NtDll.pas

1. {
2.    Ìîäóëü: NtDll
3.  
4.    Îïèñàíèå: Èíòåðôåéñ ê äèíàìè÷åñêîé áèáëèîòåêå NTDLL.DLL.
5.              Îïèñàíèå ñòðóêòóð è ïðîòîòèïîâ ôóíêöèé ïðèâåäåíî íà îñíîâå
6.              èíôîðìàöèè èç êíèãè Ãýðè Íåááåòà "Ñïðàâî÷íèê ïî áàçîâûì ôóíêöèÿì
7.              API Windows NT/2000",
8.              èñõîäíûõ òåêñòîâ ïðîãðàììû NTINFO Ñâåíà Øðàéáåðà (ñïàñèáî Digitman)
9.              MSDN (http://msdn.microsoft.com)
10.              ôàéëà ntdll.pas ((c) Alex Konshin 5 jul 2000 (alexk@mtgroup.ru)
11.              è ñîáñòâåííûõ èññëåäîâàíèé.
12.  
13.    Àâòîð: Èãîðü Øåâ÷åíêî
14.  
15.    Äàòà ñîçäàíèÿ: 31.08.2002
16.  
17.    Èñòîðèÿ èçìåíåíèé:
18.    ....
19.    01.02.2005 Äîáàâëåíà ñòðóêòóðà èíôîðìàöèè ñåàíñà (îáùàÿ äëÿ íåñêîëüêèõ âûçî-
20.               âîâ NtQuerySystemInformation
21. }
22. unit NtDll;
23. {$Z+}
24. interface
25. uses
26.   HsNtDef, Windows, NtPEB;
27.  
28. type
29.   USHORT = Word;
30.   LONG = LongInt;
31.   PLARGE_INTEGER = ^LARGE_INTEGER;
32.   PRTL_RELATIVE_NAME = Pointer; //TODO:
33.   PPWideChar = ^PWideChar;
34.   PPVoid = ^PVOID;
35.   PPImageNTHeaders = ^PImageNTHeaders;
36.   LUID = LARGE_INTEGER;
37.   PLUID = ^LUID;
38.   KEY_VALUE_INFORMATION_CLASS = Integer;
39.   KEY_INFORMATION_CLASS = Integer;
40.   PBOOLEAN = ^ByteBool;
41.   PSECURITY_QUALITY_OF_SERVICE = PSecurityQualityOfService;
42.   PATOM = ^ATOM;
43.   PLONG = ^LongInt;
44.   ULONGLONG = Int64;
45.   PTOKEN_PRIVILEGES = PTokenPrivileges;
46.   TIMER_TYPE = Integer; //TODO:
47.   PUSHORT = ^USHORT;
48.   EVENT_INFO_CLASS = Integer; //TODO:
49.   ATOM_INFO_CLASS = Integer; //TODO:
50.   JOBOBJECTINFOCLASS = Integer; //TODO:
51.   SECTION_INFORMATION_CLASS = Integer; //TODO:
52.   SECURITY_INFORMATION = Integer; //TODO:
53.   FS_INFORMATION_CLASS = Integer; //TODO:
54.   PSID_IDENTIFIER_AUTHORITY = ^SID_IDENTIFIER_AUTHORITY;
55.   PPSID = ^PSID;
56.   PPBYTE = ^PBYTE;
57.   SIZE_T = Cardinal;
58.   PHEAP_INFO = Pointer; //TODO: Îïèñàíèå ñòðóêòóðû !!!!
59.   PRTL_HANDLE_TABLE = Pointer; //TODO: Îïèñàíèå ñòðóêòóðû !!!!
60.   PROCESS_PARAMETERS = TRTL_USER_PROCESS_PARAMETERS;
61.   PPROCESS_PARAMETERS = ^PROCESS_PARAMETERS;
62.   PPPROCESS_PARAMETERS = ^PPROCESS_PARAMETERS;
63.   RTL_PATH_TYPE = Integer;
64.   PRTL_PATH_TYPE = ^RTL_PATH_TYPE;
65.   PPUNICODE_STRING = ^PUNICODE_STRING;
66.   PDBGUI_WAIT_STATE_CHANGE = Pointer; //TODO:
67.   LPDEBUG_EVENT = PDebugEvent;
68.   PPACL = ^PACL;
69.   PLPWSTR = ^LPWSTR;
70.   RTL_OSVERSIONINFOW = OSVERSIONINFOW;
71.   PRTL_OSVERSIONINFOW = ^RTL_OSVERSIONINFOW;
72.   SECURITY_IMPERSONATION_LEVEL = Integer; //TODO:
73.   PPDWORD = ^PDWORD;
74.   PRTL_HEAP_TAG_INFO = Pointer; //TODO:
75.   PEXCEPTION_RECORD = ^EXCEPTION_RECORD;
76.   PRTL_TIME_ZONE_INFORMATION = Pointer; //TODO:
77.   PRTL_HEAP_USAGE = Pointer; //TODO:
78.   PRTL_HEAP_WALK_ENTRY = Pointer; //TODO:
79.   PPMESSAGE_RESOURCE_ENTRY = Pointer; //TODO:
80.   POWER_ACTION = Integer; //TODO:
81.   SYSTEM_POWER_STATE = Integer; //TODO:
82.   POWER_INFORMATION_LEVEL = Integer; //TODO:
83.   DEVICE_POWER_STATE = Integer; //TODO:
84.   PDEVICE_POWER_STATE = ^DEVICE_POWER_STATE;
85.   PIMAGE_RESOURCE_DATA_ENTRY = Pointer; //TODO:
86.   PPIMAGE_RESOURCE_DATA_ENTRY = ^PIMAGE_RESOURCE_DATA_ENTRY;
87.   PCPTABLEINFO = Pointer; //TODO:
88.   PPSTRING = ^PANSI_STRING;
89.   ACL_INFORMATION_CLASS = Integer; //TODO:
90.   PGENERIC_MAPPING = ^GENERIC_MAPPING;
91.   POBJECT_TYPE_LIST = Pointer; //TODO:
92.   PTOKEN_GROUPS = ^TOKEN_GROUPS;
93.   TOKEN_INFORMATION_CLASS = Integer; //TODO:
94.   PPRIVILEGE_SET = ^PRIVILEGE_SET;
95.   PHMODULE = ^HMODULE;
96.  
97.  
98. { Áàçîâàÿ èíôîðìàöèÿ îá îáúåêòå }
99.   TOBJECT_BASIC_INFORMATION = packed record
100.     Attributes: ULONG;
101.     GrantedAccess: ACCESS_MASK;
102.     HandleCount: ULONG;
103.     PointerCount: ULONG;
104.     PagedPoolUsage: ULONG;
105.     NonPagedPoolUsage: ULONG;
106.     Reserved1: ULONG;
107.     Reserved2: ULONG;
108.     Reserved3: ULONG;
109.     NameInformationLength: ULONG;
110.     TypeInformationLength: ULONG;
111.     SecurityDescriptorLength: ULONG;
112.     CreateTime: TLargeInteger;
113.   end;
114.   OBJECT_BASIC_INFORMATION = TOBJECT_BASIC_INFORMATION;
115.   POBJECT_BASIC_INFORMATION = ^TOBJECT_BASIC_INFORMATION;
116.  
117. { Èíôîðìàöèÿ î òèïå îáúåêòà - ïåðåìåííîé äëèíû }
118.   TOBJECT_TYPE_INFORMATION = packed record
119.     Name: TUNICODE_STRING;
120.     ObjectCount: ULONG;
121.     HandleCount: ULONG;
122.     Reserved1: array[1..4] of ULONG;
123.     PeakObjectCount: ULONG;
124.     PeakHandleCount: ULONG;
125.     Reserved2: array[1..4] of ULONG;
126.     InvalidAttributes: ULONG;
127.     GenericMapping: GENERIC_MAPPING;
128.     ValidAccess: ULONG;
129.     Unknown: Byte;
130.     MaintainHandleDatabase: ByteBool;
131.     PoolType: Word;
132.     PagedPoolUsage: ULONG;
133.     NonpagedPoolUsage: ULONG;
134.   end;
135.   POBJECT_TYPE_INFORMATION = ^TOBJECT_TYPE_INFORMATION;
136. { Èíôîðìàöèÿ îá èìåíè îáúåêòà - ïåðåìåííîé äëèíû }
137.   TOBJECT_NAME_INFORMATION = packed record
138.     Name: TUNICODE_STRING;
139.   end;
140.   POBJECT_NAME_INFORMATION = ^TOBJECT_NAME_INFORMATION;
141. { Èíôîðìàöèÿ îá ýëåìåíòå êàòàëîãà }
142.   TDIRECTORY_BASIC_INFOMATION = packed record
143.     ObjectName: TUNICODE_STRING;
144.     ObjectTypeName: TUNICODE_STRING;
145.   end;
146.   DIRECTORY_BASIC_INFOMATION = TDIRECTORY_BASIC_INFOMATION;
147.   PDIRECTORY_BASIC_INFOMATION = ^DIRECTORY_BASIC_INFOMATION;
148.  
149. { NtQuerySystemInformation }
150.  
151. { Áàçîâàÿ èíôîðìàöèÿ î ñèñòåìå }
152.   SYSTEM_BASIC_INFORMATION = packed record
153.     AlwaysZero: ULONG;
154.     MaximumIncrement: ULONG;
155.     PhysicalPageSize: ULONG;
156.     NumberOfPhysicalPages: ULONG;
157.     LowestPhysicalPage: ULONG;
158.     HighestPhysicalPage: ULONG;
159.     AllocationGranularity: ULONG;
160.     LowestUserAddress: ULONG;
161.     HighestUserAddress: ULONG;
162.     ActiveProcessors: ULONG;
163.     NumberProcessors: UCHAR;
164.     Filler: array[0..2] of char;
165.   end;
166.   PSYSTEM_BASIC_INFORMATION = ^SYSTEM_BASIC_INFORMATION;
167. { Èíôîðìàöèÿ î ïðîöåññîðå }
168.   SYSTEM_PROCESSOR_INFORMATION = packed record
169.     ProcessorArchitecture: USHORT;
170.     ProcessorLevel: USHORT;
171.     ProcessorRevision: USHORT;
172.     Unknown: USHORT;
173.     FeatureBits: ULONG;
174.   end;
175.   PSYSTEM_PROCESSOR_INFORMATION = ^SYSTEM_PROCESSOR_INFORMATION;
176. { Áèòû èíôîðìàöèè î ïðîöåññîðå }
177. const
178.   PFB_VME = 1;
179.   PFB_TCS = 2;
180.   PFB_CR4 = 4;
181.   PFB_CMOV = 8;
182.   PFB_PGE = $10;
183.   PFB_PSE = $20;
184.   PFB_MTRR = $40;
185.   PFB_CXS = $80;
186.   PFB_MMX = $100;
187.   PFB_PAT = $400;
188.   PFB_FXSR = $800;
189.   PFB_SIMD = $2000;
190. type
191. { Ôîðìàò âðåìåíè (ñòðóêòóðà àíàëîãè÷íà SYSTEMTIME â Win32 API }
192.   TIME_FIELDS = packed record
193.     Year: WORD;
194.     Month: WORD;
195.     Day: WORD;
196.     Hour: WORD;
197.     Minute: WORD;
198.     Second: WORD;
199.     Milliseconds: WORD;
200.     Weekday: WORD;
201.   end;
202.   PTIME_FIELDS = ^TIME_FIELDS;
203.  
204. { Èíôîðìàöèÿ î ïðîèçâîäèòåëüíîñòè ñèñòåìû }
205.   SYSTEM_PERFORMANCE_INFORMATION = packed record
206.     IdleTime: LARGE_INTEGER;
207.     ReadTransferCount: LARGE_INTEGER;
208.     WriteTransferCount: LARGE_INTEGER;
209.     OtherTransferCount: LARGE_INTEGER;
210.     ReadOperationCount: ULONG;
211.     WriteOperationCount: ULONG;
212.     OtherOperationCount: ULONG;
213.     AvailablePages: ULONG;
214.     TotalCommittedPages: ULONG;
215.     TotalCommitLimit: ULONG;
216.     PeakCommitment: ULONG;
217.     PageFaults: ULONG;
218.     WriteCopyFaults: ULONG;
219.     TransitionFaults: ULONG;
220.     Reserved1: ULONG;
221.     DemandZeroFaults: ULONG;
222.     PagesRead: ULONG;
223.     PageReadIos: ULONG;
224.     Reserved2: array[0..1] of ULONG;
225.     PageFilePagesWritten: ULONG;
226.     PageFilePageWriteIos: ULONG;
227.     MappedFilePagesWritten: ULONG;
228.     MappedFilePageWriteIos: ULONG;
229.     PagedPoolUsage: ULONG;
230.     NonPagedPoolUsage: ULONG;
231.     PagedPoolAllocs: ULONG;
232.     PagedPoolFrees: ULONG;
233.     NonPagedPoolAllocs: ULONG;
234.     NonPagedPoolFrees: ULONG;
235.     TotalFreeSystemPtes: ULONG;
236.     SystemCodePage: ULONG;
237.     TotalSystemDriverPages: ULONG;
238.     TotalSystemCodePages: ULONG;
239.     SmallNonPagedLookasideListAllocateHits: ULONG;
240.     SmallPagedLookasideListAllocateHits: ULONG;
241.     Reserved3: ULONG;
242.     MMSystemCachePage: ULONG;
243.     PagedPoolPage: ULONG;
244.     SystemDriverPage: ULONG;
245.     FastReadNoWait: ULONG;
246.     FastReadWait: ULONG;
247.     FastReadResourceMiss: ULONG;
248.     FastReadNonPossible: ULONG;
249.     FastMdlReadNoWait: ULONG;
250.     FastMdlReadWait: ULONG;
251.     FastMdlReadResourceMiss: ULONG;
252.     FastMdlReadNonPossible: ULONG;
253.     MapDataNoWait: ULONG;
254.     MapDataWait: ULONG;
255.     MapDataNoWaitMiss: ULONG;
256.     MapDataWaitMiss: ULONG;
257.     PinMappedDataCount: ULONG;
258.     PinReadNoWait: ULONG;
259.     PinReadWait: ULONG;
260.     PinReadNoWaitMiss: ULONG;
261.     PinReadWaitMiss: ULONG;
262.     CopyReadNoWait: ULONG;
263.     CopyReadWait: ULONG;
264.     CopyReadNoWaitMiss: ULONG;
265.     CopyReadWaitMiss: ULONG;
266.     MdlReadNoWait: ULONG;
267.     MdlReadWait: ULONG;
268.     MdlReadNoWaitMiss: ULONG;
269.     MdlReadWaitMiss: ULONG;
270.     ReadAheadIos: ULONG;
271.     LazyWriteIos: ULONG;
272.     LazyWritePages: ULONG;
273.     DataFlushes: ULONG;
274.     DataPages: ULONG;
275.     ContextSwitches: ULONG;
276.     FirstLevelTbFills: ULONG;
277.     SecondlevelTbFills: ULONG;
278.     SystemCalls: ULONG;
279.   end;
280.   PSYSTEM_PERFORMANCE_INFORMATION = ^SYSTEM_PERFORMANCE_INFORMATION;
281. { Èíôîðìàöèÿ î òåêóùåì âðåìåíè è ÷àñîâîì ïîÿñå }
282.   SYSTEM_TIME_OF_DAY_INFORMATION = packed record
283.     BootTime: LARGE_INTEGER;
284.     CurrentTime: LARGE_INTEGER;
285.     TimeZoneBias: LARGE_INTEGER;
286.     CurrentTimeZoneId: ULONG;
287.     Reserved: ULONG;
288.   end;
289.   PSYSTEM_TIME_OF_DAY_INFORMATION = ^SYSTEM_TIME_OF_DAY_INFORMATION;
290. { Èíôîðìàöèÿ î ïðîöåññàõ è ïîòîêàõ }
291.   THREAD_STATE = Integer;
292.  
293.   KWAIT_REASON = Integer;
294.  
295.   KPRIORITY = Integer;
296.  
297.   POOL_TYPE = Integer;
298.  
299.   { Îïèñàíèå ïîòîêà }
300.   SYSTEM_THREADS = packed record
301.     KernelTime: LARGE_INTEGER;
302.     UserTime: LARGE_INTEGER;
303.     CreateTime: LARGE_INTEGER;
304.     WaitTime: ULONG;
305.     StartAddress: PVOID;
306.     ClientId: CLIENT_ID;
307.     Priority: KPRIORITY;
308.     BasePriority: KPRIORITY;
309.     ContextSwitchCount: ULONG;
310.     State: THREAD_STATE;
311.     WaitReason: KWAIT_REASON;
312.     Reserved: ULONG;
313.   end;
314.  
315.   SYSTEM_THREADS_ARRAY = array[0..1024] of SYSTEM_THREADS;
316.   PSYSTEM_THREADS_ARRAY = ^SYSTEM_THREADS_ARRAY;
317.  
318.   { Ñ÷åò÷èêè âèðòóàëüíîé ïàìÿòè }
319.   VM_COUNTERS = packed record
320.     PeakVirtualSize: ULONG;
321.     VirtualSize: ULONG;
322.     PageFaultCount: ULONG;
323.     PeakWorkingSetSize: ULONG;
324.     WorkingSetSize: ULONG;
325.     QuotaPeakPagedPoolUsage: ULONG;
326.     QuotaPagedPoolUsage: ULONG;
327.     QuotaPeakNonPagedPoolUsage: ULONG;
328.     QuotaNonPagedPoolUsage: ULONG;
329.     PageFileUsage: ULONG;
330.     PeakPageFileUsage: ULONG;
331.   end;
332.  
333.   {Ñ÷åò÷èêè ââîäà-âûâîäà. Ýòà ñòðóêòóðà ñóùåñòâóåò òîëüêî â Windows 2000 è âûøå}
334.   IO_COUNTERS = packed record
335.     ReadOperationCount: LARGE_INTEGER;
336.     WriteOperationCount: LARGE_INTEGER;
337.     OtherOperationCount: LARGE_INTEGER;
338.     ReadTransferCount: LARGE_INTEGER;
339.     WriteTransferCount: LARGE_INTEGER;
340.     OtherTransferCount: LARGE_INTEGER;
341.   end;
342.  
343.   { Èíôîðìàöèÿ î ïðîöåññå äëÿ Windows 2000 è âûøå }
344.   SYSTEM_PROCESSES_NT2000 = packed record
345.     NextEntryDelta: ULONG;
346.     ThreadCount: ULONG;
347.     Reserved1: array[0..5] of ULONG;
348.     CreateTime: LARGE_INTEGER;
349.     UserTime: LARGE_INTEGER;
350.     KernelTime: LARGE_INTEGER;
351.     ProcessName: UNICODE_STRING;
352.     BasePriority: KPRIORITY;
353.     ProcessId: ULONG;
354.     InheritedFromProcessId: ULONG;
355.     HandleCount: ULONG;
356.     Reserved2: array[0..1] of ULONG;
357.     VmCounters: VM_COUNTERS;
358.     PrivatePageCount: ULONG;
359.     IoCounters: IO_COUNTERS;
360. //    Threads : array[0..0] of SYSTEM_THREADS;
361.   end;
362.   PSYSTEM_PROCESSES_NT2000 = ^SYSTEM_PROCESSES_NT2000;
363.  
364.   { Èíôîðìàöèÿ î ïðîöåññå äëÿ Windows NT 4 (îòëè÷àåòñÿ îò àíàëîãè÷íîé ñòðóêòóðû
365.     äëÿ Windows 2000 îòñóòñòâèåì IoCounters) }
366.   SYSTEM_PROCESSES_NT4 = packed record
367.     NextEntryDelta: ULONG;
368.     ThreadCount: ULONG;
369.     Reserved1: array[0..5] of ULONG;
370.     CreateTime: LARGE_INTEGER;
371.     UserTime: LARGE_INTEGER;
372.     KernelTime: LARGE_INTEGER;
373.     ProcessName: UNICODE_STRING;
374.     BasePriority: KPRIORITY;
375.     ProcessId: ULONG;
376.     InheritedFromProcessId: ULONG;
377.     HandleCount: ULONG;
378.     Reserved2: array[0..1] of ULONG;
379.     VmCounters: VM_COUNTERS;
380.     PrivatePageCount: ULONG;
381.   end;
382.   PSYSTEM_PROCESSES_NT4 = ^SYSTEM_PROCESSES_NT4;
383.   { Èíôîðìàöèÿ î êîëè÷åñòâå ñèñòåìíûõ âûçîâîâ (òîëüêî äëÿ êîíòðîëüíîé âåðñèè
384.     ÿäðà }
385.   SYSTEM_CALLS_INFORMATION = packed record
386.     Size: ULONG;
387.     NumberOfDescriprorTables: ULONG;
388.     NumberOfRoutinesInTable: array[0..0] of ULONG;
389.     //CallCounts : array[0..] of ULONG;
390.   end;
391.   PSYSTEM_CALLS_INFORMATION = ^SYSTEM_CALLS_INFORMATION;
392.   { Èíôîðìàöèÿ îá àïïàðàòíîé êîíôèãóðàöèè ñèñòåìû }
393.   SYSTEM_CONFIGURATION_INFORMATION = packed record
394.     DiskCount: ULONG;
395.     FloppyCount: ULONG;
396.     CdRomCount: ULONG;
397.     TapeCount: ULONG;
398.     SerialCount: ULONG;
399.     ParallelCount: ULONG;
400.   end;
401.   PSYSTEM_CONFIGURATION_INFORMATION = ^SYSTEM_CONFIGURATION_INFORMATION;
402.   { Èíôîðìàöèÿ î âðåìåíè ðàáîòû ïðîöåññîðà â ðàçëè÷íûõ ðåæèìàõ. Äëÿ êàæäîãî
403.     ïðîöåññîðà â ñèñòåìå âîçâðàùàåòñÿ ïî ñòðóêòóðå }
404.   SYSTEM_PROCESSOR_TIMES = packed record
405.     IdleTime: LARGE_INTEGER;
406.     KernelTime: LARGE_INTEGER;
407.     UserTime: LARGE_INTEGER;
408.     DpcTime: LARGE_INTEGER;
409.     InterruptTime: LARGE_INTEGER;
410.     InterruptCount: ULONG;
411.   end;
412.   PSYSTEM_PROCESSOR_TIMES = ^SYSTEM_PROCESSOR_TIMES;
413.   { Èíôîðìàöèÿ î ãëîáàëüíûõ íàñòðîéêàõ ñèñòåìû }
414.   SYSTEM_GLOBAL_FLAG = packed record
415.     GlobalFlag: ULONG;
416.   end;
417.   PSYSTEM_GLOBAL_FLAG = ^SYSTEM_GLOBAL_FLAG;
418.   { Èíôîðìàöèÿ î çàãðóæåííûõ ìîäóëÿõ ðåæèìà ÿäðà }
419.   SYSTEM_MODULE_INFORMATION = packed record
420.     Reserved: array[0..1] of ULONG;
421.     Base: PVOID;
422.     Size: ULONG;
423.     Flags: ULONG;
424.     Index: USHORT;
425.     Unknown: USHORT;
426.     LoadCount: USHORT;
427.     ModuleNameOffset: USHORT;
428.     ImageName: array[0..255] of char; { ANSI }
429.   end;
430.   PSYSTEM_MODULE_INFORMATION = ^SYSTEM_MODULE_INFORMATION;
431.   SYSTEM_MODULE_INFORMATION_ARRAY = array[0..16384] of
432.     SYSTEM_MODULE_INFORMATION;
433.   { Ìàññèâ èíôîðìàöèè äëÿ êëàññà SystemModuleInformation }
434.   SYSTEM_MODULES_INFORMATION = packed record
435.     Count: ULONG;
436.     Data: SYSTEM_MODULE_INFORMATION_ARRAY;
437.   end;
438.   PSYSTEM_MODULES_INFORMATION = ^SYSTEM_MODULES_INFORMATION;
439.  
440.   { Èíôîðìàöèÿ î áëîêèðîâêàõ ñèñòåìû }
441.   SYSTEM_LOCK_INFORMATION = packed record
442.     Address: PVOID;
443.     FType: USHORT;
444.     Reserved1: USHORT;
445.     ExclusiveOwnerThread: ULONG;
446.     ActiveCount: ULONG;
447.     ContentionCount: ULONG;
448.     Reserved2: array[0..1] of ULONG;
449.     NumberOfSharedWaiters: ULONG;
450.     NumberOfExclusiveWaiters: ULONG;
451.   end;
452.   PSYSTEM_LOCK_INFORMATION = ^SYSTEM_LOCK_INFORMATION;
453.   SYSTEM_LOCK_INFORMATION_ARRAY = array[0..16384] of SYSTEM_LOCK_INFORMATION;
454.   { Ìàññèâ èíôîðìàöèè äëÿ êëàññà SystemLockInformation }
455.   SYSTEM_LOCKS_INFORMATION = packed record
456.     Count: ULONG;
457.     Data: SYSTEM_LOCK_INFORMATION_ARRAY;
458.   end;
459.   PSYSTEM_LOCKS_INFORMATION = ^SYSTEM_LOCKS_INFORMATION;
460.  
461. { Èíôîðìàöèÿ î äåñêðèïòîðå }
462.   SYSTEM_HANDLE_INFORMATION = packed record
463.     PID: ULONG;        { Èäåíòèôèêàòîð ïðîöåññà, âëàäåþùåãî äàííûì äåñêðèïòîðîì }
464.     ObjectType: UCHAR; { Òèï îáúåêòà, èäåíòèôèöèðóåìîãî äàííûì äåñêðèïòîðîì }
465.     Flags: UCHAR;      { Ôëàãè äåñêðèïòîðà }
466.     Handle: USHORT;    { Çíà÷åíèå äåñêðèïòîðà }
467.     FObject: PVOID;    { Àäðåñ îáúåêòà, èäåíòèôèöèðóåìîãî äàííûì äåñêðèïòîðîì }
468.     GrantedAccess: ACCESS_MASK; { Ñòåïåíü äîñòóïà ê îáúåêòó, ïðåäîñòàâëåííàÿ
469.                                    â ìîìåíò ñîçäàíèÿ äàííîãî äåñêðèïòîðà }
470.   end;
471.   PSYSTEM_HANDLE_INFORMATION = ^SYSTEM_HANDLE_INFORMATION;
472.   SYSTEM_HANDLE_INFORMATION_ARRAY = array[0..16384] of SYSTEM_HANDLE_INFORMATION;
473.   { Ìàññèâ èíôîðìàöèè äëÿ êëàññà SystemHandleInformation }
474.   SYSTEM_HANDLES_INFORMATION = packed record
475.     Count: ULONG;
476.     Data: SYSTEM_HANDLE_INFORMATION_ARRAY;
477.   end;
478.   PSYSTEM_HANDLES_INFORMATION = ^SYSTEM_HANDLES_INFORMATION;
479.   { Èíôîðìàöèÿ îá îáúåêòàõ âûäàåòñÿ òîëüêî â òîì ñëó÷àå, åñëè â ñèñòåìå
480.     óñòàíîâëåí ãëîáàëüíûé ôëàã FLG_MAINTAIN_OBJECT_TYPELIST }
481.   { Èíôîðìàöèÿ îá îáúåêòàõ }
482.   SYSTEM_OBJECT_INFORMATION = packed record
483.     NextEntryOffset: ULONG;
484.     ObjectAddress: PVOID;
485.     CreatorProcessId: ULONG;
486.     Unknown: USHORT;
487.     Flags: USHORT;
488.     PointerCount: ULONG;
489.     HandleCount: ULONG;
490.     PagedPoolUsage: ULONG;
491.     NonPagedPoolUsage: ULONG;
492.     ExclusiveProcessId: ULONG;
493.     SecurityDescriptor: PSECURITY_DESCRIPTOR;
494.     Name: UNICODE_STRING;
495.   end;
496.   PSYSTEM_OBJECT_INFORMATION = ^SYSTEM_OBJECT_INFORMATION;
497.   SYSTEM_OBJECT_INFORMATION_ARRAY = array[0..16384] of
498.                                     SYSTEM_OBJECT_INFORMATION;
499.   PSYSTEM_OBJECT_INFORMATION_ARRAY = ^SYSTEM_OBJECT_INFORMATION_ARRAY;
500.  
501.   { Èíôîðìàöèÿ î  òèïå îáúåêòà }
502.   SYSTEM_OBJECT_TYPE_INFORMATION = packed record
503.     NextEntryOffset: ULONG;
504.     ObjectCount: ULONG;
505.     HandleCount: ULONG;
506.     TypeNumber: ULONG;
507.     InvalidAttributes: ULONG;
508.     GenericMapping: GENERIC_MAPPING;
509.     ValidAccessMask: ACCESS_MASK;
510.     PoolType: POOL_TYPE;
511.     { Ñâåí Øðàéáåð. Íåááåò ïðåäïîëàãàåò òîëüêî íàëè÷èå ïîëÿ Unknown : UCHAR }
512.     SecurityRequired: UCHAR;
513.     Unknown: UCHAR;
514.     UnknownW: USHORT;
515.     Name: UNICODE_STRING;
516.     //Objects : SYSTEM_OBJECT_INFORMATION_ARRAY;
517.   end;
518.   PSYSTEM_OBJECT_TYPE_INFORMATION = ^SYSTEM_OBJECT_TYPE_INFORMATION;
519.   { Èíôîðìàöèÿ î ôàéëàõ ïîäêà÷êè }
520.   SYSTEM_PAGEFILE_INFORMATION = packed record
521.     NextEntryOffset: ULONG;
522.     CurrentSize: ULONG;
523.     TotalUsed: ULONG;
524.     PeakUsed: ULONG;
525.     FileName: UNICODE_STRING;
526.   end;
527.   PSYSTEM_PAGEFILE_INFORMATION = ^SYSTEM_PAGEFILE_INFORMATION;
528.   { Èíôîðìàöèÿ îá ýìóëÿöèè êîìàíä âèðòóàëüíîé ìàøèíîé ÄÎÑ }
529.   SYSTEM_INSTRUCTION_EMULATION_INFORMATION = packed record
530.     SegmentNotPresent: ULONG;
531.     TwoByteOpcode: ULONG;
532.     ESPrefix: ULONG;
533.     CSPrefix: ULONG;
534.     SSPrefix: ULONG;
535.     DSPrefix: ULONG;
536.     FSPrefix: ULONG;
537.     GSPrefix: ULONG;
538.     OPER32Prefix: ULONG;
539.     ADDR32Prefix: ULONG;
540.     INSB: ULONG;
541.     INSW: ULONG;
542.     OUTSB: ULONG;
543.     OUTSW: ULONG;
544.     PUSHFD: ULONG;
545.     POPFD: ULONG;
546.     INTnn: ULONG;
547.     INTO: ULONG;
548.     IRETD: ULONG;
549.     INBimm: ULONG;
550.     INWimm: ULONG;
551.     OUTBimm: ULONG;
552.     OUTWimm: ULONG;
553.     INB: ULONG;
554.     INW: ULONG;
555.     OUTB: ULONG;
556.     OUTW: ULONG;
557.     LOCKPrefix: ULONG;
558.     REPNEPrefix: ULONG;
559.     REPPrefix: ULONG;
560.     HLT: ULONG;
561.     CLI: ULONG;
562.     STI: ULONG;
563.     GenericInvalidOpcode: ULONG;
564.   end;
565.   PSYSTEM_INSTRUCTION_EMULATION_INFORMATION =
566.     ^SYSTEM_INSTRUCTION_EMULATION_INFORMATION;
567.   { Èíôîðìàöèÿ î ðàáî÷åì íàáîðå ñèñòåìû }
568.   SYSTEM_CACHE_INFORMATION = packed record
569.     SystemCacheWsSize: ULONG;
570.     SystemCacheWsPeakSize: ULONG;
571.     SystemCacheWsFaults: ULONG;
572.     SystemCacheWsMinimum: ULONG;
573.     SystemCacheWsMaximum: ULONG;
574.     TransitionSharedPages: ULONG;
575.     TransitionSharedPagesPeak: ULONG;
576.     Reserved: array[0..1] of ULONG;
577.   end;
578.   PSYSTEM_CACHE_INFORMATION = ^SYSTEM_CACHE_INFORMATION;
579.   { Èíôîðìàöèÿ îá èñïîëüçîâàíèè ïàìÿòè ñ âêëþ÷åííûìè òåãàìè }
580.   SYSTEM_POOL_TAG_INFORMATION = packed record
581.     Tag: array[0..3] of Char;
582.     PagedPoolAllocs: ULONG;
583.     PagedPoolFrees: ULONG;
584.     PagedPoolUsage: ULONG;
585.     NonPagedPoolAllocs: ULONG;
586.     NonPagedPoolFrees: ULONG;
587.     NonPagedPoolUsage: ULONG;
588.   end;
589.   PSYSTEM_POOL_TAG_INFORMATION = ^SYSTEM_POOL_TAG_INFORMATION;
590.   SYSTEM_POOL_TAG_INFORMATION_ARRAY = array[0..16384] of
591.     SYSTEM_POOL_TAG_INFORMATION;
592.   { Ìàññèâ èíôîðìàöèè äëÿ êëàññà SystemPoolTagInformation }
593.   SYSTEM_POOL_TAGS_INFORMATION = packed record
594.     Count: ULONG;
595.     Data: SYSTEM_POOL_TAG_INFORMATION_ARRAY;
596.   end;
597.   { Èíôîðìàöèÿ î ñòàòèñòèêå èñïîëüçîâàíèÿ ïðîöåññîðà ñèñòåìîé }
598.   { Â ýòîì èíôîðìàöèîííîì êëàññå âîçâðàùàåòñÿ ìàññèâ ñòðóêòóð, ðàçìåð ìàññèâà
599.     ðàâåí ÷èñëó ïðîöåññîðîâ â ñèñòåìå }
600.   SYSTEM_PROCESSOR_STATISTICS = packed record
601.     ContextSwitches: ULONG;
602.     DpcCount: ULONG;
603.     DpcRequestRate: ULONG;
604.     TimeIncrement: ULONG;
605.     DpcBypassCount: ULONG;
606.     ApcBypassCount: ULONG;
607.   end;
608.   PSYSTEM_PROCESSOR_STATISTICS = ^SYSTEM_PROCESSOR_STATISTICS;
609.   { Èíôîðìàöèÿ îá îòëîæåííûõ âûçîâàõ ïðîöåäóð (DPC) }
610.   SYSTEM_DPC_INFORMATION = packed record
611.     Reserved: ULONG;
612.     MaximumDpcQueueDepth: ULONG;
613.     MinimumDpcRate: ULONG;
614.     AdjustDpcThreshold: ULONG;
615.     IdealDpcRate: ULONG;
616.   end;
617.   PSYSTEM_DPC_INFORMATION = ^SYSTEM_DPC_INFORMATION;
618.   { Çàãðóçêà äðàéâåðà ðåæèìà ÿäðà. Ýòîò êëàññ èíôîðìàöèè èñïîëüçóåòñÿ òîëüêî ïðè
619.     óñòàíîâêå è ìîæåò áûòü âûçâàí òîëüêî èç ðåæèìà ÿäðà }
620.   SYSTEM_LOAD_IMAGE = packed record
621.     ModuleName: UNICODE_STRING;
622.     ModuleBase: PVOID;
623.     Unknown: PVOID;
624.     EntryPoint: PVOID;
625.     ExportDirectory: PVOID;
626.   end;
627.   PSYSTEM_LOAD_IMAGE = ^SYSTEM_LOAD_IMAGE;
628.   { Âûãðóçêà äðàéâåðà ðåæèìà ÿäðà. Îãðàíè÷åíèÿ òå æå ñàìûå, ÷òî è ïðè çàãðóçêå }
629.   SYSTEM_UNLOAD_IMAGE = packed record
630.     ModuleBase: PVOID;
631.   end;
632.   { Èíôîðìàöèÿ î ðàçðåøåíèè ñèñòåìíîãî òàéìåðà }
633.   SYSTEM_TIME_ADJUSTMENT = packed record
634.     TimeAdjustment: ULONG;
635.     MaximumIncrement: ULONG;
636.     TimeSynchronization: BOOLEAN;
637.     Filler: array[0..2] of Char;
638.   end;
639.   PSYSTEM_TIME_ADJUSTMENT = ^SYSTEM_TIME_ADJUSTMENT;
640.   { Èíôîðìàöèÿ î äàìïå àâàðèéíîãî çàâåðøåíèÿ }
641.   SYSTEM_CRASH_DUMP_INFORMATION_NT2000 = packed record
642.     CrashDumpSectionHandle: THandle;
643.     Unknown: THandle; //Òîëüêî â Windows 2000
644.   end;
645.   PSYSTEM_CRASH_DUMP_INFORMATION_NT2000 = ^SYSTEM_CRASH_DUMP_INFORMATION_NT2000;
646.   { Èíôîðìàöèÿ î äàìïå àâàðèéíîãî çàâåðøåíèÿ äëÿ Windows NT4 }
647.   SYSTEM_CRASH_DUMP_INFORMATION_NT4 = packed record
648.     CrashDumpSectionHandle: THandle;
649.   end;
650.   PSYSTEM_CRASH_DUMP_INFORMATION_NT4 = ^SYSTEM_CRASH_DUMP_INFORMATION_NT4;
651.   { Èíôîðìàöèÿ îá èñêëþ÷åíèÿõ }
652.   SYSTEM_EXCEPTION_INFORMATION = packed record
653.     AlignmentFixupCount: ULONG;
654.     ExceptionDispatchCount: ULONG;
655.     FloatingEmulationCount: ULONG;
656.     ByteWordEmulationCount: ULONG;
657.   end;
658.   PSYSTEM_EXCEPTION_INFORMATION = ^SYSTEM_EXCEPTION_INFORMATION;
659.   { Èíôîðìàöèÿ î ñîñòîÿíèè äàìïà àâàðèéíîãî çàâåðøåíèÿ }
660.   SYSTEM_CRASH_DUMP_STATE_INFORMATION_NT2000 = packed record
661.     CrashDumpSectionExists: ULONG;
662.     Unknown: ULONG; //Òîëüêî â Windows 2000
663.   end;
664.   PSYSTEM_CRASH_DUMP_STATE_INFORMATION_NT2000 =
665.     ^SYSTEM_CRASH_DUMP_STATE_INFORMATION_NT2000;
666.   { Èíôîðìàöèÿ î ñîñòîÿíèè äàìïà àâàðèéíîãî çàâåðøåíèÿ äëÿ Windows NT4 }
667.   SYSTEM_CRASH_DUMP_STATE_INFORMATION_NT4 = packed record
668.     CrashDumpSectionExists: ULONG;
669.   end;
670.   PSYSTEM_CRASH_DUMP_STATE_INFORMATION_NT4 =
671.     ^SYSTEM_CRASH_DUMP_STATE_INFORMATION_NT4;
672.   { Èíôîðìàöèÿ îá îòëàä÷èêå ÿäðà }
673.   SYSTEM_KERNEL_DEBUGGER_INFORMATION = packed record
674.     DebuggerEnabled: BOOLEAN;
675.     DebuggerNotPresent: BOOLEAN;
676.   end;
677.   PSYSTEM_KERNEL_DEBUGGER_INFORMATION = ^SYSTEM_KERNEL_DEBUGGER_INFORMATION;
678.   { Èíôîðìàöèÿ î ñ÷åò÷èêàõ ïåðåêëþ÷åíèÿ êîíòåêñòà }
679.   SYSTEM_CONTEXT_SWITCH_INFORMATION = packed record
680.     ContextSwitches: ULONG;
681.     ContextSwitchCounters: array [0..10] of ULONG;
682.   end;
683.   PSYSTEM_CONTEXT_SWITCH_INFORMATION = ^SYSTEM_CONTEXT_SWITCH_INFORMATION;
684.   { Èíôîðìàöèÿ î êâîòàõ ðååñòðà â âûãðóæàåìîì ïóëå }
685.   SYSTEM_REGISTRY_QUOTA_INFORMATION = packed record
686.     RegistryQuota: ULONG;
687.     RegistryQuotaInUse: ULONG;
688.     PagedPoolSize: ULONG;
689.   end;
690.   PSYSTEM_REGISTRY_QUOTA_INFORMATION = ^SYSTEM_REGISTRY_QUOTA_INFORMATION;
691.   { Çàãðóçêà è âûçîâ äðàéâåðà ðåæèìà ÿäðà. Îãðàíè÷åíèÿ òå æå ñàìûå, ÷òî è äëÿ
692.     çàãðóçêè }
693.   SYSTEM_LOAD_AND_CALL_IMAGE = packed record
694.     ModuleName: UNICODE_STRING;
695.   end;
696.   PSYSTEM_LOAD_AND_CALL_IMAGE = ^SYSTEM_LOAD_AND_CALL_IMAGE;
697.   { Èíôîðìàöèÿ î ïëàíîâûõ ïåðèîäàõ âûïîëíåíèÿ ïðèîðèòåòíîãî ïðèëîæåíèÿ }
698.   SYSTEM_PRIORITY_SEPARATION = packed record
699.     PrioritySeparation: ULONG;
700.   end;
701.   PSYSTEM_PRIORITY_SEPARATION = ^SYSTEM_PRIORITY_SEPARATION;
702.   { Èíôîðìàöèÿ î âðåìåííîé çîíå }
703.   SYSTEM_TIME_ZONE_INFORMATION = packed record
704.     Bias: LongInt;
705.     StandardName: array[0..31] of WideChar;
706.     StandardDate: TIME_FIELDS;
707.     StandardBias: LongInt;
708.     DayLightName: array[0..31] of WideChar;
709.     DayLightDate: TIME_FIELDS;
710.     DayLightBias: LongInt;
711.   end;
712.   PSYSTEM_TIME_ZONE_INFORMATION = ^SYSTEM_TIME_ZONE_INFORMATION;
713.   { Èíôîðìàöèÿ îá àññîöèàòèâíûõ ñïèñêàõ. Èíôîðìàöèÿ ýòîãî êëàññà äîñòóïíà òîëüêî
714.     â ðåæèìå ÿäðà (???) }
715.   SYSTEM_LOOKASIDE_INFORMATION = packed record
716.     Depth: USHORT;
717.     MaximumDepth: USHORT;
718.     TotalAllocates: ULONG;
719.     AllocateMisses: ULONG;
720.     TotalFrees: ULONG;
721.     FreeMisses: ULONG;
722.     PoolType: POOL_TYPE;
723.     Tag: ULONG;
724.     Size: ULONG;
725.   end;
726.   PSYSTEM_LOOKASIDE_INFORMATION = ^SYSTEM_LOOKASIDE_INFORMATION;
727.   { Èíôîðìàöèÿ î îøèáêå âðåìåíè. Èíôîðìàöèîííûé êëàññ SystemSetTimeSlipEvent
728.     äîïñêàåò òîëüêî óñòàíîâêó. }
729.   SYSTEM_SET_TIME_SLIP_EVENT = packed record
730.     TimeSlipEvent: THandle;
731.   end;
732.   PSYSTEM_SET_TIME_SLIP_EVENT = ^SYSTEM_SET_TIME_SLIP_EVENT;
733.   { Ñîçäàíèå ñåàíñà Terminal Services. Äîïóñêàåò òîëüêî óñòàíîâêó }
734.   SYSTEM_CREATE_SESSION = packed record
735.     SessionId: ULONG;
736.   end;
737.   PSYSTEM_CREATE_SESSION = ^SYSTEM_CREATE_SESSION;
738.   { Óäàëåíèå ñåàíñà Terminal Services. Äîïóñêàåò òîëüêî óñòàíîâêó }
739.   SYSTEM_DELETE_SESSION = packed record
740.     SessionId: ULONG;
741.   end;
742.   PSYSTEM_DELETE_SESSION = ^SYSTEM_DELETE_SESSION;
743.   { Èíôîðìàöèÿ î áàçîâîì àäðåñå ÿäðà }
744.   SYSTEM_RANGE_START_INFORMATION = packed record
745.     SystemRangeStart: PVOID;
746.   end;
747.   PSYSTEM_RANGE_START_INFORMATION = ^SYSTEM_RANGE_START_INFORMATION;
748.   { Èíôîðìàöèÿ ñåàíñà }
749.   SYSTEM_SESSION_INFORMATION = packed record
750.     SessionId: ULONG;
751.     BufferSize: ULONG;
752.     Buffer: PVOID;
753.   end;
754.   PSYSTEM_SESSION_INFORMATION = ^SYSTEM_SESSION_INFORMATION;
755.   { Èíôîðìàöèÿ î ïðîöåññàõ ñåàíñà }
756.   SYSTEM_SESSION_PROCESSES_INFORMATION = SYSTEM_SESSION_INFORMATION;
757.   PSYSTEM_SESSION_PROCESSES_INFORMATION = ^SYSTEM_SESSION_PROCESSES_INFORMATION;
758.   { Èíôîðìàöèÿ î ïðåäâàðèòåëüíîé çàãðóçêå }
759.   SYSTEM_PREFETCHER_INFORMATION = packed record
760.     Code: ULONG;
761.     Magic: ULONG;
762.     Unknown: ULONG;
763.     AddData: PVOID;
764.     AddDataSize: ULONG;
765.   end;
766.   PSYSTEM_PREFETCHER_INFORMATION = ^SYSTEM_PREFETCHER_INFORMATION;
767.  
768. { NtQueryVolumeInformation }
769.  
770.  { Îáùàÿ èíôîðìàöèÿ î òîìå (èíôîðìàöèîííûé êëàññ FileFsVolumeInformation) }
771.   FILE_FS_VOLUME_INFORMATION = packed record
772.     VolumeCreationTime: TLargeInteger;
773.     VolumeSerialNumber: ULONG;
774.     VolumeNameLength: ULONG;
775.     Unknown: UCHAR;
776.     VolumeName: array[0..0] of WideChar;
777.   end;
778.   PFILE_FS_VOLUME_INFORMATION = ^FILE_FS_VOLUME_INFORMATION;
779.  { Èíôîðìàöèÿ î êâîòàõ òîìà (èíôîðìàöèîííûé êëàññ FileFsControlInformation) }
780.  { !!! Âíèìàíèå !!! Çàïèñü äîëæíà áûòü âûðîâíåíà ïî ãðàíèöå äâîéíîãî ñëîâà
781.    â ïðîòèâíîì ñëó÷àå ôóíêöèÿ âîçâðàùàåò STATUS_DATATYPE_MISALIGNMENT }
782.   FILE_FS_CONTROL_INFORMATION = record
783.     Reserved: array[0..2] of TLargeInteger;
784.     DefaultQuotaThreshold: TLargeInteger;
785.     DefaultQuotaLimit: TLargeInteger;
786.     QuotaFlags: ULONG;
787.     Reserved2: ULONG;   { Íåááåò íå óïîìèíàåò ýòî ïîëå, èëè îíî òîëüêî äëÿ XP
788.                            èëè Íåááåò îøèáñÿ ñ âûðàâíèâàíèåì }
789.   end;
790.   PFILE_FS_CONTROL_INFORMATION = ^FILE_FS_CONTROL_INFORMATION;
791.  
792. { NtQueryInformationFile }
793.  
794. //Èíôîðìàöèÿ î ôàéëå:
795. type
796.   TFileBasicInformation = record
797.     CreationTime: LARGE_INTEGER;
798.     LastAccessTime: LARGE_INTEGER;
799.     LastWriteTime: LARGE_INTEGER;
800.     ChangeTime: LARGE_INTEGER;
801.     FileAttributes: ULONG;
802.   end;
803.   FILE_BASIC_INFORMATION = TFileBasicInformation;
804.   PFileBasicInformation = ^TFileBasicInformation;
805.   PFILE_BASIC_INFORMATION = ^TFileBasicInformation;
806.  
807.   TFileStandardInformation = packed record
808.     AllocationSize: LARGE_INTEGER;
809.     EndOfFile: LARGE_INTEGER;
810.     NumberOfLinks: ULONG;
811.     DeletePending: Boolean;
812.     Directory: Boolean;
813.   end;
814.   FILE_STANDARD_INFORMATION = TFileStandardInformation;
815.   PFileStandardInformation = ^TFileStandardInformation;
816.  
817.   TFilePositionInformation = record
818.     CurrentByteOffset: LARGE_INTEGER;
819.   end;
820.   FILE_POSITION_INFORMATION = TFilePositionInformation;
821.   PFilePositionInformation = ^TFilePositionInformation;
822.  
823.   TFileAlignmentInformation = record
824.     AlignmentRequirement: ULONG;
825.   end;
826.   FILE_ALIGNMENT_INFORMATION = TFileAlignmentInformation;
827.   PFileAlignmentInformation = ^TFileAlignmentInformation;
828.  
829.   TFileNameInformation = packed record
830.     FileNameLength: ULONG;
831.     FileName: array[0..0] of WideChar;
832.   end;
833.   FILE_NAME_INFORMATION = TFileNameInformation;
834.   PFileNameInformation = ^TFileNameInformation;
835.  
836.   TFileNetworkOpenInformation = record
837.     CreationTime: LARGE_INTEGER;
838.     LastAccessTime: LARGE_INTEGER;
839.     LastWriteTime: LARGE_INTEGER;
840.     ChangeTime: LARGE_INTEGER;
841.     AllocationSize: LARGE_INTEGER;
842.     EndOfFile: LARGE_INTEGER;
843.     FileAttributes: ULONG;
844.   end;
845.   FILE_NETWORK_OPEN_INFORMATION = TFileNetworkOpenInformation;
846.   PFileNetworkOpenInformation = ^TFileNetworkOpenInformation;
847.   PFULL_FILE_ATTRIBUTES = PFileNetworkOpenInformation;
848.  
849.   TFileAttributeTagInformation = packed record
850.     FileAttributes: ULONG;
851.     ReparseTag: ULONG;
852.   end;
853.   FILE_ATTRIBUTE_TAG_INFORMATION = TFileAttributeTagInformation;
854.   PFileAttributeTagInformation = ^TFileAttributeTagInformation;
855.  
856.   TFileDispositionInformation = packed record
857.     DeleteFile: Boolean;
858.   end;
859.   FILE_DISPOSITION_INFORMATION = TFileDispositionInformation;
860.   PFileDispositionInformation = ^TFileDispositionInformation;
861.  
862.   TFileEndOfFileInformation = record
863.     EndOfFile: LARGE_INTEGER;
864.   end;
865.   FILE_END_OF_FILE_INFORMATION = TFileEndOfFileInformation;
866.   PFileEndOfFileInformation = ^TFileEndOfFileInformation;
867.  
868.   TFileFullEAIinformation = packed record
869.     NextEntryOffset: ULONG;
870.     Flags: Byte;
871.     EaNameLength: Byte;
872.     EaValueLength: Word;
873.     EaName: array[0..0] of Char;
874.   end;
875.   FILE_FULL_EA_INFORMATION = TFileFullEAIinformation;
876.   PFileFullEAIinformation = ^TFileFullEAIinformation;
877.  
878.   TFileDirectoryInformation = packed record
879.     NextEntryOffset: ULONG;
880.     FileIndex: ULONG;
881.     CreationTime: LARGE_INTEGER;
882.     LastAccessTime: LARGE_INTEGER;
883.     LastWriteTime: LARGE_INTEGER;
884.     ChangeTime: LARGE_INTEGER;
885.     EndOfFile: LARGE_INTEGER;
886.     AllocationSize: LARGE_INTEGER;
887.     FileAttributes: ULONG;
888.     FileNameLength: ULONG;
889.     FileName: array[0..0] of WideChar;
890.   end;
891.   FILE_DIRECTORY_INFORMATION = TFileDirectoryInformation;
892.   PFileDirectoryInformation = ^TFileDirectoryInformation;
893.   PFILE_DIRECTORY_INFORMATION = PFileDirectoryInformation;
894. //
895. // ×òåíèå/çàïèñü ôàéëà "âðàçáðîñ"
896. //
897.   FILE_SEGMENT_ELEMENT = packed record
898.     Alignment: ULONGLONG;
899.   end;
900.   PFILE_SEGMENT_ELEMENT = ^FILE_SEGMENT_ELEMENT;
901.  
902. //
903. // Îáúåêò "Ñåêöèÿ" (Section)
904. //
905.   SECTION_INHERIT = Integer;
906. const
907.   ViewShare = 1;
908.   ViewUnmap = 2;
909.  
910. //-------------------------------------------------------------
911. // Define the file attributes values
912. //
913. // Note:  0x00000008 is reserved for use for the old DOS VOLID (volume ID)
914. //        and is therefore not considered valid in NT.
915. //
916. // Note:  0x00000010 is reserved for use for the old DOS SUBDIRECTORY flag
917. //        and is therefore not considered valid in NT.  This flag has
918. //        been disassociated with file attributes since the other flags are
919. //        protected with READ_ and WRITE_ATTRIBUTES access to the file.
920. //
921. // Note:  Note also that the order of these flags is set to allow both the
922. //        FAT and the Pinball File Systems to directly set the attributes
923. //        flags in attributes words without having to pick each flag out
924. //        individually.  The order of these flags should not be changed!
925. //
926. const
927.   FILE_ATTRIBUTE_READONLY            = $00000001;
928.   FILE_ATTRIBUTE_HIDDEN              = $00000002;
929.   FILE_ATTRIBUTE_SYSTEM              = $00000004;
930. //OLD DOS VOLID                        $00000008
931.   FILE_ATTRIBUTE_DIRECTORY           = $00000010;
932.   FILE_ATTRIBUTE_ARCHIVE             = $00000020;
933.   FILE_ATTRIBUTE_DEVICE              = $00000040;
934.   FILE_ATTRIBUTE_NORMAL              = $00000080;
935.   FILE_ATTRIBUTE_TEMPORARY           = $00000100;
936.   FILE_ATTRIBUTE_SPARSE_FILE         = $00000200;
937.   FILE_ATTRIBUTE_REPARSE_POINT       = $00000400;
938.   FILE_ATTRIBUTE_COMPRESSED          = $00000800;
939.   FILE_ATTRIBUTE_OFFLINE             = $00001000;
940.   FILE_ATTRIBUTE_NOT_CONTENT_INDEXED = $00002000;
941.   FILE_ATTRIBUTE_ENCRYPTED           = $00004000;
942.   FILE_ATTRIBUTE_VALID_FLAGS     = $00007fb7;
943.   FILE_ATTRIBUTE_VALID_SET_FLAGS = $000031a7;
944.  
945.   FILE_READ_DATA        = $0001; // file & pipe
946.   FILE_LIST_DIRECTORY   = $0001; // directory
947.   FILE_WRITE_DATA       = $0002; // file & pipe
948.   FILE_ADD_FILE         = $0002; // directory
949.   FILE_APPEND_DATA          = $0004; // file
950.   FILE_ADD_SUBDIRECTORY     = $0004; // directory
951.   FILE_CREATE_PIPE_INSTANCE = $0004; // named pipe
952.   FILE_READ_EA              = $0008; // file & directory
953.   FILE_WRITE_EA             = $0010; // file & directory
954.   FILE_EXECUTE              = $0020; // file
955.   FILE_TRAVERSE             = $0020; // directory
956.   FILE_DELETE_CHILD         = $0040; // directory
957.   FILE_READ_ATTRIBUTES      = $0080; // all
958.   FILE_WRITE_ATTRIBUTES     = $0100; // all
959.   FILE_ALL_ACCESS      = STANDARD_RIGHTS_REQUIRED or SYNCHRONIZE or $01FF;
960.   FILE_GENERIC_READ    = STANDARD_RIGHTS_READ or FILE_READ_DATA or
961.     FILE_READ_ATTRIBUTES or FILE_READ_EA or SYNCHRONIZE;
962.   FILE_GENERIC_WRITE   = STANDARD_RIGHTS_WRITE or FILE_WRITE_DATA or
963.     FILE_WRITE_ATTRIBUTES or FILE_WRITE_EA or FILE_APPEND_DATA or SYNCHRONIZE;
964.   FILE_GENERIC_EXECUTE = STANDARD_RIGHTS_EXECUTE or FILE_READ_ATTRIBUTES or
965.     FILE_EXECUTE or SYNCHRONIZE;
966. // Define the create disposition values
967.   FILE_SUPERSEDE           = $00000000;
968.   FILE_OPEN                = $00000001;
969.   FILE_CREATE              = $00000002;
970.   FILE_OPEN_IF             = $00000003;
971.   FILE_OVERWRITE           = $00000004;
972.   FILE_OVERWRITE_IF        = $00000005;
973.   FILE_MAXIMUM_DISPOSITION = $00000005;
974. // Íàáîð ôëàãîâ äëÿ ïàðàìåòðà CreateOptions
975.   FILE_DIRECTORY_FILE              = $00000001;
976.   FILE_WRITE_THROUGH               = $00000002;
977.   FILE_SEQUENTIAL_ONLY             = $00000004;
978.   FILE_NO_INTERMEDIATE_BUFFERING   = $00000008;
979.   FILE_SYNCHRONOUS_IO_ALERT        = $00000010;
980.   FILE_SYNCHRONOUS_IO_NONALERT     = $00000020;
981.   FILE_NON_DIRECTORY_FILE          = $00000040;
982.   FILE_CREATE_TREE_CONNECTION      = $00000080;
983.   FILE_COMPLETE_IF_OPLOCKED        = $00000100;
984.   FILE_NO_EA_KNOWLEDGE             = $00000200;
985.   FILE_OPEN_FOR_RECOVERY           = $00000400;
986.   FILE_RANDOM_ACCESS               = $00000800;
987.   FILE_DELETE_ON_CLOSE             = $00001000;
988.   FILE_OPEN_BY_FILE_ID             = $00002000;
989.   FILE_OPEN_FOR_BACKUP_INTENT      = $00004000;
990.   FILE_NO_COMPRESSION              = $00008000;
991.   FILE_RESERVE_OPFILTER            = $00100000;
992.   FILE_OPEN_REPARSE_POINT          = $00200000;
993.   FILE_OPEN_NO_RECALL              = $00400000;
994.   FILE_OPEN_FOR_FREE_SPACE_QUERY   = $00800000;
995.   FILE_COPY_STRUCTURED_STORAGE     = $00000041;
996.   FILE_STRUCTURED_STORAGE          = $00000441;
997.   FILE_VALID_OPTION_FLAGS          = $00ffffff;
998.   FILE_VALID_PIPE_OPTION_FLAGS     = $00000032;
999.   FILE_VALID_MAILSLOT_OPTION_FLAGS = $00000032;
1000.   FILE_VALID_SET_FLAGS             = $00000036;
1001.  
1002. { Ñïåöèôè÷åñêèå ïðàâà äëÿ äèñïåò÷åðà îáúåêòîâ }
1003. const
1004.   OBJECT_TYPE_CREATE     = $0001;
1005.   OBJECT_TYPE_ALL_ACCESS = STANDARD_RIGHTS_REQUIRED or OBJECT_TYPE_CREATE;
1006. { Ñïåöèôè÷åñêèå ïðàâà äëÿ îáúåêòà "Ñåêöèÿ" }
1007. const
1008.   SECTION_QUERY       = $0001;
1009.   SECTION_MAP_WRITE   = $0002;
1010.   SECTION_MAP_READ    = $0004;
1011.   SECTION_MAP_EXECUTE = $0008;
1012.   SECTION_EXTEND_SIZE = $0010;
1013.  
1014.   SECTION_ALL_ACCESS  = STANDARD_RIGHTS_REQUIRED or SECTION_QUERY or
1015.     SECTION_MAP_WRITE or SECTION_MAP_READ or SECTION_MAP_EXECUTE or
1016.     SECTION_EXTEND_SIZE;
1017.   SEGMENT_ALL_ACCESS  = SECTION_ALL_ACCESS;
1018.  
1019.   PAGE_NOACCESS          = $01;
1020.   PAGE_READONLY          = $02;
1021.   PAGE_READWRITE         = $04;
1022.   PAGE_WRITECOPY         = $08;
1023.   PAGE_EXECUTE           = $10;
1024.   PAGE_EXECUTE_READ      = $20;
1025.   PAGE_EXECUTE_READWRITE = $40;
1026.   PAGE_EXECUTE_WRITECOPY = $80;
1027.   PAGE_GUARD             = $100;
1028.   PAGE_NOCACHE           = $200;
1029.   PAGE_WRITECOMBINE      = $400;
1030.  
1031.   MEM_COMMIT             = $1000;
1032.   MEM_RESERVE            = $2000;
1033.   MEM_DECOMMIT           = $4000;
1034.   MEM_RELEASE            = $8000;
1035.   MEM_FREE               = $10000;
1036.   MEM_PRIVATE            = $20000;
1037.   MEM_MAPPED             = $40000;
1038.   MEM_RESET              = $80000;
1039.   MEM_TOP_DOWN           = $100000;
1040.   MEM_LARGE_PAGES        = $20000000;
1041.   MEM_4MB_PAGES          = $80000000;
1042.   SEC_RESERVE            = $4000000;
1043.  
1044. const
1045. { Ðàñøèôðîâêà ôëàãîâ Quota Flags äëÿ ñòðóêòóðû FILE_FS_CONTROL_INFORMATION }
1046.   FS_VOLUME_QUOTAS_ENABLED = 1;
1047.   FS_VOLUME_QUOTAS_NOALLOCATE = 2;
1048.   FS_VOLUME_QUOTAS_DISABLED = $100; { Îòêëþ÷åííûå êâîòû }
1049.  
1050.   FS_VOLUME_QUOTA_THRESHOLD_EXCEED_AUDIT = $10; { Â êîìáèíàöèè ñ 1 è 2 }
1051.   FS_VOLUME_QUOTA_EXCEED_AUDIT = $20; { Â êîìáèíàöèè ñ 1 è 2 }
1052. const
1053. { Ðàñøèôðîâêà KWAIT_REASON - êîäû ïðè÷èíû îæèäàíèÿ ïîòîêà }
1054.   MIN_WAIT_REASON = 0;
1055.   KWR_Executive = 0;
1056.   KWR_FreePage  = 1;
1057.   KWR_PageIn = 2;
1058.   KWR_PoolAllocation = 3;
1059.   KWR_DelayExecution = 4;
1060.   KWR_Suspended = 5;
1061.   KWR_UserRequest = 6;
1062.   KWR_WrExecutive = 7;
1063.   KWR_WrFreePage = 8;
1064.   KWR_WrPageIn = 9;
1065.   KWR_WrPoolAllocation = 10;
1066.   KWR_WrDelayExecution = 11;
1067.   KWR_WrSuspended = 12;
1068.   KWR_WrUserRequest = 13;
1069.   KWR_WrEventPair = 14;
1070.   KWR_WrQueue = 15;
1071.   KWR_WrLpcReceive = 16;
1072.   KWR_WrLpcReply = 17;
1073.   KWR_WrVirtualMemory = 18;
1074.   KWR_WrPageOut = 19;
1075.   KWR_WrRendezvous = 20;
1076.   KWR_Spare2 = 21;
1077.   KWR_Spare3 = 22;
1078.   KWR_Spare4 = 23;
1079.   KWR_Spare5 = 24;
1080.   KWR_Spare6 = 25;
1081.   KWR_WrKernel = 26;
1082.   MAX_WAIT_REASON = 26;
1083. { Ðàñøèôðîâêà THREAD_STATE - ñîñòîÿíèå ïîòîêà }
1084.   MIN_THREAD_STATE = 0;
1085.   THREAD_STATE_INITIALIZED = 0;
1086.   THREAD_STATE_READY = 1;
1087.   THREAD_STATE_RUNNING = 2;
1088.   THREAD_STATE_STANDBY = 3;
1089.   THREAD_STATE_TERMINATED = 4;
1090.   THREAD_STATE_WAIT = 5;
1091.   THREAD_STATE_TRANSITION = 6;
1092.   THREAD_STATE_UNKNOWN = 7;
1093.   MAX_THREAD_STATE = 7;
1094. { Áèòû â GlobalFlag }
1095.   FLG_STOP_ON_EXCEPTION = 1;
1096.   FLG_SHOW_LDR_SNAPS = 2;
1097.   FLG_DEBUG_INITIAL_COMMAND = 4;
1098.   FLG_STOP_ON_HUNG_GUI = 8;
1099.   FLG_HEAP_ENABLE_TAIL_CHECK = $10;
1100.   FLG_HEAP_ENABLE_FREE_CHECK = $20;
1101.   FLG_HEAP_VALIDATE_PARAMETERS = $40;
1102.   FLG_HEAP_VALIDATE_ALL = $80;
1103.   FLG_POOL_ENABLE_TAIL_CHECK = $100;
1104.   FLG_POOL_ENABLE_FREE_CHECK = $200;
1105.   FLG_POOL_ENABLE_TAGGING = $400;
1106.   FLG_HEAP_ENABLE_TAGGING = $800;
1107.   FLG_USER_STACK_TRACE_DB = $1000;
1108.   FLG_KERNEL_STACK_TRACE_DB = $2000;
1109.   FLG_MAINTAIN_OBJECT_TYPELIST = $4000;
1110.   FLG_HEAP_ENABLE_TAG_BY_DLL = $8000;
1111.   FLG_IGNORE_DEBUG_PRIV = $10000;
1112.   FLG_ENABLE_CSRDEBUG = $20000;
1113.   FLG_ENABLE_KDEBUG_SYMBOL_LOAD = $40000;
1114.   FLG_DISABLE_PAGE_KERNEL_STACK = $80000;
1115.   FLG_HEAP_ENABLE_CALL_TRACING = $100000;
1116.   FLG_HEAP_DISABLE_COALESCING = $200000;
1117.   FLG_ENABLE_CLOSE_EXCEPTIONS = $400000;
1118.   FLG_ENABLE_EXCEPTION_LOGGING = $800000;
1119.   FLG_ENABLE_DBGPRINT_BUFFERING = $8000000;
1120. { Pàñøèôðîâêà POOL_TYPE }
1121.   NonPagedPool = 0;
1122.   PagedPool = 1;
1123.   NonPagedPoolMustSucceed = 2;
1124.   DontUseThisType = 3;
1125.   NonPagedPoolCacheAligned = 4;
1126.   PagedPoolCacheAligned = 5;
1127.   NonPagedPoolCacheAlignedMustS = 6;
1128.  
1129.   NonPagedPoolSession = 32;
1130.   PagedPoolSession = 33;
1131.   NonPagedPoolMustSucceedSession = 34;
1132.   DontUseThisTypeSession = 35;
1133.   NonPagedPoolCacheAlignedSession = 36;
1134.   PagedPoolCacheAlignedSession = 37;
1135.   NonPagedPoolCacheAlignedMustSSession = 38;
1136. { Îáúåêò "Ïîðò" (Ëîêàëüíûé âûçîâ ïðîöåäóð) }
1137. type
1138.   LPCSECTIONINFO = packed record
1139.     Length: ULONG;
1140.     SectionHandle: THANDLE;
1141.     Param1: ULONG;
1142.     SectionSize: ULONG;
1143.     ClientBaseAddress: ULONG;
1144.     ServerBaseAddress: ULONG;
1145.   end;
1146.   PLPCSECTIONINFO = ^LPCSECTIONINFO;
1147.  
1148.   PORT_MESSAGE_HEADER = packed record
1149.     DataSize: WORD; //0         Ðàçìåð äàííûõ â áàéòàõ
1150.     MessageSize: WORD; //2      Ðàçìåð ñîîáùåíèÿ â áàéòàõ, âêëþ÷àÿ ðàçìåð
1151.                        //       çàãîëîâêà, äàííûõ è âñåãî äîïîëíèòåëüíîãî
1152.                        //       ïðîñòðàíñòâà, êîòîðîå ìîæåò ïîíàäîáèòüñÿ äëÿ
1153.                        //       ðàçìåùåíèÿ äàííûõ.
1154.     MessageType: WORD; //4
1155.     VirtualRangesOffset: WORD; //6 Ñìåùåíèå â áàéòàõ îò íà÷àë çàãîëîâêà äî
1156.                          //     ìàññèâà âèðòóàëüíûõ àäðåñîâ
1157.     Pid: DWORD; //8            // Èäåíòèôèêàòîðû ïðîöåññà è
1158.     Tid: DWORD; //0x000C       // ïîòîêà êëèåíòà, îòïðàâèâøåãî ñîîáùåíèå
1159.     MessageId: ULONG; //0x0010  // ×èñëîâîé èäåíòèôèêàòîð êîíêðåòíîãî ýêçåìïëÿðà
1160.                                 // ñîîáùåíèÿ.
1161.     SectionSize: ULONG; //0x0014 // Ðàçìåð â áàéòàõ ðàçäåëà, ñîçäàííîãî
1162.                                 // îòïðàâèòåëåì ñîîáùåíèÿ.
1163.     //Data: array[1..DataSize] of UChar; //0x18
1164.   end;
1165.   // Ðàçìåð äàííûõ, êîòðûå ìîãó áûòü ïåðåäàíû ÷åðåç PORT_MESSAGE ñîñòàâëÿåò
1166.   // ïðèìåðíî 300 áàéò, äëÿ ïåðåäà÷è äàííûõ áîëüøåãî ðàçìåðà íåîáõîäèìî
1167.   // ñîçäàâàòü îáúåêò "ñåêöèÿ" è ïåðåäàâàòü äàííûå â ýòîì îáúåêòå.  
1168.  
1169.   PLPCMESSAGE = ^PORT_MESSAGE_HEADER;
1170.  
1171.   PORT_SECTION_WRITE = packed record //Àëèàñ äëÿ LPCSECTIONINFO
1172.     Length: ULONG;
1173.     SectionHandle: THANDLE;
1174.     SectionOffset: ULONG;
1175.     ViewSize: ULONG;
1176.     ViewBase: ULONG;
1177.     TargetViewBase: ULONG;
1178.   end;
1179.  
1180.   PPORT_SECTION_WRITE = ^PORT_SECTION_WRITE;
1181.  
1182.   PORT_SECTION_READ = packed record
1183.     Length: ULONG;
1184.     ViewSize: ULONG;
1185.     ViewBase: ULONG;
1186.   end;
1187.  
1188.   PPORT_SECTION_READ = ^PORT_SECTION_READ;
1189. //Message types (â PORT_MESSAGE_HEADER)
1190. const
1191.   LPC_NEW_MESSAGE = 0;
1192.   LPC_REQUEST     = 1;
1193.   LPC_REPLY       = 2;
1194.   LPC_DATAGRAM    = 3;
1195.   LPC_LOST_REPLY  = 4;
1196.   LPC_PORT_CLOSED = 5;
1197.   LPC_CLIENT_DIED = 6;
1198.   LPC_EXCEPTION   = 7;
1199.   LPC_DEBUG_EVENT = 8;
1200.   LPC_ERROR_EVENT = 9;
1201.   LPC_CONNECTION_REQUEST = 10;
1202.  
1203. // Ïîäñèñòåìà Win32 (CSRSS)
1204. type
1205.   CSR_API_NUMBER = Integer;
1206.  
1207.   //Áóôåð àðãóìåíòîâ ñîîáùåíèÿ ñåðâåðó
1208.   CSR_CAPTURE_HEADER = packed record
1209.     OriginalSize: LONG; //0x0000
1210.     OriginalData: PVOID; //0x0004
1211.     PointersCount: LONG;  //0x0008
1212.     NextPointerPosition: LONG;  //0x000C
1213.     DataPointers: array[0..0] of PVOID; //0x0010
1214.   end;
1215.   PCSR_CAPTURE_HEADER = ^CSR_CAPTURE_HEADER;
1216.   PPCSR_CAPTURE_HEADER = ^PCSR_CAPTURE_HEADER;
1217.  
1218.   //Èäåíòèôèêàöèÿ ñîîáùåíèÿ ñåðâåðó è àðãóìåíòû
1219.   CSRSS_MESSAGE = packed record
1220.     Arguments: PCSR_CAPTURE_HEADER; //0      - 0x0018
1221.     OpCode: CSR_API_NUMBER; //4        - 0x001C
1222.     Status: ULONG; //8        - 0x0020
1223.     Reserved: ULONG; //0x000C - 0x0024
1224.   end;
1225.  
1226.   //Ñîîáùåíèå ñåðâåðó
1227.   CSR_API_MESSAGE = packed record
1228.     hdr: PORT_MESSAGE_HEADER;
1229.     msg: CSRSS_MESSAGE;
1230. //  MessageData: array [0..x] of ULONG;  //0x0028
1231.   end;
1232.   PCSR_API_MESSAGE = ^CSR_API_MESSAGE;
1233.  
1234. //Ïîòîêè
1235. type
1236.   STACKINFO = packed record
1237.     FixedStackBase: PVOID;
1238.     FixedStackLimit: PVOID;
1239.     ExpandableStackBase: PVOID;
1240.     StackLimit: PVOID;
1241.     AllocationBase: PVOID;
1242.   end;
1243.   PSTACKINFO = ^STACKINFO;
1244.  
1245. { Áèòîâûå êàðòû }
1246.   RTL_BITMAP = packed record
1247.     SizeOfBitMap: ULONG; //0  Number of bits in bit map
1248.     Buffer: PULONG;      //4  Pointer to the bit map itself
1249.   end;
1250.   PRTL_BITMAP = ^RTL_BITMAP;
1251. { Òàáëèöà ëîêàëüíûõ äåñêðèïòîðîâ }
1252.   PRTL_HANDLE_TABLE_ENTRY = ^RTL_HANDLE_TABLE_ENTRY;
1253.   RTL_HANDLE_TABLE_ENTRY = packed record
1254.     Next: PRTL_HANDLE_TABLE_ENTRY;
1255.   end;
1256. { Èíôîðìàöèÿ îòëàä÷èêà }
1257.   RTL_DEBUG_INFORMATION = packed record
1258.     //TODO: Îïèñàíèå ñòðóêòóðû!!!!
1259.   end;
1260.   PRTL_DEBUG_INFORMATION = ^RTL_DEBUG_INFORMATION;
1261. { Èíôîðìàöèÿ î âåðñèè ñèñòåìû }
1262.   TOsVersionInfoExW = packed record
1263.     ov: TOsVersionInfoW;
1264.     wServicePackMajor: Word;
1265.     wServicePackMinor: Word;
1266.     wSuiteMask: Word;
1267.     wProductType: Byte;
1268.     wReserved: Byte;
1269.   end;
1270.   RTL_OSVERSIONINFOEXW = TOsVersionInfoExW;
1271.   PRTL_OSVERSIONINFOEXW = ^RTL_OSVERSIONINFOEXW;
1272.  
1273. { Óïðàâëåíèå ïèòàíèåì }
1274.   TLatencyTime = (LT_DONT_CARE, LT_LOWEST_LATENCY);
1275.   LATENCY_TIME = TLatencyTime;
1276. { Îáúåêòû }
1277.   TObjectInfoClass = (
1278. { NtQueryObject/NtSetInformationObject êëàññ èíôîðìàöèè îáúåêòà }
1279.     ObjectBasicInformation,  { = 0 Áàçîâàÿ èíôîðìàöèÿ îá îáúåêòå }
1280.     ObjectNameInformation, { = 1 Èíôîðìàöèÿ îá èìåíè îáúåêòà }
1281.     ObjectTypeInformation, { = 2 Èíôîðìàöèÿ îá òèïå îáúåêòà }
1282.     ObjectAllTypesInformation, { = 3 Ïåðå÷èñëåíèå âñåõ òèïîâ îáúåêòîâ
1283.                                 (òðåáóåò íàñòðîéêè GlobalFlags) }
1284.     ObjectHandleInformation { = 4 Èíôîðìàöèÿ îá àòðèáóòàõ äåñêðèïòîðà îáúåêòà }
1285.   );
1286.   OBJECT_INFO_CLASS = TObjectInfoClass;
1287.  
1288. const
1289. //
1290. //Çíà÷åíèÿ ïàðàìåòðà RelativeTo ôóíêöèè RtlCheckRegistryKey
1291. //
1292.   RTL_REGISTRY_ABSOLUTE = 0;     // Path is a full path
1293.   RTL_REGISTRY_SERVICES = 1;     // \Registry\Machine\System\CurrentControlSet\Services
1294.   RTL_REGISTRY_CONTROL  = 2;     // \Registry\Machine\System\CurrentControlSet\Control
1295.   RTL_REGISTRY_WINDOWS_NT = 3;   // \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion
1296.   RTL_REGISTRY_DEVICEMAP = 4;    // \Registry\Machine\Hardware\DeviceMap
1297.   RTL_REGISTRY_USER = 5;         // \Registry\User\CurrentUser
1298.   RTL_REGISTRY_MAXIMUM = 6;
1299.   RTL_REGISTRY_HANDLE = $40000000;    // Low order bits are registry handle
1300.   RTL_REGISTRY_OPTIONAL = $80000000;    // Indicates the key node is optional
1301.  
1302. //
1303. // The following flags specify how the Name field of a RTL_QUERY_REGISTRY_TABLE
1304. // entry is interpreted.  A NULL name indicates the end of the table.
1305. //
1306.  
1307.   RTL_QUERY_REGISTRY_SUBKEY =  $00000001;  // Name is a subkey and remainder of
1308.                                                 // table or until next subkey are value
1309.                                                 // names for that subkey to look at.
1310.  
1311.   RTL_QUERY_REGISTRY_TOPKEY =  $00000002;  // Reset current key to original key for
1312.                                                 // this and all following table entries.
1313.  
1314.   RTL_QUERY_REGISTRY_REQUIRED = $00000004;  // Fail if no match found for this table
1315.                                                 // entry.
1316.  
1317.   RTL_QUERY_REGISTRY_NOVALUE = $00000008;  // Used to mark a table entry that has no
1318.                                                 // value name, just wants a call out, not
1319.                                                 // an enumeration of all values.
1320.  
1321.   RTL_QUERY_REGISTRY_NOEXPAND = $00000010;  // Used to suppress the expansion of
1322.                                                 // REG_MULTI_SZ into multiple callouts or
1323.                                                 // to prevent the expansion of environment
1324.                                                 // variable values in REG_EXPAND_SZ
1325.  
1326.   RTL_QUERY_REGISTRY_DIRECT = $00000020;  // QueryRoutine field ignored.  EntryContext
1327.                                                 // field points to location to store value.
1328.                                                 // For null terminated strings, EntryContext
1329.                                                 // points to UNICODE_STRING structure that
1330.                                                 // that describes maximum size of buffer.
1331.                                                 // If .Buffer field is NULL then a buffer is
1332.                                                 // allocated.
1333.                                                 //
1334.  
1335.   RTL_QUERY_REGISTRY_DELETE = $00000040;  // Used to delete value keys after they
1336.                                                 // are queried.
1337.  
1338. type
1339.   RTL_QUERY_REGISTRY_TABLE = packed record
1340.     QueryRoutine: Pointer;
1341.     Flags: ULONG;
1342.     Name: LPWSTR;
1343.     EntryContext: PVOID;
1344.     DefaultType: ULONG;
1345.     DefaultData: PVOID;
1346.     DefaultLength: ULONG;
1347.   end;
1348.   PRTL_QUERY_REGISTRY_TABLE = ^RTL_QUERY_REGISTRY_TABLE;
1349.  
1350. const
1351.   REG_NOTIFY_CHANGE_NAME         = ($00000001); // Create or delete (child)
1352.   REG_NOTIFY_CHANGE_ATTRIBUTES   = ($00000002);
1353.   REG_NOTIFY_CHANGE_LAST_SET     = ($00000004); // time stamp
1354.   REG_NOTIFY_CHANGE_SECURITY     = ($00000008);
1355.  
1356. type
1357.   AUDIT_EVENT_TYPE = (
1358.     AuditEventObjectAccess,
1359.     AuditEventDirectoryServiceAccess
1360.   );
1361.   PAUDIT_EVENT_TYPE = ^AUDIT_EVENT_TYPE;
1362.  
1363.   TOKEN_TYPE = (
1364.     TokenReserved,
1365.     TokenPrimary,
1366.     TokenImpersonation
1367.   );
1368.   PTOKEN_TYPE = ^TOKEN_TYPE;
1369.  
1370.   HEAP_INFORMATION_CLASS = (
1371.     HeapCompatibilityInformation
1372.   );
1373.  
1374. //
1375. // Êîíñòàíòû Side-by-side
1376. //
1377. type
1378.   ACTIVATION_CONTEXT_INFO_CLASS = (
1379.     ActivationContextReserved,        //0
1380.     ActivationContextBasicInformation, //1,
1381.     ActivationContextDetailedInformation, //2,
1382.     AssemblyDetailedInformationInActivationContext, //3,
1383.     FileInformationInAssemblyOfAssemblyInActivationContext, //4,
1384.     MaxActivationContextInfoClass        //5
1385.  
1386.     //
1387.     // compatibility with old names
1388.     //
1389. //    AssemblyDetailedInformationInActivationContxt         = 3,
1390. //    FileInformationInAssemblyOfAssemblyInActivationContxt   = 4
1391.   );
1392.  
1393.   ACTIVATION_CONTEXT_QUERY_INDEX = packed record
1394.     ulAssemblyIndex: DWORD;
1395.     ulFileIndexInAssembly: DWORD;
1396.   end;
1397.   PACTIVATION_CONTEXT_QUERY_INDEX = ^ACTIVATION_CONTEXT_QUERY_INDEX;
1398.  
1399. const
1400.   ACTIVATION_CONTEXT_PATH_TYPE_NONE = 1;
1401.   ACTIVATION_CONTEXT_PATH_TYPE_WIN32_FILE = 2;
1402.   ACTIVATION_CONTEXT_PATH_TYPE_URL = 3;
1403.   ACTIVATION_CONTEXT_PATH_TYPE_ASSEMBLYREF = 4;
1404. type
1405.   ASSEMBLY_FILE_DETAILED_INFORMATION = packed record
1406.     ulFlags: DWORD;
1407.     ulFilenameLength: DWORD;
1408.     ulPathLength: DWORD;
1409.  
1410.     lpFileName: PWideChar;
1411.     lpFilePath: PWideChar;
1412.   end;
1413.   PASSEMBLY_FILE_DETAILED_INFORMATION = ^ASSEMBLY_FILE_DETAILED_INFORMATION;
1414.   ASSEMBLY_DLL_REDIRECTION_DETAILED_INFORMATION =
1415.     ASSEMBLY_FILE_DETAILED_INFORMATION;
1416.   PASSEMBLY_DLL_REDIRECTION_DETAILED_INFORMATION =
1417.     PASSEMBLY_FILE_DETAILED_INFORMATION;
1418.  
1419.   ACTIVATION_CONTEXT_ASSEMBLY_DETAILED_INFORMATION = packed record
1420.     ulFlags: DWORD;
1421.     ulEncodedAssemblyIdentityLength: DWORD;    // in bytes
1422.     ulManifestPathType: DWORD;                 // ACTIVATION_CONTEXT_PATH_TYPE_*
1423.     ulManifestPathLength: DWORD;               // in bytes
1424.     liManifestLastWriteTime: LARGE_INTEGER;    // FILETIME
1425.     ulPolicyPathType: DWORD;                   // ACTIVATION_CONTEXT_PATH_TYPE_*
1426.     ulPolicyPathLength: DWORD;                 // in bytes
1427.     liPolicyLastWriteTime: LARGE_INTEGER;      // FILETIME
1428.     ulMetadataSatelliteRosterIndex: DWORD;
1429.  
1430.     ulManifestVersionMajor: DWORD;             // 1
1431.     ulManifestVersionMinor: DWORD;             // 0
1432.     ulPolicyVersionMajor: DWORD;               // 0
1433.     ulPolicyVersionMinor: DWORD;               // 0
1434.     ulAssemblyDirectoryNameLength: DWORD;      // in bytes
1435.  
1436.     lpAssemblyEncodedAssemblyIdentity: PWideChar;
1437.     lpAssemblyManifestPath: PWideChar;
1438.     lpAssemblyPolicyPath: PWideChar;
1439.     lpAssemblyDirectoryName: PWideChar;
1440.  
1441.     ulFileCount: DWORD;
1442.   end;
1443.   PACTIVATION_CONTEXT_ASSEMBLY_DETAILED_INFORMATION =
1444.     ^ACTIVATION_CONTEXT_ASSEMBLY_DETAILED_INFORMATION;
1445.  
1446.   ACTIVATION_CONTEXT_DETAILED_INFORMATION = packed record
1447.     dwFlags: DWORD;
1448.     ulFormatVersion: DWORD;
1449.     ulAssemblyCount: DWORD;
1450.     ulRootManifestPathType: DWORD;
1451.     ulRootManifestPathChars: DWORD;
1452.     ulRootConfigurationPathType: DWORD;
1453.     ulRootConfigurationPathChars: DWORD;
1454.     ulAppDirPathType: DWORD;
1455.     ulAppDirPathChars: DWORD;
1456.     lpRootManifestPath: PWideChar;
1457.     lpRootConfigurationPath: PWideChar;
1458.     lpAppDirPath: PWideChar;
1459.   end;
1460.   PACTIVATION_CONTEXT_DETAILED_INFORMATION =
1461.     ^ACTIVATION_CONTEXT_DETAILED_INFORMATION;
1462. const
1463.   ACTIVATION_CONTEXT_SECTION_ASSEMBLY_INFORMATION         = 1;
1464.   ACTIVATION_CONTEXT_SECTION_DLL_REDIRECTION              = 2;
1465.   ACTIVATION_CONTEXT_SECTION_WINDOW_CLASS_REDIRECTION     = 3;
1466.   ACTIVATION_CONTEXT_SECTION_COM_SERVER_REDIRECTION       = 4;
1467.   ACTIVATION_CONTEXT_SECTION_COM_INTERFACE_REDIRECTION    = 5;
1468.   ACTIVATION_CONTEXT_SECTION_COM_TYPE_LIBRARY_REDIRECTION = 6;
1469.   ACTIVATION_CONTEXT_SECTION_COM_PROGID_REDIRECTION       = 7;
1470.   ACTIVATION_CONTEXT_SECTION_GLOBAL_OBJECT_RENAME_TABLE   = 8;
1471.   ACTIVATION_CONTEXT_SECTION_CLR_SURROGATES               = 9;
1472.  
1473.   QUERY_ACTCTX_FLAG_USE_ACTIVE_ACTCTX = $00000004;
1474.   QUERY_ACTCTX_FLAG_ACTCTX_IS_HMODULE = $00000008;
1475.   QUERY_ACTCTX_FLAG_ACTCTX_IS_ADDRESS = $00000010;
1476.   QUERY_ACTCTX_FLAG_NO_ADDREF         = $80000000;
1477.  
1478. { Mark 1 }
1479. { API ïîäñèñòåìû Win32 Client-Server }
1480. { Âûäåëåíèå áóôåðà äëÿ àðãóìåíòîâ ñîîáùåíèÿ ñåðâåðó }
1481. function CsrAllocateCaptureBuffer(
1482.   CountMessagePointers, Size: ULONG): PCSR_CAPTURE_HEADER; stdcall;
1483. { Ïîìåùåíèå óêàçàòåëÿ â áóôåð ñîîáùåíèÿ ñåðâåðó }
1484. function CsrAllocateMessagePointer(CaptureBuffer: PCSR_CAPTURE_HEADER;
1485.   Length: ULONG; Pointer: PPVOID): ULONG; stdcall;
1486. { Ïîìåùåíèå áóôåðà â áóôåð ñîîáùåíèÿ ñåðâåðó }
1487. procedure CsrCaptureMessageBuffer(CaptureBuffer: PCSR_CAPTURE_HEADER;
1488.   Buffer: PVOID; Length: ULONG; CapturedBuffer: PPVOID); stdcall;
1489. { Ïîìåùåíèå ñòðîêè â áóôåð ñîîáùåíèÿ ñåðâåðó }
1490. procedure CsrCaptureMessageString(CaptureBuffer: PCSR_CAPTURE_HEADER;
1491.   AString: LPSTR; Length: ULONG; MaximumLength: ULONG;
1492.   CapturedString: PSTRING); stdcall;
1493. function CsrCaptureMessageMultiUnicodeStringsInPlace (
1494.   pCaptureMessage: PPCSR_CAPTURE_HEADER; NumberOfStrings: ULONG;
1495.   Strings: PPUNICODE_STRING): NTSTATUS; stdcall;
1496. { Âûçîâ ñåðâåðà }
1497. function CsrClientCallServer(m: PCSR_API_MESSAGE;
1498.   CaptureBuffer: PCSR_CAPTURE_HEADER; ApiNumber: CSR_API_NUMBER;
1499.   ArgLength: ULONG): NTSTATUS; stdcall;
1500. { Ïîäêëþ÷åíèå ê ñåðâåðó }
1501. function CsrClientConnectToServer (ObjectDirectory: PWideChar;
1502.   ServerIndex: Integer; CallbackInfo: Pointer; MessageBuffer: Pointer;
1503.   BufferSize: LPDWORD; ServerProcess: PBYTE): NTSTATUS; stdcall;
1504. { Îñîáîæäåíèå áóôåðà àðóìåíòîâ ñîîáùåíèÿ }
1505. procedure CsrFreeCaptureBuffer(CaptureBuffer: PCSR_CAPTURE_HEADER); stdcall;
1506. { Ïîëó÷íèå èäåíòèôèêàòîðà òåêóùåãî ïðîöåññà }
1507. function CsrGetProcessId: DWORD; stdcall;
1508. { Óêàçàíèå íà òðåâîæíûé ïîòîê }
1509. function CsrIdentifyAlertableThread: NTSTATUS; stdcall;
1510. { Ñîçäàíèå íîâîãî ïîòîêà â ïîäñèñòåìå Win32}
1511. procedure CsrNewThread; stdcall;
1512.  
1513. { API îòëàä÷èêà }
1514. procedure DbgBreakPoint; stdcall;
1515. { Ñîåäèíåíèå ñ îòëàä÷èêîì }
1516. function DbgUiConnectToDbg: NTSTATUS; stdcall;
1517. { Ïðîäîëæåíèå âûïîëíåíèÿ îòëàæèâàåìîé ïðîãðàììû }
1518. function DbgUiContinue(AppClientId: PCLIENT_ID;
1519.   ContinueStatus: NTSTATUS): NTSTATUS; stdcall;
1520. { Ïðåîáðàçîâàíèå ñòðóêòóðû îæèäàíèÿ ñîáûòèÿ îòëàä÷èêà }
1521. function DbgUiConvertStateChangeStructure(
1522.   StateChange: PDBGUI_WAIT_STATE_CHANGE;
1523.   lpDebugEvent: LPDEBUG_EVENT): NTSTATUS; stdcall;
1524. { Îòëàäêà àêòèâíîãî ïðîöåññà }
1525. function DbgUiDebugActiveProcess(ProcessHandle: THANDLE): NTSTATUS; stdcall;
1526. { Ïîëó÷åíèå îáúåêòà îòëàäêè òåêóùåãî ïîòîêà }
1527. function DbgUiGetThreadDebugObject: PVOID; stdcall;
1528. { Îñòàíîâ îòëàæèâàåìîãî ïðîöåññà }
1529. function DbgUiIssueRemoteBreakin(ProcessHandle: THANDLE): NTSTATUS; stdcall;
1530. { Çàâåðøåíèå îòëàäêè }
1531. function DbgUiStopDebugging(ProcessHandle: THANDLE): NTSTATUS; stdcall;
1532. { Èçìåíåíèå îæèäàíèÿ ñîáûòèÿ îòëàäêè }
1533. function DbgUiWaitStateChange(StateChange: PDBGUI_WAIT_STATE_CHANGE;
1534.   Timeout: PLARGE_INTEGER): NTSTATUS; stdcall;
1535.  
1536. { API çàãðóç÷èêà (Loader API) }
1537. { Ïîëó÷åíèå äîñòóïà ê óêàçàííîìó ðåñóðñó }
1538. function LdrAccessResource(DllHandle: PVOID;
1539.   ResourceDataEntry: PIMAGE_RESOURCE_DATA_ENTRY;
1540.   Address: PPVOID; Size: PULONG): NTSTATUS; stdcall;
1541. { Ïðîâåðêà âîçìîæíîñòè çàãðóçêè àëüòåðíàòèâíûõ ðåñóðñíûõ ìîäóëåé }
1542. function LdrAlternateResourcesEnabled: BOOL; stdcall;
1543. { Ðàçðóøàåò îáðàç }
1544. procedure LdrDestroyOutOfProcessImage(AImage: PVOID); stdcall;
1545. { Çàïðåò âûçîâîâ DLLMain ñ ïàðàìåòðîì dwReason ðàâíûì DLL_THREAD_XXXXX }
1546. procedure LdrDisableThreadCalloutsForDll (hMod: THandle); stdcall;
1547. { Âûçûâàåò âíåøíþþ ôóíêöèþ äëÿ çàãðóæåííîãî ìîäóëÿ ñ óêàçàííûì áàçîâûì àäðåñîì }
1548. procedure LdrEnumerateLoadedModules(dwReserved: DWORD;
1549.   Enumerator: Pointer; //Àäðåñ ôóíêöèè, âûçûâàåìîé çàãðóç÷èêîì
1550.   ImageBaseAddress: PVOID); stdcall;
1551. { Ïîèñê ðåñóðñà }
1552. function LdrFindResource_U (DllHandle: PVOID;
1553.   ResourceIdPath: PULONG; ResourceIdPathLength: ULONG;
1554.   ResourceDataEntry: PPIMAGE_RESOURCE_DATA_ENTRY): NTSTATUS; stdcall;
1555. { Ïîèñê êàòàëîãà ðåñóðñîâ }
1556. function LdrFindResourceDirectory_U (DllHandle: PVOID;
1557.   ResourceIdPath: PULONG;
1558.   ResourceIdPathLength: ULONG;
1559.   ResourceDataEntry: PPIMAGE_RESOURCE_DATA_ENTRY): NTSTATUS; stdcall;
1560. { Âûãðóçêà âñåõ àëüòåðíàòèâíî çàãðóæåííûõ ìîäóëåé }
1561. function LdrFlushAlternateResourceModules: BOOL; stdcall;
1562. { Ïîëó÷åíèå àäðåñà çàãðóæåííîãî îáðàçà.
1563.   Íå ñîâñåì êîððåêòíî óêàçûâàòü PHandle äëÿ ïàðàìåòðà DllHandle, íî òèï
1564.   HModule îïðåäåëåí â Delphi êàê THandle }
1565. function LdrGetDllHandle (Path: LPWSTR; { Ïóòü äëÿ ïîèñêà îáðàçà, çàãðóæåííîãî
1566.                                           èç óêàçàííîãî êàòàëîãà
1567.                                           (íåîáÿçàòåëüíûé ïàðàìåòð) }
1568.   DllCharacteristics: PULONG;           { Õàðàêòåðèñòèêè îáðàçà
1569.                                           (êðèòåðèé ïîèñêà)
1570.                                           (íåîáÿçàòåëüíûé ïàðàìåòð) }
1571.   DllName: PUNICODE_STRING;             { Èìÿ îáðàçà }
1572.   DllHandle: PHandle                    { Àäðåñ ïåðåìåííîé äëÿ àäðåñà îáðàçà â
1573.                                           ïàìÿòè }
1574.   ): NTSTATUS; stdcall;
1575. { Ïîëó÷åíèå àäðåñà çàãðóæåííîãî ìîäóëÿ }
1576. function LdrGetDllHandleEx(dwFlags: DWORD; DllPath: LPWSTR;
1577.   DllCharacteristics: PULONG; DllName: PUNICODE_STRING;
1578.   DllHandle: PHMODULE): NTSTATUS; stdcall;
1579. { ïîëó÷åíèå àäðåñà ýêñïîðòèðóåìîé ïðîöåäóðû â çàãðóæåííîì ìîäóëå }
1580. function LdrGetProcedureAddress (ImageBase: PVOID; { Àäðåñ çàãðóæåííîãî ìîäóëÿ }
1581.   ProcName: PANSI_STRING; { Èìÿ ïðîöåäóðû â ANSI-êîäèðîâêå }
1582.   ProcedureOrdinalValue: PULONG; { Ïîðÿäêîâûé íîìåð ïðîöåäóðû }
1583.   ProcedureAddress: PPvoid): NTSTATUS; stdcall; { Àäðåñ ïðîöåäóðû }
1584. { Çàãðóçêà îáðàçà ðåñóðñîâ (áåç íàñòðîéêè ññûëîê è áåç èíèöèàëèçàöèè ìîäóëÿ) }
1585. function LdrLoadAlternateResourceModule (
1586.   DllHandle: THandle; { Àäðåñ îáðàçà â àäðåñíîì ïðîñòðàíñòâå ïðîöåññà }
1587.   ModuleName: LPWSTR): THandle; stdcall; { Ïóòü ê îáðàçó }
1588. { Çàãðóçêà ìîäóëÿ áåç íàñòðîéêè ññûëîê }
1589. function LdrLoadAlternateResourceModuleEx(uLangID: WORD; Module: HMODULE;
1590.   ModuleName: LPWSTR): PVOID; stdcall;
1591. { Çàãðóçêà îáðàçà â ïàìÿòü.
1592.   Íå ñîâñåì êîððåêòíî óêàçûâàòü PHandle äëÿ ïàðàìåòðà DllHandle, íî òèï
1593.   HModule îïðåäåëåí â Delphi êàê THandle }
1594. function LdrLoadDll (Path: LPWSTR; { Ïóòü äëÿ ïîèñêà îáðàçà
1595.                                      (íåîáÿçàòåëüíûé ïàðàìåòð) }
1596.   DllCharacteristics: PULONG;      { Õàðàêòåðèñòèêè îáðàçà
1597.                                      (íåîáÿçàòåëüíûé ïàðàìåòð) }
1598.   DllName: PUNICODE_STRING;        { Èìÿ îáðàçà }
1599.   DllHandle: PHandle               { Àäðåñ ïåðåìåííîé äëÿ àäðåñà îáðàçà â
1600.                                      ïàìÿòè }
1601.   ): NTSTATUS; stdcall;
1602. { Áëîêèðîâêà çàãðóç÷èêà }
1603. function LdrLockLoaderLock (LockType: Integer;
1604.   var LockStatus, LockId: Integer): NTSTATUS; stdcall;
1605. { Ïîëó÷åíèå îïöèé èñïîëíÿåìîãî ôàéëà }
1606. function LdrQueryImageFileExecutionOptions (SubKey: PUNICODE_STRING;
1607.   ValueName: LPWSTR; ValueSize: ULONG; Buffer: PVOID; BufferSize: ULONG;
1608.   ReturnedLength: PULONG): NTSTATUS; stdcall;
1609. { Óñòàíîâêà âíåøíåé ôóíêöèè ïðîâåðêè ìàíèôåñòà ïðèëîæåíèÿ }
1610. procedure LdrSetDllManifestProber(ProberRoutine: Pointer); stdcall;
1611. { Çàâåðøåíèå ïðîöåññà }
1612. procedure LdrShutdownProcess; stdcall;
1613. { Çàâåðøåíèå ïîòîêà }
1614. procedure LdrShutdownThread; stdcall;
1615. { Âûãðóçêà îáðàçà ðåñóðñîâ }
1616. function LdrUnloadAlternateResourceModule(Module: PVOID): BOOL; stdcall;
1617. { Âûãðóçêà îáðàçà }
1618. function LdrUnloadDll (ImageBase: PVOID): NTSTATUS; stdcall;
1619. { Ðàçáëîêèðîâêà çàãðóç÷èêà }
1620. function LdrUnlockLoaderLock (LockType, LockId: Integer): NTSTATUS; stdcall;
1621.  
1622. { Ñòàíäàðòàÿ êîäîâàÿ ñòðàíèöà ANSI }
1623. function NlsAnsiCodePage: WORD;
1624. { Ïðèíÿòèå èëè îòêëîíåíèå çàïðîñà íà ïîäêëþ÷åíèå ê ïîðòó }
1625. function NtAcceptConnectPort (PortHandle: PHANDLE; PortIdentifier: ULONG;
1626.   LpcMessage: PLPCMESSAGE; Accept: ULONG; WriteSection: PPORT_SECTION_WRITE;
1627.   ReadSection: PPORT_SECTION_READ): NTSTATUS; stdcall;
1628. { Ïðîâåðÿåò ïðàâà äîñòóïà ìàðêåðà }
1629. function NtAccessCheck(SecurityDescriptor: PSECURITY_DESCRIPTOR;
1630.   hTokenClient: THANDLE; DesiredAccess: ACCESS_MASK;
1631.   pGenericMapping: PGENERIC_MAPPING; pPrivilegeSet: PPRIVILEGE_SET;
1632.   pPrivilegeSetLength: PULONG; pAccessGranted: PACCESS_MASK;
1633.   AccessGrantedReturnStatus: PNTSTATUS): NTSTATUS; stdcall;
1634. { Ïðîâåðÿåò ïðàâà äîñòóïà ìàðêåðà è ãåíåðèðóåò ïðåäóïðåæäåíèÿ àóäèòà, åñëè
1635.   èäåíòèôèêàòîð äîñòóïà îáëàäàåò SACL }
1636. function NtAccessCheckAndAuditAlarm(SubSystemName: PUNICODE_STRING;
1637.   HandleId: PVOID; ObjectTypeName, ObjectName: PUNICODE_STRING;
1638.   SecurityDescriptor: PSECURITY_DESCRIPTOR; DesiredAccess: ACCESS_MASK;
1639.   pGenericMapping: PGENERIC_MAPPING; bObjectCreation: BOOL;
1640.   pAccessGranted: PACCESS_MASK; AccessGrantedReturnStatus: PNTSTATUS;
1641.   bGenerateOnClose: PBOOLEAN): NTSTATUS; stdcall;
1642. { Ïðîâåðÿåò ïðàâà äîñòóïà ìàðêåðà }
1643. function NtAccessCheckByType(pSecurityDescriptor: PSECURITY_DESCRIPTOR;
1644.   PrincipalSelfSid: PSID; hClientToken: THANDLE; DesiredAccess: ACCESS_MASK;
1645.   ObjectTypeList: POBJECT_TYPE_LIST; ObjectTypeListLength: ULONG;
1646.   pGenericMapping: PGENERIC_MAPPING; pPrivilegeSet: PPRIVILEGE_SET;
1647.   pPrivilegeSetLength: PULONG; pAccessGranted: PACCESS_MASK;
1648.   AccessGrantedReturnStatus: PNTSTATUS): NTSTATUS; stdcall;
1649. { Ïðîâåðÿåò ïðàâà äîñòóïà ìàðêåðà è ãåíåðèðóåò ïðåäóïðåæäåíèÿ àóäèòà, åñëè
1650.   èäåíòèôèêàòîð äîñòóïà îáëàäàåò SACL }
1651. function NtAccessCheckByTypeAndAuditAlarm(SubSystemName: PUNICODE_STRING;
1652.   HandleId: PVOID; ObjectTypeName, ObjectName: PUNICODE_STRING;
1653.   SecurityDescriptor: PSECURITY_DESCRIPTOR; PrincipalSelfSid: PSID;
1654.   DesiredAccess: ACCESS_MASK; AuditType: AUDIT_EVENT_TYPE; Flags: ULONG;
1655.   ObjectTypeList: POBJECT_TYPE_LIST; ObjectTypeListLength: ULONG;
1656.   pGenericMapping: PGENERIC_MAPPING; bObjectCreation: BOOL;
1657.   pAccessGranted: PACCESS_MASK; AccessGrantedReturnStatus: PNTSTATUS;
1658.   bGenerateOnClose: PBOOLEAN): NTSTATUS; stdcall;
1659. { Ïðîâåðÿåò ïðàâà äîñòóïà ìàðêåðà }
1660. function NtAccessCheckByTypeResultList(
1661.   pSecurityDescriptor: PSECURITY_DESCRIPTOR; PrincipalSelfSid: PSID;
1662.   hClientToken: THANDLE; DesiredAccess: ACCESS_MASK;
1663.   ObjectTypeList: POBJECT_TYPE_LIST; ObjectTypeListLength: ULONG;
1664.   pGenericMapping: PGENERIC_MAPPING; pPrivilegeSet: PPRIVILEGE_SET;
1665.   pPrivilegeSetLength: PULONG; pAccessGranted: PACCESS_MASK;
1666.   AccessGrantedReturnStatus: PNTSTATUS): NTSTATUS; stdcall;
1667. { Ïðîâåðÿåò ïðàâà äîñòóïà ìàðêåðà è ãåíåðèðóåò ïðåäóïðåæäåíèÿ àóäèòà, åñëè
1668.   èäåíòèôèêàòîð äîñòóïà îáëàäàåò SACL }
1669. function NtAccessCheckByTypeResultListAndAuditAlarm(
1670.   SubSystemName: PUNICODE_STRING; HandleId: PVOID;
1671.   ObjectTypeName, ObjectName: PUNICODE_STRING;
1672.   SecurityDescriptor: PSECURITY_DESCRIPTOR; PrincipalSelfSid: PSID;
1673.   DesiredAccess: ACCESS_MASK; AuditType: AUDIT_EVENT_TYPE; Flags: ULONG;
1674.   ObjectTypeList: POBJECT_TYPE_LIST; ObjectTypeListLength: ULONG;
1675.   pGenericMapping: PGENERIC_MAPPING; bObjectCreation: BOOLEAN;
1676.   pAccessGranted: PACCESS_MASK; AccessGrantedReturnStatus: PNTSTATUS;
1677.   bGenerateOnClose: PBOOLEAN): NTSTATUS; stdcall;
1678. { Ïðîâåðÿåò ïðàâà äîñòóïà ìàðêåðà è ãåíåðèðóåò ïðåäóïðåæäåíèÿ àóäèòà, åñëè
1679.   èäåíòèôèêàòîð äîñòóïà îáëàäàåò SACL }
1680. function NtAccessCheckByTypeResultListAndAuditAlarmByHandle(
1681.   SubsystemName: PUNICODE_STRING; HandleId: PVOID; TokenHandle: THANDLE;
1682.   ObjectTypeName, ObjectName: PUNICODE_STRING;
1683.   SecurityDescriptor: PSECURITY_DESCRIPTOR; PrincipalSelfSid: PSID;
1684.   DesiredAccess: ACCESS_MASK; AuditType: AUDIT_EVENT_TYPE; Flags: ULONG;
1685.   ObjectTypeList: POBJECT_TYPE_LIST; ObjectTypeListLength: ULONG;
1686.   GenericMapping: PGENERIC_MAPPING; ObjectCreation: BOOL;
1687.   GrantedAccessList: PACCESS_MASK; AccessStatusList: PULONG;
1688.   GenerateOnClose: PULONG): NTSTATUS; stdcall;
1689. { Äîáàâëåíèå ãëîáàëüíîãî (???) àòîìà }
1690. function NtAddAtom (pString: LPWSTR; StringLength: ULONG;
1691.   Atom: PATOM): NTSTATUS; stdcall;
1692. { Èçìåíÿåò àòðèáóòû ãðóïï â ìàðêåðå äîñòóïà }
1693. function NtAdjustGroupsToken(hToken: THANDLE; ResetToDefault: BOOL;
1694.   pNewTokenGroups: PTOKEN_GROUPS; pOldTokenGroupsLength: ULONG;
1695.   pOldTokenGroups: PTOKEN_GROUPS;
1696.   pOldTokenGroupsActualLength: PULONG): NTSTATUS; stdcall;
1697. { Èçìåíåíèå ïðèâèëåãèé ìàðêåðà äîñòóïà }
1698. function NtAdjustPrivilegesToken (hToken: THANDLE;
1699.   DisableAllPrivileges: Boolean; pNewPrivlegeSet: PTOKEN_PRIVILEGES;
1700.   PreviousPrivilegeSetBufferLength: ULONG;
1701.   pPreviousPrivlegeSet: PTOKEN_PRIVILEGES;
1702.   PreviousPrivlegeSetReturnLength: PULONG): NTSTATUS; stdcall;
1703. { Ïîñûëêà òðåâîæíîãî ñèãíàëà ïîòîêó }
1704. function NtAlertThread(hThread: THANDLE): NTSTATUS; stdcall;
1705. { Ñîçäàåò ëîêàëüíî-óíèêàëüíûé èäåíòèôèêàòîð }
1706. function NtAllocateLocallyUniqueId(Luid: PLUID): NTSTATUS; stdcall;
1707. { Âûäåëÿåò ôèçè÷åñêóþ ïàìÿòü }
1708. function NtAllocateUserPhysicalPages(ProcessHandle: THANDLE;
1709.   NumberOfPages, PageFrameNumbers: PULONG): NTSTATUS; stdcall;
1710. { Âûäåëåíèå âèðòóàëüíîé ïàìÿòè }
1711. function NtAllocateVirtualMemory (hProcess: THANDLE;
1712.   PreferredBaseAddress: PVOID; nLowerZeroBits: DWORD;
1713.   SizeRequestedAllocated: LPDWORD;
1714.   AllocationType, ProtectionAttributes: DWORD): NTSTATUS; stdcall;
1715. { TODO: ÷òî äåëàåò ôóíêöèÿ }
1716. function NtApphelpCacheControl(ControlCode: LONG;
1717.   ControlData: PVOID): NTSTATUS; stdcall;
1718. { Ïîäêëþ÷åíèå ïðîöåññà ê îáúåêòó Job }
1719. function NtAssignProcessToJobObject (
1720.   hJob, hProcess: THANDLE): NTSTATUS; stdcall;
1721. { TODO: ÷òî äåëàåò ôóíêöèÿ }
1722. function NtAssociateProcessWithReserve(
1723.   ProcessHandle, ReserveHandle: THANDLE): NTSTATUS; stdcall;
1724. { Îòìåíà ïîñëàííîãî çàïðîñà íà ïðîáóæäåíèå óñòðîéñòâà }
1725. function NtCancelDeviceWakeupRequest(DeviceHandle: THANDLE): NTSTATUS; stdcall;
1726. { Îòìåíà îïåðàöèè ââîäà/âûâîäà, ñâÿçàííîé ñ ôàéëîì }
1727. function NtCancelIoFile (hFile: THANDLE;
1728.   IoStatusBlock: PIoStatusBlock): NTSTATUS; stdcall;
1729. { Îòìåíà òàéìåðà }
1730. function NtCancelTimer (TimerHandle: THANDLE;
1731.   CurrentState: PBOOLEAN): NTSTATUS; stdcall;
1732. { Óñòàíîâêà ñîáûòèÿ â çàíÿòîå ñîñòîÿíèå }
1733. function NtClearEvent (hEvent: THANDLE): NTSTATUS; stdcall;
1734. { Çàêðûòèå îïèñàòåëÿ }
1735. function NtClose (AHandle: THandle): NTSTATUS; stdcall;
1736. { Ãåíåðèðóåò ïðåäóïðåæäåíèå àóäèòà, â ðåçóëüòàòå çàêðûòèÿ äåñêðèïòîðà îáúåêòà }
1737. function NtCloseObjectAuditAlarm(SubSystemName: PUNICODE_STRING;
1738.   HandleId: PVOID; bGenerateOnClose: BOOL): NTSTATUS; stdcall;
1739. { Ïîäòâåðæäàåò òðàíçàêöèþ }
1740. function NtCommitTransaction(TransactionHandle: THANDLE;
1741.   AddInfo: ULONG): NTSTATUS; stdcall;
1742. { Çàâåðøåíèå ñîåäèíåíèÿ ñ ïîðòîì }
1743. function NtCompleteConnectPort (PortHandle: THANDLE): NTSTATUS; stdcall;
1744. { Ïîäêëþ÷åíèå ê ïîðòó }
1745. function NtConnectPort (PortHandle: PHANDLE; PortName: PUNICODE_STRING;
1746.   SecurityQos: PSECURITY_QUALITY_OF_SERVICE;
1747.   WriteSection: PPORT_SECTION_WRITE; ReadSection: PPORT_SECTION_READ;
1748.   MaxMesageSize: PULONG; ConnectInfo: PVOID;
1749.   pConnectInfoLength: PULONG): NTSTATUS; stdcall;
1750. { Ñîçäàíèå îáúåêòà êàòàëîãà (Directory) }
1751. function NtCreateDirectoryObject (DirectoryHandle: PHandle;
1752.   DesiredAccess: ACCESS_MASK;
1753.   ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
1754. { Ñîçäàíèå îáúåêòà "Ñîáûòèå" }
1755. function NtCreateEvent (EventHandle: PHANDLE; DesiredAccess: ACCESS_MASK;
1756.   ObjectAttributes: POBJECT_ATTRIBUTES; EventType: Integer;
1757.   InitialState: BOOL): NTSTATUS; stdcall;
1758. { Ñîçäàíèå îáúåêòà "Ôàéë" }
1759. function NtCreateFile (FileHandle: PHandle; const DesiredAccess: ACCESS_MASK;
1760.   ObjectAttributes: POBJECT_ATTRIBUTES; IoStatusBlock: PIoStatusBlock;
1761.   AllocationSize: PLARGE_INTEGER;
1762.   FileAttributes, ShareAccess, CreateDisposition, CreateOptions: ULONG;
1763.   EaBuffer: PVOID; EaLength: ULONG): NTSTATUS; stdcall;
1764. { Ñîçäàíèå îáúåêòà "Çàäàíèå" (Job) }
1765. function NtCreateJobObject (phJob: PHANDLE; DesiredAccess: ACCESS_MASK;
1766.   ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
1767. { Ñîçäàíèå êëþ÷à ðååñòðà }
1768. function NtCreateKey (phKey: PHandle; DesiredAccess: ACCESS_MASK;
1769.   ObjectAttributes: POBJECT_ATTRIBUTES; TitleIndex: ULONG;
1770.   AClass: PUNICODE_STRING; CreateOptions: ULONG;
1771.   pDisposition: PULONG): NTSTATUS; stdcall;
1772. { Ñîçäàíèå îáúåêòà "Ïî÷òîâûé ÿùèê" }
1773. function NtCreateMailSlotFile (hMailSlot: PHANDLE; DesiredAccess: ACCESS_MASK;
1774.   ObjectAttributes: POBJECT_ATTRIBUTES; IoStatusBlock: PIoStatusBlock;
1775.   CreateOptions, InBufferSize, nMaxMessageSize: ULONG;
1776.   ReadTimeout: PLARGE_INTEGER): NTSTATUS; stdcall;
1777. { Ñîçäàíèå îáúåêòà "Ìóòàíò" }
1778. function NtCreateMutant (hMutex: PHandle; AccessMask: ACCESS_MASK;
1779.   ObjectAttributes: POBJECT_ATTRIBUTES; bOwnMutant: Boolean): NTSTATUS; stdcall;
1780. { Ñîçäàíèå îáúåêòà "Èìåíîâàííûé êàíàë" }
1781. function NtCreateNamedPipeFile (hPipe: PHANDLE; DesiredAccess: ACCESS_MASK;
1782.   ObjectAttributes: POBJECT_ATTRIBUTES; IoStatusBlock: PIOSTATUSBLOCK;
1783.   AllocationSize: PLARGE_INTEGER;
1784.   FileAttributes, ShareAccess, PipeType, PipeReadMode, PipeWaitMode,
1785.   nMaxInstances, nOutBufferSize, nInBufferSize: ULONG;
1786.   DefaultTimeOut: PLARGE_INTEGER): NTSTATUS; stdcall;
1787. { Ñîçäàíèå îáúåêòà "Ïîðò LPC" }
1788. function NtCreatePort (PortHandle: PHANDLE; ObjectAttributes: OBJECT_ATTRIBUTES;
1789.   MaxConnectInfoLength, MaxDataLength, MaxPoolUsage: ULONG): NTSTATUS; stdcall;
1790. { Ñîçäàíèå îáúåêòà "Ñåêöèÿ" }
1791. function NtCreateSection (phSection: PHANDLE; DesiredAccess: ACCESS_MASK;
1792.   ObjectAttributes: POBJECT_ATTRIBUTES; MaximumSize: PLARGE_INTEGER;
1793.   SectionPageProtection, AllocationAttributes: ULONG;
1794.   hFile: THANDLE): NTSTATUS; stdcall;
1795. { Ñîçäàíèå îáúåêòà "Ñåìàôîð" }
1796. function NtCreateSemaphore (hSemaphore: PHANDLE; AccessMask: ACCESS_MASK;
1797.   ObjectAttributes: POBJECT_ATTRIBUTES;
1798.   InitialCount, MaximumCount: ULONG): NTSTATUS; stdcall;
1799. { Ñîçäàíèå îáúåêòà ñèìâîëüíîé ñâÿçè (Symbolic Link) }
1800. function NtCreateSymbolicLinkObject (SymbolicLinkHandle: PHandle;
1801.   DesiredAccess: ACCESS_MASK;
1802.   ObjectAttributes: POBJECT_ATTRIBUTES;
1803.   SubstituteString: PUNICODE_STRING): NTSTATUS; stdcall;
1804. { Ñîçäàíèå îáúåêòà "ïîòîê" }
1805. function NtCreateThread(phThread: PHANDLE; AccessMask: ACCESS_MASK;
1806.   ObjectAttributes: POBJECT_ATTRIBUTES; hProcess: THANDLE;
1807.   pClientId: PCLIENT_ID; pContext: PCONTEXT; pStackInfo: PSTACKINFO;
1808.   bSuspended: BOOL): NTSTATUS; stdcall;
1809. { Ñîçäàíèå îáúåêòà "Òàéìåð" }
1810. function NtCreateTimer (TimerHandle: PHandle; DesiredAccess: ACCESS_MASK;
1811.   ObjectAttributes: POBJECT_ATTRIBUTES;
1812.   TimerType: TIMER_TYPE): NTSTATUS; stdcall;
1813. { Ñîçäàíèå îáúåêòà "ïîðò" ñ îæèäàíèåì }
1814. function NtCreateWaitablePort(PortHandle: PHANDLE;
1815.   ObjectAttributes: POBJECT_ATTRIBUTES;
1816.   MaxConnectInfoLength, MaxDataLength, Reserved: ULONG): NTSTATUS; stdcall;
1817. { Ïîëó÷åíèå àäðåñà Thread Environment block }
1818. function NtCurrentTEB: Pointer;
1819. { Îòëàäêà àêòèâíîãî ïðîöåññà }
1820. function NtDebugActiveProcess(ProcessHandle: THANDLE;
1821.   DebugObject: PVOID): NTSTATUS; stdcall;
1822. { Çàäåðæêà èñïîëíåíèÿ ïîòîêà íà óêàçàííîå âðåìÿ }
1823. function NtDelayExecution (bAlertable: ULONG;
1824.   pDuration: PLARGE_INTEGER): NTSTATUS; stdcall;
1825. { Óäàëåíèå àòîìà }
1826. function NtDeleteAtom (AAtom: ATOM): NTSTATUS; stdcall;
1827. { Óäàëÿåò ôàéë }
1828. function NtDeleteFile(ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
1829. { Óäàëåíèå êëþ÷à ðååñòðà }
1830. function NtDeleteKey (KeyHandle: THANDLE): NTSTATUS; stdcall;
1831. { Ãåíåðèðóåò ïðåäóïðåæäåíèå àóäèòà, â ðåçóëüòàòå óäàëåíèÿ äåñêðèïòîðà îáúåêòà }
1832. function NtDeleteObjectAuditAlarm(SubSystemName: PUNICODE_STRING;
1833.   HandleId: PVOID; bGenerateOnClose: BOOL): NTSTATUS; stdcall;
1834. { Óäàëåíèå çíà÷åíèå êëþ÷à ðååñòðà }
1835. function NtDeleteValueKey (hKey: THANDLE;
1836.   pValueName: PUNICODE_STRING): NTSTATUS; stdcall;
1837. { Óïðàâëåíèå ôàéëîì èëè óñòðîéñòâîì }
1838. function NtDeviceIoControlFile (hFile, hEvent: THANDLE;
1839.   IoApcRoutine: Pointer; IoApcContext: PVOID; IoStatusBlock: PIOSTATUSBLOCK;
1840.   DeviceIoControlCode: ULONG; InBuffer: PVOID; InBufferLength: ULONG;
1841.   OutBuffer: PVOID; OutBufferLength: ULONG): NTSTATUS; stdcall;
1842. { TODO: ÷òî äåëàåò ôóíêöèÿ }
1843. function NtDisassociateProcessFromReserve(
1844.   ProcessHandle: THANDLE): NTSTATUS; stdcall;
1845. { TODO: ÷òî äåëàåò ôóíêöèÿ }
1846. function NtDisjoinThreadFromReserve(hThread: THANDLE): NTSTATUS; stdcall;
1847. { Äóáëèðîâàíèå äåñêðèïòîðà îáúåêòà }
1848. function NtDuplicateObject (SourceProcessHandle, SourceHandle,
1849.   TargetProcessHandle : THandle; TargetHandle : PHandle;
1850.   DesiredAccess: ACCESS_MASK; Attributes: ULONG; //OBJ_xxx
1851.   Options: ULONG): NTSTATUS; stdcall;
1852. { Äóáëèðóåò ìàðêåð äîñòóïà }
1853. function NtDuplicateToken(hToken: THANDLE; DesiredAccess: ACCESS_MASK;
1854.   ObjectAttributes: POBJECT_ATTRIBUTES; bMakeTokenEffectiveOnly: BOOL;
1855.   TokenType: TOKEN_TYPE; phNewToken: PHANDLE): NTSTATUS; stdcall;
1856. { Ïåðå÷èñëåíèå êëþ÷åé ðååñòðà }
1857. function NtEnumerateKey (hKey: THANDLE; Index: ULONG;
1858.   KeyInfoClass: KEY_INFORMATION_CLASS; KeyInfoBuffer: PVOID;
1859.   KeyInfoBufferLength: ULONG; BytesCopied: PULONG): NTSTATUS; stdcall;
1860. { Ïåðå÷èñëåíèå çíà÷åíèé êëþ÷à ðååñòðà }
1861. function NtEnumerateValueKey (hKey: THANDLE; Index: ULONG;
1862.   KeyValueInfoClass: KEY_VALUE_INFORMATION_CLASS; KeyValueInfoBuffer: PVOID;
1863.   KeyValueInfoBufferLength: ULONG; BytesCopied: PULONG): NTSTATUS; stdcall;
1864. { Ñîçäàåò íîâûé ìàðêåð äîñòóïà ïðèìåíÿÿ îãðàíè÷åíèÿ ê ñóùåñòâóþùåìó }
1865. function NtFilterToken(ExistingTokenHandle: THANDLE; Flags: ULONG;
1866.   SidsToDisable: PTOKEN_GROUPS; PrivilegesToDelete: PTOKEN_PRIVILEGES;
1867.   SidsToRestrict: PTOKEN_GROUPS; NewTokenHandle: PHANDLE): NTSTATUS; stdcall;
1868. { Ïîèñê àòîìà }
1869. function NtFindAtom (pString: PWideChar; StringLength: ULONG;
1870.   AAtom: PATOM): NTSTATUS; stdcall;
1871. { Ñáðîñ äàííûõ ôàéëà èç êýøà íà íîñèòåëü }
1872. function NtFlushBuffersFile(hFile: THANDLE;
1873.   IoStatusBlock: PIOSTATUSBLOCK): NTSTATUS; stdcall;
1874. { Î÷èñòêà êýøà èíñòðóêöèé ïðîöåññîðà }
1875. function NtFlushInstructionCache(hProcess: THANDLE; BaseAddressRegion: PVOID;
1876.   RegionSize: ULONG): NTSTATUS; stdcall;
1877. { Ñáðîñ äàííûõ êëþ÷à ðååñòðà èç êýøà }
1878. function NtFlushKey(KeyHandle: THANDLE): NTSTATUS; stdcall;
1879. { Îñâîáîæäåíèå âèðòóàëüíîé ïàìÿòè ïîñëå ñáðîñà åå â ôàéë }
1880. function NtFlushVirtualMemory (hProcess: THANDLE; StartingAddress: PVOID;
1881.   SizeToFlush: PULONG; IoStatusBlock: PIOSTATUSBLOCK): NTSTATUS; stdcall;
1882. { Îñâîáîæäàåò ôèçè÷åñêóþ ïàìÿòü }
1883. function NtFreeUserPhysicalPages(ProcessHandle: THANDLE;
1884.   NumberOfPages, PageFrameNumbers: PULONG): NTSTATUS; stdcall;
1885. { Îñâîáîæäåíèå âèðòóàëüíîé ïàìÿòè }
1886. function NtFreeVirtualMemory(hProcess: THANDLE; StartingAddress: PVOID;
1887.   SizeRequestedReleased: LPDWORD; ReleaseType: UINT): NTSTATUS; stdcall;
1888. { Âûïîëíÿåò îïåðàöèþ ôàéëîâîé ñèñòåìû äëÿ îáúåêòà "Ôàéë" }
1889. function NtFsControlFile(hFile, hEvent: THANDLE; IoApcRoutine: Pointer;
1890.   IoApcContext: PVOID; IoStatusBlock: PIOSTATUSBLOCK; FileSystemControlCode:
1891.   ULONG; InBuffer: PVOID; InBufferLength: ULONG; OutBuffer: PVOID;
1892.   OutBufferLength: ULONG): NTSTATUS; stdcall;
1893. { Ïîëó÷åíèå êîíòåêñòà îáúåêòà "Ïîòîê" }
1894. function NtGetContextThread(hThread: THANDLE;
1895.   pContext: PCONTEXT): NTSTATUS; stdcall;
1896. { Ïîëó÷åíèå íîìåðà òåêóùåãî ïðîöåññîðà }
1897. function NtGetCurrentProcessorNumber: Integer; stdcall;
1898. { Ïîëó÷àåò ñîñòîÿíèå ïèòàíèÿ óñòðîéñòâà }
1899. function NtGetDevicePowerState(DeviceHandle: THANDLE;
1900.   DevicePowerState: PDEVICE_POWER_STATE): NTSTATUS; stdcall;
1901. { Ïîëó÷åíèå èíôîðìàöèè î ìîäèôèêàöèè ñòðàíèö ïðîöåññà }
1902. function NtGetWriteWatch(ProcessHandle: THANDLE; Flags: ULONG;
1903.   BaseAddress: PVOID; RegionSize: ULONG;
1904.   Buffer, BufferEntries, Granularity: PULONG): NTSTATUS; stdcall;
1905. { Óñòàíàâëèâàåò ìàðêåð îëèöåòâîðåíèÿ ïîòîêà â ñîñòîÿíèå àíîíèìíîãî ìàðêåðà }
1906. function NtImpersonateAnonymousToken(hThread: THANDLE): NTSTATUS; stdcall;
1907. { Ïåðåâîïëîùåíèå â êëèåíòà ïîðòà }
1908. function NtImpersonateClientOfPort(PortHandle: THANDLE;
1909.   LpcMessage: PLPCMESSAGE): NTSTATUS; stdcall;
1910. { Çàïðîñ ôóíêöèè óïðàâëåíèÿ ïèòàíèåì }
1911. function NtInitiatePowerAction(SystemAction: POWER_ACTION;
1912.   MinSystemState: SYSTEM_POWER_STATE; Flags: ULONG;
1913.   Asynchronous: BOOL): NTSTATUS; stdcall;
1914. { Âõîäèò ëè ïðîöåññ â óêàçàííîå çàäàíèå }
1915. function NtIsProcessInJob(ProcessHandle, JobHandle: THANDLE): NTSTATUS; stdcall;
1916. { Ñîîáùàåò, áûëà ëè ðàáîòû ñèñòåìû âîçîáíîâëåíà â ðåçóëüòàòå ñïëàíèðîâàííîãî
1917.   ñîáûòèÿ èëè â îòâåò íà äåéñòâèÿ ïîëüçîâàòåëÿ }
1918. function NtIsSystemResumeAutomatic: NTSTATUS; stdcall;
1919. { TODO: ÷òî äåëàåò ôóíêöèÿ }
1920. function NtJoinThreadToReserve(
1921.   ThreadHandle, ReserveHandle: THANDLE): NTSTATUS; stdcall;
1922. { Ïðîñëóøèâàíèå ïîðòà }
1923. function NtListenPort(PortHandle: THANDLE;
1924.   LpcMessage: PLPCMESSAGE): NTSTATUS; stdcall;
1925. { Çàãðóçêà äðàéâåðà }
1926. function NtLoadDriver (DriverRegistryEntry: PUNICODE_STRING): NTSTATUS; stdcall;
1927. { Äîáàâëÿåò êóñò êëþ÷åé â ñèñòåìíûé ðååñòð }
1928. function NtLoadKey(KeyNameAttributes,
1929.   HiveFileNameAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
1930. { Áëîêèðîâêà ÷àñòè ôàéëà }
1931. function NtLockFile(hFile, hEvent: THANDLE; IoApcRoutine: Pointer;
1932.   IoApcContext: PVOID; IoStatusBlock: PIOSTATUSBLOCK;
1933.   FileOffset, Length: PLARGE_INTEGER; LockOperationKey: PULONG;
1934.   bFailIfNotPossibleAtThisPoint, bExclusiveLock: BOOL): NTSTATUS; stdcall;
1935. { Áëîêèðîâêà ñòðàíèö âèðòóàëüíîé ïàìÿòè }
1936. function NtLockVirtualMemory(hProcess: THANDLE; BaseAddress: PPVOID;
1937.   RegionSize: PULONG; LockType: ULONG): NTSTATUS; stdcall;
1938. { Îòîáðàæåíèå ôèçè÷åñêîé ïàìÿòè íà àäðåñíîãî ïðîñòðàíñòâî ïðîöåññà }
1939. function NtMapUserPhysicalPages(BaseAddress: PVOID;
1940.   NumberOfPages, PageFrameNumbers: PULONG): NTSTATUS; stdcall;
1941. { Îòîáðàæåíèå ôèçè÷åñêîé ïàìÿòè "âðàçáðîñ" íà àäðåñíîãî ïðîñòðàíñòâî ïðîöåññà }
1942. function NtMapUserPhysicalPagesScatter(BaseAddresses: PPVOID;
1943.   NumberOfPages, PageFrameNumbers: PULONG): NTSTATUS; stdcall;
1944. { Îòîáðàæåíèå ñåêöèè íà àäðåñíîå ïðîñòðàíñòâî ïðîöåññà }
1945. function NtMapViewOfSection (hSection: THandle; hProcess: THandle;
1946.   BaseAddress: PPVoid; ZeroBits: ULONG; CommitSize: ULONG;
1947.   SectionOffset: PLARGE_INTEGER; ViewSize: PULONG;
1948.   InheritDisposition: SECTION_INHERIT; AllocationType: ULONG;
1949.   Protect: ULONG): NTSTATUS; stdcall;
1950. { Èçìåíåíèå àòðèáóòîâ îáúåêòà, äåëàþùåå îáúåêò âðåìåííûì }
1951. function NtMakeTemporaryObject (AHandle: THandle): NTSTATUS; stdcall;
1952. { Êîíòðîëèðóåò èçìåíåíèÿ â êàòàëîãå }
1953. function NtNotifyChangeDirectoryFile(hFile, hEvent: THANDLE;
1954.   IoApcRoutine: Pointer; IoApcContext: PVOID; IoStatusBlock: PIOSTATUSBLOCK;
1955.   ChangeBuffer: PVOID; ChangeBufferLength, NotifyFilter: ULONG;
1956.   bWatchSubtree: BOOL): NTSTATUS; stdcall;
1957. { Îïîâåùàåò îá èçìåíåíèè êëþ÷à ðååñòðà èëè åãî àòðèáóòîâ }
1958. function NtNotifyChangeKey(hKey, hEvent: THANDLE; ApcRoutine: Pointer;
1959.   ApcRoutineContext: PVOID; IoStatusBlock: PIOSTATUSBLOCK; NotifyFilter: ULONG;
1960.   bWatchSubtree: BOOL; RegChangesDataBuffer: PVOID;
1961.   RegChangesDataBufferLength: ULONG; bAynchronous: BOOL): NTSTATUS; stdcall;
1962. { Êîíòðîëèðóåò èçìåíåíèÿ äëÿ îäíîãî èëè äâóõ êëþ÷åé }
1963. function NtNotifyChangeMultipleKeys(KeyHandle: THANDLE; Flags: ULONG;
1964.   KeyObjectAttributes: POBJECT_ATTRIBUTES; EventHandle: THANDLE;
1965.   ApcRoutine: Pointer; ApcContext: PVOID; IoStatusBlock: PIOSTATUSBLOCK;
1966.   NotifyFilter: ULONG; WatchSubTree: BOOL; Buffer: PVOID; BufferLength: ULONG;
1967.   Asynchronous: BOOL): NTSTATUS; stdcall;
1968. { Îòêðûòèå îáúåêòà êàòàëîãà (Directory) }
1969. function NtOpenDirectoryObject (DirectoryHandle: PHandle;
1970.   DesiredAccess: ACCESS_MASK;
1971.   ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
1972. { Îòêðûòèå îáúåêòà "Ñîáûòèå" }
1973. function NtOpenEvent(hEvent: PHANDLE; DesiredAccess: ACCESS_MASK;
1974.   ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
1975. { Îòêðûòèå îáúåêòà "Ôàéë" }
1976. function NtOpenFile (FileHandle: PHandle; const DesiredAccess: ACCESS_MASK;
1977.   ObjectAttributes: POBJECT_ATTRIBUTES; IoStatusBlock: PIoStatusBlock;
1978.   const ShareAccess, OpenOptions: ULONG) : NTSTATUS; stdcall;
1979. { Îòêðûòèå îáúåêòà "Çàäàíèå" }
1980. function NtOpenJobObject(phJob: PHANDLE; DesiredAccess: ACCESS_MASK;
1981.   ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
1982. { Îòêðûòèå îáúåêòà "êëþ÷ ðååñòðà" (Key) }
1983. function NtOpenKey (phKey: PHandle; DesiredAccess: ACCESS_MASK;
1984.   oa: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
1985. { Îòêðûòèå îáúåêòà "Ìóòàíò" }
1986. function NtOpenMutant(hMutex: PHANDLE; DesiredAccess: ACCESS_MASK;
1987.   ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
1988. { Ãåíåðèðóåò ïðåäóïðåæäåíèå àóäèòà, â ðåçóëüòàòå îòêðûòèÿ äåñêðèïòîðà îáúåêòà }
1989. function NtOpenObjectAuditAlarm(SubsystemName: PUNICODE_STRING; HandleId: PVOID;
1990.   ObjectTypeName, ObjectName: PUNICODE_STRING;
1991.   pSecurityDescriptor: PSECURITY_DESCRIPTOR; hTokenClient: THANDLE;
1992.   DesiredAccess, GrantedAccess: ACCESS_MASK; pPrivilegeSet: PPRIVILEGE_SET;
1993.   bObjectCreation, bAccessGranted: BOOL;
1994.   bGenerateOnClose: PBOOLEAN): NTSTATUS; stdcall;
1995. { Ïîëó÷åíèå äåñêðèïòîðà ïðîöåññà }
1996. function NtOpenProcess (phProcess: PHandle; DesiredAccess: ACCESS_MASK;
1997.   oa: POBJECT_ATTRIBUTES; pClientId: PCLIENT_ID): NTSTATUS; stdcall;
1998. { Ïîëó÷åíèå ìàðêåðà äîñòóïà ïðîöåññà }
1999. function NtOpenProcessToken (hProcess: THandle; DesiredAccess: ACCESS_MASK;
2000.   hToken: PHandle): NTSTATUS; stdcall;
2001. { Îòêðûòèå îáúåêòà "Reserve" }
2002. function NtOpenReserve(ReserveHandle: PHANDLE; DesiredAccess: ACCESS_MASK;
2003.   oa: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
2004. { Îòêðûòèå îáúåêòà "Ñåêöèÿ" (ðàçäåëÿåìàÿ ïàìÿòü) }
2005. function NtOpenSection(SectionHandle: PHANDLE; DesiredAccess: ACCESS_MASK;
2006.   ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
2007. { Îòêðûòèå îáúåêòà "Ñåìàôîð" }
2008. function NtOpenSemaphore(hSemaphore: PHANDLE; DesiredAccess: ACCESS_MASK;
2009.   ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
2010. { Îòêðûòèå îáúåêòà ñèìâîëüíîé ñâÿçè (Symbolic Link) }
2011. function NtOpenSymbolicLinkObject (SymbolicLinkHandle: PHandle;
2012.   DesiredAccess: ACCESS_MASK;
2013.   ObjectAttributes: POBJECT_ATTRIBUTES) : NTSTATUS; stdcall;
2014. { Îòêðûòèå îáúåêòà "Ïîòîê" }
2015. function NtOpenThread(phThread: PHANDLE; AccessMask: ACCESS_MASK;
2016.   ObjectAttributes: POBJECT_ATTRIBUTES;
2017.   pClientId: PCLIENT_ID): NTSTATUS; stdcall;
2018. { Ïîëó÷åíèå ìàðêåðà äîñòóïà ïîòîêà }
2019. function NtOpenThreadToken (hThread: THANDLE; DesiredAccess: ACCESS_MASK;
2020.   bUseContextOfProcess: LongBool; phToken: PHANDLE): NTSTATUS; stdcall;
2021. { Îòêðûòèå îáúåêòà "Òàéìåð" }
2022. function NtOpenTimer(TimerHandle: PHANDLE; DesiredAccess: ACCESS_MASK;
2023.   ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
2024. { Ïîëó÷åíèå/óñòàíîâêà ñîñòîÿíèÿ óïðàâëåíèÿ ïèòàíèåì }
2025. function NtPowerInformation(PowerInformationLevel: POWER_INFORMATION_LEVEL;
2026.   InputBuffer: PVOID; InputBufferLength: ULONG; OutputBuffer: PVOID;
2027.   OutputBufferLength: ULONG): NTSTATUS; stdcall;
2028. { Ïðîâåðÿåò, îáëàäàåò ëè ìàðêåð îïðåäåëåííûì íàáîðîì ïðàâ }
2029. function NtPrivilegeCheck(hToken: THANDLE; PrivilegeSet: PPRIVILEGE_SET;
2030.   pbHasPrivileges: PBOOLEAN): NTSTATUS; stdcall;
2031. { Ãåíåðèðóåò ïðåäóïðåæäåíèå àóäèòà, îïèñûâàþùåå ïðèìåíåíèå ïðàâ }
2032. function NtPrivilegedServiceAuditAlarm(
2033.   SubsystemName, ServiceName: PUNICODE_STRING; hToken: THANDLE;
2034.   pPrivilegeSet: PPRIVILEGE_SET; AccessGranted: BOOL): NTSTATUS; stdcall;
2035. { Ãåíåðèðóåò ïðåäóïðåæäåíèå àóäèòà, îïèñûâàþùåå èñïîëüçîâàíèå ïðàâ ñîâìåñòíî ñ
2036.   äåñêðèïòîðîì îáúåêòà }
2037. function NtPrivilegeObjectAuditAlarm(SubsystemName: PUNICODE_STRING;
2038.   HandleId: PVOID; hToken: THANDLE; DesiredAccess: ACCESS_MASK;
2039.   pPrivilegeSet: PPRIVILEGE_SET; AccessGranted: BOOL): NTSTATUS; stdcall;
2040. { Èçìåíåíèå àòðèáóòîâ çàùèòû áëîêà âèðòóàëüíîé ïàìÿòè }
2041. function NtProtectVirtualMemory(hProcess: THANDLE; BaseAddress: PPVOID;
2042.   RegionSize: PULONG; Protect: ULONG; OldProtect: PULONG): NTSTATUS; stdcall;
2043. { Èçìåíåíèå ñîñòîÿíèÿ îáúåêòà "Ñîáûòèå" íà ñâîáîäíîå/çàíÿòîå }
2044. function NtPulseEvent(hEvent: THANDLE;
2045.   PreviousState: PULONG): NTSTATUS; stdcall;
2046. { Ïîëó÷åíèå èíôîðìàöèè îá àòðèáóòàõ ôàéëà  }
2047. function NtQueryAttributesFile(ObjectAttributes: POBJECT_ATTRIBUTES;
2048.   pFileBasicInfo: PFILE_BASIC_INFORMATION): NTSTATUS; stdcall;
2049. { Ïîëó÷åíèå ðåãèîíà ïî óìîë÷àíèþ }
2050. function NtQueryDefaultLocale(bSystemOrThreadLocale: BOOL;
2051.   DefaultLocale: PULONG): NTSTATUS; stdcall;
2052. { Ïîëó÷åíèå ÿçûêà èíòåðôåéñà ïî óìîë÷àíèþ }
2053. function NtQueryDefaultUILanguage(
2054.   DefaultUILanguage: PUSHORT): NTSTATUS; stdcall;
2055. { Ïîëó÷åíèå èíôîðìàöèè î ôàéëå êàòàëîãà }
2056. function NtQueryDirectoryFile(FileHandle, Event: THandle;
2057.   ApcRoutine: Pointer; ApcContext: Pointer;
2058.   IoStatusBlock: PIoStatusBlock; FileInformation: Pointer;
2059.   FileInformationLength: ULONG; FileInformationClass: Integer;
2060.   ReturnSingleEntry: LongBool; FileName: PUNICODE_STRING;
2061.   RestartScan: LongBool): NTSTATUS; stdcall;
2062. { Îïðîñ îáúåêòà êàòàëîãà }
2063. function NtQueryDirectoryObject (DirectoryHandle : THandle;
2064.   Buffer : PVOID; BufferLength : ULONG; ReturnSingleEntry : Boolean;
2065.   RestartScan : Boolean; Context : PDWORD;
2066.   ReturnLength : PDWORD) : NTSTATUS; stdcall;
2067. { Ïîëó÷åíèå èíôîðìàöèè î ðàñøèðåííûõ àòðèáóòàõ ôàéëà }
2068. function NtQueryEaFile(hFile: THANDLE; IoStatusBlock: PIOSTATUSBLOCK;
2069.   QueryEaBuffer: PVOID; QueryEaBufferLength: ULONG; bReturnSingleEa: BOOL;
2070.   pListEa: PVOID; pListEaLength: ULONG; ListEaIndex: PULONG;
2071.   bRestartQuery: BOOL): NTSTATUS; stdcall;
2072. { Ïîëó÷åíèå èíôîðìàöèè îá îáúåêòå "Ñîáûòèå" }
2073. function NtQueryEvent(hEvent: THANDLE; InfoClass: EVENT_INFO_CLASS;
2074.   EventInfoBuffer: PVOID; EventInfoBufferSize: ULONG;
2075.   BytesCopied: PULONG): NTSTATUS; stdcall;
2076. { Ïîëó÷åíèå ïîëíîé èíôîðìàöèè î àòðèáóòàõ ôàéëà }
2077. function NtQueryFullAttributesFile(FileObjectAttributes: POBJECT_ATTRIBUTES;
2078.   FullFileAttributes: PFULL_FILE_ATTRIBUTES): NTSTATUS; stdcall;
2079. { Ïîëó÷åíèå èíôîðìàöèè îá àòîìå }
2080. function NtQueryInformationAtom(AnAtom: ATOM; AtomInfoClass: ATOM_INFO_CLASS;
2081.   AtomInfoBuffer: PVOID; AtomInfoBufferLength: ULONG;
2082.   BytesCopied: PULONG): NTSTATUS; stdcall;
2083. { Ïîëó÷åíèå èíôîðìàöèè î ôàéëå }
2084. function NtQueryInformationFile(FileHandle: THandle;
2085.   IoStatusBlock: PIoStatusBlock; FileInformation: PVOID; Length: ULONG;
2086.   FileInformationClass: Integer): NTSTATUS; stdcall;
2087. { Ïîëó÷åíèå èíôîðìàöèè î çàäàíèè }
2088. function NtQueryInformationJobObject(hJob: THANDLE;
2089.   JobObjectInfoClass: JOBOBJECTINFOCLASS; JobObjectInfoBuffer: PVOID;
2090.   JobObjectInfoBufferLength: ULONG; BytesReturned: PULONG): NTSTATUS; stdcall;
2091. { Ïîëó÷åíèå èíôîðìàöèè îá îáúåêòå "ïîðò" }
2092. function NtQueryInformationPort(PortHandle: THANDLE; InfoClass: ULONG;
2093.   Buffer: PVOID; BufferSize: ULONG; BytesReturned: PULONG): NTSTATUS; stdcall;
2094. { Ïîëó÷åíèå èíôîðìàöèè î ïðîöåññå }
2095. function NtQueryInformationProcess (hProcess : THandle;
2096.   ProcessInformationClass : LongInt; ProcessInformation : Pointer;
2097.   ProcessInformationLength : ULONG; ReturnLength : PDWORD) : NTSTATUS; stdcall;
2098. { Ïîëó÷åíèå èíôîðìàöèè îá îáúåêòå "Reserve" }
2099. function NtQueryInformationReserve(ReserveHandle: THANDLE;
2100.   InformationClass: Integer; InformationBuffer: PVOID;
2101.   InformationBufferSize: ULONG; ReturnedLength: PULONG): NTSTATUS; stdcall;
2102. { Ïîëó÷åíèå èíôîðìàöèè î ïîòîêå. }
2103. function NtQueryInformationThread (hThread: THANDLE; ThreadInfoClass: Integer;
2104.   ThreadInfoBuffer: PVOID; ThreadInfoBufferLength: ULONG;
2105.   BytesReturned: PULONG): NTSTATUS; stdcall;
2106. { Ïîëó÷åíèå èíôîðìàöèè î ìàðêåðå äîñòóïà }
2107. function NtQueryInformationToken (hToken: THandle;
2108.   TokenInformationType: Integer; TokenInformationBuffer: Pointer;
2109.   TokenInformationBufferSize: ULONG; ReturnLength: PDWORD): NTSTATUS; stdcall;
2110. { Ïîëó÷åíèå ÿçûêà ëîêàëèçàöèè ñèñòåìû }
2111. function NtQueryInstallUILanguage(
2112.   InstallUILanguage: PUSHORT): NTSTATUS; stdcall;
2113. { Ïîëó÷åíèå èíôîðìàöèè î êëþ÷å ðååñòðà }
2114. function NtQueryKey (KeyHandle: THandle; KeyInformationClass: Integer;
2115.   KeyInformation: PVOID; Length: ULONG;
2116.   ResultLength: LPDWORD): NTSTATUS; stdcall;
2117. { Ïîëó÷åíèå èíôîðìàöèè îá îáúåêòå }
2118. function NtQueryObject (ObjectHandle: THandle;
2119.   ObjectInformationClass: OBJECT_INFO_CLASS; ObjectInformation: Pointer;
2120.   ObjectInformationLength: ULONG;
2121.   ReturnLength: PDWORD): NTSTATUS; stdcall;
2122. { Îïðåäåëåíèå òåêóùåãî çíà÷åíèÿ è ÷àñòîòû ñ÷åò÷èêà ñèñòåìíîãî ìîíèòîðà }
2123. function NtQueryPerformanceCounter(
2124.   pPerformanceCount, pFrequency: PLARGE_INTEGER): NTSTATUS; stdcall;
2125. { Ïîëó÷åíèå èíôîðìàöèè îá îáúåêòå "Ðàçäåë" }
2126. function NtQuerySection(hSection: THANDLE;
2127.   SectionInfoClass: SECTION_INFORMATION_CLASS; Buffer: PVOID;
2128.   BufferSize: ULONG; BytesReturned: PULONG): NTSTATUS; stdcall;
2129. { Ïîëó÷åíèå èíôîðìàöèè, ñâÿçàííîé ñ áåçîïàñíîñòüþ îáúåêòà }
2130. function NtQuerySecurityObject(hObject: THANDLE;
2131.   SecurityInfoRequested: SECURITY_INFORMATION;
2132.   pSecurityDescriptor: PSECURITY_DESCRIPTOR; pSecurityDescriptorLength: ULONG;
2133.   BytesRequired: PULONG): NTSTATUS; stdcall;
2134. { Îïðåäåëåíèå àäðåñàòà ñèìâîëüíîé ñâÿçè }
2135. function NtQuerySymbolicLinkObject (SymbolicLinkHandle: THandle;
2136.   TargetName: PUNICODE_STRING;
2137.   ReturnLength: PDWORD): NTSTATUS; stdcall;
2138. { Ñáîð èíôîðìàöèè î ñèñòåìå }
2139. function NtQuerySystemInformation (SystemInformationClass: LongInt;
2140.   SystemInformation: Pointer; SystemInformationLength: ULONG;
2141.   ReturnLength: PDWORD): NTSTATUS; stdcall;
2142. { Âîçâðàùàåò òåêóùåå ñèñòåìíîå âðåìÿ }
2143. function NtQuerySystemTime(pSystemTime: PLARGE_INTEGER): NTSTATUS; stdcall;
2144. { Ïîëó÷åíèå èíôîðìàöèè î çíà÷åíèè êëþ÷à ðååñòðà }
2145. function NtQueryValueKey (KeyHandle: THandle; ValueName: PUNICODE_STRING;
2146.   KeyValueInformationClass: KEY_VALUE_INFORMATION_CLASS;
2147.   KeyValueInformation: PVOID; KeyValueInformationLength: ULONG;
2148.   ResultLength: PULONG): NTSTATUS; stdcall;
2149. { Ñáîð èíôîðìàöèè î ïàìÿòè }
2150. function NtQueryVirtualMemory (hProcess: THandle; Address: PVOID;
2151.   MemoryInformationClass: Integer; MemoryInformationBuffer: PVOID;
2152.   MemoryInformationBufferLength: ULONG;
2153.   ReturnLength: PDWORD): NTSTATUS; stdcall;
2154. { Ñáîð èíôîðìàöèè î äèñêîâîì òîìå }
2155. function NtQueryVolumeInformationFile (Handle: THandle;
2156.   IoStatusBlock: PIoStatusBlock; VolumeInformation: Pointer;
2157.   VolumeInformationLength: ULONG;
2158.   VolumeInformationClass: LongInt): NTSTATUS; stdcall;
2159. { Ïîñòàíîâêà àñèíõðîííîé ïðîöåäóðû â î÷åðåäü ïîòîêà }
2160. function NtQueueApcThread(hThread: THANDLE; ApcRoutine: Pointer;
2161.   NormalContext, SystemArgument1, SystemArgument2: PVOID): NTSTATUS; stdcall;
2162. { Îïîâåùåíèå î ôàòàëüíîé îøèáêå }
2163. function NtRaiseHardError(Status: NTSTATUS; NumberOfArguments,
2164.   StringArgumentMask : ULONG; Arguments: PULONG; ResponseOption: Integer;
2165.   Response: PLONG): NTSTATUS; stdcall;
2166. { ×òåíèå ôàéëà }
2167. function NtReadFile (FileHandle: THandle; Event: THandle; ApcRoutine: Pointer;
2168.   ApcContext: Pointer; IoStatusBlock: PIoStatusBlock; Buffer: Pointer;
2169.   Length: ULONG; ByteOffset: PLARGE_INTEGER; Key: PDWORD): NTSTATUS; stdcall;
2170. { ×òåíèå ôàéëà "Âðàçáðîñ" }
2171. function NtReadFileScatter(hFile, hEvent: THANDLE; IoApcRoutine: Pointer;
2172.   IoApcContext: PVOID; IoStatusBlock: PIOSTATUSBLOCK;
2173.   aSegmentArray: PFILE_SEGMENT_ELEMENT; nBytesToRead: ULONG;
2174.   FileOffset: PLARGE_INTEGER; LockOperationKey: PULONG): NTSTATUS; stdcall;
2175. { ×òåíèå âèðòóàëüíîé ïàìÿòè ïðîöåññà }
2176. function NtReadVirtualMemory (hProcess : THandle; BaseAddress, Buffer: PVOID;
2177.   BytesToRead: ULONG; BytesRead: PULONG): NTSTATUS; stdcall;
2178. { Ðåãèñòðàöèÿ ïîðòà, êóäà áóäåò ïîñëàíî ñîîáùåíèå ïðè çàâåðøåíèè ïîòîêà }
2179. function NtRegisterThreadTerminatePort(PortHandle: THANDLE): NTSTATUS; stdcall;
2180. { Ïåðåâîä îáúåêòà "Mutant" â ñèãíàëüíîå ñîñòîÿíèå }
2181. function NtReleaseMutant(hMutant: THANDLE;
2182.   bWasSignalled: PULONG): NTSTATUS; stdcall;
2183. { Îñâîáîæäåíèå îáúåêòà "Ñåìàôîð" }
2184. function NtReleaseSemaphore(hSemaphore: THANDLE; ReleaseCount: ULONG;
2185.   PreviousCount: PULONG): NTSTATUS; stdcall;
2186. { TODO: ÷òî äåëàåò ôóíêöèÿ }
2187. function NtRelinquishBudget: NTSTATUS; stdcall;
2188. { Ëèêâèäèðóåò î÷åðåäü ñîîáùåíèé î çàâåðøåíèè ââîäà/âûâîäà â îáúåêòå çàâåðøåíèÿ
2189.   ââîäà/âûâîäà }
2190. function NtRemoveIoCompletion(hIoCompletion: THANDLE;
2191.   lpCompletionKey, lpCompletionValue: PULONG; IoStatusBlock: PIOSTATUSBLOCK;
2192.   Timeout: PLARGE_INTEGER): NTSTATUS; stdcall;
2193. { Îòñîåäèíåíèå îòëàä÷èêà îò ïðîöåññà }
2194. function NtRemoveProcessDebug(ProcessHandle: THANDLE;
2195.   DebugObject: PVOID): NTSTATUS; stdcall;
2196. { Çàìåíÿåò îäèí êóñò êëþ÷åé íà äðóãîé }
2197. function NtReplaceKey(NewHiveFile: POBJECT_ATTRIBUTES; hKey: THANDLE;
2198.   BackupHiveFile: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
2199. { Îòâåò â ïîðò LPC }
2200. function NtReplyPort (PortHandle: THANDLE;
2201.   LpcMessage: PLPCMESSAGE): NTSTATUS; stdcall;
2202. { Îòâåò, îæèäàíèå, ïîëó÷åíèå ñîîáùåíèÿ îò ïîðòà }
2203. function NtReplyWaitReceivePort (PortHandle: THANDLE; PortIdentifier: PULONG;
2204.   LpcMessageOut, LpcMessageIn: PLPCMESSAGE): NTSTATUS; stdcall;
2205. { Îòâåò â ïîðò }
2206. function NtReplyWaitReplyPort(PortHandle: THANDLE;
2207.   LpcMessage: PLPCMESSAGE): NTSTATUS; stdcall;
2208. { Çàïðîñ íà ïðîáóæäåíèå óñòðîéñòâà }
2209. function NtRequestDeviceWakeup (hDevice: THANDLE): NTSTATUS; stdcall;
2210. { Çàïðîñ â ïîðò }
2211. function NtRequestPort(PortHandle: THANDLE;
2212.   LpcMessage: PLPCMESSAGE): NTSTATUS; stdcall;
2213. { Çàïðîñ, îæèäàíèå, îòâåò ïîðòó }
2214. function NtRequestWaitReplyPort (PortHandle: THANDLE;
2215.   pLpcMessageIn, pLpcMessageOut: PLPCMESSAGE): NTSTATUS; stdcall;
2216. { Óñòàíîâêà âðåìåíè, â òå÷åíèå êîòîðîãî ñèñòåìà äîëæíà áûòü ïðèâåäåíà â
2217.   ðàáîòîñïîñîáíîå ñîñòîÿíèå }
2218. function NtRequestWakeupLatency(Latency: LATENCY_TIME): NTSTATUS; stdcall;
2219. { Ñáðîñ îáúåêòà "Ñîáûòèå" }
2220. function NtResetEvent (hEvent: THANDLE; OldState: PBOOLEAN): NTSTATUS; stdcall;
2221. { Ñáðîñ èíôîðìàöèè ìîäèôèêàöèè ñòðàíèö }
2222. function NtResetWriteWatch(ProcessHandle: THANDLE; BaseAddress: PVOID;
2223.   RegionSize: ULONG): NTSTATUS; stdcall;
2224. { Âîññòàíàâëèâàåò â ñèñòåìíîì ðååñòðå êëþ÷, ñîõðàíåííûé â ôàéëå }
2225. function NtRestoreKey(hKey, hFile: THANDLE; Flags: ULONG): NTSTATUS; stdcall;
2226. { Âîçîáíîâëåíèå âûïîëíåíèÿ ïîòîêà }
2227. function NtResumeThread (hThread: THANDLE;
2228.   pSuspendCount: PULONG): NTSTATUS; stdcall;
2229. { Îòìåíÿåò òðàíçàêöèþ }
2230. function NtRollbackTransaction(TransactionHandle: THANDLE;
2231.   AddInfo: ULONG): NTSTATUS; stdcall;
2232. { Ñîõðàíÿåò â ôàéë êîïèþ êëþ÷à è åãî âëîæåííûõ êëþ÷åé }
2233. function NtSaveKey(hKey, hFile: THANDLE): NTSTATUS; stdcall;
2234. { Áåçîïàñíîå ïîäêëþ÷åíèå ê ïîðòó }
2235. function NtSecureConnectPort (PortHandle: PHANDLE; PortName: PUNICODE_STRING;
2236.   SecurityQos: PSECURITY_QUALITY_OF_SERVICE;
2237.   WriteSection: PPORT_SECTION_WRITE; ServerSid: PSID;
2238.   ReadSection: PPORT_SECTION_READ; MAxMessageSize: PULONG; ConnectData: PVOID;
2239.   ConnectDataLength: PULONG): NTSTATUS; stdcall;
2240. { Óñòàíîâêà êîíòåêñòà ïîòîêà }
2241. function NtSetContextThread(hThread: THANDLE;
2242.   pContext: PCONTEXT): NTSTATUS; stdcall;
2243. { Óñòàíîâêà ïîðòà äëÿ ïîëó÷åíèÿ ñîîáùåíèé î ñåðüåçíûõ îøèáêàõ }
2244. function NtSetDefaultHardErrorPort (hPort: THandle): NTSTATUS; stdcall;
2245. { Óñòàíîâêà äîïîëíèòåëüíûõ àòðèáóòîâ ôàéëà }
2246. function NtSetEaFile(hFile: THANDLE; IoStatusBlock: PIOSTATUSBLOCK;
2247.   EaBuffer: PVOID; EaBufferLength: ULONG): NTSTATUS; stdcall;
2248. { Óñòàíîâêà îáúåêòà "Ñîáûòèå" â ñèãíàëüíîå ñîñòîÿíèå }
2249. function NtSetEvent (EventHandle: THANDLE;
2250.   OldState: PBOOLEAN): NTSTATUS; stdcall;
2251. { Óñòàíîâêà ïàðàìåòðîâ îáúåêòà "îòëàäêà" }
2252. function NtSetInformationDebugObject(DebugObjectHandle: THANDLE;
2253.   InformationClass: Integer; InformationBuffer: PVOID;
2254.   InformationBufferSize: ULONG; Unknown: PULONG): NTSTATUS; stdcall;
2255. { Óñòàíîâêà èíôîðìàöèè ôàéëà }
2256. function NtSetInformationFile (FileHandle: THandle;
2257.   IoStatusBlock: PIoStatusBlock; FileInformation: Pointer; Length: ULONG;
2258.   FileInformationClass: Integer): NTSTATUS; stdcall;
2259. { Óñòàíîâêà ïàðàìåòðîâ îáúåêòà "Çàäàíèå" }
2260. function NtSetInformationJobObject(hJob: THANDLE;
2261.   JobObjectInfoClass: JOBOBJECTINFOCLASS; JobObjectInfoBuffer: PVOID;
2262.   JobObjectInfoBufferLength: ULONG): NTSTATUS; stdcall;
2263. { Óñòàíîâêà ïàðàìåòðîâ îáúåêòà  }
2264. function NtSetInformationObject(hObject: THANDLE;
2265.   ObjectInfoClass: OBJECT_INFO_CLASS; Buffer: PVOID;
2266.   BufferSize: ULONG): NTSTATUS; stdcall;
2267. { Óñòàíîâêà èíôîðìàöèè ïðîöåññà }
2268. function NtSetInformationProcess (hProcess: THandle;
2269.   ProcessInformationClass: LongInt; ProcessInformation: Pointer;
2270.   ProcessInformationLength: ULONG): NTSTATUS; stdcall;
2271. { Óñòàíîâêà ïàðàìåòðîâ îáúåêòà "Reserve" }
2272. function NtSetInformationReserve(ReserveHandle: THANDLE;
2273.   InformationClass: Integer; InformationBuffer: PVOID;
2274.   InformationBufferSize: ULONG): NTSTATUS; stdcall;
2275. { Óñòàíîâêà ïàðàìåòðîâ ïîòîêà }
2276. function NtSetInformationThread (hThread: THANDLE; ThreadInfoClass: Integer;
2277.   ThreadInfoBuffer: PVOID; ThreadInfoBufferLength: ULONG): NTSTATUS; stdcall;
2278. { Óñòàíàâëèâàåò ïàðàìåòðû ìàðêåðà äîñòóïà }
2279. function NtSetInformationToken(hToken: THANDLE;
2280.   TokenInfoClass: TOKEN_INFORMATION_CLASS; TokenInfoBuffer: PVOID;
2281.   TokenInfoBufferLength: ULONG): NTSTATUS; stdcall;
2282. { Óñòàíîâêà î÷åðåäè ñîîáùåíèé î çàâåðøåíèè ââîäà/âûâîäà äëÿ îáúåêòà çàâåðøåíèÿ
2283.   ââîäà/âûâîäà }
2284. function NtSetIoCompletion(IoCompletionPortHandle: THANDLE;
2285.   CompletionKey, CompletionValue: ULONG; CompletionStatus: NTSTATUS;
2286.   CompletionInformation: ULONG): NTSTATUS; stdcall;
2287. { Óñòàíîâêà äîñòóïà ê îáúåêòó }
2288. function NtSetSecurityObject(hObj: THANDLE; SI: SECURITY_INFORMATION;
2289.   pSD: PVOID): NTSTATUS; stdcall;
2290. { Óñòàíîâêà ñèñòåìíîé èíôîðìàöèè }
2291. function NtSetSystemInformation (SystemInformationClass: LongInt;
2292.   SystemInformation: Pointer;
2293.   SystemInformationLength: ULONG): NTSTATUS; stdcall;
2294. { Óñòàíîâêà ñèñòåìíîãî âðåìåíè }
2295. function NtSetSystemTime(
2296.   pSystemTime, pOldsystemTime: PLARGE_INTEGER): NTSTATUS; stdcall;
2297. { Óñòàíàâëèâàåò óñëîâèÿ äëÿ âûïîëíåíèÿ òåêóùåãî ïîòîêà }
2298. function NtSetThreadExecutionState(ExecutionState: Integer;
2299.   PreviousExecutionState: PInteger): NTSTATUS; stdcall;
2300. { Óñòàíîâêà ñâîéñòâ îáúåêòà "òàéìåð" }
2301. function NtSetTimer(TimerHandle: THANDLE; DueTime: PLARGE_INTEGER;
2302.   TimerApcRoutine: Pointer; TimerContext: PVOID; WakeTimer: BOOL;
2303.   Period: LONG; PreviousState: PBOOLEAN): NTSTATUS; stdcall;
2304. { Óñòàíîâêà çíà÷åíèÿ êëþ÷à ñèñòåìíîãî ðååñòðà }
2305. function NtSetValueKey (hKey: THANDLE; uValueName: PUNICODE_STRING;
2306.   TitleIndex, ValueType: ULONG; pValueData: PVOID;
2307.   pValueDataLength: ULONG): NTSTATUS; stdcall;
2308. { Óñòàíîâêà ïàðàìåòðîâ òîìà }
2309. function NtSetVolumeInformationFile(hFile: THANDLE;
2310.   IoStatusBlock: PIOSTATUSBLOCK; VolumeInformationBuffer: PVOID;
2311.   VolumeInformationBufferLength: ULONG;
2312.   FileSystemInformationClass: FS_INFORMATION_CLASS): NTSTATUS; stdcall;
2313. { Óñòàíîâêà îáúåêòà â ñèãíàëüíîå ñîñòîÿíèå è îæèäàíèå äðóãîãî îáúåêòà }
2314. function NtSignalAndWaitForSingleObject(hSignalObject, hWaitObject: THANDLE;
2315.   bAlertable: BOOL; Timeout: PLARGE_INTEGER): NTSTATUS; stdcall;
2316. { Ïðèîñòàíîâêà ïîòîêà }
2317. function NtSuspendThread(hThread: THANDLE;
2318.   pSuspendCount: PULONG): NTSTATUS; stdcall;
2319. { Çàâåðøåíèå çàäàíèÿ }
2320. function NtTerminateJobObject(hJob: THANDLE;
2321.   ExitCode: NTSTATUS): NTSTATUS; stdcall;
2322. { Çàâåðøåíèå ïðîöåññà }
2323. function NtTerminateProcess (hProcess: THandle;
2324.   ExitCode: DWORD): NTSTATUS; stdcall;
2325. { Çàâåðøåíèå ïîòîêà }
2326. function NtTerminateThread (hThread: THandle;
2327.   ExitCode: DWORD): NTSTATUS; stdcall;
2328. { Ïðîâåðêà òðåâîæíîãî ñîñòîÿíèÿ ïîòîêà }
2329. function NtTestAlert: NTSTATUS; stdcall;
2330. { Âûãðóçêà äðàéâåðà }
2331. function NtUnloadDriver(
2332.   DriverRegistryEntry: PUNICODE_STRING): NTSTATUS; stdcall;
2333. { Óäàëÿåò êóñò êëþ÷åé èç ñèñòåìíîãî ðååñòðà }
2334. function NtUnloadKey(KeyNameAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
2335. { Ðàçáëîêèðîâêà ó÷àñòêà ôàéëà }
2336. function NtUnlockFile(hFile: THANDLE; IoStatusBlock: PIOSTATUSBLOCK;
2337.   FileOffset, Length: PLARGE_INTEGER;
2338.   LockOperationKey: PULONG): NTSTATUS; stdcall;
2339. { Ðàçáëîêèðîâêà ñòðàíèö âèðòóàëüíîé ïàìÿòè }
2340. function NtUnlockVirtualMemory(hProcess: THANDLE; BaseAddress: PPVOID;
2341.   RegionSize: PULONG; UnlockTypeRequested: ULONG): NTSTATUS; stdcall;
2342. { Óäàëåíèå îòîáðàæåíèÿ ñåêöèè }
2343. function NtUnmapViewOfSection (hProcess: THandle;
2344.   BaseAddress: Pointer): NTSTATUS; stdcall;
2345. { Óïðàâëåíèå ìåíåäæåðîì âèðòóàëüíûõ ìàøèí DOS }
2346. function NtVdmControl(ControlCode: ULONG;
2347.   ControlData: PVOID): NTSTATUS; stdcall;
2348. { Îæèäàíèå ïåðåõîäà íåñêîëüêèõ (èëè îäíîãî èç) îáúåêòîâ â ñèãíàëüíîå ñîñòîÿíèå }
2349. function NtWaitForMultipleObjects(NumberOfHandles: ULONG;
2350.   ArrayOfHandles: PHANDLE; WaitType: Integer; Alertable: BOOL;
2351.   Timeout: ULONG): NTSTATUS; stdcall;
2352. { Îæèäàíèå îáúåêòà }
2353. function NtWaitForSingleObject (Handle: THandle;
2354.   Alertable: LongBool; Timeout: PLARGE_INTEGER): NTSTATUS; stdcall;
2355. { Çàïèñü â ôàéë }
2356. function NtWriteFile (FileHandle: THandle; Event: THandle;
2357.   ApcRoutine: Pointer; ApcContext:Pointer; IoStatusBlock: PIoStatusBlock;
2358.   Buffer: Pointer; Length: ULONG; ByteOffset: PLARGE_INTEGER;
2359.   Key: PDWORD): NTSTATUS; stdcall;
2360. { Çàïèñü ôàéëà "âðàçáðîñ" }
2361. function NtWriteFileGather(hFile, hEvent: THANDLE; IoApcRoutine: Pointer;
2362.   IoApcContext: PVOID; IoStatusBlock: PIOSTATUSBLOCK;
2363.   aSegmentArray: PFILE_SEGMENT_ELEMENT; nBytesToWrite: ULONG;
2364.   FileOffset: PLARGE_INTEGER; LockOperationKey: PULONG): NTSTATUS; stdcall;
2365. { Çàïèñü â çíà÷åíèÿ â âèðòóàëüíóþ ïàìÿòü ïðîöåññà }
2366. function NtWriteVirtualMemory(hProcess: THANDLE; BaseAddress: PVOID;
2367.   Buffer: PVOID; BytesToWrite: ULONG; BytesWritten: PULONG): NTSTATUS; stdcall;
2368. { Âûçîâ ïëàíèðîâùèêà ïîòîêîâ }
2369. function NtYieldExecution: NTSTATUS; stdcall;
2370.  
