-
-/* $Id: zw.h,v 1.5 2003/01/05 19:23:20 robd Exp $
+/* $Id$
*
* COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel
* 04/08/98: Added some documentation (Ariadne)
* 14/08/98: Added type TIME and change variable type from [1] to [0]
* 14/09/98: Added for each Nt call a corresponding Zw Call
+ * 09/08/03: Added ThreadEventPair routines
*/
#ifndef __DDK_ZW_H
LONG EventState;
} EVENT_BASIC_INFORMATION, *PEVENT_BASIC_INFORMATION;
+// wmi trace event data
+typedef struct _EVENT_TRACE_HEADER {
+ USHORT Size;
+ union {
+ USHORT FieldTypeFlags;
+ struct {
+ UCHAR HeaderType;
+ UCHAR MarkerFlags;
+ };
+ };
+ union {
+ ULONG Version;
+ struct {
+ UCHAR Type;
+ UCHAR Level;
+ USHORT Version;
+ } Class;
+ };
+ ULONG ThreadId;
+ ULONG ProcessId;
+ LARGE_INTEGER TimeStamp;
+ union {
+ GUID Guid;
+ ULONGLONG GuidPtr;
+ };
+ union {
+ struct {
+ ULONG ClientContext;
+ ULONG Flags;
+ };
+ struct {
+ ULONG KernelTime;
+ ULONG UserTime;
+ };
+ ULONG64 ProcessorTime;
+ };
+} EVENT_TRACE_HEADER, *PEVENT_TRACE_HEADER;
+
+
+typedef struct _FILE_USER_QUOTA_INFORMATION {
+ ULONG NextEntryOffset;
+ ULONG SidLength;
+ LARGE_INTEGER ChangeTime;
+ LARGE_INTEGER QuotaUsed;
+ LARGE_INTEGER QuotaThreshold;
+ LARGE_INTEGER QuotaLimit;
+ SID Sid[1];
+} FILE_USER_QUOTA_INFORMATION, *PFILE_USER_QUOTA_INFORMATION;
+
+
//#define LCID ULONG
//#define SECURITY_INFORMATION ULONG
//typedef ULONG SECURITY_INFORMATION;
+#ifndef __USE_NT_LPC__
+NTSTATUS STDCALL
+NtAcceptConnectPort (OUT PHANDLE PortHandle,
+ IN PVOID Context,
+ IN PLPC_MESSAGE ServerReply,
+ IN BOOLEAN AcceptIt,
+ IN PLPC_SECTION_WRITE WriteMap,
+ IN PLPC_SECTION_READ ReadMap);
+#else
+NTSTATUS STDCALL
+NtAcceptConnectPort (PHANDLE PortHandle,
+ ULONG PortIdentifier,
+ PLPC_MESSAGE ServerReply,
+ BOOLEAN AcceptIt,
+ PLPC_SECTION_WRITE WriteMap,
+ PLPC_SECTION_READ ReadMap);
+#endif /* ndef __USE_NT_LPC__ */
+
+NTSTATUS
+STDCALL
+NtAddBootEntry(
+ IN PUNICODE_STRING EntryName,
+ IN PUNICODE_STRING EntryValue
+ );
+
+NTSTATUS
+STDCALL
+ZwAddBootEntry(
+ IN PUNICODE_STRING EntryName,
+ IN PUNICODE_STRING EntryValue
+ );
+
/*
* FUNCTION: Adjusts the groups in an access token
* ARGUMENTS:
IN ULONG AllocationType,
IN ULONG Protect);
+
+
+NTSTATUS
+STDCALL
+NtAssignProcessToJobObject(
+ HANDLE JobHandle,
+ HANDLE ProcessHandle);
+
+NTSTATUS
+STDCALL
+ZwAssignProcessToJobObject(
+ HANDLE JobHandle,
+ HANDLE ProcessHandle);
+
/*
* FUNCTION: Returns from a callback into user mode
* ARGUMENTS:
IN HANDLE EventHandle
);
+NTSTATUS
+STDCALL
+NtCreateJobObject(
+ PHANDLE JobHandle,
+ ACCESS_MASK DesiredAccess,
+ POBJECT_ATTRIBUTES ObjectAttributes
+ );
+
+NTSTATUS
+STDCALL
+ZwCreateJobObject(
+ PHANDLE JobHandle,
+ ACCESS_MASK DesiredAccess,
+ POBJECT_ATTRIBUTES ObjectAttributes
+ );
+
+
/*
* FUNCTION: Closes an object handle
* ARGUMENTS:
IN BOOLEAN GenerateOnClose
);
+
+NTSTATUS STDCALL
+NtCompleteConnectPort (HANDLE PortHandle);
+
+NTSTATUS STDCALL
+ZwCompleteConnectPort (HANDLE PortHandle);
+
+
+NTSTATUS STDCALL
+NtConnectPort (PHANDLE PortHandle,
+ PUNICODE_STRING PortName,
+ PSECURITY_QUALITY_OF_SERVICE SecurityQos,
+ PLPC_SECTION_WRITE SectionInfo,
+ PLPC_SECTION_READ MapInfo,
+ PULONG MaxMessageSize,
+ PVOID ConnectInfo,
+ PULONG ConnectInfoLength);
+
+NTSTATUS STDCALL
+ZwConnectPort (PHANDLE PortHandle,
+ PUNICODE_STRING PortName,
+ PSECURITY_QUALITY_OF_SERVICE SecurityQos,
+ PLPC_SECTION_WRITE SectionInfo,
+ PLPC_SECTION_READ MapInfo,
+ PULONG MaxMessageSize,
+ PVOID ConnectInfo,
+ PULONG ConnectInfoLength);
+
/*
* FUNCTION: Creates a directory object
* ARGUMENTS:
NtCreateEvent(
OUT PHANDLE EventHandle,
IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN BOOLEAN ManualReset,
+ IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
+ IN EVENT_TYPE EventType,
IN BOOLEAN InitialState
);
ZwCreateEvent(
OUT PHANDLE EventHandle,
IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN BOOLEAN ManualReset,
+ IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
+ IN EVENT_TYPE EventType,
IN BOOLEAN InitialState
);
NTSTATUS
STDCALL
NtCreateIoCompletion(
- OUT PHANDLE CompletionPort,
- IN ACCESS_MASK DesiredAccess,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN ULONG NumberOfConcurrentThreads
- );
+ OUT PHANDLE IoCompletionHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ IN ULONG NumberOfConcurrentThreads
+ );
NTSTATUS
STDCALL
ZwCreateIoCompletion(
- OUT PHANDLE CompletionPort,
- IN ACCESS_MASK DesiredAccess,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN ULONG NumberOfConcurrentThreads
- );
-
+ OUT PHANDLE IoCompletionHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ IN ULONG NumberOfConcurrentThreads
+ );
/*
* FUNCTION: Creates a registry key
NtCreateMutant(
OUT PHANDLE MutantHandle,
IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
+ IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
IN BOOLEAN InitialOwner
);
ZwCreateMutant(
OUT PHANDLE MutantHandle,
IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
+ IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
IN BOOLEAN InitialOwner
);
+/*
+ * FUNCTION: Creates a named pipe
+ * ARGUMENTS:
+ * NamedPipeFileHandle (OUT) = Caller supplied storage for the
+ * resulting handle
+ * DesiredAccess = Specifies the type of access that the caller
+ * requires to the file boject
+ * ObjectAttributes = Points to a structure that specifies the
+ * object attributes.
+ * IoStatusBlock = Points to a variable that receives the final
+ * completion status and information
+ * ShareAccess = Specifies the limitations on sharing of the file.
+ * This parameter can be zero or any compatible
+ * combination of the following flags
+ * FILE_SHARE_READ
+ * FILE_SHARE_WRITE
+ * CreateDisposition = Specifies what to do depending on whether
+ * the file already exists. This must be one of
+ * the following values
+ * FILE_OPEN
+ * FILE_CREATE
+ * FILE_OPEN_IF
+ * CreateOptions = Specifies the options to be applied when
+ * creating or opening the file, as a compatible
+ * combination of the following flags
+ * FILE_WRITE_THROUGH
+ * FILE_SYNCHRONOUS_IO_ALERT
+ * FILE_SYNCHRONOUS_IO_NONALERT
+ * TypeMessage = Specifies whether the data written to the pipe is
+ * interpreted as a sequence of messages or as a
+ * stream of bytes
+ * ReadModeMessage = Specifies whether the data read from the pipe
+ * is interpreted as a sequence of messages or as
+ * a stream of bytes
+ * NonBlocking = Specifies whether non-blocking mode is enabled
+ * MaxInstances = Specifies the maximum number of instancs that can
+ * be created for this pipe
+ * InBufferSize = Specifies the number of bytes to reserve for the
+ * input buffer
+ * OutBufferSize = Specifies the number of bytes to reserve for the
+ * output buffer
+ * DefaultTimeout = Optionally points to a variable that specifies
+ * the default timeout value in units of
+ * 100-nanoseconds.
+ * REMARKS: This funciton maps to the win32 function CreateNamedPipe
+ * RETURNS:
+ * Status
+ */
+NTSTATUS STDCALL
+NtCreateNamedPipeFile (OUT PHANDLE NamedPipeFileHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN ULONG ShareAccess,
+ IN ULONG CreateDisposition,
+ IN ULONG CreateOptions,
+ IN ULONG NamedPipeType,
+ IN ULONG ReadMode,
+ IN ULONG CompletionMode,
+ IN ULONG MaxInstances,
+ IN ULONG InBufferSize,
+ IN ULONG OutBufferSize,
+ IN PLARGE_INTEGER DefaultTimeOut);
+
+NTSTATUS STDCALL
+ZwCreateNamedPipeFile (OUT PHANDLE NamedPipeFileHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN ULONG ShareAccess,
+ IN ULONG CreateDisposition,
+ IN ULONG CreateOptions,
+ IN ULONG NamedPipeType,
+ IN ULONG ReadMode,
+ IN ULONG CompletionMode,
+ IN ULONG MaxInstances,
+ IN ULONG InBufferSize,
+ IN ULONG OutBufferSize,
+ IN PLARGE_INTEGER DefaultTimeOut);
+
+
+NTSTATUS STDCALL
+NtCreatePort (PHANDLE PortHandle,
+ POBJECT_ATTRIBUTES ObjectAttributes,
+ ULONG MaxConnectInfoLength,
+ ULONG MaxDataLength,
+ ULONG NPMessageQueueSize OPTIONAL);
+
+NTSTATUS STDCALL
+NtCreatePort (PHANDLE PortHandle,
+ POBJECT_ATTRIBUTES ObjectAttributes,
+ ULONG MaxConnectInfoLength,
+ ULONG MaxDataLength,
+ ULONG NPMessageQueueSize OPTIONAL);
+
+
/*
* FUNCTION: Creates a process.
* ARGUMENTS:
* This function maps to the win32 CreateProcess.
* RETURNS: Status
*/
-NTSTATUS
-STDCALL
+NTSTATUS
+STDCALL
NtCreateProcess(
OUT PHANDLE ProcessHandle,
IN ACCESS_MASK DesiredAccess,
IN HANDLE ExceptionPort OPTIONAL
);
-NTSTATUS
-STDCALL
+NTSTATUS
+STDCALL
ZwCreateProcess(
OUT PHANDLE ProcessHandle,
IN ACCESS_MASK DesiredAccess,
NTSTATUS
STDCALL
-NtCreateSection(
- OUT PHANDLE SectionHandle,
+NtCreateSection(
+ OUT PHANDLE SectionHandle,
IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
- IN PLARGE_INTEGER MaximumSize OPTIONAL,
+ IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
+ IN PLARGE_INTEGER MaximumSize OPTIONAL,
IN ULONG SectionPageProtection OPTIONAL,
IN ULONG AllocationAttributes,
IN HANDLE FileHandle OPTIONAL
NTSTATUS
STDCALL
-ZwCreateSection(
- OUT PHANDLE SectionHandle,
+ZwCreateSection(
+ OUT PHANDLE SectionHandle,
IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
- IN PLARGE_INTEGER MaximumSize OPTIONAL,
+ IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
+ IN PLARGE_INTEGER MaximumSize OPTIONAL,
IN ULONG SectionPageProtection OPTIONAL,
IN ULONG AllocationAttributes,
IN HANDLE FileHandle OPTIONAL
NTSTATUS
STDCALL
NtCreateSymbolicLinkObject(
- OUT PHANDLE SymbolicLinkHandle,
+ OUT PHANDLE LinkHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN PUNICODE_STRING Name
+ IN PUNICODE_STRING LinkTarget
);
NTSTATUS
STDCALL
ZwCreateSymbolicLinkObject(
- OUT PHANDLE SymbolicLinkHandle,
+ OUT PHANDLE LinkHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN PUNICODE_STRING Name
+ IN PUNICODE_STRING LinkTarget
);
/*
);
#endif
+
+NTSTATUS STDCALL
+NtCreateWaitablePort (PHANDLE PortHandle,
+ POBJECT_ATTRIBUTES ObjectAttributes,
+ ULONG MaxConnectInfoLength,
+ ULONG MaxDataLength,
+ ULONG NPMessageQueueSize OPTIONAL);
+
+NTSTATUS STDCALL
+ZwCreateWaitablePort (PHANDLE PortHandle,
+ POBJECT_ATTRIBUTES ObjectAttributes,
+ ULONG MaxConnectInfoLength,
+ ULONG MaxDataLength,
+ ULONG NPMessageQueueSize OPTIONAL);
+
+
/*
* FUNCTION: Deletes an atom from the global atom table
* ARGUMENTS:
IN RTL_ATOM Atom
);
+NTSTATUS
+STDCALL
+NtDeleteBootEntry(
+ IN PUNICODE_STRING EntryName,
+ IN PUNICODE_STRING EntryValue
+ );
+
+NTSTATUS
+STDCALL
+ZwDeleteBootEntry(
+ IN PUNICODE_STRING EntryName,
+ IN PUNICODE_STRING EntryValue
+ );
+
/*
* FUNCTION: Deletes a file or a directory
* ARGUMENTS:
IN PUNICODE_STRING DisplayString
);
+
+NTSTATUS
+STDCALL
+NtEnumerateBootEntries(
+ IN ULONG Unknown1,
+ IN ULONG Unknown2
+ );
+
+NTSTATUS
+STDCALL
+ZwEnumerateBootEntries(
+ IN ULONG Unknown1,
+ IN ULONG Unknown2
+ );
+
+
/*
* FUNCTION: Returns information about the subkeys of an open key
* ARGUMENTS:
* IoStatusBlock = Caller should supply storage for
* IoControlCode = Contains the File System Control command. This is an
* index to the structures in InputBuffer and OutputBuffer.
- * FSCTL_GET_RETRIEVAL_POINTERS MAPPING_PAIR
- * FSCTL_GET_RETRIEVAL_POINTERS GET_RETRIEVAL_DESCRIPTOR
- * FSCTL_GET_VOLUME_BITMAP BITMAP_DESCRIPTOR
- * FSCTL_MOVE_FILE MOVEFILE_DESCRIPTOR
+ * FSCTL_GET_RETRIEVAL_POINTERS [Input/Output] RETRIEVAL_POINTERS_BUFFER
+ * FSCTL_GET_VOLUME_BITMAP [Input] STARTING_LCN_INPUT_BUFFER
+ * FSCTL_GET_VOLUME_BITMAP [Output] VOLUME_BITMAP_BUFFER
+ * FSCTL_MOVE_FILE [Input] MOVE_FILE_DATA
*
- * InputBuffer = Caller should supply storage for input buffer if FCTL expects one.
+ * InputBuffer = Caller should supply storage for input buffer if FSCTL expects one.
* InputBufferSize = Size of the input bufffer
- * OutputBuffer = Caller should supply storage for output buffer if FCTL expects one.
+ * OutputBuffer = Caller should supply storage for output buffer if FSCTL expects one.
* OutputBufferSize = Size of the input bufffer
* RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES |
* STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST ]
* FUNCTION: Retrieves the processor context of a thread
* ARGUMENTS:
* ThreadHandle = Handle to a thread
- * Context (OUT) = Caller allocated storage for the processor context
+ * ThreadContext (OUT) = Caller allocated storage for the processor context
* RETURNS: Status
*/
NTSTATUS
STDCALL
NtGetContextThread(
- IN HANDLE ThreadHandle,
- OUT PCONTEXT Context
+ IN HANDLE ThreadHandle,
+ OUT PCONTEXT ThreadContext
);
NTSTATUS
STDCALL
ZwGetContextThread(
- IN HANDLE ThreadHandle,
- OUT PCONTEXT Context
+ IN HANDLE ThreadHandle,
+ OUT PCONTEXT ThreadContext
);
+
+NTSTATUS STDCALL
+NtImpersonateClientOfPort (HANDLE PortHandle,
+ PLPC_MESSAGE ClientMessage);
+
+NTSTATUS STDCALL
+ZwImpersonateClientOfPort (HANDLE PortHandle,
+ PLPC_MESSAGE ClientMessage);
+
/*
* FUNCTION: Sets a thread to impersonate another
* ARGUMENTS:
IN PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService
);
+NTSTATUS
+STDCALL
+NtInitiatePowerAction (
+ IN POWER_ACTION SystemAction,
+ IN SYSTEM_POWER_STATE MinSystemState,
+ IN ULONG Flags,
+ IN BOOLEAN Asynchronous
+);
+
+NTSTATUS
+STDCALL
+ZwInitiatePowerAction (
+ IN POWER_ACTION SystemAction,
+ IN SYSTEM_POWER_STATE MinSystemState,
+ IN ULONG Flags,
+ IN BOOLEAN Asynchronous
+);
/*
* FUNCTION: Initializes the registry.
* ARGUMENTS:
BOOLEAN SetUpBoot
);
+NTSTATUS
+STDCALL
+NtIsProcessInJob(
+ IN HANDLE ProcessHandle, // ProcessHandle must grant PROCESS_QUERY_INFORMATION access.
+ IN HANDLE JobHandle OPTIONAL // JobHandle must JOB_OBJECT_QUERY grant access. Defaults to the current process's job object.
+ );
+
+NTSTATUS
+STDCALL
+ZwIsProcessInJob(
+ IN HANDLE ProcessHandle, // ProcessHandle must grant PROCESS_QUERY_INFORMATION access.
+ IN HANDLE JobHandle OPTIONAL // JobHandle must JOB_OBJECT_QUERY grant access. Defaults to the current process's job object.
+ );
+
+NTSTATUS STDCALL
+NtListenPort (HANDLE PortHandle,
+ PLPC_MESSAGE LpcMessage);
+
+NTSTATUS STDCALL
+ZwListenPort (HANDLE PortHandle,
+ PLPC_MESSAGE LpcMessage);
+
+
/*
* FUNCTION: Loads a driver.
* ARGUMENTS:
* RETURNS: Status
*/
+
+NTSTATUS
+STDCALL
+NtMakePermanentObject(
+ IN HANDLE ObjectHandle
+ );
+
+NTSTATUS
+STDCALL
+ZwMakePermanentObject(
+ IN HANDLE ObjectHandle
+ );
+
NTSTATUS
STDCALL
NtMakeTemporaryObject(
- IN HANDLE Handle
+ IN HANDLE ObjectHandle
);
NTSTATUS
STDCALL
ZwMakeTemporaryObject(
- IN HANDLE Handle
+ IN HANDLE ObjectHandle
);
/*
* FUNCTION: Maps a view of a section into the virtual address space of a
IN PVOID ApcContext OPTIONAL,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN ULONG CompletionFilter,
- IN BOOLEAN Asynchroneous,
- OUT PVOID ChangeBuffer,
+ IN BOOLEAN WatchSubtree,
+ OUT PVOID Buffer,
IN ULONG Length,
- IN BOOLEAN WatchSubtree
+ IN BOOLEAN Asynchronous
);
NTSTATUS
IN PVOID ApcContext OPTIONAL,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN ULONG CompletionFilter,
- IN BOOLEAN Asynchroneous,
- OUT PVOID ChangeBuffer,
+ IN BOOLEAN WatchSubtree,
+ OUT PVOID Buffer,
IN ULONG Length,
- IN BOOLEAN WatchSubtree
+ IN BOOLEAN Asynchronous
);
/*
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes
);
-
+
+
+NTSTATUS
+STDCALL
+NtOpenJobObject(
+ PHANDLE JobHandle,
+ ACCESS_MASK DesiredAccess,
+ POBJECT_ATTRIBUTES ObjectAttributes
+ );
+
+NTSTATUS
+STDCALL
+ZwOpenJobObject(
+ PHANDLE JobHandle,
+ ACCESS_MASK DesiredAccess,
+ POBJECT_ATTRIBUTES ObjectAttributes
+ );
/*
* FUNCTION: Opens an existing key in the registry
* ARGUMENTS:
OUT PHANDLE TokenHandle
);
+
+NTSTATUS
+STDCALL
+NtOpenProcessTokenEx(
+ IN HANDLE ProcessHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN ULONG HandleAttributes,
+ OUT PHANDLE TokenHandle
+ );
+
+
+NTSTATUS
+STDCALL
+ZwOpenProcessTokenEx(
+ IN HANDLE ProcessHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN ULONG HandleAttributes,
+ OUT PHANDLE TokenHandle
+ );
/*
* FUNCTION: Opens an existing section object
* ARGUMENTS:
NTSTATUS
STDCALL
NtOpenSemaphore(
- IN HANDLE SemaphoreHandle,
+ OUT PHANDLE SemaphoreHandle,
IN ACCESS_MASK DesiredAcces,
IN POBJECT_ATTRIBUTES ObjectAttributes
);
NTSTATUS
STDCALL
ZwOpenSemaphore(
- IN HANDLE SemaphoreHandle,
+ OUT PHANDLE SemaphoreHandle,
IN ACCESS_MASK DesiredAcces,
IN POBJECT_ATTRIBUTES ObjectAttributes
);
NTSTATUS
STDCALL
NtOpenSymbolicLinkObject(
- OUT PHANDLE SymbolicLinkHandle,
+ OUT PHANDLE LinkHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes
);
NTSTATUS
STDCALL
ZwOpenSymbolicLinkObject(
- OUT PHANDLE SymbolicLinkHandle,
+ OUT PHANDLE LinkHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes
);
IN BOOLEAN OpenAsSelf,
OUT PHANDLE TokenHandle
);
+
+NTSTATUS
+STDCALL
+NtOpenThreadTokenEx(
+ IN HANDLE ThreadHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN BOOLEAN OpenAsSelf,
+ IN ULONG HandleAttributes,
+ OUT PHANDLE TokenHandle
+ );
+
+
+NTSTATUS
+STDCALL
+ZwOpenThreadTokenEx(
+ IN HANDLE ThreadHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN BOOLEAN OpenAsSelf,
+ IN ULONG HandleAttributes,
+ OUT PHANDLE TokenHandle
+ );
+
/*
* FUNCTION: Opens an existing timer
* ARGUMENTS:
* RETURNS: Status
*/
+
+NTSTATUS
+STDCALL
+NtPowerInformation(
+ IN POWER_INFORMATION_LEVEL PowerInformationLevel,
+ IN PVOID InputBuffer OPTIONAL,
+ IN ULONG InputBufferLength,
+ OUT PVOID OutputBuffer OPTIONAL,
+ IN ULONG OutputBufferLength
+ );
+
+NTSTATUS
+STDCALL
+ZwPowerInformation(
+ IN POWER_INFORMATION_LEVEL PowerInformationLevel,
+ IN PVOID InputBuffer OPTIONAL,
+ IN ULONG InputBufferLength,
+ OUT PVOID OutputBuffer OPTIONAL,
+ IN ULONG OutputBufferLength
+ );
+
NTSTATUS
STDCALL
NtPrivilegeCheck(
STDCALL
NtPulseEvent(
IN HANDLE EventHandle,
- IN PULONG PulseCount OPTIONAL
+ OUT PLONG PreviousState OPTIONAL
);
NTSTATUS
STDCALL
ZwPulseEvent(
IN HANDLE EventHandle,
- IN PULONG PulseCount OPTIONAL
+ OUT PLONG PreviousState OPTIONAL
);
/*
* RETURNS: Status
*/
-NTSTATUS STDCALL
-NtQueryAttributesFile(IN POBJECT_ATTRIBUTES ObjectAttributes,
- OUT PFILE_BASIC_INFORMATION FileInformation);
+NTSTATUS
+STDCALL
+NtQueryAttributesFile(
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ OUT PFILE_BASIC_INFORMATION FileInformation
+ );
-NTSTATUS STDCALL
-ZwQueryAttributesFile(IN POBJECT_ATTRIBUTES ObjectAttributes,
- OUT PFILE_BASIC_INFORMATION FileInformation);
+NTSTATUS
+STDCALL
+ZwQueryAttributesFile(
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ OUT PFILE_BASIC_INFORMATION FileInformation
+ );
+
+
+NTSTATUS
+STDCALL
+NtQueryBootEntryOrder(
+ IN ULONG Unknown1,
+ IN ULONG Unknown2
+ );
+
+NTSTATUS
+STDCALL
+ZwQueryBootEntryOrder(
+ IN ULONG Unknown1,
+ IN ULONG Unknown2
+ );
+
+NTSTATUS
+STDCALL
+NtQueryBootOptions(
+ IN ULONG Unknown1,
+ IN ULONG Unknown2
+ );
+NTSTATUS
+STDCALL
+ZwQueryBootOptions(
+ IN ULONG Unknown1,
+ IN ULONG Unknown2
+ );
/*
* FUNCTION: Queries the default locale id
* ARGUMENTS:
OUT PLCID DefaultLocaleId
);
+NTSTATUS
+STDCALL
+NtQueryDefaultUILanguage(
+ PLANGID LanguageId
+ );
+
+NTSTATUS
+STDCALL
+ZwQueryDefaultUILanguage(
+ PLANGID LanguageId
+ );
+
/*
* FUNCTION: Queries a directory file.
* ARGUMENTS:
IN EVENT_INFORMATION_CLASS EventInformationClass,
OUT PVOID EventInformation,
IN ULONG EventInformationLength,
- OUT PULONG ReturnLength
+ OUT PULONG ReturnLength OPTIONAL
);
NTSTATUS
STDCALL
IN EVENT_INFORMATION_CLASS EventInformationClass,
OUT PVOID EventInformation,
IN ULONG EventInformationLength,
- OUT PULONG ReturnLength
+ OUT PULONG ReturnLength OPTIONAL
);
NTSTATUS STDCALL
FileNamesInformation FILE_NAMES_INFORMATION
FileDispositionInformation FILE_DISPOSITION_INFORMATION
FilePositionInformation FILE_POSITION_INFORMATION
- FileFullEaInformation FILE_FULL_EA_INFORMATION
+ FileFullEaInformation FILE_FULL_EA_INFORMATION
FileModeInformation FILE_MODE_INFORMATION
FileAlignmentInformation FILE_ALIGNMENT_INFORMATION
FileAllInformation FILE_ALL_INFORMATION
FilePipeRemoteInformation
FileMailslotQueryInformation
FileMailslotSetInformation
- FileCompressionInformation FILE_COMPRESSION_INFORMATION
+ FileCompressionInformation FILE_COMPRESSION_INFORMATION
FileCopyOnWriteInformation
FileCompletionInformation IO_COMPLETION_CONTEXT
FileMoveClusterInformation
FileContentIndexInformation
FileInheritContentIndexInformation
FileOleInformation
- FileMaximumInformation
+ FileMaximumInformation
* REMARK:
* This procedure maps to the win32 GetShortPathName, GetLongPathName,
FILE_INFORMATION_CLASS FileInformationClass
);
+NTSTATUS
+STDCALL
+NtQueryInformationJobObject(
+ HANDLE JobHandle,
+ JOBOBJECTINFOCLASS JobInformationClass,
+ PVOID JobInformation,
+ ULONG JobInformationLength,
+ PULONG ReturnLength
+ );
+
+NTSTATUS
+STDCALL
+ZwQueryInformationJobObject(
+ HANDLE JobHandle,
+ JOBOBJECTINFOCLASS JobInformationClass,
+ PVOID JobInformation,
+ ULONG JobInformationLength,
+ PULONG ReturnLength
+ );
+
+NTSTATUS STDCALL
+NtQueryInformationPort (HANDLE PortHandle,
+ CINT PortInformationClass,
+ PVOID PortInformation,
+ ULONG PortInformationLength,
+ PULONG ReturnLength);
+
+#ifndef __USE_W32API
+NTSTATUS STDCALL
+ZwQueryInformationPort (HANDLE PortHandle,
+ CINT PortInformationClass,
+ PVOID PortInformation,
+ ULONG PortInformationLength,
+ PULONG ReturnLength);
+#endif
/*
* FUNCTION: Queries the information of a thread object.
IN THREADINFOCLASS ThreadInformationClass,
OUT PVOID ThreadInformation,
IN ULONG ThreadInformationLength,
- OUT PULONG ReturnLength
+ OUT PULONG ReturnLength OPTIONAL
+ );
+
+NTSTATUS
+STDCALL
+ZwQueryInformationThread(
+ IN HANDLE ThreadHandle,
+ IN THREADINFOCLASS ThreadInformationClass,
+ OUT PVOID ThreadInformation,
+ IN ULONG ThreadInformationLength,
+ OUT PULONG ReturnLength OPTIONAL
);
OUT PULONG ReturnLength
);
+NTSTATUS
+STDCALL
+NtQueryInstallUILanguage(
+ PLANGID LanguageId
+ );
+
+NTSTATUS
+STDCALL
+ZwQueryInstallUILanguage(
+ PLANGID LanguageId
+ );
+
NTSTATUS
STDCALL
NtQueryIoCompletion(
- IN HANDLE CompletionPort,
- IN ULONG CompletionKey,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- OUT PULONG NumberOfBytesTransferred
- );
+ IN HANDLE IoCompletionHandle,
+ IN IO_COMPLETION_INFORMATION_CLASS IoCompletionInformationClass,
+ OUT PVOID IoCompletionInformation,
+ IN ULONG IoCompletionInformationLength,
+ OUT PULONG ResultLength OPTIONAL
+ );
+
NTSTATUS
STDCALL
ZwQueryIoCompletion(
- IN HANDLE CompletionPort,
- IN ULONG CompletionKey,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- OUT PULONG NumberOfBytesTransferred
- );
-
+ IN HANDLE IoCompletionHandle,
+ IN IO_COMPLETION_INFORMATION_CLASS IoCompletionInformationClass,
+ OUT PVOID IoCompletionInformation,
+ IN ULONG IoCompletionInformationLength,
+ OUT PULONG ResultLength OPTIONAL
+ );
/*
* FUNCTION: Queries the information of a registry key object.
);
-// draft
NTSTATUS
STDCALL
-NtQueryMultipleValueKey(
- IN HANDLE KeyHandle,
- IN OUT PKEY_VALUE_ENTRY ValueList,
+NtQueryQuotaInformationFile(
+ IN HANDLE FileHandle,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ OUT PVOID Buffer,
+ IN ULONG Length,
+ IN BOOLEAN ReturnSingleEntry,
+ IN PVOID SidList OPTIONAL,
+ IN ULONG SidListLength,
+ IN PSID StartSid OPTIONAL,
+ IN BOOLEAN RestartScan
+ );
+
+
+NTSTATUS
+STDCALL
+ZwQueryQuotaInformationFile(
+ IN HANDLE FileHandle,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ OUT PVOID Buffer,
+ IN ULONG Length,
+ IN BOOLEAN ReturnSingleEntry,
+ IN PVOID SidList OPTIONAL,
+ IN ULONG SidListLength,
+ IN PSID StartSid OPTIONAL,
+ IN BOOLEAN RestartScan
+ );
+// draft
+
+NTSTATUS
+STDCALL
+NtQueryMultipleValueKey(
+ IN HANDLE KeyHandle,
+ IN OUT PKEY_VALUE_ENTRY ValueList,
IN ULONG NumberOfValues,
OUT PVOID Buffer,
IN OUT PULONG Length,
STDCALL
NtQueryMutant(
IN HANDLE MutantHandle,
- IN CINT MutantInformationClass,
+ IN MUTANT_INFORMATION_CLASS MutantInformationClass,
OUT PVOID MutantInformation,
- IN ULONG Length,
- OUT PULONG ResultLength
+ IN ULONG MutantInformationLength,
+ OUT PULONG ResultLength OPTIONAL
);
NTSTATUS
STDCALL
ZwQueryMutant(
IN HANDLE MutantHandle,
- IN CINT MutantInformationClass,
+ IN MUTANT_INFORMATION_CLASS MutantInformationClass,
OUT PVOID MutantInformation,
- IN ULONG Length,
- OUT PULONG ResultLength
+ IN ULONG MutantInformationLength,
+ OUT PULONG ResultLength OPTIONAL
);
/*
* FUNCTION: Queries the system ( high-resolution ) performance counter.
* ARGUMENTS:
- * Counter = Performance counter
- * Frequency = Performance frequency
+ * PerformanceCounter = Performance counter
+ * PerformanceFrequency = Performance frequency
* REMARKS:
This procedure queries a tick count faster than 10ms ( The resolution for Intel®-based CPUs is about 0.8 microseconds.)
This procedure maps to the win32 QueryPerformanceCounter, QueryPerformanceFrequency
NTSTATUS
STDCALL
NtQueryPerformanceCounter(
- IN PLARGE_INTEGER Counter,
- IN PLARGE_INTEGER Frequency
+ OUT PLARGE_INTEGER PerformanceCounter,
+ OUT PLARGE_INTEGER PerformanceFrequency OPTIONAL
);
NTSTATUS
STDCALL
ZwQueryPerformanceCounter(
- IN PLARGE_INTEGER Counter,
- IN PLARGE_INTEGER Frequency
+ OUT PLARGE_INTEGER PerformanceCounter,
+ OUT PLARGE_INTEGER PerformanceFrequency OPTIONAL
);
/*
IN SEMAPHORE_INFORMATION_CLASS SemaphoreInformationClass,
OUT PVOID SemaphoreInformation,
IN ULONG Length,
- OUT PULONG ReturnLength
+ OUT PULONG ReturnLength OPTIONAL
);
NTSTATUS
IN SEMAPHORE_INFORMATION_CLASS SemaphoreInformationClass,
OUT PVOID SemaphoreInformation,
IN ULONG Length,
- OUT PULONG ReturnLength
+ OUT PULONG ReturnLength OPTIONAL
);
NTSTATUS
STDCALL
NtQuerySymbolicLinkObject(
- IN HANDLE SymLinkObjHandle,
+ IN HANDLE LinkHandle,
OUT PUNICODE_STRING LinkTarget,
- OUT PULONG DataWritten OPTIONAL
+ OUT PULONG ResultLength OPTIONAL
);
NTSTATUS
STDCALL
ZwQuerySymbolicLinkObject(
- IN HANDLE SymLinkObjHandle,
- OUT PUNICODE_STRING LinkName,
- OUT PULONG DataWritten OPTIONAL
+ IN HANDLE LinkHandle,
+ OUT PUNICODE_STRING LinkTarget,
+ OUT PULONG ResultLength OPTIONAL
);
NTSTATUS
STDCALL
NtQuerySystemEnvironmentValue(
- IN PUNICODE_STRING Name,
- OUT PVOID Value,
- ULONG Length,
- PULONG ReturnLength
+ IN PUNICODE_STRING VariableName,
+ OUT PWCHAR ValueBuffer,
+ IN ULONG ValueBufferLength,
+ OUT PULONG ReturnLength OPTIONAL
);
NTSTATUS
STDCALL
ZwQuerySystemEnvironmentValue(
- IN PUNICODE_STRING Name,
- OUT PVOID Value,
- ULONG Length,
- PULONG ReturnLength
+ IN PUNICODE_STRING VariableName,
+ OUT PWCHAR ValueBuffer,
+ IN ULONG ValueBufferLength,
+ OUT PULONG ReturnLength OPTIONAL
);
STDCALL
NtQueryTimer(
IN HANDLE TimerHandle,
- IN CINT TimerInformationClass,
+ IN TIMER_INFORMATION_CLASS TimerInformationClass,
OUT PVOID TimerInformation,
- IN ULONG Length,
- OUT PULONG ResultLength
+ IN ULONG TimerInformationLength,
+ OUT PULONG ReturnLength OPTIONAL
);
NTSTATUS
STDCALL
ZwQueryTimer(
IN HANDLE TimerHandle,
- IN CINT TimerInformationClass,
+ IN TIMER_INFORMATION_CLASS TimerInformationClass,
OUT PVOID TimerInformation,
- IN ULONG Length,
- OUT PULONG ResultLength
+ IN ULONG TimerInformationLength,
+ OUT PULONG ReturnLength OPTIONAL
);
/*
Key = Key = If a range is lock a matching key will allow the read to continue.
* RETURNS: Status
*
-*/
+*/
NTSTATUS
STDCALL
-NtReadFileScatter(
- IN HANDLE FileHandle,
- IN HANDLE Event OPTIONAL,
- IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL,
- IN PVOID UserApcContext OPTIONAL,
- OUT PIO_STATUS_BLOCK UserIoStatusBlock,
- IN FILE_SEGMENT_ELEMENT BufferDescription[],
- IN ULONG BufferLength,
- IN PLARGE_INTEGER ByteOffset,
- IN PULONG Key OPTIONAL
- );
+NtReadFileScatter(
+ IN HANDLE FileHandle,
+ IN HANDLE Event OPTIONAL,
+ IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL,
+ IN PVOID UserApcContext OPTIONAL,
+ OUT PIO_STATUS_BLOCK UserIoStatusBlock,
+ IN FILE_SEGMENT_ELEMENT BufferDescription[],
+ IN ULONG BufferLength,
+ IN PLARGE_INTEGER ByteOffset,
+ IN PULONG Key OPTIONAL
+ );
NTSTATUS
STDCALL
-ZwReadFileScatter(
- IN HANDLE FileHandle,
- IN HANDLE Event OPTIONAL,
- IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL,
- IN PVOID UserApcContext OPTIONAL,
- OUT PIO_STATUS_BLOCK UserIoStatusBlock,
- IN FILE_SEGMENT_ELEMENT BufferDescription[],
- IN ULONG BufferLength,
- IN PLARGE_INTEGER ByteOffset,
- IN PULONG Key OPTIONAL
- );
+ZwReadFileScatter(
+ IN HANDLE FileHandle,
+ IN HANDLE Event OPTIONAL,
+ IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL,
+ IN PVOID UserApcContext OPTIONAL,
+ OUT PIO_STATUS_BLOCK UserIoStatusBlock,
+ IN FILE_SEGMENT_ELEMENT BufferDescription[],
+ IN ULONG BufferLength,
+ IN PLARGE_INTEGER ByteOffset,
+ IN PULONG Key OPTIONAL
+ );
+
+
+NTSTATUS STDCALL
+NtReadRequestData (HANDLE PortHandle,
+ PLPC_MESSAGE Message,
+ ULONG Index,
+ PVOID Buffer,
+ ULONG BufferLength,
+ PULONG ReturnLength);
+
+NTSTATUS STDCALL
+ZwReadRequestData (HANDLE PortHandle,
+ PLPC_MESSAGE Message,
+ ULONG Index,
+ PVOID Buffer,
+ ULONG BufferLength,
+ PULONG ReturnLength);
+
+
/*
* FUNCTION: Copies a range of virtual memory to a buffer
* ARGUMENTS:
NTSTATUS
STDCALL
NtRegisterThreadTerminatePort(
- HANDLE TerminationPort
+ HANDLE PortHandle
);
NTSTATUS
STDCALL
ZwRegisterThreadTerminatePort(
- HANDLE TerminationPort
+ HANDLE PortHandle
);
/*
STDCALL
NtReleaseMutant(
IN HANDLE MutantHandle,
- IN PULONG ReleaseCount OPTIONAL
+ IN PLONG PreviousCount OPTIONAL
);
NTSTATUS
STDCALL
ZwReleaseMutant(
IN HANDLE MutantHandle,
- IN PULONG ReleaseCount OPTIONAL
+ IN PLONG PreviousCount OPTIONAL
);
/*
NtReleaseSemaphore(
IN HANDLE SemaphoreHandle,
IN LONG ReleaseCount,
- OUT PLONG PreviousCount
+ OUT PLONG PreviousCount OPTIONAL
);
NTSTATUS
ZwReleaseSemaphore(
IN HANDLE SemaphoreHandle,
IN LONG ReleaseCount,
- OUT PLONG PreviousCount
+ OUT PLONG PreviousCount OPTIONAL
);
/*
NTSTATUS
STDCALL
NtRemoveIoCompletion(
- IN HANDLE CompletionPort,
- OUT PULONG CompletionKey,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- OUT PULONG CompletionStatus,
- IN PLARGE_INTEGER WaitTime
- );
+ IN HANDLE IoCompletionHandle,
+ OUT PVOID *CompletionKey,
+ OUT PVOID *CompletionContext,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN PLARGE_INTEGER Timeout OPTIONAL
+ );
NTSTATUS
STDCALL
ZwRemoveIoCompletion(
- IN HANDLE CompletionPort,
- OUT PULONG CompletionKey,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- OUT PULONG CompletionStatus,
- IN PLARGE_INTEGER WaitTime
- );
+ IN HANDLE IoCompletionHandle,
+ OUT PVOID *CompletionKey,
+ OUT PVOID *CompletionValue,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN PLARGE_INTEGER Timeout OPTIONAL
+ );
+
/*
* FUNCTION: Replaces one registry key with another
* ARGUMENTS:
NTSTATUS
STDCALL
NtReplaceKey(
- IN POBJECT_ATTRIBUTES ObjectAttributes,
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
IN HANDLE Key,
- IN POBJECT_ATTRIBUTES ReplacedObjectAttributes
+ IN POBJECT_ATTRIBUTES ReplacedObjectAttributes
);
NTSTATUS
STDCALL
ZwReplaceKey(
- IN POBJECT_ATTRIBUTES ObjectAttributes,
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
IN HANDLE Key,
- IN POBJECT_ATTRIBUTES ReplacedObjectAttributes
+ IN POBJECT_ATTRIBUTES ReplacedObjectAttributes
);
+
+NTSTATUS STDCALL
+NtReplyPort (HANDLE PortHandle,
+ PLPC_MESSAGE LpcReply);
+
+NTSTATUS STDCALL
+ZwReplyPort (HANDLE PortHandle,
+ PLPC_MESSAGE LpcReply);
+
+
+NTSTATUS STDCALL
+NtReplyWaitReceivePort (HANDLE PortHandle,
+ PULONG PortId,
+ PLPC_MESSAGE MessageReply,
+ PLPC_MESSAGE MessageRequest);
+
+NTSTATUS STDCALL
+ZwReplyWaitReceivePort (HANDLE PortHandle,
+ PULONG PortId,
+ PLPC_MESSAGE MessageReply,
+ PLPC_MESSAGE MessageRequest);
+
+
+NTSTATUS STDCALL
+NtReplyWaitReplyPort (HANDLE PortHandle,
+ PLPC_MESSAGE ReplyMessage);
+
+NTSTATUS STDCALL
+ZwReplyWaitReplyPort (HANDLE PortHandle,
+ PLPC_MESSAGE ReplyMessage);
+
+
+NTSTATUS STDCALL
+NtRequestPort (HANDLE PortHandle,
+ PLPC_MESSAGE LpcMessage);
+
+NTSTATUS STDCALL
+ZwRequestPort (HANDLE PortHandle,
+ PLPC_MESSAGE LpcMessage);
+
+
+NTSTATUS STDCALL
+NtRequestWaitReplyPort (HANDLE PortHandle,
+ PLPC_MESSAGE LpcReply,
+ PLPC_MESSAGE LpcRequest);
+
+NTSTATUS STDCALL
+ZwRequestWaitReplyPort (HANDLE PortHandle,
+ PLPC_MESSAGE LpcReply,
+ PLPC_MESSAGE LpcRequest);
+
/*
* FUNCTION: Resets a event to a non signaled state
* ARGUMENTS:
STDCALL
NtResetEvent(
HANDLE EventHandle,
- PULONG NumberOfWaitingThreads OPTIONAL
+ OUT PLONG PreviousState OPTIONAL
);
NTSTATUS
STDCALL
ZwResetEvent(
HANDLE EventHandle,
- PULONG NumberOfWaitingThreads OPTIONAL
+ OUT PLONG PreviousState OPTIONAL
);
//draft
NTSTATUS
STDCALL
NtResumeThread(
IN HANDLE ThreadHandle,
- OUT PULONG SuspendCount
+ OUT PULONG SuspendCount OPTIONAL
);
NTSTATUS
STDCALL
ZwResumeThread(
IN HANDLE ThreadHandle,
- OUT PULONG SuspendCount
+ OUT PULONG SuspendCount OPTIONAL
);
/*
* FUNCTION: Writes the content of a registry key to ascii file
IN HANDLE FileHandle
);
+NTSTATUS
+STDCALL
+NtSaveKeyEx(
+ IN HANDLE KeyHandle,
+ IN HANDLE FileHandle,
+ IN ULONG Flags // REG_STANDARD_FORMAT, etc..
+ );
+
+NTSTATUS
+STDCALL
+ZwSaveKeyEx(
+ IN HANDLE KeyHandle,
+ IN HANDLE FileHandle,
+ IN ULONG Flags // REG_STANDARD_FORMAT, etc..
+ );
+
+NTSTATUS
+STDCALL
+NtSetBootEntryOrder(
+ IN ULONG Unknown1,
+ IN ULONG Unknown2
+ );
+
+NTSTATUS
+STDCALL
+ZwSetBootEntryOrder(
+ IN ULONG Unknown1,
+ IN ULONG Unknown2
+ );
+
+NTSTATUS
+STDCALL
+NtSetBootOptions(
+ ULONG Unknown1,
+ ULONG Unknown2
+ );
+
+NTSTATUS
+STDCALL
+ZwSetBootOptions(
+ ULONG Unknown1,
+ ULONG Unknown2
+ );
+
+
/*
* FUNCTION: Sets the context of a specified thread.
* ARGUMENTS:
* ThreadHandle = Handle to the thread
- * Context = The processor context.
+ * ThreadContext = The processor context.
* RETURNS: Status
*/
STDCALL
NtSetContextThread(
IN HANDLE ThreadHandle,
- IN PCONTEXT Context
+ IN PCONTEXT ThreadContext
);
NTSTATUS
STDCALL
ZwSetContextThread(
IN HANDLE ThreadHandle,
- IN PCONTEXT Context
+ IN PCONTEXT ThreadContext
);
/*
IN LCID DefaultLocaleId
);
+NTSTATUS
+STDCALL
+NtSetDefaultUILanguage(
+ LANGID LanguageId
+ );
+
+NTSTATUS
+STDCALL
+ZwSetDefaultUILanguage(
+ LANGID LanguageId
+ );
/*
* FUNCTION: Sets the default hard error port
* ARGUMENTS:
STDCALL
NtSetEvent(
IN HANDLE EventHandle,
- PULONG NumberOfThreadsReleased
+ OUT PLONG PreviousState OPTIONAL
);
NTSTATUS
STDCALL
ZwSetEvent(
IN HANDLE EventHandle,
- PULONG NumberOfThreadsReleased
+ OUT PLONG PreviousState OPTIONAL
);
/*
IN FILE_INFORMATION_CLASS FileInformationClass
);
+NTSTATUS
+STDCALL
+NtSetInformationJobObject(
+ HANDLE JobHandle,
+ JOBOBJECTINFOCLASS JobInformationClass,
+ PVOID JobInformation,
+ ULONG JobInformationLength
+ );
+
+NTSTATUS
+STDCALL
+ZwSetInformationJobObject(
+ HANDLE JobHandle,
+ JOBOBJECTINFOCLASS JobInformationClass,
+ PVOID JobInformation,
+ ULONG JobInformationLength
+ );
/*
* FUNCTION: Changes a set of thread specific parameters
* ARGUMENTS:
NTSTATUS
STDCALL
NtSetIoCompletion(
- IN HANDLE CompletionPort,
- IN ULONG CompletionKey,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN ULONG NumberOfBytesToTransfer,
- OUT PULONG NumberOfBytesTransferred
- );
+ IN HANDLE IoCompletionPortHandle,
+ IN PVOID CompletionKey,
+ IN PVOID CompletionContext,
+ IN NTSTATUS CompletionStatus,
+ IN ULONG CompletionInformation
+ );
+
NTSTATUS
STDCALL
ZwSetIoCompletion(
- IN HANDLE CompletionPort,
- IN ULONG CompletionKey,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN ULONG NumberOfBytesToTransfer,
- OUT PULONG NumberOfBytesTransferred
- );
+ IN HANDLE IoCompletionPortHandle,
+ IN PVOID CompletionKey,
+ IN PVOID CompletionContext,
+ IN NTSTATUS CompletionStatus,
+ IN ULONG CompletionInformation
+ );
/*
* FUNCTION: Set properties for profiling
HANDLE EventPair
);
+/* NtSetLowWaitHighThread effectively invokes NtSetLowWaitHighEventPair on the
+ * event pair of the thread.
+ */
+NTSTATUS
+STDCALL
+NtSetLowWaitHighThread(
+ VOID
+ );
+/* ZwSetLowWaitHighThread effectively invokes ZwSetLowWaitHighEventPair on the
+ * event pair of the thread.
+ */
+NTSTATUS
+STDCALL
+ZwSetLowWaitHighThread(
+ VOID
+ );
+
+/* NtSetHighWaitLowThread effectively invokes NtSetHighWaitLowEventPair on the
+ * event pair of the thread.
+ */
+NTSTATUS
+STDCALL
+NtSetHighWaitLowThread(
+ VOID
+ );
+
+/* ZwSetHighWaitLowThread effectively invokes ZwSetHighWaitLowEventPair on the
+ * event pair of the thread.
+ */
+NTSTATUS
+STDCALL
+ZwSetHighWaitLowThread(
+ VOID
+ );
+
+NTSTATUS
+STDCALL
+NtSetQuotaInformationFile(
+ HANDLE FileHandle,
+ PIO_STATUS_BLOCK IoStatusBlock,
+ PFILE_USER_QUOTA_INFORMATION Buffer,
+ ULONG BufferLength
+ );
+
+NTSTATUS
+STDCALL
+ZwSetQuotaInformationFile(
+ HANDLE FileHandle,
+ PIO_STATUS_BLOCK IoStatusBlock,
+ PFILE_USER_QUOTA_INFORMATION Buffer,
+ ULONG BufferLength
+ );
+
NTSTATUS
STDCALL
NtSetSecurityObject(
NTSTATUS
STDCALL
NtSetTimerResolution(
- IN ULONG RequestedResolution,
- IN BOOL SetOrUnset,
- OUT PULONG ActualResolution
+ IN ULONG DesiredResolution,
+ IN BOOLEAN SetResolution,
+ OUT PULONG CurrentResolution
);
NTSTATUS
STDCALL
ZwSetTimerResolution(
- IN ULONG RequestedResolution,
- IN BOOL SetOrUnset,
- OUT PULONG ActualResolution
+ IN ULONG DesiredResolution,
+ IN BOOLEAN SetResolution,
+ OUT PULONG CurrentResolution
);
/*
IN SHUTDOWN_ACTION Action
);
+/*
+ * FUNCTION: Signals an object and wait for an other one.
+ * ARGUMENTS:
+ * SignalObject = Handle to the object that should be signaled
+ * WaitObject = Handle to the object that should be waited for
+ * Alertable = True if the wait is alertable
+ * Time = The time to wait
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtSignalAndWaitForSingleObject(
+ IN HANDLE SignalObject,
+ IN HANDLE WaitObject,
+ IN BOOLEAN Alertable,
+ IN PLARGE_INTEGER Time
+ );
-/* --- PROFILING --- */
+NTSTATUS
+STDCALL
+NtSignalAndWaitForSingleObject(
+ IN HANDLE SignalObject,
+ IN HANDLE WaitObject,
+ IN BOOLEAN Alertable,
+ IN PLARGE_INTEGER Time
+ );
/*
* FUNCTION: Starts profiling
- * ARGUMENTS:
+ * ARGUMENTS:
* ProfileHandle = Handle to the profile
* RETURNS: Status
*/
/*
* FUNCTION: Stops profiling
- * ARGUMENTS:
+ * ARGUMENTS:
* ProfileHandle = Handle to the profile
- * RETURNS: Status
+ * RETURNS: Status
*/
NTSTATUS
* ThreadHandle = Handle to the process
* ExitStatus = The exit status of the process to terminate with.
* REMARKS
- Native applications should kill themselves using this function.
+ * Native applications should kill themselves using this function.
* RETURNS: Status
- */
+ */
NTSTATUS
STDCALL
NtTerminateProcess(
- IN HANDLE ProcessHandle ,
+ IN HANDLE ProcessHandle OPTIONAL,
IN NTSTATUS ExitStatus
);
NTSTATUS
STDCALL
ZwTerminateProcess(
- IN HANDLE ProcessHandle ,
+ IN HANDLE ProcessHandle OPTIONAL,
IN NTSTATUS ExitStatus
);
-/* --- DEVICE DRIVER CONTROL --- */
+NTSTATUS
+STDCALL
+NtTerminateJobObject(
+ HANDLE JobHandle,
+ NTSTATUS ExitStatus
+ );
+
+NTSTATUS
+STDCALL
+ZwTerminateJobObject(
+ HANDLE JobHandle,
+ NTSTATUS ExitStatus
+ );
+
+NTSTATUS
+STDCALL
+NtTraceEvent(
+ IN ULONG TraceHandle,
+ IN ULONG Flags,
+ IN ULONG TraceHeaderLength,
+ IN struct _EVENT_TRACE_HEADER* TraceHeader
+ );
+
+NTSTATUS
+STDCALL
+ZwTraceEvent(
+ IN ULONG TraceHandle,
+ IN ULONG Flags,
+ IN ULONG TraceHeaderLength,
+ IN struct _EVENT_TRACE_HEADER* TraceHeader
+ );
+
+NTSTATUS
+STDCALL
+NtTranslateFilePath(
+ ULONG Unknown1,
+ ULONG Unknown2,
+ ULONG Unknown3
+ );
+
+NTSTATUS
+STDCALL
+ZwTranslateFilePath(
+ ULONG Unknown1,
+ ULONG Unknown2,
+ ULONG Unknown3
+ );
/*
- * FUNCTION: Unloads a driver.
+ * FUNCTION: Unloads a driver.
* ARGUMENTS:
* DriverServiceName = Name of the driver to unload
* RETURNS: Status
IN PUNICODE_STRING DriverServiceName
);
-/* --- VIRTUAL MEMORY MANAGEMENT --- */
-
/*
- * FUNCTION: Writes a range of virtual memory
+ * FUNCTION: Unmaps a piece of virtual memory backed by a file.
* ARGUMENTS:
- * ProcessHandle = The handle to the process owning the address space.
- * BaseAddress = The points to the address to write to
- * Buffer = Pointer to the buffer to write
- * NumberOfBytesToWrite = Offset to the upper boundary to write
- * NumberOfBytesWritten = Total bytes written
- * REMARKS:
- * This function maps to the win32 WriteProcessMemory
+ * ProcessHandle = Handle to the process
+ * BaseAddress = The address where the mapping begins
+ * REMARK:
+ This procedure maps to the win32 UnMapViewOfFile
* RETURNS: Status
*/
NTSTATUS
-STDCALL
-NtWriteVirtualMemory(
- IN HANDLE ProcessHandle,
- IN PVOID BaseAddress,
- IN PVOID Buffer,
- IN ULONG NumberOfBytesToWrite,
- OUT PULONG NumberOfBytesWritten
- );
-
-NTSTATUS
-STDCALL
-ZwWriteVirtualMemory(
- IN HANDLE ProcessHandle,
- IN PVOID BaseAddress,
- IN PVOID Buffer,
- IN ULONG NumberOfBytesToWrite,
- OUT PULONG NumberOfBytesWritten
- );
-
-/*
- * FUNCTION: Unmaps a piece of virtual memory backed by a file.
- * ARGUMENTS:
- * ProcessHandle = Handle to the process
- * BaseAddress = The address where the mapping begins
- * REMARK:
- This procedure maps to the win32 UnMapViewOfFile
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtUnmapViewOfSection(
+STDCALL
+NtUnmapViewOfSection(
IN HANDLE ProcessHandle,
IN PVOID BaseAddress
);
IN PVOID BaseAddress
);
-/* --- OBJECT SYNCHRONIZATION --- */
+
+NTSTATUS STDCALL
+NtWriteRequestData (HANDLE PortHandle,
+ PLPC_MESSAGE Message,
+ ULONG Index,
+ PVOID Buffer,
+ ULONG BufferLength,
+ PULONG ReturnLength);
+
+NTSTATUS STDCALL
+ZwWriteRequestData (HANDLE PortHandle,
+ PLPC_MESSAGE Message,
+ ULONG Index,
+ PVOID Buffer,
+ ULONG BufferLength,
+ PULONG ReturnLength);
+
/*
- * FUNCTION: Signals an object and wait for an other one.
+ * FUNCTION: Writes a range of virtual memory
* ARGUMENTS:
- * SignalObject = Handle to the object that should be signaled
- * WaitObject = Handle to the object that should be waited for
- * Alertable = True if the wait is alertable
- * Time = The time to wait
+ * ProcessHandle = The handle to the process owning the address space.
+ * BaseAddress = The points to the address to write to
+ * Buffer = Pointer to the buffer to write
+ * NumberOfBytesToWrite = Offset to the upper boundary to write
+ * NumberOfBytesWritten = Total bytes written
+ * REMARKS:
+ * This function maps to the win32 WriteProcessMemory
* RETURNS: Status
*/
NTSTATUS
-STDCALL
-NtSignalAndWaitForSingleObject(
- IN HANDLE SignalObject,
- IN HANDLE WaitObject,
- IN BOOLEAN Alertable,
- IN PLARGE_INTEGER Time
+STDCALL
+NtWriteVirtualMemory(
+ IN HANDLE ProcessHandle,
+ IN PVOID BaseAddress,
+ IN PVOID Buffer,
+ IN ULONG NumberOfBytesToWrite,
+ OUT PULONG NumberOfBytesWritten
);
NTSTATUS
-STDCALL
-NtSignalAndWaitForSingleObject(
- IN HANDLE SignalObject,
- IN HANDLE WaitObject,
- IN BOOLEAN Alertable,
- IN PLARGE_INTEGER Time
+STDCALL
+ZwWriteVirtualMemory(
+ IN HANDLE ProcessHandle,
+ IN PVOID BaseAddress,
+ IN PVOID Buffer,
+ IN ULONG NumberOfBytesToWrite,
+ OUT PULONG NumberOfBytesWritten
);
+
/*
* FUNCTION: Waits for an object to become signalled.
* ARGUMENTS:
STDCALL
NtSuspendThread(
IN HANDLE ThreadHandle,
- IN PULONG PreviousSuspendCount
+ OUT PULONG PreviousSuspendCount OPTIONAL
);
NTSTATUS
STDCALL
ZwSuspendThread(
IN HANDLE ThreadHandle,
- IN PULONG PreviousSuspendCount
+ OUT PULONG PreviousSuspendCount OPTIONAL
);
/*
VOID
);
-/* --- PLUG AND PLAY --- */
-
-NTSTATUS
-STDCALL
-NtPlugPlayControl (
- VOID
- );
-
-NTSTATUS
-STDCALL
-NtGetPlugPlayEvent (
- VOID
- );
-
/* --- POWER MANAGEMENT --- */
+#ifndef __USE_W32API
NTSTATUS STDCALL
NtSetSystemPowerState(IN POWER_ACTION SystemAction,
IN SYSTEM_POWER_STATE MinSystemState,
IN ULONG Flags);
+#endif
/* --- DEBUG SUBSYSTEM --- */
//NTSTATUS STDCALL NtSetLdtEntries(VOID);
NTSTATUS
STDCALL
-NtSetLdtEntries (
- HANDLE Thread,
- ULONG FirstEntry,
- PULONG Entries
- );
-
-NTSTATUS
-STDCALL
-NtQueryOleDirectoryFile (
- VOID
- );
+NtSetLdtEntries (ULONG Selector1,
+ LDT_ENTRY LdtEntry1,
+ ULONG Selector2,
+ LDT_ENTRY LdtEntry2);
/*
* FUNCTION: Checks a clients access rights to a object
* ReturnLength = Bytes written
* GrantedAccess =
* AccessStatus = Indicates if the ClientToken allows the requested access
- * REMARKS: The arguments map to the win32 AccessCheck
+ * REMARKS: The arguments map to the win32 AccessCheck
+ * Gary Nebbett is wrong:
+ * The 7th argument is a PACCESS_MASK, not a PULONG.
+ * The 8th argument is a PNTSTATUS, not a PBOOLEAN.
* RETURNS: Status
*/
IN PGENERIC_MAPPING GenericMapping,
OUT PPRIVILEGE_SET PrivilegeSet,
OUT PULONG ReturnLength,
- OUT PULONG GrantedAccess,
- OUT PBOOLEAN AccessStatus
+ OUT PACCESS_MASK GrantedAccess,
+ OUT PNTSTATUS AccessStatus
);
NTSTATUS
IN PGENERIC_MAPPING GenericMapping,
OUT PPRIVILEGE_SET PrivilegeSet,
OUT PULONG ReturnLength,
- OUT PULONG GrantedAccess,
- OUT PBOOLEAN AccessStatus
+ OUT PACCESS_MASK GrantedAccess,
+ OUT PNTSTATUS AccessStatus
);
NTSTATUS
IN ACCESS_MASK DesiredAccess,
OUT PHANDLE KeyHandle);
+/*
+ * FUNCTION: Checks a clients access rights to a object and issues a audit a alarm. ( it logs the access )
+ * ARGUMENTS:
+ * SubsystemName = Specifies the name of the subsystem, can be "WIN32" or "DEBUG"
+ * ObjectHandle =
+ * ObjectTypeName =
+ * ObjectName =
+ * SecurityDescriptor =
+ * DesiredAcces =
+ * GenericMapping =
+ * ObjectCreation =
+ * GrantedAccess =
+ * AccessStatus =
+ * GenerateOnClose =
+ * REMARKS: The arguments map to the win32 AccessCheck
+ * RETURNS: Status
+ */
+
+NTSTATUS
+STDCALL
+NtAccessCheckAndAuditAlarm(
+ IN PUNICODE_STRING SubsystemName,
+ IN PHANDLE ObjectHandle,
+ IN PUNICODE_STRING ObjectTypeName,
+ IN PUNICODE_STRING ObjectName,
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN ACCESS_MASK DesiredAccess,
+ IN PGENERIC_MAPPING GenericMapping,
+ IN BOOLEAN ObjectCreation,
+ OUT PACCESS_MASK GrantedAccess,
+ OUT PNTSTATUS AccessStatus,
+ OUT PBOOLEAN GenerateOnClose
+ );
-#ifndef __USE_W32API
+/*
+ * FUNCTION: Cancels a timer
+ * ARGUMENTS:
+ * TimerHandle = Handle to the timer
+ * CurrentState = Specifies the state of the timer when cancelled.
+ * REMARKS:
+ * The arguments to this function map to the function CancelWaitableTimer.
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtCancelTimer(
+ IN HANDLE TimerHandle,
+ OUT PBOOLEAN CurrentState OPTIONAL
+ );
/*
* FUNCTION: Continues a thread with the specified context
IN BOOLEAN TestAlert
);
-NTSTATUS STDCALL ZwContinue(IN PCONTEXT Context, IN CINT IrqLevel);
-
/*
- * FUNCTION: Retrieves the system time
- * ARGUMENTS:
- * CurrentTime (OUT) = Caller should supply storage for the resulting time.
+ * FUNCTION: Creates a paging file.
+ * ARGUMENTS:
+ * FileName = Name of the pagefile
+ * InitialSize = Specifies the initial size in bytes
+ * MaximumSize = Specifies the maximum size in bytes
+ * Reserved = Reserved for future use
* RETURNS: Status
- *
-*/
-
+ */
NTSTATUS
STDCALL
-NtQuerySystemTime (
- OUT TIME *CurrentTime
+NtCreatePagingFile(
+ IN PUNICODE_STRING FileName,
+ IN PLARGE_INTEGER InitialSize,
+ IN PLARGE_INTEGER MaxiumSize,
+ IN ULONG Reserved
);
-NTSTATUS
-STDCALL
-ZwQuerySystemTime (
- OUT TIME *CurrentTime
- );
/*
- * FUNCTION: Loads a registry key.
+ * FUNCTION: Creates a profile
* ARGUMENTS:
- * KeyHandle = Handle to the registry key
- * ObjectAttributes = ???
- * Unknown3 = ???
- * REMARK:
- * This procedure maps to the win32 procedure RegLoadKey
+ * ProfileHandle (OUT) = Caller supplied storage for the resulting handle
+ * ObjectAttribute = Initialized attributes for the object
+ * ImageBase = Start address of executable image
+ * ImageSize = Size of the image
+ * Granularity = Bucket size
+ * Buffer = Caller supplies buffer for profiling info
+ * ProfilingSize = Buffer size
+ * ClockSource = Specify 0 / FALSE ??
+ * ProcessorMask = A value of -1 indicates disables per processor profiling,
+ otherwise bit set for the processor to profile.
+ * REMARKS:
+ * This function maps to the win32 CreateProcess.
* RETURNS: Status
*/
-NTSTATUS
+
+NTSTATUS
STDCALL
-NtLoadKey2 (
- PHANDLE KeyHandle,
- POBJECT_ATTRIBUTES ObjectAttributes,
- ULONG Unknown3
- );
+NtCreateProfile(OUT PHANDLE ProfileHandle,
+ IN HANDLE Process OPTIONAL,
+ IN PVOID ImageBase,
+ IN ULONG ImageSize,
+ IN ULONG BucketSize,
+ IN PVOID Buffer,
+ IN ULONG BufferSize,
+ IN KPROFILE_SOURCE ProfileSource,
+ IN KAFFINITY Affinity);
+
+/*
+ * FUNCTION: Creates a user mode thread
+ * ARGUMENTS:
+ * ThreadHandle (OUT) = Caller supplied storage for the resulting handle
+ * DesiredAccess = Specifies the allowed or desired access to the thread.
+ * ObjectAttributes = Initialized attributes for the object.
+ * ProcessHandle = Handle to the threads parent process.
+ * ClientId (OUT) = Caller supplies storage for returned process id and thread id.
+ * ThreadContext = Initial processor context for the thread.
+ * InitialTeb = Initial user mode stack context for the thread.
+ * CreateSuspended = Specifies if the thread is ready for scheduling
+ * REMARKS:
+ * This function maps to the win32 function CreateThread.
+ * RETURNS: Status
+ */
NTSTATUS
-STDCALL
-ZwLoadKey2 (
- PHANDLE KeyHandle,
- POBJECT_ATTRIBUTES ObjectAttributes,
- ULONG Unknown3
+STDCALL
+NtCreateThread(
+ OUT PHANDLE ThreadHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
+ IN HANDLE ProcessHandle,
+ OUT PCLIENT_ID ClientId,
+ IN PCONTEXT ThreadContext,
+ IN PINITIAL_TEB InitialTeb,
+ IN BOOLEAN CreateSuspended
);
/*
- * FUNCTION: Copies a handle from one process space to another
+ * FUNCTION: Delays the execution of the calling thread.
* ARGUMENTS:
- * SourceProcessHandle = The source process owning the handle. The source process should have opened
- * the SourceHandle with PROCESS_DUP_HANDLE access.
- * SourceHandle = The handle to the object.
- * TargetProcessHandle = The destination process owning the handle
- * TargetHandle (OUT) = Caller should supply storage for the duplicated handle.
- * DesiredAccess = The desired access to the handle.
- * InheritHandle = Indicates wheter the new handle will be inheritable or not.
- * Options = Specifies special actions upon duplicating the handle. Can be
- * one of the values DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS.
- * DUPLICATE_CLOSE_SOURCE specifies that the source handle should be
- * closed after duplicating. DUPLICATE_SAME_ACCESS specifies to ignore
- * the DesiredAccess paramter and just grant the same access to the new
- * handle.
+ * Alertable = If TRUE the thread is alertable during is wait period
+ * Interval = Specifies the interval to wait.
* RETURNS: Status
- * REMARKS: This function maps to the win32 DuplicateHandle.
*/
NTSTATUS
STDCALL
-NtDuplicateObject(
- IN HANDLE SourceProcessHandle,
- IN HANDLE SourceHandle,
- IN HANDLE TargetProcessHandle,
- OUT PHANDLE TargetHandle,
- IN ACCESS_MASK DesiredAccess,
- IN BOOLEAN InheritHandle,
- IN ULONG Options
+NtDelayExecution(
+ IN BOOLEAN Alertable,
+ IN PLARGE_INTEGER DelayInterval
);
+/*
+ * FUNCTION: Extends a section
+ * ARGUMENTS:
+ * SectionHandle = Handle to the section
+ * NewMaximumSize = Adjusted size
+ * RETURNS: Status
+ */
NTSTATUS
STDCALL
-ZwDuplicateObject(
- IN HANDLE SourceProcessHandle,
- IN PHANDLE SourceHandle,
- IN HANDLE TargetProcessHandle,
- OUT PHANDLE TargetHandle,
- IN ACCESS_MASK DesiredAccess,
- IN BOOLEAN InheritHandle,
- IN ULONG Options
+NtExtendSection(
+ IN HANDLE SectionHandle,
+ IN PLARGE_INTEGER NewMaximumSize
+ );
+
+/*
+ * FUNCTION: Flushes a the processors instruction cache
+ * ARGUMENTS:
+ * ProcessHandle = Points to the process owning the cache
+ * BaseAddress = // might this be a image address ????
+ * NumberOfBytesToFlush =
+ * RETURNS: Status
+ * REMARKS:
+ * This funciton is used by debuggers
+ */
+NTSTATUS
+STDCALL
+NtFlushInstructionCache(
+ IN HANDLE ProcessHandle,
+ IN PVOID BaseAddress,
+ IN UINT NumberOfBytesToFlush
+ );
+
+/*
+ * FUNCTION: Flushes virtual memory to file
+ * ARGUMENTS:
+ * ProcessHandle = Points to the process that allocated the virtual memory
+ * BaseAddress = Points to the memory address
+ * NumberOfBytesToFlush = Limits the range to flush,
+ * NumberOfBytesFlushed = Actual number of bytes flushed
+ * RETURNS: Status
+ * REMARKS:
+ * Check return status on STATUS_NOT_MAPPED_DATA
+ */
+NTSTATUS
+STDCALL
+NtFlushVirtualMemory(
+ IN HANDLE ProcessHandle,
+ IN PVOID BaseAddress,
+ IN ULONG NumberOfBytesToFlush,
+ OUT PULONG NumberOfBytesFlushed OPTIONAL
+ );
+
+/*
+ * FUNCTION: Retrieves the uptime of the system
+ * ARGUMENTS:
+ * UpTime = Number of clock ticks since boot.
+ * RETURNS: Status
+ */
+ULONG
+STDCALL
+NtGetTickCount(
+ VOID
+ );
+
+/*
+ * FUNCTION: Loads a registry key.
+ * ARGUMENTS:
+ * KeyObjectAttributes = Key to be loaded
+ * FileObjectAttributes = File to load the key from
+ * REMARK:
+ * This procedure maps to the win32 procedure RegLoadKey
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtLoadKey(
+ IN POBJECT_ATTRIBUTES KeyObjectAttributes,
+ IN POBJECT_ATTRIBUTES FileObjectAttributes
+ );
+
+
+/*
+ * FUNCTION: Locks a range of virtual memory.
+ * ARGUMENTS:
+ * ProcessHandle = Handle to the process
+ * BaseAddress = Lower boundary of the range of bytes to lock.
+ * NumberOfBytesLock = Offset to the upper boundary.
+ * NumberOfBytesLocked (OUT) = Number of bytes actually locked.
+ * REMARK:
+ This procedure maps to the win32 procedure VirtualLock.
+ * RETURNS: Status [STATUS_SUCCESS | STATUS_WAS_LOCKED ]
+ */
+NTSTATUS
+STDCALL
+NtLockVirtualMemory(
+ HANDLE ProcessHandle,
+ PVOID BaseAddress,
+ ULONG NumberOfBytesToLock,
+ PULONG NumberOfBytesLocked
+ );
+
+NTSTATUS
+STDCALL
+NtOpenObjectAuditAlarm(
+ IN PUNICODE_STRING SubsystemName,
+ IN PVOID HandleId,
+ IN PUNICODE_STRING ObjectTypeName,
+ IN PUNICODE_STRING ObjectName,
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN HANDLE ClientToken,
+ IN ULONG DesiredAccess,
+ IN ULONG GrantedAccess,
+ IN PPRIVILEGE_SET Privileges,
+ IN BOOLEAN ObjectCreation,
+ IN BOOLEAN AccessGranted,
+ OUT PBOOLEAN GenerateOnClose
+ );
+
+/*
+ * FUNCTION: Set the access protection of a range of virtual memory
+ * ARGUMENTS:
+ * ProcessHandle = Handle to process owning the virtual address space
+ * BaseAddress = Start address
+ * NumberOfBytesToProtect = Delimits the range of virtual memory
+ * for which the new access protection holds
+ * NewAccessProtection = The new access proctection for the pages
+ * OldAccessProtection = Caller should supply storage for the old
+ * access protection
+ *
+ * REMARKS:
+ * The function maps to the win32 VirtualProtectEx
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtProtectVirtualMemory(
+ IN HANDLE ProcessHandle,
+ IN PVOID *BaseAddress,
+ IN ULONG *NumberOfBytesToProtect,
+ IN ULONG NewAccessProtection,
+ OUT PULONG OldAccessProtection
+ );
+
+/*
+ * FUNCTION: Query information about the content of a directory object
+ * ARGUMENTS:
+ DirectoryHandle =
+ Buffer = Buffer must be large enough to hold the name strings too
+ ReturnSingleEntry = If TRUE :return the index of the next object in this directory in ObjectIndex
+ If FALSE: return the number of objects in this directory in ObjectIndex
+ RestartScan = If TRUE: ignore input value of ObjectIndex always start at index 0
+ If FALSE use input value of ObjectIndex
+ Context = zero based index of object in the directory depends on GetNextIndex and IgnoreInputIndex
+ ReturnLength = Actual size of the ObjectIndex ???
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtQueryDirectoryObject(
+ IN HANDLE DirectoryHandle,
+ OUT PVOID Buffer,
+ IN ULONG BufferLength,
+ IN BOOLEAN ReturnSingleEntry,
+ IN BOOLEAN RestartScan,
+ IN OUT PULONG Context,
+ OUT PULONG ReturnLength OPTIONAL
+ );
+
+/*
+ * FUNCTION: Query the interval and the clocksource for profiling
+ * ARGUMENTS:
+ Interval =
+ ClockSource =
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtQueryIntervalProfile(
+ IN KPROFILE_SOURCE ProfileSource,
+ OUT PULONG Interval
+ );
+
+/*
+ * FUNCTION: Queries the information of a section object.
+ * ARGUMENTS:
+ * SectionHandle = Handle to the section link object
+ * SectionInformationClass = Index to a certain information structure
+ * SectionInformation (OUT)= Caller supplies storage for resulting information
+ * Length = Size of the supplied storage
+ * ResultLength = Data written
+ * RETURNS: Status
+ *
+*/
+NTSTATUS
+STDCALL
+NtQuerySection(
+ IN HANDLE SectionHandle,
+ IN CINT SectionInformationClass,
+ OUT PVOID SectionInformation,
+ IN ULONG Length,
+ OUT PULONG ResultLength
+ );
+
+/*
+ * FUNCTION: Queries the virtual memory information.
+ * ARGUMENTS:
+ ProcessHandle = Process owning the virtual address space
+ BaseAddress = Points to the page where the information is queried for.
+ * VirtualMemoryInformationClass = Index to a certain information structure
+
+ MemoryBasicInformation MEMORY_BASIC_INFORMATION
+
+ * VirtualMemoryInformation = caller supplies storage for the information structure
+ * Length = size of the structure
+ ResultLength = Data written
+ * RETURNS: Status
+ *
+*/
+
+NTSTATUS
+STDCALL
+NtQueryVirtualMemory(
+ IN HANDLE ProcessHandle,
+ IN PVOID Address,
+ IN IN CINT VirtualMemoryInformationClass,
+ OUT PVOID VirtualMemoryInformation,
+ IN ULONG Length,
+ OUT PULONG ResultLength
+ );
+
+/*
+ * FUNCTION: Raises a hard error (stops the system)
+ * ARGUMENTS:
+ * Status = Status code of the hard error
+ * Unknown2 = ??
+ * Unknown3 = ??
+ * Unknown4 = ??
+ * Unknown5 = ??
+ * Unknown6 = ??
+ * RETURNS: Status
+ *
+ */
+
+NTSTATUS
+STDCALL
+NtRaiseHardError(
+ IN NTSTATUS Status,
+ ULONG Unknown2,
+ ULONG Unknown3,
+ ULONG Unknown4,
+ ULONG Unknown5,
+ ULONG Unknown6
+ );
+
+/*
+ * FUNCTION: Sets the information of a registry key.
+ * ARGUMENTS:
+ * KeyHandle = Handle to the registry key
+ * KeyInformationClass = Index to the a certain information structure.
+ * Can be one of the following values:
+ *
+ * KeyLastWriteTimeInformation KEY_LAST_WRITE_TIME_INFORMATION
+ *
+ * KeyInformation = Storage for the new information
+ * KeyInformationLength = Size of the information strucure
+ * RETURNS: Status
+ */
+
+NTSTATUS
+STDCALL
+NtSetInformationKey(
+ IN HANDLE KeyHandle,
+ IN KEY_SET_INFORMATION_CLASS KeyInformationClass,
+ IN PVOID KeyInformation,
+ IN ULONG KeyInformationLength
+ );
+
+/*
+ * FUNCTION: Changes a set of object specific parameters
+ * ARGUMENTS:
+ * ObjectHandle =
+ * ObjectInformationClass = Index to the set of parameters to change.
+
+ ObjectHandleInformation OBJECT_HANDLE_ATTRIBUTE_INFORMATION
+
+
+ * ObjectInformation = Caller supplies storage for parameters to set.
+ * Length = Size of the storage supplied
+ * RETURNS: Status
+*/
+NTSTATUS
+STDCALL
+NtSetInformationObject(
+ IN HANDLE ObjectHandle,
+ IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
+ IN PVOID ObjectInformation,
+ IN ULONG Length
+ );
+
+/*
+ * FUNCTION: Sets the characteristics of a timer
+ * ARGUMENTS:
+ * TimerHandle = Handle to the timer
+ * DueTime = Time before the timer becomes signalled for the first time.
+ * TimerApcRoutine = Completion routine can be called on time completion
+ * TimerContext = Argument to the completion routine
+ * Resume = Specifies if the timer should repeated after completing one cycle
+ * Period = Cycle of the timer
+ * REMARKS: This routine maps to the win32 SetWaitableTimer.
+ * RETURNS: Status
+*/
+NTSTATUS
+STDCALL
+NtSetTimer(
+ IN HANDLE TimerHandle,
+ IN PLARGE_INTEGER DueTime,
+ IN PTIMER_APC_ROUTINE TimerApcRoutine OPTIONAL,
+ IN PVOID TimerContext OPTIONAL,
+ IN BOOLEAN ResumeTimer,
+ IN LONG Period OPTIONAL,
+ OUT PBOOLEAN PreviousState OPTIONAL
+ );
+
+/*
+ * FUNCTION: Unloads a registry key.
+ * ARGUMENTS:
+ * KeyHandle = Handle to the registry key
+ * REMARK:
+ * This procedure maps to the win32 procedure RegUnloadKey
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtUnloadKey(
+ IN POBJECT_ATTRIBUTES KeyObjectAttributes
+ );
+
+/*
+ * FUNCTION: Unlocks a range of virtual memory.
+ * ARGUMENTS:
+ * ProcessHandle = Handle to the process
+ * BaseAddress = Lower boundary of the range of bytes to unlock.
+ * NumberOfBytesToUnlock = Offset to the upper boundary to unlock.
+ * NumberOfBytesUnlocked (OUT) = Number of bytes actually unlocked.
+ * REMARK:
+ This procedure maps to the win32 procedure VirtualUnlock
+ * RETURNS: Status [ STATUS_SUCCESS | STATUS_PAGE_WAS_ULOCKED ]
+ */
+NTSTATUS
+STDCALL
+NtUnlockVirtualMemory(
+ IN HANDLE ProcessHandle,
+ IN PVOID BaseAddress,
+ IN ULONG NumberOfBytesToUnlock,
+ OUT PULONG NumberOfBytesUnlocked OPTIONAL
+ );
+
+/*
+ * FUNCTION: Waits for multiple objects to become signalled.
+ * ARGUMENTS:
+ * Count = The number of objects
+ * Object = The array of object handles
+ * WaitType = Can be one of the values UserMode or KernelMode
+ * Alertable = If true the wait is alertable.
+ * Time = The maximum wait time.
+ * REMARKS:
+ * This function maps to the win32 WaitForMultipleObjectEx.
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtWaitForMultipleObjects (
+ IN ULONG Count,
+ IN HANDLE Object[],
+ IN WAIT_TYPE WaitType,
+ IN BOOLEAN Alertable,
+ IN PLARGE_INTEGER Time
+ );
+
+
+
+
+
+#ifndef __USE_W32API
+
+/*
+ * FUNCTION: Continues a thread with the specified context
+ * ARGUMENTS:
+ * Context = Specifies the processor context
+ * IrqLevel = Specifies the Interupt Request Level to continue with. Can
+ * be PASSIVE_LEVEL or APC_LEVEL
+ * REMARKS
+ * NtContinue can be used to continue after an exception or apc.
+ * RETURNS: Status
+ */
+//FIXME This function might need another parameter
+
+NTSTATUS STDCALL ZwContinue(IN PCONTEXT Context, IN CINT IrqLevel);
+
+/*
+ * FUNCTION: Retrieves the system time
+ * ARGUMENTS:
+ * CurrentTime (OUT) = Caller should supply storage for the resulting time.
+ * RETURNS: Status
+ *
+*/
+
+NTSTATUS
+STDCALL
+ZwQuerySystemTime (
+ OUT PLARGE_INTEGER CurrentTime
+ );
+
+/*
+ * FUNCTION: Copies a handle from one process space to another
+ * ARGUMENTS:
+ * SourceProcessHandle = The source process owning the handle. The source process should have opened
+ * the SourceHandle with PROCESS_DUP_HANDLE access.
+ * SourceHandle = The handle to the object.
+ * TargetProcessHandle = The destination process owning the handle
+ * TargetHandle (OUT) = Caller should supply storage for the duplicated handle.
+ * DesiredAccess = The desired access to the handle.
+ * InheritHandle = Indicates wheter the new handle will be inheritable or not.
+ * Options = Specifies special actions upon duplicating the handle. Can be
+ * one of the values DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS.
+ * DUPLICATE_CLOSE_SOURCE specifies that the source handle should be
+ * closed after duplicating. DUPLICATE_SAME_ACCESS specifies to ignore
+ * the DesiredAccess paramter and just grant the same access to the new
+ * handle.
+ * RETURNS: Status
+ * REMARKS: This function maps to the win32 DuplicateHandle.
+ */
+
+NTSTATUS
+STDCALL
+NtDuplicateObject(
+ IN HANDLE SourceProcessHandle,
+ IN HANDLE SourceHandle,
+ IN HANDLE TargetProcessHandle,
+ OUT PHANDLE TargetHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN BOOLEAN InheritHandle,
+ IN ULONG Options
+ );
+
+NTSTATUS
+STDCALL
+ZwDuplicateObject(
+ IN HANDLE SourceProcessHandle,
+ IN PHANDLE SourceHandle,
+ IN HANDLE TargetProcessHandle,
+ OUT PHANDLE TargetHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN BOOLEAN InheritHandle,
+ IN ULONG Options
);
/*
* ARGUMENTS:
* SubsystemName = Specifies the name of the subsystem, can be "WIN32" or "DEBUG"
* ObjectHandle =
- * ObjectAttributes =
+ * ObjectTypeName =
+ * ObjectName =
+ * SecurityDescriptor =
* DesiredAcces =
* GenericMapping =
* ObjectCreation =
* RETURNS: Status
*/
-NTSTATUS
-STDCALL
-NtAccessCheckAndAuditAlarm(
- IN PUNICODE_STRING SubsystemName,
- IN PHANDLE ObjectHandle,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN ACCESS_MASK DesiredAccess,
- IN PGENERIC_MAPPING GenericMapping,
- IN BOOLEAN ObjectCreation,
- OUT PULONG GrantedAccess,
- OUT PBOOLEAN AccessStatus,
- OUT PBOOLEAN GenerateOnClose
- );
-
NTSTATUS
STDCALL
ZwAccessCheckAndAuditAlarm(
IN PUNICODE_STRING SubsystemName,
IN PHANDLE ObjectHandle,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
+ IN PUNICODE_STRING ObjectTypeName,
+ IN PUNICODE_STRING ObjectName,
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN ACCESS_MASK DesiredAccess,
IN PGENERIC_MAPPING GenericMapping,
IN BOOLEAN ObjectCreation,
- OUT PULONG GrantedAccess,
- OUT PBOOLEAN AccessStatus,
+ OUT PACCESS_MASK GrantedAccess,
+ OUT PNTSTATUS AccessStatus,
OUT PBOOLEAN GenerateOnClose
);
/*
* FUNCTION: Adds an atom to the global atom table
* ARGUMENTS:
- * AtomString = The string to add to the atom table.
- * Atom (OUT) = Caller supplies storage for the resulting atom.
+ * AtomName = The string to add to the atom table.
+ * AtomNameLength = Length of the atom name
+ * Atom (OUT) = Caller supplies storage for the resulting atom.
* REMARKS: The arguments map to the win32 add GlobalAddAtom.
* RETURNS: Status
*/
STDCALL
NtAddAtom(
IN PWSTR AtomName,
+ IN ULONG AtomNameLength,
IN OUT PRTL_ATOM Atom
);
STDCALL
ZwAddAtom(
IN PWSTR AtomName,
+ IN ULONG AtomNameLength,
IN OUT PRTL_ATOM Atom
);
NTSTATUS
STDCALL
NtAllocateUuids(
- PULARGE_INTEGER Time,
- PULONG Range,
- PULONG Sequence
+ OUT PULARGE_INTEGER Time,
+ OUT PULONG Range,
+ OUT PULONG Sequence,
+ OUT PUCHAR Seed
);
NTSTATUS
STDCALL
ZwAllocateUuids(
- PULARGE_INTEGER Time,
- PULONG Range,
- PULONG Sequence
- );
-
-/*
- * FUNCTION: Cancels a timer
- * ARGUMENTS:
- * TimerHandle = Handle to the timer
- * CurrentState = Specifies the state of the timer when cancelled.
- * REMARKS:
- * The arguments to this function map to the function CancelWaitableTimer.
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtCancelTimer(
- IN HANDLE TimerHandle,
- OUT PBOOLEAN CurrentState OPTIONAL
+ OUT PULARGE_INTEGER Time,
+ OUT PULONG Range,
+ OUT PULONG Sequence,
+ OUT PUCHAR Seed
);
NTSTATUS
*/
NTSTATUS
STDCALL
-NtCreatePagingFile(
- IN PUNICODE_STRING FileName,
- IN PLARGE_INTEGER InitialSize,
- IN PLARGE_INTEGER MaxiumSize,
- IN ULONG Reserved
- );
-
-NTSTATUS
-STDCALL
ZwCreatePagingFile(
IN PUNICODE_STRING FileName,
IN PLARGE_INTEGER InitialSize,
*/
NTSTATUS
STDCALL
-NtCreateThread(
- OUT PHANDLE ThreadHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
- IN HANDLE ProcessHandle,
- OUT PCLIENT_ID ClientId,
- IN PCONTEXT ThreadContext,
- IN PINITIAL_TEB InitialTeb,
- IN BOOLEAN CreateSuspended
- );
-
-NTSTATUS
-STDCALL
ZwCreateThread(
OUT PHANDLE ThreadHandle,
IN ACCESS_MASK DesiredAccess,
NtDuplicateToken(
IN HANDLE ExistingToken,
IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
+ IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
+ IN BOOLEAN EffectiveOnly,
IN TOKEN_TYPE TokenType,
OUT PHANDLE NewToken
);
ZwDuplicateToken(
IN HANDLE ExistingToken,
IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
+ IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
+ IN BOOLEAN EffectiveOnly,
IN TOKEN_TYPE TokenType,
OUT PHANDLE NewToken
);
* FUNCTION: Finds a atom
* ARGUMENTS:
* AtomName = Name to search for.
+ * AtomNameLength = Length of the atom name
* Atom = Caller supplies storage for the resulting atom
* RETURNS: Status
* REMARKS:
STDCALL
NtFindAtom(
IN PWSTR AtomName,
+ IN ULONG AtomNameLength,
OUT PRTL_ATOM Atom OPTIONAL
);
STDCALL
ZwFindAtom(
IN PWSTR AtomName,
+ IN ULONG AtomNameLength,
OUT PRTL_ATOM Atom OPTIONAL
);
*/
NTSTATUS
STDCALL
-NtFlushInstructionCache(
- IN HANDLE ProcessHandle,
- IN PVOID BaseAddress,
- IN UINT NumberOfBytesToFlush
- );
-
-NTSTATUS
-STDCALL
ZwFlushInstructionCache(
IN HANDLE ProcessHandle,
IN PVOID BaseAddress,
* NumberOfBytesFlushed = Actual number of bytes flushed
* RETURNS: Status
* REMARKS:
- * Check return status on STATUS_NOT_MAPPED_DATA
- */
-NTSTATUS
-STDCALL
-NtFlushVirtualMemory(
- IN HANDLE ProcessHandle,
- IN PVOID BaseAddress,
- IN ULONG NumberOfBytesToFlush,
- OUT PULONG NumberOfBytesFlushed OPTIONAL
- );
-
+ * Check return status on STATUS_NOT_MAPPED_DATA
+ */
NTSTATUS
STDCALL
ZwFlushVirtualMemory(
* UpTime = Number of clock ticks since boot.
* RETURNS: Status
*/
-NTSTATUS
-STDCALL
-NtGetTickCount(
- PULONG UpTime
- );
-
-NTSTATUS
-STDCALL
+ULONG
+STDCALL
ZwGetTickCount(
- PULONG UpTime
+ VOID
);
/*
* FUNCTION: Loads a registry key.
* ARGUMENTS:
- * KeyHandle = Handle to the registry key
- * ObjectAttributes = ???
+ * KeyObjectAttributes = Key to be loaded
+ * FileObjectAttributes = File to load the key from
* REMARK:
* This procedure maps to the win32 procedure RegLoadKey
* RETURNS: Status
*/
NTSTATUS
-STDCALL
-NtLoadKey(
- PHANDLE KeyHandle,
- POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-NTSTATUS
-STDCALL
+STDCALL
ZwLoadKey(
- PHANDLE KeyHandle,
- POBJECT_ATTRIBUTES ObjectAttributes
+ IN POBJECT_ATTRIBUTES KeyObjectAttributes,
+ IN POBJECT_ATTRIBUTES FileObjectAttributes
);
/*
- * FUNCTION: Locks a range of virtual memory.
+ * FUNCTION: Locks a range of virtual memory.
* ARGUMENTS:
* ProcessHandle = Handle to the process
- * BaseAddress = Lower boundary of the range of bytes to lock.
+ * BaseAddress = Lower boundary of the range of bytes to lock.
* NumberOfBytesLock = Offset to the upper boundary.
* NumberOfBytesLocked (OUT) = Number of bytes actually locked.
* REMARK:
- This procedure maps to the win32 procedure VirtualLock
+ This procedure maps to the win32 procedure VirtualLock.
* RETURNS: Status [STATUS_SUCCESS | STATUS_WAS_LOCKED ]
*/
NTSTATUS
-STDCALL
-NtLockVirtualMemory(
- HANDLE ProcessHandle,
- PVOID BaseAddress,
- ULONG NumberOfBytesToLock,
- PULONG NumberOfBytesLocked
- );
-
-NTSTATUS
-STDCALL
+STDCALL
ZwLockVirtualMemory(
HANDLE ProcessHandle,
PVOID BaseAddress,
PULONG NumberOfBytesLocked
);
-NTSTATUS
-STDCALL
-NtOpenObjectAuditAlarm(
- IN PUNICODE_STRING SubsystemName,
- IN PVOID HandleId,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN HANDLE ClientToken,
- IN ULONG DesiredAccess,
- IN ULONG GrantedAccess,
- IN PPRIVILEGE_SET Privileges,
- IN BOOLEAN ObjectCreation,
- IN BOOLEAN AccessGranted,
- OUT PBOOLEAN GenerateOnClose
- );
-
NTSTATUS
STDCALL
ZwOpenObjectAuditAlarm(
- IN PUNICODE_STRING SubsystemName,
- IN PVOID HandleId,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN HANDLE ClientToken,
- IN ULONG DesiredAccess,
- IN ULONG GrantedAccess,
+ IN PUNICODE_STRING SubsystemName,
+ IN PVOID HandleId,
+ IN PUNICODE_STRING ObjectTypeName,
+ IN PUNICODE_STRING ObjectName,
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN HANDLE ClientToken,
+ IN ULONG DesiredAccess,
+ IN ULONG GrantedAccess,
IN PPRIVILEGE_SET Privileges,
- IN BOOLEAN ObjectCreation,
- IN BOOLEAN AccessGranted,
- OUT PBOOLEAN GenerateOnClose
+ IN BOOLEAN ObjectCreation,
+ IN BOOLEAN AccessGranted,
+ OUT PBOOLEAN GenerateOnClose
);
/*
*/
NTSTATUS
STDCALL
-NtProtectVirtualMemory(
- IN HANDLE ProcessHandle,
- IN PVOID BaseAddress,
- IN ULONG NumberOfBytesToProtect,
- IN ULONG NewAccessProtection,
- OUT PULONG OldAccessProtection
- );
-
-NTSTATUS
-STDCALL
ZwProtectVirtualMemory(
IN HANDLE ProcessHandle,
- IN PVOID BaseAddress,
- IN ULONG NumberOfBytesToProtect,
+ IN PVOID *BaseAddress,
+ IN ULONG *NumberOfBytesToProtect,
IN ULONG NewAccessProtection,
OUT PULONG OldAccessProtection
);
/*
* FUNCTION: Query information about the content of a directory object
* ARGUMENTS:
- DirObjInformation = Buffer must be large enough to hold the name strings too
- GetNextIndex = If TRUE :return the index of the next object in this directory in ObjectIndex
- If FALSE: return the number of objects in this directory in ObjectIndex
- IgnoreInputIndex= If TRUE: ignore input value of ObjectIndex always start at index 0
- If FALSE use input value of ObjectIndex
- ObjectIndex = zero based index of object in the directory depends on GetNextIndex and IgnoreInputIndex
- DataWritten = Actual size of the ObjectIndex ???
+ DirectoryHandle =
+ Buffer = Buffer must be large enough to hold the name strings too
+ ReturnSingleEntry = If TRUE :return the index of the next object in this directory in ObjectIndex
+ If FALSE: return the number of objects in this directory in ObjectIndex
+ RestartScan = If TRUE: ignore input value of ObjectIndex always start at index 0
+ If FALSE use input value of ObjectIndex
+ Context = zero based index of object in the directory depends on GetNextIndex and IgnoreInputIndex
+ ReturnLength = Actual size of the ObjectIndex ???
* RETURNS: Status
*/
NTSTATUS
STDCALL
-NtQueryDirectoryObject(
- IN HANDLE DirObjHandle,
- OUT POBJDIR_INFORMATION DirObjInformation,
- IN ULONG BufferLength,
- IN BOOLEAN GetNextIndex,
- IN BOOLEAN IgnoreInputIndex,
- IN OUT PULONG ObjectIndex,
- OUT PULONG DataWritten OPTIONAL
- );
-
-NTSTATUS
-STDCALL
ZwQueryDirectoryObject(
- IN HANDLE DirObjHandle,
- OUT POBJDIR_INFORMATION DirObjInformation,
- IN ULONG BufferLength,
- IN BOOLEAN GetNextIndex,
- IN BOOLEAN IgnoreInputIndex,
- IN OUT PULONG ObjectIndex,
- OUT PULONG DataWritten OPTIONAL
+ IN HANDLE DirectoryHandle,
+ OUT PVOID Buffer,
+ IN ULONG BufferLength,
+ IN BOOLEAN ReturnSingleEntry,
+ IN BOOLEAN RestartScan,
+ IN OUT PULONG Context,
+ OUT PULONG ReturnLength OPTIONAL
);
/*
STDCALL
NtQueryInformationProcess(
IN HANDLE ProcessHandle,
- IN CINT ProcessInformationClass,
+ IN PROCESSINFOCLASS ProcessInformationClass,
OUT PVOID ProcessInformation,
IN ULONG ProcessInformationLength,
- OUT PULONG ReturnLength
+ OUT PULONG ReturnLength OPTIONAL
);
NTSTATUS
STDCALL
ZwQueryInformationProcess(
IN HANDLE ProcessHandle,
- IN CINT ProcessInformationClass,
+ IN PROCESSINFOCLASS ProcessInformationClass,
OUT PVOID ProcessInformation,
IN ULONG ProcessInformationLength,
- OUT PULONG ReturnLength
+ OUT PULONG ReturnLength OPTIONAL
);
/*
*/
NTSTATUS
STDCALL
-NtQueryIntervalProfile(
- OUT PULONG Interval,
- OUT KPROFILE_SOURCE ClockSource
- );
-
-NTSTATUS
-STDCALL
ZwQueryIntervalProfile(
- OUT PULONG Interval,
- OUT KPROFILE_SOURCE ClockSource
+ IN KPROFILE_SOURCE ProfileSource,
+ OUT PULONG Interval
);
/*
* FUNCTION: Queries the information of a object.
- * ARGUMENTS:
+ * ARGUMENTS:
ObjectHandle = Handle to a object
ObjectInformationClass = Index to a certain information structure
- ObjectBasicInformation
- ObjectTypeInformation OBJECT_TYPE_INFORMATION
+ ObjectBasicInformation OBJECT_BASIC_INFORMATION
ObjectNameInformation OBJECT_NAME_INFORMATION
- ObjectDataInformation OBJECT_DATA_INFORMATION
+ ObjectTypeInformation OBJECT_TYPE_INFORMATION
+ ObjectAllTypesInformation OBJECT_ALL_TYPES_INFORMATION
+ ObjectHandleInformation OBJECT_HANDLE_ATTRIBUTES_INFORMATION
ObjectInformation = Caller supplies storage for resulting information
- Length = Size of the supplied storage
+ Length = Size of the supplied storage
ResultLength = Bytes written
*/
-NTSTATUS
-STDCALL
-NtQueryObject(
- IN HANDLE ObjectHandle,
- IN CINT ObjectInformationClass,
- OUT PVOID ObjectInformation,
- IN ULONG Length,
- OUT PULONG ResultLength
- );
-
NTSTATUS
STDCALL
ZwQueryObject(
IN HANDLE ObjectHandle,
- IN CINT ObjectInformationClass,
+ IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
OUT PVOID ObjectInformation,
IN ULONG Length,
- OUT PULONG ResultLength
+ OUT PULONG ResultLength OPTIONAL
);
NTSTATUS
STDCALL
NtQuerySecurityObject(
- IN HANDLE Object,
- IN CINT SecurityObjectInformationClass,
- OUT PVOID SecurityObjectInformation,
+ IN HANDLE Handle,
+ IN SECURITY_INFORMATION SecurityInformation,
+ OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
IN ULONG Length,
- OUT PULONG ReturnLength
+ OUT PULONG ResultLength
);
NTSTATUS
STDCALL
ZwQuerySecurityObject(
- IN HANDLE Object,
- IN CINT SecurityObjectInformationClass,
- OUT PVOID SecurityObjectInformation,
+ IN HANDLE Handle,
+ IN SECURITY_INFORMATION SecurityInformation,
+ OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
IN ULONG Length,
- OUT PULONG ReturnLength
+ OUT PULONG ResultLength
);
/*
*
*/
-NTSTATUS
-STDCALL
-NtQueryVirtualMemory(
- IN HANDLE ProcessHandle,
- IN PVOID Address,
- IN IN CINT VirtualMemoryInformationClass,
- OUT PVOID VirtualMemoryInformation,
- IN ULONG Length,
- OUT PULONG ResultLength
- );
-
NTSTATUS
STDCALL
ZwQueryVirtualMemory(
* RETURNS: Status
*
*/
-
-NTSTATUS
-STDCALL
-NtRaiseHardError(
- IN NTSTATUS Status,
- ULONG Unknown2,
- ULONG Unknown3,
- ULONG Unknown4,
- ULONG Unknown5,
- ULONG Unknown6
- );
-
NTSTATUS
STDCALL
ZwRaiseHardError(
* KeyInformationClass = Index to the a certain information structure.
Can be one of the following values:
- * KeyWriteTimeInformation KEY_WRITE_TIME_INFORMATION
+ * KeyLastWriteTimeInformation KEY_LAST_WRITE_TIME_INFORMATION
KeyInformation = Storage for the new information
* KeyInformationLength = Size of the information strucure
* RETURNS: Status
*/
-NTSTATUS
-STDCALL
-NtSetInformationKey(
- IN HANDLE KeyHandle,
- IN CINT KeyInformationClass,
- IN PVOID KeyInformation,
- IN ULONG KeyInformationLength
- );
-
NTSTATUS
STDCALL
ZwSetInformationKey(
IN HANDLE KeyHandle,
- IN CINT KeyInformationClass,
+ IN KEY_SET_INFORMATION_CLASS KeyInformationClass,
IN PVOID KeyInformation,
IN ULONG KeyInformationLength
);
* ObjectHandle =
* ObjectInformationClass = Index to the set of parameters to change.
-
- ObjectBasicInformation
- ObjectTypeInformation OBJECT_TYPE_INFORMATION
- ObjectAllInformation
- ObjectDataInformation OBJECT_DATA_INFORMATION
- ObjectNameInformation OBJECT_NAME_INFORMATION
+ ObjectHandleInformation OBJECT_HANDLE_ATTRIBUTE_INFORMATION
* ObjectInformation = Caller supplies storage for parameters to set.
* Length = Size of the storage supplied
* RETURNS: Status
*/
-NTSTATUS
-STDCALL
-NtSetInformationObject(
- IN HANDLE ObjectHandle,
- IN CINT ObjectInformationClass,
- IN PVOID ObjectInformation,
- IN ULONG Length
- );
-
NTSTATUS
STDCALL
ZwSetInformationObject(
IN HANDLE ObjectHandle,
- IN CINT ObjectInformationClass,
+ IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
IN PVOID ObjectInformation,
- IN ULONG Length
+ IN ULONG Length
);
/*
STDCALL
NtSetInformationProcess(
IN HANDLE ProcessHandle,
- IN CINT ProcessInformationClass,
+ IN PROCESSINFOCLASS ProcessInformationClass,
IN PVOID ProcessInformation,
IN ULONG ProcessInformationLength
);
STDCALL
ZwSetInformationProcess(
IN HANDLE ProcessHandle,
- IN CINT ProcessInformationClass,
+ IN PROCESSINFOCLASS ProcessInformationClass,
IN PVOID ProcessInformation,
IN ULONG ProcessInformationLength
);
* REMARKS: This routine maps to the win32 SetWaitableTimer.
* RETURNS: Status
*/
-NTSTATUS
-STDCALL
-NtSetTimer(
- IN HANDLE TimerHandle,
- IN PLARGE_INTEGER DueTime,
- IN PTIMERAPCROUTINE TimerApcRoutine,
- IN PVOID TimerContext,
- IN BOOL WakeTimer,
- IN ULONG Period OPTIONAL,
- OUT PBOOLEAN PreviousState OPTIONAL
- );
-
NTSTATUS
STDCALL
ZwSetTimer(
IN HANDLE TimerHandle,
IN PLARGE_INTEGER DueTime,
- IN PTIMERAPCROUTINE TimerApcRoutine,
- IN PVOID TimerContext,
- IN BOOL WakeTimer,
- IN ULONG Period OPTIONAL,
- OUT PBOOLEAN PreviousState OPTIONAL
+ IN PTIMER_APC_ROUTINE TimerApcRoutine OPTIONAL,
+ IN PVOID TimerContext OPTIONAL,
+ IN BOOLEAN ResumeTimer,
+ IN LONG Period OPTIONAL,
+ OUT PBOOLEAN PreviousState OPTIONAL
);
+NTSTATUS STDCALL
+NtSetUuidSeed(IN PUCHAR Seed);
+
+NTSTATUS STDCALL
+ZwSetUuidSeed(IN PUCHAR Seed);
+
/*
* FUNCTION: Unloads a registry key.
* ARGUMENTS:
*/
NTSTATUS
STDCALL
-NtUnloadKey(
- HANDLE KeyHandle
- );
-
-NTSTATUS
-STDCALL
ZwUnloadKey(
- HANDLE KeyHandle
+ IN POBJECT_ATTRIBUTES KeyObjectAttributes
);
/*
* REMARK:
This procedure maps to the win32 procedure VirtualUnlock
* RETURNS: Status [ STATUS_SUCCESS | STATUS_PAGE_WAS_ULOCKED ]
- */
-NTSTATUS
-STDCALL
-NtUnlockVirtualMemory(
- IN HANDLE ProcessHandle,
- IN PVOID BaseAddress,
- IN ULONG NumberOfBytesToUnlock,
- OUT PULONG NumberOfBytesUnlocked OPTIONAL
- );
-
+ */
NTSTATUS
STDCALL
ZwUnlockVirtualMemory(
*/
NTSTATUS
STDCALL
-NtWaitForMultipleObjects (
- IN ULONG Count,
- IN HANDLE Object[],
- IN CINT WaitType,
- IN BOOLEAN Alertable,
- IN PLARGE_INTEGER Time
- );
-
-NTSTATUS
-STDCALL
ZwWaitForMultipleObjects (
IN ULONG Count,
IN HANDLE Object[],
- IN CINT WaitType,
+ IN WAIT_TYPE WaitType,
IN BOOLEAN Alertable,
IN PLARGE_INTEGER Time
);
* RETURNS: Status
*/
-NTSTATUS
-STDCALL
-NtCreateProfile(OUT PHANDLE ProfileHandle,
- IN HANDLE ProcessHandle,
- IN PVOID ImageBase,
- IN ULONG ImageSize,
- IN ULONG Granularity,
- OUT PULONG Buffer,
- IN ULONG ProfilingSize,
- IN KPROFILE_SOURCE Source,
- IN ULONG ProcessorMask);
-
NTSTATUS
STDCALL
ZwCreateProfile(
- OUT PHANDLE ProfileHandle,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN ULONG ImageBase,
- IN ULONG ImageSize,
- IN ULONG Granularity,
- OUT PVOID Buffer,
- IN ULONG ProfilingSize,
- IN ULONG ClockSource,
- IN ULONG ProcessorMask
+ OUT PHANDLE ProfileHandle,
+ IN HANDLE Process OPTIONAL,
+ IN PVOID ImageBase,
+ IN ULONG ImageSize,
+ IN ULONG BucketSize,
+ IN PVOID Buffer,
+ IN ULONG BufferSize,
+ IN KPROFILE_SOURCE ProfileSource,
+ IN KAFFINITY Affinity
);
/*
* Interval = Specifies the interval to wait.
* RETURNS: Status
*/
-
-NTSTATUS
-STDCALL
-NtDelayExecution(
- IN ULONG Alertable,
- IN TIME *Interval
- );
-
NTSTATUS
STDCALL
ZwDelayExecution(
IN BOOLEAN Alertable,
- IN TIME *Interval
+ IN PLARGE_INTEGER DelayInterval
);
/*
*/
NTSTATUS
STDCALL
-NtExtendSection(
- IN HANDLE SectionHandle,
- IN ULONG NewMaximumSize
- );
-
-NTSTATUS
-STDCALL
ZwExtendSection(
IN HANDLE SectionHandle,
- IN ULONG NewMaximumSize
+ IN PLARGE_INTEGER NewMaximumSize
);
/*
* RETURNS: Status
*
*/
-NTSTATUS
-STDCALL
-NtQuerySection(
- IN HANDLE SectionHandle,
- IN CINT SectionInformationClass,
- OUT PVOID SectionInformation,
- IN ULONG Length,
- OUT PULONG ResultLength
- );
-
NTSTATUS
STDCALL
ZwQuerySection(
typedef struct _SECTION_IMAGE_INFORMATION
{
- PVOID EntryPoint;
+ ULONG_PTR EntryPoint;
ULONG Unknown1;
- ULONG StackReserve;
- ULONG StackCommit;
+ ULONG_PTR StackReserve;
+ ULONG_PTR StackCommit;
ULONG Subsystem;
USHORT MinorSubsystemVersion;
USHORT MajorSubsystemVersion;
#endif /* !__USE_W32API */
+/*
+ * FUNCTION: Loads a registry key.
+ * ARGUMENTS:
+ * KeyObjectAttributes = Key to be loaded
+ * FileObjectAttributes = File to load the key from
+ * Flags = ???
+ * REMARK:
+ * This procedure maps to the win32 procedure RegLoadKey
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtLoadKey2(
+ IN POBJECT_ATTRIBUTES KeyObjectAttributes,
+ IN POBJECT_ATTRIBUTES FileObjectAttributes,
+ IN ULONG Flags
+ );
+
+NTSTATUS
+STDCALL
+ZwLoadKey2(
+ IN POBJECT_ATTRIBUTES KeyObjectAttributes,
+ IN POBJECT_ATTRIBUTES FileObjectAttributes,
+ IN ULONG Flags
+ );
+
+/*
+ * FUNCTION: Retrieves the system time
+ * ARGUMENTS:
+ * CurrentTime (OUT) = Caller should supply storage for the resulting time.
+ * RETURNS: Status
+ *
+*/
+
+NTSTATUS
+STDCALL
+NtQuerySystemTime (
+ OUT PLARGE_INTEGER CurrentTime
+ );
+
+/*
+ * FUNCTION: Queries the information of a object.
+ * ARGUMENTS:
+ ObjectHandle = Handle to a object
+ ObjectInformationClass = Index to a certain information structure
+
+ ObjectBasicInformation OBJECT_BASIC_INFORMATION
+ ObjectNameInformation OBJECT_NAME_INFORMATION
+ ObjectTypeInformation OBJECT_TYPE_INFORMATION
+ ObjectAllTypesInformation OBJECT_ALL_TYPES_INFORMATION
+ ObjectHandleInformation OBJECT_HANDLE_ATTRIBUTE_INFORMATION
+
+ ObjectInformation = Caller supplies storage for resulting information
+ Length = Size of the supplied storage
+ ResultLength = Bytes written
+ */
+
+NTSTATUS
+STDCALL
+NtQueryObject(
+ IN HANDLE ObjectHandle,
+ IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
+ OUT PVOID ObjectInformation,
+ IN ULONG Length,
+ OUT PULONG ResultLength OPTIONAL
+ );
+
+/* BEGIN REACTOS ONLY */
+
+BOOLEAN STDCALL
+ExInitializeBinaryTree(IN PBINARY_TREE Tree,
+ IN PKEY_COMPARATOR Compare,
+ IN BOOLEAN UseNonPagedPool);
+
+VOID STDCALL
+ExDeleteBinaryTree(IN PBINARY_TREE Tree);
+
+VOID STDCALL
+ExInsertBinaryTree(IN PBINARY_TREE Tree,
+ IN PVOID Key,
+ IN PVOID Value);
+
+BOOLEAN STDCALL
+ExSearchBinaryTree(IN PBINARY_TREE Tree,
+ IN PVOID Key,
+ OUT PVOID * Value);
+
+BOOLEAN STDCALL
+ExRemoveBinaryTree(IN PBINARY_TREE Tree,
+ IN PVOID Key,
+ IN PVOID * Value);
+
+BOOLEAN STDCALL
+ExTraverseBinaryTree(IN PBINARY_TREE Tree,
+ IN TRAVERSE_METHOD Method,
+ IN PTRAVERSE_ROUTINE Routine,
+ IN PVOID Context);
+
+BOOLEAN STDCALL
+ExInitializeSplayTree(IN PSPLAY_TREE Tree,
+ IN PKEY_COMPARATOR Compare,
+ IN BOOLEAN Weighted,
+ IN BOOLEAN UseNonPagedPool);
+
+VOID STDCALL
+ExDeleteSplayTree(IN PSPLAY_TREE Tree);
+
+VOID STDCALL
+ExInsertSplayTree(IN PSPLAY_TREE Tree,
+ IN PVOID Key,
+ IN PVOID Value);
+
+BOOLEAN STDCALL
+ExSearchSplayTree(IN PSPLAY_TREE Tree,
+ IN PVOID Key,
+ OUT PVOID * Value);
+
+BOOLEAN STDCALL
+ExRemoveSplayTree(IN PSPLAY_TREE Tree,
+ IN PVOID Key,
+ IN PVOID * Value);
+
+BOOLEAN STDCALL
+ExWeightOfSplayTree(IN PSPLAY_TREE Tree,
+ OUT PULONG Weight);
+
+BOOLEAN STDCALL
+ExTraverseSplayTree(IN PSPLAY_TREE Tree,
+ IN TRAVERSE_METHOD Method,
+ IN PTRAVERSE_ROUTINE Routine,
+ IN PVOID Context);
+
+BOOLEAN STDCALL
+ExInitializeHashTable(IN PHASH_TABLE HashTable,
+ IN ULONG HashTableSize,
+ IN PKEY_COMPARATOR Compare OPTIONAL,
+ IN BOOLEAN UseNonPagedPool);
+
+VOID STDCALL
+ExDeleteHashTable(IN PHASH_TABLE HashTable);
+
+VOID STDCALL
+ExInsertHashTable(IN PHASH_TABLE HashTable,
+ IN PVOID Key,
+ IN ULONG KeyLength,
+ IN PVOID Value);
+
+BOOLEAN STDCALL
+ExSearchHashTable(IN PHASH_TABLE HashTable,
+ IN PVOID Key,
+ IN ULONG KeyLength,
+ OUT PVOID * Value);
+
+BOOLEAN STDCALL
+ExRemoveHashTable(IN PHASH_TABLE HashTable,
+ IN PVOID Key,
+ IN ULONG KeyLength,
+ IN PVOID * Value);
+
+/* END REACTOS ONLY */
+
#endif /* __DDK_ZW_H */