转自:https://www.cnblogs.com/gwsbhqt/p/5092390.html
为了能使用上Ntdll.lib库函数,从几份不完整的Ntdll.h中拼凑整理出了比较完整美观的Ntdll.h。
测试平台:Windows 10 Professional / Visual Studio 2015 Community Update 1
测试Lib:Visual Studio 2015 Community Update 1 (x86 / x64) Ntdll.lib
1 /*/////////////////////////////////////////////////////////////// 2 Name: Ntdll.h 3 BaseLib: <Ntdll.lib> 4 BaseHead: <stdarg.h> <winbase.h> <windef.h> 5 Author: gwsbhqt@163.com 6 LastCode: 20160102 7 Description: Reference the undeclared Native API in Ntdll.lib 8 ///////////////////////////////////////////////////////////////*/ 9 10 #pragma once 11 12 #ifndef __NTDLL_H__ 13 #define __NTDLL_H__ 14 15 #pragma region HEAD 16 17 #include <stdarg.h> 18 #include <winbase.h> 19 #include <windef.h> 20 21 #ifdef __cplusplus 22 extern "C" { 23 #endif 24 25 #ifdef _NTDDK_ 26 #error This head file can not be compiled together with Ntddk.h 27 #endif 28 29 #ifndef WIN64 30 #pragma comment(lib, "Lib\x86\Ntdll.lib") 31 #else 32 #pragma comment(lib, "Lib\x64\Ntdll.lib") 33 #endif 34 35 #pragma endregion 36 37 #pragma region NTDLL BASE DEFINE 38 39 #ifndef NTSTATUS 40 typedef LONG NTSTATUS; 41 #endif 42 43 #ifndef NT_SUCCESS 44 #define NT_SUCCESS(Status) ((NTSTATUS)(Status) >= 0) 45 #endif // NT_SUCCESS 46 47 #ifndef STATUS_SUCCESS 48 #define STATUS_SUCCESS ((NTSTATUS)0x00000000L) 49 #endif // STATUS_SUCCESS 50 51 #ifndef STATUS_UNSUCCESSFUL 52 #define STATUS_UNSUCCESSFUL ((NTSTATUS)0xC0000001L) 53 #endif // STATUS_UNSUCCESSFUL 54 55 #ifndef ASSERT 56 #ifdef _DEBUG 57 #define ASSERT(x) assert(x) 58 #else // _DEBUG 59 #define ASSERT(x) 60 #endif // _DEBUG 61 #endif // ASSERT 62 63 #pragma endregion 64 65 #pragma region DEFINE 66 67 #define DEVICE_TYPE DWORD 68 69 #define FLG_STOP_ON_EXCEPTION 0x0000001L 70 #define FLG_SHOW_LDR_SNAPS 0x0000002L 71 #define FLG_DEBUG_INITIAL_COMMAND 0x0000004L 72 #define FLG_STOP_ON_HUNG_GUI 0x0000008L 73 #define FLG_HEAP_ENABLE_TAIL_CHECK 0x0000010L 74 #define FLG_HEAP_ENABLE_FREE_CHECK 0x0000020L 75 #define FLG_HEAP_VALIDATE_PARAMETERS 0x0000040L 76 #define FLG_HEAP_VALIDATE_ALL 0x0000080L 77 #define FLG_POOL_ENABLE_TAIL_CHECK 0x0000100L 78 #define FLG_POOL_ENABLE_FREE_CHECK 0x0000200L 79 #define FLG_POOL_ENABLE_TAGGING 0x0000400L 80 #define FLG_HEAP_ENABLE_TAGGING 0x0000800L 81 #define FLG_USER_STACK_TRACE_DB 0x0001000L 82 #define FLG_KERNEL_STACK_TRACE_DB 0x0002000L 83 #define FLG_MAINTAIN_OBJECT_TYPELIST 0x0004000L 84 #define FLG_HEAP_ENABLE_TAG_BY_DLL 0x0008000L 85 #define FLG_IGNORE_DEBUG_PRIV 0x0010000L 86 #define FLG_ENABLE_CSRDEBUG 0x0020000L 87 #define FLG_ENABLE_KDEBUG_SYMBOL_LOAD 0x0040000L 88 #define FLG_DISABLE_PAGE_KERNEL_STACKS 0x0080000L 89 #define FLG_HEAP_ENABLE_CALL_TRACING 0x0100000L 90 #define FLG_HEAP_DISABLE_COALESCING 0x0200000L 91 #define FLG_ENABLE_CLOSE_EXCEPTIONS 0x0400000L 92 #define FLG_ENABLE_EXCEPTION_LOGGING 0x0800000L 93 #define FLG_ENABLE_DBGPRINT_BUFFERING 0x8000000L 94 95 #define PROTECT_FROM_CLOSE 0x1L 96 #define INHERIT 0x2L 97 98 #define FLG_SYSOBJINFO_SINGLE_HANDLE_ENTRY 0x40L 99 #define FLG_SYSOBJINFO_DEFAULT_SECURITY_QUOTA 0x20L 100 #define FLG_SYSOBJINFO_PERMANENT 0x10L 101 #define FLG_SYSOBJINFO_EXCLUSIVE 0x08L 102 #define FLG_SYSOBJINFO_CREATOR_INFO 0x04L 103 #define FLG_SYSOBJINFO_KERNEL_MODE 0x02L 104 105 #define PERMANENT 0x10L 106 #define EXCLUSIVE 0x20L 107 108 #define WSLE_PAGE_READONLY 0x001L 109 #define WSLE_PAGE_EXECUTE 0x002L 110 #define WSLE_PAGE_READWRITE 0x004L 111 #define WSLE_PAGE_EXECUTE_READ 0x003L 112 #define WSLE_PAGE_WRITECOPY 0x005L 113 #define WSLE_PAGE_EXECUTE_READWRITE 0x006L 114 #define WSLE_PAGE_EXECUTE_WRITECOPY 0x007L 115 #define WSLE_PAGE_SHARE_COUNT_MASK 0x0E0L 116 #define WSLE_PAGE_SHAREABLE 0x100L 117 118 #define LOCK_VM_IN_WSL 0x1L 119 #define LOCK_VM_IN_RAM 0x2L 120 121 #define PC_IDLE 0x1L 122 #define PC_NORMAL 0x2L 123 #define PC_HIGH 0x3L 124 #define PC_REALTIME 0x4L 125 #define PC_BELOW_NORMAL 0x5L 126 #define PC_ABOVE_NORMAL 0x6L 127 128 #define PDI_MODULES 0x01L 129 #define PDI_BACKTRACE 0x02L 130 #define PDI_HEAPS 0x04L 131 #define PDI_HEAP_TAGS 0x08L 132 #define PDI_HEAP_BLOCKS 0x10L 133 #define PDI_LOCKS 0x20L 134 135 #define LDRP_STATIC_LINK 0x000002L 136 #define LDRP_IMAGE_DLL 0x000004L 137 #define LDRP_LOAD_IN_PROGRESS 0x001000L 138 #define LDRP_UNLOAD_IN_PROGRESS 0x002000L 139 #define LDRP_ENTRY_PROCESSED 0x004000L 140 #define LDRP_ENTRY_INSERTED 0x008000L 141 #define LDRP_CURRENT_LOAD 0x010000L 142 #define LDRP_FAILED_BUILTIN_LOAD 0x020000L 143 #define LDRP_DONT_CALL_FOR_THREADS 0x040000L 144 #define LDRP_PROCESS_ATTACH_CALLED 0x080000L 145 #define LDRP_DEBUG_SYMBOLS_LOADED 0x100000L 146 #define LDRP_IMAGE_NOT_AT_BASE 0x200000L 147 #define LDRP_WX86_IGNORE_MACHINETYPE 0x400000L 148 149 #define LPC_MESSAGE_BASE_SIZE 0x18L 150 151 #define FILE_SUPERSEDE 0x0L 152 #define FILE_OPEN 0x1L 153 #define FILE_CREATE 0x2L 154 #define FILE_OPEN_IF 0x3L 155 #define FILE_OVERWRITE 0x4L 156 #define FILE_OVERWRITE_IF 0x5L 157 #define FILE_MAXIMUM_DISPOSITION 0x5L 158 159 #define FILE_SUPERSEDED 0x0L 160 #define FILE_OPENED 0x1L 161 #define FILE_CREATED 0x2L 162 #define FILE_OVERWRITTEN 0x3L 163 #define FILE_EXISTS 0x4L 164 #define FILE_DOES_NOT_EXIST 0x5L 165 166 #define REG_MONITOR_SINGLE_KEY 0x0L 167 #define REG_MONITOR_SECOND_KEY 0x1L 168 169 #define HASH_STRING_ALGORITHM_DEFAULT 0x00000000L 170 #define HASH_STRING_ALGORITHM_X65599 0x00000001L 171 #define HASH_STRING_ALGORITHM_INVALID 0xFFFFFFFFL 172 173 #define SE_MIN_WELL_KNOWN_PRIVILEGE 0x02L 174 #define SE_CREATE_TOKEN_PRIVILEGE 0x02L 175 #define SE_ASSIGNPRIMARYTOKEN_PRIVILEGE 0x03L 176 #define SE_LOCK_MEMORY_PRIVILEGE 0x04L 177 #define SE_INCREASE_QUOTA_PRIVILEGE 0x05L 178 #define SE_UNSOLICITED_INPUT_PRIVILEGE 0x06L 179 #define SE_MACHINE_ACCOUNT_PRIVILEGE 0x06L 180 #define SE_TCB_PRIVILEGE 0x07L 181 #define SE_SECURITY_PRIVILEGE 0x08L 182 #define SE_TAKE_OWNERSHIP_PRIVILEGE 0x09L 183 #define SE_LOAD_DRIVER_PRIVILEGE 0x0AL 184 #define SE_SYSTEM_PROFILE_PRIVILEGE 0x0BL 185 #define SE_SYSTEMTIME_PRIVILEGE 0x0CL 186 #define SE_PROF_SINGLE_PROCESS_PRIVILEGE 0x0DL 187 #define SE_INC_BASE_PRIORITY_PRIVILEGE 0x0EL 188 #define SE_CREATE_PAGEFILE_PRIVILEGE 0x0FL 189 #define SE_CREATE_PERMANENT_PRIVILEGE 0x10L 190 #define SE_BACKUP_PRIVILEGE 0x11L 191 #define SE_RESTORE_PRIVILEGE 0x12L 192 #define SE_SHUTDOWN_PRIVILEGE 0x13L 193 #define SE_DEBUG_PRIVILEGE 0x14L 194 #define SE_AUDIT_PRIVILEGE 0x15L 195 #define SE_SYSTEM_ENVIRONMENT_PRIVILEGE 0x16L 196 #define SE_CHANGE_NOTIFY_PRIVILEGE 0x17L 197 #define SE_REMOTE_SHUTDOWN_PRIVILEGE 0x18L 198 #define SE_UNDOCK_PRIVILEGE 0x19L 199 #define SE_SYNC_AGENT_PRIVILEGE 0x1AL 200 #define SE_ENABLE_DELEGATION_PRIVILEGE 0x1BL 201 #define SE_MANAGE_VOLUME_PRIVILEGE 0x1CL 202 #define SE_IMPERSONATE_PRIVILEGE 0x1DL 203 #define SE_CREATE_GLOBAL_PRIVILEGE 0x1EL 204 #define SE_MAX_WELL_KNOWN_PRIVILEGE SE_CREATE_GLOBAL_PRIVILEGE 205 206 #define OBJ_INHERIT 0x002L 207 #define OBJ_PERMANENT 0x010L 208 #define OBJ_EXCLUSIVE 0x020L 209 #define OBJ_CASE_INSENSITIVE 0x040L 210 #define OBJ_OPENIF 0x080L 211 #define OBJ_OPENLINK 0x100L 212 #define OBJ_KERNEL_HANDLE 0x200L 213 #define OBJ_FORCE_ACCESS_CHECK 0x400L 214 #define OBJ_VALID_ATTRIBUTES 0x7F2L 215 216 #define DIRECTORY_QUERY 0x0001L 217 #define DIRECTORY_TRAVERSE 0x0002L 218 #define DIRECTORY_CREATE_OBJECT 0x0004L 219 #define DIRECTORY_CREATE_SUBDIRECTORY 0x0008L 220 #define DIRECTORY_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0x000FL) 221 222 #define LEVEL_HANDLE_ID 0x74000000L 223 #define LEVEL_HANDLE_ID_MASK 0xFF000000L 224 #define LEVEL_HANDLE_INDEX_MASK 0x00FFFFFFL 225 226 #define RTL_QUERY_REGISTRY_SUBKEY 0x01L 227 #define RTL_QUERY_REGISTRY_TOPKEY 0x02L 228 #define RTL_QUERY_REGISTRY_REQUIRED 0x04L 229 #define RTL_QUERY_REGISTRY_NOVALUE 0x08L 230 #define RTL_QUERY_REGISTRY_NOEXPAND 0x10L 231 #define RTL_QUERY_REGISTRY_DIRECT 0x20L 232 #define RTL_QUERY_REGISTRY_DELETE 0x40L 233 234 #define RTL_REGISTRY_ABSOLUTE 0x00000000L 235 #define RTL_REGISTRY_SERVICES 0x00000001L 236 #define RTL_REGISTRY_CONTROL 0x00000002L 237 #define RTL_REGISTRY_WINDOWS_NT 0x00000003L 238 #define RTL_REGISTRY_DEVICEMAP 0x00000004L 239 #define RTL_REGISTRY_USER 0x00000005L 240 #define RTL_REGISTRY_MAXIMUM 0x00000006L 241 #define RTL_REGISTRY_HANDLE 0x40000000L 242 #define RTL_REGISTRY_OPTIONAL 0x80000000L 243 244 #define OLD_DOS_VOLID 0x8L 245 246 #define FILE_DIRECTORY_FILE 0x000001L 247 #define FILE_WRITE_THROUGH 0x000002L 248 #define FILE_SEQUENTIAL_ONLY 0x000004L 249 #define FILE_NO_INTERMEDIATE_BUFFERING 0x000008L 250 #define FILE_SYNCHRONOUS_IO_ALERT 0x000010L 251 #define FILE_SYNCHRONOUS_IO_NONALERT 0x000020L 252 #define FILE_NON_DIRECTORY_FILE 0x000040L 253 #define FILE_CREATE_TREE_CONNECTION 0x000080L 254 #define FILE_COMPLETE_IF_OPLOCKED 0x000100L 255 #define FILE_NO_EA_KNOWLEDGE 0x000200L 256 #define FILE_OPEN_FOR_RECOVERY 0x000400L 257 #define FILE_RANDOM_ACCESS 0x000800L 258 #define FILE_DELETE_ON_CLOSE 0x001000L 259 #define FILE_OPEN_BY_FILE_ID 0x002000L 260 #define FILE_OPEN_FOR_BACKUP_INTENT 0x004000L 261 #define FILE_NO_COMPRESSION 0x008000L 262 #define FILE_OPEN_REQUIRING_OPLOCK 0x010000L 263 #define FILE_DISALLOW_EXCLUSIVE 0x020000L 264 #define FILE_RESERVE_OPFILTER 0x100000L 265 #define FILE_OPEN_REPARSE_POINT 0x200000L 266 #define FILE_OPEN_NO_RECALL 0x400000L 267 #define FILE_OPEN_FOR_FREE_SPACE_QUERY 0x800000L 268 269 #define GDI_HANDLE_BUFFER_SIZE 0x22L 270 271 #define MEM_EXECUTE_OPTION_DISABLE 0x01L 272 #define MEM_EXECUTE_OPTION_ENABLE 0x02L 273 #define MEM_EXECUTE_OPTION_PERMANENT 0x08L 274 275 #define MAX_LPC_DATA 0x130L 276 277 #define ALPC_REQUEST 0x2000L | LPC_REQUEST 278 #define ALPC_CONNECTION_REQUEST 0x2000L | LPC_CONNECTION_REQUEST 279 280 #define SYMBOLIC_LINK_QUERY 0x1L 281 #define SYMBOLIC_LINK_ALL_ACCESS STANDARD_RIGHTS_REQUIRED | 0x1L 282 283 #define EVENT_PAIR_ALL_ACCESS STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE 284 285 #pragma endregion 286 287 #pragma region TYPEDEF 288 289 typedef LONG KPRIORITY; 290 typedef PVOID PLANGID; 291 typedef DWORD ULONG_PTR; 292 typedef ULONG_PTR KAFFINITY; 293 typedef USHORT RTL_ATOM, *PRTL_ATOM; 294 typedef LARGE_INTEGER PHYSICAL_ADDRESS; 295 296 #pragma endregion 297 298 #pragma region ENUM 299 300 typedef enum _THREADINFOCLASS 301 { 302 ThreadBasicInformation, 303 ThreadTimes, 304 ThreadPriority, 305 ThreadBasePriority, 306 ThreadAffinityMask, 307 ThreadImpersonationToken, 308 ThreadDescriptorTableEntry, 309 ThreadEnableAlignmentFaultFixup, 310 ThreadEventPair_Reusable, 311 ThreadQuerySetWin32StartAddress, 312 ThreadZeroTlsCell, 313 ThreadPerformanceCount, 314 ThreadAmILastThread, 315 ThreadIdealProcessor, 316 ThreadPriorityBoost, 317 ThreadSetTlsArrayAddress, 318 ThreadIsIoPending, 319 ThreadHideFromDebugger, 320 ThreadBreakOnTermination, 321 MaxThreadInfoClass 322 } THREADINFOCLASS; 323 324 typedef enum _KPROFILE_SOURCE 325 { 326 ProfileTime, 327 ProfileAlignmentFixup, 328 ProfileTotalIssues, 329 ProfilePipelineDry, 330 ProfileLoadInstructions, 331 ProfilePipelineFrozen, 332 ProfileBranchInstructions, 333 ProfileTotalNonissues, 334 ProfileDcacheMisses, 335 ProfileIcacheMisses, 336 ProfileCacheMisses, 337 ProfileBranchMispredictions, 338 ProfileStoreInstructions, 339 ProfileFpInstructions, 340 ProfileIntegerInstructions, 341 Profile2Issue, 342 Profile3Issue, 343 Profile4Issue, 344 ProfileSpecialInstructions, 345 ProfileTotalCycles, 346 ProfileIcacheIssues, 347 ProfileDcacheAccesses, 348 ProfileMemoryBarrierCycles, 349 ProfileLoadLinkedIssues, 350 ProfileMaximum 351 } KPROFILE_SOURCE; 352 353 typedef enum _KWAIT_REASON 354 { 355 Executive, 356 FreePage, 357 PageIn, 358 PoolAllocation, 359 DelayExecution, 360 Suspended, 361 UserRequest, 362 WrExecutive, 363 WrFreePage, 364 WrPageIn, 365 WrPoolAllocation, 366 WrDelayExecution, 367 WrSuspended, 368 WrUserRequest, 369 WrEventPair, 370 WrQueue, 371 WrLpcReceive, 372 WrLpcReply, 373 WrVirtualMemory, 374 WrPageOut, 375 WrRendezvous, 376 Spare2, 377 Spare3, 378 Spare4, 379 Spare5, 380 Spare6, 381 WrKernel, 382 MaximumWaitReason 383 } KWAIT_REASON; 384 385 typedef enum _POOL_TYPE 386 { 387 NonPagedPool, 388 PagedPool, 389 NonPagedPoolMustSucceed, 390 DontUseThisType, 391 NonPagedPoolCacheAligned, 392 PagedPoolCacheAligned, 393 NonPagedPoolCacheAlignedMustS, 394 MaxPoolType, 395 NonPagedPoolSession = 32, 396 PagedPoolSession, 397 NonPagedPoolMustSucceedSession, 398 DontUseThisTypeSession, 399 NonPagedPoolCacheAlignedSession, 400 PagedPoolCacheAlignedSession, 401 NonPagedPoolCacheAlignedMustSSession 402 } POOL_TYPE; 403 404 typedef enum _THREAD_STATE 405 { 406 StateInitialized, 407 StateReady, 408 StateRunning, 409 StateStandby, 410 StateTerminated, 411 StateWait, 412 StateTransition, 413 StateUnknown 414 } THREAD_STATE; 415 416 typedef enum _SYSTEM_HANDLE_TYPE 417 { 418 OB_TYPE_UNKNOWN, 419 OB_TYPE_TYPE, 420 OB_TYPE_DIRECTORY, 421 OB_TYPE_SYMBOLIC_LINK, 422 OB_TYPE_TOKEN, 423 OB_TYPE_PROCESS, 424 OB_TYPE_THREAD, 425 OB_TYPE_UNKNOWN_7, 426 OB_TYPE_EVENT, 427 OB_TYPE_EVENT_PAIR, 428 OB_TYPE_MUTANT, 429 OB_TYPE_UNKNOWN_11, 430 OB_TYPE_SEMAPHORE, 431 OB_TYPE_TIMER, 432 OB_TYPE_PROFILE, 433 OB_TYPE_WINDOW_STATION, 434 OB_TYPE_DESKTOP, 435 OB_TYPE_SECTION, 436 OB_TYPE_KEY, 437 OB_TYPE_PORT, 438 OB_TYPE_WAITABLE_PORT, 439 OB_TYPE_UNKNOWN_21, 440 OB_TYPE_UNKNOWN_22, 441 OB_TYPE_UNKNOWN_23, 442 OB_TYPE_UNKNOWN_24, 443 OB_TYPE_IO_COMPLETION, 444 OB_TYPE_FILE 445 }SYSTEM_HANDLE_TYPE; 446 447 typedef enum _DEBUG_CONTROL_CODE 448 { 449 DebugGetTraceInformation = 1, 450 DebugSetInternalBreakpoint, 451 DebugSetSpecialCall, 452 DebugClearSpecialCalls, 453 DebugQuerySpecialCalls, 454 DebugDbgBreakPoint, 455 DebugMaximum 456 } DEBUG_CONTROL_CODE; 457 458 typedef enum _SYSDBG_COMMAND 459 { 460 SysDbgQueryModuleInformation = 0, 461 SysDbgQueryTraceInformation, 462 SysDbgSetTracepoint, 463 SysDbgSetSpecialCall, 464 SysDbgClearSpecialCalls, 465 SysDbgQuerySpecialCalls, 466 SysDbgBreakPoint, 467 SysDbgQueryVersion, 468 SysDbgReadVirtual, 469 SysDbgWriteVirtual, 470 SysDbgReadPhysical, 471 SysDbgWritePhysical, 472 SysDbgReadControlSpace, 473 SysDbgWriteControlSpace, 474 SysDbgReadIoSpace, 475 SysDbgWriteIoSpace, 476 SysDbgReadMsr, 477 SysDbgWriteMsr, 478 SysDbgReadBusData, 479 SysDbgWriteBusData, 480 SysDbgCheckLowMemory, 481 SysDbgEnableKernelDebugger, 482 SysDbgDisableKernelDebugger, 483 SysDbgGetAutoKdEnable, 484 SysDbgSetAutoKdEnable, 485 SysDbgGetPrintBufferSize, 486 SysDbgSetPrintBufferSize, 487 SysDbgGetKdUmExceptionEnable, 488 SysDbgSetKdUmExceptionEnable, 489 SysDbgGetTriageDump, 490 SysDbgGetKdBlockEnable, 491 SysDbgSetKdBlockEnable, 492 } SYSDBG_COMMAND, *PSYSDBG_COMMAND; 493 494 typedef enum _INTERFACE_TYPE 495 { 496 InterfaceTypeUndefined = -1, 497 Internal, 498 Isa, 499 Eisa, 500 MicroChannel, 501 TurboChannel, 502 PCIBus, 503 VMEBus, 504 NuBus, 505 PCMCIABus, 506 CBus, 507 MPIBus, 508 MPSABus, 509 ProcessorInternal, 510 InternalPowerBus, 511 PNPISABus, 512 PNPBus, 513 MaximumInterfaceType 514 }INTERFACE_TYPE, *PINTERFACE_TYPE; 515 516 typedef enum _BUS_DATA_TYPE 517 { 518 ConfigurationSpaceUndefined = -1, 519 Cmos, 520 EisaConfiguration, 521 Pos, 522 CbusConfiguration, 523 PCIConfiguration, 524 VMEConfiguration, 525 NuBusConfiguration, 526 PCMCIAConfiguration, 527 MPIConfiguration, 528 MPSAConfiguration, 529 PNPISAConfiguration, 530 SgiInternalConfiguration, 531 MaximumBusDataType 532 } BUS_DATA_TYPE, *PBUS_DATA_TYPE; 533 534 typedef enum _OBJECT_INFORMATION_CLASS 535 { 536 ObjectBasicInformation, 537 ObjectNameInformation, 538 ObjectTypeInformation, 539 ObjectAllTypesInformation, 540 ObjectHandleInformation 541 } OBJECT_INFORMATION_CLASS; 542 543 typedef enum _LPC_TYPE 544 { 545 LPC_NEW_MESSAGE, 546 LPC_REQUEST, 547 LPC_REPLY, 548 LPC_DATAGRAM, 549 LPC_LOST_REPLY, 550 LPC_PORT_CLOSED, 551 LPC_CLIENT_DIED, 552 LPC_EXCEPTION, 553 LPC_DEBUG_EVENT, 554 LPC_ERROR_EVENT, 555 LPC_CONNECTION_REQUEST, 556 LPC_CONNECTION_REFUSED, 557 LPC_MAXIMUM 558 } LPC_TYPE; 559 560 typedef enum _KEY_SET_INFORMATION_CLASS 561 { 562 KeyLastWriteTimeInformation 563 } KEY_SET_INFORMATION_CLASS; 564 565 typedef enum _HARDERROR_RESPONSE_OPTION 566 { 567 OptionAbortRetryIgnore, 568 OptionOk, 569 OptionOkCancel, 570 OptionRetryCancel, 571 OptionYesNo, 572 OptionYesNoCancel, 573 OptionShutdownSystem 574 } HARDERROR_RESPONSE_OPTION, *PHARDERROR_RESPONSE_OPTION; 575 576 typedef enum _HARDERROR_RESPONSE 577 { 578 ResponseReturnToCaller, 579 ResponseNotHandled, 580 ResponseAbort, 581 ResponseCancel, 582 ResponseIgnore, 583 ResponseNo, 584 ResponseOk, 585 ResponseRetry, 586 ResponseYes 587 } HARDERROR_RESPONSE, *PHARDERROR_RESPONSE; 588 589 typedef enum _ATOM_INFORMATION_CLASS 590 { 591 AtomBasicInformation, 592 AtomListInformation 593 } ATOM_INFORMATION_CLASS; 594 595 typedef enum _PORT_INFORMATION_CLASS 596 { 597 PortBasicInformation 598 } PORT_INFORMATION_CLASS; 599 600 typedef enum _EVENT_TYPE 601 { 602 NotificationEvent, 603 SynchronizationEvent 604 } EVENT_TYPE; 605 606 typedef enum _RTL_GENERIC_COMPARE_RESULTS 607 { 608 GenericLessThan, 609 GenericGreaterThan, 610 GenericEqual 611 } RTL_GENERIC_COMPARE_RESULTS; 612 613 typedef enum _SECTION_INHERIT 614 { 615 ViewShare = 1, 616 ViewUnmap = 2 617 } SECTION_INHERIT; 618 619 typedef enum _KEY_VALUE_INFORMATION_CLASS 620 { 621 KeyValueBasicInformation, 622 KeyValueFullInformation, 623 KeyValuePartialInformation, 624 KeyValueFullInformationAlign64, 625 KeyValuePartialInformationAlign64, 626 MaxKeyValueInfoClass 627 } KEY_VALUE_INFORMATION_CLASS; 628 629 typedef enum _KEY_INFORMATION_CLASS 630 { 631 KeyBasicInformation, 632 KeyNodeInformation, 633 KeyFullInformation, 634 KeyNameInformation, 635 KeyCachedInformation, 636 KeyFlagsInformation, 637 MaxKeyInfoClass 638 } KEY_INFORMATION_CLASS; 639 640 typedef enum _SYSTEM_INFORMATION_CLASS 641 { 642 SystemBasicInformation, 643 SystemProcessorInformation, 644 SystemPerformanceInformation, 645 SystemTimeOfDayInformation, 646 SystemPathInformation, 647 SystemProcessInformation, 648 SystemCallCountInformation, 649 SystemDeviceInformation, 650 SystemProcessorPerformanceInformation, 651 SystemFlagsInformation, 652 SystemCallTimeInformation, 653 SystemModuleInformation, 654 SystemLocksInformation, 655 SystemStackTraceInformation, 656 SystemPagedPoolInformation, 657 SystemNonPagedPoolInformation, 658 SystemHandleInformation, 659 SystemObjectInformation, 660 SystemPageFileInformation, 661 SystemVdmInstemulInformation, 662 SystemVdmBopInformation, 663 SystemFileCacheInformation, 664 SystemPoolTagInformation, 665 SystemInterruptInformation, 666 SystemDpcBehaviorInformation, 667 SystemFullMemoryInformation, 668 SystemLoadGdiDriverInformation, 669 SystemUnloadGdiDriverInformation, 670 SystemTimeAdjustmentInformation, 671 SystemSummaryMemoryInformation, 672 SystemMirrorMemoryInformation, 673 SystemPerformanceTraceInformation, 674 SystemObsolete0, 675 SystemExceptionInformation, 676 SystemCrashDumpStateInformation, 677 SystemKernelDebuggerInformation, 678 