2534 lines
51 KiB
C
2534 lines
51 KiB
C
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwDelayExecution (
|
|
IN BOOLEAN Alertable,
|
|
IN PLARGE_INTEGER DelayInterval
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQuerySystemEnvironmentValue (
|
|
IN PUNICODE_STRING VariableName,
|
|
OUT PWSTR VariableValue,
|
|
IN USHORT ValueLength,
|
|
OUT PUSHORT ReturnLength OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetSystemEnvironmentValue (
|
|
IN PUNICODE_STRING VariableName,
|
|
IN PUNICODE_STRING VariableValue
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQuerySystemEnvironmentValueEx (
|
|
IN PUNICODE_STRING VariableName,
|
|
IN LPGUID VendorGuid,
|
|
OUT PVOID Value,
|
|
IN OUT PULONG ValueLength,
|
|
OUT PULONG Attributes OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetSystemEnvironmentValueEx (
|
|
IN PUNICODE_STRING VariableName,
|
|
IN LPGUID VendorGuid,
|
|
IN PVOID Value,
|
|
IN ULONG ValueLength,
|
|
IN ULONG Attributes
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwEnumerateSystemEnvironmentValuesEx (
|
|
IN ULONG InformationClass,
|
|
OUT PVOID Buffer,
|
|
IN OUT PULONG BufferLength
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwAddBootEntry (
|
|
IN PBOOT_ENTRY BootEntry,
|
|
OUT PULONG Id OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwDeleteBootEntry (
|
|
IN ULONG Id
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwModifyBootEntry (
|
|
IN PBOOT_ENTRY BootEntry
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwEnumerateBootEntries (
|
|
OUT PVOID Buffer,
|
|
IN OUT PULONG BufferLength
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryBootEntryOrder (
|
|
OUT PULONG Ids,
|
|
IN OUT PULONG Count
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetBootEntryOrder (
|
|
IN PULONG Ids,
|
|
IN ULONG Count
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryBootOptions (
|
|
OUT PBOOT_OPTIONS BootOptions,
|
|
IN OUT PULONG BootOptionsLength
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetBootOptions (
|
|
IN PBOOT_OPTIONS BootOptions,
|
|
IN ULONG FieldsToChange
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwTranslateFilePath (
|
|
IN PFILE_PATH InputFilePath,
|
|
IN ULONG OutputType,
|
|
OUT PFILE_PATH OutputFilePath,
|
|
IN OUT PULONG OutputFilePathLength
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwClearEvent (
|
|
IN HANDLE EventHandle
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCreateEvent (
|
|
OUT PHANDLE EventHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
|
|
IN EVENT_TYPE EventType,
|
|
IN BOOLEAN InitialState
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwOpenEvent (
|
|
OUT PHANDLE EventHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwPulseEvent (
|
|
IN HANDLE EventHandle,
|
|
OUT PLONG PreviousState OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryEvent (
|
|
IN HANDLE EventHandle,
|
|
IN EVENT_INFORMATION_CLASS EventInformationClass,
|
|
OUT PVOID EventInformation,
|
|
IN ULONG EventInformationLength,
|
|
OUT PULONG ReturnLength OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwResetEvent (
|
|
IN HANDLE EventHandle,
|
|
OUT PLONG PreviousState OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetEvent (
|
|
IN HANDLE EventHandle,
|
|
OUT PLONG PreviousState OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetEventBoostPriority (
|
|
IN HANDLE EventHandle
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCreateEventPair (
|
|
OUT PHANDLE EventPairHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwOpenEventPair(
|
|
OUT PHANDLE EventPairHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwWaitLowEventPair(
|
|
IN HANDLE EventPairHandle
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwWaitHighEventPair(
|
|
IN HANDLE EventPairHandle
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetLowWaitHighEventPair(
|
|
IN HANDLE EventPairHandle
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetHighWaitLowEventPair(
|
|
IN HANDLE EventPairHandle
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetLowEventPair(
|
|
IN HANDLE EventPairHandle
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetHighEventPair(
|
|
IN HANDLE EventPairHandle
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCreateMutant (
|
|
OUT PHANDLE MutantHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
|
|
IN BOOLEAN InitialOwner
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwOpenMutant (
|
|
OUT PHANDLE MutantHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryMutant (
|
|
IN HANDLE MutantHandle,
|
|
IN MUTANT_INFORMATION_CLASS MutantInformationClass,
|
|
OUT PVOID MutantInformation,
|
|
IN ULONG MutantInformationLength,
|
|
OUT PULONG ReturnLength OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwReleaseMutant (
|
|
IN HANDLE MutantHandle,
|
|
OUT PLONG PreviousCount OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCreateSemaphore (
|
|
OUT PHANDLE SemaphoreHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
|
|
IN LONG InitialCount,
|
|
IN LONG MaximumCount
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwOpenSemaphore(
|
|
OUT PHANDLE SemaphoreHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQuerySemaphore (
|
|
IN HANDLE SemaphoreHandle,
|
|
IN SEMAPHORE_INFORMATION_CLASS SemaphoreInformationClass,
|
|
OUT PVOID SemaphoreInformation,
|
|
IN ULONG SemaphoreInformationLength,
|
|
OUT PULONG ReturnLength OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwReleaseSemaphore(
|
|
IN HANDLE SemaphoreHandle,
|
|
IN LONG ReleaseCount,
|
|
OUT PLONG PreviousCount OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCreateTimer (
|
|
OUT PHANDLE TimerHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
|
|
IN TIMER_TYPE TimerType
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwOpenTimer (
|
|
OUT PHANDLE TimerHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCancelTimer (
|
|
IN HANDLE TimerHandle,
|
|
OUT PBOOLEAN CurrentState OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryTimer (
|
|
IN HANDLE TimerHandle,
|
|
IN TIMER_INFORMATION_CLASS TimerInformationClass,
|
|
OUT PVOID TimerInformation,
|
|
IN ULONG TimerInformationLength,
|
|
OUT PULONG ReturnLength OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetTimer (
|
|
IN HANDLE TimerHandle,
|
|
IN PLARGE_INTEGER DueTime,
|
|
IN PTIMER_APC_ROUTINE TimerApcRoutine OPTIONAL,
|
|
IN PVOID TimerContext OPTIONAL,
|
|
IN BOOLEAN ResumeTimer,
|
|
IN LONG Period OPTIONAL,
|
|
OUT PBOOLEAN PreviousState OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQuerySystemTime (
|
|
OUT PLARGE_INTEGER SystemTime
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetSystemTime (
|
|
IN PLARGE_INTEGER SystemTime,
|
|
OUT PLARGE_INTEGER PreviousTime OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryTimerResolution (
|
|
OUT PULONG MaximumTime,
|
|
OUT PULONG MinimumTime,
|
|
OUT PULONG CurrentTime
