~ubuntu-branches/ubuntu/dapper/fpc/dapper

function NtQuerySystemInformation(SystemInformationClass: SYSTEM_INFORMATION_CLASS; SystemInformation: PVOID; SystemInformationLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall; external ntdll name 'NtQuerySystemInformation';

535

function NtSetSystemInformation(SystemInformationClass: SYSTEM_INFORMATION_CLASS; SystemInformation: PVOID; SystemInformationLength: ULONG): NTSTATUS; stdcall; external ntdll name 'NtSetSystemInformation';

536

537

type

538

_SYSTEM_BASIC_INFORMATION = record // Information Class 0

539

Unknown: ULONG;

540

MaximumIncrement: ULONG;

541

PhysicalPageSize: ULONG;

542

NumberOfPhysicalPages: ULONG;

543

LowestPhysicalPage: ULONG;

544

HighestPhysicalPage: ULONG;

545

AllocationGranularity: ULONG;

546

LowestUserAddress: ULONG;

547

HighestUserAddress: ULONG;

548

ActiveProcessors: ULONG;

549

NumberProcessors: UCHAR;

550

end;

551

SYSTEM_BASIC_INFORMATION = _SYSTEM_BASIC_INFORMATION;

552

PSYSTEM_BASIC_INFORMATION = ^SYSTEM_BASIC_INFORMATION;

553

554

_SYSTEM_PROCESSOR_INFORMATION = record // Information Class 1

555

ProcessorArchitecture: USHORT;

556

ProcessorLevel: USHORT;

557

ProcessorRevision: USHORT;

558

Unknown: USHORT;

559

FeatureBits: ULONG;

560

end;

561

SYSTEM_PROCESSOR_INFORMATION = _SYSTEM_PROCESSOR_INFORMATION;

562

PSYSTEM_PROCESSOR_INFORMATION = ^SYSTEM_PROCESSOR_INFORMATION;

563

564

_SYSTEM_PERFORMANCE_INFORMATION = record // Information Class 2

565

IdleTime: LARGE_INTEGER;

566

ReadTransferCount: LARGE_INTEGER;

567

WriteTransferCount: LARGE_INTEGER;

568

OtherTransferCount: LARGE_INTEGER;

569

ReadOperationCount: ULONG;

570

WriteOperationCount: ULONG;

571

OtherOperationCount: ULONG;

572

AvailablePages: ULONG;

573

TotalCommittedPages: ULONG;

574

TotalCommitLimit: ULONG;

575

PeakCommitment: ULONG;

576

PageFaults: ULONG;

577

WriteCopyFaults: ULONG;

578

TransistionFaults: ULONG;

579

Reserved1: ULONG;

580

DemandZeroFaults: ULONG;

581

PagesRead: ULONG;

582

PageReadIos: ULONG;

583

Reserved2: array [0..1] of ULONG;

584

PagefilePagesWritten: ULONG;

585

PagefilePageWriteIos: ULONG;

586

MappedFilePagesWritten: ULONG;

587

MappedFilePageWriteIos: ULONG;

588

PagedPoolUsage: ULONG;

589

NonPagedPoolUsage: ULONG;

590

PagedPoolAllocs: ULONG;

591

PagedPoolFrees: ULONG;

592

NonPagedPoolAllocs: ULONG;

593

NonPagedPoolFrees: ULONG;

594

TotalFreeSystemPtes: ULONG;

595

SystemCodePage: ULONG;

596

TotalSystemDriverPages: ULONG;

597

TotalSystemCodePages: ULONG;

598

SmallNonPagedLookasideListAllocateHits: ULONG;

599

SmallPagedLookasideListAllocateHits: ULONG;

600

Reserved3: ULONG;

601

MmSystemCachePage: ULONG;

602

PagedPoolPage: ULONG;

603

SystemDriverPage: ULONG;

604

FastReadNoWait: ULONG;

605

FastReadWait: ULONG;

606

FastReadResourceMiss: ULONG;

607

FastReadNotPossible: ULONG;

608

FastMdlReadNoWait: ULONG;

609

FastMdlReadWait: ULONG;

610

FastMdlReadResourceMiss: ULONG;

611

FastMdlReadNotPossible: ULONG;

612

MapDataNoWait: ULONG;

613

MapDataWait: ULONG;

614

MapDataNoWaitMiss: ULONG;

615

MapDataWaitMiss: ULONG;

616

PinMappedDataCount: ULONG;

617

PinReadNoWait: ULONG;

618

PinReadWait: ULONG;

619

PinReadNoWaitMiss: ULONG;

620

PinReadWaitMiss: ULONG;

621

CopyReadNoWait: ULONG;

622

CopyReadWait: ULONG;

623

CopyReadNoWaitMiss: ULONG;

624

CopyReadWaitMiss: ULONG;

625

MdlReadNoWait: ULONG;

626

MdlReadWait: ULONG;

627

MdlReadNoWaitMiss: ULONG;

628

MdlReadWaitMiss: ULONG;

629

ReadAheadIos: ULONG;

630

LazyWriteIos: ULONG;

631

LazyWritePages: ULONG;

632

DataFlushes: ULONG;

633

DataPages: ULONG;

634

ContextSwitches: ULONG;

635

FirstLevelTbFills: ULONG;

636

SecondLevelTbFills: ULONG;

637

SystemCalls: ULONG;

638

end;

639

SYSTEM_PERFORMANCE_INFORMATION = _SYSTEM_PERFORMANCE_INFORMATION;

640

PSYSTEM_PERFORMANCE_INFORMATION = ^SYSTEM_PERFORMANCE_INFORMATION;

641

642

_SYSTEM_TIME_OF_DAY_INFORMATION = record // Information Class 3

643

BootTime: LARGE_INTEGER;

644

CurrentTime: LARGE_INTEGER;

645

TimeZoneBias: LARGE_INTEGER;

646

CurrentTimeZoneId: ULONG;

647

end;

648

SYSTEM_TIME_OF_DAY_INFORMATION = _SYSTEM_TIME_OF_DAY_INFORMATION;

649

PSYSTEM_TIME_OF_DAY_INFORMATION = ^SYSTEM_TIME_OF_DAY_INFORMATION;

650

651

_IO_COUNTERSEX = record

652

ReadOperationCount: LARGE_INTEGER;

653

WriteOperationCount: LARGE_INTEGER;

654

OtherOperationCount: LARGE_INTEGER;

655

ReadTransferCount: LARGE_INTEGER;

656

WriteTransferCount: LARGE_INTEGER;

657

OtherTransferCount: LARGE_INTEGER;

658

end;

659

IO_COUNTERSEX = _IO_COUNTERSEX;

660

PIO_COUNTERSEX = ^IO_COUNTERSEX;

661

662

THREAD_STATE = (

663

StateInitialized,

664

StateReady,

665

StateRunning,

666

StateStandby,

667

StateTerminated,

668

StateWait,

669

StateTransition,

670

StateUnknown);

671

672

_SYSTEM_THREADS = record

673

KernelTime: LARGE_INTEGER;

674

UserTime: LARGE_INTEGER;

675

CreateTime: LARGE_INTEGER;

676

WaitTime: ULONG;

677

StartAddress: PVOID;

678

ClientId: CLIENT_ID;

679

Priority: KPRIORITY;

680

BasePriority: KPRIORITY;

681

ContextSwitchCount: ULONG;

682

State: THREAD_STATE;

683

WaitReason: KWAIT_REASON;

684

end;

685

SYSTEM_THREADS = _SYSTEM_THREADS;

686

PSYSTEM_THREADS = ^SYSTEM_THREADS;

687

TSystemThreads = SYSTEM_THREADS;

688

PSystemThreads = PSYSTEM_THREADS;

689

690

_SYSTEM_PROCESSES = record // Information Class 5

691

NextEntryDelta: ULONG;

692

ThreadCount: ULONG;

693

Reserved1: array [0..5] of ULONG;

694

CreateTime: LARGE_INTEGER;

695

UserTime: LARGE_INTEGER;

696

KernelTime: LARGE_INTEGER;

697

ProcessName: UNICODE_STRING;

698

BasePriority: KPRIORITY;

699

ProcessId: ULONG;

700

InheritedFromProcessId: ULONG;

701

HandleCount: ULONG;

702

// next two were Reserved2: array [0..1] of ULONG; thanks to Nico Bendlin

703

SessionId: ULONG;

704

Reserved2: ULONG;

705

VmCounters: VM_COUNTERS;

706

PrivatePageCount : ULONG;

707

IoCounters: IO_COUNTERSEX; // Windows 2000 only

708

Threads: array [0..0] of SYSTEM_THREADS;

709

end;

710

SYSTEM_PROCESSES = _SYSTEM_PROCESSES;

711

PSYSTEM_PROCESSES = ^SYSTEM_PROCESSES;

712

TSystemProcesses = SYSTEM_PROCESSES;

713

PSystemProcesses = PSYSTEM_PROCESSES;

714

715

_SYSTEM_CALLS_INFORMATION = record // Information Class 6

716

Size: ULONG;

717

NumberOfDescriptorTables: ULONG;

718

NumberOfRoutinesInTable: array [0..0] of ULONG;

719

// ULONG CallCounts[];

720

end;

721

SYSTEM_CALLS_INFORMATION = _SYSTEM_CALLS_INFORMATION;

722

PSYSTEM_CALLS_INFORMATION = ^SYSTEM_CALLS_INFORMATION;

723

724

_SYSTEM_CONFIGURATION_INFORMATION = record // Information Class 7

725

DiskCount: ULONG;

726

FloppyCount: ULONG;

727

CdRomCount: ULONG;

728

TapeCount: ULONG;

729

SerialCount: ULONG;

730

ParallelCount: ULONG;

731

end;

732

SYSTEM_CONFIGURATION_INFORMATION = _SYSTEM_CONFIGURATION_INFORMATION;

733

PSYSTEM_CONFIGURATION_INFORMATION = ^SYSTEM_CONFIGURATION_INFORMATION;

734

735

_SYSTEM_PROCESSOR_TIMES = record // Information Class 8

736

IdleTime: LARGE_INTEGER;

737

KernelTime: LARGE_INTEGER;

738

UserTime: LARGE_INTEGER;

739

DpcTime: LARGE_INTEGER;

740

InterruptTime: LARGE_INTEGER;

741

InterruptCount: ULONG;

742

end;

743

SYSTEM_PROCESSOR_TIMES = _SYSTEM_PROCESSOR_TIMES;

744

PSYSTEM_PROCESSOR_TIMES = ^SYSTEM_PROCESSOR_TIMES;

745

746

_SYSTEM_GLOBAL_FLAG = record // Information Class 9

747

GlobalFlag: ULONG;

748

end;

749

SYSTEM_GLOBAL_FLAG = _SYSTEM_GLOBAL_FLAG;

750

PSYSTEM_GLOBAL_FLAG = ^SYSTEM_GLOBAL_FLAG;

751

752

_SYSTEM_MODULE_INFORMATION = record // Information Class 11

753

Reserved: array [0..1] of ULONG;

754

Base: PVOID;

755

Size: ULONG;

756

Flags: ULONG;

757

Index: USHORT;

758

Unknown: USHORT;

759

LoadCount: USHORT;

760

ModuleNameOffset: USHORT;

761

ImageName: array [0..255] of CHAR;

762

end;

763

SYSTEM_MODULE_INFORMATION = _SYSTEM_MODULE_INFORMATION;

764

PSYSTEM_MODULE_INFORMATION = ^SYSTEM_MODULE_INFORMATION;

765

TSystemModuleInformation = SYSTEM_MODULE_INFORMATION;

766

PSystemModuleInformation = PSYSTEM_MODULE_INFORMATION;

767

768

_SYSTEM_LOCK_INFORMATION = record // Information Class 12

769

Address: PVOID;

770

Type_: USHORT;

771

Reserved1: USHORT;

772

ExclusiveOwnerThreadId: ULONG;

773

ActiveCount: ULONG;

774

ContentionCount: ULONG;

775

Reserved2: array [0..1] of ULONG;

776

NumberOfSharedWaiters: ULONG;

777

NumberOfExclusiveWaiters: ULONG;

778

end;

779

SYSTEM_LOCK_INFORMATION = _SYSTEM_LOCK_INFORMATION;

780

PSYSTEM_LOCK_INFORMATION = ^SYSTEM_LOCK_INFORMATION;

781

782

_SYSTEM_HANDLE_INFORMATION = record // Information Class 16

783

ProcessId: ULONG;

784

ObjectTypeNumber: UCHAR;

785

Flags: UCHAR; // 0x01 = PROTECT_FROM_CLOSE, 0x02 = INHERIT

786

Handle: USHORT;

787

Object_: PVOID;

788

GrantedAccess: ACCESS_MASK;

789

end;

790

SYSTEM_HANDLE_INFORMATION = _SYSTEM_HANDLE_INFORMATION;

791

PSYSTEM_HANDLE_INFORMATION = ^SYSTEM_HANDLE_INFORMATION;

792

793

_SYSTEM_OBJECT_TYPE_INFORMATION = record // Information Class 17

794

NextEntryOffset: ULONG;

795

ObjectCount: ULONG;

796

HandleCount: ULONG;

797

TypeNumber: ULONG;

798

InvalidAttributes: ULONG;

799

GenericMapping: GENERIC_MAPPING;

800

ValidAccessMask: ACCESS_MASK;

801

PoolType: POOL_TYPE;

802

Unknown: UCHAR;

803

Name: UNICODE_STRING;

804

end;

805

SYSTEM_OBJECT_TYPE_INFORMATION = _SYSTEM_OBJECT_TYPE_INFORMATION;

806

PSYSTEM_OBJECT_TYPE_INFORMATION = ^SYSTEM_OBJECT_TYPE_INFORMATION;

807

808

_SYSTEM_OBJECT_INFORMATION = record

809

NextEntryOffset: ULONG;

810

Object_: PVOID;

811

CreatorProcessId: ULONG;

812

Unknown: USHORT;

813

Flags: USHORT;

814

PointerCount: ULONG;

815

HandleCount: ULONG;

816

PagedPoolUsage: ULONG;

817

NonPagedPoolUsage: ULONG;

818

ExclusiveProcessId: ULONG;

819

SecurityDescriptor: PSECURITY_DESCRIPTOR;

820

Name: UNICODE_STRING;

821

end;

822

SYSTEM_OBJECT_INFORMATION = _SYSTEM_OBJECT_INFORMATION;

823

PSYSTEM_OBJECT_INFORMATION = ^SYSTEM_OBJECT_INFORMATION;

824

825

_SYSTEM_PAGEFILE_INFORMATION = record // Information Class 18

826

NextEntryOffset: ULONG;

827

CurrentSize: ULONG;

828

TotalUsed: ULONG;

829

PeakUsed: ULONG;

830

FileName: UNICODE_STRING;

831

end;

832

SYSTEM_PAGEFILE_INFORMATION = _SYSTEM_PAGEFILE_INFORMATION;

833

PSYSTEM_PAGEFILE_INFORMATION = ^SYSTEM_PAGEFILE_INFORMATION;

834

TSystemPageFileInformation = SYSTEM_PAGEFILE_INFORMATION;

835

PSystemPageFileInformation = PSYSTEM_PAGEFILE_INFORMATION;

836

837

_SYSTEM_INSTRUCTION_EMULATION_INFORMATION = record // Info Class 19

838

GenericInvalidOpcode: ULONG;

839

TwoByteOpcode: ULONG;

840

ESprefix: ULONG;

841

CSprefix: ULONG;

842

SSprefix: ULONG;

843

DSprefix: ULONG;

844

FSPrefix: ULONG;

845

GSprefix: ULONG;

846

OPER32prefix: ULONG;

847

ADDR32prefix: ULONG;

848

INSB: ULONG;

849

INSW: ULONG;

850

OUTSB: ULONG;

851

OUTSW: ULONG;

852

PUSHFD: ULONG;

853

POPFD: ULONG;

854

INTnn: ULONG;

855

INTO: ULONG;

856

IRETD: ULONG;

857

FloatingPointOpcode: ULONG;

858

INBimm: ULONG;

859

INWimm: ULONG;

860

OUTBimm: ULONG;

861

OUTWimm: ULONG;

862

INB: ULONG;

863

INW: ULONG;

864

OUTB: ULONG;

865

OUTW: ULONG;

866

LOCKprefix: ULONG;

867

REPNEprefix: ULONG;

868

REPprefix: ULONG;

869

CLI: ULONG;

870

STI: ULONG;

871

HLT: ULONG;

872

end;

873

SYSTEM_INSTRUCTION_EMULATION_INFORMATION = _SYSTEM_INSTRUCTION_EMULATION_INFORMATION;

874

PSYSTEM_INSTRUCTION_EMULATION_INFORMATION = ^SYSTEM_INSTRUCTION_EMULATION_INFORMATION;

875

876

_SYSTEM_CACHE_INFORMATION = record // Information Class 21

877

SystemCacheWsSize: ULONG;

878

SystemCacheWsPeakSize: ULONG;

879

SystemCacheWsFaults: ULONG;

880

SystemCacheWsMinimum: ULONG;

881

SystemCacheWsMaximum: ULONG;

882

TransitionSharedPages: ULONG;

883

TransitionSharedPagesPeak: ULONG;

884

Reserved: array [0..1] of ULONG;

885

end;

886

SYSTEM_CACHE_INFORMATION = _SYSTEM_CACHE_INFORMATION;

887

PSYSTEM_CACHE_INFORMATION = ^SYSTEM_CACHE_INFORMATION;

888

889

_SYSTEM_POOL_TAG_INFORMATION = record // Information Class 22

890

Tag: array [0..3] of CHAR;

891

PagedPoolAllocs: ULONG;

892

PagedPoolFrees: ULONG;

893

PagedPoolUsage: ULONG;

894

NonPagedPoolAllocs: ULONG;

895

NonPagedPoolFrees: ULONG;

896

NonPagedPoolUsage: ULONG;

897

end;

898

SYSTEM_POOL_TAG_INFORMATION = _SYSTEM_POOL_TAG_INFORMATION;

899

PSYSTEM_POOL_TAG_INFORMATION = ^SYSTEM_POOL_TAG_INFORMATION;

900

901

_SYSTEM_PROCESSOR_STATISTICS = record // Information Class 23

902

ContextSwitches: ULONG;

903

DpcCount: ULONG;

904

DpcRequestRate: ULONG;

905

TimeIncrement: ULONG;

906

DpcBypassCount: ULONG;

907

ApcBypassCount: ULONG;

908

end;

909

SYSTEM_PROCESSOR_STATISTICS = _SYSTEM_PROCESSOR_STATISTICS;

910

PSYSTEM_PROCESSOR_STATISTICS = ^SYSTEM_PROCESSOR_STATISTICS;

911

912

_SYSTEM_DPC_INFORMATION = record // Information Class 24

913

Reserved: ULONG;

914

MaximumDpcQueueDepth: ULONG;

915

MinimumDpcRate: ULONG;

916

AdjustDpcThreshold: ULONG;

917

IdealDpcRate: ULONG;

918

end;

919

SYSTEM_DPC_INFORMATION = _SYSTEM_DPC_INFORMATION;

920

PSYSTEM_DPC_INFORMATION = ^SYSTEM_DPC_INFORMATION;

921

922

_SYSTEM_LOAD_IMAGE = record // Information Class 26

923

ModuleName: UNICODE_STRING;

924

ModuleBase: PVOID;

925

Unknown: PVOID;

926

EntryPoint: PVOID;

927

ExportDirectory: PVOID;

928

end;

929

SYSTEM_LOAD_IMAGE = _SYSTEM_LOAD_IMAGE;

930

PSYSTEM_LOAD_IMAGE = ^SYSTEM_LOAD_IMAGE;

931

932

_SYSTEM_UNLOAD_IMAGE = record // Information Class 27

933

ModuleBase: PVOID;

934

end;

935

SYSTEM_UNLOAD_IMAGE = _SYSTEM_UNLOAD_IMAGE;

936

PSYSTEM_UNLOAD_IMAGE = ^SYSTEM_UNLOAD_IMAGE;

937

938

_SYSTEM_QUERY_TIME_ADJUSTMENT = record // Information Class 28

939

TimeAdjustment: ULONG;

940

MaximumIncrement: ULONG;

941

TimeSynchronization: ByteBool;

942

end;

943

SYSTEM_QUERY_TIME_ADJUSTMENT = _SYSTEM_QUERY_TIME_ADJUSTMENT;

944

PSYSTEM_QUERY_TIME_ADJUSTMENT = ^SYSTEM_QUERY_TIME_ADJUSTMENT;

945

946

_SYSTEM_SET_TIME_ADJUSTMENT = record // Information Class 28

947

TimeAdjustment: ULONG;

948

TimeSynchronization: ByteBool;

949

end;

950

SYSTEM_SET_TIME_ADJUSTMENT = _SYSTEM_SET_TIME_ADJUSTMENT;

951

PSYSTEM_SET_TIME_ADJUSTMENT = ^SYSTEM_SET_TIME_ADJUSTMENT;

952

953

_SYSTEM_CRASH_DUMP_INFORMATION = record // Information Class 32

954

CrashDumpSectionHandle: HANDLE;

955

Unknown: HANDLE; // Windows 2000 only

956

end;

957

SYSTEM_CRASH_DUMP_INFORMATION = _SYSTEM_CRASH_DUMP_INFORMATION;

958

PSYSTEM_CRASH_DUMP_INFORMATION = ^SYSTEM_CRASH_DUMP_INFORMATION;

959

960

_SYSTEM_EXCEPTION_INFORMATION = record // Information Class 33

961

AlignmentFixupCount: ULONG;

962

ExceptionDispatchCount: ULONG;

963

FloatingEmulationCount: ULONG;

964

Reserved: ULONG;

965

end;

966

SYSTEM_EXCEPTION_INFORMATION = _SYSTEM_EXCEPTION_INFORMATION;

967

PSYSTEM_EXCEPTION_INFORMATION = ^SYSTEM_EXCEPTION_INFORMATION;

968

969

_SYSTEM_CRASH_STATE_INFORMATION = record // Information Class 34

970

ValidCrashDump: ULONG;

971

Unknown: ULONG; // Windows 2000 only

972

end;

973

SYSTEM_CRASH_STATE_INFORMATION = _SYSTEM_CRASH_STATE_INFORMATION;

974

PSYSTEM_CRASH_STATE_INFORMATION = ^SYSTEM_CRASH_STATE_INFORMATION;

975

976

_SYSTEM_KERNEL_DEBUGGER_INFORMATION = record // Information Class 35

977

DebuggerEnabled: ByteBool;

978

DebuggerNotPresent: ByteBool;

979

end;

980

SYSTEM_KERNEL_DEBUGGER_INFORMATION = _SYSTEM_KERNEL_DEBUGGER_INFORMATION;

981

PSYSTEM_KERNEL_DEBUGGER_INFORMATION = ^SYSTEM_KERNEL_DEBUGGER_INFORMATION;

982

983

_SYSTEM_CONTEXT_SWITCH_INFORMATION = record // Information Class 36

984

ContextSwitches: ULONG;

985

ContextSwitchCounters: array [0..10] of ULONG;

986

end;

987

SYSTEM_CONTEXT_SWITCH_INFORMATION = _SYSTEM_CONTEXT_SWITCH_INFORMATION;

988

PSYSTEM_CONTEXT_SWITCH_INFORMATION = ^SYSTEM_CONTEXT_SWITCH_INFORMATION;

989

990

_SYSTEM_REGISTRY_QUOTA_INFORMATION = record // Information Class 37

991

RegistryQuota: ULONG;

992

RegistryQuotaInUse: ULONG;

993

PagedPoolSize: ULONG;

994

end;

995

SYSTEM_REGISTRY_QUOTA_INFORMATION = _SYSTEM_REGISTRY_QUOTA_INFORMATION;

996

PSYSTEM_REGISTRY_QUOTA_INFORMATION = ^SYSTEM_REGISTRY_QUOTA_INFORMATION;

997

998

_SYSTEM_LOAD_AND_CALL_IMAGE = record // Information Class 38

999

ModuleName: UNICODE_STRING;

1000

end;

1001

SYSTEM_LOAD_AND_CALL_IMAGE = _SYSTEM_LOAD_AND_CALL_IMAGE;

1002

PSYSTEM_LOAD_AND_CALL_IMAGE = ^SYSTEM_LOAD_AND_CALL_IMAGE;

1003

1004

_SYSTEM_PRIORITY_SEPARATION = record // Information Class 39

1005

PrioritySeparation: ULONG;

1006

end;

1007

SYSTEM_PRIORITY_SEPARATION = _SYSTEM_PRIORITY_SEPARATION;

1008

PSYSTEM_PRIORITY_SEPARATION = ^SYSTEM_PRIORITY_SEPARATION;

1009

1010

_SYSTEM_TIME_ZONE_INFORMATION = record // Information Class 44

1011

Bias: LONG;

1012

StandardName: array [0..31] of WCHAR;

1013

StandardDate: SYSTEMTIME;

1014

StandardBias: LONG;

1015

DaylightName: array [0..31] of WCHAR;

1016

DaylightDate: SYSTEMTIME;

1017

DaylightBias: LONG;

1018

end;

1019

SYSTEM_TIME_ZONE_INFORMATION = _SYSTEM_TIME_ZONE_INFORMATION;

1020

PSYSTEM_TIME_ZONE_INFORMATION = ^SYSTEM_TIME_ZONE_INFORMATION;

1021

1022

_SYSTEM_LOOKASIDE_INFORMATION = record // Information Class 45

1023

Depth: USHORT;

1024

MaximumDepth: USHORT;

1025

TotalAllocates: ULONG;

1026

AllocateMisses: ULONG;

1027

TotalFrees: ULONG;

1028

FreeMisses: ULONG;

1029

Type_: POOL_TYPE;

1030

Tag: ULONG;

1031

Size: ULONG;

1032

end;

1033

SYSTEM_LOOKASIDE_INFORMATION = _SYSTEM_LOOKASIDE_INFORMATION;

1034

PSYSTEM_LOOKASIDE_INFORMATION = ^SYSTEM_LOOKASIDE_INFORMATION;

1035

1036

_SYSTEM_SET_TIME_SLIP_EVENT = record // Information Class 46

1037

TimeSlipEvent: HANDLE;

1038

end;

1039

SYSTEM_SET_TIME_SLIP_EVENT = _SYSTEM_SET_TIME_SLIP_EVENT;

1040

PSYSTEM_SET_TIME_SLIP_EVENT = ^SYSTEM_SET_TIME_SLIP_EVENT;

1041

1042

_SYSTEM_CREATE_SESSION = record // Information Class 47

1043

Session: ULONG;

1044

end;

1045

SYSTEM_CREATE_SESSION = _SYSTEM_CREATE_SESSION;

1046

PSYSTEM_CREATE_SESSION = ^SYSTEM_CREATE_SESSION;

1047

1048

_SYSTEM_DELETE_SESSION = record // Information Class 48

1049

Session: ULONG;

1050

end;

1051

SYSTEM_DELETE_SESSION = _SYSTEM_DELETE_SESSION;

1052

PSYSTEM_DELETE_SESSION = ^SYSTEM_DELETE_SESSION;

1053

1054

_SYSTEM_RANGE_START_INFORMATION = record // Information Class 50

1055

SystemRangeStart: PVOID;

1056

end;

1057

SYSTEM_RANGE_START_INFORMATION = _SYSTEM_RANGE_START_INFORMATION;

1058

PSYSTEM_RANGE_START_INFORMATION = ^SYSTEM_RANGE_START_INFORMATION;

1059

1060

_SYSTEM_POOL_BLOCK = record

1061

Allocated: ByteBool;

1062

Unknown: USHORT;

1063

Size: ULONG;

1064

Tag: array [0..3] of CHAR;

1065

end;

1066

SYSTEM_POOL_BLOCK = _SYSTEM_POOL_BLOCK;

1067

PSYSTEM_POOL_BLOCK = ^SYSTEM_POOL_BLOCK;

1068

1069

_SYSTEM_POOL_BLOCKS_INFORMATION = record // Info Classes 14 and 15

1070

PoolSize: ULONG;

1071

PoolBase: PVOID;

1072

Unknown: USHORT;

1073

NumberOfBlocks: ULONG;

1074

PoolBlocks: array [0..0] of SYSTEM_POOL_BLOCK;

1075

end;

1076

SYSTEM_POOL_BLOCKS_INFORMATION = _SYSTEM_POOL_BLOCKS_INFORMATION;

1077

PSYSTEM_POOL_BLOCKS_INFORMATION = ^SYSTEM_POOL_BLOCKS_INFORMATION;

1078

1079

_SYSTEM_MEMORY_USAGE = record

1080

Name: PVOID;

1081

Valid: USHORT;

1082

Standby: USHORT;

1083

Modified: USHORT;

1084

PageTables: USHORT;

1085

end;

1086

SYSTEM_MEMORY_USAGE = _SYSTEM_MEMORY_USAGE;

1087

PSYSTEM_MEMORY_USAGE = ^SYSTEM_MEMORY_USAGE;

1088

1089

_SYSTEM_MEMORY_USAGE_INFORMATION = record // Info Classes 25 and 29

1090

Reserved: ULONG;

1091

EndOfData: PVOID;

1092

MemoryUsage: array [0..0] of SYSTEM_MEMORY_USAGE;

1093

end;

1094

SYSTEM_MEMORY_USAGE_INFORMATION = _SYSTEM_MEMORY_USAGE_INFORMATION;

1095

PSYSTEM_MEMORY_USAGE_INFORMATION = ^SYSTEM_MEMORY_USAGE_INFORMATION;

1096

1097

1098

function NtQuerySystemEnvironmentValue(Name: PUNICODE_STRING; Value: PVOID; ValueLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall; external ntdll name 'NtQuerySystemEnvironmentValue';

1099

function NtSetSystemEnvironmentValue(Name: PUNICODE_STRING; Value: PUNICODE_STRING): NTSTATUS; stdcall;external ntdll name 'NtSetSystemEnvironmentValue';

1100

1101

type

1102

_SHUTDOWN_ACTION = (

1103

ShutdownNoReboot,

1104

ShutdownReboot,

1105

ShutdownPowerOff);

1106

SHUTDOWN_ACTION = _SHUTDOWN_ACTION;

1107

1108

function NtShutdownSystem(Action: SHUTDOWN_ACTION): NTSTATUS; stdcall;external ntdll name 'NtShutdownSystem';

1109

1110

type

1111

_DEBUG_CONTROL_CODE = (

1112

DebugFiller0,

1113

DebugGetTraceInformation,

1114

DebugSetInternalBreakpoint,

1115

DebugSetSpecialCall,

1116

DebugClearSpecialCalls,

1117

DebugQuerySpecialCalls,

1118

DebugDbgBreakPoint);

1119

DEBUG_CONTROL_CODE = _DEBUG_CONTROL_CODE;

1120

1121

function NtSystemDebugControl(ControlCode: DEBUG_CONTROL_CODE; InputBuffer: PVOID; InputBufferLength: ULONG; OutputBuffer: PVOID; OutputBufferLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall;external ntdll name 'NtSystemDebugControl';

1122

1123

type

1124

_OBJECT_INFORMATION_CLASS = (

1125

ObjectBasicInformation,

1126

ObjectNameInformation,

1127

ObjectTypeInformation,

1128

ObjectAllTypesInformation,

1129

ObjectHandleInformation);

1130

OBJECT_INFORMATION_CLASS = _OBJECT_INFORMATION_CLASS;

1131

1132

function NtQueryObject(ObjectHandle: HANDLE; ObjectInformationClass: OBJECT_INFORMATION_CLASS; ObjectInformation: PVOID; ObjectInformationLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall; external ntdll name 'NtQueryObject';

1133

function NtSetInformationObject(ObjectHandle: HANDLE; ObjectInformationClass: OBJECT_INFORMATION_CLASS; ObjectInformation: PVOID; ObjectInformationLength: ULONG): NTSTATUS; stdcall; external ntdll name 'NtSetInformationObject';

1134

1135

type

1136

_OBJECT_BASIC_INFORMATION = record // Information Class 0

1137

Attributes: ULONG;

1138

GrantedAccess: ACCESS_MASK;

1139

HandleCount: ULONG;

1140

PointerCount: ULONG;

1141

PagedPoolUsage: ULONG;

1142

NonPagedPoolUsage: ULONG;

1143

Reserved: array [0..2] of ULONG;

1144

NameInformationLength: ULONG;

1145

TypeInformationLength: ULONG;

1146

SecurityDescriptorLength: ULONG;

1147

CreateTime: LARGE_INTEGER;

1148

end;

1149

OBJECT_BASIC_INFORMATION = _OBJECT_BASIC_INFORMATION;

1150

POBJECT_BASIC_INFORMATION = ^OBJECT_BASIC_INFORMATION;

1151

1152

_OBJECT_TYPE_INFORMATION = record // Information Class 2

1153

Name: UNICODE_STRING;

1154

ObjectCount: ULONG;

1155

HandleCount: ULONG;

1156

Reserved1: array [0..3] of ULONG;

1157

PeakObjectCount: ULONG;

1158

PeakHandleCount: ULONG;

1159

Reserved2: array [0..3] of ULONG;

1160

InvalidAttributes: ULONG;

1161

GenericMapping: GENERIC_MAPPING;

1162

ValidAccess: ULONG;

1163

Unknown: UCHAR;

1164

MaintainHandleDatabase: ByteBool;

1165

Reserved3: array [0..1] of UCHAR;

1166

PoolType: POOL_TYPE;

1167

PagedPoolUsage: ULONG;

1168

NonPagedPoolUsage: ULONG;

1169

end;

1170

OBJECT_TYPE_INFORMATION = _OBJECT_TYPE_INFORMATION;

1171

POBJECT_TYPE_INFORMATION = ^OBJECT_TYPE_INFORMATION;

1172

1173

_OBJECT_ALL_TYPES_INFORMATION = record // Information Class 3

1174

NumberOfTypes: ULONG;

1175

TypeInformation: OBJECT_TYPE_INFORMATION;

1176

end;

1177

OBJECT_ALL_TYPES_INFORMATION = _OBJECT_ALL_TYPES_INFORMATION;

1178

POBJECT_ALL_TYPES_INFORMATION = ^OBJECT_ALL_TYPES_INFORMATION;

1179

1180

_OBJECT_HANDLE_ATTRIBUTE_INFORMATION = record // Information Class 4

1181

Inherit: ByteBool;

1182

ProtectFromClose: ByteBool;

1183

end;

1184

OBJECT_HANDLE_ATTRIBUTE_INFORMATION = _OBJECT_HANDLE_ATTRIBUTE_INFORMATION;

1185

POBJECT_HANDLE_ATTRIBUTE_INFORMATION = ^OBJECT_HANDLE_ATTRIBUTE_INFORMATION;

1186

1187

function NtDuplicateObject(SourceProcessHandle: HANDLE; SourceHandle: HANDLE; TargetProcessHandle: HANDLE; TargetHandle: PHANDLE; DesiredAccess: ACCESS_MASK; Attributes: ULONG; Options: ULONG): NTSTATUS; stdcall; external ntdll name 'NtDuplicateObject';

1188

function NtMakeTemporaryObject(Handle: HANDLE): NTSTATUS; stdcall; external ntdll name 'NtMakeTemporaryObject';

1189

function NtClose(Handle: HANDLE): NTSTATUS; stdcall; external ntdll name 'NtClose';

1190

function NtQuerySecurityObject(Handle: HANDLE; RequestedInformation: SECURITY_INFORMATION; SecurityDescriptor: PSECURITY_DESCRIPTOR; SecurityDescriptorLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall; external ntdll name 'NtQuerySecurityObject';

1191

function NtSetSecurityObject(Handle: HANDLE; SecurityInformation: SECURITY_INFORMATION; SecurityDescriptor: PSECURITY_DESCRIPTOR): NTSTATUS; stdcall; external ntdll name 'NtSetSecurityObject';

1192

function NtCreateDirectoryObject(DirectoryHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall; external ntdll name 'NtCreateDirectoryObject';

1193

function NtOpenDirectoryObject(DirectoryHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall; external ntdll name 'NtOpenDirectoryObject';

1194

function NtQueryDirectoryObject(DirectoryHandle: HANDLE; Buffer: PVOID; BufferLength: ULONG; ReturnSingleEntry: ByteBool; RestartScan: ByteBool; Context: PULONG; ReturnLength: PULONG): NTSTATUS; stdcall; external ntdll name 'NtQueryDirectoryObject';

1195

1196

type

1197

_DIRECTORY_BASIC_INFORMATION = record

1198

ObjectName: UNICODE_STRING;

1199

ObjectTypeName: UNICODE_STRING;

1200

end;

1201

DIRECTORY_BASIC_INFORMATION = _DIRECTORY_BASIC_INFORMATION;

1202

PDIRECTORY_BASIC_INFORMATION = ^DIRECTORY_BASIC_INFORMATION;

1203

1204

function NtCreateSymbolicLinkObject(SymbolicLinkHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; TargetName: PUNICODE_STRING): NTSTATUS; stdcall; external ntdll name 'NtCreateSymbolicLinkObject';

1205

function NtOpenSymbolicLinkObject(SymbolicLinkHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall; external ntdll name 'NtOpenSymbolicLinkObject';

1206

function NtQuerySymbolicLinkObject(SymbolicLinkHandle: HANDLE; TargetName: PUNICODE_STRING; ReturnLength: PULONG): NTSTATUS; stdcall; external ntdll name 'NtQuerySymbolicLinkObject';

1207

function NtAllocateVirtualMemory(ProcessHandle: HANDLE; BaseAddress: PPVOID; ZeroBits: ULONG; AllocationSize: PULONG; AllocationType: ULONG; Protect: ULONG): NTSTATUS; stdcall; external ntdll name 'NtAllocateVirtualMemory';

1208

function NtFreeVirtualMemory(ProcessHandle: HANDLE; BaseAddress: PPVOID; FreeSize: PULONG; FreeType: ULONG): NTSTATUS; stdcall; external ntdll name 'NtFreeVirtualMemory';

1209

1210

type

1211

_MEMORY_INFORMATION_CLASS = (

1212

MemoryBasicInformation,

1213

MemoryWorkingSetList,

1214

MemorySectionName,

1215

MemoryBasicVlmInformation);

1216

MEMORY_INFORMATION_CLASS = _MEMORY_INFORMATION_CLASS;

1217

1218

function NtQueryVirtualMemory(ProcessHandle: HANDLE; BaseAddress: PVOID; MemoryInformationClass: MEMORY_INFORMATION_CLASS; MemoryInformation: PVOID; MemoryInformationLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall; external ntdll name 'NtQueryVirtualMemory';

1219

1220

type

1221

_MEMORY_BASIC_INFORMATION = record // Information Class 0

1222

BaseAddress: PVOID;

1223

AllocationBase: PVOID;

1224

AllocationProtect: ULONG;

1225

RegionSize: ULONG;

1226

State: ULONG;

1227

Protect: ULONG;

1228

Type_: ULONG;

1229

end;

1230

MEMORY_BASIC_INFORMATION = _MEMORY_BASIC_INFORMATION;

1231

PMEMORY_BASIC_INFORMATION = ^MEMORY_BASIC_INFORMATION;

1232

1233

_MEMORY_WORKING_SET_LIST = record // Information Class 1

1234

NumberOfPages: ULONG;

1235

WorkingSetList: array [0..0] of ULONG;

1236

end;

1237

MEMORY_WORKING_SET_LIST = _MEMORY_WORKING_SET_LIST;

1238

PMEMORY_WORKING_SET_LIST = ^MEMORY_WORKING_SET_LIST;

1239

1240

_MEMORY_SECTION_NAME = record // Information Class 2

1241

SectionFileName: UNICODE_STRING;

1242

end;

1243

MEMORY_SECTION_NAME = _MEMORY_SECTION_NAME;

1244

PMEMORY_SECTION_NAME = ^MEMORY_SECTION_NAME;

1245

1246

function NtLockVirtualMemory(ProcessHandle: HANDLE; BaseAddress: PPVOID; LockSize: PULONG; LockType: ULONG): NTSTATUS; stdcall; external ntdll name 'NtLockVirtualMemory';

1247

function NtUnlockVirtualMemory(ProcessHandle: HANDLE; BaseAddress: PPVOID; LockSize: PULONG; LockType: ULONG): NTSTATUS; stdcall; external ntdll name 'NtUnlockVirtualMemory';

1248

function NtReadVirtualMemory(ProcessHandle: HANDLE; BaseAddress: PVOID; Buffer: PVOID; BufferLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall; external ntdll name 'NtReadVirtualMemory';

1249

function NtWriteVirtualMemory(ProcessHandle: HANDLE; BaseAddress: PVOID; Buffer: PVOID; BufferLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall; external ntdll name 'NtWriteVirtualMemory';

1250

function NtProtectVirtualMemory(ProcessHandle: HANDLE; BaseAddress: PPVOID; ProtectSize: PULONG; NewProtect: ULONG; OldProtect: PULONG): NTSTATUS; stdcall; external ntdll name 'NtProtectVirtualMemory';

1251

function NtFlushVirtualMemory(ProcessHandle: HANDLE; BaseAddress: PPVOID; FlushSize: PULONG; IoStatusBlock: PIO_STATUS_BLOCK): NTSTATUS; stdcall; external ntdll name 'NtFlushVirtualMemory';

1252

function NtAllocateUserPhysicalPages(ProcessHandle: HANDLE; NumberOfPages: PULONG; PageFrameNumbers: PULONG): NTSTATUS; stdcall; external ntdll name 'NtAllocateUserPhysicalPages';

1253

function NtFreeUserPhysicalPages(ProcessHandle: HANDLE; NumberOfPages: PULONG; PageFrameNumbers: PULONG): NTSTATUS; stdcall; external ntdll name 'NtFreeUserPhysicalPages';

1254

function NtMapUserPhysicalPages(BaseAddress: PVOID; NumberOfPages: PULONG; PageFrameNumbers: PULONG): NTSTATUS; stdcall; external ntdll name 'NtMapUserPhysicalPages';

1255

function NtMapUserPhysicalPagesScatter(BaseAddresses: PPVOID; NumberOfPages: PULONG; PageFrameNumbers: PULONG): NTSTATUS; stdcall; external ntdll name 'NtMapUserPhysicalPagesScatter';

1256

function NtGetWriteWatch(ProcessHandle: HANDLE; Flags: ULONG; BaseAddress: PVOID; RegionSize: ULONG; Buffer: PULONG; BufferEntries: PULONG; Granularity: PULONG): NTSTATUS; stdcall; external ntdll name 'NtGetWriteWatch';

1257

function NtResetWriteWatch(ProcessHandle: HANDLE; BaseAddress: PVOID; RegionSize: ULONG): NTSTATUS; stdcall; external ntdll name 'NtResetWriteWatch';

1258

function NtCreateSection(SectionHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; SectionSize: PLARGE_INTEGER; Protect: ULONG; Attributes: ULONG; FileHandle: HANDLE): NTSTATUS; stdcall; external ntdll name 'NtCreateSection';

1259

function NtOpenSection(SectionHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall; external ntdll name 'NtOpenSection';

1260

1261

type

1262

_SECTION_INFORMATION_CLASS = (

1263

SectionBasicInformation,

1264

SectionImageInformation);

1265

SECTION_INFORMATION_CLASS = _SECTION_INFORMATION_CLASS;

1266

1267

function NtQuerySection(SectionHandle: HANDLE; SectionInformationClass: SECTION_INFORMATION_CLASS; SectionInformation: PVOID; SectionInformationLength: ULONG; ResultLength: PULONG): NTSTATUS; stdcall; external ntdll name 'NtQuerySection';

1268

1269

type

1270

_SECTION_BASIC_INFORMATION = record // Information Class 0

1271

BaseAddress: PVOID;

1272

Attributes: ULONG;

1273

Size: LARGE_INTEGER;

1274

end;

1275

SECTION_BASIC_INFORMATION = _SECTION_BASIC_INFORMATION;

1276

PSECTION_BASIC_INFORMATION = ^SECTION_BASIC_INFORMATION;

1277

1278

_SECTION_IMAGE_INFORMATION = record // Information Class 1

1279

EntryPoint: PVOID;

1280

Unknown1: ULONG;

1281

StackReserve: ULONG;

1282

StackCommit: ULONG;

1283

Subsystem: ULONG;

1284

MinorSubsystemVersion: USHORT;

1285

MajorSubsystemVersion: USHORT;

1286

Unknown2: ULONG;

1287

Characteristics: ULONG;

1288

ImageNumber: USHORT;

1289

Executable: ByteBool;

1290

Unknown3: UCHAR;

1291

Unknown4: array [0..2] of ULONG;

1292

end;

1293

SECTION_IMAGE_INFORMATION = _SECTION_IMAGE_INFORMATION;

1294

PSECTION_IMAGE_INFORMATION = ^SECTION_IMAGE_INFORMATION;

1295

1296

function NtExtendSection(SectionHandle: HANDLE; SectionSize: PLARGE_INTEGER): NTSTATUS; stdcall; external ntdll name 'NtExtendSection';

1297

function NtMapViewOfSection(SectionHandle: HANDLE; ProcessHandle: HANDLE; BaseAddress: PPVOID; ZeroBits: ULONG; CommitSize: ULONG; SectionOffset: PLARGE_INTEGER; ViewSize: PULONG; InheritDisposition: SECTION_INHERIT; AllocationType: ULONG; Protect: ULONG): NTSTATUS; stdcall; external ntdll name 'NtMapViewOfSection';

1298

function NtUnmapViewOfSection(ProcessHandle: HANDLE; BaseAddress: PVOID): NTSTATUS; stdcall; external ntdll name 'NtUnmapViewOfSection';

1299

function NtAreMappedFilesTheSame(Address1: PVOID; Address2: PVOID): NTSTATUS; stdcall; external ntdll name 'NtAreMappedFilesTheSame';

1300

1301

type

1302

_USER_STACK = record

1303

FixedStackBase: PVOID;

1304

FixedStackLimit: PVOID;

1305

ExpandableStackBase: PVOID;

1306

ExpandableStackLimit: PVOID;

1307

ExpandableStackBottom: PVOID;

1308

end;

1309

USER_STACK = _USER_STACK;

1310

PUSER_STACK = ^USER_STACK;

1311

1312

function NtCreateThread(ThreadHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; ProcessHandle: HANDLE; ClientId: PCLIENT_ID; ThreadContext: PCONTEXT; UserStack: PUSER_STACK; CreateSuspended: ByteBool): NTSTATUS; stdcall; external ntdll name 'NtCreateThread';

1313

function NtOpenThread(ThreadHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; ClientId: PCLIENT_ID): NTSTATUS; stdcall; external ntdll name 'NtOpenThread';

1314

function NtTerminateThread(ThreadHandle: HANDLE; ExitStatus: NTSTATUS): NTSTATUS; stdcall; external ntdll name 'NtTerminateThread';

1315

function NtQueryInformationThread(ThreadHandle: HANDLE; ThreadInformationClass: THREADINFOCLASS; ThreadInformation: PVOID; ThreadInformationLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall; external ntdll name 'NtQueryInformationThread';

1316

function NtSetInformationThread(ThreadHandle: HANDLE; ThreadInformationClass: THREADINFOCLASS; ThreadInformation: PVOID; ThreadInformationLength: ULONG): NTSTATUS; stdcall; external ntdll name 'NtSetInformationThread';

1317

1318

type

1319

_THREAD_BASIC_INFORMATION = record // Information Class 0

1320

ExitStatus: NTSTATUS;

1321

TebBaseAddress: PNT_TIB;

1322

ClientId: CLIENT_ID;

1323

AffinityMask: KAFFINITY;

1324

Priority: KPRIORITY;

1325

BasePriority: KPRIORITY;

1326

end;

1327

THREAD_BASIC_INFORMATION = _THREAD_BASIC_INFORMATION;

1328

PTHREAD_BASIC_INFORMATION = ^THREAD_BASIC_INFORMATION;

1329

1330

function NtSuspendThread(ThreadHandle: HANDLE; PreviousSuspendCount: PULONG): NTSTATUS; stdcall; external ntdll name 'NtSuspendThread';

1331

function NtResumeThread(ThreadHandle: HANDLE; PreviousSuspendCount: PULONG): NTSTATUS; stdcall; external ntdll name 'NtResumeThread';

1332

function NtGetContextThread(ThreadHandle: HANDLE; Context: PCONTEXT): NTSTATUS; stdcall; external ntdll name 'NtGetContextThread';

1333

function NtSetContextThread(ThreadHandle: HANDLE; Context: PCONTEXT): NTSTATUS; stdcall; external ntdll name 'NtSetContextThread';

1334

function NtQueueApcThread(ThreadHandle: HANDLE; ApcRoutine: PKNORMAL_ROUTINE; ApcContext: PVOID; Argument1: PVOID; Argument2: PVOID): NTSTATUS; stdcall; external ntdll name 'NtQueueApcThread';

1335

function NtTestAlert: NTSTATUS; stdcall; external ntdll name 'NtTestAlert';

1336

function NtAlertThread(ThreadHandle: HANDLE): NTSTATUS; stdcall; external ntdll name 'NtAlertThread';

1337

function NtAlertResumeThread(ThreadHandle: HANDLE; PreviousSuspendCount: PULONG): NTSTATUS; stdcall; external ntdll name 'NtAlertResumeThread';

1338

function NtRegisterThreadTerminatePort(PortHandle: HANDLE): NTSTATUS; stdcall; external ntdll name 'NtRegisterThreadTerminatePort';

1339

function NtImpersonateThread(ThreadHandle: HANDLE; TargetThreadHandle: HANDLE; SecurityQos: PSECURITY_QUALITY_OF_SERVICE): NTSTATUS; stdcall; external ntdll name 'NtImpersonateThread';

1340

function NtImpersonateAnonymousToken(ThreadHandle: HANDLE): NTSTATUS; stdcall; external ntdll name 'NtImpersonateAnonymousToken';

1341

function NtCreateProcess(ProcessHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; InheritFromProcessHandle: HANDLE; InheritHandles: ByteBool; SectionHandle: HANDLE; DebugPort: HANDLE; ExceptionPort: HANDLE): NTSTATUS; stdcall; external ntdll name 'NtCreateProcess';

1342

function NtOpenProcess(ProcessHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; ClientId: PCLIENT_ID): NTSTATUS; stdcall; external ntdll name 'NtOpenProcess';

1343

function NtTerminateProcess(ProcessHandle: HANDLE; ExitStatus: NTSTATUS): NTSTATUS; stdcall; external ntdll name 'NtTerminateProcess';

1344

function NtQueryInformationProcess(ProcessHandle: HANDLE; ProcessInformationClass: PROCESSINFOCLASS; ProcessInformation: PVOID; ProcessInformationLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall; external ntdll name 'NtQueryInformationProcess';

1345

function NtSetInformationProcess(ProcessHandle: HANDLE; ProcessInformationClass: PROCESSINFOCLASS; ProcessInformation: PVOID; ProcessInformationLength: ULONG): NTSTATUS; stdcall; external ntdll name 'NtSetInformationProcess';

1346

1347

type

1348

_PROCESS_PRIORITY_CLASS = record // Information Class 18

1349

Foreground: ByteBool;

1350

PriorityClass: UCHAR;

1351

end;

1352

PROCESS_PRIORITY_CLASS = _PROCESS_PRIORITY_CLASS;

1353

PPROCESS_PRIORITY_CLASS = ^PROCESS_PRIORITY_CLASS;

1354

1355

_PROCESS_PARAMETERS = record

1356

AllocationSize: ULONG;

1357

Size: ULONG;

1358

Flags: ULONG;

1359

Zero: ULONG;

1360

Console: LONG;

1361

ProcessGroup: ULONG;

1362

hStdInput: HANDLE;

1363

hStdOutput: HANDLE;

1364

hStdError: HANDLE;

1365

CurrentDirectoryName: UNICODE_STRING;

1366

CurrentDirectoryHandle: HANDLE;

1367

DllPath: UNICODE_STRING;

1368

ImageFile: UNICODE_STRING;

1369

CommandLine: UNICODE_STRING;

1370

Environment: PWSTR;

1371

dwX: ULONG;

1372

dwY: ULONG;

1373

dwXSize: ULONG;

1374

dwYSize: ULONG;

1375

dwXCountChars: ULONG;

1376

dwYCountChars: ULONG;

1377

dwFillAttribute: ULONG;

1378

dwFlags: ULONG;

1379

wShowWindow: ULONG;

1380

WindowTitle: UNICODE_STRING;

1381

Desktop: UNICODE_STRING;

1382

Reserved: UNICODE_STRING;

1383

Reserved2: UNICODE_STRING;

1384

end;

1385

PROCESS_PARAMETERS = _PROCESS_PARAMETERS;

1386

PPROCESS_PARAMETERS = ^PROCESS_PARAMETERS;

1387

PPPROCESS_PARAMETERS = ^PPROCESS_PARAMETERS;

1388

1389

function RtlCreateProcessParameters(ProcessParameters: PPPROCESS_PARAMETERS; ImageFile: PUNICODE_STRING; DllPath: PUNICODE_STRING; CurrentDirectory: PUNICODE_STRING; CommandLine: PUNICODE_STRING; CreationFlags: ULONG; WindowTitle: PUNICODE_STRING; Desktop: PUNICODE_STRING; Reserved: PUNICODE_STRING; Reserved2: PUNICODE_STRING): NTSTATUS; stdcall; external ntdll name 'RtlCreateProcessParameters';

1390

function RtlDestroyProcessParameters(ProcessParameters: PPROCESS_PARAMETERS): NTSTATUS; stdcall; external ntdll name 'RtlDestroyProcessParameters';

1391

1392

type

1393

_DEBUG_BUFFER = record

1394

SectionHandle: HANDLE;

1395

SectionBase: PVOID;

1396

RemoteSectionBase: PVOID;

1397

SectionBaseDelta: ULONG;

1398

EventPairHandle: HANDLE;

1399

Unknown: array [0..1] of ULONG;

1400

RemoteThreadHandle: HANDLE;

1401

InfoClassMask: ULONG;

1402

SizeOfInfo: ULONG;

1403

AllocatedSize: ULONG;

1404

SectionSize: ULONG;

1405

ModuleInformation: PVOID;

1406

BackTraceInformation: PVOID;

1407

HeapInformation: PVOID;

1408

LockInformation: PVOID;

1409

Reserved: array [0..7] of PVOID;

1410

end;

1411

DEBUG_BUFFER = _DEBUG_BUFFER;

1412

PDEBUG_BUFFER = ^DEBUG_BUFFER;

1413

1414

const

1415

PDI_MODULES = $01;

1416

PDI_BACKTRACE = $02;

1417

PDI_HEAPS = $04;

1418

PDI_HEAP_TAGS = $08;

1419

PDI_HEAP_BLOCKS = $10;

1420

PDI_LOCKS = $20;

1421

1422

type

1423

_DEBUG_MODULE_INFORMATION = record // c.f. SYSTEM_MODULE_INFORMATION

1424

Reserved: array [0..1] of ULONG;

1425

Base: ULONG;

1426

Size: ULONG;

1427

Flags: ULONG;

1428

Index: USHORT;

1429

Unknown: USHORT;

1430

LoadCount: USHORT;

1431

ModuleNameOffset: USHORT;

1432

ImageName: array [0..255] of CHAR;

1433

end;

1434

DEBUG_MODULE_INFORMATION = _DEBUG_MODULE_INFORMATION;

1435

PDEBUG_MODULE_INFORMATION = ^DEBUG_MODULE_INFORMATION;

1436

1437

_DEBUG_HEAP_INFORMATION = record

1438

Base: ULONG;

1439

Flags: ULONG;

1440

Granularity: USHORT;

1441

Unknown: USHORT;

1442

Allocated: ULONG;

1443

Committed: ULONG;

1444

TagCount: ULONG;

1445

BlockCount: ULONG;

1446

Reserved: array [0..6] of ULONG;

1447

Tags: PVOID;

1448

Blocks: PVOID;

1449

end;

1450

DEBUG_HEAP_INFORMATION = _DEBUG_HEAP_INFORMATION;

1451

PDEBUG_HEAP_INFORMATION = ^DEBUG_HEAP_INFORMATION;

1452

1453

_DEBUG_LOCK_INFORMATION = record // c.f. SYSTEM_LOCK_INFORMATION

1454

Address: PVOID;

1455

Type_: USHORT;

1456

CreatorBackTraceIndex: USHORT;

1457

OwnerThreadId: ULONG;

1458

ActiveCount: ULONG;

1459

ContentionCount: ULONG;

1460

EntryCount: ULONG;

1461

RecursionCount: ULONG;

1462

NumberOfSharedWaiters: ULONG;

1463

NumberOfExclusiveWaiters: ULONG;

1464

end;

1465

DEBUG_LOCK_INFORMATION = _DEBUG_LOCK_INFORMATION;

1466

PDEBUG_LOCK_INFORMATION = ^DEBUG_LOCK_INFORMATION;

1467

1468

function RtlCreateQueryDebugBuffer(Size: ULONG; EventPair: ByteBool): PDEBUG_BUFFER; stdcall; external ntdll name 'RtlCreateQueryDebugBuffer';

1469

function RtlQueryProcessDebugInformation(ProcessId: ULONG; DebugInfoClassMask: ULONG; DebugBuffer: PDEBUG_BUFFER): NTSTATUS; stdcall; external ntdll name 'RtlQueryProcessDebugInformation';

1470

function RtlDestroyQueryDebugBuffer(DebugBuffer: PDEBUG_BUFFER): NTSTATUS; stdcall; external ntdll name 'RtlDestroyQueryDebugBuffer';

1471

function NtCreateJobObject(JobHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall; external ntdll name 'NtCreateJobObject';

1472

function NtOpenJobObject(JobHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall; external ntdll name 'NtOpenJobObject';

1473

function NtTerminateJobObject(JobHandle: HANDLE; ExitStatus: NTSTATUS): NTSTATUS; stdcall; external ntdll name 'NtTerminateJobObject';

1474

function NtAssignProcessToJobObject(JobHandle: HANDLE; ProcessHandle: HANDLE): NTSTATUS; stdcall; external ntdll name 'NtAssignProcessToJobObject';

1475

function NtQueryInformationJobObject(JobHandle: HANDLE; JobInformationClass: JOBOBJECTINFOCLASS; JobInformation: PVOID; JobInformationLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall; external ntdll name 'NtQueryInformationJobObject';

1476

function NtSetInformationJobObject(JobHandle: HANDLE; JobInformationClass: JOBOBJECTINFOCLASS; JobInformation: PVOID; JobInformationLength: ULONG): NTSTATUS; stdcall; external ntdll name 'NtSetInformationJobObject';

1477

function NtCreateToken(TokenHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; Type_: TOKEN_TYPE; AuthenticationId: PLUID; ExpirationTime: PLARGE_INTEGER; User: PTOKEN_USER; Groups: PTOKEN_GROUPS; Privileges: PTOKEN_PRIVILEGES; Owner: PTOKEN_OWNER; PrimaryGroup: PTOKEN_PRIMARY_GROUP; DefaultDacl: PTOKEN_DEFAULT_DACL; Source: PTOKEN_SOURCE): NTSTATUS; stdcall; external ntdll name 'NtCreateToken';

1478

function NtOpenProcessToken(ProcessHandle: HANDLE; DesiredAccess: ACCESS_MASK; TokenHandle: PHANDLE): NTSTATUS; stdcall; external ntdll name 'NtOpenProcessToken';

1479

function NtOpenThreadToken(ThreadHandle: HANDLE; DesiredAccess: ACCESS_MASK; OpenAsSelf: ByteBool; TokenHandle: PHANDLE): NTSTATUS; stdcall; external ntdll name 'NtOpenThreadToken';

1480

function NtDuplicateToken(ExistingTokenHandle: HANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; EffectiveOnly: ByteBool; TokenType: TOKEN_TYPE; NewTokenHandle: PHANDLE): NTSTATUS; stdcall; external ntdll name 'NtDuplicateToken';

1481

function NtFilterToken(ExistingTokenHandle: HANDLE; Flags: ULONG; SidsToDisable: PTOKEN_GROUPS; PrivilegesToDelete: PTOKEN_PRIVILEGES; SidsToRestricted: PTOKEN_GROUPS; NewTokenHandle: PHANDLE): NTSTATUS; stdcall; external ntdll name 'NtFilterToken';

1482

function NtAdjustPrivilegesToken(TokenHandle: HANDLE; DisableAllPrivileges: ByteBool; NewState: PTOKEN_PRIVILEGES; BufferLength: ULONG; PreviousState: PTOKEN_PRIVILEGES; ReturnLength: PULONG): NTSTATUS; stdcall; external ntdll name 'NtAdjustPrivilegesToken';

1483

function NtAdjustGroupsToken(TokenHandle: HANDLE; ResetToDefault: ByteBool; NewState: PTOKEN_GROUPS; BufferLength: ULONG; PreviousState: PTOKEN_GROUPS; ReturnLength: PULONG): NTSTATUS; stdcall; external ntdll name 'NtAdjustGroupsToken';

1484

function NtQueryInformationToken(TokenHandle: HANDLE; TokenInformationClass: TOKEN_INFORMATION_CLASS; TokenInformation: PVOID; TokenInformationLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall; external ntdll name 'NtQueryInformationToken';

1485

function NtSetInformationToken(TokenHandle: HANDLE; TokenInformationClass: TOKEN_INFORMATION_CLASS; TokenInformation: PVOID; TokenInformationLength: ULONG): NTSTATUS; stdcall; external ntdll name 'NtSetInformationToken';

1486

function NtWaitForSingleObject(Handle: HANDLE; Alertable: ByteBool; Timeout: PLARGE_INTEGER): NTSTATUS; stdcall; external ntdll name 'NtWaitForSingleObject';

1487

function NtSignalAndWaitForSingleObject(HandleToSignal: HANDLE; HandleToWait: HANDLE; Alertable: ByteBool; Timeout: PLARGE_INTEGER): NTSTATUS; stdcall; external ntdll name 'NtSignalAndWaitForSingleObject';

1488

function NtWaitForMultipleObjects(HandleCount: ULONG; Handles: PHANDLE; WaitType: WAIT_TYPE; Alertable: ByteBool; Timeout: PLARGE_INTEGER): NTSTATUS; stdcall; external ntdll name 'NtWaitForMultipleObjects';

1489

function NtCreateTimer(TimerHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; TimerType: TIMER_TYPE): NTSTATUS; stdcall; external ntdll name 'NtCreateTimer';

1490

function NtOpenTimer(TimerHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall; external ntdll name 'NtOpenTimer';

1491

function NtCancelTimer(TimerHandle: HANDLE; PreviousState: PBOOLEAN): NTSTATUS; stdcall; external ntdll name 'NtCancelTimer';

1492

1493

type

1494

PTIMER_APC_ROUTINE = procedure(TimerContext: PVOID; TimerLowValue: ULONG; TimerHighValue: LONG); stdcall;

1495

1496

function NtSetTimer(TimerHandle: HANDLE; DueTime: PLARGE_INTEGER; TimerApcRoutine: PTIMER_APC_ROUTINE; TimerContext: PVOID; Resume: ByteBool; Period: LONG; PreviousState: PBOOLEAN): NTSTATUS; stdcall; external ntdll name 'NtSetTimer';

1497

1498

type

1499

_TIMER_INFORMATION_CLASS = (TimerBasicInformation);

1500

TIMER_INFORMATION_CLASS = _TIMER_INFORMATION_CLASS;

1501

1502

function NtQueryTimer(TimerHandle: HANDLE; TimerInformationClass: TIMER_INFORMATION_CLASS; TimerInformation: PVOID; TimerInformationLength: ULONG; ResultLength: PULONG): NTSTATUS; stdcall; external ntdll name 'NtQueryTimer';

1503

1504

type

1505

_TIMER_BASIC_INFORMATION = record

1506

TimeRemaining: LARGE_INTEGER;

1507

SignalState: ByteBool;

1508

end;

1509

TIMER_BASIC_INFORMATION = _TIMER_BASIC_INFORMATION;

1510

PTIMER_BASIC_INFORMATION = ^TIMER_BASIC_INFORMATION;

1511

1512

function NtCreateEvent(EventHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; EventType: EVENT_TYPE; InitialState: ByteBool): NTSTATUS; stdcall; external ntdll name 'NtCreateEvent';

1513

function NtOpenEvent(EventHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall; external ntdll name 'NtOpenEvent';

1514

function NtSetEvent(EventHandle: HANDLE; PreviousState: PULONG): NTSTATUS; stdcall; external ntdll name 'NtSetEvent';

1515

function NtPulseEvent(EventHandle: HANDLE; PreviousState: PULONG): NTSTATUS; stdcall; external ntdll name 'NtPulseEvent';

1516

function NtResetEvent(EventHandle: HANDLE; PreviousState: PULONG): NTSTATUS; stdcall; external ntdll name 'NtResetEvent';

1517

function NtClearEvent(EventHandle: HANDLE): NTSTATUS; stdcall; external ntdll name 'NtClearEvent';

1518

1519

type

1520

_EVENT_INFORMATION_CLASS = (EventBasicInformation);

1521

EVENT_INFORMATION_CLASS = _EVENT_INFORMATION_CLASS;

1522

1523

function NtQueryEvent(EventHandle: HANDLE; EventInformationClass: EVENT_INFORMATION_CLASS; EventInformation: PVOID; EventInformationLength: ULONG; ResultLength: PULONG): NTSTATUS; stdcall; external ntdll name 'NtQueryEvent';

1524

1525

type

1526

_EVENT_BASIC_INFORMATION = record

1527

EventType: EVENT_TYPE;

1528

SignalState: LONG;

1529

end;

1530

EVENT_BASIC_INFORMATION = _EVENT_BASIC_INFORMATION;

1531

PEVENT_BASIC_INFORMATION = ^EVENT_BASIC_INFORMATION;

1532

1533

function NtCreateSemaphore(SemaphoreHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; InitialCount: LONG; MaximumCount: LONG): NTSTATUS; stdcall; external ntdll name 'NtCreateSemaphore';

1534

function NtOpenSemaphore(SemaphoreHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall; external ntdll name 'NtOpenSemaphore';

1535

function NtReleaseSemaphore(SemaphoreHandle: HANDLE; ReleaseCount: LONG; PreviousCount: PLONG): NTSTATUS; stdcall; external ntdll name 'NtReleaseSemaphore';

1536

1537

type

1538

_SEMAPHORE_INFORMATION_CLASS = (SemaphoreBasicInformation);

1539

SEMAPHORE_INFORMATION_CLASS = _SEMAPHORE_INFORMATION_CLASS;

1540

1541

function NtQuerySemaphore(SemaphoreHandle: HANDLE; SemaphoreInformationClass: SEMAPHORE_INFORMATION_CLASS; SemaphoreInformation: PVOID; SemaphoreInformationLength: ULONG; ResultLength: PULONG): NTSTATUS; stdcall; external ntdll name 'NtQuerySemaphore';

1542

1543

type

1544

_SEMAPHORE_BASIC_INFORMATION = record

1545

CurrentCount: LONG;

1546

MaximumCount: LONG;

1547

end;

1548

SEMAPHORE_BASIC_INFORMATION = _SEMAPHORE_BASIC_INFORMATION;

1549

PSEMAPHORE_BASIC_INFORMATION = ^SEMAPHORE_BASIC_INFORMATION;

1550

1551

function NtCreateMutant(MutantHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; InitialOwner: ByteBool): NTSTATUS; stdcall; external ntdll name 'NtCreateMutant';

1552

function NtOpenMutant(MutantHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall; external ntdll name 'NtOpenMutant';

1553

function NtReleaseMutant(MutantHandle: HANDLE; PreviousState: PULONG): NTSTATUS; stdcall; external ntdll name 'NtReleaseMutant';

1554

1555

type

1556

_MUTANT_INFORMATION_CLASS = (MutantBasicInformation);

1557

MUTANT_INFORMATION_CLASS = _MUTANT_INFORMATION_CLASS;

1558

1559

function NtQueryMutant(MutantHandle: HANDLE; MutantInformationClass: MUTANT_INFORMATION_CLASS; MutantInformation: PVOID; MutantInformationLength: ULONG; ResultLength: PULONG): NTSTATUS; stdcall; external ntdll name 'NtQueryMutant';

1560

1561

type

1562

_MUTANT_BASIC_INFORMATION = record

1563

SignalState: LONG;

1564

Owned: ByteBool;

1565

Abandoned: ByteBool;

1566

end;

1567

MUTANT_BASIC_INFORMATION = _MUTANT_BASIC_INFORMATION;

1568

PMUTANT_BASIC_INFORMATION = ^MUTANT_BASIC_INFORMATION;

1569

1570

function NtCreateIoCompletion(IoCompletionHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; NumberOfConcurrentThreads: ULONG): NTSTATUS; stdcall; external ntdll name 'NtCreateIoCompletion';

1571

function NtOpenIoCompletion(IoCompletionHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall; external ntdll name 'NtOpenIoCompletion';

1572

function NtSetIoCompletion(IoCompletionHandle: HANDLE; CompletionKey: ULONG; CompletionValue: ULONG; Status: NTSTATUS; Information: ULONG): NTSTATUS; stdcall; external ntdll name 'NtSetIoCompletion';

1573

function NtRemoveIoCompletion(IoCompletionHandle: HANDLE; CompletionKey: PULONG; CompletionValue: PULONG; IoStatusBlock: PIO_STATUS_BLOCK; Timeout: PLARGE_INTEGER): NTSTATUS; stdcall; external ntdll name 'NtRemoveIoCompletion';

1574

1575

type

1576

_IO_COMPLETION_INFORMATION_CLASS = (IoCompletionBasicInformation);

1577

IO_COMPLETION_INFORMATION_CLASS = _IO_COMPLETION_INFORMATION_CLASS;

1578

1579

function NtQueryIoCompletion(IoCompletionHandle: HANDLE; IoCompletionInformationClass: IO_COMPLETION_INFORMATION_CLASS; IoCompletionInformation: PVOID; IoCompletionInformationLength: ULONG; ResultLength: PULONG): NTSTATUS; stdcall; external ntdll name 'NtQueryIoCompletion';

1580

1581

type

1582

_IO_COMPLETION_BASIC_INFORMATION = record

1583

SignalState: LONG;

1584

end;

1585

IO_COMPLETION_BASIC_INFORMATION = _IO_COMPLETION_BASIC_INFORMATION;

1586

PIO_COMPLETION_BASIC_INFORMATION = ^IO_COMPLETION_BASIC_INFORMATION;

1587

1588

function NtCreateEventPair(EventPairHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall; external ntdll name 'NtCreateEventPair';

1589

function NtOpenEventPair(EventPairHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall; external ntdll name 'NtOpenEventPair';

1590

function NtWaitLowEventPair(EventPairHandle: HANDLE): NTSTATUS; stdcall; external ntdll name 'NtWaitLowEventPair';

1591

function NtWaitHighEventPair(EventPairHandle: HANDLE): NTSTATUS; stdcall; external ntdll name 'NtWaitHighEventPair';

1592

function NtSetLowWaitHighEventPair(EventPairHandle: HANDLE): NTSTATUS; stdcall; external ntdll name 'NtSetLowWaitHighEventPair';

1593

function NtSetHighWaitLowEventPair(EventPairHandle: HANDLE): NTSTATUS; stdcall; external ntdll name 'NtSetHighWaitLowEventPair';

1594

function NtSetLowEventPair(EventPairHandle: HANDLE): NTSTATUS; stdcall; external ntdll name 'NtSetLowEventPair';

1595

function NtSetHighEventPair(EventPairHandle: HANDLE): NTSTATUS; stdcall; external ntdll name 'NtSetHighEventPair';

1596

function NtQuerySystemTime(CurrentTime: PLARGE_INTEGER): NTSTATUS; stdcall; external ntdll name 'NtQuerySystemTime';

1597

function NtSetSystemTime(NewTime: PLARGE_INTEGER; OldTime: PLARGE_INTEGER): NTSTATUS; stdcall; external ntdll name 'NtSetSystemTime';

1598

function NtQueryPerformanceCounter(PerformanceCount: PLARGE_INTEGER; PerformanceFrequency: PLARGE_INTEGER): NTSTATUS; stdcall; external ntdll name 'NtQueryPerformanceCounter';

1599

function NtSetTimerResolution(RequestedResolution: ULONG; Set_: ByteBool; ActualResolution: PULONG): NTSTATUS; stdcall; external ntdll name 'NtSetTimerResolution';

1600

function NtQueryTimerResolution(CoarsestResolution: PULONG; FinestResolution: PULONG; ActualResolution: PULONG): NTSTATUS; stdcall; external ntdll name 'NtQueryTimerResolution';

1601

function NtDelayExecution(Alertable: ByteBool; Interval: PLARGE_INTEGER): NTSTATUS; stdcall; external ntdll name 'NtDelayExecution';

1602

function NtYieldExecution: NTSTATUS; stdcall; external ntdll name 'NtYieldExecution';

1603

function NtGetTickCount: ULONG; stdcall; external ntdll name 'NtGetTickCount';

1604

function NtCreateProfile(ProfileHandle: PHANDLE; ProcessHandle: HANDLE; Base: PVOID; Size: ULONG; BucketShift: ULONG; Buffer: PULONG; BufferLength: ULONG; Source: KPROFILE_SOURCE; ProcessorMask: ULONG): NTSTATUS; stdcall; external ntdll name 'NtCreateProfile';

1605

function NtSetIntervalProfile(Interval: ULONG; Source: KPROFILE_SOURCE): NTSTATUS; stdcall; external ntdll name 'NtSetIntervalProfile';

1606

function NtQueryIntervalProfile(Source: KPROFILE_SOURCE; Interval: PULONG): NTSTATUS; stdcall; external ntdll name 'NtQueryIntervalProfile';

1607

function NtStartProfile(ProfileHandle: HANDLE): NTSTATUS; stdcall; external ntdll name 'NtStartProfile';

1608

function NtStopProfile(ProfileHandle: HANDLE): NTSTATUS; stdcall; external ntdll name 'NtStopProfile';

1609

1610

type

1611

_PORT_MESSAGE = record

1612

DataSize: USHORT;

1613

MessageSize: USHORT;

1614

MessageType: USHORT;

1615

VirtualRangesOffset: USHORT;

1616

ClientId: CLIENT_ID;

1617

MessageId: ULONG;

1618

SectionSize: ULONG;

1619

// UCHAR Data[];

1620

end;

1621

PORT_MESSAGE = _PORT_MESSAGE;

1622

PPORT_MESSAGE = ^PORT_MESSAGE;

1623

1624

_LPC_TYPE = (

1625

LPC_NEW_MESSAGE, // A new message

1626

LPC_REQUEST, // A request message

1627

LPC_REPLY, // A reply to a request message

1628

LPC_DATAGRAM, //

1629

LPC_LOST_REPLY, //

1630

LPC_PORT_CLOSED, // Sent when port is deleted

1631

LPC_CLIENT_DIED, // Messages to thread termination ports

1632

LPC_EXCEPTION, // Messages to thread exception port

1633

LPC_DEBUG_EVENT, // Messages to thread debug port

1634

LPC_ERROR_EVENT, // Used by ZwRaiseHardError

1635

LPC_CONNECTION_REQUEST); // Used by ZwConnectPort

1636

LPC_TYPE = _LPC_TYPE;

1637

1638

_PORT_SECTION_WRITE = record

1639

Length: ULONG;

1640

SectionHandle: HANDLE;

1641

SectionOffset: ULONG;

1642

ViewSize: ULONG;

1643

ViewBase: PVOID;

1644

TargetViewBase: PVOID;

1645

end;

1646

PORT_SECTION_WRITE = _PORT_SECTION_WRITE;

1647

PPORT_SECTION_WRITE = ^PORT_SECTION_WRITE;

1648

1649

_PORT_SECTION_READ = record

1650

Length: ULONG;

1651

ViewSize: ULONG;

1652

ViewBase: ULONG;

1653

end;

1654

PORT_SECTION_READ = _PORT_SECTION_READ;

1655

PPORT_SECTION_READ = ^PORT_SECTION_READ;

1656

1657

function NtCreatePort(PortHandle: PHANDLE; ObjectAttributes: POBJECT_ATTRIBUTES; MaxDataSize: ULONG; MaxMessageSize: ULONG; Reserved: ULONG): NTSTATUS; stdcall; external ntdll name 'NtCreatePort';

1658

function NtCreateWaitablePort(PortHandle: PHANDLE; ObjectAttributes: POBJECT_ATTRIBUTES; MaxDataSize: ULONG; MaxMessageSize: ULONG; Reserved: ULONG): NTSTATUS; stdcall; external ntdll name 'NtCreateWaitablePort';

1659

function NtConnectPort(PortHandle: PHANDLE; PortName: PUNICODE_STRING; SecurityQos: PSECURITY_QUALITY_OF_SERVICE; WriteSection: PPORT_SECTION_WRITE; ReadSection: PPORT_SECTION_READ; MaxMessageSize: PULONG; ConnectData: PVOID; ConnectDataLength: PULONG): NTSTATUS; stdcall; external ntdll name 'NtConnectPort';

1660

function NtSecureConnectPort(PortHandle: PHANDLE; PortName: PUNICODE_STRING; SecurityQos: PSECURITY_QUALITY_OF_SERVICE; WriteSection: PPORT_SECTION_WRITE; ServerSid: PSID; ReadSection: PPORT_SECTION_READ; MaxMessageSize: PULONG; ConnectData: PVOID; ConnectDataLength: PULONG): NTSTATUS; stdcall; external ntdll name 'NtSecureConnectPort';

1661

function NtListenPort(PortHandle: HANDLE; Message: PPORT_MESSAGE): NTSTATUS; stdcall; external ntdll name 'NtListenPort';

1662

function NtAcceptConnectPort(PortHandle: PHANDLE; PortIdentifier: ULONG; Message: PPORT_MESSAGE; Accept: ByteBool; WriteSection: PPORT_SECTION_WRITE; ReadSection: PPORT_SECTION_READ): NTSTATUS; stdcall; external ntdll name 'NtAcceptConnectPort';

1663

function NtCompleteConnectPort(PortHandle: HANDLE): NTSTATUS; stdcall; external ntdll name 'NtCompleteConnectPort';

1664

function NtRequestPort(PortHandle: HANDLE; RequestMessage: PPORT_MESSAGE): NTSTATUS; stdcall; external ntdll name 'NtRequestPort';

1665

function NtRequestWaitReplyPort(PortHandle: HANDLE; RequestMessage: PPORT_MESSAGE; ReplyMessage: PPORT_MESSAGE): NTSTATUS; stdcall; external ntdll name 'NtRequestWaitReplyPort';

1666

function NtReplyPort(PortHandle: HANDLE; ReplyMessage: PPORT_MESSAGE): NTSTATUS; stdcall; external ntdll name 'NtReplyPort';

1667

function NtReplyWaitReplyPort(PortHandle: HANDLE; ReplyMessage: PPORT_MESSAGE): NTSTATUS; stdcall; external ntdll name 'NtReplyWaitReplyPort';

1668

function NtReplyWaitReceivePort(PortHandle: HANDLE; PortIdentifier: PULONG; ReplyMessage: PPORT_MESSAGE; Message: PPORT_MESSAGE): NTSTATUS; stdcall; external ntdll name 'NtReplyWaitReceivePort';

1669

function NtReplyWaitReceivePortEx(PortHandle: HANDLE; PortIdentifier: PULONG; ReplyMessage: PPORT_MESSAGE; Message: PPORT_MESSAGE; Timeout: PLARGE_INTEGER): NTSTATUS; stdcall; external ntdll name 'NtReplyWaitReceivePortEx';

1670

function NtReadRequestData(PortHandle: HANDLE; Message: PPORT_MESSAGE; Index: ULONG; Buffer: PVOID; BufferLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall; external ntdll name 'NtReadRequestData';

1671

function NtWriteRequestData(PortHandle: HANDLE; Message: PPORT_MESSAGE; Index: ULONG; Buffer: PVOID; BufferLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall; external ntdll name 'NtWriteRequestData';

1672

1673

type

1674

_PORT_INFORMATION_CLASS = (PortBasicInformation);

1675

PORT_INFORMATION_CLASS = _PORT_INFORMATION_CLASS;

1676

1677

function NtQueryInformationPort(PortHandle: HANDLE; PortInformationClass: PORT_INFORMATION_CLASS; PortInformation: PVOID; PortInformationLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall; external ntdll name 'NtQueryInformationPort';

1678

1679

type

1680

_PORT_BASIC_INFORMATION = record

1681

end;

1682

PORT_BASIC_INFORMATION = _PORT_BASIC_INFORMATION;

1683

PPORT_BASIC_INFORMATION = ^PORT_BASIC_INFORMATION;

1684

1685

function NtImpersonateClientOfPort(PortHandle: HANDLE; Message: PPORT_MESSAGE): NTSTATUS; stdcall; external ntdll name 'NtImpersonateClientOfPort';

1686

function NtCreateFile(FileHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; IoStatusBlock: PIO_STATUS_BLOCK; AllocationSize: PLARGE_INTEGER; FileAttributes: ULONG; ShareAccess: ULONG; CreateDisposition: ULONG; CreateOptions: ULONG; EaBuffer: PVOID; EaLength: ULONG): NTSTATUS; stdcall; external ntdll name 'NtCreateFile';

1687

function NtOpenFile(FileHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; IoStatusBlock: PIO_STATUS_BLOCK; ShareAccess: ULONG; OpenOptions: ULONG): NTSTATUS; stdcall; external ntdll name 'NtOpenFile';

1688

function NtDeleteFile(ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall; external ntdll name 'NtDeleteFile';

1689

function NtFlushBuffersFile(FileHandle: HANDLE; IoStatusBlock: PIO_STATUS_BLOCK): NTSTATUS; stdcall; external ntdll name 'NtFlushBuffersFile';

1690

function NtCancelIoFile(FileHandle: HANDLE; IoStatusBlock: PIO_STATUS_BLOCK): NTSTATUS; stdcall; external ntdll name 'NtCancelIoFile';

1691

function NtReadFile(FileHandle: HANDLE; Event: HANDLE; ApcRoutine: PIO_APC_ROUTINE; ApcContext: PVOID; IoStatusBlock: PIO_STATUS_BLOCK; Buffer: PVOID; Length: ULONG; ByteOffset: PLARGE_INTEGER; Key: PULONG): NTSTATUS; stdcall; external ntdll name 'NtReadFile';

1692

function NtWriteFile(FileHandle: HANDLE; Event: HANDLE; ApcRoutine: PIO_APC_ROUTINE; ApcContext: PVOID; IoStatusBlock: PIO_STATUS_BLOCK; Buffer: PVOID; Length: ULONG; ByteOffset: PLARGE_INTEGER; Key: PULONG): NTSTATUS; stdcall; external ntdll name 'NtWriteFile';

1693

function NtReadFileScatter(FileHandle: HANDLE; Event: HANDLE; ApcRoutine: PIO_APC_ROUTINE; ApcContext: PVOID; IoStatusBlock: PIO_STATUS_BLOCK; Buffer: PFILE_SEGMENT_ELEMENT; Length: ULONG; ByteOffset: PLARGE_INTEGER; Key: PULONG): NTSTATUS; stdcall; external ntdll name 'NtReadFileScatter';

1694

function NtWriteFileGather(FileHandle: HANDLE; Event: HANDLE; ApcRoutine: PIO_APC_ROUTINE; ApcContext: PVOID; IoStatusBlock: PIO_STATUS_BLOCK; Buffer: PFILE_SEGMENT_ELEMENT; Length: ULONG; ByteOffset: PLARGE_INTEGER; Key: PULONG): NTSTATUS; stdcall; external ntdll name 'NtWriteFileGather';

1695

function NtLockFile(FileHandle: HANDLE; Event: HANDLE; ApcRoutine: PIO_APC_ROUTINE; ApcContext: PVOID; IoStatusBlock: PIO_STATUS_BLOCK; LockOffset: PULARGE_INTEGER; LockLength: PULARGE_INTEGER; Key: ULONG; FailImmediately: ByteBool; ExclusiveLock: ByteBool): NTSTATUS; stdcall; external ntdll name 'NtLockFile';

1696

function NtUnlockFile(FileHandle: HANDLE; IoStatusBlock: PIO_STATUS_BLOCK; LockOffset: PULARGE_INTEGER; LockLength: PULARGE_INTEGER; Key: ULONG): NTSTATUS; stdcall; external ntdll name 'NtUnlockFile';

1697

function NtDeviceIoControlFile(FileHandle: HANDLE; Event: HANDLE; ApcRoutine: PIO_APC_ROUTINE; ApcContext: PVOID; IoStatusBlock: PIO_STATUS_BLOCK; IoControlCode: ULONG; InputBuffer: PVOID; InputBufferLength: ULONG; OutputBuffer: PVOID; OutputBufferLength: ULONG): NTSTATUS; stdcall; external ntdll name 'NtDeviceIoControlFile';

1698

function NtFsControlFile(FileHandle: HANDLE; Event: HANDLE; ApcRoutine: PIO_APC_ROUTINE; ApcContext: PVOID; IoStatusBlock: PIO_STATUS_BLOCK; FsControlCode: ULONG; InputBuffer: PVOID; InputBufferLength: ULONG; OutputBuffer: PVOID; OutputBufferLength: ULONG): NTSTATUS; stdcall; external ntdll name 'NtFsControlFile';

1699

function NtNotifyChangeDirectoryFile(FileHandle: HANDLE; Event: HANDLE; ApcRoutine: PIO_APC_ROUTINE; ApcContext: PVOID; IoStatusBlock: PIO_STATUS_BLOCK; Buffer: PFILE_NOTIFY_INFORMATION; BufferLength: ULONG; NotifyFilter: ULONG; WatchSubtree: ByteBool): NTSTATUS; stdcall; external ntdll name 'NtNotifyChangeDirectoryFile';

1700

1701

type

1702

_FILE_GET_EA_INFORMATION = record

1703

NextEntryOffset: ULONG;

1704

EaNameLength: UCHAR;

1705

EaName: array [0..0] of CHAR;

1706

end;

1707

FILE_GET_EA_INFORMATION = _FILE_GET_EA_INFORMATION;

1708

PFILE_GET_EA_INFORMATION = ^FILE_GET_EA_INFORMATION;

1709

1710

function NtQueryEaFile(FileHandle: HANDLE; IoStatusBlock: PIO_STATUS_BLOCK; Buffer: PFILE_FULL_EA_INFORMATION; BufferLength: ULONG; ReturnSingleEntry: ByteBool; EaList: PFILE_GET_EA_INFORMATION; EaListLength: ULONG; EaIndex: PULONG; RestartScan: ByteBool): NTSTATUS; stdcall; external ntdll name 'NtQueryEaFile';

1711

function NtSetEaFile(FileHandle: HANDLE; IoStatusBlock: PIO_STATUS_BLOCK; Buffer: PFILE_FULL_EA_INFORMATION; BufferLength: ULONG): NTSTATUS; stdcall; external ntdll name 'NtSetEaFile';

1712

function NtCreateNamedPipeFile(FileHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; IoStatusBlock: PIO_STATUS_BLOCK; ShareAccess: ULONG; CreateDisposition: ULONG; CreateOptions: ULONG; TypeMessage: ByteBool; ReadmodeMessage: ByteBool; Nonblocking: ByteBool; MaxInstances: ULONG; InBufferSize: ULONG; OutBufferSize: ULONG; DefaultTimeout: PLARGE_INTEGER): NTSTATUS; stdcall; external ntdll name 'NtCreateNamedPipeFile';

1713

function NtCreateMailslotFile(FileHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; IoStatusBlock: PIO_STATUS_BLOCK; CreateOptions: ULONG; Unknown: ULONG; MaxMessageSize: ULONG; ReadTimeout: PLARGE_INTEGER): NTSTATUS; stdcall; external ntdll name 'NtCreateMailslotFile';

1714

function NtQueryVolumeInformationFile(FileHandle: HANDLE; IoStatusBlock: PIO_STATUS_BLOCK; VolumeInformation: PVOID; VolumeInformationLength: ULONG; VolumeInformationClass: FS_INFORMATION_CLASS): NTSTATUS; stdcall; external ntdll name 'NtQueryVolumeInformationFile';

1715

function NtSetVolumeInformationFile(FileHandle: HANDLE; IoStatusBlock: PIO_STATUS_BLOCK; Buffer: PVOID; BufferLength: ULONG; VolumeInformationClass: FS_INFORMATION_CLASS): NTSTATUS; stdcall; external ntdll name 'NtSetVolumeInformationFile';

1716

1717

type

1718

_FILE_FS_VOLUME_INFORMATION = record

1719

VolumeCreationTime: LARGE_INTEGER;

1720

VolumeSerialNumber: ULONG;

1721

VolumeLabelLength: ULONG;

1722

Unknown: UCHAR;

1723

VolumeLabel: array [0..0] of WCHAR;

1724

end;

1725

FILE_FS_VOLUME_INFORMATION = _FILE_FS_VOLUME_INFORMATION;

1726

PFILE_FS_VOLUME_INFORMATION = ^FILE_FS_VOLUME_INFORMATION;

1727

1728

_FILE_FS_LABEL_INFORMATION = record

1729

VolumeLabelLength: ULONG;

1730

VolumeLabel: WCHAR;

1731

end;

1732

FILE_FS_LABEL_INFORMATION = _FILE_FS_LABEL_INFORMATION;

1733

PFILE_FS_LABEL_INFORMATION = ^FILE_FS_LABEL_INFORMATION;

1734

1735

_FILE_FS_SIZE_INFORMATION = record

1736

TotalAllocationUnits: LARGE_INTEGER;

1737

AvailableAllocationUnits: LARGE_INTEGER;

1738

SectorsPerAllocationUnit: ULONG;

1739

BytesPerSector: ULONG;

1740

end;

1741

FILE_FS_SIZE_INFORMATION = _FILE_FS_SIZE_INFORMATION;

1742

PFILE_FS_SIZE_INFORMATION = ^FILE_FS_SIZE_INFORMATION;

1743

1744

_FILE_FS_ATTRIBUTE_INFORMATION = record

1745

FileSystemFlags: ULONG;

1746

MaximumComponentNameLength: ULONG;

1747

FileSystemNameLength: ULONG;

1748

FileSystemName: array [0..0] of WCHAR

1749

end;

1750

FILE_FS_ATTRIBUTE_INFORMATION = _FILE_FS_ATTRIBUTE_INFORMATION;

1751

PFILE_FS_ATTRIBUTE_INFORMATION = ^FILE_FS_ATTRIBUTE_INFORMATION;

1752

1753

_FILE_FS_CONTROL_INFORMATION = record

1754

Reserved: array [0..2] of LARGE_INTEGER;

1755

DefaultQuotaThreshold: LARGE_INTEGER;

1756

DefaultQuotaLimit: LARGE_INTEGER;

1757

QuotaFlags: ULONG;

1758

end;

1759

FILE_FS_CONTROL_INFORMATION = _FILE_FS_CONTROL_INFORMATION;

1760

PFILE_FS_CONTROL_INFORMATION = ^FILE_FS_CONTROL_INFORMATION;

1761

1762

_FILE_FS_FULL_SIZE_INFORMATION = record

1763

TotalQuotaAllocationUnits: LARGE_INTEGER;

1764

AvailableQuotaAllocationUnits: LARGE_INTEGER;

1765

AvailableAllocationUnits: LARGE_INTEGER;

1766

SectorsPerAllocationUnit: ULONG;

1767

BytesPerSector: ULONG;

1768

end;

1769

FILE_FS_FULL_SIZE_INFORMATION = _FILE_FS_FULL_SIZE_INFORMATION;

1770

PFILE_FS_FULL_SIZE_INFORMATION = ^FILE_FS_FULL_SIZE_INFORMATION;

1771

1772

_FILE_FS_OBJECT_ID_INFORMATION = record

1773

VolumeObjectId: UUID;

1774

VolumeObjectIdExtendedInfo: array [0..11] of ULONG;

1775

end;

1776

FILE_FS_OBJECT_ID_INFORMATION = _FILE_FS_OBJECT_ID_INFORMATION;

1777

PFILE_FS_OBJECT_ID_INFORMATION = ^FILE_FS_OBJECT_ID_INFORMATION;

1778

1779

_FILE_USER_QUOTA_INFORMATION = record

1780

NextEntryOffset: ULONG;

1781

SidLength: ULONG;

1782

ChangeTime: LARGE_INTEGER;

1783

QuotaUsed: LARGE_INTEGER;

1784

QuotaThreshold: LARGE_INTEGER;

1785

QuotaLimit: LARGE_INTEGER;

1786

Sid: array [0..0] of SID;

1787

end;

1788

FILE_USER_QUOTA_INFORMATION = _FILE_USER_QUOTA_INFORMATION;

1789

PFILE_USER_QUOTA_INFORMATION = ^FILE_USER_QUOTA_INFORMATION;

1790

1791

_FILE_QUOTA_LIST_INFORMATION = record

1792

NextEntryOffset: ULONG;

1793

SidLength: ULONG;

1794

Sid: array [0..0] of SID;

1795

end;

1796

FILE_QUOTA_LIST_INFORMATION = _FILE_QUOTA_LIST_INFORMATION;

1797

PFILE_QUOTA_LIST_INFORMATION = ^FILE_QUOTA_LIST_INFORMATION;

1798

1799

function NtQueryQuotaInformationFile(FileHandle: HANDLE; IoStatusBlock: PIO_STATUS_BLOCK; Buffer: PFILE_USER_QUOTA_INFORMATION; BufferLength: ULONG; ReturnSingleEntry: ByteBool; QuotaList: PFILE_QUOTA_LIST_INFORMATION; QuotaListLength: ULONG; ResumeSid: PSID; RestartScan: ByteBool): NTSTATUS; stdcall; external ntdll name 'NtQueryQuotaInformationFile';

1800

function NtSetQuotaInformationFile(FileHandle: HANDLE; IoStatusBlock: PIO_STATUS_BLOCK; Buffer: PFILE_USER_QUOTA_INFORMATION; BufferLength: ULONG): NTSTATUS; stdcall; external ntdll name 'NtSetQuotaInformationFile';

1801

function NtQueryAttributesFile(ObjectAttributes: POBJECT_ATTRIBUTES; FileInformation: PFILE_BASIC_INFORMATION): NTSTATUS; stdcall; external ntdll name 'NtQueryAttributesFile';

1802

function NtQueryFullAttributesFile(ObjectAttributes: POBJECT_ATTRIBUTES; FileInformation: PFILE_NETWORK_OPEN_INFORMATION): NTSTATUS; stdcall; external ntdll name 'NtQueryFullAttributesFile';

1803

function NtQueryInformationFile(FileHandle: HANDLE; IoStatusBlock: PIO_STATUS_BLOCK; FileInformation: PVOID; FileInformationLength: ULONG; FileInformationClass: FILE_INFORMATION_CLASS): NTSTATUS; stdcall; external ntdll name 'NtQueryInformationFile';

1804

function NtSetInformationFile(FileHandle: HANDLE; IoStatusBlock: PIO_STATUS_BLOCK; FileInformation: PVOID; FileInformationLength: ULONG; FileInformationClass: FILE_INFORMATION_CLASS): NTSTATUS; stdcall; external ntdll name 'NtSetInformationFile';

1805

function NtQueryDirectoryFile(FileHandle: HANDLE; Event: HANDLE; ApcRoutine: PIO_APC_ROUTINE; ApcContext: PVOID; IoStatusBlock: PIO_STATUS_BLOCK; FileInformation: PVOID; FileInformationLength: ULONG; FileInformationClass: FILE_INFORMATION_CLASS; ReturnSingleEntry: ByteBool; FileName: PUNICODE_STRING; RestartScan: ByteBool): NTSTATUS; stdcall; external ntdll name 'NtQueryDirectoryFile';

1806

1807

type

1808

_FILE_DIRECTORY_INFORMATION = record // Information Class 1

1809

NextEntryOffset: ULONG;

1810

Unknown: ULONG;

1811

CreationTime: LARGE_INTEGER;

1812

LastAccessTime: LARGE_INTEGER;

1813

LastWriteTime: LARGE_INTEGER;

1814

ChangeTime: LARGE_INTEGER;

1815

EndOfFile: LARGE_INTEGER;

1816

AllocationSize: LARGE_INTEGER;

1817

FileAttributes: ULONG;

1818

FileNameLength: ULONG;

1819

FileName: array [0..0] of WCHAR

1820

end;

1821

FILE_DIRECTORY_INFORMATION = _FILE_DIRECTORY_INFORMATION;

1822

PFILE_DIRECTORY_INFORMATION = ^FILE_DIRECTORY_INFORMATION;

1823

1824

_FILE_FULL_DIRECTORY_INFORMATION = record // Information Class 2

1825

NextEntryOffset: ULONG;

1826

Unknown: ULONG;

1827

CreationTime: LARGE_INTEGER;

1828

LastAccessTime: LARGE_INTEGER;

1829

LastWriteTime: LARGE_INTEGER;

1830

ChangeTime: LARGE_INTEGER;

1831

EndOfFile: LARGE_INTEGER;

1832

AllocationSize: LARGE_INTEGER;

1833

FileAttributes: ULONG;

1834

FileNameLength: ULONG;

1835

EaInformationLength: ULONG;

1836

FileName: array [0..0] of WCHAR

1837

end;

1838

FILE_FULL_DIRECTORY_INFORMATION = _FILE_FULL_DIRECTORY_INFORMATION;

1839

PFILE_FULL_DIRECTORY_INFORMATION = ^FILE_FULL_DIRECTORY_INFORMATION;

1840

1841

_FILE_BOTH_DIRECTORY_INFORMATION = record // Information Class 3

1842

NextEntryOffset: ULONG;

1843

Unknown: ULONG;

1844

CreationTime: LARGE_INTEGER;

1845

LastAccessTime: LARGE_INTEGER;

1846

LastWriteTime: LARGE_INTEGER;

1847

ChangeTime: LARGE_INTEGER;

1848

EndOfFile: LARGE_INTEGER;

1849

AllocationSize: LARGE_INTEGER;

1850

FileAttributes: ULONG;

1851

FileNameLength: ULONG;

1852

EaInformationLength: ULONG;

1853

AlternateNameLength: UCHAR;

1854

AlternateName: array [0..11] of WCHAR;

1855

FileName: array [0..0] of WCHAR;

1856

end;

1857

FILE_BOTH_DIRECTORY_INFORMATION = _FILE_BOTH_DIRECTORY_INFORMATION;

1858

PFILE_BOTH_DIRECTORY_INFORMATION = ^FILE_BOTH_DIRECTORY_INFORMATION;

1859

1860

_FILE_INTERNAL_INFORMATION = record // Information Class 6

1861

FileId: LARGE_INTEGER;

1862

end;

1863

FILE_INTERNAL_INFORMATION = _FILE_INTERNAL_INFORMATION;

1864

PFILE_INTERNAL_INFORMATION = ^FILE_INTERNAL_INFORMATION;

1865

1866

_FILE_EA_INFORMATION = record // Information Class 7

1867

EaInformationLength: ULONG;

1868

end;

1869

FILE_EA_INFORMATION = _FILE_EA_INFORMATION;

1870

PFILE_EA_INFORMATION = ^FILE_EA_INFORMATION;

1871

1872

_FILE_ACCESS_INFORMATION = record // Information Class 8

1873

GrantedAccess: ACCESS_MASK;

1874

end;

1875

FILE_ACCESS_INFORMATION = _FILE_ACCESS_INFORMATION;

1876

PFILE_ACCESS_INFORMATION = ^FILE_ACCESS_INFORMATION;

1877

1878

_FILE_NAME_INFORMATION = record // Information Classes 9 and 21

1879

FileNameLength: ULONG;

1880

FileName: array [0..0] of WCHAR;

1881

end;

1882

FILE_NAME_INFORMATION = _FILE_NAME_INFORMATION;

1883

PFILE_NAME_INFORMATION = ^FILE_NAME_INFORMATION;

1884

FILE_ALTERNATE_NAME_INFORMATION = _FILE_NAME_INFORMATION;

1885

PFILE_ALTERNATE_NAME_INFORMATION = ^FILE_ALTERNATE_NAME_INFORMATION;

1886

1887

_FILE_LINK_RENAME_INFORMATION = record // Info Classes 10 and 11

1888

ReplaceIfExists: ByteBool;

1889

RootDirectory: HANDLE;

1890

FileNameLength: ULONG;

1891

FileName: array [0..0] of WCHAR;

1892

end;

1893

FILE_LINK_INFORMATION = _FILE_LINK_RENAME_INFORMATION;

1894

PFILE_LINK_INFORMATION = ^FILE_LINK_INFORMATION;

1895

FILE_RENAME_INFORMATION = _FILE_LINK_RENAME_INFORMATION;

1896

PFILE_RENAME_INFORMATION= ^FILE_RENAME_INFORMATION;

1897

1898

_FILE_NAMES_INFORMATION = record // Information Class 12

1899

NextEntryOffset: ULONG;

1900

Unknown: ULONG;

1901

FileNameLength: ULONG;

1902

FileName: array [0..0] of WCHAR;

1903

end;

1904

FILE_NAMES_INFORMATION = _FILE_NAMES_INFORMATION;

1905

PFILE_NAMES_INFORMATION = ^FILE_NAMES_INFORMATION;

1906

1907

_FILE_MODE_INFORMATION = record // Information Class 16

1908

Mode: ULONG;

1909

end;

1910

FILE_MODE_INFORMATION = _FILE_MODE_INFORMATION;

1911

PFILE_MODE_INFORMATION = ^FILE_MODE_INFORMATION;

1912

1913

_FILE_ALL_INFORMATION = record // Information Class 18

1914

BasicInformation: FILE_BASIC_INFORMATION;

1915

StandardInformation: FILE_STANDARD_INFORMATION;

1916

InternalInformation: FILE_INTERNAL_INFORMATION;

1917

EaInformation: FILE_EA_INFORMATION;

1918

AccessInformation: FILE_ACCESS_INFORMATION;

1919

PositionInformation: FILE_POSITION_INFORMATION;

1920

ModeInformation: FILE_MODE_INFORMATION;

1921

AlignmentInformation: FILE_ALIGNMENT_INFORMATION;

1922

NameInformation: FILE_NAME_INFORMATION;

1923

end;

1924

FILE_ALL_INFORMATION = _FILE_ALL_INFORMATION;

1925

PFILE_ALL_INFORMATION = ^FILE_ALL_INFORMATION;

1926

1927

_FILE_ALLOCATION_INFORMATION = record // Information Class 19

1928

AllocationSize: LARGE_INTEGER;

1929

end;

1930

FILE_ALLOCATION_INFORMATION = _FILE_ALLOCATION_INFORMATION;

1931

PFILE_ALLOCATION_INFORMATION = ^FILE_ALLOCATION_INFORMATION;

1932

1933

_FILE_STREAM_INFORMATION = record // Information Class 22

1934

NextEntryOffset: ULONG;

1935

StreamNameLength: ULONG;

1936

EndOfStream: LARGE_INTEGER;

1937

AllocationSize: LARGE_INTEGER;

1938

StreamName: array [0..0] of WCHAR;

1939

end;

1940

FILE_STREAM_INFORMATION = _FILE_STREAM_INFORMATION;

1941

PFILE_STREAM_INFORMATION = ^FILE_STREAM_INFORMATION;

1942

1943

_FILE_PIPE_INFORMATION = record // Information Class 23

1944

ReadModeMessage: ULONG;

1945

WaitModeBlocking: ULONG;

1946

end;

1947

FILE_PIPE_INFORMATION = _FILE_PIPE_INFORMATION;

1948

PFILE_PIPE_INFORMATION = ^FILE_PIPE_INFORMATION;

1949

1950

_FILE_PIPE_LOCAL_INFORMATION = record // Information Class 24

1951

MessageType: ULONG;

1952

Unknown1: ULONG;

1953

MaxInstances: ULONG;

1954

CurInstances: ULONG;

1955

InBufferSize: ULONG;

1956

Unknown2: ULONG;

1957

OutBufferSize: ULONG;

1958

Unknown3: array [0..1] of ULONG;

1959

ServerEnd: ULONG;

1960

end;

1961

FILE_PIPE_LOCAL_INFORMATION = _FILE_PIPE_LOCAL_INFORMATION;

1962

PFILE_PIPE_LOCAL_INFORMATION = ^FILE_PIPE_LOCAL_INFORMATION;

1963

1964

_FILE_PIPE_REMOTE_INFORMATION = record // Information Class 25

1965

CollectDataTimeout: LARGE_INTEGER;

1966

MaxCollectionCount: ULONG;

1967

end;

1968

FILE_PIPE_REMOTE_INFORMATION = _FILE_PIPE_REMOTE_INFORMATION;

1969

PFILE_PIPE_REMOTE_INFORMATION = ^FILE_PIPE_REMOTE_INFORMATION;

1970

1971

_FILE_MAILSLOT_QUERY_INFORMATION = record // Information Class 26

1972

MaxMessageSize: ULONG;

1973

Unknown: ULONG;

1974

NextSize: ULONG;

1975

MessageCount: ULONG;

1976

ReadTimeout: LARGE_INTEGER;

1977

end;

1978

FILE_MAILSLOT_QUERY_INFORMATION = _FILE_MAILSLOT_QUERY_INFORMATION;

1979

PFILE_MAILSLOT_QUERY_INFORMATION = ^FILE_MAILSLOT_QUERY_INFORMATION;

1980

1981

_FILE_MAILSLOT_SET_INFORMATION = record // Information Class 27

1982

ReadTimeout: LARGE_INTEGER;

1983

end;

1984

FILE_MAILSLOT_SET_INFORMATION = _FILE_MAILSLOT_SET_INFORMATION;

1985

PFILE_MAILSLOT_SET_INFORMATION = ^FILE_MAILSLOT_SET_INFORMATION;

1986

1987

_FILE_COMPRESSION_INFORMATION = record // Information Class 28

1988

CompressedSize: LARGE_INTEGER;

1989

CompressionFormat: USHORT;

1990

CompressionUnitShift: UCHAR;

1991

Unknown: UCHAR;

1992

ClusterSizeShift: UCHAR;

1993

end;

1994

FILE_COMPRESSION_INFORMATION = _FILE_COMPRESSION_INFORMATION;

1995

PFILE_COMPRESSION_INFORMATION = ^FILE_COMPRESSION_INFORMATION;

1996

1997

_FILE_COMPLETION_INFORMATION = record // Information Class 30

1998

IoCompletionHandle: HANDLE;

1999

CompletionKey: ULONG;

2000

end;

2001

FILE_COMPLETION_INFORMATION = _FILE_COMPLETION_INFORMATION;

2002

PFILE_COMPLETION_INFORMATION = ^FILE_COMPLETION_INFORMATION;

2003

2004

function NtCreateKey(KeyHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; TitleIndex: ULONG; Class_: PUNICODE_STRING; CreateOptions: ULONG; Disposition: PULONG): NTSTATUS; stdcall; external ntdll name 'NtCreateKey';

2005

function NtOpenKey(KeyHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall; external ntdll name 'NtOpenKey';

2006

function NtDeleteKey(KeyHandle: HANDLE): NTSTATUS; stdcall; external ntdll name 'NtDeleteKey';

2007

function NtFlushKey(KeyHandle: HANDLE): NTSTATUS; stdcall; external ntdll name 'NtFlushKey';

2008

function NtSaveKey(KeyHandle: HANDLE; FileHandle: HANDLE): NTSTATUS; stdcall; external ntdll name 'NtSaveKey';

2009

function NtSaveMergedKeys(KeyHandle1: HANDLE; KeyHandle2: HANDLE; FileHandle: HANDLE): NTSTATUS; stdcall; external ntdll name 'NtSaveMergedKeys';

2010

function NtRestoreKey(KeyHandle: HANDLE; FileHandle: HANDLE; Flags: ULONG): NTSTATUS; stdcall; external ntdll name 'NtRestoreKey';

2011

function NtLoadKey(KeyObjectAttributes: POBJECT_ATTRIBUTES; FileObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall; external ntdll name 'NtLoadKey';

2012

function NtLoadKey2(KeyObjectAttributes: POBJECT_ATTRIBUTES; FileObjectAttributes: POBJECT_ATTRIBUTES; Flags: ULONG): NTSTATUS; stdcall; external ntdll name 'NtLoadKey2';

2013

function NtUnloadKey(KeyObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall; external ntdll name 'NtUnloadKey';

2014

function NtReplaceKey(NewFileObjectAttributes: POBJECT_ATTRIBUTES; KeyHandle: HANDLE; OldFileObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall; external ntdll name 'NtReplaceKey';

2015

function NtSetInformationKey(KeyHandle: HANDLE; KeyInformationClass: KEY_SET_INFORMATION_CLASS; KeyInformation: PVOID; KeyInformationLength: ULONG): NTSTATUS; stdcall; external ntdll name 'NtSetInformationKey';

2016

function NtQueryKey(KeyHandle: HANDLE; KeyInformationClass: KEY_INFORMATION_CLASS; KeyInformation: PVOID; KeyInformationLength: ULONG; ResultLength: PULONG): NTSTATUS; stdcall; external ntdll name 'NtQueryKey';

2017

function NtEnumerateKey(KeyHandle: HANDLE; Index: ULONG; KeyInformationClass: KEY_INFORMATION_CLASS; KeyInformation: PVOID; KeyInformationLength: ULONG; ResultLength: PULONG): NTSTATUS; stdcall; external ntdll name 'NtEnumerateKey';

2018

function NtNotifyChangeKey(KeyHandle: HANDLE; EventHandle: HANDLE; ApcRoutine: PIO_APC_ROUTINE; ApcContext: PVOID; IoStatusBlock: PIO_STATUS_BLOCK; NotifyFilter: ULONG; WatchSubtree: ByteBool; Buffer: PVOID; BufferLength: ULONG; Asynchronous: ByteBool): NTSTATUS; stdcall; external ntdll name 'NtNotifyChangeKey';

2019

function NtNotifyChangeMultipleKeys(KeyHandle: HANDLE; Flags: ULONG; KeyObjectAttributes: POBJECT_ATTRIBUTES; EventHandle: HANDLE; ApcRoutine: PIO_APC_ROUTINE; ApcContext: PVOID; IoStatusBlock: PIO_STATUS_BLOCK; NotifyFilter: ULONG; WatchSubtree: ByteBool; Buffer: PVOID; BufferLength: ULONG; Asynchronous: ByteBool): NTSTATUS; stdcall; external ntdll name 'NtNotifyChangeMultipleKeys';

2020

function NtDeleteValueKey(KeyHandle: HANDLE; ValueName: PUNICODE_STRING): NTSTATUS; stdcall; external ntdll name 'NtDeleteValueKey';

2021

function NtSetValueKey(KeyHandle: HANDLE; ValueName: PUNICODE_STRING; TitleIndex: ULONG; Type_: ULONG; Data: PVOID; DataSize: ULONG): NTSTATUS; stdcall; external ntdll name 'NtSetValueKey';

2022

function NtQueryValueKey(KeyHandle: HANDLE; ValueName: PUNICODE_STRING; KeyValueInformationClass: KEY_VALUE_INFORMATION_CLASS; KeyValueInformation: PVOID; KeyValueInformationLength: ULONG; ResultLength: PULONG): NTSTATUS; stdcall; external ntdll name 'NtQueryValueKey';

2023

function NtEnumerateValueKey(KeyHandle: HANDLE; Index: ULONG; KeyValueInformationClass: KEY_VALUE_INFORMATION_CLASS; KeyValueInformation: PVOID; KeyValueInformationLength: ULONG; ResultLength: PULONG): NTSTATUS; stdcall; external ntdll name 'NtEnumerateValueKey';

2024

function NtQueryMultipleValueKey(KeyHandle: HANDLE; ValueList: PKEY_VALUE_ENTRY; NumberOfValues: ULONG; Buffer: PVOID; Length: PULONG; ReturnLength: PULONG): NTSTATUS; stdcall; external ntdll name 'NtQueryMultipleValueKey';

2025

function NtPrivilegeCheck(TokenHandle: HANDLE; RequiredPrivileges: PPRIVILEGE_SET; Result: PBOOLEAN): NTSTATUS; stdcall; external ntdll name 'NtPrivilegeCheck';

2026

function NtPrivilegeObjectAuditAlarm(SubsystemName: PUNICODE_STRING; HandleId: PVOID; TokenHandle: HANDLE; DesiredAccess: ACCESS_MASK; Privileges: PPRIVILEGE_SET; AccessGranted: ByteBool): NTSTATUS; stdcall; external ntdll name 'NtPrivilegeObjectAuditAlarm';

2027

function NtPrivilegedServiceAuditAlarm(SubsystemName: PUNICODE_STRING; ServiceName: PUNICODE_STRING; TokenHandle: HANDLE; Privileges: PPRIVILEGE_SET; AccessGranted: ByteBool): NTSTATUS; stdcall; external ntdll name 'NtPrivilegedServiceAuditAlarm';

2028

function NtAccessCheck(SecurityDescriptor: PSECURITY_DESCRIPTOR; TokenHandle: HANDLE; DesiredAccess: ACCESS_MASK; GenericMapping: PGENERIC_MAPPING; PrivilegeSet: PPRIVILEGE_SET; PrivilegeSetLength: PULONG; GrantedAccess: PACCESS_MASK; AccessStatus: PBOOLEAN): NTSTATUS; stdcall; external ntdll name 'NtAccessCheck';

2029

function NtAccessCheckAndAuditAlarm(SubsystemName: PUNICODE_STRING; HandleId: PVOID; ObjectTypeName: PUNICODE_STRING; ObjectName: PUNICODE_STRING; SecurityDescriptor: PSECURITY_DESCRIPTOR; DesiredAccess: ACCESS_MASK; GenericMapping: PGENERIC_MAPPING; ObjectCreation: ByteBool; GrantedAccess: PACCESS_MASK; AccessStatus: PBOOLEAN; GenerateOnClose: PBOOLEAN): NTSTATUS; stdcall; external ntdll name 'NtAccessCheckAndAuditAlarm';

2030

function NtAccessCheckByType(SecurityDescriptor: PSECURITY_DESCRIPTOR; PrincipalSelfSid: PSID; TokenHandle: HANDLE; DesiredAccess: ULONG; ObjectTypeList: POBJECT_TYPE_LIST; ObjectTypeListLength: ULONG; GenericMapping: PGENERIC_MAPPING; PrivilegeSet: PPRIVILEGE_SET; PrivilegeSetLength: PULONG; GrantedAccess: PACCESS_MASK; AccessStatus: PULONG): NTSTATUS; stdcall; external ntdll name 'NtAccessCheckByType';

2031

function NtAccessCheckByTypeAndAuditAlarm(SubsystemName: PUNICODE_STRING; HandleId: PVOID; ObjectTypeName: PUNICODE_STRING; ObjectName: PUNICODE_STRING; SecurityDescriptor: PSECURITY_DESCRIPTOR; PrincipalSelfSid: PSID; DesiredAccess: ACCESS_MASK; AuditType: AUDIT_EVENT_TYPE; Flags: ULONG; ObjectTypeList: POBJECT_TYPE_LIST; ObjectTypeListLength: ULONG; GenericMapping: PGENERIC_MAPPING; ObjectCreation: ByteBool; GrantedAccess: PACCESS_MASK; AccessStatus: PULONG; GenerateOnClose: PBOOLEAN): NTSTATUS; stdcall; external ntdll name 'NtAccessCheckByTypeAndAuditAlarm';

2032

function NtAccessCheckByTypeResultList(SecurityDescriptor: PSECURITY_DESCRIPTOR; PrincipalSelfSid: PSID; TokenHandle: HANDLE; DesiredAccess: ACCESS_MASK; ObjectTypeList: POBJECT_TYPE_LIST; ObjectTypeListLength: ULONG; GenericMapping: PGENERIC_MAPPING; PrivilegeSet: PPRIVILEGE_SET; PrivilegeSetLength: PULONG; GrantedAccessList: PACCESS_MASK; AccessStatusList: PULONG): NTSTATUS; stdcall; external ntdll name 'NtAccessCheckByTypeResultList';

2033

function NtAccessCheckByTypeResultListAndAuditAlarm(SubsystemName: PUNICODE_STRING; HandleId: PVOID; ObjectTypeName: PUNICODE_STRING; ObjectName: PUNICODE_STRING; SecurityDescriptor: PSECURITY_DESCRIPTOR; PrincipalSelfSid: PSID; DesiredAccess: ACCESS_MASK; AuditType: AUDIT_EVENT_TYPE; Flags: ULONG; ObjectTypeList: POBJECT_TYPE_LIST; ObjectTypeListLength: ULONG; GenericMapping: PGENERIC_MAPPING; ObjectCreation: ByteBool; GrantedAccessList: PACCESS_MASK; AccessStatusList: PULONG; GenerateOnClose: PULONG): NTSTATUS; stdcall; external ntdll name 'NtAccessCheckByTypeResultListAndAuditAlarm';

2034

function NtAccessCheckByTypeResultListAndAuditAlarmByHandle(SubsystemName: PUNICODE_STRING; HandleId: PVOID; TokenHandle: HANDLE; ObjectTypeName: PUNICODE_STRING; ObjectName: PUNICODE_STRING; SecurityDescriptor: PSECURITY_DESCRIPTOR; PrincipalSelfSid: PSID; DesiredAccess: ACCESS_MASK; AuditType: AUDIT_EVENT_TYPE; Flags: ULONG; ObjectTypeList: POBJECT_TYPE_LIST; ObjectTypeListLength: ULONG; GenericMapping: PGENERIC_MAPPING; ObjectCreation: ByteBool; GrantedAccessList: PACCESS_MASK; AccessStatusList: PULONG; GenerateOnClose: PULONG): NTSTATUS; stdcall; external ntdll name 'NtAccessCheckByTypeResultListAndAuditAlarmByHandle';

2035

function NtOpenObjectAuditAlarm(SubsystemName: PUNICODE_STRING; HandleId: PPVOID; ObjectTypeName: PUNICODE_STRING; ObjectName: PUNICODE_STRING; SecurityDescriptor: PSECURITY_DESCRIPTOR; TokenHandle: HANDLE; DesiredAccess: ACCESS_MASK; GrantedAccess: ACCESS_MASK; Privileges: PPRIVILEGE_SET; ObjectCreation: ByteBool; AccessGranted: ByteBool; GenerateOnClose: PBOOLEAN): NTSTATUS; stdcall; external ntdll name 'NtOpenObjectAuditAlarm';

2036

function NtCloseObjectAuditAlarm(SubsystemName: PUNICODE_STRING; HandleId: PVOID; GenerateOnClose: ByteBool): NTSTATUS; stdcall; external ntdll name 'NtCloseObjectAuditAlarm';

2037

function NtDeleteObjectAuditAlarm(SubsystemName: PUNICODE_STRING; HandleId: PVOID; GenerateOnClose: ByteBool): NTSTATUS; stdcall; external ntdll name 'NtDeleteObjectAuditAlarm';

2038

function NtRequestWakeupLatency(Latency: LATENCY_TIME): NTSTATUS; stdcall; external ntdll name 'NtRequestWakeupLatency';

2039

function NtRequestDeviceWakeup(DeviceHandle: HANDLE): NTSTATUS; stdcall; external ntdll name 'NtRequestDeviceWakeup';

2040

function NtCancelDeviceWakeupRequest(DeviceHandle: HANDLE): NTSTATUS; stdcall; external ntdll name 'NtCancelDeviceWakeupRequest';

2041

function NtIsSystemResumeAutomatic: ByteBool; stdcall; external ntdll name 'NtIsSystemResumeAutomatic';

2042

2043

type

2044

PEXECUTION_STATE = ^EXECUTION_STATE;

2045

2046

function NtSetThreadExecutionState(ExecutionState: EXECUTION_STATE; PreviousExecutionState: PEXECUTION_STATE): NTSTATUS; stdcall; external ntdll name 'NtSetThreadExecutionState';

2047

function NtGetDevicePowerState(DeviceHandle: HANDLE; DevicePowerState: PDEVICE_POWER_STATE): NTSTATUS; stdcall; external ntdll name 'NtGetDevicePowerState';

2048

function NtSetSystemPowerState(SystemAction: POWER_ACTION; MinSystemState: SYSTEM_POWER_STATE; Flags: ULONG): NTSTATUS; stdcall; external ntdll name 'NtSetSystemPowerState';

2049

function NtInitiatePowerAction(SystemAction: POWER_ACTION; MinSystemState: SYSTEM_POWER_STATE; Flags: ULONG; Asynchronous: ByteBool): NTSTATUS; stdcall; external ntdll name 'NtInitiatePowerAction';

2050

function NtPowerInformation(PowerInformationLevel: POWER_INFORMATION_LEVEL; InputBuffer: PVOID; InputBufferLength: ULONG; OutputBuffer: PVOID; OutputBufferLength: ULONG): NTSTATUS; stdcall; external ntdll name 'NtPowerInformation';

2051

function NtGetPlugPlayEvent(Reserved1: ULONG; Reserved2: ULONG; Buffer: PVOID; BufferLength: ULONG): NTSTATUS; stdcall; external ntdll name 'NtGetPlugPlayEvent';

2052

function NtRaiseException(ExceptionRecord: PEXCEPTION_RECORD; Context: PCONTEXT; SearchFrames: ByteBool): NTSTATUS; stdcall; external ntdll name 'NtRaiseException';

2053

function NtContinue(Context: PCONTEXT; TestAlert: ByteBool): NTSTATUS; stdcall; external ntdll name 'NtContinue';

2054

2055

// TODO NOT EXPORTED FROM NTDLL

2056

//function ZwW32Call(RoutineIndex: ULONG; Argument: PVOID; ArgumentLength: ULONG; Result: PPVOID; ResultLength: PULONG): NTSTATUS; stdcall; external ntdll name 'ZwW32Call';

2057

2058

function NtCallbackReturn(Result: PVOID; ResultLength: ULONG; Status: NTSTATUS): NTSTATUS; stdcall; external ntdll name 'NtCallbackReturn';

2059

2060

// TODO NOT EXPORTED FROM NTDLL

2061

//function ZwSetLowWaitHighThread: NTSTATUS; stdcall; external ntdll name 'ZwSetLowWaitHighThread';

2062

//function ZwSetHighWaitLowThread: NTSTATUS; stdcall; external ntdll name 'ZwSetHighWaitLowThread';

2063

2064

function NtLoadDriver(DriverServiceName: PUNICODE_STRING): NTSTATUS; stdcall; external ntdll name 'NtLoadDriver';

2065

function NtUnloadDriver(DriverServiceName: PUNICODE_STRING): NTSTATUS; stdcall; external ntdll name 'NtUnloadDriver';

2066

function NtFlushInstructionCache(ProcessHandle: HANDLE; BaseAddress: PVOID; FlushSize: ULONG): NTSTATUS; stdcall; external ntdll name 'NtFlushInstructionCache';

2067

function NtFlushWriteBuffer: NTSTATUS; stdcall; external ntdll name 'NtFlushWriteBuffer';

2068

function NtQueryDefaultLocale(ThreadOrSystem: ByteBool; Locale: PLCID): NTSTATUS; stdcall; external ntdll name 'NtQueryDefaultLocale';

2069

function NtSetDefaultLocale(ThreadOrSystem: ByteBool; Locale: LCID): NTSTATUS; stdcall; external ntdll name 'NtSetDefaultLocale';

2070

2071

type

2072

PLANGID = ^LANGID;

2073

2074

function NtQueryDefaultUILanguage(LanguageId: PLANGID): NTSTATUS; stdcall; external ntdll name 'NtQueryDefaultUILanguage';

2075

function NtSetDefaultUILanguage(LanguageId: LANGID): NTSTATUS; stdcall; external ntdll name 'NtSetDefaultUILanguage';

2076

function NtQueryInstallUILanguage(LanguageId: PLANGID): NTSTATUS; stdcall; external ntdll name 'NtQueryInstallUILanguage';

2077

function NtAllocateLocallyUniqueId(Luid: PLUID): NTSTATUS; stdcall; external ntdll name 'NtAllocateLocallyUniqueId';

2078

function NtAllocateUuids(UuidLastTimeAllocated: PLARGE_INTEGER; UuidDeltaTime: PULONG; UuidSequenceNumber: PULONG; UuidSeed: PUCHAR): NTSTATUS; stdcall; external ntdll name 'NtAllocateUuids';

2079

function NtSetUuidSeed(UuidSeed: PUCHAR): NTSTATUS; stdcall; external ntdll name 'NtSetUuidSeed';

2080

function NtRaiseHardError(Status: NTSTATUS; NumberOfArguments: ULONG; StringArgumentsMask: ULONG; Arguments: PULONG; MessageBoxType: ULONG; MessageBoxResult: PULONG): NTSTATUS; stdcall; external ntdll name 'NtRaiseHardError';

2081

function NtSetDefaultHardErrorPort(PortHandle: HANDLE): NTSTATUS; stdcall; external ntdll name 'NtSetDefaultHardErrorPort';

2082

function NtDisplayString(Str: PUNICODE_STRING): NTSTATUS; stdcall; external ntdll name 'NtDisplayString';

2083

function NtCreatePagingFile(FileName: PUNICODE_STRING; InitialSize: PULARGE_INTEGER; MaximumSize: PULARGE_INTEGER; Reserved: ULONG): NTSTATUS; stdcall; external ntdll name 'NtCreatePagingFile';

2084

function NtAddAtom(Str: PWSTR; StringLength: ULONG; Atom: PUSHORT): NTSTATUS; stdcall; external ntdll name 'NtAddAtom';

2085

function NtFindAtom(Str: PWSTR; StringLength: ULONG; Atom: PUSHORT): NTSTATUS; stdcall; external ntdll name 'NtFindAtom';

2086

function NtDeleteAtom(Atom: USHORT): NTSTATUS; stdcall; external ntdll name 'NtDeleteAtom';

2087

2088

type

2089

_ATOM_INFORMATION_CLASS = (AtomBasicInformation, AtomListInformation);

2090

ATOM_INFORMATION_CLASS = _ATOM_INFORMATION_CLASS;

2091

2092

function NtQueryInformationAtom(Atom: USHORT; AtomInformationClass: ATOM_INFORMATION_CLASS; AtomInformation: PVOID; AtomInformationLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall; external ntdll name 'NtQueryInformationAtom';

2093

2094

type

2095

_ATOM_BASIC_INFORMATION = record

2096

ReferenceCount: USHORT;

2097

Pinned: USHORT;

2098

NameLength: USHORT;

2099

Name: array [0..0] of WCHAR;

2100

end;

2101

ATOM_BASIC_INFORMATION = _ATOM_BASIC_INFORMATION;

2102

PATOM_BASIC_INFORMATION = ^ATOM_BASIC_INFORMATION;

2103

2104

_ATOM_LIST_INFORMATION = record

2105

NumberOfAtoms: ULONG;

2106

Atoms: array [0..0] of ATOM;

2107

end;

2108

ATOM_LIST_INFORMATION = _ATOM_LIST_INFORMATION;

2109

PATOM_LIST_INFORMATION = ^ATOM_LIST_INFORMATION;

2110

2111

function NtSetLdtEntries(Selector1: ULONG; LdtEntry1: LDT_ENTRY; Selector2: ULONG; LdtEntry2: LDT_ENTRY): NTSTATUS; stdcall; external ntdll name 'NtSetLdtEntries';

2112

function NtVdmControl(ControlCode: ULONG; ControlData: PVOID): NTSTATUS; stdcall; external ntdll name 'NtVdmControl';

2113

2114

//==============================================================================

2115

// NTFS on disk structure structures

2116

//==============================================================================

2117

2118

type

2119

_NTFS_RECORD_HEADER = record

2120

Type_: ULONG;

2121

UsaOffset: USHORT;

2122

UsaCount: USHORT;

2123

Usn: USN;

2124

end;

2125

NTFS_RECORD_HEADER = _NTFS_RECORD_HEADER;

2126

PNTFS_RECORD_HEADER = ^NTFS_RECORD_HEADER;

2127

2128

_FILE_RECORD_HEADER = record

2129

Ntfs: NTFS_RECORD_HEADER;

2130

SequenceNumber: USHORT;

2131

LinkCount: USHORT;

2132

AttributesOffset: USHORT;

2133

Flags: USHORT; // 0x0001 = InUse, 0x0002 = Directory

2134

BytesInUse: ULONG;

2135

BytesAllocated: ULONG;

2136

BaseFileRecord: ULONGLONG;

2137

NextAttributeNumber: USHORT;

2138

end;

2139

FILE_RECORD_HEADER = _FILE_RECORD_HEADER;

2140

PFILE_RECORD_HEADER = ^FILE_RECORD_HEADER;

2141

2142

const

2143

AttributeStandardInformation = $10;

2144

AttributeAttributeList = $20;

2145

AttributeFileName = $30;

2146

AttributeObjectId = $40;

2147

AttributeSecurityDescriptor = $50;

2148

AttributeVolumeName = $60;

2149

AttributeVolumeInformation = $70;

2150

AttributeData = $80;

2151

AttributeIndexRoot = $90;

2152

AttributeIndexAllocation = $A0;

2153

AttributeBitmap = $B0;

2154

AttributeReparsePoint = $C0;

2155

AttributeEAInformation = $D0;

2156

AttributeEA = $E0;

2157

AttributePropertySet = $F0;

2158

AttributeLoggedUtilityStream = $100;

2159

2160

type

2161

ATTRIBUTE_TYPE = AttributeStandardInformation..AttributeLoggedUtilityStream;

2162

PATTRIBUTE_TYPE = ^ATTRIBUTE_TYPE;

2163

2164

_ATTRIBUTE = record

2165

AttributeType: ATTRIBUTE_TYPE;

2166

Length: ULONG;

2167

Nonresident: ByteBool;

2168

NameLength: UCHAR;

2169

NameOffset: USHORT;

2170

Flags: USHORT; // 0x0001 = Compressed

2171

AttributeNumber: USHORT;

2172

end;

2173

ATTRIBUTE = _ATTRIBUTE;

2174

PATTRIBUTE = ^ATTRIBUTE;

2175

2176

_RESIDENT_ATTRIBUTE = record

2177

Attribute: ATTRIBUTE;

2178

ValueLength: ULONG;

2179

ValueOffset: USHORT;

2180

Flags: USHORT; // 0x0001 = Indexed

2181

end;

2182

RESIDENT_ATTRIBUTE = _RESIDENT_ATTRIBUTE;

2183

PRESIDENT_ATTRIBUTE = ^RESIDENT_ATTRIBUTE;

2184

2185

_NONRESIDENT_ATTRIBUTE = record

2186

Attribute: ATTRIBUTE;

2187

LowVcn: ULONGLONG;

2188

HighVcn: ULONGLONG;

2189

RunArrayOffset: USHORT;

2190

CompressionUnit: UCHAR;

2191

AlignmentOrReserved: array [0..4] of UCHAR;

2192

AllocatedSize: ULONGLONG;

2193

DataSize: ULONGLONG;

2194

InitializedSize: ULONGLONG;

2195

CompressedSize: ULONGLONG; // Only when compressed

2196

end;

2197

NONRESIDENT_ATTRIBUTE = _NONRESIDENT_ATTRIBUTE;

2198

PNONRESIDENT_ATTRIBUTE = ^NONRESIDENT_ATTRIBUTE;

2199

2200

_STANDARD_INFORMATION = record

2201

CreationTime: ULONGLONG;

2202

ChangeTime: ULONGLONG;

2203

LastWriteTime: ULONGLONG;

2204

LastAccessTime: ULONGLONG;

2205

FileAttributes: ULONG;

2206

AlignmentOrReservedOrUnknown: array [0..2] of ULONG;

2207

QuotaId: ULONG; // NTFS 3.0 only

2208

SecurityId: ULONG; // NTFS 3.0 only

2209

QuotaCharge: ULONGLONG; // NTFS 3.0 only

2210

Usn: USN; // NTFS 3.0 only

2211

end;

2212

STANDARD_INFORMATION = _STANDARD_INFORMATION;

2213

PSTANDARD_INFORMATION = ^STANDARD_INFORMATION;

2214

2215

_ATTRIBUTE_LIST = record

2216

AttributeType: ATTRIBUTE_TYPE;

2217

Length: USHORT;

2218

NameLength: UCHAR;

2219

NameOffset: UCHAR;

2220

LowVcn: ULONGLONG;

2221

FileReferenceNumber: ULONGLONG;

2222

AttributeNumber: USHORT;

2223

AlignmentOrReserved: array [0..2] of USHORT;

2224

end;

2225

ATTRIBUTE_LIST = _ATTRIBUTE_LIST;

2226

PATTRIBUTE_LIST = ^ATTRIBUTE_LIST;

2227

2228

_FILENAME_ATTRIBUTE = record

2229

DirectoryFileReferenceNumber: ULONGLONG;

2230

CreationTime: ULONGLONG; // Saved when filename last changed

2231

ChangeTime: ULONGLONG; // ditto

2232

LastWriteTime: ULONGLONG; // ditto

2233

LastAccessTime: ULONGLONG; // ditto

2234

AllocatedSize: ULONGLONG; // ditto

2235

DataSize: ULONGLONG; // ditto

2236

FileAttributes: ULONG; // ditto

2237

AlignmentOrReserved: ULONG;

2238

NameLength: UCHAR;

2239

NameType: UCHAR; // 0x01 = Long, 0x02 = Short

2240

Name: array [0..0] of UCHAR;

2241

end;

2242

FILENAME_ATTRIBUTE = _FILENAME_ATTRIBUTE;

2243

PFILENAME_ATTRIBUTE = ^FILENAME_ATTRIBUTE;

2244

2245

_OBJECTID_ATTRIBUTE = record

2246

ObjectId: GUID;

2247

case Integer of

2248

0: (

2249

BirthVolumeId: GUID;

2250

BirthObjectId: GUID;

2251

DomainId: GUID);

2252

1: (

2253

ExtendedInfo: array [0..47] of UCHAR);

2254

end;

2255

OBJECTID_ATTRIBUTE = _OBJECTID_ATTRIBUTE;

2256

POBJECTID_ATTRIBUTE = ^OBJECTID_ATTRIBUTE;

2257

2258

_VOLUME_INFORMATION = record

2259

Unknown: array [0..1] of ULONG;

2260

MajorVersion: UCHAR;

2261

MinorVersion: UCHAR;

2262

Flags: USHORT;

2263

end;

2264

VOLUME_INFORMATION = _VOLUME_INFORMATION;

2265

PVOLUME_INFORMATION = ^VOLUME_INFORMATION;

2266

2267

_DIRECTORY_INDEX = record

2268

EntriesOffset: ULONG;

2269

IndexBlockLength: ULONG;

2270

AllocatedSize: ULONG;

2271

Flags: ULONG; // 0x00 = Small directory, 0x01 = Large directory

2272

end;

2273

DIRECTORY_INDEX = _DIRECTORY_INDEX;

2274

PDIRECTORY_INDEX = ^DIRECTORY_INDEX;

2275

2276

_DIRECTORY_ENTRY = record

2277

FileReferenceNumber: ULONGLONG;

2278

Length: USHORT;

2279

AttributeLength: USHORT;

2280

Flags: ULONG; // 0x01 = Has trailing VCN, 0x02 = Last entry

2281

// FILENAME_ATTRIBUTE Name;

2282

// ULONGLONG Vcn; // VCN in IndexAllocation of earlier entries

2283

end;

2284

DIRECTORY_ENTRY = _DIRECTORY_ENTRY;

2285

PDIRECTORY_ENTRY = ^DIRECTORY_ENTRY;

2286

2287

_INDEX_ROOT = record

2288

Type_: ATTRIBUTE_TYPE;

2289

CollationRule: ULONG;

2290

BytesPerIndexBlock: ULONG;

2291

ClustersPerIndexBlock: ULONG;

2292

DirectoryIndex: DIRECTORY_INDEX;

2293

end;

2294

INDEX_ROOT = _INDEX_ROOT;

2295

PINDEX_ROOT = ^INDEX_ROOT;

2296

2297

_INDEX_BLOCK_HEADER = record

2298

Ntfs: NTFS_RECORD_HEADER;

2299

IndexBlockVcn: ULONGLONG;

2300

DirectoryIndex: DIRECTORY_INDEX;

2301

end;

2302

INDEX_BLOCK_HEADER = _INDEX_BLOCK_HEADER;

2303

PINDEX_BLOCK_HEADER = ^INDEX_BLOCK_HEADER;

2304

2305

_REPARSE_POINT = record

2306

ReparseTag: ULONG;

2307

ReparseDataLength: USHORT;

2308

Reserved: USHORT;

2309

ReparseData: array [0..0] of UCHAR;

2310

end;

2311

REPARSE_POINT = _REPARSE_POINT;

2312

PREPARSE_POINT = ^REPARSE_POINT;

2313

2314

_EA_INFORMATION = record

2315

EaLength: ULONG;

2316

EaQueryLength: ULONG;

2317

end;

2318

EA_INFORMATION = _EA_INFORMATION;

2319

PEA_INFORMATION = ^EA_INFORMATION;

2320

2321

_EA_ATTRIBUTE = record

2322

NextEntryOffset: ULONG;

2323

Flags: UCHAR;

2324

EaNameLength: UCHAR;

2325

EaValueLength: USHORT;

2326

EaName: array [0..0] of CHAR;

2327

// UCHAR EaData[];

2328

end;

2329

EA_ATTRIBUTE = _EA_ATTRIBUTE;

2330

PEA_ATTRIBUTE = ^EA_ATTRIBUTE;

2331

2332

_ATTRIBUTE_DEFINITION = record

2333

AttributeName: array [0..63] of WCHAR;

2334

AttributeNumber: ULONG;

2335

Unknown: array [0..1] of ULONG;

2336

Flags: ULONG;

2337

MinimumSize: ULONGLONG;

2338

MaximumSize: ULONGLONG;

2339

end;

2340

ATTRIBUTE_DEFINITION = _ATTRIBUTE_DEFINITION;

2341

PATTRIBUTE_DEFINITION = ^ATTRIBUTE_DEFINITION;

2342

2343

_BOOT_BLOCK = record

2344

Jump: array [0..2] of UCHAR;

2345

Format: array [0..7] of UCHAR;

2346

BytesPerSector: USHORT;

2347

SectorsPerCluster: UCHAR;

2348

BootSectors: USHORT;

2349

Mbz1: UCHAR;

2350

Mbz2: USHORT;

2351

Reserved1: USHORT;

2352

MediaType: UCHAR;

2353

Mbz3: USHORT;

2354

SectorsPerTrack: USHORT;

2355

NumberOfHeads: USHORT;

2356

PartitionOffset: ULONG;

2357

Reserved2: array [0..1] of ULONG;

2358

TotalSectors: ULONGLONG;

2359

MftStartLcn: ULONGLONG;

2360

Mft2StartLcn: ULONGLONG;

2361

ClustersPerFileRecord: ULONG;

2362

ClustersPerIndexBlock: ULONG;

2363

VolumeSerialNumber: ULONGLONG;

2364

Code: array [0..$1AD] of UCHAR;

2365

BootSignature: USHORT;

2366

end;

2367

BOOT_BLOCK = _BOOT_BLOCK;

2368

PBOOT_BLOCK = ^BOOT_BLOCK;

2369

2370

//==============================================================================

2371

// Loader API

2372

//==============================================================================

2373

2374

function LdrDisableThreadCalloutsForDll(hModule: HANDLE): NTSTATUS; stdcall; external ntdll name 'LdrDisableThreadCalloutsForDll';

2375

function LdrGetDllHandle(pwPath: PWORD; pReserved: PVOID; pusPath: PUNICODE_STRING; phModule: PHANDLE): NTSTATUS; stdcall; external ntdll name 'LdrGetDllHandle';

2376

function LdrGetProcedureAddress(hModule: HANDLE; dOrdinal: DWORD; psName: PSTRING; ppProcedure: PPVOID): NTSTATUS; stdcall; external ntdll name 'LdrGetProcedureAddress';

2377

function LdrLoadDll(pwPath: PWORD; pdFlags: PDWORD; pusPath: PUNICODE_STRING; phModule: PHANDLE): NTSTATUS; stdcall; external ntdll name 'LdrLoadDll';

2378

function LdrQueryProcessModuleInformation(psmi: PSYSTEM_MODULE_INFORMATION; dSize: DWORD; pdSize: PDWORD): NTSTATUS; stdcall; external ntdll name 'LdrQueryProcessModuleInformation';

2379

function LdrQueryImageFileExecutionOptions (pusImagePath: PUNICODE_STRING; pwOptionName: PWORD; dRequestedType: DWORD; pData: PVOID; dSize: DWORD; pdSize: PDWORD): NTSTATUS; stdcall; external ntdll name 'LdrQueryImageFileExecutionOptions ';

2380

function LdrUnloadDll(hModule: HANDLE): NTSTATUS; stdcall; external ntdll name 'LdrUnloadDll';

2381

2382

//LdrAccessResource

2383

//LdrAlternateResourcesEnabled

2384

//LdrEnumResources

2385

//LdrFindEntryForAddress

2386

//LdrFindResourceDirectory_U

2387

//LdrFindResource_U

2388

//LdrFlushAlternateResourceModules

2389

//LdrInitializeThunk

2390

//LdrLoadAlternateResourceModule

2391

//LdrProcessRelocationBlock

2392

//LdrShutdownProcess

2393

//LdrShutdownThread

2394

//LdrUnloadAlternateResourceModule

2395

//LdrVerifyImageMatchesChecksum

2396

2397

//==============================================================================

2398

// CSR

2399

//==============================================================================

2400

2401

//CsrAllocateCaptureBuffer

2402

//CsrAllocateMessagePointer

2403

//CsrCaptureMessageBuffer

2404

//CsrCaptureMessageString

2405

//CsrCaptureTimeout

2406

//CsrClientCallServer

2407

//CsrClientConnectToServer

2408

//CsrFreeCaptureBuffer

2409

//CsrIdentifyAlertableThread

2410

//CsrNewThread

2411

//CsrProbeForRead

2412

//CsrProbeForWrite

2413

//CsrSetPriorityClass

2414

2415

//==============================================================================

2416

// Debug

2417

//==============================================================================

2418

2419

//DbgPrompt

2420

//DbgSsHandleKmApiMsg

2421

//DbgSsInitialize

2422

//DbgUiConnectToDbg

2423

//DbgUiContinue

2424

//DbgUiWaitStateChange

2425

//DbgUserBreakPoint

2426

2427

2428

// Define kernel debugger print prototypes and macros.

2429

2430

// N.B. The following function cannot be directly imported because there are

2431

// a few places in the source tree where this function is redefined.

2432

2433

2434

//procedure DbgBreakPoint;

2435

//procedure DbgBreakPointWithStatus(Status: ULONG); stdcall; external ntdll name 'DbgBreakPointWithStatus';

2436

2437

const

2438

DBG_STATUS_CONTROL_C = 1;

2439

DBG_STATUS_SYSRQ = 2;

2440

DBG_STATUS_BUGCHECK_FIRST = 3;

2441

DBG_STATUS_BUGCHECK_SECOND = 4;

2442

DBG_STATUS_FATAL = 5;

2443

DBG_STATUS_DEBUG_CONTROL = 6;

2444

2445

//function DbgPrint(Format: PCH; ...): ULONG; cdecl;

2446

//function DbgPrintReturnControlC(Format: PCH; ...): ULONG; cdecl;

2447

2448

//==============================================================================

2449

// Runtime Library

2450

//==============================================================================

2451

2452

const

2453

RTL_RANGE_LIST_ADD_IF_CONFLICT = $00000001;

2454

RTL_RANGE_LIST_ADD_SHARED = $00000002;

2455

2456

const

2457

RTL_RANGE_LIST_SHARED_OK = $00000001;

2458

RTL_RANGE_LIST_NULL_CONFLICT_OK = $00000002;

2459

2460

type

2461

PRTL_CONFLICT_RANGE_CALLBACK = function(Context: PVOID; Range: PRTL_RANGE): ByteBool; stdcall;

2462

2463

type

2464

_OSVERSIONINFOW = record

2465

dwOSVersionInfoSize: ULONG;

2466

dwMajorVersion: ULONG;

2467

dwMinorVersion: ULONG;

2468

dwBuildNumber: ULONG;

2469

dwPlatformId: ULONG;

2470

szCSDVersion: array [0..127] of WCHAR; // Maintenance string for PSS usage

2471

end;

2472

OSVERSIONINFOW = _OSVERSIONINFOW;

2473

POSVERSIONINFOW = ^OSVERSIONINFOW;

2474

LPOSVERSIONINFOW = ^OSVERSIONINFOW;

2475

RTL_OSVERSIONINFOW = OSVERSIONINFOW;

2476

PRTL_OSVERSIONINFOW = ^OSVERSIONINFOW;

2477

2478

OSVERSIONINFO = OSVERSIONINFOW;

2479

POSVERSIONINFO = POSVERSIONINFOW;

2480

LPOSVERSIONINFO = LPOSVERSIONINFOW;

2481

2482

const

2483

VER_PLATFORM_WIN32s = 0;

2484

VER_PLATFORM_WIN32_WINDOWS = 1;

2485

VER_PLATFORM_WIN32_NT = 2;

2486

2487

type

2488

_RTL_BITMAP = record

2489

SizeOfBitMap: ULONG; // Number of bits in bit map

2490

Buffer: PULONG; // Pointer to the bit map itself

2491

end;

2492

RTL_BITMAP = _RTL_BITMAP;

2493

PRTL_BITMAP = ^RTL_BITMAP;

2494

2495

const

2496

RTL_REGISTRY_ABSOLUTE = 0; // Path is a full path

2497

RTL_REGISTRY_SERVICES = 1; // \Registry\Machine\System\CurrentControlSet\Services

2498

RTL_REGISTRY_CONTROL = 2; // \Registry\Machine\System\CurrentControlSet\Control

2499

RTL_REGISTRY_WINDOWS_NT = 3; // \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion

2500

RTL_REGISTRY_DEVICEMAP = 4; // \Registry\Machine\Hardware\DeviceMap

2501

RTL_REGISTRY_USER = 5; // \Registry\User\CurrentUser

2502

RTL_REGISTRY_MAXIMUM = 6;

2503

RTL_REGISTRY_HANDLE = $40000000; // Low order bits are registry handle

2504

RTL_REGISTRY_OPTIONAL = $80000000; // Indicates the key node is optional

2505

2506

type

2507

_TIME_FIELDS = record

2508

Year: CSHORT; // range [1601...]

2509

Month: CSHORT; // range [1..12]

2510

Day: CSHORT; // range [1..31]

2511

Hour: CSHORT; // range [0..23]

2512

Minute: CSHORT; // range [0..59]

2513

Second: CSHORT; // range [0..59]

2514

Milliseconds: CSHORT; // range [0..999]

2515

Weekday: CSHORT; // range [0..6] == [Sunday..Saturday]

2516

end;

2517

TIME_FIELDS = _TIME_FIELDS;

2518

PTIME_FIELDS = ^TIME_FIELDS;

2519

2520

type

2521

_OSVERSIONINFOEXW =record

2522

dwOSVersionInfoSize: ULONG;

2523

dwMajorVersion: ULONG;

2524

dwMinorVersion: ULONG;

2525

dwBuildNumber: ULONG;

2526

dwPlatformId: ULONG;

2527

szCSDVersion: array [0..127] of WCHAR; // Maintenance string for PSS usage

2528

wServicePackMajor: USHORT;

2529

wServicePackMinor: USHORT;

2530

wSuiteMask: USHORT;

2531

wProductType: UCHAR;

2532

wReserved: UCHAR;

2533

end;

2534

OSVERSIONINFOEXW = _OSVERSIONINFOEXW;

2535

POSVERSIONINFOEXW = ^OSVERSIONINFOEXW;

2536

LPOSVERSIONINFOEXW = ^OSVERSIONINFOEXW;

2537

RTL_OSVERSIONINFOEXW = OSVERSIONINFOEXW;

2538

PRTL_OSVERSIONINFOEXW = ^OSVERSIONINFOEXW;

2539

2540

OSVERSIONINFOEX = OSVERSIONINFOEXW;

2541

POSVERSIONINFOEX = POSVERSIONINFOEXW;

2542

LPOSVERSIONINFOEX = LPOSVERSIONINFOEXW;

2543

2544

2545

// RtlVerifyVersionInfo() conditions

2546

2547

2548

const

2549

VER_EQUAL = 1;

2550

VER_GREATER = 2;

2551

VER_GREATER_EQUAL = 3;

2552

VER_LESS = 4;

2553

VER_LESS_EQUAL = 5;

2554

VER_AND = 6;

2555

VER_OR = 7;

2556

2557

VER_CONDITION_MASK = 7;

2558

VER_NUM_BITS_PER_CONDITION_MASK = 3;

2559

2560

2561

// RtlVerifyVersionInfo() type mask bits

2562

2563

2564

VER_MINORVERSION = $0000001;

2565

VER_MAJORVERSION = $0000002;

2566

VER_BUILDNUMBER = $0000004;

2567

VER_PLATFORMID = $0000008;

2568

VER_SERVICEPACKMINOR = $0000010;

2569

VER_SERVICEPACKMAJOR = $0000020;

2570

VER_SUITENAME = $0000040;

2571

VER_PRODUCT_TYPE = $0000080;

2572

2573

2574

// RtlVerifyVersionInfo() os product type values

2575

2576

2577

VER_NT_WORKSTATION = $0000001;

2578

VER_NT_DOMAIN_CONTROLLER = $0000002;

2579

VER_NT_SERVER = $0000003;

2580

2581

type

2582

PRTL_QUERY_REGISTRY_ROUTINE = function(ValueName: PWSTR; ValueType: ULONG;

2583

ValueData: PVOID; ValueLength: ULONG; Context, EntryContext: PVOID): NTSTATUS; stdcall;

2584

2585

_RTL_QUERY_REGISTRY_TABLE = record

2586

QueryRoutine: PRTL_QUERY_REGISTRY_ROUTINE;

2587

Flags: ULONG;

2588

Name: PWSTR;

2589

EntryContext: PVOID;

2590

DefaultType: ULONG;

2591

DefaultData: PVOID;

2592

DefaultLength: ULONG;

2593

end;

2594

RTL_QUERY_REGISTRY_TABLE = _RTL_QUERY_REGISTRY_TABLE;

2595

PRTL_QUERY_REGISTRY_TABLE = ^RTL_QUERY_REGISTRY_TABLE;

2596

2597

REFGUID = ^GUID;

2598

2599

function RtlAddRange(RangeList: PRTL_RANGE_LIST; Start, End_: ULONGLONG; Attributes: UCHAR; Flags: ULONG; UserData, Owner: PVOID): NTSTATUS; stdcall; external ntdll name 'RtlAddRange'; external;

2600

function RtlAnsiStringToUnicodeString(DestinationString: PUNICODE_STRING; SourceString: PANSI_STRING; AllocateDestinationString: ByteBool): NTSTATUS; stdcall; external ntdll name 'RtlAnsiStringToUnicodeString'; external;

2601

function RtlAppendUnicodeStringToString(Destination, Source: PUNICODE_STRING): NTSTATUS; stdcall; external ntdll name 'RtlAppendUnicodeStringToString'; external;

2602

function RtlAppendUnicodeToString(Destination: PUNICODE_STRING; Source: LPCWSTR): NTSTATUS; stdcall; external ntdll name 'RtlAppendUnicodeToString';

2603

function RtlAreBitsClear(BitMapHeader: PRTL_BITMAP; StartingIndex, Length: ULONG): ByteBool; stdcall; external ntdll name 'RtlAreBitsClear';

2604

function RtlAreBitsSet(BitMapHeader: PRTL_BITMAP; StartingIndex, Length: ULONG): ByteBool; stdcall; external ntdll name 'RtlAreBitsSet';

2605

procedure RtlAssert(FailedAssertion, FileName: PVOID; LineNumber: ULONG; Message: PCHAR); stdcall; external ntdll name 'RtlAssert';

2606

function RtlCharToInteger(Str: PCSZ; Base: ULONG; Value: PULONG): NTSTATUS; stdcall; external ntdll name 'RtlCharToInteger';

2607

function RtlCheckRegistryKey(RelativeTo: ULONG; Path: PWSTR): NTSTATUS; stdcall; external ntdll name 'RtlCheckRegistryKey';

2608

procedure RtlClearAllBits(BitMapHeader: PRTL_BITMAP); stdcall; external ntdll name 'RtlClearAllBits';

2609

procedure RtlClearBits(BitMapHeader: PRTL_BITMAP; StartingIndex, NumberToClear: ULONG); stdcall; external ntdll name 'RtlClearBits';

2610

function RtlCompareMemory(Source1, Source2: LPVOID; Length: SIZE_T): SIZE_T; stdcall; external ntdll name 'RtlCompareMemory';

2611

function RtlCompareString(String1, String2: PSTRING; CaseInSensitive: ByteBool): LONG; stdcall; external ntdll name 'RtlCompareString';

2612

function RtlCompareUnicodeString(String1, String2: PUNICODE_STRING; CaseInSensitive: ByteBool): LONG; stdcall; external ntdll name 'RtlCompareUnicodeString';

2613

function RtlConvertLongToLargeInteger(SignedInteger: LONG): LARGE_INTEGER; stdcall; external ntdll name 'RtlConvertLongToLargeInteger';

2614

function RtlConvertUlongToLargeInteger(UnsignedInteger: ULONG): LARGE_INTEGER; stdcall; external ntdll name 'RtlConvertUlongToLargeInteger';

2615

function RtlCopyRangeList(CopyRangeList: PRTL_RANGE_LIST; RangeList: PRTL_RANGE_LIST): NTSTATUS; stdcall; external ntdll name 'RtlCopyRangeList';

2616

procedure RtlCopyString(DestinationString, SourceString: PSTRING); stdcall; external ntdll name 'RtlCopyString';

2617

procedure RtlCopyUnicodeString(DestinationString, SourceString: PUNICODE_STRING); stdcall; external ntdll name 'RtlCopyUnicodeString';

2618

function RtlCreateRegistryKey(RelativeTo: ULONG; Path: PWSTR): NTSTATUS; stdcall; external ntdll name 'RtlCreateRegistryKey';

2619

function RtlCreateSecurityDescriptor(SecurityDescriptor: PSECURITY_DESCRIPTOR; Revision: ULONG): NTSTATUS; stdcall; external ntdll name 'RtlCreateSecurityDescriptor';

2620

function RtlDeleteOwnersRanges(RangeList: PRTL_RANGE_LIST; Owner: PVOID): NTSTATUS; stdcall; external ntdll name 'RtlDeleteOwnersRanges';

2621

function RtlDeleteRange(RangeList: PRTL_RANGE_LIST; Start, End_: ULONGLONG; Owner: PVOID): NTSTATUS; stdcall; external ntdll name 'RtlDeleteRange';

2622

function RtlDeleteRegistryValue(RelativeTo: ULONG; Path, ValueName: LPCWSTR): NTSTATUS; stdcall; external ntdll name 'RtlDeleteRegistryValue';

2623

function RtlEqualString(String1, String2: PSTRING; CaseInSensitive: ByteBool): ByteBool; stdcall; external ntdll name 'RtlEqualString';

2624

function RtlEqualUnicodeString(String1, String2: PUNICODE_STRING; CaseInSensitive: ByteBool): ByteBool; stdcall; external ntdll name 'RtlEqualUnicodeString';

2625

function RtlExtendedIntegerMultiply(Multiplicand: LARGE_INTEGER; Multiplier: LONG): LARGE_INTEGER; stdcall; external ntdll name 'RtlExtendedIntegerMultiply';

2626

function RtlExtendedLargeIntegerDivide(Dividend: LARGE_INTEGER; Divisor: ULONG; Remainder: PULONG): LARGE_INTEGER; stdcall; external ntdll name 'RtlExtendedLargeIntegerDivide';

2627

function RtlExtendedMagicDivide(Dividend, MagicDivisor: LARGE_INTEGER; ShiftCount: CCHAR): LARGE_INTEGER; stdcall; external ntdll name 'RtlExtendedMagicDivide';

2628

procedure RtlFillMemory(Destination: LPVOID; Length: SIZE_T; Fill: UCHAR); stdcall; external ntdll name 'RtlFillMemory';

2629

function RtlFindClearBits(BitMapHeader: PRTL_BITMAP; NumberToFind, HintIndex: ULONG): ULONG; stdcall; external ntdll name 'RtlFindClearBits';

2630

function RtlFindClearBitsAndSet(BitMapHeader: PRTL_BITMAP; NumberToFind, HintIndex: ULONG): ULONG; stdcall; external ntdll name 'RtlFindClearBitsAndSet';

2631

function RtlFindLastBackwardRunClear(BitMapHeader: PRTL_BITMAP; FromIndex: ULONG; StartingRunIndex: PULONG): ULONG; stdcall; external ntdll name 'RtlFindLastBackwardRunClear';

2632

function RtlFindLeastSignificantBit(Set_: ULONGLONG): CCHAR; stdcall; external ntdll name 'RtlFindLeastSignificantBit';

2633

function RtlFindLongestRunClear(BitMapHeader: PRTL_BITMAP; StartingIndex: PULONG): ULONG; stdcall; external ntdll name 'RtlFindLongestRunClear';

2634

function RtlFindMostSignificantBit(Set_: ULONGLONG): CCHAR; stdcall; external ntdll name 'RtlFindMostSignificantBit';

2635

function RtlFindNextForwardRunClear(BitMapHeader: PRTL_BITMAP; FromIndex: ULONG; StartingRunIndex: PULONG): ULONG; stdcall; external ntdll name 'RtlFindNextForwardRunClear';

2636

function RtlFindRange(RangeList: PRTL_RANGE_LIST; Minimum, Maximum: ULONGLONG; Length, Alignment, Flags: ULONG; AttributeAvailableMask: UCHAR; Context: PVOID; Callback: PRTL_CONFLICT_RANGE_CALLBACK; Start: PULONGLONG): NTSTATUS; stdcall; external ntdll name 'RtlFindRange';

2637

function RtlFindSetBits(BitMapHeader: PRTL_BITMAP; NumberToFind, HintIndex: ULONG): ULONG; stdcall; external ntdll name 'RtlFindSetBits';

2638

function RtlFindSetBitsAndClear(BitMapHeader: PRTL_BITMAP; NumberToFind, HintIndex: ULONG): ULONG; stdcall; external ntdll name 'RtlFindSetBitsAndClear';

2639

procedure RtlFreeAnsiString(AnsiString: PANSI_STRING); stdcall; external ntdll name 'RtlFreeAnsiString';

2640

procedure RtlFreeRangeList(RangeList: PRTL_RANGE_LIST); stdcall; external ntdll name 'RtlFreeRangeList';

2641

procedure RtlFreeUnicodeString(UnicodeString: PUNICODE_STRING); stdcall; external ntdll name 'RtlFreeUnicodeString';

2642

function RtlGUIDFromString(GuidString: PUNICODE_STRING; Guid: LPGUID): NTSTATUS; stdcall; external ntdll name 'RtlGUIDFromString';

2643

procedure RtlGetCallersAddress(CallersAddress, CallersCaller: PPVOID); stdcall; external ntdll name 'RtlGetCallersAddress';

2644

function RtlGetFirstRange(RangeList: PRTL_RANGE_LIST; Iterator: PRTL_RANGE_LIST_ITERATOR; var Range: PRTL_RANGE): NTSTATUS; stdcall; external ntdll name 'RtlGetFirstRange';

2645

function RtlGetNextRange(Iterator: PRTL_RANGE_LIST_ITERATOR; var Range: PRTL_RANGE; MoveForwards: ByteBool): NTSTATUS; stdcall; external ntdll name 'RtlGetNextRange';

2646

function RtlGetVersion(lpVersionInformation: PRTL_OSVERSIONINFOW): NTSTATUS; stdcall; external ntdll name 'RtlGetVersion';

2647

procedure RtlInitAnsiString(DestinationString: PANSI_STRING; SourceString: PCSZ); stdcall; external ntdll name 'RtlInitAnsiString';

2648

procedure RtlInitString(DestinationString: PSTRING; SourceString: PCSZ); stdcall; external ntdll name 'RtlInitString';

2649

procedure RtlInitUnicodeString(DestinationString: PUNICODE_STRING; SourceString: LPCWSTR); stdcall; external ntdll name 'RtlInitUnicodeString';

2650

procedure RtlInitializeBitMap(BitMapHeader: PRTL_BITMAP; BitMapBuffer: PULONG; SizeOfBitMap: ULONG); stdcall; external ntdll name 'RtlInitializeBitMap';

2651

procedure RtlInitializeRangeList(RangeList: PRTL_RANGE_LIST); stdcall; external ntdll name 'RtlInitializeRangeList';

2652

function RtlInt64ToUnicodeString(Value: ULONGLONG; Base: ULONG; Str: PUNICODE_STRING): NTSTATUS; stdcall; external ntdll name 'RtlInt64ToUnicodeString';

2653

function RtlIntegerToUnicodeString(Value, Base: ULONG; Str: PUNICODE_STRING): NTSTATUS; stdcall; external ntdll name 'RtlIntegerToUnicodeString';

2654

function RtlInvertRangeList(InvertedRangeList: PRTL_RANGE_LIST; RangeList: PRTL_RANGE_LIST): NTSTATUS; stdcall; external ntdll name 'RtlInvertRangeList';

2655

function RtlIsRangeAvailable(RangeList: PRTL_RANGE_LIST; Start, End_: ULONGLONG; Flags: ULONG; AttributeAvailableMask: UCHAR; Context: PVOID; Callback: PRTL_CONFLICT_RANGE_CALLBACK; Available: PBOOLEAN): NTSTATUS; stdcall; external ntdll name 'RtlIsRangeAvailable';

2656

function RtlLargeIntegerArithmeticShift(LargeInteger: LARGE_INTEGER; ShiftCount: CCHAR): LARGE_INTEGER; stdcall; external ntdll name 'RtlLargeIntegerArithmeticShift';

2657

function RtlLargeIntegerDivide(Dividend, Divisor: LARGE_INTEGER; Remainder: PLARGE_INTEGER): LARGE_INTEGER; stdcall; external ntdll name 'RtlLargeIntegerDivide';

2658

function RtlLargeIntegerShiftLeft(LargeInteger: LARGE_INTEGER; ShiftCount: CCHAR): LARGE_INTEGER; stdcall; external ntdll name 'RtlLargeIntegerShiftLeft';

2659

function RtlLargeIntegerShiftRight(LargeInteger: LARGE_INTEGER; ShiftCount: CCHAR): LARGE_INTEGER; stdcall; external ntdll name 'RtlLargeIntegerShiftRight';

2660

function RtlLengthSecurityDescriptor(SecurityDescriptor: PSECURITY_DESCRIPTOR): ULONG; stdcall; external ntdll name 'RtlLengthSecurityDescriptor';

2661

procedure RtlMapGenericMask(AccessMask: PACCESS_MASK; GenericMapping: PGENERIC_MAPPING); stdcall; external ntdll name 'RtlMapGenericMask';

2662

function RtlMergeRangeLists(MergedRangeList: PRTL_RANGE_LIST; RangeList1, RangeList2: PRTL_RANGE_LIST; Flags: ULONG): NTSTATUS; stdcall; external ntdll name 'RtlMergeRangeLists';

2663

procedure RtlMoveMemory(Destination, Source: LPVOID; Length: SIZE_T); stdcall; external ntdll name 'RtlMoveMemory';

2664

function RtlNumberOfClearBits(BitMapHeader: PRTL_BITMAP): ULONG; stdcall; external ntdll name 'RtlNumberOfClearBits';

2665

function RtlNumberOfSetBits(BitMapHeader: PRTL_BITMAP): ULONG; stdcall; external ntdll name 'RtlNumberOfSetBits';

2666

function RtlPrefixUnicodeString(String1, String2: PUNICODE_STRING; CaseInSensitive: ByteBool): ByteBool; stdcall; external ntdll name 'RtlPrefixUnicodeString';

2667

function RtlQueryRegistryValues(RelativeTo: ULONG; Path: LPCWSTR; QueryTable: PRTL_QUERY_REGISTRY_TABLE; Context, Environment: PVOID): NTSTATUS; stdcall; external ntdll name 'RtlQueryRegistryValues';

2668

procedure RtlSetAllBits(BitMapHeader: PRTL_BITMAP); stdcall; external ntdll name 'RtlSetAllBits';

2669

procedure RtlSetBits(BitMapHeader: PRTL_BITMAP; StartingIndex, NumberToSet: ULONG); stdcall; external ntdll name 'RtlSetBits';

2670

function RtlSetDaclSecurityDescriptor(SecurityDescriptor: PSECURITY_DESCRIPTOR; DaclPresent: ByteBool; Dacl: PACL; DaclDefaulted: ByteBool): NTSTATUS; stdcall; external ntdll name 'RtlSetDaclSecurityDescriptor';

2671

function RtlStringFromGUID(Guid: REFGUID; GuidString: PUNICODE_STRING): NTSTATUS; stdcall; external ntdll name 'RtlStringFromGUID';

2672

function RtlTimeFieldsToTime(TimeFields: PTIME_FIELDS; Time: PLARGE_INTEGER): ByteBool; stdcall; external ntdll name 'RtlTimeFieldsToTime';

2673

procedure RtlTimeToTimeFields(Time: PLARGE_INTEGER; TimeFields: PTIME_FIELDS); stdcall; external ntdll name 'RtlTimeToTimeFields';

2674

function RtlUnicodeStringToAnsiString(DestinationString: PANSI_STRING; SourceString: PUNICODE_STRING; AllocateDestinationString: ByteBool): NTSTATUS; stdcall; external ntdll name 'RtlUnicodeStringToAnsiString';

2675

function RtlUnicodeStringToInteger(Str: PUNICODE_STRING; Base: ULONG; Value: PULONG): NTSTATUS; stdcall; external ntdll name 'RtlUnicodeStringToInteger';

2676

function RtlUpcaseUnicodeChar(SourceCharacter: WCHAR): WCHAR; stdcall; external ntdll name 'RtlUpcaseUnicodeChar';

2677

function RtlUpcaseUnicodeString(DestinationString: PUNICODE_STRING; SourceString: PCUNICODE_STRING; AllocateDestinationString: ByteBool): NTSTATUS; stdcall; external ntdll name 'RtlUpcaseUnicodeString';

2678

function RtlUpperChar(Character: CHAR): CHAR; stdcall; external ntdll name 'RtlUpperChar';

2679

procedure RtlUpperString(DestinationString, SourceString: PSTRING); stdcall; external ntdll name 'RtlUpperString';

2680

function RtlValidRelativeSecurityDescriptor(SecurityDescriptorInput: PSECURITY_DESCRIPTOR; SecurityDescriptorLength: ULONG; RequiredInformation: SECURITY_INFORMATION): ByteBool; stdcall; external ntdll name 'RtlValidRelativeSecurityDescriptor';

2681

function RtlValidSecurityDescriptor(SecurityDescriptor: PSECURITY_DESCRIPTOR): ByteBool; stdcall; external ntdll name 'RtlValidSecurityDescriptor';

2682

function RtlVerifyVersionInfo(VersionInfo: PRTL_OSVERSIONINFOEXW; TypeMask: ULONG; ConditionMask: ULONGLONG): NTSTATUS; stdcall; external ntdll name 'RtlVerifyVersionInfo';

2683

function RtlWriteRegistryValue(RelativeTo: ULONG; Path: LPCWSTR; ValueName: LPCWSTR; ValueType: ULONG; ValueData: PVOID; ValueLength: ULONG): NTSTATUS; stdcall; external ntdll name 'RtlWriteRegistryValue';

2684

procedure RtlZeroMemory(Destination: LPVOID; Length: SIZE_T); stdcall; external ntdll name 'RtlZeroMemory';

2685

function RtlxAnsiStringToUnicodeSize(AnsiString: PANSI_STRING): ULONG; stdcall; external ntdll name 'RtlxAnsiStringToUnicodeSize';

2686

2687

implementation

2688

2689

2690

{ some 300 other RTL functions exported from ntdll but for which i don't have

2691

a prototype yet. also interesting is ntoskrnl.exe

2692

RtlAbortRXact

2693

RtlAbsoluteToSelfRelativeSD

2694

RtlAcquirePebLock

2695

RtlAcquireResourceExclusive

2696

RtlAcquireResourceShared

2697

RtlAddAccessAllowedAce

2698

RtlAddAccessAllowedAceEx

2699

RtlAddAccessAllowedObjectAce

2700

RtlAddAccessDeniedAce

2701

RtlAddAccessDeniedAceEx

2702

RtlAddAccessDeniedObjectAce

2703

RtlAddAce

2704

RtlAddActionToRXact

2705

RtlAddAtomToAtomTable

2706

RtlAddAttributeActionToRXact

2707

RtlAddAuditAccessAce

2708

RtlAddAuditAccessAceEx

2709

RtlAddAuditAccessObjectAce

2710

RtlAddCompoundAce

2711

RtlAdjustPrivilege

2712

RtlAllocateAndInitializeSid

2713

RtlAllocateHandle

2714

RtlAllocateHeap

2715

RtlAnsiCharToUnicodeChar

2716

RtlAnsiStringToUnicodeSize

2717

RtlAppendAsciizToString

2718

RtlAppendStringToString

2719

RtlApplyRXact

2720

RtlApplyRXactNoFlush

2721

RtlAreAllAccessesGranted

2722

RtlAreAnyAccessesGranted

2723

RtlCallbackLpcClient

2724

RtlCancelTimer

2725

RtlCaptureStackBackTrace

2726

RtlCheckForOrphanedCriticalSections

2727

RtlCompactHeap

2728

RtlCompareMemoryUlong

2729

RtlCompressBuffer

2730

RtlConsoleMultiByteToUnicodeN

2731

RtlConvertExclusiveToShared

2732

RtlConvertPropertyToVariant

2733

RtlConvertSharedToExclusive

2734

RtlConvertSidToUnicodeString

2735

RtlConvertToAutoInheritSecurityObject

2736

RtlConvertUiListToApiList

2737

RtlConvertVariantToProperty

2738

RtlCopyLuid

2739

RtlCopyLuidAndAttributesArray

2740

RtlCopySecurityDescriptor

2741

RtlCopySid

2742

RtlCopySidAndAttributesArray

2743

RtlCreateAcl

2744

RtlCreateAndSetSD

2745

RtlCreateAtomTable

2746

RtlCreateEnvironment

2747

RtlCreateHeap

2748

RtlCreateLpcServer

2749

RtlCreateProcessParameters

2750

RtlCreateQueryDebugBuffer

2751

RtlCreateTagHeap

2752

RtlCreateTimer

2753

RtlCreateTimerQueue

2754

RtlCreateUnicodeString

2755

RtlCreateUnicodeStringFromAsciiz

2756

RtlCreateUserProcess

2757

RtlCreateUserSecurityObject

2758

RtlCreateUserThread

2759

RtlCustomCPToUnicodeN

2760

RtlCutoverTimeToSystemTime

2761

RtlDeNormalizeProcessParams

2762

RtlDebugPrintTimes

2763

RtlDecompressBuffer

2764

RtlDecompressFragment

2765

RtlDefaultNpAcl

2766

RtlDelete

2767

RtlDeleteAce

2768

RtlDeleteAtomFromAtomTable

2769

RtlDeleteCriticalSection

2770

RtlDeleteElementGenericTable

2771

RtlDeleteNoSplay

2772

RtlDeleteResource

2773

RtlDeleteSecurityObject

2774

RtlDeleteTimer

2775

RtlDeleteTimerQueue

2776

RtlDeleteTimerQueueEx

2777

RtlDeregisterWait

2778

RtlDeregisterWaitEx

2779

RtlDestroyAtomTable

2780

RtlDestroyEnvironment

2781

RtlDestroyHandleTable

2782

RtlDestroyHeap

2783

RtlDestroyProcessParameters

2784

RtlDestroyQueryDebugBuffer

2785

RtlDetermineDosPathNameType_U

2786

RtlDnsHostNameToComputerName

2787

RtlDoesFileExists_U

2788

RtlDosPathNameToNtPathName_U

2789

RtlDosSearchPath_U

2790

RtlDowncaseUnicodeString

2791

RtlDumpResource

2792

RtlEmptyAtomTable

2793

RtlEnableEarlyCriticalSectionEventCreation

2794

RtlEnlargedIntegerMultiply

2795

RtlEnlargedUnsignedDivide

2796

RtlEnlargedUnsignedMultiply

2797

RtlEnterCriticalSection

2798

RtlEnumProcessHeaps

2799

RtlEnumerateGenericTable

2800

RtlEnumerateGenericTableWithoutSplaying

2801

RtlEqualComputerName

2802

RtlEqualDomainName

2803

RtlEqualLuid

2804

RtlEqualPrefixSid

2805

RtlEqualSid

2806

RtlEraseUnicodeString

2807

RtlExpandEnvironmentStrings_U

2808

RtlExtendHeap

2809

RtlFillMemoryUlong

2810

RtlFindMessage

2811

RtlFirstFreeAce

2812

RtlFormatCurrentUserKeyPath

2813

RtlFormatMessage

2814

RtlFreeHandle

2815

RtlFreeHeap

2816

RtlFreeOemString

2817

RtlFreeSid

2818

RtlFreeUserThreadStack

2819

RtlGenerate8dot3Name

2820

RtlGetAce

2821

RtlGetCompressionWorkSpaceSize

2822

RtlGetControlSecurityDescriptor

2823

RtlGetCurrentDirectory_U

2824

RtlGetDaclSecurityDescriptor

2825

RtlGetElementGenericTable

2826

RtlGetFullPathName_U

2827

RtlGetGroupSecurityDescriptor

2828

RtlGetLongestNtPathLength

2829

RtlGetNtGlobalFlags

2830

RtlGetNtProductType

2831

RtlGetOwnerSecurityDescriptor

2832

RtlGetProcessHeaps

2833

RtlGetSaclSecurityDescriptor

2834

RtlGetSecurityDescriptorRMControl

2835

RtlGetUserInfoHeap

2836

RtlIdentifierAuthoritySid

2837

RtlImageDirectoryEntryToData

2838

RtlImageNtHeader

2839

RtlImageRvaToSection

2840

RtlImageRvaToVa

2841

RtlImpersonateLpcClient

2842

RtlImpersonateSelf

2843

RtlInitCodePageTable

2844

RtlInitNlsTables

2845

RtlInitializeAtomPackage

2846

RtlInitializeContext

2847

RtlInitializeCriticalSection

2848

RtlInitializeCriticalSectionAndSpinCount

2849

RtlInitializeGenericTable

2850

RtlInitializeHandleTable

2851

RtlInitializeRXact

2852

RtlInitializeResource

2853

RtlInitializeSid

2854

RtlInsertElementGenericTable

2855

RtlIntegerToChar

2856

RtlIsDosDeviceName_U

2857

RtlIsGenericTableEmpty

2858

RtlIsNameLegalDOS8Dot3

2859

RtlIsTextUnicode

2860

RtlIsValidHandle

2861

RtlIsValidIndexHandle

2862

RtlLargeIntegerAdd

2863

RtlLargeIntegerNegate

2864

RtlLargeIntegerSubtract

2865

RtlLargeIntegerToChar

2866

RtlLeaveCriticalSection

2867

RtlLengthRequiredSid

2868

RtlLengthSid

2869

RtlLocalTimeToSystemTime

2870

RtlLockHeap

2871

RtlLookupAtomInAtomTable

2872

RtlLookupElementGenericTable

2873

RtlMakeSelfRelativeSD

2874

RtlMultiByteToUnicodeN

2875

RtlMultiByteToUnicodeSize

2876

RtlNewInstanceSecurityObject

2877

RtlNewSecurityGrantedAccess

2878

RtlNewSecurityObject

2879

RtlNewSecurityObjectEx

2880

RtlNormalizeProcessParams

2881

RtlNtStatusToDosError

2882

RtlNumberGenericTableElements

2883

RtlOemStringToUnicodeSize

2884

RtlOemStringToUnicodeString

2885

RtlOemToUnicodeN

2886

RtlOpenCurrentUser

2887

RtlPcToFileHeader

2888

RtlPinAtomInAtomTable

2889

RtlPrefixString

2890

RtlProtectHeap

2891

RtlQueryAtomInAtomTable

2892

RtlQueryEnvironmentVariable_U

2893

RtlQueryInformationAcl

2894

RtlQueryProcessBackTraceInformation

2895

RtlQueryProcessDebugInformation

2896

RtlQueryProcessHeapInformation

2897

RtlQueryProcessLockInformation

2898

RtlQuerySecurityObject

2899

RtlQueryTagHeap

2900

RtlQueryTimeZoneInformation

2901

RtlQueueWorkItem

2902

RtlRaiseException

2903

RtlRaiseStatus

2904

RtlRandom

2905

RtlReAllocateHeap

2906

RtlRealPredecessor

2907

RtlRealSuccessor

2908

RtlRegisterWait

2909

RtlReleasePebLock

2910

RtlReleaseResource

2911

RtlRemoteCall

2912

RtlResetRtlTranslations

2913

RtlRunDecodeUnicodeString

2914

RtlRunEncodeUnicodeString

2915

RtlSecondsSince1970ToTime

2916

RtlSecondsSince1980ToTime

2917

RtlSelfRelativeToAbsoluteSD

2918

RtlSelfRelativeToAbsoluteSD2

2919

RtlSetAttributesSecurityDescriptor

2920

RtlSetControlSecurityDescriptor

2921

RtlSetCriticalSectionSpinCount

2922

RtlSetCurrentDirectory_U

2923

RtlSetCurrentEnvironment

2924

RtlSetEnvironmentVariable

2925

RtlSetGroupSecurityDescriptor

2926

RtlSetInformationAcl

2927

RtlSetIoCompletionCallback

2928

RtlSetOwnerSecurityDescriptor

2929

RtlSetSaclSecurityDescriptor

2930

RtlSetSecurityDescriptorRMControl

2931

RtlSetSecurityObject

2932

RtlSetSecurityObjectEx

2933

RtlSetThreadPoolStartFunc

2934

RtlSetTimeZoneInformation

2935

RtlSetTimer

2936

RtlSetUnicodeCallouts

2937

RtlSetUserFlagsHeap

2938

RtlSetUserValueHeap

2939

RtlShutdownLpcServer

2940

RtlSizeHeap

2941

RtlSplay

2942

RtlStartRXact

2943

RtlSubAuthorityCountSid

2944

RtlSubAuthoritySid

2945

RtlSubtreePredecessor

2946

RtlSubtreeSuccessor

2947

RtlSystemTimeToLocalTime

2948

RtlTimeToElapsedTimeFields

2949

RtlTimeToSecondsSince1970

2950

RtlTimeToSecondsSince1980

2951

RtlTryEnterCriticalSection

2952

//ULONG FASTCALL RtlUlongByteSwap(IN ULONG Source);

2953

//ULONGLONG FASTCALL RtlUlonglongByteSwap(IN ULONGLONG Source);

2954

RtlUnicodeStringToAnsiSize

2955

RtlUnicodeStringToCountedOemString

2956

RtlUnicodeStringToOemSize

2957

RtlUnicodeStringToOemString

2958

RtlUnicodeToCustomCPN

2959

RtlUnicodeToMultiByteN

2960

RtlUnicodeToMultiByteSize

2961

RtlUnicodeToOemN

2962

RtlUniform

2963

RtlUnlockHeap

2964

RtlUnwind

2965

RtlUpcaseUnicodeStringToAnsiString

2966

RtlUpcaseUnicodeStringToCountedOemString

2967

RtlUpcaseUnicodeStringToOemString

2968

RtlUpcaseUnicodeToCustomCPN

2969

RtlUpcaseUnicodeToMultiByteN

2970

RtlUpcaseUnicodeToOemN

2971

RtlUpdateTimer

2972

RtlUsageHeap

2973

//USHORT FASTCALL RtlUshortByteSwap(IN USHORT Source);

2974

RtlValidAcl

2975

RtlValidSid

2976

RtlValidateHeap

2977

RtlValidateProcessHeaps

2978

RtlWalkFrameChain

2979

RtlWalkHeap

2980

RtlZeroHeap

2981

RtlpNtCreateKey

2982

RtlpNtEnumerateSubKey

2983

RtlpNtMakeTemporaryKey

2984

RtlpNtOpenKey

2985

RtlpNtQueryValueKey

2986

RtlpNtSetValueKey

2987

RtlpUnWaitCriticalSection

2988

RtlpWaitForCriticalSection

2989

RtlxOemStringToUnicodeSize

2990

RtlxUnicodeStringToAnsiSize

2991

RtlxUnicodeStringToOemSize

2992

}

2993

end.

Older »