ntapi.h

MinGW+MSYS开发必用的api参考

NTOSAPI
NTSTATUS
NTAPI
ZwMapUserPhysicalPagesScatter(
  /*IN*/ PVOID  *BaseAddresses,
  /*IN*/ PULONG  NumberOfPages,
  /*IN*/ PULONG  PageFrameNumbers);

NTOSAPI
NTSTATUS
NTAPI
ZwGetWriteWatch(
  /*IN*/ HANDLE  ProcessHandle,
  /*IN*/ ULONG  Flags,
  /*IN*/ PVOID  BaseAddress,
  /*IN*/ ULONG  RegionSize,
  /*OUT*/ PULONG  Buffer,
  /*IN OUT*/ PULONG  BufferEntries,
  /*OUT*/ PULONG  Granularity);

NTOSAPI
NTSTATUS
NTAPI
ZwResetWriteWatch(
  /*IN*/ HANDLE  ProcessHandle,
  /*IN*/ PVOID  BaseAddress,
  /*IN*/ ULONG  RegionSize);




/* Sections */

typedef enum _SECTION_INFORMATION_CLASS {
  SectionBasicInformation,
  SectionImageInformation
} SECTION_INFORMATION_CLASS;

NTOSAPI
NTSTATUS
NTAPI
NtCreateSection(
  /*OUT*/ PHANDLE  SectionHandle,
  /*IN*/ ACCESS_MASK  DesiredAccess,
  /*IN*/ POBJECT_ATTRIBUTES  ObjectAttributes,
  /*IN*/ PLARGE_INTEGER  SectionSize  /*OPTIONAL*/,
  /*IN*/ ULONG  Protect,
  /*IN*/ ULONG  Attributes,
  /*IN*/ HANDLE  FileHandle);

NTOSAPI
NTSTATUS
NTAPI
ZwCreateSection(
  /*OUT*/ PHANDLE  SectionHandle,
  /*IN*/ ACCESS_MASK  DesiredAccess,
  /*IN*/ POBJECT_ATTRIBUTES  ObjectAttributes,
  /*IN*/ PLARGE_INTEGER  SectionSize  /*OPTIONAL*/,
  /*IN*/ ULONG  Protect,
  /*IN*/ ULONG  Attributes,
  /*IN*/ HANDLE  FileHandle);

NTOSAPI
NTSTATUS
NTAPI
ZwQuerySection(
  /*IN*/ HANDLE  SectionHandle,
  /*IN*/ SECTION_INFORMATION_CLASS  SectionInformationClass,
  /*OUT*/ PVOID  SectionInformation,
  /*IN*/ ULONG  SectionInformationLength,
  /*OUT*/ PULONG  ResultLength  /*OPTIONAL*/);

NTOSAPI
NTSTATUS
NTAPI
ZwExtendSection(
  /*IN*/ HANDLE  SectionHandle,
  /*IN*/ PLARGE_INTEGER  SectionSize);

NTOSAPI
NTSTATUS
NTAPI
ZwAreMappedFilesTheSame(
  /*IN*/ PVOID  Address1,
  /*IN*/ PVOID  Address2);




/* Threads */

typedef struct _USER_STACK {
	PVOID  FixedStackBase;
	PVOID  FixedStackLimit;
	PVOID  ExpandableStackBase;
	PVOID  ExpandableStackLimit;
	PVOID  ExpandableStackBottom;
} USER_STACK, *PUSER_STACK;

NTOSAPI
NTSTATUS
NTAPI
ZwCreateThread(
  /*OUT*/ PHANDLE  ThreadHandle,
  /*IN*/ ACCESS_MASK  DesiredAccess,
  /*IN*/ POBJECT_ATTRIBUTES  ObjectAttributes,
  /*IN*/ HANDLE  ProcessHandle,
  /*OUT*/ PCLIENT_ID  ClientId,
  /*IN*/ PCONTEXT  ThreadContext,
  /*IN*/ PUSER_STACK  UserStack,
  /*IN*/ BOOLEAN  CreateSuspended);

NTOSAPI
NTSTATUS
NTAPI
NtOpenThread(
  /*OUT*/ PHANDLE  ThreadHandle,
  /*IN*/ ACCESS_MASK  DesiredAccess,
  /*IN*/ POBJECT_ATTRIBUTES  ObjectAttributes,
  /*IN*/ PCLIENT_ID  ClientId);

NTOSAPI
NTSTATUS
NTAPI
ZwOpenThread(
  /*OUT*/ PHANDLE  ThreadHandle,
  /*IN*/ ACCESS_MASK  DesiredAccess,
  /*IN*/ POBJECT_ATTRIBUTES  ObjectAttributes,
  /*IN*/ PCLIENT_ID  ClientId);

NTOSAPI
NTSTATUS
NTAPI
ZwTerminateThread(
  /*IN*/ HANDLE  ThreadHandle  /*OPTIONAL*/,
  /*IN*/ NTSTATUS  ExitStatus);

NTOSAPI
NTSTATUS
NTAPI
NtQueryInformationThread(
  /*IN*/ HANDLE  ThreadHandle,
  /*IN*/ THREADINFOCLASS  ThreadInformationClass,
  /*OUT*/ PVOID  ThreadInformation,
  /*IN*/ ULONG  ThreadInformationLength,
  /*OUT*/ PULONG  ReturnLength  /*OPTIONAL*/);

NTOSAPI
NTSTATUS
NTAPI
ZwQueryInformationThread(
  /*IN*/ HANDLE  ThreadHandle,
  /*IN*/ THREADINFOCLASS  ThreadInformationClass,
  /*OUT*/ PVOID  ThreadInformation,
  /*IN*/ ULONG  ThreadInformationLength,
  /*OUT*/ PULONG  ReturnLength  /*OPTIONAL*/);

NTOSAPI
NTSTATUS
NTAPI
NtSetInformationThread(
  /*IN*/ HANDLE  ThreadHandle,
  /*IN*/ THREADINFOCLASS  ThreadInformationClass,
  /*IN*/ PVOID  ThreadInformation,
  /*IN*/ ULONG  ThreadInformationLength);

typedef struct _THREAD_BASIC_INFORMATION {
	NTSTATUS  ExitStatus;
	PNT_TIB  TebBaseAddress;
	CLIENT_ID  ClientId;
	KAFFINITY  AffinityMask;
	KPRIORITY  Priority;
	KPRIORITY  BasePriority;
} THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION;

typedef struct _KERNEL_USER_TIMES {
	LARGE_INTEGER  CreateTime;
	LARGE_INTEGER  ExitTime;
	LARGE_INTEGER  KernelTime;
	LARGE_INTEGER  UserTime;
} KERNEL_USER_TIMES, *PKERNEL_USER_TIMES;

NTOSAPI
NTSTATUS
NTAPI
ZwSuspendThread(
  /*IN*/ HANDLE  ThreadHandle,
  /*OUT*/ PULONG  PreviousSuspendCount  /*OPTIONAL*/);

NTOSAPI
NTSTATUS
NTAPI
ZwResumeThread(
  /*IN*/ HANDLE  ThreadHandle,
  /*OUT*/ PULONG  PreviousSuspendCount  /*OPTIONAL*/);

NTOSAPI
NTSTATUS
NTAPI
ZwGetContextThread(
  /*IN*/ HANDLE  ThreadHandle,
  /*OUT*/ PCONTEXT  Context);

NTOSAPI
NTSTATUS
NTAPI
ZwSetContextThread(
  /*IN*/ HANDLE  ThreadHandle,
  /*IN*/ PCONTEXT  Context);

NTOSAPI
NTSTATUS
NTAPI
ZwQueueApcThread(
  /*IN*/ HANDLE  ThreadHandle,
  /*IN*/ PKNORMAL_ROUTINE  ApcRoutine,
  /*IN*/ PVOID  ApcContext  /*OPTIONAL*/,
  /*IN*/ PVOID  Argument1  /*OPTIONAL*/,
  /*IN*/ PVOID  Argument2  /*OPTIONAL*/);

NTOSAPI
NTSTATUS
NTAPI
ZwTestAlert(
  VOID);

NTOSAPI
NTSTATUS
NTAPI
ZwAlertThread(
  /*IN*/ HANDLE  ThreadHandle);

NTOSAPI
NTSTATUS
NTAPI
ZwAlertResumeThread(
  /*IN*/ HANDLE  ThreadHandle,
  /*OUT*/ PULONG  PreviousSuspendCount  /*OPTIONAL*/);

NTOSAPI
NTSTATUS
NTAPI
ZwRegisterThreadTerminatePort(
  /*IN*/ HANDLE  PortHandle);

NTOSAPI
NTSTATUS
NTAPI
ZwImpersonateThread(
  /*IN*/ HANDLE  ThreadHandle,
  /*IN*/ HANDLE  TargetThreadHandle,
  /*IN*/ PSECURITY_QUALITY_OF_SERVICE  SecurityQos);

NTOSAPI
NTSTATUS
NTAPI
ZwImpersonateAnonymousToken(
  /*IN*/ HANDLE  ThreadHandle);




/* Processes */

NTOSAPI
NTSTATUS
NTAPI
ZwCreateProcess(
  /*OUT*/ PHANDLE  ProcessHandle,
  /*IN*/ ACCESS_MASK  DesiredAccess,
  /*IN*/ POBJECT_ATTRIBUTES  ObjectAttributes,
  /*IN*/ HANDLE  InheritFromProcessHandle,
  /*IN*/ BOOLEAN  InheritHandles,
  /*IN*/ HANDLE  SectionHandle  /*OPTIONAL*/,
  /*IN*/ HANDLE  DebugPort  /*OPTIONAL*/,
  /*IN*/ HANDLE  ExceptionPort  /*OPTIONAL*/);

NTOSAPI
NTSTATUS
NTAPI
ZwCreateProcess(
  /*OUT*/ PHANDLE  ProcessHandle,
  /*IN*/ ACCESS_MASK  DesiredAccess,
  /*IN*/ POBJECT_ATTRIBUTES  ObjectAttributes,
  /*IN*/ HANDLE  InheritFromProcessHandle,
  /*IN*/ BOOLEAN  InheritHandles,
  /*IN*/ HANDLE  SectionHandle  /*OPTIONAL*/,
  /*IN*/ HANDLE  DebugPort  /*OPTIONAL*/,
  /*IN*/ HANDLE  ExceptionPort  /*OPTIONAL*/);

NTOSAPI
NTSTATUS
NTAPI
ZwTerminateProcess(
  /*IN*/ HANDLE  ProcessHandle  /*OPTIONAL*/,
  /*IN*/ NTSTATUS  ExitStatus);

NTOSAPI
NTSTATUS
NTAPI
ZwQueryInformationProcess(
  /*IN*/ HANDLE  ProcessHandle,
  /*IN*/ PROCESSINFOCLASS  ProcessInformationClass,
  /*OUT*/ PVOID  ProcessInformation,
  /*IN*/ ULONG  ProcessInformationLength,
  /*OUT*/ PULONG  ReturnLength  /*OPTIONAL*/);

NTOSAPI
NTSTATUS
NTAPI
NtSetInformationProcess(
  /*IN*/ HANDLE  ProcessHandle,
  /*IN*/ PROCESSINFOCLASS  ProcessInformationClass,
  /*IN*/ PVOID  ProcessInformation,
  /*IN*/ ULONG  ProcessInformationLength);

NTOSAPI
NTSTATUS
NTAPI
ZwSetInformationProcess(
  /*IN*/ HANDLE  ProcessHandle,
  /*IN*/ PROCESSINFOCLASS  ProcessInformationClass,
  /*IN*/ PVOID  ProcessInformation,
  /*IN*/ ULONG  ProcessInformationLength);

typedef struct _PROCESS_BASIC_INFORMATION {
	NTSTATUS  ExitStatus;
	PPEB  PebBaseAddress;
	KAFFINITY  AffinityMask;
	KPRIORITY  BasePriority;
	ULONG  UniqueProcessId;
	ULONG  InheritedFromUniqueProcessId;
} PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION;

typedef struct _PROCESS_ACCESS_TOKEN {
  HANDLE  Token;
  HANDLE  Thread;
} PROCESS_ACCESS_TOKEN, *PPROCESS_ACCESS_TOKEN;