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetTimerResolution (
|
|
IN ULONG DesiredTime,
|
|
IN BOOLEAN SetResolution,
|
|
OUT PULONG ActualTime
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwAllocateLocallyUniqueId(
|
|
OUT PLUID Luid
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetUuidSeed (
|
|
IN PCHAR Seed
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwAllocateUuids(
|
|
OUT PULARGE_INTEGER Time,
|
|
OUT PULONG Range,
|
|
OUT PULONG Sequence,
|
|
OUT PCHAR Seed
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCreateProfile (
|
|
OUT PHANDLE ProfileHandle,
|
|
IN HANDLE Process OPTIONAL,
|
|
IN PVOID ProfileBase,
|
|
IN SIZE_T ProfileSize,
|
|
IN ULONG BucketSize,
|
|
IN PULONG Buffer,
|
|
IN ULONG BufferSize,
|
|
IN KPROFILE_SOURCE ProfileSource,
|
|
IN KAFFINITY Affinity
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwStartProfile (
|
|
IN HANDLE ProfileHandle
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwStopProfile (
|
|
IN HANDLE ProfileHandle
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetIntervalProfile (
|
|
IN ULONG Interval,
|
|
IN KPROFILE_SOURCE Source
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryIntervalProfile (
|
|
IN KPROFILE_SOURCE ProfileSource,
|
|
OUT PULONG Interval
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryPerformanceCounter (
|
|
OUT PLARGE_INTEGER PerformanceCounter,
|
|
OUT PLARGE_INTEGER PerformanceFrequency OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCreateKeyedEvent (
|
|
OUT PHANDLE KeyedEventHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
|
|
IN ULONG Flags
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwOpenKeyedEvent (
|
|
OUT PHANDLE KeyedEventHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwReleaseKeyedEvent (
|
|
IN HANDLE KeyedEventHandle,
|
|
IN PVOID KeyValue,
|
|
IN BOOLEAN Alertable,
|
|
IN PLARGE_INTEGER Timeout OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwWaitForKeyedEvent (
|
|
IN HANDLE KeyedEventHandle,
|
|
IN PVOID KeyValue,
|
|
IN BOOLEAN Alertable,
|
|
IN PLARGE_INTEGER Timeout OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQuerySystemInformation (
|
|
IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
|
|
OUT PVOID SystemInformation,
|
|
IN ULONG SystemInformationLength,
|
|
OUT PULONG ReturnLength OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetSystemInformation (
|
|
IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
|
|
IN PVOID SystemInformation,
|
|
IN ULONG SystemInformationLength
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSystemDebugControl (
|
|
IN SYSDBG_COMMAND Command,
|
|
IN PVOID InputBuffer,
|
|
IN ULONG InputBufferLength,
|
|
OUT PVOID OutputBuffer,
|
|
IN ULONG OutputBufferLength,
|
|
OUT PULONG ReturnLength
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwRaiseHardError(
|
|
IN NTSTATUS ErrorStatus,
|
|
IN ULONG NumberOfParameters,
|
|
IN ULONG UnicodeStringParameterMask,
|
|
IN PULONG_PTR Parameters,
|
|
IN ULONG ValidResponseOptions,
|
|
OUT PULONG Response
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryDefaultLocale(
|
|
IN BOOLEAN UserProfile,
|
|
OUT PLCID DefaultLocaleId
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetDefaultLocale(
|
|
IN BOOLEAN UserProfile,
|
|
IN LCID DefaultLocaleId
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryInstallUILanguage(
|
|
OUT LANGID *InstallUILanguageId
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryDefaultUILanguage(
|
|
OUT LANGID *DefaultUILanguageId
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetDefaultUILanguage(
|
|
IN LANGID DefaultUILanguageId
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetDefaultHardErrorPort(
|
|
IN HANDLE DefaultHardErrorPort
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwShutdownSystem(
|
|
IN SHUTDOWN_ACTION Action
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwDisplayString(
|
|
IN PUNICODE_STRING String
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwAddAtom(
|
|
IN PWSTR AtomName OPTIONAL,
|
|
IN ULONG Length OPTIONAL,
|
|
OUT PRTL_ATOM Atom OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwFindAtom(
|
|
IN PWSTR AtomName,
|
|
IN ULONG Length,
|
|
OUT PRTL_ATOM Atom OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwDeleteAtom(
|
|
IN RTL_ATOM Atom
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryInformationAtom(
|
|
IN RTL_ATOM Atom,
|
|
IN ATOM_INFORMATION_CLASS AtomInformationClass,
|
|
OUT PVOID AtomInformation,
|
|
IN ULONG AtomInformationLength,
|
|
OUT PULONG ReturnLength OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCancelIoFile(
|
|
IN HANDLE FileHandle,
|
|
OUT PIO_STATUS_BLOCK IoStatusBlock
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCreateNamedPipeFile(
|
|
OUT PHANDLE FileHandle,
|
|
IN ULONG DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes,
|
|
OUT PIO_STATUS_BLOCK IoStatusBlock,
|
|
IN ULONG ShareAccess,
|
|
IN ULONG CreateDisposition,
|
|
IN ULONG CreateOptions,
|
|
IN ULONG NamedPipeType,
|
|
IN ULONG ReadMode,
|
|
IN ULONG CompletionMode,
|
|
IN ULONG MaximumInstances,
|
|
IN ULONG InboundQuota,
|
|
IN ULONG OutboundQuota,
|
|
IN PLARGE_INTEGER DefaultTimeout OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCreateMailslotFile(
|
|
OUT PHANDLE FileHandle,
|
|
IN ULONG DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes,
|
|
OUT PIO_STATUS_BLOCK IoStatusBlock,
|
|
ULONG CreateOptions,
|
|
IN ULONG MailslotQuota,
|
|
IN ULONG MaximumMessageSize,
|
|
IN PLARGE_INTEGER ReadTimeout
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwDeleteFile(
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwFlushBuffersFile(
|
|
IN HANDLE FileHandle,
|
|
OUT PIO_STATUS_BLOCK IoStatusBlock
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwNotifyChangeDirectoryFile(
|
|
IN HANDLE FileHandle,
|
|
IN HANDLE Event OPTIONAL,
|
|
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
|
|
IN PVOID ApcContext OPTIONAL,
|
|
OUT PIO_STATUS_BLOCK IoStatusBlock,
|
|
OUT PVOID Buffer,
|
|
IN ULONG Length,
|
|
IN ULONG CompletionFilter,
|
|
IN BOOLEAN WatchTree
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryAttributesFile(
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes,
|
|
OUT PFILE_BASIC_INFORMATION FileInformation
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryFullAttributesFile(
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes,
|
|
OUT PFILE_NETWORK_OPEN_INFORMATION FileInformation
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryEaFile(
|
|
IN HANDLE FileHandle,
|
|
OUT PIO_STATUS_BLOCK IoStatusBlock,
|
|
OUT PVOID Buffer,
|
|
IN ULONG Length,
|
|
IN BOOLEAN ReturnSingleEntry,
|
|
IN PVOID EaList OPTIONAL,
|
|
IN ULONG EaListLength,
|
|
IN PULONG EaIndex OPTIONAL,
|
|
IN BOOLEAN RestartScan
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCreateFile(
|
|
OUT PHANDLE FileHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes,
|
|
OUT PIO_STATUS_BLOCK IoStatusBlock,
|
|
IN PLARGE_INTEGER AllocationSize OPTIONAL,
|
|
IN ULONG FileAttributes,
|
|
IN ULONG ShareAccess,
|
|
IN ULONG CreateDisposition,
|
|
IN ULONG CreateOptions,
|
|
IN PVOID EaBuffer OPTIONAL,
|
|
IN ULONG EaLength
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwDeviceIoControlFile(
|
|
IN HANDLE FileHandle,
|
|
IN HANDLE Event OPTIONAL,
|
|
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
|
|
IN PVOID ApcContext OPTIONAL,
|
|
OUT PIO_STATUS_BLOCK IoStatusBlock,
|
|
IN ULONG IoControlCode,
|
|
IN PVOID InputBuffer OPTIONAL,
|
|
IN ULONG InputBufferLength,
|
|
OUT PVOID OutputBuffer OPTIONAL,
|
|
IN ULONG OutputBufferLength
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwFsControlFile(
|
|
IN HANDLE FileHandle,
|
|
IN HANDLE Event OPTIONAL,
|
|
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
|
|
IN PVOID ApcContext OPTIONAL,
|
|
OUT PIO_STATUS_BLOCK IoStatusBlock,
|
|
IN ULONG FsControlCode,
|
|
IN PVOID InputBuffer OPTIONAL,
|
|
IN ULONG InputBufferLength,
|
|
OUT PVOID OutputBuffer OPTIONAL,
|
|
IN ULONG OutputBufferLength
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwLockFile(
|
|
IN HANDLE FileHandle,
|
|
IN HANDLE Event OPTIONAL,
|
|
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
|
|
IN PVOID ApcContext OPTIONAL,
|
|
OUT PIO_STATUS_BLOCK IoStatusBlock,
|
|
IN PLARGE_INTEGER ByteOffset,
|
|
IN PLARGE_INTEGER Length,
|
|
IN ULONG Key,
|
|
IN BOOLEAN FailImmediately,
|
|
IN BOOLEAN ExclusiveLock
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwOpenFile(
|
|
OUT PHANDLE FileHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes,
|
|
OUT PIO_STATUS_BLOCK IoStatusBlock,
|
|
IN ULONG ShareAccess,
|
|
IN ULONG OpenOptions
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryDirectoryFile(
|
|
IN HANDLE FileHandle,
|
|
IN HANDLE Event OPTIONAL,
|
|
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
|
|
IN PVOID ApcContext OPTIONAL,
|
|
OUT PIO_STATUS_BLOCK IoStatusBlock,
|
|
OUT PVOID FileInformation,
|
|
IN ULONG Length,
|
|
IN FILE_INFORMATION_CLASS FileInformationClass,
|
|
IN BOOLEAN ReturnSingleEntry,
|
|
IN PUNICODE_STRING FileName OPTIONAL,
|
|
IN BOOLEAN RestartScan
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryInformationFile(
|
|
IN HANDLE FileHandle,
|
|
OUT PIO_STATUS_BLOCK IoStatusBlock,
|
|
OUT PVOID FileInformation,
|
|
IN ULONG Length,
|
|
IN FILE_INFORMATION_CLASS FileInformationClass
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryQuotaInformationFile(
|
|
IN HANDLE FileHandle,
|
|
OUT PIO_STATUS_BLOCK IoStatusBlock,
|
|
OUT PVOID Buffer,
|
|
IN ULONG Length,
|
|
IN BOOLEAN ReturnSingleEntry,
|
|
IN PVOID SidList OPTIONAL,
|
|
IN ULONG SidListLength,
|
|
IN PSID StartSid OPTIONAL,
|
|
IN BOOLEAN RestartScan
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryVolumeInformationFile(
|
|
IN HANDLE FileHandle,
|
|
OUT PIO_STATUS_BLOCK IoStatusBlock,
|
|
OUT PVOID FsInformation,
|
|
IN ULONG Length,
|
|
IN FS_INFORMATION_CLASS FsInformationClass
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwReadFile(
|
|
IN HANDLE FileHandle,
|
|
IN HANDLE Event OPTIONAL,
|
|
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
|
|
IN PVOID ApcContext OPTIONAL,
|
|
OUT PIO_STATUS_BLOCK IoStatusBlock,
|
|
OUT PVOID Buffer,
|
|
IN ULONG Length,
|
|
IN PLARGE_INTEGER ByteOffset OPTIONAL,
|
|
IN PULONG Key OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetInformationFile(
|
|
IN HANDLE FileHandle,
|
|
OUT PIO_STATUS_BLOCK IoStatusBlock,
|
|
IN PVOID FileInformation,
|
|
IN ULONG Length,
|
|
IN FILE_INFORMATION_CLASS FileInformationClass
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetQuotaInformationFile(
|
|
IN HANDLE FileHandle,
|
|
OUT PIO_STATUS_BLOCK IoStatusBlock,
|
|
IN PVOID Buffer,
|
|
IN ULONG Length
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetVolumeInformationFile(
|
|
IN HANDLE FileHandle,
|
|
OUT PIO_STATUS_BLOCK IoStatusBlock,
|
|
IN PVOID FsInformation,
|
|
IN ULONG Length,
|
|
IN FS_INFORMATION_CLASS FsInformationClass
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwWriteFile(
|
|
IN HANDLE FileHandle,
|
|
IN HANDLE Event OPTIONAL,
|
|
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
|
|
IN PVOID ApcContext OPTIONAL,
|
|
OUT PIO_STATUS_BLOCK IoStatusBlock,
|
|
IN PVOID Buffer,
|
|
IN ULONG Length,
|
|
IN PLARGE_INTEGER ByteOffset OPTIONAL,
|
|
IN PULONG Key OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwUnlockFile(
|
|
IN HANDLE FileHandle,
|
|
OUT PIO_STATUS_BLOCK IoStatusBlock,
|
|
IN PLARGE_INTEGER ByteOffset,
|
|
IN PLARGE_INTEGER Length,
|
|
IN ULONG Key
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwReadFile64(
|
|
IN HANDLE FileHandle,
|
|
IN HANDLE Event OPTIONAL,
|
|
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
|
|
IN PVOID ApcContext OPTIONAL,
|
|
OUT PIO_STATUS_BLOCK IoStatusBlock,
|
|
OUT PVOID64 *Buffer,
|
|
IN ULONG Length,
|
|
IN PLARGE_INTEGER ByteOffset OPTIONAL,
|
|
IN PULONG Key OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwReadFileScatter(
|
|
IN HANDLE FileHandle,
|
|
IN HANDLE Event OPTIONAL,
|
|
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
|
|
IN PVOID ApcContext OPTIONAL,
|
|
OUT PIO_STATUS_BLOCK IoStatusBlock,
|
|
IN PFILE_SEGMENT_ELEMENT SegmentArray,
|
|
IN ULONG Length,
|
|
IN PLARGE_INTEGER ByteOffset OPTIONAL,
|
|
IN PULONG Key OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetEaFile(
|
|
IN HANDLE FileHandle,
|
|
OUT PIO_STATUS_BLOCK IoStatusBlock,
|
|
IN PVOID Buffer,
|
|
IN ULONG Length
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwWriteFile64(
|
|
IN HANDLE FileHandle,
|
|
IN HANDLE Event OPTIONAL,
|
|
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
|
|
IN PVOID ApcContext OPTIONAL,
|
|
OUT PIO_STATUS_BLOCK IoStatusBlock,
|
|
IN PVOID64 *Buffer,
|
|
IN ULONG Length,
|
|
IN PLARGE_INTEGER ByteOffset OPTIONAL,
|
|
IN PULONG Key OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwWriteFileGather(
|
|
IN HANDLE FileHandle,
|
|
IN HANDLE Event OPTIONAL,
|
|
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
|
|
IN PVOID ApcContext OPTIONAL,
|
|
OUT PIO_STATUS_BLOCK IoStatusBlock,
|
|
IN PFILE_SEGMENT_ELEMENT SegmentArray,
|
|
IN ULONG Length,
|
|
IN PLARGE_INTEGER ByteOffset OPTIONAL,
|
|
IN PULONG Key OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwLoadDriver(
|
|
IN PUNICODE_STRING DriverServiceName
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwUnloadDriver(
|
|
IN PUNICODE_STRING DriverServiceName
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCreateIoCompletion (
|
|
OUT PHANDLE IoCompletionHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
|
|
IN ULONG Count OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwOpenIoCompletion (
|
|
OUT PHANDLE IoCompletionHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryIoCompletion (
|
|
IN HANDLE IoCompletionHandle,
|
|
IN IO_COMPLETION_INFORMATION_CLASS IoCompletionInformationClass,
|
|
OUT PVOID IoCompletionInformation,
|
|
IN ULONG IoCompletionInformationLength,
|
|
OUT PULONG ReturnLength OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetIoCompletion (
|
|
IN HANDLE IoCompletionHandle,
|
|
IN PVOID KeyContext,
|
|
IN PVOID ApcContext,
|
|
IN NTSTATUS IoStatus,
|
|
IN ULONG_PTR IoStatusInformation
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwRemoveIoCompletion (
|
|
IN HANDLE IoCompletionHandle,
|
|
OUT PVOID *KeyContext,
|
|
OUT PVOID *ApcContext,
|
|
OUT PIO_STATUS_BLOCK IoStatusBlock,
|
|
IN PLARGE_INTEGER Timeout
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCallbackReturn (
|
|
IN PVOID OutputBuffer OPTIONAL,
|
|
IN ULONG OutputLength,
|
|
IN NTSTATUS Status
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryDebugFilterState (
|
|
IN ULONG ComponentId,
|
|
IN ULONG Level
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetDebugFilterState (
|
|
IN ULONG ComponentId,
|
|
IN ULONG Level,
|
|
IN BOOLEAN State
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwW32Call (
|
|
IN ULONG ApiNumber,
|
|
IN PVOID InputBuffer,
|
|
IN ULONG InputLength,
|
|
OUT PVOID *OutputBuffer,
|
|
OUT PULONG OutputLength
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwYieldExecution (
|
|
VOID
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCreatePort(
|
|
OUT PHANDLE PortHandle,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes,
|
|
IN ULONG MaxConnectionInfoLength,
|
|
IN ULONG MaxMessageLength,
|
|
IN ULONG MaxPoolUsage
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCreateWaitablePort(
|
|
OUT PHANDLE PortHandle,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes,
|
|
IN ULONG MaxConnectionInfoLength,
|
|
IN ULONG MaxMessageLength,
|
|
IN ULONG MaxPoolUsage
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwConnectPort(
|
|
OUT PHANDLE PortHandle,
|
|
IN PUNICODE_STRING PortName,
|
|
IN PSECURITY_QUALITY_OF_SERVICE SecurityQos,
|
|
IN OUT PPORT_VIEW ClientView OPTIONAL,
|
|
IN OUT PREMOTE_PORT_VIEW ServerView OPTIONAL,
|
|
OUT PULONG MaxMessageLength OPTIONAL,
|
|
IN OUT PVOID ConnectionInformation OPTIONAL,
|
|
IN OUT PULONG ConnectionInformationLength OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSecureConnectPort(
|
|
OUT PHANDLE PortHandle,
|
|
IN PUNICODE_STRING PortName,
|
|
IN PSECURITY_QUALITY_OF_SERVICE SecurityQos,
|
|
IN OUT PPORT_VIEW ClientView OPTIONAL,
|
|
IN PSID RequiredServerSid,
|
|
IN OUT PREMOTE_PORT_VIEW ServerView OPTIONAL,
|
|
OUT PULONG MaxMessageLength OPTIONAL,
|
|
IN OUT PVOID ConnectionInformation OPTIONAL,
|
|
IN OUT PULONG ConnectionInformationLength OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwListenPort(
|
|
IN HANDLE PortHandle,
|
|
OUT PPORT_MESSAGE ConnectionRequest
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwAcceptConnectPort(
|
|
OUT PHANDLE PortHandle,
|
|
IN PVOID PortContext,
|
|
IN PPORT_MESSAGE ConnectionRequest,
|
|
IN BOOLEAN AcceptConnection,
|
|
IN OUT PPORT_VIEW ServerView OPTIONAL,
|
|
OUT PREMOTE_PORT_VIEW ClientView OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCompleteConnectPort(
|
|
IN HANDLE PortHandle
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwRequestPort(
|
|
IN HANDLE PortHandle,
|
|
IN PPORT_MESSAGE RequestMessage
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwRequestWaitReplyPort(
|
|
IN HANDLE PortHandle,
|
|
IN PPORT_MESSAGE RequestMessage,
|
|
OUT PPORT_MESSAGE ReplyMessage
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwReplyPort(
|
|
IN HANDLE PortHandle,
|
|
IN PPORT_MESSAGE ReplyMessage
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwReplyWaitReplyPort(
|
|
IN HANDLE PortHandle,
|
|
IN OUT PPORT_MESSAGE ReplyMessage
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwReplyWaitReceivePort(
|
|
IN HANDLE PortHandle,
|
|
OUT PVOID *PortContext OPTIONAL,
|
|
IN PPORT_MESSAGE ReplyMessage OPTIONAL,
|
|
OUT PPORT_MESSAGE ReceiveMessage
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwReplyWaitReceivePortEx(
|
|
IN HANDLE PortHandle,
|
|
OUT PVOID *PortContext OPTIONAL,
|
|
IN PPORT_MESSAGE ReplyMessage OPTIONAL,
|
|
OUT PPORT_MESSAGE ReceiveMessage,
|
|
IN PLARGE_INTEGER Timeout OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwImpersonateClientOfPort(
|
|
IN HANDLE PortHandle,
|
|
IN PPORT_MESSAGE Message
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwReadRequestData(
|
|
IN HANDLE PortHandle,
|
|
IN PPORT_MESSAGE Message,
|
|
IN ULONG DataEntryIndex,
|
|
OUT PVOID Buffer,
|
|
IN SIZE_T BufferSize,
|
|
OUT PSIZE_T NumberOfBytesRead OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwWriteRequestData(
|
|
IN HANDLE PortHandle,
|
|
IN PPORT_MESSAGE Message,
|
|
IN ULONG DataEntryIndex,
|
|
IN PVOID Buffer,
|
|
IN SIZE_T BufferSize,
|
|
OUT PSIZE_T NumberOfBytesWritten OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryInformationPort(
|
|
IN HANDLE PortHandle,
|
|
IN PORT_INFORMATION_CLASS PortInformationClass,
|
|
OUT PVOID PortInformation,
|
|
IN ULONG Length,
|
|
OUT PULONG ReturnLength OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCreateSection (
|
|
OUT PHANDLE SectionHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
|
|
IN PLARGE_INTEGER MaximumSize OPTIONAL,
|
|
IN ULONG SectionPageProtection,
|
|
IN ULONG AllocationAttributes,
|
|
IN HANDLE FileHandle OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwOpenSection(
|
|
OUT PHANDLE SectionHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwMapViewOfSection(
|
|
IN HANDLE SectionHandle,
|
|
IN HANDLE ProcessHandle,
|
|
IN OUT PVOID *BaseAddress,
|
|
IN ULONG_PTR ZeroBits,
|
|
IN SIZE_T CommitSize,
|
|
IN OUT PLARGE_INTEGER SectionOffset OPTIONAL,
|
|
IN OUT PSIZE_T ViewSize,
|
|
IN SECTION_INHERIT InheritDisposition,
|
|
IN ULONG AllocationType,
|
|
IN ULONG Protect
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwUnmapViewOfSection(
|
|
IN HANDLE ProcessHandle,
|
|
IN PVOID BaseAddress
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwExtendSection(
|
|
IN HANDLE SectionHandle,
|
|
IN OUT PLARGE_INTEGER NewSectionSize
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwAreMappedFilesTheSame (
|
|
IN PVOID File1MappedAsAnImage,
|
|
IN PVOID File2MappedAsFile
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwAllocateVirtualMemory(
|
|
IN HANDLE ProcessHandle,
|
|
IN OUT PVOID *BaseAddress,
|
|
IN ULONG_PTR ZeroBits,
|
|
IN OUT PSIZE_T RegionSize,
|
|
IN ULONG AllocationType,
|
|
IN ULONG Protect
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwFreeVirtualMemory(
|
|
IN HANDLE ProcessHandle,
|
|
IN OUT PVOID *BaseAddress,
|
|
IN OUT PSIZE_T RegionSize,
|
|
IN ULONG FreeType
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwReadVirtualMemory(
|
|
IN HANDLE ProcessHandle,
|
|
IN PVOID BaseAddress,
|
|
OUT PVOID Buffer,
|
|
IN SIZE_T BufferSize,
|
|
OUT PSIZE_T NumberOfBytesRead OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwWriteVirtualMemory(
|
|
IN HANDLE ProcessHandle,
|
|
OUT PVOID BaseAddress,
|
|
IN CONST VOID *Buffer,
|
|
IN SIZE_T BufferSize,
|
|
OUT PSIZE_T NumberOfBytesWritten OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwFlushVirtualMemory(
|
|
IN HANDLE ProcessHandle,
|
|
IN OUT PVOID *BaseAddress,
|
|
IN OUT PSIZE_T RegionSize,
|
|
OUT PIO_STATUS_BLOCK IoStatus
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwLockVirtualMemory(
|
|
IN HANDLE ProcessHandle,
|
|
IN OUT PVOID *BaseAddress,
|
|
IN OUT PSIZE_T RegionSize,
|
|
IN ULONG MapType
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwUnlockVirtualMemory(
|
|
IN HANDLE ProcessHandle,
|
|
IN OUT PVOID *BaseAddress,
|
|
IN OUT PSIZE_T RegionSize,
|
|
IN ULONG MapType
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwProtectVirtualMemory(
|
|
IN HANDLE ProcessHandle,
|
|
IN OUT PVOID *BaseAddress,
|
|
IN OUT PSIZE_T RegionSize,
|
|
IN ULONG NewProtect,
|
|
OUT PULONG OldProtect
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryVirtualMemory(
|
|
IN HANDLE ProcessHandle,
|
|
IN PVOID BaseAddress,
|
|
IN MEMORY_INFORMATION_CLASS MemoryInformationClass,
|
|
OUT PVOID MemoryInformation,
|
|
IN SIZE_T MemoryInformationLength,
|
|
OUT PSIZE_T ReturnLength OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQuerySection(
|
|
IN HANDLE SectionHandle,
|
|
IN SECTION_INFORMATION_CLASS SectionInformationClass,
|
|
OUT PVOID SectionInformation,
|
|
IN SIZE_T SectionInformationLength,
|
|
OUT PSIZE_T ReturnLength OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwMapUserPhysicalPages(
|
|
IN PVOID VirtualAddress,
|
|
IN OUT ULONG_PTR NumberOfPages,
|
|
IN OUT PULONG_PTR UserPfnArray OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwMapUserPhysicalPagesScatter(
|
|
IN PVOID *VirtualAddresses,
|
|
IN OUT ULONG_PTR NumberOfPages,
|
|
IN OUT PULONG_PTR UserPfnArray OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwAllocateUserPhysicalPages(
|
|
IN HANDLE ProcessHandle,
|
|
IN OUT PULONG_PTR NumberOfPages,
|
|
OUT PULONG_PTR UserPfnArray
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwFreeUserPhysicalPages(
|
|
IN HANDLE ProcessHandle,
|
|
IN OUT PULONG_PTR NumberOfPages,
|
|
IN PULONG_PTR UserPfnArray
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwGetWriteWatch (
|
|
IN HANDLE ProcessHandle,
|
|
IN ULONG Flags,
|
|
IN PVOID BaseAddress,
|
|
IN SIZE_T RegionSize,
|
|
IN OUT PVOID *UserAddressArray,
|
|
IN OUT PULONG_PTR EntriesInUserAddressArray,
|
|
OUT PULONG Granularity
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwResetWriteWatch (
|
|
IN HANDLE ProcessHandle,
|
|
IN PVOID BaseAddress,
|
|
IN SIZE_T RegionSize
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCreatePagingFile (
|
|
IN PUNICODE_STRING PageFileName,
|
|
IN PLARGE_INTEGER MinimumSize,
|
|
IN PLARGE_INTEGER MaximumSize,
|
|
IN ULONG Priority OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwFlushInstructionCache (
|
|
IN HANDLE ProcessHandle,
|
|
IN PVOID BaseAddress OPTIONAL,
|
|
IN SIZE_T Length
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwFlushWriteBuffer (
|
|
VOID
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryObject(
|
|
IN HANDLE Handle,
|
|
IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
|
|
OUT PVOID ObjectInformation,
|
|
IN ULONG Length,
|
|
OUT PULONG ReturnLength OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetInformationObject(
|
|
IN HANDLE Handle,
|
|
IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
|
|
IN PVOID ObjectInformation,
|
|
IN ULONG ObjectInformationLength
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwDuplicateObject(
|
|
IN HANDLE SourceProcessHandle,
|
|
IN HANDLE SourceHandle,
|
|
IN HANDLE TargetProcessHandle OPTIONAL,
|
|
OUT PHANDLE TargetHandle OPTIONAL,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN ULONG HandleAttributes,
|
|
IN ULONG Options
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwMakeTemporaryObject(
|
|
IN HANDLE Handle
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwMakePermanentObject(
|
|
IN HANDLE Handle
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSignalAndWaitForSingleObject(
|
|
IN HANDLE SignalHandle,
|
|
IN HANDLE WaitHandle,
|
|
IN BOOLEAN Alertable,
|
|
IN PLARGE_INTEGER Timeout OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwWaitForSingleObject(
|
|
IN HANDLE Handle,
|
|
IN BOOLEAN Alertable,
|
|
IN PLARGE_INTEGER Timeout OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwWaitForMultipleObjects(
|
|
IN ULONG Count,
|
|
IN HANDLE Handles[],
|
|
IN WAIT_TYPE WaitType,
|
|
IN BOOLEAN Alertable,
|
|
IN PLARGE_INTEGER Timeout OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetSecurityObject(
|
|
IN HANDLE Handle,
|
|
IN SECURITY_INFORMATION SecurityInformation,
|
|
IN PSECURITY_DESCRIPTOR SecurityDescriptor
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQuerySecurityObject(
|
|
IN HANDLE Handle,
|
|
IN SECURITY_INFORMATION SecurityInformation,
|
|
OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
IN ULONG Length,
|
|
OUT PULONG LengthNeeded
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwClose(
|
|
IN HANDLE Handle
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCreateDirectoryObject(
|
|
OUT PHANDLE DirectoryHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwOpenDirectoryObject(
|
|
OUT PHANDLE DirectoryHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryDirectoryObject(
|
|
IN HANDLE DirectoryHandle,
|
|
OUT PVOID Buffer,
|
|
IN ULONG Length,
|
|
IN BOOLEAN ReturnSingleEntry,
|
|
IN BOOLEAN RestartScan,
|
|
IN OUT PULONG Context,
|
|
OUT PULONG ReturnLength OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCreateSymbolicLinkObject(
|
|
OUT PHANDLE LinkHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes,
|
|
IN PUNICODE_STRING LinkTarget
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwOpenSymbolicLinkObject(
|
|
OUT PHANDLE LinkHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQuerySymbolicLinkObject(
|
|
IN HANDLE LinkHandle,
|
|
IN OUT PUNICODE_STRING LinkTarget,
|
|
OUT PULONG ReturnedLength OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwGetPlugPlayEvent(
|
|
IN HANDLE EventHandle,
|
|
IN PVOID Context OPTIONAL,
|
|
OUT PPLUGPLAY_EVENT_BLOCK EventBlock,
|
|
IN ULONG EventBufferLength
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwPlugPlayControl(
|
|
IN PLUGPLAY_CONTROL_CLASS PnPControlClass,
|
|
IN OUT PVOID PnPControlData,
|
|
IN ULONG PnPControlDataLength
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwPowerInformation(
|
|
IN POWER_INFORMATION_LEVEL InformationLevel,
|
|
IN PVOID InputBuffer OPTIONAL,
|
|
IN ULONG InputBufferLength,
|
|
OUT PVOID OutputBuffer OPTIONAL,
|
|
IN ULONG OutputBufferLength
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetThreadExecutionState(
|
|
IN EXECUTION_STATE esFlags, // ES_xxx flags
|
|
OUT EXECUTION_STATE *PreviousFlags
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwRequestWakeupLatency(
|
|
IN LATENCY_TIME latency
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwInitiatePowerAction(
|
|
IN POWER_ACTION SystemAction,
|
|
IN SYSTEM_POWER_STATE MinSystemState,
|
|
IN ULONG Flags, // POWER_ACTION_xxx flags
|
|
IN BOOLEAN Asynchronous
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetSystemPowerState(
|
|
IN POWER_ACTION SystemAction,
|
|
IN SYSTEM_POWER_STATE MinSystemState,
|
|
IN ULONG Flags // POWER_ACTION_xxx flags
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwGetDevicePowerState(
|
|
IN HANDLE Device,
|
|
OUT DEVICE_POWER_STATE *State
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCancelDeviceWakeupRequest(
|
|
IN HANDLE Device
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwRequestDeviceWakeup(
|
|
IN HANDLE Device
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCreateProcess(
|
|
OUT PHANDLE ProcessHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
|
|
IN HANDLE ParentProcess,
|
|
IN BOOLEAN InheritObjectTable,
|
|
IN HANDLE SectionHandle OPTIONAL,
|
|
IN HANDLE DebugPort OPTIONAL,
|
|
IN HANDLE ExceptionPort OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCreateProcessEx(
|
|
OUT PHANDLE ProcessHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
|
|
IN HANDLE ParentProcess,
|
|
IN ULONG Flags,
|
|
IN HANDLE SectionHandle OPTIONAL,
|
|
IN HANDLE DebugPort OPTIONAL,
|
|
IN HANDLE ExceptionPort OPTIONAL,
|
|
IN ULONG JobMemberLevel
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwOpenProcess (
|
|
OUT PHANDLE ProcessHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes,
|
|
IN PCLIENT_ID ClientId OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwTerminateProcess(
|
|
IN HANDLE ProcessHandle OPTIONAL,
|
|
IN NTSTATUS ExitStatus
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryInformationProcess(
|
|
IN HANDLE ProcessHandle,
|
|
IN PROCESSINFOCLASS ProcessInformationClass,
|
|
OUT PVOID ProcessInformation,
|
|
IN ULONG ProcessInformationLength,
|
|
OUT PULONG ReturnLength OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryPortInformationProcess(
|
|
VOID
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetInformationProcess(
|
|
IN HANDLE ProcessHandle,
|
|
IN PROCESSINFOCLASS ProcessInformationClass,
|
|
IN PVOID ProcessInformation,
|
|
IN ULONG ProcessInformationLength
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCreateThread(
|
|
OUT PHANDLE ThreadHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
|
|
IN HANDLE ProcessHandle,
|
|
OUT PCLIENT_ID ClientId,
|
|
IN PCONTEXT ThreadContext,
|
|
IN PINITIAL_TEB InitialTeb,
|
|
IN BOOLEAN CreateSuspended
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwOpenThread (
|
|
OUT PHANDLE ThreadHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes,
|
|
IN PCLIENT_ID ClientId OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwTerminateThread(
|
|
IN HANDLE ThreadHandle OPTIONAL,
|
|
IN NTSTATUS ExitStatus
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSuspendThread(
|
|
IN HANDLE ThreadHandle,
|
|
OUT PULONG PreviousSuspendCount OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwResumeThread(
|
|
IN HANDLE ThreadHandle,
|
|
OUT PULONG PreviousSuspendCount OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSuspendProcess (
|
|
IN HANDLE ProcessHandle
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwResumeProcess (
|
|
IN HANDLE ProcessHandle
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwGetContextThread(
|
|
IN HANDLE ThreadHandle,
|
|
IN OUT PCONTEXT ThreadContext
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetContextThread(
|
|
IN HANDLE ThreadHandle,
|
|
IN PCONTEXT ThreadContext
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryInformationThread(
|
|
IN HANDLE ThreadHandle,
|
|
IN THREADINFOCLASS ThreadInformationClass,
|
|
OUT PVOID ThreadInformation,
|
|
IN ULONG ThreadInformationLength,
|
|
OUT PULONG ReturnLength OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetInformationThread(
|
|
IN HANDLE ThreadHandle,
|
|
IN THREADINFOCLASS ThreadInformationClass,
|
|
IN PVOID ThreadInformation,
|
|
IN ULONG ThreadInformationLength
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwAlertThread(
|
|
IN HANDLE ThreadHandle
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwAlertResumeThread(
|
|
IN HANDLE ThreadHandle,
|
|
OUT PULONG PreviousSuspendCount OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwImpersonateThread(
|
|
IN HANDLE ServerThreadHandle,
|
|
IN HANDLE ClientThreadHandle,
|
|
IN PSECURITY_QUALITY_OF_SERVICE SecurityQos
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwTestAlert(
|
|
VOID
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwRegisterThreadTerminatePort(
|
|
IN HANDLE PortHandle
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetLdtEntries(
|
|
IN ULONG Selector0,
|
|
IN ULONG Entry0Low,
|
|
IN ULONG Entry0Hi,
|
|
IN ULONG Selector1,
|
|
IN ULONG Entry1Low,
|
|
IN ULONG Entry1High
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueueApcThread(
|
|
IN HANDLE ThreadHandle,
|
|
IN PPS_APC_ROUTINE ApcRoutine,
|
|
IN PVOID ApcArgument1,
|
|
IN PVOID ApcArgument2,
|
|
IN PVOID ApcArgument3
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCreateJobObject (
|
|
OUT PHANDLE JobHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwOpenJobObject(
|
|
OUT PHANDLE JobHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwAssignProcessToJobObject(
|
|
IN HANDLE JobHandle,
|
|
IN HANDLE ProcessHandle
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwTerminateJobObject(
|
|
IN HANDLE JobHandle,
|
|
IN NTSTATUS ExitStatus
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwIsProcessInJob (
|
|
IN HANDLE ProcessHandle,
|
|
IN HANDLE JobHandle
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCreateJobSet (
|
|
IN ULONG NumJob,
|
|
IN PJOB_SET_ARRAY UserJobSet,
|
|
IN ULONG Flags);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryInformationJobObject(
|
|
IN HANDLE JobHandle,
|
|
IN JOBOBJECTINFOCLASS JobObjectInformationClass,
|
|
OUT PVOID JobObjectInformation,
|
|
IN ULONG JobObjectInformationLength,
|
|
OUT PULONG ReturnLength OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetInformationJobObject(
|
|
IN HANDLE JobHandle,
|
|
IN JOBOBJECTINFOCLASS JobObjectInformationClass,
|
|
IN PVOID JobObjectInformation,
|
|
IN ULONG JobObjectInformationLength
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCreateKey(
|
|
OUT PHANDLE KeyHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes,
|
|
IN ULONG TitleIndex,
|
|
IN PUNICODE_STRING Class OPTIONAL,
|
|
IN ULONG CreateOptions,
|
|
OUT PULONG Disposition OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwDeleteKey(
|
|
IN HANDLE KeyHandle
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwDeleteValueKey(
|
|
IN HANDLE KeyHandle,
|
|
IN PUNICODE_STRING ValueName
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwEnumerateKey(
|
|
IN HANDLE KeyHandle,
|
|
IN ULONG Index,
|
|
IN KEY_INFORMATION_CLASS KeyInformationClass,
|
|
OUT PVOID KeyInformation,
|
|
IN ULONG Length,
|
|
OUT PULONG ResultLength
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwEnumerateValueKey(
|
|
IN HANDLE KeyHandle,
|
|
IN ULONG Index,
|
|
IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass,
|
|
OUT PVOID KeyValueInformation,
|
|
IN ULONG Length,
|
|
OUT PULONG ResultLength
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwFlushKey(
|
|
IN HANDLE KeyHandle
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwInitializeRegistry(
|
|
IN USHORT BootCondition
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwNotifyChangeKey(
|
|
IN HANDLE KeyHandle,
|
|
IN HANDLE Event OPTIONAL,
|
|
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
|
|
IN PVOID ApcContext OPTIONAL,
|
|
OUT PIO_STATUS_BLOCK IoStatusBlock,
|
|
IN ULONG CompletionFilter,
|
|
IN BOOLEAN WatchTree,
|
|
OUT PVOID Buffer,
|
|
IN ULONG BufferSize,
|
|
IN BOOLEAN Asynchronous
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwNotifyChangeMultipleKeys(
|
|
IN HANDLE MasterKeyHandle,
|
|
IN ULONG Count,
|
|
IN OBJECT_ATTRIBUTES SlaveObjects[],
|
|
IN HANDLE Event OPTIONAL,
|
|
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
|
|
IN PVOID ApcContext OPTIONAL,
|
|
OUT PIO_STATUS_BLOCK IoStatusBlock,
|
|
IN ULONG CompletionFilter,
|
|
IN BOOLEAN WatchTree,
|
|
OUT PVOID Buffer,
|
|
IN ULONG BufferSize,
|
|
IN BOOLEAN Asynchronous
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwLoadKey(
|
|
IN POBJECT_ATTRIBUTES TargetKey,
|
|
IN POBJECT_ATTRIBUTES SourceFile
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwLoadKey2(
|
|
IN POBJECT_ATTRIBUTES TargetKey,
|
|
IN POBJECT_ATTRIBUTES SourceFile,
|
|
IN ULONG Flags
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwOpenKey(
|
|
OUT PHANDLE KeyHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryKey(
|
|
IN HANDLE KeyHandle,
|
|
IN KEY_INFORMATION_CLASS KeyInformationClass,
|
|
OUT PVOID KeyInformation,
|
|
IN ULONG Length,
|
|
OUT PULONG ResultLength
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryValueKey(
|
|
IN HANDLE KeyHandle,
|
|
IN PUNICODE_STRING ValueName,
|
|
IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass,
|
|
OUT PVOID KeyValueInformation,
|
|
IN ULONG Length,
|
|
OUT PULONG ResultLength
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryMultipleValueKey(
|
|
IN HANDLE KeyHandle,
|
|
IN OUT PKEY_VALUE_ENTRY ValueEntries,
|
|
IN ULONG EntryCount,
|
|
OUT PVOID ValueBuffer,
|
|
IN OUT PULONG BufferLength,
|
|
OUT OPTIONAL PULONG RequiredBufferLength
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwReplaceKey(
|
|
IN POBJECT_ATTRIBUTES NewFile,
|
|
IN HANDLE TargetHandle,
|
|
IN POBJECT_ATTRIBUTES OldFile
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwRenameKey(
|
|
IN HANDLE KeyHandle,
|
|
IN PUNICODE_STRING NewName
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCompactKeys(
|
|
IN ULONG Count,
|
|
IN HANDLE KeyArray[]
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCompressKey(
|
|
IN HANDLE Key
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwRestoreKey(
|
|
IN HANDLE KeyHandle,
|
|
IN HANDLE FileHandle,
|
|
IN ULONG Flags
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSaveKey(
|
|
IN HANDLE KeyHandle,
|
|
IN HANDLE FileHandle
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSaveKeyEx(
|
|
IN HANDLE KeyHandle,
|
|
IN HANDLE FileHandle,
|
|
IN ULONG Format
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSaveMergedKeys(
|
|
IN HANDLE HighPrecedenceKeyHandle,
|
|
IN HANDLE LowPrecedenceKeyHandle,
|
|
IN HANDLE FileHandle
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetValueKey(
|
|
IN HANDLE KeyHandle,
|
|
IN PUNICODE_STRING ValueName,
|
|
IN ULONG TitleIndex OPTIONAL,
|
|
IN ULONG Type,
|
|
IN PVOID Data,
|
|
IN ULONG DataSize
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwUnloadKey(
|
|
IN POBJECT_ATTRIBUTES TargetKey
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwUnloadKeyEx(
|
|
IN POBJECT_ATTRIBUTES TargetKey,
|
|
IN HANDLE Event OPTIONAL
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetInformationKey(
|
|
IN HANDLE KeyHandle,
|
|
IN KEY_SET_INFORMATION_CLASS KeySetInformationClass,
|
|
IN PVOID KeySetInformation,
|
|
IN ULONG KeySetInformationLength
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryOpenSubKeys(
|
|
IN POBJECT_ATTRIBUTES TargetKey,
|
|
OUT PULONG HandleCount
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwLockRegistryKey(
|
|
IN HANDLE KeyHandle
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwLockProductActivationKeys(
|
|
ULONG *pPrivateVer,
|
|
ULONG *pIsSafeMode
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwAccessCheck (
|
|
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
IN HANDLE ClientToken,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN PGENERIC_MAPPING GenericMapping,
|
|
OUT PPRIVILEGE_SET PrivilegeSet,
|
|
IN OUT PULONG PrivilegeSetLength,
|
|
OUT PACCESS_MASK GrantedAccess,
|
|
OUT PNTSTATUS AccessStatus
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwAccessCheckByType (
|
|
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
IN PSID PrincipalSelfSid,
|
|
IN HANDLE ClientToken,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_TYPE_LIST ObjectTypeList,
|
|
IN ULONG ObjectTypeListLength,
|
|
IN PGENERIC_MAPPING GenericMapping,
|
|
OUT PPRIVILEGE_SET PrivilegeSet,
|
|
IN OUT PULONG PrivilegeSetLength,
|
|
OUT PACCESS_MASK GrantedAccess,
|
|
OUT PNTSTATUS AccessStatus
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwAccessCheckByTypeResultList (
|
|
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
IN PSID PrincipalSelfSid,
|
|
IN HANDLE ClientToken,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_TYPE_LIST ObjectTypeList,
|
|
IN ULONG ObjectTypeListLength,
|
|
IN PGENERIC_MAPPING GenericMapping,
|
|
OUT PPRIVILEGE_SET PrivilegeSet,
|
|
IN OUT PULONG PrivilegeSetLength,
|
|
OUT PACCESS_MASK GrantedAccess,
|
|
OUT PNTSTATUS AccessStatus
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCreateToken(
|
|
OUT PHANDLE TokenHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
|
|
IN TOKEN_TYPE TokenType,
|
|
IN PLUID AuthenticationId,
|
|
IN PLARGE_INTEGER ExpirationTime,
|
|
IN PTOKEN_USER User,
|
|
IN PTOKEN_GROUPS Groups,
|
|
IN PTOKEN_PRIVILEGES Privileges,
|
|
IN PTOKEN_OWNER Owner OPTIONAL,
|
|
IN PTOKEN_PRIMARY_GROUP PrimaryGroup,
|
|
IN PTOKEN_DEFAULT_DACL DefaultDacl OPTIONAL,
|
|
IN PTOKEN_SOURCE TokenSource
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCompareTokens(
|
|
IN HANDLE FirstTokenHandle,
|
|
IN HANDLE SecondTokenHandle,
|
|
OUT PBOOLEAN Equal
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwOpenThreadToken(
|
|
IN HANDLE ThreadHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN BOOLEAN OpenAsSelf,
|
|
OUT PHANDLE TokenHandle
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwOpenThreadTokenEx(
|
|
IN HANDLE ThreadHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN BOOLEAN OpenAsSelf,
|
|
IN ULONG HandleAttributes,
|
|
OUT PHANDLE TokenHandle
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwOpenProcessToken(
|
|
IN HANDLE ProcessHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
OUT PHANDLE TokenHandle
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwOpenProcessTokenEx(
|
|
IN HANDLE ProcessHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN ULONG HandleAttributes,
|
|
OUT PHANDLE TokenHandle
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwOpenJobObjectToken(
|
|
IN HANDLE JobHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
OUT PHANDLE TokenHandle
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwDuplicateToken(
|
|
IN HANDLE ExistingTokenHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes,
|
|
IN BOOLEAN EffectiveOnly,
|
|
IN TOKEN_TYPE TokenType,
|
|
OUT PHANDLE NewTokenHandle
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwFilterToken (
|
|
IN HANDLE ExistingTokenHandle,
|
|
IN ULONG Flags,
|
|
IN PTOKEN_GROUPS SidsToDisable OPTIONAL,
|
|
IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL,
|
|
IN PTOKEN_GROUPS RestrictedSids OPTIONAL,
|
|
OUT PHANDLE NewTokenHandle
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwImpersonateAnonymousToken(
|
|
IN HANDLE ThreadHandle
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryInformationToken (
|
|
IN HANDLE TokenHandle,
|
|
IN TOKEN_INFORMATION_CLASS TokenInformationClass,
|
|
OUT PVOID TokenInformation,
|
|
IN ULONG TokenInformationLength,
|
|
OUT PULONG ReturnLength
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetInformationToken (
|
|
IN HANDLE TokenHandle,
|
|
IN TOKEN_INFORMATION_CLASS TokenInformationClass,
|
|
IN PVOID TokenInformation,
|
|
IN ULONG TokenInformationLength
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwAdjustPrivilegesToken (
|
|
IN HANDLE TokenHandle,
|
|
IN BOOLEAN DisableAllPrivileges,
|
|
IN PTOKEN_PRIVILEGES NewState OPTIONAL,
|
|
IN ULONG BufferLength OPTIONAL,
|
|
OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL,
|
|
OUT PULONG ReturnLength
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwAdjustGroupsToken (
|
|
IN HANDLE TokenHandle,
|
|
IN BOOLEAN ResetToDefault,
|
|
IN PTOKEN_GROUPS NewState OPTIONAL,
|
|
IN ULONG BufferLength OPTIONAL,
|
|
OUT PTOKEN_GROUPS PreviousState OPTIONAL,
|
|
OUT PULONG ReturnLength
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwPrivilegeCheck (
|
|
IN HANDLE ClientToken,
|
|
IN OUT PPRIVILEGE_SET RequiredPrivileges,
|
|
OUT PBOOLEAN Result
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwAccessCheckAndAuditAlarm (
|
|
IN PUNICODE_STRING SubsystemName,
|
|
IN PVOID HandleId,
|
|
IN PUNICODE_STRING ObjectTypeName,
|
|
IN PUNICODE_STRING ObjectName,
|
|
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN PGENERIC_MAPPING GenericMapping,
|
|
IN BOOLEAN ObjectCreation,
|
|
OUT PACCESS_MASK GrantedAccess,
|
|
OUT PNTSTATUS AccessStatus,
|
|
OUT PBOOLEAN GenerateOnClose
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwAccessCheckByTypeAndAuditAlarm (
|
|
IN PUNICODE_STRING SubsystemName,
|
|
IN PVOID HandleId,
|
|
IN PUNICODE_STRING ObjectTypeName,
|
|
IN PUNICODE_STRING ObjectName,
|
|
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
IN PSID PrincipalSelfSid,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN AUDIT_EVENT_TYPE AuditType,
|
|
IN ULONG Flags,
|
|
IN POBJECT_TYPE_LIST ObjectTypeList OPTIONAL,
|
|
IN ULONG ObjectTypeListLength,
|
|
IN PGENERIC_MAPPING GenericMapping,
|
|
IN BOOLEAN ObjectCreation,
|
|
OUT PACCESS_MASK GrantedAccess,
|
|
OUT PNTSTATUS AccessStatus,
|
|
OUT PBOOLEAN GenerateOnClose
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwAccessCheckByTypeResultListAndAuditAlarm (
|
|
IN PUNICODE_STRING SubsystemName,
|
|
IN PVOID HandleId,
|
|
IN PUNICODE_STRING ObjectTypeName,
|
|
IN PUNICODE_STRING ObjectName,
|
|
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
IN PSID PrincipalSelfSid,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN AUDIT_EVENT_TYPE AuditType,
|
|
IN ULONG Flags,
|
|
IN POBJECT_TYPE_LIST ObjectTypeList OPTIONAL,
|
|
IN ULONG ObjectTypeListLength,
|
|
IN PGENERIC_MAPPING GenericMapping,
|
|
IN BOOLEAN ObjectCreation,
|
|
OUT PACCESS_MASK GrantedAccess,
|
|
OUT PNTSTATUS AccessStatus,
|
|
OUT PBOOLEAN GenerateOnClose
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwAccessCheckByTypeResultListAndAuditAlarmByHandle (
|
|
IN PUNICODE_STRING SubsystemName,
|
|
IN PVOID HandleId,
|
|
IN HANDLE ClientToken,
|
|
IN PUNICODE_STRING ObjectTypeName,
|
|
IN PUNICODE_STRING ObjectName,
|
|
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
IN PSID PrincipalSelfSid,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN AUDIT_EVENT_TYPE AuditType,
|
|
IN ULONG Flags,
|
|
IN POBJECT_TYPE_LIST ObjectTypeList OPTIONAL,
|
|
IN ULONG ObjectTypeListLength,
|
|
IN PGENERIC_MAPPING GenericMapping,
|
|
IN BOOLEAN ObjectCreation,
|
|
OUT PACCESS_MASK GrantedAccess,
|
|
OUT PNTSTATUS AccessStatus,
|
|
OUT PBOOLEAN GenerateOnClose
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwOpenObjectAuditAlarm (
|
|
IN PUNICODE_STRING SubsystemName,
|
|
IN PVOID HandleId OPTIONAL,
|
|
IN PUNICODE_STRING ObjectTypeName,
|
|
IN PUNICODE_STRING ObjectName,
|
|
IN PSECURITY_DESCRIPTOR SecurityDescriptor OPTIONAL,
|
|
IN HANDLE ClientToken,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN ACCESS_MASK GrantedAccess,
|
|
IN PPRIVILEGE_SET Privileges OPTIONAL,
|
|
IN BOOLEAN ObjectCreation,
|
|
IN BOOLEAN AccessGranted,
|
|
OUT PBOOLEAN GenerateOnClose
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwPrivilegeObjectAuditAlarm (
|
|
IN PUNICODE_STRING SubsystemName,
|
|
IN PVOID HandleId,
|
|
IN HANDLE ClientToken,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN PPRIVILEGE_SET Privileges,
|
|
IN BOOLEAN AccessGranted
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCloseObjectAuditAlarm (
|
|
IN PUNICODE_STRING SubsystemName,
|
|
IN PVOID HandleId,
|
|
IN BOOLEAN GenerateOnClose
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwDeleteObjectAuditAlarm (
|
|
IN PUNICODE_STRING SubsystemName,
|
|
IN PVOID HandleId,
|
|
IN BOOLEAN GenerateOnClose
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwPrivilegedServiceAuditAlarm (
|
|
IN PUNICODE_STRING SubsystemName,
|
|
IN PUNICODE_STRING ServiceName,
|
|
IN HANDLE ClientToken,
|
|
IN PPRIVILEGE_SET Privileges,
|
|
IN BOOLEAN AccessGranted
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwTraceEvent(
|
|
IN HANDLE TraceHandle,
|
|
IN ULONG Flags,
|
|
IN ULONG FieldSize,
|
|
IN PVOID Fields
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwContinue (
|
|
IN PCONTEXT ContextRecord,
|
|
IN BOOLEAN TestAlert
|
|
);
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwRaiseException (
|
|
IN PEXCEPTION_RECORD ExceptionRecord,
|
|
IN PCONTEXT ContextRecord,
|
|
IN BOOLEAN FirstChance
|
|
);
|