📄 undocnt.h
字号:
);
NTSYSAPI
NTSTATUS
NTAPI
NtPrivilegeObjectAuditAlarm(
IN PUNICODE_STRING SubsystemName,
IN PVOID HandleId,
IN HANDLE hToken,
IN ACCESS_MASK DesiredAccess,
IN PPRIVILEGE_SET pPrivilegeSet,
IN BOOLEAN AccessGranted
);
NTSYSAPI
NTSTATUS
NTAPI
ZwPrivilegeObjectAuditAlarm(
IN PUNICODE_STRING SubsystemName,
IN PVOID HandleId,
IN HANDLE hToken,
IN ACCESS_MASK DesiredAccess,
IN PPRIVILEGE_SET pPrivilegeSet,
IN BOOLEAN AccessGranted
);
NTSYSAPI
NTSTATUS
NTAPI
NtPrivilegedServiceAuditAlarm(
IN PUNICODE_STRING SubsystemName,
IN PUNICODE_STRING ServiceName,
IN HANDLE hToken,
IN PPRIVILEGE_SET pPrivilegeSet,
IN BOOLEAN AccessGranted
);
NTSYSAPI
NTSTATUS
NTAPI
ZwPrivilegedServiceAuditAlarm(
IN PUNICODE_STRING SubsystemName,
IN PUNICODE_STRING ServiceName,
IN HANDLE hToken,
IN PPRIVILEGE_SET pPrivilegeSet,
IN BOOLEAN AccessGranted
);
typedef enum _TOKEN_INFORMATION_CLASS {
TokenUser = 1,
TokenGroups,
TokenPrivileges,
TokenOwner,
TokenPrimaryGroup,
TokenDefaultDacl,
TokenSource,
TokenType,
TokenImpersonationLevel,
TokenStatistics
} TOKEN_INFORMATION_CLASS, *PTOKEN_INFORMATION_CLASS;
NTSYSAPI
NTSTATUS
NTAPI
NtQueryInformationToken(
IN HANDLE hToken,
IN TOKEN_INFORMATION_CLASS TokenInfoClass,
OUT PVOID TokenInfoBuffer,
IN ULONG TokenInfoBufferLength,
OUT PULONG BytesReturned
);
NTSYSAPI
NTSTATUS
NTAPI
ZwQueryInformationToken(
IN HANDLE hToken,
IN TOKEN_INFORMATION_CLASS TokenInfoClass,
OUT PVOID TokenInfoBuffer,
IN ULONG TokenInfoBufferLength,
OUT PULONG BytesReturned
);
NTSYSAPI
NTSTATUS
NTAPI
NtSetInformationToken(
IN HANDLE hToken,
IN TOKEN_INFORMATION_CLASS TokenInfoClass,
IN PVOID TokenInfoBuffer,
IN ULONG TokenInfoBufferLength
);
NTSYSAPI
NTSTATUS
NTAPI
ZwSetInformationToken(
IN HANDLE hToken,
IN TOKEN_INFORMATION_CLASS TokenInfoClass,
IN PVOID TokenInfoBuffer,
IN ULONG TokenInfoBufferLength
);
NTSYSAPI
NTSTATUS
NTAPI
NtQuerySecurityObject(
IN HANDLE hObject,
IN SECURITY_INFORMATION SecurityInfoRequested,
IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
IN ULONG pSecurityDescriptorLength,
OUT PULONG BytesRequired
);
NTSYSAPI
NTSTATUS
NTAPI
ZwQuerySecurityObject(
IN HANDLE hObject,
IN SECURITY_INFORMATION SecurityInfoRequested,
IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
IN ULONG pSecurityDescriptorLength,
OUT PULONG BytesRequired
);
NTSYSAPI
NTSTATUS
NTAPI
NtSetSecurityObject(
IN HANDLE hObject,
IN SECURITY_INFORMATION SecurityInfoRequested,
IN PSECURITY_DESCRIPTOR pSecurityDescriptor
);
NTSYSAPI
NTSTATUS
NTAPI
ZwSetSecurityObject(
IN HANDLE hObject,
IN SECURITY_INFORMATION SecurityInfoRequested,
IN PSECURITY_DESCRIPTOR pSecurityDescriptor
);
#define SEC_FILE 0x800000
#define SEC_IMAGE 0x1000000
#define SEC_RESERVE 0x4000000
#define SEC_COMMIT 0x8000000
#define SEC_NOCACHE 0x10000000
NTSYSAPI
NTSTATUS
NTAPI
NtCreateSection (
OUT PHANDLE phSection,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN PLARGE_INTEGER MaximumSize OPTIONAL,
IN ULONG SectionPageProtection,
IN ULONG AllocationAttributes,
IN HANDLE hFile OPTIONAL
);
NTSYSAPI
NTSTATUS
NTAPI
ZwCreateSection (
OUT PHANDLE phSection,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN PLARGE_INTEGER MaximumSize OPTIONAL,
IN ULONG SectionPageProtection,
IN ULONG AllocationAttributes,
IN HANDLE hFile OPTIONAL
);
NTSYSAPI
NTSTATUS
NTAPI
NtExtendSection(
IN HANDLE hSection,
IN OUT PLARGE_INTEGER ExtendSize
);
NTSYSAPI
NTSTATUS
NTAPI
ZwExtendSection(
IN HANDLE hSection,
IN OUT PLARGE_INTEGER ExtendSize
);
typedef enum _SECTION_INFORMATION_CLASS {
SectionBasicInfo,
SectionDetailedInfo,
} SECTION_INFORMATION_CLASS, *PSECTION_INFORMATION_CLASS;
typedef struct SectionBasicInfo_t {
ULONG Unknown;
ULONG AllocationAttributes;
LARGE_INTEGER MaximumSize;
} SECTION_BASIC_INFO, *PSECTION_BASIC_INFO;
//SectionDetailedInfo works only on image mapped sections
typedef struct SectionDetailedInfo_t {
char UnknownData[0x30];
} SECTION_DETAILED_INFO, *PSECTION_DETAILED_INFO;
NTSYSAPI
NTSTATUS
NTAPI
NtQuerySection(
IN HANDLE hSection,
IN SECTION_INFORMATION_CLASS SectionInfoClass,
OUT PVOID Buffer,
IN ULONG BufferSize,
OUT PULONG BytesReturned
);
NTSYSAPI
NTSTATUS
NTAPI
NtOpenSection(
OUT PHANDLE phSection,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes
);
NTSYSAPI
NTSTATUS
NTAPI
ZwOpenSection(
OUT PHANDLE phSection,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes
);
NTSYSAPI
NTSTATUS
NTAPI
NtMapViewOfSection(
IN HANDLE hSection,
IN HANDLE hProcess,
IN OUT PVOID *BaseAddress,
IN ULONG ZeroBits,
IN ULONG CommitSize,
IN OUT PLARGE_INTEGER SectionOffset OPTIONAL,
IN OUT PULONG ViewSize,
IN SECTION_INHERIT InheritDisposition,
IN ULONG AllocationType,
IN ULONG Protect
);
NTSYSAPI
NTSTATUS
NTAPI
ZwMapViewOfSection(
IN HANDLE hSection,
IN HANDLE hProcess,
IN OUT PVOID *BaseAddress,
IN ULONG ZeroBits,
IN ULONG CommitSize,
IN OUT PLARGE_INTEGER SectionOffset OPTIONAL,
IN OUT PULONG ViewSize,
IN SECTION_INHERIT InheritDisposition,
IN ULONG AllocationType,
IN ULONG Protect
);
NTSYSAPI
NTSTATUS
NTAPI
NtUnmapViewOfSection(
IN HANDLE hProcess,
IN PVOID BaseAddress
);
NTSYSAPI
NTSTATUS
NTAPI
ZwUnmapViewOfSection(
IN HANDLE hProcess,
IN PVOID BaseAddress
);
NTSYSAPI
NTSTATUS
NTAPI
NtAllocateVirtualMemory(
IN HANDLE hProces,
IN OUT PVOID *PreferredBaseAddress,
IN ULONG nLowerZeroBits,
IN OUT PULONG SizeRequestedAllocated,
IN ULONG AllocationType,
IN ULONG ProtectionAttributes
);
NTSYSAPI
NTSTATUS
NTAPI
ZwAllocateVirtualMemory(
IN HANDLE hProces,
IN OUT PVOID *PreferredBaseAddress,
IN ULONG nLowerZeroBits,
IN OUT PULONG SizeRequestedAllocated,
IN ULONG AllocationType,
IN ULONG ProtectionAttributes
);
NTSYSAPI
NTSTATUS
NTAPI
NtFreeVirtualMemory(
IN HANDLE hProcess,
IN OUT PVOID StartingAddress,
IN OUT PULONG SizeRequestedReleased,
IN ULONG ReleaseType
);
NTSYSAPI
NTSTATUS
NTAPI
ZwFreeVirtualMemory(
IN HANDLE hProcess,
IN OUT PVOID StartingAddress,
IN OUT PULONG SizeRequestedReleased,
IN ULONG ReleaseType
);
NTSYSAPI
NTSTATUS
NTAPI
NtFlushVirtualMemory(
IN HANDLE hProcess,
IN OUT PVOID StartingAddress,
IN OUT PULONG SizeToFlush,
OUT PIO_STATUS_BLOCK pIoStatusBlock
);
NTSYSAPI
NTSTATUS
NTAPI
ZwFlushVirtualMemory(
IN HANDLE hProcess,
IN OUT PVOID StartingAddress,
IN OUT PULONG SizeToFlush,
OUT PIO_STATUS_BLOCK pIoStatusBlock
);
typedef struct _MEMORY_BASIC_INFORMATION {
PVOID BaseAddress;
PVOID AllocationBase;
ULONG AllocationProtect;
ULONG RegionSize;
ULONG State;
ULONG Protect;
ULONG Type;
} MEMORY_BASIC_INFORMATION, *PMEMORY_BASIC_INFORMATION;
typedef struct _BACKEDUP_SECTION_FILENAME_INFO {
UNICODE_STRING BackedupSectionFileName;
WCHAR Filename[1];
} MEMORY_BACKEDUP_SECTION_FILENAME_INFO, *PMEMORY_BACKEDUP_SECTION_FILENAME_INFO;
typedef enum _MEMORY_INFO_CLASS {
MemoryBasicInformation,
WorkingSetInfo,
BackedupSectionFileNameInfo
} MEMORY_INFO_CLASS;
NTSYSAPI
NTSTATUS
NTAPI
NtQueryVirtualMemory(
IN HANDLE hProcess,
IN PVOID BaseAddress,
IN MEMORY_INFO_CLASS MemoryInfoClass,
OUT PVOID MemoryBasicInfo,
IN ULONG MemoryBasicInfoSize,
OUT PULONG BytesReturned
);
NTSYSAPI
NTSTATUS
NTAPI
ZwQueryVirtualMemory(
IN HANDLE hProcess,
IN PVOID BaseAddress,
IN MEMORY_INFO_CLASS MemoryInfoClass,
OUT PVOID MemoryBasicInfo,
IN ULONG MemoryBasicInfoSize,
OUT PULONG BytesReturned
);
NTSYSAPI
NTSTATUS
NTAPI
NtProtectVirtualMemory(
IN HANDLE hProcess,
IN OUT PVOID *BaseAddress,
IN OUT PULONG RegionSize,
IN ULONG Protect,
OUT PULONG OldProtect
);
NTSYSAPI
NTSTATUS
NTAPI
ZwProtectVirtualMemory(
IN HANDLE hProcess,
IN OUT PVOID *BaseAddress,
IN OUT PULONG RegionSize,
IN ULONG Protect,
OUT PULONG OldProtect
);
NTSYSAPI
NTSTATUS
NTAPI
NtLockVirtualMemory(
IN HANDLE hProcess,
IN OUT PVOID *BaseAddress,
IN OUT PULONG RegionSize,
IN ULONG Unknown //(valid values are 1,2,3, VirtualAlloc uses 1
);
NTSYSAPI
NTSTATUS
NTAPI
ZwLockVirtualMemory(
IN HANDLE hProcess,
IN OUT PVOID *BaseAddress,
IN OUT PULONG RegionSize,
IN ULONG Unknown //(valid values are 1,2,3, VirtualLock uses 1
);
NTSYSAPI
NTSTATUS
NTAPI
NtUnlockVirtualMemory(
IN HANDLE hProcess,
IN OUT PVOID *BaseAddress,
IN OUT PULONG RegionSize,
IN ULONG Unknown //(valid values are 1,2,3, VirtualUnlock uses 1
);
NTSYSAPI
NTSTATUS
NTAPI
ZwUnlockVirtualMemory(
IN HANDLE hProcess,
IN OUT PVOID *BaseAddress,
IN OUT PULONG RegionSize,
IN ULONG Unknown //(valid values are 1,2,3, VirtualUnlock uses 1
);
NTSYSAPI
NTSTATUS
NTAPI
NtReadVirtualMemory(
IN HANDLE hProcess,
IN PVOID BaseAddress,
OUT PVOID Buffer,
IN ULONG BytesToRead,
OUT PULONG BytesRead
);
NTSYSAPI
NTSTATUS
NTAPI
ZwReadVirtualMemory(
IN HANDLE hProcess,
IN PVOID BaseAddress,
OUT PVOID Buffer,
IN ULONG BytesToRead,
OUT PULONG BytesRead
);
NTSYSAPI
NTSTATUS
NTAPI
NtWriteVirtualMemory(
IN HANDLE hProcess,
IN PVOID BaseAddress,
IN PVOID Buffer,
IN ULONG BytesToWrite,
OUT PULONG BytesWritten
);
NTSYSAPI
NTSTATUS
NTAPI
ZwWriteVirtualMemory(
IN HANDLE hProcess,
IN PVOID BaseAddress,
IN PVOID Buffer,
IN ULONG BytesToWrite,
OUT PULONG BytesWritten
);
NTSYSAPI
NTSTATUS
NTAPI
NtCancelIoFile(
IN HANDLE hFile,
OUT PIO_STATUS_BLOCK IoStatusBlock
);
NTSYSAPI
NTSTATUS
NTAPI
ZwCancelIoFile(
IN HANDLE hFile,
OUT PIO_STATUS_BLOCK IoStatusBlock
);
NTSYSAPI
NTSTATUS
NTAPI
NtCreateFile(
OUT PHANDLE phFile,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN PLARGE_INTEGER AllocationSize OPTIONAL,
IN ULONG FileAttributes,
IN ULONG ShareAccess,
IN ULONG CreateDisposition,
IN ULONG CreateOptions,
IN PVOID EaBuffer OPTIONAL,
IN ULONG EaLength
);
NTSYSAPI
NTSTATUS
NTAPI
ZwCreateFile(
OUT PHANDLE phFile,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN PLARGE_INTEGER AllocationSize OPTIONAL,
IN ULONG FileAttributes,
IN ULONG ShareAccess,
IN ULONG CreateDisposition,
IN ULONG CreateOptions,
IN PVOID EaBuffer OPTIONAL,
IN ULONG EaLength
);
NTSYSAPI
NTSTATUS
NTAPI
NtCreateIoCompletion(
OUT PHANDLE phIoCompletionPort,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN ULONG nConcurrentThreads
);
NTSYSAPI
NTSTATUS
NTAPI
ZwCreateIoCompletion(
OUT PHANDLE phIoCompletionPort,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN ULONG nConcurrentThreads
);
NTSYSAPI
NTSTATUS
NTAPI
NtOpenIoCompletion(
OUT PHANDLE phIoCompletionPort,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes
);
NTSYSAPI
NTSTATUS
NTAPI
ZwOpenIoCompletion(
OUT PHANDLE phIoCompletionPort,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes
);
typedef struct _OVERLAPPED {
ULONG Internal;
ULONG InternalHigh;
ULONG Offset;
ULONG OffsetHigh;
HANDLE hEvent;
} OVERLAPPED, *LPOVERLAPPED;
NTSYSAPI
NTSTATUS
NTAPI
NtSetIoCompletion(
IN HANDLE hIoCompletionPort,
ULONG CompletionKey,
LPOVERLAPPED pOverlapped,
NTSTATUS NtStatus,
ULONG NumberOfBytesTransferred
);
NTSYSAPI
NTSTATUS
NTAPI
ZwSetIoCompletion(
IN HANDLE hIoCompletionPort,
ULONG CompletionKey,
LPOVERLAPPED pOverlapped,
NTSTATUS NtStatus,
ULONG NumberOfBytesTransferred
);
typedef enum _IOCOMPLETIONPORT_INFO_CLASS {
IoCompletionPortBasicInfo
} IOCOMPLETIONPORT_INFO_CLASS;
typedef struct IoCompletionPortBasicInformation_t {
ULONG NumberOfEvents;
} IOCOMPLETIONPORT_BASIC_INFO, *PIOCOMPLETIONPORT_BASIC_INFO;
NTSYSAPI
NTSTATUS
NTAPI
NtQueryIoCompletion(
IN HANDLE hIoCompletionPort,
IN IOCOMPLETIONPORT_INFO_CLASS InfoClass,
OUT PVOID Buffer,
IN ULONG BufferLen,
OUT PULONG BytesReturned
);
NTSYSAPI
NTSTATUS
NTAPI
ZwQueryIoCompletion(
IN HANDLE hIoCompletionPort,
IN IOCOMPLETIONPORT_INFO_CLASS InfoClass,
OUT PVOID Buffer,
IN ULONG BufferLen,
OUT PULONG BytesReturned
);
NTSYSAPI
NTSTATUS
NTAPI
NtRemoveIoCompletion(
IN HANDLE hIoCompletion,
OUT PULONG lpCompletionKey,
OUT LPOVERLAPPED *pOverlapped,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN PLARGE_INTEGER Timeout
);
NTSYSAPI
NTSTATUS
NTAPI
ZwRemoveIoCompletion(
IN HANDLE hIoCompletion,
OUT PULONG lpCompletionKey,
OUT LPOVERLAPPED *pOverlapped,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN PLARGE_INTEGER Timeout
);
NTSYSAPI
NTSTATUS
NTAPI
NtDeleteFile(
IN POBJECT_ATTRIBUTES ObjectAttributes
);
NTSYSAPI
NTSTATUS
NTAPI
ZwDeleteFile(
IN POBJECT_ATTRIBUTES ObjectAttributes
);
NTSYSAPI
NTSTATUS
NTAPI
NtDeviceIoControlFile(
IN HANDLE hFile,
IN HANDLE hEvent OPTIONAL,
IN PIO_APC_ROUTINE IoApcRoutine OPTIONAL,
IN PVOID IoApcContext OPTIONAL,
OUT PIO_STATUS_BLOCK pIoStatusBlock,
IN ULONG DeviceIoControlCode,
IN PVOID InBuffer OPTIONAL⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -