ntdll.dll函数原型

Posted FFjet

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了ntdll.dll函数原型相关的知识,希望对你有一定的参考价值。

/*NTDLL Base Functions*/
NTSYSAPI NTSTATUS NTAPI NtAcceptConnectPort( OUT PHANDLE PortHandle, IN PVOID PortIdentifier, IN PPORT_MESSAGE Message, IN BOOLEAN Accept, IN OUT PPORT_VIEW ServerView OPTIONAL, OUT PREMOTE_PORT_VIEW ClientView OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtAccessCheck( IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN HANDLE TokenHandle, IN ACCESS_MASK DesiredAccess, IN PGENERIC_MAPPING GenericMapping, OUT PPRIVILEGE_SET PrivilegeSet, IN PULONG PrivilegeSetLength, OUT PACCESS_MASK GrantedAccess, OUT PBOOLEAN AccessStatus ); NTSYSAPI NTSTATUS NTAPI NtAccessCheckAndAuditAlarm( IN PUNICODE_STRING SubsystemName, IN PVOID HandleId, IN PUNICODE_STRING ObjectTypeName, IN PUNICODE_STRING ObjectName, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN ACCESS_MASK DesiredAccess, IN PGENERIC_MAPPING GenericMapping, IN BOOLEAN ObjectCreation, OUT PACCESS_MASK GrantedAccess, OUT PBOOLEAN AccessStatus, OUT PBOOLEAN GenerateOnClose ); NTSYSAPI NTSTATUS NTAPI NtAccessCheckByType( IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID PrincipalSelfSid, IN HANDLE TokenHandle, IN ULONG DesiredAccess, IN POBJECT_TYPE_LIST ObjectTypeList, IN ULONG ObjectTypeListLength, IN PGENERIC_MAPPING GenericMapping, IN PPRIVILEGE_SET PrivilegeSet, IN PULONG PrivilegeSetLength, OUT PACCESS_MASK GrantedAccess, OUT PULONG AccessStatus ); NTSYSAPI NTSTATUS NTAPI NtAccessCheckByTypeAndAuditAlarm( IN PUNICODE_STRING SubsystemName, IN PVOID HandleId, IN PUNICODE_STRING ObjectTypeName, IN PUNICODE_STRING ObjectName, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID PrincipalSelfSid, IN ACCESS_MASK DesiredAccess, IN AUDIT_EVENT_TYPE AuditType, IN ULONG Flags, IN POBJECT_TYPE_LIST ObjectTypeList, IN ULONG ObjectTypeListLength, IN PGENERIC_MAPPING GenericMapping, IN BOOLEAN ObjectCreation, OUT PACCESS_MASK GrantedAccess, OUT PULONG AccessStatus, OUT PBOOLEAN GenerateOnClose ); NTSYSAPI NTSTATUS NTAPI NtAccessCheckByTypeResultList( IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID PrincipalSelfSid, IN HANDLE TokenHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE_LIST ObjectTypeList, IN ULONG ObjectTypeListLength, IN PGENERIC_MAPPING GenericMapping, IN PPRIVILEGE_SET PrivilegeSet, IN PULONG PrivilegeSetLength, OUT PACCESS_MASK GrantedAccessList, OUT PULONG AccessStatusList ); NTSYSAPI NTSTATUS NTAPI NtAccessCheckByTypeResultListAndAuditAlarm( IN PUNICODE_STRING SubsystemName, IN PVOID HandleId, IN PUNICODE_STRING ObjectTypeName, IN PUNICODE_STRING ObjectName, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID PrincipalSelfSid, IN ACCESS_MASK DesiredAccess, IN AUDIT_EVENT_TYPE AuditType, IN ULONG Flags, IN POBJECT_TYPE_LIST ObjectTypeList, IN ULONG ObjectTypeListLength, IN PGENERIC_MAPPING GenericMapping, IN BOOLEAN ObjectCreation, OUT PACCESS_MASK GrantedAccessList, OUT PULONG AccessStatusList, OUT PULONG GenerateOnClose ); NTSYSAPI NTSTATUS NTAPI NtAccessCheckByTypeResultListAndAuditAlarmByHandle( IN PUNICODE_STRING SubsystemName, IN PVOID HandleId, IN HANDLE TokenHandle, IN PUNICODE_STRING ObjectTypeName, IN PUNICODE_STRING ObjectName, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID PrincipalSelfSid, IN ACCESS_MASK DesiredAccess, IN AUDIT_EVENT_TYPE AuditType, IN ULONG Flags, IN POBJECT_TYPE_LIST ObjectTypeList, IN ULONG ObjectTypeListLength, IN PGENERIC_MAPPING GenericMapping, IN BOOLEAN ObjectCreation, OUT PACCESS_MASK GrantedAccessList, OUT PULONG AccessStatusList, OUT PULONG GenerateOnClose ); NTSYSAPI NTSTATUS NTAPI NtAddAtom( IN PWSTR String, IN ULONG StringLength, OUT PUSHORT Atom ); NTSYSAPI NTSTATUS NTAPI NtAddBootEntry( IN PUNICODE_STRING EntryName, IN PUNICODE_STRING EntryValue ); NTSYSAPI NTSTATUS NTAPI NtAddDriverEntry( IN PUNICODE_STRING DriverName, IN PUNICODE_STRING DriverPath ); NTSYSAPI NTSTATUS NTAPI NtAdjustGroupsToken( IN HANDLE TokenHandle, IN BOOLEAN ResetToDefault, IN PTOKEN_GROUPS NewState, IN ULONG BufferLength, OUT PTOKEN_GROUPS PreviousState OPTIONAL, OUT PULONG ReturnLength ); NTSYSAPI NTSTATUS NTAPI NtAdjustPrivilegesToken( IN HANDLE TokenHandle, IN BOOLEAN DisableAllPrivileges, IN PTOKEN_PRIVILEGES NewState, IN ULONG BufferLength, OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL, OUT PULONG ReturnLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtAlertResumeThread( IN HANDLE ThreadHandle, OUT PULONG PreviousSuspendCount OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtAllocateLocallyUniqueId( OUT PLUID Luid ); NTSYSAPI NTSTATUS NTAPI NtAllocateUserPhysicalPages( IN HANDLE ProcessHandle, IN PULONG NumberOfPages, OUT PULONG PageFrameNumbers ); NTSYSAPI NTSTATUS NTAPI NtAllocateUuids( OUT PLARGE_INTEGER UuidLastTimeAllocated, OUT PULONG UuidDeltaTime, OUT PULONG UuidSequenceNumber, OUT PUCHAR UuidSeed ); NTSYSAPI NTSTATUS NTAPI NtAllocateVirtualMemory( IN HANDLE ProcessHandle, IN OUT PVOID *BaseAddress, IN ULONG ZeroBits, IN OUT PULONG AllocationSize, IN ULONG AllocationType, IN ULONG Protect ); NTSYSAPI NTSTATUS NTAPI NtApphelpCacheControl( IN APPHELPCACHECONTROL ApphelpCacheControl, IN PUNICODE_STRING ApphelpCacheObject ); NTSYSAPI NTSTATUS NTAPI NtAreMappedFilesTheSame( IN PVOID Address1, IN PVOID Address2 ); NTSYSAPI NTSTATUS NTAPI NtAssignProcessToJobObject( IN HANDLE JobHandle, IN HANDLE ProcessHandle ); NTSYSAPI NTSTATUS NTAPI NtCallbackReturn( IN PVOID Result OPTIONAL, IN ULONG ResultLength, IN NTSTATUS Status ); NTSYSAPI NTSTATUS NTAPI NtCancelDeviceWakeupRequest( IN HANDLE DeviceHandle ); NTSYSAPI NTSTATUS NTAPI NtCancelIoFile( IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK iostatusBlock ); NTSYSAPI NTSTATUS NTAPI NtCancelTimer( IN HANDLE TimerHandle, OUT PBOOLEAN PreviousState OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtClearEvent( IN HANDLE EventHandle ); NTSYSAPI NTSTATUS NTAPI NtClose( IN HANDLE Handle ); NTSYSAPI NTSTATUS NTAPI NtCloseObjectAuditAlarm( IN PUNICODE_STRING SubsystemName, IN PVOID HandleId, IN BOOLEAN GenerateOnClose ); NTSYSAPI NTSTATUS NTAPI NtCompactKeys( IN ULONG Length, IN HANDLE Key ); NTSYSAPI NTSTATUS NTAPI NtCompareTokens( IN HANDLE FirstTokenHandle, IN HANDLE SecondTokenHandle, OUT PBOOLEAN IdenticalTokens ); NTSYSAPI NTSTATUS NTAPI NtCompleteConnectPort( IN HANDLE PortHandle ); NTSYSAPI NTSTATUS NTAPI NtCompressKey( IN HANDLE Key ); NTSYSAPI NTSTATUS NTAPI NtConnectPort( OUT PHANDLE PortHandle, IN PUNICODE_STRING PortName, IN PSECURITY_QUALITY_OF_SERVICE SecurityQos, IN OUT PPORT_VIEW ClientView OPTIONAL, OUT PREMOTE_PORT_VIEW ServerView OPTIONAL, OUT PULONG MaxMessageLength OPTIONAL, IN OUT PVOID ConnectInformation OPTIONAL, IN OUT PULONG ConnectInformationLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtContinue( IN PCONTEXT Context, IN BOOLEAN TestAlert ); NTSYSAPI NTSTATUS NTAPI NtCreateDebugObject( OUT PHANDLE DebugObject, IN ULONG AccessRequired, IN POBJECT_ATTRIBUTES ObjectAttributes, IN BOOLEAN KillProcessOnExit ); NTSYSAPI NTSTATUS NTAPI NtCreateDirectoryObject( OUT PHANDLE DirectoryHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSAPI NTSTATUS NTAPI NtCreateEvent( OUT PHANDLE EventHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN EVENT_TYPE EventType, IN BOOLEAN InitialState ); NTSYSAPI NTSTATUS NTAPI NtCreateEventPair( OUT PHANDLE EventPairHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSAPI NTSTATUS NTAPI NtCreateFile( OUT PHANDLE FileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PLARGE_INTEGER AllocationSize OPTIONAL, IN ULONG FileAttributes, IN ULONG ShareAccess, IN ULONG CreateDisposition, IN ULONG CreateOptions, IN PVOID EaBuffer OPTIONAL, IN ULONG EaLength ); NTSYSAPI NTSTATUS NTAPI NtCreateIoCompletion( OUT PHANDLE IoCompletionHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN ULONG NumberOfConcurrentThreads ); NTSYSAPI NTSTATUS NTAPI NtCreateJobObject( OUT PHANDLE JobHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSAPI NTSTATUS NTAPI NtCreateJobSet( IN ULONG Jobs, IN PJOB_SET_ARRAY JobSet, IN ULONG Reserved ); NTSYSAPI NTSTATUS NTAPI NtCreateKey( OUT PHANDLE KeyHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN ULONG TitleIndex, IN PUNICODE_STRING Class OPTIONAL, IN ULONG CreateOptions, OUT PULONG Disposition OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtCreateKeyedEvent( OUT PHANDLE KeyedEventHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN ULONG Reserved ); NTSYSAPI NTSTATUS NTAPI NtCreateMailslotFile( OUT PHANDLE FileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK IoStatusBlock, IN ULONG CreateOptions, IN ULONG InBufferSize, IN ULONG MaxMessageSize, IN PLARGE_INTEGER ReadTimeout OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtCreateMutant( OUT PHANDLE MutantHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN BOOLEAN InitialOwner ); NTSYSAPI NTSTATUS NTAPI NtCreateNamedPipeFile( OUT PHANDLE FileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK IoStatusBlock, IN ULONG ShareAccess, IN ULONG CreateDisposition, IN ULONG CreateOptions, IN BOOLEAN TypeMessage, IN BOOLEAN ReadmodeMessage, IN BOOLEAN Nonblocking, IN ULONG MaxInstances, IN ULONG InBufferSize, IN ULONG OutBufferSize, IN PLARGE_INTEGER DefaultTimeout OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtCreatePagingFile( IN PUNICODE_STRING FileName, IN PULARGE_INTEGER InitialSize, IN PULARGE_INTEGER MaximumSize, IN ULONG Priority OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtCreatePort( OUT PHANDLE PortHandle, IN POBJECT_ATTRIBUTES ObjectAttributes, IN ULONG MaxConnectionInfoLength, IN ULONG MaxMessageLength, IN ULONG MaxPoolUsage ); NTSYSAPI NTSTATUS NTAPI NtCreateProcess( OUT PHANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN HANDLE InheritFromProcessHandle, IN BOOLEAN InheritHandles, IN HANDLE SectionHandle OPTIONAL, IN HANDLE DebugPort OPTIONAL, IN HANDLE ExceptionPort OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtCreateProcessEx( OUT PHANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN HANDLE InheritFromProcessHandle, IN ULONG CreateFlags, IN HANDLE SectionHandle OPTIONAL, IN HANDLE DebugObject OPTIONAL, IN HANDLE ExceptionPort OPTIONAL, IN ULONG JobMemberLevel ); NTSYSAPI NTSTATUS NTAPI NtCreateProfile( OUT PHANDLE ProfileHandle, IN HANDLE ProcessHandle, IN PVOID Base, IN ULONG Size, IN ULONG BucketShift, IN PULONG Buffer, IN ULONG BufferLength, IN KPROFILE_SOURCE Source, IN ULONG ProcessorMask ); NTSYSAPI NTSTATUS NTAPI NtCreateSection( OUT PHANDLE SectionHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN PLARGE_INTEGER SectionSize OPTIONAL, IN ULONG Protect, IN ULONG Attributes, IN HANDLE FileHandle ); NTSYSAPI NTSTATUS NTAPI NtCreateSemaphore( OUT PHANDLE SemaphoreHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN LONG InitialCount, IN LONG MaximumCount ); NTSYSAPI NTSTATUS NTAPI NtCreateSymbolicLinkObject( OUT PHANDLE SymbolicLinkHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN PUNICODE_STRING TargetName ); NTSYSAPI NTSTATUS NTAPI NtCreateThread( OUT PHANDLE ThreadHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN HANDLE ProcessHandle, OUT PCLIENT_ID ClientId, IN PCONTEXT ThreadContext, IN PUSER_STACK UserStack, IN BOOLEAN CreateSuspended ); NTSYSAPI NTSTATUS NTAPI NtCreateTimer( OUT PHANDLE TimerHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN TIMER_TYPE TimerType ); NTSYSAPI NTSTATUS NTAPI NtCreateToken( OUT PHANDLE TokenHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN TOKEN_TYPE Type, IN PLUID AuthenticationId, IN PLARGE_INTEGER ExpirationTime, IN PTOKEN_USER User, IN PTOKEN_GROUPS Groups, IN PTOKEN_PRIVILEGES Privileges, IN PTOKEN_OWNER Owner, IN PTOKEN_PRIMARY_GROUP PrimaryGroup, IN PTOKEN_DEFAULT_DACL DefaultDacl, IN PTOKEN_SOURCE Source ); NTSYSAPI NTSTATUS NTAPI NtCreateWaitablePort( OUT PHANDLE PortHandle, IN POBJECT_ATTRIBUTES ObjectAttributes, IN ULONG MaxConnectionInfoLength, IN ULONG MaxMessageLength, IN ULONG MaxPoolUsage ); NTSYSAPI NTSTATUS NTAPI NtDebugActiveProcess( IN HANDLE Process, IN HANDLE DebugObject ); NTSYSAPI NTSTATUS NTAPI NtDebugContinue( IN HANDLE DebugObject, IN PCLIENT_ID AppClientId, IN NTSTATUS ContinueStatus ); NTSYSAPI NTSTATUS NTAPI NtDelayExecution( IN BOOLEAN Alertable, IN PLARGE_INTEGER Interval ); NTSYSAPI NTSTATUS NTAPI NtDeleteAtom( IN USHORT Atom ); NTSYSAPI NTSTATUS NTAPI NtDeleteBootEntry( IN PUNICODE_STRING EntryName, IN PUNICODE_STRING EntryValue ); NTSYSAPI NTSTATUS NTAPI NtDeleteDriverEntry( IN PUNICODE_STRING DriverName, IN PUNICODE_STRING DriverPath ); NTSYSAPI NTSTATUS NTAPI NtDeleteFile( IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSAPI NTSTATUS NTAPI NtDeleteKey( IN HANDLE KeyHandle ); NTSYSAPI NTSTATUS NTAPI NtDeleteObjectAuditAlarm( IN PUNICODE_STRING SubsystemName, IN PVOID HandleId, IN BOOLEAN GenerateOnClose ); NTSYSAPI NTSTATUS NTAPI NtDeleteValueKey( IN HANDLE KeyHandle, IN PUNICODE_STRING ValueName ); NTSYSAPI NTSTATUS NTAPI NtDeviceIoControlFile( IN HANDLE FileHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, IN ULONG IoControlCode, IN PVOID InputBuffer OPTIONAL, IN ULONG InputBufferLength, OUT PVOID OutputBuffer OPTIONAL, IN ULONG OutputBufferLength ); NTSYSAPI NTSTATUS NTAPI NtDisplayString( IN PUNICODE_STRING String ); NTSYSAPI NTSTATUS NTAPI NtDuplicateObject( IN HANDLE SourceProcessHandle, IN HANDLE SourceHandle, IN HANDLE TargetProcessHandle, OUT PHANDLE TargetHandle OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG Attributes, IN ULONG Options ); NTSYSAPI NTSTATUS NTAPI NtDuplicateToken( IN HANDLE ExistingTokenHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN BOOLEAN EffectiveOnly, IN TOKEN_TYPE TokenType, OUT PHANDLE NewTokenHandle ); NTSYSAPI NTSTATUS NTAPI NtEnumerateBootEntries( IN ULONG Unknown1, IN ULONG Unknown2 ); NTSYSAPI NTSTATUS NTAPI NtEnumerateKey( IN HANDLE KeyHandle, IN ULONG Index, IN KEY_INFORMATION_CLASS KeyInformationClass, OUT PVOID KeyInformation, IN ULONG KeyInformationLength, OUT PULONG ResultLength ); NTSYSAPI NTSTATUS NTAPI NtEnumerateSystemEnvironmentValuesEx( IN ULONG Unknown1, IN ULONG Unknown2, IN ULONG Unknown3 ); NTSYSAPI NTSTATUS NTAPI NtEnumerateValueKey( IN HANDLE KeyHandle, IN ULONG Index, IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass, OUT PVOID KeyValueInformation, IN ULONG KeyValueInformationLength, OUT PULONG ResultLength ); NTSYSAPI NTSTATUS NTAPI NtExtendSection( IN HANDLE SectionHandle, IN PLARGE_INTEGER SectionSize ); NTSYSAPI NTSTATUS NTAPI NtFilterToken( IN HANDLE ExistingTokenHandle, IN ULONG Flags, IN PTOKEN_GROUPS SidsToDisable, IN PTOKEN_PRIVILEGES PrivilegesToDelete, IN PTOKEN_GROUPS SidsToRestricted, OUT PHANDLE NewTokenHandle ); NTSYSAPI NTSTATUS NTAPI NtFindAtom( IN PWSTR String, IN ULONG StringLength, OUT PUSHORT Atom ); NTSYSAPI NTSTATUS NTAPI NtFlushBuffersFile( IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock ); NTSYSAPI NTSTATUS NTAPI NtFlushInstructionCache( IN HANDLE ProcessHandle, IN PVOID BaseAddress OPTIONAL, IN ULONG FlushSize ); NTSYSAPI NTSTATUS NTAPI NtFlushKey( IN HANDLE KeyHandle ); NTSYSAPI NTSTATUS NTAPI NtFlushVirtualMemory( IN HANDLE ProcessHandle, IN OUT PVOID *BaseAddress, IN OUT PULONG FlushSize, OUT PIO_STATUS_BLOCK IoStatusBlock ); NTSYSAPI NTSTATUS NTAPI NtFlushWriteBuffer( VOID ); NTSYSAPI NTSTATUS NTAPI NtYieldExecution( VOID ); NTSYSAPI NTSTATUS NTAPI NtWriteVirtualMemory( IN HANDLE ProcessHandle, IN PVOID BaseAddress, IN PVOID Buffer, IN ULONG BufferLength, OUT PULONG ReturnLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtWriteRequestData( IN HANDLE PortHandle, IN PPORT_MESSAGE Message, IN ULONG Index, IN PVOID Buffer, IN ULONG BufferLength, OUT PULONG ReturnLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtWriteFileGather( IN HANDLE FileHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PFILE_SEGMENT_ELEMENT Buffer, IN ULONG Length, IN PLARGE_INTEGER ByteOffset OPTIONAL, IN PULONG Key OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtWriteFile( IN HANDLE FileHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PVOID Buffer, IN ULONG Length, IN PLARGE_INTEGER ByteOffset OPTIONAL, IN PULONG Key OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtWaitLowEventPair( IN HANDLE EventPairHandle ); NTSYSAPI NTSTATUS NTAPI NtWaitHighEventPair( IN HANDLE EventPairHandle ); NTSYSAPI NTSTATUS NTAPI NtWaitForSingleObject( IN HANDLE Handle, IN BOOLEAN Alertable, IN PLARGE_INTEGER Timeout OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtWaitForMultipleObjects32( IN ULONG HandleCount, IN PHANDLE Handles, IN WAIT_TYPE WaitType, IN BOOLEAN Alertable, IN PLARGE_INTEGER Timeout OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtWaitForMultipleObjects( IN ULONG HandleCount, IN PHANDLE Handles, IN WAIT_TYPE WaitType, IN BOOLEAN Alertable, IN PLARGE_INTEGER Timeout OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtWaitForKeyedEvent( IN HANDLE KeyedEventHandle, IN PVOID Key, IN BOOLEAN Alertable, IN PLARGE_INTEGER Timeout OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtWaitForDebugEvent( IN HANDLE DebugObject, IN BOOLEAN Alertable, IN PLARGE_INTEGER Timeout OPTIONAL, OUT PDBGUI_WAIT_STATE_CHANGE StateChange ); NTSYSAPI NTSTATUS NTAPI NtVdmControl( IN VDMSERVICECLASS Service, IN OUT PVOID ServiceData ); NTSYSAPI NTSTATUS NTAPI NtUnmapViewOfSection( IN HANDLE ProcessHandle, IN PVOID BaseAddress ); NTSYSAPI NTSTATUS NTAPI NtUnlockVirtualMemory( IN HANDLE ProcessHandle, IN OUT PVOID *BaseAddress, IN OUT PULONG LockSize, IN ULONG LockType ); NTSYSAPI NTSTATUS NTAPI NtUnlockFile( IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PULARGE_INTEGER LockOffset, IN PULARGE_INTEGER LockLength, IN ULONG Key ); NTSYSAPI NTSTATUS NTAPI NtUnloadKeyEx( IN POBJECT_ATTRIBUTES KeyObjectAttributes, IN HANDLE EventHandle OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtUnloadKey2( IN POBJECT_ATTRIBUTES KeyObjectAttributes, IN BOOLEAN ForceUnload ); NTSYSAPI NTSTATUS NTAPI NtUnloadKey( IN POBJECT_ATTRIBUTES KeyObjectAttributes ); NTSYSAPI NTSTATUS NTAPI NtUnloadDriver( IN PUNICODE_STRING DriverServiceName ); NTSYSAPI NTSTATUS NTAPI NtTranslateFilePath( PFILE_PATH InputFilePath, ULONG OutputType, PFILE_PATH OutputFilePath, ULONG OutputFilePathLength ); NTSYSAPI NTSTATUS NTAPI NtTraceEvent( IN ULONG TraceHandle, IN ULONG Flags, IN ULONG TraceHeaderLength, IN PEVENT_TRACE_HEADER TraceHeader ); NTSYSAPI NTSTATUS NTAPI NtTerminateThread( IN HANDLE ThreadHandle OPTIONAL, IN NTSTATUS ExitStatus ); NTSYSAPI NTSTATUS NTAPI NtTerminateProcess( IN HANDLE ProcessHandle OPTIONAL, IN NTSTATUS ExitStatus ); NTSYSAPI NTSTATUS NTAPI NtTerminateJobObject( IN HANDLE JobHandle, IN NTSTATUS ExitStatus ); NTSYSAPI NTSTATUS NTAPI NtSystemDebugControl( IN DEBUG_CONTROL_CODE ControlCode, IN PVOID InputBuffer OPTIONAL, IN ULONG InputBufferLength, OUT PVOID OutputBuffer OPTIONAL, IN ULONG OutputBufferLength, OUT PULONG ReturnLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtSuspendThread( IN HANDLE ThreadHandle, OUT PULONG PreviousSuspendCount OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtSuspendProcess( IN HANDLE Process ); NTSYSAPI NTSTATUS NTAPI NtStopProfile( IN HANDLE ProfileHandle ); NTSYSAPI NTSTATUS NTAPI NtStartProfile( IN HANDLE ProfileHandle ); NTSYSAPI NTSTATUS NTAPI NtSignalAndWaitForSingleObject( IN HANDLE HandleToSignal, IN HANDLE HandleToWait, IN BOOLEAN Alertable, IN PLARGE_INTEGER Timeout OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtShutdownSystem( IN SHUTDOWN_ACTION Action ); NTSYSAPI NTSTATUS NTAPI NtSetVolumeInformationFile( IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PVOID Buffer, IN ULONG BufferLength, IN FS_INFORMATION_CLASS VolumeInformationClass ); NTSYSAPI NTSTATUS NTAPI NtSetValueKey( IN HANDLE KeyHandle, IN PUNICODE_STRING ValueName, IN ULONG TitleIndex, IN ULONG Type, IN PVOID Data, IN ULONG DataSize ); NTSYSAPI NTSTATUS NTAPI NtSetUuidSeed( IN PUCHAR UuidSeed ); NTSYSAPI NTSTATUS NTAPI NtSetTimerResolution( IN ULONG RequestedResolution, IN BOOLEAN Set, OUT PULONG ActualResolution ); NTSYSAPI NTSTATUS NTAPI NtSetTimer( IN HANDLE TimerHandle, IN PLARGE_INTEGER DueTime, IN PTIMER_APC_ROUTINE TimerApcRoutine OPTIONAL, IN PVOID TimerContext, IN BOOLEAN Resume, IN LONG Period, OUT PBOOLEAN PreviousState OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtSetThreadExecutionState( IN EXECUTION_STATE ExecutionState, OUT PEXECUTION_STATE PreviousExecutionState ); NTSYSAPI NTSTATUS NTAPI NtSetSystemTime( IN PLARGE_INTEGER NewTime, OUT PLARGE_INTEGER OldTime OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtSetSystemPowerState( IN POWER_ACTION SystemAction, IN SYSTEM_POWER_STATE MinSystemState, IN ULONG Flags ); NTSYSAPI NTSTATUS NTAPI NtSetSystemInformation( IN SYSTEM_INFORMATION_CLASS SystemInformationClass, IN OUT PVOID SystemInformation, IN ULONG SystemInformationLength ); NTSYSAPI NTSTATUS NTAPI NtSetSystemEnvironmentValue( IN PUNICODE_STRING Name, IN PUNICODE_STRING Value ); NTSYSAPI NTSTATUS NTAPI NtSetSecurityObject( IN HANDLE Handle, IN SECURITY_INFORMATION SecurityInformation, IN PSECURITY_DESCRIPTOR SecurityDescriptor ); NTSYSAPI NTSTATUS NTAPI NtSetQuotaInformationFile( IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PFILE_USER_QUOTA_INFORMATION Buffer, IN ULONG BufferLength ); NTSYSAPI NTSTATUS NTAPI NtSetLowWaitHighEventPair( IN HANDLE EventPairHandle ); NTSYSAPI NTSTATUS NTAPI NtSetLowEventPair( IN HANDLE EventPairHandle ); NTSYSAPI NTSTATUS NTAPI NtSetLdtEntries( IN ULONG Selector1, IN LDT_ENTRY LdtEntry1, IN ULONG Selector2, IN LDT_ENTRY LdtEntry2 ); NTSYSAPI NTSTATUS NTAPI NtSetIoCompletion( IN HANDLE IoCompletionHandle, IN ULONG CompletionKey, IN ULONG CompletionValue, IN NTSTATUS Status, IN ULONG Information ); NTSYSAPI NTSTATUS NTAPI NtSetIntervalProfile( IN ULONG Interval, IN KPROFILE_SOURCE Source ); NTSYSAPI NTSTATUS NTAPI NtSetInformationToken( IN HANDLE TokenHandle, IN TOKEN_INFORMATION_CLASS TokenInformationClass, IN PVOID TokenInformation, IN ULONG TokenInformationLength ); NTSYSAPI NTSTATUS NTAPI NtSetInformationThread( IN HANDLE ThreadHandle, IN THREADINFOCLASS ThreadInformationClass, IN PVOID ThreadInformation, IN ULONG ThreadInformationLength ); NTSYSAPI NTSTATUS NTAPI NtSetInformationProcess( IN HANDLE ProcessHandle, IN PROCESSINFOCLASS ProcessInformationClass, IN PVOID ProcessInformation, IN ULONG ProcessInformationLength ); NTSYSAPI NTSTATUS NTAPI NtSetInformationObject( IN HANDLE ObjectHandle, IN OBJECT_INFORMATION_CLASS ObjectInformationClass, IN PVOID ObjectInformation, IN ULONG ObjectInformationLength ); NTSYSAPI NTSTATUS NTAPI NtSetInformationKey( IN HANDLE KeyHandle, IN KEY_SET_INFORMATION_CLASS KeyInformationClass, IN PVOID KeyInformation, IN ULONG KeyInformationLength ); NTSYSAPI NTSTATUS NTAPI NtSetInformationJobObject( IN HANDLE JobHandle, IN JOBOBJECTINFOCLASS JobInformationClass, IN PVOID JobInformation, IN ULONG JobInformationLength ); NTSYSAPI NTSTATUS NTAPI