1 /******************************************************************************
3 ******************************************************************************/
8 #define NtCurrentProcess() ( (HANDLE)(LONG_PTR) -1 )
9 #define ZwCurrentProcess() NtCurrentProcess()
10 #define NtCurrentThread() ( (HANDLE)(LONG_PTR) -2 )
11 #define ZwCurrentThread() NtCurrentThread()
15 _IRQL_requires_max_(PASSIVE_LEVEL
)
19 ZwAllocateLocallyUniqueId(
22 _IRQL_requires_max_(PASSIVE_LEVEL
)
27 _In_opt_ HANDLE ProcessHandle
,
28 _In_ NTSTATUS ExitStatus
);
30 _IRQL_requires_max_(PASSIVE_LEVEL
)
35 _Out_ PHANDLE ProcessHandle
,
36 _In_ ACCESS_MASK DesiredAccess
,
37 _In_ POBJECT_ATTRIBUTES ObjectAttributes
,
38 _In_opt_ PCLIENT_ID ClientId
);
42 _IRQL_requires_max_(PASSIVE_LEVEL
)
47 _In_ HANDLE FileHandle
,
48 _Out_ PIO_STATUS_BLOCK IoStatusBlock
,
49 _Out_writes_bytes_(Length
) PVOID Buffer
,
51 _In_ BOOLEAN ReturnSingleEntry
,
52 _In_reads_bytes_opt_(EaListLength
) PVOID EaList
,
53 _In_ ULONG EaListLength
,
54 _In_opt_ PULONG EaIndex
,
55 _In_ BOOLEAN RestartScan
);
57 _IRQL_requires_max_(PASSIVE_LEVEL
)
62 _In_ HANDLE FileHandle
,
63 _Out_ PIO_STATUS_BLOCK IoStatusBlock
,
64 _In_reads_bytes_(Length
) PVOID Buffer
,
67 _IRQL_requires_max_(PASSIVE_LEVEL
)
72 _In_ HANDLE ExistingTokenHandle
,
73 _In_ ACCESS_MASK DesiredAccess
,
74 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes
,
75 _In_ BOOLEAN EffectiveOnly
,
76 _In_ TOKEN_TYPE TokenType
,
77 _Out_ PHANDLE NewTokenHandle
);
80 #if (NTDDI_VERSION >= NTDDI_WIN2K)
83 _IRQL_requires_max_(PASSIVE_LEVEL
)
90 _IRQL_requires_max_(PASSIVE_LEVEL
)
94 ZwCreateDirectoryObject(
95 _Out_ PHANDLE DirectoryHandle
,
96 _In_ ACCESS_MASK DesiredAccess
,
97 _In_ POBJECT_ATTRIBUTES ObjectAttributes
);
99 _IRQL_requires_max_(PASSIVE_LEVEL
)
104 _Out_ PHANDLE FileHandle
,
105 _In_ ACCESS_MASK DesiredAccess
,
106 _In_ POBJECT_ATTRIBUTES ObjectAttributes
,
107 _Out_ PIO_STATUS_BLOCK IoStatusBlock
,
108 _In_opt_ PLARGE_INTEGER AllocationSize
,
109 _In_ ULONG FileAttributes
,
110 _In_ ULONG ShareAccess
,
111 _In_ ULONG CreateDisposition
,
112 _In_ ULONG CreateOptions
,
113 _In_reads_bytes_opt_(EaLength
) PVOID EaBuffer
,
117 _IRQL_requires_max_(PASSIVE_LEVEL
)
122 _Out_ PHANDLE KeyHandle
,
123 _In_ ACCESS_MASK DesiredAccess
,
124 _In_ POBJECT_ATTRIBUTES ObjectAttributes
,
125 _Reserved_ ULONG TitleIndex
,
126 _In_opt_ PUNICODE_STRING Class
,
127 _In_ ULONG CreateOptions
,
128 _Out_opt_ PULONG Disposition
);
130 _IRQL_requires_max_(APC_LEVEL
)
135 _Out_ PHANDLE SectionHandle
,
136 _In_ ACCESS_MASK DesiredAccess
,
137 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes
,
138 _In_opt_ PLARGE_INTEGER MaximumSize
,
139 _In_ ULONG SectionPageProtection
,
140 _In_ ULONG AllocationAttributes
,
141 _In_opt_ HANDLE FileHandle
);
143 _IRQL_requires_max_(PASSIVE_LEVEL
)
148 _In_ HANDLE KeyHandle
);
150 _IRQL_requires_max_(PASSIVE_LEVEL
)
155 _In_ HANDLE KeyHandle
,
156 _In_ PUNICODE_STRING ValueName
);
158 _IRQL_requires_max_(PASSIVE_LEVEL
)
159 _When_(Length
== 0, _Post_satisfies_(return < 0))
160 _When_(Length
> 0, _Post_satisfies_(return <= 0))
165 _In_ HANDLE KeyHandle
,
167 _In_ KEY_INFORMATION_CLASS KeyInformationClass
,
168 _Out_writes_bytes_opt_(Length
) PVOID KeyInformation
,
170 _Out_ PULONG ResultLength
);
172 _IRQL_requires_max_(PASSIVE_LEVEL
)
173 _When_(Length
== 0, _Post_satisfies_(return < 0))
174 _When_(Length
> 0, _Post_satisfies_(return <= 0))
179 _In_ HANDLE KeyHandle
,
181 _In_ KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass
,
182 _Out_writes_bytes_opt_(Length
) PVOID KeyValueInformation
,
184 _Out_ PULONG ResultLength
);
186 _IRQL_requires_max_(PASSIVE_LEVEL
)
191 _In_ HANDLE KeyHandle
);
193 _IRQL_requires_max_(PASSIVE_LEVEL
)
198 _In_ PUNICODE_STRING DriverServiceName
);
200 _IRQL_requires_max_(PASSIVE_LEVEL
)
204 ZwMakeTemporaryObject(
207 _IRQL_requires_max_(PASSIVE_LEVEL
)
212 _In_ HANDLE SectionHandle
,
213 _In_ HANDLE ProcessHandle
,
214 _Outptr_result_bytebuffer_(*ViewSize
) PVOID
*BaseAddress
,
215 _In_ ULONG_PTR ZeroBits
,
216 _In_ SIZE_T CommitSize
,
217 _Inout_opt_ PLARGE_INTEGER SectionOffset
,
218 _Inout_ PSIZE_T ViewSize
,
219 _In_ SECTION_INHERIT InheritDisposition
,
220 _In_ ULONG AllocationType
,
223 _IRQL_requires_max_(PASSIVE_LEVEL
)
228 _Out_ PHANDLE FileHandle
,
229 _In_ ACCESS_MASK DesiredAccess
,
230 _In_ POBJECT_ATTRIBUTES ObjectAttributes
,
231 _Out_ PIO_STATUS_BLOCK IoStatusBlock
,
232 _In_ ULONG ShareAccess
,
233 _In_ ULONG OpenOptions
);
235 _IRQL_requires_max_(PASSIVE_LEVEL
)
240 _Out_ PHANDLE KeyHandle
,
241 _In_ ACCESS_MASK DesiredAccess
,
242 _In_ POBJECT_ATTRIBUTES ObjectAttributes
);
244 _IRQL_requires_max_(PASSIVE_LEVEL
)
249 _Out_ PHANDLE SectionHandle
,
250 _In_ ACCESS_MASK DesiredAccess
,
251 _In_ POBJECT_ATTRIBUTES ObjectAttributes
);
253 _IRQL_requires_max_(PASSIVE_LEVEL
)
257 ZwOpenSymbolicLinkObject(
258 _Out_ PHANDLE LinkHandle
,
259 _In_ ACCESS_MASK DesiredAccess
,
260 _In_ POBJECT_ATTRIBUTES ObjectAttributes
);
262 _IRQL_requires_max_(PASSIVE_LEVEL
)
266 ZwQueryInformationFile(
267 _In_ HANDLE FileHandle
,
268 _Out_ PIO_STATUS_BLOCK IoStatusBlock
,
269 _Out_writes_bytes_(Length
) PVOID FileInformation
,
271 _In_ FILE_INFORMATION_CLASS FileInformationClass
);
273 _IRQL_requires_max_(PASSIVE_LEVEL
)
274 _When_(Length
== 0, _Post_satisfies_(return < 0))
275 _When_(Length
> 0, _Post_satisfies_(return <= 0))
280 _In_ HANDLE KeyHandle
,
281 _In_ KEY_INFORMATION_CLASS KeyInformationClass
,
282 _Out_writes_bytes_opt_(Length
) PVOID KeyInformation
,
284 _Out_ PULONG ResultLength
);
286 _IRQL_requires_max_(PASSIVE_LEVEL
)
290 ZwQuerySymbolicLinkObject(
291 _In_ HANDLE LinkHandle
,
292 _Inout_ PUNICODE_STRING LinkTarget
,
293 _Out_opt_ PULONG ReturnedLength
);
295 _IRQL_requires_max_(PASSIVE_LEVEL
)
296 _When_(Length
== 0, _Post_satisfies_(return < 0))
297 _When_(Length
> 0, _Post_satisfies_(return <= 0))
302 _In_ HANDLE KeyHandle
,
303 _In_ PUNICODE_STRING ValueName
,
304 _In_ KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass
,
305 _Out_writes_bytes_opt_(Length
) PVOID KeyValueInformation
,
307 _Out_ PULONG ResultLength
);
309 _IRQL_requires_max_(PASSIVE_LEVEL
)
314 _In_ HANDLE FileHandle
,
315 _In_opt_ HANDLE Event
,
316 _In_opt_ PIO_APC_ROUTINE ApcRoutine
,
317 _In_opt_ PVOID ApcContext
,
318 _Out_ PIO_STATUS_BLOCK IoStatusBlock
,
319 _Out_writes_bytes_(Length
) PVOID Buffer
,
321 _In_opt_ PLARGE_INTEGER ByteOffset
,
322 _In_opt_ PULONG Key
);
324 _IRQL_requires_max_(PASSIVE_LEVEL
)
328 ZwSetInformationFile(
329 _In_ HANDLE FileHandle
,
330 _Out_ PIO_STATUS_BLOCK IoStatusBlock
,
331 _In_reads_bytes_(Length
) PVOID FileInformation
,
333 _In_ FILE_INFORMATION_CLASS FileInformationClass
);
335 _IRQL_requires_max_(PASSIVE_LEVEL
)
340 _In_ HANDLE KeyHandle
,
341 _In_ PUNICODE_STRING ValueName
,
342 _In_opt_ ULONG TitleIndex
,
344 _In_reads_bytes_opt_(DataSize
) PVOID Data
,
345 _In_ ULONG DataSize
);
347 _IRQL_requires_max_(PASSIVE_LEVEL
)
352 _In_ PUNICODE_STRING DriverServiceName
);
354 _IRQL_requires_max_(PASSIVE_LEVEL
)
358 ZwUnmapViewOfSection(
359 _In_ HANDLE ProcessHandle
,
360 _In_opt_ PVOID BaseAddress
);
362 _IRQL_requires_max_(PASSIVE_LEVEL
)
367 _In_ HANDLE FileHandle
,
368 _In_opt_ HANDLE Event
,
369 _In_opt_ PIO_APC_ROUTINE ApcRoutine
,
370 _In_opt_ PVOID ApcContext
,
371 _Out_ PIO_STATUS_BLOCK IoStatusBlock
,
372 _In_reads_bytes_(Length
) PVOID Buffer
,
374 _In_opt_ PLARGE_INTEGER ByteOffset
,
375 _In_opt_ PULONG Key
);
377 _IRQL_requires_max_(PASSIVE_LEVEL
)
381 ZwQueryFullAttributesFile(
382 _In_ POBJECT_ATTRIBUTES ObjectAttributes
,
383 _Out_ PFILE_NETWORK_OPEN_INFORMATION FileInformation
);
388 _IRQL_requires_max_(PASSIVE_LEVEL
)
392 _In_ HANDLE TimerHandle
,
393 _Out_opt_ PBOOLEAN CurrentState
);
395 _IRQL_requires_max_(PASSIVE_LEVEL
)
396 _When_(return == 0, __drv_allocatesMem(TimerObject
))
400 _Out_ PHANDLE TimerHandle
,
401 _In_ ACCESS_MASK DesiredAccess
,
402 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes
,
403 _In_ TIMER_TYPE TimerType
);
405 _IRQL_requires_max_(PASSIVE_LEVEL
)
409 _Out_ PHANDLE TimerHandle
,
410 _In_ ACCESS_MASK DesiredAccess
,
411 _In_ POBJECT_ATTRIBUTES ObjectAttributes
);
413 _IRQL_requires_max_(PASSIVE_LEVEL
)
417 ZwSetInformationThread(
418 _In_ HANDLE ThreadHandle
,
419 _In_ THREADINFOCLASS ThreadInformationClass
,
420 _In_reads_bytes_(ThreadInformationLength
) PVOID ThreadInformation
,
421 _In_ ULONG ThreadInformationLength
);
423 _IRQL_requires_max_(PASSIVE_LEVEL
)
427 _In_ HANDLE TimerHandle
,
428 _In_ PLARGE_INTEGER DueTime
,
429 _In_opt_ PTIMER_APC_ROUTINE TimerApcRoutine
,
430 _In_opt_ PVOID TimerContext
,
431 _In_ BOOLEAN ResumeTimer
,
432 _In_opt_ LONG Period
,
433 _Out_opt_ PBOOLEAN PreviousState
);
435 _IRQL_requires_max_(PASSIVE_LEVEL
)
440 _In_ PUNICODE_STRING String
);
442 _IRQL_requires_max_(PASSIVE_LEVEL
)
447 _In_ POWER_INFORMATION_LEVEL PowerInformationLevel
,
448 _In_reads_bytes_opt_(InputBufferLength
) PVOID InputBuffer
,
449 _In_ ULONG InputBufferLength
,
450 _Out_writes_bytes_opt_(OutputBufferLength
) PVOID OutputBuffer
,
451 _In_ ULONG OutputBufferLength
);
453 _IRQL_requires_max_(PASSIVE_LEVEL
)
457 ZwQueryVolumeInformationFile(
458 _In_ HANDLE FileHandle
,
459 _Out_ PIO_STATUS_BLOCK IoStatusBlock
,
460 _Out_writes_bytes_(Length
) PVOID FsInformation
,
462 _In_ FS_INFORMATION_CLASS FsInformationClass
);
464 _IRQL_requires_max_(PASSIVE_LEVEL
)
468 ZwDeviceIoControlFile(
469 _In_ HANDLE FileHandle
,
470 _In_opt_ HANDLE Event
,
471 _In_opt_ PIO_APC_ROUTINE ApcRoutine
,
472 _In_opt_ PVOID ApcContext
,
473 _Out_ PIO_STATUS_BLOCK IoStatusBlock
,
474 _In_ ULONG IoControlCode
,
475 _In_reads_bytes_opt_(InputBufferLength
) PVOID InputBuffer
,
476 _In_ ULONG InputBufferLength
,
477 _Out_writes_bytes_opt_(OutputBufferLength
) PVOID OutputBuffer
,
478 _In_ ULONG OutputBufferLength
);
483 _IRQL_requires_max_(PASSIVE_LEVEL
)
488 _In_opt_ HANDLE Handle
,
489 _In_ OBJECT_INFORMATION_CLASS ObjectInformationClass
,
490 _Out_writes_bytes_opt_(ObjectInformationLength
) PVOID ObjectInformation
,
491 _In_ ULONG ObjectInformationLength
,
492 _Out_opt_ PULONG ReturnLength
);
494 _IRQL_requires_max_(PASSIVE_LEVEL
)
499 _In_ HANDLE KeyHandle
,
500 _In_opt_ HANDLE EventHandle
,
501 _In_opt_ PIO_APC_ROUTINE ApcRoutine
,
502 _In_opt_ PVOID ApcContext
,
503 _Out_ PIO_STATUS_BLOCK IoStatusBlock
,
504 _In_ ULONG NotifyFilter
,
505 _In_ BOOLEAN WatchSubtree
,
506 _Out_writes_bytes_opt_(BufferLength
) PVOID Buffer
,
507 _In_ ULONG BufferLength
,
508 _In_ BOOLEAN Asynchronous
);
510 _IRQL_requires_max_(PASSIVE_LEVEL
)
515 _Out_ PHANDLE EventHandle
,
516 _In_ ACCESS_MASK DesiredAccess
,
517 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes
,
518 _In_ EVENT_TYPE EventType
,
519 _In_ BOOLEAN InitialState
);
521 _IRQL_requires_max_(PASSIVE_LEVEL
)
526 _In_ POBJECT_ATTRIBUTES ObjectAttributes
);
528 _IRQL_requires_max_(PASSIVE_LEVEL
)
532 ZwQueryDirectoryFile(
533 _In_ HANDLE FileHandle
,
534 _In_opt_ HANDLE Event
,
535 _In_opt_ PIO_APC_ROUTINE ApcRoutine
,
536 _In_opt_ PVOID ApcContext
,
537 _Out_ PIO_STATUS_BLOCK IoStatusBlock
,
538 _Out_writes_bytes_(Length
) PVOID FileInformation
,
540 _In_ FILE_INFORMATION_CLASS FileInformationClass
,
541 _In_ BOOLEAN ReturnSingleEntry
,
542 _In_opt_ PUNICODE_STRING FileName
,
543 _In_ BOOLEAN RestartScan
);
545 _IRQL_requires_max_(PASSIVE_LEVEL
)
549 ZwSetVolumeInformationFile(
550 _In_ HANDLE FileHandle
,
551 _Out_ PIO_STATUS_BLOCK IoStatusBlock
,
552 _In_reads_bytes_(Length
) PVOID FsInformation
,
554 _In_ FS_INFORMATION_CLASS FsInformationClass
);
556 _IRQL_requires_max_(PASSIVE_LEVEL
)
561 _In_ HANDLE FileHandle
,
562 _In_opt_ HANDLE Event
,
563 _In_opt_ PIO_APC_ROUTINE ApcRoutine
,
564 _In_opt_ PVOID ApcContext
,
565 _Out_ PIO_STATUS_BLOCK IoStatusBlock
,
566 _In_ ULONG FsControlCode
,
567 _In_reads_bytes_opt_(InputBufferLength
) PVOID InputBuffer
,
568 _In_ ULONG InputBufferLength
,
569 _Out_writes_bytes_opt_(OutputBufferLength
) PVOID OutputBuffer
,
570 _In_ ULONG OutputBufferLength
);
572 _IRQL_requires_max_(PASSIVE_LEVEL
)
577 _In_ HANDLE SourceProcessHandle
,
578 _In_ HANDLE SourceHandle
,
579 _In_opt_ HANDLE TargetProcessHandle
,
580 _Out_opt_ PHANDLE TargetHandle
,
581 _In_ ACCESS_MASK DesiredAccess
,
582 _In_ ULONG HandleAttributes
,
585 _IRQL_requires_max_(PASSIVE_LEVEL
)
589 ZwOpenDirectoryObject(
590 _Out_ PHANDLE DirectoryHandle
,
591 _In_ ACCESS_MASK DesiredAccess
,
592 _In_ POBJECT_ATTRIBUTES ObjectAttributes
);
594 _Must_inspect_result_
595 _At_(*BaseAddress
, __drv_allocatesMem(Mem
))
600 ZwAllocateVirtualMemory(
601 _In_ HANDLE ProcessHandle
,
602 _Inout_
_Outptr_result_buffer_(*RegionSize
) PVOID
*BaseAddress
,
603 _In_ ULONG_PTR ZeroBits
,
604 _Inout_ PSIZE_T RegionSize
,
605 _In_ ULONG AllocationType
,
608 _IRQL_requires_max_(PASSIVE_LEVEL
)
613 _In_ HANDLE ProcessHandle
,
614 _Inout_
__drv_freesMem(Mem
) PVOID
*BaseAddress
,
615 _Inout_ PSIZE_T RegionSize
,
616 _In_ ULONG FreeType
);
618 _When_(Timeout
== NULL
, _IRQL_requires_max_(APC_LEVEL
))
619 _When_(Timeout
->QuadPart
!= 0, _IRQL_requires_max_(APC_LEVEL
))
620 _When_(Timeout
->QuadPart
== 0, _IRQL_requires_max_(DISPATCH_LEVEL
))
624 ZwWaitForSingleObject(
626 _In_ BOOLEAN Alertable
,
627 _In_opt_ PLARGE_INTEGER Timeout
);
629 _IRQL_requires_max_(DISPATCH_LEVEL
)
634 _In_ HANDLE EventHandle
,
635 _Out_opt_ PLONG PreviousState
);
637 _IRQL_requires_max_(APC_LEVEL
)
641 ZwFlushVirtualMemory(
642 _In_ HANDLE ProcessHandle
,
643 _Inout_ PVOID
*BaseAddress
,
644 _Inout_ PSIZE_T RegionSize
,
645 _Out_ PIO_STATUS_BLOCK IoStatusBlock
);
647 _IRQL_requires_max_(PASSIVE_LEVEL
)
651 ZwQueryInformationToken(
652 _In_ HANDLE TokenHandle
,
653 _In_ TOKEN_INFORMATION_CLASS TokenInformationClass
,
654 _Out_writes_bytes_to_opt_(Length
,*ResultLength
) PVOID TokenInformation
,
656 _Out_ PULONG ResultLength
);
658 _IRQL_requires_max_(PASSIVE_LEVEL
)
664 _In_ SECURITY_INFORMATION SecurityInformation
,
665 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor
);
667 _IRQL_requires_max_(PASSIVE_LEVEL
)
671 ZwQuerySecurityObject(
672 _In_ HANDLE FileHandle
,
673 _In_ SECURITY_INFORMATION SecurityInformation
,
674 _Out_writes_bytes_to_(Length
,*ResultLength
) PSECURITY_DESCRIPTOR SecurityDescriptor
,
676 _Out_ PULONG ResultLength
);
678 #endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */
681 #if (NTDDI_VERSION >= NTDDI_WINXP)
683 _IRQL_requires_max_(PASSIVE_LEVEL
)
687 ZwOpenProcessTokenEx(
688 _In_ HANDLE ProcessHandle
,
689 _In_ ACCESS_MASK DesiredAccess
,
690 _In_ ULONG HandleAttributes
,
691 _Out_ PHANDLE TokenHandle
);
693 _IRQL_requires_max_(PASSIVE_LEVEL
)
698 _In_ HANDLE ThreadHandle
,
699 _In_ ACCESS_MASK DesiredAccess
,
700 _In_ BOOLEAN OpenAsSelf
,
701 _In_ ULONG HandleAttributes
,
702 _Out_ PHANDLE TokenHandle
);
704 #endif /* (NTDDI_VERSION >= NTDDI_WINXP) */
708 #if (NTDDI_VERSION >= NTDDI_WS03)
709 _IRQL_requires_max_(PASSIVE_LEVEL
)
714 _Out_ PHANDLE EventHandle
,
715 _In_ ACCESS_MASK DesiredAccess
,
716 _In_ POBJECT_ATTRIBUTES ObjectAttributes
);
720 $
if (_WDMDDK_
|| _NTIFS_
)
721 #if (NTDDI_VERSION >= NTDDI_VISTA)
722 $
endif (_WDMDDK_
|| _NTIFS_
)
725 _IRQL_requires_max_(PASSIVE_LEVEL
)
728 ZwCreateKeyTransacted(
729 _Out_ PHANDLE KeyHandle
,
730 _In_ ACCESS_MASK DesiredAccess
,
731 _In_ POBJECT_ATTRIBUTES ObjectAttributes
,
732 _Reserved_ ULONG TitleIndex
,
733 _In_opt_ PUNICODE_STRING Class
,
734 _In_ ULONG CreateOptions
,
735 _In_ HANDLE TransactionHandle
,
736 _Out_opt_ PULONG Disposition
);
738 _IRQL_requires_max_(PASSIVE_LEVEL
)
743 _Out_ PHANDLE KeyHandle
,
744 _In_ ACCESS_MASK DesiredAccess
,
745 _In_ POBJECT_ATTRIBUTES ObjectAttributes
,
746 _In_ HANDLE TransactionHandle
);
748 _IRQL_requires_max_(PASSIVE_LEVEL
)
752 ZwCreateTransactionManager(
753 _Out_ PHANDLE TmHandle
,
754 _In_ ACCESS_MASK DesiredAccess
,
755 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes
,
756 _In_opt_ PUNICODE_STRING LogFileName
,
757 _In_opt_ ULONG CreateOptions
,
758 _In_opt_ ULONG CommitStrength
);
760 _IRQL_requires_max_(PASSIVE_LEVEL
)
764 ZwOpenTransactionManager(
765 _Out_ PHANDLE TmHandle
,
766 _In_ ACCESS_MASK DesiredAccess
,
767 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes
,
768 _In_opt_ PUNICODE_STRING LogFileName
,
769 _In_opt_ LPGUID TmIdentity
,
770 _In_opt_ ULONG OpenOptions
);
772 _IRQL_requires_max_(PASSIVE_LEVEL
)
776 ZwRollforwardTransactionManager(
777 _In_ HANDLE TransactionManagerHandle
,
778 _In_opt_ PLARGE_INTEGER TmVirtualClock
);
780 _IRQL_requires_max_(PASSIVE_LEVEL
)
784 ZwRecoverTransactionManager(
785 _In_ HANDLE TransactionManagerHandle
);
787 _IRQL_requires_max_(PASSIVE_LEVEL
)
791 ZwQueryInformationTransactionManager(
792 _In_ HANDLE TransactionManagerHandle
,
793 _In_ TRANSACTIONMANAGER_INFORMATION_CLASS TransactionManagerInformationClass
,
794 _Out_writes_bytes_(TransactionManagerInformationLength
) PVOID TransactionManagerInformation
,
795 _In_ ULONG TransactionManagerInformationLength
,
796 _Out_opt_ PULONG ReturnLength
);
798 _IRQL_requires_max_(PASSIVE_LEVEL
)
802 ZwSetInformationTransactionManager(
803 _In_ HANDLE TmHandle
,
804 _In_ TRANSACTIONMANAGER_INFORMATION_CLASS TransactionManagerInformationClass
,
805 _In_ PVOID TransactionManagerInformation
,
806 _In_ ULONG TransactionManagerInformationLength
);
808 _IRQL_requires_max_(PASSIVE_LEVEL
)
812 ZwEnumerateTransactionObject(
813 _In_opt_ HANDLE RootObjectHandle
,
814 _In_ KTMOBJECT_TYPE QueryType
,
815 _Inout_updates_bytes_(ObjectCursorLength
) PKTMOBJECT_CURSOR ObjectCursor
,
816 _In_ ULONG ObjectCursorLength
,
817 _Out_ PULONG ReturnLength
);
819 _IRQL_requires_max_(PASSIVE_LEVEL
)
824 _Out_ PHANDLE TransactionHandle
,
825 _In_ ACCESS_MASK DesiredAccess
,
826 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes
,
828 _In_opt_ HANDLE TmHandle
,
829 _In_opt_ ULONG CreateOptions
,
830 _In_opt_ ULONG IsolationLevel
,
831 _In_opt_ ULONG IsolationFlags
,
832 _In_opt_ PLARGE_INTEGER Timeout
,
833 _In_opt_ PUNICODE_STRING Description
);
835 _IRQL_requires_max_(PASSIVE_LEVEL
)
840 _Out_ PHANDLE TransactionHandle
,
841 _In_ ACCESS_MASK DesiredAccess
,
842 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes
,
844 _In_opt_ HANDLE TmHandle
);
846 _IRQL_requires_max_(PASSIVE_LEVEL
)
850 ZwQueryInformationTransaction(
851 _In_ HANDLE TransactionHandle
,
852 _In_ TRANSACTION_INFORMATION_CLASS TransactionInformationClass
,
853 _Out_writes_bytes_(TransactionInformationLength
) PVOID TransactionInformation
,
854 _In_ ULONG TransactionInformationLength
,
855 _Out_opt_ PULONG ReturnLength
);
857 _IRQL_requires_max_(PASSIVE_LEVEL
)
861 ZwSetInformationTransaction(
862 _In_ HANDLE TransactionHandle
,
863 _In_ TRANSACTION_INFORMATION_CLASS TransactionInformationClass
,
864 _In_ PVOID TransactionInformation
,
865 _In_ ULONG TransactionInformationLength
);
867 _IRQL_requires_max_(PASSIVE_LEVEL
)
872 _In_ HANDLE TransactionHandle
,
875 _IRQL_requires_max_(PASSIVE_LEVEL
)
879 ZwRollbackTransaction(
880 _In_ HANDLE TransactionHandle
,
883 _IRQL_requires_max_(PASSIVE_LEVEL
)
887 ZwCreateResourceManager(
888 _Out_ PHANDLE ResourceManagerHandle
,
889 _In_ ACCESS_MASK DesiredAccess
,
890 _In_ HANDLE TmHandle
,
891 _In_opt_ LPGUID ResourceManagerGuid
,
892 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes
,
893 _In_opt_ ULONG CreateOptions
,
894 _In_opt_ PUNICODE_STRING Description
);
896 _IRQL_requires_max_(PASSIVE_LEVEL
)
900 ZwOpenResourceManager(
901 _Out_ PHANDLE ResourceManagerHandle
,
902 _In_ ACCESS_MASK DesiredAccess
,
903 _In_ HANDLE TmHandle
,
904 _In_ LPGUID ResourceManagerGuid
,
905 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes
);
907 _IRQL_requires_max_(PASSIVE_LEVEL
)
911 ZwRecoverResourceManager(
912 _In_ HANDLE ResourceManagerHandle
);
914 _IRQL_requires_max_(PASSIVE_LEVEL
)
918 ZwGetNotificationResourceManager(
919 _In_ HANDLE ResourceManagerHandle
,
920 _Out_ PTRANSACTION_NOTIFICATION TransactionNotification
,
921 _In_ ULONG NotificationLength
,
922 _In_ PLARGE_INTEGER Timeout
,
923 _Out_opt_ PULONG ReturnLength
,
924 _In_ ULONG Asynchronous
,
925 _In_opt_ ULONG_PTR AsynchronousContext
);
927 _IRQL_requires_max_(PASSIVE_LEVEL
)
931 ZwQueryInformationResourceManager(
932 _In_ HANDLE ResourceManagerHandle
,
933 _In_ RESOURCEMANAGER_INFORMATION_CLASS ResourceManagerInformationClass
,
934 _Out_writes_bytes_(ResourceManagerInformationLength
) PVOID ResourceManagerInformation
,
935 _In_ ULONG ResourceManagerInformationLength
,
936 _Out_opt_ PULONG ReturnLength
);
938 _IRQL_requires_max_(PASSIVE_LEVEL
)
942 ZwSetInformationResourceManager(
943 _In_ HANDLE ResourceManagerHandle
,
944 _In_ RESOURCEMANAGER_INFORMATION_CLASS ResourceManagerInformationClass
,
945 _In_reads_bytes_(ResourceManagerInformationLength
) PVOID ResourceManagerInformation
,
946 _In_ ULONG ResourceManagerInformationLength
);
948 _IRQL_requires_max_(PASSIVE_LEVEL
)
953 _Out_ PHANDLE EnlistmentHandle
,
954 _In_ ACCESS_MASK DesiredAccess
,
955 _In_ HANDLE ResourceManagerHandle
,
956 _In_ HANDLE TransactionHandle
,
957 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes
,
958 _In_opt_ ULONG CreateOptions
,
959 _In_ NOTIFICATION_MASK NotificationMask
,
960 _In_opt_ PVOID EnlistmentKey
);
962 _IRQL_requires_max_(PASSIVE_LEVEL
)
967 _Out_ PHANDLE EnlistmentHandle
,
968 _In_ ACCESS_MASK DesiredAccess
,
969 _In_ HANDLE RmHandle
,
970 _In_ LPGUID EnlistmentGuid
,
971 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes
);
973 _IRQL_requires_max_(PASSIVE_LEVEL
)
977 ZwQueryInformationEnlistment(
978 _In_ HANDLE EnlistmentHandle
,
979 _In_ ENLISTMENT_INFORMATION_CLASS EnlistmentInformationClass
,
980 _Out_writes_bytes_(EnlistmentInformationLength
) PVOID EnlistmentInformation
,
981 _In_ ULONG EnlistmentInformationLength
,
982 _Out_opt_ PULONG ReturnLength
);
984 _IRQL_requires_max_(PASSIVE_LEVEL
)
988 ZwSetInformationEnlistment(
989 _In_ HANDLE EnlistmentHandle
,
990 _In_ ENLISTMENT_INFORMATION_CLASS EnlistmentInformationClass
,
991 _In_reads_bytes_(EnlistmentInformationLength
) PVOID EnlistmentInformation
,
992 _In_ ULONG EnlistmentInformationLength
);
994 _IRQL_requires_max_(PASSIVE_LEVEL
)
999 _In_ HANDLE EnlistmentHandle
,
1000 _In_opt_ PVOID EnlistmentKey
);
1002 _IRQL_requires_max_(PASSIVE_LEVEL
)
1006 ZwPrePrepareEnlistment(
1007 _In_ HANDLE EnlistmentHandle
,
1008 _In_opt_ PLARGE_INTEGER TmVirtualClock
);
1010 _IRQL_requires_max_(PASSIVE_LEVEL
)
1014 ZwPrepareEnlistment(
1015 _In_ HANDLE EnlistmentHandle
,
1016 _In_opt_ PLARGE_INTEGER TmVirtualClock
);
1018 _IRQL_requires_max_(PASSIVE_LEVEL
)
1023 _In_ HANDLE EnlistmentHandle
,
1024 _In_opt_ PLARGE_INTEGER TmVirtualClock
);
1026 _IRQL_requires_max_(PASSIVE_LEVEL
)
1030 ZwRollbackEnlistment(
1031 _In_ HANDLE EnlistmentHandle
,
1032 _In_opt_ PLARGE_INTEGER TmVirtualClock
);
1034 _IRQL_requires_max_(PASSIVE_LEVEL
)
1038 ZwPrePrepareComplete(
1039 _In_ HANDLE EnlistmentHandle
,
1040 _In_opt_ PLARGE_INTEGER TmVirtualClock
);
1042 _IRQL_requires_max_(PASSIVE_LEVEL
)
1047 _In_ HANDLE EnlistmentHandle
,
1048 _In_opt_ PLARGE_INTEGER TmVirtualClock
);
1050 _IRQL_requires_max_(PASSIVE_LEVEL
)
1055 _In_ HANDLE EnlistmentHandle
,
1056 _In_opt_ PLARGE_INTEGER TmVirtualClock
);
1058 _IRQL_requires_max_(PASSIVE_LEVEL
)
1062 ZwReadOnlyEnlistment(
1063 _In_ HANDLE EnlistmentHandle
,
1064 _In_opt_ PLARGE_INTEGER TmVirtualClock
);
1070 _In_ HANDLE EnlistmentHandle
,
1071 _In_opt_ PLARGE_INTEGER TmVirtualClock
);
1076 ZwSinglePhaseReject(
1077 _In_ HANDLE EnlistmentHandle
,
1078 _In_opt_ PLARGE_INTEGER TmVirtualClock
);
1082 _IRQL_requires_max_(PASSIVE_LEVEL
)
1087 _In_ HANDLE FileHandle
,
1088 _In_opt_ HANDLE Event
,
1089 _In_opt_ PIO_APC_ROUTINE ApcRoutine
,
1090 _In_opt_ PVOID ApcContext
,
1091 _Out_ PIO_STATUS_BLOCK IoStatusBlock
,
1092 _In_ PLARGE_INTEGER ByteOffset
,
1093 _In_ PLARGE_INTEGER Length
,
1095 _In_ BOOLEAN FailImmediately
,
1096 _In_ BOOLEAN ExclusiveLock
);
1098 _IRQL_requires_max_(PASSIVE_LEVEL
)
1103 _In_ HANDLE FileHandle
,
1104 _Out_ PIO_STATUS_BLOCK IoStatusBlock
,
1105 _In_ PLARGE_INTEGER ByteOffset
,
1106 _In_ PLARGE_INTEGER Length
,
1109 _IRQL_requires_max_(PASSIVE_LEVEL
)
1113 ZwQueryQuotaInformationFile(
1114 _In_ HANDLE FileHandle
,
1115 _Out_ PIO_STATUS_BLOCK IoStatusBlock
,
1116 _Out_writes_bytes_(Length
) PVOID Buffer
,
1118 _In_ BOOLEAN ReturnSingleEntry
,
1119 _In_reads_bytes_opt_(SidListLength
) PVOID SidList
,
1120 _In_ ULONG SidListLength
,
1121 _In_opt_ PSID StartSid
,
1122 _In_ BOOLEAN RestartScan
);
1124 _IRQL_requires_max_(PASSIVE_LEVEL
)
1128 ZwSetQuotaInformationFile(
1129 _In_ HANDLE FileHandle
,
1130 _Out_ PIO_STATUS_BLOCK IoStatusBlock
,
1131 _In_reads_bytes_(Length
) PVOID Buffer
,
1134 _IRQL_requires_max_(PASSIVE_LEVEL
)
1139 _In_ HANDLE FileHandle
,
1140 _Out_ PIO_STATUS_BLOCK IoStatusBlock
);
1142 $
if (_WDMDDK_
|| _NTIFS_
)
1143 #endif /* (NTDDI_VERSION >= NTDDI_VISTA) */
1144 $
endif (_WDMDDK_
|| _NTIFS_
)
1145 #if (NTDDI_VERSION >= NTDDI_WIN7)
1148 _IRQL_requires_max_(PASSIVE_LEVEL
)
1153 _Out_ PHANDLE KeyHandle
,
1154 _In_ ACCESS_MASK DesiredAccess
,
1155 _In_ POBJECT_ATTRIBUTES ObjectAttributes
,
1156 _In_ ULONG OpenOptions
);
1158 _IRQL_requires_max_(PASSIVE_LEVEL
)
1162 ZwOpenKeyTransactedEx(
1163 _Out_ PHANDLE KeyHandle
,
1164 _In_ ACCESS_MASK DesiredAccess
,
1165 _In_ POBJECT_ATTRIBUTES ObjectAttributes
,
1166 _In_ ULONG OpenOptions
,
1167 _In_ HANDLE TransactionHandle
);
1172 ZwNotifyChangeMultipleKeys(
1173 _In_ HANDLE MasterKeyHandle
,
1174 _In_opt_ ULONG Count
,
1175 _In_opt_ OBJECT_ATTRIBUTES SubordinateObjects
[],
1176 _In_opt_ HANDLE Event
,
1177 _In_opt_ PIO_APC_ROUTINE ApcRoutine
,
1178 _In_opt_ PVOID ApcContext
,
1179 _Out_ PIO_STATUS_BLOCK IoStatusBlock
,
1180 _In_ ULONG CompletionFilter
,
1181 _In_ BOOLEAN WatchTree
,
1182 _Out_opt_ PVOID Buffer
,
1183 _In_ ULONG BufferSize
,
1184 _In_ BOOLEAN Asynchronous
);
1189 ZwQueryMultipleValueKey(
1190 _In_ HANDLE KeyHandle
,
1191 _Inout_ PKEY_VALUE_ENTRY ValueEntries
,
1192 _In_ ULONG EntryCount
,
1193 _Out_ PVOID ValueBuffer
,
1194 _Inout_ PULONG BufferLength
,
1195 _Out_opt_ PULONG RequiredBufferLength
);
1197 _IRQL_requires_max_(PASSIVE_LEVEL
)
1202 _In_ HANDLE KeyHandle
,
1203 _In_ PUNICODE_STRING NewName
);
1205 _IRQL_requires_max_(PASSIVE_LEVEL
)
1209 ZwSetInformationKey(
1210 _In_ HANDLE KeyHandle
,
1211 _In_
__drv_strictTypeMatch(__drv_typeConst
) KEY_SET_INFORMATION_CLASS KeySetInformationClass
,
1212 _In_reads_bytes_(KeySetInformationLength
) PVOID KeySetInformation
,
1213 _In_ ULONG KeySetInformationLength
);
1218 _IRQL_requires_max_(PASSIVE_LEVEL
)
1222 _In_ HANDLE TimerHandle
,
1223 _In_ TIMER_SET_INFORMATION_CLASS TimerSetInformationClass
,
1224 _Inout_updates_bytes_opt_(TimerSetInformationLength
) PVOID TimerSetInformation
,
1225 _In_ ULONG TimerSetInformationLength
);
1229 _IRQL_requires_max_(PASSIVE_LEVEL
)
1233 ZwSetInformationToken(
1234 _In_ HANDLE TokenHandle
,
1235 _In_ TOKEN_INFORMATION_CLASS TokenInformationClass
,
1236 _In_reads_bytes_(TokenInformationLength
) PVOID TokenInformation
,
1237 _In_ ULONG TokenInformationLength
);
1239 #if (VER_PRODUCTBUILD >= 2195)
1243 ZwAdjustPrivilegesToken (
1244 _In_ HANDLE TokenHandle
,
1245 _In_ BOOLEAN DisableAllPrivileges
,
1246 _In_ PTOKEN_PRIVILEGES NewState
,
1247 _In_ ULONG BufferLength
,
1248 _Out_opt_ PTOKEN_PRIVILEGES PreviousState
,
1249 _Out_ PULONG ReturnLength
1251 #endif /* (VER_PRODUCTBUILD >= 2195) */
1257 _In_ HANDLE ThreadHandle
1263 ZwAccessCheckAndAuditAlarm (
1264 _In_ PUNICODE_STRING SubsystemName
,
1265 _In_ PVOID HandleId
,
1266 _In_ PUNICODE_STRING ObjectTypeName
,
1267 _In_ PUNICODE_STRING ObjectName
,
1268 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor
,
1269 _In_ ACCESS_MASK DesiredAccess
,
1270 _In_ PGENERIC_MAPPING GenericMapping
,
1271 _In_ BOOLEAN ObjectCreation
,
1272 _Out_ PACCESS_MASK GrantedAccess
,
1273 _Out_ PBOOLEAN AccessStatus
,
1274 _Out_ PBOOLEAN GenerateOnClose
1277 #if (VER_PRODUCTBUILD >= 2195)
1282 _In_ HANDLE FileHandle
,
1283 _Out_ PIO_STATUS_BLOCK IoStatusBlock
1285 #endif /* (VER_PRODUCTBUILD >= 2195) */
1291 _In_ HANDLE EventHandle
1297 ZwCloseObjectAuditAlarm (
1298 _In_ PUNICODE_STRING SubsystemName
,
1299 _In_ PVOID HandleId
,
1300 _In_ BOOLEAN GenerateOnClose
1306 ZwCreateSymbolicLinkObject (
1307 _Out_ PHANDLE SymbolicLinkHandle
,
1308 _In_ ACCESS_MASK DesiredAccess
,
1309 _In_ POBJECT_ATTRIBUTES ObjectAttributes
,
1310 _In_ PUNICODE_STRING TargetName
1316 ZwFlushInstructionCache (
1317 _In_ HANDLE ProcessHandle
,
1318 _In_opt_ PVOID BaseAddress
,
1319 _In_ ULONG FlushSize
1326 _In_ HANDLE FileHandle
,
1327 _Out_ PIO_STATUS_BLOCK IoStatusBlock
1330 #if (VER_PRODUCTBUILD >= 2195)
1334 ZwInitiatePowerAction (
1335 _In_ POWER_ACTION SystemAction
,
1336 _In_ SYSTEM_POWER_STATE MinSystemState
,
1338 _In_ BOOLEAN Asynchronous
1340 #endif /* (VER_PRODUCTBUILD >= 2195) */
1346 _In_ POBJECT_ATTRIBUTES KeyObjectAttributes
,
1347 _In_ POBJECT_ATTRIBUTES FileObjectAttributes
1353 ZwOpenProcessToken (
1354 _In_ HANDLE ProcessHandle
,
1355 _In_ ACCESS_MASK DesiredAccess
,
1356 _Out_ PHANDLE TokenHandle
1363 _Out_ PHANDLE ThreadHandle
,
1364 _In_ ACCESS_MASK DesiredAccess
,
1365 _In_ POBJECT_ATTRIBUTES ObjectAttributes
,
1366 _In_ PCLIENT_ID ClientId
1373 _In_ HANDLE ThreadHandle
,
1374 _In_ ACCESS_MASK DesiredAccess
,
1375 _In_ BOOLEAN OpenAsSelf
,
1376 _Out_ PHANDLE TokenHandle
1383 _In_ HANDLE EventHandle
,
1384 _In_opt_ PLONG PulseCount
1390 ZwQueryDefaultLocale (
1391 _In_ BOOLEAN UserProfile
,
1392 _Out_ PLCID DefaultLocaleId
1395 #if (VER_PRODUCTBUILD >= 2195)
1396 _IRQL_requires_max_(PASSIVE_LEVEL
)
1400 ZwQueryDirectoryObject(
1401 _In_ HANDLE DirectoryHandle
,
1403 _In_ ULONG BufferLength
,
1404 _In_ BOOLEAN ReturnSingleEntry
,
1405 _In_ BOOLEAN RestartScan
,
1406 _Inout_ PULONG Context
,
1407 _Out_opt_ PULONG ReturnLength
1409 #endif /* (VER_PRODUCTBUILD >= 2195) */
1415 _In_ POBJECT_ATTRIBUTES NewFileObjectAttributes
,
1416 _In_ HANDLE KeyHandle
,
1417 _In_ POBJECT_ATTRIBUTES OldFileObjectAttributes
1424 _In_ HANDLE EventHandle
,
1425 _Out_opt_ PLONG NumberOfWaitingThreads
1428 #if (VER_PRODUCTBUILD >= 2195)
1433 _In_ HANDLE KeyHandle
,
1434 _In_ HANDLE FileHandle
,
1437 #endif /* (VER_PRODUCTBUILD >= 2195) */
1443 _In_ HANDLE KeyHandle
,
1444 _In_ HANDLE FileHandle
1450 ZwSetDefaultLocale (
1451 _In_ BOOLEAN UserProfile
,
1452 _In_ LCID DefaultLocaleId
1455 #if (VER_PRODUCTBUILD >= 2195)
1459 ZwSetDefaultUILanguage (
1460 _In_ LANGID LanguageId
1462 #endif /* (VER_PRODUCTBUILD >= 2195) */
1467 ZwSetInformationProcess (
1468 _In_ HANDLE ProcessHandle
,
1469 _In_ PROCESSINFOCLASS ProcessInformationClass
,
1470 _In_ PVOID ProcessInformation
,
1471 _In_ ULONG ProcessInformationLength
1478 _In_ PLARGE_INTEGER NewTime
,
1479 _Out_opt_ PLARGE_INTEGER OldTime
1486 _In_ POBJECT_ATTRIBUTES KeyObjectAttributes
1492 ZwWaitForMultipleObjects (
1493 _In_ ULONG HandleCount
,
1494 _In_ PHANDLE Handles
,
1495 _In_ WAIT_TYPE WaitType
,
1496 _In_ BOOLEAN Alertable
,
1497 _In_opt_ PLARGE_INTEGER Timeout
1508 #endif /* (NTDDI_VERSION >= NTDDI_WIN7) */