ntapi.h

MinGW+MSYS开发必用的api参考

typedef struct _SYSTEM_EXCEPTION_INFORMATION {
	ULONG  AlignmentFixupCount;
	ULONG  ExceptionDispatchCount;
	ULONG  FloatingEmulationCount;
	ULONG  Reserved;
} SYSTEM_EXCEPTION_INFORMATION, *PSYSTEM_EXCEPTION_INFORMATION;

typedef struct _SYSTEM_CRASH_DUMP_STATE_INFORMATION {
	ULONG  CrashDumpSectionExists;
	ULONG  Unknown;
} SYSTEM_CRASH_DUMP_STATE_INFORMATION, *PSYSTEM_CRASH_DUMP_STATE_INFORMATION;

typedef struct _SYSTEM_KERNEL_DEBUGGER_INFORMATION {
	BOOLEAN  DebuggerEnabled;
	BOOLEAN  DebuggerNotPresent;
} SYSTEM_KERNEL_DEBUGGER_INFORMATION, *PSYSTEM_KERNEL_DEBUGGER_INFORMATION;

typedef struct _SYSTEM_CONTEXT_SWITCH_INFORMATION {
	ULONG  ContextSwitches;
	ULONG  ContextSwitchCounters[11];
} SYSTEM_CONTEXT_SWITCH_INFORMATION, *PSYSTEM_CONTEXT_SWITCH_INFORMATION;

typedef struct _SYSTEM_REGISTRY_QUOTA_INFORMATION {
	ULONG  RegistryQuota;
	ULONG  RegistryQuotaInUse;
	ULONG  PagedPoolSize;
} SYSTEM_REGISTRY_QUOTA_INFORMATION, *PSYSTEM_REGISTRY_QUOTA_INFORMATION;

typedef struct _SYSTEM_LOAD_AND_CALL_IMAGE {
  UNICODE_STRING  ModuleName;
} SYSTEM_LOAD_AND_CALL_IMAGE, *PSYSTEM_LOAD_AND_CALL_IMAGE;

typedef struct _SYSTEM_PRIORITY_SEPARATION {
  ULONG  PrioritySeparation;
} SYSTEM_PRIORITY_SEPARATION, *PSYSTEM_PRIORITY_SEPARATION;

typedef struct _SYSTEM_TIME_ZONE_INFORMATION {
	LONG  Bias;
	WCHAR  StandardName[32];
	LARGE_INTEGER  StandardDate;
	LONG  StandardBias;
	WCHAR  DaylightName[32];
	LARGE_INTEGER  DaylightDate;
	LONG  DaylightBias;
} SYSTEM_TIME_ZONE_INFORMATION, *PSYSTEM_TIME_ZONE_INFORMATION;

typedef struct _SYSTEM_LOOKASIDE_INFORMATION {
	USHORT  Depth;
	USHORT  MaximumDepth;
	ULONG  TotalAllocates;
	ULONG  AllocateMisses;
	ULONG  TotalFrees;
	ULONG  FreeMisses;
	POOL_TYPE  Type;
	ULONG  Tag;
	ULONG  Size;
} SYSTEM_LOOKASIDE_INFORMATION, *PSYSTEM_LOOKASIDE_INFORMATION;

typedef struct _SYSTEM_SET_TIME_SLIP_EVENT {
  HANDLE  TimeSlipEvent;
} SYSTEM_SET_TIME_SLIP_EVENT, *PSYSTEM_SET_TIME_SLIP_EVENT;

typedef struct _SYSTEM_CREATE_SESSION {
  ULONG  SessionId;
} SYSTEM_CREATE_SESSION, *PSYSTEM_CREATE_SESSION;

typedef struct _SYSTEM_DELETE_SESSION {
  ULONG  SessionId;
} SYSTEM_DELETE_SESSION, *PSYSTEM_DELETE_SESSION;

typedef struct _SYSTEM_RANGE_START_INFORMATION {
  PVOID  SystemRangeStart;
} SYSTEM_RANGE_START_INFORMATION, *PSYSTEM_RANGE_START_INFORMATION;

typedef struct _SYSTEM_SESSION_PROCESSES_INFORMATION {
	ULONG  SessionId;
	ULONG  BufferSize;
	PVOID  Buffer;
} SYSTEM_SESSION_PROCESSES_INFORMATION, *PSYSTEM_SESSION_PROCESSES_INFORMATION;

typedef struct _SYSTEM_POOL_BLOCK {
	BOOLEAN  Allocated;
	USHORT  Unknown;
	ULONG  Size;
	CHAR  Tag[4];
} SYSTEM_POOL_BLOCK, *PSYSTEM_POOL_BLOCK;

