Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
4580 lines (3683 sloc) 106 KB
/*****************************************************************************/
/* Ntdll.h Copyright (c) Ladislav Zezula 2005 */
/*---------------------------------------------------------------------------*/
/* Header file for the import library "Ntdll.lib" */
/* */
/* This library has been created because of never-ending problems when */
/* Ntdll.lib from Windows DDK with SDK libs (duplicate symbols, linker */
/* errors etc). */
/* Now, it is possible to use native NT API with no problems, all you need */
/* is just to include this header file */
/*---------------------------------------------------------------------------*/
/* Date Ver Who Comment */
/* -------- ---- --- ------- */
/* 15.05.03 1.00 Lad The first version of Ntdll.h */
/* 16.09.05 2.00 Lad Far more functions */
/*****************************************************************************/
#ifndef __NTDLL_H__
#define __NTDLL_H__
#ifdef __cplusplus
extern "C" {
#endif
#ifdef _NTDDK_
#error This header cannot be compiled together with NTDDK
#endif
#ifndef _NTDLL_SELF_ // Auto-insert the library
#pragma comment(lib, "Ntdll.lib")
#endif
#pragma warning(disable: 4201) // nonstandard extension used : nameless struct/union
#ifndef NT_SUCCESS
#define NT_SUCCESS(Status) ((NTSTATUS)(Status) >= 0)
#endif
#ifndef STATUS_SUCCESS
#define STATUS_SUCCESS ((NTSTATUS)0x00000000L)
#endif
#ifndef STATUS_UNSUCCESSFUL
#define STATUS_UNSUCCESSFUL ((NTSTATUS)0xC0000001L)
#endif
#ifndef ASSERT
#ifdef _DEBUG
#define ASSERT(x) assert(x)
#else
#define ASSERT(x) /* x */
#endif
#endif
#ifndef DEVICE_TYPE
#define DEVICE_TYPE DWORD
#endif
//-----------------------------------------------------------------------------
// Definition of intervals for waiting functions
#define ABSOLUTE_INTERVAL(wait) (wait)
#define RELATIVE_INTERVAL(wait) (-(wait))
#define NANOSECONDS(nanos) \
(((signed __int64)(nanos)) / 100L)
#define MICROSECONDS(micros) \
(((signed __int64)(micros)) * NANOSECONDS(1000L))
#define MILISECONDS(mili) \
(((signed __int64)(mili)) * MICROSECONDS(1000L))
#define SECONDS(seconds) \
(((signed __int64)(seconds)) * MILISECONDS(1000L))
//------------------------------------------------------------------------------
// Structures
typedef enum _EVENT_TYPE
{
NotificationEvent,
SynchronizationEvent
} EVENT_TYPE;
#define UNICODE_NULL ((WCHAR)0) // winnt
//
// Valid values for the Attributes field
//
#define OBJ_INHERIT 0x00000002L
#define OBJ_PERMANENT 0x00000010L
#define OBJ_EXCLUSIVE 0x00000020L
#define OBJ_CASE_INSENSITIVE 0x00000040L
#define OBJ_OPENIF 0x00000080L
#define OBJ_OPENLINK 0x00000100L
#define OBJ_KERNEL_HANDLE 0x00000200L
#define OBJ_FORCE_ACCESS_CHECK 0x00000400L
//
// CURDIR structure
//
typedef struct _CURDIR
{
UNICODE_STRING DosPath;
HANDLE Handle;
} CURDIR, *PCURDIR;
//------------------------------------------------------------------------------
// Macros
#ifndef InitializeObjectAttributes
#define InitializeObjectAttributes( p, n, a, r, s ) { \
(p)->Length = sizeof( OBJECT_ATTRIBUTES ); \
(p)->RootDirectory = r; \
(p)->Attributes = a; \
(p)->ObjectName = n; \
(p)->SecurityDescriptor = s; \
(p)->SecurityQualityOfService = NULL; \
}
#endif
//
// Macros for handling LIST_ENTRY-based lists
//
#if !defined(_WDMDDK_) && !defined(_LIST_ENTRY_MACROS_DEFINED_)
#define _LIST_ENTRY_MACROS_DEFINED_
BOOLEAN
FORCEINLINE
IsListEmpty(
IN const LIST_ENTRY * ListHead
)
{
return (BOOLEAN)(ListHead->Flink == ListHead);
}
FORCEINLINE
VOID
InitializeListHead(
IN PLIST_ENTRY ListHead
)
{
ListHead->Flink = ListHead->Blink = ListHead;
}
FORCEINLINE
VOID
InsertHeadList(
IN OUT PLIST_ENTRY ListHead,
IN OUT PLIST_ENTRY Entry
)
{
PLIST_ENTRY Flink;
Flink = ListHead->Flink;
Entry->Flink = Flink;
Entry->Blink = ListHead;
Flink->Blink = Entry;
ListHead->Flink = Entry;
}
FORCEINLINE
VOID
InsertTailList(
IN OUT PLIST_ENTRY ListHead,
IN OUT PLIST_ENTRY Entry
)
{
PLIST_ENTRY Blink;
Blink = ListHead->Blink;
Entry->Flink = ListHead;
Entry->Blink = Blink;
Blink->Flink = Entry;
ListHead->Blink = Entry;
}
FORCEINLINE
BOOLEAN
RemoveEntryList(
IN PLIST_ENTRY Entry
)
{
PLIST_ENTRY Blink;
PLIST_ENTRY Flink;
Flink = Entry->Flink;
Blink = Entry->Blink;
Blink->Flink = Flink;
Flink->Blink = Blink;
return (BOOLEAN)(Flink == Blink);
}
#endif // #if !defined(_WDMDDK_) && !defined(_LIST_ENTRY_MACROS_DEFINED_)
//-----------------------------------------------------------------------------
// Unicode string functions
NTSYSAPI
BOOLEAN
NTAPI
RtlCreateUnicodeString(
OUT PUNICODE_STRING DestinationString,
IN PCWSTR SourceString
);
NTSYSAPI
BOOLEAN
NTAPI
RtlCreateUnicodeStringFromAsciiz(
OUT PUNICODE_STRING Destination,
IN PCSTR Source
);
NTSYSAPI
BOOLEAN
NTAPI
RtlPrefixUnicodeString (
IN PUNICODE_STRING String1,
IN PUNICODE_STRING String2,
IN BOOLEAN CaseInSensitive
);
NTSYSAPI
NTSTATUS
NTAPI
RtlDuplicateUnicodeString(
IN BOOLEAN AllocateNew,
IN PUNICODE_STRING SourceString,
OUT PUNICODE_STRING TargetString
);
NTSYSAPI
NTSTATUS
NTAPI
RtlAppendUnicodeToString (
PUNICODE_STRING Destination,
PCWSTR Source
);
NTSYSAPI
NTSTATUS
NTAPI
RtlAppendUnicodeStringToString(
IN OUT PUNICODE_STRING Destination,
IN PUNICODE_STRING Source
);
NTSYSAPI
NTSTATUS
NTAPI
RtlUnicodeStringToInteger (
IN PUNICODE_STRING String,
IN ULONG Base OPTIONAL,
OUT PULONG Value
);
NTSYSAPI
NTSTATUS
NTAPI
RtlIntegerToUnicodeString (
IN ULONG Value,
IN ULONG Base OPTIONAL,
IN OUT PUNICODE_STRING String
);
NTSYSAPI
NTSTATUS
NTAPI
RtlGUIDFromString(
IN PUNICODE_STRING GuidString,
OUT GUID *Guid
);
NTSYSAPI
LONG
NTAPI
RtlCompareUnicodeString (
IN PUNICODE_STRING String1,
IN PUNICODE_STRING String2,
IN BOOLEAN CaseInSensitive
);
NTSYSAPI
VOID
NTAPI
RtlCopyUnicodeString(
OUT PUNICODE_STRING DestinationString,
IN PUNICODE_STRING SourceString
);
NTSYSAPI
NTSTATUS
NTAPI
RtlUpcaseUnicodeString (
OUT PUNICODE_STRING DestinationString,
IN PUNICODE_STRING SourceString,
IN BOOLEAN AllocateDestinationString
);
NTSYSAPI
NTSTATUS
NTAPI
RtlDowncaseUnicodeString (
OUT PUNICODE_STRING DestinationString,
IN PUNICODE_STRING SourceString,
IN BOOLEAN AllocateDestinationString
);
NTSYSAPI
BOOLEAN
NTAPI
RtlEqualUnicodeString (
IN PUNICODE_STRING String1,
IN PUNICODE_STRING String2,
IN BOOLEAN CaseInSensitive
);
NTSYSAPI
NTSTATUS
NTAPI
RtlFormatCurrentUserKeyPath(
OUT PUNICODE_STRING CurrentUserKeyPath
);
NTSYSAPI
VOID
NTAPI
RtlRaiseStatus (
IN NTSTATUS Status
);
NTSYSAPI
VOID
NTAPI
DbgBreakPoint(
VOID
);
NTSYSAPI
ULONG
_cdecl
DbgPrint (
PCH Format,
...
);
NTSYSAPI
ULONG
NTAPI
RtlRandom(
IN OUT PULONG Seed
);
//-----------------------------------------------------------------------------
// Critical section functions
NTSYSAPI
NTSTATUS
NTAPI
RtlInitializeCriticalSection(
IN PRTL_CRITICAL_SECTION CriticalSection
);
NTSYSAPI
BOOL
NTAPI
RtlTryEnterCriticalSection(
IN PRTL_CRITICAL_SECTION CriticalSection
);
NTSYSAPI
NTSTATUS
NTAPI
RtlEnterCriticalSection(
IN PRTL_CRITICAL_SECTION CriticalSection
);
NTSYSAPI
NTSTATUS
NTAPI
RtlLeaveCriticalSection(
IN PRTL_CRITICAL_SECTION CriticalSection
);
NTSYSAPI
NTSTATUS
NTAPI
RtlDeleteCriticalSection(
IN PRTL_CRITICAL_SECTION CriticalSection
);
//-----------------------------------------------------------------------------
// Compression and decompression
NTSYSAPI
NTSTATUS
NTAPI
RtlCompressBuffer(
IN USHORT CompressionFormatAndEngine,
IN PUCHAR UncompressedBuffer,
IN ULONG UncompressedBufferSize,
OUT PUCHAR CompressedBuffer,
IN ULONG CompressedBufferSize,
IN ULONG UncompressedChunkSize,
OUT PULONG FinalCompressedSize,
IN PVOID WorkSpace
);
NTSYSAPI
NTSTATUS
NTAPI
RtlDecompressBuffer(
IN USHORT CompressionFormat,
OUT PUCHAR UncompressedBuffer,
IN ULONG UncompressedBufferSize,
IN PUCHAR CompressedBuffer,
IN ULONG CompressedBufferSize,
OUT PULONG FinalUncompressedSize
);
//-----------------------------------------------------------------------------
// Object functions
//
// Object Manager Directory Specific Access Rights.
//
#ifndef DIRECTORY_QUERY
#define DIRECTORY_QUERY (0x0001)
#define DIRECTORY_TRAVERSE (0x0002)
#define DIRECTORY_CREATE_OBJECT (0x0004)
#define DIRECTORY_CREATE_SUBDIRECTORY (0x0008)
#define DIRECTORY_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0xF)
#endif
typedef enum _POOL_TYPE {
NonPagedPool,
PagedPool,
NonPagedPoolMustSucceed,
DontUseThisType,
NonPagedPoolCacheAligned,
PagedPoolCacheAligned,
NonPagedPoolCacheAlignedMustS,
MaxPoolType
} POOL_TYPE;
//
// NtQueryObject uses ObjectBasicInformation
//
typedef struct _OBJECT_BASIC_INFORMATION {
ULONG Attributes;
ACCESS_MASK GrantedAccess;
ULONG HandleCount;
ULONG PointerCount;
ULONG PagedPoolCharge;
ULONG NonPagedPoolCharge;
ULONG Reserved[3];
ULONG NameInfoSize;
ULONG TypeInfoSize;
ULONG SecurityDescriptorSize;
LARGE_INTEGER CreationTime;
} OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION;
//
// NtQueryObject uses ObjectNameInformation
//
typedef struct _OBJECT_NAME_INFORMATION {
UNICODE_STRING Name;
} OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION;
//
// NtQueryObject uses ObjectTypeInformation
//
typedef struct _OBJECT_TYPE_INFORMATION {
UNICODE_STRING TypeName;
ULONG TotalNumberOfObjects;
ULONG TotalNumberOfHandles;
ULONG TotalPagedPoolUsage;
ULONG TotalNonPagedPoolUsage;
ULONG TotalNamePoolUsage;
ULONG TotalHandleTableUsage;
ULONG HighWaterNumberOfObjects;
ULONG HighWaterNumberOfHandles;
ULONG HighWaterPagedPoolUsage;
ULONG HighWaterNonPagedPoolUsage;
ULONG HighWaterNamePoolUsage;
ULONG HighWaterHandleTableUsage;
ULONG InvalidAttributes;
GENERIC_MAPPING GenericMapping;
ULONG ValidAccessMask;
BOOLEAN SecurityRequired;
BOOLEAN MaintainHandleCount;
POOL_TYPE PoolType;
ULONG DefaultPagedPoolCharge;
ULONG DefaultNonPagedPoolCharge;
} OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION;
//
// NtQueryObject uses ObjectHandleFlagInformation
// NtSetInformationObject uses ObjectHandleFlagInformation
//
typedef struct _OBJECT_HANDLE_FLAG_INFORMATION {
BOOLEAN Inherit;
BOOLEAN ProtectFromClose;
} OBJECT_HANDLE_FLAG_INFORMATION, *POBJECT_HANDLE_FLAG_INFORMATION;
//
// NtQueryDirectoryObject uses this type
//
typedef struct _OBJECT_DIRECTORY_INFORMATION {
UNICODE_STRING Name;
UNICODE_STRING TypeName;
} OBJECT_DIRECTORY_INFORMATION, *POBJECT_DIRECTORY_INFORMATION;
NTSYSAPI
NTSTATUS
NTAPI
NtOpenDirectoryObject(
OUT PHANDLE DirectoryHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes
);
NTSYSAPI
NTSTATUS
NTAPI
NtQueryDirectoryObject(
IN HANDLE DirectoryHandle,
OUT PVOID Buffer,
IN ULONG Length,
IN BOOLEAN ReturnSingleEntry,
IN BOOLEAN RestartScan,
IN OUT PULONG Context,
OUT PULONG ReturnLength OPTIONAL
);
NTSYSAPI
NTSTATUS
NTAPI
NtSetInformationObject (
IN HANDLE ObjectHandle,
IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
IN PVOID ObjectInformation,
IN ULONG Length
);
NTSYSAPI
NTSTATUS
NTAPI
NtDuplicateObject (
IN HANDLE SourceProcessHandle,
IN HANDLE SourceHandle,
IN HANDLE TargetProcessHandle OPTIONAL,
OUT PHANDLE TargetHandle OPTIONAL,
IN ACCESS_MASK DesiredAccess,
IN ULONG HandleAttributes,
IN ULONG Options
);
NTSYSAPI
NTSTATUS
NTAPI
NtQuerySecurityObject (
IN HANDLE ObjectHandle,
IN SECURITY_INFORMATION SecurityInformation,
OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
IN ULONG DescriptorLength,
OUT PULONG ReturnLength
);
NTSYSAPI
NTSTATUS
NTAPI
ZwQuerySecurityObject (
IN HANDLE ObjectHandle,
IN SECURITY_INFORMATION SecurityInformation,
OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
IN ULONG DescriptorLength,
OUT PULONG ReturnLength
);
NTSYSAPI
NTSTATUS
NTAPI
NtSetSecurityObject (
IN HANDLE ObjectHandle,
IN SECURITY_INFORMATION SecurityInformation,
IN PSECURITY_DESCRIPTOR SecurityDescriptor
);
NTSYSAPI
NTSTATUS
NTAPI
ZwSetSecurityObject (
IN HANDLE ObjectHandle,
IN SECURITY_INFORMATION SecurityInformation,
IN PSECURITY_DESCRIPTOR SecurityDescriptor
);
NTSYSAPI
NTSTATUS
NTAPI
NtMakeTemporaryObject(
IN HANDLE ObjectHandle
);
NTSYSAPI
NTSTATUS
NTAPI
ZwMakeTemporaryObject(
IN HANDLE ObjectHandle
);
//-----------------------------------------------------------------------------
// Handle table RTL functions
#define LEVEL_HANDLE_ID 0x74000000
#define LEVEL_HANDLE_ID_MASK 0xFF000000
#define LEVEL_HANDLE_INDEX_MASK 0x00FFFFFF
typedef enum _RTL_GENERIC_COMPARE_RESULTS {
GenericLessThan,
GenericGreaterThan,
GenericEqual
} RTL_GENERIC_COMPARE_RESULTS;
typedef struct _RTL_SPLAY_LINKS
{
struct _RTL_SPLAY_LINKS *Parent;
struct _RTL_SPLAY_LINKS *LeftChild;
struct _RTL_SPLAY_LINKS *RightChild;
} RTL_SPLAY_LINKS, *PRTL_SPLAY_LINKS;
struct _RTL_GENERIC_TABLE;
typedef
RTL_GENERIC_COMPARE_RESULTS
(NTAPI * PRTL_GENERIC_COMPARE_ROUTINE) (
struct _RTL_GENERIC_TABLE *Table,
PVOID FirstStruct,
PVOID SecondStruct
);
typedef
PVOID
(NTAPI *PRTL_GENERIC_ALLOCATE_ROUTINE) (
struct _RTL_GENERIC_TABLE *Table,
ULONG ByteSize
);
typedef
VOID
(NTAPI *PRTL_GENERIC_FREE_ROUTINE) (
struct _RTL_GENERIC_TABLE *Table,
PVOID Buffer
);
typedef struct _RTL_GENERIC_TABLE {
PRTL_SPLAY_LINKS TableRoot;
LIST_ENTRY InsertOrderList;
PLIST_ENTRY OrderedPointer;
ULONG WhichOrderedElement;
ULONG NumberGenericTableElements;
PRTL_GENERIC_COMPARE_ROUTINE CompareRoutine;
PRTL_GENERIC_ALLOCATE_ROUTINE AllocateRoutine;
PRTL_GENERIC_FREE_ROUTINE FreeRoutine;
PVOID TableContext;
} RTL_GENERIC_TABLE, *PRTL_GENERIC_TABLE;
typedef struct _RTL_HANDLE_TABLE_ENTRY
{
struct _RTL_HANDLE_TABLE_ENTRY *Next; /* pointer to next free handle */
PVOID Object;
} RTL_HANDLE_TABLE_ENTRY, *PRTL_HANDLE_TABLE_ENTRY;
typedef struct _RTL_HANDLE_TABLE
{
ULONG MaximumNumberOfHandles;
ULONG SizeOfHandleTableEntry;
ULONG Unknown01;
ULONG Unknown02;
PRTL_HANDLE_TABLE_ENTRY FreeHandles;
PRTL_HANDLE_TABLE_ENTRY CommittedHandles;
PRTL_HANDLE_TABLE_ENTRY UnCommittedHandles;
PRTL_HANDLE_TABLE_ENTRY MaxReservedHandles;
} RTL_HANDLE_TABLE, *PRTL_HANDLE_TABLE;
NTSYSAPI
VOID
NTAPI
RtlInitializeGenericTable (
IN PRTL_GENERIC_TABLE Table,
IN PRTL_GENERIC_COMPARE_ROUTINE CompareRoutine,
IN PRTL_GENERIC_ALLOCATE_ROUTINE AllocateRoutine,
IN PRTL_GENERIC_FREE_ROUTINE FreeRoutine,
IN PVOID TableContext
);
NTSYSAPI
VOID
NTAPI
RtlInitializeHandleTable(
IN ULONG MaximumNumberOfHandles,
IN ULONG SizeOfHandleTableEntry,
OUT PRTL_HANDLE_TABLE HandleTable
);
NTSYSAPI
PRTL_HANDLE_TABLE_ENTRY
NTAPI
RtlAllocateHandle(
IN PRTL_HANDLE_TABLE HandleTable,
OUT PULONG HandleIndex OPTIONAL
);
NTSYSAPI
BOOLEAN
NTAPI
RtlFreeHandle(
IN PRTL_HANDLE_TABLE HandleTable,
IN PRTL_HANDLE_TABLE_ENTRY Handle
);
NTSYSAPI
BOOLEAN
NTAPI
RtlIsValidIndexHandle(
IN PRTL_HANDLE_TABLE HandleTable,
IN ULONG HandleIndex,
OUT PRTL_HANDLE_TABLE_ENTRY *Handle
);
NTSYSAPI
PVOID
NTAPI
RtlInsertElementGenericTable (
IN PRTL_GENERIC_TABLE Table,
IN PVOID Buffer,
IN LONG BufferSize,
OUT PBOOLEAN NewElement OPTIONAL
);
NTSYSAPI
BOOLEAN
NTAPI
RtlIsGenericTableEmpty (
IN PRTL_GENERIC_TABLE Table
);
NTSYSAPI
BOOLEAN
NTAPI
RtlIsGenericTableEmpty (
IN PRTL_GENERIC_TABLE Table
);
NTSYSAPI
PVOID
NTAPI
RtlLookupElementGenericTable (
IN PRTL_GENERIC_TABLE Table,
IN PVOID Buffer
);
NTSYSAPI
PVOID
NTAPI
RtlEnumerateGenericTableWithoutSplaying(
IN PRTL_GENERIC_TABLE Table,
IN PVOID *RestartKey
);
NTSYSAPI
NTSTATUS
NTAPI
ZwClose(
IN HANDLE Handle
);
//-----------------------------------------------------------------------------
// Environment functions
NTSYSAPI
NTSTATUS
NTAPI
RtlOpenCurrentUser(
IN ULONG DesiredAccess,
OUT PHANDLE CurrentUserKey
);
NTSYSAPI
NTSTATUS
NTAPI
RtlCreateEnvironment(
BOOLEAN CloneCurrentEnvironment,
PVOID *Environment
);
NTSYSAPI
NTSTATUS
NTAPI
RtlQueryEnvironmentVariable_U (
PVOID Environment,
PUNICODE_STRING Name,
PUNICODE_STRING Value
);
NTSYSAPI
NTSTATUS
NTAPI
RtlSetEnvironmentVariable(
PVOID *Environment,
PUNICODE_STRING Name,
PUNICODE_STRING Value
);
NTSYSAPI
NTSTATUS
NTAPI
RtlDestroyEnvironment(
PVOID Environment
);
//-----------------------------------------------------------------------------
// Registry functions
typedef enum _KEY_INFORMATION_CLASS
{
KeyBasicInformation, // 0x00
KeyNodeInformation, // 0x01
KeyFullInformation, // 0x02
KeyNameInformation, // 0x03
KeyCachedInformation, // 0x04
KeyFlagsInformation, // 0x05
MaxKeyInfoClass // MaxKeyInfoClass should always be the last enum
} KEY_INFORMATION_CLASS;
//
// Key query structures
//
typedef struct _KEY_BASIC_INFORMATION
{
LARGE_INTEGER LastWriteTime;
ULONG TitleIndex;
ULONG NameLength;
WCHAR Name[1]; // Variable length string
} KEY_BASIC_INFORMATION, *PKEY_BASIC_INFORMATION;
typedef struct _KEY_NODE_INFORMATION
{
LARGE_INTEGER LastWriteTime;
ULONG TitleIndex;
ULONG ClassOffset;
ULONG ClassLength;
ULONG NameLength;
WCHAR Name[1]; // Variable length string
// Class[1]; // Variable length string not declared
} KEY_NODE_INFORMATION, *PKEY_NODE_INFORMATION;
typedef struct _KEY_FULL_INFORMATION
{
LARGE_INTEGER LastWriteTime;
ULONG TitleIndex;
ULONG ClassOffset;
ULONG ClassLength;
ULONG SubKeys;
ULONG MaxNameLen;
ULONG MaxClassLen;
ULONG Values;
ULONG MaxValueNameLen;
ULONG MaxValueDataLen;
WCHAR Class[1]; // Variable length
} KEY_FULL_INFORMATION, *PKEY_FULL_INFORMATION;
// end_wdm
typedef struct _KEY_NAME_INFORMATION
{
ULONG NameLength;
WCHAR Name[1]; // Variable length string
} KEY_NAME_INFORMATION, *PKEY_NAME_INFORMATION;
typedef struct _KEY_CACHED_INFORMATION
{
LARGE_INTEGER LastWriteTime;
ULONG TitleIndex;
ULONG SubKeys;
ULONG MaxNameLen;
ULONG Values;
ULONG MaxValueNameLen;
ULONG MaxValueDataLen;
ULONG NameLength;
WCHAR Name[1]; // Variable length string
} KEY_CACHED_INFORMATION, *PKEY_CACHED_INFORMATION;
typedef struct _KEY_FLAGS_INFORMATION
{
ULONG UserFlags;
} KEY_FLAGS_INFORMATION, *PKEY_FLAGS_INFORMATION;
typedef enum _KEY_VALUE_INFORMATION_CLASS {
KeyValueBasicInformation, // 0x00
KeyValueFullInformation, // 0x01
KeyValuePartialInformation, // 0x02
KeyValueFullInformationAlign64, // 0x03
KeyValuePartialInformationAlign64, // 0x04
MaxKeyValueInfoClass // MaxKeyValueInfoClass should always be the last enum
} KEY_VALUE_INFORMATION_CLASS;
typedef struct _KEY_VALUE_BASIC_INFORMATION
{
ULONG TitleIndex;
ULONG Type;
ULONG NameLength;
WCHAR Name[1]; // Variable size
} KEY_VALUE_BASIC_INFORMATION, *PKEY_VALUE_BASIC_INFORMATION;
typedef struct _KEY_VALUE_FULL_INFORMATION
{
ULONG TitleIndex;
ULONG Type;
ULONG DataOffset;
ULONG DataLength;
ULONG NameLength;
WCHAR Name[1]; // Variable size
// Data[1]; // Variable size data not declared
} KEY_VALUE_FULL_INFORMATION, *PKEY_VALUE_FULL_INFORMATION;
typedef struct _KEY_VALUE_PARTIAL_INFORMATION {
ULONG TitleIndex;
ULONG Type;
ULONG DataLength;
UCHAR Data[1]; // Variable size
} KEY_VALUE_PARTIAL_INFORMATION, *PKEY_VALUE_PARTIAL_INFORMATION;
NTSYSAPI
NTSTATUS
NTAPI
NtCreateKey(
OUT PHANDLE KeyHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN ULONG TitleIndex,
IN PUNICODE_STRING Class OPTIONAL,
IN ULONG CreateOptions,
OUT PULONG Disposition OPTIONAL
);
NTSYSAPI
NTSTATUS
NTAPI
NtOpenKey(
OUT PHANDLE KeyHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes
);
NTSYSAPI
NTSTATUS
NTAPI
NtEnumerateKey(
IN HANDLE KeyHandle,
IN ULONG Index,
IN KEY_INFORMATION_CLASS KeyInformationClass,
IN PVOID KeyInformation,
IN ULONG Length,
IN PULONG ResultLength
);
NTSYSAPI
NTSTATUS
NTAPI
ZwEnumerateKey(
IN HANDLE KeyHandle,
IN ULONG Index,
IN KEY_INFORMATION_CLASS KeyInformationClass,
IN PVOID KeyInformation,
IN ULONG Length,
IN PULONG ResultLength
);
NTSYSAPI
NTSTATUS
NTAPI
NtEnumerateValueKey(
IN HANDLE KeyHandle,
IN ULONG Index,
IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass,
OUT PVOID KeyValueInformation,
IN ULONG Length,
OUT PULONG ResultLength
);
NTSYSAPI
NTSTATUS
NTAPI
ZwEnumerateValueKey(
IN HANDLE KeyHandle,
IN ULONG Index,
IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass,
OUT PVOID KeyValueInformation,
IN ULONG Length,
OUT PULONG ResultLength
);
NTSYSAPI
NTSTATUS
NTAPI
NtDeleteKey(
IN HANDLE KeyHandle
);
NTSYSAPI
NTSTATUS
NTAPI
NtQueryKey(
IN HANDLE KeyHandle,
IN KEY_INFORMATION_CLASS KeyInformationClass,
OUT PVOID KeyInformation OPTIONAL,
IN ULONG Length,
OUT PULONG ResultLength
);
NTSYSAPI
NTSTATUS
NTAPI
NtQueryValueKey(
IN HANDLE KeyHandle,
IN PUNICODE_STRING ValueName,
IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass,
OUT PVOID KeyValueInformation,
IN ULONG Length,
OUT PULONG ResultLength
);
NTSYSAPI
NTSTATUS
NTAPI
NtSetValueKey(
IN HANDLE KeyHandle,
IN PUNICODE_STRING ValueName,
IN ULONG TitleIndex OPTIONAL,
IN ULONG Type,
IN PVOID Data,
IN ULONG DataSize
);
NTSYSAPI
NTSTATUS
NTAPI
NtDeleteValueKey(
IN HANDLE KeyHandle,
IN PUNICODE_STRING ValueName
);
NTSYSAPI
NTSTATUS
NTAPI
NtFlushKey(
IN HANDLE KeyHandle
);
//-----------------------------------------------------------------------------
// RtlQueryRegistryValues
//
// The following flags specify how the Name field of a RTL_QUERY_REGISTRY_TABLE
// entry is interpreted. A NULL name indicates the end of the table.
//
#define RTL_QUERY_REGISTRY_SUBKEY 0x00000001 // Name is a subkey and remainder of
// table or until next subkey are value
// names for that subkey to look at.
#define RTL_QUERY_REGISTRY_TOPKEY 0x00000002 // Reset current key to original key for
// this and all following table entries.
#define RTL_QUERY_REGISTRY_REQUIRED 0x00000004 // Fail if no match found for this table
// entry.
#define RTL_QUERY_REGISTRY_NOVALUE 0x00000008 // Used to mark a table entry that has no
// value name, just wants a call out, not
// an enumeration of all values.
#define RTL_QUERY_REGISTRY_NOEXPAND 0x00000010 // Used to suppress the expansion of
// REG_MULTI_SZ into multiple callouts or
// to prevent the expansion of environment
// variable values in REG_EXPAND_SZ
#define RTL_QUERY_REGISTRY_DIRECT 0x00000020 // QueryRoutine field ignored. EntryContext
// field points to location to store value.
// For null terminated strings, EntryContext
// points to UNICODE_STRING structure that
// that describes maximum size of buffer.
// If .Buffer field is NULL then a buffer is
// allocated.
//
#define RTL_QUERY_REGISTRY_DELETE 0x00000040 // Used to delete value keys after they
// are queried.
//
// The following values for the RelativeTo parameter determine what the
// Path parameter to RtlQueryRegistryValues is relative to.