2371. { RTL }
2372. { Áëîêèðîâêà áëîêà îêðóæåíèÿ ïðîöåññà }
2373. procedure RtlAcquirePebLock; stdcall;
2374. { Àêòèâàöèÿ êîíòåêñòà side-by-side }
2375. function RtlActivateActivationContext(dwFlags: DWORD; hActCtx: THANDLE;
2376.   lpCookie: PPDWORD): NTSTATUS; stdcall;
2377. { Àêòèâàöèÿ êîíòåêñòà side-by-side }
2378. function RtlActivateActivationContextEx(dwFlags: DWORD; Teb: PVOID;
2379.   hActCtx: THANDLE; lpCookie: PPDWORD): NTSTATUS; stdcall;
2380. { Äîáàâëåíèå â äåñêðèïòîð áåçîïàñíîñòè ðàçðåøàþùåãî ACE }
2381. function RtlAddAccessAllowedAce(pAcl: PACL; dwAceRevision: ULONG;
2382.   AccessMask: ULONG; pSid: PSID): NTSTATUS; stdcall;
2383. { Äîáàâëÿåò ññûëêó íà êîíòåêñò àêòèâàöèè }
2384. procedure RtlAddRefActivationContext(hActCtx: THANDLE); stdcall;
2385. { Èçìåíÿåò ñîñòîÿíèå ïðèâèëåãèè â ìàðêåðå (CurrentThread-FALSE-CurrentProcess) }
2386. function RtlAdjustPrivilege(Privilege: ULONG; Enable, CurrentThread: BOOL;
2387.   Enabled: PBOOLEAN): NTSTATUS; stdcall;
2388. { Ñîçäàíèå èäåíòèôèêàòîðà áåçîïàñíîñòè }
2389. function RtlAllocateAndInitializeSid(
2390.   pIdentifierAuthority: PSID_IDENTIFIER_AUTHORITY;
2391.   nSubAuthorityCount: Integer; dwSubAuthority0, dwSubAuthority1,
2392.   dwSubAuthority2, dwSubAuthority3, dwSubAuthority4, dwSubAuthority5,
2393.   dwSubAuthority6, dwSubAuthority7: DWORD; pSid: PPSID): NTSTATUS; stdcall;
2394. { Ñîçäàíèå äåñêðèïòîðà â ëîêàëüíîé òàáëèöå äåñêðèïòîðîâ }
2395. function RtlAllocateHandle(HandleTable: PRTL_HANDLE_TABLE;
2396.   HandleIndex: PULONG): PRTL_HANDLE_TABLE_ENTRY; stdcall;
2397. { Âûäåëåíèå ïàìÿòè èç êó÷è }
2398. function RtlAllocateHeap (Heap: THandle; AllocationFlags: DWORD;
2399.   Size: DWORD): Pointer; stdcall;
2400. { Ïåðåâîä ANSI-ñèìâîëà â Unicode-ñèìâîë }
2401. function RtlAnsiCharToUnicodeChar(SourceCharacter: PPBYTE): WCHAR; stdcall;
2402. { Âîçâðàùåò ðàçìåð áóôåðà äëÿ ïåðåêîäèðîâêè èç ANSI â Unicode }
2403. function RtlAnsiStringToUnicodeSize(AAnsiString: PANSI_STRING): ULONG; stdcall;
2404. { Ïðåîáðàçîâàíèå ANSI-ñòðîêè â UNICODE-ñòðîêó }
2405. function RtlAnsiStringToUnicodeString (DestinationString: PUNICODE_STRING;
2406.   SourceString: PANSI_STRING;
2407.   AllocateDestinationString: BOOL): NTSTATUS; stdcall;
2408. { Êîíêàòåíàöèÿ Unicode-ñòðîê }
2409. function RtlAppendUnicodeStringToString(
2410.   Destination, Source: PUNICODE_STRING): NTSTATUS; stdcall;
2411. { Êîíêàòåíàöèÿ ñòðîêè â Unicode }
2412. function RtlAppendUnicodeToString (us: PUNICODE_STRING;
2413.   sAppend: LPCWSTR): NTSTATUS; stdcall;
2414. { Îñòàíàâëèâàåò ïðèëîæåíèå ïîäñèñòåìîé ïðîâåðêè ïðèëîæåíèé }
2415. procedure RtlApplicationVerifierStop(Code: ULONG; Message: LPSTR;
2416.   Param1: ULONG; Description1: LPSTR; Param2: ULONG; Description2: LPSTR;
2417.   Param3: ULONG; Description3: LPSTR; Param4: ULONG;
2418.   Description4: LPSTR); stdcall;
2419. { Óñòàíîâëåí ëè íàáîð áèòîâ }
2420. function RtlAreBitsSet(BitMapHeader: PRTL_BITMAP;
2421.   StartingIndex, Length: ULONG): BOOL; stdcall;
2422. { Ïðåîáðàçîâàíèå ANSI-ñòðîêè â ÷èñëî }
2423. function RtlCharToInteger(AString: LPSTR; Base: ULONG;
2424.   Value: PULONG): NTSTATUS; stdcall;
2425. { Ïðîâåðêà ïóòè ê êëþ÷ó ðååñòðà }
2426. function RtlCheckRegistryKey(RelativeTo: ULONG;
2427.   Path: LPWSTR): NTSTATUS; stdcall;
2428. { Ñáðîñ áèòîâ â áèòîâîé êàðòå }
2429. procedure RtlClearBits(BitMapHeader: PRTL_BITMAP;
2430.   StartingIndex, NumberToClear: ULONG); stdcall;
2431. { Óïëîòíåíèå êó÷è }
2432. function RtlCompactHeap(HeapHandle: PVOID; Flags: ULONG): SIZE_T; stdcall;
2433. { Ñðàâíåíèå äâóõ ó÷àñòêîâ ïàìÿòè }
2434. function RtlCompareMemory(Source1, Source2: PVOID;
2435.   Length: SIZE_T): SIZE_T; stdcall;
2436. { Ñðàâíèâàåò ANSI-ñòðîêè }
2437. function RtlCompareString(String1, String2: PSTRING;
2438.   CaseInSensitive: BOOL): LONG; stdcall;
2439. { Ñðàâíåíèå äâóõ Unicode-ñòðîê }
2440. function RtlCompareUnicodeString(String1, String2: PUNICODE_STRING;
2441.   CaseInSensitive: BOOL): LONG; stdcall;
2442. { Ïðåîáðàçîâàíèå èäåíòèôèêàòîðà áåçîïàñíîñòè â Unicode-ñòðîêó }
2443. function RtlConvertSidToUnicodeString(UnicodeString: PUNICODE_STRING;
2444.   Sid: PSID; AllocateDestinationString: BOOL): NTSTATUS; stdcall;
2445. { Êîïèðîâàíèå ëîêàëüíî-óíèêàëüíîãî èäåíòèôèêàòîðà }
2446. procedure RtlCopyLuid (DestLuid, SrcLuid: PLUID); stdcall;
2447. { Êîïèðîâàíèå ANSI-ñòðîêè }
2448. procedure RtlCopyString(DestinationString, SourceString: PSTRING); stdcall;
2449. { Êîïèðîâàíèå Unicode-ñòðîêè }
2450. procedure RtlCopyUnicodeString(
2451.   DestinationString, SourceString: PUNICODE_STRING); stdcall;
2452. { Ñîçäàíèå ñïèñêà äîñòóïà }
2453. function RtlCreateAcl(Acl: PACL; nAclLength: ULONG;
2454.   dwAclRevision: ULONG): NTSTATUS; stdcall;
2455. { Ñîçäàíèå òàáëèöû àòîìîâ }
2456. function RtlCreateAtomTable(InitSize: DWORD;
2457.   pAtomTableHandle: PHANDLE): NTSTATUS; stdcall;
2458. { Ñîçäàíèå áëîêà ïåðåìåííûõ îêðóæåíèÿ }
2459. function RtlCreateEnvironment(CopyCurrent: BOOL;
2460.   EnvironmentBlock: PPVOID): NTSTATUS; stdcall;
2461. { Ñîçäàíèå êó÷è }
2462. function RtlCreateHeap(AllocationFlags: ULONG; BaseAddress: PVOID;
2463.   MaximumSize, InitialSize: ULONG; UnknownAddress: PVOID;
2464.   HeapInfo: PHEAP_INFO): THANDLE; stdcall;
2465. { Ñîçäàíèå áëîêà ïàðàìåòðîâ ïðîöåññà }
2466. function RtlCreateProcessParameters(ProcessParameters: PPPROCESS_PARAMETERS;
2467.   ImagePathName, DllPath, CurrentDirectory, CommandLine: PUNICODE_STRING;
2468.   EnvironmentBlock: PVOID; WindowTitle, DesktopInfo,
2469.   ShellInfo, RuntimeData: PUNICODE_STRING): NTSTATUS; stdcall;
2470. { Ñîçäàíèå áóôåðà îòëàäî÷÷íîé èíôîðìàöèè }
2471. function RtlCreateQueryDebugBuffer(MaximumCommit: ULONG;
2472.   UseEventPair: BOOL): PRTL_DEBUG_INFORMATION; stdcall;
2473. { Ñîçäàíèå äåñêðèïòîðà áåçîïàñíîñòè }
2474. function RtlCreateSecurityDescriptor(
2475.   SecurityDescriptor: PSECURITY_DESCRIPTOR; Revision: ULONG): NTSTATUS; stdcall;
2476. { Ñîçäàíèå êó÷è ñ òýãàìè }
2477. function RtlCreateTagHeap (Heap: THandle; Flags: ULONG;
2478.   TagPrefix, TagNames: LPWSTR): DWORD; stdcall;
2479. { Ñîçäàíèå òàéìåðà â î÷åðåäè òàéìåðîâ }
2480. function RtlCreateTimer(TimerQueueHandle: THANDLE; Handle: PHANDLE;
2481.   AFunction: Pointer; Context: PVOID;
2482.   DueTime, Period, Flags: ULONG): NTSTATUS; stdcall;
2483. { Ñîçäàíèå î÷åðåäè òàéìåðîâ }
2484. function RtlCreateTimerQueue(TimerQueueHandle: PHANDLE): NTSTATUS; stdcall;
2485. { Ñîçäàíèå ñòðîêè UNICODE }
2486. function RtlCreateUnicodeString (us: PUNICODE_STRING;
2487.   s: PWideChar): Boolean; stdcall;
2488. { Ñîçäàíèå ñòðîêè UNICODE èç null-terminated ANSI-ñòðîêè }
2489. function RtlCreateUnicodeStringFromAsciiz (us: PUNICODE_STRING;
2490.   s: PAnsiChar): Boolean; stdcall;
2491. { Ïðåîáðàçîâàíèå èç çàäàííîé êîäîâîé ñòðàíèöû â Unicode-ñòðîêó }
2492. function RtlCustomCPToUnicodeN(CustomCP: PCPTABLEINFO; UnicodeString: LPWSTR;
2493.   MaxBytesInUnicodeString: ULONG; BytesInUnicodeString: PULONG;
2494.   CustomCPString: LPSTR; BytesInCustomCPString: ULONG): NTSTATUS; stdcall;
2495. { Ïåðåâîä âðåìåíè (???) â ñèñòåìíîå âðåìÿ }
2496. function RtlCutoverTimeToSystemTime(CutoverTime: PTIME_FIELDS;
2497.   SystemTime: PLARGE_INTEGER; CurrentSystemTime: PLARGE_INTEGER;
2498.   ThisYear: BOOL): BOOL; stdcall;
2499. { TODO: ÷òî äåëàåò ôóíêöèÿ }
2500. function RtlDefaultNpAcl(pAcl: PPACL): NTSTATUS; stdcall;
2501. { Óäàëåíèå àòîìà èç òàáëèöû àòîìîâ }
2502. function RtlDeleteAtomFromAtomTable(AtomTable: THANDLE;
2503.   AnAtom: ATOM): NTSTATUS; stdcall;
2504. { Óäàëåíèå êðèòè÷åñêîãî ðàçäåëà }
2505. function RtlDeleteCriticalSection(
2506.   var Section: TRTLCriticalSection): NTSTATUS; stdcall;
2507. { Óäàëåíèå òàéìåðà èç î÷åðåäè òàéìåðîâ }
2508. function RtlDeleteTimer(
2509.   TimerQueueHandle, TimerToCancel, Event: THANDLE): NTSTATUS; stdcall;
2510. { Óäàëåíèå î÷åðåäè òàéìåðîâ }
2511. function RtlDeleteTimerQueue(QueueHandle: THANDLE): NTSTATUS; stdcall;
2512. { Óäàëåíèå î÷åðåäè òàéìåðîâ }
2513. function RtlDeleteTimerQueueEx(QueueHandle, Event: THANDLE): NTSTATUS; stdcall;
2514. { Óäàëÿåò îáúåêò "îæèäàíèå" èç ïóëà îæèäàþùèõ îáúåêòîâ }
2515. function RtlDeregisterWait(WaitHandle: THANDLE): NTSTATUS; stdcall;
2516. { Óäàëÿåò îáúåêò "îæèäàíèå" èç ïóëà îæèäàþùèõ îáúåêòîâ }
2517. function RtlDeregisterWaitEx(WaitHandle, Event: THANDLE): NTSTATUS; stdcall;
2518. { Ðàçðóøåíèå áëîêà ïåðåìåííûõ îêðóæåíèÿ }
2519. function RtlDestroyEnvironment(Environment: PVOID): NTSTATUS; stdcall;
2520. { Ðàçðóøåíèå êó÷è }
2521. function RtlDestroyHeap (hHeap: THandle): PVOID; stdcall;
2522. { Óäàëåíèå áëîêà ïàðàìåòðîâ ïðîöåññà }
2523. function RtlDestroyProcessParameters(
2524.   ProcessParameters: PPROCESS_PARAMETERS): NTSTATUS; stdcall;
2525. { Ðàçðóøåíèå áëîêà îòëàäî÷íîé èíôîðìàöèè }
2526. function RtlDestroyQueryDebugBuffer(
2527.   Buffer: PRTL_DEBUG_INFORMATION): NTSTATUS; stdcall;
2528. { Îïðåäåëåíèå òèïà èìåíè ïóòè DOS (êàòàëîã, óñòðîéñòâî, etc }
2529. function RtlDetermineDosPathNameType_U(
2530.   DosFileName: LPWSTR): RTL_PATH_TYPE; stdcall;
2531. { Ïðîèñõîäèò ëè çàâåðøåíèå ðàáîòû Dll (âûãðóçêà ???) }
2532. function RtlDllShutdownInProgress: Boolean; stdcall;
2533. { Ïðåîáðàçîâàíèå èìåíè DNS â èìÿ êîìïüþòåðà }
2534. function RtlDnsHostNameToComputerName(
2535.   ComputerNameString, DnsHostNameString: PUNICODE_STRING;
2536.   AllocateComputerNameString: BOOL): NTSTATUS; stdcall;
2537. { Ïðîâåðêà, ñóùåñòâóåò ëè óêàçàííûé ôàéë }
2538. function RtlDoesFileExists_U(FileName: LPWSTR): BOOL; stdcall;
2539. { Ïðåîáðàçîâàíèå èìåíè ôàéëà DOS â èìÿ ôàéëà NT }
2540. function RtlDosPathNameToNtPathName_U (const DosFileName: PWideChar;
2541.   NtFileName: PUNICODE_STRING; FilePart: PPWideChar;
2542.   RelativeName: PRTL_RELATIVE_NAME): Boolean; stdcall;
2543. { Ïîèñê ôàéëà â êàòàëîãàõ, óêàçàííûõ â PATH }
2544. function RtlDosSearchPath_U(lpPath, lpFileName, lpExtension: LPWSTR;
2545.   nBufferLength: ULONG; lpBuffer: LPWSTR;
2546.   lpFilePart: PLPWSTR): ULONG; stdcall;
2547. { Âõîä â êðèòè÷åñêóþ ñåêöèþ }
2548. procedure RtlEnterCriticalSection (var Section: TRTLCriticalSection); stdcall;
2549. { Ñðàâíåíèå èäåíòèôèêàòîðîâ áåçîïàñíîñòè }
2550. function RtlEqualSid(sid1: PSID; sid2: PSID): BOOL; stdcall;
2551. { Ñðàâíåíèå ANSI-ñòðîê }
2552. function RtlEqualString (String1, String2: PAnsiString;
2553.   CaseInSensitive: Boolean): Boolean; stdcall;
2554. { Ñðàâíåíèå Unicode-ñòðîê }
2555. function RtlEqualUnicodeString (String1, String2: PUnicodeString;
2556.   CaseInSensitive: Boolean): Boolean; stdcall;
2557. { Ïðåîáðàçîâàíèå èìåí ïåðåìåííûõ îêðóæåíèÿ â çíà÷åíèÿ }
2558. function RtlExpandEnvironmentStrings_U(Environment: PVOID;
2559.   Source, Destination: PUNICODE_STRING;
2560.   ReturnedLength: PULONG): NTSTATUS; stdcall;
2561. { Äåëåíèå 64-áèòíîãî ÷èñëà íà 32-õ áèòíîå }
2562. function RtlExtendedLargeIntegerDivide(Dividend: LARGE_INTEGER;
2563.   Divisor: ULONG; Remainder: PULONG): int64; stdcall;
2564. { Ðàñøèðåíèå ñóùåñòâóþùåé êó÷è }
2565. function RtlExtendHeap(HeapHandle: PVOID; Flags: ULONG; Base: PVOID;
2566.   Size: SIZE_T): NTSTATUS; stdcall;
2567. { Ïîèñê ñáðîøåííûõ áèòîâ è èõ óñòàíîâêà }
2568. function RtlFindClearBitsAndSet(BitMapHeader: PRTL_BITMAP;
2569.   NumberToFind, HintIndex: ULONG): ULONG; stdcall;
2570. { Ïîèñê òåêñòà ñîîáùåíèÿ äëÿ óêàçàííîãî êîäà }
2571. function RtlFindMessage(DllHandle: PVOID;
2572.   MessageTableId, MessageLanguageId, MessageId: ULONG;
2573.   MessageEntry: PPMESSAGE_RESOURCE_ENTRY): NTSTATUS; stdcall;
2574. { Ñáðîñ êåøà ïàìÿòè }
2575. function RtlFlushSecureMemoryCache(MemoryAddress: PVOID;
2576.   dwUnknown: DWORD): BOOL; stdcall;
2577. { Ïîëó÷åíèå èìåíè êëþ÷à ðååñòðà òåêóùåãî ïîëüçîâàòåëÿ }
2578. function RtlFormatCurrentUserKeyPath(
2579.   CurrentUserKeyPath: PUNICODE_STRING): NTSTATUS; stdcall;
2580. { Ôîðìàòèðîâàíèå ñîîáùåíèÿ }
2581. function RtlFormatMessage(MessageFormat: LPWSTR; MaximumWidth: ULONG;
2582.   IgnoreInserts, ArgumentsAreAnsi, ArgumentsAreAnArray: BOOL;
2583.   Arguments: PVOID; Buffer: LPWSTR; Length: ULONG;
2584.   ReturnLength: PULONG): NTSTATUS; stdcall;
2585. { Îñâîáîæäàåò êîíòåêñòû àêòèâàöèè â ñòåêå ïîòîêà }
2586. procedure RtlFreeThreadActivationContextStack; stdcall;
2587. { Îñâîáîæäåíèå ANSI-ñòðîêè ñ äèíàìè÷åñêè âûäåëåííûì áóôåðîì }
2588. procedure RtlFreeAnsiString (Buffer: PAnsiString); stdcall;
2589. { Îñîáîæäåíèå äåñêðèïòîðà }
2590. function RtlFreeHandle(HandleTable: PRTL_HANDLE_TABLE;
2591.   Handle: PRTL_HANDLE_TABLE_ENTRY): BOOL; stdcall;
2592. { Îñâîáîæäåíèå ïàìÿòè â êó÷å }
2593. function RtlFreeHeap (Heap: THandle; FreeingFlags: DWORD;
2594.   Memory: Pointer): Boolean; stdcall;
2595. { Îñâîáîæäåíèå ïàìÿòè ñòðîêè }
2596. procedure RtlFreeOemString(OemString: PSTRING); stdcall;
2597. { Îñâîáîæäåíèå ïàìÿòè èäåíòèôèêàòîðà áåçîïàñíîñòè }
2598. function RtlFreeSid(Sid: PSID): NTSTATUS; stdcall;
2599. { Îñâîáîæäåíèå Unicode-ñòðîêè ñ äèíàìè÷åñêè âûäåëåííûì áóôåðîì }
2600. procedure RtlFreeUnicodeString (Buffer: PUnicodeString); stdcall;
2601. { Ïîëó÷åíèå ýëåìåíòà ñïèñêà óïðàâëåíèÿ äîñòóïîì }
2602. function RtlGetAce(pAcl: PACL; dwAceIndex: DWORD;
2603.   pAce: PPvoid): NTSTATUS; stdcall;
2604. { Ïîëó÷åíèå àêòèâíîãî êîíòåêñòà àêòèâàöèè }
2605. function RtlGetActiveActivationContext(pActCtx: PHANDLE): NTSTATUS; stdcall;
2606. { Ïîëó÷åíèå àäðåñà Process Environment block }
2607. function RtlGetCurrentPEB: Pointer;
2608. { Ïîëó÷åíèå òåêóùåãî êàòàëîãà }
2609. function RtlGetCurrentDirectory_U(nBufferLength: ULONG;
2610.   lpBuffer: LPWSTR): ULONG; stdcall;
2611. { Ïîëó÷åíèå ñïèñêà óïðàâëåíèÿ äîñòóïîì }
2612. function RtlGetDaclSecurityDescriptor(
2613.   pSecurityDescriptor: PSECURITY_DESCRIPTOR; lpbDaclPresent: PBOOLEAN;
2614.   pDacl: PPACL; lpbDaclDefaulted: PBOOLEAN): NTSTATUS; stdcall;
2615. { Ïîëó÷åíèå ôðåéìà ñòåêà }
2616. function RtlGetFrame: PVOID; stdcall;
2617. { Ïîëó÷åíèå ïîëíîãî ïóòè }
2618. function RtlGetFullPathName_U(FileName: PUNICODE_STRING;
2619.   nBufferLength: ULONG; lpBuffer: LPWSTR; lpFilePart: PLPWSTR;
2620.   NameInvalid: PBOOLEAN; InputPathType: PRTL_PATH_TYPE): ULONG; stdcall;
2621. { Ïîëó÷åíèå ïîñëåäíåé îøèáêè Native API }
2622. function RtlGetLastNtStatus: NTSTATUS; stdcall;
2623. { Ïîëó÷åíèå ïîñëåäíåé îøèáêè Win32 }
2624. function RtlGetLastWin32Error: DWORD; stdcall;
2625. { Ìàêñèìàëüíàÿ äëèíà ïóòè â ôîðìàòå NT }
2626. function RtlGetLongestNtPathLength: DWORD; stdcall;
2627. { Ïîëó÷åíèå ãëîáàëüíûõ ôëàãîâ NT }
2628. function RtlGetNtGlobalFlags: DWORD; stdcall;
2629. { Ïîëó÷åíèå êó÷ ïðîöåññà }
2630. function RtlGetProcessHeaps(NumberOfHeapsToReturn: ULONG;
2631.   ProcessHeaps: PPVOID): ULONG; stdcall;
2632. { Ïîëó÷åíèå òåêóùåãî ðåæèìà îáðàáîòêè îøèáîê ïîòîêà }
2633. function RtlGetThreadErrorMode: DWORD; stdcall;
2634. { Ïîëó÷åíèå ïîëüçîâàòåëüñêîé èíôîðìàöèè êó÷è }
2635. function RtlGetUserInfoHeap(HeapHandle: PVOID; Flags: ULONG;
2636.   BaseAddress: PVOID; UserValue: PPVOID; UserFlags: PULONG): BOOL; stdcall;
2637. { Ïîëó÷åíèå èíôîðìàöèè î âåðñèè ñèñòåìû }
2638. function RtlGetVersion(
2639.   lpVersionInformation: PRTL_OSVERSIONINFOW): NTSTATUS; stdcall;
2640. { Ïîëó÷åíèå GUID èç ñòðîêè }
2641. function RtlGUIDFromString(GuidString: PUNICODE_STRING;
2642.   Guid: PGUID): NTSTATUS; stdcall;
2643. { Ïåðåâîä àäðåñà êàòàëîãà PE-ôàéëà â àäðåñ äàííûõ }
2644. function RtlImageDirectoryEntryToData(Base: PVOID; MappedAsImage: BOOL;
2645.   DirectoryEntry: USHORT; Size: PULONG): PVOID; stdcall;
2646. { Çàãîëîâîê PE-ôàéëà äëÿ óêàçàííîãî ìîäóëÿ }
2647. function RtlImageNtHeader (hMod: HMODULE): PImageNTHeaders; stdcall;
2648. { Àíàëèç è ïîëó÷åíèå çàãîëîâêà PE-ôàéëà äëÿ óêàçàííîãî ìîäóëÿ,
2649.   ðàçìåð ìîäóëÿ ìîæåò ïðåâûøàòü 4 ãèãàáàéòà. }
2650. function RtlImageNtHeaderEx (dwFlags: DWORD; ImageBase: HMODULE;
2651.   ImageSize, ImageSizeHigh: ULONG;
2652.   NtHeaders: PPImageNTHeaders): NTSTATUS; stdcall;
2653. { Çàâåðøåíèå îëèöåòâîðåíèÿ }
2654. function RtlImpersonateSelf(
2655.   ImpersonationLevel: SECURITY_IMPERSONATION_LEVEL): NTSTATUS; stdcall;
2656. { Èíèöèàëèçàöèÿ ñòðîêè Ansi }
2657. procedure RtlInitAnsiString (var Buffer: TANSI_STRING;
2658.   Source: PAnsiChar); stdcall;
2659. { Èíèöèàëèçàöèÿ êðèòè÷åñêîé ñåêöèè }
2660. function RtlInitializeCriticalSection (
2661.   var Section: TRTLCriticalSection): NTSTATUS; stdcall;
2662. { Èíèöèàëèçàöèÿ êðèòè÷åñêîé ñåêöèè è ñ÷åò÷èêà ñïèí-áëîêèðîâîê }
2663. function RtlInitializeCriticalSectionAndSpinCount (
2664.   var Section: TRTLCriticalSection; SpinCount: DWORD): NTSTATUS; stdcall;
2665. { Èíèöèàëèçàöèÿ òàáëèöû äåñêðèïòîðîâ }
2666. procedure RtlInitializeHandleTable(MaximumNumberOfHandles,
2667.   SizeOfHandleTableEntry: ULONG; HandleTable: PRTL_HANDLE_TABLE); stdcall;
2668. { Èíèöèàëèçàöèÿ èäåíòèôèêàòîðà áåçîïàñíîñòè }
2669. function RtlInitializeSid(Sid: PSID;
2670.   pIdentifierAuthority: PSID_IDENTIFIER_AUTHORITY;
2671.   nSubAuthorityCount: Integer): BOOL; stdcall;
2672. { Èíèöèàëèçàöèÿ ñòðîêè (Ansi) }
2673. procedure RtlInitString (var Buffer: TANSI_STRING;
2674.   Source: PAnsiChar); stdcall;
2675. { Èíèöèàëèçàöèÿ ñòðîêè Unicode }
2676. procedure RtlInitUnicodeString (var Buffer: TUNICODE_STRING;
2677.   Source: PWideChar); stdcall;
2678. { Ïåðåâîä ÷èñëà â ñèìâîëüíîå ïðåäñòàâëåíèå }
2679. function RtlIntegerToChar(Value, Base: ULONG; OutputLength: LONG;
2680.   AString: LPSTR): NTSTATUS; stdcall;
2681. { Ïåðåâîä ÷èñëà â Unicode-ñòðîêó }
2682. function RtlIntegerToUnicodeString(Value, Base: ULONG;
2683.   AString: PUNICODE_STRING): NTSTATUS; stdcall;
2684. { Ïðîâåðÿåò, ÿâëÿåòñÿ ëè àêòèâíûì óêàçàííûé êîíòåêñò àêòèâàöèè }
2685. function RtlIsActivationContextActive(hActCtx: THANDLE): BOOL; stdcall;
2686. { ßâëÿåòñÿ ëè ïóòü èìåíåì DOS-óñòðîéñòâà }
2687. function RtlIsDosDeviceName_U (PathName: LPWSTR): BOOL; stdcall;
2688. { Ñîîòâåòñòâóåò ëè èìÿ ñòàíäàðòó DOS }
2689. function RtlIsNameLegalDOS8Dot3(Name: PUNICODE_STRING; OemName: PPSTRING;
2690.   NameContainsSpaces: PBOOLEAN): BOOL; stdcall;
2691. { ßâëÿåòñÿ ëè êîäèðîâêà òåêñòà Unicode }
2692. function RtlIsTextUnicode(Buffer: PVOID; Size: ULONG;
2693.   AResult: PULONG): BOOL; stdcall;
2694. { ßâëÿåòñÿ ëè äåñêðèïòîð êîððåêòíûì }
2695. function RtlIsValidHandle(HandleTable: PRTL_HANDLE_TABLE;
2696.   Handle: PRTL_HANDLE_TABLE_ENTRY): BOOL; stdcall;
2697. { Âûõîä èç êðèòè÷åñêîé ñåêöèè }
2698. procedure RtlLeaveCriticalSection (var Section: TRTLCriticalSection); stdcall;
2699. { Îïðåäåëåíèå ðàçìåðà èäåíòèôèêàòîðà áåçîïàñíîñòè }
2700. function RtlLengthRequiredSid(nSubAuthorityCount: Integer): ULONG; stdcall;
2701. { Îïðåäåëåíèå ðàçìåðà äåñêðèïòîðà áåçîïàñíîñòè }
2702. function RtlLengthSecurityDescriptor(
2703.   SecurityDescriptor: PSECURITY_DESCRIPTOR): ULONG; stdcall;
2704. { Îïðåäåëåíèå ðàçìåðà çàäàííîãî èäåíòèôèêàòîðà áåçîïàñíîñòè }
2705. function RtlLengthSid(Sid: PSID): DWORD; stdcall;
2706. { Áëîêèðîâêà êó÷è }
2707. function RtlLockHeap(HeapHandle: PVOID): BOOL; stdcall;
2708. { Ïðåîáðàçîâàíèå ñòðîêè èç êîäîâîé ñòðàíèöû Ansi èëè êîäîâîé ñòðàíèöû,
2709.   óñòàíîâëåííîé ïî óìîë÷àíèþ â Unicode }
2710. function RtlMultiByteToUnicodeN (Dest: PWideChar; MaxDestBufferSize: DWORD;
2711.   PDestBufferSize: LPDWORD; Source: PAnsiChar;
2712.   SourceSize: DWORD): NTSTATUS; stdcall;
2713. { Îïðåäåëåíèå ðàçìåðà áóôåðà äëÿ ïðåîáðàçîâàíèÿ èç ANSI â Unicode }
2714. function RtlMultiByteToUnicodeSize(BytesInUnicodeString: PULONG;
2715.   MultiByteString: LPSTR; BytesInMultiByteString: ULONG): NTSTATUS; stdcall;
2716. { Ïðåîáðàçîâàíèå ñòàòóñà ôóíêöèè Native API ê îøèáêå Win32 }
2717. function RtlNtStatusToDosError (Status: NTSTATUS): LongInt; stdcall;
2718. { Ïðåîáðàçîâàíèå ñòàòóñà ôóíêöèè Native API ê îøèáêå Win32 áåç çàíåñåíèÿ îøèáêè
2719.   â áëîê îêðóæåíèÿ ïîòîêà. }
2720. function RtlNtStatusToDosErrorNoTeb (Status: NTSTATUS): LongInt; stdcall;
2721. { Ïåðåâîä ñòðîêè èç OEM-êîäèðîâêè â Unicode }
2722. function RtlOemStringToUnicodeString(DestinationString: PUNICODE_STRING;
2723.   SourceString: PSTRING; AllocateDestinationString: BOOL): NTSTATUS; stdcall;
2724. { Ïðåîáðàçîâàíèå èç OEM-êîäèðîâêè â Unicode }
2725. function RtlOemToUnicodeN(UnicodeString: LPWSTR; MaxBytesInUnicodeString: ULONG;
2726.   BytesInUnicodeString: PULONG; OemString: LPSTR;
2727.   BytesInOemString: ULONG): NTSTATUS; stdcall;
2728. { Ïîëó÷åíèå äåñêðèïòîðà êëþ÷à ðååñòðà òåêóùåãî ïîëüçîâàòåëÿ }
2729. function RtlOpenCurrentUser(dwDesiredAccess: DWORD;
2730.   phKey: PHANDLE): NTSTATUS; stdcall;
2731. { TODO: ÷òî äåëàåò ôóíêöèÿ }
2732. function RtlPcToFileHeader(PcValue: PVOID; BaseOfImage: PPVOID): PVOID; stdcall;
2733. function NtNotImplementedPointer : Pointer;stdcall;
2734. { ßâëÿåòñÿ îäíà ñòðîêà ïðåôèêñîì äðóãîé }
2735. function RtlPrefixString(String1, String2: PSTRING;
2736.   CaseInSensitive: BOOL): BOOL; stdcall;
2737. { ßâëÿåòñÿ îäíà Unicode-ñòðîêà ïðåôèêñîì äðóãîé }
2738. function RtlPrefixUnicodeString(String1, String2: PUNICODE_STRING;
2739.   CaseInSensitive: BOOL): BOOL; stdcall;
2740. { Ïðåêðàùåíèå îæèäàíèÿ êðèòè÷åñêîé ñåêöèè }
2741. procedure RtlpUnWaitCriticalSection (var Section: TRTLCriticalSection);
2742. { Îæèäàíèå êðèòè÷åñêîé ñåêöèè }
2743. procedure RtlpWaitForCriticalSection (var Section: TRTLCriticalSection);
2744. { Åñòü ëè àòîì â òàáëèöå àòîìîâ }
2745. function RtlQueryAtomInAtomTable(AtomTable: THANDLE; AAtom: ATOM;
2746.   AtomUsage, AtomFlags: PULONG; AtomName: LPWSTR;
2747.   AtomNameLength: LPDWORD): NTSTATUS; stdcall;
2748. { Ïîëó÷åíèå çíà÷åíèÿ ïåðåìåííîé îêðóæåíèÿ }
2749. function RtlQueryEnvironmentVariable_U (EnvBlock: PVOID;
2750.   VarName, usResult: PUNICODE_STRING): NTSTATUS; stdcall;
2751. { Ïîëó÷åíèå èíôîðìàöèè î êó÷å }
2752. function RtlQueryHeapInformation(HeapHandle: PVOID;
2753.   HeapInformationClass: HEAP_INFORMATION_CLASS; HeapInformation: PVOID;
2754.   HeapInformationLength: SIZE_T; ReturnLength: PULONG): DWORD; stdcall;
2755. { Ïîëó÷åíèå èíôîðìàöèè î ñïèñêå êîíòðîëÿ äîñòóïà }
2756. function RtlQueryInformationAcl(Acl: PACL; AclInformation: PVOID;
2757.   AclInformationLength: ULONG;
2758.   AclInformationClass: ACL_INFORMATION_CLASS): NTSTATUS; stdcall;
2759. { Ïîëó÷åíèå èíôîðìàöèè î êîíòåêñòå àêòèâàöèè è ñáîðêàõ }
2760. function RtlQueryInformationActivationContext(dwFlags: DWORD;
2761.   hActCtx: THANDLE; pvSubInstance: PVOID; InfoClass: ULONG; pvBuffer: PVOID;
2762.   cbBuffer: SIZE_T; pcbWrittenOrRequired: PULONG): NTSTATUS; stdcall;
2763. { Âîçâðàùàåò èíôîðìàöèþ îá àêòèâíîì êîíòåêñòå àêòèâàöèè }
2764. function RtlQueryInformationActiveActivationContext(InfoClass: ULONG;
2765.   pvBuffer: PVOID; cbBuffer: SIZE_T;
2766.   pcbWrittenOrRequired: PULONG): NTSTATUS; stdcall;
2767. { Ïîëó÷åíèå îòëàäî÷íîé èíôîðìàöèè ïðîöåññà }
2768. function RtlQueryProcessDebugInformation(UniqueProcessId: THANDLE;
2769.   Flags: ULONG; Buffer: PRTL_DEBUG_INFORMATION): NTSTATUS; stdcall;
2770. { Îïðîñ çíà÷åíèé êëþ÷åé ðååñòðà }
2771. function RtlQueryRegistryValues(RelativeTo: ULONG; Path: LPCWSTR;
2772.   QueryTable: PRTL_QUERY_REGISTRY_TABLE;
2773.   Context, Environment: PVOID): NTSTATUS; stdcall;
2774. { Îïðîñ êó÷è }
2775. function RtlQueryTagHeap(HeapHandle: PVOID; Flags: ULONG; TagIndex: USHORT;
2776.   ResetCounters: BOOL; TagInfo: PRTL_HEAP_TAG_INFO): LPWSTR; stdcall;
2777. { Ïîìîùåíèå â î÷åðåäü çàäàíèÿ äëÿ ðàáî÷åãî ïîòîêà }
2778. function RtlQueueWorkItem(AFunction: Pointer; Context: PVOID;
2779.   Flags: ULONG): NTSTATUS; stdcall;
2780. { Âîçáóæäåíèå èñêëþ÷èòåëüíîé ñèòóàöèè }
2781. procedure RtlRaiseException(ExceptionRecord: PEXCEPTION_RECORD); stdcall;
2782. { Âîçáóæäåíèå èñêëþ÷èòåëüíîé ñèòóàöèè ñ êîäîì îøèáêè }
2783. procedure RtlRaiseStatus (Status: NTSTATUS); stdcall;
2784. { Ïåðåðàñïðåäåëåíèå ïàìÿòè â êó÷å }
2785. function RtlReAllocateHeap(HeapHandle: PVOID; Flags: ULONG;
2786.   BaseAddress: PVOID; Size: SIZE_T): PVOID; stdcall;
2787. { Ðåãèñòðàöèÿ îáúåêòà "îæèäàíèå" }
2788. function RtlRegisterWait(WaitHandle: PHANDLE; AHandle: THANDLE;
2789.   AFunction: Pointer; Context: PVOID;
2790.   Milliseconds, Flags: ULONG): NTSTATUS; stdcall;
2791. { Îñâîáîæäåíèå êîíòåêñòà àêòèâàöèè }
2792. procedure RtlReleaseActivationContext(hActCtx: THANDLE); stdcall;
2793. { Ñíÿòèå áëîêèðîâêè áëîêà îêðóæåíèÿ ïðîöåññà }
2794. procedure RtlReleasePebLock; stdcall;
2795. { Ïîâòîðíàÿ óñòàíîâêà ïîñëåäíåé îøèáêè Win32 }
2796. procedure RtlRestoreLastWin32Error (dwError: DWORD); stdcall;
2797. { Ðàñêîäèðîâàíèå Unicode-ñòðîêè }
2798. procedure RtlRunDecodeUnicodeString(Seed: BYTE;
2799.   AString: PUNICODE_STRING); stdcall;
2800. { Êîäèðîâàíèå Unicode-ñòðîêè }
2801. procedure RtlRunEncodeUnicodeString(Seed: PBYTE; AString:
2802.   PUNICODE_STRING); stdcall;
2803. { Óñòàíîâêà òåêóùåãî êàòàëîãà }
2804. function RtlSetCurrentDirectory_U(PathName: PUNICODE_STRING): NTSTATUS; stdcall;
2805. { Óñòàíîâêà ñïèñêà äîñòóïà äëÿ äåñêðèïòîðà áåçîïàñíîñòè }
2806. function RtlSetDaclSecurityDescriptor(
2807.   SecurityDescriptor: PSECURITY_DESCRIPTOR; DaclPresent: BOOL; Dacl: PACL;
2808.   DaclDefaulted: BOOL): NTSTATUS; stdcall;
2809. { Óñòàíîâêà çíà÷åíèÿ ïåðåìåííîé îêðóæåíèÿ }
2810. function RtlSetEnvironmentVariable(Environment: PPVOID;
2811.   Name, Value: PUNICODE_STRING): NTSTATUS; stdcall;
2812. { Óñòàíîâêà ïàðàìåòðîâ êó÷è }
2813. function RtlSetHeapInformation(HeapHandle: PVOID;
2814.   HeapInformationClass: HEAP_INFORMATION_CLASS; HeapInformation: PVOID;
2815.   HeapInformationLength: SIZE_T): DWORD; stdcall;
2816. { Óñòàíîâêà àäðåñà àñèíõðîííîé ïðîöåäóðû çàâåðøåíèÿ ââîäà/âûâîäà }
2817. function RtlSetIoCompletionCallback(FileHandle: THANDLE;
2818.   CompletionProc: Pointer; Flags: ULONG): NTSTATUS; stdcall;
2819. { Óñòàíîâêà âðåìåííîé çîíû }
2820. function RtlSetTimeZoneInformation(
2821.   TimeZoneInformation: PRTL_TIME_ZONE_INFORMATION): NTSTATUS; stdcall;
2822. { Óñòàíîâêà ðåæèìà îáðàáîòêè îøèáîê ïîòîêà }
2823. function RtlSetThreadErrorMode (ErrorMode: DWORD): NTSTATUS; stdcall;
2824. { Óñòàíîâêà ôóíêöèé ïóëà ïîòîêîâ äëÿ ñîçäàíèÿ è çàâåðøåíèÿ ïîòîêà }
2825. function RtlSetThreadPoolStartFunc(lpfnStartThreadFunc: Pointer;
2826.   lpfnExitThreadFunc: Pointer): NTSTATUS; stdcall;
2827. { Óñòàíàâëèâàåò íàáîð ïîëüçîâàòåëüñêèõ ôóíêöèé äëÿ Unicode }
2828. procedure RtlSetUnicodeCallouts(Callouts: PVOID); stdcall;
2829. { Óñòàíîâêà ïîëüçîâàòåëüêîãî çíà÷åíèÿ äëÿ êó÷è }
2830. function RtlSetUserValueHeap(HeapHandle: PVOID; Flags: ULONG;
2831.   BaseAddress, UserValue: PVOID): BOOL; stdcall;
2832. { Ïîëó÷åíèå ðàçìåðà êó÷è }
2833. function RtlSizeHeap(HeapHandle: PVOID; Flags: ULONG;
2834.   BaseAddress: PVOID): SIZE_T; stdcall;
2835. { Ïðåîáðàçîâàíèå GUID â ñòðîêó }
2836. function RtlStringFromGUID(AGuid: PGUID;
2837.   GuidString: PUNICODE_STRING): NTSTATUS; stdcall;
2838. { Ïîëó÷åíèå SubAuthority èç èäåíòèôèêàòîðà áåçîïàñíîñòè }
2839. function RtlSubAuthoritySid(Sid: PSID; nSubAuthority: ULONG): PULONG; stdcall;
2840. { Ïðåîáðàçîâàíèå âðåìåíè èç ñòðóêòóðû âî âðåìÿ UTC }
2841. function RtlTimeFieldsToTime(TimeFields: PTIME_FIELDS;
2842.   Time: PLARGE_INTEGER): BOOL; stdcall;
2843. { Ïðåîáðàçîâàíèå âðåìåíè èç Int64 â íàáîð ïîëåé }
2844. procedure RtlTimeToTimeFields (ATime: PLARGE_INTEGER;
2845.   ATimeFields: PTIME_FIELDS); stdcall;
2846. { Óëîâíûé âõîä â êðèòè÷åñêóþ ñåêöèþ }
2847. function RtlTryEnterCriticalSection (
2848.   var Section: TRTLCriticalSection): Boolean; stdcall;
2849. { Ïðåîáðàçîâàíèå ñòðîêè Unicode â Ansi }
2850. function RtlUnicodeStringToAnsiString (AnsiString: PANSI_STRING;
2851.   UnicodeString: PUNICODE_STRING; fAllocate: LongBool): NTSTATUS; stdcall;
2852. { Ïðåîáðàçîâàíèå Unicode-ñòðîêè â ÷èñëî }
2853. function RtlUnicodeStringToInteger(AString: PUNICODE_STRING; Base: ULONG;
2854.   Value: PULONG): NTSTATUS; stdcall;
2855. { Ïðåîáðàçîâàíèå Unicode-ñòðîêè â OEM-ñòðîêó }
2856. function RtlUnicodeStringToOemString(DestinationString: PSTRING;
2857.   SourceString: PUNICODE_STRING;
2858.   AllocateDestinationString: BOOL): NTSTATUS; stdcall;
2859. { Ïðåîáðàçîâàíèå Unicode-ñòðîêè â ANSI-ñòðîêó }
2860. function RtlUnicodeToMultiByteN(Dest: LPSTR; DestSize: Integer;
2861.   ReturnLength: PLONG; Source: LPWSTR; dwNumChars: Integer): NTSTATUS; stdcall;
2862. { Ðàñ÷åò ðàçìåðà áóôåðà äëÿ ïðåîáðàçîâàíèÿ Unicode-ñòðîêè â ANSI-ñòðîêó }
2863. function RtlUnicodeToMultiByteSize(pResult: LPDWORD; lpusString: PWideChar;
2864.   cchusString: DWORD): NTSTATUS; stdcall;
2865. { Ïðåîáðàçîâàíèå èç Unicode â OEM-êîäèðîâêó }
2866. function RtlUnicodeToOemN(OemString: LPSTR; MaxBytesInOemString: ULONG;
2867.   BytesInOemString: PULONG; UnicodeString: LPWSTR;
2868.   BytesInUnicodeString: ULONG): NTSTATUS; stdcall;
2869. { Ðàçáëîêèðîâàíèå êó÷è }
2870. function RtlUnlockHeap(HeapHandle: PVOID): BOOL; stdcall;
2871. { Ðàñêðóòêà ñòåêà }
2872. procedure RtlUnwind(TargetFrame, TargetIp: PVOID;
2873.   ExceptionRecord: PEXCEPTION_RECORD; ReturnValue: PVOID); stdcall;
2874. { Ïðåîáðàçîâàíèå Unicode-ñèìâîëà ê âåðõíåìó ðåãèñòðó }
2875. function RtlUpcaseUnicodeChar(SourceCharacter: WideChar): WideChar; stdcall;
2876. { Ïðåîáðàçîâàíèå Unicode-ñòðîêè ê âåðõíåìó ðåãèñòðó }
2877. function RtlUpcaseUnicodeString(DestinationString: PUNICODE_STRING;
2878.   SourceString: PUNICODE_STRING;
2879.   AllocateDestinationString: BOOL): NTSTATUS; stdcall;
2880. { Îáíîâëåíèå ïàðàìåòðîâ òàéìåðà }
2881. function RtlUpdateTimer(TimerQueueHandle, Timer: THANDLE;
2882.   DueTime, Period: ULONG): NTSTATUS; stdcall;
2883. { Ïåðåâîäèò ñèìâîë â âåðõíèé ðåãèñòð }
2884. function RtlUpperChar(c: Char): Char; stdcall;
2885. { Ïåðåâîäèò ANSI-ñòðîêó â âåðõíèé ðåãèñòð }
2886. procedure RtlUpperString(DestinationString, SourceString: PSTRING); stdcall;
2887. { Ïîëó÷åíèå èíôîðìàöèè îá èñïîëüçîâàíèè êó÷è }
2888. function RtlUsageHeap(HeapHandle: PVOID; Flags: ULONG;
2889.   Usage: PRTL_HEAP_USAGE): NTSTATUS; stdcall;
2890. { Ïðîâåðêà ñïèñêà óïðàâëåíèÿ äîñòóïîì }
2891. function RtlValidAcl(Acl: PACL): BOOL; stdcall;
2892. { Ïðîâåðêà êó÷è }
2893. function RtlValidateHeap(HeapHandle: PVOID; Flags: ULONG;
2894.   BaseAddress: PVOID): BOOL; stdcall;
2895. { Ïðîâåðêà äåñêðèïòîðà áåçîïàñíîñòè }
2896. function RtlValidRelativeSecurityDescriptor(
2897.   SecurityDescriptorInput: PSECURITY_DESCRIPTOR;
2898.   SecurityDescriptorLength: ULONG;
2899.   RequiredInformation: SECURITY_INFORMATION): BOOL; stdcall;
2900. { ßâëÿåòñÿ ëè êîððåêòíûì óêàçàííûé äåñêðèïòîð áåçîïàñíîñòè }
2901. function RtlValidSecurityDescriptor(
2902.   SecurityDescriptor: PSECURITY_DESCRIPTOR): BOOL; stdcall;
2903. { Ïðîâåðêà êîððåêòíîñòè èäåíòèôèêàòîðà áåçîïàñíîñòè }
2904. function RtlValidSid(Sid: PSID): BOOL; stdcall;
2905. { Ïðîâåðêà ñîâïàäåíèÿ âåðñèè ñèñòåìû ñ çàäàííûìè çíà÷åíèÿìè }
2906. function RtlVerifyVersionInfo(VersionInfo: PRTL_OSVERSIONINFOEXW;
2907.   TypeMask: ULONG; ConditionMask: ULONGLONG): NTSTATUS; stdcall;
2908. { Îáõîä êó÷è }
2909. function RtlWalkHeap(HeapHandle: PVOID;
2910.   Entry: PRTL_HEAP_WALK_ENTRY): NTSTATUS; stdcall;
2911. { Ïîëó÷åíèå ðàçìåðà áóôåðà, íåîáõîäèìîãî äëÿ ïðåîáðàçîâàíèÿ èç ANSI â Unicode }
2912. function RtlxAnsiStringToUnicodeSize(AAnsiString: PANSI_STRING): ULONG; stdcall;
2913. { Ïîëó÷åíèå ðàçìåðà áóôåðà, íåîáõîäèìîãî äëÿ ïðåîáðàçîâàíèÿ èç OEM â Unicode }
2914. function RtlxOemStringToUnicodeSize(OemString: PSTRING): ULONG; stdcall;
2915. { Ïîëó÷åíèå ðàçìåðà áóôåðà, íåîáõîäèìîãî äëÿ ïðåîáðàçîâàíèÿ èç Unicode â ANSI }
2916. function RtlxUnicodeStringToAnsiSize(
2917.   UnicodeString: PUNICODE_STRING): ULONG; stdcall;
2918. { Ïîëó÷åíèå ðàçìåðà áóôåðà, íåîáõîäèìîãî äëÿ ïðåîáðàçîâàíèÿ èç Unicode â OEM }
2919. function RtlxUnicodeStringToOemSize(
2920.   UnicodeString: PUNICODE_STRING): ULONG; stdcall;
2921. { Îáúÿâëåíèå íåäåéñòâèòåëüíûì êîíòåêñòà àêòèâàöèè }
2922. function RtlZombifyActivationContext(hActCtx: THANDLE): NTSTATUS; stdcall;
2923. { Ñîåäèíåíèå Unicode-ñòðîê, çàêàí÷èâàþùèõñÿ íóëåì }
2924. function wcscat(s1: LPWSTR; s2: LPWSTR): LPWSTR; cdecl;
2925. { Óêàçàòåëü íà ïåðâûé ñèìâîâ â Unicode-ñòðîêå }
2926. function wcschr (const s: PWideChar; c: WideChar): PWideChar; cdecl;
2927. { Êîïèðîâàíèå Unicode-ñòðîêè }
2928. function wcscpy (const Dst, Src: PWideChar): PWideChar; cdecl;
2929. { Ñðàâíåíèå Unicode-ñòðîê, çàêàí÷èâàþùèõñÿ íóëåì }
2930. function wcscmp(s1: LPWSTR; s2: LPWSTR): Integer; cdecl;
2931. { Ïîëó÷åíèå äëèíû Unicode-ñòðîêè, çàêàí÷èâàþùåéñÿ íóëåì }
2932. function wcslen(s: LPWSTR): SIZE_T; cdecl;
2933. { Ïîèñê óêàçàòåëÿ íà ïîñëåäíèé çàäàííûé ñèìâîë â Unicode-ñòðîêå,
2934.   çàêàí÷èâàþùåéñÿ íóëåì }
2935. function wcsrchr(s: LPWSTR; c: Integer): LPWSTR; cdecl;
2936.  
2937. { Ñëóæåáíàÿ ôóíêöèÿ äëÿ îáëåã÷åíèÿ çàïîëíåíèÿ ïîëåé ñòðóêòóðû OBJECT_ATTRIBUTES}
2938. procedure InitializeObjectAttributes (P : POBJECT_ATTRIBUTES;
2939.   N : PUNICODE_STRING; A : ULONG; R : THANDLE; S : PSECURITY_DESCRIPTOR);
2940.  
2941. const
2942. { NtQuerySystemInformation/NtSetSystemInformation system information class codes }
2943.   SystemBasicInformation = 0; { Áàçîâàÿ èíôîðìàöèÿ î ñèñòåìå }
2944.   SystemProcessorInformation = 1; { Èíôîðìàöèÿ î ïðîöåññîðå }
2945.   SystemPerformanceInformation = 2; { Èíôîðìàöèÿ î ïðîèçâîäèòåëüíîñòè }
2946.   SystemTimeOfDayInformation = 3; { Èíôîðìàöèÿ î äàòå è âðåìåíè }
2947.   SystemPathInformation = 4;     { *** Íå ïîääåðæèâàåòñÿ *** }
2948.   SystemProcessesAndThreadsInformation = 5; { Èíôîðìàöèÿ î ïðîöåññàõ è ïîòîêàõ }
2949.   SystemCallCounts = 6; { Èíôîðìàöèÿ î âûçîâàõ îòëàäî÷íîé âåðñèè ÿäðà }
2950.   SystemConfigurationInformation = 7; { Èíôîðìàöèÿ î êîíôèãóðàöèè }
2951.   SystemProcessorTimes = 8; { }
2952.   SystemGlobalFlag = 9; { Èíôîðìàöèÿ îá óñòàíîâëåííûõ ãëîáàëüíûõ ôëàãàõ ñèñòåìû}
2953.   SystemCallTimeInformation = 10; { }
2954.   SystemModuleInformation = 11; { }
2955.   SystemLockInformation = 12; { }
2956.   SystemStackTraceInformation = 13; { }
2957.   SystemPagedPoolInformation = 14; { Checked build only. TODO: Íåò ñòðóêòóðû }
2958.   SystemNonPagedPoolInformation = 15; { Checked build only. TODO: Íåò ñòðóêòóðû}
2959.   SystemHandleInformation = 16; { Èíôîðìàöèÿ î äåñêðèïòîðàõ }
2960.   SystemObjectInformation = 17; {}
2961.   SystemPageFileinformation = 18; {}
2962.   SystemInstructionEmulationCounts = 19; {}
2963.   SystemCacheInformation = 21; {}
2964.   SystemPoolTagInformation = 22; {}
2965.   SystemProcessorStatistics = 23; {}
2966.   SystemDpcInformation = 24; {}
2967.   SystemSummaryMemoryInformation = 25; { }
2968.   SystemLoadImage = 26; {}
2969.   SystemUnloadImage = 27; {}
2970.   SystemTimeAdjustment= 28; {}
2971.   SystemFullMemoryInformation = 29; { }
2972.   SystemCrashDumpInformation = 32; {}
2973.   SystemExceptionInformation = 33; {}
2974.   SystemCrashDumpStateInformation = 34; {}
2975.   SystemKernelDebuggerInformation = 35; {}
2976.   SystemContextSwitchInformation = 36; {}
2977.   SystemRegistryQuotaInformation = 37; {}
2978.   SystemLoadAndcallImage = 38; {}
2979.   SystemPrioritySeparation = 39; {}
2980.   SystemProcessorIdleInformation = 42; { }
2981.   SystemLegacyDriverInformation = 43; { }
2982.   SystemTimeZoneInformation = 44; {}
2983.   SystemLookasideInformation = 45; {}
2984.   SystemSetTimeSlipEvent = 46; {}
2985.   SystemCreateSession = 47; {}
2986.   SystemDeleteSession = 48; {}
2987.   SystemRangeStartInformation = 50; {}
2988.   SystemVerifierInformation = 51; {}
2989.   SystemAddVerifier = 52; {}
2990.   SystemSessionProcessesInformation = 53; {}
2991.   {}
2992.   SystemNumaProcessorMapInformation = 55; { }
2993.   SystemPrefetcherInformation = 56; {Windows XP è âûøå}
2994.   SystemSharedDataAlignment = 58; { }
2995.   SystemComPlusPackageInformation = 59; { }
2996.   SystemNumaAvailableMemoryInformation = 60; { }
2997.   SystemProcessorPowerInformation = 61; { }
2998.   SystemHandleInformationEx = 64; { }
2999.   SystemLostDelayedWrites = 65; { }
3000. { èíôîðìàöèîííûå êëàññû NtQueryInformationProcess }
3001.   ProcessBasicInformation = 0;
3002.   ProcessQuotaLimits = 1;
3003.   ProcessIoCounters = 2;
3004.   ProcessVmCounters = 3;
3005.   ProcessTimes = 4;
3006.   ProcessBasePriority = 5;
3007.   ProcessRaisePriority = 6;
3008.   ProcessDebugPort = 7;
3009.   ProcessExceptionPort = 8;
3010.   ProcessAccessToken = 9;
3011.   ProcessLdtInformation = 10;
3012.   ProcessLdtSize = 11;
3013.   ProcessDefaultHardErrorMode = 12;
3014.   ProcessIoPortHandlers = 13;      // Note: Òîëüêî â ðåæèìå ÿäðà
3015.   ProcessPooledUsageAndLimits = 14;
3016.   ProcessWorkingSetWatch = 15;
3017.   ProcessUserModeIOPL = 16;
3018.   ProcessEnableAlignmentFaultFixup = 17;
3019.   ProcessPriorityClass = 18;
3020.   ProcessWx86Information = 19;
3021.   ProcessHandleCount = 20;
3022.   ProcessAffinityMask = 21;
3023.   ProcessPriorityBoost = 22;
3024.   ProcessDeviceMap = 23;
3025.   ProcessSessionInformation = 24;
3026.   ProcessForegroundInformation = 25;
3027.   ProcessWow64Information = 26;
3028.   ProcessImageFileName = 27;
3029.   ProcessLUIDDeviceMapsEnabled = 28;
3030.   ProcessBreakOnTermination = 29;
3031.   ProcessDebugObjectHandle = 30;
3032.   ProcessDebugFlags = 31;
3033.   ProcessHandleTracing = 32;
3034.   MaxProcessInfoClass = 33;  // MaxProcessInfoClass should always be the last enum
3035. { èíôîðìàöèîííûå êëàññû NtQueryVolumeInformation }
3036.   FileFsVolumeInformation = 1;
3037.   FileFsLabelInformation = 2;
3038.   FileFsSizeInformation = 3;
3039.   FileFsDeviceInformation = 4;
3040.   FileFsAttributeInformation = 5;
3041.   FileFsControlInformation = 6;
3042.   FileFsFullSizeInformation = 7;
3043.   FileFsObjectIdInformation = 8;
3044. { èíôîðìàöèîííûå êëàññû NtQueryInformationFile }
3045. type
3046.   TFileInformationClass = (
3047.     __FileInformationNone,
3048.     FileDirectoryInformation, //1
3049.     FileFullDirectoryInformation, //2
3050.     FileBothDirectoryInformation, //3
3051.     FileBasicInformation,         //4
3052.     FileStandardInformation,      //5
3053.     FileInternalInformation,      //6
3054.     FileEaInformation,            //7
3055.     FileAccessInformation,        //8
3056.     FileNameInformation,          //9
3057.     FileRenameInformation,        //10
3058.     FileLinkInformation,          //11
3059.     FileNamesInformation,         //12
3060.     FileDispositionInformation,   //13
3061.     FilePositionInformation,      //14
3062.     FileFullEaInformation,        //15
3063.     FileModeInformation,          //16
3064.     FileAlignmentInformation,     //17
3065.     FileAllInformation,           //18
3066.     FileAllocationInformation,    //19
3067.     FileEndOfFileInformation,     //20
3068.     FileAlternateNameInformation, //21
3069.     FileStreamInformation,        //22
3070.     FilePipeInformation,          //23
3071.     FilePipeLocalInformation,     //24
3072.     FilePipeRemoteInformation,    //25
3073.     FileMailslotQueryInformation, //26
3074.     FileMailslotSetInformation,   //27
3075.     FileCompressionInformation,   //28
3076. {
3077.     FileCopyOnWriteInformation,   //29
3078.     FileCompletionInformation,
3079.     FileMoveClusterInformation,
3080.     FileOleClassIdInformation,
3081.     FileOleStateBitsInformation,
3082.     FileNetworkOpenInformation,
3083.     FileObjectIdInformation,
3084.     FileOleAllInformation,
3085.     FileOleDirectoryInformation,
3086.     FileContentIndexInformation,
3087.     FileInheritContentIndexInformation,
3088.     FileOleInformation,
3089. }
3090.     FileObjectIdInformation,        // 29
3091.     FileCompletionInformation,      // 30
3092.     FileMoveClusterInformation,     // 31
3093.     FileQuotaInformation,           // 32
3094.     FileReparsePointInformation,    // 33
3095.     FileNetworkOpenInformation,     // 34
3096.     FileAttributeTagInformation,    // 35
3097.     FileTrackingInformation,        // 36
3098.     FileIdBothDirectoryInformation, // 37
3099.     FileIdFullDirectoryInformation, // 38
3100.     FileValidDataLengthInformation, // 39
3101.     FileShortNameInformation,       // 40
3102.     FileMaximumInformation
3103.   );
3104.   FILE_INFORMATION_CLASS = TFileInformationClass;
3105.   PFileInformationClass = ^TFileInformationClass;
3106.  
3107. const
3108. { èíôîðìàöèîííûå êëàññû NtQueryInformationThread, NtSetInformationThread }
3109.   ThreadBasicInformation = 0;
3110.   ThreadTimes = 1;
3111.   ThreadPriority = 2;
3112.   ThreadBasePriority = 3;
3113.   ThreadAffinityMask = 4;
3114.   ThreadImpersonationToken = 5;
3115.   ThreadDescriptorTableEntry = 6;
3116.   ThreadEnableAlignmentFaultFixup = 7;
3117.   ThreadEventPair_Reusable = 8;
3118.   ThreadQuerySetWin32StartAddress = 9;
3119.   ThreadZeroTlsCell = 10;
3120.   ThreadPerformanceCount = 11;
3121.   ThreadAmILastThread = 12;
3122.   ThreadIdealProcessor = 13;
3123.   ThreadPriorityBoost = 14;
3124.   ThreadSetTlsArrayAddress = 15;
3125.   ThreadIsIoPending = 16;
3126.   ThreadHideFromDebugger = 17;
3127.   ThreadBreakOnTermination = 18;
3128.   MaxThreadInfoClass = 19;
3129. { èíôîðìàöèîííûå êëàññû NtQueryVirtualMemory }
3130.   MemoryBasicInformation = 0;
3131.   MemoryWorkingSetLimit = 1;
3132.   MemorySectionName = 2;
3133.   MemoryBasicVlmInformation = 3;
3134. { èíôîðìàöèîííûå êëàññû NtQueryValueKey }
3135.   KeyValueBasicInformation = 0;
3136.   KeyValueFullInformation = 1;
3137.   KeyValuePartialInformation = 2;
3138.   KeyValueFullInformationAligh64 = 3; //Ïðèñóòñòâóåò òîëüêî â Windows 2000 (è âûøå???)
3139.                                       // ãàðàíòèðóåò âûðàâíèâàíèå äàííûõ íà
3140.                                       // ãðàíèöó 64 áèò.
3141. type
3142. { Áàçîâàÿ èíôîðìàöèÿ çíà÷åíèÿ êëþ÷à ðååñòðà }
3143.   TKEY_VALUE_BASIC_INFORMATION = packed record
3144.     TitleIndex: ULONG; //Íå èñïîëüçóåòñÿ
3145.     ValueType: ULONG;
3146.     NameLength: ULONG;
3147.     //Name: array[0..0] of WideChar;
3148.   end;
3149.   KEY_VALUE_BASIC_INFORMATION = TKEY_VALUE_BASIC_INFORMATION;
3150.   PKEY_VALUE_BASIC_INFORMATION = ^TKEY_VALUE_BASIC_INFORMATION;
3151.  
3152. { Ïîëíàÿ èíôîðìàöèÿ çíà÷åíèÿ êëþ÷à ðååñòðà }
3153.   TKEY_VALUE_FULL_INFORMATION = packed record
3154.     TitleIndex: ULONG; //Íå èñïîëüçóåòñÿ
3155.     ValueType: ULONG;
3156.     DataOffset: ULONG;
3157.     DataLength: ULONG;
3158.     NameLength: ULONG;
3159.     //Name: array[0..0] of WideChar;
3160.     //Data: array[1] of
3161.   end;
3162.   KEY_VALUE_FULL_INFORMATION = TKEY_VALUE_FULL_INFORMATION;
3163.   PKEY_VALUE_FULL_INFORMATION = ^TKEY_VALUE_FULL_INFORMATION;
3164.  
3165. { ×àñòè÷íàÿ èíôîðìàöèÿ çíà÷åíèÿ êëþ÷à ðååñòðà }
3166.   TKEY_VALUE_PARTIAL_INFORMATION = packed record
3167.     TitleIndex: ULONG; //Íå èñïîëüçóåòñÿ
3168.     ValueType: ULONG;
3169.     DataLength: ULONG;
3170.     Data: array[0..0] of Char;
3171.   end;
3172.   KEY_VALUE_PARTIAL_INFORMATION = TKEY_VALUE_PARTIAL_INFORMATION;
3173.   PKEY_VALUE_PARTIAL_INFORMATION = ^TKEY_VALUE_PARTIAL_INFORMATION;
3174.  
3175. const
3176. //
3177. // Ïðàâà íà îáúåêò êàòàëîãà äèñïåò÷åðà îáúåêòîâ.
3178. //
3179.   DIRECTORY_QUERY  = $0001;
3180.   DIRECTORY_TRAVERSE = $0002;
3181.   DIRECTORY_CREATE_OBJECT = $0004;
3182.   DIRECTORY_CREATE_SUBDIRECTORY = $0008;
3183.   DIRECTORY_ALL_ACCESS = (STANDARD_RIGHTS_REQUIRED or $F);
3184. //
3185. // Ïðàâà íà îáúåêò ñèìâîëè÷åñêîé ññûëêè.
3186. //
3187.   SYMBOLIC_LINK_QUERY = $0001;
3188.   SYMBOLIC_LINK_ALL_ACCESS = (STANDARD_RIGHTS_REQUIRED or 1);
3189. //
3190. // Ïàðàìåòð "Options" ôóíêöèè NtDuplicateObject
3191. //
3192.   DUPLICATE_CLOSE_SOURCE    = $00000001;
3193.   DUPLICATE_SAME_ACCESS     = $00000002;
3194.   DUPLICATE_SAME_ATTRIBUTES = $00000004;
3195. //
3196. // Ïàðàìåòð "Attributes" Ôóíêöèè NtDuplicateObject
3197. //
3198.   HANDLE_FLAG_INHERIT       = $00000001;
3199.   HANDLE_FLAG_PROTECT_FROM_CLOSE = $00000002;
3200.  
3201. implementation
3202. uses
3203.   NtStatusDefs;
3204.  
3205. { Mark 3 }
3206. type
3207.   TCsrAllocateCaptureBuffer = function(
3208.     CountMessagePointers, Size: ULONG): PCSR_CAPTURE_HEADER; stdcall;
3209.   TCsrAllocateMessagePointer = function(CaptureBuffer: PCSR_CAPTURE_HEADER;
3210.     Length: ULONG; Pointer: PPVOID): ULONG; stdcall;
3211.   TCsrCaptureMessageBuffer = procedure(CaptureBuffer: PCSR_CAPTURE_HEADER;
3212.     Buffer: PVOID; Length: ULONG; CapturedBuffer: PPVOID); stdcall;
3213.   TCsrCaptureMessageString = procedure(CaptureBuffer: PCSR_CAPTURE_HEADER;
3214.     AString: LPCSTR; Length: ULONG; MaximumLength: ULONG;
3215.     CapturedString: PSTRING); stdcall;
3216.   TCsrCaptureMessageMultiUnicodeStringsInPlace = function (
3217.     pCaptureMessage: PPCSR_CAPTURE_HEADER; NumberOfStrings: ULONG;
3218.     Strings: PPUNICODE_STRING): NTSTATUS; stdcall;
3219.   TCsrClientCallServer = function(m: PCSR_API_MESSAGE;
3220.     CaptureBuffer: PCSR_CAPTURE_HEADER; ApiNumber: CSR_API_NUMBER;
3221.     ArgLength: ULONG): NTSTATUS; stdcall;
3222.   TCsrClientConnectToServer = function (ObjectDirectory: PWideChar;
3223.     ServerIndex: Integer; CallbackInfo: Pointer; MessageBuffer: Pointer;
3224.     BufferSize: LPDWORD; ServerProcess: PBYTE): NTSTATUS; stdcall;
3225.   TCsrClientConnectToServerXP = function (ObjectDirectory: PWideChar;
3226.     ServerIndex: Integer; MessageBuffer: Pointer;
3227.     BufferSize: LPDWORD; ServerProcess: PBYTE): NTSTATUS; stdcall;
3228.   TCsrFreeCaptureBuffer = procedure(
3229.     CaptureBuffer: PCSR_CAPTURE_HEADER); stdcall;
3230.   TCsrGetProcessId = function: DWORD; stdcall;
3231.   TCsrIdentifyAlertableThread = function: NTSTATUS; stdcall;
3232.   TCsrNewThread = procedure; stdcall;
3233.  
3234.   TDbgBreakPoint = procedure; stdcall;
3235.   TDbgUiConnectToDbg = function: NTSTATUS; stdcall;
3236.   TDbgUiContinue = function(AppClientId: PCLIENT_ID;
3237.     ContinueStatus: NTSTATUS): NTSTATUS; stdcall;
3238.   TDbgUiConvertStateChangeStructure = function(
3239.     StateChange: PDBGUI_WAIT_STATE_CHANGE;
3240.     lpDebugEvent: LPDEBUG_EVENT): NTSTATUS; stdcall;
3241.   TDbgUiDebugActiveProcess = function(
3242.     ProcessHandle: THANDLE): NTSTATUS; stdcall;
3243.   TDbgUiGetThreadDebugObject = function: PVOID; stdcall;
3244.   TDbgUiIssueRemoteBreakin = function(
3245.     ProcessHandle: THANDLE): NTSTATUS; stdcall;
3246.   TDbgUiStopDebugging = function(ProcessHandle: THANDLE): NTSTATUS; stdcall;
3247.   TDbgUiWaitStateChange = function(StateChange: PDBGUI_WAIT_STATE_CHANGE;
3248.     Timeout: PLARGE_INTEGER): NTSTATUS; stdcall;
3249.  
3250.   TLdrAccessResource = function(DllHandle: PVOID;
3251.     ResourceDataEntry: PIMAGE_RESOURCE_DATA_ENTRY; Address: PPVOID;
3252.     Size: PULONG): NTSTATUS; stdcall;
3253.   TLdrAlternateResourcesEnabled = function: BOOL; stdcall;
3254.   TLdrDestroyOutOfProcessImage = procedure(AImage: PVOID); stdcall;
3255.   TLdrDisableThreadCalloutsForDll = procedure (hMod: THandle); stdcall;
3256.   TLdrEnumerateLoadedModules = procedure(dwdwReserved: DWORD;
3257.     Enumerator: Pointer; ImageBaseAddress: PVOID); stdcall;
3258.   TLdrFindResource_U = function(DllHandle: PVOID; ResourceIdPath: PULONG;
3259.     ResourceIdPathLength: ULONG;
3260.     ResourceDataEntry: PPIMAGE_RESOURCE_DATA_ENTRY): NTSTATUS; stdcall;
3261.   TLdrFindResourceDirectory_U = function(DllHandle: PVOID;
3262.     ResourceIdPath: PULONG; ResourceIdPathLength: ULONG;
3263.     ResourceDataEntry: PPIMAGE_RESOURCE_DATA_ENTRY): NTSTATUS; stdcall;
3264.   TLdrFlushAlternateResourceModules = function: BOOL; stdcall;
3265.   TLdrGetDllHandle = function (Path: LPWSTR; DllCharacteristics: PULONG;
3266.     DllName: PUNICODE_STRING; DllHandle: PHandle): NTSTATUS; stdcall;
3267.   TLdrGetDllHandleEx = function(dwFlags: DWORD; DllPath: LPWSTR;
3268.     DllCharacteristics: PULONG; DllName: PUNICODE_STRING;
3269.     DllHandle: PHMODULE):NTSTATUS; stdcall;
3270.   TLdrGetProcedureAddress = function (ImageBase: PVOID; ProcName: PANSI_STRING;
3271.     ProcedureOrdinalValue: PULONG; ProcedureAddress: PPvoid): NTSTATUS; stdcall;
3272.   TLdrLoadAlternateResourceModule = function (DllHandle: THandle;
3273.     ModuleName: LPWSTR): THandle; stdcall;
3274.   TLdrLoadAlternateResourceModuleEx = function(uLandID: WORD; Module: HMODULE;
3275.     ModuleName: LPWSTR):PVOID; stdcall;
3276.   TLdrLoadDll = function (Path: LPWSTR; DllCharacteristics: PULONG;
3277.     DllName: PUNICODE_STRING; DllHandle: PHandle): NTSTATUS; stdcall;
3278.   TLdrLockLoaderLock = function (LockType: Integer;
3279.     var LockStatus, LockId: Integer): NTSTATUS; stdcall;
3280.   TLdrQueryImageFileExecutionOptions = function (SubKey: PUNICODE_STRING;
3281.     ValueName: LPWSTR; ValueSize: ULONG; Buffer: PVOID; BufferSize: ULONG;
3282.     ReturnedLength: PULONG): NTSTATUS; stdcall;
3283.   TLdrSetDllManifestProber = procedure(ProberRoutine: Pointer); stdcall;
3284.   TLdrShutdownProcess = procedure; stdcall;
3285.   TLdrShutdownThread = procedure; stdcall;
3286.   TLdrUnloadAlternateResourceModule = function(Module: PVOID): BOOL; stdcall;
3287.   TLdrUnloadDll = function (ImageBase: PVOID): NTSTATUS; stdcall;
3288.   TLdrUnlockLoaderLock = function (
3289.     LockType, LockId: Integer): NTSTATUS; stdcall;
3290.  
3291.   TNtAcceptConnectPort = function (PortHandle: PHANDLE; PortIdentifier: ULONG;
3292.     LpcMessage: PLPCMESSAGE; Accept: ULONG; WriteSection: PPORT_SECTION_WRITE;
3293.     ReadSection: PPORT_SECTION_READ): NTSTATUS; stdcall;
3294.   TNtAccessCheck = function(SecurityDescriptor: PSECURITY_DESCRIPTOR;
3295.     hTokenClient: THANDLE; DesiredAccess: ACCESS_MASK;
3296.     pGenericMapping: PGENERIC_MAPPING; pPrivilegeSet: PPRIVILEGE_SET;
3297.     pPrivilegeSetLength: PULONG; pAccessGranted: PACCESS_MASK;
3298.     AccessGrantedReturnStatus: PNTSTATUS): NTSTATUS; stdcall;
3299.   TNtAccessCheckAndAuditAlarm = function(SubSystemName: PUNICODE_STRING;
3300.     HandleId: PVOID; ObjectTypeName, ObjectName: PUNICODE_STRING;
3301.     SecurityDescriptor: PSECURITY_DESCRIPTOR; DesiredAccess: ACCESS_MASK;
3302.     pGenericMapping: PGENERIC_MAPPING; bObjectCreation: BOOL;
3303.     pAccessGranted: PACCESS_MASK; AccessGrantedReturnStatus: PNTSTATUS;
3304.     bGenerateOnClose: PBOOLEAN): NTSTATUS; stdcall;
3305.   TNtAccessCheckByType = function(pSecurityDescriptor: PSECURITY_DESCRIPTOR;
3306.     PrincipalSelfSid: PSID; hClientToken: THANDLE; DesiredAccess: ACCESS_MASK;
3307.     ObjectTypeList: POBJECT_TYPE_LIST; ObjectTypeListLength: ULONG;
3308.     pGenericMapping: PGENERIC_MAPPING; pPrivilegeSet: PPRIVILEGE_SET;
3309.     pPrivilegeSetLength: PULONG; pAccessGranted: PACCESS_MASK;
3310.     AccessGrantedReturnStatus: PNTSTATUS): NTSTATUS; stdcall;
3311.   TNtAccessCheckByTypeAndAuditAlarm = function(SubSystemName: PUNICODE_STRING;
3312.     HandleId: PVOID; ObjectTypeName, ObjectName: PUNICODE_STRING;
3313.     SecurityDescriptor: PSECURITY_DESCRIPTOR; PrincipalSelfSid: PSID;
3314.     DesiredAccess: ACCESS_MASK; AuditType: AUDIT_EVENT_TYPE; Flags: ULONG;
3315.     ObjectTypeList: POBJECT_TYPE_LIST; ObjectTypeListLength: ULONG;
3316.     pGenericMapping: PGENERIC_MAPPING; bObjectCreation: BOOL;
3317.     pAccessGranted: PACCESS_MASK; AccessGrantedReturnStatus: PNTSTATUS;
3318.     bGenerateOnClose: PBOOLEAN): NTSTATUS; stdcall;
3319.   TNtAccessCheckByTypeResultList = function(
3320.     pSecurityDescriptor: PSECURITY_DESCRIPTOR; PrincipalSelfSid: PSID;
3321.     hClientToken: THANDLE; DesiredAccess: ACCESS_MASK;
3322.     ObjectTypeList: POBJECT_TYPE_LIST; ObjectTypeListLength: ULONG;
3323.     pGenericMapping: PGENERIC_MAPPING; pPrivilegeSet: PPRIVILEGE_SET;
3324.     pPrivilegeSetLength: PULONG; pAccessGranted: PACCESS_MASK;
3325.     AccessGrantedReturnStatus: PNTSTATUS): NTSTATUS; stdcall;
3326.   TNtAccessCheckByTypeResultListAndAuditAlarm = function(
3327.     SubSystemName: PUNICODE_STRING; HandleId: PVOID;
3328.     ObjectTypeName, ObjectName: PUNICODE_STRING;
3329.     SecurityDescriptor: PSECURITY_DESCRIPTOR; PrincipalSelfSid: PSID;
3330.     DesiredAccess: ACCESS_MASK; AuditType: AUDIT_EVENT_TYPE; Flags: ULONG;
3331.     ObjectTypeList: POBJECT_TYPE_LIST; ObjectTypeListLength: ULONG;
3332.     pGenericMapping: PGENERIC_MAPPING; bObjectCreation: BOOLEAN;
3333.     pAccessGranted: PACCESS_MASK; AccessGrantedReturnStatus: PNTSTATUS;
3334.     bGenerateOnClose: PBOOLEAN): NTSTATUS; stdcall;
3335.   TNtAccessCheckByTypeResultListAndAuditAlarmByHandle = function(
3336.     SubsystemName: PUNICODE_STRING; HandleId: PVOID; TokenHandle: THANDLE;
3337.     ObjectTypeName, ObjectName: PUNICODE_STRING;
3338.     SecurityDescriptor: PSECURITY_DESCRIPTOR; PrincipalSelfSid: PSID;
3339.     DesiredAccess: ACCESS_MASK; AuditType: AUDIT_EVENT_TYPE; Flags: ULONG;
3340.     ObjectTypeList: POBJECT_TYPE_LIST; ObjectTypeListLength: ULONG;
3341.     GenericMapping: PGENERIC_MAPPING; ObjectCreation: BOOL;
3342.     GrantedAccessList: PACCESS_MASK; AccessStatusList: PULONG;
3343.     GenerateOnClose: PULONG): NTSTATUS; stdcall;
3344.   TNtAddAtom = function (pString: LPWSTR; StringLength: ULONG;
3345.     Atom: PATOM): NTSTATUS; stdcall;
3346.   TNtAdjustGroupsToken = function(hToken: THANDLE; ResetToDefault: BOOL;
3347.     pNewTokenGroups: PTOKEN_GROUPS; pOldTokenGroupsLength: ULONG;
3348.     pOldTokenGroups: PTOKEN_GROUPS;
3349.     pOldTokenGroupsActualLength: PULONG): NTSTATUS; stdcall;
3350.   TNtAdjustPrivilegesToken = function (hToken: THANDLE;
3351.     DisableAllPrivileges: Boolean; pNewPrivlegeSet: PTOKEN_PRIVILEGES;
3352.     PreviousPrivilegeSetBufferLength: ULONG;
3353.     pPreviousPrivlegeSet: PTOKEN_PRIVILEGES;
3354.     PreviousPrivlegeSetReturnLength: PULONG): NTSTATUS; stdcall;
3355.   TNtAlertThread = function(hThread: THANDLE): NTSTATUS; stdcall;
3356.   TNtAllocateLocallyUniqueId = function(Luid: PLUID): NTSTATUS; stdcall;
3357.   TNtAllocateUserPhysicalPages = function(ProcessHandle: THANDLE;
3358.     NumberOfPages, PageFrameNumbers: PULONG): NTSTATUS; stdcall;
3359.   TNtAllocateVirtualMemory = function (hProcess: THANDLE;
3360.     PreferredBaseAddress: PVOID; nLowerZeroBits: DWORD;
3361.     SizeRequestedAllocated: LPDWORD;
3362.     AllocationType, ProtectionAttributes: DWORD): NTSTATUS; stdcall;
3363.   TNtApphelpCacheControl = function(ControlCode: LONG;
3364.     ControlData: PVOID): NTSTATUS; stdcall;
3365.   TNtAssignProcessToJobObject = function (
3366.     hJob, hProcess: THANDLE): NTSTATUS; stdcall;
3367.   TNtAssociateProcessWithReserve = function(
3368.     ProcessHandle, ReserveHandle: THANDLE): NTSTATUS; stdcall;
3369.   TNtCancelDeviceWakeupRequest = function(
3370.     DeviceHandle: THANDLE): NTSTATUS; stdcall;
3371.   TNtCancelIoFile = function (hFile: THANDLE;
3372.     IoStatusBlock: PIoStatusBlock): NTSTATUS; stdcall;
3373.   TNtCancelTimer = function (TimerHandle: THANDLE;
3374.     CurrentState: PBOOLEAN): NTSTATUS; stdcall;
3375.   TNtClearEvent = function (hEvent: THANDLE): NTSTATUS; stdcall;
3376.   TNtClose = function (AHandle : THandle) : NTSTATUS; stdcall;
3377.   TNtCloseObjectAuditAlarm = function(SubSystemName: PUNICODE_STRING;
3378.     HandleId: PVOID; bGenerateOnClose: BOOL): NTSTATUS; stdcall;
3379.   TNtCommitTransaction = function(TransactionHandle: THANDLE;
3380.     AddInfo: ULONG): NTSTATUS; stdcall;
3381.   TNtCompleteConnectPort = function (PortHandle: THANDLE): NTSTATUS; stdcall;
3382.   TNtConnectPort = function (PortHandle: PHANDLE; PortName: PUNICODE_STRING;
3383.     SecurityQos: PSECURITY_QUALITY_OF_SERVICE;
3384.     WriteSection: PPORT_SECTION_WRITE; ReadSection: PPORT_SECTION_READ;
3385.     MaxMesageSize: PULONG; ConnectInfo: PVOID;
3386.     pConnectInfoLength: PULONG): NTSTATUS; stdcall;
3387.   TNtCreateDirectoryObject = function (DirectoryHandle: PHandle;
3388.     DesiredAccess: ACCESS_MASK;
3389.     ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
3390.   TNtCreateEvent = function (EventHandle: PHANDLE; DesiredAccess: ACCESS_MASK;
3391.     ObjectAttributes: POBJECT_ATTRIBUTES; EventType: Integer;
3392.     InitialState: BOOL): NTSTATUS; stdcall;
3393.   TNtCreateFile = function (FileHandle: PHandle;
3394.     const DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES;
3395.     IoStatusBlock: PIoStatusBlock; AllocationSize: PLARGE_INTEGER;
3396.     FileAttributes, ShareAccess, CreateDisposition, CreateOptions: ULONG;
3397.     EaBuffer: PVOID; EaLength: ULONG): NTSTATUS; stdcall;
3398.   TNtCreateJobObject = function (phJob: PHANDLE; DesiredAccess: ACCESS_MASK;
3399.     ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
3400.   TNtCreateKey = function (phKey: PHandle; DesiredAccess: ACCESS_MASK;
3401.     ObjectAttributes: POBJECT_ATTRIBUTES; TitleIndex: ULONG;
3402.     AClass: PUNICODE_STRING; CreateOptions: ULONG;
3403.     pDisposition: PULONG): NTSTATUS; stdcall;
3404.   TNtCreateMailSlotFile = function (hMailSlot: PHANDLE;
3405.     DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES;
3406.     IoStatusBlock: PIoStatusBlock; CreateOptions, InBufferSize,
3407.     nMaxMessageSize: ULONG; ReadTimeout: PLARGE_INTEGER): NTSTATUS; stdcall;
3408.   TNtCreateMutant = function (hMutex: PHandle; AccessMask: ACCESS_MASK;
3409.     ObjectAttributes: POBJECT_ATTRIBUTES;
3410.     bOwnMutant: Boolean): NTSTATUS; stdcall;
3411.   TNtCreateNamedPipeFile = function (hPipe: PHANDLE; DesiredAccess: ACCESS_MASK;
3412.     ObjectAttributes: POBJECT_ATTRIBUTES; IoStatusBlock: PIOSTATUSBLOCK;
3413.     AllocationSize: PLARGE_INTEGER;
3414.     FileAttributes, ShareAccess, PipeType, PipeReadMode, PipeWaitMode,
3415.     nMaxInstances, nOutBufferSize, nInBufferSize: ULONG;
3416.     DefaultTimeOut: PLARGE_INTEGER):NTSTATUS; stdcall;
3417.   TNtCreatePort = function (PortHandle: PHANDLE;
3418.     ObjectAttributes: OBJECT_ATTRIBUTES; MaxConnectInfoLength, MaxDataLength,
3419.     MaxPoolUsage: ULONG): NTSTATUS; stdcall;
3420.   TNtCreateSection = function (phSection: PHANDLE; DesiredAccess: ACCESS_MASK;
3421.     ObjectAttributes: POBJECT_ATTRIBUTES; MaximumSize: PLARGE_INTEGER;
3422.     SectionPageProtection, AllocationAttributes: ULONG;
3423.     hFile: THANDLE): NTSTATUS; stdcall;
3424.   TNtCreateSemaphore = function(hSemaphore: PHANDLE; AccessMask: ACCESS_MASK;
3425.     ObjectAttributes: POBJECT_ATTRIBUTES;
3426.     InitialCount, MaximumCount: ULONG):NTSTATUS; stdcall;
3427.   TNtCreateSymbolicLinkObject = function (SymbolicLinkHandle: PHandle;
3428.     DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES;
3429.     SubstituteString: PUNICODE_STRING): NTSTATUS; stdcall;
3430.   TNtCreateTimer = function(TimerHandle: PHandle; DesiredAccess: ACCESS_MASK;
3431.     ObjectAttributes: POBJECT_ATTRIBUTES;
3432.     TimerType: TIMER_TYPE): NTSTATUS; stdcall;
3433.   TNtCreateThread = function(phThread: PHANDLE; AccessMask: ACCESS_MASK;
3434.     ObjectAttributes: POBJECT_ATTRIBUTES; hProcess: THANDLE;
3435.     pClientId: PCLIENT_ID; pContext: PCONTEXT; pStackInfo: PSTACKINFO;
3436.     bSuspended: BOOL):NTSTATUS; stdcall;
3437.   TNtCreateWaitablePort = function(PortHandle: PHANDLE;
3438.     ObjectAttributes: POBJECT_ATTRIBUTES;
3439.     MaxConnectInfoLength, MaxDataLength, Reserved: ULONG): NTSTATUS; stdcall;
3440.   TNtDebugActiveProcess = function(ProcessHandle: THANDLE;
3441.     DebugObject: PVOID): NTSTATUS; stdcall;
3442.   TNtDelayExecution = function (bAlertable: ULONG;
3443.     pDuration: PLARGE_INTEGER): NTSTATUS; stdcall;
3444.   TNtDeleteAtom = function (AAtom: ATOM): NTSTATUS; stdcall;
3445.   TNtDeleteFile = function(ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
3446.   TNtDeleteKey = function (KeyHandle: THANDLE): NTSTATUS; stdcall;
3447.   TNtDeleteObjectAuditAlarm = function(SubSystemName: PUNICODE_STRING;
3448.     HandleId: PVOID; bGenerateOnClose: BOOL): NTSTATUS; stdcall;
3449.   TNtDeleteValueKey = function (hKey: THANDLE;
3450.     pValueName: PUNICODE_STRING):NTSTATUS; stdcall;
3451.   TNtDeviceIoControlFile = function (hFile, hEvent: THANDLE;
3452.     IoApcRoutine: Pointer; IoApcContext: PVOID; IoStatusBlock: PIOSTATUSBLOCK;
3453.     DeviceIoControlCode: ULONG; InBuffer: PVOID; InBufferLength: ULONG;
3454.     OutBuffer: PVOID; OutBufferLength: ULONG):NTSTATUS; stdcall;
3455.   TNtDisassociateProcessFromReserve = function(
3456.     ProcessHandle: THANDLE): NTSTATUS; stdcall;
3457.   TNtDisjoinThreadFromReserve = function(hThread: THANDLE): NTSTATUS; stdcall;
3458.   TNtDuplicateToken = function(hToken: THANDLE; DesiredAccess: ACCESS_MASK;
3459.     ObjectAttributes: POBJECT_ATTRIBUTES; bMakeTokenEffectiveOnly: BOOL;
3460.     TokenType: TOKEN_TYPE; phNewToken: PHANDLE): NTSTATUS; stdcall;
3461.   TNtDuplicateObject = function (SourceProcessHandle, SourceHandle,
3462.     TargetProcessHandle: THandle; TargetHandle: PHandle;
3463.     DesiredAccess: ACCESS_MASK; Attributes: ULONG; //OBJ_xxx
3464.     Options: ULONG): NTSTATUS; stdcall;
3465.   TNtEnumerateKey = function (hKey: THANDLE; Index: ULONG;
3466.     KeyInfoClass: KEY_INFORMATION_CLASS; KeyInfoBuffer: PVOID;
3467.     KeyInfoBufferLength: ULONG; BytesCopied: PULONG): NTSTATUS; stdcall;
3468.   TNtEnumerateValueKey = function (hKey: THANDLE; Index: ULONG;
3469.     KeyValueInfoClass: KEY_VALUE_INFORMATION_CLASS; KeyValueInfoBuffer: PVOID;
3470.     KeyValueInfoBufferLength: ULONG; BytesCopied: PULONG): NTSTATUS; stdcall;
3471.   TNtFilterToken = function(ExistingTokenHandle: THANDLE; Flags: ULONG;
3472.     SidsToDisable: PTOKEN_GROUPS; PrivilegesToDelete: PTOKEN_PRIVILEGES;
3473.     SidsToRestrict: PTOKEN_GROUPS; NewTokenHandle: PHANDLE): NTSTATUS; stdcall;
3474.   TNtFindAtom = function(pString: PWideChar; StringLength: ULONG;
3475.     AAtom: PATOM): NTSTATUS; stdcall;
3476.   TNtFlushBuffersFile = function(hFile: THANDLE;
3477.     IoStatusBlock: PIOSTATUSBLOCK): NTSTATUS; stdcall;
3478.   TNtFlushInstructionCache = function(hProcess: THANDLE; BaseAddressRegion:
3479.     PVOID; RegionSize: ULONG): NTSTATUS; stdcall;
3480.   TNtFlushKey = function(KeyHandle: THANDLE): NTSTATUS; stdcall;
3481.   TNtFlushVirtualMemory = function(hProcess: THANDLE; StartingAddress: PVOID;
3482.     SizeToFlush: PULONG; IoStatusBlock: PIOSTATUSBLOCK): NTSTATUS; stdcall;
3483.   TNtFreeUserPhysicalPages = function(ProcessHandle: THANDLE;
3484.     NumberOfPages, PageFrameNumbers: PULONG): NTSTATUS; stdcall;
3485.   TNtFreeVirtualMemory = function(hProcess: THANDLE; StartingAddress:
3486.     PVOID; SizeRequestedReleased: LPDWORD; ReleaseType: UINT):NTSTATUS; stdcall;
3487.   TNtFsControlFile = function(hFile, hEvent: THANDLE; IoApcRoutine: Pointer;
3488.     IoApcContext: PVOID; IoStatusBlock: PIOSTATUSBLOCK; FileSystemControlCode:
3489.     ULONG; InBuffer: PVOID; InBufferLength: ULONG; OutBuffer: PVOID;
3490.     OutBufferLength: ULONG):NTSTATUS; stdcall;
3491.   TNtGetCurrentProcessorNumber = function : Integer; stdcall;
3492.   TNtGetContextThread = function(hThread: THANDLE;
3493.     pContext: PCONTEXT):NTSTATUS; stdcall;
3494.   TNtGetDevicePowerState = function(DeviceHandle: THANDLE;
3495.     DevicePowerState: PDEVICE_POWER_STATE): NTSTATUS; stdcall;
3496.   TNtGetWriteWatch = function(ProcessHandle: THANDLE; Flags: ULONG;
3497.     BaseAddress: PVOID; RegionSize: ULONG;
3498.     Buffer, BufferEntries, Granularity: PULONG): NTSTATUS; stdcall;
3499.   TNtImpersonateAnonymousToken = function(hThread: THANDLE): NTSTATUS; stdcall;
3500.   TNtImpersonateClientOfPort = function(PortHandle: THANDLE;
3501.     LpcMessage: PLPCMESSAGE): NTSTATUS; stdcall;
3502.   TNtInitiatePowerAction = function(SystemAction: POWER_ACTION;
3503.     MinSystemState: SYSTEM_POWER_STATE; Flags: ULONG;
3504.     Asynchronous: BOOL): NTSTATUS; stdcall;
3505.   TNtIsProcessInJob = function(
3506.     ProcessHandle, JobHandle: THANDLE): NTSTATUS; stdcall;
3507.   TNtIsSystemResumeAutomatic = function: NTSTATUS; stdcall;
3508.   TNtJoinThreadToReserve = function(
3509.     ThreadHandle, ReserveHandle: THANDLE): NTSTATUS; stdcall;
3510.   TNtListenPort = function(PortHandle: THANDLE;
3511.     LpcMessage: PLPCMESSAGE): NTSTATUS; stdcall;
3512.   TNtLoadDriver = function(
3513.     DriverRegistryEntry: PUNICODE_STRING): NTSTATUS; stdcall;
3514.   TNtLoadKey = function(KeyNameAttributes,
3515.     HiveFileNameAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
3516.   TNtLockFile = function(hFile, hEvent: THANDLE; IoApcRoutine: Pointer;
3517.     IoApcContext: PVOID; IoStatusBlock: PIOSTATUSBLOCK;
3518.     FileOffset, Length: PLARGE_INTEGER; LockOperationKey: PULONG;
3519.     bFailIfNotPossibleAtThisPoint, bExclusiveLock: BOOL):NTSTATUS; stdcall;
3520.   TNtLockVirtualMemory = function(hProcess: THANDLE; BaseAddress: PPVOID;
3521.     RegionSize: PULONG; LockType: ULONG):NTSTATUS; stdcall;
3522.   TNtMakeTemporaryObject = function (AHandle: THandle): NTSTATUS; stdcall;
3523.   TNtMapUserPhysicalPages = function(BaseAddress: PVOID;
3524.     NumberOfPages, PageFrameNumbers: PULONG): NTSTATUS; stdcall;
3525.   TNtMapUserPhysicalPagesScatter = function(BaseAddresses: PPVOID;
3526.     NumberOfPages, PageFrameNumbers: PULONG): NTSTATUS; stdcall;
3527.   TNtMapViewOfSection = function (hSection: THandle; hProcess: THandle;
3528.     BaseAddress: PPVoid; ZeroBits: ULONG; CommitSize: ULONG;
3529.     SectionOffset: PLARGE_INTEGER; ViewSize: PULONG;
3530.     InheritDisposition: SECTION_INHERIT; AllocationType: ULONG;
3531.     Protect: ULONG): NTSTATUS; stdcall;
3532.   TNtNotifyChangeDirectoryFile = function(hFile, hEvent: THANDLE;
3533.     IoApcRoutine: Pointer; IoApcContext: PVOID; IoStatusBlock: PIOSTATUSBLOCK;
3534.     ChangeBuffer: PVOID; ChangeBufferLength, NotifyFilter: ULONG;
3535.     bWatchSubtree: BOOL):NTSTATUS; stdcall;
3536.   TNtNotifyChangeKey = function(hKey, hEvent: THANDLE; ApcRoutine: Pointer;
3537.     ApcRoutineContext: PVOID; IoStatusBlock: PIOSTATUSBLOCK;
3538.     NotifyFilter: ULONG; bWatchSubtree: BOOL; RegChangesDataBuffer: PVOID;
3539.     RegChangesDataBufferLength: ULONG; bAynchronous: BOOL): NTSTATUS; stdcall;
3540.   TNtNotifyChangeMultipleKeys = function(KeyHandle: THANDLE; Flags: ULONG;
3541.     KeyObjectAttributes: POBJECT_ATTRIBUTES; EventHandle: THANDLE;
3542.     ApcRoutine: Pointer; ApcContext: PVOID; IoStatusBlock: PIOSTATUSBLOCK;
3543.     NotifyFilter: ULONG; WatchSubTree: BOOL; Buffer: PVOID; BufferLength: ULONG;
3544.     Asynchronous: BOOL): NTSTATUS; stdcall;
3545.   TNtOpenDirectoryObject = function (DirectoryHandle: PHandle;
3546.     DesiredAccess: ACCESS_MASK;
3547.     ObjectAttributes: POBJECT_ATTRIBUTES) : NTSTATUS; stdcall;
3548.   TNtOpenEvent = function(hEvent: PHANDLE; DesiredAccess: ACCESS_MASK;
3549.     ObjectAttributes: POBJECT_ATTRIBUTES):NTSTATUS; stdcall;
3550.   TNtOpenFile = function (FileHandle: PHandle;
3551.     const DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES;
3552.     IoStatusBlock: PIoStatusBlock;
3553.     const ShareAccess, OpenOptions: ULONG): NTSTATUS; stdcall;
3554.   TNtOpenJobObject = function(phJob: PHANDLE; DesiredAccess: ACCESS_MASK;
3555.     ObjectAttributes: POBJECT_ATTRIBUTES):NTSTATUS; stdcall;
3556.   TNtOpenKey = function (phKey: PHandle; DesiredAccess: ACCESS_MASK;
3557.     oa: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
3558.   TNtOpenMutant = function(hMutex: PHANDLE; DesiredAccess: ACCESS_MASK;
3559.     ObjectAttributes: POBJECT_ATTRIBUTES):NTSTATUS; stdcall;
3560.   TNtOpenObjectAuditAlarm = function(SubsystemName: PUNICODE_STRING;
3561.     HandleId: PVOID; ObjectTypeName, ObjectName: PUNICODE_STRING;
3562.     pSecurityDescriptor: PSECURITY_DESCRIPTOR; hTokenClient: THANDLE;
3563.     DesiredAccess, GrantedAccess: ACCESS_MASK; pPrivilegeSet: PPRIVILEGE_SET;
3564.     bObjectCreation, bAccessGranted: BOOL;
3565.     bGenerateOnClose: PBOOLEAN): NTSTATUS; stdcall;
3566.   TNtOpenProcess = function (phProcess: PHandle; DesiredAccess: ACCESS_MASK;
3567.     oa: POBJECT_ATTRIBUTES; pClientId: PCLIENT_ID): NTSTATUS; stdcall;
3568.   TNtOpenProcessToken = function (hProcess: THandle;
3569.     DesiredAccess: ACCESS_MASK; hToken: PHandle): NTSTATUS; stdcall;
3570.   TNtOpenReserve = function(ReserveHandle: PHANDLE; DesiredAccess: ACCESS_MASK;
3571.     oa: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
3572.   TNtOpenSection = function(SectionHandle: PHANDLE; DesiredAccess: ACCESS_MASK;
3573.     ObjectAttributes: POBJECT_ATTRIBUTES):NTSTATUS; stdcall;
3574.   TNtOpenSemaphore = function(hSemaphore: PHANDLE; DesiredAccess: ACCESS_MASK;
3575.     ObjectAttributes: POBJECT_ATTRIBUTES):NTSTATUS; stdcall;
3576.   TNtOpenSymbolicLinkObject = function (SymbolicLinkHandle: PHandle;
3577.     DesiredAccess: ACCESS_MASK;
3578.     ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
3579.   TNtOpenThread = function(phThread: PHANDLE; AccessMask: ACCESS_MASK;
3580.     ObjectAttributes: POBJECT_ATTRIBUTES;
3581.     pClientId: PCLIENT_ID):NTSTATUS; stdcall;
3582.   TNtOpenThreadToken = function (hThread: THANDLE; DesiredAccess: ACCESS_MASK;
3583.     bUseContextOfProcess: LongBool; phToken: PHANDLE): NTSTATUS; stdcall;
3584.   TNtOpenTimer = function(TimerHandle: PHANDLE; DesiredAccess: ACCESS_MASK;
3585.     ObjectAttributes: POBJECT_ATTRIBUTES):NTSTATUS; stdcall;
3586.   TNtPowerInformation = function(PowerInformationLevel: POWER_INFORMATION_LEVEL;
3587.     InputBuffer: PVOID; InputBufferLength: ULONG; OutputBuffer: PVOID;
3588.     OutputBufferLength: ULONG): NTSTATUS; stdcall;
3589.   TNtPrivilegeCheck = function(hToken: THANDLE; PrivilegeSet: PPRIVILEGE_SET;
3590.     pbHasPrivileges: PBOOLEAN): NTSTATUS; stdcall;
3591.   TNtPrivilegedServiceAuditAlarm = function(
3592.     SubsystemName, ServiceName: PUNICODE_STRING; hToken: THANDLE;
3593.     pPrivilegeSet: PPRIVILEGE_SET; AccessGranted: BOOL): NTSTATUS; stdcall;
3594.   TNtPrivilegeObjectAuditAlarm = function(SubsystemName: PUNICODE_STRING;
3595.     HandleId: PVOID; hToken: THANDLE; DesiredAccess: ACCESS_MASK;
3596.     pPrivilegeSet: PPRIVILEGE_SET; AccessGranted: BOOL): NTSTATUS; stdcall;
3597.   TNtProtectVirtualMemory = function(hProcess: THANDLE; BaseAddress: PPVOID;
3598.     RegionSize: PULONG; Protect: ULONG; OldProtect: PULONG):NTSTATUS; stdcall;
3599.   TNtPulseEvent = function(hEvent: THANDLE;
3600.     PreviousState: PULONG):NTSTATUS; stdcall;
3601.   TNtQueryAttributesFile = function(ObjectAttributes: POBJECT_ATTRIBUTES;
3602.     pFileBasicInfo: PFILE_BASIC_INFORMATION):NTSTATUS; stdcall;
3603.   TNtQueryDefaultLocale = function(bSystemOrThreadLocale: BOOL;
3604.     DefaultLocale: PULONG):NTSTATUS; stdcall;
3605.   TNtQueryDefaultUILanguage = function(
3606.     DefaultUILanguage: PUSHORT):NTSTATUS; stdcall;
3607.   TNtQueryDirectoryFile = function (FileHandle, Event: THandle;
3608.     ApcRoutine: Pointer; ApcContext: Pointer;
3609.     IoStatusBlock: PIoStatusBlock; FileInformation: Pointer;
3610.     FileInformationLength: ULONG; FileInformationClass: Integer;
3611.     ReturnSingleEntry: LongBool; FileName: PUNICODE_STRING;
3612.     RestartScan: LongBool): NTSTATUS; stdcall;
3613.   TNtQueryDirectoryObject = function (DirectoryHandle: THandle;
3614.     Buffer: PVOID; BufferLength: ULONG; ReturnSingleEntry: Boolean;
3615.     RestartScan: Boolean; Context: PDWORD;
3616.     ReturnLength: PDWORD): NTSTATUS; stdcall;
3617.   TNtQueryEaFile = function(hFile: THANDLE; IoStatusBlock: PIOSTATUSBLOCK;
3618.     QueryEaBuffer: PVOID; QueryEaBufferLength: ULONG; bReturnSingleEa: BOOL;
3619.     pListEa: PVOID; pListEaLength: ULONG; ListEaIndex: PULONG;
3620.     bRestartQuery: BOOL):NTSTATUS; stdcall;
3621.   TNtQueryEvent = function(hEvent: THANDLE; InfoClass: EVENT_INFO_CLASS;
3622.     EventInfoBuffer: PVOID; EventInfoBufferSize: ULONG;
3623.     BytesCopied: PULONG):NTSTATUS; stdcall;
3624.   TNtQueryFullAttributesFile = function(
3625.     FileObjectAttributes: POBJECT_ATTRIBUTES; FullFileAttributes:
3626.     PFULL_FILE_ATTRIBUTES):NTSTATUS; stdcall;
3627.   TNtQueryInformationAtom = function(AnAtom: ATOM;
3628.     AtomInfoClass: ATOM_INFO_CLASS; AtomInfoBuffer: PVOID;
3629.     AtomInfoBufferLength: ULONG; BytesCopied: PULONG):NTSTATUS; stdcall;
3630.   TNtQueryInformationFile = function (FileHandle: THandle;
3631.     IoStatusBlock: PIoStatusBlock; FileInformation: PVOID; Length: ULONG;
3632.     FileInformationClass: Integer): NTSTATUS; stdcall;
3633.   TNtQueryInformationJobObject = function(hJob: THANDLE; JobObjectInfoClass:
3634.     JOBOBJECTINFOCLASS; JobObjectInfoBuffer: PVOID;
3635.     JobObjectInfoBufferLength: ULONG; BytesReturned: PULONG):NTSTATUS; stdcall;
3636.   TNtQueryInformationPort = function(PortHandle: THANDLE; InfoClass: ULONG;
3637.     Buffer: PVOID; BufferSize: ULONG; BytesReturned: PULONG): NTSTATUS; stdcall;
3638.   TNtQueryInformationProcess = function (hProcess : THandle;
3639.     ProcessInformationClass : LongInt; ProcessInformation : Pointer;
3640.     ProcessInformationLength : ULONG;
3641.     ReturnLength : PDWORD) : NTSTATUS; stdcall;
3642.   TNtQueryInformationReserve = function(ReserveHandle: THANDLE;
3643.     InformationClass: Integer; InformationBuffer: PVOID;
3644.     InformationBufferSize: ULONG; ReturnedLength: PULONG): NTSTATUS; stdcall;
3645.   TNtQueryInformationThread = function (hThread: THANDLE;
3646.     ThreadInfoClass: Integer; ThreadInfoBuffer: PVOID;
3647.     ThreadInfoBufferLength: ULONG; BytesReturned: PULONG): NTSTATUS; stdcall;
3648.   TNtQueryInformationToken = function (hToken: THandle;
3649.     TokenInformationType: Integer; TokenInformationBuffer: Pointer;
3650.     TokenInformationBufferSize: ULONG;
3651.     ReturnLength: PDWORD): NTSTATUS; stdcall;
3652.   TNtQueryInstallUILanguage = function(
3653.     InstallUILanguage: PUSHORT): NTSTATUS; stdcall;
3654.   TNtQueryKey = function (KeyHandle: THandle; KeyInformationClass: Integer;
3655.     KeyInformation: PVOID; Length: ULONG;
3656.     ResultLength: LPDWORD):NTSTATUS; stdcall;
3657.   TNtQueryQbject = function (ObjectHandle : THandle;
3658.     ObjectInformationClass : OBJECT_INFO_CLASS; ObjectInformation : Pointer;
3659.     ObjectInformationLength : ULONG; ReturnLength : PDWORD) : Integer; stdcall;
3660.   TNtQueryPerformanceCounter = function(
3661.     pPerformanceCount, pFrequency: PLARGE_INTEGER):NTSTATUS; stdcall;
3662.   TNtQuerySection = function(hSection: THANDLE;
3663.     SectionInfoClass: SECTION_INFORMATION_CLASS; Buffer: PVOID;
3664.     BufferSize: ULONG; BytesReturned: PULONG):NTSTATUS; stdcall;
3665.   TNtQuerySecurityObject = function(hObject: THANDLE;
3666.     SecurityInfoRequested: SECURITY_INFORMATION;
3667.     pSecurityDescriptor: PSECURITY_DESCRIPTOR; pSecurityDescriptorLength: ULONG;
3668.     BytesRequired: PULONG):NTSTATUS; stdcall;
3669.   TNtQuerySymbolicLinkObject = function (SymbolicLinkHandle: THandle;
3670.     TargetName: PUNICODE_STRING; ReturnLength: PDWORD): NTSTATUS; stdcall;
3671.   TNtQuerySystemInformation = function (SystemInformationClass : LongInt;
3672.     SystemInformation : Pointer; SystemInformationLength : ULONG;
3673.     ReturnLength : PDWORD) : NTSTATUS; stdcall;
3674.   TNtQuerySystemTime = function(pSystemTime: PLARGE_INTEGER): NTSTATUS; stdcall;
3675.   TNtQueryValueKey = function (KeyHandle: THandle; ValueName: PUNICODE_STRING;
3676.     KeyValueInformationClass: KEY_VALUE_INFORMATION_CLASS;
3677.     KeyValueInformation: PVOID; KeyValueInformationLength: ULONG;
3678.     ResultLength: PULONG): NTSTATUS; stdcall;
3679.   TNtQueryVirtualMemory = function (hProcess : THandle; Address : PVOID;
3680.     MemoryInformationClass : Integer; MemoryInformationBuffer : PVOID;
3681.     MemoryInformationBufferLength : ULONG;
3682.     ReturnLength : PDWORD) : NTSTATUS; stdcall;
3683.   TNtQueryVolumeInformationFile = function (Handle: THandle;
3684.     IoStatusBlock: PIoStatusBlock; VolumeInformation: Pointer;
3685.     VolumeInformationLength: ULONG;
3686.     VolumeInformationClass: LongInt): NTSTATUS; stdcall;
3687.   TNtQueueApcThread = function(hThread: THANDLE; ApcRoutine: Pointer;
3688.     NormalContext, SystemArgument1, SystemArgument2: PVOID):NTSTATUS; stdcall;
3689.   TNtRaiseHardError = function(Status: NTSTATUS; NumberOfArguments,
3690.     StringArgumentMask: ULONG; Arguments: PULONG; ResponseOption: Integer;
3691.     Response: PLONG):NTSTATUS; stdcall;
3692.   TNtReadFile = function (FileHandle: THandle; Event: THandle;
3693.     ApcRoutine: Pointer; ApcContext: Pointer; IoStatusBlock: PIoStatusBlock;
3694.     Buffer: Pointer; Length: ULONG; ByteOffset: PLARGE_INTEGER;
3695.     Key: PDWORD): NTSTATUS; stdcall;
3696.   TNtReadFileScatter = function(hFile, hEvent: THANDLE; IoApcRoutine: Pointer;
3697.     IoApcContext: PVOID; IoStatusBlock: PIOSTATUSBLOCK;
3698.     aSegmentArray: PFILE_SEGMENT_ELEMENT; nBytesToRead: ULONG;
3699.     FileOffset: PLARGE_INTEGER; LockOperationKey: PULONG):NTSTATUS; stdcall;
3700.   TNtReadVirtualMemory = function (hProcess : THandle;
3701.     BaseAddress, Buffer: PVOID; BytesToRead: ULONG;
3702.     BytesRead: PULONG): NTSTATUS; stdcall;
3703.   TNtRegisterThreadTerminatePort = function(
3704.     PortHandle: THANDLE): NTSTATUS; stdcall;
3705.   TNtReleaseMutant = function(hMutant: THANDLE;
3706.     bWasSignalled: PULONG):NTSTATUS; stdcall;
3707.   TNtReleaseSemaphore = function(hSemaphore: THANDLE; ReleaseCount: ULONG;
3708.     PreviousCount: PULONG):NTSTATUS; stdcall;
3709.   TNtRelinquishBudget = function: NTSTATUS; stdcall;
3710.   TNtRemoveIoCompletion = function(hIoCompletion: THANDLE;
3711.     lpCompletionKey, lpCompletionValue: PULONG;
3712.     IoStatusBlock: PIOSTATUSBLOCK; Timeout: PLARGE_INTEGER):NTSTATUS; stdcall;
3713.   TNtRemoveProcessDebug = function(ProcessHandle: THANDLE;
3714.     DebugObject: PVOID): NTSTATUS; stdcall;
3715.   TNtReplaceKey = function(NewHiveFile: POBJECT_ATTRIBUTES; hKey: THANDLE;
3716.     BackupHiveFile: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
3717.   TNtReplyPort = function (PortHandle: THANDLE;
3718.     LpcMessage: PLPCMESSAGE): NTSTATUS; stdcall;
3719.   TNtReplyWaitReceivePort = function (PortHandle: THANDLE;
3720.     PortIdentifier: PULONG; LpcMessageOut,
3721.     LpcMessageIn: PLPCMESSAGE): NTSTATUS; stdcall;
3722.   TNtReplyWaitReplyPort = function(PortHandle: THANDLE;
3723.     LpcMessage: PLPCMESSAGE): NTSTATUS; stdcall;
3724.   TNtRequestDeviceWakeup = function (hDevice: THANDLE): NTSTATUS; stdcall;
3725.   TNtRequestPort = function(PortHandle: THANDLE;
3726.     LpcMessage: PLPCMESSAGE): NTSTATUS; stdcall;
3727.   TNtRequestWaitReplyPort = function (PortHandle: THANDLE;
3728.     pLpcMessageIn, pLpcMessageOut: PLPCMESSAGE): NTSTATUS; stdcall;
3729.   TNtRequestWakeupLatency = function(Latency: LATENCY_TIME):NTSTATUS; stdcall;
3730.   TNtResetEvent = function (hEvent: THANDLE;
3731.     OldState: PBOOLEAN): NTSTATUS; stdcall;
3732.   TNtResetWriteWatch = function(ProcessHandle: THANDLE; BaseAddress: PVOID;
3733.     RegionSize: ULONG): NTSTATUS; stdcall;
3734.   TNtRestoreKey = function(hKey, hFile: THANDLE;
3735.     Flags: ULONG): NTSTATUS; stdcall;
3736.   TNtResumeThread = function (hThread: THANDLE;
3737.     pSuspendCount: PULONG): NTSTATUS; stdcall;
3738.   TNtRollbackTransaction = function(TransactionHandle: THANDLE;
3739.     AddInfo: ULONG): NTSTATUS; stdcall;
3740.   TNtSaveKey = function(hKey, hFile: THANDLE): NTSTATUS; stdcall;
3741.   TNtSecureConnectPort = function (PortHandle: PHANDLE;
3742.     PortName: PUNICODE_STRING; SecurityQos: PSECURITY_QUALITY_OF_SERVICE;
3743.     WriteSection: PPORT_SECTION_WRITE; ServerSid: PSID;
3744.     ReadSection: PPORT_SECTION_READ; MAxMessageSize: PULONG; ConnectData: PVOID;
3745.     ConnectDataLength: PULONG): NTSTATUS; stdcall;
3746.   TNtSetContextThread = function(hThread: THANDLE;
3747.     pContext: PCONTEXT):NTSTATUS; stdcall;
3748.   TNtSetDefaultHardErrorPort = function (hPort: THandle): NTSTATUS; stdcall;
3749.   TNtSetEaFile = function(hFile: THANDLE; IoStatusBlock: PIOSTATUSBLOCK;
3750.     EaBuffer: PVOID; EaBufferLength: ULONG):NTSTATUS; stdcall;
3751.   TNtSetEvent = function (EventHandle: THANDLE;
3752.     OldState: PBOOLEAN): NTSTATUS; stdcall;
3753.   TNtSetInformationDebugObject = function(DebugObjectHandle: THANDLE;
3754.     InformationClass: Integer; InformationBuffer: PVOID;
3755.     InformationBufferSize: ULONG; Unknown: PULONG): NTSTATUS; stdcall;
3756.   TNtSetInformationFile = function (FileHandle: THandle;
3757.     IoStatusBlock: PIoStatusBlock; FileInformation: Pointer; Length: ULONG;
3758.     FileInformationClass: Integer): NTSTATUS; stdcall;
3759.   TNtSetInformationJobObject = function(hJob: THANDLE;
3760.     JobObjectInfoClass: JOBOBJECTINFOCLASS; JobObjectInfoBuffer: PVOID;
3761.     JobObjectInfoBufferLength: ULONG):NTSTATUS; stdcall;
3762.   TNtSetInformationObject = function(hObject: THANDLE;
3763.     ObjectInfoClass: OBJECT_INFO_CLASS; Buffer: PVOID; BufferSize:
3764.     ULONG):NTSTATUS; stdcall;
3765.   TNtSetInformationProcess = function (hProcess: THandle;
3766.     ProcessInformationClass: LongInt; ProcessInformation: Pointer;
3767.     ProcessInformationLength: ULONG): NTSTATUS; stdcall;
3768.   TNtSetInformationReserve = function(ReserveHandle: THANDLE;
3769.     InformationClass: Integer; InformationBuffer: PVOID;
3770.     InformationBufferSize: ULONG): NTSTATUS; stdcall;
3771.   TNtSetInformationThread = function (hThread: THANDLE;
3772.     ThreadInfoClass: Integer; ThreadInfoBuffer: PVOID;
3773.     ThreadInfoBufferLength: ULONG): NTSTATUS; stdcall;
3774.   TNtSetInformationToken = function(hToken: THANDLE;
3775.     TokenInfoClass: TOKEN_INFORMATION_CLASS; TokenInfoBuffer: PVOID;
3776.     TokenInfoBufferLength: ULONG): NTSTATUS; stdcall;
3777.   TNtSetIoCompletion = function(IoCompletionPortHandle: THANDLE;
3778.     CompletionKey, CompletionValue: ULONG; CompletionStatus: NTSTATUS;
3779.     CompletionInformation: ULONG):NTSTATUS; stdcall;
3780.   TNtSetSecurityObject = function(hObj: THANDLE; SI: SECURITY_INFORMATION;
3781.     pSD: PVOID):NTSTATUS; stdcall;
3782.   TNtSetSystemInformation = function (SystemInformationClass: LongInt;
3783.     SystemInformation: Pointer;
3784.     SystemInformationLength: ULONG): NTSTATUS; stdcall;
3785.   TNtSetSystemTime = function(
3786.     pSystemTime, pOldsystemTime: PLARGE_INTEGER):NTSTATUS; stdcall;
3787.   TNtSetThreadExecutionState = function(ExecutionState: Integer;
3788.     PreviousExecutionState: PInteger): NTSTATUS; stdcall;
3789.   TNtSetTimer = function(TimerHandle: THANDLE; DueTime: PLARGE_INTEGER;
3790.     TimerApcRoutine: Pointer; TimerContext: PVOID; WakeTimer: BOOL;
3791.     Period: LONG; PreviousState: PBOOLEAN):NTSTATUS; stdcall;
3792.   TNtSetValueKey = function (hKey: THANDLE; uValueName: PUNICODE_STRING;
3793.     TitleIndex, ValueType: ULONG; pValueData: PVOID;
3794.     pValueDataLength: ULONG): NTSTATUS; stdcall;
3795.   TNtSetVolumeInformationFile = function(hFile: THANDLE;
3796.     IoStatusBlock: PIOSTATUSBLOCK; VolumeInformationBuffer: PVOID;
3797.     VolumeInformationBufferLength: ULONG;
3798.     FileSystemInformationClass: FS_INFORMATION_CLASS):NTSTATUS; stdcall;
3799.   TNtSignalAndWaitForSingleObject = function(
3800.     hSignalObject, hWaitObject: THANDLE; bAlertable: BOOL;
3801.     Timeout: PLARGE_INTEGER):NTSTATUS; stdcall;
3802.   TNtSuspendThread = function(hThread: THANDLE;
3803.     pSuspendCount: PULONG):NTSTATUS; stdcall;
3804.   TNtTerminateJobObject = function(hJob: THANDLE;
3805.     ExitCode: NTSTATUS):NTSTATUS; stdcall;
3806.   TNtTerminateProcess = function (hProcess: THandle;
3807.     ExitCode: DWORD): NTSTATUS; stdcall;
3808.   TNtTerminateThread = function (hThread: THandle;
3809.     ExitCode: DWORD): NTSTATUS; stdcall;
3810.   TNtTestAlert = function: NTSTATUS; stdcall;
3811.   TNtUnloadDriver = function(
3812.     DriverRegistryEntry: PUNICODE_STRING): NTSTATUS; stdcall;
3813.   TNtUnloadKey = function(
3814.     KeyNameAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
3815.   TNtUnlockFile = function(hFile: THANDLE; IoStatusBlock: PIOSTATUSBLOCK;
3816.     FileOffset, Length: PLARGE_INTEGER;
3817.     LockOperationKey: PULONG):NTSTATUS; stdcall;
3818.   TNtUnlockVirtualMemory = function(hProcess: THANDLE; BaseAddress: PPVOID;
3819.     RegionSize: PULONG; UnlockTypeRequested: ULONG):NTSTATUS; stdcall;
3820.   TNtUnmapViewOfSection = function (hProcess: THandle;
3821.     BaseAddress: Pointer): NTSTATUS; stdcall;
3822.   TNtVdmControl = function(ControlCode: ULONG;
3823.     ControlData: PVOID): NTSTATUS; stdcall;
3824.   TNtWaitForMultipleObjects = function(NumberOfHandles: ULONG;
3825.     ArrayOfHandles: PHANDLE; WaitType: Integer; Alertable: BOOL;
3826.     Timeout: ULONG):NTSTATUS; stdcall;
3827.   TNtWaitForSingleObject = function (Handle: THandle;
3828.     Alertable: LongBool; Timeout: PLARGE_INTEGER): NTSTATUS; stdcall;
3829.   TNtWriteFile = function (FileHandle: THandle; Event: THandle;
3830.     ApcRoutine: Pointer; ApcContext:Pointer; IoStatusBlock: PIoStatusBlock;
3831.     Buffer: Pointer; Length: ULONG; ByteOffset: PLARGE_INTEGER;
3832.     Key: PDWORD): NTSTATUS; stdcall;
3833.   TNtWriteFileGather = function(hFile, hEvent: THANDLE; IoApcRoutine: Pointer;
3834.     IoApcContext: PVOID; IoStatusBlock: PIOSTATUSBLOCK;
3835.     aSegmentArray: PFILE_SEGMENT_ELEMENT; nBytesToWrite: ULONG;
3836.     FileOffset: PLARGE_INTEGER; LockOperationKey: PULONG): NTSTATUS; stdcall;
3837.   TNtWriteVirtualMemory = function(hProcess: THANDLE; BaseAddress: PVOID;
3838.     Buffer: PVOID; BytesToWrite: ULONG; BytesWritten: PULONG):NTSTATUS; stdcall;
3839.   TNtYieldExecution = function:NTSTATUS; stdcall;
3840.  
3841.   TRtlActivateActivationContext = function(dwFlags: DWORD; hActCtx: THANDLE;
3842.     lpCookie: PPDWORD):NTSTATUS; stdcall;
3843.   TRtlActivateActivationContextEx = function(dwFlags: DWORD; Teb: PVOID;
3844.     hActCtx: THANDLE; lpCookie: PPDWORD):NTSTATUS; stdcall;
3845.   TRtlAddAccessAllowedAce = function(pAcl: PACL; dwAceRevision: ULONG;
3846.     AccessMask: ULONG; pSid: PSID):NTSTATUS; stdcall;
3847.   TRtlAddRefActivationContext = procedure(hActCtx: THANDLE); stdcall;
3848.   TRtlAdjustPrivilege = function(Privilege: ULONG; Enable, CurrentThread: BOOL;
3849.     Enabled: PBOOLEAN): NTSTATUS; stdcall;
3850.   TRtlAllocateAndInitializeSid = function(
3851.     pIdentifierAuthority: PSID_IDENTIFIER_AUTHORITY;
3852.     nSubAuthorityCount: Integer; dwSubAuthority0, dwSubAuthority1,
3853.     dwSubAuthority2, dwSubAuthority3, dwSubAuthority4, dwSubAuthority5,
3854.     dwSubAuthority6, dwSubAuthority7: DWORD; pSid: PPSID):NTSTATUS; stdcall;
3855.   TRtlAllocateHandle = function(HandleTable: PRTL_HANDLE_TABLE;
3856.     HandleIndex: PULONG):PRTL_HANDLE_TABLE_ENTRY; stdcall;
3857.   TRtlAllocateHeap = function (Heap: THandle; AllocationFlags: DWORD;
3858.     Size: DWORD): Pointer; stdcall;
3859.   TRtlAnsiCharToUnicodeChar = function(SourceCharacter: PPBYTE):WCHAR; stdcall;
3860.   TRtlAnsiStringToUnicodeSize = function(
3861.     AAnsiString: PANSI_STRING): ULONG; stdcall;
3862.   TRtlAnsiStringToUnicodeString = function (DestinationString: PUNICODE_STRING;
3863.     SourceString: PANSI_STRING;
3864.     AllocateDestinationString: BOOL): NTSTATUS; stdcall;
3865.   TRtlAppendUnicodeStringToString = function(
3866.     Destination, Source: PUNICODE_STRING):NTSTATUS; stdcall;
3867.   TRtlAppendUnicodeToString = function (us: PUNICODE_STRING;
3868.     sAppend: LPCWSTR): NTSTATUS; stdcall;
3869.   TRtlApplicationVerifierStop = procedure(Code: ULONG; Message: LPSTR;
3870.     Param1: ULONG; Description1: LPSTR; Param2: ULONG; Description2: LPSTR;
3871.     Param3: ULONG; Description3: LPSTR; Param4: ULONG;
3872.     Description4: LPSTR); stdcall;
3873.   TRtlAreBitsSet = function(BitMapHeader: PRTL_BITMAP;
3874.     StartingIndex, Length: ULONG):BOOL; stdcall;
3875.   TRtlCharToInteger = function(AString: LPSTR; Base: ULONG;
3876.     Value: PULONG):NTSTATUS; stdcall;
3877.   TRtlCheckRegistryKey = function(RelativeTo: ULONG;
3878.     Path: LPWSTR): NTSTATUS; stdcall;
3879.   TRtlClearBits = procedure(BitMapHeader: PRTL_BITMAP;
3880.     StartingIndex, NumberToClear: ULONG); stdcall;
3881.   TRtlCompactHeap = function(HeapHandle: PVOID; Flags: ULONG):SIZE_T; stdcall;
3882.   TRtlCompareMemory = function(Source1, Source2: PVOID;
3883.     Length: SIZE_T): SIZE_T; stdcall;
3884.   TRtlCompareString = function(String1, String2: PSTRING;
3885.     CaseInSensitive: BOOL): LONG; stdcall;
3886.   TRtlCompareUnicodeString = function(String1, String2: PUNICODE_STRING;
3887.     CaseInSensitive: BOOL):LONG; stdcall;
3888.   TRtlConvertSidToUnicodeString = function(UnicodeString: PUNICODE_STRING;
3889.     Sid: PSID; AllocateDestinationString: BOOL): NTSTATUS; stdcall;
3890.   TRtlCopyLuid = procedure (DestLuid, SrcLuid: PLUID); stdcall;
3891.   TRtlCopyString = procedure(DestinationString, SourceString: PSTRING); stdcall;
3892.   TRtlCopyUnicodeString = procedure(
3893.     DestinationString, SourceString: PUNICODE_STRING); stdcall;
3894.   TRtlCreateAcl = function(Acl: PACL; nAclLength: ULONG;
3895.     dwAclRevision: ULONG):NTSTATUS; stdcall;
3896.   TRtlCreateAtomTable = function(InitSize: DWORD;
3897.     pAtomTableHandle: PHANDLE):NTSTATUS; stdcall;
3898.   TRtlCreateEnvironment = function(CopyCurrent: BOOL;
3899.     EnvironmentBlock: PPVOID):NTSTATUS; stdcall;
3900.   TRtlCreateHeap = function(AllocationFlags: ULONG; BaseAddress: PVOID;
3901.     MaximumSize, InitialSize: ULONG; UnknownAddress: PVOID;
3902.     HeapInfo: PHEAP_INFO):THANDLE; stdcall;
3903.   TRtlCreateProcessParameters = function (
3904.     ProcessParameters: PPPROCESS_PARAMETERS;
3905.     ImagePathName, DllPath, CurrentDirectory, CommandLine: PUNICODE_STRING;
3906.     EnvironmentBlock: PVOID; WindowTitle, DesktopInfo,
3907.     ShellInfo, RuntimeData: PUNICODE_STRING): NTSTATUS; stdcall;
3908.   TRtlCreateQueryDebugBuffer = function(MaximumCommit: ULONG;
3909.     UseEventPair: BOOL):PRTL_DEBUG_INFORMATION; stdcall;
3910.   TRtlCreateSecurityDescriptor = function(
3911.     SecurityDescriptor: PSECURITY_DESCRIPTOR;
3912.     Revision: ULONG):NTSTATUS; stdcall;
3913.   TRtlCreateTagHeap = function (Heap: THandle; Flags: ULONG;
3914.     TagPrefix, TagNames: LPWSTR): DWORD; stdcall;
3915.   TRtlCreateTimer = function(TimerQueueHandle: THANDLE; Handle: PHANDLE;
3916.     AFunction: Pointer; Context: PVOID;
3917.     DueTime, Period, Flags: ULONG):NTSTATUS; stdcall;
3918.   TRtlCreateTimerQueue = function(TimerQueueHandle: PHANDLE):NTSTATUS; stdcall;
3919.   TRtlCreateUnicodeString = function (us: PUNICODE_STRING;
3920.     s: PWideChar): Boolean; stdcall;
3921.   TRtlCreateUnicodeStringFromAsciiz = function (us: PUNICODE_STRING;
3922.     s: PAnsiChar): Boolean; stdcall;
3923.   TRtlCustomCPToUnicodeN = function(CustomCP: PCPTABLEINFO;
3924.     UnicodeString: LPWSTR; MaxBytesInUnicodeString: ULONG;
3925.     BytesInUnicodeString: PULONG; CustomCPString: LPSTR;
3926.     BytesInCustomCPString: ULONG): NTSTATUS; stdcall;
3927.   TRtlCutoverTimeToSystemTime = function(CutoverTime: PTIME_FIELDS;
3928.     SystemTime: PLARGE_INTEGER; CurrentSystemTime: PLARGE_INTEGER;
3929.     ThisYear: BOOL):BOOL; stdcall;
3930.   TRtlDefaultNpAcl = function(pAcl: PPACL): NTSTATUS; stdcall;
3931.   TRtlDeleteAtomFromAtomTable = function(AtomTable: THANDLE;
3932.     AnAtom: ATOM): NTSTATUS; stdcall;
3933.   TRtlDeleteCriticalSection = function(
3934.     var Section: TRTLCriticalSection):NTSTATUS; stdcall;
3935.   TRtlDeleteTimer = function(
3936.     TimerQueueHandle, TimerToCancel, Event: THANDLE):NTSTATUS; stdcall;
3937.   TRtlDeleteTimerQueue = function(QueueHandle: THANDLE):NTSTATUS; stdcall;
3938.   TRtlDeleteTimerQueueEx = function(
3939.     QueueHandle, Event: THANDLE):NTSTATUS; stdcall;
3940.   TRtlDeregisterWait = function(WaitHandle: THANDLE):NTSTATUS; stdcall;
3941.   TRtlDeregisterWaitEx = function(WaitHandle, Event: THANDLE):NTSTATUS; stdcall;
3942.   TRtlDestroyEnvironment = function(Environment: PVOID):NTSTATUS; stdcall;
3943.   TRtlDestroyHeap = function (hHeap: THandle): PVOID; stdcall;
3944.   TRtlDestroyProcessParameters = function(
3945.     ProcessParameters: PPROCESS_PARAMETERS): NTSTATUS; stdcall;
3946.   TRtlDestroyQueryDebugBuffer = function(
3947.     Buffer: PRTL_DEBUG_INFORMATION):NTSTATUS; stdcall;
3948.   TRtlDetermineDosPathNameType_U = function(
3949.     DosFileName: LPWSTR):RTL_PATH_TYPE; stdcall;
3950.   TRtlDllShutdownInProgress = function: Boolean; stdcall;
3951.   TRtlDnsHostNameToComputerName = function(
3952.     ComputerNameString, DnsHostNameString: PUNICODE_STRING;
3953.     AllocateComputerNameString: BOOL):NTSTATUS; stdcall;
3954.   TRtlDoesFileExists_U = function(FileName: LPWSTR): BOOL; stdcall;
3955.   TRtlDosPathNameToNtPathName_U = function  (const DosFileName: PWideChar;
3956.     NtFileName: PUNICODE_STRING; FilePart: PPWideChar;
3957.     RelativeName: PRTL_RELATIVE_NAME): Boolean; stdcall;
3958.   TRtlDosSearchPath_U = function(lpPath, lpFileName, lpExtension: LPWSTR;
3959.     nBufferLength: ULONG; lpBuffer: LPWSTR;
3960.     lpFilePart: PLPWSTR): ULONG; stdcall;
3961.   TRtlEnterCriticalSection = procedure (
3962.     var Section: TRTLCriticalSection); stdcall;
3963.   TRtlEqualSid = function(sid1: PSID; sid2: PSID): BOOL; stdcall;
3964.   TRtlEqualString = function (String1, String2: PAnsiString;
3965.     CaseInSensitive: Boolean): Boolean; stdcall;
3966.   TRtlEqualUnicodeString = function (String1, String2: PUnicodeString;
3967.     CaseInSensitive: Boolean): Boolean; stdcall;
3968.   TRtlExpandEnvironmentStrings_U = function(Environment: PVOID;
3969.     Source, Destination: PUNICODE_STRING;
3970.     ReturnedLength: PULONG):NTSTATUS; stdcall;
3971.   TRtlExtendedLargeIntegerDivide = function(Dividend: LARGE_INTEGER;
3972.     Divisor: ULONG; Remainder: PULONG):int64; stdcall;
3973.   TRtlExtendHeap = function(HeapHandle: PVOID; Flags: ULONG; Base: PVOID;
3974.     Size: SIZE_T):NTSTATUS; stdcall;
3975.   TRtlFindClearBitsAndSet = function(BitMapHeader: PRTL_BITMAP;
3976.     NumberToFind, HintIndex: ULONG):ULONG; stdcall;
3977.   TRtlFindMessage = function(DllHandle: PVOID;
3978.     MessageTableId, MessageLanguageId, MessageId: ULONG;
3979.     MessageEntry: PPMESSAGE_RESOURCE_ENTRY):NTSTATUS; stdcall;
3980.   TRtlFlushSecureMemoryCache = function(MemoryAddress: PVOID;
3981.     dwUnknown: DWORD):BOOL; stdcall;
3982.   TRtlFormatCurrentUserKeyPath = function(
3983.     CurrentUserKeyPath: PUNICODE_STRING):NTSTATUS; stdcall;
3984.   TRtlFormatMessage = function(MessageFormat: LPWSTR; MaximumWidth: ULONG;
3985.     IgnoreInserts, ArgumentsAreAnsi, ArgumentsAreAnArray: BOOL;
3986.     Arguments: PVOID; Buffer: LPWSTR; Length: ULONG;
3987.     ReturnLength: PULONG):NTSTATUS; stdcall;
3988.   TRtlFreeThreadActivationContextStack = procedure; stdcall;
3989.   TRtlFreeAnsiString = procedure (Buffer: PAnsiString); stdcall;
3990.   TRtlFreeHandle = function(HandleTable: PRTL_HANDLE_TABLE;
3991.     Handle: PRTL_HANDLE_TABLE_ENTRY):BOOL; stdcall;
3992.   TRtlFreeHeap = function (Heap: THandle; FreeingFlags: DWORD;
3993.     Memory: Pointer): Boolean; stdcall;
3994.   TRtlFreeOemString = procedure(OemString: PSTRING); stdcall;
3995.   TRtlFreeSid = function(Sid: PSID):NTSTATUS; stdcall;
3996.   TRtlFreeUnicodeString = procedure (Buffer: PUnicodeString); stdcall;
3997.   TRtlGetAce = function(pAcl: PACL; dwAceIndex: DWORD;
3998.     pAce: PPvoid): NTSTATUS; stdcall;
3999.   TRtlGetActiveActivationContext = function(pActCtx: PHANDLE):NTSTATUS; stdcall;
4000.   TRtlGetCurrentDirectory_U = function(nBufferLength: ULONG;
4001.     lpBuffer: LPWSTR):ULONG; stdcall;
4002.   TRtlGetDaclSecurityDescriptor = function(
4003.     pSecurityDescriptor: PSECURITY_DESCRIPTOR; lpbDaclPresent: PBOOLEAN;
4004.     pDacl: PPACL; lpbDaclDefaulted: PBOOLEAN):NTSTATUS; stdcall;
4005.   TRtlGetFrame = function:PVOID; stdcall;
4006.   TRtlGetFullPathName_U = function(FileName: PUNICODE_STRING;
4007.     nBufferLength: ULONG; lpBuffer: LPWSTR; lpFilePart: PLPWSTR;
4008.     NameInvalid: PBOOLEAN; InputPathType: PRTL_PATH_TYPE):ULONG; stdcall;
4009.   TRtlGetLastNtStatus = function: NTSTATUS; stdcall;
4010.   TRtlGetLastWin32Error = function: DWORD; stdcall;
4011.   TRtlGetLongestNtPathLength = function : DWORD; stdcall;
4012.   TRtlGetNtGlobalFlags = function: DWORD; stdcall;
4013.   TRtlGetProcessHeaps = function(NumberOfHeapsToReturn: ULONG;
4014.     ProcessHeaps: PPVOID):ULONG; stdcall;
4015.   TRtlGetThreadErrorMode = function: DWORD; stdcall;
4016.   TRtlGetUserInfoHeap = function(HeapHandle: PVOID; Flags: ULONG;
4017.     BaseAddress: PVOID; UserValue: PPVOID; UserFlags: PULONG):BOOL; stdcall;
4018.   TRtlGetVersion = function(
4019.     lpVersionInformation: PRTL_OSVERSIONINFOW):NTSTATUS; stdcall;
4020.   TRtlGUIDFromString = function(GuidString: PUNICODE_STRING;
4021.     Guid: PGUID):NTSTATUS; stdcall;
4022.   TRtlImageDirectoryEntryToData = function(Base: PVOID; MappedAsImage: BOOL;
4023.     DirectoryEntry: USHORT; Size: PULONG):PVOID; stdcall;
4024.   TRtlImageNtHeader = function (hMod: HMODULE): PImageNTHeaders; stdcall;
4025.   TRtlImageNtHeaderEx = function (dwFlags: DWORD; ImageBase: HMODULE;
4026.     ImageSize, ImageSizeHigh: ULONG;
4027.     NtHeaders: PPImageNTHeaders): NTSTATUS; stdcall;
4028.   TRtlImpersonateSelf = function(
4029.     ImpersonationLevel: SECURITY_IMPERSONATION_LEVEL):NTSTATUS; stdcall;
4030.   TRtlInitAnsiString = procedure (var Buffer: TANSI_STRING;
4031.     Source: PAnsiChar); stdcall;
4032.   TRtlInitializeCriticalSection = function (
4033.     var Section: TRTLCriticalSection): NTSTATUS; stdcall;
4034.   TRtlInitializeCriticalSectionAndSpinCount = function (
4035.     var Section : TRTLCriticalSection; SpinCount : DWORD) : NTSTATUS; stdcall;
4036.   TRtlInitializeHandleTable = procedure(MaximumNumberOfHandles,
4037.     SizeOfHandleTableEntry: ULONG; HandleTable: PRTL_HANDLE_TABLE); stdcall;
4038.   TRtlInitializeSid = function(Sid: PSID;
4039.     pIdentifierAuthority: PSID_IDENTIFIER_AUTHORITY;
4040.     nSubAuthorityCount: Integer):BOOL; stdcall;
4041.   TRtlInitString = procedure (var Buffer: TANSI_STRING;
4042.     Source: PAnsiChar); stdcall;
4043.   TRtlInitUnicodeString = procedure (var Buffer : TUNICODE_STRING;
4044.     Source : PWideChar); stdcall;
4045.   TRtlIntegerToChar = function(Value, Base: ULONG; OutputLength: LONG;
4046.     AString: LPSTR):NTSTATUS; stdcall;
4047.   TRtlIntegerToUnicodeString = function(Value, Base: ULONG;
4048.     AString: PUNICODE_STRING):NTSTATUS; stdcall;
4049.   TRtlIsActivationContextActive = function(hActCtx: THANDLE): BOOL; stdcall;
4050.   TRtlIsDosDeviceName_U = function (PathName: LPWSTR): BOOL; stdcall;
4051.   TRtlIsNameLegalDOS8Dot3 = function(Name: PUNICODE_STRING; OemName: PPSTRING;
4052.     NameContainsSpaces: PBOOLEAN): BOOL; stdcall;
4053.   TRtlIsTextUnicode = function(Buffer: PVOID; Size: ULONG;
4054.     AResult: PULONG):BOOL; stdcall;
4055.   TRtlIsValidHandle = function(HandleTable: PRTL_HANDLE_TABLE;
4056.     Handle: PRTL_HANDLE_TABLE_ENTRY):BOOL; stdcall;
4057.   TRtlLeaveCriticalSection = procedure (
4058.     var Section: TRTLCriticalSection); stdcall;
4059.   TRtlLengthRequiredSid = function(nSubAuthorityCount: Integer):ULONG; stdcall;
4060.   TRtlLengthSecurityDescriptor = function(
4061.     SecurityDescriptor: PSECURITY_DESCRIPTOR):ULONG; stdcall;
4062.   TRtlLengthSid = function(Sid: PSID):DWORD; stdcall;
4063.   TRtlLockHeap = function(HeapHandle: PVOID):BOOL; stdcall;
4064.   TRtlMultiByteToUnicodeN = function (Dest: PWideChar; MaxDestBufferSize: DWORD;
4065.     PDestBufferSize: LPDWORD; Source: PAnsiChar;
4066.     SourceSize: DWORD): NTSTATUS; stdcall;
4067.   TRtlMultiByteToUnicodeSize = function(BytesInUnicodeString: PULONG;
4068.     MultiByteString: LPSTR; BytesInMultiByteString: ULONG): NTSTATUS; stdcall;
4069.   TRtlNtStatusToDosError = function (Status : LongInt) : LongInt; stdcall;
4070.   TRtlNtStatusToDosErrorNoTeb = function (Status : LongInt) : LongInt; stdcall;
4071.   TRtlOemStringToUnicodeString = function(
4072.     DestinationString: PUNICODE_STRING; SourceString: PSTRING;
4073.     AllocateDestinationString: BOOL):NTSTATUS; stdcall;
4074.   TRtlOemToUnicodeN = function(UnicodeString: LPWSTR;
4075.     MaxBytesInUnicodeString: ULONG; BytesInUnicodeString: PULONG;
4076.     OemString: LPSTR; BytesInOemString: ULONG): NTSTATUS; stdcall;
4077.   TRtlOpenCurrentUser = function(dwDesiredAccess: DWORD;
4078.     phKey: PHANDLE):NTSTATUS; stdcall;
4079.   TRtlPcToFileHeader = function(PcValue: PVOID;
4080.     BaseOfImage: PPVOID): PVOID; stdcall;
4081.   TRtlPebLock = procedure; stdcall;
4082.   TRtlPrefixString = function(String1, String2: PSTRING;
4083.     CaseInSensitive: BOOL):BOOL; stdcall;
4084.   TRtlPrefixUnicodeString = function(String1, String2: PUNICODE_STRING;
4085.     CaseInSensitive: BOOL):BOOL; stdcall;
4086.   TRtlpUnWaitCriticalSection = procedure (var Section: TRTLCriticalSection);
4087.   TRtlpWaitForCriticalSection = procedure (var Section: TRTLCriticalSection);
4088.   TRtlQueryAtomInAtomTable = function(AtomTable: THANDLE; AAtom: ATOM;
4089.     AtomUsage, AtomFlags: PULONG; AtomName: LPWSTR;
4090.     AtomNameLength: LPDWORD):NTSTATUS; stdcall;
4091.   TRtlQueryEnvironmentVariable_U = function (EnvBlock: PVOID;
4092.     VarName, usResult: PUNICODE_STRING): NTSTATUS; stdcall;
4093.   TRtlQueryHeapInformation = function(HeapHandle: PVOID;
4094.     HeapInformationClass: HEAP_INFORMATION_CLASS; HeapInformation: PVOID;
4095.     HeapInformationLength: SIZE_T; ReturnLength: PULONG): DWORD; stdcall;
4096.   TRtlQueryInformationAcl = function(Acl: PACL; AclInformation: PVOID;
4097.     AclInformationLength: ULONG;
4098.     AclInformationClass: ACL_INFORMATION_CLASS): NTSTATUS; stdcall;
4099.   TRtlQueryInformationActivationContext = function(dwFlags: DWORD;
4100.     hActCtx: THANDLE; pvSubInstance: PVOID; InfoClass: ULONG; pvBuffer: PVOID;
4101.     cbBuffer: SIZE_T; pcbWrittenOrRequired: PULONG): NTSTATUS; stdcall;
4102.   TRtlQueryInformationActiveActivationContext = function(InfoClass: ULONG;
4103.     pvBuffer: PVOID; cbBuffer: SIZE_T;
4104.     pcbWrittenOrRequired: PULONG): NTSTATUS; stdcall;
4105.   TRtlQueryProcessDebugInformation = function(UniqueProcessId: THANDLE;
4106.     Flags: ULONG; Buffer: PRTL_DEBUG_INFORMATION):NTSTATUS; stdcall;
4107.   TRtlQueryRegistryValues = function(RelativeTo: ULONG; Path: LPCWSTR;
4108.     QueryTable: PRTL_QUERY_REGISTRY_TABLE;
4109.     Context, Environment: PVOID):NTSTATUS; stdcall;
4110.   TRtlQueryTagHeap = function(HeapHandle: PVOID; Flags: ULONG; TagIndex: USHORT;
4111.     ResetCounters: BOOL; TagInfo: PRTL_HEAP_TAG_INFO):LPWSTR; stdcall;
4112.   TRtlQueueWorkItem = function(AFunction: Pointer; Context: PVOID;
4113.     Flags: ULONG):NTSTATUS; stdcall;
4114.   TRtlRaiseException = procedure(ExceptionRecord: PEXCEPTION_RECORD); stdcall;
4115.   TRtlRaiseStatus = procedure (Status: NTSTATUS); stdcall;
4116.   TRtlReAllocateHeap = function(HeapHandle: PVOID; Flags: ULONG;
4117.     BaseAddress: PVOID; Size: SIZE_T):PVOID; stdcall;
4118.   TRtlRegisterWait = function(WaitHandle: PHANDLE; AHandle: THANDLE;
4119.     AFunction: Pointer; Context: PVOID;
4120.     Milliseconds, Flags: ULONG):NTSTATUS; stdcall;
4121.   TRtlReleaseActivationContext = procedure(hActCtx: THANDLE); stdcall;
4122.   TRtlRestoreLastWin32Error = procedure (dwError: DWORD); stdcall;
4123.   TRtlRunDecodeUnicodeString = procedure(Seed: BYTE;
4124.     AString: PUNICODE_STRING); stdcall;
4125.   TRtlRunEncodeUnicodeString = procedure(Seed: PBYTE;
4126.     AString: PUNICODE_STRING); stdcall;
4127.   TRtlSetCurrentDirectory_U = function(
4128.     PathName: PUNICODE_STRING):NTSTATUS; stdcall;
4129.   TRtlSetDaclSecurityDescriptor = function(
4130.     SecurityDescriptor: PSECURITY_DESCRIPTOR; DaclPresent: BOOL; Dacl: PACL;
4131.     DaclDefaulted: BOOL):NTSTATUS; stdcall;
4132.   TRtlSetEnvironmentVariable = function(Environment: PPVOID;
4133.     Name, Value: PUNICODE_STRING):NTSTATUS; stdcall;
4134.   TRtlSetHeapInformation = function(HeapHandle: PVOID;
4135.     HeapInformationClass: HEAP_INFORMATION_CLASS; HeapInformation: PVOID;
4136.     HeapInformationLength: SIZE_T): DWORD; stdcall;
4137.   TRtlSetIoCompletionCallback = function(FileHandle: THANDLE;
4138.     CompletionProc: Pointer; Flags: ULONG):NTSTATUS; stdcall;
4139.   TRtlSetTimeZoneInformation = function(
4140.     TimeZoneInformation: PRTL_TIME_ZONE_INFORMATION):NTSTATUS; stdcall;
4141.   TRtlSetThreadErrorMode = function (ErrorMode: DWORD): NTSTATUS; stdcall;
4142.   TRtlSetThreadPoolStartFunc = function(lpfnStartThreadFunc: Pointer;
4143.     lpfnExitThreadFunc: Pointer):NTSTATUS; stdcall;
4144.   TRtlSetUnicodeCallouts = procedure(Callouts: PVOID); stdcall;
4145.   TRtlSetUserValueHeap = function(HeapHandle: PVOID; Flags: ULONG;
4146.     BaseAddress, UserValue: PVOID):BOOL; stdcall;
4147.   TRtlSizeHeap = function(HeapHandle: PVOID; Flags: ULONG;
4148.     BaseAddress: PVOID):SIZE_T; stdcall;
4149.   TRtlStringFromGUID = function(AGuid: PGUID;
4150.     GuidString: PUNICODE_STRING): NTSTATUS; stdcall;
4151.   TRtlSubAuthoritySid = function(Sid: PSID; nSubAuthority: ULONG):PULONG; stdcall;
4152.   TRtlTimeFieldsToTime = function(TimeFields: PTIME_FIELDS;
4153.     Time: PLARGE_INTEGER):BOOL; stdcall;
4154.   TRtlTimeToTimeFields = procedure (ATime : PLARGE_INTEGER;
4155.                                ATimeFields : PTIME_FIELDS); stdcall;
4156.   TRtlTryEnterCriticalSection = function (
4157.     var Section: TRTLCriticalSection): Boolean; stdcall;
4158.   TRtlUnicodeStringToAnsiString = function (AnsiString: PANSI_STRING;
4159.     UnicodeString: PUNICODE_STRING; fAllocate: LongBool): NTSTATUS; stdcall;
4160.   TRtlUnicodeStringToInteger = function(AString: PUNICODE_STRING; Base: ULONG;
4161.     Value: PULONG):NTSTATUS; stdcall;
4162.   TRtlUnicodeStringToOemString = function(DestinationString: PSTRING;
4163.     SourceString: PUNICODE_STRING;
4164.     AllocateDestinationString: BOOL):NTSTATUS; stdcall;
4165.   TRtlUnicodeToMultiByteN = function(Dest: LPSTR; DestSize: Integer;
4166.     ReturnLength: PLONG; Source: LPWSTR; dwNumChars: Integer):NTSTATUS; stdcall;
4167.   TRtlUnicodeToMultiByteSize = function(pResult: LPDWORD; lpusString: PWideChar;
4168.     cchusString: DWORD):NTSTATUS; stdcall;
4169.   TRtlUnicodeToOemN = function(OemString: LPSTR; MaxBytesInOemString: ULONG;
4170.     BytesInOemString: PULONG; UnicodeString: LPWSTR;
4171.     BytesInUnicodeString: ULONG): NTSTATUS; stdcall;
4172.   TRtlUnlockHeap = function(HeapHandle: PVOID):BOOL; stdcall;
4173.   TRtlUnwind = procedure(TargetFrame, TargetIp: PVOID;
4174.     ExceptionRecord: PEXCEPTION_RECORD; ReturnValue: PVOID); stdcall;
4175.   TRtlUpcaseUnicodeChar = function(SourceCharacter: WideChar):WideChar; stdcall;
4176.   TRtlUpcaseUnicodeString = function(DestinationString: PUNICODE_STRING;
4177.     SourceString: PUNICODE_STRING;
4178.     AllocateDestinationString: BOOL):NTSTATUS; stdcall;
4179.   TRtlUpdateTimer = function(TimerQueueHandle, Timer: THANDLE;
4180.     DueTime, Period: ULONG):NTSTATUS; stdcall;
4181.   TRtlUpperChar = function(c: Char): Char; stdcall;
4182.   TRtlUpperString = procedure(
4183.     DestinationString, SourceString: PSTRING); stdcall;
4184.   TRtlUsageHeap = function(HeapHandle: PVOID; Flags: ULONG;
4185.     Usage: PRTL_HEAP_USAGE):NTSTATUS; stdcall;
4186.   TRtlValidAcl = function(Acl: PACL): BOOL; stdcall;
4187.   TRtlValidateHeap = function(HeapHandle: PVOID; Flags: ULONG;
4188.     BaseAddress: PVOID):BOOL; stdcall;
4189.   TRtlValidRelativeSecurityDescriptor = function(
4190.     SecurityDescriptorInput: PSECURITY_DESCRIPTOR;
4191.     SecurityDescriptorLength: ULONG;
4192.     RequiredInformation: SECURITY_INFORMATION): BOOL; stdcall;
4193.   TRtlValidSecurityDescriptor = function(
4194.     SecurityDescriptor: PSECURITY_DESCRIPTOR): BOOL; stdcall;
4195.   TRtlValidSid = function(Sid: PSID): BOOL; stdcall;
4196.   TRtlVerifyVersionInfo = function(VersionInfo: PRTL_OSVERSIONINFOEXW;
4197.     TypeMask: ULONG; ConditionMask: ULONGLONG):NTSTATUS; stdcall;
4198.   TRtlWalkHeap = function(HeapHandle: PVOID;
4199.     Entry: PRTL_HEAP_WALK_ENTRY):NTSTATUS; stdcall;
4200.   TRtlxAnsiStringToUnicodeSize = function(
4201.     AAnsiString: PANSI_STRING):ULONG; stdcall;
4202.   TRtlxOemStringToUnicodeSize = function(OemString: PSTRING):ULONG; stdcall;
4203.   TRtlxUnicodeStringToAnsiSize = function(
4204.     UnicodeString: PUNICODE_STRING):ULONG; stdcall;
4205.   TRtlxUnicodeStringToOemSize = function(
4206.     UnicodeString: PUNICODE_STRING):ULONG; stdcall;
4207.   TRtlZombifyActivationContext = function(hActCtx: THANDLE): NTSTATUS; stdcall;
4208.  
4209.   Twcscat = function(s1: LPWSTR; s2: LPWSTR):LPWSTR; cdecl;
4210.   Twcschr = function (const s: PWideChar; c: WideChar): PWideChar; cdecl;
4211.   Twcscmp = function(s1: LPWSTR; s2: LPWSTR):Integer; cdecl;
4212.   Twcscpy = function (const Dst, Src: PWideChar): PWideChar; cdecl;
4213.   Twcslen = function(s: LPWSTR):SIZE_T; cdecl;
4214.   Twcsrchr = function(s: LPWSTR; c: Integer):LPWSTR; cdecl;
4215.  
4216. const
4217.   ntdllname = 'ntdll.dll';
4218.  
4219. var
4220.   NtdllHandle: THandle;
4221.   IsWindowsXPorLater: Boolean;
4222. { Mark 4 }
4223.   _CsrAllocateCaptureBuffer: TCsrAllocateCaptureBuffer;
4224.   _CsrAllocateMessagePointer: TCsrAllocateMessagePointer;
4225.   _CsrCaptureMessageBuffer: TCsrCaptureMessageBuffer;
4226.   _CsrCaptureMessageString: TCsrCaptureMessageString;
4227.   _CsrCaptureMessageMultiUnicodeStringsInPlace:
4228.     TCsrCaptureMessageMultiUnicodeStringsInPlace;
4229.   _CsrClientCallServer: TCsrClientCallServer;
4230.   _CsrClientConnectToServer: TCsrClientConnectToServer;
4231.   _CsrClientConnectToServerXP: TCsrClientConnectToServerXP;
4232.   _CsrFreeCaptureBuffer: TCsrFreeCaptureBuffer;
4233.   _CsrGetProcessId: TCsrGetProcessId;
4234.   _CsrIdentifyAlertableThread: TCsrIdentifyAlertableThread;
4235.   _CsrNewThread: TCsrNewThread;
4236.   _DbgBreakPoint: TDbgBreakPoint;
4237.   _DbgUiConnectToDbg: TDbgUiConnectToDbg;
4238.   _DbgUiContinue: TDbgUiContinue;
4239.   _DbgUiConvertStateChangeStructure: TDbgUiConvertStateChangeStructure;
4240.   _DbgUiDebugActiveProcess: TDbgUiDebugActiveProcess;
4241.   _DbgUiGetThreadDebugObject: TDbgUiGetThreadDebugObject;
4242.   _DbgUiIssueRemoteBreakin: TDbgUiIssueRemoteBreakin;
4243.   _DbgUiStopDebugging: TDbgUiStopDebugging;
4244.   _DbgUiWaitStateChange: TDbgUiWaitStateChange;
4245.   _LdrAccessResource: TLdrAccessResource;
4246.   _LdrAlternateResourcesEnabled: TLdrAlternateResourcesEnabled;
4247.   _LdrDestroyOutOfProcessImage: TLdrDestroyOutOfProcessImage;
4248.   _LdrDisableThreadCalloutsForDll: TLdrDisableThreadCalloutsForDll;
4249.   _LdrEnumerateLoadedModules: TLdrEnumerateLoadedModules;
4250.   _LdrFindResource_U: TLdrFindResource_U;
4251.   _LdrFindResourceDirectory_U: TLdrFindResourceDirectory_U;
4252.   _LdrFlushAlternateResourceModules: TLdrFlushAlternateResourceModules;
4253.   _LdrGetDllHandle: TLdrGetDllHandle;
4254.   _LdrGetDllHandleEx: TLdrGetDllHandleEx;
4255.   _LdrGetProcedureAddress: TLdrGetProcedureAddress;
4256.   _LdrLoadAlternateResourceModule: TLdrLoadAlternateResourceModule;
4257.   _LdrLoadAlternateResourceModuleEx: TLdrLoadAlternateResourceModuleEx;
4258.   _LdrLoadDll: TLdrLoadDll;
4259.   _LdrLockLoaderLock: TLdrLockLoaderLock;
4260.   _LdrQueryImageFileExecutionOptions: TLdrQueryImageFileExecutionOptions;
4261.   _LdrSetDllManifestProber: TLdrSetDllManifestProber;
4262.   _LdrShutdownProcess: TLdrShutdownProcess;
4263.   _LdrShutdownThread: TLdrShutdownThread;
4264.   _LdrUnloadAlternateResourceModule: TLdrUnloadAlternateResourceModule;
4265.   _LdrUnloadDll: TLdrUnloadDll;
4266.   _LdrUnlockLoaderLock: TLdrUnlockLoaderLock;
4267.  
4268.   _NlsAnsiCodePage: PWORD;
4269.   _NtAcceptConnectPort: TNtAcceptConnectPort;
4270.   _NtAccessCheck: TNtAccessCheck;
4271.   _NtAccessCheckAndAuditAlarm: TNtAccessCheckAndAuditAlarm;
4272.   _NtAccessCheckByType: TNtAccessCheckByType;
4273.   _NtAccessCheckByTypeAndAuditAlarm: TNtAccessCheckByTypeAndAuditAlarm;
4274.   _NtAccessCheckByTypeResultList: TNtAccessCheckByTypeResultList;
4275.   _NtAccessCheckByTypeResultListAndAuditAlarm:
4276.     TNtAccessCheckByTypeResultListAndAuditAlarm;
4277.   _NtAccessCheckByTypeResultListAndAuditAlarmByHandle:
4278.     TNtAccessCheckByTypeResultListAndAuditAlarmByHandle;
4279.   _NtAddAtom: TNtAddAtom;
4280.   _NtAdjustGroupsToken: TNtAdjustGroupsToken;
4281.   _NtAdjustPrivilegesToken: TNtAdjustPrivilegesToken;
4282.   _NtAlertThread: TNtAlertThread;
4283.   _NtAllocateLocallyUniqueId: TNtAllocateLocallyUniqueId;
4284.   _NtAllocateUserPhysicalPages: TNtAllocateUserPhysicalPages;
4285.   _NtAllocateVirtualMemory: TNtAllocateVirtualMemory;
4286.   _NtApphelpCacheControl: TNtApphelpCacheControl;
4287.   _NtAssignProcessToJobObject: TNtAssignProcessToJobObject;
4288.   _NtAssociateProcessWithReserve: TNtAssociateProcessWithReserve;
4289.   _NtCancelDeviceWakeupRequest: TNtCancelDeviceWakeupRequest;
4290.   _NtCancelIoFile: TNtCancelIoFile;
4291.   _NtCancelTimer: TNtCancelTimer;
4292.   _NtClearEvent: TNtClearEvent;
4293.   _NtClose: TNtClose;
4294.   _NtCloseObjectAuditAlarm: TNtCloseObjectAuditAlarm;
4295.   _NtCommitTransaction: TNtCommitTransaction;
4296.   _NtCompleteConnectPort: TNtCompleteConnectPort;
4297.   _NtConnectPort: TNtConnectPort;
4298.   _NtCreateDirectoryObject: TNtCreateDirectoryObject;
4299.   _NtCreateEvent: TNtCreateEvent;
4300.   _NtCreateFile: TNtCreateFile;
4301.   _NtCreateJobObject: TNtCreateJobObject;
4302.   _NtCreateKey: TNtCreateKey;
4303.   _NtCreateMailSlotFile: TNtCreateMailSlotFile;
4304.   _NtCreateMutant: TNtCreateMutant;
4305.   _NtCreateNamedPipeFile: TNtCreateNamedPipeFile;
4306.   _NtCreatePort: TNtCreatePort;
4307.   _NtCreateSection: TNtCreateSection;
4308.   _NtCreateSemaphore: TNtCreateSemaphore;
4309.   _NtCreateSymbolicLinkObject: TNtCreateSymbolicLinkObject;
4310.   _NtCreateTimer: TNtCreateTimer;
4311.   _NtCreateThread: TNtCreateThread;
4312.   _NtCreateWaitablePort: TNtCreateWaitablePort;
4313.   _NtDebugActiveProcess: TNtDebugActiveProcess;
4314.   _NtDelayExecution: TNtDelayExecution;
4315.   _NtDeleteAtom: TNtDeleteAtom;
4316.   _NtDeleteFile: TNtDeleteFile;
4317.   _NtDeleteKey: TNtDeleteKey;
4318.   _NtDeleteObjectAuditAlarm: TNtDeleteObjectAuditAlarm;
4319.   _NtDeleteValueKey: TNtDeleteValueKey;
4320.   _NtDeviceIoControlFile: TNtDeviceIoControlFile;
4321.   _NtDisassociateProcessFromReserve: TNtDisassociateProcessFromReserve;
4322.   _NtDisjoinThreadFromReserve: TNtDisjoinThreadFromReserve;
4323.   _NtDuplicateObject: TNtDuplicateObject;
4324.   _NtDuplicateToken: TNtDuplicateToken;
4325.   _NtEnumerateKey: TNtEnumerateKey;
4326.   _NtEnumerateValueKey: TNtEnumerateValueKey;
4327.   _NtFilterToken: TNtFilterToken;
4328.   _NtFindAtom: TNtFindAtom;
4329.   _NtFlushBuffersFile: TNtFlushBuffersFile;
4330.   _NtFlushInstructionCache: TNtFlushInstructionCache;
4331.   _NtFlushKey: TNtFlushKey;
4332.   _NtFlushVirtualMemory: TNtFlushVirtualMemory;
4333.   _NtFreeUserPhysicalPages: TNtFreeUserPhysicalPages;
4334.   _NtFreeVirtualMemory: TNtFreeVirtualMemory;
4335.   _NtFsControlFile: TNtFsControlFile;
4336.   _NtGetCurrentProcessorNumber: TNtGetCurrentProcessorNumber;
4337.   _NtGetContextThread: TNtGetContextThread;
4338.   _NtGetDevicePowerState: TNtGetDevicePowerState;
4339.   _NtGetWriteWatch: TNtGetWriteWatch;
4340.   _NtImpersonateAnonymousToken: TNtImpersonateAnonymousToken;
4341.   _NtImpersonateClientOfPort: TNtImpersonateClientOfPort;
4342.   _NtInitiatePowerAction: TNtInitiatePowerAction;
4343.   _NtIsProcessInJob: TNtIsProcessInJob;
4344.   _NtIsSystemResumeAutomatic: TNtIsSystemResumeAutomatic;
4345.   _NtJoinThreadToReserve: TNtJoinThreadToReserve;
4346.   _NtListenPort: TNtListenPort;
4347.   _NtLoadDriver: TNtLoadDriver;
4348.   _NtLoadKey: TNtLoadKey;
4349.   _NtLockFile: TNtLockFile;
4350.   _NtLockVirtualMemory: TNtLockVirtualMemory;
4351.   _NtMakeTemporaryObject: TNtMakeTemporaryObject;
4352.   _NtMapUserPhysicalPages: TNtMapUserPhysicalPages;
4353.   _NtMapUserPhysicalPagesScatter: TNtMapUserPhysicalPagesScatter;
4354.   _NtMapViewOfSection: TNtMapViewOfSection;
4355.   _NtNotifyChangeDirectoryFile: TNtNotifyChangeDirectoryFile;
4356.   _NtNotifyChangeKey: TNtNotifyChangeKey;
4357.   _NtNotifyChangeMultipleKeys: TNtNotifyChangeMultipleKeys;
4358.   _NtOpenDirectoryObject : TNtOpenDirectoryObject;
4359.   _NtOpenEvent: TNtOpenEvent;
4360.   _NtOpenFile: TNtOpenFile;
4361.   _NtOpenJobObject: TNtOpenJobObject;
4362.   _NtOpenKey: TNtOpenKey;
4363.   _NtOpenMutant: TNtOpenMutant;
4364.   _NtOpenObjectAuditAlarm: TNtOpenObjectAuditAlarm;
4365.   _NtOpenProcess: TNtOpenProcess;
4366.   _NtOpenProcessToken: TNtOpenProcessToken;
4367.   _NtOpenReserve: TNtOpenReserve;
4368.   _NtOpenSection: TNtOpenSection;
4369.   _NtOpenSemaphore: TNtOpenSemaphore;
4370.   _NtOpenSymbolicLinkObject : TNtOpenSymbolicLinkObject;
4371.   _NtOpenThread: TNtOpenThread;
4372.   _NtOpenThreadToken: TNtOpenThreadToken;
4373.   _NtOpenTimer: TNtOpenTimer;
4374.   _NtPowerInformation: TNtPowerInformation;
4375.   _NtPrivilegeCheck: TNtPrivilegeCheck;
4376.   _NtPrivilegedServiceAuditAlarm: TNtPrivilegedServiceAuditAlarm;
4377.   _NtPrivilegeObjectAuditAlarm: TNtPrivilegeObjectAuditAlarm;
4378.   _NtProtectVirtualMemory: TNtProtectVirtualMemory;
4379.   _NtPulseEvent: TNtPulseEvent;
4380.   _NtQueryAttributesFile: TNtQueryAttributesFile;
4381.   _NtQueryDefaultLocale: TNtQueryDefaultLocale;
4382.   _NtQueryDefaultUILanguage: TNtQueryDefaultUILanguage;
4383.   _NtQueryDirectoryFile: TNtQueryDirectoryFile;
4384.   _NtQueryDirectoryObject : TNtQueryDirectoryObject;
4385.   _NtQueryEaFile: TNtQueryEaFile;
4386.   _NtQueryEvent: TNtQueryEvent;
4387.   _NtQueryFullAttributesFile: TNtQueryFullAttributesFile;
4388.   _NtQueryInformationAtom: TNtQueryInformationAtom;
4389.   _NtQueryInformationFile: TNtQueryInformationFile;
4390.   _NtQueryInformationJobObject: TNtQueryInformationJobObject;
4391.   _NtQueryInformationPort: TNtQueryInformationPort;
4392.   _NtQueryInformationProcess: TNtQueryInformationProcess;
4393.   _NtQueryInformationReserve: TNtQueryInformationReserve;
4394.   _NtQueryInformationThread: TNtQueryInformationThread;
4395.   _NtQueryInformationToken: TNtQueryInformationToken;
4396.   _NtQueryInstallUILanguage: TNtQueryInstallUILanguage;
4397.   _NtQueryKey: TNtQueryKey;
4398.   _NtQueryObject: TNtQueryQbject;
4399.   _NtQueryPerformanceCounter: TNtQueryPerformanceCounter;
4400.   _NtQuerySection: TNtQuerySection;
4401.   _NtQuerySecurityObject: TNtQuerySecurityObject;
4402.   _NtQuerySymbolicLinkObject : TNtQuerySymbolicLinkObject;
4403.   _NtQuerySystemInformation: TNtQuerySystemInformation;
4404.   _NtQuerySystemTime: TNtQuerySystemTime;
4405.   _NtQueryValueKey: TNtQueryValueKey;
4406.   _NtQueryVirtualMemory: TNtQueryVirtualMemory;
4407.   _NtQueryVolumeInformationFile: TNtQueryVolumeInformationFile;
4408.   _NtQueueApcThread: TNtQueueApcThread;
4409.   _NtRaiseHardError: TNtRaiseHardError;
4410.   _NtReadFile: TNtReadFile;
4411.   _NtReadFileScatter: TNtReadFileScatter;
4412.   _NtReadVirtualMemory: TNtReadVirtualMemory;
4413.   _NtRegisterThreadTerminatePort: TNtRegisterThreadTerminatePort;
4414.   _NtReleaseMutant: TNtReleaseMutant;
4415.   _NtReleaseSemaphore: TNtReleaseSemaphore;
4416.   _NtRelinquishBudget: TNtRelinquishBudget;
4417.   _NtRemoveIoCompletion: TNtRemoveIoCompletion;
4418.   _NtRemoveProcessDebug: TNtRemoveProcessDebug;
4419.   _NtReplaceKey: TNtReplaceKey;
4420.   _NtReplyPort: TNtReplyPort;
4421.   _NtReplyWaitReceivePort: TNtReplyWaitReceivePort;
4422.   _NtReplyWaitReplyPort: TNtReplyWaitReplyPort;
4423.   _NtRequestDeviceWakeup: TNtRequestDeviceWakeup;
4424.   _NtRequestPort: TNtRequestPort;
4425.   _NtRequestWaitReplyPort: TNtRequestWaitReplyPort;
4426.   _NtRequestWakeupLatency: TNtRequestWakeupLatency;
4427.   _NtResetEvent: TNtResetEvent;
4428.   _NtResetWriteWatch: TNtResetWriteWatch;
4429.   _NtRestoreKey: TNtRestoreKey;
4430.   _NtResumeThread: TNtResumeThread;
4431.   _NtRollbackTransaction: TNtRollbackTransaction;
4432.   _NtSaveKey: TNtSaveKey;
4433.   _NtSecureConnectPort: TNtSecureConnectPort;
4434.   _NtSetContextThread: TNtSetContextThread;
4435.   _NtSetDefaultHardErrorPort: TNtSetDefaultHardErrorPort;
4436.   _NtSetEaFile: TNtSetEaFile;
4437.   _NtSetEvent: TNtSetEvent;
4438.   _NtSetInformationDebugObject: TNtSetInformationDebugObject;
4439.   _NtSetInformationFile: TNtSetInformationFile;
4440.   _NtSetInformationJobObject: TNtSetInformationJobObject;
4441.   _NtSetInformationObject: TNtSetInformationObject;
4442.   _NtSetInformationProcess: TNtSetInformationProcess;
4443.   _NtSetInformationReserve: TNtSetInformationReserve;
4444.   _NtSetInformationThread: TNtSetInformationThread;
4445.   _NtSetInformationToken: TNtSetInformationToken;
4446.   _NtSetIoCompletion: TNtSetIoCompletion;
4447.   _NtSetSecurityObject: TNtSetSecurityObject;
4448.   _NtSetSystemInformation : TNtSetSystemInformation;
4449.   _NtSetSystemTime: TNtSetSystemTime;
4450.   _NtSetThreadExecutionState: TNtSetThreadExecutionState;
4451.   _NtSetTimer: TNtSetTimer;
4452.   _NtSetValueKey: TNtSetValueKey;
4453.   _NtSetVolumeInformationFile: TNtSetVolumeInformationFile;
4454.   _NtSignalAndWaitForSingleObject: TNtSignalAndWaitForSingleObject;
4455.   _NtSuspendThread: TNtSuspendThread;
4456.   _NtTerminateJobObject: TNtTerminateJobObject;
4457.   _NtTerminateProcess: TNtTerminateProcess;
4458.   _NtTerminateThread: TNtTerminateThread;
4459.   _NtTestAlert: TNtTestAlert;
4460.   _NtUnloadDriver: TNtUnloadDriver;
4461.   _NtUnloadKey: TNtUnloadKey;
4462.   _NtUnlockFile: TNtUnlockFile;
4463.   _NtUnmapViewOfSection: TNtUnmapViewOfSection;
4464.   _NtUnlockVirtualMemory: TNtUnlockVirtualMemory;
4465.   _NtVdmControl: TNtVdmControl;
4466.   _NtWaitForMultipleObjects: TNtWaitForMultipleObjects;
4467.   _NtWaitForSingleObject: TNtWaitForSingleObject;
4468.   _NtWriteFile: TNtWriteFile;
4469.   _NtWriteFileGather: TNtWriteFileGather;
4470.   _NtWriteVirtualMemory: TNtWriteVirtualMemory;
4471.   _NtYieldExecution: TNtYieldExecution;
4472.   _RtlAcquirePebLock: TRtlPebLock;
4473.   _RtlActivateActivationContext: TRtlActivateActivationContext;
4474.   _RtlActivateActivationContextEx: TRtlActivateActivationContextEx;
4475.   _RtlAddAccessAllowedAce: TRtlAddAccessAllowedAce;
4476.   _RtlAddRefActivationContext: TRtlAddRefActivationContext;
4477.   _RtlAdjustPrivilege: TRtlAdjustPrivilege;
4478.   _RtlAllocateAndInitializeSid: TRtlAllocateAndInitializeSid;
4479.   _RtlAllocateHandle: TRtlAllocateHandle;
4480.   _RtlAllocateHeap: TRtlAllocateHeap;
4481.   _RtlAnsiCharToUnicodeChar: TRtlAnsiCharToUnicodeChar;
4482.   _RtlAnsiStringToUnicodeSize: TRtlAnsiStringToUnicodeSize;
4483.   _RtlAnsiStringToUnicodeString: TRtlAnsiStringToUnicodeString;
4484.   _RtlAppendUnicodeStringToString: TRtlAppendUnicodeStringToString;
4485.   _RtlAppendUnicodeToString: TRtlAppendUnicodeToString;
4486.   _RtlApplicationVerifierStop: TRtlApplicationVerifierStop;
4487.   _RtlAreBitsSet: TRtlAreBitsSet;
4488.   _RtlCharToInteger: TRtlCharToInteger;
4489.   _RtlCheckRegistryKey: TRtlCheckRegistryKey;
4490.   _RtlClearBits: TRtlClearBits;
4491.   _RtlCompactHeap: TRtlCompactHeap;
4492.   _RtlCompareMemory: TRtlCompareMemory;
4493.   _RtlCompareString: TRtlCompareString;
4494.   _RtlCompareUnicodeString: TRtlCompareUnicodeString;
4495.   _RtlConvertSidToUnicodeString: TRtlConvertSidToUnicodeString;
4496.   _RtlCopyLuid: TRtlCopyLuid;
4497.   _RtlCopyString: TRtlCopyString;
4498.   _RtlCopyUnicodeString: TRtlCopyUnicodeString;
4499.   _RtlCreateAcl: TRtlCreateAcl;
4500.   _RtlCreateAtomTable: TRtlCreateAtomTable;
4501.   _RtlCreateEnvironment: TRtlCreateEnvironment;
4502.   _RtlCreateHeap: TRtlCreateHeap;
4503.   _RtlCreateProcessParameters: TRtlCreateProcessParameters;
4504.   _RtlCreateQueryDebugBuffer: TRtlCreateQueryDebugBuffer;
4505.   _RtlCreateSecurityDescriptor: TRtlCreateSecurityDescriptor;
4506.   _RtlCreateTagHeap: TRtlCreateTagHeap;
4507.   _RtlCreateTimer: TRtlCreateTimer;
4508.   _RtlCreateTimerQueue: TRtlCreateTimerQueue;
4509.   _RtlCreateUnicodeString: TRtlCreateUnicodeString;
4510.   _RtlCreateUnicodeStringFromAsciiz: TRtlCreateUnicodeStringFromAsciiz;
4511.   _RtlCustomCPToUnicodeN: TRtlCustomCPToUnicodeN;
4512.   _RtlCutoverTimeToSystemTime: TRtlCutoverTimeToSystemTime;
4513.   _RtlDefaultNpAcl: TRtlDefaultNpAcl;
4514.   _RtlDeleteAtomFromAtomTable: TRtlDeleteAtomFromAtomTable;
4515.   _RtlDeleteCriticalSection: TRtlDeleteCriticalSection;
4516.   _RtlDeleteTimer: TRtlDeleteTimer;
4517.   _RtlDeleteTimerQueue: TRtlDeleteTimerQueue;
4518.   _RtlDeleteTimerQueueEx: TRtlDeleteTimerQueueEx;
4519.   _RtlDeregisterWait: TRtlDeregisterWait;
4520.   _RtlDeregisterWaitEx: TRtlDeregisterWaitEx;
4521.   _RtlDestroyEnvironment: TRtlDestroyEnvironment;
4522.   _RtlDestroyHeap : TRtlDestroyHeap;
4523.   _RtlDestroyProcessParameters: TRtlDestroyProcessParameters;
4524.   _RtlDestroyQueryDebugBuffer: TRtlDestroyQueryDebugBuffer;
4525.   _RtlDetermineDosPathNameType_U: TRtlDetermineDosPathNameType_U;
4526.   _RtlDllShutdownInProgress: TRtlDllShutdownInProgress;
4527.   _RtlDnsHostNameToComputerName: TRtlDnsHostNameToComputerName;
4528.   _RtlDoesFileExists_U: TRtlDoesFileExists_U;
4529.   _RtlDosPathNameToNtPathName_U: TRtlDosPathNameToNtPathName_U;
4530.   _RtlDosSearchPath_U: TRtlDosSearchPath_U;
4531.   _RtlEnterCriticalSection: TRtlEnterCriticalSection;
4532.   _RtlEqualSid: TRtlEqualSid;
4533.   _RtlEqualString: TRtlEqualString;
4534.   _RtlEqualUnicodeString: TRtlEqualUnicodeString;
4535.   _RtlExpandEnvironmentStrings_U: TRtlExpandEnvironmentStrings_U;
4536.   _RtlExtendedLargeIntegerDivide: TRtlExtendedLargeIntegerDivide;
4537.   _RtlExtendHeap: TRtlExtendHeap;
4538.   _RtlFindClearBitsAndSet: TRtlFindClearBitsAndSet;
4539.   _RtlFindMessage: TRtlFindMessage;
4540.   _RtlFlushSecureMemoryCache: TRtlFlushSecureMemoryCache;
4541.   _RtlFormatCurrentUserKeyPath: TRtlFormatCurrentUserKeyPath;
4542.   _RtlFormatMessage: TRtlFormatMessage;
4543.   _RtlFreeThreadActivationContextStack: TRtlFreeThreadActivationContextStack;
4544.   _RtlFreeAnsiString: TRtlFreeAnsiString;
4545.   _RtlFreeHandle: TRtlFreeHandle;
4546.   _RtlFreeHeap: TRtlFreeHeap;
4547.   _RtlFreeOemString: TRtlFreeOemString;
4548.   _RtlFreeSid: TRtlFreeSid;
4549.   _RtlFreeUnicodeString: TRtlFreeUnicodeString;
4550.   _RtlGetAce: TRtlGetAce;
4551.   _RtlGetActiveActivationContext: TRtlGetActiveActivationContext;
4552.   _RtlGetCurrentDirectory_U: TRtlGetCurrentDirectory_U;
4553.   _RtlGetDaclSecurityDescriptor: TRtlGetDaclSecurityDescriptor;
4554.   _RtlGetFrame: TRtlGetFrame;
4555.   _RtlGetFullPathName_U: TRtlGetFullPathName_U;
4556.   _RtlGetLastNtStatus: TRtlGetLastNtStatus;
4557.   _RtlGetLastWin32Error: TRtlGetLastWin32Error;
4558.   _RtlGetLongestNtPathLength: TRtlGetLongestNtPathLength;
4559.   _RtlGetNtGlobalFlags: TRtlGetNtGlobalFlags;
4560.   _RtlGetProcessHeaps: TRtlGetProcessHeaps;
4561.   _RtlGetThreadErrorMode: TRtlGetThreadErrorMode;
4562.   _RtlGetUserInfoHeap: TRtlGetUserInfoHeap;
4563.   _RtlGetVersion: TRtlGetVersion;
4564.   _RtlGUIDFromString: TRtlGUIDFromString;
4565.   _RtlImageDirectoryEntryToData: TRtlImageDirectoryEntryToData;
4566.   _RtlImageNtHeader : TRtlImageNtHeader;
4567.   _RtlImageNtHeaderEx: TRtlImageNtHeaderEx;
4568.   _RtlImpersonateSelf: TRtlImpersonateSelf;
4569.   _RtlInitAnsiString: TRtlInitAnsiString;
4570.   _RtlInitializeCriticalSection: TRtlInitializeCriticalSection;
4571.   _RtlInitializeCriticalSectionAndSpinCount:
4572.     TRtlInitializeCriticalSectionAndSpinCount;
4573.   _RtlInitializeHandleTable: TRtlInitializeHandleTable;
4574.   _RtlInitializeSid: TRtlInitializeSid;
4575.   _RtlInitString: TRtlInitString;
4576.   _RtlInitUnicodeString: TRtlInitUnicodeString;
4577.   _RtlIntegerToChar: TRtlIntegerToChar;
4578.   _RtlIntegerToUnicodeString: TRtlIntegerToUnicodeString;
4579.   _RtlIsActivationContextActive: TRtlIsActivationContextActive;
4580.   _RtlIsDosDeviceName_U: TRtlIsDosDeviceName_U;
4581.   _RtlIsNameLegalDOS8Dot3: TRtlIsNameLegalDOS8Dot3;
4582.   _RtlIsTextUnicode: TRtlIsTextUnicode;
4583.   _RtlIsValidHandle: TRtlIsValidHandle;
4584.   _RtlLeaveCriticalSection: TRtlLeaveCriticalSection;
4585.   _RtlLengthRequiredSid: TRtlLengthRequiredSid;
4586.   _RtlLengthSecurityDescriptor: TRtlLengthSecurityDescriptor;
4587.   _RtlLengthSid: TRtlLengthSid;
4588.   _RtlLockHeap: TRtlLockHeap;
4589.   _RtlMultiByteToUnicodeN: TRtlMultiByteToUnicodeN;
4590.   _RtlMultiByteToUnicodeSize: TRtlMultiByteToUnicodeSize;
4591.   _RtlNtStatusToDosError: TRtlNtStatusToDosError;
4592.   _RtlNtStatusToDosErrorNoTeb: TRtlNtStatusToDosErrorNoTeb;
4593.   _RtlOemStringToUnicodeString: TRtlOemStringToUnicodeString;
4594.   _RtlOemToUnicodeN: TRtlOemToUnicodeN;
4595.   _RtlOpenCurrentUser: TRtlOpenCurrentUser;
4596.   _RtlPcToFileHeader: TRtlPcToFileHeader;
4597.   _RtlPrefixString: TRtlPrefixString;
4598.   _RtlPrefixUnicodeString: TRtlPrefixUnicodeString;
4599.   _RtlpUnWaitCriticalSection: TRtlpUnWaitCriticalSection;
4600.   _RtlpWaitForCriticalSection: TRtlpWaitForCriticalSection;
4601.   _RtlQueryAtomInAtomTable: TRtlQueryAtomInAtomTable;
4602.   _RtlQueryEnvironmentVariable_U: TRtlQueryEnvironmentVariable_U;
4603.   _RtlQueryHeapInformation: TRtlQueryHeapInformation;
4604.   _RtlQueryInformationAcl: TRtlQueryInformationAcl;
4605.   _RtlQueryInformationActivationContext: TRtlQueryInformationActivationContext;
4606.   _RtlQueryInformationActiveActivationContext:
4607.     TRtlQueryInformationActiveActivationContext;
4608.   _RtlQueryProcessDebugInformation: TRtlQueryProcessDebugInformation;
4609.   _RtlQueryRegistryValues: TRtlQueryRegistryValues;
4610.   _RtlQueryTagHeap: TRtlQueryTagHeap;
4611.   _RtlQueueWorkItem: TRtlQueueWorkItem;
4612.   _RtlRaiseException: TRtlRaiseException;
4613.   _RtlRaiseStatus: TRtlRaiseStatus;
4614.   _RtlReAllocateHeap: TRtlReAllocateHeap;
4615.   _RtlRegisterWait: TRtlRegisterWait;
4616.   _RtlReleaseActivationContext: TRtlReleaseActivationContext;
4617.   _RtlReleasePebLock: TRtlPebLock;
4618.   _RtlRestoreLastWin32Error: TRtlRestoreLastWin32Error;
4619.   _RtlRunDecodeUnicodeString: TRtlRunDecodeUnicodeString;
4620.   _RtlRunEncodeUnicodeString: TRtlRunEncodeUnicodeString;
4621.   _RtlSetCurrentDirectory_U: TRtlSetCurrentDirectory_U;
4622.   _RtlSetDaclSecurityDescriptor: TRtlSetDaclSecurityDescriptor;
4623.   _RtlSetEnvironmentVariable: TRtlSetEnvironmentVariable;
4624.   _RtlSetHeapInformation: TRtlSetHeapInformation;
4625.   _RtlSetIoCompletionCallback: TRtlSetIoCompletionCallback;
4626.   _RtlSetTimeZoneInformation: TRtlSetTimeZoneInformation;
4627.   _RtlSetThreadErrorMode: TRtlSetThreadErrorMode;
4628.   _RtlSetThreadPoolStartFunc: TRtlSetThreadPoolStartFunc;
4629.   _RtlSetUnicodeCallouts: TRtlSetUnicodeCallouts;
4630.   _RtlSetUserValueHeap: TRtlSetUserValueHeap;
4631.   _RtlSizeHeap: TRtlSizeHeap;
4632.   _RtlStringFromGUID: TRtlStringFromGUID;
4633.   _RtlSubAuthoritySid: TRtlSubAuthoritySid;
4634.   _RtlTimeFieldsToTime: TRtlTimeFieldsToTime;
4635.   _RtlTimeToTimeFields: TRtlTimeToTimeFields;
4636.   _RtlTryEnterCriticalSection: TRtlTryEnterCriticalSection;
4637.   _RtlUnicodeStringToAnsiString: TRtlUnicodeStringToAnsiString;
4638.   _RtlUnicodeStringToInteger: TRtlUnicodeStringToInteger;
4639.   _RtlUnicodeStringToOemString: TRtlUnicodeStringToOemString;
4640.   _RtlUnicodeToMultiByteN: TRtlUnicodeToMultiByteN;
4641.   _RtlUnicodeToMultiByteSize: TRtlUnicodeToMultiByteSize;
4642.   _RtlUnicodeToOemN: TRtlUnicodeToOemN;
4643.   _RtlUnlockHeap: TRtlUnlockHeap;
4644.   _RtlUnwind: TRtlUnwind;
4645.   _RtlUpcaseUnicodeChar: TRtlUpcaseUnicodeChar;
4646.   _RtlUpcaseUnicodeString: TRtlUpcaseUnicodeString;
4647.   _RtlUpdateTimer: TRtlUpdateTimer;
4648.   _RtlUpperChar: TRtlUpperChar;
4649.   _RtlUpperString: TRtlUpperString;
4650.   _RtlUsageHeap: TRtlUsageHeap;
4651.   _RtlValidAcl: TRtlValidAcl;
4652.   _RtlValidateHeap: TRtlValidateHeap;
4653.   _RtlValidRelativeSecurityDescriptor: TRtlValidRelativeSecurityDescriptor;
4654.   _RtlValidSecurityDescriptor: TRtlValidSecurityDescriptor;
4655.   _RtlValidSid: TRtlValidSid;
4656.   _RtlVerifyVersionInfo: TRtlVerifyVersionInfo;
4657.   _RtlWalkHeap: TRtlWalkHeap;
4658.   _RtlxAnsiStringToUnicodeSize: TRtlxAnsiStringToUnicodeSize;
4659.   _RtlxOemStringToUnicodeSize: TRtlxOemStringToUnicodeSize;
4660.   _RtlxUnicodeStringToAnsiSize: TRtlxUnicodeStringToAnsiSize;
4661.   _RtlxUnicodeStringToOemSize: TRtlxUnicodeStringToOemSize;
4662.   _RtlZombifyActivationContext: TRtlZombifyActivationContext;
4663.   _wcscat: Twcscat;
4664.   _wcschr: Twcschr;
4665.   _wcscmp: Twcscmp;
4666.   _wcscpy: Twcscpy;
4667.   _wcslen: Twcslen;
4668.   _wcsrchr: Twcsrchr;
4669.  
4670. function InitNT : Boolean;
4671. var
4672.   AOsVersionInfo : TOsVersionInfoA;
4673. begin
4674.   if NtDllHandle = 0 then begin
4675.     FillChar(AOsVersionInfo, Sizeof(AOsVersionInfo), 0);
4676.     AOsVersionInfo.dwOSVersionInfoSize := Sizeof(AOsVersionInfo);
4677.     if not GetVersionExA(AOsVersionInfo) then begin
4678.       Result := false;
4679.       Exit;
4680.     end;
4681.     if AOsVersionInfo.dwPlatformId = VER_PLATFORM_WIN32_NT then begin
4682.       IsWindowsXPorLater := (AOsVersionInfo.dwMajorVersion > 5) or
4683.         ((AOsVersionInfo.dwMajorVersion = 5) and
4684.          (AOsVersionInfo.dwMinorVersion > 0));
4685.       NtDllHandle := GetModuleHandle(ntdllname);
4686. { Mark 5 }
4687.       if NtDllHandle <> 0 then begin
4688.         @_CsrAllocateCaptureBuffer := GetProcAddress(NtDllHandle,
4689.           'CsrAllocateCaptureBuffer');
4690.         @_CsrAllocateMessagePointer := GetProcAddress(NtDllHandle,
4691.           'CsrAllocateMessagePointer');
4692.         @_CsrCaptureMessageBuffer := GetProcAddress(NtDllHandle,
4693.           'CsrCaptureMessageBuffer');
4694.         @_CsrCaptureMessageString := GetProcAddress(NtDllHandle,
4695.           'CsrCaptureMessageString');
4696.         @_CsrCaptureMessageMultiUnicodeStringsInPlace := GetProcAddress(
4697.           NtDllHandle, 'CsrCaptureMessageMultiUnicodeStringsInPlace');
4698.         @_CsrClientCallServer := GetProcAddress(NtDllHandle,
4699.           'CsrClientCallServer');
4700.         @_CsrClientConnectToServer:= GetProcAddress(NtDllHandle,
4701.           'CsrClientConnectToServer');
4702.         @_CsrClientConnectToServerXP:= GetProcAddress(NtDllHandle,
4703.           'CsrClientConnectToServer');
4704.         @_CsrFreeCaptureBuffer := GetProcAddress(NtDllHandle,
4705.           'CsrFreeCaptureBuffer');
4706.         @_CsrGetProcessId := GetProcAddress(NtDllHandle, 'CsrGetProcessId');
4707.         @_CsrIdentifyAlertableThread := GetProcAddress(NtDllHandle,
4708.           'CsrIdentifyAlertableThread');
4709.         @_CsrNewThread := GetProcAddress(NtDllHandle, 'CsrNewThread');
4710.         @_DbgBreakPoint := GetProcAddress(NtDllHandle, 'DbgBreakPoint');
4711.         @_DbgUiConnectToDbg := GetProcAddress(NtDllHandle, 'DbgUiConnectToDbg');
4712.         @_DbgUiContinue := GetProcAddress(NtDllHandle, 'DbgUiContinue');
4713.         @_DbgUiConvertStateChangeStructure := GetProcAddress(NtDllHandle,
4714.           'DbgUiConvertStateChangeStructure');
4715.         @_DbgUiDebugActiveProcess := GetProcAddress(NtDllHandle,
4716.           'DbgUiDebugActiveProcess');
4717.         @_DbgUiGetThreadDebugObject := GetProcAddress(NtDllHandle,
4718.           'DbgUiGetThreadDebugObject');
4719.         @_DbgUiIssueRemoteBreakin := GetProcAddress(NtDllHandle,
4720.           'DbgUiIssueRemoteBreakin');
4721.         @_DbgUiStopDebugging := GetProcAddress(NtDllHandle,
4722.           'DbgUiStopDebugging');
4723.         @_DbgUiWaitStateChange := GetProcAddress(NtDllHandle,
4724.           'DbgUiWaitStateChange');
4725.  
4726.         @_LdrAccessResource := GetProcAddress(NtDllHandle, 'LdrAccessResource');
4727.         @_LdrAlternateResourcesEnabled := GetProcAddress(NtDllHandle,
4728.           'LdrAlternateResourcesEnabled');
4729.         @_LdrDestroyOutOfProcessImage := GetProcAddress(NtDllHandle,
4730.           'LdrDestroyOutOfProcessImage');
4731.         @_LdrDisableThreadCalloutsForDll:= GetProcAddress(NtDllHandle,
4732.           'LdrDisableThreadCalloutsForDll');
4733.         @_LdrEnumerateLoadedModules := GetProcAddress(NtDllHandle,
4734.           'LdrEnumerateLoadedModules');
4735.         @_LdrFindResource_U := GetProcAddress(NtDllHandle, 'LdrFindResource_U');
4736.         @_LdrFindResourceDirectory_U := GetProcAddress(NtDllHandle,
4737.           'LdrFindResourceDirectory_U');
4738.         @_LdrFlushAlternateResourceModules := GetProcAddress(NtDllHandle,
4739.           'LdrFlushAlternateResourceModules');
4740.         @_LdrGetDllHandle:= GetProcAddress(NtDllHandle, 'LdrGetDllHandle');
4741.         @_LdrGetDllHandleEx := GetProcAddress(NtDllHandle, 'LdrGetDllHandleEx');
4742.         @_LdrGetProcedureAddress := GetProcAddress(NtDllHandle,
4743.           'LdrGetProcedureAddress');
4744.         @_LdrLoadAlternateResourceModule:= GetProcAddress(NtDllHandle,
4745.           'LdrLoadAlternateResourceModule');
4746.         @_LdrLoadAlternateResourceModuleEx := GetProcAddress(NtDllHandle,
4747.           'LdrLoadAlternateResourceModuleEx');
4748.         @_LdrLoadDll:= GetProcAddress(NtDllHandle, 'LdrLoadDll');
4749.         @_LdrLockLoaderLock:= GetProcAddress(NtDllHandle, 'LdrLockLoaderLock');
4750.         @_LdrQueryImageFileExecutionOptions:= GetProcAddress(NtDllHandle,
4751.           'LdrQueryImageFileExecutionOptions');
4752.         @_LdrSetDllManifestProber := GetProcAddress(NtDllHandle,
4753.           'LdrSetDllManifestProber');
4754.         @_LdrShutdownProcess:= GetProcAddress(NtDllHandle,
4755.           'LdrShutdownProcess');
4756.         @_LdrShutdownThread:= GetProcAddress(NtDllHandle, 'LdrShutdownThread');
4757.         @_LdrUnloadAlternateResourceModule := GetProcAddress(NtDllHandle,
4758.           'LdrUnloadAlternateResourceModule');
4759.         @_LdrUnloadDll:= GetProcAddress(NtDllHandle, 'LdrUnloadDll');
4760.         @_LdrUnlockLoaderLock:= GetProcAddress(NtDllHandle,
4761.           'LdrUnlockLoaderLock');
4762.  
4763.         _NlsAnsiCodePage := GetProcAddress(NtDllHandle, 'NlsAnsiCodePage');
4764.  
