📄 ntapi.h
字号:
NTSTATUS
NTAPI
ZwReadVirtualMemory(
/*IN*/ HANDLE ProcessHandle,
/*IN*/ PVOID BaseAddress,
/*OUT*/ PVOID Buffer,
/*IN*/ ULONG BufferLength,
/*OUT*/ PULONG ReturnLength /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
ZwWriteVirtualMemory(
/*IN*/ HANDLE ProcessHandle,
/*IN*/ PVOID BaseAddress,
/*IN*/ PVOID Buffer,
/*IN*/ ULONG BufferLength,
/*OUT*/ PULONG ReturnLength /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
ZwProtectVirtualMemory(
/*IN*/ HANDLE ProcessHandle,
/*IN OUT*/ PVOID *BaseAddress,
/*IN OUT*/ PULONG ProtectSize,
/*IN*/ ULONG NewProtect,
/*OUT*/ PULONG OldProtect);
NTOSAPI
NTSTATUS
NTAPI
ZwFlushVirtualMemory(
/*IN*/ HANDLE ProcessHandle,
/*IN OUT*/ PVOID *BaseAddress,
/*IN OUT*/ PULONG FlushSize,
/*OUT*/ PIO_STATUS_BLOCK IoStatusBlock);
NTOSAPI
NTSTATUS
NTAPI
ZwAllocateUserPhysicalPages(
/*IN*/ HANDLE ProcessHandle,
/*IN*/ PULONG NumberOfPages,
/*OUT*/ PULONG PageFrameNumbers);
NTOSAPI
NTSTATUS
NTAPI
ZwFreeUserPhysicalPages(
/*IN*/ HANDLE ProcessHandle,
/*IN OUT*/ PULONG NumberOfPages,
/*IN*/ PULONG PageFrameNumbers);
NTOSAPI
NTSTATUS
NTAPI
ZwMapUserPhysicalPages(
/*IN*/ PVOID BaseAddress,
/*IN*/ PULONG NumberOfPages,
/*IN*/ PULONG PageFrameNumbers);
NTOSAPI
NTSTATUS
NTAPI
ZwMapUserPhysicalPagesScatter(
/*IN*/ PVOID *BaseAddresses,
/*IN*/ PULONG NumberOfPages,
/*IN*/ PULONG PageFrameNumbers);
NTOSAPI
NTSTATUS
NTAPI
ZwGetWriteWatch(
/*IN*/ HANDLE ProcessHandle,
/*IN*/ ULONG Flags,
/*IN*/ PVOID BaseAddress,
/*IN*/ ULONG RegionSize,
/*OUT*/ PULONG Buffer,
/*IN OUT*/ PULONG BufferEntries,
/*OUT*/ PULONG Granularity);
NTOSAPI
NTSTATUS
NTAPI
ZwResetWriteWatch(
/*IN*/ HANDLE ProcessHandle,
/*IN*/ PVOID BaseAddress,
/*IN*/ ULONG RegionSize);
/* Sections */
typedef enum _SECTION_INFORMATION_CLASS {
SectionBasicInformation,
SectionImageInformation
} SECTION_INFORMATION_CLASS;
NTOSAPI
NTSTATUS
NTAPI
NtCreateSection(
/*OUT*/ PHANDLE SectionHandle,
/*IN*/ ACCESS_MASK DesiredAccess,
/*IN*/ POBJECT_ATTRIBUTES ObjectAttributes,
/*IN*/ PLARGE_INTEGER SectionSize /*OPTIONAL*/,
/*IN*/ ULONG Protect,
/*IN*/ ULONG Attributes,
/*IN*/ HANDLE FileHandle);
NTOSAPI
NTSTATUS
NTAPI
ZwCreateSection(
/*OUT*/ PHANDLE SectionHandle,
/*IN*/ ACCESS_MASK DesiredAccess,
/*IN*/ POBJECT_ATTRIBUTES ObjectAttributes,
/*IN*/ PLARGE_INTEGER SectionSize /*OPTIONAL*/,
/*IN*/ ULONG Protect,
/*IN*/ ULONG Attributes,
/*IN*/ HANDLE FileHandle);
NTOSAPI
NTSTATUS
NTAPI
ZwQuerySection(
/*IN*/ HANDLE SectionHandle,
/*IN*/ SECTION_INFORMATION_CLASS SectionInformationClass,
/*OUT*/ PVOID SectionInformation,
/*IN*/ ULONG SectionInformationLength,
/*OUT*/ PULONG ResultLength /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
ZwExtendSection(
/*IN*/ HANDLE SectionHandle,
/*IN*/ PLARGE_INTEGER SectionSize);
NTOSAPI
NTSTATUS
NTAPI
ZwAreMappedFilesTheSame(
/*IN*/ PVOID Address1,
/*IN*/ PVOID Address2);
/* Threads */
typedef struct _USER_STACK {
PVOID FixedStackBase;
PVOID FixedStackLimit;
PVOID ExpandableStackBase;
PVOID ExpandableStackLimit;
PVOID ExpandableStackBottom;
} USER_STACK, *PUSER_STACK;
NTOSAPI
NTSTATUS
NTAPI
ZwCreateThread(
/*OUT*/ PHANDLE ThreadHandle,
/*IN*/ ACCESS_MASK DesiredAccess,
/*IN*/ POBJECT_ATTRIBUTES ObjectAttributes,
/*IN*/ HANDLE ProcessHandle,
/*OUT*/ PCLIENT_ID ClientId,
/*IN*/ PCONTEXT ThreadContext,
/*IN*/ PUSER_STACK UserStack,
/*IN*/ BOOLEAN CreateSuspended);
NTOSAPI
NTSTATUS
NTAPI
NtOpenThread(
/*OUT*/ PHANDLE ThreadHandle,
/*IN*/ ACCESS_MASK DesiredAccess,
/*IN*/ POBJECT_ATTRIBUTES ObjectAttributes,
/*IN*/ PCLIENT_ID ClientId);
NTOSAPI
NTSTATUS
NTAPI
ZwOpenThread(
/*OUT*/ PHANDLE ThreadHandle,
/*IN*/ ACCESS_MASK DesiredAccess,
/*IN*/ POBJECT_ATTRIBUTES ObjectAttributes,
/*IN*/ PCLIENT_ID ClientId);
NTOSAPI
NTSTATUS
NTAPI
ZwTerminateThread(
/*IN*/ HANDLE ThreadHandle /*OPTIONAL*/,
/*IN*/ NTSTATUS ExitStatus);
NTOSAPI
NTSTATUS
NTAPI
NtQueryInformationThread(
/*IN*/ HANDLE ThreadHandle,
/*IN*/ THREADINFOCLASS ThreadInformationClass,
/*OUT*/ PVOID ThreadInformation,
/*IN*/ ULONG ThreadInformationLength,
/*OUT*/ PULONG ReturnLength /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
ZwQueryInformationThread(
/*IN*/ HANDLE ThreadHandle,
/*IN*/ THREADINFOCLASS ThreadInformationClass,
/*OUT*/ PVOID ThreadInformation,
/*IN*/ ULONG ThreadInformationLength,
/*OUT*/ PULONG ReturnLength /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
NtSetInformationThread(
/*IN*/ HANDLE ThreadHandle,
/*IN*/ THREADINFOCLASS ThreadInformationClass,
/*IN*/ PVOID ThreadInformation,
/*IN*/ ULONG ThreadInformationLength);
typedef struct _THREAD_BASIC_INFORMATION {
NTSTATUS ExitStatus;
PNT_TIB TebBaseAddress;
CLIENT_ID ClientId;
KAFFINITY AffinityMask;
KPRIORITY Priority;
KPRIORITY BasePriority;
} THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION;
typedef struct _KERNEL_USER_TIMES {
LARGE_INTEGER CreateTime;
LARGE_INTEGER ExitTime;
LARGE_INTEGER KernelTime;
LARGE_INTEGER UserTime;
} KERNEL_USER_TIMES, *PKERNEL_USER_TIMES;
NTOSAPI
NTSTATUS
NTAPI
ZwSuspendThread(
/*IN*/ HANDLE ThreadHandle,
/*OUT*/ PULONG PreviousSuspendCount /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
ZwResumeThread(
/*IN*/ HANDLE ThreadHandle,
/*OUT*/ PULONG PreviousSuspendCount /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
ZwGetContextThread(
/*IN*/ HANDLE ThreadHandle,
/*OUT*/ PCONTEXT Context);
NTOSAPI
NTSTATUS
NTAPI
ZwSetContextThread(
/*IN*/ HANDLE ThreadHandle,
/*IN*/ PCONTEXT Context);
NTOSAPI
NTSTATUS
NTAPI
ZwQueueApcThread(
/*IN*/ HANDLE ThreadHandle,
/*IN*/ PKNORMAL_ROUTINE ApcRoutine,
/*IN*/ PVOID ApcContext /*OPTIONAL*/,
