summaryrefslogtreecommitdiff
path: root/plugins/Dbx_mdb/src/lmdb/ntapi.h
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/Dbx_mdb/src/lmdb/ntapi.h')
-rw-r--r--plugins/Dbx_mdb/src/lmdb/ntapi.h3909
1 files changed, 0 insertions, 3909 deletions
diff --git a/plugins/Dbx_mdb/src/lmdb/ntapi.h b/plugins/Dbx_mdb/src/lmdb/ntapi.h
deleted file mode 100644
index 10d4aa7f50..0000000000
--- a/plugins/Dbx_mdb/src/lmdb/ntapi.h
+++ /dev/null
@@ -1,3909 +0,0 @@
-/*
- * ntapi.h
- *
- * Windows NT Native API
- *
- * Most structures in this file is obtained from Windows NT/2000 Native API
- * Reference by Gary Nebbett, ISBN 1578701996.
- *
- * This file is part of the w32api package.
- *
- * Contributors:
- * Created by Casper S. Hornstrup <chorns@users.sourceforge.net>
- *
- * THIS SOFTWARE IS NOT COPYRIGHTED
- *
- * This source code is offered for use in the public domain. You may
- * use, modify or distribute it freely.
- *
- * This code is distributed in the hope that it will be useful but
- * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
- * DISCLAIMED. This includes but is not limited to warranties of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
- *
- */
-
-#ifndef __NTAPI_H
-#define __NTAPI_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#include <stdarg.h>
-//#include <winbase.h>
-#include <windef.h>
-
-
-#pragma pack(push,4)
-
-//typedef struct _PEB *PPEB;
-
-/* FIXME: Unknown definitions */
-//typedef PVOID POBJECT_TYPE_LIST;
-typedef PVOID PEXECUTION_STATE;
-typedef PVOID PLANGID;
-
-#ifndef NtCurrentProcess
-#define NtCurrentProcess() ((HANDLE)0xFFFFFFFF)
-#endif /* NtCurrentProcess */
-#ifndef NtCurrentThread
-#define NtCurrentThread() ((HANDLE)0xFFFFFFFE)
-#endif /* NtCurrentThread */
-
-
-
-#define RTL_REGISTRY_ABSOLUTE 0
-//add by SevenCat
-
-#define STATUS_UNSUCCESSFUL ((NTSTATUS)0xC0000001L)
-#define STATUS_NOT_IMPLEMENTED ((NTSTATUS)0xC0000002L)
-#define STATUS_INVALID_INFO_CLASS ((NTSTATUS)0xC0000003L) // ntsubauth
-#define STATUS_INFO_LENGTH_MISMATCH ((NTSTATUS)0xC0000004L)
-//#define STATUS_ACCESS_VIOLATION ((NTSTATUS)0xC0000005L) // winnt
-//#define STATUS_IN_PAGE_ERROR ((NTSTATUS)0xC0000006L) // winnt
-#define STATUS_PAGEFILE_QUOTA ((NTSTATUS)0xC0000007L)
-//#define STATUS_INVALID_HANDLE ((NTSTATUS)0xC0000008L) // winnt
-#define STATUS_BAD_INITIAL_STACK ((NTSTATUS)0xC0000009L)
-#define STATUS_BAD_INITIAL_PC ((NTSTATUS)0xC000000AL)
-#define STATUS_INVALID_CID ((NTSTATUS)0xC000000BL)
-#define STATUS_TIMER_NOT_CANCELED ((NTSTATUS)0xC000000CL)
-// #define STATUS_INVALID_PARAMETER ((NTSTATUS)0xC000000DL)
-#define STATUS_NO_SUCH_DEVICE ((NTSTATUS)0xC000000EL)
-#define STATUS_NO_SUCH_FILE ((NTSTATUS)0xC000000FL)
-#define STATUS_OBJECT_NAME_NOT_FOUND 0xC0000034
-
-#define RTL_CONSTANT_STRING(s) { sizeof( s ) - sizeof( (s)[0] ), sizeof( s ), s }
-
-#define __WTEXT(quote) L##quote
-#define WTEXT(quote) __WTEXT(quote)
-
-#define DIRECTORY_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|0xF)
-#define OBJ_PERMANENT 0x00000010L
-
-#ifndef NT_SUCCESS
-#define NT_SUCCESS(x) ((x)>=0)
-#define STATUS_SUCCESS ((NTSTATUS)0)
-#endif
-
-#define DDKAPI __stdcall
-#define DDKFASTAPI __fastcall
-#define DDKCDECLAPI __cdecl
-
-typedef struct _CLIENT_ID {
- HANDLE UniqueProcess;
- HANDLE UniqueThread;
-} CLIENT_ID, *PCLIENT_ID;
-
-
-/////////////
-
-
-
-typedef enum _KEY_INFORMATION_CLASS
-{
- KeyBasicInformation,
- KeyNodeInformation,
- KeyFullInformation
-} KEY_INFORMATION_CLASS;
-
-typedef struct _KEY_BASIC_INFORMATION
-{
- LARGE_INTEGER LastWriteTime;
- ULONG TitleIndex;
- ULONG NameLength;
- WCHAR Name[1];
-} KEY_BASIC_INFORMATION, *PKEY_BASIC_INFORMATION;
-
-typedef struct _KEY_FULL_INFORMATION
-{
- LARGE_INTEGER LastWriteTime;
- ULONG TitleIndex;
- ULONG ClassOffset;
- ULONG ClassLength;
- ULONG SubKeys;
- ULONG MaxNameLen;
- ULONG MaxClassLen;
- ULONG Values;
- ULONG MaxValueNameLen;
- ULONG MaxValueDataLen;
- WCHAR Class[1];
-} KEY_FULL_INFORMATION, *PKEY_FULL_INFORMATION;
-
-typedef struct _KEY_NODE_INFORMATION
-{
- LARGE_INTEGER LastWriteTime;
- ULONG TitleIndex;
- ULONG ClassOffset;
- ULONG ClassLength;
- ULONG NameLength;
- WCHAR Name[1];
-} KEY_NODE_INFORMATION, *PKEY_NODE_INFORMATION;
-
-/* key set information class */
-/*
- * KeyWriteTimeInformation
- */
-
-/* key value information class */
-
-typedef enum _KEY_VALUE_INFORMATION_CLASS
-{
- KeyValueBasicInformation,
- KeyValueFullInformation,
- KeyValuePartialInformation
-} KEY_VALUE_INFORMATION_CLASS;
-
-typedef struct _KEY_VALUE_BASIC_INFORMATION
-{
- ULONG TitleIndex;
- ULONG Type;
- ULONG NameLength;
- WCHAR Name[1];
-} KEY_VALUE_BASIC_INFORMATION, *PKEY_VALUE_BASIC_INFORMATION;
-
-typedef struct _KEY_VALUE_FULL_INFORMATION
-{
- ULONG TitleIndex;
- ULONG Type;
- ULONG DataOffset;
- ULONG DataLength;
- ULONG NameLength;
- WCHAR Name[1];
-} KEY_VALUE_FULL_INFORMATION, *PKEY_VALUE_FULL_INFORMATION;
-
-typedef struct _KEY_VALUE_PARTIAL_INFORMATION
-{
- ULONG TitleIndex;
- ULONG Type;
- ULONG DataLength;
- UCHAR Data[1];
-} KEY_VALUE_PARTIAL_INFORMATION, *PKEY_VALUE_PARTIAL_INFORMATION;
-
-
-
-
-
-///////////
-
-typedef LONG KPRIORITY;
-
-typedef enum _KWAIT_REASON {
- Executive,
- FreePage,
- PageIn,
- PoolAllocation,
- DelayExecution,
- Suspended,
- UserRequest,
- WrExecutive,
- WrFreePage,
- WrPageIn,
- WrPoolAllocation,
- WrDelayExecution,
- WrSuspended,
- WrUserRequest,
- WrEventPair,
- WrQueue,
- WrLpcReceive,
- WrLpcReply,
- WrVirtualMemory,
- WrPageOut,
- WrRendezvous,
- Spare2,
- Spare3,
- Spare4,
- Spare5,
- Spare6,
- WrKernel,
- MaximumWaitReason
-} KWAIT_REASON;
-
-#define FILE_SUPERSEDE 0x00000000
-#define FILE_OPEN 0x00000001
-#define FILE_CREATE 0x00000002
-#define FILE_OPEN_IF 0x00000003
-#define FILE_OVERWRITE 0x00000004
-#define FILE_OVERWRITE_IF 0x00000005
-#define FILE_MAXIMUM_DISPOSITION 0x00000005
-
-
-typedef struct _STRING {
- USHORT Length;
- USHORT MaximumLength;
- PCHAR Buffer;
-} STRING;
-typedef STRING *PSTRING;
-
-typedef STRING ANSI_STRING;
-typedef PSTRING PANSI_STRING;
-typedef PSTRING PCANSI_STRING;
-
-typedef STRING OEM_STRING;
-typedef PSTRING POEM_STRING;
-typedef CONST STRING* PCOEM_STRING;
-
-typedef struct _UNICODE_STRING {
- USHORT Length;
- USHORT MaximumLength;
- PWSTR Buffer;
-} UNICODE_STRING;
-typedef UNICODE_STRING *PUNICODE_STRING;
-typedef const UNICODE_STRING *PCUNICODE_STRING;
-
-
-typedef enum _POOL_TYPE {
- NonPagedPool,
- PagedPool,
- NonPagedPoolMustSucceed,
- DontUseThisType,
- NonPagedPoolCacheAligned,
- PagedPoolCacheAligned,
- NonPagedPoolCacheAlignedMustS,
- MaxPoolType,
- NonPagedPoolSession = 32,
- PagedPoolSession,
- NonPagedPoolMustSucceedSession,
- DontUseThisTypeSession,
- NonPagedPoolCacheAlignedSession,
- PagedPoolCacheAlignedSession,
- NonPagedPoolCacheAlignedMustSSession
-} POOL_TYPE;
-
-#ifndef DECL_IMPORT
-#define DECL_IMPORT __declspec(dllimport)
-#endif
-
-#ifndef NTOSAPI
-#define NTOSAPI DECL_IMPORT
-#endif
-#define DECLARE_INTERNAL_OBJECT(x) struct _##x; typedef struct _##x *P##x;
-#define DECLARE_INTERNAL_OBJECT2(x,y) struct _##x; typedef struct _##x *P##y;
-
-typedef LONG NTSTATUS;
-
-typedef struct _OBJECT_ATTRIBUTES {
- ULONG Length;
- HANDLE RootDirectory;
- PUNICODE_STRING ObjectName;
- ULONG Attributes;
- PVOID SecurityDescriptor;
- PVOID SecurityQualityOfService;
-} OBJECT_ATTRIBUTES;
-typedef OBJECT_ATTRIBUTES *POBJECT_ATTRIBUTES;
-
-#define InitializeObjectAttributes( p, n, a, r, s ) { \
- (p)->Length = sizeof( OBJECT_ATTRIBUTES ); \
- (p)->RootDirectory = r; \
- (p)->Attributes = a; \
- (p)->ObjectName = n; \
- (p)->SecurityDescriptor = s; \
- (p)->SecurityQualityOfService = NULL; \
- }
-
-
-typedef struct _FILE_NETWORK_OPEN_INFORMATION {
- LARGE_INTEGER CreationTime;
- LARGE_INTEGER LastAccessTime;
- LARGE_INTEGER LastWriteTime;
- LARGE_INTEGER ChangeTime;
- LARGE_INTEGER AllocationSize;
- LARGE_INTEGER EndOfFile;
- ULONG FileAttributes;
-} FILE_NETWORK_OPEN_INFORMATION, *PFILE_NETWORK_OPEN_INFORMATION;
-
-typedef struct _IO_STATUS_BLOCK {
- union {
- NTSTATUS Status;
- PVOID Pointer;
- };
-
- ULONG_PTR Information;
-} IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;
-
-
-typedef VOID (NTAPI *PKNORMAL_ROUTINE)(
- IN PVOID NormalContext,
- IN PVOID SystemArgument1,
- IN PVOID SystemArgument2);
-
-typedef enum _PROCESSINFOCLASS {
- ProcessBasicInformation,
- ProcessQuotaLimits,
- ProcessIoCounters,
- ProcessVmCounters,
- ProcessTimes,
- ProcessBasePriority,
- ProcessRaisePriority,
- ProcessDebugPort,
- ProcessExceptionPort,
- ProcessAccessToken,
- ProcessLdtInformation,
- ProcessLdtSize,
- ProcessDefaultHardErrorMode,
- ProcessIoPortHandlers,
- ProcessPooledUsageAndLimits,
- ProcessWorkingSetWatch,
- ProcessUserModeIOPL,
- ProcessEnableAlignmentFaultFixup,
- ProcessPriorityClass,
- ProcessWx86Information,
- ProcessHandleCount,
- ProcessAffinityMask,
- ProcessPriorityBoost,
- ProcessDeviceMap,
- ProcessSessionInformation,
- ProcessForegroundInformation,
- ProcessWow64Information,
- ProcessImageFileName,
- ProcessLUIDDeviceMapsEnabled,
- ProcessBreakOnTermination,
- ProcessDebugObjectHandle,
- ProcessDebugFlags,
- ProcessHandleTracing,
- MaxProcessInfoClass
-} PROCESSINFOCLASS;
-
-typedef enum _THREADINFOCLASS {
- ThreadBasicInformation,
- ThreadTimes,
- ThreadPriority,
- ThreadBasePriority,
- ThreadAffinityMask,
- ThreadImpersonationToken,
- ThreadDescriptorTableEntry,
- ThreadEnableAlignmentFaultFixup,
- ThreadEventPair_Reusable,
- ThreadQuerySetWin32StartAddress,
- ThreadZeroTlsCell,
- ThreadPerformanceCount,
- ThreadAmILastThread,
- ThreadIdealProcessor,
- ThreadPriorityBoost,
- ThreadSetTlsArrayAddress,
- ThreadIsIoPending,
- ThreadHideFromDebugger,
- ThreadBreakOnTermination,
- MaxThreadInfoClass
-} THREADINFOCLASS;
-
-typedef enum _KPROFILE_SOURCE {
- ProfileTime,
- ProfileAlignmentFixup,
- ProfileTotalIssues,
- ProfilePipelineDry,
- ProfileLoadInstructions,
- ProfilePipelineFrozen,
- ProfileBranchInstructions,
- ProfileTotalNonissues,
- ProfileDcacheMisses,
- ProfileIcacheMisses,
- ProfileCacheMisses,
- ProfileBranchMispredictions,
- ProfileStoreInstructions,
- ProfileFpInstructions,
- ProfileIntegerInstructions,
- Profile2Issue,
- Profile3Issue,
- Profile4Issue,
- ProfileSpecialInstructions,
- ProfileTotalCycles,
- ProfileIcacheIssues,
- ProfileDcacheAccesses,
- ProfileMemoryBarrierCycles,
- ProfileLoadLinkedIssues,
- ProfileMaximum
-} KPROFILE_SOURCE;
-
-
-typedef VOID
-(NTAPI *PIO_APC_ROUTINE)(
- IN PVOID ApcContext,
- IN PIO_STATUS_BLOCK IoStatusBlock,
- IN ULONG Reserved);
-
-typedef struct _KEY_VALUE_ENTRY {
- PUNICODE_STRING ValueName;
- ULONG DataLength;
- ULONG DataOffset;
- ULONG Type;
-} KEY_VALUE_ENTRY, *PKEY_VALUE_ENTRY;
-
-//end add
-
-/* System information and control */
-
-typedef enum _SYSTEM_INFORMATION_CLASS {
- SystemInformationClassMin = 0,
- SystemBasicInformation = 0,
- SystemProcessorInformation = 1,
- SystemPerformanceInformation = 2,
- SystemTimeOfDayInformation = 3,
- SystemPathInformation = 4,
- SystemNotImplemented1 = 4,
- SystemProcessInformation = 5,
- SystemProcessesAndThreadsInformation = 5,
- SystemCallCountInfoInformation = 6,
- SystemCallCounts = 6,
- SystemDeviceInformation = 7,
- SystemConfigurationInformation = 7,
- SystemProcessorPerformanceInformation = 8,
- SystemProcessorTimes = 8,
- SystemFlagsInformation = 9,
- SystemGlobalFlag = 9,
- SystemCallTimeInformation = 10,
- SystemNotImplemented2 = 10,
- SystemModuleInformation = 11,
- SystemLocksInformation = 12,
- SystemLockInformation = 12,
- SystemStackTraceInformation = 13,
- SystemNotImplemented3 = 13,
- SystemPagedPoolInformation = 14,
- SystemNotImplemented4 = 14,
- SystemNonPagedPoolInformation = 15,
- SystemNotImplemented5 = 15,
- SystemHandleInformation = 16,
- SystemObjectInformation = 17,
- SystemPageFileInformation = 18,
- SystemPagefileInformation = 18,
- SystemVdmInstemulInformation = 19,
- SystemInstructionEmulationCounts = 19,
- SystemVdmBopInformation = 20,
- SystemInvalidInfoClass1 = 20,
- SystemFileCacheInformation = 21,
- SystemCacheInformation = 21,
- SystemPoolTagInformation = 22,
- SystemInterruptInformation = 23,
- SystemProcessorStatistics = 23,
- SystemDpcBehaviourInformation = 24,
- SystemDpcInformation = 24,
- SystemFullMemoryInformation = 25,
- SystemNotImplemented6 = 25,
- SystemLoadImage = 26,
- SystemUnloadImage = 27,
- SystemTimeAdjustmentInformation = 28,
- SystemTimeAdjustment = 28,
- SystemSummaryMemoryInformation = 29,
- SystemNotImplemented7 = 29,
- SystemNextEventIdInformation = 30,
- SystemNotImplemented8 = 30,
- SystemEventIdsInformation = 31,
- SystemNotImplemented9 = 31,
- SystemCrashDumpInformation = 32,
- SystemExceptionInformation = 33,
- SystemCrashDumpStateInformation = 34,
- SystemKernelDebuggerInformation = 35,
- SystemContextSwitchInformation = 36,
- SystemRegistryQuotaInformation = 37,
- SystemLoadAndCallImage = 38,
- SystemPrioritySeparation = 39,
- SystemPlugPlayBusInformation = 40,
- SystemNotImplemented10 = 40,
- SystemDockInformation = 41,
- SystemNotImplemented11 = 41,
- /* SystemPowerInformation = 42, Conflicts with POWER_INFORMATION_LEVEL 1 */
- SystemInvalidInfoClass2 = 42,
- SystemProcessorSpeedInformation = 43,
- SystemInvalidInfoClass3 = 43,
- SystemCurrentTimeZoneInformation = 44,
- SystemTimeZoneInformation = 44,
- SystemLookasideInformation = 45,
- SystemSetTimeSlipEvent = 46,
- SystemCreateSession = 47,
- SystemDeleteSession = 48,
- SystemInvalidInfoClass4 = 49,
- SystemRangeStartInformation = 50,
- SystemVerifierInformation = 51,
- SystemAddVerifier = 52,
- SystemSessionProcessesInformation = 53,
- SystemInformationClassMax
-} SYSTEM_INFORMATION_CLASS;
-
-typedef struct _SYSTEM_BASIC_INFORMATION {
- ULONG Unknown;
- ULONG MaximumIncrement;
- ULONG PhysicalPageSize;
- ULONG NumberOfPhysicalPages;
- ULONG LowestPhysicalPage;
- ULONG HighestPhysicalPage;
- ULONG AllocationGranularity;
- ULONG LowestUserAddress;
- ULONG HighestUserAddress;
- ULONG ActiveProcessors;
- UCHAR NumberProcessors;
-} SYSTEM_BASIC_INFORMATION, *PSYSTEM_BASIC_INFORMATION;
-
-typedef struct _SYSTEM_PROCESSOR_INFORMATION {
- USHORT ProcessorArchitecture;
- USHORT ProcessorLevel;
- USHORT ProcessorRevision;
- USHORT Unknown;
- ULONG FeatureBits;
-} SYSTEM_PROCESSOR_INFORMATION, *PSYSTEM_PROCESSOR_INFORMATION;
-
-typedef struct _SYSTEM_PERFORMANCE_INFORMATION {
- LARGE_INTEGER IdleTime;
- LARGE_INTEGER ReadTransferCount;
- LARGE_INTEGER WriteTransferCount;
- LARGE_INTEGER OtherTransferCount;
- ULONG ReadOperationCount;
- ULONG WriteOperationCount;
- ULONG OtherOperationCount;
- ULONG AvailablePages;
- ULONG TotalCommittedPages;
- ULONG TotalCommitLimit;
- ULONG PeakCommitment;
- ULONG PageFaults;
- ULONG WriteCopyFaults;
- ULONG TransitionFaults;
- ULONG CacheTransitionFaults;
- ULONG DemandZeroFaults;
- ULONG PagesRead;
- ULONG PageReadIos;
- ULONG CacheReads;
- ULONG CacheIos;
- ULONG PagefilePagesWritten;
- ULONG PagefilePageWriteIos;
- ULONG MappedFilePagesWritten;
- ULONG MappedFilePageWriteIos;
- ULONG PagedPoolUsage;
- ULONG NonPagedPoolUsage;
- ULONG PagedPoolAllocs;
- ULONG PagedPoolFrees;
- ULONG NonPagedPoolAllocs;
- ULONG NonPagedPoolFrees;
- ULONG TotalFreeSystemPtes;
- ULONG SystemCodePage;
- ULONG TotalSystemDriverPages;
- ULONG TotalSystemCodePages;
- ULONG SmallNonPagedLookasideListAllocateHits;
- ULONG SmallPagedLookasideListAllocateHits;
- ULONG Reserved3;
- ULONG MmSystemCachePage;
- ULONG PagedPoolPage;
- ULONG SystemDriverPage;
- ULONG FastReadNoWait;
- ULONG FastReadWait;
- ULONG FastReadResourceMiss;
- ULONG FastReadNotPossible;
- ULONG FastMdlReadNoWait;
- ULONG FastMdlReadWait;
- ULONG FastMdlReadResourceMiss;
- ULONG FastMdlReadNotPossible;
- ULONG MapDataNoWait;
- ULONG MapDataWait;
- ULONG MapDataNoWaitMiss;
- ULONG MapDataWaitMiss;
- ULONG PinMappedDataCount;
- ULONG PinReadNoWait;
- ULONG PinReadWait;
- ULONG PinReadNoWaitMiss;
- ULONG PinReadWaitMiss;
- ULONG CopyReadNoWait;
- ULONG CopyReadWait;
- ULONG CopyReadNoWaitMiss;
- ULONG CopyReadWaitMiss;
- ULONG MdlReadNoWait;
- ULONG MdlReadWait;
- ULONG MdlReadNoWaitMiss;
- ULONG MdlReadWaitMiss;
- ULONG ReadAheadIos;
- ULONG LazyWriteIos;
- ULONG LazyWritePages;
- ULONG DataFlushes;
- ULONG DataPages;
- ULONG ContextSwitches;
- ULONG FirstLevelTbFills;
- ULONG SecondLevelTbFills;
- ULONG SystemCalls;
-} SYSTEM_PERFORMANCE_INFORMATION, *PSYSTEM_PERFORMANCE_INFORMATION;
-
-typedef struct _SYSTEM_TIME_OF_DAY_INFORMATION {
- LARGE_INTEGER BootTime;
- LARGE_INTEGER CurrentTime;
- LARGE_INTEGER TimeZoneBias;
- ULONG CurrentTimeZoneId;
-} SYSTEM_TIME_OF_DAY_INFORMATION, *PSYSTEM_TIME_OF_DAY_INFORMATION;
-
-typedef struct _VM_COUNTERS {
- ULONG PeakVirtualSize;
- ULONG VirtualSize;
- ULONG PageFaultCount;
- ULONG PeakWorkingSetSize;
- ULONG WorkingSetSize;
- ULONG QuotaPeakPagedPoolUsage;
- ULONG QuotaPagedPoolUsage;
- ULONG QuotaPeakNonPagedPoolUsage;
- ULONG QuotaNonPagedPoolUsage;
- ULONG PagefileUsage;
- ULONG PeakPagefileUsage;
-} VM_COUNTERS;
-
-typedef enum _THREAD_STATE {
- StateInitialized,
- StateReady,
- StateRunning,
- StateStandby,
- StateTerminated,
- StateWait,
- StateTransition,
- StateUnknown
-} THREAD_STATE;
-
-typedef struct _SYSTEM_THREADS {
- LARGE_INTEGER KernelTime;
- LARGE_INTEGER UserTime;
- LARGE_INTEGER CreateTime;
- ULONG WaitTime;
- PVOID StartAddress;
- CLIENT_ID ClientId;
- KPRIORITY Priority;
- KPRIORITY BasePriority;
- ULONG ContextSwitchCount;
- THREAD_STATE State;
- KWAIT_REASON WaitReason;
-} SYSTEM_THREADS, *PSYSTEM_THREADS;
-
-typedef struct _SYSTEM_PROCESSES {
- ULONG NextEntryOffset;
- BYTE Reserved1[52];
- PVOID Reserved2[3];
- HANDLE UniqueProcessId;
- PVOID Reserved3;
- ULONG HandleCount;
- BYTE Reserved4[4];
- PVOID Reserved5[11];
- SIZE_T PeakPagefileUsage;
- SIZE_T PrivatePageCount;
- LARGE_INTEGER Reserved6[6];
-} SYSTEM_PROCESSES, *PSYSTEM_PROCESSES;
-
-typedef struct _SYSTEM_CALLS_INFORMATION {
- ULONG Size;
- ULONG NumberOfDescriptorTables;
- ULONG NumberOfRoutinesInTable[1];
- ULONG CallCounts[ANYSIZE_ARRAY];
-} SYSTEM_CALLS_INFORMATION, *PSYSTEM_CALLS_INFORMATION;
-
-typedef struct _SYSTEM_CONFIGURATION_INFORMATION {
- ULONG DiskCount;
- ULONG FloppyCount;
- ULONG CdRomCount;
- ULONG TapeCount;
- ULONG SerialCount;
- ULONG ParallelCount;
-} SYSTEM_CONFIGURATION_INFORMATION, *PSYSTEM_CONFIGURATION_INFORMATION;
-
-typedef struct _SYSTEM_PROCESSOR_TIMES {
- LARGE_INTEGER IdleTime;
- LARGE_INTEGER KernelTime;
- LARGE_INTEGER UserTime;
- LARGE_INTEGER DpcTime;
- LARGE_INTEGER InterruptTime;
- ULONG InterruptCount;
-} SYSTEM_PROCESSOR_TIMES, *PSYSTEM_PROCESSOR_TIMES;
-
-/* SYSTEM_GLOBAL_FLAG.GlobalFlag constants */
-#define FLG_STOP_ON_EXCEPTION 0x00000001
-#define FLG_SHOW_LDR_SNAPS 0x00000002
-#define FLG_DEBUG_INITIAL_COMMAND 0x00000004
-#define FLG_STOP_ON_HUNG_GUI 0x00000008
-#define FLG_HEAP_ENABLE_TAIL_CHECK 0x00000010
-#define FLG_HEAP_ENABLE_FREE_CHECK 0x00000020
-#define FLG_HEAP_VALIDATE_PARAMETERS 0x00000040
-#define FLG_HEAP_VALIDATE_ALL 0x00000080
-#define FLG_POOL_ENABLE_TAIL_CHECK 0x00000100
-#define FLG_POOL_ENABLE_FREE_CHECK 0x00000200
-#define FLG_POOL_ENABLE_TAGGING 0x00000400
-#define FLG_HEAP_ENABLE_TAGGING 0x00000800
-#define FLG_USER_STACK_TRACE_DB 0x00001000
-#define FLG_KERNEL_STACK_TRACE_DB 0x00002000
-#define FLG_MAINTAIN_OBJECT_TYPELIST 0x00004000
-#define FLG_HEAP_ENABLE_TAG_BY_DLL 0x00008000
-#define FLG_IGNORE_DEBUG_PRIV 0x00010000
-#define FLG_ENABLE_CSRDEBUG 0x00020000
-#define FLG_ENABLE_KDEBUG_SYMBOL_LOAD 0x00040000
-#define FLG_DISABLE_PAGE_KERNEL_STACKS 0x00080000
-#define FLG_HEAP_ENABLE_CALL_TRACING 0x00100000
-#define FLG_HEAP_DISABLE_COALESCING 0x00200000
-#define FLG_ENABLE_CLOSE_EXCEPTIONS 0x00400000
-#define FLG_ENABLE_EXCEPTION_LOGGING 0x00800000
-#define FLG_ENABLE_DBGPRINT_BUFFERING 0x08000000
-
-
-NTOSAPI
-PVOID
-NTAPI
-RtlImageDirectoryEntryToData(
- PVOID Base,
- BOOLEAN MappedAsImage,
- USHORT DirectoryEntry,
- PULONG Size
- );
-
-
-//
-// Loader Data Table Entry
-//
-typedef struct _LDR_DATA_TABLE_ENTRY
-{
- LIST_ENTRY InLoadOrderLinks;
- LIST_ENTRY InMemoryOrderModuleList;
- LIST_ENTRY InInitializationOrderModuleList;
- ULONG DllBase;
- ULONG EntryPoint;
- ULONG SizeOfImage;
- UNICODE_STRING FullDllName;
- UNICODE_STRING BaseDllName;
- ULONG Flags;
- USHORT LoadCount;
- USHORT TlsIndex;
- union
- {
- LIST_ENTRY HashLinks;
- PVOID SectionPointer;
- };
- ULONG CheckSum;
- union
- {
- ULONG TimeDateStamp;
- PVOID LoadedImports;
- };
- PVOID EntryPointActivationContext;
- PVOID PatchInformation;
-} LDR_DATA_TABLE_ENTRY, *PLDR_DATA_TABLE_ENTRY;
-
-typedef struct _PEB_LDR_DATA {
- ULONG Length;
- BOOLEAN Initialized;
- PVOID SsHandle;
- LIST_ENTRY InLoadOrderModuleList;
- LIST_ENTRY InMemoryOrderModuleList;
- LIST_ENTRY InInitializationOrderModuleList;
-} PEB_LDR_DATA, *PPEB_LDR_DATA;
-
-
-typedef struct _LDR_MODULE {
- LIST_ENTRY InLoadOrderModuleList;
- LIST_ENTRY InMemoryOrderModuleList;
- LIST_ENTRY InInitializationOrderModuleList;
- PVOID BaseAddress;
- PVOID EntryPoint;
- ULONG SizeOfImage;
- UNICODE_STRING FullDllName;
- UNICODE_STRING BaseDllName;
- ULONG Flags;
- SHORT LoadCount;
- SHORT TlsIndex;
- LIST_ENTRY HashTableEntry;
- ULONG TimeDateStamp;
-} LDR_MODULE, *PLDR_MODULE;
-
-
-typedef struct _PEB {
- BOOLEAN InheritedAddressSpace;
- BOOLEAN ReadImageFileExecOptions;
- BOOLEAN BeingDebugged;
- BOOLEAN Spare;
- HANDLE Mutant;
- PVOID ImageBaseAddress;
- PPEB_LDR_DATA LoaderData;
- PVOID ProcessParameters;
- PVOID SubSystemData;
- PVOID ProcessHeap;
- PVOID FastPebLock;
- PVOID FastPebLockRoutine;
- PVOID FastPebUnlockRoutine;
- ULONG EnvironmentUpdateCount;
- PVOID* KernelCallbackTable;
- PVOID EventLogSection;
- PVOID EventLog;
- PVOID FreeList;
- ULONG TlsExpansionCounter;
- PVOID TlsBitmap;
- ULONG TlsBitmapBits[0x2];
- PVOID ReadOnlySharedMemoryBase;
- PVOID ReadOnlySharedMemoryHeap;
- PVOID* ReadOnlyStaticServerData;
- PVOID AnsiCodePageData;
- PVOID OemCodePageData;
- PVOID UnicodeCaseTableData;
- ULONG NumberOfProcessors;
- ULONG NtGlobalFlag;
- BYTE Spare2[0x4];
- LARGE_INTEGER CriticalSectionTimeout;
- ULONG HeapSegmentReserve;
- ULONG HeapSegmentCommit;
- ULONG HeapDeCommitTotalFreeThreshold;
- ULONG HeapDeCommitFreeBlockThreshold;
- ULONG NumberOfHeaps;
- ULONG MaximumNumberOfHeaps;
- PVOID* *ProcessHeaps;
- PVOID GdiSharedHandleTable;
- PVOID ProcessStarterHelper;
- PVOID GdiDCAttributeList;
- PVOID LoaderLock;
- ULONG OSMajorVersion;
- ULONG OSMinorVersion;
- ULONG OSBuildNumber;
- ULONG OSPlatformId;
- ULONG ImageSubSystem;
- ULONG ImageSubSystemMajorVersion;
- ULONG ImageSubSystemMinorVersion;
- ULONG GdiHandleBuffer[0x22];
- ULONG PostProcessInitRoutine;
- ULONG TlsExpansionBitmap;
- BYTE TlsExpansionBitmapBits[0x80];
- ULONG SessionId;
-} PEB, *PPEB;
-
-typedef struct _SYSTEM_GLOBAL_FLAG {
- ULONG GlobalFlag;
-} SYSTEM_GLOBAL_FLAG, *PSYSTEM_GLOBAL_FLAG;
-
-typedef struct _SYSTEM_MODULE_INFORMATION_ENTRY {
- ULONG Unknown1;
- ULONG Unknown2;
- PVOID Base;
- ULONG Size;
- ULONG Flags;
- USHORT Index;
- /* Length of module name not including the path, this
- field contains valid value only for NTOSKRNL module */
- USHORT NameLength;
- USHORT LoadCount;
- USHORT PathLength;
- CHAR ImageName[256];
-} SYSTEM_MODULE_INFORMATION_ENTRY, *PSYSTEM_MODULE_INFORMATION_ENTRY;
-
-typedef struct _SYSTEM_MODULE_INFORMATION {
- ULONG Count;
- SYSTEM_MODULE_INFORMATION_ENTRY Module[1];
-} SYSTEM_MODULE_INFORMATION, *PSYSTEM_MODULE_INFORMATION;
-
-typedef struct _SYSTEM_LOCK_INFORMATION {
- PVOID Address;
- USHORT Type;
- USHORT Reserved1;
- ULONG ExclusiveOwnerThreadId;
- ULONG ActiveCount;
- ULONG ContentionCount;
- ULONG Reserved2[2];
- ULONG NumberOfSharedWaiters;
- ULONG NumberOfExclusiveWaiters;
-} SYSTEM_LOCK_INFORMATION, *PSYSTEM_LOCK_INFORMATION;
-
-/*SYSTEM_HANDLE_INFORMATION.Flags cosntants */
-#define PROTECT_FROM_CLOSE 0x01
-#define INHERIT 0x02
-
-typedef struct _SYSTEM_HANDLE_INFORMATION {
- ULONG ProcessId;
- UCHAR ObjectTypeNumber;
- UCHAR Flags;
- USHORT Handle;
- PVOID Object;
- ACCESS_MASK GrantedAccess;
-} SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;
-
-typedef struct _SYSTEM_OBJECT_TYPE_INFORMATION {
- ULONG NextEntryOffset;
- ULONG ObjectCount;
- ULONG HandleCount;
- ULONG TypeNumber;
- ULONG InvalidAttributes;
- GENERIC_MAPPING GenericMapping;
- ACCESS_MASK ValidAccessMask;
- POOL_TYPE PoolType;
- UCHAR Unknown;
- UNICODE_STRING Name;
-} SYSTEM_OBJECT_TYPE_INFORMATION, *PSYSTEM_OBJECT_TYPE_INFORMATION;
-
-/* SYSTEM_OBJECT_INFORMATION.Flags constants */
-#define FLG_SYSOBJINFO_SINGLE_HANDLE_ENTRY 0x40
-#define FLG_SYSOBJINFO_DEFAULT_SECURITY_QUOTA 0x20
-#define FLG_SYSOBJINFO_PERMANENT 0x10
-#define FLG_SYSOBJINFO_EXCLUSIVE 0x08
-#define FLG_SYSOBJINFO_CREATOR_INFO 0x04
-#define FLG_SYSOBJINFO_KERNEL_MODE 0x02
-
-typedef struct _SYSTEM_OBJECT_INFORMATION {
- ULONG NextEntryOffset;
- PVOID Object;
- ULONG CreatorProcessId;
- USHORT Unknown;
- USHORT Flags;
- ULONG PointerCount;
- ULONG HandleCount;
- ULONG PagedPoolUsage;
- ULONG NonPagedPoolUsage;
- ULONG ExclusiveProcessId;
- PSECURITY_DESCRIPTOR SecurityDescriptor;
- UNICODE_STRING Name;
-} SYSTEM_OBJECT_INFORMATION, *PSYSTEM_OBJECT_INFORMATION;
-
-typedef struct _SYSTEM_PAGEFILE_INFORMATION {
- ULONG NextEntryOffset;
- ULONG CurrentSize;
- ULONG TotalUsed;
- ULONG PeakUsed;
- UNICODE_STRING FileName;
-} SYSTEM_PAGEFILE_INFORMATION, *PSYSTEM_PAGEFILE_INFORMATION;
-
-typedef struct _SYSTEM_INSTRUCTION_EMULATION_INFORMATION {
- ULONG SegmentNotPresent;
- ULONG TwoByteOpcode;
- ULONG ESprefix;
- ULONG CSprefix;
- ULONG SSprefix;
- ULONG DSprefix;
- ULONG FSPrefix;
- ULONG GSprefix;
- ULONG OPER32prefix;
- ULONG ADDR32prefix;
- ULONG INSB;
- ULONG INSW;
- ULONG OUTSB;
- ULONG OUTSW;
- ULONG PUSHFD;
- ULONG POPFD;
- ULONG INTnn;
- ULONG INTO;
- ULONG IRETD;
- ULONG INBimm;
- ULONG INWimm;
- ULONG OUTBimm;
- ULONG OUTWimm;
- ULONG INB;
- ULONG INW;
- ULONG OUTB;
- ULONG OUTW;
- ULONG LOCKprefix;
- ULONG REPNEprefix;
- ULONG REPprefix;
- ULONG HLT;
- ULONG CLI;
- ULONG STI;
- ULONG GenericInvalidOpcode;
-} SYSTEM_INSTRUCTION_EMULATION_INFORMATION, *PSYSTEM_INSTRUCTION_EMULATION_INFORMATION;
-
-typedef struct _SYSTEM_POOL_TAG_INFORMATION {
- CHAR Tag[4];
- ULONG PagedPoolAllocs;
- ULONG PagedPoolFrees;
- ULONG PagedPoolUsage;
- ULONG NonPagedPoolAllocs;
- ULONG NonPagedPoolFrees;
- ULONG NonPagedPoolUsage;
-} SYSTEM_POOL_TAG_INFORMATION, *PSYSTEM_POOL_TAG_INFORMATION;
-
-typedef struct _SYSTEM_PROCESSOR_STATISTICS {
- ULONG ContextSwitches;
- ULONG DpcCount;
- ULONG DpcRequestRate;
- ULONG TimeIncrement;
- ULONG DpcBypassCount;
- ULONG ApcBypassCount;
-} SYSTEM_PROCESSOR_STATISTICS, *PSYSTEM_PROCESSOR_STATISTICS;
-
-typedef struct _SYSTEM_DPC_INFORMATION {
- ULONG Reserved;
- ULONG MaximumDpcQueueDepth;
- ULONG MinimumDpcRate;
- ULONG AdjustDpcThreshold;
- ULONG IdealDpcRate;
-} SYSTEM_DPC_INFORMATION, *PSYSTEM_DPC_INFORMATION;
-
-typedef struct _SYSTEM_LOAD_IMAGE {
- UNICODE_STRING ModuleName;
- PVOID ModuleBase;
- PVOID SectionPointer;
- PVOID EntryPoint;
- PVOID ExportDirectory;
-} SYSTEM_LOAD_IMAGE, *PSYSTEM_LOAD_IMAGE;
-
-typedef struct _SYSTEM_UNLOAD_IMAGE {
- PVOID ModuleBase;
-} SYSTEM_UNLOAD_IMAGE, *PSYSTEM_UNLOAD_IMAGE;
-
-typedef struct _SYSTEM_QUERY_TIME_ADJUSTMENT {
- ULONG TimeAdjustment;
- ULONG MaximumIncrement;
- BOOLEAN TimeSynchronization;
-} SYSTEM_QUERY_TIME_ADJUSTMENT, *PSYSTEM_QUERY_TIME_ADJUSTMENT;
-
-typedef struct _SYSTEM_SET_TIME_ADJUSTMENT {
- ULONG TimeAdjustment;
- BOOLEAN TimeSynchronization;
-} SYSTEM_SET_TIME_ADJUSTMENT, *PSYSTEM_SET_TIME_ADJUSTMENT;
-
-typedef struct _SYSTEM_CRASH_DUMP_INFORMATION {
- HANDLE CrashDumpSectionHandle;
- HANDLE Unknown;
-} SYSTEM_CRASH_DUMP_INFORMATION, *PSYSTEM_CRASH_DUMP_INFORMATION;
-
-typedef struct _SYSTEM_EXCEPTION_INFORMATION {
- ULONG AlignmentFixupCount;
- ULONG ExceptionDispatchCount;
- ULONG FloatingEmulationCount;
- ULONG Reserved;
-} SYSTEM_EXCEPTION_INFORMATION, *PSYSTEM_EXCEPTION_INFORMATION;
-
-typedef struct _SYSTEM_CRASH_DUMP_STATE_INFORMATION {
- ULONG CrashDumpSectionExists;
- ULONG Unknown;
-} SYSTEM_CRASH_DUMP_STATE_INFORMATION, *PSYSTEM_CRASH_DUMP_STATE_INFORMATION;
-
-typedef struct _SYSTEM_KERNEL_DEBUGGER_INFORMATION {
- BOOLEAN DebuggerEnabled;
- BOOLEAN DebuggerNotPresent;
-} SYSTEM_KERNEL_DEBUGGER_INFORMATION, *PSYSTEM_KERNEL_DEBUGGER_INFORMATION;
-
-typedef struct _SYSTEM_CONTEXT_SWITCH_INFORMATION {
- ULONG ContextSwitches;
- ULONG ContextSwitchCounters[11];
-} SYSTEM_CONTEXT_SWITCH_INFORMATION, *PSYSTEM_CONTEXT_SWITCH_INFORMATION;
-
-typedef struct _SYSTEM_REGISTRY_QUOTA_INFORMATION {
- ULONG RegistryQuota;
- ULONG RegistryQuotaInUse;
- ULONG PagedPoolSize;
-} SYSTEM_REGISTRY_QUOTA_INFORMATION, *PSYSTEM_REGISTRY_QUOTA_INFORMATION;
-
-typedef struct _SYSTEM_LOAD_AND_CALL_IMAGE {
- UNICODE_STRING ModuleName;
-} SYSTEM_LOAD_AND_CALL_IMAGE, *PSYSTEM_LOAD_AND_CALL_IMAGE;
-
-typedef struct _SYSTEM_PRIORITY_SEPARATION {
- ULONG PrioritySeparation;
-} SYSTEM_PRIORITY_SEPARATION, *PSYSTEM_PRIORITY_SEPARATION;
-
-typedef struct _SYSTEM_TIME_ZONE_INFORMATION {
- LONG Bias;
- WCHAR StandardName[32];
- LARGE_INTEGER StandardDate;
- LONG StandardBias;
- WCHAR DaylightName[32];
- LARGE_INTEGER DaylightDate;
- LONG DaylightBias;
-} SYSTEM_TIME_ZONE_INFORMATION, *PSYSTEM_TIME_ZONE_INFORMATION;
-
-typedef struct _SYSTEM_LOOKASIDE_INFORMATION {
- USHORT Depth;
- USHORT MaximumDepth;
- ULONG TotalAllocates;
- ULONG AllocateMisses;
- ULONG TotalFrees;
- ULONG FreeMisses;
- POOL_TYPE Type;
- ULONG Tag;
- ULONG Size;
-} SYSTEM_LOOKASIDE_INFORMATION, *PSYSTEM_LOOKASIDE_INFORMATION;
-
-typedef struct _SYSTEM_SET_TIME_SLIP_EVENT {
- HANDLE TimeSlipEvent;
-} SYSTEM_SET_TIME_SLIP_EVENT, *PSYSTEM_SET_TIME_SLIP_EVENT;
-
-typedef struct _SYSTEM_CREATE_SESSION {
- ULONG SessionId;
-} SYSTEM_CREATE_SESSION, *PSYSTEM_CREATE_SESSION;
-
-typedef struct _SYSTEM_DELETE_SESSION {
- ULONG SessionId;
-} SYSTEM_DELETE_SESSION, *PSYSTEM_DELETE_SESSION;
-
-typedef struct _SYSTEM_RANGE_START_INFORMATION {
- PVOID SystemRangeStart;
-} SYSTEM_RANGE_START_INFORMATION, *PSYSTEM_RANGE_START_INFORMATION;
-
-typedef struct _SYSTEM_SESSION_PROCESSES_INFORMATION {
- ULONG SessionId;
- ULONG BufferSize;
- PVOID Buffer;
-} SYSTEM_SESSION_PROCESSES_INFORMATION, *PSYSTEM_SESSION_PROCESSES_INFORMATION;
-
-typedef struct _SYSTEM_POOL_BLOCK {
- BOOLEAN Allocated;
- USHORT Unknown;
- ULONG Size;
- CHAR Tag[4];
-} SYSTEM_POOL_BLOCK, *PSYSTEM_POOL_BLOCK;
-
-typedef struct _SYSTEM_POOL_BLOCKS_INFORMATION {
- ULONG PoolSize;
- PVOID PoolBase;
- USHORT Unknown;
- ULONG NumberOfBlocks;
- SYSTEM_POOL_BLOCK PoolBlocks[1];
-} SYSTEM_POOL_BLOCKS_INFORMATION, *PSYSTEM_POOL_BLOCKS_INFORMATION;
-
-typedef struct _SYSTEM_MEMORY_USAGE {
- PVOID Name;
- USHORT Valid;
- USHORT Standby;
- USHORT Modified;
- USHORT PageTables;
-} SYSTEM_MEMORY_USAGE, *PSYSTEM_MEMORY_USAGE;
-
-typedef struct _SYSTEM_MEMORY_USAGE_INFORMATION {
- ULONG Reserved;
- PVOID EndOfData;
- SYSTEM_MEMORY_USAGE MemoryUsage[1];
-} SYSTEM_MEMORY_USAGE_INFORMATION, *PSYSTEM_MEMORY_USAGE_INFORMATION;
-
-NTOSAPI
-NTSTATUS
-NTAPI
-NtQuerySystemInformation(
- IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
- IN OUT PVOID SystemInformation,
- IN ULONG SystemInformationLength,
- OUT PULONG ReturnLength OPTIONAL);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwQuerySystemInformation(
- IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
- IN OUT PVOID SystemInformation,
- IN ULONG SystemInformationLength,
- OUT PULONG ReturnLength OPTIONAL);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-NtQueryFullAttributesFile(
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- OUT PFILE_NETWORK_OPEN_INFORMATION FileInformation);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwQueryFullAttributesFile(
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- OUT PFILE_NETWORK_OPEN_INFORMATION FileInformation);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwSetSystemInformation(
- IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
- IN OUT PVOID SystemInformation,
- IN ULONG SystemInformationLength);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwQuerySystemEnvironmentValue(
- IN PUNICODE_STRING Name,
- OUT PVOID Value,
- IN ULONG ValueLength,
- OUT PULONG ReturnLength OPTIONAL);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwSetSystemEnvironmentValue(
- IN PUNICODE_STRING Name,
- IN PUNICODE_STRING Value);
-
-typedef enum _SHUTDOWN_ACTION {
- ShutdownNoReboot,
- ShutdownReboot,
- ShutdownPowerOff
-} SHUTDOWN_ACTION;
-
-NTOSAPI
-NTSTATUS
-NTAPI
-NtShutdownSystem(
- IN SHUTDOWN_ACTION Action);
-
-typedef enum _DEBUG_CONTROL_CODE {
- DebugGetTraceInformation = 1,
- DebugSetInternalBreakpoint,
- DebugSetSpecialCall,
- DebugClearSpecialCalls,
- DebugQuerySpecialCalls,
- DebugDbgBreakPoint,
- DebugMaximum
-} DEBUG_CONTROL_CODE;
-
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwSystemDebugControl(
- IN DEBUG_CONTROL_CODE ControlCode,
- IN PVOID InputBuffer OPTIONAL,
- IN ULONG InputBufferLength,
- OUT PVOID OutputBuffer OPTIONAL,
- IN ULONG OutputBufferLength,
- OUT PULONG ReturnLength OPTIONAL);
-
-
-
-/* Objects, Object directories, and symbolic links */
-
-typedef enum _OBJECT_INFORMATION_CLASS {
- ObjectBasicInformation,
- ObjectNameInformation,
- ObjectTypeInformation,
- ObjectAllTypesInformation,
- ObjectHandleInformation
-} OBJECT_INFORMATION_CLASS;
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwQueryObject(
- IN HANDLE ObjectHandle,
- IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
- OUT PVOID ObjectInformation,
- IN ULONG ObjectInformationLength,
- OUT PULONG ReturnLength OPTIONAL);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwSetInformationObject(
- IN HANDLE ObjectHandle,
- IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
- IN PVOID ObjectInformation,
- IN ULONG ObjectInformationLength);
-
-/* OBJECT_BASIC_INFORMATION.Attributes constants */
-/* also in winbase.h */
-//#define HANDLE_FLAG_INHERIT 0x01
-//#define HANDLE_FLAG_PROTECT_FROM_CLOSE 0x02
-/* end winbase.h */
-#define PERMANENT 0x10
-#define EXCLUSIVE 0x20
-
-typedef struct _OBJECT_BASIC_INFORMATION {
- ULONG Attributes;
- ACCESS_MASK GrantedAccess;
- ULONG HandleCount;
- ULONG PointerCount;
- ULONG PagedPoolUsage;
- ULONG NonPagedPoolUsage;
- ULONG Reserved[3];
- ULONG NameInformationLength;
- ULONG TypeInformationLength;
- ULONG SecurityDescriptorLength;
- LARGE_INTEGER CreateTime;
-} OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION;
-#if 0
-/* FIXME: Enable later */
-typedef struct _OBJECT_TYPE_INFORMATION {
- UNICODE_STRING Name;
- ULONG ObjectCount;
- ULONG HandleCount;
- ULONG Reserved1[4];
- ULONG PeakObjectCount;
- ULONG PeakHandleCount;
- ULONG Reserved2[4];
- ULONG InvalidAttributes;
- GENERIC_MAPPING GenericMapping;
- ULONG ValidAccess;
- UCHAR Unknown;
- BOOLEAN MaintainHandleDatabase;
- POOL_TYPE PoolType;
- ULONG PagedPoolUsage;
- ULONG NonPagedPoolUsage;
-} OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION;
-
-typedef struct _OBJECT_ALL_TYPES_INFORMATION {
- ULONG NumberOfTypes;
- OBJECT_TYPE_INFORMATION TypeInformation;
-} OBJECT_ALL_TYPES_INFORMATION, *POBJECT_ALL_TYPES_INFORMATION;
-#endif
-typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFORMATION {
- BOOLEAN Inherit;
- BOOLEAN ProtectFromClose;
-} OBJECT_HANDLE_ATTRIBUTE_INFORMATION, *POBJECT_HANDLE_ATTRIBUTE_INFORMATION;
-
-NTOSAPI
-NTSTATUS
-NTAPI
-NtDuplicateObject(
- IN HANDLE SourceProcessHandle,
- IN HANDLE SourceHandle,
- IN HANDLE TargetProcessHandle,
- OUT PHANDLE TargetHandle OPTIONAL,
- IN ACCESS_MASK DesiredAccess,
- IN ULONG Attributes,
- IN ULONG Options);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwDuplicateObject(
- IN HANDLE SourceProcessHandle,
- IN HANDLE SourceHandle,
- IN HANDLE TargetProcessHandle,
- OUT PHANDLE TargetHandle OPTIONAL,
- IN ACCESS_MASK DesiredAccess,
- IN ULONG Attributes,
- IN ULONG Options);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-NtQuerySecurityObject(
- IN HANDLE Handle,
- IN SECURITY_INFORMATION SecurityInformation,
- OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
- IN ULONG SecurityDescriptorLength,
- OUT PULONG ReturnLength);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwQuerySecurityObject(
- IN HANDLE Handle,
- IN SECURITY_INFORMATION SecurityInformation,
- OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
- IN ULONG SecurityDescriptorLength,
- OUT PULONG ReturnLength);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-NtSetSecurityObject(
- IN HANDLE Handle,
- IN SECURITY_INFORMATION SecurityInformation,
- IN PSECURITY_DESCRIPTOR SecurityDescriptor);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwSetSecurityObject(
- IN HANDLE Handle,
- IN SECURITY_INFORMATION SecurityInformation,
- IN PSECURITY_DESCRIPTOR SecurityDescriptor);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwOpenDirectoryObject(
- OUT PHANDLE DirectoryHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwQueryDirectoryObject(
- IN HANDLE DirectoryHandle,
- OUT PVOID Buffer,
- IN ULONG BufferLength,
- IN BOOLEAN ReturnSingleEntry,
- IN BOOLEAN RestartScan,
- IN OUT PULONG Context,
- OUT PULONG ReturnLength OPTIONAL);
-
-typedef struct _DIRECTORY_BASIC_INFORMATION {
- UNICODE_STRING ObjectName;
- UNICODE_STRING ObjectTypeName;
-} DIRECTORY_BASIC_INFORMATION, *PDIRECTORY_BASIC_INFORMATION;
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwCreateSymbolicLinkObject(
- OUT PHANDLE SymbolicLinkHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN PUNICODE_STRING TargetName);
-
-
-
-
-/* Virtual memory */
-
-typedef enum _MEMORY_INFORMATION_CLASS {
-MemoryBasicInformation,
-MemoryWorkingSetList,
-MemorySectionName,
-MemoryBasicVlmInformation
-} MEMORY_INFORMATION_CLASS;
-
-NTOSAPI
-NTSTATUS
-NTAPI
-NtAllocateVirtualMemory(
- IN HANDLE ProcessHandle,
- IN OUT PVOID *BaseAddress,
- IN ULONG ZeroBits,
- IN OUT PULONG AllocationSize,
- IN ULONG AllocationType,
- IN ULONG Protect);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwAllocateVirtualMemory(
- IN HANDLE ProcessHandle,
- IN OUT PVOID *BaseAddress,
- IN ULONG ZeroBits,
- IN OUT PULONG AllocationSize,
- IN ULONG AllocationType,
- IN ULONG Protect);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-NtFreeVirtualMemory(
- IN HANDLE ProcessHandle,
- IN OUT PVOID *BaseAddress,
- IN OUT PULONG FreeSize,
- IN ULONG FreeType);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwFreeVirtualMemory(
- IN HANDLE ProcessHandle,
- IN OUT PVOID *BaseAddress,
- IN OUT PULONG FreeSize,
- IN ULONG FreeType);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwQueryVirtualMemory(
- IN HANDLE ProcessHandle,
- IN PVOID BaseAddress,
- IN MEMORY_INFORMATION_CLASS MemoryInformationClass,
- OUT PVOID MemoryInformation,
- IN ULONG MemoryInformationLength,
- OUT PULONG ReturnLength OPTIONAL);
-
-/* MEMORY_WORKING_SET_LIST.WorkingSetList constants */
-#define WSLE_PAGE_READONLY 0x001
-#define WSLE_PAGE_EXECUTE 0x002
-#define WSLE_PAGE_READWRITE 0x004
-#define WSLE_PAGE_EXECUTE_READ 0x003
-#define WSLE_PAGE_WRITECOPY 0x005
-#define WSLE_PAGE_EXECUTE_READWRITE 0x006
-#define WSLE_PAGE_EXECUTE_WRITECOPY 0x007
-#define WSLE_PAGE_SHARE_COUNT_MASK 0x0E0
-#define WSLE_PAGE_SHAREABLE 0x100
-
-typedef struct _MEMORY_WORKING_SET_LIST {
- ULONG NumberOfPages;
- ULONG WorkingSetList[1];
-} MEMORY_WORKING_SET_LIST, *PMEMORY_WORKING_SET_LIST;
-
-typedef struct _MEMORY_SECTION_NAME {
- UNICODE_STRING SectionFileName;
-} MEMORY_SECTION_NAME, *PMEMORY_SECTION_NAME;
-
-/* Zw[Lock|Unlock]VirtualMemory.LockType constants */
-#define LOCK_VM_IN_WSL 0x01
-#define LOCK_VM_IN_RAM 0x02
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwLockVirtualMemory(
- IN HANDLE ProcessHandle,
- IN OUT PVOID *BaseAddress,
- IN OUT PULONG LockSize,
- IN ULONG LockType);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwUnlockVirtualMemory(
- IN HANDLE ProcessHandle,
- IN OUT PVOID *BaseAddress,
- IN OUT PULONG LockSize,
- IN ULONG LockType);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwReadVirtualMemory(
- IN HANDLE ProcessHandle,
- IN PVOID BaseAddress,
- OUT PVOID Buffer,
- IN ULONG BufferLength,
- OUT PULONG ReturnLength OPTIONAL);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwWriteVirtualMemory(
- IN HANDLE ProcessHandle,
- IN PVOID BaseAddress,
- IN PVOID Buffer,
- IN ULONG BufferLength,
- OUT PULONG ReturnLength OPTIONAL);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwProtectVirtualMemory(
- IN HANDLE ProcessHandle,
- IN OUT PVOID *BaseAddress,
- IN OUT PULONG ProtectSize,
- IN ULONG NewProtect,
- OUT PULONG OldProtect);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwFlushVirtualMemory(
- IN HANDLE ProcessHandle,
- IN OUT PVOID *BaseAddress,
- IN OUT PULONG FlushSize,
- OUT PIO_STATUS_BLOCK IoStatusBlock);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwAllocateUserPhysicalPages(
- IN HANDLE ProcessHandle,
- IN PULONG NumberOfPages,
- OUT PULONG PageFrameNumbers);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwFreeUserPhysicalPages(
- IN HANDLE ProcessHandle,
- IN OUT PULONG NumberOfPages,
- IN PULONG PageFrameNumbers);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwMapUserPhysicalPages(
- IN PVOID BaseAddress,
- IN PULONG NumberOfPages,
- IN PULONG PageFrameNumbers);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwMapUserPhysicalPagesScatter(
- IN PVOID *BaseAddresses,
- IN PULONG NumberOfPages,
- IN PULONG PageFrameNumbers);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwGetWriteWatch(
- IN HANDLE ProcessHandle,
- IN ULONG Flags,
- IN PVOID BaseAddress,
- IN ULONG RegionSize,
- OUT PULONG Buffer,
- IN OUT PULONG BufferEntries,
- OUT PULONG Granularity);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwOpenSection(
- OUT PHANDLE SectionHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwResetWriteWatch(
- IN HANDLE ProcessHandle,
- IN PVOID BaseAddress,
- IN ULONG RegionSize);
-
-
-
-
-/* Sections */
-
-typedef enum _SECTION_INFORMATION_CLASS {
- SectionBasicInformation,
- SectionImageInformation
-} SECTION_INFORMATION_CLASS;
-
-NTOSAPI
-NTSTATUS
-NTAPI
-NtCreateSection(
- OUT PHANDLE SectionHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN PLARGE_INTEGER SectionSize OPTIONAL,
- IN ULONG Protect,
- IN ULONG Attributes,
- IN HANDLE FileHandle);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwCreateSection(
- OUT PHANDLE SectionHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN PLARGE_INTEGER SectionSize OPTIONAL,
- IN ULONG Protect,
- IN ULONG Attributes,
- IN HANDLE FileHandle);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwQuerySection(
- IN HANDLE SectionHandle,
- IN SECTION_INFORMATION_CLASS SectionInformationClass,
- OUT PVOID SectionInformation,
- IN ULONG SectionInformationLength,
- OUT PULONG ResultLength OPTIONAL);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwExtendSection(
- IN HANDLE SectionHandle,
- IN PLARGE_INTEGER SectionSize);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwAreMappedFilesTheSame(
- IN PVOID Address1,
- IN PVOID Address2);
-
-
-
-
-/* Threads */
-
-typedef struct _USER_STACK {
- PVOID FixedStackBase;
- PVOID FixedStackLimit;
- PVOID ExpandableStackBase;
- PVOID ExpandableStackLimit;
- PVOID ExpandableStackBottom;
-} USER_STACK, *PUSER_STACK;
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwCreateThread(
- OUT PHANDLE ThreadHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN HANDLE ProcessHandle,
- OUT PCLIENT_ID ClientId,
- IN PCONTEXT ThreadContext,
- IN PUSER_STACK UserStack,
- IN BOOLEAN CreateSuspended);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-NtOpenThread(
- OUT PHANDLE ThreadHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN PCLIENT_ID ClientId);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwOpenThread(
- OUT PHANDLE ThreadHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN PCLIENT_ID ClientId);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwTerminateThread(
- IN HANDLE ThreadHandle OPTIONAL,
- IN NTSTATUS ExitStatus);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-NtQueryInformationThread(
- IN HANDLE ThreadHandle,
- IN THREADINFOCLASS ThreadInformationClass,
- OUT PVOID ThreadInformation,
- IN ULONG ThreadInformationLength,
- OUT PULONG ReturnLength OPTIONAL);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwQueryInformationThread(
- IN HANDLE ThreadHandle,
- IN THREADINFOCLASS ThreadInformationClass,
- OUT PVOID ThreadInformation,
- IN ULONG ThreadInformationLength,
- OUT PULONG ReturnLength OPTIONAL);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-NtSetInformationThread(
- IN HANDLE ThreadHandle,
- IN THREADINFOCLASS ThreadInformationClass,
- IN PVOID ThreadInformation,
- IN ULONG ThreadInformationLength);
-
-typedef struct _THREAD_BASIC_INFORMATION {
- NTSTATUS ExitStatus;
- PNT_TIB TebBaseAddress;
- CLIENT_ID ClientId;
- KAFFINITY AffinityMask;
- KPRIORITY Priority;
- KPRIORITY BasePriority;
-} THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION;
-
-typedef struct _KERNEL_USER_TIMES {
- LARGE_INTEGER CreateTime;
- LARGE_INTEGER ExitTime;
- LARGE_INTEGER KernelTime;
- LARGE_INTEGER UserTime;
-} KERNEL_USER_TIMES, *PKERNEL_USER_TIMES;
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwSuspendThread(
- IN HANDLE ThreadHandle,
- OUT PULONG PreviousSuspendCount OPTIONAL);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwResumeThread(
- IN HANDLE ThreadHandle,
- OUT PULONG PreviousSuspendCount OPTIONAL);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwGetContextThread(
- IN HANDLE ThreadHandle,
- OUT PCONTEXT Context);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwSetContextThread(
- IN HANDLE ThreadHandle,
- IN PCONTEXT Context);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwQueueApcThread(
- IN HANDLE ThreadHandle,
- IN PKNORMAL_ROUTINE ApcRoutine,
- IN PVOID ApcContext OPTIONAL,
- IN PVOID Argument1 OPTIONAL,
- IN PVOID Argument2 OPTIONAL);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwTestAlert(
- VOID);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwAlertThread(
- IN HANDLE ThreadHandle);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwAlertResumeThread(
- IN HANDLE ThreadHandle,
- OUT PULONG PreviousSuspendCount OPTIONAL);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwRegisterThreadTerminatePort(
- IN HANDLE PortHandle);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwImpersonateThread(
- IN HANDLE ThreadHandle,
- IN HANDLE TargetThreadHandle,
- IN PSECURITY_QUALITY_OF_SERVICE SecurityQos);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwImpersonateAnonymousToken(
- IN HANDLE ThreadHandle);
-
-
-
-
-/* Processes */
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwCreateProcess(
- OUT PHANDLE ProcessHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN HANDLE InheritFromProcessHandle,
- IN BOOLEAN InheritHandles,
- IN HANDLE SectionHandle OPTIONAL,
- IN HANDLE DebugPort OPTIONAL,
- IN HANDLE ExceptionPort OPTIONAL);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwCreateProcess(
- OUT PHANDLE ProcessHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN HANDLE InheritFromProcessHandle,
- IN BOOLEAN InheritHandles,
- IN HANDLE SectionHandle OPTIONAL,
- IN HANDLE DebugPort OPTIONAL,
- IN HANDLE ExceptionPort OPTIONAL);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwTerminateProcess(
- IN HANDLE ProcessHandle OPTIONAL,
- IN NTSTATUS ExitStatus);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwQueryInformationProcess(
- IN HANDLE ProcessHandle,
- IN PROCESSINFOCLASS ProcessInformationClass,
- OUT PVOID ProcessInformation,
- IN ULONG ProcessInformationLength,
- OUT PULONG ReturnLength OPTIONAL);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-NtSetInformationProcess(
- IN HANDLE ProcessHandle,
- IN PROCESSINFOCLASS ProcessInformationClass,
- IN PVOID ProcessInformation,
- IN ULONG ProcessInformationLength);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwSetInformationProcess(
- IN HANDLE ProcessHandle,
- IN PROCESSINFOCLASS ProcessInformationClass,
- IN PVOID ProcessInformation,
- IN ULONG ProcessInformationLength);
-
-typedef struct _PROCESS_BASIC_INFORMATION {
- NTSTATUS ExitStatus;
- PPEB PebBaseAddress;
- KAFFINITY AffinityMask;
- KPRIORITY BasePriority;
- ULONG UniqueProcessId;
- ULONG InheritedFromUniqueProcessId;
-} PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION;
-
-typedef struct _PROCESS_ACCESS_TOKEN {
- HANDLE Token;
- HANDLE Thread;
-} PROCESS_ACCESS_TOKEN, *PPROCESS_ACCESS_TOKEN;
-
-/* DefaultHardErrorMode constants */
-/* also in winbase.h */
-#define SEM_FAILCRITICALERRORS 0x0001
-#define SEM_NOGPFAULTERRORBOX 0x0002
-#define SEM_NOALIGNMENTFAULTEXCEPT 0x0004
-#define SEM_NOOPENFILEERRORBOX 0x8000
-/* end winbase.h */
-typedef struct _POOLED_USAGE_AND_LIMITS {
- ULONG PeakPagedPoolUsage;
- ULONG PagedPoolUsage;
- ULONG PagedPoolLimit;
- ULONG PeakNonPagedPoolUsage;
- ULONG NonPagedPoolUsage;
- ULONG NonPagedPoolLimit;
- ULONG PeakPagefileUsage;
- ULONG PagefileUsage;
- ULONG PagefileLimit;
-} POOLED_USAGE_AND_LIMITS, *PPOOLED_USAGE_AND_LIMITS;
-
-typedef struct _PROCESS_WS_WATCH_INFORMATION {
- PVOID FaultingPc;
- PVOID FaultingVa;
-} PROCESS_WS_WATCH_INFORMATION, *PPROCESS_WS_WATCH_INFORMATION;
-
-/* PROCESS_PRIORITY_CLASS.PriorityClass constants */
-#define PC_IDLE 1
-#define PC_NORMAL 2
-#define PC_HIGH 3
-#define PC_REALTIME 4
-#define PC_BELOW_NORMAL 5
-#define PC_ABOVE_NORMAL 6
-
-typedef struct _PROCESS_PRIORITY_CLASS {
- BOOLEAN Foreground;
- UCHAR PriorityClass;
-} PROCESS_PRIORITY_CLASS, *PPROCESS_PRIORITY_CLASS;
-
-/* PROCESS_DEVICEMAP_INFORMATION.DriveType constants */
-#define DRIVE_UNKNOWN 0
-#define DRIVE_NO_ROOT_DIR 1
-#define DRIVE_REMOVABLE 2
-#define DRIVE_FIXED 3
-#define DRIVE_REMOTE 4
-#define DRIVE_CDROM 5
-#define DRIVE_RAMDISK 6
-
-typedef struct _PROCESS_DEVICEMAP_INFORMATION {
- union {
- struct {
- HANDLE DirectoryHandle;
- } Set;
- struct {
- ULONG DriveMap;
- UCHAR DriveType[ 32 ];
- } Query;
- };
-} PROCESS_DEVICEMAP_INFORMATION, *PPROCESS_DEVICEMAP_INFORMATION;
-
-typedef struct _PROCESS_SESSION_INFORMATION {
- ULONG SessionId;
-} PROCESS_SESSION_INFORMATION, *PPROCESS_SESSION_INFORMATION;
-
-typedef struct _RTL_USER_PROCESS_PARAMETERS {
- ULONG AllocationSize;
- ULONG Size;
- ULONG Flags;
- ULONG DebugFlags;
- HANDLE hConsole;
- ULONG ProcessGroup;
- HANDLE hStdInput;
- HANDLE hStdOutput;
- HANDLE hStdError;
- UNICODE_STRING CurrentDirectoryName;
- HANDLE CurrentDirectoryHandle;
- UNICODE_STRING DllPath;
- UNICODE_STRING ImagePathName;
- UNICODE_STRING CommandLine;
- PWSTR Environment;
- ULONG dwX;
- ULONG dwY;
- ULONG dwXSize;
- ULONG dwYSize;
- ULONG dwXCountChars;
- ULONG dwYCountChars;
- ULONG dwFillAttribute;
- ULONG dwFlags;
- ULONG wShowWindow;
- UNICODE_STRING WindowTitle;
- UNICODE_STRING DesktopInfo;
- UNICODE_STRING ShellInfo;
- UNICODE_STRING RuntimeInfo;
-} RTL_USER_PROCESS_PARAMETERS, *PRTL_USER_PROCESS_PARAMETERS;
-
-NTSTATUS
-NTAPI
-RtlCreateProcessParameters(
- OUT PRTL_USER_PROCESS_PARAMETERS *ProcessParameters,
- IN PUNICODE_STRING ImageFile,
- IN PUNICODE_STRING DllPath OPTIONAL,
- IN PUNICODE_STRING CurrentDirectory OPTIONAL,
- IN PUNICODE_STRING CommandLine OPTIONAL,
- IN PWSTR Environment OPTIONAL,
- IN PUNICODE_STRING WindowTitle OPTIONAL,
- IN PUNICODE_STRING DesktopInfo OPTIONAL,
- IN PUNICODE_STRING ShellInfo OPTIONAL,
- IN PUNICODE_STRING RuntimeInfo OPTIONAL);
-
-NTSTATUS
-NTAPI
-RtlDestroyProcessParameters(
- IN PRTL_USER_PROCESS_PARAMETERS ProcessParameters);
-
-typedef struct _DEBUG_BUFFER {
- HANDLE SectionHandle;
- PVOID SectionBase;
- PVOID RemoteSectionBase;
- ULONG SectionBaseDelta;
- HANDLE EventPairHandle;
- ULONG Unknown[2];
- HANDLE RemoteThreadHandle;
- ULONG InfoClassMask;
- ULONG SizeOfInfo;
- ULONG AllocatedSize;
- ULONG SectionSize;
- PVOID ModuleInformation;
- PVOID BackTraceInformation;
- PVOID HeapInformation;
- PVOID LockInformation;
- PVOID Reserved[8];
-} DEBUG_BUFFER, *PDEBUG_BUFFER;
-
-PDEBUG_BUFFER
-NTAPI
-RtlCreateQueryDebugBuffer(
- IN ULONG Size,
- IN BOOLEAN EventPair);
-
-/* RtlQueryProcessDebugInformation.DebugInfoClassMask constants */
-#define PDI_MODULES 0x01
-#define PDI_BACKTRACE 0x02
-#define PDI_HEAPS 0x04
-#define PDI_HEAP_TAGS 0x08
-#define PDI_HEAP_BLOCKS 0x10
-#define PDI_LOCKS 0x20
-
-NTSTATUS
-NTAPI
-RtlQueryProcessDebugInformation(
- IN ULONG ProcessId,
- IN ULONG DebugInfoClassMask,
- IN OUT PDEBUG_BUFFER DebugBuffer);
-
-NTSTATUS
-NTAPI
-RtlDestroyQueryDebugBuffer(
- IN PDEBUG_BUFFER DebugBuffer);
-
-/* DEBUG_MODULE_INFORMATION.Flags constants */
-#define LDRP_STATIC_LINK 0x00000002
-#define LDRP_IMAGE_DLL 0x00000004
-#define LDRP_LOAD_IN_PROGRESS 0x00001000
-#define LDRP_UNLOAD_IN_PROGRESS 0x00002000
-#define LDRP_ENTRY_PROCESSED 0x00004000
-#define LDRP_ENTRY_INSERTED 0x00008000
-#define LDRP_CURRENT_LOAD 0x00010000
-#define LDRP_FAILED_BUILTIN_LOAD 0x00020000
-#define LDRP_DONT_CALL_FOR_THREADS 0x00040000
-#define LDRP_PROCESS_ATTACH_CALLED 0x00080000
-#define LDRP_DEBUG_SYMBOLS_LOADED 0x00100000
-#define LDRP_IMAGE_NOT_AT_BASE 0x00200000
-#define LDRP_WX86_IGNORE_MACHINETYPE 0x00400000
-
-typedef struct _DEBUG_MODULE_INFORMATION {
- ULONG Reserved[2];
- ULONG Base;
- ULONG Size;
- ULONG Flags;
- USHORT Index;
- USHORT Unknown;
- USHORT LoadCount;
- USHORT ModuleNameOffset;
- CHAR ImageName[256];
-} DEBUG_MODULE_INFORMATION, *PDEBUG_MODULE_INFORMATION;
-
-typedef struct _DEBUG_HEAP_INFORMATION {
- ULONG Base;
- ULONG Flags;
- USHORT Granularity;
- USHORT Unknown;
- ULONG Allocated;
- ULONG Committed;
- ULONG TagCount;
- ULONG BlockCount;
- ULONG Reserved[7];
- PVOID Tags;
- PVOID Blocks;
-} DEBUG_HEAP_INFORMATION, *PDEBUG_HEAP_INFORMATION;
-
-typedef struct _DEBUG_LOCK_INFORMATION {
- PVOID Address;
- USHORT Type;
- USHORT CreatorBackTraceIndex;
- ULONG OwnerThreadId;
- ULONG ActiveCount;
- ULONG ContentionCount;
- ULONG EntryCount;
- ULONG RecursionCount;
- ULONG NumberOfSharedWaiters;
- ULONG NumberOfExclusiveWaiters;
-} DEBUG_LOCK_INFORMATION, *PDEBUG_LOCK_INFORMATION;
-
-
-
-/* Jobs */
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwCreateJobObject(
- OUT PHANDLE JobHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwOpenJobObject(
- OUT PHANDLE JobHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwTerminateJobObject(
- IN HANDLE JobHandle,
- IN NTSTATUS ExitStatus);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwAssignProcessToJobObject(
- IN HANDLE JobHandle,
- IN HANDLE ProcessHandle);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwQueryInformationJobObject(
- IN HANDLE JobHandle,
- IN JOBOBJECTINFOCLASS JobInformationClass,
- OUT PVOID JobInformation,
- IN ULONG JobInformationLength,
- OUT PULONG ReturnLength OPTIONAL);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwSetInformationJobObject(
- IN HANDLE JobHandle,
- IN JOBOBJECTINFOCLASS JobInformationClass,
- IN PVOID JobInformation,
- IN ULONG JobInformationLength);
-
-
-/* Tokens */
-
-#define SE_DEBUG_PRIVILEGE 20L
-#define STATUS_NOT_ALL_ASSIGNED ((NTSTATUS)0x00000106L)
-#define STATUS_PRIVILEGE_NOT_HELD ((NTSTATUS)0xC0000061L)
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwCreateToken(
-OUT PHANDLE TokenHandle,
-IN ACCESS_MASK DesiredAccess,
-IN POBJECT_ATTRIBUTES ObjectAttributes,
-IN TOKEN_TYPE Type,
-IN PLUID AuthenticationId,
-IN PLARGE_INTEGER ExpirationTime,
-IN PTOKEN_USER User,
-IN PTOKEN_GROUPS Groups,
-IN PTOKEN_PRIVILEGES Privileges,
-IN PTOKEN_OWNER Owner,
-IN PTOKEN_PRIMARY_GROUP PrimaryGroup,
-IN PTOKEN_DEFAULT_DACL DefaultDacl,
-IN PTOKEN_SOURCE Source
-);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwOpenProcess (
- __out PHANDLE ProcessHandle,
- __in ACCESS_MASK DesiredAccess,
- __in POBJECT_ATTRIBUTES ObjectAttributes,
- __in_opt PCLIENT_ID ClientId
- );
-
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwClose(
- IN HANDLE Handle
- );
-
-
-NTOSAPI
-NTSTATUS
-NTAPI
- ZwMakeTemporaryObject(
- IN HANDLE Handle
- );
-
-
-NTOSAPI
-NTSTATUS
-NTAPI
-NtOpenProcessToken(
- IN HANDLE ProcessHandle,
- IN ACCESS_MASK DesiredAccess,
- OUT PHANDLE TokenHandle);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwOpenProcessToken(
- IN HANDLE ProcessHandle,
- IN ACCESS_MASK DesiredAccess,
- OUT PHANDLE TokenHandle);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-NtOpenThreadToken(
- IN HANDLE ThreadHandle,
- IN ACCESS_MASK DesiredAccess,
- IN BOOLEAN OpenAsSelf,
- OUT PHANDLE TokenHandle);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwOpenThreadToken(
- IN HANDLE ThreadHandle,
- IN ACCESS_MASK DesiredAccess,
- IN BOOLEAN OpenAsSelf,
- OUT PHANDLE TokenHandle);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-NtDuplicateToken(
- IN HANDLE ExistingTokenHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN BOOLEAN EffectiveOnly,
- IN TOKEN_TYPE TokenType,
- OUT PHANDLE NewTokenHandle);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwDuplicateToken(
- IN HANDLE ExistingTokenHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN BOOLEAN EffectiveOnly,
- IN TOKEN_TYPE TokenType,
- OUT PHANDLE NewTokenHandle);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwFilterToken(
- IN HANDLE ExistingTokenHandle,
- IN ULONG Flags,
- IN PTOKEN_GROUPS SidsToDisable,
- IN PTOKEN_PRIVILEGES PrivilegesToDelete,
- IN PTOKEN_GROUPS SidsToRestricted,
- OUT PHANDLE NewTokenHandle);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-NtAdjustPrivilegesToken(
- IN HANDLE TokenHandle,
- IN BOOLEAN DisableAllPrivileges,
- IN PTOKEN_PRIVILEGES NewState,
- IN ULONG BufferLength,
- OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL,
- OUT PULONG ReturnLength);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwAdjustPrivilegesToken(
- IN HANDLE TokenHandle,
- IN BOOLEAN DisableAllPrivileges,
- IN PTOKEN_PRIVILEGES NewState,
- IN ULONG BufferLength,
- OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL,
- OUT PULONG ReturnLength);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwAdjustGroupsToken(
- IN HANDLE TokenHandle,
- IN BOOLEAN ResetToDefault,
- IN PTOKEN_GROUPS NewState,
- IN ULONG BufferLength,
- OUT PTOKEN_GROUPS PreviousState OPTIONAL,
- OUT PULONG ReturnLength);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-NtQueryInformationToken(
- IN HANDLE TokenHandle,
- IN TOKEN_INFORMATION_CLASS TokenInformationClass,
- OUT PVOID TokenInformation,
- IN ULONG TokenInformationLength,
- OUT PULONG ReturnLength);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwQueryInformationToken(
- IN HANDLE TokenHandle,
- IN TOKEN_INFORMATION_CLASS TokenInformationClass,
- OUT PVOID TokenInformation,
- IN ULONG TokenInformationLength,
- OUT PULONG ReturnLength);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwSetInformationToken(
- IN HANDLE TokenHandle,
- IN TOKEN_INFORMATION_CLASS TokenInformationClass,
- IN PVOID TokenInformation,
- IN ULONG TokenInformationLength);
-
-
-
-
-/* Time */
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwQuerySystemTime(
- OUT PLARGE_INTEGER CurrentTime);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwSetSystemTime(
- IN PLARGE_INTEGER NewTime,
- OUT PLARGE_INTEGER OldTime OPTIONAL);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwQueryPerformanceCounter(
- OUT PLARGE_INTEGER PerformanceCount,
- OUT PLARGE_INTEGER PerformanceFrequency OPTIONAL);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwQueryPerformanceCounter(
- OUT PLARGE_INTEGER PerformanceCount,
- OUT PLARGE_INTEGER PerformanceFrequency OPTIONAL);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwQueryTimerResolution(
- OUT PULONG CoarsestResolution,
- OUT PULONG FinestResolution,
- OUT PULONG ActualResolution);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwDelayExecution(
- IN BOOLEAN Alertable,
- IN PLARGE_INTEGER Interval);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwYieldExecution(
- VOID);
-
-NTOSAPI
-ULONG
-NTAPI
-ZwGetTickCount(
- VOID);
-
-
-
-
-/* Execution profiling */
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwCreateProfile(
- OUT PHANDLE ProfileHandle,
- IN HANDLE ProcessHandle,
- IN PVOID Base,
- IN ULONG Size,
- IN ULONG BucketShift,
- IN PULONG Buffer,
- IN ULONG BufferLength,
- IN KPROFILE_SOURCE Source,
- IN ULONG ProcessorMask);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwSetIntervalProfile(
- IN ULONG Interval,
- IN KPROFILE_SOURCE Source);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwQueryIntervalProfile(
- IN KPROFILE_SOURCE Source,
- OUT PULONG Interval);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwStartProfile(
- IN HANDLE ProfileHandle);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwStopProfile(
- IN HANDLE ProfileHandle);
-
-/* Local Procedure Call (LPC) */
-
-typedef struct _LPC_MESSAGE {
- USHORT DataSize;
- USHORT MessageSize;
- USHORT MessageType;
- USHORT VirtualRangesOffset;
- CLIENT_ID ClientId;
- ULONG MessageId;
- ULONG SectionSize;
- UCHAR Data[ANYSIZE_ARRAY];
-} LPC_MESSAGE, *PLPC_MESSAGE;
-
-#define LPC_MESSAGE_BASE_SIZE 24
-
-typedef enum _LPC_TYPE {
- LPC_NEW_MESSAGE,
- LPC_REQUEST,
- LPC_REPLY,
- LPC_DATAGRAM,
- LPC_LOST_REPLY,
- LPC_PORT_CLOSED,
- LPC_CLIENT_DIED,
- LPC_EXCEPTION,
- LPC_DEBUG_EVENT,
- LPC_ERROR_EVENT,
- LPC_CONNECTION_REQUEST,
- LPC_CONNECTION_REFUSED,
- LPC_MAXIMUM
-} LPC_TYPE;
-
-typedef struct _LPC_SECTION_WRITE {
- ULONG Length;
- HANDLE SectionHandle;
- ULONG SectionOffset;
- ULONG ViewSize;
- PVOID ViewBase;
- PVOID TargetViewBase;
-} LPC_SECTION_WRITE, *PLPC_SECTION_WRITE;
-
-typedef struct _LPC_SECTION_READ {
- ULONG Length;
- ULONG ViewSize;
- PVOID ViewBase;
-} LPC_SECTION_READ, *PLPC_SECTION_READ;
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwCreatePort(
- OUT PHANDLE PortHandle,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN ULONG MaxDataSize,
- IN ULONG MaxMessageSize,
- IN ULONG Reserved);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwCreateWaitablePort(
- OUT PHANDLE PortHandle,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN ULONG MaxDataSize,
- IN ULONG MaxMessageSize,
- IN ULONG Reserved);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-NtConnectPort(
- OUT PHANDLE PortHandle,
- IN PUNICODE_STRING PortName,
- IN PSECURITY_QUALITY_OF_SERVICE SecurityQos,
- IN OUT PLPC_SECTION_WRITE WriteSection OPTIONAL,
- IN OUT PLPC_SECTION_READ ReadSection OPTIONAL,
- OUT PULONG MaxMessageSize OPTIONAL,
- IN OUT PVOID ConnectData OPTIONAL,
- IN OUT PULONG ConnectDataLength OPTIONAL);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwConnectPort(
- OUT PHANDLE PortHandle,
- IN PUNICODE_STRING PortName,
- IN PSECURITY_QUALITY_OF_SERVICE SecurityQos,
- IN OUT PLPC_SECTION_WRITE WriteSection OPTIONAL,
- IN OUT PLPC_SECTION_READ ReadSection OPTIONAL,
- OUT PULONG MaxMessageSize OPTIONAL,
- IN OUT PVOID ConnectData OPTIONAL,
- IN OUT PULONG ConnectDataLength OPTIONAL);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwConnectPort(
- OUT PHANDLE PortHandle,
- IN PUNICODE_STRING PortName,
- IN PSECURITY_QUALITY_OF_SERVICE SecurityQos,
- IN OUT PLPC_SECTION_WRITE WriteSection OPTIONAL,
- IN OUT PLPC_SECTION_READ ReadSection OPTIONAL,
- OUT PULONG MaxMessageSize OPTIONAL,
- IN OUT PVOID ConnectData OPTIONAL,
- IN OUT PULONG ConnectDataLength OPTIONAL);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwListenPort(
- IN HANDLE PortHandle,
- OUT PLPC_MESSAGE Message);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwAcceptConnectPort(
- OUT PHANDLE PortHandle,
- IN ULONG PortIdentifier,
- IN PLPC_MESSAGE Message,
- IN BOOLEAN Accept,
- IN OUT PLPC_SECTION_WRITE WriteSection OPTIONAL,
- IN OUT PLPC_SECTION_READ ReadSection OPTIONAL);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwCompleteConnectPort(
- IN HANDLE PortHandle);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-NtRequestPort(
- IN HANDLE PortHandle,
- IN PLPC_MESSAGE RequestMessage);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-NtRequestWaitReplyPort(
- IN HANDLE PortHandle,
- IN PLPC_MESSAGE RequestMessage,
- OUT PLPC_MESSAGE ReplyMessage);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwRequestWaitReplyPort(
- IN HANDLE PortHandle,
- IN PLPC_MESSAGE RequestMessage,
- OUT PLPC_MESSAGE ReplyMessage);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwReplyPort(
- IN HANDLE PortHandle,
- IN PLPC_MESSAGE ReplyMessage);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwReplyWaitReplyPort(
- IN HANDLE PortHandle,
- IN OUT PLPC_MESSAGE ReplyMessage);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwReplyWaitReceivePort(
- IN HANDLE PortHandle,
- OUT PULONG PortIdentifier OPTIONAL,
- IN PLPC_MESSAGE ReplyMessage OPTIONAL,
- OUT PLPC_MESSAGE Message);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwReplyWaitReceivePortEx(
- IN HANDLE PortHandle,
- OUT PULONG PortIdentifier OPTIONAL,
- IN PLPC_MESSAGE ReplyMessage OPTIONAL,
- OUT PLPC_MESSAGE Message,
- IN PLARGE_INTEGER Timeout);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwOpenFile(
- OUT PHANDLE FileHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN ULONG ShareAccess,
- IN ULONG OpenOptions
-);
-
-
-#define OBJ_CASE_INSENSITIVE 0x00000040L
-#define FILE_NON_DIRECTORY_FILE 0x00000040
-#define FILE_SYNCHRONOUS_IO_NONALERT 0x00000020
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwReadRequestData(
- IN HANDLE PortHandle,
- IN PLPC_MESSAGE Message,
- IN ULONG Index,
- OUT PVOID Buffer,
- IN ULONG BufferLength,
- OUT PULONG ReturnLength OPTIONAL);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwWriteRequestData(
- IN HANDLE PortHandle,
- IN PLPC_MESSAGE Message,
- IN ULONG Index,
- IN PVOID Buffer,
- IN ULONG BufferLength,
- OUT PULONG ReturnLength OPTIONAL);
-
-typedef enum _PORT_INFORMATION_CLASS {
- PortBasicInformation
-} PORT_INFORMATION_CLASS;
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwQueryInformationPort(
- IN HANDLE PortHandle,
- IN PORT_INFORMATION_CLASS PortInformationClass,
- OUT PVOID PortInformation,
- IN ULONG PortInformationLength,
- OUT PULONG ReturnLength OPTIONAL);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwImpersonateClientOfPort(
- IN HANDLE PortHandle,
- IN PLPC_MESSAGE Message);
-
-
-
-
-/* Files */
-
-NTOSAPI
-NTSTATUS
-NTAPI
-NtDeleteFile(
- IN POBJECT_ATTRIBUTES ObjectAttributes);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwDeleteFile(
- IN POBJECT_ATTRIBUTES ObjectAttributes);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwFlushBuffersFile(
- IN HANDLE FileHandle,
- OUT PIO_STATUS_BLOCK IoStatusBlock);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwCancelIoFile(
- IN HANDLE FileHandle,
- OUT PIO_STATUS_BLOCK IoStatusBlock);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwReadFileScatter(
- IN HANDLE FileHandle,
- IN HANDLE Event OPTIONAL,
- IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
- IN PVOID ApcContext OPTIONAL,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN PFILE_SEGMENT_ELEMENT Buffer,
- IN ULONG Length,
- IN PLARGE_INTEGER ByteOffset OPTIONAL,
- IN PULONG Key OPTIONAL);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwWriteFileGather(
- IN HANDLE FileHandle,
- IN HANDLE Event OPTIONAL,
- IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
- IN PVOID ApcContext OPTIONAL,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN PFILE_SEGMENT_ELEMENT Buffer,
- IN ULONG Length,
- IN PLARGE_INTEGER ByteOffset OPTIONAL,
- IN PULONG Key OPTIONAL);
-
-
-
-
-/* Registry keys */
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwSaveKey(
- IN HANDLE KeyHandle,
- IN HANDLE FileHandle);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwSaveMergedKeys(
- IN HANDLE KeyHandle1,
- IN HANDLE KeyHandle2,
- IN HANDLE FileHandle);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwRestoreKey(
- IN HANDLE KeyHandle,
- IN HANDLE FileHandle,
- IN ULONG Flags);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwLoadKey(
- IN POBJECT_ATTRIBUTES KeyObjectAttributes,
- IN POBJECT_ATTRIBUTES FileObjectAttributes);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwLoadKey2(
- IN POBJECT_ATTRIBUTES KeyObjectAttributes,
- IN POBJECT_ATTRIBUTES FileObjectAttributes,
- IN ULONG Flags);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwUnloadKey(
- IN POBJECT_ATTRIBUTES KeyObjectAttributes);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwQueryOpenSubKeys(
- IN POBJECT_ATTRIBUTES KeyObjectAttributes,
- OUT PULONG NumberOfKeys);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwReplaceKey(
- IN POBJECT_ATTRIBUTES NewFileObjectAttributes,
- IN HANDLE KeyHandle,
- IN POBJECT_ATTRIBUTES OldFileObjectAttributes);
-
-typedef enum _KEY_SET_INFORMATION_CLASS {
- KeyLastWriteTimeInformation
-} KEY_SET_INFORMATION_CLASS;
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwSetInformationKey(
- IN HANDLE KeyHandle,
- IN KEY_SET_INFORMATION_CLASS KeyInformationClass,
- IN PVOID KeyInformation,
- IN ULONG KeyInformationLength);
-
-typedef struct _KEY_LAST_WRITE_TIME_INFORMATION {
- LARGE_INTEGER LastWriteTime;
-} KEY_LAST_WRITE_TIME_INFORMATION, *PKEY_LAST_WRITE_TIME_INFORMATION;
-
-typedef struct _KEY_NAME_INFORMATION {
- ULONG NameLength;
- WCHAR Name[1];
-} KEY_NAME_INFORMATION, *PKEY_NAME_INFORMATION;
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwNotifyChangeKey(
- IN HANDLE KeyHandle,
- IN HANDLE EventHandle OPTIONAL,
- IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
- IN PVOID ApcContext OPTIONAL,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN ULONG NotifyFilter,
- IN BOOLEAN WatchSubtree,
- IN PVOID Buffer,
- IN ULONG BufferLength,
- IN BOOLEAN Asynchronous);
-
-/* ZwNotifyChangeMultipleKeys.Flags constants */
-#define REG_MONITOR_SINGLE_KEY 0x00
-#define REG_MONITOR_SECOND_KEY 0x01
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwNotifyChangeMultipleKeys(
- IN HANDLE KeyHandle,
- IN ULONG Flags,
- IN POBJECT_ATTRIBUTES KeyObjectAttributes,
- IN HANDLE EventHandle OPTIONAL,
- IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
- IN PVOID ApcContext OPTIONAL,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN ULONG NotifyFilter,
- IN BOOLEAN WatchSubtree,
- IN PVOID Buffer,
- IN ULONG BufferLength,
- IN BOOLEAN Asynchronous);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwQueryMultipleValueKey(
- IN HANDLE KeyHandle,
- IN OUT PKEY_VALUE_ENTRY ValueList,
- IN ULONG NumberOfValues,
- OUT PVOID Buffer,
- IN OUT PULONG Length,
- OUT PULONG ReturnLength);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwInitializeRegistry(
- IN BOOLEAN Setup);
-
-
-
-
-/* Security and auditing */
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwPrivilegeCheck(
- IN HANDLE TokenHandle,
- IN PPRIVILEGE_SET RequiredPrivileges,
- OUT PBOOLEAN Result);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwPrivilegeObjectAuditAlarm(
- IN PUNICODE_STRING SubsystemName,
- IN PVOID HandleId,
- IN HANDLE TokenHandle,
- IN ACCESS_MASK DesiredAccess,
- IN PPRIVILEGE_SET Privileges,
- IN BOOLEAN AccessGranted);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwPrivilegeObjectAuditAlarm(
- IN PUNICODE_STRING SubsystemName,
- IN PVOID HandleId,
- IN HANDLE TokenHandle,
- IN ACCESS_MASK DesiredAccess,
- IN PPRIVILEGE_SET Privileges,
- IN BOOLEAN AccessGranted);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwAccessCheck(
- IN PSECURITY_DESCRIPTOR SecurityDescriptor,
- IN HANDLE TokenHandle,
- IN ACCESS_MASK DesiredAccess,
- IN PGENERIC_MAPPING GenericMapping,
- IN PPRIVILEGE_SET PrivilegeSet,
- IN PULONG PrivilegeSetLength,
- OUT PACCESS_MASK GrantedAccess,
- OUT PBOOLEAN AccessStatus);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwAccessCheckAndAuditAlarm(
- IN PUNICODE_STRING SubsystemName,
- IN PVOID HandleId,
- IN PUNICODE_STRING ObjectTypeName,
- IN PUNICODE_STRING ObjectName,
- IN PSECURITY_DESCRIPTOR SecurityDescriptor,
- IN ACCESS_MASK DesiredAccess,
- IN PGENERIC_MAPPING GenericMapping,
- IN BOOLEAN ObjectCreation,
- OUT PACCESS_MASK GrantedAccess,
- OUT PBOOLEAN AccessStatus,
- OUT PBOOLEAN GenerateOnClose);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwAccessCheckByType(
- IN PSECURITY_DESCRIPTOR SecurityDescriptor,
- IN PSID PrincipalSelfSid,
- IN HANDLE TokenHandle,
- IN ULONG DesiredAccess,
- IN POBJECT_TYPE_LIST ObjectTypeList,
- IN ULONG ObjectTypeListLength,
- IN PGENERIC_MAPPING GenericMapping,
- IN PPRIVILEGE_SET PrivilegeSet,
- IN PULONG PrivilegeSetLength,
- OUT PACCESS_MASK GrantedAccess,
- OUT PULONG AccessStatus);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwAccessCheckByTypeAndAuditAlarm(
- IN PUNICODE_STRING SubsystemName,
- IN PVOID HandleId,
- IN PUNICODE_STRING ObjectTypeName,
- IN PUNICODE_STRING ObjectName,
- IN PSECURITY_DESCRIPTOR SecurityDescriptor,
- IN PSID PrincipalSelfSid,
- IN ACCESS_MASK DesiredAccess,
- IN AUDIT_EVENT_TYPE AuditType,
- IN ULONG Flags,
- IN POBJECT_TYPE_LIST ObjectTypeList,
- IN ULONG ObjectTypeListLength,
- IN PGENERIC_MAPPING GenericMapping,
- IN BOOLEAN ObjectCreation,
- OUT PACCESS_MASK GrantedAccess,
- OUT PULONG AccessStatus,
- OUT PBOOLEAN GenerateOnClose);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwAccessCheckByTypeResultList(
- IN PSECURITY_DESCRIPTOR SecurityDescriptor,
- IN PSID PrincipalSelfSid,
- IN HANDLE TokenHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_TYPE_LIST ObjectTypeList,
- IN ULONG ObjectTypeListLength,
- IN PGENERIC_MAPPING GenericMapping,
- IN PPRIVILEGE_SET PrivilegeSet,
- IN PULONG PrivilegeSetLength,
- OUT PACCESS_MASK GrantedAccessList,
- OUT PULONG AccessStatusList);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwAccessCheckByTypeResultListAndAuditAlarm(
- IN PUNICODE_STRING SubsystemName,
- IN PVOID HandleId,
- IN PUNICODE_STRING ObjectTypeName,
- IN PUNICODE_STRING ObjectName,
- IN PSECURITY_DESCRIPTOR SecurityDescriptor,
- IN PSID PrincipalSelfSid,
- IN ACCESS_MASK DesiredAccess,
- IN AUDIT_EVENT_TYPE AuditType,
- IN ULONG Flags,
- IN POBJECT_TYPE_LIST ObjectTypeList,
- IN ULONG ObjectTypeListLength,
- IN PGENERIC_MAPPING GenericMapping,
- IN BOOLEAN ObjectCreation,
- OUT PACCESS_MASK GrantedAccessList,
- OUT PULONG AccessStatusList,
- OUT PULONG GenerateOnClose);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwAccessCheckByTypeResultListAndAuditAlarmByHandle(
- IN PUNICODE_STRING SubsystemName,
- IN PVOID HandleId,
- IN HANDLE TokenHandle,
- IN PUNICODE_STRING ObjectTypeName,
- IN PUNICODE_STRING ObjectName,
- IN PSECURITY_DESCRIPTOR SecurityDescriptor,
- IN PSID PrincipalSelfSid,
- IN ACCESS_MASK DesiredAccess,
- IN AUDIT_EVENT_TYPE AuditType,
- IN ULONG Flags,
- IN POBJECT_TYPE_LIST ObjectTypeList,
- IN ULONG ObjectTypeListLength,
- IN PGENERIC_MAPPING GenericMapping,
- IN BOOLEAN ObjectCreation,
- OUT PACCESS_MASK GrantedAccessList,
- OUT PULONG AccessStatusList,
- OUT PULONG GenerateOnClose);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwOpenObjectAuditAlarm(
- IN PUNICODE_STRING SubsystemName,
- IN PVOID *HandleId,
- IN PUNICODE_STRING ObjectTypeName,
- IN PUNICODE_STRING ObjectName,
- IN PSECURITY_DESCRIPTOR SecurityDescriptor,
- IN HANDLE TokenHandle,
- IN ACCESS_MASK DesiredAccess,
- IN ACCESS_MASK GrantedAccess,
- IN PPRIVILEGE_SET Privileges OPTIONAL,
- IN BOOLEAN ObjectCreation,
- IN BOOLEAN AccessGranted,
- OUT PBOOLEAN GenerateOnClose);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwCloseObjectAuditAlarm(
- IN PUNICODE_STRING SubsystemName,
- IN PVOID HandleId,
- IN BOOLEAN GenerateOnClose);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwDeleteObjectAuditAlarm(
- IN PUNICODE_STRING SubsystemName,
- IN PVOID HandleId,
- IN BOOLEAN GenerateOnClose);
-
-
-
-
-/* Plug and play and power management */
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwRequestWakeupLatency(
- IN LATENCY_TIME Latency);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwRequestDeviceWakeup(
- IN HANDLE DeviceHandle);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwCancelDeviceWakeupRequest(
- IN HANDLE DeviceHandle);
-
-NTOSAPI
-BOOLEAN
-NTAPI
-ZwIsSystemResumeAutomatic(
- VOID);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwSetThreadExecutionState(
- IN EXECUTION_STATE ExecutionState,
- OUT PEXECUTION_STATE PreviousExecutionState);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwGetDevicePowerState(
- IN HANDLE DeviceHandle,
- OUT PDEVICE_POWER_STATE DevicePowerState);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwSetSystemPowerState(
- IN POWER_ACTION SystemAction,
- IN SYSTEM_POWER_STATE MinSystemState,
- IN ULONG Flags);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwInitiatePowerAction(
- IN POWER_ACTION SystemAction,
- IN SYSTEM_POWER_STATE MinSystemState,
- IN ULONG Flags,
- IN BOOLEAN Asynchronous);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwPowerInformation(
- IN POWER_INFORMATION_LEVEL PowerInformationLevel,
- IN PVOID InputBuffer OPTIONAL,
- IN ULONG InputBufferLength,
- OUT PVOID OutputBuffer OPTIONAL,
- IN ULONG OutputBufferLength);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwPlugPlayControl(
- IN ULONG ControlCode,
- IN OUT PVOID Buffer,
- IN ULONG BufferLength);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwGetPlugPlayEvent(
- IN ULONG Reserved1,
- IN ULONG Reserved2,
- OUT PVOID Buffer,
- IN ULONG BufferLength);
-
-
-/* Miscellany */
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwRaiseException(
- IN PEXCEPTION_RECORD ExceptionRecord,
- IN PCONTEXT Context,
- IN BOOLEAN SearchFrames);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwContinue(
- IN PCONTEXT Context,
- IN BOOLEAN TestAlert);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwW32Call(
- IN ULONG RoutineIndex,
- IN PVOID Argument,
- IN ULONG ArgumentLength,
- OUT PVOID *Result OPTIONAL,
- OUT PULONG ResultLength OPTIONAL);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwSetLowWaitHighThread(
- VOID);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwSetHighWaitLowThread(
- VOID);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwLoadDriver(
- IN PUNICODE_STRING DriverServiceName);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwUnloadDriver(
- IN PUNICODE_STRING DriverServiceName);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwFlushInstructionCache(
- IN HANDLE ProcessHandle,
- IN PVOID BaseAddress OPTIONAL,
- IN ULONG FlushSize);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwFlushWriteBuffer(
- VOID);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwQueryDefaultLocale(
- IN BOOLEAN ThreadOrSystem,
- OUT PLCID Locale);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwSetDefaultLocale(
- IN BOOLEAN ThreadOrSystem,
- IN LCID Locale);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwQueryDefaultUILanguage(
- OUT PLANGID LanguageId);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwSetDefaultUILanguage(
- IN LANGID LanguageId);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwQueryInstallUILanguage(
- OUT PLANGID LanguageId);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-NtAllocateLocallyUniqueId(
- OUT PLUID Luid);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-NtAllocateUuids(
- OUT PLARGE_INTEGER UuidLastTimeAllocated,
- OUT PULONG UuidDeltaTime,
- OUT PULONG UuidSequenceNumber,
- OUT PUCHAR UuidSeed);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwSetUuidSeed(
- IN PUCHAR UuidSeed);
-
-typedef enum _HARDERROR_RESPONSE_OPTION {
- OptionAbortRetryIgnore,
- OptionOk,
- OptionOkCancel,
- OptionRetryCancel,
- OptionYesNo,
- OptionYesNoCancel,
- OptionShutdownSystem
-} HARDERROR_RESPONSE_OPTION, *PHARDERROR_RESPONSE_OPTION;
-
-typedef enum _HARDERROR_RESPONSE {
- ResponseReturnToCaller,
- ResponseNotHandled,
- ResponseAbort,
- ResponseCancel,
- ResponseIgnore,
- ResponseNo,
- ResponseOk,
- ResponseRetry,
- ResponseYes
-} HARDERROR_RESPONSE, *PHARDERROR_RESPONSE;
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwRaiseHardError(
- IN NTSTATUS Status,
- IN ULONG NumberOfArguments,
- IN ULONG StringArgumentsMask,
- IN PULONG Arguments,
- IN HARDERROR_RESPONSE_OPTION ResponseOption,
- OUT PHARDERROR_RESPONSE Response);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwSetDefaultHardErrorPort(
- IN HANDLE PortHandle);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwDisplayString(
- IN PUNICODE_STRING String);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwCreatePagingFile(
- IN PUNICODE_STRING FileName,
- IN PULARGE_INTEGER InitialSize,
- IN PULARGE_INTEGER MaximumSize,
- IN ULONG Reserved);
-
-typedef USHORT RTL_ATOM, *PRTL_ATOM;
-
-NTOSAPI
-NTSTATUS
-NTAPI
-NtAddAtom(
- IN PWSTR AtomName,
- IN ULONG AtomNameLength,
- OUT PRTL_ATOM Atom);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-NtFindAtom(
- IN PWSTR AtomName,
- IN ULONG AtomNameLength,
- OUT PRTL_ATOM Atom);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-NtDeleteAtom(
- IN RTL_ATOM Atom);
-
-typedef enum _ATOM_INFORMATION_CLASS {
- AtomBasicInformation,
- AtomListInformation
-} ATOM_INFORMATION_CLASS;
-
-NTOSAPI
-NTSTATUS
-NTAPI
-NtQueryInformationAtom(
- IN RTL_ATOM Atom,
- IN ATOM_INFORMATION_CLASS AtomInformationClass,
- OUT PVOID AtomInformation,
- IN ULONG AtomInformationLength,
- OUT PULONG ReturnLength OPTIONAL);
-
-typedef struct _ATOM_BASIC_INFORMATION {
- USHORT ReferenceCount;
- USHORT Pinned;
- USHORT NameLength;
- WCHAR Name[1];
-} ATOM_BASIC_INFORMATION, *PATOM_BASIC_INFORMATION;
-
-typedef struct _ATOM_LIST_INFORMATION {
- ULONG NumberOfAtoms;
- ATOM Atoms[1];
-} ATOM_LIST_INFORMATION, *PATOM_LIST_INFORMATION;
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwSetLdtEntries(
- IN ULONG Selector1,
- IN LDT_ENTRY LdtEntry1,
- IN ULONG Selector2,
- IN LDT_ENTRY LdtEntry2);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwSetInformationThread(
- IN HANDLE ThreadHandle,
- IN THREADINFOCLASS ThreadInformationClass,
- IN PVOID ThreadInformation,
- IN ULONG ThreadInformationLength);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwTerminateThread(
- IN HANDLE ThreadHandle OPTIONAL,
- IN NTSTATUS ExitStatus);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-NtVdmControl(
- IN ULONG ControlCode,
- IN PVOID ControlData);
-
-BOOLEAN
-WINAPI
-RtlCreateUnicodeStringFromAsciiz (
- OUT PUNICODE_STRING Destination,
- IN PCSTR Source
- );
-
-VOID
-WINAPI
-RtlInitUnicodeString(
- IN OUT PUNICODE_STRING DestinationString,
- IN PCWSTR SourceString);
-
-VOID
-RtlFreeUnicodeString(
-IN OUT PUNICODE_STRING DestinationString);
-
-
-LONG
-WINAPI
-RtlCompareUnicodeString(
- IN PUNICODE_STRING String1,
- IN PUNICODE_STRING String2,
- IN BOOLEAN CaseInSensitive);
-
-BOOLEAN
-WINAPI
-RtlEqualUnicodeString(
- IN CONST UNICODE_STRING *String1,
- IN CONST UNICODE_STRING *String2,
- IN BOOLEAN CaseInSensitive);
-
-
-VOID
-WINAPI
- RtlInitAnsiString(
- IN OUT PANSI_STRING DestinationString,
- IN PCHAR SourceString
- );
-
-
-PPEB
-WINAPI
-RtlGetCurrentPeb(
- VOID
- );
-
-NTSTATUS WINAPI
-RtlAdjustPrivilege(ULONG Privilege,
- BOOLEAN Enable,
- BOOLEAN CurrentThread,
- PBOOLEAN Enabled);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwQueryInformationThread(
- /*IN*/ HANDLE ThreadHandle,
- /*IN*/ THREADINFOCLASS ThreadInformationClass,
- /*OUT*/ PVOID ThreadInformation,
- /*IN*/ ULONG ThreadInformationLength,
- /*OUT*/ PULONG ReturnLength /*OPTIONAL*/);
-
-NTSTATUS WINAPI LdrGetDllHandle(ULONG, ULONG, const UNICODE_STRING*, HMODULE*);
-NTSTATUS WINAPI LdrGetProcedureAddress(HMODULE, const ANSI_STRING*, ULONG, void**);
-
-NTSTATUS WINAPI
-RtlCreateUserThread(
-
-IN HANDLE ProcessHandle, IN PSECURITY_DESCRIPTOR SecurityDescriptor OPTIONAL, IN BOOLEAN CreateSuspended, IN ULONG StackZeroBits, IN OUT PULONG StackReserved, IN OUT PULONG StackCommit, IN PVOID StartAddress, IN PVOID StartParameter OPTIONAL, OUT PHANDLE ThreadHandle, OUT PCLIENT_ID ClientID );
-
-BOOLEAN
-RtlDosPathNameToNtPathName_U (
- PCWSTR DosName,
- PUNICODE_STRING NtName,
- PWSTR *DosFilePath,
- PVOID NtFilePath // Some special structure, first member being UNICODE_STRING
- );
-
-BOOLEAN RtlFreeHeap( IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase );
-PVOID RtlAllocateHeap( IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size );
-PVOID RtlReAllocateHeap(
- IN PVOID HeapHandle,
- IN ULONG Flags,
- IN PVOID MemoryPointer,
- IN ULONG Size );
-NTSYSAPI BOOLEAN NTAPI
-RtlValidateHeap(
- IN PVOID HeapHandle,
- IN ULONG Flags,
- IN PVOID AddressToValidate OPTIONAL );
-
-typedef struct _TEB
-{
- NT_TIB Tib; /* 000 */
- PVOID EnvironmentPointer; /* 01c */
- CLIENT_ID ClientId; /* 020 */
- PVOID ActiveRpcHandle; /* 028 */
- PVOID ThreadLocalStoragePointer; /* 02c */
- PPEB Peb; /* 030 */
- ULONG LastErrorValue; /* 034 */
- BYTE __pad038[140]; /* 038 */
- ULONG CurrentLocale; /* 0c4 */
- BYTE __pad0c8[1752]; /* 0c8 */
- PVOID Reserved2[277]; /* 7a0 */
- ULONG LastStatusValue; /* bf4 */
- UNICODE_STRING StaticUnicodeString; /* bf8 used by advapi32 */
- WCHAR StaticUnicodeBuffer[261]; /* c00 used by advapi32 */
- PVOID DeallocationStack; /* e0c */
- PVOID TlsSlots[64]; /* e10 */
- LIST_ENTRY TlsLinks; /* f10 */
- PVOID Reserved4[26]; /* f18 */
- PVOID ReservedForOle; /* f80 Windows 2000 only */
- PVOID Reserved5[4]; /* f84 */
- PVOID TlsExpansionSlots; /* f94 */
-} TEB, *PTEB;
-
-
-typedef struct _FILE_STANDARD_INFORMATION {
- LARGE_INTEGER AllocationSize;
- LARGE_INTEGER EndOfFile;
- ULONG NumberOfLinks;
- BOOLEAN DeletePending;
- BOOLEAN Directory;
-} FILE_STANDARD_INFORMATION, *PFILE_STANDARD_INFORMATION;
-
-
-typedef enum _FILE_INFORMATION_CLASS {
- FileDirectoryInformation = 1,
- FileFullDirectoryInformation, // 2
- FileBothDirectoryInformation, // 3
- FileBasicInformation, // 4
- FileStandardInformation, // 5
- FileInternalInformation, // 6
- FileEaInformation, // 7
- FileAccessInformation, // 8
- FileNameInformation, // 9
- FileRenameInformation, // 10
- FileLinkInformation, // 11
- FileNamesInformation, // 12
- FileDispositionInformation, // 13
- FilePositionInformation, // 14
- FileFullEaInformation, // 15
- FileModeInformation, // 16
- FileAlignmentInformation, // 17
- FileAllInformation, // 18
- FileAllocationInformation, // 19
- FileEndOfFileInformation, // 20
- FileAlternateNameInformation, // 21
- FileStreamInformation, // 22
- FilePipeInformation, // 23
- FilePipeLocalInformation, // 24
- FilePipeRemoteInformation, // 25
- FileMailslotQueryInformation, // 26
- FileMailslotSetInformation, // 27
- FileCompressionInformation, // 28
- FileObjectIdInformation, // 29
- FileCompletionInformation, // 30
- FileMoveClusterInformation, // 31
- FileInformationReserved32, // 32
- FileInformationReserved33, // 33
- FileNetworkOpenInformation, // 34
- FileAttributeTagInformation, // 35
- FileTrackingInformation, // 36
- FileIdBothDirectoryInformation, // 37
- FileIdFullDirectoryInformation, // 38
- FileValidDataLengthInformation, // 39
- FileShortNameInformation, // 40
- FileMaximumInformation
-} FILE_INFORMATION_CLASS, *PFILE_INFORMATION_CLASS;
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwQueryInformationFile(
-IN HANDLE FileHandle,
-OUT PIO_STATUS_BLOCK IoStatusBlock,
-OUT PVOID FileInformation,
-IN ULONG FileInformationLength,
-IN FILE_INFORMATION_CLASS FileInformationClass
-);
-
-NTOSAPI
-NTSTATUS
-NTAPI
-ZwCreateFile(
-OUT PHANDLE FileHandle,
-IN ACCESS_MASK DesiredAccess,
-IN POBJECT_ATTRIBUTES ObjectAttributes,
-OUT PIO_STATUS_BLOCK IoStatusBlock,
-IN PLARGE_INTEGER AllocationSize OPTIONAL,
-IN ULONG FileAttributes,
-IN ULONG ShareAccess,
-IN ULONG CreateDisposition,
-IN ULONG CreateOptions,
-IN PVOID EaBuffer OPTIONAL,
-IN ULONG EaLength
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwReadFile(
-IN HANDLE FileHandle,
-IN HANDLE Event OPTIONAL,
-IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
-IN PVOID ApcContext OPTIONAL,
-OUT PIO_STATUS_BLOCK IoStatusBlock,
-OUT PVOID Buffer,
-IN ULONG Length,
-IN PLARGE_INTEGER ByteOffset OPTIONAL,
-IN PULONG Key OPTIONAL
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwWriteFile(
-IN HANDLE FileHandle,
-IN HANDLE Event OPTIONAL,
-IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
-IN PVOID ApcContext OPTIONAL,
-OUT PIO_STATUS_BLOCK IoStatusBlock,
-IN PVOID Buffer,
-IN ULONG Length,
-IN PLARGE_INTEGER ByteOffset OPTIONAL,
-IN PULONG Key OPTIONAL
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwSetInformationFile(
-IN HANDLE FileHandle,
-OUT PIO_STATUS_BLOCK IoStatusBlock,
-IN PVOID FileInformation,
-IN ULONG FileInformationLength,
-IN FILE_INFORMATION_CLASS FileInformationClass
-);
-
-typedef enum _SECTION_INHERIT {
-ViewShare = 1,
-ViewUnmap = 2
-} SECTION_INHERIT;
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwMapViewOfSection(
-IN HANDLE SectionHandle,
-IN HANDLE ProcessHandle,
-IN OUT PVOID *BaseAddress,
-IN ULONG ZeroBits,
-IN ULONG CommitSize,
-IN OUT PLARGE_INTEGER SectionOffset OPTIONAL,
-IN OUT PULONG ViewSize,
-IN SECTION_INHERIT InheritDisposition,
-IN ULONG AllocationType,
-IN ULONG Protect
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwUnmapViewOfSection(
-IN HANDLE ProcessHandle,
-IN PVOID BaseAddress
-);
-
-typedef enum _EVENT_TYPE {
-NotificationEvent, // A manual-reset event
-SynchronizationEvent // An auto-reset event
-} EVENT_TYPE;
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwCreateEvent(
-OUT PHANDLE EventHandle,
-IN ACCESS_MASK DesiredAccess,
-IN POBJECT_ATTRIBUTES ObjectAttributes,
-IN EVENT_TYPE EventType,
-IN BOOLEAN InitialState
-);
-
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwFindAtom(
-IN PWSTR String,
-IN ULONG StringLength,
-OUT PUSHORT Atom
-);
-
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwAddAtom(
-IN PWSTR String,
-IN ULONG StringLength,
-OUT PUSHORT Atom
-);
-
-
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwCreateMutant(
-OUT PHANDLE MutantHandle,
-IN ACCESS_MASK DesiredAccess,
-IN POBJECT_ATTRIBUTES ObjectAttributes,
-IN BOOLEAN InitialOwner
-);
-
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwOpenMutant(
-OUT PHANDLE MutantHandle,
-IN ACCESS_MASK DesiredAccess,
-IN POBJECT_ATTRIBUTES ObjectAttributes
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwMakePermanentObject(
- IN HANDLE Object
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwWaitForSingleObject(
-IN HANDLE Handle,
-IN BOOLEAN Alertable,
-IN PLARGE_INTEGER Timeout OPTIONAL
-);
-
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwSetValueKey(
-IN HANDLE KeyHandle,
-IN PUNICODE_STRING ValueName,
-IN ULONG TitleIndex,
-IN ULONG Type,
-IN PVOID Data,
-IN ULONG DataSize
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
- RtlCreateRegistryKey(
- IN ULONG RelativeTo,
- IN PWSTR Path
- );
-
-
-NTSYSAPI
-NTSTATUS
-NTAPI
- RtlWriteRegistryValue(
- IN ULONG RelativeTo,
- IN PCWSTR Path,
- IN PCWSTR ValueName,
- IN ULONG ValueType,
- IN PVOID ValueData,
- IN ULONG ValueLength
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
- ZwOpenKey(
- OUT PHANDLE KeyHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
- ZwSetEvent(
- __in HANDLE EventHandle,
- __out_opt PLONG PreviousState
- );
-
-
-NTSYSAPI
-NTSTATUS
-NTAPI
- ZwQueryValueKey(
- IN HANDLE KeyHandle,
- IN PUNICODE_STRING ValueName,
- IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass,
- OUT PVOID KeyValueInformation,
- IN ULONG Length,
- OUT PULONG ResultLength
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwCreateKey(
-OUT PHANDLE KeyHandle,
-IN ACCESS_MASK DesiredAccess,
-IN POBJECT_ATTRIBUTES ObjectAttributes,
-IN ULONG TitleIndex,
-IN PUNICODE_STRING Class OPTIONAL,
-IN ULONG CreateOptions,
-OUT PULONG Disposition OPTIONAL
-);
-
-NTSTATUS WINAPI LdrFindEntryForAddress(const void*, PLDR_MODULE*);
-
-NTSYSAPI
-PIMAGE_NT_HEADERS
-NTAPI
-RtlImageNtHeader(IN PVOID ModuleAddress);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-NtProtectVirtualMemory(
- IN HANDLE ProcessHandle,
- IN OUT PVOID *BaseAddress,
- IN OUT PULONG NumberOfBytesToProtect,
- IN ULONG NewAccessProtection,
- OUT PULONG OldAccessProtection );
-
-#pragma pack(pop)
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* __NTAPI_H */
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-11 01:47:17 +0000