├── .gitignore ├── README.md ├── inc ├── nt │ ├── cm.h │ ├── dbg.h │ ├── io.h │ ├── ke.h │ ├── lpc.h │ ├── mm.h │ ├── ob.h │ ├── ps.h │ ├── se.h │ ├── sys.h │ └── tm.h ├── ntapi.h ├── ntapiver.h ├── ntdll.h └── rtlapi.h └── lib ├── ntdll_5_0_32.lib ├── ntdll_5_0_32.lst ├── ntdll_5_1_32.lib ├── ntdll_5_1_32.lst ├── ntdll_5_2_32.lib ├── ntdll_5_2_32.lst ├── ntdll_5_2_64.lib ├── ntdll_5_2_64.lst ├── ntdll_6_0_32.lib ├── ntdll_6_0_32.lst ├── ntdll_6_0_64.lib ├── ntdll_6_0_64.lst ├── ntdll_6_1_32.lib ├── ntdll_6_1_32.lst ├── ntdll_6_1_64.lib ├── ntdll_6_1_64.lst ├── ntdllp_6_0_32.lib ├── ntdllp_6_0_64.lib ├── ntdllp_6_1_32.lib └── ntdllp_6_1_64.lib /.gitignore: -------------------------------------------------------------------------------- 1 | # Nothing yet. 2 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Windows NT Core Types 2 | 3 | Simple standalone bundle of NT native APIs, which allows to link directly against `ntdll.dll`. 4 | 5 | Sources: 6 | * Windows Research Kernel 7 | * ReactOS 8 | * Process Hacker 9 | * All the research on the Internet 10 | -------------------------------------------------------------------------------- /inc/nt/cm.h: -------------------------------------------------------------------------------- 1 | #ifndef __NTAPI_CM_H_INCLUDED 2 | #define __NTAPI_CM_H_INCLUDED 3 | 4 | /****************************************************************** 5 | * Key API 6 | *****************************************************************/ 7 | 8 | /* 9 | * Types 10 | */ 11 | 12 | typedef enum _KEY_INFORMATION_CLASS { 13 | KeyBasicInformation = 0x0, 14 | KeyNodeInformation = 0x1, 15 | KeyFullInformation = 0x2, 16 | KeyNameInformation = 0x3, 17 | KeyCachedInformation = 0x4, 18 | KeyFlagsInformation = 0x5, 19 | MaxKeyInfoClass = 0x6, 20 | } KEY_INFORMATION_CLASS; 21 | 22 | typedef struct _KEY_BASIC_INFORMATION { 23 | LARGE_INTEGER LastWriteTime; 24 | ULONG TitleIndex; 25 | ULONG NameLength; 26 | WCHAR Name[1]; 27 | } KEY_BASIC_INFORMATION, *PKEY_BASIC_INFORMATION; 28 | 29 | typedef struct _KEY_NODE_INFORMATION { 30 | LARGE_INTEGER LastWriteTime; 31 | ULONG TitleIndex; 32 | ULONG ClassOffset; 33 | ULONG ClassLength; 34 | ULONG NameLength; 35 | WCHAR Name[1]; 36 | } KEY_NODE_INFORMATION, *PKEY_NODE_INFORMATION; 37 | 38 | typedef struct _KEY_FULL_INFORMATION { 39 | LARGE_INTEGER LastWriteTime; 40 | ULONG TitleIndex; 41 | ULONG ClassOffset; 42 | ULONG ClassLength; 43 | ULONG SubKeys; 44 | ULONG MaxNameLen; 45 | ULONG MaxClassLen; 46 | ULONG Values; 47 | ULONG MaxValueNameLen; 48 | ULONG MaxValueDataLen; 49 | WCHAR Class[1]; 50 | } KEY_FULL_INFORMATION, *PKEY_FULL_INFORMATION; 51 | 52 | typedef struct __declspec(align(4)) _KEY_NAME_INFORMATION { 53 | ULONG NameLength; 54 | WCHAR Name[1]; 55 | } KEY_NAME_INFORMATION, *PKEY_NAME_INFORMATION; 56 | 57 | typedef struct _KEY_CACHED_INFORMATION { 58 | LARGE_INTEGER LastWriteTime; 59 | ULONG TitleIndex; 60 | ULONG SubKeys; 61 | ULONG MaxNameLen; 62 | ULONG Values; 63 | ULONG MaxValueNameLen; 64 | ULONG MaxValueDataLen; 65 | ULONG NameLength; 66 | WCHAR Name[1]; 67 | } KEY_CACHED_INFORMATION, *PKEY_CACHED_INFORMATION; 68 | 69 | typedef struct _KEY_FLAGS_INFORMATION { 70 | ULONG UserFlags; 71 | } KEY_FLAGS_INFORMATION, *PKEY_FLAGS_INFORMATION; 72 | 73 | typedef enum _KEY_SET_INFORMATION_CLASS { 74 | KeyWriteTimeInformation = 0x0, 75 | KeyUserFlagsInformation = 0x1, 76 | MaxKeySetInfoClass = 0x2, 77 | } KEY_SET_INFORMATION_CLASS; 78 | 79 | typedef struct _KEY_WRITE_TIME_INFORMATION { 80 | LARGE_INTEGER LastWriteTime; 81 | } KEY_WRITE_TIME_INFORMATION, *PKEY_WRITE_TIME_INFORMATION; 82 | 83 | typedef struct _KEY_USER_FLAGS_INFORMATION { 84 | ULONG UserFlags; 85 | } KEY_USER_FLAGS_INFORMATION, *PKEY_USER_FLAGS_INFORMATION; 86 | 87 | typedef enum _KEY_VALUE_INFORMATION_CLASS { 88 | KeyValueBasicInformation = 0x0, 89 | KeyValueFullInformation = 0x1, 90 | KeyValuePartialInformation = 0x2, 91 | KeyValueFullInformationAlign64 = 0x3, 92 | KeyValuePartialInformationAlign64 = 0x4, 93 | MaxKeyValueInfoClass = 0x5, 94 | } KEY_VALUE_INFORMATION_CLASS; 95 | 96 | /* KeyValueBasicInformation */ 97 | 98 | typedef struct _KEY_VALUE_BASIC_INFORMATION { 99 | ULONG TitleIndex; 100 | ULONG Type; 101 | ULONG NameLength; 102 | WCHAR Name[1]; 103 | } KEY_VALUE_BASIC_INFORMATION, *PKEY_VALUE_BASIC_INFORMATION; 104 | 105 | /* KeyValueFullInformation */ 106 | 107 | typedef struct _KEY_VALUE_FULL_INFORMATION { 108 | ULONG TitleIndex; 109 | ULONG Type; 110 | ULONG DataOffset; 111 | ULONG DataLength; 112 | ULONG NameLength; 113 | WCHAR Name[1]; 114 | } KEY_VALUE_FULL_INFORMATION, *PKEY_VALUE_FULL_INFORMATION; 115 | 116 | /* KeyValuePartialInformation */ 117 | 118 | typedef struct _KEY_VALUE_PARTIAL_INFORMATION { 119 | ULONG TitleIndex; 120 | ULONG Type; 121 | ULONG DataLength; 122 | BYTE Data[1]; 123 | } KEY_VALUE_PARTIAL_INFORMATION, *PKEY_VALUE_PARTIAL_INFORMATION; 124 | 125 | typedef struct _KEY_VALUE_ENTRY { 126 | PUNICODE_STRING ValueName; 127 | ULONG DataLength; 128 | ULONG DataOffset; 129 | ULONG Type; 130 | } KEY_VALUE_ENTRY, *PKEY_VALUE_ENTRY; 131 | 132 | /* 133 | * Functions 134 | */ 135 | 136 | NTSYSAPI NTSTATUS NTAPI NtCreateKey( 137 | PHANDLE KeyHandle, 138 | ACCESS_MASK DesiredAccess, 139 | POBJECT_ATTRIBUTES ObjectAttributes, 140 | ULONG TitleIndex, 141 | PUNICODE_STRING Class OPTIONAL, 142 | ULONG CreateOptions, 143 | PULONG Disposition OPTIONAL); 144 | 145 | NTSYSAPI NTSTATUS NTAPI NtOpenKey( 146 | PHANDLE KeyHandle, 147 | ACCESS_MASK DesiredAccess, 148 | POBJECT_ATTRIBUTES ObjectAttributes); 149 | 150 | #if (NTAPI_LEVEL >= NTAPI_LEVEL_VISTA) 151 | NTSYSAPI NTSTATUS NTAPI NtCreateKeyTransacted( 152 | PHANDLE KeyHandle, 153 | ACCESS_MASK DesiredAccess, 154 | POBJECT_ATTRIBUTES ObjectAttributes, 155 | ULONG TitleIndex, 156 | PUNICODE_STRING Class OPTIONAL, 157 | ULONG CreateOptions, 158 | HANDLE TransactionHandle, 159 | PULONG Disposition OPTIONAL); 160 | 161 | NTSYSAPI NTSTATUS NTAPI NtOpenKeyTransacted( 162 | PHANDLE KeyHandle, 163 | ACCESS_MASK DesiredAccess, 164 | POBJECT_ATTRIBUTES ObjectAttributes, 165 | HANDLE TransactionHandle); 166 | #endif 167 | 168 | #if (NTAPI_LEVEL >= NTAPI_LEVEL_WIN7) 169 | NTSYSAPI NTSTATUS NTAPI NtOpenKeyEx( 170 | PHANDLE KeyHandle, 171 | ACCESS_MASK DesiredAccess, 172 | POBJECT_ATTRIBUTES ObjectAttributes, 173 | ULONG OpenOptions); 174 | 175 | NTSYSAPI NTSTATUS NTAPI NtOpenKeyTransactedEx( 176 | PHANDLE KeyHandle, 177 | ACCESS_MASK DesiredAccess, 178 | POBJECT_ATTRIBUTES ObjectAttributes, 179 | ULONG OpenOptions, 180 | HANDLE TransactionHandle); 181 | #endif 182 | 183 | NTSYSAPI NTSTATUS NTAPI NtRenameKey( 184 | HANDLE KeyHandle, 185 | PUNICODE_STRING NewName); 186 | 187 | NTSYSAPI NTSTATUS NTAPI NtFlushKey( 188 | HANDLE KeyHandle); 189 | 190 | NTSYSAPI NTSTATUS NTAPI NtDeleteKey( 191 | HANDLE KeyHandle); 192 | 193 | NTSYSAPI NTSTATUS NTAPI NtEnumerateKey( 194 | HANDLE KeyHandle, 195 | ULONG Index, 196 | KEY_INFORMATION_CLASS KeyInformationClass, 197 | PVOID KeyInformation, 198 | ULONG Length, 199 | PULONG ResultLength); 200 | 201 | NTSYSAPI NTSTATUS NTAPI NtLockRegistryKey( 202 | HANDLE KeyHandle); 203 | 204 | NTSYSAPI NTSTATUS NTAPI NtNotifyChangeKey( 205 | HANDLE KeyHandle, 206 | HANDLE Event OPTIONAL, 207 | PIO_APC_ROUTINE ApcRoutine OPTIONAL, 208 | PVOID ApcContext OPTIONAL, 209 | PIO_STATUS_BLOCK IoStatusBlock, 210 | ULONG CompletionFilter, 211 | BOOLEAN WatchTree, 212 | PVOID Buffer, 213 | ULONG BufferSize, 214 | BOOLEAN Asynchronous); 215 | 216 | NTSYSAPI NTSTATUS NTAPI NtNotifyChangeMultipleKeys( 217 | HANDLE MasterKeyHandle, 218 | ULONG Count OPTIONAL, 219 | OBJECT_ATTRIBUTES SlaveObjects[] OPTIONAL, 220 | HANDLE Event OPTIONAL, 221 | PIO_APC_ROUTINE ApcRoutine OPTIONAL, 222 | PVOID ApcContext OPTIONAL, 223 | PIO_STATUS_BLOCK IoStatusBlock, 224 | ULONG CompletionFilter, 225 | BOOLEAN WatchTree, 226 | PVOID Buffer OPTIONAL, 227 | ULONG BufferSize, 228 | BOOLEAN Asynchronous); 229 | 230 | NTSYSAPI NTSTATUS NTAPI NtQueryKey( 231 | HANDLE KeyHandle, 232 | KEY_INFORMATION_CLASS KeyInformationClass, 233 | PVOID KeyInformation, 234 | ULONG Length, 235 | PULONG ResultLength); 236 | 237 | NTSYSAPI NTSTATUS NTAPI NtSetInformationKey( 238 | HANDLE KeyHandle, 239 | KEY_SET_INFORMATION_CLASS KeySetInformationClass, 240 | PVOID KeySetInformation, 241 | ULONG KeySetInformationLength); 242 | 243 | NTSYSAPI NTSTATUS NTAPI NtQueryOpenSubKeys( 244 | POBJECT_ATTRIBUTES TargetKey, 245 | PULONG HandleCount); 246 | 247 | NTSYSAPI NTSTATUS NTAPI NtQueryOpenSubKeysEx( 248 | POBJECT_ATTRIBUTES TargetKey, 249 | ULONG BufferLength, 250 | PVOID Buffer, 251 | PULONG RequiredSize OPTIONAL); 252 | 253 | 254 | NTSYSAPI NTSTATUS NTAPI NtLoadKey( 255 | POBJECT_ATTRIBUTES TargetKey, 256 | POBJECT_ATTRIBUTES SourceFile); 257 | 258 | NTSYSAPI NTSTATUS NTAPI NtLoadKey2( 259 | POBJECT_ATTRIBUTES TargetKey, 260 | POBJECT_ATTRIBUTES SourceFile, 261 | ULONG Flags); 262 | 263 | NTSYSAPI NTSTATUS NTAPI NtLoadKeyEx( 264 | POBJECT_ATTRIBUTES TargetKey, 265 | POBJECT_ATTRIBUTES SourceFile, 266 | ULONG Flags, 267 | HANDLE TrustClassKey OPTIONAL); 268 | 269 | NTSYSAPI NTSTATUS NTAPI NtUnloadKey( 270 | POBJECT_ATTRIBUTES TargetKey); 271 | 272 | NTSYSAPI NTSTATUS NTAPI NtUnloadKey2( 273 | POBJECT_ATTRIBUTES TargetKey, 274 | ULONG Flags); 275 | 276 | NTSYSAPI NTSTATUS NTAPI NtUnloadKeyEx( 277 | POBJECT_ATTRIBUTES TargetKey, 278 | HANDLE Event OPTIONAL); 279 | 280 | NTSYSAPI NTSTATUS NTAPI NtReplaceKey( 281 | POBJECT_ATTRIBUTES NewFile, 282 | HANDLE TargetHandle, 283 | POBJECT_ATTRIBUTES OldFile); 284 | 285 | 286 | NTSYSAPI NTSTATUS NTAPI NtSaveKey( 287 | HANDLE KeyHandle, 288 | HANDLE FileHandle); 289 | 290 | NTSYSAPI NTSTATUS NTAPI NtSaveKeyEx( 291 | HANDLE KeyHandle, 292 | HANDLE FileHandle, 293 | ULONG Format); 294 | 295 | NTSYSAPI NTSTATUS NTAPI NtSaveMergedKeys( 296 | HANDLE HighPrecedenceKeyHandle, 297 | HANDLE LowPrecedenceKeyHandle, 298 | HANDLE FileHandle); 299 | 300 | NTSYSAPI NTSTATUS NTAPI NtRestoreKey( 301 | HANDLE KeyHandle, 302 | HANDLE FileHandle, 303 | ULONG Flags); 304 | 305 | 306 | NTSYSAPI NTSTATUS NTAPI NtEnumerateValueKey( 307 | HANDLE KeyHandle, 308 | ULONG Index, 309 | KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass, 310 | PVOID KeyValueInformation, 311 | ULONG Length, 312 | PULONG ResultLength); 313 | 314 | NTSYSAPI NTSTATUS NTAPI NtSetValueKey( 315 | HANDLE KeyHandle, 316 | PUNICODE_STRING ValueName, 317 | ULONG TitleIndex OPTIONAL, 318 | ULONG Type, 319 | PVOID Data, 320 | ULONG DataSize); 321 | 322 | NTSYSAPI NTSTATUS NTAPI NtDeleteValueKey( 323 | HANDLE KeyHandle, 324 | PUNICODE_STRING ValueName); 325 | 326 | NTSYSAPI NTSTATUS NTAPI NtQueryValueKey( 327 | HANDLE KeyHandle, 328 | PUNICODE_STRING ValueName, 329 | KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass, 330 | PVOID KeyValueInformation, 331 | ULONG Length, 332 | PULONG ResultLength); 333 | 334 | NTSYSAPI NTSTATUS NTAPI NtQueryMultipleValueKey( 335 | HANDLE KeyHandle, 336 | PKEY_VALUE_ENTRY ValueEntries, 337 | ULONG EntryCount, 338 | PVOID ValueBuffer, 339 | PULONG BufferLength, 340 | PULONG RequiredBufferLength OPTIONAL); 341 | 342 | #endif 343 | -------------------------------------------------------------------------------- /inc/nt/dbg.h: -------------------------------------------------------------------------------- 1 | #ifndef __NTAPI_DBG_H_INCLUDED 2 | #define __NTAPI_DBG_H_INCLUDED 3 | 4 | /****************************************************************** 5 | * Debugger API 6 | *****************************************************************/ 7 | 8 | /* 9 | * Types 10 | */ 11 | 12 | /* Ref: http://www.openrce.org/articles/full_view/25 */ 13 | /* Ref: http://native-nt-toolkit.googlecode.com/svn/trunk/ndk/dbgktypes.h */ 14 | 15 | #define DEBUG_OBJECT_WAIT_STATE_CHANGE 0x0001 16 | #define DEBUG_OBJECT_ADD_REMOVE_PROCESS 0x0002 17 | #define DEBUG_OBJECT_SET_INFORMATION 0x0004 18 | #define DEBUG_OBJECT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x0F) 19 | 20 | typedef enum _DBG_STATE 21 | { 22 | DbgIdle, 23 | DbgReplyPending, 24 | DbgCreateThreadStateChange, 25 | DbgCreateProcessStateChange, 26 | DbgExitThreadStateChange, 27 | DbgExitProcessStateChange, 28 | DbgExceptionStateChange, 29 | DbgBreakpointStateChange, 30 | DbgSingleStepStateChange, 31 | DbgLoadDllStateChange, 32 | DbgUnloadDllStateChange 33 | } DBG_STATE, *PDBG_STATE; 34 | 35 | typedef struct _DBGKM_EXCEPTION 36 | { 37 | EXCEPTION_RECORD ExceptionRecord; 38 | ULONG FirstChance; 39 | } DBGKM_EXCEPTION, *PDBGKM_EXCEPTION; 40 | 41 | typedef struct _DBGKM_CREATE_THREAD 42 | { 43 | ULONG SubSystemKey; 44 | PVOID StartAddress; 45 | } DBGKM_CREATE_THREAD, *PDBGKM_CREATE_THREAD; 46 | 47 | typedef struct _DBGKM_CREATE_PROCESS 48 | { 49 | ULONG SubSystemKey; 50 | HANDLE FileHandle; 51 | PVOID BaseOfImage; 52 | ULONG DebugInfoFileOffset; 53 | ULONG DebugInfoSize; 54 | DBGKM_CREATE_THREAD InitialThread; 55 | } DBGKM_CREATE_PROCESS, *PDBGKM_CREATE_PROCESS; 56 | 57 | typedef struct _DBGKM_EXIT_THREAD 58 | { 59 | NTSTATUS ExitStatus; 60 | } DBGKM_EXIT_THREAD, *PDBGKM_EXIT_THREAD; 61 | 62 | typedef struct _DBGKM_EXIT_PROCESS 63 | { 64 | NTSTATUS ExitStatus; 65 | } DBGKM_EXIT_PROCESS, *PDBGKM_EXIT_PROCESS; 66 | 67 | typedef struct _DBGKM_LOAD_DLL 68 | { 69 | HANDLE FileHandle; 70 | PVOID BaseOfDll; 71 | ULONG DebugInfoFileOffset; 72 | ULONG DebugInfoSize; 73 | PVOID NamePointer; 74 | } DBGKM_LOAD_DLL, *PDBGKM_LOAD_DLL; 75 | 76 | typedef struct _DBGKM_UNLOAD_DLL 77 | { 78 | PVOID BaseOfDll; 79 | } DBGKM_UNLOAD_DLL, *PDBGKM_UNLOAD_DLL; 80 | 81 | typedef struct _DBGUI_WAIT_STATE_CHANGE 82 | { 83 | DBG_STATE NewState; 84 | CLIENT_ID AppClientId; 85 | union 86 | { 87 | struct 88 | { 89 | HANDLE HandleToThread; 90 | DBGKM_CREATE_THREAD NewThread; 91 | } CreateThread; 92 | struct 93 | { 94 | HANDLE HandleToProcess; 95 | HANDLE HandleToThread; 96 | DBGKM_CREATE_PROCESS NewProcess; 97 | } CreateProcessInfo; 98 | DBGKM_EXIT_THREAD ExitThread; 99 | DBGKM_EXIT_PROCESS ExitProcess; 100 | DBGKM_EXCEPTION Exception; 101 | DBGKM_LOAD_DLL LoadDll; 102 | DBGKM_UNLOAD_DLL UnloadDll; 103 | } StateInfo; 104 | } DBGUI_WAIT_STATE_CHANGE, *PDBGUI_WAIT_STATE_CHANGE; 105 | 106 | /* 107 | * Functions 108 | */ 109 | 110 | NTSYSAPI NTSTATUS NTAPI NtCreateDebugObject( 111 | PHANDLE DebugHandle, 112 | ACCESS_MASK DesiredAccess, 113 | POBJECT_ATTRIBUTES ObjectAttributes, 114 | ULONG Flags); 115 | 116 | NTSYSAPI NTSTATUS NTAPI NtDebugActiveProcess( 117 | HANDLE ProcessHandle, 118 | HANDLE DebugHandle); 119 | 120 | NTSYSAPI NTSTATUS NTAPI NtWaitForDebugEvent( 121 | HANDLE DebugHandle, 122 | BOOLEAN Alertable, 123 | PLARGE_INTEGER Timeout, 124 | PDBGUI_WAIT_STATE_CHANGE StateChange); 125 | 126 | NTSYSAPI NTSTATUS NTAPI NtDebugContinue( 127 | HANDLE DebugHandle, 128 | PCLIENT_ID AppClientId, 129 | NTSTATUS ContinueStatus); 130 | 131 | NTSYSAPI NTSTATUS NTAPI NtRemoveProcessDebug( 132 | HANDLE ProcessHandle, 133 | HANDLE DebugHandle); 134 | 135 | 136 | /****************************************************************** 137 | * System debugger API 138 | *****************************************************************/ 139 | 140 | /* 141 | * Types 142 | */ 143 | 144 | typedef enum _SYSDBG_COMMAND { 145 | SysDbgQueryModuleInformation = 0x0, 146 | SysDbgQueryTraceInformation = 0x1, 147 | SysDbgSetTracepoint = 0x2, 148 | SysDbgSetSpecialCall = 0x3, 149 | SysDbgClearSpecialCalls = 0x4, 150 | SysDbgQuerySpecialCalls = 0x5, 151 | SysDbgBreakPoint = 0x6, 152 | SysDbgQueryVersion = 0x7, 153 | SysDbgReadVirtual = 0x8, 154 | SysDbgWriteVirtual = 0x9, 155 | SysDbgReadPhysical = 0xA, 156 | SysDbgWritePhysical = 0xB, 157 | SysDbgReadControlSpace = 0xC, 158 | SysDbgWriteControlSpace = 0xD, 159 | SysDbgReadIoSpace = 0xE, 160 | SysDbgWriteIoSpace = 0xF, 161 | SysDbgReadMsr = 0x10, 162 | SysDbgWriteMsr = 0x11, 163 | SysDbgReadBusData = 0x12, 164 | SysDbgWriteBusData = 0x13, 165 | SysDbgCheckLowMemory = 0x14, 166 | SysDbgEnableKernelDebugger = 0x15, 167 | SysDbgDisableKernelDebugger = 0x16, 168 | SysDbgGetAutoKdEnable = 0x17, 169 | SysDbgSetAutoKdEnable = 0x18, 170 | SysDbgGetPrintBufferSize = 0x19, 171 | SysDbgSetPrintBufferSize = 0x1A, 172 | SysDbgGetKdUmExceptionEnable = 0x1B, 173 | SysDbgSetKdUmExceptionEnable = 0x1C, 174 | #if (NTAPI_LEVEL >= NTAPI_LEVEL_WINXP) 175 | SysDbgGetTriageDump = 0x1D, 176 | SysDbgGetKdBlockEnable = 0x1E, 177 | SysDbgSetKdBlockEnable = 0x1F, 178 | #endif 179 | } SYSDBG_COMMAND; 180 | 181 | typedef struct _SYSDBG_PHYSICAL { 182 | LARGE_INTEGER Address; 183 | PVOID Buffer; 184 | ULONG Request; 185 | } SYSDBG_PHYSICAL, *PSYSDBG_PHYSICAL; 186 | 187 | typedef struct _SYSDBG_VIRTUAL { 188 | UINT_PTR Address; 189 | PVOID Buffer; 190 | ULONG Request; 191 | } SYSDBG_VIRTUAL, *PSYSDBG_VIRTUAL; 192 | 193 | typedef struct _SYSDBG_MSR { 194 | ULONG Msr; 195 | ULONGLONG Data; 196 | } SYSDBG_MSR, *PSYSDBG_MSR; 197 | 198 | typedef struct _SYSDBG_TRIAGE_DUMP { 199 | ULONG Flags; 200 | ULONG BugCheckCode; 201 | ULONG_PTR BugCheckParam1; 202 | ULONG_PTR BugCheckParam2; 203 | ULONG_PTR BugCheckParam3; 204 | ULONG_PTR BugCheckParam4; 205 | ULONG ProcessHandles; 206 | ULONG ThreadHandles; 207 | PHANDLE Handles; 208 | } SYSDBG_TRIAGE_DUMP, *PSYSDBG_TRIAGE_DUMP; 209 | 210 | /* 211 | * Functions 212 | */ 213 | 214 | NTSYSAPI NTSTATUS NTAPI NtSystemDebugControl( 215 | SYSDBG_COMMAND Command, 216 | PVOID InputBuffer, 217 | ULONG InputBufferLength, 218 | PVOID OutputBuffer, 219 | ULONG OutputBufferLength, 220 | PULONG ReturnLength); 221 | 222 | NTSYSAPI NTSTATUS NTAPI NtQueryDebugFilterState( 223 | ULONG ComponentId, 224 | ULONG Level); 225 | 226 | NTSYSAPI NTSTATUS NTAPI NtSetDebugFilterState( 227 | ULONG ComponentId, 228 | ULONG Level, 229 | BOOLEAN State); 230 | 231 | 232 | /****************************************************************** 233 | * Profile API 234 | *****************************************************************/ 235 | 236 | /* 237 | * Types 238 | */ 239 | 240 | typedef enum _KPROFILE_SOURCE { 241 | ProfileTime = 0x0, 242 | ProfileAlignmentFixup = 0x1, 243 | ProfileTotalIssues = 0x2, 244 | ProfilePipelineDry = 0x3, 245 | ProfileLoadInstructions = 0x4, 246 | ProfilePipelineFrozen = 0x5, 247 | ProfileBranchInstructions = 0x6, 248 | ProfileTotalNonissues = 0x7, 249 | ProfileDcacheMisses = 0x8, 250 | ProfileIcacheMisses = 0x9, 251 | ProfileCacheMisses = 0xA, 252 | ProfileBranchMispredictions = 0xB, 253 | ProfileStoreInstructions = 0xC, 254 | ProfileFpInstructions = 0xD, 255 | ProfileIntegerInstructions = 0xE, 256 | Profile2Issue = 0xF, 257 | Profile3Issue = 0x10, 258 | Profile4Issue = 0x11, 259 | ProfileSpecialInstructions = 0x12, 260 | ProfileTotalCycles = 0x13, 261 | ProfileIcacheIssues = 0x14, 262 | ProfileDcacheAccesses = 0x15, 263 | ProfileMemoryBarrierCycles = 0x16, 264 | ProfileLoadLinkedIssues = 0x17, 265 | ProfileMaximum = 0x18, 266 | } KPROFILE_SOURCE; 267 | 268 | /* 269 | * Functions 270 | */ 271 | 272 | NTSYSAPI NTSTATUS NTAPI NtCreateProfile( 273 | PHANDLE ProfileHandle, 274 | HANDLE Process OPTIONAL, 275 | PVOID ImageBase, 276 | ULONG ImageSize, 277 | ULONG BucketSize, 278 | PVOID Buffer, 279 | ULONG BufferSize, 280 | KPROFILE_SOURCE ProfileSource, 281 | KAFFINITY Affinity); 282 | 283 | NTSYSAPI NTSTATUS NTAPI NtStartProfile( 284 | HANDLE ProfileHandle); 285 | 286 | NTSYSAPI NTSTATUS NTAPI NtStopProfile( 287 | HANDLE ProfileHandle); 288 | 289 | NTSYSAPI NTSTATUS NTAPI NtSetIntervalProfile( 290 | ULONG Interval, 291 | KPROFILE_SOURCE Source); 292 | 293 | NTSYSAPI NTSTATUS NTAPI NtQueryIntervalProfile( 294 | KPROFILE_SOURCE ProfileSource, 295 | PULONG Interval); 296 | 297 | 298 | #endif 299 | -------------------------------------------------------------------------------- /inc/nt/io.h: -------------------------------------------------------------------------------- 1 | #ifndef __NTAPI_IO_H_INCLUDED 2 | #define __NTAPI_IO_H_INCLUDED 3 | 4 | /****************************************************************** 5 | * File API 6 | *****************************************************************/ 7 | 8 | /* 9 | * Types 10 | */ 11 | 12 | /* CreateDisposition flags */ 13 | 14 | #define FILE_SUPERSEDE 0x00000000 15 | #define FILE_OPEN 0x00000001 16 | #define FILE_CREATE 0x00000002 17 | #define FILE_OPEN_IF 0x00000003 18 | #define FILE_OVERWRITE 0x00000004 19 | #define FILE_OVERWRITE_IF 0x00000005 20 | #define FILE_MAXIMUM_DISPOSITION 0x00000005 21 | 22 | /* CreateOptions or OpenOptions flags */ 23 | 24 | #define FILE_DIRECTORY_FILE 0x00000001 25 | #define FILE_WRITE_THROUGH 0x00000002 26 | #define FILE_SEQUENTIAL_ONLY 0x00000004 27 | #define FILE_NO_INTERMEDIATE_BUFFERING 0x00000008 28 | 29 | #define FILE_SYNCHRONOUS_IO_ALERT 0x00000010 30 | #define FILE_SYNCHRONOUS_IO_NONALERT 0x00000020 31 | #define FILE_NON_DIRECTORY_FILE 0x00000040 32 | #define FILE_CREATE_TREE_CONNECTION 0x00000080 33 | 34 | #define FILE_COMPLETE_IF_OPLOCKED 0x00000100 35 | #define FILE_NO_EA_KNOWLEDGE 0x00000200 36 | #define FILE_OPEN_FOR_RECOVERY 0x00000400 37 | #define FILE_RANDOM_ACCESS 0x00000800 38 | 39 | #define FILE_DELETE_ON_CLOSE 0x00001000 40 | #define FILE_OPEN_BY_FILE_ID 0x00002000 41 | #define FILE_OPEN_FOR_BACKUP_INTENT 0x00004000 42 | #define FILE_NO_COMPRESSION 0x00008000 43 | 44 | #define FILE_RESERVE_OPFILTER 0x00100000 45 | #define FILE_OPEN_REPARSE_POINT 0x00200000 46 | #define FILE_OPEN_NO_RECALL 0x00400000 47 | #define FILE_OPEN_FOR_FREE_SPACE_QUERY 0x00800000 48 | 49 | /* Current: 6.1 */ 50 | typedef enum _FILE_INFORMATION_CLASS { 51 | FileDirectoryInformation = 0x1, 52 | FileFullDirectoryInformation = 0x2, 53 | FileBothDirectoryInformation = 0x3, 54 | FileBasicInformation = 0x4, 55 | FileStandardInformation = 0x5, 56 | FileInternalInformation = 0x6, 57 | FileEaInformation = 0x7, 58 | FileAccessInformation = 0x8, 59 | FileNameInformation = 0x9, 60 | FileRenameInformation = 0xA, 61 | FileLinkInformation = 0xB, 62 | FileNamesInformation = 0xC, 63 | FileDispositionInformation = 0xD, 64 | FilePositionInformation = 0xE, 65 | FileFullEaInformation = 0xF, 66 | FileModeInformation = 0x10, 67 | FileAlignmentInformation = 0x11, 68 | FileAllInformation = 0x12, 69 | FileAllocationInformation = 0x13, 70 | FileEndOfFileInformation = 0x14, 71 | FileAlternateNameInformation = 0x15, 72 | FileStreamInformation = 0x16, 73 | FilePipeInformation = 0x17, 74 | FilePipeLocalInformation = 0x18, 75 | FilePipeRemoteInformation = 0x19, 76 | FileMailslotQueryInformation = 0x1A, 77 | FileMailslotSetInformation = 0x1B, 78 | FileCompressionInformation = 0x1C, 79 | FileObjectIdInformation = 0x1D, 80 | FileCompletionInformation = 0x1E, 81 | FileMoveClusterInformation = 0x1F, 82 | FileQuotaInformation = 0x20, 83 | FileReparsePointInformation = 0x21, 84 | FileNetworkOpenInformation = 0x22, 85 | FileAttributeTagInformation = 0x23, 86 | FileTrackingInformation = 0x24, 87 | FileIdBothDirectoryInformation = 0x25, 88 | FileIdFullDirectoryInformation = 0x26, 89 | FileValidDataLengthInformation = 0x27, 90 | FileShortNameInformation = 0x28, 91 | #if (NTAPI_LEVEL >= NTAPI_LEVEL_WINXP) 92 | FileIoCompletionNotificationInformation = 0x29, 93 | FileIoStatusBlockRangeInformation = 0x2A, 94 | FileIoPriorityHintInformation = 0x2B, 95 | FileSfioReserveInformation = 0x2C, 96 | FileSfioVolumeInformation = 0x2D, 97 | FileHardLinkInformation = 0x2E, 98 | FileProcessIdsUsingFileInformation = 0x2F, 99 | FileNormalizedNameInformation = 0x30, 100 | FileNetworkPhysicalNameInformation = 0x31, 101 | FileIdGlobalTxDirectoryInformation = 0x32, 102 | FileIsRemoteDeviceInformation = 0x33, 103 | FileAttributeCacheInformation = 0x34, 104 | FileNumaNodeInformation = 0x35, 105 | FileStandardLinkInformation = 0x36, 106 | FileRemoteProtocolInformation = 0x37, 107 | FileMaximumInformation_NT610 = 0x38, 108 | #endif 109 | } FILE_INFORMATION_CLASS, *PFILE_INFORMATION_CLASS; 110 | 111 | /* FilePipeInformation */ 112 | 113 | #define FILE_PIPE_BYTE_STREAM_MODE 0 114 | #define FILE_PIPE_MESSAGE_MODE 1 115 | 116 | #define FILE_PIPE_QUEUE_OPERATION 0 117 | #define FILE_PIPE_COMPLETE_OPERATION 1 118 | 119 | typedef struct _FILE_PIPE_INFORMATION { 120 | ULONG ReadMode; 121 | ULONG CompletionMode; 122 | } FILE_PIPE_INFORMATION, *PFILE_PIPE_INFORMATION; 123 | 124 | /* FilePipeLocalInformation */ 125 | 126 | typedef struct _FILE_PIPE_LOCAL_INFORMATION { 127 | ULONG NamedPipeType; 128 | ULONG NamedPipeConfiguration; 129 | ULONG MaximumInstances; 130 | ULONG CurrentInstances; 131 | ULONG InboundQuota; 132 | ULONG ReadDataAvailable; 133 | ULONG OutboundQuota; 134 | ULONG WriteQuotaAvailable; 135 | ULONG NamedPipeState; 136 | ULONG NamedPipeEnd; 137 | } FILE_PIPE_LOCAL_INFORMATION, *PFILE_PIPE_LOCAL_INFORMATION; 138 | 139 | /* FilePipeRemoteInformation */ 140 | 141 | typedef struct _FILE_PIPE_REMOTE_INFORMATION { 142 | LARGE_INTEGER CollectDataTime; 143 | ULONG MaximumCollectionCount; 144 | } FILE_PIPE_REMOTE_INFORMATION, *PFILE_PIPE_REMOTE_INFORMATION; 145 | 146 | /* 147 | * Functions 148 | */ 149 | 150 | /* http://msdn.microsoft.com/en-us/library/windows/hardware/ff566424%28v=vs.85%29.aspx */ 151 | NTSYSAPI NTSTATUS NTAPI NtCreateFile( 152 | PHANDLE FileHandle, 153 | ACCESS_MASK DesiredAccess, 154 | POBJECT_ATTRIBUTES ObjectAttributes, 155 | PIO_STATUS_BLOCK IoStatusBlock, 156 | PLARGE_INTEGER AllocationSize, 157 | ULONG FileAttributes, 158 | ULONG ShareAccess, 159 | ULONG CreateDisposition, 160 | ULONG CreateOptions, 161 | PVOID EaBuffer, 162 | ULONG EaLength); 163 | 164 | NTSYSAPI NTSTATUS NTAPI NtCreateMailslotFile( 165 | PHANDLE MailslotFileHandle, 166 | ACCESS_MASK DesiredAccess, 167 | POBJECT_ATTRIBUTES ObjectAttributes, 168 | PIO_STATUS_BLOCK IoStatusBlock, 169 | ULONG CreateOptions, 170 | ULONG MailslotQuota, 171 | ULONG MaxMessageSize, 172 | PLARGE_INTEGER ReadTimeOut); 173 | 174 | NTSYSAPI NTSTATUS NTAPI NtCreateNamedPipeFile( 175 | PHANDLE NamedPipeFileHandle, 176 | ACCESS_MASK DesiredAccess, 177 | POBJECT_ATTRIBUTES ObjectAttributes, 178 | PIO_STATUS_BLOCK IoStatusBlock, 179 | ULONG ShareAccess, 180 | ULONG CreateDisposition, 181 | ULONG CreateOptions, 182 | BOOLEAN WriteModeMessage, 183 | BOOLEAN ReadModeMessage, 184 | BOOLEAN NonBlocking, 185 | ULONG MaxInstances, 186 | ULONG InBufferSize, 187 | ULONG OutBufferSize, 188 | PLARGE_INTEGER DefaultTimeOut); 189 | 190 | NTSYSAPI NTSTATUS NTAPI NtCreatePagingFile( 191 | PUNICODE_STRING PageFileName, 192 | PLARGE_INTEGER MiniumSize, 193 | PLARGE_INTEGER MaxiumSize, 194 | PLARGE_INTEGER ActualSize OPTIONAL); 195 | 196 | /* http://msdn.microsoft.com/en-us/library/windows/hardware/ff567011%28v=vs.85%29.aspx */ 197 | NTSYSAPI NTSTATUS NTAPI NtOpenFile( 198 | PHANDLE FileHandle, 199 | ACCESS_MASK DesiredAccess, 200 | POBJECT_ATTRIBUTES ObjectAttributes, 201 | PIO_STATUS_BLOCK IoStatusBlock, 202 | ULONG ShareAccess, 203 | ULONG OpenOptions); 204 | 205 | NTSYSAPI NTSTATUS NTAPI NtLockFile( 206 | HANDLE FileHandle, 207 | HANDLE LockGrantedEvent OPTIONAL, 208 | PIO_APC_ROUTINE ApcRoutine OPTIONAL, 209 | PVOID ApcContext OPTIONAL, 210 | PIO_STATUS_BLOCK IoStatusBlock, 211 | PLARGE_INTEGER ByteOffset, 212 | PLARGE_INTEGER Length, 213 | PULONG Key, 214 | BOOLEAN ReturnImmediately, 215 | BOOLEAN ExclusiveLock); 216 | 217 | NTSYSAPI NTSTATUS NTAPI NtUnlockFile( 218 | HANDLE FileHandle, 219 | PIO_STATUS_BLOCK IoStatusBlock, 220 | PLARGE_INTEGER ByteOffset, 221 | PLARGE_INTEGER Length, 222 | PULONG Key); 223 | 224 | NTSYSAPI NTSTATUS NTAPI NtReadFile( 225 | HANDLE FileHandle, 226 | HANDLE Event OPTIONAL, 227 | PIO_APC_ROUTINE ApcRoutine OPTIONAL, 228 | PVOID ApcContext OPTIONAL, 229 | PIO_STATUS_BLOCK IoStatusBlock, 230 | PVOID Buffer, 231 | ULONG Length, 232 | PLARGE_INTEGER ByteOffset OPTIONAL, 233 | PULONG Key OPTIONAL); 234 | 235 | NTSYSAPI NTSTATUS NTAPI NtWriteFile( 236 | HANDLE FileHandle, 237 | HANDLE Event OPTIONAL, 238 | PIO_APC_ROUTINE ApcRoutine OPTIONAL, 239 | PVOID ApcContext OPTIONAL, 240 | PIO_STATUS_BLOCK IoStatusBlock, 241 | PVOID Buffer, 242 | ULONG Length, 243 | PLARGE_INTEGER ByteOffset OPTIONAL, 244 | PULONG Key OPTIONAL); 245 | 246 | NTSYSAPI NTSTATUS NTAPI NtFlushBuffersFile( 247 | HANDLE FileHandle, 248 | PIO_STATUS_BLOCK IoStatusBlock); 249 | 250 | NTSYSAPI NTSTATUS NTAPI NtDeleteFile( 251 | POBJECT_ATTRIBUTES ObjectAttributes); 252 | 253 | NTSYSAPI NTSTATUS NTAPI NtDeviceIoControlFile( 254 | HANDLE FileHandle, 255 | HANDLE Event OPTIONAL, 256 | PIO_APC_ROUTINE UserApcRoutine OPTIONAL, 257 | PVOID UserApcContext OPTIONAL, 258 | PIO_STATUS_BLOCK IoStatusBlock, 259 | ULONG IoControlCode, 260 | PVOID InputBuffer OPTIONAL, 261 | ULONG InputBufferLength, 262 | PVOID OutputBuffer OPTIONAL, 263 | ULONG OutputBufferLength); 264 | 265 | NTSYSAPI NTSTATUS NTAPI NtFsControlFile( 266 | HANDLE FileHandle, 267 | HANDLE Event OPTIONAL, 268 | PIO_APC_ROUTINE ApcRoutine OPTIONAL, 269 | PVOID ApcContext OPTIONAL, 270 | PIO_STATUS_BLOCK IoStatusBlock, 271 | ULONG FsControlCode, 272 | PVOID InputBuffer OPTIONAL, 273 | ULONG InputBufferLength, 274 | PVOID OutputBuffer OPTIONAL, 275 | ULONG OutputBufferLength); 276 | 277 | NTSYSAPI NTSTATUS NTAPI NtCancelIoFile( 278 | HANDLE FileHandle, 279 | PIO_STATUS_BLOCK IoStatusBlock); 280 | 281 | NTSYSAPI NTSTATUS NTAPI NtQueryInformationFile( 282 | HANDLE FileHandle, 283 | PIO_STATUS_BLOCK IoStatusBlock, 284 | PVOID FileInformation, 285 | ULONG FileInformationLength, 286 | FILE_INFORMATION_CLASS FileInformationClass); 287 | 288 | NTSYSAPI NTSTATUS NTAPI NtSetInformationFile( 289 | HANDLE FileHandle, 290 | PIO_STATUS_BLOCK IoStatusBlock, 291 | PVOID FileInformation, 292 | ULONG FileInformationLength, 293 | FILE_INFORMATION_CLASS FileInformationClass); 294 | 295 | 296 | /****************************************************************** 297 | * Input/Output Completion API 298 | *****************************************************************/ 299 | 300 | /* 301 | * Types 302 | */ 303 | 304 | typedef enum _IO_COMPLETION_INFORMATION_CLASS { 305 | IoCompletionBasicInformation = 0x0, 306 | } IO_COMPLETION_INFORMATION_CLASS; 307 | 308 | typedef struct _IO_COMPLETION_BASIC_INFORMATION { 309 | LONG Depth; 310 | } IO_COMPLETION_BASIC_INFORMATION, *PIO_COMPLETION_BASIC_INFORMATION; 311 | 312 | /* 313 | * Functions 314 | */ 315 | 316 | NTSYSAPI NTSTATUS NTAPI NtCreateIoCompletion( 317 | PHANDLE IoCompletionHandle, 318 | ACCESS_MASK DesiredAccess, 319 | POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, 320 | ULONG NumberOfConcurrentThreads); 321 | 322 | NTSYSAPI NTSTATUS NTAPI NtOpenIoCompletion( 323 | PHANDLE IoCompletionHandle, 324 | ACCESS_MASK DesiredAccess, 325 | POBJECT_ATTRIBUTES ObjectAttributes); 326 | 327 | NTSYSAPI NTSTATUS NTAPI NtSetIoCompletion( 328 | HANDLE IoCompletionHandle, 329 | ULONG CompletionKey, 330 | PIO_STATUS_BLOCK IoStatusBlock, 331 | NTSTATUS CompletionStatus, 332 | ULONG NumberOfBytesTransfered); 333 | 334 | /* Since: NT 6.1 */ 335 | NTSYSAPI NTSTATUS NTAPI NtSetIoCompletionEx( 336 | HANDLE IoCompletionHandle, 337 | HANDLE ReserveHandle, 338 | PVOID CompletionKey, 339 | PVOID CompletionContext, 340 | NTSTATUS CompletionStatus, 341 | ULONG CompletionInformation); 342 | 343 | NTSYSAPI NTSTATUS NTAPI NtRemoveIoCompletion( 344 | HANDLE IoCompletionHandle, 345 | PULONG CompletionKey, 346 | PULONG CompletionValue, 347 | PIO_STATUS_BLOCK IoStatusBlock, 348 | PLARGE_INTEGER Timeout OPTIONAL); 349 | 350 | NTSYSAPI NTSTATUS NTAPI NtQueryIoCompletion( 351 | HANDLE IoCompletionHandle, 352 | IO_COMPLETION_INFORMATION_CLASS InformationClass, 353 | PVOID IoCompletionInformation, 354 | ULONG InformationBufferLength, 355 | PULONG RequiredLength OPTIONAL); 356 | 357 | 358 | /****************************************************************** 359 | * Input/Output Manager API 360 | *****************************************************************/ 361 | 362 | #if (NTAPI_LEVEL >= NTAPI_LEVEL_WIN7) 363 | 364 | /* 365 | * Functions 366 | */ 367 | 368 | NTSYSAPI NTSTATUS NTAPI NtAllocateReserveObject( 369 | PHANDLE ReserveHandle, 370 | POBJECT_ATTRIBUTES ObjectAttributes, 371 | ULONG ObjectType); 372 | 373 | #endif 374 | 375 | #endif 376 | -------------------------------------------------------------------------------- /inc/nt/ke.h: -------------------------------------------------------------------------------- 1 | #ifndef __NTAPI_KE_H_INCLUDED 2 | #define __NTAPI_KE_H_INCLUDED 3 | 4 | /****************************************************************** 5 | * Event API 6 | *****************************************************************/ 7 | 8 | /* 9 | * Types 10 | */ 11 | 12 | typedef enum _EVENT_TYPE { 13 | NotificationEvent = 0x0, 14 | SynchronizationEvent = 0x1, 15 | } EVENT_TYPE; 16 | 17 | typedef enum _EVENT_INFORMATION_CLASS { 18 | EventBasicInformation = 0x0, 19 | } EVENT_INFORMATION_CLASS; 20 | 21 | typedef struct _EVENT_BASIC_INFORMATION { 22 | EVENT_TYPE EventType; 23 | LONG EventState; 24 | } EVENT_BASIC_INFORMATION, *PEVENT_BASIC_INFORMATION; 25 | 26 | /* 27 | * Functions 28 | */ 29 | 30 | NTSYSAPI NTSTATUS NTAPI NtCreateEvent( 31 | PHANDLE EventHandle, 32 | ACCESS_MASK DesiredAccess, 33 | POBJECT_ATTRIBUTES ObjectAttributes, 34 | EVENT_TYPE EventType, 35 | BOOLEAN InitialState); 36 | 37 | NTSYSAPI NTSTATUS NTAPI NtOpenEvent( 38 | PHANDLE EventHandle, 39 | ACCESS_MASK DesiredAccess, 40 | POBJECT_ATTRIBUTES ObjectAttributes ); 41 | 42 | NTSYSAPI NTSTATUS NTAPI NtClearEvent( 43 | HANDLE EventHandle ); 44 | 45 | NTSYSAPI NTSTATUS NTAPI NtSetEvent( 46 | HANDLE EventHandle, 47 | PLONG PreviousState); 48 | 49 | NTSYSAPI NTSTATUS NTAPI NtResetEvent( 50 | HANDLE EventHandle, 51 | PLONG PreviousState); 52 | 53 | NTSYSAPI NTSTATUS NTAPI NtPulseEvent( 54 | HANDLE EventHandle, 55 | PLONG PreviousState); 56 | 57 | NTSYSAPI NTSTATUS NTAPI NtSetEventBoostPriority( 58 | HANDLE EventHandle ); 59 | 60 | NTSYSAPI NTSTATUS NTAPI NtQueryEvent( 61 | HANDLE EventHandle, 62 | EVENT_INFORMATION_CLASS EventInformationClass, 63 | PVOID EventInformation, 64 | ULONG EventInformationLength, 65 | PULONG ReturnLength); 66 | 67 | 68 | /****************************************************************** 69 | * Event pair API 70 | *****************************************************************/ 71 | 72 | /* 73 | * Functions 74 | */ 75 | 76 | NTSYSAPI NTSTATUS NTAPI NtCreateEventPair( 77 | PHANDLE EventPairHandle, 78 | ACCESS_MASK DesiredAccess, 79 | POBJECT_ATTRIBUTES ObjectAttributes); 80 | 81 | NTSYSAPI NTSTATUS NTAPI NtOpenEventPair( 82 | PHANDLE EventPairHandle, 83 | ACCESS_MASK DesiredAccess, 84 | POBJECT_ATTRIBUTES ObjectAttributes); 85 | 86 | NTSYSAPI NTSTATUS NTAPI NtSetHighEventPair( 87 | HANDLE EventPairHandle); 88 | 89 | NTSYSAPI NTSTATUS NTAPI NtSetHighWaitLowEventPair( 90 | HANDLE EventPairHandle); 91 | 92 | NTSYSAPI NTSTATUS NTAPI NtWaitLowEventPair( 93 | HANDLE EventPairHandle); 94 | 95 | NTSYSAPI NTSTATUS NTAPI NtSetLowEventPair( 96 | HANDLE EventPairHandle); 97 | 98 | NTSYSAPI NTSTATUS NTAPI NtSetLowWaitHighEventPair( 99 | HANDLE EventPairHandle); 100 | 101 | NTSYSAPI NTSTATUS NTAPI NtWaitHighEventPair( 102 | HANDLE EventPairHandle); 103 | 104 | 105 | /****************************************************************** 106 | * Keyed event API 107 | *****************************************************************/ 108 | 109 | /* 110 | * Functions 111 | */ 112 | 113 | NTSYSAPI NTSTATUS NTAPI NtCreateKeyedEvent( 114 | PHANDLE KeyedEventHandle, 115 | ACCESS_MASK DesiredAccess, 116 | POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, 117 | ULONG Flags); 118 | 119 | NTSYSAPI NTSTATUS NTAPI NtOpenKeyedEvent( 120 | PHANDLE KeyedEventHandle, 121 | ACCESS_MASK DesiredAccess, 122 | POBJECT_ATTRIBUTES ObjectAttributes); 123 | 124 | NTSYSAPI NTSTATUS NTAPI NtReleaseKeyedEvent( 125 | HANDLE KeyedEventHandle, 126 | PVOID KeyValue, 127 | BOOLEAN Alertable, 128 | PLARGE_INTEGER Timeout OPTIONAL); 129 | 130 | NTSYSAPI NTSTATUS NTAPI NtWaitForKeyedEvent( 131 | HANDLE KeyedEventHandle, 132 | PVOID KeyValue, 133 | BOOLEAN Alertable, 134 | PLARGE_INTEGER Timeout OPTIONAL); 135 | 136 | 137 | /****************************************************************** 138 | * Timer API 139 | *****************************************************************/ 140 | 141 | /* 142 | * Types 143 | */ 144 | 145 | typedef enum _TIMER_TYPE { 146 | NotificationTimer = 0x0, 147 | SynchronizationTimer = 0x1, 148 | } TIMER_TYPE; 149 | 150 | typedef enum _TIMER_INFORMATION_CLASS { 151 | TimerBasicInformation = 0x0, 152 | } TIMER_INFORMATION_CLASS; 153 | 154 | typedef struct _TIMER_BASIC_INFORMATION { 155 | LARGE_INTEGER RemainingTime; 156 | BOOLEAN TimerState; 157 | } TIMER_BASIC_INFORMATION, *PTIMER_BASIC_INFORMATION; 158 | 159 | typedef VOID (*PTIMER_APC_ROUTINE)(PVOID TimerContext, ULONG TimerLowValue, LONG TimerHighValue); 160 | 161 | /* 162 | * Functions 163 | */ 164 | 165 | NTSYSAPI NTSTATUS NTAPI NtCreateTimer( 166 | PHANDLE TimerHandle, 167 | ACCESS_MASK DesiredAccess, 168 | POBJECT_ATTRIBUTES ObjectAttributes, 169 | TIMER_TYPE TimerType); 170 | 171 | NTSYSAPI NTSTATUS NTAPI NtOpenTimer( 172 | PHANDLE TimerHandle, 173 | ACCESS_MASK DesiredAccess, 174 | POBJECT_ATTRIBUTES ObjectAttributes); 175 | 176 | NTSYSAPI NTSTATUS NTAPI NtSetTimer( 177 | HANDLE TimerHandle, 178 | PLARGE_INTEGER DueTime, 179 | PTIMER_APC_ROUTINE TimerApcRoutine, 180 | PVOID TimerContext, 181 | BOOLEAN ResumeTimer, 182 | LONG Period, 183 | PBOOLEAN PreviousState); 184 | 185 | NTSYSAPI NTSTATUS NTAPI NtCancelTimer( 186 | HANDLE TimerHandle, 187 | PBOOLEAN CurrentState); 188 | 189 | NTSYSAPI NTSTATUS NTAPI NtQueryTimer( 190 | HANDLE TimerHandle, 191 | TIMER_INFORMATION_CLASS TimerInformationClass, 192 | PVOID TimerInformation, 193 | ULONG TimerInformationLength, 194 | PULONG ReturnLength); 195 | 196 | 197 | /****************************************************************** 198 | * Mutant API 199 | *****************************************************************/ 200 | 201 | /* 202 | * Types 203 | */ 204 | 205 | typedef enum _MUTANT_INFORMATION_CLASS { 206 | MutantBasicInformation = 0x0, 207 | } MUTANT_INFORMATION_CLASS; 208 | 209 | typedef struct _MUTANT_BASIC_INFORMATION { 210 | LONG CurrentCount; 211 | BOOLEAN OwnedByCaller; 212 | BOOLEAN AbandonedState; 213 | } MUTANT_BASIC_INFORMATION, *PMUTANT_BASIC_INFORMATION; 214 | 215 | /* 216 | * Functions 217 | */ 218 | 219 | /* 220 | This function creates a mutant object, sets its initial count to one 221 | (signaled), and opens a handle to the object with the specified desired 222 | access. 223 | */ 224 | NTSYSAPI NTSTATUS NTAPI NtCreateMutant( 225 | PHANDLE MutantHandle, 226 | ACCESS_MASK DesiredAccess, 227 | POBJECT_ATTRIBUTES ObjectAttributes, 228 | BOOLEAN InitialOwner); 229 | 230 | /* 231 | This function opens a handle to a mutant object with the specified 232 | desired access. 233 | */ 234 | NTSYSAPI NTSTATUS NTAPI NtOpenMutant( 235 | PHANDLE MutantHandle, 236 | ACCESS_MASK DesiredAccess, 237 | POBJECT_ATTRIBUTES ObjectAttributes); 238 | 239 | NTSYSAPI NTSTATUS NTAPI NtQueryMutant( 240 | HANDLE MutantHandle, 241 | MUTANT_INFORMATION_CLASS MutantInformationClass, 242 | PVOID MutantInformation, 243 | ULONG MutantInformationLength, 244 | PULONG ResultLength); 245 | 246 | NTSYSAPI NTSTATUS NTAPI NtReleaseMutant( 247 | HANDLE MutantHandle, 248 | PLONG PreviousCount); 249 | 250 | 251 | /****************************************************************** 252 | * Semaphore API 253 | *****************************************************************/ 254 | 255 | /* 256 | * Types 257 | */ 258 | 259 | typedef enum _SEMAPHORE_INFORMATION_CLASS { 260 | SemaphoreBasicInformation = 0x0, 261 | } SEMAPHORE_INFORMATION_CLASS; 262 | 263 | typedef struct _SEMAPHORE_BASIC_INFORMATION { 264 | LONG CurrentCount; 265 | LONG MaximumCount; 266 | } SEMAPHORE_BASIC_INFORMATION, *PSEMAPHORE_BASIC_INFORMATION; 267 | 268 | /* 269 | * Functions 270 | */ 271 | 272 | NTSYSAPI NTSTATUS NTAPI NtCreateSemaphore( 273 | PHANDLE SemaphoreHandle, 274 | ACCESS_MASK DesiredAccess, 275 | POBJECT_ATTRIBUTES ObjectAttributes, 276 | ULONG InitialCount, 277 | ULONG MaximumCount); 278 | 279 | NTSYSAPI NTSTATUS NTAPI NtOpenSemaphore( 280 | PHANDLE SemaphoreHandle, 281 | ACCESS_MASK DesiredAccess, 282 | POBJECT_ATTRIBUTES ObjectAttributes); 283 | 284 | NTSYSAPI NTSTATUS NTAPI NtReleaseSemaphore( 285 | HANDLE SemaphoreHandle, 286 | ULONG ReleaseCount, 287 | PULONG PreviousCount); 288 | 289 | NTSYSAPI NTSTATUS NTAPI NtQuerySemaphore( 290 | HANDLE SemaphoreHandle, 291 | SEMAPHORE_INFORMATION_CLASS SemaphoreInformationClass, 292 | PVOID SemaphoreInformation, 293 | ULONG SemaphoreInformationLength, 294 | PULONG ReturnLength); 295 | 296 | #endif 297 | -------------------------------------------------------------------------------- /inc/nt/lpc.h: -------------------------------------------------------------------------------- 1 | #ifndef __NTAPI_LPC_H_INCLUDED 2 | #define __NTAPI_LPC_H_INCLUDED 3 | 4 | /****************************************************************** 5 | * Port API 6 | *****************************************************************/ 7 | 8 | /* 9 | * Types 10 | */ 11 | 12 | typedef struct _PORT_VIEW 13 | { 14 | ULONG Length; 15 | HANDLE SectionHandle; 16 | ULONG SectionOffset; 17 | ULONG ViewSize; 18 | PVOID ViewBase; 19 | PVOID ViewRemoteBase; 20 | } PORT_VIEW, *PPORT_VIEW; 21 | 22 | typedef struct _REMOTE_PORT_VIEW 23 | { 24 | ULONG Length; 25 | ULONG ViewSize; 26 | PVOID ViewBase; 27 | } REMOTE_PORT_VIEW, *PREMOTE_PORT_VIEW; 28 | 29 | typedef struct _PORT_MESSAGE 30 | { 31 | union { 32 | struct { 33 | USHORT DataLength; 34 | USHORT TotalLength; 35 | } s1; 36 | ULONG Length; 37 | } u1; 38 | union { 39 | struct { 40 | USHORT Type; 41 | USHORT DataInfoOffset; 42 | } s2; 43 | ULONG ZeroInit; 44 | } u2; 45 | union { 46 | CLIENT_ID ClientId; 47 | double DoNotUseThisField; // Force quadword alignment 48 | }; 49 | ULONG MessageId; 50 | union { 51 | ULONG ClientViewSize; // Only valid on LPC_CONNECTION_REQUEST message 52 | ULONG CallbackId; // Only valid on LPC_REQUEST message 53 | }; 54 | // UCHAR Data[]; 55 | } PORT_MESSAGE, *PPORT_MESSAGE; 56 | 57 | /* 58 | * Functions 59 | */ 60 | 61 | NTSYSAPI NTSTATUS NTAPI NtCreatePort( 62 | PHANDLE PortHandle, 63 | POBJECT_ATTRIBUTES ObjectAttributes, 64 | ULONG MaxDataSize, 65 | ULONG MaxMessageSize, 66 | ULONG Reserved); 67 | 68 | NTSYSAPI NTSTATUS NTAPI NtCreateWaitablePort( 69 | PHANDLE PortHandle, 70 | POBJECT_ATTRIBUTES ObjectAttributes, 71 | ULONG MaxConnectInfoLength, 72 | ULONG MaxDataLength, 73 | ULONG MaxPoolUsage); 74 | 75 | NTSYSAPI NTSTATUS NTAPI NtAcceptConnectPort( 76 | PHANDLE PortHandle, 77 | PVOID PortContext, 78 | PPORT_MESSAGE ConnectionRequest, 79 | BOOLEAN AcceptConnection, 80 | PPORT_VIEW ServerView, 81 | PREMOTE_PORT_VIEW ClientView); 82 | 83 | NTSYSAPI NTSTATUS NTAPI NtListenPort( 84 | HANDLE PortHandle, 85 | PPORT_MESSAGE ConnectionRequest); 86 | 87 | NTSYSAPI NTSTATUS NTAPI NtConnectPort( 88 | PHANDLE PortHandle, 89 | PUNICODE_STRING PortName, 90 | PSECURITY_QUALITY_OF_SERVICE SecurityQos, 91 | PPORT_VIEW ClientView, 92 | PREMOTE_PORT_VIEW ServerView, 93 | PULONG MaxMessageLength, 94 | PVOID ConnectionInformation, 95 | PULONG ConnectionInformationLength); 96 | 97 | NTSYSAPI NTSTATUS NTAPI NtSecureConnectPort( 98 | PHANDLE PortHandle, 99 | PUNICODE_STRING PortName, 100 | PSECURITY_QUALITY_OF_SERVICE Qos, 101 | PPORT_VIEW ClientView OPTIONAL, 102 | PSID ServerSid OPTIONAL, 103 | PREMOTE_PORT_VIEW ServerView OPTIONAL, 104 | PULONG MaxMessageLength OPTIONAL, 105 | PVOID ConnectionInformation OPTIONAL, 106 | PULONG ConnectionInformationLength OPTIONAL); 107 | 108 | NTSYSAPI NTSTATUS NTAPI NtCompleteConnectPort( 109 | HANDLE PortHandle); 110 | 111 | NTSYSAPI NTSTATUS NTAPI NtReplyPort( 112 | HANDLE PortHandle, 113 | PPORT_MESSAGE ReplyMessage); 114 | 115 | NTSYSAPI NTSTATUS NTAPI NtReplyWaitReceivePortEx( 116 | HANDLE PortHandle, 117 | PVOID *PortContext OPTIONAL, 118 | PPORT_MESSAGE ReplyMessage OPTIONAL, 119 | PPORT_MESSAGE ReceiveMessage, 120 | DWORD ReceiveMessageLen); 121 | 122 | NTSYSAPI NTSTATUS NTAPI NtReplyWaitReplyPort( 123 | HANDLE PortHandle, 124 | PPORT_MESSAGE ReplyMessage); 125 | 126 | NTSYSAPI NTSTATUS NTAPI NtRequestPort( 127 | HANDLE PortHandle, 128 | PPORT_MESSAGE RequestMessage); 129 | 130 | NTSYSAPI NTSTATUS NTAPI NtRequestWaitReplyPortEx( 131 | HANDLE PortHandle, 132 | PPORT_MESSAGE RequestMessage, 133 | PPORT_MESSAGE ReplyMessage, 134 | DWORD ReplyMessageLength); 135 | 136 | NTSYSAPI NTSTATUS NTAPI NtClosePort( 137 | HANDLE PortHandle); 138 | 139 | NTSYSAPI NTSTATUS NTAPI NtWriteRequestData( 140 | HANDLE PortHandle, 141 | PPORT_MESSAGE Message, 142 | ULONG DataEntryIndex, 143 | PVOID Buffer, 144 | ULONG BufferSize, 145 | PULONG NumberOfBytesWritten); 146 | 147 | NTSYSAPI NTSTATUS NTAPI NtReadRequestData( 148 | HANDLE PortHandle, 149 | PPORT_MESSAGE Message, 150 | ULONG DataEntryIndex, 151 | PVOID Buffer, 152 | ULONG BufferSize, 153 | PULONG NumberOfBytesRead); 154 | 155 | NTSYSAPI NTSTATUS NTAPI NtImpersonateClientOfPort( 156 | HANDLE PortHandle, 157 | PPORT_MESSAGE Message); 158 | 159 | 160 | /****************************************************************** 161 | * Advanced LPC API 162 | *****************************************************************/ 163 | 164 | #if (NTAPI_LEVEL >= NTAPI_LEVEL_VISTA) 165 | 166 | /* 167 | * Types 168 | */ 169 | 170 | typedef struct _ALPC_PORT_ATTRIBUTES { 171 | ULONG Flags; 172 | SECURITY_QUALITY_OF_SERVICE SecurityQos; 173 | ULONG MaxMessageLength; 174 | ULONG MemoryBandwidth; 175 | ULONG MaxPoolUsage; 176 | ULONG MaxSectionSize; 177 | ULONG MaxViewSize; 178 | ULONG MaxTotalSectionSize; 179 | ULONG DupObjectTypes; 180 | } ALPC_PORT_ATTRIBUTES, *PALPC_PORT_ATTRIBUTES; 181 | 182 | /* 183 | * Functions 184 | */ 185 | 186 | NTSYSAPI NTSTATUS NTAPI NtAlpcCreatePort( 187 | PHANDLE PortObject, 188 | POBJECT_ATTRIBUTES ObjectAttributes, 189 | PALPC_PORT_ATTRIBUTES pPortInformation); 190 | 191 | #endif 192 | 193 | #endif 194 | -------------------------------------------------------------------------------- /inc/nt/mm.h: -------------------------------------------------------------------------------- 1 | #ifndef __NTAPI_MM_H_INCLUDED 2 | #define __NTAPI_MM_H_INCLUDED 3 | 4 | /****************************************************************** 5 | * Virtual Memory Manager API 6 | *****************************************************************/ 7 | 8 | /* 9 | * Types 10 | */ 11 | 12 | typedef enum _MEMORY_INFORMATION_CLASS { 13 | MemoryBasicInformation, 14 | MemoryWorkingSetInformation, 15 | MemoryMappedFilenameInformation, 16 | MemoryBasicVlmInformation 17 | } MEMORY_INFORMATION_CLASS, *PMEMORY_INFORMATION_CLASS; 18 | 19 | #if __INCLUDE_WINNT_DEFINES 20 | typedef struct _MEMORY_BASIC_INFORMATION { 21 | PVOID BaseAddress; 22 | PVOID AllocationBase; 23 | ULONG AllocationProtect; 24 | ULONG RegionSize; 25 | ULONG State; 26 | ULONG Protect; 27 | ULONG Type; 28 | } MEMORY_BASIC_INFORMATION, *PMEMORY_BASIC_INFORMATION; 29 | #endif /* __INCLUDE_WINNT_DEFINES*/ 30 | 31 | typedef struct _MEMORY_SECTION_NAME { 32 | UNICODE_STRING SectionFileName; 33 | } MEMORY_SECTION_NAME, *PMEMORY_SECTION_NAME; 34 | 35 | /* 36 | * Functions 37 | */ 38 | 39 | /* http://msdn.microsoft.com/en-us/library/windows/hardware/ff566416%28v=vs.85%29.aspx */ 40 | NTSYSAPI NTSTATUS NTAPI NtAllocateVirtualMemory( 41 | HANDLE ProcessHandle, 42 | PVOID *BaseAddress, 43 | ULONG_PTR ZeroBits, 44 | PSIZE_T RegionSize, 45 | ULONG AllocationType, 46 | ULONG Protect); 47 | 48 | NTSYSAPI NTSTATUS NTAPI NtReadVirtualMemory( 49 | HANDLE ProcessHandle, 50 | PVOID BaseAddress, 51 | PVOID