8 #define NtCurrentProcess() ( (HANDLE)(LONG_PTR) -1 ) 9 #define ZwCurrentProcess() NtCurrentProcess() 10 #define NtCurrentThread() ( (HANDLE)(LONG_PTR) -2 ) 11 #define ZwCurrentThread() NtCurrentThread() 80 #if (NTDDI_VERSION >= NTDDI_WIN2K) 266 ZwQueryInformationFile(
290 ZwQuerySymbolicLinkObject(
328 ZwSetInformationFile(
358 ZwUnmapViewOfSection(
417 ZwSetInformationThread(
532 ZwQueryDirectoryFile(
549 ZwSetVolumeInformationFile(
600 ZwAllocateVirtualMemory(
624 ZwWaitForSingleObject(
641 ZwFlushVirtualMemory(
651 ZwQueryInformationToken(
671 ZwQuerySecurityObject(
681 #if (NTDDI_VERSION >= NTDDI_WINXP) 708 #if (NTDDI_VERSION >= NTDDI_WS03) 721 #if (NTDDI_VERSION >= NTDDI_VISTA) 728 ZwCreateKeyTransacted(
752 ZwCreateTransactionManager(
764 ZwOpenTransactionManager(
776 ZwRollforwardTransactionManager(
784 ZwRecoverTransactionManager(
791 ZwQueryInformationTransactionManager(
802 ZwSetInformationTransactionManager(
812 ZwEnumerateTransactionObject(
850 ZwQueryInformationTransaction(
861 ZwSetInformationTransaction(
879 ZwRollbackTransaction(
887 ZwCreateResourceManager(
900 ZwOpenResourceManager(
911 ZwRecoverResourceManager(
918 ZwGetNotificationResourceManager(
931 ZwQueryInformationResourceManager(
942 ZwSetInformationResourceManager(
977 ZwQueryInformationEnlistment(
988 ZwSetInformationEnlistment(
1006 ZwPrePrepareEnlistment(
1014 ZwPrepareEnlistment(
1030 ZwRollbackEnlistment(
1038 ZwPrePrepareComplete(
1062 ZwReadOnlyEnlistment(
1145 #if (NTDDI_VERSION >= NTDDI_WIN7) 1162 ZwOpenKeyTransactedEx(
1209 ZwSetInformationKey(
1239 #if (VER_PRODUCTBUILD >= 2195) 1277 #if (VER_PRODUCTBUILD >= 2195) 1330 #if (VER_PRODUCTBUILD >= 2195) 1395 #if (VER_PRODUCTBUILD >= 2195) 1400 ZwQueryDirectoryObject(
1439 #if (VER_PRODUCTBUILD >= 2195) 1466 #if (VER_PRODUCTBUILD >= 2195)
_In_ KTMOBJECT_TYPE QueryType
NTSYSAPI NTSTATUS NTAPI ZwQueryQuotaInformationFile(_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _Out_ PVOID Buffer, _In_ ULONG Length, _In_ BOOLEAN ReturnSingleEntry, _In_opt_ PVOID SidList, _In_ ULONG SidListLength, _In_opt_ PSID StartSid, _In_ BOOLEAN RestartScan)
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_opt_ PUNICODE_STRING LogFileName
_In_ ENLISTMENT_INFORMATION_CLASS EnlistmentInformationClass
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
_Inout_ PUNICODE_STRING _Out_opt_ PULONG ReturnedLength
_In_ HANDLE ProcessHandle
NTSYSAPI NTSTATUS NTAPI ZwCancelIoFile(_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock)
_In_opt_ HANDLE _In_opt_ PIO_APC_ROUTINE _In_opt_ PVOID _Out_ PIO_STATUS_BLOCK _In_ ULONG IoControlCode
NTSYSAPI NTSTATUS NTAPI ZwFlushInstructionCache(_In_ HANDLE ProcessHandle, _In_opt_ PVOID BaseAddress, _In_ ULONG FlushSize)
_In_ SECURITY_INFORMATION _Out_writes_bytes_to_(Length, *ResultLength) PSECURITY_DESCRIPTOR SecurityDescriptor
#define _Must_inspect_result_
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID _In_ ULONG_PTR _In_ SIZE_T _Inout_opt_ PLARGE_INTEGER _Inout_ PSIZE_T _In_ SECTION_INHERIT _In_ ULONG AllocationType
NTSYSAPI NTSTATUS NTAPI ZwDeviceIoControlFile(IN HANDLE DeviceHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL, IN PVOID UserApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, IN ULONG IoControlCode, IN PVOID InputBuffer, IN ULONG InputBufferSize, OUT PVOID OutputBuffer, IN ULONG OutputBufferSize)
VOID(* PIO_APC_ROUTINE)(IN PVOID ApcContext, IN PIO_STATUS_BLOCK IoStatusBlock, IN ULONG Reserved)
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE _In_ ACCESS_MASK _In_ ULONG HandleAttributes
_In_ TRANSACTION_INFORMATION_CLASS _In_ PVOID TransactionInformation
NTSYSAPI NTSTATUS NTAPI ZwCloseObjectAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_ PVOID HandleId, _In_ BOOLEAN GenerateOnClose)
_In_opt_ PLARGE_INTEGER TmVirtualClock
_In_ SECURITY_INFORMATION SecurityInformation
_Must_inspect_result_ _Out_ PNDIS_STATUS _In_ NDIS_HANDLE _In_ ULONG _Out_ PNDIS_STRING _Out_ PNDIS_HANDLE KeyHandle
_In_opt_ HANDLE _In_opt_ PIO_APC_ROUTINE ApcRoutine
NTSYSAPI NTSTATUS NTAPI ZwUnlockFile(_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ PLARGE_INTEGER ByteOffset, _In_ PLARGE_INTEGER Length, _In_opt_ ULONG Key)
_In_ ULONG _In_ KEY_INFORMATION_CLASS KeyInformationClass
NTSYSAPI NTSTATUS NTAPI ZwDeleteFile(_In_ POBJECT_ATTRIBUTES ObjectAttributes)
enum _KEY_INFORMATION_CLASS KEY_INFORMATION_CLASS
NTSYSAPI NTSTATUS NTAPI ZwFlushBuffersFile(_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock)
_In_ ACCESS_MASK _In_ HANDLE ResourceManagerHandle
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID _In_ ULONG_PTR _In_ SIZE_T _Inout_opt_ PLARGE_INTEGER _Inout_ PSIZE_T _In_ SECTION_INHERIT _In_ ULONG _In_ ULONG Protect
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE _Out_ PHANDLE NewTokenHandle
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
NTSYSAPI NTSTATUS NTAPI ZwCreateSymbolicLinkObject(_Out_ PHANDLE SymbolicLinkHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ PUNICODE_STRING TargetName)
_In_ ACCESS_MASK _In_ POBJECT_ATTRIBUTES _Out_ PIO_STATUS_BLOCK _In_opt_ PLARGE_INTEGER AllocationSize
NTSYSAPI NTSTATUS NTAPI ZwClose(_In_ HANDLE Handle)
_In_ PUNICODE_STRING _In_opt_ ULONG _In_ ULONG _In_ ULONG DataSize
_In_ ACCESS_MASK _In_ POBJECT_ATTRIBUTES _Out_ PIO_STATUS_BLOCK _In_opt_ PLARGE_INTEGER _In_ ULONG _In_ ULONG _In_ ULONG _In_ ULONG CreateOptions
NTSYSAPI NTSTATUS NTAPI ZwReplaceKey(_In_ POBJECT_ATTRIBUTES NewFileObjectAttributes, _In_ HANDLE KeyHandle, _In_ POBJECT_ATTRIBUTES OldFileObjectAttributes)
_Out_ PIO_STATUS_BLOCK _In_ ULONG _In_ BOOLEAN _In_ ULONG _In_opt_ PULONG _In_ BOOLEAN RestartScan
_Out_ PIO_STATUS_BLOCK _In_ ULONG _In_ BOOLEAN _In_ ULONG SidListLength
_In_ ACCESS_MASK _In_ POBJECT_ATTRIBUTES _Out_ PIO_STATUS_BLOCK _In_opt_ PLARGE_INTEGER _In_ ULONG _In_ ULONG _In_ ULONG _In_ ULONG _In_opt_ PVOID EaBuffer
NTSYSAPI NTSTATUS NTAPI ZwOpenProcessTokenEx(_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
enum _RESOURCEMANAGER_INFORMATION_CLASS RESOURCEMANAGER_INFORMATION_CLASS
NTSYSAPI NTSTATUS NTAPI ZwWaitForMultipleObjects(_In_ ULONG HandleCount, _In_ PHANDLE Handles, _In_ WAIT_TYPE WaitType, _In_ BOOLEAN Alertable, _In_opt_ PLARGE_INTEGER Timeout)
static HANDLE DirectoryHandle
NTSYSAPI NTSTATUS NTAPI ZwOpenDirectoryObject(_Out_ PHANDLE FileHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes)
_In_ ACCESS_MASK _In_ HANDLE _In_ LPGUID EnlistmentGuid
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_opt_ LPGUID _In_opt_ HANDLE _In_opt_ ULONG _In_opt_ ULONG _In_opt_ ULONG IsolationFlags
_Inout_ __drv_aliasesMem PSLIST_ENTRY _Inout_ PSLIST_ENTRY _In_ ULONG Count
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE TargetHandle
NTSYSCALLAPI NTSTATUS NTAPI ZwOpenEvent(_Out_ PHANDLE EventHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes)
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_opt_ LPGUID _In_opt_ HANDLE _In_opt_ ULONG _In_opt_ ULONG IsolationLevel
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN WatchTree
_In_ ACCESS_MASK _In_ POBJECT_ATTRIBUTES _Out_ PIO_STATUS_BLOCK _In_opt_ PLARGE_INTEGER _In_ ULONG FileAttributes
_In_ ACCESS_MASK _In_ POBJECT_ATTRIBUTES ObjectAttributes
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_opt_ PLARGE_INTEGER _In_ ULONG SectionPageProtection
NTSYSAPI NTSTATUS NTAPI ZwPulseEvent(_In_ HANDLE EventHandle, _In_opt_ PLONG PulseCount)
_In_ ACCESS_MASK _In_ POBJECT_ATTRIBUTES _Reserved_ ULONG _In_opt_ PUNICODE_STRING _In_ ULONG _Out_opt_ PULONG Disposition
IN CINT OUT PVOID ObjectInformation
_Out_ PIO_STATUS_BLOCK _In_ ULONG _In_ BOOLEAN ReturnSingleEntry
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
NTSYSAPI NTSTATUS NTAPI ZwOpenThreadTokenEx(_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
_Out_ PIO_STATUS_BLOCK _In_ ULONG _In_ BOOLEAN _In_reads_bytes_opt_(EaListLength) PVOID EaList
_In_ SYSTEM_POWER_STATE MinSystemState
NTSYSAPI NTSTATUS NTAPI ZwYieldExecution(VOID)
NTSYSAPI NTSTATUS NTAPI ZwDisplayString(_In_ PUNICODE_STRING DisplayString)
_In_ RESOURCEMANAGER_INFORMATION_CLASS ResourceManagerInformationClass
_In_ TIMER_SET_INFORMATION_CLASS _Inout_updates_bytes_opt_(TimerSetInformationLength) PVOID TimerSetInformation
NTSYSAPI NTSTATUS NTAPI ZwClearEvent(_In_ HANDLE EventHandle)
enum _SYSTEM_POWER_STATE SYSTEM_POWER_STATE
_In_ TRANSACTION_INFORMATION_CLASS _In_ ULONG TransactionInformationLength
_In_ PLARGE_INTEGER _In_opt_ PTIMER_APC_ROUTINE _In_opt_ PVOID _In_ BOOLEAN ResumeTimer
_In_ TRANSACTION_INFORMATION_CLASS TransactionInformationClass
VOID(CALLBACK * PTIMER_APC_ROUTINE)(PVOID, ULONG, LONG)
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID * BaseAddress
_Inout_ _Inout_ PSIZE_T RegionSize
_In_ ACCESS_MASK _In_ HANDLE _In_opt_ LPGUID ResourceManagerGuid
enum _TIMER_SET_INFORMATION_CLASS TIMER_SET_INFORMATION_CLASS
_In_ ACCESS_MASK DesiredAccess
_Inout_ PUNICODE_STRING LinkTarget
NTSYSAPI NTSTATUS NTAPI ZwLockFile(_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ PLARGE_INTEGER ByteOffset, _In_ PLARGE_INTEGER Length, _In_ ULONG Key, _In_ BOOLEAN FailImmediatedly, _In_ BOOLEAN ExclusiveLock)
_Must_inspect_result_ _In_ ULONG Flags
_In_ RESOURCEMANAGER_INFORMATION_CLASS _In_ ULONG ResourceManagerInformationLength
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID _In_ ULONG_PTR ZeroBits
enum _OBJECT_INFORMATION_CLASS OBJECT_INFORMATION_CLASS
NTSYSAPI NTSTATUS NTAPI ZwQueryInformationProcess(_In_ HANDLE ProcessHandle, _In_ PROCESSINFOCLASS ProcessInformationClass, _Out_ PVOID ProcessInformation, _In_ ULONG ProcessInformationLength, _Out_opt_ PULONG ReturnLength)
_Must_inspect_result_ NTSYSAPI NTSTATUS NTAPI ZwAdjustPrivilegesToken(_In_ HANDLE TokenHandle, _In_ BOOLEAN DisableAllPrivileges, _In_opt_ PTOKEN_PRIVILEGES NewState, _In_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, _When_(PreviousState !=NULL, _Out_) PULONG ReturnLength)
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_opt_ PLARGE_INTEGER _In_ ULONG _In_ ULONG _In_opt_ HANDLE FileHandle
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG TokenInformationLength
DWORD SECURITY_INFORMATION
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ EVENT_TYPE _In_ BOOLEAN InitialState
_In_ ACCESS_MASK _In_ POBJECT_ATTRIBUTES _Out_ PIO_STATUS_BLOCK _In_opt_ PLARGE_INTEGER _In_ ULONG _In_ ULONG ShareAccess
NTSYSAPI NTSTATUS NTAPI ZwSetInformationToken(_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Out_ PVOID TokenInformation, _In_ ULONG TokenInformationLength)
NTSYSAPI NTSTATUS NTAPI ZwInitiatePowerAction(_In_ POWER_ACTION SystemAction, _In_ SYSTEM_POWER_STATE MinSystemState, _In_ ULONG Flags, _In_ BOOLEAN Asynchronous)
enum _KEY_SET_INFORMATION_CLASS KEY_SET_INFORMATION_CLASS
_In_opt_ HANDLE _In_opt_ PIO_APC_ROUTINE _In_opt_ PVOID _Out_ PIO_STATUS_BLOCK _In_ ULONG _In_ BOOLEAN WatchSubtree
_In_ HANDLE _In_opt_ HANDLE TargetProcessHandle
NTSYSAPI NTSTATUS NTAPI ZwCreateDirectoryObject(_Out_ PHANDLE DirectoryHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes)
_IRQL_requires_max_(PASSIVE_LEVEL) NTSYSAPI NTSTATUS NTAPI ZwTerminateProcess(_In_opt_ HANDLE ProcessHandle
_In_ ACCESS_MASK _In_ POBJECT_ATTRIBUTES _Reserved_ ULONG TitleIndex
NTSYSAPI NTSTATUS NTAPI ZwFsControlFile(IN HANDLE DeviceHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, IN ULONG IoControlCode, IN PVOID InputBuffer, IN ULONG InputBufferSize, OUT PVOID OutputBuffer, IN ULONG OutputBufferSize)
_In_ ACCESS_MASK _In_ HANDLE _In_ HANDLE _In_opt_ POBJECT_ATTRIBUTES _In_opt_ ULONG _In_ NOTIFICATION_MASK NotificationMask
NTSYSAPI NTSTATUS NTAPI ZwSetDefaultLocale(_In_ BOOLEAN UserProfile, _In_ LCID DefaultLocaleId)
NTSYSAPI NTSTATUS NTAPI ZwQueryDefaultLocale(_In_ BOOLEAN UserProfile, _Out_ PLCID DefaultLocaleId)
_In_ OBJECT_INFORMATION_CLASS ObjectInformationClass
_In_ ACCESS_MASK _In_ POBJECT_ATTRIBUTES _Out_ PIO_STATUS_BLOCK _In_opt_ PLARGE_INTEGER _In_ ULONG _In_ ULONG _In_ ULONG CreateDisposition
_Out_ PIO_STATUS_BLOCK _In_ ULONG _In_ FILE_INFORMATION_CLASS FileInformationClass
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_opt_ PLARGE_INTEGER _In_ ULONG _In_ ULONG AllocationAttributes
#define _At_(target, annos)
NTSYSAPI NTSTATUS NTAPI ZwUnloadDriver(_In_ PUNICODE_STRING DriverServiceName)
NTSYSAPI NTSTATUS NTAPI ZwLoadKey(_In_ POBJECT_ATTRIBUTES KeyObjectAttributes, _In_ POBJECT_ATTRIBUTES FileObjectAttributes)
_Must_inspect_result_ __drv_aliasesMem _In_ PDEVICE_OBJECT _In_opt_ PVOID _In_ ULONG _Out_opt_ PVOID OutputBuffer
NTSYSAPI NTSTATUS NTAPI ZwAllocateLocallyUniqueId(_Out_ LUID *LocallyUniqueId)
_Out_ PIO_STATUS_BLOCK _Out_writes_bytes_(Length) PVOID Buffer
_In_ THREADINFOCLASS _In_ ULONG ThreadInformationLength
enum _FSINFOCLASS FS_INFORMATION_CLASS
_In_ ULONG _In_ KEY_INFORMATION_CLASS _In_ ULONG _Out_ PULONG ResultLength
enum _EVENT_TYPE EVENT_TYPE
_Out_ PIO_STATUS_BLOCK _In_ ULONG _In_ BOOLEAN _In_ ULONG _In_opt_ PULONG EaIndex
_In_ _In_ ULONG KeySetInformationLength
enum _FILE_INFORMATION_CLASS FILE_INFORMATION_CLASS
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ EVENT_TYPE EventType
_In_ ULONG _In_ KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass
_In_opt_ HANDLE _In_opt_ PIO_APC_ROUTINE _In_opt_ PVOID _Out_ PIO_STATUS_BLOCK _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ BOOLEAN FailImmediately
enum _ENLISTMENT_INFORMATION_CLASS ENLISTMENT_INFORMATION_CLASS
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass
NTSYSAPI NTSTATUS NTAPI ZwUnloadKey(_In_ POBJECT_ATTRIBUTES KeyObjectAttributes)
_In_ BOOLEAN _In_opt_ PLARGE_INTEGER Timeout
enum _TRANSACTIONMANAGER_INFORMATION_CLASS TRANSACTIONMANAGER_INFORMATION_CLASS
_In_ KTMOBJECT_TYPE _Inout_updates_bytes_(ObjectCursorLength) PKTMOBJECT_CURSOR ObjectCursor
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID _In_ ULONG_PTR _In_ SIZE_T _Inout_opt_ PLARGE_INTEGER _Inout_ PSIZE_T ViewSize
_In_ ACCESS_MASK _In_ POBJECT_ATTRIBUTES _Out_ PIO_STATUS_BLOCK _In_ ULONG _In_ ULONG OpenOptions
#define _Outptr_result_buffer_(size)
_In_ ENLISTMENT_INFORMATION_CLASS _In_ ULONG EnlistmentInformationLength
_In_ TIMER_SET_INFORMATION_CLASS TimerSetInformationClass
NTSYSAPI NTSTATUS NTAPI ZwQueryFullAttributesFile(_In_ POBJECT_ATTRIBUTES ObjectAttributes, _Out_ PFILE_NETWORK_OPEN_INFORMATION FileInformation)
enum _POWER_INFORMATION_LEVEL POWER_INFORMATION_LEVEL
_In_opt_ HANDLE _In_opt_ PIO_APC_ROUTINE _In_opt_ PVOID _Out_ PIO_STATUS_BLOCK _In_ ULONG _In_ BOOLEAN _In_ ULONG BufferLength
_Out_ PIO_STATUS_BLOCK _In_ ULONG _In_ BOOLEAN _In_ ULONG _In_opt_ PSID StartSid
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
enum _WAIT_TYPE WAIT_TYPE
NTSYSCALLAPI NTSTATUS NTAPI ZwRollbackComplete(_In_ HANDLE EnlistmentHandle, _In_opt_ PLARGE_INTEGER TmVirtualClock)
_In_ TRANSACTIONMANAGER_INFORMATION_CLASS _In_ PVOID TransactionManagerInformation
_In_ THREADINFOCLASS ThreadInformationClass
_In_ ULONG _In_ ULONG _In_ ULONG Length
enum _TOKEN_INFORMATION_CLASS TOKEN_INFORMATION_CLASS
_In_ TRANSACTIONMANAGER_INFORMATION_CLASS _In_ ULONG TransactionManagerInformationLength
NTSYSAPI NTSTATUS NTAPI ZwQueryVolumeInformationFile(IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock, OUT PVOID FsInformation, IN ULONG Length, IN FS_INFORMATION_CLASS FsInformationClass)
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID _In_ ULONG_PTR _In_ SIZE_T CommitSize
NTSYSAPI NTSTATUS NTAPI ZwOpenFile(_Out_ PHANDLE FileHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ ULONG ShareAccess, _In_ ULONG OpenOptions)
enum _TIMER_TYPE TIMER_TYPE
_In_opt_ HANDLE EventHandle
NTSYSAPI NTSTATUS NTAPI ZwSetInformationProcess(_In_ HANDLE ProcessHandle, _In_ PROCESSINFOCLASS ProcessInformationClass, _In_ PVOID ProcessInformation, _In_ ULONG ProcessInformationLength)
NTSYSAPI NTSTATUS NTAPI ZwSetQuotaInformationFile(_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ PVOID Buffer, _In_ ULONG BufferLength)
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ TIMER_TYPE TimerType
_In_ TRANSACTIONMANAGER_INFORMATION_CLASS TransactionManagerInformationClass
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_opt_ PUNICODE_STRING _In_opt_ ULONG _In_opt_ ULONG CommitStrength
NTSYSAPI NTSTATUS NTAPI ZwSaveKey(_In_ HANDLE KeyHandle, _In_ HANDLE FileHandle)
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_opt_ LPGUID _In_opt_ HANDLE _In_opt_ ULONG _In_opt_ ULONG _In_opt_ ULONG _In_opt_ PLARGE_INTEGER _In_opt_ PUNICODE_STRING Description
NTSYSAPI NTSTATUS NTAPI ZwSetEvent(_In_ HANDLE EventHandle, _Out_opt_ PLONG PreviousState)
_In_opt_ HANDLE _In_opt_ PIO_APC_ROUTINE _In_opt_ PVOID ApcContext
_In_ __drv_strictTypeMatch(__drv_typeConst) KEY_SET_INFORMATION_CLASS KeySetInformationClass
_Out_ PIO_STATUS_BLOCK _In_ ULONG _In_ BOOLEAN _In_ ULONG EaListLength
enum _TOKEN_TYPE TOKEN_TYPE
_When_(Timeout==NULL, _IRQL_requires_max_(APC_LEVEL)) _When_(Timeout -> QuadPart !=0
_In_ PLARGE_INTEGER _In_opt_ PTIMER_APC_ROUTINE _In_opt_ PVOID _In_ BOOLEAN _In_opt_ LONG Period
__drv_allocatesMem(TimerObject)) NTSTATUS NTAPI ZwCreateTimer(_Out_ PHANDLE TimerHandle
_In_ ACCESS_MASK _In_ POBJECT_ATTRIBUTES _In_opt_ PCLIENT_ID ClientId
_In_ TIMER_SET_INFORMATION_CLASS _In_ ULONG TimerSetInformationLength
enum _TRANSACTION_INFORMATION_CLASS TRANSACTION_INFORMATION_CLASS
_Post_satisfies_(return< 0)) _When_(Length > 0
static GENERIC_MAPPING GenericMapping
_In_ PLARGE_INTEGER _In_opt_ PTIMER_APC_ROUTINE _In_opt_ PVOID _In_ BOOLEAN _In_opt_ LONG _Out_opt_ PBOOLEAN PreviousState
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID _In_ ULONG_PTR _In_ SIZE_T _Inout_opt_ PLARGE_INTEGER _Inout_ PSIZE_T _In_ SECTION_INHERIT InheritDisposition
_Inout_ __drv_freesMem(Mem) PVOID *BaseAddress
NTSYSAPI NTSTATUS NTAPI ZwOpenThread(_Out_ PHANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ PCLIENT_ID ClientId)
_Out_ PTRANSACTION_NOTIFICATION _In_ ULONG NotificationLength
enum _THREADINFOCLASS THREADINFOCLASS
_In_opt_ HANDLE _In_opt_ PIO_APC_ROUTINE _In_opt_ PVOID _Out_ PIO_STATUS_BLOCK _In_ ULONG _In_opt_ PLARGE_INTEGER ByteOffset
NTSYSAPI NTSTATUS NTAPI ZwNotifyChangeMultipleKeys(_In_ HANDLE MasterKeyHandle, _In_opt_ ULONG Count, _In_opt_ OBJECT_ATTRIBUTES SubordinateObjects[], _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ ULONG CompletionFilter, _In_ BOOLEAN WatchTree, _Out_opt_ PVOID Buffer, _In_ ULONG BufferSize, _In_ BOOLEAN Asynchronous)
_Out_ PTRANSACTION_NOTIFICATION _In_ ULONG _In_ PLARGE_INTEGER _Out_opt_ PULONG _In_ ULONG _In_opt_ ULONG_PTR AsynchronousContext
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID _In_ ULONG_PTR _In_ SIZE_T _Inout_opt_ PLARGE_INTEGER SectionOffset
NTSYSAPI NTSTATUS NTAPI ZwOpenProcessToken(_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _Out_ PHANDLE TokenHandle)
NTSYSAPI NTSTATUS NTAPI ZwOpenThreadToken(_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _Out_ PHANDLE TokenHandle)
_In_ ACCESS_MASK _In_ POBJECT_ATTRIBUTES _Out_ PIO_STATUS_BLOCK _In_opt_ PLARGE_INTEGER _In_ ULONG _In_ ULONG _In_ ULONG _In_ ULONG _In_ ULONG EaLength
_Inout_ _Inout_ PSIZE_T _In_ ULONG FreeType
_Out_ PIO_STATUS_BLOCK IoStatusBlock
_In_opt_ HANDLE _In_opt_ PIO_APC_ROUTINE _In_opt_ PVOID _Out_ PIO_STATUS_BLOCK _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ BOOLEAN _In_ BOOLEAN ExclusiveLock
_Out_ PIO_STATUS_BLOCK _In_reads_bytes_(Length) PVOID Buffer
_In_ OBJECT_INFORMATION_CLASS _In_ ULONG _Out_opt_ PULONG ReturnLength
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG CompletionFilter
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_opt_ PUNICODE_STRING _In_opt_ LPGUID TmIdentity
_In_ ULONG InputBufferLength
$if(_WDMDDK_) $endif(_WDMDDK_) $if(_NTDDK_) _IRQL_requires_max_(PASSIVE_LEVEL) NTSYSAPI NTSTATUS NTAPI ZwAllocateLocallyUniqueId(_Out_ PLUID Luid)
_In_ PLARGE_INTEGER DueTime
_In_ ACCESS_MASK _In_ POBJECT_ATTRIBUTES _Reserved_ ULONG _In_opt_ PUNICODE_STRING _In_ ULONG _In_ HANDLE TransactionHandle
_In_ KTMOBJECT_TYPE _In_ ULONG ObjectCursorLength
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE _In_ ACCESS_MASK _In_ ULONG _In_ ULONG Options
_In_ OBJECT_INFORMATION_CLASS _In_ ULONG ObjectInformationLength
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
_In_ PUNICODE_STRING NewName
enum _PROCESSINFOCLASS PROCESSINFOCLASS
_Out_ PFILE_NETWORK_OPEN_INFORMATION FileInformation
enum _KTMOBJECT_TYPE KTMOBJECT_TYPE
$endif(_NTDDK_) $if(_NTIFS_) _IRQL_requires_max_(PASSIVE_LEVEL) NTSYSAPI NTSTATUS NTAPI ZwQueryEaFile(_In_ HANDLE FileHandle
#define _Outptr_result_bytebuffer_(size)
ACCESS_MASK * PACCESS_MASK
_In_ PLARGE_INTEGER _In_opt_ PTIMER_APC_ROUTINE _In_opt_ PVOID TimerContext
_In_ ACCESS_MASK _In_ BOOLEAN OpenAsSelf
NTSYSAPI NTSTATUS NTAPI ZwQueryMultipleValueKey(_In_ HANDLE KeyHandle, _Inout_ PKEY_VALUE_ENTRY ValueEntries, _In_ ULONG EntryCount, _Out_ PVOID ValueBuffer, _Inout_ PULONG BufferLength, _Out_opt_ PULONG RequiredBufferLength)
_In_ PLARGE_INTEGER _In_opt_ PTIMER_APC_ROUTINE TimerApcRoutine
NTSYSAPI NTSTATUS NTAPI ZwSetSystemTime(_In_ PLARGE_INTEGER NewTime, _Out_opt_ PLARGE_INTEGER OldTime)
_In_opt_ HANDLE _In_opt_ PIO_APC_ROUTINE _In_opt_ PVOID _Out_ PIO_STATUS_BLOCK _In_ ULONG FsControlCode
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_opt_ PLARGE_INTEGER MaximumSize
NTSYSAPI NTSTATUS NTAPI ZwResetEvent(_In_ HANDLE EventHandle, _Out_opt_ PLONG NumberOfWaitingThreads)
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_opt_ LPGUID Uow
NTSYSAPI NTSTATUS NTAPI ZwAccessCheckAndAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_ PACCESS_MASK GrantedAccess, _Out_ PBOOLEAN AccessStatus, _Out_ PBOOLEAN GenerateOnClose)
_In_ PUNICODE_STRING ValueName
_Out_ PTRANSACTION_NOTIFICATION TransactionNotification
NTSYSAPI NTSTATUS NTAPI ZwOpenSection(_Out_ PHANDLE SectionHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes)
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
_Out_ PIO_STATUS_BLOCK _In_ ULONG _In_ FS_INFORMATION_CLASS FsInformationClass
_In_ ULONG _In_ ULONG OutputBufferLength
_In_ TOKEN_INFORMATION_CLASS _Out_writes_bytes_to_opt_(Length, *ResultLength) PVOID TokenInformation
enum _SECTION_INHERIT SECTION_INHERIT
NTSYSAPI NTSTATUS NTAPI ZwMakeTemporaryObject(_In_ HANDLE Handle)
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
_In_ ACCESS_MASK _In_ HANDLE _In_ HANDLE _In_opt_ POBJECT_ATTRIBUTES _In_opt_ ULONG _In_ NOTIFICATION_MASK _In_opt_ PVOID EnlistmentKey
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_opt_ LPGUID _In_opt_ HANDLE TmHandle
NTSYSAPI NTSTATUS NTAPI ZwAlertThread(_In_ HANDLE ThreadHandle)
NTSYSAPI NTSTATUS NTAPI ZwSetDefaultUILanguage(LANGID LanguageId)
_Out_opt_ PBOOLEAN CurrentState
_In_ ACCESS_MASK _In_ HANDLE RmHandle
NTSYSCALLAPI NTSTATUS NTAPI ZwSinglePhaseReject(_In_ HANDLE EnlistmentHandle, _In_opt_ PLARGE_INTEGER TmVirtualClock)
_In_opt_ HANDLE _In_opt_ PIO_APC_ROUTINE _In_opt_ PVOID _Out_ PIO_STATUS_BLOCK _In_ ULONG NotifyFilter
NTSYSAPI NTSTATUS NTAPI ZwOpenSymbolicLinkObject(_Out_ PHANDLE SymbolicLinkHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes)
enum _KEY_VALUE_INFORMATION_CLASS KEY_VALUE_INFORMATION_CLASS
_In_opt_ HANDLE _In_opt_ PIO_APC_ROUTINE _In_opt_ PVOID _Out_ PIO_STATUS_BLOCK _In_ ULONG _In_ BOOLEAN _In_ ULONG _In_ BOOLEAN Asynchronous
_In_ ULONG _In_ KEY_INFORMATION_CLASS _Out_writes_bytes_opt_(Length) PVOID KeyInformation
1.8.15