From b607e0119ffcc64da433cf090d463c510d7abfc4 Mon Sep 17 00:00:00 2001
From: Andrew Boyarshin <andrew.boyarshin@gmail.com>
Date: Sun, 25 Nov 2018 14:11:04 +0700
Subject: [PATCH] [NTOSKRNL][PS] Implement NtQueueApcThreadEx and use it in
 NtQueueApcThread

Actually rename NtQueueApcThread to NtQueueApcThreadEx and ignore one additional parameter for now.
---
 ntoskrnl/ps/state.c       | 50 +++++++++++++++++++++++++++++++++++----
 sdk/include/ndk/kefuncs.h | 12 ++++++++++
 2 files changed, 58 insertions(+), 4 deletions(-)

diff --git a/ntoskrnl/ps/state.c b/ntoskrnl/ps/state.c
index 5d3839b0b95..4511c1ff625 100644
--- a/ntoskrnl/ps/state.c
+++ b/ntoskrnl/ps/state.c
@@ -470,7 +470,7 @@ NtTestAlert(VOID)
 }
 
 /*++
- * @name NtQueueApcThread
+ * @name NtQueueApcThreadEx
  * NT4
  *
  *    This routine is used to queue an APC from user-mode for the specified
@@ -479,6 +479,10 @@ NtTestAlert(VOID)
  * @param ThreadHandle
  *        Handle to the Thread.
  *        This handle must have THREAD_SET_CONTEXT privileges.
+ *        
+ * @param UserApcReserveHandle
+ *        Optional handle to reserve object (introduced in Windows 7), providing ability to
+ *        reserve memory before performing stability-critical parts of code.
  *
  * @param ApcRoutine
  *        Pointer to the APC Routine to call when the APC executes.
@@ -497,11 +501,12 @@ NtTestAlert(VOID)
  *--*/
 NTSTATUS
 NTAPI
-NtQueueApcThread(IN HANDLE ThreadHandle,
+NtQueueApcThreadEx(IN HANDLE ThreadHandle,
+                 IN OPTIONAL HANDLE UserApcReserveHandle,
                  IN PKNORMAL_ROUTINE ApcRoutine,
                  IN PVOID NormalContext,
-                 IN PVOID SystemArgument1,
-                 IN PVOID SystemArgument2)
+                 IN OPTIONAL PVOID SystemArgument1,
+                 IN OPTIONAL PVOID SystemArgument2)
 {
     PKAPC Apc;
     PETHREAD Thread;
@@ -564,4 +569,41 @@ Quit:
     return Status;
 }
 
+/*++
+ * @name NtQueueApcThread
+ * NT4
+ *
+ *    This routine is used to queue an APC from user-mode for the specified
+ *    thread.
+ *
+ * @param ThreadHandle
+ *        Handle to the Thread.
+ *        This handle must have THREAD_SET_CONTEXT privileges.
+ *
+ * @param ApcRoutine
+ *        Pointer to the APC Routine to call when the APC executes.
+ *
+ * @param NormalContext
+ *        Pointer to the context to send to the Normal Routine.
+ *
+ * @param SystemArgument[1-2]
+ *        Pointer to a set of two parameters that contain untyped data.
+ *
+ * @return STATUS_SUCCESS or failure cute from associated calls.
+ *
+ * @remarks The thread must enter an alertable wait before the APC will be
+ *          delivered.
+ *
+ *--*/
+NTSTATUS
+NTAPI
+NtQueueApcThread(IN HANDLE ThreadHandle,
+    IN PKNORMAL_ROUTINE ApcRoutine,
+    IN PVOID NormalContext,
+    IN PVOID SystemArgument1,
+    IN PVOID SystemArgument2)
+{
+    return NtQueueApcThreadEx(ThreadHandle, NULL, ApcRoutine, NormalContext, SystemArgument1, SystemArgument2);
+}
+
 /* EOF */
diff --git a/sdk/include/ndk/kefuncs.h b/sdk/include/ndk/kefuncs.h
index 6d7b713cc8d..09627727937 100644
--- a/sdk/include/ndk/kefuncs.h
+++ b/sdk/include/ndk/kefuncs.h
@@ -467,6 +467,18 @@ NtQueueApcThread(
     _In_opt_ PVOID SystemArgument2
 );
 
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtQueueApcThreadEx(
+    _In_ HANDLE ThreadHandle,
+    _In_opt_ HANDLE UserApcReserveHandle,
+    _In_ PKNORMAL_ROUTINE ApcRoutine,
+    _In_opt_ PVOID NormalContext,
+    _In_opt_ PVOID SystemArgument1,
+    _In_opt_ PVOID SystemArgument2
+);
+
 NTSYSCALLAPI
 NTSTATUS
 NTAPI
-- 
2.17.1