SystemContextSwitchInformation, 679 SystemRegistryQuotaInformation, 680 SystemExtendServiceTableInformation, 681 SystemPrioritySeperation, 682 SystemPlugPlayBusInformation, 683 SystemDockInformation, 684 SystemPowerInformationNative, 685 SystemProcessorSpeedInformation, 686 SystemCurrentTimeZoneInformation, 687 SystemLookasideInformation, 688 SystemTimeSlipNotification, 689 SystemSessionCreate, 690 SystemSessionDetach, 691 SystemSessionInformation, 692 SystemRangeStartInformation, 693 SystemVerifierInformation, 694 SystemAddVerifier, 695 SystemSessionProcessesInformation, 696 SystemLoadGdiDriverInSystemSpaceInformation, 697 SystemNumaProcessorMap, 698 SystemPrefetcherInformation, 699 SystemExtendedProcessInformation, 700 SystemRecommendedSharedDataAlignment, 701 SystemComPlusPackage, 702 SystemNumaAvailableMemory, 703 SystemProcessorPowerInformation, 704 SystemEmulationBasicInformation, 705 SystemEmulationProcessorInformation, 706 SystemExtendedHanfleInformation, 707 SystemLostDelayedWriteInformation, 708 SystemBigPoolInformation, 709 SystemSessionPoolTagInformation, 710 SystemSessionMappedViewInformation, 711 SystemHotpatchInformation, 712 SystemObjectSecurityMode, 713 SystemWatchDogTimerHandler, 714 SystemWatchDogTimerInformation, 715 SystemLogicalProcessorInformation, 716 SystemWo64SharedInformationObosolete, 717 SystemRegisterFirmwareTableInformationHandler, 718 SystemFirmwareTableInformation, 719 SystemModuleInformationEx, 720 SystemVerifierTriageInformation, 721 SystemSuperfetchInformation, 722 SystemMemoryListInformation, 723 SystemFileCacheInformationEx, 724 SystemThreadPriorityClientIdInformation, 725 SystemProcessorIdleCycleTimeInformation, 726 SystemVerifierCancellationInformation, 727 SystemProcessorPowerInformationEx, 728 SystemRefTraceInformation, 729 SystemSpecialPoolInformation, 730 SystemProcessIdInformation, 731 SystemErrorPortInformation, 732 SystemBootEnvironmentInformation, 733 SystemHypervisorInformation, 734 SystemVerifierInformationEx, 735 SystemTimeZoneInformation, 736 SystemImageFileExecutionOptionsInformation, 737 SystemCoverageInformation, 738 SystemPrefetchPathInformation, 739 SystemVerifierFaultsInformation, 740 MaxSystemInfoClass 741 } SYSTEM_INFORMATION_CLASS, *PSYSTEM_INFORMATION_CLASS; 742 743 typedef enum _SHUTDOWN_ACTION 744 { 745 ShutdownNoReboot, 746 ShutdownReboot, 747 ShutdownPowerOff 748 } SHUTDOWN_ACTION, *PSHUTDOWN_ACTION; 749 750 typedef enum _FILE_INFORMATION_CLASS 751 { 752 FileDirectoryInformation = 1, 753 FileFullDirectoryInformation, 754 FileBothDirectoryInformation, 755 FileBasicInformation, 756 FileStandardInformation, 757 FileInternalInformation, 758 FileEaInformation, 759 FileAccessInformation, 760 FileNameInformation, 761 FileRenameInformation, 762 FileLinkInformation, 763 FileNamesInformation, 764 FileDispositionInformation, 765 FilePositionInformation, 766 FileFullEaInformation, 767 FileModeInformation, 768 FileAlignmentInformation, 769 FileAllInformation, 770 FileAllocationInformation, 771 FileEndOfFileInformation, 772 FileAlternateNameInformation, 773 FileStreamInformation, 774 FilePipeInformation, 775 FilePipeLocalInformation, 776 FilePipeRemoteInformation, 777 FileMailslotQueryInformation, 778 FileMailslotSetInformation, 779 FileCompressionInformation, 780 FileObjectIdInformation, 781 FileCompletionInformation, 782 FileMoveClusterInformation, 783 FileQuotaInformation, 784 FileReparsePointInformation, 785 FileNetworkOpenInformation, 786 FileAttributeTagInformation, 787 FileTrackingInformation, 788 FileIdBothDirectoryInformation, 789 FileIdFullDirectoryInformation, 790 FileValidDataLengthInformation, 791 FileShortNameInformation, 792 FileIoCompletionNotificationInformation, 793 FileIoStatusBlockRangeInformation, 794 FileIoPriorityHintInformation, 795 FileSfioReserveInformation, 796 FileSfioVolumeInformation, 797 FileHardLinkInformation, 798 FileProcessIdsUsingFileInformation, 799 FileNormalizedNameInformation, 800 FileNetworkPhysicalNameInformation, 801 FileIdGlobalTxDirectoryInformation, 802 FileIsRemoteDeviceInformation, 803 FileAttributeCacheInformation, 804 FileNumaNodeInformation, 805 FileStandardLinkInformation, 806 FileRemoteProtocolInformation, 807 FileMaximumInformation 808 } FILE_INFORMATION_CLASS, *PFILE_INFORMATION_CLASS; 809 810 typedef enum _IO_PRIORITY_HINT 811 { 812 IoPriorityVeryLow, 813 IoPriorityLow, 814 IoPriorityNormal, 815 IoPriorityHigh, 816 IoPriorityCritical, 817 MaxIoPriorityTypes 818 } IO_PRIORITY_HINT; 819 820 typedef enum _FSINFOCLASS 821 { 822 FileFsVolumeInformation = 1, 823 FileFsLabelInformation, 824 FileFsSizeInformation, 825 FileFsDeviceInformation, 826 FileFsAttributeInformation, 827 FileFsControlInformation, 828 FileFsFullSizeInformation, 829 FileFsObjectIdInformation, 830 FileFsDriverPathInformation, 831 FileFsVolumeFlagsInformation, 832 FileFsMaximumInformation 833 } FS_INFORMATION_CLASS, *PFS_INFORMATION_CLASS; 834 835 typedef enum _PROCESSINFOCLASS 836 { 837 ProcessBasicInformation, 838 ProcessQuotaLimits, 839 ProcessIoCounters, 840 ProcessVmCounters, 841 ProcessTimes, 842 ProcessBasePriority, 843 ProcessRaisePriority, 844 ProcessDebugPort, 845 ProcessExceptionPort, 846 ProcessAccessToken, 847 ProcessLdtInformation, 848 ProcessLdtSize, 849 ProcessDefaultHardErrorMode, 850 ProcessIoPortHandlers, 851 ProcessPooledUsageAndLimits, 852 ProcessWorkingSetWatch, 853 ProcessUserModeIOPL, 854 ProcessEnableAlignmentFaultFixup, 855 ProcessPriorityClass, 856 ProcessWx86Information, 857 ProcessHandleCount, 858 ProcessAffinityMask, 859 ProcessPriorityBoost, 860 ProcessDeviceMap, 861 ProcessSessionInformation, 862 ProcessForegroundInformation, 863 ProcessWow64Information, 864 ProcessImageFileName, 865 ProcessLUIDDeviceMapsEnabled, 866 ProcessBreakOnTermination, 867 ProcessDebugObjectHandle, 868 ProcessDebugFlags, 869 ProcessHandleTracing, 870 ProcessIoPriority, 871 ProcessExecuteFlags, 872 ProcessTlsInformation, 873 ProcessCookie, 874 ProcessImageInformation, 875 ProcessCycleTime, 876 ProcessPagePriority, 877 ProcessInstrumentationCallback, 878 ProcessThreadStackAllocation, 879 ProcessWorkingSetWatchEx, 880 ProcessImageFileNameWin32, 881 ProcessImageFileMapping, 882 ProcessAffinityUpdateMode, 883 ProcessMemoryAllocationMode, 884 ProcessGroupInformation, 885 ProcessTokenVirtualizationEnabled, 886 ProcessConsoleHostProcess, 887 ProcessWindowInformation, 888 MaxProcessInfoClass 889 } PROCESSINFOCLASS; 890 891 typedef enum _MEMORY_INFORMATION_CLASS 892 { 893 MemoryBasicInformation, 894 MemoryWorkingSetInformation, 895 MemoryMappedFilenameInformation, 896 MemoryRegionInformation, 897 MemoryWorkingSetExInformation 898 } MEMORY_INFORMATION_CLASS; 899 900 typedef enum _WAIT_TYPE 901 { 902 WaitAll, 903 WaitAny 904 } WAIT_TYPE; 905 906 typedef enum _EVENT_INFORMATION_CLASS 907 { 908 EventBasicInformation 909 } EVENT_INFORMATION_CLASS; 910 911 typedef enum _SECTION_INFORMATION_CLASS 912 { 913 SectionBasicInformation, 914 SectionImageInformation 915 } SECTION_INFORMATION_CLASS, *PSECTION_INFORMATION_CLASS; 916 917 #pragma endregion 918 919 #pragma region STRUCT 920 921 typedef struct _STRING 922 { 923 USHORT Length; 924 USHORT MaximumLength; 925 PCHAR Buffer; 926 } STRING, ANSI_STRING, OEM_STRING, *PSTRING, *PANSI_STRING, *PCANSI_STRING, *POEM_STRING; 927 typedef const STRING *PCOEM_STRING; 928 929 typedef struct _UNICODE_STRING 930 { 931 USHORT Length; 932 USHORT MaximumLength; 933 PWSTR Buffer; 934 } UNICODE_STRING, *PUNICODE_STRING; 935 typedef const UNICODE_STRING *PCUNICODE_STRING; 936 937 typedef struct _CLIENT_ID 938 { 939 HANDLE UniqueProcess; 940 HANDLE UniqueThread; 941 } CLIENT_ID, *PCLIENT_ID; 942 943 typedef struct _CURDIR 944 { 945 UNICODE_STRING DosPath; 946 HANDLE Handle; 947 } CURDIR, *PCURDIR; 948 949 typedef struct _OBJECT_ATTRIBUTES 950 { 951 ULONG Length; 952 HANDLE RootDirectory; 953 PUNICODE_STRING ObjectName; 954 ULONG Attributes; 955 PVOID SecurityDescriptor; 956 PVOID SecurityQualityOfService; 957 } OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES; 958 959 typedef struct _PEB_FREE_BLOCK 960 { 961 struct _PEB_FREE_BLOCK *Next; 962 ULONG Size; 963 } PEB_FREE_BLOCK, *PPEB_FREE_BLOCK; 964 965 typedef struct _PEB_LDR_DATA 966 { 967 ULONG Length; 968 BOOLEAN Initialized; 969 HANDLE SsHandle; 970 LIST_ENTRY InLoadOrderModuleList; 971 LIST_ENTRY InMemoryOrderModuleList; 972 LIST_ENTRY InInitializationOrderModuleList; 973 PVOID EntryInProgress; 974 } PEB_LDR_DATA, *PPEB_LDR_DATA; 975 976 typedef struct _RTL_DRIVE_LETTER_CURDIR 977 { 978 USHORT Flags; 979 USHORT Length; 980 ULONG TimeStamp; 981 STRING DosPath; 982 } RTL_DRIVE_LETTER_CURDIR, *PRTL_DRIVE_LETTER_CURDIR; 983 984 typedef struct _RTL_USER_PROCESS_PARAMETERS 985 { 986 ULONG MaximumLength; 987 ULONG Length; 988 ULONG Flags; 989 ULONG DebugFlags; 990 PVOID ConsoleHandle; 991 ULONG ConsoleFlags; 992 HANDLE StandardInput; 993 HANDLE StandardOutput; 994 HANDLE StandardError; 995 CURDIR CurrentDirectory; 996 UNICODE_STRING DllPath; 997 UNICODE_STRING ImagePathName; 998 UNICODE_STRING CommandLine; 999 PVOID Environment; 1000 ULONG StartingX; 1001 ULONG StartingY; 1002 ULONG CountX; 1003 ULONG CountY; 1004 ULONG CountCharsX; 1005 ULONG CountCharsY; 1006 ULONG FillAttribute; 1007 ULONG WindowFlags; 1008 ULONG ShowWindowFlags; 1009 UNICODE_STRING WindowTitle; 1010 UNICODE_STRING DesktopInfo; 1011 UNICODE_STRING ShellInfo; 1012 UNICODE_STRING RuntimeData; 1013 RTL_DRIVE_LETTER_CURDIR CurrentDirectores[0x20]; 1014 } RTL_USER_PROCESS_PARAMETERS, *PRTL_USER_PROCESS_PARAMETERS; 1015 1016 typedef struct _PEB 1017 { 1018 BOOLEAN InheritedAddressSpace; 1019 BOOLEAN ReadImageFileExecOptions; 1020 BOOLEAN BeingDebugged; 1021 BOOLEAN SpareBool; 1022 HANDLE Mutant; 1023 PVOID ImageBaseAddress; 1024 PPEB_LDR_DATA Ldr; 1025 PRTL_USER_PROCESS_PARAMETERS ProcessParameters; 1026 PVOID SubSystemData; 1027 PVOID ProcessHeap; 1028 PVOID FastPebLock; 1029 PVOID FastPebLockRoutine; 1030 PVOID FastPebUnlockRoutine; 1031 ULONG EnvironmentUpdateCount; 1032 PVOID KernelCallbackTable; 1033 HANDLE SystemReserved; 1034 PVOID AtlThunkSListPtr32; 1035 PPEB_FREE_BLOCK FreeList; 1036 ULONG TlsExpansionCounter; 1037 PVOID TlsBitmap; 1038 ULONG TlsBitmapBits[2]; 1039 PVOID ReadOnlySharedMemoryBase; 1040 PVOID ReadOnlySharedMemoryHeap; 1041 PVOID *ReadOnlyStaticServerData; 1042 PVOID AnsiCodePageData; 1043 PVOID OemCodePageData; 1044 PVOID UnicodeCaseTableData; 1045 ULONG NumberOfProcessors; 1046 ULONG NtGlobalFlag; 1047 LARGE_INTEGER CriticalSectionTimeout; 1048 ULONG HeapSegmentReserve; 1049 ULONG HeapSegmentCommit; 1050 ULONG HeapDeCommitTotalFreeThreshold; 1051 ULONG HeapDeCommitFreeBlockThreshold; 1052 ULONG NumberOfHeaps; 1053 ULONG MaximumNumberOfHeaps; 1054 PVOID *ProcessHeaps; 1055 PVOID GdiSharedHandleTable; 1056 PVOID ProcessStarterHelper; 1057 PVOID GdiDCAttributeList; 1058 PVOID LoaderLock; 1059 ULONG OSMajorVersion; 1060 ULONG OSMinorVersion; 1061 USHORT OSBuildNumber; 1062 USHORT OSCSDVersion; 1063 ULONG OSPlatformId; 1064 ULONG ImageSubsystem; 1065 ULONG ImageSubsystemMajorVersion; 1066 ULONG ImageSubsystemMinorVersion; 1067 ULONG ImageProcessAffinityMask; 1068 ULONG GdiHandleBuffer[GDI_HANDLE_BUFFER_SIZE]; 1069 } PEB, *PPEB; 1070 1071 typedef struct _TEB 1072 { 1073 NT_TIB NtTib; 1074 PVOID EnvironmentPointer; 1075 CLIENT_ID ClientId; 1076 PVOID ActiveRpcHandle; 1077 PVOID ThreadLocalStoragePointer; 1078 PPEB ProcessEnvironmentBlock; 1079 ULONG LastErrorValue; 1080 ULONG CountOfOwnedCriticalSections; 1081 PVOID CsrClientThread; 1082 PVOID Win32ThreadInfo; 1083 } TEB, *PTEB; 1084 1085 typedef struct _PROCESS_BASIC_INFORMATION 1086 { 1087 NTSTATUS ExitStatus; 1088 PPEB PebBaseAddress; 1089 KAFFINITY AffinityMask; 1090 KPRIORITY BasePriority; 1091 ULONG UniqueProcessId; 1092 ULONG InheritedFromUniqueProcessId; 1093 } PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION; 1094 1095 typedef struct _FILE_NETWORK_OPEN_INFORMATION 1096 { 1097 LARGE_INTEGER CreationTime; 1098 LARGE_INTEGER LastAccessTime; 1099 LARGE_INTEGER LastWriteTime; 1100 LARGE_INTEGER ChangeTime; 1101 LARGE_INTEGER AllocationSize; 1102 LARGE_INTEGER EndOfFile; 1103 ULONG FileAttributes; 1104 } FILE_NETWORK_OPEN_INFORMATION, *PFILE_NETWORK_OPEN_INFORMATION; 1105 1106 typedef struct _IO_STATUS_BLOCK 1107 { 1108 union 1109 { 1110 NTSTATUS Status; 1111 PVOID Pointer; 1112 }; 1113 ULONG_PTR Information; 1114 } IO_STATUS_BLOCK, *PIO_STATUS_BLOCK; 1115 1116 typedef struct _KEY_VALUE_ENTRY 1117 { 1118 PUNICODE_STRING ValueName; 1119 ULONG DataLength; 1120 ULONG DataOffset; 1121 ULONG Type; 1122 } KEY_VALUE_ENTRY, *PKEY_VALUE_ENTRY; 1123 1124 typedef struct _SYSTEM_BASIC_INFORMATION 1125 { 1126 ULONG Reserved; 1127 ULONG TimerResolution; 1128 ULONG PageSize; 1129 ULONG NumberOfPhysicalPages; 1130 ULONG LowestPhysicalPageNumber; 1131 ULONG HighestPhysicalPageNumber; 1132 ULONG AllocationGranularity; 1133 ULONG MinimumUserModeAddress; 1134 ULONG MaximumUserModeAddress; 1135 KAFFINITY ActiveProcessorsAffinityMask; 1136 CCHAR NumberOfProcessors; 1137 } SYSTEM_BASIC_INFORMATION, *PSYSTEM_BASIC_INFORMATION; 1138 1139 typedef struct _SYSTEM_PROCESSOR_INFORMATION 1140 { 1141 USHORT ProcessorArchitecture; 1142 USHORT ProcessorLevel; 1143 USHORT ProcessorRevision; 1144 USHORT Unknown; 1145 ULONG FeatureBits; 1146 } SYSTEM_PROCESSOR_INFORMATION, *PSYSTEM_PROCESSOR_INFORMATION; 1147 1148 typedef struct _SYSTEM_PERFORMANCE_INFORMATION 1149 { 1150 LARGE_INTEGER IdleProcessTime; 1151 LARGE_INTEGER IoReadTransferCount; 1152 LARGE_INTEGER IoWriteTransferCount; 1153 LARGE_INTEGER IoOtherTransferCount; 1154 ULONG IoReadOperationCount; 1155 ULONG IoWriteOperationCount; 1156 ULONG IoOtherOperationCount; 1157 ULONG AvailablePages; 1158 ULONG CommittedPages; 1159 ULONG CommitLimit; 1160 ULONG PeakCommitment; 1161 ULONG PageFaultCount; 1162 ULONG CopyOnWriteCount; 1163 ULONG TransitionCount; 1164 ULONG CacheTransitionCount; 1165 ULONG DemandZeroCount; 1166 ULONG PageReadCount; 1167 ULONG PageReadIoCount; 1168 ULONG CacheReadCount; 1169 ULONG CacheIoCount; 1170 ULONG DirtyPagesWriteCount; 1171 ULONG DirtyWriteIoCount; 1172 ULONG MappedPagesWriteCount; 1173 ULONG MappedWriteIoCount; 1174 ULONG PagedPoolPages; 1175 ULONG NonPagedPoolPages; 1176 ULONG PagedPoolAllocs; 1177 ULONG PagedPoolFrees; 1178 ULONG NonPagedPoolAllocs; 1179 ULONG NonPagedPoolFrees; 1180 ULONG FreeSystemPtes; 1181 ULONG ResidentSystemCodePage; 1182 ULONG TotalSystemDriverPages; 1183 ULONG TotalSystemCodePages; 1184 ULONG NonPagedPoolLookasideHits; 1185 ULONG PagedPoolLookasideHits; 1186 ULONG Spare3Count; 1187 ULONG ResidentSystemCachePage; 1188 ULONG ResidentPagedPoolPage; 1189 ULONG ResidentSystemDriverPage; 1190 ULONG CcFastReadNoWait; 1191 ULONG CcFastReadWait; 1192 ULONG CcFastReadResourceMiss; 1193 ULONG CcFastReadNotPossible; 1194 ULONG CcFastMdlReadNoWait; 1195 ULONG CcFastMdlReadWait; 1196 ULONG CcFastMdlReadResourceMiss; 1197 ULONG CcFastMdlReadNotPossible; 1198 ULONG CcMapDataNoWait; 1199 ULONG CcMapDataWait; 1200 ULONG CcMapDataNoWaitMiss; 1201 ULONG CcMapDataWaitMiss; 1202 ULONG CcPinMappedDataCount; 1203 ULONG CcPinReadNoWait; 1204 ULONG CcPinReadWait; 1205 ULONG CcPinReadNoWaitMiss; 1206 ULONG CcPinReadWaitMiss; 1207 ULONG CcCopyReadNoWait; 1208 ULONG CcCopyReadWait; 1209 ULONG CcCopyReadNoWaitMiss; 1210 ULONG CcCopyReadWaitMiss; 1211 ULONG CcMdlReadNoWait; 1212 ULONG CcMdlReadWait; 1213 ULONG CcMdlReadNoWaitMiss; 1214 ULONG CcMdlReadWaitMiss; 1215 ULONG CcReadAheadIos; 1216 ULONG CcLazyWriteIos; 1217 ULONG CcLazyWritePages; 1218 ULONG CcDataFlushes; 1219 ULONG CcDataPages; 1220 ULONG ContextSwitches; 1221 ULONG FirstLevelTbFills; 1222 ULONG SecondLevelTbFills; 1223 ULONG SystemCalls; 1224 } SYSTEM_PERFORMANCE_INFORMATION, *PSYSTEM_PERFORMANCE_INFORMATION; 1225 1226 typedef struct _SYSTEM_TIME_OF_DAY_INFORMATION 1227 { 1228 LARGE_INTEGER BootTime; 1229 LARGE_INTEGER CurrentTime; 1230 LARGE_INTEGER TimeZoneBias; 1231 ULONG CurrentTimeZoneId; 1232 } SYSTEM_TIME_OF_DAY_INFORMATION, *PSYSTEM_TIME_OF_DAY_INFORMATION; 1233 1234 typedef struct _VM_COUNTERS 1235 { 1236 ULONG PeakVirtualSize; 1237 ULONG VirtualSize; 1238 ULONG PageFaultCount; 1239 ULONG PeakWorkingSetSize; 1240 ULONG WorkingSetSize; 1241 ULONG QuotaPeakPagedPoolUsage; 1242 ULONG QuotaPagedPoolUsage; 1243 ULONG QuotaPeakNonPagedPoolUsage; 1244 ULONG QuotaNonPagedPoolUsage; 1245 ULONG PagefileUsage; 1246 ULONG PeakPagefileUsage; 1247 ULONG PrivatePageCount; 1248 } VM_COUNTERS; 1249 1250 typedef struct _SYSTEM_THREADS 1251 { 1252 LARGE_INTEGER KernelTime; 1253 LARGE_INTEGER UserTime; 1254 LARGE_INTEGER CreateTime; 1255 ULONG WaitTime; 1256 PVOID StartAddress; 1257 CLIENT_ID ClientId; 1258 KPRIORITY Priority; 1259 KPRIORITY BasePriority; 1260 ULONG ContextSwitchCount; 1261 THREAD_STATE State; 1262 KWAIT_REASON WaitReason; 1263 ULONG Reversed; 1264 } SYSTEM_THREADS, *PSYSTEM_THREADS; 1265 1266 typedef struct _SYSTEM_PROCESSES 1267 { 1268 ULONG NextEntryDelta; 1269 ULONG ThreadCount; 1270 LARGE_INTEGER Reserved1[3]; 1271 LARGE_INTEGER CreateTime; 1272 LARGE_INTEGER UserTime; 1273 LARGE_INTEGER KernelTime; 1274 UNICODE_STRING ProcessName; 1275 KPRIORITY BasePriority; 1276 ULONG ProcessId; 1277 ULONG InheritedFromProcessId; 1278 ULONG HandleCount; 1279 ULONG SessionId; 1280 ULONG_PTR PageDirectoryBase; 1281 VM_COUNTERS VmCounters; 1282 ULONG PrivatePageCount; 1283 IO_COUNTERS IoCounters; 1284 SYSTEM_THREADS Threads[1]; 1285 } SYSTEM_PROCESSES, *PSYSTEM_PROCESSES; 1286 1287 typedef struct _SYSTEM_CALLS_INFORMATION 1288 { 1289 ULONG Size; 1290 ULONG NumberOfDescriptorTables; 1291 ULONG NumberOfRoutinesInTable[1]; 1292 ULONG CallCounts[ANYSIZE_ARRAY]; 1293 } SYSTEM_CALLS_INFORMATION, *PSYSTEM_CALLS_INFORMATION; 1294 1295 typedef struct _SYSTEM_CONFIGURATION_INFORMATION 1296 { 1297 ULONG DiskCount; 1298 ULONG FloppyCount; 1299 ULONG CdRomCount; 1300 ULONG TapeCount; 1301 ULONG SerialCount; 1302 ULONG ParallelCount; 1303 } SYSTEM_CONFIGURATION_INFORMATION, *PSYSTEM_CONFIGURATION_INFORMATION; 1304 1305 typedef struct _SYSTEM_PROCESSOR_TIMES 1306 { 1307 LARGE_INTEGER IdleTime; 1308 LARGE_INTEGER KernelTime; 1309 LARGE_INTEGER UserTime; 1310 LARGE_INTEGER DpcTime; 1311 LARGE_INTEGER InterruptTime; 1312 ULONG InterruptCount; 1313 } SYSTEM_PROCESSOR_TIMES, *PSYSTEM_PROCESSOR_TIMES; 1314 1315 typedef struct _SYSTEM_GLOBAL_FLAG 1316 { 1317 ULONG GlobalFlag; 1318 } SYSTEM_GLOBAL_FLAG, *PSYSTEM_GLOBAL_FLAG; 1319 1320 typedef struct _SYSTEM_MODULE_INFORMATION_ENTRY 1321 { 1322 HANDLE Section; 1323 PVOID MappedBase; 1324 PVOID Base; 1325 ULONG Size; 1326 ULONG Flags; 1327 USHORT LoadOrderIndex; 1328 USHORT InitOrderIndex; 1329 USHORT LoadCount; 1330 USHORT PathLength; 1331 CHAR ImageName[256]; 1332 } SYSTEM_MODULE_INFORMATION_ENTRY, *PSYSTEM_MODULE_INFORMATION_ENTRY; 1333 1334 typedef struct _SYSTEM_MODULE 1335 { 1336 HANDLE Section; 1337 PVOID MappedBase; 1338 PVOID ImageBase; 1339 ULONG ImageSize; 1340 ULONG Flags; 1341 USHORT LoadOrderIndex; 1342 USHORT InitOrderIndex; 1343 USHORT LoadCount; 1344 USHORT OffsetToFileName; 1345 CHAR ImageName[256]; 1346 } SYSTEM_MODULE, *PSYSTEM_MODULE; 1347 1348 typedef struct _SYSTEM_MODULE_INFORMATION 1349 { 1350 ULONG ModulesCount; 1351 SYSTEM_MODULE Modules[1]; 1352 } SYSTEM_MODULE_INFORMATION, *PSYSTEM_MODULE_INFORMATION; 1353 1354 typedef struct _SYSTEM_LOCK_INFORMATION 1355 { 1356 PVOID Address; 1357 USHORT Type; 1358 USHORT Reserved1; 1359 ULONG ExclusiveOwnerThreadId; 1360 ULONG ActiveCount; 1361 ULONG ContentionCount; 1362 ULONG Reserved2[2]; 1363 ULONG NumberOfSharedWaiters; 1364 ULONG NumberOfExclusiveWaiters; 1365 } SYSTEM_LOCK_INFORMATION, *PSYSTEM_LOCK_INFORMATION; 1366 1367 typedef struct _SYSTEM_HANDLE_INFORMATION 1368 { 1369 ULONG ProcessId; 1370 UCHAR ObjectTypeNumber; 1371 UCHAR Flags; 1372 USHORT Handle; 1373 PVOID Object; 1374 ACCESS_MASK GrantedAccess; 1375 } SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION; 1376 1377 typedef struct _SYSTEM_OBJECT_TYPE_INFORMATION 1378 { 1379 ULONG NextEntryOffset; 1380 ULONG ObjectCount; 1381 ULONG HandleCount; 1382 ULONG TypeNumber; 1383 ULONG InvalidAttributes; 1384 GENERIC_MAPPING GenericMapping; 1385 ACCESS_MASK ValidAccessMask; 1386 POOL_TYPE PoolType; 1387 UCHAR Unknown; 1388 UNICODE_STRING Name; 1389 } SYSTEM_OBJECT_TYPE_INFORMATION, *PSYSTEM_OBJECT_TYPE_INFORMATION; 1390 1391 typedef struct _SYSTEM_OBJECT_INFORMATION 1392 { 1393 ULONG NextEntryOffset; 1394 PVOID Object; 1395 ULONG CreatorProcessId; 1396 USHORT Unknown; 1397 USHORT Flags; 1398 ULONG PointerCount; 1399 ULONG HandleCount; 1400 ULONG PagedPoolUsage; 1401 ULONG NonPagedPoolUsage; 1402 ULONG ExclusiveProcessId; 1403 PSECURITY_DESCRIPTOR SecurityDescriptor; 1404 UNICODE_STRING Name; 1405 } SYSTEM_OBJECT_INFORMATION, *PSYSTEM_OBJECT_INFORMATION; 1406 1407 typedef struct _SYSTEM_PAGEFILE_INFORMATION 1408 { 1409 ULONG NextEntryOffset; 1410 ULONG CurrentSize; 1411 ULONG TotalUsed; 1412 ULONG PeakUsed; 1413 UNICODE_STRING FileName; 1414 } SYSTEM_PAGEFILE_INFORMATION, *PSYSTEM_PAGEFILE_INFORMATION; 1415 1416 typedef struct _SYSTEM_INSTRUCTION_EMULATION_INFORMATION 1417 { 1418 ULONG SegmentNotPresent; 1419 ULONG TwoByteOpcode; 1420 ULONG ESprefix; 1421 ULONG CSprefix; 1422 ULONG SSprefix; 1423 ULONG DSprefix; 1424 ULONG FSPrefix; 1425 ULONG GSprefix; 1426 ULONG OPER32prefix; 1427 ULONG ADDR32prefix; 1428 ULONG INSB; 1429 ULONG INSW; 1430 ULONG OUTSB; 1431 ULONG OUTSW; 1432 ULONG PUSHFD; 1433 ULONG POPFD; 1434 ULONG INTnn; 1435 ULONG INTO; 1436 ULONG IRETD; 1437 ULONG INBimm; 1438 ULONG INWimm; 1439 ULONG OUTBimm; 1440 ULONG OUTWimm; 1441 ULONG INB; 1442 ULONG INW; 1443 ULONG OUTB; 1444 ULONG OUTW; 1445 ULONG LOCKprefix; 1446 ULONG REPNEprefix; 1447 ULONG REPprefix; 1448 ULONG HLT; 1449 ULONG CLI; 1450 ULONG STI; 1451 ULONG GenericInvalidOpcode; 1452 } SYSTEM_INSTRUCTION_EMULATION_INFORMATION, *PSYSTEM_INSTRUCTION_EMULATION_INFORMATION; 1453 1454 typedef struct _SYSTEM_POOL_TAG_INFORMATION 1455 { 1456 CHAR Tag[4]; 1457 ULONG PagedPoolAllocs; 1458 ULONG PagedPoolFrees; 1459 ULONG PagedPoolUsage; 1460 ULONG NonPagedPoolAllocs; 1461 ULONG NonPagedPoolFrees; 1462 ULONG NonPagedPoolUsage; 1463 } SYSTEM_POOL_TAG_INFORMATION, *PSYSTEM_POOL_TAG_INFORMATION; 1464 1465 typedef struct _SYSTEM_PROCESSOR_STATISTICS 1466 { 1467 ULONG ContextSwitches; 1468 ULONG DpcCount; 1469 ULONG DpcRequestRate; 1470 ULONG TimeIncrement; 1471 ULONG DpcBypassCount; 1472 ULONG ApcBypassCount; 1473 } SYSTEM_PROCESSOR_STATISTICS, *PSYSTEM_PROCESSOR_STATISTICS; 1474 1475 typedef struct _SYSTEM_DPC_INFORMATION 1476 { 1477 ULONG Reserved; 1478 ULONG MaximumDpcQueueDepth; 1479 ULONG MinimumDpcRate; 1480 ULONG AdjustDpcThreshold; 1481 ULONG IdealDpcRate; 1482 } SYSTEM_DPC_INFORMATION, *PSYSTEM_DPC_INFORMATION; 1483 1484 typedef struct _SYSTEM_LOAD_IMAGE 1485 { 1486 UNICODE_STRING ModuleName; 1487 PVOID ModuleBase; 1488 PVOID SectionPointer; 1489 PVOID EntryPoint; 1490 PVOID ExportDirectory; 1491 } SYSTEM_LOAD_IMAGE, *PSYSTEM_LOAD_IMAGE; 1492 1493 typedef struct _SYSTEM_UNLOAD_IMAGE 1494 { 1495 PVOID ModuleBase; 1496 } SYSTEM_UNLOAD_IMAGE, *PSYSTEM_UNLOAD_IMAGE; 1497 1498 typedef struct _SYSTEM_QUERY_TIME_ADJUSTMENT 1499 { 1500 ULONG TimeAdjustment; 1501 ULONG MaximumIncrement; 1502 BOOLEAN TimeSynchronization; 1503 } SYSTEM_QUERY_TIME_ADJUSTMENT, *PSYSTEM_QUERY_TIME_ADJUSTMENT; 1504 1505 typedef struct _SYSTEM_SET_TIME_ADJUSTMENT 1506 { 1507 ULONG TimeAdjustment; 1508 BOOLEAN TimeSynchronization; 1509 } SYSTEM_SET_TIME_ADJUSTMENT, *PSYSTEM_SET_TIME_ADJUSTMENT; 1510 1511 typedef struct _SYSTEM_CRASH_DUMP_INFORMATION 1512 { 1513 HANDLE CrashDumpSectionHandle; 1514 HANDLE Unknown; 1515 } SYSTEM_CRASH_DUMP_INFORMATION, *PSYSTEM_CRASH_DUMP_INFORMATION; 1516 1517 typedef struct _SYSTEM_EXCEPTION_INFORMATION 1518 { 1519 ULONG AlignmentFixupCount; 1520 ULONG ExceptionDispatchCount; 1521 ULONG FloatingEmulationCount; 1522 ULONG Reserved; 1523 } SYSTEM_EXCEPTION_INFORMATION, *PSYSTEM_EXCEPTION_INFORMATION; 1524 1525 typedef struct _SYSTEM_CRASH_DUMP_STATE_INFORMATION 1526 { 1527 ULONG CrashDumpSectionExists; 1528 ULONG Unknown; 1529 } SYSTEM_CRASH_DUMP_STATE_INFORMATION, *PSYSTEM_CRASH_DUMP_STATE_INFORMATION; 1530 1531 typedef struct _SYSTEM_KERNEL_DEBUGGER_INFORMATION 1532 { 1533 BOOLEAN KernelDebuggerEnabled; 1534 BOOLEAN KernelDebuggerNotPresent; 1535 } SYSTEM_KERNEL_DEBUGGER_INFORMATION, *PSYSTEM_KERNEL_DEBUGGER_INFORMATION; 1536 1537 typedef struct _SYSTEM_CONTEXT_SWITCH_INFORMATION 1538 { 1539 ULONG ContextSwitches; 1540 ULONG ContextSwitchCounters[11]; 1541 } SYSTEM_CONTEXT_SWITCH_INFORMATION, *PSYSTEM_CONTEXT_SWITCH_INFORMATION; 1542 1543 typedef struct _SYSTEM_REGISTRY_QUOTA_INFORMATION 1544 { 1545 ULONG RegistryQuotaAllowed; 1546 ULONG RegistryQuotaUsed; 1547 ULONG PagedPoolSize; 1548 } SYSTEM_REGISTRY_QUOTA_INFORMATION, *PSYSTEM_REGISTRY_QUOTA_INFORMATION; 1549 1550 typedef struct _SYSTEM_LOAD_AND_CALL_IMAGE 1551 { 1552 UNICODE_STRING ModuleName; 1553 } SYSTEM_LOAD_AND_CALL_IMAGE, *PSYSTEM_LOAD_AND_CALL_IMAGE; 1554 1555 typedef struct _SYSTEM_PRIORITY_SEPARATION 1556 { 1557 ULONG PrioritySeparation; 1558 } SYSTEM_PRIORITY_SEPARATION, *PSYSTEM_PRIORITY_SEPARATION; 1559 1560 typedef struct _SYSTEM_TIME_ZONE_INFORMATION 1561 { 1562 LONG Bias; 1563 WCHAR StandardName[32]; 1564 LARGE_INTEGER StandardDate; 1565 LONG StandardBias; 1566 WCHAR DaylightName[32]; 1567 LARGE_INTEGER DaylightDate; 1568 LONG DaylightBias; 1569 } SYSTEM_TIME_ZONE_INFORMATION, *PSYSTEM_TIME_ZONE_INFORMATION; 1570 1571 typedef struct _SYSTEM_LOOKASIDE_INFORMATION 1572 { 1573 USHORT Depth; 1574 USHORT MaximumDepth; 1575 ULONG TotalAllocates; 1576 ULONG AllocateMisses; 1577 ULONG TotalFrees; 1578 ULONG FreeMisses; 1579 POOL_TYPE Type; 1580 ULONG Tag; 1581 ULONG Size; 1582 } SYSTEM_LOOKASIDE_INFORMATION, *PSYSTEM_LOOKASIDE_INFORMATION; 1583 1584 typedef struct _SYSTEM_SET_TIME_SLIP_EVENT 1585 { 1586 HANDLE TimeSlipEvent; 1587 } SYSTEM_SET_TIME_SLIP_EVENT, *PSYSTEM_SET_TIME_SLIP_EVENT; 1588 1589 typedef struct _SYSTEM_CREATE_SESSION 1590 { 1591 ULONG SessionId; 1592 } SYSTEM_CREATE_SESSION, *PSYSTEM_CREATE_SESSION; 1593 1594 typedef struct _SYSTEM_DELETE_SESSION 1595 { 1596 ULONG SessionId; 1597 } SYSTEM_DELETE_SESSION, *PSYSTEM_DELETE_SESSION; 1598 1599 typedef struct _SYSTEM_RANGE_START_INFORMATION 1600 { 1601 PVOID SystemRangeStart; 1602 } SYSTEM_RANGE_START_INFORMATION, *PSYSTEM_RANGE_START_INFORMATION; 1603 1604 typedef struct _SYSTEM_SESSION_PROCESSES_INFORMATION 1605 { 1606 ULONG SessionId; 1607 ULONG BufferSize; 1608 PVOID Buffer; 1609 } SYSTEM_SESSION_PROCESSES_INFORMATION, *PSYSTEM_SESSION_PROCESSES_INFORMATION; 1610 1611 typedef struct _SYSTEM_POOL_BLOCK 1612 { 1613 BOOLEAN Allocated; 1614 USHORT Unknown; 1615 ULONG Size; 1616 CHAR Tag[4]; 1617 } SYSTEM_POOL_BLOCK, *PSYSTEM_POOL_BLOCK; 1618 1619 typedef struct _SYSTEM_POOL_BLOCKS_INFORMATION 1620 { 1621 ULONG PoolSize; 1622 PVOID PoolBase; 1623 USHORT Unknown; 1624 ULONG NumberOfBlocks; 1625 SYSTEM_POOL_BLOCK PoolBlocks[1]; 1626 } SYSTEM_POOL_BLOCKS_INFORMATION, *PSYSTEM_POOL_BLOCKS_INFORMATION; 1627 1628 typedef struct _SYSTEM_MEMORY_USAGE 1629 { 1630 PVOID Name; 1631 USHORT Valid; 1632 USHORT Standby; 1633 USHORT Modified; 1634 USHORT PageTables; 1635 } SYSTEM_MEMORY_USAGE, *PSYSTEM_MEMORY_USAGE; 1636 1637 typedef struct _SYSTEM_MEMORY_USAGE_INFORMATION 1638 { 1639 ULONG Reserved; 1640 PVOID EndOfData; 1641 SYSTEM_MEMORY_USAGE MemoryUsage[1]; 1642 } SYSTEM_MEMORY_USAGE_INFORMATION, *PSYSTEM_MEMORY_USAGE_INFORMATION; 1643 1644 typedef struct _SYSDBG_PHYSICAL 1645 { 1646 PHYSICAL_ADDRESS Address; 1647 PVOID Buffer; 1648 ULONG Request; 1649 } SYSDBG_PHYSICAL, *PSYSDBG_PHYSICAL; 1650 1651 typedef struct _SYSDBG_CONTROL_SPACE 1652 { 1653 ULONG64 Address; 1654 PVOID Buffer; 1655 ULONG Request; 1656 ULONG Processor; 1657 } SYSDBG_CONTROL_SPACE, *PSYSDBG_CONTROL_SPACE; 1658 1659 typedef struct _SYSDBG_IO_SPACE 1660 { 1661 ULONG64 Address; 1662 PVOID Buffer; 1663 ULONG Request; 1664 INTERFACE_TYPE InterfaceType; 1665 ULONG BusNumber; 1666 ULONG AddressSpace; 1667 } SYSDBG_IO_SPACE, *PSYSDBG_IO_SPACE; 1668 1669 typedef struct _SYSDBG_MSR 1670 { 1671 ULONG Msr; 1672 ULONG64 Data; 1673 } SYSDBG_MSR, *PSYSDBG_MSR; 1674 1675 typedef struct _SYSDBG_BUS_DATA 1676 { 1677 ULONG Address; 1678 PVOID Buffer; 1679 ULONG Request; 1680 BUS_DATA_TYPE BusDataType; 1681 ULONG BusNumber; 1682 ULONG SlotNumber; 1683 } SYSDBG_BUS_DATA, *PSYSDBG_BUS_DATA; 1684 1685 typedef struct _DBGKD_GET_VERSION 1686 { 1687 USHORT MajorVersion; 1688 USHORT MinorVersion; 1689 USHORT ProtocolVersion; 1690 USHORT Flags; 1691 USHORT MachineType; 1692 UCHAR MaxPacketType; 1693 UCHAR MaxStateChange; 1694 UCHAR MaxManipulate; 1695 UCHAR Simulation; 1696 USHORT Unused[1]; 1697 ULONG64 KernBase; 1698 ULONG64 PsLoadedModuleList; 1699 ULONG64 DebuggerDataList; 1700 } DBGKD_GET_VERSION, *PDBGKD_GET_VERSION; 1701 1702 typedef struct _SYSDBG_VIRTUAL 1703 { 1704 PVOID Address; 1705 PVOID Buffer; 1706 ULONG Request; 1707 } SYSDBG_VIRTUAL, *PSYSDBG_VIRTUAL; 1708 1709 typedef struct _OBJECT_BASIC_INFORMATION 1710 { 1711 ULONG Attributes; 1712 ACCESS_MASK GrantedAccess; 1713 ULONG HandleCount; 1714 ULONG PointerCount; 1715 ULONG PagedPoolCharge; 1716 ULONG NonPagedPoolCharge; 1717 ULONG Reserved[3]; 1718 ULONG NameInfoSize; 1719 ULONG TypeInfoSize; 1720 ULONG SecurityDescriptorSize; 1721 LARGE_INTEGER CreationTime; 1722 } OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION; 1723 1724 typedef struct _OBJECT_NAME_INFORMATION 1725 { 1726 UNICODE_STRING Name; 1727 } OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION; 1728 1729 typedef struct _OBJECT_TYPE_INFORMATION 1730 { 1731 UNICODE_STRING TypeName; 1732 ULONG TotalNumberOfObjects; 1733 ULONG TotalNumberOfHandles; 1734 ULONG TotalPagedPoolUsage; 1735 ULONG TotalNonPagedPoolUsage; 1736 ULONG TotalNamePoolUsage; 1737 ULONG TotalHandleTableUsage; 1738 ULONG HighWaterNumberOfObjects; 1739 ULONG HighWaterNumberOfHandles; 1740 ULONG HighWaterPagedPoolUsage; 1741 ULONG HighWaterNonPagedPoolUsage; 1742 ULONG HighWaterNamePoolUsage; 1743 ULONG HighWaterHandleTableUsage; 1744 ULONG InvalidAttributes; 1745 GENERIC_MAPPING GenericMapping; 1746 ULONG ValidAccessMask; 1747 BOOLEAN SecurityRequired; 1748 BOOLEAN MaintainHandleCount; 1749 POOL_TYPE PoolType; 1750 ULONG DefaultPagedPoolCharge; 1751 ULONG DefaultNonPagedPoolCharge; 1752 } OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION; 1753 1754 typedef struct _OBJECT_ALL_TYPES_INFORMATION 1755 { 1756 ULONG NumberOfTypes; 1757 OBJECT_TYPE_INFORMATION TypeInformation; 1758 } OBJECT_ALL_TYPES_INFORMATION, *POBJECT_ALL_TYPES_INFORMATION; 1759 1760 typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFORMATION 1761 { 1762 BOOLEAN Inherit; 1763 BOOLEAN ProtectFromClose; 1764 } OBJECT_HANDLE_ATTRIBUTE_INFORMATION, *POBJECT_HANDLE_ATTRIBUTE_INFORMATION; 1765 1766 typedef struct _OBJECT_HANDLE_FLAG_INFORMATION 1767 { 1768 BOOLEAN Inherit; 1769 BOOLEAN ProtectFromClose; 1770 } OBJECT_HANDLE_FLAG_INFORMATION, *POBJECT_HANDLE_FLAG_INFORMATION; 1771 1772 typedef struct _OBJECT_DIRECTORY_INFORMATION 1773 { 1774 UNICODE_STRING Name; 1775 UNICODE_STRING TypeName; 1776 } OBJECT_DIRECTORY_INFORMATION, *POBJECT_DIRECTORY_INFORMATION; 1777 1778 typedef struct _DIRECTORY_BASIC_INFORMATION 1779 { 1780 UNICODE_STRING ObjectName; 1781 UNICODE_STRING ObjectTypeName; 1782 } DIRECTORY_BASIC_INFORMATION, *PDIRECTORY_BASIC_INFORMATION; 1783 1784 typedef struct _MEMORY_WORKING_SET_LIST 1785 { 1786 ULONG NumberOfPages; 1787 ULONG WorkingSetList[1]; 1788 } MEMORY_WORKING_SET_LIST, *PMEMORY_WORKING_SET_LIST; 1789 1790 typedef struct _MEMORY_SECTION_NAME 1791 { 1792 UNICODE_STRING SectionFileName; 1793 } MEMORY_SECTION_NAME, *PMEMORY_SECTION_NAME; 1794 1795 typedef struct _USER_STACK 1796 { 1797 PVOID FixedStackBase; 1798 PVOID FixedStackLimit; 1799 PVOID ExpandableStackBase; 1800 PVOID ExpandableStackLimit; 1801 PVOID ExpandableStackBottom; 1802 } USER_STACK, *PUSER_STACK; 1803 1804 typedef struct _THREAD_BASIC_INFORMATION 1805 { 1806 NTSTATUS ExitStatus; 1807 PNT_TIB TebBaseAddress; 1808 CLIENT_ID ClientId; 1809 KAFFINITY AffinityMask; 1810 KPRIORITY Priority; 1811 KPRIORITY BasePriority; 1812 } THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION; 1813 1814 typedef struct _KERNEL_USER_TIMES 1815 { 1816 LARGE_INTEGER CreateTime; 1817 LARGE_INTEGER ExitTime; 1818 LARGE_INTEGER KernelTime; 1819 LARGE_INTEGER UserTime; 1820 } KERNEL_USER_TIMES, *PKERNEL_USER_TIMES; 1821 1822 typedef struct _PROCESS_ACCESS_TOKEN 1823 { 1824 HANDLE Token; 1825 HANDLE Thread; 1826 } PROCESS_ACCESS_TOKEN, *PPROCESS_ACCESS_TOKEN; 1827 1828 typedef struct _POOLED_USAGE_AND_LIMITS 1829 { 1830 ULONG PeakPagedPoolUsage; 1831 ULONG PagedPoolUsage; 1832 ULONG PagedPoolLimit; 1833 ULONG PeakNonPagedPoolUsage; 1834 ULONG NonPagedPoolUsage; 1835 ULONG NonPagedPoolLimit; 1836 ULONG PeakPagefileUsage; 1837 ULONG PagefileUsage; 1838 ULONG PagefileLimit; 1839 } POOLED_USAGE_AND_LIMITS, *PPOOLED_USAGE_AND_LIMITS; 1840 1841 typedef struct _PROCESS_WS_WATCH_INFORMATION 1842 { 1843 PVOID FaultingPc; 1844 PVOID FaultingVa; 1845 } PROCESS_WS_WATCH_INFORMATION, *PPROCESS_WS_WATCH_INFORMATION; 1846 1847 typedef struct _PROCESS_PRIORITY_CLASS 1848 { 1849 BOOLEAN Foreground; 1850 UCHAR PriorityClass; 1851 } PROCESS_PRIORITY_CLASS, *PPROCESS_PRIORITY_CLASS; 1852 1853 typedef struct _PROCESS_DEVICEMAP_INFORMATION 1854 { 1855 union 1856 { 1857 struct 1858 { 1859 HANDLE DirectoryHandle; 1860 } Set; 1861 struct 1862 { 1863 ULONG DriveMap; 1864 UCHAR DriveType[32]; 1865 } Query; 1866 }; 1867 } PROCESS_DEVICEMAP_INFORMATION, *PPROCESS_DEVICEMAP_INFORMATION; 1868 1869 typedef struct _PROCESS_SESSION_INFORMATION 1870 { 1871 ULONG SessionId; 1872 } PROCESS_SESSION_INFORMATION, *PPROCESS_SESSION_INFORMATION; 1873 1874 typedef struct _DEBUG_BUFFER 1875 { 1876 HANDLE SectionHandle; 1877 PVOID SectionBase; 1878 PVOID RemoteSectionBase; 1879 ULONG SectionBaseDelta; 1880 HANDLE EventPairHandle; 1881 ULONG Unknown[2]; 1882 HANDLE RemoteThreadHandle; 1883 ULONG InfoClassMask; 1884 ULONG SizeOfInfo; 1885 ULONG AllocatedSize; 1886 ULONG SectionSize; 1887 PVOID ModuleInformation; 1888 PVOID BackTraceInformation; 1889 PVOID HeapInformation; 1890 PVOID LockInformation; 1891 PVOID Reserved[8]; 1892 } DEBUG_BUFFER, *PDEBUG_BUFFER; 1893 1894 typedef struct _DEBUG_MODULE_INFORMATION 1895 { 1896 ULONG Reserved[2]; 1897 ULONG Base; 1898 ULONG Size; 1899 ULONG Flags; 1900 USHORT Index; 1901 USHORT Unknown; 1902 USHORT LoadCount; 1903 USHORT ModuleNameOffset; 1904 CHAR ImageName[256]; 1905 } DEBUG_MODULE_INFORMATION, *PDEBUG_MODULE_INFORMATION; 1906 1907 typedef struct _DEBUG_HEAP_INFORMATION 1908 { 1909 ULONG Base; 1910 ULONG Flags; 1911 USHORT Granularity; 1912 USHORT Unknown; 1913 ULONG Allocated; 1914 ULONG Committed; 1915 ULONG TagCount; 1916 ULONG BlockCount; 1917 ULONG Reserved[7]; 1918 PVOID Tags; 1919 PVOID Blocks; 1920 } DEBUG_HEAP_INFORMATION, *PDEBUG_HEAP_INFORMATION; 1921 1922 typedef struct _DEBUG_LOCK_INFORMATION 1923 { 1924 PVOID Address; 1925 USHORT Type; 1926 USHORT CreatorBackTraceIndex; 1927 ULONG OwnerThreadId; 1928 ULONG ActiveCount; 1929 ULONG ContentionCount; 1930 ULONG EntryCount; 1931 ULONG RecursionCount; 1932 ULONG NumberOfSharedWaiters; 1933 ULONG NumberOfExclusiveWaiters; 1934 } DEBUG_LOCK_INFORMATION, *PDEBUG_LOCK_INFORMATION; 1935 1936 typedef struct _LPC_MESSAGE 1937 { 1938 USHORT DataSize; 1939 USHORT MessageSize; 1940 USHORT MessageType; 1941 USHORT VirtualRangesOffset; 1942 CLIENT_ID ClientId; 1943 ULONG MessageId; 1944 ULONG SectionSize; 1945 UCHAR Data[ANYSIZE_ARRAY]; 1946 } LPC_MESSAGE, *PLPC_MESSAGE; 1947 1948 typedef struct _LPC_SECTION_WRITE 1949 { 1950 ULONG Length; 1951 HANDLE SectionHandle; 1952 ULONG SectionOffset; 1953 ULONG ViewSize; 1954 PVOID ViewBase; 1955 PVOID TargetViewBase; 1956 } LPC_SECTION_WRITE, *PLPC_SECTION_WRITE; 1957 1958 typedef struct _LPC_SECTION_READ 1959 { 1960 ULONG Length; 1961 ULONG ViewSize; 1962 PVOID ViewBase; 1963 } LPC_SECTION_READ, *PLPC_SECTION_READ; 1964 1965 typedef struct _KEY_LAST_WRITE_TIME_INFORMATION 1966 { 1967 LARGE_INTEGER LastWriteTime; 1968 } KEY_LAST_WRITE_TIME_INFORMATION, *PKEY_LAST_WRITE_TIME_INFORMATION; 1969 1970 typedef struct _KEY_NAME_INFORMATION 1971 { 1972 ULONG NameLength; 1973 WCHAR Name[1]; 1974 } KEY_NAME_INFORMATION, *PKEY_NAME_INFORMATION; 1975 1976 typedef struct _ATOM_BASIC_INFORMATION 1977 { 1978 USHORT ReferenceCount; 1979 USHORT Pinned; 1980 USHORT NameLength; 1981 WCHAR Name[1]; 1982 } ATOM_BASIC_INFORMATION, *PATOM_BASIC_INFORMATION; 1983 1984 typedef struct _ATOM_LIST_INFORMATION 1985 { 1986 ULONG NumberOfAtoms; 1987 ATOM Atoms[1]; 1988 } ATOM_LIST_INFORMATION, *PATOM_LIST_INFORMATION; 1989 1990 typedef struct _RTL_SPLAY_LINKS 1991 { 1992 struct _RTL_SPLAY_LINKS *Parent; 1993 struct _RTL_SPLAY_LINKS *LeftChild; 1994 struct _RTL_SPLAY_LINKS *RightChild; 1995 } RTL_SPLAY_LINKS, *PRTL_SPLAY_LINKS; 1996 1997 typedef struct _RTL_HANDLE_TABLE_ENTRY 1998 { 1999 struct _RTL_HANDLE_TABLE_ENTRY *Next; 2000 PVOID Object; 2001 } RTL_HANDLE_TABLE_ENTRY, *PRTL_HANDLE_TABLE_ENTRY; 2002 2003 typedef struct _RTL_HANDLE_TABLE 2004 { 2005 ULONG MaximumNumberOfHandles; 2006 ULONG SizeOfHandleTableEntry; 2007 ULONG Unknown01; 2008 ULONG Unknown02; 2009 PRTL_HANDLE_TABLE_ENTRY FreeHandles; 2010 PRTL_HANDLE_TABLE_ENTRY CommittedHandles; 2011 PRTL_HANDLE_TABLE_ENTRY UnCommittedHandles; 2012 PRTL_HANDLE_TABLE_ENTRY MaxReservedHandles; 2013 } RTL_HANDLE_TABLE, *PRTL_HANDLE_TABLE; 2014 2015 typedef struct _KEY_BASIC_INFORMATION 2016 { 2017 LARGE_INTEGER LastWriteTime; 2018 ULONG TitleIndex; 2019 ULONG NameLength; 2020 WCHAR Name[1]; 2021 } KEY_BASIC_INFORMATION, *PKEY_BASIC_INFORMATION; 2022 2023 typedef struct _KEY_NODE_INFORMATION 2024 { 2025 LARGE_INTEGER LastWriteTime; 2026 ULONG TitleIndex; 2027 ULONG ClassOffset; 2028 ULONG ClassLength; 2029 ULONG NameLength; 2030 WCHAR Name[1]; 2031 } KEY_NODE_INFORMATION, *PKEY_NODE_INFORMATION; 2032 2033 typedef struct _KEY_FULL_INFORMATION 2034 { 2035 LARGE_INTEGER LastWriteTime; 2036 ULONG TitleIndex; 2037 ULONG ClassOffset; 2038 ULONG ClassLength; 2039 ULONG SubKeys; 2040 ULONG MaxNameLen; 2041 ULONG MaxClassLen; 2042 ULONG Values; 2043 ULONG MaxValueNameLen; 2044 ULONG MaxValueDataLen; 2045 WCHAR Class[1]; 2046 } KEY_FULL_INFORMATION, *PKEY_FULL_INFORMATION; 2047 2048 typedef struct _KEY_CACHED_INFORMATION 2049 { 2050 LARGE_INTEGER LastWriteTime; 2051 ULONG TitleIndex; 2052 ULONG SubKeys; 2053 ULONG MaxNameLen; 2054 ULONG Values; 2055 ULONG MaxValueNameLen; 2056 ULONG MaxValueDataLen; 2057 ULONG NameLength; 2058 WCHAR Name[1]; 2059 } KEY_CACHED_INFORMATION, *PKEY_CACHED_INFORMATION; 2060 2061 typedef struct _KEY_FLAGS_INFORMATION 2062 { 2063 ULONG UserFlags; 2064 } KEY_FLAGS_INFORMATION, *PKEY_FLAGS_INFORMATION; 2065 2066 typedef struct _KEY_VALUE_BASIC_INFORMATION 2067 { 2068 ULONG TitleIndex; 2069 ULONG Type; 2070 ULONG NameLength; 2071 WCHAR Name[1]; 2072 } KEY_VALUE_BASIC_INFORMATION, *PKEY_VALUE_BASIC_INFORMATION; 2073 2074 typedef struct _KEY_VALUE_FULL_INFORMATION 2075 { 2076 ULONG TitleIndex; 2077 ULONG Type; 2078 ULONG DataOffset; 2079 ULONG DataLength; 2080 ULONG NameLength; 2081 WCHAR Name[1]; 2082 } KEY_VALUE_FULL_INFORMATION, *PKEY_VALUE_FULL_INFORMATION; 2083 2084 typedef struct _KEY_VALUE_PARTIAL_INFORMATION 2085 { 2086 ULONG TitleIndex; 2087 ULONG Type; 2088 ULONG DataLength; 2089 UCHAR Data[1]; 2090 } KEY_VALUE_PARTIAL_INFORMATION, *PKEY_VALUE_PARTIAL_INFORMATION; 2091 2092 typedef struct _SYSTEM_TIMEOFDAY_INFORMATION 2093 { 2094 LARGE_INTEGER BootTime; 2095 LARGE_INTEGER CurrentTime; 2096 LARGE_INTEGER TimeZoneBias; 2097 ULONG TimeZoneId; 2098 ULONG Reserved; 2099 } SYSTEM_TIMEOFDAY_INFORMATION, *PSYSTEM_TIMEOFDAY_INFORMATION; 2100 2101 typedef struct _SYSTEM_PROCESS_INFORMATION 2102 { 2103 ULONG NextEntryOffset; 2104 ULONG NumberOfThreads; 2105 LARGE_INTEGER SpareLi1; 2106 LARGE_INTEGER SpareLi2; 2107 LARGE_INTEGER SpareLi3; 2108 LARGE_INTEGER CreateTime; 2109 LARGE_INTEGER UserTime; 2110 LARGE_INTEGER KernelTime; 2111 UNICODE_STRING ImageName; 2112 KPRIORITY BasePriority; 2113 ULONG_PTR UniqueProcessId; 2114 ULONG_PTR InheritedFromUniqueProcessId; 2115 ULONG HandleCount; 2116 } SYSTEM_PROCESS_INFORMATION, *PSYSTEM_PROCESS_INFORMATION; 2117 2118 typedef struct _SYSTEM_DEVICE_INFORMATION 2119 { 2120 ULONG NumberOfDisks; 2121 ULONG NumberOfFloppies; 2122 ULONG NumberOfCdRoms; 2123 ULONG NumberOfTapes; 2124 ULONG NumberOfSerialPorts; 2125 ULONG NumberOfParallelPorts; 2126 } SYSTEM_DEVICE_INFORMATION, *PSYSTEM_DEVICE_INFORMATION; 2127 2128 typedef struct _SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION 2129 { 2130 LARGE_INTEGER IdleTime; 2131 LARGE_INTEGER KernelTime; 2132 LARGE_INTEGER UserTime; 2133 LARGE_INTEGER DpcTime; 2134 LARGE_INTEGER InterruptTime; 2135 ULONG InterruptCount; 2136 } SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION, *PSYSTEM_PROCESSOR_PERFORMANCE_INFORMATION; 2137 2138 typedef struct _SYSTEM_FLAGS_INFORMATION 2139 { 2140 ULONG GlobalFlag; 2141 } SYSTEM_FLAGS_INFORMATION, *PSYSTEM_FLAGS_INFORMATION; 2142 2143 typedef struct _SYSTEM_VDM_INSTEMUL_INFO 2144 { 2145 ULONG SegmentNotPresent; 2146 ULONG VdmOpcode0F; 2147 ULONG OpcodeESPrefix; 2148 ULONG OpcodeCSPrefix; 2149 ULONG OpcodeSSPrefix; 2150 ULONG OpcodeDSPrefix; 2151 ULONG OpcodeFSPrefix; 2152 ULONG OpcodeGSPrefix; 2153 ULONG OpcodeOPER32Prefix; 2154 ULONG OpcodeADDR32Prefix; 2155 ULONG OpcodeINSB; 2156 ULONG OpcodeINSW; 2157 ULONG OpcodeOUTSB; 2158 ULONG OpcodeOUTSW; 2159 ULONG OpcodePUSHF; 2160 ULONG OpcodePOPF; 2161 ULONG OpcodeINTnn; 2162 ULONG OpcodeINTO; 2163 ULONG OpcodeIRET; 2164 ULONG OpcodeINBimm; 2165 ULONG OpcodeINWimm; 2166 ULONG OpcodeOUTBimm; 2167 ULONG OpcodeOUTWimm; 2168 ULONG OpcodeINB; 2169 ULONG OpcodeINW; 2170 ULONG OpcodeOUTB; 2171 ULONG OpcodeOUTW; 2172 ULONG OpcodeLOCKPrefix; 2173 ULONG OpcodeREPNEPrefix; 2174 ULONG OpcodeREPPrefix; 2175 ULONG OpcodeHLT; 2176 ULONG OpcodeCLI; 2177 ULONG OpcodeSTI; 2178 ULONG BopCount; 2179 } SYSTEM_VDM_INSTEMUL_INFO, *PSYSTEM_VDM_INSTEMUL_INFO; 2180 2181 typedef struct _SYSTEM_QUERY_TIME_ADJUST_INFORMATION 2182 { 2183 ULONG TimeAdjustment; 2184 ULONG TimeIncrement; 2185 BOOLEAN Enable; 2186 } SYSTEM_QUERY_TIME_ADJUST_INFORMATION, *PSYSTEM_QUERY_TIME_ADJUST_INFORMATION; 2187 2188 typedef struct _SYSTEM_SET_TIME_ADJUST_INFORMATION 2189 { 2190 ULONG TimeAdjustment; 2191 BOOLEAN Enable; 2192 } SYSTEM_SET_TIME_ADJUST_INFORMATION, *PSYSTEM_SET_TIME_ADJUST_INFORMATION; 2193 2194 typedef struct _SYSTEM_THREAD_INFORMATION 2195 { 2196 LARGE_INTEGER KernelTime; 2197 LARGE_INTEGER UserTime; 2198 LARGE_INTEGER CreateTime; 2199 ULONG WaitTime; 2200 PVOID StartAddress; 2201 CLIENT_ID ClientId; 2202 KPRIORITY Priority; 2203 LONG BasePriority; 2204 ULONG ContextSwitches; 2205 ULONG ThreadState; 2206 ULONG WaitReason; 2207 } SYSTEM_THREAD_INFORMATION, *PSYSTEM_THREAD_INFORMATION; 2208 2209 typedef struct _SYSTEM_MEMORY_INFO 2210 { 2211 PUCHAR StringOffset; 2212 USHORT ValidCount; 2213 USHORT TransitionCount; 2214 USHORT ModifiedCount; 2215 USHORT PageTableCount; 2216 } SYSTEM_MEMORY_INFO, *PSYSTEM_MEMORY_INFO; 2217 2218 typedef struct _SYSTEM_MEMORY_INFORMATION 2219 { 2220 ULONG InfoSize; 2221 ULONG StringStart; 2222 SYSTEM_MEMORY_INFO Memory[1]; 2223 } SYSTEM_MEMORY_INFORMATION, *PSYSTEM_MEMORY_INFORMATION; 2224 2225 typedef struct _SYSTEM_CRASH_STATE_INFORMATION 2226 { 2227 ULONG ValidCrashDump; 2228 } SYSTEM_CRASH_STATE_INFORMATION, *PSYSTEM_CRASH_STATE_INFORMATION; 2229 2230 typedef struct _SYSTEM_GDI_DRIVER_INFORMATION 2231 { 2232 UNICODE_STRING DriverName; 2233 PVOID ImageAddress; 2234 PVOID SectionPointer; 2235 PVOID EntryPoint; 2236 PIMAGE_EXPORT_DIRECTORY ExportSectionPointer; 2237 ULONG ImageLength; 2238 } SYSTEM_GDI_DRIVER_INFORMATION, *PSYSTEM_GDI_DRIVER_INFORMATION; 2239 2240 typedef struct _SYSTEM_BOOT_ENVIRONMENT_INFORMATION 2241 { 2242 GUID CurrentBootGuid; 2243 ULONG Unknown; 2244 } SYSTEM_BOOT_ENVIRONMENT_INFORMATION, *PSYSTEM_BOOT_ENVIRONMENT_INFORMATION; 2245 2246 typedef struct _FILE_DIRECTORY_INFORMATION 2247 { 2248 ULONG NextEntryOffset; 2249 ULONG FileIndex; 2250 LARGE_INTEGER CreationTime; 2251 LARGE_INTEGER LastAccessTime; 2252 LARGE_INTEGER LastWriteTime; 2253 LARGE_INTEGER ChangeTime; 2254 LARGE_INTEGER EndOfFile; 2255 LARGE_INTEGER AllocationSize; 2256 ULONG FileAttributes; 2257 ULONG FileNameLength; 2258 WCHAR FileName[1]; 2259 } FILE_DIRECTORY_INFORMATION, *PFILE_DIRECTORY_INFORMATION; 2260 2261 typedef struct _FILE_FULL_DIR_INFORMATION 2262 { 2263 ULONG NextEntryOffset; 2264 ULONG FileIndex; 2265 LARGE_INTEGER CreationTime; 2266 LARGE_INTEGER LastAccessTime; 2267 LARGE_INTEGER LastWriteTime; 2268 LARGE_INTEGER ChangeTime; 2269 LARGE_INTEGER EndOfFile; 2270 LARGE_INTEGER AllocationSize; 2271 ULONG FileAttributes; 2272 ULONG FileNameLength; 2273 ULONG EaSize; 2274 WCHAR FileName[1]; 2275 } FILE_FULL_DIR_INFORMATION, *PFILE_FULL_DIR_INFORMATION; 2276 2277 typedef struct _FILE_BOTH_DIR_INFORMATION 2278 { 2279 ULONG NextEntryOffset; 2280 ULONG FileIndex; 2281 LARGE_INTEGER CreationTime; 2282 LARGE_INTEGER LastAccessTime; 2283 LARGE_INTEGER LastWriteTime; 2284 LARGE_INTEGER ChangeTime; 2285 LARGE_INTEGER EndOfFile; 2286 LARGE_INTEGER AllocationSize; 2287 ULONG FileAttributes; 2288 ULONG FileNameLength; 2289 ULONG EaSize; 2290 CCHAR ShortNameLength; 2291 WCHAR ShortName[12]; 2292 WCHAR FileName[1]; 2293 } FILE_BOTH_DIR_INFORMATION, *PFILE_BOTH_DIR_INFORMATION; 2294 2295 typedef struct _FILE_BASIC_INFORMATION 2296 { 2297 LARGE_INTEGER CreationTime; 2298 LARGE_INTEGER LastAccessTime; 2299 LARGE_INTEGER LastWriteTime; 2300 LARGE_INTEGER ChangeTime; 2301 ULONG FileAttributes; 2302 } FILE_BASIC_INFORMATION, *PFILE_BASIC_INFORMATION; 2303 2304 typedef struct _FILE_STANDARD_INFORMATION 2305 { 2306 LARGE_INTEGER AllocationSize; 2307 LARGE_INTEGER EndOfFile; 2308 ULONG NumberOfLinks; 2309 BOOLEAN DeletePending; 2310 BOOLEAN Directory; 2311 } FILE_STANDARD_INFORMATION, *PFILE_STANDARD_INFORMATION; 2312 2313 typedef struct _FILE_INTERNAL_INFORMATION 2314 { 2315 LARGE_INTEGER IndexNumber; 2316 } FILE_INTERNAL_INFORMATION, *PFILE_INTERNAL_INFORMATION; 2317 2318 typedef struct _FILE_EA_INFORMATION 2319 { 2320 ULONG EaSize; 2321 } FILE_EA_INFORMATION, *PFILE_EA_INFORMATION; 2322 2323 typedef struct _FILE_ACCESS_INFORMATION 2324 { 2325 ACCESS_MASK AccessFlags; 2326 } FILE_ACCESS_INFORMATION, *PFILE_ACCESS_INFORMATION; 2327 2328 typedef struct _FILE_NAME_INFORMATION 2329 { 2330 ULONG FileNameLength; 2331 WCHAR FileName[1]; 2332 } FILE_NAME_INFORMATION, *PFILE_NAME_INFORMATION; 2333 2334 typedef struct _FILE_RENAME_INFORMATION 2335 { 2336 BOOLEAN ReplaceIfExists; 2337 HANDLE RootDirectory; 2338 ULONG FileNameLength; 2339 WCHAR FileName[1]; 2340 } FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION; 2341 2342 typedef struct _FILE_NAMES_INFORMATION 2343 { 2344 ULONG NextEntryOffset; 2345 ULONG FileIndex; 2346 ULONG FileNameLength; 2347 WCHAR FileName[1]; 2348 } FILE_NAMES_INFORMATION, *PFILE_NAMES_INFORMATION; 2349 2350 typedef struct _FILE_DISPOSITION_INFORMATION 2351 { 2352 BOOLEAN DeleteFile; 2353 } FILE_DISPOSITION_INFORMATION, *PFILE_DISPOSITION_INFORMATION; 2354 2355 typedef struct _FILE_POSITION_INFORMATION 2356 { 2357 LARGE_INTEGER CurrentByteOffset; 2358 } FILE_POSITION_INFORMATION, *PFILE_POSITION_INFORMATION; 2359 2360 typedef struct _FILE_FULL_EA_INFORMATION 2361 { 2362 ULONG NextEntryOffset; 2363 UCHAR Flags; 2364 UCHAR EaNameLength; 2365 USHORT EaValueLength; 2366 CHAR EaName[1]; 2367 } FILE_FULL_EA_INFORMATION, *PFILE_FULL_EA_INFORMATION; 2368 2369 typedef struct _FILE_MODE_INFORMATION 2370 { 2371 ULONG Mode; 2372 } FILE_MODE_INFORMATION, *PFILE_MODE_INFORMATION; 2373 2374 typedef struct _FILE_ALIGNMENT_INFORMATION 2375 { 2376 ULONG AlignmentRequirement; 2377 } FILE_ALIGNMENT_INFORMATION, *PFILE_ALIGNMENT_INFORMATION; 2378 2379 typedef struct _FILE_ALL_INFORMATION 2380 { 2381 FILE_BASIC_INFORMATION BasicInformation; 2382 FILE_STANDARD_INFORMATION StandardInformation; 2383 FILE_INTERNAL_INFORMATION InternalInformation; 2384 FILE_EA_INFORMATION EaInformation; 2385 FILE_ACCESS_INFORMATION AccessInformation; 2386 FILE_POSITION_INFORMATION PositionInformation; 2387 FILE_MODE_INFORMATION ModeInformation; 2388 FILE_ALIGNMENT_INFORMATION AlignmentInformation; 2389 FILE_NAME_INFORMATION NameInformation; 2390 } FILE_ALL_INFORMATION, *PFILE_ALL_INFORMATION; 2391 2392 typedef struct _FILE_ALLOCATION_INFORMATION 2393 { 2394 LARGE_INTEGER AllocationSize; 2395 } FILE_ALLOCATION_INFORMATION, *PFILE_ALLOCATION_INFORMATION; 2396 2397 typedef struct _FILE_END_OF_FILE_INFORMATION 2398 { 2399 LARGE_INTEGER EndOfFile; 2400 } FILE_END_OF_FILE_INFORMATION, *PFILE_END_OF_FILE_INFORMATION; 2401 2402 typedef struct _FILE_STREAM_INFORMATION 2403 { 2404 ULONG NextEntryOffset; 2405 ULONG StreamNameLength; 2406 LARGE_INTEGER StreamSize; 2407 LARGE_INTEGER StreamAllocationSize; 2408 WCHAR StreamName[1]; 2409 } FILE_STREAM_INFORMATION, *PFILE_STREAM_INFORMATION; 2410 2411 typedef struct _FILE_PIPE_INFORMATION 2412 { 2413 ULONG ReadMode; 2414 ULONG CompletionMode; 2415 } FILE_PIPE_INFORMATION, *PFILE_PIPE_INFORMATION; 2416 2417 typedef struct _FILE_PIPE_LOCAL_INFORMATION 2418 { 2419 ULONG NamedPipeType; 2420 ULONG NamedPipeConfiguration; 2421 ULONG MaximumInstances; 2422 ULONG CurrentInstances; 2423 ULONG InboundQuota; 2424 ULONG ReadDataAvailable; 2425 ULONG OutboundQuota; 2426 ULONG WriteQuotaAvailable; 2427 ULONG NamedPipeState; 2428 ULONG NamedPipeEnd; 2429 } FILE_PIPE_LOCAL_INFORMATION, *PFILE_PIPE_LOCAL_INFORMATION; 2430 2431 typedef struct _FILE_PIPE_REMOTE_INFORMATION 2432 { 2433 LARGE_INTEGER CollectDataTime; 2434 ULONG MaximumCollectionCount; 2435 } FILE_PIPE_REMOTE_INFORMATION, *PFILE_PIPE_REMOTE_INFORMATION; 2436 2437 typedef struct _FILE_MAILSLOT_QUERY_INFORMATION 2438 { 2439 ULONG MaximumMessageSize; 2440 ULONG MailslotQuota; 2441 ULONG NextMessageSize; 2442 ULONG MessagesAvailable; 2443 LARGE_INTEGER ReadTimeout; 2444 } FILE_MAILSLOT_QUERY_INFORMATION, *PFILE_MAILSLOT_QUERY_INFORMATION; 2445 2446 typedef struct _FILE_MAILSLOT_SET_INFORMATION 2447 { 2448 PLARGE_INTEGER ReadTimeout; 2449 } FILE_MAILSLOT_SET_INFORMATION, *PFILE_MAILSLOT_SET_INFORMATION; 2450 2451 typedef struct _FILE_COMPRESSION_INFORMATION 2452 { 2453 LARGE_INTEGER CompressedFileSize; 2454 USHORT CompressionFormat; 2455 UCHAR CompressionUnitShift; 2456 UCHAR ChunkShift; 2457 UCHAR ClusterShift; 2458 UCHAR Reserved[3]; 2459 } FILE_COMPRESSION_INFORMATION, *PFILE_COMPRESSION_INFORMATION; 2460 2461 typedef struct _FILE_LINK_INFORMATION 2462 { 2463 BOOLEAN ReplaceIfExists; 2464 HANDLE RootDirectory; 2465 ULONG FileNameLength; 2466 WCHAR FileName[1]; 2467 } FILE_LINK_INFORMATION, *PFILE_LINK_INFORMATION; 2468 2469 typedef struct _FILE_OBJECTID_INFORMATION 2470 { 2471 LONGLONG FileReference; 2472 UCHAR ObjectId[16]; 2473 union 2474 { 2475 struct 2476 { 2477 UCHAR BirthVolumeId[16]; 2478 UCHAR BirthObjectId[16]; 2479 UCHAR DomainId[16]; 2480 }; 2481 UCHAR ExtendedInfo[48]; 2482 }; 2483 } FILE_OBJECTID_INFORMATION, *PFILE_OBJECTID_INFORMATION; 2484 2485 typedef struct _FILE_COMPLETION_INFORMATION 2486 { 2487 HANDLE Port; 2488 PVOID Key; 2489 } FILE_COMPLETION_INFORMATION, *PFILE_COMPLETION_INFORMATION; 2490 2491 typedef struct _FILE_MOVE_CLUSTER_INFORMATION 2492 { 2493 ULONG ClusterCount; 2494 HANDLE RootDirectory; 2495 ULONG FileNameLength; 2496 WCHAR FileName[1]; 2497 } FILE_MOVE_CLUSTER_INFORMATION, *PFILE_MOVE_CLUSTER_INFORMATION; 2498 2499 typedef struct _FILE_ATTRIBUTE_TAG_INFORMATION 2500 { 2501 ULONG FileAttributes; 2502 ULONG ReparseTag; 2503 } FILE_ATTRIBUTE_TAG_INFORMATION, *PFILE_ATTRIBUTE_TAG_INFORMATION; 2504 2505 typedef struct _FILE_TRACKING_INFORMATION 2506 { 2507 HANDLE DestinationFile; 2508 ULONG ObjectInformationLength; 2509 CHAR ObjectInformation[1]; 2510 } FILE_TRACKING_INFORMATION, *PFILE_TRACKING_INFORMATION; 2511 2512 typedef struct _FILE_REPARSE_POINT_INFORMATION 2513 { 2514 LONGLONG FileReference; 2515 ULONG Tag; 2516 } FILE_REPARSE_POINT_INFORMATION, *PFILE_REPARSE_POINT_INFORMATION; 2517 2518 typedef struct _FILE_QUOTA_INFORMATION 2519 { 2520 ULONG NextEntryOffset; 2521 ULONG SidLength; 2522 LARGE_INTEGER ChangeTime; 2523 LARGE_INTEGER QuotaUsed; 2524 LARGE_INTEGER QuotaThreshold; 2525 LARGE_INTEGER QuotaLimit; 2526 SID Sid; 2527 } FILE_QUOTA_INFORMATION, *PFILE_QUOTA_INFORMATION; 2528 2529 typedef struct _FILE_ID_BOTH_DIR_INFORMATION 2530 { 2531 ULONG NextEntryOffset; 2532 ULONG FileIndex; 2533 LARGE_INTEGER CreationTime; 2534 LARGE_INTEGER LastAccessTime; 2535 LARGE_INTEGER LastWriteTime; 2536 LARGE_INTEGER ChangeTime; 2537 LARGE_INTEGER EndOfFile; 2538 LARGE_INTEGER AllocationSize; 2539 ULONG FileAttributes; 2540 ULONG FileNameLength; 2541 ULONG EaSize; 2542 CCHAR ShortNameLength; 2543 WCHAR ShortName[12]; 2544 LARGE_INTEGER FileId; 2545 WCHAR FileName[1]; 2546 } FILE_ID_BOTH_DIR_INFORMATION, *PFILE_ID_BOTH_DIR_INFORMATION; 2547 2548 typedef struct _FILE_ID_FULL_DIR_INFORMATION 2549 { 2550 ULONG NextEntryOffset; 2551 ULONG FileIndex; 2552 LARGE_INTEGER CreationTime; 2553 LARGE_INTEGER LastAccessTime; 2554 LARGE_INTEGER LastWriteTime; 2555 LARGE_INTEGER ChangeTime; 2556 LARGE_INTEGER EndOfFile; 2557 LARGE_INTEGER AllocationSize; 2558 ULONG FileAttributes; 2559 ULONG FileNameLength; 2560 ULONG EaSize; 2561 LARGE_INTEGER FileId; 2562 WCHAR FileName[1]; 2563 } FILE_ID_FULL_DIR_INFORMATION, *PFILE_ID_FULL_DIR_INFORMATION; 2564 2565 typedef struct _FILE_VALID_DATA_LENGTH_INFORMATION 2566 { 2567 LARGE_INTEGER ValidDataLength; 2568 } FILE_VALID_DATA_LENGTH_INFORMATION, *PFILE_VALID_DATA_LENGTH_INFORMATION; 2569 2570 typedef struct _FILE_IO_COMPLETION_NOTIFICATION_INFORMATION 2571 { 2572 ULONG Flags; 2573 } FILE_IO_COMPLETION_NOTIFICATION_INFORMATION, *PFILE_IO_COMPLETION_NOTIFICATION_INFORMATION; 2574 2575 typedef struct _FILE_PROCESS_IDS_USING_FILE_INFORMATION 2576 { 2577 ULONG NumberOfProcessIdsInList; 2578 ULONG_PTR ProcessIdList[1]; 2579 } FILE_PROCESS_IDS_USING_FILE_INFORMATION, *PFILE_PROCESS_IDS_USING_FILE_INFORMATION; 2580 2581 typedef struct _FILE_IOSTATUSBLOCK_RANGE_INFORMATION 2582 { 2583 PUCHAR IoStatusBlockRange; 2584 ULONG Length; 2585 } FILE_IOSTATUSBLOCK_RANGE_INFORMATION, *PFILE_IOSTATUSBLOCK_RANGE_INFORMATION; 2586 2587 typedef struct _FILE_IO_PRIORITY_HINT_INFORMATION 2588 { 2589 IO_PRIORITY_HINT PriorityHint; 2590 } FILE_IO_PRIORITY_HINT_INFORMATION, *PFILE_IO_PRIORITY_HINT_INFORMATION; 2591 2592 typedef struct _FILE_SFIO_RESERVE_INFORMATION 2593 { 2594 ULONG RequestsPerPeriod; 2595 ULONG Period; 2596 BOOLEAN RetryFailures; 2597 BOOLEAN Discardable; 2598 ULONG RequestSize; 2599 ULONG NumOutstandingRequests; 2600 } FILE_SFIO_RESERVE_INFORMATION, *PFILE_SFIO_RESERVE_INFORMATION; 2601 2602 typedef struct _FILE_SFIO_VOLUME_INFORMATION 2603 { 2604 ULONG MaximumRequestsPerPeriod; 2605 ULONG MinimumPeriod; 2606 ULONG MinimumTransferSize; 2607 } FILE_SFIO_VOLUME_INFORMATION, *PFILE_SFIO_VOLUME_INFORMATION; 2608 2609 typedef struct _FILE_LINK_ENTRY_INFORMATION 2610 { 2611 ULONG NextEntryOffset; 2612 LONGLONG ParentFileId; 2613 ULONG FileNameLength; 2614 WCHAR FileName[1]; 2615 } FILE_LINK_ENTRY_INFORMATION, *PFILE_LINK_ENTRY_INFORMATION; 2616 2617 typedef struct _FILE_LINKS_INFORMATION 2618 { 2619 ULONG BytesNeeded; 2620 ULONG EntriesReturned; 2621 FILE_LINK_ENTRY_INFORMATION Entry; 2622 } FILE_LINKS_INFORMATION, *PFILE_LINKS_INFORMATION; 2623 2624 typedef struct _FILE_ID_GLOBAL_TX_DIR_INFORMATION 2625 { 2626 ULONG NextEntryOffset; 2627 ULONG FileIndex; 2628 LARGE_INTEGER CreationTime; 2629 LARGE_INTEGER LastAccessTime; 2630 LARGE_INTEGER LastWriteTime; 2631 LARGE_INTEGER ChangeTime; 2632 LARGE_INTEGER EndOfFile; 2633 LARGE_INTEGER AllocationSize; 2634 ULONG FileAttributes; 2635 ULONG FileNameLength; 2636 LARGE_INTEGER FileId; 2637 GUID LockingTransactionId; 2638 ULONG TxInfoFlags; 2639 WCHAR FileName[1]; 2640 } FILE_ID_GLOBAL_TX_DIR_INFORMATION, *PFILE_ID_GLOBAL_TX_DIR_INFORMATION; 2641 2642 typedef struct _FILE_IS_REMOTE_DEVICE_INFORMATION 2643 { 2644 BOOLEAN IsRemote; 2645 } FILE_IS_REMOTE_DEVICE_INFORMATION, *PFILE_IS_REMOTE_DEVICE_INFORMATION; 2646 2647 typedef struct _FILE_NUMA_NODE_INFORMATION 2648 { 2649 USHORT NodeNumber; 2650 } FILE_NUMA_NODE_INFORMATION, *PFILE_NUMA_NODE_INFORMATION; 2651 2652 typedef struct _FILE_FS_VOLUME_INFORMATION 2653 { 2654 LARGE_INTEGER VolumeCreationTime; 2655 ULONG VolumeSerialNumber; 2656 ULONG VolumeLabelLength; 2657 BOOLEAN SupportsObjects; 2658 WCHAR VolumeLabel[1]; 2659 } FILE_FS_VOLUME_INFORMATION, *PFILE_FS_VOLUME_INFORMATION; 2660 2661 typedef struct _FILE_FS_LABEL_INFORMATION 2662 { 2663 ULONG VolumeLabelLength; 2664 WCHAR VolumeLabel[1]; 2665 } FILE_FS_LABEL_INFORMATION, *PFILE_FS_LABEL_INFORMATION; 2666 2667 typedef struct _FILE_FS_SIZE_INFORMATION 2668 { 2669 LARGE_INTEGER TotalAllocationUnits; 2670 LARGE_INTEGER AvailableAllocationUnits; 2671 ULONG SectorsPerAllocationUnit; 2672 ULONG BytesPerSector; 2673 } FILE_FS_SIZE_INFORMATION, *PFILE_FS_SIZE_INFORMATION; 2674 2675 typedef struct _FILE_FS_DEVICE_INFORMATION 2676 { 2677 DEVICE_TYPE DeviceType; 2678 ULONG Characteristics; 2679 } FILE_FS_DEVICE_INFORMATION, *PFILE_FS_DEVICE_INFORMATION; 2680 2681 typedef struct _FILE_FS_ATTRIBUTE_INFORMATION 2682 { 2683 ULONG FileSystemAttributes; 2684 LONG MaximumComponentNameLength; 2685 ULONG FileSystemNameLength; 2686 WCHAR FileSystemName[1]; 2687 } FILE_FS_ATTRIBUTE_INFORMATION, *PFILE_FS_ATTRIBUTE_INFORMATION; 2688 2689 typedef struct _FILE_FS_CONTROL_INFORMATION 2690 { 2691 LARGE_INTEGER FreeSpaceStartFiltering; 2692 LARGE_INTEGER FreeSpaceThreshold; 2693 LARGE_INTEGER FreeSpaceStopFiltering; 2694 LARGE_INTEGER DefaultQuotaThreshold; 2695 LARGE_INTEGER DefaultQuotaLimit; 2696 ULONG FileSystemControlFlags; 2697 } FILE_FS_CONTROL_INFORMATION, *PFILE_FS_CONTROL_INFORMATION; 2698 2699 typedef struct _FILE_FS_FULL_SIZE_INFORMATION 2700 { 2701 LARGE_INTEGER TotalAllocationUnits; 2702 LARGE_INTEGER CallerAvailableAllocationUnits; 2703 LARGE_INTEGER ActualAvailableAllocationUnits; 2704 ULONG SectorsPerAllocationUnit; 2705 ULONG BytesPerSector; 2706 } FILE_FS_FULL_SIZE_INFORMATION, *PFILE_FS_FULL_SIZE_INFORMATION; 2707 2708 typedef struct _FILE_FS_OBJECTID_INFORMATION 2709 { 2710 UCHAR ObjectId[16]; 2711 UCHAR ExtendedInfo[48]; 2712 } FILE_FS_OBJECTID_INFORMATION, *PFILE_FS_OBJECTID_INFORMATION; 2713 2714 typedef struct _FILE_FS_DRIVER_PATH_INFORMATION 2715 { 2716 BOOLEAN DriverInPath; 2717 ULONG DriverNameLength; 2718 WCHAR DriverName[1]; 2719 } FILE_FS_DRIVER_PATH_INFORMATION, *PFILE_FS_DRIVER_PATH_INFORMATION; 2720 2721 typedef struct _FILE_FS_VOLUME_FLAGS_INFORMATION 2722 { 2723 ULONG Flags; 2724 } FILE_FS_VOLUME_FLAGS_INFORMATION, *PFILE_FS_VOLUME_FLAGS_INFORMATION; 2725 2726 typedef struct _SECTION_IMAGE_INFORMATION 2727 { 2728 PVOID TransferAddress; 2729 ULONG ZeroBits; 2730 ULONG_PTR MaximumStackSize; 2731 ULONG_PTR CommittedStackSize; 2732 ULONG SubSystemType; 2733 union _SECTION_IMAGE_INFORMATION_u0 2734 { 2735 struct _SECTION_IMAGE_INFORMATION_s0 2736 { 2737 USHORT SubSystemMinorVersion; 2738 USHORT SubSystemMajorVersion; 2739 }; 2740 ULONG SubSystemVersion; 2741 }; 2742 ULONG GpValue; 2743 USHORT ImageCharacteristics; 2744 USHORT DllCharacteristics; 2745 USHORT Machine; 2746 BOOLEAN ImageContainsCode; 2747 BOOLEAN Spare1; 2748 ULONG LoaderFlags; 2749 ULONG Reserved[2]; 2750 } SECTION_IMAGE_INFORMATION, *PSECTION_IMAGE_INFORMATION; 2751 2752 typedef struct _RTL_USER_PROCESS_INFORMATION 2753 { 2754 ULONG Length; 2755 HANDLE ProcessHandle; 2756 HANDLE ThreadHandle; 2757 CLIENT_ID ClientId; 2758 SECTION_IMAGE_INFORMATION ImageInformation; 2759 } RTL_USER_PROCESS_INFORMATION, *PRTL_USER_PROCESS_INFORMATION; 2760 2761 typedef struct _LDR_DATA_TABLE_ENTRY 2762 { 2763 LIST_ENTRY InLoadOrderLinks; 2764 LIST_ENTRY InMemoryOrderLinks; 2765 LIST_ENTRY InInitializationOrderLinks; 2766 PVOID DllBase; 2767 PVOID EntryPoint; 2768 ULONG SizeOfImage; 2769 UNICODE_STRING FullDllName; 2770 UNICODE_STRING BaseDllName; 2771 ULONG Flags; 2772 USHORT LoadCount; 2773 USHORT TlsIndex; 2774 LIST_ENTRY HashLinks; 2775 PVOID SectionPointer; 2776 ULONG CheckSum; 2777 ULONG TimeDateStamp; 2778 PVOID LoadedImports; 2779 PVOID EntryPointActivationContext; 2780 PVOID PatchInformation; 2781 PVOID Unknown1; 2782 PVOID Unknown2; 2783 PVOID Unknown3; 2784 } LDR_DATA_TABLE_ENTRY, *PLDR_DATA_TABLE_ENTRY; 2785 2786 typedef struct _PORT_MESSAGE 2787 { 2788 union 2789 { 2790 struct 2791 { 2792 USHORT DataLength; 2793 USHORT TotalLength; 2794 } s1; 2795 ULONG Length; 2796 } u1; 2797 union 2798 { 2799 struct 2800 { 2801 USHORT Type; 2802 USHORT DataInfoOffset; 2803 } s2; 2804 ULONG ZeroInit; 2805 } u2; 2806 union 2807 { 2808 CLIENT_ID ClientId; 2809 double DoNotUseThisField; 2810 }; 2811 ULONG MessageId; 2812 union 2813 { 2814 ULONG_PTR ClientViewSize; 2815 ULONG CallbackId; 2816 }; 2817 } PORT_MESSAGE, *PPORT_MESSAGE; 2818 2819 typedef struct _PORT_VIEW 2820 { 2821 ULONG Length; 2822 HANDLE SectionHandle; 2823 ULONG SectionOffset; 2824 SIZE_T ViewSize; 2825 PVOID ViewBase; 2826 PVOID ViewRemoteBase; 2827 } PORT_VIEW, *PPORT_VIEW; 2828 2829 typedef struct _REMOTE_PORT_VIEW 2830 { 2831 ULONG Length; 2832 SIZE_T ViewSize; 2833 PVOID ViewBase; 2834 } REMOTE_PORT_VIEW, *PREMOTE_PORT_VIEW; 2835 2836 typedef struct RTL_HEAP_PARAMETERS 2837 { 2838 ULONG Length; 2839 ULONG SegmentReserve; 2840 ULONG SegmentCommit; 2841 ULONG DeCommitFreeBlockThreshold; 2842 ULONG DeCommitTotalFreeThreshold; 2843 ULONG MaximumAllocationSize; 2844 ULONG VirtualMemoryThreshold; 2845 ULONG InitialCommit; 2846 ULONG InitialReserve; 2847 PVOID CommitRoutine; 2848 ULONG Reserved; 2849 } RTL_HEAP_PARAMETERS, *PRTL_HEAP_PARAMETERS; 2850 2851 typedef struct _EVENT_BASIC_INFORMATION 2852 { 2853 EVENT_TYPE EventType; 2854 LONG EventState; 2855 } EVENT_BASIC_INFORMATION, *PEVENT_BASIC_INFORMATION; 2856 2857 #pragma endregion 2858 2859 #pragma region TYPEDEF API 2860 2861 typedef VOID(NTAPI *PKNORMAL_ROUTINE)( 2862 IN PVOID NormalContext, 2863 IN PVOID SystemArgument1, 2864 IN PVOID SystemArgument2 2865 ); 2866 2867 typedef VOID(NTAPI *PIO_APC_ROUTINE)( 2868 IN PVOID ApcContext, 2869 IN PIO_STATUS_BLOCK IoStatusBlock, 2870 IN ULONG Reserved 2871 ); 2872 2873 typedef VOID(NTAPI *PIO_APC_ROUTINE)( 2874 IN PVOID ApcContext, 2875 IN PIO_STATUS_BLOCK IoStatusBlock, 2876 IN ULONG Reserved 2877 ); 2878 2879 typedef VOID(NTAPI *PUSER_THREAD_START_ROUTINE)( 2880 IN PVOID ApcArgument1 2881 ); 2882 2883 #pragma endregion 2884 2885 #pragma region DEFINE API 2886 2887 #ifndef WIN64 2888 #define NtCurrentProcess() ((HANDLE)0xFFFFFFFF) 2889 #define NtCurrentThread() ((HANDLE)0xFFFFFFFE) 2890 #else // WIN64 2891 #define NtCurrentProcess() ((HANDLE)0xFFFFFFFFFFFFFFFF) 2892 #define NtCurrentThread() ((HANDLE)0xFFFFFFFFFFFFFFFE) 2893 #endif // WIN64 2894 2895 #define NtCurrentPeb() (PPEB)(NtCurrentTeb()->ProcessEnvironmentBlock) 2896 2897 #define RtlProcessHeap() (HANDLE)(NtCurrentTeb()->ProcessEnvironmentBlock->ProcessHeap) 2898 2899 #define DECLARE_INTERNAL_OBJECT(x) struct _##x; typedef struct _##x *P##x; 2900 2901 #define DECLARE_INTERNAL_OBJECT2(x,y) struct _##x; typedef struct _##x *P##y; 2902 2903 #define InitializeObjectAttributes(p, n, a, r, s) 2904 { 2905 (p)->Length = sizeof( OBJECT_ATTRIBUTES ); 2906 (p)->RootDirectory = r; 2907 (p)->Attributes = a; 2908 (p)->ObjectName = n; 2909 (p)->SecurityDescriptor = s; 2910 (p)->SecurityQualityOfService = NULL; 2911 } 2912 2913 #define InitializeMessageHeader(ph, l, t) 2914 { 2915 (ph)->u1.s1.TotalLength = (USHORT)(l); 2916 (ph)->u1.s1.DataLength = (USHORT)(l - sizeof(PORT_MESSAGE)); 2917 (ph)->u2.s2.Type = (USHORT)(t); 2918 (ph)->u2.s2.DataInfoOffset = 0; 2919 (ph)->ClientId.UniqueProcess = NULL; 2920 (ph)->ClientId.UniqueThread = NULL; 2921 (ph)->MessageId = 0; 2922 (ph)->ClientViewSize = 0; 2923 } 2924 2925 #define RtlInitEmptyUnicodeString(ucStr, buf, bufSize) 2926 { 2927 (ucStr)->Buffer = (buf); 2928 (ucStr)->Length = 0; 2929 (ucStr)->MaximumLength = (USHORT)(bufSize); 2930 } 2931 2932 #define ABSOLUTE_INTERVAL(wait) (wait) 2933 2934 #define RELATIVE_INTERVAL(wait) (-(wait)) 2935 2936 #define NANOSECONDS(nanos) (((signed __int64)(nanos)) / 100L) 2937 2938 #define MICROSECONDS(micros) (((signed __int64)(micros)) * NANOSECONDS(1000L)) 2939 2940 #define MILISECONDS(mili) (((signed __int64)(mili)) * MICROSECONDS(1000L)) 2941 2942 #define SECONDS(seconds) (((signed __int64)(seconds)) * MILISECONDS(1000L)) 2943 2944 #pragma endregion 2945 2946 #pragma region REAL API 2947 2948 BOOLEAN FORCEINLINE IsListEmpty(IN const LIST_ENTRY *ListHead) 2949 { 2950 return (BOOLEAN)(ListHead->Flink == ListHead); 2951 } 2952 2953 FORCEINLINE VOID InitializeListHead(IN PLIST_ENTRY ListHead) 2954 { 2955 ListHead->Flink = ListHead->Blink = ListHead; 2956 } 2957 2958 FORCEINLINE VOID InsertHeadList(IN OUT PLIST_ENTRY ListHead, IN OUT PLIST_ENTRY Entry) 2959 { 2960 PLIST_ENTRY Flink; 2961 Flink = ListHead->Flink; 2962 Entry->Flink = Flink; 2963 Entry->Blink = ListHead; 2964 Flink->Blink = Entry; 2965 ListHead->Flink = Entry; 2966 } 2967 2968 FORCEINLINE VOID InsertTailList(IN OUT PLIST_ENTRY ListHead, IN OUT PLIST_ENTRY Entry) 2969 { 2970 PLIST_ENTRY Blink; 2971 Blink = ListHead->Blink; 2972 Entry->Flink = ListHead; 2973 Entry->Blink = Blink; 2974 Blink->Flink = Entry; 2975 ListHead->Blink = Entry; 2976 } 2977 2978 FORCEINLINE BOOLEAN RemoveEntryList(IN PLIST_ENTRY Entry) 2979 { 2980 PLIST_ENTRY Blink; 2981 PLIST_ENTRY Flink; 2982 Flink = Entry->Flink; 2983 Blink = Entry->Blink; 2984 Blink->Flink = Flink; 2985 Flink->Blink = Blink; 2986 return (BOOLEAN)(Flink == Blink); 2987 } 2988 2989 #pragma endregion 2990 2991 #pragma region NATIVE API 2992 2993 NTSYSAPI NTSTATUS NTAPI NtAcceptConnectPort( 2994 OUT PHANDLE PortHandle, 2995 IN PVOID PortContext OPTIONAL, 2996 IN PPORT_MESSAGE ConnectionRequest, 2997 IN BOOLEAN AcceptConnection, 2998 IN OUT PPORT_VIEW ServerView OPTIONAL, 2999 OUT PREMOTE_PORT_VIEW ClientView OPTIONAL 3000 ); 3001 3002 NTSYSAPI NTSTATUS NTAPI NtAccessCheck( 3003 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 3004 IN HANDLE TokenHandle, 3005 IN ACCESS_MASK DesiredAccess, 3006 IN PGENERIC_MAPPING GenericMapping, 3007 OUT PPRIVILEGE_SET PrivilegeSet, 3008 IN PULONG PrivilegeSetLength, 3009 OUT PACCESS_MASK GrantedAccess, 3010 OUT PBOOLEAN AccessStatus 3011 ); 3012 3013 NTSYSAPI NTSTATUS NTAPI NtAccessCheckAndAuditAlarm( 3014 IN PUNICODE_STRING SubsystemName, 3015 IN PVOID HandleId, 3016 IN PUNICODE_STRING ObjectTypeName, 3017 IN PUNICODE_STRING ObjectName, 3018 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 3019 IN ACCESS_MASK DesiredAccess, 3020 IN PGENERIC_MAPPING GenericMapping, 3021 IN BOOLEAN ObjectCreation, 3022 OUT PACCESS_MASK GrantedAccess, 3023 OUT PBOOLEAN AccessStatus, 3024 OUT PBOOLEAN GenerateOnClose 3025 ); 3026 3027 NTSYSAPI NTSTATUS NTAPI NtAccessCheckByType( 3028 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 3029 IN PSID PrincipalSelfSid, 3030 IN HANDLE TokenHandle, 3031 IN ULONG DesiredAccess, 3032 IN POBJECT_TYPE_LIST ObjectTypeList, 3033 IN ULONG ObjectTypeListLength, 3034 IN PGENERIC_MAPPING GenericMapping, 3035 IN PPRIVILEGE_SET PrivilegeSet, 3036 IN PULONG PrivilegeSetLength, 3037 OUT PACCESS_MASK GrantedAccess, 3038 OUT PULONG AccessStatus 3039 ); 3040 3041 NTSYSAPI NTSTATUS NTAPI NtAccessCheckByTypeAndAuditAlarm( 3042 IN PUNICODE_STRING SubsystemName, 3043 IN PVOID HandleId, 3044 IN PUNICODE_STRING ObjectTypeName, 3045 IN PUNICODE_STRING ObjectName, 3046 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 3047 IN PSID PrincipalSelfSid, 3048 IN ACCESS_MASK DesiredAccess, 3049 IN AUDIT_EVENT_TYPE AuditType, 3050 IN ULONG Flags, 3051 IN POBJECT_TYPE_LIST ObjectTypeList, 3052 IN ULONG ObjectTypeListLength, 3053 IN PGENERIC_MAPPING GenericMapping, 3054 IN BOOLEAN ObjectCreation, 3055 OUT PACCESS_MASK GrantedAccess, 3056 OUT PULONG AccessStatus, 3057 OUT PBOOLEAN GenerateOnClose 3058 ); 3059 3060 NTSYSAPI NTSTATUS NTAPI NtAccessCheckByTypeResultList( 3061 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 3062 IN PSID PrincipalSelfSid, 3063 IN HANDLE TokenHandle, 3064 IN ACCESS_MASK DesiredAccess, 3065 IN POBJECT_TYPE_LIST ObjectTypeList, 3066 IN ULONG ObjectTypeListLength, 3067 IN PGENERIC_MAPPING GenericMapping, 3068 IN PPRIVILEGE_SET PrivilegeSet, 3069 IN PULONG PrivilegeSetLength, 3070 OUT PACCESS_MASK GrantedAccessList, 3071 OUT PULONG AccessStatusList 3072 ); 3073 3074 NTSYSAPI NTSTATUS NTAPI NtAccessCheckByTypeResultListAndAuditAlarm( 3075 IN PUNICODE_STRING SubsystemName, 3076 IN PVOID HandleId, 3077 IN PUNICODE_STRING ObjectTypeName, 3078 IN PUNICODE_STRING ObjectName, 3079 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 3080 IN PSID PrincipalSelfSid, 3081 IN ACCESS_MASK DesiredAccess, 3082 IN AUDIT_EVENT_TYPE AuditType, 3083 IN ULONG Flags, 3084 IN POBJECT_TYPE_LIST ObjectTypeList, 3085 IN ULONG ObjectTypeListLength, 3086 IN PGENERIC_MAPPING GenericMapping, 3087 IN BOOLEAN ObjectCreation, 3088 OUT PACCESS_MASK GrantedAccessList, 3089 OUT PULONG AccessStatusList, 3090 OUT PULONG GenerateOnClose 3091 ); 3092 3093 NTSYSAPI NTSTATUS NTAPI NtAccessCheckByTypeResultListAndAuditAlarmByHandle( 3094 IN PUNICODE_STRING SubsystemName, 3095 IN PVOID HandleId, 3096 IN HANDLE TokenHandle, 3097 IN PUNICODE_STRING ObjectTypeName, 3098 IN PUNICODE_STRING ObjectName, 3099 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 3100 IN PSID PrincipalSelfSid, 3101 IN ACCESS_MASK DesiredAccess, 3102 IN AUDIT_EVENT_TYPE AuditType, 3103 IN ULONG Flags, 3104 IN POBJECT_TYPE_LIST ObjectTypeList, 3105 IN ULONG ObjectTypeListLength, 3106 IN PGENERIC_MAPPING GenericMapping, 3107 IN BOOLEAN ObjectCreation, 3108 OUT PACCESS_MASK GrantedAccessList, 3109 OUT PULONG AccessStatusList, 3110 OUT PULONG GenerateOnClose 3111 ); 3112 3113 NTSYSAPI NTSTATUS NTAPI NtAddAtom( 3114 IN PWSTR String, 3115 IN ULONG StringLength, 3116 OUT PUSHORT Atom 3117 ); 3118 3119 NTSYSAPI NTSTATUS NTAPI NtAddBootEntry( 3120 IN PUNICODE_STRING EntryName, 3121 IN PUNICODE_STRING EntryValue 3122 ); 3123 3124 NTSYSAPI NTSTATUS NTAPI NtAddDriverEntry( 3125 IN PUNICODE_STRING DriverName, 3126 IN PUNICODE_STRING DriverPath 3127 ); 3128 3129 NTSYSAPI NTSTATUS NTAPI NtAdjustGroupsToken( 3130 IN HANDLE TokenHandle, 3131 IN BOOLEAN ResetToDefault, 3132 IN PTOKEN_GROUPS NewState, 3133 IN ULONG BufferLength, 3134 OUT PTOKEN_GROUPS PreviousState OPTIONAL, 3135 OUT PULONG ReturnLength 3136 ); 3137 3138 NTSYSAPI NTSTATUS NTAPI NtAdjustPrivilegesToken( 3139 IN HANDLE TokenHandle, 3140 IN BOOLEAN DisableAllPrivileges, 3141 IN PTOKEN_PRIVILEGES NewState OPTIONAL, 3142 IN ULONG BufferLength OPTIONAL, 3143 IN PTOKEN_PRIVILEGES PreviousState OPTIONAL, 3144 OUT PULONG ReturnLength 3145 ); 3146 3147 NTSYSAPI NTSTATUS NTAPI NtAlertResumeThread( 3148 IN HANDLE ThreadHandle, 3149 OUT PULONG PreviousSuspendCount OPTIONAL 3150 ); 3151 3152 NTSYSAPI NTSTATUS NTAPI NtAllocateLocallyUniqueId( 3153 OUT PLUID Luid 3154 ); 3155 3156 NTSYSAPI NTSTATUS NTAPI NtAllocateUserPhysicalPages( 3157 IN HANDLE ProcessHandle, 3158 IN PULONG NumberOfPages, 3159 OUT PULONG PageFrameNumbers 3160 ); 3161 3162 NTSYSAPI NTSTATUS NTAPI NtAllocateUuids( 3163 OUT PLARGE_INTEGER UuidLastTimeAllocated, 3164 OUT PULONG UuidDeltaTime, 3165 OUT PULONG UuidSequenceNumber, 3166 OUT PUCHAR UuidSeed 3167 ); 3168 NTSYSAPI NTSTATUS NTAPI NtAllocateVirtualMemory( 3169 IN HANDLE ProcessHandle, 3170 IN OUT PVOID *BaseAddress, 3171 IN ULONG ZeroBits, 3172 IN OUT PULONG AllocationSize, 3173 IN ULONG AllocationType, 3174 IN ULONG Protect 3175 ); 3176 3177 NTSYSAPI NTSTATUS NTAPI NtAreMappedFilesTheSame( 3178 IN PVOID Address1, 3179 IN PVOID Address2 3180 ); 3181 3182 NTSYSAPI NTSTATUS NTAPI NtAssignProcessToJobObject( 3183 IN HANDLE JobHandle, 3184 IN HANDLE ProcessHandle 3185 ); 3186 3187 NTSYSAPI NTSTATUS NTAPI NtCallbackReturn( 3188 IN PVOID Result OPTIONAL, 3189 IN ULONG ResultLength, 3190 IN NTSTATUS Status 3191 ); 3192 3193 NTSYSAPI NTSTATUS NTAPI NtCancelDeviceWakeupRequest( 3194 IN HANDLE DeviceHandle 3195 ); 3196 3197 NTSYSAPI NTSTATUS NTAPI NtCancelIoFile( 3198 IN HANDLE FileHandle, 3199 OUT PIO_STATUS_BLOCK IoStatusBlock 3200 ); 3201 3202 NTSYSAPI NTSTATUS NTAPI NtCancelTimer( 3203 IN HANDLE TimerHandle, 3204 OUT PBOOLEAN PreviousState OPTIONAL 3205 ); 3206 3207 NTSYSAPI NTSTATUS NTAPI NtClearEvent( 3208 IN HANDLE EventHandle 3209 ); 3210 3211 NTSYSAPI NTSTATUS NTAPI NtClose( 3212 IN HANDLE Handle 3213 ); 3214 3215 NTSYSAPI NTSTATUS NTAPI NtCloseObjectAuditAlarm( 3216 IN PUNICODE_STRING SubsystemName, 3217 IN PVOID HandleId, 3218 IN BOOLEAN GenerateOnClose 3219 ); 3220 3221 NTSYSAPI NTSTATUS NTAPI NtCompactKeys( 3222 IN ULONG Length, 3223 IN HANDLE Key 3224 ); 3225 3226 NTSYSAPI NTSTATUS NTAPI NtCompareTokens( 3227 IN HANDLE FirstTokenHandle, 3228 IN HANDLE SecondTokenHandle, 3229 OUT PBOOLEAN IdenticalTokens 3230 ); 3231 3232 NTSYSAPI NTSTATUS NTAPI NtCompleteConnectPort( 3233 IN HANDLE PortHandle 3234 ); 3235 3236 NTSYSAPI NTSTATUS NTAPI NtCompressKey( 3237 IN HANDLE Key 3238 ); 3239 3240 NTSYSAPI NTSTATUS NTAPI NtConnectPort( 3241 OUT PHANDLE PortHandle, 3242 IN PUNICODE_STRING PortName, 3243 IN PSECURITY_QUALITY_OF_SERVICE SecurityQos, 3244 IN OUT PLPC_SECTION_WRITE WriteSection OPTIONAL, 3245 IN OUT PLPC_SECTION_READ ReadSection OPTIONAL, 3246 OUT PULONG MaxMessageSize OPTIONAL, 3247 IN OUT PVOID ConnectData OPTIONAL, 3248 IN OUT PULONG ConnectDataLength OPTIONAL 3249 ); 3250 3251 NTSYSAPI NTSTATUS NTAPI NtContinue( 3252 IN PCONTEXT Context, 3253 IN BOOLEAN TestAlert 3254 ); 3255 3256 NTSYSAPI NTSTATUS NTAPI NtCreateDebugObject( 3257 OUT PHANDLE DebugObject, 3258 IN ULONG AccessRequired, 3259 IN POBJECT_ATTRIBUTES ObjectAttributes, 3260 IN BOOLEAN KillProcessOnExit 3261 ); 3262 3263 NTSYSAPI NTSTATUS NTAPI NtCreateDirectoryObject( 3264 OUT PHANDLE DirectoryHandle, 3265 IN ACCESS_MASK DesiredAccess, 3266 IN POBJECT_ATTRIBUTES ObjectAttributes 3267 ); 3268 3269 NTSYSAPI NTSTATUS NTAPI NtCreateEvent( 3270 OUT PHANDLE EventHandle, 3271 IN ACCESS_MASK DesiredAccess, 3272 IN POBJECT_ATTRIBUTES ObjectAttributes, 3273 IN EVENT_TYPE EventType, 3274 IN BOOLEAN InitialState 3275 ); 3276 3277 NTSYSAPI NTSTATUS NTAPI NtCreateEventPair( 3278 OUT PHANDLE EventPairHandle, 3279 IN ACCESS_MASK DesiredAccess, 3280 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL 3281 ); 3282 3283 NTSYSAPI NTSTATUS NTAPI NtCreateFile( 3284 OUT PHANDLE FileHandle, 3285 IN ACCESS_MASK DesiredAccess, 3286 IN POBJECT_ATTRIBUTES ObjectAttributes, 3287 OUT PIO_STATUS_BLOCK IoStatusBlock, 3288 IN PLARGE_INTEGER AllocationSize OPTIONAL, 3289 IN ULONG FileAttributes, 3290 IN ULONG ShareAccess, 3291 IN ULONG CreateDisposition, 3292 IN ULONG CreateOptions, 3293 IN PVOID EaBuffer OPTIONAL, 3294 IN ULONG EaLength 3295 ); 3296 3297 NTSYSAPI NTSTATUS NTAPI NtCreateIoCompletion( 3298 OUT PHANDLE IoCompletionHandle, 3299 IN ACCESS_MASK DesiredAccess, 3300 IN POBJECT_ATTRIBUTES ObjectAttributes, 3301 IN ULONG NumberOfConcurrentThreads 3302 ); 3303 3304 NTSYSAPI NTSTATUS NTAPI NtCreateJobObject( 3305 OUT PHANDLE JobHandle, 3306 IN ACCESS_MASK DesiredAccess, 3307 IN POBJECT_ATTRIBUTES ObjectAttributes 3308 ); 3309 3310 NTSYSAPI NTSTATUS NTAPI NtCreateJobSet( 3311 IN ULONG Jobs, 3312 IN PJOB_SET_ARRAY JobSet, 3313 IN ULONG Reserved 3314 ); 3315 3316 NTSYSAPI NTSTATUS NTAPI NtCreateKey( 3317 OUT PHANDLE KeyHandle, 3318 IN ACCESS_MASK DesiredAccess, 3319 IN POBJECT_ATTRIBUTES ObjectAttributes, 3320 IN ULONG TitleIndex, 3321 IN PUNICODE_STRING Class OPTIONAL, 3322 IN ULONG CreateOptions, 3323 OUT PULONG Disposition OPTIONAL 3324 ); 3325 3326 NTSYSAPI NTSTATUS NTAPI NtCreateKeyedEvent( 3327 OUT PHANDLE KeyedEventHandle, 3328 IN ACCESS_MASK DesiredAccess, 3329 IN POBJECT_ATTRIBUTES ObjectAttributes, 3330 IN ULONG Reserved 3331 ); 3332 3333 NTSYSAPI NTSTATUS NTAPI NtCreateMailslotFile( 3334 OUT PHANDLE FileHandle, 3335 IN ACCESS_MASK DesiredAccess, 3336 IN POBJECT_ATTRIBUTES ObjectAttributes, 3337 OUT PIO_STATUS_BLOCK IoStatusBlock, 3338 IN ULONG CreateOptions, 3339 IN ULONG InBufferSize, 3340 IN ULONG MaxMessageSize, 3341 IN PLARGE_INTEGER ReadTimeout OPTIONAL 3342 ); 3343 3344 NTSYSAPI NTSTATUS NTAPI NtCreateMutant( 3345 OUT PHANDLE MutantHandle, 3346 IN ACCESS_MASK DesiredAccess, 3347 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, 3348 IN BOOLEAN InitialOwner 3349 ); 3350 3351 NTSYSAPI NTSTATUS NTAPI NtCreateNamedPipeFile( 3352 OUT PHANDLE FileHandle, 3353 IN ACCESS_MASK DesiredAccess, 3354 IN POBJECT_ATTRIBUTES ObjectAttributes, 3355 OUT PIO_STATUS_BLOCK IoStatusBlock, 3356 IN ULONG ShareAccess, 3357 IN ULONG CreateDisposition, 3358 IN ULONG CreateOptions, 3359 IN BOOLEAN TypeMessage, 3360 IN BOOLEAN ReadmodeMessage, 3361 IN BOOLEAN Nonblocking, 3362 IN ULONG MaxInstances, 3363 IN ULONG InBufferSize, 3364 IN ULONG OutBufferSize, 3365 IN PLARGE_INTEGER DefaultTimeout OPTIONAL 3366 ); 3367 3368 NTSYSAPI NTSTATUS NTAPI NtCreatePort( 3369 OUT PHANDLE PortHandle, 3370 IN POBJECT_ATTRIBUTES ObjectAttributes, 3371 IN ULONG MaxConnectionInfoLength, 3372 IN ULONG MaxMessageLength, 3373 IN ULONG MaxPoolUsage 3374 ); 3375 3376 NTSYSAPI NTSTATUS NTAPI NtCreateProcess( 3377 OUT PHANDLE ProcessHandle, 3378 IN ACCESS_MASK DesiredAccess, 3379 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, 3380 IN HANDLE ParentProcess, 3381 IN BOOLEAN InheritObjectTable, 3382 IN HANDLE SectionHandle OPTIONAL, 3383 IN HANDLE DebugPort OPTIONAL, 3384 IN HANDLE ExceptionPort OPTIONAL 3385 ); 3386 3387 NTSYSAPI NTSTATUS NTAPI NtCreateProcessEx( 3388 OUT PHANDLE ProcessHandle, 3389 IN ACCESS_MASK DesiredAccess, 3390 IN POBJECT_ATTRIBUTES ObjectAttributes, 3391 IN HANDLE InheritFromProcessHandle, 3392 IN ULONG CreateFlags, 3393 IN HANDLE SectionHandle OPTIONAL, 3394 IN HANDLE DebugObject OPTIONAL, 3395 IN HANDLE ExceptionPort OPTIONAL, 3396 IN ULONG JobMemberLevel 3397 ); 3398 3399 NTSYSAPI NTSTATUS NTAPI NtCreateProfile( 3400 OUT PHANDLE ProfileHandle, 3401 IN HANDLE ProcessHandle, 3402 IN PVOID Base, 3403 IN ULONG Size, 3404 IN ULONG BucketShift, 3405 IN PULONG Buffer, 3406 IN ULONG BufferLength, 3407 IN KPROFILE_SOURCE Source, 3408 IN ULONG ProcessorMask 3409 ); 3410 3411 NTSYSAPI NTSTATUS NTAPI NtCreateSection( 3412 OUT PHANDLE SectionHandle, 3413 IN ACCESS_MASK DesiredAccess, 3414 IN POBJECT_ATTRIBUTES ObjectAttributes, 3415 IN PLARGE_INTEGER SectionSize OPTIONAL, 3416 IN ULONG Protect, 3417 IN ULONG Attributes, 3418 IN HANDLE FileHandle 3419 ); 3420 3421 NTSYSAPI NTSTATUS NTAPI NtCreateSemaphore( 3422 OUT PHANDLE SemaphoreHandle, 3423 IN ACCESS_MASK DesiredAccess, 3424 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, 3425 IN ULONG InitialCount, 3426 IN ULONG MaximumCount 3427 ); 3428 3429 NTSYSAPI NTSTATUS NTAPI NtCreateSymbolicLinkObject( 3430 OUT PHANDLE SymbolicLinkHandle, 3431 IN ACCESS_MASK DesiredAccess, 3432 IN POBJECT_ATTRIBUTES ObjectAttributes, 3433 IN PUNICODE_STRING TargetName 3434 ); 3435 3436 NTSYSAPI NTSTATUS NTAPI NtCreateThread( 3437 OUT PHANDLE ThreadHandle, 3438 IN ACCESS_MASK DesiredAccess, 3439 IN POBJECT_ATTRIBUTES ObjectAttributes, 3440 IN HANDLE ProcessHandle, 3441 OUT PCLIENT_ID ClientId, 3442 IN PCONTEXT ThreadContext, 3443 IN PUSER_STACK UserStack, 3444 IN BOOLEAN CreateSuspended 3445 ); 3446 3447 NTSYSAPI NTSTATUS NTAPI NtCreateToken( 3448 OUT PHANDLE TokenHandle, 3449 IN ACCESS_MASK DesiredAccess, 3450 IN POBJECT_ATTRIBUTES ObjectAttributes, 3451 IN TOKEN_TYPE Type, 3452 IN PLUID AuthenticationId, 3453 IN PLARGE_INTEGER ExpirationTime, 3454 IN PTOKEN_USER User, 3455 IN PTOKEN_GROUPS Groups, 3456 IN PTOKEN_PRIVILEGES Privileges, 3457 IN PTOKEN_OWNER Owner, 3458 IN PTOKEN_PRIMARY_GROUP PrimaryGroup, 3459 IN PTOKEN_DEFAULT_DACL DefaultDacl, 3460 IN PTOKEN_SOURCE Source 3461 ); 3462 3463 NTSYSAPI NTSTATUS NTAPI NtCreateWaitablePort( 3464 OUT PHANDLE PortHandle, 3465 IN POBJECT_ATTRIBUTES ObjectAttributes, 3466 IN ULONG MaxConnectionInfoLength, 3467 IN ULONG MaxMessageLength, 3468 IN ULONG MaxPoolUsage 3469 ); 3470 3471 NTSYSAPI NTSTATUS NTAPI NtDebugActiveProcess( 3472 IN HANDLE Process, 3473 IN HANDLE DebugObject 3474 ); 3475 3476 NTSYSAPI NTSTATUS NTAPI NtDebugContinue( 3477 IN HANDLE DebugObject, 3478 IN PCLIENT_ID AppClientId, 3479 IN NTSTATUS ContinueStatus 3480 ); 3481 3482 NTSYSAPI NTSTATUS NTAPI NtDelayExecution( 3483 IN BOOLEAN Alertable, 3484 IN PLARGE_INTEGER DelayInterval 3485 ); 3486 3487 NTSYSAPI NTSTATUS NTAPI NtDeleteAtom( 3488 IN USHORT Atom 3489 ); 3490 3491 NTSYSAPI NTSTATUS NTAPI NtDeleteBootEntry( 3492 IN PUNICODE_STRING EntryName, 3493 IN PUNICODE_STRING EntryValue 3494 ); 3495 3496 NTSYSAPI NTSTATUS NTAPI NtDeleteDriverEntry( 3497 IN PUNICODE_STRING DriverName, 3498 IN PUNICODE_STRING DriverPath 3499 ); 3500 3501 NTSYSAPI NTSTATUS NTAPI NtDeleteFile( 3502 IN POBJECT_ATTRIBUTES ObjectAttributes 3503 ); 3504 3505 NTSYSAPI NTSTATUS NTAPI NtDeleteKey( 3506 IN HANDLE KeyHandle 3507 ); 3508 3509 NTSYSAPI NTSTATUS NTAPI NtDeleteObjectAuditAlarm( 3510 IN PUNICODE_STRING SubsystemName, 3511 IN PVOID HandleId, 3512 IN BOOLEAN GenerateOnClose 3513 ); 3514 3515 NTSYSAPI NTSTATUS NTAPI NtDeleteValueKey( 3516 IN HANDLE KeyHandle, 3517 IN PUNICODE_STRING ValueName 3518 ); 3519 3520 NTSYSAPI NTSTATUS NTAPI NtDeviceIoControlFile( 3521 IN HANDLE FileHandle, 3522 IN HANDLE Event OPTIONAL, 3523 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, 3524 IN PVOID ApcContext OPTIONAL, 3525 OUT PIO_STATUS_BLOCK IoStatusBlock, 3526 IN ULONG IoControlCode, 3527 IN PVOID InputBuffer OPTIONAL, 3528 IN ULONG InputBufferLength, 3529 OUT PVOID OutputBuffer OPTIONAL, 3530 IN ULONG OutputBufferLength 3531 ); 3532 3533 NTSYSAPI NTSTATUS NTAPI NtDisplayString( 3534 IN PUNICODE_STRING String 3535 ); 3536 3537 NTSYSAPI NTSTATUS NTAPI NtDuplicateObject( 3538 IN HANDLE SourceProcessHandle, 3539 IN HANDLE SourceHandle, 3540 IN HANDLE TargetProcessHandle OPTIONAL, 3541 OUT PHANDLE TargetHandle OPTIONAL, 3542 IN ACCESS_MASK DesiredAccess, 3543 IN ULONG HandleAttributes, 3544 IN ULONG Options 3545 ); 3546 3547 NTSYSAPI NTSTATUS NTAPI NtDuplicateToken( 3548 IN HANDLE ExistingTokenHandle, 3549 IN ACCESS_MASK DesiredAccess, 3550 IN POBJECT_ATTRIBUTES ObjectAttributes, 3551 IN BOOLEAN EffectiveOnly, 3552 IN TOKEN_TYPE TokenType, 3553 OUT PHANDLE NewTokenHandle 3554 ); 3555 3556 NTSYSAPI NTSTATUS NTAPI NtEnumerateBootEntries( 3557 IN ULONG Unknown1, 3558 IN ULONG Unknown2 3559 ); 3560 NTSYSAPI NTSTATUS NTAPI NtEnumerateKey( 3561 IN HANDLE KeyHandle, 3562 IN ULONG Index, 3563 IN KEY_INFORMATION_CLASS KeyInformationClass, 3564 OUT PVOID KeyInformation, 3565 IN ULONG KeyInformationLength, 3566 OUT PULONG ResultLength 3567 ); 3568 3569 NTSYSAPI NTSTATUS NTAPI NtEnumerateSystemEnvironmentValuesEx( 3570 IN ULONG Unknown1, 3571 IN ULONG Unknown2, 3572 IN ULONG Unknown3 3573 ); 3574 3575 NTSYSAPI NTSTATUS NTAPI NtEnumerateValueKey( 3576 IN HANDLE KeyHandle, 3577 IN ULONG Index, 3578 IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass, 3579 OUT PVOID KeyValueInformation, 3580 IN ULONG KeyValueInformationLength, 3581 OUT PULONG ResultLength 3582 ); 3583 3584 NTSYSAPI NTSTATUS NTAPI NtExtendSection( 3585 IN HANDLE SectionHandle, 3586 IN PLARGE_INTEGER SectionSize 3587 ); 3588 3589 NTSYSAPI NTSTATUS NTAPI NtFilterToken( 3590 IN HANDLE ExistingTokenHandle, 3591 IN ULONG Flags, 3592 IN PTOKEN_GROUPS SidsToDisable, 3593 IN PTOKEN_PRIVILEGES PrivilegesToDelete, 3594 IN PTOKEN_GROUPS SidsToRestricted, 3595 OUT PHANDLE NewTokenHandle 3596 ); 3597 3598 NTSYSAPI NTSTATUS NTAPI NtFindAtom( 3599 IN PWSTR String, 3600 IN ULONG StringLength, 3601 OUT PUSHORT Atom 3602 ); 3603 3604 NTSYSAPI NTSTATUS NTAPI NtFlushBuffersFile( 3605 IN HANDLE FileHandle, 3606 OUT PIO_STATUS_BLOCK IoStatusBlock 3607 ); 3608 3609 NTSYSAPI NTSTATUS NTAPI NtFlushInstructionCache( 3610 IN HANDLE ProcessHandle, 3611 IN PVOID BaseAddress OPTIONAL, 3612 IN ULONG FlushSize 3613 ); 3614 3615 NTSYSAPI NTSTATUS NTAPI NtFlushKey( 3616 IN HANDLE KeyHandle 3617 ); 3618 3619 NTSYSAPI NTSTATUS NTAPI NtFlushVirtualMemory( 3620 IN HANDLE ProcessHandle, 3621 IN OUT PVOID *BaseAddress, 3622 IN OUT PULONG FlushSize, 3623 OUT PIO_STATUS_BLOCK IoStatusBlock 3624 ); 3625 3626 NTSYSAPI NTSTATUS NTAPI NtFlushWriteBuffer( 3627 VOID 3628 ); 3629 3630 NTSYSAPI NTSTATUS NTAPI NtYieldExecution( 3631 VOID 3632 ); 3633 3634 NTSYSAPI NTSTATUS NTAPI NtWriteVirtualMemory( 3635 IN HANDLE ProcessHandle, 3636 IN PVOID BaseAddress, 3637 IN PVOID Buffer, 3638 IN ULONG BufferLength, 3639 OUT PULONG ReturnLength OPTIONAL 3640 ); 3641 3642 NTSYSAPI NTSTATUS NTAPI NtWriteRequestData( 3643 IN HANDLE PortHandle, 3644 IN PPORT_MESSAGE Message, 3645 IN ULONG Index, 3646 IN PVOID Buffer, 3647 IN ULONG BufferLength, 3648 OUT PULONG ReturnLength OPTIONAL 3649 ); 3650 3651 NTSYSAPI NTSTATUS NTAPI NtWriteFileGather( 3652 IN HANDLE FileHandle, 3653 IN HANDLE Event OPTIONAL, 3654 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, 3655 IN PVOID ApcContext OPTIONAL, 3656 OUT PIO_STATUS_BLOCK IoStatusBlock, 3657 IN PFILE_SEGMENT_ELEMENT Buffer, 3658 IN ULONG Length, 3659 IN PLARGE_INTEGER ByteOffset OPTIONAL, 3660 IN PULONG Key OPTIONAL 3661 ); 3662 3663 NTSYSAPI NTSTATUS NTAPI NtWriteFile( 3664 IN HANDLE FileHandle, 3665 IN HANDLE Event OPTIONAL, 3666 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, 3667 IN PVOID ApcContext OPTIONAL, 3668 OUT PIO_STATUS_BLOCK IoStatusBlock, 3669 IN PVOID Buffer, 3670 IN ULONG Length, 3671 IN PLARGE_INTEGER ByteOffset OPTIONAL, 3672 IN PULONG Key OPTIONAL 3673 ); 3674 3675 NTSYSAPI NTSTATUS NTAPI NtWaitLowEventPair( 3676 IN HANDLE EventPairHandle 3677 ); 3678 3679 NTSYSAPI NTSTATUS NTAPI NtWaitHighEventPair( 3680 IN HANDLE EventPairHandle 3681 ); 3682 3683 NTSYSAPI NTSTATUS NTAPI NtWaitForSingleObject( 3684 IN HANDLE Handle, 3685 IN BOOLEAN Alertable, 3686 IN PLARGE_INTEGER Timeout OPTIONAL 3687 ); 3688 3689 NTSYSAPI NTSTATUS NTAPI NtWaitForMultipleObjects32( 3690 IN ULONG HandleCount, 3691 IN PHANDLE Handles, 3692 IN WAIT_TYPE WaitType, 3693 IN BOOLEAN Alertable, 3694 IN PLARGE_INTEGER Timeout OPTIONAL 3695 ); 3696 3697 NTSYSAPI NTSTATUS NTAPI NtWaitForMultipleObjects( 3698 IN ULONG HandleCount, 3699 IN PHANDLE Handles, 3700 IN WAIT_TYPE WaitType, 3701 IN BOOLEAN Alertable, 3702 IN PLARGE_INTEGER Timeout OPTIONAL 3703 ); 3704 3705 NTSYSAPI NTSTATUS NTAPI NtWaitForKeyedEvent( 3706 IN HANDLE KeyedEventHandle, 3707 IN PVOID Key, 3708 IN BOOLEAN Alertable, 3709 IN PLARGE_INTEGER Timeout OPTIONAL 3710 ); 3711 3712 NTSYSAPI NTSTATUS NTAPI NtUnmapViewOfSection( 3713 IN HANDLE ProcessHandle, 3714 IN PVOID BaseAddress 3715 ); 3716 3717 NTSYSAPI NTSTATUS NTAPI NtUnlockVirtualMemory( 3718 IN HANDLE ProcessHandle, 3719 IN OUT PVOID *BaseAddress, 3720 IN OUT PULONG LockSize, 3721 IN ULONG LockType 3722 ); 3723 3724 NTSYSAPI NTSTATUS NTAPI NtUnlockFile( 3725 IN HANDLE FileHandle, 3726 OUT PIO_STATUS_BLOCK IoStatusBlock, 3727 IN PULARGE_INTEGER LockOffset, 3728 IN PULARGE_INTEGER LockLength, 3729 IN ULONG Key 3730 ); 3731 3732 NTSYSAPI NTSTATUS NTAPI NtUnloadKeyEx( 3733 IN POBJECT_ATTRIBUTES KeyObjectAttributes, 3734 IN HANDLE EventHandle OPTIONAL 3735 ); 3736 3737 NTSYSAPI NTSTATUS NTAPI NtUnloadKey2( 3738 IN POBJECT_ATTRIBUTES KeyObjectAttributes, 3739 IN BOOLEAN ForceUnload 3740 ); 3741 3742 NTSYSAPI NTSTATUS NTAPI NtUnloadKey( 3743 IN POBJECT_ATTRIBUTES KeyObjectAttributes 3744 ); 3745 3746 NTSYSAPI NTSTATUS NTAPI NtUnloadDriver( 3747 IN PUNICODE_STRING DriverServiceName 3748 ); 3749 3750 NTSYSAPI NTSTATUS NTAPI NtTerminateThread( 3751 IN HANDLE ThreadHandle OPTIONAL, 3752 IN NTSTATUS ExitStatus 3753 ); 3754 3755 NTSYSAPI NTSTATUS NTAPI NtTerminateProcess( 3756 IN HANDLE ProcessHandle OPTIONAL, 3757 IN NTSTATUS ExitStatus 3758 ); 3759 3760 NTSYSAPI NTSTATUS NTAPI NtTerminateJobObject( 3761 IN HANDLE JobHandle, 3762 IN NTSTATUS ExitStatus 3763 ); 3764 3765 NTSYSAPI NTSTATUS NTAPI NtSystemDebugControl( 3766 IN DEBUG_CONTROL_CODE ControlCode, 3767 IN PVOID InputBuffer OPTIONAL, 3768 IN ULONG InputBufferLength, 3769 OUT PVOID OutputBuffer OPTIONAL, 3770 IN ULONG OutputBufferLength, 3771 OUT PULONG ReturnLength OPTIONAL 3772 ); 3773 3774 NTSYSAPI NTSTATUS NTAPI NtSuspendThread( 3775 IN HANDLE ThreadHandle, 3776 OUT PULONG PreviousSuspendCount OPTIONAL 3777 ); 3778 3779 NTSYSAPI NTSTATUS NTAPI NtSuspendProcess( 3780 IN HANDLE Process 3781 ); 3782 3783 NTSYSAPI NTSTATUS NTAPI NtStopProfile( 3784 IN HANDLE ProfileHandle 3785 ); 3786 NTSYSAPI NTSTATUS NTAPI NtStartProfile( 3787 IN HANDLE ProfileHandle 3788 ); 3789 3790 NTSYSAPI NTSTATUS NTAPI NtSignalAndWaitForSingleObject( 3791 IN HANDLE HandleToSignal, 3792 IN HANDLE HandleToWait, 3793 IN BOOLEAN Alertable, 3794 IN PLARGE_INTEGER Timeout OPTIONAL 3795 ); 3796 3797 NTSYSAPI NTSTATUS NTAPI NtShutdownSystem( 3798 IN SHUTDOWN_ACTION Action 3799 ); 3800 3801 NTSYSAPI NTSTATUS NTAPI NtSetVolumeInformationFile( 3802 IN HANDLE FileHandle, 3803 OUT PIO_STATUS_BLOCK IoStatusBlock, 3804 IN PVOID Buffer, 3805 IN ULONG BufferLength, 3806 IN FS_INFORMATION_CLASS VolumeInformationClass 3807 ); 3808 3809 NTSYSAPI NTSTATUS NTAPI NtSetValueKey( 3810 IN HANDLE KeyHandle, 3811 IN PUNICODE_STRING ValueName, 3812 IN ULONG TitleIndex OPTIONAL, 3813 IN ULONG Type, 3814 IN PVOID Data, 3815 IN ULONG DataSize 3816 ); 3817 3818 NTSYSAPI NTSTATUS NTAPI NtSetUuidSeed( 3819 IN PUCHAR UuidSeed 3820 ); 3821 3822 NTSYSAPI NTSTATUS NTAPI NtSetTimerResolution( 3823 IN ULONG RequestedResolution, 3824 IN BOOLEAN Set, 3825 OUT PULONG ActualResolution 3826 ); 3827 3828 NTSYSAPI NTSTATUS NTAPI NtSetThreadExecutionState( 3829 IN EXECUTION_STATE ExecutionState, 3830 OUT PEXECUTION_STATE PreviousExecutionState 3831 ); 3832 3833 NTSYSAPI NTSTATUS NTAPI NtSetSystemTime( 3834 IN PLARGE_INTEGER NewTime, 3835 OUT PLARGE_INTEGER OldTime OPTIONAL 3836 ); 3837 3838 NTSYSAPI NTSTATUS NTAPI NtSetSystemPowerState( 3839 IN POWER_ACTION SystemAction, 3840 IN SYSTEM_POWER_STATE MinSystemState, 3841 IN ULONG Flags 3842 ); 3843 3844 NTSYSAPI NTSTATUS NTAPI NtSetSystemInformation( 3845 IN SYSTEM_INFORMATION_CLASS SystemInformationClass, 3846 IN OUT PVOID SystemInformation, 3847 IN ULONG SystemInformationLength 3848 ); 3849 3850 NTSYSAPI NTSTATUS NTAPI NtSetSystemEnvironmentValue( 3851 IN PUNICODE_STRING Name, 3852 IN PUNICODE_STRING Value 3853 ); 3854 3855 NTSYSAPI NTSTATUS NTAPI NtSetSecurityObject( 3856 IN HANDLE Handle, 3857 IN SECURITY_INFORMATION SecurityInformation, 3858 IN PSECURITY_DESCRIPTOR SecurityDescriptor 3859 ); 3860 3861 NTSYSAPI NTSTATUS NTAPI NtSetLowWaitHighEventPair( 3862 IN HANDLE EventPairHandle 3863 ); 3864 3865 NTSYSAPI NTSTATUS NTAPI NtSetLowEventPair( 3866 IN HANDLE EventPairHandle 3867 ); 3868 3869 NTSYSAPI NTSTATUS NTAPI NtSetLdtEntries( 3870 IN ULONG Selector1, 3871 IN LDT_ENTRY LdtEntry1, 3872 IN ULONG Selector2, 3873 IN LDT_ENTRY LdtEntry2 3874 ); 3875 3876 NTSYSAPI NTSTATUS NTAPI NtSetIoCompletion( 3877 IN HANDLE IoCompletionHandle, 3878 IN ULONG CompletionKey, 3879 IN ULONG CompletionValue, 3880 IN NTSTATUS Status, 3881 IN ULONG Information 3882 ); 3883 3884 NTSYSAPI NTSTATUS NTAPI NtSetIntervalProfile( 3885 IN ULONG Interval, 3886 IN KPROFILE_SOURCE Source 3887 ); 3888 3889 NTSYSAPI NTSTATUS NTAPI NtSetInformationToken( 3890 IN HANDLE TokenHandle, 3891 IN TOKEN_INFORMATION_CLASS TokenInformationClass, 3892 IN PVOID TokenInformation, 3893 IN ULONG TokenInformationLength 3894 ); 3895 3896 NTSYSAPI NTSTATUS NTAPI NtSetInformationThread( 3897 IN HANDLE ThreadHandle, 3898 IN THREADINFOCLASS ThreadInformationClass, 3899 IN PVOID ThreadInformation, 3900 IN ULONG ThreadInformationLength 3901 ); 3902 3903 NTSYSAPI NTSTATUS NTAPI NtSetInformationProcess( 3904 IN HANDLE ProcessHandle, 3905 IN PROCESSINFOCLASS ProcessInformationClass, 3906 IN PVOID ProcessInformation, 3907 IN ULONG ProcessInformationLength 3908 ); 3909 3910 NTSYSAPI NTSTATUS NTAPI NtSetInformationObject( 3911 IN HANDLE ObjectHandle, 3912 IN OBJECT_INFORMATION_CLASS ObjectInformationClass, 3913 IN PVOID ObjectInformation, 3914 IN ULONG ObjectInformationLength 3915 ); 3916 3917 NTSYSAPI NTSTATUS NTAPI NtSetInformationKey( 3918 IN HANDLE KeyHandle, 3919 IN KEY_SET_INFORMATION_CLASS KeyInformationClass, 3920 IN PVOID KeyInformation, 3921 IN ULONG KeyInformationLength 3922 ); 3923 3924 NTSYSAPI NTSTATUS NTAPI NtSetInformationJobObject( 3925 IN HANDLE JobHandle, 3926 IN JOBOBJECTINFOCLASS JobInformationClass, 3927 IN PVOID JobInformation, 3928 IN ULONG JobInformationLength 3929 ); 3930 3931 NTSYSAPI NTSTATUS NTAPI NtSetInformationFile( 3932 IN HANDLE FileHandle, 3933 OUT PIO_STATUS_BLOCK IoStatusBlock, 3934 IN PVOID FileInformation, 3935 IN ULONG FileInformationLength, 3936 IN FILE_INFORMATION_CLASS FileInformationClass 3937 ); 3938 3939 NTSYSAPI NTSTATUS NTAPI NtSetHighWaitLowEventPair( 3940 IN HANDLE EventPairHandle 3941 ); 3942 3943 NTSYSAPI NTSTATUS NTAPI NtSetHighEventPair( 3944 IN HANDLE EventPairHandle 3945 ); 3946 3947 NTSYSAPI NTSTATUS NTAPI NtSetEventBoostPriority( 3948 IN HANDLE EventHandle 3949 ); 3950 3951 NTSYSAPI NTSTATUS NTAPI NtSetEvent( 3952 IN HANDLE EventHandle, 3953 OUT PULONG PreviousState OPTIONAL 3954 ); 3955 3956 NTSYSAPI NTSTATUS NTAPI NtSetEaFile( 3957 IN HANDLE FileHandle, 3958 OUT PIO_STATUS_BLOCK IoStatusBlock, 3959 IN PFILE_FULL_EA_INFORMATION Buffer, 3960 IN ULONG BufferLength 3961 ); 3962 3963 NTSYSAPI NTSTATUS NTAPI NtSetDefaultUILanguage( 3964 IN LANGID LanguageId 3965 ); 3966 3967 NTSYSAPI NTSTATUS NTAPI NtSetDefaultLocale( 3968 IN BOOLEAN ThreadOrSystem, 3969 IN LCID Locale 3970 ); 3971 3972 NTSYSAPI NTSTATUS NTAPI NtSetDefaultHardErrorPort( 3973 IN HANDLE PortHandle 3974 ); 3975 3976 NTSYSAPI NTSTATUS NTAPI NtSetDebugFilterState( 3977 IN ULONG ComponentId, 3978 IN ULONG Level, 3979 IN BOOLEAN Enable 3980 ); 3981 3982 NTSYSAPI NTSTATUS NTAPI NtSetContextThread( 3983 IN HANDLE ThreadHandle, 3984 IN PCONTEXT Context 3985 ); 3986 3987 NTSYSAPI NTSTATUS NTAPI NtSetContextChannel( 3988 IN HANDLE CHannelHandle 3989 ); 3990 3991 NTSYSAPI NTSTATUS NTAPI NtSetBootEntryOrder( 3992 IN ULONG Unknown1, 3993 IN ULONG Unknown2 3994 ); 3995 3996 NTSYSAPI NTSTATUS NTAPI NtSecureConnectPort( 3997 OUT PHANDLE PortHandle, 3998 IN PUNICODE_STRING PortName, 3999 IN PSECURITY_QUALITY_OF_SERVICE SecurityQos, 4000 IN OUT PPORT_VIEW ClientView OPTIONAL, 4001 IN PSID ServerSid OPTIONAL, 4002 OUT PREMOTE_PORT_VIEW ServerView OPTIONAL, 4003 OUT PULONG MaxMessageLength OPTIONAL, 4004 IN OUT PVOID ConnectInformation OPTIONAL, 4005 IN OUT PULONG ConnectInformationLength OPTIONAL 4006 ); 4007 4008 NTSYSAPI NTSTATUS NTAPI NtSaveMergedKeys( 4009 IN HANDLE KeyHandle1, 4010 IN HANDLE KeyHandle2, 4011 IN HANDLE FileHandle 4012 ); 4013 4014 NTSYSAPI NTSTATUS NTAPI NtSaveKeyEx( 4015 IN HANDLE KeyHandle, 4016 IN HANDLE FileHandle, 4017 IN ULONG Flags 4018 ); 4019 4020 NTSYSAPI NTSTATUS NTAPI NtSaveKey( 4021 IN HANDLE KeyHandle, 4022 IN HANDLE FileHandle 4023 ); 4024 4025 NTSYSAPI NTSTATUS NTAPI NtResumeThread( 4026 IN HANDLE ThreadHandle, 4027 OUT PULONG PreviousSuspendCount OPTIONAL 4028 ); 4029 4030 NTSYSAPI NTSTATUS NTAPI NtResumeProcess( 4031 IN HANDLE Process 4032 ); 4033 4034 NTSYSAPI NTSTATUS NTAPI NtRestoreKey( 4035 IN HANDLE KeyHandle, 4036 IN HANDLE FileHandle, 4037 IN ULONG Flags 4038 ); 4039 4040 NTSYSAPI NTSTATUS NTAPI NtResetWriteWatch( 4041 IN HANDLE ProcessHandle, 4042 IN PVOID BaseAddress, 4043 IN ULONG RegionSize 4044 ); 4045 4046 NTSYSAPI NTSTATUS NTAPI NtResetEvent( 4047 IN HANDLE EventHandle, 4048 OUT PULONG PreviousState OPTIONAL 4049 ); 4050 4051 NTSYSAPI NTSTATUS NTAPI NtRequestWakeupLatency( 4052 IN LATENCY_TIME Latency 4053 ); 4054 4055 NTSYSAPI NTSTATUS NTAPI NtRequestWaitReplyPort( 4056 IN HANDLE PortHandle, 4057 IN PPORT_MESSAGE RequestMessage, 4058 OUT PPORT_MESSAGE ReplyMessage 4059 ); 4060 4061 NTSYSAPI NTSTATUS NTAPI NtRequestPort( 4062 IN HANDLE PortHandle, 4063 IN PPORT_MESSAGE RequestMessage 4064 ); 4065 4066 NTSYSAPI NTSTATUS NTAPI NtRequestDeviceWakeup( 4067 IN HANDLE DeviceHandle 4068 ); 4069 4070 NTSYSAPI NTSTATUS NTAPI NtReplyWaitReplyPort( 4071 IN HANDLE PortHandle, 4072 IN OUT PPORT_MESSAGE ReplyMessage 4073 ); 4074 4075 NTSYSAPI NTSTATUS NTAPI NtReplyWaitReceivePortEx( 4076 IN HANDLE PortHandle, 4077 OUT PVOID* PortIdentifier OPTIONAL, 4078 IN PPORT_MESSAGE ReplyMessage OPTIONAL, 4079 OUT PPORT_MESSAGE Message, 4080 IN PLARGE_INTEGER Timeout 4081 ); 4082 4083 NTSYSAPI NTSTATUS NTAPI NtReplyWaitReceivePort( 4084 IN HANDLE PortHandle, 4085 OUT PULONG PortIdentifier OPTIONAL, 4086 IN PPORT_MESSAGE ReplyMessage OPTIONAL, 4087 OUT PPORT_MESSAGE Message 4088 ); 4089 4090 NTSYSAPI NTSTATUS NTAPI NtReplyPort( 4091 IN HANDLE PortHandle, 4092 IN PPORT_MESSAGE ReplyMessage 4093 ); 4094 4095 NTSYSAPI NTSTATUS NTAPI NtReplaceKey( 4096 IN POBJECT_ATTRIBUTES NewFileObjectAttributes, 4097 IN HANDLE KeyHandle, 4098 IN POBJECT_ATTRIBUTES OldFileObjectAttributes 4099 ); 4100 4101 NTSYSAPI NTSTATUS NTAPI NtRenameKey( 4102 IN HANDLE KeyHandle, 4103 IN PUNICODE_STRING ReplacementName 4104 ); 4105 4106 NTSYSAPI NTSTATUS NTAPI NtRemoveProcessDebug( 4107 IN HANDLE Process, 4108 IN HANDLE DebugObject 4109 ); 4110 4111 NTSYSAPI NTSTATUS NTAPI NtRemoveIoCompletion( 4112 IN HANDLE IoCompletionHandle, 4113 OUT PULONG CompletionKey, 4114 OUT PULONG CompletionValue, 4115 OUT PIO_STATUS_BLOCK IoStatusBlock, 4116 IN PLARGE_INTEGER Timeout OPTIONAL 4117 ); 4118 4119 NTSYSAPI NTSTATUS NTAPI NtReleaseSemaphore( 4120 IN HANDLE SemaphoreHandle, 4121 IN LONG ReleaseCount, 4122 OUT PLONG PreviousCount OPTIONAL 4123 ); 4124 4125 NTSYSAPI NTSTATUS NTAPI NtReleaseMutant( 4126 IN HANDLE MutantHandle, 4127 OUT PULONG PreviousState 4128 ); 4129 4130 NTSYSAPI NTSTATUS NTAPI NtReleaseKeyedEvent( 4131 IN HANDLE KeyedEventHandle, 4132 IN PVOID Key, 4133 IN BOOLEAN Alertable, 4134 IN PLARGE_INTEGER Timeout OPTIONAL 4135 ); 4136 4137 NTSYSAPI NTSTATUS NTAPI NtRegisterThreadTerminatePort( 4138 IN HANDLE PortHandle 4139 ); 4140 4141 NTSYSAPI NTSTATUS NTAPI NtReadVirtualMemory( 4142 IN HANDLE ProcessHandle, 4143 IN PVOID BaseAddress, 4144 OUT PVOID Buffer, 4145 IN ULONG BufferLength, 4146 OUT PULONG ReturnLength OPTIONAL 4147 ); 4148 4149 NTSYSAPI NTSTATUS NTAPI NtReadRequestData( 4150 IN HANDLE PortHandle, 4151 IN PPORT_MESSAGE Message, 4152 IN ULONG Index, 4153 OUT PVOID Buffer, 4154 IN ULONG BufferLength, 4155 OUT PULONG ReturnLength OPTIONAL 4156 ); 4157 4158 NTSYSAPI NTSTATUS NTAPI NtReadFileScatter( 4159 IN HANDLE FileHandle, 4160 IN HANDLE Event OPTIONAL, 4161 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, 4162 IN PVOID ApcContext OPTIONAL, 4163 OUT PIO_STATUS_BLOCK IoStatusBlock, 4164 IN PFILE_SEGMENT_ELEMENT Buffer, 4165 IN ULONG Length, 4166 IN PLARGE_INTEGER ByteOffset OPTIONAL, 4167 IN PULONG Key OPTIONAL 4168 ); 4169 4170 NTSYSAPI NTSTATUS NTAPI NtReadFile( 4171 IN HANDLE FileHandle, 4172 IN HANDLE Event OPTIONAL, 4173 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, 4174 IN PVOID ApcContext OPTIONAL, 4175 OUT PIO_STATUS_BLOCK IoStatusBlock, 4176 OUT PVOID Buffer, 4177 IN ULONG Length, 4178 IN PLARGE_INTEGER ByteOffset OPTIONAL, 4179 IN PULONG Key OPTIONAL 4180 ); 4181 4182 NTSYSAPI NTSTATUS NTAPI NtRaiseHardError( 4183 IN NTSTATUS Status, 4184 IN ULONG NumberOfArguments, 4185 IN ULONG StringArgumentsMask, 4186 IN PULONG_PTR Arguments, 4187 IN HARDERROR_RESPONSE_OPTION ResponseOption, 4188 OUT PHARDERROR_RESPONSE Response 4189 ); 4190 4191 NTSYSAPI NTSTATUS NTAPI NtRaiseException( 4192 IN PEXCEPTION_RECORD ExceptionRecord, 4193 IN PCONTEXT Context, 4194 IN BOOLEAN SearchFrames 4195 ); 4196 4197 NTSYSAPI NTSTATUS NTAPI NtQueueApcThread( 4198 IN HANDLE ThreadHandle, 4199 IN PKNORMAL_ROUTINE ApcRoutine, 4200 IN PVOID ApcContext OPTIONAL, 4201 IN PVOID Argument1 OPTIONAL, 4202 IN PVOID Argument2 OPTIONAL 4203 ); 4204 4205 NTSYSAPI NTSTATUS NTAPI NtQueryVolumeInformationFile( 4206 IN HANDLE FileHandle, 4207 OUT PIO_STATUS_BLOCK IoStatusBlock, 4208 OUT PVOID VolumeInformation, 4209 IN ULONG VolumeInformationLength, 4210 IN FS_INFORMATION_CLASS VolumeInformationClass 4211 ); 4212 4213 NTSYSAPI NTSTATUS NTAPI NtQueryVirtualMemory( 4214 IN HANDLE ProcessHandle, 4215 IN PVOID BaseAddress, 4216 IN MEMORY_INFORMATION_CLASS MemoryInformationClass, 4217 OUT PVOID MemoryInformation, 4218 IN ULONG MemoryInformationLength, 4219 OUT PULONG ReturnLength OPTIONAL 4220 ); 4221 4222 NTSYSAPI NTSTATUS NTAPI NtQueryValueKey( 4223 IN HANDLE KeyHandle, 4224 IN PUNICODE_STRING ValueName, 4225 IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass, 4226 OUT PVOID KeyValueInformation, 4227 IN ULONG KeyValueInformationLength, 4228 OUT PULONG ResultLength 4229 ); 4230 4231 NTSYSAPI NTSTATUS NTAPI NtQueryTimerResolution( 4232 OUT PULONG CoarsestResolution, 4233 OUT PULONG FinestResolution, 4234 OUT PULONG ActualResolution 4235 ); 4236 4237 NTSYSAPI NTSTATUS NTAPI NtQuerySystemTime( 4238 OUT PLARGE_INTEGER CurrentTime 4239 ); 4240 4241 NTSYSAPI NTSTATUS NTAPI NtQuerySystemInformation( 4242 IN SYSTEM_INFORMATION_CLASS SystemInformationClass, 4243 IN OUT PVOID SystemInformation, 4244 IN ULONG SystemInformationLength, 4245 OUT PULONG ReturnLength OPTIONAL 4246 ); 4247 4248 NTSYSAPI NTSTATUS NTAPI NtQuerySystemEnvironmentValueEx( 4249 IN ULONG Unknown1, 4250 IN ULONG Unknown2, 4251 IN ULONG Unknown3, 4252 IN ULONG Unknown4, 4253 IN ULONG Unknown5 4254 ); 4255 4256 NTSYSAPI NTSTATUS NTAPI NtQuerySystemEnvironmentValue( 4257 IN PUNICODE_STRING Name, 4258 OUT PVOID Value, 4259 IN ULONG ValueLength, 4260 OUT PULONG ReturnLength OPTIONAL 4261 ); 4262 4263 NTSYSAPI NTSTATUS NTAPI NtQuerySymbolicLinkObject( 4264 IN HANDLE SymbolicLinkHandle, 4265 IN OUT PUNICODE_STRING TargetName, 4266 OUT PULONG ReturnLength OPTIONAL 4267 ); 4268 4269 NTSYSAPI NTSTATUS NTAPI NtQuerySecurityObject( 4270 IN HANDLE ObjectHandle, 4271 IN SECURITY_INFORMATION SecurityInformation, 4272 OUT PSECURITY_DESCRIPTOR SecurityDescriptor, 4273 IN ULONG DescriptorLength, 4274 OUT PULONG ReturnLength 4275 ); 4276 4277 NTSYSAPI NTSTATUS NTAPI NtQuerySection( 4278 IN HANDLE SectionHandle, 4279 IN SECTION_INFORMATION_CLASS SectionInformationClass, 4280 OUT PVOID SectionInformation, 4281 IN ULONG SectionInformationLength, 4282 OUT PULONG ResultLength OPTIONAL 4283 ); 4284 4285 NTSYSAPI BOOLEAN NTAPI NtQueryPortInformationProcess( 4286 VOID 4287 ); 4288 4289 NTSYSAPI NTSTATUS NTAPI NtQueryPerformanceCounter( 4290 OUT PLARGE_INTEGER PerformanceCount, 4291 OUT PLARGE_INTEGER PerformanceFrequency OPTIONAL 4292 ); 4293 4294 NTSYSAPI NTSTATUS NTAPI NtQueryOpenSubKeys( 4295 IN POBJECT_ATTRIBUTES KeyObjectAttributes, 4296 OUT PULONG NumberOfKeys 4297 ); 4298 4299 NTSYSAPI NTSTATUS NTAPI NtQueryObject( 4300 IN HANDLE ObjectHandle, 4301 IN OBJECT_INFORMATION_CLASS ObjectInformationClass, 4302 OUT PVOID ObjectInformation, 4303 IN ULONG ObjectInformationLength, 4304 OUT PULONG ReturnLength OPTIONAL 4305 ); 4306 4307 NTSYSAPI NTSTATUS NTAPI NtQueryMultipleValueKey( 4308 IN HANDLE KeyHandle, 4309 IN OUT PKEY_VALUE_ENTRY ValueList, 4310 IN ULONG NumberOfValues, 4311 OUT PVOID Buffer, 4312 IN OUT PULONG Length, 4313 OUT PULONG ReturnLength 4314 ); 4315 4316 NTSYSAPI NTSTATUS NTAPI NtQueryKey( 4317 IN HANDLE KeyHandle, 4318 IN KEY_INFORMATION_CLASS KeyInformationClass, 4319 OUT PVOID KeyInformation, 4320 IN ULONG KeyInformationLength, 4321 OUT PULONG ResultLength 4322 ); 4323 4324 NTSYSAPI NTSTATUS NTAPI NtQueryIntervalProfile( 4325 IN KPROFILE_SOURCE Source, 4326 OUT PULONG Interval 4327 ); 4328 4329 NTSYSAPI NTSTATUS NTAPI NtQueryInstallUILanguage( 4330 OUT PLANGID LanguageId 4331 ); 4332 4333 NTSYSAPI NTSTATUS NTAPI NtQueryInformationToken( 4334 IN HANDLE TokenHandle, 4335 IN TOKEN_INFORMATION_CLASS TokenInformationClass, 4336 OUT PVOID TokenInformation, 4337 IN ULONG TokenInformationLength, 4338 OUT PULONG ReturnLength 4339 ); 4340 4341 NTSYSAPI NTSTATUS NTAPI NtQueryInformationThread( 4342 IN HANDLE ThreadHandle, 4343 IN THREADINFOCLASS ThreadInformationClass, 4344 OUT PVOID ThreadInformation, 4345 IN ULONG ThreadInformationLength, 4346 OUT PULONG ReturnLength OPTIONAL 4347 ); 4348 4349 NTSYSAPI NTSTATUS NTAPI NtQueryInformationProcess( 4350 IN HANDLE ProcessHandle, 4351 IN PROCESSINFOCLASS ProcessInformationClass, 4352 OUT PVOID ProcessInformation, 4353 IN ULONG ProcessInformationLength, 4354 OUT PULONG ReturnLength OPTIONAL 4355 ); 4356 4357 NTSYSAPI NTSTATUS NTAPI NtQueryInformationPort( 4358 IN HANDLE PortHandle, 4359 IN PORT_INFORMATION_CLASS PortInformationClass, 4360 OUT PVOID PortInformation, 4361 IN ULONG PortInformationLength, 4362 OUT PULONG ReturnLength OPTIONAL 4363 ); 4364 4365 NTSYSAPI NTSTATUS NTAPI NtQueryInformationJobObject( 4366 IN HANDLE JobHandle, 4367 IN JOBOBJECTINFOCLASS JobInformationClass, 4368 OUT PVOID JobInformation, 4369 IN ULONG JobInformationLength, 4370 OUT PULONG ReturnLength OPTIONAL 4371 ); 4372 4373 NTSYSAPI NTSTATUS NTAPI NtQueryInformationFile( 4374 IN HANDLE FileHandle, 4375 OUT PIO_STATUS_BLOCK IoStatusBlock, 4376 OUT PVOID FileInformation, 4377 IN ULONG FileInformationLength, 4378 IN FILE_INFORMATION_CLASS FileInformationClass 4379 ); 4380 4381 NTSYSAPI NTSTATUS NTAPI NtQueryInformationAtom( 4382 IN USHORT Atom, 4383 IN ATOM_INFORMATION_CLASS AtomInformationClass, 4384 OUT PVOID AtomInformation, 4385 IN ULONG AtomInformationLength, 4386 OUT PULONG ReturnLength OPTIONAL 4387 ); 4388 4389 NTSYSAPI NTSTATUS NTAPI NtQueryFullAttributesFile( 4390 IN POBJECT_ATTRIBUTES ObjectAttributes, 4391 OUT PFILE_NETWORK_OPEN_INFORMATION FileInformation 4392 ); 4393 4394 NTSYSAPI NTSTATUS NTAPI NtQueryEvent( 4395 IN HANDLE EventHandle, 4396 IN EVENT_INFORMATION_CLASS EventInformationClass, 4397 OUT PVOID EventInformation, 4398 IN ULONG EventInformationLength, 4399 OUT PULONG ResultLength OPTIONAL 4400 ); 4401 4402 NTSYSAPI NTSTATUS NTAPI NtQueryDirectoryObject( 4403 IN HANDLE DirectoryHandle, 4404 OUT PVOID Buffer, 4405 IN ULONG BufferLength, 4406 IN BOOLEAN ReturnSingleEntry, 4407 IN BOOLEAN RestartScan, 4408 IN OUT PULONG Context, 4409 OUT PULONG ReturnLength OPTIONAL 4410 ); 4411 4412 NTSYSAPI NTSTATUS NTAPI NtQueryDirectoryFile( 4413 IN HANDLE FileHandle, 4414 IN HANDLE Event OPTIONAL, 4415 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, 4416 IN PVOID ApcContext OPTIONAL, 4417 OUT PIO_STATUS_BLOCK IoStatusBlock, 4418 OUT PVOID FileInformation, 4419 IN ULONG FileInformationLength, 4420 IN FILE_INFORMATION_CLASS FileInformationClass, 4421 IN BOOLEAN ReturnSingleEntry, 4422 IN PUNICODE_STRING FileName OPTIONAL, 4423 IN BOOLEAN RestartScan 4424 ); 4425 4426 NTSYSAPI NTSTATUS NTAPI NtQueryDefaultUILanguage( 4427 OUT PLANGID LanguageId 4428 ); 4429 4430 NTSYSAPI NTSTATUS NTAPI NtQueryDefaultLocale( 4431 IN BOOLEAN ThreadOrSystem, 4432 OUT PLCID Locale 4433 ); 4434 4435 NTSYSAPI NTSTATUS NTAPI NtQueryDebugFilterState( 4436 IN ULONG ComponentId, 4437 IN ULONG Level 4438 ); 4439 4440 NTSYSAPI NTSTATUS NTAPI NtQueryBootOptions( 4441 IN ULONG Unknown1, 4442 IN ULONG Unknown2 4443 ); 4444 4445 NTSYSAPI NTSTATUS NTAPI NtQueryBootEntryOrder( 4446 IN ULONG Unknown1, 4447 IN ULONG Unknown2 4448 ); 4449 4450 NTSYSAPI NTSTATUS NTAPI NtQueryAttributesFile( 4451 IN POBJECT_ATTRIBUTES ObjectAttributes, 4452 OUT PFILE_BASIC_INFORMATION FileInformation 4453 ); 4454 4455 NTSYSAPI NTSTATUS NTAPI NtPulseEvent( 4456 IN HANDLE EventHandle, 4457 OUT PULONG PreviousState OPTIONAL 4458 ); 4459 4460 NTSYSAPI NTSTATUS NTAPI NtProtectVirtualMemory( 4461 IN HANDLE ProcessHandle, 4462 IN OUT PVOID *BaseAddress, 4463 IN OUT PULONG ProtectSize, 4464 IN ULONG NewProtect, 4465 OUT PULONG OldProtect 4466 ); 4467 4468 NTSYSAPI NTSTATUS NTAPI NtPrivilegedServiceAuditAlarm( 4469 IN PUNICODE_STRING SubsystemName, 4470 IN PUNICODE_STRING ServiceName, 4471 IN HANDLE TokenHandle, 4472 IN PPRIVILEGE_SET Privileges, 4473 IN BOOLEAN AccessGranted 4474 ); 4475 4476 NTSYSAPI NTSTATUS NTAPI NtPrivilegeObjectAuditAlarm( 4477 IN PUNICODE_STRING SubsystemName, 4478 IN PVOID HandleId, 4479 IN HANDLE TokenHandle, 4480 IN ACCESS_MASK DesiredAccess, 4481 IN PPRIVILEGE_SET Privileges, 4482 IN BOOLEAN AccessGranted 4483 ); 4484 4485 NTSYSAPI NTSTATUS NTAPI NtPrivilegeCheck( 4486 IN HANDLE TokenHandle, 4487 IN PPRIVILEGE_SET RequiredPrivileges, 4488 OUT PBOOLEAN Result 4489 ); 4490 4491 NTSYSAPI NTSTATUS NTAPI NtPowerInformation( 4492 IN POWER_INFORMATION_LEVEL PowerInformationLevel, 4493 IN PVOID InputBuffer OPTIONAL, 4494 IN ULONG InputBufferLength, 4495 OUT PVOID OutputBuffer OPTIONAL, 4496 IN ULONG OutputBufferLength 4497 ); 4498 4499 NTSYSAPI NTSTATUS NTAPI NtPlugPlayControl( 4500 IN ULONG ControlCode, 4501 IN OUT PVOID Buffer, 4502 IN ULONG BufferLength, 4503 IN PVOID Unknown OPTIONAL 4504 ); 4505 4506 NTSYSAPI NTSTATUS NTAPI NtOpenTimer( 4507 OUT PHANDLE TimerHandle, 4508 IN ACCESS_MASK DesiredAccess, 4509 IN POBJECT_ATTRIBUTES ObjectAttributes 4510 ); 4511 4512 NTSYSAPI NTSTATUS NTAPI NtOpenThreadTokenEx( 4513 IN HANDLE ThreadHandle, 4514 IN ACCESS_MASK DesiredAccess, 4515 IN BOOLEAN OpenAsSelf, 4516 IN ULONG HandleAttributes, 4517 OUT PHANDLE TokenHandle 4518 ); 4519 4520 NTSYSAPI NTSTATUS NTAPI NtOpenThreadToken( 4521 IN HANDLE ThreadHandle, 4522 IN ACCESS_MASK DesiredAccess, 4523 IN BOOLEAN OpenAsSelf, 4524 OUT PHANDLE TokenHandle 4525 ); 4526 4527 NTSYSAPI NTSTATUS NTAPI NtOpenThread( 4528 OUT PHANDLE ThreadHandle, 4529 IN ACCESS_MASK DesiredAccess, 4530 IN POBJECT_ATTRIBUTES ObjectAttributes, 4531 IN PCLIENT_ID ClientId 4532 ); 4533 4534 NTSYSAPI NTSTATUS NTAPI NtOpenSymbolicLinkObject( 4535 OUT PHANDLE SymbolicLinkHandle, 4536 IN ACCESS_MASK DesiredAccess, 4537 IN POBJECT_ATTRIBUTES ObjectAttributes 4538 ); 4539 4540 NTSYSAPI NTSTATUS NTAPI NtOpenSemaphore( 4541 OUT PHANDLE SemaphoreHandle, 4542 IN ACCESS_MASK DesiredAccess, 4543 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL 4544 ); 4545 4546 NTSYSAPI NTSTATUS NTAPI NtOpenSection( 4547 OUT PHANDLE SectionHandle, 4548 IN ACCESS_MASK DesiredAccess, 4549 IN POBJECT_ATTRIBUTES ObjectAttributes 4550 ); 4551 4552 NTSYSAPI NTSTATUS NTAPI NtOpenProcessTokenEx( 4553 IN HANDLE ProcessHandle, 4554 IN ACCESS_MASK DesiredAccess, 4555 IN ULONG HandleAttributes, 4556 OUT PHANDLE TokenHandle 4557 ); 4558 4559 NTSYSAPI NTSTATUS NTAPI NtOpenProcessToken( 4560 IN HANDLE ProcessHandle, 4561 IN ACCESS_MASK DesiredAccess, 4562 OUT PHANDLE TokenHandle 4563 ); 4564 4565 NTSYSAPI NTSTATUS NTAPI NtOpenProcess( 4566 OUT PHANDLE ProcessHandle, 4567 IN ACCESS_MASK DesiredAccess, 4568 IN POBJECT_ATTRIBUTES ObjectAttributes, 4569 IN PCLIENT_ID ClientId OPTIONAL 4570 ); 4571 4572 NTSYSAPI NTSTATUS NTAPI NtOpenObjectAuditAlarm( 4573 IN PUNICODE_STRING SubsystemName, 4574 IN PVOID *HandleId, 4575 IN PUNICODE_STRING ObjectTypeName, 4576 IN PUNICODE_STRING ObjectName, 4577 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 4578 IN HANDLE TokenHandle, 4579 IN ACCESS_MASK DesiredAccess, 4580 IN ACCESS_MASK GrantedAccess, 4581 IN PPRIVILEGE_SET Privileges OPTIONAL, 4582 IN BOOLEAN ObjectCreation, 4583 IN BOOLEAN AccessGranted, 4584 OUT PBOOLEAN GenerateOnClose 4585 ); 4586 4587 NTSYSAPI NTSTATUS NTAPI NtOpenMutant( 4588 OUT PHANDLE MutantHandle, 4589 IN ACCESS_MASK DesiredAccess, 4590 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL 4591 ); 4592 4593 NTSYSAPI NTSTATUS NTAPI NtOpenKeyedEvent( 4594 OUT PHANDLE KeyedEventHandle, 4595 IN ACCESS_MASK DesiredAccess, 4596 IN POBJECT_ATTRIBUTES ObjectAttributes 4597 ); 4598 4599 NTSYSAPI NTSTATUS NTAPI NtOpenKey( 4600 OUT PHANDLE KeyHandle, 4601 IN ACCESS_MASK DesiredAccess, 4602 IN POBJECT_ATTRIBUTES ObjectAttributes 4603 ); 4604 4605 NTSYSAPI NTSTATUS NTAPI NtOpenJobObject( 4606 OUT PHANDLE JobHandle, 4607 IN ACCESS_MASK DesiredAccess, 4608 IN POBJECT_ATTRIBUTES ObjectAttributes 4609 ); 4610 4611 NTSYSAPI NTSTATUS NTAPI NtOpenIoCompletion( 4612 OUT PHANDLE IoCompletionHandle, 4613 IN ACCESS_MASK DesiredAccess, 4614 IN POBJECT_ATTRIBUTES ObjectAttributes 4615 ); 4616 4617 NTSYSAPI NTSTATUS NTAPI NtOpenFile( 4618 OUT PHANDLE FileHandle, 4619 IN ACCESS_MASK DesiredAccess, 4620 IN POBJECT_ATTRIBUTES ObjectAttributes, 4621 OUT PIO_STATUS_BLOCK IoStatusBlock, 4622 IN ULONG ShareAccess, 4623 IN ULONG OpenOptions 4624 ); 4625 4626 NTSYSAPI NTSTATUS NTAPI NtOpenEventPair( 4627 OUT PHANDLE EventPairHandle, 4628 IN ACCESS_MASK DesiredAccess, 4629 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL 4630 ); 4631 4632 NTSYSAPI NTSTATUS NTAPI NtOpenEvent( 4633 OUT PHANDLE EventHandle, 4634 IN ACCESS_MASK DesiredAccess, 4635 IN POBJECT_ATTRIBUTES ObjectAttributes 4636 ); 4637 4638 NTSYSAPI NTSTATUS NTAPI NtOpenDirectoryObject( 4639 OUT PHANDLE DirectoryHandle, 4640 IN ACCESS_MASK DesiredAccess, 4641 IN POBJECT_ATTRIBUTES ObjectAttributes 4642 ); 4643 4644 NTSYSAPI NTSTATUS NTAPI NtNotifyChangeMultipleKeys( 4645 IN HANDLE KeyHandle, 4646 IN ULONG Flags, 4647 IN POBJECT_ATTRIBUTES KeyObjectAttributes, 4648 IN HANDLE EventHandle OPTIONAL, 4649 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, 4650 IN PVOID ApcContext OPTIONAL, 4651 OUT PIO_STATUS_BLOCK IoStatusBlock, 4652 IN ULONG NotifyFilter, 4653 IN BOOLEAN WatchSubtree, 4654 IN PVOID Buffer, 4655 IN ULONG BufferLength, 4656 IN BOOLEAN Asynchronous 4657 ); 4658 4659 NTSYSAPI NTSTATUS NTAPI NtNotifyChangeKey( 4660 IN HANDLE KeyHandle, 4661 IN HANDLE EventHandle OPTIONAL, 4662 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, 4663 IN PVOID ApcContext OPTIONAL, 4664 OUT PIO_STATUS_BLOCK IoStatusBlock, 4665 IN ULONG NotifyFilter, 4666 IN BOOLEAN WatchSubtree, 4667 IN PVOID Buffer, 4668 IN ULONG BufferLength, 4669 IN BOOLEAN Asynchronous 4670 ); 4671 4672 NTSYSAPI NTSTATUS NTAPI NtNotifyChangeDirectoryFile( 4673 IN HANDLE FileHandle, 4674 IN HANDLE Event OPTIONAL, 4675 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, 4676 IN PVOID ApcContext OPTIONAL, 4677 OUT PIO_STATUS_BLOCK IoStatusBlock, 4678 OUT PFILE_NOTIFY_INFORMATION Buffer, 4679 IN ULONG BufferLength, 4680 IN ULONG NotifyFilter, 4681 IN BOOLEAN WatchSubtree 4682 ); 4683 4684 NTSYSAPI NTSTATUS NTAPI NtModifyDriverEntry( 4685 IN PUNICODE_STRING DriverName, 4686 IN PUNICODE_STRING DriverPath 4687 ); 4688 4689 NTSYSAPI NTSTATUS NTAPI NtModifyBootEntry( 4690 IN PUNICODE_STRING EntryName, 4691 IN PUNICODE_STRING EntryValue 4692 ); 4693 4694 NTSYSAPI NTSTATUS NTAPI NtMapViewOfSection( 4695 IN HANDLE SectionHandle, 4696 IN HANDLE ProcessHandle, 4697 IN OUT PVOID *BaseAddress, 4698 IN ULONG ZeroBits, 4699 IN ULONG CommitSize, 4700 IN OUT PLARGE_INTEGER SectionOffset OPTIONAL, 4701 IN OUT PULONG ViewSize, 4702 IN SECTION_INHERIT InheritDisposition, 4703 IN ULONG AllocationType, 4704 IN ULONG Protect 4705 ); 4706 4707 NTSYSAPI NTSTATUS NTAPI NtMapUserPhysicalPagesScatter( 4708 IN PVOID *BaseAddresses, 4709 IN PULONG NumberOfPages, 4710 IN PULONG PageFrameNumbers 4711 ); 4712 4713 NTSYSAPI NTSTATUS NTAPI NtMapUserPhysicalPages( 4714 IN PVOID BaseAddress, 4715 IN PULONG NumberOfPages, 4716 IN PULONG PageFrameNumbers 4717 ); 4718 4719 NTSYSAPI NTSTATUS NTAPI NtMakeTemporaryObject( 4720 IN HANDLE ObjectHandle 4721 ); 4722 4723 NTSYSAPI NTSTATUS NTAPI NtMakePermanentObject( 4724 IN HANDLE Object 4725 ); 4726 4727 NTSYSAPI NTSTATUS NTAPI NtLockVirtualMemory( 4728 IN HANDLE ProcessHandle, 4729 IN OUT PVOID *BaseAddress, 4730 IN OUT PULONG LockSize, 4731 IN ULONG LockType 4732 ); 4733 4734 NTSYSAPI NTSTATUS NTAPI NtLockRegistryKey( 4735 IN HANDLE Key 4736 ); 4737 4738 NTSYSAPI NTSTATUS NTAPI NtLockFile( 4739 IN HANDLE FileHandle, 4740 IN HANDLE Event OPTIONAL, 4741 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, 4742 IN PVOID ApcContext OPTIONAL, 4743 OUT PIO_STATUS_BLOCK IoStatusBlock, 4744 IN PULARGE_INTEGER LockOffset, 4745 IN PULARGE_INTEGER LockLength, 4746 IN ULONG Key, 4747 IN BOOLEAN FailImmediately, 4748 IN BOOLEAN ExclusiveLock 4749 ); 4750 4751 NTSYSAPI NTSTATUS NTAPI NtLoadKey( 4752 IN POBJECT_ATTRIBUTES KeyObjectAttributes, 4753 IN POBJECT_ATTRIBUTES FileObjectAttributes 4754 ); 4755 4756 NTSYSAPI NTSTATUS NTAPI NtLoadKey2( 4757 IN POBJECT_ATTRIBUTES KeyObjectAttributes, 4758 IN POBJECT_ATTRIBUTES FileObjectAttributes, 4759 IN ULONG Flags 4760 ); 4761 4762 NTSYSAPI NTSTATUS NTAPI NtLoadDriver( 4763 IN PUNICODE_STRING DriverServiceName 4764 ); 4765 4766 NTSYSAPI NTSTATUS NTAPI NtListenPort( 4767 IN HANDLE PortHandle, 4768 OUT PPORT_MESSAGE RequestMessage 4769 ); 4770 4771 NTSYSAPI NTSTATUS NTAPI NtFreeUserPhysicalPages( 4772 IN HANDLE ProcessHandle, 4773 IN OUT PULONG NumberOfPages, 4774 IN PULONG PageFrameNumbers 4775 ); 4776 4777 NTSYSAPI NTSTATUS NTAPI NtFreeVirtualMemory( 4778 IN HANDLE ProcessHandle, 4779 IN OUT PVOID *BaseAddress, 4780 IN OUT PULONG FreeSize, 4781 IN ULONG FreeType 4782 ); 4783 4784 NTSYSAPI NTSTATUS NTAPI NtFsControlFile( 4785 IN HANDLE FileHandle, 4786 IN HANDLE Event OPTIONAL, 4787 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, 4788 IN PVOID ApcContext OPTIONAL, 4789 OUT PIO_STATUS_BLOCK IoStatusBlock, 4790 IN ULONG FsControlCode, 4791 IN PVOID InputBuffer OPTIONAL, 4792 IN ULONG InputBufferLength, 4793 OUT PVOID OutputBuffer OPTIONAL, 4794 IN ULONG OutputBufferLength 4795 ); 4796 4797 NTSYSAPI NTSTATUS NTAPI NtGetContextThread( 4798 IN HANDLE ThreadHandle, 4799 OUT PCONTEXT Context 4800 ); 4801 4802 NTSYSAPI NTSTATUS NTAPI NtGetDevicePowerState( 4803 IN HANDLE DeviceHandle, 4804 OUT PDEVICE_POWER_STATE DevicePowerState 4805 ); 4806 4807 NTSYSAPI NTSTATUS NTAPI NtGetPlugPlayEvent( 4808 IN ULONG Reserved1, 4809 IN ULONG Reserved2, 4810 OUT PVOID Buffer, 4811 IN ULONG BufferLength 4812 ); 4813 4814 NTSYSAPI NTSTATUS NTAPI NtGetWriteWatch( 4815 IN HANDLE ProcessHandle, 4816 IN ULONG Flags, 4817 IN PVOID BaseAddress, 4818 IN ULONG RegionSize, 4819 OUT PULONG Buffer, 4820 IN OUT PULONG BufferEntries, 4821 OUT PULONG Granularity 4822 ); 4823 4824 NTSYSAPI NTSTATUS NTAPI NtImpersonateAnonymousToken( 4825 IN HANDLE ThreadHandle 4826 ); 4827 4828 NTSYSAPI NTSTATUS NTAPI NtImpersonateClientOfPort( 4829 IN HANDLE PortHandle, 4830 IN PPORT_MESSAGE Message 4831 ); 4832 4833 NTSYSAPI NTSTATUS NTAPI NtImpersonateThread( 4834 IN HANDLE ThreadHandle, 4835 IN HANDLE TargetThreadHandle, 4836 IN PSECURITY_QUALITY_OF_SERVICE SecurityQos 4837 ); 4838 4839 NTSYSAPI NTSTATUS NTAPI NtInitializeRegistry( 4840 IN BOOLEAN Setup 4841 ); 4842 4843 NTSYSAPI NTSTATUS NTAPI NtInitiatePowerAction( 4844 IN POWER_ACTION SystemAction, 4845 IN SYSTEM_POWER_STATE MinSystemState, 4846 IN ULONG Flags, 4847 IN BOOLEAN Asynchronous 4848 ); 4849 4850 NTSYSAPI NTSTATUS NTAPI NtIsProcessInJob( 4851 IN HANDLE ProcessHandle, 4852 IN HANDLE JobHandle OPTIONAL 4853 ); 4854 4855 NTSYSAPI BOOLEAN NTAPI NtIsSystemResumeAutomatic( 4856 VOID 4857 ); 4858 4859 NTSYSAPI NTSTATUS NTAPI NtTestAlert( 4860 VOID 4861 ); 4862 4863 NTSYSAPI NTSTATUS NTAPI NtAlertThread( 4864 IN HANDLE ThreadHandle 4865 ); 4866 4867 NTSYSAPI ULONG NTAPI NtGetTickCount( 4868 VOID 4869 ); 4870 4871 NTSYSAPI NTSTATUS NTAPI NtW32Call( 4872 IN ULONG RoutineIndex, 4873 IN PVOID Argument, 4874 IN ULONG ArgumentLength, 4875 OUT PVOID *Result OPTIONAL, 4876 OUT PULONG ResultLength OPTIONAL 4877 ); 4878 4879 NTSYSAPI NTSTATUS NTAPI NtSetLowWaitHighThread( 4880 VOID 4881 ); 4882 4883 NTSYSAPI NTSTATUS NTAPI NtSetHighWaitLowThread( 4884 VOID 4885 ); 4886 4887 NTSYSAPI NTSTATUS NTAPI NtCreatePagingFile( 4888 IN PUNICODE_STRING FileName, 4889 IN PULARGE_INTEGER InitialSize, 4890 IN PULARGE_INTEGER MaximumSize, 4891 IN ULONG Priority OPTIONAL 4892 ); 4893 4894 NTSYSAPI NTSTATUS NTAPI NtVdmControl( 4895 IN ULONG ControlCode, 4896 IN PVOID ControlData 4897 ); 4898 4899 NTSYSAPI NTSTATUS NTAPI NtQueryEaFile( 4900 IN HANDLE FileHandle, 4901 OUT PIO_STATUS_BLOCK IoStatusBlock, 4902 OUT PVOID Buffer, 4903 IN ULONG Length, 4904 IN BOOLEAN ReturnSingleEntry, 4905 IN PVOID EaList OPTIONAL, 4906 IN ULONG EaListLength, 4907 IN PULONG EaIndex OPTIONAL, 4908 IN BOOLEAN RestartScan 4909 ); 4910 4911 NTSTATUS NTAPI RtlCreateProcessParameters( 4912 OUT PRTL_USER_PROCESS_PARAMETERS *ProcessParameters, 4913 IN PUNICODE_STRING ImageFile, 4914 IN PUNICODE_STRING DllPath OPTIONAL, 4915 IN PUNICODE_STRING CurrentDirectory OPTIONAL, 4916 IN PUNICODE_STRING CommandLine OPTIONAL, 4917 IN PWSTR Environment OPTIONAL, 4918 IN PUNICODE_STRING WindowTitle OPTIONAL, 4919 IN PUNICODE_STRING DesktopInfo OPTIONAL, 4920 IN PUNICODE_STRING ShellInfo OPTIONAL, 4921 IN PUNICODE_STRING RuntimeInfo OPTIONAL 4922 ); 4923 4924 NTSTATUS NTAPI RtlDestroyProcessParameters( 4925 IN PRTL_USER_PROCESS_PARAMETERS ProcessParameters 4926 ); 4927 4928 PDEBUG_BUFFER NTAPI RtlCreateQueryDebugBuffer( 4929 IN ULONG Size, 4930 IN BOOLEAN EventPair 4931 ); 4932 4933 NTSTATUS NTAPI RtlQueryProcessDebugInformation( 4934 IN ULONG ProcessId, 4935 IN ULONG DebugInfoClassMask, 4936 IN OUT PDEBUG_BUFFER DebugBuffer 4937 ); 4938 4939 NTSTATUS NTAPI RtlDestroyQueryDebugBuffer( 4940 IN PDEBUG_BUFFER DebugBuffer 4941 ); 4942 4943 NTSYSAPI VOID NTAPI RtlInitUnicodeString( 4944 OUT PUNICODE_STRING DestinationString, 4945 IN PCWSTR SourceString 4946 ); 4947 4948 NTSYSAPI VOID NTAPI RtlInitString( 4949 PSTRING DestinationString, 4950 PCSTR SourceString 4951 ); 4952 4953 NTSYSAPI VOID NTAPI RtlInitAnsiString( 4954 OUT PANSI_STRING DestinationString, 4955 IN PCSTR SourceString 4956 ); 4957 4958 NTSYSAPI NTSTATUS NTAPI RtlAnsiStringToUnicodeString( 4959 OUT PUNICODE_STRING DestinationString, 4960 IN PANSI_STRING SourceString, 4961 IN BOOLEAN AllocateDestinationString 4962 ); 4963 4964 NTSYSAPI NTSTATUS NTAPI RtlUnicodeStringToAnsiString( 4965 OUT PANSI_STRING DestinationString, 4966 IN PCUNICODE_STRING SourceString, 4967 IN BOOLEAN AllocateDestinationString 4968 ); 4969 4970 NTSYSAPI LONG NTAPI RtlCompareUnicodeString( 4971 IN PUNICODE_STRING String1, 4972 IN PUNICODE_STRING String2, 4973 IN BOOLEAN CaseInSensitive 4974 ); 4975 4976 NTSYSAPI BOOLEAN NTAPI RtlEqualUnicodeString( 4977 IN PCUNICODE_STRING String1, 4978 IN PCUNICODE_STRING String2, 4979 IN BOOLEAN CaseInSensitive 4980 ); 4981 4982 NTSYSAPI NTSTATUS NTAPI RtlHashUnicodeString( 4983 IN CONST UNICODE_STRING *String, 4984 IN BOOLEAN CaseInSensitive, 4985 IN ULONG HashAlgorithm, 4986 OUT PULONG HashValue 4987 ); 4988 4989 NTSYSAPI VOID NTAPI RtlCopyUnicodeString( 4990 OUT PUNICODE_STRING DestinationString, 4991 IN PUNICODE_STRING SourceString 4992 ); 4993 4994 NTSYSAPI NTSTATUS NTAPI RtlAppendUnicodeStringToString( 4995 IN OUT PUNICODE_STRING Destination, 4996 IN PUNICODE_STRING Source 4997 ); 4998 4999 NTSYSAPI NTSTATUS NTAPI RtlAppendUnicodeToString( 5000 PUNICODE_STRING Destination, 5001 PCWSTR Source 5002 ); 5003 5004 NTSYSAPI VOID NTAPI RtlFreeUnicodeString( 5005 PUNICODE_STRING UnicodeString 5006 ); 5007 5008 NTSYSAPI VOID NTAPI RtlFreeAnsiString( 5009 PANSI_STRING AnsiString 5010 ); 5011 5012 NTSYSAPI ULONG NTAPI RtlxUnicodeStringToAnsiSize( 5013 PCUNICODE_STRING UnicodeString 5014 ); 5015 5016 NTSYSAPI DWORD NTAPI RtlNtStatusToDosError( 5017 IN NTSTATUS status 5018 ); 5019 5020 NTSYSAPI NTSTATUS NTAPI RtlAdjustPrivilege( 5021 ULONG Privilege, 5022 BOOLEAN Enable, 5023 BOOLEAN CurrentThread, 5024 PBOOLEAN Enabled 5025 ); 5026 5027 NTSYSAPI BOOLEAN NTAPI RtlCreateUnicodeString( 5028 OUT PUNICODE_STRING DestinationString, 5029 IN PCWSTR SourceString 5030 ); 5031 5032 NTSYSAPI BOOLEAN NTAPI RtlCreateUnicodeStringFromAsciiz( 5033 OUT PUNICODE_STRING Destination, 5034 IN PCSTR Source 5035 ); 5036 5037 NTSYSAPI BOOLEAN NTAPI RtlPrefixUnicodeString( 5038 IN PUNICODE_STRING String1, 5039 IN PUNICODE_STRING String2, 5040 IN BOOLEAN CaseInSensitive 5041 ); 5042 5043 NTSYSAPI NTSTATUS NTAPI RtlDuplicateUnicodeString( 5044 IN BOOLEAN AllocateNew, 5045 IN PUNICODE_STRING SourceString, 5046 OUT PUNICODE_STRING TargetString 5047 ); 5048 5049 NTSYSAPI NTSTATUS NTAPI RtlUnicodeStringToInteger( 5050 IN PUNICODE_STRING String, 5051 IN ULONG Base OPTIONAL, 5052 OUT PULONG Value 5053 ); 5054 5055 NTSYSAPI NTSTATUS NTAPI RtlIntegerToUnicodeString( 5056 IN ULONG Value, 5057 IN ULONG Base OPTIONAL, 5058 IN OUT PUNICODE_STRING String 5059 ); 5060 5061 NTSYSAPI NTSTATUS NTAPI RtlGUIDFromString( 5062 IN PUNICODE_STRING GuidString, 5063 OUT GUID *Guid 5064 ); 5065 5066 NTSYSAPI NTSTATUS NTAPI RtlUpcaseUnicodeString( 5067 OUT PUNICODE_STRING DestinationString, 5068 IN PUNICODE_STRING SourceString, 5069 IN BOOLEAN AllocateDestinationString 5070 ); 5071 5072 NTSYSAPI NTSTATUS NTAPI RtlDowncaseUnicodeString( 5073 OUT PUNICODE_STRING DestinationString, 5074 IN PUNICODE_STRING SourceString, 5075 IN BOOLEAN AllocateDestinationString 5076 ); 5077 5078 NTSYSAPI NTSTATUS NTAPI RtlFormatCurrentUserKeyPath( 5079 OUT PUNICODE_STRING CurrentUserKeyPath 5080 ); 5081 5082 NTSYSAPI VOID NTAPI RtlRaiseStatus( 5083 IN NTSTATUS Status 5084 ); 5085 5086 NTSYSAPI ULONG NTAPI RtlRandom( 5087 IN OUT PULONG Seed 5088 ); 5089 5090 NTSYSAPI NTSTATUS NTAPI RtlInitializeCriticalSection( 5091 IN PRTL_CRITICAL_SECTION CriticalSection 5092 ); 5093 5094 NTSYSAPI BOOL NTAPI RtlTryEnterCriticalSection( 5095 IN PRTL_CRITICAL_SECTION CriticalSection 5096 ); 5097 5098 NTSYSAPI NTSTATUS NTAPI RtlEnterCriticalSection( 5099 IN PRTL_CRITICAL_SECTION CriticalSection 5100 ); 5101 5102 NTSYSAPI NTSTATUS NTAPI RtlLeaveCriticalSection( 5103 IN PRTL_CRITICAL_SECTION CriticalSection 5104 ); 5105 5106 NTSYSAPI NTSTATUS NTAPI RtlDeleteCriticalSection( 5107 IN PRTL_CRITICAL_SECTION CriticalSection 5108 ); 5109 5110 NTSYSAPI NTSTATUS NTAPI RtlCompressBuffer( 5111 IN USHORT CompressionFormatAndEngine, 5112 IN PUCHAR UncompressedBuffer, 5113 IN ULONG UncompressedBufferSize, 5114 OUT PUCHAR CompressedBuffer, 5115 IN ULONG CompressedBufferSize, 5116 IN ULONG UncompressedChunkSize, 5117 OUT PULONG FinalCompressedSize, 5118 IN PVOID WorkSpace 5119 ); 5120 5121 NTSYSAPI NTSTATUS NTAPI RtlDecompressBuffer( 5122 IN USHORT CompressionFormat, 5123 OUT PUCHAR UncompressedBuffer, 5124 IN ULONG UncompressedBufferSize, 5125 IN PUCHAR CompressedBuffer, 5126 IN ULONG CompressedBufferSize, 5127 OUT PULONG FinalUncompressedSize 5128 ); 5129 5130 NTSYSAPI VOID NTAPI RtlInitializeHandleTable( 5131 IN ULONG MaximumNumberOfHandles, 5132 IN ULONG SizeOfHandleTableEntry, 5133 OUT PRTL_HANDLE_TABLE HandleTable 5134 ); 5135 5136 NTSYSAPI PRTL_HANDLE_TABLE_ENTRY NTAPI RtlAllocateHandle( 5137 IN PRTL_HANDLE_TABLE HandleTable, 5138 OUT PULONG HandleIndex OPTIONAL 5139 ); 5140 5141 NTSYSAPI BOOLEAN NTAPI RtlFreeHandle( 5142 IN PRTL_HANDLE_TABLE HandleTable, 5143 IN PRTL_HANDLE_TABLE_ENTRY Handle 5144 ); 5145 5146 NTSYSAPI BOOLEAN NTAPI RtlIsValidIndexHandle( 5147 IN PRTL_HANDLE_TABLE HandleTable, 5148 IN ULONG HandleIndex, 5149 OUT PRTL_HANDLE_TABLE_ENTRY *Handle 5150 ); 5151 5152 NTSYSAPI NTSTATUS NTAPI RtlOpenCurrentUser( 5153 IN ULONG DesiredAccess, 5154 OUT PHANDLE CurrentUserKey 5155 ); 5156 5157 NTSYSAPI NTSTATUS NTAPI RtlCreateEnvironment( 5158 BOOLEAN CloneCurrentEnvironment, 5159 PVOID *Environment 5160 ); 5161 5162 NTSYSAPI NTSTATUS NTAPI RtlQueryEnvironmentVariable_U( 5163 PVOID Environment, 5164 PUNICODE_STRING Name, 5165 PUNICODE_STRING Value 5166 ); 5167 5168 NTSYSAPI NTSTATUS NTAPI RtlSetEnvironmentVariable( 5169 PVOID *Environment, 5170 PUNICODE_STRING Name, 5171 PUNICODE_STRING Value 5172 ); 5173 5174 NTSYSAPI NTSTATUS NTAPI RtlDestroyEnvironment( 5175 PVOID Environment 5176 ); 5177 5178 NTSYSAPI BOOLEAN NTAPI RtlDosPathNameToNtPathName_U( 5179 IN PWSTR DosPathName, 5180 OUT PUNICODE_STRING NtPathName, 5181 OUT PWSTR * NtFileNamePart OPTIONAL, 5182 OUT PCURDIR DirectoryInfo OPTIONAL 5183 ); 5184 5185 NTSYSAPI NTSTATUS NTAPI RtlCreateUserProcess( 5186 PUNICODE_STRING NtImagePathName, 5187 ULONG Attributes, 5188 PRTL_USER_PROCESS_PARAMETERS ProcessParameters, 5189 PSECURITY_DESCRIPTOR ProcessSecurityDescriptor, 5190 PSECURITY_DESCRIPTOR ThreadSecurityDescriptor, 5191 HANDLE ParentProcess, 5192 BOOLEAN InheritHandles, 5193 HANDLE DebugPort, 5194 HANDLE ExceptionPort, 5195 PRTL_USER_PROCESS_INFORMATION ProcessInformation 5196 ); 5197 5198 NTSYSAPI NTSTATUS NTAPI RtlCreateUserThread( 5199 IN HANDLE Process, 5200 IN PSECURITY_DESCRIPTOR ThreadSecurityDescriptor OPTIONAL, 5201 IN BOOLEAN CreateSuspended, 5202 IN ULONG_PTR ZeroBits OPTIONAL, 5203 IN SIZE_T MaximumStackSize OPTIONAL, 5204 IN SIZE_T CommittedStackSize OPTIONAL, 5205 IN PUSER_THREAD_START_ROUTINE StartAddress, 5206 IN PVOID Parameter OPTIONAL, 5207 OUT PHANDLE Thread OPTIONAL, 5208 OUT PCLIENT_ID ClientId OPTIONAL 5209 ); 5210 5211 NTSYSAPI HANDLE NTAPI RtlCreateHeap( 5212 IN ULONG Flags, 5213 IN PVOID BaseAddress OPTIONAL, 5214 IN ULONG SizeToReserve, 5215 IN ULONG SizeToCommit, 5216 IN BOOLEAN Lock OPTIONAL, 5217 IN PRTL_HEAP_PARAMETERS Definition OPTIONAL 5218 ); 5219 5220 NTSYSAPI ULONG NTAPI RtlDestroyHeap( 5221 IN HANDLE HeapHandle 5222 ); 5223 5224 NTSYSAPI PVOID NTAPI RtlAllocateHeap( 5225 IN HANDLE HeapHandle, 5226 IN ULONG Flags, 5227 IN SIZE_T Size 5228 ); 5229 5230 NTSYSAPI PVOID NTAPI RtlReAllocateHeap( 5231 IN HANDLE HeapHandle, 5232 IN ULONG Flags, 5233 IN LPVOID Address, 5234 IN SIZE_T Size 5235 ); 5236 5237 NTSYSAPI BOOLEAN NTAPI RtlFreeHeap( 5238 IN HANDLE HeapHandle, 5239 IN ULONG Flags, 5240 IN PVOID Address 5241 ); 5242 5243 NTSYSAPI ULONG NTAPI RtlCompactHeap( 5244 IN HANDLE HeapHandle, 5245 IN ULONG Flags 5246 ); 5247 5248 NTSYSAPI BOOLEAN NTAPI RtlLockHeap( 5249 IN HANDLE HeapHandle 5250 ); 5251 5252 NTSYSAPI BOOLEAN NTAPI RtlUnlockHeap( 5253 IN HANDLE HeapHandle 5254 ); 5255 5256 NTSYSAPI ULONG NTAPI RtlSizeHeap( 5257 IN HANDLE HeapHandle, 5258 IN ULONG Flags, 5259 IN PVOID Address 5260 ); 5261 5262 NTSYSAPI BOOLEAN NTAPI RtlValidateHeap( 5263 IN HANDLE HeapHandle, 5264 IN ULONG Flags, 5265 IN PVOID Address OPTIONAL 5266 ); 5267 5268 NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor( 5269 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 5270 IN ULONG Revision 5271 ); 5272 5273 NTSYSAPI NTSTATUS NTAPI RtlGetDaclSecurityDescriptor( 5274 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 5275 OUT PBOOLEAN DaclPresent, 5276 OUT PACL *Dacl, 5277 OUT PBOOLEAN DaclDefaulted 5278 ); 5279 5280 NTSYSAPI NTSTATUS NTAPI RtlSetDaclSecurityDescriptor( 5281 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 5282 IN BOOLEAN DaclPresent, 5283 IN PACL Dacl OPTIONAL, 5284 IN BOOLEAN DaclDefaulted OPTIONAL 5285 ); 5286 5287 NTSYSAPI NTSTATUS NTAPI RtlSetOwnerSecurityDescriptor( 5288 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 5289 IN PSID Owner OPTIONAL, 5290 IN BOOLEAN OwnerDefaulted OPTIONAL 5291 ); 5292 5293 NTSYSAPI NTSTATUS NTAPI RtlAllocateAndInitializeSid( 5294 IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, 5295 IN UCHAR SubAuthorityCount, 5296 IN ULONG SubAuthority0, 5297 IN ULONG SubAuthority1, 5298 IN ULONG SubAuthority2, 5299 IN ULONG SubAuthority3, 5300 IN ULONG SubAuthority4, 5301 IN ULONG SubAuthority5, 5302 IN ULONG SubAuthority6, 5303 IN ULONG SubAuthority7, 5304 OUT PSID *Sid 5305 ); 5306 5307 NTSYSAPI ULONG NTAPI RtlLengthSid( 5308 IN PSID Sid 5309 ); 5310 5311 NTSYSAPI BOOLEAN NTAPI RtlEqualSid( 5312 IN PSID Sid1, 5313 IN PSID Sid2 5314 ); 5315 5316 NTSYSAPI PVOID NTAPI RtlFreeSid( 5317 IN PSID Sid 5318 ); 5319 5320 NTSYSAPI NTSTATUS NTAPI RtlCreateAcl( 5321 IN PACL Acl, 5322 IN ULONG AclLength, 5323 IN ULONG AclRevision 5324 ); 5325 5326 NTSYSAPI NTSTATUS NTAPI RtlGetAce( 5327 IN PACL Acl, 5328 IN ULONG AceIndex, 5329 OUT PVOID *Ace 5330 ); 5331 5332 NTSYSAPI NTSTATUS NTAPI RtlAddAccessAllowedAce( 5333 IN OUT PACL Acl, 5334 IN ULONG AceRevision, 5335 IN ACCESS_MASK AccessMask, 5336 IN PSID Sid 5337 ); 5338 5339 NTSYSAPI NTSTATUS NTAPI RtlAddAccessAllowedAceEx( 5340 IN OUT PACL Acl, 5341 IN ULONG AceRevision, 5342 IN ULONG AceFlags, 5343 IN ULONG AccessMask, 5344 IN PSID Sid 5345 ); 5346 5347 NTSYSAPI ULONG NTAPI RtlNtStatusToDosErrorNoTeb( 5348 NTSTATUS Status 5349 ); 5350 5351 NTSYSAPI NTSTATUS NTAPI RtlGetLastNtStatus( 5352 ); 5353 5354 NTSYSAPI ULONG NTAPI RtlGetLastWin32Error( 5355 ); 5356 5357 NTSYSAPI VOID NTAPI RtlSetLastWin32Error( 5358 ULONG WinError 5359 ); 5360 5361 NTSYSAPI VOID NTAPI RtlSetLastWin32ErrorAndNtStatusFromNtStatus( 5362 NTSTATUS Status 5363 ); 5364 5365 NTSYSAPI VOID NTAPI DbgBreakPoint( 5366 VOID 5367 ); 5368 5369 NTSYSAPI ULONG _cdecl DbgPrint( 5370 PCH Format, 5371 ... 5372 ); 5373 5374 NTSYSAPI NTSTATUS NTAPI LdrLoadDll( 5375 IN PWSTR DllPath OPTIONAL, 5376 IN PULONG DllCharacteristics OPTIONAL, 5377 IN PUNICODE_STRING DllName, 5378 OUT PVOID *DllHandle 5379 ); 5380 5381 NTSYSAPI NTSTATUS NTAPI LdrGetDllHandle( 5382 IN PWSTR DllPath OPTIONAL, 5383 IN PULONG DllCharacteristics OPTIONAL, 5384 IN PUNICODE_STRING DllName, 5385 OUT PVOID * DllHandle 5386 ); 5387 5388 NTSYSAPI NTSTATUS NTAPI LdrUnloadDll( 5389 IN PVOID DllHandle 5390 ); 5391 5392 NTSYSAPI NTSTATUS NTAPI LdrGetProcedureAddress( 5393 IN PVOID DllHandle, 5394 IN PANSI_STRING ProcedureName OPTIONAL, 5395 IN ULONG ProcedureNumber OPTIONAL, 5396 OUT PVOID *ProcedureAddress 5397 ); 5398 5399 #pragma endregion 5400 5401 #pragma region TAIL 5402 5403 #ifdef __cplusplus 5404 } // extern "C" 5405 #endif 5406 5407 #pragma endregion 5408 5409 #endif // __NTDLL_H__ 5410 5411 Ntdll.h