Context Navigation

ntapi.h

Visit:

Last change on this file was 2720, checked in by bird, 19 years ago
w32api v3.6
File size: 63.3 KB

Line
1	/*
2	* ntapi.h
3	*
4	* Windows NT Native API
5	*
6	* Most structures in this file is obtained from Windows NT/2000 Native API
7	* Reference by Gary Nebbett, ISBN 1578701996.
8	*
9	* This file is part of the w32api package.
10	*
11	* Contributors:
12	* Created by Casper S. Hornstrup <chorns@users.sourceforge.net>
13	*
14	* THIS SOFTWARE IS NOT COPYRIGHTED
15	*
16	* This source code is offered for use in the public domain. You may
17	* use, modify or distribute it freely.
18	*
19	* This code is distributed in the hope that it will be useful but
20	* WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
21	* DISCLAIMED. This includes but is not limited to warranties of
22	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
23	*
24	*/
25
26	#ifndef __NTAPI_H
27	#define __NTAPI_H
28
29	#if __GNUC__ >= 3
30	#pragma GCC system_header
31	#endif
32
33	#ifdef __cplusplus
34	extern "C" {
35	#endif
36
37	#include <stdarg.h>
38	#include <winbase.h>
39	#include "ntddk.h"
40	#include "ntpoapi.h"
41
42	#pragma pack(push,4)
43
44	typedef struct _PEB *PPEB;
45
46	/* FIXME: Unknown definitions */
47	typedef PVOID POBJECT_TYPE_LIST;
48	typedef PVOID PEXECUTION_STATE;
49	typedef PVOID PLANGID;
50
51	#ifndef NtCurrentProcess
52	#define NtCurrentProcess() ((HANDLE)0xFFFFFFFF)
53	#endif /* NtCurrentProcess */
54	#ifndef NtCurrentThread
55	#define NtCurrentThread() ((HANDLE)0xFFFFFFFE)
56	#endif /* NtCurrentThread */
57
58	/* System information and control */
59
60	typedef enum _SYSTEM_INFORMATION_CLASS {
61	SystemInformationClassMin = 0,
62	SystemBasicInformation = 0,
63	SystemProcessorInformation = 1,
64	SystemPerformanceInformation = 2,
65	SystemTimeOfDayInformation = 3,
66	SystemPathInformation = 4,
67	SystemNotImplemented1 = 4,
68	SystemProcessInformation = 5,
69	SystemProcessesAndThreadsInformation = 5,
70	SystemCallCountInfoInformation = 6,
71	SystemCallCounts = 6,
72	SystemDeviceInformation = 7,
73	SystemConfigurationInformation = 7,
74	SystemProcessorPerformanceInformation = 8,
75	SystemProcessorTimes = 8,
76	SystemFlagsInformation = 9,
77	SystemGlobalFlag = 9,
78	SystemCallTimeInformation = 10,
79	SystemNotImplemented2 = 10,
80	SystemModuleInformation = 11,
81	SystemLocksInformation = 12,
82	SystemLockInformation = 12,
83	SystemStackTraceInformation = 13,
84	SystemNotImplemented3 = 13,
85	SystemPagedPoolInformation = 14,
86	SystemNotImplemented4 = 14,
87	SystemNonPagedPoolInformation = 15,
88	SystemNotImplemented5 = 15,
89	SystemHandleInformation = 16,
90	SystemObjectInformation = 17,
91	SystemPageFileInformation = 18,
92	SystemPagefileInformation = 18,
93	SystemVdmInstemulInformation = 19,
94	SystemInstructionEmulationCounts = 19,
95	SystemVdmBopInformation = 20,
96	SystemInvalidInfoClass1 = 20,
97	SystemFileCacheInformation = 21,
98	SystemCacheInformation = 21,
99	SystemPoolTagInformation = 22,
100	SystemInterruptInformation = 23,
101	SystemProcessorStatistics = 23,
102	SystemDpcBehaviourInformation = 24,
103	SystemDpcInformation = 24,
104	SystemFullMemoryInformation = 25,
105	SystemNotImplemented6 = 25,
106	SystemLoadImage = 26,
107	SystemUnloadImage = 27,
108	SystemTimeAdjustmentInformation = 28,
109	SystemTimeAdjustment = 28,
110	SystemSummaryMemoryInformation = 29,
111	SystemNotImplemented7 = 29,
112	SystemNextEventIdInformation = 30,
113	SystemNotImplemented8 = 30,
114	SystemEventIdsInformation = 31,
115	SystemNotImplemented9 = 31,
116	SystemCrashDumpInformation = 32,
117	SystemExceptionInformation = 33,
118	SystemCrashDumpStateInformation = 34,
119	SystemKernelDebuggerInformation = 35,
120	SystemContextSwitchInformation = 36,
121	SystemRegistryQuotaInformation = 37,
122	SystemLoadAndCallImage = 38,
123	SystemPrioritySeparation = 39,
124	SystemPlugPlayBusInformation = 40,
125	SystemNotImplemented10 = 40,
126	SystemDockInformation = 41,
127	SystemNotImplemented11 = 41,
128	/* SystemPowerInformation = 42, Conflicts with POWER_INFORMATION_LEVEL 1 */
129	SystemInvalidInfoClass2 = 42,
130	SystemProcessorSpeedInformation = 43,
131	SystemInvalidInfoClass3 = 43,
132	SystemCurrentTimeZoneInformation = 44,
133	SystemTimeZoneInformation = 44,
134	SystemLookasideInformation = 45,
135	SystemSetTimeSlipEvent = 46,
136	SystemCreateSession = 47,
137	SystemDeleteSession = 48,
138	SystemInvalidInfoClass4 = 49,
139	SystemRangeStartInformation = 50,
140	SystemVerifierInformation = 51,
141	SystemAddVerifier = 52,
142	SystemSessionProcessesInformation = 53,
143	SystemInformationClassMax
144	} SYSTEM_INFORMATION_CLASS;
145
146	typedef struct _SYSTEM_BASIC_INFORMATION {
147	ULONG Unknown;
148	ULONG MaximumIncrement;
149	ULONG PhysicalPageSize;
150	ULONG NumberOfPhysicalPages;
151	ULONG LowestPhysicalPage;
152	ULONG HighestPhysicalPage;
153	ULONG AllocationGranularity;
154	ULONG LowestUserAddress;
155	ULONG HighestUserAddress;
156	ULONG ActiveProcessors;
157	UCHAR NumberProcessors;
158	} SYSTEM_BASIC_INFORMATION, *PSYSTEM_BASIC_INFORMATION;
159
160	typedef struct _SYSTEM_PROCESSOR_INFORMATION {
161	USHORT ProcessorArchitecture;
162	USHORT ProcessorLevel;
163	USHORT ProcessorRevision;
164	USHORT Unknown;
165	ULONG FeatureBits;
166	} SYSTEM_PROCESSOR_INFORMATION, *PSYSTEM_PROCESSOR_INFORMATION;
167
168	typedef struct _SYSTEM_PERFORMANCE_INFORMATION {
169	LARGE_INTEGER IdleTime;
170	LARGE_INTEGER ReadTransferCount;
171	LARGE_INTEGER WriteTransferCount;
172	LARGE_INTEGER OtherTransferCount;
173	ULONG ReadOperationCount;
174	ULONG WriteOperationCount;
175	ULONG OtherOperationCount;
176	ULONG AvailablePages;
177	ULONG TotalCommittedPages;
178	ULONG TotalCommitLimit;
179	ULONG PeakCommitment;
180	ULONG PageFaults;
181	ULONG WriteCopyFaults;
182	ULONG TransitionFaults;
183	ULONG CacheTransitionFaults;
184	ULONG DemandZeroFaults;
185	ULONG PagesRead;
186	ULONG PageReadIos;
187	ULONG CacheReads;
188	ULONG CacheIos;
189	ULONG PagefilePagesWritten;
190	ULONG PagefilePageWriteIos;
191	ULONG MappedFilePagesWritten;
192	ULONG MappedFilePageWriteIos;
193	ULONG PagedPoolUsage;
194	ULONG NonPagedPoolUsage;
195	ULONG PagedPoolAllocs;
196	ULONG PagedPoolFrees;
197	ULONG NonPagedPoolAllocs;
198	ULONG NonPagedPoolFrees;
199	ULONG TotalFreeSystemPtes;
200	ULONG SystemCodePage;
201	ULONG TotalSystemDriverPages;
202	ULONG TotalSystemCodePages;
203	ULONG SmallNonPagedLookasideListAllocateHits;
204	ULONG SmallPagedLookasideListAllocateHits;
205	ULONG Reserved3;
206	ULONG MmSystemCachePage;
207	ULONG PagedPoolPage;
208	ULONG SystemDriverPage;
209	ULONG FastReadNoWait;
210	ULONG FastReadWait;
211	ULONG FastReadResourceMiss;
212	ULONG FastReadNotPossible;
213	ULONG FastMdlReadNoWait;
214	ULONG FastMdlReadWait;
215	ULONG FastMdlReadResourceMiss;
216	ULONG FastMdlReadNotPossible;
217	ULONG MapDataNoWait;
218	ULONG MapDataWait;
219	ULONG MapDataNoWaitMiss;
220	ULONG MapDataWaitMiss;
221	ULONG PinMappedDataCount;
222	ULONG PinReadNoWait;
223	ULONG PinReadWait;
224	ULONG PinReadNoWaitMiss;
225	ULONG PinReadWaitMiss;
226	ULONG CopyReadNoWait;
227	ULONG CopyReadWait;
228	ULONG CopyReadNoWaitMiss;
229	ULONG CopyReadWaitMiss;
230	ULONG MdlReadNoWait;
231	ULONG MdlReadWait;
232	ULONG MdlReadNoWaitMiss;
233	ULONG MdlReadWaitMiss;
234	ULONG ReadAheadIos;
235	ULONG LazyWriteIos;
236	ULONG LazyWritePages;
237	ULONG DataFlushes;
238	ULONG DataPages;
239	ULONG ContextSwitches;
240	ULONG FirstLevelTbFills;
241	ULONG SecondLevelTbFills;
242	ULONG SystemCalls;
243	} SYSTEM_PERFORMANCE_INFORMATION, *PSYSTEM_PERFORMANCE_INFORMATION;
244
245	typedef struct _SYSTEM_TIME_OF_DAY_INFORMATION {
246	LARGE_INTEGER BootTime;
247	LARGE_INTEGER CurrentTime;
248	LARGE_INTEGER TimeZoneBias;
249	ULONG CurrentTimeZoneId;
250	} SYSTEM_TIME_OF_DAY_INFORMATION, *PSYSTEM_TIME_OF_DAY_INFORMATION;
251
252	typedef struct _VM_COUNTERS {
253	ULONG PeakVirtualSize;
254	ULONG VirtualSize;
255	ULONG PageFaultCount;
256	ULONG PeakWorkingSetSize;
257	ULONG WorkingSetSize;
258	ULONG QuotaPeakPagedPoolUsage;
259	ULONG QuotaPagedPoolUsage;
260	ULONG QuotaPeakNonPagedPoolUsage;
261	ULONG QuotaNonPagedPoolUsage;
262	ULONG PagefileUsage;
263	ULONG PeakPagefileUsage;
264	} VM_COUNTERS;
265
266	typedef enum _THREAD_STATE {
267	StateInitialized,
268	StateReady,
269	StateRunning,
270	StateStandby,
271	StateTerminated,
272	StateWait,
273	StateTransition,
274	StateUnknown
275	} THREAD_STATE;
276
277	typedef struct _SYSTEM_THREADS {
278	LARGE_INTEGER KernelTime;
279	LARGE_INTEGER UserTime;
280	LARGE_INTEGER CreateTime;
281	ULONG WaitTime;
282	PVOID StartAddress;
283	CLIENT_ID ClientId;
284	KPRIORITY Priority;
285	KPRIORITY BasePriority;
286	ULONG ContextSwitchCount;
287	THREAD_STATE State;
288	KWAIT_REASON WaitReason;
289	} SYSTEM_THREADS, *PSYSTEM_THREADS;
290
291	typedef struct _SYSTEM_PROCESSES {
292	ULONG NextEntryDelta;
293	ULONG ThreadCount;
294	ULONG Reserved1[6];
295	LARGE_INTEGER CreateTime;
296	LARGE_INTEGER UserTime;
297	LARGE_INTEGER KernelTime;
298	UNICODE_STRING ProcessName;
299	KPRIORITY BasePriority;
300	ULONG ProcessId;
301	ULONG InheritedFromProcessId;
302	ULONG HandleCount;
303	ULONG Reserved2[2];
304	VM_COUNTERS VmCounters;
305	IO_COUNTERS IoCounters;
306	SYSTEM_THREADS Threads[1];
307	} SYSTEM_PROCESSES, *PSYSTEM_PROCESSES;
308
309	typedef struct _SYSTEM_CALLS_INFORMATION {
310	ULONG Size;
311	ULONG NumberOfDescriptorTables;
312	ULONG NumberOfRoutinesInTable[1];
313	ULONG CallCounts[ANYSIZE_ARRAY];
314	} SYSTEM_CALLS_INFORMATION, *PSYSTEM_CALLS_INFORMATION;
315
316	typedef struct _SYSTEM_CONFIGURATION_INFORMATION {
317	ULONG DiskCount;
318	ULONG FloppyCount;
319	ULONG CdRomCount;
320	ULONG TapeCount;
321	ULONG SerialCount;
322	ULONG ParallelCount;
323	} SYSTEM_CONFIGURATION_INFORMATION, *PSYSTEM_CONFIGURATION_INFORMATION;
324
325	typedef struct _SYSTEM_PROCESSOR_TIMES {
326	LARGE_INTEGER IdleTime;
327	LARGE_INTEGER KernelTime;
328	LARGE_INTEGER UserTime;
329	LARGE_INTEGER DpcTime;
330	LARGE_INTEGER InterruptTime;
331	ULONG InterruptCount;
332	} SYSTEM_PROCESSOR_TIMES, *PSYSTEM_PROCESSOR_TIMES;
333
334	/* SYSTEM_GLOBAL_FLAG.GlobalFlag constants */
335	#define FLG_STOP_ON_EXCEPTION 0x00000001
336	#define FLG_SHOW_LDR_SNAPS 0x00000002
337	#define FLG_DEBUG_INITIAL_COMMAND 0x00000004
338	#define FLG_STOP_ON_HUNG_GUI 0x00000008
339	#define FLG_HEAP_ENABLE_TAIL_CHECK 0x00000010
340	#define FLG_HEAP_ENABLE_FREE_CHECK 0x00000020
341	#define FLG_HEAP_VALIDATE_PARAMETERS 0x00000040
342	#define FLG_HEAP_VALIDATE_ALL 0x00000080
343	#define FLG_POOL_ENABLE_TAIL_CHECK 0x00000100
344	#define FLG_POOL_ENABLE_FREE_CHECK 0x00000200
345	#define FLG_POOL_ENABLE_TAGGING 0x00000400
346	#define FLG_HEAP_ENABLE_TAGGING 0x00000800
347	#define FLG_USER_STACK_TRACE_DB 0x00001000
348	#define FLG_KERNEL_STACK_TRACE_DB 0x00002000
349	#define FLG_MAINTAIN_OBJECT_TYPELIST 0x00004000
350	#define FLG_HEAP_ENABLE_TAG_BY_DLL 0x00008000
351	#define FLG_IGNORE_DEBUG_PRIV 0x00010000
352	#define FLG_ENABLE_CSRDEBUG 0x00020000
353	#define FLG_ENABLE_KDEBUG_SYMBOL_LOAD 0x00040000
354	#define FLG_DISABLE_PAGE_KERNEL_STACKS 0x00080000
355	#define FLG_HEAP_ENABLE_CALL_TRACING 0x00100000
356	#define FLG_HEAP_DISABLE_COALESCING 0x00200000
357	#define FLG_ENABLE_CLOSE_EXCEPTIONS 0x00400000
358	#define FLG_ENABLE_EXCEPTION_LOGGING 0x00800000
359	#define FLG_ENABLE_DBGPRINT_BUFFERING 0x08000000
360
361	typedef struct _SYSTEM_GLOBAL_FLAG {
362	ULONG GlobalFlag;
363	} SYSTEM_GLOBAL_FLAG, *PSYSTEM_GLOBAL_FLAG;
364
365	typedef struct _SYSTEM_MODULE_INFORMATION_ENTRY {
366	ULONG Unknown1;
367	ULONG Unknown2;
368	PVOID Base;
369	ULONG Size;
370	ULONG Flags;
371	USHORT Index;
372	/* Length of module name not including the path, this
373	field contains valid value only for NTOSKRNL module */
374	USHORT NameLength;
375	USHORT LoadCount;
376	USHORT PathLength;
377	CHAR ImageName[256];
378	} SYSTEM_MODULE_INFORMATION_ENTRY, *PSYSTEM_MODULE_INFORMATION_ENTRY;
379
380	typedef struct _SYSTEM_MODULE_INFORMATION {
381	ULONG Count;
382	SYSTEM_MODULE_INFORMATION_ENTRY Module[1];
383	} SYSTEM_MODULE_INFORMATION, *PSYSTEM_MODULE_INFORMATION;
384
385	typedef struct _SYSTEM_LOCK_INFORMATION {
386	PVOID Address;
387	USHORT Type;
388	USHORT Reserved1;
389	ULONG ExclusiveOwnerThreadId;
390	ULONG ActiveCount;
391	ULONG ContentionCount;
392	ULONG Reserved2[2];
393	ULONG NumberOfSharedWaiters;
394	ULONG NumberOfExclusiveWaiters;
395	} SYSTEM_LOCK_INFORMATION, *PSYSTEM_LOCK_INFORMATION;
396
397	/SYSTEM_HANDLE_INFORMATION.Flags cosntants /
398	#define PROTECT_FROM_CLOSE 0x01
399	#define INHERIT 0x02
400
401	typedef struct _SYSTEM_HANDLE_INFORMATION {
402	ULONG ProcessId;
403	UCHAR ObjectTypeNumber;
404	UCHAR Flags;
405	USHORT Handle;
406	PVOID Object;
407	ACCESS_MASK GrantedAccess;
408	} SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;
409
410	typedef struct _SYSTEM_OBJECT_TYPE_INFORMATION {
411	ULONG NextEntryOffset;
412	ULONG ObjectCount;
413	ULONG HandleCount;
414	ULONG TypeNumber;
415	ULONG InvalidAttributes;
416	GENERIC_MAPPING GenericMapping;
417	ACCESS_MASK ValidAccessMask;
418	POOL_TYPE PoolType;
419	UCHAR Unknown;
420	UNICODE_STRING Name;
421	} SYSTEM_OBJECT_TYPE_INFORMATION, *PSYSTEM_OBJECT_TYPE_INFORMATION;
422
423	/* SYSTEM_OBJECT_INFORMATION.Flags constants */
424	#define FLG_SYSOBJINFO_SINGLE_HANDLE_ENTRY 0x40
425	#define FLG_SYSOBJINFO_DEFAULT_SECURITY_QUOTA 0x20
426	#define FLG_SYSOBJINFO_PERMANENT 0x10
427	#define FLG_SYSOBJINFO_EXCLUSIVE 0x08
428	#define FLG_SYSOBJINFO_CREATOR_INFO 0x04
429	#define FLG_SYSOBJINFO_KERNEL_MODE 0x02
430
431	typedef struct _SYSTEM_OBJECT_INFORMATION {
432	ULONG NextEntryOffset;
433	PVOID Object;
434	ULONG CreatorProcessId;
435	USHORT Unknown;
436	USHORT Flags;
437	ULONG PointerCount;
438	ULONG HandleCount;
439	ULONG PagedPoolUsage;
440	ULONG NonPagedPoolUsage;
441	ULONG ExclusiveProcessId;
442	PSECURITY_DESCRIPTOR SecurityDescriptor;
443	UNICODE_STRING Name;
444	} SYSTEM_OBJECT_INFORMATION, *PSYSTEM_OBJECT_INFORMATION;
445
446	typedef struct _SYSTEM_PAGEFILE_INFORMATION {
447	ULONG NextEntryOffset;
448	ULONG CurrentSize;
449	ULONG TotalUsed;
450	ULONG PeakUsed;
451	UNICODE_STRING FileName;
452	} SYSTEM_PAGEFILE_INFORMATION, *PSYSTEM_PAGEFILE_INFORMATION;
453
454	typedef struct _SYSTEM_INSTRUCTION_EMULATION_INFORMATION {
455	ULONG SegmentNotPresent;
456	ULONG TwoByteOpcode;
457	ULONG ESprefix;
458	ULONG CSprefix;
459	ULONG SSprefix;
460	ULONG DSprefix;
461	ULONG FSPrefix;
462	ULONG GSprefix;
463	ULONG OPER32prefix;
464	ULONG ADDR32prefix;
465	ULONG INSB;
466	ULONG INSW;
467	ULONG OUTSB;
468	ULONG OUTSW;
469	ULONG PUSHFD;
470	ULONG POPFD;
471	ULONG INTnn;
472	ULONG INTO;
473	ULONG IRETD;
474	ULONG INBimm;
475	ULONG INWimm;
476	ULONG OUTBimm;
477	ULONG OUTWimm;
478	ULONG INB;
479	ULONG INW;
480	ULONG OUTB;
481	ULONG OUTW;
482	ULONG LOCKprefix;
483	ULONG REPNEprefix;
484	ULONG REPprefix;
485	ULONG HLT;
486	ULONG CLI;
487	ULONG STI;
488	ULONG GenericInvalidOpcode;
489	} SYSTEM_INSTRUCTION_EMULATION_INFORMATION, *PSYSTEM_INSTRUCTION_EMULATION_INFORMATION;
490
491	typedef struct _SYSTEM_POOL_TAG_INFORMATION {
492	CHAR Tag[4];
493	ULONG PagedPoolAllocs;
494	ULONG PagedPoolFrees;
495	ULONG PagedPoolUsage;
496	ULONG NonPagedPoolAllocs;
497	ULONG NonPagedPoolFrees;
498	ULONG NonPagedPoolUsage;
499	} SYSTEM_POOL_TAG_INFORMATION, *PSYSTEM_POOL_TAG_INFORMATION;
500
501	typedef struct _SYSTEM_PROCESSOR_STATISTICS {
502	ULONG ContextSwitches;
503	ULONG DpcCount;
504	ULONG DpcRequestRate;
505	ULONG TimeIncrement;
506	ULONG DpcBypassCount;
507	ULONG ApcBypassCount;
508	} SYSTEM_PROCESSOR_STATISTICS, *PSYSTEM_PROCESSOR_STATISTICS;
509
510	typedef struct _SYSTEM_DPC_INFORMATION {
511	ULONG Reserved;
512	ULONG MaximumDpcQueueDepth;
513	ULONG MinimumDpcRate;
514	ULONG AdjustDpcThreshold;
515	ULONG IdealDpcRate;
516	} SYSTEM_DPC_INFORMATION, *PSYSTEM_DPC_INFORMATION;
517
518	typedef struct _SYSTEM_LOAD_IMAGE {
519	UNICODE_STRING ModuleName;
520	PVOID ModuleBase;
521	PVOID SectionPointer;
522	PVOID EntryPoint;
523	PVOID ExportDirectory;
524	} SYSTEM_LOAD_IMAGE, *PSYSTEM_LOAD_IMAGE;
525
526	typedef struct _SYSTEM_UNLOAD_IMAGE {
527	PVOID ModuleBase;
528	} SYSTEM_UNLOAD_IMAGE, *PSYSTEM_UNLOAD_IMAGE;
529
530	typedef struct _SYSTEM_QUERY_TIME_ADJUSTMENT {
531	ULONG TimeAdjustment;
532	ULONG MaximumIncrement;
533	BOOLEAN TimeSynchronization;
534	} SYSTEM_QUERY_TIME_ADJUSTMENT, *PSYSTEM_QUERY_TIME_ADJUSTMENT;
535
536	typedef struct _SYSTEM_SET_TIME_ADJUSTMENT {
537	ULONG TimeAdjustment;
538	BOOLEAN TimeSynchronization;
539	} SYSTEM_SET_TIME_ADJUSTMENT, *PSYSTEM_SET_TIME_ADJUSTMENT;
540
541	typedef struct _SYSTEM_CRASH_DUMP_INFORMATION {
542	HANDLE CrashDumpSectionHandle;
543	HANDLE Unknown;
544	} SYSTEM_CRASH_DUMP_INFORMATION, *PSYSTEM_CRASH_DUMP_INFORMATION;
545
546	typedef struct _SYSTEM_EXCEPTION_INFORMATION {
547	ULONG AlignmentFixupCount;
548	ULONG ExceptionDispatchCount;
549	ULONG FloatingEmulationCount;
550	ULONG Reserved;
551	} SYSTEM_EXCEPTION_INFORMATION, *PSYSTEM_EXCEPTION_INFORMATION;
552
553	typedef struct _SYSTEM_CRASH_DUMP_STATE_INFORMATION {
554	ULONG CrashDumpSectionExists;
555	ULONG Unknown;
556	} SYSTEM_CRASH_DUMP_STATE_INFORMATION, *PSYSTEM_CRASH_DUMP_STATE_INFORMATION;
557
558	typedef struct _SYSTEM_KERNEL_DEBUGGER_INFORMATION {
559	BOOLEAN DebuggerEnabled;
560	BOOLEAN DebuggerNotPresent;
561	} SYSTEM_KERNEL_DEBUGGER_INFORMATION, *PSYSTEM_KERNEL_DEBUGGER_INFORMATION;
562
563	typedef struct _SYSTEM_CONTEXT_SWITCH_INFORMATION {
564	ULONG ContextSwitches;
565	ULONG ContextSwitchCounters[11];
566	} SYSTEM_CONTEXT_SWITCH_INFORMATION, *PSYSTEM_CONTEXT_SWITCH_INFORMATION;
567
568	typedef struct _SYSTEM_REGISTRY_QUOTA_INFORMATION {
569	ULONG RegistryQuota;
570	ULONG RegistryQuotaInUse;
571	ULONG PagedPoolSize;
572	} SYSTEM_REGISTRY_QUOTA_INFORMATION, *PSYSTEM_REGISTRY_QUOTA_INFORMATION;
573
574	typedef struct _SYSTEM_LOAD_AND_CALL_IMAGE {
575	UNICODE_STRING ModuleName;
576	} SYSTEM_LOAD_AND_CALL_IMAGE, *PSYSTEM_LOAD_AND_CALL_IMAGE;
577
578	typedef struct _SYSTEM_PRIORITY_SEPARATION {
579	ULONG PrioritySeparation;
580	} SYSTEM_PRIORITY_SEPARATION, *PSYSTEM_PRIORITY_SEPARATION;
581
582	typedef struct _SYSTEM_TIME_ZONE_INFORMATION {
583	LONG Bias;
584	WCHAR StandardName[32];
585	LARGE_INTEGER StandardDate;
586	LONG StandardBias;
587	WCHAR DaylightName[32];
588	LARGE_INTEGER DaylightDate;
589	LONG DaylightBias;
590	} SYSTEM_TIME_ZONE_INFORMATION, *PSYSTEM_TIME_ZONE_INFORMATION;
591
592	typedef struct _SYSTEM_LOOKASIDE_INFORMATION {
593	USHORT Depth;
594	USHORT MaximumDepth;
595	ULONG TotalAllocates;
596	ULONG AllocateMisses;
597	ULONG TotalFrees;
598	ULONG FreeMisses;
599	POOL_TYPE Type;
600	ULONG Tag;
601	ULONG Size;
602	} SYSTEM_LOOKASIDE_INFORMATION, *PSYSTEM_LOOKASIDE_INFORMATION;
603
604	typedef struct _SYSTEM_SET_TIME_SLIP_EVENT {
605	HANDLE TimeSlipEvent;
606	} SYSTEM_SET_TIME_SLIP_EVENT, *PSYSTEM_SET_TIME_SLIP_EVENT;
607
608	typedef struct _SYSTEM_CREATE_SESSION {
609	ULONG SessionId;
610	} SYSTEM_CREATE_SESSION, *PSYSTEM_CREATE_SESSION;
611
612	typedef struct _SYSTEM_DELETE_SESSION {
613	ULONG SessionId;
614	} SYSTEM_DELETE_SESSION, *PSYSTEM_DELETE_SESSION;
615
616	typedef struct _SYSTEM_RANGE_START_INFORMATION {
617	PVOID SystemRangeStart;
618	} SYSTEM_RANGE_START_INFORMATION, *PSYSTEM_RANGE_START_INFORMATION;
619
620	typedef struct _SYSTEM_SESSION_PROCESSES_INFORMATION {
621	ULONG SessionId;
622	ULONG BufferSize;
623	PVOID Buffer;
624	} SYSTEM_SESSION_PROCESSES_INFORMATION, *PSYSTEM_SESSION_PROCESSES_INFORMATION;
625
626	typedef struct _SYSTEM_POOL_BLOCK {
627	BOOLEAN Allocated;
628	USHORT Unknown;
629	ULONG Size;
630	CHAR Tag[4];
631	} SYSTEM_POOL_BLOCK, *PSYSTEM_POOL_BLOCK;
632
633	typedef struct _SYSTEM_POOL_BLOCKS_INFORMATION {
634	ULONG PoolSize;
635	PVOID PoolBase;
636	USHORT Unknown;
637	ULONG NumberOfBlocks;
638	SYSTEM_POOL_BLOCK PoolBlocks[1];
639	} SYSTEM_POOL_BLOCKS_INFORMATION, *PSYSTEM_POOL_BLOCKS_INFORMATION;
640
641	typedef struct _SYSTEM_MEMORY_USAGE {
642	PVOID Name;
643	USHORT Valid;
644	USHORT Standby;
645	USHORT Modified;
646	USHORT PageTables;
647	} SYSTEM_MEMORY_USAGE, *PSYSTEM_MEMORY_USAGE;
648
649	typedef struct _SYSTEM_MEMORY_USAGE_INFORMATION {
650	ULONG Reserved;
651	PVOID EndOfData;
652	SYSTEM_MEMORY_USAGE MemoryUsage[1];
653	} SYSTEM_MEMORY_USAGE_INFORMATION, *PSYSTEM_MEMORY_USAGE_INFORMATION;
654
655	NTOSAPI
656	NTSTATUS
657	NTAPI
658	NtQuerySystemInformation(
659	IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
660	IN OUT PVOID SystemInformation,
661	IN ULONG SystemInformationLength,
662	OUT PULONG ReturnLength OPTIONAL);
663
664	NTOSAPI
665	NTSTATUS
666	NTAPI
667	ZwQuerySystemInformation(
668	IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
669	IN OUT PVOID SystemInformation,
670	IN ULONG SystemInformationLength,
671	OUT PULONG ReturnLength OPTIONAL);
672
673	NTOSAPI
674	NTAPI
675	NTSTATUS
676	NtQueryFullAttributesFile(
677	IN POBJECT_ATTRIBUTES ObjectAttributes,
678	OUT PFILE_NETWORK_OPEN_INFORMATION FileInformation);
679
680	NTOSAPI
681	NTAPI
682	NTSTATUS
683	ZwQueryFullAttributesFile(
684	IN POBJECT_ATTRIBUTES ObjectAttributes,
685	OUT PFILE_NETWORK_OPEN_INFORMATION FileInformation);
686
687	NTOSAPI
688	NTSTATUS
689	NTAPI
690	ZwSetSystemInformation(
691	IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
692	IN OUT PVOID SystemInformation,
693	IN ULONG SystemInformationLength);
694
695	NTOSAPI
696	NTSTATUS
697	NTAPI
698	ZwQuerySystemEnvironmentValue(
699	IN PUNICODE_STRING Name,
700	OUT PVOID Value,
701	IN ULONG ValueLength,
702	OUT PULONG ReturnLength OPTIONAL);
703
704	NTOSAPI
705	NTSTATUS
706	NTAPI
707	ZwSetSystemEnvironmentValue(
708	IN PUNICODE_STRING Name,
709	IN PUNICODE_STRING Value);
710
711	typedef enum _SHUTDOWN_ACTION {
712	ShutdownNoReboot,
713	ShutdownReboot,
714	ShutdownPowerOff
715	} SHUTDOWN_ACTION;
716
717	NTOSAPI
718	NTSTATUS
719	NTAPI
720	NtShutdownSystem(
721	IN SHUTDOWN_ACTION Action);
722
723	typedef enum _DEBUG_CONTROL_CODE {
724	DebugGetTraceInformation = 1,
725	DebugSetInternalBreakpoint,
726	DebugSetSpecialCall,
727	DebugClearSpecialCalls,
728	DebugQuerySpecialCalls,
729	DebugDbgBreakPoint,
730	DebugMaximum
731	} DEBUG_CONTROL_CODE;
732
733
734	NTOSAPI
735	NTSTATUS
736	NTAPI
737	ZwSystemDebugControl(
738	IN DEBUG_CONTROL_CODE ControlCode,
739	IN PVOID InputBuffer OPTIONAL,
740	IN ULONG InputBufferLength,
741	OUT PVOID OutputBuffer OPTIONAL,
742	IN ULONG OutputBufferLength,
743	OUT PULONG ReturnLength OPTIONAL);
744
745
746
747	/* Objects, Object directories, and symbolic links */
748
749	typedef enum _OBJECT_INFORMATION_CLASS {
750	ObjectBasicInformation,
751	ObjectNameInformation,
752	ObjectTypeInformation,
753	ObjectAllTypesInformation,
754	ObjectHandleInformation
755	} OBJECT_INFORMATION_CLASS;
756
757	NTOSAPI
758	NTSTATUS
759	NTAPI
760	ZwQueryObject(
761	IN HANDLE ObjectHandle,
762	IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
763	OUT PVOID ObjectInformation,
764	IN ULONG ObjectInformationLength,
765	OUT PULONG ReturnLength OPTIONAL);
766
767	NTOSAPI
768	NTSTATUS
769	NTAPI
770	ZwSetInformationObject(
771	IN HANDLE ObjectHandle,
772	IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
773	IN PVOID ObjectInformation,
774	IN ULONG ObjectInformationLength);
775
776	/* OBJECT_BASIC_INFORMATION.Attributes constants */
777	/* also in winbase.h */
778	#define HANDLE_FLAG_INHERIT 0x01
779	#define HANDLE_FLAG_PROTECT_FROM_CLOSE 0x02
780	/* end winbase.h */
781	#define PERMANENT 0x10
782	#define EXCLUSIVE 0x20
783
784	typedef struct _OBJECT_BASIC_INFORMATION {
785	ULONG Attributes;
786	ACCESS_MASK GrantedAccess;
787	ULONG HandleCount;
788	ULONG PointerCount;
789	ULONG PagedPoolUsage;
790	ULONG NonPagedPoolUsage;
791	ULONG Reserved[3];
792	ULONG NameInformationLength;
793	ULONG TypeInformationLength;
794	ULONG SecurityDescriptorLength;
795	LARGE_INTEGER CreateTime;
796	} OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION;
797	#if 0
798	/* FIXME: Enable later */
799	typedef struct _OBJECT_TYPE_INFORMATION {
800	UNICODE_STRING Name;
801	ULONG ObjectCount;
802	ULONG HandleCount;
803	ULONG Reserved1[4];
804	ULONG PeakObjectCount;
805	ULONG PeakHandleCount;
806	ULONG Reserved2[4];
807	ULONG InvalidAttributes;
808	GENERIC_MAPPING GenericMapping;
809	ULONG ValidAccess;
810	UCHAR Unknown;
811	BOOLEAN MaintainHandleDatabase;
812	POOL_TYPE PoolType;
813	ULONG PagedPoolUsage;
814	ULONG NonPagedPoolUsage;
815	} OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION;
816
817	typedef struct _OBJECT_ALL_TYPES_INFORMATION {
818	ULONG NumberOfTypes;
819	OBJECT_TYPE_INFORMATION TypeInformation;
820	} OBJECT_ALL_TYPES_INFORMATION, *POBJECT_ALL_TYPES_INFORMATION;
821	#endif
822	typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFORMATION {
823	BOOLEAN Inherit;
824	BOOLEAN ProtectFromClose;
825	} OBJECT_HANDLE_ATTRIBUTE_INFORMATION, *POBJECT_HANDLE_ATTRIBUTE_INFORMATION;
826
827	NTOSAPI
828	NTSTATUS
829	NTAPI
830	NtDuplicateObject(
831	IN HANDLE SourceProcessHandle,
832	IN HANDLE SourceHandle,
833	IN HANDLE TargetProcessHandle,
834	OUT PHANDLE TargetHandle OPTIONAL,
835	IN ACCESS_MASK DesiredAccess,
836	IN ULONG Attributes,
837	IN ULONG Options);
838
839	NTOSAPI
840	NTSTATUS
841	NTAPI
842	ZwDuplicateObject(
843	IN HANDLE SourceProcessHandle,
844	IN HANDLE SourceHandle,
845	IN HANDLE TargetProcessHandle,
846	OUT PHANDLE TargetHandle OPTIONAL,
847	IN ACCESS_MASK DesiredAccess,
848	IN ULONG Attributes,
849	IN ULONG Options);
850
851	NTOSAPI
852	NTSTATUS
853	NTAPI
854	NtQuerySecurityObject(
855	IN HANDLE Handle,
856	IN SECURITY_INFORMATION SecurityInformation,
857	OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
858	IN ULONG SecurityDescriptorLength,
859	OUT PULONG ReturnLength);
860
861	NTOSAPI
862	NTSTATUS
863	NTAPI
864	ZwQuerySecurityObject(
865	IN HANDLE Handle,
866	IN SECURITY_INFORMATION SecurityInformation,
867	OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
868	IN ULONG SecurityDescriptorLength,
869	OUT PULONG ReturnLength);
870
871	NTOSAPI
872	NTSTATUS
873	NTAPI
874	NtSetSecurityObject(
875	IN HANDLE Handle,
876	IN SECURITY_INFORMATION SecurityInformation,
877	IN PSECURITY_DESCRIPTOR SecurityDescriptor);
878
879	NTOSAPI
880	NTSTATUS
881	NTAPI
882	ZwSetSecurityObject(
883	IN HANDLE Handle,
884	IN SECURITY_INFORMATION SecurityInformation,
885	IN PSECURITY_DESCRIPTOR SecurityDescriptor);
886
887	NTOSAPI
888	NTSTATUS
889	NTAPI
890	ZwOpenDirectoryObject(
891	OUT PHANDLE DirectoryHandle,
892	IN ACCESS_MASK DesiredAccess,
893	IN POBJECT_ATTRIBUTES ObjectAttributes);
894
895	NTOSAPI
896	NTSTATUS
897	NTAPI
898	ZwQueryDirectoryObject(
899	IN HANDLE DirectoryHandle,
900	OUT PVOID Buffer,
901	IN ULONG BufferLength,
902	IN BOOLEAN ReturnSingleEntry,
903	IN BOOLEAN RestartScan,
904	IN OUT PULONG Context,
905	OUT PULONG ReturnLength OPTIONAL);
906
907	typedef struct _DIRECTORY_BASIC_INFORMATION {
908	UNICODE_STRING ObjectName;
909	UNICODE_STRING ObjectTypeName;
910	} DIRECTORY_BASIC_INFORMATION, *PDIRECTORY_BASIC_INFORMATION;
911
912	NTOSAPI
913	NTSTATUS
914	NTAPI
915	ZwCreateSymbolicLinkObject(
916	OUT PHANDLE SymbolicLinkHandle,
917	IN ACCESS_MASK DesiredAccess,
918	IN POBJECT_ATTRIBUTES ObjectAttributes,
919	IN PUNICODE_STRING TargetName);
920
921
922
923
924	/* Virtual memory */
925
926	typedef enum _MEMORY_INFORMATION_CLASS {
927	MemoryBasicInformation,
928	MemoryWorkingSetList,
929	MemorySectionName,
930	MemoryBasicVlmInformation
931	} MEMORY_INFORMATION_CLASS;
932
933	NTOSAPI
934	NTSTATUS
935	NTAPI
936	NtAllocateVirtualMemory(
937	IN HANDLE ProcessHandle,
938	IN OUT PVOID *BaseAddress,
939	IN ULONG ZeroBits,
940	IN OUT PULONG AllocationSize,
941	IN ULONG AllocationType,
942	IN ULONG Protect);
943
944	NTOSAPI
945	NTSTATUS
946	NTAPI
947	ZwAllocateVirtualMemory(
948	IN HANDLE ProcessHandle,
949	IN OUT PVOID *BaseAddress,
950	IN ULONG ZeroBits,
951	IN OUT PULONG AllocationSize,
952	IN ULONG AllocationType,
953	IN ULONG Protect);
954
955	NTOSAPI
