-\r
-/* $Id: zw.h,v 1.3 2002/11/15 21:56:37 chorns Exp $\r
- *\r
- * COPYRIGHT: See COPYING in the top level directory\r
- * PROJECT: ReactOS kernel\r
- * PURPOSE: System call definitions\r
- * FILE: include/ddk/zw.h\r
- * REVISION HISTORY: \r
- * ??/??/??: First few functions (David Welch)\r
- * ??/??/??: Complete implementation by Ariadne\r
- * 13/07/98: Reorganised things a bit (David Welch)\r
- * 04/08/98: Added some documentation (Ariadne)\r
- * 14/08/98: Added type TIME and change variable type from [1] to [0]\r
- * 14/09/98: Added for each Nt call a corresponding Zw Call\r
- */\r
-\r
-#ifndef __DDK_ZW_H\r
-#define __DDK_ZW_H\r
-\r
-#include <ntos/security.h>\r
-#include <ntos/zwtypes.h>\r
-#include <napi/npipe.h>\r
-\r
+
+/* $Id: zw.h,v 1.4 2002/11/15 23:26:15 chorns Exp $
+ *
+ * COPYRIGHT: See COPYING in the top level directory
+ * PROJECT: ReactOS kernel
+ * PURPOSE: System call definitions
+ * FILE: include/ddk/zw.h
+ * REVISION HISTORY:
+ * ??/??/??: First few functions (David Welch)
+ * ??/??/??: Complete implementation by Ariadne
+ * 13/07/98: Reorganised things a bit (David Welch)
+ * 04/08/98: Added some documentation (Ariadne)
+ * 14/08/98: Added type TIME and change variable type from [1] to [0]
+ * 14/09/98: Added for each Nt call a corresponding Zw Call
+ */
+
+#ifndef __DDK_ZW_H
+#define __DDK_ZW_H
+
+#include <ntos/security.h>
+#include <ntos/zwtypes.h>
+#include <napi/npipe.h>
+
#define RtlGetProcessHeap() (NtCurrentPeb()->ProcessHeap)
-\r
-// semaphore information\r
-\r
-typedef enum _SEMAPHORE_INFORMATION_CLASS\r
-{\r
- SemaphoreBasicInformation = 0\r
-} SEMAPHORE_INFORMATION_CLASS;\r
-\r
-typedef struct _SEMAPHORE_BASIC_INFORMATION\r
-{\r
- LONG CurrentCount;\r
- LONG MaximumCount;\r
-} SEMAPHORE_BASIC_INFORMATION, *PSEMAPHORE_BASIC_INFORMATION;\r
-\r
-// event information\r
-\r
-typedef enum _EVENT_INFORMATION_CLASS\r
-{\r
- EventBasicInformation = 0\r
-} EVENT_INFORMATION_CLASS;\r
-\r
-typedef struct _EVENT_BASIC_INFORMATION\r
-{\r
- EVENT_TYPE EventType;\r
- LONG EventState;\r
-} EVENT_BASIC_INFORMATION, *PEVENT_BASIC_INFORMATION;\r
-\r
-//#define LCID ULONG\r
-//#define SECURITY_INFORMATION ULONG\r
-//typedef ULONG SECURITY_INFORMATION;\r
-\r
-/*\r
- * FUNCTION: Adjusts the groups in an access token\r
- * ARGUMENTS: \r
- * TokenHandle = Specifies the access token\r
- * ResetToDefault = If true the NewState parameter is ignored and the groups are set to\r
- * their default state, if false the groups specified in\r
- * NewState are set.\r
- * NewState = \r
- * BufferLength = Specifies the size of the buffer for the PreviousState.\r
- * PreviousState = \r
- * ReturnLength = Bytes written in PreviousState buffer.\r
- * REMARKS: The arguments map to the win32 AdjustTokenGroups\r
- * RETURNS: Status\r
- */\r
-\r
-NTSTATUS \r
-STDCALL \r
-NtAdjustGroupsToken(\r
- IN HANDLE TokenHandle,\r
- IN BOOLEAN ResetToDefault,\r
- IN PTOKEN_GROUPS NewState,\r
- IN ULONG BufferLength,\r
- OUT PTOKEN_GROUPS PreviousState OPTIONAL,\r
- OUT PULONG ReturnLength\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwAdjustGroupsToken(\r
- IN HANDLE TokenHandle,\r
- IN BOOLEAN ResetToDefault,\r
- IN PTOKEN_GROUPS NewState,\r
- IN ULONG BufferLength,\r
- OUT PTOKEN_GROUPS PreviousState,\r
- OUT PULONG ReturnLength\r
- );\r
-\r
-\r
-/*\r
- * FUNCTION:\r
- *\r
- * ARGUMENTS:\r
- * TokenHandle = Handle to the access token\r
- * DisableAllPrivileges = The resulting suspend count.\r
- NewState = \r
- BufferLength =\r
- PreviousState =\r
- ReturnLength =\r
- * REMARK:\r
- * The arguments map to the win32 AdjustTokenPrivileges\r
- * RETURNS: Status\r
- */\r
-\r
-NTSTATUS \r
-STDCALL \r
-NtAdjustPrivilegesToken(\r
- IN HANDLE TokenHandle,\r
- IN BOOLEAN DisableAllPrivileges,\r
- IN PTOKEN_PRIVILEGES NewState,\r
- IN ULONG BufferLength,\r
- OUT PTOKEN_PRIVILEGES PreviousState,\r
- OUT PULONG ReturnLength\r
- );\r
-\r
-NTSTATUS \r
-STDCALL \r
-ZwAdjustPrivilegesToken(\r
- IN HANDLE TokenHandle,\r
- IN BOOLEAN DisableAllPrivileges,\r
- IN PTOKEN_PRIVILEGES NewState,\r
- IN ULONG BufferLength,\r
- OUT PTOKEN_PRIVILEGES PreviousState,\r
- OUT PULONG ReturnLength\r
- );\r
-\r
-\r
-/*\r
- * FUNCTION: Decrements a thread's suspend count and places it in an alerted \r
- * state.\r
- * ARGUMENTS: \r
- * ThreadHandle = Handle to the thread that should be resumed\r
- * SuspendCount = The resulting suspend count.\r
- * REMARK:\r
- * A thread is resumed if its suspend count is 0\r
- * RETURNS: Status\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtAlertResumeThread(\r
- IN HANDLE ThreadHandle,\r
- OUT PULONG SuspendCount\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwAlertResumeThread(\r
- IN HANDLE ThreadHandle,\r
- OUT PULONG SuspendCount\r
- );\r
-\r
-/*\r
- * FUNCTION: Puts the thread in a alerted state\r
- * ARGUMENTS: \r
- * ThreadHandle = Handle to the thread that should be alerted\r
- * RETURNS: Status\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtAlertThread(\r
- IN HANDLE ThreadHandle\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwAlertThread(\r
- IN HANDLE ThreadHandle\r
- );\r
-\r
-\r
-/*\r
- * FUNCTION: Allocates a locally unique id\r
- * ARGUMENTS: \r
- * LocallyUniqueId = Locally unique number\r
- * RETURNS: Status\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtAllocateLocallyUniqueId(\r
- OUT LUID *LocallyUniqueId\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwAllocateLocallyUniqueId(\r
- OUT PLUID Luid\r
- );\r
-\r
-/*\r
- * FUNCTION: Allocates a block of virtual memory in the process address space\r
- * ARGUMENTS:\r
- * ProcessHandle = The handle of the process which owns the virtual memory\r
- * BaseAddress = A pointer to the virtual memory allocated. If you supply a non zero\r
- * value the system will try to allocate the memory at the address supplied. It rounds\r
- * it down to a multiple if the page size.\r
- * ZeroBits = (OPTIONAL) You can specify the number of high order bits that must be zero, ensuring that \r
- * the memory will be allocated at a address below a certain value.\r
- * RegionSize = The number of bytes to allocate\r
- * AllocationType = Indicates the type of virtual memory you like to allocated,\r
- * can be one of the values : MEM_COMMIT, MEM_RESERVE, MEM_RESET, MEM_TOP_DOWN\r
- * Protect = Indicates the protection type of the pages allocated, can be a combination of\r
- * PAGE_READONLY, PAGE_READWRITE, PAGE_EXECUTE_READ,\r
- * PAGE_EXECUTE_READWRITE, PAGE_GUARD, PAGE_NOACCESS, PAGE_NOACCESS\r
- * REMARKS:\r
- * This function maps to the win32 VirtualAllocEx. Virtual memory is process based so the \r
- * protocol starts with a ProcessHandle. I splitted the functionality of obtaining the actual address and specifying\r
- * the start address in two parameters ( BaseAddress and StartAddress ) The NumberOfBytesAllocated specify the range\r
- * and the AllocationType and ProctectionType map to the other two parameters.\r
- * RETURNS: Status\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtAllocateVirtualMemory (\r
- IN HANDLE ProcessHandle,\r
- IN OUT PVOID *BaseAddress,\r
- IN ULONG ZeroBits,\r
- IN OUT PULONG RegionSize,\r
- IN ULONG AllocationType,\r
- IN ULONG Protect\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwAllocateVirtualMemory (\r
- IN HANDLE ProcessHandle,\r
- IN OUT PVOID *BaseAddress,\r
- IN ULONG ZeroBits,\r
- IN OUT PULONG RegionSize,\r
- IN ULONG AllocationType,\r
- IN ULONG Protect);\r
-\r
-/*\r
- * FUNCTION: Returns from a callback into user mode\r
- * ARGUMENTS:\r
- * RETURN Status\r
- */\r
-//FIXME: this function might need 3 parameters\r
-NTSTATUS STDCALL NtCallbackReturn(PVOID Result,\r
- ULONG ResultLength,\r
- NTSTATUS Status);\r
-\r
-NTSTATUS STDCALL ZwCallbackReturn(PVOID Result,\r
- ULONG ResultLength,\r
- NTSTATUS Status);\r
-\r
-/*\r
- * FUNCTION: Cancels a IO request\r
- * ARGUMENTS: \r
- * FileHandle = Handle to the file\r
- * IoStatusBlock = \r
- *\r
- * REMARKS:\r
- * This function maps to the win32 CancelIo.\r
- * RETURNS: Status\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtCancelIoFile(\r
- IN HANDLE FileHandle,\r
- OUT PIO_STATUS_BLOCK IoStatusBlock\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwCancelIoFile(\r
- IN HANDLE FileHandle,\r
- OUT PIO_STATUS_BLOCK IoStatusBlock\r
- );\r
-\r
-/*\r
- * FUNCTION: Sets the status of the event back to non-signaled\r
- * ARGUMENTS: \r
- * EventHandle = Handle to the event\r
- * REMARKS:\r
- * This function maps to win32 function ResetEvent.\r
- * RETURcNS: Status\r
- */\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtClearEvent(\r
- IN HANDLE EventHandle\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwClearEvent(\r
- IN HANDLE EventHandle\r
- );\r
-\r
-/*\r
- * FUNCTION: Closes an object handle\r
- * ARGUMENTS:\r
- * Handle = Handle to the object\r
- * REMARKS:\r
- * This function maps to the win32 function CloseHandle. \r
- * RETURNS: Status\r
- */\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtClose(\r
- IN HANDLE Handle\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwClose(\r
- IN HANDLE Handle\r
- );\r
-\r
-/*\r
- * FUNCTION: Generates an audit message when a handle to an object is dereferenced\r
- * ARGUMENTS:\r
- * SubsystemName = \r
- HandleId = Handle to the object\r
- GenerateOnClose =\r
- * REMARKS:\r
- * This function maps to the win32 function ObjectCloseAuditAlarm. \r
- * RETURNS: Status\r
- */\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtCloseObjectAuditAlarm(\r
- IN PUNICODE_STRING SubsystemName,\r
- IN PVOID HandleId,\r
- IN BOOLEAN GenerateOnClose\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwCloseObjectAuditAlarm(\r
- IN PUNICODE_STRING SubsystemName,\r
- IN PVOID HandleId,\r
- IN BOOLEAN GenerateOnClose\r
- );\r
-\r
-/*\r
- * FUNCTION: Creates a directory object\r
- * ARGUMENTS:\r
- * DirectoryHandle (OUT) = Caller supplied storage for the resulting handle\r
- * DesiredAccess = Specifies access to the directory\r
- * ObjectAttribute = Initialized attributes for the object\r
- * REMARKS: This function maps to the win32 CreateDirectory. A directory is like a file so it needs a\r
- * handle, a access mask and a OBJECT_ATTRIBUTES structure to map the path name and the SECURITY_ATTRIBUTES.\r
- * RETURNS: Status\r
- */\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtCreateDirectoryObject(\r
- OUT PHANDLE DirectoryHandle,\r
- IN ACCESS_MASK DesiredAccess,\r
- IN POBJECT_ATTRIBUTES ObjectAttributes\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwCreateDirectoryObject(\r
- OUT PHANDLE DirectoryHandle,\r
- IN ACCESS_MASK DesiredAccess,\r
- IN POBJECT_ATTRIBUTES ObjectAttributes\r
- );\r
-\r
-/*\r
- * FUNCTION: Creates an event object\r
- * ARGUMENTS:\r
- * EventHandle (OUT) = Caller supplied storage for the resulting handle\r
- * DesiredAccess = Specifies access to the event\r
- * ObjectAttribute = Initialized attributes for the object\r
- * ManualReset = manual-reset or auto-reset if true you have to reset the state of the event manually\r
- * using NtResetEvent/NtClearEvent. if false the system will reset the event to a non-signalled state\r
- * automatically after the system has rescheduled a thread waiting on the event.\r
- * InitialState = specifies the initial state of the event to be signaled ( TRUE ) or non-signalled (FALSE).\r
- * REMARKS: This function maps to the win32 CreateEvent. Demanding a out variable of type HANDLE,\r
- * a access mask and a OBJECT_ATTRIBUTES structure mapping to the SECURITY_ATTRIBUTES. ManualReset and InitialState are\r
- * both parameters aswell ( possibly the order is reversed ).\r
- * RETURNS: Status\r
- */\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtCreateEvent(\r
- OUT PHANDLE EventHandle,\r
- IN ACCESS_MASK DesiredAccess,\r
- IN POBJECT_ATTRIBUTES ObjectAttributes,\r
- IN BOOLEAN ManualReset,\r
- IN BOOLEAN InitialState\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwCreateEvent(\r
- OUT PHANDLE EventHandle,\r
- IN ACCESS_MASK DesiredAccess,\r
- IN POBJECT_ATTRIBUTES ObjectAttributes,\r
- IN BOOLEAN ManualReset,\r
- IN BOOLEAN InitialState\r
- );\r
-\r
-/*\r
- * FUNCTION: Creates an eventpair object\r
- * ARGUMENTS:\r
- * EventPairHandle (OUT) = Caller supplied storage for the resulting handle\r
- * DesiredAccess = Specifies access to the event\r
- * ObjectAttribute = Initialized attributes for the object\r
- */\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtCreateEventPair(\r
- OUT PHANDLE EventPairHandle,\r
- IN ACCESS_MASK DesiredAccess,\r
- IN POBJECT_ATTRIBUTES ObjectAttributes\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwCreateEventPair(\r
- OUT PHANDLE EventPairHandle,\r
- IN ACCESS_MASK DesiredAccess,\r
- IN POBJECT_ATTRIBUTES ObjectAttributes\r
- );\r
-\r
-\r
-/*\r
- * FUNCTION: Creates or opens a file, directory or device object.\r
- * ARGUMENTS:\r
- * FileHandle (OUT) = Caller supplied storage for the resulting handle\r
- * DesiredAccess = Specifies the allowed or desired access to the file can\r
- * be a combination of DELETE | FILE_READ_DATA .. \r
- * ObjectAttribute = Initialized attributes for the object, contains the rootdirectory and the filename\r
- * IoStatusBlock (OUT) = Caller supplied storage for the resulting status information, indicating if the\r
- * the file is created and opened or allready existed and is just opened.\r
- * FileAttributes = file attributes can be a combination of FILE_ATTRIBUTE_READONLY | FILE_ATTRIBUTE_HIDDEN ...\r
- * ShareAccess = can be a combination of the following: FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE \r
- * CreateDisposition = specifies what the behavior of the system if the file allready exists.\r
- * CreateOptions = specifies the behavior of the system on file creation.\r
- * EaBuffer (OPTIONAL) = Extended Attributes buffer, applies only to files and directories.\r
- * EaLength = Extended Attributes buffer size, applies only to files and directories.\r
- * REMARKS: This function maps to the win32 CreateFile. \r
- * RETURNS: Status\r
- */\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtCreateFile(\r
- OUT PHANDLE FileHandle,\r
- IN ACCESS_MASK DesiredAccess,\r
- IN POBJECT_ATTRIBUTES ObjectAttributes,\r
- OUT PIO_STATUS_BLOCK IoStatusBlock,\r
- IN PLARGE_INTEGER AllocationSize OPTIONAL,\r
- IN ULONG FileAttributes,\r
- IN ULONG ShareAccess,\r
- IN ULONG CreateDisposition,\r
- IN ULONG CreateOptions,\r
- IN PVOID EaBuffer OPTIONAL,\r
- IN ULONG EaLength\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwCreateFile(\r
- OUT PHANDLE FileHandle,\r
- IN ACCESS_MASK DesiredAccess,\r
- IN POBJECT_ATTRIBUTES ObjectAttributes,\r
- OUT PIO_STATUS_BLOCK IoStatusBlock,\r
- IN PLARGE_INTEGER AllocationSize OPTIONAL,\r
- IN ULONG FileAttributes,\r
- IN ULONG ShareAccess,\r
- IN ULONG CreateDisposition,\r
- IN ULONG CreateOptions,\r
- IN PVOID EaBuffer OPTIONAL,\r
- IN ULONG EaLength\r
- );\r
-\r
-/*\r
- * FUNCTION: Creates or opens a file, directory or device object.\r
- * ARGUMENTS:\r
- * CompletionPort (OUT) = Caller supplied storage for the resulting handle\r
- * DesiredAccess = Specifies the allowed or desired access to the port\r
- * IoStatusBlock =\r
- * NumberOfConcurrentThreads =\r
- * REMARKS: This function maps to the win32 CreateIoCompletionPort\r
- * RETURNS:\r
- * Status\r
- */\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtCreateIoCompletion(\r
- OUT PHANDLE CompletionPort,\r
- IN ACCESS_MASK DesiredAccess,\r
- OUT PIO_STATUS_BLOCK IoStatusBlock,\r
- IN ULONG NumberOfConcurrentThreads\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwCreateIoCompletion(\r
- OUT PHANDLE CompletionPort,\r
- IN ACCESS_MASK DesiredAccess,\r
- OUT PIO_STATUS_BLOCK IoStatusBlock,\r
- IN ULONG NumberOfConcurrentThreads\r
- );\r
-\r
-\r
+
+// semaphore information
+
+typedef enum _SEMAPHORE_INFORMATION_CLASS
+{
+ SemaphoreBasicInformation = 0
+} SEMAPHORE_INFORMATION_CLASS;
+
+typedef struct _SEMAPHORE_BASIC_INFORMATION
+{
+ LONG CurrentCount;
+ LONG MaximumCount;
+} SEMAPHORE_BASIC_INFORMATION, *PSEMAPHORE_BASIC_INFORMATION;
+
+// event information
+
+typedef enum _EVENT_INFORMATION_CLASS
+{
+ EventBasicInformation = 0
+} EVENT_INFORMATION_CLASS;
+
+typedef struct _EVENT_BASIC_INFORMATION
+{
+ EVENT_TYPE EventType;
+ LONG EventState;
+} EVENT_BASIC_INFORMATION, *PEVENT_BASIC_INFORMATION;
+
+//#define LCID ULONG
+//#define SECURITY_INFORMATION ULONG
+//typedef ULONG SECURITY_INFORMATION;
+
+/*
+ * FUNCTION: Adjusts the groups in an access token
+ * ARGUMENTS:
+ * TokenHandle = Specifies the access token
+ * ResetToDefault = If true the NewState parameter is ignored and the groups are set to
+ * their default state, if false the groups specified in
+ * NewState are set.
+ * NewState =
+ * BufferLength = Specifies the size of the buffer for the PreviousState.
+ * PreviousState =
+ * ReturnLength = Bytes written in PreviousState buffer.
+ * REMARKS: The arguments map to the win32 AdjustTokenGroups
+ * RETURNS: Status
+ */
+
+NTSTATUS
+STDCALL
+NtAdjustGroupsToken(
+ IN HANDLE TokenHandle,
+ IN BOOLEAN ResetToDefault,
+ IN PTOKEN_GROUPS NewState,
+ IN ULONG BufferLength,
+ OUT PTOKEN_GROUPS PreviousState OPTIONAL,
+ OUT PULONG ReturnLength
+ );
+
+NTSTATUS
+STDCALL
+ZwAdjustGroupsToken(
+ IN HANDLE TokenHandle,
+ IN BOOLEAN ResetToDefault,
+ IN PTOKEN_GROUPS NewState,
+ IN ULONG BufferLength,
+ OUT PTOKEN_GROUPS PreviousState,
+ OUT PULONG ReturnLength
+ );
+
+
+/*
+ * FUNCTION:
+ *
+ * ARGUMENTS:
+ * TokenHandle = Handle to the access token
+ * DisableAllPrivileges = The resulting suspend count.
+ NewState =
+ BufferLength =
+ PreviousState =
+ ReturnLength =
+ * REMARK:
+ * The arguments map to the win32 AdjustTokenPrivileges
+ * RETURNS: Status
+ */
+
+NTSTATUS
+STDCALL
+NtAdjustPrivilegesToken(
+ IN HANDLE TokenHandle,
+ IN BOOLEAN DisableAllPrivileges,
+ IN PTOKEN_PRIVILEGES NewState,
+ IN ULONG BufferLength,
+ OUT PTOKEN_PRIVILEGES PreviousState,
+ OUT PULONG ReturnLength
+ );
+
+NTSTATUS
+STDCALL
+ZwAdjustPrivilegesToken(
+ IN HANDLE TokenHandle,
+ IN BOOLEAN DisableAllPrivileges,
+ IN PTOKEN_PRIVILEGES NewState,
+ IN ULONG BufferLength,
+ OUT PTOKEN_PRIVILEGES PreviousState,
+ OUT PULONG ReturnLength
+ );
+
+
+/*
+ * FUNCTION: Decrements a thread's suspend count and places it in an alerted
+ * state.
+ * ARGUMENTS:
+ * ThreadHandle = Handle to the thread that should be resumed
+ * SuspendCount = The resulting suspend count.
+ * REMARK:
+ * A thread is resumed if its suspend count is 0
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtAlertResumeThread(
+ IN HANDLE ThreadHandle,
+ OUT PULONG SuspendCount
+ );
+
+NTSTATUS
+STDCALL
+ZwAlertResumeThread(
+ IN HANDLE ThreadHandle,
+ OUT PULONG SuspendCount
+ );
+
+/*
+ * FUNCTION: Puts the thread in a alerted state
+ * ARGUMENTS:
+ * ThreadHandle = Handle to the thread that should be alerted
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtAlertThread(
+ IN HANDLE ThreadHandle
+ );
+
+NTSTATUS
+STDCALL
+ZwAlertThread(
+ IN HANDLE ThreadHandle
+ );
+
+
+/*
+ * FUNCTION: Allocates a locally unique id
+ * ARGUMENTS:
+ * LocallyUniqueId = Locally unique number
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtAllocateLocallyUniqueId(
+ OUT LUID *LocallyUniqueId
+ );
+
+NTSTATUS
+STDCALL
+ZwAllocateLocallyUniqueId(
+ OUT PLUID Luid
+ );
+
+/*
+ * FUNCTION: Allocates a block of virtual memory in the process address space
+ * ARGUMENTS:
+ * ProcessHandle = The handle of the process which owns the virtual memory
+ * BaseAddress = A pointer to the virtual memory allocated. If you supply a non zero
+ * value the system will try to allocate the memory at the address supplied. It rounds
+ * it down to a multiple if the page size.
+ * ZeroBits = (OPTIONAL) You can specify the number of high order bits that must be zero, ensuring that
+ * the memory will be allocated at a address below a certain value.
+ * RegionSize = The number of bytes to allocate
+ * AllocationType = Indicates the type of virtual memory you like to allocated,
+ * can be one of the values : MEM_COMMIT, MEM_RESERVE, MEM_RESET, MEM_TOP_DOWN
+ * Protect = Indicates the protection type of the pages allocated, can be a combination of
+ * PAGE_READONLY, PAGE_READWRITE, PAGE_EXECUTE_READ,
+ * PAGE_EXECUTE_READWRITE, PAGE_GUARD, PAGE_NOACCESS, PAGE_NOACCESS
+ * REMARKS:
+ * This function maps to the win32 VirtualAllocEx. Virtual memory is process based so the
+ * protocol starts with a ProcessHandle. I splitted the functionality of obtaining the actual address and specifying
+ * the start address in two parameters ( BaseAddress and StartAddress ) The NumberOfBytesAllocated specify the range
+ * and the AllocationType and ProctectionType map to the other two parameters.
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtAllocateVirtualMemory (
+ IN HANDLE ProcessHandle,
+ IN OUT PVOID *BaseAddress,
+ IN ULONG ZeroBits,
+ IN OUT PULONG RegionSize,
+ IN ULONG AllocationType,
+ IN ULONG Protect
+ );
+
+NTSTATUS
+STDCALL
+ZwAllocateVirtualMemory (
+ IN HANDLE ProcessHandle,
+ IN OUT PVOID *BaseAddress,
+ IN ULONG ZeroBits,
+ IN OUT PULONG RegionSize,
+ IN ULONG AllocationType,
+ IN ULONG Protect);
+
+/*
+ * FUNCTION: Returns from a callback into user mode
+ * ARGUMENTS:
+ * RETURN Status
+ */
+//FIXME: this function might need 3 parameters
+NTSTATUS STDCALL NtCallbackReturn(PVOID Result,
+ ULONG ResultLength,
+ NTSTATUS Status);
+
+NTSTATUS STDCALL ZwCallbackReturn(PVOID Result,
+ ULONG ResultLength,
+ NTSTATUS Status);
+
+/*
+ * FUNCTION: Cancels a IO request
+ * ARGUMENTS:
+ * FileHandle = Handle to the file
+ * IoStatusBlock =
+ *
+ * REMARKS:
+ * This function maps to the win32 CancelIo.
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtCancelIoFile(
+ IN HANDLE FileHandle,
+ OUT PIO_STATUS_BLOCK IoStatusBlock
+ );
+
+NTSTATUS
+STDCALL
+ZwCancelIoFile(
+ IN HANDLE FileHandle,
+ OUT PIO_STATUS_BLOCK IoStatusBlock
+ );
+
+/*
+ * FUNCTION: Sets the status of the event back to non-signaled
+ * ARGUMENTS:
+ * EventHandle = Handle to the event
+ * REMARKS:
+ * This function maps to win32 function ResetEvent.
+ * RETURcNS: Status
+ */
+
+NTSTATUS
+STDCALL
+NtClearEvent(
+ IN HANDLE EventHandle
+ );
+
+NTSTATUS
+STDCALL
+ZwClearEvent(
+ IN HANDLE EventHandle
+ );
+
+/*
+ * FUNCTION: Closes an object handle
+ * ARGUMENTS:
+ * Handle = Handle to the object
+ * REMARKS:
+ * This function maps to the win32 function CloseHandle.
+ * RETURNS: Status
+ */
+
+NTSTATUS
+STDCALL
+NtClose(
+ IN HANDLE Handle
+ );
+
+NTSTATUS
+STDCALL
+ZwClose(
+ IN HANDLE Handle
+ );
+
+/*
+ * FUNCTION: Generates an audit message when a handle to an object is dereferenced
+ * ARGUMENTS:
+ * SubsystemName =
+ HandleId = Handle to the object
+ GenerateOnClose =
+ * REMARKS:
+ * This function maps to the win32 function ObjectCloseAuditAlarm.
+ * RETURNS: Status
+ */
+
+NTSTATUS
+STDCALL
+NtCloseObjectAuditAlarm(
+ IN PUNICODE_STRING SubsystemName,
+ IN PVOID HandleId,
+ IN BOOLEAN GenerateOnClose
+ );
+
+NTSTATUS
+STDCALL
+ZwCloseObjectAuditAlarm(
+ IN PUNICODE_STRING SubsystemName,
+ IN PVOID HandleId,
+ IN BOOLEAN GenerateOnClose
+ );
+
+/*
+ * FUNCTION: Creates a directory object
+ * ARGUMENTS:
+ * DirectoryHandle (OUT) = Caller supplied storage for the resulting handle
+ * DesiredAccess = Specifies access to the directory
+ * ObjectAttribute = Initialized attributes for the object
+ * REMARKS: This function maps to the win32 CreateDirectory. A directory is like a file so it needs a
+ * handle, a access mask and a OBJECT_ATTRIBUTES structure to map the path name and the SECURITY_ATTRIBUTES.
+ * RETURNS: Status
+ */
+
+NTSTATUS
+STDCALL
+NtCreateDirectoryObject(
+ OUT PHANDLE DirectoryHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes
+ );
+
+NTSTATUS
+STDCALL
+ZwCreateDirectoryObject(
+ OUT PHANDLE DirectoryHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes
+ );
+
+/*
+ * FUNCTION: Creates an event object
+ * ARGUMENTS:
+ * EventHandle (OUT) = Caller supplied storage for the resulting handle
+ * DesiredAccess = Specifies access to the event
+ * ObjectAttribute = Initialized attributes for the object
+ * ManualReset = manual-reset or auto-reset if true you have to reset the state of the event manually
+ * using NtResetEvent/NtClearEvent. if false the system will reset the event to a non-signalled state
+ * automatically after the system has rescheduled a thread waiting on the event.
+ * InitialState = specifies the initial state of the event to be signaled ( TRUE ) or non-signalled (FALSE).
+ * REMARKS: This function maps to the win32 CreateEvent. Demanding a out variable of type HANDLE,
+ * a access mask and a OBJECT_ATTRIBUTES structure mapping to the SECURITY_ATTRIBUTES. ManualReset and InitialState are
+ * both parameters aswell ( possibly the order is reversed ).
+ * RETURNS: Status
+ */
+
+NTSTATUS
+STDCALL
+NtCreateEvent(
+ OUT PHANDLE EventHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ IN BOOLEAN ManualReset,
+ IN BOOLEAN InitialState
+ );
+
+NTSTATUS
+STDCALL
+ZwCreateEvent(
+ OUT PHANDLE EventHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ IN BOOLEAN ManualReset,
+ IN BOOLEAN InitialState
+ );
+
+/*
+ * FUNCTION: Creates an eventpair object
+ * ARGUMENTS:
+ * EventPairHandle (OUT) = Caller supplied storage for the resulting handle
+ * DesiredAccess = Specifies access to the event
+ * ObjectAttribute = Initialized attributes for the object
+ */
+
+NTSTATUS
+STDCALL
+NtCreateEventPair(
+ OUT PHANDLE EventPairHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes
+ );
+
+NTSTATUS
+STDCALL
+ZwCreateEventPair(
+ OUT PHANDLE EventPairHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes
+ );
+
+
+/*
+ * FUNCTION: Creates or opens a file, directory or device object.
+ * ARGUMENTS:
+ * FileHandle (OUT) = Caller supplied storage for the resulting handle
+ * DesiredAccess = Specifies the allowed or desired access to the file can
+ * be a combination of DELETE | FILE_READ_DATA ..
+ * ObjectAttribute = Initialized attributes for the object, contains the rootdirectory and the filename
+ * IoStatusBlock (OUT) = Caller supplied storage for the resulting status information, indicating if the
+ * the file is created and opened or allready existed and is just opened.
+ * FileAttributes = file attributes can be a combination of FILE_ATTRIBUTE_READONLY | FILE_ATTRIBUTE_HIDDEN ...
+ * ShareAccess = can be a combination of the following: FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE
+ * CreateDisposition = specifies what the behavior of the system if the file allready exists.
+ * CreateOptions = specifies the behavior of the system on file creation.
+ * EaBuffer (OPTIONAL) = Extended Attributes buffer, applies only to files and directories.
+ * EaLength = Extended Attributes buffer size, applies only to files and directories.
+ * REMARKS: This function maps to the win32 CreateFile.
+ * RETURNS: Status
+ */
+
+NTSTATUS
+STDCALL
+NtCreateFile(
+ OUT PHANDLE FileHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN PLARGE_INTEGER AllocationSize OPTIONAL,
+ IN ULONG FileAttributes,
+ IN ULONG ShareAccess,
+ IN ULONG CreateDisposition,
+ IN ULONG CreateOptions,
+ IN PVOID EaBuffer OPTIONAL,
+ IN ULONG EaLength
+ );
+
+NTSTATUS
+STDCALL
+ZwCreateFile(
+ OUT PHANDLE FileHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN PLARGE_INTEGER AllocationSize OPTIONAL,
+ IN ULONG FileAttributes,
+ IN ULONG ShareAccess,
+ IN ULONG CreateDisposition,
+ IN ULONG CreateOptions,
+ IN PVOID EaBuffer OPTIONAL,
+ IN ULONG EaLength
+ );
+
+/*
+ * FUNCTION: Creates or opens a file, directory or device object.
+ * ARGUMENTS:
+ * CompletionPort (OUT) = Caller supplied storage for the resulting handle
+ * DesiredAccess = Specifies the allowed or desired access to the port
+ * IoStatusBlock =
+ * NumberOfConcurrentThreads =
+ * REMARKS: This function maps to the win32 CreateIoCompletionPort
+ * RETURNS:
+ * Status
+ */
+
+NTSTATUS
+STDCALL
+NtCreateIoCompletion(
+ OUT PHANDLE CompletionPort,
+ IN ACCESS_MASK DesiredAccess,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN ULONG NumberOfConcurrentThreads
+ );
+
+NTSTATUS
+STDCALL
+ZwCreateIoCompletion(
+ OUT PHANDLE CompletionPort,
+ IN ACCESS_MASK DesiredAccess,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN ULONG NumberOfConcurrentThreads
+ );
+
+
/*
* FUNCTION: Creates a registry key
* ARGUMENTS:
IN PUNICODE_STRING Class OPTIONAL,
IN ULONG CreateOptions,
IN PULONG Disposition OPTIONAL);
-\r
-/*\r
- * FUNCTION: Creates a mail slot file\r
- * ARGUMENTS:\r
- * MailSlotFileHandle (OUT) = Caller supplied storage for the resulting handle\r
- * DesiredAccess = Specifies the allowed or desired access to the file\r
- * ObjectAttributes = Contains the name of the mailslotfile.\r
- * IoStatusBlock = \r
- * FileAttributes =\r
- * ShareAccess =\r
- * MaxMessageSize =\r
- * TimeOut =\r
- * \r
- * REMARKS: This funciton maps to the win32 function CreateMailSlot\r
- * RETURNS:\r
- * Status\r
- */\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtCreateMailslotFile(\r
- OUT PHANDLE MailSlotFileHandle,\r
- IN ACCESS_MASK DesiredAccess,\r
- IN POBJECT_ATTRIBUTES ObjectAttributes,\r
- OUT PIO_STATUS_BLOCK IoStatusBlock,\r
- IN ULONG FileAttributes,\r
- IN ULONG ShareAccess,\r
- IN ULONG MaxMessageSize,\r
- IN PLARGE_INTEGER TimeOut\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwCreateMailslotFile(\r
- OUT PHANDLE MailSlotFileHandle,\r
- IN ACCESS_MASK DesiredAccess,\r
- IN POBJECT_ATTRIBUTES ObjectAttributes,\r
- OUT PIO_STATUS_BLOCK IoStatusBlock,\r
- IN ULONG FileAttributes,\r
- IN ULONG ShareAccess,\r
- IN ULONG MaxMessageSize,\r
- IN PLARGE_INTEGER TimeOut\r
- );\r
-\r
-/*\r
- * FUNCTION: Creates or opens a mutex\r
- * ARGUMENTS:\r
- * MutantHandle (OUT) = Caller supplied storage for the resulting handle\r
- * DesiredAccess = Specifies the allowed or desired access to the port\r
- * ObjectAttributes = Contains the name of the mutex.\r
- * InitialOwner = If true the calling thread acquires ownership \r
- * of the mutex.\r
- * REMARKS: This funciton maps to the win32 function CreateMutex\r
- * RETURNS:\r
- * Status\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtCreateMutant(\r
- OUT PHANDLE MutantHandle,\r
- IN ACCESS_MASK DesiredAccess,\r
- IN POBJECT_ATTRIBUTES ObjectAttributes,\r
- IN BOOLEAN InitialOwner\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwCreateMutant(\r
- OUT PHANDLE MutantHandle,\r
- IN ACCESS_MASK DesiredAccess,\r
- IN POBJECT_ATTRIBUTES ObjectAttributes,\r
- IN BOOLEAN InitialOwner\r
- );\r
-\r
-/*\r
- * FUNCTION: Creates a process.\r
- * ARGUMENTS:\r
- * ProcessHandle (OUT) = Caller supplied storage for the resulting handle\r
- * DesiredAccess = Specifies the allowed or desired access to the process can\r
- * be a combinate of STANDARD_RIGHTS_REQUIRED| .. \r
- * ObjectAttribute = Initialized attributes for the object, contains the rootdirectory and the filename\r
- * ParentProcess = Handle to the parent process.\r
- * InheritObjectTable = Specifies to inherit the objects of the parent process if true.\r
- * SectionHandle = Handle to a section object to back the image file\r
- * DebugPort = Handle to a DebugPort if NULL the system default debug port will be used.\r
- * ExceptionPort = Handle to a exception port.\r
- * REMARKS:\r
- * This function maps to the win32 CreateProcess.\r
- * RETURNS: Status\r
- */\r
-NTSTATUS \r
-STDCALL \r
-NtCreateProcess(\r
- OUT PHANDLE ProcessHandle,\r
- IN ACCESS_MASK DesiredAccess,\r
- IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,\r
- IN HANDLE ParentProcess,\r
- IN BOOLEAN InheritObjectTable,\r
- IN HANDLE SectionHandle OPTIONAL,\r
- IN HANDLE DebugPort OPTIONAL,\r
- IN HANDLE ExceptionPort OPTIONAL\r
- );\r
-\r
-NTSTATUS \r
-STDCALL \r
-ZwCreateProcess(\r
- OUT PHANDLE ProcessHandle,\r
- IN ACCESS_MASK DesiredAccess,\r
- IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,\r
- IN HANDLE ParentProcess,\r
- IN BOOLEAN InheritObjectTable,\r
- IN HANDLE SectionHandle OPTIONAL,\r
- IN HANDLE DebugPort OPTIONAL,\r
- IN HANDLE ExceptionPort OPTIONAL\r
- );\r
-\r
-/*\r
- * FUNCTION: Creates a section object.\r
- * ARGUMENTS:\r
- * SectionHandle (OUT) = Caller supplied storage for the resulting handle\r
- * DesiredAccess = Specifies the desired access to the section can be a combination of STANDARD_RIGHTS_REQUIRED | SECTION_QUERY | SECTION_MAP_WRITE | \r
- * SECTION_MAP_READ | SECTION_MAP_EXECUTE.\r
- * ObjectAttribute = Initialized attributes for the object can be used to create a named section\r
- * MaxiumSize = Maximizes the size of the memory section. Must be non-NULL for a page-file backed section. \r
- * If value specified for a mapped file and the file is not large enough, file will be extended. \r
- * SectionPageProtection = Can be a combination of PAGE_READONLY | PAGE_READWRITE | PAGE_WRITEONLY | PAGE_WRITECOPY.\r
- * AllocationAttributes = can be a combination of SEC_IMAGE | SEC_RESERVE\r
- * FileHanlde = Handle to a file to create a section mapped to a file instead of a memory backed section.\r
- * RETURNS: Status\r
- */\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtCreateSection( \r
- OUT PHANDLE SectionHandle, \r
- IN ACCESS_MASK DesiredAccess,\r
- IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, \r
- IN PLARGE_INTEGER MaximumSize OPTIONAL, \r
- IN ULONG SectionPageProtection OPTIONAL,\r
- IN ULONG AllocationAttributes,\r
- IN HANDLE FileHandle OPTIONAL\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwCreateSection( \r
- OUT PHANDLE SectionHandle, \r
- IN ACCESS_MASK DesiredAccess,\r
- IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, \r
- IN PLARGE_INTEGER MaximumSize OPTIONAL, \r
- IN ULONG SectionPageProtection OPTIONAL,\r
- IN ULONG AllocationAttributes,\r
- IN HANDLE FileHandle OPTIONAL\r
- );\r
-\r
-/*\r
- * FUNCTION: Creates a semaphore object for interprocess synchronization.\r
- * ARGUMENTS:\r
- * SemaphoreHandle (OUT) = Caller supplied storage for the resulting handle\r
- * DesiredAccess = Specifies the allowed or desired access to the semaphore. \r
- * ObjectAttribute = Initialized attributes for the object.\r
- * InitialCount = Not necessary zero, might be smaller than zero.\r
- * MaximumCount = Maxiumum count the semaphore can reach.\r
- * RETURNS: Status\r
- * REMARKS: \r
- * The semaphore is set to signaled when its count is greater than zero, and non-signaled when its count is zero.\r
- */\r
-\r
-//FIXME: should a semaphore's initial count allowed to be smaller than zero ??\r
-NTSTATUS\r
-STDCALL\r
-NtCreateSemaphore(\r
- OUT PHANDLE SemaphoreHandle,\r
- IN ACCESS_MASK DesiredAccess,\r
- IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,\r
- IN LONG InitialCount,\r
- IN LONG MaximumCount\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwCreateSemaphore(\r
- OUT PHANDLE SemaphoreHandle,\r
- IN ACCESS_MASK DesiredAccess,\r
- IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,\r
- IN LONG InitialCount,\r
- IN LONG MaximumCount\r
- );\r
-\r
-/*\r
- * FUNCTION: Creates a symbolic link object\r
- * ARGUMENTS:\r
- * SymbolicLinkHandle (OUT) = Caller supplied storage for the resulting handle\r
- * DesiredAccess = Specifies the allowed or desired access to the thread. \r
- * ObjectAttributes = Initialized attributes for the object.\r
- * Name = Target name of the symbolic link \r
- * RETURNS: Status\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtCreateSymbolicLinkObject(\r
- OUT PHANDLE SymbolicLinkHandle,\r
- IN ACCESS_MASK DesiredAccess,\r
- IN POBJECT_ATTRIBUTES ObjectAttributes,\r
- IN PUNICODE_STRING Name\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwCreateSymbolicLinkObject(\r
- OUT PHANDLE SymbolicLinkHandle,\r
- IN ACCESS_MASK DesiredAccess,\r
- IN POBJECT_ATTRIBUTES ObjectAttributes,\r
- IN PUNICODE_STRING Name\r
- );\r
-\r
-/*\r
- * FUNCTION: Creates a waitable timer.\r
- * ARGUMENTS:\r
- * TimerHandle (OUT) = Caller supplied storage for the resulting handle\r
- * DesiredAccess = Specifies the allowed or desired access to the timer. \r
- * ObjectAttributes = Initialized attributes for the object.\r
- * TimerType = Specifies if the timer should be reset manually.\r
- * REMARKS:\r
- * This function maps to the win32 CreateWaitableTimer. lpTimerAttributes and lpTimerName map to\r
- * corresponding fields in OBJECT_ATTRIBUTES structure. \r
- * RETURNS: Status\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtCreateTimer(\r
- OUT PHANDLE TimerHandle,\r
- IN ACCESS_MASK DesiredAccess,\r
- IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,\r
- IN TIMER_TYPE TimerType\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwCreateTimer(\r
- OUT PHANDLE TimerHandle,\r
- IN ACCESS_MASK DesiredAccess,\r
- IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,\r
- IN TIMER_TYPE TimerType\r
- );\r
-\r
-/*\r
- * FUNCTION: Creates a token.\r
- * ARGUMENTS:\r
- * TokenHandle (OUT) = Caller supplied storage for the resulting handle\r
- * DesiredAccess = Specifies the allowed or desired access to the process can\r
- * be a combinate of STANDARD_RIGHTS_REQUIRED| .. \r
- * ObjectAttribute = Initialized attributes for the object, contains the rootdirectory and the filename\r
- * TokenType = \r
- * AuthenticationId = \r
- * ExpirationTime = \r
- * TokenUser = \r
- * TokenGroups =\r
- * TokenPrivileges = \r
- * TokenOwner = \r
- * TokenPrimaryGroup = \r
- * TokenDefaultDacl =\r
- * TokenSource =\r
- * REMARKS:\r
- * This function does not map to a win32 function\r
- * RETURNS: Status\r
- */\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtCreateToken(\r
- OUT PHANDLE TokenHandle,\r
- IN ACCESS_MASK DesiredAccess,\r
- IN POBJECT_ATTRIBUTES ObjectAttributes,\r
- IN TOKEN_TYPE TokenType,\r
- IN PLUID AuthenticationId,\r
- IN PLARGE_INTEGER ExpirationTime,\r
- IN PTOKEN_USER TokenUser,\r
- IN PTOKEN_GROUPS TokenGroups,\r
- IN PTOKEN_PRIVILEGES TokenPrivileges,\r
- IN PTOKEN_OWNER TokenOwner,\r
- IN PTOKEN_PRIMARY_GROUP TokenPrimaryGroup,\r
- IN PTOKEN_DEFAULT_DACL TokenDefaultDacl,\r
- IN PTOKEN_SOURCE TokenSource\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwCreateToken(\r
- OUT PHANDLE TokenHandle,\r
- IN ACCESS_MASK DesiredAccess,\r
- IN POBJECT_ATTRIBUTES ObjectAttributes,\r
- IN TOKEN_TYPE TokenType,\r
- IN PLUID AuthenticationId,\r
- IN PLARGE_INTEGER ExpirationTime,\r
- IN PTOKEN_USER TokenUser,\r
- IN PTOKEN_GROUPS TokenGroups,\r
- IN PTOKEN_PRIVILEGES TokenPrivileges,\r
- IN PTOKEN_OWNER TokenOwner,\r
- IN PTOKEN_PRIMARY_GROUP TokenPrimaryGroup,\r
- IN PTOKEN_DEFAULT_DACL TokenDefaultDacl,\r
- IN PTOKEN_SOURCE TokenSource\r
- );\r
-\r
-/*\r
- * FUNCTION: Returns the callers thread TEB.\r
- * RETURNS: The resulting teb.\r
- */\r
-#if 0\r
- NT_TEB *\r
-STDCALL \r
-NtCurrentTeb(VOID\r
- );\r
-#endif\r
-\r
-/*\r
- * FUNCTION: Deletes an atom from the global atom table\r
- * ARGUMENTS:\r
- * Atom = Identifies the atom to delete\r
- * REMARKS:\r
- * The function maps to the win32 GlobalDeleteAtom\r
- * RETURNS: Status\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtDeleteAtom(\r
- IN RTL_ATOM Atom\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwDeleteAtom(\r
- IN RTL_ATOM Atom\r
- );\r
-\r
-/*\r
- * FUNCTION: Deletes a file or a directory\r
- * ARGUMENTS:\r
- * ObjectAttributes = Name of the file which should be deleted\r
- * REMARKS:\r
- * This system call is functionally equivalent to NtSetInformationFile\r
- * setting the disposition information.\r
- * The function maps to the win32 DeleteFile. \r
- * RETURNS: Status\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtDeleteFile(\r
- IN POBJECT_ATTRIBUTES ObjectAttributes\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwDeleteFile(\r
- IN POBJECT_ATTRIBUTES ObjectAttributes\r
- );\r
-\r
-/*\r
- * FUNCTION: Deletes a registry key\r
- * ARGUMENTS:\r
- * KeyHandle = Handle of the key\r
- * RETURNS: Status\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtDeleteKey(\r
- IN HANDLE KeyHandle\r
- );\r
-NTSTATUS\r
-STDCALL\r
-ZwDeleteKey(\r
- IN HANDLE KeyHandle\r
- );\r
-\r
-/*\r
- * FUNCTION: Generates a audit message when an object is deleted\r
- * ARGUMENTS:\r
- * SubsystemName = Spefies the name of the subsystem can be 'WIN32' or 'DEBUG'\r
- * HandleId= Handle to an audit object\r
- * GenerateOnClose = Value returned by NtAccessCheckAndAuditAlarm\r
- * REMARKS: This function maps to the win32 ObjectCloseAuditAlarm\r
- * RETURNS: Status\r
- */\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtDeleteObjectAuditAlarm ( \r
- IN PUNICODE_STRING SubsystemName, \r
- IN PVOID HandleId, \r
- IN BOOLEAN GenerateOnClose \r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwDeleteObjectAuditAlarm ( \r
- IN PUNICODE_STRING SubsystemName, \r
- IN PVOID HandleId, \r
- IN BOOLEAN GenerateOnClose \r
- ); \r
-\r
-\r
-/*\r
- * FUNCTION: Deletes a value from a registry key\r
- * ARGUMENTS:\r
- * KeyHandle = Handle of the key\r
- * ValueName = Name of the value to delete\r
- * RETURNS: Status\r
- */\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtDeleteValueKey(\r
- IN HANDLE KeyHandle,\r
- IN PUNICODE_STRING ValueName\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwDeleteValueKey(\r
- IN HANDLE KeyHandle,\r
- IN PUNICODE_STRING ValueName\r
- );\r
-/*\r
- * FUNCTION: Sends IOCTL to the io sub system\r
- * ARGUMENTS:\r
- * DeviceHandle = Points to the handle that is created by NtCreateFile\r
- * Event = Event to synchronize on STATUS_PENDING\r
- * ApcRoutine = Asynchroneous procedure callback\r
- * ApcContext = Callback context.\r
- * IoStatusBlock = Caller should supply storage for extra information.. \r
- * IoControlCode = Contains the IO Control command. This is an \r
- * index to the structures in InputBuffer and OutputBuffer.\r
- * InputBuffer = Caller should supply storage for input buffer if IOTL expects one.\r
- * InputBufferSize = Size of the input bufffer\r
- * OutputBuffer = Caller should supply storage for output buffer if IOTL expects one.\r
- * OutputBufferSize = Size of the input bufffer\r
- * RETURNS: Status \r
- */\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtDeviceIoControlFile(\r
- IN HANDLE DeviceHandle,\r
- IN HANDLE Event OPTIONAL, \r
- IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL, \r
- IN PVOID UserApcContext OPTIONAL, \r
- OUT PIO_STATUS_BLOCK IoStatusBlock, \r
- IN ULONG IoControlCode,\r
- IN PVOID InputBuffer, \r
- IN ULONG InputBufferSize,\r
- OUT PVOID OutputBuffer,\r
- IN ULONG OutputBufferSize\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwDeviceIoControlFile(\r
- IN HANDLE DeviceHandle,\r
- IN HANDLE Event OPTIONAL, \r
- IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL, \r
- IN PVOID UserApcContext OPTIONAL, \r
- OUT PIO_STATUS_BLOCK IoStatusBlock, \r
- IN ULONG IoControlCode,\r
- IN PVOID InputBuffer, \r
- IN ULONG InputBufferSize,\r
- OUT PVOID OutputBuffer,\r
- IN ULONG OutputBufferSize\r
- );\r
-/*\r
- * FUNCTION: Displays a string on the blue screen\r
- * ARGUMENTS:\r
- * DisplayString = The string to display\r
- * RETURNS: Status\r
- */\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtDisplayString(\r
- IN PUNICODE_STRING DisplayString\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwDisplayString(\r
- IN PUNICODE_STRING DisplayString\r
- );\r
-\r
-/*\r
- * FUNCTION: Returns information about the subkeys of an open key\r
- * ARGUMENTS:\r
- * KeyHandle = Handle of the key whose subkeys are to enumerated\r
- * Index = zero based index of the subkey for which information is\r
- * request\r
- * KeyInformationClass = Type of information returned\r
- * KeyInformation (OUT) = Caller allocated buffer for the information\r
- * about the key\r
- * Length = Length in bytes of the KeyInformation buffer\r
- * ResultLength (OUT) = Caller allocated storage which holds\r
- * the number of bytes of information retrieved\r
- * on return\r
- * RETURNS: Status\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtEnumerateKey(\r
- IN HANDLE KeyHandle,\r
- IN ULONG Index,\r
- IN KEY_INFORMATION_CLASS KeyInformationClass,\r
- OUT PVOID KeyInformation,\r
- IN ULONG Length,\r
- OUT PULONG ResultLength\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwEnumerateKey(\r
- IN HANDLE KeyHandle,\r
- IN ULONG Index,\r
- IN KEY_INFORMATION_CLASS KeyInformationClass,\r
- OUT PVOID KeyInformation,\r
- IN ULONG Length,\r
- OUT PULONG ResultLength\r
- );\r
-/*\r
- * FUNCTION: Returns information about the value entries of an open key\r
- * ARGUMENTS:\r
- * KeyHandle = Handle of the key whose value entries are to enumerated\r
- * Index = zero based index of the subkey for which information is\r
- * request\r
- * KeyInformationClass = Type of information returned\r
- * KeyInformation (OUT) = Caller allocated buffer for the information\r
- * about the key\r
- * Length = Length in bytes of the KeyInformation buffer\r
- * ResultLength (OUT) = Caller allocated storage which holds\r
- * the number of bytes of information retrieved\r
- * on return\r
- * RETURNS: Status\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtEnumerateValueKey(\r
- IN HANDLE KeyHandle,\r
- IN ULONG Index,\r
- IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass,\r
- OUT PVOID KeyValueInformation,\r
- IN ULONG Length,\r
- OUT PULONG ResultLength\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwEnumerateValueKey(\r
- IN HANDLE KeyHandle,\r
- IN ULONG Index,\r
- IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass,\r
- OUT PVOID KeyValueInformation,\r
- IN ULONG Length,\r
- OUT PULONG ResultLength\r
- );\r
-\r
-/*\r
- * FUNCTION: Flushes chached file data to disk\r
- * ARGUMENTS:\r
- * FileHandle = Points to the file\r
- * IoStatusBlock = Caller must supply storage to receive the result of the flush\r
- * buffers operation. The information field is set to number of bytes\r
- * flushed to disk.\r
- * RETURNS: Status \r
- * REMARKS:\r
- * This funciton maps to the win32 FlushFileBuffers\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtFlushBuffersFile(\r
- IN HANDLE FileHandle,\r
- OUT PIO_STATUS_BLOCK IoStatusBlock\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwFlushBuffersFile(\r
- IN HANDLE FileHandle,\r
- OUT PIO_STATUS_BLOCK IoStatusBlock\r
- );\r
-\r
-/*\r
- * FUNCTION: Flushes a registry key to disk\r
- * ARGUMENTS:\r
- * KeyHandle = Points to the registry key handle\r
- * RETURNS: Status \r
- * REMARKS:\r
- * This funciton maps to the win32 RegFlushKey.\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtFlushKey(\r
- IN HANDLE KeyHandle\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwFlushKey(\r
- IN HANDLE KeyHandle\r
- );\r
- \r
-/*\r
- * FUNCTION: Flushes the dirty pages to file\r
- * RETURNS: Status\r
- * FIXME: Not sure this does (how is the file specified)\r
- */\r
-NTSTATUS STDCALL NtFlushWriteBuffer(VOID);\r
-NTSTATUS STDCALL ZwFlushWriteBuffer(VOID); \r
-\r
- /*\r
- * FUNCTION: Frees a range of virtual memory\r
- * ARGUMENTS:\r
- * ProcessHandle = Points to the process that allocated the virtual \r
- * memory\r
- * BaseAddress = Points to the memory address, rounded down to a \r
- * multiple of the pagesize\r
- * RegionSize = Limits the range to free, rounded up to a multiple of \r
- * the paging size\r
- * FreeType = Can be one of the values: MEM_DECOMMIT, or MEM_RELEASE\r
- * RETURNS: Status \r
- */\r
-NTSTATUS STDCALL NtFreeVirtualMemory(IN HANDLE ProcessHandle,\r
- IN PVOID *BaseAddress, \r
- IN PULONG RegionSize, \r
- IN ULONG FreeType);\r
-NTSTATUS STDCALL ZwFreeVirtualMemory(IN HANDLE ProcessHandle,\r
- IN PVOID *BaseAddress, \r
- IN PULONG RegionSize, \r
- IN ULONG FreeType); \r
-\r
-/*\r
- * FUNCTION: Sends FSCTL to the filesystem\r
- * ARGUMENTS:\r
- * DeviceHandle = Points to the handle that is created by NtCreateFile\r
- * Event = Event to synchronize on STATUS_PENDING\r
- * ApcRoutine = \r
- * ApcContext =\r
- * IoStatusBlock = Caller should supply storage for \r
- * IoControlCode = Contains the File System Control command. This is an \r
- * index to the structures in InputBuffer and OutputBuffer.\r
- * FSCTL_GET_RETRIEVAL_POINTERS MAPPING_PAIR\r
- * FSCTL_GET_RETRIEVAL_POINTERS GET_RETRIEVAL_DESCRIPTOR\r
- * FSCTL_GET_VOLUME_BITMAP BITMAP_DESCRIPTOR\r
- * FSCTL_MOVE_FILE MOVEFILE_DESCRIPTOR\r
- *\r
- * InputBuffer = Caller should supply storage for input buffer if FCTL expects one.\r
- * InputBufferSize = Size of the input bufffer\r
- * OutputBuffer = Caller should supply storage for output buffer if FCTL expects one.\r
- * OutputBufferSize = Size of the input bufffer\r
- * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES |\r
- * STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST ]\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtFsControlFile(\r
- IN HANDLE DeviceHandle,\r
- IN HANDLE Event OPTIONAL, \r
- IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, \r
- IN PVOID ApcContext OPTIONAL, \r
- OUT PIO_STATUS_BLOCK IoStatusBlock, \r
- IN ULONG IoControlCode,\r
- IN PVOID InputBuffer, \r
- IN ULONG InputBufferSize,\r
- OUT PVOID OutputBuffer,\r
- IN ULONG OutputBufferSize\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwFsControlFile(\r
- IN HANDLE DeviceHandle,\r
- IN HANDLE Event OPTIONAL, \r
- IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, \r
- IN PVOID ApcContext OPTIONAL, \r
- OUT PIO_STATUS_BLOCK IoStatusBlock, \r
- IN ULONG IoControlCode,\r
- IN PVOID InputBuffer, \r
- IN ULONG InputBufferSize,\r
- OUT PVOID OutputBuffer,\r
- IN ULONG OutputBufferSize\r
- );\r
-\r
-/*\r
- * FUNCTION: Retrieves the processor context of a thread\r
- * ARGUMENTS:\r
- * ThreadHandle = Handle to a thread\r
- * Context (OUT) = Caller allocated storage for the processor context\r
- * RETURNS: Status \r
- */\r
-\r
-NTSTATUS\r
-STDCALL \r
-NtGetContextThread(\r
- IN HANDLE ThreadHandle, \r
- OUT PCONTEXT Context\r
- );\r
-\r
-NTSTATUS\r
-STDCALL \r
-ZwGetContextThread(\r
- IN HANDLE ThreadHandle, \r
- OUT PCONTEXT Context\r
- );\r
-\r
-/*\r
- * FUNCTION: Sets a thread to impersonate another \r
- * ARGUMENTS:\r
- * ThreadHandle = Server thread that will impersonate a client.\r
- ThreadToImpersonate = Client thread that will be impersonated\r
- SecurityQualityOfService = Specifies the impersonation level.\r
- * RETURNS: Status \r
- */\r
-\r
-NTSTATUS\r
-STDCALL \r
-NtImpersonateThread(\r
- IN HANDLE ThreadHandle,\r
- IN HANDLE ThreadToImpersonate,\r
- IN PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService\r
- );\r
-\r
-NTSTATUS\r
-STDCALL \r
-ZwImpersonateThread(\r
- IN HANDLE ThreadHandle,\r
- IN HANDLE ThreadToImpersonate,\r
- IN PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService\r
- );\r
-\r
-/*\r
- * FUNCTION: Initializes the registry.\r
- * ARGUMENTS:\r
- * SetUpBoot = This parameter is true for a setup boot.\r
- * RETURNS: Status \r
- */\r
-NTSTATUS\r
-STDCALL \r
-NtInitializeRegistry(\r
- BOOLEAN SetUpBoot\r
- );\r
-NTSTATUS\r
-STDCALL \r
-ZwInitializeRegistry(\r
- BOOLEAN SetUpBoot\r
- );\r
-\r
-/*\r
- * FUNCTION: Loads a driver. \r
- * ARGUMENTS: \r
- * DriverServiceName = Name of the driver to load\r
- * RETURNS: Status\r
- */ \r
-NTSTATUS\r
-STDCALL \r
-NtLoadDriver(\r
- IN PUNICODE_STRING DriverServiceName\r
- );\r
-\r
-NTSTATUS\r
-STDCALL \r
-ZwLoadDriver(\r
- IN PUNICODE_STRING DriverServiceName\r
- );\r
-\r
-/*\r
- * FUNCTION: Locks a range of bytes in a file. \r
- * ARGUMENTS: \r
- * FileHandle = Handle to the file\r
- * Event = Should be null if apc is specified.\r
- * ApcRoutine = Asynchroneous Procedure Callback\r
- * ApcContext = Argument to the callback\r
- * IoStatusBlock (OUT) = Caller should supply storage for a structure containing\r
- * the completion status and information about the requested lock operation.\r
- * ByteOffset = Offset \r
- * Length = Number of bytes to lock.\r
- * Key = Special value to give other threads the possibility to unlock the file\r
- by supplying the key in a call to NtUnlockFile.\r
- * FailImmediatedly = If false the request will block untill the lock is obtained. \r
- * ExclusiveLock = Specifies whether a exclusive or a shared lock is obtained.\r
- * REMARK:\r
- This procedure maps to the win32 procedure LockFileEx. STATUS_PENDING is returned if the lock could\r
- not be obtained immediately, the device queue is busy and the IRP is queued.\r
- * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES |\r
- STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_LOCK_NOT_GRANTED ]\r
-\r
- */ \r
-NTSTATUS \r
-STDCALL\r
-NtLockFile(\r
- IN HANDLE FileHandle,\r
- IN HANDLE Event OPTIONAL,\r
- IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,\r
- IN PVOID ApcContext OPTIONAL,\r
- OUT PIO_STATUS_BLOCK IoStatusBlock,\r
- IN PLARGE_INTEGER ByteOffset,\r
- IN PLARGE_INTEGER Length,\r
- IN PULONG Key,\r
- IN BOOLEAN FailImmediatedly,\r
- IN BOOLEAN ExclusiveLock\r
- );\r
-\r
-NTSTATUS \r
-STDCALL\r
-ZwLockFile(\r
- IN HANDLE FileHandle,\r
- IN HANDLE Event OPTIONAL,\r
- IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,\r
- IN PVOID ApcContext OPTIONAL,\r
- OUT PIO_STATUS_BLOCK IoStatusBlock,\r
- IN PLARGE_INTEGER ByteOffset,\r
- IN PLARGE_INTEGER Length,\r
- IN PULONG Key,\r
- IN BOOLEAN FailImmediatedly,\r
- IN BOOLEAN ExclusiveLock\r
- );\r
-\r
-/*\r
- * FUNCTION: Makes temporary object that will be removed at next boot.\r
- * ARGUMENTS: \r
- * Handle = Handle to object\r
- * RETURNS: Status\r
- */ \r
-\r
-NTSTATUS\r
-STDCALL\r
-NtMakeTemporaryObject(\r
- IN HANDLE Handle \r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwMakeTemporaryObject(\r
- IN HANDLE Handle \r
- );\r
-/*\r
- * FUNCTION: Maps a view of a section into the virtual address space of a \r
- * process\r
- * ARGUMENTS:\r
- * SectionHandle = Handle of the section\r
- * ProcessHandle = Handle of the process\r
- * BaseAddress = Desired base address (or NULL) on entry\r
- * Actual base address of the view on exit\r
- * ZeroBits = Number of high order address bits that must be zero\r
- * CommitSize = Size in bytes of the initially committed section of \r
- * the view \r
- * SectionOffset = Offset in bytes from the beginning of the section\r
- * to the beginning of the view\r
- * ViewSize = Desired length of map (or zero to map all) on entry\r
- * Actual length mapped on exit\r
- * InheritDisposition = Specified how the view is to be shared with\r
- * child processes\r
- * AllocateType = Type of allocation for the pages\r
- * Protect = Protection for the committed region of the view\r
- * RETURNS: Status\r
- */\r
-NTSTATUS \r
-STDCALL\r
-NtMapViewOfSection(\r
- IN HANDLE SectionHandle,\r
- IN HANDLE ProcessHandle,\r
- IN OUT PVOID *BaseAddress,\r
- IN ULONG ZeroBits,\r
- IN ULONG CommitSize,\r
- IN OUT PLARGE_INTEGER SectionOffset OPTIONAL,\r
- IN OUT PULONG ViewSize,\r
- IN SECTION_INHERIT InheritDisposition,\r
- IN ULONG AllocationType,\r
- IN ULONG AccessProtection\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwMapViewOfSection(\r
- IN HANDLE SectionHandle,\r
- IN HANDLE ProcessHandle,\r
- IN OUT PVOID *BaseAddress,\r
- IN ULONG ZeroBits,\r
- IN ULONG CommitSize,\r
- IN OUT PLARGE_INTEGER SectionOffset OPTIONAL,\r
- IN OUT PULONG ViewSize,\r
- IN SECTION_INHERIT InheritDisposition,\r
- IN ULONG AllocationType,\r
- IN ULONG AccessProtection\r
- );\r
-\r
-/*\r
- * FUNCTION: Installs a notify for the change of a directory's contents\r
- * ARGUMENTS:\r
- * FileHandle = Handle to the directory\r
- Event = \r
- * ApcRoutine = Start address\r
- * ApcContext = Delimits the range of virtual memory\r
- * for which the new access protection holds\r
- * IoStatusBlock = The new access proctection for the pages\r
- * Buffer = Caller supplies storage for resulting information --> FILE_NOTIFY_INFORMATION\r
- * BufferSize = Size of the buffer\r
- CompletionFilter = Can be one of the following values:\r
- FILE_NOTIFY_CHANGE_FILE_NAME\r
- FILE_NOTIFY_CHANGE_DIR_NAME\r
- FILE_NOTIFY_CHANGE_NAME ( FILE_NOTIFY_CHANGE_FILE_NAME | FILE_NOTIFY_CHANGE_DIR_NAME ) \r
- FILE_NOTIFY_CHANGE_ATTRIBUTES\r
- FILE_NOTIFY_CHANGE_SIZE\r
- FILE_NOTIFY_CHANGE_LAST_WRITE\r
- FILE_NOTIFY_CHANGE_LAST_ACCESS\r
- FILE_NOTIFY_CHANGE_CREATION ( change of creation timestamp )\r
- FILE_NOTIFY_CHANGE_EA\r
- FILE_NOTIFY_CHANGE_SECURITY\r
- FILE_NOTIFY_CHANGE_STREAM_NAME\r
- FILE_NOTIFY_CHANGE_STREAM_SIZE\r
- FILE_NOTIFY_CHANGE_STREAM_WRITE\r
- WatchTree = If true the notify will be installed recursively on the targetdirectory and all subdirectories.\r
- *\r
- * REMARKS:\r
- * The function maps to the win32 FindFirstChangeNotification, FindNextChangeNotification \r
- * RETURNS: Status\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtNotifyChangeDirectoryFile(\r
- IN HANDLE FileHandle,\r
- IN HANDLE Event OPTIONAL, \r
- IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, \r
- IN PVOID ApcContext OPTIONAL, \r
- OUT PIO_STATUS_BLOCK IoStatusBlock,\r
- OUT PVOID Buffer,\r
- IN ULONG BufferSize,\r
- IN ULONG CompletionFilter,\r
- IN BOOLEAN WatchTree\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwNotifyChangeDirectoryFile(\r
- IN HANDLE FileHandle,\r
- IN HANDLE Event OPTIONAL, \r
- IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, \r
- IN PVOID ApcContext OPTIONAL, \r
- OUT PIO_STATUS_BLOCK IoStatusBlock,\r
- OUT PVOID Buffer,\r
- IN ULONG BufferSize,\r
- IN ULONG CompletionFilter,\r
- IN BOOLEAN WatchTree\r
- );\r
-\r
-/*\r
- * FUNCTION: Installs a notfication callback on registry changes\r
- * ARGUMENTS:\r
- KeyHandle = Handle to the registry key\r
- Event = Event that should be signalled on modification of the key\r
- ApcRoutine = Routine that should be called on modification of the key\r
- ApcContext = Argument to the ApcRoutine\r
- IoStatusBlock = ???\r
- CompletionFilter = Specifies the kind of notification the caller likes to receive.\r
- Can be a combination of the following values:\r
-\r
- REG_NOTIFY_CHANGE_NAME\r
- REG_NOTIFY_CHANGE_ATTRIBUTES\r
- REG_NOTIFY_CHANGE_LAST_SET\r
- REG_NOTIFY_CHANGE_SECURITY\r
- \r
- \r
- Asynchroneous = If TRUE the changes are reported by signalling an event if false\r
- the function will not return before a change occurs.\r
- ChangeBuffer = Will return the old value\r
- Length = Size of the change buffer\r
- WatchSubtree = Indicates if the caller likes to receive a notification of changes in\r
- sub keys or not.\r
- * REMARKS: If the key is closed the event is signalled aswell.\r
- * RETURNS: Status\r
- */\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtNotifyChangeKey(\r
- IN HANDLE KeyHandle,\r
- IN HANDLE Event,\r
- IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, \r
- IN PVOID ApcContext OPTIONAL, \r
- OUT PIO_STATUS_BLOCK IoStatusBlock,\r
- IN ULONG CompletionFilter,\r
- IN BOOLEAN Asynchroneous, \r
- OUT PVOID ChangeBuffer,\r
- IN ULONG Length,\r
- IN BOOLEAN WatchSubtree\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwNotifyChangeKey(\r
- IN HANDLE KeyHandle,\r
- IN HANDLE Event,\r
- IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, \r
- IN PVOID ApcContext OPTIONAL, \r
- OUT PIO_STATUS_BLOCK IoStatusBlock,\r
- IN ULONG CompletionFilter,\r
- IN BOOLEAN Asynchroneous, \r
- OUT PVOID ChangeBuffer,\r
- IN ULONG Length,\r
- IN BOOLEAN WatchSubtree\r
- );\r
-\r
-/*\r
- * FUNCTION: Opens an existing directory object\r
- * ARGUMENTS:\r
- * FileHandle (OUT) = Caller supplied storage for the resulting handle\r
- * DesiredAccess = Requested access to the directory\r
- * ObjectAttributes = Initialized attributes for the object\r
- * RETURNS: Status\r
- */\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtOpenDirectoryObject(\r
- OUT PHANDLE FileHandle,\r
- IN ACCESS_MASK DesiredAccess,\r
- IN POBJECT_ATTRIBUTES ObjectAttributes\r
- );\r
-NTSTATUS\r
-STDCALL\r
-ZwOpenDirectoryObject(\r
- OUT PHANDLE FileHandle,\r
- IN ACCESS_MASK DesiredAccess,\r
- IN POBJECT_ATTRIBUTES ObjectAttributes\r
- );\r
-\r
-/*\r
- * FUNCTION: Opens an existing event\r
- * ARGUMENTS:\r
- * EventHandle (OUT) = Caller supplied storage for the resulting handle\r
- * DesiredAccess = Requested access to the event\r
- * ObjectAttributes = Initialized attributes for the object\r
- * RETURNS: Status\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtOpenEvent(\r
- OUT PHANDLE EventHandle,\r
- IN ACCESS_MASK DesiredAccess,\r
- IN POBJECT_ATTRIBUTES ObjectAttributes\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwOpenEvent(\r
- OUT PHANDLE EventHandle,\r
- IN ACCESS_MASK DesiredAccess,\r
- IN POBJECT_ATTRIBUTES ObjectAttributes\r
- );\r
-\r
-/*\r
- * FUNCTION: Opens an existing event pair\r
- * ARGUMENTS:\r
- * EventHandle (OUT) = Caller supplied storage for the resulting handle\r
- * DesiredAccess = Requested access to the event\r
- * ObjectAttributes = Initialized attributes for the object\r
- * RETURNS: Status\r
- */\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtOpenEventPair(\r
- OUT PHANDLE EventPairHandle,\r
- IN ACCESS_MASK DesiredAccess,\r
- IN POBJECT_ATTRIBUTES ObjectAttributes\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwOpenEventPair(\r
- OUT PHANDLE EventPairHandle,\r
- IN ACCESS_MASK DesiredAccess,\r
- IN POBJECT_ATTRIBUTES ObjectAttributes\r
- );\r
-/*\r
- * FUNCTION: Opens an existing file\r
- * ARGUMENTS:\r
- * FileHandle (OUT) = Caller supplied storage for the resulting handle\r
- * DesiredAccess = Requested access to the file\r
- * ObjectAttributes = Initialized attributes for the object\r
- * IoStatusBlock =\r
- * ShareAccess =\r
- * OpenOptions =\r
- * RETURNS: Status\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtOpenFile(\r
- OUT PHANDLE FileHandle,\r
- IN ACCESS_MASK DesiredAccess,\r
- IN POBJECT_ATTRIBUTES ObjectAttributes,\r
- OUT PIO_STATUS_BLOCK IoStatusBlock,\r
- IN ULONG ShareAccess,\r
- IN ULONG OpenOptions\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwOpenFile(\r
- OUT PHANDLE FileHandle,\r
- IN ACCESS_MASK DesiredAccess,\r
- IN POBJECT_ATTRIBUTES ObjectAttributes,\r
- OUT PIO_STATUS_BLOCK IoStatusBlock,\r
- IN ULONG ShareAccess,\r
- IN ULONG OpenOptions\r
- );\r
-\r
-/*\r
- * FUNCTION: Opens an existing io completion object\r
- * ARGUMENTS:\r
- * CompletionPort (OUT) = Caller supplied storage for the resulting handle\r
- * DesiredAccess = Requested access to the io completion object\r
- * ObjectAttributes = Initialized attributes for the object\r
- * RETURNS: Status\r
- */\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtOpenIoCompletion(\r
- OUT PHANDLE CompetionPort,\r
- IN ACCESS_MASK DesiredAccess,\r
- IN POBJECT_ATTRIBUTES ObjectAttributes\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwOpenIoCompletion(\r
- OUT PHANDLE CompetionPort,\r
- IN ACCESS_MASK DesiredAccess,\r
- IN POBJECT_ATTRIBUTES ObjectAttributes\r
- );\r
- \r
-/*\r
- * FUNCTION: Opens an existing key in the registry\r
- * ARGUMENTS:\r
- * KeyHandle (OUT) = Caller supplied storage for the resulting handle\r
- * DesiredAccess = Requested access to the key\r
- * ObjectAttributes = Initialized attributes for the object\r
- * RETURNS: Status\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtOpenKey(\r
- OUT PHANDLE KeyHandle,\r
- IN ACCESS_MASK DesiredAccess,\r
- IN POBJECT_ATTRIBUTES ObjectAttributes\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwOpenKey(\r
- OUT PHANDLE KeyHandle,\r
- IN ACCESS_MASK DesiredAccess,\r
- IN POBJECT_ATTRIBUTES ObjectAttributes\r
- );\r
-/*\r
- * FUNCTION: Opens an existing key in the registry\r
- * ARGUMENTS:\r
- * MutantHandle (OUT) = Caller supplied storage for the resulting handle\r
- * DesiredAccess = Requested access to the mutant\r
- * ObjectAttribute = Initialized attributes for the object\r
- * RETURNS: Status\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtOpenMutant(\r
- OUT PHANDLE MutantHandle,\r
- IN ACCESS_MASK DesiredAccess,\r
- IN POBJECT_ATTRIBUTES ObjectAttributes\r
- );\r
-NTSTATUS\r
-STDCALL\r
-ZwOpenMutant(\r
- OUT PHANDLE MutantHandle,\r
- IN ACCESS_MASK DesiredAccess,\r
- IN POBJECT_ATTRIBUTES ObjectAttributes\r
- );\r
-\r
-/*\r
- * FUNCTION: Opens an existing process\r
- * ARGUMENTS:\r
- * ProcessHandle (OUT) = Caller supplied storage for the resulting handle\r
- * DesiredAccess = Requested access to the process\r
- * ObjectAttribute = Initialized attributes for the object\r
- * ClientId = Identifies the process id to open\r
- * RETURNS: Status\r
- */\r
-NTSTATUS \r
-STDCALL\r
-NtOpenProcess (\r
- OUT PHANDLE ProcessHandle,\r
- IN ACCESS_MASK DesiredAccess,\r
- IN POBJECT_ATTRIBUTES ObjectAttributes,\r
- IN PCLIENT_ID ClientId\r
- ); \r
-NTSTATUS \r
-STDCALL\r
-ZwOpenProcess (\r
- OUT PHANDLE ProcessHandle,\r
- IN ACCESS_MASK DesiredAccess,\r
- IN POBJECT_ATTRIBUTES ObjectAttributes,\r
- IN PCLIENT_ID ClientId\r
- ); \r
-/*\r
- * FUNCTION: Opens an existing process\r
- * ARGUMENTS:\r
- * ProcessHandle = Handle of the process of which owns the token\r
- * DesiredAccess = Requested access to the token\r
- * TokenHandle (OUT) = Caller supplies storage for the resulting token.\r
- * REMARKS:\r
- This function maps to the win32 \r
- * RETURNS: Status\r
- */\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtOpenProcessToken(\r
- IN HANDLE ProcessHandle,\r
- IN ACCESS_MASK DesiredAccess,\r
- OUT PHANDLE TokenHandle\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwOpenProcessToken(\r
- IN HANDLE ProcessHandle,\r
- IN ACCESS_MASK DesiredAccess,\r
- OUT PHANDLE TokenHandle\r
- );\r
-\r
-/*\r
- * FUNCTION: Opens an existing section object\r
- * ARGUMENTS:\r
- * KeyHandle (OUT) = Caller supplied storage for the resulting handle\r
- * DesiredAccess = Requested access to the key\r
- * ObjectAttribute = Initialized attributes for the object\r
- * RETURNS: Status\r
- */\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtOpenSection(\r
- OUT PHANDLE SectionHandle,\r
- IN ACCESS_MASK DesiredAccess,\r
- IN POBJECT_ATTRIBUTES ObjectAttributes\r
- );\r
-NTSTATUS\r
-STDCALL\r
-ZwOpenSection(\r
- OUT PHANDLE SectionHandle,\r
- IN ACCESS_MASK DesiredAccess,\r
- IN POBJECT_ATTRIBUTES ObjectAttributes\r
- );\r
-/*\r
- * FUNCTION: Opens an existing semaphore\r
- * ARGUMENTS:\r
- * SemaphoreHandle (OUT) = Caller supplied storage for the resulting handle\r
- * DesiredAccess = Requested access to the semaphore\r
- * ObjectAttribute = Initialized attributes for the object\r
- * RETURNS: Status\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtOpenSemaphore(\r
- IN HANDLE SemaphoreHandle,\r
- IN ACCESS_MASK DesiredAcces,\r
- IN POBJECT_ATTRIBUTES ObjectAttributes\r
- );\r
-NTSTATUS\r
-STDCALL\r
-ZwOpenSemaphore(\r
- IN HANDLE SemaphoreHandle,\r
- IN ACCESS_MASK DesiredAcces,\r
- IN POBJECT_ATTRIBUTES ObjectAttributes\r
- );\r
-/*\r
- * FUNCTION: Opens an existing symbolic link\r
- * ARGUMENTS:\r
- * SymbolicLinkHandle (OUT) = Caller supplied storage for the resulting handle\r
- * DesiredAccess = Requested access to the symbolic link\r
- * ObjectAttribute = Initialized attributes for the object\r
- * RETURNS: Status\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtOpenSymbolicLinkObject(\r
- OUT PHANDLE SymbolicLinkHandle,\r
- IN ACCESS_MASK DesiredAccess,\r
- IN POBJECT_ATTRIBUTES ObjectAttributes\r
- );\r
-NTSTATUS\r
-STDCALL\r
-ZwOpenSymbolicLinkObject(\r
- OUT PHANDLE SymbolicLinkHandle,\r
- IN ACCESS_MASK DesiredAccess,\r
- IN POBJECT_ATTRIBUTES ObjectAttributes\r
- );\r
-/*\r
- * FUNCTION: Opens an existing thread\r
- * ARGUMENTS:\r
- * ThreadHandle (OUT) = Caller supplied storage for the resulting handle\r
- * DesiredAccess = Requested access to the thread\r
- * ObjectAttribute = Initialized attributes for the object\r
- * ClientId = Identifies the thread to open.\r
- * RETURNS: Status\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtOpenThread(\r
- OUT PHANDLE ThreadHandle,\r
- IN ACCESS_MASK DesiredAccess,\r
- IN POBJECT_ATTRIBUTES ObjectAttributes,\r
- IN PCLIENT_ID ClientId\r
- );\r
-NTSTATUS\r
-STDCALL\r
-ZwOpenThread(\r
- OUT PHANDLE ThreadHandle,\r
- IN ACCESS_MASK DesiredAccess,\r
- IN POBJECT_ATTRIBUTES ObjectAttributes,\r
- IN PCLIENT_ID ClientId\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtOpenThreadToken(\r
- IN HANDLE ThreadHandle,\r
- IN ACCESS_MASK DesiredAccess,\r
- IN BOOLEAN OpenAsSelf,\r
- OUT PHANDLE TokenHandle\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwOpenThreadToken(\r
- IN HANDLE ThreadHandle,\r
- IN ACCESS_MASK DesiredAccess,\r
- IN BOOLEAN OpenAsSelf,\r
- OUT PHANDLE TokenHandle\r
- );\r
-/*\r
- * FUNCTION: Opens an existing timer\r
- * ARGUMENTS:\r
- * TimerHandle (OUT) = Caller supplied storage for the resulting handle\r
- * DesiredAccess = Requested access to the timer\r
- * ObjectAttribute = Initialized attributes for the object\r
- * RETURNS: Status\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtOpenTimer(\r
- OUT PHANDLE TimerHandle,\r
- IN ACCESS_MASK DesiredAccess,\r
- IN POBJECT_ATTRIBUTES ObjectAttributes\r
- );\r
-NTSTATUS\r
-STDCALL\r
-ZwOpenTimer(\r
- OUT PHANDLE TimerHandle,\r
- IN ACCESS_MASK DesiredAccess,\r
- IN POBJECT_ATTRIBUTES ObjectAttributes\r
- );\r
-\r
-/*\r
- * FUNCTION: Checks an access token for specific privileges\r
- * ARGUMENTS:\r
- * ClientToken = Handle to a access token structure\r
- * RequiredPrivileges = Specifies the requested privileges.\r
- * Result = Caller supplies storage for the result. If PRIVILEGE_SET_ALL_NECESSARY is\r
- set in the Control member of PRIVILEGES_SET Result\r
- will only be TRUE if all privileges are present in the access token. \r
- * RETURNS: Status\r
- */\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtPrivilegeCheck(\r
- IN HANDLE ClientToken,\r
- IN PPRIVILEGE_SET RequiredPrivileges,\r
- IN PBOOLEAN Result\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwPrivilegeCheck(\r
- IN HANDLE ClientToken,\r
- IN PPRIVILEGE_SET RequiredPrivileges,\r
- IN PBOOLEAN Result\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtPrivilegedServiceAuditAlarm(\r
- IN PUNICODE_STRING SubsystemName,\r
- IN PUNICODE_STRING ServiceName,\r
- IN HANDLE ClientToken,\r
- IN PPRIVILEGE_SET Privileges,\r
- IN BOOLEAN AccessGranted\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwPrivilegedServiceAuditAlarm(\r
- IN PUNICODE_STRING SubsystemName, \r
- IN PUNICODE_STRING ServiceName, \r
- IN HANDLE ClientToken,\r
- IN PPRIVILEGE_SET Privileges, \r
- IN BOOLEAN AccessGranted \r
- ); \r
-\r
-NTSTATUS\r
-STDCALL\r
-NtPrivilegeObjectAuditAlarm(\r
- IN PUNICODE_STRING SubsystemName,\r
- IN PVOID HandleId,\r
- IN HANDLE ClientToken,\r
- IN ULONG DesiredAccess,\r
- IN PPRIVILEGE_SET Privileges,\r
- IN BOOLEAN AccessGranted\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwPrivilegeObjectAuditAlarm(\r
- IN PUNICODE_STRING SubsystemName,\r
- IN PVOID HandleId,\r
- IN HANDLE ClientToken,\r
- IN ULONG DesiredAccess,\r
- IN PPRIVILEGE_SET Privileges,\r
- IN BOOLEAN AccessGranted\r
- );\r
-\r
-/*\r
- * FUNCTION: Entry point for native applications\r
- * ARGUMENTS:\r
- * Peb = Pointes to the Process Environment Block (PEB)\r
- * REMARKS:\r
- * Native applications should use this function instead of a main.\r
- * Calling proces should terminate itself.\r
- * RETURNS: Status\r
- */ \r
-VOID STDCALL\r
-NtProcessStartup(\r
- IN PPEB Peb\r
- );\r
-\r
-\r
-/*\r
- * FUNCTION: Signals an event and resets it afterwards.\r
- * ARGUMENTS:\r
- * EventHandle = Handle to the event\r
- * PulseCount = Number of times the action is repeated\r
- * RETURNS: Status\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtPulseEvent(\r
- IN HANDLE EventHandle,\r
- IN PULONG PulseCount OPTIONAL\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwPulseEvent(\r
- IN HANDLE EventHandle,\r
- IN PULONG PulseCount OPTIONAL\r
- );\r
-\r
-/*\r
- * FUNCTION: Queries the attributes of a file\r
- * ARGUMENTS:\r
- * ObjectAttributes = Initialized attributes for the object\r
- * Buffer = Caller supplies storage for the attributes\r
- * RETURNS: Status\r
- */\r
-\r
-NTSTATUS STDCALL\r
-NtQueryAttributesFile(IN POBJECT_ATTRIBUTES ObjectAttributes,\r
- OUT PFILE_BASIC_INFORMATION FileInformation);\r
-\r
-NTSTATUS STDCALL\r
-ZwQueryAttributesFile(IN POBJECT_ATTRIBUTES ObjectAttributes,\r
- OUT PFILE_BASIC_INFORMATION FileInformation);\r
-\r
-/*\r
- * FUNCTION: Queries the default locale id\r
- * ARGUMENTS:\r
- * UserProfile = Type of locale id\r
- * TRUE: thread locale id\r
- * FALSE: system locale id\r
- * DefaultLocaleId = Caller supplies storage for the locale id\r
- * RETURNS: Status\r
- */\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtQueryDefaultLocale(\r
- IN BOOLEAN UserProfile,\r
- OUT PLCID DefaultLocaleId\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwQueryDefaultLocale(\r
- IN BOOLEAN UserProfile,\r
- OUT PLCID DefaultLocaleId\r
- );\r
-\r
-/*\r
- * FUNCTION: Queries a directory file.\r
- * ARGUMENTS:\r
- * FileHandle = Handle to a directory file\r
- * EventHandle = Handle to the event signaled on completion\r
- * ApcRoutine = Asynchroneous procedure callback, called on completion\r
- * ApcContext = Argument to the apc.\r
- * IoStatusBlock = Caller supplies storage for extended status information.\r
- * FileInformation = Caller supplies storage for the resulting information.\r
- *\r
- * FileNameInformation FILE_NAMES_INFORMATION\r
- * FileDirectoryInformation FILE_DIRECTORY_INFORMATION\r
- * FileFullDirectoryInformation FILE_FULL_DIRECTORY_INFORMATION\r
- * FileBothDirectoryInformation FILE_BOTH_DIR_INFORMATION\r
- *\r
- * Length = Size of the storage supplied\r
- * FileInformationClass = Indicates the type of information requested. \r
- * ReturnSingleEntry = Specify true if caller only requests the first directory found.\r
- * FileName = Initial directory name to query, that may contain wild cards.\r
- * RestartScan = Number of times the action should be repeated\r
- * RETURNS: Status [ STATUS_SUCCESS, STATUS_ACCESS_DENIED, STATUS_INSUFFICIENT_RESOURCES,\r
- * STATUS_INVALID_PARAMETER, STATUS_INVALID_DEVICE_REQUEST, STATUS_BUFFER_OVERFLOW,\r
- * STATUS_INVALID_INFO_CLASS, STATUS_NO_SUCH_FILE, STATUS_NO_MORE_FILES ]\r
- */\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtQueryDirectoryFile(\r
- IN HANDLE FileHandle,\r
- IN HANDLE Event OPTIONAL,\r
- IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,\r
- IN PVOID ApcContext OPTIONAL,\r
- OUT PIO_STATUS_BLOCK IoStatusBlock,\r
- OUT PVOID FileInformation,\r
- IN ULONG Length,\r
- IN FILE_INFORMATION_CLASS FileInformationClass,\r
- IN BOOLEAN ReturnSingleEntry,\r
- IN PUNICODE_STRING FileName OPTIONAL,\r
- IN BOOLEAN RestartScan\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwQueryDirectoryFile(\r
- IN HANDLE FileHandle,\r
- IN HANDLE Event OPTIONAL,\r
- IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,\r
- IN PVOID ApcContext OPTIONAL,\r
- OUT PIO_STATUS_BLOCK IoStatusBlock,\r
- OUT PVOID FileInformation,\r
- IN ULONG Length,\r
- IN FILE_INFORMATION_CLASS FileInformationClass,\r
- IN BOOLEAN ReturnSingleEntry,\r
- IN PUNICODE_STRING FileName OPTIONAL,\r
- IN BOOLEAN RestartScan\r
- );\r
-\r
-/*\r
- * FUNCTION: Queries the extended attributes of a file\r
- * ARGUMENTS:\r
- * FileHandle = Handle to the event\r
- * IoStatusBlock = Number of times the action is repeated\r
- * Buffer\r
- * Length\r
- * ReturnSingleEntry\r
- * EaList\r
- * EaListLength\r
- * EaIndex\r
- * RestartScan\r
- * RETURNS: Status\r
- */\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtQueryEaFile(\r
- IN HANDLE FileHandle,\r
- OUT PIO_STATUS_BLOCK IoStatusBlock,\r
- OUT PVOID Buffer,\r
- IN ULONG Length,\r
- IN BOOLEAN ReturnSingleEntry,\r
- IN PVOID EaList OPTIONAL,\r
- IN ULONG EaListLength,\r
- IN PULONG EaIndex OPTIONAL,\r
- IN BOOLEAN RestartScan\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwQueryEaFile(\r
- IN HANDLE FileHandle,\r
- OUT PIO_STATUS_BLOCK IoStatusBlock,\r
- OUT PVOID Buffer,\r
- IN ULONG Length,\r
- IN BOOLEAN ReturnSingleEntry,\r
- IN PVOID EaList OPTIONAL,\r
- IN ULONG EaListLength,\r
- IN PULONG EaIndex OPTIONAL,\r
- IN BOOLEAN RestartScan\r
- );\r
-\r
-/*\r
- * FUNCTION: Queries an event\r
- * ARGUMENTS:\r
- * EventHandle = Handle to the event\r
- * EventInformationClass = Index of the information structure\r
- \r
- EventBasicInformation EVENT_BASIC_INFORMATION\r
-\r
- * EventInformation = Caller supplies storage for the information structure\r
- * EventInformationLength = Size of the information structure\r
- * ReturnLength = Data written\r
- * RETURNS: Status\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtQueryEvent(\r
- IN HANDLE EventHandle,\r
- IN EVENT_INFORMATION_CLASS EventInformationClass,\r
- OUT PVOID EventInformation,\r
- IN ULONG EventInformationLength,\r
- OUT PULONG ReturnLength\r
- );\r
-NTSTATUS\r
-STDCALL\r
-ZwQueryEvent(\r
- IN HANDLE EventHandle,\r
- IN EVENT_INFORMATION_CLASS EventInformationClass,\r
- OUT PVOID EventInformation,\r
- IN ULONG EventInformationLength,\r
- OUT PULONG ReturnLength\r
- );\r
-\r
-NTSTATUS STDCALL\r
-NtQueryFullAttributesFile(IN POBJECT_ATTRIBUTES ObjectAttributes,\r
- OUT PFILE_NETWORK_OPEN_INFORMATION FileInformation);\r
-\r
-NTSTATUS STDCALL\r
-ZwQueryFullAttributesFile(IN POBJECT_ATTRIBUTES ObjectAttributes,\r
- OUT PFILE_NETWORK_OPEN_INFORMATION FileInformation);\r
-\r
-/*\r
- * FUNCTION: Queries the information of a file object.\r
- * ARGUMENTS: \r
- * FileHandle = Handle to the file object\r
- * IoStatusBlock = Caller supplies storage for extended information \r
- * on the current operation.\r
- * FileInformation = Storage for the new file information\r
- * Lenght = Size of the storage for the file information.\r
- * FileInformationClass = Indicates which file information is queried\r
-\r
- FileDirectoryInformation FILE_DIRECTORY_INFORMATION\r
- FileFullDirectoryInformation FILE_FULL_DIRECTORY_INFORMATION\r
- FileBothDirectoryInformation FILE_BOTH_DIRECTORY_INFORMATION\r
- FileBasicInformation FILE_BASIC_INFORMATION\r
- FileStandardInformation FILE_STANDARD_INFORMATION\r
- FileInternalInformation FILE_INTERNAL_INFORMATION\r
- FileEaInformation FILE_EA_INFORMATION\r
- FileAccessInformation FILE_ACCESS_INFORMATION\r
- FileNameInformation FILE_NAME_INFORMATION\r
- FileRenameInformation FILE_RENAME_INFORMATION\r
- FileLinkInformation \r
- FileNamesInformation FILE_NAMES_INFORMATION\r
- FileDispositionInformation FILE_DISPOSITION_INFORMATION\r
- FilePositionInformation FILE_POSITION_INFORMATION\r
- FileFullEaInformation FILE_FULL_EA_INFORMATION \r
- FileModeInformation FILE_MODE_INFORMATION\r
- FileAlignmentInformation FILE_ALIGNMENT_INFORMATION\r
- FileAllInformation FILE_ALL_INFORMATION\r
-\r
- FileEndOfFileInformation FILE_END_OF_FILE_INFORMATION\r
- FileAlternateNameInformation \r
- FileStreamInformation FILE_STREAM_INFORMATION\r
- FilePipeInformation \r
- FilePipeLocalInformation \r
- FilePipeRemoteInformation \r
- FileMailslotQueryInformation \r
- FileMailslotSetInformation \r
- FileCompressionInformation FILE_COMPRESSION_INFORMATION \r
- FileCopyOnWriteInformation \r
- FileCompletionInformation IO_COMPLETION_CONTEXT\r
- FileMoveClusterInformation \r
- FileOleClassIdInformation \r
- FileOleStateBitsInformation \r
- FileNetworkOpenInformation FILE_NETWORK_OPEN_INFORMATION\r
- FileObjectIdInformation \r
- FileOleAllInformation \r
- FileOleDirectoryInformation \r
- FileContentIndexInformation \r
- FileInheritContentIndexInformation \r
- FileOleInformation \r
- FileMaximumInformation \r
-\r
- * REMARK:\r
- * This procedure maps to the win32 GetShortPathName, GetLongPathName,\r
- GetFullPathName, GetFileType, GetFileSize, GetFileTime functions. \r
- * RETURNS: Status\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtQueryInformationFile(\r
- IN HANDLE FileHandle,\r
- OUT PIO_STATUS_BLOCK IoStatusBlock,\r
- OUT PVOID FileInformation,\r
- IN ULONG Length,\r
- IN FILE_INFORMATION_CLASS FileInformationClass\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwQueryInformationFile(\r
- HANDLE FileHandle,\r
- PIO_STATUS_BLOCK IoStatusBlock,\r
- PVOID FileInformation,\r
- ULONG Length,\r
- FILE_INFORMATION_CLASS FileInformationClass\r
- );\r
-\r
-\r
-/*\r
- * FUNCTION: Queries the information of a thread object.\r
- * ARGUMENTS: \r
- * ThreadHandle = Handle to the thread object\r
- * ThreadInformationClass = Index to a certain information structure\r
-\r
- ThreadBasicInformation THREAD_BASIC_INFORMATION \r
- ThreadTimes KERNEL_USER_TIMES\r
- ThreadPriority KPRIORITY \r
- ThreadBasePriority KPRIORITY \r
- ThreadAffinityMask KAFFINITY \r
- ThreadImpersonationToken \r
- ThreadDescriptorTableEntry \r
- ThreadEnableAlignmentFaultFixup \r
- ThreadEventPair \r
- ThreadQuerySetWin32StartAddress \r
- ThreadZeroTlsCell \r
- ThreadPerformanceCount \r
- ThreadAmILastThread BOOLEAN\r
- ThreadIdealProcessor ULONG\r
- ThreadPriorityBoost ULONG \r
- MaxThreadInfoClass \r
- \r
-\r
- * ThreadInformation = Caller supplies torage for the thread information\r
- * ThreadInformationLength = Size of the thread information structure\r
- * ReturnLength = Actual number of bytes written\r
- \r
- * REMARK:\r
- * This procedure maps to the win32 GetThreadTimes, GetThreadPriority,\r
- GetThreadPriorityBoost functions. \r
- * RETURNS: Status\r
-*/\r
-\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtQueryInformationThread(\r
- IN HANDLE ThreadHandle,\r
- IN THREADINFOCLASS ThreadInformationClass,\r
- OUT PVOID ThreadInformation,\r
- IN ULONG ThreadInformationLength,\r
- OUT PULONG ReturnLength \r
- );\r
-\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtQueryInformationToken(\r
- IN HANDLE TokenHandle,\r
- IN TOKEN_INFORMATION_CLASS TokenInformationClass,\r
- OUT PVOID TokenInformation,\r
- IN ULONG TokenInformationLength,\r
- OUT PULONG ReturnLength\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwQueryInformationToken(\r
- IN HANDLE TokenHandle,\r
- IN TOKEN_INFORMATION_CLASS TokenInformationClass,\r
- OUT PVOID TokenInformation,\r
- IN ULONG TokenInformationLength,\r
- OUT PULONG ReturnLength\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtQueryIoCompletion(\r
- IN HANDLE CompletionPort,\r
- IN ULONG CompletionKey,\r
- OUT PIO_STATUS_BLOCK IoStatusBlock,\r
- OUT PULONG NumberOfBytesTransferred\r
- );\r
-NTSTATUS\r
-STDCALL\r
-ZwQueryIoCompletion(\r
- IN HANDLE CompletionPort,\r
- IN ULONG CompletionKey,\r
- OUT PIO_STATUS_BLOCK IoStatusBlock,\r
- OUT PULONG NumberOfBytesTransferred\r
- );\r
-\r
-\r
-/*\r
- * FUNCTION: Queries the information of a registry key object.\r
- * ARGUMENTS: \r
- KeyHandle = Handle to a registry key\r
- KeyInformationClass = Index to a certain information structure\r
- KeyInformation = Caller supplies storage for resulting information\r
- Length = Size of the supplied storage \r
- ResultLength = Bytes written\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtQueryKey(\r
- IN HANDLE KeyHandle,\r
- IN KEY_INFORMATION_CLASS KeyInformationClass,\r
- OUT PVOID KeyInformation,\r
- IN ULONG Length,\r
- OUT PULONG ResultLength\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwQueryKey(\r
- IN HANDLE KeyHandle,\r
- IN KEY_INFORMATION_CLASS KeyInformationClass,\r
- OUT PVOID KeyInformation,\r
- IN ULONG Length,\r
- OUT PULONG ResultLength\r
- );\r
-\r
-\r
-// draft\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtQueryMultipleValueKey(\r
- IN HANDLE KeyHandle,\r
- IN OUT PKEY_VALUE_ENTRY ValueList,\r
- IN ULONG NumberOfValues,\r
- OUT PVOID Buffer,\r
- IN OUT PULONG Length,\r
- OUT PULONG ReturnLength\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwQueryMultipleValueKey(\r
- IN HANDLE KeyHandle,\r
- IN OUT PKEY_VALUE_ENTRY ValueList,\r
- IN ULONG NumberOfValues,\r
- OUT PVOID Buffer,\r
- IN OUT PULONG Length,\r
- OUT PULONG ReturnLength\r
- );\r
-\r
-/*\r
- * FUNCTION: Queries the information of a mutant object.\r
- * ARGUMENTS: \r
- MutantHandle = Handle to a mutant\r
- MutantInformationClass = Index to a certain information structure\r
- MutantInformation = Caller supplies storage for resulting information\r
- Length = Size of the supplied storage \r
- ResultLength = Bytes written\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtQueryMutant(\r
- IN HANDLE MutantHandle,\r
- IN CINT MutantInformationClass,\r
- OUT PVOID MutantInformation,\r
- IN ULONG Length,\r
- OUT PULONG ResultLength\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwQueryMutant(\r
- IN HANDLE MutantHandle,\r
- IN CINT MutantInformationClass,\r
- OUT PVOID MutantInformation,\r
- IN ULONG Length,\r
- OUT PULONG ResultLength\r
- );\r
-\r
-/*\r
- * FUNCTION: Queries the system ( high-resolution ) performance counter.\r
- * ARGUMENTS: \r
- * Counter = Performance counter\r
- * Frequency = Performance frequency\r
- * REMARKS:\r
- This procedure queries a tick count faster than 10ms ( The resolution for Intel®-based CPUs is about 0.8 microseconds.)\r
- This procedure maps to the win32 QueryPerformanceCounter, QueryPerformanceFrequency \r
- * RETURNS: Status\r
- *\r
-*/\r
-NTSTATUS\r
-STDCALL\r
-NtQueryPerformanceCounter(\r
- IN PLARGE_INTEGER Counter,\r
- IN PLARGE_INTEGER Frequency\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwQueryPerformanceCounter(\r
- IN PLARGE_INTEGER Counter,\r
- IN PLARGE_INTEGER Frequency\r
- );\r
-\r
-/*\r
- * FUNCTION: Queries the information of a semaphore.\r
- * ARGUMENTS: \r
- * SemaphoreHandle = Handle to the semaphore object\r
- * SemaphoreInformationClass = Index to a certain information structure\r
-\r
- SemaphoreBasicInformation SEMAPHORE_BASIC_INFORMATION\r
-\r
- * SemaphoreInformation = Caller supplies storage for the semaphore information structure\r
- * Length = Size of the infomation structure\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtQuerySemaphore(\r
- IN HANDLE SemaphoreHandle,\r
- IN SEMAPHORE_INFORMATION_CLASS SemaphoreInformationClass,\r
- OUT PVOID SemaphoreInformation,\r
- IN ULONG Length,\r
- OUT PULONG ReturnLength\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwQuerySemaphore(\r
- IN HANDLE SemaphoreHandle,\r
- IN SEMAPHORE_INFORMATION_CLASS SemaphoreInformationClass,\r
- OUT PVOID SemaphoreInformation,\r
- IN ULONG Length,\r
- OUT PULONG ReturnLength\r
- );\r
-\r
-\r
-/*\r
- * FUNCTION: Queries the information of a symbolic link object.\r
- * ARGUMENTS: \r
- * SymbolicLinkHandle = Handle to the symbolic link object\r
- * LinkTarget = resolved name of link\r
- * DataWritten = size of the LinkName.\r
- * RETURNS: Status\r
- *\r
-*/\r
-NTSTATUS\r
-STDCALL\r
-NtQuerySymbolicLinkObject(\r
- IN HANDLE SymLinkObjHandle,\r
- OUT PUNICODE_STRING LinkTarget,\r
- OUT PULONG DataWritten OPTIONAL\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwQuerySymbolicLinkObject(\r
- IN HANDLE SymLinkObjHandle,\r
- OUT PUNICODE_STRING LinkName,\r
- OUT PULONG DataWritten OPTIONAL\r
- ); \r
-\r
-\r
-/*\r
- * FUNCTION: Queries a system environment variable.\r
- * ARGUMENTS: \r
- * Name = Name of the variable\r
- * Value (OUT) = value of the variable\r
- * Length = size of the buffer\r
- * ReturnLength = data written\r
- * RETURNS: Status\r
- *\r
-*/\r
-NTSTATUS\r
-STDCALL\r
-NtQuerySystemEnvironmentValue(\r
- IN PUNICODE_STRING Name,\r
- OUT PVOID Value,\r
- ULONG Length,\r
- PULONG ReturnLength\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwQuerySystemEnvironmentValue(\r
- IN PUNICODE_STRING Name,\r
- OUT PVOID Value,\r
- ULONG Length,\r
- PULONG ReturnLength\r
- );\r
-\r
-\r
-/*\r
- * FUNCTION: Queries the system information.\r
- * ARGUMENTS: \r
- * SystemInformationClass = Index to a certain information structure\r
-\r
- SystemTimeAdjustmentInformation SYSTEM_TIME_ADJUSTMENT\r
- SystemCacheInformation SYSTEM_CACHE_INFORMATION\r
- SystemConfigurationInformation CONFIGURATION_INFORMATION\r
-\r
- * SystemInformation = caller supplies storage for the information structure\r
- * Length = size of the structure\r
- ResultLength = Data written\r
- * RETURNS: Status\r
- *\r
-*/\r
-NTSTATUS\r
-STDCALL\r
-NtQuerySystemInformation(\r
- IN SYSTEM_INFORMATION_CLASS SystemInformationClass,\r
- OUT PVOID SystemInformation,\r
- IN ULONG Length,\r
- OUT PULONG ResultLength\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwQuerySystemInformation(\r
- IN SYSTEM_INFORMATION_CLASS SystemInformationClass,\r
- OUT PVOID SystemInformation,\r
- IN ULONG Length,\r
- OUT PULONG ResultLength\r
- );\r
-\r
-/*\r
- * FUNCTION: Queries information about a timer\r
- * ARGUMENTS: \r
- * TimerHandle = Handle to the timer\r
- TimerValueInformationClass = Index to a certain information structure\r
- TimerValueInformation = Caller supplies storage for the information structure\r
- Length = Size of the information structure\r
- ResultLength = Data written\r
- * RETURNS: Status\r
- *\r
-*/ \r
-NTSTATUS\r
-STDCALL\r
-NtQueryTimer(\r
- IN HANDLE TimerHandle,\r
- IN CINT TimerInformationClass,\r
- OUT PVOID TimerInformation,\r
- IN ULONG Length,\r
- OUT PULONG ResultLength\r
- );\r
-NTSTATUS\r
-STDCALL\r
-ZwQueryTimer(\r
- IN HANDLE TimerHandle,\r
- IN CINT TimerInformationClass,\r
- OUT PVOID TimerInformation,\r
- IN ULONG Length,\r
- OUT PULONG ResultLength\r
- );\r
-\r
-/*\r
- * FUNCTION: Queries the timer resolution\r
- * ARGUMENTS: \r
- * MinimumResolution (OUT) = Caller should supply storage for the resulting time.\r
- Maximum Resolution (OUT) = Caller should supply storage for the resulting time.\r
- ActualResolution (OUT) = Caller should supply storage for the resulting time.\r
- * RETURNS: Status\r
- *\r
-*/ \r
-\r
-\r
-NTSTATUS\r
-STDCALL \r
-NtQueryTimerResolution ( \r
- OUT PULONG MinimumResolution,\r
- OUT PULONG MaximumResolution, \r
- OUT PULONG ActualResolution \r
- ); \r
-\r
-NTSTATUS\r
-STDCALL \r
-ZwQueryTimerResolution ( \r
- OUT PULONG MinimumResolution,\r
- OUT PULONG MaximumResolution, \r
- OUT PULONG ActualResolution \r
- ); \r
-\r
-/*\r
- * FUNCTION: Queries a registry key value\r
- * ARGUMENTS: \r
- * KeyHandle = Handle to the registry key\r
- ValueName = Name of the value in the registry key\r
- KeyValueInformationClass = Index to a certain information structure\r
-\r
- KeyValueBasicInformation = KEY_VALUE_BASIC_INFORMATION\r
- KeyValueFullInformation = KEY_FULL_INFORMATION\r
- KeyValuePartialInformation = KEY_VALUE_PARTIAL_INFORMATION\r
-\r
- KeyValueInformation = Caller supplies storage for the information structure\r
- Length = Size of the information structure\r
- ResultLength = Data written\r
- * RETURNS: Status\r
- *\r
-*/ \r
-NTSTATUS\r
-STDCALL\r
-NtQueryValueKey(\r
- IN HANDLE KeyHandle,\r
- IN PUNICODE_STRING ValueName,\r
- IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass,\r
- OUT PVOID KeyValueInformation,\r
- IN ULONG Length,\r
- OUT PULONG ResultLength\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwQueryValueKey(\r
- IN HANDLE KeyHandle,\r
- IN PUNICODE_STRING ValueName,\r
- IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass,\r
- OUT PVOID KeyValueInformation,\r
- IN ULONG Length,\r
- OUT PULONG ResultLength\r
- );\r
-\r
-/*\r
- * FUNCTION: Queries the volume information\r
- * ARGUMENTS: \r
- * FileHandle = Handle to a file object on the target volume\r
- * IoStatusBlock = Caller should supply storage for additional status information\r
- * ReturnLength = DataWritten\r
- * FsInformation = Caller should supply storage for the information structure.\r
- * Length = Size of the information structure\r
- * FsInformationClass = Index to a information structure\r
-\r
- FileFsVolumeInformation FILE_FS_VOLUME_INFORMATION\r
- FileFsLabelInformation FILE_FS_LABEL_INFORMATION \r
- FileFsSizeInformation FILE_FS_SIZE_INFORMATION\r
- FileFsDeviceInformation FILE_FS_DEVICE_INFORMATION\r
- FileFsAttributeInformation FILE_FS_ATTRIBUTE_INFORMATION\r
- FileFsControlInformation \r
- FileFsQuotaQueryInformation --\r
- FileFsQuotaSetInformation --\r
- FileFsMaximumInformation \r
-\r
- * RETURNS: Status [ STATUS_SUCCESS | STATUS_INSUFFICIENT_RESOURCES | STATUS_INVALID_PARAMETER |\r
- STATUS_INVALID_DEVICE_REQUEST | STATUS_BUFFER_OVERFLOW ]\r
- *\r
-*/\r
-NTSTATUS\r
-STDCALL\r
-NtQueryVolumeInformationFile(\r
- IN HANDLE FileHandle,\r
- OUT PIO_STATUS_BLOCK IoStatusBlock,\r
- OUT PVOID FsInformation,\r
- IN ULONG Length,\r
- IN FS_INFORMATION_CLASS FsInformationClass \r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwQueryVolumeInformationFile(\r
- IN HANDLE FileHandle,\r
- OUT PIO_STATUS_BLOCK IoStatusBlock,\r
- OUT PVOID FsInformation,\r
- IN ULONG Length,\r
- IN FS_INFORMATION_CLASS FsInformationClass\r
- );\r
-// draft\r
-// FIXME: Should I specify if the apc is user or kernel mode somewhere ??\r
-/*\r
- * FUNCTION: Queues a (user) apc to a thread.\r
- * ARGUMENTS: \r
- ThreadHandle = Thread to which the apc is queued.\r
- ApcRoutine = Points to the apc routine\r
- NormalContext = Argument to Apc Routine\r
- * SystemArgument1 = Argument of the Apc Routine\r
- SystemArgument2 = Argument of the Apc Routine\r
- * REMARK: If the apc is queued against a thread of a different process than the calling thread\r
- the apc routine should be specified in the address space of the queued thread's process.\r
- * RETURNS: Status\r
-*/\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtQueueApcThread(\r
- HANDLE ThreadHandle,\r
- PKNORMAL_ROUTINE ApcRoutine,\r
- PVOID NormalContext,\r
- PVOID SystemArgument1,\r
- PVOID SystemArgument2);\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwQueueApcThread(\r
- HANDLE ThreadHandle,\r
- PKNORMAL_ROUTINE ApcRoutine,\r
- PVOID NormalContext,\r
- PVOID SystemArgument1,\r
- PVOID SystemArgument2);\r
-\r
-\r
-/*\r
- * FUNCTION: Raises an exception\r
- * ARGUMENTS:\r
- * ExceptionRecord = Structure specifying the exception\r
- * Context = Context in which the excpetion is raised \r
- * IsDebugger = \r
- * RETURNS: Status\r
- *\r
-*/\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtRaiseException(\r
- IN PEXCEPTION_RECORD ExceptionRecord,\r
- IN PCONTEXT Context,\r
- IN BOOLEAN SearchFrames\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwRaiseException(\r
- IN PEXCEPTION_RECORD ExceptionRecord,\r
- IN PCONTEXT Context,\r
- IN BOOLEAN SearchFrames\r
- );\r
-\r
-/*\r
- * FUNCTION: Read a file\r
- * ARGUMENTS:\r
- * FileHandle = Handle of a file to read\r
- * Event = This event is signalled when the read operation completes\r
- * UserApcRoutine = Call back , if supplied Event should be NULL\r
- * UserApcContext = Argument to the callback\r
- * IoStatusBlock = Caller should supply storage for additional status information\r
- * Buffer = Caller should supply storage to receive the information\r
- * BufferLength = Size of the buffer\r
- * ByteOffset = Offset to start reading the file\r
- * Key = If a range is lock a matching key will allow the read to continue.\r
- * RETURNS: Status\r
- *\r
- */\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtReadFile(\r
- IN HANDLE FileHandle,\r
- IN HANDLE Event OPTIONAL,\r
- IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL,\r
- IN PVOID UserApcContext OPTIONAL,\r
- OUT PIO_STATUS_BLOCK IoStatusBlock,\r
- OUT PVOID Buffer,\r
- IN ULONG BufferLength,\r
- IN PLARGE_INTEGER ByteOffset OPTIONAL,\r
- IN PULONG Key OPTIONAL \r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwReadFile(\r
- IN HANDLE FileHandle,\r
- IN HANDLE Event OPTIONAL,\r
- IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL,\r
- IN PVOID UserApcContext OPTIONAL,\r
- OUT PIO_STATUS_BLOCK IoStatusBlock,\r
- OUT PVOID Buffer,\r
- IN ULONG BufferLength,\r
- IN PLARGE_INTEGER ByteOffset OPTIONAL,\r
- IN PULONG Key OPTIONAL \r
- );\r
-/*\r
- * FUNCTION: Read a file using scattered io\r
- * ARGUMENTS: \r
- FileHandle = Handle of a file to read\r
- Event = This event is signalled when the read operation completes\r
- * UserApcRoutine = Call back , if supplied Event should be NULL\r
- UserApcContext = Argument to the callback\r
- IoStatusBlock = Caller should supply storage for additional status information\r
- BufferDescription = Caller should supply storage to receive the information\r
- BufferLength = Size of the buffer\r
- ByteOffset = Offset to start reading the file\r
- Key = Key = If a range is lock a matching key will allow the read to continue.\r
- * RETURNS: Status\r
- *\r
-*/ \r
-NTSTATUS\r
-STDCALL\r
-NtReadFileScatter( \r
- IN HANDLE FileHandle, \r
- IN HANDLE Event OPTIONAL, \r
- IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL, \r
- IN PVOID UserApcContext OPTIONAL, \r
- OUT PIO_STATUS_BLOCK UserIoStatusBlock, \r
- IN FILE_SEGMENT_ELEMENT BufferDescription[], \r
- IN ULONG BufferLength, \r
- IN PLARGE_INTEGER ByteOffset, \r
- IN PULONG Key OPTIONAL \r
- ); \r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwReadFileScatter( \r
- IN HANDLE FileHandle, \r
- IN HANDLE Event OPTIONAL, \r
- IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL, \r
- IN PVOID UserApcContext OPTIONAL, \r
- OUT PIO_STATUS_BLOCK UserIoStatusBlock, \r
- IN FILE_SEGMENT_ELEMENT BufferDescription[], \r
- IN ULONG BufferLength, \r
- IN PLARGE_INTEGER ByteOffset, \r
- IN PULONG Key OPTIONAL \r
- ); \r
-/*\r
- * FUNCTION: Copies a range of virtual memory to a buffer\r
- * ARGUMENTS: \r
- * ProcessHandle = Specifies the process owning the virtual address space\r
- * BaseAddress = Points to the address of virtual memory to start the read\r
- * Buffer = Caller supplies storage to copy the virtual memory to.\r
- * NumberOfBytesToRead = Limits the range to read\r
- * NumberOfBytesRead = The actual number of bytes read.\r
- * RETURNS: Status\r
- */\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtReadVirtualMemory( \r
- IN HANDLE ProcessHandle,\r
- IN PVOID BaseAddress,\r
- OUT PVOID Buffer,\r
- IN ULONG NumberOfBytesToRead,\r
- OUT PULONG NumberOfBytesRead\r
- ); \r
-NTSTATUS\r
-STDCALL\r
-ZwReadVirtualMemory( \r
- IN HANDLE ProcessHandle,\r
- IN PVOID BaseAddress,\r
- OUT PVOID Buffer,\r
- IN ULONG NumberOfBytesToRead,\r
- OUT PULONG NumberOfBytesRead\r
- ); \r
- \r
-\r
-/*\r
- * FUNCTION: Debugger can register for thread termination\r
- * ARGUMENTS: \r
- * TerminationPort = Port on which the debugger likes to be notified.\r
- * RETURNS: Status\r
- */\r
-NTSTATUS\r
-STDCALL \r
-NtRegisterThreadTerminatePort(\r
- HANDLE TerminationPort\r
- );\r
-NTSTATUS\r
-STDCALL \r
-ZwRegisterThreadTerminatePort(\r
- HANDLE TerminationPort\r
- );\r
-\r
-/*\r
- * FUNCTION: Releases a mutant\r
- * ARGUMENTS: \r
- * MutantHandle = Handle to the mutant\r
- * ReleaseCount = \r
- * RETURNS: Status\r
- */\r
-NTSTATUS\r
-STDCALL \r
-NtReleaseMutant(\r
- IN HANDLE MutantHandle,\r
- IN PULONG ReleaseCount OPTIONAL\r
- );\r
-\r
-NTSTATUS\r
-STDCALL \r
-ZwReleaseMutant(\r
- IN HANDLE MutantHandle,\r
- IN PULONG ReleaseCount OPTIONAL\r
- );\r
-\r
-/*\r
- * FUNCTION: Releases a semaphore\r
- * ARGUMENTS: \r
- * SemaphoreHandle = Handle to the semaphore object\r
- * ReleaseCount = Number to decrease the semaphore count\r
- * PreviousCount = Previous semaphore count\r
- * RETURNS: Status\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtReleaseSemaphore(\r
- IN HANDLE SemaphoreHandle,\r
- IN LONG ReleaseCount,\r
- OUT PLONG PreviousCount\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwReleaseSemaphore(\r
- IN HANDLE SemaphoreHandle,\r
- IN LONG ReleaseCount,\r
- OUT PLONG PreviousCount\r
- );\r
-\r
-/*\r
- * FUNCTION: Removes an io completion\r
- * ARGUMENTS:\r
- * CompletionPort (OUT) = Caller supplied storage for the resulting handle\r
- * CompletionKey = Requested access to the key\r
- * IoStatusBlock = Caller provides storage for extended status information\r
- * CompletionStatus = Current status of the io operation.\r
- * WaitTime = Time to wait if ..\r
- * RETURNS: Status\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtRemoveIoCompletion(\r
- IN HANDLE CompletionPort,\r
- OUT PULONG CompletionKey,\r
- OUT PIO_STATUS_BLOCK IoStatusBlock,\r
- OUT PULONG CompletionStatus,\r
- IN PLARGE_INTEGER WaitTime \r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwRemoveIoCompletion(\r
- IN HANDLE CompletionPort,\r
- OUT PULONG CompletionKey,\r
- OUT PIO_STATUS_BLOCK IoStatusBlock,\r
- OUT PULONG CompletionStatus,\r
- IN PLARGE_INTEGER WaitTime \r
- );\r
-/*\r
- * FUNCTION: Replaces one registry key with another\r
- * ARGUMENTS: \r
- * ObjectAttributes = Specifies the attributes of the key\r
- * Key = Handle to the key\r
- * ReplacedObjectAttributes = The function returns the old object attributes\r
- * RETURNS: Status\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtReplaceKey(\r
- IN POBJECT_ATTRIBUTES ObjectAttributes, \r
- IN HANDLE Key,\r
- IN POBJECT_ATTRIBUTES ReplacedObjectAttributes \r
- );\r
-NTSTATUS\r
-STDCALL\r
-ZwReplaceKey(\r
- IN POBJECT_ATTRIBUTES ObjectAttributes, \r
- IN HANDLE Key,\r
- IN POBJECT_ATTRIBUTES ReplacedObjectAttributes \r
- );\r
-\r
-/*\r
- * FUNCTION: Resets a event to a non signaled state \r
- * ARGUMENTS: \r
- * EventHandle = Handle to the event that should be reset\r
- * NumberOfWaitingThreads = The number of threads released.\r
- * RETURNS: Status\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtResetEvent(\r
- HANDLE EventHandle,\r
- PULONG NumberOfWaitingThreads OPTIONAL\r
- );\r
-NTSTATUS\r
-STDCALL\r
-ZwResetEvent(\r
- HANDLE EventHandle,\r
- PULONG NumberOfWaitingThreads OPTIONAL\r
- );\r
-//draft\r
-NTSTATUS\r
-STDCALL\r
-NtRestoreKey(\r
- HANDLE KeyHandle,\r
- HANDLE FileHandle,\r
- ULONG RestoreFlags\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwRestoreKey(\r
- HANDLE KeyHandle,\r
- HANDLE FileHandle,\r
- ULONG RestoreFlags\r
- );\r
-/*\r
- * FUNCTION: Decrements a thread's resume count\r
- * ARGUMENTS: \r
- * ThreadHandle = Handle to the thread that should be resumed\r
- * ResumeCount = The resulting resume count.\r
- * REMARK:\r
- * A thread is resumed if its suspend count is 0. This procedure maps to\r
- * the win32 ResumeThread function. ( documentation about the the suspend count can be found here aswell )\r
- * RETURNS: Status\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtResumeThread(\r
- IN HANDLE ThreadHandle,\r
- OUT PULONG SuspendCount\r
- );\r
-NTSTATUS\r
-STDCALL\r
-ZwResumeThread(\r
- IN HANDLE ThreadHandle,\r
- OUT PULONG SuspendCount\r
- );\r
-/*\r
- * FUNCTION: Writes the content of a registry key to ascii file\r
- * ARGUMENTS: \r
- * KeyHandle = Handle to the key\r
- * FileHandle = Handle of the file\r
- * REMARKS:\r
- This function maps to the Win32 RegSaveKey.\r
- * RETURNS: Status\r
- */\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtSaveKey(\r
- IN HANDLE KeyHandle,\r
- IN HANDLE FileHandle\r
- );\r
-NTSTATUS\r
-STDCALL\r
-ZwSaveKey(\r
- IN HANDLE KeyHandle,\r
- IN HANDLE FileHandle\r
- );\r
-\r
-/*\r
- * FUNCTION: Sets the context of a specified thread.\r
- * ARGUMENTS: \r
- * ThreadHandle = Handle to the thread\r
- * Context = The processor context.\r
- * RETURNS: Status\r
- */\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtSetContextThread(\r
- IN HANDLE ThreadHandle,\r
- IN PCONTEXT Context\r
- );\r
-NTSTATUS\r
-STDCALL\r
-ZwSetContextThread(\r
- IN HANDLE ThreadHandle,\r
- IN PCONTEXT Context\r
- );\r
-\r
-/*\r
- * FUNCTION: Sets the default locale id\r
- * ARGUMENTS:\r
- * UserProfile = Type of locale id\r
- * TRUE: thread locale id\r
- * FALSE: system locale id\r
- * DefaultLocaleId = Locale id\r
- * RETURNS: Status\r
- */\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtSetDefaultLocale(\r
- IN BOOLEAN UserProfile,\r
- IN LCID DefaultLocaleId\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwSetDefaultLocale(\r
- IN BOOLEAN UserProfile,\r
- IN LCID DefaultLocaleId\r
- );\r
-\r
-/*\r
- * FUNCTION: Sets the default hard error port\r
- * ARGUMENTS:\r
- * PortHandle = Handle to the port\r
- * NOTE: The hard error port is used for first change exception handling\r
- * RETURNS: Status\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtSetDefaultHardErrorPort(\r
- IN HANDLE PortHandle\r
- );\r
-NTSTATUS\r
-STDCALL\r
-ZwSetDefaultHardErrorPort(\r
- IN HANDLE PortHandle\r
- );\r
-\r
-/*\r
- * FUNCTION: Sets the extended attributes of a file.\r
- * ARGUMENTS:\r
- * FileHandle = Handle to the file\r
- * IoStatusBlock = Storage for a resulting status and information\r
- * on the current operation.\r
- * EaBuffer = Extended Attributes buffer.\r
- * EaBufferSize = Size of the extended attributes buffer\r
- * RETURNS: Status\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtSetEaFile(\r
- IN HANDLE FileHandle,\r
- IN PIO_STATUS_BLOCK IoStatusBlock,\r
- PVOID EaBuffer,\r
- ULONG EaBufferSize\r
- );\r
-NTSTATUS\r
-STDCALL\r
-ZwSetEaFile(\r
- IN HANDLE FileHandle,\r
- IN PIO_STATUS_BLOCK IoStatusBlock,\r
- PVOID EaBuffer,\r
- ULONG EaBufferSize\r
- );\r
-\r
-//FIXME: should I return the event state ?\r
-\r
-/*\r
- * FUNCTION: Sets the event to a signalled state.\r
- * ARGUMENTS: \r
- * EventHandle = Handle to the event\r
- * NumberOfThreadsReleased = The number of threads released\r
- * REMARK:\r
- * This procedure maps to the win32 SetEvent function. \r
- * RETURNS: Status\r
- */\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtSetEvent(\r
- IN HANDLE EventHandle,\r
- PULONG NumberOfThreadsReleased\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwSetEvent(\r
- IN HANDLE EventHandle,\r
- PULONG NumberOfThreadsReleased\r
- );\r
-\r
-/*\r
- * FUNCTION: Sets the high part of an event pair\r
- * ARGUMENTS: \r
- EventPair = Handle to the event pair\r
- * RETURNS: Status\r
-*/\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtSetHighEventPair(\r
- IN HANDLE EventPairHandle\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwSetHighEventPair(\r
- IN HANDLE EventPairHandle\r
- );\r
-/*\r
- * FUNCTION: Sets the high part of an event pair and wait for the low part\r
- * ARGUMENTS: \r
- EventPair = Handle to the event pair\r
- * RETURNS: Status\r
-*/\r
-NTSTATUS\r
-STDCALL\r
-NtSetHighWaitLowEventPair(\r
- IN HANDLE EventPairHandle\r
- );\r
-NTSTATUS\r
-STDCALL\r
-ZwSetHighWaitLowEventPair(\r
- IN HANDLE EventPairHandle\r
- );\r
-\r
-/*\r
- * FUNCTION: Sets the information of a file object.\r
- * ARGUMENTS: \r
- * FileHandle = Handle to the file object\r
- * IoStatusBlock = Caller supplies storage for extended information \r
- * on the current operation.\r
- * FileInformation = Storage for the new file information\r
- * Lenght = Size of the new file information.\r
- * FileInformationClass = Indicates to a certain information structure\r
- \r
- FileNameInformation FILE_NAME_INFORMATION\r
- FileRenameInformation FILE_RENAME_INFORMATION\r
- FileStreamInformation FILE_STREAM_INFORMATION\r
- * FileCompletionInformation IO_COMPLETION_CONTEXT\r
-\r
- * REMARK:\r
- * This procedure maps to the win32 SetEndOfFile, SetFileAttributes, \r
- * SetNamedPipeHandleState, SetMailslotInfo functions. \r
- * RETURNS: Status\r
- */\r
-\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtSetInformationFile(\r
- IN HANDLE FileHandle,\r
- IN PIO_STATUS_BLOCK IoStatusBlock,\r
- IN PVOID FileInformation,\r
- IN ULONG Length,\r
- IN FILE_INFORMATION_CLASS FileInformationClass\r
- );\r
-NTSTATUS\r
-STDCALL\r
-ZwSetInformationFile(\r
- IN HANDLE FileHandle,\r
- IN PIO_STATUS_BLOCK IoStatusBlock,\r
- IN PVOID FileInformation,\r
- IN ULONG Length,\r
- IN FILE_INFORMATION_CLASS FileInformationClass\r
- );\r
-\r
-/*\r
- * FUNCTION: Changes a set of thread specific parameters\r
- * ARGUMENTS: \r
- * ThreadHandle = Handle to the thread\r
- * ThreadInformationClass = Index to the set of parameters to change. \r
- * Can be one of the following values:\r
- *\r
- * ThreadBasicInformation THREAD_BASIC_INFORMATION\r
- * ThreadPriority KPRIORITY //???\r
- * ThreadBasePriority KPRIORITY\r
- * ThreadAffinityMask KAFFINITY //??\r
- * ThreadImpersonationToken ACCESS_TOKEN\r
- * ThreadIdealProcessor ULONG\r
- * ThreadPriorityBoost ULONG\r
- *\r
- * ThreadInformation = Caller supplies storage for parameters to set.\r
- * ThreadInformationLength = Size of the storage supplied\r
- * RETURNS: Status\r
-*/\r
-NTSTATUS\r
-STDCALL\r
-NtSetInformationThread(\r
- IN HANDLE ThreadHandle,\r
- IN THREADINFOCLASS ThreadInformationClass,\r
- IN PVOID ThreadInformation,\r
- IN ULONG ThreadInformationLength\r
- );\r
-NTSTATUS\r
-STDCALL\r
-ZwSetInformationThread(\r
- IN HANDLE ThreadHandle,\r
- IN THREADINFOCLASS ThreadInformationClass,\r
- IN PVOID ThreadInformation,\r
- IN ULONG ThreadInformationLength\r
- );\r
-\r
-/*\r
- * FUNCTION: Changes a set of token specific parameters\r
- * ARGUMENTS: \r
- * TokenHandle = Handle to the token\r
- * TokenInformationClass = Index to a certain information structure. \r
- * Can be one of the following values:\r
- *\r
- TokenUser TOKEN_USER \r
- TokenGroups TOKEN_GROUPS\r
- TokenPrivileges TOKEN_PRIVILEGES\r
- TokenOwner TOKEN_OWNER\r
- TokenPrimaryGroup TOKEN_PRIMARY_GROUP\r
- TokenDefaultDacl TOKEN_DEFAULT_DACL\r
- TokenSource TOKEN_SOURCE\r
- TokenType TOKEN_TYPE\r
- TokenImpersonationLevel TOKEN_IMPERSONATION_LEVEL\r
- TokenStatistics TOKEN_STATISTICS\r
- *\r
- * TokenInformation = Caller supplies storage for information structure.\r
- * TokenInformationLength = Size of the information structure\r
- * RETURNS: Status\r
-*/\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtSetInformationToken(\r
- IN HANDLE TokenHandle, \r
- IN TOKEN_INFORMATION_CLASS TokenInformationClass,\r
- OUT PVOID TokenInformation, \r
- IN ULONG TokenInformationLength \r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwSetInformationToken(\r
- IN HANDLE TokenHandle, \r
- IN TOKEN_INFORMATION_CLASS TokenInformationClass,\r
- OUT PVOID TokenInformation, \r
- IN ULONG TokenInformationLength \r
- );\r
-\r
-\r
-/*\r
- * FUNCTION: Sets an io completion\r
- * ARGUMENTS: \r
- * CompletionPort = \r
- * CompletionKey = \r
- * IoStatusBlock =\r
- * NumberOfBytesToTransfer =\r
- * NumberOfBytesTransferred =\r
- * RETURNS: Status\r
-*/\r
-NTSTATUS\r
-STDCALL\r
-NtSetIoCompletion(\r
- IN HANDLE CompletionPort,\r
- IN ULONG CompletionKey,\r
- OUT PIO_STATUS_BLOCK IoStatusBlock,\r
- IN ULONG NumberOfBytesToTransfer, \r
- OUT PULONG NumberOfBytesTransferred\r
- );\r
-NTSTATUS\r
-STDCALL\r
-ZwSetIoCompletion(\r
- IN HANDLE CompletionPort,\r
- IN ULONG CompletionKey,\r
- OUT PIO_STATUS_BLOCK IoStatusBlock,\r
- IN ULONG NumberOfBytesToTransfer, \r
- OUT PULONG NumberOfBytesTransferred\r
- );\r
-\r
-/*\r
- * FUNCTION: Set properties for profiling\r
- * ARGUMENTS: \r
- * Interval = \r
- * ClockSource = \r
- * RETURNS: Status\r
- *\r
- */\r
-\r
-NTSTATUS \r
-STDCALL\r
-NtSetIntervalProfile(\r
- ULONG Interval,\r
- KPROFILE_SOURCE ClockSource\r
- );\r
-\r
-NTSTATUS \r
-STDCALL\r
-ZwSetIntervalProfile(\r
- ULONG Interval,\r
- KPROFILE_SOURCE ClockSource\r
- );\r
-\r
-\r
-/*\r
- * FUNCTION: Sets the low part of an event pair\r
- * ARGUMENTS: \r
- EventPair = Handle to the event pair\r
- * RETURNS: Status\r
-*/\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtSetLowEventPair(\r
- HANDLE EventPair\r
- );\r
-NTSTATUS\r
-STDCALL\r
-ZwSetLowEventPair(\r
- HANDLE EventPair\r
- );\r
-/*\r
- * FUNCTION: Sets the low part of an event pair and wait for the high part\r
- * ARGUMENTS: \r
- EventPair = Handle to the event pair\r
- * RETURNS: Status\r
-*/\r
-NTSTATUS\r
-STDCALL\r
-NtSetLowWaitHighEventPair(\r
- HANDLE EventPair\r
- );\r
-NTSTATUS\r
-STDCALL\r
-ZwSetLowWaitHighEventPair(\r
- HANDLE EventPair\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtSetSecurityObject(\r
- IN HANDLE Handle, \r
- IN SECURITY_INFORMATION SecurityInformation, \r
- IN PSECURITY_DESCRIPTOR SecurityDescriptor \r
- ); \r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwSetSecurityObject(\r
- IN HANDLE Handle, \r
- IN SECURITY_INFORMATION SecurityInformation, \r
- IN PSECURITY_DESCRIPTOR SecurityDescriptor \r
- ); \r
-\r
-\r
-/*\r
- * FUNCTION: Sets a system environment variable\r
- * ARGUMENTS: \r
- * ValueName = Name of the environment variable\r
- * Value = Value of the environment variable\r
- * RETURNS: Status\r
-*/\r
-NTSTATUS\r
-STDCALL\r
-NtSetSystemEnvironmentValue(\r
- IN PUNICODE_STRING VariableName,\r
- IN PUNICODE_STRING Value\r
- );\r
-NTSTATUS\r
-STDCALL\r
-ZwSetSystemEnvironmentValue(\r
- IN PUNICODE_STRING VariableName,\r
- IN PUNICODE_STRING Value\r
- );\r
-/*\r
- * FUNCTION: Sets system parameters\r
- * ARGUMENTS: \r
- * SystemInformationClass = Index to a particular set of system parameters\r
- * Can be one of the following values:\r
- *\r
- * SystemTimeAdjustmentInformation SYSTEM_TIME_ADJUSTMENT\r
- *\r
- * SystemInformation = Structure containing the parameters.\r
- * SystemInformationLength = Size of the structure.\r
- * RETURNS: Status\r
-*/\r
-NTSTATUS\r
-STDCALL\r
-NtSetSystemInformation(\r
- IN SYSTEM_INFORMATION_CLASS SystemInformationClass,\r
- IN PVOID SystemInformation,\r
- IN ULONG SystemInformationLength\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwSetSystemInformation(\r
- IN SYSTEM_INFORMATION_CLASS SystemInformationClass,\r
- IN PVOID SystemInformation,\r
- IN ULONG SystemInformationLength\r
- );\r
-\r
-/*\r
- * FUNCTION: Sets the system time\r
- * ARGUMENTS: \r
- * SystemTime = Old System time\r
- * NewSystemTime = New System time\r
- * RETURNS: Status\r
-*/\r
-NTSTATUS\r
-STDCALL\r
-NtSetSystemTime(\r
- IN PLARGE_INTEGER SystemTime,\r
- IN PLARGE_INTEGER NewSystemTime OPTIONAL\r
- );\r
-NTSTATUS\r
-STDCALL\r
-ZwSetSystemTime(\r
- IN PLARGE_INTEGER SystemTime,\r
- IN PLARGE_INTEGER NewSystemTime OPTIONAL\r
- );\r
-\r
-/*\r
- * FUNCTION: Sets the frequency of the system timer\r
- * ARGUMENTS: \r
- * RequestedResolution = \r
- * SetOrUnset = \r
- * ActualResolution = \r
- * RETURNS: Status\r
-*/\r
-NTSTATUS\r
-STDCALL\r
-NtSetTimerResolution(\r
- IN ULONG RequestedResolution,\r
- IN BOOL SetOrUnset,\r
- OUT PULONG ActualResolution\r
- );\r
-NTSTATUS\r
-STDCALL\r
-ZwSetTimerResolution(\r
- IN ULONG RequestedResolution,\r
- IN BOOL SetOrUnset,\r
- OUT PULONG ActualResolution\r
- );\r
-\r
-/*\r
- * FUNCTION: Sets the value of a registry key\r
- * ARGUMENTS: \r
- * KeyHandle = Handle to a registry key\r
- * ValueName = Name of the value entry to change\r
- * TitleIndex = pointer to a structure containing the new volume information\r
- * Type = Type of the registry key. Can be one of the values:\r
- * REG_BINARY Unspecified binary data\r
- * REG_DWORD A 32 bit value\r
- * REG_DWORD_LITTLE_ENDIAN Same as REG_DWORD\r
- * REG_DWORD_BIG_ENDIAN A 32 bit value whose least significant byte is at the highest address\r
- * REG_EXPAND_SZ A zero terminated wide character string with unexpanded environment variables ( "%PATH%" )\r
- * REG_LINK A zero terminated wide character string referring to a symbolic link.\r
- * REG_MULTI_SZ A series of zero-terminated strings including a additional trailing zero\r
- * REG_NONE Unspecified type\r
- * REG_SZ A wide character string ( zero terminated )\r
- * REG_RESOURCE_LIST ??\r
- * REG_RESOURCE_REQUIREMENTS_LIST ??\r
- * REG_FULL_RESOURCE_DESCRIPTOR ??\r
- * Data = Contains the data for the registry key.\r
- * DataSize = size of the data.\r
- * RETURNS: Status\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtSetValueKey(\r
- IN HANDLE KeyHandle,\r
- IN PUNICODE_STRING ValueName,\r
- IN ULONG TitleIndex OPTIONAL,\r
- IN ULONG Type,\r
- IN PVOID Data,\r
- IN ULONG DataSize\r
- );\r
-NTSTATUS\r
-STDCALL\r
-ZwSetValueKey(\r
- IN HANDLE KeyHandle,\r
- IN PUNICODE_STRING ValueName,\r
- IN ULONG TitleIndex OPTIONAL,\r
- IN ULONG Type,\r
- IN PVOID Data,\r
- IN ULONG DataSize\r
- );\r
-\r
-/*\r
- * FUNCTION: Sets the volume information.\r
- * ARGUMENTS:\r
- * FileHandle = Handle to the file\r
- * IoStatusBlock = Caller should supply storage for additional status information\r
- * VolumeInformation = pointer to a structure containing the new volume information\r
- * Length = size of the structure.\r
- * VolumeInformationClass = specifies the particular volume information to set\r
- * RETURNS: Status\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtSetVolumeInformationFile(\r
- IN HANDLE FileHandle,\r
- OUT PIO_STATUS_BLOCK IoStatusBlock,\r
- IN PVOID FsInformation,\r
- IN ULONG Length,\r
- IN FS_INFORMATION_CLASS FsInformationClass\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwSetVolumeInformationFile(\r
- IN HANDLE FileHandle,\r
- OUT PIO_STATUS_BLOCK IoStatusBlock,\r
- IN PVOID FsInformation,\r
- IN ULONG Length,\r
- IN FS_INFORMATION_CLASS FsInformationClass\r
- );\r
-\r
-/*\r
- * FUNCTION: Shuts the system down\r
- * ARGUMENTS:\r
- * Action = Specifies the type of shutdown, it can be one of the following values:\r
- * ShutdownNoReboot, ShutdownReboot, ShutdownPowerOff\r
- * RETURNS: Status\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtShutdownSystem(\r
- IN SHUTDOWN_ACTION Action\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwShutdownSystem(\r
- IN SHUTDOWN_ACTION Action\r
- );\r
-\r
-\r
-/* --- PROFILING --- */\r
-\r
-/*\r
- * FUNCTION: Starts profiling\r
- * ARGUMENTS: \r
- * ProfileHandle = Handle to the profile\r
- * RETURNS: Status\r
- */\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtStartProfile(\r
- HANDLE ProfileHandle\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwStartProfile(\r
- HANDLE ProfileHandle\r
- );\r
-\r
-/*\r
- * FUNCTION: Stops profiling\r
- * ARGUMENTS: \r
- * ProfileHandle = Handle to the profile\r
- * RETURNS: Status \r
- */\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtStopProfile(\r
- HANDLE ProfileHandle\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwStopProfile(\r
- HANDLE ProfileHandle\r
- );\r
-\r
-/* --- PROCESS MANAGEMENT --- */\r
-\r
-//--NtSystemDebugControl\r
-/*\r
- * FUNCTION: Terminates the execution of a process. \r
- * ARGUMENTS: \r
- * ThreadHandle = Handle to the process\r
- * ExitStatus = The exit status of the process to terminate with.\r
- * REMARKS\r
- Native applications should kill themselves using this function.\r
- * RETURNS: Status\r
- */ \r
-NTSTATUS \r
-STDCALL \r
-NtTerminateProcess(\r
- IN HANDLE ProcessHandle ,\r
- IN NTSTATUS ExitStatus\r
- );\r
-NTSTATUS \r
-STDCALL \r
-ZwTerminateProcess(\r
- IN HANDLE ProcessHandle ,\r
- IN NTSTATUS ExitStatus\r
- );\r
-\r
-/* --- DEVICE DRIVER CONTROL --- */\r
-\r
-/*\r
- * FUNCTION: Unloads a driver. \r
- * ARGUMENTS: \r
- * DriverServiceName = Name of the driver to unload\r
- * RETURNS: Status\r
- */ \r
-NTSTATUS \r
-STDCALL\r
-NtUnloadDriver(\r
- IN PUNICODE_STRING DriverServiceName\r
- );\r
-NTSTATUS \r
-STDCALL\r
-ZwUnloadDriver(\r
- IN PUNICODE_STRING DriverServiceName\r
- );\r
-\r
-/* --- VIRTUAL MEMORY MANAGEMENT --- */\r
-\r
-/*\r
- * FUNCTION: Writes a range of virtual memory\r
- * ARGUMENTS: \r
- * ProcessHandle = The handle to the process owning the address space.\r
- * BaseAddress = The points to the address to write to\r
- * Buffer = Pointer to the buffer to write\r
- * NumberOfBytesToWrite = Offset to the upper boundary to write\r
- * NumberOfBytesWritten = Total bytes written\r
- * REMARKS:\r
- * This function maps to the win32 WriteProcessMemory\r
- * RETURNS: Status\r
- */\r
-NTSTATUS\r
-STDCALL \r
-NtWriteVirtualMemory(\r
- IN HANDLE ProcessHandle,\r
- IN PVOID BaseAddress,\r
- IN PVOID Buffer,\r
- IN ULONG NumberOfBytesToWrite,\r
- OUT PULONG NumberOfBytesWritten\r
- );\r
-\r
-NTSTATUS\r
-STDCALL \r
-ZwWriteVirtualMemory(\r
- IN HANDLE ProcessHandle,\r
- IN PVOID BaseAddress,\r
- IN PVOID Buffer,\r
- IN ULONG NumberOfBytesToWrite,\r
- OUT PULONG NumberOfBytesWritten\r
- );\r
-\r
-/*\r
- * FUNCTION: Unmaps a piece of virtual memory backed by a file. \r
- * ARGUMENTS: \r
- * ProcessHandle = Handle to the process\r
- * BaseAddress = The address where the mapping begins\r
- * REMARK:\r
- This procedure maps to the win32 UnMapViewOfFile\r
- * RETURNS: Status\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtUnmapViewOfSection(\r
- IN HANDLE ProcessHandle,\r
- IN PVOID BaseAddress\r
- );\r
-NTSTATUS\r
-STDCALL\r
-ZwUnmapViewOfSection(\r
- IN HANDLE ProcessHandle,\r
- IN PVOID BaseAddress\r
- );\r
-\r
-/* --- OBJECT SYNCHRONIZATION --- */\r
-\r
-/*\r
- * FUNCTION: Signals an object and wait for an other one.\r
- * ARGUMENTS: \r
- * SignalObject = Handle to the object that should be signaled\r
- * WaitObject = Handle to the object that should be waited for\r
- * Alertable = True if the wait is alertable\r
- * Time = The time to wait\r
- * RETURNS: Status\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtSignalAndWaitForSingleObject(\r
- IN HANDLE SignalObject,\r
- IN HANDLE WaitObject,\r
- IN BOOLEAN Alertable,\r
- IN PLARGE_INTEGER Time\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtSignalAndWaitForSingleObject(\r
- IN HANDLE SignalObject,\r
- IN HANDLE WaitObject,\r
- IN BOOLEAN Alertable,\r
- IN PLARGE_INTEGER Time\r
- );\r
-\r
-/*\r
- * FUNCTION: Waits for an object to become signalled.\r
- * ARGUMENTS: \r
- * Object = The object handle\r
- * Alertable = If true the wait is alertable.\r
- * Time = The maximum wait time.\r
- * REMARKS:\r
- * This function maps to the win32 WaitForSingleObjectEx.\r
- * RETURNS: Status\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtWaitForSingleObject (\r
- IN HANDLE Object,\r
- IN BOOLEAN Alertable,\r
- IN PLARGE_INTEGER Time\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwWaitForSingleObject (\r
- IN HANDLE Object,\r
- IN BOOLEAN Alertable,\r
- IN PLARGE_INTEGER Time\r
- );\r
-\r
-/* --- EVENT PAIR OBJECT --- */\r
-\r
-/*\r
- * FUNCTION: Waits for the high part of an eventpair to become signalled\r
- * ARGUMENTS:\r
- * EventPairHandle = Handle to the event pair.\r
- * RETURNS: Status\r
- */\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtWaitHighEventPair(\r
- IN HANDLE EventPairHandle\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwWaitHighEventPair(\r
- IN HANDLE EventPairHandle\r
- );\r
-\r
-/*\r
- * FUNCTION: Waits for the low part of an eventpair to become signalled\r
- * ARGUMENTS:\r
- * EventPairHandle = Handle to the event pair.\r
- * RETURNS: Status\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtWaitLowEventPair(\r
- IN HANDLE EventPairHandle\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwWaitLowEventPair(\r
- IN HANDLE EventPairHandle\r
- );\r
-\r
-/* --- FILE MANAGEMENT --- */\r
-\r
-/*\r
- * FUNCTION: Unlocks a range of bytes in a file. \r
- * ARGUMENTS: \r
- * FileHandle = Handle to the file\r
- * IoStatusBlock = Caller should supply storage for a structure containing\r
- * the completion status and information about the requested unlock operation.\r
- The information field is set to the number of bytes unlocked.\r
- * ByteOffset = Offset to start the range of bytes to unlock \r
- * Length = Number of bytes to unlock.\r
- * Key = Special value to enable other threads to unlock a file than the\r
- thread that locked the file. The key supplied must match with the one obtained\r
- in a previous call to NtLockFile.\r
- * REMARK:\r
- This procedure maps to the win32 procedure UnlockFileEx. STATUS_PENDING is returned if the lock could\r
- not be obtained immediately, the device queue is busy and the IRP is queued.\r
- * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES |\r
- STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_RANGE_NOT_LOCKED ]\r
- */ \r
-NTSTATUS \r
-STDCALL\r
-NtUnlockFile(\r
- IN HANDLE FileHandle,\r
- OUT PIO_STATUS_BLOCK IoStatusBlock,\r
- IN PLARGE_INTEGER ByteOffset,\r
- IN PLARGE_INTEGER Lenght,\r
- OUT PULONG Key OPTIONAL\r
- );\r
-NTSTATUS \r
-STDCALL\r
-ZwUnlockFile(\r
- IN HANDLE FileHandle,\r
- OUT PIO_STATUS_BLOCK IoStatusBlock,\r
- IN PLARGE_INTEGER ByteOffset,\r
- IN PLARGE_INTEGER Lenght,\r
- OUT PULONG Key OPTIONAL\r
- );\r
- \r
-/*\r
- * FUNCTION: Writes data to a file\r
- * ARGUMENTS: \r
- * FileHandle = The handle a file ( from NtCreateFile )\r
- * Event = Specifies a event that will become signalled when the write operation completes.\r
- * ApcRoutine = Asynchroneous Procedure Callback [ Should not be used by device drivers ]\r
- * ApcContext = Argument to the Apc Routine \r
- * IoStatusBlock = Caller should supply storage for a structure containing the completion status and information about the requested write operation.\r
- * Buffer = Caller should supply storage for a buffer that will contain the information to be written to file.\r
- * Length = Size in bytest of the buffer\r
- * ByteOffset = Points to a file offset. If a combination of Length and BytesOfSet is past the end-of-file mark the file will be enlarged.\r
- * BytesOffset is ignored if the file is created with FILE_APPEND_DATA in the DesiredAccess. BytesOffset is also ignored if\r
- * the file is created with CreateOptions flags FILE_SYNCHRONOUS_IO_ALERT or FILE_SYNCHRONOUS_IO_NONALERT set, in that case a offset\r
- * should be created by specifying FILE_USE_FILE_POINTER_POSITION.\r
- * Key = Unused\r
- * REMARKS:\r
- * This function maps to the win32 WriteFile. \r
- * Callers to NtWriteFile should run at IRQL PASSIVE_LEVEL.\r
- * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES\r
- STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_FILE_LOCK_CONFLICT ]\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtWriteFile(\r
- IN HANDLE FileHandle,\r
- IN HANDLE Event OPTIONAL,\r
- IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,\r
- IN PVOID ApcContext OPTIONAL,\r
- OUT PIO_STATUS_BLOCK IoStatusBlock,\r
- IN PVOID Buffer,\r
- IN ULONG Length,\r
- IN PLARGE_INTEGER ByteOffset,\r
- IN PULONG Key OPTIONAL\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwWriteFile(\r
- IN HANDLE FileHandle,\r
- IN HANDLE Event OPTIONAL,\r
- IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,\r
- IN PVOID ApcContext OPTIONAL,\r
- OUT PIO_STATUS_BLOCK IoStatusBlock,\r
- IN PVOID Buffer,\r
- IN ULONG Length,\r
- IN PLARGE_INTEGER ByteOffset ,\r
- IN PULONG Key OPTIONAL\r
- );\r
-\r
-/*\r
- * FUNCTION: Writes a file \r
- * ARGUMENTS: \r
- * FileHandle = The handle of the file \r
- * Event = \r
- * ApcRoutine = Asynchroneous Procedure Callback [ Should not be used by device drivers ]\r
- * ApcContext = Argument to the Apc Routine \r
- * IoStatusBlock = Caller should supply storage for a structure containing the completion status and information about the requested write operation.\r
- * BufferDescription = Caller should supply storage for a buffer that will contain the information to be written to file.\r
- * BufferLength = Size in bytest of the buffer\r
- * ByteOffset = Points to a file offset. If a combination of Length and BytesOfSet is past the end-of-file mark the file will be enlarged.\r
- * BytesOffset is ignored if the file is created with FILE_APPEND_DATA in the DesiredAccess. BytesOffset is also ignored if\r
- * the file is created with CreateOptions flags FILE_SYNCHRONOUS_IO_ALERT or FILE_SYNCHRONOUS_IO_NONALERT set, in that case a offset\r
- * should be created by specifying FILE_USE_FILE_POINTER_POSITION. Use FILE_WRITE_TO_END_OF_FILE to write to the EOF.\r
- * Key = If a matching key [ a key provided at NtLockFile ] is provided the write operation will continue even if a byte range is locked.\r
- * REMARKS:\r
- * This function maps to the win32 WriteFile. \r
- * Callers to NtWriteFile should run at IRQL PASSIVE_LEVEL.\r
- * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES\r
- STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_FILE_LOCK_CONFLICT ]\r
- */\r
-\r
-NTSTATUS\r
-STDCALL \r
-NtWriteFileGather( \r
- IN HANDLE FileHandle, \r
- IN HANDLE Event OPTIONAL, \r
- IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, \r
- IN PVOID ApcContext OPTIONAL, \r
- OUT PIO_STATUS_BLOCK IoStatusBlock,\r
- IN FILE_SEGMENT_ELEMENT BufferDescription[], \r
- IN ULONG BufferLength, \r
- IN PLARGE_INTEGER ByteOffset, \r
- IN PULONG Key OPTIONAL\r
- ); \r
-\r
-NTSTATUS\r
-STDCALL \r
-ZwWriteFileGather( \r
- IN HANDLE FileHandle, \r
- IN HANDLE Event OPTIONAL, \r
- IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, \r
- IN PVOID ApcContext OPTIONAL, \r
- OUT PIO_STATUS_BLOCK IoStatusBlock,\r
- IN FILE_SEGMENT_ELEMENT BufferDescription[], \r
- IN ULONG BufferLength, \r
- IN PLARGE_INTEGER ByteOffset, \r
- IN PULONG Key OPTIONAL\r
- ); \r
-\r
-\r
-/* --- THREAD MANAGEMENT --- */\r
-\r
-/*\r
- * FUNCTION: Increments a thread's resume count\r
- * ARGUMENTS: \r
- * ThreadHandle = Handle to the thread that should be resumed\r
- * PreviousSuspendCount = The resulting/previous suspend count.\r
- * REMARK:\r
- * A thread will be suspended if its suspend count is greater than 0. This procedure maps to\r
- * the win32 SuspendThread function. ( documentation about the the suspend count can be found here aswell )\r
- * The suspend count is not increased if it is greater than MAXIMUM_SUSPEND_COUNT.\r
- * RETURNS: Status\r
- */ \r
-NTSTATUS \r
-STDCALL \r
-NtSuspendThread(\r
- IN HANDLE ThreadHandle,\r
- IN PULONG PreviousSuspendCount \r
- );\r
-\r
-NTSTATUS \r
-STDCALL \r
-ZwSuspendThread(\r
- IN HANDLE ThreadHandle,\r
- IN PULONG PreviousSuspendCount \r
- );\r
-\r
-/*\r
- * FUNCTION: Terminates the execution of a thread. \r
- * ARGUMENTS: \r
- * ThreadHandle = Handle to the thread\r
- * ExitStatus = The exit status of the thread to terminate with.\r
- * RETURNS: Status\r
- */ \r
-NTSTATUS \r
-STDCALL \r
-NtTerminateThread(\r
- IN HANDLE ThreadHandle ,\r
- IN NTSTATUS ExitStatus\r
- );\r
-NTSTATUS \r
-STDCALL \r
-ZwTerminateThread(\r
- IN HANDLE ThreadHandle ,\r
- IN NTSTATUS ExitStatus\r
- );\r
-/*\r
- * FUNCTION: Tests to see if there are any pending alerts for the calling thread \r
- * RETURNS: Status\r
- */ \r
-NTSTATUS \r
-STDCALL \r
-NtTestAlert(\r
- VOID \r
- );\r
-NTSTATUS \r
-STDCALL \r
-ZwTestAlert(\r
- VOID \r
- );\r
-\r
-/*\r
- * FUNCTION: Yields the callers thread.\r
- * RETURNS: Status\r
- */\r
-NTSTATUS\r
-STDCALL \r
-NtYieldExecution(\r
- VOID\r
- );\r
-\r
-NTSTATUS\r
-STDCALL \r
-ZwYieldExecution(\r
- VOID\r
- );\r
-\r
-/* --- PLUG AND PLAY --- */\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtPlugPlayControl (\r
- VOID\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtGetPlugPlayEvent (\r
- VOID\r
- );\r
-\r
-/* --- POWER MANAGEMENT --- */\r
-\r
-NTSTATUS STDCALL \r
-NtSetSystemPowerState(IN POWER_ACTION SystemAction,\r
- IN SYSTEM_POWER_STATE MinSystemState,\r
- IN ULONG Flags);\r
-\r
-/* --- DEBUG SUBSYSTEM --- */\r
-\r
-NTSTATUS STDCALL \r
-NtSystemDebugControl(DEBUG_CONTROL_CODE ControlCode,\r
- PVOID InputBuffer,\r
- ULONG InputBufferLength,\r
- PVOID OutputBuffer,\r
- ULONG OutputBufferLength,\r
- PULONG ReturnLength);\r
-\r
-/* --- VIRTUAL DOS MACHINE (VDM) --- */\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtVdmControl (ULONG ControlCode, PVOID ControlData);\r
-\r
-\r
-/* --- WIN32 --- */\r
-\r
-NTSTATUS STDCALL\r
-NtW32Call(IN ULONG RoutineIndex,\r
- IN PVOID Argument,\r
- IN ULONG ArgumentLength,\r
- OUT PVOID* Result OPTIONAL,\r
- OUT PULONG ResultLength OPTIONAL);\r
-\r
-/* --- CHANNELS --- */\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtCreateChannel (\r
- VOID\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtListenChannel (\r
- VOID\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtOpenChannel (\r
- VOID\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtReplyWaitSendChannel (\r
- VOID\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtSendWaitReplyChannel (\r
- VOID\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtSetContextChannel (\r
- VOID\r
- );\r
-\r
-/* --- MISCELLANEA --- */\r
-\r
-//NTSTATUS STDCALL NtSetLdtEntries(VOID);\r
-NTSTATUS\r
-STDCALL\r
-NtSetLdtEntries (\r
- HANDLE Thread,\r
- ULONG FirstEntry,\r
- PULONG Entries\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtQueryOleDirectoryFile (\r
- VOID\r
- );\r
-\r
-/*\r
- * FUNCTION: Checks a clients access rights to a object\r
- * ARGUMENTS: \r
- * SecurityDescriptor = Security information against which the access is checked\r
- * ClientToken = Represents a client\r
- * DesiredAcces = \r
- * GenericMapping =\r
- * PrivilegeSet =\r
- * ReturnLength = Bytes written\r
- * GrantedAccess = \r
- * AccessStatus = Indicates if the ClientToken allows the requested access\r
- * REMARKS: The arguments map to the win32 AccessCheck \r
- * RETURNS: Status\r
- */\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtAccessCheck(\r
- IN PSECURITY_DESCRIPTOR SecurityDescriptor,\r
- IN HANDLE ClientToken,\r
- IN ACCESS_MASK DesiredAcces,\r
- IN PGENERIC_MAPPING GenericMapping,\r
- OUT PPRIVILEGE_SET PrivilegeSet,\r
- OUT PULONG ReturnLength,\r
- OUT PULONG GrantedAccess,\r
- OUT PBOOLEAN AccessStatus\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwAccessCheck(\r
- IN PSECURITY_DESCRIPTOR SecurityDescriptor,\r
- IN HANDLE ClientToken,\r
- IN ACCESS_MASK DesiredAcces,\r
- IN PGENERIC_MAPPING GenericMapping,\r
- OUT PPRIVILEGE_SET PrivilegeSet,\r
- OUT PULONG ReturnLength,\r
- OUT PULONG GrantedAccess,\r
- OUT PBOOLEAN AccessStatus\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-RtlOpenCurrentUser(\r
- IN ACCESS_MASK DesiredAccess,\r
- OUT PHANDLE KeyHandle);\r
-\r
-\r
-#ifndef __USE_W32API\r
-\r
-/*\r
- * FUNCTION: Continues a thread with the specified context\r
- * ARGUMENTS: \r
- * Context = Specifies the processor context\r
- * IrqLevel = Specifies the Interupt Request Level to continue with. Can\r
- * be PASSIVE_LEVEL or APC_LEVEL\r
- * REMARKS\r
- * NtContinue can be used to continue after an exception or apc.\r
- * RETURNS: Status\r
- */\r
-//FIXME This function might need another parameter\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtContinue(\r
- IN PCONTEXT Context,\r
- IN BOOLEAN TestAlert\r
- );\r
-\r
-NTSTATUS STDCALL ZwContinue(IN PCONTEXT Context, IN CINT IrqLevel);\r
-\r
-/*\r
- * FUNCTION: Retrieves the system time\r
- * ARGUMENTS: \r
- * CurrentTime (OUT) = Caller should supply storage for the resulting time.\r
- * RETURNS: Status\r
- *\r
-*/\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtQuerySystemTime (\r
- OUT TIME *CurrentTime\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwQuerySystemTime (\r
- OUT TIME *CurrentTime\r
- );\r
-\r
-/*\r
- * FUNCTION: Loads a registry key.\r
- * ARGUMENTS:\r
- * KeyHandle = Handle to the registry key\r
- * ObjectAttributes = ???\r
- * Unknown3 = ???\r
- * REMARK:\r
- * This procedure maps to the win32 procedure RegLoadKey\r
- * RETURNS: Status\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtLoadKey2 (\r
- PHANDLE KeyHandle,\r
- POBJECT_ATTRIBUTES ObjectAttributes,\r
- ULONG Unknown3\r
- );\r
-NTSTATUS\r
-STDCALL\r
-ZwLoadKey2 (\r
- PHANDLE KeyHandle,\r
- POBJECT_ATTRIBUTES ObjectAttributes,\r
- ULONG Unknown3\r
- );\r
-\r
-/*\r
- * FUNCTION: Copies a handle from one process space to another\r
- * ARGUMENTS:\r
- * SourceProcessHandle = The source process owning the handle. The source process should have opened\r
- * the SourceHandle with PROCESS_DUP_HANDLE access.\r
- * SourceHandle = The handle to the object.\r
- * TargetProcessHandle = The destination process owning the handle \r
- * TargetHandle (OUT) = Caller should supply storage for the duplicated handle. \r
- * DesiredAccess = The desired access to the handle.\r
- * InheritHandle = Indicates wheter the new handle will be inheritable or not.\r
- * Options = Specifies special actions upon duplicating the handle. Can be\r
- * one of the values DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS.\r
- * DUPLICATE_CLOSE_SOURCE specifies that the source handle should be\r
- * closed after duplicating. DUPLICATE_SAME_ACCESS specifies to ignore\r
- * the DesiredAccess paramter and just grant the same access to the new\r
- * handle.\r
- * RETURNS: Status\r
- * REMARKS: This function maps to the win32 DuplicateHandle.\r
- */\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtDuplicateObject(\r
- IN HANDLE SourceProcessHandle,\r
- IN HANDLE SourceHandle,\r
- IN HANDLE TargetProcessHandle,\r
- OUT PHANDLE TargetHandle,\r
- IN ACCESS_MASK DesiredAccess,\r
- IN BOOLEAN InheritHandle,\r
- IN ULONG Options\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwDuplicateObject(\r
- IN HANDLE SourceProcessHandle,\r
- IN PHANDLE SourceHandle,\r
- IN HANDLE TargetProcessHandle,\r
- OUT PHANDLE TargetHandle,\r
- IN ACCESS_MASK DesiredAccess,\r
- IN BOOLEAN InheritHandle,\r
- IN ULONG Options\r
- );\r
-\r
-/*\r
- * FUNCTION: Checks a clients access rights to a object and issues a audit a alarm. ( it logs the access )\r
- * ARGUMENTS: \r
- * SubsystemName = Specifies the name of the subsystem, can be "WIN32" or "DEBUG"\r
- * ObjectHandle =\r
- * ObjectAttributes =\r
- * DesiredAcces = \r
- * GenericMapping =\r
- * ObjectCreation = \r
- * GrantedAccess = \r
- * AccessStatus =\r
- * GenerateOnClose =\r
- * REMARKS: The arguments map to the win32 AccessCheck \r
- * RETURNS: Status\r
- */\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtAccessCheckAndAuditAlarm(\r
- IN PUNICODE_STRING SubsystemName,\r
- IN PHANDLE ObjectHandle,\r
- IN POBJECT_ATTRIBUTES ObjectAttributes,\r
- IN ACCESS_MASK DesiredAccess,\r
- IN PGENERIC_MAPPING GenericMapping,\r
- IN BOOLEAN ObjectCreation,\r
- OUT PULONG GrantedAccess,\r
- OUT PBOOLEAN AccessStatus,\r
- OUT PBOOLEAN GenerateOnClose\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwAccessCheckAndAuditAlarm(\r
- IN PUNICODE_STRING SubsystemName,\r
- IN PHANDLE ObjectHandle,\r
- IN POBJECT_ATTRIBUTES ObjectAttributes,\r
- IN ACCESS_MASK DesiredAccess,\r
- IN PGENERIC_MAPPING GenericMapping,\r
- IN BOOLEAN ObjectCreation,\r
- OUT PULONG GrantedAccess,\r
- OUT PBOOLEAN AccessStatus,\r
- OUT PBOOLEAN GenerateOnClose\r
- );\r
-\r
-/*\r
- * FUNCTION: Adds an atom to the global atom table\r
- * ARGUMENTS:\r
- * AtomString = The string to add to the atom table.\r
- * Atom (OUT) = Caller supplies storage for the resulting atom.\r
- * REMARKS: The arguments map to the win32 add GlobalAddAtom.\r
- * RETURNS: Status\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtAddAtom(\r
- IN PWSTR AtomName,\r
- IN OUT PRTL_ATOM Atom\r
- );\r
-\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwAddAtom(\r
- IN PWSTR AtomName,\r
- IN OUT PRTL_ATOM Atom\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtAllocateUuids(\r
- PULARGE_INTEGER Time,\r
- PULONG Range,\r
- PULONG Sequence\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwAllocateUuids(\r
- PULARGE_INTEGER Time,\r
- PULONG Range,\r
- PULONG Sequence\r
- );\r
-\r
-/*\r
- * FUNCTION: Cancels a timer\r
- * ARGUMENTS: \r
- * TimerHandle = Handle to the timer\r
- * CurrentState = Specifies the state of the timer when cancelled.\r
- * REMARKS:\r
- * The arguments to this function map to the function CancelWaitableTimer. \r
- * RETURNS: Status\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtCancelTimer(\r
- IN HANDLE TimerHandle,\r
- OUT PBOOLEAN CurrentState OPTIONAL\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwCancelTimer(\r
- IN HANDLE TimerHandle,\r
- OUT ULONG ElapsedTime\r
- );\r
-\r
-/*\r
- * FUNCTION: Creates a paging file.\r
- * ARGUMENTS:\r
- * FileName = Name of the pagefile\r
- * InitialSize = Specifies the initial size in bytes\r
- * MaximumSize = Specifies the maximum size in bytes\r
- * Reserved = Reserved for future use\r
- * RETURNS: Status\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtCreatePagingFile(\r
- IN PUNICODE_STRING FileName,\r
- IN PLARGE_INTEGER InitialSize,\r
- IN PLARGE_INTEGER MaxiumSize,\r
- IN ULONG Reserved\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwCreatePagingFile(\r
- IN PUNICODE_STRING FileName,\r
- IN PLARGE_INTEGER InitialSize,\r
- IN PLARGE_INTEGER MaxiumSize,\r
- IN ULONG Reserved\r
- );\r
-\r
-/*\r
- * FUNCTION: Creates a user mode thread\r
- * ARGUMENTS:\r
- * ThreadHandle (OUT) = Caller supplied storage for the resulting handle\r
- * DesiredAccess = Specifies the allowed or desired access to the thread. \r
- * ObjectAttributes = Initialized attributes for the object.\r
- * ProcessHandle = Handle to the threads parent process.\r
- * ClientId (OUT) = Caller supplies storage for returned process id and thread id.\r
- * ThreadContext = Initial processor context for the thread.\r
- * InitialTeb = Initial user mode stack context for the thread.\r
- * CreateSuspended = Specifies if the thread is ready for scheduling\r
- * REMARKS:\r
- * This function maps to the win32 function CreateThread. \r
- * RETURNS: Status\r
- */\r
-NTSTATUS\r
-STDCALL \r
-NtCreateThread(\r
- OUT PHANDLE ThreadHandle,\r
- IN ACCESS_MASK DesiredAccess,\r
- IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,\r
- IN HANDLE ProcessHandle,\r
- OUT PCLIENT_ID ClientId,\r
- IN PCONTEXT ThreadContext,\r
- IN PINITIAL_TEB InitialTeb,\r
- IN BOOLEAN CreateSuspended\r
- );\r
-\r
-NTSTATUS\r
-STDCALL \r
-ZwCreateThread(\r
- OUT PHANDLE ThreadHandle,\r
- IN ACCESS_MASK DesiredAccess,\r
- IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,\r
- IN HANDLE ProcessHandle,\r
- OUT PCLIENT_ID ClientId,\r
- IN PCONTEXT ThreadContext,\r
- IN PINITIAL_TEB InitialTeb,\r
- IN BOOLEAN CreateSuspended\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtDuplicateToken( \r
- IN HANDLE ExistingToken, \r
- IN ACCESS_MASK DesiredAccess, \r
- IN POBJECT_ATTRIBUTES ObjectAttributes,\r
- IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,\r
- IN TOKEN_TYPE TokenType, \r
- OUT PHANDLE NewToken \r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwDuplicateToken( \r
- IN HANDLE ExistingToken, \r
- IN ACCESS_MASK DesiredAccess, \r
- IN POBJECT_ATTRIBUTES ObjectAttributes,\r
- IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,\r
- IN TOKEN_TYPE TokenType, \r
- OUT PHANDLE NewToken \r
- );\r
-\r
-/*\r
- * FUNCTION: Finds a atom\r
- * ARGUMENTS:\r
- * AtomName = Name to search for.\r
- * Atom = Caller supplies storage for the resulting atom\r
- * RETURNS: Status \r
- * REMARKS:\r
- * This funciton maps to the win32 GlobalFindAtom\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtFindAtom(\r
- IN PWSTR AtomName,\r
- OUT PRTL_ATOM Atom OPTIONAL\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwFindAtom(\r
- IN PWSTR AtomName,\r
- OUT PRTL_ATOM Atom OPTIONAL\r
- );\r
-\r
-/*\r
- * FUNCTION: Flushes a the processors instruction cache\r
- * ARGUMENTS:\r
- * ProcessHandle = Points to the process owning the cache\r
- * BaseAddress = // might this be a image address ????\r
- * NumberOfBytesToFlush = \r
- * RETURNS: Status \r
- * REMARKS:\r
- * This funciton is used by debuggers\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtFlushInstructionCache(\r
- IN HANDLE ProcessHandle,\r
- IN PVOID BaseAddress,\r
- IN UINT NumberOfBytesToFlush\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwFlushInstructionCache(\r
- IN HANDLE ProcessHandle,\r
- IN PVOID BaseAddress,\r
- IN UINT NumberOfBytesToFlush\r
- );\r
-\r
-/*\r
- * FUNCTION: Flushes virtual memory to file\r
- * ARGUMENTS:\r
- * ProcessHandle = Points to the process that allocated the virtual memory\r
- * BaseAddress = Points to the memory address\r
- * NumberOfBytesToFlush = Limits the range to flush,\r
- * NumberOfBytesFlushed = Actual number of bytes flushed\r
- * RETURNS: Status \r
- * REMARKS:\r
- * Check return status on STATUS_NOT_MAPPED_DATA \r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtFlushVirtualMemory(\r
- IN HANDLE ProcessHandle,\r
- IN PVOID BaseAddress,\r
- IN ULONG NumberOfBytesToFlush,\r
- OUT PULONG NumberOfBytesFlushed OPTIONAL\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwFlushVirtualMemory(\r
- IN HANDLE ProcessHandle,\r
- IN PVOID BaseAddress,\r
- IN ULONG NumberOfBytesToFlush,\r
- OUT PULONG NumberOfBytesFlushed OPTIONAL\r
- );\r
-\r
-/*\r
- * FUNCTION: Retrieves the uptime of the system\r
- * ARGUMENTS:\r
- * UpTime = Number of clock ticks since boot.\r
- * RETURNS: Status \r
- */\r
-NTSTATUS\r
-STDCALL \r
-NtGetTickCount(\r
- PULONG UpTime\r
- );\r
-\r
-NTSTATUS\r
-STDCALL \r
-ZwGetTickCount(\r
- PULONG UpTime\r
- );\r
-\r
-/*\r
- * FUNCTION: Loads a registry key.\r
- * ARGUMENTS:\r
- * KeyHandle = Handle to the registry key\r
- * ObjectAttributes = ???\r
- * REMARK:\r
- * This procedure maps to the win32 procedure RegLoadKey\r
- * RETURNS: Status\r
- */\r
-NTSTATUS\r
-STDCALL \r
-NtLoadKey(\r
- PHANDLE KeyHandle,\r
- POBJECT_ATTRIBUTES ObjectAttributes\r
- );\r
-\r
-NTSTATUS\r
-STDCALL \r
-ZwLoadKey(\r
- PHANDLE KeyHandle,\r
- POBJECT_ATTRIBUTES ObjectAttributes\r
- );\r
-\r
-/*\r
- * FUNCTION: Locks a range of virtual memory. \r
- * ARGUMENTS: \r
- * ProcessHandle = Handle to the process\r
- * BaseAddress = Lower boundary of the range of bytes to lock. \r
- * NumberOfBytesLock = Offset to the upper boundary.\r
- * NumberOfBytesLocked (OUT) = Number of bytes actually locked.\r
- * REMARK:\r
- This procedure maps to the win32 procedure VirtualLock \r
- * RETURNS: Status [STATUS_SUCCESS | STATUS_WAS_LOCKED ]\r
- */ \r
-NTSTATUS\r
-STDCALL \r
-NtLockVirtualMemory(\r
- HANDLE ProcessHandle,\r
- PVOID BaseAddress,\r
- ULONG NumberOfBytesToLock,\r
- PULONG NumberOfBytesLocked\r
- );\r
-\r
-NTSTATUS\r
-STDCALL \r
-ZwLockVirtualMemory(\r
- HANDLE ProcessHandle,\r
- PVOID BaseAddress,\r
- ULONG NumberOfBytesToLock,\r
- PULONG NumberOfBytesLocked\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtOpenObjectAuditAlarm(\r
- IN PUNICODE_STRING SubsystemName, \r
- IN PVOID HandleId, \r
- IN POBJECT_ATTRIBUTES ObjectAttributes,\r
- IN HANDLE ClientToken, \r
- IN ULONG DesiredAccess, \r
- IN ULONG GrantedAccess, \r
- IN PPRIVILEGE_SET Privileges,\r
- IN BOOLEAN ObjectCreation, \r
- IN BOOLEAN AccessGranted, \r
- OUT PBOOLEAN GenerateOnClose \r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwOpenObjectAuditAlarm(\r
- IN PUNICODE_STRING SubsystemName, \r
- IN PVOID HandleId, \r
- IN POBJECT_ATTRIBUTES ObjectAttributes,\r
- IN HANDLE ClientToken, \r
- IN ULONG DesiredAccess, \r
- IN ULONG GrantedAccess, \r
- IN PPRIVILEGE_SET Privileges,\r
- IN BOOLEAN ObjectCreation, \r
- IN BOOLEAN AccessGranted, \r
- OUT PBOOLEAN GenerateOnClose \r
- );\r
-\r
-/*\r
- * FUNCTION: Set the access protection of a range of virtual memory\r
- * ARGUMENTS:\r
- * ProcessHandle = Handle to process owning the virtual address space\r
- * BaseAddress = Start address\r
- * NumberOfBytesToProtect = Delimits the range of virtual memory\r
- * for which the new access protection holds\r
- * NewAccessProtection = The new access proctection for the pages\r
- * OldAccessProtection = Caller should supply storage for the old \r
- * access protection\r
- *\r
- * REMARKS:\r
- * The function maps to the win32 VirtualProtectEx\r
- * RETURNS: Status\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtProtectVirtualMemory(\r
- IN HANDLE ProcessHandle,\r
- IN PVOID BaseAddress,\r
- IN ULONG NumberOfBytesToProtect,\r
- IN ULONG NewAccessProtection,\r
- OUT PULONG OldAccessProtection\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwProtectVirtualMemory(\r
- IN HANDLE ProcessHandle,\r
- IN PVOID BaseAddress,\r
- IN ULONG NumberOfBytesToProtect,\r
- IN ULONG NewAccessProtection,\r
- OUT PULONG OldAccessProtection\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtQueryInformationAtom(\r
- IN RTL_ATOM Atom,\r
- IN ATOM_INFORMATION_CLASS AtomInformationClass,\r
- OUT PVOID AtomInformation,\r
- IN ULONG AtomInformationLength,\r
- OUT PULONG ReturnLength OPTIONAL\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwQueryInformationAtom(\r
- IN RTL_ATOM Atom,\r
- IN ATOM_INFORMATION_CLASS AtomInformationClass,\r
- OUT PVOID AtomInformation,\r
- IN ULONG AtomInformationLength,\r
- OUT PULONG ReturnLength OPTIONAL\r
- );\r
-\r
-/*\r
- * FUNCTION: Query information about the content of a directory object\r
- * ARGUMENTS:\r
- DirObjInformation = Buffer must be large enough to hold the name strings too\r
- GetNextIndex = If TRUE :return the index of the next object in this directory in ObjectIndex\r
- If FALSE: return the number of objects in this directory in ObjectIndex\r
- IgnoreInputIndex= If TRUE: ignore input value of ObjectIndex always start at index 0\r
- If FALSE use input value of ObjectIndex\r
- ObjectIndex = zero based index of object in the directory depends on GetNextIndex and IgnoreInputIndex\r
- DataWritten = Actual size of the ObjectIndex ???\r
- * RETURNS: Status\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtQueryDirectoryObject(\r
- IN HANDLE DirObjHandle,\r
- OUT POBJDIR_INFORMATION DirObjInformation,\r
- IN ULONG BufferLength,\r
- IN BOOLEAN GetNextIndex,\r
- IN BOOLEAN IgnoreInputIndex,\r
- IN OUT PULONG ObjectIndex,\r
- OUT PULONG DataWritten OPTIONAL\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwQueryDirectoryObject(\r
- IN HANDLE DirObjHandle,\r
- OUT POBJDIR_INFORMATION DirObjInformation,\r
- IN ULONG BufferLength,\r
- IN BOOLEAN GetNextIndex,\r
- IN BOOLEAN IgnoreInputIndex,\r
- IN OUT PULONG ObjectIndex,\r
- OUT PULONG DataWritten OPTIONAL\r
- );\r
-\r
-/*\r
- * FUNCTION: Queries the information of a process object.\r
- * ARGUMENTS: \r
- * ProcessHandle = Handle to the process object\r
- * ProcessInformation = Index to a certain information structure\r
-\r
- ProcessBasicInformation PROCESS_BASIC_INFORMATION\r
- ProcessQuotaLimits QUOTA_LIMITS\r
- ProcessIoCounters IO_COUNTERS\r
- ProcessVmCounters VM_COUNTERS\r
- ProcessTimes KERNEL_USER_TIMES\r
- ProcessBasePriority KPRIORITY\r
- ProcessRaisePriority KPRIORITY\r
- ProcessDebugPort HANDLE\r
- ProcessExceptionPort HANDLE \r
- ProcessAccessToken PROCESS_ACCESS_TOKEN\r
- ProcessLdtInformation LDT_ENTRY ??\r
- ProcessLdtSize ULONG\r
- ProcessDefaultHardErrorMode ULONG\r
- ProcessIoPortHandlers // kernel mode only\r
- ProcessPooledUsageAndLimits POOLED_USAGE_AND_LIMITS\r
- ProcessWorkingSetWatch PROCESS_WS_WATCH_INFORMATION \r
- ProcessUserModeIOPL (I/O Privilege Level)\r
- ProcessEnableAlignmentFaultFixup BOOLEAN \r
- ProcessPriorityClass ULONG\r
- ProcessWx86Information ULONG \r
- ProcessHandleCount ULONG\r
- ProcessAffinityMask ULONG \r
- ProcessPooledQuotaLimits QUOTA_LIMITS\r
- MaxProcessInfoClass \r
-\r
- * ProcessInformation = Caller supplies storage for the process information structure\r
- * ProcessInformationLength = Size of the process information structure\r
- * ReturnLength = Actual number of bytes written\r
- \r
- * REMARK:\r
- * This procedure maps to the win32 GetProcessTimes, GetProcessVersion,\r
- GetProcessWorkingSetSize, GetProcessPriorityBoost, GetProcessAffinityMask, GetPriorityClass,\r
- GetProcessShutdownParameters functions. \r
- * RETURNS: Status\r
-*/\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtQueryInformationProcess(\r
- IN HANDLE ProcessHandle,\r
- IN CINT ProcessInformationClass,\r
- OUT PVOID ProcessInformation,\r
- IN ULONG ProcessInformationLength,\r
- OUT PULONG ReturnLength \r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwQueryInformationProcess(\r
- IN HANDLE ProcessHandle,\r
- IN CINT ProcessInformationClass,\r
- OUT PVOID ProcessInformation,\r
- IN ULONG ProcessInformationLength,\r
- OUT PULONG ReturnLength \r
- );\r
-\r
-/*\r
- * FUNCTION: Query the interval and the clocksource for profiling\r
- * ARGUMENTS:\r
- Interval = \r
- ClockSource = \r
- * RETURNS: Status\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtQueryIntervalProfile(\r
- OUT PULONG Interval,\r
- OUT KPROFILE_SOURCE ClockSource\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwQueryIntervalProfile(\r
- OUT PULONG Interval,\r
- OUT KPROFILE_SOURCE ClockSource\r
- );\r
-\r
-/*\r
- * FUNCTION: Queries the information of a object.\r
- * ARGUMENTS: \r
- ObjectHandle = Handle to a object\r
- ObjectInformationClass = Index to a certain information structure\r
-\r
- ObjectBasicInformation \r
- ObjectTypeInformation OBJECT_TYPE_INFORMATION \r
- ObjectNameInformation OBJECT_NAME_INFORMATION\r
- ObjectDataInformation OBJECT_DATA_INFORMATION\r
-\r
- ObjectInformation = Caller supplies storage for resulting information\r
- Length = Size of the supplied storage \r
- ResultLength = Bytes written\r
- */\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtQueryObject(\r
- IN HANDLE ObjectHandle,\r
- IN CINT ObjectInformationClass,\r
- OUT PVOID ObjectInformation,\r
- IN ULONG Length,\r
- OUT PULONG ResultLength\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwQueryObject(\r
- IN HANDLE ObjectHandle,\r
- IN CINT ObjectInformationClass,\r
- OUT PVOID ObjectInformation,\r
- IN ULONG Length,\r
- OUT PULONG ResultLength\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtQuerySecurityObject(\r
- IN HANDLE Object,\r
- IN CINT SecurityObjectInformationClass,\r
- OUT PVOID SecurityObjectInformation,\r
- IN ULONG Length,\r
- OUT PULONG ReturnLength\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwQuerySecurityObject(\r
- IN HANDLE Object,\r
- IN CINT SecurityObjectInformationClass,\r
- OUT PVOID SecurityObjectInformation,\r
- IN ULONG Length,\r
- OUT PULONG ReturnLength\r
- );\r
-\r
-/*\r
- * FUNCTION: Queries the virtual memory information.\r
- * ARGUMENTS: \r
- ProcessHandle = Process owning the virtual address space\r
- BaseAddress = Points to the page where the information is queried for. \r
- * VirtualMemoryInformationClass = Index to a certain information structure\r
-\r
- MemoryBasicInformation MEMORY_BASIC_INFORMATION\r
-\r
- * VirtualMemoryInformation = caller supplies storage for the information structure\r
- * Length = size of the structure\r
- ResultLength = Data written\r
- * RETURNS: Status\r
- *\r
-*/\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtQueryVirtualMemory(\r
- IN HANDLE ProcessHandle,\r
- IN PVOID Address,\r
- IN IN CINT VirtualMemoryInformationClass,\r
- OUT PVOID VirtualMemoryInformation,\r
- IN ULONG Length,\r
- OUT PULONG ResultLength\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwQueryVirtualMemory(\r
- IN HANDLE ProcessHandle,\r
- IN PVOID Address,\r
- IN IN CINT VirtualMemoryInformationClass,\r
- OUT PVOID VirtualMemoryInformation,\r
- IN ULONG Length,\r
- OUT PULONG ResultLength\r
- );\r
-\r
-/*\r
- * FUNCTION: Raises a hard error (stops the system)\r
- * ARGUMENTS:\r
- * Status = Status code of the hard error\r
- * Unknown2 = ??\r
- * Unknown3 = ??\r
- * Unknown4 = ??\r
- * Unknown5 = ??\r
- * Unknown6 = ??\r
- * RETURNS: Status\r
- *\r
- */\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtRaiseHardError(\r
- IN NTSTATUS Status,\r
- ULONG Unknown2,\r
- ULONG Unknown3,\r
- ULONG Unknown4,\r
- ULONG Unknown5,\r
- ULONG Unknown6\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwRaiseHardError(\r
- IN NTSTATUS Status,\r
- ULONG Unknown2,\r
- ULONG Unknown3,\r
- ULONG Unknown4,\r
- ULONG Unknown5,\r
- ULONG Unknown6\r
- );\r
-\r
-/*\r
- * FUNCTION: Sets the information of a registry key.\r
- * ARGUMENTS: \r
- * KeyHandle = Handle to the registry key\r
- * KeyInformationClass = Index to the a certain information structure.\r
- Can be one of the following values:\r
-\r
- * KeyWriteTimeInformation KEY_WRITE_TIME_INFORMATION\r
-\r
- KeyInformation = Storage for the new information\r
- * KeyInformationLength = Size of the information strucure\r
- * RETURNS: Status\r
- */\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtSetInformationKey(\r
- IN HANDLE KeyHandle,\r
- IN CINT KeyInformationClass,\r
- IN PVOID KeyInformation,\r
- IN ULONG KeyInformationLength\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwSetInformationKey(\r
- IN HANDLE KeyHandle,\r
- IN CINT KeyInformationClass,\r
- IN PVOID KeyInformation,\r
- IN ULONG KeyInformationLength\r
- );\r
-\r
-/*\r
- * FUNCTION: Changes a set of object specific parameters\r
- * ARGUMENTS: \r
- * ObjectHandle = \r
- * ObjectInformationClass = Index to the set of parameters to change. \r
-\r
- \r
- ObjectBasicInformation \r
- ObjectTypeInformation OBJECT_TYPE_INFORMATION \r
- ObjectAllInformation \r
- ObjectDataInformation OBJECT_DATA_INFORMATION\r
- ObjectNameInformation OBJECT_NAME_INFORMATION \r
-\r
-\r
- * ObjectInformation = Caller supplies storage for parameters to set.\r
- * Length = Size of the storage supplied\r
- * RETURNS: Status\r
-*/\r
-NTSTATUS\r
-STDCALL\r
-NtSetInformationObject(\r
- IN HANDLE ObjectHandle,\r
- IN CINT ObjectInformationClass,\r
- IN PVOID ObjectInformation,\r
- IN ULONG Length \r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwSetInformationObject(\r
- IN HANDLE ObjectHandle,\r
- IN CINT ObjectInformationClass,\r
- IN PVOID ObjectInformation,\r
- IN ULONG Length \r
- );\r
-\r
-/*\r
- * FUNCTION: Changes a set of process specific parameters\r
- * ARGUMENTS: \r
- * ProcessHandle = Handle to the process\r
- * ProcessInformationClass = Index to a information structure. \r
- *\r
- * ProcessBasicInformation PROCESS_BASIC_INFORMATION\r
- * ProcessQuotaLimits QUOTA_LIMITS\r
- * ProcessBasePriority KPRIORITY\r
- * ProcessRaisePriority KPRIORITY \r
- * ProcessDebugPort HANDLE\r
- * ProcessExceptionPort HANDLE \r
- * ProcessAccessToken PROCESS_ACCESS_TOKEN \r
- * ProcessDefaultHardErrorMode ULONG\r
- * ProcessPriorityClass ULONG\r
- * ProcessAffinityMask KAFFINITY //??\r
- *\r
- * ProcessInformation = Caller supplies storage for information to set.\r
- * ProcessInformationLength = Size of the information structure\r
- * RETURNS: Status\r
-*/\r
-NTSTATUS\r
-STDCALL\r
-NtSetInformationProcess(\r
- IN HANDLE ProcessHandle,\r
- IN CINT ProcessInformationClass,\r
- IN PVOID ProcessInformation,\r
- IN ULONG ProcessInformationLength\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwSetInformationProcess(\r
- IN HANDLE ProcessHandle,\r
- IN CINT ProcessInformationClass,\r
- IN PVOID ProcessInformation,\r
- IN ULONG ProcessInformationLength\r
- );\r
-\r
-/*\r
- * FUNCTION: Sets the characteristics of a timer\r
- * ARGUMENTS: \r
- * TimerHandle = Handle to the timer\r
- * DueTime = Time before the timer becomes signalled for the first time.\r
- * TimerApcRoutine = Completion routine can be called on time completion\r
- * TimerContext = Argument to the completion routine\r
- * Resume = Specifies if the timer should repeated after completing one cycle\r
- * Period = Cycle of the timer\r
- * REMARKS: This routine maps to the win32 SetWaitableTimer.\r
- * RETURNS: Status\r
-*/\r
-NTSTATUS\r
-STDCALL\r
-NtSetTimer(\r
- IN HANDLE TimerHandle,\r
- IN PLARGE_INTEGER DueTime,\r
- IN PTIMERAPCROUTINE TimerApcRoutine,\r
- IN PVOID TimerContext,\r
- IN BOOL WakeTimer,\r
- IN ULONG Period OPTIONAL,\r
- OUT PBOOLEAN PreviousState OPTIONAL\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwSetTimer(\r
- IN HANDLE TimerHandle,\r
- IN PLARGE_INTEGER DueTime,\r
- IN PTIMERAPCROUTINE TimerApcRoutine,\r
- IN PVOID TimerContext,\r
- IN BOOL WakeTimer,\r
- IN ULONG Period OPTIONAL,\r
- OUT PBOOLEAN PreviousState OPTIONAL\r
- );\r
-\r
-/*\r
- * FUNCTION: Unloads a registry key.\r
- * ARGUMENTS:\r
- * KeyHandle = Handle to the registry key\r
- * REMARK:\r
- * This procedure maps to the win32 procedure RegUnloadKey\r
- * RETURNS: Status\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtUnloadKey(\r
- HANDLE KeyHandle\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwUnloadKey(\r
- HANDLE KeyHandle\r
- );\r
-\r
-/*\r
- * FUNCTION: Unlocks a range of virtual memory. \r
- * ARGUMENTS: \r
- * ProcessHandle = Handle to the process\r
- * BaseAddress = Lower boundary of the range of bytes to unlock. \r
- * NumberOfBytesToUnlock = Offset to the upper boundary to unlock.\r
- * NumberOfBytesUnlocked (OUT) = Number of bytes actually unlocked.\r
- * REMARK:\r
- This procedure maps to the win32 procedure VirtualUnlock \r
- * RETURNS: Status [ STATUS_SUCCESS | STATUS_PAGE_WAS_ULOCKED ]\r
- */ \r
-NTSTATUS \r
-STDCALL\r
-NtUnlockVirtualMemory(\r
- IN HANDLE ProcessHandle,\r
- IN PVOID BaseAddress,\r
- IN ULONG NumberOfBytesToUnlock,\r
- OUT PULONG NumberOfBytesUnlocked OPTIONAL\r
- );\r
-\r
-NTSTATUS \r
-STDCALL\r
-ZwUnlockVirtualMemory(\r
- IN HANDLE ProcessHandle,\r
- IN PVOID BaseAddress,\r
- IN ULONG NumberOfBytesToUnlock,\r
- OUT PULONG NumberOfBytesUnlocked OPTIONAL\r
- );\r
-\r
-/*\r
- * FUNCTION: Waits for multiple objects to become signalled.\r
- * ARGUMENTS: \r
- * Count = The number of objects\r
- * Object = The array of object handles\r
- * WaitType = Can be one of the values UserMode or KernelMode\r
- * Alertable = If true the wait is alertable.\r
- * Time = The maximum wait time.\r
- * REMARKS:\r
- * This function maps to the win32 WaitForMultipleObjectEx.\r
- * RETURNS: Status\r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtWaitForMultipleObjects (\r
- IN ULONG Count,\r
- IN HANDLE Object[],\r
- IN CINT WaitType,\r
- IN BOOLEAN Alertable,\r
- IN PLARGE_INTEGER Time\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwWaitForMultipleObjects (\r
- IN ULONG Count,\r
- IN HANDLE Object[],\r
- IN CINT WaitType,\r
- IN BOOLEAN Alertable,\r
- IN PLARGE_INTEGER Time\r
- );\r
-\r
-/*\r
- * FUNCTION: Creates a profile\r
- * ARGUMENTS:\r
- * ProfileHandle (OUT) = Caller supplied storage for the resulting handle\r
- * ObjectAttribute = Initialized attributes for the object\r
- * ImageBase = Start address of executable image\r
- * ImageSize = Size of the image\r
- * Granularity = Bucket size\r
- * Buffer = Caller supplies buffer for profiling info\r
- * ProfilingSize = Buffer size\r
- * ClockSource = Specify 0 / FALSE ??\r
- * ProcessorMask = A value of -1 indicates disables per processor profiling,\r
- otherwise bit set for the processor to profile.\r
- * REMARKS:\r
- * This function maps to the win32 CreateProcess. \r
- * RETURNS: Status\r
- */\r
-\r
-NTSTATUS \r
-STDCALL\r
-NtCreateProfile(OUT PHANDLE ProfileHandle, \r
- IN HANDLE ProcessHandle,\r
- IN PVOID ImageBase, \r
- IN ULONG ImageSize, \r
- IN ULONG Granularity,\r
- OUT PULONG Buffer, \r
- IN ULONG ProfilingSize,\r
- IN KPROFILE_SOURCE Source,\r
- IN ULONG ProcessorMask);\r
-\r
-NTSTATUS \r
-STDCALL\r
-ZwCreateProfile(\r
- OUT PHANDLE ProfileHandle, \r
- IN POBJECT_ATTRIBUTES ObjectAttributes,\r
- IN ULONG ImageBase, \r
- IN ULONG ImageSize, \r
- IN ULONG Granularity,\r
- OUT PVOID Buffer, \r
- IN ULONG ProfilingSize,\r
- IN ULONG ClockSource,\r
- IN ULONG ProcessorMask\r
- );\r
-\r
-/*\r
- * FUNCTION: Delays the execution of the calling thread.\r
- * ARGUMENTS:\r
- * Alertable = If TRUE the thread is alertable during is wait period\r
- * Interval = Specifies the interval to wait. \r
- * RETURNS: Status\r
- */\r
-\r
-NTSTATUS\r
-STDCALL\r
-NtDelayExecution(\r
- IN ULONG Alertable,\r
- IN TIME *Interval\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwDelayExecution(\r
- IN BOOLEAN Alertable,\r
- IN TIME *Interval\r
- );\r
-\r
-/*\r
- * FUNCTION: Extends a section\r
- * ARGUMENTS:\r
- * SectionHandle = Handle to the section\r
- * NewMaximumSize = Adjusted size\r
- * RETURNS: Status \r
- */\r
-NTSTATUS\r
-STDCALL\r
-NtExtendSection(\r
- IN HANDLE SectionHandle,\r
- IN ULONG NewMaximumSize\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwExtendSection(\r
- IN HANDLE SectionHandle,\r
- IN ULONG NewMaximumSize\r
- );\r
-\r
-/*\r
- * FUNCTION: Queries the information of a section object.\r
- * ARGUMENTS: \r
- * SectionHandle = Handle to the section link object\r
- * SectionInformationClass = Index to a certain information structure\r
- * SectionInformation (OUT)= Caller supplies storage for resulting information\r
- * Length = Size of the supplied storage \r
- * ResultLength = Data written\r
- * RETURNS: Status\r
- *\r
-*/\r
-NTSTATUS\r
-STDCALL\r
-NtQuerySection(\r
- IN HANDLE SectionHandle,\r
- IN CINT SectionInformationClass,\r
- OUT PVOID SectionInformation,\r
- IN ULONG Length,\r
- OUT PULONG ResultLength\r
- );\r
-\r
-NTSTATUS\r
-STDCALL\r
-ZwQuerySection(\r
- IN HANDLE SectionHandle,\r
- IN CINT SectionInformationClass,\r
- OUT PVOID SectionInformation,\r
- IN ULONG Length,\r
- OUT PULONG ResultLength\r
- );\r
-\r
-typedef struct _SECTION_IMAGE_INFORMATION\r
-{\r
- PVOID EntryPoint;\r
- ULONG Unknown1;\r
- ULONG StackReserve;\r
- ULONG StackCommit;\r
- ULONG Subsystem;\r
- USHORT MinorSubsystemVersion;\r
- USHORT MajorSubsystemVersion;\r
- ULONG Unknown2;\r
- ULONG Characteristics;\r
- USHORT ImageNumber;\r
- BOOLEAN Executable;\r
- UCHAR Unknown3;\r
- ULONG Unknown4[3];\r
-} SECTION_IMAGE_INFORMATION, *PSECTION_IMAGE_INFORMATION;\r
-\r
-#endif /* !__USE_W32API */\r
-\r
-#endif /* __DDK_ZW_H */\r
+
+/*
+ * FUNCTION: Creates a mail slot file
+ * ARGUMENTS:
+ * MailSlotFileHandle (OUT) = Caller supplied storage for the resulting handle
+ * DesiredAccess = Specifies the allowed or desired access to the file
+ * ObjectAttributes = Contains the name of the mailslotfile.
+ * IoStatusBlock =
+ * FileAttributes =
+ * ShareAccess =
+ * MaxMessageSize =
+ * TimeOut =
+ *
+ * REMARKS: This funciton maps to the win32 function CreateMailSlot
+ * RETURNS:
+ * Status
+ */
+
+NTSTATUS
+STDCALL
+NtCreateMailslotFile(
+ OUT PHANDLE MailSlotFileHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN ULONG FileAttributes,
+ IN ULONG ShareAccess,
+ IN ULONG MaxMessageSize,
+ IN PLARGE_INTEGER TimeOut
+ );
+
+NTSTATUS
+STDCALL
+ZwCreateMailslotFile(
+ OUT PHANDLE MailSlotFileHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN ULONG FileAttributes,
+ IN ULONG ShareAccess,
+ IN ULONG MaxMessageSize,
+ IN PLARGE_INTEGER TimeOut
+ );
+
+/*
+ * FUNCTION: Creates or opens a mutex
+ * ARGUMENTS:
+ * MutantHandle (OUT) = Caller supplied storage for the resulting handle
+ * DesiredAccess = Specifies the allowed or desired access to the port
+ * ObjectAttributes = Contains the name of the mutex.
+ * InitialOwner = If true the calling thread acquires ownership
+ * of the mutex.
+ * REMARKS: This funciton maps to the win32 function CreateMutex
+ * RETURNS:
+ * Status
+ */
+NTSTATUS
+STDCALL
+NtCreateMutant(
+ OUT PHANDLE MutantHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ IN BOOLEAN InitialOwner
+ );
+
+NTSTATUS
+STDCALL
+ZwCreateMutant(
+ OUT PHANDLE MutantHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ IN BOOLEAN InitialOwner
+ );
+
+/*
+ * FUNCTION: Creates a process.
+ * ARGUMENTS:
+ * ProcessHandle (OUT) = Caller supplied storage for the resulting handle
+ * DesiredAccess = Specifies the allowed or desired access to the process can
+ * be a combinate of STANDARD_RIGHTS_REQUIRED| ..
+ * ObjectAttribute = Initialized attributes for the object, contains the rootdirectory and the filename
+ * ParentProcess = Handle to the parent process.
+ * InheritObjectTable = Specifies to inherit the objects of the parent process if true.
+ * SectionHandle = Handle to a section object to back the image file
+ * DebugPort = Handle to a DebugPort if NULL the system default debug port will be used.
+ * ExceptionPort = Handle to a exception port.
+ * REMARKS:
+ * This function maps to the win32 CreateProcess.
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtCreateProcess(
+ OUT PHANDLE ProcessHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
+ IN HANDLE ParentProcess,
+ IN BOOLEAN InheritObjectTable,
+ IN HANDLE SectionHandle OPTIONAL,
+ IN HANDLE DebugPort OPTIONAL,
+ IN HANDLE ExceptionPort OPTIONAL
+ );
+
+NTSTATUS
+STDCALL
+ZwCreateProcess(
+ OUT PHANDLE ProcessHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
+ IN HANDLE ParentProcess,
+ IN BOOLEAN InheritObjectTable,
+ IN HANDLE SectionHandle OPTIONAL,
+ IN HANDLE DebugPort OPTIONAL,
+ IN HANDLE ExceptionPort OPTIONAL
+ );
+
+/*
+ * FUNCTION: Creates a section object.
+ * ARGUMENTS:
+ * SectionHandle (OUT) = Caller supplied storage for the resulting handle
+ * DesiredAccess = Specifies the desired access to the section can be a combination of STANDARD_RIGHTS_REQUIRED | SECTION_QUERY | SECTION_MAP_WRITE |
+ * SECTION_MAP_READ | SECTION_MAP_EXECUTE.
+ * ObjectAttribute = Initialized attributes for the object can be used to create a named section
+ * MaxiumSize = Maximizes the size of the memory section. Must be non-NULL for a page-file backed section.
+ * If value specified for a mapped file and the file is not large enough, file will be extended.
+ * SectionPageProtection = Can be a combination of PAGE_READONLY | PAGE_READWRITE | PAGE_WRITEONLY | PAGE_WRITECOPY.
+ * AllocationAttributes = can be a combination of SEC_IMAGE | SEC_RESERVE
+ * FileHanlde = Handle to a file to create a section mapped to a file instead of a memory backed section.
+ * RETURNS: Status
+ */
+
+NTSTATUS
+STDCALL
+NtCreateSection(
+ OUT PHANDLE SectionHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
+ IN PLARGE_INTEGER MaximumSize OPTIONAL,
+ IN ULONG SectionPageProtection OPTIONAL,
+ IN ULONG AllocationAttributes,
+ IN HANDLE FileHandle OPTIONAL
+ );
+
+NTSTATUS
+STDCALL
+ZwCreateSection(
+ OUT PHANDLE SectionHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
+ IN PLARGE_INTEGER MaximumSize OPTIONAL,
+ IN ULONG SectionPageProtection OPTIONAL,
+ IN ULONG AllocationAttributes,
+ IN HANDLE FileHandle OPTIONAL
+ );
+
+/*
+ * FUNCTION: Creates a semaphore object for interprocess synchronization.
+ * ARGUMENTS:
+ * SemaphoreHandle (OUT) = Caller supplied storage for the resulting handle
+ * DesiredAccess = Specifies the allowed or desired access to the semaphore.
+ * ObjectAttribute = Initialized attributes for the object.
+ * InitialCount = Not necessary zero, might be smaller than zero.
+ * MaximumCount = Maxiumum count the semaphore can reach.
+ * RETURNS: Status
+ * REMARKS:
+ * The semaphore is set to signaled when its count is greater than zero, and non-signaled when its count is zero.
+ */
+
+//FIXME: should a semaphore's initial count allowed to be smaller than zero ??
+NTSTATUS
+STDCALL
+NtCreateSemaphore(
+ OUT PHANDLE SemaphoreHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
+ IN LONG InitialCount,
+ IN LONG MaximumCount
+ );
+
+NTSTATUS
+STDCALL
+ZwCreateSemaphore(
+ OUT PHANDLE SemaphoreHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
+ IN LONG InitialCount,
+ IN LONG MaximumCount
+ );
+
+/*
+ * FUNCTION: Creates a symbolic link object
+ * ARGUMENTS:
+ * SymbolicLinkHandle (OUT) = Caller supplied storage for the resulting handle
+ * DesiredAccess = Specifies the allowed or desired access to the thread.
+ * ObjectAttributes = Initialized attributes for the object.
+ * Name = Target name of the symbolic link
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtCreateSymbolicLinkObject(
+ OUT PHANDLE SymbolicLinkHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ IN PUNICODE_STRING Name
+ );
+
+NTSTATUS
+STDCALL
+ZwCreateSymbolicLinkObject(
+ OUT PHANDLE SymbolicLinkHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ IN PUNICODE_STRING Name
+ );
+
+/*
+ * FUNCTION: Creates a waitable timer.
+ * ARGUMENTS:
+ * TimerHandle (OUT) = Caller supplied storage for the resulting handle
+ * DesiredAccess = Specifies the allowed or desired access to the timer.
+ * ObjectAttributes = Initialized attributes for the object.
+ * TimerType = Specifies if the timer should be reset manually.
+ * REMARKS:
+ * This function maps to the win32 CreateWaitableTimer. lpTimerAttributes and lpTimerName map to
+ * corresponding fields in OBJECT_ATTRIBUTES structure.
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtCreateTimer(
+ OUT PHANDLE TimerHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
+ IN TIMER_TYPE TimerType
+ );
+
+NTSTATUS
+STDCALL
+ZwCreateTimer(
+ OUT PHANDLE TimerHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
+ IN TIMER_TYPE TimerType
+ );
+
+/*
+ * FUNCTION: Creates a token.
+ * ARGUMENTS:
+ * TokenHandle (OUT) = Caller supplied storage for the resulting handle
+ * DesiredAccess = Specifies the allowed or desired access to the process can
+ * be a combinate of STANDARD_RIGHTS_REQUIRED| ..
+ * ObjectAttribute = Initialized attributes for the object, contains the rootdirectory and the filename
+ * TokenType =
+ * AuthenticationId =
+ * ExpirationTime =
+ * TokenUser =
+ * TokenGroups =
+ * TokenPrivileges =
+ * TokenOwner =
+ * TokenPrimaryGroup =
+ * TokenDefaultDacl =
+ * TokenSource =
+ * REMARKS:
+ * This function does not map to a win32 function
+ * RETURNS: Status
+ */
+
+NTSTATUS
+STDCALL
+NtCreateToken(
+ OUT PHANDLE TokenHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ IN TOKEN_TYPE TokenType,
+ IN PLUID AuthenticationId,
+ IN PLARGE_INTEGER ExpirationTime,
+ IN PTOKEN_USER TokenUser,
+ IN PTOKEN_GROUPS TokenGroups,
+ IN PTOKEN_PRIVILEGES TokenPrivileges,
+ IN PTOKEN_OWNER TokenOwner,
+ IN PTOKEN_PRIMARY_GROUP TokenPrimaryGroup,
+ IN PTOKEN_DEFAULT_DACL TokenDefaultDacl,
+ IN PTOKEN_SOURCE TokenSource
+ );
+
+NTSTATUS
+STDCALL
+ZwCreateToken(
+ OUT PHANDLE TokenHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ IN TOKEN_TYPE TokenType,
+ IN PLUID AuthenticationId,
+ IN PLARGE_INTEGER ExpirationTime,
+ IN PTOKEN_USER TokenUser,
+ IN PTOKEN_GROUPS TokenGroups,
+ IN PTOKEN_PRIVILEGES TokenPrivileges,
+ IN PTOKEN_OWNER TokenOwner,
+ IN PTOKEN_PRIMARY_GROUP TokenPrimaryGroup,
+ IN PTOKEN_DEFAULT_DACL TokenDefaultDacl,
+ IN PTOKEN_SOURCE TokenSource
+ );
+
+/*
+ * FUNCTION: Returns the callers thread TEB.
+ * RETURNS: The resulting teb.
+ */
+#if 0
+ NT_TEB *
+STDCALL
+NtCurrentTeb(VOID
+ );
+#endif
+
+/*
+ * FUNCTION: Deletes an atom from the global atom table
+ * ARGUMENTS:
+ * Atom = Identifies the atom to delete
+ * REMARKS:
+ * The function maps to the win32 GlobalDeleteAtom
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtDeleteAtom(
+ IN RTL_ATOM Atom
+ );
+
+NTSTATUS
+STDCALL
+ZwDeleteAtom(
+ IN RTL_ATOM Atom
+ );
+
+/*
+ * FUNCTION: Deletes a file or a directory
+ * ARGUMENTS:
+ * ObjectAttributes = Name of the file which should be deleted
+ * REMARKS:
+ * This system call is functionally equivalent to NtSetInformationFile
+ * setting the disposition information.
+ * The function maps to the win32 DeleteFile.
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtDeleteFile(
+ IN POBJECT_ATTRIBUTES ObjectAttributes
+ );
+
+NTSTATUS
+STDCALL
+ZwDeleteFile(
+ IN POBJECT_ATTRIBUTES ObjectAttributes
+ );
+
+/*
+ * FUNCTION: Deletes a registry key
+ * ARGUMENTS:
+ * KeyHandle = Handle of the key
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtDeleteKey(
+ IN HANDLE KeyHandle
+ );
+NTSTATUS
+STDCALL
+ZwDeleteKey(
+ IN HANDLE KeyHandle
+ );
+
+/*
+ * FUNCTION: Generates a audit message when an object is deleted
+ * ARGUMENTS:
+ * SubsystemName = Spefies the name of the subsystem can be 'WIN32' or 'DEBUG'
+ * HandleId= Handle to an audit object
+ * GenerateOnClose = Value returned by NtAccessCheckAndAuditAlarm
+ * REMARKS: This function maps to the win32 ObjectCloseAuditAlarm
+ * RETURNS: Status
+ */
+
+NTSTATUS
+STDCALL
+NtDeleteObjectAuditAlarm (
+ IN PUNICODE_STRING SubsystemName,
+ IN PVOID HandleId,
+ IN BOOLEAN GenerateOnClose
+ );
+
+NTSTATUS
+STDCALL
+ZwDeleteObjectAuditAlarm (
+ IN PUNICODE_STRING SubsystemName,
+ IN PVOID HandleId,
+ IN BOOLEAN GenerateOnClose
+ );
+
+
+/*
+ * FUNCTION: Deletes a value from a registry key
+ * ARGUMENTS:
+ * KeyHandle = Handle of the key
+ * ValueName = Name of the value to delete
+ * RETURNS: Status
+ */
+
+NTSTATUS
+STDCALL
+NtDeleteValueKey(
+ IN HANDLE KeyHandle,
+ IN PUNICODE_STRING ValueName
+ );
+
+NTSTATUS
+STDCALL
+ZwDeleteValueKey(
+ IN HANDLE KeyHandle,
+ IN PUNICODE_STRING ValueName
+ );
+/*
+ * FUNCTION: Sends IOCTL to the io sub system
+ * ARGUMENTS:
+ * DeviceHandle = Points to the handle that is created by NtCreateFile
+ * Event = Event to synchronize on STATUS_PENDING
+ * ApcRoutine = Asynchroneous procedure callback
+ * ApcContext = Callback context.
+ * IoStatusBlock = Caller should supply storage for extra information..
+ * IoControlCode = Contains the IO Control command. This is an
+ * index to the structures in InputBuffer and OutputBuffer.
+ * InputBuffer = Caller should supply storage for input buffer if IOTL expects one.
+ * InputBufferSize = Size of the input bufffer
+ * OutputBuffer = Caller should supply storage for output buffer if IOTL expects one.
+ * OutputBufferSize = Size of the input bufffer
+ * RETURNS: Status
+ */
+
+NTSTATUS
+STDCALL
+NtDeviceIoControlFile(
+ IN HANDLE DeviceHandle,
+ IN HANDLE Event OPTIONAL,
+ IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL,
+ IN PVOID UserApcContext OPTIONAL,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN ULONG IoControlCode,
+ IN PVOID InputBuffer,
+ IN ULONG InputBufferSize,
+ OUT PVOID OutputBuffer,
+ IN ULONG OutputBufferSize
+ );
+
+NTSTATUS
+STDCALL
+ZwDeviceIoControlFile(
+ IN HANDLE DeviceHandle,
+ IN HANDLE Event OPTIONAL,
+ IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL,
+ IN PVOID UserApcContext OPTIONAL,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN ULONG IoControlCode,
+ IN PVOID InputBuffer,
+ IN ULONG InputBufferSize,
+ OUT PVOID OutputBuffer,
+ IN ULONG OutputBufferSize
+ );
+/*
+ * FUNCTION: Displays a string on the blue screen
+ * ARGUMENTS:
+ * DisplayString = The string to display
+ * RETURNS: Status
+ */
+
+NTSTATUS
+STDCALL
+NtDisplayString(
+ IN PUNICODE_STRING DisplayString
+ );
+
+NTSTATUS
+STDCALL
+ZwDisplayString(
+ IN PUNICODE_STRING DisplayString
+ );
+
+/*
+ * FUNCTION: Returns information about the subkeys of an open key
+ * ARGUMENTS:
+ * KeyHandle = Handle of the key whose subkeys are to enumerated
+ * Index = zero based index of the subkey for which information is
+ * request
+ * KeyInformationClass = Type of information returned
+ * KeyInformation (OUT) = Caller allocated buffer for the information
+ * about the key
+ * Length = Length in bytes of the KeyInformation buffer
+ * ResultLength (OUT) = Caller allocated storage which holds
+ * the number of bytes of information retrieved
+ * on return
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtEnumerateKey(
+ IN HANDLE KeyHandle,
+ IN ULONG Index,
+ IN KEY_INFORMATION_CLASS KeyInformationClass,
+ OUT PVOID KeyInformation,
+ IN ULONG Length,
+ OUT PULONG ResultLength
+ );
+
+NTSTATUS
+STDCALL
+ZwEnumerateKey(
+ IN HANDLE KeyHandle,
+ IN ULONG Index,
+ IN KEY_INFORMATION_CLASS KeyInformationClass,
+ OUT PVOID KeyInformation,
+ IN ULONG Length,
+ OUT PULONG ResultLength
+ );
+/*
+ * FUNCTION: Returns information about the value entries of an open key
+ * ARGUMENTS:
+ * KeyHandle = Handle of the key whose value entries are to enumerated
+ * Index = zero based index of the subkey for which information is
+ * request
+ * KeyInformationClass = Type of information returned
+ * KeyInformation (OUT) = Caller allocated buffer for the information
+ * about the key
+ * Length = Length in bytes of the KeyInformation buffer
+ * ResultLength (OUT) = Caller allocated storage which holds
+ * the number of bytes of information retrieved
+ * on return
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtEnumerateValueKey(
+ IN HANDLE KeyHandle,
+ IN ULONG Index,
+ IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass,
+ OUT PVOID KeyValueInformation,
+ IN ULONG Length,
+ OUT PULONG ResultLength
+ );
+
+NTSTATUS
+STDCALL
+ZwEnumerateValueKey(
+ IN HANDLE KeyHandle,
+ IN ULONG Index,
+ IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass,
+ OUT PVOID KeyValueInformation,
+ IN ULONG Length,
+ OUT PULONG ResultLength
+ );
+
+/*
+ * FUNCTION: Flushes chached file data to disk
+ * ARGUMENTS:
+ * FileHandle = Points to the file
+ * IoStatusBlock = Caller must supply storage to receive the result of the flush
+ * buffers operation. The information field is set to number of bytes
+ * flushed to disk.
+ * RETURNS: Status
+ * REMARKS:
+ * This funciton maps to the win32 FlushFileBuffers
+ */
+NTSTATUS
+STDCALL
+NtFlushBuffersFile(
+ IN HANDLE FileHandle,
+ OUT PIO_STATUS_BLOCK IoStatusBlock
+ );
+
+NTSTATUS
+STDCALL
+ZwFlushBuffersFile(
+ IN HANDLE FileHandle,
+ OUT PIO_STATUS_BLOCK IoStatusBlock
+ );
+
+/*
+ * FUNCTION: Flushes a registry key to disk
+ * ARGUMENTS:
+ * KeyHandle = Points to the registry key handle
+ * RETURNS: Status
+ * REMARKS:
+ * This funciton maps to the win32 RegFlushKey.
+ */
+NTSTATUS
+STDCALL
+NtFlushKey(
+ IN HANDLE KeyHandle
+ );
+
+NTSTATUS
+STDCALL
+ZwFlushKey(
+ IN HANDLE KeyHandle
+ );
+
+/*
+ * FUNCTION: Flushes the dirty pages to file
+ * RETURNS: Status
+ * FIXME: Not sure this does (how is the file specified)
+ */
+NTSTATUS STDCALL NtFlushWriteBuffer(VOID);
+NTSTATUS STDCALL ZwFlushWriteBuffer(VOID);
+
+ /*
+ * FUNCTION: Frees a range of virtual memory
+ * ARGUMENTS:
+ * ProcessHandle = Points to the process that allocated the virtual
+ * memory
+ * BaseAddress = Points to the memory address, rounded down to a
+ * multiple of the pagesize
+ * RegionSize = Limits the range to free, rounded up to a multiple of
+ * the paging size
+ * FreeType = Can be one of the values: MEM_DECOMMIT, or MEM_RELEASE
+ * RETURNS: Status
+ */
+NTSTATUS STDCALL NtFreeVirtualMemory(IN HANDLE ProcessHandle,
+ IN PVOID *BaseAddress,
+ IN PULONG RegionSize,
+ IN ULONG FreeType);
+NTSTATUS STDCALL ZwFreeVirtualMemory(IN HANDLE ProcessHandle,
+ IN PVOID *BaseAddress,
+ IN PULONG RegionSize,
+ IN ULONG FreeType);
+
+/*
+ * FUNCTION: Sends FSCTL to the filesystem
+ * ARGUMENTS:
+ * DeviceHandle = Points to the handle that is created by NtCreateFile
+ * Event = Event to synchronize on STATUS_PENDING
+ * ApcRoutine =
+ * ApcContext =
+ * IoStatusBlock = Caller should supply storage for
+ * IoControlCode = Contains the File System Control command. This is an
+ * index to the structures in InputBuffer and OutputBuffer.
+ * FSCTL_GET_RETRIEVAL_POINTERS MAPPING_PAIR
+ * FSCTL_GET_RETRIEVAL_POINTERS GET_RETRIEVAL_DESCRIPTOR
+ * FSCTL_GET_VOLUME_BITMAP BITMAP_DESCRIPTOR
+ * FSCTL_MOVE_FILE MOVEFILE_DESCRIPTOR
+ *
+ * InputBuffer = Caller should supply storage for input buffer if FCTL expects one.
+ * InputBufferSize = Size of the input bufffer
+ * OutputBuffer = Caller should supply storage for output buffer if FCTL expects one.
+ * OutputBufferSize = Size of the input bufffer
+ * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES |
+ * STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST ]
+ */
+NTSTATUS
+STDCALL
+NtFsControlFile(
+ IN HANDLE DeviceHandle,
+ IN HANDLE Event OPTIONAL,
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
+ IN PVOID ApcContext OPTIONAL,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN ULONG IoControlCode,
+ IN PVOID InputBuffer,
+ IN ULONG InputBufferSize,
+ OUT PVOID OutputBuffer,
+ IN ULONG OutputBufferSize
+ );
+
+NTSTATUS
+STDCALL
+ZwFsControlFile(
+ IN HANDLE DeviceHandle,
+ IN HANDLE Event OPTIONAL,
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
+ IN PVOID ApcContext OPTIONAL,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN ULONG IoControlCode,
+ IN PVOID InputBuffer,
+ IN ULONG InputBufferSize,
+ OUT PVOID OutputBuffer,
+ IN ULONG OutputBufferSize
+ );
+
+/*
+ * FUNCTION: Retrieves the processor context of a thread
+ * ARGUMENTS:
+ * ThreadHandle = Handle to a thread
+ * Context (OUT) = Caller allocated storage for the processor context
+ * RETURNS: Status
+ */
+
+NTSTATUS
+STDCALL
+NtGetContextThread(
+ IN HANDLE ThreadHandle,
+ OUT PCONTEXT Context
+ );
+
+NTSTATUS
+STDCALL
+ZwGetContextThread(
+ IN HANDLE ThreadHandle,
+ OUT PCONTEXT Context
+ );
+
+/*
+ * FUNCTION: Sets a thread to impersonate another
+ * ARGUMENTS:
+ * ThreadHandle = Server thread that will impersonate a client.
+ ThreadToImpersonate = Client thread that will be impersonated
+ SecurityQualityOfService = Specifies the impersonation level.
+ * RETURNS: Status
+ */
+
+NTSTATUS
+STDCALL
+NtImpersonateThread(
+ IN HANDLE ThreadHandle,
+ IN HANDLE ThreadToImpersonate,
+ IN PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService
+ );
+
+NTSTATUS
+STDCALL
+ZwImpersonateThread(
+ IN HANDLE ThreadHandle,
+ IN HANDLE ThreadToImpersonate,
+ IN PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService
+ );
+
+/*
+ * FUNCTION: Initializes the registry.
+ * ARGUMENTS:
+ * SetUpBoot = This parameter is true for a setup boot.
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtInitializeRegistry(
+ BOOLEAN SetUpBoot
+ );
+NTSTATUS
+STDCALL
+ZwInitializeRegistry(
+ BOOLEAN SetUpBoot
+ );
+
+/*
+ * FUNCTION: Loads a driver.
+ * ARGUMENTS:
+ * DriverServiceName = Name of the driver to load
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtLoadDriver(
+ IN PUNICODE_STRING DriverServiceName
+ );
+
+NTSTATUS
+STDCALL
+ZwLoadDriver(
+ IN PUNICODE_STRING DriverServiceName
+ );
+
+/*
+ * FUNCTION: Locks a range of bytes in a file.
+ * ARGUMENTS:
+ * FileHandle = Handle to the file
+ * Event = Should be null if apc is specified.
+ * ApcRoutine = Asynchroneous Procedure Callback
+ * ApcContext = Argument to the callback
+ * IoStatusBlock (OUT) = Caller should supply storage for a structure containing
+ * the completion status and information about the requested lock operation.
+ * ByteOffset = Offset
+ * Length = Number of bytes to lock.
+ * Key = Special value to give other threads the possibility to unlock the file
+ by supplying the key in a call to NtUnlockFile.
+ * FailImmediatedly = If false the request will block untill the lock is obtained.
+ * ExclusiveLock = Specifies whether a exclusive or a shared lock is obtained.
+ * REMARK:
+ This procedure maps to the win32 procedure LockFileEx. STATUS_PENDING is returned if the lock could
+ not be obtained immediately, the device queue is busy and the IRP is queued.
+ * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES |
+ STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_LOCK_NOT_GRANTED ]
+
+ */
+NTSTATUS
+STDCALL
+NtLockFile(
+ IN HANDLE FileHandle,
+ IN HANDLE Event OPTIONAL,
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
+ IN PVOID ApcContext OPTIONAL,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN PLARGE_INTEGER ByteOffset,
+ IN PLARGE_INTEGER Length,
+ IN PULONG Key,
+ IN BOOLEAN FailImmediatedly,
+ IN BOOLEAN ExclusiveLock
+ );
+
+NTSTATUS
+STDCALL
+ZwLockFile(
+ IN HANDLE FileHandle,
+ IN HANDLE Event OPTIONAL,
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
+ IN PVOID ApcContext OPTIONAL,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN PLARGE_INTEGER ByteOffset,
+ IN PLARGE_INTEGER Length,
+ IN PULONG Key,
+ IN BOOLEAN FailImmediatedly,
+ IN BOOLEAN ExclusiveLock
+ );
+
+/*
+ * FUNCTION: Makes temporary object that will be removed at next boot.
+ * ARGUMENTS:
+ * Handle = Handle to object
+ * RETURNS: Status
+ */
+
+NTSTATUS
+STDCALL
+NtMakeTemporaryObject(
+ IN HANDLE Handle
+ );
+
+NTSTATUS
+STDCALL
+ZwMakeTemporaryObject(
+ IN HANDLE Handle
+ );
+/*
+ * FUNCTION: Maps a view of a section into the virtual address space of a
+ * process
+ * ARGUMENTS:
+ * SectionHandle = Handle of the section
+ * ProcessHandle = Handle of the process
+ * BaseAddress = Desired base address (or NULL) on entry
+ * Actual base address of the view on exit
+ * ZeroBits = Number of high order address bits that must be zero
+ * CommitSize = Size in bytes of the initially committed section of
+ * the view
+ * SectionOffset = Offset in bytes from the beginning of the section
+ * to the beginning of the view
+ * ViewSize = Desired length of map (or zero to map all) on entry
+ * Actual length mapped on exit
+ * InheritDisposition = Specified how the view is to be shared with
+ * child processes
+ * AllocateType = Type of allocation for the pages
+ * Protect = Protection for the committed region of the view
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtMapViewOfSection(
+ IN HANDLE SectionHandle,
+ IN HANDLE ProcessHandle,
+ IN OUT PVOID *BaseAddress,
+ IN ULONG ZeroBits,
+ IN ULONG CommitSize,
+ IN OUT PLARGE_INTEGER SectionOffset OPTIONAL,
+ IN OUT PULONG ViewSize,
+ IN SECTION_INHERIT InheritDisposition,
+ IN ULONG AllocationType,
+ IN ULONG AccessProtection
+ );
+
+NTSTATUS
+STDCALL
+ZwMapViewOfSection(
+ IN HANDLE SectionHandle,
+ IN HANDLE ProcessHandle,
+ IN OUT PVOID *BaseAddress,
+ IN ULONG ZeroBits,
+ IN ULONG CommitSize,
+ IN OUT PLARGE_INTEGER SectionOffset OPTIONAL,
+ IN OUT PULONG ViewSize,
+ IN SECTION_INHERIT InheritDisposition,
+ IN ULONG AllocationType,
+ IN ULONG AccessProtection
+ );
+
+/*
+ * FUNCTION: Installs a notify for the change of a directory's contents
+ * ARGUMENTS:
+ * FileHandle = Handle to the directory
+ Event =
+ * ApcRoutine = Start address
+ * ApcContext = Delimits the range of virtual memory
+ * for which the new access protection holds
+ * IoStatusBlock = The new access proctection for the pages
+ * Buffer = Caller supplies storage for resulting information --> FILE_NOTIFY_INFORMATION
+ * BufferSize = Size of the buffer
+ CompletionFilter = Can be one of the following values:
+ FILE_NOTIFY_CHANGE_FILE_NAME
+ FILE_NOTIFY_CHANGE_DIR_NAME
+ FILE_NOTIFY_CHANGE_NAME ( FILE_NOTIFY_CHANGE_FILE_NAME | FILE_NOTIFY_CHANGE_DIR_NAME )
+ FILE_NOTIFY_CHANGE_ATTRIBUTES
+ FILE_NOTIFY_CHANGE_SIZE
+ FILE_NOTIFY_CHANGE_LAST_WRITE
+ FILE_NOTIFY_CHANGE_LAST_ACCESS
+ FILE_NOTIFY_CHANGE_CREATION ( change of creation timestamp )
+ FILE_NOTIFY_CHANGE_EA
+ FILE_NOTIFY_CHANGE_SECURITY
+ FILE_NOTIFY_CHANGE_STREAM_NAME
+ FILE_NOTIFY_CHANGE_STREAM_SIZE
+ FILE_NOTIFY_CHANGE_STREAM_WRITE
+ WatchTree = If true the notify will be installed recursively on the targetdirectory and all subdirectories.
+ *
+ * REMARKS:
+ * The function maps to the win32 FindFirstChangeNotification, FindNextChangeNotification
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtNotifyChangeDirectoryFile(
+ IN HANDLE FileHandle,
+ IN HANDLE Event OPTIONAL,
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
+ IN PVOID ApcContext OPTIONAL,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ OUT PVOID Buffer,
+ IN ULONG BufferSize,
+ IN ULONG CompletionFilter,
+ IN BOOLEAN WatchTree
+ );
+
+NTSTATUS
+STDCALL
+ZwNotifyChangeDirectoryFile(
+ IN HANDLE FileHandle,
+ IN HANDLE Event OPTIONAL,
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
+ IN PVOID ApcContext OPTIONAL,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ OUT PVOID Buffer,
+ IN ULONG BufferSize,
+ IN ULONG CompletionFilter,
+ IN BOOLEAN WatchTree
+ );
+
+/*
+ * FUNCTION: Installs a notfication callback on registry changes
+ * ARGUMENTS:
+ KeyHandle = Handle to the registry key
+ Event = Event that should be signalled on modification of the key
+ ApcRoutine = Routine that should be called on modification of the key
+ ApcContext = Argument to the ApcRoutine
+ IoStatusBlock = ???
+ CompletionFilter = Specifies the kind of notification the caller likes to receive.
+ Can be a combination of the following values:
+
+ REG_NOTIFY_CHANGE_NAME
+ REG_NOTIFY_CHANGE_ATTRIBUTES
+ REG_NOTIFY_CHANGE_LAST_SET
+ REG_NOTIFY_CHANGE_SECURITY
+
+
+ Asynchroneous = If TRUE the changes are reported by signalling an event if false
+ the function will not return before a change occurs.
+ ChangeBuffer = Will return the old value
+ Length = Size of the change buffer
+ WatchSubtree = Indicates if the caller likes to receive a notification of changes in
+ sub keys or not.
+ * REMARKS: If the key is closed the event is signalled aswell.
+ * RETURNS: Status
+ */
+
+NTSTATUS
+STDCALL
+NtNotifyChangeKey(
+ IN HANDLE KeyHandle,
+ IN HANDLE Event,
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
+ IN PVOID ApcContext OPTIONAL,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN ULONG CompletionFilter,
+ IN BOOLEAN Asynchroneous,
+ OUT PVOID ChangeBuffer,
+ IN ULONG Length,
+ IN BOOLEAN WatchSubtree
+ );
+
+NTSTATUS
+STDCALL
+ZwNotifyChangeKey(
+ IN HANDLE KeyHandle,
+ IN HANDLE Event,
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
+ IN PVOID ApcContext OPTIONAL,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN ULONG CompletionFilter,
+ IN BOOLEAN Asynchroneous,
+ OUT PVOID ChangeBuffer,
+ IN ULONG Length,
+ IN BOOLEAN WatchSubtree
+ );
+
+/*
+ * FUNCTION: Opens an existing directory object
+ * ARGUMENTS:
+ * FileHandle (OUT) = Caller supplied storage for the resulting handle
+ * DesiredAccess = Requested access to the directory
+ * ObjectAttributes = Initialized attributes for the object
+ * RETURNS: Status
+ */
+
+NTSTATUS
+STDCALL
+NtOpenDirectoryObject(
+ OUT PHANDLE FileHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes
+ );
+NTSTATUS
+STDCALL
+ZwOpenDirectoryObject(
+ OUT PHANDLE FileHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes
+ );
+
+/*
+ * FUNCTION: Opens an existing event
+ * ARGUMENTS:
+ * EventHandle (OUT) = Caller supplied storage for the resulting handle
+ * DesiredAccess = Requested access to the event
+ * ObjectAttributes = Initialized attributes for the object
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtOpenEvent(
+ OUT PHANDLE EventHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes
+ );
+
+NTSTATUS
+STDCALL
+ZwOpenEvent(
+ OUT PHANDLE EventHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes
+ );
+
+/*
+ * FUNCTION: Opens an existing event pair
+ * ARGUMENTS:
+ * EventHandle (OUT) = Caller supplied storage for the resulting handle
+ * DesiredAccess = Requested access to the event
+ * ObjectAttributes = Initialized attributes for the object
+ * RETURNS: Status
+ */
+
+NTSTATUS
+STDCALL
+NtOpenEventPair(
+ OUT PHANDLE EventPairHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes
+ );
+
+NTSTATUS
+STDCALL
+ZwOpenEventPair(
+ OUT PHANDLE EventPairHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes
+ );
+/*
+ * FUNCTION: Opens an existing file
+ * ARGUMENTS:
+ * FileHandle (OUT) = Caller supplied storage for the resulting handle
+ * DesiredAccess = Requested access to the file
+ * ObjectAttributes = Initialized attributes for the object
+ * IoStatusBlock =
+ * ShareAccess =
+ * OpenOptions =
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtOpenFile(
+ OUT PHANDLE FileHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN ULONG ShareAccess,
+ IN ULONG OpenOptions
+ );
+
+NTSTATUS
+STDCALL
+ZwOpenFile(
+ OUT PHANDLE FileHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN ULONG ShareAccess,
+ IN ULONG OpenOptions
+ );
+
+/*
+ * FUNCTION: Opens an existing io completion object
+ * ARGUMENTS:
+ * CompletionPort (OUT) = Caller supplied storage for the resulting handle
+ * DesiredAccess = Requested access to the io completion object
+ * ObjectAttributes = Initialized attributes for the object
+ * RETURNS: Status
+ */
+
+NTSTATUS
+STDCALL
+NtOpenIoCompletion(
+ OUT PHANDLE CompetionPort,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes
+ );
+
+NTSTATUS
+STDCALL
+ZwOpenIoCompletion(
+ OUT PHANDLE CompetionPort,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes
+ );
+
+/*
+ * FUNCTION: Opens an existing key in the registry
+ * ARGUMENTS:
+ * KeyHandle (OUT) = Caller supplied storage for the resulting handle
+ * DesiredAccess = Requested access to the key
+ * ObjectAttributes = Initialized attributes for the object
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtOpenKey(
+ OUT PHANDLE KeyHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes
+ );
+
+NTSTATUS
+STDCALL
+ZwOpenKey(
+ OUT PHANDLE KeyHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes
+ );
+/*
+ * FUNCTION: Opens an existing key in the registry
+ * ARGUMENTS:
+ * MutantHandle (OUT) = Caller supplied storage for the resulting handle
+ * DesiredAccess = Requested access to the mutant
+ * ObjectAttribute = Initialized attributes for the object
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtOpenMutant(
+ OUT PHANDLE MutantHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes
+ );
+NTSTATUS
+STDCALL
+ZwOpenMutant(
+ OUT PHANDLE MutantHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes
+ );
+
+/*
+ * FUNCTION: Opens an existing process
+ * ARGUMENTS:
+ * ProcessHandle (OUT) = Caller supplied storage for the resulting handle
+ * DesiredAccess = Requested access to the process
+ * ObjectAttribute = Initialized attributes for the object
+ * ClientId = Identifies the process id to open
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtOpenProcess (
+ OUT PHANDLE ProcessHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ IN PCLIENT_ID ClientId
+ );
+NTSTATUS
+STDCALL
+ZwOpenProcess (
+ OUT PHANDLE ProcessHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ IN PCLIENT_ID ClientId
+ );
+/*
+ * FUNCTION: Opens an existing process
+ * ARGUMENTS:
+ * ProcessHandle = Handle of the process of which owns the token
+ * DesiredAccess = Requested access to the token
+ * TokenHandle (OUT) = Caller supplies storage for the resulting token.
+ * REMARKS:
+ This function maps to the win32
+ * RETURNS: Status
+ */
+
+NTSTATUS
+STDCALL
+NtOpenProcessToken(
+ IN HANDLE ProcessHandle,
+ IN ACCESS_MASK DesiredAccess,
+ OUT PHANDLE TokenHandle
+ );
+
+NTSTATUS
+STDCALL
+ZwOpenProcessToken(
+ IN HANDLE ProcessHandle,
+ IN ACCESS_MASK DesiredAccess,
+ OUT PHANDLE TokenHandle
+ );
+
+/*
+ * FUNCTION: Opens an existing section object
+ * ARGUMENTS:
+ * KeyHandle (OUT) = Caller supplied storage for the resulting handle
+ * DesiredAccess = Requested access to the key
+ * ObjectAttribute = Initialized attributes for the object
+ * RETURNS: Status
+ */
+
+NTSTATUS
+STDCALL
+NtOpenSection(
+ OUT PHANDLE SectionHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes
+ );
+NTSTATUS
+STDCALL
+ZwOpenSection(
+ OUT PHANDLE SectionHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes
+ );
+/*
+ * FUNCTION: Opens an existing semaphore
+ * ARGUMENTS:
+ * SemaphoreHandle (OUT) = Caller supplied storage for the resulting handle
+ * DesiredAccess = Requested access to the semaphore
+ * ObjectAttribute = Initialized attributes for the object
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtOpenSemaphore(
+ IN HANDLE SemaphoreHandle,
+ IN ACCESS_MASK DesiredAcces,
+ IN POBJECT_ATTRIBUTES ObjectAttributes
+ );
+NTSTATUS
+STDCALL
+ZwOpenSemaphore(
+ IN HANDLE SemaphoreHandle,
+ IN ACCESS_MASK DesiredAcces,
+ IN POBJECT_ATTRIBUTES ObjectAttributes
+ );
+/*
+ * FUNCTION: Opens an existing symbolic link
+ * ARGUMENTS:
+ * SymbolicLinkHandle (OUT) = Caller supplied storage for the resulting handle
+ * DesiredAccess = Requested access to the symbolic link
+ * ObjectAttribute = Initialized attributes for the object
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtOpenSymbolicLinkObject(
+ OUT PHANDLE SymbolicLinkHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes
+ );
+NTSTATUS
+STDCALL
+ZwOpenSymbolicLinkObject(
+ OUT PHANDLE SymbolicLinkHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes
+ );
+/*
+ * FUNCTION: Opens an existing thread
+ * ARGUMENTS:
+ * ThreadHandle (OUT) = Caller supplied storage for the resulting handle
+ * DesiredAccess = Requested access to the thread
+ * ObjectAttribute = Initialized attributes for the object
+ * ClientId = Identifies the thread to open.
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtOpenThread(
+ OUT PHANDLE ThreadHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ IN PCLIENT_ID ClientId
+ );
+NTSTATUS
+STDCALL
+ZwOpenThread(
+ OUT PHANDLE ThreadHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ IN PCLIENT_ID ClientId
+ );
+
+NTSTATUS
+STDCALL
+NtOpenThreadToken(
+ IN HANDLE ThreadHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN BOOLEAN OpenAsSelf,
+ OUT PHANDLE TokenHandle
+ );
+
+NTSTATUS
+STDCALL
+ZwOpenThreadToken(
+ IN HANDLE ThreadHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN BOOLEAN OpenAsSelf,
+ OUT PHANDLE TokenHandle
+ );
+/*
+ * FUNCTION: Opens an existing timer
+ * ARGUMENTS:
+ * TimerHandle (OUT) = Caller supplied storage for the resulting handle
+ * DesiredAccess = Requested access to the timer
+ * ObjectAttribute = Initialized attributes for the object
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtOpenTimer(
+ OUT PHANDLE TimerHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes
+ );
+NTSTATUS
+STDCALL
+ZwOpenTimer(
+ OUT PHANDLE TimerHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes
+ );
+
+/*
+ * FUNCTION: Checks an access token for specific privileges
+ * ARGUMENTS:
+ * ClientToken = Handle to a access token structure
+ * RequiredPrivileges = Specifies the requested privileges.
+ * Result = Caller supplies storage for the result. If PRIVILEGE_SET_ALL_NECESSARY is
+ set in the Control member of PRIVILEGES_SET Result
+ will only be TRUE if all privileges are present in the access token.
+ * RETURNS: Status
+ */
+
+NTSTATUS
+STDCALL
+NtPrivilegeCheck(
+ IN HANDLE ClientToken,
+ IN PPRIVILEGE_SET RequiredPrivileges,
+ IN PBOOLEAN Result
+ );
+
+NTSTATUS
+STDCALL
+ZwPrivilegeCheck(
+ IN HANDLE ClientToken,
+ IN PPRIVILEGE_SET RequiredPrivileges,
+ IN PBOOLEAN Result
+ );
+
+NTSTATUS
+STDCALL
+NtPrivilegedServiceAuditAlarm(
+ IN PUNICODE_STRING SubsystemName,
+ IN PUNICODE_STRING ServiceName,
+ IN HANDLE ClientToken,
+ IN PPRIVILEGE_SET Privileges,
+ IN BOOLEAN AccessGranted
+ );
+
+NTSTATUS
+STDCALL
+ZwPrivilegedServiceAuditAlarm(
+ IN PUNICODE_STRING SubsystemName,
+ IN PUNICODE_STRING ServiceName,
+ IN HANDLE ClientToken,
+ IN PPRIVILEGE_SET Privileges,
+ IN BOOLEAN AccessGranted
+ );
+
+NTSTATUS
+STDCALL
+NtPrivilegeObjectAuditAlarm(
+ IN PUNICODE_STRING SubsystemName,
+ IN PVOID HandleId,
+ IN HANDLE ClientToken,
+ IN ULONG DesiredAccess,
+ IN PPRIVILEGE_SET Privileges,
+ IN BOOLEAN AccessGranted
+ );
+
+NTSTATUS
+STDCALL
+ZwPrivilegeObjectAuditAlarm(
+ IN PUNICODE_STRING SubsystemName,
+ IN PVOID HandleId,
+ IN HANDLE ClientToken,
+ IN ULONG DesiredAccess,
+ IN PPRIVILEGE_SET Privileges,
+ IN BOOLEAN AccessGranted
+ );
+
+/*
+ * FUNCTION: Entry point for native applications
+ * ARGUMENTS:
+ * Peb = Pointes to the Process Environment Block (PEB)
+ * REMARKS:
+ * Native applications should use this function instead of a main.
+ * Calling proces should terminate itself.
+ * RETURNS: Status
+ */
+VOID STDCALL
+NtProcessStartup(
+ IN PPEB Peb
+ );
+
+
+/*
+ * FUNCTION: Signals an event and resets it afterwards.
+ * ARGUMENTS:
+ * EventHandle = Handle to the event
+ * PulseCount = Number of times the action is repeated
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtPulseEvent(
+ IN HANDLE EventHandle,
+ IN PULONG PulseCount OPTIONAL
+ );
+
+NTSTATUS
+STDCALL
+ZwPulseEvent(
+ IN HANDLE EventHandle,
+ IN PULONG PulseCount OPTIONAL
+ );
+
+/*
+ * FUNCTION: Queries the attributes of a file
+ * ARGUMENTS:
+ * ObjectAttributes = Initialized attributes for the object
+ * Buffer = Caller supplies storage for the attributes
+ * RETURNS: Status
+ */
+
+NTSTATUS STDCALL
+NtQueryAttributesFile(IN POBJECT_ATTRIBUTES ObjectAttributes,
+ OUT PFILE_BASIC_INFORMATION FileInformation);
+
+NTSTATUS STDCALL
+ZwQueryAttributesFile(IN POBJECT_ATTRIBUTES ObjectAttributes,
+ OUT PFILE_BASIC_INFORMATION FileInformation);
+
+/*
+ * FUNCTION: Queries the default locale id
+ * ARGUMENTS:
+ * UserProfile = Type of locale id
+ * TRUE: thread locale id
+ * FALSE: system locale id
+ * DefaultLocaleId = Caller supplies storage for the locale id
+ * RETURNS: Status
+ */
+
+NTSTATUS
+STDCALL
+NtQueryDefaultLocale(
+ IN BOOLEAN UserProfile,
+ OUT PLCID DefaultLocaleId
+ );
+
+NTSTATUS
+STDCALL
+ZwQueryDefaultLocale(
+ IN BOOLEAN UserProfile,
+ OUT PLCID DefaultLocaleId
+ );
+
+/*
+ * FUNCTION: Queries a directory file.
+ * ARGUMENTS:
+ * FileHandle = Handle to a directory file
+ * EventHandle = Handle to the event signaled on completion
+ * ApcRoutine = Asynchroneous procedure callback, called on completion
+ * ApcContext = Argument to the apc.
+ * IoStatusBlock = Caller supplies storage for extended status information.
+ * FileInformation = Caller supplies storage for the resulting information.
+ *
+ * FileNameInformation FILE_NAMES_INFORMATION
+ * FileDirectoryInformation FILE_DIRECTORY_INFORMATION
+ * FileFullDirectoryInformation FILE_FULL_DIRECTORY_INFORMATION
+ * FileBothDirectoryInformation FILE_BOTH_DIR_INFORMATION
+ *
+ * Length = Size of the storage supplied
+ * FileInformationClass = Indicates the type of information requested.
+ * ReturnSingleEntry = Specify true if caller only requests the first directory found.
+ * FileName = Initial directory name to query, that may contain wild cards.
+ * RestartScan = Number of times the action should be repeated
+ * RETURNS: Status [ STATUS_SUCCESS, STATUS_ACCESS_DENIED, STATUS_INSUFFICIENT_RESOURCES,
+ * STATUS_INVALID_PARAMETER, STATUS_INVALID_DEVICE_REQUEST, STATUS_BUFFER_OVERFLOW,
+ * STATUS_INVALID_INFO_CLASS, STATUS_NO_SUCH_FILE, STATUS_NO_MORE_FILES ]
+ */
+
+NTSTATUS
+STDCALL
+NtQueryDirectoryFile(
+ IN HANDLE FileHandle,
+ IN HANDLE Event OPTIONAL,
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
+ IN PVOID ApcContext OPTIONAL,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ OUT PVOID FileInformation,
+ IN ULONG Length,
+ IN FILE_INFORMATION_CLASS FileInformationClass,
+ IN BOOLEAN ReturnSingleEntry,
+ IN PUNICODE_STRING FileName OPTIONAL,
+ IN BOOLEAN RestartScan
+ );
+
+NTSTATUS
+STDCALL
+ZwQueryDirectoryFile(
+ IN HANDLE FileHandle,
+ IN HANDLE Event OPTIONAL,
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
+ IN PVOID ApcContext OPTIONAL,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ OUT PVOID FileInformation,
+ IN ULONG Length,
+ IN FILE_INFORMATION_CLASS FileInformationClass,
+ IN BOOLEAN ReturnSingleEntry,
+ IN PUNICODE_STRING FileName OPTIONAL,
+ IN BOOLEAN RestartScan
+ );
+
+/*
+ * FUNCTION: Queries the extended attributes of a file
+ * ARGUMENTS:
+ * FileHandle = Handle to the event
+ * IoStatusBlock = Number of times the action is repeated
+ * Buffer
+ * Length
+ * ReturnSingleEntry
+ * EaList
+ * EaListLength
+ * EaIndex
+ * RestartScan
+ * RETURNS: Status
+ */
+
+NTSTATUS
+STDCALL
+NtQueryEaFile(
+ IN HANDLE FileHandle,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ OUT PVOID Buffer,
+ IN ULONG Length,
+ IN BOOLEAN ReturnSingleEntry,
+ IN PVOID EaList OPTIONAL,
+ IN ULONG EaListLength,
+ IN PULONG EaIndex OPTIONAL,
+ IN BOOLEAN RestartScan
+ );
+
+NTSTATUS
+STDCALL
+ZwQueryEaFile(
+ IN HANDLE FileHandle,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ OUT PVOID Buffer,
+ IN ULONG Length,
+ IN BOOLEAN ReturnSingleEntry,
+ IN PVOID EaList OPTIONAL,
+ IN ULONG EaListLength,
+ IN PULONG EaIndex OPTIONAL,
+ IN BOOLEAN RestartScan
+ );
+
+/*
+ * FUNCTION: Queries an event
+ * ARGUMENTS:
+ * EventHandle = Handle to the event
+ * EventInformationClass = Index of the information structure
+
+ EventBasicInformation EVENT_BASIC_INFORMATION
+
+ * EventInformation = Caller supplies storage for the information structure
+ * EventInformationLength = Size of the information structure
+ * ReturnLength = Data written
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtQueryEvent(
+ IN HANDLE EventHandle,
+ IN EVENT_INFORMATION_CLASS EventInformationClass,
+ OUT PVOID EventInformation,
+ IN ULONG EventInformationLength,
+ OUT PULONG ReturnLength
+ );
+NTSTATUS
+STDCALL
+ZwQueryEvent(
+ IN HANDLE EventHandle,
+ IN EVENT_INFORMATION_CLASS EventInformationClass,
+ OUT PVOID EventInformation,
+ IN ULONG EventInformationLength,
+ OUT PULONG ReturnLength
+ );
+
+NTSTATUS STDCALL
+NtQueryFullAttributesFile(IN POBJECT_ATTRIBUTES ObjectAttributes,
+ OUT PFILE_NETWORK_OPEN_INFORMATION FileInformation);
+
+NTSTATUS STDCALL
+ZwQueryFullAttributesFile(IN POBJECT_ATTRIBUTES ObjectAttributes,
+ OUT PFILE_NETWORK_OPEN_INFORMATION FileInformation);
+
+/*
+ * FUNCTION: Queries the information of a file object.
+ * ARGUMENTS:
+ * FileHandle = Handle to the file object
+ * IoStatusBlock = Caller supplies storage for extended information
+ * on the current operation.
+ * FileInformation = Storage for the new file information
+ * Lenght = Size of the storage for the file information.
+ * FileInformationClass = Indicates which file information is queried
+
+ FileDirectoryInformation FILE_DIRECTORY_INFORMATION
+ FileFullDirectoryInformation FILE_FULL_DIRECTORY_INFORMATION
+ FileBothDirectoryInformation FILE_BOTH_DIRECTORY_INFORMATION
+ FileBasicInformation FILE_BASIC_INFORMATION
+ FileStandardInformation FILE_STANDARD_INFORMATION
+ FileInternalInformation FILE_INTERNAL_INFORMATION
+ FileEaInformation FILE_EA_INFORMATION
+ FileAccessInformation FILE_ACCESS_INFORMATION
+ FileNameInformation FILE_NAME_INFORMATION
+ FileRenameInformation FILE_RENAME_INFORMATION
+ FileLinkInformation
+ FileNamesInformation FILE_NAMES_INFORMATION
+ FileDispositionInformation FILE_DISPOSITION_INFORMATION
+ FilePositionInformation FILE_POSITION_INFORMATION
+ FileFullEaInformation FILE_FULL_EA_INFORMATION
+ FileModeInformation FILE_MODE_INFORMATION
+ FileAlignmentInformation FILE_ALIGNMENT_INFORMATION
+ FileAllInformation FILE_ALL_INFORMATION
+
+ FileEndOfFileInformation FILE_END_OF_FILE_INFORMATION
+ FileAlternateNameInformation
+ FileStreamInformation FILE_STREAM_INFORMATION
+ FilePipeInformation
+ FilePipeLocalInformation
+ FilePipeRemoteInformation
+ FileMailslotQueryInformation
+ FileMailslotSetInformation
+ FileCompressionInformation FILE_COMPRESSION_INFORMATION
+ FileCopyOnWriteInformation
+ FileCompletionInformation IO_COMPLETION_CONTEXT
+ FileMoveClusterInformation
+ FileOleClassIdInformation
+ FileOleStateBitsInformation
+ FileNetworkOpenInformation FILE_NETWORK_OPEN_INFORMATION
+ FileObjectIdInformation
+ FileOleAllInformation
+ FileOleDirectoryInformation
+ FileContentIndexInformation
+ FileInheritContentIndexInformation
+ FileOleInformation
+ FileMaximumInformation
+
+ * REMARK:
+ * This procedure maps to the win32 GetShortPathName, GetLongPathName,
+ GetFullPathName, GetFileType, GetFileSize, GetFileTime functions.
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtQueryInformationFile(
+ IN HANDLE FileHandle,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ OUT PVOID FileInformation,
+ IN ULONG Length,
+ IN FILE_INFORMATION_CLASS FileInformationClass
+ );
+
+NTSTATUS
+STDCALL
+ZwQueryInformationFile(
+ HANDLE FileHandle,
+ PIO_STATUS_BLOCK IoStatusBlock,
+ PVOID FileInformation,
+ ULONG Length,
+ FILE_INFORMATION_CLASS FileInformationClass
+ );
+
+
+/*
+ * FUNCTION: Queries the information of a thread object.
+ * ARGUMENTS:
+ * ThreadHandle = Handle to the thread object
+ * ThreadInformationClass = Index to a certain information structure
+
+ ThreadBasicInformation THREAD_BASIC_INFORMATION
+ ThreadTimes KERNEL_USER_TIMES
+ ThreadPriority KPRIORITY
+ ThreadBasePriority KPRIORITY
+ ThreadAffinityMask KAFFINITY
+ ThreadImpersonationToken
+ ThreadDescriptorTableEntry
+ ThreadEnableAlignmentFaultFixup
+ ThreadEventPair
+ ThreadQuerySetWin32StartAddress
+ ThreadZeroTlsCell
+ ThreadPerformanceCount
+ ThreadAmILastThread BOOLEAN
+ ThreadIdealProcessor ULONG
+ ThreadPriorityBoost ULONG
+ MaxThreadInfoClass
+
+
+ * ThreadInformation = Caller supplies torage for the thread information
+ * ThreadInformationLength = Size of the thread information structure
+ * ReturnLength = Actual number of bytes written
+
+ * REMARK:
+ * This procedure maps to the win32 GetThreadTimes, GetThreadPriority,
+ GetThreadPriorityBoost functions.
+ * RETURNS: Status
+*/
+
+
+NTSTATUS
+STDCALL
+NtQueryInformationThread(
+ IN HANDLE ThreadHandle,
+ IN THREADINFOCLASS ThreadInformationClass,
+ OUT PVOID ThreadInformation,
+ IN ULONG ThreadInformationLength,
+ OUT PULONG ReturnLength
+ );
+
+
+NTSTATUS
+STDCALL
+NtQueryInformationToken(
+ IN HANDLE TokenHandle,
+ IN TOKEN_INFORMATION_CLASS TokenInformationClass,
+ OUT PVOID TokenInformation,
+ IN ULONG TokenInformationLength,
+ OUT PULONG ReturnLength
+ );
+
+NTSTATUS
+STDCALL
+ZwQueryInformationToken(
+ IN HANDLE TokenHandle,
+ IN TOKEN_INFORMATION_CLASS TokenInformationClass,
+ OUT PVOID TokenInformation,
+ IN ULONG TokenInformationLength,
+ OUT PULONG ReturnLength
+ );
+
+NTSTATUS
+STDCALL
+NtQueryIoCompletion(
+ IN HANDLE CompletionPort,
+ IN ULONG CompletionKey,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ OUT PULONG NumberOfBytesTransferred
+ );
+NTSTATUS
+STDCALL
+ZwQueryIoCompletion(
+ IN HANDLE CompletionPort,
+ IN ULONG CompletionKey,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ OUT PULONG NumberOfBytesTransferred
+ );
+
+
+/*
+ * FUNCTION: Queries the information of a registry key object.
+ * ARGUMENTS:
+ KeyHandle = Handle to a registry key
+ KeyInformationClass = Index to a certain information structure
+ KeyInformation = Caller supplies storage for resulting information
+ Length = Size of the supplied storage
+ ResultLength = Bytes written
+ */
+NTSTATUS
+STDCALL
+NtQueryKey(
+ IN HANDLE KeyHandle,
+ IN KEY_INFORMATION_CLASS KeyInformationClass,
+ OUT PVOID KeyInformation,
+ IN ULONG Length,
+ OUT PULONG ResultLength
+ );
+
+NTSTATUS
+STDCALL
+ZwQueryKey(
+ IN HANDLE KeyHandle,
+ IN KEY_INFORMATION_CLASS KeyInformationClass,
+ OUT PVOID KeyInformation,
+ IN ULONG Length,
+ OUT PULONG ResultLength
+ );
+
+
+// draft
+
+NTSTATUS
+STDCALL
+NtQueryMultipleValueKey(
+ IN HANDLE KeyHandle,
+ IN OUT PKEY_VALUE_ENTRY ValueList,
+ IN ULONG NumberOfValues,
+ OUT PVOID Buffer,
+ IN OUT PULONG Length,
+ OUT PULONG ReturnLength
+ );
+
+NTSTATUS
+STDCALL
+ZwQueryMultipleValueKey(
+ IN HANDLE KeyHandle,
+ IN OUT PKEY_VALUE_ENTRY ValueList,
+ IN ULONG NumberOfValues,
+ OUT PVOID Buffer,
+ IN OUT PULONG Length,
+ OUT PULONG ReturnLength
+ );
+
+/*
+ * FUNCTION: Queries the information of a mutant object.
+ * ARGUMENTS:
+ MutantHandle = Handle to a mutant
+ MutantInformationClass = Index to a certain information structure
+ MutantInformation = Caller supplies storage for resulting information
+ Length = Size of the supplied storage
+ ResultLength = Bytes written
+ */
+NTSTATUS
+STDCALL
+NtQueryMutant(
+ IN HANDLE MutantHandle,
+ IN CINT MutantInformationClass,
+ OUT PVOID MutantInformation,
+ IN ULONG Length,
+ OUT PULONG ResultLength
+ );
+
+NTSTATUS
+STDCALL
+ZwQueryMutant(
+ IN HANDLE MutantHandle,
+ IN CINT MutantInformationClass,
+ OUT PVOID MutantInformation,
+ IN ULONG Length,
+ OUT PULONG ResultLength
+ );
+
+/*
+ * FUNCTION: Queries the system ( high-resolution ) performance counter.
+ * ARGUMENTS:
+ * Counter = Performance counter
+ * Frequency = Performance frequency
+ * REMARKS:
+ This procedure queries a tick count faster than 10ms ( The resolution for Intel®-based CPUs is about 0.8 microseconds.)
+ This procedure maps to the win32 QueryPerformanceCounter, QueryPerformanceFrequency
+ * RETURNS: Status
+ *
+*/
+NTSTATUS
+STDCALL
+NtQueryPerformanceCounter(
+ IN PLARGE_INTEGER Counter,
+ IN PLARGE_INTEGER Frequency
+ );
+
+NTSTATUS
+STDCALL
+ZwQueryPerformanceCounter(
+ IN PLARGE_INTEGER Counter,
+ IN PLARGE_INTEGER Frequency
+ );
+
+/*
+ * FUNCTION: Queries the information of a semaphore.
+ * ARGUMENTS:
+ * SemaphoreHandle = Handle to the semaphore object
+ * SemaphoreInformationClass = Index to a certain information structure
+
+ SemaphoreBasicInformation SEMAPHORE_BASIC_INFORMATION
+
+ * SemaphoreInformation = Caller supplies storage for the semaphore information structure
+ * Length = Size of the infomation structure
+ */
+NTSTATUS
+STDCALL
+NtQuerySemaphore(
+ IN HANDLE SemaphoreHandle,
+ IN SEMAPHORE_INFORMATION_CLASS SemaphoreInformationClass,
+ OUT PVOID SemaphoreInformation,
+ IN ULONG Length,
+ OUT PULONG ReturnLength
+ );
+
+NTSTATUS
+STDCALL
+ZwQuerySemaphore(
+ IN HANDLE SemaphoreHandle,
+ IN SEMAPHORE_INFORMATION_CLASS SemaphoreInformationClass,
+ OUT PVOID SemaphoreInformation,
+ IN ULONG Length,
+ OUT PULONG ReturnLength
+ );
+
+
+/*
+ * FUNCTION: Queries the information of a symbolic link object.
+ * ARGUMENTS:
+ * SymbolicLinkHandle = Handle to the symbolic link object
+ * LinkTarget = resolved name of link
+ * DataWritten = size of the LinkName.
+ * RETURNS: Status
+ *
+*/
+NTSTATUS
+STDCALL
+NtQuerySymbolicLinkObject(
+ IN HANDLE SymLinkObjHandle,
+ OUT PUNICODE_STRING LinkTarget,
+ OUT PULONG DataWritten OPTIONAL
+ );
+
+NTSTATUS
+STDCALL
+ZwQuerySymbolicLinkObject(
+ IN HANDLE SymLinkObjHandle,
+ OUT PUNICODE_STRING LinkName,
+ OUT PULONG DataWritten OPTIONAL
+ );
+
+
+/*
+ * FUNCTION: Queries a system environment variable.
+ * ARGUMENTS:
+ * Name = Name of the variable
+ * Value (OUT) = value of the variable
+ * Length = size of the buffer
+ * ReturnLength = data written
+ * RETURNS: Status
+ *
+*/
+NTSTATUS
+STDCALL
+NtQuerySystemEnvironmentValue(
+ IN PUNICODE_STRING Name,
+ OUT PVOID Value,
+ ULONG Length,
+ PULONG ReturnLength
+ );
+
+NTSTATUS
+STDCALL
+ZwQuerySystemEnvironmentValue(
+ IN PUNICODE_STRING Name,
+ OUT PVOID Value,
+ ULONG Length,
+ PULONG ReturnLength
+ );
+
+
+/*
+ * FUNCTION: Queries the system information.
+ * ARGUMENTS:
+ * SystemInformationClass = Index to a certain information structure
+
+ SystemTimeAdjustmentInformation SYSTEM_TIME_ADJUSTMENT
+ SystemCacheInformation SYSTEM_CACHE_INFORMATION
+ SystemConfigurationInformation CONFIGURATION_INFORMATION
+
+ * SystemInformation = caller supplies storage for the information structure
+ * Length = size of the structure
+ ResultLength = Data written
+ * RETURNS: Status
+ *
+*/
+NTSTATUS
+STDCALL
+NtQuerySystemInformation(
+ IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
+ OUT PVOID SystemInformation,
+ IN ULONG Length,
+ OUT PULONG ResultLength
+ );
+
+NTSTATUS
+STDCALL
+ZwQuerySystemInformation(
+ IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
+ OUT PVOID SystemInformation,
+ IN ULONG Length,
+ OUT PULONG ResultLength
+ );
+
+/*
+ * FUNCTION: Queries information about a timer
+ * ARGUMENTS:
+ * TimerHandle = Handle to the timer
+ TimerValueInformationClass = Index to a certain information structure
+ TimerValueInformation = Caller supplies storage for the information structure
+ Length = Size of the information structure
+ ResultLength = Data written
+ * RETURNS: Status
+ *
+*/
+NTSTATUS
+STDCALL
+NtQueryTimer(
+ IN HANDLE TimerHandle,
+ IN CINT TimerInformationClass,
+ OUT PVOID TimerInformation,
+ IN ULONG Length,
+ OUT PULONG ResultLength
+ );
+NTSTATUS
+STDCALL
+ZwQueryTimer(
+ IN HANDLE TimerHandle,
+ IN CINT TimerInformationClass,
+ OUT PVOID TimerInformation,
+ IN ULONG Length,
+ OUT PULONG ResultLength
+ );
+
+/*
+ * FUNCTION: Queries the timer resolution
+ * ARGUMENTS:
+ * MinimumResolution (OUT) = Caller should supply storage for the resulting time.
+ Maximum Resolution (OUT) = Caller should supply storage for the resulting time.
+ ActualResolution (OUT) = Caller should supply storage for the resulting time.
+ * RETURNS: Status
+ *
+*/
+
+
+NTSTATUS
+STDCALL
+NtQueryTimerResolution (
+ OUT PULONG MinimumResolution,
+ OUT PULONG MaximumResolution,
+ OUT PULONG ActualResolution
+ );
+
+NTSTATUS
+STDCALL
+ZwQueryTimerResolution (
+ OUT PULONG MinimumResolution,
+ OUT PULONG MaximumResolution,
+ OUT PULONG ActualResolution
+ );
+
+/*
+ * FUNCTION: Queries a registry key value
+ * ARGUMENTS:
+ * KeyHandle = Handle to the registry key
+ ValueName = Name of the value in the registry key
+ KeyValueInformationClass = Index to a certain information structure
+
+ KeyValueBasicInformation = KEY_VALUE_BASIC_INFORMATION
+ KeyValueFullInformation = KEY_FULL_INFORMATION
+ KeyValuePartialInformation = KEY_VALUE_PARTIAL_INFORMATION
+
+ KeyValueInformation = Caller supplies storage for the information structure
+ Length = Size of the information structure
+ ResultLength = Data written
+ * RETURNS: Status
+ *
+*/
+NTSTATUS
+STDCALL
+NtQueryValueKey(
+ IN HANDLE KeyHandle,
+ IN PUNICODE_STRING ValueName,
+ IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass,
+ OUT PVOID KeyValueInformation,
+ IN ULONG Length,
+ OUT PULONG ResultLength
+ );
+
+NTSTATUS
+STDCALL
+ZwQueryValueKey(
+ IN HANDLE KeyHandle,
+ IN PUNICODE_STRING ValueName,
+ IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass,
+ OUT PVOID KeyValueInformation,
+ IN ULONG Length,
+ OUT PULONG ResultLength
+ );
+
+/*
+ * FUNCTION: Queries the volume information
+ * ARGUMENTS:
+ * FileHandle = Handle to a file object on the target volume
+ * IoStatusBlock = Caller should supply storage for additional status information
+ * ReturnLength = DataWritten
+ * FsInformation = Caller should supply storage for the information structure.
+ * Length = Size of the information structure
+ * FsInformationClass = Index to a information structure
+
+ FileFsVolumeInformation FILE_FS_VOLUME_INFORMATION
+ FileFsLabelInformation FILE_FS_LABEL_INFORMATION
+ FileFsSizeInformation FILE_FS_SIZE_INFORMATION
+ FileFsDeviceInformation FILE_FS_DEVICE_INFORMATION
+ FileFsAttributeInformation FILE_FS_ATTRIBUTE_INFORMATION
+ FileFsControlInformation
+ FileFsQuotaQueryInformation --
+ FileFsQuotaSetInformation --
+ FileFsMaximumInformation
+
+ * RETURNS: Status [ STATUS_SUCCESS | STATUS_INSUFFICIENT_RESOURCES | STATUS_INVALID_PARAMETER |
+ STATUS_INVALID_DEVICE_REQUEST | STATUS_BUFFER_OVERFLOW ]
+ *
+*/
+NTSTATUS
+STDCALL
+NtQueryVolumeInformationFile(
+ IN HANDLE FileHandle,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ OUT PVOID FsInformation,
+ IN ULONG Length,
+ IN FS_INFORMATION_CLASS FsInformationClass
+ );
+
+NTSTATUS
+STDCALL
+ZwQueryVolumeInformationFile(
+ IN HANDLE FileHandle,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ OUT PVOID FsInformation,
+ IN ULONG Length,
+ IN FS_INFORMATION_CLASS FsInformationClass
+ );
+// draft
+// FIXME: Should I specify if the apc is user or kernel mode somewhere ??
+/*
+ * FUNCTION: Queues a (user) apc to a thread.
+ * ARGUMENTS:
+ ThreadHandle = Thread to which the apc is queued.
+ ApcRoutine = Points to the apc routine
+ NormalContext = Argument to Apc Routine
+ * SystemArgument1 = Argument of the Apc Routine
+ SystemArgument2 = Argument of the Apc Routine
+ * REMARK: If the apc is queued against a thread of a different process than the calling thread
+ the apc routine should be specified in the address space of the queued thread's process.
+ * RETURNS: Status
+*/
+
+NTSTATUS
+STDCALL
+NtQueueApcThread(
+ HANDLE ThreadHandle,
+ PKNORMAL_ROUTINE ApcRoutine,
+ PVOID NormalContext,
+ PVOID SystemArgument1,
+ PVOID SystemArgument2);
+
+NTSTATUS
+STDCALL
+ZwQueueApcThread(
+ HANDLE ThreadHandle,
+ PKNORMAL_ROUTINE ApcRoutine,
+ PVOID NormalContext,
+ PVOID SystemArgument1,
+ PVOID SystemArgument2);
+
+
+/*
+ * FUNCTION: Raises an exception
+ * ARGUMENTS:
+ * ExceptionRecord = Structure specifying the exception
+ * Context = Context in which the excpetion is raised
+ * IsDebugger =
+ * RETURNS: Status
+ *
+*/
+
+NTSTATUS
+STDCALL
+NtRaiseException(
+ IN PEXCEPTION_RECORD ExceptionRecord,
+ IN PCONTEXT Context,
+ IN BOOLEAN SearchFrames
+ );
+
+NTSTATUS
+STDCALL
+ZwRaiseException(
+ IN PEXCEPTION_RECORD ExceptionRecord,
+ IN PCONTEXT Context,
+ IN BOOLEAN SearchFrames
+ );
+
+/*
+ * FUNCTION: Read a file
+ * ARGUMENTS:
+ * FileHandle = Handle of a file to read
+ * Event = This event is signalled when the read operation completes
+ * UserApcRoutine = Call back , if supplied Event should be NULL
+ * UserApcContext = Argument to the callback
+ * IoStatusBlock = Caller should supply storage for additional status information
+ * Buffer = Caller should supply storage to receive the information
+ * BufferLength = Size of the buffer
+ * ByteOffset = Offset to start reading the file
+ * Key = If a range is lock a matching key will allow the read to continue.
+ * RETURNS: Status
+ *
+ */
+
+NTSTATUS
+STDCALL
+NtReadFile(
+ IN HANDLE FileHandle,
+ IN HANDLE Event OPTIONAL,
+ IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL,
+ IN PVOID UserApcContext OPTIONAL,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ OUT PVOID Buffer,
+ IN ULONG BufferLength,
+ IN PLARGE_INTEGER ByteOffset OPTIONAL,
+ IN PULONG Key OPTIONAL
+ );
+
+NTSTATUS
+STDCALL
+ZwReadFile(
+ IN HANDLE FileHandle,
+ IN HANDLE Event OPTIONAL,
+ IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL,
+ IN PVOID UserApcContext OPTIONAL,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ OUT PVOID Buffer,
+ IN ULONG BufferLength,
+ IN PLARGE_INTEGER ByteOffset OPTIONAL,
+ IN PULONG Key OPTIONAL
+ );
+/*
+ * FUNCTION: Read a file using scattered io
+ * ARGUMENTS:
+ FileHandle = Handle of a file to read
+ Event = This event is signalled when the read operation completes
+ * UserApcRoutine = Call back , if supplied Event should be NULL
+ UserApcContext = Argument to the callback
+ IoStatusBlock = Caller should supply storage for additional status information
+ BufferDescription = Caller should supply storage to receive the information
+ BufferLength = Size of the buffer
+ ByteOffset = Offset to start reading the file
+ Key = Key = If a range is lock a matching key will allow the read to continue.
+ * RETURNS: Status
+ *
+*/
+NTSTATUS
+STDCALL
+NtReadFileScatter(
+ IN HANDLE FileHandle,
+ IN HANDLE Event OPTIONAL,
+ IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL,
+ IN PVOID UserApcContext OPTIONAL,
+ OUT PIO_STATUS_BLOCK UserIoStatusBlock,
+ IN FILE_SEGMENT_ELEMENT BufferDescription[],
+ IN ULONG BufferLength,
+ IN PLARGE_INTEGER ByteOffset,
+ IN PULONG Key OPTIONAL
+ );
+
+NTSTATUS
+STDCALL
+ZwReadFileScatter(
+ IN HANDLE FileHandle,
+ IN HANDLE Event OPTIONAL,
+ IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL,
+ IN PVOID UserApcContext OPTIONAL,
+ OUT PIO_STATUS_BLOCK UserIoStatusBlock,
+ IN FILE_SEGMENT_ELEMENT BufferDescription[],
+ IN ULONG BufferLength,
+ IN PLARGE_INTEGER ByteOffset,
+ IN PULONG Key OPTIONAL
+ );
+/*
+ * FUNCTION: Copies a range of virtual memory to a buffer
+ * ARGUMENTS:
+ * ProcessHandle = Specifies the process owning the virtual address space
+ * BaseAddress = Points to the address of virtual memory to start the read
+ * Buffer = Caller supplies storage to copy the virtual memory to.
+ * NumberOfBytesToRead = Limits the range to read
+ * NumberOfBytesRead = The actual number of bytes read.
+ * RETURNS: Status
+ */
+
+NTSTATUS
+STDCALL
+NtReadVirtualMemory(
+ IN HANDLE ProcessHandle,
+ IN PVOID BaseAddress,
+ OUT PVOID Buffer,
+ IN ULONG NumberOfBytesToRead,
+ OUT PULONG NumberOfBytesRead
+ );
+NTSTATUS
+STDCALL
+ZwReadVirtualMemory(
+ IN HANDLE ProcessHandle,
+ IN PVOID BaseAddress,
+ OUT PVOID Buffer,
+ IN ULONG NumberOfBytesToRead,
+ OUT PULONG NumberOfBytesRead
+ );
+
+
+/*
+ * FUNCTION: Debugger can register for thread termination
+ * ARGUMENTS:
+ * TerminationPort = Port on which the debugger likes to be notified.
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtRegisterThreadTerminatePort(
+ HANDLE TerminationPort
+ );
+NTSTATUS
+STDCALL
+ZwRegisterThreadTerminatePort(
+ HANDLE TerminationPort
+ );
+
+/*
+ * FUNCTION: Releases a mutant
+ * ARGUMENTS:
+ * MutantHandle = Handle to the mutant
+ * ReleaseCount =
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtReleaseMutant(
+ IN HANDLE MutantHandle,
+ IN PULONG ReleaseCount OPTIONAL
+ );
+
+NTSTATUS
+STDCALL
+ZwReleaseMutant(
+ IN HANDLE MutantHandle,
+ IN PULONG ReleaseCount OPTIONAL
+ );
+
+/*
+ * FUNCTION: Releases a semaphore
+ * ARGUMENTS:
+ * SemaphoreHandle = Handle to the semaphore object
+ * ReleaseCount = Number to decrease the semaphore count
+ * PreviousCount = Previous semaphore count
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtReleaseSemaphore(
+ IN HANDLE SemaphoreHandle,
+ IN LONG ReleaseCount,
+ OUT PLONG PreviousCount
+ );
+
+NTSTATUS
+STDCALL
+ZwReleaseSemaphore(
+ IN HANDLE SemaphoreHandle,
+ IN LONG ReleaseCount,
+ OUT PLONG PreviousCount
+ );
+
+/*
+ * FUNCTION: Removes an io completion
+ * ARGUMENTS:
+ * CompletionPort (OUT) = Caller supplied storage for the resulting handle
+ * CompletionKey = Requested access to the key
+ * IoStatusBlock = Caller provides storage for extended status information
+ * CompletionStatus = Current status of the io operation.
+ * WaitTime = Time to wait if ..
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtRemoveIoCompletion(
+ IN HANDLE CompletionPort,
+ OUT PULONG CompletionKey,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ OUT PULONG CompletionStatus,
+ IN PLARGE_INTEGER WaitTime
+ );
+
+NTSTATUS
+STDCALL
+ZwRemoveIoCompletion(
+ IN HANDLE CompletionPort,
+ OUT PULONG CompletionKey,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ OUT PULONG CompletionStatus,
+ IN PLARGE_INTEGER WaitTime
+ );
+/*
+ * FUNCTION: Replaces one registry key with another
+ * ARGUMENTS:
+ * ObjectAttributes = Specifies the attributes of the key
+ * Key = Handle to the key
+ * ReplacedObjectAttributes = The function returns the old object attributes
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtReplaceKey(
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ IN HANDLE Key,
+ IN POBJECT_ATTRIBUTES ReplacedObjectAttributes
+ );
+NTSTATUS
+STDCALL
+ZwReplaceKey(
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ IN HANDLE Key,
+ IN POBJECT_ATTRIBUTES ReplacedObjectAttributes
+ );
+
+/*
+ * FUNCTION: Resets a event to a non signaled state
+ * ARGUMENTS:
+ * EventHandle = Handle to the event that should be reset
+ * NumberOfWaitingThreads = The number of threads released.
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtResetEvent(
+ HANDLE EventHandle,
+ PULONG NumberOfWaitingThreads OPTIONAL
+ );
+NTSTATUS
+STDCALL
+ZwResetEvent(
+ HANDLE EventHandle,
+ PULONG NumberOfWaitingThreads OPTIONAL
+ );
+//draft
+NTSTATUS
+STDCALL
+NtRestoreKey(
+ HANDLE KeyHandle,
+ HANDLE FileHandle,
+ ULONG RestoreFlags
+ );
+
+NTSTATUS
+STDCALL
+ZwRestoreKey(
+ HANDLE KeyHandle,
+ HANDLE FileHandle,
+ ULONG RestoreFlags
+ );
+/*
+ * FUNCTION: Decrements a thread's resume count
+ * ARGUMENTS:
+ * ThreadHandle = Handle to the thread that should be resumed
+ * ResumeCount = The resulting resume count.
+ * REMARK:
+ * A thread is resumed if its suspend count is 0. This procedure maps to
+ * the win32 ResumeThread function. ( documentation about the the suspend count can be found here aswell )
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtResumeThread(
+ IN HANDLE ThreadHandle,
+ OUT PULONG SuspendCount
+ );
+NTSTATUS
+STDCALL
+ZwResumeThread(
+ IN HANDLE ThreadHandle,
+ OUT PULONG SuspendCount
+ );
+/*
+ * FUNCTION: Writes the content of a registry key to ascii file
+ * ARGUMENTS:
+ * KeyHandle = Handle to the key
+ * FileHandle = Handle of the file
+ * REMARKS:
+ This function maps to the Win32 RegSaveKey.
+ * RETURNS: Status
+ */
+
+NTSTATUS
+STDCALL
+NtSaveKey(
+ IN HANDLE KeyHandle,
+ IN HANDLE FileHandle
+ );
+NTSTATUS
+STDCALL
+ZwSaveKey(
+ IN HANDLE KeyHandle,
+ IN HANDLE FileHandle
+ );
+
+/*
+ * FUNCTION: Sets the context of a specified thread.
+ * ARGUMENTS:
+ * ThreadHandle = Handle to the thread
+ * Context = The processor context.
+ * RETURNS: Status
+ */
+
+NTSTATUS
+STDCALL
+NtSetContextThread(
+ IN HANDLE ThreadHandle,
+ IN PCONTEXT Context
+ );
+NTSTATUS
+STDCALL
+ZwSetContextThread(
+ IN HANDLE ThreadHandle,
+ IN PCONTEXT Context
+ );
+
+/*
+ * FUNCTION: Sets the default locale id
+ * ARGUMENTS:
+ * UserProfile = Type of locale id
+ * TRUE: thread locale id
+ * FALSE: system locale id
+ * DefaultLocaleId = Locale id
+ * RETURNS: Status
+ */
+
+NTSTATUS
+STDCALL
+NtSetDefaultLocale(
+ IN BOOLEAN UserProfile,
+ IN LCID DefaultLocaleId
+ );
+
+NTSTATUS
+STDCALL
+ZwSetDefaultLocale(
+ IN BOOLEAN UserProfile,
+ IN LCID DefaultLocaleId
+ );
+
+/*
+ * FUNCTION: Sets the default hard error port
+ * ARGUMENTS:
+ * PortHandle = Handle to the port
+ * NOTE: The hard error port is used for first change exception handling
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtSetDefaultHardErrorPort(
+ IN HANDLE PortHandle
+ );
+NTSTATUS
+STDCALL
+ZwSetDefaultHardErrorPort(
+ IN HANDLE PortHandle
+ );
+
+/*
+ * FUNCTION: Sets the extended attributes of a file.
+ * ARGUMENTS:
+ * FileHandle = Handle to the file
+ * IoStatusBlock = Storage for a resulting status and information
+ * on the current operation.
+ * EaBuffer = Extended Attributes buffer.
+ * EaBufferSize = Size of the extended attributes buffer
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtSetEaFile(
+ IN HANDLE FileHandle,
+ IN PIO_STATUS_BLOCK IoStatusBlock,
+ PVOID EaBuffer,
+ ULONG EaBufferSize
+ );
+NTSTATUS
+STDCALL
+ZwSetEaFile(
+ IN HANDLE FileHandle,
+ IN PIO_STATUS_BLOCK IoStatusBlock,
+ PVOID EaBuffer,
+ ULONG EaBufferSize
+ );
+
+//FIXME: should I return the event state ?
+
+/*
+ * FUNCTION: Sets the event to a signalled state.
+ * ARGUMENTS:
+ * EventHandle = Handle to the event
+ * NumberOfThreadsReleased = The number of threads released
+ * REMARK:
+ * This procedure maps to the win32 SetEvent function.
+ * RETURNS: Status
+ */
+
+NTSTATUS
+STDCALL
+NtSetEvent(
+ IN HANDLE EventHandle,
+ PULONG NumberOfThreadsReleased
+ );
+
+NTSTATUS
+STDCALL
+ZwSetEvent(
+ IN HANDLE EventHandle,
+ PULONG NumberOfThreadsReleased
+ );
+
+/*
+ * FUNCTION: Sets the high part of an event pair
+ * ARGUMENTS:
+ EventPair = Handle to the event pair
+ * RETURNS: Status
+*/
+
+NTSTATUS
+STDCALL
+NtSetHighEventPair(
+ IN HANDLE EventPairHandle
+ );
+
+NTSTATUS
+STDCALL
+ZwSetHighEventPair(
+ IN HANDLE EventPairHandle
+ );
+/*
+ * FUNCTION: Sets the high part of an event pair and wait for the low part
+ * ARGUMENTS:
+ EventPair = Handle to the event pair
+ * RETURNS: Status
+*/
+NTSTATUS
+STDCALL
+NtSetHighWaitLowEventPair(
+ IN HANDLE EventPairHandle
+ );
+NTSTATUS
+STDCALL
+ZwSetHighWaitLowEventPair(
+ IN HANDLE EventPairHandle
+ );
+
+/*
+ * FUNCTION: Sets the information of a file object.
+ * ARGUMENTS:
+ * FileHandle = Handle to the file object
+ * IoStatusBlock = Caller supplies storage for extended information
+ * on the current operation.
+ * FileInformation = Storage for the new file information
+ * Lenght = Size of the new file information.
+ * FileInformationClass = Indicates to a certain information structure
+
+ FileNameInformation FILE_NAME_INFORMATION
+ FileRenameInformation FILE_RENAME_INFORMATION
+ FileStreamInformation FILE_STREAM_INFORMATION
+ * FileCompletionInformation IO_COMPLETION_CONTEXT
+
+ * REMARK:
+ * This procedure maps to the win32 SetEndOfFile, SetFileAttributes,
+ * SetNamedPipeHandleState, SetMailslotInfo functions.
+ * RETURNS: Status
+ */
+
+
+NTSTATUS
+STDCALL
+NtSetInformationFile(
+ IN HANDLE FileHandle,
+ IN PIO_STATUS_BLOCK IoStatusBlock,
+ IN PVOID FileInformation,
+ IN ULONG Length,
+ IN FILE_INFORMATION_CLASS FileInformationClass
+ );
+NTSTATUS
+STDCALL
+ZwSetInformationFile(
+ IN HANDLE FileHandle,
+ IN PIO_STATUS_BLOCK IoStatusBlock,
+ IN PVOID FileInformation,
+ IN ULONG Length,
+ IN FILE_INFORMATION_CLASS FileInformationClass
+ );
+
+/*
+ * FUNCTION: Changes a set of thread specific parameters
+ * ARGUMENTS:
+ * ThreadHandle = Handle to the thread
+ * ThreadInformationClass = Index to the set of parameters to change.
+ * Can be one of the following values:
+ *
+ * ThreadBasicInformation THREAD_BASIC_INFORMATION
+ * ThreadPriority KPRIORITY //???
+ * ThreadBasePriority KPRIORITY
+ * ThreadAffinityMask KAFFINITY //??
+ * ThreadImpersonationToken ACCESS_TOKEN
+ * ThreadIdealProcessor ULONG
+ * ThreadPriorityBoost ULONG
+ *
+ * ThreadInformation = Caller supplies storage for parameters to set.
+ * ThreadInformationLength = Size of the storage supplied
+ * RETURNS: Status
+*/
+NTSTATUS
+STDCALL
+NtSetInformationThread(
+ IN HANDLE ThreadHandle,
+ IN THREADINFOCLASS ThreadInformationClass,
+ IN PVOID ThreadInformation,
+ IN ULONG ThreadInformationLength
+ );
+NTSTATUS
+STDCALL
+ZwSetInformationThread(
+ IN HANDLE ThreadHandle,
+ IN THREADINFOCLASS ThreadInformationClass,
+ IN PVOID ThreadInformation,
+ IN ULONG ThreadInformationLength
+ );
+
+/*
+ * FUNCTION: Changes a set of token specific parameters
+ * ARGUMENTS:
+ * TokenHandle = Handle to the token
+ * TokenInformationClass = Index to a certain information structure.
+ * Can be one of the following values:
+ *
+ TokenUser TOKEN_USER
+ TokenGroups TOKEN_GROUPS
+ TokenPrivileges TOKEN_PRIVILEGES
+ TokenOwner TOKEN_OWNER
+ TokenPrimaryGroup TOKEN_PRIMARY_GROUP
+ TokenDefaultDacl TOKEN_DEFAULT_DACL
+ TokenSource TOKEN_SOURCE
+ TokenType TOKEN_TYPE
+ TokenImpersonationLevel TOKEN_IMPERSONATION_LEVEL
+ TokenStatistics TOKEN_STATISTICS
+ *
+ * TokenInformation = Caller supplies storage for information structure.
+ * TokenInformationLength = Size of the information structure
+ * RETURNS: Status
+*/
+
+NTSTATUS
+STDCALL
+NtSetInformationToken(
+ IN HANDLE TokenHandle,
+ IN TOKEN_INFORMATION_CLASS TokenInformationClass,
+ OUT PVOID TokenInformation,
+ IN ULONG TokenInformationLength
+ );
+
+NTSTATUS
+STDCALL
+ZwSetInformationToken(
+ IN HANDLE TokenHandle,
+ IN TOKEN_INFORMATION_CLASS TokenInformationClass,
+ OUT PVOID TokenInformation,
+ IN ULONG TokenInformationLength
+ );
+
+
+/*
+ * FUNCTION: Sets an io completion
+ * ARGUMENTS:
+ * CompletionPort =
+ * CompletionKey =
+ * IoStatusBlock =
+ * NumberOfBytesToTransfer =
+ * NumberOfBytesTransferred =
+ * RETURNS: Status
+*/
+NTSTATUS
+STDCALL
+NtSetIoCompletion(
+ IN HANDLE CompletionPort,
+ IN ULONG CompletionKey,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN ULONG NumberOfBytesToTransfer,
+ OUT PULONG NumberOfBytesTransferred
+ );
+NTSTATUS
+STDCALL
+ZwSetIoCompletion(
+ IN HANDLE CompletionPort,
+ IN ULONG CompletionKey,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN ULONG NumberOfBytesToTransfer,
+ OUT PULONG NumberOfBytesTransferred
+ );
+
+/*
+ * FUNCTION: Set properties for profiling
+ * ARGUMENTS:
+ * Interval =
+ * ClockSource =
+ * RETURNS: Status
+ *
+ */
+
+NTSTATUS
+STDCALL
+NtSetIntervalProfile(
+ ULONG Interval,
+ KPROFILE_SOURCE ClockSource
+ );
+
+NTSTATUS
+STDCALL
+ZwSetIntervalProfile(
+ ULONG Interval,
+ KPROFILE_SOURCE ClockSource
+ );
+
+
+/*
+ * FUNCTION: Sets the low part of an event pair
+ * ARGUMENTS:
+ EventPair = Handle to the event pair
+ * RETURNS: Status
+*/
+
+NTSTATUS
+STDCALL
+NtSetLowEventPair(
+ HANDLE EventPair
+ );
+NTSTATUS
+STDCALL
+ZwSetLowEventPair(
+ HANDLE EventPair
+ );
+/*
+ * FUNCTION: Sets the low part of an event pair and wait for the high part
+ * ARGUMENTS:
+ EventPair = Handle to the event pair
+ * RETURNS: Status
+*/
+NTSTATUS
+STDCALL
+NtSetLowWaitHighEventPair(
+ HANDLE EventPair
+ );
+NTSTATUS
+STDCALL
+ZwSetLowWaitHighEventPair(
+ HANDLE EventPair
+ );
+
+NTSTATUS
+STDCALL
+NtSetSecurityObject(
+ IN HANDLE Handle,
+ IN SECURITY_INFORMATION SecurityInformation,
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor
+ );
+
+NTSTATUS
+STDCALL
+ZwSetSecurityObject(
+ IN HANDLE Handle,
+ IN SECURITY_INFORMATION SecurityInformation,
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor
+ );
+
+
+/*
+ * FUNCTION: Sets a system environment variable
+ * ARGUMENTS:
+ * ValueName = Name of the environment variable
+ * Value = Value of the environment variable
+ * RETURNS: Status
+*/
+NTSTATUS
+STDCALL
+NtSetSystemEnvironmentValue(
+ IN PUNICODE_STRING VariableName,
+ IN PUNICODE_STRING Value
+ );
+NTSTATUS
+STDCALL
+ZwSetSystemEnvironmentValue(
+ IN PUNICODE_STRING VariableName,
+ IN PUNICODE_STRING Value
+ );
+/*
+ * FUNCTION: Sets system parameters
+ * ARGUMENTS:
+ * SystemInformationClass = Index to a particular set of system parameters
+ * Can be one of the following values:
+ *
+ * SystemTimeAdjustmentInformation SYSTEM_TIME_ADJUSTMENT
+ *
+ * SystemInformation = Structure containing the parameters.
+ * SystemInformationLength = Size of the structure.
+ * RETURNS: Status
+*/
+NTSTATUS
+STDCALL
+NtSetSystemInformation(
+ IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
+ IN PVOID SystemInformation,
+ IN ULONG SystemInformationLength
+ );
+
+NTSTATUS
+STDCALL
+ZwSetSystemInformation(
+ IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
+ IN PVOID SystemInformation,
+ IN ULONG SystemInformationLength
+ );
+
+/*
+ * FUNCTION: Sets the system time
+ * ARGUMENTS:
+ * SystemTime = Old System time
+ * NewSystemTime = New System time
+ * RETURNS: Status
+*/
+NTSTATUS
+STDCALL
+NtSetSystemTime(
+ IN PLARGE_INTEGER SystemTime,
+ IN PLARGE_INTEGER NewSystemTime OPTIONAL
+ );
+NTSTATUS
+STDCALL
+ZwSetSystemTime(
+ IN PLARGE_INTEGER SystemTime,
+ IN PLARGE_INTEGER NewSystemTime OPTIONAL
+ );
+
+/*
+ * FUNCTION: Sets the frequency of the system timer
+ * ARGUMENTS:
+ * RequestedResolution =
+ * SetOrUnset =
+ * ActualResolution =
+ * RETURNS: Status
+*/
+NTSTATUS
+STDCALL
+NtSetTimerResolution(
+ IN ULONG RequestedResolution,
+ IN BOOL SetOrUnset,
+ OUT PULONG ActualResolution
+ );
+NTSTATUS
+STDCALL
+ZwSetTimerResolution(
+ IN ULONG RequestedResolution,
+ IN BOOL SetOrUnset,
+ OUT PULONG ActualResolution
+ );
+
+/*
+ * FUNCTION: Sets the value of a registry key
+ * ARGUMENTS:
+ * KeyHandle = Handle to a registry key
+ * ValueName = Name of the value entry to change
+ * TitleIndex = pointer to a structure containing the new volume information
+ * Type = Type of the registry key. Can be one of the values:
+ * REG_BINARY Unspecified binary data
+ * REG_DWORD A 32 bit value
+ * REG_DWORD_LITTLE_ENDIAN Same as REG_DWORD
+ * REG_DWORD_BIG_ENDIAN A 32 bit value whose least significant byte is at the highest address
+ * REG_EXPAND_SZ A zero terminated wide character string with unexpanded environment variables ( "%PATH%" )
+ * REG_LINK A zero terminated wide character string referring to a symbolic link.
+ * REG_MULTI_SZ A series of zero-terminated strings including a additional trailing zero
+ * REG_NONE Unspecified type
+ * REG_SZ A wide character string ( zero terminated )
+ * REG_RESOURCE_LIST ??
+ * REG_RESOURCE_REQUIREMENTS_LIST ??
+ * REG_FULL_RESOURCE_DESCRIPTOR ??
+ * Data = Contains the data for the registry key.
+ * DataSize = size of the data.
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtSetValueKey(
+ IN HANDLE KeyHandle,
+ IN PUNICODE_STRING ValueName,
+ IN ULONG TitleIndex OPTIONAL,
+ IN ULONG Type,
+ IN PVOID Data,
+ IN ULONG DataSize
+ );
+NTSTATUS
+STDCALL
+ZwSetValueKey(
+ IN HANDLE KeyHandle,
+ IN PUNICODE_STRING ValueName,
+ IN ULONG TitleIndex OPTIONAL,
+ IN ULONG Type,
+ IN PVOID Data,
+ IN ULONG DataSize
+ );
+
+/*
+ * FUNCTION: Sets the volume information.
+ * ARGUMENTS:
+ * FileHandle = Handle to the file
+ * IoStatusBlock = Caller should supply storage for additional status information
+ * VolumeInformation = pointer to a structure containing the new volume information
+ * Length = size of the structure.
+ * VolumeInformationClass = specifies the particular volume information to set
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtSetVolumeInformationFile(
+ IN HANDLE FileHandle,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN PVOID FsInformation,
+ IN ULONG Length,
+ IN FS_INFORMATION_CLASS FsInformationClass
+ );
+
+NTSTATUS
+STDCALL
+ZwSetVolumeInformationFile(
+ IN HANDLE FileHandle,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN PVOID FsInformation,
+ IN ULONG Length,
+ IN FS_INFORMATION_CLASS FsInformationClass
+ );
+
+/*
+ * FUNCTION: Shuts the system down
+ * ARGUMENTS:
+ * Action = Specifies the type of shutdown, it can be one of the following values:
+ * ShutdownNoReboot, ShutdownReboot, ShutdownPowerOff
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtShutdownSystem(
+ IN SHUTDOWN_ACTION Action
+ );
+
+NTSTATUS
+STDCALL
+ZwShutdownSystem(
+ IN SHUTDOWN_ACTION Action
+ );
+
+
+/* --- PROFILING --- */
+
+/*
+ * FUNCTION: Starts profiling
+ * ARGUMENTS:
+ * ProfileHandle = Handle to the profile
+ * RETURNS: Status
+ */
+
+NTSTATUS
+STDCALL
+NtStartProfile(
+ HANDLE ProfileHandle
+ );
+
+NTSTATUS
+STDCALL
+ZwStartProfile(
+ HANDLE ProfileHandle
+ );
+
+/*
+ * FUNCTION: Stops profiling
+ * ARGUMENTS:
+ * ProfileHandle = Handle to the profile
+ * RETURNS: Status
+ */
+
+NTSTATUS
+STDCALL
+NtStopProfile(
+ HANDLE ProfileHandle
+ );
+
+NTSTATUS
+STDCALL
+ZwStopProfile(
+ HANDLE ProfileHandle
+ );
+
+/* --- PROCESS MANAGEMENT --- */
+
+//--NtSystemDebugControl
+/*
+ * FUNCTION: Terminates the execution of a process.
+ * ARGUMENTS:
+ * ThreadHandle = Handle to the process
+ * ExitStatus = The exit status of the process to terminate with.
+ * REMARKS
+ Native applications should kill themselves using this function.
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtTerminateProcess(
+ IN HANDLE ProcessHandle ,
+ IN NTSTATUS ExitStatus
+ );
+NTSTATUS
+STDCALL
+ZwTerminateProcess(
+ IN HANDLE ProcessHandle ,
+ IN NTSTATUS ExitStatus
+ );
+
+/* --- DEVICE DRIVER CONTROL --- */
+
+/*
+ * FUNCTION: Unloads a driver.
+ * ARGUMENTS:
+ * DriverServiceName = Name of the driver to unload
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtUnloadDriver(
+ IN PUNICODE_STRING DriverServiceName
+ );
+NTSTATUS
+STDCALL
+ZwUnloadDriver(
+ IN PUNICODE_STRING DriverServiceName
+ );
+
+/* --- VIRTUAL MEMORY MANAGEMENT --- */
+
+/*
+ * FUNCTION: Writes a range of virtual memory
+ * ARGUMENTS:
+ * ProcessHandle = The handle to the process owning the address space.
+ * BaseAddress = The points to the address to write to
+ * Buffer = Pointer to the buffer to write
+ * NumberOfBytesToWrite = Offset to the upper boundary to write
+ * NumberOfBytesWritten = Total bytes written
+ * REMARKS:
+ * This function maps to the win32 WriteProcessMemory
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtWriteVirtualMemory(
+ IN HANDLE ProcessHandle,
+ IN PVOID BaseAddress,
+ IN PVOID Buffer,
+ IN ULONG NumberOfBytesToWrite,
+ OUT PULONG NumberOfBytesWritten
+ );
+
+NTSTATUS
+STDCALL
+ZwWriteVirtualMemory(
+ IN HANDLE ProcessHandle,
+ IN PVOID BaseAddress,
+ IN PVOID Buffer,
+ IN ULONG NumberOfBytesToWrite,
+ OUT PULONG NumberOfBytesWritten
+ );
+
+/*
+ * FUNCTION: Unmaps a piece of virtual memory backed by a file.
+ * ARGUMENTS:
+ * ProcessHandle = Handle to the process
+ * BaseAddress = The address where the mapping begins
+ * REMARK:
+ This procedure maps to the win32 UnMapViewOfFile
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtUnmapViewOfSection(
+ IN HANDLE ProcessHandle,
+ IN PVOID BaseAddress
+ );
+NTSTATUS
+STDCALL
+ZwUnmapViewOfSection(
+ IN HANDLE ProcessHandle,
+ IN PVOID BaseAddress
+ );
+
+/* --- OBJECT SYNCHRONIZATION --- */
+
+/*
+ * FUNCTION: Signals an object and wait for an other one.
+ * ARGUMENTS:
+ * SignalObject = Handle to the object that should be signaled
+ * WaitObject = Handle to the object that should be waited for
+ * Alertable = True if the wait is alertable
+ * Time = The time to wait
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtSignalAndWaitForSingleObject(
+ IN HANDLE SignalObject,
+ IN HANDLE WaitObject,
+ IN BOOLEAN Alertable,
+ IN PLARGE_INTEGER Time
+ );
+
+NTSTATUS
+STDCALL
+NtSignalAndWaitForSingleObject(
+ IN HANDLE SignalObject,
+ IN HANDLE WaitObject,
+ IN BOOLEAN Alertable,
+ IN PLARGE_INTEGER Time
+ );
+
+/*
+ * FUNCTION: Waits for an object to become signalled.
+ * ARGUMENTS:
+ * Object = The object handle
+ * Alertable = If true the wait is alertable.
+ * Time = The maximum wait time.
+ * REMARKS:
+ * This function maps to the win32 WaitForSingleObjectEx.
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtWaitForSingleObject (
+ IN HANDLE Object,
+ IN BOOLEAN Alertable,
+ IN PLARGE_INTEGER Time
+ );
+
+NTSTATUS
+STDCALL
+ZwWaitForSingleObject (
+ IN HANDLE Object,
+ IN BOOLEAN Alertable,
+ IN PLARGE_INTEGER Time
+ );
+
+/* --- EVENT PAIR OBJECT --- */
+
+/*
+ * FUNCTION: Waits for the high part of an eventpair to become signalled
+ * ARGUMENTS:
+ * EventPairHandle = Handle to the event pair.
+ * RETURNS: Status
+ */
+
+NTSTATUS
+STDCALL
+NtWaitHighEventPair(
+ IN HANDLE EventPairHandle
+ );
+
+NTSTATUS
+STDCALL
+ZwWaitHighEventPair(
+ IN HANDLE EventPairHandle
+ );
+
+/*
+ * FUNCTION: Waits for the low part of an eventpair to become signalled
+ * ARGUMENTS:
+ * EventPairHandle = Handle to the event pair.
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtWaitLowEventPair(
+ IN HANDLE EventPairHandle
+ );
+
+NTSTATUS
+STDCALL
+ZwWaitLowEventPair(
+ IN HANDLE EventPairHandle
+ );
+
+/* --- FILE MANAGEMENT --- */
+
+/*
+ * FUNCTION: Unlocks a range of bytes in a file.
+ * ARGUMENTS:
+ * FileHandle = Handle to the file
+ * IoStatusBlock = Caller should supply storage for a structure containing
+ * the completion status and information about the requested unlock operation.
+ The information field is set to the number of bytes unlocked.
+ * ByteOffset = Offset to start the range of bytes to unlock
+ * Length = Number of bytes to unlock.
+ * Key = Special value to enable other threads to unlock a file than the
+ thread that locked the file. The key supplied must match with the one obtained
+ in a previous call to NtLockFile.
+ * REMARK:
+ This procedure maps to the win32 procedure UnlockFileEx. STATUS_PENDING is returned if the lock could
+ not be obtained immediately, the device queue is busy and the IRP is queued.
+ * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES |
+ STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_RANGE_NOT_LOCKED ]
+ */
+NTSTATUS
+STDCALL
+NtUnlockFile(
+ IN HANDLE FileHandle,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN PLARGE_INTEGER ByteOffset,
+ IN PLARGE_INTEGER Lenght,
+ OUT PULONG Key OPTIONAL
+ );
+NTSTATUS
+STDCALL
+ZwUnlockFile(
+ IN HANDLE FileHandle,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN PLARGE_INTEGER ByteOffset,
+ IN PLARGE_INTEGER Lenght,
+ OUT PULONG Key OPTIONAL
+ );
+
+/*
+ * FUNCTION: Writes data to a file
+ * ARGUMENTS:
+ * FileHandle = The handle a file ( from NtCreateFile )
+ * Event = Specifies a event that will become signalled when the write operation completes.
+ * ApcRoutine = Asynchroneous Procedure Callback [ Should not be used by device drivers ]
+ * ApcContext = Argument to the Apc Routine
+ * IoStatusBlock = Caller should supply storage for a structure containing the completion status and information about the requested write operation.
+ * Buffer = Caller should supply storage for a buffer that will contain the information to be written to file.
+ * Length = Size in bytest of the buffer
+ * ByteOffset = Points to a file offset. If a combination of Length and BytesOfSet is past the end-of-file mark the file will be enlarged.
+ * BytesOffset is ignored if the file is created with FILE_APPEND_DATA in the DesiredAccess. BytesOffset is also ignored if
+ * the file is created with CreateOptions flags FILE_SYNCHRONOUS_IO_ALERT or FILE_SYNCHRONOUS_IO_NONALERT set, in that case a offset
+ * should be created by specifying FILE_USE_FILE_POINTER_POSITION.
+ * Key = Unused
+ * REMARKS:
+ * This function maps to the win32 WriteFile.
+ * Callers to NtWriteFile should run at IRQL PASSIVE_LEVEL.
+ * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES
+ STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_FILE_LOCK_CONFLICT ]
+ */
+NTSTATUS
+STDCALL
+NtWriteFile(
+ IN HANDLE FileHandle,
+ IN HANDLE Event OPTIONAL,
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
+ IN PVOID ApcContext OPTIONAL,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN PVOID Buffer,
+ IN ULONG Length,
+ IN PLARGE_INTEGER ByteOffset,
+ IN PULONG Key OPTIONAL
+ );
+
+NTSTATUS
+STDCALL
+ZwWriteFile(
+ IN HANDLE FileHandle,
+ IN HANDLE Event OPTIONAL,
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
+ IN PVOID ApcContext OPTIONAL,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN PVOID Buffer,
+ IN ULONG Length,
+ IN PLARGE_INTEGER ByteOffset ,
+ IN PULONG Key OPTIONAL
+ );
+
+/*
+ * FUNCTION: Writes a file
+ * ARGUMENTS:
+ * FileHandle = The handle of the file
+ * Event =
+ * ApcRoutine = Asynchroneous Procedure Callback [ Should not be used by device drivers ]
+ * ApcContext = Argument to the Apc Routine
+ * IoStatusBlock = Caller should supply storage for a structure containing the completion status and information about the requested write operation.
+ * BufferDescription = Caller should supply storage for a buffer that will contain the information to be written to file.
+ * BufferLength = Size in bytest of the buffer
+ * ByteOffset = Points to a file offset. If a combination of Length and BytesOfSet is past the end-of-file mark the file will be enlarged.
+ * BytesOffset is ignored if the file is created with FILE_APPEND_DATA in the DesiredAccess. BytesOffset is also ignored if
+ * the file is created with CreateOptions flags FILE_SYNCHRONOUS_IO_ALERT or FILE_SYNCHRONOUS_IO_NONALERT set, in that case a offset
+ * should be created by specifying FILE_USE_FILE_POINTER_POSITION. Use FILE_WRITE_TO_END_OF_FILE to write to the EOF.
+ * Key = If a matching key [ a key provided at NtLockFile ] is provided the write operation will continue even if a byte range is locked.
+ * REMARKS:
+ * This function maps to the win32 WriteFile.
+ * Callers to NtWriteFile should run at IRQL PASSIVE_LEVEL.
+ * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES
+ STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_FILE_LOCK_CONFLICT ]
+ */
+
+NTSTATUS
+STDCALL
+NtWriteFileGather(
+ IN HANDLE FileHandle,
+ IN HANDLE Event OPTIONAL,
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
+ IN PVOID ApcContext OPTIONAL,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN FILE_SEGMENT_ELEMENT BufferDescription[],
+ IN ULONG BufferLength,
+ IN PLARGE_INTEGER ByteOffset,
+ IN PULONG Key OPTIONAL
+ );
+
+NTSTATUS
+STDCALL
+ZwWriteFileGather(
+ IN HANDLE FileHandle,
+ IN HANDLE Event OPTIONAL,
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
+ IN PVOID ApcContext OPTIONAL,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN FILE_SEGMENT_ELEMENT BufferDescription[],
+ IN ULONG BufferLength,
+ IN PLARGE_INTEGER ByteOffset,
+ IN PULONG Key OPTIONAL
+ );
+
+
+/* --- THREAD MANAGEMENT --- */
+
+/*
+ * FUNCTION: Increments a thread's resume count
+ * ARGUMENTS:
+ * ThreadHandle = Handle to the thread that should be resumed
+ * PreviousSuspendCount = The resulting/previous suspend count.
+ * REMARK:
+ * A thread will be suspended if its suspend count is greater than 0. This procedure maps to
+ * the win32 SuspendThread function. ( documentation about the the suspend count can be found here aswell )
+ * The suspend count is not increased if it is greater than MAXIMUM_SUSPEND_COUNT.
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtSuspendThread(
+ IN HANDLE ThreadHandle,
+ IN PULONG PreviousSuspendCount
+ );
+
+NTSTATUS
+STDCALL
+ZwSuspendThread(
+ IN HANDLE ThreadHandle,
+ IN PULONG PreviousSuspendCount
+ );
+
+/*
+ * FUNCTION: Terminates the execution of a thread.
+ * ARGUMENTS:
+ * ThreadHandle = Handle to the thread
+ * ExitStatus = The exit status of the thread to terminate with.
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtTerminateThread(
+ IN HANDLE ThreadHandle ,
+ IN NTSTATUS ExitStatus
+ );
+NTSTATUS
+STDCALL
+ZwTerminateThread(
+ IN HANDLE ThreadHandle ,
+ IN NTSTATUS ExitStatus
+ );
+/*
+ * FUNCTION: Tests to see if there are any pending alerts for the calling thread
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtTestAlert(
+ VOID
+ );
+NTSTATUS
+STDCALL
+ZwTestAlert(
+ VOID
+ );
+
+/*
+ * FUNCTION: Yields the callers thread.
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtYieldExecution(
+ VOID
+ );
+
+NTSTATUS
+STDCALL
+ZwYieldExecution(
+ VOID
+ );
+
+/* --- PLUG AND PLAY --- */
+
+NTSTATUS
+STDCALL
+NtPlugPlayControl (
+ VOID
+ );
+
+NTSTATUS
+STDCALL
+NtGetPlugPlayEvent (
+ VOID
+ );
+
+/* --- POWER MANAGEMENT --- */
+
+NTSTATUS STDCALL
+NtSetSystemPowerState(IN POWER_ACTION SystemAction,
+ IN SYSTEM_POWER_STATE MinSystemState,
+ IN ULONG Flags);
+
+/* --- DEBUG SUBSYSTEM --- */
+
+NTSTATUS STDCALL
+NtSystemDebugControl(DEBUG_CONTROL_CODE ControlCode,
+ PVOID InputBuffer,
+ ULONG InputBufferLength,
+ PVOID OutputBuffer,
+ ULONG OutputBufferLength,
+ PULONG ReturnLength);
+
+/* --- VIRTUAL DOS MACHINE (VDM) --- */
+
+NTSTATUS
+STDCALL
+NtVdmControl (ULONG ControlCode, PVOID ControlData);
+
+
+/* --- WIN32 --- */
+
+NTSTATUS STDCALL
+NtW32Call(IN ULONG RoutineIndex,
+ IN PVOID Argument,
+ IN ULONG ArgumentLength,
+ OUT PVOID* Result OPTIONAL,
+ OUT PULONG ResultLength OPTIONAL);
+
+/* --- CHANNELS --- */
+
+NTSTATUS
+STDCALL
+NtCreateChannel (
+ VOID
+ );
+
+NTSTATUS
+STDCALL
+NtListenChannel (
+ VOID
+ );
+
+NTSTATUS
+STDCALL
+NtOpenChannel (
+ VOID
+ );
+
+NTSTATUS
+STDCALL
+NtReplyWaitSendChannel (
+ VOID
+ );
+
+NTSTATUS
+STDCALL
+NtSendWaitReplyChannel (
+ VOID
+ );
+
+NTSTATUS
+STDCALL
+NtSetContextChannel (
+ VOID
+ );
+
+/* --- MISCELLANEA --- */
+
+//NTSTATUS STDCALL NtSetLdtEntries(VOID);
+NTSTATUS
+STDCALL
+NtSetLdtEntries (
+ HANDLE Thread,
+ ULONG FirstEntry,
+ PULONG Entries
+ );
+
+NTSTATUS
+STDCALL
+NtQueryOleDirectoryFile (
+ VOID
+ );
+
+/*
+ * FUNCTION: Checks a clients access rights to a object
+ * ARGUMENTS:
+ * SecurityDescriptor = Security information against which the access is checked
+ * ClientToken = Represents a client
+ * DesiredAcces =
+ * GenericMapping =
+ * PrivilegeSet =
+ * ReturnLength = Bytes written
+ * GrantedAccess =
+ * AccessStatus = Indicates if the ClientToken allows the requested access
+ * REMARKS: The arguments map to the win32 AccessCheck
+ * RETURNS: Status
+ */
+
+NTSTATUS
+STDCALL
+NtAccessCheck(
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN HANDLE ClientToken,
+ IN ACCESS_MASK DesiredAcces,
+ IN PGENERIC_MAPPING GenericMapping,
+ OUT PPRIVILEGE_SET PrivilegeSet,
+ OUT PULONG ReturnLength,
+ OUT PULONG GrantedAccess,
+ OUT PBOOLEAN AccessStatus
+ );
+
+NTSTATUS
+STDCALL
+ZwAccessCheck(
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN HANDLE ClientToken,
+ IN ACCESS_MASK DesiredAcces,
+ IN PGENERIC_MAPPING GenericMapping,
+ OUT PPRIVILEGE_SET PrivilegeSet,
+ OUT PULONG ReturnLength,
+ OUT PULONG GrantedAccess,
+ OUT PBOOLEAN AccessStatus
+ );
+
+NTSTATUS
+STDCALL
+RtlOpenCurrentUser(
+ IN ACCESS_MASK DesiredAccess,
+ OUT PHANDLE KeyHandle);
+
+
+#ifndef __USE_W32API
+
+/*
+ * FUNCTION: Continues a thread with the specified context
+ * ARGUMENTS:
+ * Context = Specifies the processor context
+ * IrqLevel = Specifies the Interupt Request Level to continue with. Can
+ * be PASSIVE_LEVEL or APC_LEVEL
+ * REMARKS
+ * NtContinue can be used to continue after an exception or apc.
+ * RETURNS: Status
+ */
+//FIXME This function might need another parameter
+
+NTSTATUS
+STDCALL
+NtContinue(
+ IN PCONTEXT Context,
+ IN BOOLEAN TestAlert
+ );
+
+NTSTATUS STDCALL ZwContinue(IN PCONTEXT Context, IN CINT IrqLevel);
+
+/*
+ * FUNCTION: Retrieves the system time
+ * ARGUMENTS:
+ * CurrentTime (OUT) = Caller should supply storage for the resulting time.
+ * RETURNS: Status
+ *
+*/
+
+NTSTATUS
+STDCALL
+NtQuerySystemTime (
+ OUT TIME *CurrentTime
+ );
+
+NTSTATUS
+STDCALL
+ZwQuerySystemTime (
+ OUT TIME *CurrentTime
+ );
+
+/*
+ * FUNCTION: Loads a registry key.
+ * ARGUMENTS:
+ * KeyHandle = Handle to the registry key
+ * ObjectAttributes = ???
+ * Unknown3 = ???
+ * REMARK:
+ * This procedure maps to the win32 procedure RegLoadKey
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtLoadKey2 (
+ PHANDLE KeyHandle,
+ POBJECT_ATTRIBUTES ObjectAttributes,
+ ULONG Unknown3
+ );
+NTSTATUS
+STDCALL
+ZwLoadKey2 (
+ PHANDLE KeyHandle,
+ POBJECT_ATTRIBUTES ObjectAttributes,
+ ULONG Unknown3
+ );
+
+/*
+ * FUNCTION: Copies a handle from one process space to another
+ * ARGUMENTS:
+ * SourceProcessHandle = The source process owning the handle. The source process should have opened
+ * the SourceHandle with PROCESS_DUP_HANDLE access.
+ * SourceHandle = The handle to the object.
+ * TargetProcessHandle = The destination process owning the handle
+ * TargetHandle (OUT) = Caller should supply storage for the duplicated handle.
+ * DesiredAccess = The desired access to the handle.
+ * InheritHandle = Indicates wheter the new handle will be inheritable or not.
+ * Options = Specifies special actions upon duplicating the handle. Can be
+ * one of the values DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS.
+ * DUPLICATE_CLOSE_SOURCE specifies that the source handle should be
+ * closed after duplicating. DUPLICATE_SAME_ACCESS specifies to ignore
+ * the DesiredAccess paramter and just grant the same access to the new
+ * handle.
+ * RETURNS: Status
+ * REMARKS: This function maps to the win32 DuplicateHandle.
+ */
+
+NTSTATUS
+STDCALL
+NtDuplicateObject(
+ IN HANDLE SourceProcessHandle,
+ IN HANDLE SourceHandle,
+ IN HANDLE TargetProcessHandle,
+ OUT PHANDLE TargetHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN BOOLEAN InheritHandle,
+ IN ULONG Options
+ );
+
+NTSTATUS
+STDCALL
+ZwDuplicateObject(
+ IN HANDLE SourceProcessHandle,
+ IN PHANDLE SourceHandle,
+ IN HANDLE TargetProcessHandle,
+ OUT PHANDLE TargetHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN BOOLEAN InheritHandle,
+ IN ULONG Options
+ );
+
+/*
+ * FUNCTION: Checks a clients access rights to a object and issues a audit a alarm. ( it logs the access )
+ * ARGUMENTS:
+ * SubsystemName = Specifies the name of the subsystem, can be "WIN32" or "DEBUG"
+ * ObjectHandle =
+ * ObjectAttributes =
+ * DesiredAcces =
+ * GenericMapping =
+ * ObjectCreation =
+ * GrantedAccess =
+ * AccessStatus =
+ * GenerateOnClose =
+ * REMARKS: The arguments map to the win32 AccessCheck
+ * RETURNS: Status
+ */
+
+NTSTATUS
+STDCALL
+NtAccessCheckAndAuditAlarm(
+ IN PUNICODE_STRING SubsystemName,
+ IN PHANDLE ObjectHandle,
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ IN ACCESS_MASK DesiredAccess,
+ IN PGENERIC_MAPPING GenericMapping,
+ IN BOOLEAN ObjectCreation,
+ OUT PULONG GrantedAccess,
+ OUT PBOOLEAN AccessStatus,
+ OUT PBOOLEAN GenerateOnClose
+ );
+
+NTSTATUS
+STDCALL
+ZwAccessCheckAndAuditAlarm(
+ IN PUNICODE_STRING SubsystemName,
+ IN PHANDLE ObjectHandle,
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ IN ACCESS_MASK DesiredAccess,
+ IN PGENERIC_MAPPING GenericMapping,
+ IN BOOLEAN ObjectCreation,
+ OUT PULONG GrantedAccess,
+ OUT PBOOLEAN AccessStatus,
+ OUT PBOOLEAN GenerateOnClose
+ );
+
+/*
+ * FUNCTION: Adds an atom to the global atom table
+ * ARGUMENTS:
+ * AtomString = The string to add to the atom table.
+ * Atom (OUT) = Caller supplies storage for the resulting atom.
+ * REMARKS: The arguments map to the win32 add GlobalAddAtom.
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtAddAtom(
+ IN PWSTR AtomName,
+ IN OUT PRTL_ATOM Atom
+ );
+
+
+NTSTATUS
+STDCALL
+ZwAddAtom(
+ IN PWSTR AtomName,
+ IN OUT PRTL_ATOM Atom
+ );
+
+NTSTATUS
+STDCALL
+NtAllocateUuids(
+ PULARGE_INTEGER Time,
+ PULONG Range,
+ PULONG Sequence
+ );
+
+NTSTATUS
+STDCALL
+ZwAllocateUuids(
+ PULARGE_INTEGER Time,
+ PULONG Range,
+ PULONG Sequence
+ );
+
+/*
+ * FUNCTION: Cancels a timer
+ * ARGUMENTS:
+ * TimerHandle = Handle to the timer
+ * CurrentState = Specifies the state of the timer when cancelled.
+ * REMARKS:
+ * The arguments to this function map to the function CancelWaitableTimer.
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtCancelTimer(
+ IN HANDLE TimerHandle,
+ OUT PBOOLEAN CurrentState OPTIONAL
+ );
+
+NTSTATUS
+STDCALL
+ZwCancelTimer(
+ IN HANDLE TimerHandle,
+ OUT ULONG ElapsedTime
+ );
+
+/*
+ * FUNCTION: Creates a paging file.
+ * ARGUMENTS:
+ * FileName = Name of the pagefile
+ * InitialSize = Specifies the initial size in bytes
+ * MaximumSize = Specifies the maximum size in bytes
+ * Reserved = Reserved for future use
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtCreatePagingFile(
+ IN PUNICODE_STRING FileName,
+ IN PLARGE_INTEGER InitialSize,
+ IN PLARGE_INTEGER MaxiumSize,
+ IN ULONG Reserved
+ );
+
+NTSTATUS
+STDCALL
+ZwCreatePagingFile(
+ IN PUNICODE_STRING FileName,
+ IN PLARGE_INTEGER InitialSize,
+ IN PLARGE_INTEGER MaxiumSize,
+ IN ULONG Reserved
+ );
+
+/*
+ * FUNCTION: Creates a user mode thread
+ * ARGUMENTS:
+ * ThreadHandle (OUT) = Caller supplied storage for the resulting handle
+ * DesiredAccess = Specifies the allowed or desired access to the thread.
+ * ObjectAttributes = Initialized attributes for the object.
+ * ProcessHandle = Handle to the threads parent process.
+ * ClientId (OUT) = Caller supplies storage for returned process id and thread id.
+ * ThreadContext = Initial processor context for the thread.
+ * InitialTeb = Initial user mode stack context for the thread.
+ * CreateSuspended = Specifies if the thread is ready for scheduling
+ * REMARKS:
+ * This function maps to the win32 function CreateThread.
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtCreateThread(
+ OUT PHANDLE ThreadHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
+ IN HANDLE ProcessHandle,
+ OUT PCLIENT_ID ClientId,
+ IN PCONTEXT ThreadContext,
+ IN PINITIAL_TEB InitialTeb,
+ IN BOOLEAN CreateSuspended
+ );
+
+NTSTATUS
+STDCALL
+ZwCreateThread(
+ OUT PHANDLE ThreadHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
+ IN HANDLE ProcessHandle,
+ OUT PCLIENT_ID ClientId,
+ IN PCONTEXT ThreadContext,
+ IN PINITIAL_TEB InitialTeb,
+ IN BOOLEAN CreateSuspended
+ );
+
+NTSTATUS
+STDCALL
+NtDuplicateToken(
+ IN HANDLE ExistingToken,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
+ IN TOKEN_TYPE TokenType,
+ OUT PHANDLE NewToken
+ );
+
+NTSTATUS
+STDCALL
+ZwDuplicateToken(
+ IN HANDLE ExistingToken,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
+ IN TOKEN_TYPE TokenType,
+ OUT PHANDLE NewToken
+ );
+
+/*
+ * FUNCTION: Finds a atom
+ * ARGUMENTS:
+ * AtomName = Name to search for.
+ * Atom = Caller supplies storage for the resulting atom
+ * RETURNS: Status
+ * REMARKS:
+ * This funciton maps to the win32 GlobalFindAtom
+ */
+NTSTATUS
+STDCALL
+NtFindAtom(
+ IN PWSTR AtomName,
+ OUT PRTL_ATOM Atom OPTIONAL
+ );
+
+NTSTATUS
+STDCALL
+ZwFindAtom(
+ IN PWSTR AtomName,
+ OUT PRTL_ATOM Atom OPTIONAL
+ );
+
+/*
+ * FUNCTION: Flushes a the processors instruction cache
+ * ARGUMENTS:
+ * ProcessHandle = Points to the process owning the cache
+ * BaseAddress = // might this be a image address ????
+ * NumberOfBytesToFlush =
+ * RETURNS: Status
+ * REMARKS:
+ * This funciton is used by debuggers
+ */
+NTSTATUS
+STDCALL
+NtFlushInstructionCache(
+ IN HANDLE ProcessHandle,
+ IN PVOID BaseAddress,
+ IN UINT NumberOfBytesToFlush
+ );
+
+NTSTATUS
+STDCALL
+ZwFlushInstructionCache(
+ IN HANDLE ProcessHandle,
+ IN PVOID BaseAddress,
+ IN UINT NumberOfBytesToFlush
+ );
+
+/*
+ * FUNCTION: Flushes virtual memory to file
+ * ARGUMENTS:
+ * ProcessHandle = Points to the process that allocated the virtual memory
+ * BaseAddress = Points to the memory address
+ * NumberOfBytesToFlush = Limits the range to flush,
+ * NumberOfBytesFlushed = Actual number of bytes flushed
+ * RETURNS: Status
+ * REMARKS:
+ * Check return status on STATUS_NOT_MAPPED_DATA
+ */
+NTSTATUS
+STDCALL
+NtFlushVirtualMemory(
+ IN HANDLE ProcessHandle,
+ IN PVOID BaseAddress,
+ IN ULONG NumberOfBytesToFlush,
+ OUT PULONG NumberOfBytesFlushed OPTIONAL
+ );
+
+NTSTATUS
+STDCALL
+ZwFlushVirtualMemory(
+ IN HANDLE ProcessHandle,
+ IN PVOID BaseAddress,
+ IN ULONG NumberOfBytesToFlush,
+ OUT PULONG NumberOfBytesFlushed OPTIONAL
+ );
+
+/*
+ * FUNCTION: Retrieves the uptime of the system
+ * ARGUMENTS:
+ * UpTime = Number of clock ticks since boot.
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtGetTickCount(
+ PULONG UpTime
+ );
+
+NTSTATUS
+STDCALL
+ZwGetTickCount(
+ PULONG UpTime
+ );
+
+/*
+ * FUNCTION: Loads a registry key.
+ * ARGUMENTS:
+ * KeyHandle = Handle to the registry key
+ * ObjectAttributes = ???
+ * REMARK:
+ * This procedure maps to the win32 procedure RegLoadKey
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtLoadKey(
+ PHANDLE KeyHandle,
+ POBJECT_ATTRIBUTES ObjectAttributes
+ );
+
+NTSTATUS
+STDCALL
+ZwLoadKey(
+ PHANDLE KeyHandle,
+ POBJECT_ATTRIBUTES ObjectAttributes
+ );
+
+/*
+ * FUNCTION: Locks a range of virtual memory.
+ * ARGUMENTS:
+ * ProcessHandle = Handle to the process
+ * BaseAddress = Lower boundary of the range of bytes to lock.
+ * NumberOfBytesLock = Offset to the upper boundary.
+ * NumberOfBytesLocked (OUT) = Number of bytes actually locked.
+ * REMARK:
+ This procedure maps to the win32 procedure VirtualLock
+ * RETURNS: Status [STATUS_SUCCESS | STATUS_WAS_LOCKED ]
+ */
+NTSTATUS
+STDCALL
+NtLockVirtualMemory(
+ HANDLE ProcessHandle,
+ PVOID BaseAddress,
+ ULONG NumberOfBytesToLock,
+ PULONG NumberOfBytesLocked
+ );
+
+NTSTATUS
+STDCALL
+ZwLockVirtualMemory(
+ HANDLE ProcessHandle,
+ PVOID BaseAddress,
+ ULONG NumberOfBytesToLock,
+ PULONG NumberOfBytesLocked
+ );
+
+NTSTATUS
+STDCALL
+NtOpenObjectAuditAlarm(
+ IN PUNICODE_STRING SubsystemName,
+ IN PVOID HandleId,
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ IN HANDLE ClientToken,
+ IN ULONG DesiredAccess,
+ IN ULONG GrantedAccess,
+ IN PPRIVILEGE_SET Privileges,
+ IN BOOLEAN ObjectCreation,
+ IN BOOLEAN AccessGranted,
+ OUT PBOOLEAN GenerateOnClose
+ );
+
+NTSTATUS
+STDCALL
+ZwOpenObjectAuditAlarm(
+ IN PUNICODE_STRING SubsystemName,
+ IN PVOID HandleId,
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ IN HANDLE ClientToken,
+ IN ULONG DesiredAccess,
+ IN ULONG GrantedAccess,
+ IN PPRIVILEGE_SET Privileges,
+ IN BOOLEAN ObjectCreation,
+ IN BOOLEAN AccessGranted,
+ OUT PBOOLEAN GenerateOnClose
+ );
+
+/*
+ * FUNCTION: Set the access protection of a range of virtual memory
+ * ARGUMENTS:
+ * ProcessHandle = Handle to process owning the virtual address space
+ * BaseAddress = Start address
+ * NumberOfBytesToProtect = Delimits the range of virtual memory
+ * for which the new access protection holds
+ * NewAccessProtection = The new access proctection for the pages
+ * OldAccessProtection = Caller should supply storage for the old
+ * access protection
+ *
+ * REMARKS:
+ * The function maps to the win32 VirtualProtectEx
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtProtectVirtualMemory(
+ IN HANDLE ProcessHandle,
+ IN PVOID BaseAddress,
+ IN ULONG NumberOfBytesToProtect,
+ IN ULONG NewAccessProtection,
+ OUT PULONG OldAccessProtection
+ );
+
+NTSTATUS
+STDCALL
+ZwProtectVirtualMemory(
+ IN HANDLE ProcessHandle,
+ IN PVOID BaseAddress,
+ IN ULONG NumberOfBytesToProtect,
+ IN ULONG NewAccessProtection,
+ OUT PULONG OldAccessProtection
+ );
+
+NTSTATUS
+STDCALL
+NtQueryInformationAtom(
+ IN RTL_ATOM Atom,
+ IN ATOM_INFORMATION_CLASS AtomInformationClass,
+ OUT PVOID AtomInformation,
+ IN ULONG AtomInformationLength,
+ OUT PULONG ReturnLength OPTIONAL
+ );
+
+NTSTATUS
+STDCALL
+ZwQueryInformationAtom(
+ IN RTL_ATOM Atom,
+ IN ATOM_INFORMATION_CLASS AtomInformationClass,
+ OUT PVOID AtomInformation,
+ IN ULONG AtomInformationLength,
+ OUT PULONG ReturnLength OPTIONAL
+ );
+
+/*
+ * FUNCTION: Query information about the content of a directory object
+ * ARGUMENTS:
+ DirObjInformation = Buffer must be large enough to hold the name strings too
+ GetNextIndex = If TRUE :return the index of the next object in this directory in ObjectIndex
+ If FALSE: return the number of objects in this directory in ObjectIndex
+ IgnoreInputIndex= If TRUE: ignore input value of ObjectIndex always start at index 0
+ If FALSE use input value of ObjectIndex
+ ObjectIndex = zero based index of object in the directory depends on GetNextIndex and IgnoreInputIndex
+ DataWritten = Actual size of the ObjectIndex ???
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtQueryDirectoryObject(
+ IN HANDLE DirObjHandle,
+ OUT POBJDIR_INFORMATION DirObjInformation,
+ IN ULONG BufferLength,
+ IN BOOLEAN GetNextIndex,
+ IN BOOLEAN IgnoreInputIndex,
+ IN OUT PULONG ObjectIndex,
+ OUT PULONG DataWritten OPTIONAL
+ );
+
+NTSTATUS
+STDCALL
+ZwQueryDirectoryObject(
+ IN HANDLE DirObjHandle,
+ OUT POBJDIR_INFORMATION DirObjInformation,
+ IN ULONG BufferLength,
+ IN BOOLEAN GetNextIndex,
+ IN BOOLEAN IgnoreInputIndex,
+ IN OUT PULONG ObjectIndex,
+ OUT PULONG DataWritten OPTIONAL
+ );
+
+/*
+ * FUNCTION: Queries the information of a process object.
+ * ARGUMENTS:
+ * ProcessHandle = Handle to the process object
+ * ProcessInformation = Index to a certain information structure
+
+ ProcessBasicInformation PROCESS_BASIC_INFORMATION
+ ProcessQuotaLimits QUOTA_LIMITS
+ ProcessIoCounters IO_COUNTERS
+ ProcessVmCounters VM_COUNTERS
+ ProcessTimes KERNEL_USER_TIMES
+ ProcessBasePriority KPRIORITY
+ ProcessRaisePriority KPRIORITY
+ ProcessDebugPort HANDLE
+ ProcessExceptionPort HANDLE
+ ProcessAccessToken PROCESS_ACCESS_TOKEN
+ ProcessLdtInformation LDT_ENTRY ??
+ ProcessLdtSize ULONG
+ ProcessDefaultHardErrorMode ULONG
+ ProcessIoPortHandlers // kernel mode only
+ ProcessPooledUsageAndLimits POOLED_USAGE_AND_LIMITS
+ ProcessWorkingSetWatch PROCESS_WS_WATCH_INFORMATION
+ ProcessUserModeIOPL (I/O Privilege Level)
+ ProcessEnableAlignmentFaultFixup BOOLEAN
+ ProcessPriorityClass ULONG
+ ProcessWx86Information ULONG
+ ProcessHandleCount ULONG
+ ProcessAffinityMask ULONG
+ ProcessPooledQuotaLimits QUOTA_LIMITS
+ MaxProcessInfoClass
+
+ * ProcessInformation = Caller supplies storage for the process information structure
+ * ProcessInformationLength = Size of the process information structure
+ * ReturnLength = Actual number of bytes written
+
+ * REMARK:
+ * This procedure maps to the win32 GetProcessTimes, GetProcessVersion,
+ GetProcessWorkingSetSize, GetProcessPriorityBoost, GetProcessAffinityMask, GetPriorityClass,
+ GetProcessShutdownParameters functions.
+ * RETURNS: Status
+*/
+
+NTSTATUS
+STDCALL
+NtQueryInformationProcess(
+ IN HANDLE ProcessHandle,
+ IN CINT ProcessInformationClass,
+ OUT PVOID ProcessInformation,
+ IN ULONG ProcessInformationLength,
+ OUT PULONG ReturnLength
+ );
+
+NTSTATUS
+STDCALL
+ZwQueryInformationProcess(
+ IN HANDLE ProcessHandle,
+ IN CINT ProcessInformationClass,
+ OUT PVOID ProcessInformation,
+ IN ULONG ProcessInformationLength,
+ OUT PULONG ReturnLength
+ );
+
+/*
+ * FUNCTION: Query the interval and the clocksource for profiling
+ * ARGUMENTS:
+ Interval =
+ ClockSource =
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtQueryIntervalProfile(
+ OUT PULONG Interval,
+ OUT KPROFILE_SOURCE ClockSource
+ );
+
+NTSTATUS
+STDCALL
+ZwQueryIntervalProfile(
+ OUT PULONG Interval,
+ OUT KPROFILE_SOURCE ClockSource
+ );
+
+/*
+ * FUNCTION: Queries the information of a object.
+ * ARGUMENTS:
+ ObjectHandle = Handle to a object
+ ObjectInformationClass = Index to a certain information structure
+
+ ObjectBasicInformation
+ ObjectTypeInformation OBJECT_TYPE_INFORMATION
+ ObjectNameInformation OBJECT_NAME_INFORMATION
+ ObjectDataInformation OBJECT_DATA_INFORMATION
+
+ ObjectInformation = Caller supplies storage for resulting information
+ Length = Size of the supplied storage
+ ResultLength = Bytes written
+ */
+
+NTSTATUS
+STDCALL
+NtQueryObject(
+ IN HANDLE ObjectHandle,
+ IN CINT ObjectInformationClass,
+ OUT PVOID ObjectInformation,
+ IN ULONG Length,
+ OUT PULONG ResultLength
+ );
+
+NTSTATUS
+STDCALL
+ZwQueryObject(
+ IN HANDLE ObjectHandle,
+ IN CINT ObjectInformationClass,
+ OUT PVOID ObjectInformation,
+ IN ULONG Length,
+ OUT PULONG ResultLength
+ );
+
+NTSTATUS
+STDCALL
+NtQuerySecurityObject(
+ IN HANDLE Object,
+ IN CINT SecurityObjectInformationClass,
+ OUT PVOID SecurityObjectInformation,
+ IN ULONG Length,
+ OUT PULONG ReturnLength
+ );
+
+NTSTATUS
+STDCALL
+ZwQuerySecurityObject(
+ IN HANDLE Object,
+ IN CINT SecurityObjectInformationClass,
+ OUT PVOID SecurityObjectInformation,
+ IN ULONG Length,
+ OUT PULONG ReturnLength
+ );
+
+/*
+ * FUNCTION: Queries the virtual memory information.
+ * ARGUMENTS:
+ ProcessHandle = Process owning the virtual address space
+ BaseAddress = Points to the page where the information is queried for.
+ * VirtualMemoryInformationClass = Index to a certain information structure
+
+ MemoryBasicInformation MEMORY_BASIC_INFORMATION
+
+ * VirtualMemoryInformation = caller supplies storage for the information structure
+ * Length = size of the structure
+ ResultLength = Data written
+ * RETURNS: Status
+ *
+*/
+
+NTSTATUS
+STDCALL
+NtQueryVirtualMemory(
+ IN HANDLE ProcessHandle,
+ IN PVOID Address,
+ IN IN CINT VirtualMemoryInformationClass,
+ OUT PVOID VirtualMemoryInformation,
+ IN ULONG Length,
+ OUT PULONG ResultLength
+ );
+
+NTSTATUS
+STDCALL
+ZwQueryVirtualMemory(
+ IN HANDLE ProcessHandle,
+ IN PVOID Address,
+ IN IN CINT VirtualMemoryInformationClass,
+ OUT PVOID VirtualMemoryInformation,
+ IN ULONG Length,
+ OUT PULONG ResultLength
+ );
+
+/*
+ * FUNCTION: Raises a hard error (stops the system)
+ * ARGUMENTS:
+ * Status = Status code of the hard error
+ * Unknown2 = ??
+ * Unknown3 = ??
+ * Unknown4 = ??
+ * Unknown5 = ??
+ * Unknown6 = ??
+ * RETURNS: Status
+ *
+ */
+
+NTSTATUS
+STDCALL
+NtRaiseHardError(
+ IN NTSTATUS Status,
+ ULONG Unknown2,
+ ULONG Unknown3,
+ ULONG Unknown4,
+ ULONG Unknown5,
+ ULONG Unknown6
+ );
+
+NTSTATUS
+STDCALL
+ZwRaiseHardError(
+ IN NTSTATUS Status,
+ ULONG Unknown2,
+ ULONG Unknown3,
+ ULONG Unknown4,
+ ULONG Unknown5,
+ ULONG Unknown6
+ );
+
+/*
+ * FUNCTION: Sets the information of a registry key.
+ * ARGUMENTS:
+ * KeyHandle = Handle to the registry key
+ * KeyInformationClass = Index to the a certain information structure.
+ Can be one of the following values:
+
+ * KeyWriteTimeInformation KEY_WRITE_TIME_INFORMATION
+
+ KeyInformation = Storage for the new information
+ * KeyInformationLength = Size of the information strucure
+ * RETURNS: Status
+ */
+
+NTSTATUS
+STDCALL
+NtSetInformationKey(
+ IN HANDLE KeyHandle,
+ IN CINT KeyInformationClass,
+ IN PVOID KeyInformation,
+ IN ULONG KeyInformationLength
+ );
+
+NTSTATUS
+STDCALL
+ZwSetInformationKey(
+ IN HANDLE KeyHandle,
+ IN CINT KeyInformationClass,
+ IN PVOID KeyInformation,
+ IN ULONG KeyInformationLength
+ );
+
+/*
+ * FUNCTION: Changes a set of object specific parameters
+ * ARGUMENTS:
+ * ObjectHandle =
+ * ObjectInformationClass = Index to the set of parameters to change.
+
+
+ ObjectBasicInformation
+ ObjectTypeInformation OBJECT_TYPE_INFORMATION
+ ObjectAllInformation
+ ObjectDataInformation OBJECT_DATA_INFORMATION
+ ObjectNameInformation OBJECT_NAME_INFORMATION
+
+
+ * ObjectInformation = Caller supplies storage for parameters to set.
+ * Length = Size of the storage supplied
+ * RETURNS: Status
+*/
+NTSTATUS
+STDCALL
+NtSetInformationObject(
+ IN HANDLE ObjectHandle,
+ IN CINT ObjectInformationClass,
+ IN PVOID ObjectInformation,
+ IN ULONG Length
+ );
+
+NTSTATUS
+STDCALL
+ZwSetInformationObject(
+ IN HANDLE ObjectHandle,
+ IN CINT ObjectInformationClass,
+ IN PVOID ObjectInformation,
+ IN ULONG Length
+ );
+
+/*
+ * FUNCTION: Changes a set of process specific parameters
+ * ARGUMENTS:
+ * ProcessHandle = Handle to the process
+ * ProcessInformationClass = Index to a information structure.
+ *
+ * ProcessBasicInformation PROCESS_BASIC_INFORMATION
+ * ProcessQuotaLimits QUOTA_LIMITS
+ * ProcessBasePriority KPRIORITY
+ * ProcessRaisePriority KPRIORITY
+ * ProcessDebugPort HANDLE
+ * ProcessExceptionPort HANDLE
+ * ProcessAccessToken PROCESS_ACCESS_TOKEN
+ * ProcessDefaultHardErrorMode ULONG
+ * ProcessPriorityClass ULONG
+ * ProcessAffinityMask KAFFINITY //??
+ *
+ * ProcessInformation = Caller supplies storage for information to set.
+ * ProcessInformationLength = Size of the information structure
+ * RETURNS: Status
+*/
+NTSTATUS
+STDCALL
+NtSetInformationProcess(
+ IN HANDLE ProcessHandle,
+ IN CINT ProcessInformationClass,
+ IN PVOID ProcessInformation,
+ IN ULONG ProcessInformationLength
+ );
+
+NTSTATUS
+STDCALL
+ZwSetInformationProcess(
+ IN HANDLE ProcessHandle,
+ IN CINT ProcessInformationClass,
+ IN PVOID ProcessInformation,
+ IN ULONG ProcessInformationLength
+ );
+
+/*
+ * FUNCTION: Sets the characteristics of a timer
+ * ARGUMENTS:
+ * TimerHandle = Handle to the timer
+ * DueTime = Time before the timer becomes signalled for the first time.
+ * TimerApcRoutine = Completion routine can be called on time completion
+ * TimerContext = Argument to the completion routine
+ * Resume = Specifies if the timer should repeated after completing one cycle
+ * Period = Cycle of the timer
+ * REMARKS: This routine maps to the win32 SetWaitableTimer.
+ * RETURNS: Status
+*/
+NTSTATUS
+STDCALL
+NtSetTimer(
+ IN HANDLE TimerHandle,
+ IN PLARGE_INTEGER DueTime,
+ IN PTIMERAPCROUTINE TimerApcRoutine,
+ IN PVOID TimerContext,
+ IN BOOL WakeTimer,
+ IN ULONG Period OPTIONAL,
+ OUT PBOOLEAN PreviousState OPTIONAL
+ );
+
+NTSTATUS
+STDCALL
+ZwSetTimer(
+ IN HANDLE TimerHandle,
+ IN PLARGE_INTEGER DueTime,
+ IN PTIMERAPCROUTINE TimerApcRoutine,
+ IN PVOID TimerContext,
+ IN BOOL WakeTimer,
+ IN ULONG Period OPTIONAL,
+ OUT PBOOLEAN PreviousState OPTIONAL
+ );
+
+/*
+ * FUNCTION: Unloads a registry key.
+ * ARGUMENTS:
+ * KeyHandle = Handle to the registry key
+ * REMARK:
+ * This procedure maps to the win32 procedure RegUnloadKey
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtUnloadKey(
+ HANDLE KeyHandle
+ );
+
+NTSTATUS
+STDCALL
+ZwUnloadKey(
+ HANDLE KeyHandle
+ );
+
+/*
+ * FUNCTION: Unlocks a range of virtual memory.
+ * ARGUMENTS:
+ * ProcessHandle = Handle to the process
+ * BaseAddress = Lower boundary of the range of bytes to unlock.
+ * NumberOfBytesToUnlock = Offset to the upper boundary to unlock.
+ * NumberOfBytesUnlocked (OUT) = Number of bytes actually unlocked.
+ * REMARK:
+ This procedure maps to the win32 procedure VirtualUnlock
+ * RETURNS: Status [ STATUS_SUCCESS | STATUS_PAGE_WAS_ULOCKED ]
+ */
+NTSTATUS
+STDCALL
+NtUnlockVirtualMemory(
+ IN HANDLE ProcessHandle,
+ IN PVOID BaseAddress,
+ IN ULONG NumberOfBytesToUnlock,
+ OUT PULONG NumberOfBytesUnlocked OPTIONAL
+ );
+
+NTSTATUS
+STDCALL
+ZwUnlockVirtualMemory(
+ IN HANDLE ProcessHandle,
+ IN PVOID BaseAddress,
+ IN ULONG NumberOfBytesToUnlock,
+ OUT PULONG NumberOfBytesUnlocked OPTIONAL
+ );
+
+/*
+ * FUNCTION: Waits for multiple objects to become signalled.
+ * ARGUMENTS:
+ * Count = The number of objects
+ * Object = The array of object handles
+ * WaitType = Can be one of the values UserMode or KernelMode
+ * Alertable = If true the wait is alertable.
+ * Time = The maximum wait time.
+ * REMARKS:
+ * This function maps to the win32 WaitForMultipleObjectEx.
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtWaitForMultipleObjects (
+ IN ULONG Count,
+ IN HANDLE Object[],
+ IN CINT WaitType,
+ IN BOOLEAN Alertable,
+ IN PLARGE_INTEGER Time
+ );
+
+NTSTATUS
+STDCALL
+ZwWaitForMultipleObjects (
+ IN ULONG Count,
+ IN HANDLE Object[],
+ IN CINT WaitType,
+ IN BOOLEAN Alertable,
+ IN PLARGE_INTEGER Time
+ );
+
+/*
+ * FUNCTION: Creates a profile
+ * ARGUMENTS:
+ * ProfileHandle (OUT) = Caller supplied storage for the resulting handle
+ * ObjectAttribute = Initialized attributes for the object
+ * ImageBase = Start address of executable image
+ * ImageSize = Size of the image
+ * Granularity = Bucket size
+ * Buffer = Caller supplies buffer for profiling info
+ * ProfilingSize = Buffer size
+ * ClockSource = Specify 0 / FALSE ??
+ * ProcessorMask = A value of -1 indicates disables per processor profiling,
+ otherwise bit set for the processor to profile.
+ * REMARKS:
+ * This function maps to the win32 CreateProcess.
+ * RETURNS: Status
+ */
+
+NTSTATUS
+STDCALL
+NtCreateProfile(OUT PHANDLE ProfileHandle,
+ IN HANDLE ProcessHandle,
+ IN PVOID ImageBase,
+ IN ULONG ImageSize,
+ IN ULONG Granularity,
+ OUT PULONG Buffer,
+ IN ULONG ProfilingSize,
+ IN KPROFILE_SOURCE Source,
+ IN ULONG ProcessorMask);
+
+NTSTATUS
+STDCALL
+ZwCreateProfile(
+ OUT PHANDLE ProfileHandle,
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ IN ULONG ImageBase,
+ IN ULONG ImageSize,
+ IN ULONG Granularity,
+ OUT PVOID Buffer,
+ IN ULONG ProfilingSize,
+ IN ULONG ClockSource,
+ IN ULONG ProcessorMask
+ );
+
+/*
+ * FUNCTION: Delays the execution of the calling thread.
+ * ARGUMENTS:
+ * Alertable = If TRUE the thread is alertable during is wait period
+ * Interval = Specifies the interval to wait.
+ * RETURNS: Status
+ */
+
+NTSTATUS
+STDCALL
+NtDelayExecution(
+ IN ULONG Alertable,
+ IN TIME *Interval
+ );
+
+NTSTATUS
+STDCALL
+ZwDelayExecution(
+ IN BOOLEAN Alertable,
+ IN TIME *Interval
+ );
+
+/*
+ * FUNCTION: Extends a section
+ * ARGUMENTS:
+ * SectionHandle = Handle to the section
+ * NewMaximumSize = Adjusted size
+ * RETURNS: Status
+ */
+NTSTATUS
+STDCALL
+NtExtendSection(
+ IN HANDLE SectionHandle,
+ IN ULONG NewMaximumSize
+ );
+
+NTSTATUS
+STDCALL
+ZwExtendSection(
+ IN HANDLE SectionHandle,
+ IN ULONG NewMaximumSize
+ );
+
+/*
+ * FUNCTION: Queries the information of a section object.
+ * ARGUMENTS:
+ * SectionHandle = Handle to the section link object
+ * SectionInformationClass = Index to a certain information structure
+ * SectionInformation (OUT)= Caller supplies storage for resulting information
+ * Length = Size of the supplied storage
+ * ResultLength = Data written
+ * RETURNS: Status
+ *
+*/
+NTSTATUS
+STDCALL
+NtQuerySection(
+ IN HANDLE SectionHandle,
+ IN CINT SectionInformationClass,
+ OUT PVOID SectionInformation,
+ IN ULONG Length,
+ OUT PULONG ResultLength
+ );
+
+NTSTATUS
+STDCALL
+ZwQuerySection(
+ IN HANDLE SectionHandle,
+ IN CINT SectionInformationClass,
+ OUT PVOID SectionInformation,
+ IN ULONG Length,
+ OUT PULONG ResultLength
+ );
+
+typedef struct _SECTION_IMAGE_INFORMATION
+{
+ PVOID EntryPoint;
+ ULONG Unknown1;
+ ULONG StackReserve;
+ ULONG StackCommit;
+ ULONG Subsystem;
+ USHORT MinorSubsystemVersion;
+ USHORT MajorSubsystemVersion;
+ ULONG Unknown2;
+ ULONG Characteristics;
+ USHORT ImageNumber;
+ BOOLEAN Executable;
+ UCHAR Unknown3;
+ ULONG Unknown4[3];
+} SECTION_IMAGE_INFORMATION, *PSECTION_IMAGE_INFORMATION;
+
+#endif /* !__USE_W32API */
+
+#endif /* __DDK_ZW_H */
-#ifndef __INCLUDE_DDK_ZWTYPES_H\r
-#define __INCLUDE_DDK_ZWTYPES_H\r
+#ifndef __INCLUDE_DDK_ZWTYPES_H
+#define __INCLUDE_DDK_ZWTYPES_H
#ifndef __USE_W32API
-\r
-typedef enum _DEBUG_CONTROL_CODE\r
-{\r
- DebugGetTraceInformation = 1,\r
- DebugSetInternalBreakpoint,\r
- DebugSetSpecialCalls,\r
- DebugClearSpecialCalls,\r
- DebugQuerySpecialCalls,\r
- DebugDbgBreakPoint,\r
- DebugDbgLoadSymbols\r
-} DEBUG_CONTROL_CODE;\r
-\r
-typedef enum _KPROFILE_SOURCE\r
-{\r
- ProfileTime\r
-} KPROFILE_SOURCE;\r
-\r
-// file disposition values\r
-\r
-#define FILE_SUPERSEDE 0x0000\r
-#define FILE_OPEN 0x0001\r
-#define FILE_CREATE 0x0002\r
-#define FILE_OPEN_IF 0x0003\r
-#define FILE_OVERWRITE 0x0004\r
-#define FILE_OVERWRITE_IF 0x0005\r
-#define FILE_MAXIMUM_DISPOSITION 0x0005\r
-\r
-// job query / set information class\r
-\r
-typedef enum _JOBOBJECTINFOCLASS { // Q S\r
- JobObjectBasicAccountingInformation = 1, // Y N\r
- JobObjectBasicLimitInformation, // Y Y\r
- JobObjectBasicProcessIdList, // Y N\r
- JobObjectBasicUIRestrictions, // Y Y\r
- JobObjectSecurityLimitInformation, // Y Y\r
- JobObjectEndOfJobTimeInformation, // N Y\r
- JobObjectAssociateCompletionPortInformation, // N Y\r
- JobObjectBasicAndIoAccountingInformation, // Y N\r
- JobObjectExtendedLimitInformation, // Y Y\r
-} JOBOBJECTINFOCLASS;\r
-\r
-// system information\r
-// {Nt|Zw}{Query|Set}SystemInformation\r
-// (GN means Gary Nebbet in "NT/W2K Native API Reference")\r
-\r
-typedef\r
-enum _SYSTEM_INFORMATION_CLASS\r
-{\r
- SystemInformationClassMin = 0,\r
- SystemBasicInformation = 0, /* Q */\r
- \r
- SystemProcessorInformation = 1, /* Q */\r
- \r
- SystemPerformanceInformation = 2, /* Q */\r
- \r
- SystemTimeOfDayInformation = 3, /* Q */\r
- \r
- SystemPathInformation = 4, /* Q (checked build only) */\r
- SystemNotImplemented1 = 4, /* Q (GN) */\r
- \r
- SystemProcessInformation = 5, /* Q */\r
- SystemProcessesAndThreadsInformation = 5, /* Q (GN) */\r
- \r
- SystemCallCountInfoInformation = 6, /* Q */\r
- SystemCallCounts = 6, /* Q (GN) */\r
- \r
- SystemDeviceInformation = 7, /* Q */\r
-// It conflicts with symbol in ntoskrnl/io/resource.c\r
-// SystemConfigurationInformation = 7, /* Q (GN) */\r
- \r
- SystemProcessorPerformanceInformation = 8, /* Q */\r
- SystemProcessorTimes = 8, /* Q (GN) */\r
- \r
- SystemFlagsInformation = 9, /* QS */\r
- SystemGlobalFlag = 9, /* QS (GN) */\r
- \r
- SystemCallTimeInformation = 10,\r
- SystemNotImplemented2 = 10, /* (GN) */\r
- \r
- SystemModuleInformation = 11, /* Q */\r
- \r
- SystemLocksInformation = 12, /* Q */\r
- SystemLockInformation = 12, /* Q (GN) */\r
- \r
- SystemStackTraceInformation = 13,\r
- SystemNotImplemented3 = 13, /* Q (GN) */\r
- \r
- SystemPagedPoolInformation = 14,\r
- SystemNotImplemented4 = 14, /* Q (GN) */\r
- \r
- SystemNonPagedPoolInformation = 15,\r
- SystemNotImplemented5 = 15, /* Q (GN) */\r
- \r
- SystemHandleInformation = 16, /* Q */\r
- \r
- SystemObjectInformation = 17, /* Q */\r
- \r
- SystemPageFileInformation = 18, /* Q */\r
- SystemPagefileInformation = 18, /* Q (GN) */\r
- \r
- SystemVdmInstemulInformation = 19, /* Q */\r
- SystemInstructionEmulationCounts = 19, /* Q (GN) */\r
- \r
- SystemVdmBopInformation = 20,\r
- SystemInvalidInfoClass1 = 20, /* (GN) */\r
- \r
- SystemFileCacheInformation = 21, /* QS */\r
- SystemCacheInformation = 21, /* QS (GN) */\r
- \r
- SystemPoolTagInformation = 22, /* Q (checked build only) */\r
- \r
- SystemInterruptInformation = 23, /* Q */\r
- SystemProcessorStatistics = 23, /* Q (GN) */\r
- \r
- SystemDpcBehaviourInformation = 24, /* QS */\r
- SystemDpcInformation = 24, /* QS (GN) */\r
- \r
- SystemFullMemoryInformation = 25,\r
- SystemNotImplemented6 = 25, /* (GN) */\r
- \r
- SystemLoadImage = 26, /* S (callable) (GN) */\r
- \r
- SystemUnloadImage = 27, /* S (callable) (GN) */\r
- \r
- SystemTimeAdjustmentInformation = 28, /* QS */\r
- SystemTimeAdjustment = 28, /* QS (GN) */\r
- \r
- SystemSummaryMemoryInformation = 29,\r
- SystemNotImplemented7 = 29, /* (GN) */\r
- \r
- SystemNextEventIdInformation = 30,\r
- SystemNotImplemented8 = 30, /* (GN) */\r
- \r
- SystemEventIdsInformation = 31,\r
- SystemNotImplemented9 = 31, /* (GN) */\r
- \r
- SystemCrashDumpInformation = 32, /* Q */\r
- \r
- SystemExceptionInformation = 33, /* Q */\r
- \r
- SystemCrashDumpStateInformation = 34, /* Q */\r
- \r
- SystemKernelDebuggerInformation = 35, /* Q */\r
- \r
- SystemContextSwitchInformation = 36, /* Q */\r
- \r
- SystemRegistryQuotaInformation = 37, /* QS */\r
- \r
- SystemLoadAndCallImage = 38, /* S (GN) */\r
- \r
- SystemPrioritySeparation = 39, /* S */\r
- \r
- SystemPlugPlayBusInformation = 40,\r
- SystemNotImplemented10 = 40, /* Q (GN) */\r
- \r
- SystemDockInformation = 41,\r
- SystemNotImplemented11 = 41, /* Q (GN) */\r
- \r
- SystemPowerInformation = 42,\r
- SystemInvalidInfoClass2 = 42, /* (GN) */\r
- \r
- SystemProcessorSpeedInformation = 43,\r
- SystemInvalidInfoClass3 = 43, /* (GN) */\r
- \r
- SystemCurrentTimeZoneInformation = 44, /* QS */\r
- SystemTimeZoneInformation = 44, /* QS (GN) */\r
- \r
- SystemLookasideInformation = 45, /* Q */\r
- \r
- SystemSetTimeSlipEvent = 46, /* S (GN) */\r
- \r
- SystemCreateSession = 47, /* S (GN) */\r
- \r
- SystemDeleteSession = 48, /* S (GN) */\r
- \r
- SystemInvalidInfoClass4 = 49, /* (GN) */\r
- \r
- SystemRangeStartInformation = 50, /* Q (GN) */\r
- \r
- SystemVerifierInformation = 51, /* QS (GN) */\r
- \r
- SystemAddVerifier = 52, /* S (GN) */\r
- \r
- SystemSessionProcessesInformation = 53, /* Q (GN) */\r
- SystemInformationClassMax\r
-\r
-} SYSTEM_INFORMATION_CLASS;\r
-\r
-// SystemBasicInformation (0)\r
-typedef\r
-struct _SYSTEM_BASIC_INFORMATION\r
-{\r
- ULONG Reserved;\r
- ULONG TimerResolution;\r
- ULONG PageSize;\r
- ULONG NumberOfPhysicalPages;\r
- ULONG LowestPhysicalPageNumber;\r
- ULONG HighestPhysicalPageNumber;\r
- ULONG AllocationGranularity;\r
- ULONG MinimumUserModeAddress;\r
- ULONG MaximumUserModeAddress;\r
- KAFFINITY ActiveProcessorsAffinityMask;\r
- CCHAR NumberOfProcessors;\r
-} SYSTEM_BASIC_INFORMATION, *PSYSTEM_BASIC_INFORMATION;\r
-\r
-// SystemProcessorInformation (1)\r
-typedef\r
-struct _SYSTEM_PROCESSOR_INFORMATION\r
-{\r
- USHORT ProcessorArchitecture;\r
- USHORT ProcessorLevel;\r
- USHORT ProcessorRevision;\r
- USHORT Reserved;\r
- ULONG ProcessorFeatureBits;\r
-} SYSTEM_PROCESSOR_INFORMATION, *PSYSTEM_PROCESSOR_INFORMATION;\r
-\r
-// SystemPerformanceInfo (2)\r
-typedef\r
-struct _SYSTEM_PERFORMANCE_INFORMATION\r
-{\r
- LARGE_INTEGER IdleProcessorTime;\r
- LARGE_INTEGER IoReadTransferCount;\r
- LARGE_INTEGER IoWriteTransferCount;\r
- LARGE_INTEGER IoOtherTransferCount;\r
- ULONG IoReadOperationCount;\r
- ULONG IoWriteOperationCount;\r
- ULONG IoOtherOperationCount;\r
- ULONG AvailablePages;\r
- ULONG CommitedPages;\r
- ULONG CommitLimit;\r
- ULONG PeakCommitment;\r
- ULONG PageFaultCount;\r
- ULONG CopyOnWriteCount;\r
- ULONG TransitionCount;\r
- ULONG CacheTransitionCount;\r
- ULONG DemandZeroCount;\r
- ULONG PageReadCount;\r
- ULONG PageReadIoCount;\r
- ULONG CacheReadCount;\r
- ULONG CacheIoCount;\r
- ULONG DirtyPagesWriteCount;\r
- ULONG DirtyWriteIoCount;\r
- ULONG MappedPagesWriteCount;\r
- ULONG MappedWriteIoCount;\r
- ULONG PagedPoolPages;\r
- ULONG NonPagedPoolPages;\r
- ULONG Unknown6;\r
- ULONG Unknown7;\r
- ULONG Unknown8;\r
- ULONG Unknown9;\r
- ULONG MmTotalSystemFreePtes;\r
- ULONG MmSystemCodepage;\r
- ULONG MmTotalSystemDriverPages;\r
- ULONG MmTotalSystemCodePages;\r
- ULONG Unknown10;\r
- ULONG Unknown11;\r
- ULONG Unknown12;\r
- ULONG MmSystemCachePage;\r
- ULONG MmPagedPoolPage;\r
- ULONG MmSystemDriverPage;\r
- ULONG CcFastReadNoWait;\r
- ULONG CcFastReadWait;\r
- ULONG CcFastReadResourceMiss;\r
- ULONG CcFastReadNotPossible;\r
- ULONG CcFastMdlReadNoWait;\r
- ULONG CcFastMdlReadWait;\r
- ULONG CcFastMdlReadResourceMiss;\r
- ULONG CcFastMdlReadNotPossible;\r
- ULONG CcMapDataNoWait;\r
- ULONG CcMapDataWait;\r
- ULONG CcMapDataNoWaitMiss;\r
- ULONG CcMapDataWaitMiss;\r
- ULONG CcPinMappedDataCount;\r
- ULONG CcPinReadNoWait;\r
- ULONG CcPinReadWait;\r
- ULONG CcPinReadNoWaitMiss;\r
- ULONG CcPinReadWaitMiss;\r
- ULONG CcCopyReadNoWait;\r
- ULONG CcCopyReadWait;\r
- ULONG CcCopyReadNoWaitMiss;\r
- ULONG CcCopyReadWaitMiss;\r
- ULONG CcMdlReadNoWait;\r
- ULONG CcMdlReadWait;\r
- ULONG CcMdlReadNoWaitMiss;\r
- ULONG CcMdlReadWaitMiss;\r
- ULONG CcReadaheadIos;\r
- ULONG CcLazyWriteIos;\r
- ULONG CcLazyWritePages;\r
- ULONG CcDataFlushes;\r
- ULONG CcDataPages;\r
- ULONG ContextSwitches;\r
- ULONG Unknown13;\r
- ULONG Unknown14;\r
- ULONG SystemCalls;\r
-\r
-} SYSTEM_PERFORMANCE_INFO, *PSYSTEM_PERFORMANCE_INFO;\r
-\r
-// SystemModuleInformation (11)\r
-typedef\r
-struct _SYSTEM_MODULE_ENTRY\r
-{\r
- ULONG Unknown1;\r
- ULONG Unknown2;\r
- PVOID BaseAddress;\r
- ULONG Size;\r
- ULONG Flags;\r
- ULONG EntryIndex;\r
- USHORT NameLength; /* Length of module name not including the path, this field contains valid value only for NTOSKRNL module*/\r
- USHORT PathLength; /* Length of 'directory path' part of modulename*/\r
- CHAR Name [256];\r
-} SYSTEM_MODULE_ENTRY, * PSYSTEM_MODULE_ENTRY;\r
-\r
-typedef\r
-struct _SYSTEM_MODULE_INFORMATION\r
-{\r
- ULONG Count;\r
- SYSTEM_MODULE_ENTRY Module [1];\r
-} SYSTEM_MODULE_INFORMATION, *PSYSTEM_MODULE_INFORMATION;\r
-\r
-// SystemHandleInformation (16)\r
-// (see ontypes.h)\r
-typedef\r
-struct _SYSTEM_HANDLE_ENTRY\r
-{\r
- ULONG OwnerPid;\r
- BYTE ObjectType;\r
- BYTE HandleFlags;\r
- USHORT HandleValue;\r
- PVOID ObjectPointer;\r
- ULONG AccessMask;\r
- \r
-} SYSTEM_HANDLE_ENTRY, *PSYSTEM_HANDLE_ENTRY;\r
-\r
-typedef\r
-struct _SYSTEM_HANDLE_INFORMATION\r
-{\r
- ULONG Count;\r
- SYSTEM_HANDLE_ENTRY Handle [1];\r
- \r
-} SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;\r
-\r
-// SystemObjectInformation (17)\r
-typedef\r
-struct _SYSTEM_OBJECT_TYPE_INFORMATION\r
-{\r
- ULONG NextEntryOffset;\r
- ULONG ObjectCount;\r
- ULONG HandleCount;\r
- ULONG TypeNumber;\r
- ULONG InvalidAttributes;\r
- GENERIC_MAPPING GenericMapping;\r
- ACCESS_MASK ValidAccessMask;\r
- POOL_TYPE PoolType;\r
- UCHAR Unknown;\r
- UNICODE_STRING Name;\r
- \r
-} SYSTEM_OBJECT_TYPE_INFORMATION, *PSYSTEM_OBJECT_TYPE_INFORMATION;\r
-\r
-typedef\r
-struct _SYSTEM_OBJECT_INFORMATION\r
-{\r
- ULONG NextEntryOffset;\r
- PVOID Object;\r
- ULONG CreatorProcessId;\r
- USHORT Unknown;\r
- USHORT Flags;\r
- ULONG PointerCount;\r
- ULONG HandleCount;\r
- ULONG PagedPoolUsage;\r
- ULONG NonPagedPoolUsage;\r
- ULONG ExclusiveProcessId;\r
- PSECURITY_DESCRIPTOR SecurityDescriptor;\r
- UNICODE_STRING Name;\r
-\r
-} SYSTEM_OBJECT_INFORMATION, *PSYSTEM_OBJECT_INFORMATION;\r
-\r
-// SystemPageFileInformation (18)\r
-typedef\r
-struct _SYSTEM_PAGEFILE_INFORMATION\r
-{\r
- ULONG RelativeOffset;\r
- ULONG CurrentSizePages;\r
- ULONG TotalUsedPages;\r
- ULONG PeakUsedPages;\r
- UNICODE_STRING PagefileFileName;\r
- \r
-} SYSTEM_PAGEFILE_INFORMATION, *PSYSTEM_PAGEFILE_INFORMATION;\r
-\r
-// SystemCacheInformation (21)\r
-typedef\r
-struct _SYSTEM_CACHE_INFORMATION\r
-{\r
- ULONG CurrentSize;\r
- ULONG PeakSize;\r
- ULONG PageFaultCount;\r
- ULONG MinimumWorkingSet;\r
- ULONG MaximumWorkingSet;\r
- ULONG Unused[4];\r
-\r
-} SYSTEM_CACHE_INFORMATION;\r
-\r
-// SystemDpcInformation (24)\r
-typedef\r
-struct _SYSTEM_DPC_INFORMATION\r
-{\r
- ULONG Unused;\r
- ULONG KiMaximumDpcQueueDepth;\r
- ULONG KiMinimumDpcRate;\r
- ULONG KiAdjustDpcThreshold;\r
- ULONG KiIdealDpcRate;\r
-\r
-} SYSTEM_DPC_INFORMATION, *PSYSTEM_DPC_INFORMATION;\r
-\r
-// SystemLoadImage (26)\r
-typedef struct _SYSTEM_LOAD_IMAGE\r
-{\r
- UNICODE_STRING ModuleName;\r
- PVOID ModuleBase;\r
- PVOID SectionPointer;\r
- PVOID EntryPoint;\r
- PVOID ExportDirectory;\r
-} SYSTEM_LOAD_IMAGE, *PSYSTEM_LOAD_IMAGE;\r
-\r
-// SystemUnloadImage (27)\r
-typedef struct _SYSTEM_UNLOAD_IMAGE\r
-{\r
- PVOID ModuleBase;\r
-} SYSTEM_UNLOAD_IMAGE, *PSYSTEM_UNLOAD_IMAGE;\r
-\r
-// SystemTimeAdjustmentInformation (28)\r
-typedef\r
-struct _SYSTEM_QUERY_TIME_ADJUSTMENT\r
-{\r
- ULONG TimeAdjustment;\r
- ULONG MaximumIncrement;\r
- BOOLEAN TimeSynchronization;\r
-\r
-} SYSTEM_QUERY_TIME_ADJUSTMENT, *PSYSTEM_QUERY_TIME_ADJUSTMENT;\r
-\r
-typedef\r
-struct _SYSTEM_SET_TIME_ADJUSTMENT\r
-{\r
- ULONG TimeAdjustment;\r
- BOOLEAN TimeSynchronization;\r
- \r
-} SYSTEM_TIME_ADJUSTMENT_INFO, *PSYSTEM_TIME_ADJUSTMENT_INFO;\r
-\r
-// atom information\r
-\r
-typedef enum _ATOM_INFORMATION_CLASS\r
-{\r
- AtomBasicInformation = 0,\r
- AtomTableInformation = 1,\r
-} ATOM_INFORMATION_CLASS;\r
-\r
-typedef struct _ATOM_BASIC_INFORMATION\r
-{\r
- USHORT UsageCount;\r
- USHORT Flags;\r
- USHORT NameLength;\r
- WCHAR Name[1];\r
-} ATOM_BASIC_INFORMATION, *PATOM_BASIC_INFORMATION;\r
-\r
-// SystemLoadAndCallImage(38)\r
-typedef struct _SYSTEM_LOAD_AND_CALL_IMAGE\r
-{\r
- UNICODE_STRING ModuleName;\r
-} SYSTEM_LOAD_AND_CALL_IMAGE, *PSYSTEM_LOAD_AND_CALL_IMAGE;\r
-\r
-// SystemTimeZoneInformation (44)\r
-typedef\r
-struct _SYSTEM_TIME_ZONE_INFORMATION\r
-{\r
- LONG Bias;\r
- WCHAR StandardName [32];\r
- TIME StandardDate;\r
- LONG StandardBias;\r
- WCHAR DaylightName [32];\r
- TIME DaylightDate;\r
- LONG DaylightBias;\r
-\r
-} SYSTEM_TIME_ZONE_INFORMATION, * PSYSTEM_TIME_ZONE_INFORMATION;\r
-\r
-// SystemLookasideInformation (45)\r
-typedef\r
-struct _SYSTEM_LOOKASIDE_INFORMATION\r
-{\r
- USHORT Depth;\r
- USHORT MaximumDepth;\r
- ULONG TotalAllocates;\r
- ULONG AllocatesMisses;\r
- ULONG TotalFrees;\r
- ULONG FreeMisses;\r
- POOL_TYPE Type;\r
- ULONG Tag;\r
- ULONG Size;\r
- \r
-} SYSTEM_LOOKASIDE_INFORMATION, * PSYSTEM_LOOKASIDE_INFORMATION;\r
-\r
-// SystemSetTimeSlipEvent (46)\r
-typedef\r
-struct _SYSTEM_SET_TIME_SLIP_EVENT\r
-{\r
- HANDLE TimeSlipEvent; /* IN */\r
-\r
-} SYSTEM_SET_TIME_SLIP_EVENT, * PSYSTEM_SET_TIME_SLIP_EVENT;\r
-\r
-// SystemCreateSession (47)\r
-// (available only on TSE/NT5+)\r
-typedef\r
-struct _SYSTEM_CREATE_SESSION\r
-{\r
- ULONG SessionId; /* OUT */\r
-\r
-} SYSTEM_CREATE_SESSION, * PSYSTEM_CREATE_SESSION;\r
-\r
-// SystemDeleteSession (48)\r
-// (available only on TSE/NT5+)\r
-typedef\r
-struct _SYSTEM_DELETE_SESSION\r
-{\r
- ULONG SessionId; /* IN */\r
-\r
-} SYSTEM_DELETE_SESSION, * PSYSTEM_DELETE_SESSION;\r
-
-// SystemRangeStartInformation (50)\r
-typedef\r
-struct _SYSTEM_RANGE_START_INFORMATION\r
-{\r
- PVOID SystemRangeStart;\r
-\r
-} SYSTEM_RANGE_START_INFORMATION, * PSYSTEM_RANGE_START_INFORMATION;\r
-
-// SystemSessionProcessesInformation (53)\r
-// (available only on TSE/NT5+)\r
-typedef\r
-struct _SYSTEM_SESSION_PROCESSES_INFORMATION\r
-{\r
- ULONG SessionId;\r
- ULONG BufferSize;\r
- PVOID Buffer; /* same format as in SystemProcessInformation */\r
-\r
-} SYSTEM_SESSION_PROCESSES_INFORMATION, * PSYSTEM_SESSION_PROCESSES_INFORMATION;\r
-\r
-// memory information\r
-\r
-typedef enum _MEMORY_INFORMATION_CLASS {\r
- MemoryBasicInformation,\r
- MemoryWorkingSetList,\r
- MemorySectionName //,\r
- //MemoryBasicVlmInformation //???\r
-} MEMORY_INFORMATION_CLASS;\r
-\r
-typedef struct _MEMORY_BASIC_INFORMATION { // Information Class 0\r
- PVOID BaseAddress;\r
- PVOID AllocationBase;\r
- ULONG AllocationProtect;\r
- ULONG RegionSize;\r
- ULONG State;\r
- ULONG Protect;\r
- ULONG Type;\r
-} MEMORY_BASIC_INFORMATION, *PMEMORY_BASIC_INFORMATION;\r
-\r
-typedef struct _MEMORY_WORKING_SET_LIST { // Information Class 1\r
- ULONG NumberOfPages;\r
- ULONG WorkingSetList[1];\r
-} MEMORY_WORKING_SET_LIST, *PMEMORY_WORKING_SET_LIST;\r
-
-// Information Class 2\r
-#define _MEMORY_SECTION_NAME_STATIC(__bufsize__) \\r
- { \\r
- UNICODE_STRING SectionFileName; \\r
- WCHAR NameBuffer[(__bufsize__)]; \\r
-} \r
-\r
-#define MEMORY_SECTION_NAME_STATIC(__bufsize__) \\r
- struct _MEMORY_SECTION_NAME_STATIC((__bufsize__) \r
-\r
-typedef struct _MEMORY_SECTION_NAME_STATIC(ANYSIZE_ARRAY)\r
- MEMORY_SECTION_NAME, *PMEMORY_SECTION_NAME;\r
-
-// Information class 0\r
-typedef struct _PROCESS_BASIC_INFORMATION\r
-{\r
- NTSTATUS ExitStatus;\r
- PPEB PebBaseAddress;\r
- KAFFINITY AffinityMask;\r
- KPRIORITY BasePriority;\r
- ULONG UniqueProcessId;\r
- ULONG InheritedFromUniqueProcessId;\r
-} PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION;\r
-\r
-// Information class 1\r
-typedef struct _QUOTA_LIMITS\r
-{\r
- ULONG PagedPoolLimit;\r
- ULONG NonPagedPoolLimit;\r
- ULONG MinimumWorkingSetSize;\r
- ULONG MaximumWorkingSetSize;\r
- ULONG PagefileLimit;\r
- TIME TimeLimit;\r
-} QUOTA_LIMITS, *PQUOTA_LIMITS;\r
-\r
-// Information class 2\r
-typedef struct _IO_COUNTERS\r
-{\r
- ULONG ReadOperationCount;\r
- ULONG WriteOperationCount;\r
- ULONG OtherOperationCount;\r
- LARGE_INTEGER ReadTransferCount;\r
- LARGE_INTEGER WriteTransferCount;\r
- LARGE_INTEGER OtherTransferCount;\r
-} IO_COUNTERS, *PIO_COUNTERS;\r
-\r
-// Information class 3\r
-typedef struct _VM_COUNTERS_\r
-{\r
- ULONG PeakVirtualSize;\r
- ULONG VirtualSize;\r
- ULONG PageFaultCount;\r
- ULONG PeakWorkingSetSize;\r
- ULONG WorkingSetSize;\r
- ULONG QuotaPeakPagedPoolUsage;\r
- ULONG QuotaPagedPoolUsage;\r
- ULONG QuotaPeakNonPagedPoolUsage;\r
- ULONG QuotaNonPagedPoolUsage;\r
- ULONG PagefileUsage;\r
- ULONG PeakPagefileUsage;\r
-} VM_COUNTERS, *PVM_COUNTERS;\r
-\r
-// Information class 4\r
-typedef struct _KERNEL_USER_TIMES\r
-{\r
- TIME CreateTime;\r
- TIME ExitTime;\r
- TIME KernelTime;\r
- TIME UserTime;\r
-} KERNEL_USER_TIMES, *PKERNEL_USER_TIMES;\r
-\r
-// Information class 9\r
-typedef struct _PROCESS_ACCESS_TOKEN\r
-{\r
- HANDLE Token;\r
- HANDLE Thread;\r
-} PROCESS_ACCESS_TOKEN, *PPROCESS_ACCESS_TOKEN;\r
-\r
-// Information class 14 \r
-typedef struct _POOLED_USAGE_AND_LIMITS_\r
-{\r
- ULONG PeakPagedPoolUsage;\r
- ULONG PagedPoolUsage;\r
- ULONG PagedPoolLimit;\r
- ULONG PeakNonPagedPoolUsage;\r
- ULONG NonPagedPoolUsage;\r
- ULONG NonPagedPoolLimit;\r
- ULONG PeakPagefileUsage;\r
- ULONG PagefileUsage;\r
- ULONG PagefileLimit;\r
-} POOLED_USAGE_AND_LIMITS, *PPOOLED_USAGE_AND_LIMITS;\r
-\r
-// Information class 15\r
-typedef struct _PROCESS_WS_WATCH_INFORMATION\r
-{\r
- PVOID FaultingPc;\r
- PVOID FaultingVa;\r
-} PROCESS_WS_WATCH_INFORMATION, *PPROCESS_WS_WATCH_INFORMATION;\r
-\r
-// Information class 18\r
-typedef struct _PROCESS_PRIORITY_CLASS\r
-{\r
- BOOLEAN Foreground;\r
- UCHAR PriorityClass;\r
-} PROCESS_PRIORITY_CLASS, *PPROCESS_PRIORITY_CLASS;\r
-\r
-// Information class 23\r
-typedef struct _PROCESS_DEVICEMAP_INFORMATION\r
-{\r
- union {\r
- struct {\r
- HANDLE DirectoryHandle;\r
- } Set;\r
- struct {\r
- ULONG DriveMap;\r
- UCHAR DriveType[32];\r
- } Query;\r
- };\r
-} PROCESS_DEVICEMAP_INFORMATION, *pPROCESS_DEVICEMAP_INFORMATION;\r
-\r
-// Information class 24\r
-typedef struct _PROCESS_SESSION_INFORMATION\r
-{\r
- ULONG SessionId;\r
-} PROCESS_SESSION_INFORMATION, *PPROCESS_SESSION_INFORMATION;\r
-\r
-// thread information\r
-\r
-// incompatible with MS NT\r
-\r
-typedef struct _THREAD_BASIC_INFORMATION\r
-{\r
- NTSTATUS ExitStatus;\r
- PVOID TebBaseAddress; // PNT_TIB (GN)\r
- CLIENT_ID ClientId;\r
- KAFFINITY AffinityMask;\r
- KPRIORITY Priority;\r
- KPRIORITY BasePriority;\r
-} THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION;\r
-
-// object information\r
-\r
-typedef struct _OBJECT_NAME_INFORMATION\r
-{\r
- UNICODE_STRING Name;\r
-} OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION;\r
-\r
-// file information\r
-\r
-typedef struct _FILE_BASIC_INFORMATION\r
-{\r
- TIME CreationTime;\r
- TIME LastAccessTime;\r
- TIME LastWriteTime;\r
- TIME ChangeTime;\r
- ULONG FileAttributes;\r
-} FILE_BASIC_INFORMATION, *PFILE_BASIC_INFORMATION;\r
-\r
-typedef struct _FILE_STANDARD_INFORMATION\r
-{\r
- LARGE_INTEGER AllocationSize;\r
- LARGE_INTEGER EndOfFile;\r
- ULONG NumberOfLinks;\r
- BOOLEAN DeletePending;\r
- BOOLEAN Directory;\r
-} FILE_STANDARD_INFORMATION, *PFILE_STANDARD_INFORMATION;\r
-\r
-typedef struct _FILE_POSITION_INFORMATION\r
-{\r
- LARGE_INTEGER CurrentByteOffset;\r
-} FILE_POSITION_INFORMATION, *PFILE_POSITION_INFORMATION;\r
-\r
-typedef struct _FILE_ALIGNMENT_INFORMATION\r
-{\r
- ULONG AlignmentRequirement;\r
-} FILE_ALIGNMENT_INFORMATION, *PFILE_ALIGNMENT_INFORMATION;\r
-\r
-typedef struct _FILE_DISPOSITION_INFORMATION\r
-{\r
- BOOLEAN DoDeleteFile;\r
-} FILE_DISPOSITION_INFORMATION, *PFILE_DISPOSITION_INFORMATION;\r
-\r
-typedef struct _FILE_END_OF_FILE_INFORMATION\r
-{\r
- LARGE_INTEGER EndOfFile;\r
-} FILE_END_OF_FILE_INFORMATION, *PFILE_END_OF_FILE_INFORMATION;\r
-\r
-typedef struct _FILE_NETWORK_OPEN_INFORMATION\r
-{\r
- TIME CreationTime;\r
- TIME LastAccessTime;\r
- TIME LastWriteTime;\r
- TIME ChangeTime;\r
- LARGE_INTEGER AllocationSize;\r
- LARGE_INTEGER EndOfFile;\r
- ULONG FileAttributes;\r
-} FILE_NETWORK_OPEN_INFORMATION, *PFILE_NETWORK_OPEN_INFORMATION;\r
-\r
-typedef struct _FILE_FULL_EA_INFORMATION\r
-{\r
- ULONG NextEntryOffset;\r
- UCHAR Flags;\r
- UCHAR EaNameLength;\r
- USHORT EaValueLength;\r
- CHAR EaName[0];\r
-} FILE_FULL_EA_INFORMATION, *PFILE_FULL_EA_INFORMATION;\r
-\r
-\r
-typedef struct _FILE_EA_INFORMATION {\r
- ULONG EaSize;\r
-} FILE_EA_INFORMATION, *PFILE_EA_INFORMATION;\r
-\r
-\r
-typedef struct _FILE_GET_EA_INFORMATION {\r
- ULONG NextEntryOffset;\r
- UCHAR EaNameLength;\r
- CHAR EaName[0];\r
-} FILE_GET_EA_INFORMATION, *PFILE_GET_EA_INFORMATION;\r
-\r
-typedef struct _FILE_STREAM_INFORMATION {\r
- ULONG NextEntryOffset;\r
- ULONG StreamNameLength;\r
- LARGE_INTEGER StreamSize;\r
- LARGE_INTEGER StreamAllocationSize;\r
- WCHAR StreamName[0];\r
-} FILE_STREAM_INFORMATION, *PFILE_STREAM_INFORMATION;\r
-\r
-typedef struct _FILE_ALLOCATION_INFORMATION {\r
- LARGE_INTEGER AllocationSize;\r
-} FILE_ALLOCATION_INFORMATION, *PFILE_ALLOCATION_INFORMATION;\r
-\r
-typedef struct _FILE_NAME_INFORMATION {\r
- ULONG FileNameLength;\r
- WCHAR FileName[0];\r
-} FILE_NAME_INFORMATION, *PFILE_NAME_INFORMATION;\r
-\r
-typedef struct _FILE_NAMES_INFORMATION \r
-{\r
- ULONG NextEntryOffset;\r
- ULONG FileIndex;\r
- ULONG FileNameLength;\r
- WCHAR FileName[0];\r
-} FILE_NAMES_INFORMATION, *PFILE_NAMES_INFORMATION;\r
-\r
-\r
-typedef struct _FILE_RENAME_INFORMATION {\r
- BOOLEAN Replace;\r
- HANDLE RootDir;\r
- ULONG FileNameLength;\r
- WCHAR FileName[0];\r
-} FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION;\r
-\r
-\r
-typedef struct _FILE_INTERNAL_INFORMATION {\r
- LARGE_INTEGER IndexNumber;\r
-} FILE_INTERNAL_INFORMATION, *PFILE_INTERNAL_INFORMATION;\r
-\r
-typedef struct _FILE_ACCESS_INFORMATION {\r
- ACCESS_MASK AccessFlags;\r
-} FILE_ACCESS_INFORMATION, *PFILE_ACCESS_INFORMATION;\r
-\r
-\r
-typedef struct _FILE_MODE_INFORMATION {\r
- ULONG Mode;\r
-} FILE_MODE_INFORMATION, *PFILE_MODE_INFORMATION;\r
-\r
-\r
-typedef struct _FILE_PIPE_INFORMATION {\r
- ULONG ReadMode;\r
- ULONG CompletionMode;\r
-} FILE_PIPE_INFORMATION, *PFILE_PIPE_INFORMATION;\r
-\r
-typedef struct _FILE_PIPE_LOCAL_INFORMATION {\r
- ULONG NamedPipeType;\r
- ULONG NamedPipeConfiguration;\r
- ULONG MaximumInstances;\r
- ULONG CurrentInstances;\r
- ULONG InboundQuota;\r
- ULONG ReadDataAvailable;\r
- ULONG OutboundQuota;\r
- ULONG WriteQuotaAvailable;\r
- ULONG NamedPipeState;\r
- ULONG NamedPipeEnd;\r
-} FILE_PIPE_LOCAL_INFORMATION, *PFILE_PIPE_LOCAL_INFORMATION;\r
-\r
-typedef struct _FILE_PIPE_REMOTE_INFORMATION {\r
- LARGE_INTEGER CollectDataTime;\r
- ULONG MaximumCollectionCount;\r
-} FILE_PIPE_REMOTE_INFORMATION, *PFILE_PIPE_REMOTE_INFORMATION;\r
-\r
-typedef struct _FILE_MAILSLOT_QUERY_INFORMATION {\r
- ULONG MaxMessageSize;\r
- ULONG Unknown; /* ?? */\r
- ULONG NextSize;\r
- ULONG MessageCount;\r
- LARGE_INTEGER Timeout;\r
-} FILE_MAILSLOT_QUERY_INFORMATION, *PFILE_MAILSLOT_QUERY_INFORMATION;\r
-\r
-typedef struct _FILE_MAILSLOT_SET_INFORMATION {\r
- LARGE_INTEGER Timeout;\r
-} FILE_MAILSLOT_SET_INFORMATION, *PFILE_MAILSLOT_SET_INFORMATION;\r
-\r
-typedef struct _FILE_COMPRESSION_INFORMATION {\r
- LARGE_INTEGER CompressedFileSize;\r
- USHORT CompressionFormat;\r
- UCHAR CompressionUnitShift;\r
- UCHAR ChunkShift;\r
- UCHAR ClusterShift;\r
- UCHAR Reserved[3];\r
-} FILE_COMPRESSION_INFORMATION, *PFILE_COMPRESSION_INFORMATION;\r
-\r
-typedef struct _FILE_ALL_INFORMATION {\r
- FILE_BASIC_INFORMATION BasicInformation;\r
- FILE_STANDARD_INFORMATION StandardInformation;\r
- FILE_INTERNAL_INFORMATION InternalInformation;\r
- FILE_EA_INFORMATION EaInformation;\r
- FILE_ACCESS_INFORMATION AccessInformation;\r
- FILE_POSITION_INFORMATION PositionInformation;\r
- FILE_MODE_INFORMATION ModeInformation;\r
- FILE_ALIGNMENT_INFORMATION AlignmentInformation;\r
- FILE_NAME_INFORMATION NameInformation;\r
-} FILE_ALL_INFORMATION, *PFILE_ALL_INFORMATION;\r
-\r
-\r
-// file system information structures\r
-\r
-typedef struct _FILE_FS_DEVICE_INFORMATION {\r
- DEVICE_TYPE DeviceType;\r
- ULONG Characteristics;\r
-} FILE_FS_DEVICE_INFORMATION, *PFILE_FS_DEVICE_INFORMATION;\r
-\r
-\r
-typedef struct _FILE_FS_VOLUME_INFORMATION {\r
- TIME VolumeCreationTime;\r
- ULONG VolumeSerialNumber;\r
- ULONG VolumeLabelLength;\r
- BOOLEAN SupportsObjects;\r
- WCHAR VolumeLabel[0];\r
-} FILE_FS_VOLUME_INFORMATION, *PFILE_FS_VOLUME_INFORMATION;\r
-\r
-typedef struct _FILE_FS_SIZE_INFORMATION {\r
- LARGE_INTEGER TotalAllocationUnits;\r
- LARGE_INTEGER AvailableAllocationUnits;\r
- ULONG SectorsPerAllocationUnit;\r
- ULONG BytesPerSector;\r
-} FILE_FS_SIZE_INFORMATION, *PFILE_FS_SIZE_INFORMATION;\r
-\r
-typedef struct _FILE_FS_ATTRIBUTE_INFORMATION {\r
- ULONG FileSystemAttributes;\r
- LONG MaximumComponentNameLength;\r
- ULONG FileSystemNameLength;\r
- WCHAR FileSystemName[0];\r
-} FILE_FS_ATTRIBUTE_INFORMATION, *PFILE_FS_ATTRIBUTE_INFORMATION;\r
-\r
-/*\r
- FileSystemAttributes is one of the following values:\r
-\r
- FILE_CASE_SENSITIVE_SEARCH 0x00000001\r
- FILE_CASE_PRESERVED_NAMES 0x00000002\r
- FILE_UNICODE_ON_DISK 0x00000004\r
- FILE_PERSISTENT_ACLS 0x00000008\r
- FILE_FILE_COMPRESSION 0x00000010\r
- FILE_VOLUME_QUOTAS 0x00000020\r
- FILE_VOLUME_IS_COMPRESSED 0x00008000\r
-*/\r
-typedef struct _FILE_FS_LABEL_INFORMATION {\r
- ULONG VolumeLabelLength;\r
- WCHAR VolumeLabel[0];\r
-} FILE_FS_LABEL_INFORMATION, *PFILE_FS_LABEL_INFORMATION;\r
-\r
-// read file scatter / write file scatter\r
-//FIXME I am a win32 struct aswell\r
-\r
-typedef union _FILE_SEGMENT_ELEMENT {\r
- PVOID Buffer;\r
- ULONG Alignment;\r
-}FILE_SEGMENT_ELEMENT, *PFILE_SEGMENT_ELEMENT;\r
-
-typedef struct _FILE_DIRECTORY_INFORMATION {\r
- ULONG NextEntryOffset;\r
- ULONG FileIndex;\r
- TIME CreationTime;\r
- TIME LastAccessTime;\r
- TIME LastWriteTime;\r
- TIME ChangeTime;\r
- LARGE_INTEGER EndOfFile;\r
- LARGE_INTEGER AllocationSize;\r
- ULONG FileAttributes;\r
- ULONG FileNameLength;\r
- WCHAR FileName[0];\r
-} FILE_DIRECTORY_INFORMATION, *PFILE_DIRECTORY_INFORMATION;\r
-\r
-typedef struct _FILE_FULL_DIRECTORY_INFORMATION {\r
- ULONG NextEntryOffset;\r
- ULONG FileIndex;\r
- TIME CreationTime;\r
- TIME LastAccessTime;\r
- TIME LastWriteTime;\r
- TIME ChangeTime;\r
- LARGE_INTEGER EndOfFile;\r
- LARGE_INTEGER AllocationSize;\r
- ULONG FileAttributes;\r
- ULONG FileNameLength;\r
- ULONG EaSize;\r
- WCHAR FileName[0]; // variable size\r
-} FILE_FULL_DIRECTORY_INFORMATION, *PFILE_FULL_DIRECTORY_INFORMATION,\r
- FILE_FULL_DIR_INFORMATION, *PFILE_FULL_DIR_INFORMATION;\r
-\r
-\r
-typedef struct _FILE_BOTH_DIRECTORY_INFORMATION {\r
- ULONG NextEntryOffset;\r
- ULONG FileIndex;\r
- TIME CreationTime;\r
- TIME LastAccessTime;\r
- TIME LastWriteTime;\r
- TIME ChangeTime;\r
- LARGE_INTEGER EndOfFile;\r
- LARGE_INTEGER AllocationSize;\r
- ULONG FileAttributes;\r
- ULONG FileNameLength;\r
- ULONG EaSize;\r
- CHAR ShortNameLength;\r
- WCHAR ShortName[12]; // 8.3 name\r
- WCHAR FileName[0];\r
-} FILE_BOTH_DIRECTORY_INFORMATION, *PFILE_BOTH_DIRECTORY_INFORMATION,\r
- FILE_BOTH_DIR_INFORMATION, *PFILE_BOTH_DIR_INFORMATION;\r
-
-/*\r
- NotifyFilter / CompletionFilter:\r
-\r
- FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001\r
- FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002\r
- FILE_NOTIFY_CHANGE_NAME 0x00000003\r
- FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004\r
- FILE_NOTIFY_CHANGE_SIZE 0x00000008\r
- FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010\r
- FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020\r
- FILE_NOTIFY_CHANGE_CREATION 0x00000040\r
- FILE_NOTIFY_CHANGE_EA 0x00000080\r
- FILE_NOTIFY_CHANGE_SECURITY 0x00000100\r
- FILE_NOTIFY_CHANGE_STREAM_NAME 0x00000200\r
- FILE_NOTIFY_CHANGE_STREAM_SIZE 0x00000400\r
- FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800\r
-*/\r
-\r
-typedef struct _FILE_NOTIFY_INFORMATION {\r
- ULONG Action;\r
- ULONG FileNameLength;\r
- WCHAR FileName[0]; \r
-} FILE_NOTIFY_INFORMATION;\r
-
-#define FSCTL_GET_VOLUME_BITMAP 0x9006F\r
-#define FSCTL_GET_RETRIEVAL_POINTERS 0x90073\r
-#define FSCTL_MOVE_FILE 0x90074\r
-
-typedef struct _MAPPING_PAIR\r
-{\r
- ULONGLONG Vcn;\r
- ULONGLONG Lcn;\r
-} MAPPING_PAIR, *PMAPPING_PAIR;\r
-\r
-typedef struct _GET_RETRIEVAL_DESCRIPTOR\r
-{\r
- ULONG NumberOfPairs;\r
- ULONGLONG StartVcn;\r
- MAPPING_PAIR Pair[0]; // variable size \r
-} GET_RETRIEVAL_DESCRIPTOR, *PGET_RETRIEVAL_DESCRIPTOR;\r
-
-typedef struct _MOVEFILE_DESCRIPTOR\r
-{\r
- HANDLE FileHandle;\r
- ULONG Reserved;\r
- LARGE_INTEGER StartVcn;\r
- LARGE_INTEGER TargetLcn;\r
- ULONG NumVcns;\r
- ULONG Reserved1;\r
-} MOVEFILE_DESCRIPTOR, *PMOVEFILE_DESCRIPTOR;\r
-
-typedef struct _SECTION_BASIC_INFORMATION\r
-{\r
- PVOID BaseAddress;\r
- ULONG Attributes;\r
- LARGE_INTEGER Size;\r
-} SECTION_BASIC_INFORMATION, *PSECTION_BASIC_INFORMATION;\r
-\r
-typedef enum _SECTION_INFORMATION_CLASS \r
-{\r
- SectionBasicInformation,\r
- SectionImageInformation,\r
-} SECTION_INFORMATION_CLASS;\r
+
+typedef enum _DEBUG_CONTROL_CODE
+{
+ DebugGetTraceInformation = 1,
+ DebugSetInternalBreakpoint,
+ DebugSetSpecialCalls,
+ DebugClearSpecialCalls,
+ DebugQuerySpecialCalls,
+ DebugDbgBreakPoint,
+ DebugDbgLoadSymbols
+} DEBUG_CONTROL_CODE;
+
+typedef enum _KPROFILE_SOURCE
+{
+ ProfileTime
+} KPROFILE_SOURCE;
+
+// file disposition values
+
+#define FILE_SUPERSEDE 0x0000
+#define FILE_OPEN 0x0001
+#define FILE_CREATE 0x0002
+#define FILE_OPEN_IF 0x0003
+#define FILE_OVERWRITE 0x0004
+#define FILE_OVERWRITE_IF 0x0005
+#define FILE_MAXIMUM_DISPOSITION 0x0005
+
+// job query / set information class
+
+typedef enum _JOBOBJECTINFOCLASS { // Q S
+ JobObjectBasicAccountingInformation = 1, // Y N
+ JobObjectBasicLimitInformation, // Y Y
+ JobObjectBasicProcessIdList, // Y N
+ JobObjectBasicUIRestrictions, // Y Y
+ JobObjectSecurityLimitInformation, // Y Y
+ JobObjectEndOfJobTimeInformation, // N Y
+ JobObjectAssociateCompletionPortInformation, // N Y
+ JobObjectBasicAndIoAccountingInformation, // Y N
+ JobObjectExtendedLimitInformation, // Y Y
+} JOBOBJECTINFOCLASS;
+
+// system information
+// {Nt|Zw}{Query|Set}SystemInformation
+// (GN means Gary Nebbet in "NT/W2K Native API Reference")
+
+typedef
+enum _SYSTEM_INFORMATION_CLASS
+{
+ SystemInformationClassMin = 0,
+ SystemBasicInformation = 0, /* Q */
+
+ SystemProcessorInformation = 1, /* Q */
+
+ SystemPerformanceInformation = 2, /* Q */
+
+ SystemTimeOfDayInformation = 3, /* Q */
+
+ SystemPathInformation = 4, /* Q (checked build only) */
+ SystemNotImplemented1 = 4, /* Q (GN) */
+
+ SystemProcessInformation = 5, /* Q */
+ SystemProcessesAndThreadsInformation = 5, /* Q (GN) */
+
+ SystemCallCountInfoInformation = 6, /* Q */
+ SystemCallCounts = 6, /* Q (GN) */
+
+ SystemDeviceInformation = 7, /* Q */
+// It conflicts with symbol in ntoskrnl/io/resource.c
+// SystemConfigurationInformation = 7, /* Q (GN) */
+
+ SystemProcessorPerformanceInformation = 8, /* Q */
+ SystemProcessorTimes = 8, /* Q (GN) */
+
+ SystemFlagsInformation = 9, /* QS */
+ SystemGlobalFlag = 9, /* QS (GN) */
+
+ SystemCallTimeInformation = 10,
+ SystemNotImplemented2 = 10, /* (GN) */
+
+ SystemModuleInformation = 11, /* Q */
+
+ SystemLocksInformation = 12, /* Q */
+ SystemLockInformation = 12, /* Q (GN) */
+
+ SystemStackTraceInformation = 13,
+ SystemNotImplemented3 = 13, /* Q (GN) */
+
+ SystemPagedPoolInformation = 14,
+ SystemNotImplemented4 = 14, /* Q (GN) */
+
+ SystemNonPagedPoolInformation = 15,
+ SystemNotImplemented5 = 15, /* Q (GN) */
+
+ SystemHandleInformation = 16, /* Q */
+
+ SystemObjectInformation = 17, /* Q */
+
+ SystemPageFileInformation = 18, /* Q */
+ SystemPagefileInformation = 18, /* Q (GN) */
+
+ SystemVdmInstemulInformation = 19, /* Q */
+ SystemInstructionEmulationCounts = 19, /* Q (GN) */
+
+ SystemVdmBopInformation = 20,
+ SystemInvalidInfoClass1 = 20, /* (GN) */
+
+ SystemFileCacheInformation = 21, /* QS */
+ SystemCacheInformation = 21, /* QS (GN) */
+
+ SystemPoolTagInformation = 22, /* Q (checked build only) */
+
+ SystemInterruptInformation = 23, /* Q */
+ SystemProcessorStatistics = 23, /* Q (GN) */
+
+ SystemDpcBehaviourInformation = 24, /* QS */
+ SystemDpcInformation = 24, /* QS (GN) */
+
+ SystemFullMemoryInformation = 25,
+ SystemNotImplemented6 = 25, /* (GN) */
+
+ SystemLoadImage = 26, /* S (callable) (GN) */
+
+ SystemUnloadImage = 27, /* S (callable) (GN) */
+
+ SystemTimeAdjustmentInformation = 28, /* QS */
+ SystemTimeAdjustment = 28, /* QS (GN) */
+
+ SystemSummaryMemoryInformation = 29,
+ SystemNotImplemented7 = 29, /* (GN) */
+
+ SystemNextEventIdInformation = 30,
+ SystemNotImplemented8 = 30, /* (GN) */
+
+ SystemEventIdsInformation = 31,
+ SystemNotImplemented9 = 31, /* (GN) */
+
+ SystemCrashDumpInformation = 32, /* Q */
+
+ SystemExceptionInformation = 33, /* Q */
+
+ SystemCrashDumpStateInformation = 34, /* Q */
+
+ SystemKernelDebuggerInformation = 35, /* Q */
+
+ SystemContextSwitchInformation = 36, /* Q */
+
+ SystemRegistryQuotaInformation = 37, /* QS */
+
+ SystemLoadAndCallImage = 38, /* S (GN) */
+
+ SystemPrioritySeparation = 39, /* S */
+
+ SystemPlugPlayBusInformation = 40,
+ SystemNotImplemented10 = 40, /* Q (GN) */
+
+ SystemDockInformation = 41,
+ SystemNotImplemented11 = 41, /* Q (GN) */
+
+ SystemPowerInformation = 42,
+ SystemInvalidInfoClass2 = 42, /* (GN) */
+
+ SystemProcessorSpeedInformation = 43,
+ SystemInvalidInfoClass3 = 43, /* (GN) */
+
+ SystemCurrentTimeZoneInformation = 44, /* QS */
+ SystemTimeZoneInformation = 44, /* QS (GN) */
+
+ SystemLookasideInformation = 45, /* Q */
+
+ SystemSetTimeSlipEvent = 46, /* S (GN) */
+
+ SystemCreateSession = 47, /* S (GN) */
+
+ SystemDeleteSession = 48, /* S (GN) */
+
+ SystemInvalidInfoClass4 = 49, /* (GN) */
+
+ SystemRangeStartInformation = 50, /* Q (GN) */
+
+ SystemVerifierInformation = 51, /* QS (GN) */
+
+ SystemAddVerifier = 52, /* S (GN) */
+
+ SystemSessionProcessesInformation = 53, /* Q (GN) */
+ SystemInformationClassMax
+
+} SYSTEM_INFORMATION_CLASS;
+
+// SystemBasicInformation (0)
+typedef
+struct _SYSTEM_BASIC_INFORMATION
+{
+ ULONG Reserved;
+ ULONG TimerResolution;
+ ULONG PageSize;
+ ULONG NumberOfPhysicalPages;
+ ULONG LowestPhysicalPageNumber;
+ ULONG HighestPhysicalPageNumber;
+ ULONG AllocationGranularity;
+ ULONG MinimumUserModeAddress;
+ ULONG MaximumUserModeAddress;
+ KAFFINITY ActiveProcessorsAffinityMask;
+ CCHAR NumberOfProcessors;
+} SYSTEM_BASIC_INFORMATION, *PSYSTEM_BASIC_INFORMATION;
+
+// SystemProcessorInformation (1)
+typedef
+struct _SYSTEM_PROCESSOR_INFORMATION
+{
+ USHORT ProcessorArchitecture;
+ USHORT ProcessorLevel;
+ USHORT ProcessorRevision;
+ USHORT Reserved;
+ ULONG ProcessorFeatureBits;
+} SYSTEM_PROCESSOR_INFORMATION, *PSYSTEM_PROCESSOR_INFORMATION;
+
+// SystemPerformanceInfo (2)
+typedef
+struct _SYSTEM_PERFORMANCE_INFORMATION
+{
+ LARGE_INTEGER IdleProcessorTime;
+ LARGE_INTEGER IoReadTransferCount;
+ LARGE_INTEGER IoWriteTransferCount;
+ LARGE_INTEGER IoOtherTransferCount;
+ ULONG IoReadOperationCount;
+ ULONG IoWriteOperationCount;
+ ULONG IoOtherOperationCount;
+ ULONG AvailablePages;
+ ULONG CommitedPages;
+ ULONG CommitLimit;
+ ULONG PeakCommitment;
+ ULONG PageFaultCount;
+ ULONG CopyOnWriteCount;
+ ULONG TransitionCount;
+ ULONG CacheTransitionCount;
+ ULONG DemandZeroCount;
+ ULONG PageReadCount;
+ ULONG PageReadIoCount;
+ ULONG CacheReadCount;
+ ULONG CacheIoCount;
+ ULONG DirtyPagesWriteCount;
+ ULONG DirtyWriteIoCount;
+ ULONG MappedPagesWriteCount;
+ ULONG MappedWriteIoCount;
+ ULONG PagedPoolPages;
+ ULONG NonPagedPoolPages;
+ ULONG Unknown6;
+ ULONG Unknown7;
+ ULONG Unknown8;
+ ULONG Unknown9;
+ ULONG MmTotalSystemFreePtes;
+ ULONG MmSystemCodepage;
+ ULONG MmTotalSystemDriverPages;
+ ULONG MmTotalSystemCodePages;
+ ULONG Unknown10;
+ ULONG Unknown11;
+ ULONG Unknown12;
+ ULONG MmSystemCachePage;
+ ULONG MmPagedPoolPage;
+ ULONG MmSystemDriverPage;
+ ULONG CcFastReadNoWait;
+ ULONG CcFastReadWait;
+ ULONG CcFastReadResourceMiss;
+ ULONG CcFastReadNotPossible;
+ ULONG CcFastMdlReadNoWait;
+ ULONG CcFastMdlReadWait;
+ ULONG CcFastMdlReadResourceMiss;
+ ULONG CcFastMdlReadNotPossible;
+ ULONG CcMapDataNoWait;
+ ULONG CcMapDataWait;
+ ULONG CcMapDataNoWaitMiss;
+ ULONG CcMapDataWaitMiss;
+ ULONG CcPinMappedDataCount;
+ ULONG CcPinReadNoWait;
+ ULONG CcPinReadWait;
+ ULONG CcPinReadNoWaitMiss;
+ ULONG CcPinReadWaitMiss;
+ ULONG CcCopyReadNoWait;
+ ULONG CcCopyReadWait;
+ ULONG CcCopyReadNoWaitMiss;
+ ULONG CcCopyReadWaitMiss;
+ ULONG CcMdlReadNoWait;
+ ULONG CcMdlReadWait;
+ ULONG CcMdlReadNoWaitMiss;
+ ULONG CcMdlReadWaitMiss;
+ ULONG CcReadaheadIos;
+ ULONG CcLazyWriteIos;
+ ULONG CcLazyWritePages;
+ ULONG CcDataFlushes;
+ ULONG CcDataPages;
+ ULONG ContextSwitches;
+ ULONG Unknown13;
+ ULONG Unknown14;
+ ULONG SystemCalls;
+
+} SYSTEM_PERFORMANCE_INFO, *PSYSTEM_PERFORMANCE_INFO;
+
+// SystemModuleInformation (11)
+typedef
+struct _SYSTEM_MODULE_ENTRY
+{
+ ULONG Unknown1;
+ ULONG Unknown2;
+ PVOID BaseAddress;
+ ULONG Size;
+ ULONG Flags;
+ ULONG EntryIndex;
+ USHORT NameLength; /* Length of module name not including the path, this field contains valid value only for NTOSKRNL module*/
+ USHORT PathLength; /* Length of 'directory path' part of modulename*/
+ CHAR Name [256];
+} SYSTEM_MODULE_ENTRY, * PSYSTEM_MODULE_ENTRY;
+
+typedef
+struct _SYSTEM_MODULE_INFORMATION
+{
+ ULONG Count;
+ SYSTEM_MODULE_ENTRY Module [1];
+} SYSTEM_MODULE_INFORMATION, *PSYSTEM_MODULE_INFORMATION;
+
+// SystemHandleInformation (16)
+// (see ontypes.h)
+typedef
+struct _SYSTEM_HANDLE_ENTRY
+{
+ ULONG OwnerPid;
+ BYTE ObjectType;
+ BYTE HandleFlags;
+ USHORT HandleValue;
+ PVOID ObjectPointer;
+ ULONG AccessMask;
+
+} SYSTEM_HANDLE_ENTRY, *PSYSTEM_HANDLE_ENTRY;
+
+typedef
+struct _SYSTEM_HANDLE_INFORMATION
+{
+ ULONG Count;
+ SYSTEM_HANDLE_ENTRY Handle [1];
+
+} SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;
+
+// SystemObjectInformation (17)
+typedef
+struct _SYSTEM_OBJECT_TYPE_INFORMATION
+{
+ ULONG NextEntryOffset;
+ ULONG ObjectCount;
+ ULONG HandleCount;
+ ULONG TypeNumber;
+ ULONG InvalidAttributes;
+ GENERIC_MAPPING GenericMapping;
+ ACCESS_MASK ValidAccessMask;
+ POOL_TYPE PoolType;
+ UCHAR Unknown;
+ UNICODE_STRING Name;
+
+} SYSTEM_OBJECT_TYPE_INFORMATION, *PSYSTEM_OBJECT_TYPE_INFORMATION;
+
+typedef
+struct _SYSTEM_OBJECT_INFORMATION
+{
+ ULONG NextEntryOffset;
+ PVOID Object;
+ ULONG CreatorProcessId;
+ USHORT Unknown;
+ USHORT Flags;
+ ULONG PointerCount;
+ ULONG HandleCount;
+ ULONG PagedPoolUsage;
+ ULONG NonPagedPoolUsage;
+ ULONG ExclusiveProcessId;
+ PSECURITY_DESCRIPTOR SecurityDescriptor;
+ UNICODE_STRING Name;
+
+} SYSTEM_OBJECT_INFORMATION, *PSYSTEM_OBJECT_INFORMATION;
+
+// SystemPageFileInformation (18)
+typedef
+struct _SYSTEM_PAGEFILE_INFORMATION
+{
+ ULONG RelativeOffset;
+ ULONG CurrentSizePages;
+ ULONG TotalUsedPages;
+ ULONG PeakUsedPages;
+ UNICODE_STRING PagefileFileName;
+
+} SYSTEM_PAGEFILE_INFORMATION, *PSYSTEM_PAGEFILE_INFORMATION;
+
+// SystemCacheInformation (21)
+typedef
+struct _SYSTEM_CACHE_INFORMATION
+{
+ ULONG CurrentSize;
+ ULONG PeakSize;
+ ULONG PageFaultCount;
+ ULONG MinimumWorkingSet;
+ ULONG MaximumWorkingSet;
+ ULONG Unused[4];
+
+} SYSTEM_CACHE_INFORMATION;
+
+// SystemDpcInformation (24)
+typedef
+struct _SYSTEM_DPC_INFORMATION
+{
+ ULONG Unused;
+ ULONG KiMaximumDpcQueueDepth;
+ ULONG KiMinimumDpcRate;
+ ULONG KiAdjustDpcThreshold;
+ ULONG KiIdealDpcRate;
+
+} SYSTEM_DPC_INFORMATION, *PSYSTEM_DPC_INFORMATION;
+
+// SystemLoadImage (26)
+typedef struct _SYSTEM_LOAD_IMAGE
+{
+ UNICODE_STRING ModuleName;
+ PVOID ModuleBase;
+ PVOID SectionPointer;
+ PVOID EntryPoint;
+ PVOID ExportDirectory;
+} SYSTEM_LOAD_IMAGE, *PSYSTEM_LOAD_IMAGE;
+
+// SystemUnloadImage (27)
+typedef struct _SYSTEM_UNLOAD_IMAGE
+{
+ PVOID ModuleBase;
+} SYSTEM_UNLOAD_IMAGE, *PSYSTEM_UNLOAD_IMAGE;
+
+// SystemTimeAdjustmentInformation (28)
+typedef
+struct _SYSTEM_QUERY_TIME_ADJUSTMENT
+{
+ ULONG TimeAdjustment;
+ ULONG MaximumIncrement;
+ BOOLEAN TimeSynchronization;
+
+} SYSTEM_QUERY_TIME_ADJUSTMENT, *PSYSTEM_QUERY_TIME_ADJUSTMENT;
+
+typedef
+struct _SYSTEM_SET_TIME_ADJUSTMENT
+{
+ ULONG TimeAdjustment;
+ BOOLEAN TimeSynchronization;
+
+} SYSTEM_TIME_ADJUSTMENT_INFO, *PSYSTEM_TIME_ADJUSTMENT_INFO;
+
+// atom information
+
+typedef enum _ATOM_INFORMATION_CLASS
+{
+ AtomBasicInformation = 0,
+ AtomTableInformation = 1,
+} ATOM_INFORMATION_CLASS;
+
+typedef struct _ATOM_BASIC_INFORMATION
+{
+ USHORT UsageCount;
+ USHORT Flags;
+ USHORT NameLength;
+ WCHAR Name[1];
+} ATOM_BASIC_INFORMATION, *PATOM_BASIC_INFORMATION;
+
+// SystemLoadAndCallImage(38)
+typedef struct _SYSTEM_LOAD_AND_CALL_IMAGE
+{
+ UNICODE_STRING ModuleName;
+} SYSTEM_LOAD_AND_CALL_IMAGE, *PSYSTEM_LOAD_AND_CALL_IMAGE;
+
+// SystemTimeZoneInformation (44)
+typedef
+struct _SYSTEM_TIME_ZONE_INFORMATION
+{
+ LONG Bias;
+ WCHAR StandardName [32];
+ TIME StandardDate;
+ LONG StandardBias;
+ WCHAR DaylightName [32];
+ TIME DaylightDate;
+ LONG DaylightBias;
+
+} SYSTEM_TIME_ZONE_INFORMATION, * PSYSTEM_TIME_ZONE_INFORMATION;
+
+// SystemLookasideInformation (45)
+typedef
+struct _SYSTEM_LOOKASIDE_INFORMATION
+{
+ USHORT Depth;
+ USHORT MaximumDepth;
+ ULONG TotalAllocates;
+ ULONG AllocatesMisses;
+ ULONG TotalFrees;
+ ULONG FreeMisses;
+ POOL_TYPE Type;
+ ULONG Tag;
+ ULONG Size;
+
+} SYSTEM_LOOKASIDE_INFORMATION, * PSYSTEM_LOOKASIDE_INFORMATION;
+
+// SystemSetTimeSlipEvent (46)
+typedef
+struct _SYSTEM_SET_TIME_SLIP_EVENT
+{
+ HANDLE TimeSlipEvent; /* IN */
+
+} SYSTEM_SET_TIME_SLIP_EVENT, * PSYSTEM_SET_TIME_SLIP_EVENT;
+
+// SystemCreateSession (47)
+// (available only on TSE/NT5+)
+typedef
+struct _SYSTEM_CREATE_SESSION
+{
+ ULONG SessionId; /* OUT */
+
+} SYSTEM_CREATE_SESSION, * PSYSTEM_CREATE_SESSION;
+
+// SystemDeleteSession (48)
+// (available only on TSE/NT5+)
+typedef
+struct _SYSTEM_DELETE_SESSION
+{
+ ULONG SessionId; /* IN */
+
+} SYSTEM_DELETE_SESSION, * PSYSTEM_DELETE_SESSION;
+
+// SystemRangeStartInformation (50)
+typedef
+struct _SYSTEM_RANGE_START_INFORMATION
+{
+ PVOID SystemRangeStart;
+
+} SYSTEM_RANGE_START_INFORMATION, * PSYSTEM_RANGE_START_INFORMATION;
+
+// SystemSessionProcessesInformation (53)
+// (available only on TSE/NT5+)
+typedef
+struct _SYSTEM_SESSION_PROCESSES_INFORMATION
+{
+ ULONG SessionId;
+ ULONG BufferSize;
+ PVOID Buffer; /* same format as in SystemProcessInformation */
+
+} SYSTEM_SESSION_PROCESSES_INFORMATION, * PSYSTEM_SESSION_PROCESSES_INFORMATION;
+
+// memory information
+
+typedef enum _MEMORY_INFORMATION_CLASS {
+ MemoryBasicInformation,
+ MemoryWorkingSetList,
+ MemorySectionName //,
+ //MemoryBasicVlmInformation //???
+} MEMORY_INFORMATION_CLASS;
+
+typedef struct _MEMORY_BASIC_INFORMATION { // Information Class 0
+ PVOID BaseAddress;
+ PVOID AllocationBase;
+ ULONG AllocationProtect;
+ ULONG RegionSize;
+ ULONG State;
+ ULONG Protect;
+ ULONG Type;
+} MEMORY_BASIC_INFORMATION, *PMEMORY_BASIC_INFORMATION;
+
+typedef struct _MEMORY_WORKING_SET_LIST { // Information Class 1
+ ULONG NumberOfPages;
+ ULONG WorkingSetList[1];
+} MEMORY_WORKING_SET_LIST, *PMEMORY_WORKING_SET_LIST;
+
+// Information Class 2
+#define _MEMORY_SECTION_NAME_STATIC(__bufsize__) \
+ { \
+ UNICODE_STRING SectionFileName; \
+ WCHAR NameBuffer[(__bufsize__)]; \
+}
+
+#define MEMORY_SECTION_NAME_STATIC(__bufsize__) \
+ struct _MEMORY_SECTION_NAME_STATIC((__bufsize__)
+
+typedef struct _MEMORY_SECTION_NAME_STATIC(ANYSIZE_ARRAY)
+ MEMORY_SECTION_NAME, *PMEMORY_SECTION_NAME;
+
+// Information class 0
+typedef struct _PROCESS_BASIC_INFORMATION
+{
+ NTSTATUS ExitStatus;
+ PPEB PebBaseAddress;
+ KAFFINITY AffinityMask;
+ KPRIORITY BasePriority;
+ ULONG UniqueProcessId;
+ ULONG InheritedFromUniqueProcessId;
+} PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION;
+
+// Information class 1
+typedef struct _QUOTA_LIMITS
+{
+ ULONG PagedPoolLimit;
+ ULONG NonPagedPoolLimit;
+ ULONG MinimumWorkingSetSize;
+ ULONG MaximumWorkingSetSize;
+ ULONG PagefileLimit;
+ TIME TimeLimit;
+} QUOTA_LIMITS, *PQUOTA_LIMITS;
+
+// Information class 2
+typedef struct _IO_COUNTERS
+{
+ ULONG ReadOperationCount;
+ ULONG WriteOperationCount;
+ ULONG OtherOperationCount;
+ LARGE_INTEGER ReadTransferCount;
+ LARGE_INTEGER WriteTransferCount;
+ LARGE_INTEGER OtherTransferCount;
+} IO_COUNTERS, *PIO_COUNTERS;
+
+// Information class 3
+typedef struct _VM_COUNTERS_
+{
+ ULONG PeakVirtualSize;
+ ULONG VirtualSize;
+ ULONG PageFaultCount;
+ ULONG PeakWorkingSetSize;
+ ULONG WorkingSetSize;
+ ULONG QuotaPeakPagedPoolUsage;
+ ULONG QuotaPagedPoolUsage;
+ ULONG QuotaPeakNonPagedPoolUsage;
+ ULONG QuotaNonPagedPoolUsage;
+ ULONG PagefileUsage;
+ ULONG PeakPagefileUsage;
+} VM_COUNTERS, *PVM_COUNTERS;
+
+// Information class 4
+typedef struct _KERNEL_USER_TIMES
+{
+ TIME CreateTime;
+ TIME ExitTime;
+ TIME KernelTime;
+ TIME UserTime;
+} KERNEL_USER_TIMES, *PKERNEL_USER_TIMES;
+
+// Information class 9
+typedef struct _PROCESS_ACCESS_TOKEN
+{
+ HANDLE Token;
+ HANDLE Thread;
+} PROCESS_ACCESS_TOKEN, *PPROCESS_ACCESS_TOKEN;
+
+// Information class 14
+typedef struct _POOLED_USAGE_AND_LIMITS_
+{
+ ULONG PeakPagedPoolUsage;
+ ULONG PagedPoolUsage;
+ ULONG PagedPoolLimit;
+ ULONG PeakNonPagedPoolUsage;
+ ULONG NonPagedPoolUsage;
+ ULONG NonPagedPoolLimit;
+ ULONG PeakPagefileUsage;
+ ULONG PagefileUsage;
+ ULONG PagefileLimit;
+} POOLED_USAGE_AND_LIMITS, *PPOOLED_USAGE_AND_LIMITS;
+
+// Information class 15
+typedef struct _PROCESS_WS_WATCH_INFORMATION
+{
+ PVOID FaultingPc;
+ PVOID FaultingVa;
+} PROCESS_WS_WATCH_INFORMATION, *PPROCESS_WS_WATCH_INFORMATION;
+
+// Information class 18
+typedef struct _PROCESS_PRIORITY_CLASS
+{
+ BOOLEAN Foreground;
+ UCHAR PriorityClass;
+} PROCESS_PRIORITY_CLASS, *PPROCESS_PRIORITY_CLASS;
+
+// Information class 23
+typedef struct _PROCESS_DEVICEMAP_INFORMATION
+{
+ union {
+ struct {
+ HANDLE DirectoryHandle;
+ } Set;
+ struct {
+ ULONG DriveMap;
+ UCHAR DriveType[32];
+ } Query;
+ };
+} PROCESS_DEVICEMAP_INFORMATION, *pPROCESS_DEVICEMAP_INFORMATION;
+
+// Information class 24
+typedef struct _PROCESS_SESSION_INFORMATION
+{
+ ULONG SessionId;
+} PROCESS_SESSION_INFORMATION, *PPROCESS_SESSION_INFORMATION;
+
+// thread information
+
+// incompatible with MS NT
+
+typedef struct _THREAD_BASIC_INFORMATION
+{
+ NTSTATUS ExitStatus;
+ PVOID TebBaseAddress; // PNT_TIB (GN)
+ CLIENT_ID ClientId;
+ KAFFINITY AffinityMask;
+ KPRIORITY Priority;
+ KPRIORITY BasePriority;
+} THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION;
+
+// object information
+
+typedef struct _OBJECT_NAME_INFORMATION
+{
+ UNICODE_STRING Name;
+} OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION;
+
+// file information
+
+typedef struct _FILE_BASIC_INFORMATION
+{
+ TIME CreationTime;
+ TIME LastAccessTime;
+ TIME LastWriteTime;
+ TIME ChangeTime;
+ ULONG FileAttributes;
+} FILE_BASIC_INFORMATION, *PFILE_BASIC_INFORMATION;
+
+typedef struct _FILE_STANDARD_INFORMATION
+{
+ LARGE_INTEGER AllocationSize;
+ LARGE_INTEGER EndOfFile;
+ ULONG NumberOfLinks;
+ BOOLEAN DeletePending;
+ BOOLEAN Directory;
+} FILE_STANDARD_INFORMATION, *PFILE_STANDARD_INFORMATION;
+
+typedef struct _FILE_POSITION_INFORMATION
+{
+ LARGE_INTEGER CurrentByteOffset;
+} FILE_POSITION_INFORMATION, *PFILE_POSITION_INFORMATION;
+
+typedef struct _FILE_ALIGNMENT_INFORMATION
+{
+ ULONG AlignmentRequirement;
+} FILE_ALIGNMENT_INFORMATION, *PFILE_ALIGNMENT_INFORMATION;
+
+typedef struct _FILE_DISPOSITION_INFORMATION
+{
+ BOOLEAN DoDeleteFile;
+} FILE_DISPOSITION_INFORMATION, *PFILE_DISPOSITION_INFORMATION;
+
+typedef struct _FILE_END_OF_FILE_INFORMATION
+{
+ LARGE_INTEGER EndOfFile;
+} FILE_END_OF_FILE_INFORMATION, *PFILE_END_OF_FILE_INFORMATION;
+
+typedef struct _FILE_NETWORK_OPEN_INFORMATION
+{
+ TIME CreationTime;
+ TIME LastAccessTime;
+ TIME LastWriteTime;
+ TIME ChangeTime;
+ LARGE_INTEGER AllocationSize;
+ LARGE_INTEGER EndOfFile;
+ ULONG FileAttributes;
+} FILE_NETWORK_OPEN_INFORMATION, *PFILE_NETWORK_OPEN_INFORMATION;
+
+typedef struct _FILE_FULL_EA_INFORMATION
+{
+ ULONG NextEntryOffset;
+ UCHAR Flags;
+ UCHAR EaNameLength;
+ USHORT EaValueLength;
+ CHAR EaName[0];
+} FILE_FULL_EA_INFORMATION, *PFILE_FULL_EA_INFORMATION;
+
+
+typedef struct _FILE_EA_INFORMATION {
+ ULONG EaSize;
+} FILE_EA_INFORMATION, *PFILE_EA_INFORMATION;
+
+
+typedef struct _FILE_GET_EA_INFORMATION {
+ ULONG NextEntryOffset;
+ UCHAR EaNameLength;
+ CHAR EaName[0];
+} FILE_GET_EA_INFORMATION, *PFILE_GET_EA_INFORMATION;
+
+typedef struct _FILE_STREAM_INFORMATION {
+ ULONG NextEntryOffset;
+ ULONG StreamNameLength;
+ LARGE_INTEGER StreamSize;
+ LARGE_INTEGER StreamAllocationSize;
+ WCHAR StreamName[0];
+} FILE_STREAM_INFORMATION, *PFILE_STREAM_INFORMATION;
+
+typedef struct _FILE_ALLOCATION_INFORMATION {
+ LARGE_INTEGER AllocationSize;
+} FILE_ALLOCATION_INFORMATION, *PFILE_ALLOCATION_INFORMATION;
+
+typedef struct _FILE_NAME_INFORMATION {
+ ULONG FileNameLength;
+ WCHAR FileName[0];
+} FILE_NAME_INFORMATION, *PFILE_NAME_INFORMATION;
+
+typedef struct _FILE_NAMES_INFORMATION
+{
+ ULONG NextEntryOffset;
+ ULONG FileIndex;
+ ULONG FileNameLength;
+ WCHAR FileName[0];
+} FILE_NAMES_INFORMATION, *PFILE_NAMES_INFORMATION;
+
+
+typedef struct _FILE_RENAME_INFORMATION {
+ BOOLEAN Replace;
+ HANDLE RootDir;
+ ULONG FileNameLength;
+ WCHAR FileName[0];
+} FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION;
+
+
+typedef struct _FILE_INTERNAL_INFORMATION {
+ LARGE_INTEGER IndexNumber;
+} FILE_INTERNAL_INFORMATION, *PFILE_INTERNAL_INFORMATION;
+
+typedef struct _FILE_ACCESS_INFORMATION {
+ ACCESS_MASK AccessFlags;
+} FILE_ACCESS_INFORMATION, *PFILE_ACCESS_INFORMATION;
+
+
+typedef struct _FILE_MODE_INFORMATION {
+ ULONG Mode;
+} FILE_MODE_INFORMATION, *PFILE_MODE_INFORMATION;
+
+
+typedef struct _FILE_PIPE_INFORMATION {
+ ULONG ReadMode;
+ ULONG CompletionMode;
+} FILE_PIPE_INFORMATION, *PFILE_PIPE_INFORMATION;
+
+typedef struct _FILE_PIPE_LOCAL_INFORMATION {
+ ULONG NamedPipeType;
+ ULONG NamedPipeConfiguration;
+ ULONG MaximumInstances;
+ ULONG CurrentInstances;
+ ULONG InboundQuota;
+ ULONG ReadDataAvailable;
+ ULONG OutboundQuota;
+ ULONG WriteQuotaAvailable;
+ ULONG NamedPipeState;
+ ULONG NamedPipeEnd;
+} FILE_PIPE_LOCAL_INFORMATION, *PFILE_PIPE_LOCAL_INFORMATION;
+
+typedef struct _FILE_PIPE_REMOTE_INFORMATION {
+ LARGE_INTEGER CollectDataTime;
+ ULONG MaximumCollectionCount;
+} FILE_PIPE_REMOTE_INFORMATION, *PFILE_PIPE_REMOTE_INFORMATION;
+
+typedef struct _FILE_MAILSLOT_QUERY_INFORMATION {
+ ULONG MaxMessageSize;
+ ULONG Unknown; /* ?? */
+ ULONG NextSize;
+ ULONG MessageCount;
+ LARGE_INTEGER Timeout;
+} FILE_MAILSLOT_QUERY_INFORMATION, *PFILE_MAILSLOT_QUERY_INFORMATION;
+
+typedef struct _FILE_MAILSLOT_SET_INFORMATION {
+ LARGE_INTEGER Timeout;
+} FILE_MAILSLOT_SET_INFORMATION, *PFILE_MAILSLOT_SET_INFORMATION;
+
+typedef struct _FILE_COMPRESSION_INFORMATION {
+ LARGE_INTEGER CompressedFileSize;
+ USHORT CompressionFormat;
+ UCHAR CompressionUnitShift;
+ UCHAR ChunkShift;
+ UCHAR ClusterShift;
+ UCHAR Reserved[3];
+} FILE_COMPRESSION_INFORMATION, *PFILE_COMPRESSION_INFORMATION;
+
+typedef struct _FILE_ALL_INFORMATION {
+ FILE_BASIC_INFORMATION BasicInformation;
+ FILE_STANDARD_INFORMATION StandardInformation;
+ FILE_INTERNAL_INFORMATION InternalInformation;
+ FILE_EA_INFORMATION EaInformation;
+ FILE_ACCESS_INFORMATION AccessInformation;
+ FILE_POSITION_INFORMATION PositionInformation;
+ FILE_MODE_INFORMATION ModeInformation;
+ FILE_ALIGNMENT_INFORMATION AlignmentInformation;
+ FILE_NAME_INFORMATION NameInformation;
+} FILE_ALL_INFORMATION, *PFILE_ALL_INFORMATION;
+
+
+// file system information structures
+
+typedef struct _FILE_FS_DEVICE_INFORMATION {
+ DEVICE_TYPE DeviceType;
+ ULONG Characteristics;
+} FILE_FS_DEVICE_INFORMATION, *PFILE_FS_DEVICE_INFORMATION;
+
+
+typedef struct _FILE_FS_VOLUME_INFORMATION {
+ TIME VolumeCreationTime;
+ ULONG VolumeSerialNumber;
+ ULONG VolumeLabelLength;
+ BOOLEAN SupportsObjects;
+ WCHAR VolumeLabel[0];
+} FILE_FS_VOLUME_INFORMATION, *PFILE_FS_VOLUME_INFORMATION;
+
+typedef struct _FILE_FS_SIZE_INFORMATION {
+ LARGE_INTEGER TotalAllocationUnits;
+ LARGE_INTEGER AvailableAllocationUnits;
+ ULONG SectorsPerAllocationUnit;
+ ULONG BytesPerSector;
+} FILE_FS_SIZE_INFORMATION, *PFILE_FS_SIZE_INFORMATION;
+
+typedef struct _FILE_FS_ATTRIBUTE_INFORMATION {
+ ULONG FileSystemAttributes;
+ LONG MaximumComponentNameLength;
+ ULONG FileSystemNameLength;
+ WCHAR FileSystemName[0];
+} FILE_FS_ATTRIBUTE_INFORMATION, *PFILE_FS_ATTRIBUTE_INFORMATION;
+
+/*
+ FileSystemAttributes is one of the following values:
+
+ FILE_CASE_SENSITIVE_SEARCH 0x00000001
+ FILE_CASE_PRESERVED_NAMES 0x00000002
+ FILE_UNICODE_ON_DISK 0x00000004
+ FILE_PERSISTENT_ACLS 0x00000008
+ FILE_FILE_COMPRESSION 0x00000010
+ FILE_VOLUME_QUOTAS 0x00000020
+ FILE_VOLUME_IS_COMPRESSED 0x00008000
+*/
+typedef struct _FILE_FS_LABEL_INFORMATION {
+ ULONG VolumeLabelLength;
+ WCHAR VolumeLabel[0];
+} FILE_FS_LABEL_INFORMATION, *PFILE_FS_LABEL_INFORMATION;
+
+// read file scatter / write file scatter
+//FIXME I am a win32 struct aswell
+
+typedef union _FILE_SEGMENT_ELEMENT {
+ PVOID Buffer;
+ ULONG Alignment;
+}FILE_SEGMENT_ELEMENT, *PFILE_SEGMENT_ELEMENT;
+
+typedef struct _FILE_DIRECTORY_INFORMATION {
+ ULONG NextEntryOffset;
+ ULONG FileIndex;
+ TIME CreationTime;
+ TIME LastAccessTime;
+ TIME LastWriteTime;
+ TIME ChangeTime;
+ LARGE_INTEGER EndOfFile;
+ LARGE_INTEGER AllocationSize;
+ ULONG FileAttributes;
+ ULONG FileNameLength;
+ WCHAR FileName[0];
+} FILE_DIRECTORY_INFORMATION, *PFILE_DIRECTORY_INFORMATION;
+
+typedef struct _FILE_FULL_DIRECTORY_INFORMATION {
+ ULONG NextEntryOffset;
+ ULONG FileIndex;
+ TIME CreationTime;
+ TIME LastAccessTime;
+ TIME LastWriteTime;
+ TIME ChangeTime;
+ LARGE_INTEGER EndOfFile;
+ LARGE_INTEGER AllocationSize;
+ ULONG FileAttributes;
+ ULONG FileNameLength;
+ ULONG EaSize;
+ WCHAR FileName[0]; // variable size
+} FILE_FULL_DIRECTORY_INFORMATION, *PFILE_FULL_DIRECTORY_INFORMATION,
+ FILE_FULL_DIR_INFORMATION, *PFILE_FULL_DIR_INFORMATION;
+
+
+typedef struct _FILE_BOTH_DIRECTORY_INFORMATION {
+ ULONG NextEntryOffset;
+ ULONG FileIndex;
+ TIME CreationTime;
+ TIME LastAccessTime;
+ TIME LastWriteTime;
+ TIME ChangeTime;
+ LARGE_INTEGER EndOfFile;
+ LARGE_INTEGER AllocationSize;
+ ULONG FileAttributes;
+ ULONG FileNameLength;
+ ULONG EaSize;
+ CHAR ShortNameLength;
+ WCHAR ShortName[12]; // 8.3 name
+ WCHAR FileName[0];
+} FILE_BOTH_DIRECTORY_INFORMATION, *PFILE_BOTH_DIRECTORY_INFORMATION,
+ FILE_BOTH_DIR_INFORMATION, *PFILE_BOTH_DIR_INFORMATION;
+
+/*
+ NotifyFilter / CompletionFilter:
+
+ FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001
+ FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002
+ FILE_NOTIFY_CHANGE_NAME 0x00000003
+ FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004
+ FILE_NOTIFY_CHANGE_SIZE 0x00000008
+ FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010
+ FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020
+ FILE_NOTIFY_CHANGE_CREATION 0x00000040
+ FILE_NOTIFY_CHANGE_EA 0x00000080
+ FILE_NOTIFY_CHANGE_SECURITY 0x00000100
+ FILE_NOTIFY_CHANGE_STREAM_NAME 0x00000200
+ FILE_NOTIFY_CHANGE_STREAM_SIZE 0x00000400
+ FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800
+*/
+
+typedef struct _FILE_NOTIFY_INFORMATION {
+ ULONG Action;
+ ULONG FileNameLength;
+ WCHAR FileName[0];
+} FILE_NOTIFY_INFORMATION;
+
+#define FSCTL_GET_VOLUME_BITMAP 0x9006F
+#define FSCTL_GET_RETRIEVAL_POINTERS 0x90073
+#define FSCTL_MOVE_FILE 0x90074
+
+typedef struct _MAPPING_PAIR
+{
+ ULONGLONG Vcn;
+ ULONGLONG Lcn;
+} MAPPING_PAIR, *PMAPPING_PAIR;
+
+typedef struct _GET_RETRIEVAL_DESCRIPTOR
+{
+ ULONG NumberOfPairs;
+ ULONGLONG StartVcn;
+ MAPPING_PAIR Pair[0]; // variable size
+} GET_RETRIEVAL_DESCRIPTOR, *PGET_RETRIEVAL_DESCRIPTOR;
+
+typedef struct _MOVEFILE_DESCRIPTOR
+{
+ HANDLE FileHandle;
+ ULONG Reserved;
+ LARGE_INTEGER StartVcn;
+ LARGE_INTEGER TargetLcn;
+ ULONG NumVcns;
+ ULONG Reserved1;
+} MOVEFILE_DESCRIPTOR, *PMOVEFILE_DESCRIPTOR;
+
+typedef struct _SECTION_BASIC_INFORMATION
+{
+ PVOID BaseAddress;
+ ULONG Attributes;
+ LARGE_INTEGER Size;
+} SECTION_BASIC_INFORMATION, *PSECTION_BASIC_INFORMATION;
+
+typedef enum _SECTION_INFORMATION_CLASS
+{
+ SectionBasicInformation,
+ SectionImageInformation,
+} SECTION_INFORMATION_CLASS;
// shutdown action
} SHUTDOWN_ACTION;
#else /* __USE_W32API */
-\r
-#define DebugDbgLoadSymbols ((DEBUG_CONTROL_CODE)0xffffffff)\r
-\r
+
+#define DebugDbgLoadSymbols ((DEBUG_CONTROL_CODE)0xffffffff)
+
#endif /* __USE_W32API */
-\r
-#define NtCurrentProcess() ( (HANDLE) 0xFFFFFFFF )\r
-#define NtCurrentThread() ( (HANDLE) 0xFFFFFFFE )\r
-#if 1\r
-extern ULONG NtBuildNumber;\r
-#else\r
-#ifdef __NTOSKRNL__\r
-extern ULONG NtBuildNumber;\r
-#else\r
-extern ULONG NtBuildNumber;\r
-#endif\r
-#endif\r
-\r
-// event access mask\r
-\r
-#define EVENT_READ_ACCESS 1\r
-#define EVENT_WRITE_ACCESS 2\r
-\r
-//process query / set information class\r
-\r
-#define ProcessBasicInformation 0\r
-#define ProcessQuotaLimits 1\r
-#define ProcessIoCounters 2\r
-#define ProcessVmCounters 3\r
-#define ProcessTimes 4\r
-#define ProcessBasePriority 5\r
-#define ProcessRaisePriority 6\r
-#define ProcessDebugPort 7\r
-#define ProcessExceptionPort 8\r
-#define ProcessAccessToken 9\r
-#define ProcessLdtInformation 10\r
-#define ProcessLdtSize 11\r
-#define ProcessDefaultHardErrorMode 12\r
-#define ProcessIoPortHandlers 13\r
-#define ProcessPooledUsageAndLimits 14\r
-#define ProcessWorkingSetWatch 15\r
-#define ProcessUserModeIOPL 16\r
-#define ProcessEnableAlignmentFaultFixup 17\r
-#define ProcessPriorityClass 18\r
-#define ProcessWx86Information 19\r
-#define ProcessHandleCount 20\r
-#define ProcessAffinityMask 21\r
-#define ProcessPriorityBoost 22\r
-#define ProcessDeviceMap 23\r
-#define ProcessSessionInformation 24\r
-#define ProcessForegroundInformation 25\r
-#define ProcessWow64Information 26\r
-/* ReactOS private. */\r
-#define ProcessImageFileName 27\r
-#define ProcessDesktop 28\r
-#define MaxProcessInfoClass 29\r
-\r
-/*\r
- * thread query / set information class\r
- */\r
-#define ThreadBasicInformation 0\r
-#define ThreadTimes 1\r
-#define ThreadPriority 2\r
-#define ThreadBasePriority 3\r
-#define ThreadAffinityMask 4\r
-#define ThreadImpersonationToken 5\r
-#define ThreadDescriptorTableEntry 6\r
-#define ThreadEnableAlignmentFaultFixup 7\r
-#define ThreadEventPair 8\r
-#define ThreadQuerySetWin32StartAddress 9\r
-#define ThreadZeroTlsCell 10\r
-#define ThreadPerformanceCount 11\r
-#define ThreadAmILastThread 12\r
-#define ThreadIdealProcessor 13\r
-#define ThreadPriorityBoost 14\r
-#define ThreadSetTlsArrayAddress 15\r
-#define ThreadIsIoPending 16\r
-#define ThreadHideFromDebugger 17\r
-#define MaxThreadInfoClass 17\r
-\r
-// object handle information\r
-\r
-#define ObjectBasicInformation 0\r
-#define ObjectNameInformation 1\r
-#define ObjectTypeInformation 2\r
-#define ObjectAllInformation 3\r
-#define ObjectDataInformation 4\r
-\r
-typedef struct _ATOM_TABLE_INFORMATION\r
-{\r
- ULONG NumberOfAtoms;\r
- RTL_ATOM Atoms[1];\r
-} ATOM_TABLE_INFORMATION, *PATOM_TABLE_INFORMATION;\r
-\r
-\r
-// mutant information\r
-\r
-typedef enum _MUTANT_INFORMATION_CLASS\r
-{\r
- MutantBasicInformation = 0\r
-} MUTANT_INFORMATION_CLASS;\r
-\r
-typedef struct _MUTANT_BASIC_INFORMATION\r
-{\r
- LONG Count;\r
- BOOLEAN Owned;\r
- BOOLEAN Abandoned;\r
-} MUTANT_BASIC_INFORMATION, *PMUTANT_BASIC_INFORMATION;\r
-\r
-\r
-// SystemTimeOfDayInformation (3)\r
-typedef\r
-struct _SYSTEM_TIMEOFDAY_INFORMATION\r
-{\r
- LARGE_INTEGER BootTime;\r
- LARGE_INTEGER CurrentTime;\r
- LARGE_INTEGER TimeZoneBias;\r
- ULONG TimeZoneId;\r
- ULONG Reserved;\r
-} SYSTEM_TIMEOFDAY_INFORMATION, *PSYSTEM_TIMEOFDAY_INFORMATION;\r
-\r
-// SystemPathInformation (4)\r
-// IT DOES NOT WORK\r
-typedef\r
-struct _SYSTEM_PATH_INFORMATION\r
-{\r
- PVOID Dummy;\r
-\r
-} SYSTEM_PATH_INFORMATION, * PSYSTEM_PATH_INFORMATION;\r
-\r
-// SystemProcessInformation (5)\r
-typedef\r
-struct _SYSTEM_THREAD_INFORMATION\r
-{\r
- TIME KernelTime;\r
- TIME UserTime;\r
- TIME CreateTime;\r
- ULONG TickCount;\r
- ULONG StartEIP;\r
- CLIENT_ID ClientId;\r
- ULONG DynamicPriority;\r
- ULONG BasePriority;\r
- ULONG nSwitches;\r
- DWORD State;\r
- KWAIT_REASON WaitReason;\r
- \r
-} SYSTEM_THREAD_INFORMATION, *PSYSTEM_THREAD_INFORMATION;\r
-\r
-typedef\r
-struct SYSTEM_PROCESS_INFORMATION\r
-{\r
- ULONG RelativeOffset;\r
- ULONG ThreadCount;\r
- ULONG Unused1 [6];\r
- TIME CreateTime;\r
- TIME UserTime;\r
- TIME KernelTime;\r
- UNICODE_STRING Name;\r
- ULONG BasePriority;\r
- ULONG ProcessId;\r
- ULONG ParentProcessId;\r
- ULONG HandleCount;\r
- ULONG Unused2[2];\r
- ULONG PeakVirtualSizeBytes;\r
- ULONG TotalVirtualSizeBytes;\r
- ULONG PageFaultCount;\r
- ULONG PeakWorkingSetSizeBytes;\r
- ULONG TotalWorkingSetSizeBytes;\r
- ULONG PeakPagedPoolUsagePages;\r
- ULONG TotalPagedPoolUsagePages;\r
- ULONG PeakNonPagedPoolUsagePages;\r
- ULONG TotalNonPagedPoolUsagePages;\r
- ULONG TotalPageFileUsageBytes;\r
- ULONG PeakPageFileUsageBytes;\r
- ULONG TotalPrivateBytes;\r
- SYSTEM_THREAD_INFORMATION ThreadSysInfo [1];\r
- \r
-} SYSTEM_PROCESS_INFORMATION, *PSYSTEM_PROCESS_INFORMATION;\r
-\r
-// SystemCallCountInformation (6)\r
-typedef\r
-struct _SYSTEM_SDT_INFORMATION\r
-{\r
- ULONG BufferLength;\r
- ULONG NumberOfSystemServiceTables;\r
- ULONG NumberOfServices [1];\r
- ULONG ServiceCounters [1];\r
-\r
-} SYSTEM_SDT_INFORMATION, *PSYSTEM_SDT_INFORMATION;\r
-\r
-// SystemDeviceInformation (7)\r
-typedef\r
-struct _SYSTEM_DEVICE_INFORMATION\r
-{\r
- ULONG NumberOfDisks;\r
- ULONG NumberOfFloppies;\r
- ULONG NumberOfCdRoms;\r
- ULONG NumberOfTapes;\r
- ULONG NumberOfSerialPorts;\r
- ULONG NumberOfParallelPorts;\r
-} SYSTEM_DEVICE_INFORMATION, *PSYSTEM_DEVICE_INFORMATION;\r
-\r
-// SystemProcessorPerformanceInformation (8)\r
-// (one per processor in the system)\r
-typedef\r
-struct _SYSTEM_PROCESSORTIME_INFO\r
-{\r
- TIME TotalProcessorRunTime;\r
- TIME TotalProcessorTime;\r
- TIME TotalProcessorUserTime;\r
- TIME TotalDPCTime;\r
- TIME TotalInterruptTime;\r
- ULONG TotalInterrupts;\r
- ULONG Unused;\r
-\r
-} SYSTEM_PROCESSORTIME_INFO, *PSYSTEM_PROCESSORTIME_INFO;\r
-\r
-// SystemFlagsInformation (9)\r
-typedef\r
-struct _SYSTEM_FLAGS_INFORMATION\r
-{\r
- ULONG Flags;\r
-\r
-} SYSTEM_FLAGS_INFORMATION, * PSYSTEM_FLAGS_INFORMATION;\r
-\r
-#define FLG_STOP_ON_EXCEPTION 0x00000001\r
-#define FLG_SHOW_LDR_SNAPS 0x00000002\r
-#define FLG_DEBUG_INITIAL_COMMAND 0x00000004\r
-#define FLG_STOP_ON_HANG_GUI 0x00000008\r
-#define FLG_HEAP_ENABLE_TAIL_CHECK 0x00000010\r
-#define FLG_HEAP_ENABLE_FREE_CHECK 0x00000020\r
-#define FLG_HEAP_VALIDATE_PARAMETERS 0x00000040\r
-#define FLG_HEAP_VALIDATE_ALL 0x00000080\r
-#define FLG_POOL_ENABLE_TAIL_CHECK 0x00000100\r
-#define FLG_POOL_ENABLE_FREE_CHECK 0x00000200\r
-#define FLG_POOL_ENABLE_TAGGING 0x00000400\r
-#define FLG_HEAP_ENABLE_TAGGING 0x00000800\r
-#define FLG_USER_STACK_TRACE_DB 0x00001000\r
-#define FLG_KERNEL_STACK_TRACE_DB 0x00002000\r
-#define FLG_MAINTAIN_OBJECT_TYPELIST 0x00004000\r
-#define FLG_HEAP_ENABLE_TAG_BY_DLL 0x00008000\r
-#define FLG_IGNORE_DEBUG_PRIV 0x00010000\r
-#define FLG_ENABLE_CSRDEBUG 0x00020000\r
-#define FLG_ENABLE_KDEBUG_SYMBOL_LOAD 0x00040000\r
-#define FLG_DISABLE_PAGE_KERNEL_STACKS 0x00080000\r
-#define FLG_HEAP_ENABLE_CALL_TRACING 0x00100000\r
-#define FLG_HEAP_DISABLE_COALESCING 0x00200000\r
-#define FLG_ENABLE_CLOSE_EXCEPTION 0x00400000\r
-#define FLG_ENABLE_EXCEPTION_LOGGING 0x00800000\r
-#define FLG_UNKNOWN_01000000 0x01000000\r
-#define FLG_UNKNOWN_02000000 0x02000000\r
-#define FLG_UNKNOWN_04000000 0x04000000\r
-#define FLG_ENABLE_DBGPRINT_BUFFERING 0x08000000\r
-#define FLG_UNKNOWN_10000000 0x10000000\r
-#define FLG_UNKNOWN_20000000 0x20000000\r
-#define FLG_UNKNOWN_40000000 0x40000000\r
-#define FLG_UNKNOWN_80000000 0x80000000\r
-\r
-// SystemCallTimeInformation (10)\r
-// UNKNOWN\r
-\r
-// SystemLocksInformation (12)\r
-typedef\r
-struct _SYSTEM_RESOURCE_LOCK_ENTRY\r
-{\r
- ULONG ResourceAddress;\r
- ULONG Always1;\r
- ULONG Unknown;\r
- ULONG ActiveCount;\r
- ULONG ContentionCount;\r
- ULONG Unused[2];\r
- ULONG NumberOfSharedWaiters;\r
- ULONG NumberOfExclusiveWaiters;\r
- \r
-} SYSTEM_RESOURCE_LOCK_ENTRY, *PSYSTEM_RESOURCE_LOCK_ENTRY;\r
-\r
-typedef\r
-struct _SYSTEM_RESOURCE_LOCK_INFO\r
-{\r
- ULONG Count;\r
- SYSTEM_RESOURCE_LOCK_ENTRY Lock [1];\r
- \r
-} SYSTEM_RESOURCE_LOCK_INFO, *PSYSTEM_RESOURCE_LOCK_INFO;\r
-\r
-// SystemInformation13 (13)\r
-// UNKNOWN\r
-\r
-// SystemInformation14 (14)\r
-// UNKNOWN\r
-\r
-// SystemInformation15 (15)\r
-// UNKNOWN\r
-\r
-// SystemInstructionEmulationInfo (19)\r
-typedef\r
-struct _SYSTEM_VDM_INFORMATION\r
-{\r
- ULONG VdmSegmentNotPresentCount;\r
- ULONG VdmINSWCount;\r
- ULONG VdmESPREFIXCount;\r
- ULONG VdmCSPREFIXCount;\r
- ULONG VdmSSPREFIXCount;\r
- ULONG VdmDSPREFIXCount;\r
- ULONG VdmFSPREFIXCount;\r
- ULONG VdmGSPREFIXCount;\r
- ULONG VdmOPER32PREFIXCount;\r
- ULONG VdmADDR32PREFIXCount;\r
- ULONG VdmINSBCount;\r
- ULONG VdmINSWV86Count;\r
- ULONG VdmOUTSBCount;\r
- ULONG VdmOUTSWCount;\r
- ULONG VdmPUSHFCount;\r
- ULONG VdmPOPFCount;\r
- ULONG VdmINTNNCount;\r
- ULONG VdmINTOCount;\r
- ULONG VdmIRETCount;\r
- ULONG VdmINBIMMCount;\r
- ULONG VdmINWIMMCount;\r
- ULONG VdmOUTBIMMCount;\r
- ULONG VdmOUTWIMMCount;\r
- ULONG VdmINBCount;\r
- ULONG VdmINWCount;\r
- ULONG VdmOUTBCount;\r
- ULONG VdmOUTWCount;\r
- ULONG VdmLOCKPREFIXCount;\r
- ULONG VdmREPNEPREFIXCount;\r
- ULONG VdmREPPREFIXCount;\r
- ULONG VdmHLTCount;\r
- ULONG VdmCLICount;\r
- ULONG VdmSTICount;\r
- ULONG VdmBopCount;\r
-\r
-} SYSTEM_VDM_INFORMATION, *PSYSTEM_VDM_INFORMATION;\r
-\r
-// SystemInformation20 (20)\r
-// UNKNOWN\r
-\r
-// SystemPoolTagInformation (22)\r
-// found by Klaus P. Gerlicher\r
-// (implemented only in checked builds)\r
-typedef\r
-struct _POOL_TAG_STATS\r
-{\r
- ULONG AllocationCount;\r
- ULONG FreeCount;\r
- ULONG SizeBytes;\r
- \r
-} POOL_TAG_STATS;\r
-\r
-typedef\r
-struct _SYSTEM_POOL_TAG_ENTRY\r
-{\r
- ULONG Tag;\r
- POOL_TAG_STATS Paged;\r
- POOL_TAG_STATS NonPaged;\r
-\r
-} SYSTEM_POOL_TAG_ENTRY, * PSYSTEM_POOL_TAG_ENTRY;\r
-\r
-typedef\r
-struct _SYSTEM_POOL_TAG_INFO\r
-{\r
- ULONG Count;\r
- SYSTEM_POOL_TAG_ENTRY PoolEntry [1];\r
-\r
-} SYSTEM_POOL_TAG_INFO, *PSYSTEM_POOL_TAG_INFO;\r
-\r
-// SystemProcessorScheduleInfo (23)\r
-typedef\r
-struct _SYSTEM_PROCESSOR_SCHEDULE_INFO\r
-{\r
- ULONG nContextSwitches;\r
- ULONG nDPCQueued;\r
- ULONG nDPCRate;\r
- ULONG TimerResolution;\r
- ULONG nDPCBypasses;\r
- ULONG nAPCBypasses;\r
- \r
-} SYSTEM_PROCESSOR_SCHEDULE_INFO, *PSYSTEM_PROCESSOR_SCHEDULE_INFO;\r
-\r
-// SystemInformation25 (25)\r
-// UNKNOWN\r
-\r
-// SystemProcessorFaultCountInfo (33)\r
-typedef\r
-struct _SYSTEM_PROCESSOR_FAULT_INFO\r
-{\r
- ULONG nAlignmentFixup;\r
- ULONG nExceptionDispatches;\r
- ULONG nFloatingEmulation;\r
- ULONG Unknown;\r
- \r
-} SYSTEM_PROCESSOR_FAULT_INFO, *PSYSTEM_PROCESSOR_FAULT_INFO;\r
-\r
-// SystemCrashDumpStateInfo (34)\r
-//\r
-\r
-// SystemDebuggerInformation (35)\r
-typedef\r
-struct _SYSTEM_DEBUGGER_INFO\r
-{\r
- BOOLEAN KdDebuggerEnabled;\r
- BOOLEAN KdDebuggerPresent;\r
- \r
-} SYSTEM_DEBUGGER_INFO, *PSYSTEM_DEBUGGER_INFO;\r
-\r
-// SystemInformation36 (36)\r
-// UNKNOWN\r
-\r
-// SystemQuotaInformation (37)\r
-typedef\r
-struct _SYSTEM_QUOTA_INFORMATION\r
-{\r
- ULONG CmpGlobalQuota;\r
- ULONG CmpGlobalQuotaUsed;\r
- ULONG MmSizeofPagedPoolInBytes;\r
- \r
-} SYSTEM_QUOTA_INFORMATION, *PSYSTEM_QUOTA_INFORMATION;\r
-\r
-// (49)\r
-// UNKNOWN\r
-\r
-// SystemVerifierInformation (51)\r
-// UNKNOWN\r
-\r
-// SystemAddVerifier (52)\r
-// UNKNOWN\r
-\r
-// wait type\r
-\r
-#define WaitAll 0\r
-#define WaitAny 1\r
-\r
-// number of wait objects\r
-\r
-#define THREAD_WAIT_OBJECTS 3\r
-//#define MAXIMUM_WAIT_OBJECTS 64\r
-\r
-// key restore flags\r
-\r
-#define REG_WHOLE_HIVE_VOLATILE 1\r
-#define REG_REFRESH_HIVE 2\r
-\r
-// object type access rights\r
-\r
-#define OBJECT_TYPE_CREATE 0x0001\r
-#define OBJECT_TYPE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0x1)\r
-\r
-// directory access rights\r
-\r
-#define DIRECTORY_QUERY 0x0001\r
-#define DIRECTORY_TRAVERSE 0x0002\r
-#define DIRECTORY_CREATE_OBJECT 0x0004\r
-#define DIRECTORY_CREATE_SUBDIRECTORY 0x0008\r
-\r
-#define DIRECTORY_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0xF)\r
-\r
-// symbolic link access rights\r
-\r
-#define SYMBOLIC_LINK_QUERY 0x0001\r
-#define SYMBOLIC_LINK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0x1)\r
-\r
-\r
-typedef struct _OBJECT_DATA_INFORMATION\r
-{\r
- BOOLEAN bInheritHandle;\r
- BOOLEAN bProtectFromClose;\r
-} OBJECT_DATA_INFORMATION, *POBJECT_DATA_INFORMATION;\r
-\r
-\r
-typedef struct _OBJECT_TYPE_INFORMATION\r
-{\r
- UNICODE_STRING Name;\r
- UNICODE_STRING Type;\r
- ULONG TotalHandles;\r
- ULONG ReferenceCount;\r
-} OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION;\r
-\r
-\r
-// directory information\r
-\r
-typedef struct _OBJDIR_INFORMATION {\r
- UNICODE_STRING ObjectName;\r
- UNICODE_STRING ObjectTypeName; // Directory, Device ...\r
- UCHAR Data[0];\r
-} OBJDIR_INFORMATION, *POBJDIR_INFORMATION;\r
-\r
-\r
-/*\r
- Action is one of the following values:\r
-\r
- FILE_ACTION_ADDED 0x00000001\r
- FILE_ACTION_REMOVED 0x00000002\r
- FILE_ACTION_MODIFIED 0x00000003\r
- FILE_ACTION_RENAMED_OLD_NAME 0x00000004\r
- FILE_ACTION_RENAMED_NEW_NAME 0x00000005\r
- FILE_ACTION_ADDED_STREAM 0x00000006\r
- FILE_ACTION_REMOVED_STREAM 0x00000007\r
- FILE_ACTION_MODIFIED_STREAM 0x00000008\r
-\r
-*/\r
-\r
-\r
-// File System Control commands ( related to defragging )\r
-\r
-#define FSCTL_READ_MFT_RECORD 0x90068 // NTFS only\r
-\r
-typedef struct _BITMAP_DESCRIPTOR\r
-{\r
- ULONGLONG StartLcn;\r
- ULONGLONG ClustersToEndOfVol;\r
- BYTE Map[0]; // variable size\r
-} BITMAP_DESCRIPTOR, *PBITMAP_DESCRIPTOR;\r
-\r
-\r
-//typedef enum _TIMER_TYPE \r
-//{\r
-// NotificationTimer,\r
-// SynchronizationTimer\r
-//} TIMER_TYPE;\r
-\r
-typedef struct _TIMER_BASIC_INFORMATION\r
-{\r
- LARGE_INTEGER TimeRemaining;\r
- BOOLEAN SignalState;\r
-} TIMER_BASIC_INFORMATION, *PTIMER_BASIC_INFORMATION;\r
-\r
-typedef enum _TIMER_INFORMATION_CLASS\r
-{\r
- TimerBasicInformation\r
-} TIMER_INFORMATION_CLASS;\r
-\r
-typedef\r
-struct _LPC_PORT_BASIC_INFORMATION\r
-{\r
- DWORD Unknown0;\r
- DWORD Unknown1;\r
- DWORD Unknown2;\r
- DWORD Unknown3;\r
- DWORD Unknown4;\r
- DWORD Unknown5;\r
- DWORD Unknown6;\r
- DWORD Unknown7;\r
- DWORD Unknown8;\r
- DWORD Unknown9;\r
- DWORD Unknown10;\r
- DWORD Unknown11;\r
- DWORD Unknown12;\r
- DWORD Unknown13;\r
-\r
-} LPC_PORT_BASIC_INFORMATION, * PLPC_PORT_BASIC_INFORMATION;\r
-\r
-#endif\r
+
+#define NtCurrentProcess() ( (HANDLE) 0xFFFFFFFF )
+#define NtCurrentThread() ( (HANDLE) 0xFFFFFFFE )
+#if 1
+extern ULONG NtBuildNumber;
+#else
+#ifdef __NTOSKRNL__
+extern ULONG NtBuildNumber;
+#else
+extern ULONG NtBuildNumber;
+#endif
+#endif
+
+// event access mask
+
+#define EVENT_READ_ACCESS 1
+#define EVENT_WRITE_ACCESS 2
+
+//process query / set information class
+
+#define ProcessBasicInformation 0
+#define ProcessQuotaLimits 1
+#define ProcessIoCounters 2
+#define ProcessVmCounters 3
+#define ProcessTimes 4
+#define ProcessBasePriority 5
+#define ProcessRaisePriority 6
+#define ProcessDebugPort 7
+#define ProcessExceptionPort 8
+#define ProcessAccessToken 9
+#define ProcessLdtInformation 10
+#define ProcessLdtSize 11
+#define ProcessDefaultHardErrorMode 12
+#define ProcessIoPortHandlers 13
+#define ProcessPooledUsageAndLimits 14
+#define ProcessWorkingSetWatch 15
+#define ProcessUserModeIOPL 16
+#define ProcessEnableAlignmentFaultFixup 17
+#define ProcessPriorityClass 18
+#define ProcessWx86Information 19
+#define ProcessHandleCount 20
+#define ProcessAffinityMask 21
+#define ProcessPriorityBoost 22
+#define ProcessDeviceMap 23
+#define ProcessSessionInformation 24
+#define ProcessForegroundInformation 25
+#define ProcessWow64Information 26
+/* ReactOS private. */
+#define ProcessImageFileName 27
+#define ProcessDesktop 28
+#define MaxProcessInfoClass 29
+
+/*
+ * thread query / set information class
+ */
+#define ThreadBasicInformation 0
+#define ThreadTimes 1
+#define ThreadPriority 2
+#define ThreadBasePriority 3
+#define ThreadAffinityMask 4
+#define ThreadImpersonationToken 5
+#define ThreadDescriptorTableEntry 6
+#define ThreadEnableAlignmentFaultFixup 7
+#define ThreadEventPair 8
+#define ThreadQuerySetWin32StartAddress 9
+#define ThreadZeroTlsCell 10
+#define ThreadPerformanceCount 11
+#define ThreadAmILastThread 12
+#define ThreadIdealProcessor 13
+#define ThreadPriorityBoost 14
+#define ThreadSetTlsArrayAddress 15
+#define ThreadIsIoPending 16
+#define ThreadHideFromDebugger 17
+#define MaxThreadInfoClass 17
+
+// object handle information
+
+#define ObjectBasicInformation 0
+#define ObjectNameInformation 1
+#define ObjectTypeInformation 2
+#define ObjectAllInformation 3
+#define ObjectDataInformation 4
+
+typedef struct _ATOM_TABLE_INFORMATION
+{
+ ULONG NumberOfAtoms;
+ RTL_ATOM Atoms[1];
+} ATOM_TABLE_INFORMATION, *PATOM_TABLE_INFORMATION;
+
+
+// mutant information
+
+typedef enum _MUTANT_INFORMATION_CLASS
+{
+ MutantBasicInformation = 0
+} MUTANT_INFORMATION_CLASS;
+
+typedef struct _MUTANT_BASIC_INFORMATION
+{
+ LONG Count;
+ BOOLEAN Owned;
+ BOOLEAN Abandoned;
+} MUTANT_BASIC_INFORMATION, *PMUTANT_BASIC_INFORMATION;
+
+
+// SystemTimeOfDayInformation (3)
+typedef
+struct _SYSTEM_TIMEOFDAY_INFORMATION
+{
+ LARGE_INTEGER BootTime;
+ LARGE_INTEGER CurrentTime;
+ LARGE_INTEGER TimeZoneBias;
+ ULONG TimeZoneId;
+ ULONG Reserved;
+} SYSTEM_TIMEOFDAY_INFORMATION, *PSYSTEM_TIMEOFDAY_INFORMATION;
+
+// SystemPathInformation (4)
+// IT DOES NOT WORK
+typedef
+struct _SYSTEM_PATH_INFORMATION
+{
+ PVOID Dummy;
+
+} SYSTEM_PATH_INFORMATION, * PSYSTEM_PATH_INFORMATION;
+
+// SystemProcessInformation (5)
+typedef
+struct _SYSTEM_THREAD_INFORMATION
+{
+ TIME KernelTime;
+ TIME UserTime;
+ TIME CreateTime;
+ ULONG TickCount;
+ ULONG StartEIP;
+ CLIENT_ID ClientId;
+ ULONG DynamicPriority;
+ ULONG BasePriority;
+ ULONG nSwitches;
+ DWORD State;
+ KWAIT_REASON WaitReason;
+
+} SYSTEM_THREAD_INFORMATION, *PSYSTEM_THREAD_INFORMATION;
+
+typedef
+struct SYSTEM_PROCESS_INFORMATION
+{
+ ULONG RelativeOffset;
+ ULONG ThreadCount;
+ ULONG Unused1 [6];
+ TIME CreateTime;
+ TIME UserTime;
+ TIME KernelTime;
+ UNICODE_STRING Name;
+ ULONG BasePriority;
+ ULONG ProcessId;
+ ULONG ParentProcessId;
+ ULONG HandleCount;
+ ULONG Unused2[2];
+ ULONG PeakVirtualSizeBytes;
+ ULONG TotalVirtualSizeBytes;
+ ULONG PageFaultCount;
+ ULONG PeakWorkingSetSizeBytes;
+ ULONG TotalWorkingSetSizeBytes;
+ ULONG PeakPagedPoolUsagePages;
+ ULONG TotalPagedPoolUsagePages;
+ ULONG PeakNonPagedPoolUsagePages;
+ ULONG TotalNonPagedPoolUsagePages;
+ ULONG TotalPageFileUsageBytes;
+ ULONG PeakPageFileUsageBytes;
+ ULONG TotalPrivateBytes;
+ SYSTEM_THREAD_INFORMATION ThreadSysInfo [1];
+
+} SYSTEM_PROCESS_INFORMATION, *PSYSTEM_PROCESS_INFORMATION;
+
+// SystemCallCountInformation (6)
+typedef
+struct _SYSTEM_SDT_INFORMATION
+{
+ ULONG BufferLength;
+ ULONG NumberOfSystemServiceTables;
+ ULONG NumberOfServices [1];
+ ULONG ServiceCounters [1];
+
+} SYSTEM_SDT_INFORMATION, *PSYSTEM_SDT_INFORMATION;
+
+// SystemDeviceInformation (7)
+typedef
+struct _SYSTEM_DEVICE_INFORMATION
+{
+ ULONG NumberOfDisks;
+ ULONG NumberOfFloppies;
+ ULONG NumberOfCdRoms;
+ ULONG NumberOfTapes;
+ ULONG NumberOfSerialPorts;
+ ULONG NumberOfParallelPorts;
+} SYSTEM_DEVICE_INFORMATION, *PSYSTEM_DEVICE_INFORMATION;
+
+// SystemProcessorPerformanceInformation (8)
+// (one per processor in the system)
+typedef
+struct _SYSTEM_PROCESSORTIME_INFO
+{
+ TIME TotalProcessorRunTime;
+ TIME TotalProcessorTime;
+ TIME TotalProcessorUserTime;
+ TIME TotalDPCTime;
+ TIME TotalInterruptTime;
+ ULONG TotalInterrupts;
+ ULONG Unused;
+
+} SYSTEM_PROCESSORTIME_INFO, *PSYSTEM_PROCESSORTIME_INFO;
+
+// SystemFlagsInformation (9)
+typedef
+struct _SYSTEM_FLAGS_INFORMATION
+{
+ ULONG Flags;
+
+} SYSTEM_FLAGS_INFORMATION, * PSYSTEM_FLAGS_INFORMATION;
+
+#define FLG_STOP_ON_EXCEPTION 0x00000001
+#define FLG_SHOW_LDR_SNAPS 0x00000002
+#define FLG_DEBUG_INITIAL_COMMAND 0x00000004
+#define FLG_STOP_ON_HANG_GUI 0x00000008
+#define FLG_HEAP_ENABLE_TAIL_CHECK 0x00000010
+#define FLG_HEAP_ENABLE_FREE_CHECK 0x00000020
+#define FLG_HEAP_VALIDATE_PARAMETERS 0x00000040
+#define FLG_HEAP_VALIDATE_ALL 0x00000080
+#define FLG_POOL_ENABLE_TAIL_CHECK 0x00000100
+#define FLG_POOL_ENABLE_FREE_CHECK 0x00000200
+#define FLG_POOL_ENABLE_TAGGING 0x00000400
+#define FLG_HEAP_ENABLE_TAGGING 0x00000800
+#define FLG_USER_STACK_TRACE_DB 0x00001000
+#define FLG_KERNEL_STACK_TRACE_DB 0x00002000
+#define FLG_MAINTAIN_OBJECT_TYPELIST 0x00004000
+#define FLG_HEAP_ENABLE_TAG_BY_DLL 0x00008000
+#define FLG_IGNORE_DEBUG_PRIV 0x00010000
+#define FLG_ENABLE_CSRDEBUG 0x00020000
+#define FLG_ENABLE_KDEBUG_SYMBOL_LOAD 0x00040000
+#define FLG_DISABLE_PAGE_KERNEL_STACKS 0x00080000
+#define FLG_HEAP_ENABLE_CALL_TRACING 0x00100000
+#define FLG_HEAP_DISABLE_COALESCING 0x00200000
+#define FLG_ENABLE_CLOSE_EXCEPTION 0x00400000
+#define FLG_ENABLE_EXCEPTION_LOGGING 0x00800000
+#define FLG_UNKNOWN_01000000 0x01000000
+#define FLG_UNKNOWN_02000000 0x02000000
+#define FLG_UNKNOWN_04000000 0x04000000
+#define FLG_ENABLE_DBGPRINT_BUFFERING 0x08000000
+#define FLG_UNKNOWN_10000000 0x10000000
+#define FLG_UNKNOWN_20000000 0x20000000
+#define FLG_UNKNOWN_40000000 0x40000000
+#define FLG_UNKNOWN_80000000 0x80000000
+
+// SystemCallTimeInformation (10)
+// UNKNOWN
+
+// SystemLocksInformation (12)
+typedef
+struct _SYSTEM_RESOURCE_LOCK_ENTRY
+{
+ ULONG ResourceAddress;
+ ULONG Always1;
+ ULONG Unknown;
+ ULONG ActiveCount;
+ ULONG ContentionCount;
+ ULONG Unused[2];
+ ULONG NumberOfSharedWaiters;
+ ULONG NumberOfExclusiveWaiters;
+
+} SYSTEM_RESOURCE_LOCK_ENTRY, *PSYSTEM_RESOURCE_LOCK_ENTRY;
+
+typedef
+struct _SYSTEM_RESOURCE_LOCK_INFO
+{
+ ULONG Count;
+ SYSTEM_RESOURCE_LOCK_ENTRY Lock [1];
+
+} SYSTEM_RESOURCE_LOCK_INFO, *PSYSTEM_RESOURCE_LOCK_INFO;
+
+// SystemInformation13 (13)
+// UNKNOWN
+
+// SystemInformation14 (14)
+// UNKNOWN
+
+// SystemInformation15 (15)
+// UNKNOWN
+
+// SystemInstructionEmulationInfo (19)
+typedef
+struct _SYSTEM_VDM_INFORMATION
+{
+ ULONG VdmSegmentNotPresentCount;
+ ULONG VdmINSWCount;
+ ULONG VdmESPREFIXCount;
+ ULONG VdmCSPREFIXCount;
+ ULONG VdmSSPREFIXCount;
+ ULONG VdmDSPREFIXCount;
+ ULONG VdmFSPREFIXCount;
+ ULONG VdmGSPREFIXCount;
+ ULONG VdmOPER32PREFIXCount;
+ ULONG VdmADDR32PREFIXCount;
+ ULONG VdmINSBCount;
+ ULONG VdmINSWV86Count;
+ ULONG VdmOUTSBCount;
+ ULONG VdmOUTSWCount;
+ ULONG VdmPUSHFCount;
+ ULONG VdmPOPFCount;
+ ULONG VdmINTNNCount;
+ ULONG VdmINTOCount;
+ ULONG VdmIRETCount;
+ ULONG VdmINBIMMCount;
+ ULONG VdmINWIMMCount;
+ ULONG VdmOUTBIMMCount;
+ ULONG VdmOUTWIMMCount;
+ ULONG VdmINBCount;
+ ULONG VdmINWCount;
+ ULONG VdmOUTBCount;
+ ULONG VdmOUTWCount;
+ ULONG VdmLOCKPREFIXCount;
+ ULONG VdmREPNEPREFIXCount;
+ ULONG VdmREPPREFIXCount;
+ ULONG VdmHLTCount;
+ ULONG VdmCLICount;
+ ULONG VdmSTICount;
+ ULONG VdmBopCount;
+
+} SYSTEM_VDM_INFORMATION, *PSYSTEM_VDM_INFORMATION;
+
+// SystemInformation20 (20)
+// UNKNOWN
+
+// SystemPoolTagInformation (22)
+// found by Klaus P. Gerlicher
+// (implemented only in checked builds)
+typedef
+struct _POOL_TAG_STATS
+{
+ ULONG AllocationCount;
+ ULONG FreeCount;
+ ULONG SizeBytes;
+
+} POOL_TAG_STATS;
+
+typedef
+struct _SYSTEM_POOL_TAG_ENTRY
+{
+ ULONG Tag;
+ POOL_TAG_STATS Paged;
+ POOL_TAG_STATS NonPaged;
+
+} SYSTEM_POOL_TAG_ENTRY, * PSYSTEM_POOL_TAG_ENTRY;
+
+typedef
+struct _SYSTEM_POOL_TAG_INFO
+{
+ ULONG Count;
+ SYSTEM_POOL_TAG_ENTRY PoolEntry [1];
+
+} SYSTEM_POOL_TAG_INFO, *PSYSTEM_POOL_TAG_INFO;
+
+// SystemProcessorScheduleInfo (23)
+typedef
+struct _SYSTEM_PROCESSOR_SCHEDULE_INFO
+{
+ ULONG nContextSwitches;
+ ULONG nDPCQueued;
+ ULONG nDPCRate;
+ ULONG TimerResolution;
+ ULONG nDPCBypasses;
+ ULONG nAPCBypasses;
+
+} SYSTEM_PROCESSOR_SCHEDULE_INFO, *PSYSTEM_PROCESSOR_SCHEDULE_INFO;
+
+// SystemInformation25 (25)
+// UNKNOWN
+
+// SystemProcessorFaultCountInfo (33)
+typedef
+struct _SYSTEM_PROCESSOR_FAULT_INFO
+{
+ ULONG nAlignmentFixup;
+ ULONG nExceptionDispatches;
+ ULONG nFloatingEmulation;
+ ULONG Unknown;
+
+} SYSTEM_PROCESSOR_FAULT_INFO, *PSYSTEM_PROCESSOR_FAULT_INFO;
+
+// SystemCrashDumpStateInfo (34)
+//
+
+// SystemDebuggerInformation (35)
+typedef
+struct _SYSTEM_DEBUGGER_INFO
+{
+ BOOLEAN KdDebuggerEnabled;
+ BOOLEAN KdDebuggerPresent;
+
+} SYSTEM_DEBUGGER_INFO, *PSYSTEM_DEBUGGER_INFO;
+
+// SystemInformation36 (36)
+// UNKNOWN
+
+// SystemQuotaInformation (37)
+typedef
+struct _SYSTEM_QUOTA_INFORMATION
+{
+ ULONG CmpGlobalQuota;
+ ULONG CmpGlobalQuotaUsed;
+ ULONG MmSizeofPagedPoolInBytes;
+
+} SYSTEM_QUOTA_INFORMATION, *PSYSTEM_QUOTA_INFORMATION;
+
+// (49)
+// UNKNOWN
+
+// SystemVerifierInformation (51)
+// UNKNOWN
+
+// SystemAddVerifier (52)
+// UNKNOWN
+
+// wait type
+
+#define WaitAll 0
+#define WaitAny 1
+
+// number of wait objects
+
+#define THREAD_WAIT_OBJECTS 3
+//#define MAXIMUM_WAIT_OBJECTS 64
+
+// key restore flags
+
+#define REG_WHOLE_HIVE_VOLATILE 1
+#define REG_REFRESH_HIVE 2
+
+// object type access rights
+
+#define OBJECT_TYPE_CREATE 0x0001
+#define OBJECT_TYPE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0x1)
+
+// directory access rights
+
+#define DIRECTORY_QUERY 0x0001
+#define DIRECTORY_TRAVERSE 0x0002
+#define DIRECTORY_CREATE_OBJECT 0x0004
+#define DIRECTORY_CREATE_SUBDIRECTORY 0x0008
+
+#define DIRECTORY_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0xF)
+
+// symbolic link access rights
+
+#define SYMBOLIC_LINK_QUERY 0x0001
+#define SYMBOLIC_LINK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0x1)
+
+
+typedef struct _OBJECT_DATA_INFORMATION
+{
+ BOOLEAN bInheritHandle;
+ BOOLEAN bProtectFromClose;
+} OBJECT_DATA_INFORMATION, *POBJECT_DATA_INFORMATION;
+
+
+typedef struct _OBJECT_TYPE_INFORMATION
+{
+ UNICODE_STRING Name;
+ UNICODE_STRING Type;
+ ULONG TotalHandles;
+ ULONG ReferenceCount;
+} OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION;
+
+
+// directory information
+
+typedef struct _OBJDIR_INFORMATION {
+ UNICODE_STRING ObjectName;
+ UNICODE_STRING ObjectTypeName; // Directory, Device ...
+ UCHAR Data[0];
+} OBJDIR_INFORMATION, *POBJDIR_INFORMATION;
+
+
+/*
+ Action is one of the following values:
+
+ FILE_ACTION_ADDED 0x00000001
+ FILE_ACTION_REMOVED 0x00000002
+ FILE_ACTION_MODIFIED 0x00000003
+ FILE_ACTION_RENAMED_OLD_NAME 0x00000004
+ FILE_ACTION_RENAMED_NEW_NAME 0x00000005
+ FILE_ACTION_ADDED_STREAM 0x00000006
+ FILE_ACTION_REMOVED_STREAM 0x00000007
+ FILE_ACTION_MODIFIED_STREAM 0x00000008
+
+*/
+
+
+// File System Control commands ( related to defragging )
+
+#define FSCTL_READ_MFT_RECORD 0x90068 // NTFS only
+
+typedef struct _BITMAP_DESCRIPTOR
+{
+ ULONGLONG StartLcn;
+ ULONGLONG ClustersToEndOfVol;
+ BYTE Map[0]; // variable size
+} BITMAP_DESCRIPTOR, *PBITMAP_DESCRIPTOR;
+
+
+//typedef enum _TIMER_TYPE
+//{
+// NotificationTimer,
+// SynchronizationTimer
+//} TIMER_TYPE;
+
+typedef struct _TIMER_BASIC_INFORMATION
+{
+ LARGE_INTEGER TimeRemaining;
+ BOOLEAN SignalState;
+} TIMER_BASIC_INFORMATION, *PTIMER_BASIC_INFORMATION;
+
+typedef enum _TIMER_INFORMATION_CLASS
+{
+ TimerBasicInformation
+} TIMER_INFORMATION_CLASS;
+
+typedef
+struct _LPC_PORT_BASIC_INFORMATION
+{
+ DWORD Unknown0;
+ DWORD Unknown1;
+ DWORD Unknown2;
+ DWORD Unknown3;
+ DWORD Unknown4;
+ DWORD Unknown5;
+ DWORD Unknown6;
+ DWORD Unknown7;
+ DWORD Unknown8;
+ DWORD Unknown9;
+ DWORD Unknown10;
+ DWORD Unknown11;
+ DWORD Unknown12;
+ DWORD Unknown13;
+
+} LPC_PORT_BASIC_INFORMATION, * PLPC_PORT_BASIC_INFORMATION;
+
+#endif