/*IN*/ PVOID Argument1 /*OPTIONAL*/,
/*IN*/ PVOID Argument2 /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
ZwTestAlert(
VOID);
NTOSAPI
NTSTATUS
NTAPI
ZwAlertThread(
/*IN*/ HANDLE ThreadHandle);
NTOSAPI
NTSTATUS
NTAPI
ZwAlertResumeThread(
/*IN*/ HANDLE ThreadHandle,
/*OUT*/ PULONG PreviousSuspendCount /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
ZwRegisterThreadTerminatePort(
/*IN*/ HANDLE PortHandle);
NTOSAPI
NTSTATUS
NTAPI
ZwImpersonateThread(
/*IN*/ HANDLE ThreadHandle,
/*IN*/ HANDLE TargetThreadHandle,
/*IN*/ PSECURITY_QUALITY_OF_SERVICE SecurityQos);
NTOSAPI
NTSTATUS
NTAPI
ZwImpersonateAnonymousToken(
/*IN*/ HANDLE ThreadHandle);
/* Processes */
NTOSAPI
NTSTATUS
NTAPI
ZwCreateProcess(
/*OUT*/ PHANDLE ProcessHandle,
/*IN*/ ACCESS_MASK DesiredAccess,
/*IN*/ POBJECT_ATTRIBUTES ObjectAttributes,
/*IN*/ HANDLE InheritFromProcessHandle,
/*IN*/ BOOLEAN InheritHandles,
/*IN*/ HANDLE SectionHandle /*OPTIONAL*/,
/*IN*/ HANDLE DebugPort /*OPTIONAL*/,
/*IN*/ HANDLE ExceptionPort /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
ZwCreateProcess(
/*OUT*/ PHANDLE ProcessHandle,
/*IN*/ ACCESS_MASK DesiredAccess,
/*IN*/ POBJECT_ATTRIBUTES ObjectAttributes,
/*IN*/ HANDLE InheritFromProcessHandle,
/*IN*/ BOOLEAN InheritHandles,
/*IN*/ HANDLE SectionHandle /*OPTIONAL*/,
/*IN*/ HANDLE DebugPort /*OPTIONAL*/,
/*IN*/ HANDLE ExceptionPort /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
ZwTerminateProcess(
/*IN*/ HANDLE ProcessHandle /*OPTIONAL*/,
/*IN*/ NTSTATUS ExitStatus);
NTOSAPI
NTSTATUS
NTAPI
ZwQueryInformationProcess(
/*IN*/ HANDLE ProcessHandle,
/*IN*/ PROCESSINFOCLASS ProcessInformationClass,
/*OUT*/ PVOID ProcessInformation,
/*IN*/ ULONG ProcessInformationLength,
/*OUT*/ PULONG ReturnLength /*OPTIONAL*/);
NTOSAPI
NTSTATUS
NTAPI
NtSetInformationProcess(
/*IN*/ HANDLE ProcessHandle,
/*IN*/ PROCESSINFOCLASS ProcessInformationClass,
/*IN*/ PVOID ProcessInformation,
/*IN*/ ULONG ProcessInformationLength);
NTOSAPI
NTSTATUS
NTAPI
ZwSetInformationProcess(
/*IN*/ HANDLE ProcessHandle,
/*IN*/ PROCESSINFOCLASS ProcessInformationClass,
/*IN*/ PVOID ProcessInformation,
/*IN*/ ULONG ProcessInformationLength);
typedef struct _PROCESS_BASIC_INFORMATION {
NTSTATUS ExitStatus;
PPEB PebBaseAddress;
KAFFINITY AffinityMask;
KPRIORITY BasePriority;
ULONG UniqueProcessId;
ULONG InheritedFromUniqueProcessId;
} PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION;
typedef struct _PROCESS_ACCESS_TOKEN {
HANDLE Token;
HANDLE Thread;
} PROCESS_ACCESS_TOKEN, *PPROCESS_ACCESS_TOKEN;
/* DefaultHardErrorMode constants */
/* also in winbase.h */
#define SEM_FAILCRITICALERRORS 0x0001
#define SEM_NOGPFAULTERRORBOX 0x0002
#define SEM_NOALIGNMENTFAULTEXCEPT 0x0004
#define SEM_NOOPENFILEERRORBOX 0x8000
/* end winbase.h */
typedef struct _POOLED_USAGE_AND_LIMITS {
ULONG PeakPagedPoolUsage;
ULONG PagedPoolUsage;
ULONG PagedPoolLimit;
ULONG PeakNonPagedPoolUsage;
ULONG NonPagedPoolUsage;
ULONG NonPagedPoolLimit;
ULONG PeakPagefileUsage;
ULONG PagefileUsage;
ULONG PagefileLimit;
} POOLED_USAGE_AND_LIMITS, *PPOOLED_USAGE_AND_LIMITS;
typedef struct _PROCESS_WS_WATCH_INFORMATION {
PVOID FaultingPc;
PVOID FaultingVa;
} PROCESS_WS_WATCH_INFORMATION, *PPROCESS_WS_WATCH_INFORMATION;
/* PROCESS_PRIORITY_CLASS.PriorityClass constants */
#define PC_IDLE 1
#define PC_NORMAL 2
#define PC_HIGH 3
#define PC_REALTIME 4
#define PC_BELOW_NORMAL 5
#define PC_ABOVE_NORMAL 6
typedef struct _PROCESS_PRIORITY_CLASS {
BOOLEAN Foreground;
UCHAR PriorityClass;
} PROCESS_PRIORITY_CLASS, *PPROCESS_PRIORITY_CLASS;
/* PROCESS_DEVICEMAP_INFORMATION.DriveType constants */
#define DRIVE_UNKNOWN 0
#define DRIVE_NO_ROOT_DIR 1
#define DRIVE_REMOVABLE 2
#define DRIVE_FIXED 3
#define DRIVE_REMOTE 4
#define DRIVE_CDROM 5
#define DRIVE_RAMDISK 6
typedef struct _PROCESS_DEVICEMAP_INFORMATION {
_ANONYMOUS_UNION union {
struct {
HANDLE DirectoryHandle;
} Set;
struct {
ULONG DriveMap;
UCHAR DriveType[32];
} Query;
} DUMMYUNIONNAME;
} PROCESS_DEVICEMAP_INFORMATION, *PPROCESS_DEVICEMAP_INFORMATION;
typedef struct _PROCESS_SESSION_INFORMATION {
ULONG SessionId;
} PROCESS_SESSION_INFORMATION, *PPROCESS_SESSION_INFORMATION;
typedef struct _RTL_USER_PROCESS_PARAMETERS {
ULONG AllocationSize;
ULONG Size;
ULONG Flags;
ULONG DebugFlags;
HANDLE hConsole;
ULONG ProcessGroup;
HANDLE hStdInput;
HANDLE hStdOutput;
HANDLE hStdError;
UNICODE_STRING CurrentDirectoryName;
HANDLE CurrentDirectoryHandle;
UNICODE_STRING DllPath;
UNICODE_STRING ImagePathName;
UNICODE_STRING CommandLine;
PWSTR Environment;
ULONG dwX;
ULONG dwY;
ULONG dwXSize;
ULONG dwYSize;
ULONG dwXCountChars;
ULONG dwYCountChars;
ULONG dwFillAttribute;
ULONG dwFlags;
ULONG wShowWindow;
UNICODE_STRING WindowTitle;
UNICODE_STRING DesktopInfo;
UNICODE_STRING ShellInfo;
UNICODE_STRING RuntimeInfo;
} RTL_USER_PROCESS_PARAMETERS, *PRTL_USER_PROCESS_PARAMETERS;
NTSTATUS
NTAPI
RtlCreateProcessParameters(
/*OUT*/ PRTL_USER_PROCESS_PARAMETERS *ProcessParameters,
/*IN*/ PUNICODE_STRING ImageFile,
/*IN*/ PUNICODE_STRING DllPath /*OPTIONAL*/,
/*IN*/ PUNICODE_STRING CurrentDirectory /*OPTIONAL*/,
/*IN*/ PUNICODE_STRING CommandLine /*OPTIONAL*/,
/*IN*/ PWSTR Environment /*OPTIONAL*/,
/*IN*/ PUNICODE_STRING WindowTitle /*OPTIONAL*/,
/*IN*/ PUNICODE_STRING DesktopInfo /*OPTIONAL*/,
/*IN*/ PUNICODE_STRING ShellInfo /*OPTIONAL*/,
/*IN*/ PUNICODE_STRING RuntimeInfo /*OPTIONAL*/);
NTSTATUS
NTAPI
RtlDestroyProcessParameters(
/*IN*/ PRTL_USER_PROCESS_PARAMETERS ProcessParameters);
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -