/*++ NDK Version: 0098 Copyright (c) Alex Ionescu. All rights reserved. Header Name: umfuncs.h Abstract: Function definitions for Native DLL (ntdll) APIs exclusive to User Mode. Author: Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 --*/ #ifndef _UMFUNCS_H #define _UMFUNCS_H // // Dependencies // #include #include // // Debug Functions // NTSYSAPI VOID NTAPI DbgBreakPointWithStatus( IN ULONG Status ); NTSTATUS NTAPI DbgUiConnectToDbg( VOID ); NTSTATUS NTAPI DbgUiContinue( IN PCLIENT_ID ClientId, IN NTSTATUS ContinueStatus ); NTSTATUS NTAPI DbgUiDebugActiveProcess( IN HANDLE Process ); NTSTATUS NTAPI DbgUiStopDebugging( IN HANDLE Process ); NTSYSAPI NTSTATUS NTAPI DbgUiWaitStateChange( IN PDBGUI_WAIT_STATE_CHANGE DbgUiWaitStateCange, IN PLARGE_INTEGER TimeOut ); NTSTATUS NTAPI DbgUiConvertStateChangeStructure( IN PDBGUI_WAIT_STATE_CHANGE WaitStateChange, IN PVOID DebugEvent ); VOID NTAPI DbgUiRemoteBreakin( VOID ); NTSTATUS NTAPI DbgUiIssueRemoteBreakin( IN HANDLE Process ); HANDLE NTAPI DbgUiGetThreadDebugObject( VOID ); // // Loader Functions // NTSTATUS NTAPI LdrAddRefDll( IN ULONG Flags, IN PVOID BaseAddress ); NTSTATUS NTAPI LdrDisableThreadCalloutsForDll( IN PVOID BaseAddress ); NTSTATUS NTAPI LdrGetDllHandle( IN PWSTR DllPath OPTIONAL, IN PULONG DllCharacteristics, IN PUNICODE_STRING DllName, OUT PVOID *DllHandle ); NTSTATUS NTAPI LdrGetDllHandleEx(IN ULONG Flags, IN PWSTR DllPath OPTIONAL, IN PULONG DllCharacteristics OPTIONAL, IN PUNICODE_STRING DllName, OUT PVOID *DllHandle OPTIONAL); NTSTATUS NTAPI LdrFindEntryForAddress( IN PVOID Address, OUT PLDR_DATA_TABLE_ENTRY *Module ); NTSTATUS NTAPI LdrGetProcedureAddress( IN PVOID BaseAddress, IN PANSI_STRING Name, IN ULONG Ordinal, OUT PVOID *ProcedureAddress ); VOID NTAPI LdrInitializeThunk( ULONG Unknown1, ULONG Unknown2, ULONG Unknown3, ULONG Unknown4 ); NTSTATUS NTAPI LdrLoadDll( IN PWSTR SearchPath OPTIONAL, IN PULONG LoadFlags OPTIONAL, IN PUNICODE_STRING Name, OUT PVOID *BaseAddress OPTIONAL ); PIMAGE_BASE_RELOCATION NTAPI LdrProcessRelocationBlock( IN ULONG_PTR Address, IN ULONG Count, IN PUSHORT TypeOffset, IN LONG_PTR Delta ); NTSTATUS NTAPI LdrQueryImageFileExecutionOptions( IN PUNICODE_STRING SubKey, IN PCWSTR ValueName, IN ULONG ValueSize, OUT PVOID Buffer, IN ULONG BufferSize, OUT PULONG RetunedLength OPTIONAL ); NTSTATUS NTAPI LdrQueryProcessModuleInformation( IN PRTL_PROCESS_MODULES ModuleInformation OPTIONAL, IN ULONG Size OPTIONAL, OUT PULONG ReturnedSize ); NTSTATUS NTAPI LdrShutdownProcess( VOID ); NTSTATUS NTAPI LdrShutdownThread( VOID ); NTSTATUS NTAPI LdrUnloadDll( IN PVOID BaseAddress ); typedef VOID (NTAPI *PLDR_CALLBACK)(PVOID CallbackContext, PCHAR Name); NTSTATUS NTAPI LdrVerifyImageMatchesChecksum( IN HANDLE FileHandle, IN PLDR_CALLBACK Callback, IN PVOID CallbackContext, OUT PUSHORT ImageCharacterstics ); NTSTATUS NTAPI LdrOpenImageFileOptionsKey( IN PUNICODE_STRING SubKey, IN BOOLEAN Wow64, OUT PHANDLE NewKeyHandle ); NTSTATUS NTAPI LdrQueryImageFileKeyOption( IN HANDLE KeyHandle, IN PCWSTR ValueName, IN ULONG Type, OUT PVOID Buffer, IN ULONG BufferSize, OUT PULONG ReturnedLength OPTIONAL ); #endif