summaryrefslogtreecommitdiffstats
path: root/third_party/rust/ntapi/src/ntzwapi.rs
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 09:22:09 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 09:22:09 +0000
commit43a97878ce14b72f0981164f87f2e35e14151312 (patch)
tree620249daf56c0258faa40cbdcf9cfba06de2a846 /third_party/rust/ntapi/src/ntzwapi.rs
parentInitial commit. (diff)
downloadfirefox-upstream.tar.xz
firefox-upstream.zip
Adding upstream version 110.0.1.upstream/110.0.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r--third_party/rust/ntapi/src/ntzwapi.rs2699
1 files changed, 2699 insertions, 0 deletions
diff --git a/third_party/rust/ntapi/src/ntzwapi.rs b/third_party/rust/ntapi/src/ntzwapi.rs
new file mode 100644
index 0000000000..9638bf836a
--- /dev/null
+++ b/third_party/rust/ntapi/src/ntzwapi.rs
@@ -0,0 +1,2699 @@
+use crate::ntapi_base::{PCLIENT_ID, PRTL_ATOM, RTL_ATOM};
+use crate::ntdbg::DEBUGOBJECTINFOCLASS;
+use crate::ntexapi::{
+ ATOM_INFORMATION_CLASS, EVENT_INFORMATION_CLASS, MUTANT_INFORMATION_CLASS, PBOOT_ENTRY,
+ PBOOT_OPTIONS, PCWNF_TYPE_ID, PEFI_DRIVER_ENTRY, PFILE_PATH, PT2_CANCEL_PARAMETERS,
+ PT2_SET_PARAMETERS, PTIMER_APC_ROUTINE, PWNF_CHANGE_STAMP, PWNF_DELIVERY_DESCRIPTOR,
+ SEMAPHORE_INFORMATION_CLASS, SHUTDOWN_ACTION, SYSDBG_COMMAND, SYSTEM_INFORMATION_CLASS,
+ TIMER_INFORMATION_CLASS, TIMER_SET_INFORMATION_CLASS, WNF_CHANGE_STAMP, WNF_DATA_SCOPE,
+ WNF_STATE_NAME_INFORMATION, WNF_STATE_NAME_LIFETIME, WORKERFACTORYINFOCLASS,
+};
+use crate::ntioapi::{
+ FILE_INFORMATION_CLASS, FILE_IO_COMPLETION_INFORMATION, FS_INFORMATION_CLASS,
+ IO_COMPLETION_INFORMATION_CLASS, IO_SESSION_EVENT, IO_SESSION_STATE, PFILE_BASIC_INFORMATION,
+ PFILE_IO_COMPLETION_INFORMATION, PFILE_NETWORK_OPEN_INFORMATION, PIO_APC_ROUTINE,
+ PIO_STATUS_BLOCK,
+};
+use crate::ntkeapi::KPROFILE_SOURCE;
+use crate::ntlpcapi::{
+ ALPC_HANDLE, ALPC_MESSAGE_INFORMATION_CLASS, ALPC_PORT_INFORMATION_CLASS, PALPC_CONTEXT_ATTR,
+ PALPC_DATA_VIEW_ATTR, PALPC_HANDLE, PALPC_MESSAGE_ATTRIBUTES, PALPC_PORT_ATTRIBUTES,
+ PALPC_SECURITY_ATTR, PORT_INFORMATION_CLASS, PPORT_MESSAGE, PPORT_VIEW, PREMOTE_PORT_VIEW,
+};
+use crate::ntmisc::VDMSERVICECLASS;
+use crate::ntmmapi::{
+ MEMORY_INFORMATION_CLASS, MEMORY_PARTITION_INFORMATION_CLASS, PMEMORY_RANGE_ENTRY,
+ SECTION_INFORMATION_CLASS, SECTION_INHERIT, VIRTUAL_MEMORY_INFORMATION_CLASS,
+};
+use crate::ntobapi::OBJECT_INFORMATION_CLASS;
+use crate::ntpnpapi::{PLUGPLAY_CONTROL_CLASS, PPLUGPLAY_EVENT_BLOCK};
+use crate::ntpsapi::{
+ MEMORY_RESERVE_TYPE, PINITIAL_TEB, PPS_APC_ROUTINE, PPS_ATTRIBUTE_LIST, PPS_CREATE_INFO,
+ PROCESSINFOCLASS, THREADINFOCLASS,
+};
+use crate::ntregapi::{
+ KEY_INFORMATION_CLASS, KEY_SET_INFORMATION_CLASS, KEY_VALUE_INFORMATION_CLASS,
+ PKEY_VALUE_ENTRY,
+};
+use crate::ntseapi::PTOKEN_SECURITY_ATTRIBUTES_INFORMATION;
+use winapi::shared::basetsd::{
+ KAFFINITY, PSIZE_T, PULONG64, PULONG_PTR, SIZE_T, ULONG64, ULONG_PTR,
+};
+use winapi::shared::guiddef::LPGUID;
+use winapi::shared::ktmtypes::{NOTIFICATION_MASK, PCRM_PROTOCOL_ID, PTRANSACTION_NOTIFICATION};
+use winapi::shared::ntdef::{
+ BOOLEAN, EVENT_TYPE, HANDLE, LANGID, LCID, LOGICAL, LONG, NTSTATUS, OBJECT_ATTRIBUTES,
+ PBOOLEAN, PCHAR, PCWNF_STATE_NAME, PGROUP_AFFINITY, PHANDLE, PLARGE_INTEGER, PLCID, PLONG,
+ PLUID, PNTSTATUS, POBJECT_ATTRIBUTES, PUCHAR, PULARGE_INTEGER, PULONG, PULONGLONG,
+ PUNICODE_STRING, PUSHORT, PVOID, PWNF_STATE_NAME, PWSTR, TIMER_TYPE, ULONG, USHORT, VOID,
+ WAIT_TYPE,
+};
+use winapi::um::winnt::{
+ ACCESS_MASK, AUDIT_EVENT_TYPE, ENLISTMENT_INFORMATION_CLASS, EXECUTION_STATE,
+ JOBOBJECTINFOCLASS, KTMOBJECT_TYPE, LATENCY_TIME, PACCESS_MASK, PCONTEXT, PDEVICE_POWER_STATE,
+ PEXCEPTION_RECORD, PFILE_SEGMENT_ELEMENT, PGENERIC_MAPPING, PJOB_SET_ARRAY, PKTMOBJECT_CURSOR,
+ POBJECT_TYPE_LIST, POWER_ACTION, POWER_INFORMATION_LEVEL, PPRIVILEGE_SET, PSECURITY_DESCRIPTOR,
+ PSECURITY_QUALITY_OF_SERVICE, PSE_SIGNING_LEVEL, PSID, PSID_AND_ATTRIBUTES,
+ PTOKEN_DEFAULT_DACL, PTOKEN_GROUPS, PTOKEN_MANDATORY_POLICY, PTOKEN_OWNER,
+ PTOKEN_PRIMARY_GROUP, PTOKEN_PRIVILEGES, PTOKEN_SOURCE, PTOKEN_USER,
+ RESOURCEMANAGER_INFORMATION_CLASS, SECURITY_INFORMATION, SE_SIGNING_LEVEL, SYSTEM_POWER_STATE,
+ TOKEN_INFORMATION_CLASS, TOKEN_TYPE, TRANSACTIONMANAGER_INFORMATION_CLASS,
+ TRANSACTION_INFORMATION_CLASS,
+};
+EXTERN!{extern "system" {
+ fn ZwAcceptConnectPort(
+ PortHandle: PHANDLE,
+ PortContext: PVOID,
+ ConnectionRequest: PPORT_MESSAGE,
+ AcceptConnection: BOOLEAN,
+ ServerView: PPORT_VIEW,
+ ClientView: PREMOTE_PORT_VIEW,
+ ) -> NTSTATUS;
+ fn ZwAccessCheck(
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ ClientToken: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ GenericMapping: PGENERIC_MAPPING,
+ PrivilegeSet: PPRIVILEGE_SET,
+ PrivilegeSetLength: PULONG,
+ GrantedAccess: PACCESS_MASK,
+ AccessStatus: PNTSTATUS,
+ ) -> NTSTATUS;
+ fn ZwAccessCheckAndAuditAlarm(
+ SubsystemName: PUNICODE_STRING,
+ HandleId: PVOID,
+ ObjectTypeName: PUNICODE_STRING,
+ ObjectName: PUNICODE_STRING,
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ DesiredAccess: ACCESS_MASK,
+ GenericMapping: PGENERIC_MAPPING,
+ ObjectCreation: BOOLEAN,
+ GrantedAccess: PACCESS_MASK,
+ AccessStatus: PNTSTATUS,
+ GenerateOnClose: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwAccessCheckByType(
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ PrincipalSelfSid: PSID,
+ ClientToken: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectTypeList: POBJECT_TYPE_LIST,
+ ObjectTypeListLength: ULONG,
+ GenericMapping: PGENERIC_MAPPING,
+ PrivilegeSet: PPRIVILEGE_SET,
+ PrivilegeSetLength: PULONG,
+ GrantedAccess: PACCESS_MASK,
+ AccessStatus: PNTSTATUS,
+ ) -> NTSTATUS;
+ fn ZwAccessCheckByTypeAndAuditAlarm(
+ SubsystemName: PUNICODE_STRING,
+ HandleId: PVOID,
+ ObjectTypeName: PUNICODE_STRING,
+ ObjectName: PUNICODE_STRING,
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ PrincipalSelfSid: PSID,
+ DesiredAccess: ACCESS_MASK,
+ AuditType: AUDIT_EVENT_TYPE,
+ Flags: ULONG,
+ ObjectTypeList: POBJECT_TYPE_LIST,
+ ObjectTypeListLength: ULONG,
+ GenericMapping: PGENERIC_MAPPING,
+ ObjectCreation: BOOLEAN,
+ GrantedAccess: PACCESS_MASK,
+ AccessStatus: PNTSTATUS,
+ GenerateOnClose: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwAccessCheckByTypeResultList(
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ PrincipalSelfSid: PSID,
+ ClientToken: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectTypeList: POBJECT_TYPE_LIST,
+ ObjectTypeListLength: ULONG,
+ GenericMapping: PGENERIC_MAPPING,
+ PrivilegeSet: PPRIVILEGE_SET,
+ PrivilegeSetLength: PULONG,
+ GrantedAccess: PACCESS_MASK,
+ AccessStatus: PNTSTATUS,
+ ) -> NTSTATUS;
+ fn ZwAccessCheckByTypeResultListAndAuditAlarm(
+ SubsystemName: PUNICODE_STRING,
+ HandleId: PVOID,
+ ObjectTypeName: PUNICODE_STRING,
+ ObjectName: PUNICODE_STRING,
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ PrincipalSelfSid: PSID,
+ DesiredAccess: ACCESS_MASK,
+ AuditType: AUDIT_EVENT_TYPE,
+ Flags: ULONG,
+ ObjectTypeList: POBJECT_TYPE_LIST,
+ ObjectTypeListLength: ULONG,
+ GenericMapping: PGENERIC_MAPPING,
+ ObjectCreation: BOOLEAN,
+ GrantedAccess: PACCESS_MASK,
+ AccessStatus: PNTSTATUS,
+ GenerateOnClose: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwAccessCheckByTypeResultListAndAuditAlarmByHandle(
+ SubsystemName: PUNICODE_STRING,
+ HandleId: PVOID,
+ ClientToken: HANDLE,
+ ObjectTypeName: PUNICODE_STRING,
+ ObjectName: PUNICODE_STRING,
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ PrincipalSelfSid: PSID,
+ DesiredAccess: ACCESS_MASK,
+ AuditType: AUDIT_EVENT_TYPE,
+ Flags: ULONG,
+ ObjectTypeList: POBJECT_TYPE_LIST,
+ ObjectTypeListLength: ULONG,
+ GenericMapping: PGENERIC_MAPPING,
+ ObjectCreation: BOOLEAN,
+ GrantedAccess: PACCESS_MASK,
+ AccessStatus: PNTSTATUS,
+ GenerateOnClose: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwAcquireCMFViewOwnership(
+ TimeStamp: PULONGLONG,
+ tokenTaken: PBOOLEAN,
+ replaceExisting: BOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwAddAtom(
+ AtomName: PWSTR,
+ Length: ULONG,
+ Atom: PRTL_ATOM,
+ ) -> NTSTATUS;
+ fn ZwAddAtomEx(
+ AtomName: PWSTR,
+ Length: ULONG,
+ Atom: PRTL_ATOM,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn ZwAddBootEntry(
+ BootEntry: PBOOT_ENTRY,
+ Id: PULONG,
+ ) -> NTSTATUS;
+ fn ZwAddDriverEntry(
+ DriverEntry: PEFI_DRIVER_ENTRY,
+ Id: PULONG,
+ ) -> NTSTATUS;
+ fn ZwAdjustGroupsToken(
+ TokenHandle: HANDLE,
+ ResetToDefault: BOOLEAN,
+ NewState: PTOKEN_GROUPS,
+ BufferLength: ULONG,
+ PreviousState: PTOKEN_GROUPS,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwAdjustPrivilegesToken(
+ TokenHandle: HANDLE,
+ DisableAllPrivileges: BOOLEAN,
+ NewState: PTOKEN_PRIVILEGES,
+ BufferLength: ULONG,
+ PreviousState: PTOKEN_PRIVILEGES,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwAdjustTokenClaimsAndDeviceGroups(
+ TokenHandle: HANDLE,
+ UserResetToDefault: BOOLEAN,
+ DeviceResetToDefault: BOOLEAN,
+ DeviceGroupsResetToDefault: BOOLEAN,
+ NewUserState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
+ NewDeviceState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
+ NewDeviceGroupsState: PTOKEN_GROUPS,
+ UserBufferLength: ULONG,
+ PreviousUserState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
+ DeviceBufferLength: ULONG,
+ PreviousDeviceState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
+ DeviceGroupsBufferLength: ULONG,
+ PreviousDeviceGroups: PTOKEN_GROUPS,
+ UserReturnLength: PULONG,
+ DeviceReturnLength: PULONG,
+ DeviceGroupsReturnBufferLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwAlertResumeThread(
+ ThreadHandle: HANDLE,
+ PreviousSuspendCount: PULONG,
+ ) -> NTSTATUS;
+ fn ZwAlertThread(
+ ThreadHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwAlertThreadByThreadId(
+ ThreadId: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwAllocateLocallyUniqueId(
+ Luid: PLUID,
+ ) -> NTSTATUS;
+ fn ZwAllocateReserveObject(
+ MemoryReserveHandle: PHANDLE,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ Type: MEMORY_RESERVE_TYPE,
+ ) -> NTSTATUS;
+ fn ZwAllocateUserPhysicalPages(
+ ProcessHandle: HANDLE,
+ NumberOfPages: PULONG_PTR,
+ UserPfnArray: PULONG_PTR,
+ ) -> NTSTATUS;
+ fn ZwAllocateUuids(
+ Time: PULARGE_INTEGER,
+ Range: PULONG,
+ Sequence: PULONG,
+ Seed: PCHAR,
+ ) -> NTSTATUS;
+ fn ZwAllocateVirtualMemory(
+ ProcessHandle: HANDLE,
+ BaseAddress: *mut PVOID,
+ ZeroBits: ULONG_PTR,
+ RegionSize: PSIZE_T,
+ AllocationType: ULONG,
+ Protect: ULONG,
+ ) -> NTSTATUS;
+ fn ZwAlpcAcceptConnectPort(
+ PortHandle: PHANDLE,
+ ConnectionPortHandle: HANDLE,
+ Flags: ULONG,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ PortAttributes: PALPC_PORT_ATTRIBUTES,
+ PortContext: PVOID,
+ ConnectionRequest: PPORT_MESSAGE,
+ ConnectionMessageAttributes: PALPC_MESSAGE_ATTRIBUTES,
+ AcceptConnection: BOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwAlpcCancelMessage(
+ PortHandle: HANDLE,
+ Flags: ULONG,
+ MessageContext: PALPC_CONTEXT_ATTR,
+ ) -> NTSTATUS;
+ fn ZwAlpcConnectPort(
+ PortHandle: PHANDLE,
+ PortName: PUNICODE_STRING,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ PortAttributes: PALPC_PORT_ATTRIBUTES,
+ Flags: ULONG,
+ RequiredServerSid: PSID,
+ ConnectionMessage: PPORT_MESSAGE,
+ BufferLength: PULONG,
+ OutMessageAttributes: PALPC_MESSAGE_ATTRIBUTES,
+ InMessageAttributes: PALPC_MESSAGE_ATTRIBUTES,
+ Timeout: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwAlpcConnectPortEx(
+ PortHandle: PHANDLE,
+ ConnectionPortObjectAttributes: POBJECT_ATTRIBUTES,
+ ClientPortObjectAttributes: POBJECT_ATTRIBUTES,
+ PortAttributes: PALPC_PORT_ATTRIBUTES,
+ Flags: ULONG,
+ ServerSecurityRequirements: PSECURITY_DESCRIPTOR,
+ ConnectionMessage: PPORT_MESSAGE,
+ BufferLength: PSIZE_T,
+ OutMessageAttributes: PALPC_MESSAGE_ATTRIBUTES,
+ InMessageAttributes: PALPC_MESSAGE_ATTRIBUTES,
+ Timeout: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwAlpcCreatePort(
+ PortHandle: PHANDLE,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ PortAttributes: PALPC_PORT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn ZwAlpcCreatePortSection(
+ PortHandle: HANDLE,
+ Flags: ULONG,
+ SectionHandle: HANDLE,
+ SectionSize: SIZE_T,
+ AlpcSectionHandle: PALPC_HANDLE,
+ ActualSectionSize: PSIZE_T,
+ ) -> NTSTATUS;
+ fn ZwAlpcCreateResourceReserve(
+ PortHandle: HANDLE,
+ Flags: ULONG,
+ MessageSize: SIZE_T,
+ ResourceId: PALPC_HANDLE,
+ ) -> NTSTATUS;
+ fn ZwAlpcCreateSectionView(
+ PortHandle: HANDLE,
+ Flags: ULONG,
+ ViewAttributes: PALPC_DATA_VIEW_ATTR,
+ ) -> NTSTATUS;
+ fn ZwAlpcCreateSecurityContext(
+ PortHandle: HANDLE,
+ Flags: ULONG,
+ SecurityAttribute: PALPC_SECURITY_ATTR,
+ ) -> NTSTATUS;
+ fn ZwAlpcDeletePortSection(
+ PortHandle: HANDLE,
+ Flags: ULONG,
+ SectionHandle: ALPC_HANDLE,
+ ) -> NTSTATUS;
+ fn ZwAlpcDeleteResourceReserve(
+ PortHandle: HANDLE,
+ Flags: ULONG,
+ ResourceId: ALPC_HANDLE,
+ ) -> NTSTATUS;
+ fn ZwAlpcDeleteSectionView(
+ PortHandle: HANDLE,
+ Flags: ULONG,
+ ViewBase: PVOID,
+ ) -> NTSTATUS;
+ fn ZwAlpcDeleteSecurityContext(
+ PortHandle: HANDLE,
+ Flags: ULONG,
+ ContextHandle: ALPC_HANDLE,
+ ) -> NTSTATUS;
+ fn ZwAlpcDisconnectPort(
+ PortHandle: HANDLE,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn ZwAlpcImpersonateClientContainerOfPort(
+ PortHandle: HANDLE,
+ Message: PPORT_MESSAGE,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn ZwAlpcImpersonateClientOfPort(
+ PortHandle: HANDLE,
+ Message: PPORT_MESSAGE,
+ Flags: PVOID,
+ ) -> NTSTATUS;
+ fn ZwAlpcOpenSenderProcess(
+ ProcessHandle: PHANDLE,
+ PortHandle: HANDLE,
+ PortMessage: PPORT_MESSAGE,
+ Flags: ULONG,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn ZwAlpcOpenSenderThread(
+ ThreadHandle: PHANDLE,
+ PortHandle: HANDLE,
+ PortMessage: PPORT_MESSAGE,
+ Flags: ULONG,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn ZwAlpcQueryInformation(
+ PortHandle: HANDLE,
+ PortInformationClass: ALPC_PORT_INFORMATION_CLASS,
+ PortInformation: PVOID,
+ Length: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwAlpcQueryInformationMessage(
+ PortHandle: HANDLE,
+ PortMessage: PPORT_MESSAGE,
+ MessageInformationClass: ALPC_MESSAGE_INFORMATION_CLASS,
+ MessageInformation: PVOID,
+ Length: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwAlpcRevokeSecurityContext(
+ PortHandle: HANDLE,
+ Flags: ULONG,
+ ContextHandle: ALPC_HANDLE,
+ ) -> NTSTATUS;
+ fn ZwAlpcSendWaitReceivePort(
+ PortHandle: HANDLE,
+ Flags: ULONG,
+ SendMessageA: PPORT_MESSAGE,
+ SendMessageAttributes: PALPC_MESSAGE_ATTRIBUTES,
+ ReceiveMessage: PPORT_MESSAGE,
+ BufferLength: PSIZE_T,
+ ReceiveMessageAttributes: PALPC_MESSAGE_ATTRIBUTES,
+ Timeout: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwAlpcSetInformation(
+ PortHandle: HANDLE,
+ PortInformationClass: ALPC_PORT_INFORMATION_CLASS,
+ PortInformation: PVOID,
+ Length: ULONG,
+ ) -> NTSTATUS;
+ fn ZwAreMappedFilesTheSame(
+ File1MappedAsAnImage: PVOID,
+ File2MappedAsFile: PVOID,
+ ) -> NTSTATUS;
+ fn ZwAssignProcessToJobObject(
+ JobHandle: HANDLE,
+ ProcessHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwAssociateWaitCompletionPacket(
+ WaitCompletionPacketHandle: HANDLE,
+ IoCompletionHandle: HANDLE,
+ TargetObjectHandle: HANDLE,
+ KeyContext: PVOID,
+ ApcContext: PVOID,
+ IoStatus: NTSTATUS,
+ IoStatusInformation: ULONG_PTR,
+ AlreadySignaled: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwCallbackReturn(
+ OutputBuffer: PVOID,
+ OutputLength: ULONG,
+ Status: NTSTATUS,
+ ) -> NTSTATUS;
+ fn ZwCancelIoFile(
+ FileHandle: HANDLE,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ ) -> NTSTATUS;
+ fn ZwCancelIoFileEx(
+ FileHandle: HANDLE,
+ IoRequestToCancel: PIO_STATUS_BLOCK,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ ) -> NTSTATUS;
+ fn ZwCancelSynchronousIoFile(
+ ThreadHandle: HANDLE,
+ IoRequestToCancel: PIO_STATUS_BLOCK,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ ) -> NTSTATUS;
+ fn ZwCancelTimer(
+ TimerHandle: HANDLE,
+ CurrentState: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwCancelTimer2(
+ TimerHandle: HANDLE,
+ Parameters: PT2_CANCEL_PARAMETERS,
+ ) -> NTSTATUS;
+ fn ZwCancelWaitCompletionPacket(
+ WaitCompletionPacketHandle: HANDLE,
+ RemoveSignaledPacket: BOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwClearEvent(
+ EventHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwClose(
+ Handle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwCloseObjectAuditAlarm(
+ SubsystemName: PUNICODE_STRING,
+ HandleId: PVOID,
+ GenerateOnClose: BOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwCommitComplete(
+ EnlistmentHandle: HANDLE,
+ TmVirtualClock: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwCommitEnlistment(
+ EnlistmentHandle: HANDLE,
+ TmVirtualClock: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwCommitTransaction(
+ TransactionHandle: HANDLE,
+ Wait: BOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwCompactKeys(
+ Count: ULONG,
+ KeyArray: *mut HANDLE,
+ ) -> NTSTATUS;
+ fn ZwCompareObjects(
+ FirstObjectHandle: HANDLE,
+ SecondObjectHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwCompareTokens(
+ FirstTokenHandle: HANDLE,
+ SecondTokenHandle: HANDLE,
+ Equal: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwCompleteConnectPort(
+ PortHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwCompressKey(
+ Key: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwConnectPort(
+ PortHandle: PHANDLE,
+ PortName: PUNICODE_STRING,
+ SecurityQos: PSECURITY_QUALITY_OF_SERVICE,
+ ClientView: PPORT_VIEW,
+ ServerView: PREMOTE_PORT_VIEW,
+ MaxMessageLength: PULONG,
+ ConnectionInformation: PVOID,
+ ConnectionInformationLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwContinue(
+ ContextRecord: PCONTEXT,
+ TestAlert: BOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwCreateDebugObject(
+ DebugObjectHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn ZwCreateDirectoryObject(
+ DirectoryHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn ZwCreateDirectoryObjectEx(
+ DirectoryHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ShadowDirectoryHandle: HANDLE,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn ZwCreateEnlistment(
+ EnlistmentHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ResourceManagerHandle: HANDLE,
+ TransactionHandle: HANDLE,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ CreateOptions: ULONG,
+ NotificationMask: NOTIFICATION_MASK,
+ EnlistmentKey: PVOID,
+ ) -> NTSTATUS;
+ fn ZwCreateEvent(
+ EventHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ EventType: EVENT_TYPE,
+ InitialState: BOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwCreateEventPair(
+ EventPairHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn ZwCreateFile(
+ FileHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ AllocationSize: PLARGE_INTEGER,
+ FileAttributes: ULONG,
+ ShareAccess: ULONG,
+ CreateDisposition: ULONG,
+ CreateOptions: ULONG,
+ EaBuffer: PVOID,
+ EaLength: ULONG,
+ ) -> NTSTATUS;
+ fn ZwCreateIRTimer(
+ TimerHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ) -> NTSTATUS;
+ fn ZwCreateIoCompletion(
+ IoCompletionHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ Count: ULONG,
+ ) -> NTSTATUS;
+ fn ZwCreateJobObject(
+ JobHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn ZwCreateJobSet(
+ NumJob: ULONG,
+ UserJobSet: PJOB_SET_ARRAY,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn ZwCreateKey(
+ KeyHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ TitleIndex: ULONG,
+ Class: PUNICODE_STRING,
+ CreateOptions: ULONG,
+ Disposition: PULONG,
+ ) -> NTSTATUS;
+ fn ZwCreateKeyTransacted(
+ KeyHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ TitleIndex: ULONG,
+ Class: PUNICODE_STRING,
+ CreateOptions: ULONG,
+ TransactionHandle: HANDLE,
+ Disposition: PULONG,
+ ) -> NTSTATUS;
+ fn ZwCreateKeyedEvent(
+ KeyedEventHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn ZwCreateLowBoxToken(
+ TokenHandle: PHANDLE,
+ ExistingTokenHandle: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ PackageSid: PSID,
+ CapabilityCount: ULONG,
+ Capabilities: PSID_AND_ATTRIBUTES,
+ HandleCount: ULONG,
+ Handles: *mut HANDLE,
+ ) -> NTSTATUS;
+ fn ZwCreateMailslotFile(
+ FileHandle: PHANDLE,
+ DesiredAccess: ULONG,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ CreateOptions: ULONG,
+ MailslotQuota: ULONG,
+ MaximumMessageSize: ULONG,
+ ReadTimeout: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwCreateMutant(
+ MutantHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ InitialOwner: BOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwCreateNamedPipeFile(
+ FileHandle: PHANDLE,
+ DesiredAccess: ULONG,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ ShareAccess: ULONG,
+ CreateDisposition: ULONG,
+ CreateOptions: ULONG,
+ NamedPipeType: ULONG,
+ ReadMode: ULONG,
+ CompletionMode: ULONG,
+ MaximumInstances: ULONG,
+ InboundQuota: ULONG,
+ OutboundQuota: ULONG,
+ DefaultTimeout: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwCreatePagingFile(
+ PageFileName: PUNICODE_STRING,
+ MinimumSize: PLARGE_INTEGER,
+ MaximumSize: PLARGE_INTEGER,
+ Priority: ULONG,
+ ) -> NTSTATUS;
+ fn ZwCreatePartition(
+ PartitionHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ PreferredNode: ULONG,
+ ) -> NTSTATUS;
+ fn ZwCreatePort(
+ PortHandle: PHANDLE,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ MaxConnectionInfoLength: ULONG,
+ MaxMessageLength: ULONG,
+ MaxPoolUsage: ULONG,
+ ) -> NTSTATUS;
+ fn ZwCreatePrivateNamespace(
+ NamespaceHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ BoundaryDescriptor: PVOID,
+ ) -> NTSTATUS;
+ fn ZwCreateProcess(
+ ProcessHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ParentProcess: HANDLE,
+ InheritObjectTable: BOOLEAN,
+ SectionHandle: HANDLE,
+ DebugPort: HANDLE,
+ ExceptionPort: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwCreateProcessEx(
+ ProcessHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ParentProcess: HANDLE,
+ Flags: ULONG,
+ SectionHandle: HANDLE,
+ DebugPort: HANDLE,
+ ExceptionPort: HANDLE,
+ JobMemberLevel: ULONG,
+ ) -> NTSTATUS;
+ fn ZwCreateProfile(
+ ProfileHandle: PHANDLE,
+ Process: HANDLE,
+ ProfileBase: PVOID,
+ ProfileSize: SIZE_T,
+ BucketSize: ULONG,
+ Buffer: PULONG,
+ BufferSize: ULONG,
+ ProfileSource: KPROFILE_SOURCE,
+ Affinity: KAFFINITY,
+ ) -> NTSTATUS;
+ fn ZwCreateProfileEx(
+ ProfileHandle: PHANDLE,
+ Process: HANDLE,
+ ProfileBase: PVOID,
+ ProfileSize: SIZE_T,
+ BucketSize: ULONG,
+ Buffer: PULONG,
+ BufferSize: ULONG,
+ ProfileSource: KPROFILE_SOURCE,
+ GroupCount: USHORT,
+ GroupAffinity: PGROUP_AFFINITY,
+ ) -> NTSTATUS;
+ fn ZwCreateResourceManager(
+ ResourceManagerHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ TmHandle: HANDLE,
+ ResourceManagerGuid: LPGUID,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ CreateOptions: ULONG,
+ Description: PUNICODE_STRING,
+ ) -> NTSTATUS;
+ fn ZwCreateSection(
+ SectionHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ MaximumSize: PLARGE_INTEGER,
+ SectionPageProtection: ULONG,
+ AllocationAttributes: ULONG,
+ FileHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwCreateSemaphore(
+ SemaphoreHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ InitialCount: LONG,
+ MaximumCount: LONG,
+ ) -> NTSTATUS;
+ fn ZwCreateSymbolicLinkObject(
+ LinkHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ LinkTarget: PUNICODE_STRING,
+ ) -> NTSTATUS;
+ fn ZwCreateThread(
+ ThreadHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ProcessHandle: HANDLE,
+ ClientId: PCLIENT_ID,
+ ThreadContext: PCONTEXT,
+ InitialTeb: PINITIAL_TEB,
+ CreateSuspended: BOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwCreateThreadEx(
+ ThreadHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ProcessHandle: HANDLE,
+ StartRoutine: PVOID,
+ Argument: PVOID,
+ CreateFlags: ULONG,
+ ZeroBits: SIZE_T,
+ StackSize: SIZE_T,
+ MaximumStackSize: SIZE_T,
+ AttributeList: PPS_ATTRIBUTE_LIST,
+ ) -> NTSTATUS;
+ fn ZwCreateTimer(
+ TimerHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ TimerType: TIMER_TYPE,
+ ) -> NTSTATUS;
+ fn ZwCreateTimer2(
+ TimerHandle: PHANDLE,
+ Reserved1: PVOID,
+ Reserved2: PVOID,
+ Attributes: ULONG,
+ DesiredAccess: ACCESS_MASK,
+ ) -> NTSTATUS;
+ fn ZwCreateToken(
+ TokenHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ TokenType: TOKEN_TYPE,
+ AuthenticationId: PLUID,
+ ExpirationTime: PLARGE_INTEGER,
+ User: PTOKEN_USER,
+ Groups: PTOKEN_GROUPS,
+ Privileges: PTOKEN_PRIVILEGES,
+ Owner: PTOKEN_OWNER,
+ PrimaryGroup: PTOKEN_PRIMARY_GROUP,
+ DefaultDacl: PTOKEN_DEFAULT_DACL,
+ TokenSource: PTOKEN_SOURCE,
+ ) -> NTSTATUS;
+ fn ZwCreateTokenEx(
+ TokenHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ TokenType: TOKEN_TYPE,
+ AuthenticationId: PLUID,
+ ExpirationTime: PLARGE_INTEGER,
+ User: PTOKEN_USER,
+ Groups: PTOKEN_GROUPS,
+ Privileges: PTOKEN_PRIVILEGES,
+ UserAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
+ DeviceAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
+ DeviceGroups: PTOKEN_GROUPS,
+ TokenMandatoryPolicy: PTOKEN_MANDATORY_POLICY,
+ Owner: PTOKEN_OWNER,
+ PrimaryGroup: PTOKEN_PRIMARY_GROUP,
+ DefaultDacl: PTOKEN_DEFAULT_DACL,
+ TokenSource: PTOKEN_SOURCE,
+ ) -> NTSTATUS;
+ fn ZwCreateTransaction(
+ TransactionHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ Uow: LPGUID,
+ TmHandle: HANDLE,
+ CreateOptions: ULONG,
+ IsolationLevel: ULONG,
+ IsolationFlags: ULONG,
+ Timeout: PLARGE_INTEGER,
+ Description: PUNICODE_STRING,
+ ) -> NTSTATUS;
+ fn ZwCreateTransactionManager(
+ TmHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ LogFileName: PUNICODE_STRING,
+ CreateOptions: ULONG,
+ CommitStrength: ULONG,
+ ) -> NTSTATUS;
+ fn ZwCreateUserProcess(
+ ProcessHandle: PHANDLE,
+ ThreadHandle: PHANDLE,
+ ProcessDesiredAccess: ACCESS_MASK,
+ ThreadDesiredAccess: ACCESS_MASK,
+ ProcessObjectAttributes: POBJECT_ATTRIBUTES,
+ ThreadObjectAttributes: POBJECT_ATTRIBUTES,
+ ProcessFlags: ULONG,
+ ThreadFlags: ULONG,
+ ProcessParameters: PVOID,
+ CreateInfo: PPS_CREATE_INFO,
+ AttributeList: PPS_ATTRIBUTE_LIST,
+ ) -> NTSTATUS;
+ fn ZwCreateWaitCompletionPacket(
+ WaitCompletionPacketHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn ZwCreateWaitablePort(
+ PortHandle: PHANDLE,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ MaxConnectionInfoLength: ULONG,
+ MaxMessageLength: ULONG,
+ MaxPoolUsage: ULONG,
+ ) -> NTSTATUS;
+ fn ZwCreateWnfStateName(
+ StateName: PWNF_STATE_NAME,
+ NameLifetime: WNF_STATE_NAME_LIFETIME,
+ DataScope: WNF_DATA_SCOPE,
+ PersistData: BOOLEAN,
+ TypeId: PCWNF_TYPE_ID,
+ MaximumStateSize: ULONG,
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ ) -> NTSTATUS;
+ fn ZwCreateWorkerFactory(
+ WorkerFactoryHandleReturn: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ CompletionPortHandle: HANDLE,
+ WorkerProcessHandle: HANDLE,
+ StartRoutine: PVOID,
+ StartParameter: PVOID,
+ MaxThreadCount: ULONG,
+ StackReserve: SIZE_T,
+ StackCommit: SIZE_T,
+ ) -> NTSTATUS;
+ fn ZwDebugActiveProcess(
+ ProcessHandle: HANDLE,
+ DebugObjectHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwDebugContinue(
+ DebugObjectHandle: HANDLE,
+ ClientId: PCLIENT_ID,
+ ContinueStatus: NTSTATUS,
+ ) -> NTSTATUS;
+ fn ZwDelayExecution(
+ Alertable: BOOLEAN,
+ DelayInterval: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwDeleteAtom(
+ Atom: RTL_ATOM,
+ ) -> NTSTATUS;
+ fn ZwDeleteBootEntry(
+ Id: ULONG,
+ ) -> NTSTATUS;
+ fn ZwDeleteDriverEntry(
+ Id: ULONG,
+ ) -> NTSTATUS;
+ fn ZwDeleteFile(
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn ZwDeleteKey(
+ KeyHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwDeleteObjectAuditAlarm(
+ SubsystemName: PUNICODE_STRING,
+ HandleId: PVOID,
+ GenerateOnClose: BOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwDeletePrivateNamespace(
+ NamespaceHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwDeleteValueKey(
+ KeyHandle: HANDLE,
+ ValueName: PUNICODE_STRING,
+ ) -> NTSTATUS;
+ fn ZwDeleteWnfStateData(
+ StateName: PCWNF_STATE_NAME,
+ ExplicitScope: *const VOID,
+ ) -> NTSTATUS;
+ fn ZwDeleteWnfStateName(
+ StateName: PCWNF_STATE_NAME,
+ ) -> NTSTATUS;
+ fn ZwDeviceIoControlFile(
+ FileHandle: HANDLE,
+ Event: HANDLE,
+ ApcRoutine: PIO_APC_ROUTINE,
+ ApcContext: PVOID,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ IoControlCode: ULONG,
+ InputBuffer: PVOID,
+ InputBufferLength: ULONG,
+ OutputBuffer: PVOID,
+ OutputBufferLength: ULONG,
+ ) -> NTSTATUS;
+ fn ZwDisableLastKnownGood() -> NTSTATUS;
+ fn ZwDisplayString(
+ String: PUNICODE_STRING,
+ ) -> NTSTATUS;
+ fn ZwDrawText(
+ String: PUNICODE_STRING,
+ ) -> NTSTATUS;
+ fn ZwDuplicateObject(
+ SourceProcessHandle: HANDLE,
+ SourceHandle: HANDLE,
+ TargetProcessHandle: HANDLE,
+ TargetHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ HandleAttributes: ULONG,
+ Options: ULONG,
+ ) -> NTSTATUS;
+ fn ZwDuplicateToken(
+ ExistingTokenHandle: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ EffectiveOnly: BOOLEAN,
+ TokenType: TOKEN_TYPE,
+ NewTokenHandle: PHANDLE,
+ ) -> NTSTATUS;
+ fn ZwEnableLastKnownGood() -> NTSTATUS;
+ fn ZwEnumerateBootEntries(
+ Buffer: PVOID,
+ BufferLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwEnumerateDriverEntries(
+ Buffer: PVOID,
+ BufferLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwEnumerateKey(
+ KeyHandle: HANDLE,
+ Index: ULONG,
+ KeyInformationClass: KEY_INFORMATION_CLASS,
+ KeyInformation: PVOID,
+ Length: ULONG,
+ ResultLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwEnumerateSystemEnvironmentValuesEx(
+ InformationClass: ULONG,
+ Buffer: PVOID,
+ BufferLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwEnumerateTransactionObject(
+ RootObjectHandle: HANDLE,
+ QueryType: KTMOBJECT_TYPE,
+ ObjectCursor: PKTMOBJECT_CURSOR,
+ ObjectCursorLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwEnumerateValueKey(
+ KeyHandle: HANDLE,
+ Index: ULONG,
+ KeyValueInformationClass: KEY_VALUE_INFORMATION_CLASS,
+ KeyValueInformation: PVOID,
+ Length: ULONG,
+ ResultLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwExtendSection(
+ SectionHandle: HANDLE,
+ NewSectionSize: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwFilterToken(
+ ExistingTokenHandle: HANDLE,
+ Flags: ULONG,
+ SidsToDisable: PTOKEN_GROUPS,
+ PrivilegesToDelete: PTOKEN_PRIVILEGES,
+ RestrictedSids: PTOKEN_GROUPS,
+ NewTokenHandle: PHANDLE,
+ ) -> NTSTATUS;
+ fn ZwFilterTokenEx(
+ ExistingTokenHandle: HANDLE,
+ Flags: ULONG,
+ SidsToDisable: PTOKEN_GROUPS,
+ PrivilegesToDelete: PTOKEN_PRIVILEGES,
+ RestrictedSids: PTOKEN_GROUPS,
+ DisableUserClaimsCount: ULONG,
+ UserClaimsToDisable: PUNICODE_STRING,
+ DisableDeviceClaimsCount: ULONG,
+ DeviceClaimsToDisable: PUNICODE_STRING,
+ DeviceGroupsToDisable: PTOKEN_GROUPS,
+ RestrictedUserAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
+ RestrictedDeviceAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
+ RestrictedDeviceGroups: PTOKEN_GROUPS,
+ NewTokenHandle: PHANDLE,
+ ) -> NTSTATUS;
+ fn ZwFindAtom(
+ AtomName: PWSTR,
+ Length: ULONG,
+ Atom: PRTL_ATOM,
+ ) -> NTSTATUS;
+ fn ZwFlushBuffersFile(
+ FileHandle: HANDLE,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ ) -> NTSTATUS;
+ fn ZwFlushBuffersFileEx(
+ FileHandle: HANDLE,
+ Flags: ULONG,
+ Parameters: PVOID,
+ ParametersSize: ULONG,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ ) -> NTSTATUS;
+ fn ZwFlushInstallUILanguage(
+ InstallUILanguage: LANGID,
+ SetComittedFlag: ULONG,
+ ) -> NTSTATUS;
+ fn ZwFlushInstructionCache(
+ ProcessHandle: HANDLE,
+ BaseAddress: PVOID,
+ Length: SIZE_T,
+ ) -> NTSTATUS;
+ fn ZwFlushKey(
+ KeyHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwFlushProcessWriteBuffers();
+ fn ZwFlushWriteBuffer() -> NTSTATUS;
+ fn ZwFreeUserPhysicalPages(
+ ProcessHandle: HANDLE,
+ NumberOfPages: PULONG_PTR,
+ UserPfnArray: PULONG_PTR,
+ ) -> NTSTATUS;
+ fn ZwFreeVirtualMemory(
+ ProcessHandle: HANDLE,
+ BaseAddress: *mut PVOID,
+ RegionSize: PSIZE_T,
+ FreeType: ULONG,
+ ) -> NTSTATUS;
+ fn ZwFreezeRegistry(
+ TimeOutInSeconds: ULONG,
+ ) -> NTSTATUS;
+ fn ZwFreezeTransactions(
+ FreezeTimeout: PLARGE_INTEGER,
+ ThawTimeout: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwFsControlFile(
+ FileHandle: HANDLE,
+ Event: HANDLE,
+ ApcRoutine: PIO_APC_ROUTINE,
+ ApcContext: PVOID,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ FsControlCode: ULONG,
+ InputBuffer: PVOID,
+ InputBufferLength: ULONG,
+ OutputBuffer: PVOID,
+ OutputBufferLength: ULONG,
+ ) -> NTSTATUS;
+ fn ZwGetCachedSigningLevel(
+ File: HANDLE,
+ Flags: PULONG,
+ SigningLevel: PSE_SIGNING_LEVEL,
+ Thumbprint: PUCHAR,
+ ThumbprintSize: PULONG,
+ ThumbprintAlgorithm: PULONG,
+ ) -> NTSTATUS;
+ fn ZwGetCompleteWnfStateSubscription(
+ OldDescriptorStateName: PWNF_STATE_NAME,
+ OldSubscriptionId: *mut ULONG64,
+ OldDescriptorEventMask: ULONG,
+ OldDescriptorStatus: ULONG,
+ NewDeliveryDescriptor: PWNF_DELIVERY_DESCRIPTOR,
+ DescriptorSize: ULONG,
+ ) -> NTSTATUS;
+ fn ZwGetContextThread(
+ ThreadHandle: HANDLE,
+ ThreadContext: PCONTEXT,
+ ) -> NTSTATUS;
+ fn ZwGetCurrentProcessorNumber() -> ULONG;
+ fn ZwGetDevicePowerState(
+ Device: HANDLE,
+ State: PDEVICE_POWER_STATE,
+ ) -> NTSTATUS;
+ fn ZwGetMUIRegistryInfo(
+ Flags: ULONG,
+ DataSize: PULONG,
+ Data: PVOID,
+ ) -> NTSTATUS;
+ fn ZwGetNextProcess(
+ ProcessHandle: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ HandleAttributes: ULONG,
+ Flags: ULONG,
+ NewProcessHandle: PHANDLE,
+ ) -> NTSTATUS;
+ fn ZwGetNextThread(
+ ProcessHandle: HANDLE,
+ ThreadHandle: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ HandleAttributes: ULONG,
+ Flags: ULONG,
+ NewThreadHandle: PHANDLE,
+ ) -> NTSTATUS;
+ fn ZwGetNlsSectionPtr(
+ SectionType: ULONG,
+ SectionData: ULONG,
+ ContextData: PVOID,
+ SectionPointer: *mut PVOID,
+ SectionSize: PULONG,
+ ) -> NTSTATUS;
+ fn ZwGetNotificationResourceManager(
+ ResourceManagerHandle: HANDLE,
+ TransactionNotification: PTRANSACTION_NOTIFICATION,
+ NotificationLength: ULONG,
+ Timeout: PLARGE_INTEGER,
+ ReturnLength: PULONG,
+ Asynchronous: ULONG,
+ AsynchronousContext: ULONG_PTR,
+ ) -> NTSTATUS;
+ fn ZwGetPlugPlayEvent(
+ EventHandle: HANDLE,
+ Context: PVOID,
+ EventBlock: PPLUGPLAY_EVENT_BLOCK,
+ EventBufferSize: ULONG,
+ ) -> NTSTATUS;
+ fn ZwGetWriteWatch(
+ ProcessHandle: HANDLE,
+ Flags: ULONG,
+ BaseAddress: PVOID,
+ RegionSize: SIZE_T,
+ UserAddressArray: *mut PVOID,
+ EntriesInUserAddressArray: PULONG_PTR,
+ Granularity: PULONG,
+ ) -> NTSTATUS;
+ fn ZwImpersonateAnonymousToken(
+ ThreadHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwImpersonateClientOfPort(
+ PortHandle: HANDLE,
+ Message: PPORT_MESSAGE,
+ ) -> NTSTATUS;
+ fn ZwImpersonateThread(
+ ServerThreadHandle: HANDLE,
+ ClientThreadHandle: HANDLE,
+ SecurityQos: PSECURITY_QUALITY_OF_SERVICE,
+ ) -> NTSTATUS;
+ fn ZwInitializeNlsFiles(
+ BaseAddress: *mut PVOID,
+ DefaultLocaleId: PLCID,
+ DefaultCasingTableSize: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwInitializeRegistry(
+ BootCondition: USHORT,
+ ) -> NTSTATUS;
+ fn ZwInitiatePowerAction(
+ SystemAction: POWER_ACTION,
+ LightestSystemState: SYSTEM_POWER_STATE,
+ Flags: ULONG,
+ Asynchronous: BOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwIsProcessInJob(
+ ProcessHandle: HANDLE,
+ JobHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwIsSystemResumeAutomatic() -> BOOLEAN;
+ fn ZwIsUILanguageComitted() -> NTSTATUS;
+ fn ZwListenPort(
+ PortHandle: HANDLE,
+ ConnectionRequest: PPORT_MESSAGE,
+ ) -> NTSTATUS;
+ fn ZwLoadDriver(
+ DriverServiceName: PUNICODE_STRING,
+ ) -> NTSTATUS;
+ fn ZwLoadKey(
+ TargetKey: POBJECT_ATTRIBUTES,
+ SourceFile: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn ZwLoadKey2(
+ TargetKey: POBJECT_ATTRIBUTES,
+ SourceFile: POBJECT_ATTRIBUTES,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn ZwLoadKeyEx(
+ TargetKey: POBJECT_ATTRIBUTES,
+ SourceFile: POBJECT_ATTRIBUTES,
+ Flags: ULONG,
+ TrustClassKey: HANDLE,
+ Event: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ RootHandle: PHANDLE,
+ IoStatus: PIO_STATUS_BLOCK,
+ ) -> NTSTATUS;
+ fn ZwLockFile(
+ FileHandle: HANDLE,
+ Event: HANDLE,
+ ApcRoutine: PIO_APC_ROUTINE,
+ ApcContext: PVOID,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ ByteOffset: PLARGE_INTEGER,
+ Length: PLARGE_INTEGER,
+ Key: ULONG,
+ FailImmediately: BOOLEAN,
+ ExclusiveLock: BOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwLockProductActivationKeys(
+ pPrivateVer: *mut ULONG,
+ pSafeMode: *mut ULONG,
+ ) -> NTSTATUS;
+ fn ZwLockRegistryKey(
+ KeyHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwLockVirtualMemory(
+ ProcessHandle: HANDLE,
+ BaseAddress: *mut PVOID,
+ RegionSize: PSIZE_T,
+ MapType: ULONG,
+ ) -> NTSTATUS;
+ fn ZwMakePermanentObject(
+ Handle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwMakeTemporaryObject(
+ Handle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwManagePartition(
+ PartitionInformationClass: MEMORY_PARTITION_INFORMATION_CLASS,
+ PartitionInformation: PVOID,
+ PartitionInformationLength: ULONG,
+ ) -> NTSTATUS;
+ fn ZwMapCMFModule(
+ What: ULONG,
+ Index: ULONG,
+ CacheIndexOut: PULONG,
+ CacheFlagsOut: PULONG,
+ ViewSizeOut: PULONG,
+ BaseAddress: *mut PVOID,
+ ) -> NTSTATUS;
+ fn ZwMapUserPhysicalPages(
+ VirtualAddress: PVOID,
+ NumberOfPages: ULONG_PTR,
+ UserPfnArray: PULONG_PTR,
+ ) -> NTSTATUS;
+ fn ZwMapUserPhysicalPagesScatter(
+ VirtualAddresses: *mut PVOID,
+ NumberOfPages: ULONG_PTR,
+ UserPfnArray: PULONG_PTR,
+ ) -> NTSTATUS;
+ fn ZwMapViewOfSection(
+ SectionHandle: HANDLE,
+ ProcessHandle: HANDLE,
+ BaseAddress: *mut PVOID,
+ ZeroBits: ULONG_PTR,
+ CommitSize: SIZE_T,
+ SectionOffset: PLARGE_INTEGER,
+ ViewSize: PSIZE_T,
+ InheritDisposition: SECTION_INHERIT,
+ AllocationType: ULONG,
+ Win32Protect: ULONG,
+ ) -> NTSTATUS;
+ fn ZwModifyBootEntry(
+ BootEntry: PBOOT_ENTRY,
+ ) -> NTSTATUS;
+ fn ZwModifyDriverEntry(
+ DriverEntry: PEFI_DRIVER_ENTRY,
+ ) -> NTSTATUS;
+ fn ZwNotifyChangeDirectoryFile(
+ FileHandle: HANDLE,
+ Event: HANDLE,
+ ApcRoutine: PIO_APC_ROUTINE,
+ ApcContext: PVOID,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ Buffer: PVOID,
+ Length: ULONG,
+ CompletionFilter: ULONG,
+ WatchTree: BOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwNotifyChangeKey(
+ KeyHandle: HANDLE,
+ Event: HANDLE,
+ ApcRoutine: PIO_APC_ROUTINE,
+ ApcContext: PVOID,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ CompletionFilter: ULONG,
+ WatchTree: BOOLEAN,
+ Buffer: PVOID,
+ BufferSize: ULONG,
+ Asynchronous: BOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwNotifyChangeMultipleKeys(
+ MasterKeyHandle: HANDLE,
+ Count: ULONG,
+ SubordinateObjects: *mut OBJECT_ATTRIBUTES,
+ Event: HANDLE,
+ ApcRoutine: PIO_APC_ROUTINE,
+ ApcContext: PVOID,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ CompletionFilter: ULONG,
+ WatchTree: BOOLEAN,
+ Buffer: PVOID,
+ BufferSize: ULONG,
+ Asynchronous: BOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwNotifyChangeSession(
+ SessionHandle: HANDLE,
+ ChangeSequenceNumber: ULONG,
+ ChangeTimeStamp: PLARGE_INTEGER,
+ Event: IO_SESSION_EVENT,
+ NewState: IO_SESSION_STATE,
+ PreviousState: IO_SESSION_STATE,
+ Payload: PVOID,
+ PayloadSize: ULONG,
+ ) -> NTSTATUS;
+ fn ZwOpenDirectoryObject(
+ DirectoryHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn ZwOpenEnlistment(
+ EnlistmentHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ RmHandle: HANDLE,
+ EnlistmentGuid: LPGUID,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn ZwOpenEvent(
+ EventHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn ZwOpenEventPair(
+ EventPairHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn ZwOpenFile(
+ FileHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ ShareAccess: ULONG,
+ OpenOptions: ULONG,
+ ) -> NTSTATUS;
+ fn ZwOpenIoCompletion(
+ IoCompletionHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn ZwOpenJobObject(
+ JobHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn ZwOpenKey(
+ KeyHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn ZwOpenKeyEx(
+ KeyHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ OpenOptions: ULONG,
+ ) -> NTSTATUS;
+ fn ZwOpenKeyTransacted(
+ KeyHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ TransactionHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwOpenKeyTransactedEx(
+ KeyHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ OpenOptions: ULONG,
+ TransactionHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwOpenKeyedEvent(
+ KeyedEventHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn ZwOpenMutant(
+ MutantHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn ZwOpenObjectAuditAlarm(
+ SubsystemName: PUNICODE_STRING,
+ HandleId: PVOID,
+ ObjectTypeName: PUNICODE_STRING,
+ ObjectName: PUNICODE_STRING,
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ ClientToken: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ GrantedAccess: ACCESS_MASK,
+ Privileges: PPRIVILEGE_SET,
+ ObjectCreation: BOOLEAN,
+ AccessGranted: BOOLEAN,
+ GenerateOnClose: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwOpenPartition(
+ PartitionHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn ZwOpenPrivateNamespace(
+ NamespaceHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ BoundaryDescriptor: PVOID,
+ ) -> NTSTATUS;
+ fn ZwOpenProcess(
+ ProcessHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ClientId: PCLIENT_ID,
+ ) -> NTSTATUS;
+ fn ZwOpenProcessToken(
+ ProcessHandle: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ TokenHandle: PHANDLE,
+ ) -> NTSTATUS;
+ fn ZwOpenProcessTokenEx(
+ ProcessHandle: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ HandleAttributes: ULONG,
+ TokenHandle: PHANDLE,
+ ) -> NTSTATUS;
+ fn ZwOpenResourceManager(
+ ResourceManagerHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ TmHandle: HANDLE,
+ ResourceManagerGuid: LPGUID,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn ZwOpenSection(
+ SectionHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn ZwOpenSemaphore(
+ SemaphoreHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn ZwOpenSession(
+ SessionHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn ZwOpenSymbolicLinkObject(
+ LinkHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn ZwOpenThread(
+ ThreadHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ClientId: PCLIENT_ID,
+ ) -> NTSTATUS;
+ fn ZwOpenThreadToken(
+ ThreadHandle: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ OpenAsSelf: BOOLEAN,
+ TokenHandle: PHANDLE,
+ ) -> NTSTATUS;
+ fn ZwOpenThreadTokenEx(
+ ThreadHandle: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ OpenAsSelf: BOOLEAN,
+ HandleAttributes: ULONG,
+ TokenHandle: PHANDLE,
+ ) -> NTSTATUS;
+ fn ZwOpenTimer(
+ TimerHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn ZwOpenTransaction(
+ TransactionHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ Uow: LPGUID,
+ TmHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwOpenTransactionManager(
+ TmHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ LogFileName: PUNICODE_STRING,
+ TmIdentity: LPGUID,
+ OpenOptions: ULONG,
+ ) -> NTSTATUS;
+ fn ZwPlugPlayControl(
+ PnPControlClass: PLUGPLAY_CONTROL_CLASS,
+ PnPControlData: PVOID,
+ PnPControlDataLength: ULONG,
+ ) -> NTSTATUS;
+ fn ZwPowerInformation(
+ InformationLevel: POWER_INFORMATION_LEVEL,
+ InputBuffer: PVOID,
+ InputBufferLength: ULONG,
+ OutputBuffer: PVOID,
+ OutputBufferLength: ULONG,
+ ) -> NTSTATUS;
+ fn ZwPrePrepareComplete(
+ EnlistmentHandle: HANDLE,
+ TmVirtualClock: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwPrePrepareEnlistment(
+ EnlistmentHandle: HANDLE,
+ TmVirtualClock: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwPrepareComplete(
+ EnlistmentHandle: HANDLE,
+ TmVirtualClock: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwPrepareEnlistment(
+ EnlistmentHandle: HANDLE,
+ TmVirtualClock: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwPrivilegeCheck(
+ ClientToken: HANDLE,
+ RequiredPrivileges: PPRIVILEGE_SET,
+ Result: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwPrivilegeObjectAuditAlarm(
+ SubsystemName: PUNICODE_STRING,
+ HandleId: PVOID,
+ ClientToken: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ Privileges: PPRIVILEGE_SET,
+ AccessGranted: BOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwPrivilegedServiceAuditAlarm(
+ SubsystemName: PUNICODE_STRING,
+ ServiceName: PUNICODE_STRING,
+ ClientToken: HANDLE,
+ Privileges: PPRIVILEGE_SET,
+ AccessGranted: BOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwPropagationComplete(
+ ResourceManagerHandle: HANDLE,
+ RequestCookie: ULONG,
+ BufferLength: ULONG,
+ Buffer: PVOID,
+ ) -> NTSTATUS;
+ fn ZwPropagationFailed(
+ ResourceManagerHandle: HANDLE,
+ RequestCookie: ULONG,
+ PropStatus: NTSTATUS,
+ ) -> NTSTATUS;
+ fn ZwProtectVirtualMemory(
+ ProcessHandle: HANDLE,
+ BaseAddress: *mut PVOID,
+ RegionSize: PSIZE_T,
+ NewProtect: ULONG,
+ OldProtect: PULONG,
+ ) -> NTSTATUS;
+ fn ZwPulseEvent(
+ EventHandle: HANDLE,
+ PreviousState: PLONG,
+ ) -> NTSTATUS;
+ fn ZwQueryAttributesFile(
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ FileInformation: PFILE_BASIC_INFORMATION,
+ ) -> NTSTATUS;
+ fn ZwQueryBootEntryOrder(
+ Ids: PULONG,
+ Count: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryBootOptions(
+ BootOptions: PBOOT_OPTIONS,
+ BootOptionsLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryDebugFilterState(
+ ComponentId: ULONG,
+ Level: ULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryDefaultLocale(
+ UserProfile: BOOLEAN,
+ DefaultLocaleId: PLCID,
+ ) -> NTSTATUS;
+ fn ZwQueryDefaultUILanguage(
+ DefaultUILanguageId: *mut LANGID,
+ ) -> NTSTATUS;
+ fn ZwQueryDirectoryFile(
+ FileHandle: HANDLE,
+ Event: HANDLE,
+ ApcRoutine: PIO_APC_ROUTINE,
+ ApcContext: PVOID,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ FileInformation: PVOID,
+ Length: ULONG,
+ FileInformationClass: FILE_INFORMATION_CLASS,
+ ReturnSingleEntry: BOOLEAN,
+ FileName: PUNICODE_STRING,
+ RestartScan: BOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwQueryDirectoryObject(
+ DirectoryHandle: HANDLE,
+ Buffer: PVOID,
+ Length: ULONG,
+ ReturnSingleEntry: BOOLEAN,
+ RestartScan: BOOLEAN,
+ Context: PULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryDriverEntryOrder(
+ Ids: PULONG,
+ Count: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryEaFile(
+ FileHandle: HANDLE,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ Buffer: PVOID,
+ Length: ULONG,
+ ReturnSingleEntry: BOOLEAN,
+ EaList: PVOID,
+ EaListLength: ULONG,
+ EaIndex: PULONG,
+ RestartScan: BOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwQueryEvent(
+ EventHandle: HANDLE,
+ EventInformationClass: EVENT_INFORMATION_CLASS,
+ EventInformation: PVOID,
+ EventInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryFullAttributesFile(
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ FileInformation: PFILE_NETWORK_OPEN_INFORMATION,
+ ) -> NTSTATUS;
+ fn ZwQueryInformationAtom(
+ Atom: RTL_ATOM,
+ AtomInformationClass: ATOM_INFORMATION_CLASS,
+ AtomInformation: PVOID,
+ AtomInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryInformationEnlistment(
+ EnlistmentHandle: HANDLE,
+ EnlistmentInformationClass: ENLISTMENT_INFORMATION_CLASS,
+ EnlistmentInformation: PVOID,
+ EnlistmentInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryInformationFile(
+ FileHandle: HANDLE,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ FileInformation: PVOID,
+ Length: ULONG,
+ FileInformationClass: FILE_INFORMATION_CLASS,
+ ) -> NTSTATUS;
+ fn ZwQueryInformationJobObject(
+ JobHandle: HANDLE,
+ JobObjectInformationClass: JOBOBJECTINFOCLASS,
+ JobObjectInformation: PVOID,
+ JobObjectInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryInformationPort(
+ PortHandle: HANDLE,
+ PortInformationClass: PORT_INFORMATION_CLASS,
+ PortInformation: PVOID,
+ Length: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryInformationProcess(
+ ProcessHandle: HANDLE,
+ ProcessInformationClass: PROCESSINFOCLASS,
+ ProcessInformation: PVOID,
+ ProcessInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryInformationResourceManager(
+ ResourceManagerHandle: HANDLE,
+ ResourceManagerInformationClass: RESOURCEMANAGER_INFORMATION_CLASS,
+ ResourceManagerInformation: PVOID,
+ ResourceManagerInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryInformationThread(
+ ThreadHandle: HANDLE,
+ ThreadInformationClass: THREADINFOCLASS,
+ ThreadInformation: PVOID,
+ ThreadInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryInformationToken(
+ TokenHandle: HANDLE,
+ TokenInformationClass: TOKEN_INFORMATION_CLASS,
+ TokenInformation: PVOID,
+ TokenInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryInformationTransaction(
+ TransactionHandle: HANDLE,
+ TransactionInformationClass: TRANSACTION_INFORMATION_CLASS,
+ TransactionInformation: PVOID,
+ TransactionInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryInformationTransactionManager(
+ TransactionManagerHandle: HANDLE,
+ TransactionManagerInformationClass: TRANSACTIONMANAGER_INFORMATION_CLASS,
+ TransactionManagerInformation: PVOID,
+ TransactionManagerInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryInformationWorkerFactory(
+ WorkerFactoryHandle: HANDLE,
+ WorkerFactoryInformationClass: WORKERFACTORYINFOCLASS,
+ WorkerFactoryInformation: PVOID,
+ WorkerFactoryInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryInstallUILanguage(
+ InstallUILanguageId: *mut LANGID,
+ ) -> NTSTATUS;
+ fn ZwQueryIntervalProfile(
+ ProfileSource: KPROFILE_SOURCE,
+ Interval: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryIoCompletion(
+ IoCompletionHandle: HANDLE,
+ IoCompletionInformationClass: IO_COMPLETION_INFORMATION_CLASS,
+ IoCompletionInformation: PVOID,
+ IoCompletionInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryKey(
+ KeyHandle: HANDLE,
+ KeyInformationClass: KEY_INFORMATION_CLASS,
+ KeyInformation: PVOID,
+ Length: ULONG,
+ ResultLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryLicenseValue(
+ ValueName: PUNICODE_STRING,
+ Type: PULONG,
+ Data: PVOID,
+ DataSize: ULONG,
+ ResultDataSize: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryMultipleValueKey(
+ KeyHandle: HANDLE,
+ ValueEntries: PKEY_VALUE_ENTRY,
+ EntryCount: ULONG,
+ ValueBuffer: PVOID,
+ BufferLength: PULONG,
+ RequiredBufferLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryMutant(
+ MutantHandle: HANDLE,
+ MutantInformationClass: MUTANT_INFORMATION_CLASS,
+ MutantInformation: PVOID,
+ MutantInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryObject(
+ Handle: HANDLE,
+ ObjectInformationClass: OBJECT_INFORMATION_CLASS,
+ ObjectInformation: PVOID,
+ ObjectInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryOpenSubKeys(
+ TargetKey: POBJECT_ATTRIBUTES,
+ HandleCount: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryOpenSubKeysEx(
+ TargetKey: POBJECT_ATTRIBUTES,
+ BufferLength: ULONG,
+ Buffer: PVOID,
+ RequiredSize: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryPerformanceCounter(
+ PerformanceCounter: PLARGE_INTEGER,
+ PerformanceFrequency: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwQueryPortInformationProcess() -> NTSTATUS;
+ fn ZwQueryQuotaInformationFile(
+ FileHandle: HANDLE,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ Buffer: PVOID,
+ Length: ULONG,
+ ReturnSingleEntry: BOOLEAN,
+ SidList: PVOID,
+ SidListLength: ULONG,
+ StartSid: PSID,
+ RestartScan: BOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwQuerySection(
+ SectionHandle: HANDLE,
+ SectionInformationClass: SECTION_INFORMATION_CLASS,
+ SectionInformation: PVOID,
+ SectionInformationLength: SIZE_T,
+ ReturnLength: PSIZE_T,
+ ) -> NTSTATUS;
+ fn ZwQuerySecurityAttributesToken(
+ TokenHandle: HANDLE,
+ Attributes: PUNICODE_STRING,
+ NumberOfAttributes: ULONG,
+ Buffer: PVOID,
+ Length: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQuerySecurityObject(
+ Handle: HANDLE,
+ SecurityInformation: SECURITY_INFORMATION,
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ Length: ULONG,
+ LengthNeeded: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQuerySemaphore(
+ SemaphoreHandle: HANDLE,
+ SemaphoreInformationClass: SEMAPHORE_INFORMATION_CLASS,
+ SemaphoreInformation: PVOID,
+ SemaphoreInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQuerySymbolicLinkObject(
+ LinkHandle: HANDLE,
+ LinkTarget: PUNICODE_STRING,
+ ReturnedLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQuerySystemEnvironmentValue(
+ VariableName: PUNICODE_STRING,
+ VariableValue: PWSTR,
+ ValueLength: USHORT,
+ ReturnLength: PUSHORT,
+ ) -> NTSTATUS;
+ fn ZwQuerySystemEnvironmentValueEx(
+ VariableName: PUNICODE_STRING,
+ VendorGuid: LPGUID,
+ Value: PVOID,
+ ValueLength: PULONG,
+ Attributes: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQuerySystemInformation(
+ SystemInformationClass: SYSTEM_INFORMATION_CLASS,
+ SystemInformation: PVOID,
+ SystemInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQuerySystemInformationEx(
+ SystemInformationClass: SYSTEM_INFORMATION_CLASS,
+ InputBuffer: PVOID,
+ InputBufferLength: ULONG,
+ SystemInformation: PVOID,
+ SystemInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQuerySystemTime(
+ SystemTime: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwQueryTimer(
+ TimerHandle: HANDLE,
+ TimerInformationClass: TIMER_INFORMATION_CLASS,
+ TimerInformation: PVOID,
+ TimerInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryTimerResolution(
+ MaximumTime: PULONG,
+ MinimumTime: PULONG,
+ CurrentTime: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryValueKey(
+ KeyHandle: HANDLE,
+ ValueName: PUNICODE_STRING,
+ KeyValueInformationClass: KEY_VALUE_INFORMATION_CLASS,
+ KeyValueInformation: PVOID,
+ Length: ULONG,
+ ResultLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryVirtualMemory(
+ ProcessHandle: HANDLE,
+ BaseAddress: PVOID,
+ MemoryInformationClass: MEMORY_INFORMATION_CLASS,
+ MemoryInformation: PVOID,
+ MemoryInformationLength: SIZE_T,
+ ReturnLength: PSIZE_T,
+ ) -> NTSTATUS;
+ fn ZwQueryVolumeInformationFile(
+ FileHandle: HANDLE,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ FsInformation: PVOID,
+ Length: ULONG,
+ FsInformationClass: FS_INFORMATION_CLASS,
+ ) -> NTSTATUS;
+ fn ZwQueryWnfStateData(
+ StateName: PCWNF_STATE_NAME,
+ TypeId: PCWNF_TYPE_ID,
+ ExplicitScope: *const VOID,
+ ChangeStamp: PWNF_CHANGE_STAMP,
+ Buffer: PVOID,
+ BufferSize: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryWnfStateNameInformation(
+ StateName: PCWNF_STATE_NAME,
+ NameInfoClass: WNF_STATE_NAME_INFORMATION,
+ ExplicitScope: *const VOID,
+ InfoBuffer: PVOID,
+ InfoBufferSize: ULONG,
+ ) -> NTSTATUS;
+ fn ZwQueueApcThread(
+ ThreadHandle: HANDLE,
+ ApcRoutine: PPS_APC_ROUTINE,
+ ApcArgument1: PVOID,
+ ApcArgument2: PVOID,
+ ApcArgument3: PVOID,
+ ) -> NTSTATUS;
+ fn ZwQueueApcThreadEx(
+ ThreadHandle: HANDLE,
+ UserApcReserveHandle: HANDLE,
+ ApcRoutine: PPS_APC_ROUTINE,
+ ApcArgument1: PVOID,
+ ApcArgument2: PVOID,
+ ApcArgument3: PVOID,
+ ) -> NTSTATUS;
+ fn ZwRaiseException(
+ ExceptionRecord: PEXCEPTION_RECORD,
+ ContextRecord: PCONTEXT,
+ FirstChance: BOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwRaiseHardError(
+ ErrorStatus: NTSTATUS,
+ NumberOfParameters: ULONG,
+ UnicodeStringParameterMask: ULONG,
+ Parameters: PULONG_PTR,
+ ValidResponseOptions: ULONG,
+ Response: PULONG,
+ ) -> NTSTATUS;
+ fn ZwReadFile(
+ FileHandle: HANDLE,
+ Event: HANDLE,
+ ApcRoutine: PIO_APC_ROUTINE,
+ ApcContext: PVOID,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ Buffer: PVOID,
+ Length: ULONG,
+ ByteOffset: PLARGE_INTEGER,
+ Key: PULONG,
+ ) -> NTSTATUS;
+ fn ZwReadFileScatter(
+ FileHandle: HANDLE,
+ Event: HANDLE,
+ ApcRoutine: PIO_APC_ROUTINE,
+ ApcContext: PVOID,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ SegmentArray: PFILE_SEGMENT_ELEMENT,
+ Length: ULONG,
+ ByteOffset: PLARGE_INTEGER,
+ Key: PULONG,
+ ) -> NTSTATUS;
+ fn ZwReadOnlyEnlistment(
+ EnlistmentHandle: HANDLE,
+ TmVirtualClock: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwReadRequestData(
+ PortHandle: HANDLE,
+ Message: PPORT_MESSAGE,
+ DataEntryIndex: ULONG,
+ Buffer: PVOID,
+ BufferSize: SIZE_T,
+ NumberOfBytesRead: PSIZE_T,
+ ) -> NTSTATUS;
+ fn ZwReadVirtualMemory(
+ ProcessHandle: HANDLE,
+ BaseAddress: PVOID,
+ Buffer: PVOID,
+ BufferSize: SIZE_T,
+ NumberOfBytesRead: PSIZE_T,
+ ) -> NTSTATUS;
+ fn ZwRecoverEnlistment(
+ EnlistmentHandle: HANDLE,
+ EnlistmentKey: PVOID,
+ ) -> NTSTATUS;
+ fn ZwRecoverResourceManager(
+ ResourceManagerHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwRecoverTransactionManager(
+ TransactionManagerHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwRegisterProtocolAddressInformation(
+ ResourceManager: HANDLE,
+ ProtocolId: PCRM_PROTOCOL_ID,
+ ProtocolInformationSize: ULONG,
+ ProtocolInformation: PVOID,
+ CreateOptions: ULONG,
+ ) -> NTSTATUS;
+ fn ZwRegisterThreadTerminatePort(
+ PortHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwReleaseCMFViewOwnership() -> NTSTATUS;
+ fn ZwReleaseKeyedEvent(
+ KeyedEventHandle: HANDLE,
+ KeyValue: PVOID,
+ Alertable: BOOLEAN,
+ Timeout: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwReleaseMutant(
+ MutantHandle: HANDLE,
+ PreviousCount: PLONG,
+ ) -> NTSTATUS;
+ fn ZwReleaseSemaphore(
+ SemaphoreHandle: HANDLE,
+ ReleaseCount: LONG,
+ PreviousCount: PLONG,
+ ) -> NTSTATUS;
+ fn ZwReleaseWorkerFactoryWorker(
+ WorkerFactoryHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwRemoveIoCompletion(
+ IoCompletionHandle: HANDLE,
+ KeyContext: *mut PVOID,
+ ApcContext: *mut PVOID,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ Timeout: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwRemoveIoCompletionEx(
+ IoCompletionHandle: HANDLE,
+ IoCompletionInformation: PFILE_IO_COMPLETION_INFORMATION,
+ Count: ULONG,
+ NumEntriesRemoved: PULONG,
+ Timeout: PLARGE_INTEGER,
+ Alertable: BOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwRemoveProcessDebug(
+ ProcessHandle: HANDLE,
+ DebugObjectHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwRenameKey(
+ KeyHandle: HANDLE,
+ NewName: PUNICODE_STRING,
+ ) -> NTSTATUS;
+ fn ZwRenameTransactionManager(
+ LogFileName: PUNICODE_STRING,
+ ExistingTransactionManagerGuid: LPGUID,
+ ) -> NTSTATUS;
+ fn ZwReplaceKey(
+ NewFile: POBJECT_ATTRIBUTES,
+ TargetHandle: HANDLE,
+ OldFile: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn ZwReplacePartitionUnit(
+ TargetInstancePath: PUNICODE_STRING,
+ SpareInstancePath: PUNICODE_STRING,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn ZwReplyPort(
+ PortHandle: HANDLE,
+ ReplyMessage: PPORT_MESSAGE,
+ ) -> NTSTATUS;
+ fn ZwReplyWaitReceivePort(
+ PortHandle: HANDLE,
+ PortContext: *mut PVOID,
+ ReplyMessage: PPORT_MESSAGE,
+ ReceiveMessage: PPORT_MESSAGE,
+ ) -> NTSTATUS;
+ fn ZwReplyWaitReceivePortEx(
+ PortHandle: HANDLE,
+ PortContext: *mut PVOID,
+ ReplyMessage: PPORT_MESSAGE,
+ ReceiveMessage: PPORT_MESSAGE,
+ Timeout: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwReplyWaitReplyPort(
+ PortHandle: HANDLE,
+ ReplyMessage: PPORT_MESSAGE,
+ ) -> NTSTATUS;
+ fn ZwRequestPort(
+ PortHandle: HANDLE,
+ RequestMessage: PPORT_MESSAGE,
+ ) -> NTSTATUS;
+ fn ZwRequestWaitReplyPort(
+ PortHandle: HANDLE,
+ RequestMessage: PPORT_MESSAGE,
+ ReplyMessage: PPORT_MESSAGE,
+ ) -> NTSTATUS;
+ fn ZwRequestWakeupLatency(
+ latency: LATENCY_TIME,
+ ) -> NTSTATUS;
+ fn ZwResetEvent(
+ EventHandle: HANDLE,
+ PreviousState: PLONG,
+ ) -> NTSTATUS;
+ fn ZwResetWriteWatch(
+ ProcessHandle: HANDLE,
+ BaseAddress: PVOID,
+ RegionSize: SIZE_T,
+ ) -> NTSTATUS;
+ fn ZwRestoreKey(
+ KeyHandle: HANDLE,
+ FileHandle: HANDLE,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn ZwResumeProcess(
+ ProcessHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwResumeThread(
+ ThreadHandle: HANDLE,
+ PreviousSuspendCount: PULONG,
+ ) -> NTSTATUS;
+ fn ZwRevertContainerImpersonation() -> NTSTATUS;
+ fn ZwRollbackComplete(
+ EnlistmentHandle: HANDLE,
+ TmVirtualClock: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwRollbackEnlistment(
+ EnlistmentHandle: HANDLE,
+ TmVirtualClock: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwRollbackTransaction(
+ TransactionHandle: HANDLE,
+ Wait: BOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwRollforwardTransactionManager(
+ TransactionManagerHandle: HANDLE,
+ TmVirtualClock: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwSaveKey(
+ KeyHandle: HANDLE,
+ FileHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwSaveKeyEx(
+ KeyHandle: HANDLE,
+ FileHandle: HANDLE,
+ Format: ULONG,
+ ) -> NTSTATUS;
+ fn ZwSaveMergedKeys(
+ HighPrecedenceKeyHandle: HANDLE,
+ LowPrecedenceKeyHandle: HANDLE,
+ FileHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwSecureConnectPort(
+ PortHandle: PHANDLE,
+ PortName: PUNICODE_STRING,
+ SecurityQos: PSECURITY_QUALITY_OF_SERVICE,
+ ClientView: PPORT_VIEW,
+ RequiredServerSid: PSID,
+ ServerView: PREMOTE_PORT_VIEW,
+ MaxMessageLength: PULONG,
+ ConnectionInformation: PVOID,
+ ConnectionInformationLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwSerializeBoot() -> NTSTATUS;
+ fn ZwSetBootEntryOrder(
+ Ids: PULONG,
+ Count: ULONG,
+ ) -> NTSTATUS;
+ fn ZwSetBootOptions(
+ BootOptions: PBOOT_OPTIONS,
+ FieldsToChange: ULONG,
+ ) -> NTSTATUS;
+ fn ZwSetCachedSigningLevel(
+ Flags: ULONG,
+ InputSigningLevel: SE_SIGNING_LEVEL,
+ SourceFiles: PHANDLE,
+ SourceFileCount: ULONG,
+ TargetFile: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwSetContextThread(
+ ThreadHandle: HANDLE,
+ ThreadContext: PCONTEXT,
+ ) -> NTSTATUS;
+ fn ZwSetDebugFilterState(
+ ComponentId: ULONG,
+ Level: ULONG,
+ State: BOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwSetDefaultHardErrorPort(
+ DefaultHardErrorPort: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwSetDefaultLocale(
+ UserProfile: BOOLEAN,
+ DefaultLocaleId: LCID,
+ ) -> NTSTATUS;
+ fn ZwSetDefaultUILanguage(
+ DefaultUILanguageId: LANGID,
+ ) -> NTSTATUS;
+ fn ZwSetDriverEntryOrder(
+ Ids: PULONG,
+ Count: ULONG,
+ ) -> NTSTATUS;
+ fn ZwSetEaFile(
+ FileHandle: HANDLE,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ Buffer: PVOID,
+ Length: ULONG,
+ ) -> NTSTATUS;
+ fn ZwSetEvent(
+ EventHandle: HANDLE,
+ PreviousState: PLONG,
+ ) -> NTSTATUS;
+ fn ZwSetEventBoostPriority(
+ EventHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwSetHighEventPair(
+ EventPairHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwSetHighWaitLowEventPair(
+ EventPairHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwSetIRTimer(
+ TimerHandle: HANDLE,
+ DueTime: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwSetInformationDebugObject(
+ DebugObjectHandle: HANDLE,
+ DebugObjectInformationClass: DEBUGOBJECTINFOCLASS,
+ DebugInformation: PVOID,
+ DebugInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwSetInformationEnlistment(
+ EnlistmentHandle: HANDLE,
+ EnlistmentInformationClass: ENLISTMENT_INFORMATION_CLASS,
+ EnlistmentInformation: PVOID,
+ EnlistmentInformationLength: ULONG,
+ ) -> NTSTATUS;
+ fn ZwSetInformationFile(
+ FileHandle: HANDLE,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ FileInformation: PVOID,
+ Length: ULONG,
+ FileInformationClass: FILE_INFORMATION_CLASS,
+ ) -> NTSTATUS;
+ fn ZwSetInformationJobObject(
+ JobHandle: HANDLE,
+ JobObjectInformationClass: JOBOBJECTINFOCLASS,
+ JobObjectInformation: PVOID,
+ JobObjectInformationLength: ULONG,
+ ) -> NTSTATUS;
+ fn ZwSetInformationKey(
+ KeyHandle: HANDLE,
+ KeySetInformationClass: KEY_SET_INFORMATION_CLASS,
+ KeySetInformation: PVOID,
+ KeySetInformationLength: ULONG,
+ ) -> NTSTATUS;
+ fn ZwSetInformationObject(
+ Handle: HANDLE,
+ ObjectInformationClass: OBJECT_INFORMATION_CLASS,
+ ObjectInformation: PVOID,
+ ObjectInformationLength: ULONG,
+ ) -> NTSTATUS;
+ fn ZwSetInformationProcess(
+ ProcessHandle: HANDLE,
+ ProcessInformationClass: PROCESSINFOCLASS,
+ ProcessInformation: PVOID,
+ ProcessInformationLength: ULONG,
+ ) -> NTSTATUS;
+ fn ZwSetInformationResourceManager(
+ ResourceManagerHandle: HANDLE,
+ ResourceManagerInformationClass: RESOURCEMANAGER_INFORMATION_CLASS,
+ ResourceManagerInformation: PVOID,
+ ResourceManagerInformationLength: ULONG,
+ ) -> NTSTATUS;
+ fn ZwSetInformationThread(
+ ThreadHandle: HANDLE,
+ ThreadInformationClass: THREADINFOCLASS,
+ ThreadInformation: PVOID,
+ ThreadInformationLength: ULONG,
+ ) -> NTSTATUS;
+ fn ZwSetInformationToken(
+ TokenHandle: HANDLE,
+ TokenInformationClass: TOKEN_INFORMATION_CLASS,
+ TokenInformation: PVOID,
+ TokenInformationLength: ULONG,
+ ) -> NTSTATUS;
+ fn ZwSetInformationTransaction(
+ TransactionHandle: HANDLE,
+ TransactionInformationClass: TRANSACTION_INFORMATION_CLASS,
+ TransactionInformation: PVOID,
+ TransactionInformationLength: ULONG,
+ ) -> NTSTATUS;
+ fn ZwSetInformationTransactionManager(
+ TmHandle: HANDLE,
+ TransactionManagerInformationClass: TRANSACTIONMANAGER_INFORMATION_CLASS,
+ TransactionManagerInformation: PVOID,
+ TransactionManagerInformationLength: ULONG,
+ ) -> NTSTATUS;
+ fn ZwSetInformationVirtualMemory(
+ ProcessHandle: HANDLE,
+ VmInformationClass: VIRTUAL_MEMORY_INFORMATION_CLASS,
+ NumberOfEntries: ULONG_PTR,
+ VirtualAddresses: PMEMORY_RANGE_ENTRY,
+ VmInformation: PVOID,
+ VmInformationLength: ULONG,
+ ) -> NTSTATUS;
+ fn ZwSetInformationWorkerFactory(
+ WorkerFactoryHandle: HANDLE,
+ WorkerFactoryInformationClass: WORKERFACTORYINFOCLASS,
+ WorkerFactoryInformation: PVOID,
+ WorkerFactoryInformationLength: ULONG,
+ ) -> NTSTATUS;
+ fn ZwSetIntervalProfile(
+ Interval: ULONG,
+ Source: KPROFILE_SOURCE,
+ ) -> NTSTATUS;
+ fn ZwSetIoCompletion(
+ IoCompletionHandle: HANDLE,
+ KeyContext: PVOID,
+ ApcContext: PVOID,
+ IoStatus: NTSTATUS,
+ IoStatusInformation: ULONG_PTR,
+ ) -> NTSTATUS;
+ fn ZwSetIoCompletionEx(
+ IoCompletionHandle: HANDLE,
+ IoCompletionPacketHandle: HANDLE,
+ KeyContext: PVOID,
+ ApcContext: PVOID,
+ IoStatus: NTSTATUS,
+ IoStatusInformation: ULONG_PTR,
+ ) -> NTSTATUS;
+ fn ZwSetLdtEntries(
+ Selector0: ULONG,
+ Entry0Low: ULONG,
+ Entry0Hi: ULONG,
+ Selector1: ULONG,
+ Entry1Low: ULONG,
+ Entry1Hi: ULONG,
+ ) -> NTSTATUS;
+ fn ZwSetLowEventPair(
+ EventPairHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwSetLowWaitHighEventPair(
+ EventPairHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwSetQuotaInformationFile(
+ FileHandle: HANDLE,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ Buffer: PVOID,
+ Length: ULONG,
+ ) -> NTSTATUS;
+ fn ZwSetSecurityObject(
+ Handle: HANDLE,
+ SecurityInformation: SECURITY_INFORMATION,
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ ) -> NTSTATUS;
+ fn ZwSetSystemEnvironmentValue(
+ VariableName: PUNICODE_STRING,
+ VariableValue: PUNICODE_STRING,
+ ) -> NTSTATUS;
+ fn ZwSetSystemEnvironmentValueEx(
+ VariableName: PUNICODE_STRING,
+ VendorGuid: LPGUID,
+ Value: PVOID,
+ ValueLength: ULONG,
+ Attributes: ULONG,
+ ) -> NTSTATUS;
+ fn ZwSetSystemInformation(
+ SystemInformationClass: SYSTEM_INFORMATION_CLASS,
+ SystemInformation: PVOID,
+ SystemInformationLength: ULONG,
+ ) -> NTSTATUS;
+ fn ZwSetSystemPowerState(
+ SystemAction: POWER_ACTION,
+ LightestSystemState: SYSTEM_POWER_STATE,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn ZwSetSystemTime(
+ SystemTime: PLARGE_INTEGER,
+ PreviousTime: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwSetThreadExecutionState(
+ NewFlags: EXECUTION_STATE,
+ PreviousFlags: *mut EXECUTION_STATE,
+ ) -> NTSTATUS;
+ fn ZwSetTimer(
+ TimerHandle: HANDLE,
+ DueTime: PLARGE_INTEGER,
+ TimerApcRoutine: PTIMER_APC_ROUTINE,
+ TimerContext: PVOID,
+ ResumeTimer: BOOLEAN,
+ Period: LONG,
+ PreviousState: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwSetTimer2(
+ TimerHandle: HANDLE,
+ DueTime: PLARGE_INTEGER,
+ Period: PLARGE_INTEGER,
+ Parameters: PT2_SET_PARAMETERS,
+ ) -> NTSTATUS;
+ fn ZwSetTimerEx(
+ TimerHandle: HANDLE,
+ TimerSetInformationClass: TIMER_SET_INFORMATION_CLASS,
+ TimerSetInformation: PVOID,
+ TimerSetInformationLength: ULONG,
+ ) -> NTSTATUS;
+ fn ZwSetTimerResolution(
+ DesiredTime: ULONG,
+ SetResolution: BOOLEAN,
+ ActualTime: PULONG,
+ ) -> NTSTATUS;
+ fn ZwSetUuidSeed(
+ Seed: PCHAR,
+ ) -> NTSTATUS;
+ fn ZwSetValueKey(
+ KeyHandle: HANDLE,
+ ValueName: PUNICODE_STRING,
+ TitleIndex: ULONG,
+ Type: ULONG,
+ Data: PVOID,
+ DataSize: ULONG,
+ ) -> NTSTATUS;
+ fn ZwSetVolumeInformationFile(
+ FileHandle: HANDLE,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ FsInformation: PVOID,
+ Length: ULONG,
+ FsInformationClass: FS_INFORMATION_CLASS,
+ ) -> NTSTATUS;
+ fn ZwSetWnfProcessNotificationEvent(
+ NotificationEvent: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwShutdownSystem(
+ Action: SHUTDOWN_ACTION,
+ ) -> NTSTATUS;
+ fn ZwShutdownWorkerFactory(
+ WorkerFactoryHandle: HANDLE,
+ PendingWorkerCount: *mut LONG,
+ ) -> NTSTATUS;
+ fn ZwSignalAndWaitForSingleObject(
+ SignalHandle: HANDLE,
+ WaitHandle: HANDLE,
+ Alertable: BOOLEAN,
+ Timeout: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwSinglePhaseReject(
+ EnlistmentHandle: HANDLE,
+ TmVirtualClock: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwStartProfile(
+ ProfileHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwStopProfile(
+ ProfileHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwSubscribeWnfStateChange(
+ StateName: PCWNF_STATE_NAME,
+ ChangeStamp: WNF_CHANGE_STAMP,
+ EventMask: ULONG,
+ SubscriptionId: PULONG64,
+ ) -> NTSTATUS;
+ fn ZwSuspendProcess(
+ ProcessHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwSuspendThread(
+ ThreadHandle: HANDLE,
+ PreviousSuspendCount: PULONG,
+ ) -> NTSTATUS;
+ fn ZwSystemDebugControl(
+ Command: SYSDBG_COMMAND,
+ InputBuffer: PVOID,
+ InputBufferLength: ULONG,
+ OutputBuffer: PVOID,
+ OutputBufferLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwTerminateJobObject(
+ JobHandle: HANDLE,
+ ExitStatus: NTSTATUS,
+ ) -> NTSTATUS;
+ fn ZwTerminateProcess(
+ ProcessHandle: HANDLE,
+ ExitStatus: NTSTATUS,
+ ) -> NTSTATUS;
+ fn ZwTerminateThread(
+ ThreadHandle: HANDLE,
+ ExitStatus: NTSTATUS,
+ ) -> NTSTATUS;
+ fn ZwTestAlert() -> NTSTATUS;
+ fn ZwThawRegistry() -> NTSTATUS;
+ fn ZwThawTransactions() -> NTSTATUS;
+ fn ZwTraceControl(
+ FunctionCode: ULONG,
+ InBuffer: PVOID,
+ InBufferLen: ULONG,
+ OutBuffer: PVOID,
+ OutBufferLen: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwTraceEvent(
+ TraceHandle: HANDLE,
+ Flags: ULONG,
+ FieldSize: ULONG,
+ Fields: PVOID,
+ ) -> NTSTATUS;
+ fn ZwTranslateFilePath(
+ InputFilePath: PFILE_PATH,
+ OutputType: ULONG,
+ OutputFilePath: PFILE_PATH,
+ OutputFilePathLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwUmsThreadYield(
+ SchedulerParam: PVOID,
+ ) -> NTSTATUS;
+ fn ZwUnloadDriver(
+ DriverServiceName: PUNICODE_STRING,
+ ) -> NTSTATUS;
+ fn ZwUnloadKey(
+ TargetKey: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn ZwUnloadKey2(
+ TargetKey: POBJECT_ATTRIBUTES,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn ZwUnloadKeyEx(
+ TargetKey: POBJECT_ATTRIBUTES,
+ Event: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwUnlockFile(
+ FileHandle: HANDLE,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ ByteOffset: PLARGE_INTEGER,
+ Length: PLARGE_INTEGER,
+ Key: ULONG,
+ ) -> NTSTATUS;
+ fn ZwUnlockVirtualMemory(
+ ProcessHandle: HANDLE,
+ BaseAddress: *mut PVOID,
+ RegionSize: PSIZE_T,
+ MapType: ULONG,
+ ) -> NTSTATUS;
+ fn ZwUnmapViewOfSection(
+ ProcessHandle: HANDLE,
+ BaseAddress: PVOID,
+ ) -> NTSTATUS;
+ fn ZwUnmapViewOfSectionEx(
+ ProcessHandle: HANDLE,
+ BaseAddress: PVOID,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn ZwUnsubscribeWnfStateChange(
+ StateName: PCWNF_STATE_NAME,
+ ) -> NTSTATUS;
+ fn ZwUpdateWnfStateData(
+ StateName: PCWNF_STATE_NAME,
+ Buffer: *const VOID,
+ Length: ULONG,
+ TypeId: PCWNF_TYPE_ID,
+ ExplicitScope: *const VOID,
+ MatchingChangeStamp: WNF_CHANGE_STAMP,
+ CheckStamp: LOGICAL,
+ ) -> NTSTATUS;
+ fn ZwVdmControl(
+ Service: VDMSERVICECLASS,
+ ServiceData: PVOID,
+ ) -> NTSTATUS;
+ fn ZwWaitForAlertByThreadId(
+ Address: PVOID,
+ Timeout: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwWaitForDebugEvent(
+ DebugObjectHandle: HANDLE,
+ Alertable: BOOLEAN,
+ Timeout: PLARGE_INTEGER,
+ WaitStateChange: PVOID,
+ ) -> NTSTATUS;
+ fn ZwWaitForKeyedEvent(
+ KeyedEventHandle: HANDLE,
+ KeyValue: PVOID,
+ Alertable: BOOLEAN,
+ Timeout: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwWaitForMultipleObjects(
+ Count: ULONG,
+ Handles: *mut HANDLE,
+ WaitType: WAIT_TYPE,
+ Alertable: BOOLEAN,
+ Timeout: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwWaitForMultipleObjects32(
+ Count: ULONG,
+ Handles: *mut LONG,
+ WaitType: WAIT_TYPE,
+ Alertable: BOOLEAN,
+ Timeout: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwWaitForSingleObject(
+ Handle: HANDLE,
+ Alertable: BOOLEAN,
+ Timeout: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwWaitForWorkViaWorkerFactory(
+ WorkerFactoryHandle: HANDLE,
+ MiniPacket: *mut FILE_IO_COMPLETION_INFORMATION,
+ ) -> NTSTATUS;
+ fn ZwWaitHighEventPair(
+ EventPairHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwWaitLowEventPair(
+ EventPairHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwWorkerFactoryWorkerReady(
+ WorkerFactoryHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwWriteFile(
+ FileHandle: HANDLE,
+ Event: HANDLE,
+ ApcRoutine: PIO_APC_ROUTINE,
+ ApcContext: PVOID,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ Buffer: PVOID,
+ Length: ULONG,
+ ByteOffset: PLARGE_INTEGER,
+ Key: PULONG,
+ ) -> NTSTATUS;
+ fn ZwWriteFileGather(
+ FileHandle: HANDLE,
+ Event: HANDLE,
+ ApcRoutine: PIO_APC_ROUTINE,
+ ApcContext: PVOID,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ SegmentArray: PFILE_SEGMENT_ELEMENT,
+ Length: ULONG,
+ ByteOffset: PLARGE_INTEGER,
+ Key: PULONG,
+ ) -> NTSTATUS;
+ fn ZwWriteRequestData(
+ PortHandle: HANDLE,
+ Message: PPORT_MESSAGE,
+ DataEntryIndex: ULONG,
+ Buffer: PVOID,
+ BufferSize: SIZE_T,
+ NumberOfBytesWritten: PSIZE_T,
+ ) -> NTSTATUS;
+ fn ZwWriteVirtualMemory(
+ ProcessHandle: HANDLE,
+ BaseAddress: PVOID,
+ Buffer: PVOID,
+ BufferSize: SIZE_T,
+ NumberOfBytesWritten: PSIZE_T,
+ ) -> NTSTATUS;
+ fn ZwYieldExecution() -> NTSTATUS;
+}}