4 * COPYRIGHT: See COPYING in the top level directory
5 * PROJECT: ReactOS kernel
6 * PURPOSE: System call definitions
7 * FILE: include/ddk/zw.h
9 * ??/??/??: First few functions (David Welch)
10 * ??/??/??: Complete implementation by Ariadne
11 * 13/07/98: Reorganised things a bit (David Welch)
12 * 04/08/98: Added some documentation (Ariadne)
13 * 14/08/98: Added type TIME and change variable type from [1] to [0]
14 * 14/09/98: Added for each Nt call a corresponding Zw Call
20 #include <ntos/security.h>
21 #include <napi/npipe.h>
24 //#define SECURITY_INFORMATION ULONG
25 //typedef ULONG SECURITY_INFORMATION;
29 * FUNCTION: Checks a clients access rights to a object
31 * SecurityDescriptor = Security information against which the access is checked
32 * ClientToken = Represents a client
36 * ReturnLength = Bytes written
38 * AccessStatus = Indicates if the ClientToken allows the requested access
39 * REMARKS: The arguments map to the win32 AccessCheck
46 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
47 IN HANDLE ClientToken,
48 IN ACCESS_MASK DesiredAcces,
49 IN PGENERIC_MAPPING GenericMapping,
50 OUT PPRIVILEGE_SET PrivilegeSet,
51 OUT PULONG ReturnLength,
52 OUT PULONG GrantedAccess,
53 OUT PBOOLEAN AccessStatus
59 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
60 IN HANDLE ClientToken,
61 IN ACCESS_MASK DesiredAcces,
62 IN PGENERIC_MAPPING GenericMapping,
63 OUT PPRIVILEGE_SET PrivilegeSet,
64 OUT PULONG ReturnLength,
65 OUT PULONG GrantedAccess,
66 OUT PBOOLEAN AccessStatus
70 * FUNCTION: Checks a clients access rights to a object and issues a audit a alarm. ( it logs the access )
72 * SubsystemName = Specifies the name of the subsystem, can be "WIN32" or "DEBUG"
81 * REMARKS: The arguments map to the win32 AccessCheck
87 NtAccessCheckAndAuditAlarm(
88 IN PUNICODE_STRING SubsystemName,
89 IN PHANDLE ObjectHandle,
90 IN POBJECT_ATTRIBUTES ObjectAttributes,
91 IN ACCESS_MASK DesiredAccess,
92 IN PGENERIC_MAPPING GenericMapping,
93 IN BOOLEAN ObjectCreation,
94 OUT PULONG GrantedAccess,
95 OUT PBOOLEAN AccessStatus,
96 OUT PBOOLEAN GenerateOnClose
101 ZwAccessCheckAndAuditAlarm(
102 IN PUNICODE_STRING SubsystemName,
103 IN PHANDLE ObjectHandle,
104 IN POBJECT_ATTRIBUTES ObjectAttributes,
105 IN ACCESS_MASK DesiredAccess,
106 IN PGENERIC_MAPPING GenericMapping,
107 IN BOOLEAN ObjectCreation,
108 OUT PULONG GrantedAccess,
109 OUT PBOOLEAN AccessStatus,
110 OUT PBOOLEAN GenerateOnClose
114 * FUNCTION: Adds an atom to the global atom table
116 * AtomString = The string to add to the atom table.
117 * Atom (OUT) = Caller supplies storage for the resulting atom.
118 * REMARKS: The arguments map to the win32 add GlobalAddAtom.
125 IN OUT PRTL_ATOM Atom
133 IN OUT PRTL_ATOM Atom
138 * FUNCTION: Adjusts the groups in an access token
140 * TokenHandle = Specifies the access token
141 * ResetToDefault = If true the NewState parameter is ignored and the groups are set to
142 * their default state, if false the groups specified in
145 * BufferLength = Specifies the size of the buffer for the PreviousState.
147 * ReturnLength = Bytes written in PreviousState buffer.
148 * REMARKS: The arguments map to the win32 AdjustTokenGroups
155 IN HANDLE TokenHandle,
156 IN BOOLEAN ResetToDefault,
157 IN PTOKEN_GROUPS NewState,
158 IN ULONG BufferLength,
159 OUT PTOKEN_GROUPS PreviousState OPTIONAL,
160 OUT PULONG ReturnLength
166 IN HANDLE TokenHandle,
167 IN BOOLEAN ResetToDefault,
168 IN PTOKEN_GROUPS NewState,
169 IN ULONG BufferLength,
170 OUT PTOKEN_GROUPS PreviousState,
171 OUT PULONG ReturnLength
179 * TokenHandle = Handle to the access token
180 * DisableAllPrivileges = The resulting suspend count.
186 * The arguments map to the win32 AdjustTokenPrivileges
192 NtAdjustPrivilegesToken(
193 IN HANDLE TokenHandle,
194 IN BOOLEAN DisableAllPrivileges,
195 IN PTOKEN_PRIVILEGES NewState,
196 IN ULONG BufferLength,
197 OUT PTOKEN_PRIVILEGES PreviousState,
198 OUT PULONG ReturnLength
203 ZwAdjustPrivilegesToken(
204 IN HANDLE TokenHandle,
205 IN BOOLEAN DisableAllPrivileges,
206 IN PTOKEN_PRIVILEGES NewState,
207 IN ULONG BufferLength,
208 OUT PTOKEN_PRIVILEGES PreviousState,
209 OUT PULONG ReturnLength
214 * FUNCTION: Decrements a thread's suspend count and places it in an alerted
217 * ThreadHandle = Handle to the thread that should be resumed
218 * SuspendCount = The resulting suspend count.
220 * A thread is resumed if its suspend count is 0
226 IN HANDLE ThreadHandle,
227 OUT PULONG SuspendCount
233 IN HANDLE ThreadHandle,
234 OUT PULONG SuspendCount
238 * FUNCTION: Puts the thread in a alerted state
240 * ThreadHandle = Handle to the thread that should be alerted
246 IN HANDLE ThreadHandle
252 IN HANDLE ThreadHandle
257 * FUNCTION: Allocates a locally unique id
259 * LocallyUniqueId = Locally unique number
264 NtAllocateLocallyUniqueId(
265 OUT LUID *LocallyUniqueId
270 ZwAllocateLocallyUniqueId(
277 PULARGE_INTEGER Time,
285 PULARGE_INTEGER Time,
292 * FUNCTION: Allocates a block of virtual memory in the process address space
294 * ProcessHandle = The handle of the process which owns the virtual memory
295 * BaseAddress = A pointer to the virtual memory allocated. If you supply a non zero
296 * value the system will try to allocate the memory at the address supplied. It rounds
297 * it down to a multiple if the page size.
298 * ZeroBits = (OPTIONAL) You can specify the number of high order bits that must be zero, ensuring that
299 * the memory will be allocated at a address below a certain value.
300 * RegionSize = The number of bytes to allocate
301 * AllocationType = Indicates the type of virtual memory you like to allocated,
302 * can be one of the values : MEM_COMMIT, MEM_RESERVE, MEM_RESET, MEM_TOP_DOWN
303 * Protect = Indicates the protection type of the pages allocated, can be a combination of
304 * PAGE_READONLY, PAGE_READWRITE, PAGE_EXECUTE_READ,
305 * PAGE_EXECUTE_READWRITE, PAGE_GUARD, PAGE_NOACCESS, PAGE_NOACCESS
307 * This function maps to the win32 VirtualAllocEx. Virtual memory is process based so the
308 * protocol starts with a ProcessHandle. I splitted the functionality of obtaining the actual address and specifying
309 * the start address in two parameters ( BaseAddress and StartAddress ) The NumberOfBytesAllocated specify the range
310 * and the AllocationType and ProctectionType map to the other two parameters.
315 NtAllocateVirtualMemory (
316 IN HANDLE ProcessHandle,
317 IN OUT PVOID *BaseAddress,
319 IN OUT PULONG RegionSize,
320 IN ULONG AllocationType,
326 ZwAllocateVirtualMemory (
327 IN HANDLE ProcessHandle,
328 IN OUT PVOID *BaseAddress,
330 IN OUT PULONG RegionSize,
331 IN ULONG AllocationType,
335 * FUNCTION: Returns from a callback into user mode
339 //FIXME: this function might need 3 parameters
340 NTSTATUS STDCALL NtCallbackReturn(PVOID Result,
344 NTSTATUS STDCALL ZwCallbackReturn(PVOID Result,
349 * FUNCTION: Cancels a IO request
351 * FileHandle = Handle to the file
355 * This function maps to the win32 CancelIo.
361 IN HANDLE FileHandle,
362 OUT PIO_STATUS_BLOCK IoStatusBlock
368 IN HANDLE FileHandle,
369 OUT PIO_STATUS_BLOCK IoStatusBlock
372 * FUNCTION: Cancels a timer
374 * TimerHandle = Handle to the timer
375 * CurrentState = Specifies the state of the timer when cancelled.
377 * The arguments to this function map to the function CancelWaitableTimer.
383 IN HANDLE TimerHandle,
384 OUT PBOOLEAN CurrentState OPTIONAL
390 IN HANDLE TimerHandle,
391 OUT ULONG ElapsedTime
394 * FUNCTION: Sets the status of the event back to non-signaled
396 * EventHandle = Handle to the event
398 * This function maps to win32 function ResetEvent.
405 IN HANDLE EventHandle
411 IN HANDLE EventHandle
415 * FUNCTION: Closes an object handle
417 * Handle = Handle to the object
419 * This function maps to the win32 function CloseHandle.
436 * FUNCTION: Generates an audit message when a handle to an object is dereferenced
439 HandleId = Handle to the object
442 * This function maps to the win32 function ObjectCloseAuditAlarm.
448 NtCloseObjectAuditAlarm(
449 IN PUNICODE_STRING SubsystemName,
451 IN BOOLEAN GenerateOnClose
456 ZwCloseObjectAuditAlarm(
457 IN PUNICODE_STRING SubsystemName,
459 IN BOOLEAN GenerateOnClose
463 * FUNCTION: Continues a thread with the specified context
465 * Context = Specifies the processor context
466 * IrqLevel = Specifies the Interupt Request Level to continue with. Can
467 * be PASSIVE_LEVEL or APC_LEVEL
469 * NtContinue can be used to continue after an exception or apc.
472 //FIXME This function might need another parameter
481 NTSTATUS STDCALL ZwContinue(IN PCONTEXT Context, IN CINT IrqLevel);
485 * FUNCTION: Creates a directory object
487 * DirectoryHandle (OUT) = Caller supplied storage for the resulting handle
488 * DesiredAccess = Specifies access to the directory
489 * ObjectAttribute = Initialized attributes for the object
490 * REMARKS: This function maps to the win32 CreateDirectory. A directory is like a file so it needs a
491 * handle, a access mask and a OBJECT_ATTRIBUTES structure to map the path name and the SECURITY_ATTRIBUTES.
497 NtCreateDirectoryObject(
498 OUT PHANDLE DirectoryHandle,
499 IN ACCESS_MASK DesiredAccess,
500 IN POBJECT_ATTRIBUTES ObjectAttributes
505 ZwCreateDirectoryObject(
506 OUT PHANDLE DirectoryHandle,
507 IN ACCESS_MASK DesiredAccess,
508 IN POBJECT_ATTRIBUTES ObjectAttributes
512 * FUNCTION: Creates an event object
514 * EventHandle (OUT) = Caller supplied storage for the resulting handle
515 * DesiredAccess = Specifies access to the event
516 * ObjectAttribute = Initialized attributes for the object
517 * ManualReset = manual-reset or auto-reset if true you have to reset the state of the event manually
518 * using NtResetEvent/NtClearEvent. if false the system will reset the event to a non-signalled state
519 * automatically after the system has rescheduled a thread waiting on the event.
520 * InitialState = specifies the initial state of the event to be signaled ( TRUE ) or non-signalled (FALSE).
521 * REMARKS: This function maps to the win32 CreateEvent. Demanding a out variable of type HANDLE,
522 * a access mask and a OBJECT_ATTRIBUTES structure mapping to the SECURITY_ATTRIBUTES. ManualReset and InitialState are
523 * both parameters aswell ( possibly the order is reversed ).
530 OUT PHANDLE EventHandle,
531 IN ACCESS_MASK DesiredAccess,
532 IN POBJECT_ATTRIBUTES ObjectAttributes,
533 IN BOOLEAN ManualReset,
534 IN BOOLEAN InitialState
540 OUT PHANDLE EventHandle,
541 IN ACCESS_MASK DesiredAccess,
542 IN POBJECT_ATTRIBUTES ObjectAttributes,
543 IN BOOLEAN ManualReset,
544 IN BOOLEAN InitialState
548 * FUNCTION: Creates an eventpair object
550 * EventPairHandle (OUT) = Caller supplied storage for the resulting handle
551 * DesiredAccess = Specifies access to the event
552 * ObjectAttribute = Initialized attributes for the object
558 OUT PHANDLE EventPairHandle,
559 IN ACCESS_MASK DesiredAccess,
560 IN POBJECT_ATTRIBUTES ObjectAttributes
566 OUT PHANDLE EventPairHandle,
567 IN ACCESS_MASK DesiredAccess,
568 IN POBJECT_ATTRIBUTES ObjectAttributes
573 * FUNCTION: Creates or opens a file, directory or device object.
575 * FileHandle (OUT) = Caller supplied storage for the resulting handle
576 * DesiredAccess = Specifies the allowed or desired access to the file can
577 * be a combination of DELETE | FILE_READ_DATA ..
578 * ObjectAttribute = Initialized attributes for the object, contains the rootdirectory and the filename
579 * IoStatusBlock (OUT) = Caller supplied storage for the resulting status information, indicating if the
580 * the file is created and opened or allready existed and is just opened.
581 * FileAttributes = file attributes can be a combination of FILE_ATTRIBUTE_READONLY | FILE_ATTRIBUTE_HIDDEN ...
582 * ShareAccess = can be a combination of the following: FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE
583 * CreateDisposition = specifies what the behavior of the system if the file allready exists.
584 * CreateOptions = specifies the behavior of the system on file creation.
585 * EaBuffer (OPTIONAL) = Extended Attributes buffer, applies only to files and directories.
586 * EaLength = Extended Attributes buffer size, applies only to files and directories.
587 * REMARKS: This function maps to the win32 CreateFile.
594 OUT PHANDLE FileHandle,
595 IN ACCESS_MASK DesiredAccess,
596 IN POBJECT_ATTRIBUTES ObjectAttributes,
597 OUT PIO_STATUS_BLOCK IoStatusBlock,
598 IN PLARGE_INTEGER AllocationSize OPTIONAL,
599 IN ULONG FileAttributes,
600 IN ULONG ShareAccess,
601 IN ULONG CreateDisposition,
602 IN ULONG CreateOptions,
603 IN PVOID EaBuffer OPTIONAL,
610 OUT PHANDLE FileHandle,
611 IN ACCESS_MASK DesiredAccess,
612 IN POBJECT_ATTRIBUTES ObjectAttributes,
613 OUT PIO_STATUS_BLOCK IoStatusBlock,
614 IN PLARGE_INTEGER AllocationSize OPTIONAL,
615 IN ULONG FileAttributes,
616 IN ULONG ShareAccess,
617 IN ULONG CreateDisposition,
618 IN ULONG CreateOptions,
619 IN PVOID EaBuffer OPTIONAL,
624 * FUNCTION: Creates or opens a file, directory or device object.
626 * CompletionPort (OUT) = Caller supplied storage for the resulting handle
627 * DesiredAccess = Specifies the allowed or desired access to the port
629 * NumberOfConcurrentThreads =
630 * REMARKS: This function maps to the win32 CreateIoCompletionPort
637 NtCreateIoCompletion(
638 OUT PHANDLE CompletionPort,
639 IN ACCESS_MASK DesiredAccess,
640 OUT PIO_STATUS_BLOCK IoStatusBlock,
641 IN ULONG NumberOfConcurrentThreads
646 ZwCreateIoCompletion(
647 OUT PHANDLE CompletionPort,
648 IN ACCESS_MASK DesiredAccess,
649 OUT PIO_STATUS_BLOCK IoStatusBlock,
650 IN ULONG NumberOfConcurrentThreads
655 * FUNCTION: Creates a mail slot file
657 * MailSlotFileHandle (OUT) = Caller supplied storage for the resulting handle
658 * DesiredAccess = Specifies the allowed or desired access to the file
659 * ObjectAttributes = Contains the name of the mailslotfile.
666 * REMARKS: This funciton maps to the win32 function CreateMailSlot
673 NtCreateMailslotFile(
674 OUT PHANDLE MailSlotFileHandle,
675 IN ACCESS_MASK DesiredAccess,
676 IN POBJECT_ATTRIBUTES ObjectAttributes,
677 OUT PIO_STATUS_BLOCK IoStatusBlock,
678 IN ULONG FileAttributes,
679 IN ULONG ShareAccess,
680 IN ULONG MaxMessageSize,
681 IN PLARGE_INTEGER TimeOut
686 ZwCreateMailslotFile(
687 OUT PHANDLE MailSlotFileHandle,
688 IN ACCESS_MASK DesiredAccess,
689 IN POBJECT_ATTRIBUTES ObjectAttributes,
690 OUT PIO_STATUS_BLOCK IoStatusBlock,
691 IN ULONG FileAttributes,
692 IN ULONG ShareAccess,
693 IN ULONG MaxMessageSize,
694 IN PLARGE_INTEGER TimeOut
698 * FUNCTION: Creates or opens a mutex
700 * MutantHandle (OUT) = Caller supplied storage for the resulting handle
701 * DesiredAccess = Specifies the allowed or desired access to the port
702 * ObjectAttributes = Contains the name of the mutex.
703 * InitialOwner = If true the calling thread acquires ownership
705 * REMARKS: This funciton maps to the win32 function CreateMutex
712 OUT PHANDLE MutantHandle,
713 IN ACCESS_MASK DesiredAccess,
714 IN POBJECT_ATTRIBUTES ObjectAttributes,
715 IN BOOLEAN InitialOwner
721 OUT PHANDLE MutantHandle,
722 IN ACCESS_MASK DesiredAccess,
723 IN POBJECT_ATTRIBUTES ObjectAttributes,
724 IN BOOLEAN InitialOwner
729 * FUNCTION: Creates a paging file.
731 * FileName = Name of the pagefile
732 * InitialSize = Specifies the initial size in bytes
733 * MaximumSize = Specifies the maximum size in bytes
734 * Reserved = Reserved for future use
740 IN PUNICODE_STRING FileName,
741 IN PLARGE_INTEGER InitialSize,
742 IN PLARGE_INTEGER MaxiumSize,
749 IN PUNICODE_STRING FileName,
750 IN PLARGE_INTEGER InitialSize,
751 IN PLARGE_INTEGER MaxiumSize,
756 * FUNCTION: Creates a process.
758 * ProcessHandle (OUT) = Caller supplied storage for the resulting handle
759 * DesiredAccess = Specifies the allowed or desired access to the process can
760 * be a combinate of STANDARD_RIGHTS_REQUIRED| ..
761 * ObjectAttribute = Initialized attributes for the object, contains the rootdirectory and the filename
762 * ParentProcess = Handle to the parent process.
763 * InheritObjectTable = Specifies to inherit the objects of the parent process if true.
764 * SectionHandle = Handle to a section object to back the image file
765 * DebugPort = Handle to a DebugPort if NULL the system default debug port will be used.
766 * ExceptionPort = Handle to a exception port.
768 * This function maps to the win32 CreateProcess.
774 OUT PHANDLE ProcessHandle,
775 IN ACCESS_MASK DesiredAccess,
776 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
777 IN HANDLE ParentProcess,
778 IN BOOLEAN InheritObjectTable,
779 IN HANDLE SectionHandle OPTIONAL,
780 IN HANDLE DebugPort OPTIONAL,
781 IN HANDLE ExceptionPort OPTIONAL
787 OUT PHANDLE ProcessHandle,
788 IN ACCESS_MASK DesiredAccess,
789 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
790 IN HANDLE ParentProcess,
791 IN BOOLEAN InheritObjectTable,
792 IN HANDLE SectionHandle OPTIONAL,
793 IN HANDLE DebugPort OPTIONAL,
794 IN HANDLE ExceptionPort OPTIONAL
798 * FUNCTION: Creates a profile
800 * ProfileHandle (OUT) = Caller supplied storage for the resulting handle
801 * ObjectAttribute = Initialized attributes for the object
802 * ImageBase = Start address of executable image
803 * ImageSize = Size of the image
804 * Granularity = Bucket size
805 * Buffer = Caller supplies buffer for profiling info
806 * ProfilingSize = Buffer size
807 * ClockSource = Specify 0 / FALSE ??
808 * ProcessorMask = A value of -1 indicates disables per processor profiling,
809 otherwise bit set for the processor to profile.
811 * This function maps to the win32 CreateProcess.
817 NtCreateProfile(OUT PHANDLE ProfileHandle,
818 IN HANDLE ProcessHandle,
821 IN ULONG Granularity,
823 IN ULONG ProfilingSize,
824 IN KPROFILE_SOURCE Source,
825 IN ULONG ProcessorMask);
830 OUT PHANDLE ProfileHandle,
831 IN POBJECT_ATTRIBUTES ObjectAttributes,
834 IN ULONG Granularity,
836 IN ULONG ProfilingSize,
837 IN ULONG ClockSource,
838 IN ULONG ProcessorMask
842 * FUNCTION: Creates a section object.
844 * SectionHandle (OUT) = Caller supplied storage for the resulting handle
845 * DesiredAccess = Specifies the desired access to the section can be a combination of STANDARD_RIGHTS_REQUIRED | SECTION_QUERY | SECTION_MAP_WRITE |
846 * SECTION_MAP_READ | SECTION_MAP_EXECUTE.
847 * ObjectAttribute = Initialized attributes for the object can be used to create a named section
848 * MaxiumSize = Maximizes the size of the memory section. Must be non-NULL for a page-file backed section.
849 * If value specified for a mapped file and the file is not large enough, file will be extended.
850 * SectionPageProtection = Can be a combination of PAGE_READONLY | PAGE_READWRITE | PAGE_WRITEONLY | PAGE_WRITECOPY.
851 * AllocationAttributes = can be a combination of SEC_IMAGE | SEC_RESERVE
852 * FileHanlde = Handle to a file to create a section mapped to a file instead of a memory backed section.
859 OUT PHANDLE SectionHandle,
860 IN ACCESS_MASK DesiredAccess,
861 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
862 IN PLARGE_INTEGER MaximumSize OPTIONAL,
863 IN ULONG SectionPageProtection OPTIONAL,
864 IN ULONG AllocationAttributes,
865 IN HANDLE FileHandle OPTIONAL
871 OUT PHANDLE SectionHandle,
872 IN ACCESS_MASK DesiredAccess,
873 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
874 IN PLARGE_INTEGER MaximumSize OPTIONAL,
875 IN ULONG SectionPageProtection OPTIONAL,
876 IN ULONG AllocationAttributes,
877 IN HANDLE FileHandle OPTIONAL
881 * FUNCTION: Creates a semaphore object for interprocess synchronization.
883 * SemaphoreHandle (OUT) = Caller supplied storage for the resulting handle
884 * DesiredAccess = Specifies the allowed or desired access to the semaphore.
885 * ObjectAttribute = Initialized attributes for the object.
886 * InitialCount = Not necessary zero, might be smaller than zero.
887 * MaximumCount = Maxiumum count the semaphore can reach.
890 * The semaphore is set to signaled when its count is greater than zero, and non-signaled when its count is zero.
893 //FIXME: should a semaphore's initial count allowed to be smaller than zero ??
897 OUT PHANDLE SemaphoreHandle,
898 IN ACCESS_MASK DesiredAccess,
899 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
900 IN LONG InitialCount,
907 OUT PHANDLE SemaphoreHandle,
908 IN ACCESS_MASK DesiredAccess,
909 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
910 IN LONG InitialCount,
915 * FUNCTION: Creates a symbolic link object
917 * SymbolicLinkHandle (OUT) = Caller supplied storage for the resulting handle
918 * DesiredAccess = Specifies the allowed or desired access to the thread.
919 * ObjectAttributes = Initialized attributes for the object.
920 * Name = Target name of the symbolic link
925 NtCreateSymbolicLinkObject(
926 OUT PHANDLE SymbolicLinkHandle,
927 IN ACCESS_MASK DesiredAccess,
928 IN POBJECT_ATTRIBUTES ObjectAttributes,
929 IN PUNICODE_STRING Name
934 ZwCreateSymbolicLinkObject(
935 OUT PHANDLE SymbolicLinkHandle,
936 IN ACCESS_MASK DesiredAccess,
937 IN POBJECT_ATTRIBUTES ObjectAttributes,
938 IN PUNICODE_STRING Name
942 * FUNCTION: Creates a user mode thread
944 * ThreadHandle (OUT) = Caller supplied storage for the resulting handle
945 * DesiredAccess = Specifies the allowed or desired access to the thread.
946 * ObjectAttributes = Initialized attributes for the object.
947 * ProcessHandle = Handle to the threads parent process.
948 * ClientId (OUT) = Caller supplies storage for returned process id and thread id.
949 * ThreadContext = Initial processor context for the thread.
950 * InitialTeb = Initial user mode stack context for the thread.
951 * CreateSuspended = Specifies if the thread is ready for scheduling
953 * This function maps to the win32 function CreateThread.
959 OUT PHANDLE ThreadHandle,
960 IN ACCESS_MASK DesiredAccess,
961 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
962 IN HANDLE ProcessHandle,
963 OUT PCLIENT_ID ClientId,
964 IN PCONTEXT ThreadContext,
965 IN PINITIAL_TEB InitialTeb,
966 IN BOOLEAN CreateSuspended
972 OUT PHANDLE ThreadHandle,
973 IN ACCESS_MASK DesiredAccess,
974 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
975 IN HANDLE ProcessHandle,
976 OUT PCLIENT_ID ClientId,
977 IN PCONTEXT ThreadContext,
978 IN PINITIAL_TEB InitialTeb,
979 IN BOOLEAN CreateSuspended
983 * FUNCTION: Creates a waitable timer.
985 * TimerHandle (OUT) = Caller supplied storage for the resulting handle
986 * DesiredAccess = Specifies the allowed or desired access to the timer.
987 * ObjectAttributes = Initialized attributes for the object.
988 * TimerType = Specifies if the timer should be reset manually.
990 * This function maps to the win32 CreateWaitableTimer. lpTimerAttributes and lpTimerName map to
991 * corresponding fields in OBJECT_ATTRIBUTES structure.
997 OUT PHANDLE TimerHandle,
998 IN ACCESS_MASK DesiredAccess,
999 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
1000 IN TIMER_TYPE TimerType
1006 OUT PHANDLE TimerHandle,
1007 IN ACCESS_MASK DesiredAccess,
1008 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
1009 IN TIMER_TYPE TimerType
1013 * FUNCTION: Creates a token.
1015 * TokenHandle (OUT) = Caller supplied storage for the resulting handle
1016 * DesiredAccess = Specifies the allowed or desired access to the process can
1017 * be a combinate of STANDARD_RIGHTS_REQUIRED| ..
1018 * ObjectAttribute = Initialized attributes for the object, contains the rootdirectory and the filename
1020 * AuthenticationId =
1026 * TokenPrimaryGroup =
1027 * TokenDefaultDacl =
1030 * This function does not map to a win32 function
1037 OUT PHANDLE TokenHandle,
1038 IN ACCESS_MASK DesiredAccess,
1039 IN POBJECT_ATTRIBUTES ObjectAttributes,
1040 IN TOKEN_TYPE TokenType,
1041 IN PLUID AuthenticationId,
1042 IN PLARGE_INTEGER ExpirationTime,
1043 IN PTOKEN_USER TokenUser,
1044 IN PTOKEN_GROUPS TokenGroups,
1045 IN PTOKEN_PRIVILEGES TokenPrivileges,
1046 IN PTOKEN_OWNER TokenOwner,
1047 IN PTOKEN_PRIMARY_GROUP TokenPrimaryGroup,
1048 IN PTOKEN_DEFAULT_DACL TokenDefaultDacl,
1049 IN PTOKEN_SOURCE TokenSource
1055 OUT PHANDLE TokenHandle,
1056 IN ACCESS_MASK DesiredAccess,
1057 IN POBJECT_ATTRIBUTES ObjectAttributes,
1058 IN TOKEN_TYPE TokenType,
1059 IN PLUID AuthenticationId,
1060 IN PLARGE_INTEGER ExpirationTime,
1061 IN PTOKEN_USER TokenUser,
1062 IN PTOKEN_GROUPS TokenGroups,
1063 IN PTOKEN_PRIVILEGES TokenPrivileges,
1064 IN PTOKEN_OWNER TokenOwner,
1065 IN PTOKEN_PRIMARY_GROUP TokenPrimaryGroup,
1066 IN PTOKEN_DEFAULT_DACL TokenDefaultDacl,
1067 IN PTOKEN_SOURCE TokenSource
1071 * FUNCTION: Returns the callers thread TEB.
1072 * RETURNS: The resulting teb.
1082 * FUNCTION: Delays the execution of the calling thread.
1084 * Alertable = If TRUE the thread is alertable during is wait period
1085 * Interval = Specifies the interval to wait.
1088 NTSTATUS STDCALL NtDelayExecution(IN ULONG Alertable, IN TIME* Interval);
1093 IN BOOLEAN Alertable,
1099 * FUNCTION: Deletes an atom from the global atom table
1101 * Atom = Identifies the atom to delete
1103 * The function maps to the win32 GlobalDeleteAtom
1119 * FUNCTION: Deletes a file or a directory
1121 * ObjectAttributes = Name of the file which should be deleted
1123 * This system call is functionally equivalent to NtSetInformationFile
1124 * setting the disposition information.
1125 * The function maps to the win32 DeleteFile.
1131 IN POBJECT_ATTRIBUTES ObjectAttributes
1137 IN POBJECT_ATTRIBUTES ObjectAttributes
1141 * FUNCTION: Deletes a registry key
1143 * KeyHandle = Handle of the key
1158 * FUNCTION: Generates a audit message when an object is deleted
1160 * SubsystemName = Spefies the name of the subsystem can be 'WIN32' or 'DEBUG'
1161 * HandleId= Handle to an audit object
1162 * GenerateOnClose = Value returned by NtAccessCheckAndAuditAlarm
1163 * REMARKS: This function maps to the win32 ObjectCloseAuditAlarm
1169 NtDeleteObjectAuditAlarm (
1170 IN PUNICODE_STRING SubsystemName,
1172 IN BOOLEAN GenerateOnClose
1177 ZwDeleteObjectAuditAlarm (
1178 IN PUNICODE_STRING SubsystemName,
1180 IN BOOLEAN GenerateOnClose
1185 * FUNCTION: Deletes a value from a registry key
1187 * KeyHandle = Handle of the key
1188 * ValueName = Name of the value to delete
1195 IN HANDLE KeyHandle,
1196 IN PUNICODE_STRING ValueName
1202 IN HANDLE KeyHandle,
1203 IN PUNICODE_STRING ValueName
1206 * FUNCTION: Sends IOCTL to the io sub system
1208 * DeviceHandle = Points to the handle that is created by NtCreateFile
1209 * Event = Event to synchronize on STATUS_PENDING
1210 * ApcRoutine = Asynchroneous procedure callback
1211 * ApcContext = Callback context.
1212 * IoStatusBlock = Caller should supply storage for extra information..
1213 * IoControlCode = Contains the IO Control command. This is an
1214 * index to the structures in InputBuffer and OutputBuffer.
1215 * InputBuffer = Caller should supply storage for input buffer if IOTL expects one.
1216 * InputBufferSize = Size of the input bufffer
1217 * OutputBuffer = Caller should supply storage for output buffer if IOTL expects one.
1218 * OutputBufferSize = Size of the input bufffer
1224 NtDeviceIoControlFile(
1225 IN HANDLE DeviceHandle,
1226 IN HANDLE Event OPTIONAL,
1227 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL,
1228 IN PVOID UserApcContext OPTIONAL,
1229 OUT PIO_STATUS_BLOCK IoStatusBlock,
1230 IN ULONG IoControlCode,
1231 IN PVOID InputBuffer,
1232 IN ULONG InputBufferSize,
1233 OUT PVOID OutputBuffer,
1234 IN ULONG OutputBufferSize
1239 ZwDeviceIoControlFile(
1240 IN HANDLE DeviceHandle,
1241 IN HANDLE Event OPTIONAL,
1242 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL,
1243 IN PVOID UserApcContext OPTIONAL,
1244 OUT PIO_STATUS_BLOCK IoStatusBlock,
1245 IN ULONG IoControlCode,
1246 IN PVOID InputBuffer,
1247 IN ULONG InputBufferSize,
1248 OUT PVOID OutputBuffer,
1249 IN ULONG OutputBufferSize
1252 * FUNCTION: Displays a string on the blue screen
1254 * DisplayString = The string to display
1261 IN PUNICODE_STRING DisplayString
1267 IN PUNICODE_STRING DisplayString
1271 * FUNCTION: Copies a handle from one process space to another
1273 * SourceProcessHandle = The source process owning the handle. The source process should have opened
1274 * the SourceHandle with PROCESS_DUP_HANDLE access.
1275 * SourceHandle = The handle to the object.
1276 * TargetProcessHandle = The destination process owning the handle
1277 * TargetHandle (OUT) = Caller should supply storage for the duplicated handle.
1278 * DesiredAccess = The desired access to the handle.
1279 * InheritHandle = Indicates wheter the new handle will be inheritable or not.
1280 * Options = Specifies special actions upon duplicating the handle. Can be
1281 * one of the values DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS.
1282 * DUPLICATE_CLOSE_SOURCE specifies that the source handle should be
1283 * closed after duplicating. DUPLICATE_SAME_ACCESS specifies to ignore
1284 * the DesiredAccess paramter and just grant the same access to the new
1287 * REMARKS: This function maps to the win32 DuplicateHandle.
1293 IN HANDLE SourceProcessHandle,
1294 IN HANDLE SourceHandle,
1295 IN HANDLE TargetProcessHandle,
1296 OUT PHANDLE TargetHandle,
1297 IN ACCESS_MASK DesiredAccess,
1298 IN BOOLEAN InheritHandle,
1305 IN HANDLE SourceProcessHandle,
1306 IN PHANDLE SourceHandle,
1307 IN HANDLE TargetProcessHandle,
1308 OUT PHANDLE TargetHandle,
1309 IN ACCESS_MASK DesiredAccess,
1310 IN BOOLEAN InheritHandle,
1317 IN HANDLE ExistingToken,
1318 IN ACCESS_MASK DesiredAccess,
1319 IN POBJECT_ATTRIBUTES ObjectAttributes,
1320 IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
1321 IN TOKEN_TYPE TokenType,
1322 OUT PHANDLE NewToken
1328 IN HANDLE ExistingToken,
1329 IN ACCESS_MASK DesiredAccess,
1330 IN POBJECT_ATTRIBUTES ObjectAttributes,
1331 IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
1332 IN TOKEN_TYPE TokenType,
1333 OUT PHANDLE NewToken
1336 * FUNCTION: Returns information about the subkeys of an open key
1338 * KeyHandle = Handle of the key whose subkeys are to enumerated
1339 * Index = zero based index of the subkey for which information is
1341 * KeyInformationClass = Type of information returned
1342 * KeyInformation (OUT) = Caller allocated buffer for the information
1344 * Length = Length in bytes of the KeyInformation buffer
1345 * ResultLength (OUT) = Caller allocated storage which holds
1346 * the number of bytes of information retrieved
1353 IN HANDLE KeyHandle,
1355 IN KEY_INFORMATION_CLASS KeyInformationClass,
1356 OUT PVOID KeyInformation,
1358 OUT PULONG ResultLength
1364 IN HANDLE KeyHandle,
1366 IN KEY_INFORMATION_CLASS KeyInformationClass,
1367 OUT PVOID KeyInformation,
1369 OUT PULONG ResultLength
1372 * FUNCTION: Returns information about the value entries of an open key
1374 * KeyHandle = Handle of the key whose value entries are to enumerated
1375 * Index = zero based index of the subkey for which information is
1377 * KeyInformationClass = Type of information returned
1378 * KeyInformation (OUT) = Caller allocated buffer for the information
1380 * Length = Length in bytes of the KeyInformation buffer
1381 * ResultLength (OUT) = Caller allocated storage which holds
1382 * the number of bytes of information retrieved
1388 NtEnumerateValueKey(
1389 IN HANDLE KeyHandle,
1391 IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass,
1392 OUT PVOID KeyValueInformation,
1394 OUT PULONG ResultLength
1399 ZwEnumerateValueKey(
1400 IN HANDLE KeyHandle,
1402 IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass,
1403 OUT PVOID KeyValueInformation,
1405 OUT PULONG ResultLength
1408 * FUNCTION: Extends a section
1410 * SectionHandle = Handle to the section
1411 * NewMaximumSize = Adjusted size
1417 IN HANDLE SectionHandle,
1418 IN ULONG NewMaximumSize
1423 IN HANDLE SectionHandle,
1424 IN ULONG NewMaximumSize
1428 * FUNCTION: Finds a atom
1430 * AtomName = Name to search for.
1431 * Atom = Caller supplies storage for the resulting atom
1434 * This funciton maps to the win32 GlobalFindAtom
1440 OUT PRTL_ATOM Atom OPTIONAL
1447 OUT PRTL_ATOM Atom OPTIONAL
1451 * FUNCTION: Flushes chached file data to disk
1453 * FileHandle = Points to the file
1454 * IoStatusBlock = Caller must supply storage to receive the result of the flush
1455 * buffers operation. The information field is set to number of bytes
1459 * This funciton maps to the win32 FlushFileBuffers
1464 IN HANDLE FileHandle,
1465 OUT PIO_STATUS_BLOCK IoStatusBlock
1471 IN HANDLE FileHandle,
1472 OUT PIO_STATUS_BLOCK IoStatusBlock
1475 * FUNCTION: Flushes a the processors instruction cache
1477 * ProcessHandle = Points to the process owning the cache
1478 * BaseAddress = // might this be a image address ????
1479 * NumberOfBytesToFlush =
1482 * This funciton is used by debuggers
1486 NtFlushInstructionCache(
1487 IN HANDLE ProcessHandle,
1488 IN PVOID BaseAddress,
1489 IN UINT NumberOfBytesToFlush
1493 ZwFlushInstructionCache(
1494 IN HANDLE ProcessHandle,
1495 IN PVOID BaseAddress,
1496 IN UINT NumberOfBytesToFlush
1499 * FUNCTION: Flushes a registry key to disk
1501 * KeyHandle = Points to the registry key handle
1504 * This funciton maps to the win32 RegFlushKey.
1519 * FUNCTION: Flushes virtual memory to file
1521 * ProcessHandle = Points to the process that allocated the virtual memory
1522 * BaseAddress = Points to the memory address
1523 * NumberOfBytesToFlush = Limits the range to flush,
1524 * NumberOfBytesFlushed = Actual number of bytes flushed
1527 * Check return status on STATUS_NOT_MAPPED_DATA
1531 NtFlushVirtualMemory(
1532 IN HANDLE ProcessHandle,
1533 IN PVOID BaseAddress,
1534 IN ULONG NumberOfBytesToFlush,
1535 OUT PULONG NumberOfBytesFlushed OPTIONAL
1539 ZwFlushVirtualMemory(
1540 IN HANDLE ProcessHandle,
1541 IN PVOID BaseAddress,
1542 IN ULONG NumberOfBytesToFlush,
1543 OUT PULONG NumberOfBytesFlushed OPTIONAL
1547 * FUNCTION: Flushes the dirty pages to file
1549 * FIXME: Not sure this does (how is the file specified)
1551 NTSTATUS STDCALL NtFlushWriteBuffer(VOID);
1552 NTSTATUS STDCALL ZwFlushWriteBuffer(VOID);
1555 * FUNCTION: Frees a range of virtual memory
1557 * ProcessHandle = Points to the process that allocated the virtual
1559 * BaseAddress = Points to the memory address, rounded down to a
1560 * multiple of the pagesize
1561 * RegionSize = Limits the range to free, rounded up to a multiple of
1563 * FreeType = Can be one of the values: MEM_DECOMMIT, or MEM_RELEASE
1566 NTSTATUS STDCALL NtFreeVirtualMemory(IN HANDLE ProcessHandle,
1567 IN PVOID *BaseAddress,
1568 IN PULONG RegionSize,
1570 NTSTATUS STDCALL ZwFreeVirtualMemory(IN HANDLE ProcessHandle,
1571 IN PVOID *BaseAddress,
1572 IN PULONG RegionSize,
1576 * FUNCTION: Sends FSCTL to the filesystem
1578 * DeviceHandle = Points to the handle that is created by NtCreateFile
1579 * Event = Event to synchronize on STATUS_PENDING
1582 * IoStatusBlock = Caller should supply storage for
1583 * IoControlCode = Contains the File System Control command. This is an
1584 * index to the structures in InputBuffer and OutputBuffer.
1585 * FSCTL_GET_RETRIEVAL_POINTERS MAPPING_PAIR
1586 * FSCTL_GET_RETRIEVAL_POINTERS GET_RETRIEVAL_DESCRIPTOR
1587 * FSCTL_GET_VOLUME_BITMAP BITMAP_DESCRIPTOR
1588 * FSCTL_MOVE_FILE MOVEFILE_DESCRIPTOR
1590 * InputBuffer = Caller should supply storage for input buffer if FCTL expects one.
1591 * InputBufferSize = Size of the input bufffer
1592 * OutputBuffer = Caller should supply storage for output buffer if FCTL expects one.
1593 * OutputBufferSize = Size of the input bufffer
1594 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES |
1595 * STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST ]
1600 IN HANDLE DeviceHandle,
1601 IN HANDLE Event OPTIONAL,
1602 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
1603 IN PVOID ApcContext OPTIONAL,
1604 OUT PIO_STATUS_BLOCK IoStatusBlock,
1605 IN ULONG IoControlCode,
1606 IN PVOID InputBuffer,
1607 IN ULONG InputBufferSize,
1608 OUT PVOID OutputBuffer,
1609 IN ULONG OutputBufferSize
1615 IN HANDLE DeviceHandle,
1616 IN HANDLE Event OPTIONAL,
1617 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
1618 IN PVOID ApcContext OPTIONAL,
1619 OUT PIO_STATUS_BLOCK IoStatusBlock,
1620 IN ULONG IoControlCode,
1621 IN PVOID InputBuffer,
1622 IN ULONG InputBufferSize,
1623 OUT PVOID OutputBuffer,
1624 IN ULONG OutputBufferSize
1628 * FUNCTION: Retrieves the processor context of a thread
1630 * ThreadHandle = Handle to a thread
1631 * Context (OUT) = Caller allocated storage for the processor context
1638 IN HANDLE ThreadHandle,
1639 OUT PCONTEXT Context
1645 IN HANDLE ThreadHandle,
1646 OUT PCONTEXT Context
1649 * FUNCTION: Retrieves the uptime of the system
1651 * UpTime = Number of clock ticks since boot.
1667 * FUNCTION: Sets a thread to impersonate another
1669 * ThreadHandle = Server thread that will impersonate a client.
1670 ThreadToImpersonate = Client thread that will be impersonated
1671 SecurityQualityOfService = Specifies the impersonation level.
1677 NtImpersonateThread(
1678 IN HANDLE ThreadHandle,
1679 IN HANDLE ThreadToImpersonate,
1680 IN PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService
1685 ZwImpersonateThread(
1686 IN HANDLE ThreadHandle,
1687 IN HANDLE ThreadToImpersonate,
1688 IN PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService
1692 * FUNCTION: Initializes the registry.
1694 * SetUpBoot = This parameter is true for a setup boot.
1699 NtInitializeRegistry(
1704 ZwInitializeRegistry(
1709 * FUNCTION: Loads a driver.
1711 * DriverServiceName = Name of the driver to load
1717 IN PUNICODE_STRING DriverServiceName
1723 IN PUNICODE_STRING DriverServiceName
1727 * FUNCTION: Loads a registry key.
1729 * KeyHandle = Handle to the registry key
1730 * ObjectAttributes = ???
1732 * This procedure maps to the win32 procedure RegLoadKey
1739 POBJECT_ATTRIBUTES ObjectAttributes
1745 POBJECT_ATTRIBUTES ObjectAttributes
1749 * FUNCTION: Loads a registry key.
1751 * KeyHandle = Handle to the registry key
1752 * ObjectAttributes = ???
1755 * This procedure maps to the win32 procedure RegLoadKey
1762 POBJECT_ATTRIBUTES ObjectAttributes,
1769 POBJECT_ATTRIBUTES ObjectAttributes,
1774 * FUNCTION: Locks a range of bytes in a file.
1776 * FileHandle = Handle to the file
1777 * Event = Should be null if apc is specified.
1778 * ApcRoutine = Asynchroneous Procedure Callback
1779 * ApcContext = Argument to the callback
1780 * IoStatusBlock (OUT) = Caller should supply storage for a structure containing
1781 * the completion status and information about the requested lock operation.
1782 * ByteOffset = Offset
1783 * Length = Number of bytes to lock.
1784 * Key = Special value to give other threads the possibility to unlock the file
1785 by supplying the key in a call to NtUnlockFile.
1786 * FailImmediatedly = If false the request will block untill the lock is obtained.
1787 * ExclusiveLock = Specifies whether a exclusive or a shared lock is obtained.
1789 This procedure maps to the win32 procedure LockFileEx. STATUS_PENDING is returned if the lock could
1790 not be obtained immediately, the device queue is busy and the IRP is queued.
1791 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES |
1792 STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_LOCK_NOT_GRANTED ]
1798 IN HANDLE FileHandle,
1799 IN HANDLE Event OPTIONAL,
1800 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
1801 IN PVOID ApcContext OPTIONAL,
1802 OUT PIO_STATUS_BLOCK IoStatusBlock,
1803 IN PLARGE_INTEGER ByteOffset,
1804 IN PLARGE_INTEGER Length,
1806 IN BOOLEAN FailImmediatedly,
1807 IN BOOLEAN ExclusiveLock
1813 IN HANDLE FileHandle,
1814 IN HANDLE Event OPTIONAL,
1815 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
1816 IN PVOID ApcContext OPTIONAL,
1817 OUT PIO_STATUS_BLOCK IoStatusBlock,
1818 IN PLARGE_INTEGER ByteOffset,
1819 IN PLARGE_INTEGER Length,
1821 IN BOOLEAN FailImmediatedly,
1822 IN BOOLEAN ExclusiveLock
1825 * FUNCTION: Locks a range of virtual memory.
1827 * ProcessHandle = Handle to the process
1828 * BaseAddress = Lower boundary of the range of bytes to lock.
1829 * NumberOfBytesLock = Offset to the upper boundary.
1830 * NumberOfBytesLocked (OUT) = Number of bytes actually locked.
1832 This procedure maps to the win32 procedure VirtualLock
1833 * RETURNS: Status [STATUS_SUCCESS | STATUS_WAS_LOCKED ]
1837 NtLockVirtualMemory(
1838 HANDLE ProcessHandle,
1840 ULONG NumberOfBytesToLock,
1841 PULONG NumberOfBytesLocked
1845 ZwLockVirtualMemory(
1846 HANDLE ProcessHandle,
1848 ULONG NumberOfBytesToLock,
1849 PULONG NumberOfBytesLocked
1852 * FUNCTION: Makes temporary object that will be removed at next boot.
1854 * Handle = Handle to object
1860 NtMakeTemporaryObject(
1866 ZwMakeTemporaryObject(
1870 * FUNCTION: Maps a view of a section into the virtual address space of a
1873 * SectionHandle = Handle of the section
1874 * ProcessHandle = Handle of the process
1875 * BaseAddress = Desired base address (or NULL) on entry
1876 * Actual base address of the view on exit
1877 * ZeroBits = Number of high order address bits that must be zero
1878 * CommitSize = Size in bytes of the initially committed section of
1880 * SectionOffset = Offset in bytes from the beginning of the section
1881 * to the beginning of the view
1882 * ViewSize = Desired length of map (or zero to map all) on entry
1883 * Actual length mapped on exit
1884 * InheritDisposition = Specified how the view is to be shared with
1886 * AllocateType = Type of allocation for the pages
1887 * Protect = Protection for the committed region of the view
1893 IN HANDLE SectionHandle,
1894 IN HANDLE ProcessHandle,
1895 IN OUT PVOID *BaseAddress,
1897 IN ULONG CommitSize,
1898 IN OUT PLARGE_INTEGER SectionOffset OPTIONAL,
1899 IN OUT PULONG ViewSize,
1900 IN SECTION_INHERIT InheritDisposition,
1901 IN ULONG AllocationType,
1902 IN ULONG AccessProtection
1908 IN HANDLE SectionHandle,
1909 IN HANDLE ProcessHandle,
1910 IN OUT PVOID *BaseAddress,
1912 IN ULONG CommitSize,
1913 IN OUT PLARGE_INTEGER SectionOffset OPTIONAL,
1914 IN OUT PULONG ViewSize,
1915 IN SECTION_INHERIT InheritDisposition,
1916 IN ULONG AllocationType,
1917 IN ULONG AccessProtection
1921 * FUNCTION: Installs a notify for the change of a directory's contents
1923 * FileHandle = Handle to the directory
1925 * ApcRoutine = Start address
1926 * ApcContext = Delimits the range of virtual memory
1927 * for which the new access protection holds
1928 * IoStatusBlock = The new access proctection for the pages
1929 * Buffer = Caller supplies storage for resulting information --> FILE_NOTIFY_INFORMATION
1930 * BufferSize = Size of the buffer
1931 CompletionFilter = Can be one of the following values:
1932 FILE_NOTIFY_CHANGE_FILE_NAME
1933 FILE_NOTIFY_CHANGE_DIR_NAME
1934 FILE_NOTIFY_CHANGE_NAME ( FILE_NOTIFY_CHANGE_FILE_NAME | FILE_NOTIFY_CHANGE_DIR_NAME )
1935 FILE_NOTIFY_CHANGE_ATTRIBUTES
1936 FILE_NOTIFY_CHANGE_SIZE
1937 FILE_NOTIFY_CHANGE_LAST_WRITE
1938 FILE_NOTIFY_CHANGE_LAST_ACCESS
1939 FILE_NOTIFY_CHANGE_CREATION ( change of creation timestamp )
1940 FILE_NOTIFY_CHANGE_EA
1941 FILE_NOTIFY_CHANGE_SECURITY
1942 FILE_NOTIFY_CHANGE_STREAM_NAME
1943 FILE_NOTIFY_CHANGE_STREAM_SIZE
1944 FILE_NOTIFY_CHANGE_STREAM_WRITE
1945 WatchTree = If true the notify will be installed recursively on the targetdirectory and all subdirectories.
1948 * The function maps to the win32 FindFirstChangeNotification, FindNextChangeNotification
1953 NtNotifyChangeDirectoryFile(
1954 IN HANDLE FileHandle,
1955 IN HANDLE Event OPTIONAL,
1956 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
1957 IN PVOID ApcContext OPTIONAL,
1958 OUT PIO_STATUS_BLOCK IoStatusBlock,
1960 IN ULONG BufferSize,
1961 IN ULONG CompletionFilter,
1962 IN BOOLEAN WatchTree
1967 ZwNotifyChangeDirectoryFile(
1968 IN HANDLE FileHandle,
1969 IN HANDLE Event OPTIONAL,
1970 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
1971 IN PVOID ApcContext OPTIONAL,
1972 OUT PIO_STATUS_BLOCK IoStatusBlock,
1974 IN ULONG BufferSize,
1975 IN ULONG CompletionFilter,
1976 IN BOOLEAN WatchTree
1980 * FUNCTION: Installs a notfication callback on registry changes
1982 KeyHandle = Handle to the registry key
1983 Event = Event that should be signalled on modification of the key
1984 ApcRoutine = Routine that should be called on modification of the key
1985 ApcContext = Argument to the ApcRoutine
1987 CompletionFilter = Specifies the kind of notification the caller likes to receive.
1988 Can be a combination of the following values:
1990 REG_NOTIFY_CHANGE_NAME
1991 REG_NOTIFY_CHANGE_ATTRIBUTES
1992 REG_NOTIFY_CHANGE_LAST_SET
1993 REG_NOTIFY_CHANGE_SECURITY
1996 Asynchroneous = If TRUE the changes are reported by signalling an event if false
1997 the function will not return before a change occurs.
1998 ChangeBuffer = Will return the old value
1999 Length = Size of the change buffer
2000 WatchSubtree = Indicates if the caller likes to receive a notification of changes in
2002 * REMARKS: If the key is closed the event is signalled aswell.
2009 IN HANDLE KeyHandle,
2011 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
2012 IN PVOID ApcContext OPTIONAL,
2013 OUT PIO_STATUS_BLOCK IoStatusBlock,
2014 IN ULONG CompletionFilter,
2015 IN BOOLEAN Asynchroneous,
2016 OUT PVOID ChangeBuffer,
2018 IN BOOLEAN WatchSubtree
2024 IN HANDLE KeyHandle,
2026 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
2027 IN PVOID ApcContext OPTIONAL,
2028 OUT PIO_STATUS_BLOCK IoStatusBlock,
2029 IN ULONG CompletionFilter,
2030 IN BOOLEAN Asynchroneous,
2031 OUT PVOID ChangeBuffer,
2033 IN BOOLEAN WatchSubtree
2037 * FUNCTION: Opens an existing directory object
2039 * FileHandle (OUT) = Caller supplied storage for the resulting handle
2040 * DesiredAccess = Requested access to the directory
2041 * ObjectAttributes = Initialized attributes for the object
2047 NtOpenDirectoryObject(
2048 OUT PHANDLE FileHandle,
2049 IN ACCESS_MASK DesiredAccess,
2050 IN POBJECT_ATTRIBUTES ObjectAttributes
2054 ZwOpenDirectoryObject(
2055 OUT PHANDLE FileHandle,
2056 IN ACCESS_MASK DesiredAccess,
2057 IN POBJECT_ATTRIBUTES ObjectAttributes
2061 * FUNCTION: Opens an existing event
2063 * EventHandle (OUT) = Caller supplied storage for the resulting handle
2064 * DesiredAccess = Requested access to the event
2065 * ObjectAttributes = Initialized attributes for the object
2071 OUT PHANDLE EventHandle,
2072 IN ACCESS_MASK DesiredAccess,
2073 IN POBJECT_ATTRIBUTES ObjectAttributes
2079 OUT PHANDLE EventHandle,
2080 IN ACCESS_MASK DesiredAccess,
2081 IN POBJECT_ATTRIBUTES ObjectAttributes
2085 * FUNCTION: Opens an existing event pair
2087 * EventHandle (OUT) = Caller supplied storage for the resulting handle
2088 * DesiredAccess = Requested access to the event
2089 * ObjectAttributes = Initialized attributes for the object
2096 OUT PHANDLE EventPairHandle,
2097 IN ACCESS_MASK DesiredAccess,
2098 IN POBJECT_ATTRIBUTES ObjectAttributes
2104 OUT PHANDLE EventPairHandle,
2105 IN ACCESS_MASK DesiredAccess,
2106 IN POBJECT_ATTRIBUTES ObjectAttributes
2109 * FUNCTION: Opens an existing file
2111 * FileHandle (OUT) = Caller supplied storage for the resulting handle
2112 * DesiredAccess = Requested access to the file
2113 * ObjectAttributes = Initialized attributes for the object
2122 OUT PHANDLE FileHandle,
2123 IN ACCESS_MASK DesiredAccess,
2124 IN POBJECT_ATTRIBUTES ObjectAttributes,
2125 OUT PIO_STATUS_BLOCK IoStatusBlock,
2126 IN ULONG ShareAccess,
2127 IN ULONG OpenOptions
2133 OUT PHANDLE FileHandle,
2134 IN ACCESS_MASK DesiredAccess,
2135 IN POBJECT_ATTRIBUTES ObjectAttributes,
2136 OUT PIO_STATUS_BLOCK IoStatusBlock,
2137 IN ULONG ShareAccess,
2138 IN ULONG OpenOptions
2142 * FUNCTION: Opens an existing io completion object
2144 * CompletionPort (OUT) = Caller supplied storage for the resulting handle
2145 * DesiredAccess = Requested access to the io completion object
2146 * ObjectAttributes = Initialized attributes for the object
2153 OUT PHANDLE CompetionPort,
2154 IN ACCESS_MASK DesiredAccess,
2155 IN POBJECT_ATTRIBUTES ObjectAttributes
2161 OUT PHANDLE CompetionPort,
2162 IN ACCESS_MASK DesiredAccess,
2163 IN POBJECT_ATTRIBUTES ObjectAttributes
2167 * FUNCTION: Opens an existing key in the registry
2169 * KeyHandle (OUT) = Caller supplied storage for the resulting handle
2170 * DesiredAccess = Requested access to the key
2171 * ObjectAttributes = Initialized attributes for the object
2177 OUT PHANDLE KeyHandle,
2178 IN ACCESS_MASK DesiredAccess,
2179 IN POBJECT_ATTRIBUTES ObjectAttributes
2185 OUT PHANDLE KeyHandle,
2186 IN ACCESS_MASK DesiredAccess,
2187 IN POBJECT_ATTRIBUTES ObjectAttributes
2190 * FUNCTION: Opens an existing key in the registry
2192 * MutantHandle (OUT) = Caller supplied storage for the resulting handle
2193 * DesiredAccess = Requested access to the mutant
2194 * ObjectAttribute = Initialized attributes for the object
2200 OUT PHANDLE MutantHandle,
2201 IN ACCESS_MASK DesiredAccess,
2202 IN POBJECT_ATTRIBUTES ObjectAttributes
2207 OUT PHANDLE MutantHandle,
2208 IN ACCESS_MASK DesiredAccess,
2209 IN POBJECT_ATTRIBUTES ObjectAttributes
2214 NtOpenObjectAuditAlarm(
2215 IN PUNICODE_STRING SubsystemName,
2217 IN POBJECT_ATTRIBUTES ObjectAttributes,
2218 IN HANDLE ClientToken,
2219 IN ULONG DesiredAccess,
2220 IN ULONG GrantedAccess,
2221 IN PPRIVILEGE_SET Privileges,
2222 IN BOOLEAN ObjectCreation,
2223 IN BOOLEAN AccessGranted,
2224 OUT PBOOLEAN GenerateOnClose
2229 ZwOpenObjectAuditAlarm(
2230 IN PUNICODE_STRING SubsystemName,
2232 IN POBJECT_ATTRIBUTES ObjectAttributes,
2233 IN HANDLE ClientToken,
2234 IN ULONG DesiredAccess,
2235 IN ULONG GrantedAccess,
2236 IN PPRIVILEGE_SET Privileges,
2237 IN BOOLEAN ObjectCreation,
2238 IN BOOLEAN AccessGranted,
2239 OUT PBOOLEAN GenerateOnClose
2242 * FUNCTION: Opens an existing process
2244 * ProcessHandle (OUT) = Caller supplied storage for the resulting handle
2245 * DesiredAccess = Requested access to the process
2246 * ObjectAttribute = Initialized attributes for the object
2247 * ClientId = Identifies the process id to open
2253 OUT PHANDLE ProcessHandle,
2254 IN ACCESS_MASK DesiredAccess,
2255 IN POBJECT_ATTRIBUTES ObjectAttributes,
2256 IN PCLIENT_ID ClientId
2261 OUT PHANDLE ProcessHandle,
2262 IN ACCESS_MASK DesiredAccess,
2263 IN POBJECT_ATTRIBUTES ObjectAttributes,
2264 IN PCLIENT_ID ClientId
2267 * FUNCTION: Opens an existing process
2269 * ProcessHandle = Handle of the process of which owns the token
2270 * DesiredAccess = Requested access to the token
2271 * TokenHandle (OUT) = Caller supplies storage for the resulting token.
2273 This function maps to the win32
2280 IN HANDLE ProcessHandle,
2281 IN ACCESS_MASK DesiredAccess,
2282 OUT PHANDLE TokenHandle
2288 IN HANDLE ProcessHandle,
2289 IN ACCESS_MASK DesiredAccess,
2290 OUT PHANDLE TokenHandle
2294 * FUNCTION: Opens an existing section object
2296 * KeyHandle (OUT) = Caller supplied storage for the resulting handle
2297 * DesiredAccess = Requested access to the key
2298 * ObjectAttribute = Initialized attributes for the object
2305 OUT PHANDLE SectionHandle,
2306 IN ACCESS_MASK DesiredAccess,
2307 IN POBJECT_ATTRIBUTES ObjectAttributes
2312 OUT PHANDLE SectionHandle,
2313 IN ACCESS_MASK DesiredAccess,
2314 IN POBJECT_ATTRIBUTES ObjectAttributes
2317 * FUNCTION: Opens an existing semaphore
2319 * SemaphoreHandle (OUT) = Caller supplied storage for the resulting handle
2320 * DesiredAccess = Requested access to the semaphore
2321 * ObjectAttribute = Initialized attributes for the object
2327 IN HANDLE SemaphoreHandle,
2328 IN ACCESS_MASK DesiredAcces,
2329 IN POBJECT_ATTRIBUTES ObjectAttributes
2334 IN HANDLE SemaphoreHandle,
2335 IN ACCESS_MASK DesiredAcces,
2336 IN POBJECT_ATTRIBUTES ObjectAttributes
2339 * FUNCTION: Opens an existing symbolic link
2341 * SymbolicLinkHandle (OUT) = Caller supplied storage for the resulting handle
2342 * DesiredAccess = Requested access to the symbolic link
2343 * ObjectAttribute = Initialized attributes for the object
2348 NtOpenSymbolicLinkObject(
2349 OUT PHANDLE SymbolicLinkHandle,
2350 IN ACCESS_MASK DesiredAccess,
2351 IN POBJECT_ATTRIBUTES ObjectAttributes
2355 ZwOpenSymbolicLinkObject(
2356 OUT PHANDLE SymbolicLinkHandle,
2357 IN ACCESS_MASK DesiredAccess,
2358 IN POBJECT_ATTRIBUTES ObjectAttributes
2361 * FUNCTION: Opens an existing thread
2363 * ThreadHandle (OUT) = Caller supplied storage for the resulting handle
2364 * DesiredAccess = Requested access to the thread
2365 * ObjectAttribute = Initialized attributes for the object
2366 * ClientId = Identifies the thread to open.
2372 OUT PHANDLE ThreadHandle,
2373 IN ACCESS_MASK DesiredAccess,
2374 IN POBJECT_ATTRIBUTES ObjectAttributes,
2375 IN PCLIENT_ID ClientId
2380 OUT PHANDLE ThreadHandle,
2381 IN ACCESS_MASK DesiredAccess,
2382 IN POBJECT_ATTRIBUTES ObjectAttributes,
2383 IN PCLIENT_ID ClientId
2389 IN HANDLE ThreadHandle,
2390 IN ACCESS_MASK DesiredAccess,
2391 IN BOOLEAN OpenAsSelf,
2392 OUT PHANDLE TokenHandle
2398 IN HANDLE ThreadHandle,
2399 IN ACCESS_MASK DesiredAccess,
2400 IN BOOLEAN OpenAsSelf,
2401 OUT PHANDLE TokenHandle
2404 * FUNCTION: Opens an existing timer
2406 * TimerHandle (OUT) = Caller supplied storage for the resulting handle
2407 * DesiredAccess = Requested access to the timer
2408 * ObjectAttribute = Initialized attributes for the object
2414 OUT PHANDLE TimerHandle,
2415 IN ACCESS_MASK DesiredAccess,
2416 IN POBJECT_ATTRIBUTES ObjectAttributes
2421 OUT PHANDLE TimerHandle,
2422 IN ACCESS_MASK DesiredAccess,
2423 IN POBJECT_ATTRIBUTES ObjectAttributes
2427 * FUNCTION: Checks an access token for specific privileges
2429 * ClientToken = Handle to a access token structure
2430 * RequiredPrivileges = Specifies the requested privileges.
2431 * Result = Caller supplies storage for the result. If PRIVILEGE_SET_ALL_NECESSARY is
2432 set in the Control member of PRIVILEGES_SET Result
2433 will only be TRUE if all privileges are present in the access token.
2440 IN HANDLE ClientToken,
2441 IN PPRIVILEGE_SET RequiredPrivileges,
2448 IN HANDLE ClientToken,
2449 IN PPRIVILEGE_SET RequiredPrivileges,
2455 NtPrivilegedServiceAuditAlarm(
2456 IN PUNICODE_STRING SubsystemName,
2457 IN PUNICODE_STRING ServiceName,
2458 IN HANDLE ClientToken,
2459 IN PPRIVILEGE_SET Privileges,
2460 IN BOOLEAN AccessGranted
2465 ZwPrivilegedServiceAuditAlarm(
2466 IN PUNICODE_STRING SubsystemName,
2467 IN PUNICODE_STRING ServiceName,
2468 IN HANDLE ClientToken,
2469 IN PPRIVILEGE_SET Privileges,
2470 IN BOOLEAN AccessGranted
2475 NtPrivilegeObjectAuditAlarm(
2476 IN PUNICODE_STRING SubsystemName,
2478 IN HANDLE ClientToken,
2479 IN ULONG DesiredAccess,
2480 IN PPRIVILEGE_SET Privileges,
2481 IN BOOLEAN AccessGranted
2486 ZwPrivilegeObjectAuditAlarm(
2487 IN PUNICODE_STRING SubsystemName,
2489 IN HANDLE ClientToken,
2490 IN ULONG DesiredAccess,
2491 IN PPRIVILEGE_SET Privileges,
2492 IN BOOLEAN AccessGranted
2496 * FUNCTION: Entry point for native applications
2498 * Peb = Pointes to the Process Environment Block (PEB)
2500 * Native applications should use this function instead of a main.
2501 * Calling proces should terminate itself.
2510 * FUNCTION: Set the access protection of a range of virtual memory
2512 * ProcessHandle = Handle to process owning the virtual address space
2513 * BaseAddress = Start address
2514 * NumberOfBytesToProtect = Delimits the range of virtual memory
2515 * for which the new access protection holds
2516 * NewAccessProtection = The new access proctection for the pages
2517 * OldAccessProtection = Caller should supply storage for the old
2521 * The function maps to the win32 VirtualProtectEx
2526 NtProtectVirtualMemory(
2527 IN HANDLE ProcessHandle,
2528 IN PVOID BaseAddress,
2529 IN ULONG NumberOfBytesToProtect,
2530 IN ULONG NewAccessProtection,
2531 OUT PULONG OldAccessProtection
2536 ZwProtectVirtualMemory(
2537 IN HANDLE ProcessHandle,
2538 IN PVOID BaseAddress,
2539 IN ULONG NumberOfBytesToProtect,
2540 IN ULONG NewAccessProtection,
2541 OUT PULONG OldAccessProtection
2546 * FUNCTION: Signals an event and resets it afterwards.
2548 * EventHandle = Handle to the event
2549 * PulseCount = Number of times the action is repeated
2555 IN HANDLE EventHandle,
2556 IN PULONG PulseCount OPTIONAL
2562 IN HANDLE EventHandle,
2563 IN PULONG PulseCount OPTIONAL
2567 * FUNCTION: Queries the attributes of a file
2569 * ObjectAttributes = Initialized attributes for the object
2570 * Buffer = Caller supplies storage for the attributes
2575 NtQueryAttributesFile(IN POBJECT_ATTRIBUTES ObjectAttributes,
2576 OUT PFILE_BASIC_INFORMATION FileInformation);
2579 ZwQueryAttributesFile(IN POBJECT_ATTRIBUTES ObjectAttributes,
2580 OUT PFILE_BASIC_INFORMATION FileInformation);
2583 * FUNCTION: Queries the default locale id
2585 * UserProfile = Type of locale id
2586 * TRUE: thread locale id
2587 * FALSE: system locale id
2588 * DefaultLocaleId = Caller supplies storage for the locale id
2594 NtQueryDefaultLocale(
2595 IN BOOLEAN UserProfile,
2596 OUT PLCID DefaultLocaleId
2601 ZwQueryDefaultLocale(
2602 IN BOOLEAN UserProfile,
2603 OUT PLCID DefaultLocaleId
2607 * FUNCTION: Queries a directory file.
2609 * FileHandle = Handle to a directory file
2610 * EventHandle = Handle to the event signaled on completion
2611 * ApcRoutine = Asynchroneous procedure callback, called on completion
2612 * ApcContext = Argument to the apc.
2613 * IoStatusBlock = Caller supplies storage for extended status information.
2614 * FileInformation = Caller supplies storage for the resulting information.
2616 * FileNameInformation FILE_NAMES_INFORMATION
2617 * FileDirectoryInformation FILE_DIRECTORY_INFORMATION
2618 * FileFullDirectoryInformation FILE_FULL_DIRECTORY_INFORMATION
2619 * FileBothDirectoryInformation FILE_BOTH_DIR_INFORMATION
2621 * Length = Size of the storage supplied
2622 * FileInformationClass = Indicates the type of information requested.
2623 * ReturnSingleEntry = Specify true if caller only requests the first directory found.
2624 * FileName = Initial directory name to query, that may contain wild cards.
2625 * RestartScan = Number of times the action should be repeated
2626 * RETURNS: Status [ STATUS_SUCCESS, STATUS_ACCESS_DENIED, STATUS_INSUFFICIENT_RESOURCES,
2627 * STATUS_INVALID_PARAMETER, STATUS_INVALID_DEVICE_REQUEST, STATUS_BUFFER_OVERFLOW,
2628 * STATUS_INVALID_INFO_CLASS, STATUS_NO_SUCH_FILE, STATUS_NO_MORE_FILES ]
2633 NtQueryDirectoryFile(
2634 IN HANDLE FileHandle,
2635 IN HANDLE Event OPTIONAL,
2636 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
2637 IN PVOID ApcContext OPTIONAL,
2638 OUT PIO_STATUS_BLOCK IoStatusBlock,
2639 OUT PVOID FileInformation,
2641 IN FILE_INFORMATION_CLASS FileInformationClass,
2642 IN BOOLEAN ReturnSingleEntry,
2643 IN PUNICODE_STRING FileName OPTIONAL,
2644 IN BOOLEAN RestartScan
2649 ZwQueryDirectoryFile(
2650 IN HANDLE FileHandle,
2651 IN HANDLE Event OPTIONAL,
2652 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
2653 IN PVOID ApcContext OPTIONAL,
2654 OUT PIO_STATUS_BLOCK IoStatusBlock,
2655 OUT PVOID FileInformation,
2657 IN FILE_INFORMATION_CLASS FileInformationClass,
2658 IN BOOLEAN ReturnSingleEntry,
2659 IN PUNICODE_STRING FileName OPTIONAL,
2660 IN BOOLEAN RestartScan
2664 * FUNCTION: Query information about the content of a directory object
2666 DirObjInformation = Buffer must be large enough to hold the name strings too
2667 GetNextIndex = If TRUE :return the index of the next object in this directory in ObjectIndex
2668 If FALSE: return the number of objects in this directory in ObjectIndex
2669 IgnoreInputIndex= If TRUE: ignore input value of ObjectIndex always start at index 0
2670 If FALSE use input value of ObjectIndex
2671 ObjectIndex = zero based index of object in the directory depends on GetNextIndex and IgnoreInputIndex
2672 DataWritten = Actual size of the ObjectIndex ???
2677 NtQueryDirectoryObject(
2678 IN HANDLE DirObjHandle,
2679 OUT POBJDIR_INFORMATION DirObjInformation,
2680 IN ULONG BufferLength,
2681 IN BOOLEAN GetNextIndex,
2682 IN BOOLEAN IgnoreInputIndex,
2683 IN OUT PULONG ObjectIndex,
2684 OUT PULONG DataWritten OPTIONAL
2689 ZwQueryDirectoryObject(
2690 IN HANDLE DirObjHandle,
2691 OUT POBJDIR_INFORMATION DirObjInformation,
2692 IN ULONG BufferLength,
2693 IN BOOLEAN GetNextIndex,
2694 IN BOOLEAN IgnoreInputIndex,
2695 IN OUT PULONG ObjectIndex,
2696 OUT PULONG DataWritten OPTIONAL
2700 * FUNCTION: Queries the extended attributes of a file
2702 * FileHandle = Handle to the event
2703 * IoStatusBlock = Number of times the action is repeated
2717 IN HANDLE FileHandle,
2718 OUT PIO_STATUS_BLOCK IoStatusBlock,
2721 IN BOOLEAN ReturnSingleEntry,
2722 IN PVOID EaList OPTIONAL,
2723 IN ULONG EaListLength,
2724 IN PULONG EaIndex OPTIONAL,
2725 IN BOOLEAN RestartScan
2731 IN HANDLE FileHandle,
2732 OUT PIO_STATUS_BLOCK IoStatusBlock,
2735 IN BOOLEAN ReturnSingleEntry,
2736 IN PVOID EaList OPTIONAL,
2737 IN ULONG EaListLength,
2738 IN PULONG EaIndex OPTIONAL,
2739 IN BOOLEAN RestartScan
2743 * FUNCTION: Queries an event
2745 * EventHandle = Handle to the event
2746 * EventInformationClass = Index of the information structure
2748 EventBasicInformation EVENT_BASIC_INFORMATION
2750 * EventInformation = Caller supplies storage for the information structure
2751 * EventInformationLength = Size of the information structure
2752 * ReturnLength = Data written
2758 IN HANDLE EventHandle,
2759 IN EVENT_INFORMATION_CLASS EventInformationClass,
2760 OUT PVOID EventInformation,
2761 IN ULONG EventInformationLength,
2762 OUT PULONG ReturnLength
2767 IN HANDLE EventHandle,
2768 IN EVENT_INFORMATION_CLASS EventInformationClass,
2769 OUT PVOID EventInformation,
2770 IN ULONG EventInformationLength,
2771 OUT PULONG ReturnLength
2775 NtQueryFullAttributesFile(IN POBJECT_ATTRIBUTES ObjectAttributes,
2776 OUT PFILE_NETWORK_OPEN_INFORMATION FileInformation);
2779 ZwQueryFullAttributesFile(IN POBJECT_ATTRIBUTES ObjectAttributes,
2780 OUT PFILE_NETWORK_OPEN_INFORMATION FileInformation);
2784 NtQueryInformationAtom(
2786 IN ATOM_INFORMATION_CLASS AtomInformationClass,
2787 OUT PVOID AtomInformation,
2788 IN ULONG AtomInformationLength,
2789 OUT PULONG ReturnLength OPTIONAL
2794 NtQueryInformationAtom(
2796 IN ATOM_INFORMATION_CLASS AtomInformationClass,
2797 OUT PVOID AtomInformation,
2798 IN ULONG AtomInformationLength,
2799 OUT PULONG ReturnLength OPTIONAL
2804 * FUNCTION: Queries the information of a file object.
2806 * FileHandle = Handle to the file object
2807 * IoStatusBlock = Caller supplies storage for extended information
2808 * on the current operation.
2809 * FileInformation = Storage for the new file information
2810 * Lenght = Size of the storage for the file information.
2811 * FileInformationClass = Indicates which file information is queried
2813 FileDirectoryInformation FILE_DIRECTORY_INFORMATION
2814 FileFullDirectoryInformation FILE_FULL_DIRECTORY_INFORMATION
2815 FileBothDirectoryInformation FILE_BOTH_DIRECTORY_INFORMATION
2816 FileBasicInformation FILE_BASIC_INFORMATION
2817 FileStandardInformation FILE_STANDARD_INFORMATION
2818 FileInternalInformation FILE_INTERNAL_INFORMATION
2819 FileEaInformation FILE_EA_INFORMATION
2820 FileAccessInformation FILE_ACCESS_INFORMATION
2821 FileNameInformation FILE_NAME_INFORMATION
2822 FileRenameInformation FILE_RENAME_INFORMATION
2824 FileNamesInformation FILE_NAMES_INFORMATION
2825 FileDispositionInformation FILE_DISPOSITION_INFORMATION
2826 FilePositionInformation FILE_POSITION_INFORMATION
2827 FileFullEaInformation FILE_FULL_EA_INFORMATION
2828 FileModeInformation FILE_MODE_INFORMATION
2829 FileAlignmentInformation FILE_ALIGNMENT_INFORMATION
2830 FileAllInformation FILE_ALL_INFORMATION
2832 FileEndOfFileInformation FILE_END_OF_FILE_INFORMATION
2833 FileAlternateNameInformation
2834 FileStreamInformation FILE_STREAM_INFORMATION
2836 FilePipeLocalInformation
2837 FilePipeRemoteInformation
2838 FileMailslotQueryInformation
2839 FileMailslotSetInformation
2840 FileCompressionInformation FILE_COMPRESSION_INFORMATION
2841 FileCopyOnWriteInformation
2842 FileCompletionInformation IO_COMPLETION_CONTEXT
2843 FileMoveClusterInformation
2844 FileOleClassIdInformation
2845 FileOleStateBitsInformation
2846 FileNetworkOpenInformation FILE_NETWORK_OPEN_INFORMATION
2847 FileObjectIdInformation
2848 FileOleAllInformation
2849 FileOleDirectoryInformation
2850 FileContentIndexInformation
2851 FileInheritContentIndexInformation
2853 FileMaximumInformation
2856 * This procedure maps to the win32 GetShortPathName, GetLongPathName,
2857 GetFullPathName, GetFileType, GetFileSize, GetFileTime functions.
2862 NtQueryInformationFile(
2863 IN HANDLE FileHandle,
2864 OUT PIO_STATUS_BLOCK IoStatusBlock,
2865 OUT PVOID FileInformation,
2867 IN FILE_INFORMATION_CLASS FileInformationClass
2872 ZwQueryInformationFile(
2874 PIO_STATUS_BLOCK IoStatusBlock,
2875 PVOID FileInformation,
2877 FILE_INFORMATION_CLASS FileInformationClass
2881 * FUNCTION: Queries the information of a process object.
2883 * ProcessHandle = Handle to the process object
2884 * ProcessInformation = Index to a certain information structure
2886 ProcessBasicInformation PROCESS_BASIC_INFORMATION
2887 ProcessQuotaLimits QUOTA_LIMITS
2888 ProcessIoCounters IO_COUNTERS
2889 ProcessVmCounters VM_COUNTERS
2890 ProcessTimes KERNEL_USER_TIMES
2891 ProcessBasePriority KPRIORITY
2892 ProcessRaisePriority KPRIORITY
2893 ProcessDebugPort HANDLE
2894 ProcessExceptionPort HANDLE
2895 ProcessAccessToken PROCESS_ACCESS_TOKEN
2896 ProcessLdtInformation LDT_ENTRY ??
2897 ProcessLdtSize ULONG
2898 ProcessDefaultHardErrorMode ULONG
2899 ProcessIoPortHandlers // kernel mode only
2900 ProcessPooledUsageAndLimits POOLED_USAGE_AND_LIMITS
2901 ProcessWorkingSetWatch PROCESS_WS_WATCH_INFORMATION
2902 ProcessUserModeIOPL (I/O Privilege Level)
2903 ProcessEnableAlignmentFaultFixup BOOLEAN
2904 ProcessPriorityClass ULONG
2905 ProcessWx86Information ULONG
2906 ProcessHandleCount ULONG
2907 ProcessAffinityMask ULONG
2908 ProcessPooledQuotaLimits QUOTA_LIMITS
2911 * ProcessInformation = Caller supplies storage for the process information structure
2912 * ProcessInformationLength = Size of the process information structure
2913 * ReturnLength = Actual number of bytes written
2916 * This procedure maps to the win32 GetProcessTimes, GetProcessVersion,
2917 GetProcessWorkingSetSize, GetProcessPriorityBoost, GetProcessAffinityMask, GetPriorityClass,
2918 GetProcessShutdownParameters functions.
2924 NtQueryInformationProcess(
2925 IN HANDLE ProcessHandle,
2926 IN CINT ProcessInformationClass,
2927 OUT PVOID ProcessInformation,
2928 IN ULONG ProcessInformationLength,
2929 OUT PULONG ReturnLength
2934 ZwQueryInformationProcess(
2935 IN HANDLE ProcessHandle,
2936 IN CINT ProcessInformationClass,
2937 OUT PVOID ProcessInformation,
2938 IN ULONG ProcessInformationLength,
2939 OUT PULONG ReturnLength
2944 * FUNCTION: Queries the information of a thread object.
2946 * ThreadHandle = Handle to the thread object
2947 * ThreadInformationClass = Index to a certain information structure
2949 ThreadBasicInformation THREAD_BASIC_INFORMATION
2950 ThreadTimes KERNEL_USER_TIMES
2951 ThreadPriority KPRIORITY
2952 ThreadBasePriority KPRIORITY
2953 ThreadAffinityMask KAFFINITY
2954 ThreadImpersonationToken
2955 ThreadDescriptorTableEntry
2956 ThreadEnableAlignmentFaultFixup
2958 ThreadQuerySetWin32StartAddress
2960 ThreadPerformanceCount
2961 ThreadAmILastThread BOOLEAN
2962 ThreadIdealProcessor ULONG
2963 ThreadPriorityBoost ULONG
2967 * ThreadInformation = Caller supplies torage for the thread information
2968 * ThreadInformationLength = Size of the thread information structure
2969 * ReturnLength = Actual number of bytes written
2972 * This procedure maps to the win32 GetThreadTimes, GetThreadPriority,
2973 GetThreadPriorityBoost functions.
2980 NtQueryInformationThread(
2981 IN HANDLE ThreadHandle,
2982 IN THREADINFOCLASS ThreadInformationClass,
2983 OUT PVOID ThreadInformation,
2984 IN ULONG ThreadInformationLength,
2985 OUT PULONG ReturnLength
2991 NtQueryInformationToken(
2992 IN HANDLE TokenHandle,
2993 IN TOKEN_INFORMATION_CLASS TokenInformationClass,
2994 OUT PVOID TokenInformation,
2995 IN ULONG TokenInformationLength,
2996 OUT PULONG ReturnLength
3001 ZwQueryInformationToken(
3002 IN HANDLE TokenHandle,
3003 IN TOKEN_INFORMATION_CLASS TokenInformationClass,
3004 OUT PVOID TokenInformation,
3005 IN ULONG TokenInformationLength,
3006 OUT PULONG ReturnLength
3010 * FUNCTION: Query the interval and the clocksource for profiling
3018 NtQueryIntervalProfile(
3019 OUT PULONG Interval,
3020 OUT KPROFILE_SOURCE ClockSource
3025 ZwQueryIntervalProfile(
3026 OUT PULONG Interval,
3027 OUT KPROFILE_SOURCE ClockSource
3034 NtQueryIoCompletion(
3035 IN HANDLE CompletionPort,
3036 IN ULONG CompletionKey,
3037 OUT PIO_STATUS_BLOCK IoStatusBlock,
3038 OUT PULONG NumberOfBytesTransferred
3042 ZwQueryIoCompletion(
3043 IN HANDLE CompletionPort,
3044 IN ULONG CompletionKey,
3045 OUT PIO_STATUS_BLOCK IoStatusBlock,
3046 OUT PULONG NumberOfBytesTransferred
3051 * FUNCTION: Queries the information of a registry key object.
3053 KeyHandle = Handle to a registry key
3054 KeyInformationClass = Index to a certain information structure
3055 KeyInformation = Caller supplies storage for resulting information
3056 Length = Size of the supplied storage
3057 ResultLength = Bytes written
3062 IN HANDLE KeyHandle,
3063 IN KEY_INFORMATION_CLASS KeyInformationClass,
3064 OUT PVOID KeyInformation,
3066 OUT PULONG ResultLength
3072 IN HANDLE KeyHandle,
3073 IN KEY_INFORMATION_CLASS KeyInformationClass,
3074 OUT PVOID KeyInformation,
3076 OUT PULONG ResultLength
3084 NtQueryMultipleValueKey(
3085 IN HANDLE KeyHandle,
3086 IN OUT PKEY_VALUE_ENTRY ValueList,
3087 IN ULONG NumberOfValues,
3089 IN OUT PULONG Length,
3090 OUT PULONG ReturnLength
3095 ZwQueryMultipleValueKey(
3096 IN HANDLE KeyHandle,
3097 IN OUT PKEY_VALUE_ENTRY ValueList,
3098 IN ULONG NumberOfValues,
3100 IN OUT PULONG Length,
3101 OUT PULONG ReturnLength
3105 * FUNCTION: Queries the information of a mutant object.
3107 MutantHandle = Handle to a mutant
3108 MutantInformationClass = Index to a certain information structure
3109 MutantInformation = Caller supplies storage for resulting information
3110 Length = Size of the supplied storage
3111 ResultLength = Bytes written
3116 IN HANDLE MutantHandle,
3117 IN CINT MutantInformationClass,
3118 OUT PVOID MutantInformation,
3120 OUT PULONG ResultLength
3126 IN HANDLE MutantHandle,
3127 IN CINT MutantInformationClass,
3128 OUT PVOID MutantInformation,
3130 OUT PULONG ResultLength
3133 * FUNCTION: Queries the information of a object.
3135 ObjectHandle = Handle to a object
3136 ObjectInformationClass = Index to a certain information structure
3138 ObjectBasicInformation
3139 ObjectTypeInformation OBJECT_TYPE_INFORMATION
3140 ObjectNameInformation OBJECT_NAME_INFORMATION
3141 ObjectDataInformation OBJECT_DATA_INFORMATION
3143 ObjectInformation = Caller supplies storage for resulting information
3144 Length = Size of the supplied storage
3145 ResultLength = Bytes written
3151 IN HANDLE ObjectHandle,
3152 IN CINT ObjectInformationClass,
3153 OUT PVOID ObjectInformation,
3155 OUT PULONG ResultLength
3161 IN HANDLE ObjectHandle,
3162 IN CINT ObjectInformationClass,
3163 OUT PVOID ObjectInformation,
3165 OUT PULONG ResultLength
3169 * FUNCTION: Queries the system ( high-resolution ) performance counter.
3171 * Counter = Performance counter
3172 * Frequency = Performance frequency
3174 This procedure queries a tick count faster than 10ms ( The resolution for Intel®-based CPUs is about 0.8 microseconds.)
3175 This procedure maps to the win32 QueryPerformanceCounter, QueryPerformanceFrequency
3181 NtQueryPerformanceCounter(
3182 IN PLARGE_INTEGER Counter,
3183 IN PLARGE_INTEGER Frequency
3188 ZwQueryPerformanceCounter(
3189 IN PLARGE_INTEGER Counter,
3190 IN PLARGE_INTEGER Frequency
3193 * FUNCTION: Queries the information of a section object.
3195 * SectionHandle = Handle to the section link object
3196 * SectionInformationClass = Index to a certain information structure
3197 * SectionInformation (OUT)= Caller supplies storage for resulting information
3198 * Length = Size of the supplied storage
3199 * ResultLength = Data written
3206 IN HANDLE SectionHandle,
3207 IN CINT SectionInformationClass,
3208 OUT PVOID SectionInformation,
3210 OUT PULONG ResultLength
3216 IN HANDLE SectionHandle,
3217 IN CINT SectionInformationClass,
3218 OUT PVOID SectionInformation,
3220 OUT PULONG ResultLength
3225 NtQuerySecurityObject(
3227 IN CINT SecurityObjectInformationClass,
3228 OUT PVOID SecurityObjectInformation,
3230 OUT PULONG ReturnLength
3235 ZwQuerySecurityObject(
3237 IN CINT SecurityObjectInformationClass,
3238 OUT PVOID SecurityObjectInformation,
3240 OUT PULONG ReturnLength
3245 * FUNCTION: Queries the information of a semaphore.
3247 * SemaphoreHandle = Handle to the semaphore object
3248 * SemaphoreInformationClass = Index to a certain information structure
3250 SemaphoreBasicInformation SEMAPHORE_BASIC_INFORMATION
3252 * SemaphoreInformation = Caller supplies storage for the semaphore information structure
3253 * Length = Size of the infomation structure
3258 IN HANDLE SemaphoreHandle,
3259 IN SEMAPHORE_INFORMATION_CLASS SemaphoreInformationClass,
3260 OUT PVOID SemaphoreInformation,
3262 OUT PULONG ReturnLength
3268 IN HANDLE SemaphoreHandle,
3269 IN SEMAPHORE_INFORMATION_CLASS SemaphoreInformationClass,
3270 OUT PVOID SemaphoreInformation,
3272 OUT PULONG ReturnLength
3277 * FUNCTION: Queries the information of a symbolic link object.
3279 * SymbolicLinkHandle = Handle to the symbolic link object
3280 * LinkTarget = resolved name of link
3281 * DataWritten = size of the LinkName.
3287 NtQuerySymbolicLinkObject(
3288 IN HANDLE SymLinkObjHandle,
3289 OUT PUNICODE_STRING LinkTarget,
3290 OUT PULONG DataWritten OPTIONAL
3295 ZwQuerySymbolicLinkObject(
3296 IN HANDLE SymLinkObjHandle,
3297 OUT PUNICODE_STRING LinkName,
3298 OUT PULONG DataWritten OPTIONAL
3303 * FUNCTION: Queries a system environment variable.
3305 * Name = Name of the variable
3306 * Value (OUT) = value of the variable
3307 * Length = size of the buffer
3308 * ReturnLength = data written
3314 NtQuerySystemEnvironmentValue(
3315 IN PUNICODE_STRING Name,
3323 ZwQuerySystemEnvironmentValue(
3324 IN PUNICODE_STRING Name,
3332 * FUNCTION: Queries the system information.
3334 * SystemInformationClass = Index to a certain information structure
3336 SystemTimeAdjustmentInformation SYSTEM_TIME_ADJUSTMENT
3337 SystemCacheInformation SYSTEM_CACHE_INFORMATION
3338 SystemConfigurationInformation CONFIGURATION_INFORMATION
3340 * SystemInformation = caller supplies storage for the information structure
3341 * Length = size of the structure
3342 ResultLength = Data written
3348 NtQuerySystemInformation(
3349 IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
3350 OUT PVOID SystemInformation,
3352 OUT PULONG ResultLength
3357 ZwQuerySystemInformation(
3358 IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
3359 OUT PVOID SystemInformation,
3361 OUT PULONG ResultLength
3365 * FUNCTION: Retrieves the system time
3367 * CurrentTime (OUT) = Caller should supply storage for the resulting time.
3375 OUT TIME *CurrentTime
3381 OUT TIME *CurrentTime
3385 * FUNCTION: Queries information about a timer
3387 * TimerHandle = Handle to the timer
3388 TimerValueInformationClass = Index to a certain information structure
3389 TimerValueInformation = Caller supplies storage for the information structure
3390 Length = Size of the information structure
3391 ResultLength = Data written
3398 IN HANDLE TimerHandle,
3399 IN CINT TimerInformationClass,
3400 OUT PVOID TimerInformation,
3402 OUT PULONG ResultLength
3407 IN HANDLE TimerHandle,
3408 IN CINT TimerInformationClass,
3409 OUT PVOID TimerInformation,
3411 OUT PULONG ResultLength
3415 * FUNCTION: Queries the timer resolution
3417 * MinimumResolution (OUT) = Caller should supply storage for the resulting time.
3418 Maximum Resolution (OUT) = Caller should supply storage for the resulting time.
3419 ActualResolution (OUT) = Caller should supply storage for the resulting time.
3427 NtQueryTimerResolution (
3428 OUT PULONG MinimumResolution,
3429 OUT PULONG MaximumResolution,
3430 OUT PULONG ActualResolution
3435 ZwQueryTimerResolution (
3436 OUT PULONG MinimumResolution,
3437 OUT PULONG MaximumResolution,
3438 OUT PULONG ActualResolution
3442 * FUNCTION: Queries a registry key value
3444 * KeyHandle = Handle to the registry key
3445 ValueName = Name of the value in the registry key
3446 KeyValueInformationClass = Index to a certain information structure
3448 KeyValueBasicInformation = KEY_VALUE_BASIC_INFORMATION
3449 KeyValueFullInformation = KEY_FULL_INFORMATION
3450 KeyValuePartialInformation = KEY_VALUE_PARTIAL_INFORMATION
3452 KeyValueInformation = Caller supplies storage for the information structure
3453 Length = Size of the information structure
3454 ResultLength = Data written
3461 IN HANDLE KeyHandle,
3462 IN PUNICODE_STRING ValueName,
3463 IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass,
3464 OUT PVOID KeyValueInformation,
3466 OUT PULONG ResultLength
3472 IN HANDLE KeyHandle,
3473 IN PUNICODE_STRING ValueName,
3474 IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass,
3475 OUT PVOID KeyValueInformation,
3477 OUT PULONG ResultLength
3484 * FUNCTION: Queries the virtual memory information.
3486 ProcessHandle = Process owning the virtual address space
3487 BaseAddress = Points to the page where the information is queried for.
3488 * VirtualMemoryInformationClass = Index to a certain information structure
3490 MemoryBasicInformation MEMORY_BASIC_INFORMATION
3492 * VirtualMemoryInformation = caller supplies storage for the information structure
3493 * Length = size of the structure
3494 ResultLength = Data written
3501 NtQueryVirtualMemory(
3502 IN HANDLE ProcessHandle,
3504 IN IN CINT VirtualMemoryInformationClass,
3505 OUT PVOID VirtualMemoryInformation,
3507 OUT PULONG ResultLength
3511 ZwQueryVirtualMemory(
3512 IN HANDLE ProcessHandle,
3514 IN IN CINT VirtualMemoryInformationClass,
3515 OUT PVOID VirtualMemoryInformation,
3517 OUT PULONG ResultLength
3521 * FUNCTION: Queries the volume information
3523 * FileHandle = Handle to a file object on the target volume
3524 * IoStatusBlock = Caller should supply storage for additional status information
3525 * ReturnLength = DataWritten
3526 * FsInformation = Caller should supply storage for the information structure.
3527 * Length = Size of the information structure
3528 * FsInformationClass = Index to a information structure
3530 FileFsVolumeInformation FILE_FS_VOLUME_INFORMATION
3531 FileFsLabelInformation FILE_FS_LABEL_INFORMATION
3532 FileFsSizeInformation FILE_FS_SIZE_INFORMATION
3533 FileFsDeviceInformation FILE_FS_DEVICE_INFORMATION
3534 FileFsAttributeInformation FILE_FS_ATTRIBUTE_INFORMATION
3535 FileFsControlInformation
3536 FileFsQuotaQueryInformation --
3537 FileFsQuotaSetInformation --
3538 FileFsMaximumInformation
3540 * RETURNS: Status [ STATUS_SUCCESS | STATUS_INSUFFICIENT_RESOURCES | STATUS_INVALID_PARAMETER |
3541 STATUS_INVALID_DEVICE_REQUEST | STATUS_BUFFER_OVERFLOW ]
3546 NtQueryVolumeInformationFile(
3547 IN HANDLE FileHandle,
3548 OUT PIO_STATUS_BLOCK IoStatusBlock,
3549 OUT PVOID FsInformation,
3551 IN FS_INFORMATION_CLASS FsInformationClass
3556 ZwQueryVolumeInformationFile(
3557 IN HANDLE FileHandle,
3558 OUT PIO_STATUS_BLOCK IoStatusBlock,
3559 OUT PVOID FsInformation,
3561 IN FS_INFORMATION_CLASS FsInformationClass
3564 // FIXME: Should I specify if the apc is user or kernel mode somewhere ??
3566 * FUNCTION: Queues a (user) apc to a thread.
3568 ThreadHandle = Thread to which the apc is queued.
3569 ApcRoutine = Points to the apc routine
3570 NormalContext = Argument to Apc Routine
3571 * SystemArgument1 = Argument of the Apc Routine
3572 SystemArgument2 = Argument of the Apc Routine
3573 * REMARK: If the apc is queued against a thread of a different process than the calling thread
3574 the apc routine should be specified in the address space of the queued thread's process.
3581 HANDLE ThreadHandle,
3582 PKNORMAL_ROUTINE ApcRoutine,
3583 PVOID NormalContext,
3584 PVOID SystemArgument1,
3585 PVOID SystemArgument2);
3590 HANDLE ThreadHandle,
3591 PKNORMAL_ROUTINE ApcRoutine,
3592 PVOID NormalContext,
3593 PVOID SystemArgument1,
3594 PVOID SystemArgument2);
3598 * FUNCTION: Raises an exception
3600 * ExceptionRecord = Structure specifying the exception
3601 * Context = Context in which the excpetion is raised
3610 IN PEXCEPTION_RECORD ExceptionRecord,
3611 IN PCONTEXT Context,
3612 IN BOOLEAN SearchFrames
3618 IN PEXCEPTION_RECORD ExceptionRecord,
3619 IN PCONTEXT Context,
3620 IN BOOLEAN SearchFrames
3624 * FUNCTION: Raises a hard error (stops the system)
3626 * Status = Status code of the hard error
3659 * FUNCTION: Read a file
3661 * FileHandle = Handle of a file to read
3662 * Event = This event is signalled when the read operation completes
3663 * UserApcRoutine = Call back , if supplied Event should be NULL
3664 * UserApcContext = Argument to the callback
3665 * IoStatusBlock = Caller should supply storage for additional status information
3666 * Buffer = Caller should supply storage to receive the information
3667 * BufferLength = Size of the buffer
3668 * ByteOffset = Offset to start reading the file
3669 * Key = If a range is lock a matching key will allow the read to continue.
3677 IN HANDLE FileHandle,
3678 IN HANDLE Event OPTIONAL,
3679 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL,
3680 IN PVOID UserApcContext OPTIONAL,
3681 OUT PIO_STATUS_BLOCK IoStatusBlock,
3683 IN ULONG BufferLength,
3684 IN PLARGE_INTEGER ByteOffset OPTIONAL,
3685 IN PULONG Key OPTIONAL
3691 IN HANDLE FileHandle,
3692 IN HANDLE Event OPTIONAL,
3693 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL,
3694 IN PVOID UserApcContext OPTIONAL,
3695 OUT PIO_STATUS_BLOCK IoStatusBlock,
3697 IN ULONG BufferLength,
3698 IN PLARGE_INTEGER ByteOffset OPTIONAL,
3699 IN PULONG Key OPTIONAL
3702 * FUNCTION: Read a file using scattered io
3704 FileHandle = Handle of a file to read
3705 Event = This event is signalled when the read operation completes
3706 * UserApcRoutine = Call back , if supplied Event should be NULL
3707 UserApcContext = Argument to the callback
3708 IoStatusBlock = Caller should supply storage for additional status information
3709 BufferDescription = Caller should supply storage to receive the information
3710 BufferLength = Size of the buffer
3711 ByteOffset = Offset to start reading the file
3712 Key = Key = If a range is lock a matching key will allow the read to continue.
3719 IN HANDLE FileHandle,
3720 IN HANDLE Event OPTIONAL,
3721 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL,
3722 IN PVOID UserApcContext OPTIONAL,
3723 OUT PIO_STATUS_BLOCK UserIoStatusBlock,
3724 IN FILE_SEGMENT_ELEMENT BufferDescription[],
3725 IN ULONG BufferLength,
3726 IN PLARGE_INTEGER ByteOffset,
3727 IN PULONG Key OPTIONAL
3733 IN HANDLE FileHandle,
3734 IN HANDLE Event OPTIONAL,
3735 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL,
3736 IN PVOID UserApcContext OPTIONAL,
3737 OUT PIO_STATUS_BLOCK UserIoStatusBlock,
3738 IN FILE_SEGMENT_ELEMENT BufferDescription[],
3739 IN ULONG BufferLength,
3740 IN PLARGE_INTEGER ByteOffset,
3741 IN PULONG Key OPTIONAL
3744 * FUNCTION: Copies a range of virtual memory to a buffer
3746 * ProcessHandle = Specifies the process owning the virtual address space
3747 * BaseAddress = Points to the address of virtual memory to start the read
3748 * Buffer = Caller supplies storage to copy the virtual memory to.
3749 * NumberOfBytesToRead = Limits the range to read
3750 * NumberOfBytesRead = The actual number of bytes read.
3756 NtReadVirtualMemory(
3757 IN HANDLE ProcessHandle,
3758 IN PVOID BaseAddress,
3760 IN ULONG NumberOfBytesToRead,
3761 OUT PULONG NumberOfBytesRead
3765 ZwReadVirtualMemory(
3766 IN HANDLE ProcessHandle,
3767 IN PVOID BaseAddress,
3769 IN ULONG NumberOfBytesToRead,
3770 OUT PULONG NumberOfBytesRead
3775 * FUNCTION: Debugger can register for thread termination
3777 * TerminationPort = Port on which the debugger likes to be notified.
3782 NtRegisterThreadTerminatePort(
3783 HANDLE TerminationPort
3787 ZwRegisterThreadTerminatePort(
3788 HANDLE TerminationPort
3792 * FUNCTION: Releases a mutant
3794 * MutantHandle = Handle to the mutant
3801 IN HANDLE MutantHandle,
3802 IN PULONG ReleaseCount OPTIONAL
3808 IN HANDLE MutantHandle,
3809 IN PULONG ReleaseCount OPTIONAL
3813 * FUNCTION: Releases a semaphore
3815 * SemaphoreHandle = Handle to the semaphore object
3816 * ReleaseCount = Number to decrease the semaphore count
3817 * PreviousCount = Previous semaphore count
3823 IN HANDLE SemaphoreHandle,
3824 IN LONG ReleaseCount,
3825 OUT PLONG PreviousCount
3831 IN HANDLE SemaphoreHandle,
3832 IN LONG ReleaseCount,
3833 OUT PLONG PreviousCount
3837 * FUNCTION: Removes an io completion
3839 * CompletionPort (OUT) = Caller supplied storage for the resulting handle
3840 * CompletionKey = Requested access to the key
3841 * IoStatusBlock = Caller provides storage for extended status information
3842 * CompletionStatus = Current status of the io operation.
3843 * WaitTime = Time to wait if ..
3848 NtRemoveIoCompletion(
3849 IN HANDLE CompletionPort,
3850 OUT PULONG CompletionKey,
3851 OUT PIO_STATUS_BLOCK IoStatusBlock,
3852 OUT PULONG CompletionStatus,
3853 IN PLARGE_INTEGER WaitTime
3858 ZwRemoveIoCompletion(
3859 IN HANDLE CompletionPort,
3860 OUT PULONG CompletionKey,
3861 OUT PIO_STATUS_BLOCK IoStatusBlock,
3862 OUT PULONG CompletionStatus,
3863 IN PLARGE_INTEGER WaitTime
3866 * FUNCTION: Replaces one registry key with another
3868 * ObjectAttributes = Specifies the attributes of the key
3869 * Key = Handle to the key
3870 * ReplacedObjectAttributes = The function returns the old object attributes
3876 IN POBJECT_ATTRIBUTES ObjectAttributes,
3878 IN POBJECT_ATTRIBUTES ReplacedObjectAttributes
3883 IN POBJECT_ATTRIBUTES ObjectAttributes,
3885 IN POBJECT_ATTRIBUTES ReplacedObjectAttributes
3889 * FUNCTION: Resets a event to a non signaled state
3891 * EventHandle = Handle to the event that should be reset
3892 * NumberOfWaitingThreads = The number of threads released.
3899 PULONG NumberOfWaitingThreads OPTIONAL
3905 PULONG NumberOfWaitingThreads OPTIONAL
3924 * FUNCTION: Decrements a thread's resume count
3926 * ThreadHandle = Handle to the thread that should be resumed
3927 * ResumeCount = The resulting resume count.
3929 * A thread is resumed if its suspend count is 0. This procedure maps to
3930 * the win32 ResumeThread function. ( documentation about the the suspend count can be found here aswell )
3936 IN HANDLE ThreadHandle,
3937 OUT PULONG SuspendCount
3942 IN HANDLE ThreadHandle,
3943 OUT PULONG SuspendCount
3946 * FUNCTION: Writes the content of a registry key to ascii file
3948 * KeyHandle = Handle to the key
3949 * FileHandle = Handle of the file
3951 This function maps to the Win32 RegSaveKey.
3958 IN HANDLE KeyHandle,
3959 IN HANDLE FileHandle
3964 IN HANDLE KeyHandle,
3965 IN HANDLE FileHandle
3969 * FUNCTION: Sets the context of a specified thread.
3971 * ThreadHandle = Handle to the thread
3972 * Context = The processor context.
3979 IN HANDLE ThreadHandle,
3985 IN HANDLE ThreadHandle,
3990 * FUNCTION: Sets the default locale id
3992 * UserProfile = Type of locale id
3993 * TRUE: thread locale id
3994 * FALSE: system locale id
3995 * DefaultLocaleId = Locale id
4002 IN BOOLEAN UserProfile,
4003 IN LCID DefaultLocaleId
4009 IN BOOLEAN UserProfile,
4010 IN LCID DefaultLocaleId
4014 * FUNCTION: Sets the default hard error port
4016 * PortHandle = Handle to the port
4017 * NOTE: The hard error port is used for first change exception handling
4022 NtSetDefaultHardErrorPort(
4023 IN HANDLE PortHandle
4027 ZwSetDefaultHardErrorPort(
4028 IN HANDLE PortHandle
4032 * FUNCTION: Sets the extended attributes of a file.
4034 * FileHandle = Handle to the file
4035 * IoStatusBlock = Storage for a resulting status and information
4036 * on the current operation.
4037 * EaBuffer = Extended Attributes buffer.
4038 * EaBufferSize = Size of the extended attributes buffer
4044 IN HANDLE FileHandle,
4045 IN PIO_STATUS_BLOCK IoStatusBlock,
4052 IN HANDLE FileHandle,
4053 IN PIO_STATUS_BLOCK IoStatusBlock,
4058 //FIXME: should I return the event state ?
4061 * FUNCTION: Sets the event to a signalled state.
4063 * EventHandle = Handle to the event
4064 * NumberOfThreadsReleased = The number of threads released
4066 * This procedure maps to the win32 SetEvent function.
4073 IN HANDLE EventHandle,
4074 PULONG NumberOfThreadsReleased
4080 IN HANDLE EventHandle,
4081 PULONG NumberOfThreadsReleased
4085 * FUNCTION: Sets the high part of an event pair
4087 EventPair = Handle to the event pair
4094 IN HANDLE EventPairHandle
4100 IN HANDLE EventPairHandle
4103 * FUNCTION: Sets the high part of an event pair and wait for the low part
4105 EventPair = Handle to the event pair
4110 NtSetHighWaitLowEventPair(
4111 IN HANDLE EventPairHandle
4115 ZwSetHighWaitLowEventPair(
4116 IN HANDLE EventPairHandle
4120 * FUNCTION: Sets the information of a file object.
4122 * FileHandle = Handle to the file object
4123 * IoStatusBlock = Caller supplies storage for extended information
4124 * on the current operation.
4125 * FileInformation = Storage for the new file information
4126 * Lenght = Size of the new file information.
4127 * FileInformationClass = Indicates to a certain information structure
4129 FileNameInformation FILE_NAME_INFORMATION
4130 FileRenameInformation FILE_RENAME_INFORMATION
4131 FileStreamInformation FILE_STREAM_INFORMATION
4132 * FileCompletionInformation IO_COMPLETION_CONTEXT
4135 * This procedure maps to the win32 SetEndOfFile, SetFileAttributes,
4136 * SetNamedPipeHandleState, SetMailslotInfo functions.
4143 NtSetInformationFile(
4144 IN HANDLE FileHandle,
4145 IN PIO_STATUS_BLOCK IoStatusBlock,
4146 IN PVOID FileInformation,
4148 IN FILE_INFORMATION_CLASS FileInformationClass
4152 ZwSetInformationFile(
4153 IN HANDLE FileHandle,
4154 IN PIO_STATUS_BLOCK IoStatusBlock,
4155 IN PVOID FileInformation,
4157 IN FILE_INFORMATION_CLASS FileInformationClass
4163 * FUNCTION: Sets the information of a registry key.
4165 * KeyHandle = Handle to the registry key
4166 * KeyInformationClass = Index to the a certain information structure.
4167 Can be one of the following values:
4169 * KeyWriteTimeInformation KEY_WRITE_TIME_INFORMATION
4171 KeyInformation = Storage for the new information
4172 * KeyInformationLength = Size of the information strucure
4178 NtSetInformationKey(
4179 IN HANDLE KeyHandle,
4180 IN CINT KeyInformationClass,
4181 IN PVOID KeyInformation,
4182 IN ULONG KeyInformationLength
4187 ZwSetInformationKey(
4188 IN HANDLE KeyHandle,
4189 IN CINT KeyInformationClass,
4190 IN PVOID KeyInformation,
4191 IN ULONG KeyInformationLength
4194 * FUNCTION: Changes a set of object specific parameters
4197 * ObjectInformationClass = Index to the set of parameters to change.
4200 ObjectBasicInformation
4201 ObjectTypeInformation OBJECT_TYPE_INFORMATION
4202 ObjectAllInformation
4203 ObjectDataInformation OBJECT_DATA_INFORMATION
4204 ObjectNameInformation OBJECT_NAME_INFORMATION
4207 * ObjectInformation = Caller supplies storage for parameters to set.
4208 * Length = Size of the storage supplied
4213 NtSetInformationObject(
4214 IN HANDLE ObjectHandle,
4215 IN CINT ObjectInformationClass,
4216 IN PVOID ObjectInformation,
4222 ZwSetInformationObject(
4223 IN HANDLE ObjectHandle,
4224 IN CINT ObjectInformationClass,
4225 IN PVOID ObjectInformation,
4230 * FUNCTION: Changes a set of process specific parameters
4232 * ProcessHandle = Handle to the process
4233 * ProcessInformationClass = Index to a information structure.
4235 * ProcessBasicInformation PROCESS_BASIC_INFORMATION
4236 * ProcessQuotaLimits QUOTA_LIMITS
4237 * ProcessBasePriority KPRIORITY
4238 * ProcessRaisePriority KPRIORITY
4239 * ProcessDebugPort HANDLE
4240 * ProcessExceptionPort HANDLE
4241 * ProcessAccessToken PROCESS_ACCESS_TOKEN
4242 * ProcessDefaultHardErrorMode ULONG
4243 * ProcessPriorityClass ULONG
4244 * ProcessAffinityMask KAFFINITY //??
4246 * ProcessInformation = Caller supplies storage for information to set.
4247 * ProcessInformationLength = Size of the information structure
4252 NtSetInformationProcess(
4253 IN HANDLE ProcessHandle,
4254 IN CINT ProcessInformationClass,
4255 IN PVOID ProcessInformation,
4256 IN ULONG ProcessInformationLength
4260 ZwSetInformationProcess(
4261 IN HANDLE ProcessHandle,
4262 IN CINT ProcessInformationClass,
4263 IN PVOID ProcessInformation,
4264 IN ULONG ProcessInformationLength
4267 * FUNCTION: Changes a set of thread specific parameters
4269 * ThreadHandle = Handle to the thread
4270 * ThreadInformationClass = Index to the set of parameters to change.
4271 * Can be one of the following values:
4273 * ThreadBasicInformation THREAD_BASIC_INFORMATION
4274 * ThreadPriority KPRIORITY //???
4275 * ThreadBasePriority KPRIORITY
4276 * ThreadAffinityMask KAFFINITY //??
4277 * ThreadImpersonationToken ACCESS_TOKEN
4278 * ThreadIdealProcessor ULONG
4279 * ThreadPriorityBoost ULONG
4281 * ThreadInformation = Caller supplies storage for parameters to set.
4282 * ThreadInformationLength = Size of the storage supplied
4287 NtSetInformationThread(
4288 IN HANDLE ThreadHandle,
4289 IN THREADINFOCLASS ThreadInformationClass,
4290 IN PVOID ThreadInformation,
4291 IN ULONG ThreadInformationLength
4295 ZwSetInformationThread(
4296 IN HANDLE ThreadHandle,
4297 IN THREADINFOCLASS ThreadInformationClass,
4298 IN PVOID ThreadInformation,
4299 IN ULONG ThreadInformationLength
4303 * FUNCTION: Changes a set of token specific parameters
4305 * TokenHandle = Handle to the token
4306 * TokenInformationClass = Index to a certain information structure.
4307 * Can be one of the following values:
4309 TokenUser TOKEN_USER
4310 TokenGroups TOKEN_GROUPS
4311 TokenPrivileges TOKEN_PRIVILEGES
4312 TokenOwner TOKEN_OWNER
4313 TokenPrimaryGroup TOKEN_PRIMARY_GROUP
4314 TokenDefaultDacl TOKEN_DEFAULT_DACL
4315 TokenSource TOKEN_SOURCE
4316 TokenType TOKEN_TYPE
4317 TokenImpersonationLevel TOKEN_IMPERSONATION_LEVEL
4318 TokenStatistics TOKEN_STATISTICS
4320 * TokenInformation = Caller supplies storage for information structure.
4321 * TokenInformationLength = Size of the information structure
4327 NtSetInformationToken(
4328 IN HANDLE TokenHandle,
4329 IN TOKEN_INFORMATION_CLASS TokenInformationClass,
4330 OUT PVOID TokenInformation,
4331 IN ULONG TokenInformationLength
4336 ZwSetInformationToken(
4337 IN HANDLE TokenHandle,
4338 IN TOKEN_INFORMATION_CLASS TokenInformationClass,
4339 OUT PVOID TokenInformation,
4340 IN ULONG TokenInformationLength
4345 * FUNCTION: Sets an io completion
4350 * NumberOfBytesToTransfer =
4351 * NumberOfBytesTransferred =
4357 IN HANDLE CompletionPort,
4358 IN ULONG CompletionKey,
4359 OUT PIO_STATUS_BLOCK IoStatusBlock,
4360 IN ULONG NumberOfBytesToTransfer,
4361 OUT PULONG NumberOfBytesTransferred
4366 IN HANDLE CompletionPort,
4367 IN ULONG CompletionKey,
4368 OUT PIO_STATUS_BLOCK IoStatusBlock,
4369 IN ULONG NumberOfBytesToTransfer,
4370 OUT PULONG NumberOfBytesTransferred
4374 * FUNCTION: Set properties for profiling
4384 NtSetIntervalProfile(
4386 KPROFILE_SOURCE ClockSource
4391 ZwSetIntervalProfile(
4393 KPROFILE_SOURCE ClockSource
4398 * FUNCTION: Sets the low part of an event pair
4400 EventPair = Handle to the event pair
4415 * FUNCTION: Sets the low part of an event pair and wait for the high part
4417 EventPair = Handle to the event pair
4422 NtSetLowWaitHighEventPair(
4427 ZwSetLowWaitHighEventPair(
4433 NtSetSecurityObject(
4435 IN SECURITY_INFORMATION SecurityInformation,
4436 IN PSECURITY_DESCRIPTOR SecurityDescriptor
4441 ZwSetSecurityObject(
4443 IN SECURITY_INFORMATION SecurityInformation,
4444 IN PSECURITY_DESCRIPTOR SecurityDescriptor
4449 * FUNCTION: Sets a system environment variable
4451 * ValueName = Name of the environment variable
4452 * Value = Value of the environment variable
4457 NtSetSystemEnvironmentValue(
4458 IN PUNICODE_STRING VariableName,
4459 IN PUNICODE_STRING Value
4463 ZwSetSystemEnvironmentValue(
4464 IN PUNICODE_STRING VariableName,
4465 IN PUNICODE_STRING Value
4468 * FUNCTION: Sets system parameters
4470 * SystemInformationClass = Index to a particular set of system parameters
4471 * Can be one of the following values:
4473 * SystemTimeAdjustmentInformation SYSTEM_TIME_ADJUSTMENT
4475 * SystemInformation = Structure containing the parameters.
4476 * SystemInformationLength = Size of the structure.
4481 NtSetSystemInformation(
4482 IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
4483 IN PVOID SystemInformation,
4484 IN ULONG SystemInformationLength
4489 ZwSetSystemInformation(
4490 IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
4491 IN PVOID SystemInformation,
4492 IN ULONG SystemInformationLength
4496 * FUNCTION: Sets the system time
4498 * SystemTime = Old System time
4499 * NewSystemTime = New System time
4505 IN PLARGE_INTEGER SystemTime,
4506 IN PLARGE_INTEGER NewSystemTime OPTIONAL
4511 IN PLARGE_INTEGER SystemTime,
4512 IN PLARGE_INTEGER NewSystemTime OPTIONAL
4515 * FUNCTION: Sets the characteristics of a timer
4517 * TimerHandle = Handle to the timer
4518 * DueTime = Time before the timer becomes signalled for the first time.
4519 * TimerApcRoutine = Completion routine can be called on time completion
4520 * TimerContext = Argument to the completion routine
4521 * Resume = Specifies if the timer should repeated after completing one cycle
4522 * Period = Cycle of the timer
4523 * REMARKS: This routine maps to the win32 SetWaitableTimer.
4529 IN HANDLE TimerHandle,
4530 IN PLARGE_INTEGER DueTime,
4531 IN PTIMERAPCROUTINE TimerApcRoutine,
4532 IN PVOID TimerContext,
4534 IN ULONG Period OPTIONAL,
4535 OUT PBOOLEAN PreviousState OPTIONAL
4540 IN HANDLE TimerHandle,
4541 IN PLARGE_INTEGER DueTime,
4542 IN PTIMERAPCROUTINE TimerApcRoutine,
4543 IN PVOID TimerContext,
4545 IN ULONG Period OPTIONAL,
4546 OUT PBOOLEAN PreviousState OPTIONAL
4550 * FUNCTION: Sets the frequency of the system timer
4552 * RequestedResolution =
4554 * ActualResolution =
4559 NtSetTimerResolution(
4560 IN ULONG RequestedResolution,
4562 OUT PULONG ActualResolution
4566 ZwSetTimerResolution(
4567 IN ULONG RequestedResolution,
4569 OUT PULONG ActualResolution
4573 * FUNCTION: Sets the value of a registry key
4575 * KeyHandle = Handle to a registry key
4576 * ValueName = Name of the value entry to change
4577 * TitleIndex = pointer to a structure containing the new volume information
4578 * Type = Type of the registry key. Can be one of the values:
4579 * REG_BINARY Unspecified binary data
4580 * REG_DWORD A 32 bit value
4581 * REG_DWORD_LITTLE_ENDIAN Same as REG_DWORD
4582 * REG_DWORD_BIG_ENDIAN A 32 bit value whose least significant byte is at the highest address
4583 * REG_EXPAND_SZ A zero terminated wide character string with unexpanded environment variables ( "%PATH%" )
4584 * REG_LINK A zero terminated wide character string referring to a symbolic link.
4585 * REG_MULTI_SZ A series of zero-terminated strings including a additional trailing zero
4586 * REG_NONE Unspecified type
4587 * REG_SZ A wide character string ( zero terminated )
4588 * REG_RESOURCE_LIST ??
4589 * REG_RESOURCE_REQUIREMENTS_LIST ??
4590 * REG_FULL_RESOURCE_DESCRIPTOR ??
4591 * Data = Contains the data for the registry key.
4592 * DataSize = size of the data.
4598 IN HANDLE KeyHandle,
4599 IN PUNICODE_STRING ValueName,
4600 IN ULONG TitleIndex OPTIONAL,
4608 IN HANDLE KeyHandle,
4609 IN PUNICODE_STRING ValueName,
4610 IN ULONG TitleIndex OPTIONAL,
4617 * FUNCTION: Sets the volume information.
4619 * FileHandle = Handle to the file
4620 * IoStatusBlock = Caller should supply storage for additional status information
4621 * VolumeInformation = pointer to a structure containing the new volume information
4622 * Length = size of the structure.
4623 * VolumeInformationClass = specifies the particular volume information to set
4628 NtSetVolumeInformationFile(
4629 IN HANDLE FileHandle,
4630 OUT PIO_STATUS_BLOCK IoStatusBlock,
4631 IN PVOID FsInformation,
4633 IN FS_INFORMATION_CLASS FsInformationClass
4638 ZwSetVolumeInformationFile(
4639 IN HANDLE FileHandle,
4640 OUT PIO_STATUS_BLOCK IoStatusBlock,
4641 IN PVOID FsInformation,
4643 IN FS_INFORMATION_CLASS FsInformationClass
4647 * FUNCTION: Shuts the system down
4649 * Action = Specifies the type of shutdown, it can be one of the following values:
4650 * ShutdownNoReboot, ShutdownReboot, ShutdownPowerOff
4656 IN SHUTDOWN_ACTION Action
4662 IN SHUTDOWN_ACTION Action
4666 /* --- PROFILING --- */
4669 * FUNCTION: Starts profiling
4671 * ProfileHandle = Handle to the profile
4678 HANDLE ProfileHandle
4684 HANDLE ProfileHandle
4688 * FUNCTION: Stops profiling
4690 * ProfileHandle = Handle to the profile
4697 HANDLE ProfileHandle
4703 HANDLE ProfileHandle
4706 /* --- PROCESS MANAGEMENT --- */
4708 //--NtSystemDebugControl
4710 * FUNCTION: Terminates the execution of a process.
4712 * ThreadHandle = Handle to the process
4713 * ExitStatus = The exit status of the process to terminate with.
4715 Native applications should kill themselves using this function.
4721 IN HANDLE ProcessHandle ,
4722 IN NTSTATUS ExitStatus
4727 IN HANDLE ProcessHandle ,
4728 IN NTSTATUS ExitStatus
4731 /* --- DEVICE DRIVER CONTROL --- */
4734 * FUNCTION: Unloads a driver.
4736 * DriverServiceName = Name of the driver to unload
4742 IN PUNICODE_STRING DriverServiceName
4747 IN PUNICODE_STRING DriverServiceName
4750 /* --- VIRTUAL MEMORY MANAGEMENT --- */
4753 * FUNCTION: Writes a range of virtual memory
4755 * ProcessHandle = The handle to the process owning the address space.
4756 * BaseAddress = The points to the address to write to
4757 * Buffer = Pointer to the buffer to write
4758 * NumberOfBytesToWrite = Offset to the upper boundary to write
4759 * NumberOfBytesWritten = Total bytes written
4761 * This function maps to the win32 WriteProcessMemory
4766 NtWriteVirtualMemory(
4767 IN HANDLE ProcessHandle,
4768 IN PVOID BaseAddress,
4770 IN ULONG NumberOfBytesToWrite,
4771 OUT PULONG NumberOfBytesWritten
4776 ZwWriteVirtualMemory(
4777 IN HANDLE ProcessHandle,
4778 IN PVOID BaseAddress,
4780 IN ULONG NumberOfBytesToWrite,
4781 OUT PULONG NumberOfBytesWritten
4785 * FUNCTION: Unlocks a range of virtual memory.
4787 * ProcessHandle = Handle to the process
4788 * BaseAddress = Lower boundary of the range of bytes to unlock.
4789 * NumberOfBytesToUnlock = Offset to the upper boundary to unlock.
4790 * NumberOfBytesUnlocked (OUT) = Number of bytes actually unlocked.
4792 This procedure maps to the win32 procedure VirtualUnlock
4793 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PAGE_WAS_ULOCKED ]
4797 NtUnlockVirtualMemory(
4798 IN HANDLE ProcessHandle,
4799 IN PVOID BaseAddress,
4800 IN ULONG NumberOfBytesToUnlock,
4801 OUT PULONG NumberOfBytesUnlocked OPTIONAL
4806 ZwUnlockVirtualMemory(
4807 IN HANDLE ProcessHandle,
4808 IN PVOID BaseAddress,
4809 IN ULONG NumberOfBytesToUnlock,
4810 OUT PULONG NumberOfBytesUnlocked OPTIONAL
4813 * FUNCTION: Unmaps a piece of virtual memory backed by a file.
4815 * ProcessHandle = Handle to the process
4816 * BaseAddress = The address where the mapping begins
4818 This procedure maps to the win32 UnMapViewOfFile
4823 NtUnmapViewOfSection(
4824 IN HANDLE ProcessHandle,
4825 IN PVOID BaseAddress
4829 ZwUnmapViewOfSection(
4830 IN HANDLE ProcessHandle,
4831 IN PVOID BaseAddress
4834 /* --- OBJECT SYNCHRONIZATION --- */
4837 * FUNCTION: Signals an object and wait for an other one.
4839 * SignalObject = Handle to the object that should be signaled
4840 * WaitObject = Handle to the object that should be waited for
4841 * Alertable = True if the wait is alertable
4842 * Time = The time to wait
4847 NtSignalAndWaitForSingleObject(
4848 IN HANDLE SignalObject,
4849 IN HANDLE WaitObject,
4850 IN BOOLEAN Alertable,
4851 IN PLARGE_INTEGER Time
4856 NtSignalAndWaitForSingleObject(
4857 IN HANDLE SignalObject,
4858 IN HANDLE WaitObject,
4859 IN BOOLEAN Alertable,
4860 IN PLARGE_INTEGER Time
4864 * FUNCTION: Waits for multiple objects to become signalled.
4866 * Count = The number of objects
4867 * Object = The array of object handles
4868 * WaitType = Can be one of the values UserMode or KernelMode
4869 * Alertable = If true the wait is alertable.
4870 * Time = The maximum wait time.
4872 * This function maps to the win32 WaitForMultipleObjectEx.
4877 NtWaitForMultipleObjects (
4881 IN BOOLEAN Alertable,
4882 IN PLARGE_INTEGER Time
4887 ZwWaitForMultipleObjects (
4891 IN BOOLEAN Alertable,
4892 IN PLARGE_INTEGER Time
4896 * FUNCTION: Waits for an object to become signalled.
4898 * Object = The object handle
4899 * Alertable = If true the wait is alertable.
4900 * Time = The maximum wait time.
4902 * This function maps to the win32 WaitForSingleObjectEx.
4907 NtWaitForSingleObject (
4909 IN BOOLEAN Alertable,
4910 IN PLARGE_INTEGER Time
4915 ZwWaitForSingleObject (
4917 IN BOOLEAN Alertable,
4918 IN PLARGE_INTEGER Time
4921 /* --- EVENT PAIR OBJECT --- */
4924 * FUNCTION: Waits for the high part of an eventpair to become signalled
4926 * EventPairHandle = Handle to the event pair.
4932 NtWaitHighEventPair(
4933 IN HANDLE EventPairHandle
4938 ZwWaitHighEventPair(
4939 IN HANDLE EventPairHandle
4943 * FUNCTION: Waits for the low part of an eventpair to become signalled
4945 * EventPairHandle = Handle to the event pair.
4951 IN HANDLE EventPairHandle
4957 IN HANDLE EventPairHandle
4960 /* --- FILE MANAGEMENT --- */
4963 * FUNCTION: Unlocks a range of bytes in a file.
4965 * FileHandle = Handle to the file
4966 * IoStatusBlock = Caller should supply storage for a structure containing
4967 * the completion status and information about the requested unlock operation.
4968 The information field is set to the number of bytes unlocked.
4969 * ByteOffset = Offset to start the range of bytes to unlock
4970 * Length = Number of bytes to unlock.
4971 * Key = Special value to enable other threads to unlock a file than the
4972 thread that locked the file. The key supplied must match with the one obtained
4973 in a previous call to NtLockFile.
4975 This procedure maps to the win32 procedure UnlockFileEx. STATUS_PENDING is returned if the lock could
4976 not be obtained immediately, the device queue is busy and the IRP is queued.
4977 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES |
4978 STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_RANGE_NOT_LOCKED ]
4983 IN HANDLE FileHandle,
4984 OUT PIO_STATUS_BLOCK IoStatusBlock,
4985 IN PLARGE_INTEGER ByteOffset,
4986 IN PLARGE_INTEGER Lenght,
4987 OUT PULONG Key OPTIONAL
4992 IN HANDLE FileHandle,
4993 OUT PIO_STATUS_BLOCK IoStatusBlock,
4994 IN PLARGE_INTEGER ByteOffset,
4995 IN PLARGE_INTEGER Lenght,
4996 OUT PULONG Key OPTIONAL
5000 * FUNCTION: Writes data to a file
5002 * FileHandle = The handle a file ( from NtCreateFile )
5003 * Event = Specifies a event that will become signalled when the write operation completes.
5004 * ApcRoutine = Asynchroneous Procedure Callback [ Should not be used by device drivers ]
5005 * ApcContext = Argument to the Apc Routine
5006 * IoStatusBlock = Caller should supply storage for a structure containing the completion status and information about the requested write operation.
5007 * Buffer = Caller should supply storage for a buffer that will contain the information to be written to file.
5008 * Length = Size in bytest of the buffer
5009 * ByteOffset = Points to a file offset. If a combination of Length and BytesOfSet is past the end-of-file mark the file will be enlarged.
5010 * BytesOffset is ignored if the file is created with FILE_APPEND_DATA in the DesiredAccess. BytesOffset is also ignored if
5011 * the file is created with CreateOptions flags FILE_SYNCHRONOUS_IO_ALERT or FILE_SYNCHRONOUS_IO_NONALERT set, in that case a offset
5012 * should be created by specifying FILE_USE_FILE_POINTER_POSITION.
5015 * This function maps to the win32 WriteFile.
5016 * Callers to NtWriteFile should run at IRQL PASSIVE_LEVEL.
5017 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES
5018 STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_FILE_LOCK_CONFLICT ]
5023 IN HANDLE FileHandle,
5024 IN HANDLE Event OPTIONAL,
5025 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
5026 IN PVOID ApcContext OPTIONAL,
5027 OUT PIO_STATUS_BLOCK IoStatusBlock,
5030 IN PLARGE_INTEGER ByteOffset,
5031 IN PULONG Key OPTIONAL
5037 IN HANDLE FileHandle,
5038 IN HANDLE Event OPTIONAL,
5039 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
5040 IN PVOID ApcContext OPTIONAL,
5041 OUT PIO_STATUS_BLOCK IoStatusBlock,
5044 IN PLARGE_INTEGER ByteOffset ,
5045 IN PULONG Key OPTIONAL
5049 * FUNCTION: Writes a file
5051 * FileHandle = The handle of the file
5053 * ApcRoutine = Asynchroneous Procedure Callback [ Should not be used by device drivers ]
5054 * ApcContext = Argument to the Apc Routine
5055 * IoStatusBlock = Caller should supply storage for a structure containing the completion status and information about the requested write operation.
5056 * BufferDescription = Caller should supply storage for a buffer that will contain the information to be written to file.
5057 * BufferLength = Size in bytest of the buffer
5058 * ByteOffset = Points to a file offset. If a combination of Length and BytesOfSet is past the end-of-file mark the file will be enlarged.
5059 * BytesOffset is ignored if the file is created with FILE_APPEND_DATA in the DesiredAccess. BytesOffset is also ignored if
5060 * the file is created with CreateOptions flags FILE_SYNCHRONOUS_IO_ALERT or FILE_SYNCHRONOUS_IO_NONALERT set, in that case a offset
5061 * should be created by specifying FILE_USE_FILE_POINTER_POSITION. Use FILE_WRITE_TO_END_OF_FILE to write to the EOF.
5062 * Key = If a matching key [ a key provided at NtLockFile ] is provided the write operation will continue even if a byte range is locked.
5064 * This function maps to the win32 WriteFile.
5065 * Callers to NtWriteFile should run at IRQL PASSIVE_LEVEL.
5066 * RETURNS: Status [ STATUS_SUCCESS | STATUS_PENDING | STATUS_ACCESS_DENIED | STATUS_INSUFFICIENT_RESOURCES
5067 STATUS_INVALID_PARAMETER | STATUS_INVALID_DEVICE_REQUEST | STATUS_FILE_LOCK_CONFLICT ]
5073 IN HANDLE FileHandle,
5074 IN HANDLE Event OPTIONAL,
5075 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
5076 IN PVOID ApcContext OPTIONAL,
5077 OUT PIO_STATUS_BLOCK IoStatusBlock,
5078 IN FILE_SEGMENT_ELEMENT BufferDescription[],
5079 IN ULONG BufferLength,
5080 IN PLARGE_INTEGER ByteOffset,
5081 IN PULONG Key OPTIONAL
5087 IN HANDLE FileHandle,
5088 IN HANDLE Event OPTIONAL,
5089 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
5090 IN PVOID ApcContext OPTIONAL,
5091 OUT PIO_STATUS_BLOCK IoStatusBlock,
5092 IN FILE_SEGMENT_ELEMENT BufferDescription[],
5093 IN ULONG BufferLength,
5094 IN PLARGE_INTEGER ByteOffset,
5095 IN PULONG Key OPTIONAL
5099 /* --- THREAD MANAGEMENT --- */
5102 * FUNCTION: Increments a thread's resume count
5104 * ThreadHandle = Handle to the thread that should be resumed
5105 * PreviousSuspendCount = The resulting/previous suspend count.
5107 * A thread will be suspended if its suspend count is greater than 0. This procedure maps to
5108 * the win32 SuspendThread function. ( documentation about the the suspend count can be found here aswell )
5109 * The suspend count is not increased if it is greater than MAXIMUM_SUSPEND_COUNT.
5115 IN HANDLE ThreadHandle,
5116 IN PULONG PreviousSuspendCount
5122 IN HANDLE ThreadHandle,
5123 IN PULONG PreviousSuspendCount
5127 * FUNCTION: Terminates the execution of a thread.
5129 * ThreadHandle = Handle to the thread
5130 * ExitStatus = The exit status of the thread to terminate with.
5136 IN HANDLE ThreadHandle ,
5137 IN NTSTATUS ExitStatus
5142 IN HANDLE ThreadHandle ,
5143 IN NTSTATUS ExitStatus
5146 * FUNCTION: Tests to see if there are any pending alerts for the calling thread
5161 * FUNCTION: Yields the callers thread.
5178 * --- Local Procedure Call Facility
5179 * These prototypes are unknown as yet
5180 * (stack sizes by Peter-Michael Hager)
5183 /* --- REGISTRY --- */
5186 * FUNCTION: Unloads a registry key.
5188 * KeyHandle = Handle to the registry key
5190 * This procedure maps to the win32 procedure RegUnloadKey
5205 /* --- PLUG AND PLAY --- */
5215 NtGetPlugPlayEvent (
5219 /* --- POWER MANAGEMENT --- */
5222 NtSetSystemPowerState(IN POWER_ACTION SystemAction,
5223 IN SYSTEM_POWER_STATE MinSystemState,
5226 /* --- DEBUG SUBSYSTEM --- */
5229 NtSystemDebugControl(DEBUG_CONTROL_CODE ControlCode,
5231 ULONG InputBufferLength,
5233 ULONG OutputBufferLength,
5234 PULONG ReturnLength);
5236 /* --- VIRTUAL DOS MACHINE (VDM) --- */
5240 NtVdmControl (ULONG ControlCode, PVOID ControlData);
5246 NtW32Call(IN ULONG RoutineIndex,
5248 IN ULONG ArgumentLength,
5249 OUT PVOID* Result OPTIONAL,
5250 OUT PULONG ResultLength OPTIONAL);
5252 /* --- CHANNELS --- */
5274 NtReplyWaitSendChannel (
5280 NtSendWaitReplyChannel (
5286 NtSetContextChannel (
5290 /* --- MISCELLANEA --- */
5292 //NTSTATUS STDCALL NtSetLdtEntries(VOID);
5304 NtQueryOleDirectoryFile (
5308 #endif /* __DDK_ZW_H */
git://git.jankratochvil.net / reactos.git / blob