mirror of
https://github.com/reactos/reactos.git
synced 2025-01-04 05:20:54 +00:00
1520 lines
34 KiB
C
1520 lines
34 KiB
C
/******************************************************************************
|
|
* ZwXxx Functions *
|
|
******************************************************************************/
|
|
|
|
$if (_WDMDDK_)
|
|
|
|
/* Constants */
|
|
#define NtCurrentProcess() ( (HANDLE)(LONG_PTR) -1 )
|
|
#define ZwCurrentProcess() NtCurrentProcess()
|
|
#define NtCurrentThread() ( (HANDLE)(LONG_PTR) -2 )
|
|
#define ZwCurrentThread() NtCurrentThread()
|
|
$endif (_WDMDDK_)
|
|
|
|
$if (_NTDDK_)
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwAllocateLocallyUniqueId(
|
|
_Out_ PLUID Luid);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwTerminateProcess(
|
|
_In_opt_ HANDLE ProcessHandle,
|
|
_In_ NTSTATUS ExitStatus);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwOpenProcess(
|
|
_Out_ PHANDLE ProcessHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ POBJECT_ATTRIBUTES ObjectAttributes,
|
|
_In_opt_ PCLIENT_ID ClientId);
|
|
$endif (_NTDDK_)
|
|
$if (_NTIFS_)
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryEaFile(
|
|
_In_ HANDLE FileHandle,
|
|
_Out_ PIO_STATUS_BLOCK IoStatusBlock,
|
|
_Out_writes_bytes_(Length) PVOID Buffer,
|
|
_In_ ULONG Length,
|
|
_In_ BOOLEAN ReturnSingleEntry,
|
|
_In_reads_bytes_opt_(EaListLength) PVOID EaList,
|
|
_In_ ULONG EaListLength,
|
|
_In_opt_ PULONG EaIndex,
|
|
_In_ BOOLEAN RestartScan);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetEaFile(
|
|
_In_ HANDLE FileHandle,
|
|
_Out_ PIO_STATUS_BLOCK IoStatusBlock,
|
|
_In_reads_bytes_(Length) PVOID Buffer,
|
|
_In_ ULONG Length);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwDuplicateToken(
|
|
_In_ HANDLE ExistingTokenHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
|
|
_In_ BOOLEAN EffectiveOnly,
|
|
_In_ TOKEN_TYPE TokenType,
|
|
_Out_ PHANDLE NewTokenHandle);
|
|
$endif (_NTIFS_)
|
|
|
|
#if (NTDDI_VERSION >= NTDDI_WIN2K)
|
|
$if (_WDMDDK_)
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwClose(
|
|
_In_ HANDLE Handle);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCreateDirectoryObject(
|
|
_Out_ PHANDLE DirectoryHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ POBJECT_ATTRIBUTES ObjectAttributes);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCreateFile(
|
|
_Out_ PHANDLE FileHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ POBJECT_ATTRIBUTES ObjectAttributes,
|
|
_Out_ PIO_STATUS_BLOCK IoStatusBlock,
|
|
_In_opt_ PLARGE_INTEGER AllocationSize,
|
|
_In_ ULONG FileAttributes,
|
|
_In_ ULONG ShareAccess,
|
|
_In_ ULONG CreateDisposition,
|
|
_In_ ULONG CreateOptions,
|
|
_In_reads_bytes_opt_(EaLength) PVOID EaBuffer,
|
|
_In_ ULONG EaLength
|
|
);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCreateKey(
|
|
_Out_ PHANDLE KeyHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ POBJECT_ATTRIBUTES ObjectAttributes,
|
|
_Reserved_ ULONG TitleIndex,
|
|
_In_opt_ PUNICODE_STRING Class,
|
|
_In_ ULONG CreateOptions,
|
|
_Out_opt_ PULONG Disposition);
|
|
|
|
_IRQL_requires_max_(APC_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCreateSection(
|
|
_Out_ PHANDLE SectionHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
|
|
_In_opt_ PLARGE_INTEGER MaximumSize,
|
|
_In_ ULONG SectionPageProtection,
|
|
_In_ ULONG AllocationAttributes,
|
|
_In_opt_ HANDLE FileHandle);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwDeleteKey(
|
|
_In_ HANDLE KeyHandle);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwDeleteValueKey(
|
|
_In_ HANDLE KeyHandle,
|
|
_In_ PUNICODE_STRING ValueName);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
_When_(Length == 0, _Post_satisfies_(return < 0))
|
|
_When_(Length > 0, _Post_satisfies_(return <= 0))
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwEnumerateKey(
|
|
_In_ HANDLE KeyHandle,
|
|
_In_ ULONG Index,
|
|
_In_ KEY_INFORMATION_CLASS KeyInformationClass,
|
|
_Out_writes_bytes_opt_(Length) PVOID KeyInformation,
|
|
_In_ ULONG Length,
|
|
_Out_ PULONG ResultLength);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
_When_(Length == 0, _Post_satisfies_(return < 0))
|
|
_When_(Length > 0, _Post_satisfies_(return <= 0))
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwEnumerateValueKey(
|
|
_In_ HANDLE KeyHandle,
|
|
_In_ ULONG Index,
|
|
_In_ KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass,
|
|
_Out_writes_bytes_opt_(Length) PVOID KeyValueInformation,
