2700 lines
83 KiB
Rust
2700 lines
83 KiB
Rust
use crate::ntapi_base::{PCLIENT_ID, PRTL_ATOM, RTL_ATOM};
|
|
use crate::ntdbg::DEBUGOBJECTINFOCLASS;
|
|
use crate::ntexapi::{
|
|
ATOM_INFORMATION_CLASS, EVENT_INFORMATION_CLASS, MUTANT_INFORMATION_CLASS, PBOOT_ENTRY,
|
|
PBOOT_OPTIONS, PCWNF_TYPE_ID, PEFI_DRIVER_ENTRY, PFILE_PATH, PT2_CANCEL_PARAMETERS,
|
|
PT2_SET_PARAMETERS, PTIMER_APC_ROUTINE, PWNF_CHANGE_STAMP, PWNF_DELIVERY_DESCRIPTOR,
|
|
SEMAPHORE_INFORMATION_CLASS, SHUTDOWN_ACTION, SYSDBG_COMMAND, SYSTEM_INFORMATION_CLASS,
|
|
TIMER_INFORMATION_CLASS, TIMER_SET_INFORMATION_CLASS, WNF_CHANGE_STAMP, WNF_DATA_SCOPE,
|
|
WNF_STATE_NAME_INFORMATION, WNF_STATE_NAME_LIFETIME, WORKERFACTORYINFOCLASS,
|
|
};
|
|
use crate::ntioapi::{
|
|
FILE_INFORMATION_CLASS, FILE_IO_COMPLETION_INFORMATION, FS_INFORMATION_CLASS,
|
|
IO_COMPLETION_INFORMATION_CLASS, IO_SESSION_EVENT, IO_SESSION_STATE, PFILE_BASIC_INFORMATION,
|
|
PFILE_IO_COMPLETION_INFORMATION, PFILE_NETWORK_OPEN_INFORMATION, PIO_APC_ROUTINE,
|
|
PIO_STATUS_BLOCK,
|
|
};
|
|
use crate::ntkeapi::KPROFILE_SOURCE;
|
|
use crate::ntlpcapi::{
|
|
ALPC_HANDLE, ALPC_MESSAGE_INFORMATION_CLASS, ALPC_PORT_INFORMATION_CLASS, PALPC_CONTEXT_ATTR,
|
|
PALPC_DATA_VIEW_ATTR, PALPC_HANDLE, PALPC_MESSAGE_ATTRIBUTES, PALPC_PORT_ATTRIBUTES,
|
|
PALPC_SECURITY_ATTR, PORT_INFORMATION_CLASS, PPORT_MESSAGE, PPORT_VIEW, PREMOTE_PORT_VIEW,
|
|
};
|
|
use crate::ntmisc::VDMSERVICECLASS;
|
|
use crate::ntmmapi::{
|
|
MEMORY_INFORMATION_CLASS, MEMORY_PARTITION_INFORMATION_CLASS, PMEMORY_RANGE_ENTRY,
|
|
SECTION_INFORMATION_CLASS, SECTION_INHERIT, VIRTUAL_MEMORY_INFORMATION_CLASS,
|
|
};
|
|
use crate::ntobapi::OBJECT_INFORMATION_CLASS;
|
|
use crate::ntpnpapi::{PLUGPLAY_CONTROL_CLASS, PPLUGPLAY_EVENT_BLOCK};
|
|
use crate::ntpsapi::{
|
|
MEMORY_RESERVE_TYPE, PINITIAL_TEB, PPS_APC_ROUTINE, PPS_ATTRIBUTE_LIST, PPS_CREATE_INFO,
|
|
PROCESSINFOCLASS, THREADINFOCLASS,
|
|
};
|
|
use crate::ntregapi::{
|
|
KEY_INFORMATION_CLASS, KEY_SET_INFORMATION_CLASS, KEY_VALUE_INFORMATION_CLASS,
|
|
PKEY_VALUE_ENTRY,
|
|
};
|
|
use crate::ntseapi::PTOKEN_SECURITY_ATTRIBUTES_INFORMATION;
|
|
use winapi::shared::basetsd::{
|
|
KAFFINITY, PSIZE_T, PULONG64, PULONG_PTR, SIZE_T, ULONG64, ULONG_PTR,
|
|
};
|
|
use winapi::shared::guiddef::LPGUID;
|
|
use winapi::shared::ktmtypes::{NOTIFICATION_MASK, PCRM_PROTOCOL_ID, PTRANSACTION_NOTIFICATION};
|
|
use winapi::shared::ntdef::{
|
|
BOOLEAN, EVENT_TYPE, HANDLE, LANGID, LCID, LOGICAL, LONG, NTSTATUS, OBJECT_ATTRIBUTES,
|
|
PBOOLEAN, PCHAR, PCWNF_STATE_NAME, PGROUP_AFFINITY, PHANDLE, PLARGE_INTEGER, PLCID, PLONG,
|
|
PLUID, PNTSTATUS, POBJECT_ATTRIBUTES, PUCHAR, PULARGE_INTEGER, PULONG, PULONGLONG,
|
|
PUNICODE_STRING, PUSHORT, PVOID, PWNF_STATE_NAME, PWSTR, TIMER_TYPE, ULONG, USHORT, VOID,
|
|
WAIT_TYPE,
|
|
};
|
|
use winapi::um::winnt::{
|
|
ACCESS_MASK, AUDIT_EVENT_TYPE, ENLISTMENT_INFORMATION_CLASS, EXECUTION_STATE,
|
|
JOBOBJECTINFOCLASS, KTMOBJECT_TYPE, LATENCY_TIME, PACCESS_MASK, PCONTEXT, PDEVICE_POWER_STATE,
|
|
PEXCEPTION_RECORD, PFILE_SEGMENT_ELEMENT, PGENERIC_MAPPING, PJOB_SET_ARRAY, PKTMOBJECT_CURSOR,
|
|
POBJECT_TYPE_LIST, POWER_ACTION, POWER_INFORMATION_LEVEL, PPRIVILEGE_SET, PSECURITY_DESCRIPTOR,
|
|
PSECURITY_QUALITY_OF_SERVICE, PSE_SIGNING_LEVEL, PSID, PSID_AND_ATTRIBUTES,
|
|
PTOKEN_DEFAULT_DACL, PTOKEN_GROUPS, PTOKEN_MANDATORY_POLICY, PTOKEN_OWNER,
|
|
PTOKEN_PRIMARY_GROUP, PTOKEN_PRIVILEGES, PTOKEN_SOURCE, PTOKEN_USER,
|
|
RESOURCEMANAGER_INFORMATION_CLASS, SECURITY_INFORMATION, SE_SIGNING_LEVEL, SYSTEM_POWER_STATE,
|
|
TOKEN_INFORMATION_CLASS, TOKEN_TYPE, TRANSACTIONMANAGER_INFORMATION_CLASS,
|
|
TRANSACTION_INFORMATION_CLASS,
|
|
};
|
|
EXTERN!{extern "system" {
|
|
fn ZwAcceptConnectPort(
|
|
PortHandle: PHANDLE,
|
|
PortContext: PVOID,
|
|
ConnectionRequest: PPORT_MESSAGE,
|
|
AcceptConnection: BOOLEAN,
|
|
ServerView: PPORT_VIEW,
|
|
ClientView: PREMOTE_PORT_VIEW,
|
|
) -> NTSTATUS;
|
|
fn ZwAccessCheck(
|
|
SecurityDescriptor: PSECURITY_DESCRIPTOR,
|
|
ClientToken: HANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
GenericMapping: PGENERIC_MAPPING,
|
|
PrivilegeSet: PPRIVILEGE_SET,
|
|
PrivilegeSetLength: PULONG,
|
|
GrantedAccess: PACCESS_MASK,
|
|
AccessStatus: PNTSTATUS,
|
|
) -> NTSTATUS;
|
|
fn ZwAccessCheckAndAuditAlarm(
|
|
SubsystemName: PUNICODE_STRING,
|
|
HandleId: PVOID,
|
|
ObjectTypeName: PUNICODE_STRING,
|
|
ObjectName: PUNICODE_STRING,
|
|
SecurityDescriptor: PSECURITY_DESCRIPTOR,
|
|
DesiredAccess: ACCESS_MASK,
|
|
GenericMapping: PGENERIC_MAPPING,
|
|
ObjectCreation: BOOLEAN,
|
|
GrantedAccess: PACCESS_MASK,
|
|
AccessStatus: PNTSTATUS,
|
|
GenerateOnClose: PBOOLEAN,
|
|
) -> NTSTATUS;
|
|
fn ZwAccessCheckByType(
|
|
SecurityDescriptor: PSECURITY_DESCRIPTOR,
|
|
PrincipalSelfSid: PSID,
|
|
ClientToken: HANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectTypeList: POBJECT_TYPE_LIST,
|
|
ObjectTypeListLength: ULONG,
|
|
GenericMapping: PGENERIC_MAPPING,
|
|
PrivilegeSet: PPRIVILEGE_SET,
|
|
PrivilegeSetLength: PULONG,
|
|
GrantedAccess: PACCESS_MASK,
|
|
AccessStatus: PNTSTATUS,
|
|
) -> NTSTATUS;
|
|
fn ZwAccessCheckByTypeAndAuditAlarm(
|
|
SubsystemName: PUNICODE_STRING,
|
|
HandleId: PVOID,
|
|
ObjectTypeName: PUNICODE_STRING,
|
|
ObjectName: PUNICODE_STRING,
|
|
SecurityDescriptor: PSECURITY_DESCRIPTOR,
|
|
PrincipalSelfSid: PSID,
|
|
DesiredAccess: ACCESS_MASK,
|
|
AuditType: AUDIT_EVENT_TYPE,
|
|
Flags: ULONG,
|
|
ObjectTypeList: POBJECT_TYPE_LIST,
|
|
ObjectTypeListLength: ULONG,
|
|
GenericMapping: PGENERIC_MAPPING,
|
|
ObjectCreation: BOOLEAN,
|
|
GrantedAccess: PACCESS_MASK,
|
|
AccessStatus: PNTSTATUS,
|
|
GenerateOnClose: PBOOLEAN,
|
|
) -> NTSTATUS;
|
|
fn ZwAccessCheckByTypeResultList(
|
|
SecurityDescriptor: PSECURITY_DESCRIPTOR,
|
|
PrincipalSelfSid: PSID,
|
|
ClientToken: HANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectTypeList: POBJECT_TYPE_LIST,
|
|
ObjectTypeListLength: ULONG,
|
|
GenericMapping: PGENERIC_MAPPING,
|
|
PrivilegeSet: PPRIVILEGE_SET,
|
|
PrivilegeSetLength: PULONG,
|
|
GrantedAccess: PACCESS_MASK,
|
|
AccessStatus: PNTSTATUS,
|
|
) -> NTSTATUS;
|
|
fn ZwAccessCheckByTypeResultListAndAuditAlarm(
|
|
SubsystemName: PUNICODE_STRING,
|
|
HandleId: PVOID,
|
|
ObjectTypeName: PUNICODE_STRING,
|
|
ObjectName: PUNICODE_STRING,
|
|
SecurityDescriptor: PSECURITY_DESCRIPTOR,
|
|
PrincipalSelfSid: PSID,
|
|
DesiredAccess: ACCESS_MASK,
|
|
AuditType: AUDIT_EVENT_TYPE,
|
|
Flags: ULONG,
|
|
ObjectTypeList: POBJECT_TYPE_LIST,
|
|
ObjectTypeListLength: ULONG,
|
|
GenericMapping: PGENERIC_MAPPING,
|
|
ObjectCreation: BOOLEAN,
|
|
GrantedAccess: PACCESS_MASK,
|
|
AccessStatus: PNTSTATUS,
|
|
GenerateOnClose: PBOOLEAN,
|
|
) -> NTSTATUS;
|
|
fn ZwAccessCheckByTypeResultListAndAuditAlarmByHandle(
|
|
SubsystemName: PUNICODE_STRING,
|
|
HandleId: PVOID,
|
|
ClientToken: HANDLE,
|
|
ObjectTypeName: PUNICODE_STRING,
|
|
ObjectName: PUNICODE_STRING,
|
|
SecurityDescriptor: PSECURITY_DESCRIPTOR,
|
|
PrincipalSelfSid: PSID,
|
|
DesiredAccess: ACCESS_MASK,
|
|
AuditType: AUDIT_EVENT_TYPE,
|
|
Flags: ULONG,
|
|
ObjectTypeList: POBJECT_TYPE_LIST,
|
|
ObjectTypeListLength: ULONG,
|
|
GenericMapping: PGENERIC_MAPPING,
|
|
ObjectCreation: BOOLEAN,
|
|
GrantedAccess: PACCESS_MASK,
|
|
AccessStatus: PNTSTATUS,
|
|
GenerateOnClose: PBOOLEAN,
|
|
) -> NTSTATUS;
|
|
fn ZwAcquireCMFViewOwnership(
|
|
TimeStamp: PULONGLONG,
|
|
tokenTaken: PBOOLEAN,
|
|
replaceExisting: BOOLEAN,
|
|
) -> NTSTATUS;
|
|
fn ZwAddAtom(
|
|
AtomName: PWSTR,
|
|
Length: ULONG,
|
|
Atom: PRTL_ATOM,
|
|
) -> NTSTATUS;
|
|
fn ZwAddAtomEx(
|
|
AtomName: PWSTR,
|
|
Length: ULONG,
|
|
Atom: PRTL_ATOM,
|
|
Flags: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwAddBootEntry(
|
|
BootEntry: PBOOT_ENTRY,
|
|
Id: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwAddDriverEntry(
|
|
DriverEntry: PEFI_DRIVER_ENTRY,
|
|
Id: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwAdjustGroupsToken(
|
|
TokenHandle: HANDLE,
|
|
ResetToDefault: BOOLEAN,
|
|
NewState: PTOKEN_GROUPS,
|
|
BufferLength: ULONG,
|
|
PreviousState: PTOKEN_GROUPS,
|
|
ReturnLength: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwAdjustPrivilegesToken(
|
|
TokenHandle: HANDLE,
|
|
DisableAllPrivileges: BOOLEAN,
|
|
NewState: PTOKEN_PRIVILEGES,
|
|
BufferLength: ULONG,
|
|
PreviousState: PTOKEN_PRIVILEGES,
|
|
ReturnLength: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwAdjustTokenClaimsAndDeviceGroups(
|
|
TokenHandle: HANDLE,
|
|
UserResetToDefault: BOOLEAN,
|
|
DeviceResetToDefault: BOOLEAN,
|
|
DeviceGroupsResetToDefault: BOOLEAN,
|
|
NewUserState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
|
|
NewDeviceState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
|
|
NewDeviceGroupsState: PTOKEN_GROUPS,
|
|
UserBufferLength: ULONG,
|
|
PreviousUserState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
|
|
DeviceBufferLength: ULONG,
|
|
PreviousDeviceState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
|
|
DeviceGroupsBufferLength: ULONG,
|
|
PreviousDeviceGroups: PTOKEN_GROUPS,
|
|
UserReturnLength: PULONG,
|
|
DeviceReturnLength: PULONG,
|
|
DeviceGroupsReturnBufferLength: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwAlertResumeThread(
|
|
ThreadHandle: HANDLE,
|
|
PreviousSuspendCount: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwAlertThread(
|
|
ThreadHandle: HANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwAlertThreadByThreadId(
|
|
ThreadId: HANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwAllocateLocallyUniqueId(
|
|
Luid: PLUID,
|
|
) -> NTSTATUS;
|
|
fn ZwAllocateReserveObject(
|
|
MemoryReserveHandle: PHANDLE,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
Type: MEMORY_RESERVE_TYPE,
|
|
) -> NTSTATUS;
|
|
fn ZwAllocateUserPhysicalPages(
|
|
ProcessHandle: HANDLE,
|
|
NumberOfPages: PULONG_PTR,
|
|
UserPfnArray: PULONG_PTR,
|
|
) -> NTSTATUS;
|
|
fn ZwAllocateUuids(
|
|
Time: PULARGE_INTEGER,
|
|
Range: PULONG,
|
|
Sequence: PULONG,
|
|
Seed: PCHAR,
|
|
) -> NTSTATUS;
|
|
fn ZwAllocateVirtualMemory(
