ReactOS 0.4.15-dev-6694-g4ba8af9
psfuncs.h
Go to the documentation of this file.
1/*++ NDK Version: 0098
2
3Copyright (c) Alex Ionescu. All rights reserved.
4
5Header Name:
6
7 psfuncs.h
8
9Abstract:
10
11 Function definitions for the Process Manager
12
13Author:
14
15 Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006
16
17--*/
18
19#ifndef _PSFUNCS_H
20#define _PSFUNCS_H
21
22//
23// Dependencies
24//
25#include <umtypes.h>
26#include <pstypes.h>
27
28#ifdef __cplusplus
29extern "C" {
30#endif
31
32#ifndef NTOS_MODE_USER
33
34//
35// Win32K Process/Thread Functions
36//
37NTKERNELAPI
38PVOID
39NTAPI
40PsGetCurrentThreadWin32Thread(
41 VOID
42);
43
44NTKERNELAPI
45PVOID
46NTAPI
47PsGetCurrentProcessWin32Process(
48 VOID
49);
50
51NTKERNELAPI
52PVOID
53NTAPI
54PsGetProcessWin32Process(
55 _In_ PEPROCESS Process
56);
57
58NTKERNELAPI
59NTSTATUS
60NTAPI
61PsSetProcessWin32Process(
62 _Inout_ PEPROCESS Process,
63 _In_opt_ PVOID Win32Process,
64 _In_opt_ PVOID OldWin32Process
65);
66
67NTKERNELAPI
68PVOID
69NTAPI
70PsSetThreadWin32Thread(
71 _Inout_ PETHREAD Thread,
72 _In_opt_ PVOID Win32Thread,
73 _In_opt_ PVOID OldWin32Thread
74);
75
76NTKERNELAPI
77PVOID
78NTAPI
79PsGetThreadWin32Thread(
80 _In_ PETHREAD Thread
81);
82
83NTKERNELAPI
84PVOID
85NTAPI
86PsGetProcessWin32WindowStation(
87 _In_ PEPROCESS Process
88);
89
90NTKERNELAPI
91VOID
92NTAPI
93PsSetProcessWindowStation(
94 _Inout_ PEPROCESS Process,
95 _In_opt_ PVOID WindowStation
96);
97
98NTKERNELAPI
99PTEB
100NTAPI
101PsGetThreadTeb(
102 _In_ PETHREAD Thread
103);
104
105NTKERNELAPI
106HANDLE
107NTAPI
108PsGetThreadId(
109 _In_ PETHREAD Thread
110);
111
112NTKERNELAPI
113PEPROCESS
114NTAPI
115PsGetThreadProcess(
116 _In_ PETHREAD Thread
117);
118
119NTKERNELAPI
120ULONG
121NTAPI
122PsGetThreadFreezeCount(
123 _In_ PETHREAD Thread
124);
125
126NTKERNELAPI
127BOOLEAN
128NTAPI
129PsGetThreadHardErrorsAreDisabled(
130 _In_ PETHREAD Thread
131);
132
133NTKERNELAPI
134VOID
135NTAPI
136PsSetThreadHardErrorsAreDisabled(
137 _Inout_ PETHREAD Thread,
138 _In_ BOOLEAN Disabled
139);
140
141NTKERNELAPI
142VOID
143NTAPI
144PsEstablishWin32Callouts(
145 _In_ PWIN32_CALLOUTS_FPNS CalloutData
146);
147
148NTKERNELAPI
149VOID
150NTAPI
151PsReturnProcessNonPagedPoolQuota(
152 _In_ PEPROCESS Process,
153 _In_ SIZE_T Amount
154);
155
156NTKERNELAPI
157ULONG
158NTAPI
159PsGetCurrentProcessSessionId(
160 VOID
161);
162
163//
164// Process Impersonation Functions
165//
166NTKERNELAPI
167BOOLEAN
168NTAPI
169PsIsThreadImpersonating(
170 _In_ PETHREAD Thread
171);
172
173NTKERNELAPI
174VOID
175NTAPI
176PsRevertThreadToSelf(
177 _Inout_ PETHREAD Thread
178);
179
180//
181// Misc. Functions
182//
183NTKERNELAPI
184NTSTATUS
185NTAPI
186PsLookupProcessThreadByCid(
187 _In_ PCLIENT_ID Cid,
188 _Out_opt_ PEPROCESS *Process,
189 _Out_ PETHREAD *Thread
190);
191
192BOOLEAN
193NTAPI
194PsIsProtectedProcess(
195 _In_ PEPROCESS Process
196);
197
198NTKERNELAPI
199BOOLEAN
200NTAPI
201PsIsSystemProcess(
202 _In_ PEPROCESS Process
203);
204
205VOID
206NTAPI
207PsSetProcessPriorityByClass(
208 _In_ PEPROCESS Process,
209 _In_ PSPROCESSPRIORITYMODE Type
210);
211
212HANDLE
213NTAPI
214PsGetProcessInheritedFromUniqueProcessId(
215 _In_ PEPROCESS Process
216);
217
218NTKERNELAPI
219NTSTATUS
220NTAPI
221PsGetProcessExitStatus(
222 _In_ PEPROCESS Process
223);
224
225NTKERNELAPI
226ULONG
227NTAPI
228PsGetProcessSessionId(
229 _In_ PEPROCESS Process
230);
231
232NTKERNELAPI
233BOOLEAN
234NTAPI
235PsGetProcessExitProcessCalled(
236 _In_ PEPROCESS Process
237);
238
239//
240// Quota Functions
241//
242NTKERNELAPI
243VOID
244NTAPI
245PsChargePoolQuota(
246 _In_ PEPROCESS Process,
247 _In_ POOL_TYPE PoolType,
248 _In_ SIZE_T Amount
249);
250
251NTKERNELAPI
252NTSTATUS
253NTAPI
254PsChargeProcessNonPagedPoolQuota(
255 _In_ PEPROCESS Process,
256 _In_ SIZE_T Amount
257);
258
259NTKERNELAPI
260NTSTATUS
261NTAPI
262PsChargeProcessPagedPoolQuota(
263 _In_ PEPROCESS Process,
264 _In_ SIZE_T Amount
265);
266
267NTKERNELAPI
268NTSTATUS
269NTAPI
270PsChargeProcessPoolQuota(
271 _In_ PEPROCESS Process,
272 _In_ POOL_TYPE PoolType,
273 _In_ SIZE_T Amount
274);
275
276NTKERNELAPI
277VOID
278NTAPI
279PsReturnPoolQuota(
280 _In_ PEPROCESS Process,
281 _In_ POOL_TYPE PoolType,
282 _In_ SIZE_T Amount
283);
284
285NTKERNELAPI
286VOID
287NTAPI
288PsReturnProcessNonPagedPoolQuota(
289 _In_ PEPROCESS Process,
290 _In_ SIZE_T Amount
291);
292
293NTKERNELAPI
294VOID
295NTAPI
296PsReturnProcessPagedPoolQuota(
297 _In_ PEPROCESS Process,
298 _In_ SIZE_T Amount
299);
300
301NTKERNELAPI
302PVOID
303NTAPI
304PsGetProcessSecurityPort(
305 _In_ PEPROCESS Process
306);
307
308NTKERNELAPI
309NTSTATUS
310NTAPI
311PsSetProcessSecurityPort(
312 _Inout_ PEPROCESS Process,
313 _In_ PVOID SecurityPort
314);
315
316NTKERNELAPI
317HANDLE
318NTAPI
319PsGetCurrentThreadProcessId(
320 VOID
321);
322
323#endif
324
325//
326// Native Calls
327//
328NTSYSCALLAPI
329NTSTATUS
330NTAPI
331NtAlertResumeThread(
332 _In_ HANDLE ThreadHandle,
333 _Out_opt_ PULONG SuspendCount
334);
335
336NTSYSCALLAPI
337NTSTATUS
338NTAPI
339NtApphelpCacheControl(
340 _In_ APPHELPCACHESERVICECLASS Service,
341 _In_opt_ PAPPHELP_CACHE_SERVICE_LOOKUP ServiceData
342);
343
344NTSYSCALLAPI
345NTSTATUS
346NTAPI
347NtAlertThread(
348 _In_ HANDLE ThreadHandle
349);
350
351NTSYSCALLAPI
352NTSTATUS
353NTAPI
354NtAssignProcessToJobObject(
355 _In_ HANDLE JobHandle,
356 _In_ HANDLE ProcessHandle
357);
358
359NTSYSCALLAPI
360NTSTATUS
361NTAPI
362NtCreateJobObject(
363 _Out_ PHANDLE JobHandle,
364 _In_ ACCESS_MASK DesiredAccess,
365 _In_ POBJECT_ATTRIBUTES ObjectAttributes
366);
367
368NTSTATUS
369NTAPI
370NtCreateJobSet(
371 _In_ ULONG NumJob,
372 _In_ PJOB_SET_ARRAY UserJobSet,
373 _In_ ULONG Flags
374);
375
376NTSYSCALLAPI
377NTSTATUS
378NTAPI
379NtCreateProcess(
380 _Out_ PHANDLE ProcessHandle,
381 _In_ ACCESS_MASK DesiredAccess,
382 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
383 _In_ HANDLE ParentProcess,
384 _In_ BOOLEAN InheritObjectTable,
385 _In_opt_ HANDLE SectionHandle,
386 _In_opt_ HANDLE DebugPort,
387 _In_opt_ HANDLE ExceptionPort
388);
389
390NTSYSCALLAPI
391NTSTATUS
392NTAPI
393NtCreateProcessEx(
394 _Out_ PHANDLE ProcessHandle,
395 _In_ ACCESS_MASK DesiredAccess,
396 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
397 _In_ HANDLE ParentProcess,
398 _In_ ULONG Flags,
399 _In_opt_ HANDLE SectionHandle,
400 _In_opt_ HANDLE DebugPort,
401 _In_opt_ HANDLE ExceptionPort,
402 _In_ BOOLEAN InJob
403);
404
405NTSYSCALLAPI
406NTSTATUS
407NTAPI
408NtCreateThread(
409 _Out_ PHANDLE ThreadHandle,
410 _In_ ACCESS_MASK DesiredAccess,
411 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
412 _In_ HANDLE ProcessHandle,
413 _Out_ PCLIENT_ID ClientId,
414 _In_ PCONTEXT ThreadContext,
415 _In_ PINITIAL_TEB UserStack,
416 _In_ BOOLEAN CreateSuspended
417);
418
419#ifndef NTOS_MODE_USER
420FORCEINLINE struct _TEB * NtCurrentTeb(VOID)
421{
422#if defined(_M_IX86)
423 return (PTEB)__readfsdword(0x18);
424#elif defined (_M_AMD64)
425 return (struct _TEB *)__readgsqword(FIELD_OFFSET(NT_TIB, Self));
426#elif defined (_M_ARM)
427 return (struct _TEB *)KeGetPcr()->Used_Self;
428#endif
429}
430#else
431struct _TEB * NtCurrentTeb(void);
432#endif
433
434NTSYSCALLAPI
435NTSTATUS
436NTAPI
437NtImpersonateThread(
438 _In_ HANDLE ThreadHandle,
439 _In_ HANDLE ThreadToImpersonate,
440 _In_ PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService
441);
442
443NTSYSCALLAPI
444NTSTATUS
445NTAPI
446NtIsProcessInJob(
447 _In_ HANDLE ProcessHandle,
448 _In_opt_ HANDLE JobHandle
449);
450
451__kernel_entry
452NTSYSCALLAPI
453NTSTATUS
454NTAPI
455NtOpenProcess(
456 _Out_ PHANDLE ProcessHandle,
457 _In_ ACCESS_MASK DesiredAccess,
458 _In_ POBJECT_ATTRIBUTES ObjectAttributes,
459 _In_opt_ PCLIENT_ID ClientId
460);
461
462_Must_inspect_result_
463__kernel_entry
464NTSYSCALLAPI
465NTSTATUS
466NTAPI
467NtOpenProcessToken(
468 _In_ HANDLE ProcessHandle,
469 _In_ ACCESS_MASK DesiredAccess,
470 _Out_ PHANDLE TokenHandle
471);
472
473NTSYSCALLAPI
474NTSTATUS
475NTAPI
476NtOpenThread(
477 _Out_ PHANDLE ThreadHandle,
478 _In_ ACCESS_MASK DesiredAccess,
479 _In_ POBJECT_ATTRIBUTES ObjectAttributes,
480 _In_ PCLIENT_ID ClientId
481);
482
483NTSYSCALLAPI
484NTSTATUS
485NTAPI
486NtOpenThreadToken(
487 _In_ HANDLE ThreadHandle,
488 _In_ ACCESS_MASK DesiredAccess,
489 _In_ BOOLEAN OpenAsSelf,
490 _Out_ PHANDLE TokenHandle
491);
492
493NTSYSCALLAPI
494NTSTATUS
495NTAPI
496NtOpenThreadTokenEx(
497 _In_ HANDLE ThreadHandle,
498 _In_ ACCESS_MASK DesiredAccess,
499 _In_ BOOLEAN OpenAsSelf,
500 _In_ ULONG HandleAttributes,
501 _Out_ PHANDLE TokenHandle
502);
503
504NTSYSCALLAPI
505NTSTATUS
506NTAPI
507NtQueryInformationJobObject(
508 _In_ HANDLE JobHandle,
509 _In_ JOBOBJECTINFOCLASS JobInformationClass,
510 _Out_bytecap_(JobInformationLength) PVOID JobInformation,
511 _In_ ULONG JobInformationLength,
512 _Out_ PULONG ReturnLength
513);
514
515#ifndef _NTDDK_
516__kernel_entry
517NTSYSCALLAPI
518NTSTATUS
519NTAPI
520NtQueryInformationProcess(
521 _In_ HANDLE ProcessHandle,
522 _In_ PROCESSINFOCLASS ProcessInformationClass,
523 _Out_ PVOID ProcessInformation,
524 _In_ ULONG ProcessInformationLength,
525 _Out_opt_ PULONG ReturnLength
526);
527#endif
528
529NTSYSCALLAPI
530NTSTATUS
531NTAPI
532NtQueryInformationThread(
533 _In_ HANDLE ThreadHandle,
534 _In_ THREADINFOCLASS ThreadInformationClass,
535 _Out_ PVOID ThreadInformation,
536 _In_ ULONG ThreadInformationLength,
537 _Out_opt_ PULONG ReturnLength
538);
539
540NTSYSCALLAPI
541NTSTATUS
542NTAPI
543NtRegisterThreadTerminatePort(
544 _In_ HANDLE TerminationPort
545);
546
547NTSYSCALLAPI
548NTSTATUS
549NTAPI
550NtResumeThread(
551 _In_ HANDLE ThreadHandle,
552 _Out_opt_ PULONG SuspendCount
553);
554
555NTSYSCALLAPI
556NTSTATUS
557NTAPI
558NtResumeProcess(
559 _In_ HANDLE ProcessHandle
560);
561
562NTSYSCALLAPI
563NTSTATUS
564NTAPI
565NtSetInformationJobObject(
566 _In_ HANDLE JobHandle,
567 _In_ JOBOBJECTINFOCLASS JobInformationClass,
568 _In_bytecount_(JobInformationLength) PVOID JobInformation,
569 _In_ ULONG JobInformationLength
570);
571
572NTSYSCALLAPI
573NTSTATUS
574NTAPI
575NtSetInformationProcess(
576 _In_ HANDLE ProcessHandle,
577 _In_ PROCESSINFOCLASS ProcessInformationClass,
578 _In_ PVOID ProcessInformation,
579 _In_ ULONG ProcessInformationLength
580);
581
582__kernel_entry
583NTSYSCALLAPI
584NTSTATUS
585NTAPI
586NtSetInformationThread(
587 _In_ HANDLE ThreadHandle,
588 _In_ THREADINFOCLASS ThreadInformationClass,
589 _In_reads_bytes_(ThreadInformationLength) PVOID ThreadInformation,
590 _In_ ULONG ThreadInformationLength
591);
592
593NTSYSCALLAPI
594NTSTATUS
595NTAPI
596NtSuspendProcess(
597 _In_ HANDLE ProcessHandle
598);
599
600NTSYSCALLAPI
601NTSTATUS
602NTAPI
603NtSuspendThread(
604 _In_ HANDLE ThreadHandle,
605 _In_ PULONG PreviousSuspendCount
606);
607
608NTSYSCALLAPI
609NTSTATUS
610NTAPI
611NtTerminateProcess(
612 _In_ HANDLE ProcessHandle,
613 _In_ NTSTATUS ExitStatus
614);
615
616NTSYSCALLAPI
617NTSTATUS
618NTAPI
619NtTerminateThread(
620 _In_ HANDLE ThreadHandle,
621 _In_ NTSTATUS ExitStatus
622);
623
624NTSYSCALLAPI
625NTSTATUS
626NTAPI
627NtTerminateJobObject(
628 _In_ HANDLE JobHandle,
629 _In_ NTSTATUS ExitStatus
630);
631
632NTSYSAPI
633NTSTATUS
634NTAPI
635ZwAlertResumeThread(
636 _In_ HANDLE ThreadHandle,
637 _Out_opt_ PULONG SuspendCount
638);
639
640NTSYSAPI
641NTSTATUS
642NTAPI
643ZwAlertThread(
644 _In_ HANDLE ThreadHandle
645);
646
647NTSYSAPI
648NTSTATUS
649NTAPI
650ZwAssignProcessToJobObject(
651 _In_ HANDLE JobHandle,
652 _In_ HANDLE ProcessHandle
653);
654
655NTSYSAPI
656NTSTATUS
657NTAPI
658ZwCreateJobObject(
659 _Out_ PHANDLE JobHandle,
660 _In_ ACCESS_MASK DesiredAccess,
661 _In_ POBJECT_ATTRIBUTES ObjectAttributes
662);
663
664NTSYSAPI
665NTSTATUS
666NTAPI
667ZwCreateProcess(
668 _Out_ PHANDLE ProcessHandle,
669 _In_ ACCESS_MASK DesiredAccess,
670 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
671 _In_ HANDLE ParentProcess,
672 _In_ BOOLEAN InheritObjectTable,
673 _In_opt_ HANDLE SectionHandle,
674 _In_opt_ HANDLE DebugPort,
675 _In_opt_ HANDLE ExceptionPort
676);
677
678NTSYSAPI
679NTSTATUS
680NTAPI
681ZwCreateThread(
682 _Out_ PHANDLE ThreadHandle,
683 _In_ ACCESS_MASK DesiredAccess,
684 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
685 _In_ HANDLE ProcessHandle,
686 _Out_ PCLIENT_ID ClientId,
687 _In_ PCONTEXT ThreadContext,
688 _In_ PINITIAL_TEB UserStack,
689 _In_ BOOLEAN CreateSuspended
690);
691
692NTSYSAPI
693NTSTATUS
694NTAPI
695ZwImpersonateThread(
696 _In_ HANDLE ThreadHandle,
697 _In_ HANDLE ThreadToImpersonate,
698 _In_ PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService
699);
700
701NTSYSAPI
702NTSTATUS
703NTAPI
704ZwIsProcessInJob(
705 _In_ HANDLE ProcessHandle,
706 _In_opt_ HANDLE JobHandle
707);
708
709_IRQL_requires_max_(PASSIVE_LEVEL)
710NTSYSAPI
711NTSTATUS
712NTAPI
713ZwOpenProcessTokenEx(
714 _In_ HANDLE ProcessHandle,
715 _In_ ACCESS_MASK DesiredAccess,
716 _In_ ULONG HandleAttributes,
717 _Out_ PHANDLE TokenHandle
718);
719
720NTSYSAPI
721NTSTATUS
722NTAPI
723ZwOpenThread(
724 _Out_ PHANDLE ThreadHandle,
725 _In_ ACCESS_MASK DesiredAccess,
726 _In_ POBJECT_ATTRIBUTES ObjectAttributes,
727 _In_ PCLIENT_ID ClientId
728);
729
730NTSYSAPI
731NTSTATUS
732NTAPI
733ZwOpenThreadToken(
734 _In_ HANDLE ThreadHandle,
735 _In_ ACCESS_MASK DesiredAccess,
736 _In_ BOOLEAN OpenAsSelf,
737 _Out_ PHANDLE TokenHandle
738);
739
740NTSYSAPI
741NTSTATUS
742NTAPI
743ZwOpenThreadTokenEx(
744 _In_ HANDLE ThreadHandle,
745 _In_ ACCESS_MASK DesiredAccess,
746 _In_ BOOLEAN OpenAsSelf,
747 _In_ ULONG HandleAttributes,
748 _Out_ PHANDLE TokenHandle
749);
750
751NTSYSAPI
752NTSTATUS
753NTAPI
754ZwQueryInformationJobObject(
755 _In_ HANDLE JobHandle,
756 _In_ JOBOBJECTINFOCLASS JobInformationClass,
757 _Out_bytecap_(JobInformationLength) PVOID JobInformation,
758 _In_ ULONG JobInformationLength,
759 _Out_ PULONG ReturnLength
760);
761
762NTSYSAPI
763NTSTATUS
764NTAPI
765ZwQueryInformationProcess(
766 _In_ HANDLE ProcessHandle,
767 _In_ PROCESSINFOCLASS ProcessInformationClass,
768 _Out_ PVOID ProcessInformation,
769 _In_ ULONG ProcessInformationLength,
770 _Out_opt_ PULONG ReturnLength
771);
772
773NTSYSAPI
774NTSTATUS
775NTAPI
776ZwQueryInformationThread(
777 _In_ HANDLE ThreadHandle,
778 _In_ THREADINFOCLASS ThreadInformationClass,
779 _Out_ PVOID ThreadInformation,
780 _In_ ULONG ThreadInformationLength,
781 _Out_opt_ PULONG ReturnLength
782);
783
784NTSYSAPI
785NTSTATUS
786NTAPI
787ZwRegisterThreadTerminatePort(
788 _In_ HANDLE TerminationPort
789);
790
791NTSYSAPI
792NTSTATUS
793NTAPI
794ZwResumeThread(
795 _In_ HANDLE ThreadHandle,
796 _Out_opt_ PULONG SuspendCount
797);
798
799NTSYSAPI
800NTSTATUS
801NTAPI
802ZwResumeProcess(
803 _In_ HANDLE ProcessHandle
804);
805
806NTSYSAPI
807NTSTATUS
808NTAPI
809ZwSetInformationJobObject(
810 _In_ HANDLE JobHandle,
811 _In_ JOBOBJECTINFOCLASS JobInformationClass,
812 _In_ PVOID JobInformation,
813 _In_ ULONG JobInformationLength
814);
815
816NTSYSAPI
817NTSTATUS
818NTAPI
819ZwSetInformationProcess(
820 _In_ HANDLE ProcessHandle,
821 _In_ PROCESSINFOCLASS ProcessInformationClass,
822 _In_ PVOID ProcessInformation,
823 _In_ ULONG ProcessInformationLength
824);
825
826_IRQL_requires_max_(PASSIVE_LEVEL)
827NTSYSAPI
828NTSTATUS
829NTAPI
830ZwSetInformationThread(
831 _In_ HANDLE ThreadHandle,
832 _In_ THREADINFOCLASS ThreadInformationClass,
833 _In_reads_bytes_(ThreadInformationLength) PVOID ThreadInformation,
834 _In_ ULONG ThreadInformationLength
835);
836
837NTSYSAPI
838NTSTATUS
839NTAPI
840ZwSuspendProcess(
841 _In_ HANDLE ProcessHandle
842);
843
844NTSYSAPI
845NTSTATUS
846NTAPI
847ZwSuspendThread(
848 _In_ HANDLE ThreadHandle,
849 _In_ PULONG PreviousSuspendCount
850);
851
852_IRQL_requires_max_(PASSIVE_LEVEL)
853NTSYSAPI
854NTSTATUS
855NTAPI
856ZwTerminateProcess (
857 _In_opt_ HANDLE ProcessHandle,
858 _In_ NTSTATUS ExitStatus
859 );
860
861NTSYSAPI
862NTSTATUS
863NTAPI
864ZwTerminateThread(
865 _In_ HANDLE ThreadHandle,
866 _In_ NTSTATUS ExitStatus
867);
868
869NTSYSAPI
870NTSTATUS
871NTAPI
872ZwTerminateJobObject(
873 _In_ HANDLE JobHandle,
874 _In_ NTSTATUS ExitStatus
875);
876
877#ifdef __cplusplus
878}
879#endif
880
881#endif
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
Type
Type
Definition: Type.h:7
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
NTSYSAPI
#define NTSYSAPI
Definition: ntoskrnl.h:12
ObjectAttributes
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:36
THREADINFOCLASS
enum _THREADINFOCLASS THREADINFOCLASS
Definition: thread.c:101
_IRQL_requires_max_
#define _IRQL_requires_max_(irql)
Definition: driverspecs.h:230
ReturnLength
IN CINT OUT PVOID IN ULONG OUT PULONG ReturnLength
Definition: dumpinfo.c:43
PASSIVE_LEVEL
#define PASSIVE_LEVEL
Definition: env_spec_w32.h:693
Thread
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2653
Amount
_Must_inspect_result_ _In_ LONGLONG _In_ LONGLONG Amount
Definition: fsrtlfuncs.h:551
Process
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:223
JOBOBJECTINFOCLASS
enum _JOBOBJECTINFOCLASS JOBOBJECTINFOCLASS
APPHELPCACHESERVICECLASS
enum _APPHELPCACHESERVICECLASS APPHELPCACHESERVICECLASS
PSPROCESSPRIORITYMODE
enum _PSPROCESSPRIORITYMODE PSPROCESSPRIORITYMODE
PROCESSINFOCLASS
enum _PROCESSINFOCLASS PROCESSINFOCLASS
Definition: loader.c:63
__readfsdword
PPC_QUAL unsigned long __readfsdword(const unsigned long Offset)
Definition: intrin_ppc.h:382
NtCurrentTeb
#define NtCurrentTeb
Definition: iphlpapi_private.h:4
Disabled
@ Disabled
Definition: mountmgr.h:158
_Out_opt_
#define _Out_opt_
Definition: ms_sal.h:346
_In_reads_bytes_
#define _In_reads_bytes_(size)
Definition: ms_sal.h:321
_Inout_
#define _Inout_
Definition: ms_sal.h:378
_Must_inspect_result_
#define _Must_inspect_result_
Definition: ms_sal.h:558
_Out_
#define _Out_
Definition: ms_sal.h:345
_In_
#define _In_
Definition: ms_sal.h:308
_In_opt_
#define _In_opt_
Definition: ms_sal.h:309
_Out_bytecap_
#define _Out_bytecap_(size)
Definition: ms_sal.h:854
_In_bytecount_
#define _In_bytecount_(size)
Definition: ms_sal.h:812
ProcessHandle
_In_ HANDLE ProcessHandle
Definition: mmfuncs.h:403
PsGetThreadWin32Thread
NTKERNELAPI PVOID NTAPI PsGetThreadWin32Thread(_In_ PETHREAD Thread)
ZwQueryInformationThread
NTSYSAPI NTSTATUS NTAPI ZwQueryInformationThread(_In_ HANDLE ThreadHandle, _In_ THREADINFOCLASS ThreadInformationClass, _Out_ PVOID ThreadInformation, _In_ ULONG ThreadInformationLength, _Out_opt_ PULONG ReturnLength)
ZwImpersonateThread
NTSYSAPI NTSTATUS NTAPI ZwImpersonateThread(_In_ HANDLE ThreadHandle, _In_ HANDLE ThreadToImpersonate, _In_ PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService)
NtAlertResumeThread
NTSYSCALLAPI NTSTATUS NTAPI NtAlertResumeThread(_In_ HANDLE ThreadHandle, _Out_opt_ PULONG SuspendCount)
NtQueryInformationThread
NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationThread(_In_ HANDLE ThreadHandle, _In_ THREADINFOCLASS ThreadInformationClass, _Out_ PVOID ThreadInformation, _In_ ULONG ThreadInformationLength, _Out_opt_ PULONG ReturnLength)
NtTerminateJobObject
NTSYSCALLAPI NTSTATUS NTAPI NtTerminateJobObject(_In_ HANDLE JobHandle, _In_ NTSTATUS ExitStatus)
NtOpenThreadToken
NTSYSCALLAPI NTSTATUS NTAPI NtOpenThreadToken(_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _Out_ PHANDLE TokenHandle)
Opens a token that is tied to a thread handle.
Definition: token.c:2472
PsGetThreadHardErrorsAreDisabled
NTKERNELAPI BOOLEAN NTAPI PsGetThreadHardErrorsAreDisabled(_In_ PETHREAD Thread)
NtCreateJobObject
NTSYSCALLAPI NTSTATUS NTAPI NtCreateJobObject(_Out_ PHANDLE JobHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes)
PsSetProcessWin32Process
NTKERNELAPI NTSTATUS NTAPI PsSetProcessWin32Process(_Inout_ PEPROCESS Process, _In_opt_ PVOID Win32Process, _In_opt_ PVOID OldWin32Process)
Definition: process.c:1257
ExitStatus
_In_ NTSTATUS ExitStatus
Definition: psfuncs.h:859
NtSuspendThread
NTSYSCALLAPI NTSTATUS NTAPI NtSuspendThread(_In_ HANDLE ThreadHandle, _In_ PULONG PreviousSuspendCount)
PsGetCurrentProcessWin32Process
NTKERNELAPI PVOID NTAPI PsGetCurrentProcessWin32Process(VOID)
Definition: process.c:1183
ZwTerminateThread
NTSYSAPI NTSTATUS NTAPI ZwTerminateThread(_In_ HANDLE ThreadHandle, _In_ NTSTATUS ExitStatus)
PsGetThreadId
NTKERNELAPI HANDLE NTAPI PsGetThreadId(_In_ PETHREAD Thread)
NtSuspendProcess
NTSYSCALLAPI NTSTATUS NTAPI NtSuspendProcess(_In_ HANDLE ProcessHandle)
PsIsThreadImpersonating
NTKERNELAPI BOOLEAN NTAPI PsIsThreadImpersonating(_In_ PETHREAD Thread)
PsSetProcessWindowStation
NTKERNELAPI VOID NTAPI PsSetProcessWindowStation(_Inout_ PEPROCESS Process, _In_opt_ PVOID WindowStation)
PsChargeProcessPagedPoolQuota
NTKERNELAPI NTSTATUS NTAPI PsChargeProcessPagedPoolQuota(_In_ PEPROCESS Process, _In_ SIZE_T Amount)
Charges the paged pool quota of a given process.
Definition: quota.c:839
NtOpenProcess
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcess(_Out_ PHANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_opt_ PCLIENT_ID ClientId)
NtSetInformationProcess
NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationProcess(_In_ HANDLE ProcessHandle, _In_ PROCESSINFOCLASS ProcessInformationClass, _In_ PVOID ProcessInformation, _In_ ULONG ProcessInformationLength)
NtAlertThread
NTSYSCALLAPI NTSTATUS NTAPI NtAlertThread(_In_ HANDLE ThreadHandle)
TokenHandle
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:718
NtAssignProcessToJobObject
NTSYSCALLAPI NTSTATUS NTAPI NtAssignProcessToJobObject(_In_ HANDLE JobHandle, _In_ HANDLE ProcessHandle)
PsEstablishWin32Callouts
NTKERNELAPI VOID NTAPI PsEstablishWin32Callouts(_In_ PWIN32_CALLOUTS_FPNS CalloutData)
PsGetProcessExitProcessCalled
NTKERNELAPI BOOLEAN NTAPI PsGetProcessExitProcessCalled(_In_ PEPROCESS Process)
PsSetProcessPriorityByClass
VOID NTAPI PsSetProcessPriorityByClass(_In_ PEPROCESS Process, _In_ PSPROCESSPRIORITYMODE Type)
NtIsProcessInJob
NTSYSCALLAPI NTSTATUS NTAPI NtIsProcessInJob(_In_ HANDLE ProcessHandle, _In_opt_ HANDLE JobHandle)
PsGetProcessExitStatus
NTKERNELAPI NTSTATUS NTAPI PsGetProcessExitStatus(_In_ PEPROCESS Process)
PsIsSystemProcess
NTKERNELAPI BOOLEAN NTAPI PsIsSystemProcess(_In_ PEPROCESS Process)
ThreadInformationLength
_In_ THREADINFOCLASS _In_ ULONG ThreadInformationLength
Definition: psfuncs.h:835
ZwOpenThread
NTSYSAPI NTSTATUS NTAPI ZwOpenThread(_Out_ PHANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ PCLIENT_ID ClientId)
PsGetProcessSecurityPort
NTKERNELAPI PVOID NTAPI PsGetProcessSecurityPort(_In_ PEPROCESS Process)
ZwSetInformationProcess
NTSYSAPI NTSTATUS NTAPI ZwSetInformationProcess(_In_ HANDLE ProcessHandle, _In_ PROCESSINFOCLASS ProcessInformationClass, _In_ PVOID ProcessInformation, _In_ ULONG ProcessInformationLength)
PsLookupProcessThreadByCid
NTKERNELAPI NTSTATUS NTAPI PsLookupProcessThreadByCid(_In_ PCLIENT_ID Cid, _Out_opt_ PEPROCESS *Process, _Out_ PETHREAD *Thread)
ZwSetInformationJobObject
NTSYSAPI NTSTATUS NTAPI ZwSetInformationJobObject(_In_ HANDLE JobHandle, _In_ JOBOBJECTINFOCLASS JobInformationClass, _In_ PVOID JobInformation, _In_ ULONG JobInformationLength)
PsSetThreadHardErrorsAreDisabled
NTKERNELAPI VOID NTAPI PsSetThreadHardErrorsAreDisabled(_Inout_ PETHREAD Thread, _In_ BOOLEAN Disabled)
PsGetThreadTeb
NTKERNELAPI PTEB NTAPI PsGetThreadTeb(_In_ PETHREAD Thread)
ZwSuspendThread
NTSYSAPI NTSTATUS NTAPI ZwSuspendThread(_In_ HANDLE ThreadHandle, _In_ PULONG PreviousSuspendCount)
NtResumeProcess
NTSYSCALLAPI NTSTATUS NTAPI NtResumeProcess(_In_ HANDLE ProcessHandle)
PsGetProcessWin32WindowStation
NTKERNELAPI PVOID NTAPI PsGetProcessWin32WindowStation(_In_ PEPROCESS Process)
NtQueryInformationProcess
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationProcess(_In_ HANDLE ProcessHandle, _In_ PROCESSINFOCLASS ProcessInformationClass, _Out_ PVOID ProcessInformation, _In_ ULONG ProcessInformationLength, _Out_opt_ PULONG ReturnLength)
Definition: query.c:59
PsGetProcessInheritedFromUniqueProcessId
HANDLE NTAPI PsGetProcessInheritedFromUniqueProcessId(_In_ PEPROCESS Process)
PsChargeProcessNonPagedPoolQuota
NTKERNELAPI NTSTATUS NTAPI PsChargeProcessNonPagedPoolQuota(_In_ PEPROCESS Process, _In_ SIZE_T Amount)
Charges the non paged pool quota of a given process.
Definition: quota.c:811
NtRegisterThreadTerminatePort
NTSYSCALLAPI NTSTATUS NTAPI NtRegisterThreadTerminatePort(_In_ HANDLE TerminationPort)
PsGetCurrentProcessSessionId
NTKERNELAPI ULONG NTAPI PsGetCurrentProcessSessionId(VOID)
Definition: process.c:1133
NtCreateJobSet
NTSTATUS NTAPI NtCreateJobSet(_In_ ULONG NumJob, _In_ PJOB_SET_ARRAY UserJobSet, _In_ ULONG Flags)
PsGetThreadProcess
NTKERNELAPI PEPROCESS NTAPI PsGetThreadProcess(_In_ PETHREAD Thread)
NtImpersonateThread
NTSYSCALLAPI NTSTATUS NTAPI NtImpersonateThread(_In_ HANDLE ThreadHandle, _In_ HANDLE ThreadToImpersonate, _In_ PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService)
NtOpenThreadTokenEx
NTSYSCALLAPI NTSTATUS NTAPI NtOpenThreadTokenEx(_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
Opens a token that is tied to a thread handle.
Definition: token.c:2329
NtCreateThread
NTSYSCALLAPI NTSTATUS NTAPI NtCreateThread(_Out_ PHANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ HANDLE ProcessHandle, _Out_ PCLIENT_ID ClientId, _In_ PCONTEXT ThreadContext, _In_ PINITIAL_TEB UserStack, _In_ BOOLEAN CreateSuspended)
PsSetThreadWin32Thread
NTKERNELAPI PVOID NTAPI PsSetThreadWin32Thread(_Inout_ PETHREAD Thread, _In_opt_ PVOID Win32Thread, _In_opt_ PVOID OldWin32Thread)
PsReturnProcessPagedPoolQuota
NTKERNELAPI VOID NTAPI PsReturnProcessPagedPoolQuota(_In_ PEPROCESS Process, _In_ SIZE_T Amount)
Returns the paged pool quota that the process was taking up.
Definition: quota.c:965
PsGetProcessSessionId
NTKERNELAPI ULONG NTAPI PsGetProcessSessionId(_In_ PEPROCESS Process)
PsReturnProcessNonPagedPoolQuota
NTKERNELAPI VOID NTAPI PsReturnProcessNonPagedPoolQuota(_In_ PEPROCESS Process, _In_ SIZE_T Amount)
Returns the non paged quota pool that the process was taking up.
Definition: quota.c:938
PsChargeProcessPoolQuota
NTKERNELAPI NTSTATUS NTAPI PsChargeProcessPoolQuota(_In_ PEPROCESS Process, _In_ POOL_TYPE PoolType, _In_ SIZE_T Amount)
Charges the process' quota pool. The type of quota to be charged depends upon the PoolType parameter.
Definition: quota.c:872
PsGetProcessWin32Process
NTKERNELAPI PVOID NTAPI PsGetProcessWin32Process(_In_ PEPROCESS Process)
ZwCreateProcess
NTSYSAPI NTSTATUS NTAPI ZwCreateProcess(_Out_ PHANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ HANDLE ParentProcess, _In_ BOOLEAN InheritObjectTable, _In_opt_ HANDLE SectionHandle, _In_opt_ HANDLE DebugPort, _In_opt_ HANDLE ExceptionPort)
NtCreateProcessEx
NTSYSCALLAPI NTSTATUS NTAPI NtCreateProcessEx(_Out_ PHANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ HANDLE ParentProcess, _In_ ULONG Flags, _In_opt_ HANDLE SectionHandle, _In_opt_ HANDLE DebugPort, _In_opt_ HANDLE ExceptionPort, _In_ BOOLEAN InJob)
PsGetCurrentThreadWin32Thread
NTKERNELAPI PVOID NTAPI PsGetCurrentThreadWin32Thread(VOID)
Definition: thread.c:805
ThreadInformationClass
_In_ THREADINFOCLASS ThreadInformationClass
Definition: psfuncs.h:832
PsReturnPoolQuota
NTKERNELAPI VOID NTAPI PsReturnPoolQuota(_In_ PEPROCESS Process, _In_ POOL_TYPE PoolType, _In_ SIZE_T Amount)
Returns the pool quota that the process was taking up.
Definition: quota.c:907
NtOpenThread
NTSYSCALLAPI NTSTATUS NTAPI NtOpenThread(_Out_ PHANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ PCLIENT_ID ClientId)
ZwAlertThread
NTSYSAPI NTSTATUS NTAPI ZwAlertThread(_In_ HANDLE ThreadHandle)
ZwIsProcessInJob
NTSYSAPI NTSTATUS NTAPI ZwIsProcessInJob(_In_ HANDLE ProcessHandle, _In_opt_ HANDLE JobHandle)
ZwCreateThread
NTSYSAPI NTSTATUS NTAPI ZwCreateThread(_Out_ PHANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ HANDLE ProcessHandle, _Out_ PCLIENT_ID ClientId, _In_ PCONTEXT ThreadContext, _In_ PINITIAL_TEB UserStack, _In_ BOOLEAN CreateSuspended)
NtCreateProcess
NTSYSCALLAPI NTSTATUS NTAPI NtCreateProcess(_Out_ PHANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ HANDLE ParentProcess, _In_ BOOLEAN InheritObjectTable, _In_opt_ HANDLE SectionHandle, _In_opt_ HANDLE DebugPort, _In_opt_ HANDLE ExceptionPort)
ZwOpenThreadTokenEx
NTSYSAPI NTSTATUS NTAPI ZwOpenThreadTokenEx(_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
HandleAttributes
_In_ ACCESS_MASK _In_ ULONG HandleAttributes
Definition: psfuncs.h:716
ZwTerminateJobObject
NTSYSAPI NTSTATUS NTAPI ZwTerminateJobObject(_In_ HANDLE JobHandle, _In_ NTSTATUS ExitStatus)
ZwResumeProcess
NTSYSAPI NTSTATUS NTAPI ZwResumeProcess(_In_ HANDLE ProcessHandle)
PsGetThreadFreezeCount
NTKERNELAPI ULONG NTAPI PsGetThreadFreezeCount(_In_ PETHREAD Thread)
ZwCreateJobObject
NTSYSAPI NTSTATUS NTAPI ZwCreateJobObject(_Out_ PHANDLE JobHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes)
NtSetInformationJobObject
NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationJobObject(_In_ HANDLE JobHandle, _In_ JOBOBJECTINFOCLASS JobInformationClass, _In_bytecount_(JobInformationLength) PVOID JobInformation, _In_ ULONG JobInformationLength)
ZwResumeThread
NTSYSAPI NTSTATUS NTAPI ZwResumeThread(_In_ HANDLE ThreadHandle, _Out_opt_ PULONG SuspendCount)
PsRevertThreadToSelf
NTKERNELAPI VOID NTAPI PsRevertThreadToSelf(_Inout_ PETHREAD Thread)
ZwSuspendProcess
NTSYSAPI NTSTATUS NTAPI ZwSuspendProcess(_In_ HANDLE ProcessHandle)
PsSetProcessSecurityPort
NTKERNELAPI NTSTATUS NTAPI PsSetProcessSecurityPort(_Inout_ PEPROCESS Process, _In_ PVOID SecurityPort)
ZwQueryInformationProcess
NTSYSAPI NTSTATUS NTAPI ZwQueryInformationProcess(_In_ HANDLE ProcessHandle, _In_ PROCESSINFOCLASS ProcessInformationClass, _Out_ PVOID ProcessInformation, _In_ ULONG ProcessInformationLength, _Out_opt_ PULONG ReturnLength)
PsGetCurrentThreadProcessId
NTKERNELAPI HANDLE NTAPI PsGetCurrentThreadProcessId(VOID)
Definition: thread.c:755
NtResumeThread
NTSYSCALLAPI NTSTATUS NTAPI NtResumeThread(_In_ HANDLE ThreadHandle, _Out_opt_ PULONG SuspendCount)
ZwOpenThreadToken
NTSYSAPI NTSTATUS NTAPI ZwOpenThreadToken(_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _Out_ PHANDLE TokenHandle)
ZwQueryInformationJobObject
NTSYSAPI NTSTATUS NTAPI ZwQueryInformationJobObject(_In_ HANDLE JobHandle, _In_ JOBOBJECTINFOCLASS JobInformationClass, _Out_bytecap_(JobInformationLength) PVOID JobInformation, _In_ ULONG JobInformationLength, _Out_ PULONG ReturnLength)
PsIsProtectedProcess
BOOLEAN NTAPI PsIsProtectedProcess(_In_ PEPROCESS Process)
PsChargePoolQuota
NTKERNELAPI VOID NTAPI PsChargePoolQuota(_In_ PEPROCESS Process, _In_ POOL_TYPE PoolType, _In_ SIZE_T Amount)
Charges the pool quota of a given process. The kind of pool quota to charge is determined by the Pool...
Definition: quota.c:775
NtOpenProcessToken
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessToken(_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _Out_ PHANDLE TokenHandle)
NtApphelpCacheControl
NTSYSCALLAPI NTSTATUS NTAPI NtApphelpCacheControl(_In_ APPHELPCACHESERVICECLASS Service, _In_opt_ PAPPHELP_CACHE_SERVICE_LOOKUP ServiceData)
Definition: apphelp.c:728
NtSetInformationThread
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationThread(_In_ HANDLE ThreadHandle, _In_ THREADINFOCLASS ThreadInformationClass, _In_reads_bytes_(ThreadInformationLength) PVOID ThreadInformation, _In_ ULONG ThreadInformationLength)
NtQueryInformationJobObject
NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationJobObject(_In_ HANDLE JobHandle, _In_ JOBOBJECTINFOCLASS JobInformationClass, _Out_bytecap_(JobInformationLength) PVOID JobInformation, _In_ ULONG JobInformationLength, _Out_ PULONG ReturnLength)
ZwAlertResumeThread
NTSYSAPI NTSTATUS NTAPI ZwAlertResumeThread(_In_ HANDLE ThreadHandle, _Out_opt_ PULONG SuspendCount)
ZwRegisterThreadTerminatePort
NTSYSAPI NTSTATUS NTAPI ZwRegisterThreadTerminatePort(_In_ HANDLE TerminationPort)
ZwAssignProcessToJobObject
NTSYSAPI NTSTATUS NTAPI ZwAssignProcessToJobObject(_In_ HANDLE JobHandle, _In_ HANDLE ProcessHandle)
NtTerminateThread
NTSYSCALLAPI NTSTATUS NTAPI NtTerminateThread(_In_ HANDLE ThreadHandle, _In_ NTSTATUS ExitStatus)
NtTerminateProcess
NTSYSCALLAPI NTSTATUS NTAPI NtTerminateProcess(_In_ HANDLE ProcessHandle, _In_ NTSTATUS ExitStatus)
ZwOpenProcessTokenEx
NTSYSAPI NTSTATUS NTAPI ZwOpenProcessTokenEx(_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
ACCESS_MASK
ULONG ACCESS_MASK
Definition: nt_native.h:40
NTSYSCALLAPI
#define NTSYSCALLAPI
Definition: ntbasedef.h:204
Service
@ Service
Definition: ntsecapi.h:292
PHANDLE
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:455
KeGetPcr
#define KeGetPcr()
Definition: ke.h:26
__kernel_entry
#define __kernel_entry
Definition: specstrings.h:355
_APPHELP_CACHE_SERVICE_LOOKUP
Definition: pstypes.h:985
_CLIENT_ID
Definition: compat.h:824
_CONTEXT
Definition: nt_native.h:1406
_EPROCESS
Definition: pstypes.h:1261
_ETHREAD
Definition: pstypes.h:1102
_INITIAL_TEB
Definition: pstypes.h:691
_JOB_SET_ARRAY
Definition: pstypes.h:1010
_NT_TIB
Definition: compat.h:710
_OBJECT_ATTRIBUTES
Definition: umtypes.h:182
_SECURITY_QUALITY_OF_SERVICE
Definition: lsa.idl:63
_TEB
Definition: compat.h:836
_WIN32_CALLOUTS_FPNS
Definition: pstypes.h:1682
PULONG
uint32_t * PULONG
Definition: typedefs.h:59
FIELD_OFFSET
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255
POOL_TYPE
INT POOL_TYPE
Definition: typedefs.h:78
NTAPI
#define NTAPI
Definition: typedefs.h:36
SIZE_T
ULONG_PTR SIZE_T
Definition: typedefs.h:80
ULONG
uint32_t ULONG
Definition: typedefs.h:59
DesiredAccess
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2658
PoolType
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3815
FORCEINLINE
#define FORCEINLINE
Definition: wdftypes.h:67
NTKERNELAPI
#define NTKERNELAPI
Flags
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
ClientId
_Out_ PCLIENT_ID ClientId
Definition: kefuncs.h:1165
OpenAsSelf
_In_ ACCESS_MASK _In_ BOOLEAN OpenAsSelf
Definition: zwfuncs.h:700