📄 w2k_call.c
字号:
4, BaseAddress);
return pa;
}
// -----------------------------------------------------------------
PVOID WINAPI
_MmGetSystemRoutineAddress (PWORD SystemRoutineName)
{
return w2kCallP (NULL, "MmGetSystemRoutineAddress", FALSE,
4, SystemRoutineName);
}
// -----------------------------------------------------------------
PVOID WINAPI
_MmGetVirtualForPhysical (PHYSICAL_ADDRESS PhysicalAddress)
{
return w2kCallP (NULL, "MmGetVirtualForPhysical", FALSE,
8, PhysicalAddress);
}
// -----------------------------------------------------------------
PVOID WINAPI
_MmHighestUserAddress (VOID)
{
return w2kCopyP (NULL, "MmHighestUserAddress");
}
// -----------------------------------------------------------------
BOOLEAN WINAPI
_MmIsAddressValid (PVOID VirtualAddress)
{
return w2kCall08 (FALSE, "MmIsAddressValid", FALSE,
4, VirtualAddress);
}
// -----------------------------------------------------------------
PVOID WINAPI
_MmSystemRangeStart (VOID)
{
return w2kCopyP (NULL, "MmSystemRangeStart");
}
// -----------------------------------------------------------------
PVOID WINAPI
_MmUserProbeAddress (VOID)
{
return w2kCopyP (NULL, "MmUserProbeAddress");
}
// =================================================================
// NATIONAL LANGUAGE SUPPORT
// =================================================================
WORD WINAPI
_NlsAnsiCodePage (VOID)
{
return w2kCopy16 (0, "NlsAnsiCodePage");
}
// -----------------------------------------------------------------
BOOLEAN WINAPI
_NlsMbCodePageTag (VOID)
{
return w2kCopy08 (FALSE, "NlsMbCodePageTag");
}
// -----------------------------------------------------------------
BOOLEAN WINAPI
_NlsMbOemCodePageTag (VOID)
{
return w2kCopy08 (FALSE, "NlsMbOemCodePageTag");
}
// -----------------------------------------------------------------
WORD WINAPI
_NlsOemCodePage (VOID)
{
return w2kCopy16 (0, "NlsOemCodePage");
}
// =================================================================
// NATIVE API
// =================================================================
WORD WINAPI
_NtBuildNumber (VOID)
{
return w2kCopy16 (0, "NtBuildNumber");
}
// -----------------------------------------------------------------
NTSTATUS WINAPI
_NtClose (HANDLE Handle)
{
return w2kCallNT ("NtClose",
4, Handle);
}
// -----------------------------------------------------------------
DWORD WINAPI
_NtGlobalFlag (VOID)
{
return w2kCopy32 (0, "NtGlobalFlag");
}
// =================================================================
// OBJECT MANAGER
// =================================================================
VOID WINAPI
_ObDereferenceObject (POBJECT Object)
{
w2kCallV (NULL, "ObDereferenceObject", FALSE,
4, Object);
return;
}
// -----------------------------------------------------------------
NTSTATUS WINAPI
_ObOpenObjectByPointer (POBJECT Object,
DWORD HandleAttributes,
/* optional */ PACCESS_STATE PassedAccessState,
ACCESS_MASK DesiredAccess,
POBJECT_TYPE ObjectType,
KPROCESSOR_MODE AccessMode,
PHANDLE Handle)
{
return w2kCallNT ("ObOpenObjectByPointer",
28, Object, HandleAttributes,
PassedAccessState, DesiredAccess,
ObjectType, AccessMode, Handle);
}
// -----------------------------------------------------------------
NTSTATUS WINAPI
_ObQueryNameString (POBJECT Object,
POBJECT_NAME_INFORMATION NameString,
/* bytes */ DWORD NameStringLength,
PDWORD ReturnLength)
{
return w2kCallNT ("ObQueryNameString",
16, Object, NameString, NameStringLength,
ReturnLength);
}
// -----------------------------------------------------------------
NTSTATUS WINAPI
__ObQueryTypeInfo (POBJECT_TYPE ObjectType,
POBJECT_TYPE_INFO TypeInfo,
/* bytes */ DWORD TypeInfoLength,
/* init to 0 */ PDWORD ReturnLength)
{
return w2kXCallNT ("ObQueryTypeInfo",
16, ObjectType, TypeInfo, TypeInfoLength,
ReturnLength);
}
// -----------------------------------------------------------------
NTSTATUS WINAPI
__ObQueryTypeName (POBJECT Object,
POBJECT_NAME_INFORMATION NameString,
/* bytes */ DWORD NameStringLength,
PDWORD ReturnLength)
{
return w2kXCallNT ("ObQueryTypeName",
16, Object, NameString, NameStringLength,
ReturnLength);
}
// -----------------------------------------------------------------
NTSTATUS WINAPI
_ObReferenceObjectByHandle
(HANDLE Handle,
ACCESS_MASK DesiredAccess,
/* optional */ POBJECT_TYPE ObjectType,
KPROCESSOR_MODE AccessMode,
PPOBJECT Object,
/* optional */ POBJECT_HANDLE_INFORMATION HandleInformation)
{
return w2kCallNT ("ObReferenceObjectByHandle",
24, Handle, DesiredAccess, ObjectType,
AccessMode, Object, HandleInformation);
}
// -----------------------------------------------------------------
NTSTATUS WINAPI
_ObReferenceObjectByPointer (POBJECT Object,
ACCESS_MASK DesiredAccess,
POBJECT_TYPE ObjectType,
KPROCESSOR_MODE AccessMode)
{
return w2kCallNT ("ObReferenceObjectByPointer",
16, Object, DesiredAccess, ObjectType,
AccessMode);
}
// -----------------------------------------------------------------
VOID WINAPI
_ObfDereferenceObject (POBJECT Object)
{
w2kCallV (NULL, "ObfDereferenceObject", TRUE,
4, Object);
return;
}
// -----------------------------------------------------------------
#define _ObReferenceObject(Object) _ObfReferenceObject(Object)
VOID WINAPI
_ObfReferenceObject (POBJECT Object)
{
w2kCallV (NULL, "ObfReferenceObject", TRUE,
4, Object);
return;
}
// -----------------------------------------------------------------
PHANDLE_TABLE WINAPI
__ObpKernelHandleTable (VOID)
{
return w2kXCopyP (NULL, "ObpKernelHandleTable");
}
// -----------------------------------------------------------------
PERESOURCE WINAPI
__ObpRootDirectoryMutex (VOID)
{
return w2kXCopyP (NULL, "ObpRootDirectoryMutex");
}
// -----------------------------------------------------------------
POBJECT_DIRECTORY WINAPI
__ObpRootDirectoryObject (VOID)
{
return w2kXCopyP (NULL, "ObpRootDirectoryObject");
}
// -----------------------------------------------------------------
POBJECT_DIRECTORY WINAPI
__ObpTypeDirectoryObject (VOID)
{
return w2kXCopyP (NULL, "ObpTypeDirectoryObject");
}
// =================================================================
// MEMORY PROBING
// =================================================================
DWORD WINAPI
_ProbeForRead (PVOID Address,
DWORD Length,
DWORD Alignment)
{
w2kCallV (NULL, "ProbeForRead", FALSE,
12, Address, Length, Alignment);
return GetLastError ();
};
// -----------------------------------------------------------------
DWORD WINAPI
_ProbeForWrite (PVOID Address,
DWORD Length,
DWORD Alignment)
{
w2kCallV (NULL, "ProbeForWrite", FALSE,
12, Address, Length, Alignment);
return GetLastError ();
};
// =================================================================
// PROCESS STRUCTURE
// =================================================================
HANDLE WINAPI
_PsGetCurrentProcessId (VOID)
{
return w2kCallP (0, "PsGetCurrentProcessId", FALSE, 0);
}
// -----------------------------------------------------------------
HANDLE WINAPI
_PsGetCurrentThreadId (VOID)
{
return w2kCallP (0, "PsGetCurrentThreadId", FALSE, 0);
}
// -----------------------------------------------------------------
LARGE_INTEGER WINAPI
_PsGetProcessExitTime (VOID)
{
LARGE_INTEGER li;
li.QuadPart = w2kCall64 (0, "PsGetProcessExitTime", FALSE, 0);
return li;
}
// -----------------------------------------------------------------
BOOLEAN WINAPI
_PsGetVersion (PDWORD MajorVersion,
PDWORD MinorVersion,
PDWORD BuildNumber,
PUNICODE_STRING CSDVersion)
{
return w2kCall08 (FALSE, "PsGetVersion", FALSE,
16, MajorVersion, MinorVersion,
BuildNumber, CSDVersion);
}
// -----------------------------------------------------------------
PEPROCESS WINAPI
_PsInitialSystemProcess (VOID)
{
return w2kCopyP (NULL, "PsInitialSystemProcess");
}
// -----------------------------------------------------------------
BOOLEAN WINAPI
_PsIsThreadTerminating (PETHREAD Thread)
{
return w2kCall08 (FALSE, "PsIsThreadTerminating", FALSE,
4, Thread);
}
// -----------------------------------------------------------------
NTSTATUS WINAPI
_PsLookupProcessByProcessId (HANDLE UniqueProcessId,
PPEPROCESS Process)
{
return w2kCallNT ("PsLookupProcessByProcessId",
8, UniqueProcessId, Process);
}
// -----------------------------------------------------------------
NTSTATUS WINAPI
_PsLookupProcessThreadByCid (PCLIENT_ID Cid,
/* optional */ PPEPROCESS Process,
PPETHREAD Thread)
{
return w2kCallNT ("PsLookupProcessThreadByCid",
12, Cid, Process, Thread);
}
// -----------------------------------------------------------------
NTSTATUS WINAPI
_PsLookupThreadByThreadId (HANDLE UniqueThreadId,
PPETHREAD Thread)
{
return w2kCallNT ("PsLookupThreadByThreadId",
8, UniqueThreadId, Thread);
}
// =================================================================
// RUNTIME LIBRARY
// =================================================================
NTSTATUS WINAPI
_RtlAnsiStringToUnicodeString (PUNICODE_STRING Destination,
PANSI_STRING Source,
BOOLEAN AllocateDestination)
{
return w2kCallNT ("RtlAnsiStringToUnicodeString",
12, Destination, Source, AllocateDestination);
}
// -----------------------------------------------------------------
NTSTATUS WINAPI
_RtlAppendUnicodeStringToString (PUNICODE_STRING Destination,
PUNICODE_STRING Source)
{
return w2kCallNT ("RtlAppendUnicodeStringToString",
8, Destination, Source);
}
// -----------------------------------------------------------------
NTSTATUS WINAPI
_RtlAppendUnicodeToString (PUNICODE_STRING Destination,
PWORD Source)
{
return w2kCallNT ("RtlAppendUnicodeToString",
8, Destination, Source);
}
// -----------------------------------------------------------------
SIZE_T WINAPI
_RtlCompareMemory (PVOID Source1,
PVOID Source2,
SIZE_T Length)
{
return w2kCall32 (0, "RtlCompareMemory", FALSE,
12, Source1, Source2, Length);
}
// -----------------------------------------------------------------
SIZE_T WINAPI
_RtlCompareMemoryUlong (PVOID Source1,
PVOID Source2,
/* Bytes */ SIZE_T Length)
{
return w2kCall32 (0, "RtlCompareMemoryUlong", FALSE,
12, Source1, Source2, Length);
}
// -----------------------------------------------⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -