- Generated by
1.8.2
|
Process Hacker
|
Go to the source code of this file.
Data Structures | |
| struct | _PH_ENVIRONMENT_VARIABLE |
| struct | _PH_PROCESS_WS_COUNTERS |
| struct | _PH_ENUM_PROCESS_MODULES_PARAMETERS |
| struct | _PH_MODULE_INFO |
| struct | _PH_MAPPED_IMAGE |
| struct | _PH_REMOTE_MAPPED_IMAGE |
| struct | _PH_MAPPED_IMAGE_EXPORTS |
| struct | _PH_MAPPED_IMAGE_EXPORT_ENTRY |
| struct | _PH_MAPPED_IMAGE_EXPORT_FUNCTION |
| struct | _PH_MAPPED_IMAGE_IMPORTS |
| struct | _PH_MAPPED_IMAGE_IMPORT_DLL |
| struct | _PH_MAPPED_IMAGE_IMPORT_ENTRY |
| struct | _PH_MAPPED_ARCHIVE_MEMBER |
| struct | _PH_MAPPED_ARCHIVE |
| struct | _PH_MAPPED_ARCHIVE_IMPORT_ENTRY |
| struct | _PH_FILE_STREAM |
| struct | _PH_PROVIDER_REGISTRATION |
| struct | _PH_PROVIDER_THREAD |
| struct | _PH_INTEGER_PAIR |
| struct | _PH_RECTANGLE |
| union | _GUID_EX |
| struct | _PH_IMAGE_VERSION_INFO |
| struct | _PH_CREATE_PROCESS_INFO |
| struct | _PH_CREATE_PROCESS_AS_USER_INFO |
| struct | _PH_FLAG_MAPPING |
| struct | _PH_FILETYPE_FILTER |
| struct | _PH_HASH_CONTEXT |
| struct | _PH_COMMAND_LINE_OPTION |
Enumerations | |
| enum | _PH_PEB_OFFSET { PhpoCurrentDirectory, PhpoDllPath, PhpoImagePathName, PhpoCommandLine, PhpoWindowTitle, PhpoDesktopInfo, PhpoShellInfo, PhpoRuntimeData, PhpoTypeMask = 0xffff, PhpoWow64 = 0x10000 } |
| Specifies a PEB string. More... | |
| enum | _PH_MAPPED_ARCHIVE_MEMBER_TYPE { NormalArchiveMemberType, LinkerArchiveMemberType, LongnamesArchiveMemberType } |
| enum | _PH_SEEK_ORIGIN { SeekStart, SeekCurrent, SeekEnd } |
| enum | _PH_PROVIDER_THREAD_STATE { ProviderThreadRunning, ProviderThreadStopped, ProviderThreadStopping } |
| enum | _PH_HASH_ALGORITHM { Md5HashAlgorithm, Sha1HashAlgorithm, Crc32HashAlgorithm } |
| enum | _PH_COMMAND_LINE_OPTION_TYPE { NoArgumentType, MandatoryArgumentType, OptionalArgumentType } |
Functions | |
| PHLIBAPI NTSTATUS NTAPI | PhOpenProcess (_Out_ PHANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_ HANDLE ProcessId) |
| Opens a process. | |
| PHLIBAPI NTSTATUS NTAPI | PhOpenThread (_Out_ PHANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ HANDLE ThreadId) |
| Opens a thread. | |
| PHLIBAPI NTSTATUS NTAPI | PhOpenThreadProcess (_Out_ PHANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_ HANDLE ThreadHandle) |
| PHLIBAPI NTSTATUS NTAPI | PhOpenProcessToken (_Out_ PHANDLE TokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_ HANDLE ProcessHandle) |
| Opens a process token. | |
| PHLIBAPI NTSTATUS NTAPI | PhOpenThreadToken (_Out_ PHANDLE TokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_ HANDLE ThreadHandle, _In_ BOOLEAN OpenAsSelf) |
| Opens a thread token. | |
| PHLIBAPI NTSTATUS NTAPI | PhGetObjectSecurity (_In_ HANDLE Handle, _In_ SECURITY_INFORMATION SecurityInformation, _Out_ PSECURITY_DESCRIPTOR *SecurityDescriptor) |
| PHLIBAPI NTSTATUS NTAPI | PhSetObjectSecurity (_In_ HANDLE Handle, _In_ SECURITY_INFORMATION SecurityInformation, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor) |
| PHLIBAPI NTSTATUS NTAPI | PhTerminateProcess (_In_ HANDLE ProcessHandle, _In_ NTSTATUS ExitStatus) |
| Terminates a process. | |
| PHLIBAPI NTSTATUS NTAPI | PhSuspendProcess (_In_ HANDLE ProcessHandle) |
| Suspends a process' threads. | |
| PHLIBAPI NTSTATUS NTAPI | PhResumeProcess (_In_ HANDLE ProcessHandle) |
| Resumes a process' threads. | |
| PHLIBAPI NTSTATUS NTAPI | PhTerminateThread (_In_ HANDLE ThreadHandle, _In_ NTSTATUS ExitStatus) |
| Terminates a thread. | |
| PHLIBAPI NTSTATUS NTAPI | PhSuspendThread (_In_ HANDLE ThreadHandle, _Out_opt_ PULONG PreviousSuspendCount) |
| Suspends a thread. | |
| PHLIBAPI NTSTATUS NTAPI | PhResumeThread (_In_ HANDLE ThreadHandle, _Out_opt_ PULONG PreviousSuspendCount) |
| Resumes a thread. | |
| PHLIBAPI NTSTATUS NTAPI | PhGetThreadContext (_In_ HANDLE ThreadHandle, _Inout_ PCONTEXT Context) |
| Gets the processor context of a thread. | |
| PHLIBAPI NTSTATUS NTAPI | PhSetThreadContext (_In_ HANDLE ThreadHandle, _In_ PCONTEXT Context) |
| Sets the processor context of a thread. | |
| PHLIBAPI NTSTATUS NTAPI | PhReadVirtualMemory (_In_ HANDLE ProcessHandle, _In_ PVOID BaseAddress, _Out_writes_bytes_(BufferSize) PVOID Buffer, _In_ SIZE_T BufferSize, _Out_opt_ PSIZE_T NumberOfBytesRead) |
| Copies memory from another process into the current process. | |
| PHLIBAPI NTSTATUS NTAPI | PhWriteVirtualMemory (_In_ HANDLE ProcessHandle, _In_ PVOID BaseAddress, _In_reads_bytes_(BufferSize) PVOID Buffer, _In_ SIZE_T BufferSize, _Out_opt_ PSIZE_T NumberOfBytesWritten) |
| Copies memory from the current process into another process. | |
| PHLIBAPI NTSTATUS NTAPI | PhGetProcessImageFileName (_In_ HANDLE ProcessHandle, _Out_ PPH_STRING *FileName) |
| Gets the file name of the process' image. | |
| PHLIBAPI NTSTATUS NTAPI | PhGetProcessImageFileNameWin32 (_In_ HANDLE ProcessHandle, _Out_ PPH_STRING *FileName) |
| Gets the Win32 file name of the process' image. | |
| PHLIBAPI NTSTATUS NTAPI | PhGetProcessPebString (_In_ HANDLE ProcessHandle, _In_ PH_PEB_OFFSET Offset, _Out_ PPH_STRING *String) |
| Gets a string stored in a process' parameters structure. | |
| PHLIBAPI NTSTATUS NTAPI | PhGetProcessCommandLine (_In_ HANDLE ProcessHandle, _Out_ PPH_STRING *CommandLine) |
| Gets a process' command line. | |
| PHLIBAPI NTSTATUS NTAPI | PhGetProcessWindowTitle (_In_ HANDLE ProcessHandle, _Out_ PULONG WindowFlags, _Out_ PPH_STRING *WindowTitle) |
| Gets the window flags and window title of a process. | |
| PHLIBAPI NTSTATUS NTAPI | PhGetProcessIsPosix (_In_ HANDLE ProcessHandle, _Out_ PBOOLEAN IsPosix) |
| Gets whether the process is running under the POSIX subsystem. | |
| PHLIBAPI NTSTATUS NTAPI | PhGetProcessExecuteFlags (_In_ HANDLE ProcessHandle, _Out_ PULONG ExecuteFlags) |
| Gets a process' no-execute status. | |
| PHLIBAPI NTSTATUS NTAPI | PhGetProcessDepStatus (_In_ HANDLE ProcessHandle, _Out_ PULONG DepStatus) |
| PHLIBAPI NTSTATUS NTAPI | PhGetProcessPosixCommandLine (_In_ HANDLE ProcessHandle, _Out_ PPH_STRING *CommandLine) |
| Gets the POSIX command line of a process. | |
| PHLIBAPI NTSTATUS NTAPI | PhGetProcessEnvironment (_In_ HANDLE ProcessHandle, _In_ ULONG Flags, _Out_ PVOID *Environment, _Out_ PULONG EnvironmentLength) |
| Gets a process' environment block. | |
| PHLIBAPI BOOLEAN NTAPI | PhEnumProcessEnvironmentVariables (_In_ PVOID Environment, _In_ ULONG EnvironmentLength, _Inout_ PULONG EnumerationKey, _Out_ PPH_ENVIRONMENT_VARIABLE Variable) |
| PHLIBAPI NTSTATUS NTAPI | PhGetProcessMappedFileName (_In_ HANDLE ProcessHandle, _In_ PVOID BaseAddress, _Out_ PPH_STRING *FileName) |
| Gets the file name of a mapped section. | |
| PHLIBAPI NTSTATUS NTAPI | PhGetProcessWorkingSetInformation (_In_ HANDLE ProcessHandle, _Out_ PMEMORY_WORKING_SET_INFORMATION *WorkingSetInformation) |
| Gets working set information for a process. | |
| PHLIBAPI NTSTATUS NTAPI | PhGetProcessWsCounters (_In_ HANDLE ProcessHandle, _Out_ PPH_PROCESS_WS_COUNTERS WsCounters) |
| Gets working set counters for a process. | |
| PHLIBAPI NTSTATUS NTAPI | PhSetProcessIoPriority (_In_ HANDLE ProcessHandle, _In_ ULONG IoPriority) |
| Sets a process' I/O priority. | |
| PHLIBAPI NTSTATUS NTAPI | PhSetProcessExecuteFlags (_In_ HANDLE ProcessHandle, _In_ ULONG ExecuteFlags) |
| Sets a process' no-execute status. | |
| PHLIBAPI NTSTATUS NTAPI | PhSetProcessDepStatus (_In_ HANDLE ProcessHandle, _In_ ULONG DepStatus) |
| PHLIBAPI NTSTATUS NTAPI | PhSetProcessDepStatusInvasive (_In_ HANDLE ProcessHandle, _In_ ULONG DepStatus, _In_opt_ PLARGE_INTEGER Timeout) |
| PHLIBAPI NTSTATUS NTAPI | PhInjectDllProcess (_In_ HANDLE ProcessHandle, _In_ PWSTR FileName, _In_opt_ PLARGE_INTEGER Timeout) |
| Causes a process to load a DLL. | |
| PHLIBAPI NTSTATUS NTAPI | PhUnloadDllProcess (_In_ HANDLE ProcessHandle, _In_ PVOID BaseAddress, _In_opt_ PLARGE_INTEGER Timeout) |
| Causes a process to unload a DLL. | |
| PHLIBAPI NTSTATUS NTAPI | PhSetThreadIoPriority (_In_ HANDLE ThreadHandle, _In_ ULONG IoPriority) |
| Sets a thread's I/O priority. | |
| PHLIBAPI NTSTATUS NTAPI | PhGetJobProcessIdList (_In_ HANDLE JobHandle, _Out_ PJOBOBJECT_BASIC_PROCESS_ID_LIST *ProcessIdList) |
| NTSTATUS NTAPI | PhQueryTokenVariableSize (_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Out_ PVOID *Buffer) |
| Queries variable-sized information for a token. | |
| PHLIBAPI NTSTATUS NTAPI | PhGetTokenUser (_In_ HANDLE TokenHandle, _Out_ PTOKEN_USER *User) |
| Gets a token's user. | |
| PHLIBAPI NTSTATUS NTAPI | PhGetTokenOwner (_In_ HANDLE TokenHandle, _Out_ PTOKEN_OWNER *Owner) |
| Gets a token's owner. | |
| PHLIBAPI NTSTATUS NTAPI | PhGetTokenPrimaryGroup (_In_ HANDLE TokenHandle, _Out_ PTOKEN_PRIMARY_GROUP *PrimaryGroup) |
| Gets a token's primary group. | |
| PHLIBAPI NTSTATUS NTAPI | PhGetTokenGroups (_In_ HANDLE TokenHandle, _Out_ PTOKEN_GROUPS *Groups) |
| Gets a token's groups. | |
| PHLIBAPI NTSTATUS NTAPI | PhGetTokenPrivileges (_In_ HANDLE TokenHandle, _Out_ PTOKEN_PRIVILEGES *Privileges) |
| Gets a token's privileges. | |
| PHLIBAPI NTSTATUS NTAPI | PhSetTokenSessionId (_In_ HANDLE TokenHandle, _In_ ULONG SessionId) |
| PHLIBAPI BOOLEAN NTAPI | PhSetTokenPrivilege (_In_ HANDLE TokenHandle, _In_opt_ PWSTR PrivilegeName, _In_opt_ PLUID PrivilegeLuid, _In_ ULONG Attributes) |
| Modifies a token privilege. | |
| PHLIBAPI BOOLEAN NTAPI | PhSetTokenPrivilege2 (_In_ HANDLE TokenHandle, _In_ LONG Privilege, _In_ ULONG Attributes) |
| PHLIBAPI NTSTATUS NTAPI | PhSetTokenIsVirtualizationEnabled (_In_ HANDLE TokenHandle, _In_ BOOLEAN IsVirtualizationEnabled) |
| Sets whether virtualization is enabled for a token. | |
| PHLIBAPI NTSTATUS NTAPI | PhGetTokenIntegrityLevel (_In_ HANDLE TokenHandle, _Out_opt_ PMANDATORY_LEVEL IntegrityLevel, _Out_opt_ PWSTR *IntegrityString) |
| Gets a token's integrity level. | |
| PHLIBAPI NTSTATUS NTAPI | PhGetFileSize (_In_ HANDLE FileHandle, _Out_ PLARGE_INTEGER Size) |
| PHLIBAPI NTSTATUS NTAPI | PhSetFileSize (_In_ HANDLE FileHandle, _In_ PLARGE_INTEGER Size) |
| PHLIBAPI NTSTATUS NTAPI | PhGetTransactionManagerBasicInformation (_In_ HANDLE TransactionManagerHandle, _Out_ PTRANSACTIONMANAGER_BASIC_INFORMATION BasicInformation) |
| PHLIBAPI NTSTATUS NTAPI | PhGetTransactionManagerLogFileName (_In_ HANDLE TransactionManagerHandle, _Out_ PPH_STRING *LogFileName) |
| PHLIBAPI NTSTATUS NTAPI | PhGetTransactionBasicInformation (_In_ HANDLE TransactionHandle, _Out_ PTRANSACTION_BASIC_INFORMATION BasicInformation) |
| PHLIBAPI NTSTATUS NTAPI | PhGetTransactionPropertiesInformation (_In_ HANDLE TransactionHandle, _Out_opt_ PLARGE_INTEGER Timeout, _Out_opt_ TRANSACTION_OUTCOME *Outcome, _Out_opt_ PPH_STRING *Description) |
| PHLIBAPI NTSTATUS NTAPI | PhGetResourceManagerBasicInformation (_In_ HANDLE ResourceManagerHandle, _Out_opt_ PGUID Guid, _Out_opt_ PPH_STRING *Description) |
| PHLIBAPI NTSTATUS NTAPI | PhGetEnlistmentBasicInformation (_In_ HANDLE EnlistmentHandle, _Out_ PENLISTMENT_BASIC_INFORMATION BasicInformation) |
| NTSTATUS NTAPI | PhOpenDriverByBaseAddress (_Out_ PHANDLE DriverHandle, _In_ PVOID BaseAddress) |
| Opens a driver object using a base address. | |
| NTSTATUS NTAPI | PhGetDriverName (_In_ HANDLE DriverHandle, _Out_ PPH_STRING *Name) |
| Gets the object name of a driver. | |
| NTSTATUS NTAPI | PhGetDriverServiceKeyName (_In_ HANDLE DriverHandle, _Out_ PPH_STRING *ServiceKeyName) |
| Gets the service key name of a driver. | |
| PHLIBAPI NTSTATUS NTAPI | PhUnloadDriver (_In_opt_ PVOID BaseAddress, _In_opt_ PWSTR Name) |
| Unloads a driver. | |
| PHLIBAPI NTSTATUS NTAPI | PhDuplicateObject (_In_ HANDLE SourceProcessHandle, _In_ HANDLE SourceHandle, _In_opt_ HANDLE TargetProcessHandle, _Out_opt_ PHANDLE TargetHandle, _In_ ACCESS_MASK DesiredAccess, _In_ ULONG HandleAttributes, _In_ ULONG Options) |
| Duplicates a handle. | |
| PHLIBAPI NTSTATUS NTAPI | PhEnumProcessModules (_In_ HANDLE ProcessHandle, _In_ PPH_ENUM_PROCESS_MODULES_CALLBACK Callback, _In_opt_ PVOID Context) |
| Enumerates the modules loaded by a process. | |
| PHLIBAPI NTSTATUS NTAPI | PhEnumProcessModulesEx (_In_ HANDLE ProcessHandle, _In_ PPH_ENUM_PROCESS_MODULES_PARAMETERS Parameters) |
| Enumerates the modules loaded by a process. | |
| PHLIBAPI NTSTATUS NTAPI | PhSetProcessModuleLoadCount (_In_ HANDLE ProcessHandle, _In_ PVOID BaseAddress, _In_ ULONG LoadCount) |
| Sets the load count of a process module. | |
| PHLIBAPI NTSTATUS NTAPI | PhEnumProcessModules32 (_In_ HANDLE ProcessHandle, _In_ PPH_ENUM_PROCESS_MODULES_CALLBACK Callback, _In_opt_ PVOID Context) |
| Enumerates the 32-bit modules loaded by a process. | |
| PHLIBAPI NTSTATUS NTAPI | PhEnumProcessModules32Ex (_In_ HANDLE ProcessHandle, _In_ PPH_ENUM_PROCESS_MODULES_PARAMETERS Parameters) |
| Enumerates the 32-bit modules loaded by a process. | |
| PHLIBAPI NTSTATUS NTAPI | PhSetProcessModuleLoadCount32 (_In_ HANDLE ProcessHandle, _In_ PVOID BaseAddress, _In_ ULONG LoadCount) |
| Sets the load count of a 32-bit process module. | |
| PHLIBAPI NTSTATUS NTAPI | PhGetProcedureAddressRemote (_In_ HANDLE ProcessHandle, _In_ PWSTR FileName, _In_opt_ PSTR ProcedureName, _In_opt_ ULONG ProcedureNumber, _Out_ PVOID *ProcedureAddress, _Out_opt_ PVOID *DllBase) |
| Gets the address of a procedure in a process. | |
| PHLIBAPI NTSTATUS NTAPI | PhEnumKernelModules (_Out_ PRTL_PROCESS_MODULES *Modules) |
| Enumerates the modules loaded by the kernel. | |
| NTSTATUS NTAPI | PhEnumKernelModulesEx (_Out_ PRTL_PROCESS_MODULE_INFORMATION_EX *Modules) |
| Enumerates the modules loaded by the kernel. | |
| PHLIBAPI PPH_STRING NTAPI | PhGetKernelFileName (VOID) |
| Gets the file name of the kernel image. | |
| PHLIBAPI NTSTATUS NTAPI | PhEnumProcesses (_Out_ PVOID *Processes) |
| Enumerates the running processes. | |
| PHLIBAPI NTSTATUS NTAPI | PhEnumProcessesEx (_Out_ PVOID *Processes, _In_ SYSTEM_INFORMATION_CLASS SystemInformationClass) |
| Enumerates the running processes. | |
| PHLIBAPI NTSTATUS NTAPI | PhEnumProcessesForSession (_Out_ PVOID *Processes, _In_ ULONG SessionId) |
| Enumerates the running processes for a session. | |
| PHLIBAPI PSYSTEM_PROCESS_INFORMATION NTAPI | PhFindProcessInformation (_In_ PVOID Processes, _In_ HANDLE ProcessId) |
| Finds the process information structure for a specific process. | |
| PHLIBAPI PSYSTEM_PROCESS_INFORMATION NTAPI | PhFindProcessInformationByImageName (_In_ PVOID Processes, _In_ PPH_STRINGREF ImageName) |
| Finds the process information structure for a specific process. | |
| PHLIBAPI NTSTATUS NTAPI | PhEnumHandles (_Out_ PSYSTEM_HANDLE_INFORMATION *Handles) |
| Enumerates all open handles. | |
| PHLIBAPI NTSTATUS NTAPI | PhEnumHandlesEx (_Out_ PSYSTEM_HANDLE_INFORMATION_EX *Handles) |
| Enumerates all open handles. | |
| PHLIBAPI NTSTATUS NTAPI | PhEnumPagefiles (_Out_ PVOID *Pagefiles) |
| Enumerates all pagefiles. | |
| PHLIBAPI NTSTATUS NTAPI | PhGetProcessImageFileNameByProcessId (_In_ HANDLE ProcessId, _Out_ PPH_STRING *FileName) |
| Gets the file name of a process' image. | |
| PHLIBAPI NTSTATUS NTAPI | PhGetProcessIsDotNet (_In_ HANDLE ProcessId, _Out_ PBOOLEAN IsDotNet) |
| Determines if a process is managed. | |
| PHLIBAPI NTSTATUS NTAPI | PhGetProcessIsDotNetEx (_In_ HANDLE ProcessId, _In_opt_ HANDLE ProcessHandle, _In_ ULONG InFlags, _Out_opt_ PBOOLEAN IsDotNet, _Out_opt_ PULONG Flags) |
| Determines if a process is managed. | |
| PHLIBAPI NTSTATUS NTAPI | PhEnumDirectoryObjects (_In_ HANDLE DirectoryHandle, _In_ PPH_ENUM_DIRECTORY_OBJECTS Callback, _In_opt_ PVOID Context) |
| Enumerates the objects in a directory object. | |
| PHLIBAPI NTSTATUS NTAPI | PhEnumDirectoryFile (_In_ HANDLE FileHandle, _In_opt_ PUNICODE_STRING SearchPattern, _In_ PPH_ENUM_DIRECTORY_FILE Callback, _In_opt_ PVOID Context) |
| PHLIBAPI NTSTATUS NTAPI | PhEnumFileStreams (_In_ HANDLE FileHandle, _Out_ PVOID *Streams) |
| VOID NTAPI | PhInitializeDevicePrefixes (VOID) |
| Initializes the device prefixes module. | |
| PHLIBAPI VOID NTAPI | PhUpdateMupDevicePrefixes (VOID) |
| PHLIBAPI VOID NTAPI | PhUpdateDosDevicePrefixes (VOID) |
