NtLoadDriver 服务控制管理器加载设备驱动. NtUnloadDriver 服务控制管理器支持卸载指定的驱动程序. NtRegisterNewDevice 加载新驱动文件. NtQueryIntervalProfile 返回数据. NtSetIntervalProfile 指定采样间隔. NtStartProfile 开始取样. NtStopProfile 停止采样. NtSystemDebugControl 实施了一系列的调试器支持的命令. NtRegisterThreadTerminatePort 一个调试登记通知线程终止. NtCreateDebugObject 创建一个调试对象. NtDebugActiveProcess 使调试器附加到一个积极的过程和调试它. NtDebugContinue 允许一个进程,以线程产生了调试事件. NtQueryDebugFilterState 查询调试过滤国家一级的具体组成部分. NtRemoveProcessDebug 停止调试指定的进程. NtSetDebugFilterState 设置调试输出滤波器一级指定的组成部分. NtSetInformationDebugObject 设置属性的调试对象. NtWaitForDebugEvent 等待调试事件的进程正在调试. NtFlushInstructionCache 清空指定进程的指令缓冲区. NtInitiatePowerAction 启动电源事件. NtPowerInformation 获得该系统的电源状态. NtSetThreadExecutionState 设置一个线程的系统电源状态的要求. NtRequestWakeupLatency 设置一个进程唤醒延迟. NtClose 关闭处理任何对象类型. NtDuplicateObject 复制句柄的对象. NtCreateDirectoryObject 创建一个目录中的对象管理器命名空间. NtCreateSymbolicLinkObject 创建一个符号链接的对象管理器命名空间. NtOpenDirectoryObject 打开对象管理器名字空间目录. NtQueryDirectoryObject 用列举的对象位于一个目录对象. NtOpenSymbolicLinkObject 打开一个符号链接对象. NtQuerySymbolicLinkObject 归来的名称,对象,符号链接点. NtQueryObject 查询对象的属性,如它的名字. NtSetInformationObject 树立了一个对象的属性. NtTranslateFilePath 转换的文件路径的格式. NtCreateKey 创建或打开一个注册表项. NtOpenKey 打开一个现有的注册表项. NtDeleteKey 删除注册表项. NtDeleteValueKey 删除价值. NtEnumerateKey 枚举子项中的一个关键. NtEnumerateValueKey 列举了价值的一个关键. NtFlushKey 刷新变化回到注册表在磁盘上. NtInitializeRegistry 获取注册滚动.单参数对这一规定是否安装启动或正常开机. NtNotifyChangeKey 允许一个程序的通知改变某一关键或其子项. NtQueryKey 查询信息的一个关键. NtQueryMultiplValueKey 检索信息多个指定值. NtQueryValueKey 资讯检索指定的值. NtReplaceKey 变化的支持文件的一个关键和其子项,用于备份/恢复. NtSaveKey 保存的内容中的一个关键和子项文件. NtRestoreKey 装载的内容主要从一个指定的文件. NtSetInformationKey 集属性中的一个关键. NtSetValueKey 集相关的数据的价值. NtCreatePort 创建一个港口对象. NtAcceptConnectPort 接受一个端口连接. NtCompleteConnectPort 完成了连接. NtConnectPort 连接一个端口到另一个端口,接受连接. NtImpersonateClientOfPort 线程模拟确定的进程的另一端的一个港口. NtListenPort 侦听端口的连接请求. NtQueryInformationPort 获取信息的一个港口. NtReadRequestData 阅读相关资料港口信息. NtReplyPort 发送一个回复邮件. NtReplyWaitReceivePort 发送一个回复邮件,然后等待传入请求消息. NtReplyWaitReplyPort 发送一个回复邮件,然后等待传入的回复邮件. NtRequestPort 发送请求信息. NtRequestWaitReplyPort 发送请求信息,并等待传入的回复邮件. NtWriteRequestData 填写数据的请求消息. NtSecureConnectPort 创建一个安全的连接端口. NtQueryPortInformationProcess 用于确定某个进程有相关的例外或调试端口. NtAccessCheck 检查当前线程是否已进入一个对象根据其安全描述符. NtAccessCheckAndAuditAlarm 生成相关的审计信息存取检查. NtAdjustGroupsToken 加注或删除群体与象征. NtAdjustPrivilegesToken 启用或禁用特权与象征. NtCloseObjectAuditAlarm 生成审计讯息,指出一个对象被关闭了. NtCreateToken 创建令牌对象. NtDeleteObjectAuditAlarm 产生了审计事件表明,一个对象已删除. NtDuplicateToken 重复象征对象. NtImpersonateThread 允许一个线程假冒身份的其他用户. NtOpenObjectAuditAlarm 产生了审计事件表明,一个物体开幕. NtOpenProcessToken 获得句柄令牌在指定的进程. NtOpenThreadToken 打开的句柄令牌在指定线程. NtPrivilegeCheck 检查,以查看是否有人员令牌已指定特权启用. NtPrivilegeObjectAuditAlarm 生成审核事件记录与特权检查. NtPrivilegedServiceAuditAlarm 生成审计信息表明尝试使用指定的特权. NtQueryInformationToken 获取信息的象征. NtQuerySecurityObject 检索信息的对象的安全设置. NtSetInformationToken 树立了一个象征性的属性. NtSetSecurityObject 设置安全信息的一个对象. NtAccessCheckByType 新的物件具体的安全支持. NtAccessCheckByTypeAndAuditAlarm 新的物件具体的安全支持. NtAccessCheckByTypeResultList 新的物件具体的安全支持. NtFilterToken 新的物件具体的安全支持. NtCompareToken 比较了两个令牌. NtOpenProcessTokenEx 打开一个进程令牌. NtOpenThreadTokenEx 打开一个线程令牌. NtAlertResumeThread 恢复线程. NtAlertThread 发出警报,以一个线程. NtTestAlert 检验是否有线程在等待警报. NtCreateProcess 创建一个新的进程. NtCreateThread 创建一个新线程. NtCurrentTeb 返回一个指针,一个线程环境块. NtDelayExecution 睡眠,暂停一个线程在指定的时间. NtGetContextThread 检索硬件方面的线程. NtSetContextThread 集硬件方面的线程. NtOpenProcess 打开的句柄指定的进程. NtOpenThread 打开的句柄指定的线程. NtQueryInformationProcess 获取一个线程的属性. NtQueueApcThread 程序呼叫到一个线程. NtResumeThread 唤醒暂停线程. NtSetInformationProcess 设置一个进程的属性. NtSetInformationThread 设置一个线程的属性. NtSuspendThread 暂停一个线程的执行. NtTerminateProcess 删除进程. NtTerminateThread 删除线程. NtYieldExecution 原因线程放弃CPU. NtCreateProcessEx 创建一个新的进程. NtResumeProcess 恢复被暂停的进程. NtSuspendProcess 暂停一个进程. NtCancelTimer 取消计时器. NtCreateTimer 创建一个计时器. NtOpenTimer 打开一个计时器对象. NtQueryTimer 查询计时器的属性. NtQueryTimerResolution 查询系统的计时器决议. NtSetTimer 设置一个定时器到期活动. NtSetTimerResolution 设定系统计时器决议. NtQueryPerformanceCounter 查询系统的性能计数器. NtQuerySystemTime 取得当前时间. NtSetSystemTime 设置系统时间. NtGetTickCount 获取系统开机以来时间. NtCreateEvent 创建一个事件对象. NtOpenEvent 打开事件对象. NtClearEvent 清除标志着国家的事件. NtPulseEvent 信号的事件,然后重置它. NtQueryEvent 查询状况的一个事件. NtResetEvent 重置事件向非标志着国家. NtSetEvent 树立了一个活动,标志着国家. NtCreateEventPair 创建一个事件一双. NtOpenEventPair 打开一个事件对. NtSetHighEventPair 集高一半的活动,以表明对国家. NtSetHighWaitLowEventPair 集高一半的活动,以表明对国家和等待低一半,成为示意. NtSetLowEventPair 集低一半的事件对. NtSetLowWaitHighEventPair 集低一半的事件,并等待对高一半将成为标志. NtWaitHighEventPair 等待高一半事件对成为暗示. NtWaitLowEventPair 等待低一半事件对成为暗示. NtCreateMutant 创建一个突变的对象,称为互斥在用户模式. NtOpenMutant 打开一个突变对象,称为互斥用户模式. NtCreateSemaphore 创建一个信号灯对象. NtOpenSemaphore 打开一个信号灯对象. NtQuerySemaphore 查询状态的信号. NtReleaseSemaphore 标志着信号灯. NtSignalAndWaitForSingleObject 等待它标志着一次. NtWaitForMultipleObjects 等待多个对象,成为暗示. NtWaitForSingleObject 等待一个单一的对象,成为暗示. NtCreateKeyedEvent 创建一个输入事件对象. NtOpenKeyedEvent 打开一个名为键控事件对象. NtReleaseKeyedEvent 标志着键控事件对象. NtWaitForKeyedEvent 等待事件成为键控信号. NtAllocateVirtualMemory 分配虚拟内存. NtFreeVirtualMemory 释放虚拟内存. NtQueryVirtualMemory 查询范围的虚拟内存的属性. NtProtectVirtualMemory 集保护的一系列虚拟内存. NtLockVirtualMemory 锁一系列的虚拟内存. NtUnlockVirtualMemory 解锁一系列的虚拟内存. NtReadVirtualMemory 读取范围内的虚拟内存从进程. NtWriteVirtualMemory 写了一系列的虚拟内存从进程. NtFlushVirtualMemory 刷新记忆体映射的记忆体范围的文件在磁盘上. NtCreateSection 创建了一系列的内存支持文件. NtOpenSection 打开一个名为内存映射节对象. NtExtendSection 延长现有的各种虚拟内存支持文件. NtMapViewOfSection 地图一个文件中的虚拟内存. NtUnmapViewOfSection 一部分虚拟内存的支持文件. NtAreMappedFilesTheSame 装载机使用这一有效看看是否一个给定的文件已经被映射到内存中. NtCancelIoFile 取消I/O请求. NtCreateFile 创建或打开一个文件,目录或设备对象. NtCreateIoCompletion 告诉I/O管理器,一个线程希望时得到通知的I/O完成. NtOpenIoCompletion 打开一个名为I/O完成对象. NtSetIoCompletion 树立了一个I/O完成对象的属性. NtQueryIoCompletion 具体信息检索的I/O完成对象. NtRemoveIoCompletion 消除了一个I/O完成回调. NtDeleteFile 删除一个文件对象. NtDeviceIoControlFile 发送IOCTL装置的设备驱动,这是一个打开的文件对象. NtFlushBuffersFile 清除内存中的文件数据到磁盘. NtFsControlFile 发送一个I/O控制IOCTL为代表的公开设备对象.