+++ /dev/null
-/* $Id: rtl.h,v 1.69 2002/11/10 13:34:42 robd Exp $
- *
- */
-
-#ifndef __DDK_RTL_H
-#define __DDK_RTL_H
-
-#if defined(__NTOSKRNL__) || defined(__NTDRIVER__) || defined(__NTHAL__) || defined(__NTDLL__) || defined (__NTAPP__)
-
-#include <stddef.h>
-#include <stdarg.h>
-
-#endif /* __NTOSKRNL__ || __NTDRIVER__ || __NTHAL__ || __NTDLL__ || __NTAPP__ */
-
-#include <pe.h>
-
-
-
-/*
- * PURPOSE: Flags for RtlQueryRegistryValues
- */
-#define RTL_QUERY_REGISTRY_SUBKEY (0x00000001)
-#define RTL_QUERY_REGISTRY_TOPKEY (0x00000002)
-#define RTL_QUERY_REGISTRY_REQUIRED (0x00000004)
-#define RTL_QUERY_REGISTRY_NOVALUE (0x00000008)
-#define RTL_QUERY_REGISTRY_NOEXPAND (0x00000010)
-#define RTL_QUERY_REGISTRY_DIRECT (0x00000020)
-#define RTL_QUERY_REGISTRY_DELETE (0x00000040)
-
-
-/*
- * PURPOSE: Used with RtlCheckRegistryKey, RtlCreateRegistryKey,
- * RtlDeleteRegistryKey
- */
-#define RTL_REGISTRY_ABSOLUTE 0
-#define RTL_REGISTRY_SERVICES 1
-#define RTL_REGISTRY_CONTROL 2
-#define RTL_REGISTRY_WINDOWS_NT 3
-#define RTL_REGISTRY_DEVICEMAP 4
-#define RTL_REGISTRY_USER 5
-#define RTL_REGISTRY_ENUM 6 // ReactOS specific: Used internally in kernel only
-#define RTL_REGISTRY_MAXIMUM 7
-
-#define RTL_REGISTRY_HANDLE 0x40000000
-#define RTL_REGISTRY_OPTIONAL 0x80000000
-
-
-#define SHORT_SIZE (sizeof(USHORT))
-#define SHORT_MASK (SHORT_SIZE-1)
-#define LONG_SIZE (sizeof(ULONG))
-#define LONG_MASK (LONG_SIZE-1)
-#define LOWBYTE_MASK 0x00FF
-
-#define FIRSTBYTE(Value) ((Value) & LOWBYTE_MASK)
-#define SECONDBYTE(Value) (((Value) >> 8) & LOWBYTE_MASK)
-#define THIRDBYTE(Value) (((Value) >> 16) & LOWBYTE_MASK)
-#define FOURTHBYTE(Value) (((Value) >> 24) & LOWBYTE_MASK)
-
-/* FIXME: reverse byte-order on big-endian machines (e.g. MIPS) */
-#define SHORT_LEAST_SIGNIFICANT_BIT 0
-#define SHORT_MOST_SIGNIFICANT_BIT 1
-
-#define LONG_LEAST_SIGNIFICANT_BIT 0
-#define LONG_3RD_MOST_SIGNIFICANT_BIT 1
-#define LONG_2RD_MOST_SIGNIFICANT_BIT 2
-#define LONG_MOST_SIGNIFICANT_BIT 3
-
-
-
-#if defined(__NTOSKRNL__) || defined(__NTDLL__)
-#define NLS_MB_CODE_PAGE_TAG NlsMbCodePageTag
-#define NLS_MB_OEM_CODE_PAGE_TAG NlsMbOemCodePageTag
-#else
-#define NLS_MB_CODE_PAGE_TAG (*NlsMbCodePageTag)
-#define NLS_MB_OEM_CODE_PAGE_TAG (*NlsMbOemCodePageTag)
-#endif /* __NTOSKRNL__ || __NTDLL__ */
-
-extern BOOLEAN NLS_MB_CODE_PAGE_TAG;
-extern BOOLEAN NLS_MB_OEM_CODE_PAGE_TAG;
-
-
-/*
- * NOTE: ReactOS extensions
- */
-#define RtlMin(X,Y) (((X) < (Y))? (X) : (Y))
-#define RtlMax(X,Y) (((X) > (Y))? (X) : (Y))
-#define RtlMin3(X,Y,Z) (((X) < (Y)) ? RtlMin(X,Z) : RtlMin(Y,Z))
-#define RtlMax3(X,Y,Z) (((X) > (Y)) ? RtlMax(X,Z) : RtlMax(Y,Z))
-
-
-/*
- * VOID
- * InitializeObjectAttributes (
- * POBJECT_ATTRIBUTES InitializedAttributes,
- * PUNICODE_STRING ObjectName,
- * ULONG Attributes,
- * HANDLE RootDirectory,
- * PSECURITY_DESCRIPTOR SecurityDescriptor
- * );
- *
- * FUNCTION: Sets up a parameter of type OBJECT_ATTRIBUTES for a
- * subsequent call to ZwCreateXXX or ZwOpenXXX
- * ARGUMENTS:
- * InitializedAttributes (OUT) = Caller supplied storage for the
- * object attributes
- * ObjectName = Full path name for object
- * Attributes = Attributes for the object
- * RootDirectory = Where the object should be placed or NULL
- * SecurityDescriptor = Ignored
- */
-#define InitializeObjectAttributes(p,n,a,r,s) \
-{ \
- (p)->Length = sizeof(OBJECT_ATTRIBUTES); \
- (p)->ObjectName = n; \
- (p)->Attributes = a; \
- (p)->RootDirectory = r; \
- (p)->SecurityDescriptor = s; \
- (p)->SecurityQualityOfService = NULL; \
-}
-
-
-/*
- * VOID
- * InitializeListHead (
- * PLIST_ENTRY ListHead
- * );
- *
- * FUNCTION: Initializes a double linked list
- * ARGUMENTS:
- * ListHead = Caller supplied storage for the head of the list
- */
-#define InitializeListHead(ListHead) \
-{ \
- (ListHead)->Flink = (ListHead); \
- (ListHead)->Blink = (ListHead); \
-}
-
-
-/*
- * VOID
- * InsertHeadList (
- * PLIST_ENTRY ListHead,
- * PLIST_ENTRY Entry
- * );
- *
- * FUNCTION: Inserts an entry in a double linked list
- * ARGUMENTS:
- * ListHead = Head of the list
- * Entry = Entry to insert
- */
-#define InsertHeadList(ListHead, ListEntry) \
-{ \
- PLIST_ENTRY OldFlink; \
- OldFlink = (ListHead)->Flink; \
- (ListEntry)->Flink = OldFlink; \
- (ListEntry)->Blink = (ListHead); \
- OldFlink->Blink = (ListEntry); \
- (ListHead)->Flink = (ListEntry); \
- assert((ListEntry) != NULL); \
- assert((ListEntry)->Blink!=NULL); \
- assert((ListEntry)->Blink->Flink == (ListEntry)); \
- assert((ListEntry)->Flink != NULL); \
- assert((ListEntry)->Flink->Blink == (ListEntry)); \
-}
-
-
-/*
- * VOID
- * InsertTailList (
- * PLIST_ENTRY ListHead,
- * PLIST_ENTRY Entry
- * );
- *
- * FUNCTION:
- * Inserts an entry in a double linked list
- *
- * ARGUMENTS:
- * ListHead = Head of the list
- * Entry = Entry to insert
- */
-#define InsertTailList(ListHead, ListEntry) \
-{ \
- PLIST_ENTRY OldBlink; \
- OldBlink = (ListHead)->Blink; \
- (ListEntry)->Flink = (ListHead); \
- (ListEntry)->Blink = OldBlink; \
- OldBlink->Flink = (ListEntry); \
- (ListHead)->Blink = (ListEntry); \
- assert((ListEntry) != NULL); \
- assert((ListEntry)->Blink != NULL); \
- assert((ListEntry)->Blink->Flink == (ListEntry)); \
- assert((ListEntry)->Flink != NULL); \
- assert((ListEntry)->Flink->Blink == (ListEntry)); \
-}
-
-/*
- * BOOLEAN
- * IsListEmpty (
- * PLIST_ENTRY ListHead
- * );
- *
- * FUNCTION:
- * Checks if a double linked list is empty
- *
- * ARGUMENTS:
- * ListHead = Head of the list
-*/
-#define IsListEmpty(ListHead) \
- ((ListHead)->Flink == (ListHead))
-
-
-/*
- * PSINGLE_LIST_ENTRY
- * PopEntryList (
- * PSINGLE_LIST_ENTRY ListHead
- * );
- *
- * FUNCTION:
- * Removes an entry from the head of a single linked list
- *
- * ARGUMENTS:
- * ListHead = Head of the list
- *
- * RETURNS:
- * The removed entry
- */
-/*
-#define PopEntryList(ListHead) \
- (ListHead)->Next; \
- { \
- PSINGLE_LIST_ENTRY FirstEntry; \
- FirstEntry = (ListHead)->Next; \
- if (FirstEntry != NULL) \
- { \
- (ListHead)->Next = FirstEntry->Next; \
- } \
- }
-*/
-static
-inline
-PSINGLE_LIST_ENTRY
- PopEntryList(
- PSINGLE_LIST_ENTRY ListHead
- )
-{
- PSINGLE_LIST_ENTRY ListEntry;
-
- ListEntry = ListHead->Next;
- if (ListEntry!=NULL)
- {
- ListHead->Next = ListEntry->Next;
- }
- return ListEntry;
-}
-
-/*
-VOID
-PushEntryList (
- PSINGLE_LIST_ENTRY ListHead,
- PSINGLE_LIST_ENTRY Entry
- );
-*/
-/*
-#define PushEntryList(ListHead,Entry) \
- (Entry)->Next = (ListHead)->Next; \
- (ListHead)->Next = (Entry)
-*/
-static
-inline
-VOID
-PushEntryList (
- PSINGLE_LIST_ENTRY ListHead,
- PSINGLE_LIST_ENTRY Entry
- )
-{
- Entry->Next = ListHead->Next;
- ListHead->Next = Entry;
-}
-
-
-/*
- * An ReactOS extension
- */
-static
-inline
-PSINGLE_LIST_ENTRY
- PopEntrySList(
- PSLIST_HEADER ListHead
- )
-{
- PSINGLE_LIST_ENTRY ListEntry;
-
- ListEntry = ListHead->s.Next.Next;
- if (ListEntry!=NULL)
- {
- ListHead->s.Next.Next = ListEntry->Next;
- ListHead->s.Depth++;
- ListHead->s.Sequence++;
- }
- return ListEntry;
-}
-
-
-/*
- * An ReactOS extension
- */
-static
-inline
-VOID
-PushEntrySList (
- PSLIST_HEADER ListHead,
- PSINGLE_LIST_ENTRY Entry
- )
-{
- Entry->Next = ListHead->s.Next.Next;
- ListHead->s.Next.Next = Entry;
- ListHead->s.Depth++;
- ListHead->s.Sequence++;
-}
-
-
-/*
- *VOID
- *RemoveEntryList (
- * PLIST_ENTRY Entry
- * );
- *
- * FUNCTION:
- * Removes an entry from a double linked list
- *
- * ARGUMENTS:
- * ListEntry = Entry to remove
- */
-#define RemoveEntryList(ListEntry) \
-{ \
- PLIST_ENTRY OldFlink; \
- PLIST_ENTRY OldBlink; \
- assert((ListEntry) != NULL); \
- assert((ListEntry)->Blink!=NULL); \
- assert((ListEntry)->Blink->Flink == (ListEntry)); \
- assert((ListEntry)->Flink != NULL); \
- assert((ListEntry)->Flink->Blink == (ListEntry)); \
- OldFlink = (ListEntry)->Flink; \
- OldBlink = (ListEntry)->Blink; \
- OldFlink->Blink = OldBlink; \
- OldBlink->Flink = OldFlink; \
- (ListEntry)->Flink = NULL; \
- (ListEntry)->Blink = NULL; \
-}
-
-
-/*
- * PLIST_ENTRY
- * RemoveHeadList (
- * PLIST_ENTRY ListHead
- * );
- *
- * FUNCTION:
- * Removes the head entry from a double linked list
- *
- * ARGUMENTS:
- * ListHead = Head of the list
- *
- * RETURNS:
- * The removed entry
- */
-/*
-#define RemoveHeadList(ListHead) \
- (ListHead)->Flink; \
- {RemoveEntryList((ListHead)->Flink)}
-*/
-/*
-PLIST_ENTRY
-RemoveHeadList (
- PLIST_ENTRY ListHead
- );
-*/
-
-static
-inline
-PLIST_ENTRY
-RemoveHeadList (
- PLIST_ENTRY ListHead
- )
-{
- PLIST_ENTRY Old;
- PLIST_ENTRY OldFlink;
- PLIST_ENTRY OldBlink;
-
- Old = ListHead->Flink;
-
- OldFlink = ListHead->Flink->Flink;
- OldBlink = ListHead->Flink->Blink;
- OldFlink->Blink = OldBlink;
- OldBlink->Flink = OldFlink;
- if (Old != ListHead)
- {
- Old->Flink = NULL;
- Old->Blink = NULL;
- }
-
- return(Old);
-}
-
-
-/*
- * PLIST_ENTRY
- * RemoveTailList (
- * PLIST_ENTRY ListHead
- * );
- *
- * FUNCTION:
- * Removes the tail entry from a double linked list
- *
- * ARGUMENTS:
- * ListHead = Head of the list
- *
- * RETURNS:
- * The removed entry
- */
-/*
-#define RemoveTailList(ListHead) \
- (ListHead)->Blink; \
- {RemoveEntryList((ListHead)->Blink)}
-*/
-/*
-PLIST_ENTRY
-RemoveTailList (
- PLIST_ENTRY ListHead
- );
-*/
-
-static
-inline
-PLIST_ENTRY
-RemoveTailList (
- PLIST_ENTRY ListHead
- )
-{
- PLIST_ENTRY Old;
- PLIST_ENTRY OldFlink;
- PLIST_ENTRY OldBlink;
-
- Old = ListHead->Blink;
-
- OldFlink = ListHead->Blink->Flink;
- OldBlink = ListHead->Blink->Blink;
- OldFlink->Blink = OldBlink;
- OldBlink->Flink = OldFlink;
- if (Old != ListHead)
- {
- Old->Flink = NULL;
- Old->Blink = NULL;
- }
-
- return(Old);
-}
-
-
-NTSTATUS
-STDCALL
-RtlAddAtomToAtomTable (
- IN PRTL_ATOM_TABLE AtomTable,
- IN PWSTR AtomName,
- OUT PRTL_ATOM Atom
- );
-
-PVOID STDCALL
-RtlAllocateHeap (
- HANDLE Heap,
- ULONG Flags,
- ULONG Size
- );
-
-WCHAR
-STDCALL
-RtlAnsiCharToUnicodeChar (
- CHAR AnsiChar
- );
-
-ULONG
-STDCALL
-RtlAnsiStringToUnicodeSize (
- PANSI_STRING AnsiString
- );
-
-NTSTATUS
-STDCALL
-RtlAnsiStringToUnicodeString (
- PUNICODE_STRING DestinationString,
- PANSI_STRING SourceString,
- BOOLEAN AllocateDestinationString
- );
-
-NTSTATUS
-STDCALL
-RtlAppendAsciizToString(
- PSTRING Destination,
- PCSZ Source
- );
-
-NTSTATUS
-STDCALL
-RtlAppendStringToString (
- PSTRING Destination,
- PSTRING Source
- );
-
-NTSTATUS
-STDCALL
-RtlAppendUnicodeStringToString (
- PUNICODE_STRING Destination,
- PUNICODE_STRING Source
- );
-
-NTSTATUS
-STDCALL
-RtlAppendUnicodeToString (
- PUNICODE_STRING Destination,
- PWSTR Source
- );
-
-BOOLEAN
-STDCALL
-RtlAreBitsClear (
- PRTL_BITMAP BitMapHeader,
- ULONG StartingIndex,
- ULONG Length
- );
-
-BOOLEAN
-STDCALL
-RtlAreBitsSet (
- PRTL_BITMAP BitMapHeader,
- ULONG StartingIndex,
- ULONG Length
- );
-
-VOID
-STDCALL
-RtlAssert (
- PVOID FailedAssertion,
- PVOID FileName,
- ULONG LineNumber,
- PCHAR Message
- );
-
-NTSTATUS
-STDCALL
-RtlCharToInteger (
- PCSZ String,
- ULONG Base,
- PULONG Value
- );
-
-NTSTATUS
-STDCALL
-RtlCheckRegistryKey (
- ULONG RelativeTo,
- PWSTR Path
- );
-
-VOID
-STDCALL
-RtlClearAllBits (
- IN PRTL_BITMAP BitMapHeader
- );
-
-VOID
-STDCALL
-RtlClearBits (
- IN PRTL_BITMAP BitMapHeader,
- IN ULONG StartingIndex,
- IN ULONG NumberToClear
- );
-
-DWORD
-STDCALL
-RtlCompactHeap (
- HANDLE hheap,
- DWORD flags
- );
-
-ULONG
-STDCALL
-RtlCompareMemory (
- PVOID Source1,
- PVOID Source2,
- ULONG Length
- );
-
-LONG
-STDCALL
-RtlCompareString (
- PSTRING String1,
- PSTRING String2,
- BOOLEAN CaseInsensitive
- );
-
-LONG
-STDCALL
-RtlCompareUnicodeString (
- PUNICODE_STRING String1,
- PUNICODE_STRING String2,
- BOOLEAN BaseInsensitive
- );
-
-NTSTATUS STDCALL
-RtlCompressBuffer(IN USHORT CompressionFormatAndEngine,
- IN PUCHAR UncompressedBuffer,
- IN ULONG UncompressedBufferSize,
- OUT PUCHAR CompressedBuffer,
- IN ULONG CompressedBufferSize,
- IN ULONG UncompressedChunkSize,
- OUT PULONG FinalCompressedSize,
- IN PVOID WorkSpace);
-
-NTSTATUS STDCALL
-RtlCompressChunks(IN PUCHAR UncompressedBuffer,
- IN ULONG UncompressedBufferSize,
- OUT PUCHAR CompressedBuffer,
- IN ULONG CompressedBufferSize,
- IN OUT PCOMPRESSED_DATA_INFO CompressedDataInfo,
- IN ULONG CompressedDataInfoLength,
- IN PVOID WorkSpace);
-
-LARGE_INTEGER STDCALL
-RtlConvertLongToLargeInteger(IN LONG SignedInteger);
-
-NTSTATUS STDCALL
-RtlConvertSidToUnicodeString(IN OUT PUNICODE_STRING String,
- IN PSID Sid,
- IN BOOLEAN AllocateString);
-
-LARGE_INTEGER STDCALL
-RtlConvertUlongToLargeInteger(IN ULONG UnsignedInteger);
-
-#if 0
-VOID
-RtlCopyBytes (
- PVOID Destination,
- CONST VOID * Source,
- ULONG Length
- );
-
-VOID
-RtlCopyMemory (
- VOID * Destination,
- CONST VOID * Source,
- ULONG Length
- );
-#endif
-
-#define RtlCopyMemory(Destination,Source,Length) \
- memcpy((Destination),(Source),(Length))
-
-#define RtlCopyBytes RtlCopyMemory
-
-VOID STDCALL
-RtlCopyLuid(IN PLUID LuidDest,
- IN PLUID LuidSrc);
-
-VOID STDCALL
-RtlCopyLuidAndAttributesArray(ULONG Count,
- PLUID_AND_ATTRIBUTES Src,
- PLUID_AND_ATTRIBUTES Dest);
-
-NTSTATUS STDCALL
-RtlCopySid(ULONG BufferLength,
- PSID Dest,
- PSID Src);
-
-NTSTATUS STDCALL
-RtlCopySidAndAttributesArray(ULONG Count,
- PSID_AND_ATTRIBUTES Src,
- ULONG SidAreaSize,
- PSID_AND_ATTRIBUTES Dest,
- PVOID SidArea,
- PVOID* RemainingSidArea,
- PULONG RemainingSidAreaSize);
-
-VOID STDCALL
-RtlCopyString(PSTRING DestinationString,
- PSTRING SourceString);
-
-VOID STDCALL
-RtlCopyUnicodeString(PUNICODE_STRING DestinationString,
- PUNICODE_STRING SourceString);
-
-NTSTATUS STDCALL
-RtlCreateAtomTable(IN ULONG TableSize,
- IN OUT PRTL_ATOM_TABLE *AtomTable);
-
-HANDLE
-STDCALL
-RtlCreateHeap (
- ULONG Flags,
- PVOID BaseAddress,
- ULONG SizeToReserve, // dwMaximumSize
- ULONG SizeToCommit, // dwInitialSize
- PVOID Unknown,
- PRTL_HEAP_DEFINITION Definition
- );
-
-NTSTATUS
-STDCALL
-RtlCreateRegistryKey (
- ULONG RelativeTo,
- PWSTR Path
- );
-
-NTSTATUS
-STDCALL
-RtlCreateSecurityDescriptor (
- PSECURITY_DESCRIPTOR SecurityDescriptor,
- ULONG Revision
- );
-
-BOOLEAN
-STDCALL
-RtlCreateUnicodeString (
- OUT PUNICODE_STRING Destination,
- IN PWSTR Source
- );
-
-BOOLEAN STDCALL
-RtlCreateUnicodeStringFromAsciiz (OUT PUNICODE_STRING Destination,
- IN PCSZ Source);
-
-NTSTATUS
-STDCALL
-RtlCustomCPToUnicodeN (
- PRTL_NLS_DATA NlsData,
- PWCHAR UnicodeString,
- ULONG UnicodeSize,
- PULONG ResultSize,
- PCHAR CustomString,
- ULONG CustomSize
- );
-
-NTSTATUS STDCALL
-RtlDecompressBuffer(IN USHORT CompressionFormat,
- OUT PUCHAR UncompressedBuffer,
- IN ULONG UncompressedBufferSize,
- IN PUCHAR CompressedBuffer,
- IN ULONG CompressedBufferSize,
- OUT PULONG FinalUncompressedSize);
-
-NTSTATUS STDCALL
-RtlDecompressChunks(OUT PUCHAR UncompressedBuffer,
- IN ULONG UncompressedBufferSize,
- IN PUCHAR CompressedBuffer,
- IN ULONG CompressedBufferSize,
- IN PUCHAR CompressedTail,
- IN ULONG CompressedTailSize,
- IN PCOMPRESSED_DATA_INFO CompressedDataInfo);
-
-NTSTATUS STDCALL
-RtlDecompressFragment(IN USHORT CompressionFormat,
- OUT PUCHAR UncompressedFragment,
- IN ULONG UncompressedFragmentSize,
- IN PUCHAR CompressedBuffer,
- IN ULONG CompressedBufferSize,
- IN ULONG FragmentOffset,
- OUT PULONG FinalUncompressedSize,
- IN PVOID WorkSpace);
-
-NTSTATUS STDCALL
-RtlDeleteAtomFromAtomTable(IN PRTL_ATOM_TABLE AtomTable,
- IN RTL_ATOM Atom);
-
-NTSTATUS STDCALL
-RtlDeleteRegistryValue(IN ULONG RelativeTo,
- IN PWSTR Path,
- IN PWSTR ValueName);
-
-NTSTATUS STDCALL
-RtlDescribeChunk(IN USHORT CompressionFormat,
- IN OUT PUCHAR *CompressedBuffer,
- IN PUCHAR EndOfCompressedBufferPlus1,
- OUT PUCHAR *ChunkBuffer,
- OUT PULONG ChunkSize);
-
-NTSTATUS STDCALL
-RtlDestroyAtomTable(IN PRTL_ATOM_TABLE AtomTable);
-
-BOOL STDCALL
-RtlDestroyHeap(HANDLE hheap);
-
-NTSTATUS
-STDCALL
-RtlDowncaseUnicodeString (
- IN OUT PUNICODE_STRING DestinationString,
- IN PUNICODE_STRING SourceString,
- IN BOOLEAN AllocateDestinationString
- );
-
-NTSTATUS
-STDCALL
-RtlEmptyAtomTable (
- IN PRTL_ATOM_TABLE AtomTable,
- IN BOOLEAN DeletePinned
- );
-
-LARGE_INTEGER
-STDCALL
-RtlEnlargedIntegerMultiply (
- LONG Multiplicand,
- LONG Multiplier
- );
-
-ULONG
-STDCALL
-RtlEnlargedUnsignedDivide (
- ULARGE_INTEGER Dividend,
- ULONG Divisor,
- PULONG Remainder
- );
-
-LARGE_INTEGER
-STDCALL
-RtlEnlargedUnsignedMultiply (
- ULONG Multiplicand,
- ULONG Multiplier
- );
-
-BOOLEAN STDCALL
-RtlEqualLuid(IN PLUID Luid1,
- IN PLUID Luid2);
-
-BOOLEAN
-STDCALL
-RtlEqualString (
- PSTRING String1,
- PSTRING String2,
- BOOLEAN CaseInSensitive
- );
-
-BOOLEAN
-STDCALL
-RtlEqualUnicodeString (
- PUNICODE_STRING String1,
- PUNICODE_STRING String2,
- BOOLEAN CaseInSensitive
- );
-
-LARGE_INTEGER
-STDCALL
-RtlExtendedIntegerMultiply (
- LARGE_INTEGER Multiplicand,
- LONG Multiplier
- );
-
-LARGE_INTEGER
-STDCALL
-RtlExtendedLargeIntegerDivide (
- LARGE_INTEGER Dividend,
- ULONG Divisor,
- PULONG Remainder
- );
-
-LARGE_INTEGER
-STDCALL
-RtlExtendedMagicDivide (
- LARGE_INTEGER Dividend,
- LARGE_INTEGER MagicDivisor,
- CCHAR ShiftCount
- );
-
-VOID
-STDCALL
-RtlFillMemory (
- PVOID Destination,
- ULONG Length,
- UCHAR Fill
- );
-
-VOID
-STDCALL
-RtlFillMemoryUlong (
- PVOID Destination,
- ULONG Length,
- ULONG Fill
- );
-
-ULONG
-STDCALL
-RtlFindClearBits (
- PRTL_BITMAP BitMapHeader,
- ULONG NumberToFind,
- ULONG HintIndex
- );
-
-ULONG
-STDCALL
-RtlFindClearBitsAndSet (
- PRTL_BITMAP BitMapHeader,
- ULONG NumberToFind,
- ULONG HintIndex
- );
-
-ULONG
-STDCALL
-RtlFindFirstRunClear (
- PRTL_BITMAP BitMapHeader,
- PULONG StartingIndex
- );
-
-ULONG
-STDCALL
-RtlFindFirstRunSet (
- PRTL_BITMAP BitMapHeader,
- PULONG StartingIndex
- );
-
-ULONG
-STDCALL
-RtlFindLongestRunClear (
- PRTL_BITMAP BitMapHeader,
- PULONG StartingIndex
- );
-
-ULONG
-STDCALL
-RtlFindLongestRunSet (
- PRTL_BITMAP BitMapHeader,
- PULONG StartingIndex
- );
-
-NTSTATUS
-STDCALL
-RtlFindMessage (
- IN PVOID BaseAddress,
- IN ULONG Type,
- IN ULONG Language,
- IN ULONG MessageId,
- OUT PRTL_MESSAGE_RESOURCE_ENTRY *MessageResourceEntry
- );
-
-ULONG
-STDCALL
-RtlFindSetBits (
- PRTL_BITMAP BitMapHeader,
- ULONG NumberToFind,
- ULONG HintIndex
- );
-
-ULONG
-STDCALL
-RtlFindSetBitsAndClear (
- PRTL_BITMAP BitMapHeader,
- ULONG NumberToFind,
- ULONG HintIndex
- );
-
-NTSTATUS
-STDCALL
-RtlFormatCurrentUserKeyPath (
- IN OUT PUNICODE_STRING KeyPath
- );
-
-VOID
-STDCALL
-RtlFreeAnsiString (
- PANSI_STRING AnsiString
- );
-
-BOOLEAN
-STDCALL
-RtlFreeHeap (
- HANDLE Heap,
- ULONG Flags,
- PVOID Address
- );
-
-VOID
-STDCALL
-RtlFreeOemString (
- POEM_STRING OemString
- );
-
-VOID
-STDCALL
-RtlFreeUnicodeString (
- PUNICODE_STRING UnicodeString
- );
-
-VOID STDCALL
-RtlGenerate8dot3Name(IN PUNICODE_STRING Name,
- IN BOOLEAN AllowExtendedCharacters,
- IN OUT PGENERATE_NAME_CONTEXT Context,
- OUT PUNICODE_STRING Name8dot3);
-
-VOID
-RtlGetCallersAddress (
- PVOID * CallersAddress
- );
-
-NTSTATUS STDCALL
-RtlGetCompressionWorkSpaceSize(IN USHORT CompressionFormatAndEngine,
- OUT PULONG CompressBufferAndWorkSpaceSize,
- OUT PULONG CompressFragmentWorkSpaceSize);
-
-VOID
-STDCALL
-RtlGetDefaultCodePage (
- PUSHORT AnsiCodePage,
- PUSHORT OemCodePage
- );
-
-#define RtlGetProcessHeap() (NtCurrentPeb()->ProcessHeap)
-
-PVOID
-STDCALL
-RtlImageDirectoryEntryToData (
- PVOID BaseAddress,
- BOOLEAN bFlag,
- ULONG Directory,
- PULONG Size
- );
-
-PIMAGE_NT_HEADERS
-STDCALL
-RtlImageNtHeader (
- PVOID BaseAddress
- );
-
-PIMAGE_SECTION_HEADER
-STDCALL
-RtlImageRvaToSection (
- PIMAGE_NT_HEADERS NtHeader,
- PVOID BaseAddress,
- ULONG Rva
- );
-
-ULONG
-STDCALL
-RtlImageRvaToVa (
- PIMAGE_NT_HEADERS NtHeader,
- PVOID BaseAddress,
- ULONG Rva,
- PIMAGE_SECTION_HEADER *SectionHeader
- );
-
-VOID
-STDCALL
-RtlInitAnsiString (
- PANSI_STRING DestinationString,
- PCSZ SourceString
- );
-
-VOID
-STDCALL
-RtlInitString (
- PSTRING DestinationString,
- PCSZ SourceString
- );
-
-VOID
-STDCALL
-RtlInitUnicodeString (
- PUNICODE_STRING DestinationString,
- PCWSTR SourceString
- );
-
-/*
-VOID
-InitializeUnicodeString (
- PUNICODE_STRING DestinationString,
- USHORT Lenght,
- USHORT MaximumLength,
- PCWSTR Buffer
- );
-
- Initialize an UNICODE_STRING from its fields. Use when you know the values of
- all the fields in advance
-
- */
-
-#define InitializeUnicodeString(__PDEST_STRING__,__LENGTH__,__MAXLENGTH__,__BUFFER__) \
-{ \
- (__PDEST_STRING__)->Length = (__LENGTH__); \
- (__PDEST_STRING__)->MaximumLength = (__MAXLENGTH__); \
- (__PDEST_STRING__)->Buffer = (__BUFFER__); \
-}
-
-/*
-VOID
-RtlInitUnicodeStringFromLiteral (
- PUNICODE_STRING DestinationString,
- PCWSTR SourceString
- );
-
- Initialize an UNICODE_STRING from a wide string literal. WARNING: use only with
- string literals and statically initialized arrays, it will calculate the wrong
- length otherwise
-
- */
-
-#define RtlInitUnicodeStringFromLiteral(__PDEST_STRING__,__SOURCE_STRING__) \
- InitializeUnicodeString( \
- (__PDEST_STRING__), \
- sizeof(__SOURCE_STRING__) - sizeof(WCHAR), \
- sizeof(__SOURCE_STRING__), \
- (__SOURCE_STRING__) \
- )
-
-/*
- Static initializer for UNICODE_STRING variables. Usage:
-
- UNICODE_STRING wstr = UNICODE_STRING_INITIALIZER(L"string");
-
-*/
-
-#define UNICODE_STRING_INITIALIZER(__SOURCE_STRING__) \
-{ \
- sizeof((__SOURCE_STRING__)) - sizeof(WCHAR), \
- sizeof((__SOURCE_STRING__)), \
- (__SOURCE_STRING__) \
-}
-
-/*
- Initializer for empty UNICODE_STRING variables. Usage:
-
- UNICODE_STRING wstr = EMPTY_UNICODE_STRING;
-
-*/
-#define EMPTY_UNICODE_STRING {0, 0, NULL}
-
-VOID
-STDCALL
-RtlInitializeBitMap (
- IN OUT PRTL_BITMAP BitMapHeader,
- IN PULONG BitMapBuffer,
- IN ULONG SizeOfBitMap
- );
-
-NTSTATUS
-STDCALL
-RtlInitializeContext (
- IN HANDLE ProcessHandle,
- IN PCONTEXT Context,
- IN PVOID Parameter,
- IN PTHREAD_START_ROUTINE StartAddress,
- IN OUT PINITIAL_TEB InitialTeb
- );
-
-VOID
-STDCALL
-RtlInitializeGenericTable (
- IN OUT PRTL_GENERIC_TABLE Table,
- IN PVOID CompareRoutine,
- IN PVOID AllocateRoutine,
- IN PVOID FreeRoutine,
- IN ULONG UserParameter
- );
-
-PVOID
-STDCALL
-RtlInsertElementGenericTable (
- IN OUT PRTL_GENERIC_TABLE Table,
- IN PVOID Element,
- IN ULONG ElementSize,
- IN ULONG Unknown4
- );
-
-NTSTATUS
-STDCALL
-RtlIntegerToChar (
- IN ULONG Value,
- IN ULONG Base,
- IN ULONG Length,
- IN OUT PCHAR String
- );
-
-NTSTATUS
-STDCALL
-RtlIntegerToUnicodeString (
- IN ULONG Value,
- IN ULONG Base,
- IN OUT PUNICODE_STRING String
- );
-
-BOOLEAN
-STDCALL
-RtlIsGenericTableEmpty (
- IN PRTL_GENERIC_TABLE Table
- );
-
-BOOLEAN STDCALL
-RtlIsNameLegalDOS8Dot3(IN PUNICODE_STRING UnicodeName,
- IN PANSI_STRING AnsiName,
- OUT PBOOLEAN SpacesFound);
-
-LARGE_INTEGER
-STDCALL
-RtlLargeIntegerAdd (
- LARGE_INTEGER Addend1,
- LARGE_INTEGER Addend2
- );
-
-/*
- * VOID
- * RtlLargeIntegerAnd (
- * PLARGE_INTEGER Result,
- * LARGE_INTEGER Source,
- * LARGE_INTEGER Mask
- * );
- */
-#define RtlLargeIntegerAnd(Result, Source, Mask) \
-{ \
- Result.HighPart = Source.HighPart & Mask.HighPart; \
- Result.LowPart = Source.LowPart & Mask.LowPart; \
-}
-
-LARGE_INTEGER
-STDCALL
-RtlLargeIntegerArithmeticShift (
- LARGE_INTEGER LargeInteger,
- CCHAR ShiftCount
- );
-
-LARGE_INTEGER
-STDCALL
-RtlLargeIntegerDivide (
- LARGE_INTEGER Dividend,
- LARGE_INTEGER Divisor,
- PLARGE_INTEGER Remainder
- );
-
-/*
- * BOOLEAN
- * RtlLargeIntegerEqualTo (
- * LARGE_INTEGER Operand1,
- * LARGE_INTEGER Operand2
- * );
- */
-#define RtlLargeIntegerEqualTo(X,Y) \
- (!(((X).LowPart ^ (Y).LowPart) | ((X).HighPart ^ (Y).HighPart)))
-
-/*
- * BOOLEAN
- * RtlLargeIntegerEqualToZero (
- * LARGE_INTEGER Operand
- * );
- */
-#define RtlLargeIntegerEqualToZero(X) \
- (!((X).LowPart | (X).HighPart))
-
-/*
- * BOOLEAN
- * RtlLargeIntegerGreaterThan (
- * LARGE_INTEGER Operand1,
- * LARGE_INTEGER Operand2
- * );
- */
-#define RtlLargeIntegerGreaterThan(X,Y) \
- ((((X).HighPart == (Y).HighPart) && ((X).LowPart > (Y).LowPart)) || \
- ((X).HighPart > (Y).HighPart))
-
-/*
- * BOOLEAN
- * RtlLargeIntegerGreaterThanOrEqualTo (
- * LARGE_INTEGER Operand1,