| Updates the DOS device names array. | |
| PHLIBAPI PPH_STRING NTAPI | PhResolveDevicePrefix (_In_ PPH_STRING Name) |
| Resolves a NT path into a Win32 path. | |
| PHLIBAPI PPH_STRING NTAPI | PhGetFileName (_In_ PPH_STRING FileName) |
| Converts a file name into Win32 format. | |
| PHLIBAPI NTSTATUS NTAPI | PhEnumGenericModules (_In_ HANDLE ProcessId, _In_opt_ HANDLE ProcessHandle, _In_ ULONG Flags, _In_ PPH_ENUM_GENERIC_MODULES_CALLBACK Callback, _In_opt_ PVOID Context) |
| Enumerates the modules loaded by a process. | |
| PHLIBAPI NTSTATUS NTAPI | PhCreateKey (_Out_ PHANDLE KeyHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ HANDLE RootDirectory, _In_ PPH_STRINGREF ObjectName, _In_ ULONG Attributes, _In_ ULONG CreateOptions, _Out_opt_ PULONG Disposition) |
| Creates or opens a registry key. | |
| PHLIBAPI NTSTATUS NTAPI | PhOpenKey (_Out_ PHANDLE KeyHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ HANDLE RootDirectory, _In_ PPH_STRINGREF ObjectName, _In_ ULONG Attributes) |
| Opens a registry key. | |
| PHLIBAPI NTSTATUS NTAPI | PhOpenLsaPolicy (_Out_ PLSA_HANDLE PolicyHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ PUNICODE_STRING SystemName) |
| LSA_HANDLE NTAPI | PhGetLookupPolicyHandle (VOID) |
| Retrieves a handle to the local LSA policy with POLICY_LOOKUP_NAMES access. | |
| PHLIBAPI BOOLEAN NTAPI | PhLookupPrivilegeName (_In_ PLUID PrivilegeValue, _Out_ PPH_STRING *PrivilegeName) |
| Gets the name of a privilege from its LUID. | |
| PHLIBAPI BOOLEAN NTAPI | PhLookupPrivilegeDisplayName (_In_ PPH_STRINGREF PrivilegeName, _Out_ PPH_STRING *PrivilegeDisplayName) |
| Gets the display name of a privilege from its name. | |
| PHLIBAPI BOOLEAN NTAPI | PhLookupPrivilegeValue (_In_ PPH_STRINGREF PrivilegeName, _Out_ PLUID PrivilegeValue) |
| Gets the LUID of a privilege from its name. | |
| PHLIBAPI NTSTATUS NTAPI | PhLookupSid (_In_ PSID Sid, _Out_opt_ PPH_STRING *Name, _Out_opt_ PPH_STRING *DomainName, _Out_opt_ PSID_NAME_USE NameUse) |
| Gets information about a SID. | |
| PHLIBAPI NTSTATUS NTAPI | PhLookupName (_In_ PPH_STRINGREF Name, _Out_opt_ PSID *Sid, _Out_opt_ PPH_STRING *DomainName, _Out_opt_ PSID_NAME_USE NameUse) |
| Gets information about a name. | |
| PHLIBAPI PPH_STRING NTAPI | PhGetSidFullName (_In_ PSID Sid, _In_ BOOLEAN IncludeDomain, _Out_opt_ PSID_NAME_USE NameUse) |
| Gets the name of a SID. | |
| PHLIBAPI PPH_STRING NTAPI | PhSidToStringSid (_In_ PSID Sid) |
| Gets a SDDL string representation of a SID. | |
| PPH_GET_CLIENT_ID_NAME NTAPI | PhSetHandleClientIdFunction (_In_ PPH_GET_CLIENT_ID_NAME GetClientIdName) |
| PHLIBAPI PPH_STRING NTAPI | PhFormatNativeKeyName (_In_ PPH_STRING Name) |
| NTSTATUS NTAPI | PhGetSectionFileName (_In_ HANDLE SectionHandle, _Out_ PPH_STRING *FileName) |
| PHLIBAPI _Callback_ PPH_STRING NTAPI | PhStdGetClientIdName (_In_ PCLIENT_ID ClientId) |
| PHLIBAPI NTSTATUS NTAPI | PhGetHandleInformation (_In_ HANDLE ProcessHandle, _In_ HANDLE Handle, _In_ ULONG ObjectTypeNumber, _Out_opt_ POBJECT_BASIC_INFORMATION BasicInformation, _Out_opt_ PPH_STRING *TypeName, _Out_opt_ PPH_STRING *ObjectName, _Out_opt_ PPH_STRING *BestObjectName) |
| Gets information for a handle. | |
| PHLIBAPI NTSTATUS NTAPI | PhGetHandleInformationEx (_In_ HANDLE ProcessHandle, _In_ HANDLE Handle, _In_ ULONG ObjectTypeNumber, _Reserved_ ULONG Flags, _Out_opt_ PNTSTATUS SubStatus, _Out_opt_ POBJECT_BASIC_INFORMATION BasicInformation, _Out_opt_ PPH_STRING *TypeName, _Out_opt_ PPH_STRING *ObjectName, _Out_opt_ PPH_STRING *BestObjectName, _Reserved_ PVOID *ExtraInformation) |
| Gets information for a handle. | |
| PHLIBAPI NTSTATUS NTAPI | PhEnumObjectTypes (_Out_ POBJECT_TYPES_INFORMATION *ObjectTypes) |
| ULONG NTAPI | PhGetObjectTypeNumber (_In_ PUNICODE_STRING TypeName) |
| NTSTATUS NTAPI | PhCallWithTimeout (_In_ PUSER_THREAD_START_ROUTINE Routine, _In_opt_ PVOID Context, _In_opt_ PLARGE_INTEGER AcquireTimeout, _In_ PLARGE_INTEGER CallTimeout) |
| NTSTATUS NTAPI | PhCallNtQueryObjectWithTimeout (_In_ HANDLE Handle, _In_ OBJECT_INFORMATION_CLASS ObjectInformationClass, _Out_writes_bytes_opt_(ObjectInformationLength) PVOID ObjectInformation, _In_ ULONG ObjectInformationLength, _Out_opt_ PULONG ReturnLength) |
| NTSTATUS NTAPI | PhCallNtQuerySecurityObjectWithTimeout (_In_ HANDLE Handle, _In_ SECURITY_INFORMATION SecurityInformation, _Out_writes_bytes_opt_(Length) PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Length, _Out_ PULONG LengthNeeded) |
| NTSTATUS NTAPI | PhCallNtSetSecurityObjectWithTimeout (_In_ HANDLE Handle, _In_ SECURITY_INFORMATION SecurityInformation, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor) |
| NTSTATUS NTAPI | PhCallKphDuplicateObjectWithTimeout (_In_ HANDLE SourceProcessHandle, _In_ HANDLE SourceHandle, _In_opt_ HANDLE TargetProcessHandle, _Out_opt_ PHANDLE TargetHandle, _In_ ACCESS_MASK DesiredAccess, _In_ ULONG HandleAttributes, _In_ ULONG Options) |
| PHLIBAPI NTSTATUS NTAPI | PhInitializeMappedImage (_Out_ PPH_MAPPED_IMAGE MappedImage, _In_ PVOID ViewBase, _In_ SIZE_T Size) |
| PHLIBAPI NTSTATUS NTAPI | PhLoadMappedImage (_In_opt_ PWSTR FileName, _In_opt_ HANDLE FileHandle, _In_ BOOLEAN ReadOnly, _Out_ PPH_MAPPED_IMAGE MappedImage) |
| PHLIBAPI NTSTATUS NTAPI | PhUnloadMappedImage (_Inout_ PPH_MAPPED_IMAGE MappedImage) |
| PHLIBAPI NTSTATUS NTAPI | PhMapViewOfEntireFile (_In_opt_ PWSTR FileName, _In_opt_ HANDLE FileHandle, _In_ BOOLEAN ReadOnly, _Out_ PVOID *ViewBase, _Out_ PSIZE_T Size) |
| PHLIBAPI PIMAGE_SECTION_HEADER NTAPI | PhMappedImageRvaToSection (_In_ PPH_MAPPED_IMAGE MappedImage, _In_ ULONG Rva) |
| PHLIBAPI PVOID NTAPI | PhMappedImageRvaToVa (_In_ PPH_MAPPED_IMAGE MappedImage, _In_ ULONG Rva, _Out_opt_ PIMAGE_SECTION_HEADER *Section) |
| PHLIBAPI BOOLEAN NTAPI | PhGetMappedImageSectionName (_In_ PIMAGE_SECTION_HEADER Section, _Out_writes_opt_z_(Count) PSTR Buffer, _In_ ULONG Count, _Out_opt_ PULONG ReturnCount) |
| PHLIBAPI NTSTATUS NTAPI | PhGetMappedImageDataEntry (_In_ PPH_MAPPED_IMAGE MappedImage, _In_ ULONG Index, _Out_ PIMAGE_DATA_DIRECTORY *Entry) |
| PHLIBAPI NTSTATUS NTAPI | PhGetMappedImageLoadConfig32 (_In_ PPH_MAPPED_IMAGE MappedImage, _Out_ PIMAGE_LOAD_CONFIG_DIRECTORY32 *LoadConfig) |
| PHLIBAPI NTSTATUS NTAPI | PhGetMappedImageLoadConfig64 (_In_ PPH_MAPPED_IMAGE MappedImage, _Out_ PIMAGE_LOAD_CONFIG_DIRECTORY64 *LoadConfig) |
| NTSTATUS NTAPI | PhLoadRemoteMappedImage (_In_ HANDLE ProcessHandle, _In_ PVOID ViewBase, _Out_ PPH_REMOTE_MAPPED_IMAGE RemoteMappedImage) |
| NTSTATUS NTAPI | PhUnloadRemoteMappedImage (_Inout_ PPH_REMOTE_MAPPED_IMAGE RemoteMappedImage) |
| PHLIBAPI NTSTATUS NTAPI | PhGetMappedImageExports (_Out_ PPH_MAPPED_IMAGE_EXPORTS Exports, _In_ PPH_MAPPED_IMAGE MappedImage) |
| PHLIBAPI NTSTATUS NTAPI | PhGetMappedImageExportEntry (_In_ PPH_MAPPED_IMAGE_EXPORTS Exports, _In_ ULONG Index, _Out_ PPH_MAPPED_IMAGE_EXPORT_ENTRY Entry) |
| PHLIBAPI NTSTATUS NTAPI | PhGetMappedImageExportFunction (_In_ PPH_MAPPED_IMAGE_EXPORTS Exports, _In_opt_ PSTR Name, _In_opt_ USHORT Ordinal, _Out_ PPH_MAPPED_IMAGE_EXPORT_FUNCTION Function) |
| PHLIBAPI NTSTATUS NTAPI | PhGetMappedImageExportFunctionRemote (_In_ PPH_MAPPED_IMAGE_EXPORTS Exports, _In_opt_ PSTR Name, _In_opt_ USHORT Ordinal, _In_ PVOID RemoteBase, _Out_ PVOID *Function) |
| PHLIBAPI NTSTATUS NTAPI | PhGetMappedImageImports (_Out_ PPH_MAPPED_IMAGE_IMPORTS Imports, _In_ PPH_MAPPED_IMAGE MappedImage) |
| PHLIBAPI NTSTATUS NTAPI | PhGetMappedImageImportDll (_In_ PPH_MAPPED_IMAGE_IMPORTS Imports, _In_ ULONG Index, _Out_ PPH_MAPPED_IMAGE_IMPORT_DLL ImportDll) |
| PHLIBAPI NTSTATUS NTAPI | PhGetMappedImageImportEntry (_In_ PPH_MAPPED_IMAGE_IMPORT_DLL ImportDll, _In_ ULONG Index, _Out_ PPH_MAPPED_IMAGE_IMPORT_ENTRY Entry) |
| PHLIBAPI NTSTATUS NTAPI | PhGetMappedImageDelayImports (_Out_ PPH_MAPPED_IMAGE_IMPORTS Imports, _In_ PPH_MAPPED_IMAGE MappedImage) |
| USHORT NTAPI | PhCheckSum (_In_ ULONG Sum, _In_reads_(Count) PUSHORT Buffer, _In_ ULONG Count) |
| PHLIBAPI ULONG NTAPI | PhCheckSumMappedImage (_In_ PPH_MAPPED_IMAGE MappedImage) |
| PHLIBAPI NTSTATUS NTAPI | PhInitializeMappedArchive (_Out_ PPH_MAPPED_ARCHIVE MappedArchive, _In_ PVOID ViewBase, _In_ SIZE_T Size) |
| PHLIBAPI NTSTATUS NTAPI | PhLoadMappedArchive (_In_opt_ PWSTR FileName, _In_opt_ HANDLE FileHandle, _In_ BOOLEAN ReadOnly, _Out_ PPH_MAPPED_ARCHIVE MappedArchive) |
| PHLIBAPI NTSTATUS NTAPI | PhUnloadMappedArchive (_Inout_ PPH_MAPPED_ARCHIVE MappedArchive) |
| PHLIBAPI NTSTATUS NTAPI | PhGetNextMappedArchiveMember (_In_ PPH_MAPPED_ARCHIVE_MEMBER Member, _Out_ PPH_MAPPED_ARCHIVE_MEMBER NextMember) |
| Gets the next archive member. | |
| PHLIBAPI BOOLEAN NTAPI | PhIsMappedArchiveMemberShortFormat (_In_ PPH_MAPPED_ARCHIVE_MEMBER Member) |
| PHLIBAPI NTSTATUS NTAPI | PhGetMappedArchiveImportEntry (_In_ PPH_MAPPED_ARCHIVE_MEMBER Member, _Out_ PPH_MAPPED_ARCHIVE_IMPORT_ENTRY Entry) |
| BOOLEAN NTAPI | PhIoSupportInitialization (VOID) |
| PHLIBAPI NTSTATUS NTAPI | PhCreateFileWin32 (_Out_ PHANDLE FileHandle, _In_ PWSTR FileName, _In_ ACCESS_MASK DesiredAccess, _In_opt_ ULONG FileAttributes, _In_ ULONG ShareAccess, _In_ ULONG CreateDisposition, _In_ ULONG CreateOptions) |
| Creates or opens a file. | |
| PHLIBAPI NTSTATUS NTAPI | PhCreateFileWin32Ex (_Out_ PHANDLE FileHandle, _In_ PWSTR FileName, _In_ ACCESS_MASK DesiredAccess, _In_opt_ ULONG FileAttributes, _In_ ULONG ShareAccess, _In_ ULONG CreateDisposition, _In_ ULONG CreateOptions, _Out_opt_ PULONG CreateStatus) |
| Creates or opens a file. | |
| PHLIBAPI NTSTATUS NTAPI | PhQueryFullAttributesFileWin32 (_In_ PWSTR FileName, _Out_ PFILE_NETWORK_OPEN_INFORMATION FileInformation) |
| Queries file attributes. | |
| PHLIBAPI NTSTATUS NTAPI | PhDeleteFileWin32 (_In_ PWSTR FileName) |
| Deletes a file. | |
| PHLIBAPI NTSTATUS NTAPI | PhListenNamedPipe (_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock) |
| PHLIBAPI NTSTATUS NTAPI | PhDisconnectNamedPipe (_In_ HANDLE FileHandle) |
| PHLIBAPI NTSTATUS NTAPI | PhPeekNamedPipe (_In_ HANDLE FileHandle, _Out_writes_bytes_opt_(Length) PVOID Buffer, _In_ ULONG Length, _Out_opt_ PULONG NumberOfBytesRead, _Out_opt_ PULONG NumberOfBytesAvailable, _Out_opt_ PULONG NumberOfBytesLeftInMessage) |
| PHLIBAPI NTSTATUS NTAPI | PhTransceiveNamedPipe (_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_reads_bytes_(InputBufferLength) PVOID InputBuffer, _In_ ULONG InputBufferLength, _Out_writes_bytes_(OutputBufferLength) PVOID OutputBuffer, _In_ ULONG OutputBufferLength) |
| PHLIBAPI NTSTATUS NTAPI | PhWaitForNamedPipe (_In_opt_ PUNICODE_STRING FileSystemName, _In_ PUNICODE_STRING Name, _In_opt_ PLARGE_INTEGER Timeout, _In_ BOOLEAN UseDefaultTimeout) |
| PHLIBAPI NTSTATUS NTAPI | PhImpersonateClientOfNamedPipe (_In_ HANDLE FileHandle) |
| PHLIBAPI NTSTATUS NTAPI | PhCreateFileStream (_Out_ PPH_FILE_STREAM *FileStream, _In_ PWSTR FileName, _In_ ACCESS_MASK DesiredAccess, _In_ ULONG ShareMode, _In_ ULONG CreateDisposition, _In_ ULONG Flags) |
| PHLIBAPI NTSTATUS NTAPI | PhCreateFileStream2 (_Out_ PPH_FILE_STREAM *FileStream, _In_ HANDLE FileHandle, _In_ ULONG Flags, _In_ ULONG BufferLength) |
| PHLIBAPI VOID NTAPI | PhVerifyFileStream (_In_ PPH_FILE_STREAM FileStream) |
| Verifies that a file stream's position matches the position held by the file object. | |
| PHLIBAPI NTSTATUS NTAPI | PhReadFileStream (_Inout_ PPH_FILE_STREAM FileStream, _Out_writes_bytes_(Length) PVOID Buffer, _In_ ULONG Length, _Out_opt_ PULONG ReadLength) |
| PHLIBAPI NTSTATUS NTAPI | PhWriteFileStream (_Inout_ PPH_FILE_STREAM FileStream, _In_reads_bytes_(Length) PVOID Buffer, _In_ ULONG Length) |
| PHLIBAPI NTSTATUS NTAPI | PhFlushFileStream (_Inout_ PPH_FILE_STREAM FileStream, _In_ BOOLEAN Full) |
| Flushes the file stream. | |
| PHLIBAPI VOID NTAPI | PhGetPositionFileStream (_In_ PPH_FILE_STREAM FileStream, _Out_ PLARGE_INTEGER Position) |
| PHLIBAPI NTSTATUS NTAPI | PhSeekFileStream (_Inout_ PPH_FILE_STREAM FileStream, _In_ PLARGE_INTEGER Offset, _In_ PH_SEEK_ORIGIN Origin) |
| PHLIBAPI NTSTATUS NTAPI | PhLockFileStream (_Inout_ PPH_FILE_STREAM FileStream, _In_ PLARGE_INTEGER Position, _In_ PLARGE_INTEGER Length, _In_ BOOLEAN Wait, _In_ BOOLEAN Shared) |
| PHLIBAPI NTSTATUS NTAPI | PhUnlockFileStream (_Inout_ PPH_FILE_STREAM FileStream, _In_ PLARGE_INTEGER Position, _In_ PLARGE_INTEGER Length) |
| PHLIBAPI NTSTATUS NTAPI | PhWriteStringAsUtf8FileStream (_Inout_ PPH_FILE_STREAM FileStream, _In_ PPH_STRINGREF String) |
| PHLIBAPI NTSTATUS NTAPI | PhWriteStringAsUtf8FileStream2 (_Inout_ PPH_FILE_STREAM FileStream, _In_ PWSTR String) |
| PHLIBAPI NTSTATUS NTAPI | PhWriteStringAsUtf8FileStreamEx (_Inout_ PPH_FILE_STREAM FileStream, _In_ PWSTR Buffer, _In_ SIZE_T Length) |
| PHLIBAPI NTSTATUS NTAPI | PhWriteStringFormatAsUtf8FileStream_V (_Inout_ PPH_FILE_STREAM FileStream, _In_ _Printf_format_string_ PWSTR Format, _In_ va_list ArgPtr) |
| PHLIBAPI NTSTATUS NTAPI | PhWriteStringFormatAsUtf8FileStream (_Inout_ PPH_FILE_STREAM FileStream, _In_ _Printf_format_string_ PWSTR Format,...) |
| PHLIBAPI VOID NTAPI | PhInitializeProviderThread (_Out_ PPH_PROVIDER_THREAD ProviderThread, _In_ ULONG Interval) |
| Initializes a provider thread. | |
| PHLIBAPI VOID NTAPI | PhDeleteProviderThread (_Inout_ PPH_PROVIDER_THREAD ProviderThread) |
| Frees resources used by a provider thread. | |
| PHLIBAPI VOID NTAPI | PhStartProviderThread (_Inout_ PPH_PROVIDER_THREAD ProviderThread) |
| Starts a provider thread. | |
| PHLIBAPI VOID NTAPI | PhStopProviderThread (_Inout_ PPH_PROVIDER_THREAD ProviderThread) |
| Stops a provider thread. | |
| PHLIBAPI VOID NTAPI | PhSetIntervalProviderThread (_Inout_ PPH_PROVIDER_THREAD ProviderThread, _In_ ULONG Interval) |
| Sets the run interval for a provider thread. | |
| PHLIBAPI VOID NTAPI | PhRegisterProvider (_Inout_ PPH_PROVIDER_THREAD ProviderThread, _In_ PPH_PROVIDER_FUNCTION Function, _In_opt_ PVOID Object, _Out_ PPH_PROVIDER_REGISTRATION Registration) |
| Registers a provider with a provider thread. | |
| PHLIBAPI VOID NTAPI | PhUnregisterProvider (_Inout_ PPH_PROVIDER_REGISTRATION Registration) |
| Unregisters a provider. | |
| PHLIBAPI BOOLEAN NTAPI | PhBoostProvider (_Inout_ PPH_PROVIDER_REGISTRATION Registration, _Out_opt_ PULONG FutureRunId) |
| Causes a provider to be queued for immediate execution. | |
| PHLIBAPI ULONG NTAPI | PhGetRunIdProvider (_In_ PPH_PROVIDER_REGISTRATION Registration) |
| Gets the current run ID of a provider. | |
| PHLIBAPI BOOLEAN NTAPI | PhGetEnabledProvider (_In_ PPH_PROVIDER_REGISTRATION Registration) |
| Gets whether a provider is enabled. | |
| PHLIBAPI VOID NTAPI | PhSetEnabledProvider (_Inout_ PPH_PROVIDER_REGISTRATION Registration, _In_ BOOLEAN Enabled) |
| Sets whether a provider is enabled. | |
| PHLIBAPI PVOID NTAPI | PhEnumServices (_In_ SC_HANDLE ScManagerHandle, _In_opt_ ULONG Type, _In_opt_ ULONG State, _Out_ PULONG Count) |
| PHLIBAPI SC_HANDLE NTAPI | PhOpenService (_In_ PWSTR ServiceName, _In_ ACCESS_MASK DesiredAccess) |
| PHLIBAPI PVOID NTAPI | PhGetServiceConfig (_In_ SC_HANDLE ServiceHandle) |
| PHLIBAPI PVOID NTAPI | PhQueryServiceVariableSize (_In_ SC_HANDLE ServiceHandle, _In_ ULONG InfoLevel) |
| PHLIBAPI PPH_STRING NTAPI | PhGetServiceDescription (_In_ SC_HANDLE ServiceHandle) |
| PHLIBAPI BOOLEAN NTAPI | PhGetServiceDelayedAutoStart (_In_ SC_HANDLE ServiceHandle, _Out_ PBOOLEAN DelayedAutoStart) |
| PHLIBAPI BOOLEAN NTAPI | PhSetServiceDelayedAutoStart (_In_ SC_HANDLE ServiceHandle, _In_ BOOLEAN DelayedAutoStart) |
| PHLIBAPI PWSTR NTAPI | PhGetServiceStateString (_In_ ULONG ServiceState) |
| PHLIBAPI PWSTR NTAPI | PhGetServiceTypeString (_In_ ULONG ServiceType) |
| PHLIBAPI ULONG NTAPI | PhGetServiceTypeInteger (_In_ PWSTR ServiceType) |
| PHLIBAPI PWSTR NTAPI | PhGetServiceStartTypeString (_In_ ULONG ServiceStartType) |
| PHLIBAPI ULONG NTAPI | PhGetServiceStartTypeInteger (_In_ PWSTR ServiceStartType) |
| PHLIBAPI PWSTR NTAPI | PhGetServiceErrorControlString (_In_ ULONG ServiceErrorControl) |
| PHLIBAPI ULONG NTAPI | PhGetServiceErrorControlInteger (_In_ PWSTR ServiceErrorControl) |
| PHLIBAPI PPH_STRING NTAPI | PhGetServiceNameFromTag (_In_ HANDLE ProcessId, _In_ PVOID ServiceTag) |
| PHLIBAPI NTSTATUS NTAPI | PhGetThreadServiceTag (_In_ HANDLE ThreadHandle, _In_opt_ HANDLE ProcessHandle, _Out_ PVOID *ServiceTag) |
| NTSTATUS NTAPI | PhGetServiceDllParameter (_In_ PPH_STRINGREF ServiceName, _Out_ PPH_STRING *ServiceDll) |
| FORCEINLINE PH_RECTANGLE | PhRectToRectangle (_In_ RECT Rect) |
| FORCEINLINE RECT | PhRectangleToRect (_In_ PH_RECTANGLE Rectangle) |
| FORCEINLINE VOID | PhConvertRect (_Inout_ PRECT Rect, _In_ PRECT ParentRect) |
| FORCEINLINE RECT | PhMapRect (_In_ RECT InnerRect, _In_ RECT OuterRect) |
| PHLIBAPI VOID NTAPI | PhAdjustRectangleToBounds (_Inout_ PPH_RECTANGLE Rectangle, _In_ PPH_RECTANGLE Bounds) |
| Ensures a rectangle is positioned within the specified bounds. | |
| PHLIBAPI VOID NTAPI | PhCenterRectangle (_Inout_ PPH_RECTANGLE Rectangle, _In_ PPH_RECTANGLE Bounds) |
| Positions a rectangle in the center of the specified bounds. | |
| PHLIBAPI VOID NTAPI | PhAdjustRectangleToWorkingArea (_In_ HWND hWnd, _Inout_ PPH_RECTANGLE Rectangle) |
| Ensures a rectangle is positioned within the working area of the specified window's monitor. | |
| PHLIBAPI VOID NTAPI | PhCenterWindow (_In_ HWND WindowHandle, _In_opt_ HWND ParentWindowHandle) |
| Centers a window. | |
| FORCEINLINE VOID | PhLargeIntegerToSystemTime (_Out_ PSYSTEMTIME SystemTime, _In_ PLARGE_INTEGER LargeInteger) |
| FORCEINLINE VOID | PhLargeIntegerToLocalSystemTime (_Out_ PSYSTEMTIME SystemTime, _In_ PLARGE_INTEGER LargeInteger) |
| PHLIBAPI VOID NTAPI | PhReferenceObjects (_In_reads_(NumberOfObjects) PVOID *Objects, _In_ ULONG NumberOfObjects) |
| References an array of objects. | |
| PHLIBAPI VOID NTAPI | PhDereferenceObjects (_In_reads_(NumberOfObjects) PVOID *Objects, _In_ ULONG NumberOfObjects) |
| Dereferences an array of objects. | |
| PHLIBAPI PPH_STRING NTAPI | PhGetMessage (_In_ PVOID DllHandle, _In_ ULONG MessageTableId, _In_ ULONG MessageLanguageId, _In_ ULONG MessageId) |
| Gets a string stored in a DLL's message table. | |
| PHLIBAPI PPH_STRING NTAPI | PhGetNtMessage (_In_ NTSTATUS Status) |
| Gets a message describing a NT status value. | |
| PHLIBAPI PPH_STRING NTAPI | PhGetWin32Message (_In_ ULONG Result) |
| Gets a message describing a Win32 error code. | |
| PHLIBAPI INT NTAPI | PhShowMessage (_In_ HWND hWnd, _In_ ULONG Type, _In_ PWSTR Format,...) |
| Displays a message box. | |
| PHLIBAPI INT NTAPI | PhShowMessage_V (_In_ HWND hWnd, _In_ ULONG Type, _In_ PWSTR Format, _In_ va_list ArgPtr) |
| PPH_STRING NTAPI | PhGetStatusMessage (_In_ NTSTATUS Status, _In_opt_ ULONG Win32Result) |
| PHLIBAPI VOID NTAPI | PhShowStatus (_In_ HWND hWnd, _In_opt_ PWSTR Message, _In_ NTSTATUS Status, _In_opt_ ULONG Win32Result) |
| Displays an error message for a NTSTATUS value or Win32 error code. | |
| PHLIBAPI BOOLEAN NTAPI | PhShowContinueStatus (_In_ HWND hWnd, _In_opt_ PWSTR Message, _In_ NTSTATUS Status, _In_opt_ ULONG Win32Result) |
| Displays an error message for a NTSTATUS value or Win32 error code, and allows the user to cancel the current operation. | |
| PHLIBAPI BOOLEAN NTAPI | PhShowConfirmMessage (_In_ HWND hWnd, _In_ PWSTR Verb, _In_ PWSTR Object, _In_opt_ PWSTR Message, _In_ BOOLEAN Warning) |
| Displays a confirmation message. | |
| PHLIBAPI BOOLEAN NTAPI | PhFindIntegerSiKeyValuePairs (_In_ PPH_KEY_VALUE_PAIR KeyValuePairs, _In_ ULONG SizeOfKeyValuePairs, _In_ PWSTR String, _Out_ PULONG Integer) |
| Finds an integer in an array of string-integer pairs. | |
| PHLIBAPI BOOLEAN NTAPI | PhFindStringSiKeyValuePairs (_In_ PPH_KEY_VALUE_PAIR KeyValuePairs, _In_ ULONG SizeOfKeyValuePairs, _In_ ULONG Integer, _Out_ PWSTR *String) |
| Finds a string in an array of string-integer pairs. | |
| PHLIBAPI VOID NTAPI | PhGenerateGuid (_Out_ PGUID Guid) |
| Creates a random (type 4) UUID. | |
| PHLIBAPI VOID NTAPI | PhGenerateGuidFromName (_Out_ PGUID Guid, _In_ PGUID Namespace, _In_ PCHAR Name, _In_ ULONG NameLength, _In_ UCHAR Version) |
| Creates a name-based (type 3 or 5) UUID. | |
| PHLIBAPI VOID NTAPI | PhGenerateRandomAlphaString (_Out_writes_z_(Count) PWSTR Buffer, _In_ ULONG Count) |
| Fills a buffer with random uppercase alphabetical characters. | |
| PHLIBAPI PPH_STRING NTAPI | PhEllipsisString (_In_ PPH_STRING String, _In_ ULONG DesiredCount) |
| Modifies a string to ensure it is within the specified length. | |
| PHLIBAPI PPH_STRING NTAPI | PhEllipsisStringPath (_In_ PPH_STRING String, _In_ ULONG DesiredCount) |
| Modifies a string to ensure it is within the specified length, parsing the string as a path. | |
| PHLIBAPI BOOLEAN NTAPI | PhMatchWildcards (_In_ PWSTR Pattern, _In_ PWSTR String, _In_ BOOLEAN IgnoreCase) |
| Matches a pattern against a string. | |
| PHLIBAPI PPH_STRING NTAPI | PhEscapeStringForMenuPrefix (_In_ PPH_STRINGREF String) |
| Escapes a string for prefix characters (ampersands). | |
| PHLIBAPI LONG NTAPI | PhCompareUnicodeStringZIgnoreMenuPrefix (_In_ PWSTR A, _In_ PWSTR B, _In_ BOOLEAN IgnoreCase, _In_ BOOLEAN MatchIfPrefix) |
| Compares two strings, ignoring prefix characters (ampersands). | |
| PHLIBAPI PPH_STRING NTAPI | PhFormatDate (_In_opt_ PSYSTEMTIME Date, _In_opt_ PWSTR Format) |
| Formats a date using the user's default locale. | |
| PHLIBAPI PPH_STRING NTAPI | PhFormatTime (_In_opt_ PSYSTEMTIME Time, _In_opt_ PWSTR Format) |
| Formats a time using the user's default locale. | |
| PHLIBAPI PPH_STRING NTAPI | PhFormatDateTime (_In_opt_ PSYSTEMTIME DateTime) |
| Formats a date and time using the user's default locale. | |
| PHLIBAPI PPH_STRING NTAPI | PhFormatTimeSpanRelative (_In_ ULONG64 TimeSpan) |
| Formats a relative time span. | |
| PHLIBAPI PPH_STRING NTAPI | PhFormatUInt64 (_In_ ULONG64 Value, _In_ BOOLEAN GroupDigits) |
| Formats a 64-bit unsigned integer. | |
| PHLIBAPI PPH_STRING NTAPI | PhFormatDecimal (_In_ PWSTR Value, _In_ ULONG FractionalDigits, _In_ BOOLEAN GroupDigits) |
| PHLIBAPI PPH_STRING NTAPI | PhFormatSize (_In_ ULONG64 Size, _In_ ULONG MaxSizeUnit) |
| Gets a string representing a size. | |
| PHLIBAPI PPH_STRING NTAPI | PhFormatGuid (_In_ PGUID Guid) |
| Converts a UUID to its string representation. | |
| PHLIBAPI PVOID NTAPI | PhGetFileVersionInfo (_In_ PWSTR FileName) |
| Retrieves image version information for a file. | |
| PHLIBAPI ULONG NTAPI | PhGetFileVersionInfoLangCodePage (_In_ PVOID VersionInfo) |
| Retrieves the language ID and code page used by a version information block. | |
| PHLIBAPI PPH_STRING NTAPI | PhGetFileVersionInfoString (_In_ PVOID VersionInfo, _In_ PWSTR SubBlock) |
| Retrieves a string in a version information block. | |
| PHLIBAPI PPH_STRING NTAPI | PhGetFileVersionInfoString2 (_In_ PVOID VersionInfo, _In_ ULONG LangCodePage, _In_ PWSTR StringName) |
| Retrieves a string in a version information block. | |
| PHLIBAPI BOOLEAN NTAPI | PhInitializeImageVersionInfo (_Out_ PPH_IMAGE_VERSION_INFO ImageVersionInfo, _In_ PWSTR FileName) |
| Initializes a structure with version information. | |
| PHLIBAPI VOID NTAPI | PhDeleteImageVersionInfo (_Inout_ PPH_IMAGE_VERSION_INFO ImageVersionInfo) |
| Frees a version information structure initialized by PhInitializeImageVersionInfo(). | |
| PHLIBAPI PPH_STRING NTAPI | PhFormatImageVersionInfo (_In_opt_ PPH_STRING FileName, _In_ PPH_IMAGE_VERSION_INFO ImageVersionInfo, _In_opt_ PPH_STRINGREF Indent, _In_opt_ ULONG LineLimit) |
| PHLIBAPI PPH_STRING NTAPI | PhGetFullPath (_In_ PWSTR FileName, _Out_opt_ PULONG IndexOfFileName) |
| Gets an absolute file name. | |
| PHLIBAPI PPH_STRING NTAPI | PhExpandEnvironmentStrings (_In_ PPH_STRINGREF String) |
| Expands environment variables in a string. | |
| PHLIBAPI PPH_STRING NTAPI | PhGetBaseName (_In_ PPH_STRING FileName) |
| Gets the base name from a file name. | |
| PHLIBAPI PPH_STRING NTAPI | PhGetSystemDirectory (VOID) |
| Retrieves the system directory path. | |
| PHLIBAPI VOID NTAPI | PhGetSystemRoot (_Out_ PPH_STRINGREF SystemRoot) |
| Retrieves the Windows directory path. | |
| PHLIBAPI PLDR_DATA_TABLE_ENTRY NTAPI | PhFindLoaderEntry (_In_opt_ PVOID DllBase, _In_opt_ PPH_STRINGREF FullDllName, _In_opt_ PPH_STRINGREF BaseDllName) |
| Locates a loader entry in the current process. | |
| PHLIBAPI PPH_STRING NTAPI | PhGetDllFileName (_In_ PVOID DllHandle, _Out_opt_ PULONG IndexOfFileName) |
| Retrieves the file name of a DLL loaded by the current process. | |
| PHLIBAPI PPH_STRING NTAPI | PhGetApplicationFileName (VOID) |
| Retrieves the file name of the current process image. | |
| PHLIBAPI PPH_STRING NTAPI | PhGetApplicationDirectory (VOID) |
| Retrieves the directory of the current process image. | |
| PHLIBAPI PPH_STRING NTAPI | PhGetKnownLocation (_In_ ULONG Folder, _In_opt_ PWSTR AppendPath) |
| Gets a known location as a file name. | |
| PHLIBAPI NTSTATUS NTAPI | PhWaitForMultipleObjectsAndPump (_In_opt_ HWND hWnd, _In_ ULONG NumberOfHandles, _In_ PHANDLE Handles, _In_ ULONG Timeout) |
| Waits on multiple objects while processing window messages. | |
| PHLIBAPI NTSTATUS NTAPI | PhCreateProcess (_In_ PWSTR FileName, _In_opt_ PPH_STRINGREF CommandLine, _In_opt_ PVOID Environment, _In_opt_ PPH_STRINGREF CurrentDirectory, _In_opt_ PPH_CREATE_PROCESS_INFO Information, _In_ ULONG Flags, _In_opt_ HANDLE ParentProcessHandle, _Out_opt_ PCLIENT_ID ClientId, _Out_opt_ PHANDLE ProcessHandle, _Out_opt_ PHANDLE ThreadHandle) |
| Creates a native process and an initial thread. | |
| PHLIBAPI NTSTATUS NTAPI | PhCreateProcessWin32 (_In_opt_ PWSTR FileName, _In_opt_ PWSTR CommandLine, _In_opt_ PVOID Environment, _In_opt_ PWSTR CurrentDirectory, _In_ ULONG Flags, _In_opt_ HANDLE TokenHandle, _Out_opt_ PHANDLE ProcessHandle, _Out_opt_ PHANDLE ThreadHandle) |
| Creates a Win32 process and an initial thread. | |
| PHLIBAPI NTSTATUS NTAPI | PhCreateProcessWin32Ex (_In_opt_ PWSTR FileName, _In_opt_ PWSTR CommandLine, _In_opt_ PVOID Environment, _In_opt_ PWSTR CurrentDirectory, _In_opt_ STARTUPINFO *StartupInfo, _In_ ULONG Flags, _In_opt_ HANDLE TokenHandle, _Out_opt_ PCLIENT_ID ClientId, _Out_opt_ PHANDLE ProcessHandle, _Out_opt_ PHANDLE ThreadHandle) |
| Creates a Win32 process and an initial thread. | |
| PHLIBAPI NTSTATUS NTAPI | PhCreateProcessAsUser (_In_ PPH_CREATE_PROCESS_AS_USER_INFO Information, _In_ ULONG Flags, _Out_opt_ PCLIENT_ID ClientId, _Out_opt_ PHANDLE ProcessHandle, _Out_opt_ PHANDLE ThreadHandle) |
| Creates a Win32 process and an initial thread under the specified user. | |
| NTSTATUS NTAPI | PhFilterTokenForLimitedUser (_In_ HANDLE TokenHandle, _Out_ PHANDLE NewTokenHandle) |
| Filters a token to create a limited user security context. | |
| PHLIBAPI VOID NTAPI | PhShellExecute (_In_ HWND hWnd, _In_ PWSTR FileName, _In_opt_ PWSTR Parameters) |
| Opens a file or location through the shell. | |
| PHLIBAPI BOOLEAN NTAPI | PhShellExecuteEx (_In_opt_ HWND hWnd, _In_ PWSTR FileName, _In_opt_ PWSTR Parameters, _In_ ULONG ShowWindowType, _In_ ULONG Flags, _In_opt_ ULONG Timeout, _Out_opt_ PHANDLE ProcessHandle) |
| Opens a file or location through the shell. | |
| PHLIBAPI VOID NTAPI | PhShellExploreFile (_In_ HWND hWnd, _In_ PWSTR FileName) |
| Opens Windows Explorer with a file selected. | |
| PHLIBAPI VOID NTAPI | PhShellProperties (_In_ HWND hWnd, _In_ PWSTR FileName) |
| Shows properties for a file. | |
| PPH_STRING NTAPI | PhExpandKeyName (_In_ PPH_STRING KeyName, _In_ BOOLEAN Computer) |
| Expands registry name abbreviations. | |
| PHLIBAPI VOID NTAPI | PhShellOpenKey (_In_ HWND hWnd, _In_ PPH_STRING KeyName) |
| Opens a key in the Registry Editor. | |
| PKEY_VALUE_PARTIAL_INFORMATION NTAPI | PhQueryRegistryValue (_In_ HANDLE KeyHandle, _In_opt_ PWSTR ValueName) |
| Gets a registry value of any type. | |
| PHLIBAPI PPH_STRING NTAPI | PhQueryRegistryString (_In_ HANDLE KeyHandle, _In_opt_ PWSTR ValueName) |
| Gets a registry string value. | |
| PHLIBAPI VOID NTAPI | PhMapFlags1 (_Inout_ PULONG Value2, _In_ ULONG Value1, _In_ const PH_FLAG_MAPPING *Mappings, _In_ ULONG NumberOfMappings) |
| PHLIBAPI VOID NTAPI | PhMapFlags2 (_Inout_ PULONG Value1, _In_ ULONG Value2, _In_ const PH_FLAG_MAPPING *Mappings, _In_ ULONG NumberOfMappings) |
| PHLIBAPI PVOID NTAPI | PhCreateOpenFileDialog (VOID) |
| Creates a file dialog for the user to select a file to open. | |
| PHLIBAPI PVOID NTAPI | PhCreateSaveFileDialog (VOID) |
| Creates a file dialog for the user to select a file to save to. | |
| PHLIBAPI VOID NTAPI | PhFreeFileDialog (_In_ PVOID FileDialog) |
| Frees a file dialog. | |
| PHLIBAPI BOOLEAN NTAPI | PhShowFileDialog (_In_ HWND hWnd, _In_ PVOID FileDialog) |
| Shows a file dialog to the user. | |
| PHLIBAPI ULONG NTAPI | PhGetFileDialogOptions (_In_ PVOID FileDialog) |
| Gets the options for a file dialog. | |
| PHLIBAPI VOID NTAPI | PhSetFileDialogOptions (_In_ PVOID FileDialog, _In_ ULONG Options) |
| Sets the options for a file dialog. | |
| PHLIBAPI ULONG NTAPI | PhGetFileDialogFilterIndex (_In_ PVOID FileDialog) |
| Gets the index of the currently selected file type filter for a file dialog. | |
| PHLIBAPI VOID NTAPI | PhSetFileDialogFilter (_In_ PVOID FileDialog, _In_ PPH_FILETYPE_FILTER Filters, _In_ ULONG NumberOfFilters) |
| Sets the file type filter for a file dialog. | |
| PHLIBAPI PPH_STRING NTAPI | PhGetFileDialogFileName (_In_ PVOID FileDialog) |
| Gets the file name selected in a file dialog. | |
| PHLIBAPI VOID NTAPI | PhSetFileDialogFileName (_In_ PVOID FileDialog, _In_ PWSTR FileName) |
| Sets the file name of a file dialog. | |
| PHLIBAPI NTSTATUS NTAPI | PhIsExecutablePacked (_In_ PWSTR FileName, _Out_ PBOOLEAN IsPacked, _Out_opt_ PULONG NumberOfModules, _Out_opt_ PULONG NumberOfFunctions) |
| Determines if an executable image is packed. | |
| ULONG NTAPI | PhCrc32 (_In_ ULONG Crc, _In_reads_(Length) PCHAR Buffer, _In_ SIZE_T Length) |
| PHLIBAPI VOID NTAPI | PhInitializeHash (_Out_ PPH_HASH_CONTEXT Context, _In_ PH_HASH_ALGORITHM Algorithm) |
| Initializes hashing. | |
| PHLIBAPI VOID NTAPI | PhUpdateHash (_Inout_ PPH_HASH_CONTEXT Context, _In_reads_bytes_(Length) PVOID Buffer, _In_ ULONG Length) |
| Hashes a block of data. | |
| PHLIBAPI BOOLEAN NTAPI | PhFinalHash (_Inout_ PPH_HASH_CONTEXT Context, _Out_writes_bytes_(HashLength) PVOID Hash, _In_ ULONG HashLength, _Out_opt_ PULONG ReturnLength) |
| Computes the final hash value. | |
| PHLIBAPI PPH_STRING NTAPI | PhParseCommandLinePart (_In_ PPH_STRINGREF CommandLine, _Inout_ PULONG_PTR Index) |
| Parses one part of a command line string. | |
| PHLIBAPI BOOLEAN NTAPI | PhParseCommandLine (_In_ PPH_STRINGREF CommandLine, _In_opt_ PPH_COMMAND_LINE_OPTION Options, _In_ ULONG NumberOfOptions, _In_ ULONG Flags, _In_ PPH_COMMAND_LINE_CALLBACK Callback, _In_opt_ PVOID Context) |
| Parses a command line string. | |
| PHLIBAPI PPH_STRING NTAPI | PhEscapeCommandLinePart (_In_ PPH_STRINGREF String) |
| Escapes a string for use in a command line. | |
| PHLIBAPI BOOLEAN NTAPI | PhParseCommandLineFuzzy (_In_ PPH_STRINGREF CommandLine, _Out_ PPH_STRINGREF FileName, _Out_ PPH_STRINGREF Arguments, _Out_opt_ PPH_STRING *FullFileName) |
| Parses a command line string. | |
Variables | |
| PPH_OBJECT_TYPE | PhFileStreamType |
| WCHAR * | PhServiceTypeStrings [6] |
| WCHAR * | PhServiceStartTypeStrings [5] |
| WCHAR * | PhServiceErrorControlStrings [4] |
| WCHAR * | PhSizeUnitNames [7] |
| ULONG | PhMaxSizeUnit |
| #define PH_FILE_STREAM_ASYNCHRONOUS 0x4 |
| #define PH_FILE_STREAM_HANDLE_UNOWNED 0x1 |
| #define PH_FILE_STREAM_OWN_POSITION 0x8 |
| #define PH_FILE_STREAM_UNBUFFERED 0x2 |
| #define PH_FILE_STREAM_WRITTEN 0x80000000 |
| #define PH_FIRST_OBJECT_TYPE | ( | ObjectTypes | ) | (POBJECT_TYPE_INFORMATION)((PCHAR)(ObjectTypes) + ALIGN_UP(sizeof(OBJECT_TYPES_INFORMATION), ULONG_PTR)) |
| #define PH_FIRST_PAGEFILE | ( | Pagefiles | ) |
| #define PH_FIRST_PROCESS | ( | Processes | ) | ((PSYSTEM_PROCESS_INFORMATION)(Processes)) |
Gets a pointer to the first process information structure in a buffer returned by PhEnumProcesses().
| Processes | A pointer to a buffer returned by PhEnumProcesses(). |
| #define PH_FIRST_STREAM | ( | Streams | ) | ((PFILE_STREAM_INFORMATION)(Streams)) |
| #define PH_KEY_CLASSES_ROOT PH_KEY_PREDEFINE(2) |
| #define PH_KEY_CURRENT_USER PH_KEY_PREDEFINE(3) |
| #define PH_KEY_IS_PREDEFINED | ( | Predefine | ) | (((LONG_PTR)(Predefine) < 0) && ((LONG_PTR)(Predefine) & 0x1)) |
| #define PH_KEY_LOCAL_MACHINE PH_KEY_PREDEFINE(0) |
| #define PH_KEY_PREDEFINE | ( | Number | ) | ((HANDLE)(LONG_PTR)(-3 - (Number) * 2)) |
| #define PH_KEY_PREDEFINE_TO_NUMBER | ( | Predefine | ) | (ULONG)(((-(LONG_PTR)(Predefine) - 3) >> 1)) |
| #define PH_KEY_USERS PH_KEY_PREDEFINE(1) |
| #define PH_NEXT_OBJECT_TYPE | ( | ObjectType | ) |
| #define PH_NEXT_PAGEFILE | ( | Pagefile | ) |
| #define PH_NEXT_PROCESS | ( | Process | ) |
Gets a pointer to the process information structure after a given structure.
| Process | A pointer to a process information structure. |
| #define PH_NEXT_STREAM | ( | Stream | ) |
| #define PhaFormatDateTime | ( | DateTime | ) | ((PPH_STRING)PhAutoDereferenceObject(PhFormatDateTime(DateTime))) |
| #define PhaFormatDecimal | ( | Value, | |
| FractionalDigits, | |||
| GroupDigits | |||
| ) | ((PPH_STRING)PhAutoDereferenceObject(PhFormatDecimal((Value), (FractionalDigits), (GroupDigits)))) |
| #define PhaFormatSize | ( | Size, | |
| MaxSizeUnit | |||
| ) | ((PPH_STRING)PhAutoDereferenceObject(PhFormatSize((Size), (MaxSizeUnit)))) |
| #define PhaFormatUInt64 | ( | Value, | |
| GroupDigits | |||
| ) | ((PPH_STRING)PhAutoDereferenceObject(PhFormatUInt64((Value), (GroupDigits)))) |
| #define PhShowError | ( | hWnd, | |
| Format, | |||
| ... | |||
| ) | PhShowMessage(hWnd, MB_OK | MB_ICONERROR, Format, __VA_ARGS__) |
| #define PhShowInformation | ( | hWnd, | |
| Format, | |||
| ... | |||
| ) | PhShowMessage(hWnd, MB_OK | MB_ICONINFORMATION, Format, __VA_ARGS__) |
| #define PhShowWarning | ( | hWnd, | |
| Format, | |||
| ... | |||
| ) | PhShowMessage(hWnd, MB_OK | MB_ICONWARNING, Format, __VA_ARGS__) |
| #define SYSTEM_IDLE_PROCESS_ID ((HANDLE)0) |
| #define SYSTEM_PROCESS_ID ((HANDLE)4) |
| typedef struct _PH_COMMAND_LINE_OPTION PH_COMMAND_LINE_OPTION |
| typedef enum _PH_COMMAND_LINE_OPTION_TYPE PH_COMMAND_LINE_OPTION_TYPE |
| typedef struct _PH_CREATE_PROCESS_AS_USER_INFO PH_CREATE_PROCESS_AS_USER_INFO |
| typedef struct _PH_CREATE_PROCESS_INFO PH_CREATE_PROCESS_INFO |
| typedef struct _PH_ENVIRONMENT_VARIABLE PH_ENVIRONMENT_VARIABLE |
| typedef struct _PH_FILE_STREAM PH_FILE_STREAM |
| typedef struct _PH_FILETYPE_FILTER PH_FILETYPE_FILTER |
| typedef struct _PH_FLAG_MAPPING PH_FLAG_MAPPING |
| typedef enum _PH_HASH_ALGORITHM PH_HASH_ALGORITHM |
| typedef struct _PH_HASH_CONTEXT PH_HASH_CONTEXT |
| typedef struct _PH_IMAGE_VERSION_INFO PH_IMAGE_VERSION_INFO |
| typedef struct _PH_INTEGER_PAIR PH_INTEGER_PAIR |
| typedef struct _PH_MAPPED_ARCHIVE PH_MAPPED_ARCHIVE |
| typedef struct _PH_MAPPED_ARCHIVE_IMPORT_ENTRY PH_MAPPED_ARCHIVE_IMPORT_ENTRY |
| typedef struct _PH_MAPPED_ARCHIVE_MEMBER PH_MAPPED_ARCHIVE_MEMBER |
| typedef struct _PH_MAPPED_IMAGE PH_MAPPED_IMAGE |
| typedef struct _PH_MAPPED_IMAGE_EXPORT_ENTRY PH_MAPPED_IMAGE_EXPORT_ENTRY |
| typedef struct _PH_MAPPED_IMAGE_EXPORT_FUNCTION PH_MAPPED_IMAGE_EXPORT_FUNCTION |
| typedef struct _PH_MAPPED_IMAGE_EXPORTS PH_MAPPED_IMAGE_EXPORTS |
| typedef struct _PH_MAPPED_IMAGE_IMPORT_DLL PH_MAPPED_IMAGE_IMPORT_DLL |
| typedef struct _PH_MAPPED_IMAGE_IMPORT_ENTRY PH_MAPPED_IMAGE_IMPORT_ENTRY |
| typedef struct _PH_MAPPED_IMAGE_IMPORTS PH_MAPPED_IMAGE_IMPORTS |
| typedef struct _PH_MODULE_INFO PH_MODULE_INFO |
| typedef enum _PH_PEB_OFFSET PH_PEB_OFFSET |
Specifies a PEB string.
| typedef struct _PH_PROCESS_WS_COUNTERS PH_PROCESS_WS_COUNTERS |
| typedef struct _PH_PROVIDER_REGISTRATION PH_PROVIDER_REGISTRATION |
| typedef struct _PH_PROVIDER_THREAD PH_PROVIDER_THREAD |
| typedef enum _PH_PROVIDER_THREAD_STATE PH_PROVIDER_THREAD_STATE |
| typedef struct _PH_RECTANGLE PH_RECTANGLE |
| typedef struct _PH_REMOTE_MAPPED_IMAGE PH_REMOTE_MAPPED_IMAGE |
| typedef enum _PH_SEEK_ORIGIN PH_SEEK_ORIGIN |
| typedef BOOLEAN(NTAPI * PPH_COMMAND_LINE_CALLBACK)(_In_opt_ PPH_COMMAND_LINE_OPTION Option, _In_opt_ PPH_STRING Value, _In_opt_ PVOID Context) |
| typedef struct _PH_COMMAND_LINE_OPTION * PPH_COMMAND_LINE_OPTION |
| typedef enum _PH_COMMAND_LINE_OPTION_TYPE * PPH_COMMAND_LINE_OPTION_TYPE |
| typedef struct _PH_CREATE_PROCESS_AS_USER_INFO * PPH_CREATE_PROCESS_AS_USER_INFO |
| typedef struct _PH_CREATE_PROCESS_INFO * PPH_CREATE_PROCESS_INFO |
| typedef BOOLEAN(NTAPI * PPH_ENUM_DIRECTORY_FILE)(_In_ PFILE_DIRECTORY_INFORMATION Information, _In_opt_ PVOID Context) |
| typedef BOOLEAN(NTAPI * PPH_ENUM_DIRECTORY_OBJECTS)(_In_ PPH_STRINGREF Name, _In_ PPH_STRINGREF TypeName, _In_opt_ PVOID Context) |
A callback function passed to PhEnumDirectoryObjects() and called for each directory object.
| Name | The name of the object. |
| TypeName | The name of the object's type. |
| Context | A user-defined value passed to PhEnumDirectoryObjects(). |
| typedef BOOLEAN(NTAPI * PPH_ENUM_GENERIC_MODULES_CALLBACK)(_In_ PPH_MODULE_INFO Module, _In_opt_ PVOID Context) |
A callback function passed to PhEnumGenericModules() and called for each process module.
| Module | A structure providing information about the module. |
| Context | A user-defined value passed to PhEnumGenericModules(). |
| typedef BOOLEAN(NTAPI * PPH_ENUM_PROCESS_MODULES_CALLBACK)(_In_ PLDR_DATA_TABLE_ENTRY Module, _In_opt_ PVOID Context) |
A callback function passed to PhEnumProcessModules() and called for each process module.
| Module | A structure providing information about the module. |
| Context | A user-defined value passed to PhEnumProcessModules(). |
| typedef struct _PH_ENUM_PROCESS_MODULES_PARAMETERS * PPH_ENUM_PROCESS_MODULES_PARAMETERS |
| typedef struct _PH_ENVIRONMENT_VARIABLE * PPH_ENVIRONMENT_VARIABLE |
| typedef struct _PH_FILE_STREAM * PPH_FILE_STREAM |
| typedef struct _PH_FILETYPE_FILTER * PPH_FILETYPE_FILTER |
| typedef struct _PH_FLAG_MAPPING * PPH_FLAG_MAPPING |
| typedef PPH_STRING(NTAPI * PPH_GET_CLIENT_ID_NAME)(_In_ PCLIENT_ID ClientId) |
| typedef NTSTATUS(NTAPI * PPH_GET_OBJECT_SECURITY)(_Out_ PSECURITY_DESCRIPTOR *SecurityDescriptor, _In_ SECURITY_INFORMATION SecurityInformation, _In_opt_ PVOID Context) |
| typedef struct _PH_HASH_CONTEXT * PPH_HASH_CONTEXT |
| typedef struct _PH_IMAGE_VERSION_INFO * PPH_IMAGE_VERSION_INFO |
| typedef struct _PH_INTEGER_PAIR * PPH_INTEGER_PAIR |
| typedef struct _PH_MAPPED_ARCHIVE * PPH_MAPPED_ARCHIVE |
| typedef struct _PH_MAPPED_ARCHIVE_IMPORT_ENTRY * PPH_MAPPED_ARCHIVE_IMPORT_ENTRY |
| typedef struct _PH_MAPPED_ARCHIVE_MEMBER * PPH_MAPPED_ARCHIVE_MEMBER |
| typedef struct _PH_MAPPED_IMAGE * PPH_MAPPED_IMAGE |
| typedef struct _PH_MAPPED_IMAGE_EXPORT_ENTRY * PPH_MAPPED_IMAGE_EXPORT_ENTRY |
| typedef struct _PH_MAPPED_IMAGE_EXPORT_FUNCTION * PPH_MAPPED_IMAGE_EXPORT_FUNCTION |
| typedef struct _PH_MAPPED_IMAGE_EXPORTS * PPH_MAPPED_IMAGE_EXPORTS |
| typedef struct _PH_MAPPED_IMAGE_IMPORT_DLL * PPH_MAPPED_IMAGE_IMPORT_DLL |
| typedef struct _PH_MAPPED_IMAGE_IMPORT_ENTRY * PPH_MAPPED_IMAGE_IMPORT_ENTRY |
| typedef struct _PH_MAPPED_IMAGE_IMPORTS * PPH_MAPPED_IMAGE_IMPORTS |
| typedef struct _PH_MODULE_INFO * PPH_MODULE_INFO |
| typedef NTSTATUS(NTAPI * PPH_OPEN_OBJECT)(_Out_ PHANDLE Handle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ PVOID Context) |
| typedef struct _PH_PROCESS_WS_COUNTERS * PPH_PROCESS_WS_COUNTERS |
| typedef VOID(NTAPI * PPH_PROVIDER_FUNCTION)(_In_ PVOID Object) |
| typedef struct _PH_PROVIDER_REGISTRATION * PPH_PROVIDER_REGISTRATION |
| typedef struct _PH_PROVIDER_THREAD * PPH_PROVIDER_THREAD |
| typedef struct _PH_RECTANGLE * PPH_RECTANGLE |
| typedef struct _PH_REMOTE_MAPPED_IMAGE * PPH_REMOTE_MAPPED_IMAGE |
| typedef NTSTATUS(NTAPI * PPH_SET_OBJECT_SECURITY)(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ SECURITY_INFORMATION SecurityInformation, _In_opt_ PVOID Context) |
| enum _PH_HASH_ALGORITHM |
| enum _PH_PEB_OFFSET |
| enum _PH_SEEK_ORIGIN |
| PHLIBAPI VOID NTAPI PhAdjustRectangleToBounds | ( | _Inout_ PPH_RECTANGLE | Rectangle, |
| _In_ PPH_RECTANGLE | Bounds | ||
| ) |
| PHLIBAPI VOID NTAPI PhAdjustRectangleToWorkingArea | ( | _In_ HWND | hWnd, |
| _Inout_ PPH_RECTANGLE | Rectangle | ||
| ) |
| PHLIBAPI BOOLEAN NTAPI PhBoostProvider | ( | _Inout_ PPH_PROVIDER_REGISTRATION | Registration, |
| _Out_opt_ PULONG | FutureRunId | ||
| ) |
Causes a provider to be queued for immediate execution.
| Registration | A pointer to the registration object for a provider. |
| FutureRunId | A variable which receives the run ID of the future run. |
Definition at line 410 of file provider.c.
| NTSTATUS NTAPI PhCallKphDuplicateObjectWithTimeout | ( | _In_ HANDLE | SourceProcessHandle, |
| _In_ HANDLE | SourceHandle, | ||
| _In_opt_ HANDLE | TargetProcessHandle, | ||
| _Out_opt_ PHANDLE | TargetHandle, | ||
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_ ULONG | HandleAttributes, | ||
| _In_ ULONG | Options | ||
| ) |
Definition at line 1801 of file hndlinfo.c.
| NTSTATUS NTAPI PhCallNtQueryObjectWithTimeout | ( | _In_ HANDLE | Handle, |
| _In_ OBJECT_INFORMATION_CLASS | ObjectInformationClass, | ||
| _Out_writes_bytes_opt_(ObjectInformationLength) PVOID | ObjectInformation, | ||
| _In_ ULONG | ObjectInformationLength, | ||
| _Out_opt_ PULONG | ReturnLength | ||
| ) |
Definition at line 1739 of file hndlinfo.c.
| NTSTATUS NTAPI PhCallNtQuerySecurityObjectWithTimeout | ( | _In_ HANDLE | Handle, |
| _In_ SECURITY_INFORMATION | SecurityInformation, | ||
| _Out_writes_bytes_opt_(Length) PSECURITY_DESCRIPTOR | SecurityDescriptor, | ||
| _In_ ULONG | Length, | ||
| _Out_ PULONG | LengthNeeded | ||
| ) |
Definition at line 1761 of file hndlinfo.c.
| NTSTATUS NTAPI PhCallNtSetSecurityObjectWithTimeout | ( | _In_ HANDLE | Handle, |
| _In_ SECURITY_INFORMATION | SecurityInformation, | ||
| _In_ PSECURITY_DESCRIPTOR | SecurityDescriptor | ||
| ) |
Definition at line 1783 of file hndlinfo.c.
| NTSTATUS NTAPI PhCallWithTimeout | ( | _In_ PUSER_THREAD_START_ROUTINE | Routine, |
| _In_opt_ PVOID | Context, | ||
| _In_opt_ PLARGE_INTEGER | AcquireTimeout, | ||
| _In_ PLARGE_INTEGER | CallTimeout | ||
| ) |
Definition at line 1646 of file hndlinfo.c.
| PHLIBAPI VOID NTAPI PhCenterRectangle | ( | _Inout_ PPH_RECTANGLE | Rectangle, |
| _In_ PPH_RECTANGLE | Bounds | ||
| ) |
| USHORT NTAPI PhCheckSum | ( | _In_ ULONG | Sum, |
| _In_reads_(Count) PUSHORT | Buffer, | ||
| _In_ ULONG | Count | ||
| ) |
| PHLIBAPI ULONG NTAPI PhCheckSumMappedImage | ( | _In_ PPH_MAPPED_IMAGE | MappedImage | ) |
| FORCEINLINE VOID PhConvertRect | ( | _Inout_ PRECT | Rect, |
| _In_ PRECT | ParentRect | ||
| ) |
| ULONG NTAPI PhCrc32 | ( | _In_ ULONG | Crc, |
| _In_reads_(Length) PCHAR | Buffer, | ||
| _In_ SIZE_T | Length | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhCreateFileStream | ( | _Out_ PPH_FILE_STREAM * | FileStream, |
| _In_ PWSTR | FileName, | ||
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_ ULONG | ShareMode, | ||
| _In_ ULONG | CreateDisposition, | ||
| _In_ ULONG | Flags | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhCreateFileStream2 | ( | _Out_ PPH_FILE_STREAM * | FileStream, |
| _In_ HANDLE | FileHandle, | ||
| _In_ ULONG | Flags, | ||
| _In_ ULONG | BufferLength | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhCreateFileWin32 | ( | _Out_ PHANDLE | FileHandle, |
| _In_ PWSTR | FileName, | ||
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_opt_ ULONG | FileAttributes, | ||
| _In_ ULONG | ShareAccess, | ||
| _In_ ULONG | CreateDisposition, | ||
| _In_ ULONG | CreateOptions | ||
| ) |
Creates or opens a file.
| FileHandle | A variable that receives the file handle. |
| FileName | The Win32 file name. |
| DesiredAccess | The desired access to the file. |
| FileAttributes | File attributes applied if the file is created or overwritten. |
| ShareAccess | The file access granted to other threads.
|
| CreateDisposition | The action to perform if the file does or does not exist.
|
| CreateOptions | The options to apply when the file is opened or created. |
| PHLIBAPI NTSTATUS NTAPI PhCreateFileWin32Ex | ( | _Out_ PHANDLE | FileHandle, |
| _In_ PWSTR | FileName, | ||
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_opt_ ULONG | FileAttributes, | ||
| _In_ ULONG | ShareAccess, | ||
| _In_ ULONG | CreateDisposition, | ||
| _In_ ULONG | CreateOptions, | ||
| _Out_opt_ PULONG | CreateStatus | ||
| ) |
Creates or opens a file.
| FileHandle | A variable that receives the file handle. |
| FileName | The Win32 file name. |
| DesiredAccess | The desired access to the file. |
| FileAttributes | File attributes applied if the file is created or overwritten. |
| ShareAccess | The file access granted to other threads.
|
| CreateDisposition | The action to perform if the file does or does not exist.
|
| CreateOptions | The options to apply when the file is opened or created. |
| CreateStatus | A variable that receives creation information.
|
| PHLIBAPI NTSTATUS NTAPI PhCreateKey | ( | _Out_ PHANDLE | KeyHandle, |
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_opt_ HANDLE | RootDirectory, | ||
| _In_ PPH_STRINGREF | ObjectName, | ||
| _In_ ULONG | Attributes, | ||
| _In_ ULONG | CreateOptions, | ||
| _Out_opt_ PULONG | Disposition | ||
| ) |
Creates or opens a registry key.
| KeyHandle | A variable which receives a handle to the key. |
| DesiredAccess | The desired access to the key. |
| RootDirectory | A handle to a root key, or one of the following predefined keys:
|
| ObjectName | The path to the key. |
| Attributes | Additional object flags. |
| CreateOptions | The options to apply when creating or opening the key. |
| Disposition | A variable which receives a value indicating whether a new key was created or an existing key was opened:
|
Creates a file dialog for the user to select a file to open.
| PHLIBAPI NTSTATUS NTAPI PhCreateProcess | ( | _In_ PWSTR | FileName, |
| _In_opt_ PPH_STRINGREF | CommandLine, | ||
| _In_opt_ PVOID | Environment, | ||
| _In_opt_ PPH_STRINGREF | CurrentDirectory, | ||
| _In_opt_ PPH_CREATE_PROCESS_INFO | Information, | ||
| _In_ ULONG | Flags, | ||
| _In_opt_ HANDLE | ParentProcessHandle, | ||
| _Out_opt_ PCLIENT_ID | ClientId, | ||
| _Out_opt_ PHANDLE | ProcessHandle, | ||
| _Out_opt_ PHANDLE | ThreadHandle | ||
| ) |
Creates a native process and an initial thread.
| FileName | The Win32 file name of the image. |
| CommandLine | The command line string to pass to the process. This string cannot be used to specify the image to execute. |
| Environment | The environment block for the process. Specify NULL to use the environment of the current process. |
| CurrentDirectory | The current directory string to pass to the process. |
| Information | Additional parameters to pass to the process. |
| Flags | A combination of the following:
|
| ParentProcessHandle | The process from which the new process will inherit attributes. Specify NULL for the current process. |
| ClientId | A variable which recieves the identifier of the initial thread. |
| ProcessHandle | A variable which receives a handle to the process. |
| ThreadHandle | A variable which receives a handle to the initial thread. |
| PHLIBAPI NTSTATUS NTAPI PhCreateProcessAsUser | ( | _In_ PPH_CREATE_PROCESS_AS_USER_INFO | Information, |
| _In_ ULONG | Flags, | ||
| _Out_opt_ PCLIENT_ID | ClientId, | ||
| _Out_opt_ PHANDLE | ProcessHandle, | ||
| _Out_opt_ PHANDLE | ThreadHandle | ||
| ) |
Creates a Win32 process and an initial thread under the specified user.
| Information | Parameters specifying how to create the process. |
| Flags | See PhCreateProcess(). Additional flags may be used:
|
| ClientId | A variable which recieves the identifier of the initial thread. |
| ProcessHandle | A variable which receives a handle to the process. |
| ThreadHandle | A variable which receives a handle to the initial thread. |
| PHLIBAPI NTSTATUS NTAPI PhCreateProcessWin32 | ( | _In_opt_ PWSTR | FileName, |
| _In_opt_ PWSTR | CommandLine, | ||
| _In_opt_ PVOID | Environment, | ||
| _In_opt_ PWSTR | CurrentDirectory, | ||
| _In_ ULONG | Flags, | ||
| _In_opt_ HANDLE | TokenHandle, | ||
| _Out_opt_ PHANDLE | ProcessHandle, | ||
| _Out_opt_ PHANDLE | ThreadHandle | ||
| ) |
Creates a Win32 process and an initial thread.
| FileName | The Win32 file name of the image. |
| CommandLine | The command line to execute. This can be specified instead of FileName to indicate the image to execute. |
| Environment | The environment block for the process. Specify NULL to use the environment of the current process. |
| CurrentDirectory | The current directory string to pass to the process. |
| Flags | See PhCreateProcess(). |
| TokenHandle | The token of the process. Specify NULL for the token of the parent process. |
| ProcessHandle | A variable which receives a handle to the process. |
| ThreadHandle | A variable which receives a handle to the initial thread. |
| PHLIBAPI NTSTATUS NTAPI PhCreateProcessWin32Ex | ( | _In_opt_ PWSTR | FileName, |
| _In_opt_ PWSTR | CommandLine, | ||
| _In_opt_ PVOID | Environment, | ||
| _In_opt_ PWSTR | CurrentDirectory, | ||
| _In_opt_ STARTUPINFO * | StartupInfo, | ||
| _In_ ULONG | Flags, | ||
| _In_opt_ HANDLE | TokenHandle, | ||
| _Out_opt_ PCLIENT_ID | ClientId, | ||
| _Out_opt_ PHANDLE | ProcessHandle, | ||
| _Out_opt_ PHANDLE | ThreadHandle | ||
| ) |
Creates a Win32 process and an initial thread.
| FileName | The Win32 file name of the image. |
| CommandLine | The command line to execute. This can be specified instead of FileName to indicate the image to execute. |
| Environment | The environment block for the process. Specify NULL to use the environment of the current process. |
| CurrentDirectory | The current directory string to pass to the process. |
| StartupInfo | A STARTUPINFO structure containing additional parameters for the process. |
| Flags | See PhCreateProcess(). |
| TokenHandle | The token of the process. Specify NULL for the token of the parent process. |
| ClientId | A variable which recieves the identifier of the initial thread. |
| ProcessHandle | A variable which receives a handle to the process. |
| ThreadHandle | A variable which receives a handle to the initial thread. |
Creates a file dialog for the user to select a file to save to.
| PHLIBAPI NTSTATUS NTAPI PhDeleteFileWin32 | ( | _In_ PWSTR | FileName | ) |
| PHLIBAPI VOID NTAPI PhDeleteImageVersionInfo | ( | _Inout_ PPH_IMAGE_VERSION_INFO | ImageVersionInfo | ) |
Frees a version information structure initialized by PhInitializeImageVersionInfo().
| ImageVersionInfo | The version information structure. |
| PHLIBAPI VOID NTAPI PhDeleteProviderThread | ( | _Inout_ PPH_PROVIDER_THREAD | ProviderThread | ) |
Frees resources used by a provider thread.
| ProviderThread | A pointer to a provider thread object. |
Definition at line 87 of file provider.c.
| PHLIBAPI NTSTATUS NTAPI PhDisconnectNamedPipe | ( | _In_ HANDLE | FileHandle | ) |
| PHLIBAPI NTSTATUS NTAPI PhDuplicateObject | ( | _In_ HANDLE | SourceProcessHandle, |
| _In_ HANDLE | SourceHandle, | ||
| _In_opt_ HANDLE | TargetProcessHandle, | ||
| _Out_opt_ PHANDLE | TargetHandle, | ||
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_ ULONG | HandleAttributes, | ||
| _In_ ULONG | Options | ||
| ) |
Duplicates a handle.
| SourceProcessHandle | A handle to the source process. The handle must have PROCESS_DUP_HANDLE access. |
| SourceHandle | The handle to duplicate from the source process. |
| TargetProcessHandle | A handle to the target process. If DUPLICATE_CLOSE_SOURCE is specified in the Options parameter, this parameter can be NULL. |
| TargetHandle | A variable which receives the new handle in the target process. If DUPLICATE_CLOSE_SOURCE is specified in the Options parameter, this parameter can be NULL. |
| DesiredAccess | The desired access to the object referenced by the source handle. |
| HandleAttributes | The attributes to apply to the new handle. |
| Options | The options to use when duplicating the handle. |
| PHLIBAPI PPH_STRING NTAPI PhEllipsisString | ( | _In_ PPH_STRING | String, |
| _In_ ULONG | DesiredCount | ||
| ) |
Modifies a string to ensure it is within the specified length.
| String | The input string. |
| DesiredCount | The desired number of characters in the new string. If necessary, parts of the string are replaced with an ellipsis to indicate characters have been omitted. |
| PHLIBAPI PPH_STRING NTAPI PhEllipsisStringPath | ( | _In_ PPH_STRING | String, |
| _In_ ULONG | DesiredCount | ||
| ) |
Modifies a string to ensure it is within the specified length, parsing the string as a path.
| String | The input string. |
| DesiredCount | The desired number of characters in the new string. If necessary, parts of the string are replaced with an ellipsis to indicate characters have been omitted. |
| PHLIBAPI NTSTATUS NTAPI PhEnumDirectoryFile | ( | _In_ HANDLE | FileHandle, |
| _In_opt_ PUNICODE_STRING | SearchPattern, | ||
| _In_ PPH_ENUM_DIRECTORY_FILE | Callback, | ||
| _In_opt_ PVOID | Context | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhEnumDirectoryObjects | ( | _In_ HANDLE | DirectoryHandle, |
| _In_ PPH_ENUM_DIRECTORY_OBJECTS | Callback, | ||
| _In_opt_ PVOID | Context | ||
| ) |
Enumerates the objects in a directory object.
| DirectoryHandle | A handle to a directory. The handle must have DIRECTORY_QUERY access. |
| Callback | A callback function which is executed for each object. |
| Context | A user-defined value to pass to the callback function. |
| PHLIBAPI NTSTATUS NTAPI PhEnumFileStreams | ( | _In_ HANDLE | FileHandle, |
| _Out_ PVOID * | Streams | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhEnumGenericModules | ( | _In_ HANDLE | ProcessId, |
| _In_opt_ HANDLE | ProcessHandle, | ||
| _In_ ULONG | Flags, | ||
| _In_ PPH_ENUM_GENERIC_MODULES_CALLBACK | Callback, | ||
| _In_opt_ PVOID | Context | ||
| ) |
Enumerates the modules loaded by a process.
| ProcessId | The ID of a process. If SYSTEM_PROCESS_ID is specified the function enumerates the kernel modules. |
| ProcessHandle | A handle to the process. |
| Flags | Flags controlling the information to retrieve.
|
| Callback | A callback function which is executed for each module. |
| Context | A user-defined value to pass to the callback function. |
| PHLIBAPI NTSTATUS NTAPI PhEnumHandles | ( | _Out_ PSYSTEM_HANDLE_INFORMATION * | Handles | ) |
Enumerates all open handles.
| Handles | A variable which receives a pointer to a structure containing information about all opened handles. You must free the structure using PhFree() when you no longer need it. |
| STATUS_INSUFFICIENT_RESOURCES | The handle information returned by the kernel is too large. |
| PHLIBAPI NTSTATUS NTAPI PhEnumHandlesEx | ( | _Out_ PSYSTEM_HANDLE_INFORMATION_EX * | Handles | ) |
Enumerates all open handles.
| Handles | A variable which receives a pointer to a structure containing information about all opened handles. You must free the structure using PhFree() when you no longer need it. |
| STATUS_INSUFFICIENT_RESOURCES | The handle information returned by the kernel is too large. |
| PHLIBAPI NTSTATUS NTAPI PhEnumKernelModules | ( | _Out_ PRTL_PROCESS_MODULES * | Modules | ) |
| NTSTATUS NTAPI PhEnumKernelModulesEx | ( | _Out_ PRTL_PROCESS_MODULE_INFORMATION_EX * | Modules | ) |
| PHLIBAPI NTSTATUS NTAPI PhEnumObjectTypes | ( | _Out_ POBJECT_TYPES_INFORMATION * | ObjectTypes | ) |
Definition at line 1415 of file hndlinfo.c.
| PHLIBAPI NTSTATUS NTAPI PhEnumPagefiles | ( | _Out_ PVOID * | Pagefiles | ) |
Enumerates all pagefiles.
| Pagefiles | A variable which receives a pointer to a buffer containing information about all active pagefiles. You must free the structure using PhFree() when you no longer need it. |
| STATUS_INSUFFICIENT_RESOURCES | The handle information returned by the kernel is too large. |
| PHLIBAPI BOOLEAN NTAPI PhEnumProcessEnvironmentVariables | ( | _In_ PVOID | Environment, |
| _In_ ULONG | EnvironmentLength, | ||
| _Inout_ PULONG | EnumerationKey, | ||
| _Out_ PPH_ENVIRONMENT_VARIABLE | Variable | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhEnumProcesses | ( | _Out_ PVOID * | Processes | ) |
Enumerates the running processes.
| Processes | A variable which receives a pointer to a buffer containing process information. You must free the buffer using PhFree() when you no longer need it. |
| PHLIBAPI NTSTATUS NTAPI PhEnumProcessesEx | ( | _Out_ PVOID * | Processes, |
| _In_ SYSTEM_INFORMATION_CLASS | SystemInformationClass | ||
| ) |
Enumerates the running processes.
| Processes | A variable which receives a pointer to a buffer containing process information. You must free the buffer using PhFree() when you no longer need it. |
| PHLIBAPI NTSTATUS NTAPI PhEnumProcessesForSession | ( | _Out_ PVOID * | Processes, |
| _In_ ULONG | SessionId | ||
| ) |
Enumerates the running processes for a session.
| Processes | A variable which receives a pointer to a buffer containing process information. You must free the buffer using PhFree() when you no longer need it. |
| SessionId | A session ID. |
| PHLIBAPI NTSTATUS NTAPI PhEnumProcessModules | ( | _In_ HANDLE | ProcessHandle, |
| _In_ PPH_ENUM_PROCESS_MODULES_CALLBACK | Callback, | ||
| _In_opt_ PVOID | Context | ||
| ) |
Enumerates the modules loaded by a process.
| ProcessHandle | A handle to a process. The handle must have PROCESS_QUERY_LIMITED_INFORMATION and PROCESS_VM_READ access. |
| Callback | A callback function which is executed for each process module. |
| Context | A user-defined value to pass to the callback function. |
| PHLIBAPI NTSTATUS NTAPI PhEnumProcessModules32 | ( | _In_ HANDLE | ProcessHandle, |
| _In_ PPH_ENUM_PROCESS_MODULES_CALLBACK | Callback, | ||
| _In_opt_ PVOID | Context | ||
| ) |
Enumerates the 32-bit modules loaded by a process.
| ProcessHandle | A handle to a process. The handle must have PROCESS_QUERY_LIMITED_INFORMATION and PROCESS_VM_READ access. |
| Callback | A callback function which is executed for each process module. |
| Context | A user-defined value to pass to the callback function. |
| STATUS_NOT_SUPPORTED | The process is not running under WOW64. |
| PHLIBAPI NTSTATUS NTAPI PhEnumProcessModules32Ex | ( | _In_ HANDLE | ProcessHandle, |
| _In_ PPH_ENUM_PROCESS_MODULES_PARAMETERS | Parameters | ||
| ) |
Enumerates the 32-bit modules loaded by a process.
| ProcessHandle | A handle to a process. The handle must have PROCESS_QUERY_LIMITED_INFORMATION and PROCESS_VM_READ access. If PH_ENUM_PROCESS_MODULES_TRY_MAPPED_FILE_NAME is specified in Parameters, the handle should have PROCESS_QUERY_INFORMATION access. |
| Parameters | The enumeration parameters. |
| STATUS_NOT_SUPPORTED | The process is not running under WOW64. |
| PHLIBAPI NTSTATUS NTAPI PhEnumProcessModulesEx | ( | _In_ HANDLE | ProcessHandle, |
| _In_ PPH_ENUM_PROCESS_MODULES_PARAMETERS | Parameters | ||
| ) |
Enumerates the modules loaded by a process.
| ProcessHandle | A handle to a process. The handle must have PROCESS_QUERY_LIMITED_INFORMATION and PROCESS_VM_READ access. If PH_ENUM_PROCESS_MODULES_TRY_MAPPED_FILE_NAME is specified in Parameters, the handle should have PROCESS_QUERY_INFORMATION access. |
| Parameters | The enumeration parameters. |
| PHLIBAPI PVOID NTAPI PhEnumServices | ( | _In_ SC_HANDLE | ScManagerHandle, |
| _In_opt_ ULONG | Type, | ||
| _In_opt_ ULONG | State, | ||
| _Out_ PULONG | Count | ||
| ) |
| PHLIBAPI PPH_STRING NTAPI PhEscapeCommandLinePart | ( | _In_ PPH_STRINGREF | String | ) |
| PHLIBAPI PPH_STRING NTAPI PhEscapeStringForMenuPrefix | ( | _In_ PPH_STRINGREF | String | ) |
| PHLIBAPI PPH_STRING NTAPI PhExpandEnvironmentStrings | ( | _In_ PPH_STRINGREF | String | ) |
| PPH_STRING NTAPI PhExpandKeyName | ( | _In_ PPH_STRING | KeyName, |
| _In_ BOOLEAN | Computer | ||
| ) |
| NTSTATUS NTAPI PhFilterTokenForLimitedUser | ( | _In_ HANDLE | TokenHandle, |
| _Out_ PHANDLE | NewTokenHandle | ||
| ) |
Filters a token to create a limited user security context.
| TokenHandle | A handle to an existing token. The handle must have TOKEN_DUPLICATE, TOKEN_QUERY, TOKEN_ADJUST_GROUPS, TOKEN_ADJUST_DEFAULT, READ_CONTROL and WRITE_DAC access. |
| NewTokenHandle | A variable which receives a handle to the filtered token. The handle will have the same granted access as TokenHandle. |
| PHLIBAPI BOOLEAN NTAPI PhFinalHash | ( | _Inout_ PPH_HASH_CONTEXT | Context, |
| _Out_writes_bytes_(HashLength) PVOID | Hash, | ||
| _In_ ULONG | HashLength, | ||
| _Out_opt_ PULONG | ReturnLength | ||
| ) |
| PHLIBAPI BOOLEAN NTAPI PhFindIntegerSiKeyValuePairs | ( | _In_ PPH_KEY_VALUE_PAIR | KeyValuePairs, |
| _In_ ULONG | SizeOfKeyValuePairs, | ||
| _In_ PWSTR | String, | ||
| _Out_ PULONG | Integer | ||
| ) |
Finds an integer in an array of string-integer pairs.
| KeyValuePairs | The array. |
| SizeOfKeyValuePairs | The size of the array, in bytes. |
| String | The string to search for. |
| Integer | A variable which receives the found integer. |
| PHLIBAPI PLDR_DATA_TABLE_ENTRY NTAPI PhFindLoaderEntry | ( | _In_opt_ PVOID | DllBase, |
| _In_opt_ PPH_STRINGREF | FullDllName, | ||
| _In_opt_ PPH_STRINGREF | BaseDllName | ||
| ) |
Locates a loader entry in the current process.
| DllBase | The base address of the DLL. Specify NULL if this is not a search criteria. |
| FullDllName | The full name of the DLL. Specify NULL if this is not a search criteria. |
| BaseDllName | The base name of the DLL. Specify NULL if this is not a search criteria. |
| PHLIBAPI PSYSTEM_PROCESS_INFORMATION NTAPI PhFindProcessInformation | ( | _In_ PVOID | Processes, |
| _In_ HANDLE | ProcessId | ||
| ) |
Finds the process information structure for a specific process.
| Processes | A pointer to a buffer returned by PhEnumProcesses(). |
| ProcessId | The ID of the process. |
| PHLIBAPI PSYSTEM_PROCESS_INFORMATION NTAPI PhFindProcessInformationByImageName | ( | _In_ PVOID | Processes, |
| _In_ PPH_STRINGREF | ImageName | ||
| ) |
Finds the process information structure for a specific process.
| Processes | A pointer to a buffer returned by PhEnumProcesses(). |
| ImageName | The image name to search for. |
| PHLIBAPI BOOLEAN NTAPI PhFindStringSiKeyValuePairs | ( | _In_ PPH_KEY_VALUE_PAIR | KeyValuePairs, |
| _In_ ULONG | SizeOfKeyValuePairs, | ||
| _In_ ULONG | Integer, | ||
| _Out_ PWSTR * | String | ||
| ) |
Finds a string in an array of string-integer pairs.
| KeyValuePairs | The array. |
| SizeOfKeyValuePairs | The size of the array, in bytes. |
| Integer | The integer to search for. |
| String | A variable which receives the found string. |
| PHLIBAPI NTSTATUS NTAPI PhFlushFileStream | ( | _Inout_ PPH_FILE_STREAM | FileStream, |
| _In_ BOOLEAN | Full | ||
| ) |
| PHLIBAPI PPH_STRING NTAPI PhFormatDate | ( | _In_opt_ PSYSTEMTIME | Date, |
| _In_opt_ PWSTR | Format | ||
| ) |
| PHLIBAPI PPH_STRING NTAPI PhFormatDateTime | ( | _In_opt_ PSYSTEMTIME | DateTime | ) |
| PHLIBAPI PPH_STRING NTAPI PhFormatDecimal | ( | _In_ PWSTR | Value, |
| _In_ ULONG | FractionalDigits, | ||
| _In_ BOOLEAN | GroupDigits | ||
| ) |
| PHLIBAPI PPH_STRING NTAPI PhFormatGuid | ( | _In_ PGUID | Guid | ) |
| PHLIBAPI PPH_STRING NTAPI PhFormatImageVersionInfo | ( | _In_opt_ PPH_STRING | FileName, |
| _In_ PPH_IMAGE_VERSION_INFO | ImageVersionInfo, | ||
| _In_opt_ PPH_STRINGREF | Indent, | ||
| _In_opt_ ULONG | LineLimit | ||
| ) |
| PHLIBAPI PPH_STRING NTAPI PhFormatNativeKeyName | ( | _In_ PPH_STRING | Name | ) |
Definition at line 361 of file hndlinfo.c.
| PHLIBAPI PPH_STRING NTAPI PhFormatSize | ( | _In_ ULONG64 | Size, |
| _In_ ULONG | MaxSizeUnit | ||
| ) |
| PHLIBAPI PPH_STRING NTAPI PhFormatTime | ( | _In_opt_ PSYSTEMTIME | Time, |
| _In_opt_ PWSTR | Format | ||
| ) |
| PHLIBAPI PPH_STRING NTAPI PhFormatTimeSpanRelative | ( | _In_ ULONG64 | TimeSpan | ) |
| PHLIBAPI PPH_STRING NTAPI PhFormatUInt64 | ( | _In_ ULONG64 | Value, |
| _In_ BOOLEAN | GroupDigits | ||
| ) |
| PHLIBAPI VOID NTAPI PhGenerateGuidFromName | ( | _Out_ PGUID | Guid, |
| _In_ PGUID | Namespace, | ||
| _In_ PCHAR | Name, | ||
| _In_ ULONG | NameLength, | ||
| _In_ UCHAR | Version | ||
| ) |
Creates a name-based (type 3 or 5) UUID.
| Guid | The destination UUID. |
| Namespace | The UUID of the namespace. |
| Name | The input name. |
| NameLength | The length of the input name, not including the null terminator if present. |
| Version | The type of UUID.
|
| PHLIBAPI PPH_STRING NTAPI PhGetApplicationDirectory | ( | VOID | ) |
| PHLIBAPI PPH_STRING NTAPI PhGetApplicationFileName | ( | VOID | ) |
| PHLIBAPI PPH_STRING NTAPI PhGetBaseName | ( | _In_ PPH_STRING | FileName | ) |
| PHLIBAPI PPH_STRING NTAPI PhGetDllFileName | ( | _In_ PVOID | DllHandle, |
| _Out_opt_ PULONG | IndexOfFileName | ||
| ) |
Retrieves the file name of a DLL loaded by the current process.
| DllHandle | The base address of the DLL. |
| IndexOfFileName | A variable which receives the index of the base name of the DLL in the returned string. |
| NTSTATUS NTAPI PhGetDriverName | ( | _In_ HANDLE | DriverHandle, |
| _Out_ PPH_STRING * | Name | ||
| ) |
Gets the object name of a driver.
| DriverHandle | A handle to a driver. |
| Name | A variable which receives a pointer to a string containing the object name. You must free the string using PhDereferenceObject() when you no longer need it. |
| NTSTATUS NTAPI PhGetDriverServiceKeyName | ( | _In_ HANDLE | DriverHandle, |
| _Out_ PPH_STRING * | ServiceKeyName | ||
| ) |
Gets the service key name of a driver.
| DriverHandle | A handle to a driver. |
| ServiceKeyName | A variable which receives a pointer to a string containing the service key name. You must free the string using PhDereferenceObject() when you no longer need it. |
| PHLIBAPI BOOLEAN NTAPI PhGetEnabledProvider | ( | _In_ PPH_PROVIDER_REGISTRATION | Registration | ) |
Gets whether a provider is enabled.
| Registration | A pointer to the registration object for a provider. |
Definition at line 474 of file provider.c.
| PHLIBAPI NTSTATUS NTAPI PhGetEnlistmentBasicInformation | ( | _In_ HANDLE | EnlistmentHandle, |
| _Out_ PENLISTMENT_BASIC_INFORMATION | BasicInformation | ||
| ) |
| PHLIBAPI PPH_STRING NTAPI PhGetFileDialogFileName | ( | _In_ PVOID | FileDialog | ) |
Gets the file name selected in a file dialog.
| FileDialog | The file dialog. |
| PHLIBAPI ULONG NTAPI PhGetFileDialogFilterIndex | ( | _In_ PVOID | FileDialog | ) |
| PHLIBAPI ULONG NTAPI PhGetFileDialogOptions | ( | _In_ PVOID | FileDialog | ) |
Gets the options for a file dialog.
| FileDialog | The file dialog. |
| PHLIBAPI PPH_STRING NTAPI PhGetFileName | ( | _In_ PPH_STRING | FileName | ) |
Converts a file name into Win32 format.
| FileName | A string containing a file name. |
| PHLIBAPI NTSTATUS NTAPI PhGetFileSize | ( | _In_ HANDLE | FileHandle, |
| _Out_ PLARGE_INTEGER | Size | ||
| ) |
| PHLIBAPI PVOID NTAPI PhGetFileVersionInfo | ( | _In_ PWSTR | FileName | ) |
| PHLIBAPI ULONG NTAPI PhGetFileVersionInfoLangCodePage | ( | _In_ PVOID | VersionInfo | ) |
| PHLIBAPI PPH_STRING NTAPI PhGetFileVersionInfoString | ( | _In_ PVOID | VersionInfo, |
| _In_ PWSTR | SubBlock | ||
| ) |
| PHLIBAPI PPH_STRING NTAPI PhGetFileVersionInfoString2 | ( | _In_ PVOID | VersionInfo, |
| _In_ ULONG | LangCodePage, | ||
| _In_ PWSTR | StringName | ||
| ) |
| PHLIBAPI PPH_STRING NTAPI PhGetFullPath | ( | _In_ PWSTR | FileName, |
| _Out_opt_ PULONG | IndexOfFileName | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhGetHandleInformation | ( | _In_ HANDLE | ProcessHandle, |
| _In_ HANDLE | Handle, | ||
| _In_ ULONG | ObjectTypeNumber, | ||
| _Out_opt_ POBJECT_BASIC_INFORMATION | BasicInformation, | ||
| _Out_opt_ PPH_STRING * | TypeName, | ||
| _Out_opt_ PPH_STRING * | ObjectName, | ||
| _Out_opt_ PPH_STRING * | BestObjectName | ||
| ) |
Gets information for a handle.
| ProcessHandle | A handle to the process in which the handle resides. |
| Handle | The handle value. |
| ObjectTypeNumber | The object type number of the handle. You can specify -1 for this parameter if the object type number is not known. |
| BasicInformation | A variable which receives basic information about the object. |
| TypeName | A variable which receives the object type name. |
| ObjectName | A variable which receives the object name. |
| BestObjectName | A variable which receives the formatted object name. |
| STATUS_INVALID_HANDLE | The handle specified in ProcessHandle or Handle is invalid. |
| STATUS_INVALID_PARAMETER_3 | The value specified in ObjectTypeNumber is invalid. |
Definition at line 1155 of file hndlinfo.c.
| PHLIBAPI NTSTATUS NTAPI PhGetHandleInformationEx | ( | _In_ HANDLE | ProcessHandle, |
| _In_ HANDLE | Handle, | ||
| _In_ ULONG | ObjectTypeNumber, | ||
| _Reserved_ ULONG | Flags, | ||
| _Out_opt_ PNTSTATUS | SubStatus, | ||
| _Out_opt_ POBJECT_BASIC_INFORMATION | BasicInformation, | ||
| _Out_opt_ PPH_STRING * | TypeName, | ||
| _Out_opt_ PPH_STRING * | ObjectName, | ||
| _Out_opt_ PPH_STRING * | BestObjectName, | ||
| _Reserved_ PVOID * | ExtraInformation | ||
| ) |
Gets information for a handle.
| ProcessHandle | A handle to the process in which the handle resides. |
| Handle | The handle value. |
| ObjectTypeNumber | The object type number of the handle. You can specify -1 for this parameter if the object type number is not known. |
| Flags | Reserved. |
| SubStatus | A variable which receives the NTSTATUS value of the last component that fails. If all operations succeed, the value will be STATUS_SUCCESS. If the function returns an error status, this variable is not set. |
| BasicInformation | A variable which receives basic information about the object. |
| TypeName | A variable which receives the object type name. |
| ObjectName | A variable which receives the object name. |
| BestObjectName | A variable which receives the formatted object name. |
| ExtraInformation | Reserved. |
| STATUS_INVALID_HANDLE | The handle specified in ProcessHandle or Handle is invalid. |
| STATUS_INVALID_PARAMETER_3 | The value specified in ObjectTypeNumber is invalid. |
Definition at line 1232 of file hndlinfo.c.
| PHLIBAPI NTSTATUS NTAPI PhGetJobProcessIdList | ( | _In_ HANDLE | JobHandle, |
| _Out_ PJOBOBJECT_BASIC_PROCESS_ID_LIST * | ProcessIdList | ||
| ) |
| PHLIBAPI PPH_STRING NTAPI PhGetKernelFileName | ( | VOID | ) |
Gets the file name of the kernel image.
| PHLIBAPI PPH_STRING NTAPI PhGetKnownLocation | ( | _In_ ULONG | Folder, |
| _In_opt_ PWSTR | AppendPath | ||
| ) |
| LSA_HANDLE NTAPI PhGetLookupPolicyHandle | ( | VOID | ) |
| PHLIBAPI NTSTATUS NTAPI PhGetMappedArchiveImportEntry | ( | _In_ PPH_MAPPED_ARCHIVE_MEMBER | Member, |
| _Out_ PPH_MAPPED_ARCHIVE_IMPORT_ENTRY | Entry | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhGetMappedImageDataEntry | ( | _In_ PPH_MAPPED_IMAGE | MappedImage, |
| _In_ ULONG | Index, | ||
| _Out_ PIMAGE_DATA_DIRECTORY * | Entry | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhGetMappedImageDelayImports | ( | _Out_ PPH_MAPPED_IMAGE_IMPORTS | Imports, |
| _In_ PPH_MAPPED_IMAGE | MappedImage | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhGetMappedImageExportEntry | ( | _In_ PPH_MAPPED_IMAGE_EXPORTS | Exports, |
| _In_ ULONG | Index, | ||
| _Out_ PPH_MAPPED_IMAGE_EXPORT_ENTRY | Entry | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhGetMappedImageExportFunction | ( | _In_ PPH_MAPPED_IMAGE_EXPORTS | Exports, |
| _In_opt_ PSTR | Name, | ||
| _In_opt_ USHORT | Ordinal, | ||
| _Out_ PPH_MAPPED_IMAGE_EXPORT_FUNCTION | Function | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhGetMappedImageExportFunctionRemote | ( | _In_ PPH_MAPPED_IMAGE_EXPORTS | Exports, |
| _In_opt_ PSTR | Name, | ||
| _In_opt_ USHORT | Ordinal, | ||
| _In_ PVOID | RemoteBase, | ||
| _Out_ PVOID * | Function | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhGetMappedImageExports | ( | _Out_ PPH_MAPPED_IMAGE_EXPORTS | Exports, |
| _In_ PPH_MAPPED_IMAGE | MappedImage | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhGetMappedImageImportDll | ( | _In_ PPH_MAPPED_IMAGE_IMPORTS | Imports, |
| _In_ ULONG | Index, | ||
| _Out_ PPH_MAPPED_IMAGE_IMPORT_DLL | ImportDll | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhGetMappedImageImportEntry | ( | _In_ PPH_MAPPED_IMAGE_IMPORT_DLL | ImportDll, |
| _In_ ULONG | Index, | ||
| _Out_ PPH_MAPPED_IMAGE_IMPORT_ENTRY | Entry | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhGetMappedImageImports | ( | _Out_ PPH_MAPPED_IMAGE_IMPORTS | Imports, |
| _In_ PPH_MAPPED_IMAGE | MappedImage | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhGetMappedImageLoadConfig32 | ( | _In_ PPH_MAPPED_IMAGE | MappedImage, |
| _Out_ PIMAGE_LOAD_CONFIG_DIRECTORY32 * | LoadConfig | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhGetMappedImageLoadConfig64 | ( | _In_ PPH_MAPPED_IMAGE | MappedImage, |
| _Out_ PIMAGE_LOAD_CONFIG_DIRECTORY64 * | LoadConfig | ||
| ) |
| PHLIBAPI BOOLEAN NTAPI PhGetMappedImageSectionName | ( | _In_ PIMAGE_SECTION_HEADER | Section, |
| _Out_writes_opt_z_(Count) PSTR | Buffer, | ||
| _In_ ULONG | Count, | ||
| _Out_opt_ PULONG | ReturnCount | ||
| ) |
| PHLIBAPI PPH_STRING NTAPI PhGetMessage | ( | _In_ PVOID | DllHandle, |
| _In_ ULONG | MessageTableId, | ||
| _In_ ULONG | MessageLanguageId, | ||
| _In_ ULONG | MessageId | ||
| ) |
Gets a string stored in a DLL's message table.
| DllHandle | The base address of the DLL. |
| MessageTableId | The identifier of the message table. |
| MessageLanguageId | The language ID of the message. |
| MessageId | The identifier of the message. |
| PHLIBAPI NTSTATUS NTAPI PhGetNextMappedArchiveMember | ( | _In_ PPH_MAPPED_ARCHIVE_MEMBER | Member, |
| _Out_ PPH_MAPPED_ARCHIVE_MEMBER | NextMember | ||
| ) |
| PHLIBAPI PPH_STRING NTAPI PhGetNtMessage | ( | _In_ NTSTATUS | Status | ) |
| PHLIBAPI NTSTATUS NTAPI PhGetObjectSecurity | ( | _In_ HANDLE | Handle, |
| _In_ SECURITY_INFORMATION | SecurityInformation, | ||
| _Out_ PSECURITY_DESCRIPTOR * | SecurityDescriptor | ||
| ) |
| ULONG NTAPI PhGetObjectTypeNumber | ( | _In_ PUNICODE_STRING | TypeName | ) |
Definition at line 1455 of file hndlinfo.c.
| PHLIBAPI VOID NTAPI PhGetPositionFileStream | ( | _In_ PPH_FILE_STREAM | FileStream, |
| _Out_ PLARGE_INTEGER | Position | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhGetProcedureAddressRemote | ( | _In_ HANDLE | ProcessHandle, |
| _In_ PWSTR | FileName, | ||
| _In_opt_ PSTR | ProcedureName, | ||
| _In_opt_ ULONG | ProcedureNumber, | ||
| _Out_ PVOID * | ProcedureAddress, | ||
| _Out_opt_ PVOID * | DllBase | ||
| ) |
Gets the address of a procedure in a process.
| ProcessHandle | A handle to a process. The handle must have PROCESS_QUERY_LIMITED_INFORMATION and PROCESS_VM_READ access. |
| FileName | The file name of the DLL containing the procedure. |
| ProcedureName | The name of the procedure. |
| ProcedureNumber | The ordinal of the procedure. |
| ProcedureAddress | A variable which receives the address of the procedure in the address space of the process. |
| DllBase | A variable which receives the base address of the DLL containing the procedure. |
| PHLIBAPI NTSTATUS NTAPI PhGetProcessCommandLine | ( | _In_ HANDLE | ProcessHandle, |
| _Out_ PPH_STRING * | CommandLine | ||
| ) |
Gets a process' command line.
| ProcessHandle | A handle to a process. The handle must have PROCESS_QUERY_LIMITED_INFORMATION. Before Windows 8.1, the handle must also have PROCESS_VM_READ access. |
| String | A variable which receives a pointer to a string containing the command line. You must free the string using PhDereferenceObject() when you no longer need it. |
| PHLIBAPI NTSTATUS NTAPI PhGetProcessDepStatus | ( | _In_ HANDLE | ProcessHandle, |
| _Out_ PULONG | DepStatus | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhGetProcessEnvironment | ( | _In_ HANDLE | ProcessHandle, |
| _In_ ULONG | Flags, | ||
| _Out_ PVOID * | Environment, | ||
| _Out_ PULONG | EnvironmentLength | ||
| ) |
Gets a process' environment block.
| ProcessHandle | A handle to a process. The handle must have PROCESS_QUERY_INFORMATION and PROCESS_VM_READ access. |
| Flags | A combination of flags.
|
| Environment | A variable which will receive a pointer to the environment block copied from the process. You must free the block using PhFreePage() when you no longer need it. |
| EnvironmentLength | A variable which will receive the length of the environment block, in bytes. |
| PHLIBAPI NTSTATUS NTAPI PhGetProcessExecuteFlags | ( | _In_ HANDLE | ProcessHandle, |
| _Out_ PULONG | ExecuteFlags | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhGetProcessImageFileName | ( | _In_ HANDLE | ProcessHandle, |
| _Out_ PPH_STRING * | FileName | ||
| ) |
Gets the file name of the process' image.
| ProcessHandle | A handle to a process. The handle must have PROCESS_QUERY_LIMITED_INFORMATION access. |
| FileName | A variable which receives a pointer to a string containing the file name. You must free the string using PhDereferenceObject() when you no longer need it. |
| PHLIBAPI NTSTATUS NTAPI PhGetProcessImageFileNameByProcessId | ( | _In_ HANDLE | ProcessId, |
| _Out_ PPH_STRING * | FileName | ||
| ) |
Gets the file name of a process' image.
| ProcessId | The ID of the process. |
| FileName | A variable which receives a pointer to a string containing the file name. You must free the string using PhDereferenceObject() when you no longer need it. |
| PHLIBAPI NTSTATUS NTAPI PhGetProcessImageFileNameWin32 | ( | _In_ HANDLE | ProcessHandle, |
| _Out_ PPH_STRING * | FileName | ||
| ) |
Gets the Win32 file name of the process' image.
| ProcessHandle | A handle to a process. The handle must have PROCESS_QUERY_LIMITED_INFORMATION access. |
| FileName | A variable which receives a pointer to a string containing the file name. You must free the string using PhDereferenceObject() when you no longer need it. |
| PHLIBAPI NTSTATUS NTAPI PhGetProcessIsDotNet | ( | _In_ HANDLE | ProcessId, |
| _Out_ PBOOLEAN | IsDotNet | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhGetProcessIsDotNetEx | ( | _In_ HANDLE | ProcessId, |
| _In_opt_ HANDLE | ProcessHandle, | ||
| _In_ ULONG | InFlags, | ||
| _Out_opt_ PBOOLEAN | IsDotNet, | ||
| _Out_opt_ PULONG | Flags | ||
| ) |
Determines if a process is managed.
| ProcessId | The ID of the process. |
| ProcessHandle | An optional handle to the process. The handle must have PROCESS_QUERY_LIMITED_INFORMATION and PROCESS_VM_READ access. |
| InFlags | A combination of flags.
|
| IsDotNet | A variable which receives a boolean indicating whether the process is managed. |
| Flags | A variable which receives additional flags. |
| PHLIBAPI NTSTATUS NTAPI PhGetProcessIsPosix | ( | _In_ HANDLE | ProcessHandle, |
| _Out_ PBOOLEAN | IsPosix | ||
| ) |
Gets whether the process is running under the POSIX subsystem.
| ProcessHandle | A handle to a process. The handle must have PROCESS_QUERY_LIMITED_INFORMATION and PROCESS_VM_READ access. |
| IsPosix | A variable which receives a boolean indicating whether the process is running under the POSIX subsystem. |
| PHLIBAPI NTSTATUS NTAPI PhGetProcessMappedFileName | ( | _In_ HANDLE | ProcessHandle, |
| _In_ PVOID | BaseAddress, | ||
| _Out_ PPH_STRING * | FileName | ||
| ) |
Gets the file name of a mapped section.
| ProcessHandle | A handle to a process. The handle must have PROCESS_QUERY_INFORMATION access. |
| BaseAddress | The base address of the section view. |
| FileName | A variable which receives a pointer to a string containing the file name of the section. You must free the string using PhDereferenceObject() when you no longer need it. |
| PHLIBAPI NTSTATUS NTAPI PhGetProcessPebString | ( | _In_ HANDLE | ProcessHandle, |
| _In_ PH_PEB_OFFSET | Offset, | ||
| _Out_ PPH_STRING * | String | ||
| ) |
Gets a string stored in a process' parameters structure.
| ProcessHandle | A handle to a process. The handle must have PROCESS_QUERY_LIMITED_INFORMATION and PROCESS_VM_READ access. |
| Offset | The string to retrieve. |
| String | A variable which receives a pointer to the requested string. You must free the string using PhDereferenceObject() when you no longer need it. |
| STATUS_INVALID_PARAMETER_2 | An invalid value was specified in the Offset parameter. |
| PHLIBAPI NTSTATUS NTAPI PhGetProcessPosixCommandLine | ( | _In_ HANDLE | ProcessHandle, |
| _Out_ PPH_STRING * | CommandLine | ||
| ) |
Gets the POSIX command line of a process.
| ProcessHandle | A handle to a process. The handle must have PROCESS_QUERY_LIMITED_INFORMATION and PROCESS_VM_READ access. |
| CommandLine | A variable which receives a pointer to a string containing the POSIX command line. You must free the string using PhDereferenceObject() when you no longer need it. |
| STATUS_UNSUCCESSFUL | The command line of the process could not be retrieved because it is too large. |
| PHLIBAPI NTSTATUS NTAPI PhGetProcessWindowTitle | ( | _In_ HANDLE | ProcessHandle, |
| _Out_ PULONG | WindowFlags, | ||
| _Out_ PPH_STRING * | WindowTitle | ||
| ) |
Gets the window flags and window title of a process.
| ProcessHandle | A handle to a process. The handle must have PROCESS_QUERY_LIMITED_INFORMATION. Before Windows 7 SP1, the handle must also have PROCESS_VM_READ access. |
| WindowFlags | A variable which receives the window flags. |
| WindowTitle | A variable which receives a pointer to the window title. You must free the string using PhDereferenceObject() when you no longer need it. |
| PHLIBAPI NTSTATUS NTAPI PhGetProcessWorkingSetInformation | ( | _In_ HANDLE | ProcessHandle, |
| _Out_ PMEMORY_WORKING_SET_INFORMATION * | WorkingSetInformation | ||
| ) |
Gets working set information for a process.
| ProcessHandle | A handle to a process. The handle must have PROCESS_QUERY_INFORMATION access. |
| WorkingSetInformation | A variable which receives a pointer to the information. You must free the buffer using PhFree() when you no longer need it. |
| PHLIBAPI NTSTATUS NTAPI PhGetProcessWsCounters | ( | _In_ HANDLE | ProcessHandle, |
| _Out_ PPH_PROCESS_WS_COUNTERS | WsCounters | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhGetResourceManagerBasicInformation | ( | _In_ HANDLE | ResourceManagerHandle, |
| _Out_opt_ PGUID | Guid, | ||
| _Out_opt_ PPH_STRING * | Description | ||
| ) |
| PHLIBAPI ULONG NTAPI PhGetRunIdProvider | ( | _In_ PPH_PROVIDER_REGISTRATION | Registration | ) |
Gets the current run ID of a provider.
| Registration | A pointer to the registration object for a provider. |
Definition at line 461 of file provider.c.
| NTSTATUS NTAPI PhGetSectionFileName | ( | _In_ HANDLE | SectionHandle, |
| _Out_ PPH_STRING * | FileName | ||
| ) |
Definition at line 453 of file hndlinfo.c.
| PHLIBAPI PVOID NTAPI PhGetServiceConfig | ( | _In_ SC_HANDLE | ServiceHandle | ) |
| PHLIBAPI BOOLEAN NTAPI PhGetServiceDelayedAutoStart | ( | _In_ SC_HANDLE | ServiceHandle, |
| _Out_ PBOOLEAN | DelayedAutoStart | ||
| ) |
| PHLIBAPI PPH_STRING NTAPI PhGetServiceDescription | ( | _In_ SC_HANDLE | ServiceHandle | ) |
| NTSTATUS NTAPI PhGetServiceDllParameter | ( | _In_ PPH_STRINGREF | ServiceName, |
| _Out_ PPH_STRING * | ServiceDll | ||
| ) |
| PHLIBAPI ULONG NTAPI PhGetServiceErrorControlInteger | ( | _In_ PWSTR | ServiceErrorControl | ) |
| PHLIBAPI PWSTR NTAPI PhGetServiceErrorControlString | ( | _In_ ULONG | ServiceErrorControl | ) |
| PHLIBAPI PPH_STRING NTAPI PhGetServiceNameFromTag | ( | _In_ HANDLE | ProcessId, |
| _In_ PVOID | ServiceTag | ||
| ) |
| PHLIBAPI ULONG NTAPI PhGetServiceStartTypeInteger | ( | _In_ PWSTR | ServiceStartType | ) |
| PHLIBAPI PWSTR NTAPI PhGetServiceStartTypeString | ( | _In_ ULONG | ServiceStartType | ) |
| PHLIBAPI PWSTR NTAPI PhGetServiceStateString | ( | _In_ ULONG | ServiceState | ) |
| PHLIBAPI ULONG NTAPI PhGetServiceTypeInteger | ( | _In_ PWSTR | ServiceType | ) |
| PHLIBAPI PWSTR NTAPI PhGetServiceTypeString | ( | _In_ ULONG | ServiceType | ) |
| PHLIBAPI PPH_STRING NTAPI PhGetSidFullName | ( | _In_ PSID | Sid, |
| _In_ BOOLEAN | IncludeDomain, | ||
| _Out_opt_ PSID_NAME_USE | NameUse | ||
| ) |
Gets the name of a SID.
| Sid | A SID to query. |
| IncludeDomain | TRUE to include the domain name, otherwise FALSE. |
| NameUse | A variable which receives the SID's usage. |
| PPH_STRING NTAPI PhGetStatusMessage | ( | _In_ NTSTATUS | Status, |
| _In_opt_ ULONG | Win32Result | ||
| ) |
| PHLIBAPI PPH_STRING NTAPI PhGetSystemDirectory | ( | VOID | ) |
| PHLIBAPI VOID NTAPI PhGetSystemRoot | ( | _Out_ PPH_STRINGREF | SystemRoot | ) |
| PHLIBAPI NTSTATUS NTAPI PhGetThreadContext | ( | _In_ HANDLE | ThreadHandle, |
| _Inout_ PCONTEXT | Context | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhGetThreadServiceTag | ( | _In_ HANDLE | ThreadHandle, |
| _In_opt_ HANDLE | ProcessHandle, | ||
| _Out_ PVOID * | ServiceTag | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhGetTokenGroups | ( | _In_ HANDLE | TokenHandle, |
| _Out_ PTOKEN_GROUPS * | Groups | ||
| ) |
Gets a token's groups.
| TokenHandle | A handle to a token. The handle must have TOKEN_QUERY access. |
| Groups | A variable which receives a pointer to a structure containing the token's groups. You must free the structure using PhFree() when you no longer need it. |
| PHLIBAPI NTSTATUS NTAPI PhGetTokenIntegrityLevel | ( | _In_ HANDLE | TokenHandle, |
| _Out_opt_ PMANDATORY_LEVEL | IntegrityLevel, | ||
| _Out_opt_ PWSTR * | IntegrityString | ||
| ) |
Gets a token's integrity level.
| TokenHandle | A handle to a token. The handle must have TOKEN_QUERY access. |
| IntegrityLevel | A variable which receives the integrity level of the token. |
| IntegrityString | A variable which receives a pointer to a string containing a string representation of the integrity level. |
| PHLIBAPI NTSTATUS NTAPI PhGetTokenOwner | ( | _In_ HANDLE | TokenHandle, |
| _Out_ PTOKEN_OWNER * | Owner | ||
| ) |
Gets a token's owner.
| TokenHandle | A handle to a token. The handle must have TOKEN_QUERY access. |
| Owner | A variable which receives a pointer to a structure containing the token's owner. You must free the structure using PhFree() when you no longer need it. |
| PHLIBAPI NTSTATUS NTAPI PhGetTokenPrimaryGroup | ( | _In_ HANDLE | TokenHandle, |
| _Out_ PTOKEN_PRIMARY_GROUP * | PrimaryGroup | ||
| ) |
Gets a token's primary group.
| TokenHandle | A handle to a token. The handle must have TOKEN_QUERY access. |
| PrimaryGroup | A variable which receives a pointer to a structure containing the token's primary group. You must free the structure using PhFree() when you no longer need it. |
| PHLIBAPI NTSTATUS NTAPI PhGetTokenPrivileges | ( | _In_ HANDLE | TokenHandle, |
| _Out_ PTOKEN_PRIVILEGES * | Privileges | ||
| ) |
Gets a token's privileges.
| TokenHandle | A handle to a token. The handle must have TOKEN_QUERY access. |
| Privileges | A variable which receives a pointer to a structure containing the token's privileges. You must free the structure using PhFree() when you no longer need it. |
| PHLIBAPI NTSTATUS NTAPI PhGetTokenUser | ( | _In_ HANDLE | TokenHandle, |
| _Out_ PTOKEN_USER * | User | ||
| ) |
Gets a token's user.
| TokenHandle | A handle to a token. The handle must have TOKEN_QUERY access. |
| User | A variable which receives a pointer to a structure containing the token's user. You must free the structure using PhFree() when you no longer need it. |
| PHLIBAPI NTSTATUS NTAPI PhGetTransactionBasicInformation | ( | _In_ HANDLE | TransactionHandle, |
| _Out_ PTRANSACTION_BASIC_INFORMATION | BasicInformation | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhGetTransactionManagerBasicInformation | ( | _In_ HANDLE | TransactionManagerHandle, |
| _Out_ PTRANSACTIONMANAGER_BASIC_INFORMATION | BasicInformation | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhGetTransactionManagerLogFileName | ( | _In_ HANDLE | TransactionManagerHandle, |
| _Out_ PPH_STRING * | LogFileName | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhGetTransactionPropertiesInformation | ( | _In_ HANDLE | TransactionHandle, |
| _Out_opt_ PLARGE_INTEGER | Timeout, | ||
| _Out_opt_ TRANSACTION_OUTCOME * | Outcome, | ||
| _Out_opt_ PPH_STRING * | Description | ||
| ) |
| PHLIBAPI PPH_STRING NTAPI PhGetWin32Message | ( | _In_ ULONG | Result | ) |
| PHLIBAPI NTSTATUS NTAPI PhImpersonateClientOfNamedPipe | ( | _In_ HANDLE | FileHandle | ) |
| PHLIBAPI VOID NTAPI PhInitializeHash | ( | _Out_ PPH_HASH_CONTEXT | Context, |
| _In_ PH_HASH_ALGORITHM | Algorithm | ||
| ) |
| PHLIBAPI BOOLEAN NTAPI PhInitializeImageVersionInfo | ( | _Out_ PPH_IMAGE_VERSION_INFO | ImageVersionInfo, |
| _In_ PWSTR | FileName | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhInitializeMappedArchive | ( | _Out_ PPH_MAPPED_ARCHIVE | MappedArchive, |
| _In_ PVOID | ViewBase, | ||
| _In_ SIZE_T | Size | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhInitializeMappedImage | ( | _Out_ PPH_MAPPED_IMAGE | MappedImage, |
| _In_ PVOID | ViewBase, | ||
| _In_ SIZE_T | Size | ||
| ) |
| PHLIBAPI VOID NTAPI PhInitializeProviderThread | ( | _Out_ PPH_PROVIDER_THREAD | ProviderThread, |
| _In_ ULONG | Interval | ||
| ) |
Initializes a provider thread.
| ProviderThread | A pointer to a provider thread object. |
| Interval | The interval between each run, in milliseconds. |
Definition at line 59 of file provider.c.
| PHLIBAPI NTSTATUS NTAPI PhInjectDllProcess | ( | _In_ HANDLE | ProcessHandle, |
| _In_ PWSTR | FileName, | ||
| _In_opt_ PLARGE_INTEGER | Timeout | ||
| ) |
Causes a process to load a DLL.
| ProcessHandle | A handle to a process. The handle must have PROCESS_QUERY_LIMITED_INFORMATION, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ and PROCESS_VM_WRITE access. |
| FileName | The file name of the DLL to inject. |
| Timeout | The timeout, in milliseconds, for the process to load the DLL. |
| PHLIBAPI NTSTATUS NTAPI PhIsExecutablePacked | ( | _In_ PWSTR | FileName, |
| _Out_ PBOOLEAN | IsPacked, | ||
| _Out_opt_ PULONG | NumberOfModules, | ||
| _Out_opt_ PULONG | NumberOfFunctions | ||
| ) |
Determines if an executable image is packed.
| FileName | The file name of the image. |
| IsPacked | A variable that receives TRUE if the image is packed, otherwise FALSE. |
| NumberOfModules | A variable that receives the number of DLLs that the image imports functions from. |
| NumberOfFunctions | A variable that receives the number of functions that the image imports. |
| PHLIBAPI BOOLEAN NTAPI PhIsMappedArchiveMemberShortFormat | ( | _In_ PPH_MAPPED_ARCHIVE_MEMBER | Member | ) |
| FORCEINLINE VOID PhLargeIntegerToLocalSystemTime | ( | _Out_ PSYSTEMTIME | SystemTime, |
| _In_ PLARGE_INTEGER | LargeInteger | ||
| ) |
| FORCEINLINE VOID PhLargeIntegerToSystemTime | ( | _Out_ PSYSTEMTIME | SystemTime, |
| _In_ PLARGE_INTEGER | LargeInteger | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhListenNamedPipe | ( | _In_ HANDLE | FileHandle, |
| _In_opt_ HANDLE | Event, | ||
| _In_opt_ PIO_APC_ROUTINE | ApcRoutine, | ||
| _In_opt_ PVOID | ApcContext, | ||
| _Out_ PIO_STATUS_BLOCK | IoStatusBlock | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhLoadMappedArchive | ( | _In_opt_ PWSTR | FileName, |
| _In_opt_ HANDLE | FileHandle, | ||
| _In_ BOOLEAN | ReadOnly, | ||
| _Out_ PPH_MAPPED_ARCHIVE | MappedArchive | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhLoadMappedImage | ( | _In_opt_ PWSTR | FileName, |
| _In_opt_ HANDLE | FileHandle, | ||
| _In_ BOOLEAN | ReadOnly, | ||
| _Out_ PPH_MAPPED_IMAGE | MappedImage | ||
| ) |
| NTSTATUS NTAPI PhLoadRemoteMappedImage | ( | _In_ HANDLE | ProcessHandle, |
| _In_ PVOID | ViewBase, | ||
| _Out_ PPH_REMOTE_MAPPED_IMAGE | RemoteMappedImage | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhLockFileStream | ( | _Inout_ PPH_FILE_STREAM | FileStream, |
| _In_ PLARGE_INTEGER | Position, | ||
| _In_ PLARGE_INTEGER | Length, | ||
| _In_ BOOLEAN | Wait, | ||
| _In_ BOOLEAN | Shared | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhLookupName | ( | _In_ PPH_STRINGREF | Name, |
| _Out_opt_ PSID * | Sid, | ||
| _Out_opt_ PPH_STRING * | DomainName, | ||
| _Out_opt_ PSID_NAME_USE | NameUse | ||
| ) |
Gets information about a name.
| Name | A name to query. |
| Sid | A variable which receives a pointer to a SID. You must free the SID using PhFree() when you no longer need it. |
| DomainName | A variable which receives a pointer to a string containing the SID's domain name. You must free the string using PhDereferenceObject() when you no longer need it. |
| NameUse | A variable which receives the SID's usage. |
| PHLIBAPI BOOLEAN NTAPI PhLookupPrivilegeDisplayName | ( | _In_ PPH_STRINGREF | PrivilegeName, |
| _Out_ PPH_STRING * | PrivilegeDisplayName | ||
| ) |
Gets the display name of a privilege from its name.
| PrivilegeName | The name of a privilege. |
| PrivilegeDisplayName | A variable which receives a pointer to a string containing the privilege's display name. You must free the string using PhDereferenceObject() when you no longer need it. |
| PHLIBAPI BOOLEAN NTAPI PhLookupPrivilegeName | ( | _In_ PLUID | PrivilegeValue, |
| _Out_ PPH_STRING * | PrivilegeName | ||
| ) |
Gets the name of a privilege from its LUID.
| PrivilegeValue | The LUID of a privilege. |
| PrivilegeName | A variable which receives a pointer to a string containing the privilege name. You must free the string using PhDereferenceObject() when you no longer need it. |
| PHLIBAPI BOOLEAN NTAPI PhLookupPrivilegeValue | ( | _In_ PPH_STRINGREF | PrivilegeName, |
| _Out_ PLUID | PrivilegeValue | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhLookupSid | ( | _In_ PSID | Sid, |
| _Out_opt_ PPH_STRING * | Name, | ||
| _Out_opt_ PPH_STRING * | DomainName, | ||
| _Out_opt_ PSID_NAME_USE | NameUse | ||
| ) |
Gets information about a SID.
| Sid | A SID to query. |
| Name | A variable which receives a pointer to a string containing the SID's name. You must free the string using PhDereferenceObject() when you no longer need it. |
| DomainName | A variable which receives a pointer to a string containing the SID's domain name. You must free the string using PhDereferenceObject() when you no longer need it. |
| NameUse | A variable which receives the SID's usage. |
| PHLIBAPI VOID NTAPI PhMapFlags1 | ( | _Inout_ PULONG | Value2, |
| _In_ ULONG | Value1, | ||
| _In_ const PH_FLAG_MAPPING * | Mappings, | ||
| _In_ ULONG | NumberOfMappings | ||
| ) |
| PHLIBAPI VOID NTAPI PhMapFlags2 | ( | _Inout_ PULONG | Value1, |
| _In_ ULONG | Value2, | ||
| _In_ const PH_FLAG_MAPPING * | Mappings, | ||
| _In_ ULONG | NumberOfMappings | ||
| ) |
| PHLIBAPI PIMAGE_SECTION_HEADER NTAPI PhMappedImageRvaToSection | ( | _In_ PPH_MAPPED_IMAGE | MappedImage, |
| _In_ ULONG | Rva | ||
| ) |
| PHLIBAPI PVOID NTAPI PhMappedImageRvaToVa | ( | _In_ PPH_MAPPED_IMAGE | MappedImage, |
| _In_ ULONG | Rva, | ||
| _Out_opt_ PIMAGE_SECTION_HEADER * | Section | ||
| ) |
| FORCEINLINE RECT PhMapRect | ( | _In_ RECT | InnerRect, |
| _In_ RECT | OuterRect | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhMapViewOfEntireFile | ( | _In_opt_ PWSTR | FileName, |
| _In_opt_ HANDLE | FileHandle, | ||
| _In_ BOOLEAN | ReadOnly, | ||
| _Out_ PVOID * | ViewBase, | ||
| _Out_ PSIZE_T | Size | ||
| ) |
| PHLIBAPI BOOLEAN NTAPI PhMatchWildcards | ( | _In_ PWSTR | Pattern, |
| _In_ PWSTR | String, | ||
| _In_ BOOLEAN | IgnoreCase | ||
| ) |
| NTSTATUS NTAPI PhOpenDriverByBaseAddress | ( | _Out_ PHANDLE | DriverHandle, |
| _In_ PVOID | BaseAddress | ||
| ) |
Opens a driver object using a base address.
| DriverHandle | A variable which receives a handle to the driver object. |
| BaseAddress | The base address of the driver to open. |
| STATUS_OBJECT_NAME_NOT_FOUND | The driver could not be found. |
| PHLIBAPI NTSTATUS NTAPI PhOpenKey | ( | _Out_ PHANDLE | KeyHandle, |
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_opt_ HANDLE | RootDirectory, | ||
| _In_ PPH_STRINGREF | ObjectName, | ||
| _In_ ULONG | Attributes | ||
| ) |
Opens a registry key.
| KeyHandle | A variable which receives a handle to the key. |
| DesiredAccess | The desired access to the key. |
| RootDirectory | A handle to a root key, or one of the predefined keys. See PhCreateKey() for details. |
| ObjectName | The path to the key. |
| Attributes | Additional object flags. |
| PHLIBAPI NTSTATUS NTAPI PhOpenLsaPolicy | ( | _Out_ PLSA_HANDLE | PolicyHandle, |
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_opt_ PUNICODE_STRING | SystemName | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhOpenProcess | ( | _Out_ PHANDLE | ProcessHandle, |
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_ HANDLE | ProcessId | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhOpenProcessToken | ( | _Out_ PHANDLE | TokenHandle, |
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_ HANDLE | ProcessHandle | ||
| ) |
| PHLIBAPI SC_HANDLE NTAPI PhOpenService | ( | _In_ PWSTR | ServiceName, |
| _In_ ACCESS_MASK | DesiredAccess | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhOpenThread | ( | _Out_ PHANDLE | ThreadHandle, |
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_ HANDLE | ThreadId | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhOpenThreadProcess | ( | _Out_ PHANDLE | ProcessHandle, |
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_ HANDLE | ThreadHandle | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhOpenThreadToken | ( | _Out_ PHANDLE | TokenHandle, |
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_ HANDLE | ThreadHandle, | ||
| _In_ BOOLEAN | OpenAsSelf | ||
| ) |
Opens a thread token.
| TokenHandle | A variable which receives a handle to the token. |
| DesiredAccess | The desired access to the token. |
| ThreadHandle | A handle to a thread. |
| OpenAsSelf | TRUE to use the primary token for access checks, FALSE to use the impersonation token. |
| PHLIBAPI BOOLEAN NTAPI PhParseCommandLine | ( | _In_ PPH_STRINGREF | CommandLine, |
| _In_opt_ PPH_COMMAND_LINE_OPTION | Options, | ||
| _In_ ULONG | NumberOfOptions, | ||
| _In_ ULONG | Flags, | ||
| _In_ PPH_COMMAND_LINE_CALLBACK | Callback, | ||
| _In_opt_ PVOID | Context | ||
| ) |
Parses a command line string.
| CommandLine | The command line string. |
| Options | An array of supported command line options. |
| NumberOfOptions | The number of elements in Options. |
| Flags | A combination of flags.
|
| Callback | A callback function to execute for each command line option found. |
| Context | A user-defined value to pass to Callback. |
| PHLIBAPI BOOLEAN NTAPI PhParseCommandLineFuzzy | ( | _In_ PPH_STRINGREF | CommandLine, |
| _Out_ PPH_STRINGREF | FileName, | ||
| _Out_ PPH_STRINGREF | Arguments, | ||
| _Out_opt_ PPH_STRING * | FullFileName | ||
| ) |
Parses a command line string.
If the string does not contain quotation marks around the file name part, the function determines the file name to use.
| CommandLine | The command line string. |
| FileName | A variable which receives the part of CommandLine that contains the file name. |
| Arguments | A variable which receives the part of CommandLine that contains the arguments. |
| FullFileName | A variable which receives the full path and file name. This may be NULL if the file was not found. |
| PHLIBAPI PPH_STRING NTAPI PhParseCommandLinePart | ( | _In_ PPH_STRINGREF | CommandLine, |
| _Inout_ PULONG_PTR | Index | ||
| ) |
Parses one part of a command line string.
Quotation marks and backslashes are handled appropriately.
| CommandLine | The entire command line string. |
| Index | The starting index of the command line part to be parsed. There should be no leading whitespace at this index. The index is updated to point to the end of the command line part. |
| PHLIBAPI NTSTATUS NTAPI PhPeekNamedPipe | ( | _In_ HANDLE | FileHandle, |
| _Out_writes_bytes_opt_(Length) PVOID | Buffer, | ||
| _In_ ULONG | Length, | ||
| _Out_opt_ PULONG | NumberOfBytesRead, | ||
| _Out_opt_ PULONG | NumberOfBytesAvailable, | ||
| _Out_opt_ PULONG | NumberOfBytesLeftInMessage | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhQueryFullAttributesFileWin32 | ( | _In_ PWSTR | FileName, |
| _Out_ PFILE_NETWORK_OPEN_INFORMATION | FileInformation | ||
| ) |
| PHLIBAPI PPH_STRING NTAPI PhQueryRegistryString | ( | _In_ HANDLE | KeyHandle, |
| _In_opt_ PWSTR | ValueName | ||
| ) |
Gets a registry string value.
| KeyHandle | A handle to the key. |
| ValueName | The name of the value. |
| PKEY_VALUE_PARTIAL_INFORMATION NTAPI PhQueryRegistryValue | ( | _In_ HANDLE | KeyHandle, |
| _In_opt_ PWSTR | ValueName | ||
| ) |
Gets a registry value of any type.
| KeyHandle | A handle to the key. |
| ValueName | The name of the value. |
| PHLIBAPI PVOID NTAPI PhQueryServiceVariableSize | ( | _In_ SC_HANDLE | ServiceHandle, |
| _In_ ULONG | InfoLevel | ||
| ) |
| NTSTATUS NTAPI PhQueryTokenVariableSize | ( | _In_ HANDLE | TokenHandle, |
| _In_ TOKEN_INFORMATION_CLASS | TokenInformationClass, | ||
| _Out_ PVOID * | Buffer | ||
| ) |
Queries variable-sized information for a token.
The function allocates a buffer to contain the information.
| TokenHandle | A handle to a token. The access required depends on the information class specified. |
| TokenInformationClass | The information class to retrieve. |
| Buffer | A variable which receives a pointer to a buffer containing the information. You must free the buffer using PhFree() when you no longer need it. |
| PHLIBAPI NTSTATUS NTAPI PhReadFileStream | ( | _Inout_ PPH_FILE_STREAM | FileStream, |
| _Out_writes_bytes_(Length) PVOID | Buffer, | ||
| _In_ ULONG | Length, | ||
| _Out_opt_ PULONG | ReadLength | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhReadVirtualMemory | ( | _In_ HANDLE | ProcessHandle, |
| _In_ PVOID | BaseAddress, | ||
| _Out_writes_bytes_(BufferSize) PVOID | Buffer, | ||
| _In_ SIZE_T | BufferSize, | ||
| _Out_opt_ PSIZE_T | NumberOfBytesRead | ||
| ) |
Copies memory from another process into the current process.
| ProcessHandle | A handle to a process. The handle must have PROCESS_VM_READ access. |
| BaseAddress | The address from which memory is to be copied. |
| Buffer | A buffer which receives the copied memory. |
| BufferSize | The number of bytes to copy. |
| NumberOfBytesRead | A variable which receives the number of bytes copied to the buffer. |
| FORCEINLINE RECT PhRectangleToRect | ( | _In_ PH_RECTANGLE | Rectangle | ) |
| FORCEINLINE PH_RECTANGLE PhRectToRectangle | ( | _In_ RECT | Rect | ) |
| PHLIBAPI VOID NTAPI PhRegisterProvider | ( | _Inout_ PPH_PROVIDER_THREAD | ProviderThread, |
| _In_ PPH_PROVIDER_FUNCTION | Function, | ||
| _In_opt_ PVOID | Object, | ||
| _Out_ PPH_PROVIDER_REGISTRATION | Registration | ||
| ) |
Registers a provider with a provider thread.
| ProviderThread | A pointer to a provider thread object. |
| Function | The provider function. |
| Object | A pointer to an object to pass to the provider function. The object must be managed by the reference-counting system. |
| Registration | A variable which receives registration information for the provider. |
Definition at line 328 of file provider.c.
| PHLIBAPI PPH_STRING NTAPI PhResolveDevicePrefix | ( | _In_ PPH_STRING | Name | ) |
Resolves a NT path into a Win32 path.
| Name | A string containing the path to resolve. |
| PHLIBAPI NTSTATUS NTAPI PhResumeProcess | ( | _In_ HANDLE | ProcessHandle | ) |
| PHLIBAPI NTSTATUS NTAPI PhResumeThread | ( | _In_ HANDLE | ThreadHandle, |
| _Out_opt_ PULONG | PreviousSuspendCount | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhSeekFileStream | ( | _Inout_ PPH_FILE_STREAM | FileStream, |
| _In_ PLARGE_INTEGER | Offset, | ||
| _In_ PH_SEEK_ORIGIN | Origin | ||
| ) |
| PHLIBAPI VOID NTAPI PhSetEnabledProvider | ( | _Inout_ PPH_PROVIDER_REGISTRATION | Registration, |
| _In_ BOOLEAN | Enabled | ||
| ) |
Sets whether a provider is enabled.
| Registration | A pointer to the registration object for a provider. |
| Enabled | TRUE if the provider is enabled, otherwise FALSE. |
Definition at line 489 of file provider.c.
| PHLIBAPI VOID NTAPI PhSetFileDialogFilter | ( | _In_ PVOID | FileDialog, |
| _In_ PPH_FILETYPE_FILTER | Filters, | ||
| _In_ ULONG | NumberOfFilters | ||
| ) |
Sets the options for a file dialog.
| FileDialog | The file dialog. |
| Options | A combination of flags specifying the options.
|
| PHLIBAPI NTSTATUS NTAPI PhSetFileSize | ( | _In_ HANDLE | FileHandle, |
| _In_ PLARGE_INTEGER | Size | ||
| ) |
| PPH_GET_CLIENT_ID_NAME NTAPI PhSetHandleClientIdFunction | ( | _In_ PPH_GET_CLIENT_ID_NAME | GetClientIdName | ) |
Definition at line 115 of file hndlinfo.c.
| PHLIBAPI VOID NTAPI PhSetIntervalProviderThread | ( | _Inout_ PPH_PROVIDER_THREAD | ProviderThread, |
| _In_ ULONG | Interval | ||
| ) |
Sets the run interval for a provider thread.
| ProviderThread | A pointer to a provider thread object. |
| Interval | The interval between each run, in milliseconds. |
Definition at line 298 of file provider.c.
| PHLIBAPI NTSTATUS NTAPI PhSetObjectSecurity | ( | _In_ HANDLE | Handle, |
| _In_ SECURITY_INFORMATION | SecurityInformation, | ||
| _In_ PSECURITY_DESCRIPTOR | SecurityDescriptor | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhSetProcessDepStatus | ( | _In_ HANDLE | ProcessHandle, |
| _In_ ULONG | DepStatus | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhSetProcessDepStatusInvasive | ( | _In_ HANDLE | ProcessHandle, |
| _In_ ULONG | DepStatus, | ||
| _In_opt_ PLARGE_INTEGER | Timeout | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhSetProcessExecuteFlags | ( | _In_ HANDLE | ProcessHandle, |
| _In_ ULONG | ExecuteFlags | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhSetProcessIoPriority | ( | _In_ HANDLE | ProcessHandle, |
| _In_ ULONG | IoPriority | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhSetProcessModuleLoadCount | ( | _In_ HANDLE | ProcessHandle, |
| _In_ PVOID | BaseAddress, | ||
| _In_ ULONG | LoadCount | ||
| ) |
Sets the load count of a process module.
| ProcessHandle | A handle to a process. The handle must have PROCESS_QUERY_LIMITED_INFORMATION, PROCESS_VM_READ and PROCESS_VM_WRITE access. |
| BaseAddress | The base address of a module. |
| LoadCount | The new load count of the module. |
| STATUS_DLL_NOT_FOUND | The module was not found. |
| PHLIBAPI NTSTATUS NTAPI PhSetProcessModuleLoadCount32 | ( | _In_ HANDLE | ProcessHandle, |
| _In_ PVOID | BaseAddress, | ||
| _In_ ULONG | LoadCount | ||
| ) |
Sets the load count of a 32-bit process module.
| ProcessHandle | A handle to a process. The handle must have PROCESS_QUERY_LIMITED_INFORMATION, PROCESS_VM_READ and PROCESS_VM_WRITE access. |
| BaseAddress | The base address of a module. |
| LoadCount | The new load count of the module. |
| STATUS_DLL_NOT_FOUND | The module was not found. |
| STATUS_NOT_SUPPORTED | The process is not running under WOW64. |
| PHLIBAPI BOOLEAN NTAPI PhSetServiceDelayedAutoStart | ( | _In_ SC_HANDLE | ServiceHandle, |
| _In_ BOOLEAN | DelayedAutoStart | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhSetThreadContext | ( | _In_ HANDLE | ThreadHandle, |
| _In_ PCONTEXT | Context | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhSetThreadIoPriority | ( | _In_ HANDLE | ThreadHandle, |
| _In_ ULONG | IoPriority | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhSetTokenIsVirtualizationEnabled | ( | _In_ HANDLE | TokenHandle, |
| _In_ BOOLEAN | IsVirtualizationEnabled | ||
| ) |
| PHLIBAPI BOOLEAN NTAPI PhSetTokenPrivilege | ( | _In_ HANDLE | TokenHandle, |
| _In_opt_ PWSTR | PrivilegeName, | ||
| _In_opt_ PLUID | PrivilegeLuid, | ||
| _In_ ULONG | Attributes | ||
| ) |
Modifies a token privilege.
| TokenHandle | A handle to a token. The handle must have TOKEN_ADJUST_PRIVILEGES access. |
| PrivilegeName | The name of the privilege to modify. If this parameter is NULL, you must specify a LUID in the PrivilegeLuid parameter. |
| PrivilegeLuid | The LUID of the privilege to modify. If this parameter is NULL, you must specify a name in the PrivilegeName parameter. |
| Attributes | The new attributes of the privilege. |
| PHLIBAPI NTSTATUS NTAPI PhSetTokenSessionId | ( | _In_ HANDLE | TokenHandle, |
| _In_ ULONG | SessionId | ||
| ) |
| PHLIBAPI BOOLEAN NTAPI PhShellExecuteEx | ( | _In_opt_ HWND | hWnd, |
| _In_ PWSTR | FileName, | ||
| _In_opt_ PWSTR | Parameters, | ||
| _In_ ULONG | ShowWindowType, | ||
| _In_ ULONG | Flags, | ||
| _In_opt_ ULONG | Timeout, | ||
| _Out_opt_ PHANDLE | ProcessHandle | ||
| ) |
Opens a file or location through the shell.
| hWnd | The window to display user interface components on. |
| FileName | A file name or location. |
| Parameters | The parameters to pass to the executed application. |
| ShowWindowType | A value specifying how to show the application. |
| Flags | A combination of the following:
|
| Timeout | The number of milliseconds to wait on the application, or 0 to return immediately after the application is started. |
| ProcessHandle | A variable which receives a handle to the new process. |
| PHLIBAPI VOID NTAPI PhShellOpenKey | ( | _In_ HWND | hWnd, |
| _In_ PPH_STRING | KeyName | ||
| ) |
| PHLIBAPI BOOLEAN NTAPI PhShowConfirmMessage | ( | _In_ HWND | hWnd, |
| _In_ PWSTR | Verb, | ||
| _In_ PWSTR | Object, | ||
| _In_opt_ PWSTR | Message, | ||
| _In_ BOOLEAN | Warning | ||
| ) |
Displays a confirmation message.
| hWnd | The owner window of the message box. |
| Verb | A verb describing the operation, e.g. "terminate". |
| Object | The object of the operation, e.g. "the process". |
| Message | A message describing the operation. |
| Warning | TRUE to display the confirmation message as a warning, otherwise FALSE. |
| PHLIBAPI BOOLEAN NTAPI PhShowContinueStatus | ( | _In_ HWND | hWnd, |
| _In_opt_ PWSTR | Message, | ||
| _In_ NTSTATUS | Status, | ||
| _In_opt_ ULONG | Win32Result | ||
| ) |
Displays an error message for a NTSTATUS value or Win32 error code, and allows the user to cancel the current operation.
| hWnd | The owner window of the message box. |
| Message | A message describing the operation that failed. |
| Status | A NTSTATUS value, or 0 if there is none. |
| Win32Result | A Win32 error code, or 0 if there is none. |
| PHLIBAPI BOOLEAN NTAPI PhShowFileDialog | ( | _In_ HWND | hWnd, |
| _In_ PVOID | FileDialog | ||
| ) |
| PHLIBAPI INT NTAPI PhShowMessage | ( | _In_ HWND | hWnd, |
| _In_ ULONG | Type, | ||
| _In_ PWSTR | Format, | ||
| ... | |||
| ) |
| PHLIBAPI INT NTAPI PhShowMessage_V | ( | _In_ HWND | hWnd, |
| _In_ ULONG | Type, | ||
| _In_ PWSTR | Format, | ||
| _In_ va_list | ArgPtr | ||
| ) |
| PHLIBAPI VOID NTAPI PhShowStatus | ( | _In_ HWND | hWnd, |
| _In_opt_ PWSTR | Message, | ||
| _In_ NTSTATUS | Status, | ||
| _In_opt_ ULONG | Win32Result | ||
| ) |
Displays an error message for a NTSTATUS value or Win32 error code.
| hWnd | The owner window of the message box. |
| Message | A message describing the operation that failed. |
| Status | A NTSTATUS value, or 0 if there is none. |
| Win32Result | A Win32 error code, or 0 if there is none. |
| PHLIBAPI PPH_STRING NTAPI PhSidToStringSid | ( | _In_ PSID | Sid | ) |
Gets a SDDL string representation of a SID.
| Sid | A SID to query. |
| PHLIBAPI VOID NTAPI PhStartProviderThread | ( | _Inout_ PPH_PROVIDER_THREAD | ProviderThread | ) |
Starts a provider thread.
| ProviderThread | A pointer to a provider thread object. |
Definition at line 244 of file provider.c.
| PHLIBAPI _Callback_ PPH_STRING NTAPI PhStdGetClientIdName | ( | _In_ PCLIENT_ID | ClientId | ) |
Definition at line 487 of file hndlinfo.c.
| PHLIBAPI VOID NTAPI PhStopProviderThread | ( | _Inout_ PPH_PROVIDER_THREAD | ProviderThread | ) |
Stops a provider thread.
| ProviderThread | A pointer to a provider thread object. |
Definition at line 270 of file provider.c.
| PHLIBAPI NTSTATUS NTAPI PhSuspendProcess | ( | _In_ HANDLE | ProcessHandle | ) |
| PHLIBAPI NTSTATUS NTAPI PhSuspendThread | ( | _In_ HANDLE | ThreadHandle, |
| _Out_opt_ PULONG | PreviousSuspendCount | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhTerminateProcess | ( | _In_ HANDLE | ProcessHandle, |
| _In_ NTSTATUS | ExitStatus | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhTerminateThread | ( | _In_ HANDLE | ThreadHandle, |
| _In_ NTSTATUS | ExitStatus | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhTransceiveNamedPipe | ( | _In_ HANDLE | FileHandle, |
| _In_opt_ HANDLE | Event, | ||
| _In_opt_ PIO_APC_ROUTINE | ApcRoutine, | ||
| _In_opt_ PVOID | ApcContext, | ||
| _Out_ PIO_STATUS_BLOCK | IoStatusBlock, | ||
| _In_reads_bytes_(InputBufferLength) PVOID | InputBuffer, | ||
| _In_ ULONG | InputBufferLength, | ||
| _Out_writes_bytes_(OutputBufferLength) PVOID | OutputBuffer, | ||
| _In_ ULONG | OutputBufferLength | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhUnloadDllProcess | ( | _In_ HANDLE | ProcessHandle, |
| _In_ PVOID | BaseAddress, | ||
| _In_opt_ PLARGE_INTEGER | Timeout | ||
| ) |
Causes a process to unload a DLL.
| ProcessHandle | A handle to a process. The handle must have PROCESS_QUERY_LIMITED_INFORMATION, PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ and PROCESS_VM_WRITE access. |
| BaseAddress | The base address of the DLL to unload. |
| Timeout | The timeout, in milliseconds, for the process to unload the DLL. |
| PHLIBAPI NTSTATUS NTAPI PhUnloadDriver | ( | _In_opt_ PVOID | BaseAddress, |
| _In_opt_ PWSTR | Name | ||
| ) |
Unloads a driver.
| BaseAddress | The base address of the driver. This parameter can be NULL if a value is specified in Name. |
| Name | The base name of the driver. This parameter can be NULL if a value is specified in BaseAddress and KProcessHacker is loaded. |
| STATUS_INVALID_PARAMETER_MIX | Both BaseAddress and Name were null, or Name was not specified and KProcessHacker is not loaded. |
| STATUS_OBJECT_NAME_NOT_FOUND | The driver could not be found. |
| PHLIBAPI NTSTATUS NTAPI PhUnloadMappedArchive | ( | _Inout_ PPH_MAPPED_ARCHIVE | MappedArchive | ) |
| PHLIBAPI NTSTATUS NTAPI PhUnloadMappedImage | ( | _Inout_ PPH_MAPPED_IMAGE | MappedImage | ) |
| NTSTATUS NTAPI PhUnloadRemoteMappedImage | ( | _Inout_ PPH_REMOTE_MAPPED_IMAGE | RemoteMappedImage | ) |
| PHLIBAPI NTSTATUS NTAPI PhUnlockFileStream | ( | _Inout_ PPH_FILE_STREAM | FileStream, |
| _In_ PLARGE_INTEGER | Position, | ||
| _In_ PLARGE_INTEGER | Length | ||
| ) |
| PHLIBAPI VOID NTAPI PhUnregisterProvider | ( | _Inout_ PPH_PROVIDER_REGISTRATION | Registration | ) |
Unregisters a provider.
| Registration | A pointer to the registration object for a provider. |
Definition at line 360 of file provider.c.
| PHLIBAPI VOID NTAPI PhUpdateHash | ( | _Inout_ PPH_HASH_CONTEXT | Context, |
| _In_reads_bytes_(Length) PVOID | Buffer, | ||
| _In_ ULONG | Length | ||
| ) |
| PHLIBAPI VOID NTAPI PhVerifyFileStream | ( | _In_ PPH_FILE_STREAM | FileStream | ) |
| PHLIBAPI NTSTATUS NTAPI PhWaitForMultipleObjectsAndPump | ( | _In_opt_ HWND | hWnd, |
| _In_ ULONG | NumberOfHandles, | ||
| _In_ PHANDLE | Handles, | ||
| _In_ ULONG | Timeout | ||
| ) |
Waits on multiple objects while processing window messages.
| hWnd | The window to process messages for, or NULL to process all messages for the current thread. |
| NumberOfHandles | The number of handles specified in Handles. This must not be greater than MAXIMUM_WAIT_OBJECTS - 1. |
| Handles | An array of handles. |
| Timeout | The number of milliseconds to wait on the objects, or INFINITE for no timeout. |
| PHLIBAPI NTSTATUS NTAPI PhWaitForNamedPipe | ( | _In_opt_ PUNICODE_STRING | FileSystemName, |
| _In_ PUNICODE_STRING | Name, | ||
| _In_opt_ PLARGE_INTEGER | Timeout, | ||
| _In_ BOOLEAN | UseDefaultTimeout | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhWriteFileStream | ( | _Inout_ PPH_FILE_STREAM | FileStream, |
| _In_reads_bytes_(Length) PVOID | Buffer, | ||
| _In_ ULONG | Length | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhWriteStringAsUtf8FileStream | ( | _Inout_ PPH_FILE_STREAM | FileStream, |
| _In_ PPH_STRINGREF | String | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhWriteStringAsUtf8FileStream2 | ( | _Inout_ PPH_FILE_STREAM | FileStream, |
| _In_ PWSTR | String | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhWriteStringAsUtf8FileStreamEx | ( | _Inout_ PPH_FILE_STREAM | FileStream, |
| _In_ PWSTR | Buffer, | ||
| _In_ SIZE_T | Length | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhWriteStringFormatAsUtf8FileStream | ( | _Inout_ PPH_FILE_STREAM | FileStream, |
| _In_ _Printf_format_string_ PWSTR | Format, | ||
| ... | |||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhWriteStringFormatAsUtf8FileStream_V | ( | _Inout_ PPH_FILE_STREAM | FileStream, |
| _In_ _Printf_format_string_ PWSTR | Format, | ||
| _In_ va_list | ArgPtr | ||
| ) |
| PHLIBAPI NTSTATUS NTAPI PhWriteVirtualMemory | ( | _In_ HANDLE | ProcessHandle, |
| _In_ PVOID | BaseAddress, | ||
| _In_reads_bytes_(BufferSize) PVOID | Buffer, | ||
| _In_ SIZE_T | BufferSize, | ||
| _Out_opt_ PSIZE_T | NumberOfBytesWritten | ||
| ) |
Copies memory from the current process into another process.
| ProcessHandle | A handle to a process. The handle must have PROCESS_VM_WRITE access. |
| BaseAddress | The address to which memory is to be copied. |
| Buffer | A buffer which contains the memory to copy. |
| BufferSize | The number of bytes to copy. |
| NumberOfBytesWritten | A variable which receives the number of bytes copied from the buffer. |
| PPH_OBJECT_TYPE PhFileStreamType |
1.8.2