//
#define RTL_REGISTRY_ABSOLUTE 0 // Path is a full path
#define RTL_REGISTRY_SERVICES 1 // \Registry\Machine\System\CurrentControlSet\Services
#define RTL_REGISTRY_CONTROL 2 // \Registry\Machine\System\CurrentControlSet\Control
#define RTL_REGISTRY_WINDOWS_NT 3 // \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion
#define RTL_REGISTRY_DEVICEMAP 4 // \Registry\Machine\Hardware\DeviceMap
#define RTL_REGISTRY_USER 5 // \Registry\User\CurrentUser
#define RTL_REGISTRY_MAXIMUM 6
#define RTL_REGISTRY_HANDLE 0x40000000 // Low order bits are registry handle
#define RTL_REGISTRY_OPTIONAL 0x80000000 // Indicates the key node is optional
typedef NTSTATUS (NTAPI * PRTL_QUERY_REGISTRY_ROUTINE)(
IN PWSTR ValueName,
IN ULONG ValueType,
IN PVOID ValueData,
IN ULONG ValueLength,
IN PVOID Context,
IN PVOID EntryContext
);
typedef struct _RTL_QUERY_REGISTRY_TABLE
{
PRTL_QUERY_REGISTRY_ROUTINE QueryRoutine;
ULONG Flags;
PWSTR Name;
PVOID EntryContext;
ULONG DefaultType;
PVOID DefaultData;
ULONG DefaultLength;
} RTL_QUERY_REGISTRY_TABLE, *PRTL_QUERY_REGISTRY_TABLE;
NTSYSAPI
NTSTATUS
NTAPI
RtlQueryRegistryValues(
IN ULONG RelativeTo,
IN PCWSTR Path,
IN PRTL_QUERY_REGISTRY_TABLE QueryTable,
IN PVOID Context,
IN PVOID Environment OPTIONAL
);
//
// Thread priority
//
typedef LONG KPRIORITY;
//
// Processor information
// NtQuerySystemInformation with SystemProcessorInformation
//
typedef struct _SYSTEM_PROCESSOR_INFORMATION {
USHORT ProcessorArchitecture;
USHORT ProcessorLevel;
USHORT ProcessorRevision;
USHORT Reserved;
ULONG ProcessorFeatureBits;
} SYSTEM_PROCESSOR_INFORMATION, *PSYSTEM_PROCESSOR_INFORMATION;
//
// Device information
// NtQuerySystemInformation with SystemDeviceInformation
//
typedef struct _SYSTEM_DEVICE_INFORMATION {
ULONG NumberOfDisks;
ULONG NumberOfFloppies;
ULONG NumberOfCdRoms;
ULONG NumberOfTapes;
ULONG NumberOfSerialPorts;
ULONG NumberOfParallelPorts;
} SYSTEM_DEVICE_INFORMATION, *PSYSTEM_DEVICE_INFORMATION;
//
// NT Global Flag information
// NtQuerySystemInformation with SystemFlagsInformation
//
typedef struct _SYSTEM_FLAGS_INFORMATION
{
ULONG GlobalFlag;
} SYSTEM_FLAGS_INFORMATION, *PSYSTEM_FLAGS_INFORMATION;
//
// System Module information
// NtQuerySystemInformation with SystemModuleInformation
//
typedef struct _SYSTEM_MODULE
{
HANDLE Section; // Not filled in
PVOID MappedBase;
PVOID ImageBase;
ULONG ImageSize;
ULONG Flags;
USHORT LoadOrderIndex;
USHORT InitOrderIndex;
USHORT LoadCount;
USHORT OffsetToFileName;
CHAR ImageName[256];
} SYSTEM_MODULE, *PSYSTEM_MODULE;
typedef struct _SYSTEM_MODULE_INFORMATION
{
ULONG ModulesCount;
SYSTEM_MODULE Modules[1];
} SYSTEM_MODULE_INFORMATION, *PSYSTEM_MODULE_INFORMATION;
/*
typedef struct _SYSTEM_VDM_INSTEMUL_INFO {
ULONG SegmentNotPresent ;
ULONG VdmOpcode0F ;
ULONG OpcodeESPrefix ;
ULONG OpcodeCSPrefix ;
ULONG OpcodeSSPrefix ;
ULONG OpcodeDSPrefix ;
ULONG OpcodeFSPrefix ;
ULONG OpcodeGSPrefix ;
ULONG OpcodeOPER32Prefix;
ULONG OpcodeADDR32Prefix;
ULONG OpcodeINSB ;
ULONG OpcodeINSW ;
ULONG OpcodeOUTSB ;
ULONG OpcodeOUTSW ;
ULONG OpcodePUSHF ;
ULONG OpcodePOPF ;
ULONG OpcodeINTnn ;
ULONG OpcodeINTO ;
ULONG OpcodeIRET ;
ULONG OpcodeINBimm ;
ULONG OpcodeINWimm ;
ULONG OpcodeOUTBimm ;
ULONG OpcodeOUTWimm ;
ULONG OpcodeINB ;
ULONG OpcodeINW ;
ULONG OpcodeOUTB ;
ULONG OpcodeOUTW ;
ULONG OpcodeLOCKPrefix ;
ULONG OpcodeREPNEPrefix ;
ULONG OpcodeREPPrefix ;
ULONG OpcodeHLT ;
ULONG OpcodeCLI ;
ULONG OpcodeSTI ;
ULONG BopCount ;
} SYSTEM_VDM_INSTEMUL_INFO, *PSYSTEM_VDM_INSTEMUL_INFO;
typedef struct _SYSTEM_QUERY_TIME_ADJUST_INFORMATION {
ULONG TimeAdjustment;
ULONG TimeIncrement;
BOOLEAN Enable;
} SYSTEM_QUERY_TIME_ADJUST_INFORMATION, *PSYSTEM_QUERY_TIME_ADJUST_INFORMATION;
typedef struct _SYSTEM_SET_TIME_ADJUST_INFORMATION {
ULONG TimeAdjustment;
BOOLEAN Enable;
} SYSTEM_SET_TIME_ADJUST_INFORMATION, *PSYSTEM_SET_TIME_ADJUST_INFORMATION;
typedef struct _SYSTEM_THREAD_INFORMATION {
LARGE_INTEGER KernelTime;
LARGE_INTEGER UserTime;
LARGE_INTEGER CreateTime;
ULONG WaitTime;
PVOID StartAddress;
CLIENT_ID ClientId;
KPRIORITY Priority;
LONG BasePriority;
ULONG ContextSwitches;
ULONG ThreadState;
ULONG WaitReason;
} SYSTEM_THREAD_INFORMATION, *PSYSTEM_THREAD_INFORMATION;
typedef struct _SYSTEM_MEMORY_INFO {
PUCHAR StringOffset;
USHORT ValidCount;
USHORT TransitionCount;
USHORT ModifiedCount;
USHORT PageTableCount;
} SYSTEM_MEMORY_INFO, *PSYSTEM_MEMORY_INFO;
typedef struct _SYSTEM_MEMORY_INFORMATION {
ULONG InfoSize;
ULONG StringStart;
SYSTEM_MEMORY_INFO Memory[1];
} SYSTEM_MEMORY_INFORMATION, *PSYSTEM_MEMORY_INFORMATION;
typedef struct _SYSTEM_CALL_COUNT_INFORMATION {
ULONG Length;
ULONG NumberOfTables;
//ULONG NumberOfEntries[NumberOfTables];
//ULONG CallCounts[NumberOfTables][NumberOfEntries];
} SYSTEM_CALL_COUNT_INFORMATION, *PSYSTEM_CALL_COUNT_INFORMATION;
typedef struct _SYSTEM_CRASH_DUMP_INFORMATION {
HANDLE CrashDumpSection;
} SYSTEM_CRASH_DUMP_INFORMATION, *PSYSTEM_CRASH_DUMP_INFORMATION;
typedef struct _SYSTEM_EXCEPTION_INFORMATION {
ULONG AlignmentFixupCount;
ULONG ExceptionDispatchCount;
ULONG FloatingEmulationCount;
ULONG ByteWordEmulationCount;
} SYSTEM_EXCEPTION_INFORMATION, *PSYSTEM_EXCEPTION_INFORMATION;
typedef struct _SYSTEM_CRASH_STATE_INFORMATION {
ULONG ValidCrashDump;
} SYSTEM_CRASH_STATE_INFORMATION, *PSYSTEM_CRASH_STATE_INFORMATION;
typedef struct _SYSTEM_KERNEL_DEBUGGER_INFORMATION {
BOOLEAN KernelDebuggerEnabled;
BOOLEAN KernelDebuggerNotPresent;
} SYSTEM_KERNEL_DEBUGGER_INFORMATION, *PSYSTEM_KERNEL_DEBUGGER_INFORMATION;
typedef struct _SYSTEM_REGISTRY_QUOTA_INFORMATION {
ULONG RegistryQuotaAllowed;
ULONG RegistryQuotaUsed;
ULONG PagedPoolSize;
} SYSTEM_REGISTRY_QUOTA_INFORMATION, *PSYSTEM_REGISTRY_QUOTA_INFORMATION;
*/
typedef struct _SYSTEM_GDI_DRIVER_INFORMATION {
UNICODE_STRING DriverName;
PVOID ImageAddress;
PVOID SectionPointer;
PVOID EntryPoint;
PIMAGE_EXPORT_DIRECTORY ExportSectionPointer;
ULONG ImageLength;
} SYSTEM_GDI_DRIVER_INFORMATION, *PSYSTEM_GDI_DRIVER_INFORMATION;
typedef struct _SYSTEM_BOOT_ENVIRONMENT_INFORMATION {
GUID CurrentBootGuid;
ULONG Unknown;
} SYSTEM_BOOT_ENVIRONMENT_INFORMATION, *PSYSTEM_BOOT_ENVIRONMENT_INFORMATION;
NTSYSAPI
NTSTATUS
NTAPI
ZwQuerySystemInformation(
IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
OUT PVOID SystemInformation,
IN ULONG SystemInformationLength,
OUT PULONG ReturnLength
);
NTSYSAPI
NTSTATUS
NTAPI
NtSetSystemInformation(
IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
IN PVOID SystemInformation,
IN ULONG SystemInformationLength
);
NTSYSAPI
NTSTATUS
NTAPI
ZwSetSystemInformation(
IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
IN PVOID SystemInformation,
IN ULONG SystemInformationLength
);
//------------------------------------------------------------------------------
// Shutdown system
typedef enum _SHUTDOWN_ACTION
{
ShutdownNoReboot,
ShutdownReboot,
ShutdownPowerOff
} SHUTDOWN_ACTION, *PSHUTDOWN_ACTION;
NTSYSAPI
NTSTATUS
NTAPI
NtShutdownSystem(
IN SHUTDOWN_ACTION Action
);
//-----------------------------------------------------------------------------
// File functions
#ifndef OLD_DOS_VOLID
#define OLD_DOS_VOLID 0x00000008
#endif
#ifndef FILE_SUPERSEDE
#define FILE_SUPERSEDE 0x00000000
#define FILE_OPEN 0x00000001
#define FILE_CREATE 0x00000002
#define FILE_OPEN_IF 0x00000003
#define FILE_OVERWRITE 0x00000004
#define FILE_OVERWRITE_IF 0x00000005
#define FILE_MAXIMUM_DISPOSITION 0x00000005
#endif // File create flags
// Define the create/open option flags
#ifndef FILE_DIRECTORY_FILE
#define FILE_DIRECTORY_FILE 0x00000001
#define FILE_WRITE_THROUGH 0x00000002
#define FILE_SEQUENTIAL_ONLY 0x00000004
#define FILE_NO_INTERMEDIATE_BUFFERING 0x00000008
#define FILE_SYNCHRONOUS_IO_ALERT 0x00000010
#define FILE_SYNCHRONOUS_IO_NONALERT 0x00000020
#define FILE_NON_DIRECTORY_FILE 0x00000040
#define FILE_CREATE_TREE_CONNECTION 0x00000080
#define FILE_COMPLETE_IF_OPLOCKED 0x00000100
#define FILE_NO_EA_KNOWLEDGE 0x00000200
#define FILE_OPEN_FOR_RECOVERY 0x00000400
#define FILE_RANDOM_ACCESS 0x00000800
#define FILE_DELETE_ON_CLOSE 0x00001000
#define FILE_OPEN_BY_FILE_ID 0x00002000
#define FILE_OPEN_FOR_BACKUP_INTENT 0x00004000
#define FILE_NO_COMPRESSION 0x00008000
#define FILE_OPEN_REQUIRING_OPLOCK 0x00010000
#define FILE_DISALLOW_EXCLUSIVE 0x00020000
#define FILE_RESERVE_OPFILTER 0x00100000
#define FILE_OPEN_REPARSE_POINT 0x00200000
#define FILE_OPEN_NO_RECALL 0x00400000
#define FILE_OPEN_FOR_FREE_SPACE_QUERY 0x00800000
#endif // FILE_DIRECTORY_FILE
//
// Define the I/O status information return values for NtCreateFile/NtOpenFile
//
#ifndef FILE_SUPERSEDED
#define FILE_SUPERSEDED 0x00000000
#define FILE_OPENED 0x00000001
#define FILE_CREATED 0x00000002
#define FILE_OVERWRITTEN 0x00000003
#define FILE_EXISTS 0x00000004
#define FILE_DOES_NOT_EXIST 0x00000005
#endif
#ifndef PIO_APC_ROUTINE_DEFINED
typedef
VOID
(NTAPI *PIO_APC_ROUTINE) (
IN PVOID ApcContext,
IN PIO_STATUS_BLOCK IoStatusBlock,
IN ULONG Reserved
);
#define PIO_APC_ROUTINE_DEFINED
#endif // PIO_APC_ROUTINE_DEFINED
typedef struct _FILE_DIRECTORY_INFORMATION {
ULONG NextEntryOffset;
ULONG FileIndex;
LARGE_INTEGER CreationTime;
LARGE_INTEGER LastAccessTime;
LARGE_INTEGER LastWriteTime;
LARGE_INTEGER ChangeTime;
LARGE_INTEGER EndOfFile;
LARGE_INTEGER AllocationSize;
ULONG FileAttributes;
ULONG FileNameLength;
WCHAR FileName[1];
} FILE_DIRECTORY_INFORMATION, *PFILE_DIRECTORY_INFORMATION;
typedef struct _FILE_FULL_DIR_INFORMATION {
ULONG NextEntryOffset;
ULONG FileIndex;
LARGE_INTEGER CreationTime;
LARGE_INTEGER LastAccessTime;
LARGE_INTEGER LastWriteTime;
LARGE_INTEGER ChangeTime;
LARGE_INTEGER EndOfFile;
LARGE_INTEGER AllocationSize;
ULONG FileAttributes;
ULONG FileNameLength;
ULONG EaSize;
WCHAR FileName[1];
} FILE_FULL_DIR_INFORMATION, *PFILE_FULL_DIR_INFORMATION;
typedef struct _FILE_BOTH_DIR_INFORMATION {
ULONG NextEntryOffset;
ULONG FileIndex;
LARGE_INTEGER CreationTime;
LARGE_INTEGER LastAccessTime;
LARGE_INTEGER LastWriteTime;
LARGE_INTEGER ChangeTime;
LARGE_INTEGER EndOfFile;
LARGE_INTEGER AllocationSize;
ULONG FileAttributes;
ULONG FileNameLength;
ULONG EaSize;
CCHAR ShortNameLength;
WCHAR ShortName[12];
WCHAR FileName[1];
} FILE_BOTH_DIR_INFORMATION, *PFILE_BOTH_DIR_INFORMATION;
typedef struct _FILE_BASIC_INFORMATION {
LARGE_INTEGER CreationTime;
LARGE_INTEGER LastAccessTime;
LARGE_INTEGER LastWriteTime;
LARGE_INTEGER ChangeTime;
ULONG FileAttributes;
} FILE_BASIC_INFORMATION, *PFILE_BASIC_INFORMATION;
typedef struct _FILE_STANDARD_INFORMATION {
LARGE_INTEGER AllocationSize;
LARGE_INTEGER EndOfFile;
ULONG NumberOfLinks;
BOOLEAN DeletePending;
BOOLEAN Directory;
} FILE_STANDARD_INFORMATION, *PFILE_STANDARD_INFORMATION;
typedef struct _FILE_INTERNAL_INFORMATION {
LARGE_INTEGER IndexNumber;
} FILE_INTERNAL_INFORMATION, *PFILE_INTERNAL_INFORMATION;
typedef struct _FILE_EA_INFORMATION {
ULONG EaSize;
} FILE_EA_INFORMATION, *PFILE_EA_INFORMATION;
typedef struct _FILE_ACCESS_INFORMATION {
ACCESS_MASK AccessFlags;
} FILE_ACCESS_INFORMATION, *PFILE_ACCESS_INFORMATION;
typedef struct _FILE_NAME_INFORMATION {
ULONG FileNameLength;
WCHAR FileName[1];
} FILE_NAME_INFORMATION, *PFILE_NAME_INFORMATION;
typedef struct _FILE_RENAME_INFORMATION {
BOOLEAN ReplaceIfExists;
HANDLE RootDirectory;
ULONG FileNameLength;
WCHAR FileName[1];
} FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION;
typedef struct _FILE_NAMES_INFORMATION {
ULONG NextEntryOffset;
ULONG FileIndex;
ULONG FileNameLength;
WCHAR FileName[1];
} FILE_NAMES_INFORMATION, *PFILE_NAMES_INFORMATION;
typedef struct _FILE_DISPOSITION_INFORMATION {
BOOLEAN DeleteFile;
} FILE_DISPOSITION_INFORMATION, *PFILE_DISPOSITION_INFORMATION;
typedef struct _FILE_POSITION_INFORMATION {
LARGE_INTEGER CurrentByteOffset;
} FILE_POSITION_INFORMATION, *PFILE_POSITION_INFORMATION;
typedef struct _FILE_FULL_EA_INFORMATION {
ULONG NextEntryOffset;
UCHAR Flags;
UCHAR EaNameLength;
USHORT EaValueLength;
CHAR EaName[1];
} FILE_FULL_EA_INFORMATION, *PFILE_FULL_EA_INFORMATION;
typedef struct _FILE_MODE_INFORMATION {
ULONG Mode;
} FILE_MODE_INFORMATION, *PFILE_MODE_INFORMATION;
typedef struct _FILE_ALIGNMENT_INFORMATION {
ULONG AlignmentRequirement;
} FILE_ALIGNMENT_INFORMATION, *PFILE_ALIGNMENT_INFORMATION;
typedef struct _FILE_ALL_INFORMATION {
FILE_BASIC_INFORMATION BasicInformation;
FILE_STANDARD_INFORMATION StandardInformation;
FILE_INTERNAL_INFORMATION InternalInformation;
FILE_EA_INFORMATION EaInformation;
FILE_ACCESS_INFORMATION AccessInformation;
FILE_POSITION_INFORMATION PositionInformation;
FILE_MODE_INFORMATION ModeInformation;
FILE_ALIGNMENT_INFORMATION AlignmentInformation;
FILE_NAME_INFORMATION NameInformation;
} FILE_ALL_INFORMATION, *PFILE_ALL_INFORMATION;
typedef struct _FILE_ALLOCATION_INFORMATION {
LARGE_INTEGER AllocationSize;
} FILE_ALLOCATION_INFORMATION, *PFILE_ALLOCATION_INFORMATION;
typedef struct _FILE_END_OF_FILE_INFORMATION {
LARGE_INTEGER EndOfFile;
} FILE_END_OF_FILE_INFORMATION, *PFILE_END_OF_FILE_INFORMATION;
typedef struct _FILE_STREAM_INFORMATION {
ULONG NextEntryOffset;
ULONG StreamNameLength;
LARGE_INTEGER StreamSize;
LARGE_INTEGER StreamAllocationSize;
WCHAR StreamName[1];
} FILE_STREAM_INFORMATION, *PFILE_STREAM_INFORMATION;
typedef struct _FILE_PIPE_INFORMATION {
ULONG ReadMode;
ULONG CompletionMode;
} FILE_PIPE_INFORMATION, *PFILE_PIPE_INFORMATION;
typedef struct _FILE_PIPE_LOCAL_INFORMATION {
ULONG NamedPipeType;
ULONG NamedPipeConfiguration;
ULONG MaximumInstances;
ULONG CurrentInstances;
ULONG InboundQuota;
ULONG ReadDataAvailable;
ULONG OutboundQuota;
ULONG WriteQuotaAvailable;
ULONG NamedPipeState;
ULONG NamedPipeEnd;
} FILE_PIPE_LOCAL_INFORMATION, *PFILE_PIPE_LOCAL_INFORMATION;
typedef struct _FILE_PIPE_REMOTE_INFORMATION {
LARGE_INTEGER CollectDataTime;
ULONG MaximumCollectionCount;
} FILE_PIPE_REMOTE_INFORMATION, *PFILE_PIPE_REMOTE_INFORMATION;
typedef struct _FILE_MAILSLOT_QUERY_INFORMATION {
ULONG MaximumMessageSize;
ULONG MailslotQuota;
ULONG NextMessageSize;
ULONG MessagesAvailable;
LARGE_INTEGER ReadTimeout;
} FILE_MAILSLOT_QUERY_INFORMATION, *PFILE_MAILSLOT_QUERY_INFORMATION;
typedef struct _FILE_MAILSLOT_SET_INFORMATION {
PLARGE_INTEGER ReadTimeout;
} FILE_MAILSLOT_SET_INFORMATION, *PFILE_MAILSLOT_SET_INFORMATION;
typedef struct _FILE_COMPRESSION_INFORMATION {
LARGE_INTEGER CompressedFileSize;
USHORT CompressionFormat;
UCHAR CompressionUnitShift;
UCHAR ChunkShift;
UCHAR ClusterShift;
UCHAR Reserved[3];
} FILE_COMPRESSION_INFORMATION, *PFILE_COMPRESSION_INFORMATION;
typedef struct _FILE_LINK_INFORMATION {
BOOLEAN ReplaceIfExists;
HANDLE RootDirectory;
ULONG FileNameLength;
WCHAR FileName[1];
} FILE_LINK_INFORMATION, *PFILE_LINK_INFORMATION;
typedef struct _FILE_OBJECTID_INFORMATION
{
LONGLONG FileReference;
UCHAR ObjectId[16];
union {
struct {
UCHAR BirthVolumeId[16];
UCHAR BirthObjectId[16];
UCHAR DomainId[16];
} ;
UCHAR ExtendedInfo[48];
};
} FILE_OBJECTID_INFORMATION, *PFILE_OBJECTID_INFORMATION;
typedef struct _FILE_COMPLETION_INFORMATION {
HANDLE Port;
PVOID Key;
} FILE_COMPLETION_INFORMATION, *PFILE_COMPLETION_INFORMATION;
typedef struct _FILE_MOVE_CLUSTER_INFORMATION {
ULONG ClusterCount;
HANDLE RootDirectory;
ULONG FileNameLength;
WCHAR FileName[1];
} FILE_MOVE_CLUSTER_INFORMATION, *PFILE_MOVE_CLUSTER_INFORMATION;
typedef struct _FILE_NETWORK_OPEN_INFORMATION {
LARGE_INTEGER CreationTime;
LARGE_INTEGER LastAccessTime;
LARGE_INTEGER LastWriteTime;
LARGE_INTEGER ChangeTime;
LARGE_INTEGER AllocationSize;
LARGE_INTEGER EndOfFile;
ULONG FileAttributes;
} FILE_NETWORK_OPEN_INFORMATION, *PFILE_NETWORK_OPEN_INFORMATION;
typedef struct _FILE_ATTRIBUTE_TAG_INFORMATION {
ULONG FileAttributes;
ULONG ReparseTag;
} FILE_ATTRIBUTE_TAG_INFORMATION, *PFILE_ATTRIBUTE_TAG_INFORMATION;
typedef struct _FILE_TRACKING_INFORMATION {
HANDLE DestinationFile;
ULONG ObjectInformationLength;
CHAR ObjectInformation[1];
} FILE_TRACKING_INFORMATION, *PFILE_TRACKING_INFORMATION;
typedef struct _FILE_REPARSE_POINT_INFORMATION {
LONGLONG FileReference;
ULONG Tag;
} FILE_REPARSE_POINT_INFORMATION, *PFILE_REPARSE_POINT_INFORMATION;
typedef struct _FILE_QUOTA_INFORMATION {
ULONG NextEntryOffset;
ULONG SidLength;
LARGE_INTEGER ChangeTime;
LARGE_INTEGER QuotaUsed;
LARGE_INTEGER QuotaThreshold;
LARGE_INTEGER QuotaLimit;
SID Sid;
} FILE_QUOTA_INFORMATION, *PFILE_QUOTA_INFORMATION;
typedef struct _FILE_ID_BOTH_DIR_INFORMATION {
ULONG NextEntryOffset;
ULONG FileIndex;
LARGE_INTEGER CreationTime;
LARGE_INTEGER LastAccessTime;
LARGE_INTEGER LastWriteTime;
LARGE_INTEGER ChangeTime;
LARGE_INTEGER EndOfFile;
LARGE_INTEGER AllocationSize;
ULONG FileAttributes;
ULONG FileNameLength;
ULONG EaSize;
CCHAR ShortNameLength;
WCHAR ShortName[12];
LARGE_INTEGER FileId;
WCHAR FileName[1];
} FILE_ID_BOTH_DIR_INFORMATION, *PFILE_ID_BOTH_DIR_INFORMATION;
typedef struct _FILE_ID_FULL_DIR_INFORMATION {
ULONG NextEntryOffset;
ULONG FileIndex;
LARGE_INTEGER CreationTime;
LARGE_INTEGER LastAccessTime;
LARGE_INTEGER LastWriteTime;
LARGE_INTEGER ChangeTime;
LARGE_INTEGER EndOfFile;
LARGE_INTEGER AllocationSize;
ULONG FileAttributes;
ULONG FileNameLength;
ULONG EaSize;
LARGE_INTEGER FileId;
WCHAR FileName[1];
} FILE_ID_FULL_DIR_INFORMATION, *PFILE_ID_FULL_DIR_INFORMATION;
typedef struct _FILE_VALID_DATA_LENGTH_INFORMATION {
LARGE_INTEGER ValidDataLength;
} FILE_VALID_DATA_LENGTH_INFORMATION, *PFILE_VALID_DATA_LENGTH_INFORMATION;
//
// Don't queue an entry to an associated completion port if returning success
// synchronously.
//
#define FILE_SKIP_COMPLETION_PORT_ON_SUCCESS 0x1
//
// Don't set the file handle event on IO completion.
//
#define FILE_SKIP_SET_EVENT_ON_HANDLE 0x2
//
// Don't set user supplied event on successful fast-path IO completion.
//
#define FILE_SKIP_SET_USER_EVENT_ON_FAST_IO 0x4
typedef struct _FILE_IO_COMPLETION_NOTIFICATION_INFORMATION {
ULONG Flags;
} FILE_IO_COMPLETION_NOTIFICATION_INFORMATION, *PFILE_IO_COMPLETION_NOTIFICATION_INFORMATION;
typedef struct _FILE_PROCESS_IDS_USING_FILE_INFORMATION {
ULONG NumberOfProcessIdsInList;
ULONG_PTR ProcessIdList[1];
} FILE_PROCESS_IDS_USING_FILE_INFORMATION, *PFILE_PROCESS_IDS_USING_FILE_INFORMATION;
typedef struct _FILE_IOSTATUSBLOCK_RANGE_INFORMATION {
PUCHAR IoStatusBlockRange;
ULONG Length;
} FILE_IOSTATUSBLOCK_RANGE_INFORMATION, *PFILE_IOSTATUSBLOCK_RANGE_INFORMATION;
typedef enum _IO_PRIORITY_HINT {
IoPriorityVeryLow = 0, // Winfs promotion, defragging, content indexing and other background I/Os
IoPriorityLow, // Prefetching for applications.
IoPriorityNormal, // Normal I/Os
IoPriorityHigh, // Used by filesystems for checkpoint I/O
IoPriorityCritical, // Used by memory manager. Not available for applications.
MaxIoPriorityTypes
} IO_PRIORITY_HINT;
typedef struct _FILE_IO_PRIORITY_HINT_INFORMATION {
IO_PRIORITY_HINT PriorityHint;
} FILE_IO_PRIORITY_HINT_INFORMATION, *PFILE_IO_PRIORITY_HINT_INFORMATION;
//
// Support to reserve bandwidth for a file handle.
//
typedef struct _FILE_SFIO_RESERVE_INFORMATION {
ULONG RequestsPerPeriod;
ULONG Period;
BOOLEAN RetryFailures;
BOOLEAN Discardable;
ULONG RequestSize;
ULONG NumOutstandingRequests;
} FILE_SFIO_RESERVE_INFORMATION, *PFILE_SFIO_RESERVE_INFORMATION;
//
// Support to query bandwidth properties of a volume.
//
typedef struct _FILE_SFIO_VOLUME_INFORMATION {
ULONG MaximumRequestsPerPeriod;
ULONG MinimumPeriod;
ULONG MinimumTransferSize;
} FILE_SFIO_VOLUME_INFORMATION, *PFILE_SFIO_VOLUME_INFORMATION;
typedef struct _FILE_LINK_ENTRY_INFORMATION {
ULONG NextEntryOffset;
LONGLONG ParentFileId;
ULONG FileNameLength;
WCHAR FileName[1];
} FILE_LINK_ENTRY_INFORMATION, *PFILE_LINK_ENTRY_INFORMATION;
typedef struct _FILE_LINKS_INFORMATION
{
ULONG BytesNeeded;
ULONG EntriesReturned;
FILE_LINK_ENTRY_INFORMATION Entry;
} FILE_LINKS_INFORMATION, *PFILE_LINKS_INFORMATION;
typedef struct _FILE_ID_GLOBAL_TX_DIR_INFORMATION
{
ULONG NextEntryOffset;
ULONG FileIndex;
LARGE_INTEGER CreationTime;
LARGE_INTEGER LastAccessTime;
LARGE_INTEGER LastWriteTime;
LARGE_INTEGER ChangeTime;
LARGE_INTEGER EndOfFile;
LARGE_INTEGER AllocationSize;
ULONG FileAttributes;
ULONG FileNameLength;
LARGE_INTEGER FileId;
GUID LockingTransactionId;
ULONG TxInfoFlags;
WCHAR FileName[1];
} FILE_ID_GLOBAL_TX_DIR_INFORMATION, *PFILE_ID_GLOBAL_TX_DIR_INFORMATION;
typedef struct _FILE_IS_REMOTE_DEVICE_INFORMATION
{
BOOLEAN IsRemote;
} FILE_IS_REMOTE_DEVICE_INFORMATION, *PFILE_IS_REMOTE_DEVICE_INFORMATION;
typedef struct _FILE_NUMA_NODE_INFORMATION {
USHORT NodeNumber;
} FILE_NUMA_NODE_INFORMATION, *PFILE_NUMA_NODE_INFORMATION;
/*
typedef struct _FILE_REMOTE_PROTOCOL_INFO
{
USHORT StructureVersion;
USHORT StructureSize;
ULONG Protocol;
USHORT ProtocolMajorVersion;
USHORT ProtocolMinorVersion;
USHORT ProtocolRevision;
USHORT Reserved;
ULONG Flags;
struct {
ULONG Reserved[8];
} GenericReserved;
struct {
ULONG Reserved[16];
} ProtocolSpecificReserved;
} FILE_REMOTE_PROTOCOL_INFO, *PFILE_REMOTE_PROTOCOL_INFO;
*/
typedef enum _FSINFOCLASS {
FileFsVolumeInformation = 1,
FileFsLabelInformation, // 0x02
FileFsSizeInformation, // 0x03
FileFsDeviceInformation, // 0x04
FileFsAttributeInformation, // 0x05
FileFsControlInformation, // 0x06
FileFsFullSizeInformation, // 0x07
FileFsObjectIdInformation, // 0x08
FileFsDriverPathInformation, // 0x09
FileFsVolumeFlagsInformation, // 0x0A
FileFsMaximumInformation // 0x0B
} FS_INFORMATION_CLASS, *PFS_INFORMATION_CLASS;
typedef struct _FILE_FS_VOLUME_INFORMATION {
LARGE_INTEGER VolumeCreationTime;
ULONG VolumeSerialNumber;
ULONG VolumeLabelLength;
BOOLEAN SupportsObjects;
WCHAR VolumeLabel[1];
} FILE_FS_VOLUME_INFORMATION, *PFILE_FS_VOLUME_INFORMATION;
typedef struct _FILE_FS_LABEL_INFORMATION {
ULONG VolumeLabelLength;
WCHAR VolumeLabel[1];
} FILE_FS_LABEL_INFORMATION, *PFILE_FS_LABEL_INFORMATION;
typedef struct _FILE_FS_SIZE_INFORMATION {
LARGE_INTEGER TotalAllocationUnits;
LARGE_INTEGER AvailableAllocationUnits;
ULONG SectorsPerAllocationUnit;
ULONG BytesPerSector;
} FILE_FS_SIZE_INFORMATION, *PFILE_FS_SIZE_INFORMATION;
typedef struct _FILE_FS_DEVICE_INFORMATION {
DEVICE_TYPE DeviceType;
ULONG Characteristics;
} FILE_FS_DEVICE_INFORMATION, *PFILE_FS_DEVICE_INFORMATION;
typedef struct _FILE_FS_ATTRIBUTE_INFORMATION {
ULONG FileSystemAttributes;
LONG MaximumComponentNameLength;
ULONG FileSystemNameLength;
WCHAR FileSystemName[1];
} FILE_FS_ATTRIBUTE_INFORMATION, *PFILE_FS_ATTRIBUTE_INFORMATION;
typedef struct _FILE_FS_CONTROL_INFORMATION {
LARGE_INTEGER FreeSpaceStartFiltering;
LARGE_INTEGER FreeSpaceThreshold;
LARGE_INTEGER FreeSpaceStopFiltering;
LARGE_INTEGER DefaultQuotaThreshold;
LARGE_INTEGER DefaultQuotaLimit;
ULONG FileSystemControlFlags;
} FILE_FS_CONTROL_INFORMATION, *PFILE_FS_CONTROL_INFORMATION;
typedef struct _FILE_FS_FULL_SIZE_INFORMATION {
LARGE_INTEGER TotalAllocationUnits;
LARGE_INTEGER CallerAvailableAllocationUnits;
LARGE_INTEGER ActualAvailableAllocationUnits;
ULONG SectorsPerAllocationUnit;
ULONG BytesPerSector;
} FILE_FS_FULL_SIZE_INFORMATION, *PFILE_FS_FULL_SIZE_INFORMATION;
typedef struct _FILE_FS_OBJECTID_INFORMATION {
UCHAR ObjectId[16];
UCHAR ExtendedInfo[48];
} FILE_FS_OBJECTID_INFORMATION, *PFILE_FS_OBJECTID_INFORMATION;
typedef struct _FILE_FS_DRIVER_PATH_INFORMATION {
BOOLEAN DriverInPath;
ULONG DriverNameLength;
WCHAR DriverName[1];
} FILE_FS_DRIVER_PATH_INFORMATION, *PFILE_FS_DRIVER_PATH_INFORMATION;
typedef struct _FILE_FS_VOLUME_FLAGS_INFORMATION {
ULONG Flags;
} FILE_FS_VOLUME_FLAGS_INFORMATION, *PFILE_FS_VOLUME_FLAGS_INFORMATION;
NTSYSAPI
NTSTATUS
NTAPI
ZwCreateFile(
OUT PHANDLE FileHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN PLARGE_INTEGER AllocationSize,
IN ULONG FileAttributes,
IN ULONG ShareAccess,
IN ULONG CreateDisposition,
IN ULONG CreateOptions,
IN PVOID EaBuffer,
IN ULONG EaLength);
NTSYSAPI
NTSTATUS
NTAPI
ZwOpenFile(
OUT PHANDLE FileHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN ULONG ShareAccess,
IN ULONG OpenOptions
);
NTSYSAPI
NTSTATUS
NTAPI
NtQueryAttributesFile(
IN POBJECT_ATTRIBUTES ObjectAttributes,
OUT PFILE_BASIC_INFORMATION FileInformation
);
NTSYSAPI
NTSTATUS
NTAPI
ZwQueryAttributesFile(
IN POBJECT_ATTRIBUTES ObjectAttributes,
OUT PFILE_BASIC_INFORMATION FileInformation
);
NTSYSAPI
NTSTATUS
NTAPI
NtQueryInformationFile(
IN HANDLE FileHandle,
OUT PIO_STATUS_BLOCK IoStatusBlock,
OUT PVOID FileInformation,
IN ULONG Length,
IN FILE_INFORMATION_CLASS FileInformationClass
);
NTSYSAPI
NTSTATUS
NTAPI
ZwQueryInformationFile(
IN HANDLE FileHandle,
OUT PIO_STATUS_BLOCK IoStatusBlock,
OUT PVOID FileInformation,
IN ULONG Length,
IN FILE_INFORMATION_CLASS FileInformationClass
);
NTSYSAPI
NTSTATUS
NTAPI
NtQueryDirectoryFile(
IN HANDLE FileHandle,
IN HANDLE Event OPTIONAL,
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
IN PVOID ApcContext OPTIONAL,
OUT PIO_STATUS_BLOCK IoStatusBlock,
OUT PVOID FileInformation,
IN ULONG Length,
IN FILE_INFORMATION_CLASS FileInformationClass,
IN BOOLEAN ReturnSingleEntry,
IN PUNICODE_STRING FileName OPTIONAL,
IN BOOLEAN RestartScan
);
NTSYSAPI
NTSTATUS
NTAPI
ZwQueryDirectoryFile(
IN HANDLE FileHandle,
IN HANDLE Event OPTIONAL,
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
IN PVOID ApcContext OPTIONAL,
OUT PIO_STATUS_BLOCK IoStatusBlock,
OUT PVOID FileInformation,
IN ULONG Length,
IN FILE_INFORMATION_CLASS FileInformationClass,
IN BOOLEAN ReturnSingleEntry,
IN PUNICODE_STRING FileName OPTIONAL,
IN BOOLEAN RestartScan
);
NTSYSAPI
NTSTATUS
NTAPI
NtQueryVolumeInformationFile(
IN HANDLE FileHandle,
OUT PIO_STATUS_BLOCK IoStatusBlock,
OUT PVOID FsInformation,
IN ULONG Length,
IN FS_INFORMATION_CLASS FsInformationClass
);
NTSYSAPI
NTSTATUS
NTAPI
ZwQueryVolumeInformationFile(
IN HANDLE FileHandle,
OUT PIO_STATUS_BLOCK IoStatusBlock,
OUT PVOID FsInformation,
IN ULONG Length,
IN FS_INFORMATION_CLASS FsInformationClass
);
NTSYSAPI
NTSTATUS
NTAPI
NtSetInformationFile(
IN HANDLE FileHandle,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN PVOID FileInformation,
IN ULONG Length,
IN FILE_INFORMATION_CLASS FileInformationClass
);
NTSYSAPI
NTSTATUS
NTAPI
ZwSetInformationFile(
IN HANDLE FileHandle,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN PVOID FileInformation,
IN ULONG Length,
IN FILE_INFORMATION_CLASS FileInformationClass
);
NTSYSAPI
NTSTATUS
NTAPI
NtSetVolumeInformationFile(
IN HANDLE FileHandle,
OUT PIO_STATUS_BLOCK IoStatusBlock,
OUT PVOID FsInformation,
IN ULONG Length,
IN FS_INFORMATION_CLASS FsInformationClass
);
NTSYSAPI
NTSTATUS
NTAPI
ZwSetVolumeInformationFile(
IN HANDLE FileHandle,
OUT PIO_STATUS_BLOCK IoStatusBlock,
OUT PVOID FsInformation,
IN ULONG Length,
IN FS_INFORMATION_CLASS FsInformationClass
);
NTSYSAPI
NTSTATUS
NTAPI
NtQueryEaFile(
IN HANDLE FileHandle,
OUT PIO_STATUS_BLOCK IoStatusBlock,
OUT PVOID Buffer,
IN ULONG Length,
IN BOOLEAN ReturnSingleEntry,
IN PVOID EaList OPTIONAL,
IN ULONG EaListLength,
IN PULONG EaIndex OPTIONAL,
IN BOOLEAN RestartScan);
NTSYSAPI
NTSTATUS
NTAPI
ZwQueryEaFile(
IN HANDLE FileHandle,
OUT PIO_STATUS_BLOCK IoStatusBlock,
OUT PVOID Buffer,
IN ULONG Length,
IN BOOLEAN ReturnSingleEntry,
IN PVOID EaList OPTIONAL,
IN ULONG EaListLength,
IN PULONG EaIndex OPTIONAL,
IN BOOLEAN RestartScan);
NTSYSAPI
NTSTATUS
NTAPI
NtSetEaFile(
IN HANDLE FileHandle,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN PVOID Buffer,
IN ULONG Length);
NTSYSAPI
NTSTATUS
NTAPI
ZwSetEaFile(
IN HANDLE FileHandle,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN PVOID Buffer,
IN ULONG Length);
NTSYSAPI
NTSTATUS
NTAPI
NtReadFile(
IN HANDLE FileHandle,
IN HANDLE Event OPTIONAL,
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
IN PVOID ApcContext OPTIONAL,
OUT PIO_STATUS_BLOCK IoStatusBlock,
OUT PVOID Buffer,
IN ULONG Length,
IN PLARGE_INTEGER ByteOffset OPTIONAL,
IN PULONG Key OPTIONAL
);
NTSYSAPI
NTSTATUS
NTAPI
ZwReadFile(
IN HANDLE FileHandle,
IN HANDLE Event OPTIONAL,
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
IN PVOID ApcContext OPTIONAL,
OUT PIO_STATUS_BLOCK IoStatusBlock,
OUT PVOID Buffer,
IN ULONG Length,
IN PLARGE_INTEGER ByteOffset OPTIONAL,
IN PULONG Key OPTIONAL
);
NTSYSAPI
NTSTATUS
NTAPI
NtWriteFile(
IN HANDLE FileHandle,
IN HANDLE Event OPTIONAL,
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
IN PVOID ApcContext OPTIONAL,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN PVOID Buffer,
IN ULONG Length,
IN PLARGE_INTEGER ByteOffset OPTIONAL,
IN PULONG Key OPTIONAL
);
NTSYSAPI
NTSTATUS
NTAPI
ZwWriteFile(
IN HANDLE FileHandle,
IN HANDLE Event OPTIONAL,
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
IN PVOID ApcContext OPTIONAL,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN PVOID Buffer,
IN ULONG Length,
IN PLARGE_INTEGER ByteOffset OPTIONAL,
IN PULONG Key OPTIONAL
);
NTSYSAPI
NTSTATUS
NTAPI
NtDeleteFile(
IN POBJECT_ATTRIBUTES ObjectAttributes
);
NTSYSAPI
NTSTATUS
NTAPI
ZwDeleteFile(
IN POBJECT_ATTRIBUTES ObjectAttributes
);
NTSYSAPI
NTSTATUS
NTAPI
NtFlushBuffersFile(
IN HANDLE FileHandle,
OUT PIO_STATUS_BLOCK IoStatusBlock
);
NTSYSAPI
NTSTATUS
NTAPI
ZwFlushBuffersFile(
IN HANDLE FileHandle,
OUT PIO_STATUS_BLOCK IoStatusBlock
);
NTSYSAPI
NTSTATUS
NTAPI
ZwDeviceIoControlFile(
IN HANDLE FileHandle,
IN HANDLE Event,
IN PIO_APC_ROUTINE ApcRoutine,
IN PVOID ApcContext,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN ULONG IoControlCode,
IN PVOID InputBuffer,
IN ULONG InputBufferLength,
IN PVOID OutputBuffer,
IN ULONG OutputBufferLength
);
NTSYSAPI
NTSTATUS
NTAPI
NtFsControlFile(
IN HANDLE FileHandle,
IN HANDLE Event,
IN PIO_APC_ROUTINE ApcRoutine,
IN PVOID ApcContext,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN ULONG FsControlCode,
IN PVOID InputBuffer,
IN ULONG InputBufferLength,
IN PVOID OutputBuffer,
IN ULONG OutputBufferLength
);
NTSYSAPI
NTSTATUS
NTAPI
ZwFsControlFile(
IN HANDLE FileHandle,
IN HANDLE Event,
IN PIO_APC_ROUTINE ApcRoutine,
IN PVOID ApcContext,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN ULONG FsControlCode,
IN PVOID InputBuffer,
IN ULONG InputBufferLength,
IN PVOID OutputBuffer,
IN ULONG OutputBufferLength
);
NTSYSAPI
NTSTATUS
NTAPI
NtCancelIoFile(
IN HANDLE Filehandle,
OUT PIO_STATUS_BLOCK IoStatusBlock
);
NTSYSAPI
NTSTATUS
NTAPI
ZwCancelIoFile(
IN HANDLE Filehandle,
OUT PIO_STATUS_BLOCK IoStatusBlock
);
NTSYSAPI
NTSTATUS
NTAPI
NtLockFile(
IN HANDLE FileHandle,
IN HANDLE Event OPTIONAL,
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
IN PVOID ApcContext OPTIONAL,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN PLARGE_INTEGER ByteOffset,
IN PLARGE_INTEGER Length,
IN ULONG Key,
IN BOOLEAN FailImmediately,
IN BOOLEAN ExclusiveLock
);
NTSYSAPI
NTSTATUS
NTAPI
ZwLockFile(
IN HANDLE FileHandle,
IN HANDLE Event OPTIONAL,
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
IN PVOID ApcContext OPTIONAL,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN PLARGE_INTEGER ByteOffset,
IN PLARGE_INTEGER Length,
IN ULONG Key,
IN BOOLEAN FailImmediately,
IN BOOLEAN ExclusiveLock
);
NTSTATUS
NtUnlockFile(
IN HANDLE FileHandle,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN PLARGE_INTEGER ByteOffset,
IN PLARGE_INTEGER Length,
IN ULONG Key
);
NTSTATUS
ZwUnlockFile(
IN HANDLE FileHandle,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN PLARGE_INTEGER ByteOffset,
IN PLARGE_INTEGER Length,
IN ULONG Key
);
NTSYSAPI
BOOLEAN
NTAPI
RtlDosPathNameToNtPathName_U (
IN PWSTR DosPathName,
OUT PUNICODE_STRING NtPathName,
OUT PWSTR * NtFileNamePart OPTIONAL,
OUT PCURDIR DirectoryInfo OPTIONAL
);
//-----------------------------------------------------------------------------
// Process functions
