Windows NT/2000 Native API Reference, 1st edition
Published by Sams Publishing (February 10th 2000) - Copyright © 2000
1st edition
Unfortunately, this item is not available in your country.
Overview
Windows NT/2000 Native API Reference is absolutely unique. Currently, documentation on WIndows NT's native APIs can only be found through access to the source code or occasionally Web sites where people have chosen to share bits of insight gained through reverse engineering. This book provides the first complete reference to the API functions native to Windows NT and covers the set of services that are offered by Windows NT to both kernel- and user-mode programs. Ideal for the intermediate and advanced level user- and kernel-mode developers of Windows systems, this books is devoted to the NT native API and consists of documentation of the 210 routines included in the API. Also included are all the functions added in Windows 2000.
Table of contents
Introduction.
Chapter 1. System Information and Control.
ZwQuerySystemInformation. ZwSetSystemInformation. SYSTEM_INFORMATION_CLASS. SystemBasicInformation. SystemProcessorInformation. SystemPerformanceInformation. SystemTimeOfDayInformation. SystemProcessesAndThreadsInformation. SystemCallCounts. SystemConfigurationInformation. SystemProcessorTimes. SystemGlobalFlag. SystemModuleInformation. SystemLockInformation. SystemHandleInformation. SystemObjectInformation. SystemPagefileInformation. SystemInstructionEmulationCounts. SystemCacheInformation. SystemPoolTagInformation. SystemProcessorStatistics. SystemDpcInformation. SystemLoadImage. SystemUnloadImage. SystemTimeAdjustment. SystemCrashDumpInformation. SystemExceptionInformation. SystemCrashDumpStateInformation. SystemKernelDebuggerInformation. SystemContextSwitchInformation. SystemRegistryQuotaInformation. SystemLoadAndCallImage. SystemPrioritySeparation. SystemTimeZoneInformation. SystemLookasideInformation. SystemSetTimeSlipEvent. SystemCreateSession. SystemDeleteSession. SystemRangeStartInformation. SystemVerifierInformation. SystemAddVerifier. SystemSessionProcessesInformation. SystemPoolBlocksInformation. SystemMemoryUsageInformation. Example 1.1: A Partial ToolHelp Library Implementation. Example 1.2: Listing Open Handles of a Process. ZwQuerySystemEnvironmentValue. ZwSetSystemEnvironmentValue. ZwSystemDebugControl. Example 1.3: Setting an Internal Breakpoint. Example 1.4: Getting Trace Information.
2. Objects, Object Directories, and Symbolic Links.
Object Attributes. ZwQueryObject. ZwSetInformationObject. OBJECT_INFORMATION_CLASS. ObjectBasicInformation. ObjectNameInformation. ObjectTypeInformation. ObjectAllTypesInformation. ObjectHandleInformation. ZwDuplicateObject. ZwMakeTemporaryObject. ZwClose. Example 2.1: Listing Open Handles of a Process. ZwQuerySecurityObject. ZwSetSecurityObject. ZwCreateDirectoryObject. ZwOpenDirectoryObject. ZwQueryDirectoryObject. ZwCreateSymbolicLinkObject. ZwOpenSymbolicLinkObject. ZwQuerySymbolicLinkObject.
3. Virtual Memory.
ZwAllocateVirtualMemory. ZwFreeVirtualMemory. ZwQueryVirtualMemory. MEMORY_INFORMATION_CLASS. MemoryBasicInformation. MemoryWorkingSetList. MemorySectionName. ZwLockVirtualMemory. ZwUnlockVirtualMemory . ZwReadVirtualMemory. ZwWriteVirtualMemory. ZwProtectVirtualMemory. ZwFlushVirtualMemory. ZwAllocateUserPhysicalPages. ZwFreeUserPhysicalPages. ZwMapUserPhysicalPages. ZwMapUserPhysicalPagesScatter. ZwGetWriteWatch. ZwResetWriteWatch.
4. Sections.
ZwCreateSection. ZwOpenSection. ZwQuerySection. SECTION_INFORMATION_CLASS. SectionBasicInformation. SectionImageInformation. ZwExtendSection. ZwMapViewOfSection. ZwUnmapViewOfSection. ZwAreMappedFilesTheSame. <@CHAPTER = 5. Threads.
ZwCreateThread. ZwOpenThread. ZwTerminateThread. ZwQueryInformationThread. ZwSetInformationThread. THREADINFOCLASS. ThreadBasicInformation. ThreadPriority. ThreadBasePriority. ThreadAffinityMask. ThreadImpersonationToken. ThreadEnableAlignmentFaultFixup. ThreadEventPair. ThreadQuerySetWin32StartAddress. ThreadZeroTlsCell. ThreadPerformanceCount. ThreadAmILastThread. ThreadIdealProcessor. ThreadPriorityBoost. ThreadSetTlsArrayAddress. ThreadIsIoPending. ThreadHideFromDebugger. SuspendThread. ZwResumeThread. ZwGetContextThread. ZwSetContextThread. ZwQueueApcThread. ZwTestAlert. ZwAlertThread. ZwAlertResumeThread. ZwRegisterThreadTerminatePort. ZwImpersonateThread. ZwImpersonateAnonymousToken.
6. Processes.
ZwCreateProcess. ZwOpenProcess. ZwTerminateProcess. ZwQueryInformationProcess. ZwSetInformationProcess. PROCESSINFOCLASS. ProcessBasicInformation. ProcessQuotaLimits. ProcessIoCounters. ProcessVmCounters. ProcessTimes. ProcessBasePriority. ProcessRaisePriority. ProcessDebugPort. ProcessExceptionPort. ProcessAccessToken. ProcessDefaultHardErrorMode. ProcessPooledUsageAndLimits. ProcessWorkingSetWatch. ProcessUserModeIOPL. ProcessEnableAlignmentFaultFixup. ProcessPriorityClass. ProcessWx86Information. ProcessHandleCount. ProcessAffinityMask. ProcessPriorityBoost. ProcessDeviceMap. ProcessSessionInformation. ProcessForegroundInformation. ProcessWow64Information. RtlCreateProcessParameters. RtlDestroyProcessParameters. PROCESS_PARAMETERS. RtlCreateQueryDebugBuffer. RtlQueryProcessDebugInformation. RtlDestroyQueryDebugBuffer. DEBUG_BUFFER. Debug_module_information. debug_heap_information. Debug_lock_information. Example 6.1: Forking a Win32 Process. Example 6.2: Creating a Win32 Process. Example 6.3: Using RtlQueryProcessDebugInformation to Extend ToolHelp. Library Implementation.
7. Jobs.
ZwCreateJobObject. ZwOpenJobObject. ZwTerminateJobObject. ZwAssignProcessToJobObject. ZwQueryInformationJobObject. ZwSetInformationJobObject. JOBOBJECTINFOCLASS. JobObjectBasicAccountingInformation. JobObjectBasicLimitInformation. JobObjectBasicProcessIdList. JobObjectBasicUIRestrictions. JobObjectSecurityLimitInformation. JobObjectEndOfJobTimeInformation. JobObjectAssociateCompletionPortInformation. JobObjectBasicAndIoAccountingInformation. JobObjectExtendedLimitInformation.
8. Tokens.
ZwCreateToken. ZwOpenProcessToken. ZwOpenThreadToken. ZwDuplicateToken. ZwFilterToken. ZwAdjustPrivilegesToken. ZwAdjustGroupsToken. ZwQueryInformationToken. ZwSetInformationToken. TOKEN_INFORMATION_CLASS. TokenUser. TokenGroups and TokenRestrictedSids. TokenPrivileges. TokenOwner. TokenPrimaryGroup. TokenDefaultDacl. TokenSource. TokenType. TokenImpersonationLevel. TokenStatistics. TokenSessionId. Example 8.1: Creating Command Window for the SYSTEM User.
9. Synchronization.
ZwWaitForSingleObject. ZwSignalAndWaitForSingleObject. ZwWaitForMultipleObjects. ZwCreateTimer. ZwOpenTimer. ZwCancelTimer. ZwSetTimer. ZwQueryTimer. TIMER_INFORMATION_CLASS. TimerBasicInformation. ZwCreateEvent. ZwOpenEvent. ZwSetEvent. ZwPulseEvent. ZwResetEvent. ZwClearEvent. ZwQueryEvent. EVENT_INFORMATION_CLASS. EventBasicInformation. ZwCreateSemaphore. ZwOpenSemaphore. ZwReleaseSemaphore. ZwQuerySemaphore. SEMAPHORE_INFORMATION_CLASS. SemaphoreBasicInformation. ZwCreateMutant. ZwOpenMutant. ZwReleaseMutant. ZwQueryMutant. MUTANT_INFORMATION_CLASS. MutantBasicInformation. ZwCreateIoCompletion. ZwOpenIoCompletion. ZwSetIoCompletion. ZwRemoveIoCompletion. ZwQueryIoCompletion. IO_COMPLETION_INFORMATION_CLASS. IoCompletionBasicInformation. ZwCreateEventPair. ZwOpenEventPair. ZwWaitLowEventPair. ZwWaitHighEventPair. ZwSetLowWaitHighEventPair. ZwSetHighWaitLowEventPair. ZwSetLowEventPair. ZwSetHighEventPair.
10. Time.
ZwQuerySystemTime. ZwSetSystemTime. ZwQueryPerformanceCounter. ZwSetTimerResolution. ZwQueryTimerResolution. ZwDelayExecution. ZwYieldExecution. ZwGetTickCount.
11. Execution Profiling.
KPROFILE_SOURCE. ZwCreateProfile. ZwSetIntervalProfile. ZwQueryIntervalProfile. ZwStartProfile. ZwStopProfile. Example 11.1: Profiling the Kernel.
12. Ports (Local Procedure Calls).
PORT_MESSAGE. PORT_SECTION_WRITE. PORT_SECTION_READ. ZwCreatePort. ZwCreateWaitablePort. ZwConnectPort. ZwSecureConnectPort. ZwListenPort. ZwAcceptConnectPort. ZwCompleteConnectPort. ZwRequestPort. ZwRequestWaitReplyPort. ZwReplyPort. ZwReplyWaitReplyPort. ZwReplyWaitReceivePort. ZwReplyWaitReceivePortEx. ZwReadRequestData. ZwWriteRequestData. ZwQueryInformationPort. PORT_INFORMATION_CLASS. PortBasicInformation. ZwImpersonateClientOfPort. Example 12.1: Connecting to a amed Port.
13. Files.
ZwCreateFile. ZwOpenFile. ZwDeleteFile. ZwFlushBuffersFile. ZwCancelIoFile. ZwReadFile. ZwWriteFile. ZwReadFileScatter. ZwWriteFileGather. ZwLockFile. ZwUnlockFile. ZwDeviceIoControlFile. ZwFsControlFile. ZwNotifyChangeDirectoryFile. FILE_NOTIFY_INFORMATION. ZwQueryEaFile. ZwSetEaFile. FILE_FULL_EA_INFORMATION. FILE_GET_EA_INFORMATION. ZwCreateNamedPipeFile. ZwCreateMailslotFile. ZwQueryVolumeInformationFile. ZwSetVolumeInformationFile. FS_INFORMATION_CLASS. FileFsVolumeInformation. FileFsLabelInformation. FileFsSizeInformation. FileFsDeviceInformation. FileFsAttributeInformation. FileFsControlInformation. FileFsFullSizeInformation. FileFsObjectIdInformation. ZwQueryQuotaInformationFile. ZwSetQuotaInformationFile. FILE_USER_QUOTA_INFORMATION. FILE_QUOTA_LIST_INFORMATION. ZwQueryAttributesFile. ZwQueryFullAttributesFile. ZwQueryInformationFile. ZwSetInformationFile. ZwQueryDirectoryFile. ZwQueryOleDirectoryFile. FILE_INFORMATION_CLASS. FileDirectoryInformation. FileFullDirectoryInformation. FileBothDirectoryInformation. FileBasicInformation. FileStandardInformation. FileInternalInformation. FileEaInformation. FileAccessInformation. FileNameInformation. FileRenameInformation and FileLinkInformation. FileNamesInformation. FileDispositionInformation. FilePositionInformation. FileModeInformation. FileAlignmentInformation. FileAllInformation. FileAllocationInformation. FileEndOfFileInformation. FileStreamInformation. FilePipeInformation. FilePipeLocalInformation. FilePipeRemoteInformation. FileMailslotQueryInformation. FileMailslotSetInformation. FileCompressionInformation. FileObjectIdInformation. FileCompletionInformation. FileMoveClusterInformation. FileQuotaInformation. FileReparsePointInformation. FileNetworkOpenInformation. FileAttributeTagInformation. Example 13.1: Opening a ile by File Identifier.
14. Registry Keys.
ZwCreateKey. ZwOpenKey. ZwDeleteKey. ZwFlushKey. ZwSaveKey. ZwSaveMergedKeys. ZwRestoreKey. ZwLoadKey. ZwLoadKey2. ZwUnloadKey. ZwQueryOpenSubKeys. ZwReplaceKey. ZwSetInformationKey. KEY_SET_INFORMATION_CLASS. KeyLastWriteTimeInformation. ZwQueryKey. ZwEnumerateKey. KEY_INFORMATION_CLASS. KeyBasicInformation. KeyNodeInformation. KeyFullInformation. KeyNameInformation. ZwNotifyChangeKey. ZwNotifyChangeMultipleKeys. ZwDeleteValueKey. ZwSetValueKey. ZwQueryValueKey. ZwEnumerateValueKey. KEY_VALUE_INFORMATION_CLASS. KeyValueBasicInformation. KeyValueFullInformation and KeyValueFullInformationAlign64. KeyValuePartialInformation. ZwQueryMultipleValueKey KEY_VALUE_ENTRY. ZwInitializeRegistry.
15. Security and Auditing.
ZwPrivilegeCheck. ZwPrivilegeObjectAuditAlarm. ZwPrivilegedServiceAuditAlarm. ZwAccessCheck. ZwAccessCheckAndAuditAlarm. ZwAccessCheckByType. ZwAccessCheckByTypeAndAuditAlarm. ZwAccessCheckByTypeResultList. ZwAccessCheckByTypeResultListAndAuditAlarm. ZwAccessCheckByTypeResultListAndAuditAlarmByHandle. ZwOpenObjectAuditAlarm. ZwCloseObjectAuditAlarm. ZwDeleteObjectAuditAlarm.
16. Plug and Play and Power Management.
ZwRequestWakeupLatency. ZwRequestDeviceWakeup. ZwCancelDeviceWakeupRequest. ZwIsSystemResumeAutomatic. ZwSetThreadExecutionState. ZwGetDevicePowerState. ZwSetSystemPowerState. ZwInitiatePowerAction. ZwPowerInformation. POWER_INFORMATION_LEVEL. SystemPowerPolicyAc, SystemPowerPolicyDc, SystemPowerPolicyCurrent. SystemPowerCapabilities. SystemBatteryState. SystemPowerStateHandler. ProcessorStateHandler. AdministratorPowerPolicy. ProcessorInformation. SystemPowerInformation. ZwPlugPlayControl. ZwGetPlugPlayEvent.
17.Miscellany.
ZwRaiseException. ZwContinue. ZwW32Call. ZwCallbackReturn. ZwSetLowWaitHighThread. ZwSetHighWaitLowThread. ZwLoadDriver. ZwUnloadDriver. ZwFlushInstructionCache. ZwFlushWriteBuffer. ZwQueryDefaultLocale. ZwSetDefaultLocale. ZwQueryDefaultUILanguage. ZwSetDefaultUILanguage. ZwQueryInstallUILanguage. ZwAllocateLocallyUniqueId. ZwAllocateUuids. ZwSetUuidSeed. ZwRaiseHardError. ZwSetDefaultHardErrorPort. ZwDisplayString. ZwCreatePagingFile. ZwAddAtom. ZwFindAtom. ZwDeleteAtom. ZwQueryInformationAtom. ATOM_INFORMATION_CLASS. AtomBasicInformation. AtomListInformation. ZwSetLdtEntries. ZwVdmControl. Unimplemented System Services.
Appendix A: Calling System Services from Kernel Mode.
Example A.1: Re-Implementing NtQueryEvent. Example A.2: Dynamically Binding to ntdll.dll.
Appendix B: Intel Platform-Specific Entry Points to Kernel Mode.
KiTrap03. KiTrap04. KiGetTickCount. KiCallbackReturn. KiSetLowWaitHighThread. KiDebugService. KiSystemService.
Appendix C: Exceptions and Debugging.
Example C.1: Pseudocode for KiDispatchException. Example C.2: Pseudocode for KiUserExceptionDispatcher. The Kernel Debugger. Example C.3: Pseudocode for DebugService. User Mode Debuggers. DEBUG_MESSAGE. Debug Message outing. Value Added by the Routing Process. OutputDebugString. Tracing Calls to Routines Exported by DLLs. Example C.4: A Trace Utility.
Appendix D: NTFS On-Disk Structure.
NTFS_RECORD_HEADER. FILE_RECORD_HEADER. ATTRIBUTE. RESIDENT_ATTRIBUTE. NONRESIDENT_ATTRIBUTE. AttributeStandardInformation. AttributeAttributeList. AttributeFileName. AttributeObjectId. AttributeSecurityDescriptor. AttributeVolumeName. AttributeVolumeInformation. AttributeData. AttributeIndexRoot. AttributeIndexAllocation. DIRECTORY_INDEX. DIRECTORY_ENTRY. AttributeBitmap. AttributeReparsePoint. AttributeEAInformation. AttributeEA. AttributePropertySet. AttributeLoggedUtilityStream. Special Files. Opening Special Files. Recovering Data from Deleted Files. Example D.1: Recovering Data from a File. Example D.2: Decompressing Recovered Data.
Index.
For teachers
All the material you need to teach your courses.
Discover teaching material