通常用于文件系统有关的特别命令. NtLockFile 锁了一系列文件的同步访问. NtUnlockFile 解锁了一系列文件的同步访问. NtNotifyChangeDirectoryFile 寄存器一个线程希望得到通知时,一个目录的内容发生变化. NtOpenFile 打开一个现有的文件. NtQueryAttributesFile 取得一个文件的属性. NtQueryDirectoryFile 检索目录的内容. NtQueryEaFile 检索文件的扩展属性. NtSetEaFile 集的扩展属性文件. NtQueryFullAttributesFile 获得文件的全部属性. NtQueryInformationFile 检索方面的具体资料的档案. NtSetInformationFile 确定具体的资料档案. NtQueryVolumeInformationFile 检索有关特定磁盘卷. NtSetVolumeInformationFile 集资讯量. NtReadFile 读取数据文件. NtWriteFile 写入数据文件. NtQueryQuotaInformationFile 查询NTFS磁盘配额信息. NtSetQuotaInformationFile 设置NTFS磁盘配额信息. NtQuerySystemInformation 性能计数器注册表中的出口的大量信息可通过这一呼吁. NtSetSystemInformation 各种行政程序使用此功能. NtShutdownSystem 关闭与选择重新启动. NtCreateJobObject 创建一个作业对象. NtOpenJobObject 打开一个作业对象. NtQueryInformationJobObject 撷取资讯作业对象. NtAssignProcessToJobObject 指定一个进程作业对象. NtSetInformationJobObject 树立了一个作业对象的属性. NtTerminateJobObject 终止作业对象,终止其所有相关的进程. NtCreateJobSet 创建了一个集多种就业工作的对象. NTSYSAPI NTSTATUS NTAPI NtAcceptConnectPort( OUT PHANDLE PortHandle, IN PVOID PortIdentifier, IN PPORT_MESSAGE Message, IN BOOLEAN Accept, IN OUT PPORT_VIEW ServerView OPTIONAL, OUT PREMOTE_PORT_VIEW ClientView OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtAccessCheck( IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN HANDLE TokenHandle, IN ACCESS_MASK DesiredAccess, IN PGENERIC_MAPPING GenericMapping, OUT PPRIVILEGE_SET PrivilegeSet, IN PULONG PrivilegeSetLength, OUT PACCESS_MASK GrantedAccess, OUT PBOOLEAN AccessStatus ); NTSYSAPI NTSTATUS NTAPI NtAccessCheckAndAuditAlarm( IN PUNICODE_STRING SubsystemName, IN PVOID HandleId, IN PUNICODE_STRING ObjectTypeName, IN PUNICODE_STRING ObjectName, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN ACCESS_MASK DesiredAccess, IN PGENERIC_MAPPING GenericMapping, IN BOOLEAN ObjectCreation, OUT PACCESS_MASK GrantedAccess, OUT PBOOLEAN AccessStatus, OUT PBOOLEAN GenerateOnClose ); NTSYSAPI NTSTATUS NTAPI NtAccessCheckByType( IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID PrincipalSelfSid, IN HANDLE TokenHandle, IN ULONG DesiredAccess, IN POBJECT_TYPE_LIST ObjectTypeList, IN ULONG ObjectTypeListLength, IN PGENERIC_MAPPING GenericMapping, IN PPRIVILEGE_SET PrivilegeSet, IN PULONG PrivilegeSetLength, OUT PACCESS_MASK GrantedAccess, OUT PULONG AccessStatus ); NTSYSAPI NTSTATUS NTAPI NtAccessCheckByTypeAndAuditAlarm( IN PUNICODE_STRING SubsystemName, IN PVOID HandleId, IN PUNICODE_STRING ObjectTypeName, IN PUNICODE_STRING ObjectName, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID PrincipalSelfSid, IN ACCESS_MASK DesiredAccess, IN AUDIT_EVENT_TYPE AuditType, IN ULONG Flags, IN POBJECT_TYPE_LIST ObjectTypeList, IN ULONG ObjectTypeListLength, IN PGENERIC_MAPPING GenericMapping, IN BOOLEAN ObjectCreation, OUT PACCESS_MASK GrantedAccess, OUT PULONG AccessStatus, OUT PBOOLEAN GenerateOnClose ); NTSYSAPI NTSTATUS NTAPI NtAccessCheckByTypeResultList( IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID PrincipalSelfSid, IN HANDLE TokenHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE_LIST ObjectTypeList, IN ULONG ObjectTypeListLength, IN PGENERIC_MAPPING GenericMapping, IN PPRIVILEGE_SET PrivilegeSet, IN PULONG PrivilegeSetLength, OUT PACCESS_MASK GrantedAccessList, OUT PULONG AccessStatusList ); NTSYSAPI NTSTATUS NTAPI NtAccessCheckByTypeResultListAndAuditAlarm( IN PUNICODE_STRING SubsystemName, IN PVOID HandleId, IN PUNICODE_STRING ObjectTypeName, IN PUNICODE_STRING ObjectName, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID PrincipalSelfSid, IN ACCESS_MASK DesiredAccess, IN AUDIT_EVENT_TYPE AuditType, IN ULONG Flags, IN POBJECT_TYPE_LIST ObjectTypeList, IN ULONG ObjectTypeListLength, IN PGENERIC_MAPPING GenericMapping, IN BOOLEAN ObjectCreation, OUT PACCESS_MASK GrantedAccessList, OUT PULONG AccessStatusList, OUT PULONG GenerateOnClose ); NTSYSAPI NTSTATUS NTAPI NtAccessCheckByTypeResultListAndAuditAlarmByHandle( IN PUNICODE_STRING SubsystemName, IN PVOID HandleId, IN HANDLE TokenHandle, IN PUNICODE_STRING ObjectTypeName, IN PUNICODE_STRING ObjectName, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID PrincipalSelfSid, IN ACCESS_MASK DesiredAccess, IN AUDIT_EVENT_TYPE AuditType, IN ULONG Flags, IN POBJECT_TYPE_LIST ObjectTypeList, IN ULONG ObjectTypeListLength, IN PGENERIC_MAPPING GenericMapping, IN BOOLEAN ObjectCreation, OUT PACCESS_MASK GrantedAccessList, OUT PULONG AccessStatusList, OUT PULONG GenerateOnClose ); NTSYSAPI NTSTATUS NTAPI NtAddAtom( IN PWSTR String, IN ULONG StringLength, OUT PUSHORT Atom ); NTSYSAPI NTSTATUS NTAPI NtAddBootEntry( IN PUNICODE_STRING EntryName, IN PUNICODE_STRING EntryValue ); NTSYSAPI NTSTATUS NTAPI NtAddDriverEntry( IN PUNICODE_STRING DriverName, IN PUNICODE_STRING DriverPath ); NTSYSAPI NTSTATUS NTAPI NtAdjustGroupsToken( IN HANDLE TokenHandle, IN BOOLEAN ResetToDefault, IN PTOKEN_GROUPS NewState, IN ULONG BufferLength, OUT PTOKEN_GROUPS PreviousState OPTIONAL, OUT PULONG ReturnLength ); NTSYSAPI NTSTATUS NTAPI NtAdjustPrivilegesToken( IN HANDLE TokenHandle, IN BOOLEAN DisableAllPrivileges, IN PTOKEN_PRIVILEGES NewState, IN ULONG BufferLength, OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL, OUT PULONG ReturnLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtAlertResumeThread( IN HANDLE ThreadHandle, OUT PULONG PreviousSuspendCount OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtAllocateLocallyUniqueId( OUT PLUID Luid ); NTSYSAPI NTSTATUS NTAPI NtAllocateUserPhysicalPages( IN HANDLE ProcessHandle, IN PULONG NumberOfPages, OUT PULONG PageFrameNumbers ); NTSYSAPI NTSTATUS NTAPI NtAllocateUuids( OUT PLARGE_INTEGER UuidLastTimeAllocated, OUT PULONG UuidDeltaTime, OUT PULONG UuidSequenceNumber, OUT PUCHAR UuidSeed ); NTSYSAPI NTSTATUS NTAPI NtAllocateVirtualMemory( IN HANDLE ProcessHandle, IN OUT PVOID *BaseAddress, IN ULONG ZeroBits, IN OUT PULONG AllocationSize, IN ULONG AllocationType, IN ULONG Protect ); NTSYSAPI NTSTATUS NTAPI NtApphelpCacheControl( IN APPHELPCACHECONTROL ApphelpCacheControl, IN PUNICODE_STRING ApphelpCacheObject ); NTSYSAPI NTSTATUS NTAPI NtAreMappedFilesTheSame( IN PVOID Address1, IN PVOID Address2 ); NTSYSAPI NTSTATUS NTAPI NtAssignProcessToJobObject( IN HANDLE JobHandle, IN HANDLE ProcessHandle ); NTSYSAPI NTSTATUS NTAPI NtCallbackReturn( IN PVOID Result OPTIONAL, IN ULONG ResultLength, IN NTSTATUS Status ); NTSYSAPI NTSTATUS NTAPI NtCancelDeviceWakeupRequest( IN HANDLE DeviceHandle ); NTSYSAPI NTSTATUS NTAPI NtCancelIoFile( IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock ); NTSYSAPI NTSTATUS NTAPI NtCancelTimer( IN HANDLE TimerHandle, OUT PBOOLEAN PreviousState OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtClearEvent( IN HANDLE EventHandle ); NTSYSAPI NTSTATUS NTAPI NtClose( IN HANDLE Handle ); NTSYSAPI NTSTATUS NTAPI NtCloseObjectAuditAlarm( IN PUNICODE_STRING SubsystemName, IN PVOID HandleId, IN BOOLEAN GenerateOnClose ); NTSYSAPI NTSTATUS NTAPI NtCompactKeys( IN ULONG Length, IN HANDLE Key ); NTSYSAPI NTSTATUS NTAPI NtCompareTokens( IN HANDLE FirstTokenHandle, IN HANDLE SecondTokenHandle, OUT PBOOLEAN IdenticalTokens ); NTSYSAPI NTSTATUS NTAPI NtCompleteConnectPort( IN HANDLE PortHandle ); NTSYSAPI NTSTATUS NTAPI NtCompressKey( IN HANDLE Key ); NTSYSAPI NTSTATUS NTAPI NtConnectPort( OUT PHANDLE PortHandle, IN PUNICODE_STRING PortName, IN PSECURITY_QUALITY_OF_SERVICE SecurityQos, IN OUT PPORT_VIEW ClientView OPTIONAL, OUT PREMOTE_PORT_VIEW ServerView OPTIONAL, OUT PULONG MaxMessageLength OPTIONAL, IN OUT PVOID ConnectInformation OPTIONAL, IN OUT PULONG ConnectInformationLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtContinue( IN PCONTEXT Context, IN BOOLEAN TestAlert ); NTSYSAPI NTSTATUS NTAPI NtCreateDebugObject( OUT PHANDLE DebugObject, IN ULONG AccessRequired, IN POBJECT_ATTRIBUTES ObjectAttributes, IN BOOLEAN KillProcessOnExit ); NTSYSAPI NTSTATUS NTAPI NtCreateDirectoryObject( OUT PHANDLE DirectoryHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSAPI NTSTATUS NTAPI NtCreateEvent( OUT PHANDLE EventHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN EVENT_TYPE EventType, IN BOOLEAN InitialState ); NTSYSAPI NTSTATUS NTAPI NtCreateEventPair( OUT PHANDLE EventPairHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSAPI NTSTATUS NTAPI NtCreateFile( OUT PHANDLE FileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PLARGE_INTEGER AllocationSize OPTIONAL, IN ULONG FileAttributes, IN ULONG ShareAccess, IN ULONG CreateDisposition, IN ULONG CreateOptions, IN PVOID EaBuffer OPTIONAL, IN ULONG EaLength ); NTSYSAPI NTSTATUS NTAPI NtCreateIoCompletion( OUT PHANDLE IoCompletionHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN ULONG NumberOfConcurrentThreads ); NTSYSAPI NTSTATUS NTAPI NtCreateJobObject( OUT PHANDLE JobHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSAPI NTSTATUS NTAPI NtCreateJobSet( IN ULONG Jobs, IN PJOB_SET_ARRAY JobSet, IN ULONG Reserved ); NTSYSAPI NTSTATUS NTAPI NtCreateKey( OUT PHANDLE KeyHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN ULONG TitleIndex, IN PUNICODE_STRING Class OPTIONAL, IN ULONG CreateOptions, OUT PULONG Disposition OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtCreateKeyedEvent( OUT PHANDLE KeyedEventHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN ULONG Reserved ); NTSYSAPI NTSTATUS NTAPI NtCreateMailslotFile( OUT PHANDLE FileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK IoStatusBlock, IN ULONG CreateOptions, IN ULONG InBufferSize, IN ULONG MaxMessageSize, IN PLARGE_INTEGER ReadTimeout OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtCreateMutant( OUT PHANDLE MutantHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN BOOLEAN InitialOwner ); NTSYSAPI NTSTATUS NTAPI NtCreateNamedPipeFile( OUT PHANDLE FileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK IoStatusBlock, IN ULONG ShareAccess, IN ULONG CreateDisposition, IN ULONG CreateOptions, IN BOOLEAN TypeMessage, IN BOOLEAN ReadmodeMessage, IN BOOLEAN Nonblocking, IN ULONG MaxInstances, IN ULONG InBufferSize, IN ULONG OutBufferSize, IN PLARGE_INTEGER DefaultTimeout OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtCreatePagingFile( IN PUNICODE_STRING FileName, IN PULARGE_INTEGER InitialSize, IN PULARGE_INTEGER MaximumSize, IN ULONG Priority OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtCreatePort( OUT PHANDLE PortHandle, IN POBJECT_ATTRIBUTES ObjectAttributes, IN ULONG MaxConnectionInfoLength, IN ULONG MaxMessageLength, IN ULONG MaxPoolUsage ); NTSYSAPI NTSTATUS NTAPI NtCreateProcess( OUT PHANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN HANDLE InheritFromProcessHandle, IN BOOLEAN InheritHandles, IN HANDLE SectionHandle OPTIONAL, IN HANDLE DebugPort OPTIONAL, IN HANDLE ExceptionPort OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtCreateProcessEx( OUT PHANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN HANDLE InheritFromProcessHandle, IN ULONG CreateFlags, IN HANDLE SectionHandle OPTIONAL, IN HANDLE DebugObject OPTIONAL, IN HANDLE ExceptionPort OPTIONAL, IN ULONG JobMemberLevel ); NTSYSAPI NTSTATUS NTAPI NtCreateProfile( OUT PHANDLE ProfileHandle, IN HANDLE ProcessHandle, IN PVOID Base, IN ULONG Size, IN ULONG BucketShift, IN PULONG Buffer, IN ULONG BufferLength, IN KPROFILE_SOURCE Source, IN ULONG ProcessorMask ); NTSYSAPI NTSTATUS NTAPI NtCreateSection( OUT PHANDLE SectionHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN PLARGE_INTEGER SectionSize OPTIONAL, IN ULONG Protect, IN ULONG Attributes, IN HANDLE FileHandle ); NTSYSAPI NTSTATUS NTAPI NtCreateSemaphore( OUT PHANDLE SemaphoreHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN LONG InitialCount, IN LONG MaximumCount ); NTSYSAPI NTSTATUS NTAPI NtCreateSymbolicLinkObject( OUT PHANDLE SymbolicLinkHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN PUNICODE_STRING TargetName ); NTSYSAPI NTSTATUS NTAPI NtCreateThread( OUT PHANDLE ThreadHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN HANDLE ProcessHandle, OUT PCLIENT_ID ClientId, IN PCONTEXT ThreadContext, IN PUSER_STACK UserStack, IN BOOLEAN CreateSuspended ); NTSYSAPI NTSTATUS NTAPI NtCreateTimer( OUT PHANDLE TimerHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN TIMER_TYPE TimerType ); NTSYSAPI NTSTATUS NTAPI NtCreateToken( OUT PHANDLE TokenHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN TOKEN_TYPE Type, IN PLUID AuthenticationId, IN PLARGE_INTEGER ExpirationTime, IN PTOKEN_USER User, IN PTOKEN_GROUPS Groups, IN PTOKEN_PRIVILEGES Privileges, IN PTOKEN_OWNER Owner, IN PTOKEN_PRIMARY_GROUP PrimaryGroup, IN PTOKEN_DEFAULT_DACL DefaultDacl, IN PTOKEN_SOURCE Source ); NTSYSAPI NTSTATUS NTAPI NtCreateWaitablePort( OUT PHANDLE PortHandle, IN POBJECT_ATTRIBUTES ObjectAttributes, IN ULONG MaxConnectionInfoLength, IN ULONG MaxMessageLength, IN ULONG MaxPoolUsage ); NTSYSAPI NTSTATUS NTAPI NtDebugActiveProcess( IN HANDLE Process, IN HANDLE DebugObject ); NTSYSAPI NTSTATUS NTAPI NtDebugContinue( IN HANDLE DebugObject, IN PCLIENT_ID AppClientId, IN NTSTATUS ContinueStatus ); NTSYSAPI NTSTATUS NTAPI NtDelayExecution( IN BOOLEAN Alertable, IN PLARGE_INTEGER Interval ); NTSYSAPI NTSTATUS NTAPI NtDeleteAtom( IN USHORT Atom ); NTSYSAPI NTSTATUS NTAPI NtDeleteBootEntry( IN PUNICODE_STRING EntryName, IN PUNICODE_STRING EntryValue ); NTSYSAPI NTSTATUS NTAPI NtDeleteDriverEntry( IN PUNICODE_STRING DriverName, IN PUNICODE_STRING DriverPath ); NTSYSAPI NTSTATUS NTAPI NtDeleteFile( IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSAPI NTSTATUS NTAPI NtDeleteKey( IN HANDLE KeyHandle ); NTSYSAPI NTSTATUS NTAPI NtDeleteObjectAuditAlarm( IN PUNICODE_STRING SubsystemName, IN PVOID HandleId, IN BOOLEAN GenerateOnClose ); NTSYSAPI NTSTATUS NTAPI NtDeleteValueKey( IN HANDLE KeyHandle, IN PUNICODE_STRING ValueName ); NTSYSAPI NTSTATUS NTAPI NtDeviceIoControlFile( IN HANDLE FileHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, IN ULONG IoControlCode, IN PVOID InputBuffer OPTIONAL, IN ULONG InputBufferLength, OUT PVOID OutputBuffer OPTIONAL, IN ULONG OutputBufferLength ); NTSYSAPI NTSTATUS NTAPI NtDisplayString( IN PUNICODE_STRING String ); NTSYSAPI NTSTATUS NTAPI NtDuplicateObject( IN HANDLE SourceProcessHandle, IN HANDLE SourceHandle, IN HANDLE TargetProcessHandle, OUT PHANDLE TargetHandle OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG Attributes, IN ULONG Options ); NTSYSAPI NTSTATUS NTAPI NtDuplicateToken( IN HANDLE ExistingTokenHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN BOOLEAN EffectiveOnly, IN TOKEN_TYPE TokenType, OUT PHANDLE NewTokenHandle ); NTSYSAPI NTSTATUS NTAPI NtEnumerateBootEntries( IN ULONG Unknown1, IN ULONG Unknown2 ); NTSYSAPI NTSTATUS NTAPI NtEnumerateKey( IN HANDLE KeyHandle, IN ULONG Index, IN KEY_INFORMATION_CLASS KeyInformationClass, OUT PVOID KeyInformation, IN ULONG KeyInformationLength, OUT PULONG ResultLength ); NTSYSAPI NTSTATUS NTAPI NtEnumerateSystemEnvironmentValuesEx( IN ULONG Unknown1, IN ULONG Unknown2, IN ULONG Unknown3 ); NTSYSAPI NTSTATUS NTAPI NtEnumerateValueKey( IN HANDLE KeyHandle, IN ULONG Index, IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass, OUT PVOID KeyValueInformation, IN ULONG KeyValueInformationLength, OUT PULONG ResultLength ); NTSYSAPI NTSTATUS NTAPI NtExtendSection( IN HANDLE SectionHandle, IN PLARGE_INTEGER SectionSize ); NTSYSAPI NTSTATUS NTAPI NtFilterToken( IN HANDLE ExistingTokenHandle, IN ULONG Flags, IN PTOKEN_GROUPS SidsToDisable, IN PTOKEN_PRIVILEGES PrivilegesToDelete, IN PTOKEN_GROUPS SidsToRestricted, OUT PHANDLE NewTokenHandle ); NTSYSAPI NTSTATUS NTAPI NtFindAtom( IN PWSTR String, IN ULONG StringLength, OUT PUSHORT Atom ); NTSYSAPI NTSTATUS NTAPI NtFlushBuffersFile( IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock ); NTSYSAPI NTSTATUS NTAPI NtFlushInstructionCache( IN HANDLE ProcessHandle, IN PVOID BaseAddress OPTIONAL, IN ULONG FlushSize ); NTSYSAPI NTSTATUS NTAPI NtFlushKey( IN HANDLE KeyHandle ); NTSYSAPI NTSTATUS NTAPI NtFlushVirtualMemory( IN HANDLE ProcessHandle, IN OUT PVOID *BaseAddress, IN OUT PULONG FlushSize, OUT PIO_STATUS_BLOCK IoStatusBlock ); NTSYSAPI NTSTATUS NTAPI NtFlushWriteBuffer( VOID ); NTSYSAPI NTSTATUS NTAPI NtYieldExecution( VOID ); NTSYSAPI NTSTATUS NTAPI NtWriteVirtualMemory( IN HANDLE ProcessHandle, IN PVOID BaseAddress, IN PVOID Buffer, IN ULONG BufferLength, OUT PULONG ReturnLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtWriteRequestData( IN HANDLE PortHandle, IN PPORT_MESSAGE Message, IN ULONG Index, IN PVOID Buffer, IN ULONG BufferLength, OUT PULONG ReturnLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtWriteFileGather( IN HANDLE FileHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PFILE_SEGMENT_ELEMENT Buffer, IN ULONG Length, IN PLARGE_INTEGER ByteOffset OPTIONAL, IN PULONG Key OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtWriteFile( IN HANDLE FileHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PVOID Buffer, IN ULONG Length, IN PLARGE_INTEGER ByteOffset OPTIONAL, IN PULONG Key OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtWaitLowEventPair( IN HANDLE EventPairHandle ); NTSYSAPI NTSTATUS NTAPI NtWaitHighEventPair( IN HANDLE EventPairHandle ); NTSYSAPI NTSTATUS NTAPI NtWaitForSingleObject( IN HANDLE Handle, IN BOOLEAN Alertable, IN PLARGE_INTEGER Timeout OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtWaitForMultipleObjects32( IN ULONG HandleCount, IN PHANDLE Handles, IN WAIT_TYPE WaitType, IN BOOLEAN Alertable, IN PLARGE_INTEGER Timeout OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtWaitForMultipleObjects( IN ULONG HandleCount, IN PHANDLE Handles, IN WAIT_TYPE WaitType, IN BOOLEAN Alertable, IN PLARGE_INTEGER Timeout OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtWaitForKeyedEvent( IN HANDLE KeyedEventHandle, IN PVOID Key, IN BOOLEAN Alertable, IN PLARGE_INTEGER Timeout OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtWaitForDebugEvent( IN HANDLE DebugObject, IN BOOLEAN Alertable, IN PLARGE_INTEGER Timeout OPTIONAL, OUT PDBGUI_WAIT_STATE_CHANGE StateChange ); NTSYSAPI NTSTATUS NTAPI NtVdmControl( IN VDMSERVICECLASS Service, IN OUT PVOID ServiceData ); NTSYSAPI NTSTATUS NTAPI NtUnmapViewOfSection( IN HANDLE ProcessHandle, IN PVOID BaseAddress ); NTSYSAPI NTSTATUS NTAPI NtUnlockVirtualMemory( IN HANDLE ProcessHandle, IN OUT PVOID *BaseAddress, IN OUT PULONG LockSize, IN ULONG LockType ); NTSYSAPI NTSTATUS NTAPI NtUnlockFile( IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PULARGE_INTEGER LockOffset, IN PULARGE_INTEGER LockLength, IN ULONG Key ); NTSYSAPI NTSTATUS NTAPI NtUnloadKeyEx( IN POBJECT_ATTRIBUTES KeyObjectAttributes, IN HANDLE EventHandle OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtUnloadKey2( IN POBJECT_ATTRIBUTES KeyObjectAttributes, IN BOOLEAN ForceUnload ); NTSYSAPI NTSTATUS NTAPI NtUnloadKey( IN POBJECT_ATTRIBUTES KeyObjectAttributes ); NTSYSAPI NTSTATUS NTAPI NtUnloadDriver( IN PUNICODE_STRING DriverServiceName ); NTSYSAPI NTSTATUS NTAPI NtTranslateFilePath( PFILE_PATH InputFilePath, ULONG OutputType, PFILE_PATH OutputFilePath, ULONG OutputFilePathLength ); NTSYSAPI NTSTATUS NTAPI NtTraceEvent( IN ULONG TraceHandle, IN ULONG Flags, IN ULONG TraceHeaderLength, IN PEVENT_TRACE_HEADER TraceHeader ); NTSYSAPI NTSTATUS NTAPI NtTerminateThread( IN HANDLE ThreadHandle OPTIONAL, IN NTSTATUS ExitStatus ); NTSYSAPI NTSTATUS NTAPI NtTerminateProcess( IN HANDLE ProcessHandle OPTIONAL, IN NTSTATUS ExitStatus ); NTSYSAPI NTSTATUS NTAPI NtTerminateJobObject( IN HANDLE JobHandle, IN NTSTATUS ExitStatus ); NTSYSAPI NTSTATUS NTAPI NtSystemDebugControl( IN DEBUG_CONTROL_CODE ControlCode, IN PVOID InputBuffer OPTIONAL, IN ULONG InputBufferLength, OUT PVOID OutputBuffer OPTIONAL, IN ULONG OutputBufferLength, OUT PULONG ReturnLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtSuspendThread( IN HANDLE ThreadHandle, OUT PULONG PreviousSuspendCount OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtSuspendProcess( IN HANDLE Process ); NTSYSAPI NTSTATUS NTAPI NtStopProfile( IN HANDLE ProfileHandle ); NTSYSAPI NTSTATUS NTAPI NtStartProfile( IN HANDLE ProfileHandle ); NTSYSAPI NTSTATUS NTAPI NtSignalAndWaitForSingleObject( IN HANDLE HandleToSignal, IN HANDLE HandleToWait, IN BOOLEAN Alertable, IN PLARGE_INTEGER Timeout OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtShutdownSystem( IN SHUTDOWN_ACTION Action ); NTSYSAPI NTSTATUS NTAPI NtSetVolumeInformationFile( IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PVOID Buffer, IN ULONG BufferLength, IN FS_INFORMATION_CLASS VolumeInformationClass ); NTSYSAPI NTSTATUS NTAPI NtSetValueKey( IN HANDLE KeyHandle, IN PUNICODE_STRING ValueName, IN ULONG TitleIndex, IN ULONG Type, IN PVOID Data, IN ULONG DataSize ); NTSYSAPI NTSTATUS NTAPI NtSetUuidSeed( IN PUCHAR UuidSeed ); NTSYSAPI NTSTATUS NTAPI NtSetTimerResolution( IN ULONG RequestedResolution, IN BOOLEAN Set, OUT PULONG ActualResolution ); NTSYSAPI NTSTATUS NTAPI NtSetTimer( IN HANDLE TimerHandle, IN PLARGE_INTEGER DueTime, IN PTIMER_APC_ROUTINE TimerApcRoutine OPTIONAL, IN PVOID TimerContext, IN BOOLEAN Resume, IN LONG Period, OUT PBOOLEAN PreviousState OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtSetThreadExecutionState( IN EXECUTION_STATE ExecutionState, OUT PEXECUTION_STATE PreviousExecutionState ); NTSYSAPI NTSTATUS NTAPI NtSetSystemTime( IN PLARGE_INTEGER NewTime, OUT PLARGE_INTEGER OldTime OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtSetSystemPowerState( IN POWER_ACTION SystemAction, IN SYSTEM_POWER_STATE MinSystemState, IN ULONG Flags ); NTSYSAPI NTSTATUS NTAPI NtSetSystemInformation( IN SYSTEM_INFORMATION_CLASS SystemInformationClass, IN OUT PVOID SystemInformation, IN ULONG SystemInformationLength ); NTSYSAPI NTSTATUS NTAPI NtSetSystemEnvironmentValue( IN PUNICODE_STRING Name, IN PUNICODE_STRING Value ); NTSYSAPI NTSTATUS NTAPI NtSetSecurityObject( IN HANDLE Handle, IN SECURITY_INFORMATION SecurityInformation, IN PSECURITY_DESCRIPTOR SecurityDescriptor ); NTSYSAPI NTSTATUS NTAPI NtSetQuotaInformationFile( IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PFILE_USER_QUOTA_INFORMATION Buffer, IN ULONG BufferLength ); NTSYSAPI NTSTATUS NTAPI NtSetLowWaitHighEventPair( IN HANDLE EventPairHandle ); NTSYSAPI NTSTATUS NTAPI NtSetLowEventPair( IN HANDLE EventPairHandle ); NTSYSAPI NTSTATUS NTAPI NtSetLdtEntries( IN ULONG Selector1, IN LDT_ENTRY LdtEntry1, IN ULONG Selector2, IN LDT_ENTRY LdtEntry2 ); NTSYSAPI NTSTATUS NTAPI NtSetIoCompletion( IN HANDLE IoCompletionHandle, IN ULONG CompletionKey, IN ULONG CompletionValue, IN NTSTATUS Status, IN ULONG Information ); NTSYSAPI NTSTATUS NTAPI NtSetIntervalProfile( IN ULONG Interval, IN KPROFILE_SOURCE Source ); NTSYSAPI NTSTATUS NTAPI NtSetInformationToken( IN HANDLE TokenHandle, IN TOKEN_INFORMATION_CLASS TokenInformationClass, IN PVOID TokenInformation, IN ULONG TokenInformationLength ); NTSYSAPI NTSTATUS NTAPI NtSetInformationThread( IN HANDLE ThreadHandle, IN THREADINFOCLASS ThreadInformationClass, IN PVOID ThreadInformation, IN ULONG ThreadInformationLength ); NTSYSAPI NTSTATUS NTAPI NtSetInformationProcess( IN HANDLE ProcessHandle, IN PROCESSINFOCLASS ProcessInformationClass, IN PVOID ProcessInformation, IN ULONG ProcessInformationLength ); NTSYSAPI NTSTATUS NTAPI NtSetInformationObject( IN HANDLE ObjectHandle, IN OBJECT_INFORMATION_CLASS ObjectInformationClass, IN PVOID ObjectInformation, IN ULONG ObjectInformationLength ); NTSYSAPI NTSTATUS NTAPI NtSetInformationKey( IN HANDLE KeyHandle, IN KEY_SET_INFORMATION_CLASS KeyInformationClass, IN PVOID KeyInformation, IN ULONG KeyInformationLength ); NTSYSAPI NTSTATUS NTAPI NtSetInformationJobObject( IN HANDLE JobHandle, IN JOBOBJECTINFOCLASS JobInformationClass, IN PVOID JobInformation, IN ULONG JobInformationLength ); NTSYSAPI NTSTATUS NTAPI NtSetInformationFile( IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PVOID FileInformation, IN ULONG FileInformationLength, IN FILE_INFORMATION_CLASS FileInformationClass ); NTSYSAPI NTSTATUS NTAPI NtSetInformationDebugObject( IN HANDLE DebugObject, IN DEBUGOBJECTINFOCLASS DebugObjectInformationClass, IN PVOID DebugInformation, IN ULONG DebugInformationLength, OUT PULONG ReturnLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtSetHighWaitLowEventPair( IN HANDLE EventPairHandle ); NTSYSAPI NTSTATUS NTAPI NtSetHighEventPair( IN HANDLE EventPairHandle ); NTSYSAPI NTSTATUS NTAPI NtSetEventBoostPriority( IN HANDLE EventHandle ); NTSYSAPI NTSTATUS NTAPI NtSetEvent( IN HANDLE EventHandle, OUT PULONG PreviousState OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtSetEaFile( IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PFILE_FULL_EA_INFORMATION Buffer, IN ULONG BufferLength ); NTSYSAPI NTSTATUS NTAPI NtSetDefaultUILanguage( IN LANGID LanguageId ); NTSYSAPI NTSTATUS NTAPI NtSetDefaultLocale( IN BOOLEAN ThreadOrSystem, IN LCID Locale ); NTSYSAPI NTSTATUS NTAPI NtSetDefaultHardErrorPort( IN HANDLE PortHandle ); NTSYSAPI NTSTATUS NTAPI NtSetDebugFilterState( IN ULONG ComponentId, IN ULONG Level, IN BOOLEAN Enable ); NTSYSAPI NTSTATUS NTAPI NtSetContextThread( IN HANDLE ThreadHandle, IN PCONTEXT Context ); NTSYSAPI NTSTATUS NTAPI NtSetContextChannel( IN HANDLE CHannelHandle ); NTSYSAPI NTSTATUS NTAPI NtSetBootOptions( IN PBOOT_OPTIONS BootOptions, IN ULONG FieldsToChange ); NTSYSAPI NTSTATUS NTAPI NtSetBootEntryOrder( IN ULONG Unknown1, IN ULONG Unknown2 ); NTSYSAPI NTSTATUS NTAPI NtSecureConnectPort( OUT PHANDLE PortHandle, IN PUNICODE_STRING PortName, IN PSECURITY_QUALITY_OF_SERVICE SecurityQos, IN OUT PPORT_VIEW ClientView OPTIONAL, IN PSID ServerSid OPTIONAL, OUT PREMOTE_PORT_VIEW ServerView OPTIONAL, OUT PULONG MaxMessageLength OPTIONAL, IN OUT PVOID ConnectInformation OPTIONAL, IN OUT PULONG ConnectInformationLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtSaveMergedKeys( IN HANDLE KeyHandle1, IN HANDLE KeyHandle2, IN HANDLE FileHandle ); NTSYSAPI NTSTATUS NTAPI NtSaveKeyEx( IN HANDLE KeyHandle, IN HANDLE FileHandle, IN ULONG Flags ); NTSYSAPI NTSTATUS NTAPI NtSaveKey( IN HANDLE KeyHandle, IN HANDLE FileHandle ); NTSYSAPI NTSTATUS NTAPI NtResumeThread( IN HANDLE ThreadHandle, OUT PULONG PreviousSuspendCount OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtResumeProcess( IN HANDLE Process ); NTSYSAPI NTSTATUS NTAPI NtRestoreKey( IN HANDLE KeyHandle, IN HANDLE FileHandle, IN ULONG Flags ); NTSYSAPI NTSTATUS NTAPI NtResetWriteWatch( IN HANDLE ProcessHandle, IN PVOID BaseAddress, IN ULONG RegionSize ); NTSYSAPI NTSTATUS NTAPI NtResetEvent( IN HANDLE EventHandle, OUT PULONG PreviousState OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtRequestWakeupLatency( IN LATENCY_TIME Latency ); NTSYSAPI NTSTATUS NTAPI NtRequestWaitReplyPort( IN HANDLE PortHandle, IN PPORT_MESSAGE RequestMessage, OUT PPORT_MESSAGE ReplyMessage ); NTSYSAPI NTSTATUS NTAPI NtRequestPort( IN HANDLE PortHandle, IN PPORT_MESSAGE RequestMessage ); NTSYSAPI NTSTATUS NTAPI NtRequestDeviceWakeup( IN HANDLE DeviceHandle ); NTSYSAPI NTSTATUS NTAPI NtReplyWaitReplyPort( IN HANDLE PortHandle, IN OUT PPORT_MESSAGE ReplyMessage ); NTSYSAPI NTSTATUS NTAPI NtReplyWaitReceivePortEx( IN HANDLE PortHandle, OUT PVOID* PortIdentifier OPTIONAL, IN PPORT_MESSAGE ReplyMessage OPTIONAL, OUT PPORT_MESSAGE Message, IN PLARGE_INTEGER Timeout ); NTSYSAPI NTSTATUS NTAPI NtReplyWaitReceivePort( IN HANDLE PortHandle, OUT PULONG PortIdentifier OPTIONAL, IN PPORT_MESSAGE ReplyMessage OPTIONAL, OUT PPORT_MESSAGE Message ); NTSYSAPI NTSTATUS NTAPI NtReplyPort( IN HANDLE PortHandle, IN PPORT_MESSAGE ReplyMessage ); NTSYSAPI NTSTATUS NTAPI NtReplaceKey( IN POBJECT_ATTRIBUTES NewFileObjectAttributes, IN HANDLE KeyHandle, IN POBJECT_ATTRIBUTES OldFileObjectAttributes ); NTSYSAPI NTSTATUS NTAPI NtRenameKey( IN HANDLE KeyHandle, IN PUNICODE_STRING ReplacementName ); NTSYSAPI NTSTATUS NTAPI NtRemoveProcessDebug( IN HANDLE Process, IN HANDLE DebugObject ); NTSYSAPI NTSTATUS NTAPI NtRemoveIoCompletion( IN HANDLE IoCompletionHandle, OUT PULONG CompletionKey, OUT PULONG CompletionValue, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PLARGE_INTEGER Timeout OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtReleaseSemaphore( IN HANDLE SemaphoreHandle, IN LONG ReleaseCount, OUT PLONG PreviousCount OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtReleaseMutant( IN HANDLE MutantHandle, OUT PULONG PreviousState ); NTSYSAPI NTSTATUS NTAPI NtReleaseKeyedEvent( IN HANDLE KeyedEventHandle, IN PVOID Key, IN BOOLEAN Alertable, IN PLARGE_INTEGER Timeout OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtRegisterThreadTerminatePort( IN HANDLE PortHandle ); NTSYSAPI NTSTATUS NTAPI NtReadVirtualMemory( IN HANDLE ProcessHandle, IN PVOID BaseAddress, OUT PVOID Buffer, IN ULONG BufferLength, OUT PULONG ReturnLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtReadRequestData( IN HANDLE PortHandle, IN PPORT_MESSAGE Message, IN ULONG Index, OUT PVOID Buffer, IN ULONG BufferLength, OUT PULONG ReturnLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtReadFileScatter( IN HANDLE FileHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PFILE_SEGMENT_ELEMENT Buffer, IN ULONG Length, IN PLARGE_INTEGER ByteOffset OPTIONAL, IN PULONG Key OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtReadFile( IN HANDLE FileHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, OUT PVOID Buffer, IN ULONG Length, IN PLARGE_INTEGER ByteOffset OPTIONAL, IN PULONG Key OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtRaiseHardError( IN NTSTATUS Status, IN ULONG NumberOfArguments, IN ULONG StringArgumentsMask, IN PULONG_PTR Arguments, IN HARDERROR_RESPONSE_OPTION ResponseOption, OUT PHARDERROR_RESPONSE Response ); NTSYSAPI NTSTATUS NTAPI NtRaiseException( IN PEXCEPTION_RECORD ExceptionRecord, IN PCONTEXT Context, IN BOOLEAN SearchFrames ); NTSYSAPI NTSTATUS NTAPI NtQueueApcThread( IN HANDLE ThreadHandle, IN PKNORMAL_ROUTINE ApcRoutine, IN PVOID ApcContext OPTIONAL, IN PVOID Argument1 OPTIONAL, IN PVOID Argument2 OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtQueryVolumeInformationFile( IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock, OUT PVOID VolumeInformation, IN ULONG VolumeInformationLength, IN FS_INFORMATION_CLASS VolumeInformationClass ); NTSYSAPI NTSTATUS NTAPI NtQueryVirtualMemory( IN HANDLE ProcessHandle, IN PVOID BaseAddress, IN MEMORY_INFORMATION_CLASS MemoryInformationClass, OUT PVOID MemoryInformation, IN ULONG MemoryInformationLength, OUT PULONG ReturnLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtQueryValueKey( IN HANDLE KeyHandle, IN PUNICODE_STRING ValueName, IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass, OUT PVOID KeyValueInformation, IN ULONG KeyValueInformationLength, OUT PULONG ResultLength ); NTSYSAPI NTSTATUS NTAPI NtQueryTimerResolution( OUT PULONG CoarsestResolution, OUT PULONG FinestResolution, OUT PULONG ActualResolution ); NTSYSAPI NTSTATUS NTAPI NtQueryTimer( IN HANDLE TimerHandle, IN TIMER_INFORMATION_CLASS TimerInformationClass, OUT PVOID TimerInformation, IN ULONG TimerInformationLength, OUT PULONG ResultLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtQuerySystemTime( OUT PLARGE_INTEGER CurrentTime ); NTSYSAPI NTSTATUS NTAPI NtQuerySystemInformation( IN SYSTEM_INFORMATION_CLASS SystemInformationClass, IN OUT PVOID SystemInformation, IN ULONG SystemInformationLength, OUT PULONG ReturnLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtQuerySystemEnvironmentValueEx( IN ULONG Unknown1, IN ULONG Unknown2, IN ULONG Unknown3, IN ULONG Unknown4, IN ULONG Unknown5 ); NTSYSAPI NTSTATUS NTAPI NtQuerySystemEnvironmentValue( IN PUNICODE_STRING Name, OUT PVOID Value, IN ULONG ValueLength, OUT PULONG ReturnLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtQuerySymbolicLinkObject( IN HANDLE SymbolicLinkHandle, IN OUT PUNICODE_STRING TargetName, OUT PULONG ReturnLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtQuerySemaphore( IN HANDLE SemaphoreHandle, IN SEMAPHORE_INFORMATION_CLASS SemaphoreInformationClass, OUT PVOID SemaphoreInformation, IN ULONG SemaphoreInformationLength, OUT PULONG ResultLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtQuerySecurityObject( IN HANDLE Handle, IN SECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN ULONG SecurityDescriptorLength, OUT PULONG ReturnLength ); NTSYSAPI NTSTATUS NTAPI NtQuerySection( IN HANDLE SectionHandle, IN SECTION_INFORMATION_CLASS SectionInformationClass, OUT PVOID SectionInformation, IN ULONG SectionInformationLength, OUT PULONG ResultLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtQueryQuotaInformationFile( IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock, OUT PFILE_USER_QUOTA_INFORMATION Buffer, IN ULONG BufferLength, IN BOOLEAN ReturnSingleEntry, IN PFILE_QUOTA_LIST_INFORMATION QuotaList OPTIONAL, IN ULONG QuotaListLength, IN PSID ResumeSid OPTIONAL, IN BOOLEAN RestartScan ); NTSYSAPI BOOLEAN NTAPI NtQueryPortInformationProcess( VOID ); NTSYSAPI NTSTATUS NTAPI NtQueryPerformanceCounter( OUT PLARGE_INTEGER PerformanceCount, OUT PLARGE_INTEGER PerformanceFrequency OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtQueryOpenSubKeys( IN POBJECT_ATTRIBUTES KeyObjectAttributes, OUT PULONG NumberOfKeys ); NTSYSAPI NTSTATUS NTAPI NtQueryObject( IN HANDLE ObjectHandle, IN OBJECT_INFORMATION_CLASS ObjectInformationClass, OUT PVOID ObjectInformation, IN ULONG ObjectInformationLength, OUT PULONG ReturnLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtQueryMutant( IN HANDLE MutantHandle, IN MUTANT_INFORMATION_CLASS MutantInformationClass, OUT PVOID MutantInformation, IN ULONG MutantInformationLength, OUT PULONG ResultLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtQueryMultipleValueKey( IN HANDLE KeyHandle, IN OUT PKEY_VALUE_ENTRY ValueList, IN ULONG NumberOfValues, OUT PVOID Buffer, IN OUT PULONG Length, OUT PULONG ReturnLength ); NTSYSAPI NTSTATUS NTAPI NtQueryKey( IN HANDLE KeyHandle, IN KEY_INFORMATION_CLASS KeyInformationClass, OUT PVOID KeyInformation, IN ULONG KeyInformationLength, OUT PULONG ResultLength ); NTSYSAPI NTSTATUS NTAPI NtQueryIoCompletion( IN HANDLE IoCompletionHandle, IN IO_COMPLETION_INFORMATION_CLASS IoCompletionInformationClass, OUT PVOID IoCompletionInformation, IN ULONG IoCompletionInformationLength, OUT PULONG ResultLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtQueryIntervalProfile( IN KPROFILE_SOURCE Source, OUT PULONG Interval ); NTSYSAPI NTSTATUS NTAPI NtQueryInstallUILanguage( OUT PLANGID LanguageId ); NTSYSAPI NTSTATUS NTAPI NtQueryInformationToken( IN HANDLE TokenHandle, IN TOKEN_INFORMATION_CLASS TokenInformationClass, OUT PVOID TokenInformation, IN ULONG TokenInformationLength, OUT PULONG ReturnLength ); NTSYSAPI NTSTATUS NTAPI NtQueryInformationThread( IN HANDLE ThreadHandle, IN THREADINFOCLASS ThreadInformationClass, OUT PVOID ThreadInformation, IN ULONG ThreadInformationLength, OUT PULONG ReturnLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtQueryInformationProcess( IN HANDLE ProcessHandle, IN PROCESSINFOCLASS ProcessInformationClass, OUT PVOID ProcessInformation, IN ULONG ProcessInformationLength, OUT PULONG ReturnLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtQueryInformationPort( IN HANDLE PortHandle, IN PORT_INFORMATION_CLASS PortInformationClass, OUT PVOID PortInformation, IN ULONG PortInformationLength, OUT PULONG ReturnLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtQueryInformationJobObject( IN HANDLE JobHandle, IN JOBOBJECTINFOCLASS JobInformationClass, OUT PVOID JobInformation, IN ULONG JobInformationLength, OUT PULONG ReturnLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtQueryInformationFile( IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock, OUT PVOID FileInformation, IN ULONG FileInformationLength, IN FILE_INFORMATION_CLASS FileInformationClass ); NTSYSAPI NTSTATUS NTAPI NtQueryInformationAtom( IN USHORT Atom, IN ATOM_INFORMATION_CLASS AtomInformationClass, OUT PVOID AtomInformation, IN ULONG AtomInformationLength, OUT PULONG ReturnLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtQueryFullAttributesFile( IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PFILE_NETWORK_OPEN_INFORMATION FileInformation ); NTSYSAPI NTSTATUS NTAPI NtQueryEvent( IN HANDLE EventHandle, IN EVENT_INFORMATION_CLASS EventInformationClass, OUT PVOID EventInformation, IN ULONG EventInformationLength, OUT PULONG ResultLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtQueryEaFile( IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock, OUT PFILE_FULL_EA_INFORMATION Buffer, IN ULONG BufferLength, IN BOOLEAN ReturnSingleEntry, IN PFILE_GET_EA_INFORMATION EaList OPTIONAL, IN ULONG EaListLength, IN PULONG EaIndex OPTIONAL, IN BOOLEAN RestartScan ); NTSYSAPI NTSTATUS NTAPI NtQueryDirectoryObject( IN HANDLE DirectoryHandle, OUT PVOID Buffer, IN ULONG BufferLength, IN BOOLEAN ReturnSingleEntry, IN BOOLEAN RestartScan, IN OUT PULONG Context, OUT PULONG ReturnLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtQueryDirectoryFile( IN HANDLE FileHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, OUT PVOID FileInformation, IN ULONG FileInformationLength, IN FILE_INFORMATION_CLASS FileInformationClass, IN BOOLEAN ReturnSingleEntry, IN PUNICODE_STRING FileName OPTIONAL, IN BOOLEAN RestartScan ); NTSYSAPI NTSTATUS NTAPI NtQueryDefaultUILanguage( OUT PLANGID LanguageId ); NTSYSAPI NTSTATUS NTAPI NtQueryDefaultLocale( IN BOOLEAN ThreadOrSystem, OUT PLCID Locale ); NTSYSAPI NTSTATUS NTAPI NtQueryDebugFilterState( IN ULONG ComponentId, IN ULONG Level ); NTSYSAPI NTSTATUS NTAPI NtQueryBootOptions( IN ULONG Unknown1, IN ULONG Unknown2 ); NTSYSAPI NTSTATUS NTAPI NtQueryBootEntryOrder( IN ULONG Unknown1, IN ULONG Unknown2 ); NTSYSAPI NTSTATUS NTAPI NtQueryAttributesFile( IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PFILE_BASIC_INFORMATION FileInformation ); NTSYSAPI NTSTATUS NTAPI NtPulseEvent( IN HANDLE EventHandle, OUT PULONG PreviousState OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtProtectVirtualMemory( IN HANDLE ProcessHandle, IN OUT PVOID *BaseAddress, IN OUT PULONG ProtectSize, IN ULONG NewProtect, OUT PULONG OldProtect ); NTSYSAPI NTSTATUS NTAPI NtPrivilegedServiceAuditAlarm( IN PUNICODE_STRING SubsystemName, IN PUNICODE_STRING ServiceName, IN HANDLE TokenHandle, IN PPRIVILEGE_SET Privileges, IN BOOLEAN AccessGranted ); NTSYSAPI NTSTATUS NTAPI NtPrivilegeObjectAuditAlarm( IN PUNICODE_STRING SubsystemName, IN PVOID HandleId, IN HANDLE TokenHandle, IN ACCESS_MASK DesiredAccess, IN PPRIVILEGE_SET Privileges, IN BOOLEAN AccessGranted ); NTSYSAPI NTSTATUS NTAPI NtPrivilegeCheck( IN HANDLE TokenHandle, IN PPRIVILEGE_SET RequiredPrivileges, OUT PBOOLEAN Result ); NTSYSAPI NTSTATUS NTAPI NtPowerInformation( IN POWER_INFORMATION_LEVEL PowerInformationLevel, IN PVOID InputBuffer OPTIONAL, IN ULONG InputBufferLength, OUT PVOID OutputBuffer OPTIONAL, IN ULONG OutputBufferLength ); NTSYSAPI NTSTATUS NTAPI NtPlugPlayControl( IN ULONG ControlCode, IN OUT PVOID Buffer, IN ULONG BufferLength ); NTSYSAPI NTSTATUS NTAPI NtPlugPlayControl( IN ULONG ControlCode, IN OUT PVOID Buffer, IN ULONG BufferLength, IN PVOID Unknown OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtOpenTimer( OUT PHANDLE TimerHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSAPI NTSTATUS NTAPI NtOpenThreadTokenEx( IN HANDLE ThreadHandle, IN ACCESS_MASK DesiredAccess, IN BOOLEAN OpenAsSelf, IN ULONG HandleAttributes, OUT PHANDLE TokenHandle ); NTSYSAPI NTSTATUS NTAPI NtOpenThreadToken( IN HANDLE ThreadHandle, IN ACCESS_MASK DesiredAccess, IN BOOLEAN OpenAsSelf, OUT PHANDLE TokenHandle ); NTSYSAPI NTSTATUS NTAPI NtOpenThread( OUT PHANDLE ThreadHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN PCLIENT_ID ClientId ); NTSYSAPI NTSTATUS NTAPI NtOpenSymbolicLinkObject( OUT PHANDLE SymbolicLinkHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSAPI NTSTATUS NTAPI NtOpenSemaphore( OUT PHANDLE SemaphoreHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSAPI NTSTATUS NTAPI NtOpenSection( OUT PHANDLE SectionHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSAPI NTSTATUS NTAPI NtOpenProcessTokenEx( IN HANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, IN ULONG HandleAttributes, OUT PHANDLE TokenHandle ); NTSYSAPI NTSTATUS NTAPI NtOpenProcessToken( IN HANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, OUT PHANDLE TokenHandle ); NTSYSAPI NTSTATUS NTAPI NtOpenProcess( OUT PHANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN PCLIENT_ID ClientId OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtOpenObjectAuditAlarm( IN PUNICODE_STRING SubsystemName, IN PVOID *HandleId, IN PUNICODE_STRING ObjectTypeName, IN PUNICODE_STRING ObjectName, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN HANDLE TokenHandle, IN ACCESS_MASK DesiredAccess, IN ACCESS_MASK GrantedAccess, IN PPRIVILEGE_SET Privileges OPTIONAL, IN BOOLEAN ObjectCreation, IN BOOLEAN AccessGranted, OUT PBOOLEAN GenerateOnClose ); NTSYSAPI NTSTATUS NTAPI NtOpenMutant( OUT PHANDLE MutantHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSAPI NTSTATUS NTAPI NtOpenKeyedEvent( OUT PHANDLE KeyedEventHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSAPI NTSTATUS NTAPI NtOpenKey( OUT PHANDLE KeyHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSAPI NTSTATUS NTAPI NtOpenJobObject( OUT PHANDLE JobHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSAPI NTSTATUS NTAPI NtOpenIoCompletion( OUT PHANDLE IoCompletionHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSAPI NTSTATUS NTAPI NtOpenFile( OUT PHANDLE FileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK IoStatusBlock, IN ULONG ShareAccess, IN ULONG OpenOptions ); NTSYSAPI NTSTATUS NTAPI NtOpenEventPair( OUT PHANDLE EventPairHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSAPI NTSTATUS NTAPI NtOpenEvent( OUT PHANDLE EventHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSAPI NTSTATUS NTAPI NtOpenDirectoryObject( OUT PHANDLE DirectoryHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSAPI NTSTATUS NTAPI NtNotifyChangeMultipleKeys( IN HANDLE KeyHandle, IN ULONG Flags, IN POBJECT_ATTRIBUTES KeyObjectAttributes, IN HANDLE EventHandle OPTIONAL, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, IN ULONG NotifyFilter, IN BOOLEAN WatchSubtree, IN PVOID Buffer, IN ULONG BufferLength, IN BOOLEAN Asynchronous ); NTSYSAPI NTSTATUS NTAPI NtNotifyChangeKey( IN HANDLE KeyHandle, IN HANDLE EventHandle OPTIONAL, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, IN ULONG NotifyFilter, IN BOOLEAN WatchSubtree, IN PVOID Buffer, IN ULONG BufferLength, IN BOOLEAN Asynchronous ); NTSYSAPI NTSTATUS NTAPI NtNotifyChangeDirectoryFile( IN HANDLE FileHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, OUT PFILE_NOTIFY_INFORMATION Buffer, IN ULONG BufferLength, IN ULONG NotifyFilter, IN BOOLEAN WatchSubtree ); NTSYSAPI NTSTATUS NTAPI NtModifyDriverEntry( IN PUNICODE_STRING DriverName, IN PUNICODE_STRING DriverPath ); NTSYSAPI NTSTATUS NTAPI NtModifyBootEntry( IN PUNICODE_STRING EntryName, IN PUNICODE_STRING EntryValue ); NTSYSAPI NTSTATUS NTAPI NtMapViewOfSection( IN HANDLE SectionHandle, IN HANDLE ProcessHandle, IN OUT PVOID *BaseAddress, IN ULONG ZeroBits, IN ULONG CommitSize, IN OUT PLARGE_INTEGER SectionOffset OPTIONAL, IN OUT PULONG ViewSize, IN SECTION_INHERIT InheritDisposition, IN ULONG AllocationType, IN ULONG Protect ); NTSYSAPI NTSTATUS NTAPI NtMapUserPhysicalPagesScatter( IN PVOID *BaseAddresses, IN PULONG NumberOfPages, IN PULONG PageFrameNumbers ); NTSYSAPI NTSTATUS NTAPI NtMapUserPhysicalPages( IN PVOID BaseAddress, IN PULONG NumberOfPages, IN PULONG PageFrameNumbers ); NTSYSAPI NTSTATUS NTAPI NtMakeTemporaryObject( IN HANDLE Handle ); NTSYSAPI NTSTATUS NTAPI NtMakePermanentObject( IN HANDLE Object ); NTSYSAPI NTSTATUS NTAPI NtLockVirtualMemory( IN HANDLE ProcessHandle, IN OUT PVOID *BaseAddress, IN OUT PULONG LockSize, IN ULONG LockType ); NTSYSAPI NTSTATUS NTAPI NtLockRegistryKey( IN HANDLE Key ); NTSYSAPI NTSTATUS NTAPI NtLockProductActivationKeys( IN OUT PULONG ProductBuild OPTIONAL, OUT PSAFEBOOT_MODE InitSafeBootMode OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtLockFile( IN HANDLE FileHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PULARGE_INTEGER LockOffset, IN PULARGE_INTEGER LockLength, IN ULONG Key, IN BOOLEAN FailImmediately, IN BOOLEAN ExclusiveLock ); NTSYSAPI NTSTATUS NTAPI NtLoadKey2( IN POBJECT_ATTRIBUTES KeyObjectAttributes, IN POBJECT_ATTRIBUTES FileObjectAttributes, IN ULONG Flags ); NTSYSAPI NTSTATUS NTAPI NtLoadKey( IN POBJECT_ATTRIBUTES KeyObjectAttributes, IN POBJECT_ATTRIBUTES FileObjectAttributes ); NTSYSAPI NTSTATUS NTAPI NtLoadDriver( IN PUNICODE_STRING DriverServiceName ); NTSYSAPI NTSTATUS NTAPI NtListenPort( IN HANDLE PortHandle, OUT PPORT_MESSAGE Message ); NTSYSAPI NTSTATUS NTAPI NtFreeUserPhysicalPages( IN HANDLE ProcessHandle, IN OUT PULONG NumberOfPages, IN PULONG PageFrameNumbers ); NTSYSAPI NTSTATUS NTAPI NtFreeVirtualMemory( IN HANDLE ProcessHandle, IN OUT PVOID *BaseAddress, IN OUT PULONG FreeSize, IN ULONG FreeType ); NTSYSAPI NTSTATUS NTAPI NtFsControlFile( IN HANDLE FileHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, IN ULONG FsControlCode, IN PVOID InputBuffer OPTIONAL, IN ULONG InputBufferLength, OUT PVOID OutputBuffer OPTIONAL, IN ULONG OutputBufferLength ); NTSYSAPI NTSTATUS NTAPI NtGetContextThread( IN HANDLE ThreadHandle, OUT PCONTEXT Context ); NTSYSAPI NTSTATUS NTAPI NtGetDevicePowerState( IN HANDLE DeviceHandle, OUT PDEVICE_POWER_STATE DevicePowerState ); NTSYSAPI NTSTATUS NTAPI NtGetPlugPlayEvent( IN ULONG Reserved1, IN ULONG Reserved2, OUT PVOID Buffer, IN ULONG BufferLength ); NTSYSAPI NTSTATUS NTAPI NtGetWriteWatch( IN HANDLE ProcessHandle, IN ULONG Flags, IN PVOID BaseAddress, IN ULONG RegionSize, OUT PULONG Buffer, IN OUT PULONG BufferEntries, OUT PULONG Granularity ); NTSYSAPI NTSTATUS NTAPI NtImpersonateAnonymousToken( IN HANDLE ThreadHandle ); NTSYSAPI NTSTATUS NTAPI NtImpersonateClientOfPort( IN HANDLE PortHandle, IN PPORT_MESSAGE Message ); NTSYSAPI NTSTATUS NTAPI NtImpersonateThread( IN HANDLE ThreadHandle, IN HANDLE TargetThreadHandle, IN PSECURITY_QUALITY_OF_SERVICE SecurityQos ); NTSYSAPI NTSTATUS NTAPI NtInitializeRegistry( IN BOOLEAN Setup ); NTSYSAPI NTSTATUS NTAPI NtInitiatePowerAction( IN POWER_ACTION SystemAction, IN SYSTEM_POWER_STATE MinSystemState, IN ULONG Flags, IN BOOLEAN Asynchronous ); NTSYSAPI NTSTATUS NTAPI NtIsProcessInJob( IN HANDLE ProcessHandle, IN HANDLE JobHandle OPTIONAL ); NTSYSAPI BOOLEAN NTAPI NtIsSystemResumeAutomatic( VOID );
时间: 2024-10-15 11:59:38