Context Navigation

source: Daodan/MinGW/include/ddk/ntapi.h@ 1063

Last change on this file since 1063 was 1046, checked in by alloc, 8 years ago
Daodan: Added Windows MinGW and build batch file
File size: 90.7 KB

Line
1	/*
2	* ntapi.h
3	*
4	* Windows NT Native API
5	*
6	* Most structures in this file is obtained from Windows NT/2000 Native API
7	* Reference by Gary Nebbett, ISBN 1578701996.
8	*
9	* This file is part of the w32api package.
10	*
11	* Contributors:
12	* Created by Casper S. Hornstrup <chorns@users.sourceforge.net>
13	*
14	* THIS SOFTWARE IS NOT COPYRIGHTED
15	*
16	* This source code is offered for use in the public domain. You may
17	* use, modify or distribute it freely.
18	*
19	* This code is distributed in the hope that it will be useful but
20	* WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
21	* DISCLAIMED. This includes but is not limited to warranties of
22	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
23	*
24	*/
25
26	#ifndef __NTAPI_H
27	#define __NTAPI_H
28
29	#if __GNUC__ >= 3
30	#pragma GCC system_header
31	#endif
32
33	#ifdef __cplusplus
34	extern "C" {
35	#endif
36
37	#include <stdarg.h>
38	#include <winbase.h>
39	#include "ntddk.h"
40	#include "ntpoapi.h"
41
42	#pragma pack(push,4)
43
44	typedef struct _PEB *PPEB;
45
46	/* FIXME: Unknown definitions */
47	typedef PVOID POBJECT_TYPE_LIST;
48	typedef PVOID PEXECUTION_STATE;
49	typedef PVOID PLANGID;
50
51	#ifndef NtCurrentProcess
52	#define NtCurrentProcess() ((HANDLE)0xFFFFFFFF)
53	#endif /* NtCurrentProcess */
54	#ifndef NtCurrentThread
55	#define NtCurrentThread() ((HANDLE)0xFFFFFFFE)
56	#endif /* NtCurrentThread */
57
58	/* System information and control */
59
60	typedef enum _SYSTEM_INFORMATION_CLASS {
61	SystemInformationClassMin = 0,
62	SystemBasicInformation = 0,
63	SystemProcessorInformation = 1,
64	SystemPerformanceInformation = 2,
65	SystemTimeOfDayInformation = 3,
66	SystemPathInformation = 4,
67	SystemNotImplemented1 = 4,
68	SystemProcessInformation = 5,
69	SystemProcessesAndThreadsInformation = 5,
70	SystemCallCountInfoInformation = 6,
71	SystemCallCounts = 6,
72	SystemDeviceInformation = 7,
73	SystemConfigurationInformation = 7,
74	SystemProcessorPerformanceInformation = 8,
75	SystemProcessorTimes = 8,
76	SystemFlagsInformation = 9,
77	SystemGlobalFlag = 9,
78	SystemCallTimeInformation = 10,
79	SystemNotImplemented2 = 10,
80	SystemModuleInformation = 11,
81	SystemLocksInformation = 12,
82	SystemLockInformation = 12,
83	SystemStackTraceInformation = 13,
84	SystemNotImplemented3 = 13,
85	SystemPagedPoolInformation = 14,
86	SystemNotImplemented4 = 14,
87	SystemNonPagedPoolInformation = 15,
88	SystemNotImplemented5 = 15,
89	SystemHandleInformation = 16,
90	SystemObjectInformation = 17,
91	SystemPageFileInformation = 18,
92	SystemPagefileInformation = 18,
93	SystemVdmInstemulInformation = 19,
94	SystemInstructionEmulationCounts = 19,
95	SystemVdmBopInformation = 20,
96	SystemInvalidInfoClass1 = 20,
97	SystemFileCacheInformation = 21,
98	SystemCacheInformation = 21,
99	SystemPoolTagInformation = 22,
100	SystemInterruptInformation = 23,
101	SystemProcessorStatistics = 23,
102	SystemDpcBehaviourInformation = 24,
103	SystemDpcInformation = 24,
104	SystemFullMemoryInformation = 25,
105	SystemNotImplemented6 = 25,
106	SystemLoadImage = 26,
107	SystemUnloadImage = 27,
108	SystemTimeAdjustmentInformation = 28,
109	SystemTimeAdjustment = 28,
110	SystemSummaryMemoryInformation = 29,
111	SystemNotImplemented7 = 29,
112	SystemNextEventIdInformation = 30,
113	SystemNotImplemented8 = 30,
114	SystemEventIdsInformation = 31,
115	SystemNotImplemented9 = 31,
116	SystemCrashDumpInformation = 32,
117	SystemExceptionInformation = 33,
118	SystemCrashDumpStateInformation = 34,
119	SystemKernelDebuggerInformation = 35,
120	SystemContextSwitchInformation = 36,
121	SystemRegistryQuotaInformation = 37,
122	SystemLoadAndCallImage = 38,
123	SystemPrioritySeparation = 39,
124	SystemPlugPlayBusInformation = 40,
125	SystemNotImplemented10 = 40,
126	SystemDockInformation = 41,
127	SystemNotImplemented11 = 41,
128	/* SystemPowerInformation = 42, Conflicts with POWER_INFORMATION_LEVEL 1 */
129	SystemInvalidInfoClass2 = 42,
130	SystemProcessorSpeedInformation = 43,
131	SystemInvalidInfoClass3 = 43,
132	SystemCurrentTimeZoneInformation = 44,
133	SystemTimeZoneInformation = 44,
134	SystemLookasideInformation = 45,
135	SystemSetTimeSlipEvent = 46,
136	SystemCreateSession = 47,
137	SystemDeleteSession = 48,
138	SystemInvalidInfoClass4 = 49,
139	SystemRangeStartInformation = 50,
140	SystemVerifierInformation = 51,
141	SystemAddVerifier = 52,
142	SystemSessionProcessesInformation = 53,
143	SystemInformationClassMax
144	} SYSTEM_INFORMATION_CLASS;
145
146	typedef struct _SYSTEM_BASIC_INFORMATION {
147	ULONG Unknown;
148	ULONG MaximumIncrement;
149	ULONG PhysicalPageSize;
150	ULONG NumberOfPhysicalPages;
151	ULONG LowestPhysicalPage;
152	ULONG HighestPhysicalPage;
153	ULONG AllocationGranularity;
154	ULONG LowestUserAddress;
155	ULONG HighestUserAddress;
156	ULONG ActiveProcessors;
157	UCHAR NumberProcessors;
158	} SYSTEM_BASIC_INFORMATION, *PSYSTEM_BASIC_INFORMATION;
159
160	typedef struct _SYSTEM_PROCESSOR_INFORMATION {
161	USHORT ProcessorArchitecture;
162	USHORT ProcessorLevel;
163	USHORT ProcessorRevision;
164	USHORT Unknown;
165	ULONG FeatureBits;
166	} SYSTEM_PROCESSOR_INFORMATION, *PSYSTEM_PROCESSOR_INFORMATION;
167
168	typedef struct _SYSTEM_PERFORMANCE_INFORMATION {
169	LARGE_INTEGER IdleTime;
170	LARGE_INTEGER ReadTransferCount;
171	LARGE_INTEGER WriteTransferCount;
172	LARGE_INTEGER OtherTransferCount;
173	ULONG ReadOperationCount;
174	ULONG WriteOperationCount;
175	ULONG OtherOperationCount;
176	ULONG AvailablePages;
177	ULONG TotalCommittedPages;
178	ULONG TotalCommitLimit;
179	ULONG PeakCommitment;
180	ULONG PageFaults;
181	ULONG WriteCopyFaults;
182	ULONG TransitionFaults;
183	ULONG CacheTransitionFaults;
184	ULONG DemandZeroFaults;
185	ULONG PagesRead;
186	ULONG PageReadIos;
187	ULONG CacheReads;
188	ULONG CacheIos;
189	ULONG PagefilePagesWritten;
190	ULONG PagefilePageWriteIos;
191	ULONG MappedFilePagesWritten;
192	ULONG MappedFilePageWriteIos;
193	ULONG PagedPoolUsage;
194	ULONG NonPagedPoolUsage;
195	ULONG PagedPoolAllocs;
196	ULONG PagedPoolFrees;
197	ULONG NonPagedPoolAllocs;
198	ULONG NonPagedPoolFrees;
199	ULONG TotalFreeSystemPtes;
200	ULONG SystemCodePage;
201	ULONG TotalSystemDriverPages;
202	ULONG TotalSystemCodePages;
203	ULONG SmallNonPagedLookasideListAllocateHits;
204	ULONG SmallPagedLookasideListAllocateHits;
205	ULONG Reserved3;
206	ULONG MmSystemCachePage;
207	ULONG PagedPoolPage;
208	ULONG SystemDriverPage;
209	ULONG FastReadNoWait;
210	ULONG FastReadWait;
211	ULONG FastReadResourceMiss;
212	ULONG FastReadNotPossible;
213	ULONG FastMdlReadNoWait;
214	ULONG FastMdlReadWait;
215	ULONG FastMdlReadResourceMiss;
216	ULONG FastMdlReadNotPossible;
217	ULONG MapDataNoWait;
218	ULONG MapDataWait;
219	ULONG MapDataNoWaitMiss;
220	ULONG MapDataWaitMiss;
221	ULONG PinMappedDataCount;
222	ULONG PinReadNoWait;
223	ULONG PinReadWait;
224	ULONG PinReadNoWaitMiss;
225	ULONG PinReadWaitMiss;
226	ULONG CopyReadNoWait;
227	ULONG CopyReadWait;
228	ULONG CopyReadNoWaitMiss;
229	ULONG CopyReadWaitMiss;
230	ULONG MdlReadNoWait;
231	ULONG MdlReadWait;
232	ULONG MdlReadNoWaitMiss;
233	ULONG MdlReadWaitMiss;
234	ULONG ReadAheadIos;
235	ULONG LazyWriteIos;
236	ULONG LazyWritePages;
237	ULONG DataFlushes;
238	ULONG DataPages;
239	ULONG ContextSwitches;
240	ULONG FirstLevelTbFills;
241	ULONG SecondLevelTbFills;
242	ULONG SystemCalls;
243	} SYSTEM_PERFORMANCE_INFORMATION, *PSYSTEM_PERFORMANCE_INFORMATION;
244
245	typedef struct _SYSTEM_TIME_OF_DAY_INFORMATION {
246	LARGE_INTEGER BootTime;
247	LARGE_INTEGER CurrentTime;
248	LARGE_INTEGER TimeZoneBias;
249	ULONG CurrentTimeZoneId;
250	} SYSTEM_TIME_OF_DAY_INFORMATION, *PSYSTEM_TIME_OF_DAY_INFORMATION;
251
252	typedef struct _VM_COUNTERS {
253	ULONG PeakVirtualSize;
254	ULONG VirtualSize;
255	ULONG PageFaultCount;
256	ULONG PeakWorkingSetSize;
257	ULONG WorkingSetSize;
258	ULONG QuotaPeakPagedPoolUsage;
259	ULONG QuotaPagedPoolUsage;
260	ULONG QuotaPeakNonPagedPoolUsage;
261	ULONG QuotaNonPagedPoolUsage;
262	ULONG PagefileUsage;
263	ULONG PeakPagefileUsage;
264	} VM_COUNTERS;
265
266	typedef enum _THREAD_STATE {
267	StateInitialized,
268	StateReady,
269	StateRunning,
270	StateStandby,
271	StateTerminated,
272	StateWait,
273	StateTransition,
274	StateUnknown
275	} THREAD_STATE;
276
277	typedef struct _SYSTEM_THREADS {
278	LARGE_INTEGER KernelTime;
279	LARGE_INTEGER UserTime;
280	LARGE_INTEGER CreateTime;
281	ULONG WaitTime;
282	PVOID StartAddress;
283	CLIENT_ID ClientId;
284	KPRIORITY Priority;
285	KPRIORITY BasePriority;
286	ULONG ContextSwitchCount;
287	THREAD_STATE State;
288	KWAIT_REASON WaitReason;
289	} SYSTEM_THREADS, *PSYSTEM_THREADS;
290
291	typedef struct _SYSTEM_PROCESSES {
292	ULONG NextEntryDelta;
293	ULONG ThreadCount;
294	ULONG Reserved1[6];
295	LARGE_INTEGER CreateTime;
296	LARGE_INTEGER UserTime;
297	LARGE_INTEGER KernelTime;
298	UNICODE_STRING ProcessName;
299	KPRIORITY BasePriority;
300	ULONG ProcessId;
301	ULONG InheritedFromProcessId;
302	ULONG HandleCount;
303	ULONG Reserved2[2];
304	VM_COUNTERS VmCounters;
305	IO_COUNTERS IoCounters;
306	SYSTEM_THREADS Threads[1];
307	} SYSTEM_PROCESSES, *PSYSTEM_PROCESSES;
308
309	typedef struct _SYSTEM_CALLS_INFORMATION {
310	ULONG Size;
311	ULONG NumberOfDescriptorTables;
312	ULONG NumberOfRoutinesInTable[1];
313	ULONG CallCounts[ANYSIZE_ARRAY];
314	} SYSTEM_CALLS_INFORMATION, *PSYSTEM_CALLS_INFORMATION;
315
316	typedef struct _SYSTEM_CONFIGURATION_INFORMATION {
317	ULONG DiskCount;
318	ULONG FloppyCount;
319	ULONG CdRomCount;
320	ULONG TapeCount;
321	ULONG SerialCount;
322	ULONG ParallelCount;
323	} SYSTEM_CONFIGURATION_INFORMATION, *PSYSTEM_CONFIGURATION_INFORMATION;
324
325	typedef struct _SYSTEM_PROCESSOR_TIMES {
326	LARGE_INTEGER IdleTime;
327	LARGE_INTEGER KernelTime;
328	LARGE_INTEGER UserTime;
329	LARGE_INTEGER DpcTime;
330	LARGE_INTEGER InterruptTime;
331	ULONG InterruptCount;
332	} SYSTEM_PROCESSOR_TIMES, *PSYSTEM_PROCESSOR_TIMES;
333
334	/* SYSTEM_GLOBAL_FLAG.GlobalFlag constants */
335	#define FLG_STOP_ON_EXCEPTION 0x00000001
336	#define FLG_SHOW_LDR_SNAPS 0x00000002
337	#define FLG_DEBUG_INITIAL_COMMAND 0x00000004
338	#define FLG_STOP_ON_HUNG_GUI 0x00000008
339	#define FLG_HEAP_ENABLE_TAIL_CHECK 0x00000010
340	#define FLG_HEAP_ENABLE_FREE_CHECK 0x00000020
341	#define FLG_HEAP_VALIDATE_PARAMETERS 0x00000040
342	#define FLG_HEAP_VALIDATE_ALL 0x00000080
343	#define FLG_POOL_ENABLE_TAIL_CHECK 0x00000100
344	#define FLG_POOL_ENABLE_FREE_CHECK 0x00000200
345	#define FLG_POOL_ENABLE_TAGGING 0x00000400
346	#define FLG_HEAP_ENABLE_TAGGING 0x00000800
347	#define FLG_USER_STACK_TRACE_DB 0x00001000
348	#define FLG_KERNEL_STACK_TRACE_DB 0x00002000
349	#define FLG_MAINTAIN_OBJECT_TYPELIST 0x00004000
350	#define FLG_HEAP_ENABLE_TAG_BY_DLL 0x00008000
351	#define FLG_IGNORE_DEBUG_PRIV 0x00010000
352	#define FLG_ENABLE_CSRDEBUG 0x00020000
353	#define FLG_ENABLE_KDEBUG_SYMBOL_LOAD 0x00040000
354	#define FLG_DISABLE_PAGE_KERNEL_STACKS 0x00080000
355	#define FLG_HEAP_ENABLE_CALL_TRACING 0x00100000
356	#define FLG_HEAP_DISABLE_COALESCING 0x00200000
357	#define FLG_ENABLE_CLOSE_EXCEPTIONS 0x00400000
358	#define FLG_ENABLE_EXCEPTION_LOGGING 0x00800000
359	#define FLG_ENABLE_DBGPRINT_BUFFERING 0x08000000
360
361	typedef struct _SYSTEM_GLOBAL_FLAG {
362	ULONG GlobalFlag;
363	} SYSTEM_GLOBAL_FLAG, *PSYSTEM_GLOBAL_FLAG;
364
365	typedef struct _SYSTEM_MODULE_INFORMATION_ENTRY {
366	ULONG Unknown1;
367	ULONG Unknown2;
368	PVOID Base;
369	ULONG Size;
370	ULONG Flags;
371	USHORT Index;
372	/* Length of module name not including the path, this
373	field contains valid value only for NTOSKRNL module */
374	USHORT NameLength;
375	USHORT LoadCount;
376	USHORT PathLength;
377	CHAR ImageName[256];
378	} SYSTEM_MODULE_INFORMATION_ENTRY, *PSYSTEM_MODULE_INFORMATION_ENTRY;
379
380	typedef struct _SYSTEM_MODULE_INFORMATION {
381	ULONG Count;
382	SYSTEM_MODULE_INFORMATION_ENTRY Module[1];
383	} SYSTEM_MODULE_INFORMATION, *PSYSTEM_MODULE_INFORMATION;
384
385	typedef struct _SYSTEM_LOCK_INFORMATION {
386	PVOID Address;
387	USHORT Type;
388	USHORT Reserved1;
389	ULONG ExclusiveOwnerThreadId;
390	ULONG ActiveCount;
391	ULONG ContentionCount;
392	ULONG Reserved2[2];
393	ULONG NumberOfSharedWaiters;
394	ULONG NumberOfExclusiveWaiters;
395	} SYSTEM_LOCK_INFORMATION, *PSYSTEM_LOCK_INFORMATION;
396
397	/SYSTEM_HANDLE_INFORMATION.Flags cosntants /
398	#define PROTECT_FROM_CLOSE 0x01
399	#define INHERIT 0x02
400
401	typedef struct _SYSTEM_HANDLE_INFORMATION {
402	ULONG ProcessId;
403	UCHAR ObjectTypeNumber;
404	UCHAR Flags;
405	USHORT Handle;
406	PVOID Object;
407	ACCESS_MASK GrantedAccess;
408	} SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;
409
410	typedef struct _SYSTEM_OBJECT_TYPE_INFORMATION {
411	ULONG NextEntryOffset;
412	ULONG ObjectCount;
413	ULONG HandleCount;
414	ULONG TypeNumber;
415	ULONG InvalidAttributes;
416	GENERIC_MAPPING GenericMapping;
417	ACCESS_MASK ValidAccessMask;
418	POOL_TYPE PoolType;
419	UCHAR Unknown;
420	UNICODE_STRING Name;
421	} SYSTEM_OBJECT_TYPE_INFORMATION, *PSYSTEM_OBJECT_TYPE_INFORMATION;
422
423	/* SYSTEM_OBJECT_INFORMATION.Flags constants */
424	#define FLG_SYSOBJINFO_SINGLE_HANDLE_ENTRY 0x40
425	#define FLG_SYSOBJINFO_DEFAULT_SECURITY_QUOTA 0x20
426	#define FLG_SYSOBJINFO_PERMANENT 0x10
427	#define FLG_SYSOBJINFO_EXCLUSIVE 0x08
428	#define FLG_SYSOBJINFO_CREATOR_INFO 0x04
429	#define FLG_SYSOBJINFO_KERNEL_MODE 0x02
430
431	typedef struct _SYSTEM_OBJECT_INFORMATION {
432	ULONG NextEntryOffset;
433	PVOID Object;
434	ULONG CreatorProcessId;
435	USHORT Unknown;
436	USHORT Flags;
437	ULONG PointerCount;
438	ULONG HandleCount;
439	ULONG PagedPoolUsage;
440	ULONG NonPagedPoolUsage;
441	ULONG ExclusiveProcessId;
442	PSECURITY_DESCRIPTOR SecurityDescriptor;
443	UNICODE_STRING Name;
444	} SYSTEM_OBJECT_INFORMATION, *PSYSTEM_OBJECT_INFORMATION;
445
446	typedef struct _SYSTEM_PAGEFILE_INFORMATION {
447	ULONG NextEntryOffset;
448	ULONG CurrentSize;
449	ULONG TotalUsed;
450	ULONG PeakUsed;
451	UNICODE_STRING FileName;
452	} SYSTEM_PAGEFILE_INFORMATION, *PSYSTEM_PAGEFILE_INFORMATION;
453
454	typedef struct _SYSTEM_INSTRUCTION_EMULATION_INFORMATION {
455	ULONG SegmentNotPresent;
456	ULONG TwoByteOpcode;
457	ULONG ESprefix;
458	ULONG CSprefix;
459	ULONG SSprefix;
460	ULONG DSprefix;
461	ULONG FSPrefix;
462	ULONG GSprefix;
463	ULONG OPER32prefix;
464	ULONG ADDR32prefix;
465	ULONG INSB;
466	ULONG INSW;
467	ULONG OUTSB;
468	ULONG OUTSW;
469	ULONG PUSHFD;
470	ULONG POPFD;
471	ULONG INTnn;
472	ULONG INTO;
473	ULONG IRETD;
474	ULONG INBimm;
475	ULONG INWimm;
476	ULONG OUTBimm;
477	ULONG OUTWimm;
478	ULONG INB;
479	ULONG INW;
480	ULONG OUTB;
481	ULONG OUTW;
482	ULONG LOCKprefix;
483	ULONG REPNEprefix;
484	ULONG REPprefix;
485	ULONG HLT;
486	ULONG CLI;
487	ULONG STI;
488	ULONG GenericInvalidOpcode;
489	} SYSTEM_INSTRUCTION_EMULATION_INFORMATION, *PSYSTEM_INSTRUCTION_EMULATION_INFORMATION;
490
491	typedef struct _SYSTEM_POOL_TAG_INFORMATION {
492	CHAR Tag[4];
493	ULONG PagedPoolAllocs;
494	ULONG PagedPoolFrees;
495	ULONG PagedPoolUsage;
496	ULONG NonPagedPoolAllocs;
497	ULONG NonPagedPoolFrees;
498	ULONG NonPagedPoolUsage;
499	} SYSTEM_POOL_TAG_INFORMATION, *PSYSTEM_POOL_TAG_INFORMATION;
500
501	typedef struct _SYSTEM_PROCESSOR_STATISTICS {
502	ULONG ContextSwitches;
503	ULONG DpcCount;
504	ULONG DpcRequestRate;
505	ULONG TimeIncrement;
506	ULONG DpcBypassCount;
507	ULONG ApcBypassCount;
508	} SYSTEM_PROCESSOR_STATISTICS, *PSYSTEM_PROCESSOR_STATISTICS;
509
510	typedef struct _SYSTEM_DPC_INFORMATION {
511	ULONG Reserved;
512	ULONG MaximumDpcQueueDepth;
513	ULONG MinimumDpcRate;
514	ULONG AdjustDpcThreshold;
515	ULONG IdealDpcRate;
516	} SYSTEM_DPC_INFORMATION, *PSYSTEM_DPC_INFORMATION;
517
518	typedef struct _SYSTEM_LOAD_IMAGE {
519	UNICODE_STRING ModuleName;
520	PVOID ModuleBase;
521	PVOID SectionPointer;
522	PVOID EntryPoint;
523	PVOID ExportDirectory;
524	} SYSTEM_LOAD_IMAGE, *PSYSTEM_LOAD_IMAGE;
525
526	typedef struct _SYSTEM_UNLOAD_IMAGE {
527	PVOID ModuleBase;
528	} SYSTEM_UNLOAD_IMAGE, *PSYSTEM_UNLOAD_IMAGE;
529
530	typedef struct _SYSTEM_QUERY_TIME_ADJUSTMENT {
531	ULONG TimeAdjustment;
532	ULONG MaximumIncrement;
533	BOOLEAN TimeSynchronization;
534	} SYSTEM_QUERY_TIME_ADJUSTMENT, *PSYSTEM_QUERY_TIME_ADJUSTMENT;
535
536	typedef struct _SYSTEM_SET_TIME_ADJUSTMENT {
537	ULONG TimeAdjustment;
538	BOOLEAN TimeSynchronization;
539	} SYSTEM_SET_TIME_ADJUSTMENT, *PSYSTEM_SET_TIME_ADJUSTMENT;
540
541	typedef struct _SYSTEM_CRASH_DUMP_INFORMATION {
542	HANDLE CrashDumpSectionHandle;
543	HANDLE Unknown;
544	} SYSTEM_CRASH_DUMP_INFORMATION, *PSYSTEM_CRASH_DUMP_INFORMATION;
545
546	typedef struct _SYSTEM_EXCEPTION_INFORMATION {
547	ULONG AlignmentFixupCount;
548	ULONG ExceptionDispatchCount;
549	ULONG FloatingEmulationCount;
550	ULONG Reserved;
551	} SYSTEM_EXCEPTION_INFORMATION, *PSYSTEM_EXCEPTION_INFORMATION;
552
553	typedef struct _SYSTEM_CRASH_DUMP_STATE_INFORMATION {
554	ULONG CrashDumpSectionExists;
555	ULONG Unknown;
556	} SYSTEM_CRASH_DUMP_STATE_INFORMATION, *PSYSTEM_CRASH_DUMP_STATE_INFORMATION;
557
558	typedef struct _SYSTEM_KERNEL_DEBUGGER_INFORMATION {
559	BOOLEAN DebuggerEnabled;
560	BOOLEAN DebuggerNotPresent;
561	} SYSTEM_KERNEL_DEBUGGER_INFORMATION, *PSYSTEM_KERNEL_DEBUGGER_INFORMATION;
562
563	typedef struct _SYSTEM_CONTEXT_SWITCH_INFORMATION {
564	ULONG ContextSwitches;
565	ULONG ContextSwitchCounters[11];
566	} SYSTEM_CONTEXT_SWITCH_INFORMATION, *PSYSTEM_CONTEXT_SWITCH_INFORMATION;
567
568	typedef struct _SYSTEM_REGISTRY_QUOTA_INFORMATION {
569	ULONG RegistryQuota;
570	ULONG RegistryQuotaInUse;
571	ULONG PagedPoolSize;
572	} SYSTEM_REGISTRY_QUOTA_INFORMATION, *PSYSTEM_REGISTRY_QUOTA_INFORMATION;
573
574	typedef struct _SYSTEM_LOAD_AND_CALL_IMAGE {
575	UNICODE_STRING ModuleName;
576	} SYSTEM_LOAD_AND_CALL_IMAGE, *PSYSTEM_LOAD_AND_CALL_IMAGE;
577
578	typedef struct _SYSTEM_PRIORITY_SEPARATION {
579	ULONG PrioritySeparation;
580	} SYSTEM_PRIORITY_SEPARATION, *PSYSTEM_PRIORITY_SEPARATION;
581
582	typedef struct _SYSTEM_TIME_ZONE_INFORMATION {
583	LONG Bias;
584	WCHAR StandardName[32];
585	LARGE_INTEGER StandardDate;
586	LONG StandardBias;
587	WCHAR DaylightName[32];
588	LARGE_INTEGER DaylightDate;
589	LONG DaylightBias;
590	} SYSTEM_TIME_ZONE_INFORMATION, *PSYSTEM_TIME_ZONE_INFORMATION;
591
592	typedef struct _SYSTEM_LOOKASIDE_INFORMATION {
593	USHORT Depth;
594	USHORT MaximumDepth;
595	ULONG TotalAllocates;
596	ULONG AllocateMisses;
597	ULONG TotalFrees;
598	ULONG FreeMisses;
599	POOL_TYPE Type;
600	ULONG Tag;
601	ULONG Size;
602	} SYSTEM_LOOKASIDE_INFORMATION, *PSYSTEM_LOOKASIDE_INFORMATION;
603
604	typedef struct _SYSTEM_SET_TIME_SLIP_EVENT {
605	HANDLE TimeSlipEvent;
606	} SYSTEM_SET_TIME_SLIP_EVENT, *PSYSTEM_SET_TIME_SLIP_EVENT;
607
608	typedef struct _SYSTEM_CREATE_SESSION {
609	ULONG SessionId;
610	} SYSTEM_CREATE_SESSION, *PSYSTEM_CREATE_SESSION;
611
612	typedef struct _SYSTEM_DELETE_SESSION {
613	ULONG SessionId;
614	} SYSTEM_DELETE_SESSION, *PSYSTEM_DELETE_SESSION;
615
616	typedef struct _SYSTEM_RANGE_START_INFORMATION {
617	PVOID SystemRangeStart;
618	} SYSTEM_RANGE_START_INFORMATION, *PSYSTEM_RANGE_START_INFORMATION;
619
620	typedef struct _SYSTEM_SESSION_PROCESSES_INFORMATION {
621	ULONG SessionId;
622	ULONG BufferSize;
623	PVOID Buffer;
624	} SYSTEM_SESSION_PROCESSES_INFORMATION, *PSYSTEM_SESSION_PROCESSES_INFORMATION;
625
626	typedef struct _SYSTEM_POOL_BLOCK {
627	BOOLEAN Allocated;
628	USHORT Unknown;
629	ULONG Size;
630	CHAR Tag[4];
631	} SYSTEM_POOL_BLOCK, *PSYSTEM_POOL_BLOCK;
632
633	typedef struct _SYSTEM_POOL_BLOCKS_INFORMATION {
634	ULONG PoolSize;
635	PVOID PoolBase;
636	USHORT Unknown;
637	ULONG NumberOfBlocks;
638	SYSTEM_POOL_BLOCK PoolBlocks[1];
639	} SYSTEM_POOL_BLOCKS_INFORMATION, *PSYSTEM_POOL_BLOCKS_INFORMATION;
640
641	typedef struct _SYSTEM_MEMORY_USAGE {
642	PVOID Name;
643	USHORT Valid;
644	USHORT Standby;
645	USHORT Modified;
646	USHORT PageTables;
647	} SYSTEM_MEMORY_USAGE, *PSYSTEM_MEMORY_USAGE;
648
649	typedef struct _SYSTEM_MEMORY_USAGE_INFORMATION {
650	ULONG Reserved;
651	PVOID EndOfData;
652	SYSTEM_MEMORY_USAGE MemoryUsage[1];
653	} SYSTEM_MEMORY_USAGE_INFORMATION, *PSYSTEM_MEMORY_USAGE_INFORMATION;
654
655	NTOSAPI
656	NTSTATUS
657	NTAPI
658	NtQuerySystemInformation(
659	/IN/ SYSTEM_INFORMATION_CLASS SystemInformationClass,
660	/IN OUT/ PVOID SystemInformation,
661	/IN/ ULONG SystemInformationLength,
662	/OUT/ PULONG ReturnLength /OPTIONAL/);
663
664	NTOSAPI
665	NTSTATUS
666	NTAPI
667	ZwQuerySystemInformation(
668	/IN/ SYSTEM_INFORMATION_CLASS SystemInformationClass,
669	/IN OUT/ PVOID SystemInformation,
670	/IN/ ULONG SystemInformationLength,
671	/OUT/ PULONG ReturnLength /OPTIONAL/);
672
673	NTOSAPI
674	NTAPI
675	NTSTATUS
676	NtQueryFullAttributesFile(
677	/IN/ POBJECT_ATTRIBUTES ObjectAttributes,
678	/OUT/ PFILE_NETWORK_OPEN_INFORMATION FileInformation);
679
680	NTOSAPI
681	NTAPI
682	NTSTATUS
683	ZwQueryFullAttributesFile(
684	/IN/ POBJECT_ATTRIBUTES ObjectAttributes,
685	/OUT/ PFILE_NETWORK_OPEN_INFORMATION FileInformation);
686
687	NTOSAPI
688	NTSTATUS
689	NTAPI
690	NtSetSystemInformation(
691	/IN/ SYSTEM_INFORMATION_CLASS SystemInformationClass,
692	/IN OUT/ PVOID SystemInformation,
693	/IN/ ULONG SystemInformationLength);
694
695	NTOSAPI
696	NTSTATUS
697	NTAPI
698	ZwSetSystemInformation(
699	/IN/ SYSTEM_INFORMATION_CLASS SystemInformationClass,
700	/IN OUT/ PVOID SystemInformation,
701	/IN/ ULONG SystemInformationLength);
702
703	NTOSAPI
704	NTSTATUS
705	NTAPI
706	NtQuerySystemEnvironmentValue(
707	/IN/ PUNICODE_STRING Name,
708	/OUT/ PVOID Value,
709	/IN/ ULONG ValueLength,
710	/OUT/ PULONG ReturnLength /OPTIONAL/);
711
712	NTOSAPI
713	NTSTATUS
714	NTAPI
715	ZwQuerySystemEnvironmentValue(
716	/IN/ PUNICODE_STRING Name,
717	/OUT/ PVOID Value,
718	/IN/ ULONG ValueLength,
719	/OUT/ PULONG ReturnLength /OPTIONAL/);
720
721	NTOSAPI
722	NTSTATUS
723	NTAPI
724	NtSetSystemEnvironmentValue(
725	/IN/ PUNICODE_STRING Name,
726	/IN/ PUNICODE_STRING Value);
727
728	NTOSAPI
729	NTSTATUS
730	NTAPI
731	ZwSetSystemEnvironmentValue(
732	/IN/ PUNICODE_STRING Name,
733	/IN/ PUNICODE_STRING Value);
734
735	typedef enum _SHUTDOWN_ACTION {
736	ShutdownNoReboot,
737	ShutdownReboot,
738	ShutdownPowerOff
739	} SHUTDOWN_ACTION;
740
741	NTOSAPI
742	NTSTATUS
743	NTAPI
744	NtShutdownSystem(
745	/IN/ SHUTDOWN_ACTION Action);
746
747	NTOSAPI
748	NTSTATUS
749	NTAPI
750	ZwShutdownSystem(
751	/IN/ SHUTDOWN_ACTION Action);
752
753	typedef enum _DEBUG_CONTROL_CODE {
754	DebugGetTraceInformation = 1,
755	DebugSetInternalBreakpoint,
756	DebugSetSpecialCall,
757	DebugClearSpecialCalls,
758	DebugQuerySpecialCalls,
759	DebugDbgBreakPoint,
760	DebugMaximum
761	} DEBUG_CONTROL_CODE;
762
763
764	NTOSAPI
765	NTSTATUS
766	NTAPI
767	NtSystemDebugControl(
768	/IN/ DEBUG_CONTROL_CODE ControlCode,
769	/IN/ PVOID InputBuffer /OPTIONAL/,
770	/IN/ ULONG InputBufferLength,
771	/OUT/ PVOID OutputBuffer /OPTIONAL/,
772	/IN/ ULONG OutputBufferLength,
773	/OUT/ PULONG ReturnLength /OPTIONAL/);
774
775	NTOSAPI
776	NTSTATUS
777	NTAPI
778	ZwSystemDebugControl(
779	/IN/ DEBUG_CONTROL_CODE ControlCode,
780	/IN/ PVOID InputBuffer /OPTIONAL/,
781	/IN/ ULONG InputBufferLength,
782	/OUT/ PVOID OutputBuffer /OPTIONAL/,
783	/IN/ ULONG OutputBufferLength,
784	/OUT/ PULONG ReturnLength /OPTIONAL/);
785
786
787
788	/* Objects, Object directories, and symbolic links */
789
790	typedef enum _OBJECT_INFORMATION_CLASS {
791	ObjectBasicInformation,
792	ObjectNameInformation,
793	ObjectTypeInformation,
794	ObjectAllTypesInformation,
795	ObjectHandleInformation
796	} OBJECT_INFORMATION_CLASS;
797
798	NTOSAPI
799	NTSTATUS
800	NTAPI
801	NtQueryObject(
802	/IN/ HANDLE ObjectHandle,
803	/IN/ OBJECT_INFORMATION_CLASS ObjectInformationClass,
804	/OUT/ PVOID ObjectInformation,
805	/IN/ ULONG ObjectInformationLength,
806	/OUT/ PULONG ReturnLength /OPTIONAL/);
807
808	NTOSAPI
809	NTSTATUS
810	NTAPI
811	ZwQueryObject(
812	/IN/ HANDLE ObjectHandle,
813	/IN/ OBJECT_INFORMATION_CLASS ObjectInformationClass,
814	/OUT/ PVOID ObjectInformation,
815	/IN/ ULONG ObjectInformationLength,
816	/OUT/ PULONG ReturnLength /OPTIONAL/);
817
818	NTOSAPI
819	NTSTATUS
820	NTAPI
821	NtSetInformationObject(
822	/IN/ HANDLE ObjectHandle,
823	/IN/ OBJECT_INFORMATION_CLASS ObjectInformationClass,
824	/IN/ PVOID ObjectInformation,
825	/IN/ ULONG ObjectInformationLength);
826
827	NTOSAPI
828	NTSTATUS
829	NTAPI
830	ZwSetInformationObject(
831	/IN/ HANDLE ObjectHandle,
832	/IN/ OBJECT_INFORMATION_CLASS ObjectInformationClass,
833	/IN/ PVOID ObjectInformation,
834	/IN/ ULONG ObjectInformationLength);
835
836	/* OBJECT_BASIC_INFORMATION.Attributes constants */
837	/* also in winbase.h */
838	#define HANDLE_FLAG_INHERIT 0x01
839	#define HANDLE_FLAG_PROTECT_FROM_CLOSE 0x02
840	/* end winbase.h */
841	#define PERMANENT 0x10
842	#define EXCLUSIVE 0x20
843
844	typedef struct _OBJECT_BASIC_INFORMATION {
845	ULONG Attributes;
846	ACCESS_MASK GrantedAccess;
847	ULONG HandleCount;
848	ULONG PointerCount;
849	ULONG PagedPoolUsage;
850	ULONG NonPagedPoolUsage;
851	ULONG Reserved[3];
852	ULONG NameInformationLength;
853	ULONG TypeInformationLength;
854	ULONG SecurityDescriptorLength;
855	LARGE_INTEGER CreateTime;
856	} OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION;
857	#if 0
858	/* FIXME: Enable later */
859	typedef struct _OBJECT_TYPE_INFORMATION {
860	UNICODE_STRING Name;
861	ULONG ObjectCount;
862	ULONG HandleCount;
863	ULONG Reserved1[4];
864	ULONG PeakObjectCount;
865	ULONG PeakHandleCount;
866	ULONG Reserved2[4];
867	ULONG InvalidAttributes;
868	GENERIC_MAPPING GenericMapping;
869	ULONG ValidAccess;
870	UCHAR Unknown;
871	BOOLEAN MaintainHandleDatabase;
872	POOL_TYPE PoolType;
873	ULONG PagedPoolUsage;
874	ULONG NonPagedPoolUsage;
875	} OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION;
876
877	typedef struct _OBJECT_ALL_TYPES_INFORMATION {
878	ULONG NumberOfTypes;
879	OBJECT_TYPE_INFORMATION TypeInformation;
880	} OBJECT_ALL_TYPES_INFORMATION, *POBJECT_ALL_TYPES_INFORMATION;
881	#endif
882	typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFORMATION {
883	BOOLEAN Inherit;
884	BOOLEAN ProtectFromClose;
885	} OBJECT_HANDLE_ATTRIBUTE_INFORMATION, *POBJECT_HANDLE_ATTRIBUTE_INFORMATION;
886
887	NTOSAPI
888	NTSTATUS
889	NTAPI
890	NtDuplicateObject(
891	/IN/ HANDLE SourceProcessHandle,
892	/IN/ HANDLE SourceHandle,
893	/IN/ HANDLE TargetProcessHandle,
894	/OUT/ PHANDLE TargetHandle /OPTIONAL/,
895	/IN/ ACCESS_MASK DesiredAccess,
896	/IN/ ULONG Attributes,
897	/IN/ ULONG Options);
898
899	NTOSAPI
900	NTSTATUS
901	NTAPI
902	ZwDuplicateObject(
903	/IN/ HANDLE SourceProcessHandle,
904	/IN/ HANDLE SourceHandle,
905	/IN/ HANDLE TargetProcessHandle,
906	/OUT/ PHANDLE TargetHandle /OPTIONAL/,
907	/IN/ ACCESS_MASK DesiredAccess,
908	/IN/ ULONG Attributes,
909	/IN/ ULONG Options);
910
911	NTOSAPI
912	NTSTATUS
913	NTAPI
914	NtQuerySecurityObject(
915	/IN/ HANDLE Handle,
916	/IN/ SECURITY_INFORMATION SecurityInformation,
917	/OUT/ PSECURITY_DESCRIPTOR SecurityDescriptor,
918	/IN/ ULONG SecurityDescriptorLength,
919	/OUT/ PULONG ReturnLength);
920
921	NTOSAPI
922	NTSTATUS
923	NTAPI
924	ZwQuerySecurityObject(
925	/IN/ HANDLE Handle,
926	/IN/ SECURITY_INFORMATION SecurityInformation,
927	/OUT/ PSECURITY_DESCRIPTOR SecurityDescriptor,
928	/IN/ ULONG SecurityDescriptorLength,
929	/OUT/ PULONG ReturnLength);
930
931	NTOSAPI
932	NTSTATUS
933	NTAPI
934	NtSetSecurityObject(
935	/IN/ HANDLE Handle,
936	/IN/ SECURITY_INFORMATION SecurityInformation,
937	/IN/ PSECURITY_DESCRIPTOR SecurityDescriptor);
938
939	NTOSAPI
940	NTSTATUS
941	NTAPI
942	ZwSetSecurityObject(
943	/IN/ HANDLE Handle,
944	/IN/ SECURITY_INFORMATION SecurityInformation,
945	/IN/ PSECURITY_DESCRIPTOR SecurityDescriptor);
946
947	NTOSAPI
948	NTSTATUS
949	NTAPI
950	NtOpenDirectoryObject(
951	/OUT/ PHANDLE DirectoryHandle,
952	/IN/ ACCESS_MASK DesiredAccess,
953	/IN/ POBJECT_ATTRIBUTES ObjectAttributes);
954
955	NTOSAPI
956	NTSTATUS
957	NTAPI
958	ZwOpenDirectoryObject(
959	/OUT/ PHANDLE DirectoryHandle,
960	/IN/ ACCESS_MASK DesiredAccess,
961	/IN/ POBJECT_ATTRIBUTES ObjectAttributes);
962
963	NTOSAPI
964	NTSTATUS
965	NTAPI
966	NtQueryDirectoryObject(
967	/IN/ HANDLE DirectoryHandle,
968	/OUT/ PVOID Buffer,
969	/IN/ ULONG BufferLength,
970	/IN/ BOOLEAN ReturnSingleEntry,
971	/IN/ BOOLEAN RestartScan,
972	/IN OUT/ PULONG Context,
973	/OUT/ PULONG ReturnLength /OPTIONAL/);
974
975	NTOSAPI
976	NTSTATUS
977	NTAPI
978	ZwQueryDirectoryObject(
979	/IN/ HANDLE DirectoryHandle,
980	/OUT/ PVOID Buffer,
981	/IN/ ULONG BufferLength,
982	/IN/ BOOLEAN ReturnSingleEntry,
983	/IN/ BOOLEAN RestartScan,
984	/IN OUT/ PULONG Context,
985	/OUT/ PULONG ReturnLength /OPTIONAL/);
986
987	typedef struct _DIRECTORY_BASIC_INFORMATION {
988	UNICODE_STRING ObjectName;
989	UNICODE_STRING ObjectTypeName;
990	} DIRECTORY_BASIC_INFORMATION, *PDIRECTORY_BASIC_INFORMATION;
991
992	NTOSAPI
993	NTSTATUS
994	NTAPI
995	NtCreateSymbolicLinkObject(
996	/OUT/ PHANDLE SymbolicLinkHandle,
997	/IN/ ACCESS_MASK DesiredAccess,
998	/IN/ POBJECT_ATTRIBUTES ObjectAttributes,
999	/IN/ PUNICODE_STRING TargetName);
1000
1001	NTOSAPI
1002	NTSTATUS
1003	NTAPI
1004	ZwCreateSymbolicLinkObject(
1005	/OUT/ PHANDLE SymbolicLinkHandle,
1006	/IN/ ACCESS_MASK DesiredAccess,
1007	/IN/ POBJECT_ATTRIBUTES ObjectAttributes,
1008	/IN/ PUNICODE_STRING TargetName);
1009
1010
1011
1012
1013	/* Virtual memory */
1014
1015	typedef enum _MEMORY_INFORMATION_CLASS {
1016	MemoryBasicInformation,
1017	MemoryWorkingSetList,
1018	MemorySectionName,
1019	MemoryBasicVlmInformation
1020	} MEMORY_INFORMATION_CLASS;
1021
1022	NTOSAPI
1023	NTSTATUS
1024	NTAPI
1025	NtAllocateVirtualMemory(
1026	/IN/ HANDLE ProcessHandle,
1027	/IN OUT/ PVOID *BaseAddress,
1028	/IN/ ULONG ZeroBits,
1029	/IN OUT/ PULONG AllocationSize,
1030	/IN/ ULONG AllocationType,
1031	/IN/ ULONG Protect);
1032
1033	NTOSAPI
1034	NTSTATUS
1035	NTAPI
1036	ZwAllocateVirtualMemory(
1037	/IN/ HANDLE ProcessHandle,
1038	/IN OUT/ PVOID *BaseAddress,
1039	/IN/ ULONG ZeroBits,
1040	/IN OUT/ PULONG AllocationSize,
1041	/IN/ ULONG AllocationType,
1042	/IN/ ULONG Protect);
1043
1044	NTOSAPI
1045	NTSTATUS
1046	NTAPI
1047	NtFreeVirtualMemory(
1048	/IN/ HANDLE ProcessHandle,
1049	/IN OUT/ PVOID *BaseAddress,
1050	/IN OUT/ PULONG FreeSize,
1051	/IN/ ULONG FreeType);
1052
1053	NTOSAPI
1054	NTSTATUS
1055	NTAPI
1056	ZwFreeVirtualMemory(
1057	/IN/ HANDLE ProcessHandle,
1058	/IN OUT/ PVOID *BaseAddress,
1059	/IN OUT/ PULONG FreeSize,
1060	/IN/ ULONG FreeType);
1061
1062	NTOSAPI
1063	NTSTATUS
1064	NTAPI
1065	NtQueryVirtualMemory(
1066	/IN/ HANDLE ProcessHandle,
1067	/IN/ PVOID BaseAddress,
1068	/IN/ MEMORY_INFORMATION_CLASS MemoryInformationClass,
1069	/OUT/ PVOID MemoryInformation,
1070	/IN/ ULONG MemoryInformationLength,
1071	/OUT/ PULONG ReturnLength /OPTIONAL/);
1072
1073	NTOSAPI
1074	NTSTATUS
1075	NTAPI
1076	ZwQueryVirtualMemory(
1077	/IN/ HANDLE ProcessHandle,
1078	/IN/ PVOID BaseAddress,
1079	/IN/ MEMORY_INFORMATION_CLASS MemoryInformationClass,
1080	/OUT/ PVOID MemoryInformation,
1081	/IN/ ULONG MemoryInformationLength,
1082	/OUT/ PULONG ReturnLength /OPTIONAL/);
1083
1084	/* MEMORY_WORKING_SET_LIST.WorkingSetList constants */
1085	#define WSLE_PAGE_READONLY 0x001
1086	#define WSLE_PAGE_EXECUTE 0x002
1087	#define WSLE_PAGE_READWRITE 0x004
1088	#define WSLE_PAGE_EXECUTE_READ 0x003
1089	#define WSLE_PAGE_WRITECOPY 0x005
1090	#define WSLE_PAGE_EXECUTE_READWRITE 0x006
1091	#define WSLE_PAGE_EXECUTE_WRITECOPY 0x007
1092	#define WSLE_PAGE_SHARE_COUNT_MASK 0x0E0
1093	#define WSLE_PAGE_SHAREABLE 0x100
1094
1095	typedef struct _MEMORY_WORKING_SET_LIST {
1096	ULONG NumberOfPages;
1097	ULONG WorkingSetList[1];
1098	} MEMORY_WORKING_SET_LIST, *PMEMORY_WORKING_SET_LIST;
1099
1100	typedef struct _MEMORY_SECTION_NAME {
1101	UNICODE_STRING SectionFileName;
1102	} MEMORY_SECTION_NAME, *PMEMORY_SECTION_NAME;
1103
1104	/* Zw[Lock\|Unlock]VirtualMemory.LockType constants */
1105	#define LOCK_VM_IN_WSL 0x01
1106	#define LOCK_VM_IN_RAM 0x02
1107
1108	NTOSAPI
1109	NTSTATUS
1110	NTAPI
1111	NtLockVirtualMemory(
1112	/IN/ HANDLE ProcessHandle,
1113	/IN OUT/ PVOID *BaseAddress,
1114	/IN OUT/ PULONG LockSize,
1115	/IN/ ULONG LockType);
1116
1117	NTOSAPI
1118	NTSTATUS
1119	NTAPI
1120	ZwLockVirtualMemory(
1121	/IN/ HANDLE ProcessHandle,
1122	/IN OUT/ PVOID *BaseAddress,
1123	/IN OUT/ PULONG LockSize,
1124	/IN/ ULONG LockType);
1125
1126	NTOSAPI
1127	NTSTATUS
1128	NTAPI
1129	NtUnlockVirtualMemory(
1130	/IN/ HANDLE ProcessHandle,
1131	/IN OUT/ PVOID *BaseAddress,
1132	/IN OUT/ PULONG LockSize,
1133	/IN/ ULONG LockType);
1134
1135	NTOSAPI
1136	NTSTATUS
1137	NTAPI
1138	ZwUnlockVirtualMemory(
1139	/IN/ HANDLE ProcessHandle,
1140	/IN OUT/ PVOID *BaseAddress,
1141	/IN OUT/ PULONG LockSize,
1142	/IN/ ULONG LockType);
1143
1144	NTOSAPI
1145	NTSTATUS
1146	NTAPI
1147	NtReadVirtualMemory(
1148	/IN/ HANDLE ProcessHandle,
1149	/IN/ PVOID BaseAddress,
1150	/OUT/ PVOID Buffer,
1151	/IN/ ULONG BufferLength,
1152	/OUT/ PULONG ReturnLength /OPTIONAL/);
1153
1154	NTOSAPI
1155	NTSTATUS
1156	NTAPI
1157	ZwReadVirtualMemory(
1158	/IN/ HANDLE ProcessHandle,
1159	/IN/ PVOID BaseAddress,
1160	/OUT/ PVOID Buffer,
1161	/IN/ ULONG BufferLength,
1162	/OUT/ PULONG ReturnLength /OPTIONAL/);
1163
1164	NTOSAPI
1165	NTSTATUS
1166	NTAPI
1167	NtWriteVirtualMemory(
1168	/IN/ HANDLE ProcessHandle,
1169	/IN/ PVOID BaseAddress,
1170	/IN/ PVOID Buffer,
1171	/IN/ ULONG BufferLength,
1172	/OUT/ PULONG ReturnLength /OPTIONAL/);
1173
1174	NTOSAPI
1175	NTSTATUS
1176	NTAPI
1177	ZwWriteVirtualMemory(
1178	/IN/ HANDLE ProcessHandle,
1179	/IN/ PVOID BaseAddress,
1180	/IN/ PVOID Buffer,
1181	/IN/ ULONG BufferLength,
1182	/OUT/ PULONG ReturnLength /OPTIONAL/);
1183
1184	NTOSAPI
1185	NTSTATUS
1186	NTAPI
1187	NtProtectVirtualMemory(
1188	/IN/ HANDLE ProcessHandle,
1189	/IN OUT/ PVOID *BaseAddress,
1190	/IN OUT/ PULONG ProtectSize,
1191	/IN/ ULONG NewProtect,
1192	/OUT/ PULONG OldProtect);
1193
1194	NTOSAPI
1195	NTSTATUS
1196	NTAPI
1197	ZwProtectVirtualMemory(
1198	/IN/ HANDLE ProcessHandle,
1199	/IN OUT/ PVOID *BaseAddress,
1200	/IN OUT/ PULONG ProtectSize,
1201	/IN/ ULONG NewProtect,
1202	/OUT/ PULONG OldProtect);
1203
1204	NTOSAPI
1205	NTSTATUS
1206	NTAPI
1207	NtFlushVirtualMemory(
1208	/IN/ HANDLE ProcessHandle,
1209	/IN OUT/ PVOID *BaseAddress,
1210	/IN OUT/ PULONG FlushSize,
1211	/OUT/ PIO_STATUS_BLOCK IoStatusBlock);
1212
1213	NTOSAPI
1214	NTSTATUS
1215	NTAPI
1216	ZwFlushVirtualMemory(
1217	/IN/ HANDLE ProcessHandle,
1218	/IN OUT/ PVOID *BaseAddress,
1219	/IN OUT/ PULONG FlushSize,
1220	/OUT/ PIO_STATUS_BLOCK IoStatusBlock);
1221
1222	NTOSAPI
1223	NTSTATUS
1224	NTAPI
1225	NtAllocateUserPhysicalPages(
1226	/IN/ HANDLE ProcessHandle,
1227	/IN/ PULONG NumberOfPages,
1228	/OUT/ PULONG PageFrameNumbers);
1229
1230	NTOSAPI
1231	NTSTATUS
1232	NTAPI
1233	ZwAllocateUserPhysicalPages(
1234	/IN/ HANDLE ProcessHandle,
1235	/IN/ PULONG NumberOfPages,
1236	/OUT/ PULONG PageFrameNumbers);
1237
1238	NTOSAPI
1239	NTSTATUS
1240	NTAPI
1241	NtFreeUserPhysicalPages(
1242	/IN/ HANDLE ProcessHandle,
1243	/IN OUT/ PULONG NumberOfPages,
1244	/IN/ PULONG PageFrameNumbers);
1245
1246	NTOSAPI
1247	NTSTATUS
1248	NTAPI
1249	ZwFreeUserPhysicalPages(
1250	/IN/ HANDLE ProcessHandle,
1251	/IN OUT/ PULONG NumberOfPages,
1252	/IN/ PULONG PageFrameNumbers);
1253
1254	NTOSAPI
1255	NTSTATUS
1256	NTAPI
1257	NtMapUserPhysicalPages(
1258	/IN/ PVOID BaseAddress,
1259	/IN/ PULONG NumberOfPages,
1260	/IN/ PULONG PageFrameNumbers);
1261
1262	NTOSAPI
1263	NTSTATUS
1264	NTAPI
1265	ZwMapUserPhysicalPages(
1266	/IN/ PVOID BaseAddress,
1267	/IN/ PULONG NumberOfPages,
1268	/IN/ PULONG PageFrameNumbers);
1269
1270	NTOSAPI
1271	NTSTATUS
1272	NTAPI
1273	NtMapUserPhysicalPagesScatter(
1274	/IN/ PVOID *BaseAddresses,
1275	/IN/ PULONG NumberOfPages,
1276	/IN/ PULONG PageFrameNumbers);
1277
1278	NTOSAPI
1279	NTSTATUS
1280	NTAPI
1281	ZwMapUserPhysicalPagesScatter(
1282	/IN/ PVOID *BaseAddresses,
1283	/IN/ PULONG NumberOfPages,
1284	/IN/ PULONG PageFrameNumbers);
1285
1286	NTOSAPI
1287	NTSTATUS
1288	NTAPI
1289	NtGetWriteWatch(
1290	/IN/ HANDLE ProcessHandle,
1291	/IN/ ULONG Flags,
1292	/IN/ PVOID BaseAddress,
1293	/IN/ ULONG RegionSize,
1294	/OUT/ PULONG Buffer,
1295	/IN OUT/ PULONG BufferEntries,
1296	/OUT/ PULONG Granularity);
1297
1298	NTOSAPI
1299	NTSTATUS
1300	NTAPI
1301	ZwGetWriteWatch(
1302	/IN/ HANDLE ProcessHandle,
1303	/IN/ ULONG Flags,
1304	/IN/ PVOID BaseAddress,
1305	/IN/ ULONG RegionSize,
1306	/OUT/ PULONG Buffer,
1307	/IN OUT/ PULONG BufferEntries,
1308	/OUT/ PULONG Granularity);
1309
1310	NTOSAPI
1311	NTSTATUS
1312	NTAPI
1313	NtResetWriteWatch(
1314	/IN/ HANDLE ProcessHandle,
1315	/IN/ PVOID BaseAddress,
1316	/IN/ ULONG RegionSize);
1317
1318	NTOSAPI
1319	NTSTATUS
1320	NTAPI
1321	ZwResetWriteWatch(
1322	/IN/ HANDLE ProcessHandle,
1323	/IN/ PVOID BaseAddress,
1324	/IN/ ULONG RegionSize);
1325
1326
1327
1328
1329	/* Sections */
1330
1331	typedef enum _SECTION_INFORMATION_CLASS {
1332	SectionBasicInformation,
1333	SectionImageInformation
1334	} SECTION_INFORMATION_CLASS;
1335
1336	NTOSAPI
1337	NTSTATUS
1338	NTAPI
1339	NtCreateSection(
1340	/OUT/ PHANDLE SectionHandle,
1341	/IN/ ACCESS_MASK DesiredAccess,
1342	/IN/ POBJECT_ATTRIBUTES ObjectAttributes,
1343	/IN/ PLARGE_INTEGER SectionSize /OPTIONAL/,
1344	/IN/ ULONG Protect,
1345	/IN/ ULONG Attributes,
1346	/IN/ HANDLE FileHandle);
1347
1348	NTOSAPI
1349	NTSTATUS
1350	NTAPI
1351	ZwCreateSection(
1352	/OUT/ PHANDLE SectionHandle,
1353	/IN/ ACCESS_MASK DesiredAccess,
1354	/IN/ POBJECT_ATTRIBUTES ObjectAttributes,
1355	/IN/ PLARGE_INTEGER SectionSize /OPTIONAL/,
1356	/IN/ ULONG Protect,
1357	/IN/ ULONG Attributes,
1358	/IN/ HANDLE FileHandle);
1359
1360	NTOSAPI
1361	NTSTATUS
1362	NTAPI
1363	NtQuerySection(
1364	/IN/ HANDLE SectionHandle,
1365	/IN/ SECTION_INFORMATION_CLASS SectionInformationClass,
1366	/OUT/ PVOID SectionInformation,
1367	/IN/ ULONG SectionInformationLength,
1368	/OUT/ PULONG ResultLength /OPTIONAL/);
1369
1370	NTOSAPI
1371	NTSTATUS
1372	NTAPI
1373	ZwQuerySection(
1374	/IN/ HANDLE SectionHandle,
1375	/IN/ SECTION_INFORMATION_CLASS SectionInformationClass,
1376	/OUT/ PVOID SectionInformation,
1377	/IN/ ULONG SectionInformationLength,
1378	/OUT/ PULONG ResultLength /OPTIONAL/);
1379
1380	NTOSAPI
1381	NTSTATUS
1382	NTAPI
1383	NtExtendSection(
1384	/IN/ HANDLE SectionHandle,
1385	/IN/ PLARGE_INTEGER SectionSize);
1386
1387	NTOSAPI
1388	NTSTATUS
1389	NTAPI
1390	ZwExtendSection(
1391	/IN/ HANDLE SectionHandle,
1392	/IN/ PLARGE_INTEGER SectionSize);
1393
1394	NTOSAPI
1395	NTSTATUS
1396	NTAPI
1397	NtAreMappedFilesTheSame(
1398	/IN/ PVOID Address1,
1399	/IN/ PVOID Address2);
1400
1401	NTOSAPI
1402	NTSTATUS
1403	NTAPI
1404	ZwAreMappedFilesTheSame(
1405	/IN/ PVOID Address1,
1406	/IN/ PVOID Address2);
1407
1408
1409
1410
1411	/* Threads */
1412
1413	typedef struct _USER_STACK {
1414	PVOID FixedStackBase;
1415	PVOID FixedStackLimit;
1416	PVOID ExpandableStackBase;
1417	PVOID ExpandableStackLimit;
1418	PVOID ExpandableStackBottom;
1419	} USER_STACK, *PUSER_STACK;
1420
1421	NTOSAPI
1422	NTSTATUS
1423	NTAPI
1424	NtCreateThread(
1425	/OUT/ PHANDLE ThreadHandle,
1426	/IN/ ACCESS_MASK DesiredAccess,
1427	/IN/ POBJECT_ATTRIBUTES ObjectAttributes,
1428	/IN/ HANDLE ProcessHandle,
1429	/OUT/ PCLIENT_ID ClientId,
1430	/IN/ PCONTEXT ThreadContext,
1431	/IN/ PUSER_STACK UserStack,
1432	/IN/ BOOLEAN CreateSuspended);
1433
1434	NTOSAPI
1435	NTSTATUS
1436	NTAPI
1437	ZwCreateThread(
1438	/OUT/ PHANDLE ThreadHandle,
1439	/IN/ ACCESS_MASK DesiredAccess,
1440	/IN/ POBJECT_ATTRIBUTES ObjectAttributes,
1441	/IN/ HANDLE ProcessHandle,
1442	/OUT/ PCLIENT_ID ClientId,
1443	/IN/ PCONTEXT ThreadContext,
1444	/IN/ PUSER_STACK UserStack,
1445	/IN/ BOOLEAN CreateSuspended);
1446
1447	NTOSAPI
1448	NTSTATUS
1449	NTAPI
1450	NtOpenThread(
1451	/OUT/ PHANDLE ThreadHandle,
1452	/IN/ ACCESS_MASK DesiredAccess,
1453	/IN/ POBJECT_ATTRIBUTES ObjectAttributes,
1454	/IN/ PCLIENT_ID ClientId);
1455
1456	NTOSAPI
1457	NTSTATUS
1458	NTAPI
1459	ZwOpenThread(
1460	/OUT/ PHANDLE ThreadHandle,
1461	/IN/ ACCESS_MASK DesiredAccess,
1462	/IN/ POBJECT_ATTRIBUTES ObjectAttributes,
1463	/IN/ PCLIENT_ID ClientId);
1464
1465	NTOSAPI
1466	NTSTATUS
1467	NTAPI
1468	NtTerminateThread(
1469	/IN/ HANDLE ThreadHandle /OPTIONAL/,
1470	/IN/ NTSTATUS ExitStatus);
1471
1472	NTOSAPI
1473	NTSTATUS
1474	NTAPI
1475	ZwTerminateThread(
1476	/IN/ HANDLE ThreadHandle /OPTIONAL/,
1477	/IN/ NTSTATUS ExitStatus);
1478
1479	NTOSAPI
1480	NTSTATUS
1481	NTAPI
1482	NtQueryInformationThread(
1483	/IN/ HANDLE ThreadHandle,
1484	/IN/ THREADINFOCLASS ThreadInformationClass,
1485	/OUT/ PVOID ThreadInformation,
1486	/IN/ ULONG ThreadInformationLength,
1487	/OUT/ PULONG ReturnLength /OPTIONAL/);
1488
1489	NTOSAPI
1490	NTSTATUS
1491	NTAPI
1492	ZwQueryInformationThread(
1493	/IN/ HANDLE ThreadHandle,
1494	/IN/ THREADINFOCLASS ThreadInformationClass,
1495	/OUT/ PVOID ThreadInformation,
1496	/IN/ ULONG ThreadInformationLength,
1497	/OUT/ PULONG ReturnLength /OPTIONAL/);
1498
1499	NTOSAPI
1500	NTSTATUS
1501	NTAPI
1502	NtSetInformationThread(
1503	/IN/ HANDLE ThreadHandle,
1504	/IN/ THREADINFOCLASS ThreadInformationClass,
1505	/IN/ PVOID ThreadInformation,
1506	/IN/ ULONG ThreadInformationLength);
1507
1508	NTOSAPI
1509	NTSTATUS
1510	NTAPI
1511	ZwSetInformationThread(
1512	/IN/ HANDLE ThreadHandle,
1513	/IN/ THREADINFOCLASS ThreadInformationClass,
1514	/IN/ PVOID ThreadInformation,
1515	/IN/ ULONG ThreadInformationLength);
1516
1517	typedef struct _THREAD_BASIC_INFORMATION {
1518	NTSTATUS ExitStatus;
1519	PNT_TIB TebBaseAddress;
1520	CLIENT_ID ClientId;
1521	KAFFINITY AffinityMask;
1522	KPRIORITY Priority;
1523	KPRIORITY BasePriority;
1524	} THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION;
1525
1526	typedef struct _KERNEL_USER_TIMES {
1527	LARGE_INTEGER CreateTime;
1528	LARGE_INTEGER ExitTime;
1529	LARGE_INTEGER KernelTime;
1530	LARGE_INTEGER UserTime;
1531	} KERNEL_USER_TIMES, *PKERNEL_USER_TIMES;
1532
1533	NTOSAPI
1534	NTSTATUS
1535	NTAPI
1536	NtSuspendThread(
1537	/IN/ HANDLE ThreadHandle,
1538	/OUT/ PULONG PreviousSuspendCount /OPTIONAL/);
1539
1540	NTOSAPI
1541	NTSTATUS
1542	NTAPI
1543	ZwSuspendThread(
1544	/IN/ HANDLE ThreadHandle,
1545	/OUT/ PULONG PreviousSuspendCount /OPTIONAL/);
1546
1547	NTOSAPI
1548	NTSTATUS
1549	NTAPI
1550	NtResumeThread(
1551	/IN/ HANDLE ThreadHandle,
1552	/OUT/ PULONG PreviousSuspendCount /OPTIONAL/);
1553
1554	NTOSAPI
1555	NTSTATUS
1556	NTAPI
1557	ZwResumeThread(
1558	/IN/ HANDLE ThreadHandle,
1559	/OUT/ PULONG PreviousSuspendCount /OPTIONAL/);
1560
1561	NTOSAPI
1562	NTSTATUS
1563	NTAPI
1564	NtGetContextThread(
1565	/IN/ HANDLE ThreadHandle,
1566	/OUT/ PCONTEXT Context);
1567
1568	NTOSAPI
1569	NTSTATUS
1570	NTAPI
1571	ZwGetContextThread(
1572	/IN/ HANDLE ThreadHandle,
1573	/OUT/ PCONTEXT Context);
1574
1575	NTOSAPI
1576	NTSTATUS
1577	NTAPI
1578	NtSetContextThread(
1579	/IN/ HANDLE ThreadHandle,
1580	/IN/ PCONTEXT Context);
1581
1582	NTOSAPI
1583	NTSTATUS
1584	NTAPI
1585	ZwSetContextThread(
1586	/IN/ HANDLE ThreadHandle,
1587	/IN/ PCONTEXT Context);
1588
1589	NTOSAPI
1590	NTSTATUS
1591	NTAPI
1592	NtQueueApcThread(
1593	/IN/ HANDLE ThreadHandle,
1594	/IN/ PKNORMAL_ROUTINE ApcRoutine,
1595	/IN/ PVOID ApcContext /OPTIONAL/,
1596	/IN/ PVOID Argument1 /OPTIONAL/,
1597	/IN/ PVOID Argument2 /OPTIONAL/);
1598
1599	NTOSAPI
1600	NTSTATUS
1601	NTAPI
1602	ZwQueueApcThread(
1603	/IN/ HANDLE ThreadHandle,
1604	/IN/ PKNORMAL_ROUTINE ApcRoutine,
1605	/IN/ PVOID ApcContext /OPTIONAL/,
1606	/IN/ PVOID Argument1 /OPTIONAL/,
1607	/IN/ PVOID Argument2 /OPTIONAL/);
1608
1609	NTOSAPI
1610	NTSTATUS
1611	NTAPI
1612	NtTestAlert(
1613	VOID);
1614
1615	NTOSAPI
1616	NTSTATUS
1617	NTAPI
1618	ZwTestAlert(
1619	VOID);
1620
1621	NTOSAPI
1622	NTSTATUS
1623	NTAPI
1624	NtAlertThread(
1625	/IN/ HANDLE ThreadHandle);
1626
1627	NTOSAPI
1628	NTSTATUS
1629	NTAPI
1630	ZwAlertThread(
1631	/IN/ HANDLE ThreadHandle);
1632
1633	NTOSAPI
1634	NTSTATUS
1635	NTAPI
1636	NtAlertResumeThread(
1637	/IN/ HANDLE ThreadHandle,
1638	/OUT/ PULONG PreviousSuspendCount /OPTIONAL/);
1639
1640	NTOSAPI
1641	NTSTATUS
1642	NTAPI
1643	ZwAlertResumeThread(
1644	/IN/ HANDLE ThreadHandle,
1645	/OUT/ PULONG PreviousSuspendCount /OPTIONAL/);
1646
1647	NTOSAPI
1648	NTSTATUS
1649	NTAPI
1650	NtRegisterThreadTerminatePort(
1651	/IN/ HANDLE PortHandle);
1652
1653	NTOSAPI
1654	NTSTATUS
1655	NTAPI
1656	ZwRegisterThreadTerminatePort(
1657	/IN/ HANDLE PortHandle);
1658
1659	NTOSAPI
1660	NTSTATUS
1661	NTAPI
1662	NtImpersonateThread(
1663	/IN/ HANDLE ThreadHandle,
1664	/IN/ HANDLE TargetThreadHandle,
1665	/IN/ PSECURITY_QUALITY_OF_SERVICE SecurityQos);
1666
1667	NTOSAPI
1668	NTSTATUS
1669	NTAPI
1670	ZwImpersonateThread(
1671	/IN/ HANDLE ThreadHandle,
1672	/IN/ HANDLE TargetThreadHandle,
1673	/IN/ PSECURITY_QUALITY_OF_SERVICE SecurityQos);
1674
1675	NTOSAPI
1676	NTSTATUS
1677	NTAPI
1678	NtImpersonateAnonymousToken(
1679	/IN/ HANDLE ThreadHandle);
1680
1681	NTOSAPI
1682	NTSTATUS
1683	NTAPI
1684	ZwImpersonateAnonymousToken(
1685	/IN/ HANDLE ThreadHandle);
1686
1687
1688
1689
1690	/* Processes */
1691
1692	NTOSAPI
1693	NTSTATUS
1694	NTAPI
1695	NtCreateProcess(
1696	/OUT/ PHANDLE ProcessHandle,
1697	/IN/ ACCESS_MASK DesiredAccess,
1698	/IN/ POBJECT_ATTRIBUTES ObjectAttributes,
1699	/IN/ HANDLE InheritFromProcessHandle,
1700	/IN/ BOOLEAN InheritHandles,
1701	/IN/ HANDLE SectionHandle /OPTIONAL/,
1702	/IN/ HANDLE DebugPort /OPTIONAL/,
1703	/IN/ HANDLE ExceptionPort /OPTIONAL/);
1704
1705	NTOSAPI
1706	NTSTATUS
1707	NTAPI
1708	ZwCreateProcess(
1709	/OUT/ PHANDLE ProcessHandle,
1710	/IN/ ACCESS_MASK DesiredAccess,
1711	/IN/ POBJECT_ATTRIBUTES ObjectAttributes,
1712	/IN/ HANDLE InheritFromProcessHandle,
1713	/IN/ BOOLEAN InheritHandles,
1714	/IN/ HANDLE SectionHandle /OPTIONAL/,
1715	/IN/ HANDLE DebugPort /OPTIONAL/,
1716	/IN/ HANDLE ExceptionPort /OPTIONAL/);
1717
1718	NTOSAPI
1719	NTSTATUS
1720	NTAPI
1721	NtTerminateProcess(
1722	/IN/ HANDLE ProcessHandle /OPTIONAL/,
1723	/IN/ NTSTATUS ExitStatus);
1724
1725	NTOSAPI
1726	NTSTATUS
1727	NTAPI
1728	ZwTerminateProcess(
1729	/IN/ HANDLE ProcessHandle /OPTIONAL/,
1730	/IN/ NTSTATUS ExitStatus);
1731
1732	NTOSAPI
1733	NTSTATUS
1734	NTAPI
1735	NtQueryInformationProcess(
1736	/IN/ HANDLE ProcessHandle,
1737	/IN/ PROCESSINFOCLASS ProcessInformationClass,
1738	/OUT/ PVOID ProcessInformation,
1739	/IN/ ULONG ProcessInformationLength,
1740	/OUT/ PULONG ReturnLength /OPTIONAL/);
1741
1742	NTOSAPI
1743	NTSTATUS
1744	NTAPI
1745	ZwQueryInformationProcess(
1746	/IN/ HANDLE ProcessHandle,
1747	/IN/ PROCESSINFOCLASS ProcessInformationClass,
1748	/OUT/ PVOID ProcessInformation,
1749	/IN/ ULONG ProcessInformationLength,
1750	/OUT/ PULONG ReturnLength /OPTIONAL/);
1751
1752	NTOSAPI
1753	NTSTATUS
1754	NTAPI
1755	NtSetInformationProcess(
1756	/IN/ HANDLE ProcessHandle,
1757	/IN/ PROCESSINFOCLASS ProcessInformationClass,
1758	/IN/ PVOID ProcessInformation,
1759	/IN/ ULONG ProcessInformationLength);
1760
1761	NTOSAPI
1762	NTSTATUS
1763	NTAPI
1764	ZwSetInformationProcess(
1765	/IN/ HANDLE ProcessHandle,
1766	/IN/ PROCESSINFOCLASS ProcessInformationClass,
1767	/IN/ PVOID ProcessInformation,
1768	/IN/ ULONG ProcessInformationLength);
1769
1770	typedef struct _PROCESS_BASIC_INFORMATION {
1771	NTSTATUS ExitStatus;
1772	PPEB PebBaseAddress;
1773	KAFFINITY AffinityMask;
1774	KPRIORITY BasePriority;
1775	ULONG UniqueProcessId;
1776	ULONG InheritedFromUniqueProcessId;
1777	} PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION;
1778
1779	typedef struct _PROCESS_ACCESS_TOKEN {
1780	HANDLE Token;
1781	HANDLE Thread;
1782	} PROCESS_ACCESS_TOKEN, *PPROCESS_ACCESS_TOKEN;
1783
1784	/* DefaultHardErrorMode constants */
1785	/* also in winbase.h */
1786	#define SEM_FAILCRITICALERRORS 0x0001
1787	#define SEM_NOGPFAULTERRORBOX 0x0002
1788	#define SEM_NOALIGNMENTFAULTEXCEPT 0x0004
1789	#define SEM_NOOPENFILEERRORBOX 0x8000
1790	/* end winbase.h */
1791	typedef struct _POOLED_USAGE_AND_LIMITS {
1792	ULONG PeakPagedPoolUsage;
1793	ULONG PagedPoolUsage;
1794	ULONG PagedPoolLimit;
1795	ULONG PeakNonPagedPoolUsage;
1796	ULONG NonPagedPoolUsage;
1797	ULONG NonPagedPoolLimit;
1798	ULONG PeakPagefileUsage;
1799	ULONG PagefileUsage;
1800	ULONG PagefileLimit;
1801	} POOLED_USAGE_AND_LIMITS, *PPOOLED_USAGE_AND_LIMITS;
1802
1803	typedef struct _PROCESS_WS_WATCH_INFORMATION {
1804	PVOID FaultingPc;
1805	PVOID FaultingVa;
1806	} PROCESS_WS_WATCH_INFORMATION, *PPROCESS_WS_WATCH_INFORMATION;
1807
1808	/* PROCESS_PRIORITY_CLASS.PriorityClass constants */
1809	#define PC_IDLE 1
1810	#define PC_NORMAL 2
1811	#define PC_HIGH 3
1812	#define PC_REALTIME 4
1813	#define PC_BELOW_NORMAL 5
1814	#define PC_ABOVE_NORMAL 6
1815
1816	typedef struct _PROCESS_PRIORITY_CLASS {
1817	BOOLEAN Foreground;
1818	UCHAR PriorityClass;
1819	} PROCESS_PRIORITY_CLASS, *PPROCESS_PRIORITY_CLASS;
1820
1821	/* PROCESS_DEVICEMAP_INFORMATION.DriveType constants */
1822	#define DRIVE_UNKNOWN 0
1823	#define DRIVE_NO_ROOT_DIR 1
1824	#define DRIVE_REMOVABLE 2
1825	#define DRIVE_FIXED 3
1826	#define DRIVE_REMOTE 4
1827	#define DRIVE_CDROM 5
1828	#define DRIVE_RAMDISK 6
1829
1830	typedef struct _PROCESS_DEVICEMAP_INFORMATION {
1831	_ANONYMOUS_UNION union {
1832	struct {
1833	HANDLE DirectoryHandle;
1834	} Set;
1835	struct {
1836	ULONG DriveMap;
1837	UCHAR DriveType[32];
1838	} Query;
1839	} DUMMYUNIONNAME;
1840	} PROCESS_DEVICEMAP_INFORMATION, *PPROCESS_DEVICEMAP_INFORMATION;
1841
1842	typedef struct _PROCESS_SESSION_INFORMATION {
1843	ULONG SessionId;
1844	} PROCESS_SESSION_INFORMATION, *PPROCESS_SESSION_INFORMATION;
1845
1846	typedef struct _RTL_USER_PROCESS_PARAMETERS {
1847	ULONG AllocationSize;
1848	ULONG Size;
1849	ULONG Flags;
1850	ULONG DebugFlags;
1851	HANDLE hConsole;
1852	ULONG ProcessGroup;
1853	HANDLE hStdInput;
1854	HANDLE hStdOutput;
1855	HANDLE hStdError;
1856	UNICODE_STRING CurrentDirectoryName;
1857	HANDLE CurrentDirectoryHandle;
1858	UNICODE_STRING DllPath;
1859	UNICODE_STRING ImagePathName;
1860	UNICODE_STRING CommandLine;
1861	PWSTR Environment;
1862	ULONG dwX;
1863	ULONG dwY;
1864	ULONG dwXSize;
1865	ULONG dwYSize;
1866	ULONG dwXCountChars;
1867	ULONG dwYCountChars;
1868	ULONG dwFillAttribute;
1869	ULONG dwFlags;
1870	ULONG wShowWindow;
1871	UNICODE_STRING WindowTitle;
1872	UNICODE_STRING DesktopInfo;
1873	UNICODE_STRING ShellInfo;
1874	UNICODE_STRING RuntimeInfo;
1875	} RTL_USER_PROCESS_PARAMETERS, *PRTL_USER_PROCESS_PARAMETERS;
1876
1877	NTSTATUS
1878	NTAPI
1879	RtlCreateProcessParameters(
1880	/OUT/ PRTL_USER_PROCESS_PARAMETERS *ProcessParameters,
1881	/IN/ PUNICODE_STRING ImageFile,
1882	/IN/ PUNICODE_STRING DllPath /OPTIONAL/,
1883	/IN/ PUNICODE_STRING CurrentDirectory /OPTIONAL/,
1884	/IN/ PUNICODE_STRING CommandLine /OPTIONAL/,
1885	/IN/ PWSTR Environment /OPTIONAL/,
1886	/IN/ PUNICODE_STRING WindowTitle /OPTIONAL/,
1887	/IN/ PUNICODE_STRING DesktopInfo /OPTIONAL/,
1888	/IN/ PUNICODE_STRING ShellInfo /OPTIONAL/,
1889	/IN/ PUNICODE_STRING RuntimeInfo /OPTIONAL/);
1890
1891	NTSTATUS
1892	NTAPI
1893	RtlDestroyProcessParameters(
1894	/IN/ PRTL_USER_PROCESS_PARAMETERS ProcessParameters);
1895
1896	typedef struct _DEBUG_BUFFER {
1897	HANDLE SectionHandle;
1898	PVOID SectionBase;
1899	PVOID RemoteSectionBase;
1900	ULONG SectionBaseDelta;
1901	HANDLE EventPairHandle;
1902	ULONG Unknown[2];
1903	HANDLE RemoteThreadHandle;
1904	ULONG InfoClassMask;
1905	ULONG SizeOfInfo;
1906	ULONG AllocatedSize;
1907	ULONG SectionSize;
1908	PVOID ModuleInformation;
1909	PVOID BackTraceInformation;
1910	PVOID HeapInformation;
1911	PVOID LockInformation;
1912	PVOID Reserved[8];
1913	} DEBUG_BUFFER, *PDEBUG_BUFFER;
1914
1915	PDEBUG_BUFFER
1916	NTAPI
1917	RtlCreateQueryDebugBuffer(
1918	/IN/ ULONG Size,
1919	/IN/ BOOLEAN EventPair);
1920
1921	/* RtlQueryProcessDebugInformation.DebugInfoClassMask constants */
1922	#define PDI_MODULES 0x01
1923	#define PDI_BACKTRACE 0x02
1924	#define PDI_HEAPS 0x04
1925	#define PDI_HEAP_TAGS 0x08
1926	#define PDI_HEAP_BLOCKS 0x10
1927	#define PDI_LOCKS 0x20
1928
1929	NTSTATUS
1930	NTAPI
1931	RtlQueryProcessDebugInformation(
1932	/IN/ ULONG ProcessId,
1933	/IN/ ULONG DebugInfoClassMask,
1934	/IN OUT/ PDEBUG_BUFFER DebugBuffer);
1935
1936	NTSTATUS
1937	NTAPI
1938	RtlDestroyQueryDebugBuffer(
1939	/IN/ PDEBUG_BUFFER DebugBuffer);
1940
1941	/* DEBUG_MODULE_INFORMATION.Flags constants */
1942	#define LDRP_STATIC_LINK 0x00000002
1943	#define LDRP_IMAGE_DLL 0x00000004
1944	#define LDRP_LOAD_IN_PROGRESS 0x00001000
1945	#define LDRP_UNLOAD_IN_PROGRESS 0x00002000
1946	#define LDRP_ENTRY_PROCESSED 0x00004000
1947	#define LDRP_ENTRY_INSERTED 0x00008000
1948	#define LDRP_CURRENT_LOAD 0x00010000
1949	#define LDRP_FAILED_BUILTIN_LOAD 0x00020000
1950	#define LDRP_DONT_CALL_FOR_THREADS 0x00040000
1951	#define LDRP_PROCESS_ATTACH_CALLED 0x00080000
1952	#define LDRP_DEBUG_SYMBOLS_LOADED 0x00100000
1953	#define LDRP_IMAGE_NOT_AT_BASE 0x00200000
1954	#define LDRP_WX86_IGNORE_MACHINETYPE 0x00400000
1955
1956	typedef struct _DEBUG_MODULE_INFORMATION {
1957	ULONG Reserved[2];
1958	ULONG Base;
1959	ULONG Size;
1960	ULONG Flags;
1961	USHORT Index;
1962	USHORT Unknown;
1963	USHORT LoadCount;
1964	USHORT ModuleNameOffset;
1965	CHAR ImageName[256];
1966	} DEBUG_MODULE_INFORMATION, *PDEBUG_MODULE_INFORMATION;
1967
1968	typedef struct _DEBUG_HEAP_INFORMATION {
1969	ULONG Base;
1970	ULONG Flags;
1971	USHORT Granularity;
1972	USHORT Unknown;
1973	ULONG Allocated;
1974	ULONG Committed;
1975	ULONG TagCount;
1976	ULONG BlockCount;
1977	ULONG Reserved[7];
1978	PVOID Tags;
1979	PVOID Blocks;
1980	} DEBUG_HEAP_INFORMATION, *PDEBUG_HEAP_INFORMATION;
1981
1982	typedef struct _DEBUG_LOCK_INFORMATION {
1983	PVOID Address;
1984	USHORT Type;
1985	USHORT CreatorBackTraceIndex;
1986	ULONG OwnerThreadId;
1987	ULONG ActiveCount;
1988	ULONG ContentionCount;
1989	ULONG EntryCount;
1990	ULONG RecursionCount;
1991	ULONG NumberOfSharedWaiters;
1992	ULONG NumberOfExclusiveWaiters;
1993	} DEBUG_LOCK_INFORMATION, *PDEBUG_LOCK_INFORMATION;
1994
1995
1996
1997	/* Jobs */
1998
1999	NTOSAPI
2000	NTSTATUS
2001	NTAPI
2002	NtCreateJobObject(
2003	/OUT/ PHANDLE JobHandle,
2004	/IN/ ACCESS_MASK DesiredAccess,
2005	/IN/ POBJECT_ATTRIBUTES ObjectAttributes);
2006
2007	NTOSAPI
2008	NTSTATUS
2009	NTAPI
2010	ZwCreateJobObject(
2011	/OUT/ PHANDLE JobHandle,
2012	/IN/ ACCESS_MASK DesiredAccess,
2013	/IN/ POBJECT_ATTRIBUTES ObjectAttributes);
2014
2015	NTOSAPI
2016	NTSTATUS
2017	NTAPI
2018	NtOpenJobObject(
2019	/OUT/ PHANDLE JobHandle,
2020	/IN/ ACCESS_MASK DesiredAccess,
2021	/IN/ POBJECT_ATTRIBUTES ObjectAttributes);
2022
2023	NTOSAPI
2024	NTSTATUS
2025	NTAPI
2026	ZwOpenJobObject(
2027	/OUT/ PHANDLE JobHandle,
2028	/IN/ ACCESS_MASK DesiredAccess,
2029	/IN/ POBJECT_ATTRIBUTES ObjectAttributes);
2030
2031	NTOSAPI
2032	NTSTATUS
2033	NTAPI
2034	NtTerminateJobObject(
2035	/IN/ HANDLE JobHandle,
2036	/IN/ NTSTATUS ExitStatus);
2037
2038	NTOSAPI
2039	NTSTATUS
2040	NTAPI
2041	ZwTerminateJobObject(
2042	/IN/ HANDLE JobHandle,
2043	/IN/ NTSTATUS ExitStatus);
2044
2045	NTOSAPI
2046	NTSTATUS
2047	NTAPI
2048	NtAssignProcessToJobObject(
2049	/IN/ HANDLE JobHandle,
2050	/IN/ HANDLE ProcessHandle);
2051
2052	NTOSAPI
2053	NTSTATUS
2054	NTAPI
2055	ZwAssignProcessToJobObject(
2056	/IN/ HANDLE JobHandle,
2057	/IN/ HANDLE ProcessHandle);
2058
2059	NTOSAPI
2060	NTSTATUS
2061	NTAPI
2062	NtQueryInformationJobObject(
2063	/IN/ HANDLE JobHandle,
2064	/IN/ JOBOBJECTINFOCLASS JobInformationClass,
2065	/OUT/ PVOID JobInformation,
2066	/IN/ ULONG JobInformationLength,
2067	/OUT/ PULONG ReturnLength /OPTIONAL/);
2068
2069	NTOSAPI
2070	NTSTATUS
2071	NTAPI
2072	ZwQueryInformationJobObject(
2073	/IN/ HANDLE JobHandle,
2074	/IN/ JOBOBJECTINFOCLASS JobInformationClass,
2075	/OUT/ PVOID JobInformation,
2076	/IN/ ULONG JobInformationLength,
2077	/OUT/ PULONG ReturnLength /OPTIONAL/);
2078
2079	NTOSAPI
2080	NTSTATUS
2081	NTAPI
2082	NtSetInformationJobObject(
2083	/IN/ HANDLE JobHandle,
2084	/IN/ JOBOBJECTINFOCLASS JobInformationClass,
2085	/IN/ PVOID JobInformation,
2086	/IN/ ULONG JobInformationLength);
2087
2088	NTOSAPI
2089	NTSTATUS
2090	NTAPI
2091	ZwSetInformationJobObject(
2092	/IN/ HANDLE JobHandle,
2093	/IN/ JOBOBJECTINFOCLASS JobInformationClass,
2094	/IN/ PVOID JobInformation,
2095	/IN/ ULONG JobInformationLength);
2096
2097
2098	/* Tokens */
2099
2100	NTOSAPI
2101	NTSTATUS
2102	NTAPI
2103	NtCreateToken(
2104	/OUT/ PHANDLE TokenHandle,
2105	/IN/ ACCESS_MASK DesiredAccess,
2106	/IN/ POBJECT_ATTRIBUTES ObjectAttributes,
2107	/IN/ TOKEN_TYPE Type,
2108	/IN/ PLUID AuthenticationId,
2109	/IN/ PLARGE_INTEGER ExpirationTime,
2110	/IN/ PTOKEN_USER User,
2111	/IN/ PTOKEN_GROUPS Groups,
2112	/IN/ PTOKEN_PRIVILEGES Privileges,
2113	/IN/ PTOKEN_OWNER Owner,
2114	/IN/ PTOKEN_PRIMARY_GROUP PrimaryGroup,
2115	/IN/ PTOKEN_DEFAULT_DACL DefaultDacl,
2116	/IN/ PTOKEN_SOURCE Source
2117	);
2118
2119	NTOSAPI
2120	NTSTATUS
2121	NTAPI
2122	ZwCreateToken(
2123	/OUT/ PHANDLE TokenHandle,
2124	/IN/ ACCESS_MASK DesiredAccess,
2125	/IN/ POBJECT_ATTRIBUTES ObjectAttributes,
2126	/IN/ TOKEN_TYPE Type,
2127	/IN/ PLUID AuthenticationId,
2128	/IN/ PLARGE_INTEGER ExpirationTime,
2129	/IN/ PTOKEN_USER User,
2130	/IN/ PTOKEN_GROUPS Groups,
2131	/IN/ PTOKEN_PRIVILEGES Privileges,
2132	/IN/ PTOKEN_OWNER Owner,
2133	/IN/ PTOKEN_PRIMARY_GROUP PrimaryGroup,
2134	/IN/ PTOKEN_DEFAULT_DACL DefaultDacl,
2135	/IN/ PTOKEN_SOURCE Source
2136	);
2137
2138	NTOSAPI
2139	NTSTATUS
2140	NTAPI
2141	NtOpenProcessToken(
2142	/IN/ HANDLE ProcessHandle,
2143	/IN/ ACCESS_MASK DesiredAccess,
2144	/OUT/ PHANDLE TokenHandle);
2145
2146	NTOSAPI
2147	NTSTATUS
2148	NTAPI
2149	ZwOpenProcessToken(
2150	/IN/ HANDLE ProcessHandle,
2151	/IN/ ACCESS_MASK DesiredAccess,
2152	/OUT/ PHANDLE TokenHandle);
2153
2154	NTOSAPI
2155	NTSTATUS
2156	NTAPI
2157	NtOpenThreadToken(
2158	/IN/ HANDLE ThreadHandle,
2159	/IN/ ACCESS_MASK DesiredAccess,
2160	/IN/ BOOLEAN OpenAsSelf,
2161	/OUT/ PHANDLE TokenHandle);
2162
2163	NTOSAPI
2164	NTSTATUS
2165	NTAPI
2166	ZwOpenThreadToken(
2167	/IN/ HANDLE ThreadHandle,
2168	/IN/ ACCESS_MASK DesiredAccess,
2169	/IN/ BOOLEAN OpenAsSelf,
2170	/OUT/ PHANDLE TokenHandle);
2171
2172	NTOSAPI
2173	NTSTATUS
2174	NTAPI
2175	NtDuplicateToken(
2176	/IN/ HANDLE ExistingTokenHandle,
2177	/IN/ ACCESS_MASK DesiredAccess,
2178	/IN/ POBJECT_ATTRIBUTES ObjectAttributes,
2179	/IN/ BOOLEAN EffectiveOnly,
2180	/IN/ TOKEN_TYPE TokenType,
2181	/OUT/ PHANDLE NewTokenHandle);
2182
2183	NTOSAPI
2184	NTSTATUS
2185	NTAPI
2186	ZwDuplicateToken(
2187	/IN/ HANDLE ExistingTokenHandle,
2188	/IN/ ACCESS_MASK DesiredAccess,
2189	/IN/ POBJECT_ATTRIBUTES ObjectAttributes,
2190	/IN/ BOOLEAN EffectiveOnly,
2191	/IN/ TOKEN_TYPE TokenType,
2192	/OUT/ PHANDLE NewTokenHandle);
2193
2194	NTOSAPI
2195	NTSTATUS
2196	NTAPI
2197	NtFilterToken(
2198	/IN/ HANDLE ExistingTokenHandle,
2199	/IN/ ULONG Flags,
2200	/IN/ PTOKEN_GROUPS SidsToDisable,
2201	/IN/ PTOKEN_PRIVILEGES PrivilegesToDelete,
2202	/IN/ PTOKEN_GROUPS SidsToRestricted,
2203	/OUT/ PHANDLE NewTokenHandle);
2204
2205	NTOSAPI
2206	NTSTATUS
2207	NTAPI
2208	ZwFilterToken(
2209	/IN/ HANDLE ExistingTokenHandle,
2210	/IN/ ULONG Flags,
2211	/IN/ PTOKEN_GROUPS SidsToDisable,
2212	/IN/ PTOKEN_PRIVILEGES PrivilegesToDelete,
2213	/IN/ PTOKEN_GROUPS SidsToRestricted,
2214	/OUT/ PHANDLE NewTokenHandle);
2215
2216	NTOSAPI
2217	NTSTATUS
2218	NTAPI
2219	NtAdjustPrivilegesToken(
2220	/IN/ HANDLE TokenHandle,
2221	/IN/ BOOLEAN DisableAllPrivileges,
2222	/IN/ PTOKEN_PRIVILEGES NewState,
2223	/IN/ ULONG BufferLength,
2224	/OUT/ PTOKEN_PRIVILEGES PreviousState /OPTIONAL/,
2225	/OUT/ PULONG ReturnLength);
2226
2227	NTOSAPI
2228	NTSTATUS
2229	NTAPI
2230	ZwAdjustPrivilegesToken(
2231	/IN/ HANDLE TokenHandle,
2232	/IN/ BOOLEAN DisableAllPrivileges,
2233	/IN/ PTOKEN_PRIVILEGES NewState,
2234	/IN/ ULONG BufferLength,
2235	/OUT/ PTOKEN_PRIVILEGES PreviousState /OPTIONAL/,
2236	/OUT/ PULONG ReturnLength);
2237
2238	NTOSAPI
2239	NTSTATUS
2240	NTAPI
2241	NtAdjustGroupsToken(
2242	/IN/ HANDLE TokenHandle,
2243	/IN/ BOOLEAN ResetToDefault,
2244	/IN/ PTOKEN_GROUPS NewState,
2245	/IN/ ULONG BufferLength,
2246	/OUT/ PTOKEN_GROUPS PreviousState /OPTIONAL/,
2247	/OUT/ PULONG ReturnLength);
2248
2249	NTOSAPI
2250	NTSTATUS
2251	NTAPI
2252	ZwAdjustGroupsToken(
2253	/IN/ HANDLE TokenHandle,
2254	/IN/ BOOLEAN ResetToDefault,
2255	/IN/ PTOKEN_GROUPS NewState,
2256	/IN/ ULONG BufferLength,
2257	/OUT/ PTOKEN_GROUPS PreviousState /OPTIONAL/,
2258	/OUT/ PULONG ReturnLength);
2259
2260	NTOSAPI
2261	NTSTATUS
2262	NTAPI
2263	NtQueryInformationToken(
2264	/IN/ HANDLE TokenHandle,
2265	/IN/ TOKEN_INFORMATION_CLASS TokenInformationClass,
2266	/OUT/ PVOID TokenInformation,
2267	/IN/ ULONG TokenInformationLength,
2268	/OUT/ PULONG ReturnLength);
2269
2270	NTOSAPI
2271	NTSTATUS
2272	NTAPI
2273	ZwQueryInformationToken(
2274	/IN/ HANDLE TokenHandle,
2275	/IN/ TOKEN_INFORMATION_CLASS TokenInformationClass,
2276	/OUT/ PVOID TokenInformation,
2277	/IN/ ULONG TokenInformationLength,
2278	/OUT/ PULONG ReturnLength);
2279
2280	NTOSAPI
2281	NTSTATUS
2282	NTAPI
2283	NtSetInformationToken(
2284	/IN/ HANDLE TokenHandle,
2285	/IN/ TOKEN_INFORMATION_CLASS TokenInformationClass,
2286	/IN/ PVOID TokenInformation,
2287	/IN/ ULONG TokenInformationLength);
2288
2289	NTOSAPI
2290	NTSTATUS
2291	NTAPI
2292	ZwSetInformationToken(
2293	/IN/ HANDLE TokenHandle,
2294	/IN/ TOKEN_INFORMATION_CLASS TokenInformationClass,
2295	/IN/ PVOID TokenInformation,
2296	/IN/ ULONG TokenInformationLength);
2297
2298
2299
2300
2301	/* Time */
2302
2303	NTOSAPI
2304	NTSTATUS
2305	NTAPI
2306	NtQuerySystemTime(
2307	/OUT/ PLARGE_INTEGER CurrentTime);
2308
2309	NTOSAPI
2310	NTSTATUS
2311	NTAPI
2312	ZwQuerySystemTime(
2313	/OUT/ PLARGE_INTEGER CurrentTime);
2314
2315	NTOSAPI
2316	NTSTATUS
2317	NTAPI
2318	NtSetSystemTime(
2319	/IN/ PLARGE_INTEGER NewTime,
2320	/OUT/ PLARGE_INTEGER OldTime /OPTIONAL/);
2321
2322	NTOSAPI
2323	NTSTATUS
2324	NTAPI
2325	ZwSetSystemTime(
2326	/IN/ PLARGE_INTEGER NewTime,
2327	/OUT/ PLARGE_INTEGER OldTime /OPTIONAL/);
2328
2329	NTOSAPI
2330	NTSTATUS
2331	NTAPI
2332	NtQueryPerformanceCounter(
2333	/OUT/ PLARGE_INTEGER PerformanceCount,
2334	/OUT/ PLARGE_INTEGER PerformanceFrequency /OPTIONAL/);
2335
2336	NTOSAPI
2337	NTSTATUS
2338	NTAPI
2339	ZwQueryPerformanceCounter(
2340	/OUT/ PLARGE_INTEGER PerformanceCount,
2341	/OUT/ PLARGE_INTEGER PerformanceFrequency /OPTIONAL/);
2342
2343	NTOSAPI
2344	NTSTATUS
2345	NTAPI
2346	NtQueryTimerResolution(
2347	/OUT/ PULONG CoarsestResolution,
2348	/OUT/ PULONG FinestResolution,
2349	/OUT/ PULONG ActualResolution);
2350
2351	NTOSAPI
2352	NTSTATUS
2353	NTAPI
2354	ZwQueryTimerResolution(
2355	/OUT/ PULONG CoarsestResolution,
2356	/OUT/ PULONG FinestResolution,
2357	/OUT/ PULONG ActualResolution);
2358
2359	NTOSAPI
2360	NTSTATUS
2361	NTAPI
2362	NtDelayExecution(
2363	/IN/ BOOLEAN Alertable,
2364	/IN/ PLARGE_INTEGER Interval);
2365
2366	NTOSAPI
2367	NTSTATUS
2368	NTAPI
2369	ZwDelayExecution(
2370	/IN/ BOOLEAN Alertable,
2371	/IN/ PLARGE_INTEGER Interval);
2372
2373	NTOSAPI
2374	NTSTATUS
2375	NTAPI
2376	NtYieldExecution(
2377	VOID);
2378
2379	NTOSAPI
2380	NTSTATUS
2381	NTAPI
2382	ZwYieldExecution(
2383	VOID);
2384
2385	NTOSAPI
2386	ULONG
2387	NTAPI
2388	NtGetTickCount(
2389	VOID);
2390
2391	NTOSAPI
2392	ULONG
2393	NTAPI
2394	ZwGetTickCount(
2395	VOID);
2396
2397
2398
2399
2400	/* Execution profiling */
2401
2402	NTOSAPI
2403	NTSTATUS
2404	NTAPI
2405	NtCreateProfile(
2406	/OUT/ PHANDLE ProfileHandle,
2407	/IN/ HANDLE ProcessHandle,
2408	/IN/ PVOID Base,
2409	/IN/ ULONG Size,
2410	/IN/ ULONG BucketShift,
2411	/IN/ PULONG Buffer,
2412	/IN/ ULONG BufferLength,
2413	/IN/ KPROFILE_SOURCE Source,
2414	/IN/ ULONG ProcessorMask);
2415
2416	NTOSAPI
2417	NTSTATUS
2418	NTAPI
2419	ZwCreateProfile(
2420	/OUT/ PHANDLE ProfileHandle,
2421	/IN/ HANDLE ProcessHandle,
2422	/IN/ PVOID Base,
2423	/IN/ ULONG Size,
2424	/IN/ ULONG BucketShift,
2425	/IN/ PULONG Buffer,
2426	/IN/ ULONG BufferLength,
2427	/IN/ KPROFILE_SOURCE Source,
2428	/IN/ ULONG ProcessorMask);
2429
2430	NTOSAPI
2431	NTSTATUS
2432	NTAPI
2433	NtSetIntervalProfile(
2434	/IN/ ULONG Interval,
2435	/IN/ KPROFILE_SOURCE Source);
2436
2437	NTOSAPI
2438	NTSTATUS
2439	NTAPI
2440	ZwSetIntervalProfile(
2441	/IN/ ULONG Interval,
2442	/IN/ KPROFILE_SOURCE Source);
2443
2444	NTOSAPI
2445	NTSTATUS
2446	NTAPI
2447	NtQueryIntervalProfile(
2448	/IN/ KPROFILE_SOURCE Source,
2449	/OUT/ PULONG Interval);
2450
2451	NTOSAPI
2452	NTSTATUS
2453	NTAPI
2454	ZwQueryIntervalProfile(
2455	/IN/ KPROFILE_SOURCE Source,
2456	/OUT/ PULONG Interval);
2457
2458	NTOSAPI
2459	NTSTATUS
2460	NTAPI
2461	NtStartProfile(
2462	/IN/ HANDLE ProfileHandle);
2463
2464	NTOSAPI
2465	NTSTATUS
2466	NTAPI
2467	ZwStartProfile(
2468	/IN/ HANDLE ProfileHandle);
2469
2470	NTOSAPI
2471	NTSTATUS
2472	NTAPI
2473	NtStopProfile(
2474	/IN/ HANDLE ProfileHandle);
2475
2476	NTOSAPI
2477	NTSTATUS
2478	NTAPI
2479	ZwStopProfile(
2480	/IN/ HANDLE ProfileHandle);
2481
2482	/* Local Procedure Call (LPC) */
2483
2484	typedef struct _LPC_MESSAGE {
2485	USHORT DataSize;
2486	USHORT MessageSize;
2487	USHORT MessageType;
2488	USHORT VirtualRangesOffset;
2489	CLIENT_ID ClientId;
2490	ULONG MessageId;
2491	ULONG SectionSize;
2492	UCHAR Data[ANYSIZE_ARRAY];
2493	} LPC_MESSAGE, *PLPC_MESSAGE;
2494
2495	#define LPC_MESSAGE_BASE_SIZE 24
2496
2497	typedef enum _LPC_TYPE {
2498	LPC_NEW_MESSAGE,
2499	LPC_REQUEST,
2500	LPC_REPLY,
2501	LPC_DATAGRAM,
2502	LPC_LOST_REPLY,
2503	LPC_PORT_CLOSED,
2504	LPC_CLIENT_DIED,
2505	LPC_EXCEPTION,
2506	LPC_DEBUG_EVENT,
2507	LPC_ERROR_EVENT,
2508	LPC_CONNECTION_REQUEST,
2509	LPC_CONNECTION_REFUSED,
2510	LPC_MAXIMUM
2511	} LPC_TYPE;
2512
2513	typedef struct _LPC_SECTION_WRITE {
2514	ULONG Length;
2515	HANDLE SectionHandle;
2516	ULONG SectionOffset;
2517	ULONG ViewSize;
2518	PVOID ViewBase;
2519	PVOID TargetViewBase;
2520	} LPC_SECTION_WRITE, *PLPC_SECTION_WRITE;
2521
2522	typedef struct _LPC_SECTION_READ {
2523	ULONG Length;
2524	ULONG ViewSize;
2525	PVOID ViewBase;
2526	} LPC_SECTION_READ, *PLPC_SECTION_READ;
2527
2528	NTOSAPI
2529	NTSTATUS
2530	NTAPI
2531	NtCreatePort(
2532	/OUT/ PHANDLE PortHandle,
2533	/IN/ POBJECT_ATTRIBUTES ObjectAttributes,
2534	/IN/ ULONG MaxDataSize,
2535	/IN/ ULONG MaxMessageSize,
2536	/IN/ ULONG Reserved);
2537
2538	NTOSAPI
2539	NTSTATUS
2540	NTAPI
2541	ZwCreatePort(
2542	/OUT/ PHANDLE PortHandle,
2543	/IN/ POBJECT_ATTRIBUTES ObjectAttributes,
2544	/IN/ ULONG MaxDataSize,
2545	/IN/ ULONG MaxMessageSize,
2546	/IN/ ULONG Reserved);
2547
2548	NTOSAPI
2549	NTSTATUS
2550	NTAPI
2551	NtCreateWaitablePort(
2552	/OUT/ PHANDLE PortHandle,
2553	/IN/ POBJECT_ATTRIBUTES ObjectAttributes,
2554	/IN/ ULONG MaxDataSize,
2555	/IN/ ULONG MaxMessageSize,
2556	/IN/ ULONG Reserved);
2557
2558	NTOSAPI
2559	NTSTATUS
2560	NTAPI
2561	ZwCreateWaitablePort(
2562	/OUT/ PHANDLE PortHandle,
2563	/IN/ POBJECT_ATTRIBUTES ObjectAttributes,
2564	/IN/ ULONG MaxDataSize,
2565	/IN/ ULONG MaxMessageSize,
2566	/IN/ ULONG Reserved);
2567
2568	NTOSAPI
2569	NTSTATUS
2570	NTAPI
2571	NtConnectPort(
2572	/OUT/ PHANDLE PortHandle,
2573	/IN/ PUNICODE_STRING PortName,
2574	/IN/ PSECURITY_QUALITY_OF_SERVICE SecurityQos,
2575	/IN OUT/ PLPC_SECTION_WRITE WriteSection /OPTIONAL/,
2576	/IN OUT/ PLPC_SECTION_READ ReadSection /OPTIONAL/,
2577	/OUT/ PULONG MaxMessageSize /OPTIONAL/,
2578	/IN OUT/ PVOID ConnectData /OPTIONAL/,
2579	/IN OUT/ PULONG ConnectDataLength /OPTIONAL/);
2580
2581	NTOSAPI
2582	NTSTATUS
2583	NTAPI
2584	ZwConnectPort(
2585	/OUT/ PHANDLE PortHandle,
2586	/IN/ PUNICODE_STRING PortName,
2587	/IN/ PSECURITY_QUALITY_OF_SERVICE SecurityQos,
2588	/IN OUT/ PLPC_SECTION_WRITE WriteSection /OPTIONAL/,
2589	/IN OUT/ PLPC_SECTION_READ ReadSection /OPTIONAL/,
2590	/OUT/ PULONG MaxMessageSize /OPTIONAL/,
2591	/IN OUT/ PVOID ConnectData /OPTIONAL/,
2592	/IN OUT/ PULONG ConnectDataLength /OPTIONAL/);
2593
2594	NTOSAPI
2595	NTSTATUS
2596	NTAPI
2597	NtListenPort(
2598	/IN/ HANDLE PortHandle,
2599	/OUT/ PLPC_MESSAGE Message);
2600
2601	NTOSAPI
2602	NTSTATUS
2603	NTAPI
2604	ZwListenPort(
2605	/IN/ HANDLE PortHandle,
2606	/OUT/ PLPC_MESSAGE Message);
2607
2608	NTOSAPI
2609	NTSTATUS
2610	NTAPI
2611	NtAcceptConnectPort(
2612	/OUT/ PHANDLE PortHandle,
2613	/IN/ ULONG PortIdentifier,
2614	/IN/ PLPC_MESSAGE Message,
2615	/IN/ BOOLEAN Accept,
2616	/IN OUT/ PLPC_SECTION_WRITE WriteSection /OPTIONAL/,
2617	/IN OUT/ PLPC_SECTION_READ ReadSection /OPTIONAL/);
2618
2619	NTOSAPI
2620	NTSTATUS
2621	NTAPI
2622	ZwAcceptConnectPort(
2623	/OUT/ PHANDLE PortHandle,
2624	/IN/ ULONG PortIdentifier,
2625	/IN/ PLPC_MESSAGE Message,
2626	/IN/ BOOLEAN Accept,
2627	/IN OUT/ PLPC_SECTION_WRITE WriteSection /OPTIONAL/,
2628	/IN OUT/ PLPC_SECTION_READ ReadSection /OPTIONAL/);
2629
2630	NTOSAPI
2631	NTSTATUS
2632	NTAPI
2633	NtCompleteConnectPort(
2634	/IN/ HANDLE PortHandle);
2635
2636	NTOSAPI
2637	NTSTATUS
2638	NTAPI
2639	ZwCompleteConnectPort(
2640	/IN/ HANDLE PortHandle);
2641
2642	NTOSAPI
2643	NTSTATUS
2644	NTAPI
2645	NtRequestPort(
2646	/IN/ HANDLE PortHandle,
2647	/IN/ PLPC_MESSAGE RequestMessage);
2648
2649	NTOSAPI
2650	NTSTATUS
2651	NTAPI
2652	ZwRequestPort(
2653	/IN/ HANDLE PortHandle,
2654	/IN/ PLPC_MESSAGE RequestMessage);
2655
2656	NTOSAPI
2657	NTSTATUS
2658	NTAPI
2659	NtRequestWaitReplyPort(
2660	/IN/ HANDLE PortHandle,
2661	/IN/ PLPC_MESSAGE RequestMessage,
2662	/OUT/ PLPC_MESSAGE ReplyMessage);
2663
2664	NTOSAPI
2665	NTSTATUS
2666	NTAPI
2667	ZwRequestWaitReplyPort(
2668	/IN/ HANDLE PortHandle,
2669	/IN/ PLPC_MESSAGE RequestMessage,
2670	/OUT/ PLPC_MESSAGE ReplyMessage);
2671
2672	NTOSAPI
2673	NTSTATUS
2674	NTAPI
2675	NtReplyPort(
2676	/IN/ HANDLE PortHandle,
2677	/IN/ PLPC_MESSAGE ReplyMessage);
2678
2679	NTOSAPI
2680	NTSTATUS
2681	NTAPI
2682	ZwReplyPort(
2683	/IN/ HANDLE PortHandle,
2684	/IN/ PLPC_MESSAGE ReplyMessage);
2685
2686	NTOSAPI
2687	NTSTATUS
2688	NTAPI
2689	NtReplyWaitReplyPort(
2690	/IN/ HANDLE PortHandle,
2691	/IN OUT/ PLPC_MESSAGE ReplyMessage);
2692
2693	NTOSAPI
2694	NTSTATUS
2695	NTAPI
2696	ZwReplyWaitReplyPort(
2697	/IN/ HANDLE PortHandle,
2698	/IN OUT/ PLPC_MESSAGE ReplyMessage);
2699
2700	NTOSAPI
2701	NTSTATUS
2702	NTAPI
2703	NtReplyWaitReceivePort(
2704	/IN/ HANDLE PortHandle,
2705	/OUT/ PULONG PortIdentifier /OPTIONAL/,
2706	/IN/ PLPC_MESSAGE ReplyMessage /OPTIONAL/,
2707	/OUT/ PLPC_MESSAGE Message);
2708
2709	NTOSAPI
2710	NTSTATUS
2711	NTAPI
2712	ZwReplyWaitReceivePort(
2713	/IN/ HANDLE PortHandle,
2714	/OUT/ PULONG PortIdentifier /OPTIONAL/,
2715	/IN/ PLPC_MESSAGE ReplyMessage /OPTIONAL/,
2716	/OUT/ PLPC_MESSAGE Message);
2717
2718	NTOSAPI
2719	NTSTATUS
2720	NTAPI
2721	NtReplyWaitReceivePortEx(
2722	/IN/ HANDLE PortHandle,
2723	/OUT/ PULONG PortIdentifier /OPTIONAL/,
2724	/IN/ PLPC_MESSAGE ReplyMessage /OPTIONAL/,
2725	/OUT/ PLPC_MESSAGE Message,
2726	/IN/ PLARGE_INTEGER Timeout);
2727
2728	NTOSAPI
2729	NTSTATUS
2730	NTAPI
2731	ZwReplyWaitReceivePortEx(
2732	/IN/ HANDLE PortHandle,
2733	/OUT/ PULONG PortIdentifier /OPTIONAL/,
2734	/IN/ PLPC_MESSAGE ReplyMessage /OPTIONAL/,
2735	/OUT/ PLPC_MESSAGE Message,
2736	/IN/ PLARGE_INTEGER Timeout);
2737
2738	NTOSAPI
2739	NTSTATUS
2740	NTAPI
2741	NtReadRequestData(
2742	/IN/ HANDLE PortHandle,
2743	/IN/ PLPC_MESSAGE Message,
2744	/IN/ ULONG Index,
2745	/OUT/ PVOID Buffer,
2746	/IN/ ULONG BufferLength,
2747	/OUT/ PULONG ReturnLength /OPTIONAL/);
2748
2749	NTOSAPI
2750	NTSTATUS
2751	NTAPI
2752	ZwReadRequestData(
2753	/IN/ HANDLE PortHandle,
2754	/IN/ PLPC_MESSAGE Message,
2755	/IN/ ULONG Index,
2756	/OUT/ PVOID Buffer,
2757	/IN/ ULONG BufferLength,
2758	/OUT/ PULONG ReturnLength /OPTIONAL/);
2759
2760	NTOSAPI
2761	NTSTATUS
2762	NTAPI
2763	NtWriteRequestData(
2764	/IN/ HANDLE PortHandle,
2765	/IN/ PLPC_MESSAGE Message,
2766	/IN/ ULONG Index,
2767	/IN/ PVOID Buffer,
2768	/IN/ ULONG BufferLength,
2769	/OUT/ PULONG ReturnLength /OPTIONAL/);
2770
2771	NTOSAPI
2772	NTSTATUS
2773	NTAPI
2774	ZwWriteRequestData(
2775	/IN/ HANDLE PortHandle,
2776	/IN/ PLPC_MESSAGE Message,
2777	/IN/ ULONG Index,
2778	/IN/ PVOID Buffer,
2779	/IN/ ULONG BufferLength,
2780	/OUT/ PULONG ReturnLength /OPTIONAL/);
2781
2782	typedef enum _PORT_INFORMATION_CLASS {
2783	PortBasicInformation
2784	} PORT_INFORMATION_CLASS;
2785
2786	NTOSAPI
2787	NTSTATUS
2788	NTAPI
2789	NtQueryInformationPort(
2790	/IN/ HANDLE PortHandle,
2791	/IN/ PORT_INFORMATION_CLASS PortInformationClass,
2792	/OUT/ PVOID PortInformation,
2793	/IN/ ULONG PortInformationLength,
2794	/OUT/ PULONG ReturnLength /OPTIONAL/);
2795
2796	NTOSAPI
2797	NTSTATUS
2798	NTAPI
2799	ZwQueryInformationPort(
2800	/IN/ HANDLE PortHandle,
2801	/IN/ PORT_INFORMATION_CLASS PortInformationClass,
2802	/OUT/ PVOID PortInformation,
2803	/IN/ ULONG PortInformationLength,
2804	/OUT/ PULONG ReturnLength /OPTIONAL/);
2805
2806	NTOSAPI
2807	NTSTATUS
2808	NTAPI
2809	NtImpersonateClientOfPort(
2810	/IN/ HANDLE PortHandle,
2811	/IN/ PLPC_MESSAGE Message);
2812
2813	NTOSAPI
2814	NTSTATUS
2815	NTAPI
2816	ZwImpersonateClientOfPort(
2817	/IN/ HANDLE PortHandle,
2818	/IN/ PLPC_MESSAGE Message);
2819
2820
2821
2822
2823	/* Files */
2824
2825	NTOSAPI
2826	NTSTATUS
2827	NTAPI
2828	NtDeleteFile(
2829	/IN/ POBJECT_ATTRIBUTES ObjectAttributes);
2830
2831	NTOSAPI
2832	NTSTATUS
2833	NTAPI
2834	ZwDeleteFile(
2835	/IN/ POBJECT_ATTRIBUTES ObjectAttributes);
2836
2837	NTOSAPI
2838	NTSTATUS
2839	NTAPI
2840	NtFlushBuffersFile(
2841	/IN/ HANDLE FileHandle,
2842	/OUT/ PIO_STATUS_BLOCK IoStatusBlock);
2843
2844	NTOSAPI
2845	NTSTATUS
2846	NTAPI
2847	ZwFlushBuffersFile(
2848	/IN/ HANDLE FileHandle,
2849	/OUT/ PIO_STATUS_BLOCK IoStatusBlock);
2850
2851	NTOSAPI
2852	NTSTATUS
2853	NTAPI
2854	NtCancelIoFile(
2855	/IN/ HANDLE FileHandle,
2856	/OUT/ PIO_STATUS_BLOCK IoStatusBlock);
2857
2858	NTOSAPI
2859	NTSTATUS
2860	NTAPI
2861	ZwCancelIoFile(
2862	/IN/ HANDLE FileHandle,
2863	/OUT/ PIO_STATUS_BLOCK IoStatusBlock);
2864
2865	NTOSAPI
2866	NTSTATUS
2867	NTAPI
2868	NtReadFileScatter(
2869	/IN/ HANDLE FileHandle,
2870	/IN/ HANDLE Event /OPTIONAL/,
2871	/IN/ PIO_APC_ROUTINE ApcRoutine /OPTIONAL/,
2872	/IN/ PVOID ApcContext /OPTIONAL/,
2873	/OUT/ PIO_STATUS_BLOCK IoStatusBlock,
2874	/IN/ PFILE_SEGMENT_ELEMENT Buffer,
2875	/IN/ ULONG Length,
2876	/IN/ PLARGE_INTEGER ByteOffset /OPTIONAL/,
2877	/IN/ PULONG Key /OPTIONAL/);
2878
2879	NTOSAPI
2880	NTSTATUS
2881	NTAPI
2882	ZwReadFileScatter(
2883	/IN/ HANDLE FileHandle,
2884	/IN/ HANDLE Event /OPTIONAL/,
2885	/IN/ PIO_APC_ROUTINE ApcRoutine /OPTIONAL/,
2886	/IN/ PVOID ApcContext /OPTIONAL/,
2887	/OUT/ PIO_STATUS_BLOCK IoStatusBlock,
2888	/IN/ PFILE_SEGMENT_ELEMENT Buffer,
2889	/IN/ ULONG Length,
2890	/IN/ PLARGE_INTEGER ByteOffset /OPTIONAL/,
2891	/IN/ PULONG Key /OPTIONAL/);
2892
2893	NTOSAPI
2894	NTSTATUS
2895	NTAPI
2896	NtWriteFileGather(
2897	/IN/ HANDLE FileHandle,
2898	/IN/ HANDLE Event /OPTIONAL/,
2899	/IN/ PIO_APC_ROUTINE ApcRoutine /OPTIONAL/,
2900	/IN/ PVOID ApcContext /OPTIONAL/,
2901	/OUT/ PIO_STATUS_BLOCK IoStatusBlock,
2902	/IN/ PFILE_SEGMENT_ELEMENT Buffer,
2903	/IN/ ULONG Length,
2904	/IN/ PLARGE_INTEGER ByteOffset /OPTIONAL/,
2905	/IN/ PULONG Key /OPTIONAL/);
2906
2907	NTOSAPI
2908	NTSTATUS
2909	NTAPI
2910	ZwWriteFileGather(
2911	/IN/ HANDLE FileHandle,
2912	/IN/ HANDLE Event /OPTIONAL/,
2913	/IN/ PIO_APC_ROUTINE ApcRoutine /OPTIONAL/,
2914	/IN/ PVOID ApcContext /OPTIONAL/,
2915	/OUT/ PIO_STATUS_BLOCK IoStatusBlock,
2916	/IN/ PFILE_SEGMENT_ELEMENT Buffer,
2917	/IN/ ULONG Length,
2918	/IN/ PLARGE_INTEGER ByteOffset /OPTIONAL/,
2919	/IN/ PULONG Key /OPTIONAL/);
2920
2921
2922
2923
2924	/* Registry keys */
2925
2926	NTOSAPI
2927	NTSTATUS
2928	NTAPI
2929	NtSaveKey(
2930	/IN/ HANDLE KeyHandle,
2931	/IN/ HANDLE FileHandle);
2932
2933	NTOSAPI
2934	NTSTATUS
2935	NTAPI
2936	ZwSaveKey(
2937	/IN/ HANDLE KeyHandle,
2938	/IN/ HANDLE FileHandle);
2939
2940	NTOSAPI
2941	NTSTATUS
2942	NTAPI
2943	NtSaveMergedKeys(
2944	/IN/ HANDLE KeyHandle1,
2945	/IN/ HANDLE KeyHandle2,
2946	/IN/ HANDLE FileHandle);
2947
2948	NTOSAPI
2949	NTSTATUS
2950	NTAPI
2951	ZwSaveMergedKeys(
2952	/IN/ HANDLE KeyHandle1,
2953	/IN/ HANDLE KeyHandle2,
2954	/IN/ HANDLE FileHandle);
2955
2956	NTOSAPI
2957	NTSTATUS
2958	NTAPI
2959	NtRestoreKey(
2960	/IN/ HANDLE KeyHandle,
2961	/IN/ HANDLE FileHandle,
2962	/IN/ ULONG Flags);
2963
2964	NTOSAPI
2965	NTSTATUS
2966	NTAPI
2967	ZwRestoreKey(
2968	/IN/ HANDLE KeyHandle,
2969	/IN/ HANDLE FileHandle,
2970	/IN/ ULONG Flags);
2971
2972	NTOSAPI
2973	NTSTATUS
2974	NTAPI
2975	NtLoadKey(
2976	/IN/ POBJECT_ATTRIBUTES KeyObjectAttributes,
2977	/IN/ POBJECT_ATTRIBUTES FileObjectAttributes);
2978
2979	NTOSAPI
2980	NTSTATUS
2981	NTAPI
2982	ZwLoadKey(
2983	/IN/ POBJECT_ATTRIBUTES KeyObjectAttributes,
2984	/IN/ POBJECT_ATTRIBUTES FileObjectAttributes);
2985
2986	NTOSAPI
2987	NTSTATUS
2988	NTAPI
2989	NtLoadKey2(
2990	/IN/ POBJECT_ATTRIBUTES KeyObjectAttributes,
2991	/IN/ POBJECT_ATTRIBUTES FileObjectAttributes,
2992	/IN/ ULONG Flags);
2993
2994	NTOSAPI
2995	NTSTATUS
2996	NTAPI
2997	ZwLoadKey2(
2998	/IN/ POBJECT_ATTRIBUTES KeyObjectAttributes,
2999	/IN/ POBJECT_ATTRIBUTES FileObjectAttributes,
3000	/IN/ ULONG Flags);
3001
3002	NTOSAPI
3003	NTSTATUS
3004	NTAPI
3005	NtUnloadKey(
3006	/IN/ POBJECT_ATTRIBUTES KeyObjectAttributes);
3007
3008	NTOSAPI
3009	NTSTATUS
3010	NTAPI
3011	ZwUnloadKey(
3012	/IN/ POBJECT_ATTRIBUTES KeyObjectAttributes);
3013
3014	NTOSAPI
3015	NTSTATUS
3016	NTAPI
3017	NtQueryOpenSubKeys(
3018	/IN/ POBJECT_ATTRIBUTES KeyObjectAttributes,
3019	/OUT/ PULONG NumberOfKeys);
3020
3021	NTOSAPI
3022	NTSTATUS
3023	NTAPI
3024	ZwQueryOpenSubKeys(
3025	/IN/ POBJECT_ATTRIBUTES KeyObjectAttributes,
3026	/OUT/ PULONG NumberOfKeys);
3027
3028	NTOSAPI
3029	NTSTATUS
3030	NTAPI
3031	NtReplaceKey(
3032	/IN/ POBJECT_ATTRIBUTES NewFileObjectAttributes,
3033	/IN/ HANDLE KeyHandle,
3034	/IN/ POBJECT_ATTRIBUTES OldFileObjectAttributes);
3035
3036	NTOSAPI
3037	NTSTATUS
3038	NTAPI
3039	ZwReplaceKey(
3040	/IN/ POBJECT_ATTRIBUTES NewFileObjectAttributes,
3041	/IN/ HANDLE KeyHandle,
3042	/IN/ POBJECT_ATTRIBUTES OldFileObjectAttributes);
3043
3044	typedef enum _KEY_SET_INFORMATION_CLASS {
3045	KeyLastWriteTimeInformation
3046	} KEY_SET_INFORMATION_CLASS;
3047
3048	NTOSAPI
3049	NTSTATUS
3050	NTAPI
3051	NtSetInformationKey(
3052	/IN/ HANDLE KeyHandle,
3053	/IN/ KEY_SET_INFORMATION_CLASS KeyInformationClass,
3054	/IN/ PVOID KeyInformation,
3055	/IN/ ULONG KeyInformationLength);
3056
3057	NTOSAPI
3058	NTSTATUS
3059	NTAPI
3060	ZwSetInformationKey(
3061	/IN/ HANDLE KeyHandle,
3062	/IN/ KEY_SET_INFORMATION_CLASS KeyInformationClass,
3063	/IN/ PVOID KeyInformation,
3064	/IN/ ULONG KeyInformationLength);
3065
3066	typedef struct _KEY_LAST_WRITE_TIME_INFORMATION {
3067	LARGE_INTEGER LastWriteTime;
3068	} KEY_LAST_WRITE_TIME_INFORMATION, *PKEY_LAST_WRITE_TIME_INFORMATION;
3069
3070	typedef struct _KEY_NAME_INFORMATION {
3071	ULONG NameLength;
3072	WCHAR Name[1];
3073	} KEY_NAME_INFORMATION, *PKEY_NAME_INFORMATION;
3074
3075	NTOSAPI
3076	NTSTATUS
3077	NTAPI
3078	NtNotifyChangeKey(
3079	/IN/ HANDLE KeyHandle,
3080	/IN/ HANDLE EventHandle /OPTIONAL/,
3081	/IN/ PIO_APC_ROUTINE ApcRoutine /OPTIONAL/,
3082	/IN/ PVOID ApcContext /OPTIONAL/,
3083	/OUT/ PIO_STATUS_BLOCK IoStatusBlock,
3084	/IN/ ULONG NotifyFilter,
3085	/IN/ BOOLEAN WatchSubtree,
3086	/IN/ PVOID Buffer,
3087	/IN/ ULONG BufferLength,
3088	/IN/ BOOLEAN Asynchronous);
3089
3090	NTOSAPI
3091	NTSTATUS
3092	NTAPI
3093	ZwNotifyChangeKey(
3094	/IN/ HANDLE KeyHandle,
3095	/IN/ HANDLE EventHandle /OPTIONAL/,
3096	/IN/ PIO_APC_ROUTINE ApcRoutine /OPTIONAL/,
3097	/IN/ PVOID ApcContext /OPTIONAL/,
3098	/OUT/ PIO_STATUS_BLOCK IoStatusBlock,
3099	/IN/ ULONG NotifyFilter,
3100	/IN/ BOOLEAN WatchSubtree,
3101	/IN/ PVOID Buffer,
3102	/IN/ ULONG BufferLength,
3103	/IN/ BOOLEAN Asynchronous);
3104
3105	/* ZwNotifyChangeMultipleKeys.Flags constants */
3106	#define REG_MONITOR_SINGLE_KEY 0x00
3107	#define REG_MONITOR_SECOND_KEY 0x01
3108
3109	NTOSAPI
3110	NTSTATUS
3111	NTAPI
3112	NtNotifyChangeMultipleKeys(
3113	/IN/ HANDLE KeyHandle,
3114	/IN/ ULONG Flags,
3115	/IN/ POBJECT_ATTRIBUTES KeyObjectAttributes,
3116	/IN/ HANDLE EventHandle /OPTIONAL/,
3117	/IN/ PIO_APC_ROUTINE ApcRoutine /OPTIONAL/,
3118	/IN/ PVOID ApcContext /OPTIONAL/,
3119	/OUT/ PIO_STATUS_BLOCK IoStatusBlock,
3120	/IN/ ULONG NotifyFilter,
3121	/IN/ BOOLEAN WatchSubtree,
3122	/IN/ PVOID Buffer,
3123	/IN/ ULONG BufferLength,
3124	/IN/ BOOLEAN Asynchronous);
3125
3126	NTOSAPI
3127	NTSTATUS
3128	NTAPI
3129	ZwNotifyChangeMultipleKeys(
3130	/IN/ HANDLE KeyHandle,
3131	/IN/ ULONG Flags,
3132	/IN/ POBJECT_ATTRIBUTES KeyObjectAttributes,
3133	/IN/ HANDLE EventHandle /OPTIONAL/,
3134	/IN/ PIO_APC_ROUTINE ApcRoutine /OPTIONAL/,
3135	/IN/ PVOID ApcContext /OPTIONAL/,
3136	/OUT/ PIO_STATUS_BLOCK IoStatusBlock,
3137	/IN/ ULONG NotifyFilter,
3138	/IN/ BOOLEAN WatchSubtree,
3139	/IN/ PVOID Buffer,
3140	/IN/ ULONG BufferLength,
3141	/IN/ BOOLEAN Asynchronous);
3142
3143	NTOSAPI
3144	NTSTATUS
3145	NTAPI
3146	NtQueryMultipleValueKey(
3147	/IN/ HANDLE KeyHandle,
3148	/IN OUT/ PKEY_VALUE_ENTRY ValueList,
3149	/IN/ ULONG NumberOfValues,
3150	/OUT/ PVOID Buffer,
3151	/IN OUT/ PULONG Length,
3152	/OUT/ PULONG ReturnLength);
3153
3154	NTOSAPI
3155	NTSTATUS
3156	NTAPI
3157	ZwQueryMultipleValueKey(
3158	/IN/ HANDLE KeyHandle,
3159	/IN OUT/ PKEY_VALUE_ENTRY ValueList,
3160	/IN/ ULONG NumberOfValues,
3161	/OUT/ PVOID Buffer,
3162	/IN OUT/ PULONG Length,
3163	/OUT/ PULONG ReturnLength);
3164
3165	NTOSAPI
3166	NTSTATUS
3167	NTAPI
3168	NtInitializeRegistry(
3169	/IN/ BOOLEAN Setup);
3170
3171	NTOSAPI
3172	NTSTATUS
3173	NTAPI
3174	ZwInitializeRegistry(
3175	/IN/ BOOLEAN Setup);
3176
3177
3178
3179
3180	/* Security and auditing */
3181
3182	NTOSAPI
3183	NTSTATUS
3184	NTAPI
3185	NtPrivilegeCheck(
3186	/IN/ HANDLE TokenHandle,
3187	/IN/ PPRIVILEGE_SET RequiredPrivileges,
3188	/OUT/ PBOOLEAN Result);
3189
3190	NTOSAPI
3191	NTSTATUS
3192	NTAPI
3193	ZwPrivilegeCheck(
3194	/IN/ HANDLE TokenHandle,
3195	/IN/ PPRIVILEGE_SET RequiredPrivileges,
3196	/OUT/ PBOOLEAN Result);
3197
3198	NTOSAPI
3199	NTSTATUS
3200	NTAPI
3201	NtPrivilegeObjectAuditAlarm(
3202	/IN/ PUNICODE_STRING SubsystemName,
3203	/IN/ PVOID HandleId,
3204	/IN/ HANDLE TokenHandle,
3205	/IN/ ACCESS_MASK DesiredAccess,
3206	/IN/ PPRIVILEGE_SET Privileges,
3207	/IN/ BOOLEAN AccessGranted);
3208
3209	NTOSAPI
3210	NTSTATUS
3211	NTAPI
3212	ZwPrivilegeObjectAuditAlarm(
3213	/IN/ PUNICODE_STRING SubsystemName,
3214	/IN/ PVOID HandleId,
3215	/IN/ HANDLE TokenHandle,
3216	/IN/ ACCESS_MASK DesiredAccess,
3217	/IN/ PPRIVILEGE_SET Privileges,
3218	/IN/ BOOLEAN AccessGranted);
3219
3220	NTOSAPI
3221	NTSTATUS
3222	NTAPI
3223	NtAccessCheck(
3224	/IN/ PSECURITY_DESCRIPTOR SecurityDescriptor,
3225	/IN/ HANDLE TokenHandle,
3226	/IN/ ACCESS_MASK DesiredAccess,
3227	/IN/ PGENERIC_MAPPING GenericMapping,
3228	/IN/ PPRIVILEGE_SET PrivilegeSet,
3229	/IN/ PULONG PrivilegeSetLength,
3230	/OUT/ PACCESS_MASK GrantedAccess,
3231	/OUT/ PBOOLEAN AccessStatus);
3232
3233	NTOSAPI
3234	NTSTATUS
3235	NTAPI
3236	ZwAccessCheck(
3237	/IN/ PSECURITY_DESCRIPTOR SecurityDescriptor,
3238	/IN/ HANDLE TokenHandle,
3239	/IN/ ACCESS_MASK DesiredAccess,
3240	/IN/ PGENERIC_MAPPING GenericMapping,
3241	/IN/ PPRIVILEGE_SET PrivilegeSet,
3242	/IN/ PULONG PrivilegeSetLength,
3243	/OUT/ PACCESS_MASK GrantedAccess,
3244	/OUT/ PBOOLEAN AccessStatus);
3245
3246	NTOSAPI
3247	NTSTATUS
3248	NTAPI
3249	NtAccessCheckAndAuditAlarm(
3250	/IN/ PUNICODE_STRING SubsystemName,
3251	/IN/ PVOID HandleId,
3252	/IN/ PUNICODE_STRING ObjectTypeName,
3253	/IN/ PUNICODE_STRING ObjectName,
3254	/IN/ PSECURITY_DESCRIPTOR SecurityDescriptor,
3255	/IN/ ACCESS_MASK DesiredAccess,
3256	/IN/ PGENERIC_MAPPING GenericMapping,
3257	/IN/ BOOLEAN ObjectCreation,
3258	/OUT/ PACCESS_MASK GrantedAccess,
3259	/OUT/ PBOOLEAN AccessStatus,
3260	/OUT/ PBOOLEAN GenerateOnClose);
3261
3262	NTOSAPI
3263	NTSTATUS
3264	NTAPI
3265	ZwAccessCheckAndAuditAlarm(
3266	/IN/ PUNICODE_STRING SubsystemName,
3267	/IN/ PVOID HandleId,
3268	/IN/ PUNICODE_STRING ObjectTypeName,
3269	/IN/ PUNICODE_STRING ObjectName,
3270	/IN/ PSECURITY_DESCRIPTOR SecurityDescriptor,
3271	/IN/ ACCESS_MASK DesiredAccess,
3272	/IN/ PGENERIC_MAPPING GenericMapping,
3273	/IN/ BOOLEAN ObjectCreation,
3274	/OUT/ PACCESS_MASK GrantedAccess,
3275	/OUT/ PBOOLEAN AccessStatus,
3276	/OUT/ PBOOLEAN GenerateOnClose);
3277
3278	NTOSAPI
3279	NTSTATUS
3280	NTAPI
3281	NtAccessCheckByType(
3282	/IN/ PSECURITY_DESCRIPTOR SecurityDescriptor,
3283	/IN/ PSID PrincipalSelfSid,
3284	/IN/ HANDLE TokenHandle,
3285	/IN/ ULONG DesiredAccess,
3286	/IN/ POBJECT_TYPE_LIST ObjectTypeList,
3287	/IN/ ULONG ObjectTypeListLength,
3288	/IN/ PGENERIC_MAPPING GenericMapping,
3289	/IN/ PPRIVILEGE_SET PrivilegeSet,
3290	/IN/ PULONG PrivilegeSetLength,
3291	/OUT/ PACCESS_MASK GrantedAccess,
3292	/OUT/ PULONG AccessStatus);
3293
3294	NTOSAPI
3295	NTSTATUS
3296	NTAPI
3297	ZwAccessCheckByType(
3298	/IN/ PSECURITY_DESCRIPTOR SecurityDescriptor,
3299	/IN/ PSID PrincipalSelfSid,
3300	/IN/ HANDLE TokenHandle,
3301	/IN/ ULONG DesiredAccess,
3302	/IN/ POBJECT_TYPE_LIST ObjectTypeList,
3303	/IN/ ULONG ObjectTypeListLength,
3304	/IN/ PGENERIC_MAPPING GenericMapping,
3305	/IN/ PPRIVILEGE_SET PrivilegeSet,
3306	/IN/ PULONG PrivilegeSetLength,
3307	/OUT/ PACCESS_MASK GrantedAccess,
3308	/OUT/ PULONG AccessStatus);
3309
3310	typedef enum _AUDIT_EVENT_TYPE {
3311	AuditEventObjectAccess,
3312	AuditEventDirectoryServiceAccess
3313	} AUDIT_EVENT_TYPE, *PAUDIT_EVENT_TYPE;
3314
3315	NTOSAPI
3316	NTSTATUS
3317	NTAPI
3318	NtAccessCheckByTypeAndAuditAlarm(
3319	/IN/ PUNICODE_STRING SubsystemName,
3320	/IN/ PVOID HandleId,
3321	/IN/ PUNICODE_STRING ObjectTypeName,
3322	/IN/ PUNICODE_STRING ObjectName,
3323	/IN/ PSECURITY_DESCRIPTOR SecurityDescriptor,
3324	/IN/ PSID PrincipalSelfSid,
3325	/IN/ ACCESS_MASK DesiredAccess,
3326	/IN/ AUDIT_EVENT_TYPE AuditType,
3327	/IN/ ULONG Flags,
3328	/IN/ POBJECT_TYPE_LIST ObjectTypeList,
3329	/IN/ ULONG ObjectTypeListLength,
3330	/IN/ PGENERIC_MAPPING GenericMapping,
3331	/IN/ BOOLEAN ObjectCreation,
3332	/OUT/ PACCESS_MASK GrantedAccess,
3333	/OUT/ PULONG AccessStatus,
3334	/OUT/ PBOOLEAN GenerateOnClose);
3335
3336	NTOSAPI
3337	NTSTATUS
3338	NTAPI
3339	ZwAccessCheckByTypeAndAuditAlarm(
3340	/IN/ PUNICODE_STRING SubsystemName,
3341	/IN/ PVOID HandleId,
3342	/IN/ PUNICODE_STRING ObjectTypeName,
3343	/IN/ PUNICODE_STRING ObjectName,
3344	/IN/ PSECURITY_DESCRIPTOR SecurityDescriptor,
3345	/IN/ PSID PrincipalSelfSid,
3346	/IN/ ACCESS_MASK DesiredAccess,
3347	/IN/ AUDIT_EVENT_TYPE AuditType,
3348	/IN/ ULONG Flags,
3349	/IN/ POBJECT_TYPE_LIST ObjectTypeList,
3350	/IN/ ULONG ObjectTypeListLength,
3351	/IN/ PGENERIC_MAPPING GenericMapping,
3352	/IN/ BOOLEAN ObjectCreation,
3353	/OUT/ PACCESS_MASK GrantedAccess,
3354	/OUT/ PULONG AccessStatus,
3355	/OUT/ PBOOLEAN GenerateOnClose);
3356
3357	NTOSAPI
3358	NTSTATUS
3359	NTAPI
3360	NtAccessCheckByTypeResultList(
3361	/IN/ PSECURITY_DESCRIPTOR SecurityDescriptor,
3362	/IN/ PSID PrincipalSelfSid,
3363	/IN/ HANDLE TokenHandle,
3364	/IN/ ACCESS_MASK DesiredAccess,
3365	/IN/ POBJECT_TYPE_LIST ObjectTypeList,
3366	/IN/ ULONG ObjectTypeListLength,
3367	/IN/ PGENERIC_MAPPING GenericMapping,
3368	/IN/ PPRIVILEGE_SET PrivilegeSet,
3369	/IN/ PULONG PrivilegeSetLength,
3370	/OUT/ PACCESS_MASK GrantedAccessList,
3371	/OUT/ PULONG AccessStatusList);
3372
3373	NTOSAPI
3374	NTSTATUS
3375	NTAPI
3376	ZwAccessCheckByTypeResultList(
3377	/IN/ PSECURITY_DESCRIPTOR SecurityDescriptor,
3378	/IN/ PSID PrincipalSelfSid,
3379	/IN/ HANDLE TokenHandle,
3380	/IN/ ACCESS_MASK DesiredAccess,
3381	/IN/ POBJECT_TYPE_LIST ObjectTypeList,
3382	/IN/ ULONG ObjectTypeListLength,
3383	/IN/ PGENERIC_MAPPING GenericMapping,
3384	/IN/ PPRIVILEGE_SET PrivilegeSet,
3385	/IN/ PULONG PrivilegeSetLength,
3386	/OUT/ PACCESS_MASK GrantedAccessList,
3387	/OUT/ PULONG AccessStatusList);
3388
3389	NTOSAPI
3390	NTSTATUS
3391	NTAPI
3392	NtAccessCheckByTypeResultListAndAuditAlarm(
3393	/IN/ PUNICODE_STRING SubsystemName,
3394	/IN/ PVOID HandleId,
3395	/IN/ PUNICODE_STRING ObjectTypeName,
3396	/IN/ PUNICODE_STRING ObjectName,
3397	/IN/ PSECURITY_DESCRIPTOR SecurityDescriptor,
3398	/IN/ PSID PrincipalSelfSid,
3399	/IN/ ACCESS_MASK DesiredAccess,
3400	/IN/ AUDIT_EVENT_TYPE AuditType,
3401	/IN/ ULONG Flags,
3402	/IN/ POBJECT_TYPE_LIST ObjectTypeList,
3403	/IN/ ULONG ObjectTypeListLength,
3404	/IN/ PGENERIC_MAPPING GenericMapping,
3405	/IN/ BOOLEAN ObjectCreation,
3406	/OUT/ PACCESS_MASK GrantedAccessList,
3407	/OUT/ PULONG AccessStatusList,
3408	/OUT/ PULONG GenerateOnClose);
3409
3410	NTOSAPI
3411	NTSTATUS
3412	NTAPI
3413	ZwAccessCheckByTypeResultListAndAuditAlarm(
3414	/IN/ PUNICODE_STRING SubsystemName,
3415	/IN/ PVOID HandleId,
3416	/IN/ PUNICODE_STRING ObjectTypeName,
3417	/IN/ PUNICODE_STRING ObjectName,
3418	/IN/ PSECURITY_DESCRIPTOR SecurityDescriptor,
3419	/IN/ PSID PrincipalSelfSid,
3420	/IN/ ACCESS_MASK DesiredAccess,
3421	/IN/ AUDIT_EVENT_TYPE AuditType,
3422	/IN/ ULONG Flags,
3423	/IN/ POBJECT_TYPE_LIST ObjectTypeList,
3424	/IN/ ULONG ObjectTypeListLength,
3425	/IN/ PGENERIC_MAPPING GenericMapping,
3426	/IN/ BOOLEAN ObjectCreation,
3427	/OUT/ PACCESS_MASK GrantedAccessList,
3428	/OUT/ PULONG AccessStatusList,
3429	/OUT/ PULONG GenerateOnClose);
3430
3431	NTOSAPI
3432	NTSTATUS
3433	NTAPI
3434	NtAccessCheckByTypeResultListAndAuditAlarmByHandle(
3435	/IN/ PUNICODE_STRING SubsystemName,
3436	/IN/ PVOID HandleId,
3437	/IN/ HANDLE TokenHandle,
3438	/IN/ PUNICODE_STRING ObjectTypeName,
3439	/IN/ PUNICODE_STRING ObjectName,
3440	/IN/ PSECURITY_DESCRIPTOR SecurityDescriptor,
3441	/IN/ PSID PrincipalSelfSid,
3442	/IN/ ACCESS_MASK DesiredAccess,
3443	/IN/ AUDIT_EVENT_TYPE AuditType,
3444	/IN/ ULONG Flags,
3445	/IN/ POBJECT_TYPE_LIST ObjectTypeList,
3446	/IN/ ULONG ObjectTypeListLength,
3447	/IN/ PGENERIC_MAPPING GenericMapping,
3448	/IN/ BOOLEAN ObjectCreation,
3449	/OUT/ PACCESS_MASK GrantedAccessList,
3450	/OUT/ PULONG AccessStatusList,
3451	/OUT/ PULONG GenerateOnClose);
3452
3453	NTOSAPI
3454	NTSTATUS
3455	NTAPI
3456	ZwAccessCheckByTypeResultListAndAuditAlarmByHandle(
3457	/IN/ PUNICODE_STRING SubsystemName,
3458	/IN/ PVOID HandleId,
3459	/IN/ HANDLE TokenHandle,
3460	/IN/ PUNICODE_STRING ObjectTypeName,
3461	/IN/ PUNICODE_STRING ObjectName,
3462	/IN/ PSECURITY_DESCRIPTOR SecurityDescriptor,
3463	/IN/ PSID PrincipalSelfSid,
3464	/IN/ ACCESS_MASK DesiredAccess,
3465	/IN/ AUDIT_EVENT_TYPE AuditType,
3466	/IN/ ULONG Flags,
3467	/IN/ POBJECT_TYPE_LIST ObjectTypeList,
3468	/IN/ ULONG ObjectTypeListLength,
3469	/IN/ PGENERIC_MAPPING GenericMapping,
3470	/IN/ BOOLEAN ObjectCreation,
3471	/OUT/ PACCESS_MASK GrantedAccessList,
3472	/OUT/ PULONG AccessStatusList,
3473	/OUT/ PULONG GenerateOnClose);
3474
3475	NTOSAPI
3476	NTSTATUS
3477	NTAPI
3478	NtOpenObjectAuditAlarm(
3479	/IN/ PUNICODE_STRING SubsystemName,
3480	/IN/ PVOID *HandleId,
3481	/IN/ PUNICODE_STRING ObjectTypeName,
3482	/IN/ PUNICODE_STRING ObjectName,
3483	/IN/ PSECURITY_DESCRIPTOR SecurityDescriptor,
3484	/IN/ HANDLE TokenHandle,
3485	/IN/ ACCESS_MASK DesiredAccess,
3486	/IN/ ACCESS_MASK GrantedAccess,
3487	/IN/ PPRIVILEGE_SET Privileges /OPTIONAL/,
3488	/IN/ BOOLEAN ObjectCreation,
3489	/IN/ BOOLEAN AccessGranted,
3490	/OUT/ PBOOLEAN GenerateOnClose);
3491
3492	NTOSAPI
3493	NTSTATUS
3494	NTAPI
3495	ZwOpenObjectAuditAlarm(
3496	/IN/ PUNICODE_STRING SubsystemName,
3497	/IN/ PVOID *HandleId,
3498	/IN/ PUNICODE_STRING ObjectTypeName,
3499	/IN/ PUNICODE_STRING ObjectName,
3500	/IN/ PSECURITY_DESCRIPTOR SecurityDescriptor,
3501	/IN/ HANDLE TokenHandle,
3502	/IN/ ACCESS_MASK DesiredAccess,
3503	/IN/ ACCESS_MASK GrantedAccess,
3504	/IN/ PPRIVILEGE_SET Privileges /OPTIONAL/,
3505	/IN/ BOOLEAN ObjectCreation,
3506	/IN/ BOOLEAN AccessGranted,
3507	/OUT/ PBOOLEAN GenerateOnClose);
3508
3509	NTOSAPI
3510	NTSTATUS
3511	NTAPI
3512	NtCloseObjectAuditAlarm(
3513	/IN/ PUNICODE_STRING SubsystemName,
3514	/IN/ PVOID HandleId,
3515	/IN/ BOOLEAN GenerateOnClose);
3516
3517	NTOSAPI
3518	NTSTATUS
3519	NTAPI
3520	ZwCloseObjectAuditAlarm(
3521	/IN/ PUNICODE_STRING SubsystemName,
3522	/IN/ PVOID HandleId,
3523	/IN/ BOOLEAN GenerateOnClose);
3524
3525	NTOSAPI
3526	NTSTATUS
3527	NTAPI
3528	NtDeleteObjectAuditAlarm(
3529	/IN/ PUNICODE_STRING SubsystemName,
3530	/IN/ PVOID HandleId,
3531	/IN/ BOOLEAN GenerateOnClose);
3532
3533	NTOSAPI
3534	NTSTATUS
3535	NTAPI
3536	ZwDeleteObjectAuditAlarm(
3537	/IN/ PUNICODE_STRING SubsystemName,
3538	/IN/ PVOID HandleId,
3539	/IN/ BOOLEAN GenerateOnClose);
3540
3541
3542
3543
3544	/* Plug and play and power management */
3545
3546	NTOSAPI
3547	NTSTATUS
3548	NTAPI
3549	ZwRequestWakeupLatency(
3550	/IN/ LATENCY_TIME Latency);
3551
3552	NTOSAPI
3553	NTSTATUS
3554	NTAPI
3555	ZwRequestDeviceWakeup(
3556	/IN/ HANDLE DeviceHandle);
3557
3558	NTOSAPI
3559	NTSTATUS
3560	NTAPI
3561	ZwCancelDeviceWakeupRequest(
3562	/IN/ HANDLE DeviceHandle);
3563
3564	NTOSAPI
3565	BOOLEAN
3566	NTAPI
3567	ZwIsSystemResumeAutomatic(
3568	VOID);
3569
3570	NTOSAPI
3571	NTSTATUS
3572	NTAPI
3573	ZwSetThreadExecutionState(
3574	/IN/ EXECUTION_STATE ExecutionState,
3575	/OUT/ PEXECUTION_STATE PreviousExecutionState);
3576
3577	NTOSAPI
3578	NTSTATUS
3579	NTAPI
3580	ZwGetDevicePowerState(
3581	/IN/ HANDLE DeviceHandle,
3582	/OUT/ PDEVICE_POWER_STATE DevicePowerState);
3583
3584	NTOSAPI
3585	NTSTATUS
3586	NTAPI
3587	ZwSetSystemPowerState(
3588	/IN/ POWER_ACTION SystemAction,
3589	/IN/ SYSTEM_POWER_STATE MinSystemState,
3590	/IN/ ULONG Flags);
3591
3592	NTOSAPI
3593	NTSTATUS
3594	NTAPI
3595	ZwInitiatePowerAction(
3596	/IN/ POWER_ACTION SystemAction,
3597	/IN/ SYSTEM_POWER_STATE MinSystemState,
3598	/IN/ ULONG Flags,
3599	/IN/ BOOLEAN Asynchronous);
3600
3601	NTOSAPI
3602	NTSTATUS
3603	NTAPI
3604	ZwPowerInformation(
3605	/IN/ POWER_INFORMATION_LEVEL PowerInformationLevel,
3606	/IN/ PVOID InputBuffer /OPTIONAL/,
3607	/IN/ ULONG InputBufferLength,
3608	/OUT/ PVOID OutputBuffer /OPTIONAL/,
3609	/IN/ ULONG OutputBufferLength);
3610
3611	NTOSAPI
3612	NTSTATUS
3613	NTAPI
3614	NtPlugPlayControl(
3615	/IN/ ULONG ControlCode,
3616	/IN OUT/ PVOID Buffer,
3617	/IN/ ULONG BufferLength);
3618
3619	NTOSAPI
3620	NTSTATUS
3621	NTAPI
3622	ZwPlugPlayControl(
3623	/IN/ ULONG ControlCode,
3624	/IN OUT/ PVOID Buffer,
3625	/IN/ ULONG BufferLength);
3626
3627	NTOSAPI
3628	NTSTATUS
3629	NTAPI
3630	NtGetPlugPlayEvent(
3631	/IN/ ULONG Reserved1,
3632	/IN/ ULONG Reserved2,
3633	/OUT/ PVOID Buffer,
3634	/IN/ ULONG BufferLength);
3635
3636	NTOSAPI
3637	NTSTATUS
3638	NTAPI
3639	ZwGetPlugPlayEvent(
3640	/IN/ ULONG Reserved1,
3641	/IN/ ULONG Reserved2,
3642	/OUT/ PVOID Buffer,
3643	/IN/ ULONG BufferLength);
3644
3645
3646
3647
3648	/* Miscellany */
3649
3650	NTOSAPI
3651	NTSTATUS
3652	NTAPI
3653	NtRaiseException(
3654	/IN/ PEXCEPTION_RECORD ExceptionRecord,
3655	/IN/ PCONTEXT Context,
3656	/IN/ BOOLEAN SearchFrames);
3657
3658	NTOSAPI
3659	NTSTATUS
3660	NTAPI
3661	ZwRaiseException(
3662	/IN/ PEXCEPTION_RECORD ExceptionRecord,
3663	/IN/ PCONTEXT Context,
3664	/IN/ BOOLEAN SearchFrames);
3665
3666	NTOSAPI
3667	NTSTATUS
3668	NTAPI
3669	NtContinue(
3670	/IN/ PCONTEXT Context,
3671	/IN/ BOOLEAN TestAlert);
3672
3673	NTOSAPI
3674	NTSTATUS
3675	NTAPI
3676	ZwContinue(
3677	/IN/ PCONTEXT Context,
3678	/IN/ BOOLEAN TestAlert);
3679
3680	NTOSAPI
3681	NTSTATUS
3682	NTAPI
3683	ZwW32Call(
3684	/IN/ ULONG RoutineIndex,
3685	/IN/ PVOID Argument,
3686	/IN/ ULONG ArgumentLength,
3687	/OUT/ PVOID Result /OPTIONAL*/,
3688	/OUT/ PULONG ResultLength /OPTIONAL/);
3689
3690	NTOSAPI
3691	NTSTATUS
3692	NTAPI
3693	NtSetLowWaitHighThread(
3694	VOID);
3695
3696	NTOSAPI
3697	NTSTATUS
3698	NTAPI
3699	ZwSetLowWaitHighThread(
3700	VOID);
3701
3702	NTOSAPI
3703	NTSTATUS
3704	NTAPI
3705	NtSetHighWaitLowThread(
3706	VOID);
3707
3708	NTOSAPI
3709	NTSTATUS
3710	NTAPI
3711	ZwSetHighWaitLowThread(
3712	VOID);
3713
3714	NTOSAPI
3715	NTSTATUS
3716	NTAPI
3717	NtLoadDriver(
3718	/IN/ PUNICODE_STRING DriverServiceName);
3719
3720	NTOSAPI
3721	NTSTATUS
3722	NTAPI
3723	ZwLoadDriver(
3724	/IN/ PUNICODE_STRING DriverServiceName);
3725
3726	NTOSAPI
3727	NTSTATUS
3728	NTAPI
3729	NtUnloadDriver(
3730	/IN/ PUNICODE_STRING DriverServiceName);
3731
3732	NTOSAPI
3733	NTSTATUS
3734	NTAPI
3735	ZwUnloadDriver(
3736	/IN/ PUNICODE_STRING DriverServiceName);
3737
3738	NTOSAPI
3739	NTSTATUS
3740	NTAPI
3741	NtFlushInstructionCache(
3742	/IN/ HANDLE ProcessHandle,
3743	/IN/ PVOID BaseAddress /OPTIONAL/,
3744	/IN/ ULONG FlushSize);
3745
3746	NTOSAPI
3747	NTSTATUS
3748	NTAPI
3749	ZwFlushInstructionCache(
3750	/IN/ HANDLE ProcessHandle,
3751	/IN/ PVOID BaseAddress /OPTIONAL/,
3752	/IN/ ULONG FlushSize);
3753
3754	NTOSAPI
3755	NTSTATUS
3756	NTAPI
3757	NtFlushWriteBuffer(
3758	VOID);
3759
3760	NTOSAPI
3761	NTSTATUS
3762	NTAPI
3763	ZwFlushWriteBuffer(
3764	VOID);
3765
3766	NTOSAPI
3767	NTSTATUS
3768	NTAPI
3769	NtQueryDefaultLocale(
3770	/IN/ BOOLEAN ThreadOrSystem,
3771	/OUT/ PLCID Locale);
3772
3773	NTOSAPI
3774	NTSTATUS
3775	NTAPI
3776	ZwQueryDefaultLocale(
3777	/IN/ BOOLEAN ThreadOrSystem,
3778	/OUT/ PLCID Locale);
3779
3780	NTOSAPI
3781	NTSTATUS
3782	NTAPI
3783	NtSetDefaultLocale(
3784	/IN/ BOOLEAN ThreadOrSystem,
3785	/IN/ LCID Locale);
3786
3787	NTOSAPI
3788	NTSTATUS
3789	NTAPI
3790	ZwSetDefaultLocale(
3791	/IN/ BOOLEAN ThreadOrSystem,
3792	/IN/ LCID Locale);
3793
3794	NTOSAPI
3795	NTSTATUS
3796	NTAPI
3797	NtQueryDefaultUILanguage(
3798	/OUT/ PLANGID LanguageId);
3799
3800	NTOSAPI
3801	NTSTATUS
3802	NTAPI
3803	ZwQueryDefaultUILanguage(
3804	/OUT/ PLANGID LanguageId);
3805
3806	NTOSAPI
3807	NTSTATUS
3808	NTAPI
3809	NtSetDefaultUILanguage(
3810	/IN/ LANGID LanguageId);
3811
3812	NTOSAPI
3813	NTSTATUS
3814	NTAPI
3815	ZwSetDefaultUILanguage(
3816	/IN/ LANGID LanguageId);
3817
3818	NTOSAPI
3819	NTSTATUS
3820	NTAPI
3821	NtQueryInstallUILanguage(
3822	/OUT/ PLANGID LanguageId);
3823
3824	NTOSAPI
3825	NTSTATUS
3826	NTAPI
3827	ZwQueryInstallUILanguage(
3828	/OUT/ PLANGID LanguageId);
3829
3830	NTOSAPI
3831	NTSTATUS
3832	NTAPI
3833	NtAllocateLocallyUniqueId(
3834	/OUT/ PLUID Luid);
3835
3836	NTOSAPI
3837	NTSTATUS
3838	NTAPI
3839	NtAllocateUuids(
3840	/OUT/ PLARGE_INTEGER UuidLastTimeAllocated,
3841	/OUT/ PULONG UuidDeltaTime,
3842	/OUT/ PULONG UuidSequenceNumber,
3843	/OUT/ PUCHAR UuidSeed);
3844
3845	NTOSAPI
3846	NTSTATUS
3847	NTAPI
3848	ZwAllocateUuids(
3849	/OUT/ PLARGE_INTEGER UuidLastTimeAllocated,
3850	/OUT/ PULONG UuidDeltaTime,
3851	/OUT/ PULONG UuidSequenceNumber,
3852	/OUT/ PUCHAR UuidSeed);
3853
3854	NTOSAPI
3855	NTSTATUS
3856	NTAPI
3857	NtSetUuidSeed(
3858	/IN/ PUCHAR UuidSeed);
3859
3860	NTOSAPI
3861	NTSTATUS
3862	NTAPI
3863	ZwSetUuidSeed(
3864	/IN/ PUCHAR UuidSeed);
3865
3866	typedef enum _HARDERROR_RESPONSE_OPTION {
3867	OptionAbortRetryIgnore,
3868	OptionOk,
3869	OptionOkCancel,
3870	OptionRetryCancel,
3871	OptionYesNo,
3872	OptionYesNoCancel,
3873	OptionShutdownSystem
3874	} HARDERROR_RESPONSE_OPTION, *PHARDERROR_RESPONSE_OPTION;
3875
3876	typedef enum _HARDERROR_RESPONSE {
3877	ResponseReturnToCaller,
3878	ResponseNotHandled,
3879	ResponseAbort,
3880	ResponseCancel,
3881	ResponseIgnore,
3882	ResponseNo,
3883	ResponseOk,
3884	ResponseRetry,
3885	ResponseYes
3886	} HARDERROR_RESPONSE, *PHARDERROR_RESPONSE;
3887
3888	NTOSAPI
3889	NTSTATUS
3890	NTAPI
3891	NtRaiseHardError(
3892	/IN/ NTSTATUS Status,
3893	/IN/ ULONG NumberOfArguments,
3894	/IN/ ULONG StringArgumentsMask,
3895	/IN/ PULONG Arguments,
3896	/IN/ HARDERROR_RESPONSE_OPTION ResponseOption,
3897	/OUT/ PHARDERROR_RESPONSE Response);
3898
3899	NTOSAPI
3900	NTSTATUS
3901	NTAPI
3902	ZwRaiseHardError(
3903	/IN/ NTSTATUS Status,
3904	/IN/ ULONG NumberOfArguments,
3905	/IN/ ULONG StringArgumentsMask,
3906	/IN/ PULONG Arguments,
3907	/IN/ HARDERROR_RESPONSE_OPTION ResponseOption,
3908	/OUT/ PHARDERROR_RESPONSE Response);
3909
3910	NTOSAPI
3911	NTSTATUS
3912	NTAPI
3913	NtSetDefaultHardErrorPort(
3914	/IN/ HANDLE PortHandle);
3915
3916	NTOSAPI
3917	NTSTATUS
3918	NTAPI
3919	ZwSetDefaultHardErrorPort(
3920	/IN/ HANDLE PortHandle);
3921
3922	NTOSAPI
3923	NTSTATUS
3924	NTAPI
3925	NtDisplayString(
3926	/IN/ PUNICODE_STRING String);
3927
3928	NTOSAPI
3929	NTSTATUS
3930	NTAPI
3931	ZwDisplayString(
3932	/IN/ PUNICODE_STRING String);
3933
3934	NTOSAPI
3935	NTSTATUS
3936	NTAPI
3937	NtCreatePagingFile(
3938	/IN/ PUNICODE_STRING FileName,
3939	/IN/ PULARGE_INTEGER InitialSize,
3940	/IN/ PULARGE_INTEGER MaximumSize,
3941	/IN/ ULONG Reserved);
3942
3943	NTOSAPI
3944	NTSTATUS
3945	NTAPI
3946	ZwCreatePagingFile(
3947	/IN/ PUNICODE_STRING FileName,
3948	/IN/ PULARGE_INTEGER InitialSize,
3949	/IN/ PULARGE_INTEGER MaximumSize,
3950	/IN/ ULONG Reserved);
3951
3952	typedef USHORT RTL_ATOM, *PRTL_ATOM;
3953
3954	NTOSAPI
3955	NTSTATUS
3956	NTAPI
3957	NtAddAtom(
3958	/IN/ PWSTR AtomName,
3959	/IN/ ULONG AtomNameLength,
3960	/OUT/ PRTL_ATOM Atom);
3961
3962	NTOSAPI
3963	NTSTATUS
3964	NTAPI
3965	ZwAddAtom(
3966	/IN/ PWSTR AtomName,
3967	/IN/ ULONG AtomNameLength,
3968	/OUT/ PRTL_ATOM Atom);
3969
3970	NTOSAPI
3971	NTSTATUS
3972	NTAPI
3973	NtFindAtom(
3974	/IN/ PWSTR AtomName,
3975	/IN/ ULONG AtomNameLength,
3976	/OUT/ PRTL_ATOM Atom);
3977
3978	NTOSAPI
3979	NTSTATUS
3980	NTAPI
3981	ZwFindAtom(
3982	/IN/ PWSTR AtomName,
3983	/IN/ ULONG AtomNameLength,
3984	/OUT/ PRTL_ATOM Atom);
3985
3986	NTOSAPI
3987	NTSTATUS
3988	NTAPI
3989	NtDeleteAtom(
3990	/IN/ RTL_ATOM Atom);
3991
3992	NTOSAPI
3993	NTSTATUS
3994	NTAPI
3995	ZwDeleteAtom(
3996	/IN/ RTL_ATOM Atom);
3997
3998	typedef enum _ATOM_INFORMATION_CLASS {
3999	AtomBasicInformation,
4000	AtomListInformation
4001	} ATOM_INFORMATION_CLASS;
4002
4003	NTOSAPI
4004	NTSTATUS
4005	NTAPI
4006	NtQueryInformationAtom(
4007	/IN/ RTL_ATOM Atom,
4008	/IN/ ATOM_INFORMATION_CLASS AtomInformationClass,
4009	/OUT/ PVOID AtomInformation,
4010	/IN/ ULONG AtomInformationLength,
4011	/OUT/ PULONG ReturnLength /OPTIONAL/);
4012
4013	NTOSAPI
4014	NTSTATUS
4015	NTAPI
4016	ZwQueryInformationAtom(
4017	/IN/ RTL_ATOM Atom,
4018	/IN/ ATOM_INFORMATION_CLASS AtomInformationClass,
4019	/OUT/ PVOID AtomInformation,
4020	/IN/ ULONG AtomInformationLength,
4021	/OUT/ PULONG ReturnLength /OPTIONAL/);
4022
4023	typedef struct _ATOM_BASIC_INFORMATION {
4024	USHORT ReferenceCount;
4025	USHORT Pinned;
4026	USHORT NameLength;
4027	WCHAR Name[1];
4028	} ATOM_BASIC_INFORMATION, *PATOM_BASIC_INFORMATION;
4029
4030	typedef struct _ATOM_LIST_INFORMATION {
4031	ULONG NumberOfAtoms;
4032	ATOM Atoms[1];
4033	} ATOM_LIST_INFORMATION, *PATOM_LIST_INFORMATION;
4034
4035	NTOSAPI
4036	NTSTATUS
4037	NTAPI
4038	NtSetLdtEntries(
4039	/IN/ ULONG Selector1,
4040	/IN/ LDT_ENTRY LdtEntry1,
4041	/IN/ ULONG Selector2,
4042	/IN/ LDT_ENTRY LdtEntry2);
4043
4044	NTOSAPI
4045	NTSTATUS
4046	NTAPI
4047	ZwSetLdtEntries(
4048	/IN/ ULONG Selector1,
4049	/IN/ LDT_ENTRY LdtEntry1,
4050	/IN/ ULONG Selector2,
4051	/IN/ LDT_ENTRY LdtEntry2);
4052
4053	NTOSAPI
4054	NTSTATUS
4055	NTAPI
4056	NtVdmControl(
4057	/IN/ ULONG ControlCode,
4058	/IN/ PVOID ControlData);
4059
4060	NTOSAPI
4061	NTSTATUS
4062	NTAPI
4063	ZwVdmControl(
4064	/IN/ ULONG ControlCode,
4065	/IN/ PVOID ControlData);
4066
4067	#pragma pack(pop)
4068
4069	#ifdef __cplusplus
4070	}
4071	#endif
4072
4073	#endif /* __NTAPI_H */

Note: See TracBrowser for help on using the repository browser.

Download in other formats: