|
1 /* |
|
2 * ntapi.h |
|
3 * |
|
4 * Windows NT Native API |
|
5 * |
|
6 * Most structures in this file is obtained from Windows NT/2000 Native API |
|
7 * Reference by Gary Nebbett, ISBN 1578701996. |
|
8 * |
|
9 * This file is part of the w32api package. |
|
10 * |
|
11 * Contributors: |
|
12 * Created by Casper S. Hornstrup <chorns@users.sourceforge.net> |
|
13 * |
|
14 * THIS SOFTWARE IS NOT COPYRIGHTED |
|
15 * |
|
16 * This source code is offered for use in the public domain. You may |
|
17 * use, modify or distribute it freely. |
|
18 * |
|
19 * This code is distributed in the hope that it will be useful but |
|
20 * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY |
|
21 * DISCLAIMED. This includes but is not limited to warranties of |
|
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
|
23 * |
|
24 */ |
|
25 |
|
26 #ifndef __NTAPI_H |
|
27 #define __NTAPI_H |
|
28 |
|
29 #if __GNUC__ >= 3 |
|
30 #pragma GCC system_header |
|
31 #endif |
|
32 |
|
33 #ifdef __cplusplus |
|
34 extern "C" { |
|
35 #endif |
|
36 |
|
37 #include <stdarg.h> |
|
38 #include <winbase.h> |
|
39 #include "ntddk.h" |
|
40 #include "ntpoapi.h" |
|
41 |
|
42 #pragma pack(push,4) |
|
43 |
|
44 typedef struct _PEB *PPEB; |
|
45 |
|
46 /* FIXME: Unknown definitions */ |
|
47 typedef PVOID POBJECT_TYPE_LIST; |
|
48 typedef PVOID PEXECUTION_STATE; |
|
49 typedef PVOID PLANGID; |
|
50 |
|
51 #ifndef NtCurrentProcess |
|
52 #define NtCurrentProcess() ((HANDLE)0xFFFFFFFF) |
|
53 #endif /* NtCurrentProcess */ |
|
54 #ifndef NtCurrentThread |
|
55 #define NtCurrentThread() ((HANDLE)0xFFFFFFFE) |
|
56 #endif /* NtCurrentThread */ |
|
57 |
|
58 /* System information and control */ |
|
59 |
|
60 typedef enum _SYSTEM_INFORMATION_CLASS { |
|
61 SystemInformationClassMin = 0, |
|
62 SystemBasicInformation = 0, |
|
63 SystemProcessorInformation = 1, |
|
64 SystemPerformanceInformation = 2, |
|
65 SystemTimeOfDayInformation = 3, |
|
66 SystemPathInformation = 4, |
|
67 SystemNotImplemented1 = 4, |
|
68 SystemProcessInformation = 5, |
|
69 SystemProcessesAndThreadsInformation = 5, |
|
70 SystemCallCountInfoInformation = 6, |
|
71 SystemCallCounts = 6, |
|
72 SystemDeviceInformation = 7, |
|
73 SystemConfigurationInformation = 7, |
|
74 SystemProcessorPerformanceInformation = 8, |
|
75 SystemProcessorTimes = 8, |
|
76 SystemFlagsInformation = 9, |
|
77 SystemGlobalFlag = 9, |
|
78 SystemCallTimeInformation = 10, |
|
79 SystemNotImplemented2 = 10, |
|
80 SystemModuleInformation = 11, |
|
81 SystemLocksInformation = 12, |
|
82 SystemLockInformation = 12, |
|
83 SystemStackTraceInformation = 13, |
|
84 SystemNotImplemented3 = 13, |
|
85 SystemPagedPoolInformation = 14, |
|
86 SystemNotImplemented4 = 14, |
|
87 SystemNonPagedPoolInformation = 15, |
|
88 SystemNotImplemented5 = 15, |
|
89 SystemHandleInformation = 16, |
|
90 SystemObjectInformation = 17, |
|
91 SystemPageFileInformation = 18, |
|
92 SystemPagefileInformation = 18, |
|
93 SystemVdmInstemulInformation = 19, |
|
94 SystemInstructionEmulationCounts = 19, |
|
95 SystemVdmBopInformation = 20, |
|
96 SystemInvalidInfoClass1 = 20, |
|
97 SystemFileCacheInformation = 21, |
|
98 SystemCacheInformation = 21, |
|
99 SystemPoolTagInformation = 22, |
|
100 SystemInterruptInformation = 23, |
|
101 SystemProcessorStatistics = 23, |
|
102 SystemDpcBehaviourInformation = 24, |
|
103 SystemDpcInformation = 24, |
|
104 SystemFullMemoryInformation = 25, |
|
105 SystemNotImplemented6 = 25, |
|
106 SystemLoadImage = 26, |
|
107 SystemUnloadImage = 27, |
|
108 SystemTimeAdjustmentInformation = 28, |
|
109 SystemTimeAdjustment = 28, |
|
110 SystemSummaryMemoryInformation = 29, |
|
111 SystemNotImplemented7 = 29, |
|
112 SystemNextEventIdInformation = 30, |
|
113 SystemNotImplemented8 = 30, |
|
114 SystemEventIdsInformation = 31, |
|
115 SystemNotImplemented9 = 31, |
|
116 SystemCrashDumpInformation = 32, |
|
117 SystemExceptionInformation = 33, |
|
118 SystemCrashDumpStateInformation = 34, |
|
119 SystemKernelDebuggerInformation = 35, |
|
120 SystemContextSwitchInformation = 36, |
|
121 SystemRegistryQuotaInformation = 37, |
|
122 SystemLoadAndCallImage = 38, |
|
123 SystemPrioritySeparation = 39, |
|
124 SystemPlugPlayBusInformation = 40, |
|
125 SystemNotImplemented10 = 40, |
|
126 SystemDockInformation = 41, |
|
127 SystemNotImplemented11 = 41, |
|
128 /* SystemPowerInformation = 42, Conflicts with POWER_INFORMATION_LEVEL 1 */ |
|
129 SystemInvalidInfoClass2 = 42, |
|
130 SystemProcessorSpeedInformation = 43, |
|
131 SystemInvalidInfoClass3 = 43, |
|
132 SystemCurrentTimeZoneInformation = 44, |
|
133 SystemTimeZoneInformation = 44, |
|
134 SystemLookasideInformation = 45, |
|
135 SystemSetTimeSlipEvent = 46, |
|
136 SystemCreateSession = 47, |
|
137 SystemDeleteSession = 48, |
|
138 SystemInvalidInfoClass4 = 49, |
|
139 SystemRangeStartInformation = 50, |
|
140 SystemVerifierInformation = 51, |
|
141 SystemAddVerifier = 52, |
|
142 SystemSessionProcessesInformation = 53, |
|
143 SystemInformationClassMax |
|
144 } SYSTEM_INFORMATION_CLASS; |
|
145 |
|
146 typedef struct _SYSTEM_BASIC_INFORMATION { |
|
147 ULONG Unknown; |
|
148 ULONG MaximumIncrement; |
|
149 ULONG PhysicalPageSize; |
|
150 ULONG NumberOfPhysicalPages; |
|
151 ULONG LowestPhysicalPage; |
|
152 ULONG HighestPhysicalPage; |
|
153 ULONG AllocationGranularity; |
|
154 ULONG LowestUserAddress; |
|
155 ULONG HighestUserAddress; |
|
156 ULONG ActiveProcessors; |
|
157 UCHAR NumberProcessors; |
|
158 } SYSTEM_BASIC_INFORMATION, *PSYSTEM_BASIC_INFORMATION; |
|
159 |
|
160 typedef struct _SYSTEM_PROCESSOR_INFORMATION { |
|
161 USHORT ProcessorArchitecture; |
|
162 USHORT ProcessorLevel; |
|
163 USHORT ProcessorRevision; |
|
164 USHORT Unknown; |
|
165 ULONG FeatureBits; |
|
166 } SYSTEM_PROCESSOR_INFORMATION, *PSYSTEM_PROCESSOR_INFORMATION; |
|
167 |
|
168 typedef struct _SYSTEM_PERFORMANCE_INFORMATION { |
|
169 LARGE_INTEGER IdleTime; |
|
170 LARGE_INTEGER ReadTransferCount; |
|
171 LARGE_INTEGER WriteTransferCount; |
|
172 LARGE_INTEGER OtherTransferCount; |
|
173 ULONG ReadOperationCount; |
|
174 ULONG WriteOperationCount; |
|
175 ULONG OtherOperationCount; |
|
176 ULONG AvailablePages; |
|
177 ULONG TotalCommittedPages; |
|
178 ULONG TotalCommitLimit; |
|
179 ULONG PeakCommitment; |
|
180 ULONG PageFaults; |
|
181 ULONG WriteCopyFaults; |
|
182 ULONG TransitionFaults; |
|
183 ULONG CacheTransitionFaults; |
|
184 ULONG DemandZeroFaults; |
|
185 ULONG PagesRead; |
|
186 ULONG PageReadIos; |
|
187 ULONG CacheReads; |
|
188 ULONG CacheIos; |
|
189 ULONG PagefilePagesWritten; |
|
190 ULONG PagefilePageWriteIos; |
|
191 ULONG MappedFilePagesWritten; |
|
192 ULONG MappedFilePageWriteIos; |
|
193 ULONG PagedPoolUsage; |
|
194 ULONG NonPagedPoolUsage; |
|
195 ULONG PagedPoolAllocs; |
|
196 ULONG PagedPoolFrees; |
|
197 ULONG NonPagedPoolAllocs; |
|
198 ULONG NonPagedPoolFrees; |
|
199 ULONG TotalFreeSystemPtes; |
|
200 ULONG SystemCodePage; |
|
201 ULONG TotalSystemDriverPages; |
|
202 ULONG TotalSystemCodePages; |
|
203 ULONG SmallNonPagedLookasideListAllocateHits; |
|
204 ULONG SmallPagedLookasideListAllocateHits; |
|
205 ULONG Reserved3; |
|
206 ULONG MmSystemCachePage; |
|
207 ULONG PagedPoolPage; |
|
208 ULONG SystemDriverPage; |
|
209 ULONG FastReadNoWait; |
|
210 ULONG FastReadWait; |
|
211 ULONG FastReadResourceMiss; |
|
212 ULONG FastReadNotPossible; |
|
213 ULONG FastMdlReadNoWait; |
|
214 ULONG FastMdlReadWait; |
|
215 ULONG FastMdlReadResourceMiss; |
|
216 ULONG FastMdlReadNotPossible; |
|
217 ULONG MapDataNoWait; |
|
218 ULONG MapDataWait; |
|
219 ULONG MapDataNoWaitMiss; |
|
220 ULONG MapDataWaitMiss; |
|
221 ULONG PinMappedDataCount; |
|
222 ULONG PinReadNoWait; |
|
223 ULONG PinReadWait; |
|
224 ULONG PinReadNoWaitMiss; |
|
225 ULONG PinReadWaitMiss; |
|
226 ULONG CopyReadNoWait; |
|
227 ULONG CopyReadWait; |
|
228 ULONG CopyReadNoWaitMiss; |
|
229 ULONG CopyReadWaitMiss; |
|
230 ULONG MdlReadNoWait; |
|
231 ULONG MdlReadWait; |
|
232 ULONG MdlReadNoWaitMiss; |
|
233 ULONG MdlReadWaitMiss; |
|
234 ULONG ReadAheadIos; |
|
235 ULONG LazyWriteIos; |
|
236 ULONG LazyWritePages; |
|
237 ULONG DataFlushes; |
|
238 ULONG DataPages; |
|
239 ULONG ContextSwitches; |
|
240 ULONG FirstLevelTbFills; |
|
241 ULONG SecondLevelTbFills; |
|
242 ULONG SystemCalls; |
|
243 } SYSTEM_PERFORMANCE_INFORMATION, *PSYSTEM_PERFORMANCE_INFORMATION; |
|
244 |
|
245 typedef struct _SYSTEM_TIME_OF_DAY_INFORMATION { |
|
246 LARGE_INTEGER BootTime; |
|
247 LARGE_INTEGER CurrentTime; |
|
248 LARGE_INTEGER TimeZoneBias; |
|
249 ULONG CurrentTimeZoneId; |
|
250 } SYSTEM_TIME_OF_DAY_INFORMATION, *PSYSTEM_TIME_OF_DAY_INFORMATION; |
|
251 |
|
252 typedef struct _VM_COUNTERS { |
|
253 ULONG PeakVirtualSize; |
|
254 ULONG VirtualSize; |
|
255 ULONG PageFaultCount; |
|
256 ULONG PeakWorkingSetSize; |
|
257 ULONG WorkingSetSize; |
|
258 ULONG QuotaPeakPagedPoolUsage; |
|
259 ULONG QuotaPagedPoolUsage; |
|
260 ULONG QuotaPeakNonPagedPoolUsage; |
|
261 ULONG QuotaNonPagedPoolUsage; |
|
262 ULONG PagefileUsage; |
|
263 ULONG PeakPagefileUsage; |
|
264 } VM_COUNTERS; |
|
265 |
|
266 typedef enum _THREAD_STATE { |
|
267 StateInitialized, |
|
268 StateReady, |
|
269 StateRunning, |
|
270 StateStandby, |
|
271 StateTerminated, |
|
272 StateWait, |
|
273 StateTransition, |
|
274 StateUnknown |
|
275 } THREAD_STATE; |
|
276 |
|
277 typedef struct _SYSTEM_THREADS { |
|
278 LARGE_INTEGER KernelTime; |
|
279 LARGE_INTEGER UserTime; |
|
280 LARGE_INTEGER CreateTime; |
|
281 ULONG WaitTime; |
|
282 PVOID StartAddress; |
|
283 CLIENT_ID ClientId; |
|
284 KPRIORITY Priority; |
|
285 KPRIORITY BasePriority; |
|
286 ULONG ContextSwitchCount; |
|
287 THREAD_STATE State; |
|
288 KWAIT_REASON WaitReason; |
|
289 } SYSTEM_THREADS, *PSYSTEM_THREADS; |
|
290 |
|
291 typedef struct _SYSTEM_PROCESSES { |
|
292 ULONG NextEntryDelta; |
|
293 ULONG ThreadCount; |
|
294 ULONG Reserved1[6]; |
|
295 LARGE_INTEGER CreateTime; |
|
296 LARGE_INTEGER UserTime; |
|
297 LARGE_INTEGER KernelTime; |
|
298 UNICODE_STRING ProcessName; |
|
299 KPRIORITY BasePriority; |
|
300 ULONG ProcessId; |
|
301 ULONG InheritedFromProcessId; |
|
302 ULONG HandleCount; |
|
303 ULONG Reserved2[2]; |
|
304 VM_COUNTERS VmCounters; |
|
305 IO_COUNTERS IoCounters; |
|
306 SYSTEM_THREADS Threads[1]; |
|
307 } SYSTEM_PROCESSES, *PSYSTEM_PROCESSES; |
|
308 |
|
309 typedef struct _SYSTEM_CALLS_INFORMATION { |
|
310 ULONG Size; |
|
311 ULONG NumberOfDescriptorTables; |
|
312 ULONG NumberOfRoutinesInTable[1]; |
|
313 ULONG CallCounts[ANYSIZE_ARRAY]; |
|
314 } SYSTEM_CALLS_INFORMATION, *PSYSTEM_CALLS_INFORMATION; |
|
315 |
|
316 typedef struct _SYSTEM_CONFIGURATION_INFORMATION { |
|
317 ULONG DiskCount; |
|
318 ULONG FloppyCount; |
|
319 ULONG CdRomCount; |
|
320 ULONG TapeCount; |
|
321 ULONG SerialCount; |
|
322 ULONG ParallelCount; |
|
323 } SYSTEM_CONFIGURATION_INFORMATION, *PSYSTEM_CONFIGURATION_INFORMATION; |
|
324 |
|
325 typedef struct _SYSTEM_PROCESSOR_TIMES { |
|
326 LARGE_INTEGER IdleTime; |
|
327 LARGE_INTEGER KernelTime; |
|
328 LARGE_INTEGER UserTime; |
|
329 LARGE_INTEGER DpcTime; |
|
330 LARGE_INTEGER InterruptTime; |
|
331 ULONG InterruptCount; |
|
332 } SYSTEM_PROCESSOR_TIMES, *PSYSTEM_PROCESSOR_TIMES; |
|
333 |
|
334 /* SYSTEM_GLOBAL_FLAG.GlobalFlag constants */ |
|
335 #define FLG_STOP_ON_EXCEPTION 0x00000001 |
|
336 #define FLG_SHOW_LDR_SNAPS 0x00000002 |
|
337 #define FLG_DEBUG_INITIAL_COMMAND 0x00000004 |
|
338 #define FLG_STOP_ON_HUNG_GUI 0x00000008 |
|
339 #define FLG_HEAP_ENABLE_TAIL_CHECK 0x00000010 |
|
340 #define FLG_HEAP_ENABLE_FREE_CHECK 0x00000020 |
|
341 #define FLG_HEAP_VALIDATE_PARAMETERS 0x00000040 |
|
342 #define FLG_HEAP_VALIDATE_ALL 0x00000080 |
|
343 #define FLG_POOL_ENABLE_TAIL_CHECK 0x00000100 |
|
344 #define FLG_POOL_ENABLE_FREE_CHECK 0x00000200 |
|
345 #define FLG_POOL_ENABLE_TAGGING 0x00000400 |
|
346 #define FLG_HEAP_ENABLE_TAGGING 0x00000800 |
|
347 #define FLG_USER_STACK_TRACE_DB 0x00001000 |
|
348 #define FLG_KERNEL_STACK_TRACE_DB 0x00002000 |
|
349 #define FLG_MAINTAIN_OBJECT_TYPELIST 0x00004000 |
|
350 #define FLG_HEAP_ENABLE_TAG_BY_DLL 0x00008000 |
|
351 #define FLG_IGNORE_DEBUG_PRIV 0x00010000 |
|
352 #define FLG_ENABLE_CSRDEBUG 0x00020000 |
|
353 #define FLG_ENABLE_KDEBUG_SYMBOL_LOAD 0x00040000 |
|
354 #define FLG_DISABLE_PAGE_KERNEL_STACKS 0x00080000 |
|
355 #define FLG_HEAP_ENABLE_CALL_TRACING 0x00100000 |
|
356 #define FLG_HEAP_DISABLE_COALESCING 0x00200000 |
|
357 #define FLG_ENABLE_CLOSE_EXCEPTIONS 0x00400000 |
|
358 #define FLG_ENABLE_EXCEPTION_LOGGING 0x00800000 |
|
359 #define FLG_ENABLE_DBGPRINT_BUFFERING 0x08000000 |
|
360 |
|
361 typedef struct _SYSTEM_GLOBAL_FLAG { |
|
362 ULONG GlobalFlag; |
|
363 } SYSTEM_GLOBAL_FLAG, *PSYSTEM_GLOBAL_FLAG; |
|
364 |
|
365 typedef struct _SYSTEM_MODULE_INFORMATION_ENTRY { |
|
366 ULONG Unknown1; |
|
367 ULONG Unknown2; |
|
368 PVOID Base; |
|
369 ULONG Size; |
|
370 ULONG Flags; |
|
371 USHORT Index; |
|
372 /* Length of module name not including the path, this |
|
373 field contains valid value only for NTOSKRNL module */ |
|
374 USHORT NameLength; |
|
375 USHORT LoadCount; |
|
376 USHORT PathLength; |
|
377 CHAR ImageName[256]; |
|
378 } SYSTEM_MODULE_INFORMATION_ENTRY, *PSYSTEM_MODULE_INFORMATION_ENTRY; |
|
379 |
|
380 typedef struct _SYSTEM_MODULE_INFORMATION { |
|
381 ULONG Count; |
|
382 SYSTEM_MODULE_INFORMATION_ENTRY Module[1]; |
|
383 } SYSTEM_MODULE_INFORMATION, *PSYSTEM_MODULE_INFORMATION; |
|
384 |
|
385 typedef struct _SYSTEM_LOCK_INFORMATION { |
|
386 PVOID Address; |
|
387 USHORT Type; |
|
388 USHORT Reserved1; |
|
389 ULONG ExclusiveOwnerThreadId; |
|
390 ULONG ActiveCount; |
|
391 ULONG ContentionCount; |
|
392 ULONG Reserved2[2]; |
|
393 ULONG NumberOfSharedWaiters; |
|
394 ULONG NumberOfExclusiveWaiters; |
|
395 } SYSTEM_LOCK_INFORMATION, *PSYSTEM_LOCK_INFORMATION; |
|
396 |
|
397 /*SYSTEM_HANDLE_INFORMATION.Flags cosntants */ |
|
398 #define PROTECT_FROM_CLOSE 0x01 |
|
399 #define INHERIT 0x02 |
|
400 |
|
401 typedef struct _SYSTEM_HANDLE_INFORMATION { |
|
402 ULONG ProcessId; |
|
403 UCHAR ObjectTypeNumber; |
|
404 UCHAR Flags; |
|
405 USHORT Handle; |
|
406 PVOID Object; |
|
407 ACCESS_MASK GrantedAccess; |
|
408 } SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION; |
|
409 |
|
410 typedef struct _SYSTEM_OBJECT_TYPE_INFORMATION { |
|
411 ULONG NextEntryOffset; |
|
412 ULONG ObjectCount; |
|
413 ULONG HandleCount; |
|
414 ULONG TypeNumber; |
|
415 ULONG InvalidAttributes; |
|
416 GENERIC_MAPPING GenericMapping; |
|
417 ACCESS_MASK ValidAccessMask; |
|
418 POOL_TYPE PoolType; |
|
419 UCHAR Unknown; |
|
420 UNICODE_STRING Name; |
|
421 } SYSTEM_OBJECT_TYPE_INFORMATION, *PSYSTEM_OBJECT_TYPE_INFORMATION; |
|
422 |
|
423 /* SYSTEM_OBJECT_INFORMATION.Flags constants */ |
|
424 #define FLG_SYSOBJINFO_SINGLE_HANDLE_ENTRY 0x40 |
|
425 #define FLG_SYSOBJINFO_DEFAULT_SECURITY_QUOTA 0x20 |
|
426 #define FLG_SYSOBJINFO_PERMANENT 0x10 |
|
427 #define FLG_SYSOBJINFO_EXCLUSIVE 0x08 |
|
428 #define FLG_SYSOBJINFO_CREATOR_INFO 0x04 |
|
429 #define FLG_SYSOBJINFO_KERNEL_MODE 0x02 |
|
430 |
|
431 typedef struct _SYSTEM_OBJECT_INFORMATION { |
|
432 ULONG NextEntryOffset; |
|
433 PVOID Object; |
|
434 ULONG CreatorProcessId; |
|
435 USHORT Unknown; |
|
436 USHORT Flags; |
|
437 ULONG PointerCount; |
|
438 ULONG HandleCount; |
|
439 ULONG PagedPoolUsage; |
|
440 ULONG NonPagedPoolUsage; |
|
441 ULONG ExclusiveProcessId; |
|
442 PSECURITY_DESCRIPTOR SecurityDescriptor; |
|
443 UNICODE_STRING Name; |
|
444 } SYSTEM_OBJECT_INFORMATION, *PSYSTEM_OBJECT_INFORMATION; |
|
445 |
|
446 typedef struct _SYSTEM_PAGEFILE_INFORMATION { |
|
447 ULONG NextEntryOffset; |
|
448 ULONG CurrentSize; |
|
449 ULONG TotalUsed; |
|
450 ULONG PeakUsed; |
|
451 UNICODE_STRING FileName; |
|
452 } SYSTEM_PAGEFILE_INFORMATION, *PSYSTEM_PAGEFILE_INFORMATION; |
|
453 |
|
454 typedef struct _SYSTEM_INSTRUCTION_EMULATION_INFORMATION { |
|
455 ULONG SegmentNotPresent; |
|
456 ULONG TwoByteOpcode; |
|
457 ULONG ESprefix; |
|
458 ULONG CSprefix; |
|
459 ULONG SSprefix; |
|
460 ULONG DSprefix; |
|
461 ULONG FSPrefix; |
|
462 ULONG GSprefix; |
|
463 ULONG OPER32prefix; |
|
464 ULONG ADDR32prefix; |
|
465 ULONG INSB; |
|
466 ULONG INSW; |
|
467 ULONG OUTSB; |
|
468 ULONG OUTSW; |
|
469 ULONG PUSHFD; |
|
470 ULONG POPFD; |
|
471 ULONG INTnn; |
|
472 ULONG INTO; |
|
473 ULONG IRETD; |
|
474 ULONG INBimm; |
|
475 ULONG INWimm; |
|
476 ULONG OUTBimm; |
|
477 ULONG OUTWimm; |
|
478 ULONG INB; |
|
479 ULONG INW; |
|
480 ULONG OUTB; |
|
481 ULONG OUTW; |
|
482 ULONG LOCKprefix; |
|
483 ULONG REPNEprefix; |
|
484 ULONG REPprefix; |
|
485 ULONG HLT; |
|
486 ULONG CLI; |
|
487 ULONG STI; |
|
488 ULONG GenericInvalidOpcode; |
|
489 } SYSTEM_INSTRUCTION_EMULATION_INFORMATION, *PSYSTEM_INSTRUCTION_EMULATION_INFORMATION; |
|
490 |
|
491 typedef struct _SYSTEM_POOL_TAG_INFORMATION { |
|
492 CHAR Tag[4]; |
|
493 ULONG PagedPoolAllocs; |
|
494 ULONG PagedPoolFrees; |
|
495 ULONG PagedPoolUsage; |
|
496 ULONG NonPagedPoolAllocs; |
|
497 ULONG NonPagedPoolFrees; |
|
498 ULONG NonPagedPoolUsage; |
|
499 } SYSTEM_POOL_TAG_INFORMATION, *PSYSTEM_POOL_TAG_INFORMATION; |
|
500 |
|
501 typedef struct _SYSTEM_PROCESSOR_STATISTICS { |
|
502 ULONG ContextSwitches; |
|
503 ULONG DpcCount; |
|
504 ULONG DpcRequestRate; |
|
505 ULONG TimeIncrement; |
|
506 ULONG DpcBypassCount; |
|
507 ULONG ApcBypassCount; |
|
508 } SYSTEM_PROCESSOR_STATISTICS, *PSYSTEM_PROCESSOR_STATISTICS; |
|
509 |
|
510 typedef struct _SYSTEM_DPC_INFORMATION { |
|
511 ULONG Reserved; |
|
512 ULONG MaximumDpcQueueDepth; |
|
513 ULONG MinimumDpcRate; |
|
514 ULONG AdjustDpcThreshold; |
|
515 ULONG IdealDpcRate; |
|
516 } SYSTEM_DPC_INFORMATION, *PSYSTEM_DPC_INFORMATION; |
|
517 |
|
518 typedef struct _SYSTEM_LOAD_IMAGE { |
|
519 UNICODE_STRING ModuleName; |
|
520 PVOID ModuleBase; |
|
521 PVOID SectionPointer; |
|
522 PVOID EntryPoint; |
|
523 PVOID ExportDirectory; |
|
524 } SYSTEM_LOAD_IMAGE, *PSYSTEM_LOAD_IMAGE; |
|
525 |
|
526 typedef struct _SYSTEM_UNLOAD_IMAGE { |
|
527 PVOID ModuleBase; |
|
528 } SYSTEM_UNLOAD_IMAGE, *PSYSTEM_UNLOAD_IMAGE; |
|
529 |
|
530 typedef struct _SYSTEM_QUERY_TIME_ADJUSTMENT { |
|
531 ULONG TimeAdjustment; |
|
532 ULONG MaximumIncrement; |
|
533 BOOLEAN TimeSynchronization; |
|
534 } SYSTEM_QUERY_TIME_ADJUSTMENT, *PSYSTEM_QUERY_TIME_ADJUSTMENT; |
|
535 |
|
536 typedef struct _SYSTEM_SET_TIME_ADJUSTMENT { |
|
537 ULONG TimeAdjustment; |
|
538 BOOLEAN TimeSynchronization; |
|
539 } SYSTEM_SET_TIME_ADJUSTMENT, *PSYSTEM_SET_TIME_ADJUSTMENT; |
|
540 |
|
541 typedef struct _SYSTEM_CRASH_DUMP_INFORMATION { |
|
542 HANDLE CrashDumpSectionHandle; |
|
543 HANDLE Unknown; |
|
544 } SYSTEM_CRASH_DUMP_INFORMATION, *PSYSTEM_CRASH_DUMP_INFORMATION; |
|
545 |
|
546 typedef struct _SYSTEM_EXCEPTION_INFORMATION { |
|
547 ULONG AlignmentFixupCount; |
|
548 ULONG ExceptionDispatchCount; |
|
549 ULONG FloatingEmulationCount; |
|
550 ULONG Reserved; |
|
551 } SYSTEM_EXCEPTION_INFORMATION, *PSYSTEM_EXCEPTION_INFORMATION; |
|
552 |
|
553 typedef struct _SYSTEM_CRASH_DUMP_STATE_INFORMATION { |
|
554 ULONG CrashDumpSectionExists; |
|
555 ULONG Unknown; |
|
556 } SYSTEM_CRASH_DUMP_STATE_INFORMATION, *PSYSTEM_CRASH_DUMP_STATE_INFORMATION; |
|
557 |
|
558 typedef struct _SYSTEM_KERNEL_DEBUGGER_INFORMATION { |
|
559 BOOLEAN DebuggerEnabled; |
|
560 BOOLEAN DebuggerNotPresent; |
|
561 } SYSTEM_KERNEL_DEBUGGER_INFORMATION, *PSYSTEM_KERNEL_DEBUGGER_INFORMATION; |
|
562 |
|
563 typedef struct _SYSTEM_CONTEXT_SWITCH_INFORMATION { |
|
564 ULONG ContextSwitches; |
|
565 ULONG ContextSwitchCounters[11]; |
|
566 } SYSTEM_CONTEXT_SWITCH_INFORMATION, *PSYSTEM_CONTEXT_SWITCH_INFORMATION; |
|
567 |
|
568 typedef struct _SYSTEM_REGISTRY_QUOTA_INFORMATION { |
|
569 ULONG RegistryQuota; |
|
570 ULONG RegistryQuotaInUse; |
|
571 ULONG PagedPoolSize; |
|
572 } SYSTEM_REGISTRY_QUOTA_INFORMATION, *PSYSTEM_REGISTRY_QUOTA_INFORMATION; |
|
573 |
|
574 typedef struct _SYSTEM_LOAD_AND_CALL_IMAGE { |
|
575 UNICODE_STRING ModuleName; |
|
576 } SYSTEM_LOAD_AND_CALL_IMAGE, *PSYSTEM_LOAD_AND_CALL_IMAGE; |
|
577 |
|
578 typedef struct _SYSTEM_PRIORITY_SEPARATION { |
|
579 ULONG PrioritySeparation; |
|
580 } SYSTEM_PRIORITY_SEPARATION, *PSYSTEM_PRIORITY_SEPARATION; |
|
581 |
|
582 typedef struct _SYSTEM_TIME_ZONE_INFORMATION { |
|
583 LONG Bias; |
|
584 WCHAR StandardName[32]; |
|
585 LARGE_INTEGER StandardDate; |
|
586 LONG StandardBias; |
|
587 WCHAR DaylightName[32]; |
|
588 LARGE_INTEGER DaylightDate; |
|
589 LONG DaylightBias; |
|
590 } SYSTEM_TIME_ZONE_INFORMATION, *PSYSTEM_TIME_ZONE_INFORMATION; |
|
591 |
|
592 typedef struct _SYSTEM_LOOKASIDE_INFORMATION { |
|
593 USHORT Depth; |
|
594 USHORT MaximumDepth; |
|
595 ULONG TotalAllocates; |
|
596 ULONG AllocateMisses; |
|
597 ULONG TotalFrees; |
|
598 ULONG FreeMisses; |
|
599 POOL_TYPE Type; |
|
600 ULONG Tag; |
|
601 ULONG Size; |
|
602 } SYSTEM_LOOKASIDE_INFORMATION, *PSYSTEM_LOOKASIDE_INFORMATION; |
|
603 |
|
604 typedef struct _SYSTEM_SET_TIME_SLIP_EVENT { |
|
605 HANDLE TimeSlipEvent; |
|
606 } SYSTEM_SET_TIME_SLIP_EVENT, *PSYSTEM_SET_TIME_SLIP_EVENT; |
|
607 |
|
608 typedef struct _SYSTEM_CREATE_SESSION { |
|
609 ULONG SessionId; |
|
610 } SYSTEM_CREATE_SESSION, *PSYSTEM_CREATE_SESSION; |
|
611 |
|
612 typedef struct _SYSTEM_DELETE_SESSION { |
|
613 ULONG SessionId; |
|
614 } SYSTEM_DELETE_SESSION, *PSYSTEM_DELETE_SESSION; |
|
615 |
|
616 typedef struct _SYSTEM_RANGE_START_INFORMATION { |
|
617 PVOID SystemRangeStart; |
|
618 } SYSTEM_RANGE_START_INFORMATION, *PSYSTEM_RANGE_START_INFORMATION; |
|
619 |
|
620 typedef struct _SYSTEM_SESSION_PROCESSES_INFORMATION { |
|
621 ULONG SessionId; |
|
622 ULONG BufferSize; |
|
623 PVOID Buffer; |
|
624 } SYSTEM_SESSION_PROCESSES_INFORMATION, *PSYSTEM_SESSION_PROCESSES_INFORMATION; |
|
625 |
|
626 typedef struct _SYSTEM_POOL_BLOCK { |
|
627 BOOLEAN Allocated; |
|
628 USHORT Unknown; |
|
629 ULONG Size; |
|
630 CHAR Tag[4]; |
|
631 } SYSTEM_POOL_BLOCK, *PSYSTEM_POOL_BLOCK; |
|
632 |
|
633 typedef struct _SYSTEM_POOL_BLOCKS_INFORMATION { |
|
634 ULONG PoolSize; |
|
635 PVOID PoolBase; |
|
636 USHORT Unknown; |
|
637 ULONG NumberOfBlocks; |
|
638 SYSTEM_POOL_BLOCK PoolBlocks[1]; |
|
639 } SYSTEM_POOL_BLOCKS_INFORMATION, *PSYSTEM_POOL_BLOCKS_INFORMATION; |
|
640 |
|
641 typedef struct _SYSTEM_MEMORY_USAGE { |
|
642 PVOID Name; |
|
643 USHORT Valid; |
|
644 USHORT Standby; |
|
645 USHORT Modified; |
|
646 USHORT PageTables; |
|
647 } SYSTEM_MEMORY_USAGE, *PSYSTEM_MEMORY_USAGE; |
|
648 |
|
649 typedef struct _SYSTEM_MEMORY_USAGE_INFORMATION { |
|
650 ULONG Reserved; |
|
651 PVOID EndOfData; |
|
652 SYSTEM_MEMORY_USAGE MemoryUsage[1]; |
|
653 } SYSTEM_MEMORY_USAGE_INFORMATION, *PSYSTEM_MEMORY_USAGE_INFORMATION; |
|
654 |
|
655 NTOSAPI |
|
656 NTSTATUS |
|
657 NTAPI |
|
658 NtQuerySystemInformation( |
|
659 /*IN*/ SYSTEM_INFORMATION_CLASS SystemInformationClass, |
|
660 /*IN OUT*/ PVOID SystemInformation, |
|
661 /*IN*/ ULONG SystemInformationLength, |
|
662 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); |
|
663 |
|
664 NTOSAPI |
|
665 NTSTATUS |
|
666 NTAPI |
|
667 ZwQuerySystemInformation( |
|
668 /*IN*/ SYSTEM_INFORMATION_CLASS SystemInformationClass, |
|
669 /*IN OUT*/ PVOID SystemInformation, |
|
670 /*IN*/ ULONG SystemInformationLength, |
|
671 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); |
|
672 |
|
673 NTOSAPI |
|
674 NTAPI |
|
675 NTSTATUS |
|
676 NtQueryFullAttributesFile( |
|
677 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, |
|
678 /*OUT*/ PFILE_NETWORK_OPEN_INFORMATION FileInformation); |
|
679 |
|
680 NTOSAPI |
|
681 NTAPI |
|
682 NTSTATUS |
|
683 ZwQueryFullAttributesFile( |
|
684 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, |
|
685 /*OUT*/ PFILE_NETWORK_OPEN_INFORMATION FileInformation); |
|
686 |
|
687 NTOSAPI |
|
688 NTSTATUS |
|
689 NTAPI |
|
690 ZwSetSystemInformation( |
|
691 /*IN*/ SYSTEM_INFORMATION_CLASS SystemInformationClass, |
|
692 /*IN OUT*/ PVOID SystemInformation, |
|
693 /*IN*/ ULONG SystemInformationLength); |
|
694 |
|
695 NTOSAPI |
|
696 NTSTATUS |
|
697 NTAPI |
|
698 ZwQuerySystemEnvironmentValue( |
|
699 /*IN*/ PUNICODE_STRING Name, |
|
700 /*OUT*/ PVOID Value, |
|
701 /*IN*/ ULONG ValueLength, |
|
702 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); |
|
703 |
|
704 NTOSAPI |
|
705 NTSTATUS |
|
706 NTAPI |
|
707 ZwSetSystemEnvironmentValue( |
|
708 /*IN*/ PUNICODE_STRING Name, |
|
709 /*IN*/ PUNICODE_STRING Value); |
|
710 |
|
711 typedef enum _SHUTDOWN_ACTION { |
|
712 ShutdownNoReboot, |
|
713 ShutdownReboot, |
|
714 ShutdownPowerOff |
|
715 } SHUTDOWN_ACTION; |
|
716 |
|
717 NTOSAPI |
|
718 NTSTATUS |
|
719 NTAPI |
|
720 NtShutdownSystem( |
|
721 /*IN*/ SHUTDOWN_ACTION Action); |
|
722 |
|
723 typedef enum _DEBUG_CONTROL_CODE { |
|
724 DebugGetTraceInformation = 1, |
|
725 DebugSetInternalBreakpoint, |
|
726 DebugSetSpecialCall, |
|
727 DebugClearSpecialCalls, |
|
728 DebugQuerySpecialCalls, |
|
729 DebugDbgBreakPoint, |
|
730 DebugMaximum |
|
731 } DEBUG_CONTROL_CODE; |
|
732 |
|
733 |
|
734 NTOSAPI |
|
735 NTSTATUS |
|
736 NTAPI |
|
737 ZwSystemDebugControl( |
|
738 /*IN*/ DEBUG_CONTROL_CODE ControlCode, |
|
739 /*IN*/ PVOID InputBuffer /*OPTIONAL*/, |
|
740 /*IN*/ ULONG InputBufferLength, |
|
741 /*OUT*/ PVOID OutputBuffer /*OPTIONAL*/, |
|
742 /*IN*/ ULONG OutputBufferLength, |
|
743 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); |
|
744 |
|
745 |
|
746 |
|
747 /* Objects, Object directories, and symbolic links */ |
|
748 |
|
749 typedef enum _OBJECT_INFORMATION_CLASS { |
|
750 ObjectBasicInformation, |
|
751 ObjectNameInformation, |
|
752 ObjectTypeInformation, |
|
753 ObjectAllTypesInformation, |
|
754 ObjectHandleInformation |
|
755 } OBJECT_INFORMATION_CLASS; |
|
756 |
|
757 NTOSAPI |
|
758 NTSTATUS |
|
759 NTAPI |
|
760 ZwQueryObject( |
|
761 /*IN*/ HANDLE ObjectHandle, |
|
762 /*IN*/ OBJECT_INFORMATION_CLASS ObjectInformationClass, |
|
763 /*OUT*/ PVOID ObjectInformation, |
|
764 /*IN*/ ULONG ObjectInformationLength, |
|
765 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); |
|
766 |
|
767 NTOSAPI |
|
768 NTSTATUS |
|
769 NTAPI |
|
770 ZwSetInformationObject( |
|
771 /*IN*/ HANDLE ObjectHandle, |
|
772 /*IN*/ OBJECT_INFORMATION_CLASS ObjectInformationClass, |
|
773 /*IN*/ PVOID ObjectInformation, |
|
774 /*IN*/ ULONG ObjectInformationLength); |
|
775 |
|
776 /* OBJECT_BASIC_INFORMATION.Attributes constants */ |
|
777 /* also in winbase.h */ |
|
778 #define HANDLE_FLAG_INHERIT 0x01 |
|
779 #define HANDLE_FLAG_PROTECT_FROM_CLOSE 0x02 |
|
780 /* end winbase.h */ |
|
781 #define PERMANENT 0x10 |
|
782 #define EXCLUSIVE 0x20 |
|
783 |
|
784 typedef struct _OBJECT_BASIC_INFORMATION { |
|
785 ULONG Attributes; |
|
786 ACCESS_MASK GrantedAccess; |
|
787 ULONG HandleCount; |
|
788 ULONG PointerCount; |
|
789 ULONG PagedPoolUsage; |
|
790 ULONG NonPagedPoolUsage; |
|
791 ULONG Reserved[3]; |
|
792 ULONG NameInformationLength; |
|
793 ULONG TypeInformationLength; |
|
794 ULONG SecurityDescriptorLength; |
|
795 LARGE_INTEGER CreateTime; |
|
796 } OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION; |
|
797 #if 0 |
|
798 /* FIXME: Enable later */ |
|
799 typedef struct _OBJECT_TYPE_INFORMATION { |
|
800 UNICODE_STRING Name; |
|
801 ULONG ObjectCount; |
|
802 ULONG HandleCount; |
|
803 ULONG Reserved1[4]; |
|
804 ULONG PeakObjectCount; |
|
805 ULONG PeakHandleCount; |
|
806 ULONG Reserved2[4]; |
|
807 ULONG InvalidAttributes; |
|
808 GENERIC_MAPPING GenericMapping; |
|
809 ULONG ValidAccess; |
|
810 UCHAR Unknown; |
|
811 BOOLEAN MaintainHandleDatabase; |
|
812 POOL_TYPE PoolType; |
|
813 ULONG PagedPoolUsage; |
|
814 ULONG NonPagedPoolUsage; |
|
815 } OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION; |
|
816 |
|
817 typedef struct _OBJECT_ALL_TYPES_INFORMATION { |
|
818 ULONG NumberOfTypes; |
|
819 OBJECT_TYPE_INFORMATION TypeInformation; |
|
820 } OBJECT_ALL_TYPES_INFORMATION, *POBJECT_ALL_TYPES_INFORMATION; |
|
821 #endif |
|
822 typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFORMATION { |
|
823 BOOLEAN Inherit; |
|
824 BOOLEAN ProtectFromClose; |
|
825 } OBJECT_HANDLE_ATTRIBUTE_INFORMATION, *POBJECT_HANDLE_ATTRIBUTE_INFORMATION; |
|
826 |
|
827 NTOSAPI |
|
828 NTSTATUS |
|
829 NTAPI |
|
830 NtDuplicateObject( |
|
831 /*IN*/ HANDLE SourceProcessHandle, |
|
832 /*IN*/ HANDLE SourceHandle, |
|
833 /*IN*/ HANDLE TargetProcessHandle, |
|
834 /*OUT*/ PHANDLE TargetHandle /*OPTIONAL*/, |
|
835 /*IN*/ ACCESS_MASK DesiredAccess, |
|
836 /*IN*/ ULONG Attributes, |
|
837 /*IN*/ ULONG Options); |
|
838 |
|
839 NTOSAPI |
|
840 NTSTATUS |
|
841 NTAPI |
|
842 ZwDuplicateObject( |
|
843 /*IN*/ HANDLE SourceProcessHandle, |
|
844 /*IN*/ HANDLE SourceHandle, |
|
845 /*IN*/ HANDLE TargetProcessHandle, |
|
846 /*OUT*/ PHANDLE TargetHandle /*OPTIONAL*/, |
|
847 /*IN*/ ACCESS_MASK DesiredAccess, |
|
848 /*IN*/ ULONG Attributes, |
|
849 /*IN*/ ULONG Options); |
|
850 |
|
851 NTOSAPI |
|
852 NTSTATUS |
|
853 NTAPI |
|
854 NtQuerySecurityObject( |
|
855 /*IN*/ HANDLE Handle, |
|
856 /*IN*/ SECURITY_INFORMATION SecurityInformation, |
|
857 /*OUT*/ PSECURITY_DESCRIPTOR SecurityDescriptor, |
|
858 /*IN*/ ULONG SecurityDescriptorLength, |
|
859 /*OUT*/ PULONG ReturnLength); |
|
860 |
|
861 NTOSAPI |
|
862 NTSTATUS |
|
863 NTAPI |
|
864 ZwQuerySecurityObject( |
|
865 /*IN*/ HANDLE Handle, |
|
866 /*IN*/ SECURITY_INFORMATION SecurityInformation, |
|
867 /*OUT*/ PSECURITY_DESCRIPTOR SecurityDescriptor, |
|
868 /*IN*/ ULONG SecurityDescriptorLength, |
|
869 /*OUT*/ PULONG ReturnLength); |
|
870 |
|
871 NTOSAPI |
|
872 NTSTATUS |
|
873 NTAPI |
|
874 NtSetSecurityObject( |
|
875 /*IN*/ HANDLE Handle, |
|
876 /*IN*/ SECURITY_INFORMATION SecurityInformation, |
|
877 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor); |
|
878 |
|
879 NTOSAPI |
|
880 NTSTATUS |
|
881 NTAPI |
|
882 ZwSetSecurityObject( |
|
883 /*IN*/ HANDLE Handle, |
|
884 /*IN*/ SECURITY_INFORMATION SecurityInformation, |
|
885 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor); |
|
886 |
|
887 NTOSAPI |
|
888 NTSTATUS |
|
889 NTAPI |
|
890 ZwOpenDirectoryObject( |
|
891 /*OUT*/ PHANDLE DirectoryHandle, |
|
892 /*IN*/ ACCESS_MASK DesiredAccess, |
|
893 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes); |
|
894 |
|
895 NTOSAPI |
|
896 NTSTATUS |
|
897 NTAPI |
|
898 ZwQueryDirectoryObject( |
|
899 /*IN*/ HANDLE DirectoryHandle, |
|
900 /*OUT*/ PVOID Buffer, |
|
901 /*IN*/ ULONG BufferLength, |
|
902 /*IN*/ BOOLEAN ReturnSingleEntry, |
|
903 /*IN*/ BOOLEAN RestartScan, |
|
904 /*IN OUT*/ PULONG Context, |
|
905 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); |
|
906 |
|
907 typedef struct _DIRECTORY_BASIC_INFORMATION { |
|
908 UNICODE_STRING ObjectName; |
|
909 UNICODE_STRING ObjectTypeName; |
|
910 } DIRECTORY_BASIC_INFORMATION, *PDIRECTORY_BASIC_INFORMATION; |
|
911 |
|
912 NTOSAPI |
|
913 NTSTATUS |
|
914 NTAPI |
|
915 ZwCreateSymbolicLinkObject( |
|
916 /*OUT*/ PHANDLE SymbolicLinkHandle, |
|
917 /*IN*/ ACCESS_MASK DesiredAccess, |
|
918 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, |
|
919 /*IN*/ PUNICODE_STRING TargetName); |
|
920 |
|
921 |
|
922 |
|
923 |
|
924 /* Virtual memory */ |
|
925 |
|
926 typedef enum _MEMORY_INFORMATION_CLASS { |
|
927 MemoryBasicInformation, |
|
928 MemoryWorkingSetList, |
|
929 MemorySectionName, |
|
930 MemoryBasicVlmInformation |
|
931 } MEMORY_INFORMATION_CLASS; |
|
932 |
|
933 NTOSAPI |
|
934 NTSTATUS |
|
935 NTAPI |
|
936 NtAllocateVirtualMemory( |
|
937 /*IN*/ HANDLE ProcessHandle, |
|
938 /*IN OUT*/ PVOID *BaseAddress, |
|
939 /*IN*/ ULONG ZeroBits, |
|
940 /*IN OUT*/ PULONG AllocationSize, |
|
941 /*IN*/ ULONG AllocationType, |
|
942 /*IN*/ ULONG Protect); |
|
943 |
|
944 NTOSAPI |
|
945 NTSTATUS |
|
946 NTAPI |
|
947 ZwAllocateVirtualMemory( |
|
948 /*IN*/ HANDLE ProcessHandle, |
|
949 /*IN OUT*/ PVOID *BaseAddress, |
|
950 /*IN*/ ULONG ZeroBits, |
|
951 /*IN OUT*/ PULONG AllocationSize, |
|
952 /*IN*/ ULONG AllocationType, |
|
953 /*IN*/ ULONG Protect); |
|
954 |
|
955 NTOSAPI |
|
956 NTSTATUS |
|
957 NTAPI |
|
958 NtFreeVirtualMemory( |
|
959 /*IN*/ HANDLE ProcessHandle, |
|
960 /*IN OUT*/ PVOID *BaseAddress, |
|
961 /*IN OUT*/ PULONG FreeSize, |
|
962 /*IN*/ ULONG FreeType); |
|
963 |
|
964 NTOSAPI |
|
965 NTSTATUS |
|
966 NTAPI |
|
967 ZwFreeVirtualMemory( |
|
968 /*IN*/ HANDLE ProcessHandle, |
|
969 /*IN OUT*/ PVOID *BaseAddress, |
|
970 /*IN OUT*/ PULONG FreeSize, |
|
971 /*IN*/ ULONG FreeType); |
|
972 |
|
973 NTOSAPI |
|
974 NTSTATUS |
|
975 NTAPI |
|
976 ZwQueryVirtualMemory( |
|
977 /*IN*/ HANDLE ProcessHandle, |
|
978 /*IN*/ PVOID BaseAddress, |
|
979 /*IN*/ MEMORY_INFORMATION_CLASS MemoryInformationClass, |
|
980 /*OUT*/ PVOID MemoryInformation, |
|
981 /*IN*/ ULONG MemoryInformationLength, |
|
982 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); |
|
983 |
|
984 /* MEMORY_WORKING_SET_LIST.WorkingSetList constants */ |
|
985 #define WSLE_PAGE_READONLY 0x001 |
|
986 #define WSLE_PAGE_EXECUTE 0x002 |
|
987 #define WSLE_PAGE_READWRITE 0x004 |
|
988 #define WSLE_PAGE_EXECUTE_READ 0x003 |
|
989 #define WSLE_PAGE_WRITECOPY 0x005 |
|
990 #define WSLE_PAGE_EXECUTE_READWRITE 0x006 |
|
991 #define WSLE_PAGE_EXECUTE_WRITECOPY 0x007 |
|
992 #define WSLE_PAGE_SHARE_COUNT_MASK 0x0E0 |
|
993 #define WSLE_PAGE_SHAREABLE 0x100 |
|
994 |
|
995 typedef struct _MEMORY_WORKING_SET_LIST { |
|
996 ULONG NumberOfPages; |
|
997 ULONG WorkingSetList[1]; |
|
998 } MEMORY_WORKING_SET_LIST, *PMEMORY_WORKING_SET_LIST; |
|
999 |
|
1000 typedef struct _MEMORY_SECTION_NAME { |
|
1001 UNICODE_STRING SectionFileName; |
|
1002 } MEMORY_SECTION_NAME, *PMEMORY_SECTION_NAME; |
|
1003 |
|
1004 /* Zw[Lock|Unlock]VirtualMemory.LockType constants */ |
|
1005 #define LOCK_VM_IN_WSL 0x01 |
|
1006 #define LOCK_VM_IN_RAM 0x02 |
|
1007 |
|
1008 NTOSAPI |
|
1009 NTSTATUS |
|
1010 NTAPI |
|
1011 ZwLockVirtualMemory( |
|
1012 /*IN*/ HANDLE ProcessHandle, |
|
1013 /*IN OUT*/ PVOID *BaseAddress, |
|
1014 /*IN OUT*/ PULONG LockSize, |
|
1015 /*IN*/ ULONG LockType); |
|
1016 |
|
1017 NTOSAPI |
|
1018 NTSTATUS |
|
1019 NTAPI |
|
1020 ZwUnlockVirtualMemory( |
|
1021 /*IN*/ HANDLE ProcessHandle, |
|
1022 /*IN OUT*/ PVOID *BaseAddress, |
|
1023 /*IN OUT*/ PULONG LockSize, |
|
1024 /*IN*/ ULONG LockType); |
|
1025 |
|
1026 NTOSAPI |
|
1027 NTSTATUS |
|
1028 NTAPI |
|
1029 ZwReadVirtualMemory( |
|
1030 /*IN*/ HANDLE ProcessHandle, |
|
1031 /*IN*/ PVOID BaseAddress, |
|
1032 /*OUT*/ PVOID Buffer, |
|
1033 /*IN*/ ULONG BufferLength, |
|
1034 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); |
|
1035 |
|
1036 NTOSAPI |
|
1037 NTSTATUS |
|
1038 NTAPI |
|
1039 ZwWriteVirtualMemory( |
|
1040 /*IN*/ HANDLE ProcessHandle, |
|
1041 /*IN*/ PVOID BaseAddress, |
|
1042 /*IN*/ PVOID Buffer, |
|
1043 /*IN*/ ULONG BufferLength, |
|
1044 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); |
|
1045 |
|
1046 NTOSAPI |
|
1047 NTSTATUS |
|
1048 NTAPI |
|
1049 ZwProtectVirtualMemory( |
|
1050 /*IN*/ HANDLE ProcessHandle, |
|
1051 /*IN OUT*/ PVOID *BaseAddress, |
|
1052 /*IN OUT*/ PULONG ProtectSize, |
|
1053 /*IN*/ ULONG NewProtect, |
|
1054 /*OUT*/ PULONG OldProtect); |
|
1055 |
|
1056 NTOSAPI |
|
1057 NTSTATUS |
|
1058 NTAPI |
|
1059 ZwFlushVirtualMemory( |
|
1060 /*IN*/ HANDLE ProcessHandle, |
|
1061 /*IN OUT*/ PVOID *BaseAddress, |
|
1062 /*IN OUT*/ PULONG FlushSize, |
|
1063 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock); |
|
1064 |
|
1065 NTOSAPI |
|
1066 NTSTATUS |
|
1067 NTAPI |
|
1068 ZwAllocateUserPhysicalPages( |
|
1069 /*IN*/ HANDLE ProcessHandle, |
|
1070 /*IN*/ PULONG NumberOfPages, |
|
1071 /*OUT*/ PULONG PageFrameNumbers); |
|
1072 |
|
1073 NTOSAPI |
|
1074 NTSTATUS |
|
1075 NTAPI |
|
1076 ZwFreeUserPhysicalPages( |
|
1077 /*IN*/ HANDLE ProcessHandle, |
|
1078 /*IN OUT*/ PULONG NumberOfPages, |
|
1079 /*IN*/ PULONG PageFrameNumbers); |
|
1080 |
|
1081 NTOSAPI |
|
1082 NTSTATUS |
|
1083 NTAPI |
|
1084 ZwMapUserPhysicalPages( |
|
1085 /*IN*/ PVOID BaseAddress, |
|
1086 /*IN*/ PULONG NumberOfPages, |
|
1087 /*IN*/ PULONG PageFrameNumbers); |
|
1088 |
|
1089 NTOSAPI |
|
1090 NTSTATUS |
|
1091 NTAPI |
|
1092 ZwMapUserPhysicalPagesScatter( |
|
1093 /*IN*/ PVOID *BaseAddresses, |
|
1094 /*IN*/ PULONG NumberOfPages, |
|
1095 /*IN*/ PULONG PageFrameNumbers); |
|
1096 |
|
1097 NTOSAPI |
|
1098 NTSTATUS |
|
1099 NTAPI |
|
1100 ZwGetWriteWatch( |
|
1101 /*IN*/ HANDLE ProcessHandle, |
|
1102 /*IN*/ ULONG Flags, |
|
1103 /*IN*/ PVOID BaseAddress, |
|
1104 /*IN*/ ULONG RegionSize, |
|
1105 /*OUT*/ PULONG Buffer, |
|
1106 /*IN OUT*/ PULONG BufferEntries, |
|
1107 /*OUT*/ PULONG Granularity); |
|
1108 |
|
1109 NTOSAPI |
|
1110 NTSTATUS |
|
1111 NTAPI |
|
1112 ZwResetWriteWatch( |
|
1113 /*IN*/ HANDLE ProcessHandle, |
|
1114 /*IN*/ PVOID BaseAddress, |
|
1115 /*IN*/ ULONG RegionSize); |
|
1116 |
|
1117 |
|
1118 |
|
1119 |
|
1120 /* Sections */ |
|
1121 |
|
1122 typedef enum _SECTION_INFORMATION_CLASS { |
|
1123 SectionBasicInformation, |
|
1124 SectionImageInformation |
|
1125 } SECTION_INFORMATION_CLASS; |
|
1126 |
|
1127 NTOSAPI |
|
1128 NTSTATUS |
|
1129 NTAPI |
|
1130 NtCreateSection( |
|
1131 /*OUT*/ PHANDLE SectionHandle, |
|
1132 /*IN*/ ACCESS_MASK DesiredAccess, |
|
1133 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, |
|
1134 /*IN*/ PLARGE_INTEGER SectionSize /*OPTIONAL*/, |
|
1135 /*IN*/ ULONG Protect, |
|
1136 /*IN*/ ULONG Attributes, |
|
1137 /*IN*/ HANDLE FileHandle); |
|
1138 |
|
1139 NTOSAPI |
|
1140 NTSTATUS |
|
1141 NTAPI |
|
1142 ZwCreateSection( |
|
1143 /*OUT*/ PHANDLE SectionHandle, |
|
1144 /*IN*/ ACCESS_MASK DesiredAccess, |
|
1145 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, |
|
1146 /*IN*/ PLARGE_INTEGER SectionSize /*OPTIONAL*/, |
|
1147 /*IN*/ ULONG Protect, |
|
1148 /*IN*/ ULONG Attributes, |
|
1149 /*IN*/ HANDLE FileHandle); |
|
1150 |
|
1151 NTOSAPI |
|
1152 NTSTATUS |
|
1153 NTAPI |
|
1154 ZwQuerySection( |
|
1155 /*IN*/ HANDLE SectionHandle, |
|
1156 /*IN*/ SECTION_INFORMATION_CLASS SectionInformationClass, |
|
1157 /*OUT*/ PVOID SectionInformation, |
|
1158 /*IN*/ ULONG SectionInformationLength, |
|
1159 /*OUT*/ PULONG ResultLength /*OPTIONAL*/); |
|
1160 |
|
1161 NTOSAPI |
|
1162 NTSTATUS |
|
1163 NTAPI |
|
1164 ZwExtendSection( |
|
1165 /*IN*/ HANDLE SectionHandle, |
|
1166 /*IN*/ PLARGE_INTEGER SectionSize); |
|
1167 |
|
1168 NTOSAPI |
|
1169 NTSTATUS |
|
1170 NTAPI |
|
1171 ZwAreMappedFilesTheSame( |
|
1172 /*IN*/ PVOID Address1, |
|
1173 /*IN*/ PVOID Address2); |
|
1174 |
|
1175 |
|
1176 |
|
1177 |
|
1178 /* Threads */ |
|
1179 |
|
1180 typedef struct _USER_STACK { |
|
1181 PVOID FixedStackBase; |
|
1182 PVOID FixedStackLimit; |
|
1183 PVOID ExpandableStackBase; |
|
1184 PVOID ExpandableStackLimit; |
|
1185 PVOID ExpandableStackBottom; |
|
1186 } USER_STACK, *PUSER_STACK; |
|
1187 |
|
1188 NTOSAPI |
|
1189 NTSTATUS |
|
1190 NTAPI |
|
1191 ZwCreateThread( |
|
1192 /*OUT*/ PHANDLE ThreadHandle, |
|
1193 /*IN*/ ACCESS_MASK DesiredAccess, |
|
1194 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, |
|
1195 /*IN*/ HANDLE ProcessHandle, |
|
1196 /*OUT*/ PCLIENT_ID ClientId, |
|
1197 /*IN*/ PCONTEXT ThreadContext, |
|
1198 /*IN*/ PUSER_STACK UserStack, |
|
1199 /*IN*/ BOOLEAN CreateSuspended); |
|
1200 |
|
1201 NTOSAPI |
|
1202 NTSTATUS |
|
1203 NTAPI |
|
1204 NtOpenThread( |
|
1205 /*OUT*/ PHANDLE ThreadHandle, |
|
1206 /*IN*/ ACCESS_MASK DesiredAccess, |
|
1207 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, |
|
1208 /*IN*/ PCLIENT_ID ClientId); |
|
1209 |
|
1210 NTOSAPI |
|
1211 NTSTATUS |
|
1212 NTAPI |
|
1213 ZwOpenThread( |
|
1214 /*OUT*/ PHANDLE ThreadHandle, |
|
1215 /*IN*/ ACCESS_MASK DesiredAccess, |
|
1216 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, |
|
1217 /*IN*/ PCLIENT_ID ClientId); |
|
1218 |
|
1219 NTOSAPI |
|
1220 NTSTATUS |
|
1221 NTAPI |
|
1222 ZwTerminateThread( |
|
1223 /*IN*/ HANDLE ThreadHandle /*OPTIONAL*/, |
|
1224 /*IN*/ NTSTATUS ExitStatus); |
|
1225 |
|
1226 NTOSAPI |
|
1227 NTSTATUS |
|
1228 NTAPI |
|
1229 NtQueryInformationThread( |
|
1230 /*IN*/ HANDLE ThreadHandle, |
|
1231 /*IN*/ THREADINFOCLASS ThreadInformationClass, |
|
1232 /*OUT*/ PVOID ThreadInformation, |
|
1233 /*IN*/ ULONG ThreadInformationLength, |
|
1234 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); |
|
1235 |
|
1236 NTOSAPI |
|
1237 NTSTATUS |
|
1238 NTAPI |
|
1239 ZwQueryInformationThread( |
|
1240 /*IN*/ HANDLE ThreadHandle, |
|
1241 /*IN*/ THREADINFOCLASS ThreadInformationClass, |
|
1242 /*OUT*/ PVOID ThreadInformation, |
|
1243 /*IN*/ ULONG ThreadInformationLength, |
|
1244 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); |
|
1245 |
|
1246 NTOSAPI |
|
1247 NTSTATUS |
|
1248 NTAPI |
|
1249 NtSetInformationThread( |
|
1250 /*IN*/ HANDLE ThreadHandle, |
|
1251 /*IN*/ THREADINFOCLASS ThreadInformationClass, |
|
1252 /*IN*/ PVOID ThreadInformation, |
|
1253 /*IN*/ ULONG ThreadInformationLength); |
|
1254 |
|
1255 typedef struct _THREAD_BASIC_INFORMATION { |
|
1256 NTSTATUS ExitStatus; |
|
1257 PNT_TIB TebBaseAddress; |
|
1258 CLIENT_ID ClientId; |
|
1259 KAFFINITY AffinityMask; |
|
1260 KPRIORITY Priority; |
|
1261 KPRIORITY BasePriority; |
|
1262 } THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION; |
|
1263 |
|
1264 typedef struct _KERNEL_USER_TIMES { |
|
1265 LARGE_INTEGER CreateTime; |
|
1266 LARGE_INTEGER ExitTime; |
|
1267 LARGE_INTEGER KernelTime; |
|
1268 LARGE_INTEGER UserTime; |
|
1269 } KERNEL_USER_TIMES, *PKERNEL_USER_TIMES; |
|
1270 |
|
1271 NTOSAPI |
|
1272 NTSTATUS |
|
1273 NTAPI |
|
1274 ZwSuspendThread( |
|
1275 /*IN*/ HANDLE ThreadHandle, |
|
1276 /*OUT*/ PULONG PreviousSuspendCount /*OPTIONAL*/); |
|
1277 |
|
1278 NTOSAPI |
|
1279 NTSTATUS |
|
1280 NTAPI |
|
1281 ZwResumeThread( |
|
1282 /*IN*/ HANDLE ThreadHandle, |
|
1283 /*OUT*/ PULONG PreviousSuspendCount /*OPTIONAL*/); |
|
1284 |
|
1285 NTOSAPI |
|
1286 NTSTATUS |
|
1287 NTAPI |
|
1288 ZwGetContextThread( |
|
1289 /*IN*/ HANDLE ThreadHandle, |
|
1290 /*OUT*/ PCONTEXT Context); |
|
1291 |
|
1292 NTOSAPI |
|
1293 NTSTATUS |
|
1294 NTAPI |
|
1295 ZwSetContextThread( |
|
1296 /*IN*/ HANDLE ThreadHandle, |
|
1297 /*IN*/ PCONTEXT Context); |
|
1298 |
|
1299 NTOSAPI |
|
1300 NTSTATUS |
|
1301 NTAPI |
|
1302 ZwQueueApcThread( |
|
1303 /*IN*/ HANDLE ThreadHandle, |
|
1304 /*IN*/ PKNORMAL_ROUTINE ApcRoutine, |
|
1305 /*IN*/ PVOID ApcContext /*OPTIONAL*/, |
|
1306 /*IN*/ PVOID Argument1 /*OPTIONAL*/, |
|
1307 /*IN*/ PVOID Argument2 /*OPTIONAL*/); |
|
1308 |
|
1309 NTOSAPI |
|
1310 NTSTATUS |
|
1311 NTAPI |
|
1312 ZwTestAlert( |
|
1313 VOID); |
|
1314 |
|
1315 NTOSAPI |
|
1316 NTSTATUS |
|
1317 NTAPI |
|
1318 ZwAlertThread( |
|
1319 /*IN*/ HANDLE ThreadHandle); |
|
1320 |
|
1321 NTOSAPI |
|
1322 NTSTATUS |
|
1323 NTAPI |
|
1324 ZwAlertResumeThread( |
|
1325 /*IN*/ HANDLE ThreadHandle, |
|
1326 /*OUT*/ PULONG PreviousSuspendCount /*OPTIONAL*/); |
|
1327 |
|
1328 NTOSAPI |
|
1329 NTSTATUS |
|
1330 NTAPI |
|
1331 ZwRegisterThreadTerminatePort( |
|
1332 /*IN*/ HANDLE PortHandle); |
|
1333 |
|
1334 NTOSAPI |
|
1335 NTSTATUS |
|
1336 NTAPI |
|
1337 ZwImpersonateThread( |
|
1338 /*IN*/ HANDLE ThreadHandle, |
|
1339 /*IN*/ HANDLE TargetThreadHandle, |
|
1340 /*IN*/ PSECURITY_QUALITY_OF_SERVICE SecurityQos); |
|
1341 |
|
1342 NTOSAPI |
|
1343 NTSTATUS |
|
1344 NTAPI |
|
1345 ZwImpersonateAnonymousToken( |
|
1346 /*IN*/ HANDLE ThreadHandle); |
|
1347 |
|
1348 |
|
1349 |
|
1350 |
|
1351 /* Processes */ |
|
1352 |
|
1353 NTOSAPI |
|
1354 NTSTATUS |
|
1355 NTAPI |
|
1356 ZwCreateProcess( |
|
1357 /*OUT*/ PHANDLE ProcessHandle, |
|
1358 /*IN*/ ACCESS_MASK DesiredAccess, |
|
1359 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, |
|
1360 /*IN*/ HANDLE InheritFromProcessHandle, |
|
1361 /*IN*/ BOOLEAN InheritHandles, |
|
1362 /*IN*/ HANDLE SectionHandle /*OPTIONAL*/, |
|
1363 /*IN*/ HANDLE DebugPort /*OPTIONAL*/, |
|
1364 /*IN*/ HANDLE ExceptionPort /*OPTIONAL*/); |
|
1365 |
|
1366 NTOSAPI |
|
1367 NTSTATUS |
|
1368 NTAPI |
|
1369 ZwCreateProcess( |
|
1370 /*OUT*/ PHANDLE ProcessHandle, |
|
1371 /*IN*/ ACCESS_MASK DesiredAccess, |
|
1372 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, |
|
1373 /*IN*/ HANDLE InheritFromProcessHandle, |
|
1374 /*IN*/ BOOLEAN InheritHandles, |
|
1375 /*IN*/ HANDLE SectionHandle /*OPTIONAL*/, |
|
1376 /*IN*/ HANDLE DebugPort /*OPTIONAL*/, |
|
1377 /*IN*/ HANDLE ExceptionPort /*OPTIONAL*/); |
|
1378 |
|
1379 NTOSAPI |
|
1380 NTSTATUS |
|
1381 NTAPI |
|
1382 ZwTerminateProcess( |
|
1383 /*IN*/ HANDLE ProcessHandle /*OPTIONAL*/, |
|
1384 /*IN*/ NTSTATUS ExitStatus); |
|
1385 |
|
1386 NTOSAPI |
|
1387 NTSTATUS |
|
1388 NTAPI |
|
1389 ZwQueryInformationProcess( |
|
1390 /*IN*/ HANDLE ProcessHandle, |
|
1391 /*IN*/ PROCESSINFOCLASS ProcessInformationClass, |
|
1392 /*OUT*/ PVOID ProcessInformation, |
|
1393 /*IN*/ ULONG ProcessInformationLength, |
|
1394 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); |
|
1395 |
|
1396 NTOSAPI |
|
1397 NTSTATUS |
|
1398 NTAPI |
|
1399 NtSetInformationProcess( |
|
1400 /*IN*/ HANDLE ProcessHandle, |
|
1401 /*IN*/ PROCESSINFOCLASS ProcessInformationClass, |
|
1402 /*IN*/ PVOID ProcessInformation, |
|
1403 /*IN*/ ULONG ProcessInformationLength); |
|
1404 |
|
1405 NTOSAPI |
|
1406 NTSTATUS |
|
1407 NTAPI |
|
1408 ZwSetInformationProcess( |
|
1409 /*IN*/ HANDLE ProcessHandle, |
|
1410 /*IN*/ PROCESSINFOCLASS ProcessInformationClass, |
|
1411 /*IN*/ PVOID ProcessInformation, |
|
1412 /*IN*/ ULONG ProcessInformationLength); |
|
1413 |
|
1414 typedef struct _PROCESS_BASIC_INFORMATION { |
|
1415 NTSTATUS ExitStatus; |
|
1416 PPEB PebBaseAddress; |
|
1417 KAFFINITY AffinityMask; |
|
1418 KPRIORITY BasePriority; |
|
1419 ULONG UniqueProcessId; |
|
1420 ULONG InheritedFromUniqueProcessId; |
|
1421 } PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION; |
|
1422 |
|
1423 typedef struct _PROCESS_ACCESS_TOKEN { |
|
1424 HANDLE Token; |
|
1425 HANDLE Thread; |
|
1426 } PROCESS_ACCESS_TOKEN, *PPROCESS_ACCESS_TOKEN; |
|
1427 |
|
1428 /* DefaultHardErrorMode constants */ |
|
1429 /* also in winbase.h */ |
|
1430 #define SEM_FAILCRITICALERRORS 0x0001 |
|
1431 #define SEM_NOGPFAULTERRORBOX 0x0002 |
|
1432 #define SEM_NOALIGNMENTFAULTEXCEPT 0x0004 |
|
1433 #define SEM_NOOPENFILEERRORBOX 0x8000 |
|
1434 /* end winbase.h */ |
|
1435 typedef struct _POOLED_USAGE_AND_LIMITS { |
|
1436 ULONG PeakPagedPoolUsage; |
|
1437 ULONG PagedPoolUsage; |
|
1438 ULONG PagedPoolLimit; |
|
1439 ULONG PeakNonPagedPoolUsage; |
|
1440 ULONG NonPagedPoolUsage; |
|
1441 ULONG NonPagedPoolLimit; |
|
1442 ULONG PeakPagefileUsage; |
|
1443 ULONG PagefileUsage; |
|
1444 ULONG PagefileLimit; |
|
1445 } POOLED_USAGE_AND_LIMITS, *PPOOLED_USAGE_AND_LIMITS; |
|
1446 |
|
1447 typedef struct _PROCESS_WS_WATCH_INFORMATION { |
|
1448 PVOID FaultingPc; |
|
1449 PVOID FaultingVa; |
|
1450 } PROCESS_WS_WATCH_INFORMATION, *PPROCESS_WS_WATCH_INFORMATION; |
|
1451 |
|
1452 /* PROCESS_PRIORITY_CLASS.PriorityClass constants */ |
|
1453 #define PC_IDLE 1 |
|
1454 #define PC_NORMAL 2 |
|
1455 #define PC_HIGH 3 |
|
1456 #define PC_REALTIME 4 |
|
1457 #define PC_BELOW_NORMAL 5 |
|
1458 #define PC_ABOVE_NORMAL 6 |
|
1459 |
|
1460 typedef struct _PROCESS_PRIORITY_CLASS { |
|
1461 BOOLEAN Foreground; |
|
1462 UCHAR PriorityClass; |
|
1463 } PROCESS_PRIORITY_CLASS, *PPROCESS_PRIORITY_CLASS; |
|
1464 |
|
1465 /* PROCESS_DEVICEMAP_INFORMATION.DriveType constants */ |
|
1466 #define DRIVE_UNKNOWN 0 |
|
1467 #define DRIVE_NO_ROOT_DIR 1 |
|
1468 #define DRIVE_REMOVABLE 2 |
|
1469 #define DRIVE_FIXED 3 |
|
1470 #define DRIVE_REMOTE 4 |
|
1471 #define DRIVE_CDROM 5 |
|
1472 #define DRIVE_RAMDISK 6 |
|
1473 |
|
1474 typedef struct _PROCESS_DEVICEMAP_INFORMATION { |
|
1475 _ANONYMOUS_UNION union { |
|
1476 struct { |
|
1477 HANDLE DirectoryHandle; |
|
1478 } Set; |
|
1479 struct { |
|
1480 ULONG DriveMap; |
|
1481 UCHAR DriveType[32]; |
|
1482 } Query; |
|
1483 } DUMMYUNIONNAME; |
|
1484 } PROCESS_DEVICEMAP_INFORMATION, *PPROCESS_DEVICEMAP_INFORMATION; |
|
1485 |
|
1486 typedef struct _PROCESS_SESSION_INFORMATION { |
|
1487 ULONG SessionId; |
|
1488 } PROCESS_SESSION_INFORMATION, *PPROCESS_SESSION_INFORMATION; |
|
1489 |
|
1490 typedef struct _RTL_USER_PROCESS_PARAMETERS { |
|
1491 ULONG AllocationSize; |
|
1492 ULONG Size; |
|
1493 ULONG Flags; |
|
1494 ULONG DebugFlags; |
|
1495 HANDLE hConsole; |
|
1496 ULONG ProcessGroup; |
|
1497 HANDLE hStdInput; |
|
1498 HANDLE hStdOutput; |
|
1499 HANDLE hStdError; |
|
1500 UNICODE_STRING CurrentDirectoryName; |
|
1501 HANDLE CurrentDirectoryHandle; |
|
1502 UNICODE_STRING DllPath; |
|
1503 UNICODE_STRING ImagePathName; |
|
1504 UNICODE_STRING CommandLine; |
|
1505 PWSTR Environment; |
|
1506 ULONG dwX; |
|
1507 ULONG dwY; |
|
1508 ULONG dwXSize; |
|
1509 ULONG dwYSize; |
|
1510 ULONG dwXCountChars; |
|
1511 ULONG dwYCountChars; |
|
1512 ULONG dwFillAttribute; |
|
1513 ULONG dwFlags; |
|
1514 ULONG wShowWindow; |
|
1515 UNICODE_STRING WindowTitle; |
|
1516 UNICODE_STRING DesktopInfo; |
|
1517 UNICODE_STRING ShellInfo; |
|
1518 UNICODE_STRING RuntimeInfo; |
|
1519 } RTL_USER_PROCESS_PARAMETERS, *PRTL_USER_PROCESS_PARAMETERS; |
|
1520 |
|
1521 NTSTATUS |
|
1522 NTAPI |
|
1523 RtlCreateProcessParameters( |
|
1524 /*OUT*/ PRTL_USER_PROCESS_PARAMETERS *ProcessParameters, |
|
1525 /*IN*/ PUNICODE_STRING ImageFile, |
|
1526 /*IN*/ PUNICODE_STRING DllPath /*OPTIONAL*/, |
|
1527 /*IN*/ PUNICODE_STRING CurrentDirectory /*OPTIONAL*/, |
|
1528 /*IN*/ PUNICODE_STRING CommandLine /*OPTIONAL*/, |
|
1529 /*IN*/ PWSTR Environment /*OPTIONAL*/, |
|
1530 /*IN*/ PUNICODE_STRING WindowTitle /*OPTIONAL*/, |
|
1531 /*IN*/ PUNICODE_STRING DesktopInfo /*OPTIONAL*/, |
|
1532 /*IN*/ PUNICODE_STRING ShellInfo /*OPTIONAL*/, |
|
1533 /*IN*/ PUNICODE_STRING RuntimeInfo /*OPTIONAL*/); |
|
1534 |
|
1535 NTSTATUS |
|
1536 NTAPI |
|
1537 RtlDestroyProcessParameters( |
|
1538 /*IN*/ PRTL_USER_PROCESS_PARAMETERS ProcessParameters); |
|
1539 |
|
1540 typedef struct _DEBUG_BUFFER { |
|
1541 HANDLE SectionHandle; |
|
1542 PVOID SectionBase; |
|
1543 PVOID RemoteSectionBase; |
|
1544 ULONG SectionBaseDelta; |
|
1545 HANDLE EventPairHandle; |
|
1546 ULONG Unknown[2]; |
|
1547 HANDLE RemoteThreadHandle; |
|
1548 ULONG InfoClassMask; |
|
1549 ULONG SizeOfInfo; |
|
1550 ULONG AllocatedSize; |
|
1551 ULONG SectionSize; |
|
1552 PVOID ModuleInformation; |
|
1553 PVOID BackTraceInformation; |
|
1554 PVOID HeapInformation; |
|
1555 PVOID LockInformation; |
|
1556 PVOID Reserved[8]; |
|
1557 } DEBUG_BUFFER, *PDEBUG_BUFFER; |
|
1558 |
|
1559 PDEBUG_BUFFER |
|
1560 NTAPI |
|
1561 RtlCreateQueryDebugBuffer( |
|
1562 /*IN*/ ULONG Size, |
|
1563 /*IN*/ BOOLEAN EventPair); |
|
1564 |
|
1565 /* RtlQueryProcessDebugInformation.DebugInfoClassMask constants */ |
|
1566 #define PDI_MODULES 0x01 |
|
1567 #define PDI_BACKTRACE 0x02 |
|
1568 #define PDI_HEAPS 0x04 |
|
1569 #define PDI_HEAP_TAGS 0x08 |
|
1570 #define PDI_HEAP_BLOCKS 0x10 |
|
1571 #define PDI_LOCKS 0x20 |
|
1572 |
|
1573 NTSTATUS |
|
1574 NTAPI |
|
1575 RtlQueryProcessDebugInformation( |
|
1576 /*IN*/ ULONG ProcessId, |
|
1577 /*IN*/ ULONG DebugInfoClassMask, |
|
1578 /*IN OUT*/ PDEBUG_BUFFER DebugBuffer); |
|
1579 |
|
1580 NTSTATUS |
|
1581 NTAPI |
|
1582 RtlDestroyQueryDebugBuffer( |
|
1583 /*IN*/ PDEBUG_BUFFER DebugBuffer); |
|
1584 |
|
1585 /* DEBUG_MODULE_INFORMATION.Flags constants */ |
|
1586 #define LDRP_STATIC_LINK 0x00000002 |
|
1587 #define LDRP_IMAGE_DLL 0x00000004 |
|
1588 #define LDRP_LOAD_IN_PROGRESS 0x00001000 |
|
1589 #define LDRP_UNLOAD_IN_PROGRESS 0x00002000 |
|
1590 #define LDRP_ENTRY_PROCESSED 0x00004000 |
|
1591 #define LDRP_ENTRY_INSERTED 0x00008000 |
|
1592 #define LDRP_CURRENT_LOAD 0x00010000 |
|
1593 #define LDRP_FAILED_BUILTIN_LOAD 0x00020000 |
|
1594 #define LDRP_DONT_CALL_FOR_THREADS 0x00040000 |
|
1595 #define LDRP_PROCESS_ATTACH_CALLED 0x00080000 |
|
1596 #define LDRP_DEBUG_SYMBOLS_LOADED 0x00100000 |
|
1597 #define LDRP_IMAGE_NOT_AT_BASE 0x00200000 |
|
1598 #define LDRP_WX86_IGNORE_MACHINETYPE 0x00400000 |
|
1599 |
|
1600 typedef struct _DEBUG_MODULE_INFORMATION { |
|
1601 ULONG Reserved[2]; |
|
1602 ULONG Base; |
|
1603 ULONG Size; |
|
1604 ULONG Flags; |
|
1605 USHORT Index; |
|
1606 USHORT Unknown; |
|
1607 USHORT LoadCount; |
|
1608 USHORT ModuleNameOffset; |
|
1609 CHAR ImageName[256]; |
|
1610 } DEBUG_MODULE_INFORMATION, *PDEBUG_MODULE_INFORMATION; |
|
1611 |
|
1612 typedef struct _DEBUG_HEAP_INFORMATION { |
|
1613 ULONG Base; |
|
1614 ULONG Flags; |
|
1615 USHORT Granularity; |
|
1616 USHORT Unknown; |
|
1617 ULONG Allocated; |
|
1618 ULONG Committed; |
|
1619 ULONG TagCount; |
|
1620 ULONG BlockCount; |
|
1621 ULONG Reserved[7]; |
|
1622 PVOID Tags; |
|
1623 PVOID Blocks; |
|
1624 } DEBUG_HEAP_INFORMATION, *PDEBUG_HEAP_INFORMATION; |
|
1625 |
|
1626 typedef struct _DEBUG_LOCK_INFORMATION { |
|
1627 PVOID Address; |
|
1628 USHORT Type; |
|
1629 USHORT CreatorBackTraceIndex; |
|
1630 ULONG OwnerThreadId; |
|
1631 ULONG ActiveCount; |
|
1632 ULONG ContentionCount; |
|
1633 ULONG EntryCount; |
|
1634 ULONG RecursionCount; |
|
1635 ULONG NumberOfSharedWaiters; |
|
1636 ULONG NumberOfExclusiveWaiters; |
|
1637 } DEBUG_LOCK_INFORMATION, *PDEBUG_LOCK_INFORMATION; |
|
1638 |
|
1639 |
|
1640 |
|
1641 /* Jobs */ |
|
1642 |
|
1643 NTOSAPI |
|
1644 NTSTATUS |
|
1645 NTAPI |
|
1646 ZwCreateJobObject( |
|
1647 /*OUT*/ PHANDLE JobHandle, |
|
1648 /*IN*/ ACCESS_MASK DesiredAccess, |
|
1649 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes); |
|
1650 |
|
1651 NTOSAPI |
|
1652 NTSTATUS |
|
1653 NTAPI |
|
1654 ZwOpenJobObject( |
|
1655 /*OUT*/ PHANDLE JobHandle, |
|
1656 /*IN*/ ACCESS_MASK DesiredAccess, |
|
1657 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes); |
|
1658 |
|
1659 NTOSAPI |
|
1660 NTSTATUS |
|
1661 NTAPI |
|
1662 ZwTerminateJobObject( |
|
1663 /*IN*/ HANDLE JobHandle, |
|
1664 /*IN*/ NTSTATUS ExitStatus); |
|
1665 |
|
1666 NTOSAPI |
|
1667 NTSTATUS |
|
1668 NTAPI |
|
1669 ZwAssignProcessToJobObject( |
|
1670 /*IN*/ HANDLE JobHandle, |
|
1671 /*IN*/ HANDLE ProcessHandle); |
|
1672 |
|
1673 NTOSAPI |
|
1674 NTSTATUS |
|
1675 NTAPI |
|
1676 ZwQueryInformationJobObject( |
|
1677 /*IN*/ HANDLE JobHandle, |
|
1678 /*IN*/ JOBOBJECTINFOCLASS JobInformationClass, |
|
1679 /*OUT*/ PVOID JobInformation, |
|
1680 /*IN*/ ULONG JobInformationLength, |
|
1681 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); |
|
1682 |
|
1683 NTOSAPI |
|
1684 NTSTATUS |
|
1685 NTAPI |
|
1686 ZwSetInformationJobObject( |
|
1687 /*IN*/ HANDLE JobHandle, |
|
1688 /*IN*/ JOBOBJECTINFOCLASS JobInformationClass, |
|
1689 /*IN*/ PVOID JobInformation, |
|
1690 /*IN*/ ULONG JobInformationLength); |
|
1691 |
|
1692 |
|
1693 /* Tokens */ |
|
1694 |
|
1695 NTOSAPI |
|
1696 NTSTATUS |
|
1697 NTAPI |
|
1698 ZwCreateToken( |
|
1699 /*OUT*/ PHANDLE TokenHandle, |
|
1700 /*IN*/ ACCESS_MASK DesiredAccess, |
|
1701 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, |
|
1702 /*IN*/ TOKEN_TYPE Type, |
|
1703 /*IN*/ PLUID AuthenticationId, |
|
1704 /*IN*/ PLARGE_INTEGER ExpirationTime, |
|
1705 /*IN*/ PTOKEN_USER User, |
|
1706 /*IN*/ PTOKEN_GROUPS Groups, |
|
1707 /*IN*/ PTOKEN_PRIVILEGES Privileges, |
|
1708 /*IN*/ PTOKEN_OWNER Owner, |
|
1709 /*IN*/ PTOKEN_PRIMARY_GROUP PrimaryGroup, |
|
1710 /*IN*/ PTOKEN_DEFAULT_DACL DefaultDacl, |
|
1711 /*IN*/ PTOKEN_SOURCE Source |
|
1712 ); |
|
1713 |
|
1714 NTOSAPI |
|
1715 NTSTATUS |
|
1716 NTAPI |
|
1717 NtOpenProcessToken( |
|
1718 /*IN*/ HANDLE ProcessHandle, |
|
1719 /*IN*/ ACCESS_MASK DesiredAccess, |
|
1720 /*OUT*/ PHANDLE TokenHandle); |
|
1721 |
|
1722 NTOSAPI |
|
1723 NTSTATUS |
|
1724 NTAPI |
|
1725 ZwOpenProcessToken( |
|
1726 /*IN*/ HANDLE ProcessHandle, |
|
1727 /*IN*/ ACCESS_MASK DesiredAccess, |
|
1728 /*OUT*/ PHANDLE TokenHandle); |
|
1729 |
|
1730 NTOSAPI |
|
1731 NTSTATUS |
|
1732 NTAPI |
|
1733 NtOpenThreadToken( |
|
1734 /*IN*/ HANDLE ThreadHandle, |
|
1735 /*IN*/ ACCESS_MASK DesiredAccess, |
|
1736 /*IN*/ BOOLEAN OpenAsSelf, |
|
1737 /*OUT*/ PHANDLE TokenHandle); |
|
1738 |
|
1739 NTOSAPI |
|
1740 NTSTATUS |
|
1741 NTAPI |
|
1742 ZwOpenThreadToken( |
|
1743 /*IN*/ HANDLE ThreadHandle, |
|
1744 /*IN*/ ACCESS_MASK DesiredAccess, |
|
1745 /*IN*/ BOOLEAN OpenAsSelf, |
|
1746 /*OUT*/ PHANDLE TokenHandle); |
|
1747 |
|
1748 NTOSAPI |
|
1749 NTSTATUS |
|
1750 NTAPI |
|
1751 NtDuplicateToken( |
|
1752 /*IN*/ HANDLE ExistingTokenHandle, |
|
1753 /*IN*/ ACCESS_MASK DesiredAccess, |
|
1754 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, |
|
1755 /*IN*/ BOOLEAN EffectiveOnly, |
|
1756 /*IN*/ TOKEN_TYPE TokenType, |
|
1757 /*OUT*/ PHANDLE NewTokenHandle); |
|
1758 |
|
1759 NTOSAPI |
|
1760 NTSTATUS |
|
1761 NTAPI |
|
1762 ZwDuplicateToken( |
|
1763 /*IN*/ HANDLE ExistingTokenHandle, |
|
1764 /*IN*/ ACCESS_MASK DesiredAccess, |
|
1765 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, |
|
1766 /*IN*/ BOOLEAN EffectiveOnly, |
|
1767 /*IN*/ TOKEN_TYPE TokenType, |
|
1768 /*OUT*/ PHANDLE NewTokenHandle); |
|
1769 |
|
1770 NTOSAPI |
|
1771 NTSTATUS |
|
1772 NTAPI |
|
1773 ZwFilterToken( |
|
1774 /*IN*/ HANDLE ExistingTokenHandle, |
|
1775 /*IN*/ ULONG Flags, |
|
1776 /*IN*/ PTOKEN_GROUPS SidsToDisable, |
|
1777 /*IN*/ PTOKEN_PRIVILEGES PrivilegesToDelete, |
|
1778 /*IN*/ PTOKEN_GROUPS SidsToRestricted, |
|
1779 /*OUT*/ PHANDLE NewTokenHandle); |
|
1780 |
|
1781 NTOSAPI |
|
1782 NTSTATUS |
|
1783 NTAPI |
|
1784 NtAdjustPrivilegesToken( |
|
1785 /*IN*/ HANDLE TokenHandle, |
|
1786 /*IN*/ BOOLEAN DisableAllPrivileges, |
|
1787 /*IN*/ PTOKEN_PRIVILEGES NewState, |
|
1788 /*IN*/ ULONG BufferLength, |
|
1789 /*OUT*/ PTOKEN_PRIVILEGES PreviousState /*OPTIONAL*/, |
|
1790 /*OUT*/ PULONG ReturnLength); |
|
1791 |
|
1792 NTOSAPI |
|
1793 NTSTATUS |
|
1794 NTAPI |
|
1795 ZwAdjustPrivilegesToken( |
|
1796 /*IN*/ HANDLE TokenHandle, |
|
1797 /*IN*/ BOOLEAN DisableAllPrivileges, |
|
1798 /*IN*/ PTOKEN_PRIVILEGES NewState, |
|
1799 /*IN*/ ULONG BufferLength, |
|
1800 /*OUT*/ PTOKEN_PRIVILEGES PreviousState /*OPTIONAL*/, |
|
1801 /*OUT*/ PULONG ReturnLength); |
|
1802 |
|
1803 NTOSAPI |
|
1804 NTSTATUS |
|
1805 NTAPI |
|
1806 ZwAdjustGroupsToken( |
|
1807 /*IN*/ HANDLE TokenHandle, |
|
1808 /*IN*/ BOOLEAN ResetToDefault, |
|
1809 /*IN*/ PTOKEN_GROUPS NewState, |
|
1810 /*IN*/ ULONG BufferLength, |
|
1811 /*OUT*/ PTOKEN_GROUPS PreviousState /*OPTIONAL*/, |
|
1812 /*OUT*/ PULONG ReturnLength); |
|
1813 |
|
1814 NTOSAPI |
|
1815 NTSTATUS |
|
1816 NTAPI |
|
1817 NtQueryInformationToken( |
|
1818 /*IN*/ HANDLE TokenHandle, |
|
1819 /*IN*/ TOKEN_INFORMATION_CLASS TokenInformationClass, |
|
1820 /*OUT*/ PVOID TokenInformation, |
|
1821 /*IN*/ ULONG TokenInformationLength, |
|
1822 /*OUT*/ PULONG ReturnLength); |
|
1823 |
|
1824 NTOSAPI |
|
1825 NTSTATUS |
|
1826 NTAPI |
|
1827 ZwQueryInformationToken( |
|
1828 /*IN*/ HANDLE TokenHandle, |
|
1829 /*IN*/ TOKEN_INFORMATION_CLASS TokenInformationClass, |
|
1830 /*OUT*/ PVOID TokenInformation, |
|
1831 /*IN*/ ULONG TokenInformationLength, |
|
1832 /*OUT*/ PULONG ReturnLength); |
|
1833 |
|
1834 NTOSAPI |
|
1835 NTSTATUS |
|
1836 NTAPI |
|
1837 ZwSetInformationToken( |
|
1838 /*IN*/ HANDLE TokenHandle, |
|
1839 /*IN*/ TOKEN_INFORMATION_CLASS TokenInformationClass, |
|
1840 /*IN*/ PVOID TokenInformation, |
|
1841 /*IN*/ ULONG TokenInformationLength); |
|
1842 |
|
1843 |
|
1844 |
|
1845 |
|
1846 /* Time */ |
|
1847 |
|
1848 NTOSAPI |
|
1849 NTSTATUS |
|
1850 NTAPI |
|
1851 ZwQuerySystemTime( |
|
1852 /*OUT*/ PLARGE_INTEGER CurrentTime); |
|
1853 |
|
1854 NTOSAPI |
|
1855 NTSTATUS |
|
1856 NTAPI |
|
1857 ZwSetSystemTime( |
|
1858 /*IN*/ PLARGE_INTEGER NewTime, |
|
1859 /*OUT*/ PLARGE_INTEGER OldTime /*OPTIONAL*/); |
|
1860 |
|
1861 NTOSAPI |
|
1862 NTSTATUS |
|
1863 NTAPI |
|
1864 ZwQueryPerformanceCounter( |
|
1865 /*OUT*/ PLARGE_INTEGER PerformanceCount, |
|
1866 /*OUT*/ PLARGE_INTEGER PerformanceFrequency /*OPTIONAL*/); |
|
1867 |
|
1868 NTOSAPI |
|
1869 NTSTATUS |
|
1870 NTAPI |
|
1871 ZwQueryPerformanceCounter( |
|
1872 /*OUT*/ PLARGE_INTEGER PerformanceCount, |
|
1873 /*OUT*/ PLARGE_INTEGER PerformanceFrequency /*OPTIONAL*/); |
|
1874 |
|
1875 NTOSAPI |
|
1876 NTSTATUS |
|
1877 NTAPI |
|
1878 ZwQueryTimerResolution( |
|
1879 /*OUT*/ PULONG CoarsestResolution, |
|
1880 /*OUT*/ PULONG FinestResolution, |
|
1881 /*OUT*/ PULONG ActualResolution); |
|
1882 |
|
1883 NTOSAPI |
|
1884 NTSTATUS |
|
1885 NTAPI |
|
1886 ZwDelayExecution( |
|
1887 /*IN*/ BOOLEAN Alertable, |
|
1888 /*IN*/ PLARGE_INTEGER Interval); |
|
1889 |
|
1890 NTOSAPI |
|
1891 NTSTATUS |
|
1892 NTAPI |
|
1893 ZwYieldExecution( |
|
1894 VOID); |
|
1895 |
|
1896 NTOSAPI |
|
1897 ULONG |
|
1898 NTAPI |
|
1899 ZwGetTickCount( |
|
1900 VOID); |
|
1901 |
|
1902 |
|
1903 |
|
1904 |
|
1905 /* Execution profiling */ |
|
1906 |
|
1907 NTOSAPI |
|
1908 NTSTATUS |
|
1909 NTAPI |
|
1910 ZwCreateProfile( |
|
1911 /*OUT*/ PHANDLE ProfileHandle, |
|
1912 /*IN*/ HANDLE ProcessHandle, |
|
1913 /*IN*/ PVOID Base, |
|
1914 /*IN*/ ULONG Size, |
|
1915 /*IN*/ ULONG BucketShift, |
|
1916 /*IN*/ PULONG Buffer, |
|
1917 /*IN*/ ULONG BufferLength, |
|
1918 /*IN*/ KPROFILE_SOURCE Source, |
|
1919 /*IN*/ ULONG ProcessorMask); |
|
1920 |
|
1921 NTOSAPI |
|
1922 NTSTATUS |
|
1923 NTAPI |
|
1924 ZwSetIntervalProfile( |
|
1925 /*IN*/ ULONG Interval, |
|
1926 /*IN*/ KPROFILE_SOURCE Source); |
|
1927 |
|
1928 NTOSAPI |
|
1929 NTSTATUS |
|
1930 NTAPI |
|
1931 ZwQueryIntervalProfile( |
|
1932 /*IN*/ KPROFILE_SOURCE Source, |
|
1933 /*OUT*/ PULONG Interval); |
|
1934 |
|
1935 NTOSAPI |
|
1936 NTSTATUS |
|
1937 NTAPI |
|
1938 ZwStartProfile( |
|
1939 /*IN*/ HANDLE ProfileHandle); |
|
1940 |
|
1941 NTOSAPI |
|
1942 NTSTATUS |
|
1943 NTAPI |
|
1944 ZwStopProfile( |
|
1945 /*IN*/ HANDLE ProfileHandle); |
|
1946 |
|
1947 /* Local Procedure Call (LPC) */ |
|
1948 |
|
1949 typedef struct _LPC_MESSAGE { |
|
1950 USHORT DataSize; |
|
1951 USHORT MessageSize; |
|
1952 USHORT MessageType; |
|
1953 USHORT VirtualRangesOffset; |
|
1954 CLIENT_ID ClientId; |
|
1955 ULONG MessageId; |
|
1956 ULONG SectionSize; |
|
1957 UCHAR Data[ANYSIZE_ARRAY]; |
|
1958 } LPC_MESSAGE, *PLPC_MESSAGE; |
|
1959 |
|
1960 #define LPC_MESSAGE_BASE_SIZE 24 |
|
1961 |
|
1962 typedef enum _LPC_TYPE { |
|
1963 LPC_NEW_MESSAGE, |
|
1964 LPC_REQUEST, |
|
1965 LPC_REPLY, |
|
1966 LPC_DATAGRAM, |
|
1967 LPC_LOST_REPLY, |
|
1968 LPC_PORT_CLOSED, |
|
1969 LPC_CLIENT_DIED, |
|
1970 LPC_EXCEPTION, |
|
1971 LPC_DEBUG_EVENT, |
|
1972 LPC_ERROR_EVENT, |
|
1973 LPC_CONNECTION_REQUEST, |
|
1974 LPC_CONNECTION_REFUSED, |
|
1975 LPC_MAXIMUM |
|
1976 } LPC_TYPE; |
|
1977 |
|
1978 typedef struct _LPC_SECTION_WRITE { |
|
1979 ULONG Length; |
|
1980 HANDLE SectionHandle; |
|
1981 ULONG SectionOffset; |
|
1982 ULONG ViewSize; |
|
1983 PVOID ViewBase; |
|
1984 PVOID TargetViewBase; |
|
1985 } LPC_SECTION_WRITE, *PLPC_SECTION_WRITE; |
|
1986 |
|
1987 typedef struct _LPC_SECTION_READ { |
|
1988 ULONG Length; |
|
1989 ULONG ViewSize; |
|
1990 PVOID ViewBase; |
|
1991 } LPC_SECTION_READ, *PLPC_SECTION_READ; |
|
1992 |
|
1993 NTOSAPI |
|
1994 NTSTATUS |
|
1995 NTAPI |
|
1996 ZwCreatePort( |
|
1997 /*OUT*/ PHANDLE PortHandle, |
|
1998 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, |
|
1999 /*IN*/ ULONG MaxDataSize, |
|
2000 /*IN*/ ULONG MaxMessageSize, |
|
2001 /*IN*/ ULONG Reserved); |
|
2002 |
|
2003 NTOSAPI |
|
2004 NTSTATUS |
|
2005 NTAPI |
|
2006 ZwCreateWaitablePort( |
|
2007 /*OUT*/ PHANDLE PortHandle, |
|
2008 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, |
|
2009 /*IN*/ ULONG MaxDataSize, |
|
2010 /*IN*/ ULONG MaxMessageSize, |
|
2011 /*IN*/ ULONG Reserved); |
|
2012 |
|
2013 NTOSAPI |
|
2014 NTSTATUS |
|
2015 NTAPI |
|
2016 NtConnectPort( |
|
2017 /*OUT*/ PHANDLE PortHandle, |
|
2018 /*IN*/ PUNICODE_STRING PortName, |
|
2019 /*IN*/ PSECURITY_QUALITY_OF_SERVICE SecurityQos, |
|
2020 /*IN OUT*/ PLPC_SECTION_WRITE WriteSection /*OPTIONAL*/, |
|
2021 /*IN OUT*/ PLPC_SECTION_READ ReadSection /*OPTIONAL*/, |
|
2022 /*OUT*/ PULONG MaxMessageSize /*OPTIONAL*/, |
|
2023 /*IN OUT*/ PVOID ConnectData /*OPTIONAL*/, |
|
2024 /*IN OUT*/ PULONG ConnectDataLength /*OPTIONAL*/); |
|
2025 |
|
2026 NTOSAPI |
|
2027 NTSTATUS |
|
2028 NTAPI |
|
2029 ZwConnectPort( |
|
2030 /*OUT*/ PHANDLE PortHandle, |
|
2031 /*IN*/ PUNICODE_STRING PortName, |
|
2032 /*IN*/ PSECURITY_QUALITY_OF_SERVICE SecurityQos, |
|
2033 /*IN OUT*/ PLPC_SECTION_WRITE WriteSection /*OPTIONAL*/, |
|
2034 /*IN OUT*/ PLPC_SECTION_READ ReadSection /*OPTIONAL*/, |
|
2035 /*OUT*/ PULONG MaxMessageSize /*OPTIONAL*/, |
|
2036 /*IN OUT*/ PVOID ConnectData /*OPTIONAL*/, |
|
2037 /*IN OUT*/ PULONG ConnectDataLength /*OPTIONAL*/); |
|
2038 |
|
2039 NTOSAPI |
|
2040 NTSTATUS |
|
2041 NTAPI |
|
2042 ZwConnectPort( |
|
2043 /*OUT*/ PHANDLE PortHandle, |
|
2044 /*IN*/ PUNICODE_STRING PortName, |
|
2045 /*IN*/ PSECURITY_QUALITY_OF_SERVICE SecurityQos, |
|
2046 /*IN OUT*/ PLPC_SECTION_WRITE WriteSection /*OPTIONAL*/, |
|
2047 /*IN OUT*/ PLPC_SECTION_READ ReadSection /*OPTIONAL*/, |
|
2048 /*OUT*/ PULONG MaxMessageSize /*OPTIONAL*/, |
|
2049 /*IN OUT*/ PVOID ConnectData /*OPTIONAL*/, |
|
2050 /*IN OUT*/ PULONG ConnectDataLength /*OPTIONAL*/); |
|
2051 |
|
2052 NTOSAPI |
|
2053 NTSTATUS |
|
2054 NTAPI |
|
2055 ZwListenPort( |
|
2056 /*IN*/ HANDLE PortHandle, |
|
2057 /*OUT*/ PLPC_MESSAGE Message); |
|
2058 |
|
2059 NTOSAPI |
|
2060 NTSTATUS |
|
2061 NTAPI |
|
2062 ZwAcceptConnectPort( |
|
2063 /*OUT*/ PHANDLE PortHandle, |
|
2064 /*IN*/ ULONG PortIdentifier, |
|
2065 /*IN*/ PLPC_MESSAGE Message, |
|
2066 /*IN*/ BOOLEAN Accept, |
|
2067 /*IN OUT*/ PLPC_SECTION_WRITE WriteSection /*OPTIONAL*/, |
|
2068 /*IN OUT*/ PLPC_SECTION_READ ReadSection /*OPTIONAL*/); |
|
2069 |
|
2070 NTOSAPI |
|
2071 NTSTATUS |
|
2072 NTAPI |
|
2073 ZwCompleteConnectPort( |
|
2074 /*IN*/ HANDLE PortHandle); |
|
2075 |
|
2076 NTOSAPI |
|
2077 NTSTATUS |
|
2078 NTAPI |
|
2079 NtRequestPort( |
|
2080 /*IN*/ HANDLE PortHandle, |
|
2081 /*IN*/ PLPC_MESSAGE RequestMessage); |
|
2082 |
|
2083 NTOSAPI |
|
2084 NTSTATUS |
|
2085 NTAPI |
|
2086 NtRequestWaitReplyPort( |
|
2087 /*IN*/ HANDLE PortHandle, |
|
2088 /*IN*/ PLPC_MESSAGE RequestMessage, |
|
2089 /*OUT*/ PLPC_MESSAGE ReplyMessage); |
|
2090 |
|
2091 NTOSAPI |
|
2092 NTSTATUS |
|
2093 NTAPI |
|
2094 ZwRequestWaitReplyPort( |
|
2095 /*IN*/ HANDLE PortHandle, |
|
2096 /*IN*/ PLPC_MESSAGE RequestMessage, |
|
2097 /*OUT*/ PLPC_MESSAGE ReplyMessage); |
|
2098 |
|
2099 NTOSAPI |
|
2100 NTSTATUS |
|
2101 NTAPI |
|
2102 ZwReplyPort( |
|
2103 /*IN*/ HANDLE PortHandle, |
|
2104 /*IN*/ PLPC_MESSAGE ReplyMessage); |
|
2105 |
|
2106 NTOSAPI |
|
2107 NTSTATUS |
|
2108 NTAPI |
|
2109 ZwReplyWaitReplyPort( |
|
2110 /*IN*/ HANDLE PortHandle, |
|
2111 /*IN OUT*/ PLPC_MESSAGE ReplyMessage); |
|
2112 |
|
2113 NTOSAPI |
|
2114 NTSTATUS |
|
2115 NTAPI |
|
2116 ZwReplyWaitReceivePort( |
|
2117 /*IN*/ HANDLE PortHandle, |
|
2118 /*OUT*/ PULONG PortIdentifier /*OPTIONAL*/, |
|
2119 /*IN*/ PLPC_MESSAGE ReplyMessage /*OPTIONAL*/, |
|
2120 /*OUT*/ PLPC_MESSAGE Message); |
|
2121 |
|
2122 NTOSAPI |
|
2123 NTSTATUS |
|
2124 NTAPI |
|
2125 ZwReplyWaitReceivePortEx( |
|
2126 /*IN*/ HANDLE PortHandle, |
|
2127 /*OUT*/ PULONG PortIdentifier /*OPTIONAL*/, |
|
2128 /*IN*/ PLPC_MESSAGE ReplyMessage /*OPTIONAL*/, |
|
2129 /*OUT*/ PLPC_MESSAGE Message, |
|
2130 /*IN*/ PLARGE_INTEGER Timeout); |
|
2131 |
|
2132 NTOSAPI |
|
2133 NTSTATUS |
|
2134 NTAPI |
|
2135 ZwReadRequestData( |
|
2136 /*IN*/ HANDLE PortHandle, |
|
2137 /*IN*/ PLPC_MESSAGE Message, |
|
2138 /*IN*/ ULONG Index, |
|
2139 /*OUT*/ PVOID Buffer, |
|
2140 /*IN*/ ULONG BufferLength, |
|
2141 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); |
|
2142 |
|
2143 NTOSAPI |
|
2144 NTSTATUS |
|
2145 NTAPI |
|
2146 ZwWriteRequestData( |
|
2147 /*IN*/ HANDLE PortHandle, |
|
2148 /*IN*/ PLPC_MESSAGE Message, |
|
2149 /*IN*/ ULONG Index, |
|
2150 /*IN*/ PVOID Buffer, |
|
2151 /*IN*/ ULONG BufferLength, |
|
2152 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); |
|
2153 |
|
2154 typedef enum _PORT_INFORMATION_CLASS { |
|
2155 PortBasicInformation |
|
2156 } PORT_INFORMATION_CLASS; |
|
2157 |
|
2158 NTOSAPI |
|
2159 NTSTATUS |
|
2160 NTAPI |
|
2161 ZwQueryInformationPort( |
|
2162 /*IN*/ HANDLE PortHandle, |
|
2163 /*IN*/ PORT_INFORMATION_CLASS PortInformationClass, |
|
2164 /*OUT*/ PVOID PortInformation, |
|
2165 /*IN*/ ULONG PortInformationLength, |
|
2166 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); |
|
2167 |
|
2168 NTOSAPI |
|
2169 NTSTATUS |
|
2170 NTAPI |
|
2171 ZwImpersonateClientOfPort( |
|
2172 /*IN*/ HANDLE PortHandle, |
|
2173 /*IN*/ PLPC_MESSAGE Message); |
|
2174 |
|
2175 |
|
2176 |
|
2177 |
|
2178 /* Files */ |
|
2179 |
|
2180 NTOSAPI |
|
2181 NTSTATUS |
|
2182 NTAPI |
|
2183 NtDeleteFile( |
|
2184 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes); |
|
2185 |
|
2186 NTOSAPI |
|
2187 NTSTATUS |
|
2188 NTAPI |
|
2189 ZwDeleteFile( |
|
2190 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes); |
|
2191 |
|
2192 NTOSAPI |
|
2193 NTSTATUS |
|
2194 NTAPI |
|
2195 ZwFlushBuffersFile( |
|
2196 /*IN*/ HANDLE FileHandle, |
|
2197 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock); |
|
2198 |
|
2199 NTOSAPI |
|
2200 NTSTATUS |
|
2201 NTAPI |
|
2202 ZwCancelIoFile( |
|
2203 /*IN*/ HANDLE FileHandle, |
|
2204 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock); |
|
2205 |
|
2206 NTOSAPI |
|
2207 NTSTATUS |
|
2208 NTAPI |
|
2209 ZwReadFileScatter( |
|
2210 /*IN*/ HANDLE FileHandle, |
|
2211 /*IN*/ HANDLE Event /*OPTIONAL*/, |
|
2212 /*IN*/ PIO_APC_ROUTINE ApcRoutine /*OPTIONAL*/, |
|
2213 /*IN*/ PVOID ApcContext /*OPTIONAL*/, |
|
2214 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock, |
|
2215 /*IN*/ PFILE_SEGMENT_ELEMENT Buffer, |
|
2216 /*IN*/ ULONG Length, |
|
2217 /*IN*/ PLARGE_INTEGER ByteOffset /*OPTIONAL*/, |
|
2218 /*IN*/ PULONG Key /*OPTIONAL*/); |
|
2219 |
|
2220 NTOSAPI |
|
2221 NTSTATUS |
|
2222 NTAPI |
|
2223 ZwWriteFileGather( |
|
2224 /*IN*/ HANDLE FileHandle, |
|
2225 /*IN*/ HANDLE Event /*OPTIONAL*/, |
|
2226 /*IN*/ PIO_APC_ROUTINE ApcRoutine /*OPTIONAL*/, |
|
2227 /*IN*/ PVOID ApcContext /*OPTIONAL*/, |
|
2228 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock, |
|
2229 /*IN*/ PFILE_SEGMENT_ELEMENT Buffer, |
|
2230 /*IN*/ ULONG Length, |
|
2231 /*IN*/ PLARGE_INTEGER ByteOffset /*OPTIONAL*/, |
|
2232 /*IN*/ PULONG Key /*OPTIONAL*/); |
|
2233 |
|
2234 |
|
2235 |
|
2236 |
|
2237 /* Registry keys */ |
|
2238 |
|
2239 NTOSAPI |
|
2240 NTSTATUS |
|
2241 NTAPI |
|
2242 ZwSaveKey( |
|
2243 /*IN*/ HANDLE KeyHandle, |
|
2244 /*IN*/ HANDLE FileHandle); |
|
2245 |
|
2246 NTOSAPI |
|
2247 NTSTATUS |
|
2248 NTAPI |
|
2249 ZwSaveMergedKeys( |
|
2250 /*IN*/ HANDLE KeyHandle1, |
|
2251 /*IN*/ HANDLE KeyHandle2, |
|
2252 /*IN*/ HANDLE FileHandle); |
|
2253 |
|
2254 NTOSAPI |
|
2255 NTSTATUS |
|
2256 NTAPI |
|
2257 ZwRestoreKey( |
|
2258 /*IN*/ HANDLE KeyHandle, |
|
2259 /*IN*/ HANDLE FileHandle, |
|
2260 /*IN*/ ULONG Flags); |
|
2261 |
|
2262 NTOSAPI |
|
2263 NTSTATUS |
|
2264 NTAPI |
|
2265 ZwLoadKey( |
|
2266 /*IN*/ POBJECT_ATTRIBUTES KeyObjectAttributes, |
|
2267 /*IN*/ POBJECT_ATTRIBUTES FileObjectAttributes); |
|
2268 |
|
2269 NTOSAPI |
|
2270 NTSTATUS |
|
2271 NTAPI |
|
2272 ZwLoadKey2( |
|
2273 /*IN*/ POBJECT_ATTRIBUTES KeyObjectAttributes, |
|
2274 /*IN*/ POBJECT_ATTRIBUTES FileObjectAttributes, |
|
2275 /*IN*/ ULONG Flags); |
|
2276 |
|
2277 NTOSAPI |
|
2278 NTSTATUS |
|
2279 NTAPI |
|
2280 ZwUnloadKey( |
|
2281 /*IN*/ POBJECT_ATTRIBUTES KeyObjectAttributes); |
|
2282 |
|
2283 NTOSAPI |
|
2284 NTSTATUS |
|
2285 NTAPI |
|
2286 ZwQueryOpenSubKeys( |
|
2287 /*IN*/ POBJECT_ATTRIBUTES KeyObjectAttributes, |
|
2288 /*OUT*/ PULONG NumberOfKeys); |
|
2289 |
|
2290 NTOSAPI |
|
2291 NTSTATUS |
|
2292 NTAPI |
|
2293 ZwReplaceKey( |
|
2294 /*IN*/ POBJECT_ATTRIBUTES NewFileObjectAttributes, |
|
2295 /*IN*/ HANDLE KeyHandle, |
|
2296 /*IN*/ POBJECT_ATTRIBUTES OldFileObjectAttributes); |
|
2297 |
|
2298 typedef enum _KEY_SET_INFORMATION_CLASS { |
|
2299 KeyLastWriteTimeInformation |
|
2300 } KEY_SET_INFORMATION_CLASS; |
|
2301 |
|
2302 NTOSAPI |
|
2303 NTSTATUS |
|
2304 NTAPI |
|
2305 ZwSetInformationKey( |
|
2306 /*IN*/ HANDLE KeyHandle, |
|
2307 /*IN*/ KEY_SET_INFORMATION_CLASS KeyInformationClass, |
|
2308 /*IN*/ PVOID KeyInformation, |
|
2309 /*IN*/ ULONG KeyInformationLength); |
|
2310 |
|
2311 typedef struct _KEY_LAST_WRITE_TIME_INFORMATION { |
|
2312 LARGE_INTEGER LastWriteTime; |
|
2313 } KEY_LAST_WRITE_TIME_INFORMATION, *PKEY_LAST_WRITE_TIME_INFORMATION; |
|
2314 |
|
2315 typedef struct _KEY_NAME_INFORMATION { |
|
2316 ULONG NameLength; |
|
2317 WCHAR Name[1]; |
|
2318 } KEY_NAME_INFORMATION, *PKEY_NAME_INFORMATION; |
|
2319 |
|
2320 NTOSAPI |
|
2321 NTSTATUS |
|
2322 NTAPI |
|
2323 ZwNotifyChangeKey( |
|
2324 /*IN*/ HANDLE KeyHandle, |
|
2325 /*IN*/ HANDLE EventHandle /*OPTIONAL*/, |
|
2326 /*IN*/ PIO_APC_ROUTINE ApcRoutine /*OPTIONAL*/, |
|
2327 /*IN*/ PVOID ApcContext /*OPTIONAL*/, |
|
2328 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock, |
|
2329 /*IN*/ ULONG NotifyFilter, |
|
2330 /*IN*/ BOOLEAN WatchSubtree, |
|
2331 /*IN*/ PVOID Buffer, |
|
2332 /*IN*/ ULONG BufferLength, |
|
2333 /*IN*/ BOOLEAN Asynchronous); |
|
2334 |
|
2335 /* ZwNotifyChangeMultipleKeys.Flags constants */ |
|
2336 #define REG_MONITOR_SINGLE_KEY 0x00 |
|
2337 #define REG_MONITOR_SECOND_KEY 0x01 |
|
2338 |
|
2339 NTOSAPI |
|
2340 NTSTATUS |
|
2341 NTAPI |
|
2342 ZwNotifyChangeMultipleKeys( |
|
2343 /*IN*/ HANDLE KeyHandle, |
|
2344 /*IN*/ ULONG Flags, |
|
2345 /*IN*/ POBJECT_ATTRIBUTES KeyObjectAttributes, |
|
2346 /*IN*/ HANDLE EventHandle /*OPTIONAL*/, |
|
2347 /*IN*/ PIO_APC_ROUTINE ApcRoutine /*OPTIONAL*/, |
|
2348 /*IN*/ PVOID ApcContext /*OPTIONAL*/, |
|
2349 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock, |
|
2350 /*IN*/ ULONG NotifyFilter, |
|
2351 /*IN*/ BOOLEAN WatchSubtree, |
|
2352 /*IN*/ PVOID Buffer, |
|
2353 /*IN*/ ULONG BufferLength, |
|
2354 /*IN*/ BOOLEAN Asynchronous); |
|
2355 |
|
2356 NTOSAPI |
|
2357 NTSTATUS |
|
2358 NTAPI |
|
2359 ZwQueryMultipleValueKey( |
|
2360 /*IN*/ HANDLE KeyHandle, |
|
2361 /*IN OUT*/ PKEY_VALUE_ENTRY ValueList, |
|
2362 /*IN*/ ULONG NumberOfValues, |
|
2363 /*OUT*/ PVOID Buffer, |
|
2364 /*IN OUT*/ PULONG Length, |
|
2365 /*OUT*/ PULONG ReturnLength); |
|
2366 |
|
2367 NTOSAPI |
|
2368 NTSTATUS |
|
2369 NTAPI |
|
2370 ZwInitializeRegistry( |
|
2371 /*IN*/ BOOLEAN Setup); |
|
2372 |
|
2373 |
|
2374 |
|
2375 |
|
2376 /* Security and auditing */ |
|
2377 |
|
2378 NTOSAPI |
|
2379 NTSTATUS |
|
2380 NTAPI |
|
2381 ZwPrivilegeCheck( |
|
2382 /*IN*/ HANDLE TokenHandle, |
|
2383 /*IN*/ PPRIVILEGE_SET RequiredPrivileges, |
|
2384 /*OUT*/ PBOOLEAN Result); |
|
2385 |
|
2386 NTOSAPI |
|
2387 NTSTATUS |
|
2388 NTAPI |
|
2389 ZwPrivilegeObjectAuditAlarm( |
|
2390 /*IN*/ PUNICODE_STRING SubsystemName, |
|
2391 /*IN*/ PVOID HandleId, |
|
2392 /*IN*/ HANDLE TokenHandle, |
|
2393 /*IN*/ ACCESS_MASK DesiredAccess, |
|
2394 /*IN*/ PPRIVILEGE_SET Privileges, |
|
2395 /*IN*/ BOOLEAN AccessGranted); |
|
2396 |
|
2397 NTOSAPI |
|
2398 NTSTATUS |
|
2399 NTAPI |
|
2400 ZwPrivilegeObjectAuditAlarm( |
|
2401 /*IN*/ PUNICODE_STRING SubsystemName, |
|
2402 /*IN*/ PVOID HandleId, |
|
2403 /*IN*/ HANDLE TokenHandle, |
|
2404 /*IN*/ ACCESS_MASK DesiredAccess, |
|
2405 /*IN*/ PPRIVILEGE_SET Privileges, |
|
2406 /*IN*/ BOOLEAN AccessGranted); |
|
2407 |
|
2408 NTOSAPI |
|
2409 NTSTATUS |
|
2410 NTAPI |
|
2411 ZwAccessCheck( |
|
2412 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, |
|
2413 /*IN*/ HANDLE TokenHandle, |
|
2414 /*IN*/ ACCESS_MASK DesiredAccess, |
|
2415 /*IN*/ PGENERIC_MAPPING GenericMapping, |
|
2416 /*IN*/ PPRIVILEGE_SET PrivilegeSet, |
|
2417 /*IN*/ PULONG PrivilegeSetLength, |
|
2418 /*OUT*/ PACCESS_MASK GrantedAccess, |
|
2419 /*OUT*/ PBOOLEAN AccessStatus); |
|
2420 |
|
2421 NTOSAPI |
|
2422 NTSTATUS |
|
2423 NTAPI |
|
2424 ZwAccessCheckAndAuditAlarm( |
|
2425 /*IN*/ PUNICODE_STRING SubsystemName, |
|
2426 /*IN*/ PVOID HandleId, |
|
2427 /*IN*/ PUNICODE_STRING ObjectTypeName, |
|
2428 /*IN*/ PUNICODE_STRING ObjectName, |
|
2429 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, |
|
2430 /*IN*/ ACCESS_MASK DesiredAccess, |
|
2431 /*IN*/ PGENERIC_MAPPING GenericMapping, |
|
2432 /*IN*/ BOOLEAN ObjectCreation, |
|
2433 /*OUT*/ PACCESS_MASK GrantedAccess, |
|
2434 /*OUT*/ PBOOLEAN AccessStatus, |
|
2435 /*OUT*/ PBOOLEAN GenerateOnClose); |
|
2436 |
|
2437 NTOSAPI |
|
2438 NTSTATUS |
|
2439 NTAPI |
|
2440 ZwAccessCheckByType( |
|
2441 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, |
|
2442 /*IN*/ PSID PrincipalSelfSid, |
|
2443 /*IN*/ HANDLE TokenHandle, |
|
2444 /*IN*/ ULONG DesiredAccess, |
|
2445 /*IN*/ POBJECT_TYPE_LIST ObjectTypeList, |
|
2446 /*IN*/ ULONG ObjectTypeListLength, |
|
2447 /*IN*/ PGENERIC_MAPPING GenericMapping, |
|
2448 /*IN*/ PPRIVILEGE_SET PrivilegeSet, |
|
2449 /*IN*/ PULONG PrivilegeSetLength, |
|
2450 /*OUT*/ PACCESS_MASK GrantedAccess, |
|
2451 /*OUT*/ PULONG AccessStatus); |
|
2452 |
|
2453 typedef enum _AUDIT_EVENT_TYPE { |
|
2454 AuditEventObjectAccess, |
|
2455 AuditEventDirectoryServiceAccess |
|
2456 } AUDIT_EVENT_TYPE, *PAUDIT_EVENT_TYPE; |
|
2457 |
|
2458 NTOSAPI |
|
2459 NTSTATUS |
|
2460 NTAPI |
|
2461 ZwAccessCheckByTypeAndAuditAlarm( |
|
2462 /*IN*/ PUNICODE_STRING SubsystemName, |
|
2463 /*IN*/ PVOID HandleId, |
|
2464 /*IN*/ PUNICODE_STRING ObjectTypeName, |
|
2465 /*IN*/ PUNICODE_STRING ObjectName, |
|
2466 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, |
|
2467 /*IN*/ PSID PrincipalSelfSid, |
|
2468 /*IN*/ ACCESS_MASK DesiredAccess, |
|
2469 /*IN*/ AUDIT_EVENT_TYPE AuditType, |
|
2470 /*IN*/ ULONG Flags, |
|
2471 /*IN*/ POBJECT_TYPE_LIST ObjectTypeList, |
|
2472 /*IN*/ ULONG ObjectTypeListLength, |
|
2473 /*IN*/ PGENERIC_MAPPING GenericMapping, |
|
2474 /*IN*/ BOOLEAN ObjectCreation, |
|
2475 /*OUT*/ PACCESS_MASK GrantedAccess, |
|
2476 /*OUT*/ PULONG AccessStatus, |
|
2477 /*OUT*/ PBOOLEAN GenerateOnClose); |
|
2478 |
|
2479 NTOSAPI |
|
2480 NTSTATUS |
|
2481 NTAPI |
|
2482 ZwAccessCheckByTypeResultList( |
|
2483 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, |
|
2484 /*IN*/ PSID PrincipalSelfSid, |
|
2485 /*IN*/ HANDLE TokenHandle, |
|
2486 /*IN*/ ACCESS_MASK DesiredAccess, |
|
2487 /*IN*/ POBJECT_TYPE_LIST ObjectTypeList, |
|
2488 /*IN*/ ULONG ObjectTypeListLength, |
|
2489 /*IN*/ PGENERIC_MAPPING GenericMapping, |
|
2490 /*IN*/ PPRIVILEGE_SET PrivilegeSet, |
|
2491 /*IN*/ PULONG PrivilegeSetLength, |
|
2492 /*OUT*/ PACCESS_MASK GrantedAccessList, |
|
2493 /*OUT*/ PULONG AccessStatusList); |
|
2494 |
|
2495 NTOSAPI |
|
2496 NTSTATUS |
|
2497 NTAPI |
|
2498 ZwAccessCheckByTypeResultListAndAuditAlarm( |
|
2499 /*IN*/ PUNICODE_STRING SubsystemName, |
|
2500 /*IN*/ PVOID HandleId, |
|
2501 /*IN*/ PUNICODE_STRING ObjectTypeName, |
|
2502 /*IN*/ PUNICODE_STRING ObjectName, |
|
2503 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, |
|
2504 /*IN*/ PSID PrincipalSelfSid, |
|
2505 /*IN*/ ACCESS_MASK DesiredAccess, |
|
2506 /*IN*/ AUDIT_EVENT_TYPE AuditType, |
|
2507 /*IN*/ ULONG Flags, |
|
2508 /*IN*/ POBJECT_TYPE_LIST ObjectTypeList, |
|
2509 /*IN*/ ULONG ObjectTypeListLength, |
|
2510 /*IN*/ PGENERIC_MAPPING GenericMapping, |
|
2511 /*IN*/ BOOLEAN ObjectCreation, |
|
2512 /*OUT*/ PACCESS_MASK GrantedAccessList, |
|
2513 /*OUT*/ PULONG AccessStatusList, |
|
2514 /*OUT*/ PULONG GenerateOnClose); |
|
2515 |
|
2516 NTOSAPI |
|
2517 NTSTATUS |
|
2518 NTAPI |
|
2519 ZwAccessCheckByTypeResultListAndAuditAlarmByHandle( |
|
2520 /*IN*/ PUNICODE_STRING SubsystemName, |
|
2521 /*IN*/ PVOID HandleId, |
|
2522 /*IN*/ HANDLE TokenHandle, |
|
2523 /*IN*/ PUNICODE_STRING ObjectTypeName, |
|
2524 /*IN*/ PUNICODE_STRING ObjectName, |
|
2525 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, |
|
2526 /*IN*/ PSID PrincipalSelfSid, |
|
2527 /*IN*/ ACCESS_MASK DesiredAccess, |
|
2528 /*IN*/ AUDIT_EVENT_TYPE AuditType, |
|
2529 /*IN*/ ULONG Flags, |
|
2530 /*IN*/ POBJECT_TYPE_LIST ObjectTypeList, |
|
2531 /*IN*/ ULONG ObjectTypeListLength, |
|
2532 /*IN*/ PGENERIC_MAPPING GenericMapping, |
|
2533 /*IN*/ BOOLEAN ObjectCreation, |
|
2534 /*OUT*/ PACCESS_MASK GrantedAccessList, |
|
2535 /*OUT*/ PULONG AccessStatusList, |
|
2536 /*OUT*/ PULONG GenerateOnClose); |
|
2537 |
|
2538 NTOSAPI |
|
2539 NTSTATUS |
|
2540 NTAPI |
|
2541 ZwOpenObjectAuditAlarm( |
|
2542 /*IN*/ PUNICODE_STRING SubsystemName, |
|
2543 /*IN*/ PVOID *HandleId, |
|
2544 /*IN*/ PUNICODE_STRING ObjectTypeName, |
|
2545 /*IN*/ PUNICODE_STRING ObjectName, |
|
2546 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, |
|
2547 /*IN*/ HANDLE TokenHandle, |
|
2548 /*IN*/ ACCESS_MASK DesiredAccess, |
|
2549 /*IN*/ ACCESS_MASK GrantedAccess, |
|
2550 /*IN*/ PPRIVILEGE_SET Privileges /*OPTIONAL*/, |
|
2551 /*IN*/ BOOLEAN ObjectCreation, |
|
2552 /*IN*/ BOOLEAN AccessGranted, |
|
2553 /*OUT*/ PBOOLEAN GenerateOnClose); |
|
2554 |
|
2555 NTOSAPI |
|
2556 NTSTATUS |
|
2557 NTAPI |
|
2558 ZwCloseObjectAuditAlarm( |
|
2559 /*IN*/ PUNICODE_STRING SubsystemName, |
|
2560 /*IN*/ PVOID HandleId, |
|
2561 /*IN*/ BOOLEAN GenerateOnClose); |
|
2562 |
|
2563 NTOSAPI |
|
2564 NTSTATUS |
|
2565 NTAPI |
|
2566 ZwDeleteObjectAuditAlarm( |
|
2567 /*IN*/ PUNICODE_STRING SubsystemName, |
|
2568 /*IN*/ PVOID HandleId, |
|
2569 /*IN*/ BOOLEAN GenerateOnClose); |
|
2570 |
|
2571 |
|
2572 |
|
2573 |
|
2574 /* Plug and play and power management */ |
|
2575 |
|
2576 NTOSAPI |
|
2577 NTSTATUS |
|
2578 NTAPI |
|
2579 ZwRequestWakeupLatency( |
|
2580 /*IN*/ LATENCY_TIME Latency); |
|
2581 |
|
2582 NTOSAPI |
|
2583 NTSTATUS |
|
2584 NTAPI |
|
2585 ZwRequestDeviceWakeup( |
|
2586 /*IN*/ HANDLE DeviceHandle); |
|
2587 |
|
2588 NTOSAPI |
|
2589 NTSTATUS |
|
2590 NTAPI |
|
2591 ZwCancelDeviceWakeupRequest( |
|
2592 /*IN*/ HANDLE DeviceHandle); |
|
2593 |
|
2594 NTOSAPI |
|
2595 BOOLEAN |
|
2596 NTAPI |
|
2597 ZwIsSystemResumeAutomatic( |
|
2598 VOID); |
|
2599 |
|
2600 NTOSAPI |
|
2601 NTSTATUS |
|
2602 NTAPI |
|
2603 ZwSetThreadExecutionState( |
|
2604 /*IN*/ EXECUTION_STATE ExecutionState, |
|
2605 /*OUT*/ PEXECUTION_STATE PreviousExecutionState); |
|
2606 |
|
2607 NTOSAPI |
|
2608 NTSTATUS |
|
2609 NTAPI |
|
2610 ZwGetDevicePowerState( |
|
2611 /*IN*/ HANDLE DeviceHandle, |
|
2612 /*OUT*/ PDEVICE_POWER_STATE DevicePowerState); |
|
2613 |
|
2614 NTOSAPI |
|
2615 NTSTATUS |
|
2616 NTAPI |
|
2617 ZwSetSystemPowerState( |
|
2618 /*IN*/ POWER_ACTION SystemAction, |
|
2619 /*IN*/ SYSTEM_POWER_STATE MinSystemState, |
|
2620 /*IN*/ ULONG Flags); |
|
2621 |
|
2622 NTOSAPI |
|
2623 NTSTATUS |
|
2624 NTAPI |
|
2625 ZwInitiatePowerAction( |
|
2626 /*IN*/ POWER_ACTION SystemAction, |
|
2627 /*IN*/ SYSTEM_POWER_STATE MinSystemState, |
|
2628 /*IN*/ ULONG Flags, |
|
2629 /*IN*/ BOOLEAN Asynchronous); |
|
2630 |
|
2631 NTOSAPI |
|
2632 NTSTATUS |
|
2633 NTAPI |
|
2634 ZwPowerInformation( |
|
2635 /*IN*/ POWER_INFORMATION_LEVEL PowerInformationLevel, |
|
2636 /*IN*/ PVOID InputBuffer /*OPTIONAL*/, |
|
2637 /*IN*/ ULONG InputBufferLength, |
|
2638 /*OUT*/ PVOID OutputBuffer /*OPTIONAL*/, |
|
2639 /*IN*/ ULONG OutputBufferLength); |
|
2640 |
|
2641 NTOSAPI |
|
2642 NTSTATUS |
|
2643 NTAPI |
|
2644 ZwPlugPlayControl( |
|
2645 /*IN*/ ULONG ControlCode, |
|
2646 /*IN OUT*/ PVOID Buffer, |
|
2647 /*IN*/ ULONG BufferLength); |
|
2648 |
|
2649 NTOSAPI |
|
2650 NTSTATUS |
|
2651 NTAPI |
|
2652 ZwGetPlugPlayEvent( |
|
2653 /*IN*/ ULONG Reserved1, |
|
2654 /*IN*/ ULONG Reserved2, |
|
2655 /*OUT*/ PVOID Buffer, |
|
2656 /*IN*/ ULONG BufferLength); |
|
2657 |
|
2658 |
|
2659 |
|
2660 |
|
2661 /* Miscellany */ |
|
2662 |
|
2663 NTOSAPI |
|
2664 NTSTATUS |
|
2665 NTAPI |
|
2666 ZwRaiseException( |
|
2667 /*IN*/ PEXCEPTION_RECORD ExceptionRecord, |
|
2668 /*IN*/ PCONTEXT Context, |
|
2669 /*IN*/ BOOLEAN SearchFrames); |
|
2670 |
|
2671 NTOSAPI |
|
2672 NTSTATUS |
|
2673 NTAPI |
|
2674 ZwContinue( |
|
2675 /*IN*/ PCONTEXT Context, |
|
2676 /*IN*/ BOOLEAN TestAlert); |
|
2677 |
|
2678 NTOSAPI |
|
2679 NTSTATUS |
|
2680 NTAPI |
|
2681 ZwW32Call( |
|
2682 /*IN*/ ULONG RoutineIndex, |
|
2683 /*IN*/ PVOID Argument, |
|
2684 /*IN*/ ULONG ArgumentLength, |
|
2685 /*OUT*/ PVOID *Result /*OPTIONAL*/, |
|
2686 /*OUT*/ PULONG ResultLength /*OPTIONAL*/); |
|
2687 |
|
2688 NTOSAPI |
|
2689 NTSTATUS |
|
2690 NTAPI |
|
2691 ZwSetLowWaitHighThread( |
|
2692 VOID); |
|
2693 |
|
2694 NTOSAPI |
|
2695 NTSTATUS |
|
2696 NTAPI |
|
2697 ZwSetHighWaitLowThread( |
|
2698 VOID); |
|
2699 |
|
2700 NTOSAPI |
|
2701 NTSTATUS |
|
2702 NTAPI |
|
2703 ZwLoadDriver( |
|
2704 /*IN*/ PUNICODE_STRING DriverServiceName); |
|
2705 |
|
2706 NTOSAPI |
|
2707 NTSTATUS |
|
2708 NTAPI |
|
2709 ZwUnloadDriver( |
|
2710 /*IN*/ PUNICODE_STRING DriverServiceName); |
|
2711 |
|
2712 NTOSAPI |
|
2713 NTSTATUS |
|
2714 NTAPI |
|
2715 ZwFlushInstructionCache( |
|
2716 /*IN*/ HANDLE ProcessHandle, |
|
2717 /*IN*/ PVOID BaseAddress /*OPTIONAL*/, |
|
2718 /*IN*/ ULONG FlushSize); |
|
2719 |
|
2720 NTOSAPI |
|
2721 NTSTATUS |
|
2722 NTAPI |
|
2723 ZwFlushWriteBuffer( |
|
2724 VOID); |
|
2725 |
|
2726 NTOSAPI |
|
2727 NTSTATUS |
|
2728 NTAPI |
|
2729 ZwQueryDefaultLocale( |
|
2730 /*IN*/ BOOLEAN ThreadOrSystem, |
|
2731 /*OUT*/ PLCID Locale); |
|
2732 |
|
2733 NTOSAPI |
|
2734 NTSTATUS |
|
2735 NTAPI |
|
2736 ZwSetDefaultLocale( |
|
2737 /*IN*/ BOOLEAN ThreadOrSystem, |
|
2738 /*IN*/ LCID Locale); |
|
2739 |
|
2740 NTOSAPI |
|
2741 NTSTATUS |
|
2742 NTAPI |
|
2743 ZwQueryDefaultUILanguage( |
|
2744 /*OUT*/ PLANGID LanguageId); |
|
2745 |
|
2746 NTOSAPI |
|
2747 NTSTATUS |
|
2748 NTAPI |
|
2749 ZwSetDefaultUILanguage( |
|
2750 /*IN*/ LANGID LanguageId); |
|
2751 |
|
2752 NTOSAPI |
|
2753 NTSTATUS |
|
2754 NTAPI |
|
2755 ZwQueryInstallUILanguage( |
|
2756 /*OUT*/ PLANGID LanguageId); |
|
2757 |
|
2758 NTOSAPI |
|
2759 NTSTATUS |
|
2760 NTAPI |
|
2761 NtAllocateLocallyUniqueId( |
|
2762 /*OUT*/ PLUID Luid); |
|
2763 |
|
2764 NTOSAPI |
|
2765 NTSTATUS |
|
2766 NTAPI |
|
2767 NtAllocateUuids( |
|
2768 /*OUT*/ PLARGE_INTEGER UuidLastTimeAllocated, |
|
2769 /*OUT*/ PULONG UuidDeltaTime, |
|
2770 /*OUT*/ PULONG UuidSequenceNumber, |
|
2771 /*OUT*/ PUCHAR UuidSeed); |
|
2772 |
|
2773 NTOSAPI |
|
2774 NTSTATUS |
|
2775 NTAPI |
|
2776 ZwSetUuidSeed( |
|
2777 /*IN*/ PUCHAR UuidSeed); |
|
2778 |
|
2779 typedef enum _HARDERROR_RESPONSE_OPTION { |
|
2780 OptionAbortRetryIgnore, |
|
2781 OptionOk, |
|
2782 OptionOkCancel, |
|
2783 OptionRetryCancel, |
|
2784 OptionYesNo, |
|
2785 OptionYesNoCancel, |
|
2786 OptionShutdownSystem |
|
2787 } HARDERROR_RESPONSE_OPTION, *PHARDERROR_RESPONSE_OPTION; |
|
2788 |
|
2789 typedef enum _HARDERROR_RESPONSE { |
|
2790 ResponseReturnToCaller, |
|
2791 ResponseNotHandled, |
|
2792 ResponseAbort, |
|
2793 ResponseCancel, |
|
2794 ResponseIgnore, |
|
2795 ResponseNo, |
|
2796 ResponseOk, |
|
2797 ResponseRetry, |
|
2798 ResponseYes |
|
2799 } HARDERROR_RESPONSE, *PHARDERROR_RESPONSE; |
|
2800 |
|
2801 NTOSAPI |
|
2802 NTSTATUS |
|
2803 NTAPI |
|
2804 ZwRaiseHardError( |
|
2805 /*IN*/ NTSTATUS Status, |
|
2806 /*IN*/ ULONG NumberOfArguments, |
|
2807 /*IN*/ ULONG StringArgumentsMask, |
|
2808 /*IN*/ PULONG Arguments, |
|
2809 /*IN*/ HARDERROR_RESPONSE_OPTION ResponseOption, |
|
2810 /*OUT*/ PHARDERROR_RESPONSE Response); |
|
2811 |
|
2812 NTOSAPI |
|
2813 NTSTATUS |
|
2814 NTAPI |
|
2815 ZwSetDefaultHardErrorPort( |
|
2816 /*IN*/ HANDLE PortHandle); |
|
2817 |
|
2818 NTOSAPI |
|
2819 NTSTATUS |
|
2820 NTAPI |
|
2821 ZwDisplayString( |
|
2822 /*IN*/ PUNICODE_STRING String); |
|
2823 |
|
2824 NTOSAPI |
|
2825 NTSTATUS |
|
2826 NTAPI |
|
2827 ZwCreatePagingFile( |
|
2828 /*IN*/ PUNICODE_STRING FileName, |
|
2829 /*IN*/ PULARGE_INTEGER InitialSize, |
|
2830 /*IN*/ PULARGE_INTEGER MaximumSize, |
|
2831 /*IN*/ ULONG Reserved); |
|
2832 |
|
2833 typedef USHORT RTL_ATOM, *PRTL_ATOM; |
|
2834 |
|
2835 NTOSAPI |
|
2836 NTSTATUS |
|
2837 NTAPI |
|
2838 NtAddAtom( |
|
2839 /*IN*/ PWSTR AtomName, |
|
2840 /*IN*/ ULONG AtomNameLength, |
|
2841 /*OUT*/ PRTL_ATOM Atom); |
|
2842 |
|
2843 NTOSAPI |
|
2844 NTSTATUS |
|
2845 NTAPI |
|
2846 NtFindAtom( |
|
2847 /*IN*/ PWSTR AtomName, |
|
2848 /*IN*/ ULONG AtomNameLength, |
|
2849 /*OUT*/ PRTL_ATOM Atom); |
|
2850 |
|
2851 NTOSAPI |
|
2852 NTSTATUS |
|
2853 NTAPI |
|
2854 NtDeleteAtom( |
|
2855 /*IN*/ RTL_ATOM Atom); |
|
2856 |
|
2857 typedef enum _ATOM_INFORMATION_CLASS { |
|
2858 AtomBasicInformation, |
|
2859 AtomListInformation |
|
2860 } ATOM_INFORMATION_CLASS; |
|
2861 |
|
2862 NTOSAPI |
|
2863 NTSTATUS |
|
2864 NTAPI |
|
2865 NtQueryInformationAtom( |
|
2866 /*IN*/ RTL_ATOM Atom, |
|
2867 /*IN*/ ATOM_INFORMATION_CLASS AtomInformationClass, |
|
2868 /*OUT*/ PVOID AtomInformation, |
|
2869 /*IN*/ ULONG AtomInformationLength, |
|
2870 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); |
|
2871 |
|
2872 typedef struct _ATOM_BASIC_INFORMATION { |
|
2873 USHORT ReferenceCount; |
|
2874 USHORT Pinned; |
|
2875 USHORT NameLength; |
|
2876 WCHAR Name[1]; |
|
2877 } ATOM_BASIC_INFORMATION, *PATOM_BASIC_INFORMATION; |
|
2878 |
|
2879 typedef struct _ATOM_LIST_INFORMATION { |
|
2880 ULONG NumberOfAtoms; |
|
2881 ATOM Atoms[1]; |
|
2882 } ATOM_LIST_INFORMATION, *PATOM_LIST_INFORMATION; |
|
2883 |
|
2884 NTOSAPI |
|
2885 NTSTATUS |
|
2886 NTAPI |
|
2887 ZwSetLdtEntries( |
|
2888 /*IN*/ ULONG Selector1, |
|
2889 /*IN*/ LDT_ENTRY LdtEntry1, |
|
2890 /*IN*/ ULONG Selector2, |
|
2891 /*IN*/ LDT_ENTRY LdtEntry2); |
|
2892 |
|
2893 NTOSAPI |
|
2894 NTSTATUS |
|
2895 NTAPI |
|
2896 NtVdmControl( |
|
2897 /*IN*/ ULONG ControlCode, |
|
2898 /*IN*/ PVOID ControlData); |
|
2899 |
|
2900 #pragma pack(pop) |
|
2901 |
|
2902 #ifdef __cplusplus |
|
2903 } |
|
2904 #endif |
|
2905 |
|
2906 #endif /* __NTAPI_H */ |