Google Git
Sign in
android / toolchain / rustc / c396013a05f0623e5cbcfc712426adb8e384ed83 / . / vendor / ntapi-0.4.0 / src / ntzwapi.rs
blob: 9638bf836afb996b90bc05f775ea3c3d6b0cd5c3 [file] [log] [blame]
use crate::ntapi_base::{PCLIENT_ID, PRTL_ATOM, RTL_ATOM};
use crate::ntdbg::DEBUGOBJECTINFOCLASS;
use crate::ntexapi::{
ATOM_INFORMATION_CLASS, EVENT_INFORMATION_CLASS, MUTANT_INFORMATION_CLASS, PBOOT_ENTRY,
PBOOT_OPTIONS, PCWNF_TYPE_ID, PEFI_DRIVER_ENTRY, PFILE_PATH, PT2_CANCEL_PARAMETERS,
PT2_SET_PARAMETERS, PTIMER_APC_ROUTINE, PWNF_CHANGE_STAMP, PWNF_DELIVERY_DESCRIPTOR,
SEMAPHORE_INFORMATION_CLASS, SHUTDOWN_ACTION, SYSDBG_COMMAND, SYSTEM_INFORMATION_CLASS,
TIMER_INFORMATION_CLASS, TIMER_SET_INFORMATION_CLASS, WNF_CHANGE_STAMP, WNF_DATA_SCOPE,
WNF_STATE_NAME_INFORMATION, WNF_STATE_NAME_LIFETIME, WORKERFACTORYINFOCLASS,
};
use crate::ntioapi::{
FILE_INFORMATION_CLASS, FILE_IO_COMPLETION_INFORMATION, FS_INFORMATION_CLASS,
IO_COMPLETION_INFORMATION_CLASS, IO_SESSION_EVENT, IO_SESSION_STATE, PFILE_BASIC_INFORMATION,
PFILE_IO_COMPLETION_INFORMATION, PFILE_NETWORK_OPEN_INFORMATION, PIO_APC_ROUTINE,
PIO_STATUS_BLOCK,
};
use crate::ntkeapi::KPROFILE_SOURCE;
use crate::ntlpcapi::{
ALPC_HANDLE, ALPC_MESSAGE_INFORMATION_CLASS, ALPC_PORT_INFORMATION_CLASS, PALPC_CONTEXT_ATTR,
PALPC_DATA_VIEW_ATTR, PALPC_HANDLE, PALPC_MESSAGE_ATTRIBUTES, PALPC_PORT_ATTRIBUTES,
PALPC_SECURITY_ATTR, PORT_INFORMATION_CLASS, PPORT_MESSAGE, PPORT_VIEW, PREMOTE_PORT_VIEW,
};
use crate::ntmisc::VDMSERVICECLASS;
use crate::ntmmapi::{
MEMORY_INFORMATION_CLASS, MEMORY_PARTITION_INFORMATION_CLASS, PMEMORY_RANGE_ENTRY,
SECTION_INFORMATION_CLASS, SECTION_INHERIT, VIRTUAL_MEMORY_INFORMATION_CLASS,
};
use crate::ntobapi::OBJECT_INFORMATION_CLASS;
use crate::ntpnpapi::{PLUGPLAY_CONTROL_CLASS, PPLUGPLAY_EVENT_BLOCK};
use crate::ntpsapi::{
MEMORY_RESERVE_TYPE, PINITIAL_TEB, PPS_APC_ROUTINE, PPS_ATTRIBUTE_LIST, PPS_CREATE_INFO,
PROCESSINFOCLASS, THREADINFOCLASS,
};
use crate::ntregapi::{
KEY_INFORMATION_CLASS, KEY_SET_INFORMATION_CLASS, KEY_VALUE_INFORMATION_CLASS,
PKEY_VALUE_ENTRY,
};
use crate::ntseapi::PTOKEN_SECURITY_ATTRIBUTES_INFORMATION;
use winapi::shared::basetsd::{
KAFFINITY, PSIZE_T, PULONG64, PULONG_PTR, SIZE_T, ULONG64, ULONG_PTR,
};
use winapi::shared::guiddef::LPGUID;
use winapi::shared::ktmtypes::{NOTIFICATION_MASK, PCRM_PROTOCOL_ID, PTRANSACTION_NOTIFICATION};
use winapi::shared::ntdef::{
BOOLEAN, EVENT_TYPE, HANDLE, LANGID, LCID, LOGICAL, LONG, NTSTATUS, OBJECT_ATTRIBUTES,
PBOOLEAN, PCHAR, PCWNF_STATE_NAME, PGROUP_AFFINITY, PHANDLE, PLARGE_INTEGER, PLCID, PLONG,
PLUID, PNTSTATUS, POBJECT_ATTRIBUTES, PUCHAR, PULARGE_INTEGER, PULONG, PULONGLONG,
PUNICODE_STRING, PUSHORT, PVOID, PWNF_STATE_NAME, PWSTR, TIMER_TYPE, ULONG, USHORT, VOID,
WAIT_TYPE,
};
use winapi::um::winnt::{
ACCESS_MASK, AUDIT_EVENT_TYPE, ENLISTMENT_INFORMATION_CLASS, EXECUTION_STATE,
JOBOBJECTINFOCLASS, KTMOBJECT_TYPE, LATENCY_TIME, PACCESS_MASK, PCONTEXT, PDEVICE_POWER_STATE,
PEXCEPTION_RECORD, PFILE_SEGMENT_ELEMENT, PGENERIC_MAPPING, PJOB_SET_ARRAY, PKTMOBJECT_CURSOR,
POBJECT_TYPE_LIST, POWER_ACTION, POWER_INFORMATION_LEVEL, PPRIVILEGE_SET, PSECURITY_DESCRIPTOR,
PSECURITY_QUALITY_OF_SERVICE, PSE_SIGNING_LEVEL, PSID, PSID_AND_ATTRIBUTES,
PTOKEN_DEFAULT_DACL, PTOKEN_GROUPS, PTOKEN_MANDATORY_POLICY, PTOKEN_OWNER,
PTOKEN_PRIMARY_GROUP, PTOKEN_PRIVILEGES, PTOKEN_SOURCE, PTOKEN_USER,
RESOURCEMANAGER_INFORMATION_CLASS, SECURITY_INFORMATION, SE_SIGNING_LEVEL, SYSTEM_POWER_STATE,
TOKEN_INFORMATION_CLASS, TOKEN_TYPE, TRANSACTIONMANAGER_INFORMATION_CLASS,
TRANSACTION_INFORMATION_CLASS,
};
EXTERN!{extern "system" {
fn ZwAcceptConnectPort(
PortHandle: PHANDLE,
PortContext: PVOID,
ConnectionRequest: PPORT_MESSAGE,
AcceptConnection: BOOLEAN,
ServerView: PPORT_VIEW,
ClientView: PREMOTE_PORT_VIEW,
) -> NTSTATUS;
fn ZwAccessCheck(
SecurityDescriptor: PSECURITY_DESCRIPTOR,
ClientToken: HANDLE,
DesiredAccess: ACCESS_MASK,
GenericMapping: PGENERIC_MAPPING,
PrivilegeSet: PPRIVILEGE_SET,
PrivilegeSetLength: PULONG,
GrantedAccess: PACCESS_MASK,
AccessStatus: PNTSTATUS,
) -> NTSTATUS;
fn ZwAccessCheckAndAuditAlarm(
SubsystemName: PUNICODE_STRING,
HandleId: PVOID,
ObjectTypeName: PUNICODE_STRING,
ObjectName: PUNICODE_STRING,
SecurityDescriptor: PSECURITY_DESCRIPTOR,
DesiredAccess: ACCESS_MASK,
GenericMapping: PGENERIC_MAPPING,
ObjectCreation: BOOLEAN,
GrantedAccess: PACCESS_MASK,
AccessStatus: PNTSTATUS,
GenerateOnClose: PBOOLEAN,
) -> NTSTATUS;
fn ZwAccessCheckByType(
SecurityDescriptor: PSECURITY_DESCRIPTOR,
PrincipalSelfSid: PSID,
ClientToken: HANDLE,
DesiredAccess: ACCESS_MASK,
ObjectTypeList: POBJECT_TYPE_LIST,
ObjectTypeListLength: ULONG,
GenericMapping: PGENERIC_MAPPING,
PrivilegeSet: PPRIVILEGE_SET,
PrivilegeSetLength: PULONG,
GrantedAccess: PACCESS_MASK,
AccessStatus: PNTSTATUS,
) -> NTSTATUS;
fn ZwAccessCheckByTypeAndAuditAlarm(
SubsystemName: PUNICODE_STRING,
HandleId: PVOID,
ObjectTypeName: PUNICODE_STRING,
ObjectName: PUNICODE_STRING,
SecurityDescriptor: PSECURITY_DESCRIPTOR,
PrincipalSelfSid: PSID,
DesiredAccess: ACCESS_MASK,
AuditType: AUDIT_EVENT_TYPE,
Flags: ULONG,
ObjectTypeList: POBJECT_TYPE_LIST,
ObjectTypeListLength: ULONG,
GenericMapping: PGENERIC_MAPPING,
ObjectCreation: BOOLEAN,
GrantedAccess: PACCESS_MASK,
AccessStatus: PNTSTATUS,
GenerateOnClose: PBOOLEAN,
) -> NTSTATUS;
fn ZwAccessCheckByTypeResultList(
SecurityDescriptor: PSECURITY_DESCRIPTOR,
PrincipalSelfSid: PSID,
ClientToken: HANDLE,
DesiredAccess: ACCESS_MASK,
ObjectTypeList: POBJECT_TYPE_LIST,
ObjectTypeListLength: ULONG,
GenericMapping: PGENERIC_MAPPING,
PrivilegeSet: PPRIVILEGE_SET,
PrivilegeSetLength: PULONG,
GrantedAccess: PACCESS_MASK,
AccessStatus: PNTSTATUS,
) -> NTSTATUS;
fn ZwAccessCheckByTypeResultListAndAuditAlarm(
SubsystemName: PUNICODE_STRING,
HandleId: PVOID,
ObjectTypeName: PUNICODE_STRING,
ObjectName: PUNICODE_STRING,
SecurityDescriptor: PSECURITY_DESCRIPTOR,
PrincipalSelfSid: PSID,
DesiredAccess: ACCESS_MASK,
AuditType: AUDIT_EVENT_TYPE,
Flags: ULONG,
ObjectTypeList: POBJECT_TYPE_LIST,
ObjectTypeListLength: ULONG,
GenericMapping: PGENERIC_MAPPING,
ObjectCreation: BOOLEAN,
GrantedAccess: PACCESS_MASK,
AccessStatus: PNTSTATUS,
GenerateOnClose: PBOOLEAN,
) -> NTSTATUS;
fn ZwAccessCheckByTypeResultListAndAuditAlarmByHandle(
SubsystemName: PUNICODE_STRING,
HandleId: PVOID,
ClientToken: HANDLE,
ObjectTypeName: PUNICODE_STRING,
ObjectName: PUNICODE_STRING,
SecurityDescriptor: PSECURITY_DESCRIPTOR,
PrincipalSelfSid: PSID,
DesiredAccess: ACCESS_MASK,
AuditType: AUDIT_EVENT_TYPE,
Flags: ULONG,
ObjectTypeList: POBJECT_TYPE_LIST,
ObjectTypeListLength: ULONG,
GenericMapping: PGENERIC_MAPPING,
ObjectCreation: BOOLEAN,
GrantedAccess: PACCESS_MASK,
AccessStatus: PNTSTATUS,
GenerateOnClose: PBOOLEAN,
) -> NTSTATUS;
fn ZwAcquireCMFViewOwnership(
TimeStamp: PULONGLONG,
tokenTaken: PBOOLEAN,
replaceExisting: BOOLEAN,
) -> NTSTATUS;
fn ZwAddAtom(
AtomName: PWSTR,
Length: ULONG,
Atom: PRTL_ATOM,
) -> NTSTATUS;
fn ZwAddAtomEx(
AtomName: PWSTR,
Length: ULONG,
Atom: PRTL_ATOM,
Flags: ULONG,
) -> NTSTATUS;
fn ZwAddBootEntry(
BootEntry: PBOOT_ENTRY,
Id: PULONG,
) -> NTSTATUS;
fn ZwAddDriverEntry(
DriverEntry: PEFI_DRIVER_ENTRY,
Id: PULONG,
) -> NTSTATUS;
fn ZwAdjustGroupsToken(
TokenHandle: HANDLE,
ResetToDefault: BOOLEAN,
NewState: PTOKEN_GROUPS,
BufferLength: ULONG,
PreviousState: PTOKEN_GROUPS,
ReturnLength: PULONG,
) -> NTSTATUS;
fn ZwAdjustPrivilegesToken(
TokenHandle: HANDLE,
DisableAllPrivileges: BOOLEAN,
NewState: PTOKEN_PRIVILEGES,
BufferLength: ULONG,
PreviousState: PTOKEN_PRIVILEGES,
ReturnLength: PULONG,
) -> NTSTATUS;
fn ZwAdjustTokenClaimsAndDeviceGroups(
TokenHandle: HANDLE,
UserResetToDefault: BOOLEAN,
DeviceResetToDefault: BOOLEAN,
DeviceGroupsResetToDefault: BOOLEAN,
NewUserState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
NewDeviceState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
NewDeviceGroupsState: PTOKEN_GROUPS,
UserBufferLength: ULONG,
PreviousUserState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
DeviceBufferLength: ULONG,
PreviousDeviceState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
DeviceGroupsBufferLength: ULONG,
PreviousDeviceGroups: PTOKEN_GROUPS,
UserReturnLength: PULONG,
DeviceReturnLength: PULONG,
DeviceGroupsReturnBufferLength: PULONG,
) -> NTSTATUS;
fn ZwAlertResumeThread(
ThreadHandle: HANDLE,
PreviousSuspendCount: PULONG,
) -> NTSTATUS;
fn ZwAlertThread(
ThreadHandle: HANDLE,
) -> NTSTATUS;
fn ZwAlertThreadByThreadId(
ThreadId: HANDLE,
) -> NTSTATUS;
fn ZwAllocateLocallyUniqueId(
Luid: PLUID,
) -> NTSTATUS;
fn ZwAllocateReserveObject(
MemoryReserveHandle: PHANDLE,
ObjectAttributes: POBJECT_ATTRIBUTES,
Type: MEMORY_RESERVE_TYPE,
) -> NTSTATUS;
fn ZwAllocateUserPhysicalPages(
ProcessHandle: HANDLE,
NumberOfPages: PULONG_PTR,
UserPfnArray: PULONG_PTR,
) -> NTSTATUS;
fn ZwAllocateUuids(
Time: PULARGE_INTEGER,
Range: PULONG,
Sequence: PULONG,
Seed: PCHAR,
) -> NTSTATUS;
fn ZwAllocateVirtualMemory(
ProcessHandle: HANDLE,
BaseAddress: *mut PVOID,
ZeroBits: ULONG_PTR,
RegionSize: PSIZE_T,
AllocationType: ULONG,
Protect: ULONG,
) -> NTSTATUS;
fn ZwAlpcAcceptConnectPort(
PortHandle: PHANDLE,
ConnectionPortHandle: HANDLE,
Flags: ULONG,
ObjectAttributes: POBJECT_ATTRIBUTES,
PortAttributes: PALPC_PORT_ATTRIBUTES,
PortContext: PVOID,
ConnectionRequest: PPORT_MESSAGE,
ConnectionMessageAttributes: PALPC_MESSAGE_ATTRIBUTES,
AcceptConnection: BOOLEAN,
) -> NTSTATUS;
fn ZwAlpcCancelMessage(
PortHandle: HANDLE,
Flags: ULONG,
MessageContext: PALPC_CONTEXT_ATTR,
) -> NTSTATUS;
fn ZwAlpcConnectPort(
PortHandle: PHANDLE,
PortName: PUNICODE_STRING,
ObjectAttributes: POBJECT_ATTRIBUTES,
PortAttributes: PALPC_PORT_ATTRIBUTES,
Flags: ULONG,
RequiredServerSid: PSID,
ConnectionMessage: PPORT_MESSAGE,
BufferLength: PULONG,
OutMessageAttributes: PALPC_MESSAGE_ATTRIBUTES,
InMessageAttributes: PALPC_MESSAGE_ATTRIBUTES,
Timeout: PLARGE_INTEGER,
) -> NTSTATUS;
fn ZwAlpcConnectPortEx(
PortHandle: PHANDLE,
ConnectionPortObjectAttributes: POBJECT_ATTRIBUTES,
ClientPortObjectAttributes: POBJECT_ATTRIBUTES,
PortAttributes: PALPC_PORT_ATTRIBUTES,
Flags: ULONG,
ServerSecurityRequirements: PSECURITY_DESCRIPTOR,
ConnectionMessage: PPORT_MESSAGE,
BufferLength: PSIZE_T,
OutMessageAttributes: PALPC_MESSAGE_ATTRIBUTES,
InMessageAttributes: PALPC_MESSAGE_ATTRIBUTES,
Timeout: PLARGE_INTEGER,
) -> NTSTATUS;
fn ZwAlpcCreatePort(
PortHandle: PHANDLE,
ObjectAttributes: POBJECT_ATTRIBUTES,
PortAttributes: PALPC_PORT_ATTRIBUTES,
) -> NTSTATUS;
fn ZwAlpcCreatePortSection(
PortHandle: HANDLE,
Flags: ULONG,
SectionHandle: HANDLE,
SectionSize: SIZE_T,
AlpcSectionHandle: PALPC_HANDLE,
ActualSectionSize: PSIZE_T,
) -> NTSTATUS;
fn ZwAlpcCreateResourceReserve(
PortHandle: HANDLE,
Flags: ULONG,
MessageSize: SIZE_T,
ResourceId: PALPC_HANDLE,
) -> NTSTATUS;
fn ZwAlpcCreateSectionView(
PortHandle: HANDLE,
Flags: ULONG,
ViewAttributes: PALPC_DATA_VIEW_ATTR,
) -> NTSTATUS;
fn ZwAlpcCreateSecurityContext(
PortHandle: HANDLE,
Flags: ULONG,
SecurityAttribute: PALPC_SECURITY_ATTR,
) -> NTSTATUS;
fn ZwAlpcDeletePortSection(
PortHandle: HANDLE,
Flags: ULONG,
SectionHandle: ALPC_HANDLE,
) -> NTSTATUS;
fn ZwAlpcDeleteResourceReserve(
PortHandle: HANDLE,
Flags: ULONG,
ResourceId: ALPC_HANDLE,
) -> NTSTATUS;
fn ZwAlpcDeleteSectionView(
PortHandle: HANDLE,
Flags: ULONG,
ViewBase: PVOID,
) -> NTSTATUS;
fn ZwAlpcDeleteSecurityContext(
PortHandle: HANDLE,
Flags: ULONG,
ContextHandle: ALPC_HANDLE,
) -> NTSTATUS;
fn ZwAlpcDisconnectPort(
PortHandle: HANDLE,
Flags: ULONG,
) -> NTSTATUS;
fn ZwAlpcImpersonateClientContainerOfPort(
PortHandle: HANDLE,
Message: PPORT_MESSAGE,
Flags: ULONG,
) -> NTSTATUS;
fn ZwAlpcImpersonateClientOfPort(
PortHandle: HANDLE,
Message: PPORT_MESSAGE,
Flags: PVOID,
) -> NTSTATUS;
fn ZwAlpcOpenSenderProcess(
ProcessHandle: PHANDLE,
PortHandle: HANDLE,
PortMessage: PPORT_MESSAGE,
Flags: ULONG,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
) -> NTSTATUS;
fn ZwAlpcOpenSenderThread(
ThreadHandle: PHANDLE,
PortHandle: HANDLE,
PortMessage: PPORT_MESSAGE,
Flags: ULONG,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
) -> NTSTATUS;
fn ZwAlpcQueryInformation(
PortHandle: HANDLE,
PortInformationClass: ALPC_PORT_INFORMATION_CLASS,
PortInformation: PVOID,
Length: ULONG,
ReturnLength: PULONG,
) -> NTSTATUS;
fn ZwAlpcQueryInformationMessage(
PortHandle: HANDLE,
PortMessage: PPORT_MESSAGE,
MessageInformationClass: ALPC_MESSAGE_INFORMATION_CLASS,
MessageInformation: PVOID,
Length: ULONG,
ReturnLength: PULONG,
) -> NTSTATUS;
fn ZwAlpcRevokeSecurityContext(
PortHandle: HANDLE,
Flags: ULONG,
ContextHandle: ALPC_HANDLE,
) -> NTSTATUS;
fn ZwAlpcSendWaitReceivePort(
PortHandle: HANDLE,
Flags: ULONG,
SendMessageA: PPORT_MESSAGE,
SendMessageAttributes: PALPC_MESSAGE_ATTRIBUTES,
ReceiveMessage: PPORT_MESSAGE,
BufferLength: PSIZE_T,
ReceiveMessageAttributes: PALPC_MESSAGE_ATTRIBUTES,
Timeout: PLARGE_INTEGER,
) -> NTSTATUS;
fn ZwAlpcSetInformation(
PortHandle: HANDLE,
PortInformationClass: ALPC_PORT_INFORMATION_CLASS,
PortInformation: PVOID,
Length: ULONG,
) -> NTSTATUS;
fn ZwAreMappedFilesTheSame(
File1MappedAsAnImage: PVOID,
File2MappedAsFile: PVOID,
) -> NTSTATUS;
fn ZwAssignProcessToJobObject(
JobHandle: HANDLE,
ProcessHandle: HANDLE,
) -> NTSTATUS;
fn ZwAssociateWaitCompletionPacket(
WaitCompletionPacketHandle: HANDLE,
IoCompletionHandle: HANDLE,
TargetObjectHandle: HANDLE,
KeyContext: PVOID,
ApcContext: PVOID,
IoStatus: NTSTATUS,
IoStatusInformation: ULONG_PTR,
AlreadySignaled: PBOOLEAN,
) -> NTSTATUS;
fn ZwCallbackReturn(
OutputBuffer: PVOID,
OutputLength: ULONG,
Status: NTSTATUS,
) -> NTSTATUS;
fn ZwCancelIoFile(
FileHandle: HANDLE,
IoStatusBlock: PIO_STATUS_BLOCK,
) -> NTSTATUS;
fn ZwCancelIoFileEx(
FileHandle: HANDLE,
IoRequestToCancel: PIO_STATUS_BLOCK,
IoStatusBlock: PIO_STATUS_BLOCK,
) -> NTSTATUS;
fn ZwCancelSynchronousIoFile(
ThreadHandle: HANDLE,
IoRequestToCancel: PIO_STATUS_BLOCK,
IoStatusBlock: PIO_STATUS_BLOCK,
) -> NTSTATUS;
fn ZwCancelTimer(
TimerHandle: HANDLE,
CurrentState: PBOOLEAN,
) -> NTSTATUS;
fn ZwCancelTimer2(
TimerHandle: HANDLE,
Parameters: PT2_CANCEL_PARAMETERS,
) -> NTSTATUS;
fn ZwCancelWaitCompletionPacket(
WaitCompletionPacketHandle: HANDLE,
RemoveSignaledPacket: BOOLEAN,
) -> NTSTATUS;
fn ZwClearEvent(
EventHandle: HANDLE,
) -> NTSTATUS;
fn ZwClose(
Handle: HANDLE,
) -> NTSTATUS;
fn ZwCloseObjectAuditAlarm(
SubsystemName: PUNICODE_STRING,
HandleId: PVOID,
GenerateOnClose: BOOLEAN,
) -> NTSTATUS;
fn ZwCommitComplete(
EnlistmentHandle: HANDLE,
TmVirtualClock: PLARGE_INTEGER,
) -> NTSTATUS;
fn ZwCommitEnlistment(
EnlistmentHandle: HANDLE,
TmVirtualClock: PLARGE_INTEGER,
) -> NTSTATUS;
fn ZwCommitTransaction(
TransactionHandle: HANDLE,
Wait: BOOLEAN,
) -> NTSTATUS;
fn ZwCompactKeys(
Count: ULONG,
KeyArray: *mut HANDLE,
) -> NTSTATUS;
fn ZwCompareObjects(
FirstObjectHandle: HANDLE,
SecondObjectHandle: HANDLE,
) -> NTSTATUS;
fn ZwCompareTokens(
FirstTokenHandle: HANDLE,
SecondTokenHandle: HANDLE,
Equal: PBOOLEAN,
) -> NTSTATUS;
fn ZwCompleteConnectPort(
PortHandle: HANDLE,
) -> NTSTATUS;
fn ZwCompressKey(
Key: HANDLE,
) -> NTSTATUS;
fn ZwConnectPort(
PortHandle: PHANDLE,
PortName: PUNICODE_STRING,
SecurityQos: PSECURITY_QUALITY_OF_SERVICE,
ClientView: PPORT_VIEW,
ServerView: PREMOTE_PORT_VIEW,
MaxMessageLength: PULONG,
ConnectionInformation: PVOID,
ConnectionInformationLength: PULONG,
) -> NTSTATUS;
fn ZwContinue(
ContextRecord: PCONTEXT,
TestAlert: BOOLEAN,
) -> NTSTATUS;
fn ZwCreateDebugObject(
DebugObjectHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
Flags: ULONG,
) -> NTSTATUS;
fn ZwCreateDirectoryObject(
DirectoryHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
) -> NTSTATUS;
fn ZwCreateDirectoryObjectEx(
DirectoryHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
ShadowDirectoryHandle: HANDLE,
Flags: ULONG,
) -> NTSTATUS;
fn ZwCreateEnlistment(
EnlistmentHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ResourceManagerHandle: HANDLE,
TransactionHandle: HANDLE,
ObjectAttributes: POBJECT_ATTRIBUTES,
CreateOptions: ULONG,
NotificationMask: NOTIFICATION_MASK,
EnlistmentKey: PVOID,
) -> NTSTATUS;
fn ZwCreateEvent(
EventHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
EventType: EVENT_TYPE,
InitialState: BOOLEAN,
) -> NTSTATUS;
fn ZwCreateEventPair(
EventPairHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
) -> NTSTATUS;
fn ZwCreateFile(
FileHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
IoStatusBlock: PIO_STATUS_BLOCK,
AllocationSize: PLARGE_INTEGER,
FileAttributes: ULONG,
ShareAccess: ULONG,
CreateDisposition: ULONG,
CreateOptions: ULONG,
EaBuffer: PVOID,
EaLength: ULONG,
) -> NTSTATUS;
fn ZwCreateIRTimer(
TimerHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
) -> NTSTATUS;
fn ZwCreateIoCompletion(
IoCompletionHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
Count: ULONG,
) -> NTSTATUS;
fn ZwCreateJobObject(
JobHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
) -> NTSTATUS;
fn ZwCreateJobSet(
NumJob: ULONG,
UserJobSet: PJOB_SET_ARRAY,
Flags: ULONG,
) -> NTSTATUS;
fn ZwCreateKey(
KeyHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
TitleIndex: ULONG,
Class: PUNICODE_STRING,
CreateOptions: ULONG,
Disposition: PULONG,
) -> NTSTATUS;
fn ZwCreateKeyTransacted(
KeyHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
TitleIndex: ULONG,
Class: PUNICODE_STRING,
CreateOptions: ULONG,
TransactionHandle: HANDLE,
Disposition: PULONG,
) -> NTSTATUS;
fn ZwCreateKeyedEvent(
KeyedEventHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
Flags: ULONG,
) -> NTSTATUS;
fn ZwCreateLowBoxToken(
TokenHandle: PHANDLE,
ExistingTokenHandle: HANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
PackageSid: PSID,
CapabilityCount: ULONG,
Capabilities: PSID_AND_ATTRIBUTES,
HandleCount: ULONG,
Handles: *mut HANDLE,
) -> NTSTATUS;
fn ZwCreateMailslotFile(
FileHandle: PHANDLE,
DesiredAccess: ULONG,
ObjectAttributes: POBJECT_ATTRIBUTES,
IoStatusBlock: PIO_STATUS_BLOCK,
CreateOptions: ULONG,
MailslotQuota: ULONG,
MaximumMessageSize: ULONG,
ReadTimeout: PLARGE_INTEGER,
) -> NTSTATUS;
fn ZwCreateMutant(
MutantHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
InitialOwner: BOOLEAN,
) -> NTSTATUS;
fn ZwCreateNamedPipeFile(
FileHandle: PHANDLE,
DesiredAccess: ULONG,
ObjectAttributes: POBJECT_ATTRIBUTES,
IoStatusBlock: PIO_STATUS_BLOCK,
ShareAccess: ULONG,
CreateDisposition: ULONG,
CreateOptions: ULONG,
NamedPipeType: ULONG,
ReadMode: ULONG,
CompletionMode: ULONG,
MaximumInstances: ULONG,
InboundQuota: ULONG,
OutboundQuota: ULONG,
DefaultTimeout: PLARGE_INTEGER,
) -> NTSTATUS;
fn ZwCreatePagingFile(
PageFileName: PUNICODE_STRING,
MinimumSize: PLARGE_INTEGER,
MaximumSize: PLARGE_INTEGER,
Priority: ULONG,
) -> NTSTATUS;
fn ZwCreatePartition(
PartitionHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
PreferredNode: ULONG,
) -> NTSTATUS;
fn ZwCreatePort(
PortHandle: PHANDLE,
ObjectAttributes: POBJECT_ATTRIBUTES,
MaxConnectionInfoLength: ULONG,
MaxMessageLength: ULONG,
MaxPoolUsage: ULONG,
) -> NTSTATUS;
fn ZwCreatePrivateNamespace(
NamespaceHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
BoundaryDescriptor: PVOID,
) -> NTSTATUS;
fn ZwCreateProcess(
ProcessHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
ParentProcess: HANDLE,
InheritObjectTable: BOOLEAN,
SectionHandle: HANDLE,
DebugPort: HANDLE,
ExceptionPort: HANDLE,
) -> NTSTATUS;
fn ZwCreateProcessEx(
ProcessHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
ParentProcess: HANDLE,
Flags: ULONG,
SectionHandle: HANDLE,
DebugPort: HANDLE,
ExceptionPort: HANDLE,
JobMemberLevel: ULONG,
) -> NTSTATUS;
fn ZwCreateProfile(
ProfileHandle: PHANDLE,
Process: HANDLE,
ProfileBase: PVOID,
ProfileSize: SIZE_T,
BucketSize: ULONG,
Buffer: PULONG,
BufferSize: ULONG,
ProfileSource: KPROFILE_SOURCE,
Affinity: KAFFINITY,
) -> NTSTATUS;
fn ZwCreateProfileEx(
ProfileHandle: PHANDLE,
Process: HANDLE,
ProfileBase: PVOID,
ProfileSize: SIZE_T,
BucketSize: ULONG,
Buffer: PULONG,
BufferSize: ULONG,
ProfileSource: KPROFILE_SOURCE,
GroupCount: USHORT,
GroupAffinity: PGROUP_AFFINITY,
) -> NTSTATUS;
fn ZwCreateResourceManager(
ResourceManagerHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
TmHandle: HANDLE,
ResourceManagerGuid: LPGUID,
ObjectAttributes: POBJECT_ATTRIBUTES,
CreateOptions: ULONG,
Description: PUNICODE_STRING,
) -> NTSTATUS;
fn ZwCreateSection(
SectionHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
MaximumSize: PLARGE_INTEGER,
SectionPageProtection: ULONG,
AllocationAttributes: ULONG,
FileHandle: HANDLE,
) -> NTSTATUS;
fn ZwCreateSemaphore(
SemaphoreHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
InitialCount: LONG,
MaximumCount: LONG,
) -> NTSTATUS;
fn ZwCreateSymbolicLinkObject(
LinkHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
LinkTarget: PUNICODE_STRING,
) -> NTSTATUS;
fn ZwCreateThread(
ThreadHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
ProcessHandle: HANDLE,
ClientId: PCLIENT_ID,
ThreadContext: PCONTEXT,
InitialTeb: PINITIAL_TEB,
CreateSuspended: BOOLEAN,
) -> NTSTATUS;
fn ZwCreateThreadEx(
ThreadHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
ProcessHandle: HANDLE,
StartRoutine: PVOID,
Argument: PVOID,
CreateFlags: ULONG,
ZeroBits: SIZE_T,
StackSize: SIZE_T,
MaximumStackSize: SIZE_T,
AttributeList: PPS_ATTRIBUTE_LIST,
) -> NTSTATUS;
fn ZwCreateTimer(
TimerHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
TimerType: TIMER_TYPE,
) -> NTSTATUS;
fn ZwCreateTimer2(
TimerHandle: PHANDLE,
Reserved1: PVOID,
Reserved2: PVOID,
Attributes: ULONG,
DesiredAccess: ACCESS_MASK,
) -> NTSTATUS;
fn ZwCreateToken(
TokenHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
TokenType: TOKEN_TYPE,
AuthenticationId: PLUID,
ExpirationTime: PLARGE_INTEGER,
User: PTOKEN_USER,
Groups: PTOKEN_GROUPS,
Privileges: PTOKEN_PRIVILEGES,
Owner: PTOKEN_OWNER,
PrimaryGroup: PTOKEN_PRIMARY_GROUP,
DefaultDacl: PTOKEN_DEFAULT_DACL,
TokenSource: PTOKEN_SOURCE,
) -> NTSTATUS;
fn ZwCreateTokenEx(
TokenHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
TokenType: TOKEN_TYPE,
AuthenticationId: PLUID,
ExpirationTime: PLARGE_INTEGER,
User: PTOKEN_USER,
Groups: PTOKEN_GROUPS,
Privileges: PTOKEN_PRIVILEGES,
UserAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
DeviceAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
DeviceGroups: PTOKEN_GROUPS,
TokenMandatoryPolicy: PTOKEN_MANDATORY_POLICY,
Owner: PTOKEN_OWNER,
PrimaryGroup: PTOKEN_PRIMARY_GROUP,
DefaultDacl: PTOKEN_DEFAULT_DACL,
TokenSource: PTOKEN_SOURCE,
) -> NTSTATUS;
fn ZwCreateTransaction(
TransactionHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
Uow: LPGUID,
TmHandle: HANDLE,
CreateOptions: ULONG,
IsolationLevel: ULONG,
IsolationFlags: ULONG,
Timeout: PLARGE_INTEGER,
Description: PUNICODE_STRING,
) -> NTSTATUS;
fn ZwCreateTransactionManager(
TmHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
LogFileName: PUNICODE_STRING,
CreateOptions: ULONG,
CommitStrength: ULONG,
) -> NTSTATUS;
fn ZwCreateUserProcess(
ProcessHandle: PHANDLE,
ThreadHandle: PHANDLE,
ProcessDesiredAccess: ACCESS_MASK,
ThreadDesiredAccess: ACCESS_MASK,
ProcessObjectAttributes: POBJECT_ATTRIBUTES,
ThreadObjectAttributes: POBJECT_ATTRIBUTES,
ProcessFlags: ULONG,
ThreadFlags: ULONG,
ProcessParameters: PVOID,
CreateInfo: PPS_CREATE_INFO,
AttributeList: PPS_ATTRIBUTE_LIST,
) -> NTSTATUS;
fn ZwCreateWaitCompletionPacket(
WaitCompletionPacketHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
) -> NTSTATUS;
fn ZwCreateWaitablePort(
PortHandle: PHANDLE,
ObjectAttributes: POBJECT_ATTRIBUTES,
MaxConnectionInfoLength: ULONG,
MaxMessageLength: ULONG,
MaxPoolUsage: ULONG,
) -> NTSTATUS;
fn ZwCreateWnfStateName(
StateName: PWNF_STATE_NAME,
NameLifetime: WNF_STATE_NAME_LIFETIME,
DataScope: WNF_DATA_SCOPE,
PersistData: BOOLEAN,
TypeId: PCWNF_TYPE_ID,
MaximumStateSize: ULONG,
SecurityDescriptor: PSECURITY_DESCRIPTOR,
) -> NTSTATUS;
fn ZwCreateWorkerFactory(
WorkerFactoryHandleReturn: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
CompletionPortHandle: HANDLE,
WorkerProcessHandle: HANDLE,
StartRoutine: PVOID,
StartParameter: PVOID,
MaxThreadCount: ULONG,
StackReserve: SIZE_T,
StackCommit: SIZE_T,
) -> NTSTATUS;
fn ZwDebugActiveProcess(
ProcessHandle: HANDLE,
DebugObjectHandle: HANDLE,
) -> NTSTATUS;
fn ZwDebugContinue(
DebugObjectHandle: HANDLE,
ClientId: PCLIENT_ID,
ContinueStatus: NTSTATUS,
) -> NTSTATUS;
fn ZwDelayExecution(
Alertable: BOOLEAN,
DelayInterval: PLARGE_INTEGER,
) -> NTSTATUS;
fn ZwDeleteAtom(
Atom: RTL_ATOM,
) -> NTSTATUS;
fn ZwDeleteBootEntry(
Id: ULONG,
) -> NTSTATUS;
fn ZwDeleteDriverEntry(
Id: ULONG,
) -> NTSTATUS;
fn ZwDeleteFile(
ObjectAttributes: POBJECT_ATTRIBUTES,
) -> NTSTATUS;
fn ZwDeleteKey(
KeyHandle: HANDLE,
) -> NTSTATUS;
fn ZwDeleteObjectAuditAlarm(
SubsystemName: PUNICODE_STRING,
HandleId: PVOID,
GenerateOnClose: BOOLEAN,
) -> NTSTATUS;
fn ZwDeletePrivateNamespace(
NamespaceHandle: HANDLE,
) -> NTSTATUS;
fn ZwDeleteValueKey(
KeyHandle: HANDLE,
ValueName: PUNICODE_STRING,
) -> NTSTATUS;
fn ZwDeleteWnfStateData(
StateName: PCWNF_STATE_NAME,
ExplicitScope: *const VOID,
) -> NTSTATUS;
fn ZwDeleteWnfStateName(
StateName: PCWNF_STATE_NAME,
) -> NTSTATUS;
fn ZwDeviceIoControlFile(
FileHandle: HANDLE,
Event: HANDLE,
ApcRoutine: PIO_APC_ROUTINE,
ApcContext: PVOID,
IoStatusBlock: PIO_STATUS_BLOCK,
IoControlCode: ULONG,
InputBuffer: PVOID,
InputBufferLength: ULONG,
OutputBuffer: PVOID,
OutputBufferLength: ULONG,
) -> NTSTATUS;
fn ZwDisableLastKnownGood() -> NTSTATUS;
fn ZwDisplayString(
String: PUNICODE_STRING,
) -> NTSTATUS;
fn ZwDrawText(
String: PUNICODE_STRING,
) -> NTSTATUS;
fn ZwDuplicateObject(
SourceProcessHandle: HANDLE,
SourceHandle: HANDLE,
TargetProcessHandle: HANDLE,
TargetHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
HandleAttributes: ULONG,
Options: ULONG,
) -> NTSTATUS;
fn ZwDuplicateToken(
ExistingTokenHandle: HANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
EffectiveOnly: BOOLEAN,
TokenType: TOKEN_TYPE,
NewTokenHandle: PHANDLE,
) -> NTSTATUS;
fn ZwEnableLastKnownGood() -> NTSTATUS;
fn ZwEnumerateBootEntries(
Buffer: PVOID,
BufferLength: PULONG,
) -> NTSTATUS;
fn ZwEnumerateDriverEntries(
Buffer: PVOID,
BufferLength: PULONG,
) -> NTSTATUS;
fn ZwEnumerateKey(
KeyHandle: HANDLE,
Index: ULONG,
KeyInformationClass: KEY_INFORMATION_CLASS,
KeyInformation: PVOID,
Length: ULONG,
ResultLength: PULONG,
) -> NTSTATUS;
fn ZwEnumerateSystemEnvironmentValuesEx(
InformationClass: ULONG,
Buffer: PVOID,
BufferLength: PULONG,
) -> NTSTATUS;
fn ZwEnumerateTransactionObject(
RootObjectHandle: HANDLE,
QueryType: KTMOBJECT_TYPE,
ObjectCursor: PKTMOBJECT_CURSOR,
ObjectCursorLength: ULONG,
ReturnLength: PULONG,
) -> NTSTATUS;
fn ZwEnumerateValueKey(
KeyHandle: HANDLE,
Index: ULONG,
KeyValueInformationClass: KEY_VALUE_INFORMATION_CLASS,
KeyValueInformation: PVOID,
Length: ULONG,
ResultLength: PULONG,
) -> NTSTATUS;
fn ZwExtendSection(
SectionHandle: HANDLE,
NewSectionSize: PLARGE_INTEGER,
) -> NTSTATUS;
fn ZwFilterToken(
ExistingTokenHandle: HANDLE,
Flags: ULONG,
SidsToDisable: PTOKEN_GROUPS,
PrivilegesToDelete: PTOKEN_PRIVILEGES,
RestrictedSids: PTOKEN_GROUPS,
NewTokenHandle: PHANDLE,
) -> NTSTATUS;
fn ZwFilterTokenEx(
ExistingTokenHandle: HANDLE,
Flags: ULONG,
SidsToDisable: PTOKEN_GROUPS,
PrivilegesToDelete: PTOKEN_PRIVILEGES,
RestrictedSids: PTOKEN_GROUPS,
DisableUserClaimsCount: ULONG,
UserClaimsToDisable: PUNICODE_STRING,
DisableDeviceClaimsCount: ULONG,
DeviceClaimsToDisable: PUNICODE_STRING,
DeviceGroupsToDisable: PTOKEN_GROUPS,
RestrictedUserAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
RestrictedDeviceAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
RestrictedDeviceGroups: PTOKEN_GROUPS,
NewTokenHandle: PHANDLE,
) -> NTSTATUS;
fn ZwFindAtom(
AtomName: PWSTR,
Length: ULONG,
Atom: PRTL_ATOM,
) -> NTSTATUS;
fn ZwFlushBuffersFile(
FileHandle: HANDLE,
IoStatusBlock: PIO_STATUS_BLOCK,
) -> NTSTATUS;
fn ZwFlushBuffersFileEx(
FileHandle: HANDLE,
Flags: ULONG,
Parameters: PVOID,
ParametersSize: ULONG,
IoStatusBlock: PIO_STATUS_BLOCK,
) -> NTSTATUS;
fn ZwFlushInstallUILanguage(
InstallUILanguage: LANGID,
SetComittedFlag: ULONG,
) -> NTSTATUS;
fn ZwFlushInstructionCache(
ProcessHandle: HANDLE,
BaseAddress: PVOID,
Length: SIZE_T,
) -> NTSTATUS;
fn ZwFlushKey(
KeyHandle: HANDLE,
) -> NTSTATUS;
fn ZwFlushProcessWriteBuffers();
fn ZwFlushWriteBuffer() -> NTSTATUS;
fn ZwFreeUserPhysicalPages(
ProcessHandle: HANDLE,
NumberOfPages: PULONG_PTR,
UserPfnArray: PULONG_PTR,
) -> NTSTATUS;
fn ZwFreeVirtualMemory(
ProcessHandle: HANDLE,
BaseAddress: *mut PVOID,
RegionSize: PSIZE_T,
FreeType: ULONG,
) -> NTSTATUS;
fn ZwFreezeRegistry(
TimeOutInSeconds: ULONG,
) -> NTSTATUS;
fn ZwFreezeTransactions(
FreezeTimeout: PLARGE_INTEGER,
ThawTimeout: PLARGE_INTEGER,
) -> NTSTATUS;
fn ZwFsControlFile(
FileHandle: HANDLE,
Event: HANDLE,
ApcRoutine: PIO_APC_ROUTINE,
ApcContext: PVOID,
IoStatusBlock: PIO_STATUS_BLOCK,
FsControlCode: ULONG,
InputBuffer: PVOID,
InputBufferLength: ULONG,
OutputBuffer: PVOID,
OutputBufferLength: ULONG,
) -> NTSTATUS;
fn ZwGetCachedSigningLevel(
File: HANDLE,
Flags: PULONG,
SigningLevel: PSE_SIGNING_LEVEL,
Thumbprint: PUCHAR,
ThumbprintSize: PULONG,
ThumbprintAlgorithm: PULONG,
) -> NTSTATUS;
fn ZwGetCompleteWnfStateSubscription(
OldDescriptorStateName: PWNF_STATE_NAME,
OldSubscriptionId: *mut ULONG64,
OldDescriptorEventMask: ULONG,
OldDescriptorStatus: ULONG,
NewDeliveryDescriptor: PWNF_DELIVERY_DESCRIPTOR,
DescriptorSize: ULONG,
) -> NTSTATUS;
fn ZwGetContextThread(
ThreadHandle: HANDLE,
ThreadContext: PCONTEXT,
) -> NTSTATUS;
fn ZwGetCurrentProcessorNumber() -> ULONG;
fn ZwGetDevicePowerState(
Device: HANDLE,
State: PDEVICE_POWER_STATE,
) -> NTSTATUS;
fn ZwGetMUIRegistryInfo(
Flags: ULONG,
DataSize: PULONG,
Data: PVOID,
) -> NTSTATUS;
fn ZwGetNextProcess(
ProcessHandle: HANDLE,
DesiredAccess: ACCESS_MASK,
HandleAttributes: ULONG,
Flags: ULONG,
NewProcessHandle: PHANDLE,
) -> NTSTATUS;
fn ZwGetNextThread(
ProcessHandle: HANDLE,
ThreadHandle: HANDLE,
DesiredAccess: ACCESS_MASK,
HandleAttributes: ULONG,
Flags: ULONG,
NewThreadHandle: PHANDLE,
) -> NTSTATUS;
fn ZwGetNlsSectionPtr(
SectionType: ULONG,
SectionData: ULONG,
ContextData: PVOID,
SectionPointer: *mut PVOID,
SectionSize: PULONG,
) -> NTSTATUS;
fn ZwGetNotificationResourceManager(
ResourceManagerHandle: HANDLE,
TransactionNotification: PTRANSACTION_NOTIFICATION,
NotificationLength: ULONG,
Timeout: PLARGE_INTEGER,
ReturnLength: PULONG,
Asynchronous: ULONG,
AsynchronousContext: ULONG_PTR,
) -> NTSTATUS;
fn ZwGetPlugPlayEvent(
EventHandle: HANDLE,
Context: PVOID,
EventBlock: PPLUGPLAY_EVENT_BLOCK,
EventBufferSize: ULONG,
) -> NTSTATUS;
fn ZwGetWriteWatch(
ProcessHandle: HANDLE,
Flags: ULONG,
BaseAddress: PVOID,
RegionSize: SIZE_T,
UserAddressArray: *mut PVOID,
EntriesInUserAddressArray: PULONG_PTR,
Granularity: PULONG,
) -> NTSTATUS;
fn ZwImpersonateAnonymousToken(
ThreadHandle: HANDLE,
) -> NTSTATUS;
fn ZwImpersonateClientOfPort(
PortHandle: HANDLE,
Message: PPORT_MESSAGE,
) -> NTSTATUS;
fn ZwImpersonateThread(
ServerThreadHandle: HANDLE,
ClientThreadHandle: HANDLE,
SecurityQos: PSECURITY_QUALITY_OF_SERVICE,
) -> NTSTATUS;
fn ZwInitializeNlsFiles(
BaseAddress: *mut PVOID,
DefaultLocaleId: PLCID,
DefaultCasingTableSize: PLARGE_INTEGER,
) -> NTSTATUS;
fn ZwInitializeRegistry(
BootCondition: USHORT,
) -> NTSTATUS;
fn ZwInitiatePowerAction(
SystemAction: POWER_ACTION,
LightestSystemState: SYSTEM_POWER_STATE,
Flags: ULONG,
Asynchronous: BOOLEAN,
) -> NTSTATUS;
fn ZwIsProcessInJob(
ProcessHandle: HANDLE,
JobHandle: HANDLE,
) -> NTSTATUS;
fn ZwIsSystemResumeAutomatic() -> BOOLEAN;
fn ZwIsUILanguageComitted() -> NTSTATUS;
fn ZwListenPort(
PortHandle: HANDLE,
ConnectionRequest: PPORT_MESSAGE,
) -> NTSTATUS;
fn ZwLoadDriver(
DriverServiceName: PUNICODE_STRING,
) -> NTSTATUS;
fn ZwLoadKey(
TargetKey: POBJECT_ATTRIBUTES,
SourceFile: POBJECT_ATTRIBUTES,
) -> NTSTATUS;
fn ZwLoadKey2(
TargetKey: POBJECT_ATTRIBUTES,
SourceFile: POBJECT_ATTRIBUTES,
Flags: ULONG,
) -> NTSTATUS;
fn ZwLoadKeyEx(
TargetKey: POBJECT_ATTRIBUTES,
SourceFile: POBJECT_ATTRIBUTES,
Flags: ULONG,
TrustClassKey: HANDLE,
Event: HANDLE,
DesiredAccess: ACCESS_MASK,
RootHandle: PHANDLE,
IoStatus: PIO_STATUS_BLOCK,
) -> NTSTATUS;
fn ZwLockFile(
FileHandle: HANDLE,
Event: HANDLE,
ApcRoutine: PIO_APC_ROUTINE,
ApcContext: PVOID,
IoStatusBlock: PIO_STATUS_BLOCK,
ByteOffset: PLARGE_INTEGER,
Length: PLARGE_INTEGER,
Key: ULONG,
FailImmediately: BOOLEAN,
ExclusiveLock: BOOLEAN,
) -> NTSTATUS;
fn ZwLockProductActivationKeys(
pPrivateVer: *mut ULONG,
pSafeMode: *mut ULONG,
) -> NTSTATUS;
fn ZwLockRegistryKey(
KeyHandle: HANDLE,
) -> NTSTATUS;
fn ZwLockVirtualMemory(
ProcessHandle: HANDLE,
BaseAddress: *mut PVOID,
RegionSize: PSIZE_T,
MapType: ULONG,
) -> NTSTATUS;
fn ZwMakePermanentObject(
Handle: HANDLE,
) -> NTSTATUS;
fn ZwMakeTemporaryObject(
Handle: HANDLE,
) -> NTSTATUS;
fn ZwManagePartition(
PartitionInformationClass: MEMORY_PARTITION_INFORMATION_CLASS,
PartitionInformation: PVOID,
PartitionInformationLength: ULONG,
) -> NTSTATUS;
fn ZwMapCMFModule(
What: ULONG,
Index: ULONG,
CacheIndexOut: PULONG,
CacheFlagsOut: PULONG,
ViewSizeOut: PULONG,
BaseAddress: *mut PVOID,
) -> NTSTATUS;
fn ZwMapUserPhysicalPages(
VirtualAddress: PVOID,
NumberOfPages: ULONG_PTR,
UserPfnArray: PULONG_PTR,
) -> NTSTATUS;
fn ZwMapUserPhysicalPagesScatter(
VirtualAddresses: *mut PVOID,
NumberOfPages: ULONG_PTR,
UserPfnArray: PULONG_PTR,
) -> NTSTATUS;
fn ZwMapViewOfSection(
SectionHandle: HANDLE,
ProcessHandle: HANDLE,
BaseAddress: *mut PVOID,
ZeroBits: ULONG_PTR,
CommitSize: SIZE_T,
SectionOffset: PLARGE_INTEGER,
ViewSize: PSIZE_T,
InheritDisposition: SECTION_INHERIT,
AllocationType: ULONG,
Win32Protect: ULONG,
) -> NTSTATUS;
fn ZwModifyBootEntry(
BootEntry: PBOOT_ENTRY,
) -> NTSTATUS;
fn ZwModifyDriverEntry(
DriverEntry: PEFI_DRIVER_ENTRY,
) -> NTSTATUS;
fn ZwNotifyChangeDirectoryFile(
FileHandle: HANDLE,
Event: HANDLE,
ApcRoutine: PIO_APC_ROUTINE,
ApcContext: PVOID,
IoStatusBlock: PIO_STATUS_BLOCK,
Buffer: PVOID,
Length: ULONG,
CompletionFilter: ULONG,
WatchTree: BOOLEAN,
) -> NTSTATUS;
fn ZwNotifyChangeKey(
KeyHandle: HANDLE,
Event: HANDLE,
ApcRoutine: PIO_APC_ROUTINE,
ApcContext: PVOID,
IoStatusBlock: PIO_STATUS_BLOCK,
CompletionFilter: ULONG,
WatchTree: BOOLEAN,
Buffer: PVOID,
BufferSize: ULONG,
Asynchronous: BOOLEAN,
) -> NTSTATUS;
fn ZwNotifyChangeMultipleKeys(
MasterKeyHandle: HANDLE,
Count: ULONG,
SubordinateObjects: *mut OBJECT_ATTRIBUTES,
Event: HANDLE,
ApcRoutine: PIO_APC_ROUTINE,
ApcContext: PVOID,
IoStatusBlock: PIO_STATUS_BLOCK,
CompletionFilter: ULONG,
WatchTree: BOOLEAN,
Buffer: PVOID,
BufferSize: ULONG,
Asynchronous: BOOLEAN,
) -> NTSTATUS;
fn ZwNotifyChangeSession(
SessionHandle: HANDLE,
ChangeSequenceNumber: ULONG,
ChangeTimeStamp: PLARGE_INTEGER,
Event: IO_SESSION_EVENT,
NewState: IO_SESSION_STATE,
PreviousState: IO_SESSION_STATE,
Payload: PVOID,
PayloadSize: ULONG,
) -> NTSTATUS;
fn ZwOpenDirectoryObject(
DirectoryHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
) -> NTSTATUS;
fn ZwOpenEnlistment(
EnlistmentHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
RmHandle: HANDLE,
EnlistmentGuid: LPGUID,
ObjectAttributes: POBJECT_ATTRIBUTES,
) -> NTSTATUS;
fn ZwOpenEvent(
EventHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
) -> NTSTATUS;
fn ZwOpenEventPair(
EventPairHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
) -> NTSTATUS;
fn ZwOpenFile(
FileHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
IoStatusBlock: PIO_STATUS_BLOCK,
ShareAccess: ULONG,
OpenOptions: ULONG,
) -> NTSTATUS;
fn ZwOpenIoCompletion(
IoCompletionHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
) -> NTSTATUS;
fn ZwOpenJobObject(
JobHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
) -> NTSTATUS;
fn ZwOpenKey(
KeyHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
) -> NTSTATUS;
fn ZwOpenKeyEx(
KeyHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
OpenOptions: ULONG,
) -> NTSTATUS;
fn ZwOpenKeyTransacted(
KeyHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
TransactionHandle: HANDLE,
) -> NTSTATUS;
fn ZwOpenKeyTransactedEx(
KeyHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
OpenOptions: ULONG,
TransactionHandle: HANDLE,
) -> NTSTATUS;
fn ZwOpenKeyedEvent(
KeyedEventHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
) -> NTSTATUS;
fn ZwOpenMutant(
MutantHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
) -> NTSTATUS;
fn ZwOpenObjectAuditAlarm(
SubsystemName: PUNICODE_STRING,
HandleId: PVOID,
ObjectTypeName: PUNICODE_STRING,
ObjectName: PUNICODE_STRING,
SecurityDescriptor: PSECURITY_DESCRIPTOR,
ClientToken: HANDLE,
DesiredAccess: ACCESS_MASK,
GrantedAccess: ACCESS_MASK,
Privileges: PPRIVILEGE_SET,
ObjectCreation: BOOLEAN,
AccessGranted: BOOLEAN,
GenerateOnClose: PBOOLEAN,
) -> NTSTATUS;
fn ZwOpenPartition(
PartitionHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
) -> NTSTATUS;
fn ZwOpenPrivateNamespace(
NamespaceHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
BoundaryDescriptor: PVOID,
) -> NTSTATUS;
fn ZwOpenProcess(
ProcessHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
ClientId: PCLIENT_ID,
) -> NTSTATUS;
fn ZwOpenProcessToken(
ProcessHandle: HANDLE,
DesiredAccess: ACCESS_MASK,
TokenHandle: PHANDLE,
) -> NTSTATUS;
fn ZwOpenProcessTokenEx(
ProcessHandle: HANDLE,
DesiredAccess: ACCESS_MASK,
HandleAttributes: ULONG,
TokenHandle: PHANDLE,
) -> NTSTATUS;
fn ZwOpenResourceManager(
ResourceManagerHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
TmHandle: HANDLE,
ResourceManagerGuid: LPGUID,
ObjectAttributes: POBJECT_ATTRIBUTES,
) -> NTSTATUS;
fn ZwOpenSection(
SectionHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
) -> NTSTATUS;
fn ZwOpenSemaphore(
SemaphoreHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
) -> NTSTATUS;
fn ZwOpenSession(
SessionHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
) -> NTSTATUS;
fn ZwOpenSymbolicLinkObject(
LinkHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
) -> NTSTATUS;
fn ZwOpenThread(
ThreadHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
ClientId: PCLIENT_ID,
) -> NTSTATUS;
fn ZwOpenThreadToken(
ThreadHandle: HANDLE,
DesiredAccess: ACCESS_MASK,
OpenAsSelf: BOOLEAN,
TokenHandle: PHANDLE,
) -> NTSTATUS;
fn ZwOpenThreadTokenEx(
ThreadHandle: HANDLE,
DesiredAccess: ACCESS_MASK,
OpenAsSelf: BOOLEAN,
HandleAttributes: ULONG,
TokenHandle: PHANDLE,
) -> NTSTATUS;
fn ZwOpenTimer(
TimerHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
) -> NTSTATUS;
fn ZwOpenTransaction(
TransactionHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
Uow: LPGUID,
TmHandle: HANDLE,
) -> NTSTATUS;
fn ZwOpenTransactionManager(
TmHandle: PHANDLE,
DesiredAccess: ACCESS_MASK,
ObjectAttributes: POBJECT_ATTRIBUTES,
LogFileName: PUNICODE_STRING,
TmIdentity: LPGUID,
OpenOptions: ULONG,
) -> NTSTATUS;
fn ZwPlugPlayControl(
PnPControlClass: PLUGPLAY_CONTROL_CLASS,
PnPControlData: PVOID,
PnPControlDataLength: ULONG,
) -> NTSTATUS;
fn ZwPowerInformation(
InformationLevel: POWER_INFORMATION_LEVEL,
InputBuffer: PVOID,
InputBufferLength: ULONG,
OutputBuffer: PVOID,
OutputBufferLength: ULONG,
) -> NTSTATUS;
fn ZwPrePrepareComplete(
EnlistmentHandle: HANDLE,
TmVirtualClock: PLARGE_INTEGER,
) -> NTSTATUS;
fn ZwPrePrepareEnlistment(
EnlistmentHandle: HANDLE,
TmVirtualClock: PLARGE_INTEGER,
) -> NTSTATUS;
fn ZwPrepareComplete(
EnlistmentHandle: HANDLE,
TmVirtualClock: PLARGE_INTEGER,
) -> NTSTATUS;
fn ZwPrepareEnlistment(
EnlistmentHandle: HANDLE,
TmVirtualClock: PLARGE_INTEGER,
) -> NTSTATUS;
fn ZwPrivilegeCheck(
ClientToken: HANDLE,
RequiredPrivileges: PPRIVILEGE_SET,
Result: PBOOLEAN,
) -> NTSTATUS;
fn ZwPrivilegeObjectAuditAlarm(
SubsystemName: PUNICODE_STRING,
HandleId: PVOID,
ClientToken: HANDLE,
DesiredAccess: ACCESS_MASK,
Privileges: PPRIVILEGE_SET,
AccessGranted: BOOLEAN,
) -> NTSTATUS;
fn ZwPrivilegedServiceAuditAlarm(
SubsystemName: PUNICODE_STRING,
ServiceName: PUNICODE_STRING,
ClientToken: HANDLE,
Privileges: PPRIVILEGE_SET,
AccessGranted: BOOLEAN,
) -> NTSTATUS;
fn ZwPropagationComplete(
ResourceManagerHandle: HANDLE,
RequestCookie: ULONG,
BufferLength: ULONG,
Buffer: PVOID,
) -> NTSTATUS;
fn ZwPropagationFailed(
ResourceManagerHandle: HANDLE,
RequestCookie: ULONG,
PropStatus: NTSTATUS,
) -> NTSTATUS;
fn ZwProtectVirtualMemory(
ProcessHandle: HANDLE,
BaseAddress: *mut PVOID,
RegionSize: PSIZE_T,
NewProtect: ULONG,
OldProtect: PULONG,
) -> NTSTATUS;
fn ZwPulseEvent(
EventHandle: HANDLE,
PreviousState: PLONG,
) -> NTSTATUS;
fn ZwQueryAttributesFile(
ObjectAttributes: POBJECT_ATTRIBUTES,
FileInformation: PFILE_BASIC_INFORMATION,
) -> NTSTATUS;
fn ZwQueryBootEntryOrder(
Ids: PULONG,
Count: PULONG,
) -> NTSTATUS;
fn ZwQueryBootOptions(
BootOptions: PBOOT_OPTIONS,
BootOptionsLength: PULONG,
) -> NTSTATUS;
fn ZwQueryDebugFilterState(
ComponentId: ULONG,
Level: ULONG,
) -> NTSTATUS;
fn ZwQueryDefaultLocale(
UserProfile: BOOLEAN,
DefaultLocaleId: PLCID,
) -> NTSTATUS;
fn ZwQueryDefaultUILanguage(
DefaultUILanguageId: *mut LANGID,
) -> NTSTATUS;
fn ZwQueryDirectoryFile(
FileHandle: HANDLE,
Event: HANDLE,
ApcRoutine: PIO_APC_ROUTINE,
ApcContext: PVOID,
IoStatusBlock: PIO_STATUS_BLOCK,
FileInformation: PVOID,
Length: ULONG,
FileInformationClass: FILE_INFORMATION_CLASS,
ReturnSingleEntry: BOOLEAN,
FileName: PUNICODE_STRING,
RestartScan: BOOLEAN,
) -> NTSTATUS;
fn ZwQueryDirectoryObject(
DirectoryHandle: HANDLE,
Buffer: PVOID,
Length: ULONG,
ReturnSingleEntry: BOOLEAN,
RestartScan: BOOLEAN,
Context: PULONG,
ReturnLength: PULONG,
) -> NTSTATUS;
fn ZwQueryDriverEntryOrder(
Ids: PULONG,
Count: PULONG,
) -> NTSTATUS;
fn ZwQueryEaFile(
FileHandle: HANDLE,
IoStatusBlock: PIO_STATUS_BLOCK,
Buffer: PVOID,
Length: ULONG,
ReturnSingleEntry: BOOLEAN,
EaList: PVOID,
EaListLength: ULONG,
EaIndex: PULONG,
RestartScan: BOOLEAN,
) -> NTSTATUS;
fn ZwQueryEvent(
EventHandle: HANDLE,
EventInformationClass: EVENT_INFORMATION_CLASS,
EventInformation: PVOID,
EventInformationLength: ULONG,
ReturnLength: PULONG,
) -> NTSTATUS;
fn ZwQueryFullAttributesFile(
ObjectAttributes: POBJECT_ATTRIBUTES,
FileInformation: PFILE_NETWORK_OPEN_INFORMATION,
) -> NTSTATUS;
fn ZwQueryInformationAtom(
Atom: RTL_ATOM,
AtomInformationClass: ATOM_INFORMATION_CLASS,
AtomInformation: PVOID,
AtomInformationLength: ULONG,
ReturnLength: PULONG,
) -> NTSTATUS;
fn ZwQueryInformationEnlistment(
EnlistmentHandle: HANDLE,
EnlistmentInformationClass: ENLISTMENT_INFORMATION_CLASS,
EnlistmentInformation: PVOID,
EnlistmentInformationLength: ULONG,
ReturnLength: PULONG,
) -> NTSTATUS;
fn ZwQueryInformationFile(
FileHandle: HANDLE,
IoStatusBlock: PIO_STATUS_BLOCK,
FileInformation: PVOID,
Length: ULONG,
FileInformationClass: FILE_INFORMATION_CLASS,
) -> NTSTATUS;
fn ZwQueryInformationJobObject(
JobHandle: HANDLE,
JobObjectInformationClass: JOBOBJECTINFOCLASS,
JobObjectInformation: PVOID,
JobObjectInformationLength: ULONG,
ReturnLength: PULONG,
) -> NTSTATUS;
fn ZwQueryInformationPort(
PortHandle: HANDLE,
PortInformationClass: PORT_INFORMATION_CLASS,
PortInformation: PVOID,
Length: ULONG,
ReturnLength: PULONG,
) -> NTSTATUS;
fn ZwQueryInformationProcess(
ProcessHandle: HANDLE,
ProcessInformationClass: PROCESSINFOCLASS,
ProcessInformation: PVOID,
ProcessInformationLength: ULONG,
ReturnLength: PULONG,
) -> NTSTATUS;
fn ZwQueryInformationResourceManager(
ResourceManagerHandle: HANDLE,
ResourceManagerInformationClass: RESOURCEMANAGER_INFORMATION_CLASS,
ResourceManagerInformation: PVOID,
ResourceManagerInformationLength: ULONG,
ReturnLength: PULONG,
) -> NTSTATUS;
fn ZwQueryInformationThread(
ThreadHandle: HANDLE,
ThreadInformationClass: THREADINFOCLASS,
ThreadInformation: PVOID,
ThreadInformationLength: ULONG,
ReturnLength: PULONG,
) -> NTSTATUS;
fn ZwQueryInformationToken(
TokenHandle: HANDLE,
TokenInformationClass: TOKEN_INFORMATION_CLASS,
TokenInformation: PVOID,
TokenInformationLength: ULONG,
ReturnLength: PULONG,
) -> NTSTATUS;
fn ZwQueryInformationTransaction(
TransactionHandle: HANDLE,
TransactionInformationClass: TRANSACTION_INFORMATION_CLASS,
TransactionInformation: PVOID,
TransactionInformationLength: ULONG,
ReturnLength: PULONG,
) -> NTSTATUS;
fn ZwQueryInformationTransactionManager(
TransactionManagerHandle: HANDLE,
TransactionManagerInformationClass: TRANSACTIONMANAGER_INFORMATION_CLASS,
TransactionManagerInformation: PVOID,
TransactionManagerInformationLength: ULONG,
ReturnLength: PULONG,
) -> NTSTATUS;
fn ZwQueryInformationWorkerFactory(
WorkerFactoryHandle: HANDLE,
WorkerFactoryInformationClass: WORKERFACTORYINFOCLASS,
WorkerFactoryInformation: PVOID,
WorkerFactoryInformationLength: ULONG,
ReturnLength: PULONG,
) -> NTSTATUS;
fn ZwQueryInstallUILanguage(
InstallUILanguageId: *mut LANGID,
) -> NTSTATUS;
fn ZwQueryIntervalProfile(
ProfileSource: KPROFILE_SOURCE,
Interval: PULONG,
) -> NTSTATUS;
fn ZwQueryIoCompletion(
IoCompletionHandle: HANDLE,
IoCompletionInformationClass: IO_COMPLETION_INFORMATION_CLASS,
IoCompletionInformation: PVOID,
IoCompletionInformationLength: ULONG,
ReturnLength: PULONG,
) -> NTSTATUS;
fn ZwQueryKey(
KeyHandle: HANDLE,
KeyInformationClass: KEY_INFORMATION_CLASS,
KeyInformation: PVOID,
Length: ULONG,
ResultLength: PULONG,
) -> NTSTATUS;
fn ZwQueryLicenseValue(
ValueName: PUNICODE_STRING,
Type: PULONG,
Data: PVOID,
DataSize: ULONG,
ResultDataSize: PULONG,
) -> NTSTATUS;
fn ZwQueryMultipleValueKey(
KeyHandle: HANDLE,
ValueEntries: PKEY_VALUE_ENTRY,
EntryCount: ULONG,
ValueBuffer: PVOID,
BufferLength: PULONG,
RequiredBufferLength: PULONG,
) -> NTSTATUS;
fn ZwQueryMutant(
MutantHandle: HANDLE,
MutantInformationClass: MUTANT_INFORMATION_CLASS,
MutantInformation: PVOID,
MutantInformationLength: ULONG,
ReturnLength: PULONG,
) -> NTSTATUS;
fn ZwQueryObject(
Handle: HANDLE,
ObjectInformationClass: OBJECT_INFORMATION_CLASS,
ObjectInformation: PVOID,
ObjectInformationLength: ULONG,
ReturnLength: PULONG,
) -> NTSTATUS;
fn ZwQueryOpenSubKeys(
TargetKey: POBJECT_ATTRIBUTES,
HandleCount: PULONG,
) -> NTSTATUS;
fn ZwQueryOpenSubKeysEx(
TargetKey: POBJECT_ATTRIBUTES,
BufferLength: ULONG,
Buffer: PVOID,
RequiredSize: PULONG,
) -> NTSTATUS;
fn ZwQueryPerformanceCounter(
PerformanceCounter: PLARGE_INTEGER,
PerformanceFrequency: PLARGE_INTEGER,
) -> NTSTATUS;
fn ZwQueryPortInformationProcess() -> NTSTATUS;
fn ZwQueryQuotaInformationFile(
FileHandle: HANDLE,
IoStatusBlock: PIO_STATUS_BLOCK,
Buffer: PVOID,
Length: ULONG,
ReturnSingleEntry: BOOLEAN,
SidList: PVOID,
SidListLength: ULONG,
StartSid: PSID,
RestartScan: BOOLEAN,
) -> NTSTATUS;
fn ZwQuerySection(
SectionHandle: HANDLE,
SectionInformationClass: SECTION_INFORMATION_CLASS,
SectionInformation: PVOID,
SectionInformationLength: SIZE_T,
ReturnLength: PSIZE_T,
) -> NTSTATUS;
fn ZwQuerySecurityAttributesToken(
TokenHandle: HANDLE,
Attributes: PUNICODE_STRING,
NumberOfAttributes: ULONG,
Buffer: PVOID,
Length: ULONG,
ReturnLength: PULONG,
) -> NTSTATUS;
fn ZwQuerySecurityObject(
Handle: HANDLE,
SecurityInformation: SECURITY_INFORMATION,
SecurityDescriptor: PSECURITY_DESCRIPTOR,
Length: ULONG,
LengthNeeded: PULONG,
) -> NTSTATUS;
fn ZwQuerySemaphore(
SemaphoreHandle: HANDLE,
SemaphoreInformationClass: SEMAPHORE_INFORMATION_CLASS,
SemaphoreInformation: PVOID,
SemaphoreInformationLength: ULONG,
ReturnLength: PULONG,
) -> NTSTATUS;
fn ZwQuerySymbolicLinkObject(
LinkHandle: HANDLE,
LinkTarget: PUNICODE_STRING,
ReturnedLength: PULONG,
) -> NTSTATUS;
fn ZwQuerySystemEnvironmentValue(
VariableName: PUNICODE_STRING,
VariableValue: PWSTR,
ValueLength: USHORT,
ReturnLength: PUSHORT,
) -> NTSTATUS;
fn ZwQuerySystemEnvironmentValueEx(
VariableName: PUNICODE_STRING,
VendorGuid: LPGUID,
Value: PVOID,
ValueLength: PULONG,
Attributes: PULONG,
) -> NTSTATUS;
fn ZwQuerySystemInformation(
SystemInformationClass: SYSTEM_INFORMATION_CLASS,
SystemInformation: PVOID,
SystemInformationLength: ULONG,
ReturnLength: PULONG,
) -> NTSTATUS;
fn ZwQuerySystemInformationEx(
SystemInformationClass: SYSTEM_INFORMATION_CLASS,
InputBuffer: PVOID,
InputBufferLength: ULONG,
SystemInformation: PVOID,
SystemInformationLength: ULONG,
ReturnLength: PULONG,
) -> NTSTATUS;
fn ZwQuerySystemTime(
SystemTime: PLARGE_INTEGER,
) -> NTSTATUS;
fn ZwQueryTimer(
TimerHandle: HANDLE,
TimerInformationClass: TIMER_INFORMATION_CLASS,
TimerInformation: PVOID,
TimerInformationLength: ULONG,
ReturnLength: PULONG,
) -> NTSTATUS;
fn ZwQueryTimerResolution(
MaximumTime: PULONG,
MinimumTime: PULONG,
CurrentTime: PULONG,
) -> NTSTATUS;
fn ZwQueryValueKey(
KeyHandle: HANDLE,
ValueName: PUNICODE_STRING,
KeyValueInformationClass: KEY_VALUE_INFORMATION_CLASS,
KeyValueInformation: PVOID,
Length: ULONG,
ResultLength: PULONG,
) -> NTSTATUS;
fn ZwQueryVirtualMemory(
ProcessHandle: HANDLE,
BaseAddress: PVOID,
MemoryInformationClass: MEMORY_INFORMATION_CLASS,
MemoryInformation: PVOID,
MemoryInformationLength: SIZE_T,
ReturnLength: PSIZE_T,
) -> NTSTATUS;
fn ZwQueryVolumeInformationFile(
FileHandle: HANDLE,
IoStatusBlock: PIO_STATUS_BLOCK,
FsInformation: PVOID,
Length: ULONG,
FsInformationClass: FS_INFORMATION_CLASS,
) -> NTSTATUS;
fn ZwQueryWnfStateData(
StateName: PCWNF_STATE_NAME,
TypeId: PCWNF_TYPE_ID,
ExplicitScope: *const VOID,
ChangeStamp: PWNF_CHANGE_STAMP,
Buffer: PVOID,
BufferSize: PULONG,
) -> NTSTATUS;
fn ZwQueryWnfStateNameInformation(
StateName: PCWNF_STATE_NAME,
NameInfoClass: WNF_STATE_NAME_INFORMATION,
ExplicitScope: *const VOID,
InfoBuffer: PVOID,
InfoBufferSize: ULONG,
) -> NTSTATUS;
fn ZwQueueApcThread(
ThreadHandle: HANDLE,
ApcRoutine: PPS_APC_ROUTINE,
ApcArgument1: PVOID,
ApcArgument2: PVOID,
ApcArgument3: PVOID,
) -> NTSTATUS;
fn ZwQueueApcThreadEx(
ThreadHandle: HANDLE,
UserApcReserveHandle: HANDLE,
ApcRoutine: PPS_APC_ROUTINE,
ApcArgument1: PVOID,
ApcArgument2: PVOID,
ApcArgument3: PVOID,
) -> NTSTATUS;
fn ZwRaiseException(
ExceptionRecord: PEXCEPTION_RECORD,
ContextRecord: PCONTEXT,
FirstChance: BOOLEAN,
) -> NTSTATUS;
fn ZwRaiseHardError(
ErrorStatus: NTSTATUS,
NumberOfParameters: ULONG,
UnicodeStringParameterMask: ULONG,
Parameters: PULONG_PTR,
ValidResponseOptions: ULONG,
Response: PULONG,
) -> NTSTATUS;
fn ZwReadFile(
FileHandle: HANDLE,
Event: HANDLE,
ApcRoutine: PIO_APC_ROUTINE,
ApcContext: PVOID,
IoStatusBlock: PIO_STATUS_BLOCK,
Buffer: PVOID,
Length: ULONG,
ByteOffset: PLARGE_INTEGER,
Key: PULONG,
) -> NTSTATUS;
fn ZwReadFileScatter(
FileHandle: HANDLE,
Event: HANDLE,
ApcRoutine: PIO_APC_ROUTINE,
ApcContext: PVOID,
IoStatusBlock: PIO_STATUS_BLOCK,
SegmentArray: PFILE_SEGMENT_ELEMENT,
Length: ULONG,
ByteOffset: PLARGE_INTEGER,
Key: PULONG,
) -> NTSTATUS;
fn ZwReadOnlyEnlistment(
EnlistmentHandle: HANDLE,
TmVirtualClock: PLARGE_INTEGER,
) -> NTSTATUS;
fn ZwReadRequestData(
PortHandle: HANDLE,
Message: PPORT_MESSAGE,
DataEntryIndex: ULONG,
Buffer: PVOID,
BufferSize: SIZE_T,
NumberOfBytesRead: PSIZE_T,
) -> NTSTATUS;
fn ZwReadVirtualMemory(
ProcessHandle: HANDLE,
BaseAddress: PVOID,
Buffer: PVOID,
BufferSize: SIZE_T,
NumberOfBytesRead: PSIZE_T,
) -> NTSTATUS;
fn ZwRecoverEnlistment(
EnlistmentHandle: HANDLE,
EnlistmentKey: PVOID,
) -> NTSTATUS;
fn ZwRecoverResourceManager(
ResourceManagerHandle: HANDLE,
) -> NTSTATUS;
fn ZwRecoverTransactionManager(
TransactionManagerHandle: HANDLE,
) -> NTSTATUS;
fn ZwRegisterProtocolAddressInformation(
ResourceManager: HANDLE,
ProtocolId: PCRM_PROTOCOL_ID,
ProtocolInformationSize: ULONG,
ProtocolInformation: PVOID,
CreateOptions: ULONG,
) -> NTSTATUS;
fn ZwRegisterThreadTerminatePort(
PortHandle: HANDLE,
) -> NTSTATUS;
fn ZwReleaseCMFViewOwnership() -> NTSTATUS;
fn ZwReleaseKeyedEvent(
KeyedEventHandle: HANDLE,
KeyValue: PVOID,
Alertable: BOOLEAN,
Timeout: PLARGE_INTEGER,
) -> NTSTATUS;
fn ZwReleaseMutant(
MutantHandle: HANDLE,
PreviousCount: PLONG,
) -> NTSTATUS;
fn ZwReleaseSemaphore(
SemaphoreHandle: HANDLE,
ReleaseCount: LONG,
PreviousCount: PLONG,
) -> NTSTATUS;
fn ZwReleaseWorkerFactoryWorker(
WorkerFactoryHandle: HANDLE,
) -> NTSTATUS;
fn ZwRemoveIoCompletion(
IoCompletionHandle: HANDLE,
KeyContext: *mut PVOID,
ApcContext: *mut PVOID,
IoStatusBlock: PIO_STATUS_BLOCK,
Timeout: PLARGE_INTEGER,
) -> NTSTATUS;
fn ZwRemoveIoCompletionEx(
IoCompletionHandle: HANDLE,
IoCompletionInformation: PFILE_IO_COMPLETION_INFORMATION,
Count: ULONG,
NumEntriesRemoved: PULONG,
Timeout: PLARGE_INTEGER,
Alertable: BOOLEAN,
) -> NTSTATUS;
fn ZwRemoveProcessDebug(
ProcessHandle: HANDLE,
DebugObjectHandle: HANDLE,
) -> NTSTATUS;
fn ZwRenameKey(
KeyHandle: HANDLE,
NewName: PUNICODE_STRING,
) -> NTSTATUS;
fn ZwRenameTransactionManager(
LogFileName: PUNICODE_STRING,
ExistingTransactionManagerGuid: LPGUID,
) -> NTSTATUS;
fn ZwReplaceKey(
NewFile: POBJECT_ATTRIBUTES,
TargetHandle: HANDLE,
OldFile: POBJECT_ATTRIBUTES,
) -> NTSTATUS;
fn ZwReplacePartitionUnit(
TargetInstancePath: PUNICODE_STRING,
SpareInstancePath: PUNICODE_STRING,
Flags: ULONG,
) -> NTSTATUS;
fn ZwReplyPort(
PortHandle: HANDLE,
ReplyMessage: PPORT_MESSAGE,
) -> NTSTATUS;
fn ZwReplyWaitReceivePort(
PortHandle: HANDLE,
PortContext: *mut PVOID,
ReplyMessage: PPORT_MESSAGE,
ReceiveMessage: PPORT_MESSAGE,
) -> NTSTATUS;
fn ZwReplyWaitReceivePortEx(
PortHandle: HANDLE,
PortContext: *mut PVOID,
ReplyMessage: PPORT_MESSAGE,
ReceiveMessage: PPORT_MESSAGE,
Timeout: PLARGE_INTEGER,
) -> NTSTATUS;
fn ZwReplyWaitReplyPort(
PortHandle: HANDLE,
ReplyMessage: PPORT_MESSAGE,
) -> NTSTATUS;
fn ZwRequestPort(
PortHandle: HANDLE,
RequestMessage: PPORT_MESSAGE,
) -> NTSTATUS;
fn ZwRequestWaitReplyPort(
PortHandle: HANDLE,
RequestMessage: PPORT_MESSAGE,
ReplyMessage: PPORT_MESSAGE,
) -> NTSTATUS;
fn ZwRequestWakeupLatency(
latency: LATENCY_TIME,
) -> NTSTATUS;
fn ZwResetEvent(
EventHandle: HANDLE,
PreviousState: PLONG,
) -> NTSTATUS;
fn ZwResetWriteWatch(
ProcessHandle: HANDLE,
BaseAddress: PVOID,
RegionSize: SIZE_T,
) -> NTSTATUS;
fn ZwRestoreKey(
KeyHandle: HANDLE,
FileHandle: HANDLE,
Flags: ULONG,
) -> NTSTATUS;
fn ZwResumeProcess(
ProcessHandle: HANDLE,
) -> NTSTATUS;
fn ZwResumeThread(
ThreadHandle: HANDLE,
PreviousSuspendCount: PULONG,
) -> NTSTATUS;
fn ZwRevertContainerImpersonation() -> NTSTATUS;
fn ZwRollbackComplete(
EnlistmentHandle: HANDLE,
TmVirtualClock: PLARGE_INTEGER,
) -> NTSTATUS;
fn ZwRollbackEnlistment(
EnlistmentHandle: HANDLE,
TmVirtualClock: PLARGE_INTEGER,
) -> NTSTATUS;
fn ZwRollbackTransaction(
TransactionHandle: HANDLE,
Wait: BOOLEAN,
) -> NTSTATUS;
fn ZwRollforwardTransactionManager(
TransactionManagerHandle: HANDLE,
TmVirtualClock: PLARGE_INTEGER,
) -> NTSTATUS;
fn ZwSaveKey(
KeyHandle: HANDLE,
FileHandle: HANDLE,
) -> NTSTATUS;
fn ZwSaveKeyEx(
KeyHandle: HANDLE,
FileHandle: HANDLE,
Format: ULONG,
) -> NTSTATUS;
fn ZwSaveMergedKeys(
HighPrecedenceKeyHandle: HANDLE,
LowPrecedenceKeyHandle: HANDLE,
FileHandle: HANDLE,
) -> NTSTATUS;
fn ZwSecureConnectPort(
PortHandle: PHANDLE,
PortName: PUNICODE_STRING,
SecurityQos: PSECURITY_QUALITY_OF_SERVICE,
ClientView: PPORT_VIEW,
RequiredServerSid: PSID,
ServerView: PREMOTE_PORT_VIEW,
MaxMessageLength: PULONG,
ConnectionInformation: PVOID,
ConnectionInformationLength: PULONG,
) -> NTSTATUS;
fn ZwSerializeBoot() -> NTSTATUS;
fn ZwSetBootEntryOrder(
Ids: PULONG,
Count: ULONG,
) -> NTSTATUS;
fn ZwSetBootOptions(
BootOptions: PBOOT_OPTIONS,
FieldsToChange: ULONG,
) -> NTSTATUS;
fn ZwSetCachedSigningLevel(
Flags: ULONG,
InputSigningLevel: SE_SIGNING_LEVEL,
SourceFiles: PHANDLE,
SourceFileCount: ULONG,
TargetFile: HANDLE,
) -> NTSTATUS;
fn ZwSetContextThread(
ThreadHandle: HANDLE,
ThreadContext: PCONTEXT,
) -> NTSTATUS;
fn ZwSetDebugFilterState(
ComponentId: ULONG,
Level: ULONG,
State: BOOLEAN,
) -> NTSTATUS;
fn ZwSetDefaultHardErrorPort(
DefaultHardErrorPort: HANDLE,
) -> NTSTATUS;
fn ZwSetDefaultLocale(
UserProfile: BOOLEAN,
DefaultLocaleId: LCID,
) -> NTSTATUS;
fn ZwSetDefaultUILanguage(
DefaultUILanguageId: LANGID,
) -> NTSTATUS;
fn ZwSetDriverEntryOrder(
Ids: PULONG,
Count: ULONG,
) -> NTSTATUS;
fn ZwSetEaFile(
FileHandle: HANDLE,
IoStatusBlock: PIO_STATUS_BLOCK,
Buffer: PVOID,
Length: ULONG,
) -> NTSTATUS;
fn ZwSetEvent(
EventHandle: HANDLE,
PreviousState: PLONG,
) -> NTSTATUS;
fn ZwSetEventBoostPriority(
EventHandle: HANDLE,
) -> NTSTATUS;
fn ZwSetHighEventPair(
EventPairHandle: HANDLE,
) -> NTSTATUS;
fn ZwSetHighWaitLowEventPair(
EventPairHandle: HANDLE,
) -> NTSTATUS;
fn ZwSetIRTimer(
TimerHandle: HANDLE,
DueTime: PLARGE_INTEGER,
) -> NTSTATUS;
fn ZwSetInformationDebugObject(
DebugObjectHandle: HANDLE,
DebugObjectInformationClass: DEBUGOBJECTINFOCLASS,
DebugInformation: PVOID,
DebugInformationLength: ULONG,
ReturnLength: PULONG,
) -> NTSTATUS;
fn ZwSetInformationEnlistment(
EnlistmentHandle: HANDLE,
EnlistmentInformationClass: ENLISTMENT_INFORMATION_CLASS,
EnlistmentInformation: PVOID,
EnlistmentInformationLength: ULONG,
) -> NTSTATUS;
fn ZwSetInformationFile(
FileHandle: HANDLE,
IoStatusBlock: PIO_STATUS_BLOCK,
FileInformation: PVOID,
Length: ULONG,
FileInformationClass: FILE_INFORMATION_CLASS,
) -> NTSTATUS;
fn ZwSetInformationJobObject(
JobHandle: HANDLE,
JobObjectInformationClass: JOBOBJECTINFOCLASS,
JobObjectInformation: PVOID,
JobObjectInformationLength: ULONG,
) -> NTSTATUS;
fn ZwSetInformationKey(
KeyHandle: HANDLE,
KeySetInformationClass: KEY_SET_INFORMATION_CLASS,
KeySetInformation: PVOID,
KeySetInformationLength: ULONG,
) -> NTSTATUS;
fn ZwSetInformationObject(
Handle: HANDLE,
ObjectInformationClass: OBJECT_INFORMATION_CLASS,
ObjectInformation: PVOID,
ObjectInformationLength: ULONG,
) -> NTSTATUS;
fn ZwSetInformationProcess(
ProcessHandle: HANDLE,
ProcessInformationClass: PROCESSINFOCLASS,
ProcessInformation: PVOID,
ProcessInformationLength: ULONG,
) -> NTSTATUS;
fn ZwSetInformationResourceManager(
ResourceManagerHandle: HANDLE,
ResourceManagerInformationClass: RESOURCEMANAGER_INFORMATION_CLASS,
ResourceManagerInformation: PVOID,
ResourceManagerInformationLength: ULONG,
) -> NTSTATUS;
fn ZwSetInformationThread(
ThreadHandle: HANDLE,
ThreadInformationClass: THREADINFOCLASS,
ThreadInformation: PVOID,
ThreadInformationLength: ULONG,
) -> NTSTATUS;
fn ZwSetInformationToken(
TokenHandle: HANDLE,
TokenInformationClass: TOKEN_INFORMATION_CLASS,
TokenInformation: PVOID,
TokenInformationLength: ULONG,
) -> NTSTATUS;
fn ZwSetInformationTransaction(
TransactionHandle: HANDLE,
TransactionInformationClass: TRANSACTION_INFORMATION_CLASS,
TransactionInformation: PVOID,
TransactionInformationLength: ULONG,
) -> NTSTATUS;
fn ZwSetInformationTransactionManager(
TmHandle: HANDLE,
TransactionManagerInformationClass: TRANSACTIONMANAGER_INFORMATION_CLASS,
TransactionManagerInformation: PVOID,
TransactionManagerInformationLength: ULONG,
) -> NTSTATUS;
fn ZwSetInformationVirtualMemory(
ProcessHandle: HANDLE,
VmInformationClass: VIRTUAL_MEMORY_INFORMATION_CLASS,
NumberOfEntries: ULONG_PTR,
VirtualAddresses: PMEMORY_RANGE_ENTRY,
VmInformation: PVOID,
VmInformationLength: ULONG,
) -> NTSTATUS;
fn ZwSetInformationWorkerFactory(
WorkerFactoryHandle: HANDLE,
WorkerFactoryInformationClass: WORKERFACTORYINFOCLASS,
WorkerFactoryInformation: PVOID,
WorkerFactoryInformationLength: ULONG,
) -> NTSTATUS;
fn ZwSetIntervalProfile(
Interval: ULONG,
Source: KPROFILE_SOURCE,
) -> NTSTATUS;
fn ZwSetIoCompletion(
IoCompletionHandle: HANDLE,
KeyContext: PVOID,
ApcContext: PVOID,
IoStatus: NTSTATUS,
IoStatusInformation: ULONG_PTR,
) -> NTSTATUS;
fn ZwSetIoCompletionEx(
IoCompletionHandle: HANDLE,
IoCompletionPacketHandle: HANDLE,
KeyContext: PVOID,
ApcContext: PVOID,
IoStatus: NTSTATUS,
IoStatusInformation: ULONG_PTR,
) -> NTSTATUS;
fn ZwSetLdtEntries(
Selector0: ULONG,
Entry0Low: ULONG,
Entry0Hi: ULONG,
Selector1: ULONG,
Entry1Low: ULONG,
Entry1Hi: ULONG,
) -> NTSTATUS;
fn ZwSetLowEventPair(
EventPairHandle: HANDLE,
) -> NTSTATUS;
fn ZwSetLowWaitHighEventPair(
EventPairHandle: HANDLE,
) -> NTSTATUS;
fn ZwSetQuotaInformationFile(
FileHandle: HANDLE,
IoStatusBlock: PIO_STATUS_BLOCK,
Buffer: PVOID,
Length: ULONG,
) -> NTSTATUS;
fn ZwSetSecurityObject(
Handle: HANDLE,
SecurityInformation: SECURITY_INFORMATION,
SecurityDescriptor: PSECURITY_DESCRIPTOR,
) -> NTSTATUS;
fn ZwSetSystemEnvironmentValue(
VariableName: PUNICODE_STRING,
VariableValue: PUNICODE_STRING,
) -> NTSTATUS;
fn ZwSetSystemEnvironmentValueEx(
VariableName: PUNICODE_STRING,
VendorGuid: LPGUID,
Value: PVOID,
ValueLength: ULONG,
Attributes: ULONG,
) -> NTSTATUS;
fn ZwSetSystemInformation(
SystemInformationClass: SYSTEM_INFORMATION_CLASS,
SystemInformation: PVOID,
SystemInformationLength: ULONG,
) -> NTSTATUS;
fn ZwSetSystemPowerState(
SystemAction: POWER_ACTION,
LightestSystemState: SYSTEM_POWER_STATE,
Flags: ULONG,
) -> NTSTATUS;
fn ZwSetSystemTime(
SystemTime: PLARGE_INTEGER,
PreviousTime: PLARGE_INTEGER,
) -> NTSTATUS;
fn ZwSetThreadExecutionState(
NewFlags: EXECUTION_STATE,
PreviousFlags: *mut EXECUTION_STATE,
) -> NTSTATUS;
fn ZwSetTimer(
TimerHandle: HANDLE,
DueTime: PLARGE_INTEGER,
TimerApcRoutine: PTIMER_APC_ROUTINE,
TimerContext: PVOID,
ResumeTimer: BOOLEAN,
Period: LONG,
PreviousState: PBOOLEAN,
) -> NTSTATUS;
fn ZwSetTimer2(
TimerHandle: HANDLE,
DueTime: PLARGE_INTEGER,
Period: PLARGE_INTEGER,
Parameters: PT2_SET_PARAMETERS,
) -> NTSTATUS;
fn ZwSetTimerEx(
TimerHandle: HANDLE,
TimerSetInformationClass: TIMER_SET_INFORMATION_CLASS,
TimerSetInformation: PVOID,
TimerSetInformationLength: ULONG,
) -> NTSTATUS;
fn ZwSetTimerResolution(
DesiredTime: ULONG,
SetResolution: BOOLEAN,
ActualTime: PULONG,
) -> NTSTATUS;
fn ZwSetUuidSeed(
Seed: PCHAR,
) -> NTSTATUS;
fn ZwSetValueKey(
KeyHandle: HANDLE,
ValueName: PUNICODE_STRING,
TitleIndex: ULONG,
Type: ULONG,
Data: PVOID,
DataSize: ULONG,
) -> NTSTATUS;
fn ZwSetVolumeInformationFile(
FileHandle: HANDLE,
IoStatusBlock: PIO_STATUS_BLOCK,
FsInformation: PVOID,
Length: ULONG,
FsInformationClass: FS_INFORMATION_CLASS,
) -> NTSTATUS;
fn ZwSetWnfProcessNotificationEvent(
NotificationEvent: HANDLE,
) -> NTSTATUS;
fn ZwShutdownSystem(
Action: SHUTDOWN_ACTION,
) -> NTSTATUS;
fn ZwShutdownWorkerFactory(
WorkerFactoryHandle: HANDLE,
PendingWorkerCount: *mut LONG,
) -> NTSTATUS;
fn ZwSignalAndWaitForSingleObject(
SignalHandle: HANDLE,
WaitHandle: HANDLE,
Alertable: BOOLEAN,
Timeout: PLARGE_INTEGER,
) -> NTSTATUS;
fn ZwSinglePhaseReject(
EnlistmentHandle: HANDLE,
TmVirtualClock: PLARGE_INTEGER,
) -> NTSTATUS;
fn ZwStartProfile(
ProfileHandle: HANDLE,
) -> NTSTATUS;
fn ZwStopProfile(
ProfileHandle: HANDLE,
) -> NTSTATUS;
fn ZwSubscribeWnfStateChange(
StateName: PCWNF_STATE_NAME,
ChangeStamp: WNF_CHANGE_STAMP,
EventMask: ULONG,
SubscriptionId: PULONG64,
) -> NTSTATUS;
fn ZwSuspendProcess(
ProcessHandle: HANDLE,
) -> NTSTATUS;
fn ZwSuspendThread(
ThreadHandle: HANDLE,
PreviousSuspendCount: PULONG,
) -> NTSTATUS;
fn ZwSystemDebugControl(
Command: SYSDBG_COMMAND,
InputBuffer: PVOID,
InputBufferLength: ULONG,
OutputBuffer: PVOID,
OutputBufferLength: ULONG,
ReturnLength: PULONG,
) -> NTSTATUS;
fn ZwTerminateJobObject(
JobHandle: HANDLE,
ExitStatus: NTSTATUS,
) -> NTSTATUS;
fn ZwTerminateProcess(
ProcessHandle: HANDLE,
ExitStatus: NTSTATUS,
) -> NTSTATUS;
fn ZwTerminateThread(
ThreadHandle: HANDLE,
ExitStatus: NTSTATUS,
) -> NTSTATUS;
fn ZwTestAlert() -> NTSTATUS;
fn ZwThawRegistry() -> NTSTATUS;
fn ZwThawTransactions() -> NTSTATUS;
fn ZwTraceControl(
FunctionCode: ULONG,
InBuffer: PVOID,
InBufferLen: ULONG,
OutBuffer: PVOID,
OutBufferLen: ULONG,
ReturnLength: PULONG,
) -> NTSTATUS;
fn ZwTraceEvent(
TraceHandle: HANDLE,
Flags: ULONG,
FieldSize: ULONG,
Fields: PVOID,
) -> NTSTATUS;
fn ZwTranslateFilePath(
InputFilePath: PFILE_PATH,
OutputType: ULONG,
OutputFilePath: PFILE_PATH,
OutputFilePathLength: PULONG,
) -> NTSTATUS;
fn ZwUmsThreadYield(
SchedulerParam: PVOID,
) -> NTSTATUS;
fn ZwUnloadDriver(
DriverServiceName: PUNICODE_STRING,
) -> NTSTATUS;
fn ZwUnloadKey(
TargetKey: POBJECT_ATTRIBUTES,
) -> NTSTATUS;
fn ZwUnloadKey2(
TargetKey: POBJECT_ATTRIBUTES,
Flags: ULONG,
) -> NTSTATUS;
fn ZwUnloadKeyEx(
TargetKey: POBJECT_ATTRIBUTES,
Event: HANDLE,
) -> NTSTATUS;
fn ZwUnlockFile(
FileHandle: HANDLE,
IoStatusBlock: PIO_STATUS_BLOCK,
ByteOffset: PLARGE_INTEGER,
Length: PLARGE_INTEGER,
Key: ULONG,
) -> NTSTATUS;
fn ZwUnlockVirtualMemory(
ProcessHandle: HANDLE,
BaseAddress: *mut PVOID,
RegionSize: PSIZE_T,
MapType: ULONG,
) -> NTSTATUS;
fn ZwUnmapViewOfSection(
ProcessHandle: HANDLE,
BaseAddress: PVOID,
) -> NTSTATUS;
fn ZwUnmapViewOfSectionEx(
ProcessHandle: HANDLE,
BaseAddress: PVOID,
Flags: ULONG,
) -> NTSTATUS;
fn ZwUnsubscribeWnfStateChange(
StateName: PCWNF_STATE_NAME,
) -> NTSTATUS;
fn ZwUpdateWnfStateData(
StateName: PCWNF_STATE_NAME,
Buffer: *const VOID,
Length: ULONG,
TypeId: PCWNF_TYPE_ID,
ExplicitScope: *const VOID,
MatchingChangeStamp: WNF_CHANGE_STAMP,
CheckStamp: LOGICAL,
) -> NTSTATUS;
fn ZwVdmControl(
Service: VDMSERVICECLASS,
ServiceData: PVOID,
) -> NTSTATUS;
fn ZwWaitForAlertByThreadId(
Address: PVOID,
Timeout: PLARGE_INTEGER,
) -> NTSTATUS;
fn ZwWaitForDebugEvent(
DebugObjectHandle: HANDLE,
Alertable: BOOLEAN,
Timeout: PLARGE_INTEGER,
WaitStateChange: PVOID,
) -> NTSTATUS;
fn ZwWaitForKeyedEvent(
KeyedEventHandle: HANDLE,
KeyValue: PVOID,
Alertable: BOOLEAN,
Timeout: PLARGE_INTEGER,
) -> NTSTATUS;
fn ZwWaitForMultipleObjects(
Count: ULONG,
Handles: *mut HANDLE,
WaitType: WAIT_TYPE,
Alertable: BOOLEAN,
Timeout: PLARGE_INTEGER,
) -> NTSTATUS;
fn ZwWaitForMultipleObjects32(
Count: ULONG,
Handles: *mut LONG,
WaitType: WAIT_TYPE,
Alertable: BOOLEAN,
Timeout: PLARGE_INTEGER,
) -> NTSTATUS;
fn ZwWaitForSingleObject(
Handle: HANDLE,
Alertable: BOOLEAN,
Timeout: PLARGE_INTEGER,
) -> NTSTATUS;
fn ZwWaitForWorkViaWorkerFactory(
WorkerFactoryHandle: HANDLE,
MiniPacket: *mut FILE_IO_COMPLETION_INFORMATION,
) -> NTSTATUS;
fn ZwWaitHighEventPair(
EventPairHandle: HANDLE,
) -> NTSTATUS;
fn ZwWaitLowEventPair(
EventPairHandle: HANDLE,
) -> NTSTATUS;
fn ZwWorkerFactoryWorkerReady(
WorkerFactoryHandle: HANDLE,
) -> NTSTATUS;
fn ZwWriteFile(
FileHandle: HANDLE,
Event: HANDLE,
ApcRoutine: PIO_APC_ROUTINE,
ApcContext: PVOID,
IoStatusBlock: PIO_STATUS_BLOCK,
Buffer: PVOID,
Length: ULONG,
ByteOffset: PLARGE_INTEGER,
Key: PULONG,
) -> NTSTATUS;
fn ZwWriteFileGather(
FileHandle: HANDLE,
Event: HANDLE,
ApcRoutine: PIO_APC_ROUTINE,
ApcContext: PVOID,
IoStatusBlock: PIO_STATUS_BLOCK,
SegmentArray: PFILE_SEGMENT_ELEMENT,
Length: ULONG,
ByteOffset: PLARGE_INTEGER,
Key: PULONG,
) -> NTSTATUS;
fn ZwWriteRequestData(
PortHandle: HANDLE,
Message: PPORT_MESSAGE,
DataEntryIndex: ULONG,
Buffer: PVOID,
BufferSize: SIZE_T,
NumberOfBytesWritten: PSIZE_T,
) -> NTSTATUS;
fn ZwWriteVirtualMemory(
ProcessHandle: HANDLE,
BaseAddress: PVOID,
Buffer: PVOID,
BufferSize: SIZE_T,
NumberOfBytesWritten: PSIZE_T,
) -> NTSTATUS;
fn ZwYieldExecution() -> NTSTATUS;
}}