--- /dev/null
+/* $Id: rtl.h,v 1.3 2002/11/15 21:56:37 chorns Exp $
+ *
+ */
+
+#ifndef __DDK_RTL_H
+#define __DDK_RTL_H
+
+#if defined(__NTOSKRNL__) || defined(__NTDRIVER__) || defined(__NTHAL__) || defined(__NTDLL__) || defined (__NTAPP__)
+
+#include <stddef.h>
+#include <stdarg.h>
+
+#endif /* __NTOSKRNL__ || __NTDRIVER__ || __NTHAL__ || __NTDLL__ || __NTAPP__ */
+
+#include <pe.h>
+
+
+#ifndef __USE_W32API
+
+/*
+ * PURPOSE: Flags for RtlQueryRegistryValues
+ */
+#define RTL_QUERY_REGISTRY_SUBKEY (0x00000001)
+#define RTL_QUERY_REGISTRY_TOPKEY (0x00000002)
+#define RTL_QUERY_REGISTRY_REQUIRED (0x00000004)
+#define RTL_QUERY_REGISTRY_NOVALUE (0x00000008)
+#define RTL_QUERY_REGISTRY_NOEXPAND (0x00000010)
+#define RTL_QUERY_REGISTRY_DIRECT (0x00000020)
+#define RTL_QUERY_REGISTRY_DELETE (0x00000040)
+
+/*
+ * VOID
+ * InitializeObjectAttributes (
+ * POBJECT_ATTRIBUTES InitializedAttributes,
+ * PUNICODE_STRING ObjectName,
+ * ULONG Attributes,
+ * HANDLE RootDirectory,
+ * PSECURITY_DESCRIPTOR SecurityDescriptor
+ * );
+ *
+ * FUNCTION: Sets up a parameter of type OBJECT_ATTRIBUTES for a
+ * subsequent call to ZwCreateXXX or ZwOpenXXX
+ * ARGUMENTS:
+ * InitializedAttributes (OUT) = Caller supplied storage for the
+ * object attributes
+ * ObjectName = Full path name for object
+ * Attributes = Attributes for the object
+ * RootDirectory = Where the object should be placed or NULL
+ * SecurityDescriptor = Ignored
+ */
+#define InitializeObjectAttributes(p,n,a,r,s) \
+{ \
+ (p)->Length = sizeof(OBJECT_ATTRIBUTES); \
+ (p)->ObjectName = n; \
+ (p)->Attributes = a; \
+ (p)->RootDirectory = r; \
+ (p)->SecurityDescriptor = s; \
+ (p)->SecurityQualityOfService = NULL; \
+}
+
+
+/*
+ * VOID
+ * InitializeListHead (
+ * PLIST_ENTRY ListHead
+ * );
+ *
+ * FUNCTION: Initializes a double linked list
+ * ARGUMENTS:
+ * ListHead = Caller supplied storage for the head of the list
+ */
+#define InitializeListHead(ListHead) \
+{ \
+ (ListHead)->Flink = (ListHead); \
+ (ListHead)->Blink = (ListHead); \
+}
+
+
+/*
+ * VOID
+ * InsertHeadList (
+ * PLIST_ENTRY ListHead,
+ * PLIST_ENTRY Entry
+ * );
+ *
+ * FUNCTION: Inserts an entry in a double linked list
+ * ARGUMENTS:
+ * ListHead = Head of the list
+ * Entry = Entry to insert
+ */
+#define InsertHeadList(ListHead, ListEntry) \
+{ \
+ PLIST_ENTRY OldFlink; \
+ OldFlink = (ListHead)->Flink; \
+ (ListEntry)->Flink = OldFlink; \
+ (ListEntry)->Blink = (ListHead); \
+ OldFlink->Blink = (ListEntry); \
+ (ListHead)->Flink = (ListEntry); \
+ assert((ListEntry) != NULL); \
+ assert((ListEntry)->Blink!=NULL); \
+ assert((ListEntry)->Blink->Flink == (ListEntry)); \
+ assert((ListEntry)->Flink != NULL); \
+ assert((ListEntry)->Flink->Blink == (ListEntry)); \
+}
+
+
+/*
+ * VOID
+ * InsertTailList (
+ * PLIST_ENTRY ListHead,
+ * PLIST_ENTRY Entry
+ * );
+ *
+ * FUNCTION:
+ * Inserts an entry in a double linked list
+ *
+ * ARGUMENTS:
+ * ListHead = Head of the list
+ * Entry = Entry to insert
+ */
+#define InsertTailList(ListHead, ListEntry) \
+{ \
+ PLIST_ENTRY OldBlink; \
+ OldBlink = (ListHead)->Blink; \
+ (ListEntry)->Flink = (ListHead); \
+ (ListEntry)->Blink = OldBlink; \
+ OldBlink->Flink = (ListEntry); \
+ (ListHead)->Blink = (ListEntry); \
+ assert((ListEntry) != NULL); \
+ assert((ListEntry)->Blink != NULL); \
+ assert((ListEntry)->Blink->Flink == (ListEntry)); \
+ assert((ListEntry)->Flink != NULL); \
+ assert((ListEntry)->Flink->Blink == (ListEntry)); \
+}
+
+/*
+ * BOOLEAN
+ * IsListEmpty (
+ * PLIST_ENTRY ListHead
+ * );
+ *
+ * FUNCTION:
+ * Checks if a double linked list is empty
+ *
+ * ARGUMENTS:
+ * ListHead = Head of the list
+*/
+#define IsListEmpty(ListHead) \
+ ((ListHead)->Flink == (ListHead))
+
+
+/*
+ * PSINGLE_LIST_ENTRY
+ * PopEntryList (
+ * PSINGLE_LIST_ENTRY ListHead
+ * );
+ *
+ * FUNCTION:
+ * Removes an entry from the head of a single linked list
+ *
+ * ARGUMENTS:
+ * ListHead = Head of the list
+ *
+ * RETURNS:
+ * The removed entry
+ */
+/*
+#define PopEntryList(ListHead) \
+ (ListHead)->Next; \
+ { \
+ PSINGLE_LIST_ENTRY FirstEntry; \
+ FirstEntry = (ListHead)->Next; \
+ if (FirstEntry != NULL) \
+ { \
+ (ListHead)->Next = FirstEntry->Next; \
+ } \
+ }
+*/
+static
+inline
+PSINGLE_LIST_ENTRY
+ PopEntryList(
+ PSINGLE_LIST_ENTRY ListHead
+ )
+{
+ PSINGLE_LIST_ENTRY ListEntry;
+
+ ListEntry = ListHead->Next;
+ if (ListEntry!=NULL)
+ {
+ ListHead->Next = ListEntry->Next;
+ }
+ return ListEntry;
+}
+
+#define RtlCopyMemory(Destination,Source,Length) \
+ memcpy((Destination),(Source),(Length))
+
+static
+inline
+VOID
+PushEntryList (
+ PSINGLE_LIST_ENTRY ListHead,
+ PSINGLE_LIST_ENTRY Entry
+ )
+{
+ Entry->Next = ListHead->Next;
+ ListHead->Next = Entry;
+}
+
+/*
+ *VOID
+ *RemoveEntryList (
+ * PLIST_ENTRY Entry
+ * );
+ *
+ * FUNCTION:
+ * Removes an entry from a double linked list
+ *
+ * ARGUMENTS:
+ * ListEntry = Entry to remove
+ */
+#define RemoveEntryList(ListEntry) \
+{ \
+ PLIST_ENTRY OldFlink; \
+ PLIST_ENTRY OldBlink; \
+ assert((ListEntry) != NULL); \
+ assert((ListEntry)->Blink!=NULL); \
+ assert((ListEntry)->Blink->Flink == (ListEntry)); \
+ assert((ListEntry)->Flink != NULL); \
+ assert((ListEntry)->Flink->Blink == (ListEntry)); \
+ OldFlink = (ListEntry)->Flink; \
+ OldBlink = (ListEntry)->Blink; \
+ OldFlink->Blink = OldBlink; \
+ OldBlink->Flink = OldFlink; \
+ (ListEntry)->Flink = NULL; \
+ (ListEntry)->Blink = NULL; \
+}
+
+
+/*
+ * PLIST_ENTRY
+ * RemoveHeadList (
+ * PLIST_ENTRY ListHead
+ * );
+ *
+ * FUNCTION:
+ * Removes the head entry from a double linked list
+ *
+ * ARGUMENTS:
+ * ListHead = Head of the list
+ *
+ * RETURNS:
+ * The removed entry
+ */
+/*
+#define RemoveHeadList(ListHead) \
+ (ListHead)->Flink; \
+ {RemoveEntryList((ListHead)->Flink)}
+*/
+/*
+PLIST_ENTRY
+RemoveHeadList (
+ PLIST_ENTRY ListHead
+ );
+*/
+
+static
+inline
+PLIST_ENTRY
+RemoveHeadList (
+ PLIST_ENTRY ListHead
+ )
+{
+ PLIST_ENTRY Old;
+ PLIST_ENTRY OldFlink;
+ PLIST_ENTRY OldBlink;
+
+ Old = ListHead->Flink;
+
+ OldFlink = ListHead->Flink->Flink;
+ OldBlink = ListHead->Flink->Blink;
+ OldFlink->Blink = OldBlink;
+ OldBlink->Flink = OldFlink;
+ if (Old != ListHead)
+ {
+ Old->Flink = NULL;
+ Old->Blink = NULL;
+ }
+
+ return(Old);
+}
+
+
+/*
+ * PLIST_ENTRY
+ * RemoveTailList (
+ * PLIST_ENTRY ListHead
+ * );
+ *
+ * FUNCTION:
+ * Removes the tail entry from a double linked list
+ *
+ * ARGUMENTS:
+ * ListHead = Head of the list
+ *
+ * RETURNS:
+ * The removed entry
+ */
+/*
+#define RemoveTailList(ListHead) \
+ (ListHead)->Blink; \
+ {RemoveEntryList((ListHead)->Blink)}
+*/
+/*
+PLIST_ENTRY
+RemoveTailList (
+ PLIST_ENTRY ListHead
+ );
+*/
+
+static
+inline
+PLIST_ENTRY
+RemoveTailList (
+ PLIST_ENTRY ListHead
+ )
+{
+ PLIST_ENTRY Old;
+ PLIST_ENTRY OldFlink;
+ PLIST_ENTRY OldBlink;
+
+ Old = ListHead->Blink;
+
+ OldFlink = ListHead->Blink->Flink;
+ OldBlink = ListHead->Blink->Blink;
+ OldFlink->Blink = OldBlink;
+ OldBlink->Flink = OldFlink;
+ if (Old != ListHead)
+ {
+ Old->Flink = NULL;
+ Old->Blink = NULL;
+ }
+
+ return(Old);
+}
+
+NTSTATUS
+STDCALL
+RtlAppendUnicodeToString (
+ PUNICODE_STRING Destination,
+ PWSTR Source
+ );
+
+ULONG
+STDCALL
+RtlCompareMemory (
+ PVOID Source1,
+ PVOID Source2,
+ ULONG Length
+ );
+
+BOOLEAN
+STDCALL
+RtlEqualUnicodeString (
+ PUNICODE_STRING String1,
+ PUNICODE_STRING String2,
+ BOOLEAN CaseInSensitive
+ );
+
+VOID
+RtlGetCallersAddress (
+ PVOID * CallersAddress
+ );
+
+NTSTATUS
+STDCALL
+RtlQueryRegistryValues (
+ IN ULONG RelativeTo,
+ IN PWSTR Path,
+ IN PRTL_QUERY_REGISTRY_TABLE QueryTable,
+ IN PVOID Context,
+ IN PVOID Environment
+ );
+
+NTSTATUS
+STDCALL
+RtlWriteRegistryValue (
+ ULONG RelativeTo,
+ PWSTR Path,
+ PWSTR ValueName,
+ ULONG ValueType,
+ PVOID ValueData,
+ ULONG ValueLength
+ );
+
+NTSTATUS STDCALL
+RtlDeleteRegistryValue(IN ULONG RelativeTo,
+ IN PWSTR Path,
+ IN PWSTR ValueName);
+
+VOID STDCALL
+RtlMoveMemory (PVOID Destination, CONST VOID* Source, ULONG Length);
+
+BOOLEAN STDCALL
+RtlEqualLuid(IN PLUID Luid1,
+ IN PLUID Luid2);
+
+VOID
+STDCALL
+RtlFillMemory (
+ PVOID Destination,
+ ULONG Length,
+ UCHAR Fill
+ );
+
+VOID STDCALL
+RtlZeroMemory (PVOID Destination, ULONG Length);
+
+#else /* __USE_W32API */
+
+#include <ddk/ntifs.h>
+
+#endif /* __USE_W32API */
+
+
+/*
+ * PURPOSE: Used with RtlCheckRegistryKey, RtlCreateRegistryKey,
+ * RtlDeleteRegistryKey
+ */
+#define RTL_REGISTRY_ABSOLUTE 0
+#define RTL_REGISTRY_SERVICES 1
+#define RTL_REGISTRY_CONTROL 2
+#define RTL_REGISTRY_WINDOWS_NT 3
+#define RTL_REGISTRY_DEVICEMAP 4
+#define RTL_REGISTRY_USER 5
+#define RTL_REGISTRY_ENUM 6 // ReactOS specific: Used internally in kernel only
+#define RTL_REGISTRY_MAXIMUM 7
+
+#define RTL_REGISTRY_HANDLE 0x40000000
+#define RTL_REGISTRY_OPTIONAL 0x80000000
+
+
+#define SHORT_SIZE (sizeof(USHORT))
+#define SHORT_MASK (SHORT_SIZE-1)
+#define LONG_SIZE (sizeof(ULONG))
+#define LONG_MASK (LONG_SIZE-1)
+#define LOWBYTE_MASK 0x00FF
+
+#define FIRSTBYTE(Value) ((Value) & LOWBYTE_MASK)
+#define SECONDBYTE(Value) (((Value) >> 8) & LOWBYTE_MASK)
+#define THIRDBYTE(Value) (((Value) >> 16) & LOWBYTE_MASK)
+#define FOURTHBYTE(Value) (((Value) >> 24) & LOWBYTE_MASK)
+
+/* FIXME: reverse byte-order on big-endian machines (e.g. MIPS) */
+#define SHORT_LEAST_SIGNIFICANT_BIT 0
+#define SHORT_MOST_SIGNIFICANT_BIT 1
+
+#define LONG_LEAST_SIGNIFICANT_BIT 0
+#define LONG_3RD_MOST_SIGNIFICANT_BIT 1
+#define LONG_2RD_MOST_SIGNIFICANT_BIT 2
+#define LONG_MOST_SIGNIFICANT_BIT 3
+
+
+
+#if defined(__NTOSKRNL__) || defined(__NTDLL__)
+#define NLS_MB_CODE_PAGE_TAG NlsMbCodePageTag
+#define NLS_MB_OEM_CODE_PAGE_TAG NlsMbOemCodePageTag
+#else
+#define NLS_MB_CODE_PAGE_TAG (*NlsMbCodePageTag)
+#define NLS_MB_OEM_CODE_PAGE_TAG (*NlsMbOemCodePageTag)
+#endif /* __NTOSKRNL__ || __NTDLL__ */
+
+extern BOOLEAN NLS_MB_CODE_PAGE_TAG;
+extern BOOLEAN NLS_MB_OEM_CODE_PAGE_TAG;
+
+
+/*
+ * NOTE: ReactOS extensions
+ */
+#define RtlMin(X,Y) (((X) < (Y))? (X) : (Y))
+#define RtlMax(X,Y) (((X) > (Y))? (X) : (Y))
+#define RtlMin3(X,Y,Z) (((X) < (Y)) ? RtlMin(X,Z) : RtlMin(Y,Z))
+#define RtlMax3(X,Y,Z) (((X) > (Y)) ? RtlMax(X,Z) : RtlMax(Y,Z))
+
+
+/*\r
+VOID\r
+InitializeUnicodeString (\r
+ PUNICODE_STRING DestinationString,\r
+ USHORT Lenght,\r
+ USHORT MaximumLength,\r
+ PCWSTR Buffer\r
+ );\r
+\r
+ Initialize an UNICODE_STRING from its fields. Use when you know the values of\r
+ all the fields in advance\r
+\r
+ */\r
+\r
+#define InitializeUnicodeString(__PDEST_STRING__,__LENGTH__,__MAXLENGTH__,__BUFFER__) \\r
+{ \\r
+ (__PDEST_STRING__)->Length = (__LENGTH__); \\r
+ (__PDEST_STRING__)->MaximumLength = (__MAXLENGTH__); \\r
+ (__PDEST_STRING__)->Buffer = (__BUFFER__); \\r
+}\r
+\r
+/*\r
+VOID\r
+RtlInitUnicodeStringFromLiteral (\r
+ PUNICODE_STRING DestinationString,\r
+ PCWSTR SourceString\r
+ );\r
+\r
+ Initialize an UNICODE_STRING from a wide string literal. WARNING: use only with\r
+ string literals and statically initialized arrays, it will calculate the wrong\r
+ length otherwise\r
+\r
+ */\r
+\r
+#define RtlInitUnicodeStringFromLiteral(__PDEST_STRING__,__SOURCE_STRING__) \\r
+ InitializeUnicodeString( \\r
+ (__PDEST_STRING__), \\r
+ sizeof(__SOURCE_STRING__) - sizeof(WCHAR), \\r
+ sizeof(__SOURCE_STRING__), \\r
+ (__SOURCE_STRING__) \\r
+ )\r
+\r
+/*\r
+ Static initializer for UNICODE_STRING variables. Usage:\r
+\r
+ UNICODE_STRING wstr = UNICODE_STRING_INITIALIZER(L"string");\r
+\r
+*/\r
+\r
+#define UNICODE_STRING_INITIALIZER(__SOURCE_STRING__) \\r
+{ \\r
+ sizeof((__SOURCE_STRING__)) - sizeof(WCHAR), \\r
+ sizeof((__SOURCE_STRING__)), \\r
+ (__SOURCE_STRING__) \\r
+}\r
+\r
+/*\r
+ Initializer for empty UNICODE_STRING variables. Usage:\r
+\r
+ UNICODE_STRING wstr = EMPTY_UNICODE_STRING;\r
+\r
+*/\r
+#define EMPTY_UNICODE_STRING {0, 0, NULL}\r
+
+
+/*
+VOID
+PushEntryList (
+ PSINGLE_LIST_ENTRY ListHead,
+ PSINGLE_LIST_ENTRY Entry
+ );
+*/
+/*
+#define PushEntryList(ListHead,Entry) \
+ (Entry)->Next = (ListHead)->Next; \
+ (ListHead)->Next = (Entry)
+*/
+
+#ifndef __USE_W32API
+
+/*
+ * An ReactOS extension
+ */
+static
+inline
+PSINGLE_LIST_ENTRY
+ PopEntrySList(
+ PSLIST_HEADER ListHead
+ )
+{
+ PSINGLE_LIST_ENTRY ListEntry;
+
+ ListEntry = ListHead->s.Next.Next;
+ if (ListEntry!=NULL)
+ {
+ ListHead->s.Next.Next = ListEntry->Next;
+ ListHead->s.Depth++;
+ ListHead->s.Sequence++;
+ }
+ return ListEntry;
+}
+
+
+/*
+ * An ReactOS extension
+ */
+static
+inline
+VOID
+PushEntrySList (
+ PSLIST_HEADER ListHead,
+ PSINGLE_LIST_ENTRY Entry
+ )
+{
+ Entry->Next = ListHead->s.Next.Next;
+ ListHead->s.Next.Next = Entry;
+ ListHead->s.Depth++;
+ ListHead->s.Sequence++;
+}
+
+#else /* __USE_W32API */
+
+/*
+ * An ReactOS extension
+ */
+static
+inline
+PSINGLE_LIST_ENTRY
+ PopEntrySList(
+ PSLIST_HEADER ListHead
+ )
+{
+ PSINGLE_LIST_ENTRY ListEntry;
+
+ ListEntry = ListHead->Next.Next;
+ if (ListEntry!=NULL)
+ {
+ ListHead->Next.Next = ListEntry->Next;
+ ListHead->Depth++;
+ ListHead->Sequence++;
+ }
+ return ListEntry;
+}
+
+
+/*
+ * An ReactOS extension
+ */
+static
+inline
+VOID
+PushEntrySList (
+ PSLIST_HEADER ListHead,
+ PSINGLE_LIST_ENTRY Entry
+ )
+{
+ Entry->Next = ListHead->Next.Next;
+ ListHead->Next.Next = Entry;
+ ListHead->Depth++;
+ ListHead->Sequence++;
+}
+
+#endif /* __USE_W32API */
+
+
+NTSTATUS
+STDCALL
+RtlAddAtomToAtomTable (
+ IN PRTL_ATOM_TABLE AtomTable,
+ IN PWSTR AtomName,
+ OUT PRTL_ATOM Atom
+ );
+
+PVOID STDCALL
+RtlAllocateHeap (
+ HANDLE Heap,
+ ULONG Flags,
+ ULONG Size
+ );
+
+WCHAR
+STDCALL
+RtlAnsiCharToUnicodeChar (
+ CHAR AnsiChar
+ );
+
+ULONG
+STDCALL
+RtlAnsiStringToUnicodeSize (
+ PANSI_STRING AnsiString
+ );
+
+NTSTATUS
+STDCALL
+RtlAnsiStringToUnicodeString (
+ PUNICODE_STRING DestinationString,
+ PANSI_STRING SourceString,
+ BOOLEAN AllocateDestinationString
+ );
+
+NTSTATUS
+STDCALL
+RtlAppendAsciizToString(
+ PSTRING Destination,
+ PCSZ Source
+ );
+
+NTSTATUS
+STDCALL
+RtlAppendStringToString (
+ PSTRING Destination,
+ PSTRING Source
+ );
+
+NTSTATUS
+STDCALL
+RtlAppendUnicodeStringToString (
+ PUNICODE_STRING Destination,
+ PUNICODE_STRING Source
+ );
+
+BOOLEAN
+STDCALL
+RtlAreBitsClear (
+ PRTL_BITMAP BitMapHeader,
+ ULONG StartingIndex,
+ ULONG Length
+ );
+
+BOOLEAN
+STDCALL
+RtlAreBitsSet (
+ PRTL_BITMAP BitMapHeader,
+ ULONG StartingIndex,
+ ULONG Length
+ );
+
+VOID
+STDCALL
+RtlAssert (
+ PVOID FailedAssertion,
+ PVOID FileName,
+ ULONG LineNumber,
+ PCHAR Message
+ );
+
+NTSTATUS
+STDCALL
+RtlCharToInteger (
+ PCSZ String,
+ ULONG Base,
+ PULONG Value
+ );
+
+NTSTATUS
+STDCALL
+RtlCheckRegistryKey (
+ ULONG RelativeTo,
+ PWSTR Path
+ );
+
+VOID
+STDCALL
+RtlClearAllBits (
+ IN PRTL_BITMAP BitMapHeader
+ );
+
+VOID
+STDCALL
+RtlClearBits (
+ IN PRTL_BITMAP BitMapHeader,
+ IN ULONG StartingIndex,
+ IN ULONG NumberToClear
+ );
+
+DWORD
+STDCALL
+RtlCompactHeap (
+ HANDLE hheap,
+ DWORD flags
+ );
+
+LONG
+STDCALL
+RtlCompareString (
+ PSTRING String1,
+ PSTRING String2,
+ BOOLEAN CaseInsensitive
+ );
+
+LONG
+STDCALL
+RtlCompareUnicodeString (
+ PUNICODE_STRING String1,
+ PUNICODE_STRING String2,
+ BOOLEAN BaseInsensitive
+ );
+
+NTSTATUS STDCALL
+RtlCompressBuffer(IN USHORT CompressionFormatAndEngine,
+ IN PUCHAR UncompressedBuffer,
+ IN ULONG UncompressedBufferSize,
+ OUT PUCHAR CompressedBuffer,
+ IN ULONG CompressedBufferSize,
+ IN ULONG UncompressedChunkSize,
+ OUT PULONG FinalCompressedSize,
+ IN PVOID WorkSpace);
+
+NTSTATUS STDCALL
+RtlCompressChunks(IN PUCHAR UncompressedBuffer,
+ IN ULONG UncompressedBufferSize,
+ OUT PUCHAR CompressedBuffer,
+ IN ULONG CompressedBufferSize,
+ IN OUT PCOMPRESSED_DATA_INFO CompressedDataInfo,
+ IN ULONG CompressedDataInfoLength,
+ IN PVOID WorkSpace);
+
+LARGE_INTEGER STDCALL
+RtlConvertLongToLargeInteger(IN LONG SignedInteger);
+
+NTSTATUS STDCALL
+RtlConvertSidToUnicodeString(IN OUT PUNICODE_STRING String,
+ IN PSID Sid,
+ IN BOOLEAN AllocateString);
+
+LARGE_INTEGER STDCALL
+RtlConvertUlongToLargeInteger(IN ULONG UnsignedInteger);
+
+#if 0
+VOID
+RtlCopyBytes (
+ PVOID Destination,
+ CONST VOID * Source,
+ ULONG Length
+ );
+
+VOID
+RtlCopyMemory (
+ VOID * Destination,
+ CONST VOID * Source,
+ ULONG Length
+ );
+#endif
+
+#define RtlCopyBytes RtlCopyMemory
+
+VOID STDCALL
+RtlCopyLuid(IN PLUID LuidDest,
+ IN PLUID LuidSrc);
+
+VOID STDCALL
+RtlCopyLuidAndAttributesArray(ULONG Count,
+ PLUID_AND_ATTRIBUTES Src,
+ PLUID_AND_ATTRIBUTES Dest);
+
+NTSTATUS STDCALL
+RtlCopySid(ULONG BufferLength,
+ PSID Dest,
+ PSID Src);
+
+NTSTATUS STDCALL
+RtlCopySidAndAttributesArray(ULONG Count,
+ PSID_AND_ATTRIBUTES Src,
+ ULONG SidAreaSize,
+ PSID_AND_ATTRIBUTES Dest,
+ PVOID SidArea,
+ PVOID* RemainingSidArea,
+ PULONG RemainingSidAreaSize);
+
+VOID STDCALL
+RtlCopyString(PSTRING DestinationString,
+ PSTRING SourceString);
+
+VOID STDCALL
+RtlCopyUnicodeString(PUNICODE_STRING DestinationString,
+ PUNICODE_STRING SourceString);
+
+NTSTATUS STDCALL
+RtlCreateAtomTable(IN ULONG TableSize,
+ IN OUT PRTL_ATOM_TABLE *AtomTable);
+
+HANDLE
+STDCALL
+RtlCreateHeap (
+ ULONG Flags,
+ PVOID BaseAddress,
+ ULONG SizeToReserve, // dwMaximumSize
+ ULONG SizeToCommit, // dwInitialSize
+ PVOID Unknown,
+ PRTL_HEAP_DEFINITION Definition
+ );
+
+NTSTATUS
+STDCALL
+RtlCreateRegistryKey (
+ ULONG RelativeTo,
+ PWSTR Path
+ );
+
+NTSTATUS
+STDCALL
+RtlCreateSecurityDescriptor (
+ PSECURITY_DESCRIPTOR SecurityDescriptor,
+ ULONG Revision
+ );
+
+BOOLEAN
+STDCALL
+RtlCreateUnicodeString (
+ OUT PUNICODE_STRING Destination,
+ IN PWSTR Source
+ );
+
+BOOLEAN STDCALL
+RtlCreateUnicodeStringFromAsciiz (OUT PUNICODE_STRING Destination,
+ IN PCSZ Source);
+
+NTSTATUS
+STDCALL
+RtlCustomCPToUnicodeN (
+ PRTL_NLS_DATA NlsData,
+ PWCHAR UnicodeString,
+ ULONG UnicodeSize,
+ PULONG ResultSize,
+ PCHAR CustomString,
+ ULONG CustomSize
+ );
+
+NTSTATUS STDCALL
+RtlDecompressBuffer(IN USHORT CompressionFormat,
+ OUT PUCHAR UncompressedBuffer,
+ IN ULONG UncompressedBufferSize,
+ IN PUCHAR CompressedBuffer,
+ IN ULONG CompressedBufferSize,
+ OUT PULONG FinalUncompressedSize);
+
+NTSTATUS STDCALL
+RtlDecompressChunks(OUT PUCHAR UncompressedBuffer,
+ IN ULONG UncompressedBufferSize,
+ IN PUCHAR CompressedBuffer,
+ IN ULONG CompressedBufferSize,
+ IN PUCHAR CompressedTail,
+ IN ULONG CompressedTailSize,
+ IN PCOMPRESSED_DATA_INFO CompressedDataInfo);
+
+NTSTATUS STDCALL
+RtlDecompressFragment(IN USHORT CompressionFormat,
+ OUT PUCHAR UncompressedFragment,
+ IN ULONG UncompressedFragmentSize,
+ IN PUCHAR CompressedBuffer,
+ IN ULONG CompressedBufferSize,
+ IN ULONG FragmentOffset,
+ OUT PULONG FinalUncompressedSize,
+ IN PVOID WorkSpace);
+
+NTSTATUS STDCALL
+RtlDeleteAtomFromAtomTable(IN PRTL_ATOM_TABLE AtomTable,
+ IN RTL_ATOM Atom);
+
+NTSTATUS STDCALL
+RtlDescribeChunk(IN USHORT CompressionFormat,
+ IN OUT PUCHAR *CompressedBuffer,
+ IN PUCHAR EndOfCompressedBufferPlus1,
+ OUT PUCHAR *ChunkBuffer,
+ OUT PULONG ChunkSize);
+
+NTSTATUS STDCALL
+RtlDestroyAtomTable(IN PRTL_ATOM_TABLE AtomTable);
+
+BOOL STDCALL
+RtlDestroyHeap(HANDLE hheap);
+
+NTSTATUS
+STDCALL
+RtlDowncaseUnicodeString (
+ IN OUT PUNICODE_STRING DestinationString,
+ IN PUNICODE_STRING SourceString,
+ IN BOOLEAN AllocateDestinationString
+ );
+
+NTSTATUS
+STDCALL
+RtlEmptyAtomTable (
+ IN PRTL_ATOM_TABLE AtomTable,
+ IN BOOLEAN DeletePinned
+ );
+
+LARGE_INTEGER
+STDCALL
+RtlEnlargedIntegerMultiply (
+ LONG Multiplicand,
+ LONG Multiplier
+ );
+
+ULONG
+STDCALL
+RtlEnlargedUnsignedDivide (
+ ULARGE_INTEGER Dividend,
+ ULONG Divisor,
+ PULONG Remainder
+ );
+
+LARGE_INTEGER
+STDCALL
+RtlEnlargedUnsignedMultiply (
+ ULONG Multiplicand,
+ ULONG Multiplier
+ );
+
+BOOLEAN
+STDCALL
+RtlEqualString (
+ PSTRING String1,
+ PSTRING String2,
+ BOOLEAN CaseInSensitive
+ );
+
+LARGE_INTEGER
+STDCALL
+RtlExtendedIntegerMultiply (
+ LARGE_INTEGER Multiplicand,
+ LONG Multiplier
+ );
+
+LARGE_INTEGER
+STDCALL
+RtlExtendedLargeIntegerDivide (
+ LARGE_INTEGER Dividend,
+ ULONG Divisor,
+ PULONG Remainder
+ );
+
+LARGE_INTEGER
+STDCALL
+RtlExtendedMagicDivide (
+ LARGE_INTEGER Dividend,
+ LARGE_INTEGER MagicDivisor,
+ CCHAR ShiftCount
+ );
+
+VOID
+STDCALL
+RtlFillMemoryUlong (
+ PVOID Destination,
+ ULONG Length,
+ ULONG Fill
+ );
+
+ULONG
+STDCALL
+RtlFindClearBits (
+ PRTL_BITMAP BitMapHeader,
+ ULONG NumberToFind,
+ ULONG HintIndex
+ );
+
+ULONG
+STDCALL
+RtlFindClearBitsAndSet (
+ PRTL_BITMAP BitMapHeader,
+ ULONG NumberToFind,
+ ULONG HintIndex
+ );
+
+ULONG
+STDCALL
+RtlFindFirstRunClear (
+ PRTL_BITMAP BitMapHeader,
+ PULONG StartingIndex
+ );
+
+ULONG
+STDCALL
+RtlFindFirstRunSet (
+ PRTL_BITMAP BitMapHeader,
+ PULONG StartingIndex
+ );
+
+ULONG
+STDCALL
+RtlFindLongestRunClear (
+ PRTL_BITMAP BitMapHeader,
+ PULONG StartingIndex
+ );
+
+ULONG
+STDCALL
+RtlFindLongestRunSet (
+ PRTL_BITMAP BitMapHeader,
+ PULONG StartingIndex
+ );
+
+NTSTATUS
+STDCALL
+RtlFindMessage (
+ IN PVOID BaseAddress,
+ IN ULONG Type,
+ IN ULONG Language,
+ IN ULONG MessageId,
+ OUT PRTL_MESSAGE_RESOURCE_ENTRY *MessageResourceEntry
+ );
+
+ULONG
+STDCALL
+RtlFindSetBits (
+ PRTL_BITMAP BitMapHeader,
+ ULONG NumberToFind,
+ ULONG HintIndex
+ );
+
+ULONG
+STDCALL
+RtlFindSetBitsAndClear (
+ PRTL_BITMAP BitMapHeader,
+ ULONG NumberToFind,
+ ULONG HintIndex
+ );
+
+NTSTATUS
+STDCALL
+RtlFormatCurrentUserKeyPath (
+ IN OUT PUNICODE_STRING KeyPath
+ );
+
+VOID
+STDCALL
+RtlFreeAnsiString (
+ PANSI_STRING AnsiString
+ );
+
+BOOLEAN
+STDCALL
+RtlFreeHeap (
+ HANDLE Heap,
+ ULONG Flags,
+ PVOID Address
+ );
+
+VOID
+STDCALL
+RtlFreeOemString (
+ POEM_STRING OemString
+ );
+
+VOID
+STDCALL
+RtlFreeUnicodeString (
+ PUNICODE_STRING UnicodeString
+ );
+
+VOID STDCALL
+RtlGenerate8dot3Name(IN PUNICODE_STRING Name,
+ IN BOOLEAN AllowExtendedCharacters,
+ IN OUT PGENERATE_NAME_CONTEXT Context,
+ OUT PUNICODE_STRING Name8dot3);
+
+NTSTATUS STDCALL
+RtlGetCompressionWorkSpaceSize(IN USHORT CompressionFormatAndEngine,
+ OUT PULONG CompressBufferAndWorkSpaceSize,
+ OUT PULONG CompressFragmentWorkSpaceSize);
+
+VOID
+STDCALL
+RtlGetDefaultCodePage (
+ PUSHORT AnsiCodePage,
+ PUSHORT OemCodePage
+ );
+
+PVOID
+STDCALL
+RtlImageDirectoryEntryToData (
+ PVOID BaseAddress,
+ BOOLEAN bFlag,
+ ULONG Directory,
+ PULONG Size
+ );
+
+PIMAGE_NT_HEADERS
+STDCALL
+RtlImageNtHeader (
+ PVOID BaseAddress
+ );
+
+PIMAGE_SECTION_HEADER
+STDCALL
+RtlImageRvaToSection (
+ PIMAGE_NT_HEADERS NtHeader,
+ PVOID BaseAddress,
+ ULONG Rva
+ );
+
+ULONG
+STDCALL
+RtlImageRvaToVa (
+ PIMAGE_NT_HEADERS NtHeader,
+ PVOID BaseAddress,
+ ULONG Rva,
+ PIMAGE_SECTION_HEADER *SectionHeader
+ );
+
+VOID
+STDCALL
+RtlInitAnsiString (
+ PANSI_STRING DestinationString,
+ PCSZ SourceString
+ );
+
+VOID
+STDCALL
+RtlInitString (
+ PSTRING DestinationString,
+ PCSZ SourceString
+ );
+
+VOID
+STDCALL
+RtlInitUnicodeString (
+ PUNICODE_STRING DestinationString,
+ PCWSTR SourceString
+ );
+
+VOID
+STDCALL
+RtlInitializeBitMap (
+ IN OUT PRTL_BITMAP BitMapHeader,
+ IN PULONG BitMapBuffer,
+ IN ULONG SizeOfBitMap
+ );
+
+NTSTATUS
+STDCALL
+RtlInitializeContext (
+ IN HANDLE ProcessHandle,
+ IN PCONTEXT Context,
+ IN PVOID Parameter,
+ IN PTHREAD_START_ROUTINE StartAddress,
+ IN OUT PINITIAL_TEB InitialTeb
+ );
+
+VOID
+STDCALL
+RtlInitializeGenericTable (
+ IN OUT PRTL_GENERIC_TABLE Table,
+ IN PVOID CompareRoutine,
+ IN PVOID AllocateRoutine,
+ IN PVOID FreeRoutine,
+ IN ULONG UserParameter
+ );
+
+PVOID
+STDCALL
+RtlInsertElementGenericTable (
+ IN OUT PRTL_GENERIC_TABLE Table,
+ IN PVOID Element,
+ IN ULONG ElementSize,
+ IN ULONG Unknown4
+ );
+
+NTSTATUS
+STDCALL
+RtlIntegerToChar (
+ IN ULONG Value,
+ IN ULONG Base,
+ IN ULONG Length,
+ IN OUT PCHAR String
+ );
+
+NTSTATUS
+STDCALL
+RtlIntegerToUnicodeString (
+ IN ULONG Value,
+ IN ULONG Base,
+ IN OUT PUNICODE_STRING String
+ );
+
+BOOLEAN
+STDCALL
+RtlIsGenericTableEmpty (
+ IN PRTL_GENERIC_TABLE Table
+ );
+
+BOOLEAN STDCALL
+RtlIsNameLegalDOS8Dot3(IN PUNICODE_STRING UnicodeName,
+ IN PANSI_STRING AnsiName,
+ OUT PBOOLEAN SpacesFound);
+
+LARGE_INTEGER
+STDCALL
+RtlLargeIntegerAdd (
+ LARGE_INTEGER Addend1,
+ LARGE_INTEGER Addend2
+ );
+
+/*
+ * VOID
+ * RtlLargeIntegerAnd (
+ * PLARGE_INTEGER Result,
+ * LARGE_INTEGER Source,
+ * LARGE_INTEGER Mask
+ * );
+ */
+#define RtlLargeIntegerAnd(Result, Source, Mask) \
+{ \
+ Result.HighPart = Source.HighPart & Mask.HighPart; \
+ Result.LowPart = Source.LowPart & Mask.LowPart; \
+}
+
+LARGE_INTEGER
+STDCALL
+RtlLargeIntegerArithmeticShift (
+ LARGE_INTEGER LargeInteger,
+ CCHAR ShiftCount
+ );
+
+LARGE_INTEGER
+STDCALL
+RtlLargeIntegerDivide (
+ LARGE_INTEGER Dividend,
+ LARGE_INTEGER Divisor,
+ PLARGE_INTEGER Remainder
+ );
+
+/*
+ * BOOLEAN
+ * RtlLargeIntegerEqualTo (
+ * LARGE_INTEGER Operand1,
+ * LARGE_INTEGER Operand2
+ * );
+ */
+#define RtlLargeIntegerEqualTo(X,Y) \
+ (!(((X).LowPart ^ (Y).LowPart) | ((X).HighPart ^ (Y).HighPart)))
+
+/*
+ * BOOLEAN
+ * RtlLargeIntegerEqualToZero (
+ * LARGE_INTEGER Operand
+ * );
+ */
+#define RtlLargeIntegerEqualToZero(X) \
+ (!((X).LowPart | (X).HighPart))
+
+/*
+ * BOOLEAN
+ * RtlLargeIntegerGreaterThan (
+ * LARGE_INTEGER Operand1,
+ * LARGE_INTEGER Operand2
+ * );
+ */
+#define RtlLargeIntegerGreaterThan(X,Y) \
+ ((((X).HighPart == (Y).HighPart) && ((X).LowPart > (Y).LowPart)) || \
+ ((X).HighPart > (Y).HighPart))
+
+/*
+ * BOOLEAN
+ * RtlLargeIntegerGreaterThanOrEqualTo (
+ * LARGE_INTEGER Operand1,
+ * LARGE_INTEGER Operand2
+ * );
+ */
+#define RtlLargeIntegerGreaterThanOrEqualTo(X,Y) \
+ ((((X).HighPart == (Y).HighPart) && ((X).LowPart >= (Y).LowPart)) || \
+ ((X).HighPart > (Y).HighPart))
+
+/*
+ * BOOLEAN
+ * RtlLargeIntegerGreaterThanOrEqualToZero (
+ * LARGE_INTEGER Operand1
+ * );
+ */
+#define RtlLargeIntegerGreaterOrEqualToZero(X) \
+ ((X).HighPart >= 0)
+
+/*
+ * BOOLEAN
+ * RtlLargeIntegerGreaterThanZero (
+ * LARGE_INTEGER Operand1
+ * );
+ */
+#define RtlLargeIntegerGreaterThanZero(X) \
+ ((((X).HighPart == 0) && ((X).LowPart > 0)) || \
+ ((X).HighPart > 0 ))
+
+/*
+ * BOOLEAN
+ * RtlLargeIntegerLessThan (
+ * LARGE_INTEGER Operand1,
+ * LARGE_INTEGER Operand2
+ * );
+ */
+#define RtlLargeIntegerLessThan(X,Y) \
+ ((((X).HighPart == (Y).HighPart) && ((X).LowPart < (Y).LowPart)) || \
+ ((X).HighPart < (Y).HighPart))
+
+/*
+ * BOOLEAN
+ * RtlLargeIntegerLessThanOrEqualTo (
+ * LARGE_INTEGER Operand1,
+ * LARGE_INTEGER Operand2
+ * );
+ */
+#define RtlLargeIntegerLessThanOrEqualTo(X,Y) \
+ ((((X).HighPart == (Y).HighPart) && ((X).LowPart <= (Y).LowPart)) || \
+ ((X).HighPart < (Y).HighPart))
+
+/*
+ * BOOLEAN
+ * RtlLargeIntegerLessThanOrEqualToZero (
+ * LARGE_INTEGER Operand
+ * );
+ */
+#define RtlLargeIntegerLessOrEqualToZero(X) \
+ (((X).HighPart < 0) || !((X).LowPart | (X).HighPart))
+
+/*
+ * BOOLEAN
+ * RtlLargeIntegerLessThanZero (
+ * LARGE_INTEGER Operand
+ * );
+ */
+#define RtlLargeIntegerLessThanZero(X) \
+ (((X).HighPart < 0))
+
+LARGE_INTEGER
+STDCALL
+RtlLargeIntegerNegate (
+ LARGE_INTEGER Subtrahend
+ );
+
+/*
+ * BOOLEAN
+ * RtlLargeIntegerNotEqualTo (
+ * LARGE_INTEGER Operand1,
+ * LARGE_INTEGER Operand2
+ * );
+ */
+#define RtlLargeIntegerNotEqualTo(X,Y) \
+ ((((X).LowPart ^ (Y).LowPart) | ((X).HighPart ^ (Y).HighPart)))
+
+/*
+ * BOOLEAN
+ * RtlLargeIntegerNotEqualToZero (
+ * LARGE_INTEGER Operand
+ * );
+ */
+#define RtlLargeIntegerNotEqualToZero(X) \
+ (((X).LowPart | (X).HighPart))
+
+LARGE_INTEGER
+STDCALL
+RtlLargeIntegerShiftLeft (
+ LARGE_INTEGER LargeInteger,
+ CCHAR ShiftCount
+ );
+
+LARGE_INTEGER
+STDCALL
+RtlLargeIntegerShiftRight (
+ LARGE_INTEGER LargeInteger,
+ CCHAR ShiftCount
+ );
+
+LARGE_INTEGER
+STDCALL
+RtlLargeIntegerSubtract (
+ LARGE_INTEGER Minuend,
+ LARGE_INTEGER Subtrahend
+ );
+
+ULONG
+STDCALL
+RtlLengthSecurityDescriptor (
+ PSECURITY_DESCRIPTOR SecurityDescriptor
+ );
+
+BOOL
+STDCALL
+RtlLockHeap (
+ HANDLE hheap
+ );
+
+NTSTATUS
+STDCALL
+RtlLookupAtomInAtomTable (
+ IN PRTL_ATOM_TABLE AtomTable,
+ IN PWSTR AtomName,
+ OUT PRTL_ATOM Atom
+ );
+
+NTSTATUS
+STDCALL
+RtlMultiByteToUnicodeN (
+ PWCHAR UnicodeString,
+ ULONG UnicodeSize,
+ PULONG ResultSize,
+ PCHAR MbString,
+ ULONG MbSize
+ );
+
+NTSTATUS
+STDCALL
+RtlMultiByteToUnicodeSize (
+ PULONG UnicodeSize,
+ PCHAR MbString,
+ ULONG MbSize
+ );
+
+DWORD
+STDCALL
+RtlNtStatusToDosError (
+ NTSTATUS StatusCode
+ );
+
+DWORD
+STDCALL
+RtlNtStatusToDosErrorNoTeb (
+ NTSTATUS StatusCode
+ );
+
+int
+STDCALL
+RtlNtStatusToPsxErrno (
+ NTSTATUS StatusCode
+ );
+
+ULONG
+STDCALL
+RtlNumberGenericTableElements (
+ IN PRTL_GENERIC_TABLE Table
+ );
+
+ULONG
+STDCALL
+RtlNumberOfClearBits (
+ PRTL_BITMAP BitMapHeader
+ );
+
+ULONG
+STDCALL
+RtlNumberOfSetBits (
+ PRTL_BITMAP BitMapHeader
+ );
+
+ULONG
+STDCALL
+RtlOemStringToUnicodeSize (
+ POEM_STRING AnsiString
+ );
+
+NTSTATUS
+STDCALL
+RtlOemStringToUnicodeString (
+ PUNICODE_STRING DestinationString,
+ POEM_STRING SourceString,
+ BOOLEAN AllocateDestinationString
+ );
+
+NTSTATUS
+STDCALL
+RtlOemToUnicodeN (
+ PWCHAR UnicodeString,
+ ULONG UnicodeSize,
+ PULONG ResultSize,
+ PCHAR OemString,
+ ULONG OemSize
+ );
+
+NTSTATUS STDCALL
+RtlPinAtomInAtomTable (
+ IN PRTL_ATOM_TABLE AtomTable,
+ IN RTL_ATOM Atom
+ );
+
+BOOLEAN
+STDCALL
+RtlPrefixString (
+ PANSI_STRING String1,
+ PANSI_STRING String2,
+ BOOLEAN CaseInsensitive
+ );
+
+BOOLEAN
+STDCALL
+RtlPrefixUnicodeString (
+ PUNICODE_STRING String1,
+ PUNICODE_STRING String2,
+ BOOLEAN CaseInsensitive
+ );
+
+NTSTATUS
+STDCALL
+RtlQueryAtomInAtomTable (
+ IN PRTL_ATOM_TABLE AtomTable,
+ IN RTL_ATOM Atom,
+ IN OUT PULONG RefCount OPTIONAL,
+ IN OUT PULONG PinCount OPTIONAL,
+ IN OUT PWSTR AtomName OPTIONAL,
+ IN OUT PULONG NameLength OPTIONAL
+ );
+
+NTSTATUS
+STDCALL
+RtlQueryTimeZoneInformation (
+ IN OUT PTIME_ZONE_INFORMATION TimeZoneInformation
+ );
+
+VOID
+STDCALL
+RtlRaiseException (
+ IN PEXCEPTION_RECORD ExceptionRecord
+ );
+
+LPVOID
+STDCALL
+RtlReAllocateHeap (
+ HANDLE hheap,
+ DWORD flags,
+ LPVOID ptr,
+ DWORD size
+ );
+
+NTSTATUS STDCALL
+RtlReserveChunk(IN USHORT CompressionFormat,
+ IN OUT PUCHAR *CompressedBuffer,
+ IN PUCHAR EndOfCompressedBufferPlus1,
+ OUT PUCHAR *ChunkBuffer,
+ IN ULONG ChunkSize);
+
+/*
+ * VOID
+ * RtlRetrieveUlong (
+ * PULONG DestinationAddress,
+ * PULONG SourceAddress
+ * );
+ */
+#define RtlRetrieveUlong(DestAddress,SrcAddress) \
+ if ((ULONG)(SrcAddress) & LONG_MASK) \
+ { \
+ ((PUCHAR)(DestAddress))[0]=((PUCHAR)(SrcAddress))[0]; \
+ ((PUCHAR)(DestAddress))[1]=((PUCHAR)(SrcAddress))[1]; \
+ ((PUCHAR)(DestAddress))[2]=((PUCHAR)(SrcAddress))[2]; \
+ ((PUCHAR)(DestAddress))[3]=((PUCHAR)(SrcAddress))[3]; \
+ } \
+ else \
+ { \
+ *((PULONG)(DestAddress))=*((PULONG)(SrcAddress)); \
+ }
+
+/*
+ * VOID
+ * RtlRetrieveUshort (
+ * PUSHORT DestinationAddress,
+ * PUSHORT SourceAddress
+ * );
+ */
+#define RtlRetrieveUshort(DestAddress,SrcAddress) \
+ if ((ULONG)(SrcAddress) & SHORT_MASK) \
+ { \
+ ((PUCHAR)(DestAddress))[0]=((PUCHAR)(SrcAddress))[0]; \
+ ((PUCHAR)(DestAddress))[1]=((PUCHAR)(SrcAddress))[1]; \
+ } \
+ else \
+ { \
+ *((PUSHORT)(DestAddress))=*((PUSHORT)(SrcAddress)); \
+ }
+
+VOID
+STDCALL
+RtlSecondsSince1970ToTime (
+ ULONG SecondsSince1970,
+ PLARGE_INTEGER Time
+ );
+
+VOID
+STDCALL
+RtlSecondsSince1980ToTime (
+ ULONG SecondsSince1980,
+ PLARGE_INTEGER Time
+ );
+
+VOID
+STDCALL
+RtlSetAllBits (
+ IN PRTL_BITMAP BitMapHeader
+ );
+
+VOID
+STDCALL
+RtlSetBits (
+ PRTL_BITMAP BitMapHeader,
+ ULONG StartingIndex,
+ ULONG NumberToSet
+ );
+
+NTSTATUS
+STDCALL
+RtlSetDaclSecurityDescriptor (
+ PSECURITY_DESCRIPTOR SecurityDescriptor,
+ BOOLEAN DaclPresent,
+ PACL Dacl,
+ BOOLEAN DaclDefaulted
+ );
+
+NTSTATUS
+STDCALL
+RtlSetTimeZoneInformation (
+ IN OUT PTIME_ZONE_INFORMATION TimeZoneInformation
+ );
+
+DWORD
+STDCALL
+RtlSizeHeap (
+ HANDLE hheap,
+ DWORD flags,
+ PVOID pmem
+ );
+
+/*
+ * VOID
+ * RtlStoreUlong (
+ * PULONG Address,
+ * ULONG Value
+ * );
+ */
+#define RtlStoreUlong(Address,Value) \
+ if ((ULONG)(Address) & LONG_MASK) \
+ { \
+ ((PUCHAR)(Address))[LONG_LEAST_SIGNIFICANT_BIT]=(UCHAR)(FIRSTBYTE(Value)); \
+ ((PUCHAR)(Address))[LONG_3RD_MOST_SIGNIFICANT_BIT]=(UCHAR)(FIRSTBYTE(Value)); \
+ ((PUCHAR)(Address))[LONG_2ND_MOST_SIGNIFICANT_BIT]=(UCHAR)(THIRDBYTE(Value)); \
+ ((PUCHAR)(Address))[LONG_MOST_SIGNIFICANT_BIT]=(UCHAR)(FOURTHBYTE(Value)); \
+ } \
+ else \
+ { \
+ *((PULONG)(Address))=(ULONG)(Value); \
+ }
+
+/*
+ * VOID
+ * RtlStoreUshort (
+ * PUSHORT Address,
+ * USHORT Value
+ * );
+ */
+#define RtlStoreUshort(Address,Value) \
+ if ((ULONG)(Address) & SHORT_MASK) \
+ { \
+ ((PUCHAR)(Address))[SHORT_LEAST_SIGNIFICANT_BIT]=(UCHAR)(FIRSTBYTE(Value)); \
+ ((PUCHAR)(Address))[SHORT_MOST_SIGNIFICANT_BIT]=(UCHAR)(SECONDBYTE(Value)); \
+ } \
+ else \
+ { \
+ *((PUSHORT)(Address))=(USHORT)(Value); \
+ }
+
+BOOLEAN
+STDCALL
+RtlTimeFieldsToTime (
+ PTIME_FIELDS TimeFields,
+ PLARGE_INTEGER Time
+ );
+
+BOOLEAN
+STDCALL
+RtlTimeToSecondsSince1970 (
+ PLARGE_INTEGER Time,
+ PULONG SecondsSince1970
+ );
+
+BOOLEAN
+STDCALL
+RtlTimeToSecondsSince1980 (
+ PLARGE_INTEGER Time,
+ PULONG SecondsSince1980
+ );
+
+VOID
+STDCALL
+RtlTimeToTimeFields (
+ PLARGE_INTEGER Time,
+ PTIME_FIELDS TimeFields
+ );
+
+ULONG
+STDCALL
+RtlUnicodeStringToAnsiSize (
+ IN PUNICODE_STRING UnicodeString
+ );
+
+NTSTATUS
+STDCALL
+RtlUnicodeStringToAnsiString (
+ IN OUT PANSI_STRING DestinationString,
+ IN PUNICODE_STRING SourceString,
+ IN BOOLEAN AllocateDestinationString
+ );
+
+NTSTATUS
+STDCALL
+RtlUnicodeStringToInteger (
+ IN PUNICODE_STRING String,
+ IN ULONG Base,
+ OUT PULONG Value
+ );
+
+ULONG
+STDCALL
+RtlUnicodeStringToOemSize (
+ IN PUNICODE_STRING UnicodeString
+ );
+
+NTSTATUS
+STDCALL
+RtlUnicodeStringToCountedOemString (
+ IN OUT POEM_STRING DestinationString,
+ IN PUNICODE_STRING SourceString,
+ IN BOOLEAN AllocateDestinationString
+ );
+
+NTSTATUS
+STDCALL
+RtlUnicodeStringToOemString (
+ IN OUT POEM_STRING DestinationString,
+ IN PUNICODE_STRING SourceString,
+ IN BOOLEAN AllocateDestinationString
+ );
+
+NTSTATUS
+STDCALL
+RtlUnicodeToCustomCPN (
+ PRTL_NLS_DATA NlsData,
+ PCHAR MbString,
+ ULONG MbSize,
+ PULONG ResultSize,
+ PWCHAR UnicodeString,
+ ULONG UnicodeSize
+ );
+
+NTSTATUS
+STDCALL
+RtlUnicodeToMultiByteN (
+ PCHAR MbString,
+ ULONG MbSize,
+ PULONG ResultSize,
+ PWCHAR UnicodeString,
+ ULONG UnicodeSize
+ );
+
+NTSTATUS
+STDCALL
+RtlUnicodeToMultiByteSize (
+ PULONG MbSize,
+ PWCHAR UnicodeString,
+ ULONG UnicodeSize
+ );
+
+NTSTATUS
+STDCALL
+RtlUnicodeToOemN (
+ PCHAR OemString,
+ ULONG OemSize,
+ PULONG ResultSize,
+ PWCHAR UnicodeString,
+ ULONG UnicodeSize
+ );
+
+BOOL
+STDCALL
+RtlUnlockHeap (
+ HANDLE hheap
+ );
+
+VOID
+STDCALL
+RtlUnwind (
+ PEXCEPTION_REGISTRATION RegistrationFrame,
+ PVOID ReturnAddress,
+ PEXCEPTION_RECORD ExceptionRecord,
+ DWORD EaxValue
+ );
+
+WCHAR
+STDCALL
+RtlUpcaseUnicodeChar (
+ WCHAR Source
+ );
+
+NTSTATUS
+STDCALL
+RtlUpcaseUnicodeString (
+ IN OUT PUNICODE_STRING DestinationString,
+ IN PUNICODE_STRING SourceString,
+ IN BOOLEAN AllocateDestinationString
+ );
+
+NTSTATUS
+STDCALL
+RtlUpcaseUnicodeStringToAnsiString (
+ IN OUT PANSI_STRING DestinationString,
+ IN PUNICODE_STRING SourceString,
+ IN BOOLEAN AllocateDestinationString
+ );
+
+NTSTATUS
+STDCALL
+RtlUpcaseUnicodeStringToCountedOemString (
+ IN OUT POEM_STRING DestinationString,
+ IN PUNICODE_STRING SourceString,
+ IN BOOLEAN AllocateDestinationString
+ );
+
+NTSTATUS
+STDCALL
+RtlUpcaseUnicodeStringToOemString (
+ IN OUT POEM_STRING DestinationString,
+ IN PUNICODE_STRING SourceString,
+ IN BOOLEAN AllocateDestinationString
+ );
+
+NTSTATUS
+STDCALL
+RtlUpcaseUnicodeToCustomCPN (
+ PRTL_NLS_DATA NlsData,
+ PCHAR MbString,
+ ULONG MbSize,
+ PULONG ResultSize,
+ PWCHAR UnicodeString,
+ ULONG UnicodeSize
+ );
+
+NTSTATUS
+STDCALL
+RtlUpcaseUnicodeToMultiByteN (
+ PCHAR MbString,
+ ULONG MbSize,
+ PULONG ResultSize,
+ PWCHAR UnicodeString,
+ ULONG UnicodeSize
+ );
+
+NTSTATUS
+STDCALL
+RtlUpcaseUnicodeToOemN (
+ PCHAR OemString,
+ ULONG OemSize,
+ PULONG ResultSize,
+ PWCHAR UnicodeString,
+ ULONG UnicodeSize
+ );
+
+CHAR
+STDCALL
+RtlUpperChar (
+ CHAR Source
+ );
+
+VOID
+STDCALL
+RtlUpperString (
+ PSTRING DestinationString,
+ PSTRING SourceString
+ );
+
+BOOL
+STDCALL
+RtlValidateHeap (
+ HANDLE hheap,
+ DWORD flags,
+ PVOID pmem
+ );
+
+BOOLEAN
+STDCALL
+RtlValidSecurityDescriptor (
+ PSECURITY_DESCRIPTOR SecurityDescriptor
+ );
+
+BOOLEAN STDCALL
+RtlValidSid(IN PSID Sid);
+
+ULONG
+STDCALL
+RtlxAnsiStringToUnicodeSize (
+ IN PANSI_STRING AnsiString
+ );
+
+ULONG
+STDCALL
+RtlxOemStringToUnicodeSize (
+ IN POEM_STRING OemString
+ );
+
+ULONG
+STDCALL
+RtlxUnicodeStringToAnsiSize (
+ IN PUNICODE_STRING UnicodeString
+ );
+
+ULONG
+STDCALL
+RtlxUnicodeStringToOemSize (
+ IN PUNICODE_STRING UnicodeString
+ );
+
+
+/* Register io functions */
+
+UCHAR
+STDCALL
+READ_REGISTER_UCHAR (
+ PUCHAR Register
+ );
+
+USHORT
+STDCALL
+READ_REGISTER_USHORT (
+ PUSHORT Register
+ );
+
+ULONG
+STDCALL
+READ_REGISTER_ULONG (
+ PULONG Register
+ );
+
+VOID
+STDCALL
+READ_REGISTER_BUFFER_UCHAR (
+ PUCHAR Register,
+ PUCHAR Buffer,
+ ULONG Count
+ );
+
+VOID
+STDCALL
+READ_REGISTER_BUFFER_USHORT (
+ PUSHORT Register,
+ PUSHORT Buffer,
+ ULONG Count
+ );
+
+VOID
+STDCALL
+READ_REGISTER_BUFFER_ULONG (
+ PULONG Register,
+ PULONG Buffer,
+ ULONG Count
+ );
+
+VOID
+STDCALL
+WRITE_REGISTER_UCHAR (
+ PUCHAR Register,
+ UCHAR Value
+ );
+
+VOID
+STDCALL
+WRITE_REGISTER_USHORT (
+ PUSHORT Register,
+ USHORT Value
+ );
+
+VOID
+STDCALL
+WRITE_REGISTER_ULONG (
+ PULONG Register,
+ ULONG Value
+ );
+
+VOID
+STDCALL
+WRITE_REGISTER_BUFFER_UCHAR (
+ PUCHAR Register,
+ PUCHAR Buffer,
+ ULONG Count
+ );
+
+VOID
+STDCALL
+WRITE_REGISTER_BUFFER_USHORT (
+ PUSHORT Register,
+ PUSHORT Buffer,
+ ULONG Count
+ );
+
+VOID
+STDCALL
+WRITE_REGISTER_BUFFER_ULONG (
+ PULONG Register,
+ PULONG Buffer,
+ ULONG Count
+ );
+
+
+NTSTATUS STDCALL RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision);
+NTSTATUS STDCALL RtlQueryInformationAcl (PACL Acl, PVOID Information, ULONG InformationLength, ACL_INFORMATION_CLASS InformationClass);
+NTSTATUS STDCALL RtlSetInformationAcl (PACL Acl, PVOID Information, ULONG InformationLength, ACL_INFORMATION_CLASS InformationClass);
+BOOLEAN STDCALL RtlValidAcl (PACL Acl);
+
+NTSTATUS STDCALL RtlAddAccessAllowedAce(PACL Acl, ULONG Revision, ACCESS_MASK AccessMask, PSID Sid);
+NTSTATUS STDCALL RtlAddAccessDeniedAce(PACL Acl, ULONG Revision, ACCESS_MASK AccessMask, PSID Sid);
+NTSTATUS STDCALL RtlAddAce(PACL Acl, ULONG Revision, ULONG StartingIndex, PACE AceList, ULONG AceListLength);
+NTSTATUS STDCALL RtlAddAuditAccessAce (PACL Acl, ULONG Revision, ACCESS_MASK AccessMask, PSID Sid, BOOLEAN Success, BOOLEAN Failure);
+NTSTATUS STDCALL RtlDeleteAce(PACL Acl, ULONG AceIndex);
+BOOLEAN STDCALL RtlFirstFreeAce(PACL Acl, PACE* Ace);
+NTSTATUS STDCALL RtlGetAce(PACL Acl, ULONG AceIndex, PACE *Ace);
+
+NTSTATUS STDCALL RtlAbsoluteToSelfRelativeSD (PSECURITY_DESCRIPTOR AbsSD, PSECURITY_DESCRIPTOR RelSD, PULONG BufferLength);
+NTSTATUS STDCALL RtlMakeSelfRelativeSD (PSECURITY_DESCRIPTOR AbsSD, PSECURITY_DESCRIPTOR RelSD, PULONG BufferLength);
+NTSTATUS STDCALL RtlCreateSecurityDescriptor (PSECURITY_DESCRIPTOR SecurityDescriptor, ULONG Revision);
+BOOLEAN STDCALL RtlValidSecurityDescriptor (PSECURITY_DESCRIPTOR SecurityDescriptor);
+ULONG STDCALL RtlLengthSecurityDescriptor (PSECURITY_DESCRIPTOR SecurityDescriptor);
+NTSTATUS STDCALL RtlSetDaclSecurityDescriptor (PSECURITY_DESCRIPTOR SecurityDescriptor, BOOLEAN DaclPresent, PACL Dacl, BOOLEAN DaclDefaulted);
+NTSTATUS STDCALL RtlGetDaclSecurityDescriptor (PSECURITY_DESCRIPTOR SecurityDescriptor, PBOOLEAN DaclPresent, PACL* Dacl, PBOOLEAN DaclDefauted);
+NTSTATUS STDCALL RtlSetOwnerSecurityDescriptor (PSECURITY_DESCRIPTOR SecurityDescriptor, PSID Owner, BOOLEAN OwnerDefaulted);
+NTSTATUS STDCALL RtlGetOwnerSecurityDescriptor (PSECURITY_DESCRIPTOR SecurityDescriptor, PSID* Owner, PBOOLEAN OwnerDefaulted);
+NTSTATUS STDCALL RtlSetGroupSecurityDescriptor (PSECURITY_DESCRIPTOR SecurityDescriptor, PSID Group, BOOLEAN GroupDefaulted);
+NTSTATUS STDCALL RtlGetGroupSecurityDescriptor (PSECURITY_DESCRIPTOR SecurityDescriptor, PSID* Group, PBOOLEAN GroupDefaulted);
+NTSTATUS STDCALL RtlGetControlSecurityDescriptor (PSECURITY_DESCRIPTOR SecurityDescriptor, PSECURITY_DESCRIPTOR_CONTROL Control, PULONG Revision);
+NTSTATUS STDCALL RtlSetSaclSecurityDescriptor (PSECURITY_DESCRIPTOR SecurityDescriptor, BOOLEAN SaclPresent, PACL Sacl, BOOLEAN SaclDefaulted);
+NTSTATUS STDCALL RtlGetSaclSecurityDescriptor (PSECURITY_DESCRIPTOR SecurityDescriptor, PBOOLEAN SaclPresent, PACL* Sacl, PBOOLEAN SaclDefauted);
+NTSTATUS STDCALL RtlSelfRelativeToAbsoluteSD (PSECURITY_DESCRIPTOR RelSD,
+ PSECURITY_DESCRIPTOR AbsSD,
+ PDWORD AbsSDSize,
+ PACL Dacl,
+ PDWORD DaclSize,
+ PACL Sacl,
+ PDWORD SaclSize,
+ PSID Owner,
+ PDWORD OwnerSize,
+ PSID Group,
+ PDWORD GroupSize);
+
+NTSTATUS STDCALL RtlAllocateAndInitializeSid (PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
+ UCHAR SubAuthorityCount,
+ ULONG SubAuthority0,
+ ULONG SubAuthority1,
+ ULONG SubAuthority2,
+ ULONG SubAuthority3,
+ ULONG SubAuthority4,
+ ULONG SubAuthority5,
+ ULONG SubAuthority6,
+ ULONG SubAuthority7,
+ PSID *Sid);
+ULONG STDCALL RtlLengthRequiredSid (UCHAR SubAuthorityCount);
+PSID_IDENTIFIER_AUTHORITY STDCALL RtlIdentifierAuthoritySid (PSID Sid);
+NTSTATUS STDCALL RtlInitializeSid (PSID Sid, PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, UCHAR SubAuthorityCount);
+PULONG STDCALL RtlSubAuthoritySid (PSID Sid, ULONG SubAuthority);
+BOOLEAN STDCALL RtlEqualPrefixSid (PSID Sid1, PSID Sid2);
+BOOLEAN STDCALL RtlEqualSid(PSID Sid1, PSID Sid2);
+PSID STDCALL RtlFreeSid (PSID Sid);
+ULONG STDCALL RtlLengthSid (PSID Sid);
+PULONG STDCALL RtlSubAuthoritySid (PSID Sid, ULONG SubAuthority);
+PUCHAR STDCALL RtlSubAuthorityCountSid (PSID Sid);
+BOOLEAN STDCALL RtlValidSid (PSID Sid);
+NTSTATUS STDCALL RtlConvertSidToUnicodeString (PUNICODE_STRING String, PSID Sid, BOOLEAN AllocateBuffer);
+
+BOOLEAN STDCALL RtlAreAllAccessesGranted (ACCESS_MASK GrantedAccess, ACCESS_MASK DesiredAccess);
+BOOLEAN STDCALL RtlAreAnyAccessesGranted (ACCESS_MASK GrantedAccess, ACCESS_MASK DesiredAccess);
+VOID STDCALL RtlMapGenericMask (PACCESS_MASK AccessMask, PGENERIC_MAPPING GenericMapping);
+
+
+/* functions exported from NTOSKRNL.EXE which are considered RTL */
+
+#if defined(__NTOSKRNL__) || defined(__NTDRIVER__) || defined(__NTHAL__) || defined(__NTDLL__) || defined(__NTAPP__)
+
+char *_itoa (int value, char *string, int radix);
+int _snprintf(char * buf, size_t cnt, const char *fmt, ...);
+int _snwprintf(wchar_t *buf, size_t cnt, const wchar_t *fmt, ...);
+int _stricmp(const char *s1, const char *s2);
+char * _strlwr(char *x);
+int _strnicmp(const char *s1, const char *s2, size_t n);
+char * _strnset(char* szToFill, int szFill, size_t sizeMaxFill);
+char * _strrev(char *s);
+char * _strset(char* szToFill, int szFill);
+char * _strupr(char *x);
+int _vsnprintf(char *buf, size_t cnt, const char *fmt, va_list args);
+int _wcsicmp (const wchar_t* cs, const wchar_t* ct);
+wchar_t * _wcslwr (wchar_t *x);
+int _wcsnicmp (const wchar_t * cs,const wchar_t * ct,size_t count);
+wchar_t* _wcsnset (wchar_t* wsToFill, wchar_t wcFill, size_t sizeMaxFill);
+wchar_t * _wcsrev(wchar_t *s);
+wchar_t *_wcsupr(wchar_t *x);
+
+int atoi(const char *str);
+long atol(const char *str);
+int isdigit(int c);
+int islower(int c);
+int isprint(int c);
+int isspace(int c);
+int isupper(int c);
+int isxdigit(int c);
+size_t mbstowcs (wchar_t *wcstr, const char *mbstr, size_t count);
+int mbtowc (wchar_t *wchar, const char *mbchar, size_t count);
+void * memchr(const void *s, int c, size_t n);
+void * memcpy(void *to, const void *from, size_t count);
+void * memmove(void *dest,const void *src, size_t count);
+void * memset(void *src, int val, size_t count);
+
+#if 0
+qsort
+#endif
+
+int rand(void);
+int sprintf(char * buf, const char *fmt, ...);
+void srand(unsigned seed);
+char * strcat(char *s, const char *append);
+char * strchr(const char *s, int c);
+int strcmp(const char *s1, const char *s2);
+char * strcpy(char *to, const char *from);
+size_t strlen(const char *str);
+char * strncat(char *dst, const char *src, size_t n);
+int strncmp(const char *s1, const char *s2, size_t n);
+char *strncpy(char *dst, const char *src, size_t n);
+char *strrchr(const char *s, int c);
+size_t strspn(const char *s1, const char *s2);
+char *strstr(const char *s, const char *find);
+int swprintf(wchar_t *buf, const wchar_t *fmt, ...);
+int tolower(int c);
+int toupper(int c);
+wchar_t towlower(wchar_t c);
+wchar_t towupper(wchar_t c);
+int vsprintf(char *buf, const char *fmt, va_list args);
+wchar_t * wcscat(wchar_t *dest, const wchar_t *src);
+wchar_t * wcschr(const wchar_t *str, wchar_t ch);
+int wcscmp(const wchar_t *cs, const wchar_t *ct);
+wchar_t* wcscpy(wchar_t* str1, const wchar_t* str2);
+size_t wcscspn(const wchar_t *str,const wchar_t *reject);
+size_t wcslen(const wchar_t *s);
+wchar_t * wcsncat(wchar_t *dest, const wchar_t *src, size_t count);
+int wcsncmp(const wchar_t *cs, const wchar_t *ct, size_t count);
+wchar_t * wcsncpy(wchar_t *dest, const wchar_t *src, size_t count);
+wchar_t * wcsrchr(const wchar_t *str, wchar_t ch);
+size_t wcsspn(const wchar_t *str,const wchar_t *accept);
+wchar_t *wcsstr(const wchar_t *s,const wchar_t *b);
+size_t wcstombs (char *mbstr, const wchar_t *wcstr, size_t count);
+int wctomb (char *mbchar, wchar_t wchar);
+
+#endif /* __NTOSKRNL__ || __NTDRIVER__ || __NTHAL__ || __NTDLL__ || __NTAPP__ */
+
+#endif /* __DDK_RTL_H */
--- /dev/null
+\r
+/* $Id: zw.h,v 1.3 2002/11/15 21:56:37 chorns Exp $\r
+ *\r
+ * COPYRIGHT: See COPYING in the top level directory\r
+ * PROJECT: ReactOS kernel\r
+ * PURPOSE: System call definitions\r
+ * FILE: include/ddk/zw.h\r
+ * REVISION HISTORY: \r
+ * ??/??/??: First few functions (David Welch)\r
+ * ??/??/??: Complete implementation by Ariadne\r
+ * 13/07/98: Reorganised things a bit (David Welch)\r
+ * 04/08/98: Added some documentation (Ariadne)\r
+ * 14/08/98: Added type TIME and change variable type from [1] to [0]\r
+ * 14/09/98: Added for each Nt call a corresponding Zw Call\r
+ */\r
+\r
+#ifndef __DDK_ZW_H\r
+#define __DDK_ZW_H\r
+\r
+#include <ntos/security.h>\r
+#include <ntos/zwtypes.h>\r
+#include <napi/npipe.h>\r
+\r
+#define RtlGetProcessHeap() (NtCurrentPeb()->ProcessHeap)
+\r
+// semaphore information\r
+\r
+typedef enum _SEMAPHORE_INFORMATION_CLASS\r
+{\r
+ SemaphoreBasicInformation = 0\r
+} SEMAPHORE_INFORMATION_CLASS;\r
+\r
+typedef struct _SEMAPHORE_BASIC_INFORMATION\r
+{\r
+ LONG CurrentCount;\r
+ LONG MaximumCount;\r
+} SEMAPHORE_BASIC_INFORMATION, *PSEMAPHORE_BASIC_INFORMATION;\r
+\r
+// event information\r
+\r
+typedef enum _EVENT_INFORMATION_CLASS\r
+{\r
+ EventBasicInformation = 0\r
+} EVENT_INFORMATION_CLASS;\r
+\r
+typedef struct _EVENT_BASIC_INFORMATION\r
+{\r
+ EVENT_TYPE EventType;\r
+ LONG EventState;\r
+} EVENT_BASIC_INFORMATION, *PEVENT_BASIC_INFORMATION;\r
+\r
+//#define LCID ULONG\r
+//#define SECURITY_INFORMATION ULONG\r
+//typedef ULONG SECURITY_INFORMATION;\r
+\r
+/*\r
+ * FUNCTION: Adjusts the groups in an access token\r
+ * ARGUMENTS: \r
+ * TokenHandle = Specifies the access token\r
+ * ResetToDefault = If true the NewState parameter is ignored and the groups are set to\r
+ * their default state, if false the groups specified in\r
+ * NewState are set.\r
+ * NewState = \r
+ * BufferLength = Specifies the size of the buffer for the PreviousState.\r
+ * PreviousState = \r
+ * ReturnLength = Bytes written in PreviousState buffer.\r
+ * REMARKS: The arguments map to the win32 AdjustTokenGroups\r
+ * RETURNS: Status\r
+ */\r
+\r
+NTSTATUS \r
+STDCALL \r
+NtAdjustGroupsToken(\r
+ IN HANDLE TokenHandle,\r
+ IN BOOLEAN ResetToDefault,\r
+ IN PTOKEN_GROUPS NewState,\r
+ IN ULONG BufferLength,\r
+ OUT PTOKEN_GROUPS PreviousState OPTIONAL,\r
+ OUT PULONG ReturnLength\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwAdjustGroupsToken(\r
+ IN HANDLE TokenHandle,\r
+ IN BOOLEAN ResetToDefault,\r
+ IN PTOKEN_GROUPS NewState,\r
+ IN ULONG BufferLength,\r
+ OUT PTOKEN_GROUPS PreviousState,\r
+ OUT PULONG ReturnLength\r
+ );\r
+\r
+\r
+/*\r
+ * FUNCTION:\r
+ *\r
+ * ARGUMENTS:\r
+ * TokenHandle = Handle to the access token\r
+ * DisableAllPrivileges = The resulting suspend count.\r
+ NewState = \r
+ BufferLength =\r
+ PreviousState =\r
+ ReturnLength =\r
+ * REMARK:\r
+ * The arguments map to the win32 AdjustTokenPrivileges\r
+ * RETURNS: Status\r
+ */\r
+\r
+NTSTATUS \r
+STDCALL \r
+NtAdjustPrivilegesToken(\r
+ IN HANDLE TokenHandle,\r
+ IN BOOLEAN DisableAllPrivileges,\r
+ IN PTOKEN_PRIVILEGES NewState,\r
+ IN ULONG BufferLength,\r
+ OUT PTOKEN_PRIVILEGES PreviousState,\r
+ OUT PULONG ReturnLength\r
+ );\r
+\r
+NTSTATUS \r
+STDCALL \r
+ZwAdjustPrivilegesToken(\r
+ IN HANDLE TokenHandle,\r
+ IN BOOLEAN DisableAllPrivileges,\r
+ IN PTOKEN_PRIVILEGES NewState,\r
+ IN ULONG BufferLength,\r
+ OUT PTOKEN_PRIVILEGES PreviousState,\r
+ OUT PULONG ReturnLength\r
+ );\r
+\r
+\r
+/*\r
+ * FUNCTION: Decrements a thread's suspend count and places it in an alerted \r
+ * state.\r
+ * ARGUMENTS: \r
+ * ThreadHandle = Handle to the thread that should be resumed\r
+ * SuspendCount = The resulting suspend count.\r
+ * REMARK:\r
+ * A thread is resumed if its suspend count is 0\r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtAlertResumeThread(\r
+ IN HANDLE ThreadHandle,\r
+ OUT PULONG SuspendCount\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwAlertResumeThread(\r
+ IN HANDLE ThreadHandle,\r
+ OUT PULONG SuspendCount\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Puts the thread in a alerted state\r
+ * ARGUMENTS: \r
+ * ThreadHandle = Handle to the thread that should be alerted\r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtAlertThread(\r
+ IN HANDLE ThreadHandle\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwAlertThread(\r
+ IN HANDLE ThreadHandle\r
+ );\r
+\r
+\r
+/*\r
+ * FUNCTION: Allocates a locally unique id\r
+ * ARGUMENTS: \r
+ * LocallyUniqueId = Locally unique number\r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtAllocateLocallyUniqueId(\r
+ OUT LUID *LocallyUniqueId\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwAllocateLocallyUniqueId(\r
+ OUT PLUID Luid\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Allocates a block of virtual memory in the process address space\r
+ * ARGUMENTS:\r
+ * ProcessHandle = The handle of the process which owns the virtual memory\r
+ * BaseAddress = A pointer to the virtual memory allocated. If you supply a non zero\r
+ * value the system will try to allocate the memory at the address supplied. It rounds\r
+ * it down to a multiple if the page size.\r
+ * ZeroBits = (OPTIONAL) You can specify the number of high order bits that must be zero, ensuring that \r
+ * the memory will be allocated at a address below a certain value.\r
+ * RegionSize = The number of bytes to allocate\r
+ * AllocationType = Indicates the type of virtual memory you like to allocated,\r
+ * can be one of the values : MEM_COMMIT, MEM_RESERVE, MEM_RESET, MEM_TOP_DOWN\r
+ * Protect = Indicates the protection type of the pages allocated, can be a combination of\r
+ * PAGE_READONLY, PAGE_READWRITE, PAGE_EXECUTE_READ,\r
+ * PAGE_EXECUTE_READWRITE, PAGE_GUARD, PAGE_NOACCESS, PAGE_NOACCESS\r
+ * REMARKS:\r
+ * This function maps to the win32 VirtualAllocEx. Virtual memory is process based so the \r
+ * protocol starts with a ProcessHandle. I splitted the functionality of obtaining the actual address and specifying\r
+ * the start address in two parameters ( BaseAddress and StartAddress ) The NumberOfBytesAllocated specify the range\r
+ * and the AllocationType and ProctectionType map to the other two parameters.\r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtAllocateVirtualMemory (\r
+ IN HANDLE ProcessHandle,\r
+ IN OUT PVOID *BaseAddress,\r
+ IN ULONG ZeroBits,\r
+ IN OUT PULONG RegionSize,\r
+ IN ULONG AllocationType,\r
+ IN ULONG Protect\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwAllocateVirtualMemory (\r
+ IN HANDLE ProcessHandle,\r
+ IN OUT PVOID *BaseAddress,\r
+ IN ULONG ZeroBits,\r
+ IN OUT PULONG RegionSize,\r
+ IN ULONG AllocationType,\r
+ IN ULONG Protect);\r
+\r
+/*\r
+ * FUNCTION: Returns from a callback into user mode\r
+ * ARGUMENTS:\r
+ * RETURN Status\r
+ */\r
+//FIXME: this function might need 3 parameters\r
+NTSTATUS STDCALL NtCallbackReturn(PVOID Result,\r
+ ULONG ResultLength,\r
+ NTSTATUS Status);\r
+\r
+NTSTATUS STDCALL ZwCallbackReturn(PVOID Result,\r
+ ULONG ResultLength,\r
+ NTSTATUS Status);\r
+\r
+/*\r
+ * FUNCTION: Cancels a IO request\r
+ * ARGUMENTS: \r
+ * FileHandle = Handle to the file\r
+ * IoStatusBlock = \r
+ *\r
+ * REMARKS:\r
+ * This function maps to the win32 CancelIo.\r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtCancelIoFile(\r
+ IN HANDLE FileHandle,\r
+ OUT PIO_STATUS_BLOCK IoStatusBlock\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwCancelIoFile(\r
+ IN HANDLE FileHandle,\r
+ OUT PIO_STATUS_BLOCK IoStatusBlock\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Sets the status of the event back to non-signaled\r
+ * ARGUMENTS: \r
+ * EventHandle = Handle to the event\r
+ * REMARKS:\r
+ * This function maps to win32 function ResetEvent.\r
+ * RETURcNS: Status\r
+ */\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtClearEvent(\r
+ IN HANDLE EventHandle\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwClearEvent(\r
+ IN HANDLE EventHandle\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Closes an object handle\r
+ * ARGUMENTS:\r
+ * Handle = Handle to the object\r
+ * REMARKS:\r
+ * This function maps to the win32 function CloseHandle. \r
+ * RETURNS: Status\r
+ */\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtClose(\r
+ IN HANDLE Handle\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwClose(\r
+ IN HANDLE Handle\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Generates an audit message when a handle to an object is dereferenced\r
+ * ARGUMENTS:\r
+ * SubsystemName = \r
+ HandleId = Handle to the object\r
+ GenerateOnClose =\r
+ * REMARKS:\r
+ * This function maps to the win32 function ObjectCloseAuditAlarm. \r
+ * RETURNS: Status\r
+ */\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtCloseObjectAuditAlarm(\r
+ IN PUNICODE_STRING SubsystemName,\r
+ IN PVOID HandleId,\r
+ IN BOOLEAN GenerateOnClose\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwCloseObjectAuditAlarm(\r
+ IN PUNICODE_STRING SubsystemName,\r
+ IN PVOID HandleId,\r
+ IN BOOLEAN GenerateOnClose\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Creates a directory object\r
+ * ARGUMENTS:\r
+ * DirectoryHandle (OUT) = Caller supplied storage for the resulting handle\r
+ * DesiredAccess = Specifies access to the directory\r
+ * ObjectAttribute = Initialized attributes for the object\r
+ * REMARKS: This function maps to the win32 CreateDirectory. A directory is like a file so it needs a\r
+ * handle, a access mask and a OBJECT_ATTRIBUTES structure to map the path name and the SECURITY_ATTRIBUTES.\r
+ * RETURNS: Status\r
+ */\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtCreateDirectoryObject(\r
+ OUT PHANDLE DirectoryHandle,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwCreateDirectoryObject(\r
+ OUT PHANDLE DirectoryHandle,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Creates an event object\r
+ * ARGUMENTS:\r
+ * EventHandle (OUT) = Caller supplied storage for the resulting handle\r
+ * DesiredAccess = Specifies access to the event\r
+ * ObjectAttribute = Initialized attributes for the object\r
+ * ManualReset = manual-reset or auto-reset if true you have to reset the state of the event manually\r
+ * using NtResetEvent/NtClearEvent. if false the system will reset the event to a non-signalled state\r
+ * automatically after the system has rescheduled a thread waiting on the event.\r
+ * InitialState = specifies the initial state of the event to be signaled ( TRUE ) or non-signalled (FALSE).\r
+ * REMARKS: This function maps to the win32 CreateEvent. Demanding a out variable of type HANDLE,\r
+ * a access mask and a OBJECT_ATTRIBUTES structure mapping to the SECURITY_ATTRIBUTES. ManualReset and InitialState are\r
+ * both parameters aswell ( possibly the order is reversed ).\r
+ * RETURNS: Status\r
+ */\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtCreateEvent(\r
+ OUT PHANDLE EventHandle,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes,\r
+ IN BOOLEAN ManualReset,\r
+ IN BOOLEAN InitialState\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwCreateEvent(\r
+ OUT PHANDLE EventHandle,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes,\r
+ IN BOOLEAN ManualReset,\r
+ IN BOOLEAN InitialState\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Creates an eventpair object\r
+ * ARGUMENTS:\r
+ * EventPairHandle (OUT) = Caller supplied storage for the resulting handle\r
+ * DesiredAccess = Specifies access to the event\r
+ * ObjectAttribute = Initialized attributes for the object\r
+ */\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtCreateEventPair(\r
+ OUT PHANDLE EventPairHandle,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwCreateEventPair(\r
+ OUT PHANDLE EventPairHandle,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes\r
+ );\r
+\r
+\r
+/*\r
+ * FUNCTION: Creates or opens a file, directory or device object.\r
+ * ARGUMENTS:\r
+ * FileHandle (OUT) = Caller supplied storage for the resulting handle\r
+ * DesiredAccess = Specifies the allowed or desired access to the file can\r
+ * be a combination of DELETE | FILE_READ_DATA .. \r
+ * ObjectAttribute = Initialized attributes for the object, contains the rootdirectory and the filename\r
+ * IoStatusBlock (OUT) = Caller supplied storage for the resulting status information, indicating if the\r
+ * the file is created and opened or allready existed and is just opened.\r
+ * FileAttributes = file attributes can be a combination of FILE_ATTRIBUTE_READONLY | FILE_ATTRIBUTE_HIDDEN ...\r
+ * ShareAccess = can be a combination of the following: FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE \r
+ * CreateDisposition = specifies what the behavior of the system if the file allready exists.\r
+ * CreateOptions = specifies the behavior of the system on file creation.\r
+ * EaBuffer (OPTIONAL) = Extended Attributes buffer, applies only to files and directories.\r
+ * EaLength = Extended Attributes buffer size, applies only to files and directories.\r
+ * REMARKS: This function maps to the win32 CreateFile. \r
+ * RETURNS: Status\r
+ */\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtCreateFile(\r
+ OUT PHANDLE FileHandle,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes,\r
+ OUT PIO_STATUS_BLOCK IoStatusBlock,\r
+ IN PLARGE_INTEGER AllocationSize OPTIONAL,\r
+ IN ULONG FileAttributes,\r
+ IN ULONG ShareAccess,\r
+ IN ULONG CreateDisposition,\r
+ IN ULONG CreateOptions,\r
+ IN PVOID EaBuffer OPTIONAL,\r
+ IN ULONG EaLength\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwCreateFile(\r
+ OUT PHANDLE FileHandle,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes,\r
+ OUT PIO_STATUS_BLOCK IoStatusBlock,\r
+ IN PLARGE_INTEGER AllocationSize OPTIONAL,\r
+ IN ULONG FileAttributes,\r
+ IN ULONG ShareAccess,\r
+ IN ULONG CreateDisposition,\r
+ IN ULONG CreateOptions,\r
+ IN PVOID EaBuffer OPTIONAL,\r
+ IN ULONG EaLength\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Creates or opens a file, directory or device object.\r
+ * ARGUMENTS:\r
+ * CompletionPort (OUT) = Caller supplied storage for the resulting handle\r
+ * DesiredAccess = Specifies the allowed or desired access to the port\r
+ * IoStatusBlock =\r
+ * NumberOfConcurrentThreads =\r
+ * REMARKS: This function maps to the win32 CreateIoCompletionPort\r
+ * RETURNS:\r
+ * Status\r
+ */\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtCreateIoCompletion(\r
+ OUT PHANDLE CompletionPort,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ OUT PIO_STATUS_BLOCK IoStatusBlock,\r
+ IN ULONG NumberOfConcurrentThreads\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwCreateIoCompletion(\r
+ OUT PHANDLE CompletionPort,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ OUT PIO_STATUS_BLOCK IoStatusBlock,\r
+ IN ULONG NumberOfConcurrentThreads\r
+ );\r
+\r
+\r
+/*
+ * FUNCTION: Creates a registry key
+ * ARGUMENTS:
+ * KeyHandle (OUT) = Caller supplied storage for the resulting handle
+ * DesiredAccess = Specifies the allowed or desired access to the key
+ * It can have a combination of the following values:
+ * KEY_READ | KEY_WRITE | KEY_EXECUTE | KEY_ALL_ACCESS
+ * or
+ * KEY_QUERY_VALUE The values of the key can be queried.
+ * KEY_SET_VALUE The values of the key can be modified.
+ * KEY_CREATE_SUB_KEYS The key may contain subkeys.
+ * KEY_ENUMERATE_SUB_KEYS Subkeys can be queried.
+ * KEY_NOTIFY
+ * KEY_CREATE_LINK A symbolic link to the key can be created.
+ * ObjectAttributes = The name of the key may be specified directly in the name field
+ * of object attributes or relative to a key in rootdirectory.
+ * TitleIndex = Might specify the position in the sequential order of subkeys.
+ * Class = Specifies the kind of data, for example REG_SZ for string data. [ ??? ]
+ * CreateOptions = Specifies additional options with which the key is created
+ * REG_OPTION_VOLATILE The key is not preserved across boots.
+ * REG_OPTION_NON_VOLATILE The key is preserved accross boots.
+ * REG_OPTION_CREATE_LINK The key is a symbolic link to another key.
+ * REG_OPTION_BACKUP_RESTORE Key is being opened or created for backup/restore operations.
+ * Disposition = Indicates if the call to NtCreateKey resulted in the creation of a key it
+ * can have the following values: REG_CREATED_NEW_KEY | REG_OPENED_EXISTING_KEY
+ * RETURNS:
+ * Status
+ */
+
+NTSTATUS STDCALL
+NtCreateKey(OUT PHANDLE KeyHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ IN ULONG TitleIndex,
+ IN PUNICODE_STRING Class OPTIONAL,
+ IN ULONG CreateOptions,
+ IN PULONG Disposition OPTIONAL);
+
+NTSTATUS STDCALL
+ZwCreateKey(OUT PHANDLE KeyHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ IN ULONG TitleIndex,
+ IN PUNICODE_STRING Class OPTIONAL,
+ IN ULONG CreateOptions,
+ IN PULONG Disposition OPTIONAL);
+\r
+/*\r
+ * FUNCTION: Creates a mail slot file\r
+ * ARGUMENTS:\r
+ * MailSlotFileHandle (OUT) = Caller supplied storage for the resulting handle\r
+ * DesiredAccess = Specifies the allowed or desired access to the file\r
+ * ObjectAttributes = Contains the name of the mailslotfile.\r
+ * IoStatusBlock = \r
+ * FileAttributes =\r
+ * ShareAccess =\r
+ * MaxMessageSize =\r
+ * TimeOut =\r
+ * \r
+ * REMARKS: This funciton maps to the win32 function CreateMailSlot\r
+ * RETURNS:\r
+ * Status\r
+ */\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtCreateMailslotFile(\r
+ OUT PHANDLE MailSlotFileHandle,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes,\r
+ OUT PIO_STATUS_BLOCK IoStatusBlock,\r
+ IN ULONG FileAttributes,\r
+ IN ULONG ShareAccess,\r
+ IN ULONG MaxMessageSize,\r
+ IN PLARGE_INTEGER TimeOut\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwCreateMailslotFile(\r
+ OUT PHANDLE MailSlotFileHandle,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes,\r
+ OUT PIO_STATUS_BLOCK IoStatusBlock,\r
+ IN ULONG FileAttributes,\r
+ IN ULONG ShareAccess,\r
+ IN ULONG MaxMessageSize,\r
+ IN PLARGE_INTEGER TimeOut\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Creates or opens a mutex\r
+ * ARGUMENTS:\r
+ * MutantHandle (OUT) = Caller supplied storage for the resulting handle\r
+ * DesiredAccess = Specifies the allowed or desired access to the port\r
+ * ObjectAttributes = Contains the name of the mutex.\r
+ * InitialOwner = If true the calling thread acquires ownership \r
+ * of the mutex.\r
+ * REMARKS: This funciton maps to the win32 function CreateMutex\r
+ * RETURNS:\r
+ * Status\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtCreateMutant(\r
+ OUT PHANDLE MutantHandle,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes,\r
+ IN BOOLEAN InitialOwner\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwCreateMutant(\r
+ OUT PHANDLE MutantHandle,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes,\r
+ IN BOOLEAN InitialOwner\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Creates a process.\r
+ * ARGUMENTS:\r
+ * ProcessHandle (OUT) = Caller supplied storage for the resulting handle\r
+ * DesiredAccess = Specifies the allowed or desired access to the process can\r
+ * be a combinate of STANDARD_RIGHTS_REQUIRED| .. \r
+ * ObjectAttribute = Initialized attributes for the object, contains the rootdirectory and the filename\r
+ * ParentProcess = Handle to the parent process.\r
+ * InheritObjectTable = Specifies to inherit the objects of the parent process if true.\r
+ * SectionHandle = Handle to a section object to back the image file\r
+ * DebugPort = Handle to a DebugPort if NULL the system default debug port will be used.\r
+ * ExceptionPort = Handle to a exception port.\r
+ * REMARKS:\r
+ * This function maps to the win32 CreateProcess.\r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS \r
+STDCALL \r
+NtCreateProcess(\r
+ OUT PHANDLE ProcessHandle,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,\r
+ IN HANDLE ParentProcess,\r
+ IN BOOLEAN InheritObjectTable,\r
+ IN HANDLE SectionHandle OPTIONAL,\r
+ IN HANDLE DebugPort OPTIONAL,\r
+ IN HANDLE ExceptionPort OPTIONAL\r
+ );\r
+\r
+NTSTATUS \r
+STDCALL \r
+ZwCreateProcess(\r
+ OUT PHANDLE ProcessHandle,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,\r
+ IN HANDLE ParentProcess,\r
+ IN BOOLEAN InheritObjectTable,\r
+ IN HANDLE SectionHandle OPTIONAL,\r
+ IN HANDLE DebugPort OPTIONAL,\r
+ IN HANDLE ExceptionPort OPTIONAL\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Creates a section object.\r
+ * ARGUMENTS:\r
+ * SectionHandle (OUT) = Caller supplied storage for the resulting handle\r
+ * DesiredAccess = Specifies the desired access to the section can be a combination of STANDARD_RIGHTS_REQUIRED | SECTION_QUERY | SECTION_MAP_WRITE | \r
+ * SECTION_MAP_READ | SECTION_MAP_EXECUTE.\r
+ * ObjectAttribute = Initialized attributes for the object can be used to create a named section\r
+ * MaxiumSize = Maximizes the size of the memory section. Must be non-NULL for a page-file backed section. \r
+ * If value specified for a mapped file and the file is not large enough, file will be extended. \r
+ * SectionPageProtection = Can be a combination of PAGE_READONLY | PAGE_READWRITE | PAGE_WRITEONLY | PAGE_WRITECOPY.\r
+ * AllocationAttributes = can be a combination of SEC_IMAGE | SEC_RESERVE\r
+ * FileHanlde = Handle to a file to create a section mapped to a file instead of a memory backed section.\r
+ * RETURNS: Status\r
+ */\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtCreateSection( \r
+ OUT PHANDLE SectionHandle, \r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, \r
+ IN PLARGE_INTEGER MaximumSize OPTIONAL, \r
+ IN ULONG SectionPageProtection OPTIONAL,\r
+ IN ULONG AllocationAttributes,\r
+ IN HANDLE FileHandle OPTIONAL\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwCreateSection( \r
+ OUT PHANDLE SectionHandle, \r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, \r
+ IN PLARGE_INTEGER MaximumSize OPTIONAL, \r
+ IN ULONG SectionPageProtection OPTIONAL,\r
+ IN ULONG AllocationAttributes,\r
+ IN HANDLE FileHandle OPTIONAL\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Creates a semaphore object for interprocess synchronization.\r
+ * ARGUMENTS:\r
+ * SemaphoreHandle (OUT) = Caller supplied storage for the resulting handle\r
+ * DesiredAccess = Specifies the allowed or desired access to the semaphore. \r
+ * ObjectAttribute = Initialized attributes for the object.\r
+ * InitialCount = Not necessary zero, might be smaller than zero.\r
+ * MaximumCount = Maxiumum count the semaphore can reach.\r
+ * RETURNS: Status\r
+ * REMARKS: \r
+ * The semaphore is set to signaled when its count is greater than zero, and non-signaled when its count is zero.\r
+ */\r
+\r
+//FIXME: should a semaphore's initial count allowed to be smaller than zero ??\r
+NTSTATUS\r
+STDCALL\r
+NtCreateSemaphore(\r
+ OUT PHANDLE SemaphoreHandle,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,\r
+ IN LONG InitialCount,\r
+ IN LONG MaximumCount\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwCreateSemaphore(\r
+ OUT PHANDLE SemaphoreHandle,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,\r
+ IN LONG InitialCount,\r
+ IN LONG MaximumCount\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Creates a symbolic link object\r
+ * ARGUMENTS:\r
+ * SymbolicLinkHandle (OUT) = Caller supplied storage for the resulting handle\r
+ * DesiredAccess = Specifies the allowed or desired access to the thread. \r
+ * ObjectAttributes = Initialized attributes for the object.\r
+ * Name = Target name of the symbolic link \r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtCreateSymbolicLinkObject(\r
+ OUT PHANDLE SymbolicLinkHandle,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes,\r
+ IN PUNICODE_STRING Name\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwCreateSymbolicLinkObject(\r
+ OUT PHANDLE SymbolicLinkHandle,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes,\r
+ IN PUNICODE_STRING Name\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Creates a waitable timer.\r
+ * ARGUMENTS:\r
+ * TimerHandle (OUT) = Caller supplied storage for the resulting handle\r
+ * DesiredAccess = Specifies the allowed or desired access to the timer. \r
+ * ObjectAttributes = Initialized attributes for the object.\r
+ * TimerType = Specifies if the timer should be reset manually.\r
+ * REMARKS:\r
+ * This function maps to the win32 CreateWaitableTimer. lpTimerAttributes and lpTimerName map to\r
+ * corresponding fields in OBJECT_ATTRIBUTES structure. \r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtCreateTimer(\r
+ OUT PHANDLE TimerHandle,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,\r
+ IN TIMER_TYPE TimerType\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwCreateTimer(\r
+ OUT PHANDLE TimerHandle,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,\r
+ IN TIMER_TYPE TimerType\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Creates a token.\r
+ * ARGUMENTS:\r
+ * TokenHandle (OUT) = Caller supplied storage for the resulting handle\r
+ * DesiredAccess = Specifies the allowed or desired access to the process can\r
+ * be a combinate of STANDARD_RIGHTS_REQUIRED| .. \r
+ * ObjectAttribute = Initialized attributes for the object, contains the rootdirectory and the filename\r
+ * TokenType = \r
+ * AuthenticationId = \r
+ * ExpirationTime = \r
+ * TokenUser = \r
+ * TokenGroups =\r
+ * TokenPrivileges = \r
+ * TokenOwner = \r
+ * TokenPrimaryGroup = \r
+ * TokenDefaultDacl =\r
+ * TokenSource =\r
+ * REMARKS:\r
+ * This function does not map to a win32 function\r
+ * RETURNS: Status\r
+ */\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtCreateToken(\r
+ OUT PHANDLE TokenHandle,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes,\r
+ IN TOKEN_TYPE TokenType,\r
+ IN PLUID AuthenticationId,\r
+ IN PLARGE_INTEGER ExpirationTime,\r
+ IN PTOKEN_USER TokenUser,\r
+ IN PTOKEN_GROUPS TokenGroups,\r
+ IN PTOKEN_PRIVILEGES TokenPrivileges,\r
+ IN PTOKEN_OWNER TokenOwner,\r
+ IN PTOKEN_PRIMARY_GROUP TokenPrimaryGroup,\r
+ IN PTOKEN_DEFAULT_DACL TokenDefaultDacl,\r
+ IN PTOKEN_SOURCE TokenSource\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwCreateToken(\r
+ OUT PHANDLE TokenHandle,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes,\r
+ IN TOKEN_TYPE TokenType,\r
+ IN PLUID AuthenticationId,\r
+ IN PLARGE_INTEGER ExpirationTime,\r
+ IN PTOKEN_USER TokenUser,\r
+ IN PTOKEN_GROUPS TokenGroups,\r
+ IN PTOKEN_PRIVILEGES TokenPrivileges,\r
+ IN PTOKEN_OWNER TokenOwner,\r
+ IN PTOKEN_PRIMARY_GROUP TokenPrimaryGroup,\r
+ IN PTOKEN_DEFAULT_DACL TokenDefaultDacl,\r
+ IN PTOKEN_SOURCE TokenSource\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Returns the callers thread TEB.\r
+ * RETURNS: The resulting teb.\r
+ */\r
+#if 0\r
+ NT_TEB *\r
+STDCALL \r
+NtCurrentTeb(VOID\r
+ );\r
+#endif\r
+\r
+/*\r
+ * FUNCTION: Deletes an atom from the global atom table\r
+ * ARGUMENTS:\r
+ * Atom = Identifies the atom to delete\r
+ * REMARKS:\r
+ * The function maps to the win32 GlobalDeleteAtom\r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtDeleteAtom(\r
+ IN RTL_ATOM Atom\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwDeleteAtom(\r
+ IN RTL_ATOM Atom\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Deletes a file or a directory\r
+ * ARGUMENTS:\r
+ * ObjectAttributes = Name of the file which should be deleted\r
+ * REMARKS:\r
+ * This system call is functionally equivalent to NtSetInformationFile\r
+ * setting the disposition information.\r
+ * The function maps to the win32 DeleteFile. \r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtDeleteFile(\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwDeleteFile(\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Deletes a registry key\r
+ * ARGUMENTS:\r
+ * KeyHandle = Handle of the key\r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtDeleteKey(\r
+ IN HANDLE KeyHandle\r
+ );\r
+NTSTATUS\r
+STDCALL\r
+ZwDeleteKey(\r
+ IN HANDLE KeyHandle\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Generates a audit message when an object is deleted\r
+ * ARGUMENTS:\r
+ * SubsystemName = Spefies the name of the subsystem can be 'WIN32' or 'DEBUG'\r
+ * HandleId= Handle to an audit object\r
+ * GenerateOnClose = Value returned by NtAccessCheckAndAuditAlarm\r
+ * REMARKS: This function maps to the win32 ObjectCloseAuditAlarm\r
+ * RETURNS: Status\r
+ */\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtDeleteObjectAuditAlarm ( \r
+ IN PUNICODE_STRING SubsystemName, \r
+ IN PVOID HandleId, \r
+ IN BOOLEAN GenerateOnClose \r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwDeleteObjectAuditAlarm ( \r
+ IN PUNICODE_STRING SubsystemName, \r
+ IN PVOID HandleId, \r
+ IN BOOLEAN GenerateOnClose \r
+ ); \r
+\r
+\r
+/*\r
+ * FUNCTION: Deletes a value from a registry key\r
+ * ARGUMENTS:\r
+ * KeyHandle = Handle of the key\r
+ * ValueName = Name of the value to delete\r
+ * RETURNS: Status\r
+ */\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtDeleteValueKey(\r
+ IN HANDLE KeyHandle,\r
+ IN PUNICODE_STRING ValueName\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwDeleteValueKey(\r
+ IN HANDLE KeyHandle,\r
+ IN PUNICODE_STRING ValueName\r
+ );\r
+/*\r
+ * FUNCTION: Sends IOCTL to the io sub system\r
+ * ARGUMENTS:\r
+ * DeviceHandle = Points to the handle that is created by NtCreateFile\r
+ * Event = Event to synchronize on STATUS_PENDING\r
+ * ApcRoutine = Asynchroneous procedure callback\r
+ * ApcContext = Callback context.\r
+ * IoStatusBlock = Caller should supply storage for extra information.. \r
+ * IoControlCode = Contains the IO Control command. This is an \r
+ * index to the structures in InputBuffer and OutputBuffer.\r
+ * InputBuffer = Caller should supply storage for input buffer if IOTL expects one.\r
+ * InputBufferSize = Size of the input bufffer\r
+ * OutputBuffer = Caller should supply storage for output buffer if IOTL expects one.\r
+ * OutputBufferSize = Size of the input bufffer\r
+ * RETURNS: Status \r
+ */\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtDeviceIoControlFile(\r
+ IN HANDLE DeviceHandle,\r
+ IN HANDLE Event OPTIONAL, \r
+ IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL, \r
+ IN PVOID UserApcContext OPTIONAL, \r
+ OUT PIO_STATUS_BLOCK IoStatusBlock, \r
+ IN ULONG IoControlCode,\r
+ IN PVOID InputBuffer, \r
+ IN ULONG InputBufferSize,\r
+ OUT PVOID OutputBuffer,\r
+ IN ULONG OutputBufferSize\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwDeviceIoControlFile(\r
+ IN HANDLE DeviceHandle,\r
+ IN HANDLE Event OPTIONAL, \r
+ IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL, \r
+ IN PVOID UserApcContext OPTIONAL, \r
+ OUT PIO_STATUS_BLOCK IoStatusBlock, \r
+ IN ULONG IoControlCode,\r
+ IN PVOID InputBuffer, \r
+ IN ULONG InputBufferSize,\r
+ OUT PVOID OutputBuffer,\r
+ IN ULONG OutputBufferSize\r
+ );\r
+/*\r
+ * FUNCTION: Displays a string on the blue screen\r
+ * ARGUMENTS:\r
+ * DisplayString = The string to display\r
+ * RETURNS: Status\r
+ */\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtDisplayString(\r
+ IN PUNICODE_STRING DisplayString\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwDisplayString(\r
+ IN PUNICODE_STRING DisplayString\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Returns information about the subkeys of an open key\r
+ * ARGUMENTS:\r
+ * KeyHandle = Handle of the key whose subkeys are to enumerated\r
+ * Index = zero based index of the subkey for which information is\r
+ * request\r
+ * KeyInformationClass = Type of information returned\r
+ * KeyInformation (OUT) = Caller allocated buffer for the information\r
+ * about the key\r
+ * Length = Length in bytes of the KeyInformation buffer\r
+ * ResultLength (OUT) = Caller allocated storage which holds\r
+ * the number of bytes of information retrieved\r
+ * on return\r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtEnumerateKey(\r
+ IN HANDLE KeyHandle,\r
+ IN ULONG Index,\r
+ IN KEY_INFORMATION_CLASS KeyInformationClass,\r
+ OUT PVOID KeyInformation,\r
+ IN ULONG Length,\r
+ OUT PULONG ResultLength\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwEnumerateKey(\r
+ IN HANDLE KeyHandle,\r
+ IN ULONG Index,\r
+ IN KEY_INFORMATION_CLASS KeyInformationClass,\r
+ OUT PVOID KeyInformation,\r
+ IN ULONG Length,\r
+ OUT PULONG ResultLength\r
+ );\r
+/*\r
+ * FUNCTION: Returns information about the value entries of an open key\r
+ * ARGUMENTS:\r
+ * KeyHandle = Handle of the key whose value entries are to enumerated\r
+ * Index = zero based index of the subkey for which information is\r
+ * request\r
+ * KeyInformationClass = Type of information returned\r
+ * KeyInformation (OUT) = Caller allocated buffer for the information\r
+ * about the key\r
+ * Length = Length in bytes of the KeyInformation buffer\r
+ * ResultLength (OUT) = Caller allocated storage which holds\r
+ * the number of bytes of information retrieved\r
+ * on return\r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtEnumerateValueKey(\r
+ IN HANDLE KeyHandle,\r
+ IN ULONG Index,\r
+ IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass,\r
+ OUT PVOID KeyValueInformation,\r
+ IN ULONG Length,\r
+ OUT PULONG ResultLength\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwEnumerateValueKey(\r
+ IN HANDLE KeyHandle,\r
+ IN ULONG Index,\r
+ IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass,\r
+ OUT PVOID KeyValueInformation,\r
+ IN ULONG Length,\r
+ OUT PULONG ResultLength\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Flushes chached file data to disk\r
+ * ARGUMENTS:\r
+ * FileHandle = Points to the file\r
+ * IoStatusBlock = Caller must supply storage to receive the result of the flush\r
+ * buffers operation. The information field is set to number of bytes\r
+ * flushed to disk.\r
+ * RETURNS: Status \r
+ * REMARKS:\r
+ * This funciton maps to the win32 FlushFileBuffers\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtFlushBuffersFile(\r
+ IN HANDLE FileHandle,\r
+ OUT PIO_STATUS_BLOCK IoStatusBlock\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwFlushBuffersFile(\r
+ IN HANDLE FileHandle,\r
+ OUT PIO_STATUS_BLOCK IoStatusBlock\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Flushes a registry key to disk\r
+ * ARGUMENTS:\r
+ * KeyHandle = Points to the registry key handle\r
+ * RETURNS: Status \r
+ * REMARKS:\r
+ * This funciton maps to the win32 RegFlushKey.\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtFlushKey(\r
+ IN HANDLE KeyHandle\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwFlushKey(\r
+ IN HANDLE KeyHandle\r
+ );\r
+ \r
+/*\r
+ * FUNCTION: Flushes the dirty pages to file\r
+ * RETURNS: Status\r
+ * FIXME: Not sure this does (how is the file specified)\r
+ */\r
+NTSTATUS STDCALL NtFlushWriteBuffer(VOID);\r
+NTSTATUS STDCALL ZwFlushWriteBuffer(VOID); \r
+\r
+ /*\r
+ * FUNCTION: Frees a range of virtual memory\r
+ * ARGUMENTS:\r
+ * ProcessHandle = Points to the process that allocated the virtual \r
+ * memory\r
+ * BaseAddress = Points to the memory address, rounded down to a \r
+ * multiple of the pagesize\r
+ * RegionSize = Limits the range to free, rounded up to a multiple of \r
+ * the paging size\r
+ * FreeType = Can be one of the values: MEM_DECOMMIT, or MEM_RELEASE\r
+ * RETURNS: Status \r
+ */\r
+NTSTATUS STDCALL NtFreeVirtualMemory(IN HANDLE ProcessHandle,\r
+ IN PVOID *BaseAddress, \r
+ IN PULONG RegionSize, \r
+ IN ULONG FreeType);\r
+NTSTATUS STDCALL ZwFreeVirtualMemory(IN HANDLE ProcessHandle,\r
+ IN PVOID *BaseAddress, \r
+ IN PULONG RegionSize, \r
+ IN ULONG FreeType); \r
+\r
+/*\r
+ * FUNCTION: Sends FSCTL to the filesystem\r
+ * ARGUMENTS:\r
+ * DeviceHandle = Points to the handle that is created by NtCreateFile\r
+ * Event = Event to synchronize on STATUS_PENDING\r
+ * ApcRoutine = \r
+ * ApcContext =\r
+ * IoStatusBlock = Caller should supply storage for \r
+ * IoControlCode = Contains the File System Control command. This is an \r
+ * index to the structures in InputBuffer and OutputBuffer.\r
+ * FSCTL_GET_RETRIEVAL_POINTERS MAPPING_PAIR\r
+ * FSCTL_GET_RETRIEVAL_POINTERS GET_RETRIEVAL_DESCRIPTOR\r
+ * FSCTL_GET_VOLUME_BITMAP BITMAP_DESCRIPTOR\r
+ * FSCTL_MOVE_FILE MOVEFILE_DESCRIPTOR\r
+ *\r
+ * InputBuffer = Caller should supply storage for input buffer if FCTL expects one.\r
+ * InputBufferSize = Size of the input bufffer\r
+ * OutputBuffer = Caller should supply storage for output buffer if FCTL expects one.\r
+ * OutputBufferSize = Size of the input bufffer\r
+ * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES |\r
+ * STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST ]\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtFsControlFile(\r
+ IN HANDLE DeviceHandle,\r
+ IN HANDLE Event OPTIONAL, \r
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, \r
+ IN PVOID ApcContext OPTIONAL, \r
+ OUT PIO_STATUS_BLOCK IoStatusBlock, \r
+ IN ULONG IoControlCode,\r
+ IN PVOID InputBuffer, \r
+ IN ULONG InputBufferSize,\r
+ OUT PVOID OutputBuffer,\r
+ IN ULONG OutputBufferSize\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwFsControlFile(\r
+ IN HANDLE DeviceHandle,\r
+ IN HANDLE Event OPTIONAL, \r
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, \r
+ IN PVOID ApcContext OPTIONAL, \r
+ OUT PIO_STATUS_BLOCK IoStatusBlock, \r
+ IN ULONG IoControlCode,\r
+ IN PVOID InputBuffer, \r
+ IN ULONG InputBufferSize,\r
+ OUT PVOID OutputBuffer,\r
+ IN ULONG OutputBufferSize\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Retrieves the processor context of a thread\r
+ * ARGUMENTS:\r
+ * ThreadHandle = Handle to a thread\r
+ * Context (OUT) = Caller allocated storage for the processor context\r
+ * RETURNS: Status \r
+ */\r
+\r
+NTSTATUS\r
+STDCALL \r
+NtGetContextThread(\r
+ IN HANDLE ThreadHandle, \r
+ OUT PCONTEXT Context\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL \r
+ZwGetContextThread(\r
+ IN HANDLE ThreadHandle, \r
+ OUT PCONTEXT Context\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Sets a thread to impersonate another \r
+ * ARGUMENTS:\r
+ * ThreadHandle = Server thread that will impersonate a client.\r
+ ThreadToImpersonate = Client thread that will be impersonated\r
+ SecurityQualityOfService = Specifies the impersonation level.\r
+ * RETURNS: Status \r
+ */\r
+\r
+NTSTATUS\r
+STDCALL \r
+NtImpersonateThread(\r
+ IN HANDLE ThreadHandle,\r
+ IN HANDLE ThreadToImpersonate,\r
+ IN PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL \r
+ZwImpersonateThread(\r
+ IN HANDLE ThreadHandle,\r
+ IN HANDLE ThreadToImpersonate,\r
+ IN PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Initializes the registry.\r
+ * ARGUMENTS:\r
+ * SetUpBoot = This parameter is true for a setup boot.\r
+ * RETURNS: Status \r
+ */\r
+NTSTATUS\r
+STDCALL \r
+NtInitializeRegistry(\r
+ BOOLEAN SetUpBoot\r
+ );\r
+NTSTATUS\r
+STDCALL \r
+ZwInitializeRegistry(\r
+ BOOLEAN SetUpBoot\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Loads a driver. \r
+ * ARGUMENTS: \r
+ * DriverServiceName = Name of the driver to load\r
+ * RETURNS: Status\r
+ */ \r
+NTSTATUS\r
+STDCALL \r
+NtLoadDriver(\r
+ IN PUNICODE_STRING DriverServiceName\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL \r
+ZwLoadDriver(\r
+ IN PUNICODE_STRING DriverServiceName\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Locks a range of bytes in a file. \r
+ * ARGUMENTS: \r
+ * FileHandle = Handle to the file\r
+ * Event = Should be null if apc is specified.\r
+ * ApcRoutine = Asynchroneous Procedure Callback\r
+ * ApcContext = Argument to the callback\r
+ * IoStatusBlock (OUT) = Caller should supply storage for a structure containing\r
+ * the completion status and information about the requested lock operation.\r
+ * ByteOffset = Offset \r
+ * Length = Number of bytes to lock.\r
+ * Key = Special value to give other threads the possibility to unlock the file\r
+ by supplying the key in a call to NtUnlockFile.\r
+ * FailImmediatedly = If false the request will block untill the lock is obtained. \r
+ * ExclusiveLock = Specifies whether a exclusive or a shared lock is obtained.\r
+ * REMARK:\r
+ This procedure maps to the win32 procedure LockFileEx. STATUS_PENDING is returned if the lock could\r
+ not be obtained immediately, the device queue is busy and the IRP is queued.\r
+ * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES |\r
+ STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_LOCK_NOT_GRANTED ]\r
+\r
+ */ \r
+NTSTATUS \r
+STDCALL\r
+NtLockFile(\r
+ IN HANDLE FileHandle,\r
+ IN HANDLE Event OPTIONAL,\r
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,\r
+ IN PVOID ApcContext OPTIONAL,\r
+ OUT PIO_STATUS_BLOCK IoStatusBlock,\r
+ IN PLARGE_INTEGER ByteOffset,\r
+ IN PLARGE_INTEGER Length,\r
+ IN PULONG Key,\r
+ IN BOOLEAN FailImmediatedly,\r
+ IN BOOLEAN ExclusiveLock\r
+ );\r
+\r
+NTSTATUS \r
+STDCALL\r
+ZwLockFile(\r
+ IN HANDLE FileHandle,\r
+ IN HANDLE Event OPTIONAL,\r
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,\r
+ IN PVOID ApcContext OPTIONAL,\r
+ OUT PIO_STATUS_BLOCK IoStatusBlock,\r
+ IN PLARGE_INTEGER ByteOffset,\r
+ IN PLARGE_INTEGER Length,\r
+ IN PULONG Key,\r
+ IN BOOLEAN FailImmediatedly,\r
+ IN BOOLEAN ExclusiveLock\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Makes temporary object that will be removed at next boot.\r
+ * ARGUMENTS: \r
+ * Handle = Handle to object\r
+ * RETURNS: Status\r
+ */ \r
+\r
+NTSTATUS\r
+STDCALL\r
+NtMakeTemporaryObject(\r
+ IN HANDLE Handle \r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwMakeTemporaryObject(\r
+ IN HANDLE Handle \r
+ );\r
+/*\r
+ * FUNCTION: Maps a view of a section into the virtual address space of a \r
+ * process\r
+ * ARGUMENTS:\r
+ * SectionHandle = Handle of the section\r
+ * ProcessHandle = Handle of the process\r
+ * BaseAddress = Desired base address (or NULL) on entry\r
+ * Actual base address of the view on exit\r
+ * ZeroBits = Number of high order address bits that must be zero\r
+ * CommitSize = Size in bytes of the initially committed section of \r
+ * the view \r
+ * SectionOffset = Offset in bytes from the beginning of the section\r
+ * to the beginning of the view\r
+ * ViewSize = Desired length of map (or zero to map all) on entry\r
+ * Actual length mapped on exit\r
+ * InheritDisposition = Specified how the view is to be shared with\r
+ * child processes\r
+ * AllocateType = Type of allocation for the pages\r
+ * Protect = Protection for the committed region of the view\r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS \r
+STDCALL\r
+NtMapViewOfSection(\r
+ IN HANDLE SectionHandle,\r
+ IN HANDLE ProcessHandle,\r
+ IN OUT PVOID *BaseAddress,\r
+ IN ULONG ZeroBits,\r
+ IN ULONG CommitSize,\r
+ IN OUT PLARGE_INTEGER SectionOffset OPTIONAL,\r
+ IN OUT PULONG ViewSize,\r
+ IN SECTION_INHERIT InheritDisposition,\r
+ IN ULONG AllocationType,\r
+ IN ULONG AccessProtection\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwMapViewOfSection(\r
+ IN HANDLE SectionHandle,\r
+ IN HANDLE ProcessHandle,\r
+ IN OUT PVOID *BaseAddress,\r
+ IN ULONG ZeroBits,\r
+ IN ULONG CommitSize,\r
+ IN OUT PLARGE_INTEGER SectionOffset OPTIONAL,\r
+ IN OUT PULONG ViewSize,\r
+ IN SECTION_INHERIT InheritDisposition,\r
+ IN ULONG AllocationType,\r
+ IN ULONG AccessProtection\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Installs a notify for the change of a directory's contents\r
+ * ARGUMENTS:\r
+ * FileHandle = Handle to the directory\r
+ Event = \r
+ * ApcRoutine = Start address\r
+ * ApcContext = Delimits the range of virtual memory\r
+ * for which the new access protection holds\r
+ * IoStatusBlock = The new access proctection for the pages\r
+ * Buffer = Caller supplies storage for resulting information --> FILE_NOTIFY_INFORMATION\r
+ * BufferSize = Size of the buffer\r
+ CompletionFilter = Can be one of the following values:\r
+ FILE_NOTIFY_CHANGE_FILE_NAME\r
+ FILE_NOTIFY_CHANGE_DIR_NAME\r
+ FILE_NOTIFY_CHANGE_NAME ( FILE_NOTIFY_CHANGE_FILE_NAME | FILE_NOTIFY_CHANGE_DIR_NAME ) \r
+ FILE_NOTIFY_CHANGE_ATTRIBUTES\r
+ FILE_NOTIFY_CHANGE_SIZE\r
+ FILE_NOTIFY_CHANGE_LAST_WRITE\r
+ FILE_NOTIFY_CHANGE_LAST_ACCESS\r
+ FILE_NOTIFY_CHANGE_CREATION ( change of creation timestamp )\r
+ FILE_NOTIFY_CHANGE_EA\r
+ FILE_NOTIFY_CHANGE_SECURITY\r
+ FILE_NOTIFY_CHANGE_STREAM_NAME\r
+ FILE_NOTIFY_CHANGE_STREAM_SIZE\r
+ FILE_NOTIFY_CHANGE_STREAM_WRITE\r
+ WatchTree = If true the notify will be installed recursively on the targetdirectory and all subdirectories.\r
+ *\r
+ * REMARKS:\r
+ * The function maps to the win32 FindFirstChangeNotification, FindNextChangeNotification \r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtNotifyChangeDirectoryFile(\r
+ IN HANDLE FileHandle,\r
+ IN HANDLE Event OPTIONAL, \r
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, \r
+ IN PVOID ApcContext OPTIONAL, \r
+ OUT PIO_STATUS_BLOCK IoStatusBlock,\r
+ OUT PVOID Buffer,\r
+ IN ULONG BufferSize,\r
+ IN ULONG CompletionFilter,\r
+ IN BOOLEAN WatchTree\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwNotifyChangeDirectoryFile(\r
+ IN HANDLE FileHandle,\r
+ IN HANDLE Event OPTIONAL, \r
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, \r
+ IN PVOID ApcContext OPTIONAL, \r
+ OUT PIO_STATUS_BLOCK IoStatusBlock,\r
+ OUT PVOID Buffer,\r
+ IN ULONG BufferSize,\r
+ IN ULONG CompletionFilter,\r
+ IN BOOLEAN WatchTree\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Installs a notfication callback on registry changes\r
+ * ARGUMENTS:\r
+ KeyHandle = Handle to the registry key\r
+ Event = Event that should be signalled on modification of the key\r
+ ApcRoutine = Routine that should be called on modification of the key\r
+ ApcContext = Argument to the ApcRoutine\r
+ IoStatusBlock = ???\r
+ CompletionFilter = Specifies the kind of notification the caller likes to receive.\r
+ Can be a combination of the following values:\r
+\r
+ REG_NOTIFY_CHANGE_NAME\r
+ REG_NOTIFY_CHANGE_ATTRIBUTES\r
+ REG_NOTIFY_CHANGE_LAST_SET\r
+ REG_NOTIFY_CHANGE_SECURITY\r
+ \r
+ \r
+ Asynchroneous = If TRUE the changes are reported by signalling an event if false\r
+ the function will not return before a change occurs.\r
+ ChangeBuffer = Will return the old value\r
+ Length = Size of the change buffer\r
+ WatchSubtree = Indicates if the caller likes to receive a notification of changes in\r
+ sub keys or not.\r
+ * REMARKS: If the key is closed the event is signalled aswell.\r
+ * RETURNS: Status\r
+ */\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtNotifyChangeKey(\r
+ IN HANDLE KeyHandle,\r
+ IN HANDLE Event,\r
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, \r
+ IN PVOID ApcContext OPTIONAL, \r
+ OUT PIO_STATUS_BLOCK IoStatusBlock,\r
+ IN ULONG CompletionFilter,\r
+ IN BOOLEAN Asynchroneous, \r
+ OUT PVOID ChangeBuffer,\r
+ IN ULONG Length,\r
+ IN BOOLEAN WatchSubtree\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwNotifyChangeKey(\r
+ IN HANDLE KeyHandle,\r
+ IN HANDLE Event,\r
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, \r
+ IN PVOID ApcContext OPTIONAL, \r
+ OUT PIO_STATUS_BLOCK IoStatusBlock,\r
+ IN ULONG CompletionFilter,\r
+ IN BOOLEAN Asynchroneous, \r
+ OUT PVOID ChangeBuffer,\r
+ IN ULONG Length,\r
+ IN BOOLEAN WatchSubtree\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Opens an existing directory object\r
+ * ARGUMENTS:\r
+ * FileHandle (OUT) = Caller supplied storage for the resulting handle\r
+ * DesiredAccess = Requested access to the directory\r
+ * ObjectAttributes = Initialized attributes for the object\r
+ * RETURNS: Status\r
+ */\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtOpenDirectoryObject(\r
+ OUT PHANDLE FileHandle,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes\r
+ );\r
+NTSTATUS\r
+STDCALL\r
+ZwOpenDirectoryObject(\r
+ OUT PHANDLE FileHandle,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Opens an existing event\r
+ * ARGUMENTS:\r
+ * EventHandle (OUT) = Caller supplied storage for the resulting handle\r
+ * DesiredAccess = Requested access to the event\r
+ * ObjectAttributes = Initialized attributes for the object\r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtOpenEvent(\r
+ OUT PHANDLE EventHandle,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwOpenEvent(\r
+ OUT PHANDLE EventHandle,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Opens an existing event pair\r
+ * ARGUMENTS:\r
+ * EventHandle (OUT) = Caller supplied storage for the resulting handle\r
+ * DesiredAccess = Requested access to the event\r
+ * ObjectAttributes = Initialized attributes for the object\r
+ * RETURNS: Status\r
+ */\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtOpenEventPair(\r
+ OUT PHANDLE EventPairHandle,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwOpenEventPair(\r
+ OUT PHANDLE EventPairHandle,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes\r
+ );\r
+/*\r
+ * FUNCTION: Opens an existing file\r
+ * ARGUMENTS:\r
+ * FileHandle (OUT) = Caller supplied storage for the resulting handle\r
+ * DesiredAccess = Requested access to the file\r
+ * ObjectAttributes = Initialized attributes for the object\r
+ * IoStatusBlock =\r
+ * ShareAccess =\r
+ * OpenOptions =\r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtOpenFile(\r
+ OUT PHANDLE FileHandle,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes,\r
+ OUT PIO_STATUS_BLOCK IoStatusBlock,\r
+ IN ULONG ShareAccess,\r
+ IN ULONG OpenOptions\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwOpenFile(\r
+ OUT PHANDLE FileHandle,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes,\r
+ OUT PIO_STATUS_BLOCK IoStatusBlock,\r
+ IN ULONG ShareAccess,\r
+ IN ULONG OpenOptions\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Opens an existing io completion object\r
+ * ARGUMENTS:\r
+ * CompletionPort (OUT) = Caller supplied storage for the resulting handle\r
+ * DesiredAccess = Requested access to the io completion object\r
+ * ObjectAttributes = Initialized attributes for the object\r
+ * RETURNS: Status\r
+ */\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtOpenIoCompletion(\r
+ OUT PHANDLE CompetionPort,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwOpenIoCompletion(\r
+ OUT PHANDLE CompetionPort,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes\r
+ );\r
+ \r
+/*\r
+ * FUNCTION: Opens an existing key in the registry\r
+ * ARGUMENTS:\r
+ * KeyHandle (OUT) = Caller supplied storage for the resulting handle\r
+ * DesiredAccess = Requested access to the key\r
+ * ObjectAttributes = Initialized attributes for the object\r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtOpenKey(\r
+ OUT PHANDLE KeyHandle,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwOpenKey(\r
+ OUT PHANDLE KeyHandle,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes\r
+ );\r
+/*\r
+ * FUNCTION: Opens an existing key in the registry\r
+ * ARGUMENTS:\r
+ * MutantHandle (OUT) = Caller supplied storage for the resulting handle\r
+ * DesiredAccess = Requested access to the mutant\r
+ * ObjectAttribute = Initialized attributes for the object\r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtOpenMutant(\r
+ OUT PHANDLE MutantHandle,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes\r
+ );\r
+NTSTATUS\r
+STDCALL\r
+ZwOpenMutant(\r
+ OUT PHANDLE MutantHandle,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Opens an existing process\r
+ * ARGUMENTS:\r
+ * ProcessHandle (OUT) = Caller supplied storage for the resulting handle\r
+ * DesiredAccess = Requested access to the process\r
+ * ObjectAttribute = Initialized attributes for the object\r
+ * ClientId = Identifies the process id to open\r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS \r
+STDCALL\r
+NtOpenProcess (\r
+ OUT PHANDLE ProcessHandle,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes,\r
+ IN PCLIENT_ID ClientId\r
+ ); \r
+NTSTATUS \r
+STDCALL\r
+ZwOpenProcess (\r
+ OUT PHANDLE ProcessHandle,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes,\r
+ IN PCLIENT_ID ClientId\r
+ ); \r
+/*\r
+ * FUNCTION: Opens an existing process\r
+ * ARGUMENTS:\r
+ * ProcessHandle = Handle of the process of which owns the token\r
+ * DesiredAccess = Requested access to the token\r
+ * TokenHandle (OUT) = Caller supplies storage for the resulting token.\r
+ * REMARKS:\r
+ This function maps to the win32 \r
+ * RETURNS: Status\r
+ */\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtOpenProcessToken(\r
+ IN HANDLE ProcessHandle,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ OUT PHANDLE TokenHandle\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwOpenProcessToken(\r
+ IN HANDLE ProcessHandle,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ OUT PHANDLE TokenHandle\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Opens an existing section object\r
+ * ARGUMENTS:\r
+ * KeyHandle (OUT) = Caller supplied storage for the resulting handle\r
+ * DesiredAccess = Requested access to the key\r
+ * ObjectAttribute = Initialized attributes for the object\r
+ * RETURNS: Status\r
+ */\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtOpenSection(\r
+ OUT PHANDLE SectionHandle,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes\r
+ );\r
+NTSTATUS\r
+STDCALL\r
+ZwOpenSection(\r
+ OUT PHANDLE SectionHandle,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes\r
+ );\r
+/*\r
+ * FUNCTION: Opens an existing semaphore\r
+ * ARGUMENTS:\r
+ * SemaphoreHandle (OUT) = Caller supplied storage for the resulting handle\r
+ * DesiredAccess = Requested access to the semaphore\r
+ * ObjectAttribute = Initialized attributes for the object\r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtOpenSemaphore(\r
+ IN HANDLE SemaphoreHandle,\r
+ IN ACCESS_MASK DesiredAcces,\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes\r
+ );\r
+NTSTATUS\r
+STDCALL\r
+ZwOpenSemaphore(\r
+ IN HANDLE SemaphoreHandle,\r
+ IN ACCESS_MASK DesiredAcces,\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes\r
+ );\r
+/*\r
+ * FUNCTION: Opens an existing symbolic link\r
+ * ARGUMENTS:\r
+ * SymbolicLinkHandle (OUT) = Caller supplied storage for the resulting handle\r
+ * DesiredAccess = Requested access to the symbolic link\r
+ * ObjectAttribute = Initialized attributes for the object\r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtOpenSymbolicLinkObject(\r
+ OUT PHANDLE SymbolicLinkHandle,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes\r
+ );\r
+NTSTATUS\r
+STDCALL\r
+ZwOpenSymbolicLinkObject(\r
+ OUT PHANDLE SymbolicLinkHandle,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes\r
+ );\r
+/*\r
+ * FUNCTION: Opens an existing thread\r
+ * ARGUMENTS:\r
+ * ThreadHandle (OUT) = Caller supplied storage for the resulting handle\r
+ * DesiredAccess = Requested access to the thread\r
+ * ObjectAttribute = Initialized attributes for the object\r
+ * ClientId = Identifies the thread to open.\r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtOpenThread(\r
+ OUT PHANDLE ThreadHandle,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes,\r
+ IN PCLIENT_ID ClientId\r
+ );\r
+NTSTATUS\r
+STDCALL\r
+ZwOpenThread(\r
+ OUT PHANDLE ThreadHandle,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes,\r
+ IN PCLIENT_ID ClientId\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtOpenThreadToken(\r
+ IN HANDLE ThreadHandle,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN BOOLEAN OpenAsSelf,\r
+ OUT PHANDLE TokenHandle\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwOpenThreadToken(\r
+ IN HANDLE ThreadHandle,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN BOOLEAN OpenAsSelf,\r
+ OUT PHANDLE TokenHandle\r
+ );\r
+/*\r
+ * FUNCTION: Opens an existing timer\r
+ * ARGUMENTS:\r
+ * TimerHandle (OUT) = Caller supplied storage for the resulting handle\r
+ * DesiredAccess = Requested access to the timer\r
+ * ObjectAttribute = Initialized attributes for the object\r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtOpenTimer(\r
+ OUT PHANDLE TimerHandle,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes\r
+ );\r
+NTSTATUS\r
+STDCALL\r
+ZwOpenTimer(\r
+ OUT PHANDLE TimerHandle,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Checks an access token for specific privileges\r
+ * ARGUMENTS:\r
+ * ClientToken = Handle to a access token structure\r
+ * RequiredPrivileges = Specifies the requested privileges.\r
+ * Result = Caller supplies storage for the result. If PRIVILEGE_SET_ALL_NECESSARY is\r
+ set in the Control member of PRIVILEGES_SET Result\r
+ will only be TRUE if all privileges are present in the access token. \r
+ * RETURNS: Status\r
+ */\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtPrivilegeCheck(\r
+ IN HANDLE ClientToken,\r
+ IN PPRIVILEGE_SET RequiredPrivileges,\r
+ IN PBOOLEAN Result\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwPrivilegeCheck(\r
+ IN HANDLE ClientToken,\r
+ IN PPRIVILEGE_SET RequiredPrivileges,\r
+ IN PBOOLEAN Result\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtPrivilegedServiceAuditAlarm(\r
+ IN PUNICODE_STRING SubsystemName,\r
+ IN PUNICODE_STRING ServiceName,\r
+ IN HANDLE ClientToken,\r
+ IN PPRIVILEGE_SET Privileges,\r
+ IN BOOLEAN AccessGranted\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwPrivilegedServiceAuditAlarm(\r
+ IN PUNICODE_STRING SubsystemName, \r
+ IN PUNICODE_STRING ServiceName, \r
+ IN HANDLE ClientToken,\r
+ IN PPRIVILEGE_SET Privileges, \r
+ IN BOOLEAN AccessGranted \r
+ ); \r
+\r
+NTSTATUS\r
+STDCALL\r
+NtPrivilegeObjectAuditAlarm(\r
+ IN PUNICODE_STRING SubsystemName,\r
+ IN PVOID HandleId,\r
+ IN HANDLE ClientToken,\r
+ IN ULONG DesiredAccess,\r
+ IN PPRIVILEGE_SET Privileges,\r
+ IN BOOLEAN AccessGranted\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwPrivilegeObjectAuditAlarm(\r
+ IN PUNICODE_STRING SubsystemName,\r
+ IN PVOID HandleId,\r
+ IN HANDLE ClientToken,\r
+ IN ULONG DesiredAccess,\r
+ IN PPRIVILEGE_SET Privileges,\r
+ IN BOOLEAN AccessGranted\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Entry point for native applications\r
+ * ARGUMENTS:\r
+ * Peb = Pointes to the Process Environment Block (PEB)\r
+ * REMARKS:\r
+ * Native applications should use this function instead of a main.\r
+ * Calling proces should terminate itself.\r
+ * RETURNS: Status\r
+ */ \r
+VOID STDCALL\r
+NtProcessStartup(\r
+ IN PPEB Peb\r
+ );\r
+\r
+\r
+/*\r
+ * FUNCTION: Signals an event and resets it afterwards.\r
+ * ARGUMENTS:\r
+ * EventHandle = Handle to the event\r
+ * PulseCount = Number of times the action is repeated\r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtPulseEvent(\r
+ IN HANDLE EventHandle,\r
+ IN PULONG PulseCount OPTIONAL\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwPulseEvent(\r
+ IN HANDLE EventHandle,\r
+ IN PULONG PulseCount OPTIONAL\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Queries the attributes of a file\r
+ * ARGUMENTS:\r
+ * ObjectAttributes = Initialized attributes for the object\r
+ * Buffer = Caller supplies storage for the attributes\r
+ * RETURNS: Status\r
+ */\r
+\r
+NTSTATUS STDCALL\r
+NtQueryAttributesFile(IN POBJECT_ATTRIBUTES ObjectAttributes,\r
+ OUT PFILE_BASIC_INFORMATION FileInformation);\r
+\r
+NTSTATUS STDCALL\r
+ZwQueryAttributesFile(IN POBJECT_ATTRIBUTES ObjectAttributes,\r
+ OUT PFILE_BASIC_INFORMATION FileInformation);\r
+\r
+/*\r
+ * FUNCTION: Queries the default locale id\r
+ * ARGUMENTS:\r
+ * UserProfile = Type of locale id\r
+ * TRUE: thread locale id\r
+ * FALSE: system locale id\r
+ * DefaultLocaleId = Caller supplies storage for the locale id\r
+ * RETURNS: Status\r
+ */\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtQueryDefaultLocale(\r
+ IN BOOLEAN UserProfile,\r
+ OUT PLCID DefaultLocaleId\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwQueryDefaultLocale(\r
+ IN BOOLEAN UserProfile,\r
+ OUT PLCID DefaultLocaleId\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Queries a directory file.\r
+ * ARGUMENTS:\r
+ * FileHandle = Handle to a directory file\r
+ * EventHandle = Handle to the event signaled on completion\r
+ * ApcRoutine = Asynchroneous procedure callback, called on completion\r
+ * ApcContext = Argument to the apc.\r
+ * IoStatusBlock = Caller supplies storage for extended status information.\r
+ * FileInformation = Caller supplies storage for the resulting information.\r
+ *\r
+ * FileNameInformation FILE_NAMES_INFORMATION\r
+ * FileDirectoryInformation FILE_DIRECTORY_INFORMATION\r
+ * FileFullDirectoryInformation FILE_FULL_DIRECTORY_INFORMATION\r
+ * FileBothDirectoryInformation FILE_BOTH_DIR_INFORMATION\r
+ *\r
+ * Length = Size of the storage supplied\r
+ * FileInformationClass = Indicates the type of information requested. \r
+ * ReturnSingleEntry = Specify true if caller only requests the first directory found.\r
+ * FileName = Initial directory name to query, that may contain wild cards.\r
+ * RestartScan = Number of times the action should be repeated\r
+ * RETURNS: Status [ STATUS_SUCCESS, STATUS_ACCESS_DENIED, STATUS_INSUFFICIENT_RESOURCES,\r
+ * STATUS_INVALID_PARAMETER, STATUS_INVALID_DEVICE_REQUEST, STATUS_BUFFER_OVERFLOW,\r
+ * STATUS_INVALID_INFO_CLASS, STATUS_NO_SUCH_FILE, STATUS_NO_MORE_FILES ]\r
+ */\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtQueryDirectoryFile(\r
+ IN HANDLE FileHandle,\r
+ IN HANDLE Event OPTIONAL,\r
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,\r
+ IN PVOID ApcContext OPTIONAL,\r
+ OUT PIO_STATUS_BLOCK IoStatusBlock,\r
+ OUT PVOID FileInformation,\r
+ IN ULONG Length,\r
+ IN FILE_INFORMATION_CLASS FileInformationClass,\r
+ IN BOOLEAN ReturnSingleEntry,\r
+ IN PUNICODE_STRING FileName OPTIONAL,\r
+ IN BOOLEAN RestartScan\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwQueryDirectoryFile(\r
+ IN HANDLE FileHandle,\r
+ IN HANDLE Event OPTIONAL,\r
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,\r
+ IN PVOID ApcContext OPTIONAL,\r
+ OUT PIO_STATUS_BLOCK IoStatusBlock,\r
+ OUT PVOID FileInformation,\r
+ IN ULONG Length,\r
+ IN FILE_INFORMATION_CLASS FileInformationClass,\r
+ IN BOOLEAN ReturnSingleEntry,\r
+ IN PUNICODE_STRING FileName OPTIONAL,\r
+ IN BOOLEAN RestartScan\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Queries the extended attributes of a file\r
+ * ARGUMENTS:\r
+ * FileHandle = Handle to the event\r
+ * IoStatusBlock = Number of times the action is repeated\r
+ * Buffer\r
+ * Length\r
+ * ReturnSingleEntry\r
+ * EaList\r
+ * EaListLength\r
+ * EaIndex\r
+ * RestartScan\r
+ * RETURNS: Status\r
+ */\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtQueryEaFile(\r
+ IN HANDLE FileHandle,\r
+ OUT PIO_STATUS_BLOCK IoStatusBlock,\r
+ OUT PVOID Buffer,\r
+ IN ULONG Length,\r
+ IN BOOLEAN ReturnSingleEntry,\r
+ IN PVOID EaList OPTIONAL,\r
+ IN ULONG EaListLength,\r
+ IN PULONG EaIndex OPTIONAL,\r
+ IN BOOLEAN RestartScan\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwQueryEaFile(\r
+ IN HANDLE FileHandle,\r
+ OUT PIO_STATUS_BLOCK IoStatusBlock,\r
+ OUT PVOID Buffer,\r
+ IN ULONG Length,\r
+ IN BOOLEAN ReturnSingleEntry,\r
+ IN PVOID EaList OPTIONAL,\r
+ IN ULONG EaListLength,\r
+ IN PULONG EaIndex OPTIONAL,\r
+ IN BOOLEAN RestartScan\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Queries an event\r
+ * ARGUMENTS:\r
+ * EventHandle = Handle to the event\r
+ * EventInformationClass = Index of the information structure\r
+ \r
+ EventBasicInformation EVENT_BASIC_INFORMATION\r
+\r
+ * EventInformation = Caller supplies storage for the information structure\r
+ * EventInformationLength = Size of the information structure\r
+ * ReturnLength = Data written\r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtQueryEvent(\r
+ IN HANDLE EventHandle,\r
+ IN EVENT_INFORMATION_CLASS EventInformationClass,\r
+ OUT PVOID EventInformation,\r
+ IN ULONG EventInformationLength,\r
+ OUT PULONG ReturnLength\r
+ );\r
+NTSTATUS\r
+STDCALL\r
+ZwQueryEvent(\r
+ IN HANDLE EventHandle,\r
+ IN EVENT_INFORMATION_CLASS EventInformationClass,\r
+ OUT PVOID EventInformation,\r
+ IN ULONG EventInformationLength,\r
+ OUT PULONG ReturnLength\r
+ );\r
+\r
+NTSTATUS STDCALL\r
+NtQueryFullAttributesFile(IN POBJECT_ATTRIBUTES ObjectAttributes,\r
+ OUT PFILE_NETWORK_OPEN_INFORMATION FileInformation);\r
+\r
+NTSTATUS STDCALL\r
+ZwQueryFullAttributesFile(IN POBJECT_ATTRIBUTES ObjectAttributes,\r
+ OUT PFILE_NETWORK_OPEN_INFORMATION FileInformation);\r
+\r
+/*\r
+ * FUNCTION: Queries the information of a file object.\r
+ * ARGUMENTS: \r
+ * FileHandle = Handle to the file object\r
+ * IoStatusBlock = Caller supplies storage for extended information \r
+ * on the current operation.\r
+ * FileInformation = Storage for the new file information\r
+ * Lenght = Size of the storage for the file information.\r
+ * FileInformationClass = Indicates which file information is queried\r
+\r
+ FileDirectoryInformation FILE_DIRECTORY_INFORMATION\r
+ FileFullDirectoryInformation FILE_FULL_DIRECTORY_INFORMATION\r
+ FileBothDirectoryInformation FILE_BOTH_DIRECTORY_INFORMATION\r
+ FileBasicInformation FILE_BASIC_INFORMATION\r
+ FileStandardInformation FILE_STANDARD_INFORMATION\r
+ FileInternalInformation FILE_INTERNAL_INFORMATION\r
+ FileEaInformation FILE_EA_INFORMATION\r
+ FileAccessInformation FILE_ACCESS_INFORMATION\r
+ FileNameInformation FILE_NAME_INFORMATION\r
+ FileRenameInformation FILE_RENAME_INFORMATION\r
+ FileLinkInformation \r
+ FileNamesInformation FILE_NAMES_INFORMATION\r
+ FileDispositionInformation FILE_DISPOSITION_INFORMATION\r
+ FilePositionInformation FILE_POSITION_INFORMATION\r
+ FileFullEaInformation FILE_FULL_EA_INFORMATION \r
+ FileModeInformation FILE_MODE_INFORMATION\r
+ FileAlignmentInformation FILE_ALIGNMENT_INFORMATION\r
+ FileAllInformation FILE_ALL_INFORMATION\r
+\r
+ FileEndOfFileInformation FILE_END_OF_FILE_INFORMATION\r
+ FileAlternateNameInformation \r
+ FileStreamInformation FILE_STREAM_INFORMATION\r
+ FilePipeInformation \r
+ FilePipeLocalInformation \r
+ FilePipeRemoteInformation \r
+ FileMailslotQueryInformation \r
+ FileMailslotSetInformation \r
+ FileCompressionInformation FILE_COMPRESSION_INFORMATION \r
+ FileCopyOnWriteInformation \r
+ FileCompletionInformation IO_COMPLETION_CONTEXT\r
+ FileMoveClusterInformation \r
+ FileOleClassIdInformation \r
+ FileOleStateBitsInformation \r
+ FileNetworkOpenInformation FILE_NETWORK_OPEN_INFORMATION\r
+ FileObjectIdInformation \r
+ FileOleAllInformation \r
+ FileOleDirectoryInformation \r
+ FileContentIndexInformation \r
+ FileInheritContentIndexInformation \r
+ FileOleInformation \r
+ FileMaximumInformation \r
+\r
+ * REMARK:\r
+ * This procedure maps to the win32 GetShortPathName, GetLongPathName,\r
+ GetFullPathName, GetFileType, GetFileSize, GetFileTime functions. \r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtQueryInformationFile(\r
+ IN HANDLE FileHandle,\r
+ OUT PIO_STATUS_BLOCK IoStatusBlock,\r
+ OUT PVOID FileInformation,\r
+ IN ULONG Length,\r
+ IN FILE_INFORMATION_CLASS FileInformationClass\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwQueryInformationFile(\r
+ HANDLE FileHandle,\r
+ PIO_STATUS_BLOCK IoStatusBlock,\r
+ PVOID FileInformation,\r
+ ULONG Length,\r
+ FILE_INFORMATION_CLASS FileInformationClass\r
+ );\r
+\r
+\r
+/*\r
+ * FUNCTION: Queries the information of a thread object.\r
+ * ARGUMENTS: \r
+ * ThreadHandle = Handle to the thread object\r
+ * ThreadInformationClass = Index to a certain information structure\r
+\r
+ ThreadBasicInformation THREAD_BASIC_INFORMATION \r
+ ThreadTimes KERNEL_USER_TIMES\r
+ ThreadPriority KPRIORITY \r
+ ThreadBasePriority KPRIORITY \r
+ ThreadAffinityMask KAFFINITY \r
+ ThreadImpersonationToken \r
+ ThreadDescriptorTableEntry \r
+ ThreadEnableAlignmentFaultFixup \r
+ ThreadEventPair \r
+ ThreadQuerySetWin32StartAddress \r
+ ThreadZeroTlsCell \r
+ ThreadPerformanceCount \r
+ ThreadAmILastThread BOOLEAN\r
+ ThreadIdealProcessor ULONG\r
+ ThreadPriorityBoost ULONG \r
+ MaxThreadInfoClass \r
+ \r
+\r
+ * ThreadInformation = Caller supplies torage for the thread information\r
+ * ThreadInformationLength = Size of the thread information structure\r
+ * ReturnLength = Actual number of bytes written\r
+ \r
+ * REMARK:\r
+ * This procedure maps to the win32 GetThreadTimes, GetThreadPriority,\r
+ GetThreadPriorityBoost functions. \r
+ * RETURNS: Status\r
+*/\r
+\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtQueryInformationThread(\r
+ IN HANDLE ThreadHandle,\r
+ IN THREADINFOCLASS ThreadInformationClass,\r
+ OUT PVOID ThreadInformation,\r
+ IN ULONG ThreadInformationLength,\r
+ OUT PULONG ReturnLength \r
+ );\r
+\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtQueryInformationToken(\r
+ IN HANDLE TokenHandle,\r
+ IN TOKEN_INFORMATION_CLASS TokenInformationClass,\r
+ OUT PVOID TokenInformation,\r
+ IN ULONG TokenInformationLength,\r
+ OUT PULONG ReturnLength\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwQueryInformationToken(\r
+ IN HANDLE TokenHandle,\r
+ IN TOKEN_INFORMATION_CLASS TokenInformationClass,\r
+ OUT PVOID TokenInformation,\r
+ IN ULONG TokenInformationLength,\r
+ OUT PULONG ReturnLength\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtQueryIoCompletion(\r
+ IN HANDLE CompletionPort,\r
+ IN ULONG CompletionKey,\r
+ OUT PIO_STATUS_BLOCK IoStatusBlock,\r
+ OUT PULONG NumberOfBytesTransferred\r
+ );\r
+NTSTATUS\r
+STDCALL\r
+ZwQueryIoCompletion(\r
+ IN HANDLE CompletionPort,\r
+ IN ULONG CompletionKey,\r
+ OUT PIO_STATUS_BLOCK IoStatusBlock,\r
+ OUT PULONG NumberOfBytesTransferred\r
+ );\r
+\r
+\r
+/*\r
+ * FUNCTION: Queries the information of a registry key object.\r
+ * ARGUMENTS: \r
+ KeyHandle = Handle to a registry key\r
+ KeyInformationClass = Index to a certain information structure\r
+ KeyInformation = Caller supplies storage for resulting information\r
+ Length = Size of the supplied storage \r
+ ResultLength = Bytes written\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtQueryKey(\r
+ IN HANDLE KeyHandle,\r
+ IN KEY_INFORMATION_CLASS KeyInformationClass,\r
+ OUT PVOID KeyInformation,\r
+ IN ULONG Length,\r
+ OUT PULONG ResultLength\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwQueryKey(\r
+ IN HANDLE KeyHandle,\r
+ IN KEY_INFORMATION_CLASS KeyInformationClass,\r
+ OUT PVOID KeyInformation,\r
+ IN ULONG Length,\r
+ OUT PULONG ResultLength\r
+ );\r
+\r
+\r
+// draft\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtQueryMultipleValueKey(\r
+ IN HANDLE KeyHandle,\r
+ IN OUT PKEY_VALUE_ENTRY ValueList,\r
+ IN ULONG NumberOfValues,\r
+ OUT PVOID Buffer,\r
+ IN OUT PULONG Length,\r
+ OUT PULONG ReturnLength\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwQueryMultipleValueKey(\r
+ IN HANDLE KeyHandle,\r
+ IN OUT PKEY_VALUE_ENTRY ValueList,\r
+ IN ULONG NumberOfValues,\r
+ OUT PVOID Buffer,\r
+ IN OUT PULONG Length,\r
+ OUT PULONG ReturnLength\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Queries the information of a mutant object.\r
+ * ARGUMENTS: \r
+ MutantHandle = Handle to a mutant\r
+ MutantInformationClass = Index to a certain information structure\r
+ MutantInformation = Caller supplies storage for resulting information\r
+ Length = Size of the supplied storage \r
+ ResultLength = Bytes written\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtQueryMutant(\r
+ IN HANDLE MutantHandle,\r
+ IN CINT MutantInformationClass,\r
+ OUT PVOID MutantInformation,\r
+ IN ULONG Length,\r
+ OUT PULONG ResultLength\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwQueryMutant(\r
+ IN HANDLE MutantHandle,\r
+ IN CINT MutantInformationClass,\r
+ OUT PVOID MutantInformation,\r
+ IN ULONG Length,\r
+ OUT PULONG ResultLength\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Queries the system ( high-resolution ) performance counter.\r
+ * ARGUMENTS: \r
+ * Counter = Performance counter\r
+ * Frequency = Performance frequency\r
+ * REMARKS:\r
+ This procedure queries a tick count faster than 10ms ( The resolution for Intel®-based CPUs is about 0.8 microseconds.)\r
+ This procedure maps to the win32 QueryPerformanceCounter, QueryPerformanceFrequency \r
+ * RETURNS: Status\r
+ *\r
+*/\r
+NTSTATUS\r
+STDCALL\r
+NtQueryPerformanceCounter(\r
+ IN PLARGE_INTEGER Counter,\r
+ IN PLARGE_INTEGER Frequency\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwQueryPerformanceCounter(\r
+ IN PLARGE_INTEGER Counter,\r
+ IN PLARGE_INTEGER Frequency\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Queries the information of a semaphore.\r
+ * ARGUMENTS: \r
+ * SemaphoreHandle = Handle to the semaphore object\r
+ * SemaphoreInformationClass = Index to a certain information structure\r
+\r
+ SemaphoreBasicInformation SEMAPHORE_BASIC_INFORMATION\r
+\r
+ * SemaphoreInformation = Caller supplies storage for the semaphore information structure\r
+ * Length = Size of the infomation structure\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtQuerySemaphore(\r
+ IN HANDLE SemaphoreHandle,\r
+ IN SEMAPHORE_INFORMATION_CLASS SemaphoreInformationClass,\r
+ OUT PVOID SemaphoreInformation,\r
+ IN ULONG Length,\r
+ OUT PULONG ReturnLength\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwQuerySemaphore(\r
+ IN HANDLE SemaphoreHandle,\r
+ IN SEMAPHORE_INFORMATION_CLASS SemaphoreInformationClass,\r
+ OUT PVOID SemaphoreInformation,\r
+ IN ULONG Length,\r
+ OUT PULONG ReturnLength\r
+ );\r
+\r
+\r
+/*\r
+ * FUNCTION: Queries the information of a symbolic link object.\r
+ * ARGUMENTS: \r
+ * SymbolicLinkHandle = Handle to the symbolic link object\r
+ * LinkTarget = resolved name of link\r
+ * DataWritten = size of the LinkName.\r
+ * RETURNS: Status\r
+ *\r
+*/\r
+NTSTATUS\r
+STDCALL\r
+NtQuerySymbolicLinkObject(\r
+ IN HANDLE SymLinkObjHandle,\r
+ OUT PUNICODE_STRING LinkTarget,\r
+ OUT PULONG DataWritten OPTIONAL\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwQuerySymbolicLinkObject(\r
+ IN HANDLE SymLinkObjHandle,\r
+ OUT PUNICODE_STRING LinkName,\r
+ OUT PULONG DataWritten OPTIONAL\r
+ ); \r
+\r
+\r
+/*\r
+ * FUNCTION: Queries a system environment variable.\r
+ * ARGUMENTS: \r
+ * Name = Name of the variable\r
+ * Value (OUT) = value of the variable\r
+ * Length = size of the buffer\r
+ * ReturnLength = data written\r
+ * RETURNS: Status\r
+ *\r
+*/\r
+NTSTATUS\r
+STDCALL\r
+NtQuerySystemEnvironmentValue(\r
+ IN PUNICODE_STRING Name,\r
+ OUT PVOID Value,\r
+ ULONG Length,\r
+ PULONG ReturnLength\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwQuerySystemEnvironmentValue(\r
+ IN PUNICODE_STRING Name,\r
+ OUT PVOID Value,\r
+ ULONG Length,\r
+ PULONG ReturnLength\r
+ );\r
+\r
+\r
+/*\r
+ * FUNCTION: Queries the system information.\r
+ * ARGUMENTS: \r
+ * SystemInformationClass = Index to a certain information structure\r
+\r
+ SystemTimeAdjustmentInformation SYSTEM_TIME_ADJUSTMENT\r
+ SystemCacheInformation SYSTEM_CACHE_INFORMATION\r
+ SystemConfigurationInformation CONFIGURATION_INFORMATION\r
+\r
+ * SystemInformation = caller supplies storage for the information structure\r
+ * Length = size of the structure\r
+ ResultLength = Data written\r
+ * RETURNS: Status\r
+ *\r
+*/\r
+NTSTATUS\r
+STDCALL\r
+NtQuerySystemInformation(\r
+ IN SYSTEM_INFORMATION_CLASS SystemInformationClass,\r
+ OUT PVOID SystemInformation,\r
+ IN ULONG Length,\r
+ OUT PULONG ResultLength\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwQuerySystemInformation(\r
+ IN SYSTEM_INFORMATION_CLASS SystemInformationClass,\r
+ OUT PVOID SystemInformation,\r
+ IN ULONG Length,\r
+ OUT PULONG ResultLength\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Queries information about a timer\r
+ * ARGUMENTS: \r
+ * TimerHandle = Handle to the timer\r
+ TimerValueInformationClass = Index to a certain information structure\r
+ TimerValueInformation = Caller supplies storage for the information structure\r
+ Length = Size of the information structure\r
+ ResultLength = Data written\r
+ * RETURNS: Status\r
+ *\r
+*/ \r
+NTSTATUS\r
+STDCALL\r
+NtQueryTimer(\r
+ IN HANDLE TimerHandle,\r
+ IN CINT TimerInformationClass,\r
+ OUT PVOID TimerInformation,\r
+ IN ULONG Length,\r
+ OUT PULONG ResultLength\r
+ );\r
+NTSTATUS\r
+STDCALL\r
+ZwQueryTimer(\r
+ IN HANDLE TimerHandle,\r
+ IN CINT TimerInformationClass,\r
+ OUT PVOID TimerInformation,\r
+ IN ULONG Length,\r
+ OUT PULONG ResultLength\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Queries the timer resolution\r
+ * ARGUMENTS: \r
+ * MinimumResolution (OUT) = Caller should supply storage for the resulting time.\r
+ Maximum Resolution (OUT) = Caller should supply storage for the resulting time.\r
+ ActualResolution (OUT) = Caller should supply storage for the resulting time.\r
+ * RETURNS: Status\r
+ *\r
+*/ \r
+\r
+\r
+NTSTATUS\r
+STDCALL \r
+NtQueryTimerResolution ( \r
+ OUT PULONG MinimumResolution,\r
+ OUT PULONG MaximumResolution, \r
+ OUT PULONG ActualResolution \r
+ ); \r
+\r
+NTSTATUS\r
+STDCALL \r
+ZwQueryTimerResolution ( \r
+ OUT PULONG MinimumResolution,\r
+ OUT PULONG MaximumResolution, \r
+ OUT PULONG ActualResolution \r
+ ); \r
+\r
+/*\r
+ * FUNCTION: Queries a registry key value\r
+ * ARGUMENTS: \r
+ * KeyHandle = Handle to the registry key\r
+ ValueName = Name of the value in the registry key\r
+ KeyValueInformationClass = Index to a certain information structure\r
+\r
+ KeyValueBasicInformation = KEY_VALUE_BASIC_INFORMATION\r
+ KeyValueFullInformation = KEY_FULL_INFORMATION\r
+ KeyValuePartialInformation = KEY_VALUE_PARTIAL_INFORMATION\r
+\r
+ KeyValueInformation = Caller supplies storage for the information structure\r
+ Length = Size of the information structure\r
+ ResultLength = Data written\r
+ * RETURNS: Status\r
+ *\r
+*/ \r
+NTSTATUS\r
+STDCALL\r
+NtQueryValueKey(\r
+ IN HANDLE KeyHandle,\r
+ IN PUNICODE_STRING ValueName,\r
+ IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass,\r
+ OUT PVOID KeyValueInformation,\r
+ IN ULONG Length,\r
+ OUT PULONG ResultLength\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwQueryValueKey(\r
+ IN HANDLE KeyHandle,\r
+ IN PUNICODE_STRING ValueName,\r
+ IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass,\r
+ OUT PVOID KeyValueInformation,\r
+ IN ULONG Length,\r
+ OUT PULONG ResultLength\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Queries the volume information\r
+ * ARGUMENTS: \r
+ * FileHandle = Handle to a file object on the target volume\r
+ * IoStatusBlock = Caller should supply storage for additional status information\r
+ * ReturnLength = DataWritten\r
+ * FsInformation = Caller should supply storage for the information structure.\r
+ * Length = Size of the information structure\r
+ * FsInformationClass = Index to a information structure\r
+\r
+ FileFsVolumeInformation FILE_FS_VOLUME_INFORMATION\r
+ FileFsLabelInformation FILE_FS_LABEL_INFORMATION \r
+ FileFsSizeInformation FILE_FS_SIZE_INFORMATION\r
+ FileFsDeviceInformation FILE_FS_DEVICE_INFORMATION\r
+ FileFsAttributeInformation FILE_FS_ATTRIBUTE_INFORMATION\r
+ FileFsControlInformation \r
+ FileFsQuotaQueryInformation --\r
+ FileFsQuotaSetInformation --\r
+ FileFsMaximumInformation \r
+\r
+ * RETURNS: Status [ STATUS_SUCCESS | STATUS_INSUFFICIENT_RESOURCES | STATUS_INVALID_PARAMETER |\r
+ STATUS_INVALID_DEVICE_REQUEST | STATUS_BUFFER_OVERFLOW ]\r
+ *\r
+*/\r
+NTSTATUS\r
+STDCALL\r
+NtQueryVolumeInformationFile(\r
+ IN HANDLE FileHandle,\r
+ OUT PIO_STATUS_BLOCK IoStatusBlock,\r
+ OUT PVOID FsInformation,\r
+ IN ULONG Length,\r
+ IN FS_INFORMATION_CLASS FsInformationClass \r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwQueryVolumeInformationFile(\r
+ IN HANDLE FileHandle,\r
+ OUT PIO_STATUS_BLOCK IoStatusBlock,\r
+ OUT PVOID FsInformation,\r
+ IN ULONG Length,\r
+ IN FS_INFORMATION_CLASS FsInformationClass\r
+ );\r
+// draft\r
+// FIXME: Should I specify if the apc is user or kernel mode somewhere ??\r
+/*\r
+ * FUNCTION: Queues a (user) apc to a thread.\r
+ * ARGUMENTS: \r
+ ThreadHandle = Thread to which the apc is queued.\r
+ ApcRoutine = Points to the apc routine\r
+ NormalContext = Argument to Apc Routine\r
+ * SystemArgument1 = Argument of the Apc Routine\r
+ SystemArgument2 = Argument of the Apc Routine\r
+ * REMARK: If the apc is queued against a thread of a different process than the calling thread\r
+ the apc routine should be specified in the address space of the queued thread's process.\r
+ * RETURNS: Status\r
+*/\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtQueueApcThread(\r
+ HANDLE ThreadHandle,\r
+ PKNORMAL_ROUTINE ApcRoutine,\r
+ PVOID NormalContext,\r
+ PVOID SystemArgument1,\r
+ PVOID SystemArgument2);\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwQueueApcThread(\r
+ HANDLE ThreadHandle,\r
+ PKNORMAL_ROUTINE ApcRoutine,\r
+ PVOID NormalContext,\r
+ PVOID SystemArgument1,\r
+ PVOID SystemArgument2);\r
+\r
+\r
+/*\r
+ * FUNCTION: Raises an exception\r
+ * ARGUMENTS:\r
+ * ExceptionRecord = Structure specifying the exception\r
+ * Context = Context in which the excpetion is raised \r
+ * IsDebugger = \r
+ * RETURNS: Status\r
+ *\r
+*/\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtRaiseException(\r
+ IN PEXCEPTION_RECORD ExceptionRecord,\r
+ IN PCONTEXT Context,\r
+ IN BOOLEAN SearchFrames\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwRaiseException(\r
+ IN PEXCEPTION_RECORD ExceptionRecord,\r
+ IN PCONTEXT Context,\r
+ IN BOOLEAN SearchFrames\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Read a file\r
+ * ARGUMENTS:\r
+ * FileHandle = Handle of a file to read\r
+ * Event = This event is signalled when the read operation completes\r
+ * UserApcRoutine = Call back , if supplied Event should be NULL\r
+ * UserApcContext = Argument to the callback\r
+ * IoStatusBlock = Caller should supply storage for additional status information\r
+ * Buffer = Caller should supply storage to receive the information\r
+ * BufferLength = Size of the buffer\r
+ * ByteOffset = Offset to start reading the file\r
+ * Key = If a range is lock a matching key will allow the read to continue.\r
+ * RETURNS: Status\r
+ *\r
+ */\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtReadFile(\r
+ IN HANDLE FileHandle,\r
+ IN HANDLE Event OPTIONAL,\r
+ IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL,\r
+ IN PVOID UserApcContext OPTIONAL,\r
+ OUT PIO_STATUS_BLOCK IoStatusBlock,\r
+ OUT PVOID Buffer,\r
+ IN ULONG BufferLength,\r
+ IN PLARGE_INTEGER ByteOffset OPTIONAL,\r
+ IN PULONG Key OPTIONAL \r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwReadFile(\r
+ IN HANDLE FileHandle,\r
+ IN HANDLE Event OPTIONAL,\r
+ IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL,\r
+ IN PVOID UserApcContext OPTIONAL,\r
+ OUT PIO_STATUS_BLOCK IoStatusBlock,\r
+ OUT PVOID Buffer,\r
+ IN ULONG BufferLength,\r
+ IN PLARGE_INTEGER ByteOffset OPTIONAL,\r
+ IN PULONG Key OPTIONAL \r
+ );\r
+/*\r
+ * FUNCTION: Read a file using scattered io\r
+ * ARGUMENTS: \r
+ FileHandle = Handle of a file to read\r
+ Event = This event is signalled when the read operation completes\r
+ * UserApcRoutine = Call back , if supplied Event should be NULL\r
+ UserApcContext = Argument to the callback\r
+ IoStatusBlock = Caller should supply storage for additional status information\r
+ BufferDescription = Caller should supply storage to receive the information\r
+ BufferLength = Size of the buffer\r
+ ByteOffset = Offset to start reading the file\r
+ Key = Key = If a range is lock a matching key will allow the read to continue.\r
+ * RETURNS: Status\r
+ *\r
+*/ \r
+NTSTATUS\r
+STDCALL\r
+NtReadFileScatter( \r
+ IN HANDLE FileHandle, \r
+ IN HANDLE Event OPTIONAL, \r
+ IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL, \r
+ IN PVOID UserApcContext OPTIONAL, \r
+ OUT PIO_STATUS_BLOCK UserIoStatusBlock, \r
+ IN FILE_SEGMENT_ELEMENT BufferDescription[], \r
+ IN ULONG BufferLength, \r
+ IN PLARGE_INTEGER ByteOffset, \r
+ IN PULONG Key OPTIONAL \r
+ ); \r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwReadFileScatter( \r
+ IN HANDLE FileHandle, \r
+ IN HANDLE Event OPTIONAL, \r
+ IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL, \r
+ IN PVOID UserApcContext OPTIONAL, \r
+ OUT PIO_STATUS_BLOCK UserIoStatusBlock, \r
+ IN FILE_SEGMENT_ELEMENT BufferDescription[], \r
+ IN ULONG BufferLength, \r
+ IN PLARGE_INTEGER ByteOffset, \r
+ IN PULONG Key OPTIONAL \r
+ ); \r
+/*\r
+ * FUNCTION: Copies a range of virtual memory to a buffer\r
+ * ARGUMENTS: \r
+ * ProcessHandle = Specifies the process owning the virtual address space\r
+ * BaseAddress = Points to the address of virtual memory to start the read\r
+ * Buffer = Caller supplies storage to copy the virtual memory to.\r
+ * NumberOfBytesToRead = Limits the range to read\r
+ * NumberOfBytesRead = The actual number of bytes read.\r
+ * RETURNS: Status\r
+ */\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtReadVirtualMemory( \r
+ IN HANDLE ProcessHandle,\r
+ IN PVOID BaseAddress,\r
+ OUT PVOID Buffer,\r
+ IN ULONG NumberOfBytesToRead,\r
+ OUT PULONG NumberOfBytesRead\r
+ ); \r
+NTSTATUS\r
+STDCALL\r
+ZwReadVirtualMemory( \r
+ IN HANDLE ProcessHandle,\r
+ IN PVOID BaseAddress,\r
+ OUT PVOID Buffer,\r
+ IN ULONG NumberOfBytesToRead,\r
+ OUT PULONG NumberOfBytesRead\r
+ ); \r
+ \r
+\r
+/*\r
+ * FUNCTION: Debugger can register for thread termination\r
+ * ARGUMENTS: \r
+ * TerminationPort = Port on which the debugger likes to be notified.\r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS\r
+STDCALL \r
+NtRegisterThreadTerminatePort(\r
+ HANDLE TerminationPort\r
+ );\r
+NTSTATUS\r
+STDCALL \r
+ZwRegisterThreadTerminatePort(\r
+ HANDLE TerminationPort\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Releases a mutant\r
+ * ARGUMENTS: \r
+ * MutantHandle = Handle to the mutant\r
+ * ReleaseCount = \r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS\r
+STDCALL \r
+NtReleaseMutant(\r
+ IN HANDLE MutantHandle,\r
+ IN PULONG ReleaseCount OPTIONAL\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL \r
+ZwReleaseMutant(\r
+ IN HANDLE MutantHandle,\r
+ IN PULONG ReleaseCount OPTIONAL\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Releases a semaphore\r
+ * ARGUMENTS: \r
+ * SemaphoreHandle = Handle to the semaphore object\r
+ * ReleaseCount = Number to decrease the semaphore count\r
+ * PreviousCount = Previous semaphore count\r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtReleaseSemaphore(\r
+ IN HANDLE SemaphoreHandle,\r
+ IN LONG ReleaseCount,\r
+ OUT PLONG PreviousCount\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwReleaseSemaphore(\r
+ IN HANDLE SemaphoreHandle,\r
+ IN LONG ReleaseCount,\r
+ OUT PLONG PreviousCount\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Removes an io completion\r
+ * ARGUMENTS:\r
+ * CompletionPort (OUT) = Caller supplied storage for the resulting handle\r
+ * CompletionKey = Requested access to the key\r
+ * IoStatusBlock = Caller provides storage for extended status information\r
+ * CompletionStatus = Current status of the io operation.\r
+ * WaitTime = Time to wait if ..\r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtRemoveIoCompletion(\r
+ IN HANDLE CompletionPort,\r
+ OUT PULONG CompletionKey,\r
+ OUT PIO_STATUS_BLOCK IoStatusBlock,\r
+ OUT PULONG CompletionStatus,\r
+ IN PLARGE_INTEGER WaitTime \r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwRemoveIoCompletion(\r
+ IN HANDLE CompletionPort,\r
+ OUT PULONG CompletionKey,\r
+ OUT PIO_STATUS_BLOCK IoStatusBlock,\r
+ OUT PULONG CompletionStatus,\r
+ IN PLARGE_INTEGER WaitTime \r
+ );\r
+/*\r
+ * FUNCTION: Replaces one registry key with another\r
+ * ARGUMENTS: \r
+ * ObjectAttributes = Specifies the attributes of the key\r
+ * Key = Handle to the key\r
+ * ReplacedObjectAttributes = The function returns the old object attributes\r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtReplaceKey(\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes, \r
+ IN HANDLE Key,\r
+ IN POBJECT_ATTRIBUTES ReplacedObjectAttributes \r
+ );\r
+NTSTATUS\r
+STDCALL\r
+ZwReplaceKey(\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes, \r
+ IN HANDLE Key,\r
+ IN POBJECT_ATTRIBUTES ReplacedObjectAttributes \r
+ );\r
+\r
+/*\r
+ * FUNCTION: Resets a event to a non signaled state \r
+ * ARGUMENTS: \r
+ * EventHandle = Handle to the event that should be reset\r
+ * NumberOfWaitingThreads = The number of threads released.\r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtResetEvent(\r
+ HANDLE EventHandle,\r
+ PULONG NumberOfWaitingThreads OPTIONAL\r
+ );\r
+NTSTATUS\r
+STDCALL\r
+ZwResetEvent(\r
+ HANDLE EventHandle,\r
+ PULONG NumberOfWaitingThreads OPTIONAL\r
+ );\r
+//draft\r
+NTSTATUS\r
+STDCALL\r
+NtRestoreKey(\r
+ HANDLE KeyHandle,\r
+ HANDLE FileHandle,\r
+ ULONG RestoreFlags\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwRestoreKey(\r
+ HANDLE KeyHandle,\r
+ HANDLE FileHandle,\r
+ ULONG RestoreFlags\r
+ );\r
+/*\r
+ * FUNCTION: Decrements a thread's resume count\r
+ * ARGUMENTS: \r
+ * ThreadHandle = Handle to the thread that should be resumed\r
+ * ResumeCount = The resulting resume count.\r
+ * REMARK:\r
+ * A thread is resumed if its suspend count is 0. This procedure maps to\r
+ * the win32 ResumeThread function. ( documentation about the the suspend count can be found here aswell )\r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtResumeThread(\r
+ IN HANDLE ThreadHandle,\r
+ OUT PULONG SuspendCount\r
+ );\r
+NTSTATUS\r
+STDCALL\r
+ZwResumeThread(\r
+ IN HANDLE ThreadHandle,\r
+ OUT PULONG SuspendCount\r
+ );\r
+/*\r
+ * FUNCTION: Writes the content of a registry key to ascii file\r
+ * ARGUMENTS: \r
+ * KeyHandle = Handle to the key\r
+ * FileHandle = Handle of the file\r
+ * REMARKS:\r
+ This function maps to the Win32 RegSaveKey.\r
+ * RETURNS: Status\r
+ */\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtSaveKey(\r
+ IN HANDLE KeyHandle,\r
+ IN HANDLE FileHandle\r
+ );\r
+NTSTATUS\r
+STDCALL\r
+ZwSaveKey(\r
+ IN HANDLE KeyHandle,\r
+ IN HANDLE FileHandle\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Sets the context of a specified thread.\r
+ * ARGUMENTS: \r
+ * ThreadHandle = Handle to the thread\r
+ * Context = The processor context.\r
+ * RETURNS: Status\r
+ */\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtSetContextThread(\r
+ IN HANDLE ThreadHandle,\r
+ IN PCONTEXT Context\r
+ );\r
+NTSTATUS\r
+STDCALL\r
+ZwSetContextThread(\r
+ IN HANDLE ThreadHandle,\r
+ IN PCONTEXT Context\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Sets the default locale id\r
+ * ARGUMENTS:\r
+ * UserProfile = Type of locale id\r
+ * TRUE: thread locale id\r
+ * FALSE: system locale id\r
+ * DefaultLocaleId = Locale id\r
+ * RETURNS: Status\r
+ */\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtSetDefaultLocale(\r
+ IN BOOLEAN UserProfile,\r
+ IN LCID DefaultLocaleId\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwSetDefaultLocale(\r
+ IN BOOLEAN UserProfile,\r
+ IN LCID DefaultLocaleId\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Sets the default hard error port\r
+ * ARGUMENTS:\r
+ * PortHandle = Handle to the port\r
+ * NOTE: The hard error port is used for first change exception handling\r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtSetDefaultHardErrorPort(\r
+ IN HANDLE PortHandle\r
+ );\r
+NTSTATUS\r
+STDCALL\r
+ZwSetDefaultHardErrorPort(\r
+ IN HANDLE PortHandle\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Sets the extended attributes of a file.\r
+ * ARGUMENTS:\r
+ * FileHandle = Handle to the file\r
+ * IoStatusBlock = Storage for a resulting status and information\r
+ * on the current operation.\r
+ * EaBuffer = Extended Attributes buffer.\r
+ * EaBufferSize = Size of the extended attributes buffer\r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtSetEaFile(\r
+ IN HANDLE FileHandle,\r
+ IN PIO_STATUS_BLOCK IoStatusBlock,\r
+ PVOID EaBuffer,\r
+ ULONG EaBufferSize\r
+ );\r
+NTSTATUS\r
+STDCALL\r
+ZwSetEaFile(\r
+ IN HANDLE FileHandle,\r
+ IN PIO_STATUS_BLOCK IoStatusBlock,\r
+ PVOID EaBuffer,\r
+ ULONG EaBufferSize\r
+ );\r
+\r
+//FIXME: should I return the event state ?\r
+\r
+/*\r
+ * FUNCTION: Sets the event to a signalled state.\r
+ * ARGUMENTS: \r
+ * EventHandle = Handle to the event\r
+ * NumberOfThreadsReleased = The number of threads released\r
+ * REMARK:\r
+ * This procedure maps to the win32 SetEvent function. \r
+ * RETURNS: Status\r
+ */\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtSetEvent(\r
+ IN HANDLE EventHandle,\r
+ PULONG NumberOfThreadsReleased\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwSetEvent(\r
+ IN HANDLE EventHandle,\r
+ PULONG NumberOfThreadsReleased\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Sets the high part of an event pair\r
+ * ARGUMENTS: \r
+ EventPair = Handle to the event pair\r
+ * RETURNS: Status\r
+*/\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtSetHighEventPair(\r
+ IN HANDLE EventPairHandle\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwSetHighEventPair(\r
+ IN HANDLE EventPairHandle\r
+ );\r
+/*\r
+ * FUNCTION: Sets the high part of an event pair and wait for the low part\r
+ * ARGUMENTS: \r
+ EventPair = Handle to the event pair\r
+ * RETURNS: Status\r
+*/\r
+NTSTATUS\r
+STDCALL\r
+NtSetHighWaitLowEventPair(\r
+ IN HANDLE EventPairHandle\r
+ );\r
+NTSTATUS\r
+STDCALL\r
+ZwSetHighWaitLowEventPair(\r
+ IN HANDLE EventPairHandle\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Sets the information of a file object.\r
+ * ARGUMENTS: \r
+ * FileHandle = Handle to the file object\r
+ * IoStatusBlock = Caller supplies storage for extended information \r
+ * on the current operation.\r
+ * FileInformation = Storage for the new file information\r
+ * Lenght = Size of the new file information.\r
+ * FileInformationClass = Indicates to a certain information structure\r
+ \r
+ FileNameInformation FILE_NAME_INFORMATION\r
+ FileRenameInformation FILE_RENAME_INFORMATION\r
+ FileStreamInformation FILE_STREAM_INFORMATION\r
+ * FileCompletionInformation IO_COMPLETION_CONTEXT\r
+\r
+ * REMARK:\r
+ * This procedure maps to the win32 SetEndOfFile, SetFileAttributes, \r
+ * SetNamedPipeHandleState, SetMailslotInfo functions. \r
+ * RETURNS: Status\r
+ */\r
+\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtSetInformationFile(\r
+ IN HANDLE FileHandle,\r
+ IN PIO_STATUS_BLOCK IoStatusBlock,\r
+ IN PVOID FileInformation,\r
+ IN ULONG Length,\r
+ IN FILE_INFORMATION_CLASS FileInformationClass\r
+ );\r
+NTSTATUS\r
+STDCALL\r
+ZwSetInformationFile(\r
+ IN HANDLE FileHandle,\r
+ IN PIO_STATUS_BLOCK IoStatusBlock,\r
+ IN PVOID FileInformation,\r
+ IN ULONG Length,\r
+ IN FILE_INFORMATION_CLASS FileInformationClass\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Changes a set of thread specific parameters\r
+ * ARGUMENTS: \r
+ * ThreadHandle = Handle to the thread\r
+ * ThreadInformationClass = Index to the set of parameters to change. \r
+ * Can be one of the following values:\r
+ *\r
+ * ThreadBasicInformation THREAD_BASIC_INFORMATION\r
+ * ThreadPriority KPRIORITY //???\r
+ * ThreadBasePriority KPRIORITY\r
+ * ThreadAffinityMask KAFFINITY //??\r
+ * ThreadImpersonationToken ACCESS_TOKEN\r
+ * ThreadIdealProcessor ULONG\r
+ * ThreadPriorityBoost ULONG\r
+ *\r
+ * ThreadInformation = Caller supplies storage for parameters to set.\r
+ * ThreadInformationLength = Size of the storage supplied\r
+ * RETURNS: Status\r
+*/\r
+NTSTATUS\r
+STDCALL\r
+NtSetInformationThread(\r
+ IN HANDLE ThreadHandle,\r
+ IN THREADINFOCLASS ThreadInformationClass,\r
+ IN PVOID ThreadInformation,\r
+ IN ULONG ThreadInformationLength\r
+ );\r
+NTSTATUS\r
+STDCALL\r
+ZwSetInformationThread(\r
+ IN HANDLE ThreadHandle,\r
+ IN THREADINFOCLASS ThreadInformationClass,\r
+ IN PVOID ThreadInformation,\r
+ IN ULONG ThreadInformationLength\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Changes a set of token specific parameters\r
+ * ARGUMENTS: \r
+ * TokenHandle = Handle to the token\r
+ * TokenInformationClass = Index to a certain information structure. \r
+ * Can be one of the following values:\r
+ *\r
+ TokenUser TOKEN_USER \r
+ TokenGroups TOKEN_GROUPS\r
+ TokenPrivileges TOKEN_PRIVILEGES\r
+ TokenOwner TOKEN_OWNER\r
+ TokenPrimaryGroup TOKEN_PRIMARY_GROUP\r
+ TokenDefaultDacl TOKEN_DEFAULT_DACL\r
+ TokenSource TOKEN_SOURCE\r
+ TokenType TOKEN_TYPE\r
+ TokenImpersonationLevel TOKEN_IMPERSONATION_LEVEL\r
+ TokenStatistics TOKEN_STATISTICS\r
+ *\r
+ * TokenInformation = Caller supplies storage for information structure.\r
+ * TokenInformationLength = Size of the information structure\r
+ * RETURNS: Status\r
+*/\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtSetInformationToken(\r
+ IN HANDLE TokenHandle, \r
+ IN TOKEN_INFORMATION_CLASS TokenInformationClass,\r
+ OUT PVOID TokenInformation, \r
+ IN ULONG TokenInformationLength \r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwSetInformationToken(\r
+ IN HANDLE TokenHandle, \r
+ IN TOKEN_INFORMATION_CLASS TokenInformationClass,\r
+ OUT PVOID TokenInformation, \r
+ IN ULONG TokenInformationLength \r
+ );\r
+\r
+\r
+/*\r
+ * FUNCTION: Sets an io completion\r
+ * ARGUMENTS: \r
+ * CompletionPort = \r
+ * CompletionKey = \r
+ * IoStatusBlock =\r
+ * NumberOfBytesToTransfer =\r
+ * NumberOfBytesTransferred =\r
+ * RETURNS: Status\r
+*/\r
+NTSTATUS\r
+STDCALL\r
+NtSetIoCompletion(\r
+ IN HANDLE CompletionPort,\r
+ IN ULONG CompletionKey,\r
+ OUT PIO_STATUS_BLOCK IoStatusBlock,\r
+ IN ULONG NumberOfBytesToTransfer, \r
+ OUT PULONG NumberOfBytesTransferred\r
+ );\r
+NTSTATUS\r
+STDCALL\r
+ZwSetIoCompletion(\r
+ IN HANDLE CompletionPort,\r
+ IN ULONG CompletionKey,\r
+ OUT PIO_STATUS_BLOCK IoStatusBlock,\r
+ IN ULONG NumberOfBytesToTransfer, \r
+ OUT PULONG NumberOfBytesTransferred\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Set properties for profiling\r
+ * ARGUMENTS: \r
+ * Interval = \r
+ * ClockSource = \r
+ * RETURNS: Status\r
+ *\r
+ */\r
+\r
+NTSTATUS \r
+STDCALL\r
+NtSetIntervalProfile(\r
+ ULONG Interval,\r
+ KPROFILE_SOURCE ClockSource\r
+ );\r
+\r
+NTSTATUS \r
+STDCALL\r
+ZwSetIntervalProfile(\r
+ ULONG Interval,\r
+ KPROFILE_SOURCE ClockSource\r
+ );\r
+\r
+\r
+/*\r
+ * FUNCTION: Sets the low part of an event pair\r
+ * ARGUMENTS: \r
+ EventPair = Handle to the event pair\r
+ * RETURNS: Status\r
+*/\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtSetLowEventPair(\r
+ HANDLE EventPair\r
+ );\r
+NTSTATUS\r
+STDCALL\r
+ZwSetLowEventPair(\r
+ HANDLE EventPair\r
+ );\r
+/*\r
+ * FUNCTION: Sets the low part of an event pair and wait for the high part\r
+ * ARGUMENTS: \r
+ EventPair = Handle to the event pair\r
+ * RETURNS: Status\r
+*/\r
+NTSTATUS\r
+STDCALL\r
+NtSetLowWaitHighEventPair(\r
+ HANDLE EventPair\r
+ );\r
+NTSTATUS\r
+STDCALL\r
+ZwSetLowWaitHighEventPair(\r
+ HANDLE EventPair\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtSetSecurityObject(\r
+ IN HANDLE Handle, \r
+ IN SECURITY_INFORMATION SecurityInformation, \r
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor \r
+ ); \r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwSetSecurityObject(\r
+ IN HANDLE Handle, \r
+ IN SECURITY_INFORMATION SecurityInformation, \r
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor \r
+ ); \r
+\r
+\r
+/*\r
+ * FUNCTION: Sets a system environment variable\r
+ * ARGUMENTS: \r
+ * ValueName = Name of the environment variable\r
+ * Value = Value of the environment variable\r
+ * RETURNS: Status\r
+*/\r
+NTSTATUS\r
+STDCALL\r
+NtSetSystemEnvironmentValue(\r
+ IN PUNICODE_STRING VariableName,\r
+ IN PUNICODE_STRING Value\r
+ );\r
+NTSTATUS\r
+STDCALL\r
+ZwSetSystemEnvironmentValue(\r
+ IN PUNICODE_STRING VariableName,\r
+ IN PUNICODE_STRING Value\r
+ );\r
+/*\r
+ * FUNCTION: Sets system parameters\r
+ * ARGUMENTS: \r
+ * SystemInformationClass = Index to a particular set of system parameters\r
+ * Can be one of the following values:\r
+ *\r
+ * SystemTimeAdjustmentInformation SYSTEM_TIME_ADJUSTMENT\r
+ *\r
+ * SystemInformation = Structure containing the parameters.\r
+ * SystemInformationLength = Size of the structure.\r
+ * RETURNS: Status\r
+*/\r
+NTSTATUS\r
+STDCALL\r
+NtSetSystemInformation(\r
+ IN SYSTEM_INFORMATION_CLASS SystemInformationClass,\r
+ IN PVOID SystemInformation,\r
+ IN ULONG SystemInformationLength\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwSetSystemInformation(\r
+ IN SYSTEM_INFORMATION_CLASS SystemInformationClass,\r
+ IN PVOID SystemInformation,\r
+ IN ULONG SystemInformationLength\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Sets the system time\r
+ * ARGUMENTS: \r
+ * SystemTime = Old System time\r
+ * NewSystemTime = New System time\r
+ * RETURNS: Status\r
+*/\r
+NTSTATUS\r
+STDCALL\r
+NtSetSystemTime(\r
+ IN PLARGE_INTEGER SystemTime,\r
+ IN PLARGE_INTEGER NewSystemTime OPTIONAL\r
+ );\r
+NTSTATUS\r
+STDCALL\r
+ZwSetSystemTime(\r
+ IN PLARGE_INTEGER SystemTime,\r
+ IN PLARGE_INTEGER NewSystemTime OPTIONAL\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Sets the frequency of the system timer\r
+ * ARGUMENTS: \r
+ * RequestedResolution = \r
+ * SetOrUnset = \r
+ * ActualResolution = \r
+ * RETURNS: Status\r
+*/\r
+NTSTATUS\r
+STDCALL\r
+NtSetTimerResolution(\r
+ IN ULONG RequestedResolution,\r
+ IN BOOL SetOrUnset,\r
+ OUT PULONG ActualResolution\r
+ );\r
+NTSTATUS\r
+STDCALL\r
+ZwSetTimerResolution(\r
+ IN ULONG RequestedResolution,\r
+ IN BOOL SetOrUnset,\r
+ OUT PULONG ActualResolution\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Sets the value of a registry key\r
+ * ARGUMENTS: \r
+ * KeyHandle = Handle to a registry key\r
+ * ValueName = Name of the value entry to change\r
+ * TitleIndex = pointer to a structure containing the new volume information\r
+ * Type = Type of the registry key. Can be one of the values:\r
+ * REG_BINARY Unspecified binary data\r
+ * REG_DWORD A 32 bit value\r
+ * REG_DWORD_LITTLE_ENDIAN Same as REG_DWORD\r
+ * REG_DWORD_BIG_ENDIAN A 32 bit value whose least significant byte is at the highest address\r
+ * REG_EXPAND_SZ A zero terminated wide character string with unexpanded environment variables ( "%PATH%" )\r
+ * REG_LINK A zero terminated wide character string referring to a symbolic link.\r
+ * REG_MULTI_SZ A series of zero-terminated strings including a additional trailing zero\r
+ * REG_NONE Unspecified type\r
+ * REG_SZ A wide character string ( zero terminated )\r
+ * REG_RESOURCE_LIST ??\r
+ * REG_RESOURCE_REQUIREMENTS_LIST ??\r
+ * REG_FULL_RESOURCE_DESCRIPTOR ??\r
+ * Data = Contains the data for the registry key.\r
+ * DataSize = size of the data.\r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtSetValueKey(\r
+ IN HANDLE KeyHandle,\r
+ IN PUNICODE_STRING ValueName,\r
+ IN ULONG TitleIndex OPTIONAL,\r
+ IN ULONG Type,\r
+ IN PVOID Data,\r
+ IN ULONG DataSize\r
+ );\r
+NTSTATUS\r
+STDCALL\r
+ZwSetValueKey(\r
+ IN HANDLE KeyHandle,\r
+ IN PUNICODE_STRING ValueName,\r
+ IN ULONG TitleIndex OPTIONAL,\r
+ IN ULONG Type,\r
+ IN PVOID Data,\r
+ IN ULONG DataSize\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Sets the volume information.\r
+ * ARGUMENTS:\r
+ * FileHandle = Handle to the file\r
+ * IoStatusBlock = Caller should supply storage for additional status information\r
+ * VolumeInformation = pointer to a structure containing the new volume information\r
+ * Length = size of the structure.\r
+ * VolumeInformationClass = specifies the particular volume information to set\r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtSetVolumeInformationFile(\r
+ IN HANDLE FileHandle,\r
+ OUT PIO_STATUS_BLOCK IoStatusBlock,\r
+ IN PVOID FsInformation,\r
+ IN ULONG Length,\r
+ IN FS_INFORMATION_CLASS FsInformationClass\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwSetVolumeInformationFile(\r
+ IN HANDLE FileHandle,\r
+ OUT PIO_STATUS_BLOCK IoStatusBlock,\r
+ IN PVOID FsInformation,\r
+ IN ULONG Length,\r
+ IN FS_INFORMATION_CLASS FsInformationClass\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Shuts the system down\r
+ * ARGUMENTS:\r
+ * Action = Specifies the type of shutdown, it can be one of the following values:\r
+ * ShutdownNoReboot, ShutdownReboot, ShutdownPowerOff\r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtShutdownSystem(\r
+ IN SHUTDOWN_ACTION Action\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwShutdownSystem(\r
+ IN SHUTDOWN_ACTION Action\r
+ );\r
+\r
+\r
+/* --- PROFILING --- */\r
+\r
+/*\r
+ * FUNCTION: Starts profiling\r
+ * ARGUMENTS: \r
+ * ProfileHandle = Handle to the profile\r
+ * RETURNS: Status\r
+ */\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtStartProfile(\r
+ HANDLE ProfileHandle\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwStartProfile(\r
+ HANDLE ProfileHandle\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Stops profiling\r
+ * ARGUMENTS: \r
+ * ProfileHandle = Handle to the profile\r
+ * RETURNS: Status \r
+ */\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtStopProfile(\r
+ HANDLE ProfileHandle\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwStopProfile(\r
+ HANDLE ProfileHandle\r
+ );\r
+\r
+/* --- PROCESS MANAGEMENT --- */\r
+\r
+//--NtSystemDebugControl\r
+/*\r
+ * FUNCTION: Terminates the execution of a process. \r
+ * ARGUMENTS: \r
+ * ThreadHandle = Handle to the process\r
+ * ExitStatus = The exit status of the process to terminate with.\r
+ * REMARKS\r
+ Native applications should kill themselves using this function.\r
+ * RETURNS: Status\r
+ */ \r
+NTSTATUS \r
+STDCALL \r
+NtTerminateProcess(\r
+ IN HANDLE ProcessHandle ,\r
+ IN NTSTATUS ExitStatus\r
+ );\r
+NTSTATUS \r
+STDCALL \r
+ZwTerminateProcess(\r
+ IN HANDLE ProcessHandle ,\r
+ IN NTSTATUS ExitStatus\r
+ );\r
+\r
+/* --- DEVICE DRIVER CONTROL --- */\r
+\r
+/*\r
+ * FUNCTION: Unloads a driver. \r
+ * ARGUMENTS: \r
+ * DriverServiceName = Name of the driver to unload\r
+ * RETURNS: Status\r
+ */ \r
+NTSTATUS \r
+STDCALL\r
+NtUnloadDriver(\r
+ IN PUNICODE_STRING DriverServiceName\r
+ );\r
+NTSTATUS \r
+STDCALL\r
+ZwUnloadDriver(\r
+ IN PUNICODE_STRING DriverServiceName\r
+ );\r
+\r
+/* --- VIRTUAL MEMORY MANAGEMENT --- */\r
+\r
+/*\r
+ * FUNCTION: Writes a range of virtual memory\r
+ * ARGUMENTS: \r
+ * ProcessHandle = The handle to the process owning the address space.\r
+ * BaseAddress = The points to the address to write to\r
+ * Buffer = Pointer to the buffer to write\r
+ * NumberOfBytesToWrite = Offset to the upper boundary to write\r
+ * NumberOfBytesWritten = Total bytes written\r
+ * REMARKS:\r
+ * This function maps to the win32 WriteProcessMemory\r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS\r
+STDCALL \r
+NtWriteVirtualMemory(\r
+ IN HANDLE ProcessHandle,\r
+ IN PVOID BaseAddress,\r
+ IN PVOID Buffer,\r
+ IN ULONG NumberOfBytesToWrite,\r
+ OUT PULONG NumberOfBytesWritten\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL \r
+ZwWriteVirtualMemory(\r
+ IN HANDLE ProcessHandle,\r
+ IN PVOID BaseAddress,\r
+ IN PVOID Buffer,\r
+ IN ULONG NumberOfBytesToWrite,\r
+ OUT PULONG NumberOfBytesWritten\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Unmaps a piece of virtual memory backed by a file. \r
+ * ARGUMENTS: \r
+ * ProcessHandle = Handle to the process\r
+ * BaseAddress = The address where the mapping begins\r
+ * REMARK:\r
+ This procedure maps to the win32 UnMapViewOfFile\r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtUnmapViewOfSection(\r
+ IN HANDLE ProcessHandle,\r
+ IN PVOID BaseAddress\r
+ );\r
+NTSTATUS\r
+STDCALL\r
+ZwUnmapViewOfSection(\r
+ IN HANDLE ProcessHandle,\r
+ IN PVOID BaseAddress\r
+ );\r
+\r
+/* --- OBJECT SYNCHRONIZATION --- */\r
+\r
+/*\r
+ * FUNCTION: Signals an object and wait for an other one.\r
+ * ARGUMENTS: \r
+ * SignalObject = Handle to the object that should be signaled\r
+ * WaitObject = Handle to the object that should be waited for\r
+ * Alertable = True if the wait is alertable\r
+ * Time = The time to wait\r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtSignalAndWaitForSingleObject(\r
+ IN HANDLE SignalObject,\r
+ IN HANDLE WaitObject,\r
+ IN BOOLEAN Alertable,\r
+ IN PLARGE_INTEGER Time\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtSignalAndWaitForSingleObject(\r
+ IN HANDLE SignalObject,\r
+ IN HANDLE WaitObject,\r
+ IN BOOLEAN Alertable,\r
+ IN PLARGE_INTEGER Time\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Waits for an object to become signalled.\r
+ * ARGUMENTS: \r
+ * Object = The object handle\r
+ * Alertable = If true the wait is alertable.\r
+ * Time = The maximum wait time.\r
+ * REMARKS:\r
+ * This function maps to the win32 WaitForSingleObjectEx.\r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtWaitForSingleObject (\r
+ IN HANDLE Object,\r
+ IN BOOLEAN Alertable,\r
+ IN PLARGE_INTEGER Time\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwWaitForSingleObject (\r
+ IN HANDLE Object,\r
+ IN BOOLEAN Alertable,\r
+ IN PLARGE_INTEGER Time\r
+ );\r
+\r
+/* --- EVENT PAIR OBJECT --- */\r
+\r
+/*\r
+ * FUNCTION: Waits for the high part of an eventpair to become signalled\r
+ * ARGUMENTS:\r
+ * EventPairHandle = Handle to the event pair.\r
+ * RETURNS: Status\r
+ */\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtWaitHighEventPair(\r
+ IN HANDLE EventPairHandle\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwWaitHighEventPair(\r
+ IN HANDLE EventPairHandle\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Waits for the low part of an eventpair to become signalled\r
+ * ARGUMENTS:\r
+ * EventPairHandle = Handle to the event pair.\r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtWaitLowEventPair(\r
+ IN HANDLE EventPairHandle\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwWaitLowEventPair(\r
+ IN HANDLE EventPairHandle\r
+ );\r
+\r
+/* --- FILE MANAGEMENT --- */\r
+\r
+/*\r
+ * FUNCTION: Unlocks a range of bytes in a file. \r
+ * ARGUMENTS: \r
+ * FileHandle = Handle to the file\r
+ * IoStatusBlock = Caller should supply storage for a structure containing\r
+ * the completion status and information about the requested unlock operation.\r
+ The information field is set to the number of bytes unlocked.\r
+ * ByteOffset = Offset to start the range of bytes to unlock \r
+ * Length = Number of bytes to unlock.\r
+ * Key = Special value to enable other threads to unlock a file than the\r
+ thread that locked the file. The key supplied must match with the one obtained\r
+ in a previous call to NtLockFile.\r
+ * REMARK:\r
+ This procedure maps to the win32 procedure UnlockFileEx. STATUS_PENDING is returned if the lock could\r
+ not be obtained immediately, the device queue is busy and the IRP is queued.\r
+ * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES |\r
+ STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_RANGE_NOT_LOCKED ]\r
+ */ \r
+NTSTATUS \r
+STDCALL\r
+NtUnlockFile(\r
+ IN HANDLE FileHandle,\r
+ OUT PIO_STATUS_BLOCK IoStatusBlock,\r
+ IN PLARGE_INTEGER ByteOffset,\r
+ IN PLARGE_INTEGER Lenght,\r
+ OUT PULONG Key OPTIONAL\r
+ );\r
+NTSTATUS \r
+STDCALL\r
+ZwUnlockFile(\r
+ IN HANDLE FileHandle,\r
+ OUT PIO_STATUS_BLOCK IoStatusBlock,\r
+ IN PLARGE_INTEGER ByteOffset,\r
+ IN PLARGE_INTEGER Lenght,\r
+ OUT PULONG Key OPTIONAL\r
+ );\r
+ \r
+/*\r
+ * FUNCTION: Writes data to a file\r
+ * ARGUMENTS: \r
+ * FileHandle = The handle a file ( from NtCreateFile )\r
+ * Event = Specifies a event that will become signalled when the write operation completes.\r
+ * ApcRoutine = Asynchroneous Procedure Callback [ Should not be used by device drivers ]\r
+ * ApcContext = Argument to the Apc Routine \r
+ * IoStatusBlock = Caller should supply storage for a structure containing the completion status and information about the requested write operation.\r
+ * Buffer = Caller should supply storage for a buffer that will contain the information to be written to file.\r
+ * Length = Size in bytest of the buffer\r
+ * ByteOffset = Points to a file offset. If a combination of Length and BytesOfSet is past the end-of-file mark the file will be enlarged.\r
+ * BytesOffset is ignored if the file is created with FILE_APPEND_DATA in the DesiredAccess. BytesOffset is also ignored if\r
+ * the file is created with CreateOptions flags FILE_SYNCHRONOUS_IO_ALERT or FILE_SYNCHRONOUS_IO_NONALERT set, in that case a offset\r
+ * should be created by specifying FILE_USE_FILE_POINTER_POSITION.\r
+ * Key = Unused\r
+ * REMARKS:\r
+ * This function maps to the win32 WriteFile. \r
+ * Callers to NtWriteFile should run at IRQL PASSIVE_LEVEL.\r
+ * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES\r
+ STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_FILE_LOCK_CONFLICT ]\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtWriteFile(\r
+ IN HANDLE FileHandle,\r
+ IN HANDLE Event OPTIONAL,\r
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,\r
+ IN PVOID ApcContext OPTIONAL,\r
+ OUT PIO_STATUS_BLOCK IoStatusBlock,\r
+ IN PVOID Buffer,\r
+ IN ULONG Length,\r
+ IN PLARGE_INTEGER ByteOffset,\r
+ IN PULONG Key OPTIONAL\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwWriteFile(\r
+ IN HANDLE FileHandle,\r
+ IN HANDLE Event OPTIONAL,\r
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,\r
+ IN PVOID ApcContext OPTIONAL,\r
+ OUT PIO_STATUS_BLOCK IoStatusBlock,\r
+ IN PVOID Buffer,\r
+ IN ULONG Length,\r
+ IN PLARGE_INTEGER ByteOffset ,\r
+ IN PULONG Key OPTIONAL\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Writes a file \r
+ * ARGUMENTS: \r
+ * FileHandle = The handle of the file \r
+ * Event = \r
+ * ApcRoutine = Asynchroneous Procedure Callback [ Should not be used by device drivers ]\r
+ * ApcContext = Argument to the Apc Routine \r
+ * IoStatusBlock = Caller should supply storage for a structure containing the completion status and information about the requested write operation.\r
+ * BufferDescription = Caller should supply storage for a buffer that will contain the information to be written to file.\r
+ * BufferLength = Size in bytest of the buffer\r
+ * ByteOffset = Points to a file offset. If a combination of Length and BytesOfSet is past the end-of-file mark the file will be enlarged.\r
+ * BytesOffset is ignored if the file is created with FILE_APPEND_DATA in the DesiredAccess. BytesOffset is also ignored if\r
+ * the file is created with CreateOptions flags FILE_SYNCHRONOUS_IO_ALERT or FILE_SYNCHRONOUS_IO_NONALERT set, in that case a offset\r
+ * should be created by specifying FILE_USE_FILE_POINTER_POSITION. Use FILE_WRITE_TO_END_OF_FILE to write to the EOF.\r
+ * Key = If a matching key [ a key provided at NtLockFile ] is provided the write operation will continue even if a byte range is locked.\r
+ * REMARKS:\r
+ * This function maps to the win32 WriteFile. \r
+ * Callers to NtWriteFile should run at IRQL PASSIVE_LEVEL.\r
+ * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES\r
+ STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_FILE_LOCK_CONFLICT ]\r
+ */\r
+\r
+NTSTATUS\r
+STDCALL \r
+NtWriteFileGather( \r
+ IN HANDLE FileHandle, \r
+ IN HANDLE Event OPTIONAL, \r
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, \r
+ IN PVOID ApcContext OPTIONAL, \r
+ OUT PIO_STATUS_BLOCK IoStatusBlock,\r
+ IN FILE_SEGMENT_ELEMENT BufferDescription[], \r
+ IN ULONG BufferLength, \r
+ IN PLARGE_INTEGER ByteOffset, \r
+ IN PULONG Key OPTIONAL\r
+ ); \r
+\r
+NTSTATUS\r
+STDCALL \r
+ZwWriteFileGather( \r
+ IN HANDLE FileHandle, \r
+ IN HANDLE Event OPTIONAL, \r
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, \r
+ IN PVOID ApcContext OPTIONAL, \r
+ OUT PIO_STATUS_BLOCK IoStatusBlock,\r
+ IN FILE_SEGMENT_ELEMENT BufferDescription[], \r
+ IN ULONG BufferLength, \r
+ IN PLARGE_INTEGER ByteOffset, \r
+ IN PULONG Key OPTIONAL\r
+ ); \r
+\r
+\r
+/* --- THREAD MANAGEMENT --- */\r
+\r
+/*\r
+ * FUNCTION: Increments a thread's resume count\r
+ * ARGUMENTS: \r
+ * ThreadHandle = Handle to the thread that should be resumed\r
+ * PreviousSuspendCount = The resulting/previous suspend count.\r
+ * REMARK:\r
+ * A thread will be suspended if its suspend count is greater than 0. This procedure maps to\r
+ * the win32 SuspendThread function. ( documentation about the the suspend count can be found here aswell )\r
+ * The suspend count is not increased if it is greater than MAXIMUM_SUSPEND_COUNT.\r
+ * RETURNS: Status\r
+ */ \r
+NTSTATUS \r
+STDCALL \r
+NtSuspendThread(\r
+ IN HANDLE ThreadHandle,\r
+ IN PULONG PreviousSuspendCount \r
+ );\r
+\r
+NTSTATUS \r
+STDCALL \r
+ZwSuspendThread(\r
+ IN HANDLE ThreadHandle,\r
+ IN PULONG PreviousSuspendCount \r
+ );\r
+\r
+/*\r
+ * FUNCTION: Terminates the execution of a thread. \r
+ * ARGUMENTS: \r
+ * ThreadHandle = Handle to the thread\r
+ * ExitStatus = The exit status of the thread to terminate with.\r
+ * RETURNS: Status\r
+ */ \r
+NTSTATUS \r
+STDCALL \r
+NtTerminateThread(\r
+ IN HANDLE ThreadHandle ,\r
+ IN NTSTATUS ExitStatus\r
+ );\r
+NTSTATUS \r
+STDCALL \r
+ZwTerminateThread(\r
+ IN HANDLE ThreadHandle ,\r
+ IN NTSTATUS ExitStatus\r
+ );\r
+/*\r
+ * FUNCTION: Tests to see if there are any pending alerts for the calling thread \r
+ * RETURNS: Status\r
+ */ \r
+NTSTATUS \r
+STDCALL \r
+NtTestAlert(\r
+ VOID \r
+ );\r
+NTSTATUS \r
+STDCALL \r
+ZwTestAlert(\r
+ VOID \r
+ );\r
+\r
+/*\r
+ * FUNCTION: Yields the callers thread.\r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS\r
+STDCALL \r
+NtYieldExecution(\r
+ VOID\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL \r
+ZwYieldExecution(\r
+ VOID\r
+ );\r
+\r
+/* --- PLUG AND PLAY --- */\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtPlugPlayControl (\r
+ VOID\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtGetPlugPlayEvent (\r
+ VOID\r
+ );\r
+\r
+/* --- POWER MANAGEMENT --- */\r
+\r
+NTSTATUS STDCALL \r
+NtSetSystemPowerState(IN POWER_ACTION SystemAction,\r
+ IN SYSTEM_POWER_STATE MinSystemState,\r
+ IN ULONG Flags);\r
+\r
+/* --- DEBUG SUBSYSTEM --- */\r
+\r
+NTSTATUS STDCALL \r
+NtSystemDebugControl(DEBUG_CONTROL_CODE ControlCode,\r
+ PVOID InputBuffer,\r
+ ULONG InputBufferLength,\r
+ PVOID OutputBuffer,\r
+ ULONG OutputBufferLength,\r
+ PULONG ReturnLength);\r
+\r
+/* --- VIRTUAL DOS MACHINE (VDM) --- */\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtVdmControl (ULONG ControlCode, PVOID ControlData);\r
+\r
+\r
+/* --- WIN32 --- */\r
+\r
+NTSTATUS STDCALL\r
+NtW32Call(IN ULONG RoutineIndex,\r
+ IN PVOID Argument,\r
+ IN ULONG ArgumentLength,\r
+ OUT PVOID* Result OPTIONAL,\r
+ OUT PULONG ResultLength OPTIONAL);\r
+\r
+/* --- CHANNELS --- */\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtCreateChannel (\r
+ VOID\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtListenChannel (\r
+ VOID\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtOpenChannel (\r
+ VOID\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtReplyWaitSendChannel (\r
+ VOID\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtSendWaitReplyChannel (\r
+ VOID\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtSetContextChannel (\r
+ VOID\r
+ );\r
+\r
+/* --- MISCELLANEA --- */\r
+\r
+//NTSTATUS STDCALL NtSetLdtEntries(VOID);\r
+NTSTATUS\r
+STDCALL\r
+NtSetLdtEntries (\r
+ HANDLE Thread,\r
+ ULONG FirstEntry,\r
+ PULONG Entries\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtQueryOleDirectoryFile (\r
+ VOID\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Checks a clients access rights to a object\r
+ * ARGUMENTS: \r
+ * SecurityDescriptor = Security information against which the access is checked\r
+ * ClientToken = Represents a client\r
+ * DesiredAcces = \r
+ * GenericMapping =\r
+ * PrivilegeSet =\r
+ * ReturnLength = Bytes written\r
+ * GrantedAccess = \r
+ * AccessStatus = Indicates if the ClientToken allows the requested access\r
+ * REMARKS: The arguments map to the win32 AccessCheck \r
+ * RETURNS: Status\r
+ */\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtAccessCheck(\r
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor,\r
+ IN HANDLE ClientToken,\r
+ IN ACCESS_MASK DesiredAcces,\r
+ IN PGENERIC_MAPPING GenericMapping,\r
+ OUT PPRIVILEGE_SET PrivilegeSet,\r
+ OUT PULONG ReturnLength,\r
+ OUT PULONG GrantedAccess,\r
+ OUT PBOOLEAN AccessStatus\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwAccessCheck(\r
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor,\r
+ IN HANDLE ClientToken,\r
+ IN ACCESS_MASK DesiredAcces,\r
+ IN PGENERIC_MAPPING GenericMapping,\r
+ OUT PPRIVILEGE_SET PrivilegeSet,\r
+ OUT PULONG ReturnLength,\r
+ OUT PULONG GrantedAccess,\r
+ OUT PBOOLEAN AccessStatus\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+RtlOpenCurrentUser(\r
+ IN ACCESS_MASK DesiredAccess,\r
+ OUT PHANDLE KeyHandle);\r
+\r
+\r
+#ifndef __USE_W32API\r
+\r
+/*\r
+ * FUNCTION: Continues a thread with the specified context\r
+ * ARGUMENTS: \r
+ * Context = Specifies the processor context\r
+ * IrqLevel = Specifies the Interupt Request Level to continue with. Can\r
+ * be PASSIVE_LEVEL or APC_LEVEL\r
+ * REMARKS\r
+ * NtContinue can be used to continue after an exception or apc.\r
+ * RETURNS: Status\r
+ */\r
+//FIXME This function might need another parameter\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtContinue(\r
+ IN PCONTEXT Context,\r
+ IN BOOLEAN TestAlert\r
+ );\r
+\r
+NTSTATUS STDCALL ZwContinue(IN PCONTEXT Context, IN CINT IrqLevel);\r
+\r
+/*\r
+ * FUNCTION: Retrieves the system time\r
+ * ARGUMENTS: \r
+ * CurrentTime (OUT) = Caller should supply storage for the resulting time.\r
+ * RETURNS: Status\r
+ *\r
+*/\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtQuerySystemTime (\r
+ OUT TIME *CurrentTime\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwQuerySystemTime (\r
+ OUT TIME *CurrentTime\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Loads a registry key.\r
+ * ARGUMENTS:\r
+ * KeyHandle = Handle to the registry key\r
+ * ObjectAttributes = ???\r
+ * Unknown3 = ???\r
+ * REMARK:\r
+ * This procedure maps to the win32 procedure RegLoadKey\r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtLoadKey2 (\r
+ PHANDLE KeyHandle,\r
+ POBJECT_ATTRIBUTES ObjectAttributes,\r
+ ULONG Unknown3\r
+ );\r
+NTSTATUS\r
+STDCALL\r
+ZwLoadKey2 (\r
+ PHANDLE KeyHandle,\r
+ POBJECT_ATTRIBUTES ObjectAttributes,\r
+ ULONG Unknown3\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Copies a handle from one process space to another\r
+ * ARGUMENTS:\r
+ * SourceProcessHandle = The source process owning the handle. The source process should have opened\r
+ * the SourceHandle with PROCESS_DUP_HANDLE access.\r
+ * SourceHandle = The handle to the object.\r
+ * TargetProcessHandle = The destination process owning the handle \r
+ * TargetHandle (OUT) = Caller should supply storage for the duplicated handle. \r
+ * DesiredAccess = The desired access to the handle.\r
+ * InheritHandle = Indicates wheter the new handle will be inheritable or not.\r
+ * Options = Specifies special actions upon duplicating the handle. Can be\r
+ * one of the values DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS.\r
+ * DUPLICATE_CLOSE_SOURCE specifies that the source handle should be\r
+ * closed after duplicating. DUPLICATE_SAME_ACCESS specifies to ignore\r
+ * the DesiredAccess paramter and just grant the same access to the new\r
+ * handle.\r
+ * RETURNS: Status\r
+ * REMARKS: This function maps to the win32 DuplicateHandle.\r
+ */\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtDuplicateObject(\r
+ IN HANDLE SourceProcessHandle,\r
+ IN HANDLE SourceHandle,\r
+ IN HANDLE TargetProcessHandle,\r
+ OUT PHANDLE TargetHandle,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN BOOLEAN InheritHandle,\r
+ IN ULONG Options\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwDuplicateObject(\r
+ IN HANDLE SourceProcessHandle,\r
+ IN PHANDLE SourceHandle,\r
+ IN HANDLE TargetProcessHandle,\r
+ OUT PHANDLE TargetHandle,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN BOOLEAN InheritHandle,\r
+ IN ULONG Options\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Checks a clients access rights to a object and issues a audit a alarm. ( it logs the access )\r
+ * ARGUMENTS: \r
+ * SubsystemName = Specifies the name of the subsystem, can be "WIN32" or "DEBUG"\r
+ * ObjectHandle =\r
+ * ObjectAttributes =\r
+ * DesiredAcces = \r
+ * GenericMapping =\r
+ * ObjectCreation = \r
+ * GrantedAccess = \r
+ * AccessStatus =\r
+ * GenerateOnClose =\r
+ * REMARKS: The arguments map to the win32 AccessCheck \r
+ * RETURNS: Status\r
+ */\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtAccessCheckAndAuditAlarm(\r
+ IN PUNICODE_STRING SubsystemName,\r
+ IN PHANDLE ObjectHandle,\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN PGENERIC_MAPPING GenericMapping,\r
+ IN BOOLEAN ObjectCreation,\r
+ OUT PULONG GrantedAccess,\r
+ OUT PBOOLEAN AccessStatus,\r
+ OUT PBOOLEAN GenerateOnClose\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwAccessCheckAndAuditAlarm(\r
+ IN PUNICODE_STRING SubsystemName,\r
+ IN PHANDLE ObjectHandle,\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN PGENERIC_MAPPING GenericMapping,\r
+ IN BOOLEAN ObjectCreation,\r
+ OUT PULONG GrantedAccess,\r
+ OUT PBOOLEAN AccessStatus,\r
+ OUT PBOOLEAN GenerateOnClose\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Adds an atom to the global atom table\r
+ * ARGUMENTS:\r
+ * AtomString = The string to add to the atom table.\r
+ * Atom (OUT) = Caller supplies storage for the resulting atom.\r
+ * REMARKS: The arguments map to the win32 add GlobalAddAtom.\r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtAddAtom(\r
+ IN PWSTR AtomName,\r
+ IN OUT PRTL_ATOM Atom\r
+ );\r
+\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwAddAtom(\r
+ IN PWSTR AtomName,\r
+ IN OUT PRTL_ATOM Atom\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtAllocateUuids(\r
+ PULARGE_INTEGER Time,\r
+ PULONG Range,\r
+ PULONG Sequence\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwAllocateUuids(\r
+ PULARGE_INTEGER Time,\r
+ PULONG Range,\r
+ PULONG Sequence\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Cancels a timer\r
+ * ARGUMENTS: \r
+ * TimerHandle = Handle to the timer\r
+ * CurrentState = Specifies the state of the timer when cancelled.\r
+ * REMARKS:\r
+ * The arguments to this function map to the function CancelWaitableTimer. \r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtCancelTimer(\r
+ IN HANDLE TimerHandle,\r
+ OUT PBOOLEAN CurrentState OPTIONAL\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwCancelTimer(\r
+ IN HANDLE TimerHandle,\r
+ OUT ULONG ElapsedTime\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Creates a paging file.\r
+ * ARGUMENTS:\r
+ * FileName = Name of the pagefile\r
+ * InitialSize = Specifies the initial size in bytes\r
+ * MaximumSize = Specifies the maximum size in bytes\r
+ * Reserved = Reserved for future use\r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtCreatePagingFile(\r
+ IN PUNICODE_STRING FileName,\r
+ IN PLARGE_INTEGER InitialSize,\r
+ IN PLARGE_INTEGER MaxiumSize,\r
+ IN ULONG Reserved\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwCreatePagingFile(\r
+ IN PUNICODE_STRING FileName,\r
+ IN PLARGE_INTEGER InitialSize,\r
+ IN PLARGE_INTEGER MaxiumSize,\r
+ IN ULONG Reserved\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Creates a user mode thread\r
+ * ARGUMENTS:\r
+ * ThreadHandle (OUT) = Caller supplied storage for the resulting handle\r
+ * DesiredAccess = Specifies the allowed or desired access to the thread. \r
+ * ObjectAttributes = Initialized attributes for the object.\r
+ * ProcessHandle = Handle to the threads parent process.\r
+ * ClientId (OUT) = Caller supplies storage for returned process id and thread id.\r
+ * ThreadContext = Initial processor context for the thread.\r
+ * InitialTeb = Initial user mode stack context for the thread.\r
+ * CreateSuspended = Specifies if the thread is ready for scheduling\r
+ * REMARKS:\r
+ * This function maps to the win32 function CreateThread. \r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS\r
+STDCALL \r
+NtCreateThread(\r
+ OUT PHANDLE ThreadHandle,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,\r
+ IN HANDLE ProcessHandle,\r
+ OUT PCLIENT_ID ClientId,\r
+ IN PCONTEXT ThreadContext,\r
+ IN PINITIAL_TEB InitialTeb,\r
+ IN BOOLEAN CreateSuspended\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL \r
+ZwCreateThread(\r
+ OUT PHANDLE ThreadHandle,\r
+ IN ACCESS_MASK DesiredAccess,\r
+ IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,\r
+ IN HANDLE ProcessHandle,\r
+ OUT PCLIENT_ID ClientId,\r
+ IN PCONTEXT ThreadContext,\r
+ IN PINITIAL_TEB InitialTeb,\r
+ IN BOOLEAN CreateSuspended\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtDuplicateToken( \r
+ IN HANDLE ExistingToken, \r
+ IN ACCESS_MASK DesiredAccess, \r
+ IN POBJECT_ATTRIBUTES ObjectAttributes,\r
+ IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,\r
+ IN TOKEN_TYPE TokenType, \r
+ OUT PHANDLE NewToken \r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwDuplicateToken( \r
+ IN HANDLE ExistingToken, \r
+ IN ACCESS_MASK DesiredAccess, \r
+ IN POBJECT_ATTRIBUTES ObjectAttributes,\r
+ IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,\r
+ IN TOKEN_TYPE TokenType, \r
+ OUT PHANDLE NewToken \r
+ );\r
+\r
+/*\r
+ * FUNCTION: Finds a atom\r
+ * ARGUMENTS:\r
+ * AtomName = Name to search for.\r
+ * Atom = Caller supplies storage for the resulting atom\r
+ * RETURNS: Status \r
+ * REMARKS:\r
+ * This funciton maps to the win32 GlobalFindAtom\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtFindAtom(\r
+ IN PWSTR AtomName,\r
+ OUT PRTL_ATOM Atom OPTIONAL\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwFindAtom(\r
+ IN PWSTR AtomName,\r
+ OUT PRTL_ATOM Atom OPTIONAL\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Flushes a the processors instruction cache\r
+ * ARGUMENTS:\r
+ * ProcessHandle = Points to the process owning the cache\r
+ * BaseAddress = // might this be a image address ????\r
+ * NumberOfBytesToFlush = \r
+ * RETURNS: Status \r
+ * REMARKS:\r
+ * This funciton is used by debuggers\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtFlushInstructionCache(\r
+ IN HANDLE ProcessHandle,\r
+ IN PVOID BaseAddress,\r
+ IN UINT NumberOfBytesToFlush\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwFlushInstructionCache(\r
+ IN HANDLE ProcessHandle,\r
+ IN PVOID BaseAddress,\r
+ IN UINT NumberOfBytesToFlush\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Flushes virtual memory to file\r
+ * ARGUMENTS:\r
+ * ProcessHandle = Points to the process that allocated the virtual memory\r
+ * BaseAddress = Points to the memory address\r
+ * NumberOfBytesToFlush = Limits the range to flush,\r
+ * NumberOfBytesFlushed = Actual number of bytes flushed\r
+ * RETURNS: Status \r
+ * REMARKS:\r
+ * Check return status on STATUS_NOT_MAPPED_DATA \r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtFlushVirtualMemory(\r
+ IN HANDLE ProcessHandle,\r
+ IN PVOID BaseAddress,\r
+ IN ULONG NumberOfBytesToFlush,\r
+ OUT PULONG NumberOfBytesFlushed OPTIONAL\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwFlushVirtualMemory(\r
+ IN HANDLE ProcessHandle,\r
+ IN PVOID BaseAddress,\r
+ IN ULONG NumberOfBytesToFlush,\r
+ OUT PULONG NumberOfBytesFlushed OPTIONAL\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Retrieves the uptime of the system\r
+ * ARGUMENTS:\r
+ * UpTime = Number of clock ticks since boot.\r
+ * RETURNS: Status \r
+ */\r
+NTSTATUS\r
+STDCALL \r
+NtGetTickCount(\r
+ PULONG UpTime\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL \r
+ZwGetTickCount(\r
+ PULONG UpTime\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Loads a registry key.\r
+ * ARGUMENTS:\r
+ * KeyHandle = Handle to the registry key\r
+ * ObjectAttributes = ???\r
+ * REMARK:\r
+ * This procedure maps to the win32 procedure RegLoadKey\r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS\r
+STDCALL \r
+NtLoadKey(\r
+ PHANDLE KeyHandle,\r
+ POBJECT_ATTRIBUTES ObjectAttributes\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL \r
+ZwLoadKey(\r
+ PHANDLE KeyHandle,\r
+ POBJECT_ATTRIBUTES ObjectAttributes\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Locks a range of virtual memory. \r
+ * ARGUMENTS: \r
+ * ProcessHandle = Handle to the process\r
+ * BaseAddress = Lower boundary of the range of bytes to lock. \r
+ * NumberOfBytesLock = Offset to the upper boundary.\r
+ * NumberOfBytesLocked (OUT) = Number of bytes actually locked.\r
+ * REMARK:\r
+ This procedure maps to the win32 procedure VirtualLock \r
+ * RETURNS: Status [STATUS_SUCCESS | STATUS_WAS_LOCKED ]\r
+ */ \r
+NTSTATUS\r
+STDCALL \r
+NtLockVirtualMemory(\r
+ HANDLE ProcessHandle,\r
+ PVOID BaseAddress,\r
+ ULONG NumberOfBytesToLock,\r
+ PULONG NumberOfBytesLocked\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL \r
+ZwLockVirtualMemory(\r
+ HANDLE ProcessHandle,\r
+ PVOID BaseAddress,\r
+ ULONG NumberOfBytesToLock,\r
+ PULONG NumberOfBytesLocked\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtOpenObjectAuditAlarm(\r
+ IN PUNICODE_STRING SubsystemName, \r
+ IN PVOID HandleId, \r
+ IN POBJECT_ATTRIBUTES ObjectAttributes,\r
+ IN HANDLE ClientToken, \r
+ IN ULONG DesiredAccess, \r
+ IN ULONG GrantedAccess, \r
+ IN PPRIVILEGE_SET Privileges,\r
+ IN BOOLEAN ObjectCreation, \r
+ IN BOOLEAN AccessGranted, \r
+ OUT PBOOLEAN GenerateOnClose \r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwOpenObjectAuditAlarm(\r
+ IN PUNICODE_STRING SubsystemName, \r
+ IN PVOID HandleId, \r
+ IN POBJECT_ATTRIBUTES ObjectAttributes,\r
+ IN HANDLE ClientToken, \r
+ IN ULONG DesiredAccess, \r
+ IN ULONG GrantedAccess, \r
+ IN PPRIVILEGE_SET Privileges,\r
+ IN BOOLEAN ObjectCreation, \r
+ IN BOOLEAN AccessGranted, \r
+ OUT PBOOLEAN GenerateOnClose \r
+ );\r
+\r
+/*\r
+ * FUNCTION: Set the access protection of a range of virtual memory\r
+ * ARGUMENTS:\r
+ * ProcessHandle = Handle to process owning the virtual address space\r
+ * BaseAddress = Start address\r
+ * NumberOfBytesToProtect = Delimits the range of virtual memory\r
+ * for which the new access protection holds\r
+ * NewAccessProtection = The new access proctection for the pages\r
+ * OldAccessProtection = Caller should supply storage for the old \r
+ * access protection\r
+ *\r
+ * REMARKS:\r
+ * The function maps to the win32 VirtualProtectEx\r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtProtectVirtualMemory(\r
+ IN HANDLE ProcessHandle,\r
+ IN PVOID BaseAddress,\r
+ IN ULONG NumberOfBytesToProtect,\r
+ IN ULONG NewAccessProtection,\r
+ OUT PULONG OldAccessProtection\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwProtectVirtualMemory(\r
+ IN HANDLE ProcessHandle,\r
+ IN PVOID BaseAddress,\r
+ IN ULONG NumberOfBytesToProtect,\r
+ IN ULONG NewAccessProtection,\r
+ OUT PULONG OldAccessProtection\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtQueryInformationAtom(\r
+ IN RTL_ATOM Atom,\r
+ IN ATOM_INFORMATION_CLASS AtomInformationClass,\r
+ OUT PVOID AtomInformation,\r
+ IN ULONG AtomInformationLength,\r
+ OUT PULONG ReturnLength OPTIONAL\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwQueryInformationAtom(\r
+ IN RTL_ATOM Atom,\r
+ IN ATOM_INFORMATION_CLASS AtomInformationClass,\r
+ OUT PVOID AtomInformation,\r
+ IN ULONG AtomInformationLength,\r
+ OUT PULONG ReturnLength OPTIONAL\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Query information about the content of a directory object\r
+ * ARGUMENTS:\r
+ DirObjInformation = Buffer must be large enough to hold the name strings too\r
+ GetNextIndex = If TRUE :return the index of the next object in this directory in ObjectIndex\r
+ If FALSE: return the number of objects in this directory in ObjectIndex\r
+ IgnoreInputIndex= If TRUE: ignore input value of ObjectIndex always start at index 0\r
+ If FALSE use input value of ObjectIndex\r
+ ObjectIndex = zero based index of object in the directory depends on GetNextIndex and IgnoreInputIndex\r
+ DataWritten = Actual size of the ObjectIndex ???\r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtQueryDirectoryObject(\r
+ IN HANDLE DirObjHandle,\r
+ OUT POBJDIR_INFORMATION DirObjInformation,\r
+ IN ULONG BufferLength,\r
+ IN BOOLEAN GetNextIndex,\r
+ IN BOOLEAN IgnoreInputIndex,\r
+ IN OUT PULONG ObjectIndex,\r
+ OUT PULONG DataWritten OPTIONAL\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwQueryDirectoryObject(\r
+ IN HANDLE DirObjHandle,\r
+ OUT POBJDIR_INFORMATION DirObjInformation,\r
+ IN ULONG BufferLength,\r
+ IN BOOLEAN GetNextIndex,\r
+ IN BOOLEAN IgnoreInputIndex,\r
+ IN OUT PULONG ObjectIndex,\r
+ OUT PULONG DataWritten OPTIONAL\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Queries the information of a process object.\r
+ * ARGUMENTS: \r
+ * ProcessHandle = Handle to the process object\r
+ * ProcessInformation = Index to a certain information structure\r
+\r
+ ProcessBasicInformation PROCESS_BASIC_INFORMATION\r
+ ProcessQuotaLimits QUOTA_LIMITS\r
+ ProcessIoCounters IO_COUNTERS\r
+ ProcessVmCounters VM_COUNTERS\r
+ ProcessTimes KERNEL_USER_TIMES\r
+ ProcessBasePriority KPRIORITY\r
+ ProcessRaisePriority KPRIORITY\r
+ ProcessDebugPort HANDLE\r
+ ProcessExceptionPort HANDLE \r
+ ProcessAccessToken PROCESS_ACCESS_TOKEN\r
+ ProcessLdtInformation LDT_ENTRY ??\r
+ ProcessLdtSize ULONG\r
+ ProcessDefaultHardErrorMode ULONG\r
+ ProcessIoPortHandlers // kernel mode only\r
+ ProcessPooledUsageAndLimits POOLED_USAGE_AND_LIMITS\r
+ ProcessWorkingSetWatch PROCESS_WS_WATCH_INFORMATION \r
+ ProcessUserModeIOPL (I/O Privilege Level)\r
+ ProcessEnableAlignmentFaultFixup BOOLEAN \r
+ ProcessPriorityClass ULONG\r
+ ProcessWx86Information ULONG \r
+ ProcessHandleCount ULONG\r
+ ProcessAffinityMask ULONG \r
+ ProcessPooledQuotaLimits QUOTA_LIMITS\r
+ MaxProcessInfoClass \r
+\r
+ * ProcessInformation = Caller supplies storage for the process information structure\r
+ * ProcessInformationLength = Size of the process information structure\r
+ * ReturnLength = Actual number of bytes written\r
+ \r
+ * REMARK:\r
+ * This procedure maps to the win32 GetProcessTimes, GetProcessVersion,\r
+ GetProcessWorkingSetSize, GetProcessPriorityBoost, GetProcessAffinityMask, GetPriorityClass,\r
+ GetProcessShutdownParameters functions. \r
+ * RETURNS: Status\r
+*/\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtQueryInformationProcess(\r
+ IN HANDLE ProcessHandle,\r
+ IN CINT ProcessInformationClass,\r
+ OUT PVOID ProcessInformation,\r
+ IN ULONG ProcessInformationLength,\r
+ OUT PULONG ReturnLength \r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwQueryInformationProcess(\r
+ IN HANDLE ProcessHandle,\r
+ IN CINT ProcessInformationClass,\r
+ OUT PVOID ProcessInformation,\r
+ IN ULONG ProcessInformationLength,\r
+ OUT PULONG ReturnLength \r
+ );\r
+\r
+/*\r
+ * FUNCTION: Query the interval and the clocksource for profiling\r
+ * ARGUMENTS:\r
+ Interval = \r
+ ClockSource = \r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtQueryIntervalProfile(\r
+ OUT PULONG Interval,\r
+ OUT KPROFILE_SOURCE ClockSource\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwQueryIntervalProfile(\r
+ OUT PULONG Interval,\r
+ OUT KPROFILE_SOURCE ClockSource\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Queries the information of a object.\r
+ * ARGUMENTS: \r
+ ObjectHandle = Handle to a object\r
+ ObjectInformationClass = Index to a certain information structure\r
+\r
+ ObjectBasicInformation \r
+ ObjectTypeInformation OBJECT_TYPE_INFORMATION \r
+ ObjectNameInformation OBJECT_NAME_INFORMATION\r
+ ObjectDataInformation OBJECT_DATA_INFORMATION\r
+\r
+ ObjectInformation = Caller supplies storage for resulting information\r
+ Length = Size of the supplied storage \r
+ ResultLength = Bytes written\r
+ */\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtQueryObject(\r
+ IN HANDLE ObjectHandle,\r
+ IN CINT ObjectInformationClass,\r
+ OUT PVOID ObjectInformation,\r
+ IN ULONG Length,\r
+ OUT PULONG ResultLength\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwQueryObject(\r
+ IN HANDLE ObjectHandle,\r
+ IN CINT ObjectInformationClass,\r
+ OUT PVOID ObjectInformation,\r
+ IN ULONG Length,\r
+ OUT PULONG ResultLength\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtQuerySecurityObject(\r
+ IN HANDLE Object,\r
+ IN CINT SecurityObjectInformationClass,\r
+ OUT PVOID SecurityObjectInformation,\r
+ IN ULONG Length,\r
+ OUT PULONG ReturnLength\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwQuerySecurityObject(\r
+ IN HANDLE Object,\r
+ IN CINT SecurityObjectInformationClass,\r
+ OUT PVOID SecurityObjectInformation,\r
+ IN ULONG Length,\r
+ OUT PULONG ReturnLength\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Queries the virtual memory information.\r
+ * ARGUMENTS: \r
+ ProcessHandle = Process owning the virtual address space\r
+ BaseAddress = Points to the page where the information is queried for. \r
+ * VirtualMemoryInformationClass = Index to a certain information structure\r
+\r
+ MemoryBasicInformation MEMORY_BASIC_INFORMATION\r
+\r
+ * VirtualMemoryInformation = caller supplies storage for the information structure\r
+ * Length = size of the structure\r
+ ResultLength = Data written\r
+ * RETURNS: Status\r
+ *\r
+*/\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtQueryVirtualMemory(\r
+ IN HANDLE ProcessHandle,\r
+ IN PVOID Address,\r
+ IN IN CINT VirtualMemoryInformationClass,\r
+ OUT PVOID VirtualMemoryInformation,\r
+ IN ULONG Length,\r
+ OUT PULONG ResultLength\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwQueryVirtualMemory(\r
+ IN HANDLE ProcessHandle,\r
+ IN PVOID Address,\r
+ IN IN CINT VirtualMemoryInformationClass,\r
+ OUT PVOID VirtualMemoryInformation,\r
+ IN ULONG Length,\r
+ OUT PULONG ResultLength\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Raises a hard error (stops the system)\r
+ * ARGUMENTS:\r
+ * Status = Status code of the hard error\r
+ * Unknown2 = ??\r
+ * Unknown3 = ??\r
+ * Unknown4 = ??\r
+ * Unknown5 = ??\r
+ * Unknown6 = ??\r
+ * RETURNS: Status\r
+ *\r
+ */\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtRaiseHardError(\r
+ IN NTSTATUS Status,\r
+ ULONG Unknown2,\r
+ ULONG Unknown3,\r
+ ULONG Unknown4,\r
+ ULONG Unknown5,\r
+ ULONG Unknown6\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwRaiseHardError(\r
+ IN NTSTATUS Status,\r
+ ULONG Unknown2,\r
+ ULONG Unknown3,\r
+ ULONG Unknown4,\r
+ ULONG Unknown5,\r
+ ULONG Unknown6\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Sets the information of a registry key.\r
+ * ARGUMENTS: \r
+ * KeyHandle = Handle to the registry key\r
+ * KeyInformationClass = Index to the a certain information structure.\r
+ Can be one of the following values:\r
+\r
+ * KeyWriteTimeInformation KEY_WRITE_TIME_INFORMATION\r
+\r
+ KeyInformation = Storage for the new information\r
+ * KeyInformationLength = Size of the information strucure\r
+ * RETURNS: Status\r
+ */\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtSetInformationKey(\r
+ IN HANDLE KeyHandle,\r
+ IN CINT KeyInformationClass,\r
+ IN PVOID KeyInformation,\r
+ IN ULONG KeyInformationLength\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwSetInformationKey(\r
+ IN HANDLE KeyHandle,\r
+ IN CINT KeyInformationClass,\r
+ IN PVOID KeyInformation,\r
+ IN ULONG KeyInformationLength\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Changes a set of object specific parameters\r
+ * ARGUMENTS: \r
+ * ObjectHandle = \r
+ * ObjectInformationClass = Index to the set of parameters to change. \r
+\r
+ \r
+ ObjectBasicInformation \r
+ ObjectTypeInformation OBJECT_TYPE_INFORMATION \r
+ ObjectAllInformation \r
+ ObjectDataInformation OBJECT_DATA_INFORMATION\r
+ ObjectNameInformation OBJECT_NAME_INFORMATION \r
+\r
+\r
+ * ObjectInformation = Caller supplies storage for parameters to set.\r
+ * Length = Size of the storage supplied\r
+ * RETURNS: Status\r
+*/\r
+NTSTATUS\r
+STDCALL\r
+NtSetInformationObject(\r
+ IN HANDLE ObjectHandle,\r
+ IN CINT ObjectInformationClass,\r
+ IN PVOID ObjectInformation,\r
+ IN ULONG Length \r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwSetInformationObject(\r
+ IN HANDLE ObjectHandle,\r
+ IN CINT ObjectInformationClass,\r
+ IN PVOID ObjectInformation,\r
+ IN ULONG Length \r
+ );\r
+\r
+/*\r
+ * FUNCTION: Changes a set of process specific parameters\r
+ * ARGUMENTS: \r
+ * ProcessHandle = Handle to the process\r
+ * ProcessInformationClass = Index to a information structure. \r
+ *\r
+ * ProcessBasicInformation PROCESS_BASIC_INFORMATION\r
+ * ProcessQuotaLimits QUOTA_LIMITS\r
+ * ProcessBasePriority KPRIORITY\r
+ * ProcessRaisePriority KPRIORITY \r
+ * ProcessDebugPort HANDLE\r
+ * ProcessExceptionPort HANDLE \r
+ * ProcessAccessToken PROCESS_ACCESS_TOKEN \r
+ * ProcessDefaultHardErrorMode ULONG\r
+ * ProcessPriorityClass ULONG\r
+ * ProcessAffinityMask KAFFINITY //??\r
+ *\r
+ * ProcessInformation = Caller supplies storage for information to set.\r
+ * ProcessInformationLength = Size of the information structure\r
+ * RETURNS: Status\r
+*/\r
+NTSTATUS\r
+STDCALL\r
+NtSetInformationProcess(\r
+ IN HANDLE ProcessHandle,\r
+ IN CINT ProcessInformationClass,\r
+ IN PVOID ProcessInformation,\r
+ IN ULONG ProcessInformationLength\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwSetInformationProcess(\r
+ IN HANDLE ProcessHandle,\r
+ IN CINT ProcessInformationClass,\r
+ IN PVOID ProcessInformation,\r
+ IN ULONG ProcessInformationLength\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Sets the characteristics of a timer\r
+ * ARGUMENTS: \r
+ * TimerHandle = Handle to the timer\r
+ * DueTime = Time before the timer becomes signalled for the first time.\r
+ * TimerApcRoutine = Completion routine can be called on time completion\r
+ * TimerContext = Argument to the completion routine\r
+ * Resume = Specifies if the timer should repeated after completing one cycle\r
+ * Period = Cycle of the timer\r
+ * REMARKS: This routine maps to the win32 SetWaitableTimer.\r
+ * RETURNS: Status\r
+*/\r
+NTSTATUS\r
+STDCALL\r
+NtSetTimer(\r
+ IN HANDLE TimerHandle,\r
+ IN PLARGE_INTEGER DueTime,\r
+ IN PTIMERAPCROUTINE TimerApcRoutine,\r
+ IN PVOID TimerContext,\r
+ IN BOOL WakeTimer,\r
+ IN ULONG Period OPTIONAL,\r
+ OUT PBOOLEAN PreviousState OPTIONAL\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwSetTimer(\r
+ IN HANDLE TimerHandle,\r
+ IN PLARGE_INTEGER DueTime,\r
+ IN PTIMERAPCROUTINE TimerApcRoutine,\r
+ IN PVOID TimerContext,\r
+ IN BOOL WakeTimer,\r
+ IN ULONG Period OPTIONAL,\r
+ OUT PBOOLEAN PreviousState OPTIONAL\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Unloads a registry key.\r
+ * ARGUMENTS:\r
+ * KeyHandle = Handle to the registry key\r
+ * REMARK:\r
+ * This procedure maps to the win32 procedure RegUnloadKey\r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtUnloadKey(\r
+ HANDLE KeyHandle\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwUnloadKey(\r
+ HANDLE KeyHandle\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Unlocks a range of virtual memory. \r
+ * ARGUMENTS: \r
+ * ProcessHandle = Handle to the process\r
+ * BaseAddress = Lower boundary of the range of bytes to unlock. \r
+ * NumberOfBytesToUnlock = Offset to the upper boundary to unlock.\r
+ * NumberOfBytesUnlocked (OUT) = Number of bytes actually unlocked.\r
+ * REMARK:\r
+ This procedure maps to the win32 procedure VirtualUnlock \r
+ * RETURNS: Status [ STATUS_SUCCESS | STATUS_PAGE_WAS_ULOCKED ]\r
+ */ \r
+NTSTATUS \r
+STDCALL\r
+NtUnlockVirtualMemory(\r
+ IN HANDLE ProcessHandle,\r
+ IN PVOID BaseAddress,\r
+ IN ULONG NumberOfBytesToUnlock,\r
+ OUT PULONG NumberOfBytesUnlocked OPTIONAL\r
+ );\r
+\r
+NTSTATUS \r
+STDCALL\r
+ZwUnlockVirtualMemory(\r
+ IN HANDLE ProcessHandle,\r
+ IN PVOID BaseAddress,\r
+ IN ULONG NumberOfBytesToUnlock,\r
+ OUT PULONG NumberOfBytesUnlocked OPTIONAL\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Waits for multiple objects to become signalled.\r
+ * ARGUMENTS: \r
+ * Count = The number of objects\r
+ * Object = The array of object handles\r
+ * WaitType = Can be one of the values UserMode or KernelMode\r
+ * Alertable = If true the wait is alertable.\r
+ * Time = The maximum wait time.\r
+ * REMARKS:\r
+ * This function maps to the win32 WaitForMultipleObjectEx.\r
+ * RETURNS: Status\r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtWaitForMultipleObjects (\r
+ IN ULONG Count,\r
+ IN HANDLE Object[],\r
+ IN CINT WaitType,\r
+ IN BOOLEAN Alertable,\r
+ IN PLARGE_INTEGER Time\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwWaitForMultipleObjects (\r
+ IN ULONG Count,\r
+ IN HANDLE Object[],\r
+ IN CINT WaitType,\r
+ IN BOOLEAN Alertable,\r
+ IN PLARGE_INTEGER Time\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Creates a profile\r
+ * ARGUMENTS:\r
+ * ProfileHandle (OUT) = Caller supplied storage for the resulting handle\r
+ * ObjectAttribute = Initialized attributes for the object\r
+ * ImageBase = Start address of executable image\r
+ * ImageSize = Size of the image\r
+ * Granularity = Bucket size\r
+ * Buffer = Caller supplies buffer for profiling info\r
+ * ProfilingSize = Buffer size\r
+ * ClockSource = Specify 0 / FALSE ??\r
+ * ProcessorMask = A value of -1 indicates disables per processor profiling,\r
+ otherwise bit set for the processor to profile.\r
+ * REMARKS:\r
+ * This function maps to the win32 CreateProcess. \r
+ * RETURNS: Status\r
+ */\r
+\r
+NTSTATUS \r
+STDCALL\r
+NtCreateProfile(OUT PHANDLE ProfileHandle, \r
+ IN HANDLE ProcessHandle,\r
+ IN PVOID ImageBase, \r
+ IN ULONG ImageSize, \r
+ IN ULONG Granularity,\r
+ OUT PULONG Buffer, \r
+ IN ULONG ProfilingSize,\r
+ IN KPROFILE_SOURCE Source,\r
+ IN ULONG ProcessorMask);\r
+\r
+NTSTATUS \r
+STDCALL\r
+ZwCreateProfile(\r
+ OUT PHANDLE ProfileHandle, \r
+ IN POBJECT_ATTRIBUTES ObjectAttributes,\r
+ IN ULONG ImageBase, \r
+ IN ULONG ImageSize, \r
+ IN ULONG Granularity,\r
+ OUT PVOID Buffer, \r
+ IN ULONG ProfilingSize,\r
+ IN ULONG ClockSource,\r
+ IN ULONG ProcessorMask\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Delays the execution of the calling thread.\r
+ * ARGUMENTS:\r
+ * Alertable = If TRUE the thread is alertable during is wait period\r
+ * Interval = Specifies the interval to wait. \r
+ * RETURNS: Status\r
+ */\r
+\r
+NTSTATUS\r
+STDCALL\r
+NtDelayExecution(\r
+ IN ULONG Alertable,\r
+ IN TIME *Interval\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwDelayExecution(\r
+ IN BOOLEAN Alertable,\r
+ IN TIME *Interval\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Extends a section\r
+ * ARGUMENTS:\r
+ * SectionHandle = Handle to the section\r
+ * NewMaximumSize = Adjusted size\r
+ * RETURNS: Status \r
+ */\r
+NTSTATUS\r
+STDCALL\r
+NtExtendSection(\r
+ IN HANDLE SectionHandle,\r
+ IN ULONG NewMaximumSize\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwExtendSection(\r
+ IN HANDLE SectionHandle,\r
+ IN ULONG NewMaximumSize\r
+ );\r
+\r
+/*\r
+ * FUNCTION: Queries the information of a section object.\r
+ * ARGUMENTS: \r
+ * SectionHandle = Handle to the section link object\r
+ * SectionInformationClass = Index to a certain information structure\r
+ * SectionInformation (OUT)= Caller supplies storage for resulting information\r
+ * Length = Size of the supplied storage \r
+ * ResultLength = Data written\r
+ * RETURNS: Status\r
+ *\r
+*/\r
+NTSTATUS\r
+STDCALL\r
+NtQuerySection(\r
+ IN HANDLE SectionHandle,\r
+ IN CINT SectionInformationClass,\r
+ OUT PVOID SectionInformation,\r
+ IN ULONG Length,\r
+ OUT PULONG ResultLength\r
+ );\r
+\r
+NTSTATUS\r
+STDCALL\r
+ZwQuerySection(\r
+ IN HANDLE SectionHandle,\r
+ IN CINT SectionInformationClass,\r
+ OUT PVOID SectionInformation,\r
+ IN ULONG Length,\r
+ OUT PULONG ResultLength\r
+ );\r
+\r
+typedef struct _SECTION_IMAGE_INFORMATION\r
+{\r
+ PVOID EntryPoint;\r
+ ULONG Unknown1;\r
+ ULONG StackReserve;\r
+ ULONG StackCommit;\r
+ ULONG Subsystem;\r
+ USHORT MinorSubsystemVersion;\r
+ USHORT MajorSubsystemVersion;\r
+ ULONG Unknown2;\r
+ ULONG Characteristics;\r
+ USHORT ImageNumber;\r
+ BOOLEAN Executable;\r
+ UCHAR Unknown3;\r
+ ULONG Unknown4[3];\r
+} SECTION_IMAGE_INFORMATION, *PSECTION_IMAGE_INFORMATION;\r
+\r
+#endif /* !__USE_W32API */\r
+\r
+#endif /* __DDK_ZW_H */\r
--- /dev/null
+#ifndef __INCLUDE_DDK_ZWTYPES_H\r
+#define __INCLUDE_DDK_ZWTYPES_H\r
+
+#ifndef __USE_W32API
+\r
+typedef enum _DEBUG_CONTROL_CODE\r
+{\r
+ DebugGetTraceInformation = 1,\r
+ DebugSetInternalBreakpoint,\r
+ DebugSetSpecialCalls,\r
+ DebugClearSpecialCalls,\r
+ DebugQuerySpecialCalls,\r
+ DebugDbgBreakPoint,\r
+ DebugDbgLoadSymbols\r
+} DEBUG_CONTROL_CODE;\r
+\r
+typedef enum _KPROFILE_SOURCE\r
+{\r
+ ProfileTime\r
+} KPROFILE_SOURCE;\r
+\r
+// file disposition values\r
+\r
+#define FILE_SUPERSEDE 0x0000\r
+#define FILE_OPEN 0x0001\r
+#define FILE_CREATE 0x0002\r
+#define FILE_OPEN_IF 0x0003\r
+#define FILE_OVERWRITE 0x0004\r
+#define FILE_OVERWRITE_IF 0x0005\r
+#define FILE_MAXIMUM_DISPOSITION 0x0005\r
+\r
+// job query / set information class\r
+\r
+typedef enum _JOBOBJECTINFOCLASS { // Q S\r
+ JobObjectBasicAccountingInformation = 1, // Y N\r
+ JobObjectBasicLimitInformation, // Y Y\r
+ JobObjectBasicProcessIdList, // Y N\r
+ JobObjectBasicUIRestrictions, // Y Y\r
+ JobObjectSecurityLimitInformation, // Y Y\r
+ JobObjectEndOfJobTimeInformation, // N Y\r
+ JobObjectAssociateCompletionPortInformation, // N Y\r
+ JobObjectBasicAndIoAccountingInformation, // Y N\r
+ JobObjectExtendedLimitInformation, // Y Y\r
+} JOBOBJECTINFOCLASS;\r
+\r
+// system information\r
+// {Nt|Zw}{Query|Set}SystemInformation\r
+// (GN means Gary Nebbet in "NT/W2K Native API Reference")\r
+\r
+typedef\r
+enum _SYSTEM_INFORMATION_CLASS\r
+{\r
+ SystemInformationClassMin = 0,\r
+ SystemBasicInformation = 0, /* Q */\r
+ \r
+ SystemProcessorInformation = 1, /* Q */\r
+ \r
+ SystemPerformanceInformation = 2, /* Q */\r
+ \r
+ SystemTimeOfDayInformation = 3, /* Q */\r
+ \r
+ SystemPathInformation = 4, /* Q (checked build only) */\r
+ SystemNotImplemented1 = 4, /* Q (GN) */\r
+ \r
+ SystemProcessInformation = 5, /* Q */\r
+ SystemProcessesAndThreadsInformation = 5, /* Q (GN) */\r
+ \r
+ SystemCallCountInfoInformation = 6, /* Q */\r
+ SystemCallCounts = 6, /* Q (GN) */\r
+ \r
+ SystemDeviceInformation = 7, /* Q */\r
+// It conflicts with symbol in ntoskrnl/io/resource.c\r
+// SystemConfigurationInformation = 7, /* Q (GN) */\r
+ \r
+ SystemProcessorPerformanceInformation = 8, /* Q */\r
+ SystemProcessorTimes = 8, /* Q (GN) */\r
+ \r
+ SystemFlagsInformation = 9, /* QS */\r
+ SystemGlobalFlag = 9, /* QS (GN) */\r
+ \r
+ SystemCallTimeInformation = 10,\r
+ SystemNotImplemented2 = 10, /* (GN) */\r
+ \r
+ SystemModuleInformation = 11, /* Q */\r
+ \r
+ SystemLocksInformation = 12, /* Q */\r
+ SystemLockInformation = 12, /* Q (GN) */\r
+ \r
+ SystemStackTraceInformation = 13,\r
+ SystemNotImplemented3 = 13, /* Q (GN) */\r
+ \r
+ SystemPagedPoolInformation = 14,\r
+ SystemNotImplemented4 = 14, /* Q (GN) */\r
+ \r
+ SystemNonPagedPoolInformation = 15,\r
+ SystemNotImplemented5 = 15, /* Q (GN) */\r
+ \r
+ SystemHandleInformation = 16, /* Q */\r
+ \r
+ SystemObjectInformation = 17, /* Q */\r
+ \r
+ SystemPageFileInformation = 18, /* Q */\r
+ SystemPagefileInformation = 18, /* Q (GN) */\r
+ \r
+ SystemVdmInstemulInformation = 19, /* Q */\r
+ SystemInstructionEmulationCounts = 19, /* Q (GN) */\r
+ \r
+ SystemVdmBopInformation = 20,\r
+ SystemInvalidInfoClass1 = 20, /* (GN) */\r
+ \r
+ SystemFileCacheInformation = 21, /* QS */\r
+ SystemCacheInformation = 21, /* QS (GN) */\r
+ \r
+ SystemPoolTagInformation = 22, /* Q (checked build only) */\r
+ \r
+ SystemInterruptInformation = 23, /* Q */\r
+ SystemProcessorStatistics = 23, /* Q (GN) */\r
+ \r
+ SystemDpcBehaviourInformation = 24, /* QS */\r
+ SystemDpcInformation = 24, /* QS (GN) */\r
+ \r
+ SystemFullMemoryInformation = 25,\r
+ SystemNotImplemented6 = 25, /* (GN) */\r
+ \r
+ SystemLoadImage = 26, /* S (callable) (GN) */\r
+ \r
+ SystemUnloadImage = 27, /* S (callable) (GN) */\r
+ \r
+ SystemTimeAdjustmentInformation = 28, /* QS */\r
+ SystemTimeAdjustment = 28, /* QS (GN) */\r
+ \r
+ SystemSummaryMemoryInformation = 29,\r
+ SystemNotImplemented7 = 29, /* (GN) */\r
+ \r
+ SystemNextEventIdInformation = 30,\r
+ SystemNotImplemented8 = 30, /* (GN) */\r
+ \r
+ SystemEventIdsInformation = 31,\r
+ SystemNotImplemented9 = 31, /* (GN) */\r
+ \r
+ SystemCrashDumpInformation = 32, /* Q */\r
+ \r
+ SystemExceptionInformation = 33, /* Q */\r
+ \r
+ SystemCrashDumpStateInformation = 34, /* Q */\r
+ \r
+ SystemKernelDebuggerInformation = 35, /* Q */\r
+ \r
+ SystemContextSwitchInformation = 36, /* Q */\r
+ \r
+ SystemRegistryQuotaInformation = 37, /* QS */\r
+ \r
+ SystemLoadAndCallImage = 38, /* S (GN) */\r
+ \r
+ SystemPrioritySeparation = 39, /* S */\r
+ \r
+ SystemPlugPlayBusInformation = 40,\r
+ SystemNotImplemented10 = 40, /* Q (GN) */\r
+ \r
+ SystemDockInformation = 41,\r
+ SystemNotImplemented11 = 41, /* Q (GN) */\r
+ \r
+ SystemPowerInformation = 42,\r
+ SystemInvalidInfoClass2 = 42, /* (GN) */\r
+ \r
+ SystemProcessorSpeedInformation = 43,\r
+ SystemInvalidInfoClass3 = 43, /* (GN) */\r
+ \r
+ SystemCurrentTimeZoneInformation = 44, /* QS */\r
+ SystemTimeZoneInformation = 44, /* QS (GN) */\r
+ \r
+ SystemLookasideInformation = 45, /* Q */\r
+ \r
+ SystemSetTimeSlipEvent = 46, /* S (GN) */\r
+ \r
+ SystemCreateSession = 47, /* S (GN) */\r
+ \r
+ SystemDeleteSession = 48, /* S (GN) */\r
+ \r
+ SystemInvalidInfoClass4 = 49, /* (GN) */\r
+ \r
+ SystemRangeStartInformation = 50, /* Q (GN) */\r
+ \r
+ SystemVerifierInformation = 51, /* QS (GN) */\r
+ \r
+ SystemAddVerifier = 52, /* S (GN) */\r
+ \r
+ SystemSessionProcessesInformation = 53, /* Q (GN) */\r
+ SystemInformationClassMax\r
+\r
+} SYSTEM_INFORMATION_CLASS;\r
+\r
+// SystemBasicInformation (0)\r
+typedef\r
+struct _SYSTEM_BASIC_INFORMATION\r
+{\r
+ ULONG Reserved;\r
+ ULONG TimerResolution;\r
+ ULONG PageSize;\r
+ ULONG NumberOfPhysicalPages;\r
+ ULONG LowestPhysicalPageNumber;\r
+ ULONG HighestPhysicalPageNumber;\r
+ ULONG AllocationGranularity;\r
+ ULONG MinimumUserModeAddress;\r
+ ULONG MaximumUserModeAddress;\r
+ KAFFINITY ActiveProcessorsAffinityMask;\r
+ CCHAR NumberOfProcessors;\r
+} SYSTEM_BASIC_INFORMATION, *PSYSTEM_BASIC_INFORMATION;\r
+\r
+// SystemProcessorInformation (1)\r
+typedef\r
+struct _SYSTEM_PROCESSOR_INFORMATION\r
+{\r
+ USHORT ProcessorArchitecture;\r
+ USHORT ProcessorLevel;\r
+ USHORT ProcessorRevision;\r
+ USHORT Reserved;\r
+ ULONG ProcessorFeatureBits;\r
+} SYSTEM_PROCESSOR_INFORMATION, *PSYSTEM_PROCESSOR_INFORMATION;\r
+\r
+// SystemPerformanceInfo (2)\r
+typedef\r
+struct _SYSTEM_PERFORMANCE_INFORMATION\r
+{\r
+ LARGE_INTEGER IdleProcessorTime;\r
+ LARGE_INTEGER IoReadTransferCount;\r
+ LARGE_INTEGER IoWriteTransferCount;\r
+ LARGE_INTEGER IoOtherTransferCount;\r
+ ULONG IoReadOperationCount;\r
+ ULONG IoWriteOperationCount;\r
+ ULONG IoOtherOperationCount;\r
+ ULONG AvailablePages;\r
+ ULONG CommitedPages;\r
+ ULONG CommitLimit;\r
+ ULONG PeakCommitment;\r
+ ULONG PageFaultCount;\r
+ ULONG CopyOnWriteCount;\r
+ ULONG TransitionCount;\r
+ ULONG CacheTransitionCount;\r
+ ULONG DemandZeroCount;\r
+ ULONG PageReadCount;\r
+ ULONG PageReadIoCount;\r
+ ULONG CacheReadCount;\r
+ ULONG CacheIoCount;\r
+ ULONG DirtyPagesWriteCount;\r
+ ULONG DirtyWriteIoCount;\r
+ ULONG MappedPagesWriteCount;\r
+ ULONG MappedWriteIoCount;\r
+ ULONG PagedPoolPages;\r
+ ULONG NonPagedPoolPages;\r
+ ULONG Unknown6;\r
+ ULONG Unknown7;\r
+ ULONG Unknown8;\r
+ ULONG Unknown9;\r
+ ULONG MmTotalSystemFreePtes;\r
+ ULONG MmSystemCodepage;\r
+ ULONG MmTotalSystemDriverPages;\r
+ ULONG MmTotalSystemCodePages;\r
+ ULONG Unknown10;\r
+ ULONG Unknown11;\r
+ ULONG Unknown12;\r
+ ULONG MmSystemCachePage;\r
+ ULONG MmPagedPoolPage;\r
+ ULONG MmSystemDriverPage;\r
+ ULONG CcFastReadNoWait;\r
+ ULONG CcFastReadWait;\r
+ ULONG CcFastReadResourceMiss;\r
+ ULONG CcFastReadNotPossible;\r
+ ULONG CcFastMdlReadNoWait;\r
+ ULONG CcFastMdlReadWait;\r
+ ULONG CcFastMdlReadResourceMiss;\r
+ ULONG CcFastMdlReadNotPossible;\r
+ ULONG CcMapDataNoWait;\r
+ ULONG CcMapDataWait;\r
+ ULONG CcMapDataNoWaitMiss;\r
+ ULONG CcMapDataWaitMiss;\r
+ ULONG CcPinMappedDataCount;\r
+ ULONG CcPinReadNoWait;\r
+ ULONG CcPinReadWait;\r
+ ULONG CcPinReadNoWaitMiss;\r
+ ULONG CcPinReadWaitMiss;\r
+ ULONG CcCopyReadNoWait;\r
+ ULONG CcCopyReadWait;\r
+ ULONG CcCopyReadNoWaitMiss;\r
+ ULONG CcCopyReadWaitMiss;\r
+ ULONG CcMdlReadNoWait;\r
+ ULONG CcMdlReadWait;\r
+ ULONG CcMdlReadNoWaitMiss;\r
+ ULONG CcMdlReadWaitMiss;\r
+ ULONG CcReadaheadIos;\r
+ ULONG CcLazyWriteIos;\r
+ ULONG CcLazyWritePages;\r
+ ULONG CcDataFlushes;\r
+ ULONG CcDataPages;\r
+ ULONG ContextSwitches;\r
+ ULONG Unknown13;\r
+ ULONG Unknown14;\r
+ ULONG SystemCalls;\r
+\r
+} SYSTEM_PERFORMANCE_INFO, *PSYSTEM_PERFORMANCE_INFO;\r
+\r
+// SystemModuleInformation (11)\r
+typedef\r
+struct _SYSTEM_MODULE_ENTRY\r
+{\r
+ ULONG Unknown1;\r
+ ULONG Unknown2;\r
+ PVOID BaseAddress;\r
+ ULONG Size;\r
+ ULONG Flags;\r
+ ULONG EntryIndex;\r
+ USHORT NameLength; /* Length of module name not including the path, this field contains valid value only for NTOSKRNL module*/\r
+ USHORT PathLength; /* Length of 'directory path' part of modulename*/\r
+ CHAR Name [256];\r
+} SYSTEM_MODULE_ENTRY, * PSYSTEM_MODULE_ENTRY;\r
+\r
+typedef\r
+struct _SYSTEM_MODULE_INFORMATION\r
+{\r
+ ULONG Count;\r
+ SYSTEM_MODULE_ENTRY Module [1];\r
+} SYSTEM_MODULE_INFORMATION, *PSYSTEM_MODULE_INFORMATION;\r
+\r
+// SystemHandleInformation (16)\r
+// (see ontypes.h)\r
+typedef\r
+struct _SYSTEM_HANDLE_ENTRY\r
+{\r
+ ULONG OwnerPid;\r
+ BYTE ObjectType;\r
+ BYTE HandleFlags;\r
+ USHORT HandleValue;\r
+ PVOID ObjectPointer;\r
+ ULONG AccessMask;\r
+ \r
+} SYSTEM_HANDLE_ENTRY, *PSYSTEM_HANDLE_ENTRY;\r
+\r
+typedef\r
+struct _SYSTEM_HANDLE_INFORMATION\r
+{\r
+ ULONG Count;\r
+ SYSTEM_HANDLE_ENTRY Handle [1];\r
+ \r
+} SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;\r
+\r
+// SystemObjectInformation (17)\r
+typedef\r
+struct _SYSTEM_OBJECT_TYPE_INFORMATION\r
+{\r
+ ULONG NextEntryOffset;\r
+ ULONG ObjectCount;\r
+ ULONG HandleCount;\r
+ ULONG TypeNumber;\r
+ ULONG InvalidAttributes;\r
+ GENERIC_MAPPING GenericMapping;\r
+ ACCESS_MASK ValidAccessMask;\r
+ POOL_TYPE PoolType;\r
+ UCHAR Unknown;\r
+ UNICODE_STRING Name;\r
+ \r
+} SYSTEM_OBJECT_TYPE_INFORMATION, *PSYSTEM_OBJECT_TYPE_INFORMATION;\r
+\r
+typedef\r
+struct _SYSTEM_OBJECT_INFORMATION\r
+{\r
+ ULONG NextEntryOffset;\r
+ PVOID Object;\r
+ ULONG CreatorProcessId;\r
+ USHORT Unknown;\r
+ USHORT Flags;\r
+ ULONG PointerCount;\r
+ ULONG HandleCount;\r
+ ULONG PagedPoolUsage;\r
+ ULONG NonPagedPoolUsage;\r
+ ULONG ExclusiveProcessId;\r
+ PSECURITY_DESCRIPTOR SecurityDescriptor;\r
+ UNICODE_STRING Name;\r
+\r
+} SYSTEM_OBJECT_INFORMATION, *PSYSTEM_OBJECT_INFORMATION;\r
+\r
+// SystemPageFileInformation (18)\r
+typedef\r
+struct _SYSTEM_PAGEFILE_INFORMATION\r
+{\r
+ ULONG RelativeOffset;\r
+ ULONG CurrentSizePages;\r
+ ULONG TotalUsedPages;\r
+ ULONG PeakUsedPages;\r
+ UNICODE_STRING PagefileFileName;\r
+ \r
+} SYSTEM_PAGEFILE_INFORMATION, *PSYSTEM_PAGEFILE_INFORMATION;\r
+\r
+// SystemCacheInformation (21)\r
+typedef\r
+struct _SYSTEM_CACHE_INFORMATION\r
+{\r
+ ULONG CurrentSize;\r
+ ULONG PeakSize;\r
+ ULONG PageFaultCount;\r
+ ULONG MinimumWorkingSet;\r
+ ULONG MaximumWorkingSet;\r
+ ULONG Unused[4];\r
+\r
+} SYSTEM_CACHE_INFORMATION;\r
+\r
+// SystemDpcInformation (24)\r
+typedef\r
+struct _SYSTEM_DPC_INFORMATION\r
+{\r
+ ULONG Unused;\r
+ ULONG KiMaximumDpcQueueDepth;\r
+ ULONG KiMinimumDpcRate;\r
+ ULONG KiAdjustDpcThreshold;\r
+ ULONG KiIdealDpcRate;\r
+\r
+} SYSTEM_DPC_INFORMATION, *PSYSTEM_DPC_INFORMATION;\r
+\r
+// SystemLoadImage (26)\r
+typedef struct _SYSTEM_LOAD_IMAGE\r
+{\r
+ UNICODE_STRING ModuleName;\r
+ PVOID ModuleBase;\r
+ PVOID SectionPointer;\r
+ PVOID EntryPoint;\r
+ PVOID ExportDirectory;\r
+} SYSTEM_LOAD_IMAGE, *PSYSTEM_LOAD_IMAGE;\r
+\r
+// SystemUnloadImage (27)\r
+typedef struct _SYSTEM_UNLOAD_IMAGE\r
+{\r
+ PVOID ModuleBase;\r
+} SYSTEM_UNLOAD_IMAGE, *PSYSTEM_UNLOAD_IMAGE;\r
+\r
+// SystemTimeAdjustmentInformation (28)\r
+typedef\r
+struct _SYSTEM_QUERY_TIME_ADJUSTMENT\r
+{\r
+ ULONG TimeAdjustment;\r
+ ULONG MaximumIncrement;\r
+ BOOLEAN TimeSynchronization;\r
+\r
+} SYSTEM_QUERY_TIME_ADJUSTMENT, *PSYSTEM_QUERY_TIME_ADJUSTMENT;\r
+\r
+typedef\r
+struct _SYSTEM_SET_TIME_ADJUSTMENT\r
+{\r
+ ULONG TimeAdjustment;\r
+ BOOLEAN TimeSynchronization;\r
+ \r
+} SYSTEM_TIME_ADJUSTMENT_INFO, *PSYSTEM_TIME_ADJUSTMENT_INFO;\r
+\r
+// atom information\r
+\r
+typedef enum _ATOM_INFORMATION_CLASS\r
+{\r
+ AtomBasicInformation = 0,\r
+ AtomTableInformation = 1,\r
+} ATOM_INFORMATION_CLASS;\r
+\r
+typedef struct _ATOM_BASIC_INFORMATION\r
+{\r
+ USHORT UsageCount;\r
+ USHORT Flags;\r
+ USHORT NameLength;\r
+ WCHAR Name[1];\r
+} ATOM_BASIC_INFORMATION, *PATOM_BASIC_INFORMATION;\r
+\r
+// SystemLoadAndCallImage(38)\r
+typedef struct _SYSTEM_LOAD_AND_CALL_IMAGE\r
+{\r
+ UNICODE_STRING ModuleName;\r
+} SYSTEM_LOAD_AND_CALL_IMAGE, *PSYSTEM_LOAD_AND_CALL_IMAGE;\r
+\r
+// SystemTimeZoneInformation (44)\r
+typedef\r
+struct _SYSTEM_TIME_ZONE_INFORMATION\r
+{\r
+ LONG Bias;\r
+ WCHAR StandardName [32];\r
+ TIME StandardDate;\r
+ LONG StandardBias;\r
+ WCHAR DaylightName [32];\r
+ TIME DaylightDate;\r
+ LONG DaylightBias;\r
+\r
+} SYSTEM_TIME_ZONE_INFORMATION, * PSYSTEM_TIME_ZONE_INFORMATION;\r
+\r
+// SystemLookasideInformation (45)\r
+typedef\r
+struct _SYSTEM_LOOKASIDE_INFORMATION\r
+{\r
+ USHORT Depth;\r
+ USHORT MaximumDepth;\r
+ ULONG TotalAllocates;\r
+ ULONG AllocatesMisses;\r
+ ULONG TotalFrees;\r
+ ULONG FreeMisses;\r
+ POOL_TYPE Type;\r
+ ULONG Tag;\r
+ ULONG Size;\r
+ \r
+} SYSTEM_LOOKASIDE_INFORMATION, * PSYSTEM_LOOKASIDE_INFORMATION;\r
+\r
+// SystemSetTimeSlipEvent (46)\r
+typedef\r
+struct _SYSTEM_SET_TIME_SLIP_EVENT\r
+{\r
+ HANDLE TimeSlipEvent; /* IN */\r
+\r
+} SYSTEM_SET_TIME_SLIP_EVENT, * PSYSTEM_SET_TIME_SLIP_EVENT;\r
+\r
+// SystemCreateSession (47)\r
+// (available only on TSE/NT5+)\r
+typedef\r
+struct _SYSTEM_CREATE_SESSION\r
+{\r
+ ULONG SessionId; /* OUT */\r
+\r
+} SYSTEM_CREATE_SESSION, * PSYSTEM_CREATE_SESSION;\r
+\r
+// SystemDeleteSession (48)\r
+// (available only on TSE/NT5+)\r
+typedef\r
+struct _SYSTEM_DELETE_SESSION\r
+{\r
+ ULONG SessionId; /* IN */\r
+\r
+} SYSTEM_DELETE_SESSION, * PSYSTEM_DELETE_SESSION;\r
+
+// SystemRangeStartInformation (50)\r
+typedef\r
+struct _SYSTEM_RANGE_START_INFORMATION\r
+{\r
+ PVOID SystemRangeStart;\r
+\r
+} SYSTEM_RANGE_START_INFORMATION, * PSYSTEM_RANGE_START_INFORMATION;\r
+
+// SystemSessionProcessesInformation (53)\r
+// (available only on TSE/NT5+)\r
+typedef\r
+struct _SYSTEM_SESSION_PROCESSES_INFORMATION\r
+{\r
+ ULONG SessionId;\r
+ ULONG BufferSize;\r
+ PVOID Buffer; /* same format as in SystemProcessInformation */\r
+\r
+} SYSTEM_SESSION_PROCESSES_INFORMATION, * PSYSTEM_SESSION_PROCESSES_INFORMATION;\r
+\r
+// memory information\r
+\r
+typedef enum _MEMORY_INFORMATION_CLASS {\r
+ MemoryBasicInformation,\r
+ MemoryWorkingSetList,\r
+ MemorySectionName //,\r
+ //MemoryBasicVlmInformation //???\r
+} MEMORY_INFORMATION_CLASS;\r
+\r
+typedef struct _MEMORY_BASIC_INFORMATION { // Information Class 0\r
+ PVOID BaseAddress;\r
+ PVOID AllocationBase;\r
+ ULONG AllocationProtect;\r
+ ULONG RegionSize;\r
+ ULONG State;\r
+ ULONG Protect;\r
+ ULONG Type;\r
+} MEMORY_BASIC_INFORMATION, *PMEMORY_BASIC_INFORMATION;\r
+\r
+typedef struct _MEMORY_WORKING_SET_LIST { // Information Class 1\r
+ ULONG NumberOfPages;\r
+ ULONG WorkingSetList[1];\r
+} MEMORY_WORKING_SET_LIST, *PMEMORY_WORKING_SET_LIST;\r
+
+// Information Class 2\r
+#define _MEMORY_SECTION_NAME_STATIC(__bufsize__) \\r
+ { \\r
+ UNICODE_STRING SectionFileName; \\r
+ WCHAR NameBuffer[(__bufsize__)]; \\r
+} \r
+\r
+#define MEMORY_SECTION_NAME_STATIC(__bufsize__) \\r
+ struct _MEMORY_SECTION_NAME_STATIC((__bufsize__) \r
+\r
+typedef struct _MEMORY_SECTION_NAME_STATIC(ANYSIZE_ARRAY)\r
+ MEMORY_SECTION_NAME, *PMEMORY_SECTION_NAME;\r
+
+// Information class 0\r
+typedef struct _PROCESS_BASIC_INFORMATION\r
+{\r
+ NTSTATUS ExitStatus;\r
+ PPEB PebBaseAddress;\r
+ KAFFINITY AffinityMask;\r
+ KPRIORITY BasePriority;\r
+ ULONG UniqueProcessId;\r
+ ULONG InheritedFromUniqueProcessId;\r
+} PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION;\r
+\r
+// Information class 1\r
+typedef struct _QUOTA_LIMITS\r
+{\r
+ ULONG PagedPoolLimit;\r
+ ULONG NonPagedPoolLimit;\r
+ ULONG MinimumWorkingSetSize;\r
+ ULONG MaximumWorkingSetSize;\r
+ ULONG PagefileLimit;\r
+ TIME TimeLimit;\r
+} QUOTA_LIMITS, *PQUOTA_LIMITS;\r
+\r
+// Information class 2\r
+typedef struct _IO_COUNTERS\r
+{\r
+ ULONG ReadOperationCount;\r
+ ULONG WriteOperationCount;\r
+ ULONG OtherOperationCount;\r
+ LARGE_INTEGER ReadTransferCount;\r
+ LARGE_INTEGER WriteTransferCount;\r
+ LARGE_INTEGER OtherTransferCount;\r
+} IO_COUNTERS, *PIO_COUNTERS;\r
+\r
+// Information class 3\r
+typedef struct _VM_COUNTERS_\r
+{\r
+ ULONG PeakVirtualSize;\r
+ ULONG VirtualSize;\r
+ ULONG PageFaultCount;\r
+ ULONG PeakWorkingSetSize;\r
+ ULONG WorkingSetSize;\r
+ ULONG QuotaPeakPagedPoolUsage;\r
+ ULONG QuotaPagedPoolUsage;\r
+ ULONG QuotaPeakNonPagedPoolUsage;\r
+ ULONG QuotaNonPagedPoolUsage;\r
+ ULONG PagefileUsage;\r
+ ULONG PeakPagefileUsage;\r
+} VM_COUNTERS, *PVM_COUNTERS;\r
+\r
+// Information class 4\r
+typedef struct _KERNEL_USER_TIMES\r
+{\r
+ TIME CreateTime;\r
+ TIME ExitTime;\r
+ TIME KernelTime;\r
+ TIME UserTime;\r
+} KERNEL_USER_TIMES, *PKERNEL_USER_TIMES;\r
+\r
+// Information class 9\r
+typedef struct _PROCESS_ACCESS_TOKEN\r
+{\r
+ HANDLE Token;\r
+ HANDLE Thread;\r
+} PROCESS_ACCESS_TOKEN, *PPROCESS_ACCESS_TOKEN;\r
+\r
+// Information class 14 \r
+typedef struct _POOLED_USAGE_AND_LIMITS_\r
+{\r
+ ULONG PeakPagedPoolUsage;\r
+ ULONG PagedPoolUsage;\r
+ ULONG PagedPoolLimit;\r
+ ULONG PeakNonPagedPoolUsage;\r
+ ULONG NonPagedPoolUsage;\r
+ ULONG NonPagedPoolLimit;\r
+ ULONG PeakPagefileUsage;\r
+ ULONG PagefileUsage;\r
+ ULONG PagefileLimit;\r
+} POOLED_USAGE_AND_LIMITS, *PPOOLED_USAGE_AND_LIMITS;\r
+\r
+// Information class 15\r
+typedef struct _PROCESS_WS_WATCH_INFORMATION\r
+{\r
+ PVOID FaultingPc;\r
+ PVOID FaultingVa;\r
+} PROCESS_WS_WATCH_INFORMATION, *PPROCESS_WS_WATCH_INFORMATION;\r
+\r
+// Information class 18\r
+typedef struct _PROCESS_PRIORITY_CLASS\r
+{\r
+ BOOLEAN Foreground;\r
+ UCHAR PriorityClass;\r
+} PROCESS_PRIORITY_CLASS, *PPROCESS_PRIORITY_CLASS;\r
+\r
+// Information class 23\r
+typedef struct _PROCESS_DEVICEMAP_INFORMATION\r
+{\r
+ union {\r
+ struct {\r
+ HANDLE DirectoryHandle;\r
+ } Set;\r
+ struct {\r
+ ULONG DriveMap;\r
+ UCHAR DriveType[32];\r
+ } Query;\r
+ };\r
+} PROCESS_DEVICEMAP_INFORMATION, *pPROCESS_DEVICEMAP_INFORMATION;\r
+\r
+// Information class 24\r
+typedef struct _PROCESS_SESSION_INFORMATION\r
+{\r
+ ULONG SessionId;\r
+} PROCESS_SESSION_INFORMATION, *PPROCESS_SESSION_INFORMATION;\r
+\r
+// thread information\r
+\r
+// incompatible with MS NT\r
+\r
+typedef struct _THREAD_BASIC_INFORMATION\r
+{\r
+ NTSTATUS ExitStatus;\r
+ PVOID TebBaseAddress; // PNT_TIB (GN)\r
+ CLIENT_ID ClientId;\r
+ KAFFINITY AffinityMask;\r
+ KPRIORITY Priority;\r
+ KPRIORITY BasePriority;\r
+} THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION;\r
+
+// object information\r
+\r
+typedef struct _OBJECT_NAME_INFORMATION\r
+{\r
+ UNICODE_STRING Name;\r
+} OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION;\r
+\r
+// file information\r
+\r
+typedef struct _FILE_BASIC_INFORMATION\r
+{\r
+ TIME CreationTime;\r
+ TIME LastAccessTime;\r
+ TIME LastWriteTime;\r
+ TIME ChangeTime;\r
+ ULONG FileAttributes;\r
+} FILE_BASIC_INFORMATION, *PFILE_BASIC_INFORMATION;\r
+\r
+typedef struct _FILE_STANDARD_INFORMATION\r
+{\r
+ LARGE_INTEGER AllocationSize;\r
+ LARGE_INTEGER EndOfFile;\r
+ ULONG NumberOfLinks;\r
+ BOOLEAN DeletePending;\r
+ BOOLEAN Directory;\r
+} FILE_STANDARD_INFORMATION, *PFILE_STANDARD_INFORMATION;\r
+\r
+typedef struct _FILE_POSITION_INFORMATION\r
+{\r
+ LARGE_INTEGER CurrentByteOffset;\r
+} FILE_POSITION_INFORMATION, *PFILE_POSITION_INFORMATION;\r
+\r
+typedef struct _FILE_ALIGNMENT_INFORMATION\r
+{\r
+ ULONG AlignmentRequirement;\r
+} FILE_ALIGNMENT_INFORMATION, *PFILE_ALIGNMENT_INFORMATION;\r
+\r
+typedef struct _FILE_DISPOSITION_INFORMATION\r
+{\r
+ BOOLEAN DoDeleteFile;\r
+} FILE_DISPOSITION_INFORMATION, *PFILE_DISPOSITION_INFORMATION;\r
+\r
+typedef struct _FILE_END_OF_FILE_INFORMATION\r
+{\r
+ LARGE_INTEGER EndOfFile;\r
+} FILE_END_OF_FILE_INFORMATION, *PFILE_END_OF_FILE_INFORMATION;\r
+\r
+typedef struct _FILE_NETWORK_OPEN_INFORMATION\r
+{\r
+ TIME CreationTime;\r
+ TIME LastAccessTime;\r
+ TIME LastWriteTime;\r
+ TIME ChangeTime;\r
+ LARGE_INTEGER AllocationSize;\r
+ LARGE_INTEGER EndOfFile;\r
+ ULONG FileAttributes;\r
+} FILE_NETWORK_OPEN_INFORMATION, *PFILE_NETWORK_OPEN_INFORMATION;\r
+\r
+typedef struct _FILE_FULL_EA_INFORMATION\r
+{\r
+ ULONG NextEntryOffset;\r
+ UCHAR Flags;\r
+ UCHAR EaNameLength;\r
+ USHORT EaValueLength;\r
+ CHAR EaName[0];\r
+} FILE_FULL_EA_INFORMATION, *PFILE_FULL_EA_INFORMATION;\r
+\r
+\r
+typedef struct _FILE_EA_INFORMATION {\r
+ ULONG EaSize;\r
+} FILE_EA_INFORMATION, *PFILE_EA_INFORMATION;\r
+\r
+\r
+typedef struct _FILE_GET_EA_INFORMATION {\r
+ ULONG NextEntryOffset;\r
+ UCHAR EaNameLength;\r
+ CHAR EaName[0];\r
+} FILE_GET_EA_INFORMATION, *PFILE_GET_EA_INFORMATION;\r
+\r
+typedef struct _FILE_STREAM_INFORMATION {\r
+ ULONG NextEntryOffset;\r
+ ULONG StreamNameLength;\r
+ LARGE_INTEGER StreamSize;\r
+ LARGE_INTEGER StreamAllocationSize;\r
+ WCHAR StreamName[0];\r
+} FILE_STREAM_INFORMATION, *PFILE_STREAM_INFORMATION;\r
+\r
+typedef struct _FILE_ALLOCATION_INFORMATION {\r
+ LARGE_INTEGER AllocationSize;\r
+} FILE_ALLOCATION_INFORMATION, *PFILE_ALLOCATION_INFORMATION;\r
+\r
+typedef struct _FILE_NAME_INFORMATION {\r
+ ULONG FileNameLength;\r
+ WCHAR FileName[0];\r
+} FILE_NAME_INFORMATION, *PFILE_NAME_INFORMATION;\r
+\r
+typedef struct _FILE_NAMES_INFORMATION \r
+{\r
+ ULONG NextEntryOffset;\r
+ ULONG FileIndex;\r
+ ULONG FileNameLength;\r
+ WCHAR FileName[0];\r
+} FILE_NAMES_INFORMATION, *PFILE_NAMES_INFORMATION;\r
+\r
+\r
+typedef struct _FILE_RENAME_INFORMATION {\r
+ BOOLEAN Replace;\r
+ HANDLE RootDir;\r
+ ULONG FileNameLength;\r
+ WCHAR FileName[0];\r
+} FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION;\r
+\r
+\r
+typedef struct _FILE_INTERNAL_INFORMATION {\r
+ LARGE_INTEGER IndexNumber;\r
+} FILE_INTERNAL_INFORMATION, *PFILE_INTERNAL_INFORMATION;\r
+\r
+typedef struct _FILE_ACCESS_INFORMATION {\r
+ ACCESS_MASK AccessFlags;\r
+} FILE_ACCESS_INFORMATION, *PFILE_ACCESS_INFORMATION;\r
+\r
+\r
+typedef struct _FILE_MODE_INFORMATION {\r
+ ULONG Mode;\r
+} FILE_MODE_INFORMATION, *PFILE_MODE_INFORMATION;\r
+\r
+\r
+typedef struct _FILE_PIPE_INFORMATION {\r
+ ULONG ReadMode;\r
+ ULONG CompletionMode;\r
+} FILE_PIPE_INFORMATION, *PFILE_PIPE_INFORMATION;\r
+\r
+typedef struct _FILE_PIPE_LOCAL_INFORMATION {\r
+ ULONG NamedPipeType;\r
+ ULONG NamedPipeConfiguration;\r
+ ULONG MaximumInstances;\r
+ ULONG CurrentInstances;\r
+ ULONG InboundQuota;\r
+ ULONG ReadDataAvailable;\r
+ ULONG OutboundQuota;\r
+ ULONG WriteQuotaAvailable;\r
+ ULONG NamedPipeState;\r
+ ULONG NamedPipeEnd;\r
+} FILE_PIPE_LOCAL_INFORMATION, *PFILE_PIPE_LOCAL_INFORMATION;\r
+\r
+typedef struct _FILE_PIPE_REMOTE_INFORMATION {\r
+ LARGE_INTEGER CollectDataTime;\r
+ ULONG MaximumCollectionCount;\r
+} FILE_PIPE_REMOTE_INFORMATION, *PFILE_PIPE_REMOTE_INFORMATION;\r
+\r
+typedef struct _FILE_MAILSLOT_QUERY_INFORMATION {\r
+ ULONG MaxMessageSize;\r
+ ULONG Unknown; /* ?? */\r
+ ULONG NextSize;\r
+ ULONG MessageCount;\r
+ LARGE_INTEGER Timeout;\r
+} FILE_MAILSLOT_QUERY_INFORMATION, *PFILE_MAILSLOT_QUERY_INFORMATION;\r
+\r
+typedef struct _FILE_MAILSLOT_SET_INFORMATION {\r
+ LARGE_INTEGER Timeout;\r
+} FILE_MAILSLOT_SET_INFORMATION, *PFILE_MAILSLOT_SET_INFORMATION;\r
+\r
+typedef struct _FILE_COMPRESSION_INFORMATION {\r
+ LARGE_INTEGER CompressedFileSize;\r
+ USHORT CompressionFormat;\r
+ UCHAR CompressionUnitShift;\r
+ UCHAR ChunkShift;\r
+ UCHAR ClusterShift;\r
+ UCHAR Reserved[3];\r
+} FILE_COMPRESSION_INFORMATION, *PFILE_COMPRESSION_INFORMATION;\r
+\r
+typedef struct _FILE_ALL_INFORMATION {\r
+ FILE_BASIC_INFORMATION BasicInformation;\r
+ FILE_STANDARD_INFORMATION StandardInformation;\r
+ FILE_INTERNAL_INFORMATION InternalInformation;\r
+ FILE_EA_INFORMATION EaInformation;\r
+ FILE_ACCESS_INFORMATION AccessInformation;\r
+ FILE_POSITION_INFORMATION PositionInformation;\r
+ FILE_MODE_INFORMATION ModeInformation;\r
+ FILE_ALIGNMENT_INFORMATION AlignmentInformation;\r
+ FILE_NAME_INFORMATION NameInformation;\r
+} FILE_ALL_INFORMATION, *PFILE_ALL_INFORMATION;\r
+\r
+\r
+// file system information structures\r
+\r
+typedef struct _FILE_FS_DEVICE_INFORMATION {\r
+ DEVICE_TYPE DeviceType;\r
+ ULONG Characteristics;\r
+} FILE_FS_DEVICE_INFORMATION, *PFILE_FS_DEVICE_INFORMATION;\r
+\r
+\r
+typedef struct _FILE_FS_VOLUME_INFORMATION {\r
+ TIME VolumeCreationTime;\r
+ ULONG VolumeSerialNumber;\r
+ ULONG VolumeLabelLength;\r
+ BOOLEAN SupportsObjects;\r
+ WCHAR VolumeLabel[0];\r
+} FILE_FS_VOLUME_INFORMATION, *PFILE_FS_VOLUME_INFORMATION;\r
+\r
+typedef struct _FILE_FS_SIZE_INFORMATION {\r
+ LARGE_INTEGER TotalAllocationUnits;\r
+ LARGE_INTEGER AvailableAllocationUnits;\r
+ ULONG SectorsPerAllocationUnit;\r
+ ULONG BytesPerSector;\r
+} FILE_FS_SIZE_INFORMATION, *PFILE_FS_SIZE_INFORMATION;\r
+\r
+typedef struct _FILE_FS_ATTRIBUTE_INFORMATION {\r
+ ULONG FileSystemAttributes;\r
+ LONG MaximumComponentNameLength;\r
+ ULONG FileSystemNameLength;\r
+ WCHAR FileSystemName[0];\r
+} FILE_FS_ATTRIBUTE_INFORMATION, *PFILE_FS_ATTRIBUTE_INFORMATION;\r
+\r
+/*\r
+ FileSystemAttributes is one of the following values:\r
+\r
+ FILE_CASE_SENSITIVE_SEARCH 0x00000001\r
+ FILE_CASE_PRESERVED_NAMES 0x00000002\r
+ FILE_UNICODE_ON_DISK 0x00000004\r
+ FILE_PERSISTENT_ACLS 0x00000008\r
+ FILE_FILE_COMPRESSION 0x00000010\r
+ FILE_VOLUME_QUOTAS 0x00000020\r
+ FILE_VOLUME_IS_COMPRESSED 0x00008000\r
+*/\r
+typedef struct _FILE_FS_LABEL_INFORMATION {\r
+ ULONG VolumeLabelLength;\r
+ WCHAR VolumeLabel[0];\r
+} FILE_FS_LABEL_INFORMATION, *PFILE_FS_LABEL_INFORMATION;\r
+\r
+// read file scatter / write file scatter\r
+//FIXME I am a win32 struct aswell\r
+\r
+typedef union _FILE_SEGMENT_ELEMENT {\r
+ PVOID Buffer;\r
+ ULONG Alignment;\r
+}FILE_SEGMENT_ELEMENT, *PFILE_SEGMENT_ELEMENT;\r
+
+typedef struct _FILE_DIRECTORY_INFORMATION {\r
+ ULONG NextEntryOffset;\r
+ ULONG FileIndex;\r
+ TIME CreationTime;\r
+ TIME LastAccessTime;\r
+ TIME LastWriteTime;\r
+ TIME ChangeTime;\r
+ LARGE_INTEGER EndOfFile;\r
+ LARGE_INTEGER AllocationSize;\r
+ ULONG FileAttributes;\r
+ ULONG FileNameLength;\r
+ WCHAR FileName[0];\r
+} FILE_DIRECTORY_INFORMATION, *PFILE_DIRECTORY_INFORMATION;\r
+\r
+typedef struct _FILE_FULL_DIRECTORY_INFORMATION {\r
+ ULONG NextEntryOffset;\r
+ ULONG FileIndex;\r
+ TIME CreationTime;\r
+ TIME LastAccessTime;\r
+ TIME LastWriteTime;\r
+ TIME ChangeTime;\r
+ LARGE_INTEGER EndOfFile;\r
+ LARGE_INTEGER AllocationSize;\r
+ ULONG FileAttributes;\r
+ ULONG FileNameLength;\r
+ ULONG EaSize;\r
+ WCHAR FileName[0]; // variable size\r
+} FILE_FULL_DIRECTORY_INFORMATION, *PFILE_FULL_DIRECTORY_INFORMATION,\r
+ FILE_FULL_DIR_INFORMATION, *PFILE_FULL_DIR_INFORMATION;\r
+\r
+\r
+typedef struct _FILE_BOTH_DIRECTORY_INFORMATION {\r
+ ULONG NextEntryOffset;\r
+ ULONG FileIndex;\r
+ TIME CreationTime;\r
+ TIME LastAccessTime;\r
+ TIME LastWriteTime;\r
+ TIME ChangeTime;\r
+ LARGE_INTEGER EndOfFile;\r
+ LARGE_INTEGER AllocationSize;\r
+ ULONG FileAttributes;\r
+ ULONG FileNameLength;\r
+ ULONG EaSize;\r
+ CHAR ShortNameLength;\r
+ WCHAR ShortName[12]; // 8.3 name\r
+ WCHAR FileName[0];\r
+} FILE_BOTH_DIRECTORY_INFORMATION, *PFILE_BOTH_DIRECTORY_INFORMATION,\r
+ FILE_BOTH_DIR_INFORMATION, *PFILE_BOTH_DIR_INFORMATION;\r
+
+/*\r
+ NotifyFilter / CompletionFilter:\r
+\r
+ FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001\r
+ FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002\r
+ FILE_NOTIFY_CHANGE_NAME 0x00000003\r
+ FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004\r
+ FILE_NOTIFY_CHANGE_SIZE 0x00000008\r
+ FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010\r
+ FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020\r
+ FILE_NOTIFY_CHANGE_CREATION 0x00000040\r
+ FILE_NOTIFY_CHANGE_EA 0x00000080\r
+ FILE_NOTIFY_CHANGE_SECURITY 0x00000100\r
+ FILE_NOTIFY_CHANGE_STREAM_NAME 0x00000200\r
+ FILE_NOTIFY_CHANGE_STREAM_SIZE 0x00000400\r
+ FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800\r
+*/\r
+\r
+typedef struct _FILE_NOTIFY_INFORMATION {\r
+ ULONG Action;\r
+ ULONG FileNameLength;\r
+ WCHAR FileName[0]; \r
+} FILE_NOTIFY_INFORMATION;\r
+
+#define FSCTL_GET_VOLUME_BITMAP 0x9006F\r
+#define FSCTL_GET_RETRIEVAL_POINTERS 0x90073\r
+#define FSCTL_MOVE_FILE 0x90074\r
+
+typedef struct _MAPPING_PAIR\r
+{\r
+ ULONGLONG Vcn;\r
+ ULONGLONG Lcn;\r
+} MAPPING_PAIR, *PMAPPING_PAIR;\r
+\r
+typedef struct _GET_RETRIEVAL_DESCRIPTOR\r
+{\r
+ ULONG NumberOfPairs;\r
+ ULONGLONG StartVcn;\r
+ MAPPING_PAIR Pair[0]; // variable size \r
+} GET_RETRIEVAL_DESCRIPTOR, *PGET_RETRIEVAL_DESCRIPTOR;\r
+
+typedef struct _MOVEFILE_DESCRIPTOR\r
+{\r
+ HANDLE FileHandle;\r
+ ULONG Reserved;\r
+ LARGE_INTEGER StartVcn;\r
+ LARGE_INTEGER TargetLcn;\r
+ ULONG NumVcns;\r
+ ULONG Reserved1;\r
+} MOVEFILE_DESCRIPTOR, *PMOVEFILE_DESCRIPTOR;\r
+
+typedef struct _SECTION_BASIC_INFORMATION\r
+{\r
+ PVOID BaseAddress;\r
+ ULONG Attributes;\r
+ LARGE_INTEGER Size;\r
+} SECTION_BASIC_INFORMATION, *PSECTION_BASIC_INFORMATION;\r
+\r
+typedef enum _SECTION_INFORMATION_CLASS \r
+{\r
+ SectionBasicInformation,\r
+ SectionImageInformation,\r
+} SECTION_INFORMATION_CLASS;\r
+
+// shutdown action
+
+typedef enum SHUTDOWN_ACTION_TAG {
+ ShutdownNoReboot,
+ ShutdownReboot,
+ ShutdownPowerOff
+} SHUTDOWN_ACTION;
+
+#else /* __USE_W32API */
+\r
+#define DebugDbgLoadSymbols ((DEBUG_CONTROL_CODE)0xffffffff)\r
+\r
+#endif /* __USE_W32API */
+\r
+#define NtCurrentProcess() ( (HANDLE) 0xFFFFFFFF )\r
+#define NtCurrentThread() ( (HANDLE) 0xFFFFFFFE )\r
+#if 1\r
+extern ULONG NtBuildNumber;\r
+#else\r
+#ifdef __NTOSKRNL__\r
+extern ULONG NtBuildNumber;\r
+#else\r
+extern ULONG NtBuildNumber;\r
+#endif\r
+#endif\r
+\r
+// event access mask\r
+\r
+#define EVENT_READ_ACCESS 1\r
+#define EVENT_WRITE_ACCESS 2\r
+\r
+//process query / set information class\r
+\r
+#define ProcessBasicInformation 0\r
+#define ProcessQuotaLimits 1\r
+#define ProcessIoCounters 2\r
+#define ProcessVmCounters 3\r
+#define ProcessTimes 4\r
+#define ProcessBasePriority 5\r
+#define ProcessRaisePriority 6\r
+#define ProcessDebugPort 7\r
+#define ProcessExceptionPort 8\r
+#define ProcessAccessToken 9\r
+#define ProcessLdtInformation 10\r
+#define ProcessLdtSize 11\r
+#define ProcessDefaultHardErrorMode 12\r
+#define ProcessIoPortHandlers 13\r
+#define ProcessPooledUsageAndLimits 14\r
+#define ProcessWorkingSetWatch 15\r
+#define ProcessUserModeIOPL 16\r
+#define ProcessEnableAlignmentFaultFixup 17\r
+#define ProcessPriorityClass 18\r
+#define ProcessWx86Information 19\r
+#define ProcessHandleCount 20\r
+#define ProcessAffinityMask 21\r
+#define ProcessPriorityBoost 22\r
+#define ProcessDeviceMap 23\r
+#define ProcessSessionInformation 24\r
+#define ProcessForegroundInformation 25\r
+#define ProcessWow64Information 26\r
+/* ReactOS private. */\r
+#define ProcessImageFileName 27\r
+#define ProcessDesktop 28\r
+#define MaxProcessInfoClass 29\r
+\r
+/*\r
+ * thread query / set information class\r
+ */\r
+#define ThreadBasicInformation 0\r
+#define ThreadTimes 1\r
+#define ThreadPriority 2\r
+#define ThreadBasePriority 3\r
+#define ThreadAffinityMask 4\r
+#define ThreadImpersonationToken 5\r
+#define ThreadDescriptorTableEntry 6\r
+#define ThreadEnableAlignmentFaultFixup 7\r
+#define ThreadEventPair 8\r
+#define ThreadQuerySetWin32StartAddress 9\r
+#define ThreadZeroTlsCell 10\r
+#define ThreadPerformanceCount 11\r
+#define ThreadAmILastThread 12\r
+#define ThreadIdealProcessor 13\r
+#define ThreadPriorityBoost 14\r
+#define ThreadSetTlsArrayAddress 15\r
+#define ThreadIsIoPending 16\r
+#define ThreadHideFromDebugger 17\r
+#define MaxThreadInfoClass 17\r
+\r
+// object handle information\r
+\r
+#define ObjectBasicInformation 0\r
+#define ObjectNameInformation 1\r
+#define ObjectTypeInformation 2\r
+#define ObjectAllInformation 3\r
+#define ObjectDataInformation 4\r
+\r
+typedef struct _ATOM_TABLE_INFORMATION\r
+{\r
+ ULONG NumberOfAtoms;\r
+ RTL_ATOM Atoms[1];\r
+} ATOM_TABLE_INFORMATION, *PATOM_TABLE_INFORMATION;\r
+\r
+\r
+// mutant information\r
+\r
+typedef enum _MUTANT_INFORMATION_CLASS\r
+{\r
+ MutantBasicInformation = 0\r
+} MUTANT_INFORMATION_CLASS;\r
+\r
+typedef struct _MUTANT_BASIC_INFORMATION\r
+{\r
+ LONG Count;\r
+ BOOLEAN Owned;\r
+ BOOLEAN Abandoned;\r
+} MUTANT_BASIC_INFORMATION, *PMUTANT_BASIC_INFORMATION;\r
+\r
+\r
+// SystemTimeOfDayInformation (3)\r
+typedef\r
+struct _SYSTEM_TIMEOFDAY_INFORMATION\r
+{\r
+ LARGE_INTEGER BootTime;\r
+ LARGE_INTEGER CurrentTime;\r
+ LARGE_INTEGER TimeZoneBias;\r
+ ULONG TimeZoneId;\r
+ ULONG Reserved;\r
+} SYSTEM_TIMEOFDAY_INFORMATION, *PSYSTEM_TIMEOFDAY_INFORMATION;\r
+\r
+// SystemPathInformation (4)\r
+// IT DOES NOT WORK\r
+typedef\r
+struct _SYSTEM_PATH_INFORMATION\r
+{\r
+ PVOID Dummy;\r
+\r
+} SYSTEM_PATH_INFORMATION, * PSYSTEM_PATH_INFORMATION;\r
+\r
+// SystemProcessInformation (5)\r
+typedef\r
+struct _SYSTEM_THREAD_INFORMATION\r
+{\r
+ TIME KernelTime;\r
+ TIME UserTime;\r
+ TIME CreateTime;\r
+ ULONG TickCount;\r
+ ULONG StartEIP;\r
+ CLIENT_ID ClientId;\r
+ ULONG DynamicPriority;\r
+ ULONG BasePriority;\r
+ ULONG nSwitches;\r
+ DWORD State;\r
+ KWAIT_REASON WaitReason;\r
+ \r
+} SYSTEM_THREAD_INFORMATION, *PSYSTEM_THREAD_INFORMATION;\r
+\r
+typedef\r
+struct SYSTEM_PROCESS_INFORMATION\r
+{\r
+ ULONG RelativeOffset;\r
+ ULONG ThreadCount;\r
+ ULONG Unused1 [6];\r
+ TIME CreateTime;\r
+ TIME UserTime;\r
+ TIME KernelTime;\r
+ UNICODE_STRING Name;\r
+ ULONG BasePriority;\r
+ ULONG ProcessId;\r
+ ULONG ParentProcessId;\r
+ ULONG HandleCount;\r
+ ULONG Unused2[2];\r
+ ULONG PeakVirtualSizeBytes;\r
+ ULONG TotalVirtualSizeBytes;\r
+ ULONG PageFaultCount;\r
+ ULONG PeakWorkingSetSizeBytes;\r
+ ULONG TotalWorkingSetSizeBytes;\r
+ ULONG PeakPagedPoolUsagePages;\r
+ ULONG TotalPagedPoolUsagePages;\r
+ ULONG PeakNonPagedPoolUsagePages;\r
+ ULONG TotalNonPagedPoolUsagePages;\r
+ ULONG TotalPageFileUsageBytes;\r
+ ULONG PeakPageFileUsageBytes;\r
+ ULONG TotalPrivateBytes;\r
+ SYSTEM_THREAD_INFORMATION ThreadSysInfo [1];\r
+ \r
+} SYSTEM_PROCESS_INFORMATION, *PSYSTEM_PROCESS_INFORMATION;\r
+\r
+// SystemCallCountInformation (6)\r
+typedef\r
+struct _SYSTEM_SDT_INFORMATION\r
+{\r
+ ULONG BufferLength;\r
+ ULONG NumberOfSystemServiceTables;\r
+ ULONG NumberOfServices [1];\r
+ ULONG ServiceCounters [1];\r
+\r
+} SYSTEM_SDT_INFORMATION, *PSYSTEM_SDT_INFORMATION;\r
+\r
+// SystemDeviceInformation (7)\r
+typedef\r
+struct _SYSTEM_DEVICE_INFORMATION\r
+{\r
+ ULONG NumberOfDisks;\r
+ ULONG NumberOfFloppies;\r
+ ULONG NumberOfCdRoms;\r
+ ULONG NumberOfTapes;\r
+ ULONG NumberOfSerialPorts;\r
+ ULONG NumberOfParallelPorts;\r
+} SYSTEM_DEVICE_INFORMATION, *PSYSTEM_DEVICE_INFORMATION;\r
+\r
+// SystemProcessorPerformanceInformation (8)\r
+// (one per processor in the system)\r
+typedef\r
+struct _SYSTEM_PROCESSORTIME_INFO\r
+{\r
+ TIME TotalProcessorRunTime;\r
+ TIME TotalProcessorTime;\r
+ TIME TotalProcessorUserTime;\r
+ TIME TotalDPCTime;\r
+ TIME TotalInterruptTime;\r
+ ULONG TotalInterrupts;\r
+ ULONG Unused;\r
+\r
+} SYSTEM_PROCESSORTIME_INFO, *PSYSTEM_PROCESSORTIME_INFO;\r
+\r
+// SystemFlagsInformation (9)\r
+typedef\r
+struct _SYSTEM_FLAGS_INFORMATION\r
+{\r
+ ULONG Flags;\r
+\r
+} SYSTEM_FLAGS_INFORMATION, * PSYSTEM_FLAGS_INFORMATION;\r
+\r
+#define FLG_STOP_ON_EXCEPTION 0x00000001\r
+#define FLG_SHOW_LDR_SNAPS 0x00000002\r
+#define FLG_DEBUG_INITIAL_COMMAND 0x00000004\r
+#define FLG_STOP_ON_HANG_GUI 0x00000008\r
+#define FLG_HEAP_ENABLE_TAIL_CHECK 0x00000010\r
+#define FLG_HEAP_ENABLE_FREE_CHECK 0x00000020\r
+#define FLG_HEAP_VALIDATE_PARAMETERS 0x00000040\r
+#define FLG_HEAP_VALIDATE_ALL 0x00000080\r
+#define FLG_POOL_ENABLE_TAIL_CHECK 0x00000100\r
+#define FLG_POOL_ENABLE_FREE_CHECK 0x00000200\r
+#define FLG_POOL_ENABLE_TAGGING 0x00000400\r
+#define FLG_HEAP_ENABLE_TAGGING 0x00000800\r
+#define FLG_USER_STACK_TRACE_DB 0x00001000\r
+#define FLG_KERNEL_STACK_TRACE_DB 0x00002000\r
+#define FLG_MAINTAIN_OBJECT_TYPELIST 0x00004000\r
+#define FLG_HEAP_ENABLE_TAG_BY_DLL 0x00008000\r
+#define FLG_IGNORE_DEBUG_PRIV 0x00010000\r
+#define FLG_ENABLE_CSRDEBUG 0x00020000\r
+#define FLG_ENABLE_KDEBUG_SYMBOL_LOAD 0x00040000\r
+#define FLG_DISABLE_PAGE_KERNEL_STACKS 0x00080000\r
+#define FLG_HEAP_ENABLE_CALL_TRACING 0x00100000\r
+#define FLG_HEAP_DISABLE_COALESCING 0x00200000\r
+#define FLG_ENABLE_CLOSE_EXCEPTION 0x00400000\r
+#define FLG_ENABLE_EXCEPTION_LOGGING 0x00800000\r
+#define FLG_UNKNOWN_01000000 0x01000000\r
+#define FLG_UNKNOWN_02000000 0x02000000\r
+#define FLG_UNKNOWN_04000000 0x04000000\r
+#define FLG_ENABLE_DBGPRINT_BUFFERING 0x08000000\r
+#define FLG_UNKNOWN_10000000 0x10000000\r
+#define FLG_UNKNOWN_20000000 0x20000000\r
+#define FLG_UNKNOWN_40000000 0x40000000\r
+#define FLG_UNKNOWN_80000000 0x80000000\r
+\r
+// SystemCallTimeInformation (10)\r
+// UNKNOWN\r
+\r
+// SystemLocksInformation (12)\r
+typedef\r
+struct _SYSTEM_RESOURCE_LOCK_ENTRY\r
+{\r
+ ULONG ResourceAddress;\r
+ ULONG Always1;\r
+ ULONG Unknown;\r
+ ULONG ActiveCount;\r
+ ULONG ContentionCount;\r
+ ULONG Unused[2];\r
+ ULONG NumberOfSharedWaiters;\r
+ ULONG NumberOfExclusiveWaiters;\r
+ \r
+} SYSTEM_RESOURCE_LOCK_ENTRY, *PSYSTEM_RESOURCE_LOCK_ENTRY;\r
+\r
+typedef\r
+struct _SYSTEM_RESOURCE_LOCK_INFO\r
+{\r
+ ULONG Count;\r
+ SYSTEM_RESOURCE_LOCK_ENTRY Lock [1];\r
+ \r
+} SYSTEM_RESOURCE_LOCK_INFO, *PSYSTEM_RESOURCE_LOCK_INFO;\r
+\r
+// SystemInformation13 (13)\r
+// UNKNOWN\r
+\r
+// SystemInformation14 (14)\r
+// UNKNOWN\r
+\r
+// SystemInformation15 (15)\r
+// UNKNOWN\r
+\r
+// SystemInstructionEmulationInfo (19)\r
+typedef\r
+struct _SYSTEM_VDM_INFORMATION\r
+{\r
+ ULONG VdmSegmentNotPresentCount;\r
+ ULONG VdmINSWCount;\r
+ ULONG VdmESPREFIXCount;\r
+ ULONG VdmCSPREFIXCount;\r
+ ULONG VdmSSPREFIXCount;\r
+ ULONG VdmDSPREFIXCount;\r
+ ULONG VdmFSPREFIXCount;\r
+ ULONG VdmGSPREFIXCount;\r
+ ULONG VdmOPER32PREFIXCount;\r
+ ULONG VdmADDR32PREFIXCount;\r
+ ULONG VdmINSBCount;\r
+ ULONG VdmINSWV86Count;\r
+ ULONG VdmOUTSBCount;\r
+ ULONG VdmOUTSWCount;\r
+ ULONG VdmPUSHFCount;\r
+ ULONG VdmPOPFCount;\r
+ ULONG VdmINTNNCount;\r
+ ULONG VdmINTOCount;\r
+ ULONG VdmIRETCount;\r
+ ULONG VdmINBIMMCount;\r
+ ULONG VdmINWIMMCount;\r
+ ULONG VdmOUTBIMMCount;\r
+ ULONG VdmOUTWIMMCount;\r
+ ULONG VdmINBCount;\r
+ ULONG VdmINWCount;\r
+ ULONG VdmOUTBCount;\r
+ ULONG VdmOUTWCount;\r
+ ULONG VdmLOCKPREFIXCount;\r
+ ULONG VdmREPNEPREFIXCount;\r
+ ULONG VdmREPPREFIXCount;\r
+ ULONG VdmHLTCount;\r
+ ULONG VdmCLICount;\r
+ ULONG VdmSTICount;\r
+ ULONG VdmBopCount;\r
+\r
+} SYSTEM_VDM_INFORMATION, *PSYSTEM_VDM_INFORMATION;\r
+\r
+// SystemInformation20 (20)\r
+// UNKNOWN\r
+\r
+// SystemPoolTagInformation (22)\r
+// found by Klaus P. Gerlicher\r
+// (implemented only in checked builds)\r
+typedef\r
+struct _POOL_TAG_STATS\r
+{\r
+ ULONG AllocationCount;\r
+ ULONG FreeCount;\r
+ ULONG SizeBytes;\r
+ \r
+} POOL_TAG_STATS;\r
+\r
+typedef\r
+struct _SYSTEM_POOL_TAG_ENTRY\r
+{\r
+ ULONG Tag;\r
+ POOL_TAG_STATS Paged;\r
+ POOL_TAG_STATS NonPaged;\r
+\r
+} SYSTEM_POOL_TAG_ENTRY, * PSYSTEM_POOL_TAG_ENTRY;\r
+\r
+typedef\r
+struct _SYSTEM_POOL_TAG_INFO\r
+{\r
+ ULONG Count;\r
+ SYSTEM_POOL_TAG_ENTRY PoolEntry [1];\r
+\r
+} SYSTEM_POOL_TAG_INFO, *PSYSTEM_POOL_TAG_INFO;\r
+\r
+// SystemProcessorScheduleInfo (23)\r
+typedef\r
+struct _SYSTEM_PROCESSOR_SCHEDULE_INFO\r
+{\r
+ ULONG nContextSwitches;\r
+ ULONG nDPCQueued;\r
+ ULONG nDPCRate;\r
+ ULONG TimerResolution;\r
+ ULONG nDPCBypasses;\r
+ ULONG nAPCBypasses;\r
+ \r
+} SYSTEM_PROCESSOR_SCHEDULE_INFO, *PSYSTEM_PROCESSOR_SCHEDULE_INFO;\r
+\r
+// SystemInformation25 (25)\r
+// UNKNOWN\r
+\r
+// SystemProcessorFaultCountInfo (33)\r
+typedef\r
+struct _SYSTEM_PROCESSOR_FAULT_INFO\r
+{\r
+ ULONG nAlignmentFixup;\r
+ ULONG nExceptionDispatches;\r
+ ULONG nFloatingEmulation;\r
+ ULONG Unknown;\r
+ \r
+} SYSTEM_PROCESSOR_FAULT_INFO, *PSYSTEM_PROCESSOR_FAULT_INFO;\r
+\r
+// SystemCrashDumpStateInfo (34)\r
+//\r
+\r
+// SystemDebuggerInformation (35)\r
+typedef\r
+struct _SYSTEM_DEBUGGER_INFO\r
+{\r
+ BOOLEAN KdDebuggerEnabled;\r
+ BOOLEAN KdDebuggerPresent;\r
+ \r
+} SYSTEM_DEBUGGER_INFO, *PSYSTEM_DEBUGGER_INFO;\r
+\r
+// SystemInformation36 (36)\r
+// UNKNOWN\r
+\r
+// SystemQuotaInformation (37)\r
+typedef\r
+struct _SYSTEM_QUOTA_INFORMATION\r
+{\r
+ ULONG CmpGlobalQuota;\r
+ ULONG CmpGlobalQuotaUsed;\r
+ ULONG MmSizeofPagedPoolInBytes;\r
+ \r
+} SYSTEM_QUOTA_INFORMATION, *PSYSTEM_QUOTA_INFORMATION;\r
+\r
+// (49)\r
+// UNKNOWN\r
+\r
+// SystemVerifierInformation (51)\r
+// UNKNOWN\r
+\r
+// SystemAddVerifier (52)\r
+// UNKNOWN\r
+\r
+// wait type\r
+\r
+#define WaitAll 0\r
+#define WaitAny 1\r
+\r
+// number of wait objects\r
+\r
+#define THREAD_WAIT_OBJECTS 3\r
+//#define MAXIMUM_WAIT_OBJECTS 64\r
+\r
+// key restore flags\r
+\r
+#define REG_WHOLE_HIVE_VOLATILE 1\r
+#define REG_REFRESH_HIVE 2\r
+\r
+// object type access rights\r
+\r
+#define OBJECT_TYPE_CREATE 0x0001\r
+#define OBJECT_TYPE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0x1)\r
+\r
+// directory access rights\r
+\r
+#define DIRECTORY_QUERY 0x0001\r
+#define DIRECTORY_TRAVERSE 0x0002\r
+#define DIRECTORY_CREATE_OBJECT 0x0004\r
+#define DIRECTORY_CREATE_SUBDIRECTORY 0x0008\r
+\r
+#define DIRECTORY_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0xF)\r
+\r
+// symbolic link access rights\r
+\r
+#define SYMBOLIC_LINK_QUERY 0x0001\r
+#define SYMBOLIC_LINK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0x1)\r
+\r
+\r
+typedef struct _OBJECT_DATA_INFORMATION\r
+{\r
+ BOOLEAN bInheritHandle;\r
+ BOOLEAN bProtectFromClose;\r
+} OBJECT_DATA_INFORMATION, *POBJECT_DATA_INFORMATION;\r
+\r
+\r
+typedef struct _OBJECT_TYPE_INFORMATION\r
+{\r
+ UNICODE_STRING Name;\r
+ UNICODE_STRING Type;\r
+ ULONG TotalHandles;\r
+ ULONG ReferenceCount;\r
+} OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION;\r
+\r
+\r
+// directory information\r
+\r
+typedef struct _OBJDIR_INFORMATION {\r
+ UNICODE_STRING ObjectName;\r
+ UNICODE_STRING ObjectTypeName; // Directory, Device ...\r
+ UCHAR Data[0];\r
+} OBJDIR_INFORMATION, *POBJDIR_INFORMATION;\r
+\r
+\r
+/*\r
+ Action is one of the following values:\r
+\r
+ FILE_ACTION_ADDED 0x00000001\r
+ FILE_ACTION_REMOVED 0x00000002\r
+ FILE_ACTION_MODIFIED 0x00000003\r
+ FILE_ACTION_RENAMED_OLD_NAME 0x00000004\r
+ FILE_ACTION_RENAMED_NEW_NAME 0x00000005\r
+ FILE_ACTION_ADDED_STREAM 0x00000006\r
+ FILE_ACTION_REMOVED_STREAM 0x00000007\r
+ FILE_ACTION_MODIFIED_STREAM 0x00000008\r
+\r
+*/\r
+\r
+\r
+// File System Control commands ( related to defragging )\r
+\r
+#define FSCTL_READ_MFT_RECORD 0x90068 // NTFS only\r
+\r
+typedef struct _BITMAP_DESCRIPTOR\r
+{\r
+ ULONGLONG StartLcn;\r
+ ULONGLONG ClustersToEndOfVol;\r
+ BYTE Map[0]; // variable size\r
+} BITMAP_DESCRIPTOR, *PBITMAP_DESCRIPTOR;\r
+\r
+\r
+//typedef enum _TIMER_TYPE \r
+//{\r
+// NotificationTimer,\r
+// SynchronizationTimer\r
+//} TIMER_TYPE;\r
+\r
+typedef struct _TIMER_BASIC_INFORMATION\r
+{\r
+ LARGE_INTEGER TimeRemaining;\r
+ BOOLEAN SignalState;\r
+} TIMER_BASIC_INFORMATION, *PTIMER_BASIC_INFORMATION;\r
+\r
+typedef enum _TIMER_INFORMATION_CLASS\r
+{\r
+ TimerBasicInformation\r
+} TIMER_INFORMATION_CLASS;\r
+\r
+typedef\r
+struct _LPC_PORT_BASIC_INFORMATION\r
+{\r
+ DWORD Unknown0;\r
+ DWORD Unknown1;\r
+ DWORD Unknown2;\r
+ DWORD Unknown3;\r
+ DWORD Unknown4;\r
+ DWORD Unknown5;\r
+ DWORD Unknown6;\r
+ DWORD Unknown7;\r
+ DWORD Unknown8;\r
+ DWORD Unknown9;\r
+ DWORD Unknown10;\r
+ DWORD Unknown11;\r
+ DWORD Unknown12;\r
+ DWORD Unknown13;\r
+\r
+} LPC_PORT_BASIC_INFORMATION, * PLPC_PORT_BASIC_INFORMATION;\r
+\r
+#endif\r