- * LARGE_INTEGER Operand2
- * );
- */
-#define RtlLargeIntegerGreaterThanOrEqualTo(X,Y) \
- ((((X).HighPart == (Y).HighPart) && ((X).LowPart >= (Y).LowPart)) || \
- ((X).HighPart > (Y).HighPart))
-
-/*
- * BOOLEAN
- * RtlLargeIntegerGreaterThanOrEqualToZero (
- * LARGE_INTEGER Operand1
- * );
- */
-#define RtlLargeIntegerGreaterOrEqualToZero(X) \
- ((X).HighPart >= 0)
-
-/*
- * BOOLEAN
- * RtlLargeIntegerGreaterThanZero (
- * LARGE_INTEGER Operand1
- * );
- */
-#define RtlLargeIntegerGreaterThanZero(X) \
- ((((X).HighPart == 0) && ((X).LowPart > 0)) || \
- ((X).HighPart > 0 ))
-
-/*
- * BOOLEAN
- * RtlLargeIntegerLessThan (
- * LARGE_INTEGER Operand1,
- * LARGE_INTEGER Operand2
- * );
- */
-#define RtlLargeIntegerLessThan(X,Y) \
- ((((X).HighPart == (Y).HighPart) && ((X).LowPart < (Y).LowPart)) || \
- ((X).HighPart < (Y).HighPart))
-
-/*
- * BOOLEAN
- * RtlLargeIntegerLessThanOrEqualTo (
- * LARGE_INTEGER Operand1,
- * LARGE_INTEGER Operand2
- * );
- */
-#define RtlLargeIntegerLessThanOrEqualTo(X,Y) \
- ((((X).HighPart == (Y).HighPart) && ((X).LowPart <= (Y).LowPart)) || \
- ((X).HighPart < (Y).HighPart))
-
-/*
- * BOOLEAN
- * RtlLargeIntegerLessThanOrEqualToZero (
- * LARGE_INTEGER Operand
- * );
- */
-#define RtlLargeIntegerLessOrEqualToZero(X) \
- (((X).HighPart < 0) || !((X).LowPart | (X).HighPart))
-
-/*
- * BOOLEAN
- * RtlLargeIntegerLessThanZero (
- * LARGE_INTEGER Operand
- * );
- */
-#define RtlLargeIntegerLessThanZero(X) \
- (((X).HighPart < 0))
-
-LARGE_INTEGER
-STDCALL
-RtlLargeIntegerNegate (
- LARGE_INTEGER Subtrahend
- );
-
-/*
- * BOOLEAN
- * RtlLargeIntegerNotEqualTo (
- * LARGE_INTEGER Operand1,
- * LARGE_INTEGER Operand2
- * );
- */
-#define RtlLargeIntegerNotEqualTo(X,Y) \
- ((((X).LowPart ^ (Y).LowPart) | ((X).HighPart ^ (Y).HighPart)))
-
-/*
- * BOOLEAN
- * RtlLargeIntegerNotEqualToZero (
- * LARGE_INTEGER Operand
- * );
- */
-#define RtlLargeIntegerNotEqualToZero(X) \
- (((X).LowPart | (X).HighPart))
-
-LARGE_INTEGER
-STDCALL
-RtlLargeIntegerShiftLeft (
- LARGE_INTEGER LargeInteger,
- CCHAR ShiftCount
- );
-
-LARGE_INTEGER
-STDCALL
-RtlLargeIntegerShiftRight (
- LARGE_INTEGER LargeInteger,
- CCHAR ShiftCount
- );
-
-LARGE_INTEGER
-STDCALL
-RtlLargeIntegerSubtract (
- LARGE_INTEGER Minuend,
- LARGE_INTEGER Subtrahend
- );
-
-ULONG
-STDCALL
-RtlLengthSecurityDescriptor (
- PSECURITY_DESCRIPTOR SecurityDescriptor
- );
-
-BOOL
-STDCALL
-RtlLockHeap (
- HANDLE hheap
- );
-
-NTSTATUS
-STDCALL
-RtlLookupAtomInAtomTable (
- IN PRTL_ATOM_TABLE AtomTable,
- IN PWSTR AtomName,
- OUT PRTL_ATOM Atom
- );
-
-VOID STDCALL
-RtlMoveMemory (PVOID Destination, CONST VOID* Source, ULONG Length);
-
-NTSTATUS
-STDCALL
-RtlMultiByteToUnicodeN (
- PWCHAR UnicodeString,
- ULONG UnicodeSize,
- PULONG ResultSize,
- PCHAR MbString,
- ULONG MbSize
- );
-
-NTSTATUS
-STDCALL
-RtlMultiByteToUnicodeSize (
- PULONG UnicodeSize,
- PCHAR MbString,
- ULONG MbSize
- );
-
-DWORD
-STDCALL
-RtlNtStatusToDosError (
- NTSTATUS StatusCode
- );
-
-DWORD
-STDCALL
-RtlNtStatusToDosErrorNoTeb (
- NTSTATUS StatusCode
- );
-
-int
-STDCALL
-RtlNtStatusToPsxErrno (
- NTSTATUS StatusCode
- );
-
-ULONG
-STDCALL
-RtlNumberGenericTableElements (
- IN PRTL_GENERIC_TABLE Table
- );
-
-ULONG
-STDCALL
-RtlNumberOfClearBits (
- PRTL_BITMAP BitMapHeader
- );
-
-ULONG
-STDCALL
-RtlNumberOfSetBits (
- PRTL_BITMAP BitMapHeader
- );
-
-ULONG
-STDCALL
-RtlOemStringToUnicodeSize (
- POEM_STRING AnsiString
- );
-
-NTSTATUS
-STDCALL
-RtlOemStringToUnicodeString (
- PUNICODE_STRING DestinationString,
- POEM_STRING SourceString,
- BOOLEAN AllocateDestinationString
- );
-
-NTSTATUS
-STDCALL
-RtlOemToUnicodeN (
- PWCHAR UnicodeString,
- ULONG UnicodeSize,
- PULONG ResultSize,
- PCHAR OemString,
- ULONG OemSize
- );
-
-NTSTATUS
-STDCALL
-RtlOpenCurrentUser (
- IN ACCESS_MASK DesiredAccess,
- OUT PHANDLE KeyHandle
- );
-
-NTSTATUS STDCALL
-RtlPinAtomInAtomTable (
- IN PRTL_ATOM_TABLE AtomTable,
- IN RTL_ATOM Atom
- );
-
-BOOLEAN
-STDCALL
-RtlPrefixString (
- PANSI_STRING String1,
- PANSI_STRING String2,
- BOOLEAN CaseInsensitive
- );
-
-BOOLEAN
-STDCALL
-RtlPrefixUnicodeString (
- PUNICODE_STRING String1,
- PUNICODE_STRING String2,
- BOOLEAN CaseInsensitive
- );
-
-NTSTATUS
-STDCALL
-RtlQueryAtomInAtomTable (
- IN PRTL_ATOM_TABLE AtomTable,
- IN RTL_ATOM Atom,
- IN OUT PULONG RefCount OPTIONAL,
- IN OUT PULONG PinCount OPTIONAL,
- IN OUT PWSTR AtomName OPTIONAL,
- IN OUT PULONG NameLength OPTIONAL
- );
-
-NTSTATUS
-STDCALL
-RtlQueryRegistryValues (
- IN ULONG RelativeTo,
- IN PWSTR Path,
- IN PRTL_QUERY_REGISTRY_TABLE QueryTable,
- IN PVOID Context,
- IN PVOID Environment
- );
-
-NTSTATUS
-STDCALL
-RtlQueryTimeZoneInformation (
- IN OUT PTIME_ZONE_INFORMATION TimeZoneInformation
- );
-
-VOID
-STDCALL
-RtlRaiseException (
- IN PEXCEPTION_RECORD ExceptionRecord
- );
-
-LPVOID
-STDCALL
-RtlReAllocateHeap (
- HANDLE hheap,
- DWORD flags,
- LPVOID ptr,
- DWORD size
- );
-
-NTSTATUS STDCALL
-RtlReserveChunk(IN USHORT CompressionFormat,
- IN OUT PUCHAR *CompressedBuffer,
- IN PUCHAR EndOfCompressedBufferPlus1,
- OUT PUCHAR *ChunkBuffer,
- IN ULONG ChunkSize);
-
-/*
- * VOID
- * RtlRetrieveUlong (
- * PULONG DestinationAddress,
- * PULONG SourceAddress
- * );
- */
-#define RtlRetrieveUlong(DestAddress,SrcAddress) \
- if ((ULONG)(SrcAddress) & LONG_MASK) \
- { \
- ((PUCHAR)(DestAddress))[0]=((PUCHAR)(SrcAddress))[0]; \
- ((PUCHAR)(DestAddress))[1]=((PUCHAR)(SrcAddress))[1]; \
- ((PUCHAR)(DestAddress))[2]=((PUCHAR)(SrcAddress))[2]; \
- ((PUCHAR)(DestAddress))[3]=((PUCHAR)(SrcAddress))[3]; \
- } \
- else \
- { \
- *((PULONG)(DestAddress))=*((PULONG)(SrcAddress)); \
- }
-
-/*
- * VOID
- * RtlRetrieveUshort (
- * PUSHORT DestinationAddress,
- * PUSHORT SourceAddress
- * );
- */
-#define RtlRetrieveUshort(DestAddress,SrcAddress) \
- if ((ULONG)(SrcAddress) & SHORT_MASK) \
- { \
- ((PUCHAR)(DestAddress))[0]=((PUCHAR)(SrcAddress))[0]; \
- ((PUCHAR)(DestAddress))[1]=((PUCHAR)(SrcAddress))[1]; \
- } \
- else \
- { \
- *((PUSHORT)(DestAddress))=*((PUSHORT)(SrcAddress)); \
- }
-
-VOID
-STDCALL
-RtlSecondsSince1970ToTime (
- ULONG SecondsSince1970,
- PLARGE_INTEGER Time
- );
-
-VOID
-STDCALL
-RtlSecondsSince1980ToTime (
- ULONG SecondsSince1980,
- PLARGE_INTEGER Time
- );
-
-VOID
-STDCALL
-RtlSetAllBits (
- IN PRTL_BITMAP BitMapHeader
- );
-
-VOID
-STDCALL
-RtlSetBits (
- PRTL_BITMAP BitMapHeader,
- ULONG StartingIndex,
- ULONG NumberToSet
- );
-
-NTSTATUS
-STDCALL
-RtlSetDaclSecurityDescriptor (
- PSECURITY_DESCRIPTOR SecurityDescriptor,
- BOOLEAN DaclPresent,
- PACL Dacl,
- BOOLEAN DaclDefaulted
- );
-
-NTSTATUS
-STDCALL
-RtlSetTimeZoneInformation (
- IN OUT PTIME_ZONE_INFORMATION TimeZoneInformation
- );
-
-DWORD
-STDCALL
-RtlSizeHeap (
- HANDLE hheap,
- DWORD flags,
- PVOID pmem
- );
-
-/*
- * VOID
- * RtlStoreUlong (
- * PULONG Address,
- * ULONG Value
- * );
- */
-#define RtlStoreUlong(Address,Value) \
- if ((ULONG)(Address) & LONG_MASK) \
- { \
- ((PUCHAR)(Address))[LONG_LEAST_SIGNIFICANT_BIT]=(UCHAR)(FIRSTBYTE(Value)); \
- ((PUCHAR)(Address))[LONG_3RD_MOST_SIGNIFICANT_BIT]=(UCHAR)(FIRSTBYTE(Value)); \
- ((PUCHAR)(Address))[LONG_2ND_MOST_SIGNIFICANT_BIT]=(UCHAR)(THIRDBYTE(Value)); \
- ((PUCHAR)(Address))[LONG_MOST_SIGNIFICANT_BIT]=(UCHAR)(FOURTHBYTE(Value)); \
- } \
- else \
- { \
- *((PULONG)(Address))=(ULONG)(Value); \
- }
-
-/*
- * VOID
- * RtlStoreUshort (
- * PUSHORT Address,
- * USHORT Value
- * );
- */
-#define RtlStoreUshort(Address,Value) \
- if ((ULONG)(Address) & SHORT_MASK) \
- { \
- ((PUCHAR)(Address))[SHORT_LEAST_SIGNIFICANT_BIT]=(UCHAR)(FIRSTBYTE(Value)); \
- ((PUCHAR)(Address))[SHORT_MOST_SIGNIFICANT_BIT]=(UCHAR)(SECONDBYTE(Value)); \
- } \
- else \
- { \
- *((PUSHORT)(Address))=(USHORT)(Value); \
- }
-
-BOOLEAN
-STDCALL
-RtlTimeFieldsToTime (
- PTIME_FIELDS TimeFields,
- PLARGE_INTEGER Time
- );
-
-BOOLEAN
-STDCALL
-RtlTimeToSecondsSince1970 (
- PLARGE_INTEGER Time,
- PULONG SecondsSince1970
- );
-
-BOOLEAN
-STDCALL
-RtlTimeToSecondsSince1980 (
- PLARGE_INTEGER Time,
- PULONG SecondsSince1980
- );
-
-VOID
-STDCALL
-RtlTimeToTimeFields (
- PLARGE_INTEGER Time,
- PTIME_FIELDS TimeFields
- );
-
-ULONG
-STDCALL
-RtlUnicodeStringToAnsiSize (
- IN PUNICODE_STRING UnicodeString
- );
-
-NTSTATUS
-STDCALL
-RtlUnicodeStringToAnsiString (
- IN OUT PANSI_STRING DestinationString,
- IN PUNICODE_STRING SourceString,
- IN BOOLEAN AllocateDestinationString
- );
-
-NTSTATUS
-STDCALL
-RtlUnicodeStringToInteger (
- IN PUNICODE_STRING String,
- IN ULONG Base,
- OUT PULONG Value
- );
-
-ULONG
-STDCALL
-RtlUnicodeStringToOemSize (
- IN PUNICODE_STRING UnicodeString
- );
-
-NTSTATUS
-STDCALL
-RtlUnicodeStringToCountedOemString (
- IN OUT POEM_STRING DestinationString,
- IN PUNICODE_STRING SourceString,
- IN BOOLEAN AllocateDestinationString
- );
-
-NTSTATUS
-STDCALL
-RtlUnicodeStringToOemString (
- IN OUT POEM_STRING DestinationString,
- IN PUNICODE_STRING SourceString,
- IN BOOLEAN AllocateDestinationString
- );
-
-NTSTATUS
-STDCALL
-RtlUnicodeToCustomCPN (
- PRTL_NLS_DATA NlsData,
- PCHAR MbString,
- ULONG MbSize,
- PULONG ResultSize,
- PWCHAR UnicodeString,
- ULONG UnicodeSize
- );
-
-NTSTATUS
-STDCALL
-RtlUnicodeToMultiByteN (
- PCHAR MbString,
- ULONG MbSize,
- PULONG ResultSize,
- PWCHAR UnicodeString,
- ULONG UnicodeSize
- );
-
-NTSTATUS
-STDCALL
-RtlUnicodeToMultiByteSize (
- PULONG MbSize,
- PWCHAR UnicodeString,
- ULONG UnicodeSize
- );
-
-NTSTATUS
-STDCALL
-RtlUnicodeToOemN (
- PCHAR OemString,
- ULONG OemSize,
- PULONG ResultSize,
- PWCHAR UnicodeString,
- ULONG UnicodeSize
- );
-
-BOOL
-STDCALL
-RtlUnlockHeap (
- HANDLE hheap
- );
-
-VOID
-STDCALL
-RtlUnwind (
- PEXCEPTION_REGISTRATION RegistrationFrame,
- PVOID ReturnAddress,
- PEXCEPTION_RECORD ExceptionRecord,
- DWORD EaxValue
- );
-
-WCHAR
-STDCALL
-RtlUpcaseUnicodeChar (
- WCHAR Source
- );
-
-NTSTATUS
-STDCALL
-RtlUpcaseUnicodeString (
- IN OUT PUNICODE_STRING DestinationString,
- IN PUNICODE_STRING SourceString,
- IN BOOLEAN AllocateDestinationString
- );
-
-NTSTATUS
-STDCALL
-RtlUpcaseUnicodeStringToAnsiString (
- IN OUT PANSI_STRING DestinationString,
- IN PUNICODE_STRING SourceString,
- IN BOOLEAN AllocateDestinationString
- );
-
-NTSTATUS
-STDCALL
-RtlUpcaseUnicodeStringToCountedOemString (
- IN OUT POEM_STRING DestinationString,
- IN PUNICODE_STRING SourceString,
- IN BOOLEAN AllocateDestinationString
- );
-
-NTSTATUS
-STDCALL
-RtlUpcaseUnicodeStringToOemString (
- IN OUT POEM_STRING DestinationString,
- IN PUNICODE_STRING SourceString,
- IN BOOLEAN AllocateDestinationString
- );
-
-NTSTATUS
-STDCALL
-RtlUpcaseUnicodeToCustomCPN (
- PRTL_NLS_DATA NlsData,
- PCHAR MbString,
- ULONG MbSize,
- PULONG ResultSize,
- PWCHAR UnicodeString,
- ULONG UnicodeSize
- );
-
-NTSTATUS
-STDCALL
-RtlUpcaseUnicodeToMultiByteN (
- PCHAR MbString,
- ULONG MbSize,
- PULONG ResultSize,
- PWCHAR UnicodeString,
- ULONG UnicodeSize
- );
-
-NTSTATUS
-STDCALL
-RtlUpcaseUnicodeToOemN (
- PCHAR OemString,
- ULONG OemSize,
- PULONG ResultSize,
- PWCHAR UnicodeString,
- ULONG UnicodeSize
- );
-
-CHAR
-STDCALL
-RtlUpperChar (
- CHAR Source
- );
-
-VOID
-STDCALL
-RtlUpperString (
- PSTRING DestinationString,
- PSTRING SourceString
- );
-
-BOOL
-STDCALL
-RtlValidateHeap (
- HANDLE hheap,
- DWORD flags,
- PVOID pmem
- );
-
-BOOLEAN
-STDCALL
-RtlValidSecurityDescriptor (
- PSECURITY_DESCRIPTOR SecurityDescriptor
- );
-
-BOOLEAN STDCALL
-RtlValidSid(IN PSID Sid);
-
-NTSTATUS
-STDCALL
-RtlWriteRegistryValue (
- ULONG RelativeTo,
- PWSTR Path,
- PWSTR ValueName,
- ULONG ValueType,
- PVOID ValueData,
- ULONG ValueLength
- );
-
-VOID STDCALL
-RtlZeroMemory (PVOID Destination, ULONG Length);
-
-ULONG
-STDCALL
-RtlxAnsiStringToUnicodeSize (
- IN PANSI_STRING AnsiString
- );
-
-ULONG
-STDCALL
-RtlxOemStringToUnicodeSize (
- IN POEM_STRING OemString
- );
-
-ULONG
-STDCALL
-RtlxUnicodeStringToAnsiSize (
- IN PUNICODE_STRING UnicodeString
- );
-
-ULONG
-STDCALL
-RtlxUnicodeStringToOemSize (
- IN PUNICODE_STRING UnicodeString
- );
-
-
-/* Register io functions */
-
-UCHAR
-STDCALL
-READ_REGISTER_UCHAR (
- PUCHAR Register
- );
-
-USHORT
-STDCALL
-READ_REGISTER_USHORT (
- PUSHORT Register
- );
-
-ULONG
-STDCALL
-READ_REGISTER_ULONG (
- PULONG Register
- );
-
-VOID
-STDCALL
-READ_REGISTER_BUFFER_UCHAR (
- PUCHAR Register,
- PUCHAR Buffer,
- ULONG Count
- );
-
-VOID
-STDCALL
-READ_REGISTER_BUFFER_USHORT (
- PUSHORT Register,
- PUSHORT Buffer,
- ULONG Count
- );
-
-VOID
-STDCALL
-READ_REGISTER_BUFFER_ULONG (
- PULONG Register,
- PULONG Buffer,
- ULONG Count
- );
-
-VOID
-STDCALL
-WRITE_REGISTER_UCHAR (
- PUCHAR Register,
- UCHAR Value
- );
-
-VOID
-STDCALL
-WRITE_REGISTER_USHORT (
- PUSHORT Register,
- USHORT Value
- );
-
-VOID
-STDCALL
-WRITE_REGISTER_ULONG (
- PULONG Register,
- ULONG Value
- );
-
-VOID
-STDCALL
-WRITE_REGISTER_BUFFER_UCHAR (
- PUCHAR Register,
- PUCHAR Buffer,
- ULONG Count
- );
-
-VOID
-STDCALL
-WRITE_REGISTER_BUFFER_USHORT (
- PUSHORT Register,
- PUSHORT Buffer,
- ULONG Count
- );
-
-VOID
-STDCALL
-WRITE_REGISTER_BUFFER_ULONG (
- PULONG Register,
- PULONG Buffer,
- ULONG Count
- );
-
-
-NTSTATUS STDCALL RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision);
-NTSTATUS STDCALL RtlQueryInformationAcl (PACL Acl, PVOID Information, ULONG InformationLength, ACL_INFORMATION_CLASS InformationClass);
-NTSTATUS STDCALL RtlSetInformationAcl (PACL Acl, PVOID Information, ULONG InformationLength, ACL_INFORMATION_CLASS InformationClass);
-BOOLEAN STDCALL RtlValidAcl (PACL Acl);
-
-NTSTATUS STDCALL RtlAddAccessAllowedAce(PACL Acl, ULONG Revision, ACCESS_MASK AccessMask, PSID Sid);
-NTSTATUS STDCALL RtlAddAccessDeniedAce(PACL Acl, ULONG Revision, ACCESS_MASK AccessMask, PSID Sid);
-NTSTATUS STDCALL RtlAddAce(PACL Acl, ULONG Revision, ULONG StartingIndex, PACE AceList, ULONG AceListLength);
-NTSTATUS STDCALL RtlAddAuditAccessAce (PACL Acl, ULONG Revision, ACCESS_MASK AccessMask, PSID Sid, BOOLEAN Success, BOOLEAN Failure);
-NTSTATUS STDCALL RtlDeleteAce(PACL Acl, ULONG AceIndex);
-BOOLEAN STDCALL RtlFirstFreeAce(PACL Acl, PACE* Ace);
-NTSTATUS STDCALL RtlGetAce(PACL Acl, ULONG AceIndex, PACE *Ace);
-
-NTSTATUS STDCALL RtlAbsoluteToSelfRelativeSD (PSECURITY_DESCRIPTOR AbsSD, PSECURITY_DESCRIPTOR RelSD, PULONG BufferLength);
-NTSTATUS STDCALL RtlMakeSelfRelativeSD (PSECURITY_DESCRIPTOR AbsSD, PSECURITY_DESCRIPTOR RelSD, PULONG BufferLength);
-NTSTATUS STDCALL RtlCreateSecurityDescriptor (PSECURITY_DESCRIPTOR SecurityDescriptor, ULONG Revision);
-BOOLEAN STDCALL RtlValidSecurityDescriptor (PSECURITY_DESCRIPTOR SecurityDescriptor);
-ULONG STDCALL RtlLengthSecurityDescriptor (PSECURITY_DESCRIPTOR SecurityDescriptor);
-NTSTATUS STDCALL RtlSetDaclSecurityDescriptor (PSECURITY_DESCRIPTOR SecurityDescriptor, BOOLEAN DaclPresent, PACL Dacl, BOOLEAN DaclDefaulted);
-NTSTATUS STDCALL RtlGetDaclSecurityDescriptor (PSECURITY_DESCRIPTOR SecurityDescriptor, PBOOLEAN DaclPresent, PACL* Dacl, PBOOLEAN DaclDefauted);
-NTSTATUS STDCALL RtlSetOwnerSecurityDescriptor (PSECURITY_DESCRIPTOR SecurityDescriptor, PSID Owner, BOOLEAN OwnerDefaulted);
-NTSTATUS STDCALL RtlGetOwnerSecurityDescriptor (PSECURITY_DESCRIPTOR SecurityDescriptor, PSID* Owner, PBOOLEAN OwnerDefaulted);
-NTSTATUS STDCALL RtlSetGroupSecurityDescriptor (PSECURITY_DESCRIPTOR SecurityDescriptor, PSID Group, BOOLEAN GroupDefaulted);
-NTSTATUS STDCALL RtlGetGroupSecurityDescriptor (PSECURITY_DESCRIPTOR SecurityDescriptor, PSID* Group, PBOOLEAN GroupDefaulted);
-NTSTATUS STDCALL RtlGetControlSecurityDescriptor (PSECURITY_DESCRIPTOR SecurityDescriptor, PSECURITY_DESCRIPTOR_CONTROL Control, PULONG Revision);
-NTSTATUS STDCALL RtlSetSaclSecurityDescriptor (PSECURITY_DESCRIPTOR SecurityDescriptor, BOOLEAN SaclPresent, PACL Sacl, BOOLEAN SaclDefaulted);
-NTSTATUS STDCALL RtlGetSaclSecurityDescriptor (PSECURITY_DESCRIPTOR SecurityDescriptor, PBOOLEAN SaclPresent, PACL* Sacl, PBOOLEAN SaclDefauted);
-NTSTATUS STDCALL RtlSelfRelativeToAbsoluteSD (PSECURITY_DESCRIPTOR RelSD,
- PSECURITY_DESCRIPTOR AbsSD,
- PDWORD AbsSDSize,
- PACL Dacl,
- PDWORD DaclSize,
- PACL Sacl,
- PDWORD SaclSize,
- PSID Owner,
- PDWORD OwnerSize,
- PSID Group,
- PDWORD GroupSize);
-
-NTSTATUS STDCALL RtlAllocateAndInitializeSid (PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
- UCHAR SubAuthorityCount,
- ULONG SubAuthority0,
- ULONG SubAuthority1,
- ULONG SubAuthority2,
- ULONG SubAuthority3,
- ULONG SubAuthority4,
- ULONG SubAuthority5,
- ULONG SubAuthority6,
- ULONG SubAuthority7,
- PSID *Sid);
-ULONG STDCALL RtlLengthRequiredSid (UCHAR SubAuthorityCount);
-PSID_IDENTIFIER_AUTHORITY STDCALL RtlIdentifierAuthoritySid (PSID Sid);
-NTSTATUS STDCALL RtlInitializeSid (PSID Sid, PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, UCHAR SubAuthorityCount);
-PULONG STDCALL RtlSubAuthoritySid (PSID Sid, ULONG SubAuthority);
-BOOLEAN STDCALL RtlEqualPrefixSid (PSID Sid1, PSID Sid2);
-BOOLEAN STDCALL RtlEqualSid(PSID Sid1, PSID Sid2);
-PSID STDCALL RtlFreeSid (PSID Sid);
-ULONG STDCALL RtlLengthSid (PSID Sid);
-PULONG STDCALL RtlSubAuthoritySid (PSID Sid, ULONG SubAuthority);
-PUCHAR STDCALL RtlSubAuthorityCountSid (PSID Sid);
-BOOLEAN STDCALL RtlValidSid (PSID Sid);
-NTSTATUS STDCALL RtlConvertSidToUnicodeString (PUNICODE_STRING String, PSID Sid, BOOLEAN AllocateBuffer);
-
-BOOLEAN STDCALL RtlAreAllAccessesGranted (ACCESS_MASK GrantedAccess, ACCESS_MASK DesiredAccess);
-BOOLEAN STDCALL RtlAreAnyAccessesGranted (ACCESS_MASK GrantedAccess, ACCESS_MASK DesiredAccess);
-VOID STDCALL RtlMapGenericMask (PACCESS_MASK AccessMask, PGENERIC_MAPPING GenericMapping);
-
-
-/* functions exported from NTOSKRNL.EXE which are considered RTL */
-
-#if defined(__NTOSKRNL__) || defined(__NTDRIVER__) || defined(__NTHAL__) || defined(__NTDLL__) || defined(__NTAPP__)
-
-char *_itoa (int value, char *string, int radix);
-int _snprintf(char * buf, size_t cnt, const char *fmt, ...);
-int _snwprintf(wchar_t *buf, size_t cnt, const wchar_t *fmt, ...);
-int _stricmp(const char *s1, const char *s2);
-char * _strlwr(char *x);
-int _strnicmp(const char *s1, const char *s2, size_t n);
-char * _strnset(char* szToFill, int szFill, size_t sizeMaxFill);
-char * _strrev(char *s);
-char * _strset(char* szToFill, int szFill);
-char * _strupr(char *x);
-int _vsnprintf(char *buf, size_t cnt, const char *fmt, va_list args);
-int _wcsicmp (const wchar_t* cs, const wchar_t* ct);
-wchar_t * _wcslwr (wchar_t *x);
-int _wcsnicmp (const wchar_t * cs,const wchar_t * ct,size_t count);
-wchar_t* _wcsnset (wchar_t* wsToFill, wchar_t wcFill, size_t sizeMaxFill);
-wchar_t * _wcsrev(wchar_t *s);
-wchar_t *_wcsupr(wchar_t *x);
-
-int atoi(const char *str);
-long atol(const char *str);
-int isdigit(int c);
-int islower(int c);
-int isprint(int c);
-int isspace(int c);
-int isupper(int c);
-int isxdigit(int c);
-size_t mbstowcs (wchar_t *wcstr, const char *mbstr, size_t count);
-int mbtowc (wchar_t *wchar, const char *mbchar, size_t count);
-void * memchr(const void *s, int c, size_t n);
-void * memcpy(void *to, const void *from, size_t count);
-void * memmove(void *dest,const void *src, size_t count);
-void * memset(void *src, int val, size_t count);
-
-#if 0
-qsort
-#endif
-
-int rand(void);
-int sprintf(char * buf, const char *fmt, ...);
-void srand(unsigned seed);
-char * strcat(char *s, const char *append);
-char * strchr(const char *s, int c);
-int strcmp(const char *s1, const char *s2);
-char * strcpy(char *to, const char *from);
-size_t strlen(const char *str);
-char * strncat(char *dst, const char *src, size_t n);
-int strncmp(const char *s1, const char *s2, size_t n);
-char *strncpy(char *dst, const char *src, size_t n);
-char *strrchr(const char *s, int c);
-size_t strspn(const char *s1, const char *s2);
-char *strstr(const char *s, const char *find);
-int swprintf(wchar_t *buf, const wchar_t *fmt, ...);
-int tolower(int c);
-int toupper(int c);
-wchar_t towlower(wchar_t c);
-wchar_t towupper(wchar_t c);
-int vsprintf(char *buf, const char *fmt, va_list args);
-wchar_t * wcscat(wchar_t *dest, const wchar_t *src);
-wchar_t * wcschr(const wchar_t *str, wchar_t ch);
-int wcscmp(const wchar_t *cs, const wchar_t *ct);
-wchar_t* wcscpy(wchar_t* str1, const wchar_t* str2);
-size_t wcscspn(const wchar_t *str,const wchar_t *reject);
-size_t wcslen(const wchar_t *s);
-wchar_t * wcsncat(wchar_t *dest, const wchar_t *src, size_t count);
-int wcsncmp(const wchar_t *cs, const wchar_t *ct, size_t count);
-wchar_t * wcsncpy(wchar_t *dest, const wchar_t *src, size_t count);
-wchar_t * wcsrchr(const wchar_t *str, wchar_t ch);
-size_t wcsspn(const wchar_t *str,const wchar_t *accept);
-wchar_t *wcsstr(const wchar_t *s,const wchar_t *b);
-size_t wcstombs (char *mbstr, const wchar_t *wcstr, size_t count);
-int wctomb (char *mbchar, wchar_t wchar);
-
-#endif /* __NTOSKRNL__ || __NTDRIVER__ || __NTHAL__ || __NTDLL__ || __NTAPP__ */
-
-#endif /* __DDK_RTL_H */
+++ /dev/null
-
-/* $Id: zw.h,v 1.54 2002/10/25 22:08:20 chorns Exp $
- *
- * COPYRIGHT: See COPYING in the top level directory
- * PROJECT: ReactOS kernel
- * PURPOSE: System call definitions
- * FILE: include/ddk/zw.h
- * REVISION HISTORY:
- * ??/??/??: First few functions (David Welch)
- * ??/??/??: Complete implementation by Ariadne
- * 13/07/98: Reorganised things a bit (David Welch)
- * 04/08/98: Added some documentation (Ariadne)
- * 14/08/98: Added type TIME and change variable type from [1] to [0]
- * 14/09/98: Added for each Nt call a corresponding Zw Call
- */
-
-#ifndef __DDK_ZW_H
-#define __DDK_ZW_H
-
-#include <ntos/security.h>
-#include <napi/npipe.h>
-
-//#define LCID ULONG
-//#define SECURITY_INFORMATION ULONG
-//typedef ULONG SECURITY_INFORMATION;
-
-
-/*
- * FUNCTION: Checks a clients access rights to a object
- * ARGUMENTS:
- * SecurityDescriptor = Security information against which the access is checked
- * ClientToken = Represents a client
- * DesiredAcces =
- * GenericMapping =
- * PrivilegeSet =
- * ReturnLength = Bytes written
- * GrantedAccess =
- * AccessStatus = Indicates if the ClientToken allows the requested access
- * REMARKS: The arguments map to the win32 AccessCheck
- * RETURNS: Status
- */
-
-NTSTATUS
-STDCALL
-NtAccessCheck(
- IN PSECURITY_DESCRIPTOR SecurityDescriptor,
- IN HANDLE ClientToken,
- IN ACCESS_MASK DesiredAcces,
- IN PGENERIC_MAPPING GenericMapping,
- OUT PPRIVILEGE_SET PrivilegeSet,
- OUT PULONG ReturnLength,
- OUT PULONG GrantedAccess,
- OUT PBOOLEAN AccessStatus
- );
-
-NTSTATUS
-STDCALL
-ZwAccessCheck(
- IN PSECURITY_DESCRIPTOR SecurityDescriptor,
- IN HANDLE ClientToken,
- IN ACCESS_MASK DesiredAcces,
- IN PGENERIC_MAPPING GenericMapping,
- OUT PPRIVILEGE_SET PrivilegeSet,
- OUT PULONG ReturnLength,
- OUT PULONG GrantedAccess,
- OUT PBOOLEAN AccessStatus
- );
-
-/*
- * FUNCTION: Checks a clients access rights to a object and issues a audit a alarm. ( it logs the access )
- * ARGUMENTS:
- * SubsystemName = Specifies the name of the subsystem, can be "WIN32" or "DEBUG"
- * ObjectHandle =
- * ObjectAttributes =
- * DesiredAcces =
- * GenericMapping =
- * ObjectCreation =
- * GrantedAccess =
- * AccessStatus =
- * GenerateOnClose =
- * REMARKS: The arguments map to the win32 AccessCheck
- * RETURNS: Status
- */
-
-NTSTATUS
-STDCALL
-NtAccessCheckAndAuditAlarm(
- IN PUNICODE_STRING SubsystemName,
- IN PHANDLE ObjectHandle,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN ACCESS_MASK DesiredAccess,
- IN PGENERIC_MAPPING GenericMapping,
- IN BOOLEAN ObjectCreation,
- OUT PULONG GrantedAccess,
- OUT PBOOLEAN AccessStatus,
- OUT PBOOLEAN GenerateOnClose
- );
-
-NTSTATUS
-STDCALL
-ZwAccessCheckAndAuditAlarm(
- IN PUNICODE_STRING SubsystemName,
- IN PHANDLE ObjectHandle,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN ACCESS_MASK DesiredAccess,
- IN PGENERIC_MAPPING GenericMapping,
- IN BOOLEAN ObjectCreation,
- OUT PULONG GrantedAccess,
- OUT PBOOLEAN AccessStatus,
- OUT PBOOLEAN GenerateOnClose
- );
-
-/*
- * FUNCTION: Adds an atom to the global atom table
- * ARGUMENTS:
- * AtomString = The string to add to the atom table.
- * Atom (OUT) = Caller supplies storage for the resulting atom.
- * REMARKS: The arguments map to the win32 add GlobalAddAtom.
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtAddAtom(
- IN PWSTR AtomName,
- IN OUT PRTL_ATOM Atom
- );
-
-
-NTSTATUS
-STDCALL
-ZwAddAtom(
- IN PWSTR AtomName,
- IN OUT PRTL_ATOM Atom
- );
-
-
-/*
- * FUNCTION: Adjusts the groups in an access token
- * ARGUMENTS:
- * TokenHandle = Specifies the access token
- * ResetToDefault = If true the NewState parameter is ignored and the groups are set to
- * their default state, if false the groups specified in
- * NewState are set.
- * NewState =
- * BufferLength = Specifies the size of the buffer for the PreviousState.
- * PreviousState =
- * ReturnLength = Bytes written in PreviousState buffer.
- * REMARKS: The arguments map to the win32 AdjustTokenGroups
- * RETURNS: Status
- */
-
-NTSTATUS
-STDCALL
-NtAdjustGroupsToken(
- IN HANDLE TokenHandle,
- IN BOOLEAN ResetToDefault,
- IN PTOKEN_GROUPS NewState,
- IN ULONG BufferLength,
- OUT PTOKEN_GROUPS PreviousState OPTIONAL,
- OUT PULONG ReturnLength
- );
-
-NTSTATUS
-STDCALL
-ZwAdjustGroupsToken(
- IN HANDLE TokenHandle,
- IN BOOLEAN ResetToDefault,
- IN PTOKEN_GROUPS NewState,
- IN ULONG BufferLength,
- OUT PTOKEN_GROUPS PreviousState,
- OUT PULONG ReturnLength
- );
-
-
-/*
- * FUNCTION:
- *
- * ARGUMENTS:
- * TokenHandle = Handle to the access token
- * DisableAllPrivileges = The resulting suspend count.
- NewState =
- BufferLength =
- PreviousState =
- ReturnLength =
- * REMARK:
- * The arguments map to the win32 AdjustTokenPrivileges
- * RETURNS: Status
- */
-
-NTSTATUS
-STDCALL
-NtAdjustPrivilegesToken(
- IN HANDLE TokenHandle,
- IN BOOLEAN DisableAllPrivileges,
- IN PTOKEN_PRIVILEGES NewState,
- IN ULONG BufferLength,
- OUT PTOKEN_PRIVILEGES PreviousState,
- OUT PULONG ReturnLength
- );
-
-NTSTATUS
-STDCALL
-ZwAdjustPrivilegesToken(
- IN HANDLE TokenHandle,
- IN BOOLEAN DisableAllPrivileges,
- IN PTOKEN_PRIVILEGES NewState,
- IN ULONG BufferLength,
- OUT PTOKEN_PRIVILEGES PreviousState,
- OUT PULONG ReturnLength
- );
-
-
-/*
- * FUNCTION: Decrements a thread's suspend count and places it in an alerted
- * state.
- * ARGUMENTS:
- * ThreadHandle = Handle to the thread that should be resumed
- * SuspendCount = The resulting suspend count.
- * REMARK:
- * A thread is resumed if its suspend count is 0
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtAlertResumeThread(
- IN HANDLE ThreadHandle,
- OUT PULONG SuspendCount
- );
-
-NTSTATUS
-STDCALL
-ZwAlertResumeThread(
- IN HANDLE ThreadHandle,
- OUT PULONG SuspendCount
- );
-
-/*
- * FUNCTION: Puts the thread in a alerted state
- * ARGUMENTS:
- * ThreadHandle = Handle to the thread that should be alerted
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtAlertThread(
- IN HANDLE ThreadHandle
- );
-
-NTSTATUS
-STDCALL
-ZwAlertThread(
- IN HANDLE ThreadHandle
- );
-
-
-/*
- * FUNCTION: Allocates a locally unique id
- * ARGUMENTS:
- * LocallyUniqueId = Locally unique number
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtAllocateLocallyUniqueId(
- OUT LUID *LocallyUniqueId
- );
-
-NTSTATUS
-STDCALL
-ZwAllocateLocallyUniqueId(
- OUT PLUID Luid
- );
-
-NTSTATUS
-STDCALL
-NtAllocateUuids(
- PULARGE_INTEGER Time,
- PULONG Range,
- PULONG Sequence
- );
-
-NTSTATUS
-STDCALL
-ZwAllocateUuids(
- PULARGE_INTEGER Time,
- PULONG Range,
- PULONG Sequence
- );
-
-
-/*
- * FUNCTION: Allocates a block of virtual memory in the process address space
- * ARGUMENTS:
- * ProcessHandle = The handle of the process which owns the virtual memory
- * BaseAddress = A pointer to the virtual memory allocated. If you supply a non zero
- * value the system will try to allocate the memory at the address supplied. It rounds
- * it down to a multiple if the page size.
- * ZeroBits = (OPTIONAL) You can specify the number of high order bits that must be zero, ensuring that
- * the memory will be allocated at a address below a certain value.
- * RegionSize = The number of bytes to allocate
- * AllocationType = Indicates the type of virtual memory you like to allocated,
- * can be one of the values : MEM_COMMIT, MEM_RESERVE, MEM_RESET, MEM_TOP_DOWN
- * Protect = Indicates the protection type of the pages allocated, can be a combination of
- * PAGE_READONLY, PAGE_READWRITE, PAGE_EXECUTE_READ,
- * PAGE_EXECUTE_READWRITE, PAGE_GUARD, PAGE_NOACCESS, PAGE_NOACCESS
- * REMARKS:
- * This function maps to the win32 VirtualAllocEx. Virtual memory is process based so the
- * protocol starts with a ProcessHandle. I splitted the functionality of obtaining the actual address and specifying
- * the start address in two parameters ( BaseAddress and StartAddress ) The NumberOfBytesAllocated specify the range
- * and the AllocationType and ProctectionType map to the other two parameters.
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtAllocateVirtualMemory (
- IN HANDLE ProcessHandle,
- IN OUT PVOID *BaseAddress,
- IN ULONG ZeroBits,
- IN OUT PULONG RegionSize,
- IN ULONG AllocationType,
- IN ULONG Protect
- );
-
-NTSTATUS
-STDCALL
-ZwAllocateVirtualMemory (
- IN HANDLE ProcessHandle,
- IN OUT PVOID *BaseAddress,
- IN ULONG ZeroBits,
- IN OUT PULONG RegionSize,
- IN ULONG AllocationType,
- IN ULONG Protect);
-
-/*
- * FUNCTION: Returns from a callback into user mode
- * ARGUMENTS:
- * RETURN Status
- */
-//FIXME: this function might need 3 parameters
-NTSTATUS STDCALL NtCallbackReturn(PVOID Result,
- ULONG ResultLength,
- NTSTATUS Status);
-
-NTSTATUS STDCALL ZwCallbackReturn(PVOID Result,
- ULONG ResultLength,
- NTSTATUS Status);
-
-/*
- * FUNCTION: Cancels a IO request
- * ARGUMENTS:
- * FileHandle = Handle to the file
- * IoStatusBlock =
- *
- * REMARKS:
- * This function maps to the win32 CancelIo.
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtCancelIoFile(
- IN HANDLE FileHandle,
- OUT PIO_STATUS_BLOCK IoStatusBlock
- );
-
-NTSTATUS
-STDCALL
-ZwCancelIoFile(
- IN HANDLE FileHandle,
- OUT PIO_STATUS_BLOCK IoStatusBlock
- );
-/*
- * FUNCTION: Cancels a timer
- * ARGUMENTS:
- * TimerHandle = Handle to the timer
- * CurrentState = Specifies the state of the timer when cancelled.
- * REMARKS:
- * The arguments to this function map to the function CancelWaitableTimer.
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtCancelTimer(
- IN HANDLE TimerHandle,
- OUT PBOOLEAN CurrentState OPTIONAL
- );
-
-NTSTATUS
-STDCALL
-ZwCancelTimer(
- IN HANDLE TimerHandle,
- OUT ULONG ElapsedTime
- );
-/*
- * FUNCTION: Sets the status of the event back to non-signaled
- * ARGUMENTS:
- * EventHandle = Handle to the event
- * REMARKS:
- * This function maps to win32 function ResetEvent.
- * RETURcNS: Status
- */
-
-NTSTATUS
-STDCALL
-NtClearEvent(
- IN HANDLE EventHandle
- );
-
-NTSTATUS
-STDCALL
-ZwClearEvent(
- IN HANDLE EventHandle
- );
-
-/*
- * FUNCTION: Closes an object handle
- * ARGUMENTS:
- * Handle = Handle to the object
- * REMARKS:
- * This function maps to the win32 function CloseHandle.
- * RETURNS: Status
- */
-
-NTSTATUS
-STDCALL
-NtClose(
- IN HANDLE Handle
- );
-
-NTSTATUS
-STDCALL
-ZwClose(
- IN HANDLE Handle
- );
-
-/*
- * FUNCTION: Generates an audit message when a handle to an object is dereferenced
- * ARGUMENTS:
- * SubsystemName =
- HandleId = Handle to the object
- GenerateOnClose =
- * REMARKS:
- * This function maps to the win32 function ObjectCloseAuditAlarm.
- * RETURNS: Status
- */
-
-NTSTATUS
-STDCALL
-NtCloseObjectAuditAlarm(
- IN PUNICODE_STRING SubsystemName,
- IN PVOID HandleId,
- IN BOOLEAN GenerateOnClose
- );
-
-NTSTATUS
-STDCALL
-ZwCloseObjectAuditAlarm(
- IN PUNICODE_STRING SubsystemName,
- IN PVOID HandleId,
- IN BOOLEAN GenerateOnClose
- );
-
-/*
- * FUNCTION: Continues a thread with the specified context
- * ARGUMENTS:
- * Context = Specifies the processor context
- * IrqLevel = Specifies the Interupt Request Level to continue with. Can
- * be PASSIVE_LEVEL or APC_LEVEL
- * REMARKS
- * NtContinue can be used to continue after an exception or apc.
- * RETURNS: Status
- */
-//FIXME This function might need another parameter
-
-NTSTATUS
-STDCALL
-NtContinue(
- IN PCONTEXT Context,
- IN BOOLEAN TestAlert
- );
-
-NTSTATUS STDCALL ZwContinue(IN PCONTEXT Context, IN CINT IrqLevel);
-
-
-/*
- * FUNCTION: Creates a directory object
- * ARGUMENTS:
- * DirectoryHandle (OUT) = Caller supplied storage for the resulting handle
- * DesiredAccess = Specifies access to the directory
- * ObjectAttribute = Initialized attributes for the object
- * REMARKS: This function maps to the win32 CreateDirectory. A directory is like a file so it needs a
- * handle, a access mask and a OBJECT_ATTRIBUTES structure to map the path name and the SECURITY_ATTRIBUTES.
- * RETURNS: Status
- */
-
-NTSTATUS
-STDCALL
-NtCreateDirectoryObject(
- OUT PHANDLE DirectoryHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-NTSTATUS
-STDCALL
-ZwCreateDirectoryObject(
- OUT PHANDLE DirectoryHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-/*
- * FUNCTION: Creates an event object
- * ARGUMENTS:
- * EventHandle (OUT) = Caller supplied storage for the resulting handle
- * DesiredAccess = Specifies access to the event
- * ObjectAttribute = Initialized attributes for the object
- * ManualReset = manual-reset or auto-reset if true you have to reset the state of the event manually
- * using NtResetEvent/NtClearEvent. if false the system will reset the event to a non-signalled state
- * automatically after the system has rescheduled a thread waiting on the event.
- * InitialState = specifies the initial state of the event to be signaled ( TRUE ) or non-signalled (FALSE).
- * REMARKS: This function maps to the win32 CreateEvent. Demanding a out variable of type HANDLE,
- * a access mask and a OBJECT_ATTRIBUTES structure mapping to the SECURITY_ATTRIBUTES. ManualReset and InitialState are
- * both parameters aswell ( possibly the order is reversed ).
- * RETURNS: Status
- */
-
-NTSTATUS
-STDCALL
-NtCreateEvent(
- OUT PHANDLE EventHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN BOOLEAN ManualReset,
- IN BOOLEAN InitialState
- );
-
-NTSTATUS
-STDCALL
-ZwCreateEvent(
- OUT PHANDLE EventHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN BOOLEAN ManualReset,
- IN BOOLEAN InitialState
- );
-
-/*
- * FUNCTION: Creates an eventpair object
- * ARGUMENTS:
- * EventPairHandle (OUT) = Caller supplied storage for the resulting handle
- * DesiredAccess = Specifies access to the event
- * ObjectAttribute = Initialized attributes for the object
- */
-
-NTSTATUS
-STDCALL
-NtCreateEventPair(
- OUT PHANDLE EventPairHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-NTSTATUS
-STDCALL
-ZwCreateEventPair(
- OUT PHANDLE EventPairHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-
-/*
- * FUNCTION: Creates or opens a file, directory or device object.
- * ARGUMENTS:
- * FileHandle (OUT) = Caller supplied storage for the resulting handle
- * DesiredAccess = Specifies the allowed or desired access to the file can
- * be a combination of DELETE | FILE_READ_DATA ..
- * ObjectAttribute = Initialized attributes for the object, contains the rootdirectory and the filename
- * IoStatusBlock (OUT) = Caller supplied storage for the resulting status information, indicating if the
- * the file is created and opened or allready existed and is just opened.
- * FileAttributes = file attributes can be a combination of FILE_ATTRIBUTE_READONLY | FILE_ATTRIBUTE_HIDDEN ...
- * ShareAccess = can be a combination of the following: FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE
- * CreateDisposition = specifies what the behavior of the system if the file allready exists.
- * CreateOptions = specifies the behavior of the system on file creation.
- * EaBuffer (OPTIONAL) = Extended Attributes buffer, applies only to files and directories.
- * EaLength = Extended Attributes buffer size, applies only to files and directories.
- * REMARKS: This function maps to the win32 CreateFile.
- * RETURNS: Status
- */
-
-NTSTATUS
-STDCALL
-NtCreateFile(
- OUT PHANDLE FileHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN PLARGE_INTEGER AllocationSize OPTIONAL,
- IN ULONG FileAttributes,
- IN ULONG ShareAccess,
- IN ULONG CreateDisposition,
- IN ULONG CreateOptions,
- IN PVOID EaBuffer OPTIONAL,
- IN ULONG EaLength
- );
-
-NTSTATUS
-STDCALL
-ZwCreateFile(
- OUT PHANDLE FileHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN PLARGE_INTEGER AllocationSize OPTIONAL,
- IN ULONG FileAttributes,
- IN ULONG ShareAccess,
- IN ULONG CreateDisposition,
- IN ULONG CreateOptions,
- IN PVOID EaBuffer OPTIONAL,
- IN ULONG EaLength
- );
-
-/*
- * FUNCTION: Creates or opens a file, directory or device object.
- * ARGUMENTS:
- * CompletionPort (OUT) = Caller supplied storage for the resulting handle
- * DesiredAccess = Specifies the allowed or desired access to the port
- * IoStatusBlock =
- * NumberOfConcurrentThreads =
- * REMARKS: This function maps to the win32 CreateIoCompletionPort
- * RETURNS:
- * Status
- */
-
-NTSTATUS
-STDCALL
-NtCreateIoCompletion(
- OUT PHANDLE CompletionPort,
- IN ACCESS_MASK DesiredAccess,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN ULONG NumberOfConcurrentThreads
- );
-
-NTSTATUS
-STDCALL
-ZwCreateIoCompletion(
- OUT PHANDLE CompletionPort,
- IN ACCESS_MASK DesiredAccess,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN ULONG NumberOfConcurrentThreads
- );
-
-
-/*
- * FUNCTION: Creates a mail slot file
- * ARGUMENTS:
- * MailSlotFileHandle (OUT) = Caller supplied storage for the resulting handle
- * DesiredAccess = Specifies the allowed or desired access to the file
- * ObjectAttributes = Contains the name of the mailslotfile.
- * IoStatusBlock =
- * FileAttributes =
- * ShareAccess =
- * MaxMessageSize =
- * TimeOut =
- *
- * REMARKS: This funciton maps to the win32 function CreateMailSlot
- * RETURNS:
- * Status
- */
-
-NTSTATUS
-STDCALL
-NtCreateMailslotFile(
- OUT PHANDLE MailSlotFileHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN ULONG FileAttributes,
- IN ULONG ShareAccess,
- IN ULONG MaxMessageSize,
- IN PLARGE_INTEGER TimeOut
- );
-
-NTSTATUS
-STDCALL
-ZwCreateMailslotFile(
- OUT PHANDLE MailSlotFileHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN ULONG FileAttributes,
- IN ULONG ShareAccess,
- IN ULONG MaxMessageSize,
- IN PLARGE_INTEGER TimeOut
- );
-
-/*
- * FUNCTION: Creates or opens a mutex
- * ARGUMENTS:
- * MutantHandle (OUT) = Caller supplied storage for the resulting handle
- * DesiredAccess = Specifies the allowed or desired access to the port
- * ObjectAttributes = Contains the name of the mutex.
- * InitialOwner = If true the calling thread acquires ownership
- * of the mutex.
- * REMARKS: This funciton maps to the win32 function CreateMutex
- * RETURNS:
- * Status
- */
-NTSTATUS
-STDCALL
-NtCreateMutant(
- OUT PHANDLE MutantHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN BOOLEAN InitialOwner
- );
-
-NTSTATUS
-STDCALL
-ZwCreateMutant(
- OUT PHANDLE MutantHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN BOOLEAN InitialOwner
- );
-
-
-/*
- * FUNCTION: Creates a paging file.
- * ARGUMENTS:
- * FileName = Name of the pagefile
- * InitialSize = Specifies the initial size in bytes
- * MaximumSize = Specifies the maximum size in bytes
- * Reserved = Reserved for future use
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtCreatePagingFile(
- IN PUNICODE_STRING FileName,
- IN PLARGE_INTEGER InitialSize,
- IN PLARGE_INTEGER MaxiumSize,
- IN ULONG Reserved
- );
-
-NTSTATUS
-STDCALL
-ZwCreatePagingFile(
- IN PUNICODE_STRING FileName,
- IN PLARGE_INTEGER InitialSize,
- IN PLARGE_INTEGER MaxiumSize,
- IN ULONG Reserved
- );
-
-/*
- * FUNCTION: Creates a process.
- * ARGUMENTS:
- * ProcessHandle (OUT) = Caller supplied storage for the resulting handle
- * DesiredAccess = Specifies the allowed or desired access to the process can
- * be a combinate of STANDARD_RIGHTS_REQUIRED| ..
- * ObjectAttribute = Initialized attributes for the object, contains the rootdirectory and the filename
- * ParentProcess = Handle to the parent process.
- * InheritObjectTable = Specifies to inherit the objects of the parent process if true.
- * SectionHandle = Handle to a section object to back the image file
- * DebugPort = Handle to a DebugPort if NULL the system default debug port will be used.
- * ExceptionPort = Handle to a exception port.
- * REMARKS:
- * This function maps to the win32 CreateProcess.
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtCreateProcess(
- OUT PHANDLE ProcessHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
- IN HANDLE ParentProcess,
- IN BOOLEAN InheritObjectTable,
- IN HANDLE SectionHandle OPTIONAL,
- IN HANDLE DebugPort OPTIONAL,
- IN HANDLE ExceptionPort OPTIONAL
- );
-
-NTSTATUS
-STDCALL
-ZwCreateProcess(
- OUT PHANDLE ProcessHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
- IN HANDLE ParentProcess,
- IN BOOLEAN InheritObjectTable,
- IN HANDLE SectionHandle OPTIONAL,
- IN HANDLE DebugPort OPTIONAL,
- IN HANDLE ExceptionPort OPTIONAL
- );
-
-/*
- * FUNCTION: Creates a profile
- * ARGUMENTS:
- * ProfileHandle (OUT) = Caller supplied storage for the resulting handle
- * ObjectAttribute = Initialized attributes for the object
- * ImageBase = Start address of executable image
- * ImageSize = Size of the image
- * Granularity = Bucket size
- * Buffer = Caller supplies buffer for profiling info
- * ProfilingSize = Buffer size
- * ClockSource = Specify 0 / FALSE ??
- * ProcessorMask = A value of -1 indicates disables per processor profiling,
- otherwise bit set for the processor to profile.
- * REMARKS:
- * This function maps to the win32 CreateProcess.
- * RETURNS: Status
- */
-
-NTSTATUS
-STDCALL
-NtCreateProfile(OUT PHANDLE ProfileHandle,
- IN HANDLE ProcessHandle,
- IN PVOID ImageBase,
- IN ULONG ImageSize,
- IN ULONG Granularity,
- OUT PULONG Buffer,
- IN ULONG ProfilingSize,
- IN KPROFILE_SOURCE Source,
- IN ULONG ProcessorMask);
-
-NTSTATUS
-STDCALL
-ZwCreateProfile(
- OUT PHANDLE ProfileHandle,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN ULONG ImageBase,
- IN ULONG ImageSize,
- IN ULONG Granularity,
- OUT PVOID Buffer,
- IN ULONG ProfilingSize,
- IN ULONG ClockSource,
- IN ULONG ProcessorMask
- );
-
-/*
- * FUNCTION: Creates a section object.
- * ARGUMENTS:
- * SectionHandle (OUT) = Caller supplied storage for the resulting handle
- * DesiredAccess = Specifies the desired access to the section can be a combination of STANDARD_RIGHTS_REQUIRED | SECTION_QUERY | SECTION_MAP_WRITE |
- * SECTION_MAP_READ | SECTION_MAP_EXECUTE.
- * ObjectAttribute = Initialized attributes for the object can be used to create a named section
- * MaxiumSize = Maximizes the size of the memory section. Must be non-NULL for a page-file backed section.
- * If value specified for a mapped file and the file is not large enough, file will be extended.
- * SectionPageProtection = Can be a combination of PAGE_READONLY | PAGE_READWRITE | PAGE_WRITEONLY | PAGE_WRITECOPY.
- * AllocationAttributes = can be a combination of SEC_IMAGE | SEC_RESERVE
- * FileHanlde = Handle to a file to create a section mapped to a file instead of a memory backed section.
- * RETURNS: Status
- */
-
-NTSTATUS
-STDCALL
-NtCreateSection(
- OUT PHANDLE SectionHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
- IN PLARGE_INTEGER MaximumSize OPTIONAL,
- IN ULONG SectionPageProtection OPTIONAL,
- IN ULONG AllocationAttributes,
- IN HANDLE FileHandle OPTIONAL
- );
-
-NTSTATUS
-STDCALL
-ZwCreateSection(
- OUT PHANDLE SectionHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
- IN PLARGE_INTEGER MaximumSize OPTIONAL,
- IN ULONG SectionPageProtection OPTIONAL,
- IN ULONG AllocationAttributes,
- IN HANDLE FileHandle OPTIONAL
- );
-
-/*
- * FUNCTION: Creates a semaphore object for interprocess synchronization.
- * ARGUMENTS:
- * SemaphoreHandle (OUT) = Caller supplied storage for the resulting handle
- * DesiredAccess = Specifies the allowed or desired access to the semaphore.
- * ObjectAttribute = Initialized attributes for the object.
- * InitialCount = Not necessary zero, might be smaller than zero.
- * MaximumCount = Maxiumum count the semaphore can reach.
- * RETURNS: Status
- * REMARKS:
- * The semaphore is set to signaled when its count is greater than zero, and non-signaled when its count is zero.
- */
-
-//FIXME: should a semaphore's initial count allowed to be smaller than zero ??
-NTSTATUS
-STDCALL
-NtCreateSemaphore(
- OUT PHANDLE SemaphoreHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
- IN LONG InitialCount,
- IN LONG MaximumCount
- );
-
-NTSTATUS
-STDCALL
-ZwCreateSemaphore(
- OUT PHANDLE SemaphoreHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
- IN LONG InitialCount,
- IN LONG MaximumCount
- );
-
-/*
- * FUNCTION: Creates a symbolic link object
- * ARGUMENTS:
- * SymbolicLinkHandle (OUT) = Caller supplied storage for the resulting handle
- * DesiredAccess = Specifies the allowed or desired access to the thread.
- * ObjectAttributes = Initialized attributes for the object.
- * Name = Target name of the symbolic link
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtCreateSymbolicLinkObject(
- OUT PHANDLE SymbolicLinkHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN PUNICODE_STRING Name
- );
-
-NTSTATUS
-STDCALL
-ZwCreateSymbolicLinkObject(
- OUT PHANDLE SymbolicLinkHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN PUNICODE_STRING Name
- );
-
-/*
- * FUNCTION: Creates a user mode thread
- * ARGUMENTS:
- * ThreadHandle (OUT) = Caller supplied storage for the resulting handle
- * DesiredAccess = Specifies the allowed or desired access to the thread.
- * ObjectAttributes = Initialized attributes for the object.
- * ProcessHandle = Handle to the threads parent process.
- * ClientId (OUT) = Caller supplies storage for returned process id and thread id.
- * ThreadContext = Initial processor context for the thread.
- * InitialTeb = Initial user mode stack context for the thread.
- * CreateSuspended = Specifies if the thread is ready for scheduling
- * REMARKS:
- * This function maps to the win32 function CreateThread.
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtCreateThread(
- OUT PHANDLE ThreadHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
- IN HANDLE ProcessHandle,
- OUT PCLIENT_ID ClientId,
- IN PCONTEXT ThreadContext,
- IN PINITIAL_TEB InitialTeb,
- IN BOOLEAN CreateSuspended
- );
-
-NTSTATUS
-STDCALL
-ZwCreateThread(
- OUT PHANDLE ThreadHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
- IN HANDLE ProcessHandle,
- OUT PCLIENT_ID ClientId,
- IN PCONTEXT ThreadContext,
- IN PINITIAL_TEB InitialTeb,
- IN BOOLEAN CreateSuspended
- );
-
-/*
- * FUNCTION: Creates a waitable timer.
- * ARGUMENTS:
- * TimerHandle (OUT) = Caller supplied storage for the resulting handle
- * DesiredAccess = Specifies the allowed or desired access to the timer.
- * ObjectAttributes = Initialized attributes for the object.
- * TimerType = Specifies if the timer should be reset manually.
- * REMARKS:
- * This function maps to the win32 CreateWaitableTimer. lpTimerAttributes and lpTimerName map to
- * corresponding fields in OBJECT_ATTRIBUTES structure.
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtCreateTimer(
- OUT PHANDLE TimerHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
- IN TIMER_TYPE TimerType
- );
-
-NTSTATUS
-STDCALL
-ZwCreateTimer(
- OUT PHANDLE TimerHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
- IN TIMER_TYPE TimerType
- );
-
-/*
- * FUNCTION: Creates a token.
- * ARGUMENTS:
- * TokenHandle (OUT) = Caller supplied storage for the resulting handle
- * DesiredAccess = Specifies the allowed or desired access to the process can
- * be a combinate of STANDARD_RIGHTS_REQUIRED| ..
- * ObjectAttribute = Initialized attributes for the object, contains the rootdirectory and the filename
- * TokenType =
- * AuthenticationId =
- * ExpirationTime =
- * TokenUser =
- * TokenGroups =
- * TokenPrivileges =
- * TokenOwner =
- * TokenPrimaryGroup =
- * TokenDefaultDacl =
- * TokenSource =
- * REMARKS:
- * This function does not map to a win32 function
- * RETURNS: Status
- */
-
-NTSTATUS
-STDCALL
-NtCreateToken(
- OUT PHANDLE TokenHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN TOKEN_TYPE TokenType,
- IN PLUID AuthenticationId,
- IN PLARGE_INTEGER ExpirationTime,
- IN PTOKEN_USER TokenUser,
- IN PTOKEN_GROUPS TokenGroups,
- IN PTOKEN_PRIVILEGES TokenPrivileges,
- IN PTOKEN_OWNER TokenOwner,
- IN PTOKEN_PRIMARY_GROUP TokenPrimaryGroup,
- IN PTOKEN_DEFAULT_DACL TokenDefaultDacl,
- IN PTOKEN_SOURCE TokenSource
- );
-
-NTSTATUS
-STDCALL
-ZwCreateToken(
- OUT PHANDLE TokenHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN TOKEN_TYPE TokenType,
- IN PLUID AuthenticationId,
- IN PLARGE_INTEGER ExpirationTime,
- IN PTOKEN_USER TokenUser,
- IN PTOKEN_GROUPS TokenGroups,
- IN PTOKEN_PRIVILEGES TokenPrivileges,
- IN PTOKEN_OWNER TokenOwner,
- IN PTOKEN_PRIMARY_GROUP TokenPrimaryGroup,
- IN PTOKEN_DEFAULT_DACL TokenDefaultDacl,
- IN PTOKEN_SOURCE TokenSource
- );
-
-/*
- * FUNCTION: Returns the callers thread TEB.
- * RETURNS: The resulting teb.
- */
-#if 0
- NT_TEB *
-STDCALL
-NtCurrentTeb(VOID
- );
-#endif
-
-/*
- * FUNCTION: Delays the execution of the calling thread.
- * ARGUMENTS:
- * Alertable = If TRUE the thread is alertable during is wait period
- * Interval = Specifies the interval to wait.
- * RETURNS: Status
- */
-NTSTATUS STDCALL NtDelayExecution(IN ULONG Alertable, IN TIME* Interval);
-
-NTSTATUS
-STDCALL
-ZwDelayExecution(
- IN BOOLEAN Alertable,
- IN TIME *Interval
- );
-
-
-/*
- * FUNCTION: Deletes an atom from the global atom table
- * ARGUMENTS:
- * Atom = Identifies the atom to delete
- * REMARKS:
- * The function maps to the win32 GlobalDeleteAtom
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtDeleteAtom(
- IN RTL_ATOM Atom
- );
-
-NTSTATUS
-STDCALL
-ZwDeleteAtom(
- IN RTL_ATOM Atom
- );
-
-/*
- * FUNCTION: Deletes a file or a directory
- * ARGUMENTS:
- * ObjectAttributes = Name of the file which should be deleted
- * REMARKS:
- * This system call is functionally equivalent to NtSetInformationFile
- * setting the disposition information.
- * The function maps to the win32 DeleteFile.
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtDeleteFile(
- IN POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-NTSTATUS
-STDCALL
-ZwDeleteFile(
- IN POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-/*
- * FUNCTION: Deletes a registry key
- * ARGUMENTS:
- * KeyHandle = Handle of the key
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtDeleteKey(
- IN HANDLE KeyHandle
- );
-NTSTATUS
-STDCALL
-ZwDeleteKey(
- IN HANDLE KeyHandle
- );
-
-/*
- * FUNCTION: Generates a audit message when an object is deleted
- * ARGUMENTS:
- * SubsystemName = Spefies the name of the subsystem can be 'WIN32' or 'DEBUG'
- * HandleId= Handle to an audit object
- * GenerateOnClose = Value returned by NtAccessCheckAndAuditAlarm
- * REMARKS: This function maps to the win32 ObjectCloseAuditAlarm
- * RETURNS: Status
- */
-
-NTSTATUS
-STDCALL
-NtDeleteObjectAuditAlarm (
- IN PUNICODE_STRING SubsystemName,
- IN PVOID HandleId,
- IN BOOLEAN GenerateOnClose
- );
-
-NTSTATUS
-STDCALL
-ZwDeleteObjectAuditAlarm (
- IN PUNICODE_STRING SubsystemName,
- IN PVOID HandleId,
- IN BOOLEAN GenerateOnClose
- );
-
-
-/*
- * FUNCTION: Deletes a value from a registry key
- * ARGUMENTS:
- * KeyHandle = Handle of the key
- * ValueName = Name of the value to delete
- * RETURNS: Status
- */
-
-NTSTATUS
-STDCALL
-NtDeleteValueKey(
- IN HANDLE KeyHandle,
- IN PUNICODE_STRING ValueName
- );
-
-NTSTATUS
-STDCALL
-ZwDeleteValueKey(
- IN HANDLE KeyHandle,
- IN PUNICODE_STRING ValueName
- );
-/*
- * FUNCTION: Sends IOCTL to the io sub system
- * ARGUMENTS:
- * DeviceHandle = Points to the handle that is created by NtCreateFile
- * Event = Event to synchronize on STATUS_PENDING
- * ApcRoutine = Asynchroneous procedure callback
- * ApcContext = Callback context.
- * IoStatusBlock = Caller should supply storage for extra information..
- * IoControlCode = Contains the IO Control command. This is an
- * index to the structures in InputBuffer and OutputBuffer.
- * InputBuffer = Caller should supply storage for input buffer if IOTL expects one.
- * InputBufferSize = Size of the input bufffer
- * OutputBuffer = Caller should supply storage for output buffer if IOTL expects one.
- * OutputBufferSize = Size of the input bufffer
- * RETURNS: Status
- */
-
-NTSTATUS
-STDCALL
-NtDeviceIoControlFile(
- IN HANDLE DeviceHandle,
- IN HANDLE Event OPTIONAL,
- IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL,
- IN PVOID UserApcContext OPTIONAL,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN ULONG IoControlCode,
- IN PVOID InputBuffer,
- IN ULONG InputBufferSize,
- OUT PVOID OutputBuffer,
- IN ULONG OutputBufferSize
- );
-
-NTSTATUS
-STDCALL
-ZwDeviceIoControlFile(
- IN HANDLE DeviceHandle,
- IN HANDLE Event OPTIONAL,
- IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL,
- IN PVOID UserApcContext OPTIONAL,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN ULONG IoControlCode,
- IN PVOID InputBuffer,
- IN ULONG InputBufferSize,
- OUT PVOID OutputBuffer,
- IN ULONG OutputBufferSize
- );
-/*
- * FUNCTION: Displays a string on the blue screen
- * ARGUMENTS:
- * DisplayString = The string to display
- * RETURNS: Status
- */
-
-NTSTATUS
-STDCALL
-NtDisplayString(
- IN PUNICODE_STRING DisplayString
- );
-
-NTSTATUS
-STDCALL
-ZwDisplayString(
- IN PUNICODE_STRING DisplayString
- );
-
-/*
- * FUNCTION: Copies a handle from one process space to another
- * ARGUMENTS:
- * SourceProcessHandle = The source process owning the handle. The source process should have opened
- * the SourceHandle with PROCESS_DUP_HANDLE access.
- * SourceHandle = The handle to the object.
- * TargetProcessHandle = The destination process owning the handle
- * TargetHandle (OUT) = Caller should supply storage for the duplicated handle.
- * DesiredAccess = The desired access to the handle.
- * InheritHandle = Indicates wheter the new handle will be inheritable or not.
- * Options = Specifies special actions upon duplicating the handle. Can be
- * one of the values DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS.
- * DUPLICATE_CLOSE_SOURCE specifies that the source handle should be
- * closed after duplicating. DUPLICATE_SAME_ACCESS specifies to ignore
- * the DesiredAccess paramter and just grant the same access to the new
- * handle.
- * RETURNS: Status
- * REMARKS: This function maps to the win32 DuplicateHandle.
- */
-
-NTSTATUS
-STDCALL
-NtDuplicateObject(
- IN HANDLE SourceProcessHandle,
- IN HANDLE SourceHandle,
- IN HANDLE TargetProcessHandle,
- OUT PHANDLE TargetHandle,
- IN ACCESS_MASK DesiredAccess,
- IN BOOLEAN InheritHandle,
- IN ULONG Options
- );
-
-NTSTATUS
-STDCALL
-ZwDuplicateObject(
- IN HANDLE SourceProcessHandle,
- IN PHANDLE SourceHandle,
- IN HANDLE TargetProcessHandle,
- OUT PHANDLE TargetHandle,
- IN ACCESS_MASK DesiredAccess,
- IN BOOLEAN InheritHandle,
- IN ULONG Options
- );
-
-NTSTATUS
-STDCALL
-NtDuplicateToken(
- IN HANDLE ExistingToken,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
- IN TOKEN_TYPE TokenType,
- OUT PHANDLE NewToken
- );
-
-NTSTATUS
-STDCALL
-ZwDuplicateToken(
- IN HANDLE ExistingToken,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
- IN TOKEN_TYPE TokenType,
- OUT PHANDLE NewToken
- );
-/*
- * FUNCTION: Returns information about the subkeys of an open key
- * ARGUMENTS:
- * KeyHandle = Handle of the key whose subkeys are to enumerated
- * Index = zero based index of the subkey for which information is
- * request
- * KeyInformationClass = Type of information returned
- * KeyInformation (OUT) = Caller allocated buffer for the information
- * about the key
- * Length = Length in bytes of the KeyInformation buffer
- * ResultLength (OUT) = Caller allocated storage which holds
- * the number of bytes of information retrieved
- * on return
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtEnumerateKey(
- IN HANDLE KeyHandle,
- IN ULONG Index,
- IN KEY_INFORMATION_CLASS KeyInformationClass,
- OUT PVOID KeyInformation,
- IN ULONG Length,
- OUT PULONG ResultLength
- );
-
-NTSTATUS
-STDCALL
-ZwEnumerateKey(
- IN HANDLE KeyHandle,
- IN ULONG Index,
- IN KEY_INFORMATION_CLASS KeyInformationClass,
- OUT PVOID KeyInformation,
- IN ULONG Length,
- OUT PULONG ResultLength
- );
-/*
- * FUNCTION: Returns information about the value entries of an open key
- * ARGUMENTS:
- * KeyHandle = Handle of the key whose value entries are to enumerated
- * Index = zero based index of the subkey for which information is
- * request
- * KeyInformationClass = Type of information returned
- * KeyInformation (OUT) = Caller allocated buffer for the information
- * about the key
- * Length = Length in bytes of the KeyInformation buffer
- * ResultLength (OUT) = Caller allocated storage which holds
- * the number of bytes of information retrieved
- * on return
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtEnumerateValueKey(
- IN HANDLE KeyHandle,
- IN ULONG Index,
- IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass,
- OUT PVOID KeyValueInformation,
- IN ULONG Length,
- OUT PULONG ResultLength
- );
-
-NTSTATUS
-STDCALL
-ZwEnumerateValueKey(
- IN HANDLE KeyHandle,
- IN ULONG Index,
- IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass,
- OUT PVOID KeyValueInformation,
- IN ULONG Length,
- OUT PULONG ResultLength
- );
-/*
- * FUNCTION: Extends a section
- * ARGUMENTS:
- * SectionHandle = Handle to the section
- * NewMaximumSize = Adjusted size
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtExtendSection(
- IN HANDLE SectionHandle,
- IN ULONG NewMaximumSize
- );
-NTSTATUS
-STDCALL
-ZwExtendSection(
- IN HANDLE SectionHandle,
- IN ULONG NewMaximumSize
- );
-
-/*
- * FUNCTION: Finds a atom
- * ARGUMENTS:
- * AtomName = Name to search for.
- * Atom = Caller supplies storage for the resulting atom
- * RETURNS: Status
- * REMARKS:
- * This funciton maps to the win32 GlobalFindAtom
- */
-NTSTATUS
-STDCALL
-NtFindAtom(
- IN PWSTR AtomName,
- OUT PRTL_ATOM Atom OPTIONAL
- );
-
-NTSTATUS
-STDCALL
-ZwFindAtom(
- IN PWSTR AtomName,
- OUT PRTL_ATOM Atom OPTIONAL
- );
-
-/*
- * FUNCTION: Flushes chached file data to disk
- * ARGUMENTS:
- * FileHandle = Points to the file
- * IoStatusBlock = Caller must supply storage to receive the result of the flush
- * buffers operation. The information field is set to number of bytes
- * flushed to disk.
- * RETURNS: Status
- * REMARKS:
- * This funciton maps to the win32 FlushFileBuffers
- */
-NTSTATUS
-STDCALL
-NtFlushBuffersFile(
- IN HANDLE FileHandle,
- OUT PIO_STATUS_BLOCK IoStatusBlock
- );
-
-NTSTATUS
-STDCALL
-ZwFlushBuffersFile(
- IN HANDLE FileHandle,
- OUT PIO_STATUS_BLOCK IoStatusBlock
- );
-/*
- * FUNCTION: Flushes a the processors instruction cache
- * ARGUMENTS:
- * ProcessHandle = Points to the process owning the cache
- * BaseAddress = // might this be a image address ????
- * NumberOfBytesToFlush =
- * RETURNS: Status
- * REMARKS:
- * This funciton is used by debuggers
- */
-NTSTATUS
-STDCALL
-NtFlushInstructionCache(
- IN HANDLE ProcessHandle,
- IN PVOID BaseAddress,
- IN UINT NumberOfBytesToFlush
- );
-NTSTATUS
-STDCALL
-ZwFlushInstructionCache(
- IN HANDLE ProcessHandle,
- IN PVOID BaseAddress,
- IN UINT NumberOfBytesToFlush
- );
-/*
- * FUNCTION: Flushes a registry key to disk
- * ARGUMENTS:
- * KeyHandle = Points to the registry key handle
- * RETURNS: Status
- * REMARKS:
- * This funciton maps to the win32 RegFlushKey.
- */
-NTSTATUS
-STDCALL
-NtFlushKey(
- IN HANDLE KeyHandle
- );
-
-NTSTATUS
-STDCALL
-ZwFlushKey(
- IN HANDLE KeyHandle
- );
-
-/*
- * FUNCTION: Flushes virtual memory to file
- * ARGUMENTS:
- * ProcessHandle = Points to the process that allocated the virtual memory
- * BaseAddress = Points to the memory address
- * NumberOfBytesToFlush = Limits the range to flush,
- * NumberOfBytesFlushed = Actual number of bytes flushed
- * RETURNS: Status
- * REMARKS:
- * Check return status on STATUS_NOT_MAPPED_DATA
- */
-NTSTATUS
-STDCALL
-NtFlushVirtualMemory(
- IN HANDLE ProcessHandle,
- IN PVOID BaseAddress,
- IN ULONG NumberOfBytesToFlush,
- OUT PULONG NumberOfBytesFlushed OPTIONAL
- );
-NTSTATUS
-STDCALL
-ZwFlushVirtualMemory(
- IN HANDLE ProcessHandle,
- IN PVOID BaseAddress,
- IN ULONG NumberOfBytesToFlush,
- OUT PULONG NumberOfBytesFlushed OPTIONAL
- );
-
-/*
- * FUNCTION: Flushes the dirty pages to file
- * RETURNS: Status
- * FIXME: Not sure this does (how is the file specified)
- */
-NTSTATUS STDCALL NtFlushWriteBuffer(VOID);
-NTSTATUS STDCALL ZwFlushWriteBuffer(VOID);
-
- /*
- * FUNCTION: Frees a range of virtual memory
- * ARGUMENTS:
- * ProcessHandle = Points to the process that allocated the virtual
- * memory
- * BaseAddress = Points to the memory address, rounded down to a
- * multiple of the pagesize
- * RegionSize = Limits the range to free, rounded up to a multiple of
- * the paging size
- * FreeType = Can be one of the values: MEM_DECOMMIT, or MEM_RELEASE
- * RETURNS: Status
- */
-NTSTATUS STDCALL NtFreeVirtualMemory(IN HANDLE ProcessHandle,
- IN PVOID *BaseAddress,
- IN PULONG RegionSize,
- IN ULONG FreeType);
-NTSTATUS STDCALL ZwFreeVirtualMemory(IN HANDLE ProcessHandle,
- IN PVOID *BaseAddress,
- IN PULONG RegionSize,
- IN ULONG FreeType);
-
-/*
- * FUNCTION: Sends FSCTL to the filesystem
- * ARGUMENTS:
- * DeviceHandle = Points to the handle that is created by NtCreateFile
- * Event = Event to synchronize on STATUS_PENDING
- * ApcRoutine =
- * ApcContext =
- * IoStatusBlock = Caller should supply storage for
- * IoControlCode = Contains the File System Control command. This is an
- * index to the structures in InputBuffer and OutputBuffer.
- * FSCTL_GET_RETRIEVAL_POINTERS MAPPING_PAIR
- * FSCTL_GET_RETRIEVAL_POINTERS GET_RETRIEVAL_DESCRIPTOR
- * FSCTL_GET_VOLUME_BITMAP BITMAP_DESCRIPTOR
- * FSCTL_MOVE_FILE MOVEFILE_DESCRIPTOR
- *
- * InputBuffer = Caller should supply storage for input buffer if FCTL expects one.
- * InputBufferSize = Size of the input bufffer
- * OutputBuffer = Caller should supply storage for output buffer if FCTL expects one.
- * OutputBufferSize = Size of the input bufffer
- * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES |
- * STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST ]
- */
-NTSTATUS
-STDCALL
-NtFsControlFile(
- IN HANDLE DeviceHandle,
- IN HANDLE Event OPTIONAL,
- IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
- IN PVOID ApcContext OPTIONAL,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN ULONG IoControlCode,
- IN PVOID InputBuffer,
- IN ULONG InputBufferSize,
- OUT PVOID OutputBuffer,
- IN ULONG OutputBufferSize
- );
-
-NTSTATUS
-STDCALL
-ZwFsControlFile(
- IN HANDLE DeviceHandle,
- IN HANDLE Event OPTIONAL,
- IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
- IN PVOID ApcContext OPTIONAL,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN ULONG IoControlCode,
- IN PVOID InputBuffer,
- IN ULONG InputBufferSize,
- OUT PVOID OutputBuffer,
- IN ULONG OutputBufferSize
- );
-
-/*
- * FUNCTION: Retrieves the processor context of a thread
- * ARGUMENTS:
- * ThreadHandle = Handle to a thread
- * Context (OUT) = Caller allocated storage for the processor context
- * RETURNS: Status
- */
-
-NTSTATUS
-STDCALL
-NtGetContextThread(
- IN HANDLE ThreadHandle,
- OUT PCONTEXT Context
- );
-
-NTSTATUS
-STDCALL
-ZwGetContextThread(
- IN HANDLE ThreadHandle,
- OUT PCONTEXT Context
- );
-/*
- * FUNCTION: Retrieves the uptime of the system
- * ARGUMENTS:
- * UpTime = Number of clock ticks since boot.
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtGetTickCount(
- PULONG UpTime
- );
-
-NTSTATUS
-STDCALL
-ZwGetTickCount(
- PULONG UpTime
- );
-
-/*
- * FUNCTION: Sets a thread to impersonate another
- * ARGUMENTS:
- * ThreadHandle = Server thread that will impersonate a client.
- ThreadToImpersonate = Client thread that will be impersonated
- SecurityQualityOfService = Specifies the impersonation level.
- * RETURNS: Status
- */
-
-NTSTATUS
-STDCALL
-NtImpersonateThread(
- IN HANDLE ThreadHandle,
- IN HANDLE ThreadToImpersonate,
- IN PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService
- );
-
-NTSTATUS
-STDCALL
-ZwImpersonateThread(
- IN HANDLE ThreadHandle,
- IN HANDLE ThreadToImpersonate,
- IN PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService
- );
-
-/*
- * FUNCTION: Initializes the registry.
- * ARGUMENTS:
- * SetUpBoot = This parameter is true for a setup boot.
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtInitializeRegistry(
- BOOLEAN SetUpBoot
- );
-NTSTATUS
-STDCALL
-ZwInitializeRegistry(
- BOOLEAN SetUpBoot
- );
-
-/*
- * FUNCTION: Loads a driver.
- * ARGUMENTS:
- * DriverServiceName = Name of the driver to load
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtLoadDriver(
- IN PUNICODE_STRING DriverServiceName
- );
-
-NTSTATUS
-STDCALL
-ZwLoadDriver(
- IN PUNICODE_STRING DriverServiceName
- );
-
-/*
- * FUNCTION: Loads a registry key.
- * ARGUMENTS:
- * KeyHandle = Handle to the registry key
- * ObjectAttributes = ???
- * REMARK:
- * This procedure maps to the win32 procedure RegLoadKey
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtLoadKey(
- PHANDLE KeyHandle,
- POBJECT_ATTRIBUTES ObjectAttributes
- );
-NTSTATUS
-STDCALL
-ZwLoadKey(
- PHANDLE KeyHandle,
- POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-/*
- * FUNCTION: Loads a registry key.
- * ARGUMENTS:
- * KeyHandle = Handle to the registry key
- * ObjectAttributes = ???
- * Unknown3 = ???
- * REMARK:
- * This procedure maps to the win32 procedure RegLoadKey
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtLoadKey2 (
- PHANDLE KeyHandle,
- POBJECT_ATTRIBUTES ObjectAttributes,
- ULONG Unknown3
- );
-NTSTATUS
-STDCALL
-ZwLoadKey2 (
- PHANDLE KeyHandle,
- POBJECT_ATTRIBUTES ObjectAttributes,
- ULONG Unknown3
- );
-
-/*
- * FUNCTION: Locks a range of bytes in a file.
- * ARGUMENTS:
- * FileHandle = Handle to the file
- * Event = Should be null if apc is specified.
- * ApcRoutine = Asynchroneous Procedure Callback
- * ApcContext = Argument to the callback
- * IoStatusBlock (OUT) = Caller should supply storage for a structure containing
- * the completion status and information about the requested lock operation.
- * ByteOffset = Offset
- * Length = Number of bytes to lock.
- * Key = Special value to give other threads the possibility to unlock the file
- by supplying the key in a call to NtUnlockFile.
- * FailImmediatedly = If false the request will block untill the lock is obtained.
- * ExclusiveLock = Specifies whether a exclusive or a shared lock is obtained.
- * REMARK:
- This procedure maps to the win32 procedure LockFileEx. STATUS_PENDING is returned if the lock could
- not be obtained immediately, the device queue is busy and the IRP is queued.
- * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES |
- STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_LOCK_NOT_GRANTED ]
-
- */
-NTSTATUS
-STDCALL
-NtLockFile(
- IN HANDLE FileHandle,
- IN HANDLE Event OPTIONAL,
- IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
- IN PVOID ApcContext OPTIONAL,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN PLARGE_INTEGER ByteOffset,
- IN PLARGE_INTEGER Length,
- IN PULONG Key,
- IN BOOLEAN FailImmediatedly,
- IN BOOLEAN ExclusiveLock
- );
-
-NTSTATUS
-STDCALL
-ZwLockFile(
- IN HANDLE FileHandle,
- IN HANDLE Event OPTIONAL,
- IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
- IN PVOID ApcContext OPTIONAL,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN PLARGE_INTEGER ByteOffset,
- IN PLARGE_INTEGER Length,
- IN PULONG Key,
- IN BOOLEAN FailImmediatedly,
- IN BOOLEAN ExclusiveLock
- );
-/*
- * FUNCTION: Locks a range of virtual memory.
- * ARGUMENTS:
- * ProcessHandle = Handle to the process
- * BaseAddress = Lower boundary of the range of bytes to lock.
- * NumberOfBytesLock = Offset to the upper boundary.
- * NumberOfBytesLocked (OUT) = Number of bytes actually locked.
- * REMARK:
- This procedure maps to the win32 procedure VirtualLock
- * RETURNS: Status [STATUS_SUCCESS | STATUS_WAS_LOCKED ]
- */
-NTSTATUS
-STDCALL
-NtLockVirtualMemory(
- HANDLE ProcessHandle,
- PVOID BaseAddress,
- ULONG NumberOfBytesToLock,
- PULONG NumberOfBytesLocked
- );
-NTSTATUS
-STDCALL
-ZwLockVirtualMemory(
- HANDLE ProcessHandle,
- PVOID BaseAddress,
- ULONG NumberOfBytesToLock,
- PULONG NumberOfBytesLocked
- );
-/*
- * FUNCTION: Makes temporary object that will be removed at next boot.
- * ARGUMENTS:
- * Handle = Handle to object
- * RETURNS: Status
- */
-
-NTSTATUS
-STDCALL
-NtMakeTemporaryObject(
- IN HANDLE Handle
- );
-
-NTSTATUS
-STDCALL
-ZwMakeTemporaryObject(
- IN HANDLE Handle
- );
-/*
- * FUNCTION: Maps a view of a section into the virtual address space of a
- * process
- * ARGUMENTS:
- * SectionHandle = Handle of the section
- * ProcessHandle = Handle of the process
- * BaseAddress = Desired base address (or NULL) on entry
- * Actual base address of the view on exit
- * ZeroBits = Number of high order address bits that must be zero
- * CommitSize = Size in bytes of the initially committed section of
- * the view
- * SectionOffset = Offset in bytes from the beginning of the section
- * to the beginning of the view
- * ViewSize = Desired length of map (or zero to map all) on entry
- * Actual length mapped on exit
- * InheritDisposition = Specified how the view is to be shared with
- * child processes
- * AllocateType = Type of allocation for the pages
- * Protect = Protection for the committed region of the view
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtMapViewOfSection(
- IN HANDLE SectionHandle,
- IN HANDLE ProcessHandle,
- IN OUT PVOID *BaseAddress,
- IN ULONG ZeroBits,
- IN ULONG CommitSize,
- IN OUT PLARGE_INTEGER SectionOffset OPTIONAL,
- IN OUT PULONG ViewSize,
- IN SECTION_INHERIT InheritDisposition,
- IN ULONG AllocationType,
- IN ULONG AccessProtection
- );
-
-NTSTATUS
-STDCALL
-ZwMapViewOfSection(
- IN HANDLE SectionHandle,
- IN HANDLE ProcessHandle,
- IN OUT PVOID *BaseAddress,
- IN ULONG ZeroBits,
- IN ULONG CommitSize,
- IN OUT PLARGE_INTEGER SectionOffset OPTIONAL,
- IN OUT PULONG ViewSize,
- IN SECTION_INHERIT InheritDisposition,
- IN ULONG AllocationType,
- IN ULONG AccessProtection
- );
-
-/*
- * FUNCTION: Installs a notify for the change of a directory's contents
- * ARGUMENTS:
- * FileHandle = Handle to the directory
- Event =
- * ApcRoutine = Start address
- * ApcContext = Delimits the range of virtual memory
- * for which the new access protection holds
- * IoStatusBlock = The new access proctection for the pages
- * Buffer = Caller supplies storage for resulting information --> FILE_NOTIFY_INFORMATION
- * BufferSize = Size of the buffer
- CompletionFilter = Can be one of the following values:
- FILE_NOTIFY_CHANGE_FILE_NAME
- FILE_NOTIFY_CHANGE_DIR_NAME
- FILE_NOTIFY_CHANGE_NAME ( FILE_NOTIFY_CHANGE_FILE_NAME | FILE_NOTIFY_CHANGE_DIR_NAME )
- FILE_NOTIFY_CHANGE_ATTRIBUTES
- FILE_NOTIFY_CHANGE_SIZE
- FILE_NOTIFY_CHANGE_LAST_WRITE
- FILE_NOTIFY_CHANGE_LAST_ACCESS
- FILE_NOTIFY_CHANGE_CREATION ( change of creation timestamp )
- FILE_NOTIFY_CHANGE_EA
- FILE_NOTIFY_CHANGE_SECURITY
- FILE_NOTIFY_CHANGE_STREAM_NAME
- FILE_NOTIFY_CHANGE_STREAM_SIZE
- FILE_NOTIFY_CHANGE_STREAM_WRITE
- WatchTree = If true the notify will be installed recursively on the targetdirectory and all subdirectories.
- *
- * REMARKS:
- * The function maps to the win32 FindFirstChangeNotification, FindNextChangeNotification
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtNotifyChangeDirectoryFile(
- IN HANDLE FileHandle,
- IN HANDLE Event OPTIONAL,
- IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
- IN PVOID ApcContext OPTIONAL,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- OUT PVOID Buffer,
- IN ULONG BufferSize,
- IN ULONG CompletionFilter,
- IN BOOLEAN WatchTree
- );
-
-NTSTATUS
-STDCALL
-ZwNotifyChangeDirectoryFile(
- IN HANDLE FileHandle,
- IN HANDLE Event OPTIONAL,
- IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
- IN PVOID ApcContext OPTIONAL,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- OUT PVOID Buffer,
- IN ULONG BufferSize,
- IN ULONG CompletionFilter,
- IN BOOLEAN WatchTree
- );
-
-/*
- * FUNCTION: Installs a notfication callback on registry changes
- * ARGUMENTS:
- KeyHandle = Handle to the registry key
- Event = Event that should be signalled on modification of the key
- ApcRoutine = Routine that should be called on modification of the key
- ApcContext = Argument to the ApcRoutine
- IoStatusBlock = ???
- CompletionFilter = Specifies the kind of notification the caller likes to receive.
- Can be a combination of the following values:
-
- REG_NOTIFY_CHANGE_NAME
- REG_NOTIFY_CHANGE_ATTRIBUTES
- REG_NOTIFY_CHANGE_LAST_SET
- REG_NOTIFY_CHANGE_SECURITY
-
-
- Asynchroneous = If TRUE the changes are reported by signalling an event if false
- the function will not return before a change occurs.
- ChangeBuffer = Will return the old value
- Length = Size of the change buffer
- WatchSubtree = Indicates if the caller likes to receive a notification of changes in
- sub keys or not.
- * REMARKS: If the key is closed the event is signalled aswell.
- * RETURNS: Status
- */
-
-NTSTATUS
-STDCALL
-NtNotifyChangeKey(
- IN HANDLE KeyHandle,
- IN HANDLE Event,
- IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
- IN PVOID ApcContext OPTIONAL,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN ULONG CompletionFilter,
- IN BOOLEAN Asynchroneous,
- OUT PVOID ChangeBuffer,
- IN ULONG Length,
- IN BOOLEAN WatchSubtree
- );
-
-NTSTATUS
-STDCALL
-ZwNotifyChangeKey(
- IN HANDLE KeyHandle,
- IN HANDLE Event,
- IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
- IN PVOID ApcContext OPTIONAL,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN ULONG CompletionFilter,
- IN BOOLEAN Asynchroneous,
- OUT PVOID ChangeBuffer,
- IN ULONG Length,
- IN BOOLEAN WatchSubtree
- );
-
-/*
- * FUNCTION: Opens an existing directory object
- * ARGUMENTS:
- * FileHandle (OUT) = Caller supplied storage for the resulting handle
- * DesiredAccess = Requested access to the directory
- * ObjectAttributes = Initialized attributes for the object
- * RETURNS: Status
- */
-
-NTSTATUS
-STDCALL
-NtOpenDirectoryObject(
- OUT PHANDLE FileHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes
- );
-NTSTATUS
-STDCALL
-ZwOpenDirectoryObject(
- OUT PHANDLE FileHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-/*
- * FUNCTION: Opens an existing event
- * ARGUMENTS:
- * EventHandle (OUT) = Caller supplied storage for the resulting handle
- * DesiredAccess = Requested access to the event
- * ObjectAttributes = Initialized attributes for the object
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtOpenEvent(
- OUT PHANDLE EventHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-NTSTATUS
-STDCALL
-ZwOpenEvent(
- OUT PHANDLE EventHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-/*
- * FUNCTION: Opens an existing event pair
- * ARGUMENTS:
- * EventHandle (OUT) = Caller supplied storage for the resulting handle
- * DesiredAccess = Requested access to the event
- * ObjectAttributes = Initialized attributes for the object
- * RETURNS: Status
- */
-
-NTSTATUS
-STDCALL
-NtOpenEventPair(
- OUT PHANDLE EventPairHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-NTSTATUS
-STDCALL
-ZwOpenEventPair(
- OUT PHANDLE EventPairHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes
- );
-/*
- * FUNCTION: Opens an existing file
- * ARGUMENTS:
- * FileHandle (OUT) = Caller supplied storage for the resulting handle
- * DesiredAccess = Requested access to the file
- * ObjectAttributes = Initialized attributes for the object
- * IoStatusBlock =
- * ShareAccess =
- * OpenOptions =
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtOpenFile(
- OUT PHANDLE FileHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN ULONG ShareAccess,
- IN ULONG OpenOptions
- );
-
-NTSTATUS
-STDCALL
-ZwOpenFile(
- OUT PHANDLE FileHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN ULONG ShareAccess,
- IN ULONG OpenOptions
- );
-
-/*
- * FUNCTION: Opens an existing io completion object
- * ARGUMENTS:
- * CompletionPort (OUT) = Caller supplied storage for the resulting handle
- * DesiredAccess = Requested access to the io completion object
- * ObjectAttributes = Initialized attributes for the object
- * RETURNS: Status
- */
-
-NTSTATUS
-STDCALL
-NtOpenIoCompletion(
- OUT PHANDLE CompetionPort,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-NTSTATUS
-STDCALL
-ZwOpenIoCompletion(
- OUT PHANDLE CompetionPort,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-/*
- * FUNCTION: Opens an existing key in the registry
- * ARGUMENTS:
- * KeyHandle (OUT) = Caller supplied storage for the resulting handle
- * DesiredAccess = Requested access to the key
- * ObjectAttributes = Initialized attributes for the object
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtOpenKey(
- OUT PHANDLE KeyHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-NTSTATUS
-STDCALL
-ZwOpenKey(
- OUT PHANDLE KeyHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes
- );
-/*
- * FUNCTION: Opens an existing key in the registry
- * ARGUMENTS:
- * MutantHandle (OUT) = Caller supplied storage for the resulting handle
- * DesiredAccess = Requested access to the mutant
- * ObjectAttribute = Initialized attributes for the object
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtOpenMutant(
- OUT PHANDLE MutantHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes
- );
-NTSTATUS
-STDCALL
-ZwOpenMutant(
- OUT PHANDLE MutantHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-NTSTATUS
-STDCALL
-NtOpenObjectAuditAlarm(
- IN PUNICODE_STRING SubsystemName,
- IN PVOID HandleId,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN HANDLE ClientToken,
- IN ULONG DesiredAccess,
- IN ULONG GrantedAccess,
- IN PPRIVILEGE_SET Privileges,
- IN BOOLEAN ObjectCreation,
- IN BOOLEAN AccessGranted,
- OUT PBOOLEAN GenerateOnClose
- );
-
-NTSTATUS
-STDCALL
-ZwOpenObjectAuditAlarm(
- IN PUNICODE_STRING SubsystemName,
- IN PVOID HandleId,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN HANDLE ClientToken,
- IN ULONG DesiredAccess,
- IN ULONG GrantedAccess,
- IN PPRIVILEGE_SET Privileges,
- IN BOOLEAN ObjectCreation,
- IN BOOLEAN AccessGranted,
- OUT PBOOLEAN GenerateOnClose
- );
-/*
- * FUNCTION: Opens an existing process
- * ARGUMENTS:
- * ProcessHandle (OUT) = Caller supplied storage for the resulting handle
- * DesiredAccess = Requested access to the process
- * ObjectAttribute = Initialized attributes for the object
- * ClientId = Identifies the process id to open
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtOpenProcess (
- OUT PHANDLE ProcessHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN PCLIENT_ID ClientId
- );
-NTSTATUS
-STDCALL
-ZwOpenProcess (
- OUT PHANDLE ProcessHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN PCLIENT_ID ClientId
- );
-/*
- * FUNCTION: Opens an existing process
- * ARGUMENTS:
- * ProcessHandle = Handle of the process of which owns the token
- * DesiredAccess = Requested access to the token
- * TokenHandle (OUT) = Caller supplies storage for the resulting token.
- * REMARKS:
- This function maps to the win32
- * RETURNS: Status
- */
-
-NTSTATUS
-STDCALL
-NtOpenProcessToken(
- IN HANDLE ProcessHandle,
- IN ACCESS_MASK DesiredAccess,
- OUT PHANDLE TokenHandle
- );
-
-NTSTATUS
-STDCALL
-ZwOpenProcessToken(
- IN HANDLE ProcessHandle,
- IN ACCESS_MASK DesiredAccess,
- OUT PHANDLE TokenHandle
- );
-
-/*
- * FUNCTION: Opens an existing section object
- * ARGUMENTS:
- * KeyHandle (OUT) = Caller supplied storage for the resulting handle
- * DesiredAccess = Requested access to the key
- * ObjectAttribute = Initialized attributes for the object
- * RETURNS: Status
- */
-
-NTSTATUS
-STDCALL
-NtOpenSection(
- OUT PHANDLE SectionHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes
- );
-NTSTATUS
-STDCALL
-ZwOpenSection(
- OUT PHANDLE SectionHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes
- );
-/*
- * FUNCTION: Opens an existing semaphore
- * ARGUMENTS:
- * SemaphoreHandle (OUT) = Caller supplied storage for the resulting handle
- * DesiredAccess = Requested access to the semaphore
- * ObjectAttribute = Initialized attributes for the object
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtOpenSemaphore(
- IN HANDLE SemaphoreHandle,
- IN ACCESS_MASK DesiredAcces,
- IN POBJECT_ATTRIBUTES ObjectAttributes
- );
-NTSTATUS
-STDCALL
-ZwOpenSemaphore(
- IN HANDLE SemaphoreHandle,
- IN ACCESS_MASK DesiredAcces,
- IN POBJECT_ATTRIBUTES ObjectAttributes
- );
-/*
- * FUNCTION: Opens an existing symbolic link
- * ARGUMENTS:
- * SymbolicLinkHandle (OUT) = Caller supplied storage for the resulting handle
- * DesiredAccess = Requested access to the symbolic link
- * ObjectAttribute = Initialized attributes for the object
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtOpenSymbolicLinkObject(
- OUT PHANDLE SymbolicLinkHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes
- );
-NTSTATUS
-STDCALL
-ZwOpenSymbolicLinkObject(
- OUT PHANDLE SymbolicLinkHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes
- );
-/*
- * FUNCTION: Opens an existing thread
- * ARGUMENTS:
- * ThreadHandle (OUT) = Caller supplied storage for the resulting handle
- * DesiredAccess = Requested access to the thread
- * ObjectAttribute = Initialized attributes for the object
- * ClientId = Identifies the thread to open.
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtOpenThread(
- OUT PHANDLE ThreadHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN PCLIENT_ID ClientId
- );
-NTSTATUS
-STDCALL
-ZwOpenThread(
- OUT PHANDLE ThreadHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN PCLIENT_ID ClientId
- );
-
-NTSTATUS
-STDCALL
-NtOpenThreadToken(
- IN HANDLE ThreadHandle,
- IN ACCESS_MASK DesiredAccess,
- IN BOOLEAN OpenAsSelf,
- OUT PHANDLE TokenHandle
- );
-
-NTSTATUS
-STDCALL
-ZwOpenThreadToken(
- IN HANDLE ThreadHandle,
- IN ACCESS_MASK DesiredAccess,
- IN BOOLEAN OpenAsSelf,
- OUT PHANDLE TokenHandle
- );
-/*
- * FUNCTION: Opens an existing timer
- * ARGUMENTS:
- * TimerHandle (OUT) = Caller supplied storage for the resulting handle
- * DesiredAccess = Requested access to the timer
- * ObjectAttribute = Initialized attributes for the object
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtOpenTimer(
- OUT PHANDLE TimerHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes
- );
-NTSTATUS
-STDCALL
-ZwOpenTimer(
- OUT PHANDLE TimerHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-/*
- * FUNCTION: Checks an access token for specific privileges
- * ARGUMENTS:
- * ClientToken = Handle to a access token structure
- * RequiredPrivileges = Specifies the requested privileges.
- * Result = Caller supplies storage for the result. If PRIVILEGE_SET_ALL_NECESSARY is
- set in the Control member of PRIVILEGES_SET Result
- will only be TRUE if all privileges are present in the access token.
- * RETURNS: Status
- */
-
-NTSTATUS
-STDCALL
-NtPrivilegeCheck(
- IN HANDLE ClientToken,
- IN PPRIVILEGE_SET RequiredPrivileges,
- IN PBOOLEAN Result
- );
-
-NTSTATUS
-STDCALL
-ZwPrivilegeCheck(
- IN HANDLE ClientToken,
- IN PPRIVILEGE_SET RequiredPrivileges,
- IN PBOOLEAN Result
- );
-
-NTSTATUS
-STDCALL
-NtPrivilegedServiceAuditAlarm(
- IN PUNICODE_STRING SubsystemName,
- IN PUNICODE_STRING ServiceName,
- IN HANDLE ClientToken,
- IN PPRIVILEGE_SET Privileges,
- IN BOOLEAN AccessGranted
- );
-
-NTSTATUS
-STDCALL
-ZwPrivilegedServiceAuditAlarm(
- IN PUNICODE_STRING SubsystemName,
- IN PUNICODE_STRING ServiceName,
- IN HANDLE ClientToken,
- IN PPRIVILEGE_SET Privileges,
- IN BOOLEAN AccessGranted
- );
-
-NTSTATUS
-STDCALL
-NtPrivilegeObjectAuditAlarm(
- IN PUNICODE_STRING SubsystemName,
- IN PVOID HandleId,
- IN HANDLE ClientToken,
- IN ULONG DesiredAccess,
- IN PPRIVILEGE_SET Privileges,
- IN BOOLEAN AccessGranted
- );
-
-NTSTATUS
-STDCALL
-ZwPrivilegeObjectAuditAlarm(
- IN PUNICODE_STRING SubsystemName,
- IN PVOID HandleId,
- IN HANDLE ClientToken,
- IN ULONG DesiredAccess,
- IN PPRIVILEGE_SET Privileges,
- IN BOOLEAN AccessGranted
- );
-
-/*
- * FUNCTION: Entry point for native applications
- * ARGUMENTS:
- * Peb = Pointes to the Process Environment Block (PEB)
- * REMARKS:
- * Native applications should use this function instead of a main.
- * Calling proces should terminate itself.
- * RETURNS: Status
- */
-VOID STDCALL
-NtProcessStartup(
- IN PPEB Peb
- );
-
-/*
- * FUNCTION: Set the access protection of a range of virtual memory
- * ARGUMENTS:
- * ProcessHandle = Handle to process owning the virtual address space
- * BaseAddress = Start address
- * NumberOfBytesToProtect = Delimits the range of virtual memory
- * for which the new access protection holds
- * NewAccessProtection = The new access proctection for the pages
- * OldAccessProtection = Caller should supply storage for the old
- * access protection
- *
- * REMARKS:
- * The function maps to the win32 VirtualProtectEx
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtProtectVirtualMemory(
- IN HANDLE ProcessHandle,
- IN PVOID BaseAddress,
- IN ULONG NumberOfBytesToProtect,
- IN ULONG NewAccessProtection,
- OUT PULONG OldAccessProtection
- );
-
-NTSTATUS
-STDCALL
-ZwProtectVirtualMemory(
- IN HANDLE ProcessHandle,
- IN PVOID BaseAddress,
- IN ULONG NumberOfBytesToProtect,
- IN ULONG NewAccessProtection,
- OUT PULONG OldAccessProtection
- );
-
-
-/*
- * FUNCTION: Signals an event and resets it afterwards.
- * ARGUMENTS:
- * EventHandle = Handle to the event
- * PulseCount = Number of times the action is repeated
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtPulseEvent(
- IN HANDLE EventHandle,
- IN PULONG PulseCount OPTIONAL
- );
-
-NTSTATUS
-STDCALL
-ZwPulseEvent(
- IN HANDLE EventHandle,
- IN PULONG PulseCount OPTIONAL
- );
-
-/*
- * FUNCTION: Queries the attributes of a file
- * ARGUMENTS:
- * ObjectAttributes = Initialized attributes for the object
- * Buffer = Caller supplies storage for the attributes
- * RETURNS: Status
- */
-
-NTSTATUS STDCALL
-NtQueryAttributesFile(IN POBJECT_ATTRIBUTES ObjectAttributes,
- OUT PFILE_BASIC_INFORMATION FileInformation);
-
-NTSTATUS STDCALL
-ZwQueryAttributesFile(IN POBJECT_ATTRIBUTES ObjectAttributes,
- OUT PFILE_BASIC_INFORMATION FileInformation);
-
-/*
- * FUNCTION: Queries the default locale id
- * ARGUMENTS:
- * UserProfile = Type of locale id
- * TRUE: thread locale id
- * FALSE: system locale id
- * DefaultLocaleId = Caller supplies storage for the locale id
- * RETURNS: Status
- */
-
-NTSTATUS
-STDCALL
-NtQueryDefaultLocale(
- IN BOOLEAN UserProfile,
- OUT PLCID DefaultLocaleId
- );
-
-NTSTATUS
-STDCALL
-ZwQueryDefaultLocale(
- IN BOOLEAN UserProfile,
- OUT PLCID DefaultLocaleId
- );
-
-/*
- * FUNCTION: Queries a directory file.
- * ARGUMENTS:
- * FileHandle = Handle to a directory file
- * EventHandle = Handle to the event signaled on completion
- * ApcRoutine = Asynchroneous procedure callback, called on completion
- * ApcContext = Argument to the apc.
- * IoStatusBlock = Caller supplies storage for extended status information.
- * FileInformation = Caller supplies storage for the resulting information.
- *
- * FileNameInformation FILE_NAMES_INFORMATION
- * FileDirectoryInformation FILE_DIRECTORY_INFORMATION
- * FileFullDirectoryInformation FILE_FULL_DIRECTORY_INFORMATION
- * FileBothDirectoryInformation FILE_BOTH_DIR_INFORMATION
- *
- * Length = Size of the storage supplied
- * FileInformationClass = Indicates the type of information requested.
- * ReturnSingleEntry = Specify true if caller only requests the first directory found.
- * FileName = Initial directory name to query, that may contain wild cards.
- * RestartScan = Number of times the action should be repeated
- * RETURNS: Status [ STATUS_SUCCESS, STATUS_ACCESS_DENIED, STATUS_INSUFFICIENT_RESOURCES,
- * STATUS_INVALID_PARAMETER, STATUS_INVALID_DEVICE_REQUEST, STATUS_BUFFER_OVERFLOW,
- * STATUS_INVALID_INFO_CLASS, STATUS_NO_SUCH_FILE, STATUS_NO_MORE_FILES ]
- */
-
-NTSTATUS
-STDCALL
-NtQueryDirectoryFile(
- IN HANDLE FileHandle,
- IN HANDLE Event OPTIONAL,
- IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
- IN PVOID ApcContext OPTIONAL,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- OUT PVOID FileInformation,
- IN ULONG Length,
- IN FILE_INFORMATION_CLASS FileInformationClass,
- IN BOOLEAN ReturnSingleEntry,
- IN PUNICODE_STRING FileName OPTIONAL,
- IN BOOLEAN RestartScan
- );
-
-NTSTATUS
-STDCALL
-ZwQueryDirectoryFile(
- IN HANDLE FileHandle,
- IN HANDLE Event OPTIONAL,
- IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
- IN PVOID ApcContext OPTIONAL,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- OUT PVOID FileInformation,
- IN ULONG Length,
- IN FILE_INFORMATION_CLASS FileInformationClass,
- IN BOOLEAN ReturnSingleEntry,
- IN PUNICODE_STRING FileName OPTIONAL,
- IN BOOLEAN RestartScan
- );
-
-/*
- * FUNCTION: Query information about the content of a directory object
- * ARGUMENTS:
- DirObjInformation = Buffer must be large enough to hold the name strings too
- GetNextIndex = If TRUE :return the index of the next object in this directory in ObjectIndex
- If FALSE: return the number of objects in this directory in ObjectIndex
- IgnoreInputIndex= If TRUE: ignore input value of ObjectIndex always start at index 0
- If FALSE use input value of ObjectIndex
- ObjectIndex = zero based index of object in the directory depends on GetNextIndex and IgnoreInputIndex
- DataWritten = Actual size of the ObjectIndex ???
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtQueryDirectoryObject(
- IN HANDLE DirObjHandle,
- OUT POBJDIR_INFORMATION DirObjInformation,
- IN ULONG BufferLength,
- IN BOOLEAN GetNextIndex,
- IN BOOLEAN IgnoreInputIndex,
- IN OUT PULONG ObjectIndex,
- OUT PULONG DataWritten OPTIONAL
- );
-
-NTSTATUS
-STDCALL
-ZwQueryDirectoryObject(
- IN HANDLE DirObjHandle,
- OUT POBJDIR_INFORMATION DirObjInformation,
- IN ULONG BufferLength,
- IN BOOLEAN GetNextIndex,
- IN BOOLEAN IgnoreInputIndex,
- IN OUT PULONG ObjectIndex,
- OUT PULONG DataWritten OPTIONAL
- );
-
-/*
- * FUNCTION: Queries the extended attributes of a file
- * ARGUMENTS:
- * FileHandle = Handle to the event
- * IoStatusBlock = Number of times the action is repeated
- * Buffer
- * Length
- * ReturnSingleEntry
- * EaList
- * EaListLength
- * EaIndex
- * RestartScan
- * RETURNS: Status
- */
-
-NTSTATUS
-STDCALL
-NtQueryEaFile(
- IN HANDLE FileHandle,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- OUT PVOID Buffer,
- IN ULONG Length,
- IN BOOLEAN ReturnSingleEntry,
- IN PVOID EaList OPTIONAL,
- IN ULONG EaListLength,
- IN PULONG EaIndex OPTIONAL,
- IN BOOLEAN RestartScan
- );
-
-NTSTATUS
-STDCALL
-ZwQueryEaFile(
- IN HANDLE FileHandle,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- OUT PVOID Buffer,
- IN ULONG Length,
- IN BOOLEAN ReturnSingleEntry,
- IN PVOID EaList OPTIONAL,
- IN ULONG EaListLength,
- IN PULONG EaIndex OPTIONAL,
- IN BOOLEAN RestartScan
- );
-
-/*
- * FUNCTION: Queries an event
- * ARGUMENTS:
- * EventHandle = Handle to the event
- * EventInformationClass = Index of the information structure
-
- EventBasicInformation EVENT_BASIC_INFORMATION
-
- * EventInformation = Caller supplies storage for the information structure
- * EventInformationLength = Size of the information structure
- * ReturnLength = Data written
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtQueryEvent(
- IN HANDLE EventHandle,
- IN EVENT_INFORMATION_CLASS EventInformationClass,
- OUT PVOID EventInformation,
- IN ULONG EventInformationLength,
- OUT PULONG ReturnLength
- );
-NTSTATUS
-STDCALL
-ZwQueryEvent(
- IN HANDLE EventHandle,
- IN EVENT_INFORMATION_CLASS EventInformationClass,
- OUT PVOID EventInformation,
- IN ULONG EventInformationLength,
- OUT PULONG ReturnLength
- );
-
-NTSTATUS STDCALL
-NtQueryFullAttributesFile(IN POBJECT_ATTRIBUTES ObjectAttributes,
- OUT PFILE_NETWORK_OPEN_INFORMATION FileInformation);
-
-NTSTATUS STDCALL
-ZwQueryFullAttributesFile(IN POBJECT_ATTRIBUTES ObjectAttributes,
- OUT PFILE_NETWORK_OPEN_INFORMATION FileInformation);
-
-NTSTATUS
-STDCALL
-NtQueryInformationAtom(
- IN RTL_ATOM Atom,
- IN ATOM_INFORMATION_CLASS AtomInformationClass,
- OUT PVOID AtomInformation,
- IN ULONG AtomInformationLength,
- OUT PULONG ReturnLength OPTIONAL
- );
-
-NTSTATUS
-STDCALL
-NtQueryInformationAtom(
- IN RTL_ATOM Atom,
- IN ATOM_INFORMATION_CLASS AtomInformationClass,
- OUT PVOID AtomInformation,
- IN ULONG AtomInformationLength,
- OUT PULONG ReturnLength OPTIONAL
- );
-
-
-/*
- * FUNCTION: Queries the information of a file object.
- * ARGUMENTS:
- * FileHandle = Handle to the file object
- * IoStatusBlock = Caller supplies storage for extended information
- * on the current operation.
- * FileInformation = Storage for the new file information
- * Lenght = Size of the storage for the file information.
- * FileInformationClass = Indicates which file information is queried
-
- FileDirectoryInformation FILE_DIRECTORY_INFORMATION
- FileFullDirectoryInformation FILE_FULL_DIRECTORY_INFORMATION
- FileBothDirectoryInformation FILE_BOTH_DIRECTORY_INFORMATION
- FileBasicInformation FILE_BASIC_INFORMATION
- FileStandardInformation FILE_STANDARD_INFORMATION
- FileInternalInformation FILE_INTERNAL_INFORMATION
- FileEaInformation FILE_EA_INFORMATION
- FileAccessInformation FILE_ACCESS_INFORMATION
- FileNameInformation FILE_NAME_INFORMATION
- FileRenameInformation FILE_RENAME_INFORMATION
- FileLinkInformation
- FileNamesInformation FILE_NAMES_INFORMATION
- FileDispositionInformation FILE_DISPOSITION_INFORMATION
- FilePositionInformation FILE_POSITION_INFORMATION
- FileFullEaInformation FILE_FULL_EA_INFORMATION
- FileModeInformation FILE_MODE_INFORMATION
- FileAlignmentInformation FILE_ALIGNMENT_INFORMATION
- FileAllInformation FILE_ALL_INFORMATION
-
- FileEndOfFileInformation FILE_END_OF_FILE_INFORMATION
- FileAlternateNameInformation
- FileStreamInformation FILE_STREAM_INFORMATION
- FilePipeInformation
- FilePipeLocalInformation
- FilePipeRemoteInformation
- FileMailslotQueryInformation
- FileMailslotSetInformation
- FileCompressionInformation FILE_COMPRESSION_INFORMATION
- FileCopyOnWriteInformation
- FileCompletionInformation IO_COMPLETION_CONTEXT
- FileMoveClusterInformation
- FileOleClassIdInformation
- FileOleStateBitsInformation
- FileNetworkOpenInformation FILE_NETWORK_OPEN_INFORMATION
- FileObjectIdInformation
- FileOleAllInformation
- FileOleDirectoryInformation
- FileContentIndexInformation
- FileInheritContentIndexInformation
- FileOleInformation
- FileMaximumInformation
-
- * REMARK:
- * This procedure maps to the win32 GetShortPathName, GetLongPathName,
- GetFullPathName, GetFileType, GetFileSize, GetFileTime functions.
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtQueryInformationFile(
- IN HANDLE FileHandle,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- OUT PVOID FileInformation,
- IN ULONG Length,
- IN FILE_INFORMATION_CLASS FileInformationClass
- );
-
-NTSTATUS
-STDCALL
-ZwQueryInformationFile(
- HANDLE FileHandle,
- PIO_STATUS_BLOCK IoStatusBlock,
- PVOID FileInformation,
- ULONG Length,
- FILE_INFORMATION_CLASS FileInformationClass
- );
-
-/*
- * FUNCTION: Queries the information of a process object.
- * ARGUMENTS:
- * ProcessHandle = Handle to the process object
- * ProcessInformation = Index to a certain information structure
-
- ProcessBasicInformation PROCESS_BASIC_INFORMATION
- ProcessQuotaLimits QUOTA_LIMITS
- ProcessIoCounters IO_COUNTERS
- ProcessVmCounters VM_COUNTERS
- ProcessTimes KERNEL_USER_TIMES
- ProcessBasePriority KPRIORITY
- ProcessRaisePriority KPRIORITY
- ProcessDebugPort HANDLE
- ProcessExceptionPort HANDLE
- ProcessAccessToken PROCESS_ACCESS_TOKEN
- ProcessLdtInformation LDT_ENTRY ??
- ProcessLdtSize ULONG
- ProcessDefaultHardErrorMode ULONG
- ProcessIoPortHandlers // kernel mode only
- ProcessPooledUsageAndLimits POOLED_USAGE_AND_LIMITS
- ProcessWorkingSetWatch PROCESS_WS_WATCH_INFORMATION
- ProcessUserModeIOPL (I/O Privilege Level)
- ProcessEnableAlignmentFaultFixup BOOLEAN
- ProcessPriorityClass ULONG
- ProcessWx86Information ULONG
- ProcessHandleCount ULONG
- ProcessAffinityMask ULONG
- ProcessPooledQuotaLimits QUOTA_LIMITS
- MaxProcessInfoClass
-
- * ProcessInformation = Caller supplies storage for the process information structure
- * ProcessInformationLength = Size of the process information structure
- * ReturnLength = Actual number of bytes written
-
- * REMARK:
- * This procedure maps to the win32 GetProcessTimes, GetProcessVersion,
- GetProcessWorkingSetSize, GetProcessPriorityBoost, GetProcessAffinityMask, GetPriorityClass,
- GetProcessShutdownParameters functions.
- * RETURNS: Status
-*/
-
-NTSTATUS
-STDCALL
-NtQueryInformationProcess(
- IN HANDLE ProcessHandle,
- IN CINT ProcessInformationClass,
- OUT PVOID ProcessInformation,
- IN ULONG ProcessInformationLength,
- OUT PULONG ReturnLength
- );
-
-NTSTATUS
-STDCALL
-ZwQueryInformationProcess(
- IN HANDLE ProcessHandle,
- IN CINT ProcessInformationClass,
- OUT PVOID ProcessInformation,
- IN ULONG ProcessInformationLength,
- OUT PULONG ReturnLength
- );
-
-
-/*
- * FUNCTION: Queries the information of a thread object.
- * ARGUMENTS:
- * ThreadHandle = Handle to the thread object
- * ThreadInformationClass = Index to a certain information structure
-
- ThreadBasicInformation THREAD_BASIC_INFORMATION
- ThreadTimes KERNEL_USER_TIMES
- ThreadPriority KPRIORITY
- ThreadBasePriority KPRIORITY
- ThreadAffinityMask KAFFINITY
- ThreadImpersonationToken
- ThreadDescriptorTableEntry
- ThreadEnableAlignmentFaultFixup
- ThreadEventPair
- ThreadQuerySetWin32StartAddress
- ThreadZeroTlsCell
- ThreadPerformanceCount
- ThreadAmILastThread BOOLEAN
- ThreadIdealProcessor ULONG
- ThreadPriorityBoost ULONG
- MaxThreadInfoClass
-
-
- * ThreadInformation = Caller supplies torage for the thread information
- * ThreadInformationLength = Size of the thread information structure
- * ReturnLength = Actual number of bytes written
-
- * REMARK:
- * This procedure maps to the win32 GetThreadTimes, GetThreadPriority,
- GetThreadPriorityBoost functions.
- * RETURNS: Status
-*/
-
-
-NTSTATUS
-STDCALL
-NtQueryInformationThread(
- IN HANDLE ThreadHandle,
- IN THREADINFOCLASS ThreadInformationClass,
- OUT PVOID ThreadInformation,
- IN ULONG ThreadInformationLength,
- OUT PULONG ReturnLength
- );
-
-
-NTSTATUS
-STDCALL
-NtQueryInformationToken(
- IN HANDLE TokenHandle,
- IN TOKEN_INFORMATION_CLASS TokenInformationClass,
- OUT PVOID TokenInformation,
- IN ULONG TokenInformationLength,
- OUT PULONG ReturnLength
- );
-
-NTSTATUS
-STDCALL
-ZwQueryInformationToken(
- IN HANDLE TokenHandle,
- IN TOKEN_INFORMATION_CLASS TokenInformationClass,
- OUT PVOID TokenInformation,
- IN ULONG TokenInformationLength,
- OUT PULONG ReturnLength
- );
-
-/*
- * FUNCTION: Query the interval and the clocksource for profiling
- * ARGUMENTS:
- Interval =
- ClockSource =
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtQueryIntervalProfile(
- OUT PULONG Interval,
- OUT KPROFILE_SOURCE ClockSource
- );
-
-NTSTATUS
-STDCALL
-ZwQueryIntervalProfile(
- OUT PULONG Interval,
- OUT KPROFILE_SOURCE ClockSource
- );
-
-
-
-NTSTATUS
-STDCALL
-NtQueryIoCompletion(
- IN HANDLE CompletionPort,
- IN ULONG CompletionKey,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- OUT PULONG NumberOfBytesTransferred
- );
-NTSTATUS
-STDCALL
-ZwQueryIoCompletion(
- IN HANDLE CompletionPort,
- IN ULONG CompletionKey,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- OUT PULONG NumberOfBytesTransferred
- );
-
-
-/*
- * FUNCTION: Queries the information of a registry key object.
- * ARGUMENTS:
- KeyHandle = Handle to a registry key
- KeyInformationClass = Index to a certain information structure
- KeyInformation = Caller supplies storage for resulting information
- Length = Size of the supplied storage
- ResultLength = Bytes written
- */
-NTSTATUS
-STDCALL
-NtQueryKey(
- IN HANDLE KeyHandle,
- IN KEY_INFORMATION_CLASS KeyInformationClass,
- OUT PVOID KeyInformation,
- IN ULONG Length,
- OUT PULONG ResultLength
- );
-
-NTSTATUS
-STDCALL
-ZwQueryKey(
- IN HANDLE KeyHandle,
- IN KEY_INFORMATION_CLASS KeyInformationClass,
- OUT PVOID KeyInformation,
- IN ULONG Length,
- OUT PULONG ResultLength
- );
-
-
-// draft
-
-NTSTATUS
-STDCALL
-NtQueryMultipleValueKey(
- IN HANDLE KeyHandle,
- IN OUT PKEY_VALUE_ENTRY ValueList,
- IN ULONG NumberOfValues,
- OUT PVOID Buffer,
- IN OUT PULONG Length,
- OUT PULONG ReturnLength
- );
-
-NTSTATUS
-STDCALL
-ZwQueryMultipleValueKey(
- IN HANDLE KeyHandle,
- IN OUT PKEY_VALUE_ENTRY ValueList,
- IN ULONG NumberOfValues,
- OUT PVOID Buffer,
- IN OUT PULONG Length,
- OUT PULONG ReturnLength
- );
-
-/*
- * FUNCTION: Queries the information of a mutant object.
- * ARGUMENTS:
- MutantHandle = Handle to a mutant
- MutantInformationClass = Index to a certain information structure
- MutantInformation = Caller supplies storage for resulting information
- Length = Size of the supplied storage
- ResultLength = Bytes written
- */
-NTSTATUS
-STDCALL
-NtQueryMutant(
- IN HANDLE MutantHandle,
- IN CINT MutantInformationClass,
- OUT PVOID MutantInformation,
- IN ULONG Length,
- OUT PULONG ResultLength
- );
-
-NTSTATUS
-STDCALL
-ZwQueryMutant(
- IN HANDLE MutantHandle,
- IN CINT MutantInformationClass,
- OUT PVOID MutantInformation,
- IN ULONG Length,
- OUT PULONG ResultLength
- );
-/*
- * FUNCTION: Queries the information of a object.
- * ARGUMENTS:
- ObjectHandle = Handle to a object
- ObjectInformationClass = Index to a certain information structure
-
- ObjectBasicInformation
- ObjectTypeInformation OBJECT_TYPE_INFORMATION
- ObjectNameInformation OBJECT_NAME_INFORMATION
- ObjectDataInformation OBJECT_DATA_INFORMATION
-
- ObjectInformation = Caller supplies storage for resulting information
- Length = Size of the supplied storage
- ResultLength = Bytes written
- */
-
-NTSTATUS
-STDCALL
-NtQueryObject(
- IN HANDLE ObjectHandle,
- IN CINT ObjectInformationClass,
- OUT PVOID ObjectInformation,
- IN ULONG Length,
- OUT PULONG ResultLength
- );
-
-NTSTATUS
-STDCALL
-ZwQueryObject(
- IN HANDLE ObjectHandle,
- IN CINT ObjectInformationClass,
- OUT PVOID ObjectInformation,
- IN ULONG Length,
- OUT PULONG ResultLength
- );
-
-/*
- * FUNCTION: Queries the system ( high-resolution ) performance counter.
- * ARGUMENTS:
- * Counter = Performance counter
- * Frequency = Performance frequency
- * REMARKS:
- This procedure queries a tick count faster than 10ms ( The resolution for Intel®-based CPUs is about 0.8 microseconds.)
- This procedure maps to the win32 QueryPerformanceCounter, QueryPerformanceFrequency
- * RETURNS: Status
- *
-*/
-NTSTATUS
-STDCALL
-NtQueryPerformanceCounter(
- IN PLARGE_INTEGER Counter,
- IN PLARGE_INTEGER Frequency
- );
-
-NTSTATUS
-STDCALL
-ZwQueryPerformanceCounter(
- IN PLARGE_INTEGER Counter,
- IN PLARGE_INTEGER Frequency
- );
-/*
- * FUNCTION: Queries the information of a section object.
- * ARGUMENTS:
- * SectionHandle = Handle to the section link object
- * SectionInformationClass = Index to a certain information structure
- * SectionInformation (OUT)= Caller supplies storage for resulting information
- * Length = Size of the supplied storage
- * ResultLength = Data written
- * RETURNS: Status
- *
-*/
-NTSTATUS
-STDCALL
-NtQuerySection(
- IN HANDLE SectionHandle,
- IN CINT SectionInformationClass,
- OUT PVOID SectionInformation,
- IN ULONG Length,
- OUT PULONG ResultLength
- );
-
-NTSTATUS
-STDCALL
-ZwQuerySection(
- IN HANDLE SectionHandle,
- IN CINT SectionInformationClass,
- OUT PVOID SectionInformation,
- IN ULONG Length,
- OUT PULONG ResultLength
- );
-
-NTSTATUS
-STDCALL
-NtQuerySecurityObject(
- IN HANDLE Object,
- IN CINT SecurityObjectInformationClass,
- OUT PVOID SecurityObjectInformation,
- IN ULONG Length,
- OUT PULONG ReturnLength
- );
-
-NTSTATUS
-STDCALL
-ZwQuerySecurityObject(
- IN HANDLE Object,
- IN CINT SecurityObjectInformationClass,
- OUT PVOID SecurityObjectInformation,
- IN ULONG Length,
- OUT PULONG ReturnLength
- );
-
-
-/*
- * FUNCTION: Queries the information of a semaphore.
- * ARGUMENTS:
- * SemaphoreHandle = Handle to the semaphore object
- * SemaphoreInformationClass = Index to a certain information structure
-
- SemaphoreBasicInformation SEMAPHORE_BASIC_INFORMATION
-
- * SemaphoreInformation = Caller supplies storage for the semaphore information structure
- * Length = Size of the infomation structure
- */
-NTSTATUS
-STDCALL
-NtQuerySemaphore(
- IN HANDLE SemaphoreHandle,
- IN SEMAPHORE_INFORMATION_CLASS SemaphoreInformationClass,
- OUT PVOID SemaphoreInformation,
- IN ULONG Length,
- OUT PULONG ReturnLength
- );
-
-NTSTATUS
-STDCALL
-ZwQuerySemaphore(
- IN HANDLE SemaphoreHandle,
- IN SEMAPHORE_INFORMATION_CLASS SemaphoreInformationClass,
- OUT PVOID SemaphoreInformation,
- IN ULONG Length,
- OUT PULONG ReturnLength
- );
-
-
-/*
- * FUNCTION: Queries the information of a symbolic link object.
- * ARGUMENTS:
- * SymbolicLinkHandle = Handle to the symbolic link object
- * LinkTarget = resolved name of link
- * DataWritten = size of the LinkName.
- * RETURNS: Status
- *
-*/
-NTSTATUS
-STDCALL
-NtQuerySymbolicLinkObject(
- IN HANDLE SymLinkObjHandle,
- OUT PUNICODE_STRING LinkTarget,
- OUT PULONG DataWritten OPTIONAL
- );
-
-NTSTATUS
-STDCALL
-ZwQuerySymbolicLinkObject(
- IN HANDLE SymLinkObjHandle,
- OUT PUNICODE_STRING LinkName,
- OUT PULONG DataWritten OPTIONAL
- );
-
-
-/*
- * FUNCTION: Queries a system environment variable.
- * ARGUMENTS:
- * Name = Name of the variable
- * Value (OUT) = value of the variable
- * Length = size of the buffer
- * ReturnLength = data written
- * RETURNS: Status
- *
-*/
-NTSTATUS
-STDCALL
-NtQuerySystemEnvironmentValue(
- IN PUNICODE_STRING Name,
- OUT PVOID Value,
- ULONG Length,
- PULONG ReturnLength
- );
-
-NTSTATUS
-STDCALL
-ZwQuerySystemEnvironmentValue(
- IN PUNICODE_STRING Name,
- OUT PVOID Value,
- ULONG Length,
- PULONG ReturnLength
- );
-
-
-/*
- * FUNCTION: Queries the system information.
- * ARGUMENTS:
- * SystemInformationClass = Index to a certain information structure
-
- SystemTimeAdjustmentInformation SYSTEM_TIME_ADJUSTMENT
- SystemCacheInformation SYSTEM_CACHE_INFORMATION
- SystemConfigurationInformation CONFIGURATION_INFORMATION
-
- * SystemInformation = caller supplies storage for the information structure
- * Length = size of the structure
- ResultLength = Data written
- * RETURNS: Status
- *
-*/
-NTSTATUS
-STDCALL
-NtQuerySystemInformation(
- IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
- OUT PVOID SystemInformation,
- IN ULONG Length,
- OUT PULONG ResultLength
- );
-
-NTSTATUS
-STDCALL
-ZwQuerySystemInformation(
- IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
- OUT PVOID SystemInformation,
- IN ULONG Length,
- OUT PULONG ResultLength
- );
-
-/*
- * FUNCTION: Retrieves the system time
- * ARGUMENTS:
- * CurrentTime (OUT) = Caller should supply storage for the resulting time.
- * RETURNS: Status
- *
-*/
-
-NTSTATUS
-STDCALL
-NtQuerySystemTime (
- OUT TIME *CurrentTime
- );
-
-NTSTATUS
-STDCALL
-ZwQuerySystemTime (
- OUT TIME *CurrentTime
- );
-
-/*
- * FUNCTION: Queries information about a timer
- * ARGUMENTS:
- * TimerHandle = Handle to the timer
- TimerValueInformationClass = Index to a certain information structure
- TimerValueInformation = Caller supplies storage for the information structure
- Length = Size of the information structure
- ResultLength = Data written
- * RETURNS: Status
- *
-*/
-NTSTATUS
-STDCALL
-NtQueryTimer(
- IN HANDLE TimerHandle,
- IN CINT TimerInformationClass,
- OUT PVOID TimerInformation,
- IN ULONG Length,
- OUT PULONG ResultLength
- );
-NTSTATUS
-STDCALL
-ZwQueryTimer(
- IN HANDLE TimerHandle,
- IN CINT TimerInformationClass,
- OUT PVOID TimerInformation,
- IN ULONG Length,
- OUT PULONG ResultLength
- );
-
-/*
- * FUNCTION: Queries the timer resolution
- * ARGUMENTS:
- * MinimumResolution (OUT) = Caller should supply storage for the resulting time.
- Maximum Resolution (OUT) = Caller should supply storage for the resulting time.
- ActualResolution (OUT) = Caller should supply storage for the resulting time.
- * RETURNS: Status
- *
-*/
-
-
-NTSTATUS
-STDCALL
-NtQueryTimerResolution (
- OUT PULONG MinimumResolution,
- OUT PULONG MaximumResolution,
- OUT PULONG ActualResolution
- );
-
-NTSTATUS
-STDCALL
-ZwQueryTimerResolution (
- OUT PULONG MinimumResolution,
- OUT PULONG MaximumResolution,
- OUT PULONG ActualResolution
- );
-
-/*
- * FUNCTION: Queries a registry key value
- * ARGUMENTS:
- * KeyHandle = Handle to the registry key
- ValueName = Name of the value in the registry key
- KeyValueInformationClass = Index to a certain information structure
-
- KeyValueBasicInformation = KEY_VALUE_BASIC_INFORMATION
- KeyValueFullInformation = KEY_FULL_INFORMATION
- KeyValuePartialInformation = KEY_VALUE_PARTIAL_INFORMATION
-
- KeyValueInformation = Caller supplies storage for the information structure
- Length = Size of the information structure
- ResultLength = Data written
- * RETURNS: Status
- *
-*/
-NTSTATUS
-STDCALL
-NtQueryValueKey(
- IN HANDLE KeyHandle,
- IN PUNICODE_STRING ValueName,
- IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass,
- OUT PVOID KeyValueInformation,
- IN ULONG Length,
- OUT PULONG ResultLength
- );
-
-NTSTATUS
-STDCALL
-ZwQueryValueKey(
- IN HANDLE KeyHandle,
- IN PUNICODE_STRING ValueName,
- IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass,
- OUT PVOID KeyValueInformation,
- IN ULONG Length,
- OUT PULONG ResultLength
- );
-
-
-
-
-/*
- * FUNCTION: Queries the virtual memory information.
- * ARGUMENTS:
- ProcessHandle = Process owning the virtual address space
- BaseAddress = Points to the page where the information is queried for.
- * VirtualMemoryInformationClass = Index to a certain information structure
-
- MemoryBasicInformation MEMORY_BASIC_INFORMATION
-
- * VirtualMemoryInformation = caller supplies storage for the information structure
- * Length = size of the structure
- ResultLength = Data written
- * RETURNS: Status
- *
-*/
-
-NTSTATUS
-STDCALL
-NtQueryVirtualMemory(
- IN HANDLE ProcessHandle,
- IN PVOID Address,
- IN IN CINT VirtualMemoryInformationClass,
- OUT PVOID VirtualMemoryInformation,
- IN ULONG Length,
- OUT PULONG ResultLength
- );
-NTSTATUS
-STDCALL
-ZwQueryVirtualMemory(
- IN HANDLE ProcessHandle,
- IN PVOID Address,
- IN IN CINT VirtualMemoryInformationClass,
- OUT PVOID VirtualMemoryInformation,
- IN ULONG Length,
- OUT PULONG ResultLength
- );
-
-/*
- * FUNCTION: Queries the volume information
- * ARGUMENTS:
- * FileHandle = Handle to a file object on the target volume
- * IoStatusBlock = Caller should supply storage for additional status information
- * ReturnLength = DataWritten
- * FsInformation = Caller should supply storage for the information structure.
- * Length = Size of the information structure
- * FsInformationClass = Index to a information structure
-
- FileFsVolumeInformation FILE_FS_VOLUME_INFORMATION
- FileFsLabelInformation FILE_FS_LABEL_INFORMATION
- FileFsSizeInformation FILE_FS_SIZE_INFORMATION
- FileFsDeviceInformation FILE_FS_DEVICE_INFORMATION
- FileFsAttributeInformation FILE_FS_ATTRIBUTE_INFORMATION
- FileFsControlInformation
- FileFsQuotaQueryInformation --
- FileFsQuotaSetInformation --
- FileFsMaximumInformation
-
- * RETURNS: Status [ STATUS_SUCCESS | STATUS_INSUFFICIENT_RESOURCES | STATUS_INVALID_PARAMETER |
- STATUS_INVALID_DEVICE_REQUEST | STATUS_BUFFER_OVERFLOW ]
- *
-*/
-NTSTATUS
-STDCALL
-NtQueryVolumeInformationFile(
- IN HANDLE FileHandle,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- OUT PVOID FsInformation,
- IN ULONG Length,
- IN FS_INFORMATION_CLASS FsInformationClass
- );
-
-NTSTATUS
-STDCALL
-ZwQueryVolumeInformationFile(
- IN HANDLE FileHandle,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- OUT PVOID FsInformation,
- IN ULONG Length,
- IN FS_INFORMATION_CLASS FsInformationClass
- );
-// draft
-// FIXME: Should I specify if the apc is user or kernel mode somewhere ??
-/*
- * FUNCTION: Queues a (user) apc to a thread.
- * ARGUMENTS:
- ThreadHandle = Thread to which the apc is queued.
- ApcRoutine = Points to the apc routine
- NormalContext = Argument to Apc Routine
- * SystemArgument1 = Argument of the Apc Routine
- SystemArgument2 = Argument of the Apc Routine
- * REMARK: If the apc is queued against a thread of a different process than the calling thread
- the apc routine should be specified in the address space of the queued thread's process.
- * RETURNS: Status
-*/
-
-NTSTATUS
-STDCALL
-NtQueueApcThread(
- HANDLE ThreadHandle,
- PKNORMAL_ROUTINE ApcRoutine,
- PVOID NormalContext,
- PVOID SystemArgument1,
- PVOID SystemArgument2);
-
-NTSTATUS
-STDCALL
-ZwQueueApcThread(
- HANDLE ThreadHandle,
- PKNORMAL_ROUTINE ApcRoutine,
- PVOID NormalContext,
- PVOID SystemArgument1,
- PVOID SystemArgument2);
-
-
-/*
- * FUNCTION: Raises an exception
- * ARGUMENTS:
- * ExceptionRecord = Structure specifying the exception
- * Context = Context in which the excpetion is raised
- * IsDebugger =
- * RETURNS: Status
- *
-*/
-
-NTSTATUS
-STDCALL
-NtRaiseException(
- IN PEXCEPTION_RECORD ExceptionRecord,
- IN PCONTEXT Context,
- IN BOOLEAN SearchFrames
- );
-
-NTSTATUS
-STDCALL
-ZwRaiseException(
- IN PEXCEPTION_RECORD ExceptionRecord,
- IN PCONTEXT Context,
- IN BOOLEAN SearchFrames
- );
-
-/*
- * FUNCTION: Raises a hard error (stops the system)
- * ARGUMENTS:
- * Status = Status code of the hard error
- * Unknown2 = ??
- * Unknown3 = ??
- * Unknown4 = ??
- * Unknown5 = ??
- * Unknown6 = ??
- * RETURNS: Status
- *
- */
-
-NTSTATUS
-STDCALL
-NtRaiseHardError(
- IN NTSTATUS Status,
- ULONG Unknown2,
- ULONG Unknown3,
- ULONG Unknown4,
- ULONG Unknown5,
- ULONG Unknown6
- );
-
-NTSTATUS
-STDCALL
-ZwRaiseHardError(
- IN NTSTATUS Status,
- ULONG Unknown2,
- ULONG Unknown3,
- ULONG Unknown4,
- ULONG Unknown5,
- ULONG Unknown6
- );
-
-/*
- * FUNCTION: Read a file
- * ARGUMENTS:
- * FileHandle = Handle of a file to read
- * Event = This event is signalled when the read operation completes
- * UserApcRoutine = Call back , if supplied Event should be NULL
- * UserApcContext = Argument to the callback
- * IoStatusBlock = Caller should supply storage for additional status information
- * Buffer = Caller should supply storage to receive the information
- * BufferLength = Size of the buffer
- * ByteOffset = Offset to start reading the file
- * Key = If a range is lock a matching key will allow the read to continue.
- * RETURNS: Status
- *
- */
-
-NTSTATUS
-STDCALL
-NtReadFile(
- IN HANDLE FileHandle,
- IN HANDLE Event OPTIONAL,
- IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL,
- IN PVOID UserApcContext OPTIONAL,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- OUT PVOID Buffer,
- IN ULONG BufferLength,
- IN PLARGE_INTEGER ByteOffset OPTIONAL,
- IN PULONG Key OPTIONAL
- );
-
-NTSTATUS
-STDCALL
-ZwReadFile(
- IN HANDLE FileHandle,
- IN HANDLE Event OPTIONAL,
- IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL,
- IN PVOID UserApcContext OPTIONAL,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- OUT PVOID Buffer,
- IN ULONG BufferLength,
- IN PLARGE_INTEGER ByteOffset OPTIONAL,
- IN PULONG Key OPTIONAL
- );
-/*
- * FUNCTION: Read a file using scattered io
- * ARGUMENTS:
- FileHandle = Handle of a file to read
- Event = This event is signalled when the read operation completes
- * UserApcRoutine = Call back , if supplied Event should be NULL
- UserApcContext = Argument to the callback
- IoStatusBlock = Caller should supply storage for additional status information
- BufferDescription = Caller should supply storage to receive the information
- BufferLength = Size of the buffer
- ByteOffset = Offset to start reading the file
- Key = Key = If a range is lock a matching key will allow the read to continue.
- * RETURNS: Status
- *
-*/
-NTSTATUS
-STDCALL
-NtReadFileScatter(
- IN HANDLE FileHandle,
- IN HANDLE Event OPTIONAL,
- IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL,
- IN PVOID UserApcContext OPTIONAL,
- OUT PIO_STATUS_BLOCK UserIoStatusBlock,
- IN FILE_SEGMENT_ELEMENT BufferDescription[],
- IN ULONG BufferLength,
- IN PLARGE_INTEGER ByteOffset,
- IN PULONG Key OPTIONAL
- );
-
-NTSTATUS
-STDCALL
-ZwReadFileScatter(
- IN HANDLE FileHandle,
- IN HANDLE Event OPTIONAL,
- IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL,
- IN PVOID UserApcContext OPTIONAL,
- OUT PIO_STATUS_BLOCK UserIoStatusBlock,
- IN FILE_SEGMENT_ELEMENT BufferDescription[],
- IN ULONG BufferLength,
- IN PLARGE_INTEGER ByteOffset,
- IN PULONG Key OPTIONAL
- );
-/*
- * FUNCTION: Copies a range of virtual memory to a buffer
- * ARGUMENTS:
- * ProcessHandle = Specifies the process owning the virtual address space
- * BaseAddress = Points to the address of virtual memory to start the read
- * Buffer = Caller supplies storage to copy the virtual memory to.
- * NumberOfBytesToRead = Limits the range to read
- * NumberOfBytesRead = The actual number of bytes read.
- * RETURNS: Status
- */
-
-NTSTATUS
-STDCALL
-NtReadVirtualMemory(
- IN HANDLE ProcessHandle,
- IN PVOID BaseAddress,
- OUT PVOID Buffer,
- IN ULONG NumberOfBytesToRead,
- OUT PULONG NumberOfBytesRead
- );
-NTSTATUS
-STDCALL
-ZwReadVirtualMemory(
- IN HANDLE ProcessHandle,
- IN PVOID BaseAddress,
- OUT PVOID Buffer,
- IN ULONG NumberOfBytesToRead,
- OUT PULONG NumberOfBytesRead
- );
-
-
-/*
- * FUNCTION: Debugger can register for thread termination
- * ARGUMENTS:
- * TerminationPort = Port on which the debugger likes to be notified.
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtRegisterThreadTerminatePort(
- HANDLE TerminationPort
- );
-NTSTATUS
-STDCALL
-ZwRegisterThreadTerminatePort(
- HANDLE TerminationPort
- );
-
-/*
- * FUNCTION: Releases a mutant
- * ARGUMENTS:
- * MutantHandle = Handle to the mutant
- * ReleaseCount =
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtReleaseMutant(
- IN HANDLE MutantHandle,
- IN PULONG ReleaseCount OPTIONAL
- );
-
-NTSTATUS
-STDCALL
-ZwReleaseMutant(
- IN HANDLE MutantHandle,
- IN PULONG ReleaseCount OPTIONAL
- );
-
-/*
- * FUNCTION: Releases a semaphore
- * ARGUMENTS:
- * SemaphoreHandle = Handle to the semaphore object
- * ReleaseCount = Number to decrease the semaphore count
- * PreviousCount = Previous semaphore count
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtReleaseSemaphore(
- IN HANDLE SemaphoreHandle,
- IN LONG ReleaseCount,
- OUT PLONG PreviousCount
- );
-
-NTSTATUS
-STDCALL
-ZwReleaseSemaphore(
- IN HANDLE SemaphoreHandle,
- IN LONG ReleaseCount,
- OUT PLONG PreviousCount
- );
-
-/*
- * FUNCTION: Removes an io completion
- * ARGUMENTS:
- * CompletionPort (OUT) = Caller supplied storage for the resulting handle
- * CompletionKey = Requested access to the key
- * IoStatusBlock = Caller provides storage for extended status information
- * CompletionStatus = Current status of the io operation.
- * WaitTime = Time to wait if ..
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtRemoveIoCompletion(
- IN HANDLE CompletionPort,
- OUT PULONG CompletionKey,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- OUT PULONG CompletionStatus,
- IN PLARGE_INTEGER WaitTime
- );
-
-NTSTATUS
-STDCALL
-ZwRemoveIoCompletion(
- IN HANDLE CompletionPort,
- OUT PULONG CompletionKey,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- OUT PULONG CompletionStatus,
- IN PLARGE_INTEGER WaitTime
- );
-/*
- * FUNCTION: Replaces one registry key with another
- * ARGUMENTS:
- * ObjectAttributes = Specifies the attributes of the key
- * Key = Handle to the key
- * ReplacedObjectAttributes = The function returns the old object attributes
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtReplaceKey(
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN HANDLE Key,
- IN POBJECT_ATTRIBUTES ReplacedObjectAttributes
- );
-NTSTATUS
-STDCALL
-ZwReplaceKey(
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN HANDLE Key,
- IN POBJECT_ATTRIBUTES ReplacedObjectAttributes
- );
-
-/*
- * FUNCTION: Resets a event to a non signaled state
- * ARGUMENTS:
- * EventHandle = Handle to the event that should be reset
- * NumberOfWaitingThreads = The number of threads released.
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtResetEvent(
- HANDLE EventHandle,
- PULONG NumberOfWaitingThreads OPTIONAL
- );
-NTSTATUS
-STDCALL
-ZwResetEvent(
- HANDLE EventHandle,
- PULONG NumberOfWaitingThreads OPTIONAL
- );
-//draft
-NTSTATUS
-STDCALL
-NtRestoreKey(
- HANDLE KeyHandle,
- HANDLE FileHandle,
- ULONG RestoreFlags
- );
-
-NTSTATUS
-STDCALL
-ZwRestoreKey(
- HANDLE KeyHandle,
- HANDLE FileHandle,
- ULONG RestoreFlags
- );
-/*
- * FUNCTION: Decrements a thread's resume count
- * ARGUMENTS:
- * ThreadHandle = Handle to the thread that should be resumed
- * ResumeCount = The resulting resume count.
- * REMARK:
- * A thread is resumed if its suspend count is 0. This procedure maps to
- * the win32 ResumeThread function. ( documentation about the the suspend count can be found here aswell )
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtResumeThread(
- IN HANDLE ThreadHandle,
- OUT PULONG SuspendCount
- );
-NTSTATUS
-STDCALL
-ZwResumeThread(
- IN HANDLE ThreadHandle,
- OUT PULONG SuspendCount
- );
-/*
- * FUNCTION: Writes the content of a registry key to ascii file
- * ARGUMENTS:
- * KeyHandle = Handle to the key
- * FileHandle = Handle of the file
- * REMARKS:
- This function maps to the Win32 RegSaveKey.
- * RETURNS: Status
- */
-
-NTSTATUS
-STDCALL
-NtSaveKey(
- IN HANDLE KeyHandle,
- IN HANDLE FileHandle
- );
-NTSTATUS
-STDCALL
-ZwSaveKey(
- IN HANDLE KeyHandle,
- IN HANDLE FileHandle
- );
-
-/*
- * FUNCTION: Sets the context of a specified thread.
- * ARGUMENTS:
- * ThreadHandle = Handle to the thread
- * Context = The processor context.
- * RETURNS: Status
- */
-
-NTSTATUS
-STDCALL
-NtSetContextThread(
- IN HANDLE ThreadHandle,
- IN PCONTEXT Context
- );
-NTSTATUS
-STDCALL
-ZwSetContextThread(
- IN HANDLE ThreadHandle,
- IN PCONTEXT Context
- );
-
-/*
- * FUNCTION: Sets the default locale id
- * ARGUMENTS:
- * UserProfile = Type of locale id
- * TRUE: thread locale id
- * FALSE: system locale id
- * DefaultLocaleId = Locale id
- * RETURNS: Status
- */
-
-NTSTATUS
-STDCALL
-NtSetDefaultLocale(
- IN BOOLEAN UserProfile,
- IN LCID DefaultLocaleId
- );
-
-NTSTATUS
-STDCALL
-ZwSetDefaultLocale(
- IN BOOLEAN UserProfile,
- IN LCID DefaultLocaleId
- );
-
-/*
- * FUNCTION: Sets the default hard error port
- * ARGUMENTS:
- * PortHandle = Handle to the port
- * NOTE: The hard error port is used for first change exception handling
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtSetDefaultHardErrorPort(
- IN HANDLE PortHandle
- );
-NTSTATUS
-STDCALL
-ZwSetDefaultHardErrorPort(
- IN HANDLE PortHandle
- );
-
-/*
- * FUNCTION: Sets the extended attributes of a file.
- * ARGUMENTS:
- * FileHandle = Handle to the file
- * IoStatusBlock = Storage for a resulting status and information
- * on the current operation.
- * EaBuffer = Extended Attributes buffer.
- * EaBufferSize = Size of the extended attributes buffer
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtSetEaFile(
- IN HANDLE FileHandle,
- IN PIO_STATUS_BLOCK IoStatusBlock,
- PVOID EaBuffer,
- ULONG EaBufferSize
- );
-NTSTATUS
-STDCALL
-ZwSetEaFile(
- IN HANDLE FileHandle,
- IN PIO_STATUS_BLOCK IoStatusBlock,
- PVOID EaBuffer,
- ULONG EaBufferSize
- );
-
-//FIXME: should I return the event state ?
-
-/*
- * FUNCTION: Sets the event to a signalled state.
- * ARGUMENTS:
- * EventHandle = Handle to the event
- * NumberOfThreadsReleased = The number of threads released
- * REMARK:
- * This procedure maps to the win32 SetEvent function.
- * RETURNS: Status
- */
-
-NTSTATUS
-STDCALL
-NtSetEvent(
- IN HANDLE EventHandle,
- PULONG NumberOfThreadsReleased
- );
-
-NTSTATUS
-STDCALL
-ZwSetEvent(
- IN HANDLE EventHandle,
- PULONG NumberOfThreadsReleased
- );
-
-/*
- * FUNCTION: Sets the high part of an event pair
- * ARGUMENTS:
- EventPair = Handle to the event pair
- * RETURNS: Status
-*/
-
-NTSTATUS
-STDCALL
-NtSetHighEventPair(
- IN HANDLE EventPairHandle
- );
-
-NTSTATUS
-STDCALL
-ZwSetHighEventPair(
- IN HANDLE EventPairHandle
- );
-/*
- * FUNCTION: Sets the high part of an event pair and wait for the low part
- * ARGUMENTS:
- EventPair = Handle to the event pair
- * RETURNS: Status
-*/
-NTSTATUS
-STDCALL
-NtSetHighWaitLowEventPair(
- IN HANDLE EventPairHandle
- );
-NTSTATUS
-STDCALL
-ZwSetHighWaitLowEventPair(
- IN HANDLE EventPairHandle
- );
-
-/*
- * FUNCTION: Sets the information of a file object.
- * ARGUMENTS:
- * FileHandle = Handle to the file object
- * IoStatusBlock = Caller supplies storage for extended information
- * on the current operation.
- * FileInformation = Storage for the new file information
- * Lenght = Size of the new file information.
- * FileInformationClass = Indicates to a certain information structure
-
- FileNameInformation FILE_NAME_INFORMATION
- FileRenameInformation FILE_RENAME_INFORMATION
- FileStreamInformation FILE_STREAM_INFORMATION
- * FileCompletionInformation IO_COMPLETION_CONTEXT
-
- * REMARK:
- * This procedure maps to the win32 SetEndOfFile, SetFileAttributes,
- * SetNamedPipeHandleState, SetMailslotInfo functions.
- * RETURNS: Status
- */
-
-
-NTSTATUS
-STDCALL
-NtSetInformationFile(
- IN HANDLE FileHandle,
- IN PIO_STATUS_BLOCK IoStatusBlock,
- IN PVOID FileInformation,
- IN ULONG Length,
- IN FILE_INFORMATION_CLASS FileInformationClass
- );
-NTSTATUS
-STDCALL
-ZwSetInformationFile(
- IN HANDLE FileHandle,
- IN PIO_STATUS_BLOCK IoStatusBlock,
- IN PVOID FileInformation,
- IN ULONG Length,
- IN FILE_INFORMATION_CLASS FileInformationClass
- );
-
-
-
-/*
- * FUNCTION: Sets the information of a registry key.
- * ARGUMENTS:
- * KeyHandle = Handle to the registry key
- * KeyInformationClass = Index to the a certain information structure.
- Can be one of the following values:
-
- * KeyWriteTimeInformation KEY_WRITE_TIME_INFORMATION
-
- KeyInformation = Storage for the new information
- * KeyInformationLength = Size of the information strucure
- * RETURNS: Status
- */
-
-NTSTATUS
-STDCALL
-NtSetInformationKey(
- IN HANDLE KeyHandle,
- IN CINT KeyInformationClass,
- IN PVOID KeyInformation,
- IN ULONG KeyInformationLength
- );
-
-NTSTATUS
-STDCALL
-ZwSetInformationKey(
- IN HANDLE KeyHandle,
- IN CINT KeyInformationClass,
- IN PVOID KeyInformation,
- IN ULONG KeyInformationLength
- );
-/*
- * FUNCTION: Changes a set of object specific parameters
- * ARGUMENTS:
- * ObjectHandle =
- * ObjectInformationClass = Index to the set of parameters to change.
-
-
- ObjectBasicInformation
- ObjectTypeInformation OBJECT_TYPE_INFORMATION
- ObjectAllInformation
- ObjectDataInformation OBJECT_DATA_INFORMATION
- ObjectNameInformation OBJECT_NAME_INFORMATION
-
-
- * ObjectInformation = Caller supplies storage for parameters to set.
- * Length = Size of the storage supplied
- * RETURNS: Status
-*/
-NTSTATUS
-STDCALL
-NtSetInformationObject(
- IN HANDLE ObjectHandle,
- IN CINT ObjectInformationClass,
- IN PVOID ObjectInformation,
- IN ULONG Length
- );
-
-NTSTATUS
-STDCALL
-ZwSetInformationObject(
- IN HANDLE ObjectHandle,
- IN CINT ObjectInformationClass,
- IN PVOID ObjectInformation,
- IN ULONG Length
- );
-
-/*
- * FUNCTION: Changes a set of process specific parameters
- * ARGUMENTS:
- * ProcessHandle = Handle to the process
- * ProcessInformationClass = Index to a information structure.
- *
- * ProcessBasicInformation PROCESS_BASIC_INFORMATION
- * ProcessQuotaLimits QUOTA_LIMITS
- * ProcessBasePriority KPRIORITY
- * ProcessRaisePriority KPRIORITY
- * ProcessDebugPort HANDLE
- * ProcessExceptionPort HANDLE
- * ProcessAccessToken PROCESS_ACCESS_TOKEN
- * ProcessDefaultHardErrorMode ULONG
- * ProcessPriorityClass ULONG
- * ProcessAffinityMask KAFFINITY //??
- *
- * ProcessInformation = Caller supplies storage for information to set.
- * ProcessInformationLength = Size of the information structure
- * RETURNS: Status
-*/
-NTSTATUS
-STDCALL
-NtSetInformationProcess(
- IN HANDLE ProcessHandle,
- IN CINT ProcessInformationClass,
- IN PVOID ProcessInformation,
- IN ULONG ProcessInformationLength
- );
-NTSTATUS
-STDCALL
-ZwSetInformationProcess(
- IN HANDLE ProcessHandle,
- IN CINT ProcessInformationClass,
- IN PVOID ProcessInformation,
- IN ULONG ProcessInformationLength
- );
-/*
- * FUNCTION: Changes a set of thread specific parameters
- * ARGUMENTS:
- * ThreadHandle = Handle to the thread
- * ThreadInformationClass = Index to the set of parameters to change.
- * Can be one of the following values:
- *
- * ThreadBasicInformation THREAD_BASIC_INFORMATION
- * ThreadPriority KPRIORITY //???
- * ThreadBasePriority KPRIORITY
- * ThreadAffinityMask KAFFINITY //??
- * ThreadImpersonationToken ACCESS_TOKEN
- * ThreadIdealProcessor ULONG
- * ThreadPriorityBoost ULONG
- *
- * ThreadInformation = Caller supplies storage for parameters to set.
- * ThreadInformationLength = Size of the storage supplied
- * RETURNS: Status
-*/
-NTSTATUS
-STDCALL
-NtSetInformationThread(
- IN HANDLE ThreadHandle,
- IN THREADINFOCLASS ThreadInformationClass,
- IN PVOID ThreadInformation,
- IN ULONG ThreadInformationLength
- );
-NTSTATUS
-STDCALL
-ZwSetInformationThread(
- IN HANDLE ThreadHandle,
- IN THREADINFOCLASS ThreadInformationClass,
- IN PVOID ThreadInformation,
- IN ULONG ThreadInformationLength
- );
-
-/*
- * FUNCTION: Changes a set of token specific parameters
- * ARGUMENTS:
- * TokenHandle = Handle to the token
- * TokenInformationClass = Index to a certain information structure.
- * Can be one of the following values:
- *
- TokenUser TOKEN_USER
- TokenGroups TOKEN_GROUPS
- TokenPrivileges TOKEN_PRIVILEGES
- TokenOwner TOKEN_OWNER
- TokenPrimaryGroup TOKEN_PRIMARY_GROUP
- TokenDefaultDacl TOKEN_DEFAULT_DACL
- TokenSource TOKEN_SOURCE
- TokenType TOKEN_TYPE
- TokenImpersonationLevel TOKEN_IMPERSONATION_LEVEL
- TokenStatistics TOKEN_STATISTICS
- *
- * TokenInformation = Caller supplies storage for information structure.
- * TokenInformationLength = Size of the information structure
- * RETURNS: Status
-*/
-
-NTSTATUS
-STDCALL
-NtSetInformationToken(
- IN HANDLE TokenHandle,
- IN TOKEN_INFORMATION_CLASS TokenInformationClass,
- OUT PVOID TokenInformation,
- IN ULONG TokenInformationLength
- );
-
-NTSTATUS
-STDCALL
-ZwSetInformationToken(
- IN HANDLE TokenHandle,
- IN TOKEN_INFORMATION_CLASS TokenInformationClass,
- OUT PVOID TokenInformation,
- IN ULONG TokenInformationLength
- );
-
-
-/*
- * FUNCTION: Sets an io completion
- * ARGUMENTS:
- * CompletionPort =
- * CompletionKey =
- * IoStatusBlock =
- * NumberOfBytesToTransfer =
- * NumberOfBytesTransferred =
- * RETURNS: Status
-*/
-NTSTATUS
-STDCALL
-NtSetIoCompletion(
- IN HANDLE CompletionPort,
- IN ULONG CompletionKey,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN ULONG NumberOfBytesToTransfer,
- OUT PULONG NumberOfBytesTransferred
- );
-NTSTATUS
-STDCALL
-ZwSetIoCompletion(
- IN HANDLE CompletionPort,
- IN ULONG CompletionKey,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN ULONG NumberOfBytesToTransfer,
- OUT PULONG NumberOfBytesTransferred
- );
-
-/*
- * FUNCTION: Set properties for profiling
- * ARGUMENTS:
- * Interval =
- * ClockSource =
- * RETURNS: Status
- *
- */
-
-NTSTATUS
-STDCALL
-NtSetIntervalProfile(
- ULONG Interval,
- KPROFILE_SOURCE ClockSource
- );
-
-NTSTATUS
-STDCALL
-ZwSetIntervalProfile(
- ULONG Interval,
- KPROFILE_SOURCE ClockSource
- );
-
-
-/*
- * FUNCTION: Sets the low part of an event pair
- * ARGUMENTS:
- EventPair = Handle to the event pair
- * RETURNS: Status
-*/
-
-NTSTATUS
-STDCALL
-NtSetLowEventPair(
- HANDLE EventPair
- );
-NTSTATUS
-STDCALL
-ZwSetLowEventPair(
- HANDLE EventPair
- );
-/*
- * FUNCTION: Sets the low part of an event pair and wait for the high part
- * ARGUMENTS:
- EventPair = Handle to the event pair
- * RETURNS: Status
-*/
-NTSTATUS
-STDCALL
-NtSetLowWaitHighEventPair(
- HANDLE EventPair
- );
-NTSTATUS
-STDCALL
-ZwSetLowWaitHighEventPair(
- HANDLE EventPair
- );
-
-NTSTATUS
-STDCALL
-NtSetSecurityObject(
- IN HANDLE Handle,
- IN SECURITY_INFORMATION SecurityInformation,
- IN PSECURITY_DESCRIPTOR SecurityDescriptor
- );
-
-NTSTATUS
-STDCALL
-ZwSetSecurityObject(
- IN HANDLE Handle,
- IN SECURITY_INFORMATION SecurityInformation,
- IN PSECURITY_DESCRIPTOR SecurityDescriptor
- );
-
-
-/*
- * FUNCTION: Sets a system environment variable
- * ARGUMENTS:
- * ValueName = Name of the environment variable
- * Value = Value of the environment variable
- * RETURNS: Status
-*/
-NTSTATUS
-STDCALL
-NtSetSystemEnvironmentValue(
- IN PUNICODE_STRING VariableName,
- IN PUNICODE_STRING Value
- );
-NTSTATUS
-STDCALL
-ZwSetSystemEnvironmentValue(
- IN PUNICODE_STRING VariableName,
- IN PUNICODE_STRING Value
- );
-/*
- * FUNCTION: Sets system parameters
- * ARGUMENTS:
- * SystemInformationClass = Index to a particular set of system parameters
- * Can be one of the following values:
- *
- * SystemTimeAdjustmentInformation SYSTEM_TIME_ADJUSTMENT
- *
- * SystemInformation = Structure containing the parameters.
- * SystemInformationLength = Size of the structure.
- * RETURNS: Status
-*/
-NTSTATUS
-STDCALL
-NtSetSystemInformation(
- IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
- IN PVOID SystemInformation,
- IN ULONG SystemInformationLength
- );
-
-NTSTATUS
-STDCALL
-ZwSetSystemInformation(
- IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
- IN PVOID SystemInformation,
- IN ULONG SystemInformationLength
- );
-
-/*
- * FUNCTION: Sets the system time
- * ARGUMENTS:
- * SystemTime = Old System time
- * NewSystemTime = New System time
- * RETURNS: Status
-*/
-NTSTATUS
-STDCALL
-NtSetSystemTime(
- IN PLARGE_INTEGER SystemTime,
- IN PLARGE_INTEGER NewSystemTime OPTIONAL
- );
-NTSTATUS
-STDCALL
-ZwSetSystemTime(
- IN PLARGE_INTEGER SystemTime,
- IN PLARGE_INTEGER NewSystemTime OPTIONAL
- );
-/*
- * FUNCTION: Sets the characteristics of a timer
- * ARGUMENTS:
- * TimerHandle = Handle to the timer
- * DueTime = Time before the timer becomes signalled for the first time.
- * TimerApcRoutine = Completion routine can be called on time completion
- * TimerContext = Argument to the completion routine
- * Resume = Specifies if the timer should repeated after completing one cycle
- * Period = Cycle of the timer
- * REMARKS: This routine maps to the win32 SetWaitableTimer.
- * RETURNS: Status
-*/
-NTSTATUS
-STDCALL
-NtSetTimer(
- IN HANDLE TimerHandle,
- IN PLARGE_INTEGER DueTime,
- IN PTIMERAPCROUTINE TimerApcRoutine,
- IN PVOID TimerContext,
- IN BOOL WakeTimer,
- IN ULONG Period OPTIONAL,
- OUT PBOOLEAN PreviousState OPTIONAL
- );
-NTSTATUS
-STDCALL
-ZwSetTimer(
- IN HANDLE TimerHandle,
- IN PLARGE_INTEGER DueTime,
- IN PTIMERAPCROUTINE TimerApcRoutine,
- IN PVOID TimerContext,
- IN BOOL WakeTimer,
- IN ULONG Period OPTIONAL,
- OUT PBOOLEAN PreviousState OPTIONAL
- );
-
-/*
- * FUNCTION: Sets the frequency of the system timer
- * ARGUMENTS:
- * RequestedResolution =
- * SetOrUnset =
- * ActualResolution =
- * RETURNS: Status
-*/
-NTSTATUS
-STDCALL
-NtSetTimerResolution(
- IN ULONG RequestedResolution,
- IN BOOL SetOrUnset,
- OUT PULONG ActualResolution
- );
-NTSTATUS
-STDCALL
-ZwSetTimerResolution(
- IN ULONG RequestedResolution,
- IN BOOL SetOrUnset,
- OUT PULONG ActualResolution
- );
-
-/*
- * FUNCTION: Sets the value of a registry key
- * ARGUMENTS:
- * KeyHandle = Handle to a registry key
- * ValueName = Name of the value entry to change
- * TitleIndex = pointer to a structure containing the new volume information
- * Type = Type of the registry key. Can be one of the values:
- * REG_BINARY Unspecified binary data
- * REG_DWORD A 32 bit value
- * REG_DWORD_LITTLE_ENDIAN Same as REG_DWORD
- * REG_DWORD_BIG_ENDIAN A 32 bit value whose least significant byte is at the highest address
- * REG_EXPAND_SZ A zero terminated wide character string with unexpanded environment variables ( "%PATH%" )
- * REG_LINK A zero terminated wide character string referring to a symbolic link.
- * REG_MULTI_SZ A series of zero-terminated strings including a additional trailing zero
- * REG_NONE Unspecified type
- * REG_SZ A wide character string ( zero terminated )
- * REG_RESOURCE_LIST ??
- * REG_RESOURCE_REQUIREMENTS_LIST ??
- * REG_FULL_RESOURCE_DESCRIPTOR ??
- * Data = Contains the data for the registry key.
- * DataSize = size of the data.
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtSetValueKey(
- IN HANDLE KeyHandle,
- IN PUNICODE_STRING ValueName,
- IN ULONG TitleIndex OPTIONAL,
- IN ULONG Type,
- IN PVOID Data,
- IN ULONG DataSize
- );
-NTSTATUS
-STDCALL
-ZwSetValueKey(
- IN HANDLE KeyHandle,
- IN PUNICODE_STRING ValueName,
- IN ULONG TitleIndex OPTIONAL,
- IN ULONG Type,
- IN PVOID Data,
- IN ULONG DataSize
- );
-
-/*
- * FUNCTION: Sets the volume information.
- * ARGUMENTS:
- * FileHandle = Handle to the file
- * IoStatusBlock = Caller should supply storage for additional status information
- * VolumeInformation = pointer to a structure containing the new volume information
- * Length = size of the structure.
- * VolumeInformationClass = specifies the particular volume information to set
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtSetVolumeInformationFile(
- IN HANDLE FileHandle,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN PVOID FsInformation,
- IN ULONG Length,
- IN FS_INFORMATION_CLASS FsInformationClass
- );
-
-NTSTATUS
-STDCALL
-ZwSetVolumeInformationFile(
- IN HANDLE FileHandle,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN PVOID FsInformation,
- IN ULONG Length,
- IN FS_INFORMATION_CLASS FsInformationClass
- );
-
-/*
- * FUNCTION: Shuts the system down
- * ARGUMENTS:
- * Action = Specifies the type of shutdown, it can be one of the following values:
- * ShutdownNoReboot, ShutdownReboot, ShutdownPowerOff
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtShutdownSystem(
- IN SHUTDOWN_ACTION Action
- );
-
-NTSTATUS
-STDCALL
-ZwShutdownSystem(
- IN SHUTDOWN_ACTION Action
- );
-
-
-/* --- PROFILING --- */
-
-/*
- * FUNCTION: Starts profiling
- * ARGUMENTS:
- * ProfileHandle = Handle to the profile
- * RETURNS: Status
- */
-
-NTSTATUS
-STDCALL
-NtStartProfile(
- HANDLE ProfileHandle
- );
-
-NTSTATUS
-STDCALL
-ZwStartProfile(
- HANDLE ProfileHandle
- );
-
-/*
- * FUNCTION: Stops profiling
- * ARGUMENTS:
- * ProfileHandle = Handle to the profile
- * RETURNS: Status
- */
-
-NTSTATUS
-STDCALL
-NtStopProfile(
- HANDLE ProfileHandle
- );
-
-NTSTATUS
-STDCALL
-ZwStopProfile(
- HANDLE ProfileHandle
- );
-
-/* --- PROCESS MANAGEMENT --- */
-
-//--NtSystemDebugControl
-/*
- * FUNCTION: Terminates the execution of a process.
- * ARGUMENTS:
- * ThreadHandle = Handle to the process
- * ExitStatus = The exit status of the process to terminate with.
- * REMARKS
- Native applications should kill themselves using this function.
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtTerminateProcess(
- IN HANDLE ProcessHandle ,
- IN NTSTATUS ExitStatus
- );
-NTSTATUS
-STDCALL
-ZwTerminateProcess(
- IN HANDLE ProcessHandle ,
- IN NTSTATUS ExitStatus
- );
-
-/* --- DEVICE DRIVER CONTROL --- */
-
-/*
- * FUNCTION: Unloads a driver.
- * ARGUMENTS:
- * DriverServiceName = Name of the driver to unload
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtUnloadDriver(
- IN PUNICODE_STRING DriverServiceName
- );
-NTSTATUS
-STDCALL
-ZwUnloadDriver(
- IN PUNICODE_STRING DriverServiceName
- );
-
-/* --- VIRTUAL MEMORY MANAGEMENT --- */
-
-/*
- * FUNCTION: Writes a range of virtual memory
- * ARGUMENTS:
- * ProcessHandle = The handle to the process owning the address space.
- * BaseAddress = The points to the address to write to
- * Buffer = Pointer to the buffer to write
- * NumberOfBytesToWrite = Offset to the upper boundary to write
- * NumberOfBytesWritten = Total bytes written
- * REMARKS:
- * This function maps to the win32 WriteProcessMemory
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtWriteVirtualMemory(
- IN HANDLE ProcessHandle,
- IN PVOID BaseAddress,
- IN PVOID Buffer,
- IN ULONG NumberOfBytesToWrite,
- OUT PULONG NumberOfBytesWritten
- );
-
-NTSTATUS
-STDCALL
-ZwWriteVirtualMemory(
- IN HANDLE ProcessHandle,
- IN PVOID BaseAddress,
- IN PVOID Buffer,
- IN ULONG NumberOfBytesToWrite,
- OUT PULONG NumberOfBytesWritten
- );
-
-/*
- * FUNCTION: Unlocks a range of virtual memory.
- * ARGUMENTS:
- * ProcessHandle = Handle to the process
- * BaseAddress = Lower boundary of the range of bytes to unlock.
- * NumberOfBytesToUnlock = Offset to the upper boundary to unlock.
- * NumberOfBytesUnlocked (OUT) = Number of bytes actually unlocked.
- * REMARK:
- This procedure maps to the win32 procedure VirtualUnlock
- * RETURNS: Status [ STATUS_SUCCESS | STATUS_PAGE_WAS_ULOCKED ]
- */
-NTSTATUS
-STDCALL
-NtUnlockVirtualMemory(
- IN HANDLE ProcessHandle,
- IN PVOID BaseAddress,
- IN ULONG NumberOfBytesToUnlock,
- OUT PULONG NumberOfBytesUnlocked OPTIONAL
- );
-
-NTSTATUS
-STDCALL
-ZwUnlockVirtualMemory(
- IN HANDLE ProcessHandle,
- IN PVOID BaseAddress,
- IN ULONG NumberOfBytesToUnlock,
- OUT PULONG NumberOfBytesUnlocked OPTIONAL
- );
-/*
- * FUNCTION: Unmaps a piece of virtual memory backed by a file.
- * ARGUMENTS:
- * ProcessHandle = Handle to the process
- * BaseAddress = The address where the mapping begins
- * REMARK:
- This procedure maps to the win32 UnMapViewOfFile
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtUnmapViewOfSection(
- IN HANDLE ProcessHandle,
- IN PVOID BaseAddress
- );
-NTSTATUS
-STDCALL
-ZwUnmapViewOfSection(
- IN HANDLE ProcessHandle,
- IN PVOID BaseAddress
- );
-
-/* --- OBJECT SYNCHRONIZATION --- */
-
-/*
- * FUNCTION: Signals an object and wait for an other one.
- * ARGUMENTS:
- * SignalObject = Handle to the object that should be signaled
- * WaitObject = Handle to the object that should be waited for
- * Alertable = True if the wait is alertable
- * Time = The time to wait
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtSignalAndWaitForSingleObject(
- IN HANDLE SignalObject,
- IN HANDLE WaitObject,
- IN BOOLEAN Alertable,
- IN PLARGE_INTEGER Time
- );
-
-NTSTATUS
-STDCALL
-NtSignalAndWaitForSingleObject(
- IN HANDLE SignalObject,
- IN HANDLE WaitObject,
- IN BOOLEAN Alertable,
- IN PLARGE_INTEGER Time
- );
-
-/*
- * FUNCTION: Waits for multiple objects to become signalled.
- * ARGUMENTS:
- * Count = The number of objects
- * Object = The array of object handles
- * WaitType = Can be one of the values UserMode or KernelMode
- * Alertable = If true the wait is alertable.
- * Time = The maximum wait time.
- * REMARKS:
- * This function maps to the win32 WaitForMultipleObjectEx.
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtWaitForMultipleObjects (
- IN ULONG Count,
- IN HANDLE Object[],
- IN CINT WaitType,
- IN BOOLEAN Alertable,
- IN PLARGE_INTEGER Time
- );
-
-NTSTATUS
-STDCALL
-ZwWaitForMultipleObjects (
- IN ULONG Count,
- IN HANDLE Object[],
- IN CINT WaitType,
- IN BOOLEAN Alertable,
- IN PLARGE_INTEGER Time
- );
-
-/*
- * FUNCTION: Waits for an object to become signalled.
- * ARGUMENTS:
- * Object = The object handle
- * Alertable = If true the wait is alertable.
- * Time = The maximum wait time.
- * REMARKS:
- * This function maps to the win32 WaitForSingleObjectEx.
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtWaitForSingleObject (
- IN HANDLE Object,
- IN BOOLEAN Alertable,
- IN PLARGE_INTEGER Time
- );
-
-NTSTATUS
-STDCALL
-ZwWaitForSingleObject (
- IN HANDLE Object,
- IN BOOLEAN Alertable,
- IN PLARGE_INTEGER Time
- );
-
-/* --- EVENT PAIR OBJECT --- */
-
-/*
- * FUNCTION: Waits for the high part of an eventpair to become signalled
- * ARGUMENTS:
- * EventPairHandle = Handle to the event pair.
- * RETURNS: Status
- */
-
-NTSTATUS
-STDCALL
-NtWaitHighEventPair(
- IN HANDLE EventPairHandle
- );
-
-NTSTATUS
-STDCALL
-ZwWaitHighEventPair(
- IN HANDLE EventPairHandle
- );
-
-/*
- * FUNCTION: Waits for the low part of an eventpair to become signalled
- * ARGUMENTS:
- * EventPairHandle = Handle to the event pair.
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtWaitLowEventPair(
- IN HANDLE EventPairHandle
- );
-
-NTSTATUS
-STDCALL
-ZwWaitLowEventPair(
- IN HANDLE EventPairHandle
- );
-
-/* --- FILE MANAGEMENT --- */
-
-/*
- * FUNCTION: Unlocks a range of bytes in a file.
- * ARGUMENTS:
- * FileHandle = Handle to the file
- * IoStatusBlock = Caller should supply storage for a structure containing
- * the completion status and information about the requested unlock operation.
- The information field is set to the number of bytes unlocked.
- * ByteOffset = Offset to start the range of bytes to unlock
- * Length = Number of bytes to unlock.
- * Key = Special value to enable other threads to unlock a file than the
- thread that locked the file. The key supplied must match with the one obtained
- in a previous call to NtLockFile.
- * REMARK:
- This procedure maps to the win32 procedure UnlockFileEx. STATUS_PENDING is returned if the lock could
- not be obtained immediately, the device queue is busy and the IRP is queued.
- * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES |
- STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_RANGE_NOT_LOCKED ]
- */
-NTSTATUS
-STDCALL
-NtUnlockFile(
- IN HANDLE FileHandle,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN PLARGE_INTEGER ByteOffset,
- IN PLARGE_INTEGER Lenght,
- OUT PULONG Key OPTIONAL
- );
-NTSTATUS
-STDCALL
-ZwUnlockFile(
- IN HANDLE FileHandle,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN PLARGE_INTEGER ByteOffset,
- IN PLARGE_INTEGER Lenght,
- OUT PULONG Key OPTIONAL
- );
-
-/*
- * FUNCTION: Writes data to a file
- * ARGUMENTS:
- * FileHandle = The handle a file ( from NtCreateFile )
- * Event = Specifies a event that will become signalled when the write operation completes.
- * ApcRoutine = Asynchroneous Procedure Callback [ Should not be used by device drivers ]
- * ApcContext = Argument to the Apc Routine
- * IoStatusBlock = Caller should supply storage for a structure containing the completion status and information about the requested write operation.
- * Buffer = Caller should supply storage for a buffer that will contain the information to be written to file.
- * Length = Size in bytest of the buffer
- * ByteOffset = Points to a file offset. If a combination of Length and BytesOfSet is past the end-of-file mark the file will be enlarged.
- * BytesOffset is ignored if the file is created with FILE_APPEND_DATA in the DesiredAccess. BytesOffset is also ignored if
- * the file is created with CreateOptions flags FILE_SYNCHRONOUS_IO_ALERT or FILE_SYNCHRONOUS_IO_NONALERT set, in that case a offset
- * should be created by specifying FILE_USE_FILE_POINTER_POSITION.
- * Key = Unused
- * REMARKS:
- * This function maps to the win32 WriteFile.
- * Callers to NtWriteFile should run at IRQL PASSIVE_LEVEL.
- * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES
- STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_FILE_LOCK_CONFLICT ]
- */
-NTSTATUS
-STDCALL
-NtWriteFile(
- IN HANDLE FileHandle,
- IN HANDLE Event OPTIONAL,
- IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
- IN PVOID ApcContext OPTIONAL,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN PVOID Buffer,
- IN ULONG Length,
- IN PLARGE_INTEGER ByteOffset,
- IN PULONG Key OPTIONAL
- );
-
-NTSTATUS
-STDCALL
-ZwWriteFile(
- IN HANDLE FileHandle,
- IN HANDLE Event OPTIONAL,
- IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
- IN PVOID ApcContext OPTIONAL,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN PVOID Buffer,
- IN ULONG Length,
- IN PLARGE_INTEGER ByteOffset ,
- IN PULONG Key OPTIONAL
- );
-
-/*
- * FUNCTION: Writes a file
- * ARGUMENTS:
- * FileHandle = The handle of the file
- * Event =
- * ApcRoutine = Asynchroneous Procedure Callback [ Should not be used by device drivers ]
- * ApcContext = Argument to the Apc Routine
- * IoStatusBlock = Caller should supply storage for a structure containing the completion status and information about the requested write operation.
- * BufferDescription = Caller should supply storage for a buffer that will contain the information to be written to file.
- * BufferLength = Size in bytest of the buffer
- * ByteOffset = Points to a file offset. If a combination of Length and BytesOfSet is past the end-of-file mark the file will be enlarged.
- * BytesOffset is ignored if the file is created with FILE_APPEND_DATA in the DesiredAccess. BytesOffset is also ignored if
- * the file is created with CreateOptions flags FILE_SYNCHRONOUS_IO_ALERT or FILE_SYNCHRONOUS_IO_NONALERT set, in that case a offset
- * should be created by specifying FILE_USE_FILE_POINTER_POSITION. Use FILE_WRITE_TO_END_OF_FILE to write to the EOF.
- * Key = If a matching key [ a key provided at NtLockFile ] is provided the write operation will continue even if a byte range is locked.
- * REMARKS:
- * This function maps to the win32 WriteFile.
- * Callers to NtWriteFile should run at IRQL PASSIVE_LEVEL.
- * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES
- STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_FILE_LOCK_CONFLICT ]
- */
-
-NTSTATUS
-STDCALL
-NtWriteFileGather(
- IN HANDLE FileHandle,
- IN HANDLE Event OPTIONAL,
- IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
- IN PVOID ApcContext OPTIONAL,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN FILE_SEGMENT_ELEMENT BufferDescription[],
- IN ULONG BufferLength,
- IN PLARGE_INTEGER ByteOffset,
- IN PULONG Key OPTIONAL
- );
-
-NTSTATUS
-STDCALL
-ZwWriteFileGather(
- IN HANDLE FileHandle,
- IN HANDLE Event OPTIONAL,
- IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
- IN PVOID ApcContext OPTIONAL,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN FILE_SEGMENT_ELEMENT BufferDescription[],
- IN ULONG BufferLength,
- IN PLARGE_INTEGER ByteOffset,
- IN PULONG Key OPTIONAL
- );
-
-
-/* --- THREAD MANAGEMENT --- */
-
-/*
- * FUNCTION: Increments a thread's resume count
- * ARGUMENTS:
- * ThreadHandle = Handle to the thread that should be resumed
- * PreviousSuspendCount = The resulting/previous suspend count.
- * REMARK:
- * A thread will be suspended if its suspend count is greater than 0. This procedure maps to
- * the win32 SuspendThread function. ( documentation about the the suspend count can be found here aswell )
- * The suspend count is not increased if it is greater than MAXIMUM_SUSPEND_COUNT.
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtSuspendThread(
- IN HANDLE ThreadHandle,
- IN PULONG PreviousSuspendCount
- );
-
-NTSTATUS
-STDCALL
-ZwSuspendThread(
- IN HANDLE ThreadHandle,
- IN PULONG PreviousSuspendCount
- );
-
-/*
- * FUNCTION: Terminates the execution of a thread.
- * ARGUMENTS:
- * ThreadHandle = Handle to the thread
- * ExitStatus = The exit status of the thread to terminate with.
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtTerminateThread(
- IN HANDLE ThreadHandle ,
- IN NTSTATUS ExitStatus
- );
-NTSTATUS
-STDCALL
-ZwTerminateThread(
- IN HANDLE ThreadHandle ,
- IN NTSTATUS ExitStatus
- );
-/*
- * FUNCTION: Tests to see if there are any pending alerts for the calling thread
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtTestAlert(
- VOID
- );
-NTSTATUS
-STDCALL
-ZwTestAlert(
- VOID
- );
-
-/*
- * FUNCTION: Yields the callers thread.
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtYieldExecution(
- VOID
- );
-
-NTSTATUS
-STDCALL
-ZwYieldExecution(
- VOID
- );
-
-
-/*
- * --- Local Procedure Call Facility
- * These prototypes are unknown as yet
- * (stack sizes by Peter-Michael Hager)
- */
-
-/* --- REGISTRY --- */
-
-/*
- * FUNCTION: Unloads a registry key.
- * ARGUMENTS:
- * KeyHandle = Handle to the registry key
- * REMARK:
- * This procedure maps to the win32 procedure RegUnloadKey
- * RETURNS: Status
- */
-NTSTATUS
-STDCALL
-NtUnloadKey(
- HANDLE KeyHandle
- );
-NTSTATUS
-STDCALL
-ZwUnloadKey(
- HANDLE KeyHandle
- );
-
-
-/* --- PLUG AND PLAY --- */
-
-NTSTATUS
-STDCALL
-NtPlugPlayControl (
- VOID
- );
-
-NTSTATUS
-STDCALL
-NtGetPlugPlayEvent (
- VOID
- );
-
-/* --- POWER MANAGEMENT --- */
-
-NTSTATUS STDCALL
-NtSetSystemPowerState(IN POWER_ACTION SystemAction,
- IN SYSTEM_POWER_STATE MinSystemState,
- IN ULONG Flags);
-
-/* --- DEBUG SUBSYSTEM --- */
-
-NTSTATUS STDCALL
-NtSystemDebugControl(DEBUG_CONTROL_CODE ControlCode,
- PVOID InputBuffer,
- ULONG InputBufferLength,
- PVOID OutputBuffer,
- ULONG OutputBufferLength,
- PULONG ReturnLength);
-
-/* --- VIRTUAL DOS MACHINE (VDM) --- */
-
-NTSTATUS
-STDCALL
-NtVdmControl (ULONG ControlCode, PVOID ControlData);
-
-
-/* --- WIN32 --- */
-
-NTSTATUS STDCALL
-NtW32Call(IN ULONG RoutineIndex,
- IN PVOID Argument,
- IN ULONG ArgumentLength,
- OUT PVOID* Result OPTIONAL,
- OUT PULONG ResultLength OPTIONAL);
-
-/* --- CHANNELS --- */
-
-NTSTATUS
-STDCALL
-NtCreateChannel (
- VOID
- );
-
-NTSTATUS
-STDCALL
-NtListenChannel (
- VOID
- );
-
-NTSTATUS
-STDCALL
-NtOpenChannel (
- VOID
- );
-
-NTSTATUS
-STDCALL
-NtReplyWaitSendChannel (
- VOID
- );
-
-NTSTATUS
-STDCALL
-NtSendWaitReplyChannel (
- VOID
- );
-
-NTSTATUS
-STDCALL
-NtSetContextChannel (
- VOID
- );
-
-/* --- MISCELLANEA --- */
-
-//NTSTATUS STDCALL NtSetLdtEntries(VOID);
-NTSTATUS
-STDCALL
-NtSetLdtEntries (
- HANDLE Thread,
- ULONG FirstEntry,
- PULONG Entries
- );
-
-
-NTSTATUS
-STDCALL
-NtQueryOleDirectoryFile (
- VOID
- );
-
-#endif /* __DDK_ZW_H */
+++ /dev/null
-#ifndef __INCLUDE_DDK_ZWTYPES_H
-#define __INCLUDE_DDK_ZWTYPES_H
-
-typedef enum _DEBUG_CONTROL_CODE
-{
- DebugGetTraceInformation = 1,
- DebugSetInternalBreakpoint,
- DebugSetSpecialCalls,
- DebugClearSpecialCalls,
- DebugQuerySpecialCalls,
- DebugDbgBreakPoint,
- DebugDbgLoadSymbols
-} DEBUG_CONTROL_CODE;
-
-typedef enum _KPROFILE_SOURCE
-{
- ProfileTime
-} KPROFILE_SOURCE;
-
-#define NtCurrentProcess() ( (HANDLE) 0xFFFFFFFF )
-#define NtCurrentThread() ( (HANDLE) 0xFFFFFFFE )
-
-#ifdef __NTOSKRNL__
-extern ULONG EXPORTED NtBuildNumber;
-#else
-extern ULONG IMPORTED NtBuildNumber;
-#endif
-
-
-// event access mask
-
-#define EVENT_READ_ACCESS 1
-#define EVENT_WRITE_ACCESS 2
-
-
-// file disposition values
-
-
-#define FILE_SUPERSEDE 0x0000
-#define FILE_OPEN 0x0001
-#define FILE_CREATE 0x0002
-#define FILE_OPEN_IF 0x0003
-#define FILE_OVERWRITE 0x0004
-#define FILE_OVERWRITE_IF 0x0005
-#define FILE_MAXIMUM_DISPOSITION 0x0005
-
-// job query / set information class
-
-typedef enum _JOBOBJECTINFOCLASS { // Q S
- JobObjectBasicAccountingInformation = 1, // Y N
- JobObjectBasicLimitInformation, // Y Y
- JobObjectBasicProcessIdList, // Y N
- JobObjectBasicUIRestrictions, // Y Y
- JobObjectSecurityLimitInformation, // Y Y
- JobObjectEndOfJobTimeInformation, // N Y
- JobObjectAssociateCompletionPortInformation, // N Y
- JobObjectBasicAndIoAccountingInformation, // Y N
- JobObjectExtendedLimitInformation, // Y Y
-} JOBOBJECTINFOCLASS;
-
-//process query / set information class
-
-#define ProcessBasicInformation 0
-#define ProcessQuotaLimits 1
-#define ProcessIoCounters 2
-#define ProcessVmCounters 3
-#define ProcessTimes 4
-#define ProcessBasePriority 5
-#define ProcessRaisePriority 6
-#define ProcessDebugPort 7
-#define ProcessExceptionPort 8
-#define ProcessAccessToken 9
-#define ProcessLdtInformation 10
-#define ProcessLdtSize 11
-#define ProcessDefaultHardErrorMode 12
-#define ProcessIoPortHandlers 13
-#define ProcessPooledUsageAndLimits 14
-#define ProcessWorkingSetWatch 15
-#define ProcessUserModeIOPL 16
-#define ProcessEnableAlignmentFaultFixup 17
-#define ProcessPriorityClass 18
-#define ProcessWx86Information 19
-#define ProcessHandleCount 20
-#define ProcessAffinityMask 21
-#define ProcessPriorityBoost 22
-#define ProcessDeviceMap 23
-#define ProcessSessionInformation 24
-#define ProcessForegroundInformation 25
-#define ProcessWow64Information 26
-/* ReactOS private. */
-#define ProcessImageFileName 27
-#define ProcessDesktop 28
-#define MaxProcessInfoClass 29
-
-/*
- * thread query / set information class
- */
-#define ThreadBasicInformation 0
-#define ThreadTimes 1
-#define ThreadPriority 2
-#define ThreadBasePriority 3
-#define ThreadAffinityMask 4
-#define ThreadImpersonationToken 5
-#define ThreadDescriptorTableEntry 6
-#define ThreadEnableAlignmentFaultFixup 7
-#define ThreadEventPair 8
-#define ThreadQuerySetWin32StartAddress 9
-#define ThreadZeroTlsCell 10
-#define ThreadPerformanceCount 11
-#define ThreadAmILastThread 12
-#define ThreadIdealProcessor 13
-#define ThreadPriorityBoost 14
-#define ThreadSetTlsArrayAddress 15
-#define ThreadIsIoPending 16
-#define ThreadHideFromDebugger 17
-#define MaxThreadInfoClass 17
-
-// object handle information
-
-#define ObjectBasicInformation 0
-#define ObjectNameInformation 1
-#define ObjectTypeInformation 2
-#define ObjectAllInformation 3
-#define ObjectDataInformation 4
-
-// atom information
-
-typedef enum _ATOM_INFORMATION_CLASS
-{
- AtomBasicInformation = 0,
- AtomTableInformation = 1,
-} ATOM_INFORMATION_CLASS;
-
-typedef struct _ATOM_BASIC_INFORMATION
-{
- USHORT UsageCount;
- USHORT Flags;
- USHORT NameLength;
- WCHAR Name[1];
-} ATOM_BASIC_INFORMATION, *PATOM_BASIC_INFORMATION;
-
-typedef struct _ATOM_TABLE_INFORMATION
-{
- ULONG NumberOfAtoms;
- RTL_ATOM Atoms[1];
-} ATOM_TABLE_INFORMATION, *PATOM_TABLE_INFORMATION;
-
-
-// mutant information
-
-typedef enum _MUTANT_INFORMATION_CLASS
-{
- MutantBasicInformation = 0
-} MUTANT_INFORMATION_CLASS;
-
-typedef struct _MUTANT_BASIC_INFORMATION
-{
- LONG Count;
- BOOLEAN Owned;
- BOOLEAN Abandoned;
-} MUTANT_BASIC_INFORMATION, *PMUTANT_BASIC_INFORMATION;
-
-
-// semaphore information
-
-typedef enum _SEMAPHORE_INFORMATION_CLASS
-{
- SemaphoreBasicInformation = 0
-} SEMAPHORE_INFORMATION_CLASS;
-
-typedef struct _SEMAPHORE_BASIC_INFORMATION
-{
- LONG CurrentCount;
- LONG MaximumCount;
-} SEMAPHORE_BASIC_INFORMATION, *PSEMAPHORE_BASIC_INFORMATION;
-
-
-// event information
-
-typedef enum _EVENT_INFORMATION_CLASS
-{
- EventBasicInformation = 0
-} EVENT_INFORMATION_CLASS;
-
-typedef struct _EVENT_BASIC_INFORMATION
-{
- EVENT_TYPE EventType;
- LONG EventState;
-} EVENT_BASIC_INFORMATION, *PEVENT_BASIC_INFORMATION;
-
-
-// system information
-// {Nt|Zw}{Query|Set}SystemInformation
-// (GN means Gary Nebbet in "NT/W2K Native API Reference")
-
-typedef
-enum _SYSTEM_INFORMATION_CLASS
-{
- SystemInformationClassMin = 0,
- SystemBasicInformation = 0, /* Q */
-
- SystemProcessorInformation = 1, /* Q */
-
- SystemPerformanceInformation = 2, /* Q */
-
- SystemTimeOfDayInformation = 3, /* Q */
-
- SystemPathInformation = 4, /* Q (checked build only) */
- SystemNotImplemented1 = 4, /* Q (GN) */
-
- SystemProcessInformation = 5, /* Q */
- SystemProcessesAndThreadsInformation = 5, /* Q (GN) */
-
- SystemCallCountInfoInformation = 6, /* Q */
- SystemCallCounts = 6, /* Q (GN) */
-
- SystemDeviceInformation = 7, /* Q */
-// It conflicts with symbol in ntoskrnl/io/resource.c
-// SystemConfigurationInformation = 7, /* Q (GN) */
-
- SystemProcessorPerformanceInformation = 8, /* Q */
- SystemProcessorTimes = 8, /* Q (GN) */
-
- SystemFlagsInformation = 9, /* QS */
- SystemGlobalFlag = 9, /* QS (GN) */
-
- SystemCallTimeInformation = 10,
- SystemNotImplemented2 = 10, /* (GN) */
-
- SystemModuleInformation = 11, /* Q */
-
- SystemLocksInformation = 12, /* Q */
- SystemLockInformation = 12, /* Q (GN) */
-
- SystemStackTraceInformation = 13,
- SystemNotImplemented3 = 13, /* Q (GN) */
-
- SystemPagedPoolInformation = 14,
- SystemNotImplemented4 = 14, /* Q (GN) */
-
- SystemNonPagedPoolInformation = 15,
- SystemNotImplemented5 = 15, /* Q (GN) */
-
- SystemHandleInformation = 16, /* Q */
-
- SystemObjectInformation = 17, /* Q */
-
- SystemPageFileInformation = 18, /* Q */
- SystemPagefileInformation = 18, /* Q (GN) */
-
- SystemVdmInstemulInformation = 19, /* Q */
- SystemInstructionEmulationCounts = 19, /* Q (GN) */
-
- SystemVdmBopInformation = 20,
- SystemInvalidInfoClass1 = 20, /* (GN) */
-
- SystemFileCacheInformation = 21, /* QS */
- SystemCacheInformation = 21, /* QS (GN) */
-
- SystemPoolTagInformation = 22, /* Q (checked build only) */
-
- SystemInterruptInformation = 23, /* Q */
- SystemProcessorStatistics = 23, /* Q (GN) */
-
- SystemDpcBehaviourInformation = 24, /* QS */
- SystemDpcInformation = 24, /* QS (GN) */
-
- SystemFullMemoryInformation = 25,
- SystemNotImplemented6 = 25, /* (GN) */
-
- SystemLoadImage = 26, /* S (callable) (GN) */
-
- SystemUnloadImage = 27, /* S (callable) (GN) */
-
- SystemTimeAdjustmentInformation = 28, /* QS */
- SystemTimeAdjustment = 28, /* QS (GN) */
-
- SystemSummaryMemoryInformation = 29,
- SystemNotImplemented7 = 29, /* (GN) */
-
- SystemNextEventIdInformation = 30,
- SystemNotImplemented8 = 30, /* (GN) */
-
- SystemEventIdsInformation = 31,
- SystemNotImplemented9 = 31, /* (GN) */
-
- SystemCrashDumpInformation = 32, /* Q */
-
- SystemExceptionInformation = 33, /* Q */
-
- SystemCrashDumpStateInformation = 34, /* Q */
-
- SystemKernelDebuggerInformation = 35, /* Q */
-
- SystemContextSwitchInformation = 36, /* Q */
-
- SystemRegistryQuotaInformation = 37, /* QS */
-
- SystemLoadAndCallImage = 38, /* S (GN) */
-
- SystemPrioritySeparation = 39, /* S */
-
- SystemPlugPlayBusInformation = 40,
- SystemNotImplemented10 = 40, /* Q (GN) */
-
- SystemDockInformation = 41,
- SystemNotImplemented11 = 41, /* Q (GN) */
-
- SystemPowerInformation = 42,
- SystemInvalidInfoClass2 = 42, /* (GN) */
-
- SystemProcessorSpeedInformation = 43,
- SystemInvalidInfoClass3 = 43, /* (GN) */
-
- SystemCurrentTimeZoneInformation = 44, /* QS */
- SystemTimeZoneInformation = 44, /* QS (GN) */
-
- SystemLookasideInformation = 45, /* Q */
-
- SystemSetTimeSlipEvent = 46, /* S (GN) */
-
- SystemCreateSession = 47, /* S (GN) */
-
- SystemDeleteSession = 48, /* S (GN) */
-
- SystemInvalidInfoClass4 = 49, /* (GN) */
-
- SystemRangeStartInformation = 50, /* Q (GN) */
-
- SystemVerifierInformation = 51, /* QS (GN) */
-
- SystemAddVerifier = 52, /* S (GN) */
-
- SystemSessionProcessesInformation = 53, /* Q (GN) */
- SystemInformationClassMax
-
-} SYSTEM_INFORMATION_CLASS;
-
-// SystemBasicInformation (0)
-typedef
-struct _SYSTEM_BASIC_INFORMATION
-{
- ULONG Reserved;
- ULONG TimerResolution;
- ULONG PageSize;
- ULONG NumberOfPhysicalPages;
- ULONG LowestPhysicalPageNumber;
- ULONG HighestPhysicalPageNumber;
- ULONG AllocationGranularity;
- ULONG MinimumUserModeAddress;
- ULONG MaximumUserModeAddress;
- KAFFINITY ActiveProcessorsAffinityMask;
- CCHAR NumberOfProcessors;
-} SYSTEM_BASIC_INFORMATION, *PSYSTEM_BASIC_INFORMATION;
-
-// SystemProcessorInformation (1)
-typedef
-struct _SYSTEM_PROCESSOR_INFORMATION
-{
- USHORT ProcessorArchitecture;
- USHORT ProcessorLevel;
- USHORT ProcessorRevision;
- USHORT Reserved;
- ULONG ProcessorFeatureBits;
-} SYSTEM_PROCESSOR_INFORMATION, *PSYSTEM_PROCESSOR_INFORMATION;
-
-// SystemPerformanceInfo (2)
-typedef
-struct _SYSTEM_PERFORMANCE_INFORMATION
-{
- LARGE_INTEGER IdleProcessorTime;
- LARGE_INTEGER IoReadTransferCount;
- LARGE_INTEGER IoWriteTransferCount;
- LARGE_INTEGER IoOtherTransferCount;
- ULONG IoReadOperationCount;
- ULONG IoWriteOperationCount;
- ULONG IoOtherOperationCount;
- ULONG AvailablePages;
- ULONG CommitedPages;
- ULONG CommitLimit;
- ULONG PeakCommitment;
- ULONG PageFaultCount;
- ULONG CopyOnWriteCount;
- ULONG TransitionCount;
- ULONG CacheTransitionCount;
- ULONG DemandZeroCount;
- ULONG PageReadCount;
- ULONG PageReadIoCount;
- ULONG CacheReadCount;
- ULONG CacheIoCount;
- ULONG DirtyPagesWriteCount;
- ULONG DirtyWriteIoCount;
- ULONG MappedPagesWriteCount;
- ULONG MappedWriteIoCount;
- ULONG PagedPoolPages;
- ULONG NonPagedPoolPages;
- ULONG Unknown6;
- ULONG Unknown7;
- ULONG Unknown8;
- ULONG Unknown9;
- ULONG MmTotalSystemFreePtes;
- ULONG MmSystemCodepage;
- ULONG MmTotalSystemDriverPages;
- ULONG MmTotalSystemCodePages;
- ULONG Unknown10;
- ULONG Unknown11;
- ULONG Unknown12;
- ULONG MmSystemCachePage;
- ULONG MmPagedPoolPage;
- ULONG MmSystemDriverPage;
- ULONG CcFastReadNoWait;
- ULONG CcFastReadWait;
- ULONG CcFastReadResourceMiss;
- ULONG CcFastReadNotPossible;
- ULONG CcFastMdlReadNoWait;
- ULONG CcFastMdlReadWait;
- ULONG CcFastMdlReadResourceMiss;
- ULONG CcFastMdlReadNotPossible;
- ULONG CcMapDataNoWait;
- ULONG CcMapDataWait;
- ULONG CcMapDataNoWaitMiss;
- ULONG CcMapDataWaitMiss;
- ULONG CcPinMappedDataCount;
- ULONG CcPinReadNoWait;
- ULONG CcPinReadWait;
- ULONG CcPinReadNoWaitMiss;
- ULONG CcPinReadWaitMiss;
- ULONG CcCopyReadNoWait;
- ULONG CcCopyReadWait;
- ULONG CcCopyReadNoWaitMiss;
- ULONG CcCopyReadWaitMiss;
- ULONG CcMdlReadNoWait;
- ULONG CcMdlReadWait;
- ULONG CcMdlReadNoWaitMiss;
- ULONG CcMdlReadWaitMiss;
- ULONG CcReadaheadIos;
- ULONG CcLazyWriteIos;
- ULONG CcLazyWritePages;
- ULONG CcDataFlushes;
- ULONG CcDataPages;
- ULONG ContextSwitches;
- ULONG Unknown13;
- ULONG Unknown14;
- ULONG SystemCalls;
-
-} SYSTEM_PERFORMANCE_INFO, *PSYSTEM_PERFORMANCE_INFO;
-
-// SystemTimeOfDayInformation (3)
-typedef
-struct _SYSTEM_TIMEOFDAY_INFORMATION
-{
- LARGE_INTEGER BootTime;
- LARGE_INTEGER CurrentTime;
- LARGE_INTEGER TimeZoneBias;
- ULONG TimeZoneId;
- ULONG Reserved;
-} SYSTEM_TIMEOFDAY_INFORMATION, *PSYSTEM_TIMEOFDAY_INFORMATION;
-
-// SystemPathInformation (4)
-// IT DOES NOT WORK
-typedef
-struct _SYSTEM_PATH_INFORMATION
-{
- PVOID Dummy;
-
-} SYSTEM_PATH_INFORMATION, * PSYSTEM_PATH_INFORMATION;
-
-// SystemProcessInformation (5)
-typedef
-struct _SYSTEM_THREAD_INFORMATION
-{
- TIME KernelTime;
- TIME UserTime;
- TIME CreateTime;
- ULONG TickCount;
- ULONG StartEIP;
- CLIENT_ID ClientId;
- ULONG DynamicPriority;
- ULONG BasePriority;
- ULONG nSwitches;
- DWORD State;
- KWAIT_REASON WaitReason;
-
-} SYSTEM_THREAD_INFORMATION, *PSYSTEM_THREAD_INFORMATION;
-
-typedef
-struct SYSTEM_PROCESS_INFORMATION
-{
- ULONG RelativeOffset;
- ULONG ThreadCount;
- ULONG Unused1 [6];
- TIME CreateTime;
- TIME UserTime;
- TIME KernelTime;
- UNICODE_STRING Name;
- ULONG BasePriority;
- ULONG ProcessId;
- ULONG ParentProcessId;
- ULONG HandleCount;
- ULONG Unused2[2];
- ULONG PeakVirtualSizeBytes;
- ULONG TotalVirtualSizeBytes;
- ULONG PageFaultCount;
- ULONG PeakWorkingSetSizeBytes;
- ULONG TotalWorkingSetSizeBytes;
- ULONG PeakPagedPoolUsagePages;
- ULONG TotalPagedPoolUsagePages;
- ULONG PeakNonPagedPoolUsagePages;
- ULONG TotalNonPagedPoolUsagePages;
- ULONG TotalPageFileUsageBytes;
- ULONG PeakPageFileUsageBytes;
- ULONG TotalPrivateBytes;
- SYSTEM_THREAD_INFORMATION ThreadSysInfo [1];
-
-} SYSTEM_PROCESS_INFORMATION, *PSYSTEM_PROCESS_INFORMATION;
-
-// SystemCallCountInformation (6)
-typedef
-struct _SYSTEM_SDT_INFORMATION
-{
- ULONG BufferLength;
- ULONG NumberOfSystemServiceTables;
- ULONG NumberOfServices [1];
- ULONG ServiceCounters [1];
-
-} SYSTEM_SDT_INFORMATION, *PSYSTEM_SDT_INFORMATION;
-
-// SystemDeviceInformation (7)
-typedef
-struct _SYSTEM_DEVICE_INFORMATION
-{
- ULONG NumberOfDisks;
- ULONG NumberOfFloppies;
- ULONG NumberOfCdRoms;
- ULONG NumberOfTapes;
- ULONG NumberOfSerialPorts;
- ULONG NumberOfParallelPorts;
-} SYSTEM_DEVICE_INFORMATION, *PSYSTEM_DEVICE_INFORMATION;
-
-// SystemProcessorPerformanceInformation (8)
-// (one per processor in the system)
-typedef
-struct _SYSTEM_PROCESSORTIME_INFO
-{
- TIME TotalProcessorRunTime;
- TIME TotalProcessorTime;
- TIME TotalProcessorUserTime;
- TIME TotalDPCTime;
- TIME TotalInterruptTime;
- ULONG TotalInterrupts;
- ULONG Unused;
-
-} SYSTEM_PROCESSORTIME_INFO, *PSYSTEM_PROCESSORTIME_INFO;
-
-// SystemFlagsInformation (9)
-typedef
-struct _SYSTEM_FLAGS_INFORMATION
-{
- ULONG Flags;
-
-} SYSTEM_FLAGS_INFORMATION, * PSYSTEM_FLAGS_INFORMATION;
-
-#define FLG_STOP_ON_EXCEPTION 0x00000001
-#define FLG_SHOW_LDR_SNAPS 0x00000002
-#define FLG_DEBUG_INITIAL_COMMAND 0x00000004
-#define FLG_STOP_ON_HANG_GUI 0x00000008
-#define FLG_HEAP_ENABLE_TAIL_CHECK 0x00000010
-#define FLG_HEAP_ENABLE_FREE_CHECK 0x00000020
-#define FLG_HEAP_VALIDATE_PARAMETERS 0x00000040
-#define FLG_HEAP_VALIDATE_ALL 0x00000080
-#define FLG_POOL_ENABLE_TAIL_CHECK 0x00000100
-#define FLG_POOL_ENABLE_FREE_CHECK 0x00000200
-#define FLG_POOL_ENABLE_TAGGING 0x00000400
-#define FLG_HEAP_ENABLE_TAGGING 0x00000800
-#define FLG_USER_STACK_TRACE_DB 0x00001000
-#define FLG_KERNEL_STACK_TRACE_DB 0x00002000
-#define FLG_MAINTAIN_OBJECT_TYPELIST 0x00004000
-#define FLG_HEAP_ENABLE_TAG_BY_DLL 0x00008000
-#define FLG_IGNORE_DEBUG_PRIV 0x00010000
-#define FLG_ENABLE_CSRDEBUG 0x00020000
-#define FLG_ENABLE_KDEBUG_SYMBOL_LOAD 0x00040000
-#define FLG_DISABLE_PAGE_KERNEL_STACKS 0x00080000
-#define FLG_HEAP_ENABLE_CALL_TRACING 0x00100000
-#define FLG_HEAP_DISABLE_COALESCING 0x00200000
-#define FLG_ENABLE_CLOSE_EXCEPTION 0x00400000
-#define FLG_ENABLE_EXCEPTION_LOGGING 0x00800000
-#define FLG_UNKNOWN_01000000 0x01000000
-#define FLG_UNKNOWN_02000000 0x02000000
-#define FLG_UNKNOWN_04000000 0x04000000
-#define FLG_ENABLE_DBGPRINT_BUFFERING 0x08000000
-#define FLG_UNKNOWN_10000000 0x10000000
-#define FLG_UNKNOWN_20000000 0x20000000
-#define FLG_UNKNOWN_40000000 0x40000000
-#define FLG_UNKNOWN_80000000 0x80000000
-
-// SystemCallTimeInformation (10)
-// UNKNOWN
-
-// SystemModuleInformation (11)
-typedef
-struct _SYSTEM_MODULE_ENTRY
-{
- ULONG Unknown1;
- ULONG Unknown2;
- PVOID BaseAddress;
- ULONG Size;
- ULONG Flags;
- ULONG EntryIndex;
- USHORT NameLength; /* Length of module name not including the path, this field contains valid value only for NTOSKRNL module*/
- USHORT PathLength; /* Length of 'directory path' part of modulename*/
- CHAR Name [256];
-} SYSTEM_MODULE_ENTRY, * PSYSTEM_MODULE_ENTRY;
-
-typedef
-struct _SYSTEM_MODULE_INFORMATION
-{
- ULONG Count;
- SYSTEM_MODULE_ENTRY Module [1];
-} SYSTEM_MODULE_INFORMATION, *PSYSTEM_MODULE_INFORMATION;
-
-// SystemLocksInformation (12)
-typedef
-struct _SYSTEM_RESOURCE_LOCK_ENTRY
-{
- ULONG ResourceAddress;
- ULONG Always1;
- ULONG Unknown;
- ULONG ActiveCount;
- ULONG ContentionCount;
- ULONG Unused[2];
- ULONG NumberOfSharedWaiters;
- ULONG NumberOfExclusiveWaiters;
-
-} SYSTEM_RESOURCE_LOCK_ENTRY, *PSYSTEM_RESOURCE_LOCK_ENTRY;
-
-typedef
-struct _SYSTEM_RESOURCE_LOCK_INFO
-{
- ULONG Count;
- SYSTEM_RESOURCE_LOCK_ENTRY Lock [1];
-
-} SYSTEM_RESOURCE_LOCK_INFO, *PSYSTEM_RESOURCE_LOCK_INFO;
-
-// SystemInformation13 (13)
-// UNKNOWN
-
-// SystemInformation14 (14)
-// UNKNOWN
-
-// SystemInformation15 (15)
-// UNKNOWN
-
-// SystemHandleInformation (16)
-// (see ontypes.h)
-typedef
-struct _SYSTEM_HANDLE_ENTRY
-{
- ULONG OwnerPid;
- BYTE ObjectType;
- BYTE HandleFlags;
- USHORT HandleValue;
- PVOID ObjectPointer;
- ULONG AccessMask;
-
-} SYSTEM_HANDLE_ENTRY, *PSYSTEM_HANDLE_ENTRY;
-
-typedef
-struct _SYSTEM_HANDLE_INFORMATION
-{
- ULONG Count;
- SYSTEM_HANDLE_ENTRY Handle [1];
-
-} SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;
-
-// SystemObjectInformation (17)
-typedef
-struct _SYSTEM_OBJECT_TYPE_INFORMATION
-{
- ULONG NextEntryOffset;
- ULONG ObjectCount;
- ULONG HandleCount;
- ULONG TypeNumber;
- ULONG InvalidAttributes;
- GENERIC_MAPPING GenericMapping;
- ACCESS_MASK ValidAccessMask;
- POOL_TYPE PoolType;
- UCHAR Unknown;
- UNICODE_STRING Name;
-
-} SYSTEM_OBJECT_TYPE_INFORMATION, *PSYSTEM_OBJECT_TYPE_INFORMATION;
-
-typedef
-struct _SYSTEM_OBJECT_INFORMATION
-{
- ULONG NextEntryOffset;
- PVOID Object;
- ULONG CreatorProcessId;
- USHORT Unknown;
- USHORT Flags;
- ULONG PointerCount;
- ULONG HandleCount;
- ULONG PagedPoolUsage;
- ULONG NonPagedPoolUsage;
- ULONG ExclusiveProcessId;
- PSECURITY_DESCRIPTOR SecurityDescriptor;
- UNICODE_STRING Name;
-
-} SYSTEM_OBJECT_INFORMATION, *PSYSTEM_OBJECT_INFORMATION;
-
-// SystemPageFileInformation (18)
-typedef
-struct _SYSTEM_PAGEFILE_INFORMATION
-{
- ULONG RelativeOffset;
- ULONG CurrentSizePages;
- ULONG TotalUsedPages;
- ULONG PeakUsedPages;
- UNICODE_STRING PagefileFileName;
-
-} SYSTEM_PAGEFILE_INFORMATION, *PSYSTEM_PAGEFILE_INFORMATION;
-
-// SystemInstructionEmulationInfo (19)
-typedef
-struct _SYSTEM_VDM_INFORMATION
-{
- ULONG VdmSegmentNotPresentCount;
- ULONG VdmINSWCount;
- ULONG VdmESPREFIXCount;
- ULONG VdmCSPREFIXCount;
- ULONG VdmSSPREFIXCount;
- ULONG VdmDSPREFIXCount;
- ULONG VdmFSPREFIXCount;
- ULONG VdmGSPREFIXCount;
- ULONG VdmOPER32PREFIXCount;
- ULONG VdmADDR32PREFIXCount;
- ULONG VdmINSBCount;
- ULONG VdmINSWV86Count;
- ULONG VdmOUTSBCount;
- ULONG VdmOUTSWCount;
- ULONG VdmPUSHFCount;
- ULONG VdmPOPFCount;
- ULONG VdmINTNNCount;
- ULONG VdmINTOCount;
- ULONG VdmIRETCount;
- ULONG VdmINBIMMCount;
- ULONG VdmINWIMMCount;
- ULONG VdmOUTBIMMCount;
- ULONG VdmOUTWIMMCount;
- ULONG VdmINBCount;
- ULONG VdmINWCount;
- ULONG VdmOUTBCount;
- ULONG VdmOUTWCount;
- ULONG VdmLOCKPREFIXCount;
- ULONG VdmREPNEPREFIXCount;
- ULONG VdmREPPREFIXCount;
- ULONG VdmHLTCount;
- ULONG VdmCLICount;
- ULONG VdmSTICount;
- ULONG VdmBopCount;
-
-} SYSTEM_VDM_INFORMATION, *PSYSTEM_VDM_INFORMATION;
-
-// SystemInformation20 (20)
-// UNKNOWN
-
-// SystemCacheInformation (21)
-typedef
-struct _SYSTEM_CACHE_INFORMATION
-{
- ULONG CurrentSize;
- ULONG PeakSize;
- ULONG PageFaultCount;
- ULONG MinimumWorkingSet;
- ULONG MaximumWorkingSet;
- ULONG Unused[4];
-
-} SYSTEM_CACHE_INFORMATION;
-
-// SystemPoolTagInformation (22)
-// found by Klaus P. Gerlicher
-// (implemented only in checked builds)
-typedef
-struct _POOL_TAG_STATS
-{
- ULONG AllocationCount;
- ULONG FreeCount;
- ULONG SizeBytes;
-
-} POOL_TAG_STATS;
-
-typedef
-struct _SYSTEM_POOL_TAG_ENTRY
-{
- ULONG Tag;
- POOL_TAG_STATS Paged;
- POOL_TAG_STATS NonPaged;
-
-} SYSTEM_POOL_TAG_ENTRY, * PSYSTEM_POOL_TAG_ENTRY;
-
-typedef
-struct _SYSTEM_POOL_TAG_INFO
-{
- ULONG Count;
- SYSTEM_POOL_TAG_ENTRY PoolEntry [1];
-
-} SYSTEM_POOL_TAG_INFO, *PSYSTEM_POOL_TAG_INFO;
-
-// SystemProcessorScheduleInfo (23)
-typedef
-struct _SYSTEM_PROCESSOR_SCHEDULE_INFO
-{
- ULONG nContextSwitches;
- ULONG nDPCQueued;
- ULONG nDPCRate;
- ULONG TimerResolution;
- ULONG nDPCBypasses;
- ULONG nAPCBypasses;
-
-} SYSTEM_PROCESSOR_SCHEDULE_INFO, *PSYSTEM_PROCESSOR_SCHEDULE_INFO;
-
-// SystemDpcInformation (24)
-typedef
-struct _SYSTEM_DPC_INFORMATION
-{
- ULONG Unused;
- ULONG KiMaximumDpcQueueDepth;
- ULONG KiMinimumDpcRate;
- ULONG KiAdjustDpcThreshold;
- ULONG KiIdealDpcRate;
-
-} SYSTEM_DPC_INFORMATION, *PSYSTEM_DPC_INFORMATION;
-
-// SystemInformation25 (25)
-// UNKNOWN
-
-// SystemLoadImage (26)
-typedef struct _SYSTEM_LOAD_IMAGE
-{
- UNICODE_STRING ModuleName;
- PVOID ModuleBase;
- PVOID SectionPointer;
- PVOID EntryPoint;
- PVOID ExportDirectory;
-} SYSTEM_LOAD_IMAGE, *PSYSTEM_LOAD_IMAGE;
-
-// SystemUnloadImage (27)
-typedef struct _SYSTEM_UNLOAD_IMAGE
-{
- PVOID ModuleBase;
-} SYSTEM_UNLOAD_IMAGE, *PSYSTEM_UNLOAD_IMAGE;
-
-// SystemTimeAdjustmentInformation (28)
-typedef
-struct _SYSTEM_QUERY_TIME_ADJUSTMENT
-{
- ULONG TimeAdjustment;
- ULONG MaximumIncrement;
- BOOLEAN TimeSynchronization;
-
-} SYSTEM_QUERY_TIME_ADJUSTMENT, *PSYSTEM_QUERY_TIME_ADJUSTMENT;
-
-typedef
-struct _SYSTEM_SET_TIME_ADJUSTMENT
-{
- ULONG TimeAdjustment;
- BOOLEAN TimeSynchronization;
-
-} SYSTEM_TIME_ADJUSTMENT_INFO, *PSYSTEM_TIME_ADJUSTMENT_INFO;
-
-// SystemProcessorFaultCountInfo (33)
-typedef
-struct _SYSTEM_PROCESSOR_FAULT_INFO
-{
- ULONG nAlignmentFixup;
- ULONG nExceptionDispatches;
- ULONG nFloatingEmulation;
- ULONG Unknown;
-
-} SYSTEM_PROCESSOR_FAULT_INFO, *PSYSTEM_PROCESSOR_FAULT_INFO;
-
-// SystemCrashDumpStateInfo (34)
-//
-
-// SystemDebuggerInformation (35)
-typedef
-struct _SYSTEM_DEBUGGER_INFO
-{
- BOOLEAN KdDebuggerEnabled;
- BOOLEAN KdDebuggerPresent;
-
-} SYSTEM_DEBUGGER_INFO, *PSYSTEM_DEBUGGER_INFO;
-
-// SystemInformation36 (36)
-// UNKNOWN
-
-// SystemQuotaInformation (37)
-typedef
-struct _SYSTEM_QUOTA_INFORMATION
-{
- ULONG CmpGlobalQuota;
- ULONG CmpGlobalQuotaUsed;
- ULONG MmSizeofPagedPoolInBytes;
-
-} SYSTEM_QUOTA_INFORMATION, *PSYSTEM_QUOTA_INFORMATION;
-
-// SystemLoadAndCallImage(38)
-typedef struct _SYSTEM_LOAD_AND_CALL_IMAGE
-{
- UNICODE_STRING ModuleName;
-} SYSTEM_LOAD_AND_CALL_IMAGE, *PSYSTEM_LOAD_AND_CALL_IMAGE;
-
-// SystemTimeZoneInformation (44)
-typedef
-struct _SYSTEM_TIME_ZONE_INFORMATION
-{
- LONG Bias;
- WCHAR StandardName [32];
- TIME StandardDate;
- LONG StandardBias;
- WCHAR DaylightName [32];
- TIME DaylightDate;
- LONG DaylightBias;
-
-} SYSTEM_TIME_ZONE_INFORMATION, * PSYSTEM_TIME_ZONE_INFORMATION;
-
-// SystemLookasideInformation (45)
-typedef
-struct _SYSTEM_LOOKASIDE_INFORMATION
-{
- USHORT Depth;
- USHORT MaximumDepth;
- ULONG TotalAllocates;
- ULONG AllocatesMisses;
- ULONG TotalFrees;
- ULONG FreeMisses;
- POOL_TYPE Type;
- ULONG Tag;
- ULONG Size;
-
-} SYSTEM_LOOKASIDE_INFORMATION, * PSYSTEM_LOOKASIDE_INFORMATION;
-
-// SystemSetTimeSlipEvent (46)
-typedef
-struct _SYSTEM_SET_TIME_SLIP_EVENT
-{
- HANDLE TimeSlipEvent; /* IN */
-
-} SYSTEM_SET_TIME_SLIP_EVENT, * PSYSTEM_SET_TIME_SLIP_EVENT;
-
-// SystemCreateSession (47)
-// (available only on TSE/NT5+)
-typedef
-struct _SYSTEM_CREATE_SESSION
-{
- ULONG SessionId; /* OUT */
-
-} SYSTEM_CREATE_SESSION, * PSYSTEM_CREATE_SESSION;
-
-// SystemDeleteSession (48)
-// (available only on TSE/NT5+)
-typedef
-struct _SYSTEM_DELETE_SESSION
-{
- ULONG SessionId; /* IN */
-
-} SYSTEM_DELETE_SESSION, * PSYSTEM_DELETE_SESSION;
-
-// (49)
-// UNKNOWN
-
-// SystemRangeStartInformation (50)
-typedef
-struct _SYSTEM_RANGE_START_INFORMATION
-{
- PVOID SystemRangeStart;
-
-} SYSTEM_RANGE_START_INFORMATION, * PSYSTEM_RANGE_START_INFORMATION;
-
-// SystemVerifierInformation (51)
-// UNKNOWN
-
-// SystemAddVerifier (52)
-// UNKNOWN
-
-// SystemSessionProcessesInformation (53)
-// (available only on TSE/NT5+)
-typedef
-struct _SYSTEM_SESSION_PROCESSES_INFORMATION
-{
- ULONG SessionId;
- ULONG BufferSize;
- PVOID Buffer; /* same format as in SystemProcessInformation */
-
-} SYSTEM_SESSION_PROCESSES_INFORMATION, * PSYSTEM_SESSION_PROCESSES_INFORMATION;
-
-// memory information
-
-typedef enum _MEMORY_INFORMATION_CLASS {
- MemoryBasicInformation,
- MemoryWorkingSetList,
- MemorySectionName //,
- //MemoryBasicVlmInformation //???
-} MEMORY_INFORMATION_CLASS;
-
-typedef struct _MEMORY_BASIC_INFORMATION { // Information Class 0
- PVOID BaseAddress;
- PVOID AllocationBase;
- ULONG AllocationProtect;
- ULONG RegionSize;
- ULONG State;
- ULONG Protect;
- ULONG Type;
-} MEMORY_BASIC_INFORMATION, *PMEMORY_BASIC_INFORMATION;
-
-typedef struct _MEMORY_WORKING_SET_LIST { // Information Class 1
- ULONG NumberOfPages;
- ULONG WorkingSetList[1];
-} MEMORY_WORKING_SET_LIST, *PMEMORY_WORKING_SET_LIST;
-
-// Information Class 2
-#define _MEMORY_SECTION_NAME_STATIC(__bufsize__) \
- { \
- UNICODE_STRING SectionFileName; \
- WCHAR NameBuffer[(__bufsize__)]; \
-}
-
-#define MEMORY_SECTION_NAME_STATIC(__bufsize__) \
- struct _MEMORY_SECTION_NAME_STATIC((__bufsize__)
-
-typedef struct _MEMORY_SECTION_NAME_STATIC(ANYSIZE_ARRAY)
- MEMORY_SECTION_NAME, *PMEMORY_SECTION_NAME;
-
-// shutdown action
-
-typedef enum SHUTDOWN_ACTION_TAG {
- ShutdownNoReboot,
- ShutdownReboot,
- ShutdownPowerOff
-} SHUTDOWN_ACTION;
-
-// wait type
-
-#define WaitAll 0
-#define WaitAny 1
-
-// number of wait objects
-
-#define THREAD_WAIT_OBJECTS 3
-//#define MAXIMUM_WAIT_OBJECTS 64
-
-// key restore flags
-
-#define REG_WHOLE_HIVE_VOLATILE 1
-#define REG_REFRESH_HIVE 2
-
-// object type access rights
-
-#define OBJECT_TYPE_CREATE 0x0001
-#define OBJECT_TYPE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0x1)
-
-// directory access rights
-
-#define DIRECTORY_QUERY 0x0001
-#define DIRECTORY_TRAVERSE 0x0002
-#define DIRECTORY_CREATE_OBJECT 0x0004
-#define DIRECTORY_CREATE_SUBDIRECTORY 0x0008
-
-#define DIRECTORY_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0xF)
-
-// symbolic link access rights
-
-#define SYMBOLIC_LINK_QUERY 0x0001
-#define SYMBOLIC_LINK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0x1)
-
-// Information class 0
-typedef struct _PROCESS_BASIC_INFORMATION
-{
- NTSTATUS ExitStatus;
- PPEB PebBaseAddress;
- KAFFINITY AffinityMask;
- KPRIORITY BasePriority;
- ULONG UniqueProcessId;
- ULONG InheritedFromUniqueProcessId;
-} PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION;
-
-// Information class 1
-typedef struct _QUOTA_LIMITS
-{
- ULONG PagedPoolLimit;
- ULONG NonPagedPoolLimit;
- ULONG MinimumWorkingSetSize;
- ULONG MaximumWorkingSetSize;
- ULONG PagefileLimit;
- TIME TimeLimit;
-} QUOTA_LIMITS, *PQUOTA_LIMITS;
-
-// Information class 2
-typedef struct _IO_COUNTERS
-{
- ULONG ReadOperationCount;
- ULONG WriteOperationCount;
- ULONG OtherOperationCount;
- LARGE_INTEGER ReadTransferCount;
- LARGE_INTEGER WriteTransferCount;
- LARGE_INTEGER OtherTransferCount;
-} IO_COUNTERS, *PIO_COUNTERS;
-
-// Information class 3
-typedef struct _VM_COUNTERS_
-{
- ULONG PeakVirtualSize;
- ULONG VirtualSize;
- ULONG PageFaultCount;
- ULONG PeakWorkingSetSize;
- ULONG WorkingSetSize;
- ULONG QuotaPeakPagedPoolUsage;
- ULONG QuotaPagedPoolUsage;
- ULONG QuotaPeakNonPagedPoolUsage;
- ULONG QuotaNonPagedPoolUsage;
- ULONG PagefileUsage;
- ULONG PeakPagefileUsage;
-} VM_COUNTERS, *PVM_COUNTERS;
-
-// Information class 4
-typedef struct _KERNEL_USER_TIMES
-{
- TIME CreateTime;
- TIME ExitTime;
- TIME KernelTime;
- TIME UserTime;
-} KERNEL_USER_TIMES, *PKERNEL_USER_TIMES;
-
-// Information class 9
-typedef struct _PROCESS_ACCESS_TOKEN
-{
- HANDLE Token;
- HANDLE Thread;
-} PROCESS_ACCESS_TOKEN, *PPROCESS_ACCESS_TOKEN;
-
-// Information class 14
-typedef struct _POOLED_USAGE_AND_LIMITS_
-{
- ULONG PeakPagedPoolUsage;
- ULONG PagedPoolUsage;
- ULONG PagedPoolLimit;
- ULONG PeakNonPagedPoolUsage;
- ULONG NonPagedPoolUsage;
- ULONG NonPagedPoolLimit;
- ULONG PeakPagefileUsage;
- ULONG PagefileUsage;
- ULONG PagefileLimit;
-} POOLED_USAGE_AND_LIMITS, *PPOOLED_USAGE_AND_LIMITS;
-
-// Information class 15
-typedef struct _PROCESS_WS_WATCH_INFORMATION
-{
- PVOID FaultingPc;
- PVOID FaultingVa;
-} PROCESS_WS_WATCH_INFORMATION, *PPROCESS_WS_WATCH_INFORMATION;
-
-// Information class 18
-typedef struct _PROCESS_PRIORITY_CLASS
-{
- BOOLEAN Foreground;
- UCHAR PriorityClass;
-} PROCESS_PRIORITY_CLASS, *PPROCESS_PRIORITY_CLASS;
-
-// Information class 23
-typedef struct _PROCESS_DEVICEMAP_INFORMATION
-{
- union {
- struct {
- HANDLE DirectoryHandle;
- } Set;
- struct {
- ULONG DriveMap;
- UCHAR DriveType[32];
- } Query;
- };
-} PROCESS_DEVICEMAP_INFORMATION, *pPROCESS_DEVICEMAP_INFORMATION;
-
-// Information class 24
-typedef struct _PROCESS_SESSION_INFORMATION
-{
- ULONG SessionId;
-} PROCESS_SESSION_INFORMATION, *PPROCESS_SESSION_INFORMATION;
-
-// thread information
-
-// incompatible with MS NT
-
-typedef struct _THREAD_BASIC_INFORMATION
-{
- NTSTATUS ExitStatus;
- PVOID TebBaseAddress; // PNT_TIB (GN)
- CLIENT_ID ClientId;
- KAFFINITY AffinityMask;
- KPRIORITY Priority;
- KPRIORITY BasePriority;
-} THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION;
-
-// object information
-
-typedef struct _OBJECT_NAME_INFORMATION
-{
- UNICODE_STRING Name;
-} OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION;
-
-
-
-typedef struct _OBJECT_DATA_INFORMATION
-{
- BOOLEAN bInheritHandle;
- BOOLEAN bProtectFromClose;
-} OBJECT_DATA_INFORMATION, *POBJECT_DATA_INFORMATION;
-
-
-typedef struct _OBJECT_TYPE_INFORMATION
-{
- UNICODE_STRING Name;
- UNICODE_STRING Type;
- ULONG TotalHandles;
- ULONG ReferenceCount;
-} OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION;
-
-// file information
-
-typedef struct _FILE_BASIC_INFORMATION
-{
- TIME CreationTime;
- TIME LastAccessTime;
- TIME LastWriteTime;
- TIME ChangeTime;
- ULONG FileAttributes;
-} FILE_BASIC_INFORMATION, *PFILE_BASIC_INFORMATION;
-
-typedef struct _FILE_STANDARD_INFORMATION
-{
- LARGE_INTEGER AllocationSize;
- LARGE_INTEGER EndOfFile;
- ULONG NumberOfLinks;
- BOOLEAN DeletePending;
- BOOLEAN Directory;
-} FILE_STANDARD_INFORMATION, *PFILE_STANDARD_INFORMATION;
-
-typedef struct _FILE_POSITION_INFORMATION
-{
- LARGE_INTEGER CurrentByteOffset;
-} FILE_POSITION_INFORMATION, *PFILE_POSITION_INFORMATION;
-
-typedef struct _FILE_ALIGNMENT_INFORMATION
-{
- ULONG AlignmentRequirement;
-} FILE_ALIGNMENT_INFORMATION, *PFILE_ALIGNMENT_INFORMATION;
-
-typedef struct _FILE_DISPOSITION_INFORMATION
-{
- BOOLEAN DoDeleteFile;
-} FILE_DISPOSITION_INFORMATION, *PFILE_DISPOSITION_INFORMATION;
-
-typedef struct _FILE_END_OF_FILE_INFORMATION
-{
- LARGE_INTEGER EndOfFile;
-} FILE_END_OF_FILE_INFORMATION, *PFILE_END_OF_FILE_INFORMATION;
-
-typedef struct _FILE_NETWORK_OPEN_INFORMATION
-{
- TIME CreationTime;
- TIME LastAccessTime;
- TIME LastWriteTime;
- TIME ChangeTime;
- LARGE_INTEGER AllocationSize;
- LARGE_INTEGER EndOfFile;
- ULONG FileAttributes;
-} FILE_NETWORK_OPEN_INFORMATION, *PFILE_NETWORK_OPEN_INFORMATION;
-
-typedef struct _FILE_FULL_EA_INFORMATION
-{
- ULONG NextEntryOffset;
- UCHAR Flags;
- UCHAR EaNameLength;
- USHORT EaValueLength;
- CHAR EaName[0];
-} FILE_FULL_EA_INFORMATION, *PFILE_FULL_EA_INFORMATION;
-
-
-typedef struct _FILE_EA_INFORMATION {
- ULONG EaSize;
-} FILE_EA_INFORMATION, *PFILE_EA_INFORMATION;
-
-
-typedef struct _FILE_GET_EA_INFORMATION {
- ULONG NextEntryOffset;
- UCHAR EaNameLength;
- CHAR EaName[0];
-} FILE_GET_EA_INFORMATION, *PFILE_GET_EA_INFORMATION;
-
-typedef struct _FILE_STREAM_INFORMATION {
- ULONG NextEntryOffset;
- ULONG StreamNameLength;
- LARGE_INTEGER StreamSize;
- LARGE_INTEGER StreamAllocationSize;
- WCHAR StreamName[0];
-} FILE_STREAM_INFORMATION, *PFILE_STREAM_INFORMATION;
-
-typedef struct _FILE_ALLOCATION_INFORMATION {
- LARGE_INTEGER AllocationSize;
-} FILE_ALLOCATION_INFORMATION, *PFILE_ALLOCATION_INFORMATION;
-
-typedef struct _FILE_NAME_INFORMATION {
- ULONG FileNameLength;
- WCHAR FileName[0];
-} FILE_NAME_INFORMATION, *PFILE_NAME_INFORMATION;
-
-typedef struct _FILE_NAMES_INFORMATION
-{
- ULONG NextEntryOffset;
- ULONG FileIndex;
- ULONG FileNameLength;
- WCHAR FileName[0];
-} FILE_NAMES_INFORMATION, *PFILE_NAMES_INFORMATION;
-
-
-typedef struct _FILE_RENAME_INFORMATION {
- BOOLEAN Replace;
- HANDLE RootDir;
- ULONG FileNameLength;
- WCHAR FileName[0];
-} FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION;
-
-
-typedef struct _FILE_INTERNAL_INFORMATION {
- LARGE_INTEGER IndexNumber;
-} FILE_INTERNAL_INFORMATION, *PFILE_INTERNAL_INFORMATION;
-
-typedef struct _FILE_ACCESS_INFORMATION {
- ACCESS_MASK AccessFlags;
-} FILE_ACCESS_INFORMATION, *PFILE_ACCESS_INFORMATION;
-
-
-typedef struct _FILE_MODE_INFORMATION {
- ULONG Mode;
-} FILE_MODE_INFORMATION, *PFILE_MODE_INFORMATION;
-
-
-typedef struct _FILE_PIPE_INFORMATION {
- ULONG ReadMode;
- ULONG CompletionMode;
-} FILE_PIPE_INFORMATION, *PFILE_PIPE_INFORMATION;
-
-typedef struct _FILE_PIPE_LOCAL_INFORMATION {
- ULONG NamedPipeType;
- ULONG NamedPipeConfiguration;
- ULONG MaximumInstances;
- ULONG CurrentInstances;
- ULONG InboundQuota;
- ULONG ReadDataAvailable;
- ULONG OutboundQuota;
- ULONG WriteQuotaAvailable;
- ULONG NamedPipeState;
- ULONG NamedPipeEnd;
-} FILE_PIPE_LOCAL_INFORMATION, *PFILE_PIPE_LOCAL_INFORMATION;
-
-typedef struct _FILE_PIPE_REMOTE_INFORMATION {
- LARGE_INTEGER CollectDataTime;
- ULONG MaximumCollectionCount;
-} FILE_PIPE_REMOTE_INFORMATION, *PFILE_PIPE_REMOTE_INFORMATION;
-
-typedef struct _FILE_MAILSLOT_QUERY_INFORMATION {
- ULONG MaxMessageSize;
- ULONG Unknown; /* ?? */
- ULONG NextSize;
- ULONG MessageCount;
- LARGE_INTEGER Timeout;
-} FILE_MAILSLOT_QUERY_INFORMATION, *PFILE_MAILSLOT_QUERY_INFORMATION;
-
-typedef struct _FILE_MAILSLOT_SET_INFORMATION {
- LARGE_INTEGER Timeout;
-} FILE_MAILSLOT_SET_INFORMATION, *PFILE_MAILSLOT_SET_INFORMATION;
-
-typedef struct _FILE_COMPRESSION_INFORMATION {
- LARGE_INTEGER CompressedFileSize;
- USHORT CompressionFormat;
- UCHAR CompressionUnitShift;
- UCHAR ChunkShift;
- UCHAR ClusterShift;
- UCHAR Reserved[3];
-} FILE_COMPRESSION_INFORMATION, *PFILE_COMPRESSION_INFORMATION;
-
-typedef struct _FILE_ALL_INFORMATION {
- FILE_BASIC_INFORMATION BasicInformation;
- FILE_STANDARD_INFORMATION StandardInformation;
- FILE_INTERNAL_INFORMATION InternalInformation;
- FILE_EA_INFORMATION EaInformation;
- FILE_ACCESS_INFORMATION AccessInformation;
- FILE_POSITION_INFORMATION PositionInformation;
- FILE_MODE_INFORMATION ModeInformation;
- FILE_ALIGNMENT_INFORMATION AlignmentInformation;
- FILE_NAME_INFORMATION NameInformation;
-} FILE_ALL_INFORMATION, *PFILE_ALL_INFORMATION;
-
-
-// file system information structures
-
-typedef struct _FILE_FS_DEVICE_INFORMATION {
- DEVICE_TYPE DeviceType;
- ULONG Characteristics;
-} FILE_FS_DEVICE_INFORMATION, *PFILE_FS_DEVICE_INFORMATION;
-
-
-typedef struct _FILE_FS_VOLUME_INFORMATION {
- TIME VolumeCreationTime;
- ULONG VolumeSerialNumber;
- ULONG VolumeLabelLength;
- BOOLEAN SupportsObjects;
- WCHAR VolumeLabel[0];
-} FILE_FS_VOLUME_INFORMATION, *PFILE_FS_VOLUME_INFORMATION;
-
-typedef struct _FILE_FS_SIZE_INFORMATION {
- LARGE_INTEGER TotalAllocationUnits;
- LARGE_INTEGER AvailableAllocationUnits;
- ULONG SectorsPerAllocationUnit;
- ULONG BytesPerSector;
-} FILE_FS_SIZE_INFORMATION, *PFILE_FS_SIZE_INFORMATION;
-
-typedef struct _FILE_FS_ATTRIBUTE_INFORMATION {
- ULONG FileSystemAttributes;
- LONG MaximumComponentNameLength;
- ULONG FileSystemNameLength;
- WCHAR FileSystemName[0];
-} FILE_FS_ATTRIBUTE_INFORMATION, *PFILE_FS_ATTRIBUTE_INFORMATION;
-
-/*
- FileSystemAttributes is one of the following values:
-
- FILE_CASE_SENSITIVE_SEARCH 0x00000001
- FILE_CASE_PRESERVED_NAMES 0x00000002
- FILE_UNICODE_ON_DISK 0x00000004
- FILE_PERSISTENT_ACLS 0x00000008
- FILE_FILE_COMPRESSION 0x00000010
- FILE_VOLUME_QUOTAS 0x00000020
- FILE_VOLUME_IS_COMPRESSED 0x00008000
-*/
-typedef struct _FILE_FS_LABEL_INFORMATION {
- ULONG VolumeLabelLength;
- WCHAR VolumeLabel[0];
-} FILE_FS_LABEL_INFORMATION, *PFILE_FS_LABEL_INFORMATION;
-
-// read file scatter / write file scatter
-//FIXME I am a win32 struct aswell
-
-typedef union _FILE_SEGMENT_ELEMENT {
- PVOID Buffer;
- ULONG Alignment;
-}FILE_SEGMENT_ELEMENT, *PFILE_SEGMENT_ELEMENT;
-
-// directory information
-
-typedef struct _OBJDIR_INFORMATION {
- UNICODE_STRING ObjectName;
- UNICODE_STRING ObjectTypeName; // Directory, Device ...
- UCHAR Data[0];
-} OBJDIR_INFORMATION, *POBJDIR_INFORMATION;
-
-
-typedef struct _FILE_DIRECTORY_INFORMATION {
- ULONG NextEntryOffset;
- ULONG FileIndex;
- TIME CreationTime;
- TIME LastAccessTime;
- TIME LastWriteTime;
- TIME ChangeTime;
- LARGE_INTEGER EndOfFile;
- LARGE_INTEGER AllocationSize;
- ULONG FileAttributes;
- ULONG FileNameLength;
- WCHAR FileName[0];
-} FILE_DIRECTORY_INFORMATION, *PFILE_DIRECTORY_INFORMATION;
-
-typedef struct _FILE_FULL_DIRECTORY_INFORMATION {
- ULONG NextEntryOffset;
- ULONG FileIndex;
- TIME CreationTime;
- TIME LastAccessTime;
- TIME LastWriteTime;
- TIME ChangeTime;
- LARGE_INTEGER EndOfFile;
- LARGE_INTEGER AllocationSize;
- ULONG FileAttributes;
- ULONG FileNameLength;
- ULONG EaSize;
- WCHAR FileName[0]; // variable size
-} FILE_FULL_DIRECTORY_INFORMATION, *PFILE_FULL_DIRECTORY_INFORMATION,
- FILE_FULL_DIR_INFORMATION, *PFILE_FULL_DIR_INFORMATION;
-
-
-typedef struct _FILE_BOTH_DIRECTORY_INFORMATION {
- ULONG NextEntryOffset;
- ULONG FileIndex;
- TIME CreationTime;
- TIME LastAccessTime;
- TIME LastWriteTime;
- TIME ChangeTime;
- LARGE_INTEGER EndOfFile;
- LARGE_INTEGER AllocationSize;
- ULONG FileAttributes;
- ULONG FileNameLength;
- ULONG EaSize;
- CHAR ShortNameLength;
- WCHAR ShortName[12]; // 8.3 name
- WCHAR FileName[0];
-} FILE_BOTH_DIRECTORY_INFORMATION, *PFILE_BOTH_DIRECTORY_INFORMATION,
- FILE_BOTH_DIR_INFORMATION, *PFILE_BOTH_DIR_INFORMATION;
-
-
-/*
- NotifyFilter / CompletionFilter:
-
- FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001
- FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002
- FILE_NOTIFY_CHANGE_NAME 0x00000003
- FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004
- FILE_NOTIFY_CHANGE_SIZE 0x00000008
- FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010
- FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020
- FILE_NOTIFY_CHANGE_CREATION 0x00000040
- FILE_NOTIFY_CHANGE_EA 0x00000080
- FILE_NOTIFY_CHANGE_SECURITY 0x00000100
- FILE_NOTIFY_CHANGE_STREAM_NAME 0x00000200
- FILE_NOTIFY_CHANGE_STREAM_SIZE 0x00000400
- FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800
-*/
-
-typedef struct _FILE_NOTIFY_INFORMATION {
- ULONG Action;
- ULONG FileNameLength;
- WCHAR FileName[0];
-} FILE_NOTIFY_INFORMATION;
-
-
-/*
- Action is one of the following values:
-
- FILE_ACTION_ADDED 0x00000001
- FILE_ACTION_REMOVED 0x00000002
- FILE_ACTION_MODIFIED 0x00000003
- FILE_ACTION_RENAMED_OLD_NAME 0x00000004
- FILE_ACTION_RENAMED_NEW_NAME 0x00000005
- FILE_ACTION_ADDED_STREAM 0x00000006
- FILE_ACTION_REMOVED_STREAM 0x00000007
- FILE_ACTION_MODIFIED_STREAM 0x00000008
-
-*/
-
-
-// File System Control commands ( related to defragging )
-
-#define FSCTL_READ_MFT_RECORD 0x90068 // NTFS only
-#define FSCTL_GET_VOLUME_BITMAP 0x9006F
-#define FSCTL_GET_RETRIEVAL_POINTERS 0x90073
-#define FSCTL_MOVE_FILE 0x90074
-
-typedef struct _MAPPING_PAIR
-{
- ULONGLONG Vcn;
- ULONGLONG Lcn;
-} MAPPING_PAIR, *PMAPPING_PAIR;
-
-typedef struct _GET_RETRIEVAL_DESCRIPTOR
-{
- ULONG NumberOfPairs;
- ULONGLONG StartVcn;
- MAPPING_PAIR Pair[0]; // variable size
-} GET_RETRIEVAL_DESCRIPTOR, *PGET_RETRIEVAL_DESCRIPTOR;
-
-typedef struct _BITMAP_DESCRIPTOR
-{
- ULONGLONG StartLcn;
- ULONGLONG ClustersToEndOfVol;
- BYTE Map[0]; // variable size
-} BITMAP_DESCRIPTOR, *PBITMAP_DESCRIPTOR;
-
-typedef struct _MOVEFILE_DESCRIPTOR
-{
- HANDLE FileHandle;
- ULONG Reserved;
- LARGE_INTEGER StartVcn;
- LARGE_INTEGER TargetLcn;
- ULONG NumVcns;
- ULONG Reserved1;
-} MOVEFILE_DESCRIPTOR, *PMOVEFILE_DESCRIPTOR;
-
-
-
-//typedef enum _TIMER_TYPE
-//{
-// NotificationTimer,
-// SynchronizationTimer
-//} TIMER_TYPE;
-
-typedef struct _TIMER_BASIC_INFORMATION
-{
- LARGE_INTEGER TimeRemaining;
- BOOLEAN SignalState;
-} TIMER_BASIC_INFORMATION, *PTIMER_BASIC_INFORMATION;
-
-typedef enum _TIMER_INFORMATION_CLASS
-{
- TimerBasicInformation
-} TIMER_INFORMATION_CLASS;
-
-typedef
-struct _LPC_PORT_BASIC_INFORMATION
-{
- DWORD Unknown0;
- DWORD Unknown1;
- DWORD Unknown2;
- DWORD Unknown3;
- DWORD Unknown4;
- DWORD Unknown5;
- DWORD Unknown6;
- DWORD Unknown7;
- DWORD Unknown8;
- DWORD Unknown9;
- DWORD Unknown10;
- DWORD Unknown11;
- DWORD Unknown12;
- DWORD Unknown13;
-
-} LPC_PORT_BASIC_INFORMATION, * PLPC_PORT_BASIC_INFORMATION;
-
-typedef struct _SECTION_BASIC_INFORMATION
-{
- PVOID BaseAddress;
- ULONG Attributes;
- LARGE_INTEGER Size;
-} SECTION_BASIC_INFORMATION, *PSECTION_BASIC_INFORMATION;
-
-typedef struct _SECTION_IMAGE_INFORMATION
-{
- PVOID EntryPoint;
- ULONG Unknown1;
- ULONG StackReserve;
- ULONG StackCommit;
- ULONG Subsystem;
- USHORT MinorSubsystemVersion;
- USHORT MajorSubsystemVersion;
- ULONG Unknown2;
- ULONG Characteristics;
- USHORT ImageNumber;
- BOOLEAN Executable;
- UCHAR Unknown3;
- ULONG Unknown4[3];
-} SECTION_IMAGE_INFORMATION, *PSECTION_IMAGE_INFORMATION;
-
-typedef enum _SECTION_INFORMATION_CLASS
-{
- SectionBasicInformation,
- SectionImageInformation,
-} SECTION_INFORMATION_CLASS;
-
-#endif