|
|
_In_ ULONG Length,
|
|
_Out_ PULONG ResultLength);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwFlushKey(
|
|
_In_ HANDLE KeyHandle);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwLoadDriver(
|
|
_In_ PUNICODE_STRING DriverServiceName);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwMakeTemporaryObject(
|
|
_In_ HANDLE Handle);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwMapViewOfSection(
|
|
_In_ HANDLE SectionHandle,
|
|
_In_ HANDLE ProcessHandle,
|
|
_Outptr_result_bytebuffer_(*ViewSize) PVOID *BaseAddress,
|
|
_In_ ULONG_PTR ZeroBits,
|
|
_In_ SIZE_T CommitSize,
|
|
_Inout_opt_ PLARGE_INTEGER SectionOffset,
|
|
_Inout_ PSIZE_T ViewSize,
|
|
_In_ SECTION_INHERIT InheritDisposition,
|
|
_In_ ULONG AllocationType,
|
|
_In_ ULONG Protect);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwOpenFile(
|
|
_Out_ PHANDLE FileHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ POBJECT_ATTRIBUTES ObjectAttributes,
|
|
_Out_ PIO_STATUS_BLOCK IoStatusBlock,
|
|
_In_ ULONG ShareAccess,
|
|
_In_ ULONG OpenOptions);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwOpenKey(
|
|
_Out_ PHANDLE KeyHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ POBJECT_ATTRIBUTES ObjectAttributes);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwOpenSection(
|
|
_Out_ PHANDLE SectionHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ POBJECT_ATTRIBUTES ObjectAttributes);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwOpenSymbolicLinkObject(
|
|
_Out_ PHANDLE LinkHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ POBJECT_ATTRIBUTES ObjectAttributes);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryInformationFile(
|
|
_In_ HANDLE FileHandle,
|
|
_Out_ PIO_STATUS_BLOCK IoStatusBlock,
|
|
_Out_writes_bytes_(Length) PVOID FileInformation,
|
|
_In_ ULONG Length,
|
|
_In_ FILE_INFORMATION_CLASS FileInformationClass);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
_When_(Length == 0, _Post_satisfies_(return < 0))
|
|
_When_(Length > 0, _Post_satisfies_(return <= 0))
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryKey(
|
|
_In_ HANDLE KeyHandle,
|
|
_In_ KEY_INFORMATION_CLASS KeyInformationClass,
|
|
_Out_writes_bytes_opt_(Length) PVOID KeyInformation,
|
|
_In_ ULONG Length,
|
|
_Out_ PULONG ResultLength);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQuerySymbolicLinkObject(
|
|
_In_ HANDLE LinkHandle,
|
|
_Inout_ PUNICODE_STRING LinkTarget,
|
|
_Out_opt_ PULONG ReturnedLength);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
_When_(Length == 0, _Post_satisfies_(return < 0))
|
|
_When_(Length > 0, _Post_satisfies_(return <= 0))
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryValueKey(
|
|
_In_ HANDLE KeyHandle,
|
|
_In_ PUNICODE_STRING ValueName,
|
|
_In_ KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass,
|
|
_Out_writes_bytes_opt_(Length) PVOID KeyValueInformation,
|
|
_In_ ULONG Length,
|
|
_Out_ PULONG ResultLength);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwReadFile(
|
|
_In_ HANDLE FileHandle,
|
|
_In_opt_ HANDLE Event,
|
|
_In_opt_ PIO_APC_ROUTINE ApcRoutine,
|
|
_In_opt_ PVOID ApcContext,
|
|
_Out_ PIO_STATUS_BLOCK IoStatusBlock,
|
|
_Out_writes_bytes_(Length) PVOID Buffer,
|
|
_In_ ULONG Length,
|
|
_In_opt_ PLARGE_INTEGER ByteOffset,
|
|
_In_opt_ PULONG Key);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetInformationFile(
|
|
_In_ HANDLE FileHandle,
|
|
_Out_ PIO_STATUS_BLOCK IoStatusBlock,
|
|
_In_reads_bytes_(Length) PVOID FileInformation,
|
|
_In_ ULONG Length,
|
|
_In_ FILE_INFORMATION_CLASS FileInformationClass);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetValueKey(
|
|
_In_ HANDLE KeyHandle,
|
|
_In_ PUNICODE_STRING ValueName,
|
|
_In_opt_ ULONG TitleIndex,
|
|
_In_ ULONG Type,
|
|
_In_reads_bytes_opt_(DataSize) PVOID Data,
|
|
_In_ ULONG DataSize);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwUnloadDriver(
|
|
_In_ PUNICODE_STRING DriverServiceName);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwUnmapViewOfSection(
|
|
_In_ HANDLE ProcessHandle,
|
|
_In_opt_ PVOID BaseAddress);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwWriteFile(
|
|
_In_ HANDLE FileHandle,
|
|
_In_opt_ HANDLE Event,
|
|
_In_opt_ PIO_APC_ROUTINE ApcRoutine,
|
|
_In_opt_ PVOID ApcContext,
|
|
_Out_ PIO_STATUS_BLOCK IoStatusBlock,
|
|
_In_reads_bytes_(Length) PVOID Buffer,
|
|
_In_ ULONG Length,
|
|
_In_opt_ PLARGE_INTEGER ByteOffset,
|
|
_In_opt_ PULONG Key);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryFullAttributesFile(
|
|
_In_ POBJECT_ATTRIBUTES ObjectAttributes,
|
|
_Out_ PFILE_NETWORK_OPEN_INFORMATION FileInformation);
|
|
|
|
$endif (_WDMDDK_)
|
|
$if (_NTDDK_)
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCancelTimer(
|
|
_In_ HANDLE TimerHandle,
|
|
_Out_opt_ PBOOLEAN CurrentState);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
_When_(return == 0, __drv_allocatesMem(TimerObject))
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCreateTimer(
|
|
_Out_ PHANDLE TimerHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
|
|
_In_ TIMER_TYPE TimerType);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwOpenTimer(
|
|
_Out_ PHANDLE TimerHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ POBJECT_ATTRIBUTES ObjectAttributes);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetInformationThread(
|
|
_In_ HANDLE ThreadHandle,
|
|
_In_ THREADINFOCLASS ThreadInformationClass,
|
|
_In_reads_bytes_(ThreadInformationLength) PVOID ThreadInformation,
|
|
_In_ ULONG ThreadInformationLength);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetTimer(
|
|
_In_ HANDLE TimerHandle,
|
|
_In_ PLARGE_INTEGER DueTime,
|
|
_In_opt_ PTIMER_APC_ROUTINE TimerApcRoutine,
|
|
_In_opt_ PVOID TimerContext,
|
|
_In_ BOOLEAN ResumeTimer,
|
|
_In_opt_ LONG Period,
|
|
_Out_opt_ PBOOLEAN PreviousState);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwDisplayString(
|
|
_In_ PUNICODE_STRING String);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwPowerInformation(
|
|
_In_ POWER_INFORMATION_LEVEL PowerInformationLevel,
|
|
_In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer,
|
|
_In_ ULONG InputBufferLength,
|
|
_Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer,
|
|
_In_ ULONG OutputBufferLength);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryVolumeInformationFile(
|
|
_In_ HANDLE FileHandle,
|
|
_Out_ PIO_STATUS_BLOCK IoStatusBlock,
|
|
_Out_writes_bytes_(Length) PVOID FsInformation,
|
|
_In_ ULONG Length,
|
|
_In_ FS_INFORMATION_CLASS FsInformationClass);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwDeviceIoControlFile(
|
|
_In_ HANDLE FileHandle,
|
|
_In_opt_ HANDLE Event,
|
|
_In_opt_ PIO_APC_ROUTINE ApcRoutine,
|
|
_In_opt_ PVOID ApcContext,
|
|
_Out_ PIO_STATUS_BLOCK IoStatusBlock,
|
|
_In_ ULONG IoControlCode,
|
|
_In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer,
|
|
_In_ ULONG InputBufferLength,
|
|
_Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer,
|
|
_In_ ULONG OutputBufferLength);
|
|
|
|
$endif (_NTDDK_)
|
|
$if (_NTIFS_)
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryObject(
|
|
_In_opt_ HANDLE Handle,
|
|
_In_ OBJECT_INFORMATION_CLASS ObjectInformationClass,
|
|
_Out_writes_bytes_opt_(ObjectInformationLength) PVOID ObjectInformation,
|
|
_In_ ULONG ObjectInformationLength,
|
|
_Out_opt_ PULONG ReturnLength);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwNotifyChangeKey(
|
|
_In_ HANDLE KeyHandle,
|
|
_In_opt_ HANDLE EventHandle,
|
|
_In_opt_ PIO_APC_ROUTINE ApcRoutine,
|
|
_In_opt_ PVOID ApcContext,
|
|
_Out_ PIO_STATUS_BLOCK IoStatusBlock,
|
|
_In_ ULONG NotifyFilter,
|
|
_In_ BOOLEAN WatchSubtree,
|
|
_Out_writes_bytes_opt_(BufferLength) PVOID Buffer,
|
|
_In_ ULONG BufferLength,
|
|
_In_ BOOLEAN Asynchronous);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCreateEvent(
|
|
_Out_ PHANDLE EventHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
|
|
_In_ EVENT_TYPE EventType,
|
|
_In_ BOOLEAN InitialState);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwDeleteFile(
|
|
_In_ POBJECT_ATTRIBUTES ObjectAttributes);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryDirectoryFile(
|
|
_In_ HANDLE FileHandle,
|
|
_In_opt_ HANDLE Event,
|
|
_In_opt_ PIO_APC_ROUTINE ApcRoutine,
|
|
_In_opt_ PVOID ApcContext,
|
|
_Out_ PIO_STATUS_BLOCK IoStatusBlock,
|
|
_Out_writes_bytes_(Length) PVOID FileInformation,
|
|
_In_ ULONG Length,
|
|
_In_ FILE_INFORMATION_CLASS FileInformationClass,
|
|
_In_ BOOLEAN ReturnSingleEntry,
|
|
_In_opt_ PUNICODE_STRING FileName,
|
|
_In_ BOOLEAN RestartScan);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetVolumeInformationFile(
|
|
_In_ HANDLE FileHandle,
|
|
_Out_ PIO_STATUS_BLOCK IoStatusBlock,
|
|
_In_reads_bytes_(Length) PVOID FsInformation,
|
|
_In_ ULONG Length,
|
|
_In_ FS_INFORMATION_CLASS FsInformationClass);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwFsControlFile(
|
|
