2006-05-10 17:47:44 +00:00
|
|
|
/*++ NDK Version: 0098
|
2005-11-22 04:57:45 +00:00
|
|
|
|
|
|
|
|
Copyright (c) Alex Ionescu. All rights reserved.
|
|
|
|
|
|
|
|
|
|
Header Name:
|
|
|
|
|
|
|
|
|
|
psfuncs.h
|
|
|
|
|
|
|
|
|
|
Abstract:
|
|
|
|
|
|
|
|
|
|
Function definitions for the Process Manager
|
|
|
|
|
|
|
|
|
|
Author:
|
|
|
|
|
|
2006-05-10 17:47:44 +00:00
|
|
|
Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006
|
2005-11-22 04:57:45 +00:00
|
|
|
|
|
|
|
|
--*/
|
|
|
|
|
|
2005-06-18 23:33:40 +00:00
|
|
|
#ifndef _PSFUNCS_H
|
|
|
|
|
#define _PSFUNCS_H
|
|
|
|
|
|
2005-11-22 04:57:45 +00:00
|
|
|
//
|
|
|
|
|
// Dependencies
|
|
|
|
|
//
|
2005-11-25 00:17:40 +00:00
|
|
|
#include <umtypes.h>
|
|
|
|
|
#include <pstypes.h>
|
|
|
|
|
|
2008-06-16 09:20:47 +00:00
|
|
|
#ifdef __cplusplus
|
|
|
|
|
extern "C" {
|
|
|
|
|
#endif
|
|
|
|
|
|
2005-11-25 00:17:40 +00:00
|
|
|
#ifndef NTOS_MODE_USER
|
2005-06-18 23:33:40 +00:00
|
|
|
|
2005-11-22 04:57:45 +00:00
|
|
|
//
|
|
|
|
|
// Win32K Process/Thread Functions
|
|
|
|
|
//
|
2006-11-15 20:24:55 +00:00
|
|
|
NTKERNELAPI
|
2008-10-16 17:21:08 +00:00
|
|
|
PVOID
|
2005-11-22 04:57:45 +00:00
|
|
|
NTAPI
|
2006-07-20 14:53:47 +00:00
|
|
|
PsGetCurrentThreadWin32Thread(
|
2005-11-22 04:57:45 +00:00
|
|
|
VOID
|
|
|
|
|
);
|
2005-08-10 18:09:44 +00:00
|
|
|
|
2006-11-15 20:24:55 +00:00
|
|
|
NTKERNELAPI
|
2008-10-18 20:34:36 +00:00
|
|
|
PVOID
|
2005-11-22 04:57:45 +00:00
|
|
|
NTAPI
|
2006-07-20 14:53:47 +00:00
|
|
|
PsGetCurrentProcessWin32Process(
|
2005-11-22 04:57:45 +00:00
|
|
|
VOID
|
|
|
|
|
);
|
2005-08-10 18:09:44 +00:00
|
|
|
|
2006-11-15 20:24:55 +00:00
|
|
|
NTKERNELAPI
|
2005-06-26 16:06:32 +00:00
|
|
|
PVOID
|
2005-09-05 04:48:20 +00:00
|
|
|
NTAPI
|
2005-11-22 04:57:45 +00:00
|
|
|
PsGetProcessWin32Process(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ PEPROCESS Process
|
2005-11-22 04:57:45 +00:00
|
|
|
);
|
2005-06-26 16:06:32 +00:00
|
|
|
|
2006-11-15 20:24:55 +00:00
|
|
|
NTKERNELAPI
|
2013-11-11 18:52:59 +00:00
|
|
|
NTSTATUS
|
2005-09-05 04:48:20 +00:00
|
|
|
NTAPI
|
2005-06-26 16:06:32 +00:00
|
|
|
PsSetProcessWin32Process(
|
2013-01-13 14:49:21 +00:00
|
|
|
_Inout_ PEPROCESS Process,
|
2013-11-11 18:52:59 +00:00
|
|
|
_In_opt_ PVOID Win32Process,
|
|
|
|
|
_In_opt_ PVOID OldWin32Process
|
2005-06-26 16:06:32 +00:00
|
|
|
);
|
|
|
|
|
|
2006-11-15 20:24:55 +00:00
|
|
|
NTKERNELAPI
|
2013-11-11 18:52:59 +00:00
|
|
|
PVOID
|
2005-09-05 04:48:20 +00:00
|
|
|
NTAPI
|
2005-06-26 16:06:32 +00:00
|
|
|
PsSetThreadWin32Thread(
|
2013-01-13 14:49:21 +00:00
|
|
|
_Inout_ PETHREAD Thread,
|
2015-03-10 00:12:41 +00:00
|
|
|
_In_opt_ PVOID Win32Thread,
|
|
|
|
|
_In_opt_ PVOID OldWin32Thread
|
2005-06-26 16:06:32 +00:00
|
|
|
);
|
|
|
|
|
|
2006-11-15 20:24:55 +00:00
|
|
|
NTKERNELAPI
|
2005-06-26 16:06:32 +00:00
|
|
|
PVOID
|
2005-09-05 04:48:20 +00:00
|
|
|
NTAPI
|
2005-11-22 04:57:45 +00:00
|
|
|
PsGetThreadWin32Thread(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ PETHREAD Thread
|
2005-06-18 23:33:40 +00:00
|
|
|
);
|
|
|
|
|
|
2011-04-29 17:50:30 +00:00
|
|
|
NTKERNELAPI
|
|
|
|
|
PVOID
|
|
|
|
|
NTAPI
|
|
|
|
|
PsGetProcessWin32WindowStation(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ PEPROCESS Process
|
2011-04-29 17:50:30 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
|
|
NTKERNELAPI
|
|
|
|
|
VOID
|
|
|
|
|
NTAPI
|
|
|
|
|
PsSetProcessWindowStation(
|
2013-01-13 14:49:21 +00:00
|
|
|
_Inout_ PEPROCESS Process,
|
2015-03-10 00:12:41 +00:00
|
|
|
_In_opt_ PVOID WindowStation
|
2011-04-29 17:50:30 +00:00
|
|
|
);
|
|
|
|
|
|
2008-09-27 16:24:50 +00:00
|
|
|
NTKERNELAPI
|
|
|
|
|
PTEB
|
|
|
|
|
NTAPI
|
|
|
|
|
PsGetThreadTeb(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ PETHREAD Thread
|
2008-09-27 16:24:50 +00:00
|
|
|
);
|
|
|
|
|
|
2009-08-06 11:16:42 +00:00
|
|
|
NTKERNELAPI
|
|
|
|
|
HANDLE
|
|
|
|
|
NTAPI
|
|
|
|
|
PsGetThreadId(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ PETHREAD Thread
|
2009-08-06 11:16:42 +00:00
|
|
|
);
|
|
|
|
|
|
2014-06-29 17:54:59 +00:00
|
|
|
NTKERNELAPI
|
|
|
|
|
PEPROCESS
|
|
|
|
|
NTAPI
|
|
|
|
|
PsGetThreadProcess(
|
|
|
|
|
_In_ PETHREAD Thread
|
|
|
|
|
);
|
|
|
|
|
|
2015-10-17 11:39:05 +00:00
|
|
|
NTKERNELAPI
|
|
|
|
|
ULONG
|
|
|
|
|
NTAPI
|
|
|
|
|
PsGetThreadFreezeCount(
|
|
|
|
|
_In_ PETHREAD Thread
|
|
|
|
|
);
|
|
|
|
|
|
2006-11-15 20:24:55 +00:00
|
|
|
NTKERNELAPI
|
2006-06-23 21:21:45 +00:00
|
|
|
BOOLEAN
|
|
|
|
|
NTAPI
|
|
|
|
|
PsGetThreadHardErrorsAreDisabled(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ PETHREAD Thread
|
2006-06-23 21:21:45 +00:00
|
|
|
);
|
|
|
|
|
|
2006-11-15 20:24:55 +00:00
|
|
|
NTKERNELAPI
|
2007-10-19 23:21:45 +00:00
|
|
|
VOID
|
2006-06-23 21:21:45 +00:00
|
|
|
NTAPI
|
|
|
|
|
PsSetThreadHardErrorsAreDisabled(
|
2013-01-13 14:49:21 +00:00
|
|
|
_Inout_ PETHREAD Thread,
|
|
|
|
|
_In_ BOOLEAN Disabled
|
2006-06-23 21:21:45 +00:00
|
|
|
);
|
|
|
|
|
|
2006-11-15 20:24:55 +00:00
|
|
|
NTKERNELAPI
|
2007-10-19 23:21:45 +00:00
|
|
|
VOID
|
2005-09-05 04:48:20 +00:00
|
|
|
NTAPI
|
2005-11-22 04:57:45 +00:00
|
|
|
PsEstablishWin32Callouts(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ PWIN32_CALLOUTS_FPNS CalloutData
|
2005-06-18 23:33:40 +00:00
|
|
|
);
|
|
|
|
|
|
2006-11-15 20:24:55 +00:00
|
|
|
NTKERNELAPI
|
2005-12-06 01:53:03 +00:00
|
|
|
VOID
|
|
|
|
|
NTAPI
|
|
|
|
|
PsReturnProcessNonPagedPoolQuota(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ PEPROCESS Process,
|
|
|
|
|
_In_ SIZE_T Amount
|
2005-12-06 01:53:03 +00:00
|
|
|
);
|
|
|
|
|
|
2012-02-15 06:48:39 +00:00
|
|
|
NTKERNELAPI
|
|
|
|
|
ULONG
|
|
|
|
|
NTAPI
|
|
|
|
|
PsGetCurrentProcessSessionId(
|
|
|
|
|
VOID
|
|
|
|
|
);
|
2012-04-02 08:28:17 +00:00
|
|
|
|
2005-11-22 04:57:45 +00:00
|
|
|
//
|
|
|
|
|
// Process Impersonation Functions
|
|
|
|
|
//
|
2014-01-11 15:31:16 +00:00
|
|
|
NTKERNELAPI
|
|
|
|
|
BOOLEAN
|
|
|
|
|
NTAPI
|
|
|
|
|
PsIsThreadImpersonating(
|
|
|
|
|
_In_ PETHREAD Thread
|
|
|
|
|
);
|
|
|
|
|
|
2006-11-15 20:24:55 +00:00
|
|
|
NTKERNELAPI
|
2005-11-22 04:57:45 +00:00
|
|
|
VOID
|
2005-09-05 04:48:20 +00:00
|
|
|
NTAPI
|
2005-11-22 04:57:45 +00:00
|
|
|
PsRevertThreadToSelf(
|
2013-01-13 14:49:21 +00:00
|
|
|
_Inout_ PETHREAD Thread
|
2005-06-18 23:33:40 +00:00
|
|
|
);
|
|
|
|
|
|
2005-11-22 04:57:45 +00:00
|
|
|
//
|
|
|
|
|
// Misc. Functions
|
|
|
|
|
//
|
2006-11-15 20:24:55 +00:00
|
|
|
NTKERNELAPI
|
2006-10-30 14:17:37 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
PsLookupProcessThreadByCid(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ PCLIENT_ID Cid,
|
|
|
|
|
_Out_opt_ PEPROCESS *Process,
|
|
|
|
|
_Out_ PETHREAD *Thread
|
2006-10-30 14:17:37 +00:00
|
|
|
);
|
|
|
|
|
|
2007-04-07 05:33:30 +00:00
|
|
|
BOOLEAN
|
|
|
|
|
NTAPI
|
|
|
|
|
PsIsProtectedProcess(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ PEPROCESS Process
|
2007-04-07 05:33:30 +00:00
|
|
|
);
|
|
|
|
|
|
2008-09-25 14:39:38 +00:00
|
|
|
NTKERNELAPI
|
|
|
|
|
BOOLEAN
|
|
|
|
|
NTAPI
|
|
|
|
|
PsIsSystemProcess(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ PEPROCESS Process
|
2008-09-25 14:39:38 +00:00
|
|
|
);
|
|
|
|
|
|
2009-06-10 19:24:38 +00:00
|
|
|
VOID
|
|
|
|
|
NTAPI
|
|
|
|
|
PsSetProcessPriorityByClass(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ PEPROCESS Process,
|
|
|
|
|
_In_ PSPROCESSPRIORITYMODE Type
|
2009-06-10 19:24:38 +00:00
|
|
|
);
|
|
|
|
|
|
2009-08-03 21:01:48 +00:00
|
|
|
HANDLE
|
|
|
|
|
NTAPI
|
|
|
|
|
PsGetProcessInheritedFromUniqueProcessId(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ PEPROCESS Process
|
2009-08-03 21:01:48 +00:00
|
|
|
);
|
|
|
|
|
|
2011-05-01 09:20:15 +00:00
|
|
|
NTKERNELAPI
|
|
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
PsGetProcessExitStatus(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ PEPROCESS Process
|
2011-05-01 09:20:15 +00:00
|
|
|
);
|
|
|
|
|
|
2013-09-21 20:14:22 +00:00
|
|
|
NTKERNELAPI
|
|
|
|
|
ULONG
|
2012-02-04 21:16:52 +00:00
|
|
|
NTAPI
|
|
|
|
|
PsGetProcessSessionId(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ PEPROCESS Process
|
2012-02-04 21:16:52 +00:00
|
|
|
);
|
|
|
|
|
|
2011-09-20 18:04:14 +00:00
|
|
|
NTKERNELAPI
|
2012-02-04 21:16:52 +00:00
|
|
|
BOOLEAN
|
|
|
|
|
NTAPI
|
2011-09-20 18:04:14 +00:00
|
|
|
PsGetProcessExitProcessCalled(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ PEPROCESS Process
|
2011-09-20 18:04:14 +00:00
|
|
|
);
|
|
|
|
|
|
2007-09-26 16:41:35 +00:00
|
|
|
//
|
|
|
|
|
// Quota Functions
|
|
|
|
|
//
|
|
|
|
|
NTKERNELAPI
|
|
|
|
|
VOID
|
|
|
|
|
NTAPI
|
|
|
|
|
PsChargePoolQuota(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ PEPROCESS Process,
|
|
|
|
|
_In_ POOL_TYPE PoolType,
|
|
|
|
|
_In_ SIZE_T Amount
|
2007-09-26 16:41:35 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
|
|
NTKERNELAPI
|
|
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
PsChargeProcessNonPagedPoolQuota(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ PEPROCESS Process,
|
|
|
|
|
_In_ SIZE_T Amount
|
2007-09-26 16:41:35 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
|
|
NTKERNELAPI
|
|
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
PsChargeProcessPagedPoolQuota(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ PEPROCESS Process,
|
|
|
|
|
_In_ SIZE_T Amount
|
2007-09-26 16:41:35 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
|
|
NTKERNELAPI
|
|
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
PsChargeProcessPoolQuota(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ PEPROCESS Process,
|
|
|
|
|
_In_ POOL_TYPE PoolType,
|
|
|
|
|
_In_ SIZE_T Amount
|
2007-09-26 16:41:35 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
|
|
NTKERNELAPI
|
|
|
|
|
VOID
|
|
|
|
|
NTAPI
|
|
|
|
|
PsReturnPoolQuota(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ PEPROCESS Process,
|
|
|
|
|
_In_ POOL_TYPE PoolType,
|
|
|
|
|
_In_ SIZE_T Amount
|
2007-09-26 16:41:35 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
|
|
NTKERNELAPI
|
|
|
|
|
VOID
|
|
|
|
|
NTAPI
|
|
|
|
|
PsReturnProcessNonPagedPoolQuota(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ PEPROCESS Process,
|
|
|
|
|
_In_ SIZE_T Amount
|
2007-09-26 16:41:35 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
|
|
NTKERNELAPI
|
|
|
|
|
VOID
|
|
|
|
|
NTAPI
|
|
|
|
|
PsReturnProcessPagedPoolQuota(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ PEPROCESS Process,
|
|
|
|
|
_In_ SIZE_T Amount
|
2007-09-26 16:41:35 +00:00
|
|
|
);
|
|
|
|
|
|
2014-02-01 12:12:26 +00:00
|
|
|
NTKERNELAPI
|
|
|
|
|
PVOID
|
|
|
|
|
NTAPI
|
|
|
|
|
PsGetProcessSecurityPort(
|
|
|
|
|
_In_ PEPROCESS Process
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
NTKERNELAPI
|
|
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
PsSetProcessSecurityPort(
|
|
|
|
|
_Inout_ PEPROCESS Process,
|
|
|
|
|
_In_ PVOID SecurityPort
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
NTKERNELAPI
|
|
|
|
|
HANDLE
|
|
|
|
|
NTAPI
|
|
|
|
|
PsGetCurrentThreadProcessId(
|
|
|
|
|
VOID
|
|
|
|
|
);
|
|
|
|
|
|
2005-06-18 23:33:40 +00:00
|
|
|
#endif
|
2005-11-25 00:17:40 +00:00
|
|
|
|
|
|
|
|
//
|
|
|
|
|
// Native Calls
|
|
|
|
|
//
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSCALLAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtAlertResumeThread(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ HANDLE ThreadHandle,
|
2013-01-22 22:51:51 +00:00
|
|
|
_Out_opt_ PULONG SuspendCount
|
2005-11-25 00:17:40 +00:00
|
|
|
);
|
|
|
|
|
|
2006-11-15 20:24:55 +00:00
|
|
|
NTSYSCALLAPI
|
2006-10-23 21:28:17 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtApphelpCacheControl(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ APPHELPCACHESERVICECLASS Service,
|
2015-09-05 11:20:05 +00:00
|
|
|
_In_opt_ PAPPHELP_CACHE_SERVICE_LOOKUP ServiceData
|
2006-10-23 21:28:17 +00:00
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSCALLAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtAlertThread(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ HANDLE ThreadHandle
|
2005-11-25 00:17:40 +00:00
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSCALLAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtAssignProcessToJobObject(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ HANDLE JobHandle,
|
|
|
|
|
_In_ HANDLE ProcessHandle
|
2005-11-25 00:17:40 +00:00
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSCALLAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtCreateJobObject(
|
2013-01-13 14:49:21 +00:00
|
|
|
_Out_ PHANDLE JobHandle,
|
|
|
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
|
|
|
_In_ POBJECT_ATTRIBUTES ObjectAttributes
|
2005-11-25 00:17:40 +00:00
|
|
|
);
|
|
|
|
|
|
2006-10-23 21:19:15 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtCreateJobSet(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ ULONG NumJob,
|
|
|
|
|
_In_ PJOB_SET_ARRAY UserJobSet,
|
|
|
|
|
_In_ ULONG Flags
|
2006-10-23 21:19:15 +00:00
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSCALLAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtCreateProcess(
|
2013-01-13 14:49:21 +00:00
|
|
|
_Out_ PHANDLE ProcessHandle,
|
|
|
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
|
|
|
_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
|
|
|
|
|
_In_ HANDLE ParentProcess,
|
|
|
|
|
_In_ BOOLEAN InheritObjectTable,
|
|
|
|
|
_In_opt_ HANDLE SectionHandle,
|
|
|
|
|
_In_opt_ HANDLE DebugPort,
|
|
|
|
|
_In_opt_ HANDLE ExceptionPort
|
2005-11-25 00:17:40 +00:00
|
|
|
);
|
|
|
|
|
|
2006-10-23 21:19:15 +00:00
|
|
|
NTSYSCALLAPI
|
|
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtCreateProcessEx(
|
2013-01-13 14:49:21 +00:00
|
|
|
_Out_ PHANDLE ProcessHandle,
|
|
|
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
|
|
|
_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
|
|
|
|
|
_In_ HANDLE ParentProcess,
|
|
|
|
|
_In_ ULONG Flags,
|
|
|
|
|
_In_opt_ HANDLE SectionHandle,
|
|
|
|
|
_In_opt_ HANDLE DebugPort,
|
|
|
|
|
_In_opt_ HANDLE ExceptionPort,
|
|
|
|
|
_In_ BOOLEAN InJob
|
2006-10-23 21:19:15 +00:00
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSCALLAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtCreateThread(
|
2013-01-13 14:49:21 +00:00
|
|
|
_Out_ PHANDLE ThreadHandle,
|
|
|
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
|
|
|
_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
|
|
|
|
|
_In_ HANDLE ProcessHandle,
|
|
|
|
|
_Out_ PCLIENT_ID ClientId,
|
|
|
|
|
_In_ PCONTEXT ThreadContext,
|
|
|
|
|
_In_ PINITIAL_TEB UserStack,
|
|
|
|
|
_In_ BOOLEAN CreateSuspended
|
2005-11-25 00:17:40 +00:00
|
|
|
);
|
|
|
|
|
|
2012-04-02 08:28:17 +00:00
|
|
|
#ifndef NTOS_MODE_USER
|
|
|
|
|
FORCEINLINE struct _TEB * NtCurrentTeb(VOID)
|
|
|
|
|
{
|
|
|
|
|
#if defined(_M_IX86)
|
2024-02-23 21:58:06 +00:00
|
|
|
return (struct _TEB *)__readfsdword(0x18);
|
2012-04-02 08:28:17 +00:00
|
|
|
#elif defined (_M_AMD64)
|
|
|
|
|
return (struct _TEB *)__readgsqword(FIELD_OFFSET(NT_TIB, Self));
|
2015-05-10 19:34:38 +00:00
|
|
|
#elif defined (_M_ARM)
|
2024-02-23 21:58:06 +00:00
|
|
|
// return (struct _TEB *)KeGetPcr()->Used_Self;
|
|
|
|
|
return (struct _TEB *)(ULONG_PTR)_MoveFromCoprocessor(CP15_TPIDRURW);
|
|
|
|
|
#elif defined (_M_ARM64)
|
|
|
|
|
//UNIMPLEMENTED;
|
|
|
|
|
return 0;
|
|
|
|
|
// #elif defined(_M_PPC)
|
|
|
|
|
// return (struct _TEB *)_read_teb_dword(0x18);
|
|
|
|
|
#else
|
|
|
|
|
#error Unsupported architecture
|
2012-04-02 08:28:17 +00:00
|
|
|
#endif
|
|
|
|
|
}
|
|
|
|
|
#else
|
2024-02-23 21:58:06 +00:00
|
|
|
struct _TEB * NtCurrentTeb(VOID);
|
2012-04-02 08:28:17 +00:00
|
|
|
#endif
|
2006-09-07 21:36:15 +00:00
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSCALLAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtImpersonateThread(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ HANDLE ThreadHandle,
|
|
|
|
|
_In_ HANDLE ThreadToImpersonate,
|
|
|
|
|
_In_ PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService
|
2005-11-25 00:17:40 +00:00
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSCALLAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtIsProcessInJob(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ HANDLE ProcessHandle,
|
|
|
|
|
_In_opt_ HANDLE JobHandle
|
2005-11-25 00:17:40 +00:00
|
|
|
);
|
|
|
|
|
|
2013-01-13 14:49:21 +00:00
|
|
|
__kernel_entry
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSYSCALLAPI
|
|
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtOpenProcess(
|
2013-01-13 14:49:21 +00:00
|
|
|
_Out_ PHANDLE ProcessHandle,
|
|
|
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
|
|
|
_In_ POBJECT_ATTRIBUTES ObjectAttributes,
|
|
|
|
|
_In_opt_ PCLIENT_ID ClientId
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
_Must_inspect_result_
|
|
|
|
|
__kernel_entry
|
|
|
|
|
NTSYSCALLAPI
|
|
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtOpenProcessToken(
|
|
|
|
|
_In_ HANDLE ProcessHandle,
|
|
|
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
|
|
|
_Out_ PHANDLE TokenHandle
|
2005-11-25 00:17:40 +00:00
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSCALLAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtOpenThread(
|
2013-01-13 14:49:21 +00:00
|
|
|
_Out_ PHANDLE ThreadHandle,
|
|
|
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
|
|
|
_In_ POBJECT_ATTRIBUTES ObjectAttributes,
|
|
|
|
|
_In_ PCLIENT_ID ClientId
|
2005-11-25 00:17:40 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
|
|
NTSYSCALLAPI
|
|
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtOpenThreadToken(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ HANDLE ThreadHandle,
|
|
|
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
|
|
|
_In_ BOOLEAN OpenAsSelf,
|
|
|
|
|
_Out_ PHANDLE TokenHandle
|
2005-11-25 00:17:40 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
|
|
NTSYSCALLAPI
|
|
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtOpenThreadTokenEx(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ HANDLE ThreadHandle,
|
|
|
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
|
|
|
_In_ BOOLEAN OpenAsSelf,
|
|
|
|
|
_In_ ULONG HandleAttributes,
|
|
|
|
|
_Out_ PHANDLE TokenHandle
|
2005-11-25 00:17:40 +00:00
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSCALLAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtQueryInformationJobObject(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ HANDLE JobHandle,
|
|
|
|
|
_In_ JOBOBJECTINFOCLASS JobInformationClass,
|
|
|
|
|
_Out_bytecap_(JobInformationLength) PVOID JobInformation,
|
|
|
|
|
_In_ ULONG JobInformationLength,
|
|
|
|
|
_Out_ PULONG ReturnLength
|
2005-11-25 00:17:40 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
|
|
#ifndef _NTDDK_
|
2015-03-15 00:05:50 +00:00
|
|
|
__kernel_entry
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSCALLAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtQueryInformationProcess(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ HANDLE ProcessHandle,
|
|
|
|
|
_In_ PROCESSINFOCLASS ProcessInformationClass,
|
|
|
|
|
_Out_ PVOID ProcessInformation,
|
|
|
|
|
_In_ ULONG ProcessInformationLength,
|
2015-03-15 00:05:50 +00:00
|
|
|
_Out_opt_ PULONG ReturnLength
|
2005-11-25 00:17:40 +00:00
|
|
|
);
|
|
|
|
|
#endif
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSCALLAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtQueryInformationThread(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ HANDLE ThreadHandle,
|
|
|
|
|
_In_ THREADINFOCLASS ThreadInformationClass,
|
|
|
|
|
_Out_ PVOID ThreadInformation,
|
|
|
|
|
_In_ ULONG ThreadInformationLength,
|
2013-01-22 22:51:51 +00:00
|
|
|
_Out_opt_ PULONG ReturnLength
|
2005-11-25 00:17:40 +00:00
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSCALLAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtRegisterThreadTerminatePort(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ HANDLE TerminationPort
|
2005-11-25 00:17:40 +00:00
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSCALLAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtResumeThread(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ HANDLE ThreadHandle,
|
2013-01-22 22:51:51 +00:00
|
|
|
_Out_opt_ PULONG SuspendCount
|
2005-11-25 00:17:40 +00:00
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSCALLAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtResumeProcess(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ HANDLE ProcessHandle
|
2005-11-25 00:17:40 +00:00
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSCALLAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtSetInformationJobObject(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ HANDLE JobHandle,
|
|
|
|
|
_In_ JOBOBJECTINFOCLASS JobInformationClass,
|
|
|
|
|
_In_bytecount_(JobInformationLength) PVOID JobInformation,
|
|
|
|
|
_In_ ULONG JobInformationLength
|
2005-11-25 00:17:40 +00:00
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSCALLAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtSetInformationProcess(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ HANDLE ProcessHandle,
|
|
|
|
|
_In_ PROCESSINFOCLASS ProcessInformationClass,
|
|
|
|
|
_In_ PVOID ProcessInformation,
|
|
|
|
|
_In_ ULONG ProcessInformationLength
|
2005-11-25 00:17:40 +00:00
|
|
|
);
|
|
|
|
|
|
2013-01-13 14:49:21 +00:00
|
|
|
__kernel_entry
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSYSCALLAPI
|
|
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtSetInformationThread(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ HANDLE ThreadHandle,
|
|
|
|
|
_In_ THREADINFOCLASS ThreadInformationClass,
|
|
|
|
|
_In_reads_bytes_(ThreadInformationLength) PVOID ThreadInformation,
|
|
|
|
|
_In_ ULONG ThreadInformationLength
|
2005-11-25 00:17:40 +00:00
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSCALLAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtSuspendProcess(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ HANDLE ProcessHandle
|
2005-11-25 00:17:40 +00:00
|
|
|
);
|
|
|
|
|
|
2006-05-10 17:47:44 +00:00
|
|
|
NTSYSCALLAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtSuspendThread(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ HANDLE ThreadHandle,
|
|
|
|
|
_In_ PULONG PreviousSuspendCount
|
2005-11-25 00:17:40 +00:00
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSCALLAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtTerminateProcess(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ HANDLE ProcessHandle,
|
|
|
|
|
_In_ NTSTATUS ExitStatus
|
2005-11-25 00:17:40 +00:00
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSCALLAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtTerminateThread(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ HANDLE ThreadHandle,
|
|
|
|
|
_In_ NTSTATUS ExitStatus
|
2005-11-25 00:17:40 +00:00
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSCALLAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtTerminateJobObject(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ HANDLE JobHandle,
|
|
|
|
|
_In_ NTSTATUS ExitStatus
|
2005-11-25 00:17:40 +00:00
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
ZwAlertResumeThread(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ HANDLE ThreadHandle,
|
2013-01-22 22:51:51 +00:00
|
|
|
_Out_opt_ PULONG SuspendCount
|
2005-11-25 00:17:40 +00:00
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
ZwAlertThread(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ HANDLE ThreadHandle
|
2005-11-25 00:17:40 +00:00
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
ZwAssignProcessToJobObject(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ HANDLE JobHandle,
|
|
|
|
|
_In_ HANDLE ProcessHandle
|
2005-11-25 00:17:40 +00:00
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
ZwCreateJobObject(
|
2013-01-13 14:49:21 +00:00
|
|
|
_Out_ PHANDLE JobHandle,
|
|
|
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
|
|
|
_In_ POBJECT_ATTRIBUTES ObjectAttributes
|
2005-11-25 00:17:40 +00:00
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
ZwCreateProcess(
|
2013-01-13 14:49:21 +00:00
|
|
|
_Out_ PHANDLE ProcessHandle,
|
|
|
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
|
|
|
_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
|
|
|
|
|
_In_ HANDLE ParentProcess,
|
|
|
|
|
_In_ BOOLEAN InheritObjectTable,
|
|
|
|
|
_In_opt_ HANDLE SectionHandle,
|
|
|
|
|
_In_opt_ HANDLE DebugPort,
|
|
|
|
|
_In_opt_ HANDLE ExceptionPort
|
2005-11-25 00:17:40 +00:00
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
ZwCreateThread(
|
2013-01-13 14:49:21 +00:00
|
|
|
_Out_ PHANDLE ThreadHandle,
|
|
|
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
|
|
|
_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
|
|
|
|
|
_In_ HANDLE ProcessHandle,
|
|
|
|
|
_Out_ PCLIENT_ID ClientId,
|
|
|
|
|
_In_ PCONTEXT ThreadContext,
|
|
|
|
|
_In_ PINITIAL_TEB UserStack,
|
|
|
|
|
_In_ BOOLEAN CreateSuspended
|
2005-11-25 00:17:40 +00:00
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
ZwImpersonateThread(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ HANDLE ThreadHandle,
|
|
|
|
|
_In_ HANDLE ThreadToImpersonate,
|
|
|
|
|
_In_ PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService
|
2005-11-25 00:17:40 +00:00
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
ZwIsProcessInJob(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ HANDLE ProcessHandle,
|
|
|
|
|
_In_opt_ HANDLE JobHandle
|
2005-11-25 00:17:40 +00:00
|
|
|
);
|
|
|
|
|
|
2013-01-13 14:49:21 +00:00
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
2013-01-13 14:49:21 +00:00
|
|
|
ZwOpenProcessTokenEx(
|
|
|
|
|
_In_ HANDLE ProcessHandle,
|
|
|
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
|
|
|
_In_ ULONG HandleAttributes,
|
|
|
|
|
_Out_ PHANDLE TokenHandle
|
2005-11-25 00:17:40 +00:00
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
ZwOpenThread(
|
2013-01-13 14:49:21 +00:00
|
|
|
_Out_ PHANDLE ThreadHandle,
|
|
|
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
|
|
|
_In_ POBJECT_ATTRIBUTES ObjectAttributes,
|
|
|
|
|
_In_ PCLIENT_ID ClientId
|
2005-11-25 00:17:40 +00:00
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
ZwOpenThreadToken(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ HANDLE ThreadHandle,
|
|
|
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
|
|
|
_In_ BOOLEAN OpenAsSelf,
|
|
|
|
|
_Out_ PHANDLE TokenHandle
|
2005-11-25 00:17:40 +00:00
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
ZwOpenThreadTokenEx(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ HANDLE ThreadHandle,
|
|
|
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
|
|
|
_In_ BOOLEAN OpenAsSelf,
|
|
|
|
|
_In_ ULONG HandleAttributes,
|
|
|
|
|
_Out_ PHANDLE TokenHandle
|
2005-11-25 00:17:40 +00:00
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
ZwQueryInformationJobObject(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ HANDLE JobHandle,
|
|
|
|
|
_In_ JOBOBJECTINFOCLASS JobInformationClass,
|
|
|
|
|
_Out_bytecap_(JobInformationLength) PVOID JobInformation,
|
|
|
|
|
_In_ ULONG JobInformationLength,
|
|
|
|
|
_Out_ PULONG ReturnLength
|
2005-11-25 00:17:40 +00:00
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
ZwQueryInformationProcess(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ HANDLE ProcessHandle,
|
|
|
|
|
_In_ PROCESSINFOCLASS ProcessInformationClass,
|
|
|
|
|
_Out_ PVOID ProcessInformation,
|
|
|
|
|
_In_ ULONG ProcessInformationLength,
|
|
|
|
|
_Out_opt_ PULONG ReturnLength
|
2005-11-25 00:17:40 +00:00
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
ZwQueryInformationThread(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ HANDLE ThreadHandle,
|
|
|
|
|
_In_ THREADINFOCLASS ThreadInformationClass,
|
|
|
|
|
_Out_ PVOID ThreadInformation,
|
|
|
|
|
_In_ ULONG ThreadInformationLength,
|
2013-01-22 22:51:51 +00:00
|
|
|
_Out_opt_ PULONG ReturnLength
|
2005-11-25 00:17:40 +00:00
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
ZwRegisterThreadTerminatePort(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ HANDLE TerminationPort
|
2005-11-25 00:17:40 +00:00
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
ZwResumeThread(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ HANDLE ThreadHandle,
|
2013-01-22 22:51:51 +00:00
|
|
|
_Out_opt_ PULONG SuspendCount
|
2005-11-25 00:17:40 +00:00
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
ZwResumeProcess(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ HANDLE ProcessHandle
|
2005-11-25 00:17:40 +00:00
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
ZwSetInformationJobObject(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ HANDLE JobHandle,
|
|
|
|
|
_In_ JOBOBJECTINFOCLASS JobInformationClass,
|
|
|
|
|
_In_ PVOID JobInformation,
|
|
|
|
|
_In_ ULONG JobInformationLength
|
2005-11-25 00:17:40 +00:00
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
ZwSetInformationProcess(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ HANDLE ProcessHandle,
|
|
|
|
|
_In_ PROCESSINFOCLASS ProcessInformationClass,
|
|
|
|
|
_In_ PVOID ProcessInformation,
|
|
|
|
|
_In_ ULONG ProcessInformationLength
|
2005-11-25 00:17:40 +00:00
|
|
|
);
|
|
|
|
|
|
2013-01-13 14:49:21 +00:00
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
ZwSetInformationThread(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ HANDLE ThreadHandle,
|
|
|
|
|
_In_ THREADINFOCLASS ThreadInformationClass,
|
|
|
|
|
_In_reads_bytes_(ThreadInformationLength) PVOID ThreadInformation,
|
|
|
|
|
_In_ ULONG ThreadInformationLength
|
2005-11-25 00:17:40 +00:00
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
ZwSuspendProcess(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ HANDLE ProcessHandle
|
2005-11-25 00:17:40 +00:00
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
ZwSuspendThread(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ HANDLE ThreadHandle,
|
|
|
|
|
_In_ PULONG PreviousSuspendCount
|
2005-11-25 00:17:40 +00:00
|
|
|
);
|
|
|
|
|
|
2013-01-13 14:49:21 +00:00
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
2013-01-13 14:49:21 +00:00
|
|
|
ZwTerminateProcess (
|
|
|
|
|
_In_opt_ HANDLE ProcessHandle,
|
|
|
|
|
_In_ NTSTATUS ExitStatus
|
|
|
|
|
);
|
2005-11-25 00:17:40 +00:00
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
ZwTerminateThread(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ HANDLE ThreadHandle,
|
|
|
|
|
_In_ NTSTATUS ExitStatus
|
2005-11-25 00:17:40 +00:00
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
ZwTerminateJobObject(
|
2013-01-13 14:49:21 +00:00
|
|
|
_In_ HANDLE JobHandle,
|
|
|
|
|
_In_ NTSTATUS ExitStatus
|
2005-11-25 00:17:40 +00:00
|
|
|
);
|
|
|
|
|
|
2008-06-16 09:20:47 +00:00
|
|
|
#ifdef __cplusplus
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
2005-11-25 00:17:40 +00:00
|
|
|
#endif
|
