📄 undocnt.h
字号:
NTSYSAPI
NTSTATUS
NTAPI
NtWaitForMultipleObjects(
IN ULONG nWaitObjectHandles,
IN PHANDLE WaitObjectHandlesArray,
IN WAIT_TYPE WaitType,
IN BOOLEAN bAlertable,
IN PLARGE_INTEGER Timeout
);
NTSYSAPI
NTSTATUS
NTAPI
ZwWaitForMultipleObjects(
IN ULONG nWaitObjectHandles,
IN PHANDLE WaitObjectHandlesArray,
IN WAIT_TYPE WaitType,
IN BOOLEAN bAlertable,
IN PLARGE_INTEGER Timeout
);
NTSYSAPI
NTSTATUS
NTAPI
NtCreateTimer(
OUT PHANDLE phTimer,
IN ACCESS_MASK AccessMask,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN TIMER_TYPE TimerType
);
NTSTATUS
NTAPI
ZwCreateTimer(
OUT PHANDLE phTimer,
IN ACCESS_MASK AccessMask,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN TIMER_TYPE TimerType
);
NTSYSAPI
NTSTATUS
NTAPI
NtOpenTimer(
OUT PHANDLE phTimer,
IN ACCESS_MASK AccessMask,
IN POBJECT_ATTRIBUTES ObjectAttributes
);
NTSTATUS
NTAPI
ZwOpenTimer(
OUT PHANDLE phTimer,
IN ACCESS_MASK AccessMask,
IN POBJECT_ATTRIBUTES ObjectAttributes
);
typedef enum _TIMER_INFO_CLASS {
TimerBasicInfo
} TIMER_INFO_CLASS;
typedef struct TimerInfo_t {
LARGE_INTEGER DueTime;
CCHAR TimerState;
CCHAR Unused[3];
ULONG TimerType;
} TIMER_INFO, *PTIMER_INFO;
NTSYSAPI
NTSTATUS
NTAPI
NtQueryTimer(
IN HANDLE hTimer,
IN TIMER_INFO_CLASS InfoClass,
OUT PVOID TimerInfoBuffer,
IN ULONG TimerInfoBufferSize,
OUT PULONG BytesCopied
);
NTSTATUS
NTAPI
ZwQueryTimer(
IN HANDLE hTimer,
IN TIMER_INFO_CLASS InfoClass,
OUT PVOID TimerInfoBuffer,
IN ULONG TimerInfoBufferSize,
OUT PULONG BytesCopied
);
typedef VOID
(NTAPI *PTIMERAPCROUTINE)(
PVOID lpArgToCompletionRoutine,
ULONG dwTimerLowValue,
ULONG dwTimerHighValue);
NTSYSAPI
NTSTATUS
NTAPI
NtSetTimer(
IN HANDLE hTimer,
IN PLARGE_INTEGER pDueTime,
IN PTIMERAPCROUTINE pfnCompletionRoutine OPTIONAL,
IN ULONG pfnCompletionRoutineArg,
IN BOOLEAN bResume,
IN LONG Period,
OUT PBOOLEAN bTimerState
);
NTSTATUS
NTAPI
ZwSetTimer(
IN HANDLE hTimer,
IN PLARGE_INTEGER pDueTime,
IN PTIMERAPCROUTINE pfnCompletionRoutine OPTIONAL,
IN ULONG pfnCompletionRoutineArg,
IN BOOLEAN bResume,
IN LONG Period,
OUT PBOOLEAN bTimerState
);
NTSYSAPI
NTSTATUS
NTAPI
NtCancelTimer(
IN HANDLE hTimer,
OUT PBOOLEAN pbState
);
NTSTATUS
NTAPI
ZwCancelTimer(
IN HANDLE hTimer,
OUT PBOOLEAN pbState
);
NTSYSAPI
NTSTATUS
NTAPI
NtDelayExecution(
IN ULONG bAlertable,
IN PLARGE_INTEGER pDuration
);
NTSTATUS
NTAPI
ZwDelayExecution(
IN ULONG bAlertable,
IN PLARGE_INTEGER pDuration
);
NTSYSAPI
NTSTATUS
NTAPI
NtQueryTimerResolution(
OUT PULONG MaxResolution,
OUT PULONG MinResolution,
OUT PULONG SystemResolution
);
NTSTATUS
NTAPI
ZwQueryTimerResolution(
OUT PULONG MaxResolution,
OUT PULONG MinResolution,
OUT PULONG SystemResolution
);
NTSYSAPI
NTSTATUS
NTAPI