/* DefaultHardErrorMode constants */
/* also in winbase.h */
#define SEM_FAILCRITICALERRORS            0x0001
#define SEM_NOGPFAULTERRORBOX             0x0002
#define SEM_NOALIGNMENTFAULTEXCEPT        0x0004
#define SEM_NOOPENFILEERRORBOX            0x8000
/* end winbase.h */
typedef struct _POOLED_USAGE_AND_LIMITS {
	ULONG  PeakPagedPoolUsage;
	ULONG  PagedPoolUsage;
	ULONG  PagedPoolLimit;
	ULONG  PeakNonPagedPoolUsage;
	ULONG  NonPagedPoolUsage;
	ULONG  NonPagedPoolLimit;
	ULONG  PeakPagefileUsage;
	ULONG  PagefileUsage;
	ULONG  PagefileLimit;
} POOLED_USAGE_AND_LIMITS, *PPOOLED_USAGE_AND_LIMITS;

typedef struct _PROCESS_WS_WATCH_INFORMATION {
  PVOID  FaultingPc;
  PVOID  FaultingVa;
} PROCESS_WS_WATCH_INFORMATION, *PPROCESS_WS_WATCH_INFORMATION;

/* PROCESS_PRIORITY_CLASS.PriorityClass constants */
#define PC_IDLE                           1
#define PC_NORMAL                         2
#define PC_HIGH                           3
#define PC_REALTIME                       4
#define PC_BELOW_NORMAL                   5
#define PC_ABOVE_NORMAL                   6

typedef struct _PROCESS_PRIORITY_CLASS {
  BOOLEAN  Foreground;
  UCHAR  PriorityClass;
} PROCESS_PRIORITY_CLASS, *PPROCESS_PRIORITY_CLASS;

/* PROCESS_DEVICEMAP_INFORMATION.DriveType constants */
#define DRIVE_UNKNOWN                     0
#define DRIVE_NO_ROOT_DIR                 1
#define DRIVE_REMOVABLE                   2
#define DRIVE_FIXED                       3
#define DRIVE_REMOTE                      4
#define DRIVE_CDROM                       5
#define DRIVE_RAMDISK                     6

typedef struct _PROCESS_DEVICEMAP_INFORMATION {
	_ANONYMOUS_UNION union {
		struct {
		  HANDLE  DirectoryHandle;
		} Set;
		struct {
		  ULONG  DriveMap;
		  UCHAR  DriveType[32];
		} Query;
	} DUMMYUNIONNAME;
} PROCESS_DEVICEMAP_INFORMATION, *PPROCESS_DEVICEMAP_INFORMATION;

typedef struct _PROCESS_SESSION_INFORMATION {
  ULONG  SessionId;
} PROCESS_SESSION_INFORMATION, *PPROCESS_SESSION_INFORMATION;

typedef struct _RTL_USER_PROCESS_PARAMETERS {
	ULONG  AllocationSize;
	ULONG  Size;
	ULONG  Flags;
	ULONG  DebugFlags;
	HANDLE  hConsole;
	ULONG  ProcessGroup;
	HANDLE  hStdInput;
	HANDLE  hStdOutput;
	HANDLE  hStdError;
	UNICODE_STRING  CurrentDirectoryName;
	HANDLE  CurrentDirectoryHandle;
	UNICODE_STRING  DllPath;
	UNICODE_STRING  ImagePathName;
	UNICODE_STRING  CommandLine;
	PWSTR  Environment;
	ULONG  dwX;
	ULONG  dwY;
	ULONG  dwXSize;
	ULONG  dwYSize;
	ULONG  dwXCountChars;
	ULONG  dwYCountChars;
	ULONG  dwFillAttribute;
	ULONG  dwFlags;
	ULONG  wShowWindow;
	UNICODE_STRING  WindowTitle;
	UNICODE_STRING  DesktopInfo;
	UNICODE_STRING  ShellInfo;
	UNICODE_STRING  RuntimeInfo;
} RTL_USER_PROCESS_PARAMETERS, *PRTL_USER_PROCESS_PARAMETERS;

NTSTATUS
NTAPI
RtlCreateProcessParameters(
  /*OUT*/ PRTL_USER_PROCESS_PARAMETERS  *ProcessParameters,
  /*IN*/ PUNICODE_STRING  ImageFile,
  /*IN*/ PUNICODE_STRING  DllPath  /*OPTIONAL*/,
  /*IN*/ PUNICODE_STRING  CurrentDirectory  /*OPTIONAL*/,
  /*IN*/ PUNICODE_STRING  CommandLine  /*OPTIONAL*/,
  /*IN*/ PWSTR  Environment /*OPTIONAL*/,
  /*IN*/ PUNICODE_STRING  WindowTitle  /*OPTIONAL*/,
  /*IN*/ PUNICODE_STRING  DesktopInfo  /*OPTIONAL*/,
  /*IN*/ PUNICODE_STRING  ShellInfo  /*OPTIONAL*/,
  /*IN*/ PUNICODE_STRING  RuntimeInfo  /*OPTIONAL*/);

NTSTATUS
NTAPI
RtlDestroyProcessParameters(
  /*IN*/ PRTL_USER_PROCESS_PARAMETERS  ProcessParameters);

typedef struct _DEBUG_BUFFER {
	HANDLE  SectionHandle;
	PVOID  SectionBase;
	PVOID  RemoteSectionBase;
	ULONG  SectionBaseDelta;
	HANDLE  EventPairHandle;
	ULONG  Unknown[2];
	HANDLE  RemoteThreadHandle;
	ULONG  InfoClassMask;
	ULONG  SizeOfInfo;
	ULONG  AllocatedSize;
	ULONG  SectionSize;
	PVOID  ModuleInformation;
	PVOID  BackTraceInformation;
	PVOID  HeapInformation;
	PVOID  LockInformation;
	PVOID  Reserved[8];
} DEBUG_BUFFER, *PDEBUG_BUFFER;

PDEBUG_BUFFER
NTAPI
RtlCreateQueryDebugBuffer(
  /*IN*/ ULONG  Size,
  /*IN*/ BOOLEAN  EventPair);

/* RtlQueryProcessDebugInformation.DebugInfoClassMask constants */
#define PDI_MODULES                       0x01
#define PDI_BACKTRACE                     0x02
#define PDI_HEAPS                         0x04
#define PDI_HEAP_TAGS                     0x08
#define PDI_HEAP_BLOCKS                   0x10
#define PDI_LOCKS                         0x20

NTSTATUS
NTAPI
RtlQueryProcessDebugInformation(
  /*IN*/ ULONG  ProcessId,
  /*IN*/ ULONG  DebugInfoClassMask,
  /*IN OUT*/ PDEBUG_BUFFER  DebugBuffer);

NTSTATUS
NTAPI
RtlDestroyQueryDebugBuffer(
  /*IN*/ PDEBUG_BUFFER  DebugBuffer);

/* DEBUG_MODULE_INFORMATION.Flags constants */
#define LDRP_STATIC_LINK                  0x00000002
#define LDRP_IMAGE_DLL                    0x00000004
#define LDRP_LOAD_IN_PROGRESS             0x00001000
#define LDRP_UNLOAD_IN_PROGRESS           0x00002000
#define LDRP_ENTRY_PROCESSED              0x00004000
#define LDRP_ENTRY_INSERTED               0x00008000
#define LDRP_CURRENT_LOAD                 0x00010000
#define LDRP_FAILED_BUILTIN_LOAD          0x00020000
#define LDRP_DONT_CALL_FOR_THREADS        0x00040000
#define LDRP_PROCESS_ATTACH_CALLED        0x00080000
#define LDRP_DEBUG_SYMBOLS_LOADED         0x00100000
#define LDRP_IMAGE_NOT_AT_BASE            0x00200000
#define LDRP_WX86_IGNORE_MACHINETYPE      0x00400000

typedef struct _DEBUG_MODULE_INFORMATION {
	ULONG  Reserved[2];
	ULONG  Base;
	ULONG  Size;
	ULONG  Flags;
	USHORT  Index;
	USHORT  Unknown;
	USHORT  LoadCount;
	USHORT  ModuleNameOffset;
	CHAR  ImageName[256];
} DEBUG_MODULE_INFORMATION, *PDEBUG_MODULE_INFORMATION;

typedef struct _DEBUG_HEAP_INFORMATION {
	ULONG  Base;
	ULONG  Flags;
	USHORT  Granularity;
	USHORT  Unknown;
	ULONG  Allocated;
	ULONG  Committed;
	ULONG  TagCount;
	ULONG  BlockCount;
	ULONG  Reserved[7];
	PVOID  Tags;
	PVOID  Blocks;
} DEBUG_HEAP_INFORMATION, *PDEBUG_HEAP_INFORMATION;

typedef struct _DEBUG_LOCK_INFORMATION {
	PVOID  Address;
	USHORT  Type;
	USHORT  CreatorBackTraceIndex;
	ULONG  OwnerThreadId;
	ULONG  ActiveCount;
	ULONG  ContentionCount;