_In_ HANDLE FileHandle,
|
|
_In_opt_ HANDLE Event,
|
|
_In_opt_ PIO_APC_ROUTINE ApcRoutine,
|
|
_In_opt_ PVOID ApcContext,
|
|
_Out_ PIO_STATUS_BLOCK IoStatusBlock,
|
|
_In_ ULONG FsControlCode,
|
|
_In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer,
|
|
_In_ ULONG InputBufferLength,
|
|
_Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer,
|
|
_In_ ULONG OutputBufferLength);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwDuplicateObject(
|
|
_In_ HANDLE SourceProcessHandle,
|
|
_In_ HANDLE SourceHandle,
|
|
_In_opt_ HANDLE TargetProcessHandle,
|
|
_Out_opt_ PHANDLE TargetHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ ULONG HandleAttributes,
|
|
_In_ ULONG Options);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwOpenDirectoryObject(
|
|
_Out_ PHANDLE DirectoryHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ POBJECT_ATTRIBUTES ObjectAttributes);
|
|
|
|
_Must_inspect_result_
|
|
_At_(*BaseAddress, __drv_allocatesMem(Mem))
|
|
__kernel_entry
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwAllocateVirtualMemory(
|
|
_In_ HANDLE ProcessHandle,
|
|
_Inout_ _Outptr_result_buffer_(*RegionSize) PVOID *BaseAddress,
|
|
_In_ ULONG_PTR ZeroBits,
|
|
_Inout_ PSIZE_T RegionSize,
|
|
_In_ ULONG AllocationType,
|
|
_In_ ULONG Protect);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwFreeVirtualMemory(
|
|
_In_ HANDLE ProcessHandle,
|
|
_Inout_ __drv_freesMem(Mem) PVOID *BaseAddress,
|
|
_Inout_ PSIZE_T RegionSize,
|
|
_In_ ULONG FreeType);
|
|
|
|
_When_(Timeout == NULL, _IRQL_requires_max_(APC_LEVEL))
|
|
_When_(Timeout->QuadPart != 0, _IRQL_requires_max_(APC_LEVEL))
|
|
_When_(Timeout->QuadPart == 0, _IRQL_requires_max_(DISPATCH_LEVEL))
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwWaitForSingleObject(
|
|
_In_ HANDLE Handle,
|
|
_In_ BOOLEAN Alertable,
|
|
_In_opt_ PLARGE_INTEGER Timeout);
|
|
|
|
_IRQL_requires_max_(DISPATCH_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetEvent(
|
|
_In_ HANDLE EventHandle,
|
|
_Out_opt_ PLONG PreviousState);
|
|
|
|
_IRQL_requires_max_(APC_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwFlushVirtualMemory(
|
|
_In_ HANDLE ProcessHandle,
|
|
_Inout_ PVOID *BaseAddress,
|
|
_Inout_ PSIZE_T RegionSize,
|
|
_Out_ PIO_STATUS_BLOCK IoStatusBlock);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryInformationToken(
|
|
_In_ HANDLE TokenHandle,
|
|
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass,
|
|
_Out_writes_bytes_to_opt_(Length,*ResultLength) PVOID TokenInformation,
|
|
_In_ ULONG Length,
|
|
_Out_ PULONG ResultLength);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetSecurityObject(
|
|
_In_ HANDLE Handle,
|
|
_In_ SECURITY_INFORMATION SecurityInformation,
|
|
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQuerySecurityObject(
|
|
_In_ HANDLE FileHandle,
|
|
_In_ SECURITY_INFORMATION SecurityInformation,
|
|
_Out_writes_bytes_to_(Length,*ResultLength) PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
_In_ ULONG Length,
|
|
_Out_ PULONG ResultLength);
|
|
$endif (_NTIFS_)
|
|
#endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */
|
|
|
|
$if (_NTIFS_)
|
|
#if (NTDDI_VERSION >= NTDDI_WINXP)
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwOpenProcessTokenEx(
|
|
_In_ HANDLE ProcessHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ ULONG HandleAttributes,
|
|
_Out_ PHANDLE TokenHandle);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwOpenThreadTokenEx(
|
|
_In_ HANDLE ThreadHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ BOOLEAN OpenAsSelf,
|
|
_In_ ULONG HandleAttributes,
|
|
_Out_ PHANDLE TokenHandle);
|
|
|
|
#endif /* (NTDDI_VERSION >= NTDDI_WINXP) */
|
|
$endif (_NTIFS_)
|
|
$if (_WDMDDK_)
|
|
|
|
#if (NTDDI_VERSION >= NTDDI_WS03)
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwOpenEvent(
|
|
_Out_ PHANDLE EventHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ POBJECT_ATTRIBUTES ObjectAttributes);
|
|
#endif
|
|
$endif (_WDMDDK_)
|
|
|
|
$if (_WDMDDK_ || _NTIFS_)
|
|
#if (NTDDI_VERSION >= NTDDI_VISTA)
|
|
$endif (_WDMDDK_ || _NTIFS_)
|
|
$if (_WDMDDK_)
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
ZwCreateKeyTransacted(
|
|
_Out_ PHANDLE KeyHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ POBJECT_ATTRIBUTES ObjectAttributes,
|
|
_Reserved_ ULONG TitleIndex,
|
|
_In_opt_ PUNICODE_STRING Class,
|
|
_In_ ULONG CreateOptions,
|
|
_In_ HANDLE TransactionHandle,
|
|
_Out_opt_ PULONG Disposition);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwOpenKeyTransacted(
|
|
_Out_ PHANDLE KeyHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ POBJECT_ATTRIBUTES ObjectAttributes,
|
|
_In_ HANDLE TransactionHandle);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCreateTransactionManager(
|
|
_Out_ PHANDLE TmHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
|
|
_In_opt_ PUNICODE_STRING LogFileName,
|
|
_In_opt_ ULONG CreateOptions,
|
|
_In_opt_ ULONG CommitStrength);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwOpenTransactionManager(
|
|
_Out_ PHANDLE TmHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
|
|
_In_opt_ PUNICODE_STRING LogFileName,
|
|
_In_opt_ LPGUID TmIdentity,
|
|
_In_opt_ ULONG OpenOptions);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwRollforwardTransactionManager(
|
|
_In_ HANDLE TransactionManagerHandle,
|
|
_In_opt_ PLARGE_INTEGER TmVirtualClock);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwRecoverTransactionManager(
|
|
_In_ HANDLE TransactionManagerHandle);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryInformationTransactionManager(
|
|
_In_ HANDLE TransactionManagerHandle,
|
|
_In_ TRANSACTIONMANAGER_INFORMATION_CLASS TransactionManagerInformationClass,
|
|
_Out_writes_bytes_(TransactionManagerInformationLength) PVOID TransactionManagerInformation,
|
|
_In_ ULONG TransactionManagerInformationLength,
|
|
_Out_opt_ PULONG ReturnLength);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetInformationTransactionManager(
|
|
_In_ HANDLE TmHandle,
|
|
_In_ TRANSACTIONMANAGER_INFORMATION_CLASS TransactionManagerInformationClass,
|
|
_In_ PVOID TransactionManagerInformation,
|
|
_In_ ULONG TransactionManagerInformationLength);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwEnumerateTransactionObject(
|
|
_In_opt_ HANDLE RootObjectHandle,
|
|
_In_ KTMOBJECT_TYPE QueryType,
|
|
_Inout_updates_bytes_(ObjectCursorLength) PKTMOBJECT_CURSOR ObjectCursor,
|
|
_In_ ULONG ObjectCursorLength,
|
|
_Out_ PULONG ReturnLength);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCreateTransaction(
|
|
_Out_ PHANDLE TransactionHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
|
|
_In_opt_ LPGUID Uow,
|
|
_In_opt_ HANDLE TmHandle,
|
|
_In_opt_ ULONG CreateOptions,
|
|
_In_opt_ ULONG IsolationLevel,
|
|
_In_opt_ ULONG IsolationFlags,
|
|
_In_opt_ PLARGE_INTEGER Timeout,
|
|
_In_opt_ PUNICODE_STRING Description);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwOpenTransaction(
|
|
_Out_ PHANDLE TransactionHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
|
|
_In_ LPGUID Uow,
|
|
_In_opt_ HANDLE TmHandle);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryInformationTransaction(
|
|
_In_ HANDLE TransactionHandle,
|
|
_In_ TRANSACTION_INFORMATION_CLASS TransactionInformationClass,
|
|
_Out_writes_bytes_(TransactionInformationLength) PVOID TransactionInformation,
|
|
_In_ ULONG TransactionInformationLength,
|
|
_Out_opt_ PULONG ReturnLength);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetInformationTransaction(
|
|
_In_ HANDLE TransactionHandle,
|
|
_In_ TRANSACTION_INFORMATION_CLASS TransactionInformationClass,
|
|
_In_ PVOID TransactionInformation,
|
|
_In_ ULONG TransactionInformationLength);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCommitTransaction(
|
|
_In_ HANDLE TransactionHandle,
|
|
_In_ BOOLEAN Wait);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwRollbackTransaction(
|
|
_In_ HANDLE TransactionHandle,
|
|
_In_ BOOLEAN Wait);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCreateResourceManager(
|
|
_Out_ PHANDLE ResourceManagerHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ HANDLE TmHandle,
|
|
_In_opt_ LPGUID ResourceManagerGuid,
|
|
_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
|
|
_In_opt_ ULONG CreateOptions,
|
|
_In_opt_ PUNICODE_STRING Description);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwOpenResourceManager(
|
|
_Out_ PHANDLE ResourceManagerHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ HANDLE TmHandle,
|
|
_In_ LPGUID ResourceManagerGuid,
|
|
_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwRecoverResourceManager(
|
|
_In_ HANDLE ResourceManagerHandle);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwGetNotificationResourceManager(
|
|
_In_ HANDLE ResourceManagerHandle,
|
|
_Out_ PTRANSACTION_NOTIFICATION TransactionNotification,
|
|
_In_ ULONG NotificationLength,
|
|
_In_ PLARGE_INTEGER Timeout,
|
|
_Out_opt_ PULONG ReturnLength,
|
|
_In_ ULONG Asynchronous,
|
|
_In_opt_ ULONG_PTR AsynchronousContext);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryInformationResourceManager(
|
|
_In_ HANDLE ResourceManagerHandle,
|
|
_In_ RESOURCEMANAGER_INFORMATION_CLASS ResourceManagerInformationClass,
|
|
_Out_writes_bytes_(ResourceManagerInformationLength) PVOID ResourceManagerInformation,
|
|
_In_ ULONG ResourceManagerInformationLength,
|
|
_Out_opt_ PULONG ReturnLength);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetInformationResourceManager(
|
|
_In_ HANDLE ResourceManagerHandle,
|
|
_In_ RESOURCEMANAGER_INFORMATION_CLASS ResourceManagerInformationClass,
|
|
_In_reads_bytes_(ResourceManagerInformationLength) PVOID ResourceManagerInformation,
|
|
_In_ ULONG ResourceManagerInformationLength);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCreateEnlistment(
|
|
_Out_ PHANDLE EnlistmentHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ HANDLE ResourceManagerHandle,
|
|
_In_ HANDLE TransactionHandle,
|
|
_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
|
|
_In_opt_ ULONG CreateOptions,
|
|
_In_ NOTIFICATION_MASK NotificationMask,
|
|
_In_opt_ PVOID EnlistmentKey);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwOpenEnlistment(
|
|
_Out_ PHANDLE EnlistmentHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ HANDLE RmHandle,
|
|
_In_ LPGUID EnlistmentGuid,
|
|
_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryInformationEnlistment(
|
|
_In_ HANDLE EnlistmentHandle,
|
|
_In_ ENLISTMENT_INFORMATION_CLASS EnlistmentInformationClass,
|
|
_Out_writes_bytes_(EnlistmentInformationLength) PVOID EnlistmentInformation,
|
|
_In_ ULONG EnlistmentInformationLength,
|
|
_Out_opt_ PULONG ReturnLength);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetInformationEnlistment(
|
|
_In_ HANDLE EnlistmentHandle,
|
|
_In_ ENLISTMENT_INFORMATION_CLASS EnlistmentInformationClass,
|
|
_In_reads_bytes_(EnlistmentInformationLength) PVOID EnlistmentInformation,
|
|
_In_ ULONG EnlistmentInformationLength);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwRecoverEnlistment(
|
|
_In_ HANDLE EnlistmentHandle,
|
|
_In_opt_ PVOID EnlistmentKey);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwPrePrepareEnlistment(
|
|
_In_ HANDLE EnlistmentHandle,
|
|
_In_opt_ PLARGE_INTEGER TmVirtualClock);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwPrepareEnlistment(
|
|
_In_ HANDLE EnlistmentHandle,
|
|
_In_opt_ PLARGE_INTEGER TmVirtualClock);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCommitEnlistment(
|
|
_In_ HANDLE EnlistmentHandle,
|
|
_In_opt_ PLARGE_INTEGER TmVirtualClock);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwRollbackEnlistment(
|
|
_In_ HANDLE EnlistmentHandle,
|
|
_In_opt_ PLARGE_INTEGER TmVirtualClock);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwPrePrepareComplete(
|
|
_In_ HANDLE EnlistmentHandle,
|
|
_In_opt_ PLARGE_INTEGER TmVirtualClock);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwPrepareComplete(
|
|
_In_ HANDLE EnlistmentHandle,
|
|
_In_opt_ PLARGE_INTEGER TmVirtualClock);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCommitComplete(
|
|
_In_ HANDLE EnlistmentHandle,
|
|
_In_opt_ PLARGE_INTEGER TmVirtualClock);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwReadOnlyEnlistment(
|
|
_In_ HANDLE EnlistmentHandle,
|
|
_In_opt_ PLARGE_INTEGER TmVirtualClock);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwRollbackComplete(
|
|
_In_ HANDLE EnlistmentHandle,
|
|
_In_opt_ PLARGE_INTEGER TmVirtualClock);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSinglePhaseReject(
|
|
_In_ HANDLE EnlistmentHandle,
|
|
_In_opt_ PLARGE_INTEGER TmVirtualClock);
|
|
$endif (_WDMDDK_)
|
|
$if (_NTIFS_)
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwLockFile(
|
|
_In_ HANDLE FileHandle,
|
|
_In_opt_ HANDLE Event,
|
|
_In_opt_ PIO_APC_ROUTINE ApcRoutine,
|
|
_In_opt_ PVOID ApcContext,
|
|
_Out_ PIO_STATUS_BLOCK IoStatusBlock,
|
|
_In_ PLARGE_INTEGER ByteOffset,
|
|
_In_ PLARGE_INTEGER Length,
|
|
_In_ ULONG Key,
|
|
_In_ BOOLEAN FailImmediately,
|
|
_In_ BOOLEAN ExclusiveLock);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwUnlockFile(
|
|
_In_ HANDLE FileHandle,
|
|
_Out_ PIO_STATUS_BLOCK IoStatusBlock,
|
|
_In_ PLARGE_INTEGER ByteOffset,
|
|
_In_ PLARGE_INTEGER Length,
|
|
_In_ ULONG Key);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryQuotaInformationFile(
|
|
_In_ HANDLE FileHandle,
|
|
_Out_ PIO_STATUS_BLOCK IoStatusBlock,
|
|
_Out_writes_bytes_(Length) PVOID Buffer,
|
|
_In_ ULONG Length,
|
|
_In_ BOOLEAN ReturnSingleEntry,
|
|
_In_reads_bytes_opt_(SidListLength) PVOID SidList,
|
|
_In_ ULONG SidListLength,
|
|
_In_opt_ PSID StartSid,
|
|
_In_ BOOLEAN RestartScan);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetQuotaInformationFile(
|
|
_In_ HANDLE FileHandle,
|
|
_Out_ PIO_STATUS_BLOCK IoStatusBlock,
|
|
_In_reads_bytes_(Length) PVOID Buffer,
|
|
_In_ ULONG Length);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwFlushBuffersFile(
|
|
_In_ HANDLE FileHandle,
|
|
_Out_ PIO_STATUS_BLOCK IoStatusBlock);
|
|
$endif (_NTIFS_)
|
|
$if (_WDMDDK_ || _NTIFS_)
|
|
#endif /* (NTDDI_VERSION >= NTDDI_VISTA) */
|
|
$endif (_WDMDDK_ || _NTIFS_)
|
|
#if (NTDDI_VERSION >= NTDDI_WIN7)
|
|
$if (_WDMDDK_)
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwOpenKeyEx(
|
|
_Out_ PHANDLE KeyHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ POBJECT_ATTRIBUTES ObjectAttributes,
|
|
_In_ ULONG OpenOptions);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwOpenKeyTransactedEx(
|
|
_Out_ PHANDLE KeyHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ POBJECT_ATTRIBUTES ObjectAttributes,
|
|
_In_ ULONG OpenOptions,
|
|
_In_ HANDLE TransactionHandle);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwNotifyChangeMultipleKeys(
|
|
_In_ HANDLE MasterKeyHandle,
|
|
_In_opt_ ULONG Count,
|
|
_In_opt_ OBJECT_ATTRIBUTES SubordinateObjects[],
|
|
_In_opt_ HANDLE Event,
|
|
_In_opt_ PIO_APC_ROUTINE ApcRoutine,
|
|
_In_opt_ PVOID ApcContext,
|
|
_Out_ PIO_STATUS_BLOCK IoStatusBlock,
|
|
_In_ ULONG CompletionFilter,
|
|
_In_ BOOLEAN WatchTree,
|
|
_Out_opt_ PVOID Buffer,
|
|
_In_ ULONG BufferSize,
|
|
_In_ BOOLEAN Asynchronous);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryMultipleValueKey(
|
|
_In_ HANDLE KeyHandle,
|
|
_Inout_ PKEY_VALUE_ENTRY ValueEntries,
|
|
_In_ ULONG EntryCount,
|
|
_Out_ PVOID ValueBuffer,
|
|
_Inout_ PULONG BufferLength,
|
|
_Out_opt_ PULONG RequiredBufferLength);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwRenameKey(
|
|
_In_ HANDLE KeyHandle,
|
|
_In_ PUNICODE_STRING NewName);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetInformationKey(
|
|
_In_ HANDLE KeyHandle,
|
|
_In_ __drv_strictTypeMatch(__drv_typeConst) KEY_SET_INFORMATION_CLASS KeySetInformationClass,
|
|
_In_reads_bytes_(KeySetInformationLength) PVOID KeySetInformation,
|
|
_In_ ULONG KeySetInformationLength);
|
|
|
|
$endif (_WDMDDK_)
|
|
$if (_NTDDK_)
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetTimerEx(
|
|
_In_ HANDLE TimerHandle,
|
|
_In_ TIMER_SET_INFORMATION_CLASS TimerSetInformationClass,
|
|
_Inout_updates_bytes_opt_(TimerSetInformationLength) PVOID TimerSetInformation,
|
|
_In_ ULONG TimerSetInformationLength);
|
|
$endif (_NTDDK_)
|
|
$if (_NTIFS_)
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetInformationToken(
|
|
_In_ HANDLE TokenHandle,
|
|
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass,
|
|
_In_reads_bytes_(TokenInformationLength) PVOID TokenInformation,
|
|
_In_ ULONG TokenInformationLength);
|
|
|
|
#if (VER_PRODUCTBUILD >= 2195)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwAdjustPrivilegesToken (
|
|
_In_ HANDLE TokenHandle,
|
|
_In_ BOOLEAN DisableAllPrivileges,
|
|
_In_ PTOKEN_PRIVILEGES NewState,
|
|
_In_ ULONG BufferLength,
|
|
_Out_opt_ PTOKEN_PRIVILEGES PreviousState,
|
|
_Out_ PULONG ReturnLength
|
|
);
|
|
#endif /* (VER_PRODUCTBUILD >= 2195) */
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwAlertThread (
|
|
_In_ HANDLE ThreadHandle
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwAccessCheckAndAuditAlarm (
|
|
_In_ PUNICODE_STRING SubsystemName,
|
|
_In_ PVOID HandleId,
|
|
_In_ PUNICODE_STRING ObjectTypeName,
|
|
_In_ PUNICODE_STRING ObjectName,
|
|
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ PGENERIC_MAPPING GenericMapping,
|
|
_In_ BOOLEAN ObjectCreation,
|
|
_Out_ PACCESS_MASK GrantedAccess,
|
|
_Out_ PBOOLEAN AccessStatus,
|
|
_Out_ PBOOLEAN GenerateOnClose
|
|
);
|
|
|
|
#if (VER_PRODUCTBUILD >= 2195)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCancelIoFile (
|
|
_In_ HANDLE FileHandle,
|
|
_Out_ PIO_STATUS_BLOCK IoStatusBlock
|
|
);
|
|
#endif /* (VER_PRODUCTBUILD >= 2195) */
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwClearEvent (
|
|
_In_ HANDLE EventHandle
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCloseObjectAuditAlarm (
|
|
_In_ PUNICODE_STRING SubsystemName,
|
|
_In_ PVOID HandleId,
|
|
_In_ BOOLEAN GenerateOnClose
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCreateSymbolicLinkObject (
|
|
_Out_ PHANDLE SymbolicLinkHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ POBJECT_ATTRIBUTES ObjectAttributes,
|
|
_In_ PUNICODE_STRING TargetName
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwFlushInstructionCache (
|
|
_In_ HANDLE ProcessHandle,
|
|
_In_opt_ PVOID BaseAddress,
|
|
_In_ ULONG FlushSize
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwFlushBuffersFile(
|
|
_In_ HANDLE FileHandle,
|
|
_Out_ PIO_STATUS_BLOCK IoStatusBlock
|
|
);
|
|
|
|
#if (VER_PRODUCTBUILD >= 2195)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwInitiatePowerAction (
|
|
_In_ POWER_ACTION SystemAction,
|
|
_In_ SYSTEM_POWER_STATE MinSystemState,
|
|
_In_ ULONG Flags,
|
|
_In_ BOOLEAN Asynchronous
|
|
);
|
|
#endif /* (VER_PRODUCTBUILD >= 2195) */
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwLoadKey (
|
|
_In_ POBJECT_ATTRIBUTES KeyObjectAttributes,
|
|
_In_ POBJECT_ATTRIBUTES FileObjectAttributes
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwOpenProcessToken (
|
|
_In_ HANDLE ProcessHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_Out_ PHANDLE TokenHandle
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwOpenThread (
|
|
_Out_ PHANDLE ThreadHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ POBJECT_ATTRIBUTES ObjectAttributes,
|
|
_In_ PCLIENT_ID ClientId
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwOpenThreadToken (
|
|
_In_ HANDLE ThreadHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ BOOLEAN OpenAsSelf,
|
|
_Out_ PHANDLE TokenHandle
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwPulseEvent (
|
|
_In_ HANDLE EventHandle,
|
|
_In_opt_ PLONG PulseCount
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryDefaultLocale (
|
|
_In_ BOOLEAN UserProfile,
|
|
_Out_ PLCID DefaultLocaleId
|
|
);
|
|
|
|
#if (VER_PRODUCTBUILD >= 2195)
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryDirectoryObject(
|
|
_In_ HANDLE DirectoryHandle,
|
|
_Out_ PVOID Buffer,
|
|
_In_ ULONG BufferLength,
|
|
_In_ BOOLEAN ReturnSingleEntry,
|
|
_In_ BOOLEAN RestartScan,
|
|
_Inout_ PULONG Context,
|
|
_Out_opt_ PULONG ReturnLength
|
|
);
|
|
#endif /* (VER_PRODUCTBUILD >= 2195) */
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryInformationProcess (
|
|
_In_ HANDLE ProcessHandle,
|
|
_In_ PROCESSINFOCLASS ProcessInformationClass,
|
|
_Out_ PVOID ProcessInformation,
|
|
_In_ ULONG ProcessInformationLength,
|
|
_Out_opt_ PULONG ReturnLength
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwReplaceKey (
|
|
_In_ POBJECT_ATTRIBUTES NewFileObjectAttributes,
|
|
_In_ HANDLE KeyHandle,
|
|
_In_ POBJECT_ATTRIBUTES OldFileObjectAttributes
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwResetEvent (
|
|
_In_ HANDLE EventHandle,
|
|
_Out_opt_ PLONG NumberOfWaitingThreads
|
|
);
|
|
|
|
#if (VER_PRODUCTBUILD >= 2195)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwRestoreKey (
|
|
_In_ HANDLE KeyHandle,
|
|
_In_ HANDLE FileHandle,
|
|
_In_ ULONG Flags
|
|
);
|
|
#endif /* (VER_PRODUCTBUILD >= 2195) */
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSaveKey (
|
|
_In_ HANDLE KeyHandle,
|
|
_In_ HANDLE FileHandle
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetDefaultLocale (
|
|
_In_ BOOLEAN UserProfile,
|
|
_In_ LCID DefaultLocaleId
|
|
);
|
|
|
|
#if (VER_PRODUCTBUILD >= 2195)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetDefaultUILanguage (
|
|
_In_ LANGID LanguageId
|
|
);
|
|
#endif /* (VER_PRODUCTBUILD >= 2195) */
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetInformationProcess (
|
|
_In_ HANDLE ProcessHandle,
|
|
_In_ PROCESSINFOCLASS ProcessInformationClass,
|
|
_In_ PVOID ProcessInformation,
|
|
_In_ ULONG ProcessInformationLength
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetSystemTime (
|
|
_In_ PLARGE_INTEGER NewTime,
|
|
_Out_opt_ PLARGE_INTEGER OldTime
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwUnloadKey (
|
|
_In_ POBJECT_ATTRIBUTES KeyObjectAttributes
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwWaitForMultipleObjects (
|
|
_In_ ULONG HandleCount,
|
|
_In_ PHANDLE Handles,
|
|
_In_ WAIT_TYPE WaitType,
|
|
_In_ BOOLEAN Alertable,
|
|
_In_opt_ PLARGE_INTEGER Timeout
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwYieldExecution (
|
|
VOID
|
|
);
|
|
|
|
$endif (_NTIFS_)
|
|
#endif /* (NTDDI_VERSION >= NTDDI_WIN7) */
|
|
|