|
|
ProcessHandle: HANDLE,
|
|
BaseAddress: *mut PVOID,
|
|
ZeroBits: ULONG_PTR,
|
|
RegionSize: PSIZE_T,
|
|
AllocationType: ULONG,
|
|
Protect: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwAlpcAcceptConnectPort(
|
|
PortHandle: PHANDLE,
|
|
ConnectionPortHandle: HANDLE,
|
|
Flags: ULONG,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
PortAttributes: PALPC_PORT_ATTRIBUTES,
|
|
PortContext: PVOID,
|
|
ConnectionRequest: PPORT_MESSAGE,
|
|
ConnectionMessageAttributes: PALPC_MESSAGE_ATTRIBUTES,
|
|
AcceptConnection: BOOLEAN,
|
|
) -> NTSTATUS;
|
|
fn ZwAlpcCancelMessage(
|
|
PortHandle: HANDLE,
|
|
Flags: ULONG,
|
|
MessageContext: PALPC_CONTEXT_ATTR,
|
|
) -> NTSTATUS;
|
|
fn ZwAlpcConnectPort(
|
|
PortHandle: PHANDLE,
|
|
PortName: PUNICODE_STRING,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
PortAttributes: PALPC_PORT_ATTRIBUTES,
|
|
Flags: ULONG,
|
|
RequiredServerSid: PSID,
|
|
ConnectionMessage: PPORT_MESSAGE,
|
|
BufferLength: PULONG,
|
|
OutMessageAttributes: PALPC_MESSAGE_ATTRIBUTES,
|
|
InMessageAttributes: PALPC_MESSAGE_ATTRIBUTES,
|
|
Timeout: PLARGE_INTEGER,
|
|
) -> NTSTATUS;
|
|
fn ZwAlpcConnectPortEx(
|
|
PortHandle: PHANDLE,
|
|
ConnectionPortObjectAttributes: POBJECT_ATTRIBUTES,
|
|
ClientPortObjectAttributes: POBJECT_ATTRIBUTES,
|
|
PortAttributes: PALPC_PORT_ATTRIBUTES,
|
|
Flags: ULONG,
|
|
ServerSecurityRequirements: PSECURITY_DESCRIPTOR,
|
|
ConnectionMessage: PPORT_MESSAGE,
|
|
BufferLength: PSIZE_T,
|
|
OutMessageAttributes: PALPC_MESSAGE_ATTRIBUTES,
|
|
InMessageAttributes: PALPC_MESSAGE_ATTRIBUTES,
|
|
Timeout: PLARGE_INTEGER,
|
|
) -> NTSTATUS;
|
|
fn ZwAlpcCreatePort(
|
|
PortHandle: PHANDLE,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
PortAttributes: PALPC_PORT_ATTRIBUTES,
|
|
) -> NTSTATUS;
|
|
fn ZwAlpcCreatePortSection(
|
|
PortHandle: HANDLE,
|
|
Flags: ULONG,
|
|
SectionHandle: HANDLE,
|
|
SectionSize: SIZE_T,
|
|
AlpcSectionHandle: PALPC_HANDLE,
|
|
ActualSectionSize: PSIZE_T,
|
|
) -> NTSTATUS;
|
|
fn ZwAlpcCreateResourceReserve(
|
|
PortHandle: HANDLE,
|
|
Flags: ULONG,
|
|
MessageSize: SIZE_T,
|
|
ResourceId: PALPC_HANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwAlpcCreateSectionView(
|
|
PortHandle: HANDLE,
|
|
Flags: ULONG,
|
|
ViewAttributes: PALPC_DATA_VIEW_ATTR,
|
|
) -> NTSTATUS;
|
|
fn ZwAlpcCreateSecurityContext(
|
|
PortHandle: HANDLE,
|
|
Flags: ULONG,
|
|
SecurityAttribute: PALPC_SECURITY_ATTR,
|
|
) -> NTSTATUS;
|
|
fn ZwAlpcDeletePortSection(
|
|
PortHandle: HANDLE,
|
|
Flags: ULONG,
|
|
SectionHandle: ALPC_HANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwAlpcDeleteResourceReserve(
|
|
PortHandle: HANDLE,
|
|
Flags: ULONG,
|
|
ResourceId: ALPC_HANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwAlpcDeleteSectionView(
|
|
PortHandle: HANDLE,
|
|
Flags: ULONG,
|
|
ViewBase: PVOID,
|
|
) -> NTSTATUS;
|
|
fn ZwAlpcDeleteSecurityContext(
|
|
PortHandle: HANDLE,
|
|
Flags: ULONG,
|
|
ContextHandle: ALPC_HANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwAlpcDisconnectPort(
|
|
PortHandle: HANDLE,
|
|
Flags: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwAlpcImpersonateClientContainerOfPort(
|
|
PortHandle: HANDLE,
|
|
Message: PPORT_MESSAGE,
|
|
Flags: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwAlpcImpersonateClientOfPort(
|
|
PortHandle: HANDLE,
|
|
Message: PPORT_MESSAGE,
|
|
Flags: PVOID,
|
|
) -> NTSTATUS;
|
|
fn ZwAlpcOpenSenderProcess(
|
|
ProcessHandle: PHANDLE,
|
|
PortHandle: HANDLE,
|
|
PortMessage: PPORT_MESSAGE,
|
|
Flags: ULONG,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
) -> NTSTATUS;
|
|
fn ZwAlpcOpenSenderThread(
|
|
ThreadHandle: PHANDLE,
|
|
PortHandle: HANDLE,
|
|
PortMessage: PPORT_MESSAGE,
|
|
Flags: ULONG,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
) -> NTSTATUS;
|
|
fn ZwAlpcQueryInformation(
|
|
PortHandle: HANDLE,
|
|
PortInformationClass: ALPC_PORT_INFORMATION_CLASS,
|
|
PortInformation: PVOID,
|
|
Length: ULONG,
|
|
ReturnLength: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwAlpcQueryInformationMessage(
|
|
PortHandle: HANDLE,
|
|
PortMessage: PPORT_MESSAGE,
|
|
MessageInformationClass: ALPC_MESSAGE_INFORMATION_CLASS,
|
|
MessageInformation: PVOID,
|
|
Length: ULONG,
|
|
ReturnLength: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwAlpcRevokeSecurityContext(
|
|
PortHandle: HANDLE,
|
|
Flags: ULONG,
|
|
ContextHandle: ALPC_HANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwAlpcSendWaitReceivePort(
|
|
PortHandle: HANDLE,
|
|
Flags: ULONG,
|
|
SendMessageA: PPORT_MESSAGE,
|
|
SendMessageAttributes: PALPC_MESSAGE_ATTRIBUTES,
|
|
ReceiveMessage: PPORT_MESSAGE,
|
|
BufferLength: PSIZE_T,
|
|
ReceiveMessageAttributes: PALPC_MESSAGE_ATTRIBUTES,
|
|
Timeout: PLARGE_INTEGER,
|
|
) -> NTSTATUS;
|
|
fn ZwAlpcSetInformation(
|
|
PortHandle: HANDLE,
|
|
PortInformationClass: ALPC_PORT_INFORMATION_CLASS,
|
|
PortInformation: PVOID,
|
|
Length: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwAreMappedFilesTheSame(
|
|
File1MappedAsAnImage: PVOID,
|
|
File2MappedAsFile: PVOID,
|
|
) -> NTSTATUS;
|
|
fn ZwAssignProcessToJobObject(
|
|
JobHandle: HANDLE,
|
|
ProcessHandle: HANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwAssociateWaitCompletionPacket(
|
|
WaitCompletionPacketHandle: HANDLE,
|
|
IoCompletionHandle: HANDLE,
|
|
TargetObjectHandle: HANDLE,
|
|
KeyContext: PVOID,
|
|
ApcContext: PVOID,
|
|
IoStatus: NTSTATUS,
|
|
IoStatusInformation: ULONG_PTR,
|
|
AlreadySignaled: PBOOLEAN,
|
|
) -> NTSTATUS;
|
|
fn ZwCallbackReturn(
|
|
OutputBuffer: PVOID,
|
|
OutputLength: ULONG,
|
|
Status: NTSTATUS,
|
|
) -> NTSTATUS;
|
|
fn ZwCancelIoFile(
|
|
FileHandle: HANDLE,
|
|
IoStatusBlock: PIO_STATUS_BLOCK,
|
|
) -> NTSTATUS;
|
|
fn ZwCancelIoFileEx(
|
|
FileHandle: HANDLE,
|
|
IoRequestToCancel: PIO_STATUS_BLOCK,
|
|
IoStatusBlock: PIO_STATUS_BLOCK,
|
|
) -> NTSTATUS;
|
|
fn ZwCancelSynchronousIoFile(
|
|
ThreadHandle: HANDLE,
|
|
IoRequestToCancel: PIO_STATUS_BLOCK,
|
|
IoStatusBlock: PIO_STATUS_BLOCK,
|
|
) -> NTSTATUS;
|
|
fn ZwCancelTimer(
|
|
TimerHandle: HANDLE,
|
|
CurrentState: PBOOLEAN,
|
|
) -> NTSTATUS;
|
|
fn ZwCancelTimer2(
|
|
TimerHandle: HANDLE,
|
|
Parameters: PT2_CANCEL_PARAMETERS,
|
|
) -> NTSTATUS;
|
|
fn ZwCancelWaitCompletionPacket(
|
|
WaitCompletionPacketHandle: HANDLE,
|
|
RemoveSignaledPacket: BOOLEAN,
|
|
) -> NTSTATUS;
|
|
fn ZwClearEvent(
|
|
EventHandle: HANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwClose(
|
|
Handle: HANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwCloseObjectAuditAlarm(
|
|
SubsystemName: PUNICODE_STRING,
|
|
HandleId: PVOID,
|
|
GenerateOnClose: BOOLEAN,
|
|
) -> NTSTATUS;
|
|
fn ZwCommitComplete(
|
|
EnlistmentHandle: HANDLE,
|
|
TmVirtualClock: PLARGE_INTEGER,
|
|
) -> NTSTATUS;
|
|
fn ZwCommitEnlistment(
|
|
EnlistmentHandle: HANDLE,
|
|
TmVirtualClock: PLARGE_INTEGER,
|
|
) -> NTSTATUS;
|
|
fn ZwCommitTransaction(
|
|
TransactionHandle: HANDLE,
|
|
Wait: BOOLEAN,
|
|
) -> NTSTATUS;
|
|
fn ZwCompactKeys(
|
|
Count: ULONG,
|
|
KeyArray: *mut HANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwCompareObjects(
|
|
FirstObjectHandle: HANDLE,
|
|
SecondObjectHandle: HANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwCompareTokens(
|
|
FirstTokenHandle: HANDLE,
|
|
SecondTokenHandle: HANDLE,
|
|
Equal: PBOOLEAN,
|
|
) -> NTSTATUS;
|
|
fn ZwCompleteConnectPort(
|
|
PortHandle: HANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwCompressKey(
|
|
Key: HANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwConnectPort(
|
|
PortHandle: PHANDLE,
|
|
PortName: PUNICODE_STRING,
|
|
SecurityQos: PSECURITY_QUALITY_OF_SERVICE,
|
|
ClientView: PPORT_VIEW,
|
|
ServerView: PREMOTE_PORT_VIEW,
|
|
MaxMessageLength: PULONG,
|
|
ConnectionInformation: PVOID,
|
|
ConnectionInformationLength: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwContinue(
|
|
ContextRecord: PCONTEXT,
|
|
TestAlert: BOOLEAN,
|
|
) -> NTSTATUS;
|
|
fn ZwCreateDebugObject(
|
|
DebugObjectHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
Flags: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwCreateDirectoryObject(
|
|
DirectoryHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
) -> NTSTATUS;
|
|
fn ZwCreateDirectoryObjectEx(
|
|
DirectoryHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
ShadowDirectoryHandle: HANDLE,
|
|
Flags: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwCreateEnlistment(
|
|
EnlistmentHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ResourceManagerHandle: HANDLE,
|
|
TransactionHandle: HANDLE,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
CreateOptions: ULONG,
|
|
NotificationMask: NOTIFICATION_MASK,
|
|
EnlistmentKey: PVOID,
|
|
) -> NTSTATUS;
|
|
fn ZwCreateEvent(
|
|
EventHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
EventType: EVENT_TYPE,
|
|
InitialState: BOOLEAN,
|
|
) -> NTSTATUS;
|
|
fn ZwCreateEventPair(
|
|
EventPairHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
) -> NTSTATUS;
|
|
fn ZwCreateFile(
|
|
FileHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
IoStatusBlock: PIO_STATUS_BLOCK,
|
|
AllocationSize: PLARGE_INTEGER,
|
|
FileAttributes: ULONG,
|
|
ShareAccess: ULONG,
|
|
CreateDisposition: ULONG,
|
|
CreateOptions: ULONG,
|
|
EaBuffer: PVOID,
|
|
EaLength: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwCreateIRTimer(
|
|
TimerHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
) -> NTSTATUS;
|
|
fn ZwCreateIoCompletion(
|
|
IoCompletionHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
Count: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwCreateJobObject(
|
|
JobHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
) -> NTSTATUS;
|
|
fn ZwCreateJobSet(
|
|
NumJob: ULONG,
|
|
UserJobSet: PJOB_SET_ARRAY,
|
|
Flags: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwCreateKey(
|
|
KeyHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
TitleIndex: ULONG,
|
|
Class: PUNICODE_STRING,
|
|
CreateOptions: ULONG,
|
|
Disposition: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwCreateKeyTransacted(
