2 * Copyright 2004-2005 Ivan Leo Puoti
4 * This library is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU Lesser General Public
6 * License as published by the Free Software Foundation; either
7 * version 2.1 of the License, or (at your option) any later version.
9 * This library is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * Lesser General Public License for more details.
14 * You should have received a copy of the GNU Lesser General Public
15 * License along with this library; if not, write to the Free Software
16 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
26 #define POINTER_ALIGNMENT DECLSPEC_ALIGN(8)
28 #define POINTER_ALIGNMENT
31 typedef ULONG_PTR KSPIN_LOCK
, *PKSPIN_LOCK
;
36 typedef VOID (WINAPI
*PKDEFERRED_ROUTINE
)(struct _KDPC
*, PVOID
, PVOID
, PVOID
);
38 typedef struct _DISPATCHER_HEADER
{
44 LIST_ENTRY WaitListHead
;
45 } DISPATCHER_HEADER
, *PDISPATCHER_HEADER
;
47 typedef struct _KEVENT
{
48 DISPATCHER_HEADER Header
;
49 } KEVENT
, *PKEVENT
, *RESTRICTED_POINTER PRKEVENT
;
51 typedef struct _KDPC
{
55 LIST_ENTRY DpcListEntry
;
56 PKDEFERRED_ROUTINE DeferredRoutine
;
57 PVOID DeferredContext
;
58 PVOID SystemArgument1
;
59 PVOID SystemArgument2
;
61 } KDPC
, *PKDPC
, *RESTRICTED_POINTER PRKDPC
;
63 typedef struct _KDEVICE_QUEUE_ENTRY
{
64 LIST_ENTRY DeviceListEntry
;
67 } KDEVICE_QUEUE_ENTRY
, *PKDEVICE_QUEUE_ENTRY
,
68 *RESTRICTED_POINTER PRKDEVICE_QUEUE_ENTRY
;
70 typedef struct _KDEVICE_QUEUE
{
73 LIST_ENTRY DeviceListHead
;
76 } KDEVICE_QUEUE
, *PKDEVICE_QUEUE
, *RESTRICTED_POINTER PRKDEVICE_QUEUE
;
78 typedef struct _IO_TIMER
*PIO_TIMER
;
79 typedef struct _ETHREAD
*PETHREAD
;
81 #define MAXIMUM_VOLUME_LABEL_LENGTH (32 * sizeof(WCHAR))
87 USHORT VolumeLabelLength
;
88 struct _DEVICE_OBJECT
*DeviceObject
;
89 struct _DEVICE_OBJECT
*RealDevice
;
92 WCHAR VolumeLabel
[MAXIMUM_VOLUME_LABEL_LENGTH
/ sizeof(WCHAR
)];
95 typedef enum _POOL_TYPE
{
98 NonPagedPoolMustSucceed
,
100 NonPagedPoolCacheAligned
,
101 PagedPoolCacheAligned
,
102 NonPagedPoolCacheAlignedMustS
,
106 typedef struct _WAIT_CONTEXT_BLOCK
{
107 KDEVICE_QUEUE_ENTRY WaitQueueEntry
;
108 struct _DRIVER_CONTROL
*DeviceRoutine
;
110 ULONG NumberOfMapRegisters
;
113 PKDPC BufferChainingDpc
;
114 } WAIT_CONTEXT_BLOCK
, *PWAIT_CONTEXT_BLOCK
;
117 #define DEVICE_TYPE ULONG
119 #define IRP_MJ_MAXIMUM_FUNCTION 0x1b
120 #define IRP_MJ_DEVICE_CONTROL 0x0e
122 typedef struct _DEVICE_OBJECT
{
126 struct _DRIVER_OBJECT
*DriverObject
;
127 struct _DEVICE_OBJECT
*NextDevice
;
128 struct _DEVICE_OBJECT
*AttachedDevice
;
129 struct _IRP
*CurrentIrp
;
132 ULONG Characteristics
;
134 PVOID DeviceExtension
;
135 DEVICE_TYPE DeviceType
;
138 LIST_ENTRY ListEntry
;
139 WAIT_CONTEXT_BLOCK Wcb
;
141 ULONG AlignmentRequirement
;
142 KDEVICE_QUEUE DeviceQueue
;
144 ULONG ActiveThreadCount
;
145 PSECURITY_DESCRIPTOR SecurityDescriptor
;
149 struct _DEVOBJ_EXTENSION
*DeviceObjectExtension
;
152 typedef struct _DEVICE_OBJECT
*PDEVICE_OBJECT
;
154 typedef struct _DRIVER_EXTENSION
{
155 struct _DRIVER_OBJECT
*DriverObject
;
158 UNICODE_STRING ServiceKeyName
;
159 } DRIVER_EXTENSION
, *PDRIVER_EXTENSION
;
161 typedef struct _DRIVER_OBJECT
{
164 PDEVICE_OBJECT DeviceObject
;
169 PDRIVER_EXTENSION DriverExtension
;
170 UNICODE_STRING DriverName
;
171 PUNICODE_STRING HardwareDatabase
;
172 PVOID FastIoDispatch
;
176 PVOID MajorFunction
[IRP_MJ_MAXIMUM_FUNCTION
+ 1];
178 typedef struct _DRIVER_OBJECT
*PDRIVER_OBJECT
;
180 /* Irp definitions */
181 typedef UCHAR KIRQL
, *PKIRQL
;
182 typedef CCHAR KPROCESSOR_MODE
;
184 typedef VOID (WINAPI
*PDRIVER_CANCEL
)(
185 IN
struct _DEVICE_OBJECT
*DeviceObject
,
186 IN
struct _IRP
*Irp
);
188 typedef VOID (WINAPI
*PKNORMAL_ROUTINE
)(
189 IN PVOID NormalContext
,
190 IN PVOID SystemArgument1
,
191 IN PVOID SystemArgument2
);
193 typedef VOID (WINAPI
*PKKERNEL_ROUTINE
)(
194 IN
struct _KAPC
*Apc
,
195 IN OUT PKNORMAL_ROUTINE
*NormalRoutine
,
196 IN OUT PVOID
*NormalContext
,
197 IN OUT PVOID
*SystemArgument1
,
198 IN OUT PVOID
*SystemArgument2
);
200 typedef VOID (WINAPI
*PKRUNDOWN_ROUTINE
)(
201 IN
struct _KAPC
*Apc
);
203 typedef struct _KAPC
{
207 struct _KTHREAD
*Thread
;
208 LIST_ENTRY ApcListEntry
;
209 PKKERNEL_ROUTINE KernelRoutine
;
210 PKRUNDOWN_ROUTINE RundownRoutine
;
211 PKNORMAL_ROUTINE NormalRoutine
;
213 PVOID SystemArgument1
;
214 PVOID SystemArgument2
;
216 KPROCESSOR_MODE ApcMode
;
218 } KAPC
, *PKAPC
, *RESTRICTED_POINTER PRKAPC
;
220 #include <pshpack1.h>
221 typedef struct _IRP
{
224 struct _MDL
*MdlAddress
;
227 struct _IRP
*MasterIrp
;
231 LIST_ENTRY ThreadListEntry
;
232 IO_STATUS_BLOCK IoStatus
;
233 KPROCESSOR_MODE RequestorMode
;
234 BOOLEAN PendingReturned
;
236 CHAR CurrentLocation
;
239 CCHAR ApcEnvironment
;
240 UCHAR AllocationFlags
;
241 PIO_STATUS_BLOCK UserIosb
;
245 PIO_APC_ROUTINE UserApcRoutine
;
246 PVOID UserApcContext
;
247 } AsynchronousParameters
;
248 LARGE_INTEGER AllocationSize
;
250 PDRIVER_CANCEL CancelRoutine
;
255 KDEVICE_QUEUE_ENTRY DeviceQueueEntry
;
257 PVOID DriverContext
[4];
261 PCHAR AuxiliaryBuffer
;
263 LIST_ENTRY ListEntry
;
265 struct _IO_STACK_LOCATION
*CurrentStackLocation
;
269 struct _FILE_OBJECT
*OriginalFileObject
;
275 typedef struct _IRP
*PIRP
;
278 /* MDL definitions */
280 typedef VOID (WINAPI
*PINTERFACE_REFERENCE
)(
283 typedef VOID (WINAPI
*PINTERFACE_DEREFERENCE
)(
286 typedef struct _INTERFACE
{
290 PINTERFACE_REFERENCE InterfaceReference
;
291 PINTERFACE_DEREFERENCE InterfaceDereference
;
292 } INTERFACE
, *PINTERFACE
;
294 typedef struct _SECTION_OBJECT_POINTERS
{
295 PVOID DataSectionObject
;
296 PVOID SharedCacheMap
;
297 PVOID ImageSectionObject
;
298 } SECTION_OBJECT_POINTERS
, *PSECTION_OBJECT_POINTERS
;
300 typedef struct _IO_COMPLETION_CONTEXT
{
303 } IO_COMPLETION_CONTEXT
, *PIO_COMPLETION_CONTEXT
;
305 typedef enum _DEVICE_RELATION_TYPE
{
310 TargetDeviceRelation
,
312 } DEVICE_RELATION_TYPE
, *PDEVICE_RELATION_TYPE
;
314 typedef struct _FILE_OBJECT
{
317 PDEVICE_OBJECT DeviceObject
;
321 PSECTION_OBJECT_POINTERS SectionObjectPointer
;
322 PVOID PrivateCacheMap
;
323 NTSTATUS FinalStatus
;
324 struct _FILE_OBJECT
*RelatedFileObject
;
325 BOOLEAN LockOperation
;
326 BOOLEAN DeletePending
;
329 BOOLEAN DeleteAccess
;
332 BOOLEAN SharedDelete
;
334 UNICODE_STRING FileName
;
335 LARGE_INTEGER CurrentByteOffset
;
341 PIO_COMPLETION_CONTEXT CompletionContext
;
343 typedef struct _FILE_OBJECT
*PFILE_OBJECT
;
345 #define INITIAL_PRIVILEGE_COUNT 3
347 typedef struct _INITIAL_PRIVILEGE_SET
{
348 ULONG PrivilegeCount
;
350 LUID_AND_ATTRIBUTES Privilege
[INITIAL_PRIVILEGE_COUNT
];
351 } INITIAL_PRIVILEGE_SET
, * PINITIAL_PRIVILEGE_SET
;
353 typedef struct _SECURITY_SUBJECT_CONTEXT
{
354 PACCESS_TOKEN ClientToken
;
355 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
;
356 PACCESS_TOKEN PrimaryToken
;
357 PVOID ProcessAuditId
;
358 } SECURITY_SUBJECT_CONTEXT
, *PSECURITY_SUBJECT_CONTEXT
;
360 typedef struct _ACCESS_STATE
{
362 BOOLEAN SecurityEvaluated
;
363 BOOLEAN GenerateAudit
;
364 BOOLEAN GenerateOnClose
;
365 BOOLEAN PrivilegesAllocated
;
367 ACCESS_MASK RemainingDesiredAccess
;
368 ACCESS_MASK PreviouslyGrantedAccess
;
369 ACCESS_MASK OriginalDesiredAccess
;
370 SECURITY_SUBJECT_CONTEXT SubjectSecurityContext
;
371 PSECURITY_DESCRIPTOR SecurityDescriptor
;
374 INITIAL_PRIVILEGE_SET InitialPrivilegeSet
;
375 PRIVILEGE_SET PrivilegeSet
;
378 BOOLEAN AuditPrivileges
;
379 UNICODE_STRING ObjectName
;
380 UNICODE_STRING ObjectTypeName
;
381 } ACCESS_STATE
, *PACCESS_STATE
;
383 typedef struct _IO_SECURITY_CONTEXT
{
384 PSECURITY_QUALITY_OF_SERVICE SecurityQos
;
385 PACCESS_STATE AccessState
;
386 ACCESS_MASK DesiredAccess
;
387 ULONG FullCreateOptions
;
388 } IO_SECURITY_CONTEXT
, *PIO_SECURITY_CONTEXT
;
390 typedef struct _DEVICE_CAPABILITIES
{
395 ULONG LockSupported
: 1;
396 ULONG EjectSupported
: 1;
398 ULONG DockDevice
: 1;
400 ULONG SilentInstall
: 1;
401 ULONG RawDeviceOK
: 1;
402 ULONG SurpriseRemovalOK
: 1;
403 ULONG WakeFromD0
: 1;
404 ULONG WakeFromD1
: 1;
405 ULONG WakeFromD2
: 1;
406 ULONG WakeFromD3
: 1;
407 ULONG HardwareDisabled
: 1;
408 ULONG NonDynamic
: 1;
409 ULONG WarmEjectSupported
: 1;
410 ULONG NoDisplayInUI
: 1;
414 DEVICE_POWER_STATE DeviceState
[PowerSystemMaximum
];
415 SYSTEM_POWER_STATE SystemWake
;
416 DEVICE_POWER_STATE DeviceWake
;
420 } DEVICE_CAPABILITIES
, *PDEVICE_CAPABILITIES
;
422 typedef enum _INTERFACE_TYPE
{
423 InterfaceTypeUndefined
= -1,
441 } INTERFACE_TYPE
, *PINTERFACE_TYPE
;
443 typedef LARGE_INTEGER PHYSICAL_ADDRESS
, *PPHYSICAL_ADDRESS
;
445 #define IO_RESOURCE_PREFERRED 0x01
446 #define IO_RESOURCE_DEFAULT 0x02
447 #define IO_RESOURCE_ALTERNATIVE 0x08
449 typedef struct _IO_RESOURCE_DESCRIPTOR
{
452 UCHAR ShareDisposition
;
460 PHYSICAL_ADDRESS MinimumAddress
;
461 PHYSICAL_ADDRESS MaximumAddress
;
466 PHYSICAL_ADDRESS MinimumAddress
;
467 PHYSICAL_ADDRESS MaximumAddress
;
474 ULONG MinimumChannel
;
475 ULONG MaximumChannel
;
480 PHYSICAL_ADDRESS MinimumAddress
;
481 PHYSICAL_ADDRESS MaximumAddress
;
498 } IO_RESOURCE_DESCRIPTOR
, *PIO_RESOURCE_DESCRIPTOR
;
500 typedef struct _IO_RESOURCE_LIST
{
504 IO_RESOURCE_DESCRIPTOR Descriptors
[1];
505 } IO_RESOURCE_LIST
, *PIO_RESOURCE_LIST
;
507 typedef struct _IO_RESOURCE_REQUIREMENTS_LIST
{
509 INTERFACE_TYPE InterfaceType
;
513 ULONG AlternativeLists
;
514 IO_RESOURCE_LIST List
[1];
515 } IO_RESOURCE_REQUIREMENTS_LIST
, *PIO_RESOURCE_REQUIREMENTS_LIST
;
517 typedef enum _BUS_QUERY_ID_TYPE
{
520 BusQueryCompatibleIDs
,
522 BusQueryDeviceSerialNumber
523 } BUS_QUERY_ID_TYPE
, *PBUS_QUERY_ID_TYPE
;
525 typedef enum _DEVICE_TEXT_TYPE
{
526 DeviceTextDescription
,
527 DeviceTextLocationInformation
528 } DEVICE_TEXT_TYPE
, *PDEVICE_TEXT_TYPE
;
530 typedef enum _DEVICE_USAGE_NOTIFICATION_TYPE
{
531 DeviceUsageTypeUndefined
,
532 DeviceUsageTypePaging
,
533 DeviceUsageTypeHibernation
,
534 DeviceUsageTypeDumpFile
535 } DEVICE_USAGE_NOTIFICATION_TYPE
;
537 typedef struct _POWER_SEQUENCE
{
541 } POWER_SEQUENCE
, *PPOWER_SEQUENCE
;
543 typedef enum _POWER_STATE_TYPE
{
546 } POWER_STATE_TYPE
, *PPOWER_STATE_TYPE
;
548 typedef union _POWER_STATE
{
549 SYSTEM_POWER_STATE SystemState
;
550 DEVICE_POWER_STATE DeviceState
;
551 } POWER_STATE
, *PPOWER_STATE
;
553 typedef struct _CM_PARTIAL_RESOURCE_DESCRIPTOR
{
555 UCHAR ShareDisposition
;
559 PHYSICAL_ADDRESS Start
;
563 PHYSICAL_ADDRESS Start
;
572 PHYSICAL_ADDRESS Start
;
592 } DeviceSpecificData
;
594 } CM_PARTIAL_RESOURCE_DESCRIPTOR
, *PCM_PARTIAL_RESOURCE_DESCRIPTOR
;
596 typedef struct _CM_PARTIAL_RESOURCE_LIST
{
600 CM_PARTIAL_RESOURCE_DESCRIPTOR PartialDescriptors
[1];
601 } CM_PARTIAL_RESOURCE_LIST
, *PCM_PARTIAL_RESOURCE_LIST
;
603 typedef struct _CM_FULL_RESOURCE_DESCRIPTOR
{
604 INTERFACE_TYPE InterfaceType
;
606 CM_PARTIAL_RESOURCE_LIST PartialResourceList
;
607 } CM_FULL_RESOURCE_DESCRIPTOR
, *PCM_FULL_RESOURCE_DESCRIPTOR
;
609 typedef struct _CM_RESOURCE_LIST
{
611 CM_FULL_RESOURCE_DESCRIPTOR List
[1];
612 } CM_RESOURCE_LIST
, *PCM_RESOURCE_LIST
;
614 typedef NTSTATUS (WINAPI
*PIO_COMPLETION_ROUTINE
)(
615 IN
struct _DEVICE_OBJECT
*DeviceObject
,
619 #include <pshpack1.h>
620 typedef struct _IO_STACK_LOCATION
{
627 PIO_SECURITY_CONTEXT SecurityContext
;
629 USHORT POINTER_ALIGNMENT FileAttributes
;
631 ULONG POINTER_ALIGNMENT EaLength
;
635 ULONG POINTER_ALIGNMENT Key
;
636 LARGE_INTEGER ByteOffset
;
640 ULONG POINTER_ALIGNMENT Key
;
641 LARGE_INTEGER ByteOffset
;
645 FILE_INFORMATION_CLASS POINTER_ALIGNMENT FileInformationClass
;
649 FILE_INFORMATION_CLASS POINTER_ALIGNMENT FileInformationClass
;
650 PFILE_OBJECT FileObject
;
653 BOOLEAN ReplaceIfExists
;
662 FS_INFORMATION_CLASS POINTER_ALIGNMENT FsInformationClass
;
665 ULONG OutputBufferLength
;
666 ULONG POINTER_ALIGNMENT InputBufferLength
;
667 ULONG POINTER_ALIGNMENT IoControlCode
;
668 PVOID Type3InputBuffer
;
671 SECURITY_INFORMATION SecurityInformation
;
672 ULONG POINTER_ALIGNMENT Length
;
675 SECURITY_INFORMATION SecurityInformation
;
676 PSECURITY_DESCRIPTOR SecurityDescriptor
;
680 PDEVICE_OBJECT DeviceObject
;
684 PDEVICE_OBJECT DeviceObject
;
687 struct _SCSI_REQUEST_BLOCK
*Srb
;
690 DEVICE_RELATION_TYPE Type
;
691 } QueryDeviceRelations
;
693 CONST GUID
*InterfaceType
;
696 PINTERFACE Interface
;
697 PVOID InterfaceSpecificData
;
700 PDEVICE_CAPABILITIES Capabilities
;
701 } DeviceCapabilities
;
703 PIO_RESOURCE_REQUIREMENTS_LIST IoResourceRequirementList
;
704 } FilterResourceRequirements
;
709 ULONG POINTER_ALIGNMENT Length
;
715 BUS_QUERY_ID_TYPE IdType
;
718 DEVICE_TEXT_TYPE DeviceTextType
;
719 LCID POINTER_ALIGNMENT LocaleId
;
724 DEVICE_USAGE_NOTIFICATION_TYPE POINTER_ALIGNMENT Type
;
727 SYSTEM_POWER_STATE PowerState
;
730 PPOWER_SEQUENCE PowerSequence
;
734 POWER_STATE_TYPE POINTER_ALIGNMENT Type
;
735 POWER_STATE POINTER_ALIGNMENT State
;
736 POWER_ACTION POINTER_ALIGNMENT ShutdownType
;
739 PCM_RESOURCE_LIST AllocatedResources
;
740 PCM_RESOURCE_LIST AllocatedResourcesTranslated
;
743 ULONG_PTR ProviderId
;
755 PDEVICE_OBJECT DeviceObject
;
756 PFILE_OBJECT FileObject
;
757 PIO_COMPLETION_ROUTINE CompletionRoutine
;
759 } IO_STACK_LOCATION
, *PIO_STACK_LOCATION
;
762 typedef struct _MDL
{
766 struct _EPROCESS
*Process
;
767 PVOID MappedSystemVa
;
773 typedef NTSTATUS (WINAPI
*PDRIVER_DISPATCH
)(
774 IN
struct _DEVICE_OBJECT
*DeviceObject
,
775 IN
struct _IRP
*Irp
);
777 typedef struct _KSYSTEM_TIME
{
781 } KSYSTEM_TIME
, *PKSYSTEM_TIME
;
783 typedef enum _NT_PRODUCT_TYPE
{
787 } NT_PRODUCT_TYPE
, *PNT_PRODUCT_TYPE
;
789 #define PROCESSOR_FEATURE_MAX 64
791 typedef enum _ALTERNATIVE_ARCHITECTURE_TYPE
796 } ALTERNATIVE_ARCHITECTURE_TYPE
;
798 typedef struct _KUSER_SHARED_DATA
{
799 ULONG TickCountLowDeprecated
;
800 ULONG TickCountMultiplier
;
801 volatile KSYSTEM_TIME InterruptTime
;
802 volatile KSYSTEM_TIME SystemTime
;
803 volatile KSYSTEM_TIME TimeZoneBias
;
804 USHORT ImageNumberLow
;
805 USHORT ImageNumberHigh
;
806 WCHAR NtSystemRoot
[260];
807 ULONG MaxStckTraceDepth
;
808 ULONG CryptoExponent
;
810 ULONG LargePageMinimum
;
812 NT_PRODUCT_TYPE NtProductType
;
813 BOOLEAN ProductTypeIsValid
;
814 ULONG MajorNtVersion
;
815 ULONG MinorNtVersion
;
816 BOOLEAN ProcessorFeatures
[PROCESSOR_FEATURE_MAX
];
819 volatile ULONG TimeSlip
;
820 ALTERNATIVE_ARCHITECTURE_TYPE AlternativeArchitecture
;
821 LARGE_INTEGER SystemExpirationDate
;
823 BOOLEAN KdDebuggerEnabled
;
824 volatile ULONG ActiveConsoleId
;
825 volatile ULONG DismountCount
;
826 ULONG ComPlusPackage
;
827 ULONG LastSystemRITEventTickCount
;
828 ULONG NumberOfPhysicalPages
;
829 BOOLEAN SafeBootMode
;
832 ULONGLONG SystemCall
[4];
834 volatile KSYSTEM_TIME TickCount
;
835 volatile ULONG64 TickCountQuad
;
837 } KSHARED_USER_DATA
, *PKSHARED_USER_DATA
;
839 NTSTATUS WINAPI
ObCloseHandle(IN HANDLE handle
);
841 #define IoGetCurrentIrpStackLocation(_Irp) ((_Irp)->Tail.Overlay.CurrentStackLocation)
846 /* directory object access rights */
847 #define DIRECTORY_QUERY 0x0001
848 #define DIRECTORY_TRAVERSE 0x0002
849 #define DIRECTORY_CREATE_OBJECT 0x0004
850 #define DIRECTORY_CREATE_SUBDIRECTORY 0x0008
851 #define DIRECTORY_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0xF)
853 /* symbolic link access rights */
854 #define SYMBOLIC_LINK_QUERY 0x0001
855 #define SYMBOLIC_LINK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0x1)
857 /* Zw function prototypes */
858 NTSTATUS WINAPI
ZwAddBootEntry(PUNICODE_STRING
,PUNICODE_STRING
);
859 NTSTATUS WINAPI
ZwAccessCheckAndAuditAlarm(PUNICODE_STRING
,HANDLE
,PUNICODE_STRING
,PUNICODE_STRING
,PSECURITY_DESCRIPTOR
,ACCESS_MASK
,PGENERIC_MAPPING
,BOOLEAN
,PACCESS_MASK
,PBOOLEAN
,PBOOLEAN
);
860 NTSTATUS WINAPI
ZwAdjustPrivilegesToken(HANDLE
,BOOLEAN
,PTOKEN_PRIVILEGES
,DWORD
,PTOKEN_PRIVILEGES
,PDWORD
);
861 NTSTATUS WINAPI
ZwAlertThread(HANDLE ThreadHandle
);
862 NTSTATUS WINAPI
ZwAllocateVirtualMemory(HANDLE
,PVOID
*,ULONG
,SIZE_T
*,ULONG
,ULONG
);
863 NTSTATUS WINAPI
ZwCancelIoFile(HANDLE
,PIO_STATUS_BLOCK
);
864 NTSTATUS WINAPI
ZwCancelTimer(HANDLE
, BOOLEAN
*);
865 NTSTATUS WINAPI
ZwClearEvent(HANDLE
);
866 NTSTATUS WINAPI
ZwClose(HANDLE
);
867 NTSTATUS WINAPI
ZwCloseObjectAuditAlarm(PUNICODE_STRING
,HANDLE
,BOOLEAN
);
868 NTSTATUS WINAPI
ZwConnectPort(PHANDLE
,PUNICODE_STRING
,PSECURITY_QUALITY_OF_SERVICE
,PLPC_SECTION_WRITE
,PLPC_SECTION_READ
,PULONG
,PVOID
,PULONG
);
869 NTSTATUS WINAPI
ZwCreateDirectoryObject(PHANDLE
,ACCESS_MASK
,POBJECT_ATTRIBUTES
);
870 NTSTATUS WINAPI
ZwCreateEvent(PHANDLE
,ACCESS_MASK
,const OBJECT_ATTRIBUTES
*,BOOLEAN
,BOOLEAN
);
871 NTSTATUS WINAPI
ZwCreateFile(PHANDLE
,ACCESS_MASK
,POBJECT_ATTRIBUTES
,PIO_STATUS_BLOCK
,PLARGE_INTEGER
,ULONG
,ULONG
,ULONG
,ULONG
,PVOID
,ULONG
);
872 NTSTATUS WINAPI
ZwCreateKey(PHANDLE
,ACCESS_MASK
,const OBJECT_ATTRIBUTES
*,ULONG
,const UNICODE_STRING
*,ULONG
,PULONG
);
873 NTSTATUS WINAPI
ZwCreateSection(HANDLE
*,ACCESS_MASK
,const OBJECT_ATTRIBUTES
*,const LARGE_INTEGER
*,ULONG
,ULONG
,HANDLE
);
874 NTSTATUS WINAPI
ZwCreateSymbolicLinkObject(PHANDLE
,ACCESS_MASK
,POBJECT_ATTRIBUTES
,PUNICODE_STRING
);
875 NTSTATUS WINAPI
ZwCreateTimer(HANDLE
*, ACCESS_MASK
, const OBJECT_ATTRIBUTES
*, TIMER_TYPE
);
876 NTSTATUS WINAPI
ZwDeleteAtom(RTL_ATOM
);
877 NTSTATUS WINAPI
ZwDeleteFile(POBJECT_ATTRIBUTES
);
878 NTSTATUS WINAPI
ZwDeleteKey(HANDLE
);
879 NTSTATUS WINAPI
ZwDeleteValueKey(HANDLE
,const UNICODE_STRING
*);
880 NTSTATUS WINAPI
ZwDeviceIoControlFile(HANDLE
,HANDLE
,PIO_APC_ROUTINE
,PVOID
,PIO_STATUS_BLOCK
,ULONG
,PVOID
,ULONG
,PVOID
,ULONG
);
881 NTSTATUS WINAPI
ZwDisplayString(PUNICODE_STRING
);
882 NTSTATUS WINAPI
ZwDuplicateObject(HANDLE
,HANDLE
,HANDLE
,PHANDLE
,ACCESS_MASK
,ULONG
,ULONG
);
883 NTSTATUS WINAPI
ZwDuplicateToken(HANDLE
,ACCESS_MASK
,POBJECT_ATTRIBUTES
,SECURITY_IMPERSONATION_LEVEL
,TOKEN_TYPE
,PHANDLE
);
884 NTSTATUS WINAPI
ZwEnumerateKey(HANDLE
,ULONG
,KEY_INFORMATION_CLASS
,void *,DWORD
,DWORD
*);
885 NTSTATUS WINAPI
ZwEnumerateValueKey(HANDLE
,ULONG
,KEY_VALUE_INFORMATION_CLASS
,PVOID
,ULONG
,PULONG
);
886 NTSTATUS WINAPI
ZwFlushInstructionCache(HANDLE
,LPCVOID
,SIZE_T
);
887 NTSTATUS WINAPI
ZwFlushKey(HANDLE
);
888 NTSTATUS WINAPI
ZwFlushVirtualMemory(HANDLE
,LPCVOID
*,SIZE_T
*,ULONG
);
889 NTSTATUS WINAPI
ZwFreeVirtualMemory(HANDLE
,PVOID
*,SIZE_T
*,ULONG
);
890 NTSTATUS WINAPI
ZwFsControlFile(HANDLE
,HANDLE
,PIO_APC_ROUTINE
,PVOID
,PIO_STATUS_BLOCK
,ULONG
,PVOID
,ULONG
,PVOID
,ULONG
);
891 NTSTATUS WINAPI
ZwInitiatePowerAction(POWER_ACTION
,SYSTEM_POWER_STATE
,ULONG
,BOOLEAN
);
892 NTSTATUS WINAPI
ZwLoadDriver(const UNICODE_STRING
*);
893 NTSTATUS WINAPI
ZwLoadKey(const OBJECT_ATTRIBUTES
*,OBJECT_ATTRIBUTES
*);
894 NTSTATUS WINAPI
ZwLockVirtualMemory(HANDLE
,PVOID
*,SIZE_T
*,ULONG
);
895 NTSTATUS WINAPI
ZwMakeTemporaryObject(HANDLE
);
896 NTSTATUS WINAPI
ZwMapViewOfSection(HANDLE
,HANDLE
,PVOID
*,ULONG
,SIZE_T
,const LARGE_INTEGER
*,SIZE_T
*,SECTION_INHERIT
,ULONG
,ULONG
);
897 NTSTATUS WINAPI
ZwNotifyChangeKey(HANDLE
,HANDLE
,PIO_APC_ROUTINE
,PVOID
,PIO_STATUS_BLOCK
,ULONG
,BOOLEAN
,PVOID
,ULONG
,BOOLEAN
);
898 NTSTATUS WINAPI
ZwOpenDirectoryObject(PHANDLE
,ACCESS_MASK
,POBJECT_ATTRIBUTES
);
899 NTSTATUS WINAPI
ZwOpenEvent(PHANDLE
,ACCESS_MASK
,const OBJECT_ATTRIBUTES
*);
900 NTSTATUS WINAPI
ZwOpenFile(PHANDLE
,ACCESS_MASK
,POBJECT_ATTRIBUTES
,PIO_STATUS_BLOCK
,ULONG
,ULONG
);
901 NTSTATUS WINAPI
ZwOpenKey(PHANDLE
,ACCESS_MASK
,const OBJECT_ATTRIBUTES
*);
902 NTSTATUS WINAPI
ZwOpenProcess(PHANDLE
,ACCESS_MASK
,const OBJECT_ATTRIBUTES
*,const CLIENT_ID
*);
903 NTSTATUS WINAPI
ZwOpenProcessToken(HANDLE
,DWORD
,HANDLE
*);
904 NTSTATUS WINAPI
ZwOpenSection(HANDLE
*,ACCESS_MASK
,const OBJECT_ATTRIBUTES
*);
905 NTSTATUS WINAPI
ZwOpenSymbolicLinkObject(PHANDLE
,ACCESS_MASK
,POBJECT_ATTRIBUTES
);
906 NTSTATUS WINAPI
ZwOpenThread(HANDLE
*,ACCESS_MASK
,const OBJECT_ATTRIBUTES
*,const CLIENT_ID
*);
907 NTSTATUS WINAPI
ZwOpenThreadToken(HANDLE
,DWORD
,BOOLEAN
,HANDLE
*);
908 NTSTATUS WINAPI
ZwOpenTimer(HANDLE
*, ACCESS_MASK
, const OBJECT_ATTRIBUTES
*);
909 NTSTATUS WINAPI
ZwPowerInformation(POWER_INFORMATION_LEVEL
,PVOID
,ULONG
,PVOID
,ULONG
);
910 NTSTATUS WINAPI
ZwPulseEvent(HANDLE
,PULONG
);
911 NTSTATUS WINAPI
ZwQueryDefaultLocale(BOOLEAN
,LCID
*);
912 NTSTATUS WINAPI
ZwQueryDefaultUILanguage(LANGID
*);
913 NTSTATUS WINAPI
ZwQueryDirectoryFile(HANDLE
,HANDLE
,PIO_APC_ROUTINE
,PVOID
,PIO_STATUS_BLOCK
,PVOID
,ULONG
,FILE_INFORMATION_CLASS
,BOOLEAN
,PUNICODE_STRING
,BOOLEAN
);
914 NTSTATUS WINAPI
ZwQueryDirectoryObject(HANDLE
,PDIRECTORY_BASIC_INFORMATION
,ULONG
,BOOLEAN
,BOOLEAN
,PULONG
,PULONG
);
915 NTSTATUS WINAPI
ZwQueryEaFile(HANDLE
,PIO_STATUS_BLOCK
,PVOID
,ULONG
,BOOLEAN
,PVOID
,ULONG
,PVOID
,BOOLEAN
);
916 NTSTATUS WINAPI
ZwQueryFullAttributesFile(const OBJECT_ATTRIBUTES
*,FILE_NETWORK_OPEN_INFORMATION
*);
917 NTSTATUS WINAPI
ZwQueryInformationFile(HANDLE
,PIO_STATUS_BLOCK
,PVOID
,LONG
,FILE_INFORMATION_CLASS
);
918 NTSTATUS WINAPI
ZwQueryInformationThread(HANDLE
,THREADINFOCLASS
,PVOID
,ULONG
,PULONG
);
919 NTSTATUS WINAPI
ZwQueryInformationToken(HANDLE
,DWORD
,LPVOID
,DWORD
,LPDWORD
);
920 NTSTATUS WINAPI
ZwQueryInstallUILanguage(LANGID
*);
921 NTSTATUS WINAPI
ZwQueryKey(HANDLE
,KEY_INFORMATION_CLASS
,void *,DWORD
,DWORD
*);
922 NTSTATUS WINAPI
ZwQueryObject(HANDLE
, OBJECT_INFORMATION_CLASS
, PVOID
, ULONG
, PULONG
);
923 NTSTATUS WINAPI
ZwQuerySecurityObject(HANDLE
,SECURITY_INFORMATION
,PSECURITY_DESCRIPTOR
,ULONG
,PULONG
);
924 NTSTATUS WINAPI
ZwQuerySection(HANDLE
,SECTION_INFORMATION_CLASS
,PVOID
,ULONG
,PULONG
);
925 NTSTATUS WINAPI
ZwQuerySymbolicLinkObject(HANDLE
,PUNICODE_STRING
,PULONG
);
926 NTSTATUS WINAPI
ZwQuerySystemInformation(SYSTEM_INFORMATION_CLASS
,PVOID
,ULONG
,PULONG
);
927 NTSTATUS WINAPI
ZwQueryTimerResolution(PULONG
,PULONG
,PULONG
);
928 NTSTATUS WINAPI
ZwQueryValueKey(HANDLE
,const UNICODE_STRING
*,KEY_VALUE_INFORMATION_CLASS
,void *,DWORD
,DWORD
*);
929 NTSTATUS WINAPI
ZwQueryVolumeInformationFile(HANDLE
,PIO_STATUS_BLOCK
,PVOID
,ULONG
,FS_INFORMATION_CLASS
);
930 NTSTATUS WINAPI
ZwReadFile(HANDLE
,HANDLE
,PIO_APC_ROUTINE
,PVOID
,PIO_STATUS_BLOCK
,PVOID
,ULONG
,PLARGE_INTEGER
,PULONG
);
931 NTSTATUS WINAPI
ZwReplaceKey(POBJECT_ATTRIBUTES
,HANDLE
,POBJECT_ATTRIBUTES
);
932 NTSTATUS WINAPI
ZwRequestWaitReplyPort(HANDLE
,PLPC_MESSAGE
,PLPC_MESSAGE
);
933 NTSTATUS WINAPI
ZwResetEvent(HANDLE
,PULONG
);
934 NTSTATUS WINAPI
ZwRestoreKey(HANDLE
,HANDLE
,ULONG
);
935 NTSTATUS WINAPI
ZwSaveKey(HANDLE
,HANDLE
);
936 NTSTATUS WINAPI
ZwSecureConnectPort(PHANDLE
,PUNICODE_STRING
,PSECURITY_QUALITY_OF_SERVICE
,PLPC_SECTION_WRITE
,PSID
,PLPC_SECTION_READ
,PULONG
,PVOID
,PULONG
);
937 NTSTATUS WINAPI
ZwSetDefaultLocale(BOOLEAN
,LCID
);
938 NTSTATUS WINAPI
ZwSetDefaultUILanguage(LANGID
);
939 NTSTATUS WINAPI
ZwSetEaFile(HANDLE
,PIO_STATUS_BLOCK
,PVOID
,ULONG
);
940 NTSTATUS WINAPI
ZwSetEvent(HANDLE
,PULONG
);
941 NTSTATUS WINAPI
ZwSetInformationFile(HANDLE
,PIO_STATUS_BLOCK
,PVOID
,ULONG
,FILE_INFORMATION_CLASS
);
942 NTSTATUS WINAPI
ZwSetInformationKey(HANDLE
,const int,PVOID
,ULONG
);
943 NTSTATUS WINAPI
ZwSetInformationObject(HANDLE
, OBJECT_INFORMATION_CLASS
, PVOID
, ULONG
);
944 NTSTATUS WINAPI
ZwSetInformationProcess(HANDLE
,PROCESS_INFORMATION_CLASS
,PVOID
,ULONG
);
945 NTSTATUS WINAPI
ZwSetInformationThread(HANDLE
,THREADINFOCLASS
,LPCVOID
,ULONG
);
946 NTSTATUS WINAPI
ZwSetIoCompletion(HANDLE
,ULONG
,ULONG
,NTSTATUS
,ULONG
);
947 NTSTATUS WINAPI
ZwSetSecurityObject(HANDLE
,SECURITY_INFORMATION
,PSECURITY_DESCRIPTOR
);
948 NTSTATUS WINAPI
ZwSetSystemInformation(SYSTEM_INFORMATION_CLASS
,PVOID
,ULONG
);
949 NTSTATUS WINAPI
ZwSetSystemTime(const LARGE_INTEGER
*,LARGE_INTEGER
*);
950 NTSTATUS WINAPI
ZwSetTimer(HANDLE
, const LARGE_INTEGER
*, PTIMER_APC_ROUTINE
, PVOID
, BOOLEAN
, ULONG
, BOOLEAN
*);
951 NTSTATUS WINAPI
ZwSetValueKey(HANDLE
,const UNICODE_STRING
*,ULONG
,ULONG
,const void *,ULONG
);
952 NTSTATUS WINAPI
ZwSetVolumeInformationFile(HANDLE
,PIO_STATUS_BLOCK
,PVOID
,ULONG
,FS_INFORMATION_CLASS
);
953 NTSTATUS WINAPI
ZwSuspendThread(HANDLE
,PULONG
);
954 NTSTATUS WINAPI
ZwTerminateProcess(HANDLE
,LONG
);
955 NTSTATUS WINAPI
ZwUnloadDriver(const UNICODE_STRING
*);
956 NTSTATUS WINAPI
ZwUnloadKey(HANDLE
);
957 NTSTATUS WINAPI
ZwUnmapViewOfSection(HANDLE
,PVOID
);
958 NTSTATUS WINAPI
ZwWaitForSingleObject(HANDLE
,BOOLEAN
,const LARGE_INTEGER
*);
959 NTSTATUS WINAPI
ZwWaitForMultipleObjects(ULONG
,const HANDLE
*,BOOLEAN
,BOOLEAN
,const LARGE_INTEGER
*);
960 NTSTATUS WINAPI
ZwWriteFile(HANDLE
,HANDLE
,PIO_APC_ROUTINE
,PVOID
,PIO_STATUS_BLOCK
,const void*,ULONG
,PLARGE_INTEGER
,PULONG
);
961 NTSTATUS WINAPI
ZwYieldExecution(void);