Buffer, 52 | ULONG NumberOfBytesToRead, 53 | PULONG NumberOfBytesRead); 54 | 55 | NTSYSAPI NTSTATUS NTAPI NtWriteVirtualMemory( 56 | HANDLE ProcessHandle, 57 | PVOID BaseAddress, 58 | PVOID Buffer, 59 | ULONG NumberOfBytesToWrite, 60 | PULONG NumberOfBytesWritten); 61 | 62 | NTSYSAPI NTSTATUS NTAPI NtQueryVirtualMemory( 63 | HANDLE ProcessHandle, 64 | PVOID BaseAddress, 65 | MEMORY_INFORMATION_CLASS MemoryInformationClass, 66 | PVOID MemoryInformation, 67 | ULONG MemoryInformationLength, 68 | PULONG ReturnLength); 69 | 70 | NTSYSAPI NTSTATUS NTAPI NtProtectVirtualMemory( 71 | HANDLE ProcessHandle, 72 | PVOID *BaseAddress, 73 | SIZE_T *NumberOfBytesToProtect, 74 | ULONG NewAccessProtection, 75 | PULONG OldAccessProtection); 76 | 77 | NTSYSAPI NTSTATUS NTAPI NtLockVirtualMemory( 78 | HANDLE ProcessHandle, 79 | PVOID *BaseAddress, 80 | OUT PULONG NumberOfBytesToLock, 81 | ULONG LockOption); 82 | 83 | NTSYSAPI NTSTATUS NTAPI NtUnlockVirtualMemory( 84 | HANDLE ProcessHandle, 85 | PVOID *BaseAddress, 86 | OUT PULONG NumberOfBytesToUnlock, 87 | ULONG LockOption); 88 | 89 | NTSYSAPI NTSTATUS NTAPI NtFlushVirtualMemory( 90 | HANDLE ProcessHandle, 91 | PVOID *BaseAddress, 92 | PULONG NumberOfBytesToFlush, 93 | PIO_STATUS_BLOCK IoStatusBlock); 94 | 95 | /* http://msdn.microsoft.com/en-us/library/windows/hardware/ff566460%28v=vs.85%29.aspx */ 96 | NTSYSAPI NTSTATUS NTAPI NtFreeVirtualMemory( 97 | HANDLE ProcessHandle, 98 | PVOID *BaseAddress, 99 | PSIZE_T RegionSize, 100 | ULONG FreeType); 101 | 102 | NTSYSAPI NTSTATUS NTAPI NtAllocateUserPhysicalPages( 103 | HANDLE ProcessHandle, 104 | PULONG_PTR NumberOfPages, 105 | PULONG_PTR UserPfnArray); 106 | 107 | NTSYSAPI NTSTATUS NTAPI NtMapUserPhysicalPages( 108 | PVOID VirtualAddresses, 109 | ULONG_PTR NumberOfPages, 110 | PULONG_PTR UserPfnArray); 111 | 112 | NTSYSAPI NTSTATUS NTAPI NtMapUserPhysicalPagesScatter( 113 | PVOID *VirtualAddresses, 114 | ULONG_PTR NumberOfPages, 115 | PULONG_PTR UserPfnArray); 116 | 117 | NTSYSAPI NTSTATUS NTAPI NtFreeUserPhysicalPages( 118 | HANDLE ProcessHandle, 119 | PULONG_PTR NumberOfPages, 120 | PULONG_PTR UserPfnArray); 121 | 122 | NTSYSAPI NTSTATUS NTAPI NtGetWriteWatch( 123 | HANDLE ProcessHandle, 124 | ULONG Flags, 125 | PVOID BaseAddress, 126 | SIZE_T RegionSize, 127 | PVOID *UserAddressArray, 128 | PULONG_PTR EntriesInUserAddressArray, 129 | PULONG Granularity); 130 | 131 | NTSYSAPI NTSTATUS NTAPI NtResetWriteWatch( 132 | HANDLE ProcessHandle, 133 | PVOID BaseAddress, 134 | SIZE_T RegionSize); 135 | 136 | 137 | /****************************************************************** 138 | * Section API 139 | *****************************************************************/ 140 | 141 | /* 142 | * Types 143 | */ 144 | 145 | typedef enum _SECTION_INHERIT { 146 | ViewShare = 1, 147 | ViewUnmap = 2, 148 | } SECTION_INHERIT, *PSECTION_INHERIT; 149 | 150 | typedef enum _SECTION_INFORMATION_CLASS { 151 | SectionBasicInformation = 0x0, 152 | SectionImageInformation = 0x1, 153 | MaxSectionInfoClass = 0x2, 154 | } SECTION_INFORMATION_CLASS, *PSECTION_INFORMATION_CLASS; 155 | 156 | /* SectionBasicInformation */ 157 | 158 | typedef struct _SECTION_BASIC_INFORMATION { 159 | PVOID BaseAddress; 160 | ULONG AllocationAttributes; 161 | LARGE_INTEGER MaximumSize; 162 | } SECTION_BASIC_INFORMATION, *PSECTION_BASIC_INFORMATION; 163 | 164 | /* SectionImageInformation */ 165 | 166 | typedef struct _SECTION_IMAGE_INFORMATION { 167 | PVOID TransferAddress; 168 | ULONG ZeroBits; 169 | ULONG_PTR MaximumStackSize; 170 | ULONG_PTR CommittedStackSize; 171 | ULONG SubSystemType; 172 | union { 173 | struct { 174 | USHORT SubSystemMinorVersion; 175 | USHORT SubSystemMajorVersion; 176 | }; 177 | ULONG SubSystemVersion; 178 | }; 179 | ULONG GpValue; 180 | USHORT ImageCharacteristics; 181 | USHORT DllCharacteristics; 182 | USHORT Machine; 183 | BOOLEAN ImageContainsCode; 184 | BOOLEAN Spare1; 185 | ULONG LoaderFlags; 186 | ULONG ImageFileSize; 187 | ULONG Reserved[1]; 188 | } SECTION_IMAGE_INFORMATION, *PSECTION_IMAGE_INFORMATION; 189 | 190 | /* 191 | * Functions 192 | */ 193 | 194 | NTSYSAPI NTSTATUS NTAPI NtCreateSection( 195 | PHANDLE SectionHandle, 196 | ACCESS_MASK DesiredAccess, 197 | POBJECT_ATTRIBUTES ObjectAttributes, 198 | PLARGE_INTEGER MaximumSize, 199 | ULONG SectionPageProtection, 200 | ULONG AllocationAttributes, 201 | HANDLE FileHandle); 202 | 203 | NTSYSAPI NTSTATUS NTAPI NtOpenSection( 204 | PHANDLE SectionHandle, 205 | ACCESS_MASK DesiredAccess, 206 | POBJECT_ATTRIBUTES ObjectAttributes); 207 | 208 | NTSYSAPI NTSTATUS NTAPI NtExtendSection( 209 | HANDLE SectionHandle, 210 | PLARGE_INTEGER NewSectionSize); 211 | 212 | NTSYSAPI NTSTATUS NTAPI NtMapViewOfSection( 213 | HANDLE SectionHandle, 214 | HANDLE ProcessHandle, 215 | PVOID *BaseAddress, 216 | ULONG_PTR ZeroBits, 217 | SIZE_T CommitSize, 218 | PLARGE_INTEGER SectionOffset, 219 | PSIZE_T ViewSize, 220 | SECTION_INHERIT InheritDisposition, 221 | ULONG AllocationType, 222 | ULONG Win32Protect); 223 | 224 | NTSYSAPI NTSTATUS NTAPI NtUnmapViewOfSection( 225 | HANDLE ProcessHandle, 226 | PVOID BaseAddress); 227 | 228 | NTSYSAPI NTSTATUS NTAPI NtQuerySection( 229 | HANDLE SectionHandle, 230 | SECTION_INFORMATION_CLASS InformationClass, 231 | PVOID InformationBuffer, 232 | ULONG InformationBufferSize, 233 | PULONG ResultLength OPTIONAL); 234 | 235 | NTSYSAPI NTSTATUS NTAPI NtAreMappedFilesTheSame( 236 | PVOID File1MappedAsAnImage, 237 | PVOID File2MappedAsFile); 238 | 239 | #endif 240 | -------------------------------------------------------------------------------- /inc/nt/ob.h: -------------------------------------------------------------------------------- 1 | #ifndef __NTAPI_OB_H_INCLUDED 2 | #define __NTAPI_OB_H_INCLUDED 3 | 4 | /****************************************************************** 5 | * General object API 6 | *****************************************************************/ 7 | 8 | /* 9 | * Types 10 | */ 11 | 12 | typedef enum _OBJECT_INFORMATION_CLASS { // Q/S 13 | ObjectBasicInformation = 0, // Y/N 14 | ObjectNameInformation = 1, // Y/N 15 | ObjectTypeInformation = 2, // Y/N 16 | ObjectTypesInformation = 3, // Y/N 17 | ObjectHandleFlagInformation = 4, // Y/Y 18 | #if (NTAPI_LEVEL >= NTAPI_LEVEL_WINXP) 19 | ObjectSessionInformation = 5, // N/Y 20 | #endif 21 | } OBJECT_INFORMATION_CLASS; 22 | 23 | /* ObjectBasicInformation */ 24 | 25 | typedef struct _OBJECT_BASIC_INFORMATION { 26 | ULONG Attributes; 27 | ACCESS_MASK GrantedAccess; 28 | ULONG HandleCount; 29 | ULONG PointerCount; 30 | ULONG PagedPoolCharge; 31 | ULONG NonPagedPoolCharge; 32 | ULONG Reserved[3]; 33 | ULONG NameInfoSize; 34 | ULONG TypeInfoSize; 35 | ULONG SecurityDescriptorSize; 36 | LARGE_INTEGER CreationTime; 37 | } OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION; 38 | 39 | /* ObjectNameInformation */ 40 | 41 | typedef struct _OBJECT_NAME_INFORMATION { 42 | UNICODE_STRING Name; 43 | /* Name buffer follows */ 44 | } OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION; 45 | 46 | /* ObjectTypeInformation */ 47 | 48 | typedef struct _OBJECT_TYPE_INFORMATION { 49 | UNICODE_STRING TypeName; 50 | ULONG TotalNumberOfObjects; 51 | ULONG TotalNumberOfHandles; 52 | ULONG TotalPagedPoolUsage; 53 | ULONG TotalNonPagedPoolUsage; 54 | ULONG TotalNamePoolUsage; 55 | ULONG TotalHandleTableUsage; 56 | ULONG HighWaterNumberOfObjects; 57 | ULONG HighWaterNumberOfHandles; 58 | ULONG HighWaterPagedPoolUsage; 59 | ULONG HighWaterNonPagedPoolUsage; 60 | ULONG HighWaterNamePoolUsage; 61 | ULONG HighWaterHandleTableUsage; 62 | ULONG InvalidAttributes; 63 | GENERIC_MAPPING GenericMapping; 64 | ULONG ValidAccessMask; 65 | BOOLEAN SecurityRequired; 66 | BOOLEAN MaintainHandleCount; 67 | ULONG PoolType; 68 | ULONG DefaultPagedPoolCharge; 69 | ULONG DefaultNonPagedPoolCharge; 70 | } OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION; 71 | 72 | /* ObjectTypesInformation */ 73 | 74 | typedef struct _OBJECT_TYPES_INFORMATION { 75 | ULONG NumberOfTypes; 76 | /* Not in original definition, added for convenience */ 77 | OBJECT_TYPE_INFORMATION Types[1]; 78 | } OBJECT_TYPES_INFORMATION, *POBJECT_TYPES_INFORMATION; 79 | 80 | /* ObjectHandleFlagInformation */ 81 | 82 | typedef struct _OBJECT_HANDLE_FLAG_INFORMATION { 83 | BOOLEAN Inherit; 84 | BOOLEAN ProtectFromClose; 85 | } OBJECT_HANDLE_FLAG_INFORMATION, *POBJECT_HANDLE_FLAG_INFORMATION; 86 | 87 | typedef enum _OBJECT_WAIT_TYPE { 88 | WaitAllObject, 89 | WaitAnyObject, 90 | } OBJECT_WAIT_TYPE, *POBJECT_WAIT_TYPE; 91 | 92 | /* 93 | * Functions 94 | */ 95 | 96 | NTSYSAPI NTSTATUS NTAPI NtDuplicateObject( 97 | HANDLE SourceProcessHandle, 98 | PHANDLE SourceHandle, 99 | HANDLE TargetProcessHandle, 100 | PHANDLE TargetHandle, 101 | ACCESS_MASK DesiredAccess, 102 | BOOLEAN InheritHandle, 103 | ULONG Options); 104 | 105 | NTSYSAPI NTSTATUS NTAPI NtQueryObject( 106 | HANDLE ObjectHandle, 107 | OBJECT_INFORMATION_CLASS ObjectInformationClass, 108 | PVOID ObjectInformation, 109 | ULONG ObjectInformationLength, 110 | PULONG ReturnLength); 111 | 112 | NTSYSAPI NTSTATUS NTAPI NtSetInformationObject( 113 | HANDLE ObjectHandle, 114 | OBJECT_INFORMATION_CLASS ObjectInformationClass, 115 | PVOID ObjectInformation, 116 | ULONG ObjectInformationLength); 117 | 118 | NTSYSAPI NTSTATUS NTAPI NtWaitForSingleObject( 119 | HANDLE ObjectHandle, 120 | BOOLEAN Alertable, 121 | PLARGE_INTEGER TimeOut OPTIONAL); 122 | 123 | NTSYSAPI NTSTATUS NTAPI NtWaitForMultipleObjects( 124 | ULONG ObjectCount, 125 | PHANDLE ObjectsArray, 126 | OBJECT_WAIT_TYPE WaitType, 127 | BOOLEAN Alertable, 128 | PLARGE_INTEGER TimeOut OPTIONAL); 129 | 130 | NTSYSAPI NTSTATUS NTAPI NtSignalAndWaitForSingleObject( 131 | HANDLE ObjectToSignal, 132 | HANDLE WaitableObject, 133 | BOOLEAN Alertable, 134 | PLARGE_INTEGER Time OPTIONAL); 135 | 136 | NTSYSAPI NTSTATUS NTAPI NtMakePermanentObject( 137 | HANDLE ObjectHandle); 138 | 139 | NTSYSAPI NTSTATUS NTAPI NtMakeTemporaryObject( 140 | HANDLE ObjectHandle); 141 | 142 | NTSYSAPI NTSTATUS NTAPI NtQuerySecurityObject( 143 | HANDLE ObjectHandle, 144 | SECURITY_INFORMATION SecurityInformationClass, 145 | PSECURITY_DESCRIPTOR DescriptorBuffer, 146 | ULONG DescriptorBufferLength, 147 | PULONG RequiredLength); 148 | 149 | NTSYSAPI NTSTATUS NTAPI NtSetSecurityObject( 150 | HANDLE ObjectHandle, 151 | SECURITY_INFORMATION SecurityInformationClass, 152 | PSECURITY_DESCRIPTOR DescriptorBuffer); 153 | 154 | NTSYSAPI NTSTATUS NTAPI NtClose( 155 | HANDLE ObjectHandle); 156 | 157 | /****************************************************************** 158 | * Directory API 159 | *****************************************************************/ 160 | 161 | /* 162 | * Types 163 | */ 164 | 165 | typedef struct _OBJECT_DIRECTORY_INFORMATION { 166 | UNICODE_STRING Name; 167 | UNICODE_STRING TypeName; 168 | } OBJECT_DIRECTORY_INFORMATION, *POBJECT_DIRECTORY_INFORMATION; 169 | 170 | /* 171 | * Functions 172 | */ 173 | 174 | NTSYSAPI NTSTATUS NTAPI NtCreateDirectoryObject( 175 | PHANDLE DirectoryHandle, 176 | ACCESS_MASK DesiredAccess, 177 | POBJECT_ATTRIBUTES ObjectAttributes); 178 | 179 | #if (NTAPI_LEVEL >= NTAPI_LEVEL_WIN8) 180 | NTSYSAPI NTSTATUS NTAPI NtCreateDirectoryObjectEx( 181 | PHANDLE DirectoryHandle, 182 | ACCESS_MASK DesiredAccess, 183 | POBJECT_ATTRIBUTES ObjectAttributes, 184 | HANDLE ShadowDirectoryHandle, 185 | ULONG Flags); 186 | #endif 187 | 188 | NTSYSAPI NTSTATUS NTAPI NtOpenDirectoryObject( 189 | PHANDLE DirectoryHandle, 190 | ACCESS_MASK DesiredAccess, 191 | POBJECT_ATTRIBUTES ObjectAttributes); 192 | 193 | NTSYSAPI NTSTATUS NTAPI NtQueryDirectoryObject( 194 | HANDLE DirectoryHandle, 195 | PVOID Buffer OPTIONAL, 196 | ULONG Length, 197 | BOOLEAN ReturnSingleEntry, 198 | BOOLEAN RestartScan, 199 | PULONG Context, 200 | PULONG ReturnLength OPTIONAL); 201 | 202 | 203 | /****************************************************************** 204 | * Symbolic link API 205 | *****************************************************************/ 206 | 207 | /* 208 | * Functions 209 | */ 210 | 211 | NTSYSAPI NTSTATUS NTAPI NtCreateSymbolicLinkObject( 212 | PHANDLE LinkHandle, 213 | ACCESS_MASK DesiredAccess, 214 | POBJECT_ATTRIBUTES ObjectAttributes, 215 | PUNICODE_STRING LinkTarget); 216 | 217 | NTSYSAPI NTSTATUS NTAPI NtOpenSymbolicLinkObject( 218 | PHANDLE LinkHandle, 219 | ACCESS_MASK DesiredAccess, 220 | POBJECT_ATTRIBUTES ObjectAttributes); 221 | 222 | NTSYSAPI NTSTATUS NTAPI NtQuerySymbolicLinkObject( 223 | HANDLE LinkHandle, 224 | PUNICODE_STRING LinkTarget, 225 | PULONG ReturnedLength OPTIONAL); 226 | 227 | 228 | /****************************************************************** 229 | * Namespace API 230 | *****************************************************************/ 231 | 232 | #if (NTAPI_LEVEL >= NTAPI_LEVEL_VISTA) 233 | 234 | /* 235 | * Functions 236 | */ 237 | 238 | NTSYSAPI NTSTATUS NTAPI NtCreatePrivateNamespace( 239 | PHANDLE NamespaceHandle, 240 | ACCESS_MASK DesiredAccess, 241 | POBJECT_ATTRIBUTES ObjectAttributes, 242 | PVOID BoundaryDescriptor); 243 | 244 | NTSYSAPI NTSTATUS NTAPI NtOpenPrivateNamespace( 245 | PHANDLE NamespaceHandle, 246 | ACCESS_MASK DesiredAccess, 247 | POBJECT_ATTRIBUTES ObjectAttributes, 248 | PVOID BoundaryDescriptor); 249 | 250 | NTSYSAPI NTSTATUS NTAPI NtDeletePrivateNamespace( 251 | HANDLE NamespaceHandle); 252 | 253 | #endif 254 | 255 | #endif 256 | -------------------------------------------------------------------------------- /inc/nt/ps.h: -------------------------------------------------------------------------------- 1 | #ifndef __NTAPI_PS_H_INCLUDED 2 | #define __NTAPI_PS_H_INCLUDED 3 | 4 | /****************************************************************** 5 | * Process API 6 | *****************************************************************/ 7 | 8 | /* 9 | * Types 10 | */ 11 | 12 | typedef struct _PEB PEB, *PPEB; 13 | 14 | typedef enum _PROCESS_INFORMATION_CLASS { 15 | /* Q: PROCESS_BASIC_INFORMATION */ 16 | ProcessBasicInformation = 0x0, 17 | ProcessQuotaLimits = 0x1, 18 | ProcessIoCounters = 0x2, 19 | ProcessVmCounters = 0x3, 20 | ProcessTimes = 0x4, 21 | ProcessBasePriority = 0x5, 22 | ProcessRaisePriority = 0x6, 23 | /* Q: HANDLE */ 24 | ProcessDebugPort = 0x7, 25 | ProcessExceptionPort = 0x8, 26 | /* S: PROCESS_ACCESS_TOKEN */ 27 | ProcessAccessToken = 0x9, 28 | ProcessLdtInformation = 0xA, 29 | ProcessLdtSize = 0xB, 30 | ProcessDefaultHardErrorMode = 0xC, 31 | ProcessIoPortHandlers = 0xD, 32 | ProcessPooledUsageAndLimits = 0xE, 33 | ProcessWorkingSetWatch = 0xF, 34 | ProcessUserModeIOPL = 0x10, 35 | ProcessEnableAlignmentFaultFixup = 0x11, 36 | ProcessPriorityClass = 0x12, 37 | ProcessWx86Information = 0x13, 38 | ProcessHandleCount = 0x14, 39 | ProcessAffinityMask = 0x15, 40 | ProcessPriorityBoost = 0x16, 41 | ProcessDeviceMap = 0x17, 42 | ProcessSessionInformation = 0x18, 43 | ProcessForegroundInformation = 0x19, 44 | /* Q: ULONG_PTR */ 45 | ProcessWow64Information = 0x1A, 46 | ProcessImageFileName = 0x1B, 47 | ProcessLUIDDeviceMapsEnabled = 0x1C, 48 | ProcessBreakOnTermination = 0x1D, 49 | ProcessDebugObjectHandle = 0x1E, 50 | ProcessDebugFlags = 0x1F, 51 | ProcessHandleTracing = 0x20, 52 | MaxProcessInfoClass_NT500 = 0x21, 53 | 54 | ProcessIoPriority = 0x21, 55 | ProcessExecuteFlags = 0x22, 56 | ProcessTlsInformation = 0x23, 57 | ProcessCookie = 0x24, 58 | ProcessImageInformation = 0x25, 59 | MaxProcessInfoClass_NT520 = 0x26, 60 | 61 | ProcessCycleTime = 0x26, 62 | ProcessPagePriority = 0x27, 63 | ProcessInstrumentationCallback = 0x28, 64 | ProcessThreadStackAllocation = 0x29, 65 | ProcessWorkingSetWatchEx = 0x2A, 66 | ProcessImageFileNameWin32 = 0x2B, 67 | ProcessImageFileMapping = 0x2C, 68 | ProcessAffinityUpdateMode = 0x2D, 69 | ProcessMemoryAllocationMode = 0x2E, 70 | ProcessGroupInformation = 0x2F, 71 | ProcessTokenVirtualizationEnabled = 0x30, 72 | ProcessConsoleHostProcess = 0x31, 73 | ProcessWindowInformation = 0x32, 74 | MaxProcessInfoClass_NT610 = 0x33, 75 | 76 | ProcessHandleInformation = 0x33, 77 | ProcessMitigationPolicy = 0x34, 78 | ProcessDynamicFunctionTableInformation = 0x35, 79 | ProcessHandleCheckingMode = 0x36, 80 | ProcessKeepAliveCount = 0x37, 81 | ProcessRevokeFileHandles = 0x38, 82 | ProcessWorkingSetControl = 0x39, 83 | MaxProcessInfoClass_NT620 = 0x3A, 84 | } PROCESS_INFORMATION_CLASS, *PPROCESS_INFORMATION_CLASS; 85 | 86 | /* ProcessBasicInformation */ 87 | 88 | typedef struct _PROCESS_BASIC_INFORMATION { 89 | NTSTATUS ExitStatus; 90 | PVOID PebBaseAddress; 91 | KAFFINITY AffinityMask; 92 | KPRIORITY BasePriority; 93 | ULONG_PTR UniqueProcessId; 94 | ULONG_PTR InheritedFromUniqueProcessId; 95 | } PROCESS_BASIC_INFORMATION,*PPROCESS_BASIC_INFORMATION; 96 | 97 | /* ProcessAccessToken */ 98 | 99 | typedef struct _PROCESS_ACCESS_TOKEN { 100 | HANDLE Token; 101 | HANDLE Thread; 102 | } PROCESS_ACCESS_TOKEN, *PPROCESS_ACCESS_TOKEN; 103 | 104 | /* ProcessDeviceMap */ 105 | 106 | typedef struct _PROCESS_DEVICEMAP_INFORMATION { 107 | union { 108 | struct { 109 | PVOID DirectoryHandle; 110 | } Set; 111 | struct { 112 | ULONG DriveMap; 113 | CHAR DriveType[32]; 114 | } Query; 115 | }; 116 | } PROCESS_DEVICEMAP_INFORMATION, *PPROCESS_DEVICEMAP_INFORMATION; 117 | 118 | typedef struct _PROCESS_DEVICEMAP_INFORMATION_EX { 119 | union { 120 | struct { 121 | PVOID DirectoryHandle; 122 | } Set; 123 | struct { 124 | ULONG DriveMap; 125 | CHAR DriveType[32]; 126 | } Query; 127 | }; 128 | ULONG Flags; 129 | } PROCESS_DEVICEMAP_INFORMATION_EX, *PPROCESS_DEVICEMAP_INFORMATION_EX; 130 | 131 | #if (NTAPI_LEVEL >= NTAPI_LEVEL_VISTA) 132 | 133 | typedef enum _PS_CREATE_STATE { 134 | PsCreateInitialState, 135 | PsCreateFailOnFileOpen, 136 | PsCreateFailOnSectionCreate, 137 | PsCreateFailExeFormat, 138 | PsCreateFailMachineMismatch, 139 | PsCreateFailExeName, // Debugger specified 140 | PsCreateSuccess, 141 | PsCreateMaximumStates 142 | } PS_CREATE_STATE; 143 | 144 | typedef struct _PS_CREATE_INFO { 145 | SIZE_T Size; 146 | PS_CREATE_STATE State; 147 | union 148 | { 149 | // PsCreateInitialState 150 | struct { 151 | union { 152 | ULONG InitFlags; 153 | struct { 154 | UCHAR WriteOutputOnExit : 1; 155 | UCHAR DetectManifest : 1; 156 | UCHAR IFEOSkipDebugger : 1; 157 | UCHAR IFEODoNotPropagateKeyState : 1; 158 | UCHAR SpareBits1 : 4; 159 | UCHAR SpareBits2 : 8; 160 | USHORT ProhibitedImageCharacteristics : 16; 161 | }; 162 | }; 163 | ACCESS_MASK AdditionalFileAccess; 164 | } InitState; 165 | 166 | // PsCreateFailOnSectionCreate 167 | struct { 168 | HANDLE FileHandle; 169 | } FailSection; 170 | 171 | // PsCreateFailExeFormat 172 | struct { 173 | USHORT DllCharacteristics; 174 | } ExeFormat; 175 | 176 | // PsCreateFailExeName 177 | struct { 178 | HANDLE IFEOKey; 179 | } ExeName; 180 | 181 | // PsCreateSuccess 182 | struct { 183 | union { 184 | ULONG OutputFlags; 185 | struct { 186 | UCHAR ProtectedProcess : 1; 187 | UCHAR AddressSpaceOverride : 1; 188 | UCHAR DevOverrideEnabled : 1; // from Image File Execution Options 189 | UCHAR ManifestDetected : 1; 190 | UCHAR ProtectedProcessLight : 1; 191 | UCHAR SpareBits1 : 3; 192 | UCHAR SpareBits2 : 8; 193 | USHORT SpareBits3 : 16; 194 | }; 195 | }; 196 | HANDLE FileHandle; 197 | HANDLE SectionHandle; 198 | ULONGLONG UserProcessParametersNative; 199 | ULONG UserProcessParametersWow64; 200 | ULONG CurrentParameterFlags; 201 | ULONGLONG PebAddressNative; 202 | ULONG PebAddressWow64; 203 | ULONGLONG ManifestAddress; 204 | ULONG ManifestSize; 205 | } SuccessState; 206 | }; 207 | } PS_CREATE_INFO, *PPS_CREATE_INFO; 208 | 209 | typedef struct _PS_ATTRIBUTE { 210 | ULONG Attribute; 211 | SIZE_T Size; 212 | union { 213 | ULONG Value; 214 | PVOID ValuePtr; 215 | }; 216 | PSIZE_T ReturnLength; 217 | } PS_ATTRIBUTE, *PPS_ATTRIBUTE; 218 | 219 | typedef struct _PS_ATTRIBUTE_LIST { 220 | SIZE_T TotalLength; 221 | PS_ATTRIBUTE Attributes[1]; 222 | } PS_ATTRIBUTE_LIST, *PPS_ATTRIBUTE_LIST; 223 | 224 | #endif 225 | 226 | /* 227 | * Functions 228 | */ 229 | 230 | #define NtCurrentProcess() ((HANDLE)-1) 231 | 232 | NTSYSAPI NTSTATUS NTAPI NtCreateProcess( 233 | PHANDLE ProcessHandle, 234 | ACCESS_MASK DesiredAccess, 235 | POBJECT_ATTRIBUTES ObjectAttributes, 236 | HANDLE ParentProcess, 237 | BOOLEAN InheritObjectTable, 238 | HANDLE SectionHandle OPTIONAL, 239 | HANDLE DebugPort OPTIONAL, 240 | HANDLE ExceptionPort OPTIONAL); 241 | 242 | #if (NTAPI_LEVEL >= NTAPI_LEVEL_WINXP) 243 | NTSYSAPI NTSTATUS NTAPI NtCreateProcessEx( 244 | PHANDLE ProcessHandle, 245 | ACCESS_MASK DesiredAccess, 246 | POBJECT_ATTRIBUTES ObjectAttributes, 247 | HANDLE InheritFromProcessHandle, 248 | BOOLEAN InheritHandles, 249 | HANDLE SectionHandle OPTIONAL, 250 | HANDLE DebugPort OPTIONAL, 251 | HANDLE ExceptionPort OPTIONAL, 252 | BOOLEAN InJob); 253 | 254 | #if (NTAPI_LEVEL >= NTAPI_LEVEL_VISTA) 255 | NTSYSAPI NTSTATUS NTAPI NtCreateUserProcess( 256 | PHANDLE ProcessHandle, 257 | PHANDLE ThreadHandle, 258 | ACCESS_MASK ProcessDesiredAccess, 259 | ACCESS_MASK ThreadDesiredAccess, 260 | POBJECT_ATTRIBUTES ProcessObjectAttributes OPTIONAL, 261 | POBJECT_ATTRIBUTES ThreadObjectAttributes OPTIONAL, 262 | ULONG ProcessFlags, 263 | ULONG ThreadFlags, 264 | PVOID ProcessParameters OPTIONAL, 265 | PPS_CREATE_INFO CreateInfo, 266 | PPS_ATTRIBUTE_LIST AttributeList OPTIONAL); 267 | #endif 268 | 269 | NTSYSAPI NTSTATUS NTAPI NtOpenProcess( 270 | PHANDLE ProcessHandle, 271 | ACCESS_MASK DesiredAccess, 272 | POBJECT_ATTRIBUTES ObjectAttributes, 273 | PCLIENT_ID ClientId OPTIONAL); 274 | 275 | NTSYSAPI NTSTATUS NTAPI NtSuspendProcess( 276 | HANDLE ProcessHandle); 277 | 278 | NTSYSAPI NTSTATUS NTAPI NtResumeProcess( 279 | HANDLE ProcessHandle); 280 | 281 | NTSYSAPI NTSTATUS NTAPI NtIsProcessInJob( 282 | HANDLE ProcessHandle, 283 | HANDLE JobHandle); 284 | #endif 285 | 286 | NTSYSAPI NTSTATUS NTAPI NtQueryInformationProcess( 287 | HANDLE ProcessHandle, 288 | PROCESS_INFORMATION_CLASS ProcessInformationClass, 289 | PVOID ProcessInformation, 290 | ULONG ProcessInformationLength, 291 | PULONG ReturnLength); 292 | 293 | NTSYSAPI NTSTATUS NTAPI NtSetInformationProcess( 294 | HANDLE ProcessHandle, 295 | PROCESS_INFORMATION_CLASS ProcessInformationClass, 296 | PVOID ProcessInformation, 297 | ULONG ProcessInformationLength); 298 | 299 | NTSYSAPI NTSTATUS NTAPI NtTerminateProcess( 300 | HANDLE ProcessHandle, 301 | NTSTATUS ExitStatus); 302 | 303 | 304 | /****************************************************************** 305 | * Thread API 306 | *****************************************************************/ 307 | 308 | /* 309 | * Types 310 | */ 311 | 312 | typedef struct _TEB TEB, *PTEB; 313 | 314 | typedef struct _USER_STACK { 315 | PVOID FixedStackBase; 316 | PVOID FixedStackLimit; 317 | PVOID ExpandableStackBase; 318 | PVOID ExpandableStackLimit; 319 | PVOID ExpandableStackBottom; 320 | } USER_STACK, *PUSER_STACK; 321 | 322 | /* Current: 6.1 */ 323 | typedef enum _THREAD_INFORMATION_CLASS { // Q/S 324 | ThreadBasicInformation = 0x0, // Y/N 325 | ThreadTimes = 0x1, // Y/N 326 | ThreadPriority = 0x2, // N/Y 327 | ThreadBasePriority = 0x3, // N/Y 328 | ThreadAffinityMask = 0x4, // N/Y 329 | ThreadImpersonationToken = 0x5, // N/Y 330 | ThreadDescriptorTableEntry = 0x6, // Y/N 331 | ThreadEnableAlignmentFaultFixup = 0x7, // N/Y 332 | ThreadEventPair_Reusable = 0x8, // N/Y 333 | ThreadQuerySetWin32StartAddress = 0x9, // Y/Y 334 | ThreadZeroTlsCell = 0xA, // N/Y 335 | ThreadPerformanceCount = 0xB, // Y/N 336 | ThreadAmILastThread = 0xC, // Y/N 337 | ThreadIdealProcessor = 0xD, // N/Y 338 | ThreadPriorityBoost = 0xE, // Y/Y 339 | ThreadSetTlsArrayAddress = 0xF, // N/Y 340 | ThreadIsIoPending = 0x10, // Y/N 341 | ThreadHideFromDebugger = 0x11, // N/Y 342 | ThreadBreakOnTermination = 