├── README.md ├── LICENSE ├── syscalls.h └── ConvertSW3OutputToC ├── generator.py └── header.h /README.md: -------------------------------------------------------------------------------- 1 | ## 该项目已与StarFly项目整合 后续更新将推送至[StarFly仓库](https://github.com/cnmrsunshine/starfly) 2 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2025 CNMr.Sunshine 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /syscalls.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | // Code below is adapted from @modexpblog. Read linked article for more details. 4 | // https://www.mdsec.co.uk/2020/12/bypassing-user-mode-hooks-and-direct-invocation-of-system-calls-for-red-teams 5 | 6 | #ifndef SW3_HEADER_H_ 7 | #define SW3_HEADER_H_ 8 | #endif 9 | #include 10 | 11 | #ifndef _NTDEF_ 12 | typedef _Return_type_success_(return >= 0) LONG NTSTATUS; 13 | typedef NTSTATUS* PNTSTATUS; 14 | #endif 15 | 16 | #define SW3_SEED 0x4669CE5C 17 | #define SW3_ROL8(v) (v << 8 | v >> 24) 18 | #define SW3_ROR8(v) (v >> 8 | v << 24) 19 | #define SW3_ROX8(v) ((SW3_SEED % 2) ? SW3_ROL8(v) : SW3_ROR8(v)) 20 | #define SW3_RVA2VA(Type, DllBase, Rva) (Type)((ULONG_PTR) DllBase + Rva) 21 | 22 | // Typedefs are prefixed to avoid pollution. 23 | 24 | typedef struct _SW3_PEB_LDR_DATA { 25 | BYTE Reserved1[8]; 26 | PVOID Reserved2[3]; 27 | LIST_ENTRY InMemoryOrderModuleList; 28 | } SW3_PEB_LDR_DATA, *PSW3_PEB_LDR_DATA; 29 | 30 | typedef struct _SW3_LDR_DATA_TABLE_ENTRY { 31 | PVOID Reserved1[2]; 32 | LIST_ENTRY InMemoryOrderLinks; 33 | PVOID Reserved2[2]; 34 | PVOID DllBase; 35 | } SW3_LDR_DATA_TABLE_ENTRY, *PSW3_LDR_DATA_TABLE_ENTRY; 36 | 37 | typedef struct _SW3_PEB { 38 | BYTE Reserved1[2]; 39 | BYTE BeingDebugged; 40 | BYTE Reserved2[1]; 41 | PVOID Reserved3[2]; 42 | PSW3_PEB_LDR_DATA Ldr; 43 | } SW3_PEB, *PSW3_PEB; 44 | -------------------------------------------------------------------------------- /ConvertSW3OutputToC/generator.py: -------------------------------------------------------------------------------- 1 | import json 2 | import re 3 | 4 | def extract_prototypes(json_path): 5 | with open(json_path, 'r', encoding='utf-8') as f: 6 | prototypes = json.load(f) 7 | return prototypes 8 | 9 | def extract_hashes(asm_path): 10 | with open(asm_path, 'r', encoding='utf-8') as f: 11 | asm_content = f.read() 12 | 13 | # 正则匹配函数名和哈希值 14 | pattern = re.compile( 15 | r'Sw3(\w+)\s+PROC.*?mov\s+ecx,\s+([0-9A-Fa-f]+)h.*?Sw3\1\s+ENDP', 16 | re.DOTALL 17 | ) 18 | matches = pattern.findall(asm_content) 19 | hash_dict = {name: hash_val for name, hash_val in matches} 20 | return hash_dict 21 | 22 | def generate_function_code(func_name, func_info, func_hash): 23 | return_type = func_info.get('type', 'void') 24 | params = func_info.get('params', []) 25 | param_list = [f"{param['type']} {param['name']}" for param in params] 26 | param_str = ', '.join(param_list) 27 | assignments = [f" Params.param[{i+1}] = (DWORD_PTR){params[i]['name']};" for i in range(len(params))] 28 | assignments_str = ''.join(assignments) 29 | func_code = f"{return_type} SF{func_name}({param_str}) {{{assignments_str} Params.ParamNum = {len(params)}; Params.FuncHash = 0x{func_hash}; Params.IsLegacy = 1; *NullPointer = 1; GetFileAttributesW(L\"C:\\\\Windows\\\\notepad.exe\"); return 0;}}" 30 | return func_code 31 | 32 | def generate_extern_declaration(func_name, func_info): 33 | return_type = func_info.get('type', 'void') 34 | params = func_info.get('params', []) 35 | param_list = [] 36 | for param in params: 37 | param_type = param['type'] 38 | param_name = param['name'] 39 | param_list.append(f"{param_type} {param_name}") 40 | param_str = ', '.join(param_list) 41 | 42 | extern_declaration = f"extern {return_type} SF{func_name}({param_str});\n" 43 | return extern_declaration 44 | 45 | def main(): 46 | # 定义要跳过的函数数组 47 | skipped_functions = ['NtCreateFile', 'NtWriteFile', 'NtGetPlugPlayEvent'] 48 | # 用于存储实际被跳过的函数 49 | actually_skipped = [] 50 | 51 | prototypes_path = './prototypes.json' # SW3生成的文件 52 | asm_path = './syscalls-asm.x64.asm' # SW3生成的文件 53 | output_path = './output.c' 54 | extern_decls_path = './header.h' 55 | 56 | prototypes = extract_prototypes(prototypes_path) 57 | hashes = extract_hashes(asm_path) 58 | 59 | with open(output_path, 'w', encoding='utf-8') as out_file, \ 60 | open(extern_decls_path, 'w', encoding='utf-8') as extern_file: 61 | for func_name, func_info in prototypes.items(): 62 | # 检查是否需要跳过该函数 63 | if func_name in skipped_functions: 64 | actually_skipped.append(func_name) 65 | print(f"[!] 跳过函数: {func_name}") 66 | continue 67 | 68 | func_hash = hashes.get(func_name) 69 | if not func_hash: 70 | print(f"[-] 找不到函数 {func_name} 的哈希值") 71 | continue 72 | params = func_info.get('params', []) 73 | # 生成函数代码 74 | func_code = generate_function_code(func_name, func_info, func_hash) 75 | out_file.write(func_code + '\n') 76 | # 生成extern声明 77 | extern_decl = generate_extern_declaration(func_name, func_info) 78 | extern_file.write(extern_decl) 79 | 80 | # 在处理完成后打印被跳过的函数 81 | if actually_skipped: 82 | print("\n被跳过的函数列表:") 83 | for func in actually_skipped: 84 | print(f"- {func}") 85 | 86 | if __name__ == "__main__": 87 | main() -------------------------------------------------------------------------------- /ConvertSW3OutputToC/header.h: -------------------------------------------------------------------------------- 1 | extern NTSTATUS SFNtAccessCheck(PSECURITY_DESCRIPTOR pSecurityDescriptor, HANDLE ClientToken, ACCESS_MASK DesiaredAccess, PGENERIC_MAPPING GenericMapping, PPRIVILEGE_SET PrivilegeSet, PULONG PrivilegeSetLength, PACCESS_MASK GrantedAccess, PBOOLEAN AccessStatus); 2 | extern NTSTATUS SFNtWorkerFactoryWorkerReady(HANDLE WorkerFactoryHandle); 3 | extern NTSTATUS SFNtAcceptConnectPort(PHANDLE ServerPortHandle, ULONG AlternativeReceivePortHandle, PPORT_MESSAGE ConnectionReply, BOOLEAN AcceptConnection, PPORT_SECTION_WRITE ServerSharedMemory, PPORT_SECTION_READ ClientSharedMemory); 4 | extern NTSTATUS SFNtMapUserPhysicalPagesScatter(PVOID VirtualAddresses, PULONG NumberOfPages, PULONG UserPfnArray); 5 | extern NTSTATUS SFNtWaitForSingleObject(HANDLE ObjectHandle, BOOLEAN Alertable, PLARGE_INTEGER TimeOut); 6 | extern NTSTATUS SFNtCallbackReturn(PVOID OutputBuffer, ULONG OutputLength, NTSTATUS Status); 7 | extern NTSTATUS SFNtReadFile(HANDLE FileHandle, HANDLE Event, PIO_APC_ROUTINE ApcRoutine, PVOID ApcContext, PIO_STATUS_BLOCK IoStatusBlock, PVOID Buffer, ULONG Length, PLARGE_INTEGER ByteOffset, PULONG Key); 8 | extern NTSTATUS SFNtDeviceIoControlFile(HANDLE FileHandle, HANDLE Event, PIO_APC_ROUTINE ApcRoutine, PVOID ApcContext, PIO_STATUS_BLOCK IoStatusBlock, ULONG IoControlCode, PVOID InputBuffer, ULONG InputBufferLength, PVOID OutputBuffer, ULONG OutputBufferLength); 9 | extern NTSTATUS SFNtRemoveIoCompletion(HANDLE IoCompletionHandle, PULONG KeyContext, PULONG ApcContext, PIO_STATUS_BLOCK IoStatusBlock, PLARGE_INTEGER Timeout); 10 | extern NTSTATUS SFNtReleaseSemaphore(HANDLE SemaphoreHandle, LONG ReleaseCount, PLONG PreviousCount); 11 | extern NTSTATUS SFNtReplyWaitReceivePort(HANDLE PortHandle, PVOID PortContext, PPORT_MESSAGE ReplyMessage, PPORT_MESSAGE ReceiveMessage); 12 | extern NTSTATUS SFNtReplyPort(HANDLE PortHandle, PPORT_MESSAGE ReplyMessage); 13 | extern NTSTATUS SFNtSetInformationThread(HANDLE ThreadHandle, THREADINFOCLASS ThreadInformationClass, PVOID ThreadInformation, ULONG ThreadInformationLength); 14 | extern NTSTATUS SFNtSetEvent(HANDLE EventHandle, PULONG PreviousState); 15 | extern NTSTATUS SFNtClose(HANDLE Handle); 16 | extern NTSTATUS SFNtQueryObject(HANDLE Handle, OBJECT_INFORMATION_CLASS ObjectInformationClass, PVOID ObjectInformation, ULONG ObjectInformationLength, PULONG ReturnLength); 17 | extern NTSTATUS SFNtQueryInformationFile(HANDLE FileHandle, PIO_STATUS_BLOCK IoStatusBlock, PVOID FileInformation, ULONG Length, FILE_INFORMATION_CLASS FileInformationClass); 18 | extern NTSTATUS SFNtOpenKey(PHANDLE KeyHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes); 19 | extern NTSTATUS SFNtEnumerateValueKey(HANDLE KeyHandle, ULONG Index, KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass, PVOID KeyValueInformation, ULONG Length, PULONG ResultLength); 20 | extern NTSTATUS SFNtFindAtom(PWSTR AtomName, ULONG Length, PUSHORT Atom); 21 | extern NTSTATUS SFNtQueryDefaultLocale(BOOLEAN UserProfile, PLCID DefaultLocaleId); 22 | extern NTSTATUS SFNtQueryKey(HANDLE KeyHandle, KEY_INFORMATION_CLASS KeyInformationClass, PVOID KeyInformation, ULONG Length, PULONG ResultLength); 23 | extern NTSTATUS SFNtQueryValueKey(HANDLE KeyHandle, PUNICODE_STRING ValueName, KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass, PVOID KeyValueInformation, ULONG Length, PULONG ResultLength); 24 | extern NTSTATUS SFNtAllocateVirtualMemory(HANDLE ProcessHandle, PVOID * BaseAddress, ULONG ZeroBits, PSIZE_T RegionSize, ULONG AllocationType, ULONG Protect); 25 | extern NTSTATUS SFNtQueryInformationProcess(HANDLE ProcessHandle, PROCESSINFOCLASS ProcessInformationClass, PVOID ProcessInformation, ULONG ProcessInformationLength, PULONG ReturnLength); 26 | extern NTSTATUS SFNtWaitForMultipleObjects32(ULONG ObjectCount, PHANDLE Handles, WAIT_TYPE WaitType, BOOLEAN Alertable, PLARGE_INTEGER Timeout); 27 | extern NTSTATUS SFNtWriteFileGather(HANDLE FileHandle, HANDLE Event, PIO_APC_ROUTINE ApcRoutine, PVOID ApcContext, PIO_STATUS_BLOCK IoStatusBlock, PFILE_SEGMENT_ELEMENT SegmentArray, ULONG Length, PLARGE_INTEGER ByteOffset, PULONG Key); 28 | extern NTSTATUS SFNtCreateKey(PHANDLE KeyHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, ULONG TitleIndex, PUNICODE_STRING Class, ULONG CreateOptions, PULONG Disposition); 29 | extern NTSTATUS SFNtFreeVirtualMemory(HANDLE ProcessHandle, PVOID * BaseAddress, PSIZE_T RegionSize, ULONG FreeType); 30 | extern NTSTATUS SFNtImpersonateClientOfPort(HANDLE PortHandle, PPORT_MESSAGE Message); 31 | extern NTSTATUS SFNtReleaseMutant(HANDLE MutantHandle, PULONG PreviousCount); 32 | extern NTSTATUS SFNtQueryInformationToken(HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, PVOID TokenInformation, ULONG TokenInformationLength, PULONG ReturnLength); 33 | extern NTSTATUS SFNtRequestWaitReplyPort(HANDLE PortHandle, PPORT_MESSAGE RequestMessage, PPORT_MESSAGE ReplyMessage); 34 | extern NTSTATUS SFNtQueryVirtualMemory(HANDLE ProcessHandle, PVOID BaseAddress, MEMORY_INFORMATION_CLASS MemoryInformationClass, PVOID MemoryInformation, SIZE_T MemoryInformationLength, PSIZE_T ReturnLength); 35 | extern NTSTATUS SFNtOpenThreadToken(HANDLE ThreadHandle, ACCESS_MASK DesiredAccess, BOOLEAN OpenAsSelf, PHANDLE TokenHandle); 36 | extern NTSTATUS SFNtQueryInformationThread(HANDLE ThreadHandle, THREADINFOCLASS ThreadInformationClass, PVOID ThreadInformation, ULONG ThreadInformationLength, PULONG ReturnLength); 37 | extern NTSTATUS SFNtOpenProcess(PHANDLE ProcessHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, PCLIENT_ID ClientId); 38 | extern NTSTATUS SFNtSetInformationFile(HANDLE FileHandle, PIO_STATUS_BLOCK IoStatusBlock, PVOID FileInformation, ULONG Length, FILE_INFORMATION_CLASS FileInformationClass); 39 | extern NTSTATUS SFNtMapViewOfSection(HANDLE SectionHandle, HANDLE ProcessHandle, PVOID BaseAddress, ULONG ZeroBits, SIZE_T CommitSize, PLARGE_INTEGER SectionOffset, PSIZE_T ViewSize, SECTION_INHERIT InheritDisposition, ULONG AllocationType, ULONG Win32Protect); 40 | extern NTSTATUS SFNtAccessCheckAndAuditAlarm(PUNICODE_STRING SubsystemName, PVOID HandleId, PUNICODE_STRING ObjectTypeName, PUNICODE_STRING ObjectName, PSECURITY_DESCRIPTOR SecurityDescriptor, ACCESS_MASK DesiredAccess, PGENERIC_MAPPING GenericMapping, BOOLEAN ObjectCreation, PACCESS_MASK GrantedAccess, PBOOLEAN AccessStatus, PBOOLEAN GenerateOnClose); 41 | extern NTSTATUS SFNtUnmapViewOfSection(HANDLE ProcessHandle, PVOID BaseAddress); 42 | extern NTSTATUS SFNtReplyWaitReceivePortEx(HANDLE PortHandle, PULONG PortContext, PPORT_MESSAGE ReplyMessage, PPORT_MESSAGE ReceiveMessage, PLARGE_INTEGER Timeout); 43 | extern NTSTATUS SFNtTerminateProcess(HANDLE ProcessHandle, NTSTATUS ExitStatus); 44 | extern NTSTATUS SFNtSetEventBoostPriority(HANDLE EventHandle); 45 | extern NTSTATUS SFNtReadFileScatter(HANDLE FileHandle, HANDLE Event, PIO_APC_ROUTINE ApcRoutine, PVOID ApcContext, PIO_STATUS_BLOCK IoStatusBlock, PFILE_SEGMENT_ELEMENT SegmentArray, ULONG Length, PLARGE_INTEGER ByteOffset, PULONG Key); 46 | extern NTSTATUS SFNtOpenThreadTokenEx(HANDLE ThreadHandle, ACCESS_MASK DesiredAccess, BOOLEAN OpenAsSelf, ULONG HandleAttributes, PHANDLE TokenHandle); 47 | extern NTSTATUS SFNtOpenProcessTokenEx(HANDLE ProcessHandle, ACCESS_MASK DesiredAccess, ULONG HandleAttributes, PHANDLE TokenHandle); 48 | extern NTSTATUS SFNtQueryPerformanceCounter(PLARGE_INTEGER PerformanceCounter, PLARGE_INTEGER PerformanceFrequency); 49 | extern NTSTATUS SFNtEnumerateKey(HANDLE KeyHandle, ULONG Index, KEY_INFORMATION_CLASS KeyInformationClass, PVOID KeyInformation, ULONG Length, PULONG ResultLength); 50 | extern NTSTATUS SFNtOpenFile(PHANDLE FileHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, PIO_STATUS_BLOCK IoStatusBlock, ULONG ShareAccess, ULONG OpenOptions); 51 | extern NTSTATUS SFNtDelayExecution(BOOLEAN Alertable, PLARGE_INTEGER DelayInterval); 52 | extern NTSTATUS SFNtQueryDirectoryFile(HANDLE FileHandle, HANDLE Event, PIO_APC_ROUTINE ApcRoutine, PVOID ApcContext, PIO_STATUS_BLOCK IoStatusBlock, PVOID FileInformation, ULONG Length, FILE_INFORMATION_CLASS FileInformationClass, BOOLEAN ReturnSingleEntry, PUNICODE_STRING FileName, BOOLEAN RestartScan); 53 | extern NTSTATUS SFNtQuerySystemInformation(SYSTEM_INFORMATION_CLASS SystemInformationClass, PVOID SystemInformation, ULONG SystemInformationLength, PULONG ReturnLength); 54 | extern NTSTATUS SFNtOpenSection(PHANDLE SectionHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes); 55 | extern NTSTATUS SFNtQueryTimer(HANDLE TimerHandle, TIMER_INFORMATION_CLASS TimerInformationClass, PVOID TimerInformation, ULONG TimerInformationLength, PULONG ReturnLength); 56 | extern NTSTATUS SFNtFsControlFile(HANDLE FileHandle, HANDLE Event, PIO_APC_ROUTINE ApcRoutine, PVOID ApcContext, PIO_STATUS_BLOCK IoStatusBlock, ULONG FsControlCode, PVOID InputBuffer, ULONG InputBufferLength, PVOID OutputBuffer, ULONG OutputBufferLength); 57 | extern NTSTATUS SFNtWriteVirtualMemory(HANDLE ProcessHandle, PVOID BaseAddress, PVOID Buffer, SIZE_T NumberOfBytesToWrite, PSIZE_T NumberOfBytesWritten); 58 | extern NTSTATUS SFNtCloseObjectAuditAlarm(PUNICODE_STRING SubsystemName, PVOID HandleId, BOOLEAN GenerateOnClose); 59 | extern NTSTATUS SFNtDuplicateObject(HANDLE SourceProcessHandle, HANDLE SourceHandle, HANDLE TargetProcessHandle, PHANDLE TargetHandle, ACCESS_MASK DesiredAccess, ULONG HandleAttributes, ULONG Options); 60 | extern NTSTATUS SFNtQueryAttributesFile(POBJECT_ATTRIBUTES ObjectAttributes, PFILE_BASIC_INFORMATION FileInformation); 61 | extern NTSTATUS SFNtClearEvent(HANDLE EventHandle); 62 | extern NTSTATUS SFNtReadVirtualMemory(HANDLE ProcessHandle, PVOID BaseAddress, PVOID Buffer, SIZE_T BufferSize, PSIZE_T NumberOfBytesRead); 63 | extern NTSTATUS SFNtOpenEvent(PHANDLE EventHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes); 64 | extern NTSTATUS SFNtAdjustPrivilegesToken(HANDLE TokenHandle, BOOLEAN DisableAllPrivileges, PTOKEN_PRIVILEGES NewState, ULONG BufferLength, PTOKEN_PRIVILEGES PreviousState, PULONG ReturnLength); 65 | extern NTSTATUS SFNtDuplicateToken(HANDLE ExistingTokenHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, BOOLEAN EffectiveOnly, TOKEN_TYPE TokenType, PHANDLE NewTokenHandle); 66 | extern NTSTATUS SFNtContinue(PCONTEXT ContextRecord, BOOLEAN TestAlert); 67 | extern NTSTATUS SFNtQueryDefaultUILanguage(PLANGID DefaultUILanguageId); 68 | extern NTSTATUS SFNtQueueApcThread(HANDLE ThreadHandle, PKNORMAL_ROUTINE ApcRoutine, PVOID ApcArgument1, PVOID ApcArgument2, PVOID ApcArgument3); 69 | extern NTSTATUS SFNtYieldExecution(); 70 | extern NTSTATUS SFNtAddAtom(PWSTR AtomName, ULONG Length, PUSHORT Atom); 71 | extern NTSTATUS SFNtCreateEvent(PHANDLE EventHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, EVENT_TYPE EventType, BOOLEAN InitialState); 72 | extern NTSTATUS SFNtQueryVolumeInformationFile(HANDLE FileHandle, PIO_STATUS_BLOCK IoStatusBlock, PVOID FsInformation, ULONG Length, FSINFOCLASS FsInformationClass); 73 | extern NTSTATUS SFNtCreateSection(PHANDLE SectionHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, PLARGE_INTEGER MaximumSize, ULONG SectionPageProtection, ULONG AllocationAttributes, HANDLE FileHandle); 74 | extern NTSTATUS SFNtFlushBuffersFile(HANDLE FileHandle, PIO_STATUS_BLOCK IoStatusBlock); 75 | extern NTSTATUS SFNtApphelpCacheControl(APPHELPCACHESERVICECLASS Service, PVOID ServiceData); 76 | extern NTSTATUS SFNtCreateProcessEx(PHANDLE ProcessHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, HANDLE ParentProcess, ULONG Flags, HANDLE SectionHandle, HANDLE DebugPort, HANDLE ExceptionPort, ULONG JobMemberLevel); 77 | extern NTSTATUS SFNtCreateThread(PHANDLE ThreadHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, HANDLE ProcessHandle, PCLIENT_ID ClientId, PCONTEXT ThreadContext, PUSER_STACK InitialTeb, BOOLEAN CreateSuspended); 78 | extern NTSTATUS SFNtIsProcessInJob(HANDLE ProcessHandle, HANDLE JobHandle); 79 | extern NTSTATUS SFNtProtectVirtualMemory(HANDLE ProcessHandle, PVOID * BaseAddress, PSIZE_T RegionSize, ULONG NewProtect, PULONG OldProtect); 80 | extern NTSTATUS SFNtQuerySection(HANDLE SectionHandle, SECTION_INFORMATION_CLASS SectionInformationClass, PVOID SectionInformation, ULONG SectionInformationLength, PULONG ReturnLength); 81 | extern NTSTATUS SFNtResumeThread(HANDLE ThreadHandle, PULONG PreviousSuspendCount); 82 | extern NTSTATUS SFNtTerminateThread(HANDLE ThreadHandle, NTSTATUS ExitStatus); 83 | extern NTSTATUS SFNtReadRequestData(HANDLE PortHandle, PPORT_MESSAGE Message, ULONG DataEntryIndex, PVOID Buffer, ULONG BufferSize, PULONG NumberOfBytesRead); 84 | extern NTSTATUS SFNtQueryEvent(HANDLE EventHandle, EVENT_INFORMATION_CLASS EventInformationClass, PVOID EventInformation, ULONG EventInformationLength, PULONG ReturnLength); 85 | extern NTSTATUS SFNtWriteRequestData(HANDLE PortHandle, PPORT_MESSAGE Request, ULONG DataIndex, PVOID Buffer, ULONG Length, PULONG ResultLength); 86 | extern NTSTATUS SFNtOpenDirectoryObject(PHANDLE DirectoryHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes); 87 | extern NTSTATUS SFNtAccessCheckByTypeAndAuditAlarm(PUNICODE_STRING SubsystemName, PVOID HandleId, PUNICODE_STRING ObjectTypeName, PUNICODE_STRING ObjectName, PSECURITY_DESCRIPTOR SecurityDescriptor, PSID PrincipalSelfSid, ACCESS_MASK DesiredAccess, AUDIT_EVENT_TYPE AuditType, ULONG Flags, POBJECT_TYPE_LIST ObjectTypeList, ULONG ObjectTypeListLength, PGENERIC_MAPPING GenericMapping, BOOLEAN ObjectCreation, PACCESS_MASK GrantedAccess, PULONG AccessStatus, PBOOLEAN GenerateOnClose); 88 | extern NTSTATUS SFNtWaitForMultipleObjects(ULONG Count, PHANDLE Handles, WAIT_TYPE WaitType, BOOLEAN Alertable, PLARGE_INTEGER Timeout); 89 | extern NTSTATUS SFNtSetInformationObject(HANDLE Handle, OBJECT_INFORMATION_CLASS ObjectInformationClass, PVOID ObjectInformation, ULONG ObjectInformationLength); 90 | extern NTSTATUS SFNtCancelIoFile(HANDLE FileHandle, PIO_STATUS_BLOCK IoStatusBlock); 91 | extern NTSTATUS SFNtTraceEvent(HANDLE TraceHandle, ULONG Flags, ULONG FieldSize, PVOID Fields); 92 | extern NTSTATUS SFNtPowerInformation(POWER_INFORMATION_LEVEL InformationLevel, PVOID InputBuffer, ULONG InputBufferLength, PVOID OutputBuffer, ULONG OutputBufferLength); 93 | extern NTSTATUS SFNtSetValueKey(HANDLE KeyHandle, PUNICODE_STRING ValueName, ULONG TitleIndex, ULONG Type, PVOID SystemData, ULONG DataSize); 94 | extern NTSTATUS SFNtCancelTimer(HANDLE TimerHandle, PBOOLEAN CurrentState); 95 | extern NTSTATUS SFNtSetTimer(HANDLE TimerHandle, PLARGE_INTEGER DueTime, PTIMER_APC_ROUTINE TimerApcRoutine, PVOID TimerContext, BOOLEAN ResumeTimer, LONG Period, PBOOLEAN PreviousState); 96 | extern NTSTATUS SFNtAccessCheckByType(PSECURITY_DESCRIPTOR SecurityDescriptor, PSID PrincipalSelfSid, HANDLE ClientToken, ULONG DesiredAccess, POBJECT_TYPE_LIST ObjectTypeList, ULONG ObjectTypeListLength, PGENERIC_MAPPING GenericMapping, PPRIVILEGE_SET PrivilegeSet, PULONG PrivilegeSetLength, PACCESS_MASK GrantedAccess, PULONG AccessStatus); 97 | extern NTSTATUS SFNtAccessCheckByTypeResultList(PSECURITY_DESCRIPTOR SecurityDescriptor, PSID PrincipalSelfSid, HANDLE ClientToken, ACCESS_MASK DesiredAccess, POBJECT_TYPE_LIST ObjectTypeList, ULONG ObjectTypeListLength, PGENERIC_MAPPING GenericMapping, PPRIVILEGE_SET PrivilegeSet, PULONG PrivilegeSetLength, PACCESS_MASK GrantedAccess, PULONG AccessStatus); 98 | extern NTSTATUS SFNtAccessCheckByTypeResultListAndAuditAlarm(PUNICODE_STRING SubsystemName, PVOID HandleId, PUNICODE_STRING ObjectTypeName, PUNICODE_STRING ObjectName, PSECURITY_DESCRIPTOR SecurityDescriptor, PSID PrincipalSelfSid, ACCESS_MASK DesiredAccess, AUDIT_EVENT_TYPE AuditType, ULONG Flags, POBJECT_TYPE_LIST ObjectTypeList, ULONG ObjectTypeListLength, PGENERIC_MAPPING GenericMapping, BOOLEAN ObjectCreation, PACCESS_MASK GrantedAccess, PULONG AccessStatus, PULONG GenerateOnClose); 99 | extern NTSTATUS SFNtAccessCheckByTypeResultListAndAuditAlarmByHandle(PUNICODE_STRING SubsystemName, PVOID HandleId, HANDLE ClientToken, PUNICODE_STRING ObjectTypeName, PUNICODE_STRING ObjectName, PSECURITY_DESCRIPTOR SecurityDescriptor, PSID PrincipalSelfSid, ACCESS_MASK DesiredAccess, AUDIT_EVENT_TYPE AuditType, ULONG Flags, POBJECT_TYPE_LIST ObjectTypeList, ULONG ObjectTypeListLength, PGENERIC_MAPPING GenericMapping, BOOLEAN ObjectCreation, PACCESS_MASK GrantedAccess, PULONG AccessStatus, PULONG GenerateOnClose); 100 | extern NTSTATUS SFNtAcquireProcessActivityReference(); 101 | extern NTSTATUS SFNtAddAtomEx(PWSTR AtomName, ULONG Length, PRTL_ATOM Atom, ULONG Flags); 102 | extern NTSTATUS SFNtAddBootEntry(PBOOT_ENTRY BootEntry, PULONG Id); 103 | extern NTSTATUS SFNtAddDriverEntry(PEFI_DRIVER_ENTRY DriverEntry, PULONG Id); 104 | extern NTSTATUS SFNtAdjustGroupsToken(HANDLE TokenHandle, BOOLEAN ResetToDefault, PTOKEN_GROUPS NewState, ULONG BufferLength, PTOKEN_GROUPS PreviousState, PULONG ReturnLength); 105 | extern NTSTATUS SFNtAdjustTokenClaimsAndDeviceGroups(HANDLE TokenHandle, BOOLEAN UserResetToDefault, BOOLEAN DeviceResetToDefault, BOOLEAN DeviceGroupsResetToDefault, PTOKEN_SECURITY_ATTRIBUTES_INFORMATION NewUserState, PTOKEN_SECURITY_ATTRIBUTES_INFORMATION NewDeviceState, PTOKEN_GROUPS NewDeviceGroupsState, ULONG UserBufferLength, PTOKEN_SECURITY_ATTRIBUTES_INFORMATION PreviousUserState, ULONG DeviceBufferLength, PTOKEN_SECURITY_ATTRIBUTES_INFORMATION PreviousDeviceState, ULONG DeviceGroupsBufferLength, PTOKEN_GROUPS PreviousDeviceGroups, PULONG UserReturnLength, PULONG DeviceReturnLength, PULONG DeviceGroupsReturnBufferLength); 106 | extern NTSTATUS SFNtAlertResumeThread(HANDLE ThreadHandle, PULONG PreviousSuspendCount); 107 | extern NTSTATUS SFNtAlertThread(HANDLE ThreadHandle); 108 | extern NTSTATUS SFNtAlertThreadByThreadId(ULONG ThreadId); 109 | extern NTSTATUS SFNtAllocateLocallyUniqueId(PLUID Luid); 110 | extern NTSTATUS SFNtAllocateReserveObject(PHANDLE MemoryReserveHandle, POBJECT_ATTRIBUTES ObjectAttributes, MEMORY_RESERVE_TYPE Type); 111 | extern NTSTATUS SFNtAllocateUserPhysicalPages(HANDLE ProcessHandle, PULONG NumberOfPages, PULONG UserPfnArray); 112 | extern NTSTATUS SFNtAllocateUuids(PLARGE_INTEGER Time, PULONG Range, PULONG Sequence, PUCHAR Seed); 113 | extern NTSTATUS SFNtAllocateVirtualMemoryEx(HANDLE ProcessHandle, PPVOID lpAddress, ULONG_PTR ZeroBits, PSIZE_T pSize, ULONG flAllocationType, PVOID DataBuffer, ULONG DataCount); 114 | extern NTSTATUS SFNtAlpcAcceptConnectPort(PHANDLE PortHandle, HANDLE ConnectionPortHandle, ULONG Flags, POBJECT_ATTRIBUTES ObjectAttributes, PALPC_PORT_ATTRIBUTES PortAttributes, PVOID PortContext, PPORT_MESSAGE ConnectionRequest, PALPC_MESSAGE_ATTRIBUTES ConnectionMessageAttributes, BOOLEAN AcceptConnection); 115 | extern NTSTATUS SFNtAlpcCancelMessage(HANDLE PortHandle, ULONG Flags, PALPC_CONTEXT_ATTR MessageContext); 116 | extern NTSTATUS SFNtAlpcConnectPort(PHANDLE PortHandle, PUNICODE_STRING PortName, POBJECT_ATTRIBUTES ObjectAttributes, PALPC_PORT_ATTRIBUTES PortAttributes, ULONG Flags, PSID RequiredServerSid, PPORT_MESSAGE ConnectionMessage, PULONG BufferLength, PALPC_MESSAGE_ATTRIBUTES OutMessageAttributes, PALPC_MESSAGE_ATTRIBUTES InMessageAttributes, PLARGE_INTEGER Timeout); 117 | extern NTSTATUS SFNtAlpcConnectPortEx(PHANDLE PortHandle, POBJECT_ATTRIBUTES ConnectionPortObjectAttributes, POBJECT_ATTRIBUTES ClientPortObjectAttributes, PALPC_PORT_ATTRIBUTES PortAttributes, ULONG Flags, PSECURITY_DESCRIPTOR ServerSecurityRequirements, PPORT_MESSAGE ConnectionMessage, PSIZE_T BufferLength, PALPC_MESSAGE_ATTRIBUTES OutMessageAttributes, PALPC_MESSAGE_ATTRIBUTES InMessageAttributes, PLARGE_INTEGER Timeout); 118 | extern NTSTATUS SFNtAlpcCreatePort(PHANDLE PortHandle, POBJECT_ATTRIBUTES ObjectAttributes, PALPC_PORT_ATTRIBUTES PortAttributes); 119 | extern NTSTATUS SFNtAlpcCreatePortSection(HANDLE PortHandle, ULONG Flags, HANDLE SectionHandle, SIZE_T SectionSize, PHANDLE AlpcSectionHandle, PSIZE_T ActualSectionSize); 120 | extern NTSTATUS SFNtAlpcCreateResourceReserve(HANDLE PortHandle, ULONG Flags, SIZE_T MessageSize, PHANDLE ResourceId); 121 | extern NTSTATUS SFNtAlpcCreateSectionView(HANDLE PortHandle, ULONG Flags, PALPC_DATA_VIEW_ATTR ViewAttributes); 122 | extern NTSTATUS SFNtAlpcCreateSecurityContext(HANDLE PortHandle, ULONG Flags, PALPC_SECURITY_ATTR SecurityAttribute); 123 | extern NTSTATUS SFNtAlpcDeletePortSection(HANDLE PortHandle, ULONG Flags, HANDLE SectionHandle); 124 | extern NTSTATUS SFNtAlpcDeleteResourceReserve(HANDLE PortHandle, ULONG Flags, HANDLE ResourceId); 125 | extern NTSTATUS SFNtAlpcDeleteSectionView(HANDLE PortHandle, ULONG Flags, PVOID ViewBase); 126 | extern NTSTATUS SFNtAlpcDeleteSecurityContext(HANDLE PortHandle, ULONG Flags, HANDLE ContextHandle); 127 | extern NTSTATUS SFNtAlpcDisconnectPort(HANDLE PortHandle, ULONG Flags); 128 | extern NTSTATUS SFNtAlpcImpersonateClientContainerOfPort(HANDLE PortHandle, PPORT_MESSAGE Message, ULONG Flags); 129 | extern NTSTATUS SFNtAlpcImpersonateClientOfPort(HANDLE PortHandle, PPORT_MESSAGE Message, PVOID Flags); 130 | extern NTSTATUS SFNtAlpcOpenSenderProcess(PHANDLE ProcessHandle, HANDLE PortHandle, PPORT_MESSAGE PortMessage, ULONG Flags, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes); 131 | extern NTSTATUS SFNtAlpcOpenSenderThread(PHANDLE ThreadHandle, HANDLE PortHandle, PPORT_MESSAGE PortMessage, ULONG Flags, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes); 132 | extern NTSTATUS SFNtAlpcQueryInformation(HANDLE PortHandle, ALPC_PORT_INFORMATION_CLASS PortInformationClass, PVOID PortInformation, ULONG Length, PULONG ReturnLength); 133 | extern NTSTATUS SFNtAlpcQueryInformationMessage(HANDLE PortHandle, PPORT_MESSAGE PortMessage, ALPC_MESSAGE_INFORMATION_CLASS MessageInformationClass, PVOID MessageInformation, ULONG Length, PULONG ReturnLength); 134 | extern NTSTATUS SFNtAlpcRevokeSecurityContext(HANDLE PortHandle, ULONG Flags, HANDLE ContextHandle); 135 | extern NTSTATUS SFNtAlpcSendWaitReceivePort(HANDLE PortHandle, ULONG Flags, PPORT_MESSAGE SendMessage, PALPC_MESSAGE_ATTRIBUTES SendMessageAttributes, PPORT_MESSAGE ReceiveMessage, PSIZE_T BufferLength, PALPC_MESSAGE_ATTRIBUTES ReceiveMessageAttributes, PLARGE_INTEGER Timeout); 136 | extern NTSTATUS SFNtAlpcSetInformation(HANDLE PortHandle, ALPC_PORT_INFORMATION_CLASS PortInformationClass, PVOID PortInformation, ULONG Length); 137 | extern NTSTATUS SFNtAreMappedFilesTheSame(PVOID File1MappedAsAnImage, PVOID File2MappedAsFile); 138 | extern NTSTATUS SFNtAssignProcessToJobObject(HANDLE JobHandle, HANDLE ProcessHandle); 139 | extern NTSTATUS SFNtAssociateWaitCompletionPacket(HANDLE WaitCompletionPacketHandle, HANDLE IoCompletionHandle, HANDLE TargetObjectHandle, PVOID KeyContext, PVOID ApcContext, NTSTATUS IoStatus, ULONG_PTR IoStatusInformation, PBOOLEAN AlreadySignaled); 140 | extern NTSTATUS SFNtCallEnclave(PENCLAVE_ROUTINE Routine, PVOID Parameter, BOOLEAN WaitForThread, PVOID ReturnValue); 141 | extern NTSTATUS SFNtCancelIoFileEx(HANDLE FileHandle, PIO_STATUS_BLOCK IoRequestToCancel, PIO_STATUS_BLOCK IoStatusBlock); 142 | extern NTSTATUS SFNtCancelSynchronousIoFile(HANDLE ThreadHandle, PIO_STATUS_BLOCK IoRequestToCancel, PIO_STATUS_BLOCK IoStatusBlock); 143 | extern NTSTATUS SFNtCancelTimer2(HANDLE TimerHandle, PT2_CANCEL_PARAMETERS Parameters); 144 | extern NTSTATUS SFNtCancelWaitCompletionPacket(HANDLE WaitCompletionPacketHandle, BOOLEAN RemoveSignaledPacket); 145 | extern NTSTATUS SFNtCommitComplete(HANDLE EnlistmentHandle, PLARGE_INTEGER TmVirtualClock); 146 | extern NTSTATUS SFNtCommitEnlistment(HANDLE EnlistmentHandle, PLARGE_INTEGER TmVirtualClock); 147 | extern NTSTATUS SFNtCommitRegistryTransaction(HANDLE RegistryHandle, BOOL Wait); 148 | extern NTSTATUS SFNtCommitTransaction(HANDLE TransactionHandle, BOOLEAN Wait); 149 | extern NTSTATUS SFNtCompactKeys(ULONG Count, HANDLE KeyArray); 150 | extern NTSTATUS SFNtCompareObjects(HANDLE FirstObjectHandle, HANDLE SecondObjectHandle); 151 | extern NTSTATUS SFNtCompareSigningLevels(ULONG UnknownParameter1, ULONG UnknownParameter2); 152 | extern NTSTATUS SFNtCompareTokens(HANDLE FirstTokenHandle, HANDLE SecondTokenHandle, PBOOLEAN Equal); 153 | extern NTSTATUS SFNtCompleteConnectPort(HANDLE PortHandle); 154 | extern NTSTATUS SFNtCompressKey(HANDLE Key); 155 | extern NTSTATUS SFNtConnectPort(PHANDLE PortHandle, PUNICODE_STRING PortName, PSECURITY_QUALITY_OF_SERVICE SecurityQos, PPORT_SECTION_WRITE ClientView, PPORT_SECTION_READ ServerView, PULONG MaxMessageLength, PVOID ConnectionInformation, PULONG ConnectionInformationLength); 156 | extern NTSTATUS SFNtConvertBetweenAuxiliaryCounterAndPerformanceCounter(ULONG UnknownParameter1, ULONG UnknownParameter2, ULONG UnknownParameter3, ULONG UnknownParameter4); 157 | extern NTSTATUS SFNtCreateDebugObject(PHANDLE DebugObjectHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, ULONG Flags); 158 | extern NTSTATUS SFNtCreateDirectoryObject(PHANDLE DirectoryHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes); 159 | extern NTSTATUS SFNtCreateDirectoryObjectEx(PHANDLE DirectoryHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, HANDLE ShadowDirectoryHandle, ULONG Flags); 160 | extern NTSTATUS SFNtCreateEnclave(HANDLE ProcessHandle, PVOID BaseAddress, ULONG_PTR ZeroBits, SIZE_T Size, SIZE_T InitialCommitment, ULONG EnclaveType, PVOID EnclaveInformation, ULONG EnclaveInformationLength, PULONG EnclaveError); 161 | extern NTSTATUS SFNtCreateEnlistment(PHANDLE EnlistmentHandle, ACCESS_MASK DesiredAccess, HANDLE ResourceManagerHandle, HANDLE TransactionHandle, POBJECT_ATTRIBUTES ObjectAttributes, ULONG CreateOptions, NOTIFICATION_MASK NotificationMask, PVOID EnlistmentKey); 162 | extern NTSTATUS SFNtCreateEventPair(PHANDLE EventPairHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes); 163 | extern NTSTATUS SFNtCreateIRTimer(PHANDLE TimerHandle, ACCESS_MASK DesiredAccess); 164 | extern NTSTATUS SFNtCreateIoCompletion(PHANDLE IoCompletionHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, ULONG Count); 165 | extern NTSTATUS SFNtCreateJobObject(PHANDLE JobHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes); 166 | extern NTSTATUS SFNtCreateJobSet(ULONG NumJob, PJOB_SET_ARRAY UserJobSet, ULONG Flags); 167 | extern NTSTATUS SFNtCreateKeyTransacted(PHANDLE KeyHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, ULONG TitleIndex, PUNICODE_STRING Class, ULONG CreateOptions, HANDLE TransactionHandle, PULONG Disposition); 168 | extern NTSTATUS SFNtCreateKeyedEvent(PHANDLE KeyedEventHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, ULONG Flags); 169 | extern NTSTATUS SFNtCreateLowBoxToken(PHANDLE TokenHandle, HANDLE ExistingTokenHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, PSID PackageSid, ULONG CapabilityCount, PSID_AND_ATTRIBUTES Capabilities, ULONG HandleCount, HANDLE Handles); 170 | extern NTSTATUS SFNtCreateMailslotFile(PHANDLE FileHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, PIO_STATUS_BLOCK IoStatusBlock, ULONG CreateOptions, ULONG MailslotQuota, ULONG MaximumMessageSize, PLARGE_INTEGER ReadTimeout); 171 | extern NTSTATUS SFNtCreateMutant(PHANDLE MutantHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, BOOLEAN InitialOwner); 172 | extern NTSTATUS SFNtCreateNamedPipeFile(PHANDLE FileHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, PIO_STATUS_BLOCK IoStatusBlock, ULONG ShareAccess, ULONG CreateDisposition, ULONG CreateOptions, BOOLEAN NamedPipeType, BOOLEAN ReadMode, BOOLEAN CompletionMode, ULONG MaximumInstances, ULONG InboundQuota, ULONG OutboundQuota, PLARGE_INTEGER DefaultTimeout); 173 | extern NTSTATUS SFNtCreatePagingFile(PUNICODE_STRING PageFileName, PULARGE_INTEGER MinimumSize, PULARGE_INTEGER MaximumSize, ULONG Priority); 174 | extern NTSTATUS SFNtCreatePartition(PHANDLE PartitionHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, ULONG PreferredNode); 175 | extern NTSTATUS SFNtCreatePort(PHANDLE PortHandle, POBJECT_ATTRIBUTES ObjectAttributes, ULONG MaxConnectionInfoLength, ULONG MaxMessageLength, ULONG MaxPoolUsage); 176 | extern NTSTATUS SFNtCreatePrivateNamespace(PHANDLE NamespaceHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, PVOID BoundaryDescriptor); 177 | extern NTSTATUS SFNtCreateProcess(PHANDLE ProcessHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, HANDLE ParentProcess, BOOLEAN InheritObjectTable, HANDLE SectionHandle, HANDLE DebugPort, HANDLE ExceptionPort); 178 | extern NTSTATUS SFNtCreateProfile(PHANDLE ProfileHandle, HANDLE Process, PVOID ProfileBase, ULONG ProfileSize, ULONG BucketSize, PULONG Buffer, ULONG BufferSize, KPROFILE_SOURCE ProfileSource, ULONG Affinity); 179 | extern NTSTATUS SFNtCreateProfileEx(PHANDLE ProfileHandle, HANDLE Process, PVOID ProfileBase, SIZE_T ProfileSize, ULONG BucketSize, PULONG Buffer, ULONG BufferSize, KPROFILE_SOURCE ProfileSource, USHORT GroupCount, PGROUP_AFFINITY GroupAffinity); 180 | extern NTSTATUS SFNtCreateRegistryTransaction(PHANDLE Handle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, DWORD Flags); 181 | extern NTSTATUS SFNtCreateResourceManager(PHANDLE ResourceManagerHandle, ACCESS_MASK DesiredAccess, HANDLE TmHandle, LPGUID RmGuid, POBJECT_ATTRIBUTES ObjectAttributes, ULONG CreateOptions, PUNICODE_STRING Description); 182 | extern NTSTATUS SFNtCreateSemaphore(PHANDLE SemaphoreHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, LONG InitialCount, LONG MaximumCount); 183 | extern NTSTATUS SFNtCreateSymbolicLinkObject(PHANDLE LinkHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, PUNICODE_STRING LinkTarget); 184 | extern NTSTATUS SFNtCreateThreadEx(PHANDLE ThreadHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, HANDLE ProcessHandle, PVOID StartRoutine, PVOID Argument, ULONG CreateFlags, SIZE_T ZeroBits, SIZE_T StackSize, SIZE_T MaximumStackSize, PPS_ATTRIBUTE_LIST AttributeList); 185 | extern NTSTATUS SFNtCreateTimer(PHANDLE TimerHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, TIMER_TYPE TimerType); 186 | extern NTSTATUS SFNtCreateTimer2(PHANDLE TimerHandle, PVOID Reserved1, PVOID Reserved2, ULONG Attributes, ACCESS_MASK DesiredAccess); 187 | extern NTSTATUS SFNtCreateToken(PHANDLE TokenHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, TOKEN_TYPE TokenType, PLUID AuthenticationId, PLARGE_INTEGER ExpirationTime, PTOKEN_USER User, PTOKEN_GROUPS Groups, PTOKEN_PRIVILEGES Privileges, PTOKEN_OWNER Owner, PTOKEN_PRIMARY_GROUP PrimaryGroup, PTOKEN_DEFAULT_DACL DefaultDacl, PTOKEN_SOURCE TokenSource); 188 | extern NTSTATUS SFNtCreateTokenEx(PHANDLE TokenHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, TOKEN_TYPE TokenType, PLUID AuthenticationId, PLARGE_INTEGER ExpirationTime, PTOKEN_USER User, PTOKEN_GROUPS Groups, PTOKEN_PRIVILEGES Privileges, PTOKEN_SECURITY_ATTRIBUTES_INFORMATION UserAttributes, PTOKEN_SECURITY_ATTRIBUTES_INFORMATION DeviceAttributes, PTOKEN_GROUPS DeviceGroups, PTOKEN_MANDATORY_POLICY TokenMandatoryPolicy, PTOKEN_OWNER Owner, PTOKEN_PRIMARY_GROUP PrimaryGroup, PTOKEN_DEFAULT_DACL DefaultDacl, PTOKEN_SOURCE TokenSource); 189 | extern NTSTATUS SFNtCreateTransaction(PHANDLE TransactionHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, LPGUID Uow, HANDLE TmHandle, ULONG CreateOptions, ULONG IsolationLevel, ULONG IsolationFlags, PLARGE_INTEGER Timeout, PUNICODE_STRING Description); 190 | extern NTSTATUS SFNtCreateTransactionManager(PHANDLE TmHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, PUNICODE_STRING LogFileName, ULONG CreateOptions, ULONG CommitStrength); 191 | extern NTSTATUS SFNtCreateUserProcess(PHANDLE ProcessHandle, PHANDLE ThreadHandle, ACCESS_MASK ProcessDesiredAccess, ACCESS_MASK ThreadDesiredAccess, POBJECT_ATTRIBUTES ProcessObjectAttributes, POBJECT_ATTRIBUTES ThreadObjectAttributes, ULONG ProcessFlags, ULONG ThreadFlags, PVOID ProcessParameters, PPS_CREATE_INFO CreateInfo, PPS_ATTRIBUTE_LIST AttributeList); 192 | extern NTSTATUS SFNtCreateWaitCompletionPacket(PHANDLE WaitCompletionPacketHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes); 193 | extern NTSTATUS SFNtCreateWaitablePort(PHANDLE PortHandle, POBJECT_ATTRIBUTES ObjectAttributes, ULONG MaxConnectionInfoLength, ULONG MaxMessageLength, ULONG MaxPoolUsage); 194 | extern NTSTATUS SFNtCreateWnfStateName(PCWNF_STATE_NAME StateName, WNF_STATE_NAME_LIFETIME NameLifetime, WNF_DATA_SCOPE DataScope, BOOLEAN PersistData, PCWNF_TYPE_ID TypeId, ULONG MaximumStateSize, PSECURITY_DESCRIPTOR SecurityDescriptor); 195 | extern NTSTATUS SFNtCreateWorkerFactory(PHANDLE WorkerFactoryHandleReturn, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, HANDLE CompletionPortHandle, HANDLE WorkerProcessHandle, PVOID StartRoutine, PVOID StartParameter, ULONG MaxThreadCount, SIZE_T StackReserve, SIZE_T StackCommit); 196 | extern NTSTATUS SFNtDebugActiveProcess(HANDLE ProcessHandle, HANDLE DebugObjectHandle); 197 | extern NTSTATUS SFNtDebugContinue(HANDLE DebugObjectHandle, PCLIENT_ID ClientId, NTSTATUS ContinueStatus); 198 | extern NTSTATUS SFNtDeleteAtom(USHORT Atom); 199 | extern NTSTATUS SFNtDeleteBootEntry(ULONG Id); 200 | extern NTSTATUS SFNtDeleteDriverEntry(ULONG Id); 201 | extern NTSTATUS SFNtDeleteFile(POBJECT_ATTRIBUTES ObjectAttributes); 202 | extern NTSTATUS SFNtDeleteKey(HANDLE KeyHandle); 203 | extern NTSTATUS SFNtDeleteObjectAuditAlarm(PUNICODE_STRING SubsystemName, PVOID HandleId, BOOLEAN GenerateOnClose); 204 | extern NTSTATUS SFNtDeletePrivateNamespace(HANDLE NamespaceHandle); 205 | extern NTSTATUS SFNtDeleteValueKey(HANDLE KeyHandle, PUNICODE_STRING ValueName); 206 | extern NTSTATUS SFNtDeleteWnfStateData(PCWNF_STATE_NAME StateName, PVOID ExplicitScope); 207 | extern NTSTATUS SFNtDeleteWnfStateName(PCWNF_STATE_NAME StateName); 208 | extern NTSTATUS SFNtDisableLastKnownGood(); 209 | extern NTSTATUS SFNtDisplayString(PUNICODE_STRING String); 210 | extern NTSTATUS SFNtDrawText(PUNICODE_STRING String); 211 | extern NTSTATUS SFNtEnableLastKnownGood(); 212 | extern NTSTATUS SFNtEnumerateBootEntries(PVOID Buffer, PULONG BufferLength); 213 | extern NTSTATUS SFNtEnumerateDriverEntries(PVOID Buffer, PULONG BufferLength); 214 | extern NTSTATUS SFNtEnumerateSystemEnvironmentValuesEx(ULONG InformationClass, PVOID Buffer, PULONG BufferLength); 215 | extern NTSTATUS SFNtEnumerateTransactionObject(HANDLE RootObjectHandle, KTMOBJECT_TYPE QueryType, PKTMOBJECT_CURSOR ObjectCursor, ULONG ObjectCursorLength, PULONG ReturnLength); 216 | extern NTSTATUS SFNtExtendSection(HANDLE SectionHandle, PLARGE_INTEGER NewSectionSize); 217 | extern NTSTATUS SFNtFilterBootOption(FILTER_BOOT_OPTION_OPERATION FilterOperation, ULONG ObjectType, ULONG ElementType, PVOID SystemData, ULONG DataSize); 218 | extern NTSTATUS SFNtFilterToken(HANDLE ExistingTokenHandle, ULONG Flags, PTOKEN_GROUPS SidsToDisable, PTOKEN_PRIVILEGES PrivilegesToDelete, PTOKEN_GROUPS RestrictedSids, PHANDLE NewTokenHandle); 219 | extern NTSTATUS SFNtFilterTokenEx(HANDLE TokenHandle, ULONG Flags, PTOKEN_GROUPS SidsToDisable, PTOKEN_PRIVILEGES PrivilegesToDelete, PTOKEN_GROUPS RestrictedSids, ULONG DisableUserClaimsCount, PUNICODE_STRING UserClaimsToDisable, ULONG DisableDeviceClaimsCount, PUNICODE_STRING DeviceClaimsToDisable, PTOKEN_GROUPS DeviceGroupsToDisable, PTOKEN_SECURITY_ATTRIBUTES_INFORMATION RestrictedUserAttributes, PTOKEN_SECURITY_ATTRIBUTES_INFORMATION RestrictedDeviceAttributes, PTOKEN_GROUPS RestrictedDeviceGroups, PHANDLE NewTokenHandle); 220 | extern NTSTATUS SFNtFlushBuffersFileEx(HANDLE FileHandle, ULONG Flags, PVOID Parameters, ULONG ParametersSize, PIO_STATUS_BLOCK IoStatusBlock); 221 | extern NTSTATUS SFNtFlushInstallUILanguage(LANGID InstallUILanguage, ULONG SetComittedFlag); 222 | extern NTSTATUS SFNtFlushInstructionCache(HANDLE ProcessHandle, PVOID BaseAddress, ULONG Length); 223 | extern NTSTATUS SFNtFlushKey(HANDLE KeyHandle); 224 | extern NTSTATUS SFNtFlushProcessWriteBuffers(); 225 | extern NTSTATUS SFNtFlushVirtualMemory(HANDLE ProcessHandle, PVOID BaseAddress, PULONG RegionSize, PIO_STATUS_BLOCK IoStatusBlock); 226 | extern NTSTATUS SFNtFlushWriteBuffer(); 227 | extern NTSTATUS SFNtFreeUserPhysicalPages(HANDLE ProcessHandle, PULONG NumberOfPages, PULONG UserPfnArray); 228 | extern NTSTATUS SFNtFreezeRegistry(ULONG TimeOutInSeconds); 229 | extern NTSTATUS SFNtFreezeTransactions(PLARGE_INTEGER FreezeTimeout, PLARGE_INTEGER ThawTimeout); 230 | extern NTSTATUS SFNtGetCachedSigningLevel(HANDLE File, PULONG Flags, PSE_SIGNING_LEVEL SigningLevel, PUCHAR Thumbprint, PULONG ThumbprintSize, PULONG ThumbprintAlgorithm); 231 | extern NTSTATUS SFNtGetCompleteWnfStateSubscription(PCWNF_STATE_NAME OldDescriptorStateName, PLARGE_INTEGER OldSubscriptionId, ULONG OldDescriptorEventMask, ULONG OldDescriptorStatus, PWNF_DELIVERY_DESCRIPTOR NewDeliveryDescriptor, ULONG DescriptorSize); 232 | extern NTSTATUS SFNtGetContextThread(HANDLE ThreadHandle, PCONTEXT ThreadContext); 233 | extern NTSTATUS SFNtGetCurrentProcessorNumber(); 234 | extern NTSTATUS SFNtGetCurrentProcessorNumberEx(PULONG ProcNumber); 235 | extern NTSTATUS SFNtGetDevicePowerState(HANDLE Device, PDEVICE_POWER_STATE State); 236 | extern NTSTATUS SFNtGetMUIRegistryInfo(ULONG Flags, PULONG DataSize, PVOID SystemData); 237 | extern NTSTATUS SFNtGetNextProcess(HANDLE ProcessHandle, ACCESS_MASK DesiredAccess, ULONG HandleAttributes, ULONG Flags, PHANDLE NewProcessHandle); 238 | extern NTSTATUS SFNtGetNextThread(HANDLE ProcessHandle, HANDLE ThreadHandle, ACCESS_MASK DesiredAccess, ULONG HandleAttributes, ULONG Flags, PHANDLE NewThreadHandle); 239 | extern NTSTATUS SFNtGetNlsSectionPtr(ULONG SectionType, ULONG SectionData, PVOID ContextData, PVOID SectionPointer, PULONG SectionSize); 240 | extern NTSTATUS SFNtGetNotificationResourceManager(HANDLE ResourceManagerHandle, PTRANSACTION_NOTIFICATION TransactionNotification, ULONG NotificationLength, PLARGE_INTEGER Timeout, PULONG ReturnLength, ULONG Asynchronous, ULONG AsynchronousContext); 241 | extern NTSTATUS SFNtGetWriteWatch(HANDLE ProcessHandle, ULONG Flags, PVOID BaseAddress, ULONG RegionSize, PULONG UserAddressArray, PULONG EntriesInUserAddressArray, PULONG Granularity); 242 | extern NTSTATUS SFNtImpersonateAnonymousToken(HANDLE ThreadHandle); 243 | extern NTSTATUS SFNtImpersonateThread(HANDLE ServerThreadHandle, HANDLE ClientThreadHandle, PSECURITY_QUALITY_OF_SERVICE SecurityQos); 244 | extern NTSTATUS SFNtInitializeEnclave(HANDLE ProcessHandle, PVOID BaseAddress, PVOID EnclaveInformation, ULONG EnclaveInformationLength, PULONG EnclaveError); 245 | extern NTSTATUS SFNtInitializeNlsFiles(PVOID BaseAddress, PLCID DefaultLocaleId, PLARGE_INTEGER DefaultCasingTableSize); 246 | extern NTSTATUS SFNtInitializeRegistry(USHORT BootCondition); 247 | extern NTSTATUS SFNtInitiatePowerAction(POWER_ACTION SystemAction, SYSTEM_POWER_STATE LightestSystemState, ULONG Flags, BOOLEAN Asynchronous); 248 | extern NTSTATUS SFNtIsSystemResumeAutomatic(); 249 | extern NTSTATUS SFNtIsUILanguageComitted(); 250 | extern NTSTATUS SFNtListenPort(HANDLE PortHandle, PPORT_MESSAGE ConnectionRequest); 251 | extern NTSTATUS SFNtLoadDriver(PUNICODE_STRING DriverServiceName); 252 | extern NTSTATUS SFNtLoadEnclaveData(HANDLE ProcessHandle, PVOID BaseAddress, PVOID Buffer, SIZE_T BufferSize, ULONG Protect, PVOID PageInformation, ULONG PageInformationLength, PSIZE_T NumberOfBytesWritten, PULONG EnclaveError); 253 | extern NTSTATUS SFNtLoadHotPatch(PUNICODE_STRING HotPatchName, ULONG LoadFlag); 254 | extern NTSTATUS SFNtLoadKey(POBJECT_ATTRIBUTES TargetKey, POBJECT_ATTRIBUTES SourceFile); 255 | extern NTSTATUS SFNtLoadKey2(POBJECT_ATTRIBUTES TargetKey, POBJECT_ATTRIBUTES SourceFile, ULONG Flags); 256 | extern NTSTATUS SFNtLoadKeyEx(POBJECT_ATTRIBUTES TargetKey, POBJECT_ATTRIBUTES SourceFile, ULONG Flags, HANDLE TrustClassKey, HANDLE Event, ACCESS_MASK DesiredAccess, PHANDLE RootHandle, PIO_STATUS_BLOCK IoStatus); 257 | extern NTSTATUS SFNtLockFile(HANDLE FileHandle, HANDLE Event, PIO_APC_ROUTINE ApcRoutine, PVOID ApcContext, PIO_STATUS_BLOCK IoStatusBlock, PULARGE_INTEGER ByteOffset, PULARGE_INTEGER Length, ULONG Key, BOOLEAN FailImmediately, BOOLEAN ExclusiveLock); 258 | extern NTSTATUS SFNtLockProductActivationKeys(PULONG pPrivateVer, PULONG pSafeMode); 259 | extern NTSTATUS SFNtLockRegistryKey(HANDLE KeyHandle); 260 | extern NTSTATUS SFNtLockVirtualMemory(HANDLE ProcessHandle, PVOID BaseAddress, PULONG RegionSize, ULONG MapType); 261 | extern NTSTATUS SFNtMakePermanentObject(HANDLE Handle); 262 | extern NTSTATUS SFNtMakeTemporaryObject(HANDLE Handle); 263 | extern NTSTATUS SFNtManagePartition(HANDLE TargetHandle, HANDLE SourceHandle, MEMORY_PARTITION_INFORMATION_CLASS PartitionInformationClass, PVOID PartitionInformation, ULONG PartitionInformationLength); 264 | extern NTSTATUS SFNtMapCMFModule(ULONG What, ULONG Index, PULONG CacheIndexOut, PULONG CacheFlagsOut, PULONG ViewSizeOut, PVOID BaseAddress); 265 | extern NTSTATUS SFNtMapUserPhysicalPages(PVOID VirtualAddress, PULONG NumberOfPages, PULONG UserPfnArray); 266 | extern NTSTATUS SFNtMapViewOfSectionEx(HANDLE SectionHandle, HANDLE ProcessHandle, PLARGE_INTEGER SectionOffset, PPVOID BaseAddress, PSIZE_T ViewSize, ULONG AllocationType, ULONG Protect, PVOID DataBuffer, ULONG DataCount); 267 | extern NTSTATUS SFNtModifyBootEntry(PBOOT_ENTRY BootEntry); 268 | extern NTSTATUS SFNtModifyDriverEntry(PEFI_DRIVER_ENTRY DriverEntry); 269 | extern NTSTATUS SFNtNotifyChangeDirectoryFile(HANDLE FileHandle, HANDLE Event, PIO_APC_ROUTINE ApcRoutine, PVOID ApcContext, PIO_STATUS_BLOCK IoStatusBlock, PFILE_NOTIFY_INFORMATION Buffer, ULONG Length, ULONG CompletionFilter, BOOLEAN WatchTree); 270 | extern NTSTATUS SFNtNotifyChangeDirectoryFileEx(HANDLE FileHandle, HANDLE Event, PIO_APC_ROUTINE ApcRoutine, PVOID ApcContext, PIO_STATUS_BLOCK IoStatusBlock, PVOID Buffer, ULONG Length, ULONG CompletionFilter, BOOLEAN WatchTree, DIRECTORY_NOTIFY_INFORMATION_CLASS DirectoryNotifyInformationClass); 271 | extern NTSTATUS SFNtNotifyChangeKey(HANDLE KeyHandle, HANDLE Event, PIO_APC_ROUTINE ApcRoutine, PVOID ApcContext, PIO_STATUS_BLOCK IoStatusBlock, ULONG CompletionFilter, BOOLEAN WatchTree, PVOID Buffer, ULONG BufferSize, BOOLEAN Asynchronous); 272 | extern NTSTATUS SFNtNotifyChangeMultipleKeys(HANDLE MasterKeyHandle, ULONG Count, POBJECT_ATTRIBUTES SubordinateObjects, HANDLE Event, PIO_APC_ROUTINE ApcRoutine, PVOID ApcContext, PIO_STATUS_BLOCK IoStatusBlock, ULONG CompletionFilter, BOOLEAN WatchTree, PVOID Buffer, ULONG BufferSize, BOOLEAN Asynchronous); 273 | extern NTSTATUS SFNtNotifyChangeSession(HANDLE SessionHandle, ULONG ChangeSequenceNumber, PLARGE_INTEGER ChangeTimeStamp, IO_SESSION_EVENT Event, IO_SESSION_STATE NewState, IO_SESSION_STATE PreviousState, PVOID Payload, ULONG PayloadSize); 274 | extern NTSTATUS SFNtOpenEnlistment(PHANDLE EnlistmentHandle, ACCESS_MASK DesiredAccess, HANDLE ResourceManagerHandle, LPGUID EnlistmentGuid, POBJECT_ATTRIBUTES ObjectAttributes); 275 | extern NTSTATUS SFNtOpenEventPair(PHANDLE EventPairHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes); 276 | extern NTSTATUS SFNtOpenIoCompletion(PHANDLE IoCompletionHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes); 277 | extern NTSTATUS SFNtOpenJobObject(PHANDLE JobHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes); 278 | extern NTSTATUS SFNtOpenKeyEx(PHANDLE KeyHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, ULONG OpenOptions); 279 | extern NTSTATUS SFNtOpenKeyTransacted(PHANDLE KeyHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, HANDLE TransactionHandle); 280 | extern NTSTATUS SFNtOpenKeyTransactedEx(PHANDLE KeyHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, ULONG OpenOptions, HANDLE TransactionHandle); 281 | extern NTSTATUS SFNtOpenKeyedEvent(PHANDLE KeyedEventHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes); 282 | extern NTSTATUS SFNtOpenMutant(PHANDLE MutantHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes); 283 | extern NTSTATUS SFNtOpenObjectAuditAlarm(PUNICODE_STRING SubsystemName, PVOID HandleId, PUNICODE_STRING ObjectTypeName, PUNICODE_STRING ObjectName, PSECURITY_DESCRIPTOR SecurityDescriptor, HANDLE ClientToken, ACCESS_MASK DesiredAccess, ACCESS_MASK GrantedAccess, PPRIVILEGE_SET Privileges, BOOLEAN ObjectCreation, BOOLEAN AccessGranted, PBOOLEAN GenerateOnClose); 284 | extern NTSTATUS SFNtOpenPartition(PHANDLE PartitionHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes); 285 | extern NTSTATUS SFNtOpenPrivateNamespace(PHANDLE NamespaceHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, PVOID BoundaryDescriptor); 286 | extern NTSTATUS SFNtOpenProcessToken(HANDLE ProcessHandle, ACCESS_MASK DesiredAccess, PHANDLE TokenHandle); 287 | extern NTSTATUS SFNtOpenRegistryTransaction(PHANDLE RegistryHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes); 288 | extern NTSTATUS SFNtOpenResourceManager(PHANDLE ResourceManagerHandle, ACCESS_MASK DesiredAccess, HANDLE TmHandle, LPGUID ResourceManagerGuid, POBJECT_ATTRIBUTES ObjectAttributes); 289 | extern NTSTATUS SFNtOpenSemaphore(PHANDLE SemaphoreHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes); 290 | extern NTSTATUS SFNtOpenSession(PHANDLE SessionHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes); 291 | extern NTSTATUS SFNtOpenSymbolicLinkObject(PHANDLE LinkHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes); 292 | extern NTSTATUS SFNtOpenThread(PHANDLE ThreadHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, PCLIENT_ID ClientId); 293 | extern NTSTATUS SFNtOpenTimer(PHANDLE TimerHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes); 294 | extern NTSTATUS SFNtOpenTransaction(PHANDLE TransactionHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, LPGUID Uow, HANDLE TmHandle); 295 | extern NTSTATUS SFNtOpenTransactionManager(PHANDLE TmHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, PUNICODE_STRING LogFileName, LPGUID TmIdentity, ULONG OpenOptions); 296 | extern NTSTATUS SFNtPlugPlayControl(PLUGPLAY_CONTROL_CLASS PnPControlClass, PVOID PnPControlData, ULONG PnPControlDataLength); 297 | extern NTSTATUS SFNtPrePrepareComplete(HANDLE EnlistmentHandle, PLARGE_INTEGER TmVirtualClock); 298 | extern NTSTATUS SFNtPrePrepareEnlistment(HANDLE EnlistmentHandle, PLARGE_INTEGER TmVirtualClock); 299 | extern NTSTATUS SFNtPrepareComplete(HANDLE EnlistmentHandle, PLARGE_INTEGER TmVirtualClock); 300 | extern NTSTATUS SFNtPrepareEnlistment(HANDLE EnlistmentHandle, PLARGE_INTEGER TmVirtualClock); 301 | extern NTSTATUS SFNtPrivilegeCheck(HANDLE ClientToken, PPRIVILEGE_SET RequiredPrivileges, PBOOLEAN Result); 302 | extern NTSTATUS SFNtPrivilegeObjectAuditAlarm(PUNICODE_STRING SubsystemName, PVOID HandleId, HANDLE ClientToken, ACCESS_MASK DesiredAccess, PPRIVILEGE_SET Privileges, BOOLEAN AccessGranted); 303 | extern NTSTATUS SFNtPrivilegedServiceAuditAlarm(PUNICODE_STRING SubsystemName, PUNICODE_STRING ServiceName, HANDLE ClientToken, PPRIVILEGE_SET Privileges, BOOLEAN AccessGranted); 304 | extern NTSTATUS SFNtPropagationComplete(HANDLE ResourceManagerHandle, ULONG RequestCookie, ULONG BufferLength, PVOID Buffer); 305 | extern NTSTATUS SFNtPropagationFailed(HANDLE ResourceManagerHandle, ULONG RequestCookie, NTSTATUS PropStatus); 306 | extern NTSTATUS SFNtPulseEvent(HANDLE EventHandle, PULONG PreviousState); 307 | extern NTSTATUS SFNtQueryAuxiliaryCounterFrequency(PULONGLONG lpAuxiliaryCounterFrequency); 308 | extern NTSTATUS SFNtQueryBootEntryOrder(PULONG Ids, PULONG Count); 309 | extern NTSTATUS SFNtQueryBootOptions(PBOOT_OPTIONS BootOptions, PULONG BootOptionsLength); 310 | extern NTSTATUS SFNtQueryDebugFilterState(ULONG ComponentId, ULONG Level); 311 | extern NTSTATUS SFNtQueryDirectoryFileEx(HANDLE FileHandle, HANDLE Event, PIO_APC_ROUTINE ApcRoutine, PVOID ApcContext, PIO_STATUS_BLOCK IoStatusBlock, PVOID FileInformation, ULONG Length, FILE_INFORMATION_CLASS FileInformationClass, ULONG QueryFlags, PUNICODE_STRING FileName); 312 | extern NTSTATUS SFNtQueryDirectoryObject(HANDLE DirectoryHandle, PVOID Buffer, ULONG Length, BOOLEAN ReturnSingleEntry, BOOLEAN RestartScan, PULONG Context, PULONG ReturnLength); 313 | extern NTSTATUS SFNtQueryDriverEntryOrder(PULONG Ids, PULONG Count); 314 | extern NTSTATUS SFNtQueryEaFile(HANDLE FileHandle, PIO_STATUS_BLOCK IoStatusBlock, PFILE_FULL_EA_INFORMATION Buffer, ULONG Length, BOOLEAN ReturnSingleEntry, PFILE_GET_EA_INFORMATION EaList, ULONG EaListLength, PULONG EaIndex, BOOLEAN RestartScan); 315 | extern NTSTATUS SFNtQueryFullAttributesFile(POBJECT_ATTRIBUTES ObjectAttributes, PFILE_NETWORK_OPEN_INFORMATION FileInformation); 316 | extern NTSTATUS SFNtQueryInformationAtom(USHORT Atom, ATOM_INFORMATION_CLASS AtomInformationClass, PVOID AtomInformation, ULONG AtomInformationLength, PULONG ReturnLength); 317 | extern NTSTATUS SFNtQueryInformationByName(POBJECT_ATTRIBUTES ObjectAttributes, PIO_STATUS_BLOCK IoStatusBlock, PVOID FileInformation, ULONG Length, FILE_INFORMATION_CLASS FileInformationClass); 318 | extern NTSTATUS SFNtQueryInformationEnlistment(HANDLE EnlistmentHandle, ENLISTMENT_INFORMATION_CLASS EnlistmentInformationClass, PVOID EnlistmentInformation, ULONG EnlistmentInformationLength, PULONG ReturnLength); 319 | extern NTSTATUS SFNtQueryInformationJobObject(HANDLE JobHandle, JOBOBJECTINFOCLASS JobObjectInformationClass, PVOID JobObjectInformation, ULONG JobObjectInformationLength, PULONG ReturnLength); 320 | extern NTSTATUS SFNtQueryInformationPort(HANDLE PortHandle, PORT_INFORMATION_CLASS PortInformationClass, PVOID PortInformation, ULONG Length, PULONG ReturnLength); 321 | extern NTSTATUS SFNtQueryInformationResourceManager(HANDLE ResourceManagerHandle, RESOURCEMANAGER_INFORMATION_CLASS ResourceManagerInformationClass, PVOID ResourceManagerInformation, ULONG ResourceManagerInformationLength, PULONG ReturnLength); 322 | extern NTSTATUS SFNtQueryInformationTransaction(HANDLE TransactionHandle, TRANSACTION_INFORMATION_CLASS TransactionInformationClass, PVOID TransactionInformation, ULONG TransactionInformationLength, PULONG ReturnLength); 323 | extern NTSTATUS SFNtQueryInformationTransactionManager(HANDLE TransactionManagerHandle, TRANSACTIONMANAGER_INFORMATION_CLASS TransactionManagerInformationClass, PVOID TransactionManagerInformation, ULONG TransactionManagerInformationLength, PULONG ReturnLength); 324 | extern NTSTATUS SFNtQueryInformationWorkerFactory(HANDLE WorkerFactoryHandle, WORKERFACTORYINFOCLASS WorkerFactoryInformationClass, PVOID WorkerFactoryInformation, ULONG WorkerFactoryInformationLength, PULONG ReturnLength); 325 | extern NTSTATUS SFNtQueryInstallUILanguage(PLANGID InstallUILanguageId); 326 | extern NTSTATUS SFNtQueryIntervalProfile(KPROFILE_SOURCE ProfileSource, PULONG Interval); 327 | extern NTSTATUS SFNtQueryIoCompletion(HANDLE IoCompletionHandle, IO_COMPLETION_INFORMATION_CLASS IoCompletionInformationClass, PVOID IoCompletionInformation, ULONG IoCompletionInformationLength, PULONG ReturnLength); 328 | extern NTSTATUS SFNtQueryLicenseValue(PUNICODE_STRING ValueName, PULONG Type, PVOID SystemData, ULONG DataSize, PULONG ResultDataSize); 329 | extern NTSTATUS SFNtQueryMultipleValueKey(HANDLE KeyHandle, PKEY_VALUE_ENTRY ValueEntries, ULONG EntryCount, PVOID ValueBuffer, PULONG BufferLength, PULONG RequiredBufferLength); 330 | extern NTSTATUS SFNtQueryMutant(HANDLE MutantHandle, MUTANT_INFORMATION_CLASS MutantInformationClass, PVOID MutantInformation, ULONG MutantInformationLength, PULONG ReturnLength); 331 | extern NTSTATUS SFNtQueryOpenSubKeys(POBJECT_ATTRIBUTES TargetKey, PULONG HandleCount); 332 | extern NTSTATUS SFNtQueryOpenSubKeysEx(POBJECT_ATTRIBUTES TargetKey, ULONG BufferLength, PVOID Buffer, PULONG RequiredSize); 333 | extern NTSTATUS SFNtQueryPortInformationProcess(); 334 | extern NTSTATUS SFNtQueryQuotaInformationFile(HANDLE FileHandle, PIO_STATUS_BLOCK IoStatusBlock, PFILE_USER_QUOTA_INFORMATION Buffer, ULONG Length, BOOLEAN ReturnSingleEntry, PFILE_QUOTA_LIST_INFORMATION SidList, ULONG SidListLength, PSID StartSid, BOOLEAN RestartScan); 335 | extern NTSTATUS SFNtQuerySecurityAttributesToken(HANDLE TokenHandle, PUNICODE_STRING Attributes, ULONG NumberOfAttributes, PVOID Buffer, ULONG Length, PULONG ReturnLength); 336 | extern NTSTATUS SFNtQuerySecurityObject(HANDLE Handle, SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR SecurityDescriptor, ULONG Length, PULONG LengthNeeded); 337 | extern NTSTATUS SFNtQuerySecurityPolicy(ULONG_PTR UnknownParameter1, ULONG_PTR UnknownParameter2, ULONG_PTR UnknownParameter3, ULONG_PTR UnknownParameter4, ULONG_PTR UnknownParameter5, ULONG_PTR UnknownParameter6); 338 | extern NTSTATUS SFNtQuerySemaphore(HANDLE SemaphoreHandle, SEMAPHORE_INFORMATION_CLASS SemaphoreInformationClass, PVOID SemaphoreInformation, ULONG SemaphoreInformationLength, PULONG ReturnLength); 339 | extern NTSTATUS SFNtQuerySymbolicLinkObject(HANDLE LinkHandle, PUNICODE_STRING LinkTarget, PULONG ReturnedLength); 340 | extern NTSTATUS SFNtQuerySystemEnvironmentValue(PUNICODE_STRING VariableName, PVOID VariableValue, ULONG ValueLength, PULONG ReturnLength); 341 | extern NTSTATUS SFNtQuerySystemEnvironmentValueEx(PUNICODE_STRING VariableName, LPGUID VendorGuid, PVOID Value, PULONG ValueLength, PULONG Attributes); 342 | extern NTSTATUS SFNtQuerySystemInformationEx(SYSTEM_INFORMATION_CLASS SystemInformationClass, PVOID InputBuffer, ULONG InputBufferLength, PVOID SystemInformation, ULONG SystemInformationLength, PULONG ReturnLength); 343 | extern NTSTATUS SFNtQueryTimerResolution(PULONG MaximumTime, PULONG MinimumTime, PULONG CurrentTime); 344 | extern NTSTATUS SFNtQueryWnfStateData(PCWNF_STATE_NAME StateName, PCWNF_TYPE_ID TypeId, PVOID ExplicitScope, PWNF_CHANGE_STAMP ChangeStamp, PVOID Buffer, PULONG BufferSize); 345 | extern NTSTATUS SFNtQueryWnfStateNameInformation(PCWNF_STATE_NAME StateName, PCWNF_TYPE_ID NameInfoClass, PVOID ExplicitScope, PVOID InfoBuffer, ULONG InfoBufferSize); 346 | extern NTSTATUS SFNtQueueApcThreadEx(HANDLE ThreadHandle, HANDLE UserApcReserveHandle, PKNORMAL_ROUTINE ApcRoutine, PVOID ApcArgument1, PVOID ApcArgument2, PVOID ApcArgument3); 347 | extern NTSTATUS SFNtRaiseException(PEXCEPTION_RECORD ExceptionRecord, PCONTEXT ContextRecord, BOOLEAN FirstChance); 348 | extern NTSTATUS SFNtRaiseHardError(NTSTATUS ErrorStatus, ULONG NumberOfParameters, ULONG UnicodeStringParameterMask, PULONG_PTR Parameters, ULONG ValidResponseOptions, PULONG Response); 349 | extern NTSTATUS SFNtReadOnlyEnlistment(HANDLE EnlistmentHandle, PLARGE_INTEGER TmVirtualClock); 350 | extern NTSTATUS SFNtRecoverEnlistment(HANDLE EnlistmentHandle, PVOID EnlistmentKey); 351 | extern NTSTATUS SFNtRecoverResourceManager(HANDLE ResourceManagerHandle); 352 | extern NTSTATUS SFNtRecoverTransactionManager(HANDLE TransactionManagerHandle); 353 | extern NTSTATUS SFNtRegisterProtocolAddressInformation(HANDLE ResourceManager, LPGUID ProtocolId, ULONG ProtocolInformationSize, PVOID ProtocolInformation, ULONG CreateOptions); 354 | extern NTSTATUS SFNtRegisterThreadTerminatePort(HANDLE PortHandle); 355 | extern NTSTATUS SFNtReleaseKeyedEvent(HANDLE KeyedEventHandle, PVOID KeyValue, BOOLEAN Alertable, PLARGE_INTEGER Timeout); 356 | extern NTSTATUS SFNtReleaseWorkerFactoryWorker(HANDLE WorkerFactoryHandle); 357 | extern NTSTATUS SFNtRemoveIoCompletionEx(HANDLE IoCompletionHandle, PFILE_IO_COMPLETION_INFORMATION IoCompletionInformation, ULONG Count, PULONG NumEntriesRemoved, PLARGE_INTEGER Timeout, BOOLEAN Alertable); 358 | extern NTSTATUS SFNtRemoveProcessDebug(HANDLE ProcessHandle, HANDLE DebugObjectHandle); 359 | extern NTSTATUS SFNtRenameKey(HANDLE KeyHandle, PUNICODE_STRING NewName); 360 | extern NTSTATUS SFNtRenameTransactionManager(PUNICODE_STRING LogFileName, LPGUID ExistingTransactionManagerGuid); 361 | extern NTSTATUS SFNtReplaceKey(POBJECT_ATTRIBUTES NewFile, HANDLE TargetHandle, POBJECT_ATTRIBUTES OldFile); 362 | extern NTSTATUS SFNtReplacePartitionUnit(PUNICODE_STRING TargetInstancePath, PUNICODE_STRING SpareInstancePath, ULONG Flags); 363 | extern NTSTATUS SFNtReplyWaitReplyPort(HANDLE PortHandle, PPORT_MESSAGE ReplyMessage); 364 | extern NTSTATUS SFNtRequestPort(HANDLE PortHandle, PPORT_MESSAGE RequestMessage); 365 | extern NTSTATUS SFNtResetEvent(HANDLE EventHandle, PULONG PreviousState); 366 | extern NTSTATUS SFNtResetWriteWatch(HANDLE ProcessHandle, PVOID BaseAddress, ULONG RegionSize); 367 | extern NTSTATUS SFNtRestoreKey(HANDLE KeyHandle, HANDLE FileHandle, ULONG Flags); 368 | extern NTSTATUS SFNtResumeProcess(HANDLE ProcessHandle); 369 | extern NTSTATUS SFNtRevertContainerImpersonation(); 370 | extern NTSTATUS SFNtRollbackComplete(HANDLE EnlistmentHandle, PLARGE_INTEGER TmVirtualClock); 371 | extern NTSTATUS SFNtRollbackEnlistment(HANDLE EnlistmentHandle, PLARGE_INTEGER TmVirtualClock); 372 | extern NTSTATUS SFNtRollbackRegistryTransaction(HANDLE RegistryHandle, BOOL Wait); 373 | extern NTSTATUS SFNtRollbackTransaction(HANDLE TransactionHandle, BOOLEAN Wait); 374 | extern NTSTATUS SFNtRollforwardTransactionManager(HANDLE TransactionManagerHandle, PLARGE_INTEGER TmVirtualClock); 375 | extern NTSTATUS SFNtSaveKey(HANDLE KeyHandle, HANDLE FileHandle); 376 | extern NTSTATUS SFNtSaveKeyEx(HANDLE KeyHandle, HANDLE FileHandle, ULONG Format); 377 | extern NTSTATUS SFNtSaveMergedKeys(HANDLE HighPrecedenceKeyHandle, HANDLE LowPrecedenceKeyHandle, HANDLE FileHandle); 378 | extern NTSTATUS SFNtSecureConnectPort(PHANDLE PortHandle, PUNICODE_STRING PortName, PSECURITY_QUALITY_OF_SERVICE SecurityQos, PPORT_SECTION_WRITE ClientView, PSID RequiredServerSid, PPORT_SECTION_READ ServerView, PULONG MaxMessageLength, PVOID ConnectionInformation, PULONG ConnectionInformationLength); 379 | extern NTSTATUS SFNtSerializeBoot(); 380 | extern NTSTATUS SFNtSetBootEntryOrder(PULONG Ids, ULONG Count); 381 | extern NTSTATUS SFNtSetBootOptions(PBOOT_OPTIONS BootOptions, ULONG FieldsToChange); 382 | extern NTSTATUS SFNtSetCachedSigningLevel(ULONG Flags, SE_SIGNING_LEVEL InputSigningLevel, PHANDLE SourceFiles, ULONG SourceFileCount, HANDLE TargetFile); 383 | extern NTSTATUS SFNtSetCachedSigningLevel2(ULONG Flags, ULONG InputSigningLevel, PHANDLE SourceFiles, ULONG SourceFileCount, HANDLE TargetFile, PVOID LevelInformation); 384 | extern NTSTATUS SFNtSetContextThread(HANDLE ThreadHandle, PCONTEXT Context); 385 | extern NTSTATUS SFNtSetDebugFilterState(ULONG ComponentId, ULONG Level, BOOLEAN State); 386 | extern NTSTATUS SFNtSetDefaultHardErrorPort(HANDLE PortHandle); 387 | extern NTSTATUS SFNtSetDefaultLocale(BOOLEAN UserProfile, LCID DefaultLocaleId); 388 | extern NTSTATUS SFNtSetDefaultUILanguage(LANGID DefaultUILanguageId); 389 | extern NTSTATUS SFNtSetDriverEntryOrder(PULONG Ids, PULONG Count); 390 | extern NTSTATUS SFNtSetEaFile(HANDLE FileHandle, PIO_STATUS_BLOCK IoStatusBlock, PFILE_FULL_EA_INFORMATION EaBuffer, ULONG EaBufferSize); 391 | extern NTSTATUS SFNtSetHighEventPair(HANDLE EventPairHandle); 392 | extern NTSTATUS SFNtSetHighWaitLowEventPair(HANDLE EventPairHandle); 393 | extern NTSTATUS SFNtSetIRTimer(HANDLE TimerHandle, PLARGE_INTEGER DueTime); 394 | extern NTSTATUS SFNtSetInformationDebugObject(HANDLE DebugObject, DEBUGOBJECTINFOCLASS InformationClass, PVOID Information, ULONG InformationLength, PULONG ReturnLength); 395 | extern NTSTATUS SFNtSetInformationEnlistment(HANDLE EnlistmentHandle, ENLISTMENT_INFORMATION_CLASS EnlistmentInformationClass, PVOID EnlistmentInformation, ULONG EnlistmentInformationLength); 396 | extern NTSTATUS SFNtSetInformationJobObject(HANDLE JobHandle, JOBOBJECTINFOCLASS JobObjectInformationClass, PVOID JobObjectInformation, ULONG JobObjectInformationLength); 397 | extern NTSTATUS SFNtSetInformationKey(HANDLE KeyHandle, KEY_SET_INFORMATION_CLASS KeySetInformationClass, PVOID KeySetInformation, ULONG KeySetInformationLength); 398 | extern NTSTATUS SFNtSetInformationResourceManager(HANDLE ResourceManagerHandle, RESOURCEMANAGER_INFORMATION_CLASS ResourceManagerInformationClass, PVOID ResourceManagerInformation, ULONG ResourceManagerInformationLength); 399 | extern NTSTATUS SFNtSetInformationSymbolicLink(HANDLE Handle, ULONG Class, PVOID Buffer, ULONG BufferLength); 400 | extern NTSTATUS SFNtSetInformationToken(HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, PVOID TokenInformation, ULONG TokenInformationLength); 401 | extern NTSTATUS SFNtSetInformationTransaction(HANDLE TransactionHandle, TRANSACTIONMANAGER_INFORMATION_CLASS TransactionInformationClass, PVOID TransactionInformation, ULONG TransactionInformationLength); 402 | extern NTSTATUS SFNtSetInformationTransactionManager(HANDLE TransactionHandle, TRANSACTION_INFORMATION_CLASS TransactionInformationClass, PVOID TransactionInformation, ULONG TransactionInformationLength); 403 | extern NTSTATUS SFNtSetInformationVirtualMemory(HANDLE ProcessHandle, VIRTUAL_MEMORY_INFORMATION_CLASS VmInformationClass, ULONG_PTR NumberOfEntries, PMEMORY_RANGE_ENTRY VirtualAddresses, PVOID VmInformation, ULONG VmInformationLength); 404 | extern NTSTATUS SFNtSetInformationWorkerFactory(HANDLE WorkerFactoryHandle, WORKERFACTORYINFOCLASS WorkerFactoryInformationClass, PVOID WorkerFactoryInformation, ULONG WorkerFactoryInformationLength); 405 | extern NTSTATUS SFNtSetIntervalProfile(ULONG Interval, KPROFILE_SOURCE Source); 406 | extern NTSTATUS SFNtSetIoCompletion(HANDLE IoCompletionHandle, ULONG CompletionKey, PIO_STATUS_BLOCK IoStatusBlock, NTSTATUS CompletionStatus, ULONG NumberOfBytesTransfered); 407 | extern NTSTATUS SFNtSetIoCompletionEx(HANDLE IoCompletionHandle, HANDLE IoCompletionPacketHandle, PVOID KeyContext, PVOID ApcContext, NTSTATUS IoStatus, ULONG_PTR IoStatusInformation); 408 | extern NTSTATUS SFNtSetLdtEntries(ULONG Selector0, ULONG Entry0Low, ULONG Entry0Hi, ULONG Selector1, ULONG Entry1Low, ULONG Entry1Hi); 409 | extern NTSTATUS SFNtSetLowEventPair(HANDLE EventPairHandle); 410 | extern NTSTATUS SFNtSetLowWaitHighEventPair(HANDLE EventPairHandle); 411 | extern NTSTATUS SFNtSetQuotaInformationFile(HANDLE FileHandle, PIO_STATUS_BLOCK IoStatusBlock, PFILE_USER_QUOTA_INFORMATION Buffer, ULONG Length); 412 | extern NTSTATUS SFNtSetSecurityObject(HANDLE ObjectHandle, SECURITY_INFORMATION SecurityInformationClass, PSECURITY_DESCRIPTOR DescriptorBuffer); 413 | extern NTSTATUS SFNtSetSystemEnvironmentValue(PUNICODE_STRING VariableName, PUNICODE_STRING Value); 414 | extern NTSTATUS SFNtSetSystemEnvironmentValueEx(PUNICODE_STRING VariableName, LPGUID VendorGuid, PVOID Value, ULONG ValueLength, ULONG Attributes); 415 | extern NTSTATUS SFNtSetSystemInformation(SYSTEM_INFORMATION_CLASS SystemInformationClass, PVOID SystemInformation, ULONG SystemInformationLength); 416 | extern NTSTATUS SFNtSetSystemPowerState(POWER_ACTION SystemAction, SYSTEM_POWER_STATE MinSystemState, ULONG Flags); 417 | extern NTSTATUS SFNtSetSystemTime(PLARGE_INTEGER SystemTime, PLARGE_INTEGER PreviousTime); 418 | extern NTSTATUS SFNtSetThreadExecutionState(EXECUTION_STATE ExecutionState, PEXECUTION_STATE PreviousExecutionState); 419 | extern NTSTATUS SFNtSetTimer2(HANDLE TimerHandle, PLARGE_INTEGER DueTime, PLARGE_INTEGER Period, PT2_SET_PARAMETERS Parameters); 420 | extern NTSTATUS SFNtSetTimerEx(HANDLE TimerHandle, TIMER_SET_INFORMATION_CLASS TimerSetInformationClass, PVOID TimerSetInformation, ULONG TimerSetInformationLength); 421 | extern NTSTATUS SFNtSetTimerResolution(ULONG DesiredResolution, BOOLEAN SetResolution, PULONG CurrentResolution); 422 | extern NTSTATUS SFNtSetUuidSeed(PUCHAR Seed); 423 | extern NTSTATUS SFNtSetVolumeInformationFile(HANDLE FileHandle, PIO_STATUS_BLOCK IoStatusBlock, PVOID FileSystemInformation, ULONG Length, FSINFOCLASS FileSystemInformationClass); 424 | extern NTSTATUS SFNtSetWnfProcessNotificationEvent(HANDLE NotificationEvent); 425 | extern NTSTATUS SFNtShutdownSystem(SHUTDOWN_ACTION Action); 426 | extern NTSTATUS SFNtShutdownWorkerFactory(HANDLE WorkerFactoryHandle, PLONG PendingWorkerCount); 427 | extern NTSTATUS SFNtSignalAndWaitForSingleObject(HANDLE hObjectToSignal, HANDLE hObjectToWaitOn, BOOLEAN bAlertable, PLARGE_INTEGER dwMilliseconds); 428 | extern NTSTATUS SFNtSinglePhaseReject(HANDLE EnlistmentHandle, PLARGE_INTEGER TmVirtualClock); 429 | extern NTSTATUS SFNtStartProfile(HANDLE ProfileHandle); 430 | extern NTSTATUS SFNtStopProfile(HANDLE ProfileHandle); 431 | extern NTSTATUS SFNtSubscribeWnfStateChange(PCWNF_STATE_NAME StateName, WNF_CHANGE_STAMP ChangeStamp, ULONG EventMask, PLARGE_INTEGER SubscriptionId); 432 | extern NTSTATUS SFNtSuspendProcess(HANDLE ProcessHandle); 433 | extern NTSTATUS SFNtSuspendThread(HANDLE ThreadHandle, PULONG PreviousSuspendCount); 434 | extern NTSTATUS SFNtSystemDebugControl(DEBUG_CONTROL_CODE Command, PVOID InputBuffer, ULONG InputBufferLength, PVOID OutputBuffer, ULONG OutputBufferLength, PULONG ReturnLength); 435 | extern NTSTATUS SFNtTerminateEnclave(PVOID BaseAddress, BOOLEAN WaitForThread); 436 | extern NTSTATUS SFNtTerminateJobObject(HANDLE JobHandle, NTSTATUS ExitStatus); 437 | extern NTSTATUS SFNtTestAlert(); 438 | extern NTSTATUS SFNtThawRegistry(); 439 | extern NTSTATUS SFNtThawTransactions(); 440 | extern NTSTATUS SFNtTraceControl(ULONG FunctionCode, PVOID InputBuffer, ULONG InputBufferLength, PVOID OutputBuffer, ULONG OutputBufferLength, PULONG ReturnLength); 441 | extern NTSTATUS SFNtTranslateFilePath(PFILE_PATH InputFilePath, ULONG OutputType, PFILE_PATH OutputFilePath, PULONG OutputFilePathLength); 442 | extern NTSTATUS SFNtUmsThreadYield(PVOID SchedulerParam); 443 | extern NTSTATUS SFNtUnloadDriver(PUNICODE_STRING DriverServiceName); 444 | extern NTSTATUS SFNtUnloadKey(POBJECT_ATTRIBUTES DestinationKeyName); 445 | extern NTSTATUS SFNtUnloadKey2(POBJECT_ATTRIBUTES TargetKey, ULONG Flags); 446 | extern NTSTATUS SFNtUnloadKeyEx(POBJECT_ATTRIBUTES TargetKey, HANDLE Event); 447 | extern NTSTATUS SFNtUnlockFile(HANDLE FileHandle, PIO_STATUS_BLOCK IoStatusBlock, PULARGE_INTEGER ByteOffset, PULARGE_INTEGER Length, ULONG Key); 448 | extern NTSTATUS SFNtUnlockVirtualMemory(HANDLE ProcessHandle, PVOID * BaseAddress, PSIZE_T NumberOfBytesToUnlock, ULONG LockType); 449 | extern NTSTATUS SFNtUnmapViewOfSectionEx(HANDLE ProcessHandle, PVOID BaseAddress, ULONG Flags); 450 | extern NTSTATUS SFNtUnsubscribeWnfStateChange(PCWNF_STATE_NAME StateName); 451 | extern NTSTATUS SFNtUpdateWnfStateData(PCWNF_STATE_NAME StateName, PVOID Buffer, ULONG Length, PCWNF_TYPE_ID TypeId, PVOID ExplicitScope, WNF_CHANGE_STAMP MatchingChangeStamp, ULONG CheckStamp); 452 | extern NTSTATUS SFNtVdmControl(VDMSERVICECLASS Service, PVOID ServiceData); 453 | extern NTSTATUS SFNtWaitForAlertByThreadId(HANDLE Handle, PLARGE_INTEGER Timeout); 454 | extern NTSTATUS SFNtWaitForDebugEvent(HANDLE DebugObjectHandle, BOOLEAN Alertable, PLARGE_INTEGER Timeout, PVOID WaitStateChange); 455 | extern NTSTATUS SFNtWaitForKeyedEvent(HANDLE KeyedEventHandle, PVOID Key, BOOLEAN Alertable, PLARGE_INTEGER Timeout); 456 | extern NTSTATUS SFNtWaitForWorkViaWorkerFactory(HANDLE WorkerFactoryHandle, PVOID MiniPacket); 457 | extern NTSTATUS SFNtWaitHighEventPair(HANDLE EventHandle); 458 | extern NTSTATUS SFNtWaitLowEventPair(HANDLE EventHandle); 459 | extern NTSTATUS SFNtAcquireCMFViewOwnership(BOOLEAN TimeStamp, BOOLEAN TokenTaken, BOOLEAN ReplaceExisting); 460 | extern NTSTATUS SFNtCancelDeviceWakeupRequest(HANDLE DeviceHandle); 461 | extern NTSTATUS SFNtClearAllSavepointsTransaction(HANDLE TransactionHandle); 462 | extern NTSTATUS SFNtClearSavepointTransaction(HANDLE TransactionHandle, ULONG SavePointId); 463 | extern NTSTATUS SFNtRollbackSavepointTransaction(HANDLE TransactionHandle, ULONG SavePointId); 464 | extern NTSTATUS SFNtSavepointTransaction(HANDLE TransactionHandle, BOOLEAN Flag, ULONG SavePointId); 465 | extern NTSTATUS SFNtSavepointComplete(HANDLE TransactionHandle, PLARGE_INTEGER TmVirtualClock); 466 | extern NTSTATUS SFNtCreateSectionEx(PHANDLE SectionHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, PLARGE_INTEGER MaximumSize, ULONG SectionPageProtection, ULONG AllocationAttributes, HANDLE FileHandle, PMEM_EXTENDED_PARAMETER ExtendedParameters, ULONG ExtendedParametersCount); 467 | extern NTSTATUS SFNtCreateCrossVmEvent(); 468 | extern NTSTATUS SFNtListTransactions(); 469 | extern NTSTATUS SFNtMarshallTransaction(); 470 | extern NTSTATUS SFNtPullTransaction(); 471 | extern NTSTATUS SFNtReleaseCMFViewOwnership(); 472 | extern NTSTATUS SFNtWaitForWnfNotifications(); 473 | extern NTSTATUS SFNtStartTm(); 474 | extern NTSTATUS SFNtSetInformationProcess(HANDLE DeviceHandle, PROCESSINFOCLASS ProcessInformationClass, PVOID ProcessInformation, ULONG Length); 475 | extern NTSTATUS SFNtRequestDeviceWakeup(HANDLE DeviceHandle); 476 | extern NTSTATUS SFNtRequestWakeupLatency(ULONG LatencyTime); 477 | extern NTSTATUS SFNtQuerySystemTime(PLARGE_INTEGER SystemTime); 478 | extern NTSTATUS SFNtManageHotPatch(ULONG UnknownParameter1, ULONG UnknownParameter2, ULONG UnknownParameter3, ULONG UnknownParameter4); 479 | extern NTSTATUS SFNtContinueEx(PCONTEXT ContextRecord, PKCONTINUE_ARGUMENT ContinueArgument); 480 | --------------------------------------------------------------------------------