956	NTSTATUS
957	NTAPI
958	NtFreeVirtualMemory(
959	IN HANDLE ProcessHandle,
960	IN OUT PVOID *BaseAddress,
961	IN OUT PULONG FreeSize,
962	IN ULONG FreeType);
963
964	NTOSAPI
965	NTSTATUS
966	NTAPI
967	ZwFreeVirtualMemory(
968	IN HANDLE ProcessHandle,
969	IN OUT PVOID *BaseAddress,
970	IN OUT PULONG FreeSize,
971	IN ULONG FreeType);
972
973	NTOSAPI
974	NTSTATUS
975	NTAPI
976	ZwQueryVirtualMemory(
977	IN HANDLE ProcessHandle,
978	IN PVOID BaseAddress,
979	IN MEMORY_INFORMATION_CLASS MemoryInformationClass,
980	OUT PVOID MemoryInformation,
981	IN ULONG MemoryInformationLength,
982	OUT PULONG ReturnLength OPTIONAL);
983
984	/* MEMORY_WORKING_SET_LIST.WorkingSetList constants */
985	#define WSLE_PAGE_READONLY 0x001
986	#define WSLE_PAGE_EXECUTE 0x002
987	#define WSLE_PAGE_READWRITE 0x004
988	#define WSLE_PAGE_EXECUTE_READ 0x003
989	#define WSLE_PAGE_WRITECOPY 0x005
990	#define WSLE_PAGE_EXECUTE_READWRITE 0x006
991	#define WSLE_PAGE_EXECUTE_WRITECOPY 0x007
992	#define WSLE_PAGE_SHARE_COUNT_MASK 0x0E0
993	#define WSLE_PAGE_SHAREABLE 0x100
994
995	typedef struct _MEMORY_WORKING_SET_LIST {
996	ULONG NumberOfPages;
997	ULONG WorkingSetList[1];
998	} MEMORY_WORKING_SET_LIST, *PMEMORY_WORKING_SET_LIST;
999
1000	typedef struct _MEMORY_SECTION_NAME {
1001	UNICODE_STRING SectionFileName;
1002	} MEMORY_SECTION_NAME, *PMEMORY_SECTION_NAME;
1003
1004	/* Zw[Lock\|Unlock]VirtualMemory.LockType constants */
1005	#define LOCK_VM_IN_WSL 0x01
1006	#define LOCK_VM_IN_RAM 0x02
1007
1008	NTOSAPI
1009	NTSTATUS
1010	NTAPI
1011	ZwLockVirtualMemory(
1012	IN HANDLE ProcessHandle,
1013	IN OUT PVOID *BaseAddress,
1014	IN OUT PULONG LockSize,
1015	IN ULONG LockType);
1016
1017	NTOSAPI
1018	NTSTATUS
1019	NTAPI
1020	ZwUnlockVirtualMemory(
1021	IN HANDLE ProcessHandle,
1022	IN OUT PVOID *BaseAddress,
1023	IN OUT PULONG LockSize,
1024	IN ULONG LockType);
1025
1026	NTOSAPI
1027	NTSTATUS
1028	NTAPI
1029	ZwReadVirtualMemory(
1030	IN HANDLE ProcessHandle,
1031	IN PVOID BaseAddress,
1032	OUT PVOID Buffer,
1033	IN ULONG BufferLength,
1034	OUT PULONG ReturnLength OPTIONAL);
1035
1036	NTOSAPI
1037	NTSTATUS
1038	NTAPI
1039	ZwWriteVirtualMemory(
1040	IN HANDLE ProcessHandle,
1041	IN PVOID BaseAddress,
1042	IN PVOID Buffer,
1043	IN ULONG BufferLength,
1044	OUT PULONG ReturnLength OPTIONAL);
1045
1046	NTOSAPI
1047	NTSTATUS
1048	NTAPI
1049	ZwProtectVirtualMemory(
1050	IN HANDLE ProcessHandle,
1051	IN OUT PVOID *BaseAddress,
1052	IN OUT PULONG ProtectSize,
1053	IN ULONG NewProtect,
1054	OUT PULONG OldProtect);
1055
1056	NTOSAPI
1057	NTSTATUS
1058	NTAPI
1059	ZwFlushVirtualMemory(
1060	IN HANDLE ProcessHandle,
1061	IN OUT PVOID *BaseAddress,
1062	IN OUT PULONG FlushSize,
1063	OUT PIO_STATUS_BLOCK IoStatusBlock);
1064
1065	NTOSAPI
1066	NTSTATUS
1067	NTAPI
1068	ZwAllocateUserPhysicalPages(
1069	IN HANDLE ProcessHandle,
1070	IN PULONG NumberOfPages,
1071	OUT PULONG PageFrameNumbers);
1072
1073	NTOSAPI
1074	NTSTATUS
1075	NTAPI
1076	ZwFreeUserPhysicalPages(
1077	IN HANDLE ProcessHandle,
1078	IN OUT PULONG NumberOfPages,
1079	IN PULONG PageFrameNumbers);
1080
1081	NTOSAPI
1082	NTSTATUS
1083	NTAPI
1084	ZwMapUserPhysicalPages(
1085	IN PVOID BaseAddress,
1086	IN PULONG NumberOfPages,
1087	IN PULONG PageFrameNumbers);
1088
1089	NTOSAPI
1090	NTSTATUS
1091	NTAPI
1092	ZwMapUserPhysicalPagesScatter(
1093	IN PVOID *BaseAddresses,
1094	IN PULONG NumberOfPages,
1095	IN PULONG PageFrameNumbers);
1096
1097	NTOSAPI
1098	NTSTATUS
1099	NTAPI
1100	ZwGetWriteWatch(
1101	IN HANDLE ProcessHandle,
1102	IN ULONG Flags,
1103	IN PVOID BaseAddress,
1104	IN ULONG RegionSize,
1105	OUT PULONG Buffer,
1106	IN OUT PULONG BufferEntries,
1107	OUT PULONG Granularity);
1108
1109	NTOSAPI
1110	NTSTATUS
1111	NTAPI
1112	ZwResetWriteWatch(
1113	IN HANDLE ProcessHandle,
1114	IN PVOID BaseAddress,
1115	IN ULONG RegionSize);
1116
1117
1118
1119
1120	/* Sections */
1121
1122	typedef enum _SECTION_INFORMATION_CLASS {
1123	SectionBasicInformation,
1124	SectionImageInformation
1125	} SECTION_INFORMATION_CLASS;
1126
1127	NTOSAPI
1128	NTSTATUS
1129	NTAPI
1130	NtCreateSection(
1131	OUT PHANDLE SectionHandle,
1132	IN ACCESS_MASK DesiredAccess,
1133	IN POBJECT_ATTRIBUTES ObjectAttributes,
1134	IN PLARGE_INTEGER SectionSize OPTIONAL,
1135	IN ULONG Protect,
1136	IN ULONG Attributes,
1137	IN HANDLE FileHandle);
1138
1139	NTOSAPI
1140	NTSTATUS
1141	NTAPI
1142	ZwCreateSection(
1143	OUT PHANDLE SectionHandle,
1144	IN ACCESS_MASK DesiredAccess,
1145	IN POBJECT_ATTRIBUTES ObjectAttributes,
1146	IN PLARGE_INTEGER SectionSize OPTIONAL,
1147	IN ULONG Protect,
1148	IN ULONG Attributes,
1149	IN HANDLE FileHandle);
1150
1151	NTOSAPI
1152	NTSTATUS
1153	NTAPI
1154	ZwQuerySection(
1155	IN HANDLE SectionHandle,
1156	IN SECTION_INFORMATION_CLASS SectionInformationClass,
1157	OUT PVOID SectionInformation,
1158	IN ULONG SectionInformationLength,
1159	OUT PULONG ResultLength OPTIONAL);
1160
1161	NTOSAPI
1162	NTSTATUS
1163	NTAPI
1164	ZwExtendSection(
1165	IN HANDLE SectionHandle,
1166	IN PLARGE_INTEGER SectionSize);
1167
1168	NTOSAPI
1169	NTSTATUS
1170	NTAPI
1171	ZwAreMappedFilesTheSame(
1172	IN PVOID Address1,
1173	IN PVOID Address2);
1174
1175
1176
1177
1178	/* Threads */
1179
1180	typedef struct _USER_STACK {
1181	PVOID FixedStackBase;
1182	PVOID FixedStackLimit;
1183	PVOID ExpandableStackBase;
1184	PVOID ExpandableStackLimit;
1185	PVOID ExpandableStackBottom;
1186	} USER_STACK, *PUSER_STACK;
1187
1188	NTOSAPI
1189	NTSTATUS
1190	NTAPI
1191	ZwCreateThread(
1192	OUT PHANDLE ThreadHandle,
1193	IN ACCESS_MASK DesiredAccess,
1194	IN POBJECT_ATTRIBUTES ObjectAttributes,
1195	IN HANDLE ProcessHandle,
1196	OUT PCLIENT_ID ClientId,
1197	IN PCONTEXT ThreadContext,
1198	IN PUSER_STACK UserStack,
1199	IN BOOLEAN CreateSuspended);
1200
1201	NTOSAPI
1202	NTSTATUS
1203	NTAPI
1204	NtOpenThread(
1205	OUT PHANDLE ThreadHandle,
1206	IN ACCESS_MASK DesiredAccess,
1207	IN POBJECT_ATTRIBUTES ObjectAttributes,
1208	IN PCLIENT_ID ClientId);
1209
1210	NTOSAPI
1211	NTSTATUS
1212	NTAPI
1213	ZwOpenThread(
1214	OUT PHANDLE ThreadHandle,
1215	IN ACCESS_MASK DesiredAccess,
1216	IN POBJECT_ATTRIBUTES ObjectAttributes,
1217	IN PCLIENT_ID ClientId);
1218
1219	NTOSAPI
1220	NTSTATUS
1221	NTAPI
1222	ZwTerminateThread(
1223	IN HANDLE ThreadHandle OPTIONAL,
1224	IN NTSTATUS ExitStatus);
1225
1226	NTOSAPI
1227	NTSTATUS
1228	NTAPI
1229	NtQueryInformationThread(
1230	IN HANDLE ThreadHandle,
1231	IN THREADINFOCLASS ThreadInformationClass,
1232	OUT PVOID ThreadInformation,
1233	IN ULONG ThreadInformationLength,
1234	OUT PULONG ReturnLength OPTIONAL);
1235
1236	NTOSAPI
1237	NTSTATUS
1238	NTAPI
1239	ZwQueryInformationThread(
1240	IN HANDLE ThreadHandle,
1241	IN THREADINFOCLASS ThreadInformationClass,
1242	OUT PVOID ThreadInformation,
1243	IN ULONG ThreadInformationLength,
1244	OUT PULONG ReturnLength OPTIONAL);
1245
1246	NTOSAPI
1247	NTSTATUS
1248	NTAPI
1249	NtSetInformationThread(
1250	IN HANDLE ThreadHandle,
1251	IN THREADINFOCLASS ThreadInformationClass,
1252	IN PVOID ThreadInformation,
1253	IN ULONG ThreadInformationLength);
1254
1255	typedef struct _THREAD_BASIC_INFORMATION {
1256	NTSTATUS ExitStatus;
1257	PNT_TIB TebBaseAddress;
1258	CLIENT_ID ClientId;
1259	KAFFINITY AffinityMask;
1260	KPRIORITY Priority;
1261	KPRIORITY BasePriority;
1262	} THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION;
1263
1264	typedef struct _KERNEL_USER_TIMES {
1265	LARGE_INTEGER CreateTime;
1266	LARGE_INTEGER ExitTime;
1267	LARGE_INTEGER KernelTime;
1268	LARGE_INTEGER UserTime;
1269	} KERNEL_USER_TIMES, *PKERNEL_USER_TIMES;
1270
1271	NTOSAPI
1272	NTSTATUS
1273	NTAPI
1274	ZwSuspendThread(
1275	IN HANDLE ThreadHandle,
1276	OUT PULONG PreviousSuspendCount OPTIONAL);
1277
1278	NTOSAPI
1279	NTSTATUS
1280	NTAPI
1281	ZwResumeThread(
1282	IN HANDLE ThreadHandle,
1283	OUT PULONG PreviousSuspendCount OPTIONAL);
1284
1285	NTOSAPI
1286	NTSTATUS
1287	NTAPI
1288	ZwGetContextThread(
1289	IN HANDLE ThreadHandle,
1290	OUT PCONTEXT Context);
1291
1292	NTOSAPI
1293	NTSTATUS
1294	NTAPI
1295	ZwSetContextThread(
1296	IN HANDLE ThreadHandle,
1297	IN PCONTEXT Context);
1298
1299	NTOSAPI
1300	NTSTATUS
1301	NTAPI
1302	ZwQueueApcThread(
1303	IN HANDLE ThreadHandle,
1304	IN PKNORMAL_ROUTINE ApcRoutine,
1305	IN PVOID ApcContext OPTIONAL,
1306	IN PVOID Argument1 OPTIONAL,
1307	IN PVOID Argument2 OPTIONAL);
1308
1309	NTOSAPI
1310	NTSTATUS
1311	NTAPI
1312	ZwTestAlert(
1313	VOID);
1314
1315	NTOSAPI
1316	NTSTATUS
1317	NTAPI
1318	ZwAlertThread(
1319	IN HANDLE ThreadHandle);
1320
1321	NTOSAPI
1322	NTSTATUS
1323	NTAPI
1324	ZwAlertResumeThread(
1325	IN HANDLE ThreadHandle,
1326	OUT PULONG PreviousSuspendCount OPTIONAL);
1327
1328	NTOSAPI
1329	NTSTATUS
1330	NTAPI
1331	ZwRegisterThreadTerminatePort(
1332	IN HANDLE PortHandle);
1333
1334	NTOSAPI
1335	NTSTATUS
1336	NTAPI
1337	ZwImpersonateThread(
1338	IN HANDLE ThreadHandle,
1339	IN HANDLE TargetThreadHandle,
1340	IN PSECURITY_QUALITY_OF_SERVICE SecurityQos);
1341
1342	NTOSAPI
1343	NTSTATUS
1344	NTAPI
1345	ZwImpersonateAnonymousToken(
1346	IN HANDLE ThreadHandle);
1347
1348
1349
1350
1351	/* Processes */
1352
1353	NTOSAPI
1354	NTSTATUS
1355	NTAPI
1356	ZwCreateProcess(
1357	OUT PHANDLE ProcessHandle,
1358	IN ACCESS_MASK DesiredAccess,
1359	IN POBJECT_ATTRIBUTES ObjectAttributes,
1360	IN HANDLE InheritFromProcessHandle,
1361	IN BOOLEAN InheritHandles,
