📄 rk_ioman.h
字号:
NTSYSAPI
NTSTATUS
NTAPI
ZwUnloadKey(
IN POBJECT_ATTRIBUTES KeyNameAttributes
);
#define REG_NOTIFY_CHANGE_NAME (0x00000001L) // Create or delete (child)
#define REG_NOTIFY_CHANGE_ATTRIBUTES (0x00000002L)
#define REG_NOTIFY_CHANGE_LAST_SET (0x00000004L) // time stamp
#define REG_NOTIFY_CHANGE_SECURITY (0x00000008L)
NTSYSAPI
NTSTATUS
NTAPI
NtNotifyChangeKey(
IN HANDLE hKey,
IN HANDLE hEvent,
IN PIO_APC_ROUTINE ApcRoutine,
IN PVOID ApcRoutineContext,
IN PIO_STATUS_BLOCK pIoStatusBlock,
IN ULONG NotifyFilter,
IN BOOLEAN bWatchSubtree,
OUT PVOID RegChangesDataBuffer,
IN ULONG RegChangesDataBufferLength,
IN BOOLEAN bAynchronous
);
NTSYSAPI
NTSTATUS
NTAPI
ZwNotifyChangeKey(
IN HANDLE hKey,
IN HANDLE hEvent,
IN PIO_APC_ROUTINE ApcRoutine,
IN PVOID ApcRoutineContext,
IN PIO_STATUS_BLOCK pIoStatusBlock,
IN ULONG NotifyFilter,
IN BOOLEAN bWatchSubtree,
OUT PVOID RegChangesDataBuffer,
IN ULONG RegChangesDataBufferLength,
IN BOOLEAN bAynchronous
);
NTSYSAPI
NTSTATUS
NTAPI
NtQueryMultipleValueKey(
IN HANDLE hKey,
IN OUT PKEY_VALUE_ENTRY ValueNameArray,
IN ULONG nElementsValueNameArray,
OUT PVOID ValueDataBuffer,
IN OUT PULONG ValueDataBufferSize,
OUT PULONG SizeRequired
);
NTSTATUS
NTAPI
ZwQueryMultipleValueKey(
IN HANDLE hKey,
IN OUT PKEY_VALUE_ENTRY ValueNameArray,
IN ULONG nElementsValueNameArray,
OUT PVOID ValueDataBuffer,
IN OUT PULONG ValueDataBufferSize,
OUT PULONG SizeRequired
);
NTSYSAPI
NTSTATUS
NTAPI
NtSetInformationKey(
IN HANDLE hKey,
IN KEY_SET_INFORMATION_CLASS KeySetInfoClass,
IN PKEY_WRITE_TIME_INFORMATION pInfoBuffer,
IN ULONG pInfoBufferLength
);
NTSTATUS
NTAPI
ZwSetInformationKey(
IN HANDLE hKey,
IN KEY_SET_INFORMATION_CLASS KeySetInfoClass,
IN PKEY_WRITE_TIME_INFORMATION pInfoBuffer,
IN ULONG pInfoBufferLength
);
NTSYSAPI
NTSTATUS
NTAPI
NtRestoreKey(
IN HANDLE hKey,
IN HANDLE hFile,
IN ULONG Flags
);
NTSYSAPI
NTSTATUS
NTAPI
ZwRestoreKey(
IN HANDLE hKey,
IN HANDLE hFile,
IN ULONG Flags
);
NTSYSAPI
NTSTATUS
NTAPI
NtReplaceKey(
IN POBJECT_ATTRIBUTES NewHiveFile,
IN HANDLE hKey,
IN POBJECT_ATTRIBUTES BackupHiveFile
);
NTSYSAPI
NTSTATUS
NTAPI
ZwReplaceKey(
IN POBJECT_ATTRIBUTES NewHiveFile,
IN HANDLE hKey,
IN POBJECT_ATTRIBUTES BackupHiveFile
);
/* ________________________________________________
. Local Procedure Calls
. ________________________________________________ */
/* Undocumented LPC API */
NTSYSAPI
NTSTATUS
NTAPI
NtCreatePort(
PHANDLE PortHandle,
POBJECT_ATTRIBUTES ObjectAttributes,
ULONG MaxConnectInfoLength,
ULONG MaxDataLength,
ULONG Unknown
);
NTSYSAPI
NTSTATUS
NTAPI
ZwCreatePort(
PHANDLE PortHandle,
POBJECT_ATTRIBUTES ObjectAttributes,
ULONG MaxConnectInfoLength,
ULONG MaxDataLength,
ULONG Unknown
);
/*
* MaxConnectInfoLength
* MaxDataLength - only validations
* Unknown - unused
*/
NTSYSAPI
NTSTATUS
NTAPI
NtConnectPort(
PHANDLE PortHandle,
PUNICODE_STRING PortName,
PULONG Unknown, /* Can not be NULL */
PLPCSECTIONINFO Unknown1, /* Used in Big LPC */
PLPCSECTIONMAPINFO Unknown2, /* Used in Big LPC */
PVOID Unknown3, /* Can be NULL */
PVOID ConnectInfo,
PULONG pConnectInfoLength
);
NTSYSAPI
NTSTATUS
NTAPI
ZwConnectPort(
PHANDLE PortHandle,
PUNICODE_STRING PortName,
PULONG Unknown, /* Can not be NULL */
PLPCSECTIONINFO Unknown1, /* Used in Big LPC */
PLPCSECTIONMAPINFO Unknown2, /* Used in Big LPC */
PVOID Unknown3, /* Can be NULL */
PVOID ConnectInfo,
PULONG pConnectInfoLength
);
NTSYSAPI
NTSTATUS
NTAPI
NtReplyWaitReceivePort(
PHANDLE PortHandle,
PULONG Unknown ,
PLPCMESSAGE pLpcMessageOut,
PLPCMESSAGE pLpcMessageIn
);
NTSYSAPI
NTSTATUS
NTAPI
ZwReplyWaitReceivePort(
PHANDLE PortHandle,
PULONG Unknown ,
PLPCMESSAGE pLpcMessageOut,
PLPCMESSAGE pLpcMessageIn
);
NTSYSAPI
NTSTATUS
NTAPI
NtAcceptConnectPort(
PHANDLE PortHandle,
ULONG Unknown, // Pass 0
PLPCMESSAGE pLpcMessage,
ULONG Unknown1, // 1
ULONG Unknown3, // 0
PLPCSECTIONMAPINFO pSectionMapInfo
);
NTSYSAPI
NTSTATUS
NTAPI
ZwAcceptConnectPort(
PHANDLE PortHandle,
ULONG Unknown, // Pass 0
PLPCMESSAGE pLpcMessage,
ULONG Unknown1, // 1
ULONG Unknown3, // 0
PLPCSECTIONMAPINFO pSectionMapInfo
);
NTSYSAPI
NTSTATUS
NTAPI
NtCompleteConnectPort(
HANDLE PortHandle
);
NTSYSAPI
NTSTATUS
NTAPI
ZwCompleteConnectPort(
HANDLE PortHandle
);
NTSYSAPI
NTSTATUS
NTAPI
NtRequestWaitReplyPort(
HANDLE PortHandle,
PLPCMESSAGE pLpcMessageIn,
PLPCMESSAGE pLpcMessageOut
);
NTSYSAPI
NTSTATUS
NTAPI
ZwRequestWaitReplyPort(
HANDLE PortHandle,
PLPCMESSAGE pLpcMessageIn,
PLPCMESSAGE pLpcMessageOut
);
NTSYSAPI
NTSTATUS
NTAPI
NtListenPort(
HANDLE PortHandle,
PLPCMESSAGE pLpcMessage
);
NTSYSAPI
NTSTATUS
NTAPI
ZwListenPort(
HANDLE PortHandle,
PLPCMESSAGE pLpcMessage
);
NTSYSAPI
NTSTATUS
NTAPI
NtRequestPort(
HANDLE PortHandle,
PLPCMESSAGE pLpcMessage
);
NTSYSAPI
NTSTATUS
NTAPI
ZwRequestPort(
HANDLE PortHandle,
PLPCMESSAGE pLpcMessage
);
NTSYSAPI
NTSTATUS
NTAPI
NtReplyPort(
HANDLE PortHandle,
PLPCMESSAGE pLpcMessage
);
NTSYSAPI
NTSTATUS
NTAPI
ZwReplyPort(
HANDLE PortHandle,
PLPCMESSAGE pLpcMessage
);
NTSYSAPI
NTSTATUS
NTAPI
NtRegisterThreadTerminatePort(
HANDLE PortHandle
);
NTSYSAPI
NTSTATUS
NTAPI
ZwRegisterThreadTerminatePort(
HANDLE PortHandle
);
NTSYSAPI
NTSTATUS
NTAPI
NtSetDefaultHardErrorPort(
HANDLE PortHandle
);
NTSYSAPI
NTSTATUS
NTAPI
ZwSetDefaultHardErrorPort(
HANDLE PortHandle
);
/* This system service does not seem to return any information about the port,
it gets pointer to port object using ObReferenceObjectByHandle and closes the
pointer and returns STATUS_SUCCESS */
NTSYSAPI
NTSTATUS
NTAPI
NtQueryInformationPort(
HANDLE PortHandle,
ULONG InfoClass,
PVOID Buffer,
ULONG BufferSize,
PULONG BytesReturned
);
NTSYSAPI
NTSTATUS
NTAPI
ZwQueryInformationPort(
HANDLE PortHandle,
ULONG InfoClass,
PVOID Buffer,
ULONG BufferSize,
PULONG BytesReturned
);
NTSYSAPI
NTSTATUS
NTAPI
NtReplyWaitReplyPort(
HANDLE PortHandle,
PLPCMESSAGE pLpcMessage
);
NTSYSAPI
NTSTATUS
NTAPI
ZwReplyWaitReplyPort(
HANDLE PortHandle,
PLPCMESSAGE pLpcMessage
);
NTSYSAPI
NTSTATUS
NTAPI
NtImpersonateClientOfPort(
HANDLE PortHandle,
PLPCMESSAGE pLpcMessage
);
NTSYSAPI
NTSTATUS
NTAPI
ZwImpersonateClientOfPort(
HANDLE PortHandle,
PLPCMESSAGE pLpcMessage
);
//Windows 2000 only
NTSYSAPI
NTSTATUS
NTAPI
NtCreateWaitablePort(
PHANDLE PortHandle,
POBJECT_ATTRIBUTES ObjectAttributes,
ULONG MaxConnectInfoLength,
ULONG MaxDataLength,
ULONG Unknown
);
NTSYSAPI
NTSTATUS
NTAPI
ZwCreateWaitablePort(
PHANDLE PortHandle,
POBJECT_ATTRIBUTES ObjectAttributes,
ULONG MaxConnectInfoLength,
ULONG MaxDataLength,
ULONG Unknown
);
/* _____________________________________________
. Driver load/unload routines
. _____________________________________________ */
NTSYSAPI
NTSTATUS
NTAPI
NtLoadDriver(
IN PUNICODE_STRING DriverRegistryEntry
);
NTSYSAPI
NTSTATUS
NTAPI
ZwLoadDriver(
IN PUNICODE_STRING DriverRegistryEntry
);
NTSYSAPI
NTSTATUS
NTAPI
NtUnloadDriver(
IN PUNICODE_STRING DriverRegistryEntry
);
NTSYSAPI
NTSTATUS
NTAPI
ZwUnloadDriver(
IN PUNICODE_STRING DriverRegistryEntry
);
/* ____________________________________________________________________
. prototypes for Iomanager real calls
. ____________________________________________________________________ */
/* __________________________________________________________
. IO Manager
. __________________________________________________________ */
NTSYSAPI
NTSTATUS
NTAPI
NtCancelIoFile(
IN HANDLE hFile,
OUT PIO_STATUS_BLOCK IoStatusBlock
);
NTSYSAPI
NTSTATUS
NTAPI
ZwCancelIoFile(
IN HANDLE hFile,
OUT PIO_STATUS_BLOCK IoStatusBlock
);
NTSYSAPI
NTSTATUS
NTAPI
NtCreateFile(
OUT PHANDLE phFile,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN PLARGE_INTEGER AllocationSize OPTIONAL,
IN ULONG FileAttributes,
IN ULONG ShareAccess,
IN ULONG CreateDisposition,
IN ULONG CreateOptions,
IN PVOID EaBuffer OPTIONAL,
IN ULONG EaLength
);
NTSYSAPI
NTSTATUS
NTAPI
ZwCreateFile(
OUT PHANDLE phFile,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN PLARGE_INTEGER AllocationSize OPTIONAL,
IN ULONG FileAttributes,
IN ULONG ShareAccess,
IN ULONG CreateDisposition,
IN ULONG CreateOptions,
IN PVOID EaBuffer OPTIONAL,
IN ULONG EaLength
);
NTSYSAPI
NTSTATUS
NTAPI
NtCreateIoCompletion(
OUT PHANDLE phIoCompletionPort,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN ULONG nConcurrentThreads
);
NTSYSAPI
NTSTATUS
NTAPI
ZwCreateIoCompletion(
OUT PHANDLE phIoCompletionPort,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN ULONG nConcurrentThreads
);
NTSYSAPI
NTSTATUS
NTAPI
NtOpenIoCompletion(
OUT PHANDLE phIoCompletionPort,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes
);
NTSYSAPI
NTSTATUS
NTAPI
ZwOpenIoCompletion(
OUT PHANDLE phIoCompletionPort,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes
);
typedef struct _OVERLAPPED {
ULONG Internal;
ULONG InternalHigh;
ULONG Offset;
ULONG OffsetHigh;
HANDLE hEvent;
} OVERLAPPED, *LPOVERLAPPED;
NTSYSAPI
NTSTATUS
NTAPI
NtSetIoCompletion(
IN HANDLE hIoCompletionPort,
ULONG CompletionKey,
LPOVERLAPPED pOverlapped,
NTSTATUS NtStatus,
ULONG NumberOfBytesTransferred
);
NTSYSAPI
NTSTATUS
NTAPI
ZwSetIoCompletion(
IN HANDLE hIoCompletionPort,
ULONG CompletionKey,
LPOVERLAPPED pOverlapped,
NTSTATUS NtStatus,
ULONG NumberOfBytesTransferred
);
typedef enum _IOCOMPLETIONPORT_INFO_CLASS {
IoCompletionPortBasicInfo
} IOCOMPLETIONPORT_INFO_CLASS;
typedef struct IoCompletionPortBasicInformation_t {
ULONG NumberOfEvents;
} IOCOMPLETIONPORT_BASIC_INFO, *PIOCOMPLETIONPORT_BASIC_INFO;
NTSYSAPI
NTSTATUS
NTAPI
NtQueryIoCompletion(
IN HANDLE hIoCompletionPort,
IN IOCOMPLETIONPORT_INFO_CLASS InfoClass,
OUT PVOID Buffer,
IN ULONG BufferLen,
OUT PULONG BytesReturned
);
NTSYSAPI
NTSTATUS
NTAPI
ZwQueryIoCompletion(
IN HANDLE hIoCompletionPort,
IN IOCOMPLETIONPORT_INFO_CLASS InfoClass,
OUT PVOID Buffer,
IN ULONG BufferLen,
OUT PULONG BytesReturned
);
NTSYSAPI
NTSTATUS
NTAPI
NtRemoveIoCompletion(
IN HANDLE hIoCompletion,
OUT PULONG lpCompletionKey,
OUT LPOVERLAPPED *pOverlapped,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN PLARGE_INTEGER Timeout
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -