Context Navigation

source: Daodan/MinGW/include/ddk/ntapi.h@ 1088

Last change on this file since 1088 was 1046, checked in by alloc, 8 years ago
Daodan: Added Windows MinGW and build batch file
File size: 90.7 KB

Rev	Line
[1046]	1	/*
	2	* ntapi.h
	3	*
	4	* Windows NT Native API
	5	*
	6	* Most structures in this file is obtained from Windows NT/2000 Native API
	7	* Reference by Gary Nebbett, ISBN 1578701996.
	8	*
	9	* This file is part of the w32api package.
	10	*
	11	* Contributors:
	12	* Created by Casper S. Hornstrup <chorns@users.sourceforge.net>
	13	*
	14	* THIS SOFTWARE IS NOT COPYRIGHTED
	15	*
	16	* This source code is offered for use in the public domain. You may
	17	* use, modify or distribute it freely.
	18	*
	19	* This code is distributed in the hope that it will be useful but
	20	* WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
	21	* DISCLAIMED. This includes but is not limited to warranties of
	22	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
	23	*
	24	*/
	25
	26	#ifndef __NTAPI_H
	27	#define __NTAPI_H
	28
	29	#if __GNUC__ >= 3
	30	#pragma GCC system_header
	31	#endif
	32
	33	#ifdef __cplusplus
	34	extern "C" {
	35	#endif
	36
	37	#include <stdarg.h>
	38	#include <winbase.h>
	39	#include "ntddk.h"
	40	#include "ntpoapi.h"
	41
	42	#pragma pack(push,4)
	43
	44	typedef struct _PEB *PPEB;
	45
	46	/* FIXME: Unknown definitions */
	47	typedef PVOID POBJECT_TYPE_LIST;
	48	typedef PVOID PEXECUTION_STATE;
	49	typedef PVOID PLANGID;
	50
	51	#ifndef NtCurrentProcess
	52	#define NtCurrentProcess() ((HANDLE)0xFFFFFFFF)
	53	#endif /* NtCurrentProcess */
	54	#ifndef NtCurrentThread
	55	#define NtCurrentThread() ((HANDLE)0xFFFFFFFE)
	56	#endif /* NtCurrentThread */
	57
	58	/* System information and control */
	59
	60	typedef enum _SYSTEM_INFORMATION_CLASS {
	61	SystemInformationClassMin = 0,
	62	SystemBasicInformation = 0,
	63	SystemProcessorInformation = 1,
	64	SystemPerformanceInformation = 2,
	65	SystemTimeOfDayInformation = 3,
	66	SystemPathInformation = 4,
	67	SystemNotImplemented1 = 4,
	68	SystemProcessInformation = 5,
	69	SystemProcessesAndThreadsInformation = 5,
	70	SystemCallCountInfoInformation = 6,
	71	SystemCallCounts = 6,
	72	SystemDeviceInformation = 7,
	73	SystemConfigurationInformation = 7,
	74	SystemProcessorPerformanceInformation = 8,
	75	SystemProcessorTimes = 8,
	76	SystemFlagsInformation = 9,
	77	SystemGlobalFlag = 9,
	78	SystemCallTimeInformation = 10,
	79	SystemNotImplemented2 = 10,
	80	SystemModuleInformation = 11,
	81	SystemLocksInformation = 12,
	82	SystemLockInformation = 12,
	83	SystemStackTraceInformation = 13,
	84	SystemNotImplemented3 = 13,
	85	SystemPagedPoolInformation = 14,
	86	SystemNotImplemented4 = 14,
	87	SystemNonPagedPoolInformation = 15,
	88	SystemNotImplemented5 = 15,
	89	SystemHandleInformation = 16,
	90	SystemObjectInformation = 17,
	91	SystemPageFileInformation = 18,
	92	SystemPagefileInformation = 18,
	93	SystemVdmInstemulInformation = 19,
	94	SystemInstructionEmulationCounts = 19,
	95	SystemVdmBopInformation = 20,
	96	SystemInvalidInfoClass1 = 20,
	97	SystemFileCacheInformation = 21,
	98	SystemCacheInformation = 21,
	99	SystemPoolTagInformation = 22,
	100	SystemInterruptInformation = 23,
	101	SystemProcessorStatistics = 23,
	102	SystemDpcBehaviourInformation = 24,
	103	SystemDpcInformation = 24,
	104	SystemFullMemoryInformation = 25,
	105	SystemNotImplemented6 = 25,
	106	SystemLoadImage = 26,
	107	SystemUnloadImage = 27,
	108	SystemTimeAdjustmentInformation = 28,
	109	SystemTimeAdjustment = 28,
	110	SystemSummaryMemoryInformation = 29,
	111	SystemNotImplemented7 = 29,
	112	SystemNextEventIdInformation = 30,
	113	SystemNotImplemented8 = 30,
	114	SystemEventIdsInformation = 31,
	115	SystemNotImplemented9 = 31,
	116	SystemCrashDumpInformation = 32,
	117	SystemExceptionInformation = 33,
	118	SystemCrashDumpStateInformation = 34,
	119	SystemKernelDebuggerInformation = 35,
	120	SystemContextSwitchInformation = 36,
	121	SystemRegistryQuotaInformation = 37,
	122	SystemLoadAndCallImage = 38,
	123	SystemPrioritySeparation = 39,
	124	SystemPlugPlayBusInformation = 40,
	125	SystemNotImplemented10 = 40,
	126	SystemDockInformation = 41,
	127	SystemNotImplemented11 = 41,
	128	/* SystemPowerInformation = 42, Conflicts with POWER_INFORMATION_LEVEL 1 */
	129	SystemInvalidInfoClass2 = 42,
	130	SystemProcessorSpeedInformation = 43,
	131	SystemInvalidInfoClass3 = 43,
	132	SystemCurrentTimeZoneInformation = 44,
	133	SystemTimeZoneInformation = 44,
	134	SystemLookasideInformation = 45,
	135	SystemSetTimeSlipEvent = 46,
	136	SystemCreateSession = 47,
	137	SystemDeleteSession = 48,
	138	SystemInvalidInfoClass4 = 49,
	139	SystemRangeStartInformation = 50,
	140	SystemVerifierInformation = 51,
	141	SystemAddVerifier = 52,
	142	SystemSessionProcessesInformation = 53,
	143	SystemInformationClassMax
	144	} SYSTEM_INFORMATION_CLASS;
	145
	146	typedef struct _SYSTEM_BASIC_INFORMATION {
	147	ULONG Unknown;
	148	ULONG MaximumIncrement;
	149	ULONG PhysicalPageSize;
	150	ULONG NumberOfPhysicalPages;
	151	ULONG LowestPhysicalPage;
	152	ULONG HighestPhysicalPage;
	153	ULONG AllocationGranularity;
	154	ULONG LowestUserAddress;
	155	ULONG HighestUserAddress;
	156	ULONG ActiveProcessors;
	157	UCHAR NumberProcessors;
	158	} SYSTEM_BASIC_INFORMATION, *PSYSTEM_BASIC_INFORMATION;
	159
	160	typedef struct _SYSTEM_PROCESSOR_INFORMATION {
	161	USHORT ProcessorArchitecture;
	162	USHORT ProcessorLevel;
	163	USHORT ProcessorRevision;
	164	USHORT Unknown;
	165	ULONG FeatureBits;
	166	} SYSTEM_PROCESSOR_INFORMATION, *PSYSTEM_PROCESSOR_INFORMATION;
	167
	168	typedef struct _SYSTEM_PERFORMANCE_INFORMATION {
	169	LARGE_INTEGER IdleTime;
	170	LARGE_INTEGER ReadTransferCount;
	171	LARGE_INTEGER WriteTransferCount;
	172	LARGE_INTEGER OtherTransferCount;
	173	ULONG ReadOperationCount;
	174	ULONG WriteOperationCount;
	175	ULONG OtherOperationCount;
	176	ULONG AvailablePages;
	177	ULONG TotalCommittedPages;
	178	ULONG TotalCommitLimit;
	179	ULONG PeakCommitment;
	180	ULONG PageFaults;
	181	ULONG WriteCopyFaults;
	182	ULONG TransitionFaults;
	183	ULONG CacheTransitionFaults;
	184	ULONG DemandZeroFaults;
	185	ULONG PagesRead;
	186	ULONG PageReadIos;
	187	ULONG CacheReads;
	188	ULONG CacheIos;
	189	ULONG PagefilePagesWritten;
	190	ULONG PagefilePageWriteIos;
	191	ULONG MappedFilePagesWritten;
	192	ULONG MappedFilePageWriteIos;
	193	ULONG PagedPoolUsage;
	194	ULONG NonPagedPoolUsage;
	195	ULONG PagedPoolAllocs;
	196	ULONG PagedPoolFrees;
	197	ULONG NonPagedPoolAllocs;
	198	ULONG NonPagedPoolFrees;
	199	ULONG TotalFreeSystemPtes;
	200	ULONG SystemCodePage;
	201	ULONG TotalSystemDriverPages;
	202	ULONG TotalSystemCodePages;
	203	ULONG SmallNonPagedLookasideListAllocateHits;
	204	ULONG SmallPagedLookasideListAllocateHits;
	205	ULONG Reserved3;
	206	ULONG MmSystemCachePage;
	207	ULONG PagedPoolPage;
	208	ULONG SystemDriverPage;
	209	ULONG FastReadNoWait;
	210	ULONG FastReadWait;
	211	ULONG FastReadResourceMiss;
	212	ULONG FastReadNotPossible;
	213	ULONG FastMdlReadNoWait;
	214	ULONG FastMdlReadWait;
	215	ULONG FastMdlReadResourceMiss;
	216	ULONG FastMdlReadNotPossible;
	217	ULONG MapDataNoWait;
	218	ULONG MapDataWait;
	219	ULONG MapDataNoWaitMiss;
	220	ULONG MapDataWaitMiss;
	221	ULONG PinMappedDataCount;
	222	ULONG PinReadNoWait;
	223	ULONG PinReadWait;
	224	ULONG PinReadNoWaitMiss;
	225	ULONG PinReadWaitMiss;
	226	ULONG CopyReadNoWait;
	227	ULONG CopyReadWait;
	228	ULONG CopyReadNoWaitMiss;
	229	ULONG CopyReadWaitMiss;
	230	ULONG MdlReadNoWait;
	231	ULONG MdlReadWait;
	232	ULONG MdlReadNoWaitMiss;
	233	ULONG MdlReadWaitMiss;
	234	ULONG ReadAheadIos;
	235	ULONG LazyWriteIos;
	236	ULONG LazyWritePages;
	237	ULONG DataFlushes;
	238	ULONG DataPages;
	239	ULONG ContextSwitches;
	240	ULONG FirstLevelTbFills;
	241	ULONG SecondLevelTbFills;
	242	ULONG SystemCalls;
	243	} SYSTEM_PERFORMANCE_INFORMATION, *PSYSTEM_PERFORMANCE_INFORMATION;
	244
	245	typedef struct _SYSTEM_TIME_OF_DAY_INFORMATION {
	246	LARGE_INTEGER BootTime;
	247	LARGE_INTEGER CurrentTime;
	248	LARGE_INTEGER TimeZoneBias;
	249	ULONG CurrentTimeZoneId;
	250	} SYSTEM_TIME_OF_DAY_INFORMATION, *PSYSTEM_TIME_OF_DAY_INFORMATION;
	251
	252	typedef struct _VM_COUNTERS {
	253	ULONG PeakVirtualSize;
	254	ULONG VirtualSize;
	255	ULONG PageFaultCount;
	256	ULONG PeakWorkingSetSize;
	257	ULONG WorkingSetSize;
	258	ULONG QuotaPeakPagedPoolUsage;
	259	ULONG QuotaPagedPoolUsage;
	260	ULONG QuotaPeakNonPagedPoolUsage;
	261	ULONG QuotaNonPagedPoolUsage;
	262	ULONG PagefileUsage;
	263	ULONG PeakPagefileUsage;
	264	} VM_COUNTERS;
	265
	266	typedef enum _THREAD_STATE {
	267	StateInitialized,
	268	StateReady,
	269	StateRunning,
	270	StateStandby,
	271	StateTerminated,
	272	StateWait,
	273	StateTransition,
	274	StateUnknown
	275	} THREAD_STATE;
	276
	277	typedef struct _SYSTEM_THREADS {
	278	LARGE_INTEGER KernelTime;
	279	LARGE_INTEGER UserTime;
	280	LARGE_INTEGER CreateTime;
	281	ULONG WaitTime;
	282	PVOID StartAddress;
	283	CLIENT_ID ClientId;
	284	KPRIORITY Priority;
	285	KPRIORITY BasePriority;
	286	ULONG ContextSwitchCount;
	287	THREAD_STATE State;
	288	KWAIT_REASON WaitReason;
	289	} SYSTEM_THREADS, *PSYSTEM_THREADS;
	290
	291	typedef struct _SYSTEM_PROCESSES {
	292	ULONG NextEntryDelta;
	293	ULONG ThreadCount;
	294	ULONG Reserved1[6];
	295	LARGE_INTEGER CreateTime;
	296	LARGE_INTEGER UserTime;
	297	LARGE_INTEGER KernelTime;
	298	UNICODE_STRING ProcessName;
	299	KPRIORITY BasePriority;
	300	ULONG ProcessId;
	301	ULONG InheritedFromProcessId;
	302	ULONG HandleCount;
	303	ULONG Reserved2[2];
	304	VM_COUNTERS VmCounters;
	305	IO_COUNTERS IoCounters;
	306	SYSTEM_THREADS Threads[1];
	307	} SYSTEM_PROCESSES, *PSYSTEM_PROCESSES;
	308
	309	typedef struct _SYSTEM_CALLS_INFORMATION {
	310	ULONG Size;
	311	ULONG NumberOfDescriptorTables;
	312	ULONG NumberOfRoutinesInTable[1];
	313	ULONG CallCounts[ANYSIZE_ARRAY];
	314	} SYSTEM_CALLS_INFORMATION, *PSYSTEM_CALLS_INFORMATION;
	315
	316	typedef struct _SYSTEM_CONFIGURATION_INFORMATION {
	317	ULONG DiskCount;
	318	ULONG FloppyCount;
	319	ULONG CdRomCount;
	320	ULONG TapeCount;
	321	ULONG SerialCount;
	322	ULONG ParallelCount;
	323	} SYSTEM_CONFIGURATION_INFORMATION, *PSYSTEM_CONFIGURATION_INFORMATION;
	324
	325	typedef struct _SYSTEM_PROCESSOR_TIMES {
	326	LARGE_INTEGER IdleTime;
	327	LARGE_INTEGER KernelTime;
	328	LARGE_INTEGER UserTime;
	329	LARGE_INTEGER DpcTime;
	330	LARGE_INTEGER InterruptTime;
	331	ULONG InterruptCount;
	332	} SYSTEM_PROCESSOR_TIMES, *PSYSTEM_PROCESSOR_TIMES;
	333
	334	/* SYSTEM_GLOBAL_FLAG.GlobalFlag constants */
	335	#define FLG_STOP_ON_EXCEPTION 0x00000001
	336	#define FLG_SHOW_LDR_SNAPS 0x00000002
	337	#define FLG_DEBUG_INITIAL_COMMAND 0x00000004
	338	#define FLG_STOP_ON_HUNG_GUI 0x00000008
	339	#define FLG_HEAP_ENABLE_TAIL_CHECK 0x00000010
	340	#define FLG_HEAP_ENABLE_FREE_CHECK 0x00000020
	341	#define FLG_HEAP_VALIDATE_PARAMETERS 0x00000040
	342	#define FLG_HEAP_VALIDATE_ALL 0x00000080
	343	#define FLG_POOL_ENABLE_TAIL_CHECK 0x00000100
	344	#define FLG_POOL_ENABLE_FREE_CHECK 0x00000200
	345	#define FLG_POOL_ENABLE_TAGGING 0x00000400
	346	#define FLG_HEAP_ENABLE_TAGGING 0x00000800
	347	#define FLG_USER_STACK_TRACE_DB 0x00001000
	348	#define FLG_KERNEL_STACK_TRACE_DB 0x00002000
	349	#define FLG_MAINTAIN_OBJECT_TYPELIST 0x00004000
	350	#define FLG_HEAP_ENABLE_TAG_BY_DLL 0x00008000
	351	#define FLG_IGNORE_DEBUG_PRIV 0x00010000
	352	#define FLG_ENABLE_CSRDEBUG 0x00020000
	353	#define FLG_ENABLE_KDEBUG_SYMBOL_LOAD 0x00040000
	354	#define FLG_DISABLE_PAGE_KERNEL_STACKS 0x00080000
	355	#define FLG_HEAP_ENABLE_CALL_TRACING 0x00100000
	356	#define FLG_HEAP_DISABLE_COALESCING 0x00200000
	357	#define FLG_ENABLE_CLOSE_EXCEPTIONS 0x00400000
	358	#define FLG_ENABLE_EXCEPTION_LOGGING 0x00800000
	359	#define FLG_ENABLE_DBGPRINT_BUFFERING 0x08000000
	360
	361	typedef struct _SYSTEM_GLOBAL_FLAG {
	362	ULONG GlobalFlag;
	363	} SYSTEM_GLOBAL_FLAG, *PSYSTEM_GLOBAL_FLAG;
	364
	365	typedef struct _SYSTEM_MODULE_INFORMATION_ENTRY {
	366	ULONG Unknown1;
	367	ULONG Unknown2;
	368	PVOID Base;
	369	ULONG Size;
	370	ULONG Flags;
	371	USHORT Index;
	372	/* Length of module name not including the path, this
	373	field contains valid value only for NTOSKRNL module */
	374	USHORT NameLength;
	375	USHORT LoadCount;
	376	USHORT PathLength;
	377	CHAR ImageName[256];
	378	} SYSTEM_MODULE_INFORMATION_ENTRY, *PSYSTEM_MODULE_INFORMATION_ENTRY;
	379
	380	typedef struct _SYSTEM_MODULE_INFORMATION {
	381	ULONG Count;
	382	SYSTEM_MODULE_INFORMATION_ENTRY Module[1];
	383	} SYSTEM_MODULE_INFORMATION, *PSYSTEM_MODULE_INFORMATION;
	384
	385	typedef struct _SYSTEM_LOCK_INFORMATION {
	386	PVOID Address;
	387	USHORT Type;
	388	USHORT Reserved1;
	389	ULONG ExclusiveOwnerThreadId;
	390	ULONG ActiveCount;
	391	ULONG ContentionCount;
	392	ULONG Reserved2[2];
	393	ULONG NumberOfSharedWaiters;
	394	ULONG NumberOfExclusiveWaiters;
	395	} SYSTEM_LOCK_INFORMATION, *PSYSTEM_LOCK_INFORMATION;
	396
	397	/SYSTEM_HANDLE_INFORMATION.Flags cosntants /
	398	#define PROTECT_FROM_CLOSE 0x01
	399	#define INHERIT 0x02
	400
	401	typedef struct _SYSTEM_HANDLE_INFORMATION {
	402	ULONG ProcessId;
	403	UCHAR ObjectTypeNumber;
	404	UCHAR Flags;
	405	USHORT Handle;
	406	PVOID Object;
	407	ACCESS_MASK GrantedAccess;
	408	} SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;
	409
	410	typedef struct _SYSTEM_OBJECT_TYPE_INFORMATION {
	411	ULONG NextEntryOffset;
	412	ULONG ObjectCount;
	413	ULONG HandleCount;
	414	ULONG TypeNumber;
	415	ULONG InvalidAttributes;
	416	GENERIC_MAPPING GenericMapping;
	417	ACCESS_MASK ValidAccessMask;
	418	POOL_TYPE PoolType;
	419	UCHAR Unknown;
	420	UNICODE_STRING Name;
	421	} SYSTEM_OBJECT_TYPE_INFORMATION, *PSYSTEM_OBJECT_TYPE_INFORMATION;
	422
	423	/* SYSTEM_OBJECT_INFORMATION.Flags constants */
	424	#define FLG_SYSOBJINFO_SINGLE_HANDLE_ENTRY 0x40
	425	#define FLG_SYSOBJINFO_DEFAULT_SECURITY_QUOTA 0x20
	426	#define FLG_SYSOBJINFO_PERMANENT 0x10
	427	#define FLG_SYSOBJINFO_EXCLUSIVE 0x08
	428	#define FLG_SYSOBJINFO_CREATOR_INFO 0x04
	429	#define FLG_SYSOBJINFO_KERNEL_MODE 0x02
	430
	431	typedef struct _SYSTEM_OBJECT_INFORMATION {
	432	ULONG NextEntryOffset;
	433	PVOID Object;
	434	ULONG CreatorProcessId;
	435	USHORT Unknown;
	436	USHORT Flags;
	437	ULONG PointerCount;
	438	ULONG HandleCount;
	439	ULONG PagedPoolUsage;
	440	ULONG NonPagedPoolUsage;
	441	ULONG ExclusiveProcessId;
	442	PSECURITY_DESCRIPTOR SecurityDescriptor;
	443	UNICODE_STRING Name;
	444	} SYSTEM_OBJECT_INFORMATION, *PSYSTEM_OBJECT_INFORMATION;
	445
	446	typedef struct _SYSTEM_PAGEFILE_INFORMATION {
	447	ULONG NextEntryOffset;
	448	ULONG CurrentSize;
	449	ULONG TotalUsed;
	450	ULONG PeakUsed;
	451	UNICODE_STRING FileName;
	452	} SYSTEM_PAGEFILE_INFORMATION, *PSYSTEM_PAGEFILE_INFORMATION;
	453
	454	typedef struct _SYSTEM_INSTRUCTION_EMULATION_INFORMATION {
	455	ULONG SegmentNotPresent;
	456	ULONG TwoByteOpcode;
	457	ULONG ESprefix;
	458	ULONG CSprefix;
	459	ULONG SSprefix;
	460	ULONG DSprefix;
	461	ULONG FSPrefix;
	462	ULONG GSprefix;
	463	ULONG OPER32prefix;
	464	ULONG ADDR32prefix;
	465	ULONG INSB;
	466	ULONG INSW;
	467	ULONG OUTSB;
	468	ULONG OUTSW;
	469	ULONG PUSHFD;
	470	ULONG POPFD;
	471	ULONG INTnn;
	472	ULONG INTO;
	473	ULONG IRETD;
	474	ULONG INBimm;
	475	ULONG INWimm;
	476	ULONG OUTBimm;
	477	ULONG OUTWimm;
	478	ULONG INB;
	479	ULONG INW;
	480	ULONG OUTB;
	481	ULONG OUTW;
	482	ULONG LOCKprefix;
	483	ULONG REPNEprefix;
	484	ULONG REPprefix;
	485	ULONG HLT;
	486	ULONG CLI;
	487	ULONG STI;
	488	ULONG GenericInvalidOpcode;
	489	} SYSTEM_INSTRUCTION_EMULATION_INFORMATION, *PSYSTEM_INSTRUCTION_EMULATION_INFORMATION;
	490
	491	typedef struct _SYSTEM_POOL_TAG_INFORMATION {
	492	CHAR Tag[4];
	493	ULONG PagedPoolAllocs;
	494	ULONG PagedPoolFrees;
	495	ULONG PagedPoolUsage;
	496	ULONG NonPagedPoolAllocs;
	497	ULONG NonPagedPoolFrees;
	498	ULONG NonPagedPoolUsage;
	499	} SYSTEM_POOL_TAG_INFORMATION, *PSYSTEM_POOL_TAG_INFORMATION;
	500
	501	typedef struct _SYSTEM_PROCESSOR_STATISTICS {
	502	ULONG ContextSwitches;
	503	ULONG DpcCount;
	504	ULONG DpcRequestRate;
	505	ULONG TimeIncrement;
	506	ULONG DpcBypassCount;
	507	ULONG ApcBypassCount;
	508	} SYSTEM_PROCESSOR_STATISTICS, *PSYSTEM_PROCESSOR_STATISTICS;
	509
	510	typedef struct _SYSTEM_DPC_INFORMATION {
	511	ULONG Reserved;
	512	ULONG MaximumDpcQueueDepth;
	513	ULONG MinimumDpcRate;
	514	ULONG AdjustDpcThreshold;
	515	ULONG IdealDpcRate;
	516	} SYSTEM_DPC_INFORMATION, *PSYSTEM_DPC_INFORMATION;
	517
	518	typedef struct _SYSTEM_LOAD_IMAGE {
	519	UNICODE_STRING ModuleName;
	520	PVOID ModuleBase;
	521	PVOID SectionPointer;
	522	PVOID EntryPoint;
	523	PVOID ExportDirectory;
	524	} SYSTEM_LOAD_IMAGE, *PSYSTEM_LOAD_IMAGE;
	525
	526	typedef struct _SYSTEM_UNLOAD_IMAGE {
	527	PVOID ModuleBase;
	528	} SYSTEM_UNLOAD_IMAGE, *PSYSTEM_UNLOAD_IMAGE;
	529
	530	typedef struct _SYSTEM_QUERY_TIME_ADJUSTMENT {
	531	ULONG TimeAdjustment;
	532	ULONG MaximumIncrement;
	533	BOOLEAN TimeSynchronization;
	534	} SYSTEM_QUERY_TIME_ADJUSTMENT, *PSYSTEM_QUERY_TIME_ADJUSTMENT;
	535
	536	typedef struct _SYSTEM_SET_TIME_ADJUSTMENT {
	537	ULONG TimeAdjustment;
	538	BOOLEAN TimeSynchronization;
	539	} SYSTEM_SET_TIME_ADJUSTMENT, *PSYSTEM_SET_TIME_ADJUSTMENT;
	540
	541	typedef struct _SYSTEM_CRASH_DUMP_INFORMATION {
	542	HANDLE CrashDumpSectionHandle;
	543	HANDLE Unknown;
	544	} SYSTEM_CRASH_DUMP_INFORMATION, *PSYSTEM_CRASH_DUMP_INFORMATION;
	545
	546	typedef struct _SYSTEM_EXCEPTION_INFORMATION {
	547	ULONG AlignmentFixupCount;
	548	ULONG ExceptionDispatchCount;
	549	ULONG FloatingEmulationCount;
	550	ULONG Reserved;
	551	} SYSTEM_EXCEPTION_INFORMATION, *PSYSTEM_EXCEPTION_INFORMATION;
	552
	553	typedef struct _SYSTEM_CRASH_DUMP_STATE_INFORMATION {
	554	ULONG CrashDumpSectionExists;
	555	ULONG Unknown;
	556	} SYSTEM_CRASH_DUMP_STATE_INFORMATION, *PSYSTEM_CRASH_DUMP_STATE_INFORMATION;
	557
	558	typedef struct _SYSTEM_KERNEL_DEBUGGER_INFORMATION {
	559	BOOLEAN DebuggerEnabled;
	560	BOOLEAN DebuggerNotPresent;
	561	} SYSTEM_KERNEL_DEBUGGER_INFORMATION, *PSYSTEM_KERNEL_DEBUGGER_INFORMATION;
	562
	563	typedef struct _SYSTEM_CONTEXT_SWITCH_INFORMATION {
	564	ULONG ContextSwitches;
	565	ULONG ContextSwitchCounters[11];
	566	} SYSTEM_CONTEXT_SWITCH_INFORMATION, *PSYSTEM_CONTEXT_SWITCH_INFORMATION;
	567
	568	typedef struct _SYSTEM_REGISTRY_QUOTA_INFORMATION {
	569	ULONG RegistryQuota;
	570	ULONG RegistryQuotaInUse;
	571	ULONG PagedPoolSize;
	572	} SYSTEM_REGISTRY_QUOTA_INFORMATION, *PSYSTEM_REGISTRY_QUOTA_INFORMATION;
	573
	574	typedef struct _SYSTEM_LOAD_AND_CALL_IMAGE {
	575	UNICODE_STRING ModuleName;
	576	} SYSTEM_LOAD_AND_CALL_IMAGE, *PSYSTEM_LOAD_AND_CALL_IMAGE;
	577
	578	typedef struct _SYSTEM_PRIORITY_SEPARATION {
	579	ULONG PrioritySeparation;
	580	} SYSTEM_PRIORITY_SEPARATION, *PSYSTEM_PRIORITY_SEPARATION;
	581
	582	typedef struct _SYSTEM_TIME_ZONE_INFORMATION {
	583	LONG Bias;
	584	WCHAR StandardName[32];
	585	LARGE_INTEGER StandardDate;
	586	LONG StandardBias;
	587	WCHAR DaylightName[32];
	588	LARGE_INTEGER DaylightDate;
	589	LONG DaylightBias;
	590	} SYSTEM_TIME_ZONE_INFORMATION, *PSYSTEM_TIME_ZONE_INFORMATION;
	591
	592	typedef struct _SYSTEM_LOOKASIDE_INFORMATION {
	593	USHORT Depth;
	594	USHORT MaximumDepth;
	595	ULONG TotalAllocates;
	596	ULONG AllocateMisses;
	597	ULONG TotalFrees;
	598	ULONG FreeMisses;
	599	POOL_TYPE Type;
	600	ULONG Tag;
	601	ULONG Size;
	602	} SYSTEM_LOOKASIDE_INFORMATION, *PSYSTEM_LOOKASIDE_INFORMATION;
	603
	604	typedef struct _SYSTEM_SET_TIME_SLIP_EVENT {
	605	HANDLE TimeSlipEvent;
	606	} SYSTEM_SET_TIME_SLIP_EVENT, *PSYSTEM_SET_TIME_SLIP_EVENT;
	607
	608	typedef struct _SYSTEM_CREATE_SESSION {
	609	ULONG SessionId;
	610	} SYSTEM_CREATE_SESSION, *PSYSTEM_CREATE_SESSION;
	611
	612	typedef struct _SYSTEM_DELETE_SESSION {
	613	ULONG SessionId;
	614	} SYSTEM_DELETE_SESSION, *PSYSTEM_DELETE_SESSION;
	615
	616	typedef struct _SYSTEM_RANGE_START_INFORMATION {
	617	PVOID SystemRangeStart;
	618	} SYSTEM_RANGE_START_INFORMATION, *PSYSTEM_RANGE_START_INFORMATION;
	619
	620	typedef struct _SYSTEM_SESSION_PROCESSES_INFORMATION {
	621	ULONG SessionId;
	622	ULONG BufferSize;
	623	PVOID Buffer;
	624	} SYSTEM_SESSION_PROCESSES_INFORMATION, *PSYSTEM_SESSION_PROCESSES_INFORMATION;
	625
	626	typedef struct _SYSTEM_POOL_BLOCK {
	627	BOOLEAN Allocated;
	628	USHORT Unknown;
	629	ULONG Size;
	630	CHAR Tag[4];
	631	} SYSTEM_POOL_BLOCK, *PSYSTEM_POOL_BLOCK;
	632
	633	typedef struct _SYSTEM_POOL_BLOCKS_INFORMATION {
	634	ULONG PoolSize;
	635	PVOID PoolBase;
	636	USHORT Unknown;
	637	ULONG NumberOfBlocks;
	638	SYSTEM_POOL_BLOCK PoolBlocks[1];
	639	} SYSTEM_POOL_BLOCKS_INFORMATION, *PSYSTEM_POOL_BLOCKS_INFORMATION;
	640
	641	typedef struct _SYSTEM_MEMORY_USAGE {
	642	PVOID Name;
	643	USHORT Valid;
	644	USHORT Standby;
	645	USHORT Modified;
	646	USHORT PageTables;
	647	} SYSTEM_MEMORY_USAGE, *PSYSTEM_MEMORY_USAGE;
	648
	649	typedef struct _SYSTEM_MEMORY_USAGE_INFORMATION {
	650	ULONG Reserved;
	651	PVOID EndOfData;
	652	SYSTEM_MEMORY_USAGE MemoryUsage[1];
	653	} SYSTEM_MEMORY_USAGE_INFORMATION, *PSYSTEM_MEMORY_USAGE_INFORMATION;
	654
	655	NTOSAPI
	656	NTSTATUS
	657	NTAPI
	658	NtQuerySystemInformation(
	659	/IN/ SYSTEM_INFORMATION_CLASS SystemInformationClass,
	660	/IN OUT/ PVOID SystemInformation,
	661	/IN/ ULONG SystemInformationLength,
	662	/OUT/ PULONG ReturnLength /OPTIONAL/);
	663
	664	NTOSAPI
	665	NTSTATUS
	666	NTAPI
	667	ZwQuerySystemInformation(
	668	/IN/ SYSTEM_INFORMATION_CLASS SystemInformationClass,
	669	/IN OUT/ PVOID SystemInformation,
	670	/IN/ ULONG SystemInformationLength,
	671	/OUT/ PULONG ReturnLength /OPTIONAL/);
	672
	673	NTOSAPI
	674	NTAPI
	675	NTSTATUS
	676	NtQueryFullAttributesFile(
	677	/IN/ POBJECT_ATTRIBUTES ObjectAttributes,
	678	/OUT/ PFILE_NETWORK_OPEN_INFORMATION FileInformation);
	679
	680	NTOSAPI
	681	NTAPI
	682	NTSTATUS
	683	ZwQueryFullAttributesFile(
	684	/IN/ POBJECT_ATTRIBUTES ObjectAttributes,
	685	/OUT/ PFILE_NETWORK_OPEN_INFORMATION FileInformation);
	686
	687	NTOSAPI
	688	NTSTATUS
	689	NTAPI
	690	NtSetSystemInformation(
	691	/IN/ SYSTEM_INFORMATION_CLASS SystemInformationClass,
	692	/IN OUT/ PVOID SystemInformation,
	693	/IN/ ULONG SystemInformationLength);
	694
	695	NTOSAPI
	696	NTSTATUS
	697	NTAPI
	698	ZwSetSystemInformation(
	699	/IN/ SYSTEM_INFORMATION_CLASS SystemInformationClass,
	700	/IN OUT/ PVOID SystemInformation,
	701	/IN/ ULONG SystemInformationLength);
	702
	703	NTOSAPI
	704	NTSTATUS
	705	NTAPI
	706	NtQuerySystemEnvironmentValue(
	707	/IN/ PUNICODE_STRING Name,
	708	/OUT/ PVOID Value,
	709	/IN/ ULONG ValueLength,
	710	/OUT/ PULONG ReturnLength /OPTIONAL/);
	711
	712	NTOSAPI
	713	NTSTATUS
	714	NTAPI
	715	ZwQuerySystemEnvironmentValue(
	716	/IN/ PUNICODE_STRING Name,
	717	/OUT/ PVOID Value,
	718	/IN/ ULONG ValueLength,
	719	/OUT/ PULONG ReturnLength /OPTIONAL/);
	720
	721	NTOSAPI
	722	NTSTATUS
	723	NTAPI
	724	NtSetSystemEnvironmentValue(
	725	/IN/ PUNICODE_STRING Name,
	726	/IN/ PUNICODE_STRING Value);
	727
	728	NTOSAPI
	729	NTSTATUS
	730	NTAPI
	731	ZwSetSystemEnvironmentValue(
	732	/IN/ PUNICODE_STRING Name,
	733	/IN/ PUNICODE_STRING Value);
	734
	735	typedef enum _SHUTDOWN_ACTION {
	736	ShutdownNoReboot,
	737	ShutdownReboot,
	738	ShutdownPowerOff
	739	} SHUTDOWN_ACTION;
	740
	741	NTOSAPI
	742	NTSTATUS
	743	NTAPI
	744	NtShutdownSystem(
	745	/IN/ SHUTDOWN_ACTION Action);
	746
	747	NTOSAPI
	748	NTSTATUS
	749	NTAPI
	750	ZwShutdownSystem(
	751	/IN/ SHUTDOWN_ACTION Action);
	752
	753	typedef enum _DEBUG_CONTROL_CODE {
	754	DebugGetTraceInformation = 1,
	755	DebugSetInternalBreakpoint,
	756	DebugSetSpecialCall,
	757	DebugClearSpecialCalls,
	758	DebugQuerySpecialCalls,
	759	DebugDbgBreakPoint,
	760	DebugMaximum
	761	} DEBUG_CONTROL_CODE;
	762
	763
	764	NTOSAPI
	765	NTSTATUS
	766	NTAPI
	767	NtSystemDebugControl(
	768	/IN/ DEBUG_CONTROL_CODE ControlCode,
	769	/IN/ PVOID InputBuffer /OPTIONAL/,
	770	/IN/ ULONG InputBufferLength,
	771	/OUT/ PVOID OutputBuffer /OPTIONAL/,
	772	/IN/ ULONG OutputBufferLength,
	773	/OUT/ PULONG ReturnLength /OPTIONAL/);
	774
	775	NTOSAPI
	776	NTSTATUS
	777	NTAPI
	778	ZwSystemDebugControl(
	779	/IN/ DEBUG_CONTROL_CODE ControlCode,
	780	/IN/ PVOID InputBuffer /OPTIONAL/,
	781	/IN/ ULONG InputBufferLength,
	782	/OUT/ PVOID OutputBuffer /OPTIONAL/,
	783	/IN/ ULONG OutputBufferLength,
	784	/OUT/ PULONG ReturnLength /OPTIONAL/);
	785
	786
	787
	788	/* Objects, Object directories, and symbolic links */
	789
	790	typedef enum _OBJECT_INFORMATION_CLASS {
	791	ObjectBasicInformation,
	792	ObjectNameInformation,
	793	ObjectTypeInformation,
	794	ObjectAllTypesInformation,
	795	ObjectHandleInformation
	796	} OBJECT_INFORMATION_CLASS;
	797
	798	NTOSAPI
	799	NTSTATUS
	800	NTAPI
	801	NtQueryObject(
	802	/IN/ HANDLE ObjectHandle,
	803	/IN/ OBJECT_INFORMATION_CLASS ObjectInformationClass,
	804	/OUT/ PVOID ObjectInformation,
	805	/IN/ ULONG ObjectInformationLength,
	806	/OUT/ PULONG ReturnLength /OPTIONAL/);
	807
	808	NTOSAPI
	809	NTSTATUS
	810	NTAPI
	811	ZwQueryObject(
	812	/IN/ HANDLE ObjectHandle,
	813	/IN/ OBJECT_INFORMATION_CLASS ObjectInformationClass,
	814	/OUT/ PVOID ObjectInformation,
	815	/IN/ ULONG ObjectInformationLength,
	816	/OUT/ PULONG ReturnLength /OPTIONAL/);
	817
	818	NTOSAPI
	819	NTSTATUS
	820	NTAPI
	821	NtSetInformationObject(
	822	/IN/ HANDLE ObjectHandle,
	823	/IN/ OBJECT_INFORMATION_CLASS ObjectInformationClass,
	824	/IN/ PVOID ObjectInformation,
	825	/IN/ ULONG ObjectInformationLength);
	826
	827	NTOSAPI
	828	NTSTATUS
	829	NTAPI
	830	ZwSetInformationObject(
	831	/IN/ HANDLE ObjectHandle,
	832	/IN/ OBJECT_INFORMATION_CLASS ObjectInformationClass,
	833	/IN/ PVOID ObjectInformation,
	834	/IN/ ULONG ObjectInformationLength);
	835
	836	/* OBJECT_BASIC_INFORMATION.Attributes constants */
	837	/* also in winbase.h */
	838	#define HANDLE_FLAG_INHERIT 0x01
	839	#define HANDLE_FLAG_PROTECT_FROM_CLOSE 0x02
	840	/* end winbase.h */
	841	#define PERMANENT 0x10
	842	#define EXCLUSIVE 0x20
	843
	844	typedef struct _OBJECT_BASIC_INFORMATION {
	845	ULONG Attributes;
	846	ACCESS_MASK GrantedAccess;
	847	ULONG HandleCount;
	848	ULONG PointerCount;
	849	ULONG PagedPoolUsage;
	850	ULONG NonPagedPoolUsage;
	851	ULONG Reserved[3];
	852	ULONG NameInformationLength;
	853	ULONG TypeInformationLength;
	854	ULONG SecurityDescriptorLength;
	855	LARGE_INTEGER CreateTime;
	856	} OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION;
	857	#if 0
	858	/* FIXME: Enable later */
	859	typedef struct _OBJECT_TYPE_INFORMATION {
	860	UNICODE_STRING Name;
	861	ULONG ObjectCount;
	862	ULONG HandleCount;
	863	ULONG Reserved1[4];
	864	ULONG PeakObjectCount;
	865	ULONG PeakHandleCount;
	866	ULONG Reserved2[4];
	867	ULONG InvalidAttributes;
	868	GENERIC_MAPPING GenericMapping;
	869	ULONG ValidAccess;
	870	UCHAR Unknown;
	871	BOOLEAN MaintainHandleDatabase;
	872	POOL_TYPE PoolType;
	873	ULONG PagedPoolUsage;
	874	ULONG NonPagedPoolUsage;
	875	} OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION;
	876
	877	typedef struct _OBJECT_ALL_TYPES_INFORMATION {
	878	ULONG NumberOfTypes;
	879	OBJECT_TYPE_INFORMATION TypeInformation;
	880	} OBJECT_ALL_TYPES_INFORMATION, *POBJECT_ALL_TYPES_INFORMATION;
	881	#endif
	882	typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFORMATION {
	883	BOOLEAN Inherit;
	884	BOOLEAN ProtectFromClose;
	885	} OBJECT_HANDLE_ATTRIBUTE_INFORMATION, *POBJECT_HANDLE_ATTRIBUTE_INFORMATION;
	886
	887	NTOSAPI
	888	NTSTATUS
	889	NTAPI
	890	NtDuplicateObject(
	891	/IN/ HANDLE SourceProcessHandle,
	892	/IN/ HANDLE SourceHandle,
	893	/IN/ HANDLE TargetProcessHandle,
	894	/OUT/ PHANDLE TargetHandle /OPTIONAL/,
	895	/IN/ ACCESS_MASK DesiredAccess,
	896	/IN/ ULONG Attributes,
	897	/IN/ ULONG Options);
	898
	899	NTOSAPI
	900	NTSTATUS
	901	NTAPI
	902	ZwDuplicateObject(
	903	/IN/ HANDLE SourceProcessHandle,
	904	/IN/ HANDLE SourceHandle,
	905	/IN/ HANDLE TargetProcessHandle,
	906	/OUT/ PHANDLE TargetHandle /OPTIONAL/,
	907	/IN/ ACCESS_MASK DesiredAccess,
	908	/IN/ ULONG Attributes,
	909	/IN/ ULONG Options);
	910
	911	NTOSAPI
	912	NTSTATUS
	913	NTAPI
	914	NtQuerySecurityObject(
	915	/IN/ HANDLE Handle,
	916	/IN/ SECURITY_INFORMATION SecurityInformation,
	917	/OUT/ PSECURITY_DESCRIPTOR SecurityDescriptor,
	918	/IN/ ULONG SecurityDescriptorLength,
	919	/OUT/ PULONG ReturnLength);
	920
	921	NTOSAPI
	922	NTSTATUS
	923	NTAPI
	924	ZwQuerySecurityObject(
	925	/IN/ HANDLE Handle,
	926	/IN/ SECURITY_INFORMATION SecurityInformation,
	927	/OUT/ PSECURITY_DESCRIPTOR SecurityDescriptor,
	928	/IN/ ULONG SecurityDescriptorLength,
	929	/OUT/ PULONG ReturnLength);
	930
	931	NTOSAPI
	932	NTSTATUS
	933	NTAPI
	934	NtSetSecurityObject(
	935	/IN/ HANDLE Handle,
	936	/IN/ SECURITY_INFORMATION SecurityInformation,
	937	/IN/ PSECURITY_DESCRIPTOR SecurityDescriptor);
	938
	939	NTOSAPI
	940	NTSTATUS
	941	NTAPI
	942	ZwSetSecurityObject(
	943	/IN/ HANDLE Handle,
	944	/IN/ SECURITY_INFORMATION SecurityInformation,
	945	/IN/ PSECURITY_DESCRIPTOR SecurityDescriptor);
	946
	947	NTOSAPI
	948	NTSTATUS
	949	NTAPI
	950	NtOpenDirectoryObject(
	951	/OUT/ PHANDLE DirectoryHandle,
	952	/IN/ ACCESS_MASK DesiredAccess,
	953	/IN/ POBJECT_ATTRIBUTES ObjectAttributes);
	954
	955	NTOSAPI
	956	NTSTATUS
	957	NTAPI
	958	ZwOpenDirectoryObject(
	959	/OUT/ PHANDLE DirectoryHandle,
	960	/IN/ ACCESS_MASK DesiredAccess,
	961	/IN/ POBJECT_ATTRIBUTES ObjectAttributes);
	962
	963	NTOSAPI
	964	NTSTATUS
	965	NTAPI
	966	NtQueryDirectoryObject(
	967	/IN/ HANDLE DirectoryHandle,
	968	/OUT/ PVOID Buffer,
	969	/IN/ ULONG BufferLength,
	970	/IN/ BOOLEAN ReturnSingleEntry,
	971	/IN/ BOOLEAN RestartScan,
	972	/IN OUT/ PULONG Context,
	973	/OUT/ PULONG ReturnLength /OPTIONAL/);
	974
	975	NTOSAPI
	976	NTSTATUS
	977	NTAPI
	978	ZwQueryDirectoryObject(
	979	/IN/ HANDLE DirectoryHandle,
	980	/OUT/ PVOID Buffer,
	981	/IN/ ULONG BufferLength,
	982	/IN/ BOOLEAN ReturnSingleEntry,
	983	/IN/ BOOLEAN RestartScan,
	984	/IN OUT/ PULONG Context,
	985	/OUT/ PULONG ReturnLength /OPTIONAL/);
	986
	987	typedef struct _DIRECTORY_BASIC_INFORMATION {
	988	UNICODE_STRING ObjectName;
	989	UNICODE_STRING ObjectTypeName;
	990	} DIRECTORY_BASIC_INFORMATION, *PDIRECTORY_BASIC_INFORMATION;
	991
	992	NTOSAPI
	993	NTSTATUS
	994	NTAPI
	995	NtCreateSymbolicLinkObject(
	996	/OUT/ PHANDLE SymbolicLinkHandle,
	997	/IN/ ACCESS_MASK DesiredAccess,
	998	/IN/ POBJECT_ATTRIBUTES ObjectAttributes,
	999	/IN/ PUNICODE_STRING TargetName);
	1000
	1001	NTOSAPI
	1002	NTSTATUS
	1003	NTAPI
	1004	ZwCreateSymbolicLinkObject(
	1005	/OUT/ PHANDLE SymbolicLinkHandle,
	1006	/IN/ ACCESS_MASK DesiredAccess,
	1007	/IN/ POBJECT_ATTRIBUTES ObjectAttributes,
	1008	/IN/ PUNICODE_STRING TargetName);
	1009
	1010
	1011
	1012
	1013	/* Virtual memory */
	1014
	1015	typedef enum _MEMORY_INFORMATION_CLASS {
	1016	MemoryBasicInformation,
	1017	MemoryWorkingSetList,
	1018	MemorySectionName,
	1019	MemoryBasicVlmInformation
	1020	} MEMORY_INFORMATION_CLASS;
	1021
	1022	NTOSAPI
	1023	NTSTATUS
	1024	NTAPI
	1025	NtAllocateVirtualMemory(
	1026	/IN/ HANDLE ProcessHandle,
	1027	/IN OUT/ PVOID *BaseAddress,
	1028	/IN/ ULONG ZeroBits,
	1029	/IN OUT/ PULONG AllocationSize,
	1030	/IN/ ULONG AllocationType,
	1031	/IN/ ULONG Protect);
	1032
	1033	NTOSAPI
	1034	NTSTATUS
	1035	NTAPI
	1036	ZwAllocateVirtualMemory(
	1037	/IN/ HANDLE ProcessHandle,
	1038	/IN OUT/ PVOID *BaseAddress,
	1039	/IN/ ULONG ZeroBits,
	1040	/IN OUT/ PULONG AllocationSize,
	1041	/IN/ ULONG AllocationType,
	1042	/IN/ ULONG Protect);
	1043
	1044	NTOSAPI
	1045	NTSTATUS
	1046	NTAPI
	1047	NtFreeVirtualMemory(
	1048	/IN/ HANDLE ProcessHandle,
	1049	/IN OUT/ PVOID *BaseAddress,
	1050	/IN OUT/ PULONG FreeSize,
	1051	/IN/ ULONG FreeType);
	1052
	1053	NTOSAPI
	1054	NTSTATUS
	1055	NTAPI
	1056	ZwFreeVirtualMemory(
	1057	/IN/ HANDLE ProcessHandle,
	1058	/IN OUT/ PVOID *BaseAddress,
	1059	/IN OUT/ PULONG FreeSize,
	1060	/IN/ ULONG FreeType);
	1061
	1062	NTOSAPI
	1063	NTSTATUS
	1064	NTAPI
	1065	NtQueryVirtualMemory(
	1066	/IN/ HANDLE ProcessHandle,
	1067	/IN/ PVOID BaseAddress,
	1068	/IN/ MEMORY_INFORMATION_CLASS MemoryInformationClass,
	1069	/OUT/ PVOID MemoryInformation,
	1070	/IN/ ULONG MemoryInformationLength,
	1071	/OUT/ PULONG ReturnLength /OPTIONAL/);
	1072
	1073	NTOSAPI
	1074	NTSTATUS
	1075	NTAPI
	1076	ZwQueryVirtualMemory(
	1077	/IN/ HANDLE ProcessHandle,
	1078	/IN/ PVOID BaseAddress,
	1079	/IN/ MEMORY_INFORMATION_CLASS MemoryInformationClass,
	1080	/OUT/ PVOID MemoryInformation,
	1081	/IN/ ULONG MemoryInformationLength,
	1082	/OUT/ PULONG ReturnLength /OPTIONAL/);
	1083
	1084	/* MEMORY_WORKING_SET_LIST.WorkingSetList constants */
	1085	#define WSLE_PAGE_READONLY 0x001
	1086	#define WSLE_PAGE_EXECUTE 0x002
	1087	#define WSLE_PAGE_READWRITE 0x004
	1088	#define WSLE_PAGE_EXECUTE_READ 0x003
	1089	#define WSLE_PAGE_WRITECOPY 0x005
	1090	#define WSLE_PAGE_EXECUTE_READWRITE 0x006
	1091	#define WSLE_PAGE_EXECUTE_WRITECOPY 0x007
	1092	#define WSLE_PAGE_SHARE_COUNT_MASK 0x0E0
	1093	#define WSLE_PAGE_SHAREABLE 0x100
	1094
	1095	typedef struct _MEMORY_WORKING_SET_LIST {
	1096	ULONG NumberOfPages;
	1097	ULONG WorkingSetList[1];
	1098	} MEMORY_WORKING_SET_LIST, *PMEMORY_WORKING_SET_LIST;
	1099
	1100	typedef struct _MEMORY_SECTION_NAME {
	1101	UNICODE_STRING SectionFileName;
	1102	} MEMORY_SECTION_NAME, *PMEMORY_SECTION_NAME;
	1103
	1104	/* Zw[Lock\|Unlock]VirtualMemory.LockType constants */
	1105	#define LOCK_VM_IN_WSL 0x01
	1106	#define LOCK_VM_IN_RAM 0x02
	1107
	1108	NTOSAPI
	1109	NTSTATUS
	1110	NTAPI
	1111	NtLockVirtualMemory(
	1112	/IN/ HANDLE ProcessHandle,
	1113	/IN OUT/ PVOID *BaseAddress,
	1114	/IN OUT/ PULONG LockSize,
	1115	/IN/ ULONG LockType);
	1116
	1117	NTOSAPI
	1118	NTSTATUS
	1119	NTAPI
	1120	ZwLockVirtualMemory(
	1121	/IN/ HANDLE ProcessHandle,
	1122	/IN OUT/ PVOID *BaseAddress,
	1123	/IN OUT/ PULONG LockSize,
	1124	/IN/ ULONG LockType);
	1125
	1126	NTOSAPI
	1127	NTSTATUS
	1128	NTAPI
	1129	NtUnlockVirtualMemory(
	1130	/IN/ HANDLE ProcessHandle,
	1131	/IN OUT/ PVOID *BaseAddress,
	1132	/IN OUT/ PULONG LockSize,
	1133	/IN/ ULONG LockType);
	1134
	1135	NTOSAPI
	1136	NTSTATUS
	1137	NTAPI
	1138	ZwUnlockVirtualMemory(
	1139	/IN/ HANDLE ProcessHandle,
	1140	/IN OUT/ PVOID *BaseAddress,
	1141	/IN OUT/ PULONG LockSize,
	1142	/IN/ ULONG LockType);
	1143
	1144	NTOSAPI
	1145	NTSTATUS
	1146	NTAPI
	1147	NtReadVirtualMemory(
	1148	/IN/ HANDLE ProcessHandle,
	1149	/IN/ PVOID BaseAddress,
	1150	/OUT/ PVOID Buffer,
	1151	/IN/ ULONG BufferLength,
	1152	/OUT/ PULONG ReturnLength /OPTIONAL/);
	1153
	1154	NTOSAPI
	1155	NTSTATUS
	1156	NTAPI
	1157	ZwReadVirtualMemory(
	1158	/IN/ HANDLE ProcessHandle,
	1159	/IN/ PVOID BaseAddress,
	1160	/OUT/ PVOID Buffer,
	1161	/IN/ ULONG BufferLength,
	1162	/OUT/ PULONG ReturnLength /OPTIONAL/);
	1163
	1164	NTOSAPI
	1165	NTSTATUS
	1166	NTAPI
	1167	NtWriteVirtualMemory(
	1168	/IN/ HANDLE ProcessHandle,
	1169	/IN/ PVOID BaseAddress,
	1170	/IN/ PVOID Buffer,
	1171	/IN/ ULONG BufferLength,
	1172	/OUT/ PULONG ReturnLength /OPTIONAL/);
	1173
	1174	NTOSAPI
	1175	NTSTATUS
	1176	NTAPI
	1177	ZwWriteVirtualMemory(
	1178	/IN/ HANDLE ProcessHandle,
	1179	/IN/ PVOID BaseAddress,
	1180	/IN/ PVOID Buffer,
	1181	/IN/ ULONG BufferLength,
	1182	/OUT/ PULONG ReturnLength /OPTIONAL/);
	1183
	1184	NTOSAPI
	1185	NTSTATUS
	1186	NTAPI
	1187	NtProtectVirtualMemory(
	1188	/IN/ HANDLE ProcessHandle,
	1189	/IN OUT/ PVOID *BaseAddress,
	1190	/IN OUT/ PULONG ProtectSize,
	1191	/IN/ ULONG NewProtect,
	1192	/OUT/ PULONG OldProtect);
	1193
	1194	NTOSAPI
	1195	NTSTATUS
	1196	NTAPI
	1197	ZwProtectVirtualMemory(
	1198	/IN/ HANDLE ProcessHandle,
	1199	/IN OUT/ PVOID *BaseAddress,
	1200	/IN OUT/ PULONG ProtectSize,
	1201	/IN/ ULONG NewProtect,
	1202	/OUT/ PULONG OldProtect);
	1203
	1204	NTOSAPI
	1205	NTSTATUS
	1206	NTAPI
	1207	NtFlushVirtualMemory(
	1208	/IN/ HANDLE ProcessHandle,
	1209	/IN OUT/ PVOID *BaseAddress,
	1210	/IN OUT/ PULONG FlushSize,
	1211	/OUT/ PIO_STATUS_BLOCK IoStatusBlock);
	1212
	1213	NTOSAPI
	1214	NTSTATUS
	1215	NTAPI
	1216	ZwFlushVirtualMemory(
	1217	/IN/ HANDLE ProcessHandle,
	1218	/IN OUT/ PVOID *BaseAddress,
	1219	/IN OUT/ PULONG FlushSize,
	1220	/OUT/ PIO_STATUS_BLOCK IoStatusBlock);
	1221
	1222	NTOSAPI
	1223	NTSTATUS
	1224	NTAPI
	1225	NtAllocateUserPhysicalPages(
	1226	/IN/ HANDLE ProcessHandle,
	1227	/IN/ PULONG NumberOfPages,
	1228	/OUT/ PULONG PageFrameNumbers);
	1229
	1230	NTOSAPI
	1231	NTSTATUS
	1232	NTAPI
	1233	ZwAllocateUserPhysicalPages(
	1234	/IN/ HANDLE ProcessHandle,
	1235	/IN/ PULONG NumberOfPages,
	1236	/OUT/ PULONG PageFrameNumbers);
	1237
	1238	NTOSAPI
	1239	NTSTATUS
	1240	NTAPI
	1241	NtFreeUserPhysicalPages(
	1242	/IN/ HANDLE ProcessHandle,
	1243	/IN OUT/ PULONG NumberOfPages,
	1244	/IN/ PULONG PageFrameNumbers);
	1245
	1246	NTOSAPI
	1247	NTSTATUS
	1248	NTAPI
	1249	ZwFreeUserPhysicalPages(
	1250	/IN/ HANDLE ProcessHandle,
	1251	/IN OUT/ PULONG NumberOfPages,
	1252	/IN/ PULONG PageFrameNumbers);
	1253
	1254	NTOSAPI
	1255	NTSTATUS
	1256	NTAPI
	1257	NtMapUserPhysicalPages(
	1258	/IN/ PVOID BaseAddress,
	1259	/IN/ PULONG NumberOfPages,
	1260	/IN/ PULONG PageFrameNumbers);
	1261
	1262	NTOSAPI
	1263	NTSTATUS
	1264	NTAPI
	1265	ZwMapUserPhysicalPages(
	1266	/IN/ PVOID BaseAddress,
	1267	/IN/ PULONG NumberOfPages,
	1268	/IN/ PULONG PageFrameNumbers);
	1269
	1270	NTOSAPI
	1271	NTSTATUS
	1272	NTAPI
	1273	NtMapUserPhysicalPagesScatter(
	1274	/IN/ PVOID *BaseAddresses,
	1275	/IN/ PULONG NumberOfPages,
	1276	/IN/ PULONG PageFrameNumbers);
	1277
	1278	NTOSAPI
	1279	NTSTATUS
	1280	NTAPI
	1281	ZwMapUserPhysicalPagesScatter(
	1282	/IN/ PVOID *BaseAddresses,
	1283	/IN/ PULONG NumberOfPages,
	1284	/IN/ PULONG PageFrameNumbers);
	1285
	1286	NTOSAPI
	1287	NTSTATUS
	1288	NTAPI
	1289	NtGetWriteWatch(
	1290	/IN/ HANDLE ProcessHandle,
	1291	/IN/ ULONG Flags,
	1292	/IN/ PVOID BaseAddress,
	1293	/IN/ ULONG RegionSize,
	1294	/OUT/ PULONG Buffer,
	1295	/IN OUT/ PULONG BufferEntries,
	1296	/OUT/ PULONG Granularity);
	1297
	1298	NTOSAPI
	1299	NTSTATUS
	1300	NTAPI
	1301	ZwGetWriteWatch(
	1302	/IN/ HANDLE ProcessHandle,
	1303	/IN/ ULONG Flags,
	1304	/IN/ PVOID BaseAddress,
	1305	/IN/ ULONG RegionSize,
	1306	/OUT/ PULONG Buffer,
	1307	/IN OUT/ PULONG BufferEntries,
	1308	/OUT/ PULONG Granularity);
	1309
	1310	NTOSAPI
	1311	NTSTATUS
	1312	NTAPI
	1313	NtResetWriteWatch(
	1314	/IN/ HANDLE ProcessHandle,
	1315	/IN/ PVOID BaseAddress,
	1316	/IN/ ULONG RegionSize);
	1317
	1318	NTOSAPI
	1319	NTSTATUS
	1320	NTAPI
	1321	ZwResetWriteWatch(
	1322	/IN/ HANDLE ProcessHandle,
	1323	/IN/ PVOID BaseAddress,
	1324	/IN/ ULONG RegionSize);
	1325
	1326
	1327
	1328
	1329	/* Sections */
	1330
	1331	typedef enum _SECTION_INFORMATION_CLASS {
	1332	SectionBasicInformation,
	1333	SectionImageInformation
	1334	} SECTION_INFORMATION_CLASS;
	1335
	1336	NTOSAPI
	1337	NTSTATUS
	1338	NTAPI
	1339	NtCreateSection(
	1340	/OUT/ PHANDLE SectionHandle,
	1341	/IN/ ACCESS_MASK DesiredAccess,
	1342	/IN/ POBJECT_ATTRIBUTES ObjectAttributes,
	1343	/IN/ PLARGE_INTEGER SectionSize /OPTIONAL/,
	1344	/IN/ ULONG Protect,
	1345	/IN/ ULONG Attributes,
	1346	/IN/ HANDLE FileHandle);
	1347
	1348	NTOSAPI
	1349	NTSTATUS
	1350	NTAPI
	1351	ZwCreateSection(
	1352	/OUT/ PHANDLE SectionHandle,
	1353	/IN/ ACCESS_MASK DesiredAccess,
	1354	/IN/ POBJECT_ATTRIBUTES ObjectAttributes,
	1355	/IN/ PLARGE_INTEGER SectionSize /OPTIONAL/,
	1356	/IN/ ULONG Protect,
	1357	/IN/ ULONG Attributes,
	1358	/IN/ HANDLE FileHandle);
	1359
	1360	NTOSAPI
	1361	NTSTATUS
	1362	NTAPI
	1363	NtQuerySection(
	1364	/IN/ HANDLE SectionHandle,
	1365	/IN/ SECTION_INFORMATION_CLASS SectionInformationClass,
	1366	/OUT/ PVOID SectionInformation,
	1367	/IN/ ULONG SectionInformationLength,
	1368	/OUT/ PULONG ResultLength /OPTIONAL/);
	1369
	1370	NTOSAPI
	1371	NTSTATUS
	1372	NTAPI
	1373	ZwQuerySection(
	1374	/IN/ HANDLE SectionHandle,
	1375	/IN/ SECTION_INFORMATION_CLASS SectionInformationClass,
	1376	/OUT/ PVOID SectionInformation,
	1377	/IN/ ULONG SectionInformationLength,
	1378	/OUT/ PULONG ResultLength /OPTIONAL/);
	1379
	1380	NTOSAPI
	1381	NTSTATUS
	1382	NTAPI
	1383	NtExtendSection(
	1384	/IN/ HANDLE SectionHandle,
	1385	/IN/ PLARGE_INTEGER SectionSize);
	1386
	1387	NTOSAPI
	1388	NTSTATUS
	1389	NTAPI
	1390	ZwExtendSection(
	1391	/IN/ HANDLE SectionHandle,
	1392	/IN/ PLARGE_INTEGER SectionSize);
	1393
	1394	NTOSAPI
	1395	NTSTATUS
	1396	NTAPI
	1397	NtAreMappedFilesTheSame(
	1398	/IN/ PVOID Address1,
	1399	/IN/ PVOID Address2);
	1400
	1401	NTOSAPI
	1402	NTSTATUS
	1403	NTAPI
	1404	ZwAreMappedFilesTheSame(
	1405	/IN/ PVOID Address1,
	1406	/IN/ PVOID Address2);
	1407
	1408
	1409
	1410
	1411	/* Threads */
	1412
	1413	typedef struct _USER_STACK {
	1414	PVOID FixedStackBase;
	1415	PVOID FixedStackLimit;
	1416	PVOID ExpandableStackBase;
	1417	PVOID ExpandableStackLimit;
	1418	PVOID ExpandableStackBottom;
	1419	} USER_STACK, *PUSER_STACK;
	1420
	1421	NTOSAPI
	1422	NTSTATUS
	1423	NTAPI
	1424	NtCreateThread(
	1425	/OUT/ PHANDLE ThreadHandle,
	1426	/IN/ ACCESS_MASK DesiredAccess,
	1427	/IN/ POBJECT_ATTRIBUTES ObjectAttributes,
	1428	/IN/ HANDLE ProcessHandle,
	1429	/OUT/ PCLIENT_ID ClientId,
	1430	/IN/ PCONTEXT ThreadContext,
	1431	/IN/ PUSER_STACK UserStack,
	1432	/IN/ BOOLEAN CreateSuspended);
	1433
	1434	NTOSAPI
	1435	NTSTATUS
	1436	NTAPI
	1437	ZwCreateThread(
	1438	/OUT/ PHANDLE ThreadHandle,
	1439	/IN/ ACCESS_MASK DesiredAccess,
	1440	/IN/ POBJECT_ATTRIBUTES ObjectAttributes,
	1441	/IN/ HANDLE ProcessHandle,
	1442	/OUT/ PCLIENT_ID ClientId,
	1443	/IN/ PCONTEXT ThreadContext,
	1444	/IN/ PUSER_STACK UserStack,
	1445	/IN/ BOOLEAN CreateSuspended);
	1446
	1447	NTOSAPI
	1448	NTSTATUS
	1449	NTAPI
	1450	NtOpenThread(
	1451	/OUT/ PHANDLE ThreadHandle,
	1452	/IN/ ACCESS_MASK DesiredAccess,
	1453	/IN/ POBJECT_ATTRIBUTES ObjectAttributes,
	1454	/IN/ PCLIENT_ID ClientId);
	1455
	1456	NTOSAPI
	1457	NTSTATUS
	1458	NTAPI
	1459	ZwOpenThread(
	1460	/OUT/ PHANDLE ThreadHandle,
	1461	/IN/ ACCESS_MASK DesiredAccess,
	1462	/IN/ POBJECT_ATTRIBUTES ObjectAttributes,
	1463	/IN/ PCLIENT_ID ClientId);
	1464
	1465	NTOSAPI
	1466	NTSTATUS
	1467	NTAPI
	1468	NtTerminateThread(
	1469	/IN/ HANDLE ThreadHandle /OPTIONAL/,
	1470	/IN/ NTSTATUS ExitStatus);
	1471
	1472	NTOSAPI
	1473	NTSTATUS
	1474	NTAPI
	1475	ZwTerminateThread(
	1476	/IN/ HANDLE ThreadHandle /OPTIONAL/,
	1477	/IN/ NTSTATUS ExitStatus);
	1478
	1479	NTOSAPI
	1480	NTSTATUS
	1481	NTAPI
	1482	NtQueryInformationThread(
	1483	/IN/ HANDLE ThreadHandle,
	1484	/IN/ THREADINFOCLASS ThreadInformationClass,
	1485	/OUT/ PVOID ThreadInformation,
	1486	/IN/ ULONG ThreadInformationLength,
	1487	/OUT/ PULONG ReturnLength /OPTIONAL/);
	1488
	1489	NTOSAPI
	1490	NTSTATUS
	1491	NTAPI
	1492	ZwQueryInformationThread(
	1493	/IN/ HANDLE ThreadHandle,
	1494	/IN/ THREADINFOCLASS ThreadInformationClass,
	1495	/OUT/ PVOID ThreadInformation,
	1496	/IN/ ULONG ThreadInformationLength,
	1497	/OUT/ PULONG ReturnLength /OPTIONAL/);
	1498
	1499	NTOSAPI
	1500	NTSTATUS
	1501	NTAPI
	1502	NtSetInformationThread(
	1503	/IN/ HANDLE ThreadHandle,
	1504	/IN/ THREADINFOCLASS ThreadInformationClass,
	1505	/IN/ PVOID ThreadInformation,
	1506	/IN/ ULONG ThreadInformationLength);
	1507
	1508	NTOSAPI
	1509	NTSTATUS
	1510	NTAPI
	1511	ZwSetInformationThread(
	1512	/IN/ HANDLE ThreadHandle,
	1513	/IN/ THREADINFOCLASS ThreadInformationClass,
	1514	/IN/ PVOID ThreadInformation,
	1515	/IN/ ULONG ThreadInformationLength);
	1516
	1517	typedef struct _THREAD_BASIC_INFORMATION {
	1518	NTSTATUS ExitStatus;
	1519	PNT_TIB TebBaseAddress;
	1520	CLIENT_ID ClientId;
	1521	KAFFINITY AffinityMask;
	1522	KPRIORITY Priority;
	1523	KPRIORITY BasePriority;
	1524	} THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION;
	1525
	1526	typedef struct _KERNEL_USER_TIMES {
	1527	LARGE_INTEGER CreateTime;
	1528	LARGE_INTEGER ExitTime;
	1529	LARGE_INTEGER KernelTime;
	1530	LARGE_INTEGER UserTime;
	1531	} KERNEL_USER_TIMES, *PKERNEL_USER_TIMES;
	1532
	1533	NTOSAPI
	1534	NTSTATUS
	1535	NTAPI
	1536	NtSuspendThread(
	1537	/IN/ HANDLE ThreadHandle,
	1538	/OUT/ PULONG PreviousSuspendCount /OPTIONAL/);
	1539
	1540	NTOSAPI
	1541	NTSTATUS
	1542	NTAPI
	1543	ZwSuspendThread(
	1544	/IN/ HANDLE ThreadHandle,
	1545	/OUT/ PULONG PreviousSuspendCount /OPTIONAL/);
	1546
	1547	NTOSAPI
	1548	NTSTATUS
	1549	NTAPI
	1550	NtResumeThread(
	1551	/IN/ HANDLE ThreadHandle,
	1552	/OUT/ PULONG PreviousSuspendCount /OPTIONAL/);
	1553
	1554	NTOSAPI
	1555	NTSTATUS
	1556	NTAPI
	1557	ZwResumeThread(
	1558	/IN/ HANDLE ThreadHandle,
	1559	/OUT/ PULONG PreviousSuspendCount /OPTIONAL/);
	1560
	1561	NTOSAPI
	1562	NTSTATUS
	1563	NTAPI
	1564	NtGetContextThread(
	1565	/IN/ HANDLE ThreadHandle,
	1566	/OUT/ PCONTEXT Context);
	1567
	1568	NTOSAPI
	1569	NTSTATUS
	1570	NTAPI
	1571	ZwGetContextThread(
	1572	/IN/ HANDLE ThreadHandle,
	1573	/OUT/ PCONTEXT Context);
	1574
	1575	NTOSAPI
	1576	NTSTATUS
	1577	NTAPI
	1578	NtSetContextThread(
	1579	/IN/ HANDLE ThreadHandle,
	1580	/IN/ PCONTEXT Context);
	1581
	1582	NTOSAPI
	1583	NTSTATUS
	1584	NTAPI
	1585	ZwSetContextThread(
	1586	/IN/ HANDLE ThreadHandle,
	1587	/IN/ PCONTEXT Context);
	1588
	1589	NTOSAPI
	1590	NTSTATUS
	1591	NTAPI
	1592	NtQueueApcThread(
	1593	/IN/ HANDLE ThreadHandle,
	1594	/IN/ PKNORMAL_ROUTINE ApcRoutine,
	1595	/IN/ PVOID ApcContext /OPTIONAL/,
	1596	/IN/ PVOID Argument1 /OPTIONAL/,
	1597	/IN/ PVOID Argument2 /OPTIONAL/);
	1598
	1599	NTOSAPI
	1600	NTSTATUS
	1601	NTAPI
	1602	ZwQueueApcThread(
	1603	/IN/ HANDLE ThreadHandle,
	1604	/IN/ PKNORMAL_ROUTINE ApcRoutine,
	1605	/IN/ PVOID ApcContext /OPTIONAL/,
	1606	/IN/ PVOID Argument1 /OPTIONAL/,
	1607	/IN/ PVOID Argument2 /OPTIONAL/);
	1608
	1609	NTOSAPI
	1610	NTSTATUS
	1611	NTAPI
	1612	NtTestAlert(
	1613	VOID);
	1614
	1615	NTOSAPI
	1616	NTSTATUS
	1617	NTAPI
	1618	ZwTestAlert(
	1619	VOID);
	1620
	1621	NTOSAPI
	1622	NTSTATUS
	1623	NTAPI
	1624	NtAlertThread(
	1625	/IN/ HANDLE ThreadHandle);
	1626
	1627	NTOSAPI
	1628	NTSTATUS
	1629	NTAPI
	1630	ZwAlertThread(
	1631	/IN/ HANDLE ThreadHandle);
	1632
	1633	NTOSAPI
	1634	NTSTATUS
	1635	NTAPI
	1636	NtAlertResumeThread(
	1637	/IN/ HANDLE ThreadHandle,
	1638	/OUT/ PULONG PreviousSuspendCount /OPTIONAL/);
	1639
	1640	NTOSAPI
	1641	NTSTATUS
	1642	NTAPI
	1643	ZwAlertResumeThread(
	1644	/IN/ HANDLE ThreadHandle,
	1645	/OUT/ PULONG PreviousSuspendCount /OPTIONAL/);
	1646
	1647	NTOSAPI
	1648	NTSTATUS
	1649	NTAPI
	1650	NtRegisterThreadTerminatePort(
	1651	/IN/ HANDLE PortHandle);
	1652
	1653	NTOSAPI
	1654	NTSTATUS
	1655	NTAPI
	1656	ZwRegisterThreadTerminatePort(
	1657	/IN/ HANDLE PortHandle);
	1658
	1659	NTOSAPI
	1660	NTSTATUS
	1661	NTAPI
	1662	NtImpersonateThread(
	1663	/IN/ HANDLE ThreadHandle,
	1664	/IN/ HANDLE TargetThreadHandle,
	1665	/IN/ PSECURITY_QUALITY_OF_SERVICE SecurityQos);
	1666
	1667	NTOSAPI
	1668	NTSTATUS
	1669	NTAPI
	1670	ZwImpersonateThread(
	1671	/IN/ HANDLE ThreadHandle,
	1672	/IN/ HANDLE TargetThreadHandle,
	1673	/IN/ PSECURITY_QUALITY_OF_SERVICE SecurityQos);
	1674
	1675	NTOSAPI
	1676	NTSTATUS
	1677	NTAPI
	1678	NtImpersonateAnonymousToken(
	1679	/IN/ HANDLE ThreadHandle);
	1680
	1681	NTOSAPI
	1682	NTSTATUS
	1683	NTAPI
	1684	ZwImpersonateAnonymousToken(
	1685	/IN/ HANDLE ThreadHandle);
	1686
	1687
	1688
	1689
	1690	/* Processes */
	1691
	1692	NTOSAPI
	1693	NTSTATUS
	1694	NTAPI
	1695	NtCreateProcess(
	1696	/OUT/ PHANDLE ProcessHandle,
	1697	/IN/ ACCESS_MASK DesiredAccess,
	1698	/IN/ POBJECT_ATTRIBUTES ObjectAttributes,
	1699	/IN/ HANDLE InheritFromProcessHandle,
	1700	/IN/ BOOLEAN InheritHandles,
	1701	/IN/ HANDLE SectionHandle /OPTIONAL/,
	1702	/IN/ HANDLE DebugPort /OPTIONAL/,
	1703	/IN/ HANDLE ExceptionPort /OPTIONAL/);
	1704
	1705	NTOSAPI
	1706	NTSTATUS
	1707	NTAPI
	1708	ZwCreateProcess(
	1709	/OUT/ PHANDLE ProcessHandle,
	1710	/IN/ ACCESS_MASK DesiredAccess,
	1711	/IN/ POBJECT_ATTRIBUTES ObjectAttributes,
	1712	/IN/ HANDLE InheritFromProcessHandle,
	1713	/IN/ BOOLEAN InheritHandles,
	1714	/IN/ HANDLE SectionHandle /OPTIONAL/,
	1715	/IN/ HANDLE DebugPort /OPTIONAL/,
	1716	/IN/ HANDLE ExceptionPort /OPTIONAL/);
	1717
	1718	NTOSAPI
	1719	NTSTATUS
	1720	NTAPI
	1721	NtTerminateProcess(
	1722	/IN/ HANDLE ProcessHandle /OPTIONAL/,
	1723	/IN/ NTSTATUS ExitStatus);
	1724
	1725	NTOSAPI
	1726	NTSTATUS
	1727	NTAPI
	1728	ZwTerminateProcess(
	1729	/IN/ HANDLE ProcessHandle /OPTIONAL/,
	1730	/IN/ NTSTATUS ExitStatus);
	1731
	1732	NTOSAPI
	1733	NTSTATUS
	1734	NTAPI
	1735	NtQueryInformationProcess(
	1736	/IN/ HANDLE ProcessHandle,
	1737	/IN/ PROCESSINFOCLASS ProcessInformationClass,
	1738	/OUT/ PVOID ProcessInformation,
	1739	/IN/ ULONG ProcessInformationLength,
	1740	/OUT/ PULONG ReturnLength /OPTIONAL/);
	1741
	1742	NTOSAPI
	1743	NTSTATUS
	1744	NTAPI
	1745	ZwQueryInformationProcess(
	1746	/IN/ HANDLE ProcessHandle,
	1747	/IN/ PROCESSINFOCLASS ProcessInformationClass,
	1748	/OUT/ PVOID ProcessInformation,
	1749	/IN/ ULONG ProcessInformationLength,
	1750	/OUT/ PULONG ReturnLength /OPTIONAL/);
	1751
	1752	NTOSAPI
	1753	NTSTATUS
	1754	NTAPI
	1755	NtSetInformationProcess(
	1756	/IN/ HANDLE ProcessHandle,
	1757	/IN/ PROCESSINFOCLASS ProcessInformationClass,
	1758	/IN/ PVOID ProcessInformation,
	1759	/IN/ ULONG ProcessInformationLength);
	1760
	1761	NTOSAPI
	1762	NTSTATUS
	1763	NTAPI
	1764	ZwSetInformationProcess(
	1765	/IN/ HANDLE ProcessHandle,
	1766	/IN/ PROCESSINFOCLASS ProcessInformationClass,
	1767	/IN/ PVOID ProcessInformation,
	1768	/IN/ ULONG ProcessInformationLength);
	1769
	1770	typedef struct _PROCESS_BASIC_INFORMATION {
	1771	NTSTATUS ExitStatus;
	1772	PPEB PebBaseAddress;
	1773	KAFFINITY AffinityMask;
	1774	KPRIORITY BasePriority;
	1775	ULONG UniqueProcessId;
	1776	ULONG InheritedFromUniqueProcessId;
	1777	} PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION;
	1778
	1779	typedef struct _PROCESS_ACCESS_TOKEN {
	1780	HANDLE Token;
	1781	HANDLE Thread;
	1782	} PROCESS_ACCESS_TOKEN, *PPROCESS_ACCESS_TOKEN;
	1783
	1784	/* DefaultHardErrorMode constants */
	1785	/* also in winbase.h */
	1786	#define SEM_FAILCRITICALERRORS 0x0001
	1787	#define SEM_NOGPFAULTERRORBOX 0x0002
	1788	#define SEM_NOALIGNMENTFAULTEXCEPT 0x0004
	1789	#define SEM_NOOPENFILEERRORBOX 0x8000
	1790	/* end winbase.h */
	1791	typedef struct _POOLED_USAGE_AND_LIMITS {
	1792	ULONG PeakPagedPoolUsage;
	1793	ULONG PagedPoolUsage;
	1794	ULONG PagedPoolLimit;
	1795	ULONG PeakNonPagedPoolUsage;
	1796	ULONG NonPagedPoolUsage;
	1797	ULONG NonPagedPoolLimit;
	1798	ULONG PeakPagefileUsage;
	1799	ULONG PagefileUsage;
	1800	ULONG PagefileLimit;
	1801	} POOLED_USAGE_AND_LIMITS, *PPOOLED_USAGE_AND_LIMITS;
	1802
	1803	typedef struct _PROCESS_WS_WATCH_INFORMATION {
	1804	PVOID FaultingPc;
	1805	PVOID FaultingVa;
	1806	} PROCESS_WS_WATCH_INFORMATION, *PPROCESS_WS_WATCH_INFORMATION;
	1807
	1808	/* PROCESS_PRIORITY_CLASS.PriorityClass constants */
	1809	#define PC_IDLE 1
	1810	#define PC_NORMAL 2
	1811	#define PC_HIGH 3
	1812	#define PC_REALTIME 4
	1813	#define PC_BELOW_NORMAL 5
	1814	#define PC_ABOVE_NORMAL 6
	1815
	1816	typedef struct _PROCESS_PRIORITY_CLASS {
	1817	BOOLEAN Foreground;
	1818	UCHAR PriorityClass;
	1819	} PROCESS_PRIORITY_CLASS, *PPROCESS_PRIORITY_CLASS;
	1820
	1821	/* PROCESS_DEVICEMAP_INFORMATION.DriveType constants */
	1822	#define DRIVE_UNKNOWN 0
	1823	#define DRIVE_NO_ROOT_DIR 1
	1824	#define DRIVE_REMOVABLE 2
	1825	#define DRIVE_FIXED 3
	1826	#define DRIVE_REMOTE 4
	1827	#define DRIVE_CDROM 5
	1828	#define DRIVE_RAMDISK 6
	1829
	1830	typedef struct _PROCESS_DEVICEMAP_INFORMATION {
	1831	_ANONYMOUS_UNION union {
	1832	struct {
	1833	HANDLE DirectoryHandle;
	1834	} Set;
	1835	struct {
	1836	ULONG DriveMap;
	1837	UCHAR DriveType[32];
	1838	} Query;
	1839	} DUMMYUNIONNAME;
	1840	} PROCESS_DEVICEMAP_INFORMATION, *PPROCESS_DEVICEMAP_INFORMATION;
	1841
	1842	typedef struct _PROCESS_SESSION_INFORMATION {
	1843	ULONG SessionId;
	1844	} PROCESS_SESSION_INFORMATION, *PPROCESS_SESSION_INFORMATION;
	1845
	1846	typedef struct _RTL_USER_PROCESS_PARAMETERS {
	1847	ULONG AllocationSize;
	1848	ULONG Size;
	1849	ULONG Flags;
	1850	ULONG DebugFlags;
	1851	HANDLE hConsole;
	1852	ULONG ProcessGroup;
	1853	HANDLE hStdInput;
	1854	HANDLE hStdOutput;
	1855	HANDLE hStdError;
	1856	UNICODE_STRING CurrentDirectoryName;
	1857	HANDLE CurrentDirectoryHandle;
	1858	UNICODE_STRING DllPath;
	1859	UNICODE_STRING ImagePathName;
	1860	UNICODE_STRING CommandLine;
	1861	PWSTR Environment;
	1862	ULONG dwX;
	1863	ULONG dwY;
	1864	ULONG dwXSize;
	1865	ULONG dwYSize;
	1866	ULONG dwXCountChars;
	1867	ULONG dwYCountChars;
	1868	ULONG dwFillAttribute;
	1869	ULONG dwFlags;
	1870	ULONG wShowWindow;
	1871	UNICODE_STRING WindowTitle;
	1872	UNICODE_STRING DesktopInfo;
	1873	UNICODE_STRING ShellInfo;
	1874	UNICODE_STRING RuntimeInfo;
	1875	} RTL_USER_PROCESS_PARAMETERS, *PRTL_USER_PROCESS_PARAMETERS;
	1876
	1877	NTSTATUS
	1878	NTAPI
	1879	RtlCreateProcessParameters(
	1880	/OUT/ PRTL_USER_PROCESS_PARAMETERS *ProcessParameters,
	1881	/IN/ PUNICODE_STRING ImageFile,
	1882	/IN/ PUNICODE_STRING DllPath /OPTIONAL/,
	1883	/IN/ PUNICODE_STRING CurrentDirectory /OPTIONAL/,
	1884	/IN/ PUNICODE_STRING CommandLine /OPTIONAL/,
	1885	/IN/ PWSTR Environment /OPTIONAL/,
	1886	/IN/ PUNICODE_STRING WindowTitle /OPTIONAL/,
	1887	/IN/ PUNICODE_STRING DesktopInfo /OPTIONAL/,
	1888	/IN/ PUNICODE_STRING ShellInfo /OPTIONAL/,
	1889	/IN/ PUNICODE_STRING RuntimeInfo /OPTIONAL/);
	1890
	1891	NTSTATUS
	1892	NTAPI
	1893	RtlDestroyProcessParameters(
	1894	/IN/ PRTL_USER_PROCESS_PARAMETERS ProcessParameters);
	1895
	1896	typedef struct _DEBUG_BUFFER {
	1897	HANDLE SectionHandle;
	1898	PVOID SectionBase;
	1899	PVOID RemoteSectionBase;
	1900	ULONG SectionBaseDelta;
	1901	HANDLE EventPairHandle;
	1902	ULONG Unknown[2];
	1903	HANDLE RemoteThreadHandle;
	1904	ULONG InfoClassMask;
	1905	ULONG SizeOfInfo;
	1906	ULONG AllocatedSize;
	1907	ULONG SectionSize;
	1908	PVOID ModuleInformation;
	1909	PVOID BackTraceInformation;
	1910	PVOID HeapInformation;
	1911	PVOID LockInformation;
	1912	PVOID Reserved[8];
	1913	} DEBUG_BUFFER, *PDEBUG_BUFFER;
	1914
	1915	PDEBUG_BUFFER
	1916	NTAPI
	1917	RtlCreateQueryDebugBuffer(
	1918	/IN/ ULONG Size,
	1919	/IN/ BOOLEAN EventPair);
	1920
	1921	/* RtlQueryProcessDebugInformation.DebugInfoClassMask constants */
	1922	#define PDI_MODULES 0x01
	1923	#define PDI_BACKTRACE 0x02
	1924	#define PDI_HEAPS 0x04
	1925	#define PDI_HEAP_TAGS 0x08
	1926	#define PDI_HEAP_BLOCKS 0x10
	1927	#define PDI_LOCKS 0x20
	1928
	1929	NTSTATUS
	1930	NTAPI
	1931	RtlQueryProcessDebugInformation(
	1932	/IN/ ULONG ProcessId,
	1933	/IN/ ULONG DebugInfoClassMask,
	1934	/IN OUT/ PDEBUG_BUFFER DebugBuffer);
	1935
	1936	NTSTATUS
	1937	NTAPI
	1938	RtlDestroyQueryDebugBuffer(
	1939	/IN/ PDEBUG_BUFFER DebugBuffer);
	1940
	1941	/* DEBUG_MODULE_INFORMATION.Flags constants */
	1942	#define LDRP_STATIC_LINK 0x00000002
	1943	#define LDRP_IMAGE_DLL 0x00000004
	1944	#define LDRP_LOAD_IN_PROGRESS 0x00001000
	1945	#define LDRP_UNLOAD_IN_PROGRESS 0x00002000
	1946	#define LDRP_ENTRY_PROCESSED 0x00004000
	1947	#define LDRP_ENTRY_INSERTED 0x00008000
	1948	#define LDRP_CURRENT_LOAD 0x00010000
	1949	#define LDRP_FAILED_BUILTIN_LOAD 0x00020000
	1950	#define LDRP_DONT_CALL_FOR_THREADS 0x00040000
	1951	#define LDRP_PROCESS_ATTACH_CALLED 0x00080000
	1952	#define LDRP_DEBUG_SYMBOLS_LOADED 0x00100000
	1953	#define LDRP_IMAGE_NOT_AT_BASE 0x00200000
	1954	#define LDRP_WX86_IGNORE_MACHINETYPE 0x00400000
	1955
	1956	typedef struct _DEBUG_MODULE_INFORMATION {
	1957	ULONG Reserved[2];
	1958	ULONG Base;
	1959	ULONG Size;
	1960	ULONG Flags;
	1961	USHORT Index;
	1962	USHORT Unknown;
	1963	USHORT LoadCount;
	1964	USHORT ModuleNameOffset;
	1965	CHAR ImageName[256];
	1966	} DEBUG_MODULE_INFORMATION, *PDEBUG_MODULE_INFORMATION;
	1967
	1968	typedef struct _DEBUG_HEAP_INFORMATION {
	1969	ULONG Base;
	1970	ULONG Flags;
	1971	USHORT Granularity;
	1972	USHORT Unknown;
	1973	ULONG Allocated;
	1974	ULONG Committed;
	1975	ULONG TagCount;
	1976	ULONG BlockCount;
	1977	ULONG Reserved[7];
	1978	PVOID Tags;
	1979	PVOID Blocks;
	1980	} DEBUG_HEAP_INFORMATION, *PDEBUG_HEAP_INFORMATION;
	1981
	1982	typedef struct _DEBUG_LOCK_INFORMATION {
	1983	PVOID Address;
	1984	USHORT Type;
	1985	USHORT CreatorBackTraceIndex;
	1986	ULONG OwnerThreadId;
	1987	ULONG ActiveCount;
	1988	ULONG ContentionCount;
	1989	ULONG EntryCount;
	1990	ULONG RecursionCount;
	1991	ULONG NumberOfSharedWaiters;
	1992	ULONG NumberOfExclusiveWaiters;
	1993	} DEBUG_LOCK_INFORMATION, *PDEBUG_LOCK_INFORMATION;
	1994
	1995
	1996
	1997	/* Jobs */
	1998
	1999	NTOSAPI
	2000	NTSTATUS
	2001	NTAPI
	2002	NtCreateJobObject(
	2003	/OUT/ PHANDLE JobHandle,
	2004	/IN/ ACCESS_MASK DesiredAccess,
	2005	/IN/ POBJECT_ATTRIBUTES ObjectAttributes);
	2006
	2007	NTOSAPI
	2008	NTSTATUS
	2009	NTAPI
	2010	ZwCreateJobObject(
	2011	/OUT/ PHANDLE JobHandle,
	2012	/IN/ ACCESS_MASK DesiredAccess,
	2013	/IN/ POBJECT_ATTRIBUTES ObjectAttributes);
	2014
	2015	NTOSAPI
	2016	NTSTATUS
	2017	NTAPI
	2018	NtOpenJobObject(
	2019	/OUT/ PHANDLE JobHandle,
	2020	/IN/ ACCESS_MASK DesiredAccess,
	2021	/IN/ POBJECT_ATTRIBUTES ObjectAttributes);
	2022
	2023	NTOSAPI
	2024	NTSTATUS
	2025	NTAPI
	2026	ZwOpenJobObject(
	2027	/OUT/ PHANDLE JobHandle,
	2028	/IN/ ACCESS_MASK DesiredAccess,
	2029	/IN/ POBJECT_ATTRIBUTES ObjectAttributes);
	2030
	2031	NTOSAPI
	2032	NTSTATUS
	2033	NTAPI
	2034	NtTerminateJobObject(
	2035	/IN/ HANDLE JobHandle,
	2036	/IN/ NTSTATUS ExitStatus);
	2037
	2038	NTOSAPI
	2039	NTSTATUS
	2040	NTAPI
	2041	ZwTerminateJobObject(
	2042	/IN/ HANDLE JobHandle,
	2043	/IN/ NTSTATUS ExitStatus);
	2044
	2045	NTOSAPI
	2046	NTSTATUS
	2047	NTAPI
	2048	NtAssignProcessToJobObject(
	2049	/IN/ HANDLE JobHandle,
	2050	/IN/ HANDLE ProcessHandle);
	2051
	2052	NTOSAPI
	2053	NTSTATUS
	2054	NTAPI
	2055	ZwAssignProcessToJobObject(
	2056	/IN/ HANDLE JobHandle,
	2057	/IN/ HANDLE ProcessHandle);
	2058
	2059	NTOSAPI
	2060	NTSTATUS
	2061	NTAPI
	2062	NtQueryInformationJobObject(
	2063	/IN/ HANDLE JobHandle,
	2064	/IN/ JOBOBJECTINFOCLASS JobInformationClass,
	2065	/OUT/ PVOID JobInformation,
	2066	/IN/ ULONG JobInformationLength,
	2067	/OUT/ PULONG ReturnLength /OPTIONAL/);
	2068
	2069	NTOSAPI
	2070	NTSTATUS
	2071	NTAPI
	2072	ZwQueryInformationJobObject(
	2073	/IN/ HANDLE JobHandle,
	2074	/IN/ JOBOBJECTINFOCLASS JobInformationClass,
	2075	/OUT/ PVOID JobInformation,
	2076	/IN/ ULONG JobInformationLength,
	2077	/OUT/ PULONG ReturnLength /OPTIONAL/);
	2078
	2079	NTOSAPI
	2080	NTSTATUS
	2081	NTAPI
	2082	NtSetInformationJobObject(
	2083	/IN/ HANDLE JobHandle,
	2084	/IN/ JOBOBJECTINFOCLASS JobInformationClass,
	2085	/IN/ PVOID JobInformation,
	2086	/IN/ ULONG JobInformationLength);
	2087
	2088	NTOSAPI
	2089	NTSTATUS
	2090	NTAPI
	2091	ZwSetInformationJobObject(
	2092	/IN/ HANDLE JobHandle,
	2093	/IN/ JOBOBJECTINFOCLASS JobInformationClass,
	2094	/IN/ PVOID JobInformation,
	2095	/IN/ ULONG JobInformationLength);
	2096
	2097
	2098	/* Tokens */
	2099
	2100	NTOSAPI
	2101	NTSTATUS
	2102	NTAPI
	2103	NtCreateToken(
	2104	/OUT/ PHANDLE TokenHandle,
	2105	/IN/ ACCESS_MASK DesiredAccess,
	2106	/IN/ POBJECT_ATTRIBUTES ObjectAttributes,
	2107	/IN/ TOKEN_TYPE Type,
	2108	/IN/ PLUID AuthenticationId,
	2109	/IN/ PLARGE_INTEGER ExpirationTime,
	2110	/IN/ PTOKEN_USER User,
	2111	/IN/ PTOKEN_GROUPS Groups,
	2112	/IN/ PTOKEN_PRIVILEGES Privileges,
	2113	/IN/ PTOKEN_OWNER Owner,
	2114	/IN/ PTOKEN_PRIMARY_GROUP PrimaryGroup,
	2115	/IN/ PTOKEN_DEFAULT_DACL DefaultDacl,
	2116	/IN/ PTOKEN_SOURCE Source
	2117	);
	2118
	2119	NTOSAPI
	2120	NTSTATUS
	2121	NTAPI
	2122	ZwCreateToken(
	2123	/OUT/ PHANDLE TokenHandle,
	2124	/IN/ ACCESS_MASK DesiredAccess,
	2125	/IN/ POBJECT_ATTRIBUTES ObjectAttributes,
	2126	/IN/ TOKEN_TYPE Type,
	2127	/IN/ PLUID AuthenticationId,
	2128	/IN/ PLARGE_INTEGER ExpirationTime,
	2129	/IN/ PTOKEN_USER User,
	2130	/IN/ PTOKEN_GROUPS Groups,
	2131	/IN/ PTOKEN_PRIVILEGES Privileges,
	2132	/IN/ PTOKEN_OWNER Owner,
	2133	/IN/ PTOKEN_PRIMARY_GROUP PrimaryGroup,
	2134	/IN/ PTOKEN_DEFAULT_DACL DefaultDacl,
	2135	/IN/ PTOKEN_SOURCE Source
	2136	);
	2137
	2138	NTOSAPI
	2139	NTSTATUS
	2140	NTAPI
	2141	NtOpenProcessToken(
	2142	/IN/ HANDLE ProcessHandle,
	2143	/IN/ ACCESS_MASK DesiredAccess,
	2144	/OUT/ PHANDLE TokenHandle);
	2145
	2146	NTOSAPI
	2147	NTSTATUS
	2148	NTAPI
	2149	ZwOpenProcessToken(
	2150	/IN/ HANDLE ProcessHandle,
	2151	/IN/ ACCESS_MASK DesiredAccess,
	2152	/OUT/ PHANDLE TokenHandle);
	2153
	2154	NTOSAPI
	2155	NTSTATUS
	2156	NTAPI
	2157	NtOpenThreadToken(
	2158	/IN/ HANDLE ThreadHandle,
	2159	/IN/ ACCESS_MASK DesiredAccess,
	2160	/IN/ BOOLEAN OpenAsSelf,
	2161	/OUT/ PHANDLE TokenHandle);
	2162
	2163	NTOSAPI
	2164	NTSTATUS
	2165	NTAPI
	2166	ZwOpenThreadToken(
	2167	/IN/ HANDLE ThreadHandle,
	2168	/IN/ ACCESS_MASK DesiredAccess,
	2169	/IN/ BOOLEAN OpenAsSelf,
	2170	/OUT/ PHANDLE TokenHandle);
	2171
	2172	NTOSAPI
	2173	NTSTATUS
	2174	NTAPI
	2175	NtDuplicateToken(
	2176	/IN/ HANDLE ExistingTokenHandle,
	2177	/IN/ ACCESS_MASK DesiredAccess,
	2178	/IN/ POBJECT_ATTRIBUTES ObjectAttributes,
	2179	/IN/ BOOLEAN EffectiveOnly,
	2180	/IN/ TOKEN_TYPE TokenType,
	2181	/OUT/ PHANDLE NewTokenHandle);
	2182
	2183	NTOSAPI
	2184	NTSTATUS
	2185	NTAPI
	2186	ZwDuplicateToken(
	2187	/IN/ HANDLE ExistingTokenHandle,
	2188	/IN/ ACCESS_MASK DesiredAccess,
	2189	/IN/ POBJECT_ATTRIBUTES ObjectAttributes,
	2190	/IN/ BOOLEAN EffectiveOnly,
	2191	/IN/ TOKEN_TYPE TokenType,
	2192	/OUT/ PHANDLE NewTokenHandle);
	2193
	2194	NTOSAPI
	2195	NTSTATUS
	2196	NTAPI
	2197	NtFilterToken(
	2198	/IN/ HANDLE ExistingTokenHandle,
	2199	/IN/ ULONG Flags,
	2200	/IN/ PTOKEN_GROUPS SidsToDisable,
	2201	/IN/ PTOKEN_PRIVILEGES PrivilegesToDelete,
	2202	/IN/ PTOKEN_GROUPS SidsToRestricted,
	2203	/OUT/ PHANDLE NewTokenHandle);
	2204
	2205	NTOSAPI
	2206	NTSTATUS
	2207	NTAPI
	2208	ZwFilterToken(
	2209	/IN/ HANDLE ExistingTokenHandle,
	2210	/IN/ ULONG Flags,
	2211	/IN/ PTOKEN_GROUPS SidsToDisable,
	2212	/IN/ PTOKEN_PRIVILEGES PrivilegesToDelete,
	2213	/IN/ PTOKEN_GROUPS SidsToRestricted,
	2214	/OUT/ PHANDLE NewTokenHandle);
	2215
	2216	NTOSAPI
	2217	NTSTATUS
	2218	NTAPI
	2219	NtAdjustPrivilegesToken(
	2220	/IN/ HANDLE TokenHandle,
	2221	/IN/ BOOLEAN DisableAllPrivileges,
	2222	/IN/ PTOKEN_PRIVILEGES NewState,
	2223	/IN/ ULONG BufferLength,
	2224	/OUT/ PTOKEN_PRIVILEGES PreviousState /OPTIONAL/,
	2225	/OUT/ PULONG ReturnLength);
	2226
	2227	NTOSAPI
	2228	NTSTATUS
	2229	NTAPI
	2230	ZwAdjustPrivilegesToken(
	2231	/IN/ HANDLE TokenHandle,
	2232	/IN/ BOOLEAN DisableAllPrivileges,
	2233	/IN/ PTOKEN_PRIVILEGES NewState,
	2234	/IN/ ULONG BufferLength,
	2235	/OUT/ PTOKEN_PRIVILEGES PreviousState /OPTIONAL/,
	2236	/OUT/ PULONG ReturnLength);
	2237
	2238	NTOSAPI
	2239	NTSTATUS
	2240	NTAPI
	2241	NtAdjustGroupsToken(
	2242	/IN/ HANDLE TokenHandle,
	2243	/IN/ BOOLEAN ResetToDefault,
	2244	/IN/ PTOKEN_GROUPS NewState,
	2245	/IN/ ULONG BufferLength,
	2246	/OUT/ PTOKEN_GROUPS PreviousState /OPTIONAL/,
	2247	/OUT/ PULONG ReturnLength);
	2248
	2249	NTOSAPI
	2250	NTSTATUS
	2251	NTAPI
	2252	ZwAdjustGroupsToken(
	2253	/IN/ HANDLE TokenHandle,
	2254	/IN/ BOOLEAN ResetToDefault,
	2255	/IN/ PTOKEN_GROUPS NewState,
	2256	/IN/ ULONG BufferLength,
	2257	/OUT/ PTOKEN_GROUPS PreviousState /OPTIONAL/,
	2258	/OUT/ PULONG ReturnLength);
	2259
	2260	NTOSAPI
	2261	NTSTATUS
	2262	NTAPI
	2263	NtQueryInformationToken(
	2264	/IN/ HANDLE TokenHandle,
	2265	/IN/ TOKEN_INFORMATION_CLASS TokenInformationClass,
	2266	/OUT/ PVOID TokenInformation,
	2267	/IN/ ULONG TokenInformationLength,
	2268	/OUT/ PULONG ReturnLength);
	2269
	2270	NTOSAPI
	2271	NTSTATUS
	2272	NTAPI
	2273	ZwQueryInformationToken(
	2274	/IN/ HANDLE TokenHandle,
	2275	/IN/ TOKEN_INFORMATION_CLASS TokenInformationClass,
	2276	/OUT/ PVOID TokenInformation,
	2277	/IN/ ULONG TokenInformationLength,
	2278	/OUT/ PULONG ReturnLength);
	2279
	2280	NTOSAPI
	2281	NTSTATUS
	2282	NTAPI
	2283	NtSetInformationToken(
	2284	/IN/ HANDLE TokenHandle,
	2285	/IN/ TOKEN_INFORMATION_CLASS TokenInformationClass,
	2286	/IN/ PVOID TokenInformation,
	2287	/IN/ ULONG TokenInformationLength);
	2288
	2289	NTOSAPI
	2290	NTSTATUS
	2291	NTAPI
	2292	ZwSetInformationToken(
	2293	/IN/ HANDLE TokenHandle,
	2294	/IN/ TOKEN_INFORMATION_CLASS TokenInformationClass,
	2295	/IN/ PVOID TokenInformation,
	2296	/IN/ ULONG TokenInformationLength);
	2297
	2298
	2299
	2300
	2301	/* Time */
	2302
	2303	NTOSAPI
	2304	NTSTATUS
	2305	NTAPI
	2306	NtQuerySystemTime(
	2307	/OUT/ PLARGE_INTEGER CurrentTime);
	2308
	2309	NTOSAPI
	2310	NTSTATUS
	2311	NTAPI
	2312	ZwQuerySystemTime(
	2313	/OUT/ PLARGE_INTEGER CurrentTime);
	2314
	2315	NTOSAPI
	2316	NTSTATUS
	2317	NTAPI
	2318	NtSetSystemTime(
	2319	/IN/ PLARGE_INTEGER NewTime,
	2320	/OUT/ PLARGE_INTEGER OldTime /OPTIONAL/);
	2321
	2322	NTOSAPI
	2323	NTSTATUS
	2324	NTAPI
	2325	ZwSetSystemTime(
	2326	/IN/ PLARGE_INTEGER NewTime,
	2327	/OUT/ PLARGE_INTEGER OldTime /OPTIONAL/);
	2328
	2329	NTOSAPI
	2330	NTSTATUS
	2331	NTAPI
	2332	NtQueryPerformanceCounter(
	2333	/OUT/ PLARGE_INTEGER PerformanceCount,
	2334	/OUT/ PLARGE_INTEGER PerformanceFrequency /OPTIONAL/);
	2335
	2336	NTOSAPI
	2337	NTSTATUS
	2338	NTAPI
	2339	ZwQueryPerformanceCounter(
	2340	/OUT/ PLARGE_INTEGER PerformanceCount,
	2341	/OUT/ PLARGE_INTEGER PerformanceFrequency /OPTIONAL/);
	2342
	2343	NTOSAPI
	2344	NTSTATUS
	2345	NTAPI
	2346	NtQueryTimerResolution(
	2347	/OUT/ PULONG CoarsestResolution,
	2348	/OUT/ PULONG FinestResolution,
	2349	/OUT/ PULONG ActualResolution);
	2350
	2351	NTOSAPI
	2352	NTSTATUS
	2353	NTAPI
	2354	ZwQueryTimerResolution(
	2355	/OUT/ PULONG CoarsestResolution,
	2356	/OUT/ PULONG FinestResolution,
	2357	/OUT/ PULONG ActualResolution);
	2358
	2359	NTOSAPI
	2360	NTSTATUS
	2361	NTAPI
	2362	NtDelayExecution(
	2363	/IN/ BOOLEAN Alertable,
	2364	/IN/ PLARGE_INTEGER Interval);
	2365
	2366	NTOSAPI
	2367	NTSTATUS
	2368	NTAPI
	2369	ZwDelayExecution(
	2370	/IN/ BOOLEAN Alertable,
	2371	/IN/ PLARGE_INTEGER Interval);
	2372
	2373	NTOSAPI
	2374	NTSTATUS
	2375	NTAPI
	2376	NtYieldExecution(
	2377	VOID);
	2378
	2379	NTOSAPI
	2380	NTSTATUS
	2381	NTAPI
	2382	ZwYieldExecution(
	2383	VOID);
	2384
	2385	NTOSAPI
	2386	ULONG
	2387	NTAPI
	2388	NtGetTickCount(
	2389	VOID);
	2390
	2391	NTOSAPI
	2392	ULONG
	2393	NTAPI
	2394	ZwGetTickCount(
	2395	VOID);
	2396
	2397
	2398
	2399
	2400	/* Execution profiling */
	2401
	2402	NTOSAPI
	2403	NTSTATUS
	2404	NTAPI
	2405	NtCreateProfile(
	2406	/OUT/ PHANDLE ProfileHandle,
	2407	/IN/ HANDLE ProcessHandle,
	2408	/IN/ PVOID Base,
	2409	/IN/ ULONG Size,
	2410	/IN/ ULONG BucketShift,
	2411	/IN/ PULONG Buffer,
	2412	/IN/ ULONG BufferLength,
	2413	/IN/ KPROFILE_SOURCE Source,
	2414	/IN/ ULONG ProcessorMask);
	2415
	2416	NTOSAPI
	2417	NTSTATUS
	2418	NTAPI
	2419	ZwCreateProfile(
	2420	/OUT/ PHANDLE ProfileHandle,
	2421	/IN/ HANDLE ProcessHandle,
	2422	/IN/ PVOID Base,
	2423	/IN/ ULONG Size,
	2424	/IN/ ULONG BucketShift,
	2425	/IN/ PULONG Buffer,
	2426	/IN/ ULONG BufferLength,
	2427	/IN/ KPROFILE_SOURCE Source,
	2428	/IN/ ULONG ProcessorMask);
	2429
	2430	NTOSAPI
	2431	NTSTATUS
	2432	NTAPI
	2433	NtSetIntervalProfile(
	2434	/IN/ ULONG Interval,
	2435	/IN/ KPROFILE_SOURCE Source);
	2436
	2437	NTOSAPI
	2438	NTSTATUS
	2439	NTAPI
	2440	ZwSetIntervalProfile(
	2441	/IN/ ULONG Interval,
	2442	/IN/ KPROFILE_SOURCE Source);
	2443
	2444	NTOSAPI
	2445	NTSTATUS
	2446	NTAPI
	2447	NtQueryIntervalProfile(
	2448	/IN/ KPROFILE_SOURCE Source,
	2449	/OUT/ PULONG Interval);
	2450
	2451	NTOSAPI
	2452	NTSTATUS
	2453	NTAPI
	2454	ZwQueryIntervalProfile(
	2455	/IN/ KPROFILE_SOURCE Source,
	2456	/OUT/ PULONG Interval);
	2457
	2458	NTOSAPI
	2459	NTSTATUS
	2460	NTAPI
	2461	NtStartProfile(
	2462	/IN/ HANDLE ProfileHandle);
	2463
	2464	NTOSAPI
	2465	NTSTATUS
	2466	NTAPI
	2467	ZwStartProfile(
	2468	/IN/ HANDLE ProfileHandle);
	2469
	2470	NTOSAPI
	2471	NTSTATUS
	2472	NTAPI
	2473	NtStopProfile(
	2474	/IN/ HANDLE ProfileHandle);
	2475
	2476	NTOSAPI
	2477	NTSTATUS
	2478	NTAPI
	2479	ZwStopProfile(
	2480	/IN/ HANDLE ProfileHandle);
	2481
	2482	/* Local Procedure Call (LPC) */
	2483
	2484	typedef struct _LPC_MESSAGE {
	2485	USHORT DataSize;
	2486	USHORT MessageSize;
	2487	USHORT MessageType;
	2488	USHORT VirtualRangesOffset;
	2489	CLIENT_ID ClientId;
	2490	ULONG MessageId;
	2491	ULONG SectionSize;
	2492	UCHAR Data[ANYSIZE_ARRAY];
	2493	} LPC_MESSAGE, *PLPC_MESSAGE;
	2494
	2495	#define LPC_MESSAGE_BASE_SIZE 24
	2496
	2497	typedef enum _LPC_TYPE {
	2498	LPC_NEW_MESSAGE,
	2499	LPC_REQUEST,
	2500	LPC_REPLY,
	2501	LPC_DATAGRAM,
	2502	LPC_LOST_REPLY,
	2503	LPC_PORT_CLOSED,
	2504	LPC_CLIENT_DIED,
	2505	LPC_EXCEPTION,
	2506	LPC_DEBUG_EVENT,
	2507	LPC_ERROR_EVENT,
	2508	LPC_CONNECTION_REQUEST,
	2509	LPC_CONNECTION_REFUSED,
	2510	LPC_MAXIMUM
	2511	} LPC_TYPE;
	2512
	2513	typedef struct _LPC_SECTION_WRITE {
	2514	ULONG Length;
	2515	HANDLE SectionHandle;
	2516	ULONG SectionOffset;
	2517	ULONG ViewSize;
	2518	PVOID ViewBase;
	2519	PVOID TargetViewBase;
	2520	} LPC_SECTION_WRITE, *PLPC_SECTION_WRITE;
	2521
	2522	typedef struct _LPC_SECTION_READ {
	2523	ULONG Length;
	2524	ULONG ViewSize;
	2525	PVOID ViewBase;
	2526	} LPC_SECTION_READ, *PLPC_SECTION_READ;
	2527
	2528	NTOSAPI
	2529	NTSTATUS
	2530	NTAPI
	2531	NtCreatePort(
	2532	/OUT/ PHANDLE PortHandle,
	2533	/IN/ POBJECT_ATTRIBUTES ObjectAttributes,
	2534	/IN/ ULONG MaxDataSize,
	2535	/IN/ ULONG MaxMessageSize,
	2536	/IN/ ULONG Reserved);
	2537
	2538	NTOSAPI
	2539	NTSTATUS
	2540	NTAPI
	2541	ZwCreatePort(
	2542	/OUT/ PHANDLE PortHandle,
	2543	/IN/ POBJECT_ATTRIBUTES ObjectAttributes,
	2544	/IN/ ULONG MaxDataSize,
	2545	/IN/ ULONG MaxMessageSize,
	2546	/IN/ ULONG Reserved);
	2547
	2548	NTOSAPI
	2549	NTSTATUS
	2550	NTAPI
	2551	NtCreateWaitablePort(
	2552	/OUT/ PHANDLE PortHandle,
	2553	/IN/ POBJECT_ATTRIBUTES ObjectAttributes,
	2554	/IN/ ULONG MaxDataSize,
	2555	/IN/ ULONG MaxMessageSize,
	2556	/IN/ ULONG Reserved);
	2557
	2558	NTOSAPI
	2559	NTSTATUS
	2560	NTAPI
	2561	ZwCreateWaitablePort(
	2562	/OUT/ PHANDLE PortHandle,
	2563	/IN/ POBJECT_ATTRIBUTES ObjectAttributes,
	2564	/IN/ ULONG MaxDataSize,
	2565	/IN/ ULONG MaxMessageSize,
	2566	/IN/ ULONG Reserved);
	2567
	2568	NTOSAPI
	2569	NTSTATUS
	2570	NTAPI
	2571	NtConnectPort(
	2572	/OUT/ PHANDLE PortHandle,
	2573	/IN/ PUNICODE_STRING PortName,
	2574	/IN/ PSECURITY_QUALITY_OF_SERVICE SecurityQos,
	2575	/IN OUT/ PLPC_SECTION_WRITE WriteSection /OPTIONAL/,
	2576	/IN OUT/ PLPC_SECTION_READ ReadSection /OPTIONAL/,
	2577	/OUT/ PULONG MaxMessageSize /OPTIONAL/,
	2578	/IN OUT/ PVOID ConnectData /OPTIONAL/,
	2579	/IN OUT/ PULONG ConnectDataLength /OPTIONAL/);
	2580
	2581	NTOSAPI
	2582	NTSTATUS
	2583	NTAPI
	2584	ZwConnectPort(
	2585	/OUT/ PHANDLE PortHandle,
	2586	/IN/ PUNICODE_STRING PortName,
	2587	/IN/ PSECURITY_QUALITY_OF_SERVICE SecurityQos,
	2588	/IN OUT/ PLPC_SECTION_WRITE WriteSection /OPTIONAL/,
	2589	/IN OUT/ PLPC_SECTION_READ ReadSection /OPTIONAL/,
	2590	/OUT/ PULONG MaxMessageSize /OPTIONAL/,
	2591	/IN OUT/ PVOID ConnectData /OPTIONAL/,
	2592	/IN OUT/ PULONG ConnectDataLength /OPTIONAL/);
	2593
	2594	NTOSAPI
	2595	NTSTATUS
	2596	NTAPI
	2597	NtListenPort(
	2598	/IN/ HANDLE PortHandle,
	2599	/OUT/ PLPC_MESSAGE Message);
	2600
	2601	NTOSAPI
	2602	NTSTATUS
	2603	NTAPI
	2604	ZwListenPort(
	2605	/IN/ HANDLE PortHandle,
	2606	/OUT/ PLPC_MESSAGE Message);
	2607
	2608	NTOSAPI
	2609	NTSTATUS
	2610	NTAPI
	2611	NtAcceptConnectPort(
	2612	/OUT/ PHANDLE PortHandle,
	2613	/IN/ ULONG PortIdentifier,
	2614	/IN/ PLPC_MESSAGE Message,
	2615	/IN/ BOOLEAN Accept,
	2616	/IN OUT/ PLPC_SECTION_WRITE WriteSection /OPTIONAL/,
	2617	/IN OUT/ PLPC_SECTION_READ ReadSection /OPTIONAL/);
	2618
	2619	NTOSAPI
	2620	NTSTATUS
	2621	NTAPI
	2622	ZwAcceptConnectPort(
	2623	/OUT/ PHANDLE PortHandle,
	2624	/IN/ ULONG PortIdentifier,
	2625	/IN/ PLPC_MESSAGE Message,
	2626	/IN/ BOOLEAN Accept,
	2627	/IN OUT/ PLPC_SECTION_WRITE WriteSection /OPTIONAL/,
	2628	/IN OUT/ PLPC_SECTION_READ ReadSection /OPTIONAL/);
	2629
	2630	NTOSAPI
	2631	NTSTATUS
	2632	NTAPI
	2633	NtCompleteConnectPort(
	2634	/IN/ HANDLE PortHandle);
	2635
	2636	NTOSAPI
	2637	NTSTATUS
	2638	NTAPI
	2639	ZwCompleteConnectPort(
	2640	/IN/ HANDLE PortHandle);
	2641
	2642	NTOSAPI
	2643	NTSTATUS
	2644	NTAPI
	2645	NtRequestPort(
	2646	/IN/ HANDLE PortHandle,
	2647	/IN/ PLPC_MESSAGE RequestMessage);
	2648
	2649	NTOSAPI
	2650	NTSTATUS
	2651	NTAPI
	2652	ZwRequestPort(
	2653	/IN/ HANDLE PortHandle,
	2654	/IN/ PLPC_MESSAGE RequestMessage);
	2655
	2656	NTOSAPI
	2657	NTSTATUS
	2658	NTAPI
	2659	NtRequestWaitReplyPort(
	2660	/IN/ HANDLE PortHandle,
	2661	/IN/ PLPC_MESSAGE RequestMessage,
	2662	/OUT/ PLPC_MESSAGE ReplyMessage);
	2663
	2664	NTOSAPI
	2665	NTSTATUS
	2666	NTAPI
	2667	ZwRequestWaitReplyPort(
	2668	/IN/ HANDLE PortHandle,
	2669	/IN/ PLPC_MESSAGE RequestMessage,
	2670	/OUT/ PLPC_MESSAGE ReplyMessage);
	2671
	2672	NTOSAPI
	2673	NTSTATUS
	2674	NTAPI
	2675	NtReplyPort(
	2676	/IN/ HANDLE PortHandle,
	2677	/IN/ PLPC_MESSAGE ReplyMessage);
	2678
	2679	NTOSAPI
	2680	NTSTATUS
	2681	NTAPI
	2682	ZwReplyPort(
	2683	/IN/ HANDLE PortHandle,
	2684	/IN/ PLPC_MESSAGE ReplyMessage);
	2685
	2686	NTOSAPI
	2687	NTSTATUS
	2688	NTAPI
	2689	NtReplyWaitReplyPort(
	2690	/IN/ HANDLE PortHandle,
	2691	/IN OUT/ PLPC_MESSAGE ReplyMessage);
	2692
	2693	NTOSAPI
	2694	NTSTATUS
	2695	NTAPI
	2696	ZwReplyWaitReplyPort(
	2697	/IN/ HANDLE PortHandle,
	2698	/IN OUT/ PLPC_MESSAGE ReplyMessage);
	2699
	2700	NTOSAPI
	2701	NTSTATUS
	2702	NTAPI
	2703	NtReplyWaitReceivePort(
	2704	/IN/ HANDLE PortHandle,
	2705	/OUT/ PULONG PortIdentifier /OPTIONAL/,
	2706	/IN/ PLPC_MESSAGE ReplyMessage /OPTIONAL/,
	2707	/OUT/ PLPC_MESSAGE Message);
	2708
	2709	NTOSAPI
	2710	NTSTATUS
	2711	NTAPI
	2712	ZwReplyWaitReceivePort(
	2713	/IN/ HANDLE PortHandle,
	2714	/OUT/ PULONG PortIdentifier /OPTIONAL/,
	2715	/IN/ PLPC_MESSAGE ReplyMessage /OPTIONAL/,
	2716	/OUT/ PLPC_MESSAGE Message);
	2717
	2718	NTOSAPI
	2719	NTSTATUS
	2720	NTAPI
	2721	NtReplyWaitReceivePortEx(
	2722	/IN/ HANDLE PortHandle,
	2723	/OUT/ PULONG PortIdentifier /OPTIONAL/,
	2724	/IN/ PLPC_MESSAGE ReplyMessage /OPTIONAL/,
	2725	/OUT/ PLPC_MESSAGE Message,
	2726	/IN/ PLARGE_INTEGER Timeout);
	2727
	2728	NTOSAPI
	2729	NTSTATUS
	2730	NTAPI
	2731	ZwReplyWaitReceivePortEx(
	2732	/IN/ HANDLE PortHandle,
	2733	/OUT/ PULONG PortIdentifier /OPTIONAL/,
	2734	/IN/ PLPC_MESSAGE ReplyMessage /OPTIONAL/,
	2735	/OUT/ PLPC_MESSAGE Message,
	2736	/IN/ PLARGE_INTEGER Timeout);
	2737
	2738	NTOSAPI
	2739	NTSTATUS
	2740	NTAPI
	2741	NtReadRequestData(
	2742	/IN/ HANDLE PortHandle,
	2743	/IN/ PLPC_MESSAGE Message,
	2744	/IN/ ULONG Index,
	2745	/OUT/ PVOID Buffer,
	2746	/IN/ ULONG BufferLength,
	2747	/OUT/ PULONG ReturnLength /OPTIONAL/);
	2748
	2749	NTOSAPI
	2750	NTSTATUS
	2751	NTAPI
	2752	ZwReadRequestData(
	2753	/IN/ HANDLE PortHandle,
	2754	/IN/ PLPC_MESSAGE Message,
	2755	/IN/ ULONG Index,
	2756	/OUT/ PVOID Buffer,
	2757	/IN/ ULONG BufferLength,
	2758	/OUT/ PULONG ReturnLength /OPTIONAL/);
	2759
	2760	NTOSAPI
	2761	NTSTATUS
	2762	NTAPI
	2763	NtWriteRequestData(
	2764	/IN/ HANDLE PortHandle,
	2765	/IN/ PLPC_MESSAGE Message,
	2766	/IN/ ULONG Index,
	2767	/IN/ PVOID Buffer,
	2768	/IN/ ULONG BufferLength,
	2769	/OUT/ PULONG ReturnLength /OPTIONAL/);
	2770
	2771	NTOSAPI
	2772	NTSTATUS
	2773	NTAPI
	2774	ZwWriteRequestData(
	2775	/IN/ HANDLE PortHandle,
	2776	/IN/ PLPC_MESSAGE Message,
	2777	/IN/ ULONG Index,
	2778	/IN/ PVOID Buffer,
	2779	/IN/ ULONG BufferLength,
	2780	/OUT/ PULONG ReturnLength /OPTIONAL/);
	2781
	2782	typedef enum _PORT_INFORMATION_CLASS {
	2783	PortBasicInformation
	2784	} PORT_INFORMATION_CLASS;
	2785
	2786	NTOSAPI
	2787	NTSTATUS
	2788	NTAPI
	2789	NtQueryInformationPort(
	2790	/IN/ HANDLE PortHandle,
	2791	/IN/ PORT_INFORMATION_CLASS PortInformationClass,
	2792	/OUT/ PVOID PortInformation,
	2793	/IN/ ULONG PortInformationLength,
	2794	/OUT/ PULONG ReturnLength /OPTIONAL/);
	2795
	2796	NTOSAPI
	2797	NTSTATUS
	2798	NTAPI
	2799	ZwQueryInformationPort(
	2800	/IN/ HANDLE PortHandle,
	2801	/IN/ PORT_INFORMATION_CLASS PortInformationClass,
	2802	/OUT/ PVOID PortInformation,
	2803	/IN/ ULONG PortInformationLength,
	2804	/OUT/ PULONG ReturnLength /OPTIONAL/);
	2805
	2806	NTOSAPI
	2807	NTSTATUS
	2808	NTAPI
	2809	NtImpersonateClientOfPort(
	2810	/IN/ HANDLE PortHandle,
	2811	/IN/ PLPC_MESSAGE Message);
	2812
	2813	NTOSAPI
	2814	NTSTATUS
	2815	NTAPI
	2816	ZwImpersonateClientOfPort(
	2817	/IN/ HANDLE PortHandle,
	2818	/IN/ PLPC_MESSAGE Message);
	2819
	2820
	2821
	2822
	2823	/* Files */
	2824
	2825	NTOSAPI
	2826	NTSTATUS
	2827	NTAPI
	2828	NtDeleteFile(
	2829	/IN/ POBJECT_ATTRIBUTES ObjectAttributes);
	2830
	2831	NTOSAPI
	2832	NTSTATUS
	2833	NTAPI
	2834	ZwDeleteFile(
	2835	/IN/ POBJECT_ATTRIBUTES ObjectAttributes);
	2836
	2837	NTOSAPI
	2838	NTSTATUS
	2839	NTAPI
	2840	NtFlushBuffersFile(
	2841	/IN/ HANDLE FileHandle,
	2842	/OUT/ PIO_STATUS_BLOCK IoStatusBlock);
	2843
	2844	NTOSAPI
	2845	NTSTATUS
	2846	NTAPI
	2847	ZwFlushBuffersFile(
	2848	/IN/ HANDLE FileHandle,
	2849	/OUT/ PIO_STATUS_BLOCK IoStatusBlock);
	2850
	2851	NTOSAPI
	2852	NTSTATUS
	2853	NTAPI
	2854	NtCancelIoFile(
	2855	/IN/ HANDLE FileHandle,
	2856	/OUT/ PIO_STATUS_BLOCK IoStatusBlock);
	2857
	2858	NTOSAPI
	2859	NTSTATUS
	2860	NTAPI
	2861	ZwCancelIoFile(
	2862	/IN/ HANDLE FileHandle,
	2863	/OUT/ PIO_STATUS_BLOCK IoStatusBlock);
	2864
	2865	NTOSAPI
	2866	NTSTATUS
	2867	NTAPI
	2868	NtReadFileScatter(
	2869	/IN/ HANDLE FileHandle,
	2870	/IN/ HANDLE Event /OPTIONAL/,
	2871	/IN/ PIO_APC_ROUTINE ApcRoutine /OPTIONAL/,
	2872	/IN/ PVOID ApcContext /OPTIONAL/,
	2873	/OUT/ PIO_STATUS_BLOCK IoStatusBlock,
	2874	/IN/ PFILE_SEGMENT_ELEMENT Buffer,
	2875	/IN/ ULONG Length,
	2876	/IN/ PLARGE_INTEGER ByteOffset /OPTIONAL/,
	2877	/IN/ PULONG Key /OPTIONAL/);
	2878
	2879	NTOSAPI
	2880	NTSTATUS
	2881	NTAPI
	2882	ZwReadFileScatter(
	2883	/IN/ HANDLE FileHandle,
	2884	/IN/ HANDLE Event /OPTIONAL/,
	2885	/IN/ PIO_APC_ROUTINE ApcRoutine /OPTIONAL/,
	2886	/IN/ PVOID ApcContext /OPTIONAL/,
	2887	/OUT/ PIO_STATUS_BLOCK IoStatusBlock,
	2888	/IN/ PFILE_SEGMENT_ELEMENT Buffer,
	2889	/IN/ ULONG Length,
	2890	/IN/ PLARGE_INTEGER ByteOffset /OPTIONAL/,
	2891	/IN/ PULONG Key /OPTIONAL/);
	2892
	2893	NTOSAPI
	2894	NTSTATUS
	2895	NTAPI
	2896	NtWriteFileGather(
	2897	/IN/ HANDLE FileHandle,
	2898	/IN/ HANDLE Event /OPTIONAL/,
	2899	/IN/ PIO_APC_ROUTINE ApcRoutine /OPTIONAL/,
	2900	/IN/ PVOID ApcContext /OPTIONAL/,
	2901	/OUT/ PIO_STATUS_BLOCK IoStatusBlock,
	2902	/IN/ PFILE_SEGMENT_ELEMENT Buffer,
	2903	/IN/ ULONG Length,
	2904	/IN/ PLARGE_INTEGER ByteOffset /OPTIONAL/,
	2905	/IN/ PULONG Key /OPTIONAL/);
	2906
	2907	NTOSAPI
	2908	NTSTATUS
	2909	NTAPI
	2910	ZwWriteFileGather(
	2911	/IN/ HANDLE FileHandle,
	2912	/IN/ HANDLE Event /OPTIONAL/,
	2913	/IN/ PIO_APC_ROUTINE ApcRoutine /OPTIONAL/,
	2914	/IN/ PVOID ApcContext /OPTIONAL/,
	2915	/OUT/ PIO_STATUS_BLOCK IoStatusBlock,
	2916	/IN/ PFILE_SEGMENT_ELEMENT Buffer,
	2917	/IN/ ULONG Length,
	2918	/IN/ PLARGE_INTEGER ByteOffset /OPTIONAL/,
	2919	/IN/ PULONG Key /OPTIONAL/);
	2920
	2921
	2922
	2923
	2924	/* Registry keys */
	2925
	2926	NTOSAPI
	2927	NTSTATUS
	2928	NTAPI
	2929	NtSaveKey(
	2930	/IN/ HANDLE KeyHandle,
	2931	/IN/ HANDLE FileHandle);
	2932
	2933	NTOSAPI
	2934	NTSTATUS
	2935	NTAPI
	2936	ZwSaveKey(
	2937	/IN/ HANDLE KeyHandle,
	2938	/IN/ HANDLE FileHandle);
	2939
	2940	NTOSAPI
	2941	NTSTATUS
	2942	NTAPI
	2943	NtSaveMergedKeys(
	2944	/IN/ HANDLE KeyHandle1,
	2945	/IN/ HANDLE KeyHandle2,
	2946	/IN/ HANDLE FileHandle);
	2947
	2948	NTOSAPI
	2949	NTSTATUS
	2950	NTAPI
	2951	ZwSaveMergedKeys(
	2952	/IN/ HANDLE KeyHandle1,
	2953	/IN/ HANDLE KeyHandle2,
	2954	/IN/ HANDLE FileHandle);
	2955
	2956	NTOSAPI
	2957	NTSTATUS
	2958	NTAPI
	2959	NtRestoreKey(
	2960	/IN/ HANDLE KeyHandle,
	2961	/IN/ HANDLE FileHandle,
	2962	/IN/ ULONG Flags);
	2963
	2964	NTOSAPI
	2965	NTSTATUS
	2966	NTAPI
	2967	ZwRestoreKey(
	2968	/IN/ HANDLE KeyHandle,
	2969	/IN/ HANDLE FileHandle,
	2970	/IN/ ULONG Flags);
	2971
	2972	NTOSAPI
	2973	NTSTATUS
	2974	NTAPI
	2975	NtLoadKey(
	2976	/IN/ POBJECT_ATTRIBUTES KeyObjectAttributes,
	2977	/IN/ POBJECT_ATTRIBUTES FileObjectAttributes);
	2978
	2979	NTOSAPI
	2980	NTSTATUS
	2981	NTAPI
	2982	ZwLoadKey(
	2983	/IN/ POBJECT_ATTRIBUTES KeyObjectAttributes,
	2984	/IN/ POBJECT_ATTRIBUTES FileObjectAttributes);
	2985
	2986	NTOSAPI
	2987	NTSTATUS
	2988	NTAPI
	2989	NtLoadKey2(
	2990	/IN/ POBJECT_ATTRIBUTES KeyObjectAttributes,
	2991	/IN/ POBJECT_ATTRIBUTES FileObjectAttributes,
	2992	/IN/ ULONG Flags);
	2993
	2994	NTOSAPI
	2995	NTSTATUS
	2996	NTAPI
	2997	ZwLoadKey2(
	2998	/IN/ POBJECT_ATTRIBUTES KeyObjectAttributes,
	2999	/IN/ POBJECT_ATTRIBUTES FileObjectAttributes,
	3000	/IN/ ULONG Flags);
	3001
	3002	NTOSAPI
	3003	NTSTATUS
	3004	NTAPI
	3005	NtUnloadKey(
	3006	/IN/ POBJECT_ATTRIBUTES KeyObjectAttributes);
	3007
	3008	NTOSAPI
	3009	NTSTATUS
	3010	NTAPI
	3011	ZwUnloadKey(
	3012	/IN/ POBJECT_ATTRIBUTES KeyObjectAttributes);
	3013
	3014	NTOSAPI
	3015	NTSTATUS
	3016	NTAPI
	3017	NtQueryOpenSubKeys(
	3018	/IN/ POBJECT_ATTRIBUTES KeyObjectAttributes,
	3019	/OUT/ PULONG NumberOfKeys);
	3020
	3021	NTOSAPI
	3022	NTSTATUS
	3023	NTAPI
	3024	ZwQueryOpenSubKeys(
	3025	/IN/ POBJECT_ATTRIBUTES KeyObjectAttributes,
	3026	/OUT/ PULONG NumberOfKeys);
	3027
	3028	NTOSAPI
	3029	NTSTATUS
	3030	NTAPI
	3031	NtReplaceKey(
	3032	/IN/ POBJECT_ATTRIBUTES NewFileObjectAttributes,
	3033	/IN/ HANDLE KeyHandle,
	3034	/IN/ POBJECT_ATTRIBUTES OldFileObjectAttributes);
	3035
	3036	NTOSAPI
	3037	NTSTATUS
	3038	NTAPI
	3039	ZwReplaceKey(
	3040	/IN/ POBJECT_ATTRIBUTES NewFileObjectAttributes,
	3041	/IN/ HANDLE KeyHandle,
	3042	/IN/ POBJECT_ATTRIBUTES OldFileObjectAttributes);
	3043
	3044	typedef enum _KEY_SET_INFORMATION_CLASS {
	3045	KeyLastWriteTimeInformation
	3046	} KEY_SET_INFORMATION_CLASS;
	3047
	3048	NTOSAPI
	3049	NTSTATUS
	3050	NTAPI
	3051	NtSetInformationKey(
	3052	/IN/ HANDLE KeyHandle,
	3053	/IN/ KEY_SET_INFORMATION_CLASS KeyInformationClass,
	3054	/IN/ PVOID KeyInformation,
	3055	/IN/ ULONG KeyInformationLength);
	3056
	3057	NTOSAPI
	3058	NTSTATUS
	3059	NTAPI
	3060	ZwSetInformationKey(
	3061	/IN/ HANDLE KeyHandle,
	3062	/IN/ KEY_SET_INFORMATION_CLASS KeyInformationClass,
	3063	/IN/ PVOID KeyInformation,
	3064	/IN/ ULONG KeyInformationLength);
	3065
	3066	typedef struct _KEY_LAST_WRITE_TIME_INFORMATION {
	3067	LARGE_INTEGER LastWriteTime;
	3068	} KEY_LAST_WRITE_TIME_INFORMATION, *PKEY_LAST_WRITE_TIME_INFORMATION;
	3069
	3070	typedef struct _KEY_NAME_INFORMATION {
	3071	ULONG NameLength;
	3072	WCHAR Name[1];
	3073	} KEY_NAME_INFORMATION, *PKEY_NAME_INFORMATION;
	3074
	3075	NTOSAPI
	3076	NTSTATUS
	3077	NTAPI
	3078	NtNotifyChangeKey(
	3079	/IN/ HANDLE KeyHandle,
	3080	/IN/ HANDLE EventHandle /OPTIONAL/,
	3081	/IN/ PIO_APC_ROUTINE ApcRoutine /OPTIONAL/,
	3082	/IN/ PVOID ApcContext /OPTIONAL/,
	3083	/OUT/ PIO_STATUS_BLOCK IoStatusBlock,
	3084	/IN/ ULONG NotifyFilter,
	3085	/IN/ BOOLEAN WatchSubtree,
	3086	/IN/ PVOID Buffer,
	3087	/IN/ ULONG BufferLength,
	3088	/IN/ BOOLEAN Asynchronous);
	3089
	3090	NTOSAPI
	3091	NTSTATUS
	3092	NTAPI
	3093	ZwNotifyChangeKey(
	3094	/IN/ HANDLE KeyHandle,
	3095	/IN/ HANDLE EventHandle /OPTIONAL/,
	3096	/IN/ PIO_APC_ROUTINE ApcRoutine /OPTIONAL/,
	3097	/IN/ PVOID ApcContext /OPTIONAL/,
	3098	/OUT/ PIO_STATUS_BLOCK IoStatusBlock,
	3099	/IN/ ULONG NotifyFilter,
	3100	/IN/ BOOLEAN WatchSubtree,
	3101	/IN/ PVOID Buffer,
	3102	/IN/ ULONG BufferLength,
	3103	/IN/ BOOLEAN Asynchronous);
	3104
	3105	/* ZwNotifyChangeMultipleKeys.Flags constants */
	3106	#define REG_MONITOR_SINGLE_KEY 0x00
	3107	#define REG_MONITOR_SECOND_KEY 0x01
	3108
	3109	NTOSAPI
	3110	NTSTATUS
	3111	NTAPI
	3112	NtNotifyChangeMultipleKeys(
	3113	/IN/ HANDLE KeyHandle,
	3114	/IN/ ULONG Flags,
	3115	/IN/ POBJECT_ATTRIBUTES KeyObjectAttributes,
	3116	/IN/ HANDLE EventHandle /OPTIONAL/,
	3117	/IN/ PIO_APC_ROUTINE ApcRoutine /OPTIONAL/,
	3118	/IN/ PVOID ApcContext /OPTIONAL/,
	3119	/OUT/ PIO_STATUS_BLOCK IoStatusBlock,
	3120	/IN/ ULONG NotifyFilter,
	3121	/IN/ BOOLEAN WatchSubtree,
	3122	/IN/ PVOID Buffer,
	3123	/IN/ ULONG BufferLength,
	3124	/IN/ BOOLEAN Asynchronous);
	3125
	3126	NTOSAPI
	3127	NTSTATUS
	3128	NTAPI
	3129	ZwNotifyChangeMultipleKeys(
	3130	/IN/ HANDLE KeyHandle,
	3131	/IN/ ULONG Flags,
	3132	/IN/ POBJECT_ATTRIBUTES KeyObjectAttributes,
	3133	/IN/ HANDLE EventHandle /OPTIONAL/,
	3134	/IN/ PIO_APC_ROUTINE ApcRoutine /OPTIONAL/,
	3135	/IN/ PVOID ApcContext /OPTIONAL/,
	3136	/OUT/ PIO_STATUS_BLOCK IoStatusBlock,
	3137	/IN/ ULONG NotifyFilter,
	3138	/IN/ BOOLEAN WatchSubtree,
	3139	/IN/ PVOID Buffer,
	3140	/IN/ ULONG BufferLength,
	3141	/IN/ BOOLEAN Asynchronous);
	3142
	3143	NTOSAPI
	3144	NTSTATUS
	3145	NTAPI
	3146	NtQueryMultipleValueKey(
	3147	/IN/ HANDLE KeyHandle,
	3148	/IN OUT/ PKEY_VALUE_ENTRY ValueList,
	3149	/IN/ ULONG NumberOfValues,
	3150	/OUT/ PVOID Buffer,
	3151	/IN OUT/ PULONG Length,
	3152	/OUT/ PULONG ReturnLength);
	3153
	3154	NTOSAPI
	3155	NTSTATUS
	3156	NTAPI
	3157	ZwQueryMultipleValueKey(
	3158	/IN/ HANDLE KeyHandle,
	3159	/IN OUT/ PKEY_VALUE_ENTRY ValueList,
	3160	/IN/ ULONG NumberOfValues,
	3161	/OUT/ PVOID Buffer,
	3162	/IN OUT/ PULONG Length,
	3163	/OUT/ PULONG ReturnLength);
	3164
	3165	NTOSAPI
	3166	NTSTATUS
	3167	NTAPI
	3168	NtInitializeRegistry(
	3169	/IN/ BOOLEAN Setup);
	3170
	3171	NTOSAPI
	3172	NTSTATUS
	3173	NTAPI
	3174	ZwInitializeRegistry(
	3175	/IN/ BOOLEAN Setup);
	3176
	3177
	3178
	3179
	3180	/* Security and auditing */
	3181
	3182	NTOSAPI
	3183	NTSTATUS
	3184	NTAPI
	3185	NtPrivilegeCheck(
	3186	/IN/ HANDLE TokenHandle,
	3187	/IN/ PPRIVILEGE_SET RequiredPrivileges,
	3188	/OUT/ PBOOLEAN Result);
	3189
	3190	NTOSAPI
	3191	NTSTATUS
	3192	NTAPI
	3193	ZwPrivilegeCheck(
	3194	/IN/ HANDLE TokenHandle,
	3195	/IN/ PPRIVILEGE_SET RequiredPrivileges,
	3196	/OUT/ PBOOLEAN Result);
	3197
	3198	NTOSAPI
	3199	NTSTATUS
	3200	NTAPI
	3201	NtPrivilegeObjectAuditAlarm(
	3202	/IN/ PUNICODE_STRING SubsystemName,
	3203	/IN/ PVOID HandleId,
	3204	/IN/ HANDLE TokenHandle,
	3205	/IN/ ACCESS_MASK DesiredAccess,
	3206	/IN/ PPRIVILEGE_SET Privileges,
	3207	/IN/ BOOLEAN AccessGranted);
	3208
	3209	NTOSAPI
	3210	NTSTATUS
	3211	NTAPI
	3212	ZwPrivilegeObjectAuditAlarm(
	3213	/IN/ PUNICODE_STRING SubsystemName,
	3214	/IN/ PVOID HandleId,
	3215	/IN/ HANDLE TokenHandle,
	3216	/IN/ ACCESS_MASK DesiredAccess,
	3217	/IN/ PPRIVILEGE_SET Privileges,
	3218	/IN/ BOOLEAN AccessGranted);
	3219
	3220	NTOSAPI
	3221	NTSTATUS
	3222	NTAPI
	3223	NtAccessCheck(
	3224	/IN/ PSECURITY_DESCRIPTOR SecurityDescriptor,
	3225	/IN/ HANDLE TokenHandle,
	3226	/IN/ ACCESS_MASK DesiredAccess,
	3227	/IN/ PGENERIC_MAPPING GenericMapping,
	3228	/IN/ PPRIVILEGE_SET PrivilegeSet,
	3229	/IN/ PULONG PrivilegeSetLength,
	3230	/OUT/ PACCESS_MASK GrantedAccess,
	3231	/OUT/ PBOOLEAN AccessStatus);
	3232
	3233	NTOSAPI
	3234	NTSTATUS
	3235	NTAPI
	3236	ZwAccessCheck(
	3237	/IN/ PSECURITY_DESCRIPTOR SecurityDescriptor,
	3238	/IN/ HANDLE TokenHandle,
	3239	/IN/ ACCESS_MASK DesiredAccess,
	3240	/IN/ PGENERIC_MAPPING GenericMapping,
	3241	/IN/ PPRIVILEGE_SET PrivilegeSet,
	3242	/IN/ PULONG PrivilegeSetLength,
	3243	/OUT/ PACCESS_MASK GrantedAccess,
	3244	/OUT/ PBOOLEAN AccessStatus);
	3245
	3246	NTOSAPI
	3247	NTSTATUS
	3248	NTAPI
	3249	NtAccessCheckAndAuditAlarm(
	3250	/IN/ PUNICODE_STRING SubsystemName,
	3251	/IN/ PVOID HandleId,
	3252	/IN/ PUNICODE_STRING ObjectTypeName,
	3253	/IN/ PUNICODE_STRING ObjectName,
	3254	/IN/ PSECURITY_DESCRIPTOR SecurityDescriptor,
	3255	/IN/ ACCESS_MASK DesiredAccess,
	3256	/IN/ PGENERIC_MAPPING GenericMapping,
	3257	/IN/ BOOLEAN ObjectCreation,
	3258	/OUT/ PACCESS_MASK GrantedAccess,
	3259	/OUT/ PBOOLEAN AccessStatus,
	3260	/OUT/ PBOOLEAN GenerateOnClose);
	3261
	3262	NTOSAPI
	3263	NTSTATUS
	3264	NTAPI
	3265	ZwAccessCheckAndAuditAlarm(
	3266	/IN/ PUNICODE_STRING SubsystemName,
	3267	/IN/ PVOID HandleId,
	3268	/IN/ PUNICODE_STRING ObjectTypeName,
	3269	/IN/ PUNICODE_STRING ObjectName,
	3270	/IN/ PSECURITY_DESCRIPTOR SecurityDescriptor,
	3271	/IN/ ACCESS_MASK DesiredAccess,
	3272	/IN/ PGENERIC_MAPPING GenericMapping,
	3273	/IN/ BOOLEAN ObjectCreation,
	3274	/OUT/ PACCESS_MASK GrantedAccess,
	3275	/OUT/ PBOOLEAN AccessStatus,
	3276	/OUT/ PBOOLEAN GenerateOnClose);
	3277
	3278	NTOSAPI
	3279	NTSTATUS
	3280	NTAPI
	3281	NtAccessCheckByType(
	3282	/IN/ PSECURITY_DESCRIPTOR SecurityDescriptor,
	3283	/IN/ PSID PrincipalSelfSid,
	3284	/IN/ HANDLE TokenHandle,
	3285	/IN/ ULONG DesiredAccess,
	3286	/IN/ POBJECT_TYPE_LIST ObjectTypeList,
	3287	/IN/ ULONG ObjectTypeListLength,
	3288	/IN/ PGENERIC_MAPPING GenericMapping,
	3289	/IN/ PPRIVILEGE_SET PrivilegeSet,
	3290	/IN/ PULONG PrivilegeSetLength,
	3291	/OUT/ PACCESS_MASK GrantedAccess,
	3292	/OUT/ PULONG AccessStatus);
	3293
	3294	NTOSAPI
	3295	NTSTATUS
	3296	NTAPI
	3297	ZwAccessCheckByType(
	3298	/IN/ PSECURITY_DESCRIPTOR SecurityDescriptor,
	3299	/IN/ PSID PrincipalSelfSid,
	3300	/IN/ HANDLE TokenHandle,
	3301	/IN/ ULONG DesiredAccess,
	3302	/IN/ POBJECT_TYPE_LIST ObjectTypeList,
	3303	/IN/ ULONG ObjectTypeListLength,
	3304	/IN/ PGENERIC_MAPPING GenericMapping,
	3305	/IN/ PPRIVILEGE_SET PrivilegeSet,
	3306	/IN/ PULONG PrivilegeSetLength,
	3307	/OUT/ PACCESS_MASK GrantedAccess,
	3308	/OUT/ PULONG AccessStatus);
	3309
	3310	typedef enum _AUDIT_EVENT_TYPE {
	3311	AuditEventObjectAccess,
	3312	AuditEventDirectoryServiceAccess
	3313	} AUDIT_EVENT_TYPE, *PAUDIT_EVENT_TYPE;
	3314
	3315	NTOSAPI
	3316	NTSTATUS
	3317	NTAPI
	3318	NtAccessCheckByTypeAndAuditAlarm(
	3319	/IN/ PUNICODE_STRING SubsystemName,
	3320	/IN/ PVOID HandleId,
	3321	/IN/ PUNICODE_STRING ObjectTypeName,
	3322	/IN/ PUNICODE_STRING ObjectName,
	3323	/IN/ PSECURITY_DESCRIPTOR SecurityDescriptor,
	3324	/IN/ PSID PrincipalSelfSid,
	3325	/IN/ ACCESS_MASK DesiredAccess,
	3326	/IN/ AUDIT_EVENT_TYPE AuditType,
	3327	/IN/ ULONG Flags,
	3328	/IN/ POBJECT_TYPE_LIST ObjectTypeList,
	3329	/IN/ ULONG ObjectTypeListLength,
	3330	/IN/ PGENERIC_MAPPING GenericMapping,
	3331	/IN/ BOOLEAN ObjectCreation,
	3332	/OUT/ PACCESS_MASK GrantedAccess,
	3333	/OUT/ PULONG AccessStatus,
	3334	/OUT/ PBOOLEAN GenerateOnClose);
	3335
	3336	NTOSAPI
	3337	NTSTATUS
	3338	NTAPI
	3339	ZwAccessCheckByTypeAndAuditAlarm(
	3340	/IN/ PUNICODE_STRING SubsystemName,
	3341	/IN/ PVOID HandleId,
	3342	/IN/ PUNICODE_STRING ObjectTypeName,
	3343	/IN/ PUNICODE_STRING ObjectName,
	3344	/IN/ PSECURITY_DESCRIPTOR SecurityDescriptor,
	3345	/IN/ PSID PrincipalSelfSid,
	3346	/IN/ ACCESS_MASK DesiredAccess,
	3347	/IN/ AUDIT_EVENT_TYPE AuditType,
	3348	/IN/ ULONG Flags,
	3349	/IN/ POBJECT_TYPE_LIST ObjectTypeList,
	3350	/IN/ ULONG ObjectTypeListLength,
	3351	/IN/ PGENERIC_MAPPING GenericMapping,
	3352	/IN/ BOOLEAN ObjectCreation,
	3353	/OUT/ PACCESS_MASK GrantedAccess,
	3354	/OUT/ PULONG AccessStatus,
	3355	/OUT/ PBOOLEAN GenerateOnClose);
	3356
	3357	NTOSAPI
	3358	NTSTATUS
	3359	NTAPI
	3360	NtAccessCheckByTypeResultList(
	3361	/IN/ PSECURITY_DESCRIPTOR SecurityDescriptor,
	3362	/IN/ PSID PrincipalSelfSid,
	3363	/IN/ HANDLE TokenHandle,
	3364	/IN/ ACCESS_MASK DesiredAccess,
	3365	/IN/ POBJECT_TYPE_LIST ObjectTypeList,
	3366	/IN/ ULONG ObjectTypeListLength,
	3367	/IN/ PGENERIC_MAPPING GenericMapping,
	3368	/IN/ PPRIVILEGE_SET PrivilegeSet,
	3369	/IN/ PULONG PrivilegeSetLength,
	3370	/OUT/ PACCESS_MASK GrantedAccessList,
	3371	/OUT/ PULONG AccessStatusList);
	3372
	3373	NTOSAPI
	3374	NTSTATUS
	3375	NTAPI
	3376	ZwAccessCheckByTypeResultList(
	3377	/IN/ PSECURITY_DESCRIPTOR SecurityDescriptor,
	3378	/IN/ PSID PrincipalSelfSid,
	3379	/IN/ HANDLE TokenHandle,
	3380	/IN/ ACCESS_MASK DesiredAccess,
	3381	/IN/ POBJECT_TYPE_LIST ObjectTypeList,
	3382	/IN/ ULONG ObjectTypeListLength,
	3383	/IN/ PGENERIC_MAPPING GenericMapping,
	3384	/IN/ PPRIVILEGE_SET PrivilegeSet,
	3385	/IN/ PULONG PrivilegeSetLength,
	3386	/OUT/ PACCESS_MASK GrantedAccessList,
	3387	/OUT/ PULONG AccessStatusList);
	3388
	3389	NTOSAPI
	3390	NTSTATUS
	3391	NTAPI
	3392	NtAccessCheckByTypeResultListAndAuditAlarm(
	3393	/IN/ PUNICODE_STRING SubsystemName,
	3394	/IN/ PVOID HandleId,
	3395	/IN/ PUNICODE_STRING ObjectTypeName,
	3396	/IN/ PUNICODE_STRING ObjectName,
	3397	/IN/ PSECURITY_DESCRIPTOR SecurityDescriptor,
	3398	/IN/ PSID PrincipalSelfSid,
	3399	/IN/ ACCESS_MASK DesiredAccess,
	3400	/IN/ AUDIT_EVENT_TYPE AuditType,
	3401	/IN/ ULONG Flags,
	3402	/IN/ POBJECT_TYPE_LIST ObjectTypeList,
	3403	/IN/ ULONG ObjectTypeListLength,
	3404	/IN/ PGENERIC_MAPPING GenericMapping,
	3405	/IN/ BOOLEAN ObjectCreation,
	3406	/OUT/ PACCESS_MASK GrantedAccessList,
	3407	/OUT/ PULONG AccessStatusList,
	3408	/OUT/ PULONG GenerateOnClose);
	3409
	3410	NTOSAPI
	3411	NTSTATUS
	3412	NTAPI
	3413	ZwAccessCheckByTypeResultListAndAuditAlarm(
	3414	/IN/ PUNICODE_STRING SubsystemName,
	3415	/IN/ PVOID HandleId,
	3416	/IN/ PUNICODE_STRING ObjectTypeName,
	3417	/IN/ PUNICODE_STRING ObjectName,
	3418	/IN/ PSECURITY_DESCRIPTOR SecurityDescriptor,
	3419	/IN/ PSID PrincipalSelfSid,
	3420	/IN/ ACCESS_MASK DesiredAccess,
	3421	/IN/ AUDIT_EVENT_TYPE AuditType,
	3422	/IN/ ULONG Flags,
	3423	/IN/ POBJECT_TYPE_LIST ObjectTypeList,
	3424	/IN/ ULONG ObjectTypeListLength,
	3425	/IN/ PGENERIC_MAPPING GenericMapping,
	3426	/IN/ BOOLEAN ObjectCreation,
	3427	/OUT/ PACCESS_MASK GrantedAccessList,
	3428	/OUT/ PULONG AccessStatusList,
	3429	/OUT/ PULONG GenerateOnClose);
	3430
	3431	NTOSAPI
	3432	NTSTATUS
	3433	NTAPI
	3434	NtAccessCheckByTypeResultListAndAuditAlarmByHandle(
	3435	/IN/ PUNICODE_STRING SubsystemName,
	3436	/IN/ PVOID HandleId,
	3437	/IN/ HANDLE TokenHandle,
	3438	/IN/ PUNICODE_STRING ObjectTypeName,
	3439	/IN/ PUNICODE_STRING ObjectName,
	3440	/IN/ PSECURITY_DESCRIPTOR SecurityDescriptor,
	3441	/IN/ PSID PrincipalSelfSid,
	3442	/IN/ ACCESS_MASK DesiredAccess,
	3443	/IN/ AUDIT_EVENT_TYPE AuditType,
	3444	/IN/ ULONG Flags,
	3445	/IN/ POBJECT_TYPE_LIST ObjectTypeList,
	3446	/IN/ ULONG ObjectTypeListLength,
	3447	/IN/ PGENERIC_MAPPING GenericMapping,
	3448	/IN/ BOOLEAN ObjectCreation,
	3449	/OUT/ PACCESS_MASK GrantedAccessList,
	3450	/OUT/ PULONG AccessStatusList,
	3451	/OUT/ PULONG GenerateOnClose);
	3452
	3453	NTOSAPI
	3454	NTSTATUS
	3455	NTAPI
	3456	ZwAccessCheckByTypeResultListAndAuditAlarmByHandle(
	3457	/IN/ PUNICODE_STRING SubsystemName,
	3458	/IN/ PVOID HandleId,
	3459	/IN/ HANDLE TokenHandle,
	3460	/IN/ PUNICODE_STRING ObjectTypeName,
	3461	/IN/ PUNICODE_STRING ObjectName,
	3462	/IN/ PSECURITY_DESCRIPTOR SecurityDescriptor,
	3463	/IN/ PSID PrincipalSelfSid,
	3464	/IN/ ACCESS_MASK DesiredAccess,
	3465	/IN/ AUDIT_EVENT_TYPE AuditType,
	3466	/IN/ ULONG Flags,
	3467	/IN/ POBJECT_TYPE_LIST ObjectTypeList,
	3468	/IN/ ULONG ObjectTypeListLength,
	3469	/IN/ PGENERIC_MAPPING GenericMapping,
	3470	/IN/ BOOLEAN ObjectCreation,
	3471	/OUT/ PACCESS_MASK GrantedAccessList,
	3472	/OUT/ PULONG AccessStatusList,
	3473	/OUT/ PULONG GenerateOnClose);
	3474
	3475	NTOSAPI
	3476	NTSTATUS
	3477	NTAPI
	3478	NtOpenObjectAuditAlarm(
	3479	/IN/ PUNICODE_STRING SubsystemName,
	3480	/IN/ PVOID *HandleId,
	3481	/IN/ PUNICODE_STRING ObjectTypeName,
	3482	/IN/ PUNICODE_STRING ObjectName,
	3483	/IN/ PSECURITY_DESCRIPTOR SecurityDescriptor,
	3484	/IN/ HANDLE TokenHandle,
	3485	/IN/ ACCESS_MASK DesiredAccess,
	3486	/IN/ ACCESS_MASK GrantedAccess,
	3487	/IN/ PPRIVILEGE_SET Privileges /OPTIONAL/,
	3488	/IN/ BOOLEAN ObjectCreation,
	3489	/IN/ BOOLEAN AccessGranted,
	3490	/OUT/ PBOOLEAN GenerateOnClose);
	3491
	3492	NTOSAPI
	3493	NTSTATUS
	3494	NTAPI
	3495	ZwOpenObjectAuditAlarm(
	3496	/IN/ PUNICODE_STRING SubsystemName,
	3497	/IN/ PVOID *HandleId,
	3498	/IN/ PUNICODE_STRING ObjectTypeName,
	3499	/IN/ PUNICODE_STRING ObjectName,
	3500	/IN/ PSECURITY_DESCRIPTOR SecurityDescriptor,
	3501	/IN/ HANDLE TokenHandle,
	3502	/IN/ ACCESS_MASK DesiredAccess,
	3503	/IN/ ACCESS_MASK GrantedAccess,
	3504	/IN/ PPRIVILEGE_SET Privileges /OPTIONAL/,
	3505	/IN/ BOOLEAN ObjectCreation,
	3506	/IN/ BOOLEAN AccessGranted,
	3507	/OUT/ PBOOLEAN GenerateOnClose);
	3508
	3509	NTOSAPI
	3510	NTSTATUS
	3511	NTAPI
	3512	NtCloseObjectAuditAlarm(
	3513	/IN/ PUNICODE_STRING SubsystemName,
	3514	/IN/ PVOID HandleId,
	3515	/IN/ BOOLEAN GenerateOnClose);
	3516
	3517	NTOSAPI
	3518	NTSTATUS
	3519	NTAPI
	3520	ZwCloseObjectAuditAlarm(
	3521	/IN/ PUNICODE_STRING SubsystemName,
	3522	/IN/ PVOID HandleId,
	3523	/IN/ BOOLEAN GenerateOnClose);
	3524
	3525	NTOSAPI
	3526	NTSTATUS
	3527	NTAPI
	3528	NtDeleteObjectAuditAlarm(
	3529	/IN/ PUNICODE_STRING SubsystemName,
	3530	/IN/ PVOID HandleId,
	3531	/IN/ BOOLEAN GenerateOnClose);
	3532
	3533	NTOSAPI
	3534	NTSTATUS
	3535	NTAPI
	3536	ZwDeleteObjectAuditAlarm(
	3537	/IN/ PUNICODE_STRING SubsystemName,
	3538	/IN/ PVOID HandleId,
	3539	/IN/ BOOLEAN GenerateOnClose);
	3540
	3541
	3542
	3543
	3544	/* Plug and play and power management */
	3545
	3546	NTOSAPI
	3547	NTSTATUS
	3548	NTAPI
	3549	ZwRequestWakeupLatency(
	3550	/IN/ LATENCY_TIME Latency);
	3551
	3552	NTOSAPI
	3553	NTSTATUS
	3554	NTAPI
	3555	ZwRequestDeviceWakeup(
	3556	/IN/ HANDLE DeviceHandle);
	3557
	3558	NTOSAPI
	3559	NTSTATUS
	3560	NTAPI
	3561	ZwCancelDeviceWakeupRequest(
	3562	/IN/ HANDLE DeviceHandle);
	3563
	3564	NTOSAPI
	3565	BOOLEAN
	3566	NTAPI
	3567	ZwIsSystemResumeAutomatic(
	3568	VOID);
	3569
	3570	NTOSAPI
	3571	NTSTATUS
	3572	NTAPI
	3573	ZwSetThreadExecutionState(
	3574	/IN/ EXECUTION_STATE ExecutionState,
	3575	/OUT/ PEXECUTION_STATE PreviousExecutionState);
	3576
	3577	NTOSAPI
	3578	NTSTATUS
	3579	NTAPI
	3580	ZwGetDevicePowerState(
	3581	/IN/ HANDLE DeviceHandle,
	3582	/OUT/ PDEVICE_POWER_STATE DevicePowerState);
	3583
	3584	NTOSAPI
	3585	NTSTATUS
	3586	NTAPI
	3587	ZwSetSystemPowerState(
	3588	/IN/ POWER_ACTION SystemAction,
	3589	/IN/ SYSTEM_POWER_STATE MinSystemState,
	3590	/IN/ ULONG Flags);
	3591
	3592	NTOSAPI
	3593	NTSTATUS
	3594	NTAPI
	3595	ZwInitiatePowerAction(
	3596	/IN/ POWER_ACTION SystemAction,
	3597	/IN/ SYSTEM_POWER_STATE MinSystemState,
	3598	/IN/ ULONG Flags,
	3599	/IN/ BOOLEAN Asynchronous);
	3600
	3601	NTOSAPI
	3602	NTSTATUS
	3603	NTAPI
	3604	ZwPowerInformation(
	3605	/IN/ POWER_INFORMATION_LEVEL PowerInformationLevel,
	3606	/IN/ PVOID InputBuffer /OPTIONAL/,
	3607	/IN/ ULONG InputBufferLength,
	3608	/OUT/ PVOID OutputBuffer /OPTIONAL/,
	3609	/IN/ ULONG OutputBufferLength);
	3610
	3611	NTOSAPI
	3612	NTSTATUS
	3613	NTAPI
	3614	NtPlugPlayControl(
	3615	/IN/ ULONG ControlCode,
	3616	/IN OUT/ PVOID Buffer,
	3617	/IN/ ULONG BufferLength);
	3618
	3619	NTOSAPI
	3620	NTSTATUS
	3621	NTAPI
	3622	ZwPlugPlayControl(
	3623	/IN/ ULONG ControlCode,
	3624	/IN OUT/ PVOID Buffer,
	3625	/IN/ ULONG BufferLength);
	3626
	3627	NTOSAPI
	3628	NTSTATUS
	3629	NTAPI
	3630	NtGetPlugPlayEvent(
	3631	/IN/ ULONG Reserved1,
	3632	/IN/ ULONG Reserved2,
	3633	/OUT/ PVOID Buffer,
	3634	/IN/ ULONG BufferLength);
	3635
	3636	NTOSAPI
	3637	NTSTATUS
	3638	NTAPI
	3639	ZwGetPlugPlayEvent(
	3640	/IN/ ULONG Reserved1,
	3641	/IN/ ULONG Reserved2,
	3642	/OUT/ PVOID Buffer,
	3643	/IN/ ULONG BufferLength);
	3644
	3645
	3646
	3647
	3648	/* Miscellany */
	3649
	3650	NTOSAPI
	3651	NTSTATUS
	3652	NTAPI
	3653	NtRaiseException(
	3654	/IN/ PEXCEPTION_RECORD ExceptionRecord,
	3655	/IN/ PCONTEXT Context,
	3656	/IN/ BOOLEAN SearchFrames);
	3657
	3658	NTOSAPI
	3659	NTSTATUS
	3660	NTAPI
	3661	ZwRaiseException(
	3662	/IN/ PEXCEPTION_RECORD ExceptionRecord,
	3663	/IN/ PCONTEXT Context,
	3664	/IN/ BOOLEAN SearchFrames);
	3665
	3666	NTOSAPI
	3667	NTSTATUS
	3668	NTAPI
	3669	NtContinue(
	3670	/IN/ PCONTEXT Context,
	3671	/IN/ BOOLEAN TestAlert);
	3672
	3673	NTOSAPI
	3674	NTSTATUS
	3675	NTAPI
	3676	ZwContinue(
	3677	/IN/ PCONTEXT Context,
	3678	/IN/ BOOLEAN TestAlert);
	3679
	3680	NTOSAPI
	3681	NTSTATUS
	3682	NTAPI
	3683	ZwW32Call(
	3684	/IN/ ULONG RoutineIndex,
	3685	/IN/ PVOID Argument,
	3686	/IN/ ULONG ArgumentLength,
	3687	/OUT/ PVOID Result /OPTIONAL*/,
	3688	/OUT/ PULONG ResultLength /OPTIONAL/);
	3689
	3690	NTOSAPI
	3691	NTSTATUS
	3692	NTAPI
	3693	NtSetLowWaitHighThread(
	3694	VOID);
	3695
	3696	NTOSAPI
	3697	NTSTATUS
	3698	NTAPI
	3699	ZwSetLowWaitHighThread(
	3700	VOID);
	3701
	3702	NTOSAPI
	3703	NTSTATUS
	3704	NTAPI
	3705	NtSetHighWaitLowThread(
	3706	VOID);
	3707
	3708	NTOSAPI
	3709	NTSTATUS
	3710	NTAPI
	3711	ZwSetHighWaitLowThread(
	3712	VOID);
	3713
	3714	NTOSAPI
	3715	NTSTATUS
	3716	NTAPI
	3717	NtLoadDriver(
	3718	/IN/ PUNICODE_STRING DriverServiceName);
	3719
	3720	NTOSAPI
	3721	NTSTATUS
	3722	NTAPI
	3723	ZwLoadDriver(
	3724	/IN/ PUNICODE_STRING DriverServiceName);
	3725
	3726	NTOSAPI
	3727	NTSTATUS
	3728	NTAPI
	3729	NtUnloadDriver(
	3730	/IN/ PUNICODE_STRING DriverServiceName);
	3731
	3732	NTOSAPI
	3733	NTSTATUS
	3734	NTAPI
	3735	ZwUnloadDriver(
	3736	/IN/ PUNICODE_STRING DriverServiceName);
	3737
	3738	NTOSAPI
	3739	NTSTATUS
	3740	NTAPI
	3741	NtFlushInstructionCache(
	3742	/IN/ HANDLE ProcessHandle,
	3743	/IN/ PVOID BaseAddress /OPTIONAL/,
	3744	/IN/ ULONG FlushSize);
	3745
	3746	NTOSAPI
	3747	NTSTATUS
	3748	NTAPI
	3749	ZwFlushInstructionCache(
	3750	/IN/ HANDLE ProcessHandle,
	3751	/IN/ PVOID BaseAddress /OPTIONAL/,
	3752	/IN/ ULONG FlushSize);
	3753
	3754	NTOSAPI
	3755	NTSTATUS
	3756	NTAPI
	3757	NtFlushWriteBuffer(
	3758	VOID);
	3759
	3760	NTOSAPI
	3761	NTSTATUS
	3762	NTAPI
	3763	ZwFlushWriteBuffer(
	3764	VOID);
	3765
	3766	NTOSAPI
	3767	NTSTATUS
	3768	NTAPI
	3769	NtQueryDefaultLocale(
	3770	/IN/ BOOLEAN ThreadOrSystem,
	3771	/OUT/ PLCID Locale);
	3772
	3773	NTOSAPI
	3774	NTSTATUS
	3775	NTAPI
	3776	ZwQueryDefaultLocale(
	3777	/IN/ BOOLEAN ThreadOrSystem,
	3778	/OUT/ PLCID Locale);
	3779
	3780	NTOSAPI
	3781	NTSTATUS
	3782	NTAPI
	3783	NtSetDefaultLocale(
	3784	/IN/ BOOLEAN ThreadOrSystem,
	3785	/IN/ LCID Locale);
	3786
	3787	NTOSAPI
	3788	NTSTATUS
	3789	NTAPI
	3790	ZwSetDefaultLocale(
	3791	/IN/ BOOLEAN ThreadOrSystem,
	3792	/IN/ LCID Locale);
	3793
	3794	NTOSAPI
	3795	NTSTATUS
	3796	NTAPI
	3797	NtQueryDefaultUILanguage(
	3798	/OUT/ PLANGID LanguageId);
	3799
	3800	NTOSAPI
	3801	NTSTATUS
	3802	NTAPI
	3803	ZwQueryDefaultUILanguage(
	3804	/OUT/ PLANGID LanguageId);
	3805
	3806	NTOSAPI
	3807	NTSTATUS
	3808	NTAPI
	3809	NtSetDefaultUILanguage(
	3810	/IN/ LANGID LanguageId);
	3811
	3812	NTOSAPI
	3813	NTSTATUS
	3814	NTAPI
	3815	ZwSetDefaultUILanguage(
	3816	/IN/ LANGID LanguageId);
	3817
	3818	NTOSAPI
	3819	NTSTATUS
	3820	NTAPI
	3821	NtQueryInstallUILanguage(
	3822	/OUT/ PLANGID LanguageId);
	3823
	3824	NTOSAPI
	3825	NTSTATUS
	3826	NTAPI
	3827	ZwQueryInstallUILanguage(
	3828	/OUT/ PLANGID LanguageId);
	3829
	3830	NTOSAPI
	3831	NTSTATUS
	3832	NTAPI
	3833	NtAllocateLocallyUniqueId(
	3834	/OUT/ PLUID Luid);
	3835
	3836	NTOSAPI
	3837	NTSTATUS
	3838	NTAPI
	3839	NtAllocateUuids(
	3840	/OUT/ PLARGE_INTEGER UuidLastTimeAllocated,
	3841	/OUT/ PULONG UuidDeltaTime,
	3842	/OUT/ PULONG UuidSequenceNumber,
	3843	/OUT/ PUCHAR UuidSeed);
	3844
	3845	NTOSAPI
	3846	NTSTATUS
	3847	NTAPI
	3848	ZwAllocateUuids(
	3849	/OUT/ PLARGE_INTEGER UuidLastTimeAllocated,
	3850	/OUT/ PULONG UuidDeltaTime,
	3851	/OUT/ PULONG UuidSequenceNumber,
	3852	/OUT/ PUCHAR UuidSeed);
	3853
	3854	NTOSAPI
	3855	NTSTATUS
	3856	NTAPI
	3857	NtSetUuidSeed(
	3858	/IN/ PUCHAR UuidSeed);
	3859
	3860	NTOSAPI
	3861	NTSTATUS
	3862	NTAPI
	3863	ZwSetUuidSeed(
	3864	/IN/ PUCHAR UuidSeed);
	3865
	3866	typedef enum _HARDERROR_RESPONSE_OPTION {
	3867	OptionAbortRetryIgnore,
	3868	OptionOk,
	3869	OptionOkCancel,
	3870	OptionRetryCancel,
	3871	OptionYesNo,
	3872	OptionYesNoCancel,
	3873	OptionShutdownSystem
	3874	} HARDERROR_RESPONSE_OPTION, *PHARDERROR_RESPONSE_OPTION;
	3875
	3876	typedef enum _HARDERROR_RESPONSE {
	3877	ResponseReturnToCaller,
	3878	ResponseNotHandled,
	3879	ResponseAbort,
	3880	ResponseCancel,
	3881	ResponseIgnore,
	3882	ResponseNo,
	3883	ResponseOk,
	3884	ResponseRetry,
	3885	ResponseYes
	3886	} HARDERROR_RESPONSE, *PHARDERROR_RESPONSE;
	3887
	3888	NTOSAPI
	3889	NTSTATUS
	3890	NTAPI
	3891	NtRaiseHardError(
	3892	/IN/ NTSTATUS Status,
	3893	/IN/ ULONG NumberOfArguments,
	3894	/IN/ ULONG StringArgumentsMask,
	3895	/IN/ PULONG Arguments,
	3896	/IN/ HARDERROR_RESPONSE_OPTION ResponseOption,
	3897	/OUT/ PHARDERROR_RESPONSE Response);
	3898
	3899	NTOSAPI
	3900	NTSTATUS
	3901	NTAPI
	3902	ZwRaiseHardError(
	3903	/IN/ NTSTATUS Status,
	3904	/IN/ ULONG NumberOfArguments,
	3905	/IN/ ULONG StringArgumentsMask,
	3906	/IN/ PULONG Arguments,
	3907	/IN/ HARDERROR_RESPONSE_OPTION ResponseOption,
	3908	/OUT/ PHARDERROR_RESPONSE Response);
	3909
	3910	NTOSAPI
	3911	NTSTATUS
	3912	NTAPI
	3913	NtSetDefaultHardErrorPort(
	3914	/IN/ HANDLE PortHandle);
	3915
	3916	NTOSAPI
	3917	NTSTATUS
	3918	NTAPI
	3919	ZwSetDefaultHardErrorPort(
	3920	/IN/ HANDLE PortHandle);
	3921
	3922	NTOSAPI
	3923	NTSTATUS
	3924	NTAPI
	3925	NtDisplayString(
	3926	/IN/ PUNICODE_STRING String);
	3927
	3928	NTOSAPI
	3929	NTSTATUS
	3930	NTAPI
	3931	ZwDisplayString(
	3932	/IN/ PUNICODE_STRING String);
	3933
	3934	NTOSAPI
	3935	NTSTATUS
	3936	NTAPI
	3937	NtCreatePagingFile(
	3938	/IN/ PUNICODE_STRING FileName,
	3939	/IN/ PULARGE_INTEGER InitialSize,
	3940	/IN/ PULARGE_INTEGER MaximumSize,
	3941	/IN/ ULONG Reserved);
	3942
	3943	NTOSAPI
	3944	NTSTATUS
	3945	NTAPI
	3946	ZwCreatePagingFile(
	3947	/IN/ PUNICODE_STRING FileName,
	3948	/IN/ PULARGE_INTEGER InitialSize,
	3949	/IN/ PULARGE_INTEGER MaximumSize,
	3950	/IN/ ULONG Reserved);
	3951
	3952	typedef USHORT RTL_ATOM, *PRTL_ATOM;
	3953
	3954	NTOSAPI
	3955	NTSTATUS
	3956	NTAPI
	3957	NtAddAtom(
	3958	/IN/ PWSTR AtomName,
	3959	/IN/ ULONG AtomNameLength,
	3960	/OUT/ PRTL_ATOM Atom);
	3961
	3962	NTOSAPI
	3963	NTSTATUS
	3964	NTAPI
	3965	ZwAddAtom(
	3966	/IN/ PWSTR AtomName,
	3967	/IN/ ULONG AtomNameLength,
	3968	/OUT/ PRTL_ATOM Atom);
	3969
	3970	NTOSAPI
	3971	NTSTATUS
	3972	NTAPI
	3973	NtFindAtom(
	3974	/IN/ PWSTR AtomName,
	3975	/IN/ ULONG AtomNameLength,
	3976	/OUT/ PRTL_ATOM Atom);
	3977
	3978	NTOSAPI
	3979	NTSTATUS
	3980	NTAPI
	3981	ZwFindAtom(
	3982	/IN/ PWSTR AtomName,
	3983	/IN/ ULONG AtomNameLength,
	3984	/OUT/ PRTL_ATOM Atom);
	3985
	3986	NTOSAPI
	3987	NTSTATUS
	3988	NTAPI
	3989	NtDeleteAtom(
	3990	/IN/ RTL_ATOM Atom);
	3991
	3992	NTOSAPI
	3993	NTSTATUS
	3994	NTAPI
	3995	ZwDeleteAtom(
	3996	/IN/ RTL_ATOM Atom);
	3997
	3998	typedef enum _ATOM_INFORMATION_CLASS {
	3999	AtomBasicInformation,
	4000	AtomListInformation
	4001	} ATOM_INFORMATION_CLASS;
	4002
	4003	NTOSAPI
	4004	NTSTATUS
	4005	NTAPI
	4006	NtQueryInformationAtom(
	4007	/IN/ RTL_ATOM Atom,
	4008	/IN/ ATOM_INFORMATION_CLASS AtomInformationClass,
	4009	/OUT/ PVOID AtomInformation,
	4010	/IN/ ULONG AtomInformationLength,
	4011	/OUT/ PULONG ReturnLength /OPTIONAL/);
	4012
	4013	NTOSAPI
	4014	NTSTATUS
	4015	NTAPI
	4016	ZwQueryInformationAtom(
	4017	/IN/ RTL_ATOM Atom,
	4018	/IN/ ATOM_INFORMATION_CLASS AtomInformationClass,
	4019	/OUT/ PVOID AtomInformation,
	4020	/IN/ ULONG AtomInformationLength,
	4021	/OUT/ PULONG ReturnLength /OPTIONAL/);
	4022
	4023	typedef struct _ATOM_BASIC_INFORMATION {
	4024	USHORT ReferenceCount;
	4025	USHORT Pinned;
	4026	USHORT NameLength;
	4027	WCHAR Name[1];
	4028	} ATOM_BASIC_INFORMATION, *PATOM_BASIC_INFORMATION;
	4029
	4030	typedef struct _ATOM_LIST_INFORMATION {
	4031	ULONG NumberOfAtoms;
	4032	ATOM Atoms[1];
	4033	} ATOM_LIST_INFORMATION, *PATOM_LIST_INFORMATION;
	4034
	4035	NTOSAPI
	4036	NTSTATUS
	4037	NTAPI
	4038	NtSetLdtEntries(
	4039	/IN/ ULONG Selector1,
	4040	/IN/ LDT_ENTRY LdtEntry1,
	4041	/IN/ ULONG Selector2,
	4042	/IN/ LDT_ENTRY LdtEntry2);
	4043
	4044	NTOSAPI
	4045	NTSTATUS
	4046	NTAPI
	4047	ZwSetLdtEntries(
	4048	/IN/ ULONG Selector1,
	4049	/IN/ LDT_ENTRY LdtEntry1,
	4050	/IN/ ULONG Selector2,
	4051	/IN/ LDT_ENTRY LdtEntry2);
	4052
	4053	NTOSAPI
	4054	NTSTATUS
	4055	NTAPI
	4056	NtVdmControl(
	4057	/IN/ ULONG ControlCode,
	4058	/IN/ PVOID ControlData);
	4059
	4060	NTOSAPI
	4061	NTSTATUS
	4062	NTAPI
	4063	ZwVdmControl(
	4064	/IN/ ULONG ControlCode,
	4065	/IN/ PVOID ControlData);
	4066
	4067	#pragma pack(pop)
	4068
	4069	#ifdef __cplusplus
	4070	}
	4071	#endif
	4072
	4073	#endif /* __NTAPI_H */

Note: See TracBrowser for help on using the repository browser.

Download in other formats: