8 #define NtCurrentProcess() ( (HANDLE)(LONG_PTR) -1 )
9 #define ZwCurrentProcess() NtCurrentProcess()
10 #define NtCurrentThread() ( (HANDLE)(LONG_PTR) -2 )
11 #define ZwCurrentThread() NtCurrentThread()
80 #if (NTDDI_VERSION >= NTDDI_WIN2K)
266 ZwQueryInformationFile(
290 ZwQuerySymbolicLinkObject(
328 ZwSetInformationFile(
358 ZwUnmapViewOfSection(
417 ZwSetInformationThread(
532 ZwQueryDirectoryFile(
549 ZwSetVolumeInformationFile(
600 ZwAllocateVirtualMemory(
624 ZwWaitForSingleObject(
641 ZwFlushVirtualMemory(
651 ZwQueryInformationToken(
671 ZwQuerySecurityObject(
681 #if (NTDDI_VERSION >= NTDDI_WINXP)
708 #if (NTDDI_VERSION >= NTDDI_WS03)
721 #if (NTDDI_VERSION >= NTDDI_VISTA)
728 ZwCreateKeyTransacted(
752 ZwCreateTransactionManager(
764 ZwOpenTransactionManager(
776 ZwRollforwardTransactionManager(
784 ZwRecoverTransactionManager(
791 ZwQueryInformationTransactionManager(
802 ZwSetInformationTransactionManager(
805 _In_ PVOID TransactionManagerInformation,
806 _In_ ULONG TransactionManagerInformationLength);
812 ZwEnumerateTransactionObject(
850 ZwQueryInformationTransaction(
861 ZwSetInformationTransaction(
865 _In_ ULONG TransactionInformationLength);
879 ZwRollbackTransaction(
887 ZwCreateResourceManager(
900 ZwOpenResourceManager(
911 ZwRecoverResourceManager(
918 ZwGetNotificationResourceManager(
931 ZwQueryInformationResourceManager(
942 ZwSetInformationResourceManager(
946 _In_ ULONG ResourceManagerInformationLength);
977 ZwQueryInformationEnlistment(
988 ZwSetInformationEnlistment(
1006 ZwPrePrepareEnlistment(
1014 ZwPrepareEnlistment(
1030 ZwRollbackEnlistment(
1038 ZwPrePrepareComplete(
1062 ZwReadOnlyEnlistment(
1145 #if (NTDDI_VERSION >= NTDDI_WIN7)
1162 ZwOpenKeyTransactedEx(
1209 ZwSetInformationKey(
1239 #if (VER_PRODUCTBUILD >= 2195)
1277 #if (VER_PRODUCTBUILD >= 2195)
1330 #if (VER_PRODUCTBUILD >= 2195)
1395 #if (VER_PRODUCTBUILD >= 2195)
1400 ZwQueryDirectoryObject(
1439 #if (VER_PRODUCTBUILD >= 2195)
1466 #if (VER_PRODUCTBUILD >= 2195)
_In_ KTMOBJECT_TYPE QueryType
NTSYSAPI NTSTATUS NTAPI ZwQueryQuotaInformationFile(_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _Out_ PVOID Buffer, _In_ ULONG Length, _In_ BOOLEAN ReturnSingleEntry, _In_opt_ PVOID SidList, _In_ ULONG SidListLength, _In_opt_ PSID StartSid, _In_ BOOLEAN RestartScan)
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_opt_ PUNICODE_STRING LogFileName
_In_ ENLISTMENT_INFORMATION_CLASS EnlistmentInformationClass
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
$if(_WDMDDK_)$endif(_WDMDDK_) $if(_NTDDK_) _IRQL_requires_max_(PASSIVE_LEVEL) NTSYSAPI NTSTATUS NTAPI ZwAllocateLocallyUniqueId(_Out_ PLUID Luid)
_Inout_ PUNICODE_STRING _Out_opt_ PULONG ReturnedLength
_In_ HANDLE ProcessHandle
NTSYSAPI NTSTATUS NTAPI ZwCancelIoFile(_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock)
_In_opt_ HANDLE _In_opt_ PIO_APC_ROUTINE _In_opt_ PVOID _Out_ PIO_STATUS_BLOCK _In_ ULONG IoControlCode
NTSYSAPI NTSTATUS NTAPI ZwFlushInstructionCache(_In_ HANDLE ProcessHandle, _In_opt_ PVOID BaseAddress, _In_ ULONG FlushSize)
#define _Must_inspect_result_
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID _In_ ULONG_PTR _In_ SIZE_T _Inout_opt_ PLARGE_INTEGER _Inout_ PSIZE_T _In_ SECTION_INHERIT _In_ ULONG AllocationType
NTSYSAPI NTSTATUS NTAPI ZwDeviceIoControlFile(IN HANDLE DeviceHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL, IN PVOID UserApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, IN ULONG IoControlCode, IN PVOID InputBuffer, IN ULONG InputBufferSize, OUT PVOID OutputBuffer, IN ULONG OutputBufferSize)
VOID(* PIO_APC_ROUTINE)(IN PVOID ApcContext, IN PIO_STATUS_BLOCK IoStatusBlock, IN ULONG Reserved)
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE _In_ ACCESS_MASK _In_ ULONG HandleAttributes
_In_ TRANSACTION_INFORMATION_CLASS _In_ PVOID TransactionInformation
NTSYSAPI NTSTATUS NTAPI ZwCloseObjectAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_ PVOID HandleId, _In_ BOOLEAN GenerateOnClose)
_In_opt_ PLARGE_INTEGER TmVirtualClock
_In_ SECURITY_INFORMATION SecurityInformation
_Must_inspect_result_ _Out_ PNDIS_STATUS _In_ NDIS_HANDLE _In_ ULONG _Out_ PNDIS_STRING _Out_ PNDIS_HANDLE KeyHandle
_In_opt_ HANDLE _In_opt_ PIO_APC_ROUTINE ApcRoutine
NTSYSAPI NTSTATUS NTAPI ZwUnlockFile(_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ PLARGE_INTEGER ByteOffset, _In_ PLARGE_INTEGER Length, _In_opt_ ULONG Key)
_In_ ULONG _In_ KEY_INFORMATION_CLASS KeyInformationClass
NTSYSAPI NTSTATUS NTAPI ZwDeleteFile(_In_ POBJECT_ATTRIBUTES ObjectAttributes)
enum _KEY_INFORMATION_CLASS KEY_INFORMATION_CLASS
_In_ SECURITY_INFORMATION _Out_writes_bytes_to_(Length,*ResultLength) PSECURITY_DESCRIPTOR SecurityDescriptor
NTSYSAPI NTSTATUS NTAPI ZwFlushBuffersFile(_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock)
_In_ ACCESS_MASK _In_ HANDLE ResourceManagerHandle
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE _Out_ PHANDLE NewTokenHandle
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
NTSYSAPI NTSTATUS NTAPI ZwCreateSymbolicLinkObject(_Out_ PHANDLE SymbolicLinkHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ PUNICODE_STRING TargetName)
_In_ ACCESS_MASK _In_ POBJECT_ATTRIBUTES _Out_ PIO_STATUS_BLOCK _In_opt_ PLARGE_INTEGER AllocationSize
NTSYSAPI NTSTATUS NTAPI ZwClose(_In_ HANDLE Handle)
_Must_inspect_result_ _In_ WAIT_TYPE WaitType
_In_ ACCESS_MASK _In_ POBJECT_ATTRIBUTES _Out_ PIO_STATUS_BLOCK _In_opt_ PLARGE_INTEGER _In_ ULONG _In_ ULONG _In_ ULONG _In_ ULONG CreateOptions
NTSYSAPI NTSTATUS NTAPI ZwReplaceKey(_In_ POBJECT_ATTRIBUTES NewFileObjectAttributes, _In_ HANDLE KeyHandle, _In_ POBJECT_ATTRIBUTES OldFileObjectAttributes)
_Out_ PIO_STATUS_BLOCK _In_ ULONG _In_ BOOLEAN _In_ ULONG _In_opt_ PULONG _In_ BOOLEAN RestartScan
_Out_ PIO_STATUS_BLOCK _In_ ULONG _In_ BOOLEAN _In_ ULONG SidListLength
_In_ ACCESS_MASK _In_ POBJECT_ATTRIBUTES _Out_ PIO_STATUS_BLOCK _In_opt_ PLARGE_INTEGER _In_ ULONG _In_ ULONG _In_ ULONG _In_ ULONG _In_opt_ PVOID EaBuffer
NTSYSAPI NTSTATUS NTAPI ZwOpenProcessTokenEx(_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
enum _RESOURCEMANAGER_INFORMATION_CLASS RESOURCEMANAGER_INFORMATION_CLASS
NTSYSAPI NTSTATUS NTAPI ZwWaitForMultipleObjects(_In_ ULONG HandleCount, _In_ PHANDLE Handles, _In_ WAIT_TYPE WaitType, _In_ BOOLEAN Alertable, _In_opt_ PLARGE_INTEGER Timeout)
static HANDLE DirectoryHandle
NTSYSAPI NTSTATUS NTAPI ZwOpenDirectoryObject(_Out_ PHANDLE FileHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes)
_In_ ACCESS_MASK _In_ HANDLE _In_ LPGUID EnlistmentGuid
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_opt_ LPGUID _In_opt_ HANDLE _In_opt_ ULONG _In_opt_ ULONG _In_opt_ ULONG IsolationFlags
_Inout_ __drv_aliasesMem PSLIST_ENTRY _Inout_ PSLIST_ENTRY _In_ ULONG Count
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE TargetHandle
NTSYSCALLAPI NTSTATUS NTAPI ZwOpenEvent(_Out_ PHANDLE EventHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes)
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_opt_ LPGUID _In_opt_ HANDLE _In_opt_ ULONG _In_opt_ ULONG IsolationLevel
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN WatchTree
_In_ ACCESS_MASK _In_ POBJECT_ATTRIBUTES _Out_ PIO_STATUS_BLOCK _In_opt_ PLARGE_INTEGER _In_ ULONG FileAttributes
_In_ ACCESS_MASK _In_ POBJECT_ATTRIBUTES ObjectAttributes
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_opt_ PLARGE_INTEGER _In_ ULONG SectionPageProtection
NTSYSAPI NTSTATUS NTAPI ZwPulseEvent(_In_ HANDLE EventHandle, _In_opt_ PLONG PulseCount)
_In_ ACCESS_MASK _In_ POBJECT_ATTRIBUTES _Reserved_ ULONG _In_opt_ PUNICODE_STRING _In_ ULONG _Out_opt_ PULONG Disposition
IN CINT OUT PVOID ObjectInformation
_Out_ PIO_STATUS_BLOCK _In_ ULONG _In_ BOOLEAN ReturnSingleEntry
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
NTSYSAPI NTSTATUS NTAPI ZwOpenThreadTokenEx(_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
_Out_ PIO_STATUS_BLOCK _In_ ULONG _In_ BOOLEAN _In_reads_bytes_opt_(EaListLength) PVOID EaList
_In_ SYSTEM_POWER_STATE MinSystemState
NTSYSAPI NTSTATUS NTAPI ZwYieldExecution(VOID)
NTSYSAPI NTSTATUS NTAPI ZwDisplayString(_In_ PUNICODE_STRING DisplayString)
_In_ RESOURCEMANAGER_INFORMATION_CLASS ResourceManagerInformationClass
_In_ TIMER_SET_INFORMATION_CLASS _Inout_updates_bytes_opt_(TimerSetInformationLength) PVOID TimerSetInformation
NTSYSAPI NTSTATUS NTAPI ZwClearEvent(_In_ HANDLE EventHandle)
enum _SYSTEM_POWER_STATE SYSTEM_POWER_STATE
_In_ TRANSACTION_INFORMATION_CLASS _In_ ULONG TransactionInformationLength
_In_ PLARGE_INTEGER _In_opt_ PTIMER_APC_ROUTINE _In_opt_ PVOID _In_ BOOLEAN ResumeTimer
_In_ TRANSACTION_INFORMATION_CLASS TransactionInformationClass
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID * BaseAddress
_Inout_ _Inout_ PSIZE_T RegionSize
_In_ ACCESS_MASK _In_ HANDLE _In_opt_ LPGUID ResourceManagerGuid
enum _TIMER_SET_INFORMATION_CLASS TIMER_SET_INFORMATION_CLASS
_In_ ACCESS_MASK DesiredAccess
_Inout_ PUNICODE_STRING LinkTarget
NTSYSAPI NTSTATUS NTAPI ZwLockFile(_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ PLARGE_INTEGER ByteOffset, _In_ PLARGE_INTEGER Length, _In_ ULONG Key, _In_ BOOLEAN FailImmediatedly, _In_ BOOLEAN ExclusiveLock)
_Must_inspect_result_ _In_ ULONG Flags
_In_ RESOURCEMANAGER_INFORMATION_CLASS _In_ ULONG ResourceManagerInformationLength
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID _In_ ULONG_PTR ZeroBits
enum _OBJECT_INFORMATION_CLASS OBJECT_INFORMATION_CLASS
NTSYSAPI NTSTATUS NTAPI ZwQueryInformationProcess(_In_ HANDLE ProcessHandle, _In_ PROCESSINFOCLASS ProcessInformationClass, _Out_ PVOID ProcessInformation, _In_ ULONG ProcessInformationLength, _Out_opt_ PULONG ReturnLength)
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID _In_ ULONG_PTR _In_ SIZE_T _Inout_opt_ PLARGE_INTEGER _Inout_ PSIZE_T _In_ SECTION_INHERIT _In_ ULONG _In_ ULONG Protect
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_opt_ PLARGE_INTEGER _In_ ULONG _In_ ULONG _In_opt_ HANDLE FileHandle
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG TokenInformationLength
DWORD SECURITY_INFORMATION
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ EVENT_TYPE _In_ BOOLEAN InitialState
_In_ ACCESS_MASK _In_ POBJECT_ATTRIBUTES _Out_ PIO_STATUS_BLOCK _In_opt_ PLARGE_INTEGER _In_ ULONG _In_ ULONG ShareAccess
_When_(Timeout==NULL, _IRQL_requires_max_(APC_LEVEL)) _When_(Timeout-> QuadPart!=0
NTSYSAPI NTSTATUS NTAPI ZwSetInformationToken(_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Out_ PVOID TokenInformation, _In_ ULONG TokenInformationLength)
NTSYSAPI NTSTATUS NTAPI ZwInitiatePowerAction(_In_ POWER_ACTION SystemAction, _In_ SYSTEM_POWER_STATE MinSystemState, _In_ ULONG Flags, _In_ BOOLEAN Asynchronous)
enum _KEY_SET_INFORMATION_CLASS KEY_SET_INFORMATION_CLASS
_In_opt_ HANDLE _In_opt_ PIO_APC_ROUTINE _In_opt_ PVOID _Out_ PIO_STATUS_BLOCK _In_ ULONG _In_ BOOLEAN WatchSubtree
_In_ HANDLE _In_opt_ HANDLE TargetProcessHandle
NTSYSAPI NTSTATUS NTAPI ZwCreateDirectoryObject(_Out_ PHANDLE DirectoryHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes)
_IRQL_requires_max_(PASSIVE_LEVEL) NTSYSAPI NTSTATUS NTAPI ZwTerminateProcess(_In_opt_ HANDLE ProcessHandle
_In_ ACCESS_MASK _In_ POBJECT_ATTRIBUTES _Reserved_ ULONG TitleIndex
NTSYSAPI NTSTATUS NTAPI ZwFsControlFile(IN HANDLE DeviceHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, IN ULONG IoControlCode, IN PVOID InputBuffer, IN ULONG InputBufferSize, OUT PVOID OutputBuffer, IN ULONG OutputBufferSize)
_In_ ACCESS_MASK _In_ HANDLE _In_ HANDLE _In_opt_ POBJECT_ATTRIBUTES _In_opt_ ULONG _In_ NOTIFICATION_MASK NotificationMask
NTSYSAPI NTSTATUS NTAPI ZwSetDefaultLocale(_In_ BOOLEAN UserProfile, _In_ LCID DefaultLocaleId)
NTSYSAPI NTSTATUS NTAPI ZwQueryDefaultLocale(_In_ BOOLEAN UserProfile, _Out_ PLCID DefaultLocaleId)
_In_ OBJECT_INFORMATION_CLASS ObjectInformationClass
_In_ ACCESS_MASK _In_ POBJECT_ATTRIBUTES _Out_ PIO_STATUS_BLOCK _In_opt_ PLARGE_INTEGER _In_ ULONG _In_ ULONG _In_ ULONG CreateDisposition
_Out_ PIO_STATUS_BLOCK _In_ ULONG _In_ FILE_INFORMATION_CLASS FileInformationClass
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_opt_ PLARGE_INTEGER _In_ ULONG _In_ ULONG AllocationAttributes
#define _At_(target, annos)
NTSYSAPI NTSTATUS NTAPI ZwUnloadDriver(_In_ PUNICODE_STRING DriverServiceName)
NTSYSAPI NTSTATUS NTAPI ZwLoadKey(_In_ POBJECT_ATTRIBUTES KeyObjectAttributes, _In_ POBJECT_ATTRIBUTES FileObjectAttributes)
_Must_inspect_result_ __drv_aliasesMem _In_ PDEVICE_OBJECT _In_opt_ PVOID _In_ ULONG _Out_opt_ PVOID OutputBuffer
NTSYSAPI NTSTATUS NTAPI ZwAllocateLocallyUniqueId(_Out_ LUID *LocallyUniqueId)
_Out_ PIO_STATUS_BLOCK _Out_writes_bytes_(Length) PVOID Buffer
_In_ THREADINFOCLASS _In_ ULONG ThreadInformationLength
enum _FSINFOCLASS FS_INFORMATION_CLASS
_In_ ULONG _In_ KEY_INFORMATION_CLASS _In_ ULONG _Out_ PULONG ResultLength
enum _EVENT_TYPE EVENT_TYPE
_Out_ PIO_STATUS_BLOCK _In_ ULONG _In_ BOOLEAN _In_ ULONG _In_opt_ PULONG EaIndex
_In_ _In_ ULONG KeySetInformationLength
VOID(NTAPI * PTIMER_APC_ROUTINE)(_In_ PVOID TimerContext, _In_ ULONG TimerLowValue, _In_ LONG TimerHighValue)
enum _FILE_INFORMATION_CLASS FILE_INFORMATION_CLASS
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ EVENT_TYPE EventType
_In_ ULONG _In_ KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass
enum _TOKEN_TYPE TOKEN_TYPE
_In_opt_ HANDLE _In_opt_ PIO_APC_ROUTINE _In_opt_ PVOID _Out_ PIO_STATUS_BLOCK _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ BOOLEAN FailImmediately
enum _ENLISTMENT_INFORMATION_CLASS ENLISTMENT_INFORMATION_CLASS
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass
NTSYSAPI NTSTATUS NTAPI ZwUnloadKey(_In_ POBJECT_ATTRIBUTES KeyObjectAttributes)
_In_ BOOLEAN _In_opt_ PLARGE_INTEGER Timeout
enum _TRANSACTIONMANAGER_INFORMATION_CLASS TRANSACTIONMANAGER_INFORMATION_CLASS
_In_ KTMOBJECT_TYPE _Inout_updates_bytes_(ObjectCursorLength) PKTMOBJECT_CURSOR ObjectCursor
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID _In_ ULONG_PTR _In_ SIZE_T _Inout_opt_ PLARGE_INTEGER _Inout_ PSIZE_T ViewSize
_In_ ACCESS_MASK _In_ POBJECT_ATTRIBUTES _Out_ PIO_STATUS_BLOCK _In_ ULONG _In_ ULONG OpenOptions
#define _Outptr_result_buffer_(size)
_In_ ENLISTMENT_INFORMATION_CLASS _In_ ULONG EnlistmentInformationLength
_In_ TIMER_SET_INFORMATION_CLASS TimerSetInformationClass
_Must_inspect_result_ NTSYSAPI NTSTATUS NTAPI ZwAdjustPrivilegesToken(_In_ HANDLE TokenHandle, _In_ BOOLEAN DisableAllPrivileges, _In_opt_ PTOKEN_PRIVILEGES NewState, _In_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength,*ReturnLength) PTOKEN_PRIVILEGES PreviousState, _When_(PreviousState!=NULL, _Out_) PULONG ReturnLength)
NTSYSAPI NTSTATUS NTAPI ZwQueryFullAttributesFile(_In_ POBJECT_ATTRIBUTES ObjectAttributes, _Out_ PFILE_NETWORK_OPEN_INFORMATION FileInformation)
enum _POWER_INFORMATION_LEVEL POWER_INFORMATION_LEVEL
_In_opt_ HANDLE _In_opt_ PIO_APC_ROUTINE _In_opt_ PVOID _Out_ PIO_STATUS_BLOCK _In_ ULONG _In_ BOOLEAN _In_ ULONG BufferLength
_Out_ PIO_STATUS_BLOCK _In_ ULONG _In_ BOOLEAN _In_ ULONG _In_opt_ PSID StartSid
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
enum _WAIT_TYPE WAIT_TYPE
NTSYSCALLAPI NTSTATUS NTAPI ZwRollbackComplete(_In_ HANDLE EnlistmentHandle, _In_opt_ PLARGE_INTEGER TmVirtualClock)
_In_ TRANSACTIONMANAGER_INFORMATION_CLASS _In_ PVOID TransactionManagerInformation
_In_ THREADINFOCLASS ThreadInformationClass
enum _TOKEN_INFORMATION_CLASS TOKEN_INFORMATION_CLASS
_In_ TRANSACTIONMANAGER_INFORMATION_CLASS _In_ ULONG TransactionManagerInformationLength
NTSYSAPI NTSTATUS NTAPI ZwQueryVolumeInformationFile(IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock, OUT PVOID FsInformation, IN ULONG Length, IN FS_INFORMATION_CLASS FsInformationClass)
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID _In_ ULONG_PTR _In_ SIZE_T CommitSize
NTSYSAPI NTSTATUS NTAPI ZwOpenFile(_Out_ PHANDLE FileHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ ULONG ShareAccess, _In_ ULONG OpenOptions)
enum _TIMER_TYPE TIMER_TYPE
_In_opt_ HANDLE EventHandle
NTSYSAPI NTSTATUS NTAPI ZwSetInformationProcess(_In_ HANDLE ProcessHandle, _In_ PROCESSINFOCLASS ProcessInformationClass, _In_ PVOID ProcessInformation, _In_ ULONG ProcessInformationLength)
NTSYSAPI NTSTATUS NTAPI ZwSetQuotaInformationFile(_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ PVOID Buffer, _In_ ULONG BufferLength)
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ TIMER_TYPE TimerType
_In_ TRANSACTIONMANAGER_INFORMATION_CLASS TransactionManagerInformationClass
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_opt_ PUNICODE_STRING _In_opt_ ULONG _In_opt_ ULONG CommitStrength
NTSYSAPI NTSTATUS NTAPI ZwSaveKey(_In_ HANDLE KeyHandle, _In_ HANDLE FileHandle)
_In_ TOKEN_INFORMATION_CLASS _Out_writes_bytes_to_opt_(Length,*ResultLength) PVOID TokenInformation
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_opt_ LPGUID _In_opt_ HANDLE _In_opt_ ULONG _In_opt_ ULONG _In_opt_ ULONG _In_opt_ PLARGE_INTEGER _In_opt_ PUNICODE_STRING Description
NTSYSAPI NTSTATUS NTAPI ZwSetEvent(_In_ HANDLE EventHandle, _Out_opt_ PLONG PreviousState)
_In_opt_ HANDLE _In_opt_ PIO_APC_ROUTINE _In_opt_ PVOID ApcContext
_In_ __drv_strictTypeMatch(__drv_typeConst) KEY_SET_INFORMATION_CLASS KeySetInformationClass
_Out_ PIO_STATUS_BLOCK _In_ ULONG _In_ BOOLEAN _In_ ULONG EaListLength
_In_ PLARGE_INTEGER _In_opt_ PTIMER_APC_ROUTINE _In_opt_ PVOID _In_ BOOLEAN _In_opt_ LONG Period
__drv_allocatesMem(TimerObject)) NTSTATUS NTAPI ZwCreateTimer(_Out_ PHANDLE TimerHandle
_In_ ACCESS_MASK _In_ POBJECT_ATTRIBUTES _In_opt_ PCLIENT_ID ClientId
_In_ TIMER_SET_INFORMATION_CLASS _In_ ULONG TimerSetInformationLength
ACPI_EFI_STATUS ExitStatus
_In_ PLARGE_INTEGER ByteOffset
enum _TRANSACTION_INFORMATION_CLASS TRANSACTION_INFORMATION_CLASS
_Post_satisfies_(return< 0)) _When_(Length > 0
static GENERIC_MAPPING GenericMapping
_In_ PLARGE_INTEGER _In_opt_ PTIMER_APC_ROUTINE _In_opt_ PVOID _In_ BOOLEAN _In_opt_ LONG _Out_opt_ PBOOLEAN PreviousState
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID _In_ ULONG_PTR _In_ SIZE_T _Inout_opt_ PLARGE_INTEGER _Inout_ PSIZE_T _In_ SECTION_INHERIT InheritDisposition
_Inout_ __drv_freesMem(Mem) PVOID *BaseAddress
NTSYSAPI NTSTATUS NTAPI ZwOpenThread(_Out_ PHANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ PCLIENT_ID ClientId)
_Out_ PTRANSACTION_NOTIFICATION _In_ ULONG NotificationLength
enum _THREADINFOCLASS THREADINFOCLASS
NTSYSAPI NTSTATUS NTAPI ZwNotifyChangeMultipleKeys(_In_ HANDLE MasterKeyHandle, _In_opt_ ULONG Count, _In_opt_ OBJECT_ATTRIBUTES SubordinateObjects[], _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ ULONG CompletionFilter, _In_ BOOLEAN WatchTree, _Out_opt_ PVOID Buffer, _In_ ULONG BufferSize, _In_ BOOLEAN Asynchronous)
_Out_ PTRANSACTION_NOTIFICATION _In_ ULONG _In_ PLARGE_INTEGER _Out_opt_ PULONG _In_ ULONG _In_opt_ ULONG_PTR AsynchronousContext
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID _In_ ULONG_PTR _In_ SIZE_T _Inout_opt_ PLARGE_INTEGER SectionOffset
NTSYSAPI NTSTATUS NTAPI ZwOpenProcessToken(_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _Out_ PHANDLE TokenHandle)
NTSYSAPI NTSTATUS NTAPI ZwOpenThreadToken(_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _Out_ PHANDLE TokenHandle)
_In_ ACCESS_MASK _In_ POBJECT_ATTRIBUTES _Out_ PIO_STATUS_BLOCK _In_opt_ PLARGE_INTEGER _In_ ULONG _In_ ULONG _In_ ULONG _In_ ULONG _In_ ULONG EaLength
_Inout_ _Inout_ PSIZE_T _In_ ULONG FreeType
_Out_ PIO_STATUS_BLOCK IoStatusBlock
_In_opt_ HANDLE _In_opt_ PIO_APC_ROUTINE _In_opt_ PVOID _Out_ PIO_STATUS_BLOCK _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ BOOLEAN _In_ BOOLEAN ExclusiveLock
_Out_ PIO_STATUS_BLOCK _In_reads_bytes_(Length) PVOID Buffer
_In_ OBJECT_INFORMATION_CLASS _In_ ULONG _Out_opt_ PULONG ReturnLength
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG CompletionFilter
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_opt_ PUNICODE_STRING _In_opt_ LPGUID TmIdentity
_In_ ULONG InputBufferLength
_In_ PLARGE_INTEGER DueTime
_In_ ACCESS_MASK _In_ POBJECT_ATTRIBUTES _Reserved_ ULONG _In_opt_ PUNICODE_STRING _In_ ULONG _In_ HANDLE TransactionHandle
_In_ KTMOBJECT_TYPE _In_ ULONG ObjectCursorLength
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE _In_ ACCESS_MASK _In_ ULONG _In_ ULONG Options
_In_ OBJECT_INFORMATION_CLASS _In_ ULONG ObjectInformationLength
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
_In_ PUNICODE_STRING NewName
enum _PROCESSINFOCLASS PROCESSINFOCLASS
_Out_ PFILE_NETWORK_OPEN_INFORMATION FileInformation
enum _KTMOBJECT_TYPE KTMOBJECT_TYPE
$endif(_NTDDK_) $if(_NTIFS_) _IRQL_requires_max_(PASSIVE_LEVEL) NTSYSAPI NTSTATUS NTAPI ZwQueryEaFile(_In_ HANDLE FileHandle
#define _Outptr_result_bytebuffer_(size)
ACCESS_MASK * PACCESS_MASK
_In_ PLARGE_INTEGER _In_opt_ PTIMER_APC_ROUTINE _In_opt_ PVOID TimerContext
_In_ ACCESS_MASK _In_ BOOLEAN OpenAsSelf
NTSYSAPI NTSTATUS NTAPI ZwQueryMultipleValueKey(_In_ HANDLE KeyHandle, _Inout_ PKEY_VALUE_ENTRY ValueEntries, _In_ ULONG EntryCount, _Out_ PVOID ValueBuffer, _Inout_ PULONG BufferLength, _Out_opt_ PULONG RequiredBufferLength)
_In_ PLARGE_INTEGER _In_opt_ PTIMER_APC_ROUTINE TimerApcRoutine
NTSYSAPI NTSTATUS NTAPI ZwSetSystemTime(_In_ PLARGE_INTEGER NewTime, _Out_opt_ PLARGE_INTEGER OldTime)
_In_opt_ HANDLE _In_opt_ PIO_APC_ROUTINE _In_opt_ PVOID _Out_ PIO_STATUS_BLOCK _In_ ULONG FsControlCode
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_opt_ PLARGE_INTEGER MaximumSize
NTSYSAPI NTSTATUS NTAPI ZwResetEvent(_In_ HANDLE EventHandle, _Out_opt_ PLONG NumberOfWaitingThreads)
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_opt_ LPGUID Uow
NTSYSAPI NTSTATUS NTAPI ZwAccessCheckAndAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_ PACCESS_MASK GrantedAccess, _Out_ PBOOLEAN AccessStatus, _Out_ PBOOLEAN GenerateOnClose)
_In_ PUNICODE_STRING ValueName
_Out_ PTRANSACTION_NOTIFICATION TransactionNotification
NTSYSAPI NTSTATUS NTAPI ZwOpenSection(_Out_ PHANDLE SectionHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes)
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
_Out_ PIO_STATUS_BLOCK _In_ ULONG _In_ FS_INFORMATION_CLASS FsInformationClass
_In_ ULONG _In_ ULONG OutputBufferLength
enum _SECTION_INHERIT SECTION_INHERIT
NTSYSAPI NTSTATUS NTAPI ZwMakeTemporaryObject(_In_ HANDLE Handle)
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
_In_ ACCESS_MASK _In_ HANDLE _In_ HANDLE _In_opt_ POBJECT_ATTRIBUTES _In_opt_ ULONG _In_ NOTIFICATION_MASK _In_opt_ PVOID EnlistmentKey
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_opt_ LPGUID _In_opt_ HANDLE TmHandle
ACPI_EFI_GUID ACPI_EFI_OPEN_PROTOCOL_INFORMATION_ENTRY UINTN * EntryCount
NTSYSAPI NTSTATUS NTAPI ZwAlertThread(_In_ HANDLE ThreadHandle)
NTSYSAPI NTSTATUS NTAPI ZwSetDefaultUILanguage(LANGID LanguageId)
_Out_opt_ PBOOLEAN CurrentState
_In_ ACCESS_MASK _In_ HANDLE RmHandle
NTSYSCALLAPI NTSTATUS NTAPI ZwSinglePhaseReject(_In_ HANDLE EnlistmentHandle, _In_opt_ PLARGE_INTEGER TmVirtualClock)
_In_opt_ HANDLE _In_opt_ PIO_APC_ROUTINE _In_opt_ PVOID _Out_ PIO_STATUS_BLOCK _In_ ULONG NotifyFilter
NTSYSAPI NTSTATUS NTAPI ZwOpenSymbolicLinkObject(_Out_ PHANDLE SymbolicLinkHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes)
enum _KEY_VALUE_INFORMATION_CLASS KEY_VALUE_INFORMATION_CLASS
_In_opt_ HANDLE _In_opt_ PIO_APC_ROUTINE _In_opt_ PVOID _Out_ PIO_STATUS_BLOCK _In_ ULONG _In_ BOOLEAN _In_ ULONG _In_ BOOLEAN Asynchronous
_In_ ULONG _In_ KEY_INFORMATION_CLASS _Out_writes_bytes_opt_(Length) PVOID KeyInformation
1.8.6