aboutsummaryrefslogtreecommitdiff
path: root/CRT/ntdll_zw_functions.c
diff options
context:
space:
mode:
Diffstat (limited to 'CRT/ntdll_zw_functions.c')
-rw-r--r--CRT/ntdll_zw_functions.c409
1 files changed, 409 insertions, 0 deletions
diff --git a/CRT/ntdll_zw_functions.c b/CRT/ntdll_zw_functions.c
new file mode 100644
index 0000000..312440c
--- /dev/null
+++ b/CRT/ntdll_zw_functions.c
@@ -0,0 +1,409 @@
+/* This file was auto generated by gen_wrapper.sh */
+#include <ntddk.h>
+
+#ifdef __cplusplus
+#define _KERNEL_MODE 1
+#include "obfuscate.hpp"
+
+extern "C" {
+#endif
+
+typedef PVOID NTAPI (*MmMapIoSpaceEx_t) (_In_ PHYSICAL_ADDRESS PhysicalAddress, _In_ SIZE_T NumberOfBytes, _In_ ULONG Protect);
+typedef NTSTATUS NTAPI (*ObOpenObjectByPointer_t) (_In_ PVOID obj, _In_ ULONG HandleAttributes, _In_ PACCESS_STATE PassedAccessState, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_TYPE objType, _In_ KPROCESSOR_MODE AccessMode, _Out_ PHANDLE Handle);
+typedef NTSTATUS NTAPI (*MmCopyMemory_t) (_In_ PVOID TargetAddress, _In_ PVOID SourceAddress, _In_ SIZE_T NumberOfBytes, _In_ ULONG Flags, _Out_ PSIZE_T NumberOfBytesTransferred);
+typedef NTSTATUS NTAPI (*MmCopyVirtualMemory_t) (_In_ PEPROCESS SourceProcess, _In_ PVOID SourceAddress, _In_ PEPROCESS TargetProcess, _In_ PVOID TargetAddress, _In_ SIZE_T BufferSize, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PSIZE_T ReturnSize);
+typedef PVOID NTAPI (*RtlLookupFunctionEntry_t) (_In_ DWORD64 ControlPc, _Out_ PDWORD64 ImageBase, _Out_ PVOID HistoryTable);
+typedef NTSTATUS NTAPI (*ZwTraceControl_t) (_In_ ULONG FunctionCode, PVOID InBuffer, _In_ ULONG InBufferLen, PVOID OutBuffer, _In_ ULONG OutBufferLen, _Out_ PULONG ReturnLength);
+typedef NTSTATUS NTAPI (*ZwTraceEvent_t) (_In_ HANDLE TraceHandle, _In_ ULONG Flags, _In_ ULONG FieldSize, _In_ PVOID Fields);
+typedef NTSTATUS NTAPI (*ZwQueryVirtualMemory_t) (_In_ HANDLE ProcessHandle, _In_ PVOID BaseAddress, _In_ int MemoryInformationClass, _Out_ PVOID MemoryInformation, _In_ SIZE_T MemoryInformationLength, _Out_ PSIZE_T ReturnLength);
+typedef NTSTATUS NTAPI (*ZwProtectVirtualMemory_t) (_In_ HANDLE ProcessHandle, _In_ _Out_ PVOID* BaseAddress, _In_ _Out_ PSIZE_T NumberOfBytesToProtect, _In_ ULONG NewAccessProtection, _Out_ PULONG OldAccessProtection);
+typedef NTSTATUS NTAPI (*ZwQuerySystemInformation_t) (_In_ int SystemInformationClass, _Inout_ PVOID SystemInformation, _In_ ULONG SystemInformationLength, _Out_opt_ PULONG ReturnLength);
+typedef NTSTATUS NTAPI (*_ZwCreateFile_t) (_Out_ PHANDLE FileHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _Out_ PIO_STATUS_BLOCK StatusBlock, _In_ PLARGE_INTEGER AllocationSize, _In_ ULONG FileAttributes, _In_ ULONG ShareAccess, _In_ ULONG CreateDisposition, _In_ ULONG CreateOptions, _In_ PVOID EaBuffer, _In_ ULONG EaLength);
+typedef NTSTATUS NTAPI (*_ZwClose_t) (_In_ HANDLE Handle);
+typedef NTSTATUS NTAPI (*_ZwWriteFile_t) (_In_ HANDLE FileHandle, _In_ HANDLE Event, _In_ PIO_APC_ROUTINE ApcRoutine, _In_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK StatusBlock, _In_ PVOID Buffer, _In_ ULONG Length, _In_ PLARGE_INTEGER ByteOffset, _In_ PULONG Key);
+
+static MmMapIoSpaceEx_t _MmMapIoSpaceEx = NULL;
+static ObOpenObjectByPointer_t _ObOpenObjectByPointer = NULL;
+static MmCopyMemory_t _MmCopyMemory = NULL;
+static MmCopyVirtualMemory_t _MmCopyVirtualMemory = NULL;
+static RtlLookupFunctionEntry_t _RtlLookupFunctionEntry = NULL;
+static ZwTraceControl_t _ZwTraceControl = NULL;
+static ZwTraceEvent_t _ZwTraceEvent = NULL;
+static ZwQueryVirtualMemory_t _ZwQueryVirtualMemory = NULL;
+static ZwProtectVirtualMemory_t _ZwProtectVirtualMemory = NULL;
+static ZwQuerySystemInformation_t _ZwQuerySystemInformation = NULL;
+static _ZwCreateFile_t __ZwCreateFile = NULL;
+static _ZwClose_t __ZwClose = NULL;
+static _ZwWriteFile_t __ZwWriteFile = NULL;
+
+int __cdecl ntdll_zw_functions (void)
+{
+ int retval = 0;
+ UNICODE_STRING fnName;
+
+#ifdef __cplusplus
+ RtlInitUnicodeString(&fnName, skCrypt(L"MmMapIoSpaceEx"));
+#else
+ RtlInitUnicodeString(&fnName, L"MmMapIoSpaceEx");
+#endif
+ _MmMapIoSpaceEx = (MmMapIoSpaceEx_t)MmGetSystemRoutineAddress(&fnName);
+ if (_MmMapIoSpaceEx == NULL)
+ {
+#ifdef __cplusplus
+ DbgPrint(skCrypt("%s\n"), skCrypt("System routine MmMapIoSpaceEx not found."));
+#else
+ DbgPrint("%s\n", "System routine MmMapIoSpaceEx not found.");
+#endif
+ retval++;
+ }
+#ifdef __cplusplus
+ RtlInitUnicodeString(&fnName, skCrypt(L"ObOpenObjectByPointer"));
+#else
+ RtlInitUnicodeString(&fnName, L"ObOpenObjectByPointer");
+#endif
+ _ObOpenObjectByPointer = (ObOpenObjectByPointer_t)MmGetSystemRoutineAddress(&fnName);
+ if (_ObOpenObjectByPointer == NULL)
+ {
+#ifdef __cplusplus
+ DbgPrint(skCrypt("%s\n"), skCrypt("System routine ObOpenObjectByPointer not found."));
+#else
+ DbgPrint("%s\n", "System routine ObOpenObjectByPointer not found.");
+#endif
+ retval++;
+ }
+#ifdef __cplusplus
+ RtlInitUnicodeString(&fnName, skCrypt(L"MmCopyMemory"));
+#else
+ RtlInitUnicodeString(&fnName, L"MmCopyMemory");
+#endif
+ _MmCopyMemory = (MmCopyMemory_t)MmGetSystemRoutineAddress(&fnName);
+ if (_MmCopyMemory == NULL)
+ {
+#ifdef __cplusplus
+ DbgPrint(skCrypt("%s\n"), skCrypt("System routine MmCopyMemory not found."));
+#else
+ DbgPrint("%s\n", "System routine MmCopyMemory not found.");
+#endif
+ retval++;
+ }
+#ifdef __cplusplus
+ RtlInitUnicodeString(&fnName, skCrypt(L"MmCopyVirtualMemory"));
+#else
+ RtlInitUnicodeString(&fnName, L"MmCopyVirtualMemory");
+#endif
+ _MmCopyVirtualMemory = (MmCopyVirtualMemory_t)MmGetSystemRoutineAddress(&fnName);
+ if (_MmCopyVirtualMemory == NULL)
+ {
+#ifdef __cplusplus
+ DbgPrint(skCrypt("%s\n"), skCrypt("System routine MmCopyVirtualMemory not found."));
+#else
+ DbgPrint("%s\n", "System routine MmCopyVirtualMemory not found.");
+#endif
+ retval++;
+ }
+#ifdef __cplusplus
+ RtlInitUnicodeString(&fnName, skCrypt(L"RtlLookupFunctionEntry"));
+#else
+ RtlInitUnicodeString(&fnName, L"RtlLookupFunctionEntry");
+#endif
+ _RtlLookupFunctionEntry = (RtlLookupFunctionEntry_t)MmGetSystemRoutineAddress(&fnName);
+ if (_RtlLookupFunctionEntry == NULL)
+ {
+#ifdef __cplusplus
+ DbgPrint(skCrypt("%s\n"), skCrypt("System routine RtlLookupFunctionEntry not found."));
+#else
+ DbgPrint("%s\n", "System routine RtlLookupFunctionEntry not found.");
+#endif
+ retval++;
+ }
+#ifdef __cplusplus
+ RtlInitUnicodeString(&fnName, skCrypt(L"ZwTraceControl"));
+#else
+ RtlInitUnicodeString(&fnName, L"ZwTraceControl");
+#endif
+ _ZwTraceControl = (ZwTraceControl_t)MmGetSystemRoutineAddress(&fnName);
+ if (_ZwTraceControl == NULL)
+ {
+#ifdef __cplusplus
+ DbgPrint(skCrypt("%s\n"), skCrypt("System routine ZwTraceControl not found."));
+#else
+ DbgPrint("%s\n", "System routine ZwTraceControl not found.");
+#endif
+ retval++;
+ }
+#ifdef __cplusplus
+ RtlInitUnicodeString(&fnName, skCrypt(L"ZwTraceEvent"));
+#else
+ RtlInitUnicodeString(&fnName, L"ZwTraceEvent");
+#endif
+ _ZwTraceEvent = (ZwTraceEvent_t)MmGetSystemRoutineAddress(&fnName);
+ if (_ZwTraceEvent == NULL)
+ {
+#ifdef __cplusplus
+ DbgPrint(skCrypt("%s\n"), skCrypt("System routine ZwTraceEvent not found."));
+#else
+ DbgPrint("%s\n", "System routine ZwTraceEvent not found.");
+#endif
+ retval++;
+ }
+#ifdef __cplusplus
+ RtlInitUnicodeString(&fnName, skCrypt(L"ZwQueryVirtualMemory"));
+#else
+ RtlInitUnicodeString(&fnName, L"ZwQueryVirtualMemory");
+#endif
+ _ZwQueryVirtualMemory = (ZwQueryVirtualMemory_t)MmGetSystemRoutineAddress(&fnName);
+ if (_ZwQueryVirtualMemory == NULL)
+ {
+#ifdef __cplusplus
+ DbgPrint(skCrypt("%s\n"), skCrypt("System routine ZwQueryVirtualMemory not found."));
+#else
+ DbgPrint("%s\n", "System routine ZwQueryVirtualMemory not found.");
+#endif
+ retval++;
+ }
+#ifdef __cplusplus
+ RtlInitUnicodeString(&fnName, skCrypt(L"ZwProtectVirtualMemory"));
+#else
+ RtlInitUnicodeString(&fnName, L"ZwProtectVirtualMemory");
+#endif
+ _ZwProtectVirtualMemory = (ZwProtectVirtualMemory_t)MmGetSystemRoutineAddress(&fnName);
+ if (_ZwProtectVirtualMemory == NULL)
+ {
+#ifdef __cplusplus
+ DbgPrint(skCrypt("%s\n"), skCrypt("System routine ZwProtectVirtualMemory not found."));
+#else
+ DbgPrint("%s\n", "System routine ZwProtectVirtualMemory not found.");
+#endif
+ retval++;
+ }
+#ifdef __cplusplus
+ RtlInitUnicodeString(&fnName, skCrypt(L"ZwQuerySystemInformation"));
+#else
+ RtlInitUnicodeString(&fnName, L"ZwQuerySystemInformation");
+#endif
+ _ZwQuerySystemInformation = (ZwQuerySystemInformation_t)MmGetSystemRoutineAddress(&fnName);
+ if (_ZwQuerySystemInformation == NULL)
+ {
+#ifdef __cplusplus
+ DbgPrint(skCrypt("%s\n"), skCrypt("System routine ZwQuerySystemInformation not found."));
+#else
+ DbgPrint("%s\n", "System routine ZwQuerySystemInformation not found.");
+#endif
+ retval++;
+ }
+#ifdef __cplusplus
+ RtlInitUnicodeString(&fnName, skCrypt(L"ZwCreateFile"));
+#else
+ RtlInitUnicodeString(&fnName, L"ZwCreateFile");
+#endif
+ __ZwCreateFile = (_ZwCreateFile_t)MmGetSystemRoutineAddress(&fnName);
+ if (__ZwCreateFile == NULL)
+ {
+#ifdef __cplusplus
+ DbgPrint(skCrypt("%s\n"), skCrypt("System routine ZwCreateFile not found."));
+#else
+ DbgPrint("%s\n", "System routine ZwCreateFile not found.");
+#endif
+ retval++;
+ }
+#ifdef __cplusplus
+ RtlInitUnicodeString(&fnName, skCrypt(L"ZwClose"));
+#else
+ RtlInitUnicodeString(&fnName, L"ZwClose");
+#endif
+ __ZwClose = (_ZwClose_t)MmGetSystemRoutineAddress(&fnName);
+ if (__ZwClose == NULL)
+ {
+#ifdef __cplusplus
+ DbgPrint(skCrypt("%s\n"), skCrypt("System routine ZwClose not found."));
+#else
+ DbgPrint("%s\n", "System routine ZwClose not found.");
+#endif
+ retval++;
+ }
+#ifdef __cplusplus
+ RtlInitUnicodeString(&fnName, skCrypt(L"ZwWriteFile"));
+#else
+ RtlInitUnicodeString(&fnName, L"ZwWriteFile");
+#endif
+ __ZwWriteFile = (_ZwWriteFile_t)MmGetSystemRoutineAddress(&fnName);
+ if (__ZwWriteFile == NULL)
+ {
+#ifdef __cplusplus
+ DbgPrint(skCrypt("%s\n"), skCrypt("System routine ZwWriteFile not found."));
+#else
+ DbgPrint("%s\n", "System routine ZwWriteFile not found.");
+#endif
+ retval++;
+ }
+
+ return retval;
+}
+
+
+PVOID NTAPI MmMapIoSpaceEx (_In_ PHYSICAL_ADDRESS PhysicalAddress, _In_ SIZE_T NumberOfBytes, _In_ ULONG Protect)
+{
+ return _MmMapIoSpaceEx (PhysicalAddress, NumberOfBytes, Protect);
+}
+
+PVOID NTAPI WrapperMmMapIoSpaceEx (_In_ PHYSICAL_ADDRESS PhysicalAddress, _In_ SIZE_T NumberOfBytes, _In_ ULONG Protect)
+{
+ return _MmMapIoSpaceEx (PhysicalAddress, NumberOfBytes, Protect);
+}
+
+NTSTATUS NTAPI ObOpenObjectByPointer (_In_ PVOID obj, _In_ ULONG HandleAttributes, _In_ PACCESS_STATE PassedAccessState, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_TYPE objType, _In_ KPROCESSOR_MODE AccessMode, _Out_ PHANDLE Handle)
+{
+ if (_ObOpenObjectByPointer == NULL)
+ return STATUS_PROCEDURE_NOT_FOUND;
+
+ return _ObOpenObjectByPointer (obj, HandleAttributes, PassedAccessState, DesiredAccess, objType, AccessMode, Handle);
+}
+
+NTSTATUS NTAPI WrapperObOpenObjectByPointer (_In_ PVOID obj, _In_ ULONG HandleAttributes, _In_ PACCESS_STATE PassedAccessState, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_TYPE objType, _In_ KPROCESSOR_MODE AccessMode, _Out_ PHANDLE Handle)
+{
+ return _ObOpenObjectByPointer (obj, HandleAttributes, PassedAccessState, DesiredAccess, objType, AccessMode, Handle);
+}
+
+NTSTATUS NTAPI MmCopyMemory (_In_ PVOID TargetAddress, _In_ PVOID SourceAddress, _In_ SIZE_T NumberOfBytes, _In_ ULONG Flags, _Out_ PSIZE_T NumberOfBytesTransferred)
+{
+ if (_MmCopyMemory == NULL)
+ return STATUS_PROCEDURE_NOT_FOUND;
+
+ return _MmCopyMemory (TargetAddress, SourceAddress, NumberOfBytes, Flags, NumberOfBytesTransferred);
+}
+
+NTSTATUS NTAPI WrapperMmCopyMemory (_In_ PVOID TargetAddress, _In_ PVOID SourceAddress, _In_ SIZE_T NumberOfBytes, _In_ ULONG Flags, _Out_ PSIZE_T NumberOfBytesTransferred)
+{
+ return _MmCopyMemory (TargetAddress, SourceAddress, NumberOfBytes, Flags, NumberOfBytesTransferred);
+}
+
+NTSTATUS NTAPI MmCopyVirtualMemory (_In_ PEPROCESS SourceProcess, _In_ PVOID SourceAddress, _In_ PEPROCESS TargetProcess, _In_ PVOID TargetAddress, _In_ SIZE_T BufferSize, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PSIZE_T ReturnSize)
+{
+ if (_MmCopyVirtualMemory == NULL)
+ return STATUS_PROCEDURE_NOT_FOUND;
+
+ return _MmCopyVirtualMemory (SourceProcess, SourceAddress, TargetProcess, TargetAddress, BufferSize, PreviousMode, ReturnSize);
+}
+
+NTSTATUS NTAPI WrapperMmCopyVirtualMemory (_In_ PEPROCESS SourceProcess, _In_ PVOID SourceAddress, _In_ PEPROCESS TargetProcess, _In_ PVOID TargetAddress, _In_ SIZE_T BufferSize, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PSIZE_T ReturnSize)
+{
+ return _MmCopyVirtualMemory (SourceProcess, SourceAddress, TargetProcess, TargetAddress, BufferSize, PreviousMode, ReturnSize);
+}
+
+PVOID NTAPI RtlLookupFunctionEntry (_In_ DWORD64 ControlPc, _Out_ PDWORD64 ImageBase, _Out_ PVOID HistoryTable)
+{
+ return _RtlLookupFunctionEntry (ControlPc, ImageBase, HistoryTable);
+}
+
+PVOID NTAPI WrapperRtlLookupFunctionEntry (_In_ DWORD64 ControlPc, _Out_ PDWORD64 ImageBase, _Out_ PVOID HistoryTable)
+{
+ return _RtlLookupFunctionEntry (ControlPc, ImageBase, HistoryTable);
+}
+
+NTSTATUS NTAPI ZwTraceControl (_In_ ULONG FunctionCode, PVOID InBuffer, _In_ ULONG InBufferLen, PVOID OutBuffer, _In_ ULONG OutBufferLen, _Out_ PULONG ReturnLength)
+{
+ if (_ZwTraceControl == NULL)
+ return STATUS_PROCEDURE_NOT_FOUND;
+
+ return _ZwTraceControl (FunctionCode, InBuffer, InBufferLen, OutBuffer, OutBufferLen, ReturnLength);
+}
+
+NTSTATUS NTAPI WrapperZwTraceControl (_In_ ULONG FunctionCode, PVOID InBuffer, _In_ ULONG InBufferLen, PVOID OutBuffer, _In_ ULONG OutBufferLen, _Out_ PULONG ReturnLength)
+{
+ return _ZwTraceControl (FunctionCode, InBuffer, InBufferLen, OutBuffer, OutBufferLen, ReturnLength);
+}
+
+NTSTATUS NTAPI ZwTraceEvent (_In_ HANDLE TraceHandle, _In_ ULONG Flags, _In_ ULONG FieldSize, _In_ PVOID Fields)
+{
+ if (_ZwTraceEvent == NULL)
+ return STATUS_PROCEDURE_NOT_FOUND;
+
+ return _ZwTraceEvent (TraceHandle, Flags, FieldSize, Fields);
+}
+
+NTSTATUS NTAPI WrapperZwTraceEvent (_In_ HANDLE TraceHandle, _In_ ULONG Flags, _In_ ULONG FieldSize, _In_ PVOID Fields)
+{
+ return _ZwTraceEvent (TraceHandle, Flags, FieldSize, Fields);
+}
+
+NTSTATUS NTAPI ZwQueryVirtualMemory (_In_ HANDLE ProcessHandle, _In_ PVOID BaseAddress, _In_ int MemoryInformationClass, _Out_ PVOID MemoryInformation, _In_ SIZE_T MemoryInformationLength, _Out_ PSIZE_T ReturnLength)
+{
+ if (_ZwQueryVirtualMemory == NULL)
+ return STATUS_PROCEDURE_NOT_FOUND;
+
+ return _ZwQueryVirtualMemory (ProcessHandle, BaseAddress, MemoryInformationClass, MemoryInformation, MemoryInformationLength, ReturnLength);
+}
+
+NTSTATUS NTAPI WrapperZwQueryVirtualMemory (_In_ HANDLE ProcessHandle, _In_ PVOID BaseAddress, _In_ int MemoryInformationClass, _Out_ PVOID MemoryInformation, _In_ SIZE_T MemoryInformationLength, _Out_ PSIZE_T ReturnLength)
+{
+ return _ZwQueryVirtualMemory (ProcessHandle, BaseAddress, MemoryInformationClass, MemoryInformation, MemoryInformationLength, ReturnLength);
+}
+
+NTSTATUS NTAPI ZwProtectVirtualMemory (_In_ HANDLE ProcessHandle, _In_ _Out_ PVOID* BaseAddress, _In_ _Out_ PSIZE_T NumberOfBytesToProtect, _In_ ULONG NewAccessProtection, _Out_ PULONG OldAccessProtection)
+{
+ if (_ZwProtectVirtualMemory == NULL)
+ return STATUS_PROCEDURE_NOT_FOUND;
+
+ return _ZwProtectVirtualMemory (ProcessHandle, BaseAddress, NumberOfBytesToProtect, NewAccessProtection, OldAccessProtection);
+}
+
+NTSTATUS NTAPI WrapperZwProtectVirtualMemory (_In_ HANDLE ProcessHandle, _In_ _Out_ PVOID* BaseAddress, _In_ _Out_ PSIZE_T NumberOfBytesToProtect, _In_ ULONG NewAccessProtection, _Out_ PULONG OldAccessProtection)
+{
+ return _ZwProtectVirtualMemory (ProcessHandle, BaseAddress, NumberOfBytesToProtect, NewAccessProtection, OldAccessProtection);
+}
+
+NTSTATUS NTAPI ZwQuerySystemInformation (_In_ int SystemInformationClass, _Inout_ PVOID SystemInformation, _In_ ULONG SystemInformationLength, _Out_opt_ PULONG ReturnLength)
+{
+ if (_ZwQuerySystemInformation == NULL)
+ return STATUS_PROCEDURE_NOT_FOUND;
+
+ return _ZwQuerySystemInformation (SystemInformationClass, SystemInformation, SystemInformationLength, ReturnLength);
+}
+
+NTSTATUS NTAPI WrapperZwQuerySystemInformation (_In_ int SystemInformationClass, _Inout_ PVOID SystemInformation, _In_ ULONG SystemInformationLength, _Out_opt_ PULONG ReturnLength)
+{
+ return _ZwQuerySystemInformation (SystemInformationClass, SystemInformation, SystemInformationLength, ReturnLength);
+}
+
+NTSTATUS NTAPI _ZwCreateFile (_Out_ PHANDLE FileHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _Out_ PIO_STATUS_BLOCK StatusBlock, _In_ PLARGE_INTEGER AllocationSize, _In_ ULONG FileAttributes, _In_ ULONG ShareAccess, _In_ ULONG CreateDisposition, _In_ ULONG CreateOptions, _In_ PVOID EaBuffer, _In_ ULONG EaLength)
+{
+ if (__ZwCreateFile == NULL)
+ return STATUS_PROCEDURE_NOT_FOUND;
+
+ return __ZwCreateFile (FileHandle, DesiredAccess, ObjectAttributes, StatusBlock, AllocationSize, FileAttributes, ShareAccess, CreateDisposition, CreateOptions, EaBuffer, EaLength);
+}
+
+NTSTATUS NTAPI WrapperZwCreateFile (_Out_ PHANDLE FileHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _Out_ PIO_STATUS_BLOCK StatusBlock, _In_ PLARGE_INTEGER AllocationSize, _In_ ULONG FileAttributes, _In_ ULONG ShareAccess, _In_ ULONG CreateDisposition, _In_ ULONG CreateOptions, _In_ PVOID EaBuffer, _In_ ULONG EaLength)
+{
+ return __ZwCreateFile (FileHandle, DesiredAccess, ObjectAttributes, StatusBlock, AllocationSize, FileAttributes, ShareAccess, CreateDisposition, CreateOptions, EaBuffer, EaLength);
+}
+
+NTSTATUS NTAPI _ZwClose (_In_ HANDLE Handle)
+{
+ if (__ZwClose == NULL)
+ return STATUS_PROCEDURE_NOT_FOUND;
+
+ return __ZwClose (Handle);
+}
+
+NTSTATUS NTAPI WrapperZwClose (_In_ HANDLE Handle)
+{
+ return __ZwClose (Handle);
+}
+
+NTSTATUS NTAPI _ZwWriteFile (_In_ HANDLE FileHandle, _In_ HANDLE Event, _In_ PIO_APC_ROUTINE ApcRoutine, _In_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK StatusBlock, _In_ PVOID Buffer, _In_ ULONG Length, _In_ PLARGE_INTEGER ByteOffset, _In_ PULONG Key)
+{
+ if (__ZwWriteFile == NULL)
+ return STATUS_PROCEDURE_NOT_FOUND;
+
+ return __ZwWriteFile (FileHandle, Event, ApcRoutine, ApcContext, StatusBlock, Buffer, Length, ByteOffset, Key);
+}
+
+NTSTATUS NTAPI WrapperZwWriteFile (_In_ HANDLE FileHandle, _In_ HANDLE Event, _In_ PIO_APC_ROUTINE ApcRoutine, _In_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK StatusBlock, _In_ PVOID Buffer, _In_ ULONG Length, _In_ PLARGE_INTEGER ByteOffset, _In_ PULONG Key)
+{
+ return __ZwWriteFile (FileHandle, Event, ApcRoutine, ApcContext, StatusBlock, Buffer, Length, ByteOffset, Key);
+}
+
+#ifdef __cplusplus
+};
+#endif
Powered by cgit, Themed by Ted Yin.