#define GDI_HANDLE_BUFFER_SIZE 34
// For ProcessExecuteFlags
#define MEM_EXECUTE_OPTION_DISABLE 0x01
#define MEM_EXECUTE_OPTION_ENABLE 0x02
#define MEM_EXECUTE_OPTION_PERMANENT 0x08
typedef struct _RTL_DRIVE_LETTER_CURDIR
{
USHORT Flags;
USHORT Length;
ULONG TimeStamp;
STRING DosPath;
} RTL_DRIVE_LETTER_CURDIR, *PRTL_DRIVE_LETTER_CURDIR;
typedef struct _SECTION_IMAGE_INFORMATION
{
PVOID TransferAddress;
ULONG ZeroBits;
ULONG_PTR MaximumStackSize;
ULONG_PTR CommittedStackSize;
ULONG SubSystemType;
union _SECTION_IMAGE_INFORMATION_u0
{
struct _SECTION_IMAGE_INFORMATION_s0
{
USHORT SubSystemMinorVersion;
USHORT SubSystemMajorVersion;
};
ULONG SubSystemVersion;
};
ULONG GpValue;
USHORT ImageCharacteristics;
USHORT DllCharacteristics;
USHORT Machine;
BOOLEAN ImageContainsCode;
BOOLEAN Spare1;
ULONG LoaderFlags;
ULONG Reserved[2];
} SECTION_IMAGE_INFORMATION, *PSECTION_IMAGE_INFORMATION;
typedef struct _RTL_USER_PROCESS_INFORMATION
{
ULONG Length;
HANDLE ProcessHandle;
HANDLE ThreadHandle;
CLIENT_ID ClientId;
SECTION_IMAGE_INFORMATION ImageInformation;
} RTL_USER_PROCESS_INFORMATION, *PRTL_USER_PROCESS_INFORMATION;
//
// Process Environment Block
//
typedef struct _PEB_FREE_BLOCK
{
struct _PEB_FREE_BLOCK *Next;
ULONG Size;
} PEB_FREE_BLOCK, *PPEB_FREE_BLOCK;
typedef VOID (NTAPI *PUSER_THREAD_START_ROUTINE)(IN PVOID ApcArgument1);
NTSYSAPI
NTSTATUS
NTAPI
RtlAdjustPrivilege(
ULONG Privilege,
BOOLEAN Enable,
BOOLEAN CurrentThread,
PBOOLEAN Enabled
);
NTSYSAPI
NTSTATUS
NTAPI
RtlCreateProcessParameters(
PRTL_USER_PROCESS_PARAMETERS *ProcessParameters,
PUNICODE_STRING ImagePathName,
PUNICODE_STRING DllPath,
PUNICODE_STRING CurrentDirectory,
PUNICODE_STRING CommandLine,
PVOID Environment,
PUNICODE_STRING WindowTitle,
PUNICODE_STRING DesktopInfo,
PUNICODE_STRING ShellInfo,
PUNICODE_STRING RuntimeData
);
NTSYSAPI
NTSTATUS
NTAPI
RtlDestroyProcessParameters(
PRTL_USER_PROCESS_PARAMETERS ProcessParameters
);
NTSYSAPI
NTSTATUS
NTAPI
RtlCreateUserProcess(
PUNICODE_STRING NtImagePathName,
ULONG Attributes,
PRTL_USER_PROCESS_PARAMETERS ProcessParameters,
PSECURITY_DESCRIPTOR ProcessSecurityDescriptor,
PSECURITY_DESCRIPTOR ThreadSecurityDescriptor,
HANDLE ParentProcess,
BOOLEAN InheritHandles,
HANDLE DebugPort,
HANDLE ExceptionPort,
PRTL_USER_PROCESS_INFORMATION ProcessInformation
);
#define NtCurrentProcess() ((HANDLE) -1)
#define NtCurrentThread() ((HANDLE) -2)
#define NtCurrentPeb() (PPEB)(NtCurrentTeb()->ProcessEnvironmentBlock)
NTSYSAPI
NTSTATUS
NTAPI
NtCreateProcess(
OUT PHANDLE ProcessHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
IN HANDLE ParentProcess,
IN BOOLEAN InheritObjectTable,
IN HANDLE SectionHandle OPTIONAL,
IN HANDLE DebugPort OPTIONAL,
IN HANDLE ExceptionPort OPTIONAL
);
NTSYSAPI
NTSTATUS
NTAPI
ZwCreateProcess(
OUT PHANDLE ProcessHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
IN HANDLE ParentProcess,
IN BOOLEAN InheritObjectTable,
IN HANDLE SectionHandle OPTIONAL,
IN HANDLE DebugPort OPTIONAL,
IN HANDLE ExceptionPort OPTIONAL
);
NTSYSAPI
NTSTATUS
NTAPI
ZwQueryInformationProcess(
IN HANDLE ProcessHandle,
IN PROCESSINFOCLASS ProcessInformationClass,
OUT PVOID ProcessInformation,
IN ULONG ProcessInformationLength,
OUT PULONG ReturnLength OPTIONAL
);
NTSYSAPI
NTSTATUS
NTAPI
ZwQueryInformationThread(
IN HANDLE ThreadHandle,
IN THREADINFOCLASS ThreadInformationClass,
OUT PVOID ThreadInformation,
IN ULONG ThreadInformationLength,
OUT PULONG ReturnLength OPTIONAL
);
NTSYSAPI
NTSTATUS
NTAPI
NtSetInformationProcess (
IN HANDLE ProcessHandle,
IN PROCESSINFOCLASS ProcessInformationClass,
IN PVOID ProcessInformation,
IN ULONG ProcessInformationLength
);
NTSYSAPI
NTSTATUS
NTAPI
ZwSetInformationProcess(
IN HANDLE ProcessHandle,
IN PROCESSINFOCLASS ProcessInformationClass,
IN PVOID ProcessInformation,
IN ULONG ProcessInformationLength
);
NTSYSAPI
NTSTATUS
NTAPI
NtSuspendThread(
IN HANDLE ThreadHandle,
OUT PULONG PreviousSuspendCount OPTIONAL
);
NTSYSAPI
NTSTATUS
NTAPI
NtResumeThread(
IN HANDLE ThreadHandle,
OUT PULONG PreviousSuspendCount OPTIONAL
);
NTSYSAPI
NTSTATUS
NTAPI
NtTerminateThread(
HANDLE Thread,
NTSTATUS ExitStatus
);
NTSYSAPI
NTSTATUS
NTAPI
ZwTerminateThread(
HANDLE Thread,
NTSTATUS ExitStatus
);
NTSYSAPI
NTSTATUS
NTAPI
NtTerminateProcess(
HANDLE Process,
NTSTATUS ExitStatus
);
NTSYSAPI
NTSTATUS
NTAPI
ZwTerminateProcess(
HANDLE Process,
NTSTATUS ExitStatus
);
//------------------------------------------------------------------------------
// LPC Functions
#define MAX_LPC_DATA 0x130 // Maximum number of bytes that can be copied through LPC
// Valid values for PORT_MESSAGE::u2::s2::Type
#define LPC_REQUEST 1
#define LPC_REPLY 2
#define LPC_DATAGRAM 3
#define LPC_LOST_REPLY 4
#define LPC_PORT_CLOSED 5
#define LPC_CLIENT_DIED 6
#define LPC_EXCEPTION 7
#define LPC_DEBUG_EVENT 8
#define LPC_ERROR_EVENT 9
#define LPC_CONNECTION_REQUEST 10
#define ALPC_REQUEST 0x2000 | LPC_REQUEST
#define ALPC_CONNECTION_REQUEST 0x2000 | LPC_CONNECTION_REQUEST
//
// Define header for Port Message
//
typedef struct _PORT_MESSAGE
{
union
{
struct
{
USHORT DataLength; // Length of data following the header (bytes)
USHORT TotalLength; // Length of data + sizeof(PORT_MESSAGE)
} s1;
ULONG Length;
} u1;
union
{
struct
{
USHORT Type;
USHORT DataInfoOffset;
} s2;
ULONG ZeroInit;
} u2;
union
{
CLIENT_ID ClientId;
double DoNotUseThisField; // Force quadword alignment
};
ULONG MessageId; // Identifier of the particular message instance
union
{
ULONG_PTR ClientViewSize; // Size of section created by the sender (in bytes)
ULONG CallbackId; //
};
} PORT_MESSAGE, *PPORT_MESSAGE;
//
// Define structure for initializing shared memory on the caller's side of the port
//
typedef struct _PORT_VIEW {
ULONG Length; // Size of this structure
HANDLE SectionHandle; // Handle to section object with
// SECTION_MAP_WRITE and SECTION_MAP_READ
ULONG SectionOffset; // The offset in the section to map a view for
// the port data area. The offset must be aligned
// with the allocation granularity of the system.
SIZE_T ViewSize; // The size of the view (in bytes)
PVOID ViewBase; // The base address of the view in the creator
//
PVOID ViewRemoteBase; // The base address of the view in the process
// connected to the port.
} PORT_VIEW, *PPORT_VIEW;
//
// Define structure for shared memory coming from remote side of the port
//
typedef struct _REMOTE_PORT_VIEW {
ULONG Length; // Size of this structure
SIZE_T ViewSize; // The size of the view (bytes)
PVOID ViewBase; // Base address of the view
} REMOTE_PORT_VIEW, *PREMOTE_PORT_VIEW;
//
// Macro for initializing the message header
//
#ifndef InitializeMessageHeader
#define InitializeMessageHeader(ph, l, t) \
{ \
(ph)->u1.s1.TotalLength = (USHORT)(l); \
(ph)->u1.s1.DataLength = (USHORT)(l - sizeof(PORT_MESSAGE)); \
(ph)->u2.s2.Type = (USHORT)(t); \
(ph)->u2.s2.DataInfoOffset = 0; \
(ph)->ClientId.UniqueProcess = NULL; \
(ph)->ClientId.UniqueThread = NULL; \
(ph)->MessageId = 0; \
(ph)->ClientViewSize = 0; \
}
#endif
/*++
NtCreatePort
============
Creates a LPC port object. The creator of the LPC port becomes a server
of LPC communication
PortHandle - Points to a variable that will receive the
port object handle if the call is successful.
ObjectAttributes - Points to a structure that specifies the object�s
attributes. OBJ_KERNEL_HANDLE, OBJ_OPENLINK, OBJ_OPENIF, OBJ_EXCLUSIVE,
OBJ_PERMANENT, and OBJ_INHERIT are not valid attributes for a port object.
MaxConnectionInfoLength - The maximum size, in bytes, of data that can
be sent through the port.
MaxMessageLength - The maximum size, in bytes, of a message
that can be sent through the port.
MaxPoolUsage - Specifies the maximum amount of NonPaged pool that can be used for
message storage. Zero means default value.
ZwCreatePort verifies that (MaxDataSize <= 0x104) and (MaxMessageSize <= 0x148).
--*/
NTSYSAPI
NTSTATUS
NTAPI
NtCreatePort(
OUT PHANDLE PortHandle,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN ULONG MaxConnectionInfoLength,
IN ULONG MaxMessageLength,
IN ULONG MaxPoolUsage
);
NTSYSAPI
NTSTATUS
NTAPI
ZwCreatePort(
OUT PHANDLE PortHandle,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN ULONG MaxConnectionInfoLength,
IN ULONG MaxMessageLength,
IN ULONG MaxPoolUsage
);
/*++
NtConnectPort
=============
Creates a port connected to a named port (cliend side).
PortHandle - A pointer to a variable that will receive the client
communication port object handle value.
PortName - Points to a structure that specifies the name
of the port to connect to.
SecurityQos - Points to a structure that specifies the level
of impersonation available to the port listener.
ClientView - Optionally points to a structure describing
the shared memory region used to send large amounts of data
to the listener; if the call is successful, this will be updated.
ServerView - Optionally points to a caller-allocated buffer
or variable that receives information on the shared memory region
used by the listener to send large amounts of data to the
caller.
MaxMessageLength - Optionally points to a variable that receives the size,
in bytes, of the largest message that can be sent through the port.
ConnectionInformation - Optionally points to a caller-allocated
buffer or variable that specifies connect data to send to the listener,
and receives connect data sent by the listener.
ConnectionInformationLength - Optionally points to a variable that
specifies the size, in bytes, of the connect data to send
to the listener, and receives the size of the connect data
sent by the listener.
--*/
NTSYSAPI
NTSTATUS
NTAPI
NtConnectPort(
OUT PHANDLE PortHandle,
IN PUNICODE_STRING PortName,
IN PSECURITY_QUALITY_OF_SERVICE SecurityQos,
IN OUT PPORT_VIEW ClientView OPTIONAL,
OUT PREMOTE_PORT_VIEW ServerView OPTIONAL,
OUT PULONG MaxMessageLength OPTIONAL,
IN OUT PVOID ConnectionInformation OPTIONAL,
IN OUT PULONG ConnectionInformationLength OPTIONAL
);
NTSYSAPI
NTSTATUS
NTAPI
ZwConnectPort(
OUT PHANDLE PortHandle,
IN PUNICODE_STRING PortName,
IN PSECURITY_QUALITY_OF_SERVICE SecurityQos,
IN OUT PPORT_VIEW ClientView OPTIONAL,
OUT PREMOTE_PORT_VIEW ServerView OPTIONAL,
OUT PULONG MaxMessageLength OPTIONAL,
IN OUT PVOID ConnectionInformation OPTIONAL,
IN OUT PULONG ConnectionInformationLength OPTIONAL
);
/*++
NtListenPort
============
Listens on a port for a connection request message on the server side.
PortHandle - A handle to a port object. The handle doesn't need
to grant any specific access.
ConnectionRequest - Points to a caller-allocated buffer
or variable that receives the connect message sent to
the port.
--*/
NTSYSAPI
NTSTATUS
NTAPI
NtListenPort(
IN HANDLE PortHandle,
OUT PPORT_MESSAGE RequestMessage
);
NTSYSAPI
NTSTATUS
NTAPI
ZwListenPort(
IN HANDLE PortHandle,
OUT PPORT_MESSAGE RequestMessage
);
/*++
NtAcceptConnectPort
===================
Accepts or rejects a connection request on the server side.
PortHandle - Points to a variable that will receive the port object
handle if the call is successful.
PortContext - A numeric identifier to be associated with the port.
ConnectionRequest - Points to a caller-allocated buffer or variable
that identifies the connection request and contains any connect
data that should be returned to requestor of the connection
AcceptConnection - Specifies whether the connection should
be accepted or not
ServerView - Optionally points to a structure describing
the shared memory region used to send large amounts of data to the
requestor; if the call is successful, this will be updated
ClientView - Optionally points to a caller-allocated buffer
or variable that receives information on the shared memory
region used by the requestor to send large amounts of data to the
caller
--*/
NTSYSAPI
NTSTATUS
NTAPI
NtAcceptConnectPort(
OUT PHANDLE PortHandle,
IN PVOID PortContext OPTIONAL,
IN PPORT_MESSAGE ConnectionRequest,
IN BOOLEAN AcceptConnection,
IN OUT PPORT_VIEW ServerView OPTIONAL,
OUT PREMOTE_PORT_VIEW ClientView OPTIONAL
);
NTSYSAPI
NTSTATUS
NTAPI
ZwAcceptConnectPort(
OUT PHANDLE PortHandle,
IN PVOID PortContext OPTIONAL,
IN PPORT_MESSAGE ConnectionRequest,
IN BOOLEAN AcceptConnection,
IN OUT PPORT_VIEW ServerView OPTIONAL,
OUT PREMOTE_PORT_VIEW ClientView OPTIONAL
);
/*++
NtCompleteConnectPort
=====================
Completes the port connection process on the server side.
PortHandle - A handle to a port object. The handle doesn't need
to grant any specific access.
--*/
NTSYSAPI
NTSTATUS
NTAPI
NtCompleteConnectPort(
IN HANDLE PortHandle
);
NTSYSAPI
NTSTATUS
NTAPI
ZwCompleteConnectPort(
IN HANDLE PortHandle
);
/*++
NtRequestPort
=============
Sends a request message to a port (client side)
PortHandle - A handle to a port object. The handle doesn't need
to grant any specific access.
RequestMessage - Points to a caller-allocated buffer or variable
that specifies the request message to send to the port.
--*/
NTSYSAPI
NTSTATUS
NTAPI
NtRequestPort (
IN HANDLE PortHandle,
IN PPORT_MESSAGE RequestMessage
);
NTSYSAPI
NTSTATUS
NTAPI
ZwRequestPort (
IN HANDLE PortHandle,
IN PPORT_MESSAGE RequestMessage
);
/*++
NtRequestWaitReplyPort
======================
Sends a request message to a port and waits for a reply (client side)
PortHandle - A handle to a port object. The handle doesn't need
to grant any specific access.
RequestMessage - Points to a caller-allocated buffer or variable
that specifies the request message to send to the port.
ReplyMessage - Points to a caller-allocated buffer or variable
that receives the reply message sent to the port.
--*/
NTSYSAPI
NTSTATUS
NTAPI
NtRequestWaitReplyPort(
IN HANDLE PortHandle,
IN PPORT_MESSAGE RequestMessage,
OUT PPORT_MESSAGE ReplyMessage
);
NTSYSAPI
NTSTATUS
NTAPI
ZwRequestWaitReplyPort(
IN HANDLE PortHandle,
IN PPORT_MESSAGE RequestMessage,
OUT PPORT_MESSAGE ReplyMessage
);
/*++
NtReplyPort
===========
Sends a reply message to a port (Server side)
PortHandle - A handle to a port object. The handle doesn't need
to grant any specific access.
ReplyMessage - Points to a caller-allocated buffer or variable
that specifies the reply message to send to the port.
--*/
NTSYSAPI
NTSTATUS
NTAPI
NtReplyPort(
IN HANDLE PortHandle,
IN PPORT_MESSAGE ReplyMessage
);
NTSYSAPI
NTSTATUS
NTAPI
ZwReplyPort(
IN HANDLE PortHandle,
IN PPORT_MESSAGE ReplyMessage
);
/*++
NtReplyWaitReplyPort
====================
Sends a reply message to a port and waits for a reply message
PortHandle - A handle to a port object. The handle doesn't need
to grant any specific access.
ReplyMessage - Points to a caller-allocated buffer or variable
that specifies the reply message to send to the port.
--*/
NTSYSAPI
NTSTATUS
NTAPI
NtReplyWaitReplyPort(
IN HANDLE PortHandle,
IN OUT PPORT_MESSAGE ReplyMessage
);
NTSYSAPI
NTSTATUS
NTAPI
ZwReplyWaitReplyPort(
IN HANDLE PortHandle,
IN OUT PPORT_MESSAGE ReplyMessage
);
/*++
NtReplyWaitReceivePort
======================
Optionally sends a reply message to a port and waits for a
message
PortHandle - A handle to a port object. The handle doesn't need
to grant any specific access.
PortContext - Optionally points to a variable that receives
a numeric identifier associated with the port.
ReplyMessage - Optionally points to a caller-allocated buffer
or variable that specifies the reply message to send to the port.
ReceiveMessage - Points to a caller-allocated buffer or variable
that receives the message sent to the port.
--*/
NTSYSAPI
NTSTATUS
NTAPI
NtReplyWaitReceivePort(
IN HANDLE PortHandle,
OUT PVOID *PortContext OPTIONAL,
IN PPORT_MESSAGE ReplyMessage OPTIONAL,
OUT PPORT_MESSAGE ReceiveMessage
);
NTSYSAPI
NTSTATUS
NTAPI
ZwReplyWaitReceivePort(
IN HANDLE PortHandle,
OUT PVOID *PortContext OPTIONAL,
IN PPORT_MESSAGE ReplyMessage OPTIONAL,
OUT PPORT_MESSAGE ReceiveMessage
);
//-----------------------------------------------------------------------------
// Heap functions
#define HEAP_NO_SERIALIZE 0x00000001
#define HEAP_GROWABLE 0x00000002
#define HEAP_GENERATE_EXCEPTIONS 0x00000004
#define HEAP_ZERO_MEMORY 0x00000008
#define HEAP_REALLOC_IN_PLACE_ONLY 0x00000010
#define HEAP_TAIL_CHECKING_ENABLED 0x00000020
#define HEAP_FREE_CHECKING_ENABLED 0x00000040
#define HEAP_DISABLE_COALESCE_ON_FREE 0x00000080
#define HEAP_CREATE_ALIGN_16 0x00010000
#define HEAP_CREATE_ENABLE_TRACING 0x00020000
#define HEAP_MAXIMUM_TAG 0x0FFF
#define HEAP_PSEUDO_TAG_FLAG 0x8000
//
// Data structure for heap definition. This includes various
// sizing parameters and callback routines, which, if left NULL,
// result in default behavior
//
typedef struct RTL_HEAP_PARAMETERS {
ULONG Length; //sizeof(RTL_HEAP_PARAMETERS)
ULONG SegmentReserve;
ULONG SegmentCommit;
ULONG DeCommitFreeBlockThreshold;
ULONG DeCommitTotalFreeThreshold;
ULONG MaximumAllocationSize;
ULONG VirtualMemoryThreshold;
ULONG InitialCommit;
ULONG InitialReserve;
PVOID CommitRoutine;
ULONG Reserved;
} RTL_HEAP_PARAMETERS, *PRTL_HEAP_PARAMETERS;
#define RtlProcessHeap() (HANDLE)(NtCurrentTeb()->ProcessEnvironmentBlock->ProcessHeap)
NTSYSAPI
HANDLE
NTAPI
RtlCreateHeap (
IN ULONG Flags,
IN PVOID BaseAddress OPTIONAL,
IN ULONG SizeToReserve,
IN ULONG SizeToCommit,
IN BOOLEAN Lock OPTIONAL,
IN PRTL_HEAP_PARAMETERS Definition OPTIONAL
);
NTSYSAPI
ULONG
NTAPI
RtlDestroyHeap (
IN HANDLE HeapHandle
);
NTSYSAPI
PVOID
NTAPI
RtlAllocateHeap (
IN HANDLE HeapHandle,
IN ULONG Flags,
IN SIZE_T Size
);
NTSYSAPI
PVOID
NTAPI
RtlReAllocateHeap (
IN HANDLE HeapHandle,
IN ULONG Flags,
IN LPVOID Address,
IN SIZE_T Size
);
NTSYSAPI
BOOLEAN
NTAPI
RtlFreeHeap (
IN HANDLE HeapHandle,
IN ULONG Flags,
IN PVOID Address
);
NTSYSAPI
ULONG
NTAPI
RtlCompactHeap (
IN HANDLE HeapHandle,
IN ULONG Flags
);
NTSYSAPI
BOOLEAN
NTAPI
RtlLockHeap (
IN HANDLE HeapHandle
);
NTSYSAPI
BOOLEAN
NTAPI
RtlUnlockHeap (
IN HANDLE HeapHandle
);
NTSYSAPI
ULONG
NTAPI
RtlSizeHeap (
IN HANDLE HeapHandle,
IN ULONG Flags,
IN PVOID Address
);
NTSYSAPI
BOOLEAN
NTAPI
RtlValidateHeap (
IN HANDLE HeapHandle,
IN ULONG Flags,
IN PVOID Address OPTIONAL
);
//-----------------------------------------------------------------------------
// Virtual memory functions
typedef enum _MEMORY_INFORMATION_CLASS
{
MemoryBasicInformation, // 0x00 MEMORY_BASIC_INFORMATION
MemoryWorkingSetInformation, // 0x01
MemoryMappedFilenameInformation, // 0x02 UNICODE_STRING
MemoryRegionInformation, // 0x03
MemoryWorkingSetExInformation // 0x04
} MEMORY_INFORMATION_CLASS;
NTSYSAPI
NTSTATUS
NTAPI
NtAllocateVirtualMemory (
IN HANDLE ProcessHandle,
IN OUT PVOID *BaseAddress,
IN ULONG ZeroBits,
IN OUT PSIZE_T RegionSize,
IN ULONG AllocationType,
IN ULONG Protect
);
NTSYSAPI
NTSTATUS
NTAPI
ZwAllocateVirtualMemory (
IN HANDLE ProcessHandle,
IN OUT PVOID *BaseAddress,
IN ULONG ZeroBits,
IN OUT PSIZE_T RegionSize,
IN ULONG AllocationType,
IN ULONG Protect
);
NTSYSAPI
NTSTATUS
NTAPI
NtFreeVirtualMemory (
IN HANDLE ProcessHandle,
IN OUT PVOID *BaseAddress,
IN OUT PSIZE_T RegionSize,
IN ULONG FreeType
);
NTSYSAPI
NTSTATUS
NTAPI
ZwFreeVirtualMemory (
IN HANDLE ProcessHandle,
IN OUT PVOID *BaseAddress,
IN OUT PSIZE_T RegionSize,
IN ULONG FreeType
);
NTSYSAPI
NTSTATUS
NTAPI
NtProtectVirtualMemory(
IN HANDLE ProcessHandle,
IN OUT PVOID *BaseAddress,
IN OUT PSIZE_T RegionSize,
IN ULONG NewProtect,
OUT PULONG OldProtect
);
NTSYSAPI
NTSTATUS
NTAPI
ZwProtectVirtualMemory(
IN HANDLE ProcessHandle,
IN OUT PVOID *BaseAddress,
IN OUT PSIZE_T RegionSize,
IN ULONG NewProtect,
OUT PULONG OldProtect
);
NTSYSAPI
NTSTATUS
NTAPI
NtReadVirtualMemory(
IN HANDLE ProcessHandle,
IN PVOID BaseAddress,
OUT PVOID Buffer,
IN ULONG BufferSize,
OUT PULONG NumberOfBytesRead OPTIONAL
);
NTSYSAPI
NTSTATUS
NTAPI
ZwReadVirtualMemory(
IN HANDLE ProcessHandle,
IN PVOID BaseAddress,
OUT PVOID Buffer,
IN ULONG BufferSize,
OUT PULONG NumberOfBytesRead OPTIONAL
);
NTSYSAPI
NTSTATUS
NTAPI
NtWriteVirtualMemory(
IN HANDLE ProcessHandle,
IN PVOID BaseAddress,
IN PVOID Buffer,
IN ULONG BufferSize,
OUT PULONG NumberOfBytesWritten OPTIONAL
);
NTSYSAPI
NTSTATUS
NTAPI
ZwWriteVirtualMemory(
IN HANDLE ProcessHandle,
IN PVOID BaseAddress,
IN PVOID Buffer,
IN ULONG BufferSize,
OUT PULONG NumberOfBytesWritten OPTIONAL
);
NTSYSAPI
NTSTATUS
NTAPI
NtFlushVirtualMemory (
IN HANDLE ProcessHandle,
IN OUT PVOID *BaseAddress,
IN OUT PSIZE_T RegionSize,
OUT PIO_STATUS_BLOCK IoStatus
);
NTSYSAPI
NTSTATUS
NTAPI
ZwFlushVirtualMemory (
IN HANDLE ProcessHandle,
IN OUT PVOID *BaseAddress,
IN OUT PSIZE_T RegionSize,
OUT PIO_STATUS_BLOCK IoStatus
);
NTSYSAPI
NTSTATUS
NTAPI
NtQueryVirtualMemory(
IN HANDLE ProcessHandle,
IN PVOID BaseAddress,
IN MEMORY_INFORMATION_CLASS MemoryInformationClass,
OUT PVOID MemoryInformation,
IN SIZE_T MemoryInformationLength,
OUT PSIZE_T ReturnLength OPTIONAL
);
NTSYSAPI
NTSTATUS
NTAPI
ZwQueryVirtualMemory(
IN HANDLE ProcessHandle,
IN PVOID BaseAddress,
IN MEMORY_INFORMATION_CLASS MemoryInformationClass,
OUT PVOID MemoryInformation,
IN SIZE_T MemoryInformationLength,
OUT PSIZE_T ReturnLength OPTIONAL
);
//-----------------------------------------------------------------------------
// Section functions
typedef enum _SECTION_INHERIT
{
ViewShare = 1,
ViewUnmap = 2
} SECTION_INHERIT;
typedef enum _SECTION_INFORMATION_CLASS
{
SectionBasicInformation,
SectionImageInformation
} SECTION_INFORMATION_CLASS, *PSECTION_INFORMATION_CLASS;
/*++
NtCreateSection
===============
Creates a section object.
SectionHandle - Points to a variable that will receive the section
object handle if the call is successful.
DesiredAccess - Specifies the type of access that the caller requires
to the section object. This parameter can be zero, or any combination
of the following flags:
SECTION_QUERY - Query access
SECTION_MAP_WRITE - Can be written when mapped
SECTION_MAP_READ - Can be read when mapped
SECTION_MAP_EXECUTE - Can be executed when mapped
SECTION_EXTEND_SIZE - Extend access
SECTION_ALL_ACCESS - All of the preceding +
STANDARD_RIGHTS_REQUIRED
ObjectAttributes - Points to a structure that specifies the object�s attributes.
OBJ_OPENLINK is not a valid attribute for a section object.
MaximumSize - Optionally points to a variable that specifies the size,
in bytes, of the section. If FileHandle is zero, the size must be
specified; otherwise, it can be defaulted from the size of the file
referred to by FileHandle.
SectionPageProtection - The protection desired for the pages
of the section when the section is mapped. This parameter can take
one of the following values:
PAGE_READONLY
PAGE_READWRITE
PAGE_WRITECOPY
PAGE_EXECUTE
PAGE_EXECUTE_READ
PAGE_EXECUTE_READWRITE
PAGE_EXECUTE_WRITECOPY
AllocationAttributes - The attributes for the section. This parameter must
be a combination of the following values:
SEC_BASED 0x00200000 // Map section at same address in each process
SEC_NO_CHANGE 0x00400000 // Disable changes to protection of pages
SEC_IMAGE 0x01000000 // Map section as an image
SEC_VLM 0x02000000 // Map section in VLM region
SEC_RESERVE 0x04000000 // Reserve without allocating pagefile storage
SEC_COMMIT 0x08000000 // Commit pages; the default behavior
SEC_NOCACHE 0x10000000 // Mark pages as non-cacheable
FileHandle - Identifies the file from which to create the section object.
The file must be opened with an access mode compatible with the protection
flags specified by the Protect parameter. If FileHandle is zero,
the function creates a section object of the specified size backed
by the paging file rather than by a named file in the file system.
--*/
NTSYSAPI
NTSTATUS
NTAPI
NtCreateSection(
OUT PHANDLE SectionHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
IN PLARGE_INTEGER MaximumSize OPTIONAL,
IN ULONG SectionPageProtection,
IN ULONG AllocationAttributes,
IN HANDLE FileHandle OPTIONAL
);
NTSYSAPI
NTSTATUS
NTAPI
ZwCreateSection(
OUT PHANDLE SectionHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
IN PLARGE_INTEGER MaximumSize OPTIONAL,
IN ULONG SectionPageProtection,
IN ULONG AllocationAttributes,
IN HANDLE FileHandle OPTIONAL
);
NTSYSAPI
NTSTATUS
NTAPI
NtOpenSection (
OUT PHANDLE SectionHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes
);
NTSYSAPI
NTSTATUS
NTAPI
ZwOpenSection (
OUT PHANDLE SectionHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes
);
NTSYSAPI
NTSTATUS
NTAPI
NtMapViewOfSection (
IN HANDLE SectionHandle,
IN HANDLE ProcessHandle,
IN OUT PVOID *BaseAddress,
IN ULONG ZeroBits,
IN ULONG CommitSize,
IN OUT PLARGE_INTEGER SectionOffset OPTIONAL,
IN OUT PULONG ViewSize,
IN SECTION_INHERIT InheritDisposition,
IN ULONG AllocationType,
IN ULONG Protect
);
NTSYSAPI
NTSTATUS
NTAPI
ZwMapViewOfSection (
IN HANDLE SectionHandle,
IN HANDLE ProcessHandle,
IN OUT PVOID *BaseAddress,
IN ULONG ZeroBits,
IN ULONG CommitSize,
IN OUT PLARGE_INTEGER SectionOffset OPTIONAL,
IN OUT PULONG ViewSize,
IN SECTION_INHERIT InheritDisposition,
IN ULONG AllocationType,
IN ULONG Protect
);
NTSYSAPI
NTSTATUS
NTAPI
NtUnmapViewOfSection (
IN HANDLE ProcessHandle,
IN PVOID BaseAddress
);
NTSYSAPI
NTSTATUS
NTAPI
ZwUnmapViewOfSection (
IN HANDLE ProcessHandle,
IN PVOID BaseAddress
);
NTSYSAPI
NTSTATUS
NTAPI
NtExtendSection (
IN HANDLE SectionHandle,
IN OUT PLARGE_INTEGER SectionSize
);
NTSYSAPI
NTSTATUS
NTAPI
ZwExtendSection (
IN HANDLE SectionHandle,
IN OUT PLARGE_INTEGER SectionSize
);
NTSYSAPI
NTSTATUS
NTAPI
NtQuerySection (
IN HANDLE SectionHandle,
IN SECTION_INFORMATION_CLASS SectionInformationClass,
OUT PVOID SectionInformation,
IN ULONG Length,
OUT PULONG ResultLength OPTIONAL
);
NTSYSAPI
NTSTATUS
NTAPI
ZwQuerySection (
IN HANDLE SectionHandle,
IN SECTION_INFORMATION_CLASS SectionInformationClass,
OUT PVOID SectionInformation,
IN ULONG Length,
OUT PULONG ResultLength OPTIONAL
);
//-----------------------------------------------------------------------------
// Synchronization
//
// Wait type
//
typedef enum _WAIT_TYPE {
WaitAll,
WaitAny
} WAIT_TYPE;
NTSYSAPI
NTSTATUS
NTAPI
ZwWaitForSingleObject (
IN HANDLE Handle,
IN BOOLEAN Alertable,
IN PLARGE_INTEGER Timeout OPTIONAL
);
NTSYSAPI
NTSTATUS
NTAPI
NtWaitForMultipleObjects (
IN ULONG Count,
IN HANDLE Handle[],
IN WAIT_TYPE WaitType,
IN BOOLEAN Alertable,
IN PLARGE_INTEGER Timeout OPTIONAL
);
NTSYSAPI
NTSTATUS
NTAPI
ZwWaitForMultipleObjects (
IN ULONG Count,
IN HANDLE Handle[],
IN WAIT_TYPE WaitType,
IN BOOLEAN Alertable,
IN PLARGE_INTEGER Timeout OPTIONAL
);
//-----------------------------------------------------------------------------
// Event support
typedef enum _EVENT_INFORMATION_CLASS {
EventBasicInformation // = 0
} EVENT_INFORMATION_CLASS;
typedef struct _EVENT_BASIC_INFORMATION {
EVENT_TYPE EventType;
LONG EventState;
} EVENT_BASIC_INFORMATION, *PEVENT_BASIC_INFORMATION;
//
// Event handling routines
//
NTSYSAPI
NTSTATUS
NTAPI
NtCreateEvent (
OUT PHANDLE EventHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
IN EVENT_TYPE EventType,
IN BOOLEAN InitialState
);
NTSYSAPI
NTSTATUS
NTAPI
ZwCreateEvent (
OUT PHANDLE EventHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
IN EVENT_TYPE EventType,
IN BOOLEAN InitialState
);
NTSYSAPI
NTSTATUS
NTAPI
NtClearEvent (
IN HANDLE Handle
);
NTSYSAPI
NTSTATUS
NTAPI
ZwClearEvent (
IN HANDLE Handle
);
NTSYSAPI
NTSTATUS
NTAPI
NtPulseEvent (
IN HANDLE Handle,
OUT PLONG PreviousState OPTIONAL
);
NTSYSAPI
NTSTATUS
NTAPI
ZwPulseEvent (
IN HANDLE Handle,
OUT PLONG PreviousState OPTIONAL
);
NTSYSAPI
NTSTATUS
NTAPI
NtResetEvent (
IN HANDLE Handle,
OUT PLONG PreviousState OPTIONAL
);
NTSYSAPI
NTSTATUS
NTAPI
ZwResetEvent (
IN HANDLE Handle,
OUT PLONG PreviousState OPTIONAL
);
NTSYSAPI
NTSTATUS
NTAPI
NtSetEvent (
IN HANDLE Handle,
OUT PLONG PreviousState OPTIONAL
);
NTSYSAPI
NTSTATUS
NTAPI
ZwSetEvent (
IN HANDLE Handle,
OUT PLONG PreviousState OPTIONAL
);
NTSYSAPI
NTSTATUS
NTAPI
NtOpenEvent (
OUT PHANDLE EventHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes
);
NTSYSAPI
NTSTATUS
NTAPI
ZwOpenEvent (
OUT PHANDLE EventHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes
);
NTSYSAPI
NTSTATUS
NTAPI
NtQueryEvent (
IN HANDLE EventHandle,
IN EVENT_INFORMATION_CLASS EventInfoClass,
OUT PVOID EventInfo,
IN ULONG Length,
OUT PULONG ResultLength OPTIONAL
);
NTSYSAPI
NTSTATUS
NTAPI
ZwQueryEvent (
IN HANDLE EventHandle,
IN EVENT_INFORMATION_CLASS EventInfoClass,
OUT PVOID EventInfo,
IN ULONG Length,
OUT PULONG ResultLength OPTIONAL
);
//-----------------------------------------------------------------------------
// Mutant support
NTSYSAPI
NTSTATUS
NTAPI
NtCreateMutant(
OUT PHANDLE MutantHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
IN BOOLEAN InitialOwner
);
NTSYSAPI
NTSTATUS
NTAPI
NtOpenMutant(
OUT PHANDLE MutantHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
);
//-----------------------------------------------------------------------------
// Semaphore support
NTSYSAPI
NTSTATUS
NTAPI
NtCreateSemaphore(
OUT PHANDLE SemaphoreHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
IN ULONG InitialCount,
IN ULONG MaximumCount
);
NTSYSAPI
NTSTATUS
NTAPI
NtOpenSemaphore(
OUT PHANDLE SemaphoreHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
);
//-----------------------------------------------------------------------------
// EventPair support
#define EVENT_PAIR_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE )
NTSYSAPI
NTSTATUS
NTAPI
NtCreateEventPair(
OUT PHANDLE EventPairHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
);
NTSYSAPI
NTSTATUS
NTAPI
NtOpenEventPair(
OUT PHANDLE EventPairHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
);
//-----------------------------------------------------------------------------
// Security descriptor functions
NTSYSAPI
NTSTATUS
NTAPI
RtlCreateSecurityDescriptor (
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN ULONG Revision
);
NTSYSAPI
NTSTATUS
NTAPI
RtlGetDaclSecurityDescriptor(
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
OUT PBOOLEAN DaclPresent,
OUT PACL *Dacl,
OUT PBOOLEAN DaclDefaulted
);
NTSYSAPI
NTSTATUS
NTAPI
RtlSetDaclSecurityDescriptor(
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN BOOLEAN DaclPresent,
IN PACL Dacl OPTIONAL,
IN BOOLEAN DaclDefaulted OPTIONAL
);
NTSYSAPI
NTSTATUS
NTAPI
RtlSetOwnerSecurityDescriptor (
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PSID Owner OPTIONAL,
IN BOOLEAN OwnerDefaulted OPTIONAL
);
NTSYSAPI
NTSTATUS
NTAPI
RtlAllocateAndInitializeSid(
IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
IN UCHAR SubAuthorityCount,
IN ULONG SubAuthority0,
IN ULONG SubAuthority1,
IN ULONG SubAuthority2,
IN ULONG SubAuthority3,
IN ULONG SubAuthority4,
IN ULONG SubAuthority5,
IN ULONG SubAuthority6,
IN ULONG SubAuthority7,
OUT PSID *Sid
);
NTSYSAPI
ULONG
NTAPI
RtlLengthSid (
IN PSID Sid
);
NTSYSAPI
BOOLEAN
NTAPI
RtlEqualSid (
IN PSID Sid1,
IN PSID Sid2
);
NTSYSAPI
PVOID
NTAPI
RtlFreeSid(
IN PSID Sid
);
NTSYSAPI
NTSTATUS
NTAPI
RtlCreateAcl(
IN PACL Acl,
IN ULONG AclLength,
IN ULONG AclRevision
);
NTSYSAPI
NTSTATUS
NTAPI
RtlGetAce(
IN PACL Acl,
IN ULONG AceIndex,
OUT PVOID *Ace
);
NTSYSAPI
NTSTATUS
NTAPI
RtlAddAccessAllowedAce(
IN OUT PACL Acl,
IN ULONG AceRevision,
IN ACCESS_MASK AccessMask,
IN PSID Sid
);
NTSYSAPI
NTSTATUS
NTAPI
RtlAddAccessAllowedAceEx(
IN OUT PACL Acl,
IN ULONG AceRevision,
IN ULONG AceFlags,
IN ULONG AccessMask,
IN PSID Sid
);
//-----------------------------------------------------------------------------
// Token functions
NTSYSAPI
NTSTATUS
NTAPI
NtOpenProcessToken(
IN HANDLE ProcessHandle,
IN ACCESS_MASK DesiredAccess,
OUT PHANDLE TokenHandle
);
NTSYSAPI
NTSTATUS
NTAPI
NtOpenThreadToken(
IN HANDLE ThreadHandle,
IN ACCESS_MASK DesiredAccess,
IN BOOLEAN OpenAsSelf,
OUT PHANDLE TokenHandle
);
NTSYSAPI
NTSTATUS
NTAPI
NtQueryInformationToken(
IN HANDLE TokenHandle,
IN TOKEN_INFORMATION_CLASS TokenInformationClass,
OUT PVOID TokenInformation,
IN ULONG TokenInformationLength,
OUT PULONG ReturnLength
);
NTSYSAPI
NTSTATUS
NTAPI
ZwQueryInformationToken(
IN HANDLE TokenHandle,
IN TOKEN_INFORMATION_CLASS TokenInformationClass,
OUT PVOID TokenInformation,
IN ULONG TokenInformationLength,
OUT PULONG ReturnLength
);
NTSYSAPI
NTSTATUS
NTAPI
NtSetInformationToken(
IN HANDLE TokenHandle,
IN TOKEN_INFORMATION_CLASS TokenInformationClass,
IN PVOID TokenInformation,
IN ULONG TokenInformationLength
);
NTSYSAPI
NTSTATUS
NTAPI
NtAdjustPrivilegesToken(
IN HANDLE TokenHandle,
IN BOOLEAN DisableAllPrivileges,
IN PTOKEN_PRIVILEGES NewState OPTIONAL,
IN ULONG BufferLength OPTIONAL,
IN PTOKEN_PRIVILEGES PreviousState OPTIONAL,
OUT PULONG ReturnLength
);
NTSYSAPI
NTSTATUS
NTAPI
NtDuplicateToken(
IN HANDLE ExistingTokenHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN BOOLEAN EffectiveOnly,
IN TOKEN_TYPE TokenType,
OUT PHANDLE NewTokenHandle
);
NTSYSAPI
NTSTATUS
NTAPI
NtCompareTokens(
IN HANDLE FirstTokenHandle,
IN HANDLE SecondTokenHandle,
OUT PBOOLEAN IdenticalTokens
);
//-----------------------------------------------------------------------------
// Symbolic links
//
// Object Manager Symbolic Link Specific Access Rights.
//
#ifndef SYMBOLIC_LINK_QUERY
#define SYMBOLIC_LINK_QUERY (0x0001)
#define SYMBOLIC_LINK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0x1)
#endif
NTSYSAPI
NTSTATUS
NTAPI
NtCreateSymbolicLinkObject(
OUT PHANDLE SymbolicLinkHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN PUNICODE_STRING DestinationName
);
NTSYSAPI
NTSTATUS
NTAPI
NtOpenSymbolicLinkObject (
OUT PHANDLE SymbolicLinkHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes
);
NTSYSAPI
NTSTATUS
NTAPI
NtQuerySymbolicLinkObject (
IN HANDLE SymbolicLinkHandle,
OUT PUNICODE_STRING NameString,
OUT PULONG ResultLength OPTIONAL
);
//-----------------------------------------------------------------------------
// Loader functions
NTSYSAPI
NTSTATUS
NTAPI
LdrLoadDll(
IN PWSTR DllPath OPTIONAL,
IN PULONG DllCharacteristics OPTIONAL,
IN PUNICODE_STRING DllName,
OUT PVOID *DllHandle
);
NTSYSAPI
NTSTATUS
NTAPI
LdrGetDllHandle(
IN PWSTR DllPath OPTIONAL,
IN PULONG DllCharacteristics OPTIONAL,
IN PUNICODE_STRING DllName,
OUT PVOID * DllHandle
);
NTSYSAPI
NTSTATUS
NTAPI
LdrUnloadDll(
IN PVOID DllHandle
);
NTSYSAPI
NTSTATUS
NTAPI
LdrGetProcedureAddress(
IN PVOID DllHandle,
IN PANSI_STRING ProcedureName OPTIONAL,
IN ULONG ProcedureNumber OPTIONAL,
OUT PVOID *ProcedureAddress
);
//-----------------------------------------------------------------------------
// Driver functions
NTSYSAPI
NTSTATUS
NTAPI
NtLoadDriver(
PUNICODE_STRING DriverServiceName
);
NTSYSAPI
NTSTATUS
NTAPI
ZwLoadDriver(
PUNICODE_STRING DriverServiceName
);
NTSYSAPI
NTSTATUS
NTAPI
NtUnloadDriver(
PUNICODE_STRING DriverServiceName
);
NTSYSAPI
NTSTATUS
NTAPI
ZwUnloadDriver(
PUNICODE_STRING DriverServiceName
);
//-----------------------------------------------------------------------------
// Functions dealing with NTSTATUS and Win32 error
NTSYSAPI
ULONG
NTAPI
RtlNtStatusToDosErrorNoTeb(
NTSTATUS Status
);
NTSYSAPI
NTSTATUS
NTAPI
RtlGetLastNtStatus(
);
NTSYSAPI
ULONG
NTAPI
RtlGetLastWin32Error(
);
NTSYSAPI
VOID
NTAPI
RtlSetLastWin32Error(
ULONG WinError
);
NTSYSAPI
VOID
NTAPI
RtlSetLastWin32ErrorAndNtStatusFromNtStatus(
NTSTATUS Status
);
//-----------------------------------------------------------------------------
// Other functions
NTSYSAPI
NTSTATUS
NTAPI
NtAllocateLocallyUniqueId(
OUT PLUID LocallyUniqueId