typedef struct _SYSTEM_POOL_BLOCKS_INFORMATION {
	ULONG  PoolSize;
	PVOID  PoolBase;
	USHORT  Unknown;
	ULONG  NumberOfBlocks;
	SYSTEM_POOL_BLOCK  PoolBlocks[1];
} SYSTEM_POOL_BLOCKS_INFORMATION, *PSYSTEM_POOL_BLOCKS_INFORMATION;

typedef struct _SYSTEM_MEMORY_USAGE {
	PVOID  Name;
	USHORT  Valid;
	USHORT  Standby;
	USHORT  Modified;
	USHORT  PageTables;
} SYSTEM_MEMORY_USAGE, *PSYSTEM_MEMORY_USAGE;

typedef struct _SYSTEM_MEMORY_USAGE_INFORMATION {
  	ULONG  Reserved;
	PVOID  EndOfData;
	SYSTEM_MEMORY_USAGE  MemoryUsage[1];
} SYSTEM_MEMORY_USAGE_INFORMATION, *PSYSTEM_MEMORY_USAGE_INFORMATION;

NTOSAPI
NTSTATUS
NTAPI
NtQuerySystemInformation(
  /*IN*/ SYSTEM_INFORMATION_CLASS  SystemInformationClass,
  /*IN OUT*/ PVOID  SystemInformation,
  /*IN*/ ULONG  SystemInformationLength,
  /*OUT*/ PULONG  ReturnLength  /*OPTIONAL*/);

NTOSAPI
NTSTATUS
NTAPI
ZwQuerySystemInformation(
  /*IN*/ SYSTEM_INFORMATION_CLASS  SystemInformationClass,
  /*IN OUT*/ PVOID  SystemInformation,
  /*IN*/ ULONG  SystemInformationLength,
  /*OUT*/ PULONG  ReturnLength  /*OPTIONAL*/);

NTOSAPI
NTAPI
NTSTATUS
NtQueryFullAttributesFile(
  /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes,
  /*OUT*/ PFILE_NETWORK_OPEN_INFORMATION FileInformation);

NTOSAPI
NTAPI
NTSTATUS
ZwQueryFullAttributesFile(
  /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes,
  /*OUT*/ PFILE_NETWORK_OPEN_INFORMATION FileInformation);

NTOSAPI
NTSTATUS
NTAPI
ZwSetSystemInformation(
  /*IN*/ SYSTEM_INFORMATION_CLASS  SystemInformationClass,
  /*IN OUT*/ PVOID  SystemInformation,
  /*IN*/ ULONG  SystemInformationLength);

NTOSAPI
NTSTATUS
NTAPI
ZwQuerySystemEnvironmentValue(
  /*IN*/ PUNICODE_STRING  Name,
  /*OUT*/ PVOID  Value,
  /*IN*/ ULONG  ValueLength,
  /*OUT*/ PULONG  ReturnLength  /*OPTIONAL*/);

NTOSAPI
NTSTATUS
NTAPI
ZwSetSystemEnvironmentValue(
  /*IN*/ PUNICODE_STRING  Name,
  /*IN*/ PUNICODE_STRING  Value);

typedef enum _SHUTDOWN_ACTION {
	ShutdownNoReboot,
	ShutdownReboot,
	ShutdownPowerOff
} SHUTDOWN_ACTION;

NTOSAPI
NTSTATUS
NTAPI
NtShutdownSystem(
  /*IN*/ SHUTDOWN_ACTION  Action);

typedef enum _DEBUG_CONTROL_CODE {
  DebugGetTraceInformation = 1,
	DebugSetInternalBreakpoint,
	DebugSetSpecialCall,
	DebugClearSpecialCalls,
	DebugQuerySpecialCalls,
	DebugDbgBreakPoint,
	DebugMaximum
} DEBUG_CONTROL_CODE;


NTOSAPI
NTSTATUS
NTAPI
ZwSystemDebugControl(
  /*IN*/ DEBUG_CONTROL_CODE  ControlCode,
  /*IN*/ PVOID  InputBuffer  /*OPTIONAL*/,
  /*IN*/ ULONG  InputBufferLength,
  /*OUT*/ PVOID  OutputBuffer  /*OPTIONAL*/,
  /*IN*/ ULONG  OutputBufferLength,
  /*OUT*/ PULONG  ReturnLength  /*OPTIONAL*/);