|
|
KeyHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
TitleIndex: ULONG,
|
|
Class: PUNICODE_STRING,
|
|
CreateOptions: ULONG,
|
|
TransactionHandle: HANDLE,
|
|
Disposition: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwCreateKeyedEvent(
|
|
KeyedEventHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
Flags: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwCreateLowBoxToken(
|
|
TokenHandle: PHANDLE,
|
|
ExistingTokenHandle: HANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
PackageSid: PSID,
|
|
CapabilityCount: ULONG,
|
|
Capabilities: PSID_AND_ATTRIBUTES,
|
|
HandleCount: ULONG,
|
|
Handles: *mut HANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwCreateMailslotFile(
|
|
FileHandle: PHANDLE,
|
|
DesiredAccess: ULONG,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
IoStatusBlock: PIO_STATUS_BLOCK,
|
|
CreateOptions: ULONG,
|
|
MailslotQuota: ULONG,
|
|
MaximumMessageSize: ULONG,
|
|
ReadTimeout: PLARGE_INTEGER,
|
|
) -> NTSTATUS;
|
|
fn ZwCreateMutant(
|
|
MutantHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
InitialOwner: BOOLEAN,
|
|
) -> NTSTATUS;
|
|
fn ZwCreateNamedPipeFile(
|
|
FileHandle: PHANDLE,
|
|
DesiredAccess: ULONG,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
IoStatusBlock: PIO_STATUS_BLOCK,
|
|
ShareAccess: ULONG,
|
|
CreateDisposition: ULONG,
|
|
CreateOptions: ULONG,
|
|
NamedPipeType: ULONG,
|
|
ReadMode: ULONG,
|
|
CompletionMode: ULONG,
|
|
MaximumInstances: ULONG,
|
|
InboundQuota: ULONG,
|
|
OutboundQuota: ULONG,
|
|
DefaultTimeout: PLARGE_INTEGER,
|
|
) -> NTSTATUS;
|
|
fn ZwCreatePagingFile(
|
|
PageFileName: PUNICODE_STRING,
|
|
MinimumSize: PLARGE_INTEGER,
|
|
MaximumSize: PLARGE_INTEGER,
|
|
Priority: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwCreatePartition(
|
|
PartitionHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
PreferredNode: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwCreatePort(
|
|
PortHandle: PHANDLE,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
MaxConnectionInfoLength: ULONG,
|
|
MaxMessageLength: ULONG,
|
|
MaxPoolUsage: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwCreatePrivateNamespace(
|
|
NamespaceHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
BoundaryDescriptor: PVOID,
|
|
) -> NTSTATUS;
|
|
fn ZwCreateProcess(
|
|
ProcessHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
ParentProcess: HANDLE,
|
|
InheritObjectTable: BOOLEAN,
|
|
SectionHandle: HANDLE,
|
|
DebugPort: HANDLE,
|
|
ExceptionPort: HANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwCreateProcessEx(
|
|
ProcessHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
ParentProcess: HANDLE,
|
|
Flags: ULONG,
|
|
SectionHandle: HANDLE,
|
|
DebugPort: HANDLE,
|
|
ExceptionPort: HANDLE,
|
|
JobMemberLevel: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwCreateProfile(
|
|
ProfileHandle: PHANDLE,
|
|
Process: HANDLE,
|
|
ProfileBase: PVOID,
|
|
ProfileSize: SIZE_T,
|
|
BucketSize: ULONG,
|
|
Buffer: PULONG,
|
|
BufferSize: ULONG,
|
|
ProfileSource: KPROFILE_SOURCE,
|
|
Affinity: KAFFINITY,
|
|
) -> NTSTATUS;
|
|
fn ZwCreateProfileEx(
|
|
ProfileHandle: PHANDLE,
|
|
Process: HANDLE,
|
|
ProfileBase: PVOID,
|
|
ProfileSize: SIZE_T,
|
|
BucketSize: ULONG,
|
|
Buffer: PULONG,
|
|
BufferSize: ULONG,
|
|
ProfileSource: KPROFILE_SOURCE,
|
|
GroupCount: USHORT,
|
|
GroupAffinity: PGROUP_AFFINITY,
|
|
) -> NTSTATUS;
|
|
fn ZwCreateResourceManager(
|
|
ResourceManagerHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
TmHandle: HANDLE,
|
|
ResourceManagerGuid: LPGUID,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
CreateOptions: ULONG,
|
|
Description: PUNICODE_STRING,
|
|
) -> NTSTATUS;
|
|
fn ZwCreateSection(
|
|
SectionHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
MaximumSize: PLARGE_INTEGER,
|
|
SectionPageProtection: ULONG,
|
|
AllocationAttributes: ULONG,
|
|
FileHandle: HANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwCreateSemaphore(
|
|
SemaphoreHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
InitialCount: LONG,
|
|
MaximumCount: LONG,
|
|
) -> NTSTATUS;
|
|
fn ZwCreateSymbolicLinkObject(
|
|
LinkHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
LinkTarget: PUNICODE_STRING,
|
|
) -> NTSTATUS;
|
|
fn ZwCreateThread(
|
|
ThreadHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
ProcessHandle: HANDLE,
|
|
ClientId: PCLIENT_ID,
|
|
ThreadContext: PCONTEXT,
|
|
InitialTeb: PINITIAL_TEB,
|
|
CreateSuspended: BOOLEAN,
|
|
) -> NTSTATUS;
|
|
fn ZwCreateThreadEx(
|
|
ThreadHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
ProcessHandle: HANDLE,
|
|
StartRoutine: PVOID,
|
|
Argument: PVOID,
|
|
CreateFlags: ULONG,
|
|
ZeroBits: SIZE_T,
|
|
StackSize: SIZE_T,
|
|
MaximumStackSize: SIZE_T,
|
|
AttributeList: PPS_ATTRIBUTE_LIST,
|
|
) -> NTSTATUS;
|
|
fn ZwCreateTimer(
|
|
TimerHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
TimerType: TIMER_TYPE,
|
|
) -> NTSTATUS;
|
|
fn ZwCreateTimer2(
|
|
TimerHandle: PHANDLE,
|
|
Reserved1: PVOID,
|
|
Reserved2: PVOID,
|
|
Attributes: ULONG,
|
|
DesiredAccess: ACCESS_MASK,
|
|
) -> NTSTATUS;
|
|
fn ZwCreateToken(
|
|
TokenHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
TokenType: TOKEN_TYPE,
|
|
AuthenticationId: PLUID,
|
|
ExpirationTime: PLARGE_INTEGER,
|
|
User: PTOKEN_USER,
|
|
Groups: PTOKEN_GROUPS,
|
|
Privileges: PTOKEN_PRIVILEGES,
|
|
Owner: PTOKEN_OWNER,
|
|
PrimaryGroup: PTOKEN_PRIMARY_GROUP,
|
|
DefaultDacl: PTOKEN_DEFAULT_DACL,
|
|
TokenSource: PTOKEN_SOURCE,
|
|
) -> NTSTATUS;
|
|
fn ZwCreateTokenEx(
|
|
TokenHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
TokenType: TOKEN_TYPE,
|
|
AuthenticationId: PLUID,
|
|
ExpirationTime: PLARGE_INTEGER,
|
|
User: PTOKEN_USER,
|
|
Groups: PTOKEN_GROUPS,
|
|
Privileges: PTOKEN_PRIVILEGES,
|
|
UserAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
|
|
DeviceAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
|
|
DeviceGroups: PTOKEN_GROUPS,
|
|
TokenMandatoryPolicy: PTOKEN_MANDATORY_POLICY,
|
|
Owner: PTOKEN_OWNER,
|
|
PrimaryGroup: PTOKEN_PRIMARY_GROUP,
|
|
DefaultDacl: PTOKEN_DEFAULT_DACL,
|
|
TokenSource: PTOKEN_SOURCE,
|
|
) -> NTSTATUS;
|
|
fn ZwCreateTransaction(
|
|
TransactionHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
Uow: LPGUID,
|
|
TmHandle: HANDLE,
|
|
CreateOptions: ULONG,
|
|
IsolationLevel: ULONG,
|
|
IsolationFlags: ULONG,
|
|
Timeout: PLARGE_INTEGER,
|
|
Description: PUNICODE_STRING,
|
|
) -> NTSTATUS;
|
|
fn ZwCreateTransactionManager(
|
|
TmHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
LogFileName: PUNICODE_STRING,
|
|
CreateOptions: ULONG,
|
|
CommitStrength: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwCreateUserProcess(
|
|
ProcessHandle: PHANDLE,
|
|
ThreadHandle: PHANDLE,
|
|
ProcessDesiredAccess: ACCESS_MASK,
|
|
ThreadDesiredAccess: ACCESS_MASK,
|
|
ProcessObjectAttributes: POBJECT_ATTRIBUTES,
|
|
ThreadObjectAttributes: POBJECT_ATTRIBUTES,
|
|
ProcessFlags: ULONG,
|
|
ThreadFlags: ULONG,
|
|
ProcessParameters: PVOID,
|
|
CreateInfo: PPS_CREATE_INFO,
|
|
AttributeList: PPS_ATTRIBUTE_LIST,
|
|
) -> NTSTATUS;
|
|
fn ZwCreateWaitCompletionPacket(
|
|
WaitCompletionPacketHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
) -> NTSTATUS;
|
|
fn ZwCreateWaitablePort(
|
|
PortHandle: PHANDLE,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
MaxConnectionInfoLength: ULONG,
|
|
MaxMessageLength: ULONG,
|
|
MaxPoolUsage: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwCreateWnfStateName(
|
|
StateName: PWNF_STATE_NAME,
|
|
NameLifetime: WNF_STATE_NAME_LIFETIME,
|
|
DataScope: WNF_DATA_SCOPE,
|
|
PersistData: BOOLEAN,
|
|
TypeId: PCWNF_TYPE_ID,
|
|
MaximumStateSize: ULONG,
|
|
SecurityDescriptor: PSECURITY_DESCRIPTOR,
|
|
) -> NTSTATUS;
|
|
fn ZwCreateWorkerFactory(
|
|
WorkerFactoryHandleReturn: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
CompletionPortHandle: HANDLE,
|
|
WorkerProcessHandle: HANDLE,
|
|
StartRoutine: PVOID,
|
|
StartParameter: PVOID,
|
|
MaxThreadCount: ULONG,
|
|
StackReserve: SIZE_T,
|
|
StackCommit: SIZE_T,
|
|
) -> NTSTATUS;
|
|
fn ZwDebugActiveProcess(
|
|
ProcessHandle: HANDLE,
|
|
DebugObjectHandle: HANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwDebugContinue(
|
|
DebugObjectHandle: HANDLE,
|
|
ClientId: PCLIENT_ID,
|
|
ContinueStatus: NTSTATUS,
|
|
) -> NTSTATUS;
|
|
fn ZwDelayExecution(
|
|
Alertable: BOOLEAN,
|
|
DelayInterval: PLARGE_INTEGER,
|
|
) -> NTSTATUS;
|
|
fn ZwDeleteAtom(
|
|
Atom: RTL_ATOM,
|
|
) -> NTSTATUS;
|
|
fn ZwDeleteBootEntry(
|
|
Id: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwDeleteDriverEntry(
|
|
Id: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwDeleteFile(
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
) -> NTSTATUS;
|
|
fn ZwDeleteKey(
|
|
KeyHandle: HANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwDeleteObjectAuditAlarm(
|
|
SubsystemName: PUNICODE_STRING,
|
|
HandleId: PVOID,
|
|
GenerateOnClose: BOOLEAN,
|
|
) -> NTSTATUS;
|
|
fn ZwDeletePrivateNamespace(
|
|
NamespaceHandle: HANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwDeleteValueKey(
|
|
KeyHandle: HANDLE,
|
|
ValueName: PUNICODE_STRING,
|
|
) -> NTSTATUS;
|
|
fn ZwDeleteWnfStateData(
|
|
StateName: PCWNF_STATE_NAME,
|
|
ExplicitScope: *const VOID,
|
|
) -> NTSTATUS;
|
|
fn ZwDeleteWnfStateName(
|
|
StateName: PCWNF_STATE_NAME,
|
|
) -> NTSTATUS;
|
|
fn ZwDeviceIoControlFile(
|
|
FileHandle: HANDLE,
|
|
Event: HANDLE,
|
|
ApcRoutine: PIO_APC_ROUTINE,
|
|
ApcContext: PVOID,
|
|
IoStatusBlock: PIO_STATUS_BLOCK,
|
|
IoControlCode: ULONG,
|
|
InputBuffer: PVOID,
|
|
InputBufferLength: ULONG,
|
|
OutputBuffer: PVOID,
|
|
OutputBufferLength: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwDisableLastKnownGood() -> NTSTATUS;
|
|
fn ZwDisplayString(
|
|
String: PUNICODE_STRING,
|
|
) -> NTSTATUS;
|
|
fn ZwDrawText(
|
|
String: PUNICODE_STRING,
|
|
) -> NTSTATUS;
|
|
fn ZwDuplicateObject(
|
|
SourceProcessHandle: HANDLE,
|
|
SourceHandle: HANDLE,
|
|
TargetProcessHandle: HANDLE,
|
|
TargetHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
HandleAttributes: ULONG,
|
|
Options: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwDuplicateToken(
|
|
ExistingTokenHandle: HANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
EffectiveOnly: BOOLEAN,
|
|
TokenType: TOKEN_TYPE,
|
|
NewTokenHandle: PHANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwEnableLastKnownGood() -> NTSTATUS;
|
|
fn ZwEnumerateBootEntries(
|
|
Buffer: PVOID,
|
|
BufferLength: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwEnumerateDriverEntries(
|
|
Buffer: PVOID,
|
|
BufferLength: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwEnumerateKey(
|
|
KeyHandle: HANDLE,
|
|
Index: ULONG,
|
|
KeyInformationClass: KEY_INFORMATION_CLASS,
|
|
KeyInformation: PVOID,
|
|
Length: ULONG,
|
|
ResultLength: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwEnumerateSystemEnvironmentValuesEx(
|
|
InformationClass: ULONG,
|
|
Buffer: PVOID,
|
|
BufferLength: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwEnumerateTransactionObject(
|
|
RootObjectHandle: HANDLE,
|
|
QueryType: KTMOBJECT_TYPE,
|
|
ObjectCursor: PKTMOBJECT_CURSOR,
|
|
ObjectCursorLength: ULONG,
|
|
ReturnLength: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwEnumerateValueKey(
|
|
KeyHandle: HANDLE,
|
|
Index: ULONG,
|
|
KeyValueInformationClass: KEY_VALUE_INFORMATION_CLASS,
|
|
KeyValueInformation: PVOID,
|
|
Length: ULONG,
|
|
ResultLength: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwExtendSection(
|
|
SectionHandle: HANDLE,
|
|
NewSectionSize: PLARGE_INTEGER,
|
|
) -> NTSTATUS;
|
|
fn ZwFilterToken(
|
|
ExistingTokenHandle: HANDLE,
|
|
Flags: ULONG,
|
|
SidsToDisable: PTOKEN_GROUPS,
|
|
PrivilegesToDelete: PTOKEN_PRIVILEGES,
|
|
RestrictedSids: PTOKEN_GROUPS,
|
|
NewTokenHandle: PHANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwFilterTokenEx(
|
|
ExistingTokenHandle: HANDLE,
|
|
Flags: ULONG,
|
|
SidsToDisable: PTOKEN_GROUPS,
|
|
PrivilegesToDelete: PTOKEN_PRIVILEGES,
|
|
RestrictedSids: PTOKEN_GROUPS,
|
|
DisableUserClaimsCount: ULONG,
|
|
UserClaimsToDisable: PUNICODE_STRING,
|
|
DisableDeviceClaimsCount: ULONG,
|
|
DeviceClaimsToDisable: PUNICODE_STRING,
|
|
DeviceGroupsToDisable: PTOKEN_GROUPS,
|
|
RestrictedUserAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
|
|
RestrictedDeviceAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
|
|
RestrictedDeviceGroups: PTOKEN_GROUPS,
|
|
NewTokenHandle: PHANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwFindAtom(
|
|
AtomName: PWSTR,
|
|
Length: ULONG,
|
|
Atom: PRTL_ATOM,
|
|
) -> NTSTATUS;
|
|
fn ZwFlushBuffersFile(
|
|
FileHandle: HANDLE,
|
|
IoStatusBlock: PIO_STATUS_BLOCK,
|
|
) -> NTSTATUS;
|
|
fn ZwFlushBuffersFileEx(
|
|
FileHandle: HANDLE,
|
|
Flags: ULONG,
|
|
Parameters: PVOID,
|
|
ParametersSize: ULONG,
|
|
IoStatusBlock: PIO_STATUS_BLOCK,
|
|
) -> NTSTATUS;
|
|
fn ZwFlushInstallUILanguage(
|
|
InstallUILanguage: LANGID,
|
|
SetComittedFlag: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwFlushInstructionCache(
|
|
ProcessHandle: HANDLE,
|
|
BaseAddress: PVOID,
|
|
Length: SIZE_T,
|
|
) -> NTSTATUS;
|
|
fn ZwFlushKey(
|
|
KeyHandle: HANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwFlushProcessWriteBuffers();
|
|
fn ZwFlushWriteBuffer() -> NTSTATUS;
|
|
fn ZwFreeUserPhysicalPages(
|
|
ProcessHandle: HANDLE,
|
|
NumberOfPages: PULONG_PTR,
|
|
UserPfnArray: PULONG_PTR,
|
|
) -> NTSTATUS;
|
|
fn ZwFreeVirtualMemory(
|
|
ProcessHandle: HANDLE,
|
|
BaseAddress: *mut PVOID,
|
|
RegionSize: PSIZE_T,
|
|
FreeType: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwFreezeRegistry(
|
|
TimeOutInSeconds: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwFreezeTransactions(
|
|
FreezeTimeout: PLARGE_INTEGER,
|
|
ThawTimeout: PLARGE_INTEGER,
|
|
) -> NTSTATUS;
|
|
fn ZwFsControlFile(
|
|
FileHandle: HANDLE,
|
|
Event: HANDLE,
|
|
ApcRoutine: PIO_APC_ROUTINE,
|
|
ApcContext: PVOID,
|
|
IoStatusBlock: PIO_STATUS_BLOCK,
|
|
FsControlCode: ULONG,
|
|
InputBuffer: PVOID,
|
|
InputBufferLength: ULONG,
|
|
OutputBuffer: PVOID,
|
|
OutputBufferLength: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwGetCachedSigningLevel(
|
|
File: HANDLE,
|
|
Flags: PULONG,
|
|
SigningLevel: PSE_SIGNING_LEVEL,
|
|
Thumbprint: PUCHAR,
|
|
ThumbprintSize: PULONG,
|
|
ThumbprintAlgorithm: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwGetCompleteWnfStateSubscription(
|
|
OldDescriptorStateName: PWNF_STATE_NAME,
|
|
OldSubscriptionId: *mut ULONG64,
|
|
OldDescriptorEventMask: ULONG,
|
|
OldDescriptorStatus: ULONG,
|
|
NewDeliveryDescriptor: PWNF_DELIVERY_DESCRIPTOR,
|
|
DescriptorSize: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwGetContextThread(
|
|
ThreadHandle: HANDLE,
|
|
ThreadContext: PCONTEXT,
|
|
) -> NTSTATUS;
|
|
fn ZwGetCurrentProcessorNumber() -> ULONG;
|
|
fn ZwGetDevicePowerState(
|
|
Device: HANDLE,
|
|
State: PDEVICE_POWER_STATE,
|
|
) -> NTSTATUS;
|
|
fn ZwGetMUIRegistryInfo(
|
|
Flags: ULONG,
|
|
DataSize: PULONG,
|
|
Data: PVOID,
|
|
) -> NTSTATUS;
|
|
fn ZwGetNextProcess(
|
|
ProcessHandle: HANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
HandleAttributes: ULONG,
|
|
Flags: ULONG,
|
|
NewProcessHandle: PHANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwGetNextThread(
|
|
ProcessHandle: HANDLE,
|
|
ThreadHandle: HANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
HandleAttributes: ULONG,
|
|
Flags: ULONG,
|
|
NewThreadHandle: PHANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwGetNlsSectionPtr(
|
|
SectionType: ULONG,
|
|
SectionData: ULONG,
|
|
ContextData: PVOID,
|
|
SectionPointer: *mut PVOID,
|
|
SectionSize: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwGetNotificationResourceManager(
|
|
ResourceManagerHandle: HANDLE,
|
|
TransactionNotification: PTRANSACTION_NOTIFICATION,
|
|
NotificationLength: ULONG,
|
|
Timeout: PLARGE_INTEGER,
|
|
ReturnLength: PULONG,
|
|
Asynchronous: ULONG,
|
|
AsynchronousContext: ULONG_PTR,
|
|
) -> NTSTATUS;
|
|
fn ZwGetPlugPlayEvent(
|
|
EventHandle: HANDLE,
|
|
Context: PVOID,
|
|
EventBlock: PPLUGPLAY_EVENT_BLOCK,
|
|
EventBufferSize: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwGetWriteWatch(
|
|
ProcessHandle: HANDLE,
|
|
Flags: ULONG,
|
|
BaseAddress: PVOID,
|
|
RegionSize: SIZE_T,
|
|
UserAddressArray: *mut PVOID,
|
|
EntriesInUserAddressArray: PULONG_PTR,
|
|
Granularity: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwImpersonateAnonymousToken(
|
|
ThreadHandle: HANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwImpersonateClientOfPort(
|
|
PortHandle: HANDLE,
|
|
Message: PPORT_MESSAGE,
|
|
) -> NTSTATUS;
|
|
fn ZwImpersonateThread(
|
|
ServerThreadHandle: HANDLE,
|
|
ClientThreadHandle: HANDLE,
|
|
SecurityQos: PSECURITY_QUALITY_OF_SERVICE,
|
|
) -> NTSTATUS;
|
|
fn ZwInitializeNlsFiles(
|
|
BaseAddress: *mut PVOID,
|
|
DefaultLocaleId: PLCID,
|
|
DefaultCasingTableSize: PLARGE_INTEGER,
|
|
) -> NTSTATUS;
|
|
fn ZwInitializeRegistry(
|
|
BootCondition: USHORT,
|
|
) -> NTSTATUS;
|
|
fn ZwInitiatePowerAction(
|
|
SystemAction: POWER_ACTION,
|
|
LightestSystemState: SYSTEM_POWER_STATE,
|
|
Flags: ULONG,
|
|
Asynchronous: BOOLEAN,
|
|
) -> NTSTATUS;
|
|
fn ZwIsProcessInJob(
|
|
ProcessHandle: HANDLE,
|
|
JobHandle: HANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwIsSystemResumeAutomatic() -> BOOLEAN;
|
|
fn ZwIsUILanguageComitted() -> NTSTATUS;
|
|
fn ZwListenPort(
|
|
PortHandle: HANDLE,
|
|
ConnectionRequest: PPORT_MESSAGE,
|
|
) -> NTSTATUS;
|
|
fn ZwLoadDriver(
|
|
DriverServiceName: PUNICODE_STRING,
|
|
) -> NTSTATUS;
|
|
fn ZwLoadKey(
|
|
TargetKey: POBJECT_ATTRIBUTES,
|
|
SourceFile: POBJECT_ATTRIBUTES,
|
|
) -> NTSTATUS;
|
|
fn ZwLoadKey2(
|
|
TargetKey: POBJECT_ATTRIBUTES,
|
|
SourceFile: POBJECT_ATTRIBUTES,
|
|
Flags: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwLoadKeyEx(
|
|
TargetKey: POBJECT_ATTRIBUTES,
|
|
SourceFile: POBJECT_ATTRIBUTES,
|
|
Flags: ULONG,
|
|
TrustClassKey: HANDLE,
|
|
Event: HANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
RootHandle: PHANDLE,
|
|
IoStatus: PIO_STATUS_BLOCK,
|
|
) -> NTSTATUS;
|
|
fn ZwLockFile(
|
|
FileHandle: HANDLE,
|
|
Event: HANDLE,
|
|
ApcRoutine: PIO_APC_ROUTINE,
|
|
ApcContext: PVOID,
|
|
IoStatusBlock: PIO_STATUS_BLOCK,
|
|
ByteOffset: PLARGE_INTEGER,
|
|
Length: PLARGE_INTEGER,
|
|
Key: ULONG,
|
|
FailImmediately: BOOLEAN,
|
|
ExclusiveLock: BOOLEAN,
|
|
) -> NTSTATUS;
|
|
fn ZwLockProductActivationKeys(
|
|
pPrivateVer: *mut ULONG,
|
|
pSafeMode: *mut ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwLockRegistryKey(
|
|
KeyHandle: HANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwLockVirtualMemory(
|
|
ProcessHandle: HANDLE,
|
|
BaseAddress: *mut PVOID,
|
|
RegionSize: PSIZE_T,
|
|
MapType: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwMakePermanentObject(
|
|
Handle: HANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwMakeTemporaryObject(
|
|
Handle: HANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwManagePartition(
|
|
PartitionInformationClass: MEMORY_PARTITION_INFORMATION_CLASS,
|
|
PartitionInformation: PVOID,
|
|
PartitionInformationLength: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwMapCMFModule(
|
|
What: ULONG,
|
|
Index: ULONG,
|
|
CacheIndexOut: PULONG,
|
|
CacheFlagsOut: PULONG,
|
|
ViewSizeOut: PULONG,
|
|
BaseAddress: *mut PVOID,
|
|
) -> NTSTATUS;
|
|
fn ZwMapUserPhysicalPages(
|
|
VirtualAddress: PVOID,
|
|
NumberOfPages: ULONG_PTR,
|
|
UserPfnArray: PULONG_PTR,
|
|
) -> NTSTATUS;
|
|
fn ZwMapUserPhysicalPagesScatter(
|
|
VirtualAddresses: *mut PVOID,
|
|
NumberOfPages: ULONG_PTR,
|
|
UserPfnArray: PULONG_PTR,
|
|
) -> NTSTATUS;
|
|
fn ZwMapViewOfSection(
|
|
SectionHandle: HANDLE,
|
|
ProcessHandle: HANDLE,
|
|
BaseAddress: *mut PVOID,
|
|
ZeroBits: ULONG_PTR,
|
|
CommitSize: SIZE_T,
|
|
SectionOffset: PLARGE_INTEGER,
|
|
ViewSize: PSIZE_T,
|
|
InheritDisposition: SECTION_INHERIT,
|
|
AllocationType: ULONG,
|
|
Win32Protect: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwModifyBootEntry(
|
|
BootEntry: PBOOT_ENTRY,
|
|
) -> NTSTATUS;
|
|
fn ZwModifyDriverEntry(
|
|
DriverEntry: PEFI_DRIVER_ENTRY,
|
|
) -> NTSTATUS;
|
|
fn ZwNotifyChangeDirectoryFile(
|
|
FileHandle: HANDLE,
|
|
Event: HANDLE,
|
|
ApcRoutine: PIO_APC_ROUTINE,
|
|
ApcContext: PVOID,
|
|
IoStatusBlock: PIO_STATUS_BLOCK,
|
|
Buffer: PVOID,
|
|
Length: ULONG,
|
|
CompletionFilter: ULONG,
|
|
WatchTree: BOOLEAN,
|
|
) -> NTSTATUS;
|
|
fn ZwNotifyChangeKey(
|
|
KeyHandle: HANDLE,
|
|
Event: HANDLE,
|
|
ApcRoutine: PIO_APC_ROUTINE,
|
|
ApcContext: PVOID,
|
|
IoStatusBlock: PIO_STATUS_BLOCK,
|
|
CompletionFilter: ULONG,
|
|
WatchTree: BOOLEAN,
|
|
Buffer: PVOID,
|
|
BufferSize: ULONG,
|
|
Asynchronous: BOOLEAN,
|
|
) -> NTSTATUS;
|
|
fn ZwNotifyChangeMultipleKeys(
|
|
MasterKeyHandle: HANDLE,
|
|
Count: ULONG,
|
|
SubordinateObjects: *mut OBJECT_ATTRIBUTES,
|
|
Event: HANDLE,
|
|
ApcRoutine: PIO_APC_ROUTINE,
|
|
ApcContext: PVOID,
|
|
IoStatusBlock: PIO_STATUS_BLOCK,
|
|
CompletionFilter: ULONG,
|
|
WatchTree: BOOLEAN,
|
|
Buffer: PVOID,
|
|
BufferSize: ULONG,
|
|
Asynchronous: BOOLEAN,
|
|
) -> NTSTATUS;
|
|
fn ZwNotifyChangeSession(
|
|
SessionHandle: HANDLE,
|
|
ChangeSequenceNumber: ULONG,
|
|
ChangeTimeStamp: PLARGE_INTEGER,
|
|
Event: IO_SESSION_EVENT,
|
|
NewState: IO_SESSION_STATE,
|
|
PreviousState: IO_SESSION_STATE,
|
|
Payload: PVOID,
|
|
PayloadSize: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwOpenDirectoryObject(
|
|
DirectoryHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
) -> NTSTATUS;
|
|
fn ZwOpenEnlistment(
|
|
EnlistmentHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
RmHandle: HANDLE,
|
|
EnlistmentGuid: LPGUID,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
) -> NTSTATUS;
|
|
fn ZwOpenEvent(
|
|
EventHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
) -> NTSTATUS;
|
|
fn ZwOpenEventPair(
|
|
EventPairHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
) -> NTSTATUS;
|
|
fn ZwOpenFile(
|
|
FileHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
IoStatusBlock: PIO_STATUS_BLOCK,
|
|
ShareAccess: ULONG,
|
|
OpenOptions: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwOpenIoCompletion(
|
|
IoCompletionHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
) -> NTSTATUS;
|
|
fn ZwOpenJobObject(
|
|
JobHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
) -> NTSTATUS;
|
|
fn ZwOpenKey(
|
|
KeyHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
) -> NTSTATUS;
|
|
fn ZwOpenKeyEx(
|
|
KeyHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
OpenOptions: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwOpenKeyTransacted(
|
|
KeyHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
TransactionHandle: HANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwOpenKeyTransactedEx(
|
|
KeyHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
OpenOptions: ULONG,
|
|
TransactionHandle: HANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwOpenKeyedEvent(
|
|
KeyedEventHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
) -> NTSTATUS;
|
|
fn ZwOpenMutant(
|
|
MutantHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
) -> NTSTATUS;
|
|
fn ZwOpenObjectAuditAlarm(
|
|
SubsystemName: PUNICODE_STRING,
|
|
HandleId: PVOID,
|
|
ObjectTypeName: PUNICODE_STRING,
|
|
ObjectName: PUNICODE_STRING,
|
|
SecurityDescriptor: PSECURITY_DESCRIPTOR,
|
|
ClientToken: HANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
GrantedAccess: ACCESS_MASK,
|
|
Privileges: PPRIVILEGE_SET,
|
|
ObjectCreation: BOOLEAN,
|
|
AccessGranted: BOOLEAN,
|
|
GenerateOnClose: PBOOLEAN,
|
|
) -> NTSTATUS;
|
|
fn ZwOpenPartition(
|
|
PartitionHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
) -> NTSTATUS;
|
|
fn ZwOpenPrivateNamespace(
|
|
NamespaceHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
BoundaryDescriptor: PVOID,
|
|
) -> NTSTATUS;
|
|
fn ZwOpenProcess(
|
|
ProcessHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
ClientId: PCLIENT_ID,
|
|
) -> NTSTATUS;
|
|
fn ZwOpenProcessToken(
|
|
ProcessHandle: HANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
TokenHandle: PHANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwOpenProcessTokenEx(
|
|
ProcessHandle: HANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
HandleAttributes: ULONG,
|
|
TokenHandle: PHANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwOpenResourceManager(
|
|
ResourceManagerHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
TmHandle: HANDLE,
|
|
ResourceManagerGuid: LPGUID,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
) -> NTSTATUS;
|
|
fn ZwOpenSection(
|
|
SectionHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
) -> NTSTATUS;
|
|
fn ZwOpenSemaphore(
|
|
SemaphoreHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
) -> NTSTATUS;
|
|
fn ZwOpenSession(
|
|
SessionHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
) -> NTSTATUS;
|
|
fn ZwOpenSymbolicLinkObject(
|
|
LinkHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
) -> NTSTATUS;
|
|
fn ZwOpenThread(
|
|
ThreadHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
ClientId: PCLIENT_ID,
|
|
) -> NTSTATUS;
|
|
fn ZwOpenThreadToken(
|
|
ThreadHandle: HANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
OpenAsSelf: BOOLEAN,
|
|
TokenHandle: PHANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwOpenThreadTokenEx(
|
|
ThreadHandle: HANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
OpenAsSelf: BOOLEAN,
|
|
HandleAttributes: ULONG,
|
|
TokenHandle: PHANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwOpenTimer(
|
|
TimerHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
) -> NTSTATUS;
|
|
fn ZwOpenTransaction(
|
|
TransactionHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
Uow: LPGUID,
|
|
TmHandle: HANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwOpenTransactionManager(
|
|
TmHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
LogFileName: PUNICODE_STRING,
|
|
TmIdentity: LPGUID,
|
|
OpenOptions: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwPlugPlayControl(
|
|
PnPControlClass: PLUGPLAY_CONTROL_CLASS,
|
|
PnPControlData: PVOID,
|
|
PnPControlDataLength: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwPowerInformation(
|
|
InformationLevel: POWER_INFORMATION_LEVEL,
|
|
InputBuffer: PVOID,
|
|
InputBufferLength: ULONG,
|
|
OutputBuffer: PVOID,
|
|
OutputBufferLength: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwPrePrepareComplete(
|
|
EnlistmentHandle: HANDLE,
|
|
TmVirtualClock: PLARGE_INTEGER,
|
|
) -> NTSTATUS;
|
|
fn ZwPrePrepareEnlistment(
|
|
EnlistmentHandle: HANDLE,
|
|
TmVirtualClock: PLARGE_INTEGER,
|
|
) -> NTSTATUS;
|
|
fn ZwPrepareComplete(
|
|
EnlistmentHandle: HANDLE,
|
|
TmVirtualClock: PLARGE_INTEGER,
|
|
) -> NTSTATUS;
|
|
fn ZwPrepareEnlistment(
|
|
EnlistmentHandle: HANDLE,
|
|
TmVirtualClock: PLARGE_INTEGER,
|
|
) -> NTSTATUS;
|
|
fn ZwPrivilegeCheck(
|
|
ClientToken: HANDLE,
|
|
RequiredPrivileges: PPRIVILEGE_SET,
|
|
Result: PBOOLEAN,
|
|
) -> NTSTATUS;
|
|
fn ZwPrivilegeObjectAuditAlarm(
|
|
SubsystemName: PUNICODE_STRING,
|
|
HandleId: PVOID,
|
|
ClientToken: HANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
Privileges: PPRIVILEGE_SET,
|
|
AccessGranted: BOOLEAN,
|
|
) -> NTSTATUS;
|
|
fn ZwPrivilegedServiceAuditAlarm(
|
|
SubsystemName: PUNICODE_STRING,
|
|
ServiceName: PUNICODE_STRING,
|
|
ClientToken: HANDLE,
|
|
Privileges: PPRIVILEGE_SET,
|
|
AccessGranted: BOOLEAN,
|
|
) -> NTSTATUS;
|
|
fn ZwPropagationComplete(
|
|
ResourceManagerHandle: HANDLE,
|
|
RequestCookie: ULONG,
|
|
BufferLength: ULONG,
|
|
Buffer: PVOID,
|
|
) -> NTSTATUS;
|
|
fn ZwPropagationFailed(
|
|
ResourceManagerHandle: HANDLE,
|
|
RequestCookie: ULONG,
|
|
PropStatus: NTSTATUS,
|
|
) -> NTSTATUS;
|
|
fn ZwProtectVirtualMemory(
|
|
ProcessHandle: HANDLE,
|
|
BaseAddress: *mut PVOID,
|
|
RegionSize: PSIZE_T,
|
|
NewProtect: ULONG,
|
|
OldProtect: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwPulseEvent(
|
|
EventHandle: HANDLE,
|
|
PreviousState: PLONG,
|
|
) -> NTSTATUS;
|
|
fn ZwQueryAttributesFile(
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
FileInformation: PFILE_BASIC_INFORMATION,
|
|
) -> NTSTATUS;
|
|
fn ZwQueryBootEntryOrder(
|
|
Ids: PULONG,
|
|
Count: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwQueryBootOptions(
|
|
BootOptions: PBOOT_OPTIONS,
|
|
BootOptionsLength: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwQueryDebugFilterState(
|
|
ComponentId: ULONG,
|
|
Level: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwQueryDefaultLocale(
|
|
UserProfile: BOOLEAN,
|
|
DefaultLocaleId: PLCID,
|
|
) -> NTSTATUS;
|
|
fn ZwQueryDefaultUILanguage(
|
|
DefaultUILanguageId: *mut LANGID,
|
|
) -> NTSTATUS;
|
|
fn ZwQueryDirectoryFile(
|
|
FileHandle: HANDLE,
|
|
Event: HANDLE,
|
|
ApcRoutine: PIO_APC_ROUTINE,
|
|
ApcContext: PVOID,
|
|
IoStatusBlock: PIO_STATUS_BLOCK,
|
|
FileInformation: PVOID,
|
|
Length: ULONG,
|
|
FileInformationClass: FILE_INFORMATION_CLASS,
|
|
ReturnSingleEntry: BOOLEAN,
|
|
FileName: PUNICODE_STRING,
|
|
RestartScan: BOOLEAN,
|
|
) -> NTSTATUS;
|
|
fn ZwQueryDirectoryObject(
|
|
DirectoryHandle: HANDLE,
|
|
Buffer: PVOID,
|
|
Length: ULONG,
|
|
ReturnSingleEntry: BOOLEAN,
|
|
RestartScan: BOOLEAN,
|
|
Context: PULONG,
|
|
ReturnLength: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwQueryDriverEntryOrder(
|
|
Ids: PULONG,
|
|
Count: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwQueryEaFile(
|
|
FileHandle: HANDLE,
|
|
IoStatusBlock: PIO_STATUS_BLOCK,
|
|
Buffer: PVOID,
|
|
Length: ULONG,
|
|
ReturnSingleEntry: BOOLEAN,
|
|
EaList: PVOID,
|
|
EaListLength: ULONG,
|
|
EaIndex: PULONG,
|
|
RestartScan: BOOLEAN,
|
|
) -> NTSTATUS;
|
|
fn ZwQueryEvent(
|
|
EventHandle: HANDLE,
|
|
EventInformationClass: EVENT_INFORMATION_CLASS,
|
|
EventInformation: PVOID,
|
|
EventInformationLength: ULONG,
|
|
ReturnLength: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwQueryFullAttributesFile(
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
FileInformation: PFILE_NETWORK_OPEN_INFORMATION,
|
|
) -> NTSTATUS;
|
|
fn ZwQueryInformationAtom(
|
|
Atom: RTL_ATOM,
|
|
AtomInformationClass: ATOM_INFORMATION_CLASS,
|
|
AtomInformation: PVOID,
|
|
AtomInformationLength: ULONG,
|
|
ReturnLength: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwQueryInformationEnlistment(
|
|
EnlistmentHandle: HANDLE,
|
|
EnlistmentInformationClass: ENLISTMENT_INFORMATION_CLASS,
|
|
EnlistmentInformation: PVOID,
|
|
EnlistmentInformationLength: ULONG,
|
|
ReturnLength: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwQueryInformationFile(
|
|
FileHandle: HANDLE,
|
|
IoStatusBlock: PIO_STATUS_BLOCK,
|
|
FileInformation: PVOID,
|
|
Length: ULONG,
|
|
FileInformationClass: FILE_INFORMATION_CLASS,
|
|
) -> NTSTATUS;
|
|
fn ZwQueryInformationJobObject(
|
|
JobHandle: HANDLE,
|
|
JobObjectInformationClass: JOBOBJECTINFOCLASS,
|
|
JobObjectInformation: PVOID,
|
|
JobObjectInformationLength: ULONG,
|
|
ReturnLength: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwQueryInformationPort(
|
|
PortHandle: HANDLE,
|
|
PortInformationClass: PORT_INFORMATION_CLASS,
|
|
PortInformation: PVOID,
|
|
Length: ULONG,
|
|
ReturnLength: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwQueryInformationProcess(
|
|
ProcessHandle: HANDLE,
|
|
ProcessInformationClass: PROCESSINFOCLASS,
|
|
ProcessInformation: PVOID,
|
|
ProcessInformationLength: ULONG,
|
|
ReturnLength: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwQueryInformationResourceManager(
|
|
ResourceManagerHandle: HANDLE,
|
|
ResourceManagerInformationClass: RESOURCEMANAGER_INFORMATION_CLASS,
|
|
ResourceManagerInformation: PVOID,
|
|
ResourceManagerInformationLength: ULONG,
|
|
ReturnLength: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwQueryInformationThread(
|
|
ThreadHandle: HANDLE,
|
|
ThreadInformationClass: THREADINFOCLASS,
|
|
ThreadInformation: PVOID,
|
|
ThreadInformationLength: ULONG,
|
|
ReturnLength: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwQueryInformationToken(
|
|
TokenHandle: HANDLE,
|
|
TokenInformationClass: TOKEN_INFORMATION_CLASS,
|
|
TokenInformation: PVOID,
|
|
TokenInformationLength: ULONG,
|
|
ReturnLength: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwQueryInformationTransaction(
|
|
TransactionHandle: HANDLE,
|
|
TransactionInformationClass: TRANSACTION_INFORMATION_CLASS,
|
|
TransactionInformation: PVOID,
|
|
TransactionInformationLength: ULONG,
|
|
ReturnLength: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwQueryInformationTransactionManager(
|
|
TransactionManagerHandle: HANDLE,
|
|
TransactionManagerInformationClass: TRANSACTIONMANAGER_INFORMATION_CLASS,
|
|
TransactionManagerInformation: PVOID,
|
|
TransactionManagerInformationLength: ULONG,
|
|
ReturnLength: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwQueryInformationWorkerFactory(
|
|
WorkerFactoryHandle: HANDLE,
|
|
WorkerFactoryInformationClass: WORKERFACTORYINFOCLASS,
|
|
WorkerFactoryInformation: PVOID,
|
|
WorkerFactoryInformationLength: ULONG,
|
|
ReturnLength: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwQueryInstallUILanguage(
|
|
InstallUILanguageId: *mut LANGID,
|
|
) -> NTSTATUS;
|
|
fn ZwQueryIntervalProfile(
|
|
ProfileSource: KPROFILE_SOURCE,
|
|
Interval: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwQueryIoCompletion(
|
|
IoCompletionHandle: HANDLE,
|
|
IoCompletionInformationClass: IO_COMPLETION_INFORMATION_CLASS,
|
|
IoCompletionInformation: PVOID,
|
|
IoCompletionInformationLength: ULONG,
|
|
ReturnLength: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwQueryKey(
|
|
KeyHandle: HANDLE,
|
|
KeyInformationClass: KEY_INFORMATION_CLASS,
|
|
KeyInformation: PVOID,
|
|
Length: ULONG,
|
|
ResultLength: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwQueryLicenseValue(
|
|
ValueName: PUNICODE_STRING,
|
|
Type: PULONG,
|
|
Data: PVOID,
|
|
DataSize: ULONG,
|
|
ResultDataSize: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwQueryMultipleValueKey(
|
|
KeyHandle: HANDLE,
|
|
ValueEntries: PKEY_VALUE_ENTRY,
|
|
EntryCount: ULONG,
|
|
ValueBuffer: PVOID,
|
|
BufferLength: PULONG,
|
|
RequiredBufferLength: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwQueryMutant(
|
|
MutantHandle: HANDLE,
|
|
MutantInformationClass: MUTANT_INFORMATION_CLASS,
|
|
MutantInformation: PVOID,
|
|
MutantInformationLength: ULONG,
|
|
ReturnLength: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwQueryObject(
|
|
Handle: HANDLE,
|
|
ObjectInformationClass: OBJECT_INFORMATION_CLASS,
|
|
ObjectInformation: PVOID,
|
|
ObjectInformationLength: ULONG,
|
|
ReturnLength: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwQueryOpenSubKeys(
|
|
TargetKey: POBJECT_ATTRIBUTES,
|
|
HandleCount: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwQueryOpenSubKeysEx(
|
|
TargetKey: POBJECT_ATTRIBUTES,
|
|
BufferLength: ULONG,
|
|
Buffer: PVOID,
|
|
RequiredSize: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwQueryPerformanceCounter(
|
|
PerformanceCounter: PLARGE_INTEGER,
|
|
PerformanceFrequency: PLARGE_INTEGER,
|
|
) -> NTSTATUS;
|
|
fn ZwQueryPortInformationProcess() -> NTSTATUS;
|
|
fn ZwQueryQuotaInformationFile(
|
|
FileHandle: HANDLE,
|
|
IoStatusBlock: PIO_STATUS_BLOCK,
|
|
Buffer: PVOID,
|
|
Length: ULONG,
|
|
ReturnSingleEntry: BOOLEAN,
|
|
SidList: PVOID,
|
|
SidListLength: ULONG,
|
|
StartSid: PSID,
|
|
RestartScan: BOOLEAN,
|
|
) -> NTSTATUS;
|
|
fn ZwQuerySection(
|
|
SectionHandle: HANDLE,
|
|
SectionInformationClass: SECTION_INFORMATION_CLASS,
|
|
SectionInformation: PVOID,
|
|
SectionInformationLength: SIZE_T,
|
|
ReturnLength: PSIZE_T,
|
|
) -> NTSTATUS;
|
|
fn ZwQuerySecurityAttributesToken(
|
|
TokenHandle: HANDLE,
|
|
Attributes: PUNICODE_STRING,
|
|
NumberOfAttributes: ULONG,
|
|
Buffer: PVOID,
|
|
Length: ULONG,
|
|
ReturnLength: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwQuerySecurityObject(
|
|
Handle: HANDLE,
|
|
SecurityInformation: SECURITY_INFORMATION,
|
|
SecurityDescriptor: PSECURITY_DESCRIPTOR,
|
|
Length: ULONG,
|
|
LengthNeeded: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwQuerySemaphore(
|
|
SemaphoreHandle: HANDLE,
|
|
SemaphoreInformationClass: SEMAPHORE_INFORMATION_CLASS,
|
|
SemaphoreInformation: PVOID,
|
|
SemaphoreInformationLength: ULONG,
|
|
ReturnLength: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwQuerySymbolicLinkObject(
|
|
LinkHandle: HANDLE,
|
|
LinkTarget: PUNICODE_STRING,
|
|
ReturnedLength: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwQuerySystemEnvironmentValue(
|
|
VariableName: PUNICODE_STRING,
|
|
VariableValue: PWSTR,
|
|
ValueLength: USHORT,
|
|
ReturnLength: PUSHORT,
|
|
) -> NTSTATUS;
|
|
fn ZwQuerySystemEnvironmentValueEx(
|
|
VariableName: PUNICODE_STRING,
|
|
VendorGuid: LPGUID,
|
|
Value: PVOID,
|
|
ValueLength: PULONG,
|
|
Attributes: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwQuerySystemInformation(
|
|
SystemInformationClass: SYSTEM_INFORMATION_CLASS,
|
|
SystemInformation: PVOID,
|
|
SystemInformationLength: ULONG,
|
|
ReturnLength: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwQuerySystemInformationEx(
|
|
SystemInformationClass: SYSTEM_INFORMATION_CLASS,
|
|
InputBuffer: PVOID,
|
|
InputBufferLength: ULONG,
|
|
SystemInformation: PVOID,
|
|
SystemInformationLength: ULONG,
|
|
ReturnLength: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwQuerySystemTime(
|
|
SystemTime: PLARGE_INTEGER,
|
|
) -> NTSTATUS;
|
|
fn ZwQueryTimer(
|
|
TimerHandle: HANDLE,
|
|
TimerInformationClass: TIMER_INFORMATION_CLASS,
|
|
TimerInformation: PVOID,
|
|
TimerInformationLength: ULONG,
|
|
ReturnLength: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwQueryTimerResolution(
|
|
MaximumTime: PULONG,
|
|
MinimumTime: PULONG,
|
|
CurrentTime: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwQueryValueKey(
|
|
KeyHandle: HANDLE,
|
|
ValueName: PUNICODE_STRING,
|
|
KeyValueInformationClass: KEY_VALUE_INFORMATION_CLASS,
|
|
KeyValueInformation: PVOID,
|
|
Length: ULONG,
|
|
ResultLength: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwQueryVirtualMemory(
|
|
ProcessHandle: HANDLE,
|
|
BaseAddress: PVOID,
|
|
MemoryInformationClass: MEMORY_INFORMATION_CLASS,
|
|
MemoryInformation: PVOID,
|
|
MemoryInformationLength: SIZE_T,
|
|
ReturnLength: PSIZE_T,
|
|
) -> NTSTATUS;
|
|
fn ZwQueryVolumeInformationFile(
|
|
FileHandle: HANDLE,
|
|
IoStatusBlock: PIO_STATUS_BLOCK,
|
|
FsInformation: PVOID,
|
|
Length: ULONG,
|
|
FsInformationClass: FS_INFORMATION_CLASS,
|
|
) -> NTSTATUS;
|
|
fn ZwQueryWnfStateData(
|
|
StateName: PCWNF_STATE_NAME,
|
|
TypeId: PCWNF_TYPE_ID,
|
|
ExplicitScope: *const VOID,
|
|
ChangeStamp: PWNF_CHANGE_STAMP,
|
|
Buffer: PVOID,
|
|
BufferSize: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwQueryWnfStateNameInformation(
|
|
StateName: PCWNF_STATE_NAME,
|
|
NameInfoClass: WNF_STATE_NAME_INFORMATION,
|
|
ExplicitScope: *const VOID,
|
|
InfoBuffer: PVOID,
|
|
InfoBufferSize: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwQueueApcThread(
|
|
ThreadHandle: HANDLE,
|
|
ApcRoutine: PPS_APC_ROUTINE,
|
|
ApcArgument1: PVOID,
|
|
ApcArgument2: PVOID,
|
|
ApcArgument3: PVOID,
|
|
) -> NTSTATUS;
|
|
fn ZwQueueApcThreadEx(
|
|
ThreadHandle: HANDLE,
|
|
UserApcReserveHandle: HANDLE,
|
|
ApcRoutine: PPS_APC_ROUTINE,
|
|
ApcArgument1: PVOID,
|
|
ApcArgument2: PVOID,
|
|
ApcArgument3: PVOID,
|
|
) -> NTSTATUS;
|
|
fn ZwRaiseException(
|
|
ExceptionRecord: PEXCEPTION_RECORD,
|
|
ContextRecord: PCONTEXT,
|
|
FirstChance: BOOLEAN,
|
|
) -> NTSTATUS;
|
|
fn ZwRaiseHardError(
|
|
ErrorStatus: NTSTATUS,
|
|
NumberOfParameters: ULONG,
|
|
UnicodeStringParameterMask: ULONG,
|
|
Parameters: PULONG_PTR,
|
|
ValidResponseOptions: ULONG,
|
|
Response: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwReadFile(
|
|
FileHandle: HANDLE,
|
|
Event: HANDLE,
|
|
ApcRoutine: PIO_APC_ROUTINE,
|
|
ApcContext: PVOID,
|
|
IoStatusBlock: PIO_STATUS_BLOCK,
|
|
Buffer: PVOID,
|
|
Length: ULONG,
|
|
ByteOffset: PLARGE_INTEGER,
|
|
Key: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwReadFileScatter(
|
|
FileHandle: HANDLE,
|
|
Event: HANDLE,
|
|
ApcRoutine: PIO_APC_ROUTINE,
|
|
ApcContext: PVOID,
|
|
IoStatusBlock: PIO_STATUS_BLOCK,
|
|
SegmentArray: PFILE_SEGMENT_ELEMENT,
|
|
Length: ULONG,
|
|
ByteOffset: PLARGE_INTEGER,
|
|
Key: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwReadOnlyEnlistment(
|
|
EnlistmentHandle: HANDLE,
|
|
TmVirtualClock: PLARGE_INTEGER,
|
|
) -> NTSTATUS;
|
|
fn ZwReadRequestData(
|
|
PortHandle: HANDLE,
|
|
Message: PPORT_MESSAGE,
|
|
DataEntryIndex: ULONG,
|
|
Buffer: PVOID,
|
|
BufferSize: SIZE_T,
|
|
NumberOfBytesRead: PSIZE_T,
|
|
) -> NTSTATUS;
|
|
fn ZwReadVirtualMemory(
|
|
ProcessHandle: HANDLE,
|
|
BaseAddress: PVOID,
|
|
Buffer: PVOID,
|
|
BufferSize: SIZE_T,
|
|
NumberOfBytesRead: PSIZE_T,
|
|
) -> NTSTATUS;
|
|
fn ZwRecoverEnlistment(
|
|
EnlistmentHandle: HANDLE,
|
|
EnlistmentKey: PVOID,
|
|
) -> NTSTATUS;
|
|
fn ZwRecoverResourceManager(
|
|
ResourceManagerHandle: HANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwRecoverTransactionManager(
|
|
TransactionManagerHandle: HANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwRegisterProtocolAddressInformation(
|
|
ResourceManager: HANDLE,
|
|
ProtocolId: PCRM_PROTOCOL_ID,
|
|
ProtocolInformationSize: ULONG,
|
|
ProtocolInformation: PVOID,
|
|
CreateOptions: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwRegisterThreadTerminatePort(
|
|
PortHandle: HANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwReleaseCMFViewOwnership() -> NTSTATUS;
|
|
fn ZwReleaseKeyedEvent(
|
|
KeyedEventHandle: HANDLE,
|
|
KeyValue: PVOID,
|
|
Alertable: BOOLEAN,
|
|
Timeout: PLARGE_INTEGER,
|
|
) -> NTSTATUS;
|
|
fn ZwReleaseMutant(
|
|
MutantHandle: HANDLE,
|
|
PreviousCount: PLONG,
|
|
) -> NTSTATUS;
|
|
fn ZwReleaseSemaphore(
|
|
SemaphoreHandle: HANDLE,
|
|
ReleaseCount: LONG,
|
|
PreviousCount: PLONG,
|
|
) -> NTSTATUS;
|
|
fn ZwReleaseWorkerFactoryWorker(
|
|
WorkerFactoryHandle: HANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwRemoveIoCompletion(
|
|
IoCompletionHandle: HANDLE,
|
|
KeyContext: *mut PVOID,
|
|
ApcContext: *mut PVOID,
|
|
IoStatusBlock: PIO_STATUS_BLOCK,
|
|
Timeout: PLARGE_INTEGER,
|
|
) -> NTSTATUS;
|
|
fn ZwRemoveIoCompletionEx(
|
|
IoCompletionHandle: HANDLE,
|
|
IoCompletionInformation: PFILE_IO_COMPLETION_INFORMATION,
|
|
Count: ULONG,
|
|
NumEntriesRemoved: PULONG,
|
|
Timeout: PLARGE_INTEGER,
|
|
Alertable: BOOLEAN,
|
|
) -> NTSTATUS;
|
|
fn ZwRemoveProcessDebug(
|
|
ProcessHandle: HANDLE,
|
|
DebugObjectHandle: HANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwRenameKey(
|
|
KeyHandle: HANDLE,
|
|
NewName: PUNICODE_STRING,
|
|
) -> NTSTATUS;
|
|
fn ZwRenameTransactionManager(
|
|
LogFileName: PUNICODE_STRING,
|
|
ExistingTransactionManagerGuid: LPGUID,
|
|
) -> NTSTATUS;
|
|
fn ZwReplaceKey(
|
|
NewFile: POBJECT_ATTRIBUTES,
|
|
TargetHandle: HANDLE,
|
|
OldFile: POBJECT_ATTRIBUTES,
|
|
) -> NTSTATUS;
|
|
fn ZwReplacePartitionUnit(
|
|
TargetInstancePath: PUNICODE_STRING,
|
|
SpareInstancePath: PUNICODE_STRING,
|
|
Flags: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwReplyPort(
|
|
PortHandle: HANDLE,
|
|
ReplyMessage: PPORT_MESSAGE,
|
|
) -> NTSTATUS;
|
|
fn ZwReplyWaitReceivePort(
|
|
PortHandle: HANDLE,
|
|
PortContext: *mut PVOID,
|
|
ReplyMessage: PPORT_MESSAGE,
|
|
ReceiveMessage: PPORT_MESSAGE,
|
|
) -> NTSTATUS;
|
|
fn ZwReplyWaitReceivePortEx(
|
|
PortHandle: HANDLE,
|
|
PortContext: *mut PVOID,
|
|
ReplyMessage: PPORT_MESSAGE,
|
|
ReceiveMessage: PPORT_MESSAGE,
|
|
Timeout: PLARGE_INTEGER,
|
|
) -> NTSTATUS;
|
|
fn ZwReplyWaitReplyPort(
|
|
PortHandle: HANDLE,
|
|
ReplyMessage: PPORT_MESSAGE,
|
|
) -> NTSTATUS;
|
|
fn ZwRequestPort(
|
|
PortHandle: HANDLE,
|
|
RequestMessage: PPORT_MESSAGE,
|
|
) -> NTSTATUS;
|
|
fn ZwRequestWaitReplyPort(
|
|
PortHandle: HANDLE,
|
|
RequestMessage: PPORT_MESSAGE,
|
|
ReplyMessage: PPORT_MESSAGE,
|
|
) -> NTSTATUS;
|
|
fn ZwRequestWakeupLatency(
|
|
latency: LATENCY_TIME,
|
|
) -> NTSTATUS;
|
|
fn ZwResetEvent(
|
|
EventHandle: HANDLE,
|
|
PreviousState: PLONG,
|
|
) -> NTSTATUS;
|
|
fn ZwResetWriteWatch(
|
|
ProcessHandle: HANDLE,
|
|
BaseAddress: PVOID,
|
|
RegionSize: SIZE_T,
|
|
) -> NTSTATUS;
|
|
fn ZwRestoreKey(
|
|
KeyHandle: HANDLE,
|
|
FileHandle: HANDLE,
|
|
Flags: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwResumeProcess(
|
|
ProcessHandle: HANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwResumeThread(
|
|
ThreadHandle: HANDLE,
|
|
PreviousSuspendCount: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwRevertContainerImpersonation() -> NTSTATUS;
|
|
fn ZwRollbackComplete(
|
|
EnlistmentHandle: HANDLE,
|
|
TmVirtualClock: PLARGE_INTEGER,
|
|
) -> NTSTATUS;
|
|
fn ZwRollbackEnlistment(
|
|
EnlistmentHandle: HANDLE,
|
|
TmVirtualClock: PLARGE_INTEGER,
|
|
) -> NTSTATUS;
|
|
fn ZwRollbackTransaction(
|
|
TransactionHandle: HANDLE,
|
|
Wait: BOOLEAN,
|
|
) -> NTSTATUS;
|
|
fn ZwRollforwardTransactionManager(
|
|
TransactionManagerHandle: HANDLE,
|
|
TmVirtualClock: PLARGE_INTEGER,
|
|
) -> NTSTATUS;
|
|
fn ZwSaveKey(
|
|
KeyHandle: HANDLE,
|
|
FileHandle: HANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwSaveKeyEx(
|
|
KeyHandle: HANDLE,
|
|
FileHandle: HANDLE,
|
|
Format: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwSaveMergedKeys(
|
|
HighPrecedenceKeyHandle: HANDLE,
|
|
LowPrecedenceKeyHandle: HANDLE,
|
|
FileHandle: HANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwSecureConnectPort(
|
|
PortHandle: PHANDLE,
|
|
PortName: PUNICODE_STRING,
|
|
SecurityQos: PSECURITY_QUALITY_OF_SERVICE,
|
|
ClientView: PPORT_VIEW,
|
|
RequiredServerSid: PSID,
|
|
ServerView: PREMOTE_PORT_VIEW,
|
|
MaxMessageLength: PULONG,
|
|
ConnectionInformation: PVOID,
|
|
ConnectionInformationLength: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwSerializeBoot() -> NTSTATUS;
|
|
fn ZwSetBootEntryOrder(
|
|
Ids: PULONG,
|
|
Count: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwSetBootOptions(
|
|
BootOptions: PBOOT_OPTIONS,
|
|
FieldsToChange: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwSetCachedSigningLevel(
|
|
Flags: ULONG,
|
|
InputSigningLevel: SE_SIGNING_LEVEL,
|
|
SourceFiles: PHANDLE,
|
|
SourceFileCount: ULONG,
|
|
TargetFile: HANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwSetContextThread(
|
|
ThreadHandle: HANDLE,
|
|
ThreadContext: PCONTEXT,
|
|
) -> NTSTATUS;
|
|
fn ZwSetDebugFilterState(
|
|
ComponentId: ULONG,
|
|
Level: ULONG,
|
|
State: BOOLEAN,
|
|
) -> NTSTATUS;
|
|
fn ZwSetDefaultHardErrorPort(
|
|
DefaultHardErrorPort: HANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwSetDefaultLocale(
|
|
UserProfile: BOOLEAN,
|
|
DefaultLocaleId: LCID,
|
|
) -> NTSTATUS;
|
|
fn ZwSetDefaultUILanguage(
|
|
DefaultUILanguageId: LANGID,
|
|
) -> NTSTATUS;
|
|
fn ZwSetDriverEntryOrder(
|
|
Ids: PULONG,
|
|
Count: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwSetEaFile(
|
|
FileHandle: HANDLE,
|
|
IoStatusBlock: PIO_STATUS_BLOCK,
|
|
Buffer: PVOID,
|
|
Length: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwSetEvent(
|
|
EventHandle: HANDLE,
|
|
PreviousState: PLONG,
|
|
) -> NTSTATUS;
|
|
fn ZwSetEventBoostPriority(
|
|
EventHandle: HANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwSetHighEventPair(
|
|
EventPairHandle: HANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwSetHighWaitLowEventPair(
|
|
EventPairHandle: HANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwSetIRTimer(
|
|
TimerHandle: HANDLE,
|
|
DueTime: PLARGE_INTEGER,
|
|
) -> NTSTATUS;
|
|
fn ZwSetInformationDebugObject(
|
|
DebugObjectHandle: HANDLE,
|
|
DebugObjectInformationClass: DEBUGOBJECTINFOCLASS,
|
|
DebugInformation: PVOID,
|
|
DebugInformationLength: ULONG,
|
|
ReturnLength: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwSetInformationEnlistment(
|
|
EnlistmentHandle: HANDLE,
|
|
EnlistmentInformationClass: ENLISTMENT_INFORMATION_CLASS,
|
|
EnlistmentInformation: PVOID,
|
|
EnlistmentInformationLength: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwSetInformationFile(
|
|
FileHandle: HANDLE,
|
|
IoStatusBlock: PIO_STATUS_BLOCK,
|
|
FileInformation: PVOID,
|
|
Length: ULONG,
|
|
FileInformationClass: FILE_INFORMATION_CLASS,
|
|
) -> NTSTATUS;
|
|
fn ZwSetInformationJobObject(
|
|
JobHandle: HANDLE,
|
|
JobObjectInformationClass: JOBOBJECTINFOCLASS,
|
|
JobObjectInformation: PVOID,
|
|
JobObjectInformationLength: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwSetInformationKey(
|
|
KeyHandle: HANDLE,
|
|
KeySetInformationClass: KEY_SET_INFORMATION_CLASS,
|
|
KeySetInformation: PVOID,
|
|
KeySetInformationLength: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwSetInformationObject(
|
|
Handle: HANDLE,
|
|
ObjectInformationClass: OBJECT_INFORMATION_CLASS,
|
|
ObjectInformation: PVOID,
|
|
ObjectInformationLength: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwSetInformationProcess(
|
|
ProcessHandle: HANDLE,
|
|
ProcessInformationClass: PROCESSINFOCLASS,
|
|
ProcessInformation: PVOID,
|
|
ProcessInformationLength: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwSetInformationResourceManager(
|
|
ResourceManagerHandle: HANDLE,
|
|
ResourceManagerInformationClass: RESOURCEMANAGER_INFORMATION_CLASS,
|
|
ResourceManagerInformation: PVOID,
|
|
ResourceManagerInformationLength: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwSetInformationThread(
|
|
ThreadHandle: HANDLE,
|
|
ThreadInformationClass: THREADINFOCLASS,
|
|
ThreadInformation: PVOID,
|
|
ThreadInformationLength: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwSetInformationToken(
|
|
TokenHandle: HANDLE,
|
|
TokenInformationClass: TOKEN_INFORMATION_CLASS,
|
|
TokenInformation: PVOID,
|
|
TokenInformationLength: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwSetInformationTransaction(
|
|
TransactionHandle: HANDLE,
|
|
TransactionInformationClass: TRANSACTION_INFORMATION_CLASS,
|
|
TransactionInformation: PVOID,
|
|
TransactionInformationLength: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwSetInformationTransactionManager(
|
|
TmHandle: HANDLE,
|
|
TransactionManagerInformationClass: TRANSACTIONMANAGER_INFORMATION_CLASS,
|
|
TransactionManagerInformation: PVOID,
|
|
TransactionManagerInformationLength: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwSetInformationVirtualMemory(
|
|
ProcessHandle: HANDLE,
|
|
VmInformationClass: VIRTUAL_MEMORY_INFORMATION_CLASS,
|
|
NumberOfEntries: ULONG_PTR,
|
|
VirtualAddresses: PMEMORY_RANGE_ENTRY,
|
|
VmInformation: PVOID,
|
|
VmInformationLength: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwSetInformationWorkerFactory(
|
|
WorkerFactoryHandle: HANDLE,
|
|
WorkerFactoryInformationClass: WORKERFACTORYINFOCLASS,
|
|
WorkerFactoryInformation: PVOID,
|
|
WorkerFactoryInformationLength: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwSetIntervalProfile(
|
|
Interval: ULONG,
|
|
Source: KPROFILE_SOURCE,
|
|
) -> NTSTATUS;
|
|
fn ZwSetIoCompletion(
|
|
IoCompletionHandle: HANDLE,
|
|
KeyContext: PVOID,
|
|
ApcContext: PVOID,
|
|
IoStatus: NTSTATUS,
|
|
IoStatusInformation: ULONG_PTR,
|
|
) -> NTSTATUS;
|
|
fn ZwSetIoCompletionEx(
|
|
IoCompletionHandle: HANDLE,
|
|
IoCompletionPacketHandle: HANDLE,
|
|
KeyContext: PVOID,
|
|
ApcContext: PVOID,
|
|
IoStatus: NTSTATUS,
|
|
IoStatusInformation: ULONG_PTR,
|
|
) -> NTSTATUS;
|
|
fn ZwSetLdtEntries(
|
|
Selector0: ULONG,
|
|
Entry0Low: ULONG,
|
|
Entry0Hi: ULONG,
|
|
Selector1: ULONG,
|
|
Entry1Low: ULONG,
|
|
Entry1Hi: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwSetLowEventPair(
|
|
EventPairHandle: HANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwSetLowWaitHighEventPair(
|
|
EventPairHandle: HANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwSetQuotaInformationFile(
|
|
FileHandle: HANDLE,
|
|
IoStatusBlock: PIO_STATUS_BLOCK,
|
|
Buffer: PVOID,
|
|
Length: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwSetSecurityObject(
|
|
Handle: HANDLE,
|
|
SecurityInformation: SECURITY_INFORMATION,
|
|
SecurityDescriptor: PSECURITY_DESCRIPTOR,
|
|
) -> NTSTATUS;
|
|
fn ZwSetSystemEnvironmentValue(
|
|
VariableName: PUNICODE_STRING,
|
|
VariableValue: PUNICODE_STRING,
|
|
) -> NTSTATUS;
|
|
fn ZwSetSystemEnvironmentValueEx(
|
|
VariableName: PUNICODE_STRING,
|
|
VendorGuid: LPGUID,
|
|
Value: PVOID,
|
|
ValueLength: ULONG,
|
|
Attributes: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwSetSystemInformation(
|
|
SystemInformationClass: SYSTEM_INFORMATION_CLASS,
|
|
SystemInformation: PVOID,
|
|
SystemInformationLength: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwSetSystemPowerState(
|
|
SystemAction: POWER_ACTION,
|
|
LightestSystemState: SYSTEM_POWER_STATE,
|
|
Flags: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwSetSystemTime(
|
|
SystemTime: PLARGE_INTEGER,
|
|
PreviousTime: PLARGE_INTEGER,
|
|
) -> NTSTATUS;
|
|
fn ZwSetThreadExecutionState(
|
|
NewFlags: EXECUTION_STATE,
|
|
PreviousFlags: *mut EXECUTION_STATE,
|
|
) -> NTSTATUS;
|
|
fn ZwSetTimer(
|
|
TimerHandle: HANDLE,
|
|
DueTime: PLARGE_INTEGER,
|
|
TimerApcRoutine: PTIMER_APC_ROUTINE,
|
|
TimerContext: PVOID,
|
|
ResumeTimer: BOOLEAN,
|
|
Period: LONG,
|
|
PreviousState: PBOOLEAN,
|
|
) -> NTSTATUS;
|
|
fn ZwSetTimer2(
|
|
TimerHandle: HANDLE,
|
|
DueTime: PLARGE_INTEGER,
|
|
Period: PLARGE_INTEGER,
|
|
Parameters: PT2_SET_PARAMETERS,
|
|
) -> NTSTATUS;
|
|
fn ZwSetTimerEx(
|
|
TimerHandle: HANDLE,
|
|
TimerSetInformationClass: TIMER_SET_INFORMATION_CLASS,
|
|
TimerSetInformation: PVOID,
|
|
TimerSetInformationLength: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwSetTimerResolution(
|
|
DesiredTime: ULONG,
|
|
SetResolution: BOOLEAN,
|
|
ActualTime: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwSetUuidSeed(
|
|
Seed: PCHAR,
|
|
) -> NTSTATUS;
|
|
fn ZwSetValueKey(
|
|
KeyHandle: HANDLE,
|
|
ValueName: PUNICODE_STRING,
|
|
TitleIndex: ULONG,
|
|
Type: ULONG,
|
|
Data: PVOID,
|
|
DataSize: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwSetVolumeInformationFile(
|
|
FileHandle: HANDLE,
|
|
IoStatusBlock: PIO_STATUS_BLOCK,
|
|
FsInformation: PVOID,
|
|
Length: ULONG,
|
|
FsInformationClass: FS_INFORMATION_CLASS,
|
|
) -> NTSTATUS;
|
|
fn ZwSetWnfProcessNotificationEvent(
|
|
NotificationEvent: HANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwShutdownSystem(
|
|
Action: SHUTDOWN_ACTION,
|
|
) -> NTSTATUS;
|
|
fn ZwShutdownWorkerFactory(
|
|
WorkerFactoryHandle: HANDLE,
|
|
PendingWorkerCount: *mut LONG,
|
|
) -> NTSTATUS;
|
|
fn ZwSignalAndWaitForSingleObject(
|
|
SignalHandle: HANDLE,
|
|
WaitHandle: HANDLE,
|
|
Alertable: BOOLEAN,
|
|
Timeout: PLARGE_INTEGER,
|
|
) -> NTSTATUS;
|
|
fn ZwSinglePhaseReject(
|
|
EnlistmentHandle: HANDLE,
|
|
TmVirtualClock: PLARGE_INTEGER,
|
|
) -> NTSTATUS;
|
|
fn ZwStartProfile(
|
|
ProfileHandle: HANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwStopProfile(
|
|
ProfileHandle: HANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwSubscribeWnfStateChange(
|
|
StateName: PCWNF_STATE_NAME,
|
|
ChangeStamp: WNF_CHANGE_STAMP,
|
|
EventMask: ULONG,
|
|
SubscriptionId: PULONG64,
|
|
) -> NTSTATUS;
|
|
fn ZwSuspendProcess(
|
|
ProcessHandle: HANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwSuspendThread(
|
|
ThreadHandle: HANDLE,
|
|
PreviousSuspendCount: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwSystemDebugControl(
|
|
Command: SYSDBG_COMMAND,
|
|
InputBuffer: PVOID,
|
|
InputBufferLength: ULONG,
|
|
OutputBuffer: PVOID,
|
|
OutputBufferLength: ULONG,
|
|
ReturnLength: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwTerminateJobObject(
|
|
JobHandle: HANDLE,
|
|
ExitStatus: NTSTATUS,
|
|
) -> NTSTATUS;
|
|
fn ZwTerminateProcess(
|
|
ProcessHandle: HANDLE,
|
|
ExitStatus: NTSTATUS,
|
|
) -> NTSTATUS;
|
|
fn ZwTerminateThread(
|
|
ThreadHandle: HANDLE,
|
|
ExitStatus: NTSTATUS,
|
|
) -> NTSTATUS;
|
|
fn ZwTestAlert() -> NTSTATUS;
|
|
fn ZwThawRegistry() -> NTSTATUS;
|
|
fn ZwThawTransactions() -> NTSTATUS;
|
|
fn ZwTraceControl(
|
|
FunctionCode: ULONG,
|
|
InBuffer: PVOID,
|
|
InBufferLen: ULONG,
|
|
OutBuffer: PVOID,
|
|
OutBufferLen: ULONG,
|
|
ReturnLength: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwTraceEvent(
|
|
TraceHandle: HANDLE,
|
|
Flags: ULONG,
|
|
FieldSize: ULONG,
|
|
Fields: PVOID,
|
|
) -> NTSTATUS;
|
|
fn ZwTranslateFilePath(
|
|
InputFilePath: PFILE_PATH,
|
|
OutputType: ULONG,
|
|
OutputFilePath: PFILE_PATH,
|
|
OutputFilePathLength: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwUmsThreadYield(
|
|
SchedulerParam: PVOID,
|
|
) -> NTSTATUS;
|
|
fn ZwUnloadDriver(
|
|
DriverServiceName: PUNICODE_STRING,
|
|
) -> NTSTATUS;
|
|
fn ZwUnloadKey(
|
|
TargetKey: POBJECT_ATTRIBUTES,
|
|
) -> NTSTATUS;
|
|
fn ZwUnloadKey2(
|
|
TargetKey: POBJECT_ATTRIBUTES,
|
|
Flags: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwUnloadKeyEx(
|
|
TargetKey: POBJECT_ATTRIBUTES,
|
|
Event: HANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwUnlockFile(
|
|
FileHandle: HANDLE,
|
|
IoStatusBlock: PIO_STATUS_BLOCK,
|
|
ByteOffset: PLARGE_INTEGER,
|
|
Length: PLARGE_INTEGER,
|
|
Key: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwUnlockVirtualMemory(
|
|
ProcessHandle: HANDLE,
|
|
BaseAddress: *mut PVOID,
|
|
RegionSize: PSIZE_T,
|
|
MapType: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwUnmapViewOfSection(
|
|
ProcessHandle: HANDLE,
|
|
BaseAddress: PVOID,
|
|
) -> NTSTATUS;
|
|
fn ZwUnmapViewOfSectionEx(
|
|
ProcessHandle: HANDLE,
|
|
BaseAddress: PVOID,
|
|
Flags: ULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwUnsubscribeWnfStateChange(
|
|
StateName: PCWNF_STATE_NAME,
|
|
) -> NTSTATUS;
|
|
fn ZwUpdateWnfStateData(
|
|
StateName: PCWNF_STATE_NAME,
|
|
Buffer: *const VOID,
|
|
Length: ULONG,
|
|
TypeId: PCWNF_TYPE_ID,
|
|
ExplicitScope: *const VOID,
|
|
MatchingChangeStamp: WNF_CHANGE_STAMP,
|
|
CheckStamp: LOGICAL,
|
|
) -> NTSTATUS;
|
|
fn ZwVdmControl(
|
|
Service: VDMSERVICECLASS,
|
|
ServiceData: PVOID,
|
|
) -> NTSTATUS;
|
|
fn ZwWaitForAlertByThreadId(
|
|
Address: PVOID,
|
|
Timeout: PLARGE_INTEGER,
|
|
) -> NTSTATUS;
|
|
fn ZwWaitForDebugEvent(
|
|
DebugObjectHandle: HANDLE,
|
|
Alertable: BOOLEAN,
|
|
Timeout: PLARGE_INTEGER,
|
|
WaitStateChange: PVOID,
|
|
) -> NTSTATUS;
|
|
fn ZwWaitForKeyedEvent(
|
|
KeyedEventHandle: HANDLE,
|
|
KeyValue: PVOID,
|
|
Alertable: BOOLEAN,
|
|
Timeout: PLARGE_INTEGER,
|
|
) -> NTSTATUS;
|
|
fn ZwWaitForMultipleObjects(
|
|
Count: ULONG,
|
|
Handles: *mut HANDLE,
|
|
WaitType: WAIT_TYPE,
|
|
Alertable: BOOLEAN,
|
|
Timeout: PLARGE_INTEGER,
|
|
) -> NTSTATUS;
|
|
fn ZwWaitForMultipleObjects32(
|
|
Count: ULONG,
|
|
Handles: *mut LONG,
|
|
WaitType: WAIT_TYPE,
|
|
Alertable: BOOLEAN,
|
|
Timeout: PLARGE_INTEGER,
|
|
) -> NTSTATUS;
|
|
fn ZwWaitForSingleObject(
|
|
Handle: HANDLE,
|
|
Alertable: BOOLEAN,
|
|
Timeout: PLARGE_INTEGER,
|
|
) -> NTSTATUS;
|
|
fn ZwWaitForWorkViaWorkerFactory(
|
|
WorkerFactoryHandle: HANDLE,
|
|
MiniPacket: *mut FILE_IO_COMPLETION_INFORMATION,
|
|
) -> NTSTATUS;
|
|
fn ZwWaitHighEventPair(
|
|
EventPairHandle: HANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwWaitLowEventPair(
|
|
EventPairHandle: HANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwWorkerFactoryWorkerReady(
|
|
WorkerFactoryHandle: HANDLE,
|
|
) -> NTSTATUS;
|
|
fn ZwWriteFile(
|
|
FileHandle: HANDLE,
|
|
Event: HANDLE,
|
|
ApcRoutine: PIO_APC_ROUTINE,
|
|
ApcContext: PVOID,
|
|
IoStatusBlock: PIO_STATUS_BLOCK,
|
|
Buffer: PVOID,
|
|
Length: ULONG,
|
|
ByteOffset: PLARGE_INTEGER,
|
|
Key: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwWriteFileGather(
|
|
FileHandle: HANDLE,
|
|
Event: HANDLE,
|
|
ApcRoutine: PIO_APC_ROUTINE,
|
|
ApcContext: PVOID,
|
|
IoStatusBlock: PIO_STATUS_BLOCK,
|
|
SegmentArray: PFILE_SEGMENT_ELEMENT,
|
|
Length: ULONG,
|
|
ByteOffset: PLARGE_INTEGER,
|
|
Key: PULONG,
|
|
) -> NTSTATUS;
|
|
fn ZwWriteRequestData(
|
|
PortHandle: HANDLE,
|
|
Message: PPORT_MESSAGE,
|
|
DataEntryIndex: ULONG,
|
|
Buffer: PVOID,
|
|
BufferSize: SIZE_T,
|
|
NumberOfBytesWritten: PSIZE_T,
|
|
) -> NTSTATUS;
|
|
fn ZwWriteVirtualMemory(
|
|
ProcessHandle: HANDLE,
|
|
BaseAddress: PVOID,
|
|
Buffer: PVOID,
|
|
BufferSize: SIZE_T,
|
|
NumberOfBytesWritten: PSIZE_T,
|
|
) -> NTSTATUS;
|
|
fn ZwYieldExecution() -> NTSTATUS;
|
|
}}
|