17 #define SYSTEM_IDLE_PROCESS_ID ((HANDLE)0)
19 #define SYSTEM_PROCESS_ID ((HANDLE)4)
21 #define SYSTEM_IDLE_PROCESS_NAME (L"System Idle Process")
27 _In_ ACCESS_MASK DesiredAccess,
28 _In_opt_ PVOID Context
32 _Out_ PSECURITY_DESCRIPTOR *SecurityDescriptor,
33 _In_ SECURITY_INFORMATION SecurityInformation,
34 _In_opt_ PVOID Context
38 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
39 _In_ SECURITY_INFORMATION SecurityInformation,
40 _In_opt_ PVOID Context
47 _Out_ PHANDLE ProcessHandle,
48 _In_ ACCESS_MASK DesiredAccess,
56 _Out_ PHANDLE ThreadHandle,
57 _In_ ACCESS_MASK DesiredAccess,
65 _Out_ PHANDLE ProcessHandle,
66 _In_ ACCESS_MASK DesiredAccess,
67 _In_ HANDLE ThreadHandle
74 _Out_ PHANDLE TokenHandle,
75 _In_ ACCESS_MASK DesiredAccess,
76 _In_ HANDLE ProcessHandle
83 _Out_ PHANDLE TokenHandle,
84 _In_ ACCESS_MASK DesiredAccess,
85 _In_ HANDLE ThreadHandle,
86 _In_ BOOLEAN OpenAsSelf
94 _In_ SECURITY_INFORMATION SecurityInformation,
95 _Out_ PSECURITY_DESCRIPTOR *SecurityDescriptor
103 _In_ SECURITY_INFORMATION SecurityInformation,
104 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor
111 _In_ HANDLE ProcessHandle,
112 _In_ NTSTATUS ExitStatus
119 _In_ HANDLE ProcessHandle
126 _In_ HANDLE ProcessHandle
133 _In_ HANDLE ThreadHandle,
134 _In_ NTSTATUS ExitStatus
141 _In_ HANDLE ThreadHandle,
142 _Out_opt_ PULONG PreviousSuspendCount
149 _In_ HANDLE ThreadHandle,
150 _Out_opt_ PULONG PreviousSuspendCount
157 _In_ HANDLE ThreadHandle,
158 _Inout_ PCONTEXT Context
165 _In_ HANDLE ThreadHandle,
166 _In_ PCONTEXT Context
173 _In_ HANDLE ProcessHandle,
174 _In_ PVOID BaseAddress,
175 _Out_writes_bytes_(BufferSize) PVOID Buffer,
176 _In_ SIZE_T BufferSize,
177 _Out_opt_ PSIZE_T NumberOfBytesRead
184 _In_ HANDLE ProcessHandle,
185 _In_ PVOID BaseAddress,
186 _In_reads_bytes_(BufferSize) PVOID Buffer,
187 _In_ SIZE_T BufferSize,
188 _Out_opt_ PSIZE_T NumberOfBytesWritten
195 _In_ HANDLE ProcessHandle,
203 _In_ HANDLE ProcessHandle,
227 _In_ HANDLE ProcessHandle,
236 _In_ HANDLE ProcessHandle,
244 _In_ HANDLE ProcessHandle,
245 _Out_ PULONG WindowFlags,
253 _In_ HANDLE ProcessHandle,
254 _Out_ PBOOLEAN IsPosix
261 _In_ HANDLE ProcessHandle,
262 _Out_ PULONG ExecuteFlags
265 #define PH_PROCESS_DEP_ENABLED 0x1
266 #define PH_PROCESS_DEP_ATL_THUNK_EMULATION_DISABLED 0x2
267 #define PH_PROCESS_DEP_PERMANENT 0x4
273 _In_ HANDLE ProcessHandle,
274 _Out_ PULONG DepStatus
281 _In_ HANDLE ProcessHandle,
285 #define PH_GET_PROCESS_ENVIRONMENT_WOW64 0x1 // retrieve the WOW64 environment
291 _In_ HANDLE ProcessHandle,
293 _Out_ PVOID *Environment,
294 _Out_ PULONG EnvironmentLength
307 _In_ PVOID Environment,
308 _In_ ULONG EnvironmentLength,
309 _Inout_ PULONG EnumerationKey,
310 _Out_ PPH_ENVIRONMENT_VARIABLE Variable
317 _In_ HANDLE ProcessHandle,
318 _In_ PVOID BaseAddress,
326 _In_ HANDLE ProcessHandle,
342 _In_ HANDLE ProcessHandle,
343 _Out_ PPH_PROCESS_WS_COUNTERS WsCounters
350 _In_ HANDLE ProcessHandle,
351 _In_ ULONG IoPriority
358 _In_ HANDLE ProcessHandle,
359 _In_ ULONG ExecuteFlags
366 _In_ HANDLE ProcessHandle,
374 _In_ HANDLE ProcessHandle,
375 _In_ ULONG DepStatus,
376 _In_opt_ PLARGE_INTEGER Timeout
383 _In_ HANDLE ProcessHandle,
385 _In_opt_ PLARGE_INTEGER Timeout
392 _In_ HANDLE ProcessHandle,
393 _In_ PVOID BaseAddress,
394 _In_opt_ PLARGE_INTEGER Timeout
401 _In_ HANDLE ThreadHandle,
402 _In_ ULONG IoPriority
409 _In_ HANDLE JobHandle,
410 _Out_ PJOBOBJECT_BASIC_PROCESS_ID_LIST *ProcessIdList
416 _In_ HANDLE TokenHandle,
417 _In_ TOKEN_INFORMATION_CLASS TokenInformationClass,
425 _In_ HANDLE TokenHandle,
426 _Out_ PTOKEN_USER *User
433 _In_ HANDLE TokenHandle,
434 _Out_ PTOKEN_OWNER *Owner
441 _In_ HANDLE TokenHandle,
442 _Out_ PTOKEN_PRIMARY_GROUP *PrimaryGroup
449 _In_ HANDLE TokenHandle,
450 _Out_ PTOKEN_GROUPS *Groups
457 _In_ HANDLE TokenHandle,
458 _Out_ PTOKEN_PRIVILEGES *Privileges
465 _In_ HANDLE TokenHandle,
473 _In_ HANDLE TokenHandle,
474 _In_opt_ PWSTR PrivilegeName,
475 _In_opt_ PLUID PrivilegeLuid,
476 _In_ ULONG Attributes
483 _In_ HANDLE TokenHandle,
485 _In_ ULONG Attributes
492 _In_ HANDLE TokenHandle,
493 _In_ BOOLEAN IsVirtualizationEnabled
500 _In_ HANDLE TokenHandle,
501 _Out_opt_ PMANDATORY_LEVEL IntegrityLevel,
502 _Out_opt_ PWSTR *IntegrityString
509 _In_ HANDLE FileHandle,
510 _Out_ PLARGE_INTEGER
Size
517 _In_ HANDLE FileHandle,
518 _In_ PLARGE_INTEGER
Size
525 _In_ HANDLE TransactionManagerHandle,
526 _Out_ PTRANSACTIONMANAGER_BASIC_INFORMATION BasicInformation
533 _In_ HANDLE TransactionManagerHandle,
541 _In_ HANDLE TransactionHandle,
542 _Out_ PTRANSACTION_BASIC_INFORMATION BasicInformation
549 _In_ HANDLE TransactionHandle,
550 _Out_opt_ PLARGE_INTEGER Timeout,
551 _Out_opt_ TRANSACTION_OUTCOME *Outcome,
559 _In_ HANDLE ResourceManagerHandle,
560 _Out_opt_
PGUID Guid,
568 _In_ HANDLE EnlistmentHandle,
569 _Out_ PENLISTMENT_BASIC_INFORMATION BasicInformation
575 _Out_ PHANDLE DriverHandle,
576 _In_ PVOID BaseAddress
582 _In_ HANDLE DriverHandle,
589 _In_ HANDLE DriverHandle,
597 _In_opt_ PVOID BaseAddress,
605 _In_ HANDLE SourceProcessHandle,
606 _In_ HANDLE SourceHandle,
607 _In_opt_ HANDLE TargetProcessHandle,
608 _Out_opt_ PHANDLE TargetHandle,
609 _In_ ACCESS_MASK DesiredAccess,
610 _In_ ULONG HandleAttributes,
614 #define PH_ENUM_PROCESS_MODULES_LIMIT 0x800
629 _In_ PLDR_DATA_TABLE_ENTRY Module,
630 _In_opt_ PVOID Context
633 #define PH_ENUM_PROCESS_MODULES_DONT_RESOLVE_WOW64_FS 0x1
634 #define PH_ENUM_PROCESS_MODULES_TRY_MAPPED_FILE_NAME 0x2
647 _In_ HANDLE ProcessHandle,
649 _In_opt_ PVOID Context
656 _In_ HANDLE ProcessHandle,
657 _In_ PPH_ENUM_PROCESS_MODULES_PARAMETERS Parameters
664 _In_ HANDLE ProcessHandle,
665 _In_ PVOID BaseAddress,
673 _In_ HANDLE ProcessHandle,
675 _In_opt_ PVOID Context
682 _In_ HANDLE ProcessHandle,
683 _In_ PPH_ENUM_PROCESS_MODULES_PARAMETERS Parameters
690 _In_ HANDLE ProcessHandle,
691 _In_ PVOID BaseAddress,
699 _In_ HANDLE ProcessHandle,
701 _In_opt_ PSTR ProcedureName,
702 _In_opt_ ULONG ProcedureNumber,
703 _Out_ PVOID *ProcedureAddress,
704 _Out_opt_ PVOID *DllBase
734 #define PH_FIRST_PROCESS(Processes) ((PSYSTEM_PROCESS_INFORMATION)(Processes))
746 #define PH_NEXT_PROCESS(Process) ( \
747 ((PSYSTEM_PROCESS_INFORMATION)(Process))->NextEntryOffset ? \
748 (PSYSTEM_PROCESS_INFORMATION)((PCHAR)(Process) + \
749 ((PSYSTEM_PROCESS_INFORMATION)(Process))->NextEntryOffset) : \
757 _Out_ PVOID *Processes
764 _Out_ PVOID *Processes,
772 _Out_ PVOID *Processes,
780 _In_ PVOID Processes,
788 _In_ PVOID Processes,
806 #define PH_FIRST_PAGEFILE(Pagefiles) ( \
809 ((PSYSTEM_PAGEFILE_INFORMATION)(Pagefiles))->TotalSize ? \
810 (PSYSTEM_PAGEFILE_INFORMATION)(Pagefiles) : \
813 #define PH_NEXT_PAGEFILE(Pagefile) ( \
814 ((PSYSTEM_PAGEFILE_INFORMATION)(Pagefile))->NextEntryOffset ? \
815 (PSYSTEM_PAGEFILE_INFORMATION)((PCHAR)(Pagefile) + \
816 ((PSYSTEM_PAGEFILE_INFORMATION)(Pagefile))->NextEntryOffset) : \
824 _Out_ PVOID *Pagefiles
840 _Out_ PBOOLEAN IsDotNet
843 #define PH_CLR_USE_SECTION_CHECK 0x1
844 #define PH_CLR_NO_WOW64_CHECK 0x2
845 #define PH_CLR_KNOWN_IS_WOW64 0x4
847 #define PH_CLR_VERSION_1_0 0x1
848 #define PH_CLR_VERSION_1_1 0x2
849 #define PH_CLR_VERSION_2_0 0x4
850 #define PH_CLR_VERSION_4_ABOVE 0x8
851 #define PH_CLR_VERSION_MASK 0xf
852 #define PH_CLR_MSCORLIB_PRESENT 0x10000
853 #define PH_CLR_PROCESS_IS_WOW64 0x100000
860 _In_opt_ HANDLE ProcessHandle,
862 _Out_opt_ PBOOLEAN IsDotNet,
863 _Out_opt_ PULONG Flags
881 _In_opt_ PVOID Context
888 _In_ HANDLE DirectoryHandle,
890 _In_opt_ PVOID Context
895 _In_opt_ PVOID Context
902 _In_ HANDLE FileHandle,
905 _In_opt_ PVOID Context
908 #define PH_FIRST_STREAM(Streams) ((PFILE_STREAM_INFORMATION)(Streams))
909 #define PH_NEXT_STREAM(Stream) ( \
910 ((PFILE_STREAM_INFORMATION)(Stream))->NextEntryOffset ? \
911 (PFILE_STREAM_INFORMATION)((PCHAR)(Stream) + \
912 ((PFILE_STREAM_INFORMATION)(Stream))->NextEntryOffset) : \
920 _In_ HANDLE FileHandle,
958 #define PH_MODULE_TYPE_MODULE 1
959 #define PH_MODULE_TYPE_MAPPED_FILE 2
960 #define PH_MODULE_TYPE_WOW64_MODULE 3
961 #define PH_MODULE_TYPE_KERNEL_MODULE 4
962 #define PH_MODULE_TYPE_MAPPED_IMAGE 5
994 _In_ PPH_MODULE_INFO Module,
995 _In_opt_ PVOID Context
998 #define PH_ENUM_GENERIC_MAPPED_FILES 0x1
999 #define PH_ENUM_GENERIC_MAPPED_IMAGES 0x2
1006 _In_opt_ HANDLE ProcessHandle,
1009 _In_opt_ PVOID Context
1012 #define PH_KEY_PREDEFINE(Number) ((HANDLE)(LONG_PTR)(-3 - (Number) * 2))
1013 #define PH_KEY_IS_PREDEFINED(Predefine) (((LONG_PTR)(Predefine) < 0) && ((LONG_PTR)(Predefine) & 0x1))
1014 #define PH_KEY_PREDEFINE_TO_NUMBER(Predefine) (ULONG)(((-(LONG_PTR)(Predefine) - 3) >> 1))
1016 #define PH_KEY_LOCAL_MACHINE PH_KEY_PREDEFINE(0) // \Registry\Machine
1017 #define PH_KEY_USERS PH_KEY_PREDEFINE(1) // \Registry\User
1018 #define PH_KEY_CLASSES_ROOT PH_KEY_PREDEFINE(2) // \Registry\Machine\Software\Classes
1019 #define PH_KEY_CURRENT_USER PH_KEY_PREDEFINE(3) // \Registry\User\<SID>
1020 #define PH_KEY_CURRENT_USER_NUMBER 3
1021 #define PH_KEY_MAXIMUM_PREDEFINE 4
1027 _Out_ PHANDLE KeyHandle,
1028 _In_ ACCESS_MASK DesiredAccess,
1029 _In_opt_ HANDLE RootDirectory,
1031 _In_ ULONG Attributes,
1032 _In_ ULONG CreateOptions,
1033 _Out_opt_ PULONG Disposition
1040 _Out_ PHANDLE KeyHandle,
1041 _In_ ACCESS_MASK DesiredAccess,
1042 _In_opt_ HANDLE RootDirectory,
1044 _In_ ULONG Attributes
1053 _Out_ PLSA_HANDLE PolicyHandle,
1054 _In_ ACCESS_MASK DesiredAccess,
1068 _In_ PLUID PrivilegeValue,
1085 _Out_ PLUID PrivilegeValue
1095 _Out_opt_ PSID_NAME_USE NameUse
1103 _Out_opt_ PSID *Sid,
1105 _Out_opt_ PSID_NAME_USE NameUse
1113 _In_ BOOLEAN IncludeDomain,
1114 _Out_opt_ PSID_NAME_USE NameUse
1126 #define MAX_OBJECT_TYPE_NUMBER 257
1148 _In_ HANDLE SectionHandle,
1163 _In_ HANDLE ProcessHandle,
1165 _In_ ULONG ObjectTypeNumber,
1176 _In_ HANDLE ProcessHandle,
1178 _In_ ULONG ObjectTypeNumber,
1179 _Reserved_ ULONG Flags,
1185 _Reserved_ PVOID *ExtraInformation
1188 #define PH_FIRST_OBJECT_TYPE(ObjectTypes) \
1189 (POBJECT_TYPE_INFORMATION)((PCHAR)(ObjectTypes) + ALIGN_UP(sizeof(OBJECT_TYPES_INFORMATION), ULONG_PTR))
1191 #define PH_NEXT_OBJECT_TYPE(ObjectType) \
1192 (POBJECT_TYPE_INFORMATION)((PCHAR)(ObjectType) + sizeof(OBJECT_TYPE_INFORMATION) + \
1193 ALIGN_UP(ObjectType->TypeName.MaximumLength, ULONG_PTR))
1212 _In_opt_ PVOID Context,
1213 _In_opt_ PLARGE_INTEGER AcquireTimeout,
1214 _In_ PLARGE_INTEGER CallTimeout
1221 _In_ OBJECT_INFORMATION_CLASS ObjectInformationClass,
1222 _Out_writes_bytes_opt_(ObjectInformationLength) PVOID ObjectInformation,
1223 _In_ ULONG ObjectInformationLength,
1224 _Out_opt_ PULONG ReturnLength
1231 _In_ SECURITY_INFORMATION SecurityInformation,
1232 _Out_writes_bytes_opt_(Length) PSECURITY_DESCRIPTOR SecurityDescriptor,
1234 _Out_ PULONG LengthNeeded
1241 _In_ SECURITY_INFORMATION SecurityInformation,
1242 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor
1248 _In_ HANDLE SourceProcessHandle,
1249 _In_ HANDLE SourceHandle,
1250 _In_opt_ HANDLE TargetProcessHandle,
1251 _Out_opt_ PHANDLE TargetHandle,
1252 _In_ ACCESS_MASK DesiredAccess,
1253 _In_ ULONG HandleAttributes,
1274 _Out_ PPH_MAPPED_IMAGE MappedImage,
1275 _In_ PVOID ViewBase,
1283 _In_opt_ PWSTR FileName,
1284 _In_opt_ HANDLE FileHandle,
1285 _In_ BOOLEAN ReadOnly,
1286 _Out_ PPH_MAPPED_IMAGE MappedImage
1293 _Inout_ PPH_MAPPED_IMAGE MappedImage
1300 _In_opt_ PWSTR FileName,
1301 _In_opt_ HANDLE FileHandle,
1302 _In_ BOOLEAN ReadOnly,
1303 _Out_ PVOID *ViewBase,
1308 PIMAGE_SECTION_HEADER
1311 _In_ PPH_MAPPED_IMAGE MappedImage,
1319 _In_ PPH_MAPPED_IMAGE MappedImage,
1321 _Out_opt_ PIMAGE_SECTION_HEADER *Section
1328 _In_ PIMAGE_SECTION_HEADER Section,
1329 _Out_writes_opt_z_(Count) PSTR Buffer,
1331 _Out_opt_ PULONG ReturnCount
1338 _In_ PPH_MAPPED_IMAGE MappedImage,
1340 _Out_ PIMAGE_DATA_DIRECTORY *Entry
1347 _In_ PPH_MAPPED_IMAGE MappedImage,
1348 _Out_ PIMAGE_LOAD_CONFIG_DIRECTORY32 *LoadConfig
1355 _In_ PPH_MAPPED_IMAGE MappedImage,
1356 _Out_ PIMAGE_LOAD_CONFIG_DIRECTORY64 *LoadConfig
1372 _In_ HANDLE ProcessHandle,
1373 _In_ PVOID ViewBase,
1374 _Out_ PPH_REMOTE_MAPPED_IMAGE RemoteMappedImage
1380 _Inout_ PPH_REMOTE_MAPPED_IMAGE RemoteMappedImage
1411 _Out_ PPH_MAPPED_IMAGE_EXPORTS Exports,
1412 _In_ PPH_MAPPED_IMAGE MappedImage
1419 _In_ PPH_MAPPED_IMAGE_EXPORTS Exports,
1421 _Out_ PPH_MAPPED_IMAGE_EXPORT_ENTRY Entry
1428 _In_ PPH_MAPPED_IMAGE_EXPORTS Exports,
1430 _In_opt_ USHORT Ordinal,
1431 _Out_ PPH_MAPPED_IMAGE_EXPORT_FUNCTION Function
1438 _In_ PPH_MAPPED_IMAGE_EXPORTS Exports,
1440 _In_opt_ USHORT Ordinal,
1441 _In_ PVOID RemoteBase,
1442 _Out_ PVOID *Function
1445 #define PH_MAPPED_IMAGE_DELAY_IMPORTS 0x1
1489 _Out_ PPH_MAPPED_IMAGE_IMPORTS Imports,
1490 _In_ PPH_MAPPED_IMAGE MappedImage
1497 _In_ PPH_MAPPED_IMAGE_IMPORTS Imports,
1499 _Out_ PPH_MAPPED_IMAGE_IMPORT_DLL ImportDll
1506 _In_ PPH_MAPPED_IMAGE_IMPORT_DLL ImportDll,
1508 _Out_ PPH_MAPPED_IMAGE_IMPORT_ENTRY Entry
1515 _Out_ PPH_MAPPED_IMAGE_IMPORTS Imports,
1516 _In_ PPH_MAPPED_IMAGE MappedImage
1523 _In_reads_(Count) PUSHORT Buffer,
1531 _In_ PPH_MAPPED_IMAGE MappedImage
1554 PIMAGE_ARCHIVE_MEMBER_HEADER
Header;
1590 _Out_ PPH_MAPPED_ARCHIVE MappedArchive,
1591 _In_ PVOID ViewBase,
1599 _In_opt_ PWSTR FileName,
1600 _In_opt_ HANDLE FileHandle,
1601 _In_ BOOLEAN ReadOnly,
1602 _Out_ PPH_MAPPED_ARCHIVE MappedArchive
1609 _Inout_ PPH_MAPPED_ARCHIVE MappedArchive
1616 _In_ PPH_MAPPED_ARCHIVE_MEMBER Member,
1617 _Out_ PPH_MAPPED_ARCHIVE_MEMBER NextMember
1624 _In_ PPH_MAPPED_ARCHIVE_MEMBER Member
1631 _In_ PPH_MAPPED_ARCHIVE_MEMBER Member,
1632 _Out_ PPH_MAPPED_ARCHIVE_IMPORT_ENTRY Entry
1649 _Out_ PHANDLE FileHandle,
1650 _In_ PWSTR FileName,
1651 _In_ ACCESS_MASK DesiredAccess,
1652 _In_opt_ ULONG FileAttributes,
1653 _In_ ULONG ShareAccess,
1654 _In_ ULONG CreateDisposition,
1655 _In_ ULONG CreateOptions
1662 _Out_ PHANDLE FileHandle,
1663 _In_ PWSTR FileName,
1664 _In_ ACCESS_MASK DesiredAccess,
1665 _In_opt_ ULONG FileAttributes,
1666 _In_ ULONG ShareAccess,
1667 _In_ ULONG CreateDisposition,
1668 _In_ ULONG CreateOptions,
1669 _Out_opt_ PULONG CreateStatus
1676 _In_ PWSTR FileName,
1691 _In_ HANDLE FileHandle,
1692 _In_opt_ HANDLE Event,
1694 _In_opt_ PVOID ApcContext,
1702 _In_ HANDLE FileHandle
1709 _In_ HANDLE FileHandle,
1710 _Out_writes_bytes_opt_(Length) PVOID Buffer,
1712 _Out_opt_ PULONG NumberOfBytesRead,
1713 _Out_opt_ PULONG NumberOfBytesAvailable,
1714 _Out_opt_ PULONG NumberOfBytesLeftInMessage
1721 _In_ HANDLE FileHandle,
1722 _In_opt_ HANDLE Event,
1724 _In_opt_ PVOID ApcContext,
1726 _In_reads_bytes_(InputBufferLength) PVOID InputBuffer,
1727 _In_ ULONG InputBufferLength,
1728 _Out_writes_bytes_(OutputBufferLength) PVOID OutputBuffer,
1729 _In_ ULONG OutputBufferLength
1738 _In_opt_ PLARGE_INTEGER Timeout,
1739 _In_ BOOLEAN UseDefaultTimeout
1746 _In_ HANDLE FileHandle
1752 #define PH_FILE_STREAM_HANDLE_UNOWNED 0x1
1755 #define PH_FILE_STREAM_UNBUFFERED 0x2
1759 #define PH_FILE_STREAM_ASYNCHRONOUS 0x4
1762 #define PH_FILE_STREAM_OWN_POSITION 0x8
1765 #define PH_FILE_STREAM_APPEND 0x00010000
1769 #define PH_FILE_STREAM_WRITTEN 0x80000000
1797 _Out_ PPH_FILE_STREAM *FileStream,
1798 _In_ PWSTR FileName,
1799 _In_ ACCESS_MASK DesiredAccess,
1800 _In_ ULONG ShareMode,
1801 _In_ ULONG CreateDisposition,
1809 _Out_ PPH_FILE_STREAM *FileStream,
1810 _In_ HANDLE FileHandle,
1812 _In_ ULONG BufferLength
1819 _In_ PPH_FILE_STREAM FileStream
1826 _Inout_ PPH_FILE_STREAM FileStream,
1827 _Out_writes_bytes_(Length) PVOID Buffer,
1829 _Out_opt_ PULONG ReadLength
1836 _Inout_ PPH_FILE_STREAM FileStream,
1837 _In_reads_bytes_(Length) PVOID Buffer,
1845 _Inout_ PPH_FILE_STREAM FileStream,
1853 _In_ PPH_FILE_STREAM FileStream,
1854 _Out_ PLARGE_INTEGER Position
1861 _Inout_ PPH_FILE_STREAM FileStream,
1862 _In_ PLARGE_INTEGER Offset,
1870 _Inout_ PPH_FILE_STREAM FileStream,
1871 _In_ PLARGE_INTEGER Position,
1872 _In_ PLARGE_INTEGER Length,
1881 _Inout_ PPH_FILE_STREAM FileStream,
1882 _In_ PLARGE_INTEGER Position,
1883 _In_ PLARGE_INTEGER Length
1890 _Inout_ PPH_FILE_STREAM FileStream,
1898 _Inout_ PPH_FILE_STREAM FileStream,
1906 _Inout_ PPH_FILE_STREAM FileStream,
1915 _Inout_ PPH_FILE_STREAM FileStream,
1916 _In_ _Printf_format_string_ PWSTR Format,
1924 _Inout_ PPH_FILE_STREAM FileStream,
1925 _In_ _Printf_format_string_ PWSTR Format,
1978 _Out_ PPH_PROVIDER_THREAD ProviderThread,
1986 _Inout_ PPH_PROVIDER_THREAD ProviderThread
1993 _Inout_ PPH_PROVIDER_THREAD ProviderThread
2000 _Inout_ PPH_PROVIDER_THREAD ProviderThread
2007 _Inout_ PPH_PROVIDER_THREAD ProviderThread,
2015 _Inout_ PPH_PROVIDER_THREAD ProviderThread,
2017 _In_opt_ PVOID Object,
2018 _Out_ PPH_PROVIDER_REGISTRATION Registration
2025 _Inout_ PPH_PROVIDER_REGISTRATION Registration
2032 _Inout_ PPH_PROVIDER_REGISTRATION Registration,
2033 _Out_opt_ PULONG FutureRunId
2040 _In_ PPH_PROVIDER_REGISTRATION Registration
2047 _In_ PPH_PROVIDER_REGISTRATION Registration
2054 _Inout_ PPH_PROVIDER_REGISTRATION Registration,
2055 _In_ BOOLEAN Enabled
2068 _In_ SC_HANDLE ScManagerHandle,
2069 _In_opt_ ULONG Type,
2070 _In_opt_ ULONG State,
2079 _In_ ACCESS_MASK DesiredAccess
2086 _In_ SC_HANDLE ServiceHandle
2093 _In_ SC_HANDLE ServiceHandle,
2094 _In_ ULONG InfoLevel
2101 _In_ SC_HANDLE ServiceHandle
2108 _In_ SC_HANDLE ServiceHandle,
2109 _Out_ PBOOLEAN DelayedAutoStart
2116 _In_ SC_HANDLE ServiceHandle,
2117 _In_ BOOLEAN DelayedAutoStart
2124 _In_ ULONG ServiceState
2131 _In_ ULONG ServiceType
2138 _In_ PWSTR ServiceType
2145 _In_ ULONG ServiceStartType
2152 _In_ PWSTR ServiceStartType
2159 _In_ ULONG ServiceErrorControl
2166 _In_ PWSTR ServiceErrorControl
2174 _In_ PVOID ServiceTag
2181 _In_ HANDLE ThreadHandle,
2182 _In_opt_ HANDLE ProcessHandle,
2183 _Out_ PVOID *ServiceTag
2234 rectangle.
Left = Rect.left;
2235 rectangle.
Top = Rect.top;
2236 rectangle.
Width = Rect.right - Rect.left;
2237 rectangle.
Height = Rect.bottom - Rect.top;
2250 rect.left = Rectangle.Left;
2251 rect.top = Rectangle.Top;
2252 rect.right = Rectangle.Left + Rectangle.Width;
2253 rect.bottom = Rectangle.Top + Rectangle.Height;
2262 _In_ PRECT ParentRect
2265 Rect->right = ParentRect->right - ParentRect->left - Rect->right;
2266 Rect->bottom = ParentRect->bottom - ParentRect->top - Rect->bottom;
2272 _In_ RECT InnerRect,
2278 rect.left = InnerRect.left - OuterRect.left;
2279 rect.top = InnerRect.top - OuterRect.top;
2280 rect.right = InnerRect.right - OuterRect.left;
2281 rect.bottom = InnerRect.bottom - OuterRect.top;
2290 _Inout_ PPH_RECTANGLE Rectangle,
2291 _In_ PPH_RECTANGLE Bounds
2298 _Inout_ PPH_RECTANGLE Rectangle,
2299 _In_ PPH_RECTANGLE Bounds
2307 _Inout_ PPH_RECTANGLE Rectangle
2314 _In_ HWND WindowHandle,
2315 _In_opt_ HWND ParentWindowHandle
2321 _Out_ PSYSTEMTIME SystemTime,
2322 _In_ PLARGE_INTEGER LargeInteger
2327 fileTime.dwLowDateTime = LargeInteger->LowPart;
2328 fileTime.dwHighDateTime = LargeInteger->HighPart;
2329 FileTimeToSystemTime(&fileTime, SystemTime);
2335 _Out_ PSYSTEMTIME SystemTime,
2336 _In_ PLARGE_INTEGER LargeInteger
2340 FILETIME newFileTime;
2342 fileTime.dwLowDateTime = LargeInteger->LowPart;
2343 fileTime.dwHighDateTime = LargeInteger->HighPart;
2344 FileTimeToLocalFileTime(&fileTime, &newFileTime);
2345 FileTimeToSystemTime(&newFileTime, SystemTime);
2352 _In_reads_(NumberOfObjects) PVOID *Objects,
2353 _In_ ULONG NumberOfObjects
2360 _In_reads_(NumberOfObjects) PVOID *Objects,
2361 _In_ ULONG NumberOfObjects
2368 _In_ PVOID DllHandle,
2369 _In_ ULONG MessageTableId,
2370 _In_ ULONG MessageLanguageId,
2371 _In_ ULONG MessageId
2378 _In_ NTSTATUS Status
2388 #define PH_MAX_MESSAGE_SIZE 800
2410 #define PhShowError(hWnd, Format, ...) PhShowMessage(hWnd, MB_OK | MB_ICONERROR, Format, __VA_ARGS__)
2411 #define PhShowWarning(hWnd, Format, ...) PhShowMessage(hWnd, MB_OK | MB_ICONWARNING, Format, __VA_ARGS__)
2412 #define PhShowInformation(hWnd, Format, ...) PhShowMessage(hWnd, MB_OK | MB_ICONINFORMATION, Format, __VA_ARGS__)
2417 _In_ NTSTATUS Status,
2418 _In_opt_ ULONG Win32Result
2426 _In_opt_ PWSTR Message,
2427 _In_ NTSTATUS Status,
2428 _In_opt_ ULONG Win32Result
2436 _In_opt_ PWSTR Message,
2437 _In_ NTSTATUS Status,
2438 _In_opt_ ULONG Win32Result
2448 _In_opt_ PWSTR Message,
2449 _In_ BOOLEAN Warning
2457 _In_ ULONG SizeOfKeyValuePairs,
2459 _Out_ PULONG Integer
2467 _In_ ULONG SizeOfKeyValuePairs,
2472 #define GUID_VERSION_MAC 1
2473 #define GUID_VERSION_DCE 2
2474 #define GUID_VERSION_MD5 3
2475 #define GUID_VERSION_RANDOM 4
2476 #define GUID_VERSION_SHA1 5
2478 #define GUID_VARIANT_NCS_MASK 0x80
2479 #define GUID_VARIANT_NCS 0x00
2480 #define GUID_VARIANT_STANDARD_MASK 0xc0
2481 #define GUID_VARIANT_STANDARD 0x80
2482 #define GUID_VARIANT_MICROSOFT_MASK 0xe0
2483 #define GUID_VARIANT_MICROSOFT 0xc0
2484 #define GUID_VARIANT_RESERVED_MASK 0xe0
2485 #define GUID_VARIANT_RESERVED 0xe0
2526 _In_
PGUID Namespace,
2528 _In_ ULONG NameLength,
2536 _Out_writes_z_(Count) PWSTR Buffer,
2545 _In_ ULONG DesiredCount
2553 _In_ ULONG DesiredCount
2562 _In_ BOOLEAN IgnoreCase
2578 _In_ BOOLEAN IgnoreCase,
2579 _In_ BOOLEAN MatchIfPrefix
2586 _In_opt_ PSYSTEMTIME Date,
2587 _In_opt_ PWSTR Format
2594 _In_opt_ PSYSTEMTIME Time,
2595 _In_opt_ PWSTR Format
2602 _In_opt_ PSYSTEMTIME DateTime
2605 #define PhaFormatDateTime(DateTime) \
2606 ((PPH_STRING)PhAutoDereferenceObject(PhFormatDateTime(DateTime)))
2612 _In_ ULONG64 TimeSpan
2620 _In_ BOOLEAN GroupDigits
2623 #define PhaFormatUInt64(Value, GroupDigits) \
2624 ((PPH_STRING)PhAutoDereferenceObject(PhFormatUInt64((Value), (GroupDigits))))
2631 _In_ ULONG FractionalDigits,
2632 _In_ BOOLEAN GroupDigits
2635 #define PhaFormatDecimal(Value, FractionalDigits, GroupDigits) \
2636 ((PPH_STRING)PhAutoDereferenceObject(PhFormatDecimal((Value), (FractionalDigits), (GroupDigits))))
2643 _In_ ULONG MaxSizeUnit
2646 #define PhaFormatSize(Size, MaxSizeUnit) \
2647 ((PPH_STRING)PhAutoDereferenceObject(PhFormatSize((Size), (MaxSizeUnit))))
2667 _In_ PVOID VersionInfo
2674 _In_ PVOID VersionInfo,
2682 _In_ PVOID VersionInfo,
2683 _In_ ULONG LangCodePage,
2684 _In_ PWSTR StringName
2699 _Out_ PPH_IMAGE_VERSION_INFO ImageVersionInfo,
2707 _Inout_ PPH_IMAGE_VERSION_INFO ImageVersionInfo
2715 _In_ PPH_IMAGE_VERSION_INFO ImageVersionInfo,
2717 _In_opt_ ULONG LineLimit
2724 _In_ PWSTR FileName,
2725 _Out_opt_ PULONG IndexOfFileName
2757 PLDR_DATA_TABLE_ENTRY
2760 _In_opt_ PVOID DllBase,
2769 _In_ PVOID DllHandle,
2770 _Out_opt_ PULONG IndexOfFileName
2792 _In_opt_ PWSTR AppendPath
2800 _In_ ULONG NumberOfHandles,
2801 _In_ PHANDLE Handles,
2814 #define PH_CREATE_PROCESS_INHERIT_HANDLES 0x1
2815 #define PH_CREATE_PROCESS_UNICODE_ENVIRONMENT 0x2
2816 #define PH_CREATE_PROCESS_SUSPENDED 0x4
2817 #define PH_CREATE_PROCESS_BREAKAWAY_FROM_JOB 0x8
2818 #define PH_CREATE_PROCESS_NEW_CONSOLE 0x10
2824 _In_ PWSTR FileName,
2826 _In_opt_ PVOID Environment,
2828 _In_opt_ PPH_CREATE_PROCESS_INFO Information,
2830 _In_opt_ HANDLE ParentProcessHandle,
2832 _Out_opt_ PHANDLE ProcessHandle,
2833 _Out_opt_ PHANDLE ThreadHandle
2840 _In_opt_ PWSTR FileName,
2841 _In_opt_ PWSTR CommandLine,
2842 _In_opt_ PVOID Environment,
2843 _In_opt_ PWSTR CurrentDirectory,
2845 _In_opt_ HANDLE TokenHandle,
2846 _Out_opt_ PHANDLE ProcessHandle,
2847 _Out_opt_ PHANDLE ThreadHandle
2854 _In_opt_ PWSTR FileName,
2855 _In_opt_ PWSTR CommandLine,
2856 _In_opt_ PVOID Environment,
2857 _In_opt_ PWSTR CurrentDirectory,
2858 _In_opt_ STARTUPINFO *StartupInfo,
2860 _In_opt_ HANDLE TokenHandle,
2862 _Out_opt_ PHANDLE ProcessHandle,
2863 _Out_opt_ PHANDLE ThreadHandle
2888 #define PH_CREATE_PROCESS_USE_PROCESS_TOKEN 0x1000
2889 #define PH_CREATE_PROCESS_USE_SESSION_TOKEN 0x2000
2890 #define PH_CREATE_PROCESS_USE_LINKED_TOKEN 0x10000
2891 #define PH_CREATE_PROCESS_SET_SESSION_ID 0x20000
2892 #define PH_CREATE_PROCESS_WITH_PROFILE 0x40000
2898 _In_ PPH_CREATE_PROCESS_AS_USER_INFO Information,
2901 _Out_opt_ PHANDLE ProcessHandle,
2902 _Out_opt_ PHANDLE ThreadHandle
2908 _In_ HANDLE TokenHandle,
2909 _Out_ PHANDLE NewTokenHandle
2917 _In_ PWSTR FileName,
2918 _In_opt_ PWSTR Parameters
2921 #define PH_SHELL_EXECUTE_ADMIN 0x1
2922 #define PH_SHELL_EXECUTE_PUMP_MESSAGES 0x2
2929 _In_ PWSTR FileName,
2930 _In_opt_ PWSTR Parameters,
2931 _In_ ULONG ShowWindowType,
2933 _In_opt_ ULONG Timeout,
2934 _Out_opt_ PHANDLE ProcessHandle
2957 _In_ BOOLEAN Computer
2971 _In_ HANDLE KeyHandle,
2972 _In_opt_ PWSTR ValueName
2979 _In_ HANDLE KeyHandle,
2980 _In_opt_ PWSTR ValueName
2993 _Inout_ PULONG Value2,
2996 _In_ ULONG NumberOfMappings
3003 _Inout_ PULONG Value1,
3006 _In_ ULONG NumberOfMappings
3027 _In_ PVOID FileDialog
3035 _In_ PVOID FileDialog
3038 #define PH_FILEDIALOG_CREATEPROMPT 0x1
3039 #define PH_FILEDIALOG_PATHMUSTEXIST 0x2 // default both
3040 #define PH_FILEDIALOG_FILEMUSTEXIST 0x4 // default open
3041 #define PH_FILEDIALOG_SHOWHIDDEN 0x8
3042 #define PH_FILEDIALOG_NODEREFERENCELINKS 0x10
3043 #define PH_FILEDIALOG_OVERWRITEPROMPT 0x20 // default save
3044 #define PH_FILEDIALOG_DEFAULTEXPANDED 0x40
3045 #define PH_FILEDIALOG_STRICTFILETYPES 0x80
3046 #define PH_FILEDIALOG_PICKFOLDERS 0x100
3052 _In_ PVOID FileDialog
3059 _In_ PVOID FileDialog,
3067 _In_ PVOID FileDialog
3080 _In_ PVOID FileDialog,
3081 _In_ PPH_FILETYPE_FILTER Filters,
3082 _In_ ULONG NumberOfFilters
3089 _In_ PVOID FileDialog
3096 _In_ PVOID FileDialog,
3104 _In_ PWSTR FileName,
3105 _Out_ PBOOLEAN IsPacked,
3106 _Out_opt_ PULONG NumberOfModules,
3107 _Out_opt_ PULONG NumberOfFunctions
3114 _In_reads_(Length) PCHAR Buffer,
3135 _Out_ PPH_HASH_CONTEXT Context,
3143 _Inout_ PPH_HASH_CONTEXT Context,
3144 _In_reads_bytes_(Length) PVOID Buffer,
3152 _Inout_ PPH_HASH_CONTEXT Context,
3153 _Out_writes_bytes_(HashLength) PVOID Hash,
3154 _In_ ULONG HashLength,
3155 _Out_opt_ PULONG ReturnLength
3173 _In_opt_ PPH_COMMAND_LINE_OPTION Option,
3175 _In_opt_ PVOID Context
3178 #define PH_COMMAND_LINE_IGNORE_UNKNOWN_OPTIONS 0x1
3179 #define PH_COMMAND_LINE_IGNORE_FIRST_PART 0x2
3186 _Inout_ PULONG_PTR Index
3194 _In_opt_ PPH_COMMAND_LINE_OPTION Options,
3195 _In_ ULONG NumberOfOptions,
3198 _In_opt_ PVOID Context
1.8.2