/* Objects, Object directories, and symbolic links */

typedef enum _OBJECT_INFORMATION_CLASS {
	ObjectBasicInformation,
	ObjectNameInformation,
	ObjectTypeInformation,
	ObjectAllTypesInformation,
	ObjectHandleInformation
} OBJECT_INFORMATION_CLASS;

NTOSAPI
NTSTATUS
NTAPI
ZwQueryObject(
  /*IN*/ HANDLE  ObjectHandle,
  /*IN*/ OBJECT_INFORMATION_CLASS  ObjectInformationClass,
  /*OUT*/ PVOID  ObjectInformation,
  /*IN*/ ULONG  ObjectInformationLength,
  /*OUT*/ PULONG  ReturnLength  /*OPTIONAL*/);

NTOSAPI
NTSTATUS
NTAPI
ZwSetInformationObject(
  /*IN*/ HANDLE  ObjectHandle,
  /*IN*/ OBJECT_INFORMATION_CLASS  ObjectInformationClass,
  /*IN*/ PVOID  ObjectInformation,
  /*IN*/ ULONG  ObjectInformationLength);

/* OBJECT_BASIC_INFORMATION.Attributes constants */
/* also in winbase.h */
#define HANDLE_FLAG_INHERIT               0x01
#define HANDLE_FLAG_PROTECT_FROM_CLOSE    0x02
/* end winbase.h */
#define PERMANENT                         0x10
#define EXCLUSIVE                         0x20

typedef struct _OBJECT_BASIC_INFORMATION {
	ULONG  Attributes;
	ACCESS_MASK  GrantedAccess;
	ULONG  HandleCount;
	ULONG  PointerCount;
	ULONG  PagedPoolUsage;
	ULONG  NonPagedPoolUsage;
	ULONG  Reserved[3];
	ULONG  NameInformationLength;
	ULONG  TypeInformationLength;
	ULONG  SecurityDescriptorLength;
	LARGE_INTEGER  CreateTime;
} OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION;
#if 0
/* FIXME: Enable later */
typedef struct _OBJECT_TYPE_INFORMATION {
	UNICODE_STRING  Name;
	ULONG  ObjectCount;
	ULONG  HandleCount;
	ULONG  Reserved1[4];
	ULONG  PeakObjectCount;
	ULONG  PeakHandleCount;
	ULONG  Reserved2[4];
	ULONG  InvalidAttributes;
	GENERIC_MAPPING  GenericMapping;
	ULONG  ValidAccess;
	UCHAR  Unknown;
	BOOLEAN  MaintainHandleDatabase;
	POOL_TYPE  PoolType;
	ULONG  PagedPoolUsage;
	ULONG  NonPagedPoolUsage;
} OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION;

typedef struct _OBJECT_ALL_TYPES_INFORMATION {
  ULONG  NumberOfTypes;
  OBJECT_TYPE_INFORMATION  TypeInformation;
} OBJECT_ALL_TYPES_INFORMATION, *POBJECT_ALL_TYPES_INFORMATION;
#endif
typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFORMATION {
  BOOLEAN  Inherit;
  BOOLEAN  ProtectFromClose;
} OBJECT_HANDLE_ATTRIBUTE_INFORMATION, *POBJECT_HANDLE_ATTRIBUTE_INFORMATION;

NTOSAPI
NTSTATUS
NTAPI
NtDuplicateObject(
  /*IN*/ HANDLE  SourceProcessHandle,
  /*IN*/ HANDLE  SourceHandle,
  /*IN*/ HANDLE  TargetProcessHandle,
  /*OUT*/ PHANDLE  TargetHandle  /*OPTIONAL*/,
  /*IN*/ ACCESS_MASK  DesiredAccess,
  /*IN*/ ULONG  Attributes,
  /*IN*/ ULONG  Options);

NTOSAPI
NTSTATUS
NTAPI
ZwDuplicateObject(
  /*IN*/ HANDLE  SourceProcessHandle,
  /*IN*/ HANDLE  SourceHandle,
  /*IN*/ HANDLE  TargetProcessHandle,
  /*OUT*/ PHANDLE  TargetHandle  /*OPTIONAL*/,
  /*IN*/ ACCESS_MASK  DesiredAccess,
  /*IN*/ ULONG  Attributes,
  /*IN*/ ULONG  Options);

NTOSAPI
NTSTATUS
NTAPI
NtQuerySecurityObject(
  /*IN*/ HANDLE Handle,
  /*IN*/ SECURITY_INFORMATION  SecurityInformation,
  /*OUT*/ PSECURITY_DESCRIPTOR  SecurityDescriptor,
  /*IN*/ ULONG  SecurityDescriptorLength,
  /*OUT*/ PULONG  ReturnLength);

NTOSAPI
NTSTATUS
NTAPI
ZwQuerySecurityObject(
  /*IN*/ HANDLE Handle,
  /*IN*/ SECURITY_INFORMATION  SecurityInformation,
  /*OUT*/ PSECURITY_DESCRIPTOR  SecurityDescriptor,
  /*IN*/ ULONG  SecurityDescriptorLength,
  /*OUT*/ PULONG  ReturnLength);

NTOSAPI
NTSTATUS
NTAPI
NtSetSecurityObject(
  /*IN*/ HANDLE  Handle,
  /*IN*/ SECURITY_INFORMATION  SecurityInformation,
  /*IN*/ PSECURITY_DESCRIPTOR  SecurityDescriptor);

NTOSAPI
NTSTATUS
NTAPI
ZwSetSecurityObject(
  /*IN*/ HANDLE  Handle,
  /*IN*/ SECURITY_INFORMATION  SecurityInformation,
  /*IN*/ PSECURITY_DESCRIPTOR  SecurityDescriptor);

NTOSAPI
NTSTATUS
NTAPI
ZwOpenDirectoryObject(
  /*OUT*/ PHANDLE  DirectoryHandle,
  /*IN*/ ACCESS_MASK  DesiredAccess,
  /*IN*/ POBJECT_ATTRIBUTES  ObjectAttributes);

NTOSAPI
NTSTATUS
NTAPI
ZwQueryDirectoryObject(
  /*IN*/ HANDLE  DirectoryHandle,
  /*OUT*/ PVOID  Buffer,
  /*IN*/ ULONG  BufferLength,
  /*IN*/ BOOLEAN  ReturnSingleEntry,
  /*IN*/ BOOLEAN  RestartScan,
  /*IN OUT*/ PULONG  Context,
  /*OUT*/ PULONG  ReturnLength  /*OPTIONAL*/);

typedef struct _DIRECTORY_BASIC_INFORMATION {
  UNICODE_STRING  ObjectName;
  UNICODE_STRING  ObjectTypeName;
} DIRECTORY_BASIC_INFORMATION, *PDIRECTORY_BASIC_INFORMATION;

NTOSAPI
NTSTATUS
NTAPI
ZwCreateSymbolicLinkObject(
  /*OUT*/ PHANDLE  SymbolicLinkHandle,
  /*IN*/ ACCESS_MASK  DesiredAccess,
  /*IN*/ POBJECT_ATTRIBUTES  ObjectAttributes,
  /*IN*/ PUNICODE_STRING  TargetName);




/* Virtual memory */

typedef enum _MEMORY_INFORMATION_CLASS {
MemoryBasicInformation,
MemoryWorkingSetList,
MemorySectionName,
MemoryBasicVlmInformation
} MEMORY_INFORMATION_CLASS;

NTOSAPI
NTSTATUS
NTAPI
NtAllocateVirtualMemory(
  /*IN*/ HANDLE  ProcessHandle,
  /*IN OUT*/ PVOID  *BaseAddress,
  /*IN*/ ULONG  ZeroBits,
  /*IN OUT*/ PULONG  AllocationSize,
  /*IN*/ ULONG  AllocationType,
  /*IN*/ ULONG  Protect);

NTOSAPI
NTSTATUS
NTAPI
ZwAllocateVirtualMemory(
  /*IN*/ HANDLE  ProcessHandle,
  /*IN OUT*/ PVOID  *BaseAddress,
  /*IN*/ ULONG  ZeroBits,
  /*IN OUT*/ PULONG  AllocationSize,
  /*IN*/ ULONG  AllocationType,
  /*IN*/ ULONG  Protect);

NTOSAPI
NTSTATUS
NTAPI
NtFreeVirtualMemory(
  /*IN*/ HANDLE  ProcessHandle,
  /*IN OUT*/ PVOID  *BaseAddress,
  /*IN OUT*/ PULONG  FreeSize,
  /*IN*/ ULONG  FreeType);

NTOSAPI
NTSTATUS
NTAPI
ZwFreeVirtualMemory(
  /*IN*/ HANDLE  ProcessHandle,
  /*IN OUT*/ PVOID  *BaseAddress,
  /*IN OUT*/ PULONG  FreeSize,
  /*IN*/ ULONG  FreeType);

NTOSAPI
NTSTATUS
NTAPI
ZwQueryVirtualMemory(
  /*IN*/ HANDLE  ProcessHandle,
  /*IN*/ PVOID  BaseAddress,
  /*IN*/ MEMORY_INFORMATION_CLASS  MemoryInformationClass,
  /*OUT*/ PVOID  MemoryInformation,
  /*IN*/ ULONG  MemoryInformationLength,
  /*OUT*/ PULONG  ReturnLength  /*OPTIONAL*/);

/* MEMORY_WORKING_SET_LIST.WorkingSetList constants */
#define WSLE_PAGE_READONLY                0x001
#define WSLE_PAGE_EXECUTE                 0x002
#define WSLE_PAGE_READWRITE               0x004
#define WSLE_PAGE_EXECUTE_READ            0x003
#define WSLE_PAGE_WRITECOPY               0x005
#define WSLE_PAGE_EXECUTE_READWRITE       0x006
#define WSLE_PAGE_EXECUTE_WRITECOPY       0x007
#define WSLE_PAGE_SHARE_COUNT_MASK        0x0E0
#define WSLE_PAGE_SHAREABLE               0x100

typedef struct _MEMORY_WORKING_SET_LIST {
  ULONG  NumberOfPages;
  ULONG  WorkingSetList[1];
} MEMORY_WORKING_SET_LIST, *PMEMORY_WORKING_SET_LIST;

typedef struct _MEMORY_SECTION_NAME {
  UNICODE_STRING  SectionFileName;
} MEMORY_SECTION_NAME, *PMEMORY_SECTION_NAME;

/* Zw[Lock|Unlock]VirtualMemory.LockType constants */
#define LOCK_VM_IN_WSL                    0x01
#define LOCK_VM_IN_RAM                    0x02

NTOSAPI
NTSTATUS
NTAPI
ZwLockVirtualMemory(
  /*IN*/ HANDLE  ProcessHandle,
  /*IN OUT*/ PVOID  *BaseAddress,
  /*IN OUT*/ PULONG  LockSize,
  /*IN*/ ULONG  LockType);

NTOSAPI
NTSTATUS
NTAPI
ZwUnlockVirtualMemory(
  /*IN*/ HANDLE  ProcessHandle,
  /*IN OUT*/ PVOID  *BaseAddress,
  /*IN OUT*/ PULONG  LockSize,
  /*IN*/ ULONG  LockType);

NTOSAPI
NTSTATUS
NTAPI
ZwReadVirtualMemory(
  /*IN*/ HANDLE  ProcessHandle,
  /*IN*/ PVOID  BaseAddress,
  /*OUT*/ PVOID  Buffer,
  /*IN*/ ULONG  BufferLength,
  /*OUT*/ PULONG  ReturnLength  /*OPTIONAL*/);

NTOSAPI
NTSTATUS
NTAPI
ZwWriteVirtualMemory(
  /*IN*/ HANDLE  ProcessHandle,
  /*IN*/ PVOID  BaseAddress,
  /*IN*/ PVOID  Buffer,
  /*IN*/ ULONG  BufferLength,
  /*OUT*/ PULONG  ReturnLength  /*OPTIONAL*/);

NTOSAPI
NTSTATUS
NTAPI
ZwProtectVirtualMemory(
  /*IN*/ HANDLE  ProcessHandle,
  /*IN OUT*/ PVOID  *BaseAddress,
  /*IN OUT*/ PULONG  ProtectSize,
  /*IN*/ ULONG  NewProtect,
  /*OUT*/ PULONG  OldProtect);

NTOSAPI
NTSTATUS
NTAPI
ZwFlushVirtualMemory(
  /*IN*/ HANDLE  ProcessHandle,
  /*IN OUT*/ PVOID  *BaseAddress,
  /*IN OUT*/ PULONG  FlushSize,
  /*OUT*/ PIO_STATUS_BLOCK  IoStatusBlock);

NTOSAPI
NTSTATUS
NTAPI
ZwAllocateUserPhysicalPages(
  /*IN*/ HANDLE  ProcessHandle,
  /*IN*/ PULONG  NumberOfPages,
  /*OUT*/ PULONG  PageFrameNumbers);

NTOSAPI
NTSTATUS
NTAPI
ZwFreeUserPhysicalPages(
  /*IN*/ HANDLE  ProcessHandle,
  /*IN OUT*/ PULONG  NumberOfPages,
  /*IN*/ PULONG  PageFrameNumbers);

NTOSAPI
NTSTATUS
NTAPI
ZwMapUserPhysicalPages(
  /*IN*/ PVOID  BaseAddress,
  /*IN*/ PULONG  NumberOfPages,
  /*IN*/ PULONG  PageFrameNumbers);