0x12, 343 | #if (NTAPI_LEVEL >= NTAPI_LEVEL_WINXP) 344 | ThreadSwitchLegacyState = 0x13, 345 | #endif 346 | #if (NTAPI_LEVEL >= NTAPI_LEVEL_VISTA) 347 | ThreadIsTerminated = 0x14, 348 | ThreadLastSystemCall = 0x15, 349 | ThreadIoPriority = 0x16, 350 | ThreadCycleTime = 0x17, 351 | ThreadPagePriority = 0x18, 352 | ThreadActualBasePriority = 0x19, 353 | ThreadTebInformation = 0x1A, 354 | ThreadCSwitchMon = 0x1B, 355 | ThreadCSwitchPmu = 0x1C, 356 | ThreadWow64Context = 0x1D, 357 | ThreadGroupInformation = 0x1E, 358 | ThreadUmsInformation = 0x1F, 359 | ThreadCounterProfiling = 0x20, 360 | ThreadIdealProcessorEx = 0x21, 361 | #endif 362 | #if (NTAPI_LEVEL >= NTAPI_LEVEL_WIN7) 363 | ThreadCpuAccountingInformation = 0x22, 364 | #endif 365 | } THREAD_INFORMATION_CLASS, *PTHREAD_INFORMATION_CLASS; 366 | 367 | /* ThreadBasicInformation */ 368 | 369 | typedef struct _THREAD_BASIC_INFORMATION { 370 | NTSTATUS ExitStatus; 371 | PVOID TebBaseAddress; 372 | CLIENT_ID ClientId; 373 | KAFFINITY AffinityMask; 374 | KPRIORITY Priority; 375 | KPRIORITY BasePriority; 376 | } THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION; 377 | 378 | /* 379 | * Functions 380 | */ 381 | 382 | #define NtCurrentThread() ((HANDLE)-2) 383 | 384 | #if __INCLUDE_WINNT_DEFINES 385 | NTSYSAPI PTEB NTAPI NtCurrentTeb(void); 386 | #endif 387 | 388 | NTSYSAPI NTSTATUS NTAPI NtCreateThread( 389 | PHANDLE ThreadHandle, 390 | ACCESS_MASK DesiredAccess, 391 | POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, 392 | HANDLE ProcessHandle, 393 | PCLIENT_ID ClientId, 394 | PCONTEXT ThreadContext, 395 | PUSER_STACK UserStack, 396 | BOOLEAN CreateSuspended); 397 | 398 | #if (NTAPI_LEVEL >= NTAPI_LEVEL_VISTA) 399 | NTSYSAPI NTSTATUS NTAPI NtCreateThreadEx( 400 | PHANDLE ThreadHandle, 401 | ACCESS_MASK DesiredAccess, 402 | POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, 403 | HANDLE ProcessHandle, 404 | PVOID StartRoutine, 405 | PVOID Argument OPTIONAL, 406 | ULONG CreateFlags, 407 | SIZE_T ZeroBits, 408 | SIZE_T StackSize, 409 | SIZE_T MaximumStackSize, 410 | PPS_ATTRIBUTE_LIST AttributeList OPTIONAL); 411 | #endif 412 | 413 | NTSYSAPI NTSTATUS NTAPI NtOpenThread( 414 | PHANDLE ThreadHandle, 415 | ACCESS_MASK DesiredAccess, 416 | POBJECT_ATTRIBUTES ObjectAttributes, 417 | PCLIENT_ID ClientId OPTIONAL); 418 | 419 | NTSYSAPI NTSTATUS NTAPI NtQueryInformationThread( 420 | HANDLE ThreadHandle, 421 | THREAD_INFORMATION_CLASS ThreadInformationClass, 422 | PVOID ThreadInformation, 423 | ULONG ThreadInformationLength, 424 | PULONG ReturnLength); 425 | 426 | NTSYSAPI NTSTATUS NTAPI NtSetInformationThread( 427 | HANDLE ThreadHandle, 428 | THREAD_INFORMATION_CLASS ThreadInformationClass, 429 | PVOID ThreadInformation, 430 | ULONG ThreadInformationLength); 431 | 432 | NTSYSAPI NTSTATUS NTAPI NtGetContextThread( 433 | HANDLE ThreadHandle, 434 | PCONTEXT ThreadContext); 435 | 436 | NTSYSAPI NTSTATUS NTAPI NtSetContextThread( 437 | HANDLE ThreadHandle, 438 | PCONTEXT ThreadContext); 439 | 440 | NTSYSAPI NTSTATUS NTAPI NtRaiseException( 441 | PEXCEPTION_RECORD ExceptionRecord, 442 | PCONTEXT ThreadContext, 443 | BOOLEAN HandleException); 444 | 445 | NTSYSAPI NTSTATUS NTAPI NtContinue( 446 | PCONTEXT ThreadContext, 447 | BOOLEAN RaiseAlert); 448 | 449 | NTSYSAPI NTSTATUS NTAPI NtCallbackReturn( 450 | PVOID Result OPTIONAL, 451 | ULONG ResultLength, 452 | NTSTATUS Status); 453 | 454 | #if 0 455 | NTSYSAPI NTSTATUS NTAPI NtSetLdtEntries( 456 | ULONG Selector1, 457 | LDT_ENTRY LdtEntry1, 458 | ULONG Selector2, 459 | LDT_ENTRY LdtEntry2); 460 | #endif 461 | 462 | NTSYSAPI NTSTATUS NTAPI NtSuspendThread( 463 | HANDLE ThreadHandle, 464 | PULONG PreviousSuspendCount); 465 | 466 | NTSYSAPI NTSTATUS NTAPI NtResumeThread( 467 | HANDLE ThreadHandle, 468 | PULONG SuspendCount); 469 | 470 | NTSYSAPI NTSTATUS NTAPI NtTerminateThread( 471 | HANDLE ThreadHandle, 472 | NTSTATUS ExitStatus); 473 | 474 | NTSYSAPI NTSTATUS NTAPI NtImpersonateThread( 475 | HANDLE ThreadHandle, 476 | HANDLE ThreadToImpersonate, 477 | PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService); 478 | 479 | NTSYSAPI NTSTATUS NTAPI NtImpersonateAnonymousToken( 480 | HANDLE ThreadHandle); 481 | 482 | NTSYSAPI NTSTATUS NTAPI NtRegisterThreadTerminatePort( 483 | HANDLE PortHandle); 484 | 485 | /* 486 | This function alerts the target thread using the previous mode 487 | as the mode of the alert. 488 | */ 489 | NTSYSAPI NTSTATUS NTAPI NtAlertThread( 490 | HANDLE ThreadHandle); 491 | 492 | NTSYSAPI NTSTATUS NTAPI NtAlertResumeThread( 493 | HANDLE ThreadHandle, 494 | PULONG PreviousSuspendCount); 495 | 496 | /* 497 | This function tests the alert flag inside the current thread. If 498 | an alert is pending for the previous mode, then the alerted status 499 | is returned, pending APC's may also be delivered at this time. 500 | */ 501 | NTSYSAPI NTSTATUS NTAPI NtTestAlert(VOID); 502 | 503 | NTSYSAPI NTSTATUS NTAPI NtQueueApcThread( 504 | HANDLE ThreadHandle, 505 | PKNORMAL_ROUTINE ApcRoutine, 506 | PVOID NormalContext, 507 | PVOID SystemArgument1, 508 | PVOID SystemArgument2); 509 | 510 | #if (NTAPI_LEVEL >= NTAPI_LEVEL_WIN7) 511 | NTSYSAPI NTSTATUS NTAPI NtQueueApcThreadEx( 512 | HANDLE ThreadHandle, 513 | HANDLE ApcReserveHandle, 514 | PKNORMAL_ROUTINE ApcRoutine, 515 | PVOID NormalContext, 516 | PVOID SystemArgument1, 517 | PVOID SystemArgument2); 518 | #endif 519 | 520 | NTSYSAPI NTSTATUS NTAPI NtDelayExecution( 521 | BOOLEAN Alertable, 522 | PLARGE_INTEGER DelayInterval); 523 | 524 | NTSYSAPI NTSTATUS NTAPI NtYieldExecution(VOID); 525 | 526 | 527 | /****************************************************************** 528 | * Job API 529 | *****************************************************************/ 530 | 531 | #if (NTAPI_LEVEL >= NTAPI_LEVEL_WINXP) 532 | 533 | /* 534 | * Types 535 | */ 536 | 537 | #if __INCLUDE_WINNT_DEFINES 538 | typedef enum _JOBOBJECTINFOCLASS { 539 | JobObjectBasicAccountingInformation = 1, 540 | JobObjectBasicLimitInformation, 541 | JobObjectBasicProcessIdList, 542 | JobObjectBasicUIRestrictions, 543 | JobObjectSecurityLimitInformation, 544 | JobObjectEndOfJobTimeInformation, 545 | JobObjectAssociateCompletionPortInformation, 546 | JobObjectBasicAndIoAccountingInformation, 547 | JobObjectExtendedLimitInformation, 548 | JobObjectJobSetInformation, 549 | MaxJobObjectInfoClass, 550 | } JOBOBJECTINFOCLASS; 551 | 552 | typedef struct _JOB_SET_ARRAY { 553 | HANDLE JobHandle; 554 | ULONG MemberLevel; 555 | ULONG Flags; 556 | } JOB_SET_ARRAY, *PJOB_SET_ARRAY; 557 | #endif /* __INCLUDE_WINNT_DEFINES */ 558 | 559 | /* 560 | * Functions 561 | */ 562 | 563 | NTSYSAPI NTSTATUS NTAPI NtCreateJobObject( 564 | PHANDLE JobHandle, 565 | ACCESS_MASK DesiredAccess, 566 | POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL); 567 | 568 | NTSYSAPI NTSTATUS NTAPI NtCreateJobSet( 569 | ULONG NumJob, 570 | PJOB_SET_ARRAY UserJobSet, 571 | ULONG Flags); 572 | 573 | NTSYSAPI NTSTATUS NTAPI NtOpenJobObject( 574 | PHANDLE JobHandle, 575 | ACCESS_MASK DesiredAccess, 576 | POBJECT_ATTRIBUTES ObjectAttributes); 577 | 578 | NTSYSAPI NTSTATUS NTAPI NtAssignProcessToJobObject( 579 | HANDLE JobHandle, 580 | HANDLE ProcessHandle); 581 | 582 | NTSYSAPI NTSTATUS NTAPI NtTerminateJobObject( 583 | HANDLE JobHandle, 584 | NTSTATUS ExitStatus); 585 | 586 | NTSYSAPI NTSTATUS NTAPI NtQueryInformationJobObject( 587 | HANDLE JobHandle, 588 | JOBOBJECTINFOCLASS JobInformationClass, 589 | PVOID JobInformation, 590 | ULONG JobInformationLength, 591 | PULONG ReturnLength); 592 | 593 | NTSYSAPI NTSTATUS NTAPI NtSetInformationJobObject( 594 | HANDLE JobHandle, 595 | JOBOBJECTINFOCLASS JobInformationClass, 596 | PVOID JobInformation, 597 | ULONG JobInformationLength); 598 | 599 | #endif 600 | 601 | 602 | /****************************************************************** 603 | * Worker factory API 604 | *****************************************************************/ 605 | 606 | #if (NTAPI_LEVEL >= NTAPI_LEVEL_VISTA) 607 | 608 | struct _FILE_IO_COMPLETION_INFORMATION; 609 | 610 | typedef enum _WORKERFACTORYINFOCLASS { 611 | WorkerFactoryTimeout, 612 | WorkerFactoryRetryTimeout, 613 | WorkerFactoryIdleTimeout, 614 | WorkerFactoryBindingCount, 615 | WorkerFactoryThreadMinimum, 616 | WorkerFactoryThreadMaximum, 617 | WorkerFactoryPaused, 618 | WorkerFactoryBasicInformation, 619 | WorkerFactoryAdjustThreadGoal, 620 | WorkerFactoryCallbackType, 621 | WorkerFactoryStackInformation, 622 | WorkerFactoryThreadBasePriority, 623 | WorkerFactoryTimeoutWaiters, 624 | WorkerFactoryFlags, 625 | WorkerFactoryThreadSoftMaximum, 626 | MaxWorkerFactoryInfoClass, 627 | } WORKERFACTORYINFOCLASS, *PWORKERFACTORYINFOCLASS; 628 | 629 | /* 630 | * Functions 631 | */ 632 | 633 | NTSYSAPI NTSTATUS NTAPI NtCreateWorkerFactory( 634 | PHANDLE WorkerFactoryHandle, 635 | ACCESS_MASK DesiredAccess, 636 | POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, 637 | HANDLE CompletionPortHandle, 638 | HANDLE WorkerProcessHandle, 639 | PVOID StartRoutine, 640 | PVOID StartParameter OPTIONAL, 641 | ULONG MaxThreadCount OPTIONAL, 642 | SIZE_T StackReserve OPTIONAL, 643 | SIZE_T StackCommit OPTIONAL); 644 | 645 | NTSYSAPI NTSTATUS NTAPI NtQueryInformationWorkerFactory( 646 | HANDLE WorkerFactoryHandle, 647 | WORKERFACTORYINFOCLASS WorkerFactoryInformationClass, 648 | PVOID WorkerFactoryInformation, 649 | ULONG WorkerFactoryInformationLength, 650 | PULONG ReturnLength OPTIONAL); 651 | 652 | NTSYSAPI NTSTATUS NTAPI NtSetInformationWorkerFactory( 653 | HANDLE WorkerFactoryHandle, 654 | WORKERFACTORYINFOCLASS WorkerFactoryInformationClass, 655 | PVOID WorkerFactoryInformation, 656 | ULONG WorkerFactoryInformationLength); 657 | 658 | NTSYSAPI NTSTATUS NTAPI NtShutdownWorkerFactory( 659 | HANDLE WorkerFactoryHandle, 660 | PLONG PendingWorkerCount); 661 | 662 | NTSYSAPI NTSTATUS NTAPI NtReleaseWorkerFactoryWorker( 663 | HANDLE WorkerFactoryHandle); 664 | 665 | NTSYSAPI NTSTATUS NTAPI NtWorkerFactoryWorkerReady( 666 | HANDLE WorkerFactoryHandle); 667 | 668 | NTSYSAPI NTSTATUS NTAPI NtWaitForWorkViaWorkerFactory( 669 | HANDLE WorkerFactoryHandle, 670 | struct _FILE_IO_COMPLETION_INFORMATION *MiniPacket); 671 | 672 | #endif 673 | 674 | 675 | #endif 676 | -------------------------------------------------------------------------------- /inc/nt/se.h: -------------------------------------------------------------------------------- 1 | #ifndef __NTAPI_SE_H_INCLUDED 2 | #define __NTAPI_SE_H_INCLUDED 3 | 4 | /****************************************************************** 5 | * Security token API 6 | *****************************************************************/ 7 | 8 | /* 9 | * Types 10 | */ 11 | 12 | #if __INCLUDE_WINNT_DEFINES 13 | typedef struct _ACL { 14 | CHAR AclRevision; 15 | CHAR Sbz1; 16 | USHORT AclSize; 17 | USHORT AceCount; 18 | USHORT Sbz2; 19 | } ACL, *PACL; 20 | 21 | typedef struct _SID_IDENTIFIER_AUTHORITY { 22 | CHAR Value[6]; 23 | } SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY; 24 | 25 | typedef struct _SID { 26 | CHAR Revision; 27 | CHAR SubAuthorityCount; 28 | SID_IDENTIFIER_AUTHORITY IdentifierAuthority; 29 | ULONG SubAuthority[1]; 30 | } SID, *PSID; 31 | 32 | typedef struct _SID_AND_ATTRIBUTES { 33 | PVOID Sid; 34 | ULONG Attributes; 35 | } SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES; 36 | 37 | typedef struct _LUID_AND_ATTRIBUTES { 38 | LUID Luid; 39 | ULONG Attributes; 40 | } LUID_AND_ATTRIBUTES; 41 | 42 | typedef struct _TOKEN_OWNER { 43 | PVOID Owner; 44 | } TOKEN_OWNER; 45 | 46 | typedef struct _TOKEN_PRIVILEGES { 47 | ULONG PrivilegeCount; 48 | LUID_AND_ATTRIBUTES Privileges[1]; 49 | } TOKEN_PRIVILEGES, *PTOKEN_PRIVILEGES; 50 | 51 | typedef struct _TOKEN_PRIMARY_GROUP { 52 | PVOID PrimaryGroup; 53 | } TOKEN_PRIMARY_GROUP, *PTOKEN_PRIMARY_GROUP; 54 | 55 | typedef struct _TOKEN_GROUPS { 56 | ULONG GroupCount; 57 | SID_AND_ATTRIBUTES Groups[1]; 58 | } TOKEN_GROUPS, *PTOKEN_GROUPS; 59 | 60 | typedef struct _TOKEN_DEFAULT_DACL { 61 | ACL *DefaultDacl; 62 | } TOKEN_DEFAULT_DACL, *PTOKEN_DEFAULT_DACL; 63 | 64 | typedef struct _TOKEN_USER { 65 | SID_AND_ATTRIBUTES User; 66 | } TOKEN_USER, *PTOKEN_USER; 67 | 68 | typedef struct _TOKEN_SOURCE { 69 | CHAR SourceName[8]; 70 | LUID SourceIdentifier; 71 | } TOKEN_SOURCE, *PTOKEN_SOURCE; 72 | 73 | typedef enum _TOKEN_INFORMATION_CLASS { 74 | TokenUser = 1, 75 | TokenGroups, 76 | TokenPrivileges, 77 | TokenOwner, 78 | TokenPrimaryGroup, 79 | TokenDefaultDacl, 80 | TokenSource, 81 | TokenType, 82 | TokenImpersonationLevel, 83 | TokenStatistics, 84 | TokenRestrictedSids, 85 | TokenSessionId, 86 | TokenGroupsAndPrivileges, 87 | TokenSessionReference, 88 | TokenSandBoxInert, 89 | TokenAuditPolicy, 90 | TokenOrigin, 91 | TokenElevationType, 92 | TokenLinkedToken, 93 | TokenElevation, 94 | TokenHasRestrictions, 95 | TokenAccessInformation, 96 | TokenVirtualizationAllowed, 97 | TokenVirtualizationEnabled, 98 | TokenIntegrityLevel, 99 | TokenUIAccess, 100 | TokenMandatoryPolicy, 101 | TokenLogonSid, 102 | TokenIsAppContainer, 103 | TokenCapabilities, 104 | TokenAppContainerSid, 105 | TokenAppContainerNumber, 106 | TokenUserClaimAttributes, 107 | TokenDeviceClaimAttributes, 108 | TokenRestrictedUserClaimAttributes, 109 | TokenRestrictedDeviceClaimAttributes, 110 | TokenDeviceGroups, 111 | TokenRestrictedDeviceGroups, 112 | TokenSecurityAttributes, 113 | TokenIsRestricted, 114 | MaxTokenInfoClass 115 | } TOKEN_INFORMATION_CLASS, *PTOKEN_INFORMATION_CLASS; 116 | #endif /* __INCLUDE_WINNT_DEFINES */ 117 | 118 | /* 119 | * Functions 120 | */ 121 | 122 | NTSYSAPI NTSTATUS NTAPI NtCreateToken( 123 | PHANDLE TokenHandle, 124 | ACCESS_MASK DesiredAccess, 125 | POBJECT_ATTRIBUTES ObjectAttributes, 126 | TOKEN_TYPE TokenType, 127 | PLUID AuthenticationId, 128 | PLARGE_INTEGER ExpirationTime, 129 | PTOKEN_USER TokenUser, 130 | PTOKEN_GROUPS TokenGroups, 131 | PTOKEN_PRIVILEGES TokenPrivileges, 132 | PTOKEN_OWNER TokenOwner, 133 | PTOKEN_PRIMARY_GROUP TokenPrimaryGroup, 134 | PTOKEN_DEFAULT_DACL TokenDefaultDacl, 135 | PTOKEN_SOURCE TokenSource); 136 | 137 | NTSYSAPI NTSTATUS NTAPI NtDuplicateToken( 138 | HANDLE ExistingToken, 139 | ACCESS_MASK DesiredAccess, 140 | POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, 141 | SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, 142 | TOKEN_TYPE TokenType, 143 | PHANDLE NewToken ); 144 | 145 | NTSYSAPI NTSTATUS NTAPI NtOpenProcessToken( 146 | HANDLE ProcessHandle, 147 | ACCESS_MASK DesiredAccess, 148 | PHANDLE TokenHandle); 149 | 150 | NTSYSAPI NTSTATUS NTAPI NtOpenThreadToken( 151 | HANDLE ThreadHandle, 152 | ACCESS_MASK DesiredAccess, 153 | BOOLEAN OpenAsSelf, 154 | PHANDLE TokenHandle); 155 | 156 | #if (NTAPI_LEVEL >= NTAPI_LEVEL_WINXP) 157 | NTSYSAPI NTSTATUS NTAPI NtOpenProcessTokenEx( 158 | HANDLE ProcessHandle, 159 | ACCESS_MASK DesiredAccess, 160 | ULONG HandleAttributes, 161 | PHANDLE TokenHandle); 162 | 163 | NTSYSAPI NTSTATUS NTAPI NtOpenThreadTokenEx( 164 | HANDLE ThreadHandle, 165 | ACCESS_MASK DesiredAccess, 166 | BOOLEAN OpenAsSelf, 167 | ULONG HandleAttributes, 168 | PHANDLE TokenHandle); 169 | #endif 170 | 171 | NTSYSAPI NTSTATUS NTAPI NtAdjustGroupsToken( 172 | HANDLE TokenHandle, 173 | BOOLEAN ResetToDefault, 174 | PTOKEN_GROUPS TokenGroups, 175 | ULONG PreviousGroupsLength, 176 | PTOKEN_GROUPS PreviousGroups OPTIONAL, 177 | PULONG RequiredLength OPTIONAL); 178 | 179 | NTSYSAPI NTSTATUS NTAPI NtAdjustPrivilegesToken( 180 | HANDLE TokenHandle, 181 | BOOLEAN DisableAllPrivileges, 182 | PTOKEN_PRIVILEGES TokenPrivileges, 183 | ULONG PreviousPrivilegesLength, 184 | PTOKEN_PRIVILEGES PreviousPrivileges OPTIONAL, 185 | PULONG RequiredLength OPTIONAL); 186 | 187 | NTSYSAPI NTSTATUS NTAPI NtQueryInformationToken( 188 | HANDLE TokenHandle, 189 | TOKEN_INFORMATION_CLASS TokenInformationClass, 190 | PVOID TokenInformation, 191 | ULONG TokenInformationLength, 192 | PULONG ReturnLength); 193 | 194 | NTSYSAPI NTSTATUS NTAPI NtSetInformationToken( 195 | HANDLE TokenHandle, 196 | TOKEN_INFORMATION_CLASS TokenInformationClass, 197 | PVOID TokenInformation, 198 | ULONG TokenInformationLength); 199 | 200 | NTSYSAPI NTSTATUS NTAPI NtQuerySecurityAttributesToken( 201 | HANDLE TokenHandle, 202 | PUNICODE_STRING Attributes, 203 | ULONG NumberOfAttributes, 204 | PVOID Buffer, 205 | ULONG Length, 206 | PULONG ReturnLength); 207 | 208 | NTSYSAPI NTSTATUS NTAPI NtCompareTokens( 209 | HANDLE FirstTokenHandle, 210 | HANDLE SecondTokenHandle, 211 | PBOOLEAN Equal); 212 | 213 | NTSYSAPI NTSTATUS NTAPI NtFilterToken( 214 | HANDLE ExistingTokenHandle, 215 | ULONG Flags, 216 | PTOKEN_GROUPS SidsToDisable OPTIONAL, 217 | PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL, 218 | PTOKEN_GROUPS RestrictedSids OPTIONAL, 219 | PHANDLE NewTokenHandle); 220 | 221 | NTSYSAPI NTSTATUS NTAPI NtAccessCheck( 222 | PSECURITY_DESCRIPTOR SecurityDescriptor, 223 | HANDLE ClientToken, 224 | ACCESS_MASK DesiredAccess, 225 | PGENERIC_MAPPING GenericMapping, 226 | PPRIVILEGE_SET PrivilegeSet, 227 | PULONG PrivilegeSetLength, 228 | PACCESS_MASK GrantedAccess, 229 | PNTSTATUS AccessStatus); 230 | 231 | NTSYSAPI NTSTATUS NTAPI NtAccessCheckByType( 232 | PSECURITY_DESCRIPTOR SecurityDescriptor, 233 | PSID PrincipalSelfSid OPTIONAL, 234 | HANDLE ClientToken, 235 | ACCESS_MASK DesiredAccess, 236 | POBJECT_TYPE_LIST ObjectTypeList, 237 | ULONG ObjectTypeListLength, 238 | PGENERIC_MAPPING GenericMapping, 239 | PPRIVILEGE_SET PrivilegeSet, 240 | PULONG PrivilegeSetLength, 241 | PACCESS_MASK GrantedAccess, 242 | PNTSTATUS AccessStatus); 243 | 244 | NTSYSAPI NTSTATUS NTAPI NtAccessCheckByTypeResultList( 245 | PSECURITY_DESCRIPTOR SecurityDescriptor, 246 | PSID PrincipalSelfSid OPTIONAL, 247 | HANDLE ClientToken, 248 | ACCESS_MASK DesiredAccess, 249 | POBJECT_TYPE_LIST ObjectTypeList, 250 | ULONG ObjectTypeListLength, 251 | PGENERIC_MAPPING GenericMapping, 252 | PPRIVILEGE_SET PrivilegeSet, 253 | PULONG PrivilegeSetLength, 254 | PACCESS_MASK GrantedAccess, 255 | PNTSTATUS AccessStatus); 256 | 257 | NTSYSAPI NTSTATUS NTAPI NtPrivilegeCheck( 258 | HANDLE TokenHandle, 259 | PPRIVILEGE_SET RequiredPrivileges, 260 | PBOOLEAN Result); 261 | 262 | NTSYSAPI NTSTATUS NTAPI NtAllocateLocallyUniqueId( 263 | PLUID LocallyUniqueId); 264 | 265 | NTSYSAPI NTSTATUS NTAPI NtAllocateUuids( 266 | PLARGE_INTEGER Time, 267 | PULONG Range, 268 | PULONG Sequence); 269 | 270 | #endif 271 | -------------------------------------------------------------------------------- /inc/nt/sys.h: -------------------------------------------------------------------------------- 1 | #ifndef __NTAPI_SYS_H_INCLUDED 2 | #define __NTAPI_SYS_H_INCLUDED 3 | 4 | /****************************************************************** 5 | * System related API 6 | *****************************************************************/ 7 | 8 | /* 9 | * Types 10 | */ 11 | 12 | /* Current version: 5.1 */ 13 | typedef enum _SYSTEM_INFORMATION_CLASS { 14 | /* Q: SYSTEM_BASIC_INFORMATION */ 15 | SystemBasicInformation = 0x0, 16 | /* Q: SYSTEM_PROCESSOR_INFORMATION */ 17 | SystemProcessorInformation = 0x1, 18 | /* Q: SYSTEM_PERFORMANCE_INFORMATION */ 19 | SystemPerformanceInformation = 0x2, 20 | SystemTimeOfDayInformation = 0x3, 21 | SystemPathInformation = 0x4, 22 | /* Q: SYSTEM_PROCESS_INFORMATION */ 23 | SystemProcessInformation = 0x5, 24 | SystemCallCountInformation = 0x6, 25 | SystemDeviceInformation = 0x7, 26 | SystemProcessorPerformanceInformation = 0x8, 27 | /* Q/S: SYSTEM_FLAGS_INFORMATION */ 28 | SystemFlagsInformation = 0x9, 29 | SystemCallTimeInformation = 0xA, 30 | /* Q: RTL_PROCESS_MODULES */ 31 | SystemModuleInformation = 0xB, 32 | SystemLocksInformation = 0xC, 33 | SystemStackTraceInformation = 0xD, 34 | SystemPagedPoolInformation = 0xE, 35 | SystemNonPagedPoolInformation = 0xF, 36 | /* Q: SYSTEM_HANDLE_INFORMATION */ 37 | SystemHandleInformation = 0x10, 38 | SystemObjectInformation = 0x11, 39 | /* Q: SYSTEM_PAGEFILE_INFORMATION */ 40 | SystemPageFileInformation = 0x12, 41 | SystemVdmInstemulInformation = 0x13, 42 | SystemVdmBopInformation = 0x14, 43 | SystemFileCacheInformation = 0x15, 44 | /* Q: SYSTEM_POOLTAG_INFORMATION */ 45 | SystemPoolTagInformation = 0x16, 46 | /* Q: SYSTEM_INTERRUPT_INFORMATION */ 47 | SystemInterruptInformation = 0x17, 48 | SystemDpcBehaviorInformation = 0x18, 49 | SystemFullMemoryInformation = 0x19, 50 | SystemLoadGdiDriverInformation = 0x1A, 51 | SystemUnloadGdiDriverInformation = 0x1B, 52 | SystemTimeAdjustmentInformation = 0x1C, 53 | SystemSummaryMemoryInformation = 0x1D, 54 | SystemMirrorMemoryInformation = 0x1E, 55 | SystemPerformanceTraceInformation = 0x1F, 56 | SystemObsolete0 = 0x20, 57 | SystemExceptionInformation = 0x21, 58 | SystemCrashDumpStateInformation = 0x22, 59 | /* SYSTEM_KERNEL_DEBUGGER_INFORMATION */ 60 | SystemKernelDebuggerInformation = 0x23, 61 | SystemContextSwitchInformation = 0x24, 62 | SystemRegistryQuotaInformation = 0x25, 63 | SystemExtendServiceTableInformation = 0x26, 64 | SystemPrioritySeperation = 0x27, 65 | SystemVerifierAddDriverInformation = 0x28, 66 | SystemVerifierRemoveDriverInformation = 0x29, 67 | SystemProcessorIdleInformation = 0x2A, 68 | SystemLegacyDriverInformation = 0x2B, 69 | SystemCurrentTimeZoneInformation = 0x2C, 70 | SystemLookasideInformation = 0x2D, 71 | SystemTimeSlipNotification = 0x2E, 72 | SystemSessionCreate = 0x2F, 73 | SystemSessionDetach = 0x30, 74 | SystemSessionInformation = 0x31, 75 | SystemRangeStartInformation = 0x32, 76 | SystemVerifierInformation = 0x33, 77 | SystemVerifierThunkExtend = 0x34, 78 | SystemSessionProcessInformation = 0x35, 79 | SystemLoadGdiDriverInSystemSpace = 0x36, 80 | /* Q: SYSTEM_NUMA_INFORMATION */ 81 | SystemNumaProcessorMap = 0x37, 82 | SystemPrefetcherInformation = 0x38, 83 | /* Q: SYSTEM_PROCESS_INFORMATION */ 84 | SystemExtendedProcessInformation = 0x39, 85 | SystemRecommendedSharedDataAlignment = 0x3A, 86 | SystemComPlusPackage = 0x3B, 87 | SystemNumaAvailableMemory = 0x3C, 88 | SystemProcessorPowerInformation = 0x3D, 89 | SystemEmulationBasicInformation = 0x3E, 90 | SystemEmulationProcessorInformation = 0x3F, 91 | /* Q: SYSTEM_HANDLE_INFORMATION_EX */ 92 | SystemExtendedHandleInformation = 0x40, 93 | SystemLostDelayedWriteInformation = 0x41, 94 | /* Q: SYSTEM_BIGPOOL_INFORMATION */ 95 | SystemBigPoolInformation = 0x42, 96 | SystemSessionPoolTagInformation = 0x43, 97 | SystemSessionMappedViewInformation = 0x44, 98 | SystemHotpatchInformation = 0x45, 99 | SystemObjectSecurityMode = 0x46, 100 | SystemWatchdogTimerHandler = 0x47, 101 | SystemWatchdogTimerInformation = 0x48, 102 | SystemLogicalProcessorInformation = 0x49, 103 | #if (NTAPI_LEVEL >= NTAPI_LEVEL_WINXP) 104 | SystemWow64SharedInformation = 0x4A, 105 | #endif 106 | } SYSTEM_INFORMATION_CLASS, *PSYSTEM_INFORMATION_CLASS; 107 | 108 | /* SystemBasicInformation */ 109 | 110 | typedef struct _SYSTEM_BASIC_INFORMATION { 111 | ULONG Reserved; 112 | ULONG TimerResolution; 113 | ULONG PageSize; 114 | ULONG NumberOfPhysicalPages; 115 | ULONG LowestPhysicalPageNumber; 116 | ULONG HighestPhysicalPageNumber; 117 | ULONG AllocationGranularity; 118 | ULONG MinimumUserModeAddress; 119 | ULONG MaximumUserModeAddress; 120 | ULONG ActiveProcessorsAffinityMask; 121 | UCHAR NumberOfProcessors; 122 | } SYSTEM_BASIC_INFORMATION; 123 | 124 | /* SystemProcessorInformation */ 125 | 126 | typedef struct _SYSTEM_PROCESSOR_INFORMATION { 127 | USHORT ProcessorArchitecture; 128 | USHORT ProcessorLevel; 129 | USHORT ProcessorRevision; 130 | USHORT MaximumProcessors; 131 | ULONG ProcessorFeatureBits; 132 | } SYSTEM_PROCESSOR_INFORMATION, *PSYSTEM_PROCESSOR_INFORMATION; 133 | 134 | /* SystemPerformanceInformation */ 135 | 136 | typedef struct _SYSTEM_PERFORMANCE_INFORMATION { 137 | LARGE_INTEGER IdleProcessTime; 138 | LARGE_INTEGER IoReadTransferCount; 139 | LARGE_INTEGER IoWriteTransferCount; 140 | LARGE_INTEGER IoOtherTransferCount; 141 | ULONG IoReadOperationCount; 142 | ULONG IoWriteOperationCount; 143 | ULONG IoOtherOperationCount; 144 | ULONG AvailablePages; 145 | ULONG CommittedPages; 146 | ULONG CommitLimit; 147 | ULONG PeakCommitment; 148 | ULONG PageFaultCount; 149 | ULONG CopyOnWriteCount; 150 | ULONG TransitionCount; 151 | ULONG CacheTransitionCount; 152 | ULONG DemandZeroCount; 153 | ULONG PageReadCount; 154 | ULONG PageReadIoCount; 155 | ULONG CacheReadCount; 156 | ULONG CacheIoCount; 157 | ULONG DirtyPagesWriteCount; 158 | ULONG DirtyWriteIoCount; 159 | ULONG MappedPagesWriteCount; 160 | ULONG MappedWriteIoCount; 161 | ULONG PagedPoolPages; 162 | ULONG NonPagedPoolPages; 163 | ULONG PagedPoolAllocs; 164 | ULONG PagedPoolFrees; 165 | ULONG NonPagedPoolAllocs; 166 | ULONG NonPagedPoolFrees; 167 | ULONG FreeSystemPtes; 168 | ULONG ResidentSystemCodePage; 169 | ULONG TotalSystemDriverPages; 170 | ULONG TotalSystemCodePages; 171 | ULONG NonPagedPoolLookasideHits; 172 | ULONG PagedPoolLookasideHits; 173 | ULONG AvailablePagedPoolPages; 174 | ULONG ResidentSystemCachePage; 175 | ULONG ResidentPagedPoolPage; 176 | ULONG ResidentSystemDriverPage; 177 | ULONG CcFastReadNoWait; 178 | ULONG CcFastReadWait; 179 | ULONG CcFastReadResourceMiss; 180 | ULONG CcFastReadNotPossible; 181 | ULONG CcFastMdlReadNoWait; 182 | ULONG CcFastMdlReadWait; 183 | ULONG CcFastMdlReadResourceMiss; 184 | ULONG CcFastMdlReadNotPossible; 185 | ULONG CcMapDataNoWait; 186 | ULONG CcMapDataWait; 187 | ULONG CcMapDataNoWaitMiss; 188 | ULONG CcMapDataWaitMiss; 189 | ULONG CcPinMappedDataCount; 190 | ULONG CcPinReadNoWait; 191 | ULONG CcPinReadWait; 192 | ULONG CcPinReadNoWaitMiss; 193 | ULONG CcPinReadWaitMiss; 194 | ULONG CcCopyReadNoWait; 195 | ULONG CcCopyReadWait; 196 | ULONG CcCopyReadNoWaitMiss; 197 | ULONG CcCopyReadWaitMiss; 198 | ULONG CcMdlReadNoWait; 199 | ULONG CcMdlReadWait; 200 | ULONG CcMdlReadNoWaitMiss; 201 | ULONG CcMdlReadWaitMiss; 202 | ULONG CcReadAheadIos; 203 | ULONG CcLazyWriteIos; 204 | ULONG CcLazyWritePages; 205 | ULONG CcDataFlushes; 206 | ULONG CcDataPages; 207 | ULONG ContextSwitches; 208 | ULONG FirstLevelTbFills; 209 | ULONG SecondLevelTbFills; 210 | ULONG SystemCalls; 211 | } SYSTEM_PERFORMANCE_INFORMATION, *PSYSTEM_PERFORMANCE_INFORMATION; 212 | 213 | /* SystemTimeOfDayInformation */ 214 | 215 | typedef struct _SYSTEM_TIMEOFDAY_INFORMATION { 216 | LARGE_INTEGER BootTime; 217 | LARGE_INTEGER CurrentTime; 218 | LARGE_INTEGER TimeZoneBias; 219 | ULONG TimeZoneId; 220 | ULONG Reserved; 221 | ULONGLONG BootTimeBias; 222 | ULONGLONG SleepTimeBias; 223 | } SYSTEM_TIMEOFDAY_INFORMATION, *PSYSTEM_TIMEOFDAY_INFORMATION; 224 | 225 | /* SystemProcessInformation */ 226 | 227 | /* Version: 5.2 */ 228 | typedef struct _SYSTEM_THREAD_INFORMATION { 229 | LARGE_INTEGER KernelTime; 230 | LARGE_INTEGER UserTime; 231 | LARGE_INTEGER CreateTime; 232 | ULONG WaitTime; 233 | PVOID StartAddress; 234 | CLIENT_ID ClientId; 235 | KPRIORITY Priority; 236 | KPRIORITY BasePriority; 237 | ULONG ContextSwitches; 238 | ULONG ThreadState; 239 | ULONG WaitReason; 240 | } SYSTEM_THREAD_INFORMATION, *PSYSTEM_THREAD_INFORMATION; 241 | 242 | /* SystemExtendedProcessInformation */ 243 | 244 | /* Version: 5.2 */ 245 | typedef struct _SYSTEM_EXTENDED_THREAD_INFORMATION { 246 | SYSTEM_THREAD_INFORMATION ThreadInfo; 247 | PVOID StackBase; 248 | PVOID StackLimit; 249 | PVOID Win32StartAddress; 250 | ULONG Reserved1; 251 | ULONG Reserved2; 252 | ULONG Reserved3; 253 | ULONG Reserved4; 254 | } SYSTEM_EXTENDED_THREAD_INFORMATION, *PSYSTEM_EXTENDED_THREAD_INFORMATION; 255 | 256 | /* SystemProcessInformation and SystemExtendedProcessInformation */ 257 | 258 | /* Version: 5.2 */ 259 | typedef struct _SYSTEM_PROCESS_INFORMATION { 260 | ULONG NextEntryOffset; 261 | ULONG NumberOfThreads; 262 | LARGE_INTEGER SpareLi1; 263 | LARGE_INTEGER SpareLi2; 264 | LARGE_INTEGER SpareLi3; 265 | LARGE_INTEGER CreateTime; 266 | LARGE_INTEGER UserTime; 267 | LARGE_INTEGER KernelTime; 268 | UNICODE_STRING ImageName; 269 | KPRIORITY BasePriority; 270 | HANDLE UniqueProcessId; 271 | HANDLE InheritedFromUniqueProcessId; 272 | ULONG HandleCount; 273 | ULONG SessionId; 274 | ULONG_PTR PageDirectoryBase; 275 | VM_COUNTERS VmCounters; 276 | ULONG PrivatePageCount; 277 | IO_COUNTERS IoCounters; 278 | /* Array of SYSTEM_THREAD_INFORMATION follows */ 279 | } SYSTEM_PROCESS_INFORMATION, *PSYSTEM_PROCESS_INFORMATION; 280 | 281 | /* SystemNumaProcessorMap */ 282 | 283 | #ifndef MAXIMUM_NUMA_NODES 284 | #define MAXIMUM_NUMA_NODES 16 285 | #endif 286 | 287 | typedef struct _SYSTEM_NUMA_INFORMATION { 288 | ULONG HighestNodeNumber; 289 | ULONG Reserved; 290 | union { 291 | ULONGLONG ActiveProcessorsAffinityMask[MAXIMUM_NUMA_NODES]; 292 | ULONGLONG AvailableMemory[MAXIMUM_NUMA_NODES]; 293 | }; 294 | } SYSTEM_NUMA_INFORMATION, *PSYSTEM_NUMA_INFORMATION; 295 | 296 | /* SystemProcessorPerformanceInformation*/ 297 | 298 | typedef struct _SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION { 299 | LARGE_INTEGER IdleTime; 300 | LARGE_INTEGER KernelTime; 301 | LARGE_INTEGER UserTime; 302 | LARGE_INTEGER DpcTime; 303 | LARGE_INTEGER InterruptTime; 304 | ULONG InterruptCount; 305 | } SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION, *PSYSTEM_PROCESSOR_PERFORMANCE_INFORMATION; 306 | 307 | /* SystemFlagsInformation */ 308 | 309 | typedef enum _SYSTEM_GLOBAL_FLAGS { 310 | FLG_STOP_ON_EXCEPTION = 0x00000001, 311 | FLG_SHOW_LDR_SNAPS = 0x00000002, 312 | FLG_DEBUG_INITIAL_COMMAND = 0x00000004, 313 | FLG_STOP_ON_HUNG_GUI = 0x00000008, 314 | FLG_HEAP_ENABLE_TAIL_CHECK = 0x00000010, 315 | FLG_HEAP_ENABLE_FREE_CHECK = 0x00000020, 316 | FLG_HEAP_VALIDATE_PARAMETERS = 0x00000040, 317 | FLG_HEAP_VALIDATE_ALL = 0x00000080, 318 | FLG_APPLICATION_VERIFIER = 0x00000100, 319 | FLG_MONITOR_SILENT_PROCESS_EXIT = 0x00000200, 320 | FLG_POOL_ENABLE_TAGGING = 0x00000400, 321 | FLG_HEAP_ENABLE_TAGGING = 0x00000800, 322 | FLG_USER_STACK_TRACE_DB = 0x00001000, 323 | FLG_KERNEL_STACK_TRACE_DB = 0x00002000, 324 | FLG_MAINTAIN_OBJECT_TYPELIST = 0x00004000, 325 | FLG_HEAP_ENABLE_TAG_BY_DLL = 0x00008000, 326 | FLG_DISABLE_STACK_EXTENSION = 0x00010000, 327 | FLG_ENABLE_CSRDEBUG = 0x00020000, 328 | FLG_ENABLE_KDEBUG_SYMBOL_LOAD = 0x00040000, 329 | FLG_DISABLE_PAGE_KERNEL_STACKS = 0x00080000, 330 | FLG_ENABLE_SYSTEM_CRIT_BREAKS = 0x00100000, 331 | FLG_HEAP_DISABLE_COALESCING = 0x00200000, 332 | FLG_ENABLE_CLOSE_EXCEPTIONS = 0x00400000, 333 | FLG_ENABLE_EXCEPTION_LOGGING = 0x00800000, 334 | FLG_ENABLE_HANDLE_TYPE_TAGGING = 0x01000000, 335 | FLG_HEAP_PAGE_ALLOCS = 0x02000000, 336 | FLG_DEBUG_INITIAL_COMMAND_EX = 0x04000000, 337 | FLG_DISABLE_DBGPRINT = 0x08000000, 338 | FLG_CRITSEC_EVENT_CREATION = 0x10000000, 339 | FLG_ENABLE_HANDLE_EXCEPTIONS = 0x40000000, 340 | FLG_DISABLE_PROTDLLS = 0x80000000, 341 | } SYSTEM_GLOBAL_FLAGS; 342 | 343 | typedef struct _SYSTEM_FLAGS_INFORMATION { 344 | SYSTEM_GLOBAL_FLAGS Flags; 345 | } SYSTEM_FLAGS_INFORMATION, *PSYSTEM_FLAGS_INFORMATION; 346 | 347 | /* SystemModuleInformation */ 348 | 349 | typedef struct _RTL_PROCESS_MODULE_INFORMATION { 350 | PVOID Section; 351 | PVOID MappedBase; 352 | PVOID ImageBase; 353 | ULONG ImageSize; 354 | ULONG Flags; 355 | USHORT LoadOrderIndex; 356 | USHORT InitOrderIndex; 357 | USHORT LoadCount; 358 | USHORT OffsetToFileName; 359 | CHAR FullPathName[256]; 360 | } RTL_PROCESS_MODULE_INFORMATION, *PRTL_PROCESS_MODULE_INFORMATION; 361 | 362 | typedef struct _RTL_PROCESS_MODULES { 363 | ULONG NumberOfModules; 364 | RTL_PROCESS_MODULE_INFORMATION Modules[1]; 365 | } RTL_PROCESS_MODULES, *PRTL_PROCESS_MODULES; 366 | 367 | /* SystemHandleInformation */ 368 | 369 | typedef enum _SYSTEM_HANDLE_FLAGS { 370 | PROTECT_FROM_CLOSE=1, 371 | INHERIT=2 372 | } SYSTEM_HANDLE_FLAGS; 373 | 374 | typedef struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO { 375 | USHORT UniqueProcessId; 376 | USHORT CreatorBackTraceIndex; 377 | UCHAR ObjectTypeIndex; 378 | UCHAR HandleAttributes; 379 | USHORT HandleValue; 380 | PVOID Object; 381 | ULONG GrantedAccess; 382 | } SYSTEM_HANDLE_TABLE_ENTRY_INFO, *PSYSTEM_HANDLE_TABLE_ENTRY_INFO; 383 | 384 | typedef struct _SYSTEM_HANDLE_INFORMATION { 385 | ULONG NumberOfHandles; 386 | SYSTEM_HANDLE_TABLE_ENTRY_INFO Handles[1]; 387 | } SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION; 388 | 389 | #if (NTAPI_LEVEL >= NTAPI_LEVEL_WINXP) 390 | 391 | /* SystemExtendedHandleInformation */ 392 | 393 | typedef struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX { 394 | PVOID Object; 395 | HANDLE UniqueProcessId; 396 | HANDLE HandleValue; 397 | ULONG GrantedAccess; 398 | USHORT CreatorBackTraceIndex; 399 | USHORT ObjectTypeIndex; 400 | ULONG HandleAttributes; 401 | ULONG Reserved; 402 | } SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX, *PSYSTEM_HANDLE_TABLE_ENTRY_INFO_EX; 403 | 404 | typedef struct _SYSTEM_HANDLE_INFORMATION_EX { 405 | ULONG_PTR NumberOfHandles; 406 | ULONG_PTR Reserved; 407 | SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX Handles[1]; 408 | } SYSTEM_HANDLE_INFORMATION_EX, *PSYSTEM_HANDLE_INFORMATION_EX; 409 | 410 | #endif 411 | 412 | typedef struct _SYSTEM_OBJECTTYPE_INFORMATION { 413 | ULONG NextEntryOffset; 414 | ULONG NumberOfObjects; 415 | ULONG NumberOfHandles; 416 | ULONG TypeIndex; 417 | ULONG InvalidAttributes; 418 | GENERIC_MAPPING GenericMapping; 419 | ULONG ValidAccessMask; 420 | ULONG PoolType; 421 | BOOLEAN SecurityRequired; 422 | BOOLEAN WaitableObject; 423 | UNICODE_STRING TypeName; 424 | } SYSTEM_OBJECTTYPE_INFORMATION, *PSYSTEM_OBJECTTYPE_INFORMATION; 425 | 426 | typedef struct _SYSTEM_OBJECT_INFORMATION { 427 | ULONG NextEntryOffset; 428 | PVOID Object; 429 | HANDLE CreatorUniqueProcess; 430 | USHORT CreatorBackTraceIndex; 431 | USHORT Flags; 432 | LONG PointerCount; 433 | LONG HandleCount; 434 | ULONG PagedPoolCharge; 435 | ULONG NonPagedPoolCharge; 436 | HANDLE ExclusiveProcessId; 437 | PVOID SecurityDescriptor; 438 | UNICODE_STRING NameInfo; 439 | } SYSTEM_OBJECT_INFORMATION, *PSYSTEM_OBJECT_INFORMATION; 440 | 441 | /* SystemPageFileInformation */ 442 | 443 | typedef struct _SYSTEM_PAGEFILE_INFORMATION { 444 | ULONG NextEntryOffset; 445 | ULONG TotalSize; 446 | ULONG TotalInUse; 447 | ULONG PeakUsage; 448 | UNICODE_STRING PageFileName; 449 | } SYSTEM_PAGEFILE_INFORMATION, *PSYSTEM_PAGEFILE_INFORMATION; 450 | 451 | /* SystemPoolTagInformation */ 452 | 453 | typedef struct _SYSTEM_POOLTAG { 454 | union { 455 | CHAR Tag[4]; 456 | ULONG TagUlong; 457 | }; 458 | ULONG PagedAllocs; 459 | ULONG PagedFrees; 460 | ULONG PagedUsed; 461 | ULONG NonPagedAllocs; 462 | ULONG NonPagedFrees; 463 | ULONG NonPagedUsed; 464 | } SYSTEM_POOLTAG, *PSYSTEM_POOLTAG; 465 | 466 | typedef struct _SYSTEM_POOLTAG_INFORMATION { 467 | ULONG Count; 468 | SYSTEM_POOLTAG TagInfo[1]; 469 | } SYSTEM_POOLTAG_INFORMATION, *PSYSTEM_POOLTAG_INFORMATION; 470 | 471 | /* SystemInterruptInformation */ 472 | 473 | typedef struct _SYSTEM_INTERRUPT_INFORMATION { 474 | ULONG ContextSwitches; 475 | ULONG DpcCount; 476 | ULONG DpcRate; 477 | ULONG TimeIncrement; 478 | ULONG DpcBypassCount; 479 | ULONG ApcBypassCount; 480 | } SYSTEM_INTERRUPT_INFORMATION, *PSYSTEM_INTERRUPT_INFORMATION; 481 | 482 | /* SystemKernelDebuggerInformation */ 483 | 484 | typedef struct _SYSTEM_KERNEL_DEBUGGER_INFORMATION { 485 | char KernelDebuggerEnabled; 486 | char KernelDebuggerNotPresent; 487 | } SYSTEM_KERNEL_DEBUGGER_INFORMATION, *PSYSTEM_KERNEL_DEBUGGER_INFORMATION; 488 | 489 | /* SystemBigPoolInformation */ 490 | 491 | typedef struct _SYSTEM_BIGPOOL_ENTRY { 492 | union { 493 | PVOID VirtualAddress; 494 | ULONG_PTR NonPaged : 1; 495 | }; 496 | SIZE_T SizeInBytes; 497 | union { 498 | UCHAR Tag[4]; 499 | ULONG TagUlong; 500 | }; 501 | } SYSTEM_BIGPOOL_ENTRY, *PSYSTEM_BIGPOOL_ENTRY; 502 | 503 | typedef struct _SYSTEM_BIGPOOL_INFORMATION { 504 | ULONG Count; 505 | SYSTEM_BIGPOOL_ENTRY AllocatedInfo[1]; 506 | } SYSTEM_BIGPOOL_INFORMATION, *PSYSTEM_BIGPOOL_INFORMATION; 507 | 508 | 509 | /* 510 | * Functions 511 | */ 512 | 513 | NTSYSAPI NTSTATUS NTAPI NtQuerySystemInformation( 514 | SYSTEM_INFORMATION_CLASS SystemInformationClass, 515 | PVOID SystemInformation, 516 | ULONG SystemInformationLength, 517 | PULONG ReturnLength); 518 | 519 | NTSYSAPI NTSTATUS NTAPI NtSetSystemInformation( 520 | SYSTEM_INFORMATION_CLASS SystemInformationClass, 521 | PVOID SystemInformation, 522 | ULONG SystemInformationLength); 523 | 524 | /* INCOMPLETE SIGNATURE */ 525 | #if (NTAPI_LEVEL >= NTAPI_LEVEL_WINXP) 526 | NTSYSAPI NTSTATUS NTAPI NtEnumerateSystemEnvironmentValuesEx( 527 | ULONG InformationClass, 528 | PVOID Buffer, 529 | ULONG BufferLength); 530 | #endif 531 | 532 | NTSYSAPI NTSTATUS NTAPI NtQuerySystemEnvironmentValue( 533 | PUNICODE_STRING VariableName, 534 | PWSTR ValueBuffer, 535 | ULONG ValueBufferLength, 536 | PULONG ReturnLength OPTIONAL); 537 | 538 | NTSYSAPI NTSTATUS NTAPI NtQuerySystemEnvironmentValueEx( 539 | PUNICODE_STRING VariableName, 540 | LPGUID VendorGuid, 541 | PVOID Value, 542 | PULONG ReturnLength, 543 | PULONG Attributes); 544 | 545 | NTSYSAPI NTSTATUS NTAPI NtSetSystemEnvironmentValue( 546 | PUNICODE_STRING VariableName, 547 | PUNICODE_STRING Value); 548 | 549 | NTSYSAPI NTSTATUS NTAPI NtSetSystemEnvironmentValueEx( 550 | PUNICODE_STRING VariableName, 551 | LPGUID VendorGuid, 552 | PVOID Value, 553 | PULONG ReturnLength, 554 | PULONG Attributes); 555 | 556 | NTSYSAPI NTSTATUS NTAPI NtRaiseHardError( 557 | NTSTATUS ErrorStatus, 558 | ULONG NumberOfParameters, 559 | ULONG UnicodeStringParameterMask, 560 | PULONG_PTR Parameters, 561 | ULONG ValidResponseOptions, 562 | PULONG Response); 563 | 564 | #endif 565 | -------------------------------------------------------------------------------- /inc/nt/tm.h: -------------------------------------------------------------------------------- 1 | #ifndef __NTAPI_TM_H_INCLUDED 2 | #define __NTAPI_TM_H_INCLUDED 3 | 4 | /****************************************************************** 5 | * Transaction manager API 6 | *****************************************************************/ 7 | 8 | #if (NTAPI_LEVEL >= NTAPI_LEVEL_VISTA) 9 | 10 | /* 11 | * Types 12 | */ 13 | 14 | #if __INCLUDE_WINNT_DEFINES 15 | typedef enum _TRANSACTIONMANAGER_INFORMATION_CLASS { 16 | TransactionManagerBasicInformation = 0, 17 | TransactionManagerLogInformation = 1, 18 | TransactionManagerLogPathInformation = 2, 19 | TransactionManagerRecoveryInformation = 4, 20 | } TRANSACTIONMANAGER_INFORMATION_CLASS; 21 | 22 | typedef enum _KTMOBJECT_TYPE { 23 | KTMOBJECT_TRANSACTION = 0, 24 | KTMOBJECT_TRANSACTION_MANAGER = 1, 25 | KTMOBJECT_RESOURCE_MANAGER = 2, 26 | KTMOBJECT_ENLISTMENT = 3, 27 | KTMOBJECT_INVALID = 4, 28 | } KTMOBJECT_TYPE, *PKTMOBJECT_TYPE; 29 | 30 | typedef struct _KTMOBJECT_CURSOR { 31 | GUID LastQuery; 32 | ULONG ObjectIdCount; 33 | GUID ObjectIds[1]; 34 | } KTMOBJECT_CURSOR, *PKTMOBJECT_CURSOR; 35 | #endif 36 | 37 | /* 38 | * Functions 39 | */ 40 | 41 | NTSYSAPI NTSTATUS NTAPI NtCreateTransactionManager( 42 | PHANDLE TmHandle, 43 | ACCESS_MASK DesiredAccess, 44 | POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, 45 | PUNICODE_STRING LogFileName OPTIONAL, 46 | ULONG CreateOptions OPTIONAL, 47 | ULONG CommitStrength OPTIONAL); 48 | 49 | NTSYSAPI NTSTATUS NTAPI NtOpenTransactionManager( 50 | PHANDLE TmHandle, 51 | ACCESS_MASK DesiredAccess, 52 | POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, 53 | PUNICODE_STRING LogFileName OPTIONAL, 54 | LPGUID TmIdentity OPTIONAL, 55 | ULONG OpenOptions OPTIONAL); 56 | 57 | NTSYSAPI NTSTATUS NTAPI NtRenameTransactionManager( 58 | PUNICODE_STRING LogFileName, 59 | LPGUID ExistingTransactionManagerGuid); 60 | 61 | NTSYSAPI NTSTATUS NTAPI NtRollforwardTransactionManager( 62 | HANDLE TransactionManagerHandle, 63 | PLARGE_INTEGER TmVirtualClock OPTIONAL); 64 | 65 | NTSYSAPI NTSTATUS NTAPI NtRecoverTransactionManager( 66 | HANDLE TransactionManagerHandle); 67 | 68 | NTSYSAPI NTSTATUS NTAPI NtQueryInformationTransactionManager( 69 | HANDLE TransactionManagerHandle, 70 | TRANSACTIONMANAGER_INFORMATION_CLASS TransactionManagerInformationClass, 71 | PVOID TransactionManagerInformation, 72 | ULONG TransactionManagerInformationLength, 73 | PULONG ReturnLength OPTIONAL); 74 | 75 | NTSYSAPI NTSTATUS NTAPI NtSetInformationTransactionManager( 76 | HANDLE TmHandle OPTIONAL, 77 | TRANSACTIONMANAGER_INFORMATION_CLASS TransactionManagerInformationClass, 78 | PVOID TransactionManagerInformation, 79 | ULONG TransactionManagerInformationLength); 80 | 81 | 82 | NTSYSAPI NTSTATUS NTAPI NtEnumerateTransactionObject( 83 | HANDLE RootObjectHandle OPTIONAL, 84 | KTMOBJECT_TYPE QueryType, 85 | PKTMOBJECT_CURSOR ObjectCursor, 86 | ULONG ObjectCursorLength, 87 | PULONG ReturnLength); 88 | 89 | #endif 90 | 91 | 92 | /****************************************************************** 93 | * Transaction API 94 | *****************************************************************/ 95 | 96 | #if (NTAPI_LEVEL >= NTAPI_LEVEL_VISTA) 97 | 98 | /* 99 | * Types 100 | */ 101 | 102 | #if __INCLUDE_WINNT_DEFINES 103 | typedef enum _TRANSACTION_INFORMATION_CLASS { 104 | TransactionBasicInformation = 0, 105 | TransactionPropertiesInformation, 106 | TransactionEnlistmentInformation, 107 | TransactionSuperiorEnlistmentInformation, 108 | } TRANSACTION_INFORMATION_CLASS; 109 | #endif 110 | 111 | /* 112 | * Functions 113 | */ 114 | 115 | NTSYSAPI NTSTATUS NTAPI NtCreateTransaction( 116 | PHANDLE TransactionHandle, 117 | ACCESS_MASK DesiredAccess, 118 | POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, 119 | LPGUID Uow OPTIONAL, 120 | HANDLE TmHandle OPTIONAL, 121 | ULONG CreateOptions OPTIONAL, 122 | ULONG IsolationLevel OPTIONAL, 123 | ULONG IsolationFlags OPTIONAL, 124 | PLARGE_INTEGER Timeout OPTIONAL, 125 | PUNICODE_STRING Description OPTIONAL); 126 | 127 | NTSYSAPI NTSTATUS NTAPI NtOpenTransaction( 128 | PHANDLE TransactionHandle, 129 | ACCESS_MASK DesiredAccess, 130 | POBJECT_ATTRIBUTES ObjectAttributes, 131 | LPGUID Uow, 132 | HANDLE TmHandle OPTIONAL); 133 | 134 | NTSYSAPI NTSTATUS NTAPI NtQueryInformationTransaction( 135 | HANDLE TransactionHandle, 136 | TRANSACTION_INFORMATION_CLASS TransactionInformationClass, 137 | PVOID TransactionInformation, 138 | ULONG TransactionInformationLength, 139 | PULONG ReturnLength OPTIONAL); 140 | 141 | NTSYSAPI NTSTATUS NTAPI NtSetInformationTransaction( 142 | HANDLE TransactionHandle, 143 | TRANSACTION_INFORMATION_CLASS TransactionInformationClass, 144 | PVOID TransactionInformation, 145 | ULONG TransactionInformationLength); 146 | 147 | NTSYSAPI NTSTATUS NTAPI NtCommitTransaction( 148 | HANDLE TransactionHandle, 149 | BOOLEAN Wait); 150 | 151 | NTSYSAPI NTSTATUS NTAPI NtRollbackTransaction( 152 | HANDLE TransactionHandle, 153 | BOOLEAN Wait); 154 | 155 | NTSYSAPI NTSTATUS NTAPI NtFreezeTransactions( 156 | PLARGE_INTEGER FreezeTimeout, 157 | PLARGE_INTEGER ThawTimeout); 158 | 159 | NTSYSAPI NTSTATUS NTAPI NtThawTransactions(VOID); 160 | 161 | #endif 162 | 163 | 164 | /****************************************************************** 165 | * Transaction enlistment API 166 | *****************************************************************/ 167 | 168 | #if (NTAPI_LEVEL >= NTAPI_LEVEL_VISTA) 169 | 170 | /* 171 | * Types 172 | */ 173 | 174 | #if __INCLUDE_WINNT_DEFINES 175 | typedef enum _ENLISTMENT_INFORMATION_CLASS { 176 | EnlistmentBasicInformation = 0, 177 | EnlistmentRecoveryInformation, 178 | EnlistmentCrmInformation, 179 | } ENLISTMENT_INFORMATION_CLASS; 180 | #endif 181 | 182 | /* 183 | * Functions 184 | */ 185 | 186 | NTSYSAPI NTSTATUS NTAPI NtCreateEnlistment( 187 | PHANDLE EnlistmentHandle, 188 | ACCESS_MASK DesiredAccess, 189 | HANDLE ResourceManagerHandle, 190 | HANDLE TransactionHandle, 191 | POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, 192 | ULONG CreateOptions OPTIONAL, 193 | NOTIFICATION_MASK NotificationMask, 194 | PVOID EnlistmentKey OPTIONAL); 195 | 196 | NTSYSAPI NTSTATUS NTAPI NtOpenEnlistment( 197 | PHANDLE EnlistmentHandle, 198 | ACCESS_MASK DesiredAccess, 199 | HANDLE ResourceManagerHandle, 200 | LPGUID EnlistmentGuid, 201 | POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL); 202 | 203 | NTSYSAPI NTSTATUS NTAPI NtQueryInformationEnlistment( 204 | HANDLE EnlistmentHandle, 205 | ENLISTMENT_INFORMATION_CLASS EnlistmentInformationClass, 206 | PVOID EnlistmentInformation, 207 | ULONG EnlistmentInformationLength, 208 | PULONG ReturnLength OPTIONAL); 209 | 210 | NTSYSAPI NTSTATUS NTAPI NtSetInformationEnlistment( 211 | HANDLE EnlistmentHandle OPTIONAL, 212 | ENLISTMENT_INFORMATION_CLASS EnlistmentInformationClass, 213 | PVOID EnlistmentInformation, 214 | ULONG EnlistmentInformationLength); 215 | 216 | NTSYSAPI NTSTATUS NTAPI NtRecoverEnlistment( 217 | HANDLE EnlistmentHandle, 218 | PVOID EnlistmentKey OPTIONAL); 219 | 220 | NTSYSAPI NTSTATUS NTAPI NtPrePrepareEnlistment( 221 | HANDLE EnlistmentHandle, 222 | PLARGE_INTEGER TmVirtualClock OPTIONAL); 223 | 224 | NTSYSAPI NTSTATUS NTAPI NtPrepareEnlistment( 225 | HANDLE EnlistmentHandle, 226 | PLARGE_INTEGER TmVirtualClock OPTIONAL); 227 | 228 | NTSYSAPI NTSTATUS NTAPI NtCommitEnlistment( 229 | HANDLE EnlistmentHandle, 230 | PLARGE_INTEGER TmVirtualClock OPTIONAL); 231 | 232 | NTSYSAPI NTSTATUS NTAPI NtRollbackEnlistment( 233 | HANDLE EnlistmentHandle, 234 | PLARGE_INTEGER TmVirtualClock OPTIONAL); 235 | 236 | NTSYSAPI NTSTATUS NTAPI NtPrePrepareComplete( 237 | HANDLE EnlistmentHandle, 238 | PLARGE_INTEGER TmVirtualClock OPTIONAL); 239 | 240 | NTSYSAPI NTSTATUS NTAPI NtPrepareComplete( 241 | HANDLE EnlistmentHandle, 242 | PLARGE_INTEGER TmVirtualClock OPTIONAL); 243 | 244 | NTSYSAPI NTSTATUS NTAPI NtCommitComplete( 245 | HANDLE EnlistmentHandle, 246 | PLARGE_INTEGER TmVirtualClock OPTIONAL); 247 | 248 | NTSYSAPI NTSTATUS NTAPI NtReadOnlyEnlistment( 249 | HANDLE EnlistmentHandle, 250 | PLARGE_INTEGER TmVirtualClock OPTIONAL); 251 | 252 | NTSYSAPI NTSTATUS NTAPI NtRollbackComplete( 253 | HANDLE EnlistmentHandle, 254 | PLARGE_INTEGER TmVirtualClock OPTIONAL); 255 | 256 | NTSYSAPI NTSTATUS NTAPI NtSinglePhaseReject( 257 | HANDLE EnlistmentHandle, 258 | PLARGE_INTEGER TmVirtualClock OPTIONAL); 259 | 260 | #endif 261 | 262 | 263 | /****************************************************************** 264 | * Resource manager API 265 | *****************************************************************/ 266 | 267 | #if (NTAPI_LEVEL >= NTAPI_LEVEL_VISTA) 268 | 269 | /* 270 | * Types 271 | */ 272 | 273 | #if __INCLUDE_WINNT_DEFINES 274 | typedef enum _RESOURCEMANAGER_INFORMATION_CLASS { 275 | ResourceManagerBasicInformation = 0, 276 | ResourceManagerCompletionInformation = 1, 277 | } RESOURCEMANAGER_INFORMATION_CLASS; 278 | 279 | typedef struct _TRANSACTION_NOTIFICATION { 280 | PVOID TransactionKey; 281 | ULONG TransactionNotification; 282 | LARGE_INTEGER TmVirtualClock; 283 | ULONG ArgumentLength; 284 | } TRANSACTION_NOTIFICATION, *PTRANSACTION_NOTIFICATION; 285 | #endif 286 | 287 | typedef GUID CRM_PROTOCOL_ID, *PCRM_PROTOCOL_ID; 288 | 289 | /* 290 | * Functions 291 | */ 292 | 293 | NTSYSAPI NTSTATUS NTAPI NtCreateResourceManager( 294 | PHANDLE ResourceManagerHandle, 295 | ACCESS_MASK DesiredAccess, 296 | HANDLE TmHandle, 297 | LPGUID RmGuid, 298 | POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, 299 | ULONG CreateOptions OPTIONAL, 300 | PUNICODE_STRING Description OPTIONAL); 301 | 302 | NTSYSAPI NTSTATUS NTAPI NtOpenResourceManager( 303 | PHANDLE ResourceManagerHandle, 304 | ACCESS_MASK DesiredAccess, 305 | HANDLE TmHandle, 306 | LPGUID ResourceManagerGuid OPTIONAL, 307 | POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL); 308 | 309 | NTSYSAPI NTSTATUS NTAPI NtRecoverResourceManager( 310 | HANDLE ResourceManagerHandle); 311 | 312 | NTSYSAPI NTSTATUS NTAPI NtGetNotificationResourceManager( 313 | HANDLE ResourceManagerHandle, 314 | PTRANSACTION_NOTIFICATION TransactionNotification, 315 | ULONG NotificationLength, 316 | PLARGE_INTEGER Timeout OPTIONAL, 317 | PULONG ReturnLength OPTIONAL, 318 | ULONG Asynchronous, 319 | ULONG_PTR AsynchronousContext OPTIONAL); 320 | 321 | NTSYSAPI NTSTATUS NTAPI NtQueryInformationResourceManager( 322 | HANDLE ResourceManagerHandle, 323 | RESOURCEMANAGER_INFORMATION_CLASS ResourceManagerInformationClass, 324 | PVOID ResourceManagerInformation, 325 | ULONG ResourceManagerInformationLength, 326 | PULONG ReturnLength OPTIONAL); 327 | 328 | NTSYSAPI NTSTATUS NTAPI NtSetInformationResourceManager( 329 | HANDLE ResourceManagerHandle, 330 | RESOURCEMANAGER_INFORMATION_CLASS ResourceManagerInformationClass, 331 | PVOID ResourceManagerInformation, 332 | ULONG ResourceManagerInformationLength); 333 | 334 | NTSYSAPI NTSTATUS NTAPI NtRegisterProtocolAddressInformation( 335 | HANDLE ResourceManager, 336 | PCRM_PROTOCOL_ID ProtocolId, 337 | ULONG ProtocolInformationSize, 338 | PVOID ProtocolInformation, 339 | ULONG CreateOptions OPTIONAL); 340 | 341 | NTSYSAPI NTSTATUS NTAPI NtPropagationComplete( 342 | HANDLE ResourceManagerHandle, 343 | ULONG RequestCookie, 344 | ULONG BufferLength, 345 | PVOID Buffer); 346 | 347 | NTSYSAPI NTSTATUS NTAPI NtPropagationFailed( 348 | HANDLE ResourceManagerHandle, 349 | ULONG RequestCookie, 350 | NTSTATUS PropStatus); 351 | 352 | #endif 353 | 354 | #endif 355 | -------------------------------------------------------------------------------- /inc/ntapi.h: -------------------------------------------------------------------------------- 1 | #ifndef __NTAPI_H_INCLUDED 2 | #define __NTAPI_H_INCLUDED 3 | 4 | typedef struct _KAPC KAPC, *PKAPC; 5 | 6 | typedef VOID (NTAPI *PKNORMAL_ROUTINE)( 7 | PVOID NormalContext, 8 | PVOID SystemArgument1, 9 | PVOID SystemArgument2); 10 | 11 | typedef VOID (NTAPI *PKKERNEL_ROUTINE)( 12 | PKAPC Apc, 13 | PKNORMAL_ROUTINE *NormalRoutine, 14 | PVOID *NormalContext, 15 | PVOID *SystemArgument1, 16 | PVOID *SystemArgument2); 17 | 18 | typedef VOID (NTAPI *PKRUNDOWN_ROUTINE)(PKAPC Apc); 19 | 20 | 21 | typedef struct _KDPC KDPC, *PKDPC; 22 | 23 | typedef VOID (NTAPI *PKDEFERRED_ROUTINE) ( 24 | PKDPC Dpc, 25 | PVOID DeferredContext, 26 | PVOID SystemArgument1, 27 | PVOID SystemArgument2); 28 | 29 | #include "nt/ob.h" 30 | #include "nt/ps.h" 31 | #include "nt/io.h" 32 | #include "nt/ke.h" 33 | #include "nt/cm.h" 34 | #include "nt/mm.h" 35 | #include "nt/se.h" 36 | #include "nt/sys.h" 37 | #include "nt/lpc.h" 38 | #include "nt/dbg.h" 39 | #include "nt/tm.h" 40 | 41 | /****************************************************************** 42 | * Direct syscall API 43 | *****************************************************************/ 44 | 45 | /* 32-bit syscall trampoline */ 46 | #define NTSYSCALLV(argc) \ 47 | __asm mov edx, 0x7FFE0300 \ 48 | __asm call dword ptr [edx] \ 49 | __asm retn (argc*4) 50 | 51 | #define NTSYSCALL(num, argc) \ 52 | __asm mov eax, num \ 53 | NTSYSCALLV(argc) 54 | 55 | /* Example usage: 56 | ULONG_PTR __declspec(naked) __stdcall NtUserCallOneParam(ULONG_PTR a, ULONG_PTR b) 57 | { 58 | NTSYSCALL(0x114E, 2); 59 | } 60 | */ 61 | 62 | /****************************************************************** 63 | * Drivers API 64 | *****************************************************************/ 65 | 66 | /* 67 | * Functions 68 | */ 69 | 70 | NTSYSAPI NTSTATUS NTAPI NtLoadDriver( 71 | PUNICODE_STRING DriverServiceName); 72 | 73 | NTSYSAPI NTSTATUS NTAPI NtUnloadDriver( 74 | PUNICODE_STRING DriverServiceName); 75 | 76 | 77 | /****************************************************************** 78 | * Power API 79 | *****************************************************************/ 80 | 81 | #if __INCLUDE_WINNT_DEFINES 82 | typedef enum _POWER_INFORMATION_LEVEL { 83 | SystemPowerPolicyAc, 84 | SystemPowerPolicyDc, 85 | VerifySystemPolicyAc, 86 | VerifySystemPolicyDc, 87 | SystemPowerCapabilities, 88 | SystemBatteryState, 89 | SystemPowerStateHandler, 90 | ProcessorStateHandler, 91 | SystemPowerPolicyCurrent, 92 | AdministratorPowerPolicy, 93 | SystemReserveHiberFile, 94 | ProcessorInformation, 95 | SystemPowerInformation, 96 | ProcessorStateHandler2, 97 | LastWakeTime, 98 | LastSleepTime, 99 | SystemExecutionState, 100 | SystemPowerStateNotifyHandler, 101 | ProcessorPowerPolicyAc, 102 | ProcessorPowerPolicyDc, 103 | VerifyProcessorPowerPolicyAc, 104 | VerifyProcessorPowerPolicyDc, 105 | ProcessorPowerPolicyCurrent, 106 | } POWER_INFORMATION_LEVEL; 107 | #endif 108 | 109 | typedef ULONG EXECUTION_STATE; 110 | 111 | /* 112 | * Functions 113 | */ 114 | 115 | NTSYSAPI NTSTATUS NTAPI NtSetThreadExecutionState( 116 | EXECUTION_STATE esFlags, 117 | EXECUTION_STATE *PreviousFlags); 118 | 119 | NTSYSAPI NTSTATUS NTAPI NtPowerInformation( 120 | POWER_INFORMATION_LEVEL InformationLevel, 121 | PVOID InputBuffer OPTIONAL, 122 | ULONG InputBufferLength, 123 | PVOID OutputBuffer OPTIONAL, 124 | ULONG OutputBufferLength); 125 | 126 | 127 | /****************************************************************** 128 | * Time API 129 | *****************************************************************/ 130 | 131 | NTSYSAPI ULONG NTAPI NtGetTickCount(); 132 | 133 | NTSYSAPI NTSTATUS NTAPI NtQueryPerformanceCounter( 134 | PLARGE_INTEGER PerformanceCounter, 135 | PLARGE_INTEGER PerformanceFrequency OPTIONAL); 136 | 137 | NTSYSAPI NTSTATUS NTAPI NtQuerySystemTime( 138 | PLARGE_INTEGER SystemTime); 139 | 140 | NTSYSAPI NTSTATUS NTAPI NtQueryTimerResolution( 141 | PULONG MinimumResolution, 142 | PULONG MaximumResolution, 143 | PULONG CurrentResolution); 144 | 145 | NTSYSAPI NTSTATUS NTAPI NtSetSystemTime( 146 | PLARGE_INTEGER SystemTime, 147 | PLARGE_INTEGER PreviousTime OPTIONAL); 148 | 149 | NTSYSAPI NTSTATUS NTAPI NtSetTimerResolution( 150 | ULONG DesiredResolution, 151 | BOOLEAN SetResolution, 152 | PULONG CurrentResolution); 153 | 154 | 155 | /****************************************************************** 156 | * VDM API 157 | *****************************************************************/ 158 | 159 | NTSYSAPI NTSTATUS NTAPI NtVdmControl( 160 | ULONG ControlCode, 161 | PVOID ControlData); 162 | 163 | 164 | /****************************************************************** 165 | * C runtime API 166 | *****************************************************************/ 167 | 168 | int vsprintf( 169 | char *buffer, 170 | const char *format, 171 | va_list argptr); 172 | 173 | int _vsnprintf( 174 | char *buffer, 175 | size_t count, 176 | const char *format, 177 | va_list argptr); 178 | 179 | int _vsnwprintf( 180 | wchar_t *buffer, 181 | size_t count, 182 | const wchar_t *format, 183 | va_list argptr); 184 | 185 | #endif // __NTDLL_H_INCLUDED 186 | -------------------------------------------------------------------------------- /inc/ntapiver.h: -------------------------------------------------------------------------------- 1 | #ifndef __NTAPIVER_H_INCLUDED 2 | #define __NTAPIVER_H_INCLUDED 3 | 4 | #define NTAPI_MAKE_LEVEL(maj, min, sp, bld) (((maj << 28) | (min << 24) | (sp << 16) | (bld))) 5 | 6 | /* Versions: 7 | Windows 2000 8 | */ 9 | #define NTAPI_LEVEL_WIN2K NTAPI_MAKE_LEVEL(5,0,0,0) 10 | 11 | /* Versions: 12 | Windows XP 13 | */ 14 | #define NTAPI_LEVEL_WINXP NTAPI_MAKE_LEVEL(5,1,0,0) 15 | 16 | /* Versions: 17 | Windows XP Professional x64 Edition 18 | Windows Home Server 19 | Windows Server 2003 20 | Windows Server 2003 R2 21 | */ 22 | #define NTAPI_LEVEL_SERVER2K3 NTAPI_MAKE_LEVEL(5,2,0,0) 23 | 24 | /* Versions: 25 | Windows Vista 26 | Windows Server 2008 27 | */ 28 | #define NTAPI_LEVEL_VISTA NTAPI_MAKE_LEVEL(6,0,0,0) 29 | 30 | /* Versions: 31 | Windows 7 32 | Windows Server 2008 R2 33 | */ 34 | #define NTAPI_LEVEL_WIN7 NTAPI_MAKE_LEVEL(6,1,0,0) 35 | #define NTAPI_LEVEL_WIN7_SP1 NTAPI_MAKE_LEVEL(6,1,1,0) 36 | 37 | /* Versions: 38 | Windows 8 39 | Windows Server 2012 40 | */ 41 | #define NTAPI_LEVEL_WIN8 NTAPI_MAKE_LEVEL(6,2,0,0) 42 | 43 | /* Versions: 44 | Windows 8.1 45 | Windows Server 2012 R2 46 | */ 47 | #define NTAPI_LEVEL_WIN8_1 NTAPI_MAKE_LEVEL(6,3,0,0) 48 | 49 | /* Versions: 50 | Windows 10 51 | Windows Server 2016 52 | */ 53 | #define NTAPI_LEVEL_WIN10 NTAPI_MAKE_LEVEL(10,0,0,0) 54 | 55 | #endif 56 | -------------------------------------------------------------------------------- /inc/ntdll.h: -------------------------------------------------------------------------------- 1 | #ifndef __NTDLL_H_INCLUDED 2 | #define __NTDLL_H_INCLUDED 3 | 4 | /* Standard WinAPI stuff */ 5 | #include 6 | /* Microsoft SDKs have NTSTATUS, but it conflicts somewhow with winnt.h */ 7 | #pragma warning(disable: 4005) // macro redefinition 8 | #include 9 | #pragma warning(default: 4005) // macro redefinition 10 | 11 | #include "ntapiver.h" 12 | 13 | #ifndef NTAPI_LEVEL 14 | #define NTAPI_LEVEL NTAPI_LEVEL_WINXP 15 | #endif 16 | 17 | /* Change to 1 to include stuff defined in winnt.h */ 18 | #define __INCLUDE_WINNT_DEFINES 0 19 | 20 | #ifndef OPTIONAL 21 | #define OPTIONAL 22 | #endif 23 | 24 | /* Stuff not defined for userland programs */ 25 | 26 | #ifndef NT_SUCCESS 27 | #define NT_SUCCESS(Status) (((NTSTATUS)(Status)) >= 0) 28 | #endif 29 | 30 | #ifndef PAGE_SIZE 31 | #define PAGE_SIZE 4096 32 | #endif 33 | 34 | 35 | typedef LONG KPRIORITY; 36 | 37 | typedef struct _CLIENT_ID { 38 | HANDLE UniqueProcess; 39 | HANDLE UniqueThread; 40 | } CLIENT_ID, *PCLIENT_ID; 41 | 42 | typedef struct _UNICODE_STRING { 43 | USHORT Length; 44 | USHORT MaximumLength; 45 | PWSTR Buffer; 46 | } UNICODE_STRING; 47 | typedef UNICODE_STRING *PUNICODE_STRING; 48 | typedef const UNICODE_STRING *PCUNICODE_STRING; 49 | 50 | /* OBJECT_ATTRIBUTES.Attributes */ 51 | 52 | #define OBJ_INHERIT 0x00000002 53 | #define OBJ_PERMANENT 0x00000010 54 | #define OBJ_EXCLUSIVE 0x00000020 55 | #define OBJ_CASE_INSENSITIVE 0x00000040 56 | #define OBJ_OPENIF 0x00000080 57 | #define OBJ_OPENLINK 0x00000100 58 | #define OBJ_KERNEL_HANDLE 0x00000200 59 | #define OBJ_FORCE_ACCESS_CHECK 0x00000400 60 | #define OBJ_VALID_ATTRIBUTES 0x000007f2 61 | 62 | typedef struct _OBJECT_ATTRIBUTES { 63 | ULONG Length; 64 | HANDLE RootDirectory; 65 | PUNICODE_STRING ObjectName; 66 | ULONG Attributes; 67 | PVOID SecurityDescriptor; 68 | PVOID SecurityQualityOfService; 69 | } OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES; 70 | 71 | #ifndef InitializeObjectAttributes 72 | #define InitializeObjectAttributes(InitializedAttributes, _ObjectName, _Attributes, _RootDirectory, _SecurityDescriptor) { \ 73 | (InitializedAttributes)->Length = sizeof( OBJECT_ATTRIBUTES ); \ 74 | (InitializedAttributes)->RootDirectory = _RootDirectory; \ 75 | (InitializedAttributes)->Attributes = _Attributes; \ 76 | (InitializedAttributes)->ObjectName = _ObjectName; \ 77 | (InitializedAttributes)->SecurityDescriptor = _SecurityDescriptor; \ 78 | (InitializedAttributes)->SecurityQualityOfService = NULL; \ 79 | } 80 | #endif 81 | 82 | typedef struct _IO_STATUS_BLOCK { 83 | union { 84 | NTSTATUS Status; 85 | PVOID Pointer; 86 | }; 87 | ULONG_PTR Information; 88 | } IO_STATUS_BLOCK, *PIO_STATUS_BLOCK; 89 | 90 | typedef VOID (NTAPI *PIO_APC_ROUTINE)(PVOID ApcContext, PIO_STATUS_BLOCK IoStatusBlock, ULONG Reserved); 91 | 92 | #if __INCLUDE_WINNT_DEFINES 93 | typedef struct _IO_COUNTERS { 94 | ULONGLONG ReadOperationCount; 95 | ULONGLONG WriteOperationCount; 96 | ULONGLONG OtherOperationCount; 97 | ULONGLONG ReadTransferCount; 98 | ULONGLONG WriteTransferCount; 99 | ULONGLONG OtherTransferCount; 100 | } IO_COUNTERS, *PIO_COUNTERS; 101 | #endif 102 | 103 | typedef struct _VM_COUNTERS { 104 | SIZE_T PeakVirtualSize; 105 | SIZE_T VirtualSize; 106 | ULONG PageFaultCount; 107 | SIZE_T PeakWorkingSetSize; 108 | SIZE_T WorkingSetSize; 109 | SIZE_T QuotaPeakPagedPoolUsage; 110 | SIZE_T QuotaPagedPoolUsage; 111 | SIZE_T QuotaPeakNonPagedPoolUsage; 112 | SIZE_T QuotaNonPagedPoolUsage; 113 | SIZE_T PagefileUsage; 114 | SIZE_T PeakPagefileUsage; 115 | } VM_COUNTERS; 116 | 117 | typedef struct _VM_COUNTERS_EX { 118 | SIZE_T PeakVirtualSize; 119 | SIZE_T VirtualSize; 120 | ULONG PageFaultCount; 121 | SIZE_T PeakWorkingSetSize; 122 | SIZE_T WorkingSetSize; 123 | SIZE_T QuotaPeakPagedPoolUsage; 124 | SIZE_T QuotaPagedPoolUsage; 125 | SIZE_T QuotaPeakNonPagedPoolUsage; 126 | SIZE_T QuotaNonPagedPoolUsage; 127 | SIZE_T PagefileUsage; 128 | SIZE_T PeakPagefileUsage; 129 | SIZE_T PrivateUsage; 130 | } VM_COUNTERS_EX; 131 | 132 | #include "rtlapi.h" 133 | #include "ntapi.h" 134 | 135 | NTSYSAPI VOID NTAPI DbgBreakPoint(VOID); 136 | 137 | NTSYSAPI VOID NTAPI DbgUserBreakPoint(VOID); 138 | 139 | #endif // __NTDLL_H_INCLUDED 140 | -------------------------------------------------------------------------------- /inc/rtlapi.h: -------------------------------------------------------------------------------- 1 | #ifndef __RTLAPI_H_INCLUDED 2 | #define __RTLAPI_H_INCLUDED 3 | 4 | /****************************************************************** 5 | * Strings API 6 | *****************************************************************/ 7 | 8 | NTSYSAPI VOID NTAPI RtlInitUnicodeString( 9 | PUNICODE_STRING DestinationString, 10 | PWSTR SourceString OPTIONAL); 11 | 12 | NTSYSAPI VOID NTAPI RtlInitUnicodeStringEx( 13 | PUNICODE_STRING DestinationString, 14 | PWSTR SourceString OPTIONAL); 15 | 16 | NTSYSAPI BOOLEAN NTAPI RtlCreateUnicodeString( 17 | PUNICODE_STRING DestinationString, 18 | PWSTR SourceString); 19 | 20 | NTSYSAPI BOOLEAN NTAPI RtlCreateUnicodeStringFromAsciiz( 21 | PUNICODE_STRING DestinationString, 22 | PSTR SourceString); 23 | 24 | NTSYSAPI VOID NTAPI RtlFreeUnicodeString( 25 | PUNICODE_STRING UnicodeString); 26 | 27 | 28 | #define RTL_DUPLICATE_UNICODE_STRING_NULL_TERMINATE (0x00000001) 29 | #define RTL_DUPLICATE_UNICODE_STRING_ALLOCATE_NULL_STRING (0x00000002) 30 | 31 | NTSYSAPI VOID NTAPI RtlDuplicateUnicodeString( 32 | ULONG Flags, 33 | PUNICODE_STRING StringIn, 34 | PUNICODE_STRING StringOut); 35 | 36 | NTSYSAPI VOID NTAPI RtlCopyUnicodeString( 37 | PUNICODE_STRING DestinationString, 38 | PUNICODE_STRING SourceString OPTIONAL); 39 | 40 | NTSYSAPI BOOLEAN NTAPI RtlPrefixUnicodeString( 41 | PCUNICODE_STRING String1, 42 | PCUNICODE_STRING String2, 43 | BOOLEAN CaseInSensitive); 44 | 45 | NTSYSAPI NTSTATUS NTAPI RtlAppendUnicodeStringToString( 46 | PUNICODE_STRING Destination, 47 | PUNICODE_STRING Source); 48 | 49 | NTSYSAPI NTSTATUS NTAPI RtlAppendUnicodeToString( 50 | PUNICODE_STRING Destination, 51 | PWSTR Source OPTIONAL); 52 | 53 | NTSYSAPI VOID NTAPI RtlEraseUnicodeString( 54 | PUNICODE_STRING String); 55 | 56 | 57 | NTSYSAPI WCHAR NTAPI RtlUpcaseUnicodeChar( 58 | WCHAR SourceCharacter); 59 | 60 | NTSYSAPI WCHAR NTAPI RtlDowncaseUnicodeChar( 61 | WCHAR SourceCharacter); 62 | 63 | NTSYSAPI VOID NTAPI RtlUpcaseUnicodeString( 64 | PUNICODE_STRING DestinationString, 65 | PUNICODE_STRING SourceString, 66 | BOOLEAN AllocateDestinationString 67 | ); 68 | 69 | NTSYSAPI VOID NTAPI RtlDowncaseUnicodeString( 70 | PUNICODE_STRING DestinationString, 71 | PUNICODE_STRING SourceString, 72 | BOOLEAN AllocateDestinationString 73 | ); 74 | 75 | 76 | NTSYSAPI LONG NTAPI RtlCompareUnicodeString( 77 | PUNICODE_STRING String1, 78 | PUNICODE_STRING String2, 79 | BOOLEAN CaseInSensitive); 80 | 81 | #if (NTAPI_LEVEL >= NTAPI_LEVEL_VISTA) 82 | NTSYSAPI LONG NTAPI RtlCompareUnicodeStrings( 83 | PWCH String1, 84 | SIZE_T String1Length, 85 | PWCH String2, 86 | SIZE_T String2Length, 87 | BOOLEAN CaseInSensitive); 88 | #endif 89 | 90 | NTSYSAPI BOOLEAN NTAPI RtlEqualUnicodeString( 91 | PUNICODE_STRING String1, 92 | PUNICODE_STRING String2, 93 | BOOLEAN CaseInSensitive); 94 | 95 | #define HASH_STRING_ALGORITHM_DEFAULT 0 96 | #define HASH_STRING_ALGORITHM_X65599 1 97 | #define HASH_STRING_ALGORITHM_INVALID 0xffffffff 98 | 99 | NTSYSAPI VOID NTAPI RtlHashUnicodeString( 100 | PUNICODE_STRING String, 101 | BOOLEAN CaseInSensitive, 102 | ULONG HashAlgorithm, 103 | PULONG HashValue); 104 | 105 | NTSYSAPI VOID NTAPI RtlValidateUnicodeString( 106 | ULONG Flags, 107 | PUNICODE_STRING String); 108 | 109 | 110 | #define RTL_FIND_CHAR_IN_UNICODE_STRING_START_AT_END 0x00000001 111 | #define RTL_FIND_CHAR_IN_UNICODE_STRING_COMPLEMENT_CHAR_SET 0x00000002 112 | #define RTL_FIND_CHAR_IN_UNICODE_STRING_CASE_INSENSITIVE 0x00000004 113 | 114 | NTSYSAPI VOID NTAPI RtlFindCharInUnicodeString( 115 | ULONG Flags, 116 | PUNICODE_STRING StringToSearch, 117 | PUNICODE_STRING CharSet, 118 | PUSHORT NonInclusivePrefixLength); 119 | 120 | /****************************************************************** 121 | * Path API 122 | *****************************************************************/ 123 | 124 | typedef struct _RTLP_CURDIR_REF *PRTLP_CURDIR_REF; 125 | 126 | typedef struct _RTL_RELATIVE_NAME_U { 127 | UNICODE_STRING RelativeName; 128 | HANDLE ContainingDirectory; 129 | PRTLP_CURDIR_REF CurDirRef; 130 | } RTL_RELATIVE_NAME_U, *PRTL_RELATIVE_NAME_U; 131 | 132 | NTSYSAPI BOOLEAN NTAPI RtlDosPathNameToNtPathName_U( 133 | PWSTR DosFileName, 134 | PUNICODE_STRING NtFileName, 135 | PWSTR *FilePart OPTIONAL, 136 | PRTL_RELATIVE_NAME_U RelativeName OPTIONAL); 137 | 138 | #if (NTAPI_LEVEL >= NTAPI_LEVEL_SERVER2K3) 139 | NTSYSAPI NTSTATUS NTAPI RtlDosPathNameToNtPathName_U_WithStatus( 140 | PWSTR DosFileName, 141 | PUNICODE_STRING NtFileName, 142 | PWSTR *FilePart OPTIONAL, 143 | PRTL_RELATIVE_NAME_U RelativeName OPTIONAL); 144 | #endif 145 | 146 | /****************************************************************** 147 | * OS Version API 148 | *****************************************************************/ 149 | 150 | NTSYSAPI NTSTATUS NTAPI RtlGetVersion( 151 | PRTL_OSVERSIONINFOW lpVersionInformation); 152 | 153 | /****************************************************************** 154 | * Security API 155 | *****************************************************************/ 156 | 157 | NTSYSAPI ULONG NTAPI RtlLengthRequiredSid( 158 | ULONG SubAuthorityCount 159 | ); 160 | 161 | #endif 162 | -------------------------------------------------------------------------------- /lib/ntdll_5_0_32.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-zzo/ntcore/b8875e12c03970872d1914a1c1dfb115961e1da3/lib/ntdll_5_0_32.lib -------------------------------------------------------------------------------- /lib/ntdll_5_0_32.lst: -------------------------------------------------------------------------------- 1 | Symbol name : ?PropertyLengthAsVariant@@YGKPBUtagSERIALIZEDPROPERTYVALUE@@KGE@Z (unsigned long __stdcall PropertyLengthAsVariant(struct tagSERIALIZEDPROPERTYVALUE const *,unsigned long,unsigned short,unsigned char)) 2 | Symbol name : ?RtlConvertPropertyToVariant@@YGEPBUtagSERIALIZEDPROPERTYVALUE@@GPAUtagPROPVARIANT@@PAVPMemoryAllocator@@@Z (unsigned char __stdcall RtlConvertPropertyToVariant(struct tagSERIALIZEDPROPERTYVALUE const *,unsigned short,struct tagPROPVARIANT *,class PMemoryAllocator *)) 3 | Symbol name : ?RtlConvertVariantToProperty@@YGPAUtagSERIALIZEDPROPERTYVALUE@@PBUtagPROPVARIANT@@GPAU1@PAKKE2@Z (struct tagSERIALIZEDPROPERTYVALUE * __stdcall RtlConvertVariantToProperty(struct tagPROPVARIANT const *,unsigned short,struct tagSERIALIZEDPROPERTYVALUE *,unsigned long *,unsigned long,unsigned char,unsigned long *)) 4 | Symbol name : @RtlUlongByteSwap@4 5 | Symbol name : @RtlUlonglongByteSwap@4 6 | Symbol name : @RtlUshortByteSwap@4 7 | Symbol name : ___eCommonExceptions 8 | Symbol name : ___eEmulatorInit 9 | Symbol name : ___eF2XM1 10 | Symbol name : ___eFABS 11 | Symbol name : ___eFADD32 12 | Symbol name : ___eFADD64 13 | Symbol name : ___eFADDPreg 14 | Symbol name : ___eFADDreg 15 | Symbol name : ___eFADDtop 16 | Symbol name : ___eFCHS 17 | Symbol name : ___eFCOM 18 | Symbol name : ___eFCOM32 19 | Symbol name : ___eFCOM64 20 | Symbol name : ___eFCOMP 21 | Symbol name : ___eFCOMP32 22 | Symbol name : ___eFCOMP64 23 | Symbol name : ___eFCOMPP 24 | Symbol name : ___eFCOS 25 | Symbol name : ___eFDECSTP 26 | Symbol name : ___eFDIV32 27 | Symbol name : ___eFDIV64 28 | Symbol name : ___eFDIVPreg 29 | Symbol name : ___eFDIVR32 30 | Symbol name : ___eFDIVR64 31 | Symbol name : ___eFDIVreg 32 | Symbol name : ___eFDIVRPreg 33 | Symbol name : ___eFDIVRreg 34 | Symbol name : ___eFDIVRtop 35 | Symbol name : ___eFDIVtop 36 | Symbol name : ___eFFREE 37 | Symbol name : ___eFIADD16 38 | Symbol name : ___eFIADD32 39 | Symbol name : ___eFICOM16 40 | Symbol name : ___eFICOM32 41 | Symbol name : ___eFICOMP16 42 | Symbol name : ___eFICOMP32 43 | Symbol name : ___eFIDIV16 44 | Symbol name : ___eFIDIV32 45 | Symbol name : ___eFIDIVR16 46 | Symbol name : ___eFIDIVR32 47 | Symbol name : ___eFILD16 48 | Symbol name : ___eFILD32 49 | Symbol name : ___eFILD64 50 | Symbol name : ___eFIMUL16 51 | Symbol name : ___eFIMUL32 52 | Symbol name : ___eFINCSTP 53 | Symbol name : ___eFINIT 54 | Symbol name : ___eFIST16 55 | Symbol name : ___eFIST32 56 | Symbol name : ___eFISTP16 57 | Symbol name : ___eFISTP32 58 | Symbol name : ___eFISTP64 59 | Symbol name : ___eFISUB16 60 | Symbol name : ___eFISUB32 61 | Symbol name : ___eFISUBR16 62 | Symbol name : ___eFISUBR32 63 | Symbol name : ___eFLD1 64 | Symbol name : ___eFLD32 65 | Symbol name : ___eFLD64 66 | Symbol name : ___eFLD80 67 | Symbol name : ___eFLDCW 68 | Symbol name : ___eFLDENV 69 | Symbol name : ___eFLDL2E 70 | Symbol name : ___eFLDLN2 71 | Symbol name : ___eFLDPI 72 | Symbol name : ___eFLDZ 73 | Symbol name : ___eFMUL32 74 | Symbol name : ___eFMUL64 75 | Symbol name : ___eFMULPreg 76 | Symbol name : ___eFMULreg 77 | Symbol name : ___eFMULtop 78 | Symbol name : ___eFPATAN 79 | Symbol name : ___eFPREM 80 | Symbol name : ___eFPREM1 81 | Symbol name : ___eFPTAN 82 | Symbol name : ___eFRNDINT 83 | Symbol name : ___eFRSTOR 84 | Symbol name : ___eFSAVE 85 | Symbol name : ___eFSCALE 86 | Symbol name : ___eFSIN 87 | Symbol name : ___eFSQRT 88 | Symbol name : ___eFST 89 | Symbol name : ___eFST32 90 | Symbol name : ___eFST64 91 | Symbol name : ___eFSTCW 92 | Symbol name : ___eFSTENV 93 | Symbol name : ___eFSTP 94 | Symbol name : ___eFSTP32 95 | Symbol name : ___eFSTP64 96 | Symbol name : ___eFSTP80 97 | Symbol name : ___eFSTSW 98 | Symbol name : ___eFSUB32 99 | Symbol name : ___eFSUB64 100 | Symbol name : ___eFSUBPreg 101 | Symbol name : ___eFSUBR32 102 | Symbol name : ___eFSUBR64 103 | Symbol name : ___eFSUBreg 104 | Symbol name : ___eFSUBRPreg 105 | Symbol name : ___eFSUBRreg 106 | Symbol name : ___eFSUBRtop 107 | Symbol name : ___eFSUBtop 108 | Symbol name : ___eFTST 109 | Symbol name : ___eFUCOM 110 | Symbol name : ___eFUCOMP 111 | Symbol name : ___eFUCOMPP 112 | Symbol name : ___eFXAM 113 | Symbol name : ___eFXCH 114 | Symbol name : ___eFXTRACT 115 | Symbol name : ___eFYL2X 116 | Symbol name : ___eFYL2XP1 117 | Symbol name : ___eGetStatusWord 118 | Symbol name : ___isascii 119 | Symbol name : ___iscsym 120 | Symbol name : ___iscsymf 121 | Symbol name : ___toascii 122 | Symbol name : __alldiv 123 | Symbol name : __allmul 124 | Symbol name : __alloca_probe 125 | Symbol name : __allrem 126 | Symbol name : __allshl 127 | Symbol name : __allshr 128 | Symbol name : __atoi64 129 | Symbol name : __aulldiv 130 | Symbol name : __aullrem 131 | Symbol name : __aullshr 132 | Symbol name : __chkstk 133 | Symbol name : __CIpow 134 | Symbol name : __fltused 135 | Symbol name : __ftol 136 | Symbol name : __i64toa 137 | Symbol name : __i64tow 138 | Symbol name : __itoa 139 | Symbol name : __itow 140 | Symbol name : __ltoa 141 | Symbol name : __ltow 142 | Symbol name : __memccpy 143 | Symbol name : __memicmp 144 | Symbol name : __snprintf 145 | Symbol name : __snwprintf 146 | Symbol name : __splitpath 147 | Symbol name : __strcmpi 148 | Symbol name : __stricmp 149 | Symbol name : __strlwr 150 | Symbol name : __strnicmp 151 | Symbol name : __strupr 152 | Symbol name : __tolower 153 | Symbol name : __toupper 154 | Symbol name : __ui64toa 155 | Symbol name : __ultoa 156 | Symbol name : __ultow 157 | Symbol name : __vsnprintf 158 | Symbol name : __wcsicmp 159 | Symbol name : __wcslwr 160 | Symbol name : __wcsnicmp 161 | Symbol name : __wcsupr 162 | Symbol name : __wtoi 163 | Symbol name : __wtoi64 164 | Symbol name : __wtol 165 | Symbol name : _abs 166 | Symbol name : _atan 167 | Symbol name : _atoi 168 | Symbol name : _atol 169 | Symbol name : _ceil 170 | Symbol name : _cos 171 | Symbol name : _CsrAllocateCaptureBuffer@8 172 | Symbol name : _CsrAllocateMessagePointer@12 173 | Symbol name : _CsrCaptureMessageBuffer@16 174 | Symbol name : _CsrCaptureMessageString@20 175 | Symbol name : _CsrCaptureTimeout@8 176 | Symbol name : _CsrClientCallServer@16 177 | Symbol name : _CsrClientConnectToServer@24 178 | Symbol name : _CsrFreeCaptureBuffer@4 179 | Symbol name : _CsrIdentifyAlertableThread@0 180 | Symbol name : _CsrNewThread@0 181 | Symbol name : _CsrProbeForRead@12 182 | Symbol name : _CsrProbeForWrite@12 183 | Symbol name : _CsrSetPriorityClass@8 184 | Symbol name : _DbgBreakPoint@0 185 | Symbol name : _DbgPrint 186 | Symbol name : _DbgPrintReturnControlC 187 | Symbol name : _DbgPrompt@12 188 | Symbol name : _DbgSsHandleKmApiMsg@8 189 | Symbol name : _DbgSsInitialize@16 190 | Symbol name : _DbgUiConnectToDbg@0 191 | Symbol name : _DbgUiContinue@8 192 | Symbol name : _DbgUiWaitStateChange@8 193 | Symbol name : _DbgUserBreakPoint@0 194 | Symbol name : _fabs 195 | Symbol name : _floor 196 | Symbol name : _isalnum 197 | Symbol name : _isalpha 198 | Symbol name : _iscntrl 199 | Symbol name : _isdigit 200 | Symbol name : _isgraph 201 | Symbol name : _islower 202 | Symbol name : _isprint 203 | Symbol name : _ispunct 204 | Symbol name : _isspace 205 | Symbol name : _isupper 206 | Symbol name : _iswalpha 207 | Symbol name : _iswctype 208 | Symbol name : _iswdigit 209 | Symbol name : _iswlower 210 | Symbol name : _iswspace 211 | Symbol name : _iswxdigit 212 | Symbol name : _isxdigit 213 | Symbol name : _KiRaiseUserExceptionDispatcher@0 214 | Symbol name : _KiUserApcDispatcher@20 215 | Symbol name : _KiUserCallbackDispatcher@12 216 | Symbol name : _KiUserExceptionDispatcher@8 217 | Symbol name : _labs 218 | Symbol name : _LdrAccessResource@16 219 | Symbol name : _LdrAlternateResourcesEnabled@0 220 | Symbol name : _LdrDisableThreadCalloutsForDll@4 221 | Symbol name : _LdrEnumResources@20 222 | Symbol name : _LdrFindEntryForAddress@8 223 | Symbol name : _LdrFindResource_U@16 224 | Symbol name : _LdrFindResourceDirectory_U@16 225 | Symbol name : _LdrFlushAlternateResourceModules@0 226 | Symbol name : _LdrGetDllHandle@16 227 | Symbol name : _LdrGetProcedureAddress@16 228 | Symbol name : _LdrInitializeThunk@16 229 | Symbol name : _LdrLoadAlternateResourceModule@8 230 | Symbol name : _LdrLoadDll@16 231 | Symbol name : _LdrProcessRelocationBlock@16 232 | Symbol name : _LdrQueryImageFileExecutionOptions@24 233 | Symbol name : _LdrQueryProcessModuleInformation@12 234 | Symbol name : _LdrShutdownProcess@0 235 | Symbol name : _LdrShutdownThread@0 236 | Symbol name : _LdrUnloadAlternateResourceModule@4 237 | Symbol name : _LdrUnloadDll@4 238 | Symbol name : _LdrVerifyImageMatchesChecksum@16 239 | Symbol name : _log 240 | Symbol name : _mbstowcs 241 | Symbol name : _memchr 242 | Symbol name : _memcmp 243 | Symbol name : _memcpy 244 | Symbol name : _memmove 245 | Symbol name : _memset 246 | Symbol name : _NlsAnsiCodePage 247 | Symbol name : _NlsMbCodePageTag 248 | Symbol name : _NlsMbOemCodePageTag 249 | Symbol name : _NPXEMULATORTABLE 250 | Symbol name : _NtAcceptConnectPort@24 251 | Symbol name : _NtAccessCheck@32 252 | Symbol name : _NtAccessCheckAndAuditAlarm@44 253 | Symbol name : _NtAccessCheckByType@44 254 | Symbol name : _NtAccessCheckByTypeAndAuditAlarm@64 255 | Symbol name : _NtAccessCheckByTypeResultList@44 256 | Symbol name : _NtAccessCheckByTypeResultListAndAuditAlarm@64 257 | Symbol name : _NtAccessCheckByTypeResultListAndAuditAlarmByHandle@68 258 | Symbol name : _NtAddAtom@12 259 | Symbol name : _NtAdjustGroupsToken@24 260 | Symbol name : _NtAdjustPrivilegesToken@24 261 | Symbol name : _NtAlertResumeThread@8 262 | Symbol name : _NtAlertThread@4 263 | Symbol name : _NtAllocateLocallyUniqueId@4 264 | Symbol name : _NtAllocateUserPhysicalPages@12 265 | Symbol name : _NtAllocateUuids@16 266 | Symbol name : _NtAllocateVirtualMemory@24 267 | Symbol name : _NtAreMappedFilesTheSame@8 268 | Symbol name : _NtAssignProcessToJobObject@8 269 | Symbol name : _NtCallbackReturn@12 270 | Symbol name : _NtCancelDeviceWakeupRequest@4 271 | Symbol name : _NtCancelIoFile@8 272 | Symbol name : _NtCancelTimer@8 273 | Symbol name : _NtClearEvent@4 274 | Symbol name : _NtClose@4 275 | Symbol name : _NtCloseObjectAuditAlarm@12 276 | Symbol name : _NtCompleteConnectPort@4 277 | Symbol name : _NtConnectPort@32 278 | Symbol name : _NtContinue@8 279 | Symbol name : _NtCreateChannel@8 280 | Symbol name : _NtCreateDirectoryObject@12 281 | Symbol name : _NtCreateEvent@20 282 | Symbol name : _NtCreateEventPair@12 283 | Symbol name : _NtCreateFile@44 284 | Symbol name : _NtCreateIoCompletion@16 285 | Symbol name : _NtCreateJobObject@12 286 | Symbol name : _NtCreateKey@28 287 | Symbol name : _NtCreateMailslotFile@32 288 | Symbol name : _NtCreateMutant@16 289 | Symbol name : _NtCreateNamedPipeFile@56 290 | Symbol name : _NtCreatePagingFile@16 291 | Symbol name : _NtCreatePort@20 292 | Symbol name : _NtCreateProcess@32 293 | Symbol name : _NtCreateProfile@36 294 | Symbol name : _NtCreateSection@28 295 | Symbol name : _NtCreateSemaphore@20 296 | Symbol name : _NtCreateSymbolicLinkObject@16 297 | Symbol name : _NtCreateThread@32 298 | Symbol name : _NtCreateTimer@16 299 | Symbol name : _NtCreateToken@52 300 | Symbol name : _NtCreateWaitablePort@20 301 | Symbol name : _NtCurrentTeb@0 302 | Symbol name : _NtDelayExecution@8 303 | Symbol name : _NtDeleteAtom@4 304 | Symbol name : _NtDeleteFile@4 305 | Symbol name : _NtDeleteKey@4 306 | Symbol name : _NtDeleteObjectAuditAlarm@12 307 | Symbol name : _NtDeleteValueKey@8 308 | Symbol name : _NtDeviceIoControlFile@40 309 | Symbol name : _NtDisplayString@4 310 | Symbol name : _NtDuplicateObject@28 311 | Symbol name : _NtDuplicateToken@24 312 | Symbol name : _NtEnumerateKey@24 313 | Symbol name : _NtEnumerateValueKey@24 314 | Symbol name : _NtExtendSection@8 315 | Symbol name : _NtFilterToken@24 316 | Symbol name : _NtFindAtom@12 317 | Symbol name : _NtFlushBuffersFile@8 318 | Symbol name : _NtFlushInstructionCache@12 319 | Symbol name : _NtFlushKey@4 320 | Symbol name : _NtFlushVirtualMemory@16 321 | Symbol name : _NtFlushWriteBuffer@0 322 | Symbol name : _NtFreeUserPhysicalPages@12 323 | Symbol name : _NtFreeVirtualMemory@16 324 | Symbol name : _NtFsControlFile@40 325 | Symbol name : _NtGetContextThread@8 326 | Symbol name : _NtGetDevicePowerState@8 327 | Symbol name : _NtGetPlugPlayEvent@16 328 | Symbol name : _NtGetTickCount@0 329 | Symbol name : _NtGetWriteWatch@28 330 | Symbol name : _NtImpersonateAnonymousToken@4 331 | Symbol name : _NtImpersonateClientOfPort@8 332 | Symbol name : _NtImpersonateThread@12 333 | Symbol name : _NtInitializeRegistry@4 334 | Symbol name : _NtInitiatePowerAction@16 335 | Symbol name : _NtIsSystemResumeAutomatic@0 336 | Symbol name : _NtListenChannel@8 337 | Symbol name : _NtListenPort@8 338 | Symbol name : _NtLoadDriver@4 339 | Symbol name : _NtLoadKey@8 340 | Symbol name : _NtLoadKey2@12 341 | Symbol name : _NtLockFile@40 342 | Symbol name : _NtLockVirtualMemory@16 343 | Symbol name : _NtMakeTemporaryObject@4 344 | Symbol name : _NtMapUserPhysicalPages@12 345 | Symbol name : _NtMapUserPhysicalPagesScatter@12 346 | Symbol name : _NtMapViewOfSection@40 347 | Symbol name : _NtNotifyChangeDirectoryFile@36 348 | Symbol name : _NtNotifyChangeKey@40 349 | Symbol name : _NtNotifyChangeMultipleKeys@48 350 | Symbol name : _NtOpenChannel@8 351 | Symbol name : _NtOpenDirectoryObject@12 352 | Symbol name : _NtOpenEvent@12 353 | Symbol name : _NtOpenEventPair@12 354 | Symbol name : _NtOpenFile@24 355 | Symbol name : _NtOpenIoCompletion@12 356 | Symbol name : _NtOpenJobObject@12 357 | Symbol name : _NtOpenKey@12 358 | Symbol name : _NtOpenMutant@12 359 | Symbol name : _NtOpenObjectAuditAlarm@48 360 | Symbol name : _NtOpenProcess@16 361 | Symbol name : _NtOpenProcessToken@12 362 | Symbol name : _NtOpenSection@12 363 | Symbol name : _NtOpenSemaphore@12 364 | Symbol name : _NtOpenSymbolicLinkObject@12 365 | Symbol name : _NtOpenThread@16 366 | Symbol name : _NtOpenThreadToken@16 367 | Symbol name : _NtOpenTimer@12 368 | Symbol name : _NtPlugPlayControl@12 369 | Symbol name : _NtPowerInformation@20 370 | Symbol name : _NtPrivilegeCheck@12 371 | Symbol name : _NtPrivilegedServiceAuditAlarm@20 372 | Symbol name : _NtPrivilegeObjectAuditAlarm@24 373 | Symbol name : _NtProtectVirtualMemory@20 374 | Symbol name : _NtPulseEvent@8 375 | Symbol name : _NtQueryAttributesFile@8 376 | Symbol name : _NtQueryDefaultLocale@8 377 | Symbol name : _NtQueryDefaultUILanguage@4 378 | Symbol name : _NtQueryDirectoryFile@44 379 | Symbol name : _NtQueryDirectoryObject@28 380 | Symbol name : _NtQueryEaFile@36 381 | Symbol name : _NtQueryEvent@20 382 | Symbol name : _NtQueryFullAttributesFile@8 383 | Symbol name : _NtQueryInformationAtom@20 384 | Symbol name : _NtQueryInformationFile@20 385 | Symbol name : _NtQueryInformationJobObject@20 386 | Symbol name : _NtQueryInformationPort@20 387 | Symbol name : _NtQueryInformationProcess@20 388 | Symbol name : _NtQueryInformationThread@20 389 | Symbol name : _NtQueryInformationToken@20 390 | Symbol name : _NtQueryInstallUILanguage@4 391 | Symbol name : _NtQueryIntervalProfile@8 392 | Symbol name : _NtQueryIoCompletion@20 393 | Symbol name : _NtQueryKey@20 394 | Symbol name : _NtQueryMultipleValueKey@24 395 | Symbol name : _NtQueryMutant@20 396 | Symbol name : _NtQueryObject@20 397 | Symbol name : _NtQueryOpenSubKeys@8 398 | Symbol name : _NtQueryPerformanceCounter@8 399 | Symbol name : _NtQueryQuotaInformationFile@36 400 | Symbol name : _NtQuerySection@20 401 | Symbol name : _NtQuerySecurityObject@20 402 | Symbol name : _NtQuerySemaphore@20 403 | Symbol name : _NtQuerySymbolicLinkObject@12 404 | Symbol name : _NtQuerySystemEnvironmentValue@16 405 | Symbol name : _NtQuerySystemInformation@16 406 | Symbol name : _NtQuerySystemTime@4 407 | Symbol name : _NtQueryTimer@20 408 | Symbol name : _NtQueryTimerResolution@12 409 | Symbol name : _NtQueryValueKey@24 410 | Symbol name : _NtQueryVirtualMemory@24 411 | Symbol name : _NtQueryVolumeInformationFile@20 412 | Symbol name : _NtQueueApcThread@20 413 | Symbol name : _NtRaiseException@12 414 | Symbol name : _NtRaiseHardError@24 415 | Symbol name : _NtReadFile@36 416 | Symbol name : _NtReadFileScatter@36 417 | Symbol name : _NtReadRequestData@24 418 | Symbol name : _NtReadVirtualMemory@20 419 | Symbol name : _NtRegisterThreadTerminatePort@4 420 | Symbol name : _NtReleaseMutant@8 421 | Symbol name : _NtReleaseSemaphore@12 422 | Symbol name : _NtRemoveIoCompletion@20 423 | Symbol name : _NtReplaceKey@12 424 | Symbol name : _NtReplyPort@8 425 | Symbol name : _NtReplyWaitReceivePort@16 426 | Symbol name : _NtReplyWaitReceivePortEx@20 427 | Symbol name : _NtReplyWaitReplyPort@8 428 | Symbol name : _NtReplyWaitSendChannel@12 429 | Symbol name : _NtRequestDeviceWakeup@4 430 | Symbol name : _NtRequestPort@8 431 | Symbol name : _NtRequestWaitReplyPort@12 432 | Symbol name : _NtRequestWakeupLatency@4 433 | Symbol name : _NtResetEvent@8 434 | Symbol name : _NtResetWriteWatch@12 435 | Symbol name : _NtRestoreKey@12 436 | Symbol name : _NtResumeThread@8 437 | Symbol name : _NtSaveKey@8 438 | Symbol name : _NtSaveMergedKeys@12 439 | Symbol name : _NtSecureConnectPort@36 440 | Symbol name : _NtSendWaitReplyChannel@16 441 | Symbol name : _NtSetContextChannel@4 442 | Symbol name : _NtSetContextThread@8 443 | Symbol name : _NtSetDefaultHardErrorPort@4 444 | Symbol name : _NtSetDefaultLocale@8 445 | Symbol name : _NtSetDefaultUILanguage@4 446 | Symbol name : _NtSetEaFile@16 447 | Symbol name : _NtSetEvent@8 448 | Symbol name : _NtSetHighEventPair@4 449 | Symbol name : _NtSetHighWaitLowEventPair@4 450 | Symbol name : _NtSetInformationFile@20 451 | Symbol name : _NtSetInformationJobObject@16 452 | Symbol name : _NtSetInformationKey@16 453 | Symbol name : _NtSetInformationObject@16 454 | Symbol name : _NtSetInformationProcess@16 455 | Symbol name : _NtSetInformationThread@16 456 | Symbol name : _NtSetInformationToken@16 457 | Symbol name : _NtSetIntervalProfile@8 458 | Symbol name : _NtSetIoCompletion@20 459 | Symbol name : _NtSetLdtEntries@24 460 | Symbol name : _NtSetLowEventPair@4 461 | Symbol name : _NtSetLowWaitHighEventPair@4 462 | Symbol name : _NtSetQuotaInformationFile@16 463 | Symbol name : _NtSetSecurityObject@12 464 | Symbol name : _NtSetSystemEnvironmentValue@8 465 | Symbol name : _NtSetSystemInformation@12 466 | Symbol name : _NtSetSystemPowerState@12 467 | Symbol name : _NtSetSystemTime@8 468 | Symbol name : _NtSetThreadExecutionState@8 469 | Symbol name : _NtSetTimer@28 470 | Symbol name : _NtSetTimerResolution@12 471 | Symbol name : _NtSetUuidSeed@4 472 | Symbol name : _NtSetValueKey@24 473 | Symbol name : _NtSetVolumeInformationFile@20 474 | Symbol name : _NtShutdownSystem@4 475 | Symbol name : _NtSignalAndWaitForSingleObject@16 476 | Symbol name : _NtStartProfile@4 477 | Symbol name : _NtStopProfile@4 478 | Symbol name : _NtSuspendThread@8 479 | Symbol name : _NtSystemDebugControl@24 480 | Symbol name : _NtTerminateJobObject@8 481 | Symbol name : _NtTerminateProcess@8 482 | Symbol name : _NtTerminateThread@8 483 | Symbol name : _NtTestAlert@0 484 | Symbol name : _NtUnloadDriver@4 485 | Symbol name : _NtUnloadKey@4 486 | Symbol name : _NtUnlockFile@20 487 | Symbol name : _NtUnlockVirtualMemory@16 488 | Symbol name : _NtUnmapViewOfSection@8 489 | Symbol name : _NtVdmControl@8 490 | Symbol name : _NtWaitForMultipleObjects@20 491 | Symbol name : _NtWaitForSingleObject@12 492 | Symbol name : _NtWaitHighEventPair@4 493 | Symbol name : _NtWaitLowEventPair@4 494 | Symbol name : _NtWriteFile@36 495 | Symbol name : _NtWriteFileGather@36 496 | Symbol name : _NtWriteRequestData@24 497 | Symbol name : _NtWriteVirtualMemory@20 498 | Symbol name : _NtYieldExecution@0 499 | Symbol name : _PfxFindPrefix@8 500 | Symbol name : _PfxInitialize@4 501 | Symbol name : _PfxInsertPrefix@12 502 | Symbol name : _PfxRemovePrefix@8 503 | Symbol name : _pow 504 | Symbol name : _qsort 505 | Symbol name : _RestoreEm87Context 506 | Symbol name : _RtlAbortRXact@4 507 | Symbol name : _RtlAbsoluteToSelfRelativeSD@12 508 | Symbol name : _RtlAcquirePebLock@0 509 | Symbol name : _RtlAcquireResourceExclusive@8 510 | Symbol name : _RtlAcquireResourceShared@8 511 | Symbol name : _RtlAddAccessAllowedAce@16 512 | Symbol name : _RtlAddAccessAllowedAceEx@20 513 | Symbol name : _RtlAddAccessAllowedObjectAce@28 514 | Symbol name : _RtlAddAccessDeniedAce@16 515 | Symbol name : _RtlAddAccessDeniedAceEx@20 516 | Symbol name : _RtlAddAccessDeniedObjectAce@28 517 | Symbol name : _RtlAddAce@20 518 | Symbol name : _RtlAddActionToRXact@24 519 | Symbol name : _RtlAddAtomToAtomTable@12 520 | Symbol name : _RtlAddAttributeActionToRXact@32 521 | Symbol name : _RtlAddAuditAccessAce@24 522 | Symbol name : _RtlAddAuditAccessAceEx@28 523 | Symbol name : _RtlAddAuditAccessObjectAce@36 524 | Symbol name : _RtlAddCompoundAce@24 525 | Symbol name : _RtlAddRange@36 526 | Symbol name : _RtlAdjustPrivilege@16 527 | Symbol name : _RtlAllocateAndInitializeSid@44 528 | Symbol name : _RtlAllocateHandle@8 529 | Symbol name : _RtlAllocateHeap@12 530 | Symbol name : _RtlAnsiCharToUnicodeChar@4 531 | Symbol name : _RtlAnsiStringToUnicodeSize@4 532 | Symbol name : _RtlAnsiStringToUnicodeString@12 533 | Symbol name : _RtlAppendAsciizToString@8 534 | Symbol name : _RtlAppendStringToString@8 535 | Symbol name : _RtlAppendUnicodeStringToString@8 536 | Symbol name : _RtlAppendUnicodeToString@8 537 | Symbol name : _RtlApplyRXact@4 538 | Symbol name : _RtlApplyRXactNoFlush@4 539 | Symbol name : _RtlAreAllAccessesGranted@8 540 | Symbol name : _RtlAreAnyAccessesGranted@8 541 | Symbol name : _RtlAreBitsClear@12 542 | Symbol name : _RtlAreBitsSet@12 543 | Symbol name : _RtlAssert@16 544 | Symbol name : _RtlCallbackLpcClient@12 545 | Symbol name : _RtlCancelTimer@8 546 | Symbol name : _RtlCaptureStackBackTrace@16 547 | Symbol name : _RtlCharToInteger@12 548 | Symbol name : _RtlCheckForOrphanedCriticalSections@4 549 | Symbol name : _RtlCheckRegistryKey@8 550 | Symbol name : _RtlClearAllBits@4 551 | Symbol name : _RtlClearBits@12 552 | Symbol name : _RtlCompactHeap@8 553 | Symbol name : _RtlCompareMemory@12 554 | Symbol name : _RtlCompareMemoryUlong@12 555 | Symbol name : _RtlCompareString@12 556 | Symbol name : _RtlCompareUnicodeString@12 557 | Symbol name : _RtlCompressBuffer@32 558 | Symbol name : _RtlConsoleMultiByteToUnicodeN@24 559 | Symbol name : _RtlConvertExclusiveToShared@4 560 | Symbol name : _RtlConvertLongToLargeInteger@4 561 | Symbol name : _RtlConvertSharedToExclusive@4 562 | Symbol name : _RtlConvertSidToUnicodeString@12 563 | Symbol name : _RtlConvertToAutoInheritSecurityObject@24 564 | Symbol name : _RtlConvertUiListToApiList@12 565 | Symbol name : _RtlConvertUlongToLargeInteger@4 566 | Symbol name : _RtlCopyLuid@8 567 | Symbol name : _RtlCopyLuidAndAttributesArray@12 568 | Symbol name : _RtlCopyRangeList@8 569 | Symbol name : _RtlCopySecurityDescriptor@8 570 | Symbol name : _RtlCopySid@12 571 | Symbol name : _RtlCopySidAndAttributesArray@28 572 | Symbol name : _RtlCopyString@8 573 | Symbol name : _RtlCopyUnicodeString@8 574 | Symbol name : _RtlCreateAcl@12 575 | Symbol name : _RtlCreateAndSetSD@20 576 | Symbol name : _RtlCreateAtomTable@8 577 | Symbol name : _RtlCreateEnvironment@8 578 | Symbol name : _RtlCreateHeap@24 579 | Symbol name : _RtlCreateLpcServer@24 580 | Symbol name : _RtlCreateProcessParameters@40 581 | Symbol name : _RtlCreateQueryDebugBuffer@8 582 | Symbol name : _RtlCreateRegistryKey@8 583 | Symbol name : _RtlCreateSecurityDescriptor@8 584 | Symbol name : _RtlCreateTagHeap@16 585 | Symbol name : _RtlCreateTimer@28 586 | Symbol name : _RtlCreateTimerQueue@4 587 | Symbol name : _RtlCreateUnicodeString@8 588 | Symbol name : _RtlCreateUnicodeStringFromAsciiz@8 589 | Symbol name : _RtlCreateUserProcess@40 590 | Symbol name : _RtlCreateUserSecurityObject@28 591 | Symbol name : _RtlCreateUserThread@40 592 | Symbol name : _RtlCustomCPToUnicodeN@24 593 | Symbol name : _RtlCutoverTimeToSystemTime@16 594 | Symbol name : _RtlDebugPrintTimes@0 595 | Symbol name : _RtlDecompressBuffer@24 596 | Symbol name : _RtlDecompressFragment@32 597 | Symbol name : _RtlDefaultNpAcl@4 598 | Symbol name : _RtlDelete@4 599 | Symbol name : _RtlDeleteAce@8 600 | Symbol name : _RtlDeleteAtomFromAtomTable@8 601 | Symbol name : _RtlDeleteCriticalSection@4 602 | Symbol name : _RtlDeleteElementGenericTable@8 603 | Symbol name : _RtlDeleteNoSplay@8 604 | Symbol name : _RtlDeleteOwnersRanges@8 605 | Symbol name : _RtlDeleteRange@24 606 | Symbol name : _RtlDeleteRegistryValue@12 607 | Symbol name : _RtlDeleteResource@4 608 | Symbol name : _RtlDeleteSecurityObject@4 609 | Symbol name : _RtlDeleteTimer@12 610 | Symbol name : _RtlDeleteTimerQueue@4 611 | Symbol name : _RtlDeleteTimerQueueEx@8 612 | Symbol name : _RtlDeNormalizeProcessParams@4 613 | Symbol name : _RtlDeregisterWait@4 614 | Symbol name : _RtlDeregisterWaitEx@8 615 | Symbol name : _RtlDestroyAtomTable@4 616 | Symbol name : _RtlDestroyEnvironment@4 617 | Symbol name : _RtlDestroyHandleTable@4 618 | Symbol name : _RtlDestroyHeap@4 619 | Symbol name : _RtlDestroyProcessParameters@4 620 | Symbol name : _RtlDestroyQueryDebugBuffer@4 621 | Symbol name : _RtlDetermineDosPathNameType_U@4 622 | Symbol name : _RtlDnsHostNameToComputerName@12 623 | Symbol name : _RtlDoesFileExists_U@4 624 | Symbol name : _RtlDosPathNameToNtPathName_U@16 625 | Symbol name : _RtlDosSearchPath_U@24 626 | Symbol name : _RtlDowncaseUnicodeString@12 627 | Symbol name : _RtlDumpResource@4 628 | Symbol name : _RtlEmptyAtomTable@8 629 | Symbol name : _RtlEnableEarlyCriticalSectionEventCreation@0 630 | Symbol name : _RtlEnlargedIntegerMultiply@8 631 | Symbol name : _RtlEnlargedUnsignedDivide@16 632 | Symbol name : _RtlEnlargedUnsignedMultiply@8 633 | Symbol name : _RtlEnterCriticalSection@4 634 | Symbol name : _RtlEnumerateGenericTable@8 635 | Symbol name : _RtlEnumerateGenericTableWithoutSplaying@8 636 | Symbol name : _RtlEnumProcessHeaps@8 637 | Symbol name : _RtlEqualComputerName@8 638 | Symbol name : _RtlEqualDomainName@8 639 | Symbol name : _RtlEqualLuid@8 640 | Symbol name : _RtlEqualPrefixSid@8 641 | Symbol name : _RtlEqualSid@8 642 | Symbol name : _RtlEqualString@12 643 | Symbol name : _RtlEqualUnicodeString@12 644 | Symbol name : _RtlEraseUnicodeString@4 645 | Symbol name : _RtlExpandEnvironmentStrings_U@16 646 | Symbol name : _RtlExtendedIntegerMultiply@12 647 | Symbol name : _RtlExtendedLargeIntegerDivide@16 648 | Symbol name : _RtlExtendedMagicDivide@20 649 | Symbol name : _RtlExtendHeap@16 650 | Symbol name : _RtlFillMemory@12 651 | Symbol name : _RtlFillMemoryUlong@12 652 | Symbol name : _RtlFindClearBits@12 653 | Symbol name : _RtlFindClearBitsAndSet@12 654 | Symbol name : _RtlFindLastBackwardRunClear@12 655 | Symbol name : _RtlFindLeastSignificantBit@8 656 | Symbol name : _RtlFindLongestRunClear@8 657 | Symbol name : _RtlFindMessage@20 658 | Symbol name : _RtlFindMostSignificantBit@8 659 | Symbol name : _RtlFindNextForwardRunClear@12 660 | Symbol name : _RtlFindRange@48 661 | Symbol name : _RtlFindSetBits@12 662 | Symbol name : _RtlFindSetBitsAndClear@12 663 | Symbol name : _RtlFirstFreeAce@8 664 | Symbol name : _RtlFormatCurrentUserKeyPath@4 665 | Symbol name : _RtlFormatMessage@36 666 | Symbol name : _RtlFreeAnsiString@4 667 | Symbol name : _RtlFreeHandle@8 668 | Symbol name : _RtlFreeHeap@12 669 | Symbol name : _RtlFreeOemString@4 670 | Symbol name : _RtlFreeRangeList@4 671 | Symbol name : _RtlFreeSid@4 672 | Symbol name : _RtlFreeUnicodeString@4 673 | Symbol name : _RtlFreeUserThreadStack@8 674 | Symbol name : _RtlGenerate8dot3Name@16 675 | Symbol name : _RtlGetAce@12 676 | Symbol name : _RtlGetCallersAddress@8 677 | Symbol name : _RtlGetCompressionWorkSpaceSize@12 678 | Symbol name : _RtlGetControlSecurityDescriptor@12 679 | Symbol name : _RtlGetCurrentDirectory_U@8 680 | Symbol name : _RtlGetDaclSecurityDescriptor@16 681 | Symbol name : _RtlGetElementGenericTable@8 682 | Symbol name : _RtlGetFirstRange@12 683 | Symbol name : _RtlGetFullPathName_U@16 684 | Symbol name : _RtlGetGroupSecurityDescriptor@12 685 | Symbol name : _RtlGetLongestNtPathLength@0 686 | Symbol name : _RtlGetNextRange@12 687 | Symbol name : _RtlGetNtGlobalFlags@0 688 | Symbol name : _RtlGetNtProductType@4 689 | Symbol name : _RtlGetOwnerSecurityDescriptor@12 690 | Symbol name : _RtlGetProcessHeaps@8 691 | Symbol name : _RtlGetSaclSecurityDescriptor@16 692 | Symbol name : _RtlGetSecurityDescriptorRMControl@8 693 | Symbol name : _RtlGetUserInfoHeap@20 694 | Symbol name : _RtlGetVersion@4 695 | Symbol name : _RtlGUIDFromString@8 696 | Symbol name : _RtlIdentifierAuthoritySid@4 697 | Symbol name : _RtlImageDirectoryEntryToData@16 698 | Symbol name : _RtlImageNtHeader@4 699 | Symbol name : _RtlImageRvaToSection@12 700 | Symbol name : _RtlImageRvaToVa@16 701 | Symbol name : _RtlImpersonateLpcClient@8 702 | Symbol name : _RtlImpersonateSelf@4 703 | Symbol name : _RtlInitAnsiString@8 704 | Symbol name : _RtlInitCodePageTable@8 705 | Symbol name : _RtlInitializeAtomPackage@4 706 | Symbol name : _RtlInitializeBitMap@12 707 | Symbol name : _RtlInitializeContext@20 708 | Symbol name : _RtlInitializeCriticalSection@4 709 | Symbol name : _RtlInitializeCriticalSectionAndSpinCount@8 710 | Symbol name : _RtlInitializeGenericTable@20 711 | Symbol name : _RtlInitializeHandleTable@12 712 | Symbol name : _RtlInitializeRangeList@4 713 | Symbol name : _RtlInitializeResource@4 714 | Symbol name : _RtlInitializeRXact@12 715 | Symbol name : _RtlInitializeSid@12 716 | Symbol name : _RtlInitNlsTables@16 717 | Symbol name : _RtlInitString@8 718 | Symbol name : _RtlInitUnicodeString@8 719 | Symbol name : _RtlInsertElementGenericTable@16 720 | Symbol name : _RtlInt64ToUnicodeString@16 721 | Symbol name : _RtlIntegerToChar@16 722 | Symbol name : _RtlIntegerToUnicodeString@12 723 | Symbol name : _RtlInvertRangeList@8 724 | Symbol name : _RtlIsDosDeviceName_U@4 725 | Symbol name : _RtlIsGenericTableEmpty@4 726 | Symbol name : _RtlIsNameLegalDOS8Dot3@12 727 | Symbol name : _RtlIsRangeAvailable@40 728 | Symbol name : _RtlIsTextUnicode@12 729 | Symbol name : _RtlIsValidHandle@8 730 | Symbol name : _RtlIsValidIndexHandle@12 731 | Symbol name : _RtlLargeIntegerAdd@16 732 | Symbol name : _RtlLargeIntegerArithmeticShift@12 733 | Symbol name : _RtlLargeIntegerDivide@20 734 | Symbol name : _RtlLargeIntegerNegate@8 735 | Symbol name : _RtlLargeIntegerShiftLeft@12 736 | Symbol name : _RtlLargeIntegerShiftRight@12 737 | Symbol name : _RtlLargeIntegerSubtract@16 738 | Symbol name : _RtlLargeIntegerToChar@16 739 | Symbol name : _RtlLeaveCriticalSection@4 740 | Symbol name : _RtlLengthRequiredSid@4 741 | Symbol name : _RtlLengthSecurityDescriptor@4 742 | Symbol name : _RtlLengthSid@4 743 | Symbol name : _RtlLocalTimeToSystemTime@8 744 | Symbol name : _RtlLockHeap@4 745 | Symbol name : _RtlLookupAtomInAtomTable@12 746 | Symbol name : _RtlLookupElementGenericTable@8 747 | Symbol name : _RtlMakeSelfRelativeSD@12 748 | Symbol name : _RtlMapGenericMask@8 749 | Symbol name : _RtlMergeRangeLists@16 750 | Symbol name : _RtlMoveMemory@12 751 | Symbol name : _RtlMultiByteToUnicodeN@20 752 | Symbol name : _RtlMultiByteToUnicodeSize@12 753 | Symbol name : _RtlNewInstanceSecurityObject@40 754 | Symbol name : _RtlNewSecurityGrantedAccess@24 755 | Symbol name : _RtlNewSecurityObject@24 756 | Symbol name : _RtlNewSecurityObjectEx@32 757 | Symbol name : _RtlNormalizeProcessParams@4 758 | Symbol name : _RtlNtStatusToDosError@4 759 | Symbol name : _RtlNumberGenericTableElements@4 760 | Symbol name : _RtlNumberOfClearBits@4 761 | Symbol name : _RtlNumberOfSetBits@4 762 | Symbol name : _RtlOemStringToUnicodeSize@4 763 | Symbol name : _RtlOemStringToUnicodeString@12 764 | Symbol name : _RtlOemToUnicodeN@20 765 | Symbol name : _RtlOpenCurrentUser@8 766 | Symbol name : _RtlPcToFileHeader@8 767 | Symbol name : _RtlPinAtomInAtomTable@8 768 | Symbol name : _RtlpNtCreateKey@24 769 | Symbol name : _RtlpNtEnumerateSubKey@16 770 | Symbol name : _RtlpNtMakeTemporaryKey@4 771 | Symbol name : _RtlpNtOpenKey@16 772 | Symbol name : _RtlpNtQueryValueKey@20 773 | Symbol name : _RtlpNtSetValueKey@16 774 | Symbol name : _RtlPrefixString@12 775 | Symbol name : _RtlPrefixUnicodeString@12 776 | Symbol name : _RtlProtectHeap@8 777 | Symbol name : _RtlpUnWaitCriticalSection@4 778 | Symbol name : _RtlpWaitForCriticalSection@4 779 | Symbol name : _RtlQueryAtomInAtomTable@24 780 | Symbol name : _RtlQueryEnvironmentVariable_U@12 781 | Symbol name : _RtlQueryInformationAcl@16 782 | Symbol name : _RtlQueryProcessBackTraceInformation@4 783 | Symbol name : _RtlQueryProcessDebugInformation@12 784 | Symbol name : _RtlQueryProcessHeapInformation@4 785 | Symbol name : _RtlQueryProcessLockInformation@4 786 | Symbol name : _RtlQueryRegistryValues@20 787 | Symbol name : _RtlQuerySecurityObject@20 788 | Symbol name : _RtlQueryTagHeap@20 789 | Symbol name : _RtlQueryTimeZoneInformation@4 790 | Symbol name : _RtlQueueWorkItem@12 791 | Symbol name : _RtlRaiseException@4 792 | Symbol name : _RtlRaiseStatus@4 793 | Symbol name : _RtlRandom@4 794 | Symbol name : _RtlReAllocateHeap@16 795 | Symbol name : _RtlRealPredecessor@4 796 | Symbol name : _RtlRealSuccessor@4 797 | Symbol name : _RtlRegisterWait@24 798 | Symbol name : _RtlReleasePebLock@0 799 | Symbol name : _RtlReleaseResource@4 800 | Symbol name : _RtlRemoteCall@28 801 | Symbol name : _RtlResetRtlTranslations@4 802 | Symbol name : _RtlRunDecodeUnicodeString@8 803 | Symbol name : _RtlRunEncodeUnicodeString@8 804 | Symbol name : _RtlSecondsSince1970ToTime@8 805 | Symbol name : _RtlSecondsSince1980ToTime@8 806 | Symbol name : _RtlSelfRelativeToAbsoluteSD@44 807 | Symbol name : _RtlSelfRelativeToAbsoluteSD2@8 808 | Symbol name : _RtlSetAllBits@4 809 | Symbol name : _RtlSetAttributesSecurityDescriptor@12 810 | Symbol name : _RtlSetBits@12 811 | Symbol name : _RtlSetControlSecurityDescriptor@12 812 | Symbol name : _RtlSetCriticalSectionSpinCount@8 813 | Symbol name : _RtlSetCurrentDirectory_U@4 814 | Symbol name : _RtlSetCurrentEnvironment@8 815 | Symbol name : _RtlSetDaclSecurityDescriptor@16 816 | Symbol name : _RtlSetEnvironmentVariable@12 817 | Symbol name : _RtlSetGroupSecurityDescriptor@12 818 | Symbol name : _RtlSetInformationAcl@16 819 | Symbol name : _RtlSetIoCompletionCallback@12 820 | Symbol name : _RtlSetOwnerSecurityDescriptor@12 821 | Symbol name : _RtlSetSaclSecurityDescriptor@16 822 | Symbol name : _RtlSetSecurityDescriptorRMControl@8 823 | Symbol name : _RtlSetSecurityObject@20 824 | Symbol name : _RtlSetSecurityObjectEx@24 825 | Symbol name : _RtlSetThreadPoolStartFunc@8 826 | Symbol name : _RtlSetTimer@28 827 | Symbol name : _RtlSetTimeZoneInformation@4 828 | Symbol name : _RtlSetUnicodeCallouts@4 829 | Symbol name : _RtlSetUserFlagsHeap@20 830 | Symbol name : _RtlSetUserValueHeap@16 831 | Symbol name : _RtlShutdownLpcServer@4 832 | Symbol name : _RtlSizeHeap@12 833 | Symbol name : _RtlSplay@4 834 | Symbol name : _RtlStartRXact@4 835 | Symbol name : _RtlStringFromGUID@8 836 | Symbol name : _RtlSubAuthorityCountSid@4 837 | Symbol name : _RtlSubAuthoritySid@8 838 | Symbol name : _RtlSubtreePredecessor@4 839 | Symbol name : _RtlSubtreeSuccessor@4 840 | Symbol name : _RtlSystemTimeToLocalTime@8 841 | Symbol name : _RtlTimeFieldsToTime@8 842 | Symbol name : _RtlTimeToElapsedTimeFields@8 843 | Symbol name : _RtlTimeToSecondsSince1970@8 844 | Symbol name : _RtlTimeToSecondsSince1980@8 845 | Symbol name : _RtlTimeToTimeFields@8 846 | Symbol name : _RtlTraceDatabaseAdd@16 847 | Symbol name : _RtlTraceDatabaseCreate@20 848 | Symbol name : _RtlTraceDatabaseDestroy@4 849 | Symbol name : _RtlTraceDatabaseEnumerate@12 850 | Symbol name : _RtlTraceDatabaseFind@16 851 | Symbol name : _RtlTraceDatabaseLock@4 852 | Symbol name : _RtlTraceDatabaseUnlock@4 853 | Symbol name : _RtlTraceDatabaseValidate@4 854 | Symbol name : _RtlTryEnterCriticalSection@4 855 | Symbol name : _RtlUnicodeStringToAnsiSize@4 856 | Symbol name : _RtlUnicodeStringToAnsiString@12 857 | Symbol name : _RtlUnicodeStringToCountedOemString@12 858 | Symbol name : _RtlUnicodeStringToInteger@12 859 | Symbol name : _RtlUnicodeStringToOemSize@4 860 | Symbol name : _RtlUnicodeStringToOemString@12 861 | Symbol name : _RtlUnicodeToCustomCPN@24 862 | Symbol name : _RtlUnicodeToMultiByteN@20 863 | Symbol name : _RtlUnicodeToMultiByteSize@12 864 | Symbol name : _RtlUnicodeToOemN@20 865 | Symbol name : _RtlUniform@4 866 | Symbol name : _RtlUnlockHeap@4 867 | Symbol name : _RtlUnwind@16 868 | Symbol name : _RtlUpcaseUnicodeChar@4 869 | Symbol name : _RtlUpcaseUnicodeString@12 870 | Symbol name : _RtlUpcaseUnicodeStringToAnsiString@12 871 | Symbol name : _RtlUpcaseUnicodeStringToCountedOemString@12 872 | Symbol name : _RtlUpcaseUnicodeStringToOemString@12 873 | Symbol name : _RtlUpcaseUnicodeToCustomCPN@24 874 | Symbol name : _RtlUpcaseUnicodeToMultiByteN@20 875 | Symbol name : _RtlUpcaseUnicodeToOemN@20 876 | Symbol name : _RtlUpdateTimer@16 877 | Symbol name : _RtlUpperChar@4 878 | Symbol name : _RtlUpperString@8 879 | Symbol name : _RtlUsageHeap@12 880 | Symbol name : _RtlValidAcl@4 881 | Symbol name : _RtlValidateHeap@12 882 | Symbol name : _RtlValidateProcessHeaps@0 883 | Symbol name : _RtlValidRelativeSecurityDescriptor@12 884 | Symbol name : _RtlValidSecurityDescriptor@4 885 | Symbol name : _RtlValidSid@4 886 | Symbol name : _RtlVerifyVersionInfo@16 887 | Symbol name : _RtlWalkFrameChain@12 888 | Symbol name : _RtlWalkHeap@8 889 | Symbol name : _RtlWriteRegistryValue@24 890 | Symbol name : _RtlxAnsiStringToUnicodeSize@4 891 | Symbol name : _RtlxOemStringToUnicodeSize@4 892 | Symbol name : _RtlxUnicodeStringToAnsiSize@4 893 | Symbol name : _RtlxUnicodeStringToOemSize@4 894 | Symbol name : _RtlZeroHeap@8 895 | Symbol name : _RtlZeroMemory@8 896 | Symbol name : _SaveEm87Context 897 | Symbol name : _sin 898 | Symbol name : _sprintf 899 | Symbol name : _sqrt 900 | Symbol name : _sscanf 901 | Symbol name : _strcat 902 | Symbol name : _strchr 903 | Symbol name : _strcmp 904 | Symbol name : _strcpy 905 | Symbol name : _strcspn 906 | Symbol name : _strlen 907 | Symbol name : _strncat 908 | Symbol name : _strncmp 909 | Symbol name : _strncpy 910 | Symbol name : _strpbrk 911 | Symbol name : _strrchr 912 | Symbol name : _strspn 913 | Symbol name : _strstr 914 | Symbol name : _strtol 915 | Symbol name : _strtoul 916 | Symbol name : _swprintf 917 | Symbol name : _tan 918 | Symbol name : _tolower 919 | Symbol name : _toupper 920 | Symbol name : _towlower 921 | Symbol name : _towupper 922 | Symbol name : _VerSetConditionMask@16 923 | Symbol name : _vsprintf 924 | Symbol name : _wcscat 925 | Symbol name : _wcschr 926 | Symbol name : _wcscmp 927 | Symbol name : _wcscpy 928 | Symbol name : _wcscspn 929 | Symbol name : _wcslen 930 | Symbol name : _wcsncat 931 | Symbol name : _wcsncmp 932 | Symbol name : _wcsncpy 933 | Symbol name : _wcspbrk 934 | Symbol name : _wcsrchr 935 | Symbol name : _wcsspn 936 | Symbol name : _wcsstr 937 | Symbol name : _wcstol 938 | Symbol name : _wcstombs 939 | Symbol name : _wcstoul 940 | Symbol name : _ZwAcceptConnectPort@24 941 | Symbol name : _ZwAccessCheck@32 942 | Symbol name : _ZwAccessCheckAndAuditAlarm@44 943 | Symbol name : _ZwAccessCheckByType@44 944 | Symbol name : _ZwAccessCheckByTypeAndAuditAlarm@64 945 | Symbol name : _ZwAccessCheckByTypeResultList@44 946 | Symbol name : _ZwAccessCheckByTypeResultListAndAuditAlarm@64 947 | Symbol name : _ZwAccessCheckByTypeResultListAndAuditAlarmByHandle@68 948 | Symbol name : _ZwAddAtom@12 949 | Symbol name : _ZwAdjustGroupsToken@24 950 | Symbol name : _ZwAdjustPrivilegesToken@24 951 | Symbol name : _ZwAlertResumeThread@8 952 | Symbol name : _ZwAlertThread@4 953 | Symbol name : _ZwAllocateLocallyUniqueId@4 954 | Symbol name : _ZwAllocateUserPhysicalPages@12 955 | Symbol name : _ZwAllocateUuids@16 956 | Symbol name : _ZwAllocateVirtualMemory@24 957 | Symbol name : _ZwAreMappedFilesTheSame@8 958 | Symbol name : _ZwAssignProcessToJobObject@8 959 | Symbol name : _ZwCallbackReturn@12 960 | Symbol name : _ZwCancelDeviceWakeupRequest@4 961 | Symbol name : _ZwCancelIoFile@8 962 | Symbol name : _ZwCancelTimer@8 963 | Symbol name : _ZwClearEvent@4 964 | Symbol name : _ZwClose@4 965 | Symbol name : _ZwCloseObjectAuditAlarm@12 966 | Symbol name : _ZwCompleteConnectPort@4 967 | Symbol name : _ZwConnectPort@32 968 | Symbol name : _ZwContinue@8 969 | Symbol name : _ZwCreateChannel@8 970 | Symbol name : _ZwCreateDirectoryObject@12 971 | Symbol name : _ZwCreateEvent@20 972 | Symbol name : _ZwCreateEventPair@12 973 | Symbol name : _ZwCreateFile@44 974 | Symbol name : _ZwCreateIoCompletion@16 975 | Symbol name : _ZwCreateJobObject@12 976 | Symbol name : _ZwCreateKey@28 977 | Symbol name : _ZwCreateMailslotFile@32 978 | Symbol name : _ZwCreateMutant@16 979 | Symbol name : _ZwCreateNamedPipeFile@56 980 | Symbol name : _ZwCreatePagingFile@16 981 | Symbol name : _ZwCreatePort@20 982 | Symbol name : _ZwCreateProcess@32 983 | Symbol name : _ZwCreateProfile@36 984 | Symbol name : _ZwCreateSection@28 985 | Symbol name : _ZwCreateSemaphore@20 986 | Symbol name : _ZwCreateSymbolicLinkObject@16 987 | Symbol name : _ZwCreateThread@32 988 | Symbol name : _ZwCreateTimer@16 989 | Symbol name : _ZwCreateToken@52 990 | Symbol name : _ZwCreateWaitablePort@20 991 | Symbol name : _ZwDelayExecution@8 992 | Symbol name : _ZwDeleteAtom@4 993 | Symbol name : _ZwDeleteFile@4 994 | Symbol name : _ZwDeleteKey@4 995 | Symbol name : _ZwDeleteObjectAuditAlarm@12 996 | Symbol name : _ZwDeleteValueKey@8 997 | Symbol name : _ZwDeviceIoControlFile@40 998 | Symbol name : _ZwDisplayString@4 999 | Symbol name : _ZwDuplicateObject@28 1000 | Symbol name : _ZwDuplicateToken@24 1001 | Symbol name : _ZwEnumerateKey@24 1002 | Symbol name : _ZwEnumerateValueKey@24 1003 | Symbol name : _ZwExtendSection@8 1004 | Symbol name : _ZwFilterToken@24 1005 | Symbol name : _ZwFindAtom@12 1006 | Symbol name : _ZwFlushBuffersFile@8 1007 | Symbol name : _ZwFlushInstructionCache@12 1008 | Symbol name : _ZwFlushKey@4 1009 | Symbol name : _ZwFlushVirtualMemory@16 1010 | Symbol name : _ZwFlushWriteBuffer@0 1011 | Symbol name : _ZwFreeUserPhysicalPages@12 1012 | Symbol name : _ZwFreeVirtualMemory@16 1013 | Symbol name : _ZwFsControlFile@40 1014 | Symbol name : _ZwGetContextThread@8 1015 | Symbol name : _ZwGetDevicePowerState@8 1016 | Symbol name : _ZwGetPlugPlayEvent@16 1017 | Symbol name : _ZwGetTickCount@0 1018 | Symbol name : _ZwGetWriteWatch@28 1019 | Symbol name : _ZwImpersonateAnonymousToken@4 1020 | Symbol name : _ZwImpersonateClientOfPort@8 1021 | Symbol name : _ZwImpersonateThread@12 1022 | Symbol name : _ZwInitializeRegistry@4 1023 | Symbol name : _ZwInitiatePowerAction@16 1024 | Symbol name : _ZwIsSystemResumeAutomatic@0 1025 | Symbol name : _ZwListenChannel@8 1026 | Symbol name : _ZwListenPort@8 1027 | Symbol name : _ZwLoadDriver@4 1028 | Symbol name : _ZwLoadKey@8 1029 | Symbol name : _ZwLoadKey2@12 1030 | Symbol name : _ZwLockFile@40 1031 | Symbol name : _ZwLockVirtualMemory@16 1032 | Symbol name : _ZwMakeTemporaryObject@4 1033 | Symbol name : _ZwMapUserPhysicalPages@12 1034 | Symbol name : _ZwMapUserPhysicalPagesScatter@12 1035 | Symbol name : _ZwMapViewOfSection@40 1036 | Symbol name : _ZwNotifyChangeDirectoryFile@36 1037 | Symbol name : _ZwNotifyChangeKey@40 1038 | Symbol name : _ZwNotifyChangeMultipleKeys@48 1039 | Symbol name : _ZwOpenChannel@8 1040 | Symbol name : _ZwOpenDirectoryObject@12 1041 | Symbol name : _ZwOpenEvent@12 1042 | Symbol name : _ZwOpenEventPair@12 1043 | Symbol name : _ZwOpenFile@24 1044 | Symbol name : _ZwOpenIoCompletion@12 1045 | Symbol name : _ZwOpenJobObject@12 1046 | Symbol name : _ZwOpenKey@12 1047 | Symbol name : _ZwOpenMutant@12 1048 | Symbol name : _ZwOpenObjectAuditAlarm@48 1049 | Symbol name : _ZwOpenProcess@16 1050 | Symbol name : _ZwOpenProcessToken@12 1051 | Symbol name : _ZwOpenSection@12 1052 | Symbol name : _ZwOpenSemaphore@12 1053 | Symbol name : _ZwOpenSymbolicLinkObject@12 1054 | Symbol name : _ZwOpenThread@16 1055 | Symbol name : _ZwOpenThreadToken@16 1056 | Symbol name : _ZwOpenTimer@12 1057 | Symbol name : _ZwPlugPlayControl@12 1058 | Symbol name : _ZwPowerInformation@20 1059 | Symbol name : _ZwPrivilegeCheck@12 1060 | Symbol name : _ZwPrivilegedServiceAuditAlarm@20 1061 | Symbol name : _ZwPrivilegeObjectAuditAlarm@24 1062 | Symbol name : _ZwProtectVirtualMemory@20 1063 | Symbol name : _ZwPulseEvent@8 1064 | Symbol name : _ZwQueryAttributesFile@8 1065 | Symbol name : _ZwQueryDefaultLocale@8 1066 | Symbol name : _ZwQueryDefaultUILanguage@4 1067 | Symbol name : _ZwQueryDirectoryFile@44 1068 | Symbol name : _ZwQueryDirectoryObject@28 1069 | Symbol name : _ZwQueryEaFile@36 1070 | Symbol name : _ZwQueryEvent@20 1071 | Symbol name : _ZwQueryFullAttributesFile@8 1072 | Symbol name : _ZwQueryInformationAtom@20 1073 | Symbol name : _ZwQueryInformationFile@20 1074 | Symbol name : _ZwQueryInformationJobObject@20 1075 | Symbol name : _ZwQueryInformationPort@20 1076 | Symbol name : _ZwQueryInformationProcess@20 1077 | Symbol name : _ZwQueryInformationThread@20 1078 | Symbol name : _ZwQueryInformationToken@20 1079 | Symbol name : _ZwQueryInstallUILanguage@4 1080 | Symbol name : _ZwQueryIntervalProfile@8 1081 | Symbol name : _ZwQueryIoCompletion@20 1082 | Symbol name : _ZwQueryKey@20 1083 | Symbol name : _ZwQueryMultipleValueKey@24 1084 | Symbol name : _ZwQueryMutant@20 1085 | Symbol name : _ZwQueryObject@20 1086 | Symbol name : _ZwQueryOpenSubKeys@8 1087 | Symbol name : _ZwQueryPerformanceCounter@8 1088 | Symbol name : _ZwQueryQuotaInformationFile@36 1089 | Symbol name : _ZwQuerySection@20 1090 | Symbol name : _ZwQuerySecurityObject@20 1091 | Symbol name : _ZwQuerySemaphore@20 1092 | Symbol name : _ZwQuerySymbolicLinkObject@12 1093 | Symbol name : _ZwQuerySystemEnvironmentValue@16 1094 | Symbol name : _ZwQuerySystemInformation@16 1095 | Symbol name : _ZwQuerySystemTime@4 1096 | Symbol name : _ZwQueryTimer@20 1097 | Symbol name : _ZwQueryTimerResolution@12 1098 | Symbol name : _ZwQueryValueKey@24 1099 | Symbol name : _ZwQueryVirtualMemory@24 1100 | Symbol name : _ZwQueryVolumeInformationFile@20 1101 | Symbol name : _ZwQueueApcThread@20 1102 | Symbol name : _ZwRaiseException@12 1103 | Symbol name : _ZwRaiseHardError@24 1104 | Symbol name : _ZwReadFile@36 1105 | Symbol name : _ZwReadFileScatter@36 1106 | Symbol name : _ZwReadRequestData@24 1107 | Symbol name : _ZwReadVirtualMemory@20 1108 | Symbol name : _ZwRegisterThreadTerminatePort@4 1109 | Symbol name : _ZwReleaseMutant@8 1110 | Symbol name : _ZwReleaseSemaphore@12 1111 | Symbol name : _ZwRemoveIoCompletion@20 1112 | Symbol name : _ZwReplaceKey@12 1113 | Symbol name : _ZwReplyPort@8 1114 | Symbol name : _ZwReplyWaitReceivePort@16 1115 | Symbol name : _ZwReplyWaitReceivePortEx@20 1116 | Symbol name : _ZwReplyWaitReplyPort@8 1117 | Symbol name : _ZwReplyWaitSendChannel@12 1118 | Symbol name : _ZwRequestDeviceWakeup@4 1119 | Symbol name : _ZwRequestPort@8 1120 | Symbol name : _ZwRequestWaitReplyPort@12 1121 | Symbol name : _ZwRequestWakeupLatency@4 1122 | Symbol name : _ZwResetEvent@8 1123 | Symbol name : _ZwResetWriteWatch@12 1124 | Symbol name : _ZwRestoreKey@12 1125 | Symbol name : _ZwResumeThread@8 1126 | Symbol name : _ZwSaveKey@8 1127 | Symbol name : _ZwSaveMergedKeys@12 1128 | Symbol name : _ZwSecureConnectPort@36 1129 | Symbol name : _ZwSendWaitReplyChannel@16 1130 | Symbol name : _ZwSetContextChannel@4 1131 | Symbol name : _ZwSetContextThread@8 1132 | Symbol name : _ZwSetDefaultHardErrorPort@4 1133 | Symbol name : _ZwSetDefaultLocale@8 1134 | Symbol name : _ZwSetDefaultUILanguage@4 1135 | Symbol name : _ZwSetEaFile@16 1136 | Symbol name : _ZwSetEvent@8 1137 | Symbol name : _ZwSetHighEventPair@4 1138 | Symbol name : _ZwSetHighWaitLowEventPair@4 1139 | Symbol name : _ZwSetInformationFile@20 1140 | Symbol name : _ZwSetInformationJobObject@16 1141 | Symbol name : _ZwSetInformationKey@16 1142 | Symbol name : _ZwSetInformationObject@16 1143 | Symbol name : _ZwSetInformationProcess@16 1144 | Symbol name : _ZwSetInformationThread@16 1145 | Symbol name : _ZwSetInformationToken@16 1146 | Symbol name : _ZwSetIntervalProfile@8 1147 | Symbol name : _ZwSetIoCompletion@20 1148 | Symbol name : _ZwSetLdtEntries@24 1149 | Symbol name : _ZwSetLowEventPair@4 1150 | Symbol name : _ZwSetLowWaitHighEventPair@4 1151 | Symbol name : _ZwSetQuotaInformationFile@16 1152 | Symbol name : _ZwSetSecurityObject@12 1153 | Symbol name : _ZwSetSystemEnvironmentValue@8 1154 | Symbol name : _ZwSetSystemInformation@12 1155 | Symbol name : _ZwSetSystemPowerState@12 1156 | Symbol name : _ZwSetSystemTime@8 1157 | Symbol name : _ZwSetThreadExecutionState@8 1158 | Symbol name : _ZwSetTimer@28 1159 | Symbol name : _ZwSetTimerResolution@12 1160 | Symbol name : _ZwSetUuidSeed@4 1161 | Symbol name : _ZwSetValueKey@24 1162 | Symbol name : _ZwSetVolumeInformationFile@20 1163 | Symbol name : _ZwShutdownSystem@4 1164 | Symbol name : _ZwSignalAndWaitForSingleObject@16 1165 | Symbol name : _ZwStartProfile@4 1166 | Symbol name : _ZwStopProfile@4 1167 | Symbol name : _ZwSuspendThread@8 1168 | Symbol name : _ZwSystemDebugControl@24 1169 | Symbol name : _ZwTerminateJobObject@8 1170 | Symbol name : _ZwTerminateProcess@8 1171 | Symbol name : _ZwTerminateThread@8 1172 | Symbol name : _ZwTestAlert@0 1173 | Symbol name : _ZwUnloadDriver@4 1174 | Symbol name : _ZwUnloadKey@4 1175 | Symbol name : _ZwUnlockFile@20 1176 | Symbol name : _ZwUnlockVirtualMemory@16 1177 | Symbol name : _ZwUnmapViewOfSection@8 1178 | Symbol name : _ZwVdmControl@8 1179 | Symbol name : _ZwWaitForMultipleObjects@20 1180 | Symbol name : _ZwWaitForSingleObject@12 1181 | Symbol name : _ZwWaitHighEventPair@4 1182 | Symbol name : _ZwWaitLowEventPair@4 1183 | Symbol name : _ZwWriteFile@36 1184 | Symbol name : _ZwWriteFileGather@36 1185 | Symbol name : _ZwWriteRequestData@24 1186 | Symbol name : _ZwWriteVirtualMemory@20 1187 | Symbol name : _ZwYieldExecution@0 1188 | -------------------------------------------------------------------------------- /lib/ntdll_5_1_32.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-zzo/ntcore/b8875e12c03970872d1914a1c1dfb115961e1da3/lib/ntdll_5_1_32.lib -------------------------------------------------------------------------------- /lib/ntdll_5_2_32.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-zzo/ntcore/b8875e12c03970872d1914a1c1dfb115961e1da3/lib/ntdll_5_2_32.lib -------------------------------------------------------------------------------- /lib/ntdll_5_2_64.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-zzo/ntcore/b8875e12c03970872d1914a1c1dfb115961e1da3/lib/ntdll_5_2_64.lib -------------------------------------------------------------------------------- /lib/ntdll_6_0_32.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-zzo/ntcore/b8875e12c03970872d1914a1c1dfb115961e1da3/lib/ntdll_6_0_32.lib -------------------------------------------------------------------------------- /lib/ntdll_6_0_64.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-zzo/ntcore/b8875e12c03970872d1914a1c1dfb115961e1da3/lib/ntdll_6_0_64.lib -------------------------------------------------------------------------------- /lib/ntdll_6_1_32.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-zzo/ntcore/b8875e12c03970872d1914a1c1dfb115961e1da3/lib/ntdll_6_1_32.lib -------------------------------------------------------------------------------- /lib/ntdll_6_1_64.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-zzo/ntcore/b8875e12c03970872d1914a1c1dfb115961e1da3/lib/ntdll_6_1_64.lib -------------------------------------------------------------------------------- /lib/ntdllp_6_0_32.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-zzo/ntcore/b8875e12c03970872d1914a1c1dfb115961e1da3/lib/ntdllp_6_0_32.lib -------------------------------------------------------------------------------- /lib/ntdllp_6_0_64.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-zzo/ntcore/b8875e12c03970872d1914a1c1dfb115961e1da3/lib/ntdllp_6_0_64.lib -------------------------------------------------------------------------------- /lib/ntdllp_6_1_32.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-zzo/ntcore/b8875e12c03970872d1914a1c1dfb115961e1da3/lib/ntdllp_6_1_32.lib -------------------------------------------------------------------------------- /lib/ntdllp_6_1_64.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-zzo/ntcore/b8875e12c03970872d1914a1c1dfb115961e1da3/lib/ntdllp_6_1_64.lib --------------------------------------------------------------------------------