/*++ NDK Version: 0098 Copyright (c) Alex Ionescu. All rights reserved. Header Name: rtlfuncs.h Abstract: Function definitions for the Run-Time Library Author: Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 --*/ #ifndef _RTLFUNCS_H #define _RTLFUNCS_H // // Dependencies // #include #include #include #include #include #include "in6addr.h" #include "inaddr.h" #ifdef __cplusplus extern "C" { #endif #ifdef NTOS_MODE_USER // // List Functions // FORCEINLINE VOID InitializeListHead( _Out_ PLIST_ENTRY ListHead ) { ListHead->Flink = ListHead->Blink = ListHead; } FORCEINLINE VOID InsertHeadList( _Inout_ PLIST_ENTRY ListHead, _Inout_ PLIST_ENTRY Entry ) { PLIST_ENTRY OldFlink; OldFlink = ListHead->Flink; Entry->Flink = OldFlink; Entry->Blink = ListHead; OldFlink->Blink = Entry; ListHead->Flink = Entry; } FORCEINLINE VOID InsertTailList( _Inout_ PLIST_ENTRY ListHead, _Inout_ PLIST_ENTRY Entry ) { PLIST_ENTRY OldBlink; OldBlink = ListHead->Blink; Entry->Flink = ListHead; Entry->Blink = OldBlink; OldBlink->Flink = Entry; ListHead->Blink = Entry; } _Must_inspect_result_ FORCEINLINE BOOLEAN IsListEmpty( _In_ const LIST_ENTRY * ListHead ) { return (BOOLEAN)(ListHead->Flink == ListHead); } FORCEINLINE PSINGLE_LIST_ENTRY PopEntryList( _Inout_ PSINGLE_LIST_ENTRY ListHead ) { PSINGLE_LIST_ENTRY FirstEntry; FirstEntry = ListHead->Next; if (FirstEntry != NULL) { ListHead->Next = FirstEntry->Next; } return FirstEntry; } FORCEINLINE VOID PushEntryList( _Inout_ PSINGLE_LIST_ENTRY ListHead, _Inout_ PSINGLE_LIST_ENTRY Entry ) { Entry->Next = ListHead->Next; ListHead->Next = Entry; } FORCEINLINE BOOLEAN RemoveEntryList( _In_ PLIST_ENTRY Entry) { PLIST_ENTRY OldFlink; PLIST_ENTRY OldBlink; OldFlink = Entry->Flink; OldBlink = Entry->Blink; OldFlink->Blink = OldBlink; OldBlink->Flink = OldFlink; return (BOOLEAN)(OldFlink == OldBlink); } FORCEINLINE PLIST_ENTRY RemoveHeadList( _Inout_ PLIST_ENTRY ListHead) { PLIST_ENTRY Flink; PLIST_ENTRY Entry; Entry = ListHead->Flink; Flink = Entry->Flink; ListHead->Flink = Flink; Flink->Blink = ListHead; return Entry; } FORCEINLINE PLIST_ENTRY RemoveTailList( _Inout_ PLIST_ENTRY ListHead) { PLIST_ENTRY Blink; PLIST_ENTRY Entry; Entry = ListHead->Blink; Blink = Entry->Blink; ListHead->Blink = Blink; Blink->Flink = ListHead; return Entry; } // // Unicode string macros // _At_(UnicodeString->Buffer, _Post_equal_to_(Buffer)) _At_(UnicodeString->Length, _Post_equal_to_(0)) _At_(UnicodeString->MaximumLength, _Post_equal_to_(BufferSize)) FORCEINLINE VOID RtlInitEmptyUnicodeString( _Out_ PUNICODE_STRING UnicodeString, _When_(BufferSize != 0, _Notnull_) _Writable_bytes_(BufferSize) __drv_aliasesMem PWCHAR Buffer, _In_ USHORT BufferSize) { UnicodeString->Length = 0; UnicodeString->MaximumLength = BufferSize; UnicodeString->Buffer = Buffer; } _At_(AnsiString->Buffer, _Post_equal_to_(Buffer)) _At_(AnsiString->Length, _Post_equal_to_(0)) _At_(AnsiString->MaximumLength, _Post_equal_to_(BufferSize)) FORCEINLINE VOID RtlInitEmptyAnsiString( _Out_ PANSI_STRING AnsiString, _When_(BufferSize != 0, _Notnull_) _Writable_bytes_(BufferSize) __drv_aliasesMem PCHAR Buffer, _In_ USHORT BufferSize) { AnsiString->Length = 0; AnsiString->MaximumLength = BufferSize; AnsiString->Buffer = Buffer; } // // LUID Macros // #define RtlEqualLuid(L1, L2) (((L1)->HighPart == (L2)->HighPart) && \ ((L1)->LowPart == (L2)->LowPart)) FORCEINLINE LUID NTAPI_INLINE RtlConvertUlongToLuid( _In_ ULONG Ulong) { LUID TempLuid; TempLuid.LowPart = Ulong; TempLuid.HighPart = 0; return TempLuid; } // // ASSERT Macros // #ifndef ASSERT #if DBG #define ASSERT( exp ) \ ((void)((!(exp)) ? \ (RtlAssert( (PVOID)#exp, (PVOID)__FILE__, __LINE__, NULL ),FALSE) : \ TRUE)) #define ASSERTMSG( msg, exp ) \ ((void)((!(exp)) ? \ (RtlAssert( (PVOID)#exp, (PVOID)__FILE__, __LINE__, (PCHAR)msg ),FALSE) : \ TRUE)) #else #define ASSERT( exp ) ((void) 0) #define ASSERTMSG( msg, exp ) ((void) 0) #endif #endif #ifdef NTOS_KERNEL_RUNTIME // // Executing RTL functions at DISPATCH_LEVEL or higher will result in a // bugcheck. // #define RTL_PAGED_CODE PAGED_CODE #else // // This macro does nothing in user mode // #define RTL_PAGED_CODE NOP_FUNCTION #endif // // RTL Splay Tree Functions // #ifndef RTL_USE_AVL_TABLES NTSYSAPI VOID NTAPI RtlInitializeGenericTable( _Out_ PRTL_GENERIC_TABLE Table, _In_ PRTL_GENERIC_COMPARE_ROUTINE CompareRoutine, _In_opt_ PRTL_GENERIC_ALLOCATE_ROUTINE AllocateRoutine, _In_opt_ PRTL_GENERIC_FREE_ROUTINE FreeRoutine, _In_opt_ PVOID TableContext ); NTSYSAPI PVOID NTAPI RtlInsertElementGenericTable( _In_ PRTL_GENERIC_TABLE Table, _In_reads_bytes_(BufferSize) PVOID Buffer, _In_ CLONG BufferSize, _Out_opt_ PBOOLEAN NewElement ); NTSYSAPI PVOID NTAPI RtlInsertElementGenericTableFull( _In_ PRTL_GENERIC_TABLE Table, _In_reads_bytes_(BufferSize) PVOID Buffer, _In_ CLONG BufferSize, _Out_opt_ PBOOLEAN NewElement, _In_ PVOID NodeOrParent, _In_ TABLE_SEARCH_RESULT SearchResult ); NTSYSAPI BOOLEAN NTAPI RtlDeleteElementGenericTable( _In_ PRTL_GENERIC_TABLE Table, _In_ PVOID Buffer ); _Must_inspect_result_ NTSYSAPI PVOID NTAPI RtlLookupElementGenericTable( _In_ PRTL_GENERIC_TABLE Table, _In_ PVOID Buffer ); NTSYSAPI PVOID NTAPI RtlLookupElementGenericTableFull( _In_ PRTL_GENERIC_TABLE Table, _In_ PVOID Buffer, _Out_ PVOID *NodeOrParent, _Out_ TABLE_SEARCH_RESULT *SearchResult ); _Must_inspect_result_ NTSYSAPI PVOID NTAPI RtlEnumerateGenericTable( _In_ PRTL_GENERIC_TABLE Table, _In_ BOOLEAN Restart ); _Must_inspect_result_ NTSYSAPI PVOID NTAPI RtlEnumerateGenericTableWithoutSplaying( _In_ PRTL_GENERIC_TABLE Table, _Inout_ PVOID *RestartKey ); _Must_inspect_result_ NTSYSAPI PVOID NTAPI RtlGetElementGenericTable( _In_ PRTL_GENERIC_TABLE Table, _In_ ULONG I ); NTSYSAPI ULONG NTAPI RtlNumberGenericTableElements( _In_ PRTL_GENERIC_TABLE Table ); _Must_inspect_result_ NTSYSAPI BOOLEAN NTAPI RtlIsGenericTableEmpty( _In_ PRTL_GENERIC_TABLE Table ); #endif /* !RTL_USE_AVL_TABLES */ NTSYSAPI PRTL_SPLAY_LINKS NTAPI RtlSplay( _Inout_ PRTL_SPLAY_LINKS Links ); NTSYSAPI PRTL_SPLAY_LINKS NTAPI RtlDelete( _In_ PRTL_SPLAY_LINKS Links ); NTSYSAPI VOID NTAPI RtlDeleteNoSplay( _In_ PRTL_SPLAY_LINKS Links, _Inout_ PRTL_SPLAY_LINKS *Root ); _Must_inspect_result_ NTSYSAPI PRTL_SPLAY_LINKS NTAPI RtlSubtreeSuccessor( _In_ PRTL_SPLAY_LINKS Links ); _Must_inspect_result_ NTSYSAPI PRTL_SPLAY_LINKS NTAPI RtlSubtreePredecessor( _In_ PRTL_SPLAY_LINKS Links ); _Must_inspect_result_ NTSYSAPI PRTL_SPLAY_LINKS NTAPI RtlRealSuccessor( _In_ PRTL_SPLAY_LINKS Links ); _Must_inspect_result_ NTSYSAPI PRTL_SPLAY_LINKS NTAPI RtlRealPredecessor( _In_ PRTL_SPLAY_LINKS Links ); #define RtlIsLeftChild(Links) \ (RtlLeftChild(RtlParent(Links)) == (PRTL_SPLAY_LINKS)(Links)) #define RtlIsRightChild(Links) \ (RtlRightChild(RtlParent(Links)) == (PRTL_SPLAY_LINKS)(Links)) #define RtlRightChild(Links) \ ((PRTL_SPLAY_LINKS)(Links))->RightChild #define RtlIsRoot(Links) \ (RtlParent(Links) == (PRTL_SPLAY_LINKS)(Links)) #define RtlLeftChild(Links) \ ((PRTL_SPLAY_LINKS)(Links))->LeftChild #define RtlParent(Links) \ ((PRTL_SPLAY_LINKS)(Links))->Parent // FIXME: use inline function #define RtlInitializeSplayLinks(Links) \ { \ PRTL_SPLAY_LINKS _SplayLinks; \ _SplayLinks = (PRTL_SPLAY_LINKS)(Links); \ _SplayLinks->Parent = _SplayLinks; \ _SplayLinks->LeftChild = NULL; \ _SplayLinks->RightChild = NULL; \ } #define RtlInsertAsLeftChild(ParentLinks,ChildLinks) \ { \ PRTL_SPLAY_LINKS _SplayParent; \ PRTL_SPLAY_LINKS _SplayChild; \ _SplayParent = (PRTL_SPLAY_LINKS)(ParentLinks); \ _SplayChild = (PRTL_SPLAY_LINKS)(ChildLinks); \ _SplayParent->LeftChild = _SplayChild; \ _SplayChild->Parent = _SplayParent; \ } #define RtlInsertAsRightChild(ParentLinks,ChildLinks) \ { \ PRTL_SPLAY_LINKS _SplayParent; \ PRTL_SPLAY_LINKS _SplayChild; \ _SplayParent = (PRTL_SPLAY_LINKS)(ParentLinks); \ _SplayChild = (PRTL_SPLAY_LINKS)(ChildLinks); \ _SplayParent->RightChild = _SplayChild; \ _SplayChild->Parent = _SplayParent; \ } // // RTL AVL Tree Functions // NTSYSAPI VOID NTAPI RtlInitializeGenericTableAvl( _Out_ PRTL_AVL_TABLE Table, _In_ PRTL_AVL_COMPARE_ROUTINE CompareRoutine, _In_opt_ PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine, _In_opt_ PRTL_AVL_FREE_ROUTINE FreeRoutine, _In_opt_ PVOID TableContext ); NTSYSAPI PVOID NTAPI RtlInsertElementGenericTableAvl( _In_ PRTL_AVL_TABLE Table, _In_reads_bytes_(BufferSize) PVOID Buffer, _In_ CLONG BufferSize, _Out_opt_ PBOOLEAN NewElement ); NTSYSAPI PVOID NTAPI RtlInsertElementGenericTableFullAvl( _In_ PRTL_AVL_TABLE Table, _In_reads_bytes_(BufferSize) PVOID Buffer, _In_ CLONG BufferSize, _Out_opt_ PBOOLEAN NewElement, _In_ PVOID NodeOrParent, _In_ TABLE_SEARCH_RESULT SearchResult ); NTSYSAPI BOOLEAN NTAPI RtlDeleteElementGenericTableAvl( _In_ PRTL_AVL_TABLE Table, _In_ PVOID Buffer ); _Must_inspect_result_ NTSYSAPI PVOID NTAPI RtlLookupElementGenericTableAvl( _In_ PRTL_AVL_TABLE Table, _In_ PVOID Buffer ); NTSYSAPI PVOID NTAPI RtlLookupElementGenericTableFullAvl( _In_ PRTL_AVL_TABLE Table, _In_ PVOID Buffer, _Out_ PVOID *NodeOrParent, _Out_ TABLE_SEARCH_RESULT *SearchResult ); _Must_inspect_result_ NTSYSAPI PVOID NTAPI RtlEnumerateGenericTableAvl( _In_ PRTL_AVL_TABLE Table, _In_ BOOLEAN Restart ); _Must_inspect_result_ NTSYSAPI PVOID NTAPI RtlEnumerateGenericTableWithoutSplayingAvl( _In_ PRTL_AVL_TABLE Table, _Inout_ PVOID *RestartKey ); _Must_inspect_result_ NTSYSAPI PVOID NTAPI RtlLookupFirstMatchingElementGenericTableAvl( _In_ PRTL_AVL_TABLE Table, _In_ PVOID Buffer, _Out_ PVOID *RestartKey ); _Must_inspect_result_ NTSYSAPI PVOID NTAPI RtlEnumerateGenericTableLikeADirectory( _In_ PRTL_AVL_TABLE Table, _In_opt_ PRTL_AVL_MATCH_FUNCTION MatchFunction, _In_opt_ PVOID MatchData, _In_ ULONG NextFlag, _Inout_ PVOID *RestartKey, _Inout_ PULONG DeleteCount, _In_ PVOID Buffer ); _Must_inspect_result_ NTSYSAPI PVOID NTAPI RtlGetElementGenericTableAvl( _In_ PRTL_AVL_TABLE Table, _In_ ULONG I ); NTSYSAPI ULONG NTAPI RtlNumberGenericTableElementsAvl( _In_ PRTL_AVL_TABLE Table ); _Must_inspect_result_ NTSYSAPI BOOLEAN NTAPI RtlIsGenericTableEmptyAvl( _In_ PRTL_AVL_TABLE Table ); #ifdef RTL_USE_AVL_TABLES #define RtlInitializeGenericTable RtlInitializeGenericTableAvl #define RtlInsertElementGenericTable RtlInsertElementGenericTableAvl #define RtlInsertElementGenericTableFull RtlInsertElementGenericTableFullAvl #define RtlDeleteElementGenericTable RtlDeleteElementGenericTableAvl #define RtlLookupElementGenericTable RtlLookupElementGenericTableAvl #define RtlLookupElementGenericTableFull RtlLookupElementGenericTableFullAvl #define RtlEnumerateGenericTable RtlEnumerateGenericTableAvl #define RtlEnumerateGenericTableWithoutSplaying RtlEnumerateGenericTableWithoutSplayingAvl #define RtlGetElementGenericTable RtlGetElementGenericTableAvl #define RtlNumberGenericTableElements RtlNumberGenericTableElementsAvl #define RtlIsGenericTableEmpty RtlIsGenericTableEmptyAvl #endif /* RTL_USE_AVL_TABLES */ // // Exception and Error Functions // NTSYSAPI PVOID NTAPI RtlAddVectoredExceptionHandler( _In_ ULONG FirstHandler, _In_ PVECTORED_EXCEPTION_HANDLER VectoredHandler ); NTSYSAPI ULONG NTAPI RtlRemoveVectoredExceptionHandler( _In_ PVOID VectoredHandlerHandle ); NTSYSAPI PVOID NTAPI RtlAddVectoredContinueHandler( _In_ ULONG FirstHandler, _In_ PVECTORED_EXCEPTION_HANDLER VectoredHandler ); NTSYSAPI ULONG NTAPI RtlRemoveVectoredContinueHandler( _In_ PVOID VectoredHandlerHandle ); NTSYSAPI VOID NTAPI RtlSetUnhandledExceptionFilter( _In_ PRTLP_UNHANDLED_EXCEPTION_FILTER TopLevelExceptionFilter ); NTSYSAPI LONG NTAPI RtlUnhandledExceptionFilter( _In_ struct _EXCEPTION_POINTERS* ExceptionInfo ); __analysis_noreturn NTSYSAPI VOID NTAPI RtlAssert( _In_ PVOID FailedAssertion, _In_ PVOID FileName, _In_ ULONG LineNumber, _In_opt_z_ PCHAR Message ); NTSYSAPI PVOID NTAPI RtlEncodePointer( _In_ PVOID Pointer ); NTSYSAPI PVOID NTAPI RtlDecodePointer( _In_ PVOID Pointer ); NTSYSAPI PVOID NTAPI RtlEncodeSystemPointer( _In_ PVOID Pointer ); NTSYSAPI PVOID NTAPI RtlDecodeSystemPointer( _In_ PVOID Pointer ); NTSYSAPI NTSTATUS NTAPI RtlGetLastNtStatus( VOID ); NTSYSAPI ULONG NTAPI RtlGetLastWin32Error( VOID ); NTSYSAPI VOID NTAPI RtlSetLastWin32Error( _In_ ULONG LastError ); NTSYSAPI VOID NTAPI RtlSetLastWin32ErrorAndNtStatusFromNtStatus( _In_ NTSTATUS Status ); NTSYSAPI NTSTATUS NTAPI RtlSetThreadErrorMode( _In_ ULONG NewMode, _Out_opt_ PULONG OldMode ); NTSYSAPI ULONG NTAPI RtlGetThreadErrorMode( VOID ); #endif /* NTOS_MODE_USER */ NTSYSAPI VOID NTAPI RtlCaptureContext( _Out_ PCONTEXT ContextRecord ); NTSYSAPI BOOLEAN NTAPI RtlDispatchException( _In_ PEXCEPTION_RECORD ExceptionRecord, _In_ PCONTEXT Context ); _IRQL_requires_max_(APC_LEVEL) _When_(Status < 0, _Out_range_(>, 0)) _When_(Status >= 0, _Out_range_(==, 0)) NTSYSAPI ULONG NTAPI RtlNtStatusToDosError( _In_ NTSTATUS Status ); _When_(Status < 0, _Out_range_(>, 0)) _When_(Status >= 0, _Out_range_(==, 0)) NTSYSAPI ULONG NTAPI RtlNtStatusToDosErrorNoTeb( _In_ NTSTATUS Status ); NTSYSAPI NTSTATUS NTAPI RtlMapSecurityErrorToNtStatus( _In_ ULONG SecurityError ); NTSYSAPI VOID NTAPI RtlRaiseException( _In_ PEXCEPTION_RECORD ExceptionRecord ); DECLSPEC_NORETURN NTSYSAPI VOID NTAPI RtlRaiseStatus( _In_ NTSTATUS Status ); NTSYSAPI VOID NTAPI RtlUnwind( _In_opt_ PVOID TargetFrame, _In_opt_ PVOID TargetIp, _In_opt_ PEXCEPTION_RECORD ExceptionRecord, _In_ PVOID ReturnValue ); #define RTL_STACK_WALKING_MODE_FRAMES_TO_SKIP_SHIFT 8 // // Tracing Functions // NTSYSAPI ULONG NTAPI RtlWalkFrameChain( _Out_writes_(Count - (Flags >> RTL_STACK_WALKING_MODE_FRAMES_TO_SKIP_SHIFT)) PVOID *Callers, _In_ ULONG Count, _In_ ULONG Flags ); NTSYSAPI USHORT NTAPI RtlLogStackBackTrace( VOID ); #ifdef NTOS_MODE_USER // // Heap Functions // _Must_inspect_result_ _Ret_maybenull_ _Post_writable_byte_size_(Size) NTSYSAPI PVOID NTAPI RtlAllocateHeap( _In_ PVOID HeapHandle, _In_opt_ ULONG Flags, _In_ SIZE_T Size ); _Must_inspect_result_ NTSYSAPI PVOID NTAPI RtlCreateHeap( _In_ ULONG Flags, _In_opt_ PVOID BaseAddress, _In_opt_ SIZE_T SizeToReserve, _In_opt_ SIZE_T SizeToCommit, _In_opt_ PVOID Lock, _In_opt_ PRTL_HEAP_PARAMETERS Parameters ); NTSYSAPI ULONG NTAPI RtlCreateTagHeap( _In_ HANDLE HeapHandle, _In_ ULONG Flags, _In_ PWSTR TagName, _In_ PWSTR TagSubName ); ULONG NTAPI RtlCompactHeap( _In_ HANDLE Heap, _In_ ULONG Flags ); _Must_inspect_result_ NTSYSAPI PVOID NTAPI RtlDebugCreateHeap( _In_ ULONG Flags, _In_opt_ PVOID BaseAddress, _In_opt_ SIZE_T SizeToReserve, _In_opt_ SIZE_T SizeToCommit, _In_opt_ PVOID Lock, _In_opt_ PRTL_HEAP_PARAMETERS Parameters ); NTSYSAPI HANDLE NTAPI RtlDestroyHeap( _In_ _Post_invalid_ HANDLE Heap ); NTSYSAPI ULONG NTAPI RtlExtendHeap( _In_ HANDLE Heap, _In_ ULONG Flags, _In_ PVOID P, _In_ SIZE_T Size ); _Success_(return != 0) NTSYSAPI BOOLEAN NTAPI RtlFreeHeap( _In_ HANDLE HeapHandle, _In_opt_ ULONG Flags, _In_ _Post_invalid_ PVOID P ); ULONG NTAPI RtlGetProcessHeaps( _In_ ULONG HeapCount, _Out_cap_(HeapCount) HANDLE *HeapArray ); _Success_(return != 0) BOOLEAN NTAPI RtlGetUserInfoHeap( _In_ PVOID HeapHandle, _In_ ULONG Flags, _In_ PVOID BaseAddress, _Inout_opt_ PVOID *UserValue, _Out_opt_ PULONG UserFlags ); NTSYSAPI PVOID NTAPI RtlProtectHeap( _In_ PVOID HeapHandle, _In_ BOOLEAN Protect ); NTSYSAPI NTSTATUS NTAPI RtlQueryHeapInformation( _In_ PVOID HeapHandle, _In_ HEAP_INFORMATION_CLASS HeapInformationClass, _Out_ PVOID HeapInformation, _In_ SIZE_T HeapInformationLength, _When_(HeapInformationClass==HeapCompatibilityInformation, _On_failure_(_Out_opt_)) _Out_opt_ PSIZE_T ReturnLength ); _Ret_opt_z_ NTSYSAPI PWSTR NTAPI RtlQueryTagHeap( _In_ PVOID HeapHandle, _In_ ULONG Flags, _In_ USHORT TagIndex, _In_ BOOLEAN ResetCounters, _Out_ PRTL_HEAP_TAG_INFO HeapTagInfo ); _Must_inspect_result_ _Ret_maybenull_ _Post_writable_byte_size_(Size) NTSYSAPI PVOID NTAPI RtlReAllocateHeap( _In_ HANDLE Heap, _In_opt_ ULONG Flags, _In_ _Post_invalid_ PVOID Ptr, _In_ SIZE_T Size ); NTSYSAPI NTSTATUS NTAPI RtlSetHeapInformation( _In_ PVOID HeapHandle, _In_ HEAP_INFORMATION_CLASS HeapInformationClass, _When_(HeapInformationClass==HeapCompatibilityInformation,_In_) PVOID HeapInformation, _In_ SIZE_T HeapInformationLength ); NTSYSAPI BOOLEAN NTAPI RtlLockHeap( _In_ HANDLE Heap ); _Must_inspect_result_ NTSYSAPI NTSTATUS NTAPI RtlMultipleAllocateHeap ( _In_ HANDLE HeapHandle, _In_ ULONG Flags, _In_ SIZE_T Size, _In_ ULONG Count, _Out_cap_(Count) _Deref_post_bytecap_(Size) PVOID * Array ); NTSYSAPI NTSTATUS NTAPI RtlMultipleFreeHeap ( _In_ HANDLE HeapHandle, _In_ ULONG Flags, _In_ ULONG Count, _In_count_(Count) /* _Deref_ _Post_invalid_ */ PVOID * Array ); NTSYSAPI NTSTATUS NTAPI RtlUsageHeap( _In_ HANDLE Heap, _In_ ULONG Flags, _Out_ PRTL_HEAP_USAGE Usage ); NTSYSAPI BOOLEAN NTAPI RtlUnlockHeap( _In_ HANDLE Heap ); BOOLEAN NTAPI RtlSetUserValueHeap( _In_ PVOID HeapHandle, _In_ ULONG Flags, _In_ PVOID BaseAddress, _In_ PVOID UserValue ); BOOLEAN NTAPI RtlSetUserFlagsHeap( _In_ PVOID HeapHandle, _In_ ULONG Flags, _In_ PVOID BaseAddress, _In_ ULONG UserFlagsReset, _In_ ULONG UserFlagsSet ); NTSYSAPI BOOLEAN NTAPI RtlValidateHeap( _In_ HANDLE Heap, _In_ ULONG Flags, _In_opt_ PVOID P ); NTSYSAPI NTSTATUS NTAPI RtlWalkHeap( _In_ HANDLE HeapHandle, _In_ PVOID HeapEntry ); #define RtlGetProcessHeap() (NtCurrentPeb()->ProcessHeap) #endif // NTOS_MODE_USER #define NtCurrentPeb() (NtCurrentTeb()->ProcessEnvironmentBlock) NTSYSAPI SIZE_T NTAPI RtlSizeHeap( _In_ PVOID HeapHandle, _In_ ULONG Flags, _In_ PVOID MemoryPointer ); // // Security Functions // _IRQL_requires_max_(APC_LEVEL) NTSYSAPI NTSTATUS NTAPI RtlAbsoluteToSelfRelativeSD( _In_ PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor, _Out_writes_bytes_to_opt_(*BufferLength, *BufferLength) PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor, _Inout_ PULONG BufferLength ); _IRQL_requires_max_(APC_LEVEL) NTSYSAPI NTSTATUS NTAPI RtlAddAccessAllowedAce( _Inout_ PACL Acl, _In_ ULONG Revision, _In_ ACCESS_MASK AccessMask, _In_ PSID Sid ); _IRQL_requires_max_(APC_LEVEL) NTSYSAPI NTSTATUS NTAPI RtlAddAccessAllowedAceEx( _Inout_ PACL pAcl, _In_ ULONG dwAceRevision, _In_ ULONG AceFlags, _In_ ACCESS_MASK AccessMask, _In_ PSID pSid ); NTSYSAPI NTSTATUS NTAPI RtlAddAccessAllowedObjectAce( _Inout_ PACL pAcl, _In_ ULONG dwAceRevision, _In_ ULONG AceFlags, _In_ ACCESS_MASK AccessMask, _In_opt_ GUID *ObjectTypeGuid, _In_opt_ GUID *InheritedObjectTypeGuid, _In_ PSID pSid ); NTSYSAPI NTSTATUS NTAPI RtlAddAccessDeniedAce( _Inout_ PACL Acl, _In_ ULONG Revision, _In_ ACCESS_MASK AccessMask, _In_ PSID Sid ); NTSYSAPI NTSTATUS NTAPI RtlAddAccessDeniedAceEx( _Inout_ PACL Acl, _In_ ULONG Revision, _In_ ULONG Flags, _In_ ACCESS_MASK AccessMask, _In_ PSID Sid ); NTSYSAPI NTSTATUS NTAPI RtlAddAccessDeniedObjectAce( _Inout_ PACL pAcl, _In_ ULONG dwAceRevision, _In_ ULONG AceFlags, _In_ ACCESS_MASK AccessMask, _In_opt_ GUID *ObjectTypeGuid, _In_opt_ GUID *InheritedObjectTypeGuid, _In_ PSID pSid ); NTSYSAPI NTSTATUS NTAPI RtlAddAce( _Inout_ PACL Acl, _In_ ULONG AceRevision, _In_ ULONG StartingAceIndex, _In_reads_bytes_(AceListLength) PVOID AceList, _In_ ULONG AceListLength ); NTSYSAPI NTSTATUS NTAPI RtlAddAuditAccessAce( _Inout_ PACL Acl, _In_ ULONG Revision, _In_ ACCESS_MASK AccessMask, _In_ PSID Sid, _In_ BOOLEAN Success, _In_ BOOLEAN Failure ); NTSYSAPI NTSTATUS NTAPI RtlAcquirePrivilege( _In_ PULONG Privilege, _In_ ULONG NumPriv, _In_ ULONG Flags, _Out_ PVOID *ReturnedState ); NTSYSAPI NTSTATUS NTAPI RtlAddAuditAccessAceEx( _Inout_ PACL Acl, _In_ ULONG Revision, _In_ ULONG Flags, _In_ ACCESS_MASK AccessMask, _In_ PSID Sid, _In_ BOOLEAN Success, _In_ BOOLEAN Failure ); NTSYSAPI NTSTATUS NTAPI RtlAddAuditAccessObjectAce( _Inout_ PACL Acl, _In_ ULONG Revision, _In_ ULONG Flags, _In_ ACCESS_MASK AccessMask, _In_opt_ GUID *ObjectTypeGuid, _In_opt_ GUID *InheritedObjectTypeGuid, _In_ PSID Sid, _In_ BOOLEAN Success, _In_ BOOLEAN Failure ); NTSYSAPI NTSTATUS NTAPI RtlAddMandatoryAce( _Inout_ PACL Acl, _In_ ULONG Revision, _In_ ULONG Flags, _In_ ULONG MandatoryFlags, _In_ UCHAR AceType, _In_ PSID LabelSid); NTSYSAPI NTSTATUS NTAPI RtlAdjustPrivilege( _In_ ULONG Privilege, _In_ BOOLEAN NewValue, _In_ BOOLEAN ForThread, _Out_ PBOOLEAN OldValue ); _Must_inspect_result_ NTSYSAPI NTSTATUS NTAPI RtlAllocateAndInitializeSid( _In_ PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, _In_ UCHAR SubAuthorityCount, _In_ ULONG SubAuthority0, _In_ ULONG SubAuthority1, _In_ ULONG SubAuthority2, _In_ ULONG SubAuthority3, _In_ ULONG SubAuthority4, _In_ ULONG SubAuthority5, _In_ ULONG SubAuthority6, _In_ ULONG SubAuthority7, _Outptr_ PSID *Sid ); NTSYSAPI BOOLEAN NTAPI RtlAreAllAccessesGranted( ACCESS_MASK GrantedAccess, ACCESS_MASK DesiredAccess ); NTSYSAPI BOOLEAN NTAPI RtlAreAnyAccessesGranted( ACCESS_MASK GrantedAccess, ACCESS_MASK DesiredAccess ); _IRQL_requires_max_(APC_LEVEL) NTSYSAPI VOID NTAPI RtlCopyLuid ( _Out_ PLUID DestinationLuid, _In_ PLUID SourceLuid ); NTSYSAPI VOID NTAPI RtlCopyLuidAndAttributesArray( ULONG Count, PLUID_AND_ATTRIBUTES Src, PLUID_AND_ATTRIBUTES Dest ); NTSYSAPI NTSTATUS NTAPI RtlCopySidAndAttributesArray( _In_ ULONG Count, _In_ PSID_AND_ATTRIBUTES Src, _In_ ULONG SidAreaSize, _In_ PSID_AND_ATTRIBUTES Dest, _In_ PSID SidArea, _Out_ PSID* RemainingSidArea, _Out_ PULONG RemainingSidAreaSize ); _IRQL_requires_max_(APC_LEVEL) NTSYSAPI NTSTATUS NTAPI RtlConvertSidToUnicodeString( _Inout_ PUNICODE_STRING UnicodeString, _In_ PSID Sid, _In_ BOOLEAN AllocateDestinationString ); _IRQL_requires_max_(APC_LEVEL) NTSYSAPI NTSTATUS NTAPI RtlCopySid( _In_ ULONG DestinationSidLength, _Out_writes_bytes_(DestinationSidLength) PSID DestinationSid, _In_ PSID SourceSid ); NTSYSAPI NTSTATUS NTAPI RtlCreateAcl( PACL Acl, ULONG AclSize, ULONG AclRevision ); NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor( _Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision ); NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptorRelative( _Out_ PISECURITY_DESCRIPTOR_RELATIVE SecurityDescriptor, _In_ ULONG Revision ); NTSYSAPI NTSTATUS NTAPI RtlCopySecurityDescriptor( _In_ PSECURITY_DESCRIPTOR pSourceSecurityDescriptor, _Out_ PSECURITY_DESCRIPTOR *pDestinationSecurityDescriptor ); NTSYSAPI NTSTATUS NTAPI RtlDeleteAce( PACL Acl, ULONG AceIndex ); NTSYSAPI BOOLEAN NTAPI RtlEqualPrefixSid( PSID Sid1, PSID Sid2 ); NTSYSAPI BOOLEAN NTAPI RtlEqualSid ( _In_ PSID Sid1, _In_ PSID Sid2 ); NTSYSAPI BOOLEAN NTAPI RtlFirstFreeAce( PACL Acl, PACE* Ace ); NTSYSAPI PVOID NTAPI RtlFreeSid( _In_ _Post_invalid_ PSID Sid ); NTSYSAPI NTSTATUS NTAPI RtlGetAce( PACL Acl, ULONG AceIndex, PVOID *Ace ); NTSYSAPI NTSTATUS NTAPI RtlGetControlSecurityDescriptor( _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PSECURITY_DESCRIPTOR_CONTROL Control, _Out_ PULONG Revision ); NTSYSAPI NTSTATUS NTAPI RtlGetDaclSecurityDescriptor( _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PBOOLEAN DaclPresent, _Out_ PACL *Dacl, _Out_ PBOOLEAN DaclDefaulted ); NTSYSAPI NTSTATUS NTAPI RtlGetSaclSecurityDescriptor( _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PBOOLEAN SaclPresent, _Out_ PACL* Sacl, _Out_ PBOOLEAN SaclDefaulted ); NTSYSAPI NTSTATUS NTAPI RtlGetGroupSecurityDescriptor( _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PSID *Group, _Out_ PBOOLEAN GroupDefaulted ); NTSYSAPI NTSTATUS NTAPI RtlGetOwnerSecurityDescriptor( _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PSID *Owner, _Out_ PBOOLEAN OwnerDefaulted ); NTSYSAPI BOOLEAN NTAPI RtlGetSecurityDescriptorRMControl( _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PUCHAR RMControl ); NTSYSAPI PSID_IDENTIFIER_AUTHORITY NTAPI RtlIdentifierAuthoritySid(PSID Sid); NTSYSAPI NTSTATUS NTAPI RtlImpersonateSelf(IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel); _IRQL_requires_max_(APC_LEVEL) NTSYSAPI NTSTATUS NTAPI RtlInitializeSid( _Out_ PSID Sid, _In_ PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, _In_ UCHAR SubAuthorityCount ); NTSYSAPI ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount); _IRQL_requires_max_(APC_LEVEL) NTSYSAPI ULONG NTAPI RtlLengthSecurityDescriptor( _In_ PSECURITY_DESCRIPTOR SecurityDescriptor); NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid); NTSYSAPI NTSTATUS NTAPI RtlMakeSelfRelativeSD( _In_ PSECURITY_DESCRIPTOR AbsoluteSD, _Out_ PSECURITY_DESCRIPTOR SelfRelativeSD, _Inout_ PULONG BufferLength); NTSYSAPI VOID NTAPI RtlMapGenericMask( PACCESS_MASK AccessMask, PGENERIC_MAPPING GenericMapping ); #ifdef NTOS_MODE_USER NTSYSAPI NTSTATUS NTAPI RtlQueryInformationAcl( PACL Acl, PVOID Information, ULONG InformationLength, ACL_INFORMATION_CLASS InformationClass ); #endif NTSYSAPI VOID NTAPI RtlReleasePrivilege( _In_ PVOID ReturnedState ); _IRQL_requires_max_(APC_LEVEL) NTSYSAPI NTSTATUS NTAPI RtlSelfRelativeToAbsoluteSD( _In_ PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor, _Out_writes_bytes_to_opt_(*AbsoluteSecurityDescriptorSize, *AbsoluteSecurityDescriptorSize) PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor, _Inout_ PULONG AbsoluteSecurityDescriptorSize, _Out_writes_bytes_to_opt_(*DaclSize, *DaclSize) PACL Dacl, _Inout_ PULONG DaclSize, _Out_writes_bytes_to_opt_(*SaclSize, *SaclSize) PACL Sacl, _Inout_ PULONG SaclSize, _Out_writes_bytes_to_opt_(*OwnerSize, *OwnerSize) PSID Owner, _Inout_ PULONG OwnerSize, _Out_writes_bytes_to_opt_(*PrimaryGroupSize, *PrimaryGroupSize) PSID PrimaryGroup, _Inout_ PULONG PrimaryGroupSize ); NTSYSAPI NTSTATUS NTAPI RtlSelfRelativeToAbsoluteSD2( _Inout_ PSECURITY_DESCRIPTOR SelfRelativeSD, _Out_ PULONG BufferSize ); NTSYSAPI NTSTATUS NTAPI RtlSetAttributesSecurityDescriptor( _Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ SECURITY_DESCRIPTOR_CONTROL Control, _Out_ PULONG Revision ); NTSYSAPI NTSTATUS NTAPI RtlSetControlSecurityDescriptor( _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ SECURITY_DESCRIPTOR_CONTROL ControlBitsOfInterest, _In_ SECURITY_DESCRIPTOR_CONTROL ControlBitsToSet ); _IRQL_requires_max_(APC_LEVEL) NTSYSAPI NTSTATUS NTAPI RtlSetDaclSecurityDescriptor( _Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ BOOLEAN DaclPresent, _In_opt_ PACL Dacl, _In_opt_ BOOLEAN DaclDefaulted ); _IRQL_requires_max_(APC_LEVEL) NTSYSAPI NTSTATUS NTAPI RtlSetGroupSecurityDescriptor( _Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID Group, _In_opt_ BOOLEAN GroupDefaulted ); #ifdef NTOS_MODE_USER NTSYSAPI NTSTATUS NTAPI RtlSetInformationAcl( PACL Acl, PVOID Information, ULONG InformationLength, ACL_INFORMATION_CLASS InformationClass ); #endif _IRQL_requires_max_(APC_LEVEL) NTSYSAPI NTSTATUS NTAPI RtlSetOwnerSecurityDescriptor( _Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID Owner, _In_opt_ BOOLEAN OwnerDefaulted ); NTSYSAPI NTSTATUS NTAPI RtlSetSaclSecurityDescriptor( _Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ BOOLEAN SaclPresent, _In_ PACL Sacl, _In_ BOOLEAN SaclDefaulted ); NTSYSAPI VOID NTAPI RtlSetSecurityDescriptorRMControl( _Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PUCHAR RMControl ); NTSYSAPI PUCHAR NTAPI RtlSubAuthorityCountSid( _In_ PSID Sid ); NTSYSAPI PULONG NTAPI RtlSubAuthoritySid( _In_ PSID Sid, _In_ ULONG SubAuthority ); _IRQL_requires_max_(APC_LEVEL) _Must_inspect_result_ NTSYSAPI BOOLEAN NTAPI RtlValidRelativeSecurityDescriptor( _In_reads_bytes_(SecurityDescriptorLength) PSECURITY_DESCRIPTOR SecurityDescriptorInput, _In_ ULONG SecurityDescriptorLength, _In_ SECURITY_INFORMATION RequiredInformation ); NTSYSAPI BOOLEAN NTAPI RtlValidSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor); NTSYSAPI BOOLEAN NTAPI RtlValidSid(IN PSID Sid); NTSYSAPI BOOLEAN NTAPI RtlValidAcl(PACL Acl); NTSYSAPI NTSTATUS NTAPI RtlDeleteSecurityObject( _In_ PSECURITY_DESCRIPTOR *ObjectDescriptor ); NTSYSAPI NTSTATUS NTAPI RtlNewSecurityObject( _In_ PSECURITY_DESCRIPTOR ParentDescriptor, _In_ PSECURITY_DESCRIPTOR CreatorDescriptor, _Out_ PSECURITY_DESCRIPTOR *NewDescriptor, _In_ BOOLEAN IsDirectoryObject, _In_ HANDLE Token, _In_ PGENERIC_MAPPING GenericMapping ); NTSYSAPI NTSTATUS NTAPI RtlQuerySecurityObject( _In_ PSECURITY_DESCRIPTOR ObjectDescriptor, _In_ SECURITY_INFORMATION SecurityInformation, _Out_ PSECURITY_DESCRIPTOR ResultantDescriptor, _In_ ULONG DescriptorLength, _Out_ PULONG ReturnLength ); NTSYSAPI NTSTATUS NTAPI RtlSetSecurityObject( _In_ SECURITY_INFORMATION SecurityInformation, _In_ PSECURITY_DESCRIPTOR ModificationDescriptor, _Out_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, _In_ PGENERIC_MAPPING GenericMapping, _In_ HANDLE Token ); // // Single-Character Functions // NTSYSAPI NTSTATUS NTAPI RtlLargeIntegerToChar( _In_ PLARGE_INTEGER Value, _In_ ULONG Base, _In_ ULONG Length, _Out_ PCHAR String ); NTSYSAPI CHAR NTAPI RtlUpperChar(CHAR Source); NTSYSAPI WCHAR NTAPI RtlUpcaseUnicodeChar(WCHAR Source); NTSYSAPI WCHAR NTAPI RtlDowncaseUnicodeChar(IN WCHAR Source); NTSYSAPI NTSTATUS NTAPI RtlIntegerToChar( _In_ ULONG Value, _In_ ULONG Base, _In_ ULONG Length, _Out_ PCHAR String ); NTSYSAPI NTSTATUS NTAPI RtlIntegerToUnicode( _In_ ULONG Value, _In_opt_ ULONG Base, _In_opt_ ULONG Length, _Inout_ LPWSTR String ); _IRQL_requires_max_(PASSIVE_LEVEL) _At_(String->MaximumLength, _Const_) NTSYSAPI NTSTATUS NTAPI RtlIntegerToUnicodeString( _In_ ULONG Value, _In_opt_ ULONG Base, _Inout_ PUNICODE_STRING String ); NTSYSAPI NTSTATUS NTAPI RtlCharToInteger( PCSZ String, ULONG Base, PULONG Value ); // // Byte Swap Functions // #ifdef NTOS_MODE_USER unsigned short __cdecl _byteswap_ushort(unsigned short); unsigned long __cdecl _byteswap_ulong (unsigned long); unsigned __int64 __cdecl _byteswap_uint64(unsigned __int64); #ifdef _MSC_VER #pragma intrinsic(_byteswap_ushort) #pragma intrinsic(_byteswap_ulong) #pragma intrinsic(_byteswap_uint64) #endif // _MSC_VER #define RtlUshortByteSwap(_x) _byteswap_ushort((USHORT)(_x)) #define RtlUlongByteSwap(_x) _byteswap_ulong((_x)) #define RtlUlonglongByteSwap(_x) _byteswap_uint64((_x)) #endif // NTOS_MODE_USER // // Unicode->Ansi String Functions // NTSYSAPI ULONG NTAPI RtlxUnicodeStringToAnsiSize(IN PCUNICODE_STRING UnicodeString); #ifdef NTOS_MODE_USER #define RtlUnicodeStringToAnsiSize(STRING) ( \ NLS_MB_CODE_PAGE_TAG ? \ RtlxUnicodeStringToAnsiSize(STRING) : \ ((STRING)->Length + sizeof(UNICODE_NULL)) / sizeof(WCHAR) \ ) #endif NTSYSAPI NTSTATUS NTAPI RtlUnicodeStringToAnsiString( PANSI_STRING DestinationString, PCUNICODE_STRING SourceString, BOOLEAN AllocateDestinationString ); // // Unicode->OEM String Functions // NTSYSAPI NTSTATUS NTAPI RtlUpcaseUnicodeStringToOemString( POEM_STRING DestinationString, PCUNICODE_STRING SourceString, BOOLEAN AllocateDestinationString ); _IRQL_requires_max_(PASSIVE_LEVEL) _Must_inspect_result_ //_At_(DestinationString->Buffer, _Post_bytecount_(DestinationString->Length)) NTSYSAPI NTSTATUS NTAPI RtlUpcaseUnicodeStringToCountedOemString( _When_(AllocateDestinationString, _Out_ _At_(DestinationString->Buffer, __drv_allocatesMem(Mem))) _When_(!AllocateDestinationString, _Inout_) POEM_STRING DestinationString, _In_ PCUNICODE_STRING SourceString, _In_ BOOLEAN AllocateDestinationString ); NTSYSAPI NTSTATUS NTAPI RtlUnicodeStringToOemString( POEM_STRING DestinationString, PCUNICODE_STRING SourceString, BOOLEAN AllocateDestinationString ); NTSYSAPI NTSTATUS NTAPI RtlUpcaseUnicodeToOemN( PCHAR OemString, ULONG OemSize, PULONG ResultSize, PCWCH UnicodeString, ULONG UnicodeSize ); NTSYSAPI ULONG NTAPI RtlxUnicodeStringToOemSize(IN PCUNICODE_STRING UnicodeString); #ifdef NTOS_MODE_USER #define RtlUnicodeStringToOemSize(STRING) ( \ NLS_MB_OEM_CODE_PAGE_TAG ? \ RtlxUnicodeStringToOemSize(STRING) : \ ((STRING)->Length + sizeof(UNICODE_NULL)) / sizeof(WCHAR) \ ) #define RtlUnicodeStringToCountedOemSize(STRING) ( \ (ULONG)(RtlUnicodeStringToOemSize(STRING) - sizeof(ANSI_NULL)) \ ) #endif NTSYSAPI NTSTATUS NTAPI RtlUnicodeToOemN( PCHAR OemString, ULONG OemSize, PULONG ResultSize, PCWCH UnicodeString, ULONG UnicodeSize ); // // Unicode->MultiByte String Functions // NTSYSAPI NTSTATUS NTAPI RtlUnicodeToMultiByteN( PCHAR MbString, ULONG MbSize, PULONG ResultSize, PCWCH UnicodeString, ULONG UnicodeSize ); NTSYSAPI NTSTATUS NTAPI RtlUpcaseUnicodeToMultiByteN( PCHAR MbString, ULONG MbSize, PULONG ResultSize, PCWCH UnicodeString, ULONG UnicodeSize ); NTSYSAPI NTSTATUS NTAPI RtlUnicodeToMultiByteSize( PULONG MbSize, PCWCH UnicodeString, ULONG UnicodeSize ); NTSYSAPI ULONG NTAPI RtlxOemStringToUnicodeSize(IN PCOEM_STRING OemString); // // OEM to Unicode Functions // NTSYSAPI NTSTATUS NTAPI RtlOemStringToUnicodeString( PUNICODE_STRING DestinationString, PCOEM_STRING SourceString, BOOLEAN AllocateDestinationString ); _IRQL_requires_max_(PASSIVE_LEVEL) NTSYSAPI NTSTATUS NTAPI RtlOemToUnicodeN( _Out_writes_bytes_to_(MaxBytesInUnicodeString, *BytesInUnicodeString) PWCH UnicodeString, _In_ ULONG MaxBytesInUnicodeString, _Out_opt_ PULONG BytesInUnicodeString, _In_reads_bytes_(BytesInOemString) PCCH OemString, _In_ ULONG BytesInOemString ); #ifdef NTOS_MODE_USER #define RtlOemStringToUnicodeSize(STRING) ( \ NLS_MB_OEM_CODE_PAGE_TAG ? \ RtlxOemStringToUnicodeSize(STRING) : \ ((STRING)->Length + sizeof(ANSI_NULL)) * sizeof(WCHAR) \ ) #define RtlOemStringToCountedUnicodeSize(STRING) ( \ (ULONG)(RtlOemStringToUnicodeSize(STRING) - sizeof(UNICODE_NULL)) \ ) #endif // // Ansi->Unicode String Functions // _IRQL_requires_max_(APC_LEVEL) NTSYSAPI WCHAR NTAPI RtlAnsiCharToUnicodeChar( _Inout_ PUCHAR *SourceCharacter); NTSYSAPI NTSTATUS NTAPI RtlAnsiStringToUnicodeString( PUNICODE_STRING DestinationString, PCANSI_STRING SourceString, BOOLEAN AllocateDestinationString ); NTSYSAPI ULONG NTAPI RtlxAnsiStringToUnicodeSize( PCANSI_STRING AnsiString ); #ifdef NTOS_MODE_USER #define RtlAnsiStringToUnicodeSize(STRING) ( \ NLS_MB_CODE_PAGE_TAG ? \ RtlxAnsiStringToUnicodeSize(STRING) : \ ((STRING)->Length + sizeof(ANSI_NULL)) * sizeof(WCHAR) \ ) #endif NTSYSAPI BOOLEAN NTAPI RtlCreateUnicodeStringFromAsciiz( _Out_ PUNICODE_STRING Destination, _In_ PCSZ Source ); // // Unicode String Functions // NTSYSAPI NTSTATUS NTAPI RtlAppendUnicodeToString( PUNICODE_STRING Destination, PCWSTR Source ); NTSYSAPI NTSTATUS NTAPI RtlAppendUnicodeStringToString( PUNICODE_STRING Destination, PCUNICODE_STRING Source ); NTSYSAPI LONG NTAPI RtlCompareUnicodeString( PCUNICODE_STRING String1, PCUNICODE_STRING String2, BOOLEAN CaseInsensitive ); NTSYSAPI VOID NTAPI RtlCopyUnicodeString( PUNICODE_STRING DestinationString, PCUNICODE_STRING SourceString ); NTSYSAPI BOOLEAN NTAPI RtlCreateUnicodeString( PUNICODE_STRING DestinationString, PCWSTR SourceString ); #ifdef NTOS_MODE_USER NTSYSAPI NTSTATUS NTAPI RtlDowncaseUnicodeString( _Inout_ PUNICODE_STRING UniDest, _In_ PCUNICODE_STRING UniSource, _In_ BOOLEAN AllocateDestinationString ); NTSYSAPI NTSTATUS NTAPI RtlDuplicateUnicodeString( _In_ ULONG Flags, _In_ PCUNICODE_STRING SourceString, _Out_ PUNICODE_STRING DestinationString ); NTSYSAPI NTSTATUS NTAPI RtlFindCharInUnicodeString( _In_ ULONG Flags, _In_ PCUNICODE_STRING SearchString, _In_ PCUNICODE_STRING MatchString, _Out_ PUSHORT Position ); // // Memory Functions // NTSYSAPI VOID NTAPI RtlFillMemoryUlong( _In_ PVOID Destination, _In_ SIZE_T Length, _In_ ULONG Fill ); NTSYSAPI VOID NTAPI RtlFillMemoryUlonglong( _Out_ PVOID Destination, _In_ SIZE_T Length, _In_ ULONGLONG Pattern ); NTSYSAPI NTSTATUS NTAPI RtlCopyMappedMemory( _Out_writes_bytes_all_(Size) PVOID Destination, _In_reads_bytes_(Size) const VOID *Source, _In_ SIZE_T Size ); NTSYSAPI SIZE_T NTAPI RtlCompareMemoryUlong( _In_ PVOID Source, _In_ SIZE_T Length, _In_ ULONG Pattern ); #ifndef RtlEqualMemory #define RtlEqualMemory(Destination, Source, Length) \ (!memcmp(Destination, Source, Length)) #endif #define RtlCopyBytes RtlCopyMemory #define RtlFillBytes RtlFillMemory #define RtlZeroBytes RtlZeroMemory #endif NTSYSAPI BOOLEAN NTAPI RtlEqualUnicodeString( PCUNICODE_STRING String1, PCUNICODE_STRING String2, BOOLEAN CaseInsensitive ); _IRQL_requires_max_(PASSIVE_LEVEL) NTSYSAPI VOID NTAPI RtlFreeUnicodeString( _Inout_ _At_(UnicodeString->Buffer, __drv_freesMem(Mem)) PUNICODE_STRING UnicodeString ); NTSYSAPI VOID NTAPI RtlEraseUnicodeString( _Inout_ PUNICODE_STRING String ); NTSYSAPI NTSTATUS NTAPI RtlHashUnicodeString( _In_ CONST UNICODE_STRING *String, _In_ BOOLEAN CaseInSensitive, _In_ ULONG HashAlgorithm, _Out_ PULONG HashValue ); _IRQL_requires_max_(DISPATCH_LEVEL) _At_(DestinationString->Buffer, _Post_equal_to_(SourceString)) _When_(SourceString != NULL, _At_(DestinationString->Length, _Post_equal_to_(_String_length_(SourceString))) _At_(DestinationString->MaximumLength, _Post_equal_to_(DestinationString->Length + sizeof(CHAR)))) _When_(SourceString == NULL, _At_(DestinationString->Length, _Post_equal_to_(0)) _At_(DestinationString->MaximumLength, _Post_equal_to_(0))) NTSYSAPI VOID NTAPI RtlInitString( _Out_ PSTRING DestinationString, _In_opt_z_ __drv_aliasesMem PCSTR SourceString ); _IRQL_requires_max_(DISPATCH_LEVEL) _At_(DestinationString->Buffer, _Post_equal_to_(SourceString)) _When_(SourceString != NULL, _At_(DestinationString->Length, _Post_equal_to_(_String_length_(SourceString) * sizeof(WCHAR))) _At_(DestinationString->MaximumLength, _Post_equal_to_(DestinationString->Length + sizeof(WCHAR)))) _When_(SourceString == NULL, _At_(DestinationString->Length, _Post_equal_to_(0)) _At_(DestinationString->MaximumLength, _Post_equal_to_(0))) NTSYSAPI VOID NTAPI RtlInitUnicodeString( _Out_ PUNICODE_STRING DestinationString, _In_opt_z_ __drv_aliasesMem PCWSTR SourceString ); _IRQL_requires_max_(DISPATCH_LEVEL) NTSYSAPI NTSTATUS NTAPI RtlInitUnicodeStringEx( _Out_ PUNICODE_STRING DestinationString, _In_opt_z_ __drv_aliasesMem PCWSTR SourceString ); NTSYSAPI BOOLEAN NTAPI RtlIsTextUnicode( _In_ CONST VOID* Buffer, _In_ INT Size, _Inout_opt_ INT* Flags ); _IRQL_requires_max_(PASSIVE_LEVEL) _Must_inspect_result_ NTSYSAPI BOOLEAN NTAPI RtlPrefixString( _In_ const STRING *String1, _In_ const STRING *String2, _In_ BOOLEAN CaseInsensitive ); _IRQL_requires_max_(PASSIVE_LEVEL) _Must_inspect_result_ NTSYSAPI BOOLEAN NTAPI RtlPrefixUnicodeString( _In_ PCUNICODE_STRING String1, _In_ PCUNICODE_STRING String2, _In_ BOOLEAN CaseInsensitive ); _IRQL_requires_max_(PASSIVE_LEVEL) NTSYSAPI VOID NTAPI RtlUpperString( _Inout_ PSTRING DestinationString, _In_ const STRING *SourceString ); _IRQL_requires_max_(PASSIVE_LEVEL) _Must_inspect_result_ NTSYSAPI LONG NTAPI RtlCompareString( _In_ const STRING *String1, _In_ const STRING *String2, _In_ BOOLEAN CaseInSensitive ); NTSYSAPI VOID NTAPI RtlCopyString( _Out_ PSTRING DestinationString, _In_opt_ const STRING *SourceString ); _IRQL_requires_max_(PASSIVE_LEVEL) _Must_inspect_result_ NTSYSAPI BOOLEAN NTAPI RtlEqualString( _In_ const STRING *String1, _In_ const STRING *String2, _In_ BOOLEAN CaseInSensitive ); _IRQL_requires_max_(APC_LEVEL) NTSYSAPI NTSTATUS NTAPI RtlAppendStringToString( _Inout_ PSTRING Destination, _In_ const STRING *Source ); _IRQL_requires_max_(PASSIVE_LEVEL) _When_(AllocateDestinationString, _Must_inspect_result_) NTSYSAPI NTSTATUS NTAPI RtlUpcaseUnicodeString( _When_(AllocateDestinationString, _Out_ _At_(DestinationString->Buffer, __drv_allocatesMem(Mem))) _When_(!AllocateDestinationString, _Inout_) PUNICODE_STRING DestinationString, _In_ PCUNICODE_STRING SourceString, _In_ BOOLEAN AllocateDestinationString ); _IRQL_requires_max_(PASSIVE_LEVEL) NTSYSAPI NTSTATUS NTAPI RtlUnicodeStringToInteger( _In_ PCUNICODE_STRING String, _In_opt_ ULONG Base, _Out_ PULONG Value ); NTSYSAPI NTSTATUS NTAPI RtlValidateUnicodeString( _In_ ULONG Flags, _In_ PCUNICODE_STRING String ); #define RTL_SKIP_BUFFER_COPY 0x00000001 NTSYSAPI NTSTATUS NTAPI RtlpEnsureBufferSize( _In_ ULONG Flags, _Inout_ PRTL_BUFFER Buffer, _In_ SIZE_T RequiredSize ); #ifdef NTOS_MODE_USER FORCEINLINE VOID RtlInitBuffer( _Inout_ PRTL_BUFFER Buffer, _In_ PUCHAR Data, _In_ ULONG DataSize ) { Buffer->Buffer = Buffer->StaticBuffer = Data; Buffer->Size = Buffer->StaticSize = DataSize; Buffer->ReservedForAllocatedSize = 0; Buffer->ReservedForIMalloc = NULL; } FORCEINLINE NTSTATUS RtlEnsureBufferSize( _In_ ULONG Flags, _Inout_ PRTL_BUFFER Buffer, _In_ ULONG RequiredSize ) { if (Buffer && RequiredSize <= Buffer->Size) return STATUS_SUCCESS; return RtlpEnsureBufferSize(Flags, Buffer, RequiredSize); } FORCEINLINE VOID RtlFreeBuffer( _Inout_ PRTL_BUFFER Buffer ) { if (Buffer->Buffer != Buffer->StaticBuffer && Buffer->Buffer) RtlFreeHeap(RtlGetProcessHeap(), 0, Buffer->Buffer); Buffer->Buffer = Buffer->StaticBuffer; Buffer->Size = Buffer->StaticSize; } #endif /* NTOS_MODE_USER */ // // Ansi String Functions // _IRQL_requires_max_(PASSIVE_LEVEL) NTSYSAPI VOID NTAPI RtlFreeAnsiString( _Inout_ _At_(AnsiString->Buffer, __drv_freesMem(Mem)) PANSI_STRING AnsiString ); _IRQL_requires_max_(DISPATCH_LEVEL) NTSYSAPI VOID NTAPI RtlInitAnsiString( _Out_ PANSI_STRING DestinationString, _In_opt_z_ __drv_aliasesMem PCSZ SourceString ); _IRQL_requires_max_(DISPATCH_LEVEL) NTSYSAPI NTSTATUS NTAPI RtlInitAnsiStringEx( _Out_ PANSI_STRING DestinationString, _In_opt_z_ __drv_aliasesMem PCSZ SourceString ); // // OEM String Functions // _IRQL_requires_max_(PASSIVE_LEVEL) NTSYSAPI VOID NTAPI RtlFreeOemString( _Inout_ _At_(OemString->Buffer, __drv_freesMem(Mem)) POEM_STRING OemString ); // // MultiByte->Unicode String Functions // _IRQL_requires_max_(PASSIVE_LEVEL) NTSYSAPI NTSTATUS NTAPI RtlMultiByteToUnicodeN( _Out_writes_bytes_to_(MaxBytesInUnicodeString, *BytesInUnicodeString) PWCH UnicodeString, _In_ ULONG MaxBytesInUnicodeString, _Out_opt_ PULONG BytesInUnicodeString, _In_reads_bytes_(BytesInMultiByteString) const CHAR *MultiByteString, _In_ ULONG BytesInMultiByteString ); _IRQL_requires_max_(PASSIVE_LEVEL) NTSYSAPI NTSTATUS NTAPI RtlMultiByteToUnicodeSize( _Out_ PULONG BytesInUnicodeString, _In_reads_bytes_(BytesInMultiByteString) const CHAR *MultiByteString, _In_ ULONG BytesInMultiByteString ); // // Atom Functions // NTSYSAPI NTSTATUS NTAPI RtlAddAtomToAtomTable( _In_ PRTL_ATOM_TABLE AtomTable, _In_ PWSTR AtomName, _Out_ PRTL_ATOM Atom ); NTSYSAPI NTSTATUS NTAPI RtlCreateAtomTable( _In_ ULONG TableSize, _Inout_ PRTL_ATOM_TABLE *AtomTable ); NTSYSAPI NTSTATUS NTAPI RtlDeleteAtomFromAtomTable( _In_ PRTL_ATOM_TABLE AtomTable, _In_ RTL_ATOM Atom ); NTSYSAPI NTSTATUS NTAPI RtlDestroyAtomTable(IN PRTL_ATOM_TABLE AtomTable); NTSYSAPI NTSTATUS NTAPI RtlQueryAtomInAtomTable( _In_ PRTL_ATOM_TABLE AtomTable, _In_ RTL_ATOM Atom, _Out_opt_ PULONG RefCount, _Out_opt_ PULONG PinCount, _Out_opt_z_bytecap_(*NameLength) PWSTR AtomName, _Inout_opt_ PULONG NameLength ); NTSYSAPI NTSTATUS NTAPI RtlPinAtomInAtomTable( _In_ PRTL_ATOM_TABLE AtomTable, _In_ RTL_ATOM Atom ); NTSYSAPI NTSTATUS NTAPI RtlLookupAtomInAtomTable( _In_ PRTL_ATOM_TABLE AtomTable, _In_ PWSTR AtomName, _Out_ PRTL_ATOM Atom ); // // Process Management Functions // NTSYSAPI PPEB NTAPI RtlGetCurrentPeb( VOID ); NTSYSAPI VOID NTAPI RtlAcquirePebLock(VOID); NTSYSAPI NTSTATUS NTAPI RtlCreateProcessParameters ( _Out_ PRTL_USER_PROCESS_PARAMETERS *ProcessParameters, _In_ PUNICODE_STRING ImagePathName, _In_opt_ PUNICODE_STRING DllPath, _In_opt_ PUNICODE_STRING CurrentDirectory, _In_opt_ PUNICODE_STRING CommandLine, _In_opt_ PWSTR Environment, _In_opt_ PUNICODE_STRING WindowTitle, _In_opt_ PUNICODE_STRING DesktopInfo, _In_opt_ PUNICODE_STRING ShellInfo, _In_opt_ PUNICODE_STRING RuntimeInfo ); NTSYSAPI NTSTATUS NTAPI RtlCreateUserProcess( _In_ PUNICODE_STRING ImageFileName, _In_ ULONG Attributes, _In_ PRTL_USER_PROCESS_PARAMETERS ProcessParameters, _In_opt_ PSECURITY_DESCRIPTOR ProcessSecutityDescriptor, _In_opt_ PSECURITY_DESCRIPTOR ThreadSecurityDescriptor, _In_opt_ HANDLE ParentProcess, _In_ BOOLEAN CurrentDirectory, _In_opt_ HANDLE DebugPort, _In_opt_ HANDLE ExceptionPort, _Out_ PRTL_USER_PROCESS_INFORMATION ProcessInfo ); #if (NTDDI_VERSION >= NTDDI_WIN7) NTSYSAPI NTSTATUS NTAPI RtlCreateUserThread( _In_ PVOID ThreadContext, _Out_ HANDLE *OutThreadHandle, _Reserved_ PVOID Reserved1, _Reserved_ PVOID Reserved2, _Reserved_ PVOID Reserved3, _Reserved_ PVOID Reserved4, _Reserved_ PVOID Reserved5, _Reserved_ PVOID Reserved6, _Reserved_ PVOID Reserved7, _Reserved_ PVOID Reserved8 ); #else NTSYSAPI NTSTATUS NTAPI RtlCreateUserThread( _In_ HANDLE ProcessHandle, _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ BOOLEAN CreateSuspended, _In_ ULONG StackZeroBits, _In_ SIZE_T StackReserve, _In_ SIZE_T StackCommit, _In_ PTHREAD_START_ROUTINE StartAddress, _In_ PVOID Parameter, _Out_opt_ PHANDLE ThreadHandle, _Out_opt_ PCLIENT_ID ClientId ); #endif NTSYSAPI PRTL_USER_PROCESS_PARAMETERS NTAPI RtlDeNormalizeProcessParams( _In_ PRTL_USER_PROCESS_PARAMETERS ProcessParameters); NTSYSAPI NTSTATUS NTAPI RtlDestroyProcessParameters( _In_ PRTL_USER_PROCESS_PARAMETERS ProcessParameters); NTSYSAPI VOID NTAPI RtlExitUserThread( _In_ NTSTATUS Status); NTSYSAPI VOID NTAPI RtlInitializeContext( _In_ HANDLE ProcessHandle, _Out_ PCONTEXT ThreadContext, _In_opt_ PVOID ThreadStartParam, _In_ PTHREAD_START_ROUTINE ThreadStartAddress, _In_ PINITIAL_TEB InitialTeb ); #ifdef _M_AMD64 typedef struct _WOW64_CONTEXT *PWOW64_CONTEXT; NTSYSAPI NTSTATUS NTAPI RtlWow64GetThreadContext( _In_ HANDLE ThreadHandle, _Inout_ PWOW64_CONTEXT ThreadContext ); NTSYSAPI NTSTATUS NTAPI RtlWow64SetThreadContext( _In_ HANDLE ThreadHandle, _In_ PWOW64_CONTEXT ThreadContext ); #endif NTSYSAPI BOOLEAN NTAPI RtlIsThreadWithinLoaderCallout(VOID); NTSYSAPI PRTL_USER_PROCESS_PARAMETERS NTAPI RtlNormalizeProcessParams( _In_ PRTL_USER_PROCESS_PARAMETERS ProcessParameters); NTSYSAPI VOID NTAPI RtlReleasePebLock(VOID); NTSYSAPI NTSTATUS NTAPI RtlRemoteCall( _In_ HANDLE Process, _In_ HANDLE Thread, _In_ PVOID CallSite, _In_ ULONG ArgumentCount, _In_ PULONG Arguments, _In_ BOOLEAN PassContext, _In_ BOOLEAN AlreadySuspended ); NTSYSAPI NTSTATUS __cdecl RtlSetProcessIsCritical( _In_ BOOLEAN NewValue, _Out_opt_ PBOOLEAN OldValue, _In_ BOOLEAN NeedBreaks ); NTSYSAPI NTSTATUS __cdecl RtlSetThreadIsCritical( _In_ BOOLEAN NewValue, _Out_opt_ PBOOLEAN OldValue, _In_ BOOLEAN NeedBreaks ); NTSYSAPI ULONG NTAPI RtlGetCurrentProcessorNumber( VOID ); // // Thread Pool Functions // // NTSTATUS NTAPI RtlSetThreadPoolStartFunc( _In_ PRTL_START_POOL_THREAD StartPoolThread, _In_ PRTL_EXIT_POOL_THREAD ExitPoolThread ); NTSYSAPI NTSTATUS NTAPI RtlDeregisterWaitEx( _In_ HANDLE hWaitHandle, _In_opt_ HANDLE hCompletionEvent ); NTSYSAPI NTSTATUS NTAPI RtlDeregisterWait( _In_ HANDLE hWaitHandle ); NTSYSAPI NTSTATUS NTAPI RtlQueueWorkItem( _In_ WORKERCALLBACKFUNC Function, _In_opt_ PVOID Context, _In_ ULONG Flags ); NTSYSAPI NTSTATUS NTAPI RtlSetIoCompletionCallback( _In_ HANDLE FileHandle, _In_ PIO_APC_ROUTINE Callback, _In_ ULONG Flags ); NTSYSAPI NTSTATUS NTAPI RtlRegisterWait( _In_ PHANDLE phNewWaitObject, _In_ HANDLE hObject, _In_ WAITORTIMERCALLBACKFUNC Callback, _In_ PVOID pvContext, _In_ ULONG ulMilliseconds, _In_ ULONG ulFlags ); // // Environment/Path Functions // NTSYSAPI NTSTATUS NTAPI RtlCreateEnvironment( _In_ BOOLEAN Inherit, _Out_ PWSTR *Environment ); NTSYSAPI NTSTATUS NTAPI RtlComputePrivatizedDllName_U( _In_ PUNICODE_STRING DllName, _Inout_ PUNICODE_STRING RealName, _Inout_ PUNICODE_STRING LocalName ); NTSYSAPI VOID NTAPI RtlDestroyEnvironment( _In_ PWSTR Environment ); NTSYSAPI BOOLEAN NTAPI RtlDoesFileExists_U( _In_ PCWSTR FileName ); NTSYSAPI RTL_PATH_TYPE NTAPI RtlDetermineDosPathNameType_U( _In_ PCWSTR Path ); NTSYSAPI ULONG NTAPI RtlDosSearchPath_U( _In_ PCWSTR Path, _In_ PCWSTR FileName, _In_ PCWSTR Extension, _In_ ULONG BufferSize, _Out_ PWSTR Buffer, _Out_ PWSTR *PartName ); NTSYSAPI NTSTATUS NTAPI RtlDosSearchPath_Ustr( _In_ ULONG Flags, _In_ PUNICODE_STRING PathString, _In_ PUNICODE_STRING FileNameString, _In_ PUNICODE_STRING ExtensionString, _In_ PUNICODE_STRING CallerBuffer, _Inout_opt_ PUNICODE_STRING DynamicString, _Out_opt_ PUNICODE_STRING* FullNameOut, _Out_opt_ PSIZE_T FilePartSize, _Out_opt_ PSIZE_T LengthNeeded ); NTSYSAPI BOOLEAN NTAPI RtlDosPathNameToNtPathName_U( _In_opt_z_ PCWSTR DosPathName, _Out_ PUNICODE_STRING NtPathName, _Out_opt_ PCWSTR *NtFileNamePart, _Out_opt_ PRTL_RELATIVE_NAME_U DirectoryInfo ); #define RTL_UNCHANGED_UNK_PATH 1 #define RTL_CONVERTED_UNC_PATH 2 #define RTL_CONVERTED_NT_PATH 3 #define RTL_UNCHANGED_DOS_PATH 4 NTSYSAPI NTSTATUS NTAPI RtlNtPathNameToDosPathName( _In_ ULONG Flags, _Inout_ PRTL_UNICODE_STRING_BUFFER Path, _Out_opt_ PULONG PathType, _Out_opt_ PULONG Unknown ); NTSYSAPI BOOLEAN NTAPI RtlDosPathNameToRelativeNtPathName_U( _In_ PCWSTR DosName, _Out_ PUNICODE_STRING NtName, _Out_ PCWSTR *PartName, _Out_ PRTL_RELATIVE_NAME_U RelativeName ); _At_(Destination->Buffer, _Out_bytecap_(Destination->MaximumLength)) NTSYSAPI NTSTATUS NTAPI RtlExpandEnvironmentStrings_U( _In_z_ PWSTR Environment, _In_ PUNICODE_STRING Source, _Inout_ PUNICODE_STRING Destination, _Out_ PULONG Length ); NTSYSAPI ULONG NTAPI RtlGetCurrentDirectory_U( _In_ ULONG MaximumLength, _Out_bytecap_(MaximumLength) PWSTR Buffer ); NTSYSAPI ULONG NTAPI RtlGetFullPathName_U( _In_ PCWSTR FileName, _In_ ULONG Size, _Out_z_bytecap_(Size) PWSTR Buffer, _Out_opt_ PWSTR *ShortName ); #if (NTDDI_VERSION >= NTDDI_WIN7) NTSYSAPI NTSTATUS NTAPI RtlGetFullPathName_UEx( _In_ PWSTR FileName, _In_ ULONG BufferLength, _Out_ PWSTR Buffer, _Out_opt_ PWSTR *FilePart, _Out_opt_ RTL_PATH_TYPE *InputPathType ); #endif NTSTATUS NTAPI RtlGetFullPathName_UstrEx( _In_ PUNICODE_STRING FileName, _In_opt_ PUNICODE_STRING StaticString, _In_opt_ PUNICODE_STRING DynamicString, _Out_opt_ PUNICODE_STRING *StringUsed, _Out_opt_ PSIZE_T FilePartSize, _Out_opt_ PBOOLEAN NameInvalid, _Out_ RTL_PATH_TYPE* PathType, _Out_opt_ PSIZE_T LengthNeeded ); NTSYSAPI NTSTATUS NTAPI RtlGetLengthWithoutTrailingPathSeperators( _Reserved_ ULONG Flags, _In_ PCUNICODE_STRING PathString, _Out_ PULONG Length ); NTSYSAPI ULONG NTAPI RtlGetLongestNtPathLength( VOID ); NTSYSAPI ULONG NTAPI RtlIsDosDeviceName_U( _In_ PCWSTR Name ); NTSYSAPI ULONG NTAPI RtlIsDosDeviceName_Ustr( _In_ PCUNICODE_STRING Name ); _IRQL_requires_max_(PASSIVE_LEVEL) _Must_inspect_result_ NTSYSAPI BOOLEAN NTAPI RtlIsNameLegalDOS8Dot3( _In_ PCUNICODE_STRING Name, _Inout_opt_ POEM_STRING OemName, _Out_opt_ PBOOLEAN NameContainsSpaces ); NTSYSAPI NTSTATUS NTAPI RtlQueryEnvironmentVariable_U( _In_opt_ PWSTR Environment, _In_ PCUNICODE_STRING Name, _Out_ PUNICODE_STRING Value ); VOID NTAPI RtlReleaseRelativeName( _In_ PRTL_RELATIVE_NAME_U RelativeName ); NTSYSAPI NTSTATUS NTAPI RtlSetCurrentDirectory_U( _In_ PUNICODE_STRING name ); NTSYSAPI NTSTATUS NTAPI RtlSetEnvironmentVariable( _In_z_ PWSTR *Environment, _In_ PUNICODE_STRING Name, _In_ PUNICODE_STRING Value ); // // Critical Section/Resource Functions // NTSYSAPI NTSTATUS NTAPI RtlDeleteCriticalSection ( _In_ PRTL_CRITICAL_SECTION CriticalSection ); NTSYSAPI NTSTATUS NTAPI RtlEnterCriticalSection( _In_ PRTL_CRITICAL_SECTION CriticalSection ); NTSYSAPI NTSTATUS NTAPI RtlInitializeCriticalSection( _In_ PRTL_CRITICAL_SECTION CriticalSection ); NTSYSAPI NTSTATUS NTAPI RtlInitializeCriticalSectionAndSpinCount( _In_ PRTL_CRITICAL_SECTION CriticalSection, _In_ ULONG SpinCount ); NTSYSAPI ULONG NTAPI RtlIsCriticalSectionLocked( _In_ PRTL_CRITICAL_SECTION CriticalSection ); NTSYSAPI ULONG NTAPI RtlIsCriticalSectionLockedByThread( _In_ PRTL_CRITICAL_SECTION CriticalSection ); NTSYSAPI NTSTATUS NTAPI RtlLeaveCriticalSection( _In_ PRTL_CRITICAL_SECTION CriticalSection ); NTSYSAPI BOOLEAN NTAPI RtlTryEnterCriticalSection( _In_ PRTL_CRITICAL_SECTION CriticalSection ); NTSYSAPI VOID NTAPI RtlpUnWaitCriticalSection( _In_ PRTL_CRITICAL_SECTION CriticalSection ); NTSYSAPI NTSTATUS NTAPI RtlpWaitForCriticalSection( _In_ PRTL_CRITICAL_SECTION CriticalSection ); NTSYSAPI BOOLEAN NTAPI RtlAcquireResourceExclusive( _In_ PRTL_RESOURCE Resource, _In_ BOOLEAN Wait ); NTSYSAPI BOOLEAN NTAPI RtlAcquireResourceShared( _In_ PRTL_RESOURCE Resource, _In_ BOOLEAN Wait ); NTSYSAPI VOID NTAPI RtlConvertExclusiveToShared( _In_ PRTL_RESOURCE Resource ); NTSYSAPI VOID NTAPI RtlConvertSharedToExclusive( _In_ PRTL_RESOURCE Resource ); NTSYSAPI VOID NTAPI RtlDeleteResource( _In_ PRTL_RESOURCE Resource ); NTSYSAPI VOID NTAPI RtlDumpResource( _In_ PRTL_RESOURCE Resource ); NTSYSAPI VOID NTAPI RtlInitializeResource( _In_ PRTL_RESOURCE Resource ); NTSYSAPI VOID NTAPI RtlReleaseResource( _In_ PRTL_RESOURCE Resource ); // // Compression Functions // NTSYSAPI //NT_RTL_COMPRESS_API NTSTATUS NTAPI RtlCompressBuffer( _In_ USHORT CompressionFormatAndEngine, _In_reads_bytes_(UncompressedBufferSize) PUCHAR UncompressedBuffer, _In_ ULONG UncompressedBufferSize, _Out_writes_bytes_to_(CompressedBufferSize, *FinalCompressedSize) PUCHAR CompressedBuffer, _In_ ULONG CompressedBufferSize, _In_ ULONG UncompressedChunkSize, _Out_ PULONG FinalCompressedSize, _In_ PVOID WorkSpace ); _IRQL_requires_max_(APC_LEVEL) NTSYSAPI //NT_RTL_COMPRESS_API NTSTATUS NTAPI RtlDecompressBuffer( _In_ USHORT CompressionFormat, _Out_writes_bytes_to_(UncompressedBufferSize, *FinalUncompressedSize) PUCHAR UncompressedBuffer, _In_ ULONG UncompressedBufferSize, _In_reads_bytes_(CompressedBufferSize) PUCHAR CompressedBuffer, _In_ ULONG CompressedBufferSize, _Out_ PULONG FinalUncompressedSize ); NTSYSAPI NTSTATUS NTAPI RtlGetCompressionWorkSpaceSize( _In_ USHORT CompressionFormatAndEngine, _Out_ PULONG CompressBufferWorkSpaceSize, _Out_ PULONG CompressFragmentWorkSpaceSize ); // // Frame Functions // NTSYSAPI VOID NTAPI RtlPopFrame( _In_ PTEB_ACTIVE_FRAME Frame ); NTSYSAPI VOID NTAPI RtlPushFrame( _In_ PTEB_ACTIVE_FRAME Frame ); NTSYSAPI PTEB_ACTIVE_FRAME NTAPI RtlGetFrame( VOID ); // // Debug Info Functions // NTSYSAPI PRTL_DEBUG_INFORMATION NTAPI RtlCreateQueryDebugBuffer( _In_ ULONG Size, _In_ BOOLEAN EventPair ); NTSYSAPI NTSTATUS NTAPI RtlDestroyQueryDebugBuffer(IN PRTL_DEBUG_INFORMATION DebugBuffer); NTSYSAPI NTSTATUS NTAPI RtlQueryProcessDebugInformation( _In_ ULONG ProcessId, _In_ ULONG DebugInfoClassMask, _Inout_ PRTL_DEBUG_INFORMATION DebugBuffer ); // // Bitmap Functions // #ifdef NTOS_MODE_USER NTSYSAPI BOOLEAN NTAPI RtlAreBitsClear( _In_ PRTL_BITMAP BitMapHeader, _In_ ULONG StartingIndex, _In_ ULONG Length ); NTSYSAPI BOOLEAN NTAPI RtlAreBitsSet( _In_ PRTL_BITMAP BitMapHeader, _In_ ULONG StartingIndex, _In_ ULONG Length ); NTSYSAPI VOID NTAPI RtlClearAllBits( _In_ PRTL_BITMAP BitMapHeader ); NTSYSAPI VOID NTAPI RtlClearBit( _In_ PRTL_BITMAP BitMapHeader, _In_range_(<, BitMapHeader->SizeOfBitMap) ULONG BitNumber ); NTSYSAPI VOID NTAPI RtlClearBits( _In_ PRTL_BITMAP BitMapHeader, _In_range_(0, BitMapHeader->SizeOfBitMap - NumberToClear) ULONG StartingIndex, _In_range_(0, BitMapHeader->SizeOfBitMap - StartingIndex) ULONG NumberToClear ); NTSYSAPI ULONG NTAPI RtlFindClearBits( _In_ PRTL_BITMAP BitMapHeader, _In_ ULONG NumberToFind, _In_ ULONG HintIndex ); NTSYSAPI ULONG NTAPI RtlFindClearBitsAndSet( _In_ PRTL_BITMAP BitMapHeader, _In_ ULONG NumberToFind, _In_ ULONG HintIndex ); NTSYSAPI ULONG NTAPI RtlFindFirstRunClear( _In_ PRTL_BITMAP BitMapHeader, _Out_ PULONG StartingIndex ); NTSYSAPI ULONG NTAPI RtlFindClearRuns( _In_ PRTL_BITMAP BitMapHeader, _Out_writes_to_(SizeOfRunArray, return) PRTL_BITMAP_RUN RunArray, _In_range_(>, 0) ULONG SizeOfRunArray, _In_ BOOLEAN LocateLongestRuns ); NTSYSAPI ULONG NTAPI RtlFindLastBackwardRunClear( _In_ PRTL_BITMAP BitMapHeader, _In_ ULONG FromIndex, _Out_ PULONG StartingRunIndex ); NTSYSAPI CCHAR NTAPI RtlFindLeastSignificantBit( _In_ ULONGLONG Value ); NTSYSAPI ULONG NTAPI RtlFindLongestRunClear( _In_ PRTL_BITMAP BitMapHeader, _Out_ PULONG StartingIndex ); NTSYSAPI CCHAR NTAPI RtlFindMostSignificantBit( _In_ ULONGLONG Value ); NTSYSAPI ULONG NTAPI RtlFindNextForwardRunClear( _In_ PRTL_BITMAP BitMapHeader, _In_ ULONG FromIndex, _Out_ PULONG StartingRunIndex ); NTSYSAPI ULONG NTAPI RtlFindNextForwardRunSet( _In_ PRTL_BITMAP BitMapHeader, _In_ ULONG FromIndex, _Out_ PULONG StartingRunIndex ); NTSYSAPI ULONG NTAPI RtlFindSetBits( _In_ PRTL_BITMAP BitMapHeader, _In_ ULONG NumberToFind, _In_ ULONG HintIndex ); NTSYSAPI ULONG NTAPI RtlFindSetBitsAndClear( _In_ PRTL_BITMAP BitMapHeader, _In_ ULONG NumberToFind, _In_ ULONG HintIndex ); #ifdef __REACTOS__ // ReactOS improvement _At_(BitMapHeader->SizeOfBitMap, _Post_equal_to_(SizeOfBitMap)) _At_(BitMapHeader->Buffer, _Post_equal_to_(BitMapBuffer)) #endif NTSYSAPI VOID NTAPI RtlInitializeBitMap( _Out_ PRTL_BITMAP BitMapHeader, _In_opt_ __drv_aliasesMem PULONG BitMapBuffer, _In_opt_ ULONG SizeOfBitMap ); NTSYSAPI ULONG NTAPI RtlNumberOfClearBits( _In_ PRTL_BITMAP BitMapHeader ); NTSYSAPI ULONG NTAPI RtlNumberOfSetBits( _In_ PRTL_BITMAP BitMapHeader ); NTSYSAPI VOID NTAPI RtlSetBit( _In_ PRTL_BITMAP BitMapHeader, _In_range_(<, BitMapHeader->SizeOfBitMap) ULONG BitNumber ); NTSYSAPI VOID NTAPI RtlSetBits( _In_ PRTL_BITMAP BitMapHeader, _In_range_(0, BitMapHeader->SizeOfBitMap - NumberToSet) ULONG StartingIndex, _In_range_(0, BitMapHeader->SizeOfBitMap - StartingIndex) ULONG NumberToSet ); NTSYSAPI VOID NTAPI RtlSetAllBits( _In_ PRTL_BITMAP BitMapHeader ); _Must_inspect_result_ NTSYSAPI BOOLEAN NTAPI RtlTestBit( _In_ PRTL_BITMAP BitMapHeader, _In_range_(<, BitMapHeader->SizeOfBitMap) ULONG BitNumber ); #if defined(_M_AMD64) _Must_inspect_result_ FORCEINLINE BOOLEAN RtlCheckBit( _In_ PRTL_BITMAP BitMapHeader, _In_range_(<, BitMapHeader->SizeOfBitMap) ULONG BitPosition) { return BitTest64((LONG64 CONST*)BitMapHeader->Buffer, (LONG64)BitPosition); } #else #define RtlCheckBit(BMH,BP) (((((PLONG)(BMH)->Buffer)[(BP)/32]) >> ((BP)%32)) & 0x1) #endif /* defined(_M_AMD64) */ #endif // NTOS_MODE_USER // // Timer Functions // NTSYSAPI NTSTATUS NTAPI RtlCreateTimer( _In_ HANDLE TimerQueue, _In_ PHANDLE phNewTimer, _In_ WAITORTIMERCALLBACKFUNC Callback, _In_ PVOID Parameter, _In_ ULONG DueTime, _In_ ULONG Period, _In_ ULONG Flags ); NTSYSAPI NTSTATUS NTAPI RtlCreateTimerQueue(PHANDLE TimerQueue); NTSYSAPI NTSTATUS NTAPI RtlDeleteTimer( _In_ HANDLE TimerQueue, _In_ HANDLE Timer, _In_ HANDLE CompletionEvent ); NTSYSAPI NTSTATUS NTAPI RtlUpdateTimer( _In_ HANDLE TimerQueue, _In_ HANDLE Timer, _In_ ULONG DueTime, _In_ ULONG Period ); NTSYSAPI NTSTATUS NTAPI RtlDeleteTimerQueueEx( _In_ HANDLE TimerQueue, _In_opt_ HANDLE CompletionEvent ); NTSYSAPI NTSTATUS NTAPI RtlDeleteTimerQueue(HANDLE TimerQueue); // // SList functions // PSLIST_ENTRY FASTCALL InterlockedPushListSList( _Inout_ PSLIST_HEADER ListHead, _Inout_ __drv_aliasesMem PSLIST_ENTRY List, _Inout_ PSLIST_ENTRY ListEnd, _In_ ULONG Count ); // // Range List functions // NTSYSAPI VOID NTAPI RtlInitializeRangeList( _Inout_ PRTL_RANGE_LIST RangeList ); NTSYSAPI VOID NTAPI RtlFreeRangeList( _In_ PRTL_RANGE_LIST RangeList ); NTSYSAPI NTSTATUS NTAPI RtlAddRange( _Inout_ PRTL_RANGE_LIST RangeList, _In_ ULONGLONG Start, _In_ ULONGLONG End, _In_ UCHAR Attributes, _In_ ULONG Flags, _In_opt_ PVOID UserData, _In_opt_ PVOID Owner ); // // Debug Functions // ULONG __cdecl DbgPrint( _In_z_ _Printf_format_string_ PCSTR Format, ... ); NTSYSAPI ULONG __cdecl DbgPrintEx( _In_ ULONG ComponentId, _In_ ULONG Level, _In_z_ _Printf_format_string_ PCSTR Format, ... ); NTSYSAPI ULONG NTAPI DbgPrompt( _In_z_ PCCH Prompt, _Out_writes_bytes_(MaximumResponseLength) PCH Response, _In_ ULONG MaximumResponseLength ); #undef DbgBreakPoint VOID NTAPI DbgBreakPoint( VOID ); VOID NTAPI DbgLoadImageSymbols( _In_ PSTRING Name, _In_ PVOID Base, _In_ ULONG_PTR ProcessId ); VOID NTAPI DbgUnLoadImageSymbols( _In_ PSTRING Name, _In_ PVOID Base, _In_ ULONG_PTR ProcessId ); VOID NTAPI DbgCommandString( _In_ PCCH Name, _In_ PCCH Command ); // // Generic Table Functions // #if defined(NTOS_MODE_USER) || defined(_NTIFS_) NTSYSAPI PVOID NTAPI RtlInsertElementGenericTable( _In_ PRTL_GENERIC_TABLE Table, _In_reads_bytes_(BufferSize) PVOID Buffer, _In_ CLONG BufferSize, _Out_opt_ PBOOLEAN NewElement ); NTSYSAPI PVOID NTAPI RtlInsertElementGenericTableFull( _In_ PRTL_GENERIC_TABLE Table, _In_reads_bytes_(BufferSize) PVOID Buffer, _In_ CLONG BufferSize, _Out_opt_ PBOOLEAN NewElement, _In_ PVOID NodeOrParent, _In_ TABLE_SEARCH_RESULT SearchResult ); NTSYSAPI BOOLEAN NTAPI RtlIsGenericTableEmpty( _In_ PRTL_GENERIC_TABLE Table ); NTSYSAPI PVOID NTAPI RtlLookupElementGenericTableFull( _In_ PRTL_GENERIC_TABLE Table, _In_ PVOID Buffer, _Out_ PVOID *NodeOrParent, _Out_ TABLE_SEARCH_RESULT *SearchResult ); #endif // // Handle Table Functions // NTSYSAPI PRTL_HANDLE_TABLE_ENTRY NTAPI RtlAllocateHandle( _In_ PRTL_HANDLE_TABLE HandleTable, _Inout_ PULONG Index ); NTSYSAPI VOID NTAPI RtlDestroyHandleTable( _Inout_ PRTL_HANDLE_TABLE HandleTable); NTSYSAPI BOOLEAN NTAPI RtlFreeHandle( _In_ PRTL_HANDLE_TABLE HandleTable, _In_ PRTL_HANDLE_TABLE_ENTRY Handle ); NTSYSAPI VOID NTAPI RtlInitializeHandleTable( _In_ ULONG TableSize, _In_ ULONG HandleSize, _In_ PRTL_HANDLE_TABLE HandleTable ); NTSYSAPI BOOLEAN NTAPI RtlIsValidHandle( _In_ PRTL_HANDLE_TABLE HandleTable, _In_ PRTL_HANDLE_TABLE_ENTRY Handle ); _Success_(return!=FALSE) NTSYSAPI BOOLEAN NTAPI RtlIsValidIndexHandle( _In_ PRTL_HANDLE_TABLE HandleTable, _In_ ULONG Index, _Out_ PRTL_HANDLE_TABLE_ENTRY *Handle ); // // PE Functions // NTSYSAPI NTSTATUS NTAPI RtlFindMessage( _In_ PVOID BaseAddress, _In_ ULONG Type, _In_ ULONG Language, _In_ ULONG MessageId, _Out_ PMESSAGE_RESOURCE_ENTRY *MessageResourceEntry ); NTSYSAPI ULONG NTAPI RtlGetNtGlobalFlags(VOID); _Success_(return!=NULL) NTSYSAPI PVOID NTAPI RtlImageDirectoryEntryToData( _In_ PVOID BaseAddress, _In_ BOOLEAN MappedAsImage, _In_ USHORT Directory, _Out_ PULONG Size ); NTSYSAPI PVOID NTAPI RtlImageRvaToVa( _In_ PIMAGE_NT_HEADERS NtHeader, _In_ PVOID BaseAddress, _In_ ULONG Rva, _Inout_opt_ PIMAGE_SECTION_HEADER *SectionHeader ); NTSYSAPI PIMAGE_NT_HEADERS NTAPI RtlImageNtHeader( _In_ PVOID BaseAddress); NTSYSAPI NTSTATUS NTAPI RtlImageNtHeaderEx( _In_ ULONG Flags, _In_ PVOID BaseAddress, _In_ ULONGLONG Size, _Out_ PIMAGE_NT_HEADERS *NtHeader ); NTSYSAPI PIMAGE_SECTION_HEADER NTAPI RtlImageRvaToSection( _In_ PIMAGE_NT_HEADERS NtHeader, _In_ PVOID BaseAddress, _In_ ULONG Rva ); NTSYSAPI ULONG NTAPI LdrRelocateImageWithBias( _In_ PVOID NewAddress, _In_ LONGLONG AdditionalBias, _In_ PCCH LoaderName, _In_ ULONG Success, _In_ ULONG Conflict, _In_ ULONG Invalid ); // // Activation Context Functions // #ifdef NTOS_MODE_USER NTSYSAPI NTSTATUS NTAPI RtlActivateActivationContextEx( _In_ ULONG Flags, _In_ PTEB Teb, _In_ PVOID Context, _Out_ PULONG_PTR Cookie ); NTSYSAPI NTSTATUS NTAPI RtlActivateActivationContext( _In_ ULONG Flags, _In_ HANDLE Handle, _Out_ PULONG_PTR Cookie ); NTSYSAPI VOID NTAPI RtlAddRefActivationContext( _In_ PVOID Context ); NTSYSAPI PRTL_ACTIVATION_CONTEXT_STACK_FRAME FASTCALL RtlActivateActivationContextUnsafeFast( _In_ PRTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_EXTENDED Frame, _In_ PVOID Context ); NTSYSAPI NTSTATUS NTAPI RtlAllocateActivationContextStack( _In_ PACTIVATION_CONTEXT_STACK *Stack ); NTSYSAPI NTSTATUS NTAPI RtlCreateActivationContext( _In_ ULONG Flags, _In_ PACTIVATION_CONTEXT_DATA ActivationContextData, _In_ ULONG ExtraBytes, _In_ PVOID NotificationRoutine, _In_ PVOID NotificationContext, _Out_ PACTIVATION_CONTEXT *ActCtx ); NTSYSAPI NTSTATUS NTAPI RtlGetActiveActivationContext( _In_ PVOID *Context ); NTSYSAPI VOID NTAPI RtlReleaseActivationContext( _In_ HANDLE handle ); NTSYSAPI NTSTATUS NTAPI RtlDeactivateActivationContext( _In_ ULONG dwFlags, _In_ ULONG_PTR ulCookie ); NTSYSAPI VOID NTAPI RtlFreeActivationContextStack( _In_ PACTIVATION_CONTEXT_STACK Stack ); NTSYSAPI VOID NTAPI RtlFreeThreadActivationContextStack(VOID); NTSYSAPI PRTL_ACTIVATION_CONTEXT_STACK_FRAME FASTCALL RtlDeactivateActivationContextUnsafeFast( _In_ PRTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_EXTENDED Frame ); NTSYSAPI NTSTATUS NTAPI RtlDosApplyFileIsolationRedirection_Ustr( _In_ ULONG Flags, _In_ PUNICODE_STRING OriginalName, _In_ PUNICODE_STRING Extension, _Inout_ PUNICODE_STRING StaticString, _Inout_ PUNICODE_STRING DynamicString, _Inout_ PUNICODE_STRING *NewName, _In_ PULONG NewFlags, _In_ PSIZE_T FileNameSize, _In_ PSIZE_T RequiredLength ); NTSYSAPI NTSTATUS NTAPI RtlFindActivationContextSectionString( _In_ ULONG dwFlags, _In_ const GUID *ExtensionGuid, _In_ ULONG SectionType, _In_ const UNICODE_STRING *SectionName, _Inout_ PVOID ReturnedData ); NTSYSAPI NTSTATUS NTAPI RtlQueryInformationActivationContext( _In_ DWORD dwFlags, _In_opt_ PVOID Context, _In_opt_ PVOID pvSubInstance, _In_ ULONG ulInfoClass, _Out_bytecap_(cbBuffer) PVOID pvBuffer, _In_opt_ SIZE_T cbBuffer, _Out_opt_ SIZE_T *pcbWrittenOrRequired ); NTSYSAPI NTSTATUS NTAPI RtlQueryInformationActiveActivationContext( _In_ ULONG ulInfoClass, _Out_bytecap_(cbBuffer) PVOID pvBuffer, _In_opt_ SIZE_T cbBuffer, _Out_opt_ SIZE_T *pcbWrittenOrRequired ); NTSYSAPI NTSTATUS NTAPI RtlZombifyActivationContext( PVOID Context ); // // WOW64 Functions // NTSYSAPI NTSTATUS NTAPI RtlWow64EnableFsRedirection( _In_ BOOLEAN Wow64FsEnableRedirection ); NTSYSAPI NTSTATUS NTAPI RtlWow64EnableFsRedirectionEx( _In_ PVOID Wow64FsEnableRedirection, _Out_ PVOID *OldFsRedirectionLevel ); #endif // // Registry Functions // _IRQL_requires_max_(PASSIVE_LEVEL) _Must_inspect_result_ NTSYSAPI NTSTATUS NTAPI RtlCheckRegistryKey( _In_ ULONG RelativeTo, _In_ PWSTR Path ); NTSYSAPI NTSTATUS NTAPI RtlCreateRegistryKey( _In_ ULONG RelativeTo, _In_ PWSTR Path ); NTSYSAPI NTSTATUS NTAPI RtlFormatCurrentUserKeyPath( _Out_ _At_(KeyPath->Buffer, __drv_allocatesMem(Mem) _Post_bytecap_(KeyPath->MaximumLength) _Post_bytecount_(KeyPath->Length)) PUNICODE_STRING KeyPath ); NTSYSAPI NTSTATUS NTAPI RtlOpenCurrentUser( _In_ ACCESS_MASK DesiredAccess, _Out_ PHANDLE KeyHandle ); _IRQL_requires_max_(PASSIVE_LEVEL) NTSYSAPI NTSTATUS NTAPI RtlQueryRegistryValues( _In_ ULONG RelativeTo, _In_ PCWSTR Path, _Inout_ _At_(*(*QueryTable).EntryContext, _Pre_unknown_) PRTL_QUERY_REGISTRY_TABLE QueryTable, _In_opt_ PVOID Context, _In_opt_ PVOID Environment ); _IRQL_requires_max_(PASSIVE_LEVEL) NTSYSAPI NTSTATUS NTAPI RtlWriteRegistryValue( _In_ ULONG RelativeTo, _In_ PCWSTR Path, _In_z_ PCWSTR ValueName, _In_ ULONG ValueType, _In_reads_bytes_opt_(ValueLength) PVOID ValueData, _In_ ULONG ValueLength ); #ifdef NTOS_MODE_USER NTSYSAPI NTSTATUS NTAPI RtlpNtCreateKey( _Out_ HANDLE KeyHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ ULONG TitleIndex, _In_ PUNICODE_STRING Class, _Out_ PULONG Disposition ); NTSYSAPI NTSTATUS NTAPI RtlpNtEnumerateSubKey( _In_ HANDLE KeyHandle, _Inout_ PUNICODE_STRING SubKeyName, _In_ ULONG Index, _In_ ULONG Unused ); NTSYSAPI NTSTATUS NTAPI RtlpNtMakeTemporaryKey( _In_ HANDLE KeyHandle ); NTSYSAPI NTSTATUS NTAPI RtlpNtOpenKey( _Out_ HANDLE KeyHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ ULONG Unused ); NTSYSAPI NTSTATUS NTAPI RtlpNtQueryValueKey( _In_ HANDLE KeyHandle, _Out_opt_ PULONG Type, _Out_opt_ PVOID Data, _Inout_opt_ PULONG DataLength, _In_ ULONG Unused ); NTSYSAPI NTSTATUS NTAPI RtlpNtSetValueKey( _In_ HANDLE KeyHandle, _In_ ULONG Type, _In_ PVOID Data, _In_ ULONG DataLength ); #endif // // NLS Functions // NTSYSAPI VOID NTAPI RtlGetDefaultCodePage( _Out_ PUSHORT AnsiCodePage, _Out_ PUSHORT OemCodePage ); NTSYSAPI VOID NTAPI RtlInitNlsTables( _In_ PUSHORT AnsiTableBase, _In_ PUSHORT OemTableBase, _In_ PUSHORT CaseTableBase, _Out_ PNLSTABLEINFO NlsTable ); _IRQL_requires_max_(PASSIVE_LEVEL) NTSYSAPI VOID NTAPI RtlInitCodePageTable( _In_ PUSHORT TableBase, _Out_ PCPTABLEINFO CodePageTable ); NTSYSAPI VOID NTAPI RtlResetRtlTranslations( _In_ PNLSTABLEINFO NlsTable); #if defined(NTOS_MODE_USER) && !defined(NO_RTL_INLINES) // // Misc conversion functions // static __inline LARGE_INTEGER NTAPI_INLINE RtlConvertLongToLargeInteger( _In_ LONG SignedInteger ) { LARGE_INTEGER Result; Result.QuadPart = SignedInteger; return Result; } static __inline LARGE_INTEGER NTAPI_INLINE RtlEnlargedIntegerMultiply( _In_ LONG Multiplicand, _In_ LONG Multiplier ) { LARGE_INTEGER Product; Product.QuadPart = (LONGLONG)Multiplicand * (ULONGLONG)Multiplier; return Product; } static __inline ULONG NTAPI_INLINE RtlEnlargedUnsignedDivide( _In_ ULARGE_INTEGER Dividend, _In_ ULONG Divisor, _In_opt_ PULONG Remainder ) { ULONG Quotient; Quotient = (ULONG)(Dividend.QuadPart / Divisor); if (Remainder) { *Remainder = (ULONG)(Dividend.QuadPart % Divisor); } return Quotient; } static __inline LARGE_INTEGER NTAPI_INLINE RtlEnlargedUnsignedMultiply( _In_ ULONG Multiplicand, _In_ ULONG Multiplier ) { LARGE_INTEGER Product; Product.QuadPart = (ULONGLONG)Multiplicand * (ULONGLONG)Multiplier; return Product; } #if defined(_AMD64_) || defined(_IA64_) static __inline LARGE_INTEGER NTAPI_INLINE RtlExtendedLargeIntegerDivide( _In_ LARGE_INTEGER Dividend, _In_ ULONG Divisor, _Out_opt_ PULONG Remainder) { LARGE_INTEGER ret; ret.QuadPart = (ULONG64)Dividend.QuadPart / Divisor; if (Remainder) *Remainder = (ULONG)(Dividend.QuadPart % Divisor); return ret; } #else NTSYSAPI LARGE_INTEGER NTAPI RtlExtendedLargeIntegerDivide( _In_ LARGE_INTEGER Dividend, _In_ ULONG Divisor, _Out_opt_ PULONG Remainder ); #endif /* defined(_AMD64_) || defined(_IA64_) */ #endif NTSYSAPI ULONG NTAPI RtlUniform( _In_ PULONG Seed ); NTSYSAPI ULONG NTAPI RtlRandom( _Inout_ PULONG Seed ); NTSYSAPI ULONG NTAPI RtlComputeCrc32( _In_ ULONG InitialCrc, _In_ PUCHAR Buffer, _In_ ULONG Length ); // // Network Functions // NTSYSAPI PSTR NTAPI RtlIpv4AddressToStringA( _In_ const struct in_addr *Addr, _Out_writes_(16) PCHAR S ); NTSYSAPI PWSTR NTAPI RtlIpv4AddressToStringW( _In_ const struct in_addr *Addr, _Out_writes_(16) PWCHAR S ); NTSYSAPI NTSTATUS NTAPI RtlIpv4AddressToStringExA( _In_ const struct in_addr *Address, _In_ USHORT Port, _Out_writes_to_(*AddressStringLength, *AddressStringLength) PCHAR AddressString, _Inout_ PULONG AddressStringLength ); NTSTATUS NTAPI RtlIpv4AddressToStringExW( _In_ const struct in_addr *Address, _In_ USHORT Port, _Out_writes_to_(*AddressStringLength, *AddressStringLength) PWCHAR AddressString, _Inout_ PULONG AddressStringLength ); NTSYSAPI NTSTATUS NTAPI RtlIpv4StringToAddressA( _In_ PCSTR String, _In_ BOOLEAN Strict, _Out_ PCSTR *Terminator, _Out_ struct in_addr *Addr ); NTSYSAPI NTSTATUS NTAPI RtlIpv4StringToAddressW( _In_ PCWSTR String, _In_ BOOLEAN Strict, _Out_ PCWSTR *Terminator, _Out_ struct in_addr *Addr ); NTSYSAPI NTSTATUS NTAPI RtlIpv4StringToAddressExA( _In_ PCSTR AddressString, _In_ BOOLEAN Strict, _Out_ struct in_addr *Address, _Out_ PUSHORT Port ); NTSYSAPI NTSTATUS NTAPI RtlIpv4StringToAddressExW( _In_ PCWSTR AddressString, _In_ BOOLEAN Strict, _Out_ struct in_addr *Address, _Out_ PUSHORT Port ); NTSYSAPI PSTR NTAPI RtlIpv6AddressToStringA( _In_ const struct in6_addr *Addr, _Out_writes_(46) PSTR S ); NTSYSAPI PWSTR NTAPI RtlIpv6AddressToStringW( _In_ const struct in6_addr *Addr, _Out_writes_(46) PWSTR S ); NTSYSAPI NTSTATUS NTAPI RtlIpv6AddressToStringExA( _In_ const struct in6_addr *Address, _In_ ULONG ScopeId, _In_ USHORT Port, _Out_writes_to_(*AddressStringLength, *AddressStringLength) PSTR AddressString, _Inout_ PULONG AddressStringLength ); NTSYSAPI NTSTATUS NTAPI RtlIpv6AddressToStringExW( _In_ const struct in6_addr *Address, _In_ ULONG ScopeId, _In_ USHORT Port, _Out_writes_to_(*AddressStringLength, *AddressStringLength) PWCHAR AddressString, _Inout_ PULONG AddressStringLength ); NTSYSAPI NTSTATUS NTAPI RtlIpv6StringToAddressA( _In_ PCSTR String, _Out_ PCSTR *Terminator, _Out_ struct in6_addr *Addr ); NTSYSAPI NTSTATUS NTAPI RtlIpv6StringToAddressW( _In_ PCWSTR String, _Out_ PCWSTR *Terminator, _Out_ struct in6_addr *Addr ); NTSYSAPI NTSTATUS NTAPI RtlIpv6StringToAddressExA( _In_ PCSTR AddressString, _Out_ struct in6_addr *Address, _Out_ PULONG ScopeId, _Out_ PUSHORT Port ); NTSYSAPI NTSTATUS NTAPI RtlIpv6StringToAddressExW( _In_ PCWSTR AddressString, _Out_ struct in6_addr *Address, _Out_ PULONG ScopeId, _Out_ PUSHORT Port ); // // Time Functions // NTSYSAPI NTSTATUS NTAPI RtlQueryTimeZoneInformation( _Out_ PRTL_TIME_ZONE_INFORMATION TimeZoneInformation); NTSYSAPI VOID NTAPI RtlSecondsSince1970ToTime( _In_ ULONG SecondsSince1970, _Out_ PLARGE_INTEGER Time ); NTSYSAPI NTSTATUS NTAPI RtlSetTimeZoneInformation( _In_ PRTL_TIME_ZONE_INFORMATION TimeZoneInformation); _Success_(return!=FALSE) _Must_inspect_result_ NTSYSAPI BOOLEAN NTAPI RtlTimeFieldsToTime( _In_ PTIME_FIELDS TimeFields, _Out_ PLARGE_INTEGER Time ); _Success_(return != 0) _Must_inspect_result_ NTSYSAPI BOOLEAN NTAPI RtlTimeToSecondsSince1970( _In_ PLARGE_INTEGER Time, _Out_ PULONG ElapsedSeconds ); NTSYSAPI VOID NTAPI RtlTimeToTimeFields( PLARGE_INTEGER Time, PTIME_FIELDS TimeFields ); NTSYSAPI NTSTATUS NTAPI RtlSystemTimeToLocalTime( _In_ PLARGE_INTEGER SystemTime, _Out_ PLARGE_INTEGER LocalTime ); // // Version Functions // _IRQL_requires_max_(PASSIVE_LEVEL) _Must_inspect_result_ NTSYSAPI NTSTATUS NTAPI RtlVerifyVersionInfo( _In_ PRTL_OSVERSIONINFOEXW VersionInfo, _In_ ULONG TypeMask, _In_ ULONGLONG ConditionMask ); _IRQL_requires_max_(PASSIVE_LEVEL) NTSYSAPI NTSTATUS NTAPI RtlGetVersion( _Out_ _At_(lpVersionInformation->dwOSVersionInfoSize, _Pre_ _Valid_) _When_(lpVersionInformation->dwOSVersionInfoSize == sizeof(RTL_OSVERSIONINFOEXW), _At_((PRTL_OSVERSIONINFOEXW)lpVersionInformation, _Out_)) PRTL_OSVERSIONINFOW lpVersionInformation ); NTSYSAPI BOOLEAN NTAPI RtlGetNtProductType(OUT PNT_PRODUCT_TYPE ProductType); // // Secure Memory Functions // #ifdef NTOS_MODE_USER NTSYSAPI NTSTATUS NTAPI RtlRegisterSecureMemoryCacheCallback( _In_ PRTL_SECURE_MEMORY_CACHE_CALLBACK Callback); NTSYSAPI BOOLEAN NTAPI RtlFlushSecureMemoryCache( _In_ PVOID MemoryCache, _In_opt_ SIZE_T MemoryLength ); #endif // // Boot Status Data Functions // #ifdef NTOS_MODE_USER NTSYSAPI NTSTATUS NTAPI RtlCreateBootStatusDataFile( VOID ); NTSYSAPI NTSTATUS NTAPI RtlGetSetBootStatusData( _In_ HANDLE FileHandle, _In_ BOOLEAN WriteMode, _In_ RTL_BSD_ITEM_TYPE DataClass, _In_ PVOID Buffer, _In_ ULONG BufferSize, _Out_opt_ PULONG ReturnLength ); NTSYSAPI NTSTATUS NTAPI RtlLockBootStatusData( _Out_ PHANDLE FileHandle ); NTSYSAPI NTSTATUS NTAPI RtlUnlockBootStatusData( _In_ HANDLE FileHandle ); #endif #ifdef NTOS_MODE_USER _Must_inspect_result_ NTSYSAPI NTSTATUS NTAPI RtlGUIDFromString( _In_ PUNICODE_STRING GuidString, _Out_ GUID *Guid); _Must_inspect_result_ NTSYSAPI NTSTATUS NTAPI RtlStringFromGUID( _In_ REFGUID Guid, _Out_ _At_(GuidString->Buffer, __drv_allocatesMem(Mem)) PUNICODE_STRING GuidString); NTSYSAPI NTSTATUS NTAPI RtlComputeImportTableHash( _In_ HANDLE hFile, _Out_ PCHAR Hash, _In_ ULONG ImportTableHashRevision ); #endif // // MemoryStream functions // #ifdef NTOS_MODE_USER NTSYSAPI VOID NTAPI RtlInitMemoryStream( _Out_ PRTL_MEMORY_STREAM Stream ); NTSYSAPI VOID NTAPI RtlInitOutOfProcessMemoryStream( _Out_ PRTL_MEMORY_STREAM Stream ); NTSYSAPI VOID NTAPI RtlFinalReleaseOutOfProcessMemoryStream( _In_ PRTL_MEMORY_STREAM Stream ); NTSYSAPI HRESULT NTAPI RtlQueryInterfaceMemoryStream( _In_ struct IStream *This, _In_ REFIID RequestedIid, _Outptr_ PVOID *ResultObject ); NTSYSAPI ULONG NTAPI RtlAddRefMemoryStream( _In_ struct IStream *This ); NTSYSAPI ULONG NTAPI RtlReleaseMemoryStream( _In_ struct IStream *This ); NTSYSAPI HRESULT NTAPI RtlReadMemoryStream( _In_ struct IStream *This, _Out_writes_bytes_(Length) PVOID Buffer, _In_ ULONG Length, _Out_opt_ PULONG BytesRead ); NTSYSAPI HRESULT NTAPI RtlReadOutOfProcessMemoryStream( _In_ struct IStream *This, _Out_writes_bytes_(Length) PVOID Buffer, _In_ ULONG Length, _Out_opt_ PULONG BytesRead ); NTSYSAPI HRESULT NTAPI RtlSeekMemoryStream( _In_ struct IStream *This, _In_ LARGE_INTEGER RelativeOffset, _In_ ULONG Origin, _Out_opt_ PULARGE_INTEGER ResultOffset ); NTSYSAPI HRESULT NTAPI RtlCopyMemoryStreamTo( _In_ struct IStream *This, _In_ struct IStream *Target, _In_ ULARGE_INTEGER Length, _Out_opt_ PULARGE_INTEGER BytesRead, _Out_opt_ PULARGE_INTEGER BytesWritten ); NTSYSAPI HRESULT NTAPI RtlCopyOutOfProcessMemoryStreamTo( _In_ struct IStream *This, _In_ struct IStream *Target, _In_ ULARGE_INTEGER Length, _Out_opt_ PULARGE_INTEGER BytesRead, _Out_opt_ PULARGE_INTEGER BytesWritten ); NTSYSAPI HRESULT NTAPI RtlStatMemoryStream( _In_ struct IStream *This, _Out_ struct tagSTATSTG *Stats, _In_ ULONG Flags ); // Dummy functions NTSYSAPI HRESULT NTAPI RtlWriteMemoryStream( _In_ struct IStream *This, _In_reads_bytes_(Length) CONST VOID *Buffer, _In_ ULONG Length, _Out_opt_ PULONG BytesWritten ); NTSYSAPI HRESULT NTAPI RtlSetMemoryStreamSize( _In_ struct IStream *This, _In_ ULARGE_INTEGER NewSize ); NTSYSAPI HRESULT NTAPI RtlCommitMemoryStream( _In_ struct IStream *This, _In_ ULONG CommitFlags ); NTSYSAPI HRESULT NTAPI RtlRevertMemoryStream( _In_ struct IStream *This ); NTSYSAPI HRESULT NTAPI RtlLockMemoryStreamRegion( _In_ struct IStream *This, _In_ ULARGE_INTEGER Offset, _In_ ULARGE_INTEGER Length, _In_ ULONG LockType ); NTSYSAPI HRESULT NTAPI RtlUnlockMemoryStreamRegion( _In_ struct IStream *This, _In_ ULARGE_INTEGER Offset, _In_ ULARGE_INTEGER Length, _In_ ULONG LockType ); NTSYSAPI HRESULT NTAPI RtlCloneMemoryStream( _In_ struct IStream *This, _Outptr_ struct IStream **ResultStream ); NTSYSAPI NTSTATUS NTAPI RtlGetNativeSystemInformation( _In_ SYSTEM_INFORMATION_CLASS SystemInformationClass, _Out_writes_bytes_to_opt_(SystemInformationLength, *ReturnLength) PVOID SystemInformation, _In_ ULONG SystemInformationLength, _Out_opt_ PULONG ReturnLength ); #endif // NTOS_MODE_USER NTSYSAPI NTSTATUS NTAPI RtlFindActivationContextSectionGuid( ULONG flags, const GUID *extguid, ULONG section_kind, const GUID *guid, void *ptr ); #ifdef __cplusplus } #endif #endif