM_CONTEXT_SWITCH_INFORMATION;
545
546 typedef struct _SYSTEM_REGISTRY_QUOTA_INFORMATION {
547 ULONG RegistryQuotaAllowed;
548 ULONG RegistryQuotaUsed;
549 PVOID Reserved1;
550 } SYSTEM_REGISTRY_QUOTA_INFORMATION, *PSYSTEM_REGISTRY_QUOTA_INFORMATION;
551
552 typedef struct _SYSTEM_LOAD_AND_CALL_IMAGE {
553 UNICODE_STRING ModuleName;
554 } SYSTEM_LOAD_AND_CALL_IMAGE, *PSYSTEM_LOAD_AND_CALL_IMAGE;
555
556 typedef struct _SYSTEM_PRIORITY_SEPARATION {
557 ULONG PrioritySeparation;
558 } SYSTEM_PRIORITY_SEPARATION, *PSYSTEM_PRIORITY_SEPARATION;
559
560 typedef struct _SYSTEM_TIME_ZONE_INFORMATION {
561 LONG Bias;
562 WCHAR StandardName[32];
563 LARGE_INTEGER StandardDate;
564 LONG StandardBias;
565 WCHAR DaylightName[32];
566 LARGE_INTEGER DaylightDate;
567 LONG DaylightBias;
568 } SYSTEM_TIME_ZONE_INFORMATION, *PSYSTEM_TIME_ZONE_INFORMATION;
569
570 typedef struct _SYSTEM_LOOKASIDE_INFORMATION {
571 USHORT Depth;
572 USHORT MaximumDepth;
573 ULONG TotalAllocates;
574 ULONG AllocateMisses;
575 ULONG TotalFrees;
576 ULONG FreeMisses;
577 POOL_TYPE Type;
578 ULONG Tag;
579 ULONG Size;
580 } SYSTEM_LOOKASIDE_INFORMATION, *PSYSTEM_LOOKASIDE_INFORMATION;
581
582 typedef struct _SYSTEM_SET_TIME_SLIP_EVENT {
583 HANDLE TimeSlipEvent;
584 } SYSTEM_SET_TIME_SLIP_EVENT, *PSYSTEM_SET_TIME_SLIP_EVENT;
585
586 typedef struct _SYSTEM_CREATE_SESSION {
587 ULONG SessionId;
588 } SYSTEM_CREATE_SESSION, *PSYSTEM_CREATE_SESSION;
589
590 typedef struct _SYSTEM_DELETE_SESSION {
591 ULONG SessionId;
592 } SYSTEM_DELETE_SESSION, *PSYSTEM_DELETE_SESSION;
593
594 typedef struct _SYSTEM_RANGE_START_INFORMATION {
595 PVOID SystemRangeStart;
596 } SYSTEM_RANGE_START_INFORMATION, *PSYSTEM_RANGE_START_INFORMATION;
597
598 typedef struct _SYSTEM_SESSION_PROCESSES_INFORMATION {
599 ULONG SessionId;
600 ULONG BufferSize;
601 PVOID Buffer;
602 } SYSTEM_SESSION_PROCESSES_INFORMATION, *PSYSTEM_SESSION_PROCESSES_INFORMATION;
603
604 typedef struct _SYSTEM_POOL_BLOCK {
605 BOOLEAN Allocated;
606 USHORT Unknown;
607 ULONG Size;
608 CHAR Tag[4];
609 } SYSTEM_POOL_BLOCK, *PSYSTEM_POOL_BLOCK;
610
611 typedef struct _SYSTEM_POOL_BLOCKS_INFORMATION {
612 ULONG PoolSize;
613 PVOID PoolBase;
614 USHORT Unknown;
615 ULONG NumberOfBlocks;
616 SYSTEM_POOL_BLOCK PoolBlocks[1];
617 } SYSTEM_POOL_BLOCKS_INFORMATION, *PSYSTEM_POOL_BLOCKS_INFORMATION;
618
619 typedef struct _SYSTEM_MEMORY_USAGE {
620 PVOID Name;
621 USHORT Valid;
622 USHORT Standby;
623 USHORT Modified;
624 USHORT PageTables;
625 } SYSTEM_MEMORY_USAGE, *PSYSTEM_MEMORY_USAGE;
626
627 typedef struct _SYSTEM_MEMORY_USAGE_INFORMATION {
628 ULONG Reserved;
629 PVOID EndOfData;
630 SYSTEM_MEMORY_USAGE MemoryUsage[1];
631 } SYSTEM_MEMORY_USAGE_INFORMATION, *PSYSTEM_MEMORY_USAGE_INFORMATION;
632
633 // SystemProcessThreadInfo (5)
634 typedef struct _SYSTEM_THREAD_INFORMATION
635 {
636 LARGE_INTEGER KernelTime;
637 LARGE_INTEGER UserTime;
638 LARGE_INTEGER CreateTime;
639 ULONG WaitTime;
640 PVOID StartAddress;
641 CLIENT_ID ClientId;
642 KPRIORITY Priority;
643 LONG BasePriority;
644 ULONG ContextSwitches;
645 ULONG ThreadState;
646 ULONG WaitReason;
647 } SYSTEM_THREAD_INFORMATION, *PSYSTEM_THREAD_INFORMATION;
648
649 typedef struct _SYSTEM_PROCESS_INFORMATION
650 {
651 ULONG NextEntryOffset;
652 ULONG NumberOfThreads;
653 LARGE_INTEGER SpareLi1;
654 LARGE_INTEGER SpareLi2;
655 LARGE_INTEGER SpareLi3;
656 LARGE_INTEGER CreateTime;
657 LARGE_INTEGER UserTime;
658 LARGE_INTEGER KernelTime;
659 UNICODE_STRING ImageName;
660 KPRIORITY BasePriority;
661 HANDLE UniqueProcessId;
662 HANDLE InheritedFromUniqueProcessId;
663 ULONG HandleCount;
664 ULONG SessionId;
665 ULONG PageDirectoryFrame;
666
667 /*
668 * This part corresponds to VM_COUNTERS_EX.
669 * NOTE: *NOT* THE SAME AS VM_COUNTERS!
670 */
671 ULONG PeakVirtualSize;
672 ULONG VirtualSize;
673 ULONG PageFaultCount;
674 ULONG PeakWorkingSetSize;
675 ULONG WorkingSetSize;
676 ULONG QuotaPeakPagedPoolUsage;
677 ULONG QuotaPagedPoolUsage;
678 ULONG QuotaPeakNonPagedPoolUsage;
679 ULONG QuotaNonPagedPoolUsage;
680 ULONG PagefileUsage;
681 ULONG PeakPagefileUsage;
682 ULONG PrivateUsage;
683
684 /* This part corresponds to IO_COUNTERS */
685 LARGE_INTEGER ReadOperationCount;
686 LARGE_INTEGER WriteOperationCount;
687 LARGE_INTEGER OtherOperationCount;
688 LARGE_INTEGER ReadTransferCount;
689 LARGE_INTEGER WriteTransferCount;
690 LARGE_INTEGER OtherTransferCount;
691
692 /* Finally, the array of Threads */
693 SYSTEM_THREAD_INFORMATION TH[1];
694 } SYSTEM_PROCESS_INFORMATION, *PSYSTEM_PROCESS_INFORMATION;
695
696 NTOSAPI
697 NTSTATUS
698 NTAPI
699 NtQuerySystemInformation(
700 IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
701 IN OUT PVOID SystemInformation,
702 IN ULONG SystemInformationLength,
703 OUT PULONG ReturnLength OPTIONAL);
704
705 NTOSAPI
706 NTSTATUS
707 NTAPI
708 ZwQuerySystemInformation(
709 IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
710 IN OUT PVOID SystemInformation,
711 IN ULONG SystemInformationLength,
712 OUT PULONG ReturnLength OPTIONAL);
713
714 NTOSAPI
715 NTSTATUS
716 NTAPI
717 ZwSetSystemInformation(
718 IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
719 IN OUT PVOID SystemInformation,
720 IN ULONG SystemInformationLength);
721
722 NTOSAPI
723 NTSTATUS
724 NTAPI
725 ZwQuerySystemEnvironmentValue(
726 IN PUNICODE_STRING VariableName,
727 OUT PWSTR ValueBuffer,
728 IN ULONG ValueBufferLength,
729 OUT PULONG ReturnLength OPTIONAL);
730
731 NTOSAPI
732 NTSTATUS
733 NTAPI
734 ZwSetSystemEnvironmentValue(
735 IN PUNICODE_STRING VariableName,
736 IN PUNICODE_STRING Value);
737
738 typedef enum _SHUTDOWN_ACTION {
739 ShutdownNoReboot,
740 ShutdownReboot,
741 ShutdownPowerOff
742 } SHUTDOWN_ACTION;
743
744 NTOSAPI
745 NTSTATUS
746 NTAPI
747 NtShutdownSystem(
748 IN SHUTDOWN_ACTION Action);
749
750 typedef enum _DEBUG_CONTROL_CODE {
751 DebugGetTraceInformation = 1,
752 DebugSetInternalBreakpoint,
753 DebugSetSpecialCall,
754 DebugClearSpecialCalls,
755 DebugQuerySpecialCalls,
756 DebugDbgBreakPoint,
757 DebugMaximum
758 } DEBUG_CONTROL_CODE;
759
760
761 NTOSAPI
762 NTSTATUS
763 NTAPI
764 ZwSystemDebugControl(
765 IN DEBUG_CONTROL_CODE ControlCode,
766 IN PVOID InputBuffer OPTIONAL,
767 IN ULONG InputBufferLength,
768 OUT PVOID OutputBuffer OPTIONAL,
769 IN ULONG OutputBufferLength,
770 OUT PULONG ReturnLength OPTIONAL);
771
772
773
774 /* Objects, Object directories, and symbolic links */
775
776 typedef enum _OBJECT_INFORMATION_CLASS {
777 ObjectBasicInformation,
778 ObjectNameInformation,
779 ObjectTypeInformation,
780 ObjectAllTypesInformation,
781 ObjectHandleInformation
782 } OBJECT_INFORMATION_CLASS;
783
784 NTOSAPI
785 NTSTATUS
786 NTAPI
787 ZwQueryObject(
788 IN HANDLE ObjectHandle,
789 IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
790 OUT PVOID ObjectInformation,
791 IN ULONG ObjectInformationLength,
792 OUT PULONG ReturnLength OPTIONAL);
793
794 NTOSAPI
795 NTSTATUS
796 NTAPI
797 ZwSetInformationObject(
798 IN HANDLE ObjectHandle,
799 IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
800 IN PVOID ObjectInformation,
801 IN ULONG ObjectInformationLength);
802
803 /* OBJECT_BASIC_INFORMATION.Attributes constants */
804 /* also in winbase.h */
805 #define HANDLE_FLAG_INHERIT 0x01
806 #define HANDLE_FLAG_PROTECT_FROM_CLOSE 0x02
807 /* end winbase.h */
808 #define PERMANENT 0x10
809 #define EXCLUSIVE 0x20
810
811 typedef struct _OBJECT_BASIC_INFORMATION {
812 ULONG Attributes;
813 ACCESS_MASK GrantedAccess;
814 ULONG HandleCount;
815 ULONG PointerCount;
816 ULONG PagedPoolUsage;
817 ULONG NonPagedPoolUsage;
818 ULONG Reserved[3];
819 ULONG NameInformationLength;
820 ULONG TypeInformationLength;
821 ULONG SecurityDescriptorLength;
822 LARGE_INTEGER CreateTime;
823 } OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION;
824 #if 0
825 /* FIXME: Enable later */
826 typedef struct _OBJECT_TYPE_INFORMATION {
827 UNICODE_STRING Name;
828 ULONG ObjectCount;
829 ULONG HandleCount;
830 ULONG Reserved1[4];
831 ULONG PeakObjectCount;
832 ULONG PeakHandleCount;
833 ULONG Reserved2[4];
834 ULONG InvalidAttributes;
835 GENERIC_MAPPING GenericMapping;
836 ULONG ValidAccess;
837 UCHAR Unknown;
838 BOOLEAN MaintainHandleDatabase;
839 POOL_TYPE PoolType;
840 ULONG PagedPoolUsage;
841 ULONG NonPagedPoolUsage;
842 } OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION;
843
844 typedef struct _OBJECT_ALL_TYPES_INFORMATION {
845 ULONG NumberOfTypes;
846 OBJECT_TYPE_INFORMATION TypeInformation;
847 } OBJECT_ALL_TYPES_INFORMATION, *POBJECT_ALL_TYPES_INFORMATION;
848 #endif
849 typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFORMATION {
850 BOOLEAN Inherit;
851 BOOLEAN ProtectFromClose;
852 } OBJECT_HANDLE_ATTRIBUTE_INFORMATION, *POBJECT_HANDLE_ATTRIBUTE_INFORMATION;
853
854 NTOSAPI
855 NTSTATUS
856 NTAPI
857 NtDuplicateObject(
858 IN HANDLE SourceProcessHandle,
859 IN HANDLE SourceHandle,
860 IN HANDLE TargetProcessHandle,
861 OUT PHANDLE TargetHandle OPTIONAL,
862 IN ACCESS_MASK DesiredAccess,
863 IN ULONG Attributes,
864 IN ULONG Options);
865
866 NTOSAPI
867 NTSTATUS
868 NTAPI
869 ZwDuplicateObject(
870 IN HANDLE SourceProcessHandle,
871 IN HANDLE SourceHandle,
872 IN HANDLE TargetProcessHandle,
873 OUT PHANDLE TargetHandle OPTIONAL,
874 IN ACCESS_MASK DesiredAccess,
875 IN ULONG Attributes,
876 IN ULONG Options);
877
878 NTOSAPI
879 NTSTATUS
880 NTAPI
881 NtQuerySecurityObject(
882 IN HANDLE Handle,
883 IN SECURITY_INFORMATION SecurityInformation,
884 OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
885 IN ULONG SecurityDescriptorLength,
886 OUT PULONG ReturnLength);
887
888 NTOSAPI
889 NTSTATUS
890 NTAPI
891 ZwQuerySecurityObject(
892 IN HANDLE Handle,
893 IN SECURITY_INFORMATION SecurityInformation,
894 OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
895 IN ULONG SecurityDescriptorLength,
896 OUT PULONG ReturnLength);
897
898 NTOSAPI
899 NTSTATUS
900 NTAPI
901 NtSetSecurityObject(
902 IN HANDLE Handle,
903 IN SECURITY_INFORMATION SecurityInformation,
904 IN PSECURITY_DESCRIPTOR SecurityDescriptor);
905
906 NTOSAPI
907 NTSTATUS
908 NTAPI
909 ZwSetSecurityObject(
910 IN HANDLE Handle,
911 IN SECURITY_INFORMATION SecurityInformation,
912 IN PSECURITY_DESCRIPTOR SecurityDescriptor);
913
914 NTOSAPI
915 NTSTATUS
916 NTAPI
917 ZwOpenDirectoryObject(
918 OUT PHANDLE DirectoryHandle,
919 IN ACCESS_MASK DesiredAccess,
920 IN POBJECT_ATTRIBUTES ObjectAttributes);
921
922 NTOSAPI
923 NTSTATUS
924 NTAPI
925 ZwQueryDirectoryObject(
926 IN HANDLE DirectoryHandle,
927 OUT PVOID Buffer,
928 IN ULONG BufferLength,
929 IN BOOLEAN ReturnSingleEntry,
930 IN BOOLEAN RestartScan,
931 IN OUT PULONG Context,
932 OUT PULONG ReturnLength OPTIONAL);
933
934 typedef struct _OBJECT_DIRECTORY_INFORMATION {
935 UNICODE_STRING ObjectName;
936 UNICODE_STRING ObjectTypeName;
937 } OBJECT_DIRECTORY_INFORMATION, *POBJECT_DIRECTORY_INFORMATION;
938
939 NTOSAPI
940 NTSTATUS
941 NTAPI
942 ZwCreateSymbolicLinkObject(
943 OUT PHANDLE SymbolicLinkHandle,
944 IN ACCESS_MASK DesiredAccess,
945 IN POBJECT_ATTRIBUTES ObjectAttributes,
946 IN PUNICODE_STRING TargetName);
947
948
949
950
951 /* Virtual memory */
952
953 typedef enum _MEMORY_INFORMATION_CLASS {
954 MemoryBasicInformation,
955 MemoryWorkingSetList,
956 MemorySectionName,
957 MemoryBasicVlmInformation
958 } MEMORY_INFORMATION_CLASS;
959
960 NTOSAPI
961 NTSTATUS
962 NTAPI
963 NtAllocateVirtualMemory(
964 IN HANDLE ProcessHandle,
965 IN OUT PVOID *BaseAddress,
966 IN ULONG ZeroBits,
967 IN OUT PULONG AllocationSize,
968 IN ULONG AllocationType,
969 IN ULONG Protect);
970
971 NTOSAPI
972 NTSTATUS
973 NTAPI
974 ZwAllocateVirtualMemory(
975 IN HANDLE ProcessHandle,
976 IN OUT PVOID *BaseAddress,
977 IN ULONG ZeroBits,
978 IN OUT PULONG AllocationSize,
979 IN ULONG AllocationType,
980 IN ULONG Protect);
981
982 NTOSAPI
983 NTSTATUS
984 NTAPI
985 NtFreeVirtualMemory(
986 IN HANDLE ProcessHandle,
987 IN OUT PVOID *BaseAddress,
988 IN OUT PULONG FreeSize,
989 IN ULONG FreeType);
990
991 NTOSAPI
992 NTSTATUS
993 NTAPI
994 ZwFreeVirtualMemory(
995 IN HANDLE ProcessHandle,
996 IN OUT PVOID *BaseAddress,
997 IN OUT PULONG FreeSize,
998 IN ULONG FreeType);
999
1000 NTOSAPI
1001 NTSTATUS
1002 NTAPI
1003 ZwQueryVirtualMemory(
1004 IN HANDLE ProcessHandle,
1005 IN PVOID BaseAddress,
1006 IN MEMORY_INFORMATION_CLASS MemoryInformationClass,
1007 OUT PVOID MemoryInformation,
1008 IN ULONG MemoryInformationLength,
1009 OUT PULONG ReturnLength OPTIONAL);
1010
1011 /* MEMORY_WORKING_SET_LIST.WorkingSetList constants */
1012 #define WSLE_PAGE_READONLY 0x001
1013 #define WSLE_PAGE_EXECUTE 0x002
1014 #define WSLE_PAGE_READWRITE 0x004
1015 #define WSLE_PAGE_EXECUTE_READ 0x003
1016 #define WSLE_PAGE_WRITECOPY 0x005
1017 #define WSLE_PAGE_EXECUTE_READWRITE 0x006
1018 #define WSLE_PAGE_EXECUTE_WRITECOPY 0x007
1019 #define WSLE_PAGE_SHARE_COUNT_MASK 0x0E0
1020 #define WSLE_PAGE_SHAREABLE 0x100
1021
1022 typedef struct _MEMORY_WORKING_SET_LIST {
1023 ULONG NumberOfPages;
1024 ULONG WorkingSetList[1];
1025 } MEMORY_WORKING_SET_LIST, *PMEMORY_WORKING_SET_LIST;
1026
1027 typedef struct _MEMORY_SECTION_NAME {
1028 UNICODE_STRING SectionFileName;
1029 } MEMORY_SECTION_NAME, *PMEMORY_SECTION_NAME;
1030
1031 /* Zw[Lock|Unlock]VirtualMemory.LockType constants */
1032 #define LOCK_VM_IN_WSL 0x01
1033 #define LOCK_VM_IN_RAM 0x02
1034
1035 NTOSAPI
1036 NTSTATUS
1037 NTAPI
1038 ZwLockVirtualMemory(
1039 IN HANDLE ProcessHandle,
1040 IN OUT PVOID *BaseAddress,
1041 IN OUT PULONG LockSize,
1042 IN ULONG LockType);
1043
1044 NTOSAPI
1045 NTSTATUS
1046 NTAPI
1047 ZwUnlockVirtualMemory(
1048 IN HANDLE ProcessHandle,
1049 IN OUT PVOID *BaseAddress,
1050 IN OUT PULONG LockSize,
1051 IN ULONG LockType);
1052
1053 NTOSAPI
1054 NTSTATUS
1055 NTAPI
1056 ZwReadVirtualMemory(
1057 IN HANDLE ProcessHandle,
1058 IN PVOID BaseAddress,
1059 OUT PVOID Buffer,
1060 IN ULONG BufferLength,
1061 OUT PULONG ReturnLength OPTIONAL);
1062
1063 NTOSAPI
1064 NTSTATUS
1065 NTAPI
1066 ZwWriteVirtualMemory(
1067 IN HANDLE ProcessHandle,
1068 IN PVOID BaseAddress,
1069 IN PVOID Buffer,
1070 IN ULONG BufferLength,
1071 OUT PULONG ReturnLength OPTIONAL);
1072
1073 NTOSAPI
1074 NTSTATUS
1075 NTAPI
1076 ZwProtectVirtualMemory(
1077 IN HANDLE ProcessHandle,
1078 IN OUT PVOID *BaseAddress,
1079 IN OUT PULONG ProtectSize,
1080 IN ULONG NewProtect,
1081 OUT PULONG OldProtect);
1082
1083 NTOSAPI
1084 NTSTATUS
1085 NTAPI
1086 ZwFlushVirtualMemory(
1087 IN HANDLE ProcessHandle,
1088 IN OUT PVOID *BaseAddress,
1089 IN OUT PULONG FlushSize,
1090 OUT PIO_STATUS_BLOCK IoStatusBlock);
1091
1092 NTOSAPI
1093 NTSTATUS
1094 NTAPI
1095 ZwAllocateUserPhysicalPages(
1096 IN HANDLE ProcessHandle,
1097 IN OUT PULONG_PTR NumberOfPages,
1098 OUT PULONG_PTR UserPfnArray);
1099
1100 NTOSAPI
1101 NTSTATUS
1102 NTAPI
1103 ZwFreeUserPhysicalPages(
1104 IN HANDLE ProcessHandle,
1105 IN OUT PULONG_PTR NumberOfPages,
1106 IN PULONG_PTR UserPfnArray);
1107
1108 NTOSAPI
1109 NTSTATUS
1110 NTAPI
1111 ZwMapUserPhysicalPages(
1112 IN PVOID VirtualAddress,
1113 IN ULONG_PTR NumberOfPages,
1114 IN PULONG_PTR PageArray OPTIONAL);
1115
1116 NTOSAPI
1117 NTSTATUS
1118 NTAPI
1119 ZwMapUserPhysicalPagesScatter(
1120 IN PVOID *VirtualAddresses,
1121 IN ULONG_PTR NumberOfPages,
1122 IN PULONG_PTR PageArray OPTIONAL);
1123
1124 NTOSAPI
1125 NTSTATUS
1126 NTAPI
1127 ZwGetWriteWatch(
1128 IN HANDLE ProcessHandle,
1129 IN ULONG Flags,
1130 IN PVOID BaseAddress,
1131 IN ULONG RegionSize,
1132 OUT PULONG Buffer,
1133 IN OUT PULONG BufferEntries,
1134 OUT PULONG Granularity);
1135
1136 NTOSAPI
1137 NTSTATUS
1138 NTAPI
1139 ZwResetWriteWatch(
1140 IN HANDLE ProcessHandle,
1141 IN PVOID BaseAddress,
1142 IN ULONG RegionSize);
1143
1144
1145
1146
1147 /* Sections */
1148
1149 typedef enum _SECTION_INFORMATION_CLASS {
1150 SectionBasicInformation,
1151 SectionImageInformation
1152 } SECTION_INFORMATION_CLASS;
1153
1154 NTOSAPI
1155 NTSTATUS
1156 NTAPI
1157 NtCreateSection(
1158 OUT PHANDLE SectionHandle,
1159 IN ACCESS_MASK DesiredAccess,
1160 IN POBJECT_ATTRIBUTES ObjectAttributes,
1161 IN PLARGE_INTEGER SectionSize OPTIONAL,
1162 IN ULONG Protect,
1163 IN ULONG Attributes,
1164 IN HANDLE FileHandle);
1165
1166 NTOSAPI
1167 NTSTATUS
1168 NTAPI
1169 ZwCreateSection(
1170 OUT PHANDLE SectionHandle,
1171 IN ACCESS_MASK DesiredAccess,
1172 IN POBJECT_ATTRIBUTES ObjectAttributes,
1173 IN PLARGE_INTEGER SectionSize OPTIONAL,
1174 IN ULONG Protect,
1175 IN ULONG Attributes,
1176 IN HANDLE FileHandle);
1177
1178 NTOSAPI
1179 NTSTATUS
1180 NTAPI
1181 ZwQuerySection(
1182 IN HANDLE SectionHandle,
1183 IN SECTION_INFORMATION_CLASS SectionInformationClass,
1184 OUT PVOID SectionInformation,
1185 IN ULONG SectionInformationLength,
1186 OUT PULONG ResultLength OPTIONAL);
1187
1188 NTOSAPI
1189 NTSTATUS
1190 NTAPI
1191 ZwExtendSection(
1192 IN HANDLE SectionHandle,
1193 IN PLARGE_INTEGER SectionSize);
1194
1195 NTOSAPI
1196 NTSTATUS
1197 NTAPI
1198 ZwAreMappedFilesTheSame(
1199 IN PVOID Address1,
1200 IN PVOID Address2);
1201
1202
1203
1204
1205 /* Threads */
1206
1207 typedef struct _INITIAL_TEB
1208 {
1209 PVOID StackBase;
1210 PVOID StackLimit;
1211 PVOID StackCommit;
1212 PVOID StackCommitMax;
1213 PVOID StackReserved;
1214 } INITIAL_TEB, *PINITIAL_TEB;
1215
1216 NTOSAPI
1217 NTSTATUS
1218 NTAPI
1219 ZwCreateThread(
1220 OUT PHANDLE ThreadHandle,
1221 IN ACCESS_MASK DesiredAccess,
1222 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
1223 IN HANDLE ProcessHandle,
1224 OUT PCLIENT_ID ClientId,
1225 IN PCONTEXT ThreadContext,
1226 IN PINITIAL_TEB InitialTeb,
1227 IN BOOLEAN CreateSuspended);
1228
1229 NTOSAPI
1230 NTSTATUS
1231 NTAPI
1232 NtOpenThread(
1233 OUT PHANDLE ThreadHandle,
1234 IN ACCESS_MASK DesiredAccess,
1235 IN POBJECT_ATTRIBUTES ObjectAttributes,
1236 IN PCLIENT_ID ClientId);
1237
1238 NTOSAPI
1239 NTSTATUS
1240 NTAPI
1241 ZwOpenThread(
1242 OUT PHANDLE ThreadHandle,
1243 IN ACCESS_MASK DesiredAccess,
1244 IN POBJECT_ATTRIBUTES ObjectAttributes,
1245 IN PCLIENT_ID ClientId);
1246
1247 NTOSAPI
1248 NTSTATUS
1249 NTAPI
1250 ZwTerminateThread(
1251 IN HANDLE ThreadHandle OPTIONAL,
1252 IN NTSTATUS ExitStatus);
1253
1254 NTOSAPI
1255 NTSTATUS
1256 NTAPI
1257 NtTerminateThread(
1258 IN HANDLE ThreadHandle OPTIONAL,
1259 IN NTSTATUS ExitStatus);
1260
1261 NTOSAPI
1262 NTSTATUS
1263 NTAPI
1264 NtQueryInformationThread(
1265 IN HANDLE ThreadHandle,
1266 IN THREADINFOCLASS ThreadInformationClass,
1267 OUT PVOID ThreadInformation,
1268 IN ULONG ThreadInformationLength,
1269 OUT PULONG ReturnLength OPTIONAL);
1270
1271 NTOSAPI
1272 NTSTATUS
1273 NTAPI
1274 ZwQueryInformationThread(
1275 IN HANDLE ThreadHandle,
1276 IN THREADINFOCLASS ThreadInformationClass,
1277 OUT PVOID ThreadInformation,
1278 IN ULONG ThreadInformationLength,
1279 OUT PULONG ReturnLength OPTIONAL);
1280
1281 NTOSAPI
1282 NTSTATUS
1283 NTAPI
1284 NtSetInformationThread(
1285 IN HANDLE ThreadHandle,
1286 IN THREADINFOCLASS ThreadInformationClass,
1287 IN PVOID ThreadInformation,
1288 IN ULONG ThreadInformationLength);
1289
1290 typedef struct _THREAD_BASIC_INFORMATION {
1291 NTSTATUS ExitStatus;
1292 PNT_TIB TebBaseAddress;
1293 CLIENT_ID ClientId;
1294 KAFFINITY AffinityMask;
1295 KPRIORITY Priority;
1296 KPRIORITY BasePriority;
1297 } THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION;
1298
1299 typedef struct _KERNEL_USER_TIMES {
1300 LARGE_INTEGER CreateTime;
1301 LARGE_INTEGER ExitTime;
1302 LARGE_INTEGER KernelTime;
1303 LARGE_INTEGER UserTime;
1304 } KERNEL_USER_TIMES, *PKERNEL_USER_TIMES;
1305
1306 typedef struct _DESCRIPTOR_TABLE_ENTRY {
1307 ULONG Selector;
1308 LDT_ENTRY Descriptor;
1309 } DESCRIPTOR_TABLE_ENTRY, *PDESCRIPTOR_TABLE_ENTRY;
1310
1311 NTOSAPI
1312 NTSTATUS
1313 NTAPI
1314 ZwSuspendThread(
1315 IN HANDLE ThreadHandle,
1316 OUT PULONG PreviousSuspendCount OPTIONAL);
1317
1318 NTOSAPI
1319 NTSTATUS
1320 NTAPI
1321 ZwResumeThread(
1322 IN HANDLE ThreadHandle,
1323 OUT PULONG PreviousSuspendCount OPTIONAL);
1324
1325 NTOSAPI
1326 NTSTATUS
1327 NTAPI
1328 ZwGetContextThread(
1329 IN HANDLE ThreadHandle,
1330 OUT PCONTEXT Context);
1331
1332 NTOSAPI
1333 NTSTATUS
1334 NTAPI
1335 ZwSetContextThread(
1336 IN HANDLE ThreadHandle,
1337 IN PCONTEXT Context);
1338
1339 NTOSAPI
1340 NTSTATUS
1341 NTAPI
1342 ZwQueueApcThread(
1343 IN HANDLE ThreadHandle,
1344 IN PKNORMAL_ROUTINE ApcRoutine,
1345 IN PVOID ApcContext OPTIONAL,
1346 IN PVOID Argument1 OPTIONAL,
1347 IN PVOID Argument2 OPTIONAL);
1348
1349 NTOSAPI
1350 NTSTATUS
1351 NTAPI
1352 ZwTestAlert(
1353 VOID);
1354
1355 NTOSAPI
1356 NTSTATUS
1357 NTAPI
1358 ZwAlertThread(
1359 IN HANDLE ThreadHandle);
1360
1361 NTOSAPI
1362 NTSTATUS
1363 NTAPI
1364 ZwAlertResumeThread(
1365 IN HANDLE ThreadHandle,
1366 OUT PULONG PreviousSuspendCount OPTIONAL);
1367
1368 NTOSAPI
1369 NTSTATUS
1370 NTAPI
1371 ZwRegisterThreadTerminatePort(
1372 IN HANDLE PortHandle);
1373
1374 NTOSAPI
1375 NTSTATUS
1376 NTAPI
1377 ZwImpersonateThread(
1378 IN HANDLE ThreadHandle,
1379 IN HANDLE TargetThreadHandle,
1380 IN PSECURITY_QUALITY_OF_SERVICE SecurityQos);
1381
1382 NTOSAPI
1383 NTSTATUS
1384 NTAPI
1385 ZwImpersonateAnonymousToken(
1386 IN HANDLE ThreadHandle);
1387
1388
1389
1390
1391 /* Processes */
1392
1393 NTOSAPI
1394 NTSTATUS
1395 NTAPI
1396 ZwCreateProcess(
1397 OUT PHANDLE ProcessHandle,
1398 IN ACCESS_MASK DesiredAccess,
1399 IN POBJECT_ATTRIBUTES ObjectAttributes,
1400 IN HANDLE InheritFromProcessHandle,
1401 IN BOOLEAN InheritHandles,
1402 IN HANDLE SectionHandle OPTIONAL,
1403 IN HANDLE DebugPort OPTIONAL,
1404 IN HANDLE ExceptionPort OPTIONAL);
1405
1406 NTOSAPI
1407 NTSTATUS
1408 NTAPI
1409 ZwCreateProcess(
1410 OUT PHANDLE ProcessHandle,
1411 IN ACCESS_MASK DesiredAccess,
1412 IN POBJECT_ATTRIBUTES ObjectAttributes,
1413 IN HANDLE InheritFromProcessHandle,
1414 IN BOOLEAN InheritHandles,
1415 IN HANDLE SectionHandle OPTIONAL,
1416 IN HANDLE DebugPort OPTIONAL,
1417 IN HANDLE ExceptionPort OPTIONAL);
1418
1419 NTOSAPI
1420 NTSTATUS
1421 NTAPI
1422 ZwTerminateProcess(
1423 IN HANDLE ProcessHandle OPTIONAL,
1424 IN NTSTATUS ExitStatus);
1425
1426 NTOSAPI
1427 NTSTATUS
1428 NTAPI
1429 ZwQueryInformationProcess(
1430 IN HANDLE ProcessHandle,
1431 IN PROCESSINFOCLASS ProcessInformationClass,
1432 OUT PVOID ProcessInformation,
1433 IN ULONG ProcessInformationLength,
1434 OUT PULONG ReturnLength OPTIONAL);
1435
1436 NTOSAPI
1437 NTSTATUS
1438 NTAPI
1439 NtSetInformationProcess(
1440 IN HANDLE ProcessHandle,
1441 IN PROCESSINFOCLASS ProcessInformationClass,
1442 IN PVOID ProcessInformation,
1443 IN ULONG ProcessInformationLength);
1444
1445 NTOSAPI
1446 NTSTATUS
1447 NTAPI
1448 ZwSetInformationProcess(
1449 IN HANDLE ProcessHandle,
1450 IN PROCESSINFOCLASS ProcessInformationClass,
1451 IN PVOID ProcessInformation,
1452 IN ULONG ProcessInformationLength);
1453
1454 typedef struct _PROCESS_BASIC_INFORMATION {
1455 NTSTATUS ExitStatus;
1456 PPEB PebBaseAddress;
1457 KAFFINITY AffinityMask;
1458 KPRIORITY BasePriority;
1459 HANDLE UniqueProcessId;
1460 HANDLE InheritedFromUniqueProcessId;
1461 } PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION;
1462
1463 typedef struct _PROCESS_ACCESS_TOKEN {
1464 HANDLE Token;
1465 HANDLE Thread;
1466 } PROCESS_ACCESS_TOKEN, *PPROCESS_ACCESS_TOKEN;
1467
1468 /* DefaultHardErrorMode constants */
1469 /* also in winbase.h */
1470 #define SEM_FAILCRITICALERRORS 0x0001
1471 #define SEM_NOGPFAULTERRORBOX 0x0002
1472 #define SEM_NOALIGNMENTFAULTEXCEPT 0x0004
1473 #define SEM_NOOPENFILEERRORBOX 0x8000
1474 /* end winbase.h */
1475
1476 /* PROCESS_PRIORITY_CLASS.PriorityClass constants */
1477 #define PC_IDLE 1
1478 #define PC_NORMAL 2
1479 #define PC_HIGH 3
1480 #define PC_REALTIME 4
1481 #define PC_BELOW_NORMAL 5
1482 #define PC_ABOVE_NORMAL 6
1483
1484 typedef struct _PROCESS_PRIORITY_CLASS {
1485 BOOLEAN Foreground;
1486 UCHAR PriorityClass;
1487 } PROCESS_PRIORITY_CLASS, *PPROCESS_PRIORITY_CLASS;
1488
1489 /* PROCESS_DEVICEMAP_INFORMATION.DriveType constants */
1490 #define DRIVE_UNKNOWN 0
1491 #define DRIVE_NO_ROOT_DIR 1
1492 #define DRIVE_REMOVABLE 2
1493 #define DRIVE_FIXED 3
1494 #define DRIVE_REMOTE 4
1495 #define DRIVE_CDROM 5
1496 #define DRIVE_RAMDISK 6
1497
1498 typedef struct _PROCESS_DEVICEMAP_INFORMATION {
1499 _ANONYMOUS_UNION union {
1500 struct {
1501 HANDLE DirectoryHandle;
1502 } Set;
1503 struct {
1504 ULONG DriveMap;
1505 UCHAR DriveType[32];
1506 } Query;
1507 } DUMMYUNIONNAME;
1508 } PROCESS_DEVICEMAP_INFORMATION, *PPROCESS_DEVICEMAP_INFORMATION;
1509
1510 typedef struct _PROCESS_SESSION_INFORMATION {
1511 ULONG SessionId;
1512 } PROCESS_SESSION_INFORMATION, *PPROCESS_SESSION_INFORMATION;
1513
1514 typedef struct _RTL_USER_PROCESS_PARAMETERS {
1515 ULONG AllocationSize;
1516 ULONG Size;
1517 ULONG Flags;
1518 ULONG DebugFlags;
1519 HANDLE hConsole;
1520 ULONG ProcessGroup;
1521 HANDLE hStdInput;
1522 HANDLE hStdOutput;
1523 HANDLE hStdError;
1524 UNICODE_STRING CurrentDirectoryName;
1525 HANDLE CurrentDirectoryHandle;
1526 UNICODE_STRING DllPath;
1527 UNICODE_STRING ImagePathName;
1528 UNICODE_STRING CommandLine;
1529 PWSTR Environment;
1530 ULONG dwX;
1531 ULONG dwY;
1532 ULONG dwXSize;
1533 ULONG dwYSize;
1534 ULONG dwXCountChars;
1535 ULONG dwYCountChars;
1536 ULONG dwFillAttribute;
1537 ULONG dwFlags;
1538 ULONG wShowWindow;
1539 UNICODE_STRING WindowTitle;
1540 UNICODE_STRING DesktopInfo;
1541 UNICODE_STRING ShellInfo;
1542 UNICODE_STRING RuntimeInfo;
1543 } RTL_USER_PROCESS_PARAMETERS, *PRTL_USER_PROCESS_PARAMETERS;
1544
1545 NTSTATUS
1546 NTAPI
1547 RtlCreateProcessParameters(
1548 OUT PRTL_USER_PROCESS_PARAMETERS *ProcessParameters,
1549 IN PUNICODE_STRING ImageFile,
1550 IN PUNICODE_STRING DllPath OPTIONAL,
1551 IN PUNICODE_STRING CurrentDirectory OPTIONAL,
1552 IN PUNICODE_STRING CommandLine OPTIONAL,
1553 IN PWSTR Environment OPTIONAL,
1554 IN PUNICODE_STRING WindowTitle OPTIONAL,
1555 IN PUNICODE_STRING DesktopInfo OPTIONAL,
1556 IN PUNICODE_STRING ShellInfo OPTIONAL,
1557 IN PUNICODE_STRING RuntimeInfo OPTIONAL);
1558
1559 NTSTATUS
1560 NTAPI
1561 RtlDestroyProcessParameters(
1562 IN PRTL_USER_PROCESS_PARAMETERS ProcessParameters);
1563
1564 typedef struct _DEBUG_BUFFER {
1565 HANDLE SectionHandle;
1566 PVOID SectionBase;
1567 PVOID RemoteSectionBase;
1568 ULONG SectionBaseDelta;
1569 HANDLE EventPairHandle;
1570 ULONG Unknown[2];
1571 HANDLE RemoteThreadHandle;
1572 ULONG InfoClassMask;
1573 ULONG SizeOfInfo;
1574 ULONG AllocatedSize;
1575 ULONG SectionSize;
1576 PVOID ModuleInformation;
1577 PVOID BackTraceInformation;
1578 PVOID HeapInformation;
1579 PVOID LockInformation;
1580 PVOID Reserved[8];
1581 } DEBUG_BUFFER, *PDEBUG_BUFFER;
1582
1583 PDEBUG_BUFFER
1584 NTAPI
1585 RtlCreateQueryDebugBuffer(
1586 IN ULONG Size,
1587 IN BOOLEAN EventPair);
1588
1589 /* RtlQueryProcessDebugInformation.DebugInfoClassMask constants */
1590 #define PDI_MODULES 0x01
1591 #define PDI_BACKTRACE 0x02
1592 #define PDI_HEAPS 0x04
1593 #define PDI_HEAP_TAGS 0x08
1594 #define PDI_HEAP_BLOCKS 0x10
1595 #define PDI_LOCKS 0x20
1596
1597 NTSTATUS
1598 NTAPI
1599 RtlQueryProcessDebugInformation(
1600 IN ULONG ProcessId,
1601 IN ULONG DebugInfoClassMask,
1602 IN OUT PDEBUG_BUFFER DebugBuffer);
1603
1604 NTSTATUS
1605 NTAPI
1606 RtlDestroyQueryDebugBuffer(
1607 IN PDEBUG_BUFFER DebugBuffer);
1608
1609 /* DEBUG_MODULE_INFORMATION.Flags constants */
1610 #define LDRP_STATIC_LINK 0x00000002
1611 #define LDRP_IMAGE_DLL 0x00000004
1612 #define LDRP_LOAD_IN_PROGRESS 0x00001000
1613 #define LDRP_UNLOAD_IN_PROGRESS 0x00002000
1614 #define LDRP_ENTRY_PROCESSED 0x00004000
1615 #define LDRP_ENTRY_INSERTED 0x00008000
1616 #define LDRP_CURRENT_LOAD 0x00010000
1617 #define LDRP_FAILED_BUILTIN_LOAD 0x00020000
1618 #define LDRP_DONT_CALL_FOR_THREADS 0x00040000
1619 #define LDRP_PROCESS_ATTACH_CALLED 0x00080000
1620 #define LDRP_DEBUG_SYMBOLS_LOADED 0x00100000
1621 #define LDRP_IMAGE_NOT_AT_BASE 0x00200000
1622 #define LDRP_WX86_IGNORE_MACHINETYPE 0x00400000
1623
1624 typedef struct _DEBUG_MODULE_INFORMATION {
1625 ULONG Reserved[2];
1626 PVOID Base;
1627 ULONG Size;
1628 ULONG Flags;
1629 USHORT Index;
1630 USHORT Unknown;
1631 USHORT LoadCount;
1632 USHORT ModuleNameOffset;
1633 CHAR ImageName[256];
1634 } DEBUG_MODULE_INFORMATION, *PDEBUG_MODULE_INFORMATION;
1635
1636 typedef struct _DEBUG_HEAP_INFORMATION {
1637 PVOID Base;
1638 ULONG Flags;
1639 USHORT Granularity;
1640 USHORT Unknown;
1641 ULONG Allocated;
1642 ULONG Committed;
1643 ULONG TagCount;
1644 ULONG BlockCount;
1645 ULONG Reserved[7];
1646 PVOID Tags;
1647 PVOID Blocks;
1648 } DEBUG_HEAP_INFORMATION, *PDEBUG_HEAP_INFORMATION;
1649
1650 typedef struct _DEBUG_LOCK_INFORMATION {
1651 PVOID Address;
1652 USHORT Type;
1653 USHORT CreatorBackTraceIndex;
1654 ULONG OwnerThreadId;
1655 ULONG ActiveCount;
1656 ULONG ContentionCount;
1657 ULONG EntryCount;
1658 ULONG RecursionCount;
1659 ULONG NumberOfSharedWaiters;
1660 ULONG NumberOfExclusiveWaiters;
1661 } DEBUG_LOCK_INFORMATION, *PDEBUG_LOCK_INFORMATION;
1662
1663
1664
1665 /* Jobs */
1666
1667 NTOSAPI
1668 NTSTATUS
1669 NTAPI
1670 ZwCreateJobObject(
1671 OUT PHANDLE JobHandle,
1672 IN ACCESS_MASK DesiredAccess,
1673 IN POBJECT_ATTRIBUTES ObjectAttributes);
1674
1675 NTOSAPI
1676 NTSTATUS
1677 NTAPI
1678 ZwOpenJobObject(
1679 OUT PHANDLE JobHandle,
1680 IN ACCESS_MASK DesiredAccess,
1681 IN POBJECT_ATTRIBUTES ObjectAttributes);
1682
1683 NTOSAPI
1684 NTSTATUS
1685 NTAPI
1686 ZwTerminateJobObject(
1687 IN HANDLE JobHandle,
1688 IN NTSTATUS ExitStatus);
1689
1690 NTOSAPI
1691 NTSTATUS
1692 NTAPI
1693 ZwAssignProcessToJobObject(
1694 IN HANDLE JobHandle,
1695 IN HANDLE ProcessHandle);
1696
1697 NTOSAPI
1698 NTSTATUS
1699 NTAPI
1700 ZwQueryInformationJobObject(
1701 IN HANDLE JobHandle,
1702 IN JOBOBJECTINFOCLASS JobInformationClass,
1703 OUT PVOID JobInformation,
1704 IN ULONG JobInformationLength,
1705 OUT PULONG ReturnLength OPTIONAL);
1706
1707 NTOSAPI
1708 NTSTATUS
1709 NTAPI
1710 ZwSetInformationJobObject(
1711 IN HANDLE JobHandle,
1712 IN JOBOBJECTINFOCLASS JobInformationClass,
1713 IN PVOID JobInformation,
1714 IN ULONG JobInformationLength);
1715
1716
1717 /* Tokens */
1718
1719 NTOSAPI
1720 NTSTATUS
1721 NTAPI
1722 ZwCreateToken(
1723 OUT PHANDLE TokenHandle,
1724 IN ACCESS_MASK DesiredAccess,
1725 IN POBJECT_ATTRIBUTES ObjectAttributes,
1726 IN TOKEN_TYPE Type,
1727 IN PLUID AuthenticationId,
1728 IN PLARGE_INTEGER ExpirationTime,
1729 IN PTOKEN_USER User,
1730 IN PTOKEN_GROUPS Groups,
1731 IN PTOKEN_PRIVILEGES Privileges,
1732 IN PTOKEN_OWNER Owner,
1733 IN PTOKEN_PRIMARY_GROUP PrimaryGroup,
1734 IN PTOKEN_DEFAULT_DACL DefaultDacl,
1735 IN PTOKEN_SOURCE Source
1736 );
1737
1738 NTOSAPI
1739 NTSTATUS
1740 NTAPI
1741 NtOpenProcessToken(
1742 IN HANDLE ProcessHandle,
1743 IN ACCESS_MASK DesiredAccess,
1744 OUT PHANDLE TokenHandle);
1745
1746 NTOSAPI
1747 NTSTATUS
1748 NTAPI
1749 ZwOpenProcessToken(
1750 IN HANDLE ProcessHandle,
1751 IN ACCESS_MASK DesiredAccess,
1752 OUT PHANDLE TokenHandle);
1753
1754 NTOSAPI
1755 NTSTATUS
1756 NTAPI
1757 NtOpenThreadToken(
1758 IN HANDLE ThreadHandle,
1759 IN ACCESS_MASK DesiredAccess,
1760 IN BOOLEAN OpenAsSelf,
1761 OUT PHANDLE TokenHandle);
1762
1763 NTOSAPI
1764 NTSTATUS
1765 NTAPI
1766 ZwOpenThreadToken(
1767 IN HANDLE ThreadHandle,
1768 IN ACCESS_MASK DesiredAccess,
1769 IN BOOLEAN OpenAsSelf,
1770 OUT PHANDLE TokenHandle);
1771
1772 NTOSAPI
1773 NTSTATUS
1774 NTAPI
1775 NtDuplicateToken(
1776 IN HANDLE ExistingTokenHandle,
1777 IN ACCESS_MASK DesiredAccess,
1778 IN POBJECT_ATTRIBUTES ObjectAttributes,
1779 IN BOOLEAN EffectiveOnly,
1780 IN TOKEN_TYPE TokenType,
1781 OUT PHANDLE NewTokenHandle);
1782
1783 NTOSAPI
1784 NTSTATUS
1785 NTAPI
1786 ZwDuplicateToken(
1787 IN HANDLE ExistingTokenHandle,
1788 IN ACCESS_MASK DesiredAccess,
1789 IN POBJECT_ATTRIBUTES ObjectAttributes,
1790 IN BOOLEAN EffectiveOnly,
1791 IN TOKEN_TYPE TokenType,
1792 OUT PHANDLE NewTokenHandle);
1793
1794 NTOSAPI
1795 NTSTATUS
1796 NTAPI
1797 ZwFilterToken(
1798 IN HANDLE ExistingTokenHandle,
1799 IN ULONG Flags,
1800 IN PTOKEN_GROUPS SidsToDisable,
1801 IN PTOKEN_PRIVILEGES PrivilegesToDelete,
1802 IN PTOKEN_GROUPS SidsToRestricted,
1803 OUT PHANDLE NewTokenHandle);
1804
1805 NTOSAPI
1806 NTSTATUS
1807 NTAPI
1808 NtAdjustPrivilegesToken(
1809 IN HANDLE TokenHandle,
1810 IN BOOLEAN DisableAllPrivileges,
1811 IN PTOKEN_PRIVILEGES NewState,
1812 IN ULONG BufferLength,
1813 OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL,
1814 OUT PULONG ReturnLength);
1815
1816 NTOSAPI
1817 NTSTATUS
1818 NTAPI
1819 ZwAdjustPrivilegesToken(
1820 IN HANDLE TokenHandle,
1821 IN BOOLEAN DisableAllPrivileges,
1822 IN PTOKEN_PRIVILEGES NewState,
1823 IN ULONG BufferLength,
1824 OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL,
1825 OUT PULONG ReturnLength);
1826
1827 NTOSAPI
1828 NTSTATUS
1829 NTAPI
1830 ZwAdjustGroupsToken(
1831 IN HANDLE TokenHandle,
1832 IN BOOLEAN ResetToDefault,
1833 IN PTOKEN_GROUPS NewState,
1834 IN ULONG BufferLength,
1835 OUT PTOKEN_GROUPS PreviousState OPTIONAL,
1836 OUT PULONG ReturnLength);
1837
1838 NTOSAPI
1839 NTSTATUS
1840 NTAPI
1841 NtQueryInformationToken(
1842 IN HANDLE TokenHandle,
1843 IN TOKEN_INFORMATION_CLASS TokenInformationClass,
1844 OUT PVOID TokenInformation,
1845 IN ULONG TokenInformationLength,
1846 OUT PULONG ReturnLength);
1847
1848 NTOSAPI
1849 NTSTATUS
1850 NTAPI
1851 ZwQueryInformationToken(
1852 IN HANDLE TokenHandle,
1853 IN TOKEN_INFORMATION_CLASS TokenInformationClass,
1854 OUT PVOID TokenInformation,
1855 IN ULONG TokenInformationLength,
1856 OUT PULONG ReturnLength);
1857
1858 NTOSAPI
1859 NTSTATUS
1860 NTAPI
1861 ZwSetInformationToken(
1862 IN HANDLE TokenHandle,
1863 IN TOKEN_INFORMATION_CLASS TokenInformationClass,
1864 IN PVOID TokenInformation,
1865 IN ULONG TokenInformationLength);
1866
1867
1868
1869
1870 /* Time */
1871
1872 NTOSAPI
1873 NTSTATUS
1874 NTAPI
1875 ZwQuerySystemTime(
1876 OUT PLARGE_INTEGER CurrentTime);
1877
1878 NTOSAPI
1879 NTSTATUS
1880 NTAPI
1881 ZwSetSystemTime(
1882 IN PLARGE_INTEGER NewTime,
1883 OUT PLARGE_INTEGER OldTime OPTIONAL);
1884
1885 NTOSAPI
1886 NTSTATUS
1887 NTAPI
1888 ZwQueryPerformanceCounter(
1889 OUT PLARGE_INTEGER PerformanceCount,
1890 OUT PLARGE_INTEGER PerformanceFrequency OPTIONAL);
1891
1892 NTOSAPI
1893 NTSTATUS
1894 NTAPI
1895 ZwQueryPerformanceCounter(
1896 OUT PLARGE_INTEGER PerformanceCount,
1897 OUT PLARGE_INTEGER PerformanceFrequency OPTIONAL);
1898
1899 NTOSAPI
1900 NTSTATUS
1901 NTAPI
1902 ZwQueryTimerResolution(
1903 OUT PULONG CoarsestResolution,
1904 OUT PULONG FinestResolution,
1905 OUT PULONG ActualResolution);
1906
1907 NTOSAPI
1908 NTSTATUS
1909 NTAPI
1910 ZwDelayExecution(
1911 IN BOOLEAN Alertable,
1912 IN PLARGE_INTEGER Interval);
1913
1914 NTOSAPI
1915 NTSTATUS
1916 NTAPI
1917 ZwYieldExecution(
1918 VOID);
1919
1920 NTOSAPI
1921 ULONG
1922 NTAPI
1923 ZwGetTickCount(
1924 VOID);
1925
1926
1927
1928
1929 /* Execution profiling */
1930
1931 NTOSAPI
1932 NTSTATUS
1933 NTAPI
1934 ZwCreateProfile(
1935 OUT PHANDLE ProfileHandle,
1936 IN HANDLE ProcessHandle,
1937 IN PVOID Base,
1938 IN ULONG Size,
1939 IN ULONG BucketShift,
1940 IN PULONG Buffer,
1941 IN ULONG BufferLength,
1942 IN KPROFILE_SOURCE Source,
1943 IN ULONG ProcessorMask);
1944
1945 NTOSAPI
1946 NTSTATUS
1947 NTAPI
1948 ZwSetIntervalProfile(
1949 IN ULONG Interval,
1950 IN KPROFILE_SOURCE Source);
1951
1952 NTOSAPI
1953 NTSTATUS
1954 NTAPI
1955 ZwQueryIntervalProfile(
1956 IN KPROFILE_SOURCE Source,
1957 OUT PULONG Interval);
1958
1959 NTOSAPI
1960 NTSTATUS
1961 NTAPI
1962 ZwStartProfile(
1963 IN HANDLE ProfileHandle);
1964
1965 NTOSAPI
1966 NTSTATUS
1967 NTAPI
1968 ZwStopProfile(
1969 IN HANDLE ProfileHandle);
1970
1971 /* Local Procedure Call (LPC) */
1972
1973 typedef struct _LPC_MESSAGE {
1974 USHORT DataSize;
1975 USHORT MessageSize;
1976 USHORT MessageType;
1977 USHORT VirtualRangesOffset;
1978 CLIENT_ID ClientId;
1979 ULONG MessageId;
1980 ULONG SectionSize;
1981 } LPC_MESSAGE, *PLPC_MESSAGE;
1982
1983 #define LPC_MESSAGE_BASE_SIZE 24
1984
1985 typedef enum _LPC_TYPE {
1986 LPC_NEW_MESSAGE,
1987 LPC_REQUEST,
1988 LPC_REPLY,
1989 LPC_DATAGRAM,
1990 LPC_LOST_REPLY,
1991 LPC_PORT_CLOSED,
1992 LPC_CLIENT_DIED,
1993 LPC_EXCEPTION,
1994 LPC_DEBUG_EVENT,
1995 LPC_ERROR_EVENT,
1996 LPC_CONNECTION_REQUEST,
1997 LPC_CONNECTION_REFUSED,
1998 LPC_MAXIMUM
1999 } LPC_TYPE;
2000
2001 typedef struct _LPC_SECTION_WRITE {
2002 ULONG Length;
2003 HANDLE SectionHandle;
2004 ULONG SectionOffset;
2005 ULONG ViewSize;
2006 PVOID ViewBase;
2007 PVOID TargetViewBase;
2008 } LPC_SECTION_WRITE, *PLPC_SECTION_WRITE;
2009
2010 typedef struct _LPC_SECTION_READ {
2011 ULONG Length;
2012 ULONG ViewSize;
2013 PVOID ViewBase;
2014 } LPC_SECTION_READ, *PLPC_SECTION_READ;
2015
2016 NTOSAPI
2017 NTSTATUS
2018 NTAPI
2019 ZwCreatePort(
2020 OUT PHANDLE PortHandle,
2021 IN POBJECT_ATTRIBUTES ObjectAttributes,
2022 IN ULONG MaxDataSize,
2023 IN ULONG MaxMessageSize,
2024 IN ULONG Reserved);
2025
2026 NTOSAPI
2027 NTSTATUS
2028 NTAPI
2029 ZwCreateWaitablePort(
2030 OUT PHANDLE PortHandle,
2031 IN POBJECT_ATTRIBUTES ObjectAttributes,
2032 IN ULONG MaxDataSize,
2033 IN ULONG MaxMessageSize,
2034 IN ULONG Reserved);
2035
2036 NTOSAPI
2037 NTSTATUS
2038 NTAPI
2039 NtConnectPort(
2040 OUT PHANDLE PortHandle,
2041 IN PUNICODE_STRING PortName,
2042 IN PSECURITY_QUALITY_OF_SERVICE SecurityQos,
2043 IN OUT PLPC_SECTION_WRITE WriteSection OPTIONAL,
2044 IN OUT PLPC_SECTION_READ ReadSection OPTIONAL,
2045 OUT PULONG MaxMessageSize OPTIONAL,
2046 IN OUT PVOID ConnectData OPTIONAL,
2047 IN OUT PULONG ConnectDataLength OPTIONAL);
2048
2049 NTOSAPI
2050 NTSTATUS
2051 NTAPI
2052 ZwConnectPort(
2053 OUT PHANDLE PortHandle,
2054 IN PUNICODE_STRING PortName,
2055 IN PSECURITY_QUALITY_OF_SERVICE SecurityQos,
2056 IN OUT PLPC_SECTION_WRITE WriteSection OPTIONAL,
2057 IN OUT PLPC_SECTION_READ ReadSection OPTIONAL,
2058 OUT PULONG MaxMessageSize OPTIONAL,
2059 IN OUT PVOID ConnectData OPTIONAL,
2060 IN OUT PULONG ConnectDataLength OPTIONAL);
2061
2062 NTOSAPI
2063 NTSTATUS
2064 NTAPI
2065 ZwConnectPort(
2066 OUT PHANDLE PortHandle,
2067 IN PUNICODE_STRING PortName,
2068 IN PSECURITY_QUALITY_OF_SERVICE SecurityQos,
2069 IN OUT PLPC_SECTION_WRITE WriteSection OPTIONAL,
2070 IN OUT PLPC_SECTION_READ ReadSection OPTIONAL,
2071 OUT PULONG MaxMessageSize OPTIONAL,
2072 IN OUT PVOID ConnectData OPTIONAL,
2073 IN OUT PULONG ConnectDataLength OPTIONAL);
2074
2075 NTOSAPI
2076 NTSTATUS
2077 NTAPI
2078 ZwListenPort(
2079 IN HANDLE PortHandle,
2080 OUT PLPC_MESSAGE Message);
2081
2082 NTOSAPI
2083 NTSTATUS
2084 NTAPI
2085 ZwAcceptConnectPort(
2086 OUT PHANDLE PortHandle,
2087 IN ULONG PortIdentifier,
2088 IN PLPC_MESSAGE Message,
2089 IN BOOLEAN Accept,
2090 IN OUT PLPC_SECTION_WRITE WriteSection OPTIONAL,
2091 IN OUT PLPC_SECTION_READ ReadSection OPTIONAL);
2092
2093 NTOSAPI
2094 NTSTATUS
2095 NTAPI
2096 ZwCompleteConnectPort(
2097 IN HANDLE PortHandle);
2098
2099 NTOSAPI
2100 NTSTATUS
2101 NTAPI
2102 NtRequestPort(
2103 IN HANDLE PortHandle,
2104 IN PLPC_MESSAGE RequestMessage);
2105
2106 NTOSAPI
2107 NTSTATUS
2108 NTAPI
2109 NtRequestWaitReplyPort(
2110 IN HANDLE PortHandle,
2111 IN PLPC_MESSAGE RequestMessage,
2112 OUT PLPC_MESSAGE ReplyMessage);
2113
2114 NTOSAPI
2115 NTSTATUS
2116 NTAPI
2117 ZwRequestWaitReplyPort(
2118 IN HANDLE PortHandle,
2119 IN PLPC_MESSAGE RequestMessage,
2120 OUT PLPC_MESSAGE ReplyMessage);
2121
2122 NTOSAPI
2123 NTSTATUS
2124 NTAPI
2125 ZwReplyPort(
2126 IN HANDLE PortHandle,
2127 IN PLPC_MESSAGE ReplyMessage);
2128
2129 NTOSAPI
2130 NTSTATUS
2131 NTAPI
2132 ZwReplyWaitReplyPort(
2133 IN HANDLE PortHandle,
2134 IN OUT PLPC_MESSAGE ReplyMessage);
2135
2136 NTOSAPI
2137 NTSTATUS
2138 NTAPI
2139 ZwReplyWaitReceivePort(
2140 IN HANDLE PortHandle,
2141 OUT PULONG PortIdentifier OPTIONAL,
2142 IN PLPC_MESSAGE ReplyMessage OPTIONAL,
2143 OUT PLPC_MESSAGE Message);
2144
2145 NTOSAPI
2146 NTSTATUS
2147 NTAPI
2148 ZwReplyWaitReceivePortEx(
2149 IN HANDLE PortHandle,
2150 OUT PULONG PortIdentifier OPTIONAL,
2151 IN PLPC_MESSAGE ReplyMessage OPTIONAL,
2152 OUT PLPC_MESSAGE Message,
2153 IN PLARGE_INTEGER Timeout);
2154
2155 NTOSAPI
2156 NTSTATUS
2157 NTAPI
2158 ZwReadRequestData(
2159 IN HANDLE PortHandle,
2160 IN PLPC_MESSAGE Message,
2161 IN ULONG Index,
2162 OUT PVOID Buffer,
2163 IN ULONG BufferLength,
2164 OUT PULONG ReturnLength OPTIONAL);
2165
2166 NTOSAPI
2167 NTSTATUS
2168 NTAPI
2169 ZwWriteRequestData(
2170 IN HANDLE PortHandle,
2171 IN PLPC_MESSAGE Message,
2172 IN ULONG Index,
2173 IN PVOID Buffer,
2174 IN ULONG BufferLength,
2175 OUT PULONG ReturnLength OPTIONAL);
2176
2177 typedef enum _PORT_INFORMATION_CLASS {
2178 PortBasicInformation
2179 } PORT_INFORMATION_CLASS;
2180
2181 NTOSAPI
2182 NTSTATUS
2183 NTAPI
2184 ZwQueryInformationPort(
2185 IN HANDLE PortHandle,
2186 IN PORT_INFORMATION_CLASS PortInformationClass,
2187 OUT PVOID PortInformation,
2188 IN ULONG PortInformationLength,
2189 OUT PULONG ReturnLength OPTIONAL);
2190
2191 NTOSAPI
2192 NTSTATUS
2193 NTAPI
2194 ZwImpersonateClientOfPort(
2195 IN HANDLE PortHandle,
2196 IN PLPC_MESSAGE Message);
2197
2198
2199
2200
2201 /* Files */
2202
2203 NTOSAPI
2204 NTSTATUS
2205 NTAPI
2206 NtDeleteFile(
2207 IN POBJECT_ATTRIBUTES ObjectAttributes);
2208
2209 NTOSAPI
2210 NTSTATUS
2211 NTAPI
2212 ZwDeleteFile(
2213 IN POBJECT_ATTRIBUTES ObjectAttributes);
2214
2215 NTOSAPI
2216 NTSTATUS
2217 NTAPI
2218 ZwFlushBuffersFile(
2219 IN HANDLE FileHandle,
2220 OUT PIO_STATUS_BLOCK IoStatusBlock);
2221
2222 NTOSAPI
2223 NTSTATUS
2224 NTAPI
2225 ZwCancelIoFile(
2226 IN HANDLE FileHandle,
2227 OUT PIO_STATUS_BLOCK IoStatusBlock);
2228
2229 NTOSAPI
2230 NTSTATUS
2231 NTAPI
2232 ZwReadFileScatter(
2233 IN HANDLE FileHandle,
2234 IN HANDLE Event OPTIONAL,
2235 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
2236 IN PVOID ApcContext OPTIONAL,
2237 OUT PIO_STATUS_BLOCK IoStatusBlock,
2238 IN PFILE_SEGMENT_ELEMENT Buffer,
2239 IN ULONG Length,
2240 IN PLARGE_INTEGER ByteOffset OPTIONAL,
2241 IN PULONG Key OPTIONAL);
2242
2243 NTOSAPI
2244 NTSTATUS
2245 NTAPI
2246 ZwWriteFileGather(
2247 IN HANDLE FileHandle,
2248 IN HANDLE Event OPTIONAL,
2249 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
2250 IN PVOID ApcContext OPTIONAL,
2251 OUT PIO_STATUS_BLOCK IoStatusBlock,
2252 IN PFILE_SEGMENT_ELEMENT Buffer,
2253 IN ULONG Length,
2254 IN PLARGE_INTEGER ByteOffset OPTIONAL,
2255 IN PULONG Key OPTIONAL);
2256
2257
2258
2259
2260 /* Registry keys */
2261
2262 NTOSAPI
2263 NTSTATUS
2264 NTAPI
2265 ZwSaveKey(
2266 IN HANDLE KeyHandle,
2267 IN HANDLE FileHandle);
2268
2269 NTOSAPI
2270 NTSTATUS
2271 NTAPI
2272 ZwSaveMergedKeys(
2273 IN HANDLE KeyHandle1,
2274 IN HANDLE KeyHandle2,
2275 IN HANDLE FileHandle);
2276
2277 NTOSAPI
2278 NTSTATUS
2279 NTAPI
2280 ZwRestoreKey(
2281 IN HANDLE KeyHandle,
2282 IN HANDLE FileHandle,
2283 IN ULONG Flags);
2284
2285 NTOSAPI
2286 NTSTATUS
2287 NTAPI
2288 ZwLoadKey(
2289 IN POBJECT_ATTRIBUTES KeyObjectAttributes,
2290 IN POBJECT_ATTRIBUTES FileObjectAttributes);
2291
2292 NTOSAPI
2293 NTSTATUS
2294 NTAPI
2295 ZwLoadKey2(
2296 IN POBJECT_ATTRIBUTES KeyObjectAttributes,
2297 IN POBJECT_ATTRIBUTES FileObjectAttributes,
2298 IN ULONG Flags);
2299
2300 NTOSAPI
2301 NTSTATUS
2302 NTAPI
2303 ZwUnloadKey(
2304 IN POBJECT_ATTRIBUTES KeyObjectAttributes);
2305
2306 NTOSAPI
2307 NTSTATUS
2308 NTAPI
2309 ZwQueryOpenSubKeys(
2310 IN POBJECT_ATTRIBUTES KeyObjectAttributes,
2311 OUT PULONG NumberOfKeys);
2312
2313 NTOSAPI
2314 NTSTATUS
2315 NTAPI
2316 ZwReplaceKey(
2317 IN POBJECT_ATTRIBUTES NewFileObjectAttributes,
2318 IN HANDLE KeyHandle,
2319 IN POBJECT_ATTRIBUTES OldFileObjectAttributes);
2320
2321 NTOSAPI
2322 NTSTATUS
2323 NTAPI
2324 ZwSetInformationKey(
2325 IN HANDLE KeyHandle,
2326 IN KEY_SET_INFORMATION_CLASS KeyInformationClass,
2327 IN PVOID KeyInformation,
2328 IN ULONG KeyInformationLength);
2329
2330 typedef struct _KEY_LAST_WRITE_TIME_INFORMATION {
2331 LARGE_INTEGER LastWriteTime;
2332 } KEY_LAST_WRITE_TIME_INFORMATION, *PKEY_LAST_WRITE_TIME_INFORMATION;
2333
2334 typedef struct _KEY_NAME_INFORMATION {
2335 ULONG NameLength;
2336 WCHAR Name[1];
2337 } KEY_NAME_INFORMATION, *PKEY_NAME_INFORMATION;
2338
2339 NTOSAPI
2340 NTSTATUS
2341 NTAPI
2342 ZwNotifyChangeKey(
2343 IN HANDLE KeyHandle,
2344 IN HANDLE EventHandle OPTIONAL,
2345 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
2346 IN PVOID ApcContext OPTIONAL,
2347 OUT PIO_STATUS_BLOCK IoStatusBlock,
2348 IN ULONG NotifyFilter,
2349 IN BOOLEAN WatchSubtree,
2350 IN PVOID Buffer,
2351 IN ULONG BufferLength,
2352 IN BOOLEAN Asynchronous);
2353
2354 /* ZwNotifyChangeMultipleKeys.Flags constants */
2355 #define REG_MONITOR_SINGLE_KEY 0x00
2356 #define REG_MONITOR_SECOND_KEY 0x01
2357
2358 NTOSAPI
2359 NTSTATUS
2360 NTAPI
2361 ZwNotifyChangeMultipleKeys(
2362 IN HANDLE KeyHandle,
2363 IN ULONG Flags,
2364 IN POBJECT_ATTRIBUTES KeyObjectAttributes,
2365 IN HANDLE EventHandle OPTIONAL,
2366 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
2367 IN PVOID ApcContext OPTIONAL,
2368 OUT PIO_STATUS_BLOCK IoStatusBlock,
2369 IN ULONG NotifyFilter,
2370 IN BOOLEAN WatchSubtree,
2371 IN PVOID Buffer,
2372 IN ULONG BufferLength,
2373 IN BOOLEAN Asynchronous);
2374
2375 NTOSAPI
2376 NTSTATUS
2377 NTAPI
2378 ZwQueryMultipleValueKey(
2379 IN HANDLE KeyHandle,
2380 IN OUT PKEY_VALUE_ENTRY ValueList,
2381 IN ULONG NumberOfValues,
2382 OUT PVOID Buffer,
2383 IN OUT PULONG Length,
2384 OUT PULONG ReturnLength);
2385
2386 NTOSAPI
2387 NTSTATUS
2388 NTAPI
2389 ZwInitializeRegistry(
2390 IN BOOLEAN Setup);
2391
2392
2393
2394
2395 /* Security and auditing */
2396
2397 NTOSAPI
2398 NTSTATUS
2399 NTAPI
2400 ZwPrivilegeCheck(
2401 IN HANDLE TokenHandle,
2402 IN PPRIVILEGE_SET RequiredPrivileges,
2403 OUT PBOOLEAN Result);
2404
2405 NTOSAPI
2406 NTSTATUS
2407 NTAPI
2408 ZwPrivilegeObjectAuditAlarm(
2409 IN PUNICODE_STRING SubsystemName,
2410 IN PVOID HandleId,
2411 IN HANDLE TokenHandle,
2412 IN ACCESS_MASK DesiredAccess,
2413 IN PPRIVILEGE_SET Privileges,
2414 IN BOOLEAN AccessGranted);
2415
2416 NTOSAPI
2417 NTSTATUS
2418 NTAPI
2419 ZwPrivilegeObjectAuditAlarm(
2420 IN PUNICODE_STRING SubsystemName,
2421 IN PVOID HandleId,
2422 IN HANDLE TokenHandle,
2423 IN ACCESS_MASK DesiredAccess,
2424 IN PPRIVILEGE_SET Privileges,
2425 IN BOOLEAN AccessGranted);
2426
2427 NTOSAPI
2428 NTSTATUS
2429 NTAPI
2430 ZwAccessCheck(
2431 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
2432 IN HANDLE TokenHandle,
2433 IN ACCESS_MASK DesiredAccess,
2434 IN PGENERIC_MAPPING GenericMapping,
2435 IN PPRIVILEGE_SET PrivilegeSet,
2436 IN PULONG PrivilegeSetLength,
2437 OUT PACCESS_MASK GrantedAccess,
2438 OUT PNTSTATUS AccessStatus);
2439
2440 NTOSAPI
2441 NTSTATUS
2442 NTAPI
2443 ZwAccessCheckAndAuditAlarm(
2444 IN PUNICODE_STRING SubsystemName,
2445 IN PVOID HandleId,
2446 IN PUNICODE_STRING ObjectTypeName,
2447 IN PUNICODE_STRING ObjectName,
2448 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
2449 IN ACCESS_MASK DesiredAccess,
2450 IN PGENERIC_MAPPING GenericMapping,
2451 IN BOOLEAN ObjectCreation,
2452 OUT PACCESS_MASK GrantedAccess,
2453 OUT PBOOLEAN AccessStatus,
2454 OUT PBOOLEAN GenerateOnClose);
2455
2456 NTOSAPI
2457 NTSTATUS
2458 NTAPI
2459 ZwAccessCheckByType(
2460 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
2461 IN PSID PrincipalSelfSid,
2462 IN HANDLE TokenHandle,
2463 IN ULONG DesiredAccess,
2464 IN POBJECT_TYPE_LIST ObjectTypeList,
2465 IN ULONG ObjectTypeListLength,
2466 IN PGENERIC_MAPPING GenericMapping,
2467 IN PPRIVILEGE_SET PrivilegeSet,
2468 IN PULONG PrivilegeSetLength,
2469 OUT PACCESS_MASK GrantedAccess,
2470 OUT PULONG AccessStatus);
2471
2472 typedef enum _AUDIT_EVENT_TYPE {
2473 AuditEventObjectAccess,
2474 AuditEventDirectoryServiceAccess
2475 } AUDIT_EVENT_TYPE, *PAUDIT_EVENT_TYPE;
2476
2477 NTOSAPI
2478 NTSTATUS
2479 NTAPI
2480 ZwAccessCheckByTypeAndAuditAlarm(
2481 IN PUNICODE_STRING SubsystemName,
2482 IN PVOID HandleId,
2483 IN PUNICODE_STRING ObjectTypeName,
2484 IN PUNICODE_STRING ObjectName,
2485 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
2486 IN PSID PrincipalSelfSid,
2487 IN ACCESS_MASK DesiredAccess,
2488 IN AUDIT_EVENT_TYPE AuditType,
2489 IN ULONG Flags,
2490 IN POBJECT_TYPE_LIST ObjectTypeList,
2491 IN ULONG ObjectTypeListLength,
2492 IN PGENERIC_MAPPING GenericMapping,
2493 IN BOOLEAN ObjectCreation,
2494 OUT PACCESS_MASK GrantedAccess,
2495 OUT PULONG AccessStatus,
2496 OUT PBOOLEAN GenerateOnClose);
2497
2498 NTOSAPI
2499 NTSTATUS
2500 NTAPI
2501 ZwAccessCheckByTypeResultList(
2502 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
2503 IN PSID PrincipalSelfSid,
2504 IN HANDLE TokenHandle,
2505 IN ACCESS_MASK DesiredAccess,
2506 IN POBJECT_TYPE_LIST ObjectTypeList,
2507 IN ULONG ObjectTypeListLength,
2508 IN PGENERIC_MAPPING GenericMapping,
2509 IN PPRIVILEGE_SET PrivilegeSet,
2510 IN PULONG PrivilegeSetLength,
2511 OUT PACCESS_MASK GrantedAccessList,
2512 OUT PULONG AccessStatusList);
2513
2514 NTOSAPI
2515 NTSTATUS
2516 NTAPI
2517 ZwAccessCheckByTypeResultListAndAuditAlarm(
2518 IN PUNICODE_STRING SubsystemName,
2519 IN PVOID HandleId,
2520 IN PUNICODE_STRING ObjectTypeName,
2521 IN PUNICODE_STRING ObjectName,
2522 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
2523 IN PSID PrincipalSelfSid,
2524 IN ACCESS_MASK DesiredAccess,
2525 IN AUDIT_EVENT_TYPE AuditType,
2526 IN ULONG Flags,
2527 IN POBJECT_TYPE_LIST ObjectTypeList,
2528 IN ULONG ObjectTypeListLength,
2529 IN PGENERIC_MAPPING GenericMapping,
2530 IN BOOLEAN ObjectCreation,
2531 OUT PACCESS_MASK GrantedAccessList,
2532 OUT PULONG AccessStatusList,
2533 OUT PULONG GenerateOnClose);
2534
2535 NTOSAPI
2536 NTSTATUS
2537 NTAPI
2538 ZwAccessCheckByTypeResultListAndAuditAlarmByHandle(
2539 IN PUNICODE_STRING SubsystemName,
2540 IN PVOID HandleId,
2541 IN HANDLE TokenHandle,
2542 IN PUNICODE_STRING ObjectTypeName,
2543 IN PUNICODE_STRING ObjectName,
2544 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
2545 IN PSID PrincipalSelfSid,
2546 IN ACCESS_MASK DesiredAccess,
2547 IN AUDIT_EVENT_TYPE AuditType,
2548 IN ULONG Flags,
2549 IN POBJECT_TYPE_LIST ObjectTypeList,
2550 IN ULONG ObjectTypeListLength,
2551 IN PGENERIC_MAPPING GenericMapping,
2552 IN BOOLEAN ObjectCreation,
2553 OUT PACCESS_MASK GrantedAccessList,
2554 OUT PULONG AccessStatusList,
2555 OUT PULONG GenerateOnClose);
2556
2557 NTOSAPI
2558 NTSTATUS
2559 NTAPI
2560 ZwOpenObjectAuditAlarm(
2561 IN PUNICODE_STRING SubsystemName,
2562 IN PVOID *HandleId,
2563 IN PUNICODE_STRING ObjectTypeName,
2564 IN PUNICODE_STRING ObjectName,
2565 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
2566 IN HANDLE TokenHandle,
2567 IN ACCESS_MASK DesiredAccess,
2568 IN ACCESS_MASK GrantedAccess,
2569 IN PPRIVILEGE_SET Privileges OPTIONAL,
2570 IN BOOLEAN ObjectCreation,
2571 IN BOOLEAN AccessGranted,
2572 OUT PBOOLEAN GenerateOnClose);
2573
2574 NTOSAPI
2575 NTSTATUS
2576 NTAPI
2577 ZwCloseObjectAuditAlarm(
2578 IN PUNICODE_STRING SubsystemName,
2579 IN PVOID HandleId,
2580 IN BOOLEAN GenerateOnClose);
2581
2582 NTOSAPI
2583 NTSTATUS
2584 NTAPI
2585 ZwDeleteObjectAuditAlarm(
2586 IN PUNICODE_STRING SubsystemName,
2587 IN PVOID HandleId,
2588 IN BOOLEAN GenerateOnClose);
2589
2590
2591
2592
2593 /* Plug and play and power management */
2594
2595 NTOSAPI
2596 NTSTATUS
2597 NTAPI
2598 ZwRequestWakeupLatency(
2599 IN LATENCY_TIME Latency);
2600
2601 NTOSAPI
2602 NTSTATUS
2603 NTAPI
2604 ZwRequestDeviceWakeup(
2605 IN HANDLE DeviceHandle);
2606
2607 NTOSAPI
2608 NTSTATUS
2609 NTAPI
2610 ZwCancelDeviceWakeupRequest(
2611 IN HANDLE DeviceHandle);
2612
2613 NTOSAPI
2614 BOOLEAN
2615 NTAPI
2616 ZwIsSystemResumeAutomatic(
2617 VOID);
2618
2619 NTOSAPI
2620 NTSTATUS
2621 NTAPI
2622 ZwSetThreadExecutionState(
2623 IN EXECUTION_STATE ExecutionState,
2624 OUT PEXECUTION_STATE PreviousExecutionState);
2625
2626 NTOSAPI
2627 NTSTATUS
2628 NTAPI
2629 ZwGetDevicePowerState(
2630 IN HANDLE DeviceHandle,
2631 OUT PDEVICE_POWER_STATE DevicePowerState);
2632
2633 NTOSAPI
2634 NTSTATUS
2635 NTAPI
2636 ZwSetSystemPowerState(
2637 IN POWER_ACTION SystemAction,
2638 IN SYSTEM_POWER_STATE MinSystemState,
2639 IN ULONG Flags);
2640
2641 NTOSAPI
2642 NTSTATUS
2643 NTAPI
2644 ZwInitiatePowerAction(
2645 IN POWER_ACTION SystemAction,
2646 IN SYSTEM_POWER_STATE MinSystemState,
2647 IN ULONG Flags,
2648 IN BOOLEAN Asynchronous);
2649
2650 NTOSAPI
2651 NTSTATUS
2652 NTAPI
2653 ZwPowerInformation(
2654 IN POWER_INFORMATION_LEVEL PowerInformationLevel,
2655 IN PVOID InputBuffer OPTIONAL,
2656 IN ULONG InputBufferLength,
2657 OUT PVOID OutputBuffer OPTIONAL,
2658 IN ULONG OutputBufferLength);
2659
2660 NTOSAPI
2661 NTSTATUS
2662 NTAPI
2663 ZwPlugPlayControl(
2664 IN ULONG ControlCode,
2665 IN OUT PVOID Buffer,
2666 IN ULONG BufferLength);
2667
2668 NTOSAPI
2669 NTSTATUS
2670 NTAPI
2671 ZwGetPlugPlayEvent(
2672 IN ULONG Reserved1,
2673 IN ULONG Reserved2,
2674 OUT PVOID Buffer,
2675 IN ULONG BufferLength);
2676
2677
2678
2679
2680 /* Miscellany */
2681
2682 NTOSAPI
2683 NTSTATUS
2684 NTAPI
2685 ZwRaiseException(
2686 IN PEXCEPTION_RECORD ExceptionRecord,
2687 IN PCONTEXT Context,
2688 IN BOOLEAN SearchFrames);
2689
2690 NTOSAPI
2691 NTSTATUS
2692 NTAPI
2693 ZwContinue(
2694 IN PCONTEXT Context,
2695 IN BOOLEAN TestAlert);
2696
2697 NTOSAPI
2698 NTSTATUS
2699 NTAPI
2700 ZwW32Call(
2701 IN ULONG RoutineIndex,
2702 IN PVOID Argument,
2703 IN ULONG ArgumentLength,
2704 OUT PVOID *Result OPTIONAL,
2705 OUT PULONG ResultLength OPTIONAL);
2706
2707 NTOSAPI
2708 NTSTATUS
2709 NTAPI
2710 ZwSetLowWaitHighThread(
2711 VOID);
2712
2713 NTOSAPI
2714 NTSTATUS
2715 NTAPI
2716 ZwSetHighWaitLowThread(
2717 VOID);
2718
2719 NTOSAPI
2720 NTSTATUS
2721 NTAPI
2722 ZwLoadDriver(
2723 IN PUNICODE_STRING DriverServiceName);
2724
2725 NTOSAPI
2726 NTSTATUS
2727 NTAPI
2728 ZwUnloadDriver(
2729 IN PUNICODE_STRING DriverServiceName);
2730
2731 NTOSAPI
2732 NTSTATUS
2733 NTAPI
2734 ZwFlushInstructionCache(
2735 IN HANDLE ProcessHandle,
2736 IN PVOID BaseAddress OPTIONAL,
2737 IN ULONG FlushSize);
2738
2739 NTOSAPI
2740 NTSTATUS
2741 NTAPI
2742 ZwFlushWriteBuffer(
2743 VOID);
2744
2745 NTOSAPI
2746 NTSTATUS
2747 NTAPI
2748 ZwQueryDefaultLocale(
2749 IN BOOLEAN ThreadOrSystem,
2750 OUT PLCID Locale);
2751
2752 NTOSAPI
2753 NTSTATUS
2754 NTAPI
2755 ZwSetDefaultLocale(
2756 IN BOOLEAN ThreadOrSystem,
2757 IN LCID Locale);
2758
2759 NTOSAPI
2760 NTSTATUS
2761 NTAPI
2762 ZwQueryDefaultUILanguage(
2763 OUT PLANGID LanguageId);
2764
2765 NTOSAPI
2766 NTSTATUS
2767 NTAPI
2768 ZwSetDefaultUILanguage(
2769 IN LANGID LanguageId);
2770
2771 NTOSAPI
2772 NTSTATUS
2773 NTAPI
2774 ZwQueryInstallUILanguage(
2775 OUT PLANGID LanguageId);
2776
2777 NTOSAPI
2778 NTSTATUS
2779 NTAPI
2780 NtAllocateLocallyUniqueId(
2781 OUT PLUID Luid);
2782
2783 NTOSAPI
2784 NTSTATUS
2785 NTAPI
2786 NtAllocateUuids(
2787 OUT PULARGE_INTEGER UuidLastTimeAllocated,
2788 OUT PULONG UuidDeltaTime,
2789 OUT PULONG UuidSequenceNumber,
2790 OUT PUCHAR UuidSeed);
2791
2792 NTOSAPI
2793 NTSTATUS
2794 NTAPI
2795 NtSetUuidSeed(
2796 IN PUCHAR UuidSeed);
2797
2798 NTOSAPI
2799 NTSTATUS
2800 NTAPI
2801 ZwSetUuidSeed(
2802 IN PUCHAR UuidSeed);
2803
2804 typedef enum _HARDERROR_RESPONSE_OPTION {
2805 OptionAbortRetryIgnore,
2806 OptionOk,
2807 OptionOkCancel,
2808 OptionRetryCancel,
2809 OptionYesNo,
2810 OptionYesNoCancel,
2811 OptionShutdownSystem
2812 } HARDERROR_RESPONSE_OPTION, *PHARDERROR_RESPONSE_OPTION;
2813
2814 typedef enum _HARDERROR_RESPONSE {
2815 ResponseReturnToCaller,
2816 ResponseNotHandled,
2817 ResponseAbort,
2818 ResponseCancel,
2819 ResponseIgnore,
2820 ResponseNo,
2821 ResponseOk,
2822 ResponseRetry,
2823 ResponseYes
2824 } HARDERROR_RESPONSE, *PHARDERROR_RESPONSE;
2825
2826 NTOSAPI
2827 NTSTATUS
2828 NTAPI
2829 ZwRaiseHardError(
2830 IN NTSTATUS Status,
2831 IN ULONG NumberOfArguments,
2832 IN ULONG StringArgumentsMask,
2833 IN PULONG Arguments,
2834 IN HARDERROR_RESPONSE_OPTION ResponseOption,
2835 OUT PHARDERROR_RESPONSE Response);
2836
2837 NTOSAPI
2838 NTSTATUS
2839 NTAPI
2840 ZwSetDefaultHardErrorPort(
2841 IN HANDLE PortHandle);
2842
2843 NTOSAPI
2844 NTSTATUS
2845 NTAPI
2846 ZwDisplayString(
2847 IN PUNICODE_STRING String);
2848
2849 NTOSAPI
2850 NTSTATUS
2851 NTAPI
2852 ZwCreatePagingFile(
2853 IN PUNICODE_STRING FileName,
2854 IN PULARGE_INTEGER InitialSize,
2855 IN PULARGE_INTEGER MaximumSize,
2856 IN ULONG Reserved);
2857
2858 typedef USHORT RTL_ATOM, *PRTL_ATOM;
2859
2860 NTOSAPI
2861 NTSTATUS
2862 NTAPI
2863 NtAddAtom(
2864 IN PWSTR AtomName,
2865 IN ULONG AtomNameLength,
2866 OUT PRTL_ATOM Atom);
2867
2868 NTOSAPI
2869 NTSTATUS
2870 NTAPI
2871 NtFindAtom(
2872 IN PWSTR AtomName,
2873 IN ULONG AtomNameLength,
2874 OUT PRTL_ATOM Atom);
2875
2876 NTOSAPI
2877 NTSTATUS
2878 NTAPI
2879 NtDeleteAtom(
2880 IN RTL_ATOM Atom);
2881
2882 typedef enum _ATOM_INFORMATION_CLASS {
2883 AtomBasicInformation,
2884 AtomTableInformation
2885 } ATOM_INFORMATION_CLASS;
2886
2887 NTOSAPI
2888 NTSTATUS
2889 NTAPI
2890 NtQueryInformationAtom(
2891 IN RTL_ATOM Atom,
2892 IN ATOM_INFORMATION_CLASS AtomInformationClass,
2893 OUT PVOID AtomInformation,
2894 IN ULONG AtomInformationLength,
2895 OUT PULONG ReturnLength OPTIONAL);
2896
2897 typedef struct _ATOM_BASIC_INFORMATION {
2898 USHORT UsageCount;
2899 USHORT Flags;
2900 USHORT NameLength;
2901 WCHAR Name[1];
2902 } ATOM_BASIC_INFORMATION, *PATOM_BASIC_INFORMATION;
2903
2904 typedef struct _ATOM_LIST_INFORMATION {
2905 ULONG NumberOfAtoms;
2906 ATOM Atoms[1];
2907 } ATOM_LIST_INFORMATION, *PATOM_LIST_INFORMATION;
2908
2909 NTOSAPI
2910 NTSTATUS
2911 NTAPI
2912 ZwSetLdtEntries(
2913 IN ULONG Selector1,
2914 IN LDT_ENTRY LdtEntry1,
2915 IN ULONG Selector2,
2916 IN LDT_ENTRY LdtEntry2);
2917
2918 NTOSAPI
2919 NTSTATUS
2920 NTAPI
2921 NtVdmControl(
2922 IN ULONG ControlCode,
2923 IN PVOID ControlData);
2924
2925 #ifdef __cplusplus
2926 }
2927 #endif
2928
2929 #endif /* __NTAPI_H */
A free Windows-compatible Operating System