NtSetInformationFile( IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PVOID FileInformation, IN ULONG FileInformationLength, IN FILE_INFORMATION_CLASS FileInformationClass ); NTSYSAPI NTSTATUS NTAPI NtSetInformationDebugObject( IN HANDLE DebugObject, IN DEBUGOBJECTINFOCLASS DebugObjectInformationClass, IN PVOID DebugInformation, IN ULONG DebugInformationLength, OUT PULONG ReturnLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtSetHighWaitLowEventPair( IN HANDLE EventPairHandle ); NTSYSAPI NTSTATUS NTAPI NtSetHighEventPair( IN HANDLE EventPairHandle ); NTSYSAPI NTSTATUS NTAPI NtSetEventBoostPriority( IN HANDLE EventHandle ); NTSYSAPI NTSTATUS NTAPI NtSetEvent( IN HANDLE EventHandle, OUT PULONG PreviousState OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtSetEaFile( IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PFILE_FULL_EA_INFORMATION Buffer, IN ULONG BufferLength ); NTSYSAPI NTSTATUS NTAPI NtSetDefaultUILanguage( IN LANGID LanguageId ); NTSYSAPI NTSTATUS NTAPI NtSetDefaultLocale( IN BOOLEAN ThreadOrSystem, IN LCID Locale ); NTSYSAPI NTSTATUS NTAPI NtSetDefaultHardErrorPort( IN HANDLE PortHandle ); NTSYSAPI NTSTATUS NTAPI NtSetDebugFilterState( IN ULONG ComponentId, IN ULONG Level, IN BOOLEAN Enable ); NTSYSAPI NTSTATUS NTAPI NtSetContextThread( IN HANDLE ThreadHandle, IN PCONTEXT Context ); NTSYSAPI NTSTATUS NTAPI NtSetContextChannel( IN HANDLE CHannelHandle ); NTSYSAPI NTSTATUS NTAPI NtSetBootOptions( IN PBOOT_OPTIONS BootOptions, IN ULONG FieldsToChange ); NTSYSAPI NTSTATUS NTAPI NtSetBootEntryOrder( IN ULONG Unknown1, IN ULONG Unknown2 ); NTSYSAPI NTSTATUS NTAPI NtSecureConnectPort( OUT PHANDLE PortHandle, IN PUNICODE_STRING PortName, IN PSECURITY_QUALITY_OF_SERVICE SecurityQos, IN OUT PPORT_VIEW ClientView OPTIONAL, IN PSID ServerSid OPTIONAL, OUT PREMOTE_PORT_VIEW ServerView OPTIONAL, OUT PULONG MaxMessageLength OPTIONAL, IN OUT PVOID ConnectInformation OPTIONAL, IN OUT PULONG ConnectInformationLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtSaveMergedKeys( IN HANDLE KeyHandle1, IN HANDLE KeyHandle2, IN HANDLE FileHandle ); NTSYSAPI NTSTATUS NTAPI NtSaveKeyEx( IN HANDLE KeyHandle, IN HANDLE FileHandle, IN ULONG Flags ); NTSYSAPI NTSTATUS NTAPI NtSaveKey( IN HANDLE KeyHandle, IN HANDLE FileHandle ); NTSYSAPI NTSTATUS NTAPI NtResumeThread( IN HANDLE ThreadHandle, OUT PULONG PreviousSuspendCount OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtResumeProcess( IN HANDLE Process ); NTSYSAPI NTSTATUS NTAPI NtRestoreKey( IN HANDLE KeyHandle, IN HANDLE FileHandle, IN ULONG Flags ); NTSYSAPI NTSTATUS NTAPI NtResetWriteWatch( IN HANDLE ProcessHandle, IN PVOID BaseAddress, IN ULONG RegionSize ); NTSYSAPI NTSTATUS NTAPI NtResetEvent( IN HANDLE EventHandle, OUT PULONG PreviousState OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtRequestWakeupLatency( IN LATENCY_TIME Latency ); NTSYSAPI NTSTATUS NTAPI NtRequestWaitReplyPort( IN HANDLE PortHandle, IN PPORT_MESSAGE RequestMessage, OUT PPORT_MESSAGE ReplyMessage ); NTSYSAPI NTSTATUS NTAPI NtRequestPort( IN HANDLE PortHandle, IN PPORT_MESSAGE RequestMessage ); NTSYSAPI NTSTATUS NTAPI NtRequestDeviceWakeup( IN HANDLE DeviceHandle ); NTSYSAPI NTSTATUS NTAPI NtReplyWaitReplyPort( IN HANDLE PortHandle, IN OUT PPORT_MESSAGE ReplyMessage ); NTSYSAPI NTSTATUS NTAPI NtReplyWaitReceivePortEx( IN HANDLE PortHandle, OUT PVOID* PortIdentifier OPTIONAL, IN PPORT_MESSAGE ReplyMessage OPTIONAL, OUT PPORT_MESSAGE Message, IN PLARGE_INTEGER Timeout ); NTSYSAPI NTSTATUS NTAPI NtReplyWaitReceivePort( IN HANDLE PortHandle, OUT PULONG PortIdentifier OPTIONAL, IN PPORT_MESSAGE ReplyMessage OPTIONAL, OUT PPORT_MESSAGE Message ); NTSYSAPI NTSTATUS NTAPI NtReplyPort( IN HANDLE PortHandle, IN PPORT_MESSAGE ReplyMessage ); NTSYSAPI NTSTATUS NTAPI NtReplaceKey( IN POBJECT_ATTRIBUTES NewFileObjectAttributes, IN HANDLE KeyHandle, IN POBJECT_ATTRIBUTES OldFileObjectAttributes ); NTSYSAPI NTSTATUS NTAPI NtRenameKey( IN HANDLE KeyHandle, IN PUNICODE_STRING ReplacementName ); NTSYSAPI NTSTATUS NTAPI NtRemoveProcessDebug( IN HANDLE Process, IN HANDLE DebugObject ); NTSYSAPI NTSTATUS NTAPI NtRemoveIoCompletion( IN HANDLE IoCompletionHandle, OUT PULONG CompletionKey, OUT PULONG CompletionValue, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PLARGE_INTEGER Timeout OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtReleaseSemaphore( IN HANDLE SemaphoreHandle, IN LONG ReleaseCount, OUT PLONG PreviousCount OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtReleaseMutant( IN HANDLE MutantHandle, OUT PULONG PreviousState ); NTSYSAPI NTSTATUS NTAPI NtReleaseKeyedEvent( IN HANDLE KeyedEventHandle, IN PVOID Key, IN BOOLEAN Alertable, IN PLARGE_INTEGER Timeout OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtRegisterThreadTerminatePort( IN HANDLE PortHandle ); NTSYSAPI NTSTATUS NTAPI NtReadVirtualMemory( IN HANDLE ProcessHandle, IN PVOID BaseAddress, OUT PVOID Buffer, IN ULONG BufferLength, OUT PULONG ReturnLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtReadRequestData( IN HANDLE PortHandle, IN PPORT_MESSAGE Message, IN ULONG Index, OUT PVOID Buffer, IN ULONG BufferLength, OUT PULONG ReturnLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtReadFileScatter( IN HANDLE FileHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PFILE_SEGMENT_ELEMENT Buffer, IN ULONG Length, IN PLARGE_INTEGER ByteOffset OPTIONAL, IN PULONG Key OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtReadFile( IN HANDLE FileHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, OUT PVOID Buffer, IN ULONG Length, IN PLARGE_INTEGER ByteOffset OPTIONAL, IN PULONG Key OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtRaiseHardError( IN NTSTATUS Status, IN ULONG NumberOfArguments, IN ULONG