diff -r 000000000000 -r 76b1f169d9fe mingw-5.1.4/win32/include/ddk/ntapi.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mingw-5.1.4/win32/include/ddk/ntapi.h Fri Apr 03 17:16:45 2009 +0100 @@ -0,0 +1,2906 @@ +/* + * ntapi.h + * + * Windows NT Native API + * + * Most structures in this file is obtained from Windows NT/2000 Native API + * Reference by Gary Nebbett, ISBN 1578701996. + * + * This file is part of the w32api package. + * + * Contributors: + * Created by Casper S. Hornstrup + * + * THIS SOFTWARE IS NOT COPYRIGHTED + * + * This source code is offered for use in the public domain. You may + * use, modify or distribute it freely. + * + * This code is distributed in the hope that it will be useful but + * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY + * DISCLAIMED. This includes but is not limited to warranties of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * + */ + +#ifndef __NTAPI_H +#define __NTAPI_H + +#if __GNUC__ >= 3 +#pragma GCC system_header +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +#include +#include +#include "ntddk.h" +#include "ntpoapi.h" + +#pragma pack(push,4) + +typedef struct _PEB *PPEB; + +/* FIXME: Unknown definitions */ +typedef PVOID POBJECT_TYPE_LIST; +typedef PVOID PEXECUTION_STATE; +typedef PVOID PLANGID; + +#ifndef NtCurrentProcess +#define NtCurrentProcess() ((HANDLE)0xFFFFFFFF) +#endif /* NtCurrentProcess */ +#ifndef NtCurrentThread +#define NtCurrentThread() ((HANDLE)0xFFFFFFFE) +#endif /* NtCurrentThread */ + +/* System information and control */ + +typedef enum _SYSTEM_INFORMATION_CLASS { + SystemInformationClassMin = 0, + SystemBasicInformation = 0, + SystemProcessorInformation = 1, + SystemPerformanceInformation = 2, + SystemTimeOfDayInformation = 3, + SystemPathInformation = 4, + SystemNotImplemented1 = 4, + SystemProcessInformation = 5, + SystemProcessesAndThreadsInformation = 5, + SystemCallCountInfoInformation = 6, + SystemCallCounts = 6, + SystemDeviceInformation = 7, + SystemConfigurationInformation = 7, + SystemProcessorPerformanceInformation = 8, + SystemProcessorTimes = 8, + SystemFlagsInformation = 9, + SystemGlobalFlag = 9, + SystemCallTimeInformation = 10, + SystemNotImplemented2 = 10, + SystemModuleInformation = 11, + SystemLocksInformation = 12, + SystemLockInformation = 12, + SystemStackTraceInformation = 13, + SystemNotImplemented3 = 13, + SystemPagedPoolInformation = 14, + SystemNotImplemented4 = 14, + SystemNonPagedPoolInformation = 15, + SystemNotImplemented5 = 15, + SystemHandleInformation = 16, + SystemObjectInformation = 17, + SystemPageFileInformation = 18, + SystemPagefileInformation = 18, + SystemVdmInstemulInformation = 19, + SystemInstructionEmulationCounts = 19, + SystemVdmBopInformation = 20, + SystemInvalidInfoClass1 = 20, + SystemFileCacheInformation = 21, + SystemCacheInformation = 21, + SystemPoolTagInformation = 22, + SystemInterruptInformation = 23, + SystemProcessorStatistics = 23, + SystemDpcBehaviourInformation = 24, + SystemDpcInformation = 24, + SystemFullMemoryInformation = 25, + SystemNotImplemented6 = 25, + SystemLoadImage = 26, + SystemUnloadImage = 27, + SystemTimeAdjustmentInformation = 28, + SystemTimeAdjustment = 28, + SystemSummaryMemoryInformation = 29, + SystemNotImplemented7 = 29, + SystemNextEventIdInformation = 30, + SystemNotImplemented8 = 30, + SystemEventIdsInformation = 31, + SystemNotImplemented9 = 31, + SystemCrashDumpInformation = 32, + SystemExceptionInformation = 33, + SystemCrashDumpStateInformation = 34, + SystemKernelDebuggerInformation = 35, + SystemContextSwitchInformation = 36, + SystemRegistryQuotaInformation = 37, + SystemLoadAndCallImage = 38, + SystemPrioritySeparation = 39, + SystemPlugPlayBusInformation = 40, + SystemNotImplemented10 = 40, + SystemDockInformation = 41, + SystemNotImplemented11 = 41, + /* SystemPowerInformation = 42, Conflicts with POWER_INFORMATION_LEVEL 1 */ + SystemInvalidInfoClass2 = 42, + SystemProcessorSpeedInformation = 43, + SystemInvalidInfoClass3 = 43, + SystemCurrentTimeZoneInformation = 44, + SystemTimeZoneInformation = 44, + SystemLookasideInformation = 45, + SystemSetTimeSlipEvent = 46, + SystemCreateSession = 47, + SystemDeleteSession = 48, + SystemInvalidInfoClass4 = 49, + SystemRangeStartInformation = 50, + SystemVerifierInformation = 51, + SystemAddVerifier = 52, + SystemSessionProcessesInformation = 53, + SystemInformationClassMax +} SYSTEM_INFORMATION_CLASS; + +typedef struct _SYSTEM_BASIC_INFORMATION { + ULONG Unknown; + ULONG MaximumIncrement; + ULONG PhysicalPageSize; + ULONG NumberOfPhysicalPages; + ULONG LowestPhysicalPage; + ULONG HighestPhysicalPage; + ULONG AllocationGranularity; + ULONG LowestUserAddress; + ULONG HighestUserAddress; + ULONG ActiveProcessors; + UCHAR NumberProcessors; +} SYSTEM_BASIC_INFORMATION, *PSYSTEM_BASIC_INFORMATION; + +typedef struct _SYSTEM_PROCESSOR_INFORMATION { + USHORT ProcessorArchitecture; + USHORT ProcessorLevel; + USHORT ProcessorRevision; + USHORT Unknown; + ULONG FeatureBits; +} SYSTEM_PROCESSOR_INFORMATION, *PSYSTEM_PROCESSOR_INFORMATION; + +typedef struct _SYSTEM_PERFORMANCE_INFORMATION { + LARGE_INTEGER IdleTime; + LARGE_INTEGER ReadTransferCount; + LARGE_INTEGER WriteTransferCount; + LARGE_INTEGER OtherTransferCount; + ULONG ReadOperationCount; + ULONG WriteOperationCount; + ULONG OtherOperationCount; + ULONG AvailablePages; + ULONG TotalCommittedPages; + ULONG TotalCommitLimit; + ULONG PeakCommitment; + ULONG PageFaults; + ULONG WriteCopyFaults; + ULONG TransitionFaults; + ULONG CacheTransitionFaults; + ULONG DemandZeroFaults; + ULONG PagesRead; + ULONG PageReadIos; + ULONG CacheReads; + ULONG CacheIos; + ULONG PagefilePagesWritten; + ULONG PagefilePageWriteIos; + ULONG MappedFilePagesWritten; + ULONG MappedFilePageWriteIos; + ULONG PagedPoolUsage; + ULONG NonPagedPoolUsage; + ULONG PagedPoolAllocs; + ULONG PagedPoolFrees; + ULONG NonPagedPoolAllocs; + ULONG NonPagedPoolFrees; + ULONG TotalFreeSystemPtes; + ULONG SystemCodePage; + ULONG TotalSystemDriverPages; + ULONG TotalSystemCodePages; + ULONG SmallNonPagedLookasideListAllocateHits; + ULONG SmallPagedLookasideListAllocateHits; + ULONG Reserved3; + ULONG MmSystemCachePage; + ULONG PagedPoolPage; + ULONG SystemDriverPage; + ULONG FastReadNoWait; + ULONG FastReadWait; + ULONG FastReadResourceMiss; + ULONG FastReadNotPossible; + ULONG FastMdlReadNoWait; + ULONG FastMdlReadWait; + ULONG FastMdlReadResourceMiss; + ULONG FastMdlReadNotPossible; + ULONG MapDataNoWait; + ULONG MapDataWait; + ULONG MapDataNoWaitMiss; + ULONG MapDataWaitMiss; + ULONG PinMappedDataCount; + ULONG PinReadNoWait; + ULONG PinReadWait; + ULONG PinReadNoWaitMiss; + ULONG PinReadWaitMiss; + ULONG CopyReadNoWait; + ULONG CopyReadWait; + ULONG CopyReadNoWaitMiss; + ULONG CopyReadWaitMiss; + ULONG MdlReadNoWait; + ULONG MdlReadWait; + ULONG MdlReadNoWaitMiss; + ULONG MdlReadWaitMiss; + ULONG ReadAheadIos; + ULONG LazyWriteIos; + ULONG LazyWritePages; + ULONG DataFlushes; + ULONG DataPages; + ULONG ContextSwitches; + ULONG FirstLevelTbFills; + ULONG SecondLevelTbFills; + ULONG SystemCalls; +} SYSTEM_PERFORMANCE_INFORMATION, *PSYSTEM_PERFORMANCE_INFORMATION; + +typedef struct _SYSTEM_TIME_OF_DAY_INFORMATION { + LARGE_INTEGER BootTime; + LARGE_INTEGER CurrentTime; + LARGE_INTEGER TimeZoneBias; + ULONG CurrentTimeZoneId; +} SYSTEM_TIME_OF_DAY_INFORMATION, *PSYSTEM_TIME_OF_DAY_INFORMATION; + +typedef struct _VM_COUNTERS { + ULONG PeakVirtualSize; + ULONG VirtualSize; + ULONG PageFaultCount; + ULONG PeakWorkingSetSize; + ULONG WorkingSetSize; + ULONG QuotaPeakPagedPoolUsage; + ULONG QuotaPagedPoolUsage; + ULONG QuotaPeakNonPagedPoolUsage; + ULONG QuotaNonPagedPoolUsage; + ULONG PagefileUsage; + ULONG PeakPagefileUsage; +} VM_COUNTERS; + +typedef enum _THREAD_STATE { + StateInitialized, + StateReady, + StateRunning, + StateStandby, + StateTerminated, + StateWait, + StateTransition, + StateUnknown +} THREAD_STATE; + +typedef struct _SYSTEM_THREADS { + LARGE_INTEGER KernelTime; + LARGE_INTEGER UserTime; + LARGE_INTEGER CreateTime; + ULONG WaitTime; + PVOID StartAddress; + CLIENT_ID ClientId; + KPRIORITY Priority; + KPRIORITY BasePriority; + ULONG ContextSwitchCount; + THREAD_STATE State; + KWAIT_REASON WaitReason; +} SYSTEM_THREADS, *PSYSTEM_THREADS; + +typedef struct _SYSTEM_PROCESSES { + ULONG NextEntryDelta; + ULONG ThreadCount; + ULONG Reserved1[6]; + LARGE_INTEGER CreateTime; + LARGE_INTEGER UserTime; + LARGE_INTEGER KernelTime; + UNICODE_STRING ProcessName; + KPRIORITY BasePriority; + ULONG ProcessId; + ULONG InheritedFromProcessId; + ULONG HandleCount; + ULONG Reserved2[2]; + VM_COUNTERS VmCounters; + IO_COUNTERS IoCounters; + SYSTEM_THREADS Threads[1]; +} SYSTEM_PROCESSES, *PSYSTEM_PROCESSES; + +typedef struct _SYSTEM_CALLS_INFORMATION { + ULONG Size; + ULONG NumberOfDescriptorTables; + ULONG NumberOfRoutinesInTable[1]; + ULONG CallCounts[ANYSIZE_ARRAY]; +} SYSTEM_CALLS_INFORMATION, *PSYSTEM_CALLS_INFORMATION; + +typedef struct _SYSTEM_CONFIGURATION_INFORMATION { + ULONG DiskCount; + ULONG FloppyCount; + ULONG CdRomCount; + ULONG TapeCount; + ULONG SerialCount; + ULONG ParallelCount; +} SYSTEM_CONFIGURATION_INFORMATION, *PSYSTEM_CONFIGURATION_INFORMATION; + +typedef struct _SYSTEM_PROCESSOR_TIMES { + LARGE_INTEGER IdleTime; + LARGE_INTEGER KernelTime; + LARGE_INTEGER UserTime; + LARGE_INTEGER DpcTime; + LARGE_INTEGER InterruptTime; + ULONG InterruptCount; +} SYSTEM_PROCESSOR_TIMES, *PSYSTEM_PROCESSOR_TIMES; + +/* SYSTEM_GLOBAL_FLAG.GlobalFlag constants */ +#define FLG_STOP_ON_EXCEPTION 0x00000001 +#define FLG_SHOW_LDR_SNAPS 0x00000002 +#define FLG_DEBUG_INITIAL_COMMAND 0x00000004 +#define FLG_STOP_ON_HUNG_GUI 0x00000008 +#define FLG_HEAP_ENABLE_TAIL_CHECK 0x00000010 +#define FLG_HEAP_ENABLE_FREE_CHECK 0x00000020 +#define FLG_HEAP_VALIDATE_PARAMETERS 0x00000040 +#define FLG_HEAP_VALIDATE_ALL 0x00000080 +#define FLG_POOL_ENABLE_TAIL_CHECK 0x00000100 +#define FLG_POOL_ENABLE_FREE_CHECK 0x00000200 +#define FLG_POOL_ENABLE_TAGGING 0x00000400 +#define FLG_HEAP_ENABLE_TAGGING 0x00000800 +#define FLG_USER_STACK_TRACE_DB 0x00001000 +#define FLG_KERNEL_STACK_TRACE_DB 0x00002000 +#define FLG_MAINTAIN_OBJECT_TYPELIST 0x00004000 +#define FLG_HEAP_ENABLE_TAG_BY_DLL 0x00008000 +#define FLG_IGNORE_DEBUG_PRIV 0x00010000 +#define FLG_ENABLE_CSRDEBUG 0x00020000 +#define FLG_ENABLE_KDEBUG_SYMBOL_LOAD 0x00040000 +#define FLG_DISABLE_PAGE_KERNEL_STACKS 0x00080000 +#define FLG_HEAP_ENABLE_CALL_TRACING 0x00100000 +#define FLG_HEAP_DISABLE_COALESCING 0x00200000 +#define FLG_ENABLE_CLOSE_EXCEPTIONS 0x00400000 +#define FLG_ENABLE_EXCEPTION_LOGGING 0x00800000 +#define FLG_ENABLE_DBGPRINT_BUFFERING 0x08000000 + +typedef struct _SYSTEM_GLOBAL_FLAG { + ULONG GlobalFlag; +} SYSTEM_GLOBAL_FLAG, *PSYSTEM_GLOBAL_FLAG; + +typedef struct _SYSTEM_MODULE_INFORMATION_ENTRY { + ULONG Unknown1; + ULONG Unknown2; + PVOID Base; + ULONG Size; + ULONG Flags; + USHORT Index; + /* Length of module name not including the path, this + field contains valid value only for NTOSKRNL module */ + USHORT NameLength; + USHORT LoadCount; + USHORT PathLength; + CHAR ImageName[256]; +} SYSTEM_MODULE_INFORMATION_ENTRY, *PSYSTEM_MODULE_INFORMATION_ENTRY; + +typedef struct _SYSTEM_MODULE_INFORMATION { + ULONG Count; + SYSTEM_MODULE_INFORMATION_ENTRY Module[1]; +} SYSTEM_MODULE_INFORMATION, *PSYSTEM_MODULE_INFORMATION; + +typedef struct _SYSTEM_LOCK_INFORMATION { + PVOID Address; + USHORT Type; + USHORT Reserved1; + ULONG ExclusiveOwnerThreadId; + ULONG ActiveCount; + ULONG ContentionCount; + ULONG Reserved2[2]; + ULONG NumberOfSharedWaiters; + ULONG NumberOfExclusiveWaiters; +} SYSTEM_LOCK_INFORMATION, *PSYSTEM_LOCK_INFORMATION; + +/*SYSTEM_HANDLE_INFORMATION.Flags cosntants */ +#define PROTECT_FROM_CLOSE 0x01 +#define INHERIT 0x02 + +typedef struct _SYSTEM_HANDLE_INFORMATION { + ULONG ProcessId; + UCHAR ObjectTypeNumber; + UCHAR Flags; + USHORT Handle; + PVOID Object; + ACCESS_MASK GrantedAccess; +} SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION; + +typedef struct _SYSTEM_OBJECT_TYPE_INFORMATION { + ULONG NextEntryOffset; + ULONG ObjectCount; + ULONG HandleCount; + ULONG TypeNumber; + ULONG InvalidAttributes; + GENERIC_MAPPING GenericMapping; + ACCESS_MASK ValidAccessMask; + POOL_TYPE PoolType; + UCHAR Unknown; + UNICODE_STRING Name; +} SYSTEM_OBJECT_TYPE_INFORMATION, *PSYSTEM_OBJECT_TYPE_INFORMATION; + +/* SYSTEM_OBJECT_INFORMATION.Flags constants */ +#define FLG_SYSOBJINFO_SINGLE_HANDLE_ENTRY 0x40 +#define FLG_SYSOBJINFO_DEFAULT_SECURITY_QUOTA 0x20 +#define FLG_SYSOBJINFO_PERMANENT 0x10 +#define FLG_SYSOBJINFO_EXCLUSIVE 0x08 +#define FLG_SYSOBJINFO_CREATOR_INFO 0x04 +#define FLG_SYSOBJINFO_KERNEL_MODE 0x02 + +typedef struct _SYSTEM_OBJECT_INFORMATION { + ULONG NextEntryOffset; + PVOID Object; + ULONG CreatorProcessId; + USHORT Unknown; + USHORT Flags; + ULONG PointerCount; + ULONG HandleCount; + ULONG PagedPoolUsage; + ULONG NonPagedPoolUsage; + ULONG ExclusiveProcessId; + PSECURITY_DESCRIPTOR SecurityDescriptor; + UNICODE_STRING Name; +} SYSTEM_OBJECT_INFORMATION, *PSYSTEM_OBJECT_INFORMATION; + +typedef struct _SYSTEM_PAGEFILE_INFORMATION { + ULONG NextEntryOffset; + ULONG CurrentSize; + ULONG TotalUsed; + ULONG PeakUsed; + UNICODE_STRING FileName; +} SYSTEM_PAGEFILE_INFORMATION, *PSYSTEM_PAGEFILE_INFORMATION; + +typedef struct _SYSTEM_INSTRUCTION_EMULATION_INFORMATION { + ULONG SegmentNotPresent; + ULONG TwoByteOpcode; + ULONG ESprefix; + ULONG CSprefix; + ULONG SSprefix; + ULONG DSprefix; + ULONG FSPrefix; + ULONG GSprefix; + ULONG OPER32prefix; + ULONG ADDR32prefix; + ULONG INSB; + ULONG INSW; + ULONG OUTSB; + ULONG OUTSW; + ULONG PUSHFD; + ULONG POPFD; + ULONG INTnn; + ULONG INTO; + ULONG IRETD; + ULONG INBimm; + ULONG INWimm; + ULONG OUTBimm; + ULONG OUTWimm; + ULONG INB; + ULONG INW; + ULONG OUTB; + ULONG OUTW; + ULONG LOCKprefix; + ULONG REPNEprefix; + ULONG REPprefix; + ULONG HLT; + ULONG CLI; + ULONG STI; + ULONG GenericInvalidOpcode; +} SYSTEM_INSTRUCTION_EMULATION_INFORMATION, *PSYSTEM_INSTRUCTION_EMULATION_INFORMATION; + +typedef struct _SYSTEM_POOL_TAG_INFORMATION { + CHAR Tag[4]; + ULONG PagedPoolAllocs; + ULONG PagedPoolFrees; + ULONG PagedPoolUsage; + ULONG NonPagedPoolAllocs; + ULONG NonPagedPoolFrees; + ULONG NonPagedPoolUsage; +} SYSTEM_POOL_TAG_INFORMATION, *PSYSTEM_POOL_TAG_INFORMATION; + +typedef struct _SYSTEM_PROCESSOR_STATISTICS { + ULONG ContextSwitches; + ULONG DpcCount; + ULONG DpcRequestRate; + ULONG TimeIncrement; + ULONG DpcBypassCount; + ULONG ApcBypassCount; +} SYSTEM_PROCESSOR_STATISTICS, *PSYSTEM_PROCESSOR_STATISTICS; + +typedef struct _SYSTEM_DPC_INFORMATION { + ULONG Reserved; + ULONG MaximumDpcQueueDepth; + ULONG MinimumDpcRate; + ULONG AdjustDpcThreshold; + ULONG IdealDpcRate; +} SYSTEM_DPC_INFORMATION, *PSYSTEM_DPC_INFORMATION; + +typedef struct _SYSTEM_LOAD_IMAGE { + UNICODE_STRING ModuleName; + PVOID ModuleBase; + PVOID SectionPointer; + PVOID EntryPoint; + PVOID ExportDirectory; +} SYSTEM_LOAD_IMAGE, *PSYSTEM_LOAD_IMAGE; + +typedef struct _SYSTEM_UNLOAD_IMAGE { + PVOID ModuleBase; +} SYSTEM_UNLOAD_IMAGE, *PSYSTEM_UNLOAD_IMAGE; + +typedef struct _SYSTEM_QUERY_TIME_ADJUSTMENT { + ULONG TimeAdjustment; + ULONG MaximumIncrement; + BOOLEAN TimeSynchronization; +} SYSTEM_QUERY_TIME_ADJUSTMENT, *PSYSTEM_QUERY_TIME_ADJUSTMENT; + +typedef struct _SYSTEM_SET_TIME_ADJUSTMENT { + ULONG TimeAdjustment; + BOOLEAN TimeSynchronization; +} SYSTEM_SET_TIME_ADJUSTMENT, *PSYSTEM_SET_TIME_ADJUSTMENT; + +typedef struct _SYSTEM_CRASH_DUMP_INFORMATION { + HANDLE CrashDumpSectionHandle; + HANDLE Unknown; +} SYSTEM_CRASH_DUMP_INFORMATION, *PSYSTEM_CRASH_DUMP_INFORMATION; + +typedef struct _SYSTEM_EXCEPTION_INFORMATION { + ULONG AlignmentFixupCount; + ULONG ExceptionDispatchCount; + ULONG FloatingEmulationCount; + ULONG Reserved; +} SYSTEM_EXCEPTION_INFORMATION, *PSYSTEM_EXCEPTION_INFORMATION; + +typedef struct _SYSTEM_CRASH_DUMP_STATE_INFORMATION { + ULONG CrashDumpSectionExists; + ULONG Unknown; +} SYSTEM_CRASH_DUMP_STATE_INFORMATION, *PSYSTEM_CRASH_DUMP_STATE_INFORMATION; + +typedef struct _SYSTEM_KERNEL_DEBUGGER_INFORMATION { + BOOLEAN DebuggerEnabled; + BOOLEAN DebuggerNotPresent; +} SYSTEM_KERNEL_DEBUGGER_INFORMATION, *PSYSTEM_KERNEL_DEBUGGER_INFORMATION; + +typedef struct _SYSTEM_CONTEXT_SWITCH_INFORMATION { + ULONG ContextSwitches; + ULONG ContextSwitchCounters[11]; +} SYSTEM_CONTEXT_SWITCH_INFORMATION, *PSYSTEM_CONTEXT_SWITCH_INFORMATION; + +typedef struct _SYSTEM_REGISTRY_QUOTA_INFORMATION { + ULONG RegistryQuota; + ULONG RegistryQuotaInUse; + ULONG PagedPoolSize; +} SYSTEM_REGISTRY_QUOTA_INFORMATION, *PSYSTEM_REGISTRY_QUOTA_INFORMATION; + +typedef struct _SYSTEM_LOAD_AND_CALL_IMAGE { + UNICODE_STRING ModuleName; +} SYSTEM_LOAD_AND_CALL_IMAGE, *PSYSTEM_LOAD_AND_CALL_IMAGE; + +typedef struct _SYSTEM_PRIORITY_SEPARATION { + ULONG PrioritySeparation; +} SYSTEM_PRIORITY_SEPARATION, *PSYSTEM_PRIORITY_SEPARATION; + +typedef struct _SYSTEM_TIME_ZONE_INFORMATION { + LONG Bias; + WCHAR StandardName[32]; + LARGE_INTEGER StandardDate; + LONG StandardBias; + WCHAR DaylightName[32]; + LARGE_INTEGER DaylightDate; + LONG DaylightBias; +} SYSTEM_TIME_ZONE_INFORMATION, *PSYSTEM_TIME_ZONE_INFORMATION; + +typedef struct _SYSTEM_LOOKASIDE_INFORMATION { + USHORT Depth; + USHORT MaximumDepth; + ULONG TotalAllocates; + ULONG AllocateMisses; + ULONG TotalFrees; + ULONG FreeMisses; + POOL_TYPE Type; + ULONG Tag; + ULONG Size; +} SYSTEM_LOOKASIDE_INFORMATION, *PSYSTEM_LOOKASIDE_INFORMATION; + +typedef struct _SYSTEM_SET_TIME_SLIP_EVENT { + HANDLE TimeSlipEvent; +} SYSTEM_SET_TIME_SLIP_EVENT, *PSYSTEM_SET_TIME_SLIP_EVENT; + +typedef struct _SYSTEM_CREATE_SESSION { + ULONG SessionId; +} SYSTEM_CREATE_SESSION, *PSYSTEM_CREATE_SESSION; + +typedef struct _SYSTEM_DELETE_SESSION { + ULONG SessionId; +} SYSTEM_DELETE_SESSION, *PSYSTEM_DELETE_SESSION; + +typedef struct _SYSTEM_RANGE_START_INFORMATION { + PVOID SystemRangeStart; +} SYSTEM_RANGE_START_INFORMATION, *PSYSTEM_RANGE_START_INFORMATION; + +typedef struct _SYSTEM_SESSION_PROCESSES_INFORMATION { + ULONG SessionId; + ULONG BufferSize; + PVOID Buffer; +} SYSTEM_SESSION_PROCESSES_INFORMATION, *PSYSTEM_SESSION_PROCESSES_INFORMATION; + +typedef struct _SYSTEM_POOL_BLOCK { + BOOLEAN Allocated; + USHORT Unknown; + ULONG Size; + CHAR Tag[4]; +} SYSTEM_POOL_BLOCK, *PSYSTEM_POOL_BLOCK; + +typedef struct _SYSTEM_POOL_BLOCKS_INFORMATION { + ULONG PoolSize; + PVOID PoolBase; + USHORT Unknown; + ULONG NumberOfBlocks; + SYSTEM_POOL_BLOCK PoolBlocks[1]; +} SYSTEM_POOL_BLOCKS_INFORMATION, *PSYSTEM_POOL_BLOCKS_INFORMATION; + +typedef struct _SYSTEM_MEMORY_USAGE { + PVOID Name; + USHORT Valid; + USHORT Standby; + USHORT Modified; + USHORT PageTables; +} SYSTEM_MEMORY_USAGE, *PSYSTEM_MEMORY_USAGE; + +typedef struct _SYSTEM_MEMORY_USAGE_INFORMATION { + ULONG Reserved; + PVOID EndOfData; + SYSTEM_MEMORY_USAGE MemoryUsage[1]; +} SYSTEM_MEMORY_USAGE_INFORMATION, *PSYSTEM_MEMORY_USAGE_INFORMATION; + +NTOSAPI +NTSTATUS +NTAPI +NtQuerySystemInformation( + /*IN*/ SYSTEM_INFORMATION_CLASS SystemInformationClass, + /*IN OUT*/ PVOID SystemInformation, + /*IN*/ ULONG SystemInformationLength, + /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); + +NTOSAPI +NTSTATUS +NTAPI +ZwQuerySystemInformation( + /*IN*/ SYSTEM_INFORMATION_CLASS SystemInformationClass, + /*IN OUT*/ PVOID SystemInformation, + /*IN*/ ULONG SystemInformationLength, + /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); + +NTOSAPI +NTAPI +NTSTATUS +NtQueryFullAttributesFile( + /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, + /*OUT*/ PFILE_NETWORK_OPEN_INFORMATION FileInformation); + +NTOSAPI +NTAPI +NTSTATUS +ZwQueryFullAttributesFile( + /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, + /*OUT*/ PFILE_NETWORK_OPEN_INFORMATION FileInformation); + +NTOSAPI +NTSTATUS +NTAPI +ZwSetSystemInformation( + /*IN*/ SYSTEM_INFORMATION_CLASS SystemInformationClass, + /*IN OUT*/ PVOID SystemInformation, + /*IN*/ ULONG SystemInformationLength); + +NTOSAPI +NTSTATUS +NTAPI +ZwQuerySystemEnvironmentValue( + /*IN*/ PUNICODE_STRING Name, + /*OUT*/ PVOID Value, + /*IN*/ ULONG ValueLength, + /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); + +NTOSAPI +NTSTATUS +NTAPI +ZwSetSystemEnvironmentValue( + /*IN*/ PUNICODE_STRING Name, + /*IN*/ PUNICODE_STRING Value); + +typedef enum _SHUTDOWN_ACTION { + ShutdownNoReboot, + ShutdownReboot, + ShutdownPowerOff +} SHUTDOWN_ACTION; + +NTOSAPI +NTSTATUS +NTAPI +NtShutdownSystem( + /*IN*/ SHUTDOWN_ACTION Action); + +typedef enum _DEBUG_CONTROL_CODE { + DebugGetTraceInformation = 1, + DebugSetInternalBreakpoint, + DebugSetSpecialCall, + DebugClearSpecialCalls, + DebugQuerySpecialCalls, + DebugDbgBreakPoint, + DebugMaximum +} DEBUG_CONTROL_CODE; + + +NTOSAPI +NTSTATUS +NTAPI +ZwSystemDebugControl( + /*IN*/ DEBUG_CONTROL_CODE ControlCode, + /*IN*/ PVOID InputBuffer /*OPTIONAL*/, + /*IN*/ ULONG InputBufferLength, + /*OUT*/ PVOID OutputBuffer /*OPTIONAL*/, + /*IN*/ ULONG OutputBufferLength, + /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); + + + +/* Objects, Object directories, and symbolic links */ + +typedef enum _OBJECT_INFORMATION_CLASS { + ObjectBasicInformation, + ObjectNameInformation, + ObjectTypeInformation, + ObjectAllTypesInformation, + ObjectHandleInformation +} OBJECT_INFORMATION_CLASS; + +NTOSAPI +NTSTATUS +NTAPI +ZwQueryObject( + /*IN*/ HANDLE ObjectHandle, + /*IN*/ OBJECT_INFORMATION_CLASS ObjectInformationClass, + /*OUT*/ PVOID ObjectInformation, + /*IN*/ ULONG ObjectInformationLength, + /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); + +NTOSAPI +NTSTATUS +NTAPI +ZwSetInformationObject( + /*IN*/ HANDLE ObjectHandle, + /*IN*/ OBJECT_INFORMATION_CLASS ObjectInformationClass, + /*IN*/ PVOID ObjectInformation, + /*IN*/ ULONG ObjectInformationLength); + +/* OBJECT_BASIC_INFORMATION.Attributes constants */ +/* also in winbase.h */ +#define HANDLE_FLAG_INHERIT 0x01 +#define HANDLE_FLAG_PROTECT_FROM_CLOSE 0x02 +/* end winbase.h */ +#define PERMANENT 0x10 +#define EXCLUSIVE 0x20 + +typedef struct _OBJECT_BASIC_INFORMATION { + ULONG Attributes; + ACCESS_MASK GrantedAccess; + ULONG HandleCount; + ULONG PointerCount; + ULONG PagedPoolUsage; + ULONG NonPagedPoolUsage; + ULONG Reserved[3]; + ULONG NameInformationLength; + ULONG TypeInformationLength; + ULONG SecurityDescriptorLength; + LARGE_INTEGER CreateTime; +} OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION; +#if 0 +/* FIXME: Enable later */ +typedef struct _OBJECT_TYPE_INFORMATION { + UNICODE_STRING Name; + ULONG ObjectCount; + ULONG HandleCount; + ULONG Reserved1[4]; + ULONG PeakObjectCount; + ULONG PeakHandleCount; + ULONG Reserved2[4]; + ULONG InvalidAttributes; + GENERIC_MAPPING GenericMapping; + ULONG ValidAccess; + UCHAR Unknown; + BOOLEAN MaintainHandleDatabase; + POOL_TYPE PoolType; + ULONG PagedPoolUsage; + ULONG NonPagedPoolUsage; +} OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION; + +typedef struct _OBJECT_ALL_TYPES_INFORMATION { + ULONG NumberOfTypes; + OBJECT_TYPE_INFORMATION TypeInformation; +} OBJECT_ALL_TYPES_INFORMATION, *POBJECT_ALL_TYPES_INFORMATION; +#endif +typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFORMATION { + BOOLEAN Inherit; + BOOLEAN ProtectFromClose; +} OBJECT_HANDLE_ATTRIBUTE_INFORMATION, *POBJECT_HANDLE_ATTRIBUTE_INFORMATION; + +NTOSAPI +NTSTATUS +NTAPI +NtDuplicateObject( + /*IN*/ HANDLE SourceProcessHandle, + /*IN*/ HANDLE SourceHandle, + /*IN*/ HANDLE TargetProcessHandle, + /*OUT*/ PHANDLE TargetHandle /*OPTIONAL*/, + /*IN*/ ACCESS_MASK DesiredAccess, + /*IN*/ ULONG Attributes, + /*IN*/ ULONG Options); + +NTOSAPI +NTSTATUS +NTAPI +ZwDuplicateObject( + /*IN*/ HANDLE SourceProcessHandle, + /*IN*/ HANDLE SourceHandle, + /*IN*/ HANDLE TargetProcessHandle, + /*OUT*/ PHANDLE TargetHandle /*OPTIONAL*/, + /*IN*/ ACCESS_MASK DesiredAccess, + /*IN*/ ULONG Attributes, + /*IN*/ ULONG Options); + +NTOSAPI +NTSTATUS +NTAPI +NtQuerySecurityObject( + /*IN*/ HANDLE Handle, + /*IN*/ SECURITY_INFORMATION SecurityInformation, + /*OUT*/ PSECURITY_DESCRIPTOR SecurityDescriptor, + /*IN*/ ULONG SecurityDescriptorLength, + /*OUT*/ PULONG ReturnLength); + +NTOSAPI +NTSTATUS +NTAPI +ZwQuerySecurityObject( + /*IN*/ HANDLE Handle, + /*IN*/ SECURITY_INFORMATION SecurityInformation, + /*OUT*/ PSECURITY_DESCRIPTOR SecurityDescriptor, + /*IN*/ ULONG SecurityDescriptorLength, + /*OUT*/ PULONG ReturnLength); + +NTOSAPI +NTSTATUS +NTAPI +NtSetSecurityObject( + /*IN*/ HANDLE Handle, + /*IN*/ SECURITY_INFORMATION SecurityInformation, + /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor); + +NTOSAPI +NTSTATUS +NTAPI +ZwSetSecurityObject( + /*IN*/ HANDLE Handle, + /*IN*/ SECURITY_INFORMATION SecurityInformation, + /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor); + +NTOSAPI +NTSTATUS +NTAPI +ZwOpenDirectoryObject( + /*OUT*/ PHANDLE DirectoryHandle, + /*IN*/ ACCESS_MASK DesiredAccess, + /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes); + +NTOSAPI +NTSTATUS +NTAPI +ZwQueryDirectoryObject( + /*IN*/ HANDLE DirectoryHandle, + /*OUT*/ PVOID Buffer, + /*IN*/ ULONG BufferLength, + /*IN*/ BOOLEAN ReturnSingleEntry, + /*IN*/ BOOLEAN RestartScan, + /*IN OUT*/ PULONG Context, + /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); + +typedef struct _DIRECTORY_BASIC_INFORMATION { + UNICODE_STRING ObjectName; + UNICODE_STRING ObjectTypeName; +} DIRECTORY_BASIC_INFORMATION, *PDIRECTORY_BASIC_INFORMATION; + +NTOSAPI +NTSTATUS +NTAPI +ZwCreateSymbolicLinkObject( + /*OUT*/ PHANDLE SymbolicLinkHandle, + /*IN*/ ACCESS_MASK DesiredAccess, + /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, + /*IN*/ PUNICODE_STRING TargetName); + + + + +/* Virtual memory */ + +typedef enum _MEMORY_INFORMATION_CLASS { +MemoryBasicInformation, +MemoryWorkingSetList, +MemorySectionName, +MemoryBasicVlmInformation +} MEMORY_INFORMATION_CLASS; + +NTOSAPI +NTSTATUS +NTAPI +NtAllocateVirtualMemory( + /*IN*/ HANDLE ProcessHandle, + /*IN OUT*/ PVOID *BaseAddress, + /*IN*/ ULONG ZeroBits, + /*IN OUT*/ PULONG AllocationSize, + /*IN*/ ULONG AllocationType, + /*IN*/ ULONG Protect); + +NTOSAPI +NTSTATUS +NTAPI +ZwAllocateVirtualMemory( + /*IN*/ HANDLE ProcessHandle, + /*IN OUT*/ PVOID *BaseAddress, + /*IN*/ ULONG ZeroBits, + /*IN OUT*/ PULONG AllocationSize, + /*IN*/ ULONG AllocationType, + /*IN*/ ULONG Protect); + +NTOSAPI +NTSTATUS +NTAPI +NtFreeVirtualMemory( + /*IN*/ HANDLE ProcessHandle, + /*IN OUT*/ PVOID *BaseAddress, + /*IN OUT*/ PULONG FreeSize, + /*IN*/ ULONG FreeType); + +NTOSAPI +NTSTATUS +NTAPI +ZwFreeVirtualMemory( + /*IN*/ HANDLE ProcessHandle, + /*IN OUT*/ PVOID *BaseAddress, + /*IN OUT*/ PULONG FreeSize, + /*IN*/ ULONG FreeType); + +NTOSAPI +NTSTATUS +NTAPI +ZwQueryVirtualMemory( + /*IN*/ HANDLE ProcessHandle, + /*IN*/ PVOID BaseAddress, + /*IN*/ MEMORY_INFORMATION_CLASS MemoryInformationClass, + /*OUT*/ PVOID MemoryInformation, + /*IN*/ ULONG MemoryInformationLength, + /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); + +/* MEMORY_WORKING_SET_LIST.WorkingSetList constants */ +#define WSLE_PAGE_READONLY 0x001 +#define WSLE_PAGE_EXECUTE 0x002 +#define WSLE_PAGE_READWRITE 0x004 +#define WSLE_PAGE_EXECUTE_READ 0x003 +#define WSLE_PAGE_WRITECOPY 0x005 +#define WSLE_PAGE_EXECUTE_READWRITE 0x006 +#define WSLE_PAGE_EXECUTE_WRITECOPY 0x007 +#define WSLE_PAGE_SHARE_COUNT_MASK 0x0E0 +#define WSLE_PAGE_SHAREABLE 0x100 + +typedef struct _MEMORY_WORKING_SET_LIST { + ULONG NumberOfPages; + ULONG WorkingSetList[1]; +} MEMORY_WORKING_SET_LIST, *PMEMORY_WORKING_SET_LIST; + +typedef struct _MEMORY_SECTION_NAME { + UNICODE_STRING SectionFileName; +} MEMORY_SECTION_NAME, *PMEMORY_SECTION_NAME; + +/* Zw[Lock|Unlock]VirtualMemory.LockType constants */ +#define LOCK_VM_IN_WSL 0x01 +#define LOCK_VM_IN_RAM 0x02 + +NTOSAPI +NTSTATUS +NTAPI +ZwLockVirtualMemory( + /*IN*/ HANDLE ProcessHandle, + /*IN OUT*/ PVOID *BaseAddress, + /*IN OUT*/ PULONG LockSize, + /*IN*/ ULONG LockType); + +NTOSAPI +NTSTATUS +NTAPI +ZwUnlockVirtualMemory( + /*IN*/ HANDLE ProcessHandle, + /*IN OUT*/ PVOID *BaseAddress, + /*IN OUT*/ PULONG LockSize, + /*IN*/ ULONG LockType); + +NTOSAPI +NTSTATUS +NTAPI +ZwReadVirtualMemory( + /*IN*/ HANDLE ProcessHandle, + /*IN*/ PVOID BaseAddress, + /*OUT*/ PVOID Buffer, + /*IN*/ ULONG BufferLength, + /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); + +NTOSAPI +NTSTATUS +NTAPI +ZwWriteVirtualMemory( + /*IN*/ HANDLE ProcessHandle, + /*IN*/ PVOID BaseAddress, + /*IN*/ PVOID Buffer, + /*IN*/ ULONG BufferLength, + /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); + +NTOSAPI +NTSTATUS +NTAPI +ZwProtectVirtualMemory( + /*IN*/ HANDLE ProcessHandle, + /*IN OUT*/ PVOID *BaseAddress, + /*IN OUT*/ PULONG ProtectSize, + /*IN*/ ULONG NewProtect, + /*OUT*/ PULONG OldProtect); + +NTOSAPI +NTSTATUS +NTAPI +ZwFlushVirtualMemory( + /*IN*/ HANDLE ProcessHandle, + /*IN OUT*/ PVOID *BaseAddress, + /*IN OUT*/ PULONG FlushSize, + /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock); + +NTOSAPI +NTSTATUS +NTAPI +ZwAllocateUserPhysicalPages( + /*IN*/ HANDLE ProcessHandle, + /*IN*/ PULONG NumberOfPages, + /*OUT*/ PULONG PageFrameNumbers); + +NTOSAPI +NTSTATUS +NTAPI +ZwFreeUserPhysicalPages( + /*IN*/ HANDLE ProcessHandle, + /*IN OUT*/ PULONG NumberOfPages, + /*IN*/ PULONG PageFrameNumbers); + +NTOSAPI +NTSTATUS +NTAPI +ZwMapUserPhysicalPages( + /*IN*/ PVOID BaseAddress, + /*IN*/ PULONG NumberOfPages, + /*IN*/ PULONG PageFrameNumbers); + +NTOSAPI +NTSTATUS +NTAPI +ZwMapUserPhysicalPagesScatter( + /*IN*/ PVOID *BaseAddresses, + /*IN*/ PULONG NumberOfPages, + /*IN*/ PULONG PageFrameNumbers); + +NTOSAPI +NTSTATUS +NTAPI +ZwGetWriteWatch( + /*IN*/ HANDLE ProcessHandle, + /*IN*/ ULONG Flags, + /*IN*/ PVOID BaseAddress, + /*IN*/ ULONG RegionSize, + /*OUT*/ PULONG Buffer, + /*IN OUT*/ PULONG BufferEntries, + /*OUT*/ PULONG Granularity); + +NTOSAPI +NTSTATUS +NTAPI +ZwResetWriteWatch( + /*IN*/ HANDLE ProcessHandle, + /*IN*/ PVOID BaseAddress, + /*IN*/ ULONG RegionSize); + + + + +/* Sections */ + +typedef enum _SECTION_INFORMATION_CLASS { + SectionBasicInformation, + SectionImageInformation +} SECTION_INFORMATION_CLASS; + +NTOSAPI +NTSTATUS +NTAPI +NtCreateSection( + /*OUT*/ PHANDLE SectionHandle, + /*IN*/ ACCESS_MASK DesiredAccess, + /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, + /*IN*/ PLARGE_INTEGER SectionSize /*OPTIONAL*/, + /*IN*/ ULONG Protect, + /*IN*/ ULONG Attributes, + /*IN*/ HANDLE FileHandle); + +NTOSAPI +NTSTATUS +NTAPI +ZwCreateSection( + /*OUT*/ PHANDLE SectionHandle, + /*IN*/ ACCESS_MASK DesiredAccess, + /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, + /*IN*/ PLARGE_INTEGER SectionSize /*OPTIONAL*/, + /*IN*/ ULONG Protect, + /*IN*/ ULONG Attributes, + /*IN*/ HANDLE FileHandle); + +NTOSAPI +NTSTATUS +NTAPI +ZwQuerySection( + /*IN*/ HANDLE SectionHandle, + /*IN*/ SECTION_INFORMATION_CLASS SectionInformationClass, + /*OUT*/ PVOID SectionInformation, + /*IN*/ ULONG SectionInformationLength, + /*OUT*/ PULONG ResultLength /*OPTIONAL*/); + +NTOSAPI +NTSTATUS +NTAPI +ZwExtendSection( + /*IN*/ HANDLE SectionHandle, + /*IN*/ PLARGE_INTEGER SectionSize); + +NTOSAPI +NTSTATUS +NTAPI +ZwAreMappedFilesTheSame( + /*IN*/ PVOID Address1, + /*IN*/ PVOID Address2); + + + + +/* Threads */ + +typedef struct _USER_STACK { + PVOID FixedStackBase; + PVOID FixedStackLimit; + PVOID ExpandableStackBase; + PVOID ExpandableStackLimit; + PVOID ExpandableStackBottom; +} USER_STACK, *PUSER_STACK; + +NTOSAPI +NTSTATUS +NTAPI +ZwCreateThread( + /*OUT*/ PHANDLE ThreadHandle, + /*IN*/ ACCESS_MASK DesiredAccess, + /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, + /*IN*/ HANDLE ProcessHandle, + /*OUT*/ PCLIENT_ID ClientId, + /*IN*/ PCONTEXT ThreadContext, + /*IN*/ PUSER_STACK UserStack, + /*IN*/ BOOLEAN CreateSuspended); + +NTOSAPI +NTSTATUS +NTAPI +NtOpenThread( + /*OUT*/ PHANDLE ThreadHandle, + /*IN*/ ACCESS_MASK DesiredAccess, + /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, + /*IN*/ PCLIENT_ID ClientId); + +NTOSAPI +NTSTATUS +NTAPI +ZwOpenThread( + /*OUT*/ PHANDLE ThreadHandle, + /*IN*/ ACCESS_MASK DesiredAccess, + /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, + /*IN*/ PCLIENT_ID ClientId); + +NTOSAPI +NTSTATUS +NTAPI +ZwTerminateThread( + /*IN*/ HANDLE ThreadHandle /*OPTIONAL*/, + /*IN*/ NTSTATUS ExitStatus); + +NTOSAPI +NTSTATUS +NTAPI +NtQueryInformationThread( + /*IN*/ HANDLE ThreadHandle, + /*IN*/ THREADINFOCLASS ThreadInformationClass, + /*OUT*/ PVOID ThreadInformation, + /*IN*/ ULONG ThreadInformationLength, + /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); + +NTOSAPI +NTSTATUS +NTAPI +ZwQueryInformationThread( + /*IN*/ HANDLE ThreadHandle, + /*IN*/ THREADINFOCLASS ThreadInformationClass, + /*OUT*/ PVOID ThreadInformation, + /*IN*/ ULONG ThreadInformationLength, + /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); + +NTOSAPI +NTSTATUS +NTAPI +NtSetInformationThread( + /*IN*/ HANDLE ThreadHandle, + /*IN*/ THREADINFOCLASS ThreadInformationClass, + /*IN*/ PVOID ThreadInformation, + /*IN*/ ULONG ThreadInformationLength); + +typedef struct _THREAD_BASIC_INFORMATION { + NTSTATUS ExitStatus; + PNT_TIB TebBaseAddress; + CLIENT_ID ClientId; + KAFFINITY AffinityMask; + KPRIORITY Priority; + KPRIORITY BasePriority; +} THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION; + +typedef struct _KERNEL_USER_TIMES { + LARGE_INTEGER CreateTime; + LARGE_INTEGER ExitTime; + LARGE_INTEGER KernelTime; + LARGE_INTEGER UserTime; +} KERNEL_USER_TIMES, *PKERNEL_USER_TIMES; + +NTOSAPI +NTSTATUS +NTAPI +ZwSuspendThread( + /*IN*/ HANDLE ThreadHandle, + /*OUT*/ PULONG PreviousSuspendCount /*OPTIONAL*/); + +NTOSAPI +NTSTATUS +NTAPI +ZwResumeThread( + /*IN*/ HANDLE ThreadHandle, + /*OUT*/ PULONG PreviousSuspendCount /*OPTIONAL*/); + +NTOSAPI +NTSTATUS +NTAPI +ZwGetContextThread( + /*IN*/ HANDLE ThreadHandle, + /*OUT*/ PCONTEXT Context); + +NTOSAPI +NTSTATUS +NTAPI +ZwSetContextThread( + /*IN*/ HANDLE ThreadHandle, + /*IN*/ PCONTEXT Context); + +NTOSAPI +NTSTATUS +NTAPI +ZwQueueApcThread( + /*IN*/ HANDLE ThreadHandle, + /*IN*/ PKNORMAL_ROUTINE ApcRoutine, + /*IN*/ PVOID ApcContext /*OPTIONAL*/, + /*IN*/ PVOID Argument1 /*OPTIONAL*/, + /*IN*/ PVOID Argument2 /*OPTIONAL*/); + +NTOSAPI +NTSTATUS +NTAPI +ZwTestAlert( + VOID); + +NTOSAPI +NTSTATUS +NTAPI +ZwAlertThread( + /*IN*/ HANDLE ThreadHandle); + +NTOSAPI +NTSTATUS +NTAPI +ZwAlertResumeThread( + /*IN*/ HANDLE ThreadHandle, + /*OUT*/ PULONG PreviousSuspendCount /*OPTIONAL*/); + +NTOSAPI +NTSTATUS +NTAPI +ZwRegisterThreadTerminatePort( + /*IN*/ HANDLE PortHandle); + +NTOSAPI +NTSTATUS +NTAPI +ZwImpersonateThread( + /*IN*/ HANDLE ThreadHandle, + /*IN*/ HANDLE TargetThreadHandle, + /*IN*/ PSECURITY_QUALITY_OF_SERVICE SecurityQos); + +NTOSAPI +NTSTATUS +NTAPI +ZwImpersonateAnonymousToken( + /*IN*/ HANDLE ThreadHandle); + + + + +/* Processes */ + +NTOSAPI +NTSTATUS +NTAPI +ZwCreateProcess( + /*OUT*/ PHANDLE ProcessHandle, + /*IN*/ ACCESS_MASK DesiredAccess, + /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, + /*IN*/ HANDLE InheritFromProcessHandle, + /*IN*/ BOOLEAN InheritHandles, + /*IN*/ HANDLE SectionHandle /*OPTIONAL*/, + /*IN*/ HANDLE DebugPort /*OPTIONAL*/, + /*IN*/ HANDLE ExceptionPort /*OPTIONAL*/); + +NTOSAPI +NTSTATUS +NTAPI +ZwCreateProcess( + /*OUT*/ PHANDLE ProcessHandle, + /*IN*/ ACCESS_MASK DesiredAccess, + /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, + /*IN*/ HANDLE InheritFromProcessHandle, + /*IN*/ BOOLEAN InheritHandles, + /*IN*/ HANDLE SectionHandle /*OPTIONAL*/, + /*IN*/ HANDLE DebugPort /*OPTIONAL*/, + /*IN*/ HANDLE ExceptionPort /*OPTIONAL*/); + +NTOSAPI +NTSTATUS +NTAPI +ZwTerminateProcess( + /*IN*/ HANDLE ProcessHandle /*OPTIONAL*/, + /*IN*/ NTSTATUS ExitStatus); + +NTOSAPI +NTSTATUS +NTAPI +ZwQueryInformationProcess( + /*IN*/ HANDLE ProcessHandle, + /*IN*/ PROCESSINFOCLASS ProcessInformationClass, + /*OUT*/ PVOID ProcessInformation, + /*IN*/ ULONG ProcessInformationLength, + /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); + +NTOSAPI +NTSTATUS +NTAPI +NtSetInformationProcess( + /*IN*/ HANDLE ProcessHandle, + /*IN*/ PROCESSINFOCLASS ProcessInformationClass, + /*IN*/ PVOID ProcessInformation, + /*IN*/ ULONG ProcessInformationLength); + +NTOSAPI +NTSTATUS +NTAPI +ZwSetInformationProcess( + /*IN*/ HANDLE ProcessHandle, + /*IN*/ PROCESSINFOCLASS ProcessInformationClass, + /*IN*/ PVOID ProcessInformation, + /*IN*/ ULONG ProcessInformationLength); + +typedef struct _PROCESS_BASIC_INFORMATION { + NTSTATUS ExitStatus; + PPEB PebBaseAddress; + KAFFINITY AffinityMask; + KPRIORITY BasePriority; + ULONG UniqueProcessId; + ULONG InheritedFromUniqueProcessId; +} PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION; + +typedef struct _PROCESS_ACCESS_TOKEN { + HANDLE Token; + HANDLE Thread; +} PROCESS_ACCESS_TOKEN, *PPROCESS_ACCESS_TOKEN; + +/* DefaultHardErrorMode constants */ +/* also in winbase.h */ +#define SEM_FAILCRITICALERRORS 0x0001 +#define SEM_NOGPFAULTERRORBOX 0x0002 +#define SEM_NOALIGNMENTFAULTEXCEPT 0x0004 +#define SEM_NOOPENFILEERRORBOX 0x8000 +/* end winbase.h */ +typedef struct _POOLED_USAGE_AND_LIMITS { + ULONG PeakPagedPoolUsage; + ULONG PagedPoolUsage; + ULONG PagedPoolLimit; + ULONG PeakNonPagedPoolUsage; + ULONG NonPagedPoolUsage; + ULONG NonPagedPoolLimit; + ULONG PeakPagefileUsage; + ULONG PagefileUsage; + ULONG PagefileLimit; +} POOLED_USAGE_AND_LIMITS, *PPOOLED_USAGE_AND_LIMITS; + +typedef struct _PROCESS_WS_WATCH_INFORMATION { + PVOID FaultingPc; + PVOID FaultingVa; +} PROCESS_WS_WATCH_INFORMATION, *PPROCESS_WS_WATCH_INFORMATION; + +/* PROCESS_PRIORITY_CLASS.PriorityClass constants */ +#define PC_IDLE 1 +#define PC_NORMAL 2 +#define PC_HIGH 3 +#define PC_REALTIME 4 +#define PC_BELOW_NORMAL 5 +#define PC_ABOVE_NORMAL 6 + +typedef struct _PROCESS_PRIORITY_CLASS { + BOOLEAN Foreground; + UCHAR PriorityClass; +} PROCESS_PRIORITY_CLASS, *PPROCESS_PRIORITY_CLASS; + +/* PROCESS_DEVICEMAP_INFORMATION.DriveType constants */ +#define DRIVE_UNKNOWN 0 +#define DRIVE_NO_ROOT_DIR 1 +#define DRIVE_REMOVABLE 2 +#define DRIVE_FIXED 3 +#define DRIVE_REMOTE 4 +#define DRIVE_CDROM 5 +#define DRIVE_RAMDISK 6 + +typedef struct _PROCESS_DEVICEMAP_INFORMATION { + _ANONYMOUS_UNION union { + struct { + HANDLE DirectoryHandle; + } Set; + struct { + ULONG DriveMap; + UCHAR DriveType[32]; + } Query; + } DUMMYUNIONNAME; +} PROCESS_DEVICEMAP_INFORMATION, *PPROCESS_DEVICEMAP_INFORMATION; + +typedef struct _PROCESS_SESSION_INFORMATION { + ULONG SessionId; +} PROCESS_SESSION_INFORMATION, *PPROCESS_SESSION_INFORMATION; + +typedef struct _RTL_USER_PROCESS_PARAMETERS { + ULONG AllocationSize; + ULONG Size; + ULONG Flags; + ULONG DebugFlags; + HANDLE hConsole; + ULONG ProcessGroup; + HANDLE hStdInput; + HANDLE hStdOutput; + HANDLE hStdError; + UNICODE_STRING CurrentDirectoryName; + HANDLE CurrentDirectoryHandle; + UNICODE_STRING DllPath; + UNICODE_STRING ImagePathName; + UNICODE_STRING CommandLine; + PWSTR Environment; + ULONG dwX; + ULONG dwY; + ULONG dwXSize; + ULONG dwYSize; + ULONG dwXCountChars; + ULONG dwYCountChars; + ULONG dwFillAttribute; + ULONG dwFlags; + ULONG wShowWindow; + UNICODE_STRING WindowTitle; + UNICODE_STRING DesktopInfo; + UNICODE_STRING ShellInfo; + UNICODE_STRING RuntimeInfo; +} RTL_USER_PROCESS_PARAMETERS, *PRTL_USER_PROCESS_PARAMETERS; + +NTSTATUS +NTAPI +RtlCreateProcessParameters( + /*OUT*/ PRTL_USER_PROCESS_PARAMETERS *ProcessParameters, + /*IN*/ PUNICODE_STRING ImageFile, + /*IN*/ PUNICODE_STRING DllPath /*OPTIONAL*/, + /*IN*/ PUNICODE_STRING CurrentDirectory /*OPTIONAL*/, + /*IN*/ PUNICODE_STRING CommandLine /*OPTIONAL*/, + /*IN*/ PWSTR Environment /*OPTIONAL*/, + /*IN*/ PUNICODE_STRING WindowTitle /*OPTIONAL*/, + /*IN*/ PUNICODE_STRING DesktopInfo /*OPTIONAL*/, + /*IN*/ PUNICODE_STRING ShellInfo /*OPTIONAL*/, + /*IN*/ PUNICODE_STRING RuntimeInfo /*OPTIONAL*/); + +NTSTATUS +NTAPI +RtlDestroyProcessParameters( + /*IN*/ PRTL_USER_PROCESS_PARAMETERS ProcessParameters); + +typedef struct _DEBUG_BUFFER { + HANDLE SectionHandle; + PVOID SectionBase; + PVOID RemoteSectionBase; + ULONG SectionBaseDelta; + HANDLE EventPairHandle; + ULONG Unknown[2]; + HANDLE RemoteThreadHandle; + ULONG InfoClassMask; + ULONG SizeOfInfo; + ULONG AllocatedSize; + ULONG SectionSize; + PVOID ModuleInformation; + PVOID BackTraceInformation; + PVOID HeapInformation; + PVOID LockInformation; + PVOID Reserved[8]; +} DEBUG_BUFFER, *PDEBUG_BUFFER; + +PDEBUG_BUFFER +NTAPI +RtlCreateQueryDebugBuffer( + /*IN*/ ULONG Size, + /*IN*/ BOOLEAN EventPair); + +/* RtlQueryProcessDebugInformation.DebugInfoClassMask constants */ +#define PDI_MODULES 0x01 +#define PDI_BACKTRACE 0x02 +#define PDI_HEAPS 0x04 +#define PDI_HEAP_TAGS 0x08 +#define PDI_HEAP_BLOCKS 0x10 +#define PDI_LOCKS 0x20 + +NTSTATUS +NTAPI +RtlQueryProcessDebugInformation( + /*IN*/ ULONG ProcessId, + /*IN*/ ULONG DebugInfoClassMask, + /*IN OUT*/ PDEBUG_BUFFER DebugBuffer); + +NTSTATUS +NTAPI +RtlDestroyQueryDebugBuffer( + /*IN*/ PDEBUG_BUFFER DebugBuffer); + +/* DEBUG_MODULE_INFORMATION.Flags constants */ +#define LDRP_STATIC_LINK 0x00000002 +#define LDRP_IMAGE_DLL 0x00000004 +#define LDRP_LOAD_IN_PROGRESS 0x00001000 +#define LDRP_UNLOAD_IN_PROGRESS 0x00002000 +#define LDRP_ENTRY_PROCESSED 0x00004000 +#define LDRP_ENTRY_INSERTED 0x00008000 +#define LDRP_CURRENT_LOAD 0x00010000 +#define LDRP_FAILED_BUILTIN_LOAD 0x00020000 +#define LDRP_DONT_CALL_FOR_THREADS 0x00040000 +#define LDRP_PROCESS_ATTACH_CALLED 0x00080000 +#define LDRP_DEBUG_SYMBOLS_LOADED 0x00100000 +#define LDRP_IMAGE_NOT_AT_BASE 0x00200000 +#define LDRP_WX86_IGNORE_MACHINETYPE 0x00400000 + +typedef struct _DEBUG_MODULE_INFORMATION { + ULONG Reserved[2]; + ULONG Base; + ULONG Size; + ULONG Flags; + USHORT Index; + USHORT Unknown; + USHORT LoadCount; + USHORT ModuleNameOffset; + CHAR ImageName[256]; +} DEBUG_MODULE_INFORMATION, *PDEBUG_MODULE_INFORMATION; + +typedef struct _DEBUG_HEAP_INFORMATION { + ULONG Base; + ULONG Flags; + USHORT Granularity; + USHORT Unknown; + ULONG Allocated; + ULONG Committed; + ULONG TagCount; + ULONG BlockCount; + ULONG Reserved[7]; + PVOID Tags; + PVOID Blocks; +} DEBUG_HEAP_INFORMATION, *PDEBUG_HEAP_INFORMATION; + +typedef struct _DEBUG_LOCK_INFORMATION { + PVOID Address; + USHORT Type; + USHORT CreatorBackTraceIndex; + ULONG OwnerThreadId; + ULONG ActiveCount; + ULONG ContentionCount; + ULONG EntryCount; + ULONG RecursionCount; + ULONG NumberOfSharedWaiters; + ULONG NumberOfExclusiveWaiters; +} DEBUG_LOCK_INFORMATION, *PDEBUG_LOCK_INFORMATION; + + + +/* Jobs */ + +NTOSAPI +NTSTATUS +NTAPI +ZwCreateJobObject( + /*OUT*/ PHANDLE JobHandle, + /*IN*/ ACCESS_MASK DesiredAccess, + /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes); + +NTOSAPI +NTSTATUS +NTAPI +ZwOpenJobObject( + /*OUT*/ PHANDLE JobHandle, + /*IN*/ ACCESS_MASK DesiredAccess, + /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes); + +NTOSAPI +NTSTATUS +NTAPI +ZwTerminateJobObject( + /*IN*/ HANDLE JobHandle, + /*IN*/ NTSTATUS ExitStatus); + +NTOSAPI +NTSTATUS +NTAPI +ZwAssignProcessToJobObject( + /*IN*/ HANDLE JobHandle, + /*IN*/ HANDLE ProcessHandle); + +NTOSAPI +NTSTATUS +NTAPI +ZwQueryInformationJobObject( + /*IN*/ HANDLE JobHandle, + /*IN*/ JOBOBJECTINFOCLASS JobInformationClass, + /*OUT*/ PVOID JobInformation, + /*IN*/ ULONG JobInformationLength, + /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); + +NTOSAPI +NTSTATUS +NTAPI +ZwSetInformationJobObject( + /*IN*/ HANDLE JobHandle, + /*IN*/ JOBOBJECTINFOCLASS JobInformationClass, + /*IN*/ PVOID JobInformation, + /*IN*/ ULONG JobInformationLength); + + +/* Tokens */ + +NTOSAPI +NTSTATUS +NTAPI +ZwCreateToken( + /*OUT*/ PHANDLE TokenHandle, + /*IN*/ ACCESS_MASK DesiredAccess, + /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, + /*IN*/ TOKEN_TYPE Type, + /*IN*/ PLUID AuthenticationId, + /*IN*/ PLARGE_INTEGER ExpirationTime, + /*IN*/ PTOKEN_USER User, + /*IN*/ PTOKEN_GROUPS Groups, + /*IN*/ PTOKEN_PRIVILEGES Privileges, + /*IN*/ PTOKEN_OWNER Owner, + /*IN*/ PTOKEN_PRIMARY_GROUP PrimaryGroup, + /*IN*/ PTOKEN_DEFAULT_DACL DefaultDacl, + /*IN*/ PTOKEN_SOURCE Source +); + +NTOSAPI +NTSTATUS +NTAPI +NtOpenProcessToken( + /*IN*/ HANDLE ProcessHandle, + /*IN*/ ACCESS_MASK DesiredAccess, + /*OUT*/ PHANDLE TokenHandle); + +NTOSAPI +NTSTATUS +NTAPI +ZwOpenProcessToken( + /*IN*/ HANDLE ProcessHandle, + /*IN*/ ACCESS_MASK DesiredAccess, + /*OUT*/ PHANDLE TokenHandle); + +NTOSAPI +NTSTATUS +NTAPI +NtOpenThreadToken( + /*IN*/ HANDLE ThreadHandle, + /*IN*/ ACCESS_MASK DesiredAccess, + /*IN*/ BOOLEAN OpenAsSelf, + /*OUT*/ PHANDLE TokenHandle); + +NTOSAPI +NTSTATUS +NTAPI +ZwOpenThreadToken( + /*IN*/ HANDLE ThreadHandle, + /*IN*/ ACCESS_MASK DesiredAccess, + /*IN*/ BOOLEAN OpenAsSelf, + /*OUT*/ PHANDLE TokenHandle); + +NTOSAPI +NTSTATUS +NTAPI +NtDuplicateToken( + /*IN*/ HANDLE ExistingTokenHandle, + /*IN*/ ACCESS_MASK DesiredAccess, + /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, + /*IN*/ BOOLEAN EffectiveOnly, + /*IN*/ TOKEN_TYPE TokenType, + /*OUT*/ PHANDLE NewTokenHandle); + +NTOSAPI +NTSTATUS +NTAPI +ZwDuplicateToken( + /*IN*/ HANDLE ExistingTokenHandle, + /*IN*/ ACCESS_MASK DesiredAccess, + /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, + /*IN*/ BOOLEAN EffectiveOnly, + /*IN*/ TOKEN_TYPE TokenType, + /*OUT*/ PHANDLE NewTokenHandle); + +NTOSAPI +NTSTATUS +NTAPI +ZwFilterToken( + /*IN*/ HANDLE ExistingTokenHandle, + /*IN*/ ULONG Flags, + /*IN*/ PTOKEN_GROUPS SidsToDisable, + /*IN*/ PTOKEN_PRIVILEGES PrivilegesToDelete, + /*IN*/ PTOKEN_GROUPS SidsToRestricted, + /*OUT*/ PHANDLE NewTokenHandle); + +NTOSAPI +NTSTATUS +NTAPI +NtAdjustPrivilegesToken( + /*IN*/ HANDLE TokenHandle, + /*IN*/ BOOLEAN DisableAllPrivileges, + /*IN*/ PTOKEN_PRIVILEGES NewState, + /*IN*/ ULONG BufferLength, + /*OUT*/ PTOKEN_PRIVILEGES PreviousState /*OPTIONAL*/, + /*OUT*/ PULONG ReturnLength); + +NTOSAPI +NTSTATUS +NTAPI +ZwAdjustPrivilegesToken( + /*IN*/ HANDLE TokenHandle, + /*IN*/ BOOLEAN DisableAllPrivileges, + /*IN*/ PTOKEN_PRIVILEGES NewState, + /*IN*/ ULONG BufferLength, + /*OUT*/ PTOKEN_PRIVILEGES PreviousState /*OPTIONAL*/, + /*OUT*/ PULONG ReturnLength); + +NTOSAPI +NTSTATUS +NTAPI +ZwAdjustGroupsToken( + /*IN*/ HANDLE TokenHandle, + /*IN*/ BOOLEAN ResetToDefault, + /*IN*/ PTOKEN_GROUPS NewState, + /*IN*/ ULONG BufferLength, + /*OUT*/ PTOKEN_GROUPS PreviousState /*OPTIONAL*/, + /*OUT*/ PULONG ReturnLength); + +NTOSAPI +NTSTATUS +NTAPI +NtQueryInformationToken( + /*IN*/ HANDLE TokenHandle, + /*IN*/ TOKEN_INFORMATION_CLASS TokenInformationClass, + /*OUT*/ PVOID TokenInformation, + /*IN*/ ULONG TokenInformationLength, + /*OUT*/ PULONG ReturnLength); + +NTOSAPI +NTSTATUS +NTAPI +ZwQueryInformationToken( + /*IN*/ HANDLE TokenHandle, + /*IN*/ TOKEN_INFORMATION_CLASS TokenInformationClass, + /*OUT*/ PVOID TokenInformation, + /*IN*/ ULONG TokenInformationLength, + /*OUT*/ PULONG ReturnLength); + +NTOSAPI +NTSTATUS +NTAPI +ZwSetInformationToken( + /*IN*/ HANDLE TokenHandle, + /*IN*/ TOKEN_INFORMATION_CLASS TokenInformationClass, + /*IN*/ PVOID TokenInformation, + /*IN*/ ULONG TokenInformationLength); + + + + +/* Time */ + +NTOSAPI +NTSTATUS +NTAPI +ZwQuerySystemTime( + /*OUT*/ PLARGE_INTEGER CurrentTime); + +NTOSAPI +NTSTATUS +NTAPI +ZwSetSystemTime( + /*IN*/ PLARGE_INTEGER NewTime, + /*OUT*/ PLARGE_INTEGER OldTime /*OPTIONAL*/); + +NTOSAPI +NTSTATUS +NTAPI +ZwQueryPerformanceCounter( + /*OUT*/ PLARGE_INTEGER PerformanceCount, + /*OUT*/ PLARGE_INTEGER PerformanceFrequency /*OPTIONAL*/); + +NTOSAPI +NTSTATUS +NTAPI +ZwQueryPerformanceCounter( + /*OUT*/ PLARGE_INTEGER PerformanceCount, + /*OUT*/ PLARGE_INTEGER PerformanceFrequency /*OPTIONAL*/); + +NTOSAPI +NTSTATUS +NTAPI +ZwQueryTimerResolution( + /*OUT*/ PULONG CoarsestResolution, + /*OUT*/ PULONG FinestResolution, + /*OUT*/ PULONG ActualResolution); + +NTOSAPI +NTSTATUS +NTAPI +ZwDelayExecution( + /*IN*/ BOOLEAN Alertable, + /*IN*/ PLARGE_INTEGER Interval); + +NTOSAPI +NTSTATUS +NTAPI +ZwYieldExecution( + VOID); + +NTOSAPI +ULONG +NTAPI +ZwGetTickCount( + VOID); + + + + +/* Execution profiling */ + +NTOSAPI +NTSTATUS +NTAPI +ZwCreateProfile( + /*OUT*/ PHANDLE ProfileHandle, + /*IN*/ HANDLE ProcessHandle, + /*IN*/ PVOID Base, + /*IN*/ ULONG Size, + /*IN*/ ULONG BucketShift, + /*IN*/ PULONG Buffer, + /*IN*/ ULONG BufferLength, + /*IN*/ KPROFILE_SOURCE Source, + /*IN*/ ULONG ProcessorMask); + +NTOSAPI +NTSTATUS +NTAPI +ZwSetIntervalProfile( + /*IN*/ ULONG Interval, + /*IN*/ KPROFILE_SOURCE Source); + +NTOSAPI +NTSTATUS +NTAPI +ZwQueryIntervalProfile( + /*IN*/ KPROFILE_SOURCE Source, + /*OUT*/ PULONG Interval); + +NTOSAPI +NTSTATUS +NTAPI +ZwStartProfile( + /*IN*/ HANDLE ProfileHandle); + +NTOSAPI +NTSTATUS +NTAPI +ZwStopProfile( + /*IN*/ HANDLE ProfileHandle); + +/* Local Procedure Call (LPC) */ + +typedef struct _LPC_MESSAGE { + USHORT DataSize; + USHORT MessageSize; + USHORT MessageType; + USHORT VirtualRangesOffset; + CLIENT_ID ClientId; + ULONG MessageId; + ULONG SectionSize; + UCHAR Data[ANYSIZE_ARRAY]; +} LPC_MESSAGE, *PLPC_MESSAGE; + +#define LPC_MESSAGE_BASE_SIZE 24 + +typedef enum _LPC_TYPE { + LPC_NEW_MESSAGE, + LPC_REQUEST, + LPC_REPLY, + LPC_DATAGRAM, + LPC_LOST_REPLY, + LPC_PORT_CLOSED, + LPC_CLIENT_DIED, + LPC_EXCEPTION, + LPC_DEBUG_EVENT, + LPC_ERROR_EVENT, + LPC_CONNECTION_REQUEST, + LPC_CONNECTION_REFUSED, + LPC_MAXIMUM +} LPC_TYPE; + +typedef struct _LPC_SECTION_WRITE { + ULONG Length; + HANDLE SectionHandle; + ULONG SectionOffset; + ULONG ViewSize; + PVOID ViewBase; + PVOID TargetViewBase; +} LPC_SECTION_WRITE, *PLPC_SECTION_WRITE; + +typedef struct _LPC_SECTION_READ { + ULONG Length; + ULONG ViewSize; + PVOID ViewBase; +} LPC_SECTION_READ, *PLPC_SECTION_READ; + +NTOSAPI +NTSTATUS +NTAPI +ZwCreatePort( + /*OUT*/ PHANDLE PortHandle, + /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, + /*IN*/ ULONG MaxDataSize, + /*IN*/ ULONG MaxMessageSize, + /*IN*/ ULONG Reserved); + +NTOSAPI +NTSTATUS +NTAPI +ZwCreateWaitablePort( + /*OUT*/ PHANDLE PortHandle, + /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, + /*IN*/ ULONG MaxDataSize, + /*IN*/ ULONG MaxMessageSize, + /*IN*/ ULONG Reserved); + +NTOSAPI +NTSTATUS +NTAPI +NtConnectPort( + /*OUT*/ PHANDLE PortHandle, + /*IN*/ PUNICODE_STRING PortName, + /*IN*/ PSECURITY_QUALITY_OF_SERVICE SecurityQos, + /*IN OUT*/ PLPC_SECTION_WRITE WriteSection /*OPTIONAL*/, + /*IN OUT*/ PLPC_SECTION_READ ReadSection /*OPTIONAL*/, + /*OUT*/ PULONG MaxMessageSize /*OPTIONAL*/, + /*IN OUT*/ PVOID ConnectData /*OPTIONAL*/, + /*IN OUT*/ PULONG ConnectDataLength /*OPTIONAL*/); + +NTOSAPI +NTSTATUS +NTAPI +ZwConnectPort( + /*OUT*/ PHANDLE PortHandle, + /*IN*/ PUNICODE_STRING PortName, + /*IN*/ PSECURITY_QUALITY_OF_SERVICE SecurityQos, + /*IN OUT*/ PLPC_SECTION_WRITE WriteSection /*OPTIONAL*/, + /*IN OUT*/ PLPC_SECTION_READ ReadSection /*OPTIONAL*/, + /*OUT*/ PULONG MaxMessageSize /*OPTIONAL*/, + /*IN OUT*/ PVOID ConnectData /*OPTIONAL*/, + /*IN OUT*/ PULONG ConnectDataLength /*OPTIONAL*/); + +NTOSAPI +NTSTATUS +NTAPI +ZwConnectPort( + /*OUT*/ PHANDLE PortHandle, + /*IN*/ PUNICODE_STRING PortName, + /*IN*/ PSECURITY_QUALITY_OF_SERVICE SecurityQos, + /*IN OUT*/ PLPC_SECTION_WRITE WriteSection /*OPTIONAL*/, + /*IN OUT*/ PLPC_SECTION_READ ReadSection /*OPTIONAL*/, + /*OUT*/ PULONG MaxMessageSize /*OPTIONAL*/, + /*IN OUT*/ PVOID ConnectData /*OPTIONAL*/, + /*IN OUT*/ PULONG ConnectDataLength /*OPTIONAL*/); + +NTOSAPI +NTSTATUS +NTAPI +ZwListenPort( + /*IN*/ HANDLE PortHandle, + /*OUT*/ PLPC_MESSAGE Message); + +NTOSAPI +NTSTATUS +NTAPI +ZwAcceptConnectPort( + /*OUT*/ PHANDLE PortHandle, + /*IN*/ ULONG PortIdentifier, + /*IN*/ PLPC_MESSAGE Message, + /*IN*/ BOOLEAN Accept, + /*IN OUT*/ PLPC_SECTION_WRITE WriteSection /*OPTIONAL*/, + /*IN OUT*/ PLPC_SECTION_READ ReadSection /*OPTIONAL*/); + +NTOSAPI +NTSTATUS +NTAPI +ZwCompleteConnectPort( + /*IN*/ HANDLE PortHandle); + +NTOSAPI +NTSTATUS +NTAPI +NtRequestPort( + /*IN*/ HANDLE PortHandle, + /*IN*/ PLPC_MESSAGE RequestMessage); + +NTOSAPI +NTSTATUS +NTAPI +NtRequestWaitReplyPort( + /*IN*/ HANDLE PortHandle, + /*IN*/ PLPC_MESSAGE RequestMessage, + /*OUT*/ PLPC_MESSAGE ReplyMessage); + +NTOSAPI +NTSTATUS +NTAPI +ZwRequestWaitReplyPort( + /*IN*/ HANDLE PortHandle, + /*IN*/ PLPC_MESSAGE RequestMessage, + /*OUT*/ PLPC_MESSAGE ReplyMessage); + +NTOSAPI +NTSTATUS +NTAPI +ZwReplyPort( + /*IN*/ HANDLE PortHandle, + /*IN*/ PLPC_MESSAGE ReplyMessage); + +NTOSAPI +NTSTATUS +NTAPI +ZwReplyWaitReplyPort( + /*IN*/ HANDLE PortHandle, + /*IN OUT*/ PLPC_MESSAGE ReplyMessage); + +NTOSAPI +NTSTATUS +NTAPI +ZwReplyWaitReceivePort( + /*IN*/ HANDLE PortHandle, + /*OUT*/ PULONG PortIdentifier /*OPTIONAL*/, + /*IN*/ PLPC_MESSAGE ReplyMessage /*OPTIONAL*/, + /*OUT*/ PLPC_MESSAGE Message); + +NTOSAPI +NTSTATUS +NTAPI +ZwReplyWaitReceivePortEx( + /*IN*/ HANDLE PortHandle, + /*OUT*/ PULONG PortIdentifier /*OPTIONAL*/, + /*IN*/ PLPC_MESSAGE ReplyMessage /*OPTIONAL*/, + /*OUT*/ PLPC_MESSAGE Message, + /*IN*/ PLARGE_INTEGER Timeout); + +NTOSAPI +NTSTATUS +NTAPI +ZwReadRequestData( + /*IN*/ HANDLE PortHandle, + /*IN*/ PLPC_MESSAGE Message, + /*IN*/ ULONG Index, + /*OUT*/ PVOID Buffer, + /*IN*/ ULONG BufferLength, + /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); + +NTOSAPI +NTSTATUS +NTAPI +ZwWriteRequestData( + /*IN*/ HANDLE PortHandle, + /*IN*/ PLPC_MESSAGE Message, + /*IN*/ ULONG Index, + /*IN*/ PVOID Buffer, + /*IN*/ ULONG BufferLength, + /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); + +typedef enum _PORT_INFORMATION_CLASS { + PortBasicInformation +} PORT_INFORMATION_CLASS; + +NTOSAPI +NTSTATUS +NTAPI +ZwQueryInformationPort( + /*IN*/ HANDLE PortHandle, + /*IN*/ PORT_INFORMATION_CLASS PortInformationClass, + /*OUT*/ PVOID PortInformation, + /*IN*/ ULONG PortInformationLength, + /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); + +NTOSAPI +NTSTATUS +NTAPI +ZwImpersonateClientOfPort( + /*IN*/ HANDLE PortHandle, + /*IN*/ PLPC_MESSAGE Message); + + + + +/* Files */ + +NTOSAPI +NTSTATUS +NTAPI +NtDeleteFile( + /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes); + +NTOSAPI +NTSTATUS +NTAPI +ZwDeleteFile( + /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes); + +NTOSAPI +NTSTATUS +NTAPI +ZwFlushBuffersFile( + /*IN*/ HANDLE FileHandle, + /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock); + +NTOSAPI +NTSTATUS +NTAPI +ZwCancelIoFile( + /*IN*/ HANDLE FileHandle, + /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock); + +NTOSAPI +NTSTATUS +NTAPI +ZwReadFileScatter( + /*IN*/ HANDLE FileHandle, + /*IN*/ HANDLE Event /*OPTIONAL*/, + /*IN*/ PIO_APC_ROUTINE ApcRoutine /*OPTIONAL*/, + /*IN*/ PVOID ApcContext /*OPTIONAL*/, + /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock, + /*IN*/ PFILE_SEGMENT_ELEMENT Buffer, + /*IN*/ ULONG Length, + /*IN*/ PLARGE_INTEGER ByteOffset /*OPTIONAL*/, + /*IN*/ PULONG Key /*OPTIONAL*/); + +NTOSAPI +NTSTATUS +NTAPI +ZwWriteFileGather( + /*IN*/ HANDLE FileHandle, + /*IN*/ HANDLE Event /*OPTIONAL*/, + /*IN*/ PIO_APC_ROUTINE ApcRoutine /*OPTIONAL*/, + /*IN*/ PVOID ApcContext /*OPTIONAL*/, + /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock, + /*IN*/ PFILE_SEGMENT_ELEMENT Buffer, + /*IN*/ ULONG Length, + /*IN*/ PLARGE_INTEGER ByteOffset /*OPTIONAL*/, + /*IN*/ PULONG Key /*OPTIONAL*/); + + + + +/* Registry keys */ + +NTOSAPI +NTSTATUS +NTAPI +ZwSaveKey( + /*IN*/ HANDLE KeyHandle, + /*IN*/ HANDLE FileHandle); + +NTOSAPI +NTSTATUS +NTAPI +ZwSaveMergedKeys( + /*IN*/ HANDLE KeyHandle1, + /*IN*/ HANDLE KeyHandle2, + /*IN*/ HANDLE FileHandle); + +NTOSAPI +NTSTATUS +NTAPI +ZwRestoreKey( + /*IN*/ HANDLE KeyHandle, + /*IN*/ HANDLE FileHandle, + /*IN*/ ULONG Flags); + +NTOSAPI +NTSTATUS +NTAPI +ZwLoadKey( + /*IN*/ POBJECT_ATTRIBUTES KeyObjectAttributes, + /*IN*/ POBJECT_ATTRIBUTES FileObjectAttributes); + +NTOSAPI +NTSTATUS +NTAPI +ZwLoadKey2( + /*IN*/ POBJECT_ATTRIBUTES KeyObjectAttributes, + /*IN*/ POBJECT_ATTRIBUTES FileObjectAttributes, + /*IN*/ ULONG Flags); + +NTOSAPI +NTSTATUS +NTAPI +ZwUnloadKey( + /*IN*/ POBJECT_ATTRIBUTES KeyObjectAttributes); + +NTOSAPI +NTSTATUS +NTAPI +ZwQueryOpenSubKeys( + /*IN*/ POBJECT_ATTRIBUTES KeyObjectAttributes, + /*OUT*/ PULONG NumberOfKeys); + +NTOSAPI +NTSTATUS +NTAPI +ZwReplaceKey( + /*IN*/ POBJECT_ATTRIBUTES NewFileObjectAttributes, + /*IN*/ HANDLE KeyHandle, + /*IN*/ POBJECT_ATTRIBUTES OldFileObjectAttributes); + +typedef enum _KEY_SET_INFORMATION_CLASS { + KeyLastWriteTimeInformation +} KEY_SET_INFORMATION_CLASS; + +NTOSAPI +NTSTATUS +NTAPI +ZwSetInformationKey( + /*IN*/ HANDLE KeyHandle, + /*IN*/ KEY_SET_INFORMATION_CLASS KeyInformationClass, + /*IN*/ PVOID KeyInformation, + /*IN*/ ULONG KeyInformationLength); + +typedef struct _KEY_LAST_WRITE_TIME_INFORMATION { + LARGE_INTEGER LastWriteTime; +} KEY_LAST_WRITE_TIME_INFORMATION, *PKEY_LAST_WRITE_TIME_INFORMATION; + +typedef struct _KEY_NAME_INFORMATION { + ULONG NameLength; + WCHAR Name[1]; +} KEY_NAME_INFORMATION, *PKEY_NAME_INFORMATION; + +NTOSAPI +NTSTATUS +NTAPI +ZwNotifyChangeKey( + /*IN*/ HANDLE KeyHandle, + /*IN*/ HANDLE EventHandle /*OPTIONAL*/, + /*IN*/ PIO_APC_ROUTINE ApcRoutine /*OPTIONAL*/, + /*IN*/ PVOID ApcContext /*OPTIONAL*/, + /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock, + /*IN*/ ULONG NotifyFilter, + /*IN*/ BOOLEAN WatchSubtree, + /*IN*/ PVOID Buffer, + /*IN*/ ULONG BufferLength, + /*IN*/ BOOLEAN Asynchronous); + +/* ZwNotifyChangeMultipleKeys.Flags constants */ +#define REG_MONITOR_SINGLE_KEY 0x00 +#define REG_MONITOR_SECOND_KEY 0x01 + +NTOSAPI +NTSTATUS +NTAPI +ZwNotifyChangeMultipleKeys( + /*IN*/ HANDLE KeyHandle, + /*IN*/ ULONG Flags, + /*IN*/ POBJECT_ATTRIBUTES KeyObjectAttributes, + /*IN*/ HANDLE EventHandle /*OPTIONAL*/, + /*IN*/ PIO_APC_ROUTINE ApcRoutine /*OPTIONAL*/, + /*IN*/ PVOID ApcContext /*OPTIONAL*/, + /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock, + /*IN*/ ULONG NotifyFilter, + /*IN*/ BOOLEAN WatchSubtree, + /*IN*/ PVOID Buffer, + /*IN*/ ULONG BufferLength, + /*IN*/ BOOLEAN Asynchronous); + +NTOSAPI +NTSTATUS +NTAPI +ZwQueryMultipleValueKey( + /*IN*/ HANDLE KeyHandle, + /*IN OUT*/ PKEY_VALUE_ENTRY ValueList, + /*IN*/ ULONG NumberOfValues, + /*OUT*/ PVOID Buffer, + /*IN OUT*/ PULONG Length, + /*OUT*/ PULONG ReturnLength); + +NTOSAPI +NTSTATUS +NTAPI +ZwInitializeRegistry( + /*IN*/ BOOLEAN Setup); + + + + +/* Security and auditing */ + +NTOSAPI +NTSTATUS +NTAPI +ZwPrivilegeCheck( + /*IN*/ HANDLE TokenHandle, + /*IN*/ PPRIVILEGE_SET RequiredPrivileges, + /*OUT*/ PBOOLEAN Result); + +NTOSAPI +NTSTATUS +NTAPI +ZwPrivilegeObjectAuditAlarm( + /*IN*/ PUNICODE_STRING SubsystemName, + /*IN*/ PVOID HandleId, + /*IN*/ HANDLE TokenHandle, + /*IN*/ ACCESS_MASK DesiredAccess, + /*IN*/ PPRIVILEGE_SET Privileges, + /*IN*/ BOOLEAN AccessGranted); + +NTOSAPI +NTSTATUS +NTAPI +ZwPrivilegeObjectAuditAlarm( + /*IN*/ PUNICODE_STRING SubsystemName, + /*IN*/ PVOID HandleId, + /*IN*/ HANDLE TokenHandle, + /*IN*/ ACCESS_MASK DesiredAccess, + /*IN*/ PPRIVILEGE_SET Privileges, + /*IN*/ BOOLEAN AccessGranted); + +NTOSAPI +NTSTATUS +NTAPI +ZwAccessCheck( + /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, + /*IN*/ HANDLE TokenHandle, + /*IN*/ ACCESS_MASK DesiredAccess, + /*IN*/ PGENERIC_MAPPING GenericMapping, + /*IN*/ PPRIVILEGE_SET PrivilegeSet, + /*IN*/ PULONG PrivilegeSetLength, + /*OUT*/ PACCESS_MASK GrantedAccess, + /*OUT*/ PBOOLEAN AccessStatus); + +NTOSAPI +NTSTATUS +NTAPI +ZwAccessCheckAndAuditAlarm( + /*IN*/ PUNICODE_STRING SubsystemName, + /*IN*/ PVOID HandleId, + /*IN*/ PUNICODE_STRING ObjectTypeName, + /*IN*/ PUNICODE_STRING ObjectName, + /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, + /*IN*/ ACCESS_MASK DesiredAccess, + /*IN*/ PGENERIC_MAPPING GenericMapping, + /*IN*/ BOOLEAN ObjectCreation, + /*OUT*/ PACCESS_MASK GrantedAccess, + /*OUT*/ PBOOLEAN AccessStatus, + /*OUT*/ PBOOLEAN GenerateOnClose); + +NTOSAPI +NTSTATUS +NTAPI +ZwAccessCheckByType( + /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, + /*IN*/ PSID PrincipalSelfSid, + /*IN*/ HANDLE TokenHandle, + /*IN*/ ULONG DesiredAccess, + /*IN*/ POBJECT_TYPE_LIST ObjectTypeList, + /*IN*/ ULONG ObjectTypeListLength, + /*IN*/ PGENERIC_MAPPING GenericMapping, + /*IN*/ PPRIVILEGE_SET PrivilegeSet, + /*IN*/ PULONG PrivilegeSetLength, + /*OUT*/ PACCESS_MASK GrantedAccess, + /*OUT*/ PULONG AccessStatus); + +typedef enum _AUDIT_EVENT_TYPE { + AuditEventObjectAccess, + AuditEventDirectoryServiceAccess +} AUDIT_EVENT_TYPE, *PAUDIT_EVENT_TYPE; + +NTOSAPI +NTSTATUS +NTAPI +ZwAccessCheckByTypeAndAuditAlarm( + /*IN*/ PUNICODE_STRING SubsystemName, + /*IN*/ PVOID HandleId, + /*IN*/ PUNICODE_STRING ObjectTypeName, + /*IN*/ PUNICODE_STRING ObjectName, + /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, + /*IN*/ PSID PrincipalSelfSid, + /*IN*/ ACCESS_MASK DesiredAccess, + /*IN*/ AUDIT_EVENT_TYPE AuditType, + /*IN*/ ULONG Flags, + /*IN*/ POBJECT_TYPE_LIST ObjectTypeList, + /*IN*/ ULONG ObjectTypeListLength, + /*IN*/ PGENERIC_MAPPING GenericMapping, + /*IN*/ BOOLEAN ObjectCreation, + /*OUT*/ PACCESS_MASK GrantedAccess, + /*OUT*/ PULONG AccessStatus, + /*OUT*/ PBOOLEAN GenerateOnClose); + +NTOSAPI +NTSTATUS +NTAPI +ZwAccessCheckByTypeResultList( + /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, + /*IN*/ PSID PrincipalSelfSid, + /*IN*/ HANDLE TokenHandle, + /*IN*/ ACCESS_MASK DesiredAccess, + /*IN*/ POBJECT_TYPE_LIST ObjectTypeList, + /*IN*/ ULONG ObjectTypeListLength, + /*IN*/ PGENERIC_MAPPING GenericMapping, + /*IN*/ PPRIVILEGE_SET PrivilegeSet, + /*IN*/ PULONG PrivilegeSetLength, + /*OUT*/ PACCESS_MASK GrantedAccessList, + /*OUT*/ PULONG AccessStatusList); + +NTOSAPI +NTSTATUS +NTAPI +ZwAccessCheckByTypeResultListAndAuditAlarm( + /*IN*/ PUNICODE_STRING SubsystemName, + /*IN*/ PVOID HandleId, + /*IN*/ PUNICODE_STRING ObjectTypeName, + /*IN*/ PUNICODE_STRING ObjectName, + /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, + /*IN*/ PSID PrincipalSelfSid, + /*IN*/ ACCESS_MASK DesiredAccess, + /*IN*/ AUDIT_EVENT_TYPE AuditType, + /*IN*/ ULONG Flags, + /*IN*/ POBJECT_TYPE_LIST ObjectTypeList, + /*IN*/ ULONG ObjectTypeListLength, + /*IN*/ PGENERIC_MAPPING GenericMapping, + /*IN*/ BOOLEAN ObjectCreation, + /*OUT*/ PACCESS_MASK GrantedAccessList, + /*OUT*/ PULONG AccessStatusList, + /*OUT*/ PULONG GenerateOnClose); + +NTOSAPI +NTSTATUS +NTAPI +ZwAccessCheckByTypeResultListAndAuditAlarmByHandle( + /*IN*/ PUNICODE_STRING SubsystemName, + /*IN*/ PVOID HandleId, + /*IN*/ HANDLE TokenHandle, + /*IN*/ PUNICODE_STRING ObjectTypeName, + /*IN*/ PUNICODE_STRING ObjectName, + /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, + /*IN*/ PSID PrincipalSelfSid, + /*IN*/ ACCESS_MASK DesiredAccess, + /*IN*/ AUDIT_EVENT_TYPE AuditType, + /*IN*/ ULONG Flags, + /*IN*/ POBJECT_TYPE_LIST ObjectTypeList, + /*IN*/ ULONG ObjectTypeListLength, + /*IN*/ PGENERIC_MAPPING GenericMapping, + /*IN*/ BOOLEAN ObjectCreation, + /*OUT*/ PACCESS_MASK GrantedAccessList, + /*OUT*/ PULONG AccessStatusList, + /*OUT*/ PULONG GenerateOnClose); + +NTOSAPI +NTSTATUS +NTAPI +ZwOpenObjectAuditAlarm( + /*IN*/ PUNICODE_STRING SubsystemName, + /*IN*/ PVOID *HandleId, + /*IN*/ PUNICODE_STRING ObjectTypeName, + /*IN*/ PUNICODE_STRING ObjectName, + /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, + /*IN*/ HANDLE TokenHandle, + /*IN*/ ACCESS_MASK DesiredAccess, + /*IN*/ ACCESS_MASK GrantedAccess, + /*IN*/ PPRIVILEGE_SET Privileges /*OPTIONAL*/, + /*IN*/ BOOLEAN ObjectCreation, + /*IN*/ BOOLEAN AccessGranted, + /*OUT*/ PBOOLEAN GenerateOnClose); + +NTOSAPI +NTSTATUS +NTAPI +ZwCloseObjectAuditAlarm( + /*IN*/ PUNICODE_STRING SubsystemName, + /*IN*/ PVOID HandleId, + /*IN*/ BOOLEAN GenerateOnClose); + +NTOSAPI +NTSTATUS +NTAPI +ZwDeleteObjectAuditAlarm( + /*IN*/ PUNICODE_STRING SubsystemName, + /*IN*/ PVOID HandleId, + /*IN*/ BOOLEAN GenerateOnClose); + + + + +/* Plug and play and power management */ + +NTOSAPI +NTSTATUS +NTAPI +ZwRequestWakeupLatency( + /*IN*/ LATENCY_TIME Latency); + +NTOSAPI +NTSTATUS +NTAPI +ZwRequestDeviceWakeup( + /*IN*/ HANDLE DeviceHandle); + +NTOSAPI +NTSTATUS +NTAPI +ZwCancelDeviceWakeupRequest( + /*IN*/ HANDLE DeviceHandle); + +NTOSAPI +BOOLEAN +NTAPI +ZwIsSystemResumeAutomatic( + VOID); + +NTOSAPI +NTSTATUS +NTAPI +ZwSetThreadExecutionState( + /*IN*/ EXECUTION_STATE ExecutionState, + /*OUT*/ PEXECUTION_STATE PreviousExecutionState); + +NTOSAPI +NTSTATUS +NTAPI +ZwGetDevicePowerState( + /*IN*/ HANDLE DeviceHandle, + /*OUT*/ PDEVICE_POWER_STATE DevicePowerState); + +NTOSAPI +NTSTATUS +NTAPI +ZwSetSystemPowerState( + /*IN*/ POWER_ACTION SystemAction, + /*IN*/ SYSTEM_POWER_STATE MinSystemState, + /*IN*/ ULONG Flags); + +NTOSAPI +NTSTATUS +NTAPI +ZwInitiatePowerAction( + /*IN*/ POWER_ACTION SystemAction, + /*IN*/ SYSTEM_POWER_STATE MinSystemState, + /*IN*/ ULONG Flags, + /*IN*/ BOOLEAN Asynchronous); + +NTOSAPI +NTSTATUS +NTAPI +ZwPowerInformation( + /*IN*/ POWER_INFORMATION_LEVEL PowerInformationLevel, + /*IN*/ PVOID InputBuffer /*OPTIONAL*/, + /*IN*/ ULONG InputBufferLength, + /*OUT*/ PVOID OutputBuffer /*OPTIONAL*/, + /*IN*/ ULONG OutputBufferLength); + +NTOSAPI +NTSTATUS +NTAPI +ZwPlugPlayControl( + /*IN*/ ULONG ControlCode, + /*IN OUT*/ PVOID Buffer, + /*IN*/ ULONG BufferLength); + +NTOSAPI +NTSTATUS +NTAPI +ZwGetPlugPlayEvent( + /*IN*/ ULONG Reserved1, + /*IN*/ ULONG Reserved2, + /*OUT*/ PVOID Buffer, + /*IN*/ ULONG BufferLength); + + + + +/* Miscellany */ + +NTOSAPI +NTSTATUS +NTAPI +ZwRaiseException( + /*IN*/ PEXCEPTION_RECORD ExceptionRecord, + /*IN*/ PCONTEXT Context, + /*IN*/ BOOLEAN SearchFrames); + +NTOSAPI +NTSTATUS +NTAPI +ZwContinue( + /*IN*/ PCONTEXT Context, + /*IN*/ BOOLEAN TestAlert); + +NTOSAPI +NTSTATUS +NTAPI +ZwW32Call( + /*IN*/ ULONG RoutineIndex, + /*IN*/ PVOID Argument, + /*IN*/ ULONG ArgumentLength, + /*OUT*/ PVOID *Result /*OPTIONAL*/, + /*OUT*/ PULONG ResultLength /*OPTIONAL*/); + +NTOSAPI +NTSTATUS +NTAPI +ZwSetLowWaitHighThread( + VOID); + +NTOSAPI +NTSTATUS +NTAPI +ZwSetHighWaitLowThread( + VOID); + +NTOSAPI +NTSTATUS +NTAPI +ZwLoadDriver( + /*IN*/ PUNICODE_STRING DriverServiceName); + +NTOSAPI +NTSTATUS +NTAPI +ZwUnloadDriver( + /*IN*/ PUNICODE_STRING DriverServiceName); + +NTOSAPI +NTSTATUS +NTAPI +ZwFlushInstructionCache( + /*IN*/ HANDLE ProcessHandle, + /*IN*/ PVOID BaseAddress /*OPTIONAL*/, + /*IN*/ ULONG FlushSize); + +NTOSAPI +NTSTATUS +NTAPI +ZwFlushWriteBuffer( + VOID); + +NTOSAPI +NTSTATUS +NTAPI +ZwQueryDefaultLocale( + /*IN*/ BOOLEAN ThreadOrSystem, + /*OUT*/ PLCID Locale); + +NTOSAPI +NTSTATUS +NTAPI +ZwSetDefaultLocale( + /*IN*/ BOOLEAN ThreadOrSystem, + /*IN*/ LCID Locale); + +NTOSAPI +NTSTATUS +NTAPI +ZwQueryDefaultUILanguage( + /*OUT*/ PLANGID LanguageId); + +NTOSAPI +NTSTATUS +NTAPI +ZwSetDefaultUILanguage( + /*IN*/ LANGID LanguageId); + +NTOSAPI +NTSTATUS +NTAPI +ZwQueryInstallUILanguage( + /*OUT*/ PLANGID LanguageId); + +NTOSAPI +NTSTATUS +NTAPI +NtAllocateLocallyUniqueId( + /*OUT*/ PLUID Luid); + +NTOSAPI +NTSTATUS +NTAPI +NtAllocateUuids( + /*OUT*/ PLARGE_INTEGER UuidLastTimeAllocated, + /*OUT*/ PULONG UuidDeltaTime, + /*OUT*/ PULONG UuidSequenceNumber, + /*OUT*/ PUCHAR UuidSeed); + +NTOSAPI +NTSTATUS +NTAPI +ZwSetUuidSeed( + /*IN*/ PUCHAR UuidSeed); + +typedef enum _HARDERROR_RESPONSE_OPTION { + OptionAbortRetryIgnore, + OptionOk, + OptionOkCancel, + OptionRetryCancel, + OptionYesNo, + OptionYesNoCancel, + OptionShutdownSystem +} HARDERROR_RESPONSE_OPTION, *PHARDERROR_RESPONSE_OPTION; + +typedef enum _HARDERROR_RESPONSE { + ResponseReturnToCaller, + ResponseNotHandled, + ResponseAbort, + ResponseCancel, + ResponseIgnore, + ResponseNo, + ResponseOk, + ResponseRetry, + ResponseYes +} HARDERROR_RESPONSE, *PHARDERROR_RESPONSE; + +NTOSAPI +NTSTATUS +NTAPI +ZwRaiseHardError( + /*IN*/ NTSTATUS Status, + /*IN*/ ULONG NumberOfArguments, + /*IN*/ ULONG StringArgumentsMask, + /*IN*/ PULONG Arguments, + /*IN*/ HARDERROR_RESPONSE_OPTION ResponseOption, + /*OUT*/ PHARDERROR_RESPONSE Response); + +NTOSAPI +NTSTATUS +NTAPI +ZwSetDefaultHardErrorPort( + /*IN*/ HANDLE PortHandle); + +NTOSAPI +NTSTATUS +NTAPI +ZwDisplayString( + /*IN*/ PUNICODE_STRING String); + +NTOSAPI +NTSTATUS +NTAPI +ZwCreatePagingFile( + /*IN*/ PUNICODE_STRING FileName, + /*IN*/ PULARGE_INTEGER InitialSize, + /*IN*/ PULARGE_INTEGER MaximumSize, + /*IN*/ ULONG Reserved); + +typedef USHORT RTL_ATOM, *PRTL_ATOM; + +NTOSAPI +NTSTATUS +NTAPI +NtAddAtom( + /*IN*/ PWSTR AtomName, + /*IN*/ ULONG AtomNameLength, + /*OUT*/ PRTL_ATOM Atom); + +NTOSAPI +NTSTATUS +NTAPI +NtFindAtom( + /*IN*/ PWSTR AtomName, + /*IN*/ ULONG AtomNameLength, + /*OUT*/ PRTL_ATOM Atom); + +NTOSAPI +NTSTATUS +NTAPI +NtDeleteAtom( + /*IN*/ RTL_ATOM Atom); + +typedef enum _ATOM_INFORMATION_CLASS { + AtomBasicInformation, + AtomListInformation +} ATOM_INFORMATION_CLASS; + +NTOSAPI +NTSTATUS +NTAPI +NtQueryInformationAtom( + /*IN*/ RTL_ATOM Atom, + /*IN*/ ATOM_INFORMATION_CLASS AtomInformationClass, + /*OUT*/ PVOID AtomInformation, + /*IN*/ ULONG AtomInformationLength, + /*OUT*/ PULONG ReturnLength /*OPTIONAL*/); + +typedef struct _ATOM_BASIC_INFORMATION { + USHORT ReferenceCount; + USHORT Pinned; + USHORT NameLength; + WCHAR Name[1]; +} ATOM_BASIC_INFORMATION, *PATOM_BASIC_INFORMATION; + +typedef struct _ATOM_LIST_INFORMATION { + ULONG NumberOfAtoms; + ATOM Atoms[1]; +} ATOM_LIST_INFORMATION, *PATOM_LIST_INFORMATION; + +NTOSAPI +NTSTATUS +NTAPI +ZwSetLdtEntries( + /*IN*/ ULONG Selector1, + /*IN*/ LDT_ENTRY LdtEntry1, + /*IN*/ ULONG Selector2, + /*IN*/ LDT_ENTRY LdtEntry2); + +NTOSAPI +NTSTATUS +NTAPI +NtVdmControl( + /*IN*/ ULONG ControlCode, + /*IN*/ PVOID ControlData); + +#pragma pack(pop) + +#ifdef __cplusplus +} +#endif + +#endif /* __NTAPI_H */