NtSetTimerResolution(
IN ULONG NewResolution,
IN BOOLEAN bSet,
OUT PULONG pResolutionSet
);
NTSTATUS
NTAPI
ZwSetTimerResolution(
IN ULONG NewResolution,
IN BOOLEAN bSet,
OUT PULONG pResolutionSet
);
NTSYSAPI
NTSTATUS
NTAPI
NtQueryPerformanceCounter(
OUT PLARGE_INTEGER pPerformanceCount,
OUT PLARGE_INTEGER pFrequency
);
NTSTATUS
NTAPI
ZwQueryPerformanceCounter(
OUT PLARGE_INTEGER pPerformanceCount,
OUT PLARGE_INTEGER pFrequency
);
NTSYSAPI
NTSTATUS
NTAPI
NtQuerySystemTime(
OUT PLARGE_INTEGER pSystemTime
);
NTSTATUS
NTAPI
ZwQuerySystemTime(
OUT PLARGE_INTEGER pSystemTime
);
NTSYSAPI
NTSTATUS
NTAPI
NtSetSystemTime(
IN PLARGE_INTEGER pSystemTime,
OUT PLARGE_INTEGER pOldsystemTime OPTIONAL
);
NTSTATUS
NTAPI
ZwSetSystemTime(
IN PLARGE_INTEGER pSystemTime,
OUT PLARGE_INTEGER pOldsystemTime OPTIONAL
);
NTSYSAPI
ULONG
NTAPI
NtGetTickCount(
);
ULONG
NTAPI
ZwGetTickCount(
);
NTSYSAPI
NTSTATUS
NTAPI
NtOpenKey(
OUT PHANDLE phKey,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes
);
NTSYSAPI
NTSTATUS
NTAPI
ZwOpenKey(
OUT PHANDLE phKey,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes
);
NTSYSAPI
NTSTATUS
NTAPI
NtCreateKey(
OUT PHANDLE phKey,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN ULONG TitleIndex,
IN PUNICODE_STRING Class,
IN ULONG CreateOptions,
OUT PULONG pDisposition
);
NTSYSAPI
NTSTATUS
NTAPI
ZwCreateKey(
OUT PHANDLE phKey,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN ULONG TitleIndex,
IN PUNICODE_STRING Class,
IN ULONG CreateOptions,
OUT PULONG pDisposition
);
NTSYSAPI
NTSTATUS
NTAPI
NtSetValueKey(
IN HANDLE hKey,
IN PUNICODE_STRING uValueName,
IN ULONG TitleIndex,
IN ULONG ValueType,
IN PVOID pValueData,
IN ULONG pValueDataLength
);
NTSYSAPI
NTSTATUS
NTAPI
ZwSetValueKey(
IN HANDLE hKey,
IN PUNICODE_STRING uValueName,
IN ULONG TitleIndex,
IN ULONG ValueType,
IN PVOID pValueData,
IN ULONG pValueDataLength
);
NTSYSAPI
NTSTATUS
NTAPI
NtEnumerateKey(
IN HANDLE hKey,
IN ULONG Index,
IN KEY_INFORMATION_CLASS KeyInfoClass,
OUT PVOID KeyInfoBuffer,
IN ULONG KeyInfoBufferLength,
OUT PULONG BytesCopied
);
NTSYSAPI
NTSTATUS
NTAPI
ZwEnumerateKey(
IN HANDLE hKey,
IN ULONG Index,
IN KEY_INFORMATION_CLASS KeyInfoClass,
OUT PVOID KeyInfoBuffer,
IN ULONG KeyInfoBufferLength,
OUT PULONG BytesCopied
);
NTSYSAPI
NTSTATUS
NTAPI
NtEnumerateValueKey(
IN HANDLE hKey,
IN ULONG Index,
IN KEY_VALUE_INFORMATION_CLASS KeyValueInfoClass,
OUT PVOID KeyValueInfoBuffer,
IN ULONG KeyValueInfoBufferLength,
OUT PULONG BytesCopied
);
NTSYSAPI
NTSTATUS
NTAPI
ZwEnumerateValueKey(
IN HANDLE hKey,
IN ULONG Index,
IN KEY_VALUE_INFORMATION_CLASS KeyValueInfoClass,
OUT PVOID KeyValueInfoBuffer,
IN ULONG KeyValueInfoBufferLength,
OUT PULONG BytesCopied
);
NTSYSAPI
NTSTATUS
NTAPI
NtDeleteValueKey(
IN HANDLE hKey,
IN PUNICODE_STRING pValueName
);
NTSYSAPI
NTSTATUS
NTAPI
ZwDeleteValueKey(
IN HANDLE hKey,
IN PUNICODE_STRING pValueName
);
NTSYSAPI
NTSTATUS
NTAPI
NtDeleteKey(
IN HANDLE hKey
);
NTSYSAPI
NTSTATUS
NTAPI
ZwDeleteKey(
IN HANDLE hKey
);
NTSYSAPI
NTSTATUS
NTAPI
NtFlushKey(
IN HANDLE hKey
);
NTSYSAPI
NTSTATUS
NTAPI
ZwFlushKey(
IN HANDLE hKey
);
NTSYSAPI
NTSTATUS
NTAPI
NtInitializeRegistry(
IN ULONG UnknownParam
);
NTSTATUS
NTAPI
ZwInitializeRegistry(
IN ULONG UnknownParam
);
NTSYSAPI
NTSTATUS
NTAPI
NtQueryKey(
IN HANDLE hKey,
IN KEY_INFORMATION_CLASS KeyInfoClass,
OUT PVOID KeyInfoBuffer,
IN ULONG KeyInfoBufferLength,
OUT PULONG BytesCopied
);
NTSYSAPI
NTSTATUS
NTAPI
ZwQueryKey(
IN HANDLE hKey,
IN KEY_INFORMATION_CLASS KeyInfoClass,
OUT PVOID KeyInfoBuffer,
IN ULONG KeyInfoBufferLength,
OUT PULONG BytesCopied
);
NTSYSAPI
NTSTATUS
NTAPI
NtQueryValueKey(
IN HANDLE hKey,
IN PUNICODE_STRING uValueName,
IN KEY_VALUE_INFORMATION_CLASS KeyValueInfoClass,
OUT PVOID KeyValueInfoBuffer,
IN ULONG KeyValueInfoBufferLength,
OUT PULONG BytesCopied
);
NTSYSAPI
NTSTATUS
NTAPI
ZwQueryValueKey(
IN HANDLE hKey,
IN PUNICODE_STRING uValueName,
IN KEY_VALUE_INFORMATION_CLASS KeyValueInfoClass,
OUT PVOID KeyValueInfoBuffer,
IN ULONG KeyValueInfoBufferLength,
OUT PULONG BytesCopied
);
NTSYSAPI
NTSTATUS
NTAPI
NtSaveKey(
IN HANDLE hKey,
IN HANDLE hFile
);
NTSYSAPI
NTSTATUS
NTAPI
ZwSaveKey(
IN HANDLE hKey,
IN HANDLE hFile
);
NTSYSAPI
NTSTATUS
NTAPI
NtLoadKey(
IN POBJECT_ATTRIBUTES KeyNameAttributes,
IN POBJECT_ATTRIBUTES HiveFileNameAttributes
);
NTSYSAPI
NTSTATUS
NTAPI
ZwLoadKey(
IN POBJECT_ATTRIBUTES KeyNameAttributes,
IN POBJECT_ATTRIBUTES HiveFileNameAttributes
);
NTSYSAPI
NTSTATUS
NTAPI
NtLoadKey2(
IN POBJECT_ATTRIBUTES KeyNameAttributes,
IN POBJECT_ATTRIBUTES HiveFileNameAttributes,
IN ULONG ulFlags
);
NTSTATUS
NTAPI
ZwLoadKey2(
IN POBJECT_ATTRIBUTES KeyNameAttributes,
IN POBJECT_ATTRIBUTES HiveFileNameAttributes,
IN ULONG ulFlags
);
NTSYSAPI
NTSTATUS
NTAPI
NtUnloadKey(
IN POBJECT_ATTRIBUTES KeyNameAttributes
);
NTSYSAPI
NTSTATUS
NTAPI
ZwUnloadKey(
IN POBJECT_ATTRIBUTES KeyNameAttributes
);
#define REG_NOTIFY_CHANGE_NAME (0x00000001L) // Create or delete (child)
#define REG_NOTIFY_CHANGE_ATTRIBUTES (0x00000002L)
#define REG_NOTIFY_CHANGE_LAST_SET (0x00000004L) // time stamp
#define REG_NOTIFY_CHANGE_SECURITY (0x00000008L)
NTSYSAPI
NTSTATUS
NTAPI
NtNotifyChangeKey(
IN HANDLE hKey,
IN HANDLE hEvent,
IN PIO_APC_ROUTINE ApcRoutine,
IN PVOID ApcRoutineContext,
IN PIO_STATUS_BLOCK pIoStatusBlock,
IN ULONG NotifyFilter,
IN BOOLEAN bWatchSubtree,
OUT PVOID RegChangesDataBuffer,
IN ULONG RegChangesDataBufferLength,
IN BOOLEAN bAynchronous
);
NTSYSAPI
NTSTATUS
NTAPI
ZwNotifyChangeKey(
IN HANDLE hKey,
IN HANDLE hEvent,
IN PIO_APC_ROUTINE ApcRoutine,
IN PVOID ApcRoutineContext,
IN PIO_STATUS_BLOCK pIoStatusBlock,
IN ULONG NotifyFilter,
IN BOOLEAN bWatchSubtree,
OUT PVOID RegChangesDataBuffer,
IN ULONG RegChangesDataBufferLength,
IN BOOLEAN bAynchronous
);
NTSYSAPI
NTSTATUS
NTAPI
NtQueryMultipleValueKey(
IN HANDLE hKey,
IN OUT PKEY_VALUE_ENTRY ValueNameArray,
IN ULONG nElementsValueNameArray,
OUT PVOID ValueDataBuffer,
IN OUT PULONG ValueDataBufferSize,
OUT PULONG SizeRequired
);
NTSTATUS
NTAPI
ZwQueryMultipleValueKey(
IN HANDLE hKey,
IN OUT PKEY_VALUE_ENTRY ValueNameArray,
IN ULONG nElementsValueNameArray,
OUT PVOID ValueDataBuffer,
IN OUT PULONG ValueDataBufferSize,
OUT PULONG SizeRequired
);
NTSYSAPI
NTSTATUS
NTAPI
NtSetInformationKey(
IN HANDLE hKey,
IN KEY_SET_INFORMATION_CLASS KeySetInfoClass,
IN PKEY_WRITE_TIME_INFORMATION pInfoBuffer,
IN ULONG pInfoBufferLength
);
NTSTATUS
NTAPI
ZwSetInformationKey(
IN HANDLE hKey,
IN KEY_SET_INFORMATION_CLASS KeySetInfoClass,
IN PKEY_WRITE_TIME_INFORMATION pInfoBuffer,
IN ULONG pInfoBufferLength
);
NTSYSAPI
NTSTATUS
NTAPI
NtRestoreKey(
IN HANDLE hKey,
IN HANDLE hFile,
IN ULONG Flags
);
NTSYSAPI
NTSTATUS
NTAPI
ZwRestoreKey(
IN HANDLE hKey,
IN HANDLE hFile,
IN ULONG Flags
);
NTSYSAPI
NTSTATUS
NTAPI
NtReplaceKey(
IN POBJECT_ATTRIBUTES NewHiveFile,
IN HANDLE hKey,
IN POBJECT_ATTRIBUTES BackupHiveFile
);
NTSYSAPI
NTSTATUS
NTAPI
ZwReplaceKey(
IN POBJECT_ATTRIBUTES NewHiveFile,
IN HANDLE hKey,
IN POBJECT_ATTRIBUTES BackupHiveFile
);
typedef struct StackInfo_t {
ULONG Unknown1;
ULONG Unknown2;
ULONG TopOfStack;
ULONG OnePageBelowTopOfStack;
ULONG BottomOfStack;
} STACKINFO, *PSTACKINFO;
NTSYSAPI
NTSTATUS
NTAPI
NtCreateThread(
OUT PHANDLE phThread,
IN ACCESS_MASK AccessMask,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN HANDLE hProcess,
OUT PCLIENT_ID pClientId,
IN PCONTEXT pContext,
OUT PSTACKINFO pStackInfo,
IN BOOLEAN bSuspended
);
NTSTATUS
NTAPI
ZwCreateThread(
OUT PHANDLE phThread,
IN ACCESS_MASK AccessMask,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN HANDLE hProcess,
OUT PCLIENT_ID pClientId,
IN PCONTEXT pContext,
OUT PSTACKINFO pStackInfo,
IN BOOLEAN bSuspended
);
NTSYSAPI
NTSTATUS
NTAPI
NtTerminateThread(
IN HANDLE hThread,
IN ULONG ExitCode
);
NTSTATUS
NTAPI
ZwTerminateThread(
IN HANDLE hThread,
IN ULONG ExitCode
);
NTSYSAPI
NTSTATUS
NTAPI
NtGetContextThread(
IN HANDLE hThread,
IN OUT PCONTEXT pContext
);
NTSTATUS
NTAPI
ZwGetContextThread(
IN HANDLE hThread,
IN OUT PCONTEXT pContext
);
NTSYSAPI
NTSTATUS
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -