+@ stub I_ScGetCurrentGroupStateW
@ stdcall A_SHAFinal(ptr ptr)
@ stdcall A_SHAInit(ptr)
@ stdcall A_SHAUpdate(ptr ptr long)
@ stdcall AddAuditAccessAce(ptr long long ptr long long)
@ stdcall AddAuditAccessAceEx(ptr long long long ptr long long)
@ stdcall AddAuditAccessObjectAce(ptr long long long ptr ptr ptr long long)
-;@ stdcall AddMandatoryAce(ptr long long long ptr)
@ stdcall AddUsersToEncryptedFile(wstr ptr)
@ stdcall AdjustTokenGroups(long long ptr long ptr ptr)
@ stdcall AdjustTokenPrivileges(long long ptr long ptr ptr)
@ stdcall CommandLineFromMsiDescriptor(wstr ptr ptr)
@ stub ComputeAccessTokenFromCodeAuthzLevel
@ stdcall ControlService(long long ptr)
-@ stdcall ControlServiceEx(ptr long long ptr)
-@ stdcall ControlTraceA(double str ptr long)
-@ stdcall ControlTraceW(double wstr ptr long)
+@ stdcall ControlTraceA(double str ptr long) ntdll.EtwControlTraceA
+@ stdcall ControlTraceW(double wstr ptr long) ntdll.EtwControlTraceW
@ stub ConvertAccessToSecurityDescriptorA
@ stub ConvertAccessToSecurityDescriptorW
@ stub ConvertSDToStringSDRootDomainA
@ stdcall CreatePrivateObjectSecurityEx(ptr ptr ptr ptr long long ptr ptr)
@ stdcall CreatePrivateObjectSecurityWithMultipleInheritance(ptr ptr ptr ptr long long long ptr ptr)
@ stdcall CreateProcessAsUserA(long str str ptr ptr long long ptr str ptr ptr)
-# @ stub CreateProcessAsUserSecure
@ stdcall CreateProcessAsUserW(long str str ptr ptr long long ptr str ptr ptr)
@ stdcall CreateProcessWithLogonW(wstr wstr wstr long wstr wstr long ptr wstr ptr ptr)
@ stdcall CreateProcessWithTokenW(ptr long wstr wstr long ptr wstr ptr ptr)
@ stdcall CreateRestrictedToken(long long long ptr long ptr long ptr ptr)
@ stdcall CreateServiceA(long str str long long long long str str ptr str str str)
@ stdcall CreateServiceW(long wstr wstr long long long long wstr wstr ptr wstr wstr wstr)
-@ stub CreateTraceInstanceId
+@ stdcall CreateTraceInstanceId(ptr ptr) ntdll.EtwCreateTraceInstanceId
@ stdcall CreateWellKnownSid(long ptr ptr ptr)
@ stdcall CredDeleteA(str long long)
@ stdcall CredDeleteW(wstr long long)
@ stdcall CredGetSessionTypes(long ptr)
@ stub CredGetTargetInfoA
@ stub CredGetTargetInfoW
-@ stub CredIsMarshaledCredentialA
-@ stub CredIsMarshaledCredentialW
-@ stub CredMarshalCredentialA
-@ stub CredMarshalCredentialW
+@ stdcall CredIsMarshaledCredentialA(str)
+@ stdcall CredIsMarshaledCredentialW(wstr)
+@ stdcall CredMarshalCredentialA(long ptr str)
+@ stdcall CredMarshalCredentialW(long ptr wstr)
@ stub CredProfileLoaded
@ stdcall CredReadA(str long long ptr)
@ stdcall CredReadDomainCredentialsA(ptr long ptr ptr)
@ stub ElfClearEventLogFileW
@ stub ElfCloseEventLog
@ stub ElfDeregisterEventSource
-@ stub ElfDeregisterEventSourceW
@ stub ElfFlushEventLog
@ stub ElfNumberOfRecords
@ stub ElfOldestRecord
@ stub ElfRegisterEventSourceA
@ stub ElfRegisterEventSourceW
@ stub ElfReportEventA
+@ stub ElfReportEventAndSourceW
@ stub ElfReportEventW
-@ stdcall EnableTrace(long long long ptr double)
+@ stdcall EnableTrace(long long long ptr double) ntdll.EtwEnableTrace
@ stdcall EncryptFileA(str)
@ stdcall EncryptFileW(wstr)
@ stub EncryptedFileKeyInfo
@ stdcall EncryptionDisable(wstr long)
@ stdcall EnumDependentServicesA(long long ptr long ptr ptr)
@ stdcall EnumDependentServicesW(long long ptr long ptr ptr)
-@ stub EnumServiceGroupA
@ stdcall EnumServiceGroupW(ptr long long ptr long ptr ptr ptr wstr)
@ stdcall EnumServicesStatusA(long long long ptr long ptr ptr ptr)
@ stdcall EnumServicesStatusExA(long long long long ptr long ptr ptr ptr str)
@ stdcall EnumServicesStatusExW(long long long long ptr long ptr ptr ptr wstr)
@ stdcall EnumServicesStatusW(long long long ptr long ptr ptr ptr)
-@ stub EnumerateTraceGuids
+@ stdcall EnumerateTraceGuids(ptr long ptr) ntdll.EtwEnumerateTraceGuids
@ stdcall EqualDomainSid(ptr ptr ptr)
@ stdcall EqualPrefixSid(ptr ptr)
@ stdcall EqualSid(ptr ptr)
@ stdcall FileEncryptionStatusA(str ptr)
@ stdcall FileEncryptionStatusW(wstr ptr)
@ stdcall FindFirstFreeAce(ptr ptr)
-@ stub FlushTraceA
-@ stub FlushTraceW
+@ stdcall FlushTraceA(double str ptr) ntdll.EtwFlushTraceA
+@ stdcall FlushTraceW(double wstr ptr) ntdll.EtwFlushTraceW
@ stub FreeEncryptedFileKeyInfo
@ stdcall FreeEncryptionCertificateHashList(ptr)
@ stdcall FreeInheritedFromArray(ptr long ptr)
@ stub GetLocalManagedApplications
@ stub GetManagedApplicationCategories
@ stub GetManagedApplications
-@ stub GetMangledSiteSid
@ stdcall GetMultipleTrusteeA(ptr)
@ stdcall GetMultipleTrusteeOperationA(ptr)
@ stdcall GetMultipleTrusteeOperationW(ptr)
@ stdcall GetSidLengthRequired(long)
@ stdcall GetSidSubAuthority(ptr long)
@ stdcall GetSidSubAuthorityCount(ptr)
-@ stdcall GetSiteSidFromToken(ptr)
@ stdcall GetTokenInformation(long long ptr long ptr)
-@ stdcall GetTraceEnableFlags(double)
-@ stdcall GetTraceEnableLevel(double)
-@ stdcall GetTraceLoggerHandle(ptr)
+@ stdcall GetTraceEnableFlags(double) ntdll.EtwGetTraceEnableFlags
+@ stdcall GetTraceEnableLevel(double) ntdll.EtwGetTraceEnableLevel
+@ stdcall GetTraceLoggerHandle(ptr) ntdll.EtwGetTraceLoggerHandle
@ stdcall GetTrusteeFormA(ptr)
@ stdcall GetTrusteeFormW(ptr)
@ stdcall GetTrusteeNameA(ptr)
@ stdcall GetUserNameA(ptr ptr)
@ stdcall GetUserNameW(ptr ptr)
@ stdcall GetWindowsAccountDomainSid(ptr ptr ptr)
-@ stub I_ScGetCurrentGroupStateW
+@ stub I_QueryTagInformation
@ stub I_ScIsSecurityProcess
@ stub I_ScPnPGetServiceName
@ stub I_ScSendTSMessage
-@ stub I_ScSetServiceBit
@ stdcall I_ScSetServiceBitsA(ptr long long long str)
@ stdcall I_ScSetServiceBitsW(ptr long long long wstr)
@ stub IdentifyCodeAuthzLevelW
@ stdcall InitiateSystemShutdownExW(wstr wstr long long long long)
@ stdcall InitiateSystemShutdownW(str str long long long)
@ stub InstallApplication
-@ stub IsProcessRestricted
@ stdcall IsTextUnicode(ptr long ptr) ntdll.RtlIsTextUnicode
@ stdcall IsTokenRestricted(long)
@ stub IsTokenUntrusted
@ stub LsaICLookupNamesWithCreds
@ stub LsaICLookupSids
@ stub LsaICLookupSidsWithCreds
-@ stdcall LsaLookupNames(ptr long ptr ptr ptr)
@ stdcall LsaLookupNames2(ptr long long ptr ptr ptr)
+@ stdcall LsaLookupNames(ptr long ptr ptr ptr)
@ stdcall LsaLookupPrivilegeDisplayName(ptr ptr ptr ptr)
@ stdcall LsaLookupPrivilegeName(ptr ptr ptr)
@ stdcall LsaLookupPrivilegeValue(ptr ptr ptr)
@ stdcall LsaQuerySecurityObject(ptr long ptr)
@ stdcall LsaQueryTrustedDomainInfo(ptr ptr long ptr)
@ stdcall LsaQueryTrustedDomainInfoByName(ptr ptr long ptr)
-@ stdcall LsaRegisterPolicyChangeNotification(long long)
@ stdcall LsaRemoveAccountRights(ptr ptr long ptr long)
@ stdcall LsaRemovePrivilegesFromAccount(ptr long ptr)
@ stdcall LsaRetrievePrivateData(ptr ptr ptr)
@ stdcall LsaSetTrustedDomainInfoByName(ptr ptr long ptr)
@ stdcall LsaSetTrustedDomainInformation(ptr ptr long ptr)
@ stdcall LsaStorePrivateData(ptr ptr ptr)
-@ stdcall LsaUnregisterPolicyChangeNotification(long long)
@ stdcall MD4Final(ptr)
@ stdcall MD4Init(ptr)
@ stdcall MD4Update(ptr ptr long)
@ stdcall MD5Final(ptr)
@ stdcall MD5Init(ptr)
@ stdcall MD5Update(ptr ptr long)
-@ stub MSChapSrvChangePassword
@ stub MSChapSrvChangePassword2
-@ stdcall MakeAbsoluteSD(ptr ptr ptr ptr ptr ptr ptr ptr ptr ptr ptr)
+@ stub MSChapSrvChangePassword
@ stdcall MakeAbsoluteSD2(ptr ptr)
+@ stdcall MakeAbsoluteSD(ptr ptr ptr ptr ptr ptr ptr ptr ptr ptr ptr)
@ stdcall MakeSelfRelativeSD(ptr ptr ptr)
@ stdcall MapGenericMask(ptr ptr) ntdll.RtlMapGenericMask
@ stdcall NotifyBootConfigStatus(long)
@ stdcall PrivilegedServiceAuditAlarmW(wstr wstr long ptr long)
@ stub ProcessIdleTasks
@ stub ProcessTrace
-@ stub ProvAccessRightsToNTAccessMask # ?
-@ stdcall QueryAllTracesA(ptr long ptr)
-@ stdcall QueryAllTracesW(ptr long ptr)
+@ stdcall QueryAllTracesA(ptr long ptr) ntdll.EtwQueryAllTracesA
+@ stdcall QueryAllTracesW(ptr long ptr) ntdll.EtwQueryAllTracesW
@ stdcall QueryRecoveryAgentsOnEncryptedFile(wstr ptr)
-@ stdcall QuerySecurityAccessMask(long ptr)
@ stdcall QueryServiceConfig2A(long long ptr long ptr)
@ stdcall QueryServiceConfig2W(long long ptr long ptr)
@ stdcall QueryServiceConfigA(long ptr long ptr)
@ stdcall QueryServiceObjectSecurity(long long ptr long ptr)
@ stdcall QueryServiceStatus(long ptr)
@ stdcall QueryServiceStatusEx(long long ptr long ptr)
-@ stub QueryTraceA
-@ stub QueryTraceW
+@ stdcall QueryTraceA(double str ptr) ntdll.EtwQueryTraceA
+@ stdcall QueryTraceW(double str ptr) ntdll.EtwQueryTraceA
@ stdcall QueryUsersOnEncryptedFile(wstr ptr)
-@ stdcall QueryWindows31FilesMigration(long)
@ stub ReadEncryptedFileRaw
@ stdcall ReadEventLogA(long long long ptr long ptr ptr)
@ stdcall ReadEventLogW(long long long ptr long ptr ptr)
@ stdcall RegCloseKey(long)
@ stdcall RegConnectRegistryA(str long ptr)
+@ stub RegConnectRegistryExA
+@ stub RegConnectRegistryExW
@ stdcall RegConnectRegistryW(wstr long ptr)
-@ stdcall RegCopyTreeA(ptr str ptr)
-@ stdcall RegCopyTreeW(ptr wstr ptr)
@ stdcall RegCreateKeyA(long str ptr)
@ stdcall RegCreateKeyExA(long str long ptr long long ptr ptr ptr)
@ stdcall RegCreateKeyExW(long wstr long ptr long long ptr ptr ptr)
@ stdcall RegDeleteKeyExA(long str long long)
@ stdcall RegDeleteKeyExW(long wstr long long)
@ stdcall RegDeleteKeyW(long wstr)
-@ stdcall RegDeleteKeyValueA(ptr str str)
-@ stdcall RegDeleteKeyValueW(ptr wstr wstr)
-@ stdcall RegDeleteTreeA(long str)
-@ stdcall RegDeleteTreeW(long wstr)
@ stdcall RegDeleteValueA(long str)
@ stdcall RegDeleteValueW(long wstr)
@ stdcall RegDisablePredefinedCache()
-@ stdcall RegDisablePredefinedCacheEx()
@ stdcall RegDisableReflectionKey(ptr)
@ stdcall RegEnableReflectionKey(ptr)
@ stdcall RegEnumKeyA(long long ptr long)
@ stdcall RegGetValueW(long wstr wstr long ptr ptr ptr)
@ stdcall RegLoadKeyA(long str str)
@ stdcall RegLoadKeyW(long wstr wstr)
-@ stdcall RegLoadMUIStringA(long str str long ptr long str)
-@ stdcall RegLoadMUIStringW(long wstr wstr long ptr long wstr)
@ stdcall RegNotifyChangeKeyValue(long long long long long)
@ stdcall RegOpenCurrentUser(long ptr)
@ stdcall RegOpenKeyA(long str ptr)
@ stdcall RegQueryValueExA(long str ptr ptr ptr ptr)
@ stdcall RegQueryValueExW(long wstr ptr ptr ptr ptr)
@ stdcall RegQueryValueW(long wstr ptr ptr)
-@ stub RegRemapPreDefKey
@ stdcall RegReplaceKeyA(long str str str)
@ stdcall RegReplaceKeyW(long wstr wstr wstr)
@ stdcall RegRestoreKeyA(long str long)
@ stdcall RegSaveKeyExW(long str ptr long)
@ stdcall RegSaveKeyW(long ptr ptr)
@ stdcall RegSetKeySecurity(long long ptr)
-@ stdcall RegSetKeyValueA(long str str long ptr long)
-@ stdcall RegSetKeyValueW(long wstr wstr long ptr long)
@ stdcall RegSetValueA(long str long ptr long)
@ stdcall RegSetValueExA(long str long long ptr long)
@ stdcall RegSetValueExW(long wstr long long ptr long)
@ stdcall RegisterServiceCtrlHandlerExA(str ptr ptr)
@ stdcall RegisterServiceCtrlHandlerExW(wstr ptr ptr)
@ stdcall RegisterServiceCtrlHandlerW(wstr ptr)
-@ stdcall RegisterTraceGuidsA(ptr ptr ptr long ptr str str ptr)
-@ stdcall RegisterTraceGuidsW(ptr ptr ptr long ptr wstr wstr ptr)
+@ stdcall RegisterTraceGuidsA(ptr ptr ptr long ptr str str ptr) ntdll.EtwRegisterTraceGuidsA
+@ stdcall RegisterTraceGuidsW(ptr ptr ptr long ptr wstr wstr ptr) ntdll.EtwRegisterTraceGuidsW
@ stub RemoveTraceCallback
@ stdcall RemoveUsersFromEncryptedFile(wstr ptr)
@ stdcall ReportEventA(long long long long ptr long long str ptr)
@ stdcall ReportEventW(long long long long ptr long long wstr ptr)
@ stdcall RevertToSelf()
-@ stub SaferCloseLevel
-@ stub SaferComputeTokenFromLevel
+@ stdcall SaferCloseLevel(ptr)
+@ stdcall SaferComputeTokenFromLevel(ptr ptr ptr long ptr)
@ stdcall SaferCreateLevel(long long long ptr ptr)
@ stub SaferGetLevelInformation
@ stdcall SaferGetPolicyInformation(long long long ptr ptr ptr)
-@ stub SaferIdentifyLevel
-@ stub SaferRecordEventLogEntry
+@ stdcall SaferIdentifyLevel(long ptr ptr ptr)
+@ stdcall SaferRecordEventLogEntry(ptr wstr ptr)
@ stub SaferSetLevelInformation
@ stub SaferSetPolicyInformation
@ stub SaferiChangeRegistryScope
@ stdcall SetNamedSecurityInfoW(wstr long ptr ptr ptr ptr ptr)
@ stdcall SetPrivateObjectSecurity(long ptr ptr ptr long)
@ stub SetPrivateObjectSecurityEx
-@ stdcall SetSecurityAccessMask(long ptr)
@ stdcall SetSecurityDescriptorControl(ptr long long)
@ stdcall SetSecurityDescriptorDacl(ptr long ptr long)
@ stdcall SetSecurityDescriptorGroup(ptr ptr long)
@ stdcall StartServiceCtrlDispatcherA(ptr)
@ stdcall StartServiceCtrlDispatcherW(ptr)
@ stdcall StartServiceW(long long ptr)
-@ stdcall StartTraceA(ptr str ptr)
-@ stdcall StartTraceW(ptr wstr ptr)
-@ stub StopTraceA
-@ stub StopTraceW
-@ stdcall SynchronizeWindows31FilesAndWindowsNTRegistry(long long long long)
+@ stdcall StartTraceA(ptr str ptr) ntdll.EtwStartTraceA
+@ stdcall StartTraceW(ptr wstr ptr) ntdll.EtwStartTraceW
+@ stdcall StopTraceA(double str ptr) ntdll.EtwStopTraceA
+@ stdcall StopTraceW(double wstr ptr) ntdll.EtwStopTraceA
@ stdcall SystemFunction001(ptr ptr ptr)
@ stdcall SystemFunction002(ptr ptr ptr)
@ stdcall SystemFunction003(ptr ptr)
@ stdcall SystemFunction036(ptr long) # RtlGenRandom
@ stdcall SystemFunction040(ptr long long) # RtlEncryptMemory
@ stdcall SystemFunction041(ptr long long) # RtlDecryptMemory
-@ stdcall TraceEvent(double ptr)
-@ stub TraceEventInstance
-@ varargs TraceMessage(ptr long ptr long)
-@ stub TraceMessageVa
+@ stdcall TraceEvent(double ptr) ntdll.EtwTraceEvent
+@ stdcall TraceEventInstance(double ptr ptr ptr) ntdll.EtwTraceEventInstance
+@ varargs TraceMessage(ptr long ptr long) ntdll.EtwTraceMessage
+@ stdcall TraceMessageVa(double long ptr long ptr) ntdll.EtwTraceMessageVa
@ stdcall TreeResetNamedSecurityInfoA(str ptr ptr ptr ptr ptr ptr long ptr ptr ptr)
@ stdcall TreeResetNamedSecurityInfoW(wstr long long ptr ptr ptr ptr long ptr long ptr)
@ stub TrusteeAccessToObjectA
@ stub UninstallApplication
@ stdcall UnlockServiceDatabase(ptr)
@ stub UnregisterIdleTask
-@ stdcall UnregisterTraceGuids(double)
-@ stub UpdateTraceA
-@ stub UpdateTraceW
+@ stdcall UnregisterTraceGuids(double) ntdll.EtwUnregisterTraceGuids
+@ stdcall UpdateTraceA(double str ptr) ntdll.EtwUpdateTraceA
+@ stdcall UpdateTraceW(double wstr ptr) ntdll.EtwUpdateTraceW
@ stub WdmWmiServiceMain
@ stub WmiCloseBlock
@ stub WmiCloseTraceWithCursor
@ stub WmiGetTraceHeader
@ stub WmiMofEnumerateResourcesA
@ stub WmiMofEnumerateResourcesW
-@ stub WmiNotificationRegistrationA
-@ stub WmiNotificationRegistrationW
+@ stdcall WmiNotificationRegistrationA(ptr long ptr long long) ntdll.EtwNotificationRegistrationA
+@ stdcall WmiNotificationRegistrationW(ptr long ptr long long) ntdll.EtwNotificationRegistrationW
@ stub WmiOpenBlock
@ stub WmiOpenTraceWithCursor
@ stub WmiParseTraceEvent
@ stub WmiQuerySingleInstanceMultipleA
@ stub WmiQuerySingleInstanceMultipleW
@ stub WmiQuerySingleInstanceW
-@ stub WmiReceiveNotificationsA
-@ stub WmiReceiveNotificationsW
+@ stdcall WmiReceiveNotificationsA() ntdll.EtwReceiveNotificationsA # FIXME prototype
+@ stdcall WmiReceiveNotificationsW() ntdll.EtwReceiveNotificationsW # FIXME prototype
@ stub WmiSetSingleInstanceA
@ stub WmiSetSingleInstanceW
@ stub WmiSetSingleItemA
@ stub WmiSetSingleItemW
@ stub Wow64Win32ApiEntry
-@ stub WriteEncryptedFileRaw
+@ stdcall WriteEncryptedFileRaw(ptr ptr ptr)