StringArgumentsMask, IN PULONG_PTR Arguments, IN HARDERROR_RESPONSE_OPTION ResponseOption, OUT PHARDERROR_RESPONSE Response ); NTSYSAPI NTSTATUS NTAPI NtRaiseException( IN PEXCEPTION_RECORD ExceptionRecord, IN PCONTEXT Context, IN BOOLEAN SearchFrames ); NTSYSAPI NTSTATUS NTAPI NtQueueApcThread( IN HANDLE ThreadHandle, IN PKNORMAL_ROUTINE ApcRoutine, IN PVOID ApcContext OPTIONAL, IN PVOID Argument1 OPTIONAL, IN PVOID Argument2 OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtQueryVolumeInformationFile( IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock, OUT PVOID VolumeInformation, IN ULONG VolumeInformationLength, IN FS_INFORMATION_CLASS VolumeInformationClass ); NTSYSAPI NTSTATUS NTAPI NtQueryVirtualMemory( IN HANDLE ProcessHandle, IN PVOID BaseAddress, IN MEMORY_INFORMATION_CLASS MemoryInformationClass, OUT PVOID MemoryInformation, IN ULONG MemoryInformationLength, OUT PULONG ReturnLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtQueryValueKey( IN HANDLE KeyHandle, IN PUNICODE_STRING ValueName, IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass, OUT PVOID KeyValueInformation, IN ULONG KeyValueInformationLength, OUT PULONG ResultLength ); NTSYSAPI NTSTATUS NTAPI NtQueryTimerResolution( OUT PULONG CoarsestResolution, OUT PULONG FinestResolution, OUT PULONG ActualResolution ); NTSYSAPI NTSTATUS NTAPI NtQueryTimer( IN HANDLE TimerHandle, IN TIMER_INFORMATION_CLASS TimerInformationClass, OUT PVOID TimerInformation, IN ULONG TimerInformationLength, OUT PULONG ResultLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtQuerySystemTime( OUT PLARGE_INTEGER CurrentTime ); NTSYSAPI NTSTATUS NTAPI NtQuerySystemInformation( IN SYSTEM_INFORMATION_CLASS SystemInformationClass, IN OUT PVOID SystemInformation, IN ULONG SystemInformationLength, OUT PULONG ReturnLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtQuerySystemEnvironmentValueEx( IN ULONG Unknown1, IN ULONG Unknown2, IN ULONG Unknown3, IN ULONG Unknown4, IN ULONG Unknown5 ); NTSYSAPI NTSTATUS NTAPI NtQuerySystemEnvironmentValue( IN PUNICODE_STRING Name, OUT PVOID Value, IN ULONG ValueLength, OUT PULONG ReturnLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtQuerySymbolicLinkObject( IN HANDLE SymbolicLinkHandle, IN OUT PUNICODE_STRING TargetName, OUT PULONG ReturnLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtQuerySemaphore( IN HANDLE SemaphoreHandle, IN SEMAPHORE_INFORMATION_CLASS SemaphoreInformationClass, OUT PVOID SemaphoreInformation, IN ULONG SemaphoreInformationLength, OUT PULONG ResultLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtQuerySecurityObject( IN HANDLE Handle, IN SECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN ULONG SecurityDescriptorLength, OUT PULONG ReturnLength ); NTSYSAPI NTSTATUS NTAPI NtQuerySection( IN HANDLE SectionHandle, IN SECTION_INFORMATION_CLASS SectionInformationClass, OUT PVOID SectionInformation, IN ULONG SectionInformationLength, OUT PULONG ResultLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtQueryQuotaInformationFile( IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock, OUT PFILE_USER_QUOTA_INFORMATION Buffer, IN ULONG BufferLength, IN BOOLEAN ReturnSingleEntry, IN PFILE_QUOTA_LIST_INFORMATION QuotaList OPTIONAL, IN ULONG QuotaListLength, IN PSID ResumeSid OPTIONAL, IN BOOLEAN RestartScan ); NTSYSAPI BOOLEAN NTAPI NtQueryPortInformationProcess( VOID ); NTSYSAPI NTSTATUS NTAPI NtQueryPerformanceCounter( OUT PLARGE_INTEGER PerformanceCount, OUT PLARGE_INTEGER PerformanceFrequency OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtQueryOpenSubKeys( IN POBJECT_ATTRIBUTES KeyObjectAttributes, OUT PULONG NumberOfKeys ); NTSYSAPI NTSTATUS NTAPI NtQueryObject( IN HANDLE ObjectHandle, IN OBJECT_INFORMATION_CLASS ObjectInformationClass, OUT PVOID ObjectInformation, IN ULONG ObjectInformationLength, OUT PULONG ReturnLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtQueryMutant( IN HANDLE MutantHandle, IN MUTANT_INFORMATION_CLASS MutantInformationClass, OUT PVOID MutantInformation, IN ULONG MutantInformationLength, OUT PULONG ResultLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtQueryMultipleValueKey( IN HANDLE KeyHandle, IN OUT PKEY_VALUE_ENTRY ValueList, IN ULONG NumberOfValues, OUT PVOID Buffer, IN OUT PULONG Length, OUT PULONG ReturnLength ); NTSYSAPI NTSTATUS NTAPI NtQueryKey( IN HANDLE KeyHandle, IN KEY_INFORMATION_CLASS KeyInformationClass, OUT PVOID KeyInformation, IN ULONG KeyInformationLength, OUT PULONG ResultLength ); NTSYSAPI NTSTATUS NTAPI NtQueryIoCompletion( IN HANDLE IoCompletionHandle, IN IO_COMPLETION_INFORMATION_CLASS IoCompletionInformationClass, OUT PVOID IoCompletionInformation, IN ULONG IoCompletionInformationLength, OUT PULONG ResultLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtQueryIntervalProfile( IN KPROFILE_SOURCE Source, OUT PULONG Interval ); NTSYSAPI NTSTATUS NTAPI NtQueryInstallUILanguage( OUT PLANGID LanguageId ); NTSYSAPI NTSTATUS NTAPI NtQueryInformationToken( IN HANDLE TokenHandle, IN TOKEN_INFORMATION_CLASS TokenInformationClass, OUT PVOID TokenInformation, IN ULONG TokenInformationLength, OUT PULONG ReturnLength ); NTSYSAPI NTSTATUS NTAPI NtQueryInformationThread( IN HANDLE ThreadHandle, IN THREADINFOCLASS ThreadInformationClass, OUT PVOID ThreadInformation, IN ULONG ThreadInformationLength, OUT PULONG ReturnLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtQueryInformationProcess( IN HANDLE ProcessHandle, IN PROCESSINFOCLASS ProcessInformationClass, OUT PVOID ProcessInformation, IN ULONG ProcessInformationLength, OUT PULONG ReturnLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtQueryInformationPort( IN HANDLE PortHandle, IN PORT_INFORMATION_CLASS PortInformationClass, OUT PVOID PortInformation, IN ULONG PortInformationLength, OUT PULONG ReturnLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtQueryInformationJobObject( IN HANDLE JobHandle, IN JOBOBJECTINFOCLASS JobInformationClass, OUT PVOID JobInformation, IN ULONG JobInformationLength, OUT PULONG ReturnLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtQueryInformationFile( IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock, OUT PVOID FileInformation, IN ULONG FileInformationLength, IN FILE_INFORMATION_CLASS FileInformationClass ); NTSYSAPI NTSTATUS NTAPI NtQueryInformationAtom( IN USHORT Atom, IN ATOM_INFORMATION_CLASS AtomInformationClass, OUT PVOID AtomInformation, IN ULONG AtomInformationLength, OUT PULONG ReturnLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtQueryFullAttributesFile( IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PFILE_NETWORK_OPEN_INFORMATION FileInformation ); NTSYSAPI NTSTATUS NTAPI NtQueryEvent( IN HANDLE EventHandle, IN EVENT_INFORMATION_CLASS EventInformationClass, OUT PVOID EventInformation, IN ULONG EventInformationLength, OUT PULONG ResultLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtQueryEaFile( IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock, OUT PFILE_FULL_EA_INFORMATION Buffer, IN ULONG BufferLength, IN BOOLEAN ReturnSingleEntry, IN PFILE_GET_EA_INFORMATION EaList OPTIONAL, IN ULONG EaListLength, IN PULONG EaIndex OPTIONAL, IN BOOLEAN RestartScan ); NTSYSAPI NTSTATUS NTAPI NtQueryDirectoryObject( IN HANDLE DirectoryHandle, OUT PVOID Buffer, IN ULONG BufferLength, IN BOOLEAN ReturnSingleEntry, IN BOOLEAN RestartScan, IN OUT PULONG Context, OUT PULONG ReturnLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtQueryDirectoryFile( IN HANDLE FileHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, OUT PVOID FileInformation, IN ULONG FileInformationLength, IN FILE_INFORMATION_CLASS FileInformationClass, IN BOOLEAN ReturnSingleEntry, IN PUNICODE_STRING FileName OPTIONAL, IN BOOLEAN RestartScan ); NTSYSAPI NTSTATUS NTAPI NtQueryDefaultUILanguage( OUT PLANGID LanguageId ); NTSYSAPI NTSTATUS NTAPI NtQueryDefaultLocale( IN BOOLEAN ThreadOrSystem, OUT PLCID Locale ); NTSYSAPI NTSTATUS NTAPI NtQueryDebugFilterState( IN ULONG ComponentId, IN ULONG Level ); NTSYSAPI NTSTATUS NTAPI NtQueryBootOptions( IN ULONG Unknown1, IN ULONG Unknown2 ); NTSYSAPI NTSTATUS NTAPI NtQueryBootEntryOrder( IN ULONG Unknown1, IN ULONG Unknown2 ); NTSYSAPI NTSTATUS NTAPI NtQueryAttributesFile( IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PFILE_BASIC_INFORMATION FileInformation ); NTSYSAPI NTSTATUS NTAPI NtPulseEvent( IN HANDLE EventHandle, OUT PULONG PreviousState OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtProtectVirtualMemory( IN HANDLE ProcessHandle, IN OUT PVOID *BaseAddress, IN OUT PULONG ProtectSize, IN ULONG NewProtect, OUT PULONG OldProtect ); NTSYSAPI NTSTATUS NTAPI NtPrivilegedServiceAuditAlarm( IN PUNICODE_STRING SubsystemName, IN PUNICODE_STRING ServiceName, IN HANDLE TokenHandle, IN PPRIVILEGE_SET Privileges, IN BOOLEAN AccessGranted ); NTSYSAPI NTSTATUS NTAPI NtPrivilegeObjectAuditAlarm( IN PUNICODE_STRING SubsystemName, IN PVOID HandleId, IN HANDLE TokenHandle, IN ACCESS_MASK DesiredAccess, IN PPRIVILEGE_SET Privileges, IN BOOLEAN AccessGranted ); NTSYSAPI NTSTATUS NTAPI NtPrivilegeCheck( IN HANDLE TokenHandle, IN PPRIVILEGE_SET RequiredPrivileges, OUT PBOOLEAN Result ); NTSYSAPI NTSTATUS NTAPI NtPowerInformation( IN POWER_INFORMATION_LEVEL PowerInformationLevel, IN PVOID InputBuffer OPTIONAL, IN ULONG InputBufferLength, OUT PVOID OutputBuffer OPTIONAL, IN ULONG OutputBufferLength ); NTSYSAPI NTSTATUS NTAPI NtPlugPlayControl( IN ULONG ControlCode, IN OUT PVOID Buffer, IN ULONG BufferLength ); NTSYSAPI NTSTATUS NTAPI NtPlugPlayControl( IN ULONG ControlCode, IN OUT PVOID Buffer, IN ULONG BufferLength, IN PVOID Unknown OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtOpenTimer( OUT PHANDLE TimerHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSAPI NTSTATUS NTAPI NtOpenThreadTokenEx( IN HANDLE ThreadHandle, IN ACCESS_MASK DesiredAccess, IN BOOLEAN OpenAsSelf, IN ULONG HandleAttributes, OUT PHANDLE TokenHandle ); NTSYSAPI NTSTATUS NTAPI NtOpenThreadToken( IN HANDLE ThreadHandle, IN ACCESS_MASK DesiredAccess, IN BOOLEAN OpenAsSelf, OUT PHANDLE TokenHandle ); NTSYSAPI NTSTATUS NTAPI NtOpenThread( OUT PHANDLE ThreadHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN PCLIENT_ID ClientId ); NTSYSAPI NTSTATUS NTAPI NtOpenSymbolicLinkObject( OUT PHANDLE SymbolicLinkHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSAPI NTSTATUS NTAPI NtOpenSemaphore( OUT PHANDLE SemaphoreHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSAPI NTSTATUS NTAPI NtOpenSection( OUT PHANDLE SectionHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSAPI NTSTATUS NTAPI NtOpenProcessTokenEx( IN HANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, IN ULONG HandleAttributes, OUT PHANDLE TokenHandle ); NTSYSAPI NTSTATUS NTAPI NtOpenProcessToken( IN HANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, OUT PHANDLE TokenHandle ); NTSYSAPI NTSTATUS NTAPI NtOpenProcess( OUT PHANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN PCLIENT_ID ClientId OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtOpenObjectAuditAlarm( IN PUNICODE_STRING SubsystemName, IN PVOID *HandleId, IN PUNICODE_STRING ObjectTypeName, IN PUNICODE_STRING ObjectName, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN HANDLE TokenHandle, IN ACCESS_MASK DesiredAccess, IN ACCESS_MASK GrantedAccess, IN PPRIVILEGE_SET Privileges OPTIONAL, IN BOOLEAN ObjectCreation, IN BOOLEAN AccessGranted, OUT PBOOLEAN GenerateOnClose ); NTSYSAPI NTSTATUS NTAPI NtOpenMutant( OUT PHANDLE MutantHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSAPI NTSTATUS NTAPI NtOpenKeyedEvent( OUT PHANDLE KeyedEventHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSAPI NTSTATUS NTAPI NtOpenKey( OUT PHANDLE KeyHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSAPI NTSTATUS NTAPI NtOpenJobObject( OUT PHANDLE JobHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSAPI NTSTATUS NTAPI NtOpenIoCompletion( OUT PHANDLE IoCompletionHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSAPI NTSTATUS NTAPI NtOpenFile( OUT PHANDLE FileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK IoStatusBlock, IN ULONG ShareAccess, IN ULONG OpenOptions ); NTSYSAPI NTSTATUS NTAPI NtOpenEventPair( OUT PHANDLE EventPairHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSAPI NTSTATUS NTAPI NtOpenEvent( OUT PHANDLE EventHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSAPI NTSTATUS NTAPI NtOpenDirectoryObject( OUT PHANDLE DirectoryHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSAPI NTSTATUS NTAPI NtNotifyChangeMultipleKeys( IN HANDLE KeyHandle, IN ULONG Flags, IN POBJECT_ATTRIBUTES KeyObjectAttributes, IN HANDLE EventHandle OPTIONAL, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, IN ULONG NotifyFilter, IN BOOLEAN WatchSubtree, IN PVOID Buffer, IN ULONG BufferLength, IN BOOLEAN Asynchronous ); NTSYSAPI NTSTATUS NTAPI NtNotifyChangeKey( IN HANDLE KeyHandle, IN HANDLE EventHandle OPTIONAL, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, IN ULONG NotifyFilter, IN BOOLEAN WatchSubtree, IN PVOID Buffer, IN ULONG BufferLength, IN BOOLEAN Asynchronous ); NTSYSAPI NTSTATUS NTAPI NtNotifyChangeDirectoryFile( IN HANDLE FileHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, OUT PFILE_NOTIFY_INFORMATION Buffer, IN ULONG BufferLength, IN ULONG NotifyFilter, IN BOOLEAN WatchSubtree ); NTSYSAPI NTSTATUS NTAPI NtModifyDriverEntry( IN PUNICODE_STRING DriverName, IN PUNICODE_STRING DriverPath ); NTSYSAPI NTSTATUS NTAPI NtModifyBootEntry( IN PUNICODE_STRING EntryName, IN PUNICODE_STRING EntryValue ); NTSYSAPI NTSTATUS NTAPI NtMapViewOfSection( IN HANDLE SectionHandle, IN HANDLE ProcessHandle, IN OUT PVOID *BaseAddress, IN ULONG ZeroBits, IN ULONG CommitSize, IN OUT PLARGE_INTEGER SectionOffset OPTIONAL, IN OUT PULONG ViewSize, IN SECTION_INHERIT InheritDisposition, IN ULONG AllocationType, IN ULONG Protect ); NTSYSAPI NTSTATUS NTAPI NtMapUserPhysicalPagesScatter( IN PVOID *BaseAddresses, IN PULONG NumberOfPages, IN PULONG PageFrameNumbers ); NTSYSAPI NTSTATUS NTAPI NtMapUserPhysicalPages( IN PVOID BaseAddress, IN PULONG NumberOfPages, IN PULONG PageFrameNumbers ); NTSYSAPI NTSTATUS NTAPI NtMakeTemporaryObject( IN HANDLE Handle ); NTSYSAPI NTSTATUS NTAPI NtMakePermanentObject( IN HANDLE Object ); NTSYSAPI NTSTATUS NTAPI NtLockVirtualMemory( IN HANDLE ProcessHandle, IN OUT PVOID *BaseAddress, IN OUT PULONG LockSize, IN ULONG LockType ); NTSYSAPI NTSTATUS NTAPI NtLockRegistryKey( IN HANDLE Key ); NTSYSAPI NTSTATUS NTAPI NtLockProductActivationKeys( IN OUT PULONG ProductBuild OPTIONAL, OUT PSAFEBOOT_MODE InitSafeBootMode OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtLockFile( IN HANDLE FileHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PULARGE_INTEGER LockOffset, IN PULARGE_INTEGER LockLength, IN ULONG Key, IN BOOLEAN FailImmediately, IN BOOLEAN ExclusiveLock ); NTSYSAPI NTSTATUS NTAPI NtLoadKey2( IN POBJECT_ATTRIBUTES KeyObjectAttributes, IN POBJECT_ATTRIBUTES FileObjectAttributes, IN ULONG Flags ); NTSYSAPI NTSTATUS NTAPI NtLoadKey( IN POBJECT_ATTRIBUTES KeyObjectAttributes, IN POBJECT_ATTRIBUTES FileObjectAttributes ); NTSYSAPI NTSTATUS NTAPI NtLoadDriver( IN PUNICODE_STRING DriverServiceName ); NTSYSAPI NTSTATUS NTAPI NtListenPort( IN HANDLE PortHandle, OUT PPORT_MESSAGE Message ); NTSYSAPI NTSTATUS NTAPI NtFreeUserPhysicalPages( IN HANDLE ProcessHandle, IN OUT PULONG NumberOfPages, IN PULONG PageFrameNumbers ); NTSYSAPI NTSTATUS NTAPI NtFreeVirtualMemory( IN HANDLE ProcessHandle, IN OUT PVOID *BaseAddress, IN OUT PULONG FreeSize, IN ULONG FreeType ); NTSYSAPI NTSTATUS NTAPI NtFsControlFile( IN HANDLE FileHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, IN ULONG FsControlCode, IN PVOID InputBuffer OPTIONAL, IN ULONG InputBufferLength, OUT PVOID OutputBuffer OPTIONAL, IN ULONG OutputBufferLength ); NTSYSAPI NTSTATUS NTAPI NtGetContextThread( IN HANDLE ThreadHandle, OUT PCONTEXT Context ); NTSYSAPI NTSTATUS NTAPI NtGetDevicePowerState( IN HANDLE DeviceHandle, OUT PDEVICE_POWER_STATE DevicePowerState ); NTSYSAPI NTSTATUS NTAPI NtGetPlugPlayEvent( IN ULONG Reserved1, IN ULONG Reserved2, OUT PVOID Buffer, IN ULONG BufferLength ); NTSYSAPI NTSTATUS NTAPI NtGetWriteWatch( IN HANDLE ProcessHandle, IN ULONG Flags, IN PVOID BaseAddress, IN ULONG RegionSize, OUT PULONG Buffer, IN OUT PULONG BufferEntries, OUT PULONG Granularity ); NTSYSAPI NTSTATUS NTAPI NtImpersonateAnonymousToken( IN HANDLE ThreadHandle ); NTSYSAPI NTSTATUS NTAPI NtImpersonateClientOfPort( IN HANDLE PortHandle, IN PPORT_MESSAGE Message ); NTSYSAPI NTSTATUS NTAPI NtImpersonateThread( IN HANDLE ThreadHandle, IN HANDLE TargetThreadHandle, IN PSECURITY_QUALITY_OF_SERVICE SecurityQos ); NTSYSAPI NTSTATUS NTAPI NtInitializeRegistry( IN BOOLEAN Setup ); NTSYSAPI NTSTATUS NTAPI NtInitiatePowerAction( IN POWER_ACTION SystemAction, IN SYSTEM_POWER_STATE MinSystemState, IN ULONG Flags, IN BOOLEAN Asynchronous ); NTSYSAPI NTSTATUS NTAPI NtIsProcessInJob( IN HANDLE ProcessHandle, IN HANDLE JobHandle OPTIONAL ); NTSYSAPI BOOLEAN NTAPI NtIsSystemResumeAutomatic( VOID );

 

以上是关于ntdll.dll函数原型的主要内容,如果未能解决你的问题,请参考以下文章

将用户模式 ​​dll 中的高级函数映射到 NTDLL.dll

Win32环境下从ntdll.dll调用Nt函数,C++

读取 ntdll.dll + offset 会导致访问冲突

08系统调用

.NET Windows 服务在 ntdll.dll 中崩溃

Qt Creator 在尝试运行 OpenCV 程序时崩溃。 [ntdll.dll 崩溃]