1362	IN HANDLE SectionHandle OPTIONAL,
1363	IN HANDLE DebugPort OPTIONAL,
1364	IN HANDLE ExceptionPort OPTIONAL);
1365
1366	NTOSAPI
1367	NTSTATUS
1368	NTAPI
1369	ZwCreateProcess(
1370	OUT PHANDLE ProcessHandle,
1371	IN ACCESS_MASK DesiredAccess,
1372	IN POBJECT_ATTRIBUTES ObjectAttributes,
1373	IN HANDLE InheritFromProcessHandle,
1374	IN BOOLEAN InheritHandles,
1375	IN HANDLE SectionHandle OPTIONAL,
1376	IN HANDLE DebugPort OPTIONAL,
1377	IN HANDLE ExceptionPort OPTIONAL);
1378
1379	NTOSAPI
1380	NTSTATUS
1381	NTAPI
1382	ZwTerminateProcess(
1383	IN HANDLE ProcessHandle OPTIONAL,
1384	IN NTSTATUS ExitStatus);
1385
1386	NTOSAPI
1387	NTSTATUS
1388	NTAPI
1389	ZwQueryInformationProcess(
1390	IN HANDLE ProcessHandle,
1391	IN PROCESSINFOCLASS ProcessInformationClass,
1392	OUT PVOID ProcessInformation,
1393	IN ULONG ProcessInformationLength,
1394	OUT PULONG ReturnLength OPTIONAL);
1395
1396	NTOSAPI
1397	NTSTATUS
1398	NTAPI
1399	NtSetInformationProcess(
1400	IN HANDLE ProcessHandle,
1401	IN PROCESSINFOCLASS ProcessInformationClass,
1402	IN PVOID ProcessInformation,
1403	IN ULONG ProcessInformationLength);
1404
1405	NTOSAPI
1406	NTSTATUS
1407	NTAPI
1408	ZwSetInformationProcess(
1409	IN HANDLE ProcessHandle,
1410	IN PROCESSINFOCLASS ProcessInformationClass,
1411	IN PVOID ProcessInformation,
1412	IN ULONG ProcessInformationLength);
1413
1414	typedef struct _PROCESS_BASIC_INFORMATION {
1415	NTSTATUS ExitStatus;
1416	PPEB PebBaseAddress;
1417	KAFFINITY AffinityMask;
1418	KPRIORITY BasePriority;
1419	ULONG UniqueProcessId;
1420	ULONG InheritedFromUniqueProcessId;
1421	} PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION;
1422
1423	typedef struct _PROCESS_ACCESS_TOKEN {
1424	HANDLE Token;
1425	HANDLE Thread;
1426	} PROCESS_ACCESS_TOKEN, *PPROCESS_ACCESS_TOKEN;
1427
1428	/* DefaultHardErrorMode constants */
1429	/* also in winbase.h */
1430	#define SEM_FAILCRITICALERRORS 0x0001
1431	#define SEM_NOGPFAULTERRORBOX 0x0002
1432	#define SEM_NOALIGNMENTFAULTEXCEPT 0x0004
1433	#define SEM_NOOPENFILEERRORBOX 0x8000
1434	/* end winbase.h */
1435	typedef struct _POOLED_USAGE_AND_LIMITS {
1436	ULONG PeakPagedPoolUsage;
1437	ULONG PagedPoolUsage;
1438	ULONG PagedPoolLimit;
1439	ULONG PeakNonPagedPoolUsage;
1440	ULONG NonPagedPoolUsage;
1441	ULONG NonPagedPoolLimit;
1442	ULONG PeakPagefileUsage;
1443	ULONG PagefileUsage;
1444	ULONG PagefileLimit;
1445	} POOLED_USAGE_AND_LIMITS, *PPOOLED_USAGE_AND_LIMITS;
1446
1447	typedef struct _PROCESS_WS_WATCH_INFORMATION {
1448	PVOID FaultingPc;
1449	PVOID FaultingVa;
1450	} PROCESS_WS_WATCH_INFORMATION, *PPROCESS_WS_WATCH_INFORMATION;
1451
1452	/* PROCESS_PRIORITY_CLASS.PriorityClass constants */
1453	#define PC_IDLE 1
1454	#define PC_NORMAL 2
1455	#define PC_HIGH 3
1456	#define PC_REALTIME 4
1457	#define PC_BELOW_NORMAL 5
1458	#define PC_ABOVE_NORMAL 6
1459
1460	typedef struct _PROCESS_PRIORITY_CLASS {
1461	BOOLEAN Foreground;
1462	UCHAR PriorityClass;
1463	} PROCESS_PRIORITY_CLASS, *PPROCESS_PRIORITY_CLASS;
1464
1465	/* PROCESS_DEVICEMAP_INFORMATION.DriveType constants */
1466	#define DRIVE_UNKNOWN 0
1467	#define DRIVE_NO_ROOT_DIR 1
1468	#define DRIVE_REMOVABLE 2
1469	#define DRIVE_FIXED 3
1470	#define DRIVE_REMOTE 4
1471	#define DRIVE_CDROM 5
1472	#define DRIVE_RAMDISK 6
1473
1474	typedef struct _PROCESS_DEVICEMAP_INFORMATION {
1475	_ANONYMOUS_UNION union {
1476	struct {
1477	HANDLE DirectoryHandle;
1478	} Set;
1479	struct {
1480	ULONG DriveMap;
1481	UCHAR DriveType[32];
1482	} Query;
1483	} DUMMYUNIONNAME;
1484	} PROCESS_DEVICEMAP_INFORMATION, *PPROCESS_DEVICEMAP_INFORMATION;
1485
1486	typedef struct _PROCESS_SESSION_INFORMATION {
1487	ULONG SessionId;
1488	} PROCESS_SESSION_INFORMATION, *PPROCESS_SESSION_INFORMATION;
1489
1490	typedef struct _RTL_USER_PROCESS_PARAMETERS {
1491	ULONG AllocationSize;
1492	ULONG Size;
1493	ULONG Flags;
1494	ULONG DebugFlags;
1495	HANDLE hConsole;
1496	ULONG ProcessGroup;
1497	HANDLE hStdInput;
1498	HANDLE hStdOutput;
1499	HANDLE hStdError;
1500	UNICODE_STRING CurrentDirectoryName;
1501	HANDLE CurrentDirectoryHandle;
1502	UNICODE_STRING DllPath;
1503	UNICODE_STRING ImagePathName;
1504	UNICODE_STRING CommandLine;
1505	PWSTR Environment;
1506	ULONG dwX;
1507	ULONG dwY;
1508	ULONG dwXSize;
1509	ULONG dwYSize;
1510	ULONG dwXCountChars;
1511	ULONG dwYCountChars;
1512	ULONG dwFillAttribute;
1513	ULONG dwFlags;
1514	ULONG wShowWindow;
1515	UNICODE_STRING WindowTitle;
1516	UNICODE_STRING DesktopInfo;
1517	UNICODE_STRING ShellInfo;
1518	UNICODE_STRING RuntimeInfo;
1519	} RTL_USER_PROCESS_PARAMETERS, *PRTL_USER_PROCESS_PARAMETERS;
1520
1521	NTSTATUS
1522	NTAPI
1523	RtlCreateProcessParameters(
1524	OUT PRTL_USER_PROCESS_PARAMETERS *ProcessParameters,
1525	IN PUNICODE_STRING ImageFile,
1526	IN PUNICODE_STRING DllPath OPTIONAL,
1527	IN PUNICODE_STRING CurrentDirectory OPTIONAL,
1528	IN PUNICODE_STRING CommandLine OPTIONAL,
1529	IN PWSTR Environment OPTIONAL,
1530	IN PUNICODE_STRING WindowTitle OPTIONAL,
1531	IN PUNICODE_STRING DesktopInfo OPTIONAL,
1532	IN PUNICODE_STRING ShellInfo OPTIONAL,
1533	IN PUNICODE_STRING RuntimeInfo OPTIONAL);
1534
1535	NTSTATUS
1536	NTAPI
1537	RtlDestroyProcessParameters(
1538	IN PRTL_USER_PROCESS_PARAMETERS ProcessParameters);
1539
1540	typedef struct _DEBUG_BUFFER {
1541	HANDLE SectionHandle;
1542	PVOID SectionBase;
1543	PVOID RemoteSectionBase;
1544	ULONG SectionBaseDelta;
1545	HANDLE EventPairHandle;
1546	ULONG Unknown[2];
1547	HANDLE RemoteThreadHandle;
1548	ULONG InfoClassMask;
1549	ULONG SizeOfInfo;
1550	ULONG AllocatedSize;
1551	ULONG SectionSize;
1552	PVOID ModuleInformation;
1553	PVOID BackTraceInformation;
1554	PVOID HeapInformation;
1555	PVOID LockInformation;
1556	PVOID Reserved[8];
1557	} DEBUG_BUFFER, *PDEBUG_BUFFER;
1558
1559	PDEBUG_BUFFER
1560	NTAPI
1561	RtlCreateQueryDebugBuffer(
1562	IN ULONG Size,
1563	IN BOOLEAN EventPair);
1564
1565	/* RtlQueryProcessDebugInformation.DebugInfoClassMask constants */
1566	#define PDI_MODULES 0x01
1567	#define PDI_BACKTRACE 0x02
1568	#define PDI_HEAPS 0x04
1569	#define PDI_HEAP_TAGS 0x08
1570	#define PDI_HEAP_BLOCKS 0x10
1571	#define PDI_LOCKS 0x20
1572
1573	NTSTATUS
1574	NTAPI
1575	RtlQueryProcessDebugInformation(
1576	IN ULONG ProcessId,
1577	IN ULONG DebugInfoClassMask,
1578	IN OUT PDEBUG_BUFFER DebugBuffer);
1579
1580	NTSTATUS
1581	NTAPI
1582	RtlDestroyQueryDebugBuffer(
1583	IN PDEBUG_BUFFER DebugBuffer);
1584
1585	/* DEBUG_MODULE_INFORMATION.Flags constants */
1586	#define LDRP_STATIC_LINK 0x00000002
1587	#define LDRP_IMAGE_DLL 0x00000004
1588	#define LDRP_LOAD_IN_PROGRESS 0x00001000
1589	#define LDRP_UNLOAD_IN_PROGRESS 0x00002000
1590	#define LDRP_ENTRY_PROCESSED 0x00004000
1591	#define LDRP_ENTRY_INSERTED 0x00008000
1592	#define LDRP_CURRENT_LOAD 0x00010000
1593	#define LDRP_FAILED_BUILTIN_LOAD 0x00020000
1594	#define LDRP_DONT_CALL_FOR_THREADS 0x00040000
1595	#define LDRP_PROCESS_ATTACH_CALLED 0x00080000
1596	#define LDRP_DEBUG_SYMBOLS_LOADED 0x00100000
1597	#define LDRP_IMAGE_NOT_AT_BASE 0x00200000
1598	#define LDRP_WX86_IGNORE_MACHINETYPE 0x00400000
1599
1600	typedef struct _DEBUG_MODULE_INFORMATION {
1601	ULONG Reserved[2];
1602	ULONG Base;
1603	ULONG Size;
1604	ULONG Flags;
1605	USHORT Index;
1606	USHORT Unknown;
1607	USHORT LoadCount;
1608	USHORT ModuleNameOffset;
1609	CHAR ImageName[256];
1610	} DEBUG_MODULE_INFORMATION, *PDEBUG_MODULE_INFORMATION;
1611
1612	typedef struct _DEBUG_HEAP_INFORMATION {
1613	ULONG Base;
1614	ULONG Flags;
1615	USHORT Granularity;
1616	USHORT Unknown;
1617	ULONG Allocated;
1618	ULONG Committed;
1619	ULONG TagCount;
1620	ULONG BlockCount;
1621	ULONG Reserved[7];
1622	PVOID Tags;
1623	PVOID Blocks;
1624	} DEBUG_HEAP_INFORMATION, *PDEBUG_HEAP_INFORMATION;
1625
1626	typedef struct _DEBUG_LOCK_INFORMATION {
1627	PVOID Address;
1628	USHORT Type;
1629	USHORT CreatorBackTraceIndex;
1630	ULONG OwnerThreadId;
1631	ULONG ActiveCount;
1632	ULONG ContentionCount;
1633	ULONG EntryCount;
1634	ULONG RecursionCount;
1635	ULONG NumberOfSharedWaiters;
1636	ULONG NumberOfExclusiveWaiters;
1637	} DEBUG_LOCK_INFORMATION, *PDEBUG_LOCK_INFORMATION;
1638
1639
1640
1641	/* Jobs */
1642
1643	NTOSAPI
1644	NTSTATUS
1645	NTAPI
1646	ZwCreateJobObject(
1647	OUT PHANDLE JobHandle,
1648	IN ACCESS_MASK DesiredAccess,
1649	IN POBJECT_ATTRIBUTES ObjectAttributes);
1650
1651	NTOSAPI
1652	NTSTATUS
1653	NTAPI
1654	ZwOpenJobObject(
1655	OUT PHANDLE JobHandle,
1656	IN ACCESS_MASK DesiredAccess,
1657	IN POBJECT_ATTRIBUTES ObjectAttributes);
1658
1659	NTOSAPI
1660	NTSTATUS
1661	NTAPI
1662	ZwTerminateJobObject(
1663	IN HANDLE JobHandle,
1664	IN NTSTATUS ExitStatus);
1665
1666	NTOSAPI
1667	NTSTATUS
1668	NTAPI
1669	ZwAssignProcessToJobObject(
1670	IN HANDLE JobHandle,
1671	IN HANDLE ProcessHandle);
1672
1673	NTOSAPI
1674	NTSTATUS
1675	NTAPI
1676	ZwQueryInformationJobObject(
1677	IN HANDLE JobHandle,
1678	IN JOBOBJECTINFOCLASS JobInformationClass,
1679	OUT PVOID JobInformation,
1680	IN ULONG JobInformationLength,
1681	OUT PULONG ReturnLength OPTIONAL);
1682
1683	NTOSAPI
1684	NTSTATUS
1685	NTAPI
1686	ZwSetInformationJobObject(
1687	IN HANDLE JobHandle,
1688	IN JOBOBJECTINFOCLASS JobInformationClass,
1689	IN PVOID JobInformation,
1690	IN ULONG JobInformationLength);
1691
1692
1693	/* Tokens */
1694
1695	NTOSAPI
1696	NTSTATUS
1697	NTAPI
1698	ZwCreateToken(
1699	OUT PHANDLE TokenHandle,
1700	IN ACCESS_MASK DesiredAccess,
1701	IN POBJECT_ATTRIBUTES ObjectAttributes,
1702	IN TOKEN_TYPE Type,
1703	IN PLUID AuthenticationId,
1704	IN PLARGE_INTEGER ExpirationTime,
1705	IN PTOKEN_USER User,
1706	IN PTOKEN_GROUPS Groups,
1707	IN PTOKEN_PRIVILEGES Privileges,
1708	IN PTOKEN_OWNER Owner,
1709	IN PTOKEN_PRIMARY_GROUP PrimaryGroup,
1710	IN PTOKEN_DEFAULT_DACL DefaultDacl,
1711	IN PTOKEN_SOURCE Source
1712	);
1713
1714	NTOSAPI
1715	NTSTATUS
1716	NTAPI
1717	NtOpenProcessToken(
1718	IN HANDLE ProcessHandle,
1719	IN ACCESS_MASK DesiredAccess,
1720	OUT PHANDLE TokenHandle);
1721
1722	NTOSAPI
1723	NTSTATUS
1724	NTAPI
1725	ZwOpenProcessToken(
1726	IN HANDLE ProcessHandle,
1727	IN ACCESS_MASK DesiredAccess,
1728	OUT PHANDLE TokenHandle);
1729
1730	NTOSAPI
1731	NTSTATUS
1732	NTAPI
1733	NtOpenThreadToken(
1734	IN HANDLE ThreadHandle,
1735	IN ACCESS_MASK DesiredAccess,
1736	IN BOOLEAN OpenAsSelf,
1737	OUT PHANDLE TokenHandle);
1738
1739	NTOSAPI
1740	NTSTATUS
1741	NTAPI
1742	ZwOpenThreadToken(
1743	IN HANDLE ThreadHandle,
1744	IN ACCESS_MASK DesiredAccess,
1745	IN BOOLEAN OpenAsSelf,
1746	OUT PHANDLE TokenHandle);
1747
1748	NTOSAPI
1749	NTSTATUS
1750	NTAPI
1751	NtDuplicateToken(
1752	IN HANDLE ExistingTokenHandle,
1753	IN ACCESS_MASK DesiredAccess,
1754	IN POBJECT_ATTRIBUTES ObjectAttributes,
1755	IN BOOLEAN EffectiveOnly,
1756	IN TOKEN_TYPE TokenType,
1757	OUT PHANDLE NewTokenHandle);
1758
1759	NTOSAPI
1760	NTSTATUS
1761	NTAPI
1762	ZwDuplicateToken(
1763	IN HANDLE ExistingTokenHandle,
1764	IN ACCESS_MASK DesiredAccess,
1765	IN POBJECT_ATTRIBUTES ObjectAttributes,
1766	IN BOOLEAN EffectiveOnly,
1767	IN TOKEN_TYPE TokenType,
1768	OUT PHANDLE NewTokenHandle);
1769
1770	NTOSAPI
1771	NTSTATUS
1772	NTAPI
1773	ZwFilterToken(
1774	IN HANDLE ExistingTokenHandle,
1775	IN ULONG Flags,
1776	IN PTOKEN_GROUPS SidsToDisable,
1777	IN PTOKEN_PRIVILEGES PrivilegesToDelete,
1778	IN PTOKEN_GROUPS SidsToRestricted,
1779	OUT PHANDLE NewTokenHandle);
1780
1781	NTOSAPI
1782	NTSTATUS
1783	NTAPI
1784	NtAdjustPrivilegesToken(
1785	IN HANDLE TokenHandle,
1786	IN BOOLEAN DisableAllPrivileges,
1787	IN PTOKEN_PRIVILEGES NewState,
1788	IN ULONG BufferLength,
1789	OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL,
1790	OUT PULONG ReturnLength);
1791
1792	NTOSAPI
1793	NTSTATUS
1794	NTAPI
1795	ZwAdjustPrivilegesToken(
1796	IN HANDLE TokenHandle,
1797	IN BOOLEAN DisableAllPrivileges,
1798	IN PTOKEN_PRIVILEGES NewState,
1799	IN ULONG BufferLength,
1800	OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL,
1801	OUT PULONG ReturnLength);
1802
1803	NTOSAPI
1804	NTSTATUS
1805	NTAPI
1806	ZwAdjustGroupsToken(
1807	IN HANDLE TokenHandle,
1808	IN BOOLEAN ResetToDefault,
1809	IN PTOKEN_GROUPS NewState,
1810	IN ULONG BufferLength,
1811	OUT PTOKEN_GROUPS PreviousState OPTIONAL,
1812	OUT PULONG ReturnLength);
1813
1814	NTOSAPI
1815	NTSTATUS
1816	NTAPI
1817	NtQueryInformationToken(
1818	IN HANDLE TokenHandle,
1819	IN TOKEN_INFORMATION_CLASS TokenInformationClass,
1820	OUT PVOID TokenInformation,
1821	IN ULONG TokenInformationLength,
1822	OUT PULONG ReturnLength);
1823
1824	NTOSAPI
1825	NTSTATUS
1826	NTAPI
1827	ZwQueryInformationToken(
1828	IN HANDLE TokenHandle,
1829	IN TOKEN_INFORMATION_CLASS TokenInformationClass,
1830	OUT PVOID TokenInformation,
1831	IN ULONG TokenInformationLength,
1832	OUT PULONG ReturnLength);
1833
1834	NTOSAPI
1835	NTSTATUS
1836	NTAPI
1837	ZwSetInformationToken(
1838	IN HANDLE TokenHandle,
1839	IN TOKEN_INFORMATION_CLASS TokenInformationClass,
1840	IN PVOID TokenInformation,
1841	IN ULONG TokenInformationLength);
1842
1843
1844
1845
1846	/* Time */
1847
1848	NTOSAPI
1849	NTSTATUS
1850	NTAPI
1851	ZwQuerySystemTime(
1852	OUT PLARGE_INTEGER CurrentTime);
1853
1854	NTOSAPI
1855	NTSTATUS
1856	NTAPI
1857	ZwSetSystemTime(
1858	IN PLARGE_INTEGER NewTime,
1859	OUT PLARGE_INTEGER OldTime OPTIONAL);
1860
1861	NTOSAPI
1862	NTSTATUS
1863	NTAPI
1864	ZwQueryPerformanceCounter(
1865	OUT PLARGE_INTEGER PerformanceCount,
1866	OUT PLARGE_INTEGER PerformanceFrequency OPTIONAL);
1867
1868	NTOSAPI
1869	NTSTATUS
1870	NTAPI
1871	ZwQueryPerformanceCounter(
1872	OUT PLARGE_INTEGER PerformanceCount,
1873	OUT PLARGE_INTEGER PerformanceFrequency OPTIONAL);
1874
1875	NTOSAPI
1876	NTSTATUS
1877	NTAPI
1878	ZwQueryTimerResolution(
1879	OUT PULONG CoarsestResolution,
1880	OUT PULONG FinestResolution,
1881	OUT PULONG ActualResolution);
1882
1883	NTOSAPI
1884	NTSTATUS
1885	NTAPI
1886	ZwDelayExecution(
1887	IN BOOLEAN Alertable,
1888	IN PLARGE_INTEGER Interval);
1889
1890	NTOSAPI
1891	NTSTATUS
1892	NTAPI
1893	ZwYieldExecution(
1894	VOID);
1895
1896	NTOSAPI
1897	ULONG
1898	NTAPI
1899	ZwGetTickCount(
1900	VOID);
1901
1902
1903
1904
1905	/* Execution profiling */
1906
1907	NTOSAPI
1908	NTSTATUS
1909	NTAPI
1910	ZwCreateProfile(
1911	OUT PHANDLE ProfileHandle,
1912	IN HANDLE ProcessHandle,
1913	IN PVOID Base,
1914	IN ULONG Size,
1915	IN ULONG BucketShift,
1916	IN PULONG Buffer,
1917	IN ULONG BufferLength,
1918	IN KPROFILE_SOURCE Source,
1919	IN ULONG ProcessorMask);
1920
1921	NTOSAPI
1922	NTSTATUS
1923	NTAPI
1924	ZwSetIntervalProfile(
1925	IN ULONG Interval,
1926	IN KPROFILE_SOURCE Source);
1927
1928	NTOSAPI
1929	NTSTATUS
1930	NTAPI
1931	ZwQueryIntervalProfile(
1932	IN KPROFILE_SOURCE Source,
1933	OUT PULONG Interval);
1934
1935	NTOSAPI
1936	NTSTATUS
1937	NTAPI
1938	ZwStartProfile(
1939	IN HANDLE ProfileHandle);
1940
1941	NTOSAPI
1942	NTSTATUS
1943	NTAPI
1944	ZwStopProfile(
1945	IN HANDLE ProfileHandle);
1946
1947	/* Local Procedure Call (LPC) */
1948
1949	typedef struct _LPC_MESSAGE {
1950	USHORT DataSize;
1951	USHORT MessageSize;
1952	USHORT MessageType;
1953	USHORT VirtualRangesOffset;
1954	CLIENT_ID ClientId;
1955	ULONG MessageId;
1956	ULONG SectionSize;
1957	UCHAR Data[ANYSIZE_ARRAY];
1958	} LPC_MESSAGE, *PLPC_MESSAGE;
1959
1960	#define LPC_MESSAGE_BASE_SIZE 24
1961
1962	typedef enum _LPC_TYPE {
1963	LPC_NEW_MESSAGE,
1964	LPC_REQUEST,
1965	LPC_REPLY,
1966	LPC_DATAGRAM,
1967	LPC_LOST_REPLY,
1968	LPC_PORT_CLOSED,
1969	LPC_CLIENT_DIED,
1970	LPC_EXCEPTION,
1971	LPC_DEBUG_EVENT,
1972	LPC_ERROR_EVENT,
1973	LPC_CONNECTION_REQUEST,
1974	LPC_CONNECTION_REFUSED,
1975	LPC_MAXIMUM
1976	} LPC_TYPE;
1977
1978	typedef struct _LPC_SECTION_WRITE {
1979	ULONG Length;
1980	HANDLE SectionHandle;
1981	ULONG SectionOffset;
1982	ULONG ViewSize;
1983	PVOID ViewBase;
1984	PVOID TargetViewBase;
1985	} LPC_SECTION_WRITE, *PLPC_SECTION_WRITE;
1986
1987	typedef struct _LPC_SECTION_READ {
1988	ULONG Length;
1989	ULONG ViewSize;
1990	PVOID ViewBase;
1991	} LPC_SECTION_READ, *PLPC_SECTION_READ;
1992
1993	NTOSAPI
1994	NTSTATUS
1995	NTAPI
1996	ZwCreatePort(
1997	OUT PHANDLE PortHandle,
1998	IN POBJECT_ATTRIBUTES ObjectAttributes,
1999	IN ULONG MaxDataSize,
2000	IN ULONG MaxMessageSize,
2001	IN ULONG Reserved);
2002
2003	NTOSAPI
2004	NTSTATUS
2005	NTAPI
2006	ZwCreateWaitablePort(
2007	OUT PHANDLE PortHandle,
2008	IN POBJECT_ATTRIBUTES ObjectAttributes,
2009	IN ULONG MaxDataSize,
2010	IN ULONG MaxMessageSize,
2011	IN ULONG Reserved);
2012
2013	NTOSAPI
2014	NTSTATUS
2015	NTAPI
2016	NtConnectPort(
2017	OUT PHANDLE PortHandle,
2018	IN PUNICODE_STRING PortName,
2019	IN PSECURITY_QUALITY_OF_SERVICE SecurityQos,
2020	IN OUT PLPC_SECTION_WRITE WriteSection OPTIONAL,
2021	IN OUT PLPC_SECTION_READ ReadSection OPTIONAL,
2022	OUT PULONG MaxMessageSize OPTIONAL,
2023	IN OUT PVOID ConnectData OPTIONAL,
2024	IN OUT PULONG ConnectDataLength OPTIONAL);
2025
2026	NTOSAPI
2027	NTSTATUS
2028	NTAPI
2029	ZwConnectPort(
2030	OUT PHANDLE PortHandle,
2031	IN PUNICODE_STRING PortName,
2032	IN PSECURITY_QUALITY_OF_SERVICE SecurityQos,
2033	IN OUT PLPC_SECTION_WRITE WriteSection OPTIONAL,
2034	IN OUT PLPC_SECTION_READ ReadSection OPTIONAL,
2035	OUT PULONG MaxMessageSize OPTIONAL,
2036	IN OUT PVOID ConnectData OPTIONAL,
2037	IN OUT PULONG ConnectDataLength OPTIONAL);
2038
2039	NTOSAPI
2040	NTSTATUS
2041	NTAPI
2042	ZwConnectPort(
2043	OUT PHANDLE PortHandle,
2044	IN PUNICODE_STRING PortName,
2045	IN PSECURITY_QUALITY_OF_SERVICE SecurityQos,
2046	IN OUT PLPC_SECTION_WRITE WriteSection OPTIONAL,
2047	IN OUT PLPC_SECTION_READ ReadSection OPTIONAL,
2048	OUT PULONG MaxMessageSize OPTIONAL,
2049	IN OUT PVOID ConnectData OPTIONAL,
2050	IN OUT PULONG ConnectDataLength OPTIONAL);
2051
2052	NTOSAPI
2053	NTSTATUS
2054	NTAPI
2055	ZwListenPort(
2056	IN HANDLE PortHandle,
2057	OUT PLPC_MESSAGE Message);
2058
2059	NTOSAPI
2060	NTSTATUS
2061	NTAPI
2062	ZwAcceptConnectPort(
2063	OUT PHANDLE PortHandle,
2064	IN ULONG PortIdentifier,
2065	IN PLPC_MESSAGE Message,
2066	IN BOOLEAN Accept,
2067	IN OUT PLPC_SECTION_WRITE WriteSection OPTIONAL,
2068	IN OUT PLPC_SECTION_READ ReadSection OPTIONAL);
2069
2070	NTOSAPI
2071	NTSTATUS
2072	NTAPI
2073	ZwCompleteConnectPort(
2074	IN HANDLE PortHandle);
2075
2076	NTOSAPI
2077	NTSTATUS
2078	NTAPI
2079	NtRequestPort(
2080	IN HANDLE PortHandle,
2081	IN PLPC_MESSAGE RequestMessage);
2082
2083	NTOSAPI
2084	NTSTATUS
2085	NTAPI
2086	NtRequestWaitReplyPort(
2087	IN HANDLE PortHandle,
2088	IN PLPC_MESSAGE RequestMessage,
2089	OUT PLPC_MESSAGE ReplyMessage);
2090
2091	NTOSAPI
2092	NTSTATUS
2093	NTAPI
2094	ZwRequestWaitReplyPort(
2095	IN HANDLE PortHandle,
2096	IN PLPC_MESSAGE RequestMessage,
2097	OUT PLPC_MESSAGE ReplyMessage);
2098
2099	NTOSAPI
2100	NTSTATUS
2101	NTAPI
2102	ZwReplyPort(
2103	IN HANDLE PortHandle,
2104	IN PLPC_MESSAGE ReplyMessage);
2105
2106	NTOSAPI
2107	NTSTATUS
2108	NTAPI
2109	ZwReplyWaitReplyPort(
2110	IN HANDLE PortHandle,
2111	IN OUT PLPC_MESSAGE ReplyMessage);
2112
2113	NTOSAPI
2114	NTSTATUS
2115	NTAPI
2116	ZwReplyWaitReceivePort(
2117	IN HANDLE PortHandle,
2118	OUT PULONG PortIdentifier OPTIONAL,
2119	IN PLPC_MESSAGE ReplyMessage OPTIONAL,
2120	OUT PLPC_MESSAGE Message);
2121
2122	NTOSAPI
2123	NTSTATUS
2124	NTAPI
2125	ZwReplyWaitReceivePortEx(
2126	IN HANDLE PortHandle,
2127	OUT PULONG PortIdentifier OPTIONAL,
2128	IN PLPC_MESSAGE ReplyMessage OPTIONAL,
2129	OUT PLPC_MESSAGE Message,
2130	IN PLARGE_INTEGER Timeout);
2131
2132	NTOSAPI
2133	NTSTATUS
2134	NTAPI
2135	ZwReadRequestData(
2136	IN HANDLE PortHandle,
2137	IN PLPC_MESSAGE Message,
2138	IN ULONG Index,
2139	OUT PVOID Buffer,
2140	IN ULONG BufferLength,
2141	OUT PULONG ReturnLength OPTIONAL);
2142
2143	NTOSAPI
2144	NTSTATUS
2145	NTAPI
2146	ZwWriteRequestData(
2147	IN HANDLE PortHandle,
2148	IN PLPC_MESSAGE Message,
2149	IN ULONG Index,
2150	IN PVOID Buffer,
2151	IN ULONG BufferLength,
2152	OUT PULONG ReturnLength OPTIONAL);
2153
2154	typedef enum _PORT_INFORMATION_CLASS {
2155	PortBasicInformation
2156	} PORT_INFORMATION_CLASS;
2157
2158	NTOSAPI
2159	NTSTATUS
2160	NTAPI
2161	ZwQueryInformationPort(
2162	IN HANDLE PortHandle,
2163	IN PORT_INFORMATION_CLASS PortInformationClass,
2164	OUT PVOID PortInformation,
2165	IN ULONG PortInformationLength,
2166	OUT PULONG ReturnLength OPTIONAL);
2167
2168	NTOSAPI
2169	NTSTATUS
2170	NTAPI
2171	ZwImpersonateClientOfPort(
2172	IN HANDLE PortHandle,
2173	IN PLPC_MESSAGE Message);
2174
2175
2176
2177
2178	/* Files */
2179
2180	NTOSAPI
2181	NTSTATUS
2182	NTAPI
2183	NtDeleteFile(
2184	IN POBJECT_ATTRIBUTES ObjectAttributes);
2185
2186	NTOSAPI
2187	NTSTATUS
2188	NTAPI
2189	ZwDeleteFile(
2190	IN POBJECT_ATTRIBUTES ObjectAttributes);
2191
2192	NTOSAPI
2193	NTSTATUS
2194	NTAPI
2195	ZwFlushBuffersFile(
2196	IN HANDLE FileHandle,
2197	OUT PIO_STATUS_BLOCK IoStatusBlock);
2198
2199	NTOSAPI
2200	NTSTATUS
2201	NTAPI
2202	ZwCancelIoFile(
2203	IN HANDLE FileHandle,
2204	OUT PIO_STATUS_BLOCK IoStatusBlock);
2205
2206	NTOSAPI
2207	NTSTATUS
2208	NTAPI
2209	ZwReadFileScatter(
2210	IN HANDLE FileHandle,
2211	IN HANDLE Event OPTIONAL,
2212	IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
2213	IN PVOID ApcContext OPTIONAL,
2214	OUT PIO_STATUS_BLOCK IoStatusBlock,
2215	IN PFILE_SEGMENT_ELEMENT Buffer,
2216	IN ULONG Length,
2217	IN PLARGE_INTEGER ByteOffset OPTIONAL,
2218	IN PULONG Key OPTIONAL);
2219
2220	NTOSAPI
2221	NTSTATUS
2222	NTAPI
2223	ZwWriteFileGather(
2224	IN HANDLE FileHandle,
2225	IN HANDLE Event OPTIONAL,
2226	IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
2227	IN PVOID ApcContext OPTIONAL,
2228	OUT PIO_STATUS_BLOCK IoStatusBlock,
2229	IN PFILE_SEGMENT_ELEMENT Buffer,
2230	IN ULONG Length,
2231	IN PLARGE_INTEGER ByteOffset OPTIONAL,
2232	IN PULONG Key OPTIONAL);
2233
2234
2235
2236
2237	/* Registry keys */
2238
2239	NTOSAPI
2240	NTSTATUS
2241	NTAPI
2242	ZwSaveKey(
2243	IN HANDLE KeyHandle,
2244	IN HANDLE FileHandle);
2245
2246	NTOSAPI
2247	NTSTATUS
2248	NTAPI
2249	ZwSaveMergedKeys(
2250	IN HANDLE KeyHandle1,
2251	IN HANDLE KeyHandle2,
2252	IN HANDLE FileHandle);
2253
2254	NTOSAPI
2255	NTSTATUS
2256	NTAPI
2257	ZwRestoreKey(
2258	IN HANDLE KeyHandle,
2259	IN HANDLE FileHandle,
2260	IN ULONG Flags);
2261
2262	NTOSAPI
2263	NTSTATUS
2264	NTAPI
2265	ZwLoadKey(
2266	IN POBJECT_ATTRIBUTES KeyObjectAttributes,
2267	IN POBJECT_ATTRIBUTES FileObjectAttributes);
2268
2269	NTOSAPI
2270	NTSTATUS
2271	NTAPI
2272	ZwLoadKey2(
2273	IN POBJECT_ATTRIBUTES KeyObjectAttributes,
2274	IN POBJECT_ATTRIBUTES FileObjectAttributes,
2275	IN ULONG Flags);
2276
2277	NTOSAPI
2278	NTSTATUS
2279	NTAPI
2280	ZwUnloadKey(
2281	IN POBJECT_ATTRIBUTES KeyObjectAttributes);
2282
2283	NTOSAPI
2284	NTSTATUS
2285	NTAPI
2286	ZwQueryOpenSubKeys(
2287	IN POBJECT_ATTRIBUTES KeyObjectAttributes,
2288	OUT PULONG NumberOfKeys);
2289
2290	NTOSAPI
2291	NTSTATUS
2292	NTAPI
2293	ZwReplaceKey(
2294	IN POBJECT_ATTRIBUTES NewFileObjectAttributes,
2295	IN HANDLE KeyHandle,
2296	IN POBJECT_ATTRIBUTES OldFileObjectAttributes);
2297
2298	typedef enum _KEY_SET_INFORMATION_CLASS {
2299	KeyLastWriteTimeInformation
2300	} KEY_SET_INFORMATION_CLASS;
2301
2302	NTOSAPI
2303	NTSTATUS
2304	NTAPI
2305	ZwSetInformationKey(
2306	IN HANDLE KeyHandle,
2307	IN KEY_SET_INFORMATION_CLASS KeyInformationClass,
2308	IN PVOID KeyInformation,
2309	IN ULONG KeyInformationLength);
2310
2311	typedef struct _KEY_LAST_WRITE_TIME_INFORMATION {
2312	LARGE_INTEGER LastWriteTime;
2313	} KEY_LAST_WRITE_TIME_INFORMATION, *PKEY_LAST_WRITE_TIME_INFORMATION;
2314
2315	typedef struct _KEY_NAME_INFORMATION {
2316	ULONG NameLength;
2317	WCHAR Name[1];
2318	} KEY_NAME_INFORMATION, *PKEY_NAME_INFORMATION;
2319
2320	NTOSAPI
2321	NTSTATUS
2322	NTAPI
2323	ZwNotifyChangeKey(
2324	IN HANDLE KeyHandle,
2325	IN HANDLE EventHandle OPTIONAL,
2326	IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
2327	IN PVOID ApcContext OPTIONAL,
2328	OUT PIO_STATUS_BLOCK IoStatusBlock,
2329	IN ULONG NotifyFilter,
2330	IN BOOLEAN WatchSubtree,
2331	IN PVOID Buffer,
2332	IN ULONG BufferLength,
2333	IN BOOLEAN Asynchronous);
2334
2335	/* ZwNotifyChangeMultipleKeys.Flags constants */
2336	#define REG_MONITOR_SINGLE_KEY 0x00
2337	#define REG_MONITOR_SECOND_KEY 0x01
2338
2339	NTOSAPI
2340	NTSTATUS
2341	NTAPI
2342	ZwNotifyChangeMultipleKeys(
2343	IN HANDLE KeyHandle,
2344	IN ULONG Flags,
2345	IN POBJECT_ATTRIBUTES KeyObjectAttributes,
2346	IN HANDLE EventHandle OPTIONAL,
2347	IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
2348	IN PVOID ApcContext OPTIONAL,
2349	OUT PIO_STATUS_BLOCK IoStatusBlock,
2350	IN ULONG NotifyFilter,
2351	IN BOOLEAN WatchSubtree,
2352	IN PVOID Buffer,
2353	IN ULONG BufferLength,
2354	IN BOOLEAN Asynchronous);
2355
2356	NTOSAPI
2357	NTSTATUS
2358	NTAPI
2359	ZwQueryMultipleValueKey(
2360	IN HANDLE KeyHandle,
2361	IN OUT PKEY_VALUE_ENTRY ValueList,
2362	IN ULONG NumberOfValues,
2363	OUT PVOID Buffer,
2364	IN OUT PULONG Length,
2365	OUT PULONG ReturnLength);
2366
2367	NTOSAPI
2368	NTSTATUS
2369	NTAPI
2370	ZwInitializeRegistry(
2371	IN BOOLEAN Setup);
2372
2373
2374
2375
2376	/* Security and auditing */
2377
2378	NTOSAPI
2379	NTSTATUS
2380	NTAPI
2381	ZwPrivilegeCheck(
2382	IN HANDLE TokenHandle,
2383	IN PPRIVILEGE_SET RequiredPrivileges,
2384	OUT PBOOLEAN Result);
2385
2386	NTOSAPI
2387	NTSTATUS
2388	NTAPI
2389	ZwPrivilegeObjectAuditAlarm(
2390	IN PUNICODE_STRING SubsystemName,
2391	IN PVOID HandleId,
2392	IN HANDLE TokenHandle,
2393	IN ACCESS_MASK DesiredAccess,
2394	IN PPRIVILEGE_SET Privileges,
2395	IN BOOLEAN AccessGranted);
2396
2397	NTOSAPI
2398	NTSTATUS
2399	NTAPI
2400	ZwPrivilegeObjectAuditAlarm(
2401	IN PUNICODE_STRING SubsystemName,
2402	IN PVOID HandleId,
2403	IN HANDLE TokenHandle,
2404	IN ACCESS_MASK DesiredAccess,
2405	IN PPRIVILEGE_SET Privileges,
2406	IN BOOLEAN AccessGranted);
2407
2408	NTOSAPI
2409	NTSTATUS
2410	NTAPI
2411	ZwAccessCheck(
2412	IN PSECURITY_DESCRIPTOR SecurityDescriptor,
2413	IN HANDLE TokenHandle,
2414	IN ACCESS_MASK DesiredAccess,
2415	IN PGENERIC_MAPPING GenericMapping,
2416	IN PPRIVILEGE_SET PrivilegeSet,
2417	IN PULONG PrivilegeSetLength,
2418	OUT PACCESS_MASK GrantedAccess,
2419	OUT PBOOLEAN AccessStatus);
2420
2421	NTOSAPI
2422	NTSTATUS
2423	NTAPI
2424	ZwAccessCheckAndAuditAlarm(
2425	IN PUNICODE_STRING SubsystemName,
2426	IN PVOID HandleId,
2427	IN PUNICODE_STRING ObjectTypeName,
2428	IN PUNICODE_STRING ObjectName,
2429	IN PSECURITY_DESCRIPTOR SecurityDescriptor,
2430	IN ACCESS_MASK DesiredAccess,
2431	IN PGENERIC_MAPPING GenericMapping,
2432	IN BOOLEAN ObjectCreation,
2433	OUT PACCESS_MASK GrantedAccess,
2434	OUT PBOOLEAN AccessStatus,
2435	OUT PBOOLEAN GenerateOnClose);
2436
2437	NTOSAPI
2438	NTSTATUS
2439	NTAPI
2440	ZwAccessCheckByType(
2441	IN PSECURITY_DESCRIPTOR SecurityDescriptor,
2442	IN PSID PrincipalSelfSid,
2443	IN HANDLE TokenHandle,
2444	IN ULONG DesiredAccess,
2445	IN POBJECT_TYPE_LIST ObjectTypeList,
2446	IN ULONG ObjectTypeListLength,
2447	IN PGENERIC_MAPPING GenericMapping,
2448	IN PPRIVILEGE_SET PrivilegeSet,
2449	IN PULONG PrivilegeSetLength,
2450	OUT PACCESS_MASK GrantedAccess,
2451	OUT PULONG AccessStatus);
2452
2453	typedef enum _AUDIT_EVENT_TYPE {
2454	AuditEventObjectAccess,
2455	AuditEventDirectoryServiceAccess
2456	} AUDIT_EVENT_TYPE, *PAUDIT_EVENT_TYPE;
2457
2458	NTOSAPI
2459	NTSTATUS
2460	NTAPI
2461	ZwAccessCheckByTypeAndAuditAlarm(
2462	IN PUNICODE_STRING SubsystemName,
2463	IN PVOID HandleId,
2464	IN PUNICODE_STRING ObjectTypeName,
2465	IN PUNICODE_STRING ObjectName,
2466	IN PSECURITY_DESCRIPTOR SecurityDescriptor,
2467	IN PSID PrincipalSelfSid,
2468	IN ACCESS_MASK DesiredAccess,
2469	IN AUDIT_EVENT_TYPE AuditType,
2470	IN ULONG Flags,
2471	IN POBJECT_TYPE_LIST ObjectTypeList,
2472	IN ULONG ObjectTypeListLength,
2473	IN PGENERIC_MAPPING GenericMapping,
2474	IN BOOLEAN ObjectCreation,
2475	OUT PACCESS_MASK GrantedAccess,
2476	OUT PULONG AccessStatus,
2477	OUT PBOOLEAN GenerateOnClose);
2478
2479	NTOSAPI
2480	NTSTATUS
2481	NTAPI
2482	ZwAccessCheckByTypeResultList(
2483	IN PSECURITY_DESCRIPTOR SecurityDescriptor,
2484	IN PSID PrincipalSelfSid,
2485	IN HANDLE TokenHandle,
2486	IN ACCESS_MASK DesiredAccess,
2487	IN POBJECT_TYPE_LIST ObjectTypeList,
2488	IN ULONG ObjectTypeListLength,
2489	IN PGENERIC_MAPPING GenericMapping,
2490	IN PPRIVILEGE_SET PrivilegeSet,
2491	IN PULONG PrivilegeSetLength,
2492	OUT PACCESS_MASK GrantedAccessList,
2493	OUT PULONG AccessStatusList);
2494
2495	NTOSAPI
2496	NTSTATUS
2497	NTAPI
2498	ZwAccessCheckByTypeResultListAndAuditAlarm(
2499	IN PUNICODE_STRING SubsystemName,
2500	IN PVOID HandleId,
2501	IN PUNICODE_STRING ObjectTypeName,
2502	IN PUNICODE_STRING ObjectName,
2503	IN PSECURITY_DESCRIPTOR SecurityDescriptor,
2504	IN PSID PrincipalSelfSid,
2505	IN ACCESS_MASK DesiredAccess,
2506	IN AUDIT_EVENT_TYPE AuditType,
2507	IN ULONG Flags,
2508	IN POBJECT_TYPE_LIST ObjectTypeList,
2509	IN ULONG ObjectTypeListLength,
2510	IN PGENERIC_MAPPING GenericMapping,
2511	IN BOOLEAN ObjectCreation,
2512	OUT PACCESS_MASK GrantedAccessList,
2513	OUT PULONG AccessStatusList,
2514	OUT PULONG GenerateOnClose);
2515
2516	NTOSAPI
2517	NTSTATUS
2518	NTAPI
2519	ZwAccessCheckByTypeResultListAndAuditAlarmByHandle(
2520	IN PUNICODE_STRING SubsystemName,
2521	IN PVOID HandleId,
2522	IN HANDLE TokenHandle,
2523	IN PUNICODE_STRING ObjectTypeName,
2524	IN PUNICODE_STRING ObjectName,
2525	IN PSECURITY_DESCRIPTOR SecurityDescriptor,
2526	IN PSID PrincipalSelfSid,
2527	IN ACCESS_MASK DesiredAccess,
2528	IN AUDIT_EVENT_TYPE AuditType,
2529	IN ULONG Flags,
2530	IN POBJECT_TYPE_LIST ObjectTypeList,
2531	IN ULONG ObjectTypeListLength,
2532	IN PGENERIC_MAPPING GenericMapping,
2533	IN BOOLEAN ObjectCreation,
2534	OUT PACCESS_MASK GrantedAccessList,
2535	OUT PULONG AccessStatusList,
2536	OUT PULONG GenerateOnClose);
2537
2538	NTOSAPI
2539	NTSTATUS
2540	NTAPI
2541	ZwOpenObjectAuditAlarm(
2542	IN PUNICODE_STRING SubsystemName,
2543	IN PVOID *HandleId,
2544	IN PUNICODE_STRING ObjectTypeName,
2545	IN PUNICODE_STRING ObjectName,
2546	IN PSECURITY_DESCRIPTOR SecurityDescriptor,
2547	IN HANDLE TokenHandle,
2548	IN ACCESS_MASK DesiredAccess,
2549	IN ACCESS_MASK GrantedAccess,
2550	IN PPRIVILEGE_SET Privileges OPTIONAL,
2551	IN BOOLEAN ObjectCreation,
2552	IN BOOLEAN AccessGranted,
2553	OUT PBOOLEAN GenerateOnClose);
2554
2555	NTOSAPI
2556	NTSTATUS
2557	NTAPI
2558	ZwCloseObjectAuditAlarm(
2559	IN PUNICODE_STRING SubsystemName,
2560	IN PVOID HandleId,
2561	IN BOOLEAN GenerateOnClose);
2562
2563	NTOSAPI
2564	NTSTATUS
2565	NTAPI
2566	ZwDeleteObjectAuditAlarm(
2567	IN PUNICODE_STRING SubsystemName,
2568	IN PVOID HandleId,
2569	IN BOOLEAN GenerateOnClose);
2570
2571
2572
2573
2574	/* Plug and play and power management */
2575
2576	NTOSAPI
2577	NTSTATUS
2578	NTAPI
2579	ZwRequestWakeupLatency(
2580	IN LATENCY_TIME Latency);
2581
2582	NTOSAPI
2583	NTSTATUS
2584	NTAPI
2585	ZwRequestDeviceWakeup(
2586	IN HANDLE DeviceHandle);
2587
2588	NTOSAPI
2589	NTSTATUS
2590	NTAPI
2591	ZwCancelDeviceWakeupRequest(
2592	IN HANDLE DeviceHandle);
2593
2594	NTOSAPI
2595	BOOLEAN
2596	NTAPI
2597	ZwIsSystemResumeAutomatic(
2598	VOID);
2599
2600	NTOSAPI
2601	NTSTATUS
2602	NTAPI
2603	ZwSetThreadExecutionState(
2604	IN EXECUTION_STATE ExecutionState,
2605	OUT PEXECUTION_STATE PreviousExecutionState);
2606
2607	NTOSAPI
2608	NTSTATUS
2609	NTAPI
2610	ZwGetDevicePowerState(
2611	IN HANDLE DeviceHandle,
2612	OUT PDEVICE_POWER_STATE DevicePowerState);
2613
2614	NTOSAPI
2615	NTSTATUS
2616	NTAPI
2617	ZwSetSystemPowerState(
2618	IN POWER_ACTION SystemAction,
2619	IN SYSTEM_POWER_STATE MinSystemState,
2620	IN ULONG Flags);
2621
2622	NTOSAPI
2623	NTSTATUS
2624	NTAPI
2625	ZwInitiatePowerAction(
2626	IN POWER_ACTION SystemAction,
2627	IN SYSTEM_POWER_STATE MinSystemState,
2628	IN ULONG Flags,
2629	IN BOOLEAN Asynchronous);
2630
2631	NTOSAPI
2632	NTSTATUS
2633	NTAPI
2634	ZwPowerInformation(
2635	IN POWER_INFORMATION_LEVEL PowerInformationLevel,
2636	IN PVOID InputBuffer OPTIONAL,
2637	IN ULONG InputBufferLength,
2638	OUT PVOID OutputBuffer OPTIONAL,
2639	IN ULONG OutputBufferLength);
2640
2641	NTOSAPI
2642	NTSTATUS
2643	NTAPI
2644	ZwPlugPlayControl(
2645	IN ULONG ControlCode,
2646	IN OUT PVOID Buffer,
2647	IN ULONG BufferLength);
2648
2649	NTOSAPI
2650	NTSTATUS
2651	NTAPI
2652	ZwGetPlugPlayEvent(
2653	IN ULONG Reserved1,
2654	IN ULONG Reserved2,
2655	OUT PVOID Buffer,
2656	IN ULONG BufferLength);
2657
2658
2659
2660
2661	/* Miscellany */
2662
2663	NTOSAPI
2664	NTSTATUS
2665	NTAPI
2666	ZwRaiseException(
2667	IN PEXCEPTION_RECORD ExceptionRecord,
2668	IN PCONTEXT Context,
2669	IN BOOLEAN SearchFrames);
2670
2671	NTOSAPI
2672	NTSTATUS
2673	NTAPI
2674	ZwContinue(
2675	IN PCONTEXT Context,
2676	IN BOOLEAN TestAlert);
2677
2678	NTOSAPI
2679	NTSTATUS
2680	NTAPI
2681	ZwW32Call(
2682	IN ULONG RoutineIndex,
2683	IN PVOID Argument,
2684	IN ULONG ArgumentLength,
2685	OUT PVOID *Result OPTIONAL,
2686	OUT PULONG ResultLength OPTIONAL);
2687
2688	NTOSAPI
2689	NTSTATUS
2690	NTAPI
2691	ZwSetLowWaitHighThread(
2692	VOID);
2693
2694	NTOSAPI
2695	NTSTATUS
2696	NTAPI
2697	ZwSetHighWaitLowThread(
2698	VOID);
2699
2700	NTOSAPI
2701	NTSTATUS
2702	NTAPI
2703	ZwLoadDriver(
2704	IN PUNICODE_STRING DriverServiceName);
2705
2706	NTOSAPI
2707	NTSTATUS
2708	NTAPI
2709	ZwUnloadDriver(
2710	IN PUNICODE_STRING DriverServiceName);
2711
2712	NTOSAPI
2713	NTSTATUS
2714	NTAPI
2715	ZwFlushInstructionCache(
2716	IN HANDLE ProcessHandle,
2717	IN PVOID BaseAddress OPTIONAL,
2718	IN ULONG FlushSize);
2719
2720	NTOSAPI
2721	NTSTATUS
2722	NTAPI
2723	ZwFlushWriteBuffer(
2724	VOID);
2725
2726	NTOSAPI
2727	NTSTATUS
2728	NTAPI
2729	ZwQueryDefaultLocale(
2730	IN BOOLEAN ThreadOrSystem,
2731	OUT PLCID Locale);
2732
2733	NTOSAPI
2734	NTSTATUS
2735	NTAPI
2736	ZwSetDefaultLocale(
2737	IN BOOLEAN ThreadOrSystem,
2738	IN LCID Locale);
2739
2740	NTOSAPI
2741	NTSTATUS
2742	NTAPI
2743	ZwQueryDefaultUILanguage(
2744	OUT PLANGID LanguageId);
2745
2746	NTOSAPI
2747	NTSTATUS
2748	NTAPI
2749	ZwSetDefaultUILanguage(
2750	IN LANGID LanguageId);
2751
2752	NTOSAPI
2753	NTSTATUS
2754	NTAPI
2755	ZwQueryInstallUILanguage(
2756	OUT PLANGID LanguageId);
2757
2758	NTOSAPI
2759	NTSTATUS
2760	NTAPI
2761	NtAllocateLocallyUniqueId(
2762	OUT PLUID Luid);
2763
2764	NTOSAPI
2765	NTSTATUS
2766	NTAPI
2767	NtAllocateUuids(
2768	OUT PLARGE_INTEGER UuidLastTimeAllocated,
2769	OUT PULONG UuidDeltaTime,
2770	OUT PULONG UuidSequenceNumber,
2771	OUT PUCHAR UuidSeed);
2772
2773	NTOSAPI
2774	NTSTATUS
2775	NTAPI
2776	ZwSetUuidSeed(
2777	IN PUCHAR UuidSeed);
2778
2779	typedef enum _HARDERROR_RESPONSE_OPTION {
2780	OptionAbortRetryIgnore,
2781	OptionOk,
2782	OptionOkCancel,
2783	OptionRetryCancel,
2784	OptionYesNo,
2785	OptionYesNoCancel,
2786	OptionShutdownSystem
2787	} HARDERROR_RESPONSE_OPTION, *PHARDERROR_RESPONSE_OPTION;
2788
2789	typedef enum _HARDERROR_RESPONSE {
2790	ResponseReturnToCaller,
2791	ResponseNotHandled,
2792	ResponseAbort,
2793	ResponseCancel,
2794	ResponseIgnore,
2795	ResponseNo,
2796	ResponseOk,
2797	ResponseRetry,
2798	ResponseYes
2799	} HARDERROR_RESPONSE, *PHARDERROR_RESPONSE;
2800
2801	NTOSAPI
2802	NTSTATUS
2803	NTAPI
2804	ZwRaiseHardError(
2805	IN NTSTATUS Status,
2806	IN ULONG NumberOfArguments,
2807	IN ULONG StringArgumentsMask,
2808	IN PULONG Arguments,
2809	IN HARDERROR_RESPONSE_OPTION ResponseOption,
2810	OUT PHARDERROR_RESPONSE Response);
2811
2812	NTOSAPI
2813	NTSTATUS
2814	NTAPI
2815	ZwSetDefaultHardErrorPort(
2816	IN HANDLE PortHandle);
2817
2818	NTOSAPI
2819	NTSTATUS
2820	NTAPI
2821	ZwDisplayString(
2822	IN PUNICODE_STRING String);
2823
2824	NTOSAPI
2825	NTSTATUS
2826	NTAPI
2827	ZwCreatePagingFile(
2828	IN PUNICODE_STRING FileName,
2829	IN PULARGE_INTEGER InitialSize,
2830	IN PULARGE_INTEGER MaximumSize,
2831	IN ULONG Reserved);
2832
2833	typedef USHORT RTL_ATOM, *PRTL_ATOM;
2834
2835	NTOSAPI
2836	NTSTATUS
2837	NTAPI
2838	NtAddAtom(
2839	IN PWSTR AtomName,
2840	IN ULONG AtomNameLength,
2841	OUT PRTL_ATOM Atom);
2842
2843	NTOSAPI
2844	NTSTATUS
2845	NTAPI
2846	NtFindAtom(
2847	IN PWSTR AtomName,
2848	IN ULONG AtomNameLength,
2849	OUT PRTL_ATOM Atom);
2850
2851	NTOSAPI
2852	NTSTATUS
2853	NTAPI
2854	NtDeleteAtom(
2855	IN RTL_ATOM Atom);
2856
2857	typedef enum _ATOM_INFORMATION_CLASS {
2858	AtomBasicInformation,
2859	AtomListInformation
2860	} ATOM_INFORMATION_CLASS;
2861
2862	NTOSAPI
2863	NTSTATUS
2864	NTAPI
2865	NtQueryInformationAtom(
2866	IN RTL_ATOM Atom,
2867	IN ATOM_INFORMATION_CLASS AtomInformationClass,
2868	OUT PVOID AtomInformation,
2869	IN ULONG AtomInformationLength,
2870	OUT PULONG ReturnLength OPTIONAL);
2871
2872	typedef struct _ATOM_BASIC_INFORMATION {
2873	USHORT ReferenceCount;
2874	USHORT Pinned;
2875	USHORT NameLength;
2876	WCHAR Name[1];
2877	} ATOM_BASIC_INFORMATION, *PATOM_BASIC_INFORMATION;
2878
2879	typedef struct _ATOM_LIST_INFORMATION {
2880	ULONG NumberOfAtoms;
2881	ATOM Atoms[1];
2882	} ATOM_LIST_INFORMATION, *PATOM_LIST_INFORMATION;
2883
2884	NTOSAPI
2885	NTSTATUS
2886	NTAPI
2887	ZwSetLdtEntries(
2888	IN ULONG Selector1,
2889	IN LDT_ENTRY LdtEntry1,
2890	IN ULONG Selector2,
2891	IN LDT_ENTRY LdtEntry2);
2892
2893	NTOSAPI
2894	NTSTATUS
2895	NTAPI
2896	NtVdmControl(
2897	IN ULONG ControlCode,
2898	IN PVOID ControlData);
2899
2900	#pragma pack(pop)
2901
2902	#ifdef __cplusplus
2903	}
2904	#endif
2905
2906	#endif /* __NTAPI_H */

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: vendor/w32api/3.6/include/ddk/ntapi.h

Download in other formats: