typedef enum _DEBUGOBJECTINFOCLASS
{
- DebugObjectUnusedInformation,
- DebugObjectKillProcessOnExitInformation
-} DEBUGOBJECTINFOCLASS, * PDEBUGOBJECTINFOCLASS;
+ DebugObjectUnusedInformation,
+ DebugObjectKillProcessOnExitInformation
+} DEBUGOBJECTINFOCLASS, *PDEBUGOBJECTINFOCLASS;
/* TYPES *********************************************************************/
typedef struct _DEBUG_OBJECT_KILL_PROCESS_ON_EXIT_INFORMATION
{
- ULONG KillProcessOnExit;
+ ULONG KillProcessOnExit;
} DEBUG_OBJECT_KILL_PROCESS_ON_EXIT_INFORMATION, *
PDEBUG_OBJECT_KILL_PROCESS_ON_EXIT_INFORMATION;
DBGKM_LOAD_DLL LoadDll;
DBGKM_UNLOAD_DLL UnloadDll;
} StateInfo;
-} DBGUI_WAIT_STATE_CHANGE, * PDBGUI_WAIT_STATE_CHANGE;
+} DBGUI_WAIT_STATE_CHANGE, *PDBGUI_WAIT_STATE_CHANGE;
#endif
/* You'll need the IFS for these, so let's not force everyone to have it */
#ifdef _NTIFS_
-typedef struct _EX_QUEUE_WORKER_INFO
+typedef struct _EX_QUEUE_WORKER_INFO
{
UCHAR QueueDisabled:1;
UCHAR MakeThreadsAsNecessary:1;
ULONG WorkerCount:29;
} EX_QUEUE_WORKER_INFO, *PEX_QUEUE_WORKER_INFO;
-typedef struct _EX_WORK_QUEUE
+typedef struct _EX_WORK_QUEUE
{
KQUEUE WorkerQueue;
ULONG DynamicThreadCount;
ULONG WorkItemsProcessed;
ULONG WorkItemsProcessedLastPass;
ULONG QueueDepthLastPass;
- EX_QUEUE_WORKER_INFO Info;
+ EX_QUEUE_WORKER_INFO Info;
} EX_WORK_QUEUE, *PEX_WORK_QUEUE;
#endif
};
} EX_FAST_REF, *PEX_FAST_REF;
-typedef struct _EX_PUSH_LOCK
+typedef struct _EX_PUSH_LOCK
{
- union
+ union
{
- struct
+ struct
{
ULONG Waiting:1;
ULONG Exclusive:1;
};
} EX_PUSH_LOCK, *PEX_PUSH_LOCK;
-typedef struct _HANDLE_TABLE_ENTRY_INFO
+typedef struct _HANDLE_TABLE_ENTRY_INFO
{
ULONG AuditMask;
} HANDLE_TABLE_ENTRY_INFO, *PHANDLE_TABLE_ENTRY_INFO;
-typedef struct _RUNDOWN_DESCRIPTOR
+typedef struct _RUNDOWN_DESCRIPTOR
{
ULONG_PTR References;
KEVENT RundownEvent;
ULONG AllowMultipleCallbacks;
} CALLBACK_OBJECT , *PCALLBACK_OBJECT;
-typedef struct _HANDLE_TABLE_ENTRY
+typedef struct _HANDLE_TABLE_ENTRY
{
- union
+ union
{
PVOID Object;
ULONG_PTR ObAttributes;
PHANDLE_TABLE_ENTRY_INFO InfoTable;
ULONG_PTR Value;
} u1;
- union
+ union
{
ULONG GrantedAccess;
USHORT GrantedAccessIndex;
IN PDRIVER_CONTROL ExecutionRoutine
);
-BOOLEAN
+BOOLEAN
STDCALL
HalBeginSystemInterrupt(
ULONG Vector,
ULONG Unknown1,
ULONG Unknown2
);
-
+
VOID
STDCALL
IoAssignDriveLetters(
/* ENUMERATIONS **************************************************************/
typedef enum _FIRMWARE_ENTRY
{
- HalHaltRoutine,
- HalPowerDownRoutine,
- HalRestartRoutine,
- HalRebootRoutine,
- HalInteractiveModeRoutine,
- HalMaximumRoutine
+ HalHaltRoutine,
+ HalPowerDownRoutine,
+ HalRestartRoutine,
+ HalRebootRoutine,
+ HalInteractiveModeRoutine,
+ HalMaximumRoutine
} FIRMWARE_REENTRY, *PFIRMWARE_REENTRY;
/* TYPES *********************************************************************/
extern NTOSAPI PHAL_PRIVATE_DISPATCH HalPrivateDispatchTable;
#endif
-#define HAL_PRIVATE_DISPATCH_VERSION 1
+#define HAL_PRIVATE_DISPATCH_VERSION 1
-typedef struct _LOADER_MODULE
+typedef struct _LOADER_MODULE
{
- ULONG ModStart;
- ULONG ModEnd;
- ULONG String;
- ULONG Reserved;
+ ULONG ModStart;
+ ULONG ModEnd;
+ ULONG String;
+ ULONG Reserved;
} LOADER_MODULE, *PLOADER_MODULE;
typedef struct _LOADER_PARAMETER_BLOCK
{
- ULONG Flags;
- ULONG MemLower;
- ULONG MemHigher;
- ULONG BootDevice;
- ULONG CommandLine;
- ULONG ModsCount;
- ULONG ModsAddr;
- UCHAR Syms[12];
- ULONG MmapLength;
- ULONG MmapAddr;
- ULONG DrivesCount;
- ULONG DrivesAddr;
- ULONG ConfigTable;
- ULONG BootLoaderName;
- ULONG PageDirectoryStart;
- ULONG PageDirectoryEnd;
- ULONG KernelBase;
+ ULONG Flags;
+ ULONG MemLower;
+ ULONG MemHigher;
+ ULONG BootDevice;
+ ULONG CommandLine;
+ ULONG ModsCount;
+ ULONG ModsAddr;
+ UCHAR Syms[12];
+ ULONG MmapLength;
+ ULONG MmapAddr;
+ ULONG DrivesCount;
+ ULONG DrivesAddr;
+ ULONG ConfigTable;
+ ULONG BootLoaderName;
+ ULONG PageDirectoryStart;
+ ULONG PageDirectoryEnd;
+ ULONG KernelBase;
} LOADER_PARAMETER_BLOCK, *PLOADER_PARAMETER_BLOCK;
#endif
typedef enum _DEBUG_CONTROL_CODE
{
- DebugGetTraceInformation = 1,
- DebugSetInternalBreakpoint,
- DebugSetSpecialCall,
- DebugClearSpecialCalls,
- DebugQuerySpecialCalls,
- DebugDbgBreakPoint,
- DebugDbgLoadSymbols
+ DebugGetTraceInformation = 1,
+ DebugSetInternalBreakpoint,
+ DebugSetSpecialCall,
+ DebugClearSpecialCalls,
+ DebugQuerySpecialCalls,
+ DebugDbgBreakPoint,
+ DebugDbgLoadSymbols
} DEBUG_CONTROL_CODE;
/* TYPES *********************************************************************/
-typedef struct _KD_PORT_INFORMATION
+typedef struct _KD_PORT_INFORMATION
{
ULONG ComPort;
ULONG BaudRate;
/* PROTOTYPES ****************************************************************/
-VOID
+VOID
STDCALL
KeInitializeApc(
IN PKAPC Apc,
IN PKNORMAL_ROUTINE NormalRoutine,
IN KPROCESSOR_MODE Mode,
IN PVOID Context
-);
+);
VOID
STDCALL
VOID
STDCALL
KiDeliverApc(
- IN KPROCESSOR_MODE PreviousMode,
- IN PVOID Reserved,
- IN PKTRAP_FRAME TrapFrame
+ IN KPROCESSOR_MODE PreviousMode,
+ IN PVOID Reserved,
+ IN PKTRAP_FRAME TrapFrame
);
VOID
KeQueryRuntimeThread(
IN PKTHREAD Thread,
OUT PULONG UserTime
- );
+ );
BOOLEAN
STDCALL
IN PUCHAR Component
);
-VOID
+VOID
STDCALL
KeTerminateThread(
- IN KPRIORITY Increment
+ IN KPRIORITY Increment
);
BOOLEAN
IN PKTHREAD *Thread OPTIONAL
);
-PCONFIGURATION_COMPONENT_DATA
+PCONFIGURATION_COMPONENT_DATA
STDCALL
KeFindConfigurationNextEntry(
IN PCONFIGURATION_COMPONENT_DATA Child,
IN PULONG ComponentKey OPTIONAL,
IN PCONFIGURATION_COMPONENT_DATA *NextLink
);
-
-PCONFIGURATION_COMPONENT_DATA
+
+PCONFIGURATION_COMPONENT_DATA
STDCALL
KeFindConfigurationEntry(
IN PCONFIGURATION_COMPONENT_DATA Child,
PKTHREAD Thread,
KAFFINITY Affinity
);
-
+
VOID
STDCALL
KeSetSystemAffinityThread(
NTSTATUS
STDCALL
KeUserModeCallback(
- IN ULONG FunctionID,
- IN PVOID InputBuffer,
- IN ULONG InputLength,
- OUT PVOID *OutputBuffer,
- OUT PULONG OutputLength
+ IN ULONG FunctionID,
+ IN PVOID InputBuffer,
+ IN ULONG InputLength,
+ OUT PVOID *OutputBuffer,
+ OUT PULONG OutputLength
);
VOID
CHAR ProcessorNumber,
BOOLEAN FloatingSave
);
-
+
BOOLEAN
-STDCALL
+STDCALL
KeConnectInterrupt(
PKINTERRUPT InterruptObject
);
BOOLEAN
-STDCALL
+STDCALL
KeDisconnectInterrupt(
PKINTERRUPT InterruptObject
);
IN PKMUTANT Mutant,
IN BOOLEAN InitialOwner
);
-
+
LONG
STDCALL
KeReleaseMutant(
IN NTSTATUS ExceptionCode
);
-VOID
+VOID
STDCALL
KeFlushWriteBuffer(VOID);
-
+
#endif
/* TYPES *********************************************************************/
-typedef struct _CONFIGURATION_COMPONENT_DATA
+typedef struct _CONFIGURATION_COMPONENT_DATA
{
struct _CONFIGURATION_COMPONENT_DATA *Parent;
struct _CONFIGURATION_COMPONENT_DATA *Child;
CONFIGURATION_COMPONENT Component;
} CONFIGURATION_COMPONENT_DATA, *PCONFIGURATION_COMPONENT_DATA;
-typedef enum _KAPC_ENVIRONMENT
+typedef enum _KAPC_ENVIRONMENT
{
OriginalApcEnvironment,
AttachedApcEnvironment,
CurrentApcEnvironment
} KAPC_ENVIRONMENT;
-typedef struct _KDPC_DATA
+typedef struct _KDPC_DATA
{
LIST_ENTRY DpcListHead;
ULONG DpcLock;
#endif
/* FIXME: Most of these should go to i386 directory */
-typedef struct _FNSAVE_FORMAT
+typedef struct _FNSAVE_FORMAT
{
ULONG ControlWord;
ULONG StatusWord;
ULONG Cr0NpxState;
} FX_SAVE_AREA, *PFX_SAVE_AREA;
-typedef struct _KTRAP_FRAME
+typedef struct _KTRAP_FRAME
{
PVOID DebugEbp;
PVOID DebugEip;
/* FIXME: Win32k uses windows.h! */
#ifndef __WIN32K__
-typedef struct _LDT_ENTRY {
- WORD LimitLow;
- WORD BaseLow;
- union {
- struct {
- BYTE BaseMid;
- BYTE Flags1;
- BYTE Flags2;
- BYTE BaseHi;
- } Bytes;
- struct {
- DWORD BaseMid : 8;
- DWORD Type : 5;
- DWORD Dpl : 2;
- DWORD Pres : 1;
- DWORD LimitHi : 4;
- DWORD Sys : 1;
- DWORD Reserved_0 : 1;
- DWORD Default_Big : 1;
- DWORD Granularity : 1;
- DWORD BaseHi : 8;
- } Bits;
- } HighWord;
+typedef struct _LDT_ENTRY
+{
+ WORD LimitLow;
+ WORD BaseLow;
+ union
+ {
+ struct
+ {
+ BYTE BaseMid;
+ BYTE Flags1;
+ BYTE Flags2;
+ BYTE BaseHi;
+ } Bytes;
+ struct
+ {
+ DWORD BaseMid : 8;
+ DWORD Type : 5;
+ DWORD Dpl : 2;
+ DWORD Pres : 1;
+ DWORD LimitHi : 4;
+ DWORD Sys : 1;
+ DWORD Reserved_0 : 1;
+ DWORD Default_Big : 1;
+ DWORD Granularity : 1;
+ DWORD BaseHi : 8;
+ } Bits;
+ } HighWord;
} LDT_ENTRY, *PLDT_ENTRY, *LPLDT_ENTRY;
#endif
{
USHORT LimitLow;
USHORT BaseLow;
- union {
- struct {
+ union
+ {
+ struct
+ {
UCHAR BaseMid;
UCHAR Flags1;
UCHAR Flags2;
UCHAR BaseHi;
} Bytes;
- struct {
+ struct
+ {
ULONG BaseMid : 8;
ULONG Type : 5;
ULONG Dpl : 2;
/* Fixme: Use correct types? */
typedef struct _KPROCESSOR_STATE
{
- PCONTEXT ContextFrame;
- PVOID SpecialRegisters;
+ PCONTEXT ContextFrame;
+ PVOID SpecialRegisters;
} KPROCESSOR_STATE;
/* Processor Control Block */
typedef struct _KPRCB
{
- USHORT MinorVersion;
+ USHORT MinorVersion;
USHORT MajorVersion;
struct _KTHREAD *CurrentThread;
struct _KTHREAD *NextThread;
/*
* This is the complete, internal KPCR structure
*/
-typedef struct _KIPCR {
- KPCR_TIB Tib; /* 00 */
- struct _KPCR *Self; /* 1C */
- struct _KPRCB *Prcb; /* 20 */
- KIRQL Irql; /* 24 */
- ULONG IRR; /* 28 */
- ULONG IrrActive; /* 2C */
- ULONG IDR; /* 30 */
- PVOID KdVersionBlock; /* 34 */
- PUSHORT IDT; /* 38 */
- PUSHORT GDT; /* 3C */
- struct _KTSS *TSS; /* 40 */
- USHORT MajorVersion; /* 44 */
- USHORT MinorVersion; /* 46 */
- KAFFINITY SetMember; /* 48 */
- ULONG StallScaleFactor; /* 4C */
- UCHAR SparedUnused; /* 50 */
- UCHAR Number; /* 51 */
- UCHAR Reserved; /* 52 */
- UCHAR L2CacheAssociativity; /* 53 */
- ULONG VdmAlert; /* 54 */
- ULONG KernelReserved[14]; /* 58 */
- ULONG L2CacheSize; /* 90 */
- ULONG HalReserved[16]; /* 94 */
- ULONG InterruptMode; /* D4 */
- UCHAR KernelReserved2[0x48]; /* D8 */
- KPRCB PrcbData; /* 120 */
+typedef struct _KIPCR
+{
+ KPCR_TIB Tib; /* 00 */
+ struct _KPCR *Self; /* 1C */
+ struct _KPRCB *Prcb; /* 20 */
+ KIRQL Irql; /* 24 */
+ ULONG IRR; /* 28 */
+ ULONG IrrActive; /* 2C */
+ ULONG IDR; /* 30 */
+ PVOID KdVersionBlock; /* 34 */
+ PUSHORT IDT; /* 38 */
+ PUSHORT GDT; /* 3C */
+ struct _KTSS *TSS; /* 40 */
+ USHORT MajorVersion; /* 44 */
+ USHORT MinorVersion; /* 46 */
+ KAFFINITY SetMember; /* 48 */
+ ULONG StallScaleFactor; /* 4C */
+ UCHAR SparedUnused; /* 50 */
+ UCHAR Number; /* 51 */
+ UCHAR Reserved; /* 52 */
+ UCHAR L2CacheAssociativity; /* 53 */
+ ULONG VdmAlert; /* 54 */
+ ULONG KernelReserved[14]; /* 58 */
+ ULONG L2CacheSize; /* 90 */
+ ULONG HalReserved[16]; /* 94 */
+ ULONG InterruptMode; /* D4 */
+ UCHAR KernelReserved2[0x48]; /* D8 */
+ KPRCB PrcbData; /* 120 */
} KIPCR, *PKIPCR;
#pragma pack(pop)
#include <poppack.h>
/* i386 Doesn't have Exception Frames */
-typedef struct _KEXCEPTION_FRAME {
+typedef struct _KEXCEPTION_FRAME
+{
} KEXCEPTION_FRAME, *PKEXCEPTION_FRAME;
struct _KPROCESS *Process;
} KPROFILE, *PKPROFILE;
-typedef struct _KINTERRUPT
+typedef struct _KINTERRUPT
{
CSHORT Type;
CSHORT Size;
typedef struct _KTHREAD
{
- /* For waiting on thread exit */
- DISPATCHER_HEADER DispatcherHeader; /* 00 */
-
- /* List of mutants owned by the thread */
- LIST_ENTRY MutantListHead; /* 10 */
- PVOID InitialStack; /* 18 */
- ULONG_PTR StackLimit; /* 1C */
-
- /* Pointer to the thread's environment block in user memory */
- struct _TEB *Teb; /* 20 */
-
- /* Pointer to the thread's TLS array */
- PVOID TlsArray; /* 24 */
- PVOID KernelStack; /* 28 */
- UCHAR DebugActive; /* 2C */
-
- /* Thread state (one of THREAD_STATE_xxx constants below) */
- UCHAR State; /* 2D */
- BOOLEAN Alerted[2]; /* 2E */
- UCHAR Iopl; /* 30 */
- UCHAR NpxState; /* 31 */
- CHAR Saturation; /* 32 */
- CHAR Priority; /* 33 */
- KAPC_STATE ApcState; /* 34 */
- ULONG ContextSwitches; /* 4C */
- LONG WaitStatus; /* 50 */
- KIRQL WaitIrql; /* 54 */
- CHAR WaitMode; /* 55 */
- UCHAR WaitNext; /* 56 */
- UCHAR WaitReason; /* 57 */
- union { /* 58 */
- PKWAIT_BLOCK WaitBlockList; /* 58 */
- PKGATE GateObject; /* 58 */
- }; /* 58 */
- LIST_ENTRY WaitListEntry; /* 5C */
- ULONG WaitTime; /* 64 */
- CHAR BasePriority; /* 68 */
- UCHAR DecrementCount; /* 69 */
- UCHAR PriorityDecrement; /* 6A */
- CHAR Quantum; /* 6B */
- KWAIT_BLOCK WaitBlock[4]; /* 6C */
- PVOID LegoData; /* CC */
- union {
- struct {
- USHORT KernelApcDisable;
- USHORT SpecialApcDisable;
- };
- ULONG CombinedApcDisable; /* D0 */
- };
- KAFFINITY UserAffinity; /* D4 */
- UCHAR SystemAffinityActive;/* D8 */
- UCHAR PowerState; /* D9 */
- UCHAR NpxIrql; /* DA */
- UCHAR Pad[1]; /* DB */
- PVOID ServiceTable; /* DC */
- struct _KQUEUE *Queue; /* E0 */
- KSPIN_LOCK ApcQueueLock; /* E4 */
- KTIMER Timer; /* E8 */
- LIST_ENTRY QueueListEntry; /* 110 */
- KAFFINITY Affinity; /* 118 */
- UCHAR Preempted; /* 11C */
- UCHAR ProcessReadyQueue; /* 11D */
- UCHAR KernelStackResident; /* 11E */
- UCHAR NextProcessor; /* 11F */
- PVOID CallbackStack; /* 120 */
- struct _W32THREAD *Win32Thread; /* 124 */
- struct _KTRAP_FRAME *TrapFrame; /* 128 */
- PKAPC_STATE ApcStatePointer[2]; /* 12C */
- UCHAR EnableStackSwap; /* 134 */
- UCHAR LargeStack; /* 135 */
- UCHAR ResourceIndex; /* 136 */
- UCHAR PreviousMode; /* 137 */
- ULONG KernelTime; /* 138 */
- ULONG UserTime; /* 13C */
- KAPC_STATE SavedApcState; /* 140 */
- UCHAR Alertable; /* 158 */
- UCHAR ApcStateIndex; /* 159 */
- UCHAR ApcQueueable; /* 15A */
- UCHAR AutoAlignment; /* 15B */
- PVOID StackBase; /* 15C */
- KAPC SuspendApc; /* 160 */
- KSEMAPHORE SuspendSemaphore; /* 190 */
- LIST_ENTRY ThreadListEntry; /* 1A4 */
- CHAR FreezeCount; /* 1AC */
- UCHAR SuspendCount; /* 1AD */
- UCHAR IdealProcessor; /* 1AE */
- UCHAR DisableBoost; /* 1AF */
- UCHAR QuantumReset; /* 1B0 */
+ /* For waiting on thread exit */
+ DISPATCHER_HEADER DispatcherHeader; /* 00 */
+
+ /* List of mutants owned by the thread */
+ LIST_ENTRY MutantListHead; /* 10 */
+ PVOID InitialStack; /* 18 */
+ ULONG_PTR StackLimit; /* 1C */
+
+ /* Pointer to the thread's environment block in user memory */
+ struct _TEB *Teb; /* 20 */
+
+ /* Pointer to the thread's TLS array */
+ PVOID TlsArray; /* 24 */
+ PVOID KernelStack; /* 28 */
+ UCHAR DebugActive; /* 2C */
+
+ /* Thread state (one of THREAD_STATE_xxx constants below) */
+ UCHAR State; /* 2D */
+ BOOLEAN Alerted[2]; /* 2E */
+ UCHAR Iopl; /* 30 */
+ UCHAR NpxState; /* 31 */
+ CHAR Saturation; /* 32 */
+ CHAR Priority; /* 33 */
+ KAPC_STATE ApcState; /* 34 */
+ ULONG ContextSwitches; /* 4C */
+ LONG WaitStatus; /* 50 */
+ KIRQL WaitIrql; /* 54 */
+ CHAR WaitMode; /* 55 */
+ UCHAR WaitNext; /* 56 */
+ UCHAR WaitReason; /* 57 */
+ union /* 58 */
+ {
+ PKWAIT_BLOCK WaitBlockList; /* 58 */
+ PKGATE GateObject; /* 58 */
+ }; /* 58 */
+ LIST_ENTRY WaitListEntry; /* 5C */
+ ULONG WaitTime; /* 64 */
+ CHAR BasePriority; /* 68 */
+ UCHAR DecrementCount; /* 69 */
+ UCHAR PriorityDecrement; /* 6A */
+ CHAR Quantum; /* 6B */
+ KWAIT_BLOCK WaitBlock[4]; /* 6C */
+ PVOID LegoData; /* CC */
+ union
+ {
+ struct
+ {
+ USHORT KernelApcDisable;
+ USHORT SpecialApcDisable;
+ };
+ ULONG CombinedApcDisable; /* D0 */
+ };
+ KAFFINITY UserAffinity; /* D4 */
+ UCHAR SystemAffinityActive;/* D8 */
+ UCHAR PowerState; /* D9 */
+ UCHAR NpxIrql; /* DA */
+ UCHAR Pad[1]; /* DB */
+ PVOID ServiceTable; /* DC */
+ struct _KQUEUE *Queue; /* E0 */
+ KSPIN_LOCK ApcQueueLock; /* E4 */
+ KTIMER Timer; /* E8 */
+ LIST_ENTRY QueueListEntry; /* 110 */
+ KAFFINITY Affinity; /* 118 */
+ UCHAR Preempted; /* 11C */
+ UCHAR ProcessReadyQueue; /* 11D */
+ UCHAR KernelStackResident; /* 11E */
+ UCHAR NextProcessor; /* 11F */
+ PVOID CallbackStack; /* 120 */
+ struct _W32THREAD *Win32Thread; /* 124 */
+ struct _KTRAP_FRAME *TrapFrame; /* 128 */
+ PKAPC_STATE ApcStatePointer[2]; /* 12C */
+ UCHAR EnableStackSwap; /* 134 */
+ UCHAR LargeStack; /* 135 */
+ UCHAR ResourceIndex; /* 136 */
+ UCHAR PreviousMode; /* 137 */
+ ULONG KernelTime; /* 138 */
+ ULONG UserTime; /* 13C */
+ KAPC_STATE SavedApcState; /* 140 */
+ UCHAR Alertable; /* 158 */
+ UCHAR ApcStateIndex; /* 159 */
+ UCHAR ApcQueueable; /* 15A */
+ UCHAR AutoAlignment; /* 15B */
+ PVOID StackBase; /* 15C */
+ KAPC SuspendApc; /* 160 */
+ KSEMAPHORE SuspendSemaphore; /* 190 */
+ LIST_ENTRY ThreadListEntry; /* 1A4 */
+ CHAR FreezeCount; /* 1AC */
+ UCHAR SuspendCount; /* 1AD */
+ UCHAR IdealProcessor; /* 1AE */
+ UCHAR DisableBoost; /* 1AF */
+ UCHAR QuantumReset; /* 1B0 */
} KTHREAD;
#include <poppack.h>
LIST_ENTRY ThreadListHead; /* 050 */
KSPIN_LOCK ProcessLock; /* 058 */
KAFFINITY Affinity; /* 05C */
- union {
- struct {
+ union
+ {
+ struct
+ {
ULONG AutoAlignment:1; /* 060.0 */
ULONG DisableBoost:1; /* 060.1 */
ULONG DisableQuantum:1; /* 060.2 */
IN ULONG Ordinal,
OUT PVOID *ProcedureAddress
);
-
+
#endif
#define RESOURCE_DATA_LEVEL 3
/* FIXME: USE CORRRECT LDR_ FLAGS */
-#define IMAGE_DLL 0x00000004
-#define LOAD_IN_PROGRESS 0x00001000
-#define UNLOAD_IN_PROGRESS 0x00002000
-#define ENTRY_PROCESSED 0x00004000
-#define DONT_CALL_FOR_THREAD 0x00040000
-#define PROCESS_ATTACH_CALLED 0x00080000
-#define IMAGE_NOT_AT_BASE 0x00200000
+#define IMAGE_DLL 0x00000004
+#define LOAD_IN_PROGRESS 0x00001000
+#define UNLOAD_IN_PROGRESS 0x00002000
+#define ENTRY_PROCESSED 0x00004000
+#define DONT_CALL_FOR_THREAD 0x00040000
+#define PROCESS_ATTACH_CALLED 0x00080000
+#define IMAGE_NOT_AT_BASE 0x00200000
/* ENUMERATIONS **************************************************************/
-/* TYPES *********************************************************************/
+/* TYPES *********************************************************************/
/* FIXME: Update with _LDR_DATA_TABLE_ENTRY and LDR_ flags */
typedef struct _PEB_LDR_DATA
{
#endif /* KDBG */
} LDR_DATA_TABLE_ENTRY, *PLDR_DATA_TABLE_ENTRY;
-typedef struct _LDR_RESOURCE_INFO
+typedef struct _LDR_RESOURCE_INFO
{
ULONG Type;
ULONG Name;
/* ENUMERATIONS **************************************************************/
-typedef enum _LPC_TYPE
+typedef enum _LPC_TYPE
{
LPC_NEW_MESSAGE,
LPC_REQUEST,
/* TYPES *********************************************************************/
/* FIXME: USE REAL DEFINITION */
-typedef struct _LPC_MESSAGE {
+typedef struct _LPC_MESSAGE
+{
USHORT DataSize;
USHORT MessageSize;
USHORT MessageType;
} LPC_MESSAGE, *PLPC_MESSAGE;
/* FIXME: USE REAL DEFINITION */
-typedef struct _LPC_SECTION_WRITE
+typedef struct _LPC_SECTION_WRITE
{
ULONG Length;
HANDLE SectionHandle;
} LPC_SECTION_WRITE, *PLPC_SECTION_WRITE;
/* FIXME: USE REAL DEFINITION */
-typedef struct _LPC_SECTION_READ
+typedef struct _LPC_SECTION_READ
{
ULONG Length;
ULONG ViewSize;
PVOID ViewBase;
-} LPC_SECTION_READ, *PLPC_SECTION_READ;
+} LPC_SECTION_READ, *PLPC_SECTION_READ;
/* FIXME: USE REAL DEFINITION */
-typedef struct _LPC_MAX_MESSAGE
+typedef struct _LPC_MAX_MESSAGE
{
LPC_MESSAGE Header;
BYTE Data[MAX_MESSAGE_DATA];
/* PROTOTYPES ****************************************************************/
-NTSTATUS
+NTSTATUS
STDCALL
MmUnmapViewOfSection(
- struct _EPROCESS* Process,
+ struct _EPROCESS* Process,
PVOID BaseAddress
);
/* ENUMERATIONS **************************************************************/
typedef enum _OB_OPEN_REASON
-{
+{
ObCreateHandle,
ObOpenHandle,
ObDuplicateHandle,
ACCESS_MASK GrantedAccess
);
-typedef NTSTATUS
+typedef NTSTATUS
(STDCALL *OB_PARSE_METHOD)(
PVOID Object,
PVOID *NextObject,
PWSTR *Path,
ULONG Attributes
);
-
-typedef VOID
+
+typedef VOID
(STDCALL *OB_DELETE_METHOD)(
PVOID DeletedObject
);
-typedef VOID
+typedef VOID
(STDCALL *OB_CLOSE_METHOD)(
PVOID ClosedObject,
ULONG HandleCount
typedef VOID
(STDCALL *OB_DUMP_METHOD)(VOID);
-typedef NTSTATUS
+typedef NTSTATUS
(STDCALL *OB_OKAYTOCLOSE_METHOD)(VOID);
-typedef NTSTATUS
+typedef NTSTATUS
(STDCALL *OB_QUERYNAME_METHOD)(
PVOID ObjectBody,
POBJECT_NAME_INFORMATION ObjectNameInfo,
PULONG ReturnLength
);
-typedef PVOID
+typedef PVOID
(STDCALL *OB_FIND_METHOD)(
PVOID WinStaObject,
PWSTR Name,
ULONG Attributes
);
-typedef NTSTATUS
+typedef NTSTATUS
(STDCALL *OB_SECURITY_METHOD)(
PVOID ObjectBody,
SECURITY_OPERATION_CODE OperationCode,
/* TYPES *********************************************************************/
/* FIXME: Does this match NT's? */
-typedef struct _W32_OBJECT_CALLBACK
+typedef struct _W32_OBJECT_CALLBACK
{
OB_OPEN_METHOD WinStaCreate;
OB_PARSE_METHOD WinStaParse;
OB_DELETE_METHOD DesktopDelete;
} W32_OBJECT_CALLBACK, *PW32_OBJECT_CALLBACK;
-typedef struct _OBJECT_BASIC_INFORMATION
+typedef struct _OBJECT_BASIC_INFORMATION
{
ULONG Attributes;
ACCESS_MASK GrantedAccess;
ULONG SecurityDescriptorLength;
LARGE_INTEGER CreateTime;
} OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION;
-
+
typedef struct _OBJECT_HEADER_NAME_INFO
{
struct _DIRECTORY_OBJECT *Directory;
ULONG DbgReferenceCount;
} OBJECT_HEADER_NAME_INFO, *POBJECT_HEADER_NAME_INFO;
-typedef struct _OBJECT_CREATE_INFORMATION
+typedef struct _OBJECT_CREATE_INFORMATION
{
ULONG Attributes;
HANDLE RootDirectory;
struct _EPROCESS *Process;
ULONG HandleCount;
} OBJECT_HANDLE_COUNT_ENTRY, *POBJECT_HANDLE_COUNT_ENTRY;
-
+
typedef struct _OBJECT_HANDLE_COUNT_DATABASE
{
ULONG CountEntries;
POBJECT_HANDLE_COUNT_ENTRY HandleCountEntries[1];
} OBJECT_HANDLE_COUNT_DATABASE, *POBJECT_HANDLE_COUNT_DATABASE;
-
+
typedef struct _OBJECT_HEADER_HANDLE_INFO
{
union
OBJECT_HANDLE_COUNT_ENTRY SingleEntry;
};
} OBJECT_HEADER_HANDLE_INFO, *POBJECT_HEADER_HANDLE_INFO;
-
+
typedef struct _OBJECT_HEADER_CREATOR_INFO
{
LIST_ENTRY TypeList;
{
LIST_ENTRY Entry; /* FIXME: REMOVE THIS SOON */
LONG PointerCount;
- union {
+ union
+ {
LONG HandleCount;
PVOID NextToFree;
};
UCHAR HandleInfoOffset;
UCHAR QuotaInfoOffset;
UCHAR Flags;
- union {
+ union
+ {
POBJECT_CREATE_INFORMATION ObjectCreateInfo;
PVOID QuotaBlockCharged;
};
ULONG ReferenceCount;
ULONG DriveMap;
UCHAR DriveType[32];
-} DEVICE_MAP, *PDEVICE_MAP;
+} DEVICE_MAP, *PDEVICE_MAP;
/* EXPORTED DATA *************************************************************/
/* TYPES *********************************************************************/
-typedef struct _PROCESSOR_POWER_STATE
+typedef struct _PROCESSOR_POWER_STATE
{
PVOID IdleFunction;
ULONG Idle0KernelTimeLimit;
/* FUNCTION TYPES ************************************************************/
typedef VOID (STDCALL *PPEBLOCKROUTINE)(PVOID);
-typedef NTSTATUS
+typedef NTSTATUS
(STDCALL *PW32_PROCESS_CALLBACK)(
struct _EPROCESS *Process,
BOOLEAN Create
struct _ETHREAD;
-typedef struct _CURDIR
+typedef struct _CURDIR
{
UNICODE_STRING DosPath;
PVOID Handle;
LDT_ENTRY Descriptor;
} DESCRIPTOR_TABLE_ENTRY, *PDESCRIPTOR_TABLE_ENTRY;
-typedef struct _PEB_FREE_BLOCK
+typedef struct _PEB_FREE_BLOCK
{
struct _PEB_FREE_BLOCK* Next;
ULONG Size;
UNICODE_STRING CSDVersion; /* 1DCh */
} PEB;
-typedef struct _GDI_TEB_BATCH
+typedef struct _GDI_TEB_BATCH
{
ULONG Offset;
ULONG HDC;
typedef struct _INITIAL_TEB
{
- PVOID StackBase;
- PVOID StackLimit;
- PVOID StackCommit;
- PVOID StackCommitMax;
- PVOID StackReserved;
+ PVOID StackBase;
+ PVOID StackLimit;
+ PVOID StackCommit;
+ PVOID StackCommitMax;
+ PVOID StackReserved;
} INITIAL_TEB, *PINITIAL_TEB;
-typedef struct _TEB
+typedef struct _TEB
{
NT_TIB Tib; /* 00h */
PVOID EnvironmentPointer; /* 1Ch */
KTHREAD Tcb; /* 1C0 */
LARGE_INTEGER CreateTime; /* 1C0 */
LARGE_INTEGER ExitTime; /* 1C0 */
- union {
+ union
+ {
LIST_ENTRY LpcReplyChain; /* 1C0 */
LIST_ENTRY KeyedWaitChain; /* 1C0 */
};
- union {
+ union
+ {
NTSTATUS ExitStatus; /* 1C8 */
PVOID OfsChain; /* 1C8 */
};
LIST_ENTRY PostBlockList; /* 1CC */
- union {
+ union
+ {
struct _TERMINATION_PORT *TerminationPort; /* 1D4 */
struct _ETHREAD *ReaperLink; /* 1D4 */
PVOID KeyedWaitValue; /* 1D4 */
KSPIN_LOCK ActiveTimerListLock; /* 1D8 */
LIST_ENTRY ActiveTimerListHead; /* 1D8 */
CLIENT_ID Cid; /* 1E0 */
- union {
+ union
+ {
KSEMAPHORE LpcReplySemaphore; /* 1E4 */
KSEMAPHORE KeyedReplySemaphore; /* 1E4 */
};
- union {
+ union
+ {
PVOID LpcReplyMessage; /* 200 */
PVOID LpcWaitingOnPort; /* 200 */
};
PDEVICE_OBJECT DeviceToVerify; /* 214 */
struct _EPROCESS *ThreadsProcess; /* 218 */
PKSTART_ROUTINE StartAddress; /* 21C */
- union {
+ union
+ {
PTHREAD_START_ROUTINE Win32StartAddress; /* 220 */
ULONG LpcReceivedMessageId; /* 220 */
};
ULONG LpcReplyMessageId; /* 234 */
ULONG ReadClusterSize; /* 238 */
ACCESS_MASK GrantedAccess; /* 23C */
- union {
- struct {
+ union
+ {
+ struct
+ {
ULONG Terminated:1;
ULONG DeadThread:1;
ULONG HideFromDebugger:1;
};
ULONG CrossThreadFlags; /* 240 */
};
- union {
- struct {
+ union
+ {
+ struct
+ {
ULONG ActiveExWorker:1;
ULONG ExWorkerCanWaitUser:1;
ULONG MemoryMaker:1;
};
ULONG SameThreadPassiveFlags; /* 244 */
};
- union {
- struct {
+ union
+ {
+ struct
+ {
ULONG LpcReceivedMsgIdValid:1;
ULONG LpcExitThreadCalled:1;
ULONG AddressSpaceOwner:1;
PVOID VdmObjects; /* 144 */
PVOID DeviceMap; /* 148 */
PVOID Spare0[3]; /* 14C */
- union {
+ union
+ {
HARDWARE_PTE_X86 PagedirectoryPte; /* 158 */
ULONGLONG Filler; /* 158 */
};
LIST_ENTRY MmProcessLinks; /* 230 */
ULONG ModifiedPageCount; /* 238 */
ULONG JobStatus; /* 23C */
- union {
- struct {
+ union
+ {
+ struct
+ {
ULONG CreateReported:1;
ULONG NoDebugInherit:1;
ULONG ProcessExiting:1;
NTSTATUS ExitStatus; /* 244 */
USHORT NextPageColor; /* 248 */
- union {
- struct {
+ union
+ {
+ struct
+ {
UCHAR SubSystemMinorVersion; /* 24A */
UCHAR SubSystemMajorVersion; /* 24B */
};
STDCALL
RtlRaiseException(IN PEXCEPTION_RECORD ExceptionRecord);
-VOID
-STDCALL
+VOID
+STDCALL
RtlRaiseStatus(NTSTATUS Status);
VOID
);
/*
- * Heap Functions
+ * Heap Functions
*/
-
+
PVOID
STDCALL
RtlAllocateHeap(
HANDLE heap,
DWORD flags
);
-
-HANDLE
+
+HANDLE
STDCALL
RtlDestroyHeap(HANDLE hheap);
ULONG HeapCount,
HANDLE *HeapArray
);
-
-PVOID
+
+PVOID
STDCALL
RtlReAllocateHeap(
HANDLE Heap,
ULONG Size
);
-BOOLEAN
+BOOLEAN
STDCALL
RtlLockHeap(IN HANDLE Heap);
-BOOLEAN
+BOOLEAN
STDCALL
RtlUnlockHeap(IN HANDLE Heap);
-ULONG
+ULONG
STDCALL
RtlSizeHeap(
- IN PVOID HeapHandle,
- IN ULONG Flags,
+ IN PVOID HeapHandle,
+ IN ULONG Flags,
IN PVOID MemoryPointer
);
-
-BOOLEAN
+
+BOOLEAN
STDCALL
RtlValidateHeap(
HANDLE Heap,
PSID Sid
);
-NTSTATUS
-STDCALL
+NTSTATUS
+STDCALL
RtlAddAccessAllowedAceEx(
IN OUT PACL pAcl,
IN DWORD dwAceRevision,
IN PSID pSid
);
-NTSTATUS
+NTSTATUS
STDCALL
RtlAddAccessDeniedAce(
PACL Acl,
PSID Sid
);
-NTSTATUS
+NTSTATUS
STDCALL
RtlAddAccessDeniedAceEx(
IN OUT PACL Acl,
IN PSID Sid
);
-NTSTATUS
+NTSTATUS
STDCALL
RtlAddAuditAccessAceEx(
IN OUT PACL Acl,
IN BOOLEAN Failure
);
-NTSTATUS
+NTSTATUS
STDCALL
RtlAddAce(
PACL Acl,
ULONG AceListLength
);
-NTSTATUS
+NTSTATUS
STDCALL
RtlAddAuditAccessAce(
PACL Acl,
BOOLEAN Success,
BOOLEAN Failure
);
-
+
NTSTATUS
STDCALL
RtlAllocateAndInitializeSid(
OUT PSID *Sid
);
-BOOLEAN
+BOOLEAN
STDCALL
RtlAreAllAccessesGranted(
ACCESS_MASK GrantedAccess,
ACCESS_MASK DesiredAccess
);
-BOOLEAN
+BOOLEAN
STDCALL
RtlAreAnyAccessesGranted(
ACCESS_MASK GrantedAccess,
IN PLUID LuidSrc
);
-VOID
+VOID
STDCALL
RtlCopyLuidAndAttributesArray(
ULONG Count,
PLUID_AND_ATTRIBUTES Src,
PLUID_AND_ATTRIBUTES Dest
);
-
-NTSTATUS
+
+NTSTATUS
STDCALL
RtlCopySidAndAttributesArray(
ULONG Count,
ULONG Revision
);
-NTSTATUS
+NTSTATUS
STDCALL
RtlCreateSecurityDescriptorRelative(
PSECURITY_DESCRIPTOR_RELATIVE SecurityDescriptor,
ULONG Revision
);
-NTSTATUS
+NTSTATUS
STDCALL
RtlDeleteAce(
PACL Acl,
ULONG AceIndex
);
-BOOLEAN
+BOOLEAN
STDCALL
RtlEqualPrefixSid(
PSID Sid1,
PSID Sid2
);
-
+
BOOLEAN
STDCALL
RtlEqualSid (
IN PSID Sid2
);
-BOOLEAN
+BOOLEAN
STDCALL
RtlFirstFreeAce(
PACL Acl,
IN PSID Sid
);
-NTSTATUS
+NTSTATUS
STDCALL
RtlGetAce(
PACL Acl,
PACE *Ace
);
-NTSTATUS
+NTSTATUS
STDCALL
RtlGetControlSecurityDescriptor(
PSECURITY_DESCRIPTOR SecurityDescriptor,
PSECURITY_DESCRIPTOR_CONTROL Control,
PULONG Revision
);
-
+
NTSTATUS
STDCALL
RtlGetDaclSecurityDescriptor(
OUT PBOOLEAN OwnerDefaulted
);
-BOOLEAN
+BOOLEAN
STDCALL
RtlGetSecurityDescriptorRMControl(
PSECURITY_DESCRIPTOR SecurityDescriptor,
PUCHAR RMControl
);
-
-PSID_IDENTIFIER_AUTHORITY
+
+PSID_IDENTIFIER_AUTHORITY
STDCALL
RtlIdentifierAuthoritySid(PSID Sid);
STDCALL
RtlLengthSid(IN PSID Sid);
-VOID
+VOID
STDCALL
RtlMapGenericMask(
PACCESS_MASK AccessMask,
PGENERIC_MAPPING GenericMapping
);
-
-NTSTATUS
+
+NTSTATUS
STDCALL
RtlQueryInformationAcl(
PACL Acl,
IN PULONG PrimaryGroupSize
);
-NTSTATUS
+NTSTATUS
STDCALL
RtlSetControlSecurityDescriptor(
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN BOOLEAN GroupDefaulted
);
-NTSTATUS
+NTSTATUS
STDCALL
RtlSetInformationAcl(
PACL Acl,
IN BOOLEAN SaclDefaulted
);
-VOID
+VOID
STDCALL
RtlSetSecurityDescriptorRMControl(
PSECURITY_DESCRIPTOR SecurityDescriptor,
IN SECURITY_INFORMATION RequiredInformation
);
-BOOLEAN
+BOOLEAN
STDCALL
RtlValidSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor);
STDCALL
RtlValidSid(IN PSID Sid);
-BOOLEAN
+BOOLEAN
STDCALL
RtlValidAcl(PACL Acl);
/*
* Single-Character Functions
*/
-NTSTATUS
+NTSTATUS
STDCALL
RtlLargeIntegerToChar(
IN PLARGE_INTEGER Value,
IN ULONG Length,
IN OUT PCHAR String
);
-
-CHAR
+
+CHAR
STDCALL
RtlUpperChar(CHAR Source);
WCHAR
STDCALL
RtlUpcaseUnicodeChar(WCHAR Source);
-
-WCHAR
+
+WCHAR
STDCALL
RtlDowncaseUnicodeChar(IN WCHAR Source);
IN OUT PCHAR String
);
-NTSTATUS
+NTSTATUS
STDCALL
RtlIntegerToUnicode(
IN ULONG Value,
ULONG Base,
PULONG Value
);
-
-USHORT
+
+USHORT
FASTCALL
RtlUshortByteSwap(IN USHORT Source);
/*
- * Unicode->Ansi String Functions
- */
+ * Unicode->Ansi String Functions
+ */
ULONG
STDCALL
RtlUnicodeStringToAnsiSize(IN PUNICODE_STRING UnicodeString);
-
+
NTSTATUS
STDCALL
RtlUnicodeStringToAnsiString(
PUNICODE_STRING SourceString,
BOOLEAN AllocateDestinationString
);
-
+
NTSTATUS
STDCALL
RtlUpcaseUnicodeToOemN(
PWCHAR UnicodeString,
ULONG UnicodeSize
);
-
+
ULONG
STDCALL
RtlUnicodeStringToOemSize(IN PUNICODE_STRING UnicodeString);
PWCHAR UnicodeString,
ULONG UnicodeSize
);
-
+
/*
- * Unicode->MultiByte String Functions
+ * Unicode->MultiByte String Functions
*/
NTSTATUS
STDCALL
PWCHAR UnicodeString,
ULONG UnicodeSize
);
-
+
NTSTATUS
STDCALL
RtlUnicodeToMultiByteSize(
/*
* OEM to Unicode Functions
- */
+ */
ULONG
STDCALL
RtlOemStringToUnicodeSize(POEM_STRING AnsiString);
-
+
NTSTATUS
STDCALL
RtlOemStringToUnicodeString(
IN PCHAR OemString,
ULONG BytesInOemString
);
-
+
/*
* Ansi->Multibyte String Functions
*/
-
+
/*
* Ansi->Unicode String Functions
*/
PANSI_STRING SourceString,
BOOLEAN AllocateDestinationString
);
-
+
ULONG
STDCALL
RtlAnsiStringToUnicodeSize(
PANSI_STRING AnsiString
);
-
-BOOLEAN
+
+BOOLEAN
STDCALL
RtlCreateUnicodeStringFromAsciiz(
OUT PUNICODE_STRING Destination,
BOOLEAN CaseInsensitive
);
-VOID
+VOID
STDCALL
RtlCopyUnicodeString(
PUNICODE_STRING DestinationString,
PUNICODE_STRING DestinationString,
PCWSTR SourceString
);
-
+
BOOLEAN
STDCALL
RtlEqualUnicodeString(
PANSI_STRING DestinationString,
PCSZ SourceString
);
-
+
/*
* OEM String Functions
*/
-VOID
+VOID
STDCALL
RtlFreeOemString(IN POEM_STRING OemString);
-/*
+/*
* MultiByte->Unicode String Functions
*/
NTSTATUS
IN RTL_ATOM Atom
);
-NTSTATUS
+NTSTATUS
STDCALL
RtlDestroyAtomTable(IN PRTL_ATOM_TABLE AtomTable);
IN OUT PWSTR AtomName OPTIONAL,
IN OUT PULONG NameLength OPTIONAL
);
-
+
NTSTATUS
STDCALL
RtlLookupAtomInAtomTable(
/*
* Memory Functions
*/
-SIZE_T
+SIZE_T
STDCALL
RtlCompareMemory(
IN const VOID *Source1,
IN const VOID *Source2,
IN SIZE_T Length
);
-
+
VOID
STDCALL
RtlFillMemoryUlong(
IN ULONG Length,
IN ULONG Fill
);
-
+
/*
* Process Management Functions
*/
IN PUNICODE_STRING ShellInfo OPTIONAL,
IN PUNICODE_STRING RuntimeInfo OPTIONAL
);
-
+
NTSTATUS
STDCALL
RtlCreateUserProcess(
RtlDestroyEnvironment(
PWSTR Environment
);
-
+
NTSTATUS
STDCALL
RtlExpandEnvironmentStrings_U(
ULONG
STDCALL
RtlDetermineDosPathNameType_U(PCWSTR Path);
-
+
ULONG
STDCALL
RtlDosSearchPath_U(
WCHAR *buffer,
WCHAR **shortname
);
-
+
ULONG
STDCALL
RtlGetCurrentDirectory_U(
NTSTATUS
STDCALL
RtlSetCurrentDirectory_U(PUNICODE_STRING name);
-
+
NTSTATUS
STDCALL
RtlSetEnvironmentVariable(
RtlDeleteCriticalSection (
PRTL_CRITICAL_SECTION CriticalSection
);
-
+
NTSTATUS
STDCALL
RtlEnterCriticalSection(
PRTL_CRITICAL_SECTION CriticalSection
);
-NTSTATUS
+NTSTATUS
STDCALL
RtlInitializeCriticalSection(
PRTL_CRITICAL_SECTION CriticalSection
);
-NTSTATUS
+NTSTATUS
STDCALL
RtlInitializeCriticalSectionAndSpinCount(
PRTL_CRITICAL_SECTION CriticalSection,
STDCALL
RtlLeaveCriticalSection(
PRTL_CRITICAL_SECTION CriticalSection
-);
+);
/*
* Compression Functions
/*
* Debug Info Functions
*/
-PDEBUG_BUFFER
+PDEBUG_BUFFER
STDCALL
RtlCreateQueryDebugBuffer(
IN ULONG Size,
STDCALL
RtlDestroyQueryDebugBuffer(IN PDEBUG_BUFFER DebugBuffer);
-NTSTATUS
+NTSTATUS
STDCALL
RtlQueryProcessDebugInformation(
IN ULONG ProcessId,
IN ULONG DebugInfoClassMask,
IN OUT PDEBUG_BUFFER DebugBuffer
);
-
+
/*
* Bitmap Functions
*/
STDCALL
RtlCreateTimer(
HANDLE TimerQueue,
- PHANDLE phNewTimer,
+ PHANDLE phNewTimer,
WAITORTIMERCALLBACKFUNC Callback,
PVOID Parameter,
DWORD DueTime,
RtlDeleteTimerQueue(HANDLE TimerQueue);
/*
- * Debug Functions
+ * Debug Functions
*/
ULONG
CDECL
IN OUT PRTL_HANDLE_TABLE_ENTRY *Handle,
IN ULONG Index
);
-
+
/*
* PE Functions
*/
OUT PRTL_MESSAGE_RESOURCE_ENTRY *MessageResourceEntry
);
-ULONG
+ULONG
STDCALL
RtlGetNtGlobalFlags(VOID);
-
+
PVOID
STDCALL
RtlImageDirectoryEntryToData(
ULONG RelativeTo,
PWSTR Path
);
-
-NTSTATUS
+
+NTSTATUS
STDCALL
RtlFormatCurrentUserKeyPath(IN OUT PUNICODE_STRING KeyPath);
-
-NTSTATUS
+
+NTSTATUS
STDCALL
RtlpNtOpenKey(
OUT HANDLE KeyHandle,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN ULONG Unused
);
-
+
NTSTATUS
STDCALL
RtlOpenCurrentUser(
PVOID ValueData,
ULONG ValueLength
);
-
+
/*
* NLS Functions
- */
+ */
VOID
STDCALL
RtlInitNlsTables(
IN PUSHORT TableBase,
OUT PCPTABLEINFO CodePageTable
);
-
+
VOID
STDCALL
RtlResetRtlTranslations(IN PNLSTABLEINFO NlsTable);
/*
* Misc String Functions
- */
+ */
BOOLEAN
STDCALL
RtlDosPathNameToNtPathName_U(
PWSTR *ShortName,
PCURDIR CurrentDirectory
);
-
+
BOOLEAN
STDCALL
RtlIsNameLegalDOS8Dot3(
/*
* Misc conversion functions
*/
-LARGE_INTEGER
+LARGE_INTEGER
STDCALL
RtlConvertLongToLargeInteger(IN LONG SignedInteger);
ULONG Multiplicand,
ULONG Multiplier
);
-
-ULONG
+
+ULONG
STDCALL
RtlUniform(PULONG Seed);
NTSTATUS
STDCALL
RtlQueryTimeZoneInformation(LPTIME_ZONE_INFORMATION TimeZoneInformation);
-
+
VOID
STDCALL
RtlSecondsSince1970ToTime(
OUT PLARGE_INTEGER Time
);
-NTSTATUS
+NTSTATUS
STDCALL
RtlSetTimeZoneInformation(LPTIME_ZONE_INFORMATION TimeZoneInformation);
-
-BOOLEAN
+
+BOOLEAN
STDCALL
RtlTimeFieldsToTime(
PTIME_FIELDS TimeFields,
IN ULONG TypeMask,
IN ULONGLONG ConditionMask
);
-
+
NTSTATUS
STDCALL
RtlGetVersion(IN OUT PRTL_OSVERSIONINFOW lpVersionInformation);
/* ENUMERATIONS **************************************************************/
-typedef enum
+typedef enum
{
ExceptionContinueExecution,
ExceptionContinueSearch,
IN PVOID UserParam
);
-typedef EXCEPTION_DISPOSITION
+typedef EXCEPTION_DISPOSITION
(*PEXCEPTION_HANDLER)(
- struct _EXCEPTION_RECORD*,
- PVOID,
- struct _CONTEXT*,
+ struct _EXCEPTION_RECORD*,
+ PVOID,
+ struct _CONTEXT*,
PVOID
);
PTHREAD_START_ROUTINE StartAddress,
PVOID Parameter
);
-
+
/* TYPES *********************************************************************/
typedef unsigned short RTL_ATOM;
PVOID LockInformation;
PVOID Reserved[8];
} DEBUG_BUFFER, *PDEBUG_BUFFER;
+
typedef struct _DEBUG_MODULE_INFORMATION
{
ULONG Reserved[2];
USHORT ModuleNameOffset;
CHAR ImageName[256];
} DEBUG_MODULE_INFORMATION, *PDEBUG_MODULE_INFORMATION;
+
typedef struct _DEBUG_HEAP_INFORMATION
{
PVOID Base;
PVOID Tags;
PVOID Blocks;
} DEBUG_HEAP_INFORMATION, *PDEBUG_HEAP_INFORMATION;
-typedef struct _DEBUG_LOCK_INFORMATION
+
+typedef struct _DEBUG_LOCK_INFORMATION
{
PVOID Address;
USHORT Type;
ULONG Flags;
struct _RTL_HANDLE_TABLE_ENTRY *NextFree;
} RTL_HANDLE_TABLE_ENTRY, *PRTL_HANDLE_TABLE_ENTRY;
+
typedef struct _RTL_HANDLE_TABLE
{
ULONG MaximumNumberOfHandles;
ULONG LockCount;
DEBUG_LOCK_INFORMATION LockEntry[1];
} LOCK_INFORMATION, *PLOCK_INFORMATION;
+
typedef struct _HEAP_INFORMATION
{
ULONG HeapCount;
DEBUG_HEAP_INFORMATION HeapEntry[1];
} HEAP_INFORMATION, *PHEAP_INFORMATION;
+
typedef struct _MODULE_INFORMATION
{
ULONG ModuleCount;
} MODULE_INFORMATION, *PMODULE_INFORMATION;
/* END REVIEW AREA */
-typedef struct _EXCEPTION_REGISTRATION
+typedef struct _EXCEPTION_REGISTRATION
{
struct _EXCEPTION_REGISTRATION* prev;
PEXCEPTION_HANDLER handler;
typedef EXCEPTION_REGISTRATION EXCEPTION_REGISTRATION_RECORD;
typedef PEXCEPTION_REGISTRATION PEXCEPTION_REGISTRATION_RECORD;
-typedef struct RTL_DRIVE_LETTER_CURDIR
+typedef struct RTL_DRIVE_LETTER_CURDIR
{
USHORT Flags;
USHORT Length;
ULONG TimeStamp;
UNICODE_STRING DosPath;
} RTL_DRIVE_LETTER_CURDIR, *PRTL_DRIVE_LETTER_CURDIR;
-
-typedef struct _RTL_HEAP_DEFINITION
+
+typedef struct _RTL_HEAP_DEFINITION
{
ULONG Length;
ULONG Unknown[11];
ULONG ExclusiveWaiters;
LONG NumberActive;
HANDLE OwningThread;
- ULONG TimeoutBoost; /* ?? */
+ ULONG TimeoutBoost; /* ?? */
PVOID DebugInfo; /* ?? */
} RTL_RESOURCE, *PRTL_RESOURCE;
ULONG Stamp;
} RTL_RANGE_LIST_ITERATOR, *PRTL_RANGE_LIST_ITERATOR;
-typedef struct _RTL_MESSAGE_RESOURCE_ENTRY
+typedef struct _RTL_MESSAGE_RESOURCE_ENTRY
{
USHORT Length;
USHORT Flags;
CHAR Text[1];
} RTL_MESSAGE_RESOURCE_ENTRY, *PRTL_MESSAGE_RESOURCE_ENTRY;
-typedef struct _RTL_MESSAGE_RESOURCE_BLOCK
+typedef struct _RTL_MESSAGE_RESOURCE_BLOCK
{
ULONG LowId;
ULONG HighId;
ULONG OffsetToEntries;
} RTL_MESSAGE_RESOURCE_BLOCK, *PRTL_MESSAGE_RESOURCE_BLOCK;
-typedef struct _RTL_MESSAGE_RESOURCE_DATA
+typedef struct _RTL_MESSAGE_RESOURCE_DATA
{
ULONG NumberOfBlocks;
RTL_MESSAGE_RESOURCE_BLOCK Blocks[1];
} RTL_MESSAGE_RESOURCE_DATA, *PRTL_MESSAGE_RESOURCE_DATA;
-typedef struct _NLS_FILE_HEADER
+typedef struct _NLS_FILE_HEADER
{
USHORT HeaderSize;
USHORT CodePage;
UCHAR LeadByte[MAXIMUM_LEADBYTES];
} NLS_FILE_HEADER, *PNLS_FILE_HEADER;
-typedef struct _RTL_USER_PROCESS_PARAMETERS
+typedef struct _RTL_USER_PROCESS_PARAMETERS
{
ULONG AllocationSize;
ULONG Size;
UNICODE_STRING ShellInfo;
UNICODE_STRING RuntimeInfo;
} RTL_USER_PROCESS_PARAMETERS, *PRTL_USER_PROCESS_PARAMETERS;
-
+
typedef struct _RTL_PROCESS_INFO
{
ULONG Size;
/* Let Kernel Drivers use this */
#ifndef _WINBASE_H
- typedef struct _SYSTEMTIME
+ typedef struct _SYSTEMTIME
{
WORD wYear;
WORD wMonth;
WORD wMilliseconds;
} SYSTEMTIME, *PSYSTEMTIME, *LPSYSTEMTIME;
- typedef struct _TIME_ZONE_INFORMATION
+ typedef struct _TIME_ZONE_INFORMATION
{
LONG Bias;
WCHAR StandardName[32];
SYSTEMTIME DaylightDate;
LONG DaylightBias;
} TIME_ZONE_INFORMATION, *PTIME_ZONE_INFORMATION, *LPTIME_ZONE_INFORMATION;
-
- typedef enum _ACL_INFORMATION_CLASS
+
+ typedef enum _ACL_INFORMATION_CLASS
{
AclRevisionInformation = 1,
AclSizeInformation
} ACL_INFORMATION_CLASS;
-
+
#define TIME_ZONE_ID_UNKNOWN 0
#define TIME_ZONE_ID_STANDARD 1
#define TIME_ZONE_ID_DAYLIGHT 2
IN KPROCESSOR_MODE CurrentMode,
IN BOOLEAN CaptureIfKernelMode
);
-
+
SECURITY_IMPERSONATION_LEVEL
STDCALL
SeTokenImpersonationLevel(
/* TYPES *********************************************************************/
-typedef struct _SEP_AUDIT_POLICY_CATEGORIES
+typedef struct _SEP_AUDIT_POLICY_CATEGORIES
{
UCHAR System:4;
UCHAR Logon:4;
UCHAR AccountLogon:4;
} SEP_AUDIT_POLICY_CATEGORIES, *PSEP_AUDIT_POLICY_CATEGORIES;
-typedef struct _SEP_AUDIT_POLICY_OVERLAY
+typedef struct _SEP_AUDIT_POLICY_OVERLAY
{
ULONGLONG PolicyBits:36;
UCHAR SetBit:1;
} SEP_AUDIT_POLICY_OVERLAY, *PSEP_AUDIT_POLICY_OVERLAY;
-typedef struct _SEP_AUDIT_POLICY
+typedef struct _SEP_AUDIT_POLICY
{
- union
+ union
{
SEP_AUDIT_POLICY_CATEGORIES PolicyElements;
SEP_AUDIT_POLICY_OVERLAY PolicyOverlay;
ULONGLONG Overlay;
};
} SEP_AUDIT_POLICY, *PSEP_AUDIT_POLICY;
-
+
#define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x01
-typedef struct _TOKEN {
- TOKEN_SOURCE TokenSource; /* 0x00 */
- LUID TokenId; /* 0x10 */
- LUID AuthenticationId; /* 0x18 */
- LUID ParentTokenId; /* 0x20 */
- LARGE_INTEGER ExpirationTime; /* 0x28 */
- struct _ERESOURCE *TokenLock; /* 0x30 */
- SEP_AUDIT_POLICY AuditPolicy; /* 0x38 */
- LUID ModifiedId; /* 0x40 */
- ULONG SessionId; /* 0x48 */
- ULONG UserAndGroupCount; /* 0x4C */
- ULONG RestrictedSidCount; /* 0x50 */
- ULONG PrivilegeCount; /* 0x54 */
- ULONG VariableLength; /* 0x58 */
- ULONG DynamicCharged; /* 0x5C */
- ULONG DynamicAvailable; /* 0x60 */
- ULONG DefaultOwnerIndex; /* 0x64 */
- PSID_AND_ATTRIBUTES UserAndGroups; /* 0x68 */
- PSID_AND_ATTRIBUTES RestrictedSids; /* 0x6C */
- PSID PrimaryGroup; /* 0x70 */
- PLUID_AND_ATTRIBUTES Privileges; /* 0x74 */
- PULONG DynamicPart; /* 0x78 */
- PACL DefaultDacl; /* 0x7C */
- TOKEN_TYPE TokenType; /* 0x80 */
- SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; /* 0x84 */
- ULONG TokenFlags; /* 0x88 */
- BOOLEAN TokenInUse; /* 0x8C */
- PVOID ProxyData; /* 0x90 */
- PVOID AuditData; /* 0x94 */
- LUID OriginatingLogonSession; /* 0x98 */
- ULONG VariablePart; /* 0xA0 */
+typedef struct _TOKEN
+{
+ TOKEN_SOURCE TokenSource; /* 0x00 */
+ LUID TokenId; /* 0x10 */
+ LUID AuthenticationId; /* 0x18 */
+ LUID ParentTokenId; /* 0x20 */
+ LARGE_INTEGER ExpirationTime; /* 0x28 */
+ struct _ERESOURCE *TokenLock; /* 0x30 */
+ SEP_AUDIT_POLICY AuditPolicy; /* 0x38 */
+ LUID ModifiedId; /* 0x40 */
+ ULONG SessionId; /* 0x48 */
+ ULONG UserAndGroupCount; /* 0x4C */
+ ULONG RestrictedSidCount; /* 0x50 */
+ ULONG PrivilegeCount; /* 0x54 */
+ ULONG VariableLength; /* 0x58 */
+ ULONG DynamicCharged; /* 0x5C */
+ ULONG DynamicAvailable; /* 0x60 */
+ ULONG DefaultOwnerIndex; /* 0x64 */
+ PSID_AND_ATTRIBUTES UserAndGroups; /* 0x68 */
+ PSID_AND_ATTRIBUTES RestrictedSids; /* 0x6C */
+ PSID PrimaryGroup; /* 0x70 */
+ PLUID_AND_ATTRIBUTES Privileges; /* 0x74 */
+ PULONG DynamicPart; /* 0x78 */
+ PACL DefaultDacl; /* 0x7C */
+ TOKEN_TYPE TokenType; /* 0x80 */
+ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; /* 0x84 */
+ ULONG TokenFlags; /* 0x88 */
+ BOOLEAN TokenInUse; /* 0x8C */
+ PVOID ProxyData; /* 0x90 */
+ PVOID AuditData; /* 0x94 */
+ LUID OriginatingLogonSession; /* 0x98 */
+ ULONG VariablePart; /* 0xA0 */
} TOKEN, *PTOKEN;
typedef struct _AUX_DATA
PULONG Unknown2
);
-NTSTATUS
+NTSTATUS
STDCALL
CsrClientCallServer(
struct _CSR_API_MESSAGE *Request,
ULONG RequestLength
);
-NTSTATUS
-STDCALL
+NTSTATUS
+STDCALL
CsrIdentifyAlertableThread(VOID);
-NTSTATUS
-STDCALL
+NTSTATUS
+STDCALL
CsrNewThread(VOID);
-NTSTATUS
-STDCALL
+NTSTATUS
+STDCALL
CsrSetPriorityClass(
HANDLE Process,
PULONG PriorityClass
);
-VOID
-STDCALL
+VOID
+STDCALL
CsrProbeForRead(
IN CONST PVOID Address,
IN ULONG Length,
IN ULONG Alignment
);
-VOID
-STDCALL
+VOID
+STDCALL
CsrProbeForWrite(
IN CONST PVOID Address,
IN ULONG Length,
IN ULONG Alignment
);
-NTSTATUS
+NTSTATUS
STDCALL
CsrCaptureParameterBuffer(
PVOID ParameterBuffer,
PVOID* ServerAddress
);
-NTSTATUS
+NTSTATUS
STDCALL
CsrReleaseParameterBuffer(PVOID ClientAddress);
/*
- * Debug Functions
+ * Debug Functions
*/
ULONG
CDECL
ULONG Unknown2
);
-NTSTATUS
-STDCALL
+NTSTATUS
+STDCALL
DbgUiRemoteBreakin(VOID);
-NTSTATUS
-STDCALL
+NTSTATUS
+STDCALL
DbgUiIssueRemoteBreakin(HANDLE Process);
/*
* Loader Functions
*/
-NTSTATUS
+NTSTATUS
STDCALL
LdrDisableThreadCalloutsForDll(IN PVOID BaseAddress);
-NTSTATUS
+NTSTATUS
STDCALL
LdrGetDllHandle(
IN PWCHAR Path OPTIONAL,
OUT PVOID *BaseAddress
);
-NTSTATUS
+NTSTATUS
STDCALL
LdrFindEntryForAddress(
IN PVOID Address,
OUT PLDR_DATA_TABLE_ENTRY *Module
);
-NTSTATUS
+NTSTATUS
STDCALL
LdrGetProcedureAddress(
IN PVOID BaseAddress,
OUT PVOID *ProcedureAddress
);
-VOID
+VOID
STDCALL
LdrInitializeThunk(
ULONG Unknown1,
ULONG Unknown4
);
-NTSTATUS
+NTSTATUS
STDCALL
LdrLoadDll(
IN PWSTR SearchPath OPTIONAL,
OUT PVOID *BaseAddress OPTIONAL
);
-PIMAGE_BASE_RELOCATION
+PIMAGE_BASE_RELOCATION
STDCALL
LdrProcessRelocationBlock(
IN PVOID Address,
IN ULONG_PTR Delta
);
-NTSTATUS
+NTSTATUS
STDCALL
LdrQueryImageFileExecutionOptions(
IN PUNICODE_STRING SubKey,
OUT PULONG RetunedLength OPTIONAL
);
-NTSTATUS
+NTSTATUS
STDCALL
LdrQueryProcessModuleInformation(
IN PMODULE_INFORMATION ModuleInformation OPTIONAL,
OUT PULONG ReturnedSize
);
-NTSTATUS
+NTSTATUS
STDCALL
LdrShutdownProcess(VOID);
-NTSTATUS
+NTSTATUS
STDCALL
LdrShutdownThread(VOID);
-
-NTSTATUS
+
+NTSTATUS
STDCALL
LdrUnloadDll(IN PVOID BaseAddress);
-
-NTSTATUS
+
+NTSTATUS
STDCALL
LdrVerifyImageMatchesChecksum(
IN HANDLE FileHandle,
/* I/O Control Codes for communicating with Pipes */
#define FSCTL_PIPE_ASSIGN_EVENT \
CTL_CODE(FILE_DEVICE_NAMED_PIPE, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
-
+
#define FSCTL_PIPE_DISCONNECT \
CTL_CODE(FILE_DEVICE_NAMED_PIPE, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
-
+
#define FSCTL_PIPE_LISTEN \
CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
-
+
#define FSCTL_PIPE_PEEK \
CTL_CODE(FILE_DEVICE_NAMED_PIPE, 3, METHOD_BUFFERED, FILE_READ_DATA)
-
+
#define FSCTL_PIPE_QUERY_EVENT \
CTL_CODE(FILE_DEVICE_NAMED_PIPE, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
-
+
#define FSCTL_PIPE_TRANSCEIVE \
CTL_CODE(FILE_DEVICE_NAMED_PIPE, 5, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
-
+
#define FSCTL_PIPE_WAIT \
CTL_CODE(FILE_DEVICE_NAMED_PIPE, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
-
+
#define FSCTL_PIPE_IMPERSONATE \
CTL_CODE(FILE_DEVICE_NAMED_PIPE, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
-
+
#define FSCTL_PIPE_SET_CLIENT_PROCESS \
CTL_CODE(FILE_DEVICE_NAMED_PIPE, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
-
+
#define FSCTL_PIPE_QUERY_CLIENT_PROCESS \
CTL_CODE(FILE_DEVICE_NAMED_PIPE, 9, METHOD_BUFFERED, FILE_ANY_ACCESS)
-
+
#define FSCTL_PIPE_INTERNAL_READ \
CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2045, METHOD_BUFFERED, FILE_READ_DATA)
-
+
#define FSCTL_PIPE_INTERNAL_WRITE \
CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2046, METHOD_BUFFERED, FILE_WRITE_DATA)
-
+
#define FSCTL_PIPE_INTERNAL_TRANSCEIVE \
CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2047, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
-
+
#define FSCTL_PIPE_INTERNAL_READ_OVFLOW \
CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2048, METHOD_BUFFERED, FILE_READ_DATA)
/* Macros for current Process/Thread built-in 'special' ID */
-#define NtCurrentProcess() ( (HANDLE)(LONG_PTR) -1 )
-#define ZwCurrentProcess() NtCurrentProcess()
-#define NtCurrentThread() ( (HANDLE)(LONG_PTR) -2 )
-#define ZwCurrentThread() NtCurrentThread()
+#define NtCurrentProcess() ( (HANDLE)(LONG_PTR) -1 )
+#define ZwCurrentProcess() NtCurrentProcess()
+#define NtCurrentThread() ( (HANDLE)(LONG_PTR) -2 )
+#define ZwCurrentThread() NtCurrentThread()
/* Kernel Shared Data Constants */
#define PROCESSOR_FEATURE_MAX 64
#define HASH_STRING_ALGORITHM_INVALID 0xffffffff
/* List Macros */
-static __inline
+static __inline
VOID
InitializeListHead(
IN PLIST_ENTRY ListHead)
ListHead->Flink = ListHead->Blink = ListHead;
}
-static __inline
+static __inline
VOID
InsertHeadList(
IN PLIST_ENTRY ListHead,
ListHead->Flink = Entry;
}
-static __inline
+static __inline
VOID
InsertTailList(
IN PLIST_ENTRY ListHead,
(_Entry)->Next = (_ListHead)->Next; \
(_ListHead)->Next = (_Entry); \
-static __inline
+static __inline
BOOLEAN
RemoveEntryList(
IN PLIST_ENTRY Entry)
return (OldFlink == OldBlink);
}
-static __inline
-PLIST_ENTRY
+static __inline
+PLIST_ENTRY
RemoveHeadList(
IN PLIST_ENTRY ListHead)
{
return Entry;
}
-static __inline
+static __inline
PLIST_ENTRY
RemoveTailList(
IN PLIST_ENTRY ListHead)
#define IsFirstEntry(ListHead, Entry) \
((ListHead)->Flink == Entry)
-
+
#define IsLastEntry(ListHead, Entry) \
((ListHead)->Blink == Entry)
/* ENUMERATIONS **************************************************************/
/* Kernel Shared Data Values */
-typedef enum _NT_PRODUCT_TYPE
+typedef enum _NT_PRODUCT_TYPE
{
NtProductWinNt = 1,
NtProductLanManNt,
NtProductServer
} NT_PRODUCT_TYPE, *PNT_PRODUCT_TYPE;
-typedef enum _ALTERNATIVE_ARCHITECTURE_TYPE
+typedef enum _ALTERNATIVE_ARCHITECTURE_TYPE
{
StandardDesign,
NEC98x86,
TableInsertAsRight
} TABLE_SEARCH_RESULT;
-typedef enum _RTL_GENERIC_COMPARE_RESULTS
+typedef enum _RTL_GENERIC_COMPARE_RESULTS
{
GenericLessThan,
GenericGreaterThan,
} RTL_GENERIC_COMPARE_RESULTS;
/* Kernel or Native Enumerations used by Native API */
-typedef enum _SECTION_INHERIT
+typedef enum _SECTION_INHERIT
{
ViewShare = 1,
ViewUnmap = 2
} SECTION_INHERIT;
-typedef enum _POOL_TYPE
+typedef enum _POOL_TYPE
{
NonPagedPool,
PagedPool,
NonPagedPoolCacheAlignedMustSSession
} POOL_TYPE;
-typedef enum _EVENT_TYPE
+typedef enum _EVENT_TYPE
{
NotificationEvent,
SynchronizationEvent
} EVENT_TYPE;
-typedef enum _TIMER_TYPE
+typedef enum _TIMER_TYPE
{
NotificationTimer,
SynchronizationTimer
} TIMER_TYPE;
-typedef enum _WAIT_TYPE
+typedef enum _WAIT_TYPE
{
WaitAll,
WaitAny
} WAIT_TYPE;
-typedef enum _INTERFACE_TYPE
+typedef enum _INTERFACE_TYPE
{
InterfaceTypeUndefined = -1,
Internal,
MaximumInterfaceType
}INTERFACE_TYPE, *PINTERFACE_TYPE;
-typedef enum _MODE
+typedef enum _MODE
{
KernelMode,
UserMode,
MaximumWaitReason
} KWAIT_REASON;
-typedef enum _KPROFILE_SOURCE
+typedef enum _KPROFILE_SOURCE
{
ProfileTime,
ProfileAlignmentFixup,
/*
* File
*/
-typedef enum _FILE_INFORMATION_CLASS
+typedef enum _FILE_INFORMATION_CLASS
{
FileDirectoryInformation = 1,
FileFullDirectoryInformation,
/*
* Registry Key
*/
-typedef enum _KEY_INFORMATION_CLASS
+typedef enum _KEY_INFORMATION_CLASS
{
KeyBasicInformation,
KeyNodeInformation,
/*
* Registry Key Value
*/
-typedef enum _KEY_VALUE_INFORMATION_CLASS
+typedef enum _KEY_VALUE_INFORMATION_CLASS
{
KeyValueBasicInformation,
KeyValueFullInformation,
/*
* Registry Key Set
*/
-typedef enum _KEY_SET_INFORMATION_CLASS
+typedef enum _KEY_SET_INFORMATION_CLASS
{
KeyWriteTimeInformation,
KeyUserFlagsInformation,
/*
* Process
*/
-typedef enum _PROCESSINFOCLASS
+typedef enum _PROCESSINFOCLASS
{
ProcessBasicInformation,
ProcessQuotaLimits,
/*
* Thread
*/
-typedef enum _THREADINFOCLASS
+typedef enum _THREADINFOCLASS
{
ThreadBasicInformation,
ThreadTimes,
/* Basic NT Types */
#if !defined(_NTSECAPI_H) && !defined(_SUBAUTH_H)
-typedef struct _UNICODE_STRING
+typedef struct _UNICODE_STRING
{
USHORT Length;
USHORT MaximumLength;
} UNICODE_STRING, *PUNICODE_STRING;
typedef const UNICODE_STRING* PCUNICODE_STRING;
-typedef struct _STRING
+typedef struct _STRING
{
USHORT Length;
USHORT MaximumLength;
PCHAR Buffer;
} STRING, *PSTRING;
-typedef struct _OBJECT_ATTRIBUTES
+typedef struct _OBJECT_ATTRIBUTES
{
ULONG Length;
HANDLE RootDirectory;
PUNICODE_STRING ObjectName;
- ULONG Attributes;
- PVOID SecurityDescriptor;
+ ULONG Attributes;
+ PVOID SecurityDescriptor;
PVOID SecurityQualityOfService;
} OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES;
#endif
typedef STRING OEM_STRING;
typedef PSTRING POEM_STRING;
-typedef struct _IO_STATUS_BLOCK
+typedef struct _IO_STATUS_BLOCK
{
- union
+ union
{
NTSTATUS Status;
PVOID Pointer;
IN PVOID ApcContext,
IN PIO_STATUS_BLOCK IoStatusBlock,
IN ULONG Reserved);
-
+
typedef VOID NTAPI
(*PKNORMAL_ROUTINE)(
IN PVOID NormalContext,
IN PVOID SystemArgument1,
IN PVOID SystemArgument2);
-
+
typedef VOID NTAPI
(*PTIMER_APC_ROUTINE)(
IN PVOID TimerContext,
/* Kernel Types which are returned or used by Native API */
typedef struct _OBJECT_NAME_INFORMATION
{
- UNICODE_STRING Name;
+ UNICODE_STRING Name;
} OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION;
typedef struct _IO_ERROR_LOG_PACKET
IO_ERROR_LOG_PACKET EntryData;
} IO_ERROR_LOG_MESSAGE, *PIO_ERROR_LOG_MESSAGE;
-typedef struct _CLIENT_ID
+typedef struct _CLIENT_ID
{
HANDLE UniqueProcess;
HANDLE UniqueThread;
-} CLIENT_ID, *PCLIENT_ID;
+} CLIENT_ID, *PCLIENT_ID;
-typedef struct _KSYSTEM_TIME
+typedef struct _KSYSTEM_TIME
{
ULONG LowPart;
LONG High1Time;
CSHORT Weekday;
} TIME_FIELDS, *PTIME_FIELDS;
-typedef struct _VM_COUNTERS
+typedef struct _VM_COUNTERS
{
SIZE_T PeakVirtualSize;
SIZE_T VirtualSize;
SIZE_T PeakPagefileUsage;
} VM_COUNTERS, *PVM_COUNTERS;
-typedef struct _VM_COUNTERS_EX
+typedef struct _VM_COUNTERS_EX
{
SIZE_T PeakVirtualSize;
SIZE_T VirtualSize;
/*
* Registry Key Set
*/
-
+
/* Class 0 */
typedef struct _KEY_WRITE_TIME_INFORMATION
{
} KEY_WRITE_TIME_INFORMATION, *PKEY_WRITE_TIME_INFORMATION;
/* Class 1 */
-typedef struct _KEY_USER_FLAGS_INFORMATION
+typedef struct _KEY_USER_FLAGS_INFORMATION
{
ULONG UserFlags;
} KEY_USER_FLAGS_INFORMATION, *PKEY_USER_FLAGS_INFORMATION;
WCHAR Class[1];
} KEY_FULL_INFORMATION, *PKEY_FULL_INFORMATION;
-typedef struct _KEY_NODE_INFORMATION
+typedef struct _KEY_NODE_INFORMATION
{
LARGE_INTEGER LastWriteTime;
ULONG TitleIndex;
WCHAR Name[1];
} KEY_NODE_INFORMATION, *PKEY_NODE_INFORMATION;
-/*
+/*
* File
*/
-
+
/* Class 1 */
-typedef struct _FILE_BASIC_INFORMATION
+typedef struct _FILE_BASIC_INFORMATION
{
LARGE_INTEGER CreationTime;
LARGE_INTEGER LastAccessTime;
BOOLEAN Directory;
} FILE_STANDARD_INFORMATION, *PFILE_STANDARD_INFORMATION;
-typedef struct _FILE_NETWORK_OPEN_INFORMATION
+typedef struct _FILE_NETWORK_OPEN_INFORMATION
{
- LARGE_INTEGER CreationTime;
- LARGE_INTEGER LastAccessTime;
- LARGE_INTEGER LastWriteTime;
- LARGE_INTEGER ChangeTime;
- LARGE_INTEGER AllocationSize;
- LARGE_INTEGER EndOfFile;
- ULONG FileAttributes;
-} FILE_NETWORK_OPEN_INFORMATION, *PFILE_NETWORK_OPEN_INFORMATION;
+ LARGE_INTEGER CreationTime;
+ LARGE_INTEGER LastAccessTime;
+ LARGE_INTEGER LastWriteTime;
+ LARGE_INTEGER ChangeTime;
+ LARGE_INTEGER AllocationSize;
+ LARGE_INTEGER EndOfFile;
+ ULONG FileAttributes;
+} FILE_NETWORK_OPEN_INFORMATION, *PFILE_NETWORK_OPEN_INFORMATION;
-typedef struct _FILE_ZERO_DATA_INFORMATION
+typedef struct _FILE_ZERO_DATA_INFORMATION
{
LARGE_INTEGER FileOffset;
LARGE_INTEGER BeyondFinalZero;
} FILE_ZERO_DATA_INFORMATION, *PFILE_ZERO_DATA_INFORMATION;
-typedef struct _FILE_EA_INFORMATION
+typedef struct _FILE_EA_INFORMATION
{
ULONG EaSize;
} FILE_EA_INFORMATION, *PFILE_EA_INFORMATION;
-typedef struct _FILE_COMPRESSION_INFORMATION
+typedef struct _FILE_COMPRESSION_INFORMATION
{
LARGE_INTEGER CompressedFileSize;
USHORT CompressionFormat;
LARGE_INTEGER CurrentByteOffset;
} FILE_POSITION_INFORMATION, *PFILE_POSITION_INFORMATION;
-typedef struct _FILE_DISPOSITION_INFORMATION
+typedef struct _FILE_DISPOSITION_INFORMATION
{
BOOLEAN DeleteFile;
} FILE_DISPOSITION_INFORMATION, *PFILE_DISPOSITION_INFORMATION;
-typedef struct FILE_ALLOCATED_RANGE_BUFFER
+typedef struct FILE_ALLOCATED_RANGE_BUFFER
{
LARGE_INTEGER FileOffset;
LARGE_INTEGER Length;
LARGE_INTEGER QuotaLimit;
SID Sid;
} FILE_QUOTA_INFORMATION, *PFILE_QUOTA_INFORMATION;
-
+
typedef struct _FILE_INTERNAL_INFORMATION
{
LARGE_INTEGER IndexNumber;
LARGE_INTEGER ReadTimeout;
} FILE_MAILSLOT_SET_INFORMATION, *PFILE_MAILSLOT_SET_INFORMATION;
-typedef struct _FILE_BOTH_DIR_INFORMATION
+typedef struct _FILE_BOTH_DIR_INFORMATION
{
ULONG NextEntryOffset;
ULONG FileIndex;
WCHAR FileName[1];
} FILE_BOTH_DIR_INFORMATION, *PFILE_BOTH_DIR_INFORMATION;
-typedef struct _FILE_COMPLETION_INFORMATION
+typedef struct _FILE_COMPLETION_INFORMATION
{
HANDLE Port;
PVOID Key;
WCHAR FileName[1];
} FILE_LINK_INFORMATION, *PFILE_LINK_INFORMATION;
-typedef struct _FILE_NAME_INFORMATION
+typedef struct _FILE_NAME_INFORMATION
{
ULONG FileNameLength;
WCHAR FileName[1];
/*
* File System
*/
-typedef struct _FILE_FS_DEVICE_INFORMATION
+typedef struct _FILE_FS_DEVICE_INFORMATION
{
DEVICE_TYPE DeviceType;
ULONG Characteristics;
*/
/* Class 0 */
-typedef struct _KEY_VALUE_ENTRY
+typedef struct _KEY_VALUE_ENTRY
{
PUNICODE_STRING ValueName;
ULONG DataLength;
} KEY_VALUE_ENTRY, *PKEY_VALUE_ENTRY;
/* Class 1 */
-typedef struct _KEY_VALUE_PARTIAL_INFORMATION
+typedef struct _KEY_VALUE_PARTIAL_INFORMATION
{
ULONG TitleIndex;
ULONG Type;
} KEY_VALUE_PARTIAL_INFORMATION, *PKEY_VALUE_PARTIAL_INFORMATION;
/* Class 2 */
-typedef struct _KEY_VALUE_BASIC_INFORMATION
+typedef struct _KEY_VALUE_BASIC_INFORMATION
{
ULONG TitleIndex;
ULONG Type;
} KEY_VALUE_BASIC_INFORMATION, *PKEY_VALUE_BASIC_INFORMATION;
/* Class 3 */
-typedef struct _KEY_VALUE_FULL_INFORMATION
+typedef struct _KEY_VALUE_FULL_INFORMATION
{
ULONG TitleIndex;
ULONG Type;
*/
/* Class 0 */
-typedef struct _KEY_BASIC_INFORMATION
+typedef struct _KEY_BASIC_INFORMATION
{
LARGE_INTEGER LastWriteTime;
ULONG TitleIndex;
} FILE_PIPE_PEEK_BUFFER, *PFILE_PIPE_PEEK_BUFFER;
/* The Kerner/User Shared Data Structure */
-typedef struct _KUSER_SHARED_DATA
+typedef struct _KUSER_SHARED_DATA
{
ULONG TickCountLowDeprecated;
ULONG TickCountMultiplier;
ULONG NumberOfBits;
} RTL_BITMAP_RUN, *PRTL_BITMAP_RUN;
-typedef struct _COMPRESSED_DATA_INFO
+typedef struct _COMPRESSED_DATA_INFO
{
USHORT CompressionFormatAndEngine;
UCHAR CompressionUnitShift;
ULONG CompressedChunkSizes[ANYSIZE_ARRAY];
} COMPRESSED_DATA_INFO, *PCOMPRESSED_DATA_INFO;
-typedef struct _GENERATE_NAME_CONTEXT
+typedef struct _GENERATE_NAME_CONTEXT
{
USHORT Checksum;
BOOLEAN CheckSumInserted;
ULONG LastIndexValue;
} GENERATE_NAME_CONTEXT, *PGENERATE_NAME_CONTEXT;
-typedef struct _RTL_SPLAY_LINKS
+typedef struct _RTL_SPLAY_LINKS
{
struct _RTL_SPLAY_LINKS *Parent;
struct _RTL_SPLAY_LINKS *LeftChild;
struct _RTL_AVL_TABLE;
struct _RTL_GENERIC_TABLE;
-typedef NTSTATUS STDCALL
+typedef NTSTATUS STDCALL
(*PRTL_AVL_MATCH_FUNCTION)(
struct _RTL_AVL_TABLE *Table,
PVOID UserData,
struct _RTL_GENERIC_TABLE *Table,
PVOID Buffer
);
-
+
typedef VOID STDCALL
(*PRTL_AVL_ALLOCATE_ROUTINE) (
struct _RTL_AVL_TABLE *Table,
PVOID Buffer
);
-typedef struct _RTL_GENERIC_TABLE
+typedef struct _RTL_GENERIC_TABLE
{
PRTL_SPLAY_LINKS TableRoot;
LIST_ENTRY InsertOrderList;
PVOID TableContext;
} RTL_GENERIC_TABLE, *PRTL_GENERIC_TABLE;
-typedef struct _RTL_BALANCED_LINKS
+typedef struct _RTL_BALANCED_LINKS
{
struct _RTL_BALANCED_LINKS *Parent;
struct _RTL_BALANCED_LINKS *LeftChild;
CHAR Balance;
UCHAR Reserved[3];
} RTL_BALANCED_LINKS, *PRTL_BALANCED_LINKS;
-
-typedef struct _RTL_AVL_TABLE
+
+typedef struct _RTL_AVL_TABLE
{
RTL_BALANCED_LINKS BalancedRoot;
PVOID OrderedPointer;
IN PVOID EntryContext
);
-typedef struct _RTL_QUERY_REGISTRY_TABLE
+typedef struct _RTL_QUERY_REGISTRY_TABLE
{
PRTL_QUERY_REGISTRY_ROUTINE QueryRoutine;
ULONG Flags;
ULONG DefaultLength;
} RTL_QUERY_REGISTRY_TABLE, *PRTL_QUERY_REGISTRY_TABLE;
-typedef struct _UNICODE_PREFIX_TABLE_ENTRY
+typedef struct _UNICODE_PREFIX_TABLE_ENTRY
{
CSHORT NodeTypeCode;
CSHORT NameLength;
PUNICODE_STRING Prefix;
} UNICODE_PREFIX_TABLE_ENTRY, *PUNICODE_PREFIX_TABLE_ENTRY;
-typedef struct _UNICODE_PREFIX_TABLE
+typedef struct _UNICODE_PREFIX_TABLE
{
CSHORT NodeTypeCode;
CSHORT NameLength;
/* PROTOTYPES ****************************************************************/
/* FIXME: FILE NEEDS CLEANUP */
-NTSTATUS
+NTSTATUS
STDCALL
NtAcceptConnectPort(
PHANDLE PortHandle,
PLPC_SECTION_READ ReadMap
);
+NTSTATUS
+STDCALL
+NtAccessCheck(
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN HANDLE ClientToken,
+ IN ACCESS_MASK DesiredAcces,
+ IN PGENERIC_MAPPING GenericMapping,
+ OUT PPRIVILEGE_SET PrivilegeSet,
+ OUT PULONG ReturnLength,
+ OUT PACCESS_MASK GrantedAccess,
+ OUT PNTSTATUS AccessStatus
+);
+
+NTSTATUS
+STDCALL
+ZwAccessCheck(
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN HANDLE ClientToken,
+ IN ACCESS_MASK DesiredAcces,
+ IN PGENERIC_MAPPING GenericMapping,
+ OUT PPRIVILEGE_SET PrivilegeSet,
+ OUT PULONG ReturnLength,
+ OUT PACCESS_MASK GrantedAccess,
+ OUT PNTSTATUS AccessStatus
+);
+
+NTSTATUS
+STDCALL
+NtAccessCheckAndAuditAlarm(
+ IN PUNICODE_STRING SubsystemName,
+ IN PHANDLE ObjectHandle,
+ IN PUNICODE_STRING ObjectTypeName,
+ IN PUNICODE_STRING ObjectName,
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN ACCESS_MASK DesiredAccess,
+ IN PGENERIC_MAPPING GenericMapping,
+ IN BOOLEAN ObjectCreation,
+ OUT PACCESS_MASK GrantedAccess,
+ OUT PNTSTATUS AccessStatus,
+ OUT PBOOLEAN GenerateOnClose
+);
+
+NTSTATUS
+STDCALL
+NtAddAtom(
+ IN PWSTR AtomName,
+ IN ULONG AtomNameLength,
+ IN OUT PRTL_ATOM Atom
+);
+
+NTSTATUS
+STDCALL
+ZwAddAtom(
+ IN PWSTR AtomName,
+ IN ULONG AtomNameLength,
+ IN OUT PRTL_ATOM Atom
+);
+
NTSTATUS
STDCALL
NtAddBootEntry(
IN PUNICODE_STRING EntryValue
);
-NTSTATUS
-STDCALL
+NTSTATUS
+STDCALL
NtAdjustGroupsToken(
IN HANDLE TokenHandle,
IN BOOLEAN ResetToDefault,
OUT PULONG ReturnLength
);
-NTSTATUS
-STDCALL
+NTSTATUS
+STDCALL
NtAdjustPrivilegesToken(
IN HANDLE TokenHandle,
IN BOOLEAN DisableAllPrivileges,
OUT PULONG ReturnLength
);
-NTSTATUS
-STDCALL
+NTSTATUS
+STDCALL
ZwAdjustPrivilegesToken(
IN HANDLE TokenHandle,
IN BOOLEAN DisableAllPrivileges,
NTSTATUS
STDCALL
-NtAllocateVirtualMemory (
+NtAllocateUuids(
+ PULARGE_INTEGER Time,
+ PULONG Range,
+ PULONG Sequence,
+ PUCHAR Seed
+);
+
+NTSTATUS
+STDCALL
+ZwAllocateUuids(
+ PULARGE_INTEGER Time,
+ PULONG Range,
+ PULONG Sequence,
+ PUCHAR Seed
+);
+
+NTSTATUS
+STDCALL
+NtAllocateVirtualMemory(
IN HANDLE ProcessHandle,
IN OUT PVOID *BaseAddress,
IN ULONG ZeroBits,
NTSTATUS
STDCALL
-ZwAllocateVirtualMemory (
+ZwAllocateVirtualMemory(
IN HANDLE ProcessHandle,
IN OUT PVOID *BaseAddress,
IN ULONG ZeroBits,
IN ULONG Protect
);
-NTSTATUS
-STDCALL
+NTSTATUS
+STDCALL
NtAssignProcessToJobObject(
HANDLE JobHandle,
- HANDLE ProcessHandle)
-;
+ HANDLE ProcessHandle
+);
-NTSTATUS
-STDCALL
+NTSTATUS
+STDCALL
ZwAssignProcessToJobObject(
HANDLE JobHandle,
HANDLE ProcessHandle
);
-NTSTATUS
-STDCALL
+NTSTATUS
+STDCALL
NtCallbackReturn(
PVOID Result,
ULONG ResultLength,
NTSTATUS Status
);
-NTSTATUS
-STDCALL
+NTSTATUS
+STDCALL
ZwCallbackReturn(
PVOID Result,
ULONG ResultLength,
OUT PIO_STATUS_BLOCK IoStatusBlock
);
+NTSTATUS
+STDCALL
+NtCancelTimer(
+ IN HANDLE TimerHandle,
+ OUT PBOOLEAN CurrentState OPTIONAL
+);
+
NTSTATUS
STDCALL
NtClearEvent(
- IN HANDLE EventHandle
+ IN HANDLE EventHandle
);
NTSTATUS
STDCALL
ZwClearEvent(
- IN HANDLE EventHandle
+ IN HANDLE EventHandle
);
-NTSTATUS
-STDCALL
+NTSTATUS
+STDCALL
NtCreateJobObject(
- PHANDLE JobHandle,
+ PHANDLE JobHandle,
ACCESS_MASK DesiredAccess,
POBJECT_ATTRIBUTES ObjectAttributes
);
-NTSTATUS
-STDCALL
+NTSTATUS
+STDCALL
ZwCreateJobObject(
- PHANDLE JobHandle,
+ PHANDLE JobHandle,
ACCESS_MASK DesiredAccess,
POBJECT_ATTRIBUTES ObjectAttributes
);
IN BOOLEAN GenerateOnClose
);
-NTSTATUS
+NTSTATUS
STDCALL
NtCompleteConnectPort(
HANDLE PortHandle
);
-NTSTATUS
+NTSTATUS
STDCALL
ZwCompleteConnectPort(
HANDLE PortHandle
);
-NTSTATUS
+NTSTATUS
STDCALL
NtConnectPort(
PHANDLE PortHandle,
PULONG ConnectInfoLength
);
-NTSTATUS
+NTSTATUS
STDCALL
ZwConnectPort(
PHANDLE PortHandle,
PULONG ConnectInfoLength
);
+NTSTATUS
+STDCALL
+NtContinue(
+ IN PCONTEXT Context,
+ IN BOOLEAN TestAlert
+);
+
+NTSTATUS
+STDCALL
+ZwContinue(
+ IN PCONTEXT Context,
+ IN CINT IrqLevel
+);
+
NTSTATUS
STDCALL
NtCreateDirectoryObject(
IN ULONG NumberOfConcurrentThreads
);
-NTSTATUS
+NTSTATUS
STDCALL
NtCreateKey(
OUT PHANDLE KeyHandle,
IN PULONG Disposition OPTIONAL
);
-NTSTATUS
+NTSTATUS
STDCALL
ZwCreateKey(
OUT PHANDLE KeyHandle,
IN BOOLEAN InitialOwner
);
-NTSTATUS
+NTSTATUS
STDCALL
NtCreateNamedPipeFile(
OUT PHANDLE NamedPipeFileHandle,
IN PLARGE_INTEGER DefaultTimeOut
);
-NTSTATUS
+NTSTATUS
STDCALL
ZwCreateNamedPipeFile(
OUT PHANDLE NamedPipeFileHandle,
IN PLARGE_INTEGER DefaultTimeOut
);
-NTSTATUS
+NTSTATUS
+STDCALL
+NtCreatePagingFile(
+ IN PUNICODE_STRING FileName,
+ IN PLARGE_INTEGER InitialSize,
+ IN PLARGE_INTEGER MaxiumSize,
+ IN ULONG Reserved
+);
+
+NTSTATUS
+STDCALL
+ZwCreatePagingFile(
+ IN PUNICODE_STRING FileName,
+ IN PLARGE_INTEGER InitialSize,
+ IN PLARGE_INTEGER MaxiumSize,
+ IN ULONG Reserved
+);
+
+NTSTATUS
STDCALL
NtCreatePort(
PHANDLE PortHandle,
ULONG NPMessageQueueSize OPTIONAL
);
-NTSTATUS
+NTSTATUS
STDCALL
NtCreatePort(
PHANDLE PortHandle,
IN HANDLE ExceptionPort OPTIONAL
);
+NTSTATUS
+STDCALL
+NtCreateProfile(
+ OUT PHANDLE ProfileHandle,
+ IN HANDLE ProcessHandle,
+ IN PVOID ImageBase,
+ IN ULONG ImageSize,
+ IN ULONG Granularity,
+ OUT PVOID Buffer,
+ IN ULONG ProfilingSize,
+ IN KPROFILE_SOURCE Source,
+ IN KAFFINITY ProcessorMask
+);
+
+NTSTATUS
+STDCALL
+ZwCreateProfile(
+ OUT PHANDLE ProfileHandle,
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ IN ULONG ImageBase,
+ IN ULONG ImageSize,
+ IN ULONG Granularity,
+ OUT PVOID Buffer,
+ IN ULONG ProfilingSize,
+ IN ULONG ClockSource,
+ IN ULONG ProcessorMask
+);
+
NTSTATUS
STDCALL
NtCreateSection(
IN PUNICODE_STRING Name
);
+NTSTATUS
+STDCALL
+NtCreateThread(
+ OUT PHANDLE ThreadHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
+ IN HANDLE ProcessHandle,
+ OUT PCLIENT_ID ClientId,
+ IN PCONTEXT ThreadContext,
+ IN PINITIAL_TEB UserStack,
+ IN BOOLEAN CreateSuspended
+);
+
+NTSTATUS
+STDCALL
+ZwCreateThread(
+ OUT PHANDLE ThreadHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
+ IN HANDLE ProcessHandle,
+ OUT PCLIENT_ID ClientId,
+ IN PCONTEXT ThreadContext,
+ IN PINITIAL_TEB UserStack,
+ IN BOOLEAN CreateSuspended
+);
+
NTSTATUS
STDCALL
NtCreateTimer(
IN PTOKEN_SOURCE TokenSource
);
-NTSTATUS
+NTSTATUS
STDCALL
NtCreateWaitablePort(
PHANDLE PortHandle,
ULONG NPMessageQueueSize OPTIONAL
);
-NTSTATUS
+NTSTATUS
STDCALL
ZwCreateWaitablePort(
PHANDLE PortHandle,
ULONG NPMessageQueueSize OPTIONAL
);
+NTSTATUS
+STDCALL
+NtDelayExecution(
+ IN BOOLEAN Alertable,
+ IN LARGE_INTEGER *Interval
+);
+
+NTSTATUS
+STDCALL
+ZwDelayExecution(
+ IN BOOLEAN Alertable,
+ IN LARGE_INTEGER *Interval
+);
+
NTSTATUS
STDCALL
NtDeleteAtom(
NTSTATUS
STDCALL
NtDeleteObjectAuditAlarm(
- IN PUNICODE_STRING SubsystemName,
- IN PVOID HandleId,
- IN BOOLEAN GenerateOnClose
+ IN PUNICODE_STRING SubsystemName,
+ IN PVOID HandleId,
+ IN BOOLEAN GenerateOnClose
);
NTSTATUS
STDCALL
ZwDeleteObjectAuditAlarm(
- IN PUNICODE_STRING SubsystemName,
- IN PVOID HandleId,
- IN BOOLEAN GenerateOnClose
-);
+ IN PUNICODE_STRING SubsystemName,
+ IN PVOID HandleId,
+ IN BOOLEAN GenerateOnClose
+);
NTSTATUS
STDCALL
STDCALL
NtDeviceIoControlFile(
IN HANDLE DeviceHandle,
- IN HANDLE Event OPTIONAL,
- IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL,
- IN PVOID UserApcContext OPTIONAL,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN HANDLE Event OPTIONAL,
+ IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL,
+ IN PVOID UserApcContext OPTIONAL,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
IN ULONG IoControlCode,
- IN PVOID InputBuffer,
+ IN PVOID InputBuffer,
IN ULONG InputBufferSize,
OUT PVOID OutputBuffer,
IN ULONG OutputBufferSize
STDCALL
ZwDeviceIoControlFile(
IN HANDLE DeviceHandle,
- IN HANDLE Event OPTIONAL,
- IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL,
- IN PVOID UserApcContext OPTIONAL,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN HANDLE Event OPTIONAL,
+ IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL,
+ IN PVOID UserApcContext OPTIONAL,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
IN ULONG IoControlCode,
- IN PVOID InputBuffer,
+ IN PVOID InputBuffer,
IN ULONG InputBufferSize,
OUT PVOID OutputBuffer,
IN ULONG OutputBufferSize
NTSTATUS
STDCALL
-NtEnumerateBootEntries(
- IN ULONG Unknown1,
- IN ULONG Unknown2
+NtDuplicateObject(
+ IN HANDLE SourceProcessHandle,
+ IN HANDLE SourceHandle,
+ IN HANDLE TargetProcessHandle,
+ OUT PHANDLE TargetHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN ULONG HandleAttributes,
+ IN ULONG Options
);
NTSTATUS
STDCALL
-ZwEnumerateBootEntries(
- IN ULONG Unknown1,
- IN ULONG Unknown2
+ZwDuplicateObject(
+ IN HANDLE SourceProcessHandle,
+ IN HANDLE SourceHandle,
+ IN HANDLE TargetProcessHandle,
+ OUT PHANDLE TargetHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN ULONG HandleAttributes,
+ IN ULONG Options
);
NTSTATUS
STDCALL
-NtEnumerateKey(
- IN HANDLE KeyHandle,
- IN ULONG Index,
- IN KEY_INFORMATION_CLASS KeyInformationClass,
- OUT PVOID KeyInformation,
- IN ULONG Length,
- OUT PULONG ResultLength
-);
-
-NTSTATUS
+NtDuplicateToken(
+ IN HANDLE ExistingTokenHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
+ IN BOOLEAN EffectiveOnly,
+ IN TOKEN_TYPE TokenType,
+ OUT PHANDLE NewTokenHandle
+);
+
+NTSTATUS
+STDCALL
+NtEnumerateBootEntries(
+ IN ULONG Unknown1,
+ IN ULONG Unknown2
+);
+
+NTSTATUS
+STDCALL
+ZwEnumerateBootEntries(
+ IN ULONG Unknown1,
+ IN ULONG Unknown2
+);
+
+NTSTATUS
+STDCALL
+NtEnumerateKey(
+ IN HANDLE KeyHandle,
+ IN ULONG Index,
+ IN KEY_INFORMATION_CLASS KeyInformationClass,
+ OUT PVOID KeyInformation,
+ IN ULONG Length,
+ OUT PULONG ResultLength
+);
+
+NTSTATUS
STDCALL
ZwEnumerateKey(
IN HANDLE KeyHandle,
IN ULONG Length,
OUT PULONG ResultLength
);
+
NTSTATUS
STDCALL
NtEnumerateValueKey(
OUT PULONG ResultLength
);
+NTSTATUS
+STDCALL
+NtExtendSection(
+ IN HANDLE SectionHandle,
+ IN PLARGE_INTEGER NewMaximumSize
+);
+
+NTSTATUS
+STDCALL
+ZwExtendSection(
+ IN HANDLE SectionHandle,
+ IN PLARGE_INTEGER NewMaximumSize
+);
+
+NTSTATUS
+STDCALL
+NtFindAtom(
+ IN PWSTR AtomName,
+ IN ULONG AtomNameLength,
+ OUT PRTL_ATOM Atom OPTIONAL
+);
+
+NTSTATUS
+STDCALL
+ZwFindAtom(
+ IN PWSTR AtomName,
+ IN ULONG AtomNameLength,
+ OUT PRTL_ATOM Atom OPTIONAL
+);
+
NTSTATUS
STDCALL
NtFlushBuffersFile(
OUT PIO_STATUS_BLOCK IoStatusBlock
);
+NTSTATUS
+STDCALL
+NtFlushInstructionCache(
+ IN HANDLE ProcessHandle,
+ IN PVOID BaseAddress,
+ IN UINT NumberOfBytesToFlush
+);
+
NTSTATUS
STDCALL
NtFlushKey(
ZwFlushKey(
IN HANDLE KeyHandle
);
-
-NTSTATUS
-STDCALL
+
+NTSTATUS
+STDCALL
+NtFlushVirtualMemory(
+ IN HANDLE ProcessHandle,
+ IN PVOID BaseAddress,
+ IN ULONG NumberOfBytesToFlush,
+ OUT PULONG NumberOfBytesFlushed OPTIONAL
+);
+
+NTSTATUS
+STDCALL
NtFlushWriteBuffer(VOID);
-NTSTATUS
-STDCALL
-ZwFlushWriteBuffer(VOID);
+NTSTATUS
+STDCALL
+ZwFlushWriteBuffer(VOID);
-NTSTATUS
-STDCALL
+NTSTATUS
+STDCALL
NtFreeVirtualMemory(
IN HANDLE ProcessHandle,
- IN PVOID *BaseAddress,
- IN PULONG RegionSize,
+ IN PVOID *BaseAddress,
+ IN PULONG RegionSize,
IN ULONG FreeType
);
-
-NTSTATUS
-STDCALL
+
+NTSTATUS
+STDCALL
ZwFreeVirtualMemory(
IN HANDLE ProcessHandle,
- IN PVOID *BaseAddress,
- IN PULONG RegionSize,
+ IN PVOID *BaseAddress,
+ IN PULONG RegionSize,
IN ULONG FreeType
);
STDCALL
NtFsControlFile(
IN HANDLE DeviceHandle,
- IN HANDLE Event OPTIONAL,
- IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
- IN PVOID ApcContext OPTIONAL,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN HANDLE Event OPTIONAL,
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
+ IN PVOID ApcContext OPTIONAL,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
IN ULONG IoControlCode,
- IN PVOID InputBuffer,
+ IN PVOID InputBuffer,
IN ULONG InputBufferSize,
OUT PVOID OutputBuffer,
IN ULONG OutputBufferSize
STDCALL
ZwFsControlFile(
IN HANDLE DeviceHandle,
- IN HANDLE Event OPTIONAL,
- IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
- IN PVOID ApcContext OPTIONAL,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN HANDLE Event OPTIONAL,
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
+ IN PVOID ApcContext OPTIONAL,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
IN ULONG IoControlCode,
- IN PVOID InputBuffer,
+ IN PVOID InputBuffer,
IN ULONG InputBufferSize,
OUT PVOID OutputBuffer,
IN ULONG OutputBufferSize
);
NTSTATUS
-STDCALL
+STDCALL
NtGetContextThread(
IN HANDLE ThreadHandle,
OUT PCONTEXT Context
);
NTSTATUS
-STDCALL
+STDCALL
ZwGetContextThread(
IN HANDLE ThreadHandle,
OUT PCONTEXT Context
);
-NTSTATUS
+NTSTATUS
STDCALL
NtGetPlugPlayEvent(
ULONG Reserved1,
ULONG BufferSize
);
-NTSTATUS
+ULONG
+STDCALL
+NtGetTickCount(
+ VOID
+);
+
+ULONG
+STDCALL
+ZwGetTickCount(
+ VOID
+);
+
+NTSTATUS
STDCALL
NtImpersonateClientOfPort(
HANDLE PortHandle,
PLPC_MESSAGE ClientMessage
);
-NTSTATUS
+NTSTATUS
STDCALL
ZwImpersonateClientOfPort(
HANDLE PortHandle,
);
NTSTATUS
-STDCALL
+STDCALL
NtImpersonateThread(
IN HANDLE ThreadHandle,
IN HANDLE ThreadToImpersonate,
);
NTSTATUS
-STDCALL
+STDCALL
ZwImpersonateThread(
IN HANDLE ThreadHandle,
IN HANDLE ThreadToImpersonate,
);
NTSTATUS
-STDCALL
+STDCALL
NtInitializeRegistry(
BOOLEAN SetUpBoot
);
NTSTATUS
-STDCALL
+STDCALL
ZwInitializeRegistry(
BOOLEAN SetUpBoot
);
IN HANDLE JobHandle OPTIONAL
);
-NTSTATUS
+NTSTATUS
STDCALL
NtListenPort(HANDLE PortHandle,
PLPC_MESSAGE LpcMessage
);
-NTSTATUS
+NTSTATUS
STDCALL
ZwListenPort(HANDLE PortHandle,
PLPC_MESSAGE LpcMessage
);
NTSTATUS
-STDCALL
+STDCALL
ZwLoadDriver(
IN PUNICODE_STRING DriverServiceName
);
-NTSTATUS
+NTSTATUS
+STDCALL
+NtLoadKey(
+ IN POBJECT_ATTRIBUTES KeyObjectAttributes,
+ IN POBJECT_ATTRIBUTES FileObjectAttributes
+);
+
+NTSTATUS
+STDCALL
+ZwLoadKey(
+ IN POBJECT_ATTRIBUTES KeyObjectAttributes,
+ IN POBJECT_ATTRIBUTES FileObjectAttributes
+);
+
+NTSTATUS
+STDCALL
+NtLoadKey2(
+ IN POBJECT_ATTRIBUTES KeyObjectAttributes,
+ IN POBJECT_ATTRIBUTES FileObjectAttributes,
+ IN ULONG Flags
+);
+
+NTSTATUS
+STDCALL
+ZwLoadKey2(
+ IN POBJECT_ATTRIBUTES KeyObjectAttributes,
+ IN POBJECT_ATTRIBUTES FileObjectAttributes,
+ IN ULONG Flags
+);
+
+NTSTATUS
STDCALL
NtLockFile(
IN HANDLE FileHandle,
IN BOOLEAN ExclusiveLock
);
-NTSTATUS
+NTSTATUS
STDCALL
ZwLockFile(
IN HANDLE FileHandle,
IN BOOLEAN ExclusiveLock
);
+NTSTATUS
+STDCALL
+NtLockVirtualMemory(
+ HANDLE ProcessHandle,
+ PVOID BaseAddress,
+ ULONG NumberOfBytesToLock,
+ PULONG NumberOfBytesLocked
+);
+
+NTSTATUS
+STDCALL
+ZwLockVirtualMemory(
+ HANDLE ProcessHandle,
+ PVOID BaseAddress,
+ ULONG NumberOfBytesToLock,
+ PULONG NumberOfBytesLocked
+);
+
NTSTATUS
STDCALL
NtMakePermanentObject(
NTSTATUS
STDCALL
NtMakeTemporaryObject(
- IN HANDLE Handle
+ IN HANDLE Handle
);
NTSTATUS
STDCALL
ZwMakeTemporaryObject(
- IN HANDLE Handle
+ IN HANDLE Handle
);
-NTSTATUS
+NTSTATUS
STDCALL
NtMapViewOfSection(
IN HANDLE SectionHandle,
STDCALL
NtNotifyChangeDirectoryFile(
IN HANDLE FileHandle,
- IN HANDLE Event OPTIONAL,
- IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
- IN PVOID ApcContext OPTIONAL,
+ IN HANDLE Event OPTIONAL,
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
+ IN PVOID ApcContext OPTIONAL,
OUT PIO_STATUS_BLOCK IoStatusBlock,
OUT PVOID Buffer,
IN ULONG BufferSize,
STDCALL
ZwNotifyChangeDirectoryFile(
IN HANDLE FileHandle,
- IN HANDLE Event OPTIONAL,
- IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
- IN PVOID ApcContext OPTIONAL,
+ IN HANDLE Event OPTIONAL,
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
+ IN PVOID ApcContext OPTIONAL,
OUT PIO_STATUS_BLOCK IoStatusBlock,
OUT PVOID Buffer,
IN ULONG BufferSize,
NtNotifyChangeKey(
IN HANDLE KeyHandle,
IN HANDLE Event,
- IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
- IN PVOID ApcContext OPTIONAL,
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
+ IN PVOID ApcContext OPTIONAL,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN ULONG CompletionFilter,
- IN BOOLEAN Asynchroneous,
+ IN BOOLEAN Asynchroneous,
OUT PVOID ChangeBuffer,
IN ULONG Length,
IN BOOLEAN WatchSubtree
ZwNotifyChangeKey(
IN HANDLE KeyHandle,
IN HANDLE Event,
- IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
- IN PVOID ApcContext OPTIONAL,
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
+ IN PVOID ApcContext OPTIONAL,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN ULONG CompletionFilter,
- IN BOOLEAN Asynchroneous,
+ IN BOOLEAN Asynchroneous,
OUT PVOID ChangeBuffer,
IN ULONG Length,
IN BOOLEAN WatchSubtree
IN POBJECT_ATTRIBUTES ObjectAttributes
);
-NTSTATUS
-STDCALL
+NTSTATUS
+STDCALL
NtOpenJobObject(
- PHANDLE JobHandle,
+ PHANDLE JobHandle,
ACCESS_MASK DesiredAccess,
POBJECT_ATTRIBUTES ObjectAttributes
);
-NTSTATUS
-STDCALL
+NTSTATUS
+STDCALL
ZwOpenJobObject(
- PHANDLE JobHandle,
+ PHANDLE JobHandle,
ACCESS_MASK DesiredAccess,
POBJECT_ATTRIBUTES ObjectAttributes
);
IN POBJECT_ATTRIBUTES ObjectAttributes
);
-NTSTATUS
+NTSTATUS
+STDCALL
+NtOpenObjectAuditAlarm(
+ IN PUNICODE_STRING SubsystemName,
+ IN PVOID HandleId,
+ IN PUNICODE_STRING ObjectTypeName,
+ IN PUNICODE_STRING ObjectName,
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN HANDLE ClientToken,
+ IN ULONG DesiredAccess,
+ IN ULONG GrantedAccess,
+ IN PPRIVILEGE_SET Privileges,
+ IN BOOLEAN ObjectCreation,
+ IN BOOLEAN AccessGranted,
+ OUT PBOOLEAN GenerateOnClose
+);
+
+NTSTATUS
+STDCALL
+ZwOpenObjectAuditAlarm(
+ IN PUNICODE_STRING SubsystemName,
+ IN PVOID HandleId,
+ IN PUNICODE_STRING ObjectTypeName,
+ IN PUNICODE_STRING ObjectName,
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN HANDLE ClientToken,
+ IN ULONG DesiredAccess,
+ IN ULONG GrantedAccess,
+ IN PPRIVILEGE_SET Privileges,
+ IN BOOLEAN ObjectCreation,
+ IN BOOLEAN AccessGranted,
+ OUT PBOOLEAN GenerateOnClose
+);
+
+NTSTATUS
STDCALL
NtOpenProcess(
OUT PHANDLE ProcessHandle,
IN PCLIENT_ID ClientId
);
-NTSTATUS
+NTSTATUS
STDCALL
ZwOpenProcess(
OUT PHANDLE ProcessHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN PCLIENT_ID ClientId
-);
+);
NTSTATUS
STDCALL
IN POBJECT_ATTRIBUTES ObjectAttributes
);
-NTSTATUS
+NTSTATUS
STDCALL
NtPlugPlayControl(
ULONG ControlCode,
PVOID Buffer,
ULONG BufferSize
);
-
-NTSTATUS
-STDCALL
+
+NTSTATUS
+STDCALL
NtPowerInformation(
POWER_INFORMATION_LEVEL PowerInformationLevel,
- PVOID InputBuffer,
+ PVOID InputBuffer,
ULONG InputBufferLength,
PVOID OutputBuffer,
ULONG OutputBufferLength
);
-NTSTATUS
-STDCALL
+NTSTATUS
+STDCALL
ZwPowerInformation(
POWER_INFORMATION_LEVEL PowerInformationLevel,
- PVOID InputBuffer,
+ PVOID InputBuffer,
ULONG InputBufferLength,
PVOID OutputBuffer,
ULONG OutputBufferLength
NTSTATUS
STDCALL
ZwPrivilegedServiceAuditAlarm(
- IN PUNICODE_STRING SubsystemName,
- IN PUNICODE_STRING ServiceName,
+ IN PUNICODE_STRING SubsystemName,
+ IN PUNICODE_STRING ServiceName,
IN HANDLE ClientToken,
- IN PPRIVILEGE_SET Privileges,
- IN BOOLEAN AccessGranted
-);
+ IN PPRIVILEGE_SET Privileges,
+ IN BOOLEAN AccessGranted
+);
NTSTATUS
STDCALL
NTSTATUS
STDCALL
-NtPulseEvent(
- IN HANDLE EventHandle,
- IN PLONG PulseCount OPTIONAL
+NtProtectVirtualMemory(
+ IN HANDLE ProcessHandle,
+ IN PVOID *BaseAddress,
+ IN ULONG *NumberOfBytesToProtect,
+ IN ULONG NewAccessProtection,
+ OUT PULONG OldAccessProtection
);
NTSTATUS
STDCALL
-ZwPulseEvent(
- IN HANDLE EventHandle,
- IN PLONG PulseCount OPTIONAL
-);
-
+ZwProtectVirtualMemory(
+ IN HANDLE ProcessHandle,
+ IN PVOID *BaseAddress,
+ IN ULONG *NumberOfBytesToProtect,
+ IN ULONG NewAccessProtection,
+ OUT PULONG OldAccessProtection
+);
+
+NTSTATUS
+STDCALL
+NtPulseEvent(
+ IN HANDLE EventHandle,
+ IN PLONG PulseCount OPTIONAL
+);
+
+NTSTATUS
+STDCALL
+ZwPulseEvent(
+ IN HANDLE EventHandle,
+ IN PLONG PulseCount OPTIONAL
+);
+
NTSTATUS
STDCALL
NtQueryAttributesFile(
OUT PLCID DefaultLocaleId
);
-NTSTATUS
-STDCALL
+NTSTATUS
+STDCALL
NtQueryDefaultUILanguage(
PLANGID LanguageId
);
-NTSTATUS
-STDCALL
+NTSTATUS
+STDCALL
ZwQueryDefaultUILanguage(
PLANGID LanguageId
);
IN BOOLEAN RestartScan
);
+NTSTATUS
+STDCALL
+NtQueryDirectoryObject(
+ IN HANDLE DirectoryHandle,
+ OUT PVOID Buffer,
+ IN ULONG BufferLength,
+ IN BOOLEAN ReturnSingleEntry,
+ IN BOOLEAN RestartScan,
+ IN OUT PULONG Context,
+ OUT PULONG ReturnLength OPTIONAL
+);
+
+NTSTATUS
+STDCALL
+ZwQueryDirectoryObject(
+ IN HANDLE DirectoryHandle,
+ OUT PVOID Buffer,
+ IN ULONG BufferLength,
+ IN BOOLEAN ReturnSingleEntry,
+ IN BOOLEAN RestartScan,
+ IN OUT PULONG Context,
+ OUT PULONG ReturnLength OPTIONAL
+);
+
NTSTATUS
STDCALL
NtQueryEaFile(
OUT PFILE_NETWORK_OPEN_INFORMATION FileInformation
);
-NTSTATUS
+NTSTATUS
STDCALL
ZwQueryFullAttributesFile(
IN POBJECT_ATTRIBUTES ObjectAttributes,
OUT PFILE_NETWORK_OPEN_INFORMATION FileInformation
);
+NTSTATUS
+STDCALL
+NtQueryInformationAtom(
+ IN RTL_ATOM Atom,
+ IN ATOM_INFORMATION_CLASS AtomInformationClass,
+ OUT PVOID AtomInformation,
+ IN ULONG AtomInformationLength,
+ OUT PULONG ReturnLength OPTIONAL
+);
+
+NTSTATUS
+STDCALL
+ZwQueryInformationAtom(
+ IN RTL_ATOM Atom,
+ IN ATOM_INFORMATION_CLASS AtomInformationClass,
+ OUT PVOID AtomInformation,
+ IN ULONG AtomInformationLength,
+ OUT PULONG ReturnLength OPTIONAL
+);
+
NTSTATUS
STDCALL
NtQueryInformationFile(
FILE_INFORMATION_CLASS FileInformationClass
);
-NTSTATUS
-STDCALL
+NTSTATUS
+STDCALL
NtQueryInformationJobObject(
HANDLE JobHandle,
- JOBOBJECTINFOCLASS JobInformationClass,
+ JOBOBJECTINFOCLASS JobInformationClass,
PVOID JobInformation,
- ULONG JobInformationLength,
+ ULONG JobInformationLength,
PULONG ReturnLength
);
-NTSTATUS
-STDCALL
+NTSTATUS
+STDCALL
ZwQueryInformationJobObject(
HANDLE JobHandle,
- JOBOBJECTINFOCLASS JobInformationClass,
+ JOBOBJECTINFOCLASS JobInformationClass,
PVOID JobInformation,
- ULONG JobInformationLength,
+ ULONG JobInformationLength,
PULONG ReturnLength
);
-NTSTATUS
+NTSTATUS
STDCALL
NtQueryInformationPort(
HANDLE PortHandle,
PULONG ReturnLength
);
-NTSTATUS
+NTSTATUS
STDCALL
ZwQueryInformationPort(
HANDLE PortHandle,
IN ULONG ProcessInformationLength,
OUT PULONG ReturnLength OPTIONAL
);
-
+
NTSTATUS
STDCALL
ZwQueryInformationProcess(
IN THREADINFOCLASS ThreadInformationClass,
OUT PVOID ThreadInformation,
IN ULONG ThreadInformationLength,
- OUT PULONG ReturnLength
+ OUT PULONG ReturnLength
);
-NTSTATUS
-STDCALL
+NTSTATUS
+STDCALL
ZwQueryInformationThread(
IN HANDLE ThreadHandle,
IN THREADINFOCLASS ThreadInformationClass,
OUT PVOID ThreadInformation,
- IN ULONG ThreadInformationLength,
+ IN ULONG ThreadInformationLength,
OUT PULONG ReturnLength
);
OUT PULONG ReturnLength
);
-NTSTATUS
-STDCALL
+NTSTATUS
+STDCALL
NtQueryInstallUILanguage(
PLANGID LanguageId
);
-NTSTATUS
-STDCALL
+NTSTATUS
+STDCALL
ZwQueryInstallUILanguage(
PLANGID LanguageId
);
+NTSTATUS
+STDCALL
+NtQueryIntervalProfile(
+ IN KPROFILE_SOURCE ProfileSource,
+ OUT PULONG Interval
+);
+
+NTSTATUS
+STDCALL
+ZwQueryIntervalProfile(
+ OUT PULONG Interval,
+ OUT KPROFILE_SOURCE ClockSource
+);
+
NTSTATUS
STDCALL
NtQueryIoCompletion(
IN BOOLEAN RestartScan
);
-
NTSTATUS
STDCALL
ZwQueryQuotaInformationFile(
OUT PULONG ResultLength
);
+NTSTATUS
+STDCALL
+NtQueryObject(
+ IN HANDLE ObjectHandle,
+ IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
+ OUT PVOID ObjectInformation,
+ IN ULONG Length,
+ OUT PULONG ResultLength OPTIONAL
+);
+
+NTSTATUS
+STDCALL
+ZwQueryObject(
+ IN HANDLE ObjectHandle,
+ IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
+ OUT PVOID ObjectInformation,
+ IN ULONG Length,
+ OUT PULONG ResultLength OPTIONAL
+);
+
NTSTATUS
STDCALL
NtQueryPerformanceCounter(
IN PLARGE_INTEGER Frequency
);
+NTSTATUS
+STDCALL
+NtQuerySection(
+ IN HANDLE SectionHandle,
+ IN SECTION_INFORMATION_CLASS SectionInformationClass,
+ OUT PVOID SectionInformation,
+ IN ULONG Length,
+ OUT PULONG ResultLength
+);
+
+NTSTATUS
+STDCALL
+ZwQuerySection(
+ IN HANDLE SectionHandle,
+ IN SECTION_INFORMATION_CLASS SectionInformationClass,
+ OUT PVOID SectionInformation,
+ IN ULONG Length,
+ OUT PULONG ResultLength
+);
+
+NTSTATUS
+STDCALL
+NtQuerySecurityObject(
+ IN HANDLE Handle,
+ IN SECURITY_INFORMATION SecurityInformation,
+ OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN ULONG Length,
+ OUT PULONG ResultLength
+);
+
+NTSTATUS
+STDCALL
+ZwQuerySecurityObject(
+ IN HANDLE Handle,
+ IN SECURITY_INFORMATION SecurityInformation,
+ OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN ULONG Length,
+ OUT PULONG ResultLength
+);
+
NTSTATUS
STDCALL
NtQuerySemaphore(
IN HANDLE SymLinkObjHandle,
OUT PUNICODE_STRING LinkName,
OUT PULONG DataWritten OPTIONAL
-);
+);
NTSTATUS
STDCALL
NTSTATUS
STDCALL
-NtQuerySystemTime (
+NtQuerySystemTime(
+ OUT PLARGE_INTEGER CurrentTime
+);
+
+NTSTATUS
+STDCALL
+ZwQuerySystemTime(
OUT PLARGE_INTEGER CurrentTime
);
-
+
NTSTATUS
STDCALL
NtQueryTimer(
IN ULONG Length,
OUT PULONG ResultLength
);
+
NTSTATUS
STDCALL
ZwQueryTimer(
);
NTSTATUS
-STDCALL
-NtQueryTimerResolution (
+STDCALL
+NtQueryTimerResolution(
OUT PULONG MinimumResolution,
- OUT PULONG MaximumResolution,
- OUT PULONG ActualResolution
-);
+ OUT PULONG MaximumResolution,
+ OUT PULONG ActualResolution
+);
NTSTATUS
-STDCALL
-ZwQueryTimerResolution (
+STDCALL
+ZwQueryTimerResolution(
OUT PULONG MinimumResolution,
- OUT PULONG MaximumResolution,
- OUT PULONG ActualResolution
-);
-
+ OUT PULONG MaximumResolution,
+ OUT PULONG ActualResolution
+);
+
NTSTATUS
STDCALL
NtQueryValueKey(
OUT PULONG ResultLength
);
+NTSTATUS
+STDCALL
+NtQueryVirtualMemory(
+ IN HANDLE ProcessHandle,
+ IN PVOID Address,
+ IN IN CINT VirtualMemoryInformationClass,
+ OUT PVOID VirtualMemoryInformation,
+ IN ULONG Length,
+ OUT PULONG ResultLength
+);
+
+NTSTATUS
+STDCALL
+ZwQueryVirtualMemory(
+ IN HANDLE ProcessHandle,
+ IN PVOID Address,
+ IN IN CINT VirtualMemoryInformationClass,
+ OUT PVOID VirtualMemoryInformation,
+ IN ULONG Length,
+ OUT PULONG ResultLength
+);
+
NTSTATUS
STDCALL
NtQueryVolumeInformationFile(
OUT PIO_STATUS_BLOCK IoStatusBlock,
OUT PVOID FsInformation,
IN ULONG Length,
- IN FS_INFORMATION_CLASS FsInformationClass
+ IN FS_INFORMATION_CLASS FsInformationClass
);
NTSTATUS
IN BOOLEAN SearchFrames
);
+NTSTATUS
+STDCALL
+NtRaiseHardError(
+ IN NTSTATUS ErrorStatus,
+ IN ULONG NumberOfParameters,
+ IN PUNICODE_STRING UnicodeStringParameterMask OPTIONAL,
+ IN PVOID *Parameters,
+ IN HARDERROR_RESPONSE_OPTION ResponseOption,
+ OUT PHARDERROR_RESPONSE Response
+);
+
+NTSTATUS
+STDCALL
+ZwRaiseHardError(
+ IN NTSTATUS ErrorStatus,
+ IN ULONG NumberOfParameters,
+ IN PUNICODE_STRING UnicodeStringParameterMask OPTIONAL,
+ IN PVOID *Parameters,
+ IN HARDERROR_RESPONSE_OPTION ResponseOption,
+ OUT PHARDERROR_RESPONSE Response
+);
+
NTSTATUS
STDCALL
NtReadFile(
OUT PVOID Buffer,
IN ULONG BufferLength,
IN PLARGE_INTEGER ByteOffset OPTIONAL,
- IN PULONG Key OPTIONAL
+ IN PULONG Key OPTIONAL
);
NTSTATUS
OUT PVOID Buffer,
IN ULONG BufferLength,
IN PLARGE_INTEGER ByteOffset OPTIONAL,
- IN PULONG Key OPTIONAL
+ IN PULONG Key OPTIONAL
);
NTSTATUS
IN PULONG Key OPTIONAL
);
-NTSTATUS
+NTSTATUS
STDCALL
NtReadRequestData(
HANDLE PortHandle,
PULONG ReturnLength
);
-NTSTATUS
+NTSTATUS
STDCALL
ZwReadRequestData(
HANDLE PortHandle,
NTSTATUS
STDCALL
-NtReadVirtualMemory(
+NtReadVirtualMemory(
IN HANDLE ProcessHandle,
IN PVOID BaseAddress,
OUT PVOID Buffer,
IN ULONG NumberOfBytesToRead,
OUT PULONG NumberOfBytesRead
-);
+);
NTSTATUS
STDCALL
-ZwReadVirtualMemory(
+ZwReadVirtualMemory(
IN HANDLE ProcessHandle,
IN PVOID BaseAddress,
OUT PVOID Buffer,
IN ULONG NumberOfBytesToRead,
OUT PULONG NumberOfBytesRead
-);
+);
NTSTATUS
-STDCALL
+STDCALL
NtRegisterThreadTerminatePort(
HANDLE TerminationPort
);
NTSTATUS
-STDCALL
+STDCALL
ZwRegisterThreadTerminatePort(
HANDLE TerminationPort
);
NTSTATUS
-STDCALL
+STDCALL
NtReleaseMutant(
IN HANDLE MutantHandle,
IN PLONG ReleaseCount OPTIONAL
);
NTSTATUS
-STDCALL
+STDCALL
ZwReleaseMutant(
IN HANDLE MutantHandle,
IN PLONG ReleaseCount OPTIONAL
IN HANDLE Key,
IN POBJECT_ATTRIBUTES ReplacedObjectAttributes
);
+
NTSTATUS
STDCALL
ZwReplaceKey(
IN POBJECT_ATTRIBUTES ReplacedObjectAttributes
);
-NTSTATUS
+NTSTATUS
STDCALL
NtReplyPort(
HANDLE PortHandle,
PLPC_MESSAGE LpcReply
);
-NTSTATUS
+NTSTATUS
STDCALL
ZwReplyPort(
HANDLE PortHandle,
PLPC_MESSAGE LpcReply
);
-NTSTATUS
+NTSTATUS
STDCALL
NtReplyWaitReceivePort(
HANDLE PortHandle,
PLPC_MESSAGE MessageRequest
);
-NTSTATUS
+NTSTATUS
STDCALL
ZwReplyWaitReceivePort(
HANDLE PortHandle,
PLPC_MESSAGE MessageRequest
);
-NTSTATUS
+NTSTATUS
STDCALL
NtReplyWaitReplyPort(
HANDLE PortHandle,
PLPC_MESSAGE ReplyMessage
);
-NTSTATUS
+NTSTATUS
STDCALL
ZwReplyWaitReplyPort(
HANDLE PortHandle,
PLPC_MESSAGE ReplyMessage
);
-NTSTATUS
+NTSTATUS
STDCALL
NtRequestPort(
HANDLE PortHandle,
PLPC_MESSAGE LpcMessage);
-NTSTATUS
+NTSTATUS
STDCALL
ZwRequestPort(
HANDLE PortHandle,
PLPC_MESSAGE LpcRequest
);
-NTSTATUS
+NTSTATUS
STDCALL
ZwRequestWaitReplyPort(
HANDLE PortHandle,
ZwResumeProcess(
IN HANDLE ProcessHandle
);
-
+
NTSTATUS
STDCALL
NtSaveKey(
IN ULONG Unknown2
);
-NTSTATUS
-STDCALL
+NTSTATUS
+STDCALL
NtSetBootOptions(
- ULONG Unknown1,
+ ULONG Unknown1,
ULONG Unknown2
);
-NTSTATUS
-STDCALL
+NTSTATUS
+STDCALL
ZwSetBootOptions(
- ULONG Unknown1,
+ ULONG Unknown1,
ULONG Unknown2
);
IN LCID DefaultLocaleId
);
-NTSTATUS
-STDCALL
+NTSTATUS
+STDCALL
NtSetDefaultUILanguage(
LANGID LanguageId
);
-NTSTATUS
-STDCALL
+NTSTATUS
+STDCALL
ZwSetDefaultUILanguage(
LANGID LanguageId
);
IN FILE_INFORMATION_CLASS FileInformationClass
);
-NTSTATUS
-STDCALL
+NTSTATUS
+STDCALL
NtSetInformationJobObject(
HANDLE JobHandle,
JOBOBJECTINFOCLASS JobInformationClass,
- PVOID JobInformation,
+ PVOID JobInformation,
ULONG JobInformationLength
);
-NTSTATUS
-STDCALL
+NTSTATUS
+STDCALL
ZwSetInformationJobObject(
HANDLE JobHandle,
JOBOBJECTINFOCLASS JobInformationClass,
- PVOID JobInformation,
+ PVOID JobInformation,
ULONG JobInformationLength
);
+NTSTATUS
+STDCALL
+NtSetInformationKey(
+ IN HANDLE KeyHandle,
+ IN KEY_SET_INFORMATION_CLASS KeyInformationClass,
+ IN PVOID KeyInformation,
+ IN ULONG KeyInformationLength
+);
+
+NTSTATUS
+STDCALL
+ZwSetInformationKey(
+ IN HANDLE KeyHandle,
+ IN KEY_SET_INFORMATION_CLASS KeyInformationClass,
+ IN PVOID KeyInformation,
+ IN ULONG KeyInformationLength
+);
+
+NTSTATUS
+STDCALL
+NtSetInformationObject(
+ IN HANDLE ObjectHandle,
+ IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
+ IN PVOID ObjectInformation,
+ IN ULONG Length
+);
+
+NTSTATUS
+STDCALL
+ZwSetInformationObject(
+ IN HANDLE ObjectHandle,
+ IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
+ IN PVOID ObjectInformation,
+ IN ULONG Length
+);
+
+NTSTATUS
+STDCALL
+NtSetInformationProcess(
+ IN HANDLE ProcessHandle,
+ IN PROCESSINFOCLASS ProcessInformationClass,
+ IN PVOID ProcessInformation,
+ IN ULONG ProcessInformationLength
+);
+
NTSTATUS
STDCALL
NtSetInformationThread(
NTSTATUS
STDCALL
NtSetInformationToken(
- IN HANDLE TokenHandle,
+ IN HANDLE TokenHandle,
IN TOKEN_INFORMATION_CLASS TokenInformationClass,
- OUT PVOID TokenInformation,
- IN ULONG TokenInformationLength
+ OUT PVOID TokenInformation,
+ IN ULONG TokenInformationLength
);
NTSTATUS
STDCALL
ZwSetInformationToken(
- IN HANDLE TokenHandle,
+ IN HANDLE TokenHandle,
IN TOKEN_INFORMATION_CLASS TokenInformationClass,
- OUT PVOID TokenInformation,
- IN ULONG TokenInformationLength
+ OUT PVOID TokenInformation,
+ IN ULONG TokenInformationLength
);
NTSTATUS
IN ULONG CompletionInformation
);
-NTSTATUS
+NTSTATUS
STDCALL
NtSetIntervalProfile(
ULONG Interval,
KPROFILE_SOURCE ClockSource
);
-NTSTATUS
+NTSTATUS
STDCALL
ZwSetIntervalProfile(
ULONG Interval,
KPROFILE_SOURCE ClockSource
);
+NTSTATUS
+STDCALL
+NtSetLdtEntries(
+ ULONG Selector1,
+ LDT_ENTRY LdtEntry1,
+ ULONG Selector2,
+ LDT_ENTRY LdtEntry2
+);
+
NTSTATUS
STDCALL
NtSetLowEventPair(
HANDLE EventPair
);
-NTSTATUS
-STDCALL
+NTSTATUS
+STDCALL
NtSetQuotaInformationFile(
HANDLE FileHandle,
- PIO_STATUS_BLOCK IoStatusBlock,
+ PIO_STATUS_BLOCK IoStatusBlock,
PFILE_QUOTA_INFORMATION Buffer,
ULONG BufferLength
-);
+);
-NTSTATUS
-STDCALL
+NTSTATUS
+STDCALL
ZwSetQuotaInformationFile(
HANDLE FileHandle,
- PIO_STATUS_BLOCK IoStatusBlock,
+ PIO_STATUS_BLOCK IoStatusBlock,
PFILE_QUOTA_INFORMATION Buffer,
ULONG BufferLength
-);
+);
NTSTATUS
STDCALL
NtSetSecurityObject(
- IN HANDLE Handle,
- IN SECURITY_INFORMATION SecurityInformation,
- IN PSECURITY_DESCRIPTOR SecurityDescriptor
-);
+ IN HANDLE Handle,
+ IN SECURITY_INFORMATION SecurityInformation,
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor
+);
NTSTATUS
STDCALL
ZwSetSecurityObject(
- IN HANDLE Handle,
- IN SECURITY_INFORMATION SecurityInformation,
- IN PSECURITY_DESCRIPTOR SecurityDescriptor
-);
+ IN HANDLE Handle,
+ IN SECURITY_INFORMATION SecurityInformation,
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor
+);
NTSTATUS
STDCALL
IN ULONG SystemInformationLength
);
+NTSTATUS
+STDCALL
+NtSetSystemPowerState(
+ IN POWER_ACTION SystemAction,
+ IN SYSTEM_POWER_STATE MinSystemState,
+ IN ULONG Flags
+);
+
NTSTATUS
STDCALL
NtSetSystemTime(
IN PLARGE_INTEGER NewSystemTime OPTIONAL
);
+NTSTATUS
+STDCALL
+NtSetTimer(
+ IN HANDLE TimerHandle,
+ IN PLARGE_INTEGER DueTime,
+ IN PTIMER_APC_ROUTINE TimerApcRoutine,
+ IN PVOID TimerContext,
+ IN BOOLEAN WakeTimer,
+ IN LONG Period OPTIONAL,
+ OUT PBOOLEAN PreviousState OPTIONAL
+);
+
NTSTATUS
STDCALL
NtSetTimerResolution(
NtSetUuidSeed(
IN PUCHAR UuidSeed
);
-
+
NTSTATUS
STDCALL
ZwSetUuidSeed(
HANDLE ProfileHandle
);
-NTSTATUS
-STDCALL
+NTSTATUS
+STDCALL
+NtSuspendProcess(
+ IN HANDLE ProcessHandle
+);
+
+NTSTATUS
+STDCALL
+ZwSuspendProcess(
+ IN HANDLE ProcessHandle
+);
+
+NTSTATUS
+STDCALL
+NtSuspendThread(
+ IN HANDLE ThreadHandle,
+ IN PULONG PreviousSuspendCount
+);
+
+NTSTATUS
+STDCALL
+ZwSuspendThread(
+ IN HANDLE ThreadHandle,
+ IN PULONG PreviousSuspendCount
+);
+
+NTSTATUS
+STDCALL
+NtSystemDebugControl(
+ DEBUG_CONTROL_CODE ControlCode,
+ PVOID InputBuffer,
+ ULONG InputBufferLength,
+ PVOID OutputBuffer,
+ ULONG OutputBufferLength,
+ PULONG ReturnLength
+);
+
+NTSTATUS
+STDCALL
NtTerminateProcess(
IN HANDLE ProcessHandle,
IN NTSTATUS ExitStatus
);
-NTSTATUS
-STDCALL
+NTSTATUS
+STDCALL
ZwTerminateProcess(
IN HANDLE ProcessHandle,
IN NTSTATUS ExitStatus
);
-NTSTATUS
-STDCALL
+NTSTATUS
+STDCALL
+NtTerminateThread(
+ IN HANDLE ThreadHandle,
+ IN NTSTATUS ExitStatus
+);
+NTSTATUS
+STDCALL
+ZwTerminateThread(
+ IN HANDLE ThreadHandle,
+ IN NTSTATUS ExitStatus
+);
+
+NTSTATUS
+STDCALL
NtTerminateJobObject(
- HANDLE JobHandle,
+ HANDLE JobHandle,
NTSTATUS ExitStatus
);
-NTSTATUS
-STDCALL
+NTSTATUS
+STDCALL
ZwTerminateJobObject(
- HANDLE JobHandle,
+ HANDLE JobHandle,
NTSTATUS ExitStatus
);
+NTSTATUS
+STDCALL
+NtTestAlert(
+ VOID
+);
+
+NTSTATUS
+STDCALL
+ZwTestAlert(
+ VOID
+);
+
NTSTATUS
STDCALL
NtTraceEvent(
IN struct _EVENT_TRACE_HEADER* TraceHeader
);
-NTSTATUS
-STDCALL
+NTSTATUS
+STDCALL
NtTranslateFilePath(
- ULONG Unknown1,
+ ULONG Unknown1,
ULONG Unknown2,
ULONG Unknown3
);
-NTSTATUS
-STDCALL
+NTSTATUS
+STDCALL
ZwTranslateFilePath(
- ULONG Unknown1,
+ ULONG Unknown1,
ULONG Unknown2,
ULONG Unknown3
);
-NTSTATUS
+NTSTATUS
STDCALL
NtUnloadDriver(
IN PUNICODE_STRING DriverServiceName
);
-NTSTATUS
+NTSTATUS
STDCALL
ZwUnloadDriver(
IN PUNICODE_STRING DriverServiceName
NTSTATUS
STDCALL
-NtUnmapViewOfSection(
- IN HANDLE ProcessHandle,
- IN PVOID BaseAddress
+NtUnloadKey(
+ IN POBJECT_ATTRIBUTES KeyObjectAttributes
);
NTSTATUS
STDCALL
-ZwUnmapViewOfSection(
- IN HANDLE ProcessHandle,
- IN PVOID BaseAddress
+ZwUnloadKey(
+ IN POBJECT_ATTRIBUTES KeyObjectAttributes
);
-NTSTATUS
+NTSTATUS
STDCALL
-NtWriteRequestData(
- HANDLE PortHandle,
- PLPC_MESSAGE Message,
- ULONG Index,
- PVOID Buffer,
- ULONG BufferLength,
- PULONG ReturnLength
+NtUnlockFile(
+ IN HANDLE FileHandle,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN PLARGE_INTEGER ByteOffset,
+ IN PLARGE_INTEGER Lenght,
+ OUT PULONG Key OPTIONAL
);
-NTSTATUS
+NTSTATUS
STDCALL
-ZwWriteRequestData(
- HANDLE PortHandle,
- PLPC_MESSAGE Message,
- ULONG Index,
- PVOID Buffer,
- ULONG BufferLength,
- PULONG ReturnLength
+ZwUnlockFile(
+ IN HANDLE FileHandle,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN PLARGE_INTEGER ByteOffset,
+ IN PLARGE_INTEGER Lenght,
+ OUT PULONG Key OPTIONAL
);
NTSTATUS
-STDCALL
-NtWriteVirtualMemory(
+STDCALL
+NtUnlockVirtualMemory(
IN HANDLE ProcessHandle,
- IN PVOID BaseAddress,
- IN PVOID Buffer,
- IN ULONG NumberOfBytesToWrite,
- OUT PULONG NumberOfBytesWritten
+ IN PVOID BaseAddress,
+ IN ULONG NumberOfBytesToUnlock,
+ OUT PULONG NumberOfBytesUnlocked OPTIONAL
);
NTSTATUS
-STDCALL
-ZwWriteVirtualMemory(
+STDCALL
+ZwUnlockVirtualMemory(
IN HANDLE ProcessHandle,
- IN PVOID BaseAddress,
- IN PVOID Buffer,
- IN ULONG NumberOfBytesToWrite,
- OUT PULONG NumberOfBytesWritten
+ IN PVOID BaseAddress,
+ IN ULONG NumberOfBytesToUnlock,
+ OUT PULONG NumberOfBytesUnlocked OPTIONAL
);
-
NTSTATUS
STDCALL
-NtWaitForSingleObject (
- IN HANDLE Object,
- IN BOOLEAN Alertable,
- IN PLARGE_INTEGER Time
+NtUnmapViewOfSection(
+ IN HANDLE ProcessHandle,
+ IN PVOID BaseAddress
);
NTSTATUS
STDCALL
-ZwWaitForSingleObject (
- IN HANDLE Object,
- IN BOOLEAN Alertable,
- IN PLARGE_INTEGER Time
+ZwUnmapViewOfSection(
+ IN HANDLE ProcessHandle,
+ IN PVOID BaseAddress
);
-
NTSTATUS
STDCALL
-NtWaitHighEventPair(
- IN HANDLE EventPairHandle
+NtVdmControl(
+ ULONG ControlCode,
+ PVOID ControlData
);
NTSTATUS
STDCALL
-ZwWaitHighEventPair(
- IN HANDLE EventPairHandle
+NtW32Call(
+ IN ULONG RoutineIndex,
+ IN PVOID Argument,
+ IN ULONG ArgumentLength,
+ OUT PVOID* Result OPTIONAL,
+ OUT PULONG ResultLength OPTIONAL
);
NTSTATUS
STDCALL
-NtWaitLowEventPair(
+NtWaitForMultipleObjects(
+ IN ULONG Count,
+ IN HANDLE Object[],
+ IN WAIT_TYPE WaitType,
+ IN BOOLEAN Alertable,
+ IN PLARGE_INTEGER Time
+);
+
+NTSTATUS
+STDCALL
+ZwWaitForMultipleObjects(
+ IN ULONG Count,
+ IN HANDLE Object[],
+ IN WAIT_TYPE WaitType,
+ IN BOOLEAN Alertable,
+ IN PLARGE_INTEGER Time
+);
+
+NTSTATUS
+STDCALL
+NtWaitForSingleObject(
+ IN HANDLE Object,
+ IN BOOLEAN Alertable,
+ IN PLARGE_INTEGER Time
+);
+
+NTSTATUS
+STDCALL
+ZwWaitForSingleObject(
+ IN HANDLE Object,
+ IN BOOLEAN Alertable,
+ IN PLARGE_INTEGER Time
+);
+
+NTSTATUS
+STDCALL
+NtWaitHighEventPair(
IN HANDLE EventPairHandle
);
NTSTATUS
STDCALL
-ZwWaitLowEventPair(
+ZwWaitHighEventPair(
IN HANDLE EventPairHandle
);
-NTSTATUS
+NTSTATUS
STDCALL
-NtUnlockFile(
- IN HANDLE FileHandle,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN PLARGE_INTEGER ByteOffset,
- IN PLARGE_INTEGER Lenght,
- OUT PULONG Key OPTIONAL
+NtWaitLowEventPair(
+ IN HANDLE EventPairHandle
);
-NTSTATUS
+
+NTSTATUS
STDCALL
-ZwUnlockFile(
- IN HANDLE FileHandle,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN PLARGE_INTEGER ByteOffset,
- IN PLARGE_INTEGER Lenght,
- OUT PULONG Key OPTIONAL
+ZwWaitLowEventPair(
+ IN HANDLE EventPairHandle
);
-
NTSTATUS
STDCALL
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN PVOID Buffer,
IN ULONG Length,
- IN PLARGE_INTEGER ByteOffset ,
+ IN PLARGE_INTEGER ByteOffset,
IN PULONG Key OPTIONAL
);
NTSTATUS
-STDCALL
-NtWriteFileGather(
- IN HANDLE FileHandle,
- IN HANDLE Event OPTIONAL,
- IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
- IN PVOID ApcContext OPTIONAL,
+STDCALL
+NtWriteFileGather(
+ IN HANDLE FileHandle,
+ IN HANDLE Event OPTIONAL,
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
+ IN PVOID ApcContext OPTIONAL,
OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN FILE_SEGMENT_ELEMENT BufferDescription[],
- IN ULONG BufferLength,
- IN PLARGE_INTEGER ByteOffset,
+ IN FILE_SEGMENT_ELEMENT BufferDescription[],
+ IN ULONG BufferLength,
+ IN PLARGE_INTEGER ByteOffset,
IN PULONG Key OPTIONAL
-);
+);
NTSTATUS
-STDCALL
-ZwWriteFileGather(
- IN HANDLE FileHandle,
- IN HANDLE Event OPTIONAL,
- IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
- IN PVOID ApcContext OPTIONAL,
+STDCALL
+ZwWriteFileGather(
+ IN HANDLE FileHandle,
+ IN HANDLE Event OPTIONAL,
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
+ IN PVOID ApcContext OPTIONAL,
OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN FILE_SEGMENT_ELEMENT BufferDescription[],
- IN ULONG BufferLength,
- IN PLARGE_INTEGER ByteOffset,
+ IN FILE_SEGMENT_ELEMENT BufferDescription[],
+ IN ULONG BufferLength,
+ IN PLARGE_INTEGER ByteOffset,
IN PULONG Key OPTIONAL
-);
-
-NTSTATUS
-STDCALL
-NtSuspendThread(
- IN HANDLE ThreadHandle,
- IN PULONG PreviousSuspendCount
-);
-
-NTSTATUS
-STDCALL
-ZwSuspendThread(
- IN HANDLE ThreadHandle,
- IN PULONG PreviousSuspendCount
);
NTSTATUS
STDCALL
-NtSuspendProcess(
- IN HANDLE ProcessHandle
+NtWriteRequestData(
+ HANDLE PortHandle,
+ PLPC_MESSAGE Message,
+ ULONG Index,
+ PVOID Buffer,
+ ULONG BufferLength,
+ PULONG ReturnLength
);
NTSTATUS
STDCALL
-ZwSuspendProcess(
- IN HANDLE ProcessHandle
+ZwWriteRequestData(
+ HANDLE PortHandle,
+ PLPC_MESSAGE Message,
+ ULONG Index,
+ PVOID Buffer,
+ ULONG BufferLength,
+ PULONG ReturnLength
);
-NTSTATUS
-STDCALL
-NtTerminateThread(
- IN HANDLE ThreadHandle ,
- IN NTSTATUS ExitStatus
-);
-NTSTATUS
-STDCALL
-ZwTerminateThread(
- IN HANDLE ThreadHandle ,
- IN NTSTATUS ExitStatus
+NTSTATUS
+STDCALL
+NtWriteVirtualMemory(
+ IN HANDLE ProcessHandle,
+ IN PVOID BaseAddress,
+ IN PVOID Buffer,
+ IN ULONG NumberOfBytesToWrite,
+ OUT PULONG NumberOfBytesWritten
);
-NTSTATUS
-STDCALL
-NtTestAlert(
- VOID
-);
-NTSTATUS
-STDCALL
-ZwTestAlert(
- VOID
+NTSTATUS
+STDCALL
+ZwWriteVirtualMemory(
+ IN HANDLE ProcessHandle,
+ IN PVOID BaseAddress,
+ IN PVOID Buffer,
+ IN ULONG NumberOfBytesToWrite,
+ OUT PULONG NumberOfBytesWritten
);
NTSTATUS
-STDCALL
+STDCALL
NtYieldExecution(
VOID
);
NTSTATUS
-STDCALL
+STDCALL
ZwYieldExecution(
VOID
);
-NTSTATUS
-STDCALL
-NtSetSystemPowerState(
- IN POWER_ACTION SystemAction,
- IN SYSTEM_POWER_STATE MinSystemState,
- IN ULONG Flags
-);
-
-NTSTATUS
-STDCALL
-NtSystemDebugControl(
- DEBUG_CONTROL_CODE ControlCode,
- PVOID InputBuffer,
- ULONG InputBufferLength,
- PVOID OutputBuffer,
- ULONG OutputBufferLength,
- PULONG ReturnLength
-);
-
-NTSTATUS
-STDCALL
-NtVdmControl(
- ULONG ControlCode,
- PVOID ControlData
-);
-
-NTSTATUS
-STDCALL
-NtW32Call(
- IN ULONG RoutineIndex,
- IN PVOID Argument,
- IN ULONG ArgumentLength,
- OUT PVOID* Result OPTIONAL,
- OUT PULONG ResultLength OPTIONAL
-);
NTSTATUS
STDCALL
VOID
);
-NTSTATUS
-STDCALL
-NtSetLdtEntries(
- ULONG Selector1,
- LDT_ENTRY LdtEntry1,
- ULONG Selector2,
- LDT_ENTRY LdtEntry2
-);
-
NTSTATUS
STDCALL
NtQueryOleDirectoryFile(
VOID
);
-NTSTATUS
-STDCALL
-NtAccessCheck(
- IN PSECURITY_DESCRIPTOR SecurityDescriptor,
- IN HANDLE ClientToken,
- IN ACCESS_MASK DesiredAcces,
- IN PGENERIC_MAPPING GenericMapping,
- OUT PPRIVILEGE_SET PrivilegeSet,
- OUT PULONG ReturnLength,
- OUT PACCESS_MASK GrantedAccess,
- OUT PNTSTATUS AccessStatus
-);
-
-NTSTATUS
-STDCALL
-ZwAccessCheck(
- IN PSECURITY_DESCRIPTOR SecurityDescriptor,
- IN HANDLE ClientToken,
- IN ACCESS_MASK DesiredAcces,
- IN PGENERIC_MAPPING GenericMapping,
- OUT PPRIVILEGE_SET PrivilegeSet,
- OUT PULONG ReturnLength,
- OUT PACCESS_MASK GrantedAccess,
- OUT PNTSTATUS AccessStatus
-);
-
-NTSTATUS
-STDCALL
-NtAccessCheckAndAuditAlarm(
- IN PUNICODE_STRING SubsystemName,
- IN PHANDLE ObjectHandle,
- IN PUNICODE_STRING ObjectTypeName,
- IN PUNICODE_STRING ObjectName,
- IN PSECURITY_DESCRIPTOR SecurityDescriptor,
- IN ACCESS_MASK DesiredAccess,
- IN PGENERIC_MAPPING GenericMapping,
- IN BOOLEAN ObjectCreation,
- OUT PACCESS_MASK GrantedAccess,
- OUT PNTSTATUS AccessStatus,
- OUT PBOOLEAN GenerateOnClose
-);
-
-NTSTATUS
-STDCALL
-NtCancelTimer(
- IN HANDLE TimerHandle,
- OUT PBOOLEAN CurrentState OPTIONAL
-);
-
-
-NTSTATUS
-STDCALL
-NtContinue(
- IN PCONTEXT Context,
- IN BOOLEAN TestAlert
-);
-
-NTSTATUS
-STDCALL
-NtCreatePagingFile(
- IN PUNICODE_STRING FileName,
- IN PLARGE_INTEGER InitialSize,
- IN PLARGE_INTEGER MaxiumSize,
- IN ULONG Reserved
-);
-
-NTSTATUS
-STDCALL
-NtCreateProfile(
- OUT PHANDLE ProfileHandle,
- IN HANDLE ProcessHandle,
- IN PVOID ImageBase,
- IN ULONG ImageSize,
- IN ULONG Granularity,
- OUT PVOID Buffer,
- IN ULONG ProfilingSize,
- IN KPROFILE_SOURCE Source,
- IN KAFFINITY ProcessorMask
-);
-NTSTATUS
-STDCALL
-NtCreateThread(
- OUT PHANDLE ThreadHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
- IN HANDLE ProcessHandle,
- OUT PCLIENT_ID ClientId,
- IN PCONTEXT ThreadContext,
- IN PINITIAL_TEB UserStack,
- IN BOOLEAN CreateSuspended
-);
+static inline struct _PEB * NtCurrentPeb(void)
+{
+ struct _PEB * pPeb;
-NTSTATUS
-STDCALL
-NtDelayExecution(
- IN BOOLEAN Alertable,
- IN LARGE_INTEGER *Interval
-);
+#if defined(__GNUC__)
-NTSTATUS
-STDCALL
-NtExtendSection(
- IN HANDLE SectionHandle,
- IN PLARGE_INTEGER NewMaximumSize
-);
-
-NTSTATUS
-STDCALL
-NtFlushInstructionCache(
- IN HANDLE ProcessHandle,
- IN PVOID BaseAddress,
- IN UINT NumberOfBytesToFlush
-);
-
-NTSTATUS
-STDCALL
-NtFlushVirtualMemory(
- IN HANDLE ProcessHandle,
- IN PVOID BaseAddress,
- IN ULONG NumberOfBytesToFlush,
- OUT PULONG NumberOfBytesFlushed OPTIONAL
-);
-
-ULONG
-STDCALL
-NtGetTickCount(
- VOID
-);
-
-NTSTATUS
-STDCALL
-NtLoadKey(
- IN POBJECT_ATTRIBUTES KeyObjectAttributes,
- IN POBJECT_ATTRIBUTES FileObjectAttributes
-);
-
-
-NTSTATUS
-STDCALL
-NtLockVirtualMemory(
- HANDLE ProcessHandle,
- PVOID BaseAddress,
- ULONG NumberOfBytesToLock,
- PULONG NumberOfBytesLocked
-);
-
-NTSTATUS
-STDCALL
-NtOpenObjectAuditAlarm(
- IN PUNICODE_STRING SubsystemName,
- IN PVOID HandleId,
- IN PUNICODE_STRING ObjectTypeName,
- IN PUNICODE_STRING ObjectName,
- IN PSECURITY_DESCRIPTOR SecurityDescriptor,
- IN HANDLE ClientToken,
- IN ULONG DesiredAccess,
- IN ULONG GrantedAccess,
- IN PPRIVILEGE_SET Privileges,
- IN BOOLEAN ObjectCreation,
- IN BOOLEAN AccessGranted,
- OUT PBOOLEAN GenerateOnClose
-);
-
-NTSTATUS
-STDCALL
-NtProtectVirtualMemory(
- IN HANDLE ProcessHandle,
- IN PVOID *BaseAddress,
- IN ULONG *NumberOfBytesToProtect,
- IN ULONG NewAccessProtection,
- OUT PULONG OldAccessProtection
-);
-
-NTSTATUS
-STDCALL
-NtQueryDirectoryObject(
- IN HANDLE DirectoryHandle,
- OUT PVOID Buffer,
- IN ULONG BufferLength,
- IN BOOLEAN ReturnSingleEntry,
- IN BOOLEAN RestartScan,
- IN OUT PULONG Context,
- OUT PULONG ReturnLength OPTIONAL
-);
-
-NTSTATUS
-STDCALL
-NtQueryIntervalProfile(
- IN KPROFILE_SOURCE ProfileSource,
- OUT PULONG Interval
-);
-
-NTSTATUS
-STDCALL
-NtQuerySection(
- IN HANDLE SectionHandle,
- IN SECTION_INFORMATION_CLASS SectionInformationClass,
- OUT PVOID SectionInformation,
- IN ULONG Length,
- OUT PULONG ResultLength
-);
-
-NTSTATUS
-STDCALL
-NtQueryVirtualMemory(
- IN HANDLE ProcessHandle,
- IN PVOID Address,
- IN IN CINT VirtualMemoryInformationClass,
- OUT PVOID VirtualMemoryInformation,
- IN ULONG Length,
- OUT PULONG ResultLength
-);
-
-NTSTATUS
-STDCALL
-NtRaiseHardError(
- IN NTSTATUS ErrorStatus,
- IN ULONG NumberOfParameters,
- IN PUNICODE_STRING UnicodeStringParameterMask OPTIONAL,
- IN PVOID *Parameters,
- IN HARDERROR_RESPONSE_OPTION ResponseOption,
- OUT PHARDERROR_RESPONSE Response
-);
-
-NTSTATUS
-STDCALL
-NtSetInformationKey(
- IN HANDLE KeyHandle,
- IN KEY_SET_INFORMATION_CLASS KeyInformationClass,
- IN PVOID KeyInformation,
- IN ULONG KeyInformationLength
-);
-
-NTSTATUS
-STDCALL
-NtSetInformationObject(
- IN HANDLE ObjectHandle,
- IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
- IN PVOID ObjectInformation,
- IN ULONG Length
-);
-
-NTSTATUS
-STDCALL
-NtSetTimer(
- IN HANDLE TimerHandle,
- IN PLARGE_INTEGER DueTime,
- IN PTIMER_APC_ROUTINE TimerApcRoutine,
- IN PVOID TimerContext,
- IN BOOLEAN WakeTimer,
- IN LONG Period OPTIONAL,
- OUT PBOOLEAN PreviousState OPTIONAL
-);
-
-NTSTATUS
-STDCALL
-NtUnloadKey(
- IN POBJECT_ATTRIBUTES KeyObjectAttributes
-);
-
-NTSTATUS
-STDCALL
-NtUnlockVirtualMemory(
- IN HANDLE ProcessHandle,
- IN PVOID BaseAddress,
- IN ULONG NumberOfBytesToUnlock,
- OUT PULONG NumberOfBytesUnlocked OPTIONAL
-);
-
-NTSTATUS
-STDCALL
-NtWaitForMultipleObjects(
- IN ULONG Count,
- IN HANDLE Object[],
- IN WAIT_TYPE WaitType,
- IN BOOLEAN Alertable,
- IN PLARGE_INTEGER Time
-);
-
-NTSTATUS
-STDCALL
-ZwContinue(
- IN PCONTEXT Context,
- IN CINT IrqLevel
-);
-
-NTSTATUS
-STDCALL
-ZwQuerySystemTime (
- OUT PLARGE_INTEGER CurrentTime
-);
-
-
-NTSTATUS
-STDCALL
-NtDuplicateObject(
- IN HANDLE SourceProcessHandle,
- IN HANDLE SourceHandle,
- IN HANDLE TargetProcessHandle,
- OUT PHANDLE TargetHandle,
- IN ACCESS_MASK DesiredAccess,
- IN ULONG HandleAttributes,
- IN ULONG Options
-);
-
-NTSTATUS
-STDCALL
-ZwDuplicateObject(
- IN HANDLE SourceProcessHandle,
- IN HANDLE SourceHandle,
- IN HANDLE TargetProcessHandle,
- OUT PHANDLE TargetHandle,
- IN ACCESS_MASK DesiredAccess,
- IN ULONG HandleAttributes,
- IN ULONG Options
-);
-
-NTSTATUS
-STDCALL
-NtAddAtom(
- IN PWSTR AtomName,
- IN ULONG AtomNameLength,
- IN OUT PRTL_ATOM Atom
-);
-
-NTSTATUS
-STDCALL
-ZwAddAtom(
- IN PWSTR AtomName,
- IN ULONG AtomNameLength,
- IN OUT PRTL_ATOM Atom
-);
-
-NTSTATUS
-STDCALL
-NtAllocateUuids(
- PULARGE_INTEGER Time,
- PULONG Range,
- PULONG Sequence,
- PUCHAR Seed
-);
-
-NTSTATUS
-STDCALL
-ZwAllocateUuids(
- PULARGE_INTEGER Time,
- PULONG Range,
- PULONG Sequence,
- PUCHAR Seed
-);
-
-NTSTATUS
-STDCALL
-ZwCreatePagingFile(
- IN PUNICODE_STRING FileName,
- IN PLARGE_INTEGER InitialSize,
- IN PLARGE_INTEGER MaxiumSize,
- IN ULONG Reserved
-);
-
-NTSTATUS
-STDCALL
-ZwCreateThread(
- OUT PHANDLE ThreadHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
- IN HANDLE ProcessHandle,
- OUT PCLIENT_ID ClientId,
- IN PCONTEXT ThreadContext,
- IN PINITIAL_TEB UserStack,
- IN BOOLEAN CreateSuspended
-);
-
-NTSTATUS
-STDCALL
-NtDuplicateToken(
- IN HANDLE ExistingTokenHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
- IN BOOLEAN EffectiveOnly,
- IN TOKEN_TYPE TokenType,
- OUT PHANDLE NewTokenHandle
-);
-
-NTSTATUS
-STDCALL
-NtFindAtom(
- IN PWSTR AtomName,
- IN ULONG AtomNameLength,
- OUT PRTL_ATOM Atom OPTIONAL
-);
-
-NTSTATUS
-STDCALL
-ZwFindAtom(
- IN PWSTR AtomName,
- IN ULONG AtomNameLength,
- OUT PRTL_ATOM Atom OPTIONAL
-);
-
-ULONG
-STDCALL
-ZwGetTickCount(
- VOID
-);
-
-NTSTATUS
-STDCALL
-ZwLoadKey(
- IN POBJECT_ATTRIBUTES KeyObjectAttributes,
- IN POBJECT_ATTRIBUTES FileObjectAttributes
-);
-
-NTSTATUS
-STDCALL
-ZwLockVirtualMemory(
- HANDLE ProcessHandle,
- PVOID BaseAddress,
- ULONG NumberOfBytesToLock,
- PULONG NumberOfBytesLocked
-);
-
-NTSTATUS
-STDCALL
-ZwOpenObjectAuditAlarm(
- IN PUNICODE_STRING SubsystemName,
- IN PVOID HandleId,
- IN PUNICODE_STRING ObjectTypeName,
- IN PUNICODE_STRING ObjectName,
- IN PSECURITY_DESCRIPTOR SecurityDescriptor,
- IN HANDLE ClientToken,
- IN ULONG DesiredAccess,
- IN ULONG GrantedAccess,
- IN PPRIVILEGE_SET Privileges,
- IN BOOLEAN ObjectCreation,
- IN BOOLEAN AccessGranted,
- OUT PBOOLEAN GenerateOnClose
-);
-
-NTSTATUS
-STDCALL
-ZwProtectVirtualMemory(
- IN HANDLE ProcessHandle,
- IN PVOID *BaseAddress,
- IN ULONG *NumberOfBytesToProtect,
- IN ULONG NewAccessProtection,
- OUT PULONG OldAccessProtection
-);
-
-NTSTATUS
-STDCALL
-NtQueryInformationAtom(
- IN RTL_ATOM Atom,
- IN ATOM_INFORMATION_CLASS AtomInformationClass,
- OUT PVOID AtomInformation,
- IN ULONG AtomInformationLength,
- OUT PULONG ReturnLength OPTIONAL
-);
-
-NTSTATUS
-STDCALL
-ZwQueryInformationAtom(
- IN RTL_ATOM Atom,
- IN ATOM_INFORMATION_CLASS AtomInformationClass,
- OUT PVOID AtomInformation,
- IN ULONG AtomInformationLength,
- OUT PULONG ReturnLength OPTIONAL
-);
-
-NTSTATUS
-STDCALL
-ZwQueryDirectoryObject(
- IN HANDLE DirectoryHandle,
- OUT PVOID Buffer,
- IN ULONG BufferLength,
- IN BOOLEAN ReturnSingleEntry,
- IN BOOLEAN RestartScan,
- IN OUT PULONG Context,
- OUT PULONG ReturnLength OPTIONAL
-);
-
-NTSTATUS
-STDCALL
-ZwQueryIntervalProfile(
- OUT PULONG Interval,
- OUT KPROFILE_SOURCE ClockSource
-);
-
-NTSTATUS
-STDCALL
-ZwQueryObject(
- IN HANDLE ObjectHandle,
- IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
- OUT PVOID ObjectInformation,
- IN ULONG Length,
- OUT PULONG ResultLength OPTIONAL
-);
-
-NTSTATUS
-STDCALL
-NtQuerySecurityObject(
- IN HANDLE Handle,
- IN SECURITY_INFORMATION SecurityInformation,
- OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
- IN ULONG Length,
- OUT PULONG ResultLength
-);
-
-NTSTATUS
-STDCALL
-ZwQuerySecurityObject(
- IN HANDLE Handle,
- IN SECURITY_INFORMATION SecurityInformation,
- OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
- IN ULONG Length,
- OUT PULONG ResultLength
-);
-
-
-NTSTATUS
-STDCALL
-ZwQueryVirtualMemory(
- IN HANDLE ProcessHandle,
- IN PVOID Address,
- IN IN CINT VirtualMemoryInformationClass,
- OUT PVOID VirtualMemoryInformation,
- IN ULONG Length,
- OUT PULONG ResultLength
-);
-
-NTSTATUS
-STDCALL
-ZwRaiseHardError(
- IN NTSTATUS Status,
- ULONG Unknown2,
- ULONG Unknown3,
- ULONG Unknown4,
- ULONG Unknown5,
- ULONG Unknown6
-);
-
-NTSTATUS
-STDCALL
-ZwSetInformationKey(
- IN HANDLE KeyHandle,
- IN KEY_SET_INFORMATION_CLASS KeyInformationClass,
- IN PVOID KeyInformation,
- IN ULONG KeyInformationLength
-);
-
-NTSTATUS
-STDCALL
-ZwSetInformationObject(
- IN HANDLE ObjectHandle,
- IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
- IN PVOID ObjectInformation,
- IN ULONG Length
-);
-
-NTSTATUS
-STDCALL
-NtSetInformationProcess(
- IN HANDLE ProcessHandle,
- IN PROCESSINFOCLASS ProcessInformationClass,
- IN PVOID ProcessInformation,
- IN ULONG ProcessInformationLength
-);
-
-NTSTATUS
-STDCALL
-ZwUnloadKey(
- IN POBJECT_ATTRIBUTES KeyObjectAttributes
-);
-
-NTSTATUS
-STDCALL
-ZwUnlockVirtualMemory(
- IN HANDLE ProcessHandle,
- IN PVOID BaseAddress,
- IN ULONG NumberOfBytesToUnlock,
- OUT PULONG NumberOfBytesUnlocked OPTIONAL
-);
-
-NTSTATUS
-STDCALL
-ZwWaitForMultipleObjects (
- IN ULONG Count,
- IN HANDLE Object[],
- IN WAIT_TYPE WaitType,
- IN BOOLEAN Alertable,
- IN PLARGE_INTEGER Time
-);
-
-NTSTATUS
-STDCALL
-ZwCreateProfile(
- OUT PHANDLE ProfileHandle,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN ULONG ImageBase,
- IN ULONG ImageSize,
- IN ULONG Granularity,
- OUT PVOID Buffer,
- IN ULONG ProfilingSize,
- IN ULONG ClockSource,
- IN ULONG ProcessorMask
-);
-
-NTSTATUS
-STDCALL
-ZwDelayExecution(
- IN BOOLEAN Alertable,
- IN LARGE_INTEGER *Interval
-);
-
-NTSTATUS
-STDCALL
-ZwExtendSection(
- IN HANDLE SectionHandle,
- IN PLARGE_INTEGER NewMaximumSize
-);
-
-NTSTATUS
-STDCALL
-ZwQuerySection(
- IN HANDLE SectionHandle,
- IN CINT SectionInformationClass,
- OUT PVOID SectionInformation,
- IN ULONG Length,
- OUT PULONG ResultLength
-);
-
-NTSTATUS
-STDCALL
-NtLoadKey2(
- IN POBJECT_ATTRIBUTES KeyObjectAttributes,
- IN POBJECT_ATTRIBUTES FileObjectAttributes,
- IN ULONG Flags
-);
-
-NTSTATUS
-STDCALL
-ZwLoadKey2(
- IN POBJECT_ATTRIBUTES KeyObjectAttributes,
- IN POBJECT_ATTRIBUTES FileObjectAttributes,
- IN ULONG Flags
-);
-
-NTSTATUS
-STDCALL
-NtQuerySystemTime (
- OUT PLARGE_INTEGER CurrentTime
-);
-
-NTSTATUS
-STDCALL
-NtQueryObject(
- IN HANDLE ObjectHandle,
- IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
- OUT PVOID ObjectInformation,
- IN ULONG Length,
- OUT PULONG ResultLength OPTIONAL
-);
-
-static inline struct _PEB * NtCurrentPeb(void)
-{
- struct _PEB * pPeb;
-
-#if defined(__GNUC__)
-
- __asm__ __volatile__
- (
- "movl %%fs:0x30, %0\n" /* fs:30h == Teb->Peb */
- : "=r" (pPeb) /* can't have two memory operands */
- : /* no inputs */
- );
+ __asm__ __volatile__
+ (
+ "movl %%fs:0x30, %0\n" /* fs:30h == Teb->Peb */
+ : "=r" (pPeb) /* can't have two memory operands */
+ : /* no inputs */
+ );
#elif defined(_MSC_VER)
#error Unknown compiler for inline assembler
#endif
- return pPeb;
-}
+ return pPeb;
+}
#endif
/* ENUMERATIONS **************************************************************/
-typedef enum _HARDERROR_RESPONSE_OPTION
+typedef enum _HARDERROR_RESPONSE_OPTION
{
OptionAbortRetryIgnore,
OptionOk,
OptionShutdownSystem
} HARDERROR_RESPONSE_OPTION, *PHARDERROR_RESPONSE_OPTION;
-typedef enum _HARDERROR_RESPONSE
+typedef enum _HARDERROR_RESPONSE
{
ResponseReturnToCaller,
ResponseNotHandled,
ResponseYes
} HARDERROR_RESPONSE, *PHARDERROR_RESPONSE;
-typedef enum SHUTDOWN_ACTION_TAG
+typedef enum SHUTDOWN_ACTION_TAG
{
ShutdownNoReboot,
ShutdownReboot,
MaxPlugPlayBusClass
} PLUGPLAY_BUS_CLASS, *PPLUGPLAY_BUS_CLASS;
-typedef enum _PLUGPLAY_VIRTUAL_BUS_TYPE
+typedef enum _PLUGPLAY_VIRTUAL_BUS_TYPE
{
Root,
MaxPlugPlayVirtualBusType
} PLUGPLAY_VIRTUAL_BUS_TYPE, *PPLUGPLAY_VIRTUAL_BUS_TYPE;
-typedef enum _SYSTEM_DOCK_STATE
+typedef enum _SYSTEM_DOCK_STATE
{
SystemDockStateUnknown,
SystemUndocked,
/* FIXME: Temporary hack until all KMODE stuf are NDK */
#ifndef __WINDDK_H
typedef enum _PROCESS_INFORMATION_FLAGS
-{
+{
ProcessUnknown33 = 33,
ProcessUnknown34,
ProcessUnknown35,
/*
* System
*/
-typedef enum _SYSTEM_INFORMATION_CLASS
+typedef enum _SYSTEM_INFORMATION_CLASS
{
SystemBasicInformation,
SystemProcessorInformation,
/*
* Object
*/
-typedef enum _OBJECT_INFORMATION_CLASS
+typedef enum _OBJECT_INFORMATION_CLASS
{
ObjectBasicInformation,
ObjectNameInformation,
/*
* Memory
*/
-typedef enum _MEMORY_INFORMATION_CLASS
+typedef enum _MEMORY_INFORMATION_CLASS
{
MemoryBasicInformation,
MemoryWorkingSetList,
/*
* Mutant
*/
-typedef enum _MUTANT_INFORMATION_CLASS
+typedef enum _MUTANT_INFORMATION_CLASS
{
MutantBasicInformation
} MUTANT_INFORMATION_CLASS;
/*
* Section
*/
-typedef enum _SECTION_INFORMATION_CLASS
+typedef enum _SECTION_INFORMATION_CLASS
{
SectionBasicInformation,
SectionImageInformation,
/*
* Semaphore
*/
-typedef enum _SEMAPHORE_INFORMATION_CLASS
+typedef enum _SEMAPHORE_INFORMATION_CLASS
{
SemaphoreBasicInformation
} SEMAPHORE_INFORMATION_CLASS;
/*
* Event
*/
-typedef enum _EVENT_INFORMATION_CLASS
+typedef enum _EVENT_INFORMATION_CLASS
{
EventBasicInformation
} EVENT_INFORMATION_CLASS;
/*
* I/O Completion
*/
-typedef enum _IO_COMPLETION_INFORMATION_CLASS
+typedef enum _IO_COMPLETION_INFORMATION_CLASS
{
IoCompletionBasicInformation
} IO_COMPLETION_INFORMATION_CLASS;
*/
/* Class 0 */
-typedef struct _MUTANT_BASIC_INFORMATION
+typedef struct _MUTANT_BASIC_INFORMATION
{
LONG CurrentCount;
BOOLEAN OwnedByCaller;
} ATOM_BASIC_INFORMATION, *PATOM_BASIC_INFORMATION;
/* Class 1 */
-typedef struct _ATOM_TABLE_INFORMATION
+typedef struct _ATOM_TABLE_INFORMATION
{
ULONG NumberOfAtoms;
USHORT Atoms[1];
/*
* Memory
*/
-
+
/* Class 1 */
-typedef struct _MEMORY_WORKING_SET_LIST
+typedef struct _MEMORY_WORKING_SET_LIST
{
ULONG NumberOfPages;
ULONG WorkingSetList[1];
} MEMORY_WORKING_SET_LIST, *PMEMORY_WORKING_SET_LIST;
/* Class 2 */
-typedef struct {
+typedef struct
+{
UNICODE_STRING SectionFileName;
WCHAR NameBuffer[ANYSIZE_ARRAY];
} MEMORY_SECTION_NAME, *PMEMORY_SECTION_NAME;
-
+
/*
* Section
*/
/* Class 0 */
-typedef struct _SECTION_BASIC_INFORMATION
+typedef struct _SECTION_BASIC_INFORMATION
{
PVOID BaseAddress;
ULONG Attributes;
} SECTION_BASIC_INFORMATION, *PSECTION_BASIC_INFORMATION;
/* Class 1 */
-typedef struct _SECTION_IMAGE_INFORMATION
+typedef struct _SECTION_IMAGE_INFORMATION
{
ULONG EntryPoint;
ULONG Unknown1;
} SECTION_IMAGE_INFORMATION, *PSECTION_IMAGE_INFORMATION;
/*
- * Object
+ * Object
*/
/* Class 4 */
-typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFORMATION
+typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFORMATION
{
BOOLEAN Inherit;
BOOLEAN ProtectFromClose;
*/
/* Class 0 */
-typedef struct _TIMER_BASIC_INFORMATION
+typedef struct _TIMER_BASIC_INFORMATION
{
LARGE_INTEGER TimeRemaining;
BOOLEAN SignalState;
*/
/* Class 0 */
-typedef struct _SEMAPHORE_BASIC_INFORMATION {
+typedef struct _SEMAPHORE_BASIC_INFORMATION
+{
LONG CurrentCount;
LONG MaximumCount;
} SEMAPHORE_BASIC_INFORMATION, *PSEMAPHORE_BASIC_INFORMATION;
* Event
*/
/* Class 0 */
-typedef struct _EVENT_BASIC_INFORMATION
+typedef struct _EVENT_BASIC_INFORMATION
{
EVENT_TYPE EventType;
LONG EventState;
/* Class 23 */
typedef struct _PROCESS_DEVICEMAP_INFORMATION
{
- union
+ union
{
- struct
+ struct
{
HANDLE DirectoryHandle;
} Set;
- struct
+ struct
{
ULONG DriveMap;
UCHAR DriveType[32];
} SYSTEM_PROCESSOR_INFORMATION, *PSYSTEM_PROCESSOR_INFORMATION;
/* Class 2 */
-typedef struct _SYSTEM_PERFORMANCE_INFORMATION
+typedef struct _SYSTEM_PERFORMANCE_INFORMATION
{
LARGE_INTEGER IdleProcessTime;
LARGE_INTEGER IoReadTransferCount;
/* This class is obsoleted, please use KUSER_SHARED_DATA instead */
/* Class 5 */
-typedef struct _SYSTEM_THREAD_INFORMATION
+typedef struct _SYSTEM_THREAD_INFORMATION
{
LARGE_INTEGER KernelTime;
LARGE_INTEGER UserTime;
ULONG ThreadState;
ULONG WaitReason;
} SYSTEM_THREAD_INFORMATION, *PSYSTEM_THREAD_INFORMATION;
+
typedef struct _SYSTEM_PROCESS_INFORMATION
{
ULONG NextEntryOffset;
ULONG HandleCount;
ULONG SessionId;
ULONG PageDirectoryFrame;
-
- /*
- * This part corresponds to VM_COUNTERS_EX.
+
+ /*
+ * This part corresponds to VM_COUNTERS_EX.
* NOTE: *NOT* THE SAME AS VM_COUNTERS!
*/
ULONG PeakVirtualSize;
ULONG PagefileUsage;
ULONG PeakPagefileUsage;
ULONG PrivateUsage;
-
+
/* This part corresponds to IO_COUNTERS */
LARGE_INTEGER ReadOperationCount;
LARGE_INTEGER WriteOperationCount;
LARGE_INTEGER ReadTransferCount;
LARGE_INTEGER WriteTransferCount;
LARGE_INTEGER OtherTransferCount;
-
+
/* Finally, the array of Threads */
SYSTEM_THREAD_INFORMATION TH[1];
} SYSTEM_PROCESS_INFORMATION, *PSYSTEM_PROCESS_INFORMATION;
/* Class 6 */
-typedef struct _SYSTEM_CALL_COUNT_INFORMATION
+typedef struct _SYSTEM_CALL_COUNT_INFORMATION
{
ULONG Length;
ULONG NumberOfTables;
-} SYSTEM_CALL_COUNT_INFORMATION, *PSYSTEM_CALL_COUNT_INFORMATION;
+} SYSTEM_CALL_COUNT_INFORMATION, *PSYSTEM_CALL_COUNT_INFORMATION;
/* Class 7 */
typedef struct _SYSTEM_DEVICE_INFORMATION
} SYSTEM_DEVICE_INFORMATION, *PSYSTEM_DEVICE_INFORMATION;
/* Class 8 */
-typedef struct _SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION
+typedef struct _SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION
{
LARGE_INTEGER IdleTime;
LARGE_INTEGER KernelTime;
} SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION, *PSYSTEM_PROCESSOR_PERFORMANCE_INFORMATION;
/* Class 9 */
-typedef struct _SYSTEM_FLAGS_INFORMATION
+typedef struct _SYSTEM_FLAGS_INFORMATION
{
ULONG Flags;
} SYSTEM_FLAGS_INFORMATION, *PSYSTEM_FLAGS_INFORMATION;
/* Class 10 */
-typedef struct _SYSTEM_CALL_TIME_INFORMATION
+typedef struct _SYSTEM_CALL_TIME_INFORMATION
{
ULONG Length;
ULONG TotalCalls;
} SYSTEM_CALL_TIME_INFORMATION, *PSYSTEM_CALL_TIME_INFORMATION;
/* Class 11 */
-typedef struct _SYSTEM_MODULE_INFORMATION_ENTRY
+typedef struct _SYSTEM_MODULE_INFORMATION_ENTRY
{
ULONG Unknown1;
ULONG Unknown2;
USHORT PathLength;
CHAR ImageName[256];
} SYSTEM_MODULE_INFORMATION_ENTRY, *PSYSTEM_MODULE_INFORMATION_ENTRY;
-typedef struct _SYSTEM_MODULE_INFORMATION
+typedef struct _SYSTEM_MODULE_INFORMATION
{
ULONG Count;
SYSTEM_MODULE_INFORMATION_ENTRY Module[1];
} SYSTEM_MODULE_INFORMATION, *PSYSTEM_MODULE_INFORMATION;
/* Class 12 */
-typedef struct _SYSTEM_RESOURCE_LOCK_ENTRY
+typedef struct _SYSTEM_RESOURCE_LOCK_ENTRY
{
ULONG ResourceAddress;
ULONG Always1;
ULONG NumberOfSharedWaiters;
ULONG NumberOfExclusiveWaiters;
} SYSTEM_RESOURCE_LOCK_ENTRY, *PSYSTEM_RESOURCE_LOCK_ENTRY;
-typedef struct _SYSTEM_RESOURCE_LOCK_INFO
+
+typedef struct _SYSTEM_RESOURCE_LOCK_INFO
{
ULONG Count;
SYSTEM_RESOURCE_LOCK_ENTRY Lock[1];
{
/* FIXME */
} SYSTEM_BACKTRACE_INFORMATION_ENTRY, *PSYSTEM_BACKTRACE_INFORMATION_ENTRY;
+
typedef struct _SYSTEM_BACKTRACE_INFORMATION
{
/* FIXME */
} SYSTEM_BACKTRACE_INFORMATION, *PSYSTEM_BACKTRACE_INFORMATION;
/* Class 14 - 15 */
-typedef struct _SYSTEM_POOL_ENTRY
+typedef struct _SYSTEM_POOL_ENTRY
{
BOOLEAN Allocated;
BOOLEAN Spare0;
USHORT AllocatorBackTraceIndex;
ULONG Size;
- union {
+ union
+ {
UCHAR Tag[4];
ULONG TagUlong;
PVOID ProcessChargedQuota;
};
} SYSTEM_POOL_ENTRY, *PSYSTEM_POOL_ENTRY;
-typedef struct _SYSTEM_POOL_INFORMATION
+
+typedef struct _SYSTEM_POOL_INFORMATION
{
ULONG TotalSize;
PVOID FirstEntry;
} SYSTEM_POOL_INFORMATION, *PSYSTEM_POOL_INFORMATION;
/* Class 16 */
-typedef struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO
+typedef struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO
{
USHORT UniqueProcessId;
USHORT CreatorBackTraceIndex;
USHORT HandleValue;
PVOID Object;
ULONG GrantedAccess;
-} SYSTEM_HANDLE_TABLE_ENTRY_INFO, *PSYSTEM_HANDLE_TABLE_ENTRY_INFO;
-typedef struct _SYSTEM_HANDLE_INFORMATION
+} SYSTEM_HANDLE_TABLE_ENTRY_INFO, *PSYSTEM_HANDLE_TABLE_ENTRY_INFO;
+
+typedef struct _SYSTEM_HANDLE_INFORMATION
{
ULONG NumberOfHandles;
SYSTEM_HANDLE_TABLE_ENTRY_INFO Handles[1];
} SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;
/* Class 17 */
-typedef struct _SYSTEM_OBJECTTYPE_INFORMATION
+typedef struct _SYSTEM_OBJECTTYPE_INFORMATION
{
ULONG NextEntryOffset;
ULONG NumberOfObjects;
BOOLEAN SecurityRequired;
BOOLEAN WaitableObject;
UNICODE_STRING TypeName;
-} SYSTEM_OBJECTTYPE_INFORMATION, *PSYSTEM_OBJECTTYPE_INFORMATION;
-typedef struct _SYSTEM_OBJECT_INFORMATION
+} SYSTEM_OBJECTTYPE_INFORMATION, *PSYSTEM_OBJECTTYPE_INFORMATION;
+
+typedef struct _SYSTEM_OBJECT_INFORMATION
{
ULONG NextEntryOffset;
PVOID Object;
} SYSTEM_OBJECT_INFORMATION, *PSYSTEM_OBJECT_INFORMATION;
/* Class 18 */
-typedef struct _SYSTEM_PAGEFILE_INFORMATION
+typedef struct _SYSTEM_PAGEFILE_INFORMATION
{
ULONG NextEntryOffset;
ULONG TotalSize;
} SYSTEM_PAGEFILE_INFORMATION, *PSYSTEM_PAGEFILE_INFORMATION;
/* Class 19 */
-typedef struct _SYSTEM_VDM_INSTEMUL_INFO
+typedef struct _SYSTEM_VDM_INSTEMUL_INFO
{
ULONG SegmentNotPresent;
ULONG VdmOpcode0F;
} SYSTEM_VDM_INSTEMUL_INFO, *PSYSTEM_VDM_INSTEMUL_INFO;
/* Class 20 */
-typedef struct _SYSTEM_VDM_BOP_INFO
+typedef struct _SYSTEM_VDM_BOP_INFO
{
/* FIXME */
PVOID Dummy;
} SYSTEM_VDM_BOP_INFO, *PSYSTEM_VDM_BOP_INFO;
/* Class 21 */
-typedef struct _SYSTEM_CACHE_INFORMATION
+typedef struct _SYSTEM_CACHE_INFORMATION
{
ULONG CurrentSize;
ULONG PeakSize;
} SYSTEM_CACHE_INFORMATION, *PSYSTEM_CACHE_INFORMATION;
/* Class 22 */
-typedef struct _SYSTEM_POOLTAG
+typedef struct _SYSTEM_POOLTAG
{
- union
+ union
{
UCHAR Tag[4];
ULONG TagUlong;
ULONG NonPagedFrees;
ULONG NonPagedUsed;
} SYSTEM_POOLTAG, *PSYSTEM_POOLTAG;
-typedef struct _SYSTEM_POOLTAG_INFORMATION
+typedef struct _SYSTEM_POOLTAG_INFORMATION
{
ULONG Count;
SYSTEM_POOLTAG TagInfo[1];
} SYSTEM_POOLTAG_INFORMATION, *PSYSTEM_POOLTAG_INFORMATION;
/* Class 23 */
-typedef struct _SYSTEM_INTERRUPT_INFORMATION
+typedef struct _SYSTEM_INTERRUPT_INFORMATION
{
ULONG ContextSwitches;
ULONG DpcCount;
} SYSTEM_INTERRUPT_INFORMATION, *PSYSTEM_INTERRUPT_INFORMATION;
/* Class 24 */
-typedef struct _SYSTEM_DPC_BEHAVIOR_INFORMATION
+typedef struct _SYSTEM_DPC_BEHAVIOR_INFORMATION
{
ULONG Spare;
ULONG DpcQueueDepth;
ULONG MinimumDpcRate;
ULONG AdjustDpcThreshold;
ULONG IdealDpcRate;
-} SYSTEM_DPC_BEHAVIOR_INFORMATION, *PSYSTEM_DPC_BEHAVIOR_INFORMATION;
+} SYSTEM_DPC_BEHAVIOR_INFORMATION, *PSYSTEM_DPC_BEHAVIOR_INFORMATION;
/* Class 25 */
-typedef struct _SYSTEM_MEMORY_INFO
+typedef struct _SYSTEM_MEMORY_INFO
{
PUCHAR StringOffset;
USHORT ValidCount;
USHORT TransitionCount;
USHORT ModifiedCount;
USHORT PageTableCount;
-} SYSTEM_MEMORY_INFO, *PSYSTEM_MEMORY_INFO;
-typedef struct _SYSTEM_MEMORY_INFORMATION
+} SYSTEM_MEMORY_INFO, *PSYSTEM_MEMORY_INFO;
+typedef struct _SYSTEM_MEMORY_INFORMATION
{
ULONG InfoSize;
ULONG StringStart;
} SYSTEM_MEMORY_INFORMATION, *PSYSTEM_MEMORY_INFORMATION;
/* Class 26 */
-typedef struct _SYSTEM_GDI_DRIVER_INFORMATION {
+typedef struct _SYSTEM_GDI_DRIVER_INFORMATION
+{
UNICODE_STRING DriverName;
PVOID ImageAddress;
PVOID SectionPointer;
PVOID EntryPoint;
PIMAGE_EXPORT_DIRECTORY ExportSectionPointer;
-} SYSTEM_GDI_DRIVER_INFORMATION, *PSYSTEM_GDI_DRIVER_INFORMATION;
+} SYSTEM_GDI_DRIVER_INFORMATION, *PSYSTEM_GDI_DRIVER_INFORMATION;
/* Class 27 */
/* Not an actuall class, simply a PVOID to the ImageAddress */
ULONG TimeIncrement;
BOOLEAN Enable;
} SYSTEM_QUERY_TIME_ADJUST_INFORMATION, *PSYSTEM_QUERY_TIME_ADJUST_INFORMATION;
-typedef struct _SYSTEM_SET_TIME_ADJUST_INFORMATION
+
+typedef struct _SYSTEM_SET_TIME_ADJUST_INFORMATION
{
ULONG TimeAdjustment;
BOOLEAN Enable;
/* FIXME */
/* Class 32 */
-typedef struct _SYSTEM_CRASH_DUMP_INFORMATION
+typedef struct _SYSTEM_CRASH_DUMP_INFORMATION
{
HANDLE CrashDumpSection;
-} SYSTEM_CRASH_DUMP_INFORMATION, *PSYSTEM_CRASH_DUMP_INFORMATION;
+} SYSTEM_CRASH_DUMP_INFORMATION, *PSYSTEM_CRASH_DUMP_INFORMATION;
/* Class 33 */
-typedef struct _SYSTEM_EXCEPTION_INFORMATION
+typedef struct _SYSTEM_EXCEPTION_INFORMATION
{
ULONG AlignmentFixupCount;
ULONG ExceptionDispatchCount;
ULONG FloatingEmulationCount;
ULONG ByteWordEmulationCount;
} SYSTEM_EXCEPTION_INFORMATION, *PSYSTEM_EXCEPTION_INFORMATION;
-
+
/* Class 34 */
-typedef struct _SYSTEM_CRASH_STATE_INFORMATION
+typedef struct _SYSTEM_CRASH_STATE_INFORMATION
{
ULONG ValidCrashDump;
} SYSTEM_CRASH_STATE_INFORMATION, *PSYSTEM_CRASH_STATE_INFORMATION;
/* Class 35 */
-typedef struct _SYSTEM_KERNEL_DEBUGGER_INFORMATION
+typedef struct _SYSTEM_KERNEL_DEBUGGER_INFORMATION
{
BOOLEAN KernelDebuggerEnabled;
BOOLEAN KernelDebuggerNotPresent;
-} SYSTEM_KERNEL_DEBUGGER_INFORMATION, *PSYSTEM_KERNEL_DEBUGGER_INFORMATION;
+} SYSTEM_KERNEL_DEBUGGER_INFORMATION, *PSYSTEM_KERNEL_DEBUGGER_INFORMATION;
/* Class 36 */
typedef struct _SYSTEM_CONTEXT_SWITCH_INFORMATION {
} SYSTEM_CONTEXT_SWITCH_INFORMATION, *PSYSTEM_CONTEXT_SWITCH_INFORMATION;
/* Class 37 */
-typedef struct _SYSTEM_REGISTRY_QUOTA_INFORMATION
+typedef struct _SYSTEM_REGISTRY_QUOTA_INFORMATION
{
ULONG RegistryQuotaAllowed;
ULONG RegistryQuotaUsed;
/* Class 39 */
/* Not a structure, simply send a ULONG containing the new separation */
-/* Class 40 */
+/* Class 40 */
typedef struct _PLUGPLAY_BUS_TYPE
{
PLUGPLAY_BUS_CLASS BusClass;
- union
+ union
{
INTERFACE_TYPE SystemBusType;
PLUGPLAY_VIRTUAL_BUS_TYPE PlugPlayVirtualBusType;
};
-} PLUGPLAY_BUS_TYPE, *PPLUGPLAY_BUS_TYPE;
-typedef struct _PLUGPLAY_BUS_INSTANCE
+} PLUGPLAY_BUS_TYPE, *PPLUGPLAY_BUS_TYPE;
+
+typedef struct _PLUGPLAY_BUS_INSTANCE
{
PLUGPLAY_BUS_TYPE BusType;
ULONG BusNumber;
WCHAR BusName[MAX_BUS_NAME];
} PLUGPLAY_BUS_INSTANCE, *PPLUGPLAY_BUS_INSTANCE;
-typedef struct _SYSTEM_PLUGPLAY_BUS_INFORMATION
+
+typedef struct _SYSTEM_PLUGPLAY_BUS_INFORMATION
{
ULONG BusCount;
PLUGPLAY_BUS_INSTANCE BusInstance[1];
} SYSTEM_PLUGPLAY_BUS_INFORMATION, *PSYSTEM_PLUGPLAY_BUS_INFORMATION;
/* Class 41 */
-typedef struct _SYSTEM_DOCK_INFORMATION
+typedef struct _SYSTEM_DOCK_INFORMATION
{
SYSTEM_DOCK_STATE DockState;
INTERFACE_TYPE DeviceBusType;
typedef struct _TIME_ZONE_INFORMATION RTL_TIME_ZONE_INFORMATION;
/* Class 45 */
-typedef struct _SYSTEM_LOOKASIDE_INFORMATION
+typedef struct _SYSTEM_LOOKASIDE_INFORMATION
{
USHORT CurrentDepth;
USHORT MaximumDepth;
/* FIXME */
/* Class 53 */
-typedef struct _SYSTEM_SESSION_PROCESSES_INFORMATION
+typedef struct _SYSTEM_SESSION_PROCESSES_INFORMATION
{
ULONG SessionId;
ULONG BufferSize;