4765.         @_NtAcceptConnectPort := GetProcAddress(NtDllHandle,
4766.           'NtAcceptConnectPort');
4767.         @_NtAccessCheck := GetProcAddress(NtDllHandle, 'NtAccessCheck');
4768.         @_NtAccessCheckAndAuditAlarm := GetProcAddress(NtDllHandle,
4769.           'NtAccessCheckAndAuditAlarm');
4770.         @_NtAccessCheckByType := GetProcAddress(NtDllHandle,
4771.           'NtAccessCheckByType');
4772.         @_NtAccessCheckByTypeAndAuditAlarm := GetProcAddress(NtDllHandle,
4773.           'NtAccessCheckByTypeAndAuditAlarm');
4774.         @_NtAccessCheckByTypeResultList := GetProcAddress(NtDllHandle,
4775.           'NtAccessCheckByTypeResultList');
4776.         @_NtAccessCheckByTypeResultListAndAuditAlarm := GetProcAddress(
4777.           NtDllHandle, 'NtAccessCheckByTypeResultListAndAuditAlarm');
4778.         @_NtAccessCheckByTypeResultListAndAuditAlarmByHandle := GetProcAddress(
4779.           NtDllHandle, 'NtAccessCheckByTypeResultListAndAuditAlarmByHandle');
4780.         @_NtAddAtom := GetProcAddress(NtDllHandle, 'NtAddAtom');
4781.         @_NtAdjustGroupsToken := GetProcAddress(NtDllHandle,
4782.           'NtAdjustGroupsToken');
4783.         @_NtAdjustPrivilegesToken := GetProcAddress(NtDllHandle,
4784.           'NtAdjustPrivilegesToken');
4785.         @_NtAlertThread := GetProcAddress(NtDllHandle, 'NtAlertThread');
4786.         @_NtAllocateLocallyUniqueId := GetProcAddress(NtDllHandle,
4787.           'NtAllocateLocallyUniqueId');
4788.         @_NtAllocateUserPhysicalPages := GetProcAddress(NtDllHandle,
4789.           'NtAllocateUserPhysicalPages');
4790.         @_NtAllocateVirtualMemory := GetProcAddress(NtDllHandle,
4791.           'NtAllocateVirtualMemory');
4792.         @_NtApphelpCacheControl := GetProcAddress(NtDllHandle,
4793.           'NtApphelpCacheControl');
4794.         @_NtAssignProcessToJobObject := GetProcAddress(NtDllHandle,
4795.           'NtAssignProcessToJobObject');
4796.         @_NtAssociateProcessWithReserve := GetProcAddress(NtDllHandle,
4797.           'NtAssociateProcessWithReserve');
4798.         @_NtCancelDeviceWakeupRequest := GetProcAddress(NtDllHandle,
4799.           'NtCancelDeviceWakeupRequest');
4800.         @_NtCancelIoFile := GetProcAddress(NtDllHandle, 'NtCancelIoFile');
4801.         @_NtCancelTimer := GetProcAddress(NtDllHandle, 'NtCancelTimer');
4802.         @_NtClearEvent := GetProcAddress(NtDllHandle, 'NtClearEvent');
4803.         @_NtClose := GetProcAddress(NtDllHandle, 'NtClose');
4804.         @_NtCloseObjectAuditAlarm := GetProcAddress(NtDllHandle,
4805.          'NtCloseObjectAuditAlarm');
4806.         @_NtCommitTransaction := GetProcAddress(NtDllHandle,
4807.           'NtCommitTransaction');
4808.         @_NtCompleteConnectPort := GetProcAddress(NtDllHandle,
4809.           'NtCompleteConnectPort');
4810.         @_NtConnectPort := GetProcAddress(NtDllHandle, 'NtConnectPort');
4811.         @_NtCreateDirectoryObject := GetProcAddress(NtDllHandle,
4812.           'NtCreateDirectoryObject');
4813.         @_NtCreateEvent := GetProcAddress(NtDllHandle, 'NtCreateEvent');
4814.         @_NtCreateFile := GetProcAddress(NtDllHandle, 'NtCreateFile');
4815.         @_NtCreateJobObject := GetProcAddress(NtDllHandle, 'NtCreateJobObject');
4816.         @_NtCreateKey := GetProcAddress(NtDllHandle, 'NtCreateKey');
4817.         @_NtCreateMailSlotFile := GetProcAddress(NtDllHandle,
4818.           'NtCreateMailSlotFile');
4819.         @_NtCreateMutant := GetProcAddress(NtDllHandle, 'NtCreateMutant');
4820.         @_NtCreateNamedPipeFile := GetProcAddress(NtDllHandle,
4821.           'NtCreateNamedPipeFile');
4822.         @_NtCreatePort := GetProcAddress(NtDllHandle, 'NtCreatePort');
4823.         @_NtCreateSection := GetProcAddress(NtDllHandle, 'NtCreateSection');
4824.         @_NtCreateSemaphore := GetProcAddress(NtDllHandle, 'NtCreateSemaphore');
4825.         @_NtCreateSymbolicLinkObject := GetProcAddress(NtDllHandle,
4826.           'NtCreateSymbolicLinkObject');
4827.         @_NtCreateThread := GetProcAddress(NtDllHandle, 'NtCreateThread');
4828.         @_NtCreateTimer := GetProcAddress(NtDllHandle, 'NtCreateTimer');
4829.         @_NtCreateWaitablePort := GetProcAddress(NtDllHandle,
4830.           'NtCreateWaitablePort');
4831.         @_NtDebugActiveProcess := GetProcAddress(NtDllHandle,
4832.           'NtDebugActiveProcess');
4833.         @_NtDelayExecution := GetProcAddress(NtDllHandle, 'NtDelayExecution');
4834.         @_NtDeleteAtom := GetProcAddress(NtDllHandle, 'NtDeleteAtom');
4835.         @_NtDeleteFile := GetProcAddress(NtDllHandle, 'NtDeleteFile');
4836.         @_NtDeleteKey := GetProcAddress(NtDllHandle, 'NtDeleteKey');
4837.         @_NtDeleteObjectAuditAlarm := GetProcAddress(NtDllHandle,
4838.           'NtDeleteObjectAuditAlarm');
4839.         @_NtDeleteValueKey := GetProcAddress(NtDllHandle, 'NtDeleteValueKey');
4840.         @_NtDeviceIoControlFile := GetProcAddress(NtDllHandle,
4841.           'NtDeviceIoControlFile');
4842.         @_NtDisassociateProcessFromReserve := GetProcAddress(NtDllHandle,
4843.           'NtDisassociateProcessFromReserve');
4844.         @_NtDisjoinThreadFromReserve := GetProcAddress(NtDllHandle,
4845.           'NtDisjoinThreadFromReserve');
4846.         @_NtDuplicateObject := GetProcAddress(NtDllHandle,
4847.           'NtDuplicateObject');
4848.         @_NtDuplicateToken := GetProcAddress(NtDllHandle, 'NtDuplicateToken');
4849.         @_NtEnumerateKey := GetProcAddress(NtDllHandle, 'NtEnumerateKey');
4850.         @_NtEnumerateValueKey := GetProcAddress(NtDllHandle,
4851.           'NtEnumerateValueKey');
4852.         @_NtFilterToken := GetProcAddress(NtDllHandle, 'NtFilterToken');
4853.         @_NtFindAtom := GetProcAddress(NtDllHandle, 'NtFindAtom');
4854.         @_NtFlushBuffersFile := GetProcAddress(NtDllHandle,
4855.           'NtFlushBuffersFile');
4856.         @_NtFlushInstructionCache := GetProcAddress(NtDllHandle,
4857.           'NtFlushInstructionCache');
4858.         @_NtFlushKey := GetProcAddress (NtDllHandle, 'NtFlushKey');
4859.         @_NtFlushVirtualMemory := GetProcAddress(NtDllHandle,
4860.           'NtFlushVirtualMemory');
4861.         @_NtFreeUserPhysicalPages := GetProcAddress(NtDllHandle,
4862.           'NtFreeUserPhysicalPages');
4863.         @_NtFreeVirtualMemory := GetProcAddress(NtDllHandle,
4864.           'NtFreeVirtualMemory');
4865.         @_NtFsControlFile := GetProcAddress(NtDllHandle, 'NtFsControlFile');
4866.         @_NtGetCurrentProcessorNumber := GetProcAddress(NtDllHandle,
4867.           'NtGetCurrentProcessorNumber');
4868.         @_NtGetContextThread := GetProcAddress(NtDllHandle,
4869.           'NtGetContextThread');
4870.         @_NtGetDevicePowerState := GetProcAddress(NtDllHandle,
4871.           'NtGetDevicePowerState');
4872.         @_NtGetWriteWatch := GetProcAddress(NtDllHandle, 'NtGetWriteWatch');
4873.         @_NtImpersonateAnonymousToken := GetProcAddress(NtDllHandle,
4874.           'NtImpersonateAnonymousToken');
4875.         @_NtImpersonateClientOfPort := GetProcAddress(NtDllHandle,
4876.           'NtImpersonateClientOfPort');
4877.         @_NtInitiatePowerAction := GetProcAddress(NtDllHandle,
4878.           'NtInitiatePowerAction');
4879.         @_NtIsProcessInJob := GetProcAddress(NtDllHandle, 'NtIsProcessInJob');
4880.         @_NtIsSystemResumeAutomatic := GetProcAddress(NtDllHandle,
4881.           'NtIsSystemResumeAutomatic');
4882.         @_NtJoinThreadToReserve := GetProcAddress(NtDllHandle,
4883.           'NtJoinThreadToReserve');
4884.         @_NtListenPort := GetProcAddress(NtDllHandle, 'NtListenPort');
4885.         @_NtLoadDriver := GetProcAddress(NtDllHandle, 'NtLoadDriver');
4886.         @_NtLoadKey := GetProcAddress(NtDllHandle, 'NtLoadKey');
4887.         @_NtLockFile := GetProcAddress(NtDllHandle, 'NtLockFile');
4888.         @_NtLockVirtualMemory := GetProcAddress(NtDllHandle,
4889.           'NtLockVirtualMemory');
4890.         @_NtMapUserPhysicalPages := GetProcAddress(NtDllHandle,
4891.           'NtMapUserPhysicalPages');
4892.         @_NtMapUserPhysicalPagesScatter := GetProcAddress(NtDllHandle,
4893.           'NtMapUserPhysicalPagesScatter');
4894.         @_NtMapViewOfSection := GetProcAddress(NtDllHandle,
4895.           'NtMapViewOfSection');
4896.         @_NtMakeTemporaryObject := GetProcAddress(NtDllHandle,
4897.           'NtMakeTemporaryObject');
4898.         @_NtNotifyChangeDirectoryFile := GetProcAddress(NtDllHandle,
4899.           'NtNotifyChangeDirectoryFile');
4900.         @_NtNotifyChangeKey := GetProcAddress(NtDllHandle, 'NtNotifyChangeKey');
4901.         @_NtNotifyChangeMultipleKeys := GetProcAddress(NtDllHandle,
4902.           'NtNotifyChangeMultipleKeys');
4903.         @_NtOpenDirectoryObject := GetProcAddress(NtDllHandle,
4904.           'NtOpenDirectoryObject');
4905.         @_NtOpenEvent := GetProcAddress(NtDllHandle, 'NtOpenEvent');
4906.         @_NtOpenFile := GetProcAddress(NtDllHandle, 'NtOpenFile');
4907.         @_NtOpenJobObject := GetProcAddress(NtDllHandle, 'NtOpenJobObject');
4908.         @_NtOpenKey := GetProcAddress(NtDllHandle, 'NtOpenKey');
4909.         @_NtOpenMutant := GetProcAddress(NtDllHandle, 'NtOpenMutant');
4910.         @_NtOpenObjectAuditAlarm := GetProcAddress(NtDllHandle,
4911.           'NtOpenObjectAuditAlarm');
4912.         @_NtOpenProcess := GetProcAddress(NtDllHandle, 'NtOpenProcess');
4913.         @_NtOpenProcessToken := GetProcAddress(NtDllHandle,
4914.           'NtOpenProcessToken');
4915.         @_NtOpenReserve := GetProcAddress(NtDllHandle, 'NtOpenReserve');
4916.         @_NtOpenSection := GetProcAddress(NtDllHandle, 'NtOpenSection');
4917.         @_NtOpenSemaphore := GetProcAddress(NtDllHandle, 'NtOpenSemaphore');
4918.         @_NtOpenSymbolicLinkObject := GetProcAddress(NtDllHandle,
4919.           'NtOpenSymbolicLinkObject');
4920.         @_NtOpenThread := GetProcAddress(NtDllHandle, 'NtOpenThread');
4921.         @_NtOpenThreadToken := GetProcAddress(NtDllHandle, 'NtOpenThreadToken');
4922.         @_NtOpenTimer := GetProcAddress(NtDllHandle, 'NtOpenTimer');
4923.         @_NtPowerInformation := GetProcAddress(NtDllHandle,
4924.           'NtPowerInformation');
4925.         @_NtPrivilegeCheck := GetProcAddress(NtDllHandle, 'NtPrivilegeCheck');
4926.         @_NtPrivilegedServiceAuditAlarm := GetProcAddress(NtDllHandle,
4927.           'NtPrivilegedServiceAuditAlarm');
4928.         @_NtPrivilegeObjectAuditAlarm := GetProcAddress(NtDllHandle,
4929.           'NtPrivilegeObjectAuditAlarm');
4930.         @_NtProtectVirtualMemory := GetProcAddress(NtDllHandle,
4931.           'NtProtectVirtualMemory');
4932.         @_NtPulseEvent := GetProcAddress(NtDllHandle, 'NtPulseEvent');
4933.         @_NtQueryAttributesFile := GetProcAddress(NtDllHandle,
4934.           'NtQueryAttributesFile');
4935.         @_NtQueryDefaultLocale := GetProcAddress(NtDllHandle,
4936.           'NtQueryDefaultLocale');
4937.         @_NtQueryDefaultUILanguage := GetProcAddress(NtDllHandle,
4938.           'NtQueryDefaultUILanguage');
4939.         @_NtQueryDirectoryFile := GetProcAddress(NtDllHandle,
4940.           'NtQueryDirectoryFile');
4941.         @_NtQueryDirectoryObject := GetProcAddress(NtDllHandle,
4942.           'NtQueryDirectoryObject');
4943.         @_NtQueryEaFile := GetProcAddress(NtDllHandle, 'NtQueryEaFile');
4944.         @_NtQueryEvent := GetProcAddress(NtDllHandle, 'NtQueryEvent');
4945.         @_NtQueryFullAttributesFile := GetProcAddress(NtDllHandle,
4946.           'NtQueryFullAttributesFile');
4947.         @_NtQueryInformationAtom := GetProcAddress(NtDllHandle,
4948.           'NtQueryInformationAtom');
4949.         @_NtQueryInformationJobObject := GetProcAddress(NtDllHandle,
4950.           'NtQueryInformationJobObject');
4951.         @_NtQueryInformationFile := GetProcAddress(NtDllHandle,
4952.           'NtQueryInformationFile');
4953.         @_NtQueryInformationPort := GetProcAddress(NtDllHandle,
4954.           'NtQueryInformationPort');
4955.         @_NtQueryInformationProcess := GetProcAddress(NtDllHandle,
4956.           'NtQueryInformationProcess');
4957.         @_NtQueryInformationReserve := GetProcAddress(NtDllHandle,
4958.           'NtQueryInformationReserve');
4959.         @_NtQueryInformationThread := GetProcAddress(NtDllHandle,
4960.           'NtQueryInformationThread');
4961.         @_NtQueryInformationToken := GetProcAddress(NtDllHandle,
4962.           'NtQueryInformationToken');
4963.         @_NtQueryInstallUILanguage := GetProcAddress(NtDllHandle,
4964.           'NtQueryInstallUILanguage');
4965.         @_NtQueryKey := GetProcAddress(NtDllHandle, 'NtQueryKey');
4966.         @_NtQueryObject := GetProcAddress(NtDllHandle, 'NtQueryObject');
4967.         @_NtQueryPerformanceCounter := GetProcAddress(NtDllHandle,
4968.           'NtQueryPerformanceCounter');
4969.         @_NtQuerySection := GetProcAddress(NtDllHandle, 'NtQuerySection');
4970.         @_NtQuerySecurityObject := GetProcAddress(NtDllHandle,
4971.           'NtQuerySecurityObject');
4972.         @_NtQuerySymbolicLinkObject := GetProcAddress(NtDllHandle,
4973.           'NtQuerySymbolicLinkObject');
4974.         @_NtQuerySystemInformation := GetProcAddress(NtDllHandle,
4975.           'NtQuerySystemInformation');
4976.         @_NtQuerySystemTime := GetProcAddress(NtDllHandle, 'NtQuerySystemTime');
4977.         @_NtQueryValueKey := GetProcAddress(NtDllHandle, 'NtQueryValueKey');
4978.         @_NtQueryVirtualMemory := GetProcAddress(NtDllHandle,
4979.           'NtQueryVirtualMemory');
4980.         @_NtQueryVolumeInformationFile := GetProcAddress(NtDllHandle,
4981.           'NtQueryVolumeInformationFile');
4982.         @_NtQueueApcThread := GetProcAddress(NtDllHandle, 'NtQueueApcThread');
4983.         @_NtRaiseHardError := GetProcAddress(NtDllHandle, 'NtRaiseHardError');
4984.         @_NtReadFile := GetProcAddress(NtDllHandle, 'NtReadFile');
4985.         @_NtReadFileScatter := GetProcAddress(NtDllHandle, 'NtReadFileScatter');
4986.         @_NtReadVirtualMemory := GetProcAddress(NtDllHandle,
4987.           'NtReadVirtualMemory');
4988.         @_NtRegisterThreadTerminatePort := GetProcAddress(NtDllHandle,
4989.           'NtRegisterThreadTerminatePort');
4990.         @_NtReleaseMutant := GetProcAddress(NtDllHandle, 'NtReleaseMutant');
4991.         @_NtReleaseSemaphore := GetProcAddress(NtDllHandle,
4992.           'NtReleaseSemaphore');
4993.         @_NtRelinquishBudget := GetProcAddress(NtDllHandle,
4994.           'NtRelinquishBudget');
4995.         @_NtRemoveIoCompletion := GetProcAddress(NtDllHandle,
4996.           'NtRemoveIoCompletion');
4997.         @_NtRemoveProcessDebug := GetProcAddress(NtDllHandle,
4998.           'NtRemoveProcessDebug');
4999.         @_NtReplaceKey := GetProcAddress(NtDllHandle, 'NtReplaceKey');
5000.         @_NtReplyPort := GetProcAddress(NtDllHandle, 'NtReplyPort');
5001.         @_NtReplyWaitReceivePort := GetProcAddress(NtDllHandle,
5002.           'NtReplyWaitReceivePort');
5003.         @_NtReplyWaitReplyPort := GetProcAddress(NtDllHandle,
5004.           'NtReplyWaitReplyPort');
5005.         @_NtRequestDeviceWakeup := GetProcAddress(NtDllHandle,
5006.           'NtRequestDeviceWakeup');
5007.         @_NtRequestPort := GetProcAddress(NtDllHandle, 'NtRequestPort');
5008.         @_NtRequestWaitReplyPort := GetProcAddress(NtDllHandle,
5009.           'NtRequestWaitReplyPort');
5010.         @_NtRequestWakeupLatency := GetProcAddress(NtDllHandle,
5011.           'NtRequestWakeupLatency');
5012.         @_NtResetEvent := GetProcAddress(NtDllHandle, 'NtResetEvent');
5013.         @_NtResetWriteWatch := GetProcAddress(NtDllHandle, 'NtResetWriteWatch');
5014.         @_NtRestoreKey := GetProcAddress(NtDllHandle, 'NtRestoreKey');
5015.         @_NtResumeThread := GetProcAddress(NtDllHandle, 'NtResumeThread');
5016.         @_NtRollbackTransaction := GetProcAddress(NtDllHandle,
5017.           'NtRollbackTransaction');
5018.         @_NtSaveKey := GetProcAddress(NtDllHandle, 'NtSaveKey');
5019.         @_NtSecureConnectPort := GetProcAddress(NtDllHandle,
5020.           'NtSecureConnectPort');
5021.         @_NtSetContextThread := GetProcAddress(NtDllHandle,
5022.           'NtSetContextThread');
5023.         @_NtSetDefaultHardErrorPort := GetProcAddress(NtDllHandle,
5024.           'NtSetDefaultHardErrorPort');
5025.         @_NtSetEaFile := GetProcAddress(NtDllHandle, 'NtSetEaFile');
5026.         @_NtSetEvent := GetProcAddress(NtDllHandle, 'NtSetEvent');
5027.         @_NtSetInformationDebugObject := GetProcAddress(NtDllHandle,
5028.           'NtSetInformationDebugObject');
5029.         @_NtSetInformationFile := GetProcAddress(NtDllHandle,
5030.           'NtSetInformationFile');
5031.         @_NtSetInformationJobObject := GetProcAddress(NtDllHandle,
5032.           'NtSetInformationJobObject');
5033.         @_NtSetInformationObject := GetProcAddress(NtDllHandle,
5034.           'NtSetInformationObject');
5035.         @_NtSetInformationProcess := GetProcAddress(NtDllHandle,
5036.           'NtSetInformationProcess');
5037.         @_NtSetInformationReserve := GetProcAddress(NtDllHandle,
5038.           'NtSetInformationReserve');
5039.         @_NtSetInformationThread := GetProcAddress(NtDllHandle,
5040.           'NtSetInformationThread');
5041.         @_NtSetInformationToken := GetProcAddress(NtDllHandle,
5042.           'NtSetInformationToken');
5043.         @_NtSetIoCompletion := GetProcAddress(NtDllHandle, 'NtSetIoCompletion');
5044.         @_NtSetSecurityObject := GetProcAddress(NtDllHandle,
5045.           'NtSetSecurityObject');
5046.         @_NtSetSystemInformation := GetProcAddress(NtDllHandle,
5047.           'NtSetSystemInformation');
5048.         @_NtSetSystemTime := GetProcAddress(NtDllHandle, 'NtSetSystemTime');
5049.         @_NtSetThreadExecutionState := GetProcAddress(NtDllHandle,
5050.           'NtSetThreadExecutionState');
5051.         @_NtSetTimer := GetProcAddress(NtDllHandle, 'NtSetTimer');
5052.         @_NtSetValueKey := GetProcAddress(NtDllHandle, 'NtSetValueKey');
5053.         @_NtSetVolumeInformationFile := GetProcAddress(NtDllHandle,
5054.           'NtSetVolumeInformationFile');
5055.         @_NtSignalAndWaitForSingleObject := GetProcAddress(NtDllHandle,
5056.           'NtSignalAndWaitForSingleObject');
5057.         @_NtSuspendThread := GetProcAddress(NtDllHandle, 'NtSuspendThread');
5058.         @_NtTerminateJobObject := GetProcAddress(NtDllHandle,
5059.           'NtTerminateJobObject');
5060.         @_NtTerminateProcess := GetProcAddress(NtDllHandle,
5061.           'NtTerminateProcess');
5062.         @_NtTerminateThread := GetProcAddress(NtDllHandle, 'NtTerminateThread');
5063.         @_NtTestAlert := GetProcAddress(NtDllHandle, 'NtTestAlert');
5064.         @_NtUnloadDriver := GetProcAddress(NtDllHandle, 'NtUnloadDriver');
5065.         @_NtUnloadKey := GetProcAddress(NtDllHandle, 'NtUnloadKey');
5066.         @_NtUnlockFile := GetProcAddress(NtDllHandle, 'NtUnlockFile');
5067.         @_NtUnlockVirtualMemory := GetProcAddress(NtDllHandle,
5068.           'NtUnlockVirtualMemory');
5069.         @_NtUnmapViewOfSection := GetProcAddress(NtDllHandle,
5070.           'NtUnmapViewOfSection');
5071.         @_NtVdmControl := GetProcAddress(NtDllHandle, 'NtVdmControl');
5072.         @_NtWaitForMultipleObjects := GetProcAddress(NtDllHandle,
5073.           'NtWaitForMultipleObjects');
5074.         @_NtWaitForSingleObject := GetProcAddress(NtDllHandle,
5075.           'NtWaitForSingleObject');
5076.         @_NtWriteFile := GetProcAddress(NtDllHandle, 'NtWriteFile');
5077.         @_NtWriteFileGather := GetProcAddress(NtDllHandle, 'NtWriteFileGather');
5078.         @_NtWriteVirtualMemory := GetProcAddress(NtDllHandle,
5079.           'NtWriteVirtualMemory');
5080.         @_NtYieldExecution := GetProcAddress(NtDllHandle, 'NtYieldExecution');
5081.  
5082.         @_RtlActivateActivationContext := GetProcAddress(NtDllHandle,
5083.           'RtlActivateActivationContext');
5084.         @_RtlActivateActivationContextEx := GetProcAddress(NtDllHandle,
5085.           'RtlActivateActivationContextEx');
5086.         @_RtlAddAccessAllowedAce := GetProcAddress(NtDllHandle,
5087.           'RtlAddAccessAllowedAce');
5088.         @_RtlAddRefActivationContext := GetProcAddress(NtDllHandle,
5089.           'RtlAddRefActivationContext');
5090.         @_RtlAdjustPrivilege := GetProcAddress(NtDllHandle,
5091.           'RtlAdjustPrivilege');
5092.         @_RtlAllocateAndInitializeSid := GetProcAddress(NtDllHandle,
5093.           'RtlAllocateAndInitializeSid');
5094.         @_RtlAllocateHandle := GetProcAddress(NtDllHandle,
5095.           'RtlAllocateHandle');
5096.         @_RtlAllocateHeap:= GetProcAddress(NtDllHandle, 'RtlAllocateHeap');
5097.         @_RtlAnsiCharToUnicodeChar := GetProcAddress(NtDllHandle,
5098.           'RtlAnsiCharToUnicodeChar');
5099.         @_RtlAnsiStringToUnicodeSize := GetProcAddress(NtDllHandle,
5100.           'RtlAnsiStringToUnicodeSize');
5101.         @_RtlAnsiStringToUnicodeString := GetProcAddress(NtDllHandle,
5102.           'RtlAnsiStringToUnicodeString');
5103.         @_RtlAppendUnicodeStringToString := GetProcAddress(NtDllHandle,
5104.           'RtlAppendUnicodeStringToString');
5105.         @_RtlAppendUnicodeToString:= GetProcAddress(NtDllHandle,
5106.           'RtlAppendUnicodeToString');
5107.         @_RtlApplicationVerifierStop := GetProcAddress(NtDllHandle,
5108.           'RtlApplicationVerifierStop');
5109.         @_RtlAreBitsSet := GetProcAddress(NtDllHandle, 'RtlAreBitsSet');
5110.         @_RtlCharToInteger := GetProcAddress(NtDllHandle, 'RtlCharToInteger');
5111.         @_RtlCheckRegistryKey := GetProcAddress(NtDllHandle,
5112.           'RtlCheckRegistryKey');
5113.         @_RtlClearBits := GetProcAddress(NtDllHandle, 'RtlClearBits');
5114.         @_RtlCompactHeap := GetProcAddress(NtDllHandle, 'RtlCompactHeap');
5115.         @_RtlCompareMemory := GetProcAddress(NtDllHandle, 'RtlCompareMemory');
5116.         @_RtlCompareString := GetProcAddress(NtDllHandle, 'RtlCompareString');
5117.         @_RtlCompareUnicodeString := GetProcAddress(NtDllHandle,
5118.           'RtlCompareUnicodeString');
5119.         @_RtlConvertSidToUnicodeString := GetProcAddress(NtDllHandle,
5120.           'RtlConvertSidToUnicodeString');
5121.         @_RtlCopyLuid:= GetProcAddress(NtDllHandle, 'RtlCopyLuid');
5122.         @_RtlCopyString := GetProcAddress(NtDllHandle, 'RtlCopyString');
5123.         @_RtlCopyUnicodeString := GetProcAddress(NtDllHandle,
5124.           'RtlCopyUnicodeString');
5125.         @_RtlCreateAcl := GetProcAddress(NtDllHandle, 'RtlCreateAcl');
5126.         @_RtlCreateAtomTable := GetProcAddress(NtDllHandle,
5127.           'RtlCreateAtomTable');
5128.         @_RtlCreateEnvironment := GetProcAddress(NtDllHandle,
5129.           'RtlCreateEnvironment');
5130.         @_RtlCreateHeap := GetProcAddress(NtDllHandle, 'RtlCreateHeap');
5131.         @_RtlCreateProcessParameters := GetProcAddress(NtDllHandle,
5132.           'RtlCreateProcessParameters');
5133.         @_RtlCreateQueryDebugBuffer := GetProcAddress(NtDllHandle,
5134.           'RtlCreateQueryDebugBuffer');
5135.         @_RtlCreateSecurityDescriptor := GetProcAddress(NtDllHandle,
5136.           'RtlCreateSecurityDescriptor');
5137.         @_RtlCreateTagHeap:= GetProcAddress(NtDllHandle, 'RtlCreateTagHeap');
5138.         @_RtlCreateTimer := GetProcAddress(NtDllHandle, 'RtlCreateTimer');
5139.         @_RtlCreateTimerQueue := GetProcAddress(NtDllHandle,
5140.           'RtlCreateTimerQueue');
5141.         @_RtlCreateUnicodeString := GetProcAddress(NtDllHandle,
5142.           'RtlCreateUnicodeString');
5143.         @_RtlCreateUnicodeStringFromAsciiz := GetProcAddress(NtDllHandle,
5144.           'RtlCreateUnicodeStringFromAsciiz');
5145.         @_RtlCustomCPToUnicodeN := GetProcAddress(NtDllHandle,
5146.           'RtlCustomCPToUnicodeN');
5147.         @_RtlCutoverTimeToSystemTime := GetProcAddress(NtDllHandle,
5148.           'RtlCutoverTimeToSystemTime');
5149.         @_RtlAcquirePebLock:= GetProcAddress(NtDllHandle, 'RtlAcquirePebLock');
5150.         @_RtlDefaultNpAcl := GetProcAddress(NtDllHandle, 'RtlDefaultNpAcl');
5151.         @_RtlDeleteAtomFromAtomTable := GetProcAddress(NtDllHandle,
5152.           'RtlDeleteAtomFromAtomTable');
5153.         @_RtlDeleteCriticalSection := GetProcAddress(NtDllHandle,
5154.           'RtlDeleteCriticalSection');
5155.         @_RtlDeleteTimer := GetProcAddress(NtDllHandle, 'RtlDeleteTimer');
5156.         @_RtlDeleteTimerQueue := GetProcAddress(NtDllHandle,
5157.           'RtlDeleteTimerQueue');
5158.         @_RtlDeleteTimerQueueEx := GetProcAddress(NtDllHandle,
5159.           'RtlDeleteTimerQueueEx');
5160.         @_RtlDeregisterWait := GetProcAddress(NtDllHandle, 'RtlDeregisterWait');
5161.         @_RtlDeregisterWaitEx := GetProcAddress(NtDllHandle,
5162.           'RtlDeregisterWaitEx');
5163.         @_RtlDestroyEnvironment := GetProcAddress(NtDllHandle,
5164.           'RtlDestroyEnvironment');
5165.         @_RtlDestroyHeap := GetProcAddress(NtDllHandle, 'RtlDestroyHeap');
5166.         @_RtlDestroyProcessParameters := GetProcAddress(NtDllHandle,
5167.           'RtlDestroyProcessParameters');
5168.         @_RtlDestroyQueryDebugBuffer := GetProcAddress(NtDllHandle,
5169.           'RtlDestroyQueryDebugBuffer');
5170.         @_RtlDetermineDosPathNameType_U := GetProcAddress(NtDllHandle,
5171.           'RtlDetermineDosPathNameType_U');
5172.         @_RtlDllShutdownInProgress := GetProcAddress(NtDllHandle,
5173.           'RtlDllShutdownInProgress');
5174.         @_RtlDnsHostNameToComputerName := GetProcAddress(NtDllHandle,
5175.           'RtlDnsHostNameToComputerName');
5176.         @_RtlDoesFileExists_U := GetProcAddress(NtDllHandle,
5177.           'RtlDoesFileExists_U');
5178.         @_RtlDosPathNameToNtPathName_U:= GetProcAddress(NtDllHandle,
5179.           'RtlDosPathNameToNtPathName_U');
5180.         @_RtlDosSearchPath_U := GetProcAddress(NtDllHandle,
5181.           'RtlDosSearchPath_U');
5182.         @_RtlEnterCriticalSection := GetProcAddress(NtDllHandle,
5183.           'RtlEnterCriticalSection');
5184.         @_RtlEqualSid := GetProcAddress(NtDllHandle, 'RtlEqualSid');
5185.         @_RtlEqualString:= GetProcAddress(NtDllHandle, 'RtlEqualString');
5186.         @_RtlEqualUnicodeString:= GetProcAddress(NtDllHandle,
5187.           'RtlEqualUnicodeString');
5188.         @_RtlExpandEnvironmentStrings_U := GetProcAddress(NtDllHandle,
5189.           'RtlExpandEnvironmentStrings_U');
5190.         @_RtlExtendedLargeIntegerDivide := GetProcAddress(NtDllHandle,
5191.           'RtlExtendedLargeIntegerDivide');
5192.         @_RtlExtendHeap := GetProcAddress(NtDllHandle, 'RtlExtendHeap');
5193.         @_RtlFindClearBitsAndSet := GetProcAddress(NtDllHandle,
5194.           'RtlFindClearBitsAndSet');
5195.         @_RtlFindMessage := GetProcAddress(NtDllHandle, 'RtlFindMessage');
5196.         @_RtlFlushSecureMemoryCache := GetProcAddress(NtDllHandle,
5197.           'RtlFlushSecureMemoryCache');
5198.         @_RtlFormatCurrentUserKeyPath := GetProcAddress(NtDllHandle,
5199.           'RtlFormatCurrentUserKeyPath');
5200.         @_RtlFormatMessage := GetProcAddress(NtDllHandle,
5201.           'RtlFormatMessage');
5202.         @_RtlFreeThreadActivationContextStack := GetProcAddress(NtDllHandle,
5203.           'RtlFreeThreadActivationContextStack');
5204.         @_RtlFreeAnsiString:= GetProcAddress(NtDllHandle, 'RtlFreeAnsiString');
5205.         @_RtlFreeHandle := GetProcAddress(NtDllHandle, 'RtlFreeHandle');
5206.         @_RtlFreeHeap:= GetProcAddress(NtDllHandle, 'RtlFreeHeap');
5207.         @_RtlFreeOemString := GetProcAddress(NtDllHandle, 'RtlFreeOemString');
5208.         @_RtlFreeSid := GetProcAddress(NtDllHandle, 'RtlFreeSid');
5209.         @_RtlFreeUnicodeString:= GetProcAddress(NtDllHandle,
5210.           'RtlFreeUnicodeString');
5211.         @_RtlGetAce := GetProcAddress(NtDllHandle, 'RtlGetAce');
5212.         @_RtlGetActiveActivationContext := GetProcAddress(NtDllHandle,
5213.           'RtlGetActiveActivationContext');
5214.         @_RtlGetCurrentDirectory_U := GetProcAddress(NtDllHandle,
5215.           'RtlGetCurrentDirectory_U');
5216.         @_RtlGetDaclSecurityDescriptor := GetProcAddress(NtDllHandle,
5217.           'RtlGetDaclSecurityDescriptor');
5218.         @_RtlGetFrame := GetProcAddress(NtDllHandle, 'RtlGetFrame');
5219.         @_RtlGetFullPathName_U := GetProcAddress(NtDllHandle,
5220.           'RtlGetFullPathName_U');
5221.         @_RtlGetLastNtStatus:= GetProcAddress(NtDllHandle,
5222.           'RtlGetLastNtStatus');
5223.         @_RtlGetLastWin32Error:= GetProcAddress(NtDllHandle,
5224.           'RtlGetLastWin32Error');
5225.         @_RtlGetLongestNtPathLength:= GetProcAddress(NtDllHandle,
5226.           'RtlGetLongestNtPathLength');
5227.         @_RtlGetNtGlobalFlags := GetProcAddress(NtDllHandle,
5228.           'RtlGetNtGlobalFlags');
5229.         @_RtlGetProcessHeaps := GetProcAddress(NtDllHandle,
5230.           'RtlGetProcessHeaps');
5231.         @_RtlGetThreadErrorMode:= GetProcAddress(NtDllHandle,
5232.           'RtlGetThreadErrorMode');
5233.         @_RtlGetUserInfoHeap := GetProcAddress(NtDllHandle,
5234.           'RtlGetUserInfoHeap');
5235.         @_RtlGetVersion := GetProcAddress(NtDllHandle, 'RtlGetVersion');
5236.         @_RtlGUIDFromString := GetProcAddress(NtDllHandle, 'RtlGUIDFromString');
5237.         @_RtlImageDirectoryEntryToData := GetProcAddress(NtDllHandle,
5238.           'RtlImageDirectoryEntryToData');
5239.         @_RtlImageNtHeader := GetProcAddress(NtDllHandle, 'RtlImageNtHeader');
5240.         @_RtlImageNtHeaderEx:= GetProcAddress(NtDllHandle,
5241.           'RtlImageNtHeaderEx');
5242.         @_RtlImpersonateSelf := GetProcAddress(NtDllHandle,
5243.           'RtlImpersonateSelf');
5244.         @_RtlInitAnsiString:= GetProcAddress(NtDllHandle, 'RtlInitAnsiString');
5245.         @_RtlInitializeCriticalSection := GetProcAddress(NtDllHandle,
5246.           'RtlInitializeCriticalSection');
5247.         @_RtlInitializeCriticalSectionAndSpinCount := GetProcAddress(
5248.           NtDllHandle, 'RtlInitializeCriticalSectionAndSpinCount');
5249.         @_RtlInitializeHandleTable := GetProcAddress(NtDllHandle,
5250.           'RtlInitializeHandleTable');
5251.         @_RtlInitializeSid := GetProcAddress(NtDllHandle, 'RtlInitializeSid');
5252.         @_RtlInitString:= GetProcAddress(NtDllHandle, 'RtlInitString');
5253.         @_RtlInitUnicodeString := GetProcAddress(NtDllHandle,
5254.           'RtlInitUnicodeString');
5255.         @_RtlIntegerToChar := GetProcAddress(NtDllHandle, 'RtlIntegerToChar');
5256.         @_RtlIntegerToUnicodeString := GetProcAddress(NtDllHandle,
5257.           'RtlIntegerToUnicodeString');
5258.         @_RtlIsActivationContextActive := GetProcAddress(NtDllHandle,
5259.           'RtlIsActivationContextActive');
5260.         @_RtlIsDosDeviceName_U := GetProcAddress(NtDllHandle,
5261.           'RtlIsDosDeviceName_U');
5262.         @_RtlIsNameLegalDOS8Dot3 := GetProcAddress(NtDllHandle,
5263.           'RtlIsNameLegalDOS8Dot3');
5264.         @_RtlIsTextUnicode := GetProcAddress(NtDllHandle, 'RtlIsTextUnicode');
5265.         @_RtlIsValidHandle := GetProcAddress(NtDllHandle, 'RtlIsValidHandle');
5266.         @_RtlLeaveCriticalSection := GetProcAddress(NtDllHandle,
5267.           'RtlLeaveCriticalSection');
5268.         @_RtlLengthRequiredSid := GetProcAddress(NtDllHandle,
5269.           'RtlLengthRequiredSid');
5270.         @_RtlLengthSecurityDescriptor := GetProcAddress(NtDllHandle,
5271.           'RtlLengthSecurityDescriptor');
5272.         @_RtlLengthSid := GetProcAddress(NtDllHandle, 'RtlLengthSid');
5273.         @_RtlLockHeap := GetProcAddress(NtDllHandle, 'RtlLockHeap');
5274.         @_RtlMultiByteToUnicodeN := GetProcAddress(NtDllHandle,
5275.           'RtlMultiByteToUnicodeN');
5276.         @_RtlMultiByteToUnicodeSize := GetProcAddress(NtDllHandle,
5277.           'RtlMultiByteToUnicodeSize');
5278.         @_RtlNtStatusToDosError := GetProcAddress(NtDllHandle,
5279.           'RtlNtStatusToDosError');
5280.         @_RtlNtStatusToDosErrorNoTeb := GetProcAddress(NtDllHandle,
5281.           'RtlNtStatusToDosErrorNoTeb');
5282.         @_RtlOemStringToUnicodeString := GetProcAddress(NtDllHandle,
5283.           'RtlOemStringToUnicodeString');
5284.         @_RtlOemToUnicodeN := GetProcAddress(NtDllHandle, 'RtlOemToUnicodeN');
5285.         @_RtlOpenCurrentUser := GetProcAddress(NtDllHandle,
5286.           'RtlOpenCurrentUser');
5287.         @_RtlPcToFileHeader := GetProcAddress(NtDllHandle, 'RtlPcToFileHeader');
5288.         @_RtlPrefixString := GetProcAddress(NtDllHandle, 'RtlPrefixString');
5289.         @_RtlPrefixUnicodeString := GetProcAddress(NtDllHandle,
5290.           'RtlPrefixUnicodeString');
5291.         @_RtlpUnWaitCriticalSection := GetProcAddress(NtDllHandle,
5292.           'RtlpUnWaitCriticalSection');
5293.         @_RtlpWaitForCriticalSection := GetProcAddress(NtDllHandle,
5294.           'RtlpWaitForCriticalSection');
5295.         @_RtlQueryAtomInAtomTable := GetProcAddress(NtDllHandle,
5296.           'RtlQueryAtomInAtomTable');
5297.         @_RtlQueryEnvironmentVariable_U:= GetProcAddress(NtDllHandle,
5298.           'RtlQueryEnvironmentVariable_U');
5299.         @_RtlQueryHeapInformation := GetProcAddress(NtDllHandle,
5300.           'RtlQueryHeapInformation');
5301.         @_RtlQueryInformationAcl := GetProcAddress(NtDllHandle,
5302.           'RtlQueryInformationAcl');
5303.         @_RtlQueryInformationActivationContext := GetProcAddress(NtDllHandle,
5304.           'RtlQueryInformationActivationContext');
5305.         @_RtlQueryInformationActiveActivationContext := GetProcAddress(
5306.           NtDllHandle, 'RtlQueryInformationActiveActivationContext');
5307.         @_RtlQueryProcessDebugInformation := GetProcAddress(NtDllHandle,
5308.           'RtlQueryProcessDebugInformation');
5309.         @_RtlQueryRegistryValues := GetProcAddress(NtDllHandle,
5310.           'RtlQueryRegistryValues');
5311.         @_RtlQueryTagHeap := GetProcAddress(NtDllHandle, 'RtlQueryTagHeap');
5312.         @_RtlQueueWorkItem := GetProcAddress(NtDllHandle, 'RtlQueueWorkItem');
5313.         @_RtlRaiseException := GetProcAddress(NtDllHandle, 'RtlRaiseException');
5314.         @_RtlRaiseStatus := GetProcAddress(NtDllHandle, 'RtlRaiseStatus');
5315.         @_RtlReAllocateHeap := GetProcAddress(NtDllHandle, 'RtlReAllocateHeap');
5316.         @_RtlRegisterWait := GetProcAddress(NtDllHandle, 'RtlRegisterWait');
5317.         @_RtlReleaseActivationContext := GetProcAddress(NtDllHandle,
5318.           'RtlReleaseActivationContext');
5319.         @_RtlReleasePebLock:= GetProcAddress(NtDllHandle, 'RtlReleasePebLock');
5320.         @_RtlRestoreLastWin32Error:= GetProcAddress(NtDllHandle,
5321.           'RtlRestoreLastWin32Error');
5322.         @_RtlRunDecodeUnicodeString := GetProcAddress(NtDllHandle,
5323.           'RtlRunDecodeUnicodeString');
5324.         @_RtlRunEncodeUnicodeString := GetProcAddress(NtDllHandle,
5325.           'RtlRunEncodeUnicodeString');
5326.         @_RtlSetCurrentDirectory_U := GetProcAddress(NtDllHandle,
5327.           'RtlSetCurrentDirectory_U');
5328.         @_RtlSetDaclSecurityDescriptor := GetProcAddress(NtDllHandle,
5329.           'RtlSetDaclSecurityDescriptor');
5330.         @_RtlSetEnvironmentVariable := GetProcAddress(NtDllHandle,
5331.           'RtlSetEnvironmentVariable');
5332.         @_RtlSetHeapInformation := GetProcAddress(NtDllHandle,
5333.           'RtlSetHeapInformation');
5334.         @_RtlSetIoCompletionCallback := GetProcAddress(NtDllHandle,
5335.           'RtlSetIoCompletionCallback');
5336.         @_RtlSetTimeZoneInformation := GetProcAddress(NtDllHandle,
5337.           'RtlSetTimeZoneInformation');
5338.         @_RtlSetThreadErrorMode:= GetProcAddress(NtDllHandle,
5339.           'RtlSetThreadErrorMode');
5340.         @_RtlSetThreadPoolStartFunc := GetProcAddress(NtDllHandle,
5341.           'RtlSetThreadPoolStartFunc');
5342.         @_RtlSetUnicodeCallouts := GetProcAddress(NtDllHandle,
5343.           'RtlSetUnicodeCallouts');
5344.         @_RtlSetUserValueHeap := GetProcAddress(NtDllHandle,
5345.           'RtlSetUserValueHeap');
5346.         @_RtlSizeHeap := GetProcAddress(NtDllHandle, 'RtlSizeHeap');
5347.         @_RtlStringFromGUID := GetProcAddress(NtDllHandle, 'RtlStringFromGUID');
5348.         @_RtlSubAuthoritySid := GetProcAddress(NtDllHandle,
5349.           'RtlSubAuthoritySid');
5350.         @_RtlTimeFieldsToTime := GetProcAddress(NtDllHandle,
5351.           'RtlTimeFieldsToTime');
5352.         @_RtlTimeToTimeFields := GetProcAddress(NtDllHandle,
5353.           'RtlTimeToTimeFields');
5354.         @_RtlTryEnterCriticalSection:= GetProcAddress(NtDllHandle,
5355.           'RtlTryEnterCriticalSection');
5356.         @_RtlUnicodeStringToAnsiString := GetProcAddress(NtDllHandle,
5357.           'RtlUnicodeStringToAnsiString');
5358.         @_RtlUnicodeStringToInteger := GetProcAddress(NtDllHandle,
5359.           'RtlUnicodeStringToInteger');
5360.         @_RtlUnicodeStringToOemString := GetProcAddress(NtDllHandle,
5361.           'RtlUnicodeStringToOemString');
5362.         @_RtlUnicodeToMultiByteN := GetProcAddress(NtDllHandle,
5363.           'RtlUnicodeToMultiByteN');
5364.         @_RtlUnicodeToMultiByteSize := GetProcAddress(NtDllHandle,
5365.           'RtlUnicodeToMultiByteSize');
5366.         @_RtlUnicodeToOemN := GetProcAddress(NtDllHandle, 'RtlUnicodeToOemN');
5367.         @_RtlUnlockHeap := GetProcAddress(NtDllHandle, 'RtlUnlockHeap');
5368.         @_RtlUnwind := GetProcAddress(NtDllHandle, 'RtlUnwind');
5369.         @_RtlUpcaseUnicodeChar := GetProcAddress(NtDllHandle,
5370.           'RtlUpcaseUnicodeChar');
5371.         @_RtlUpcaseUnicodeString := GetProcAddress(NtDllHandle,
5372.           'RtlUpcaseUnicodeString');
5373.         @_RtlUpdateTimer := GetProcAddress(NtDllHandle, 'RtlUpdateTimer');
5374.         @_RtlUpperChar := GetProcAddress(NtDllHandle, 'RtlUpperChar');
5375.         @_RtlUpperString := GetProcAddress(NtDllHandle, 'RtlUpperString');
5376.         @_RtlUsageHeap := GetProcAddress(NtDllHandle, 'RtlUsageHeap');
5377.         @_RtlValidAcl := GetProcAddress(NtDllHandle, 'RtlValidAcl');
5378.         @_RtlValidateHeap := GetProcAddress(NtDllHandle, 'RtlValidateHeap');
5379.         @_RtlValidRelativeSecurityDescriptor := GetProcAddress(NtDllHandle,
5380.           'RtlValidRelativeSecurityDescriptor');
5381.         @_RtlValidSecurityDescriptor := GetProcAddress(NtDllHandle,
5382.           'RtlValidSecurityDescriptor');
5383.         @_RtlValidSid := GetProcAddress(NtDllHandle, 'RtlValidSid');
5384.         @_RtlVerifyVersionInfo := GetProcAddress(NtDllHandle,
5385.           'RtlVerifyVersionInfo');
5386.         @_RtlWalkHeap := GetProcAddress(NtDllHandle, 'RtlWalkHeap');
5387.         @_RtlxAnsiStringToUnicodeSize := GetProcAddress(NtDllHandle,
5388.           'RtlxAnsiStringToUnicodeSize');
5389.         @_RtlxOemStringToUnicodeSize := GetProcAddress(NtDllHandle,
5390.           'RtlxOemStringToUnicodeSize');
5391.         @_RtlxUnicodeStringToAnsiSize := GetProcAddress(NtDllHandle,
5392.           'RtlxUnicodeStringToAnsiSize');
5393.         @_RtlxUnicodeStringToOemSize := GetProcAddress(NtDllHandle,
5394.           'RtlxUnicodeStringToOemSize');
5395.         @_RtlZombifyActivationContext := GetProcAddress(NtDllHandle,
5396.           'RtlZombifyActivationContext');
5397.         @_wcscat := GetProcAddress(NtDllHandle, 'wcscat');
5398.         @_wcschr:= GetProcAddress(NtDllHandle, 'wcschr');
5399.         @_wcscmp := GetProcAddress(NtDllHandle, 'wcscmp');
5400.         @_wcscpy:= GetProcAddress(NtDllHandle, 'wcscpy');
5401.         @_wcslen := GetProcAddress(NtDllHandle, 'wcslen');
5402.         @_wcsrchr := GetProcAddress(NtDllHandle, 'wcsrchr');
5403.       end;
5404.     end;
5405.   end;
5406.   Result := (NtDllHandle <> 0);
5407. end;
5408.  
5409. function NtNotImplemented : Integer;
5410. begin
5411.   SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
5412.   Result := STATUS_NOT_IMPLEMENTED;
5413. end;
5414.  
5415. function NtNotImplementedBoolean : Boolean;
5416. begin
5417.   SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
5418.   Result := false;
5419. end;
5420.  
5421. function NtNotImplementedPointer : Pointer;
5422. begin
5423.   SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
5424.   Result := nil;
5425. end;
5426.  
5427. function CsrAllocateCaptureBuffer(
5428.   CountMessagePointers, Size: ULONG): PCSR_CAPTURE_HEADER; stdcall;
5429. begin
5430.   if InitNt and Assigned(_CsrAllocateCaptureBuffer) then
5431.     Result := _CsrAllocateCaptureBuffer(CountMessagePointers, Size)
5432.   else
5433.     Result := NtNotImplementedPointer;
5434. end;
5435.  
5436. function CsrAllocateMessagePointer(CaptureBuffer: PCSR_CAPTURE_HEADER;
5437.   Length: ULONG; Pointer: PPVOID): ULONG; stdcall;
5438. begin
5439.   if InitNt and Assigned(_CsrAllocateMessagePointer) then
5440.     Result := _CsrAllocateMessagePointer(CaptureBuffer, Length, Pointer)
5441.   else begin
5442.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
5443.     Result := 0;
5444.   end;
5445. end;
5446.  
5447. procedure CsrCaptureMessageBuffer(CaptureBuffer: PCSR_CAPTURE_HEADER;
5448.   Buffer: PVOID; Length: ULONG; CapturedBuffer: PPVOID); stdcall;
5449. begin
5450.   if InitNt and Assigned(_CsrCaptureMessageBuffer) then
5451.     _CsrCaptureMessageBuffer(CaptureBuffer, Buffer, Length, CapturedBuffer)
5452.   else
5453.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
5454. end;
5455.  
5456. procedure CsrCaptureMessageString(CaptureBuffer: PCSR_CAPTURE_HEADER;
5457.   AString: LPSTR; Length: ULONG; MaximumLength: ULONG;
5458.   CapturedString: PSTRING); stdcall;
5459. begin
5460.   if InitNt and Assigned(_CsrCaptureMessageString) then
5461.     _CsrCaptureMessageString(CaptureBuffer, AString, Length, MaximumLength,
5462.       CapturedString)
5463.   else
5464.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
5465. end;
5466.  
5467. function CsrCaptureMessageMultiUnicodeStringsInPlace (
5468.   pCaptureMessage: PPCSR_CAPTURE_HEADER; NumberOfStrings: ULONG;
5469.   Strings: PPUNICODE_STRING): NTSTATUS; stdcall;
5470. begin
5471.   if InitNt and Assigned(_CsrCaptureMessageMultiUnicodeStringsInPlace) then
5472.     Result := _CsrCaptureMessageMultiUnicodeStringsInPlace(pCaptureMessage,
5473.       NumberOfStrings, Strings)
5474.   else
5475.     Result := NtNotImplemented;
5476. end;
5477.  
5478. function CsrClientCallServer(m: PCSR_API_MESSAGE;
5479.   CaptureBuffer: PCSR_CAPTURE_HEADER; ApiNumber: CSR_API_NUMBER;
5480.   ArgLength: ULONG): NTSTATUS; stdcall;
5481. begin
5482.   if InitNt and Assigned(_CsrClientCallServer) then
5483.     Result := _CsrClientCallServer(m, CaptureBuffer, ApiNumber, ArgLength)
5484.   else
5485.     Result := NtNotImplemented;
5486. end;
5487.  
5488. function CsrClientConnectToServer (ObjectDirectory: PWideChar;
5489.   ServerIndex: Integer; CallbackInfo: Pointer; MessageBuffer: Pointer;
5490.   BufferSize: LPDWORD; ServerProcess: PBYTE): NTSTATUS; stdcall;
5491. begin
5492.   if IsWindowsXPorLater then
5493.     if InitNt and Assigned(_CsrClientConnectToServer) then
5494.       Result := _CsrClientConnectToServer(ObjectDirectory, ServerIndex,
5495.         CallbackInfo, MessageBuffer, BufferSize, ServerProcess)
5496.     else
5497.       Result := NtNotImplemented
5498.   else
5499.     if InitNt and Assigned(_CsrClientConnectToServerXP) then
5500.       Result := _CsrClientConnectToServerXP(ObjectDirectory, ServerIndex,
5501.         MessageBuffer, BufferSize, ServerProcess)
5502.     else
5503.       Result := NtNotImplemented
5504. end;
5505.  
5506. procedure CsrFreeCaptureBuffer(CaptureBuffer: PCSR_CAPTURE_HEADER); stdcall;
5507. begin
5508.   if InitNt and Assigned(_CsrFreeCaptureBuffer) then
5509.     _CsrFreeCaptureBuffer(CaptureBuffer)
5510.   else
5511.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
5512. end;
5513.  
5514. function CsrGetProcessId: DWORD; stdcall;
5515. begin
5516.   if InitNt and Assigned(_CsrGetProcessId) then
5517.     Result := _CsrGetProcessId
5518.   else begin
5519.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
5520.     Result := 0;
5521.   end;
5522. end;
5523.  
5524. function CsrIdentifyAlertableThread: NTSTATUS; stdcall;
5525. begin
5526.   if InitNt and Assigned(_CsrIdentifyAlertableThread) then
5527.     Result := _CsrIdentifyAlertableThread
5528.   else
5529.     Result := NtNotImplemented;
5530. end;
5531.  
5532. procedure CsrNewThread; stdcall;
5533. begin
5534.   if InitNt and Assigned(_CsrNewThread) then
5535.     _CsrNewThread
5536.   else
5537.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
5538. end;
5539.  
5540. { Debugger API }
5541. procedure DbgBreakPoint; stdcall;
5542. begin
5543.   if InitNt and Assigned(_DbgBreakPoint) then
5544.     _DbgBreakPoint
5545.   else
5546.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
5547. end;
5548.  
5549. function DbgUiConnectToDbg: NTSTATUS; stdcall;
5550. begin
5551.   if InitNt and Assigned(_DbgUiConnectToDbg) then
5552.     Result := _DbgUiConnectToDbg
5553.   else
5554.     Result := NtNotImplemented;
5555. end;
5556.  
5557. function DbgUiContinue(AppClientId: PCLIENT_ID;
5558.   ContinueStatus: NTSTATUS): NTSTATUS; stdcall;
5559. begin
5560.   if InitNt and Assigned(_DbgUiContinue) then
5561.     Result := _DbgUiContinue(AppClientId, ContinueStatus)
5562.   else
5563.     Result := NtNotImplemented;
5564. end;
5565.  
5566. function DbgUiConvertStateChangeStructure(StateChange: PDBGUI_WAIT_STATE_CHANGE;
5567.   lpDebugEvent: LPDEBUG_EVENT): NTSTATUS; stdcall;
5568. begin
5569.   if InitNt and Assigned(_DbgUiConvertStateChangeStructure) then
5570.     Result := _DbgUiConvertStateChangeStructure(StateChange, lpDebugEvent)
5571.   else
5572.     Result := NtNotImplemented;
5573. end;
5574.  
5575. function DbgUiDebugActiveProcess(ProcessHandle: THANDLE): NTSTATUS; stdcall;
5576. begin
5577.   if InitNt and Assigned(_DbgUiDebugActiveProcess) then
5578.     Result := _DbgUiDebugActiveProcess(ProcessHandle)
5579.   else
5580.     Result := NtNotImplemented;
5581. end;
5582.  
5583. function DbgUiGetThreadDebugObject: PVOID; stdcall;
5584. begin
5585.   if InitNt and Assigned(_DbgUiGetThreadDebugObject) then
5586.     Result := _DbgUiGetThreadDebugObject
5587.   else
5588.     Result := NtNotImplementedPointer;
5589. end;
5590.  
5591. function DbgUiIssueRemoteBreakin(ProcessHandle: THANDLE): NTSTATUS; stdcall;
5592. begin
5593.   if InitNt and Assigned(_DbgUiIssueRemoteBreakin) then
5594.     Result := _DbgUiIssueRemoteBreakin(ProcessHandle)
5595.   else
5596.     Result := NtNotImplemented;
5597. end;
5598.  
5599. function DbgUiStopDebugging(ProcessHandle: THANDLE): NTSTATUS; stdcall;
5600. begin
5601.   if InitNt and Assigned(_DbgUiStopDebugging) then
5602.     Result := _DbgUiStopDebugging(ProcessHandle)
5603.   else
5604.     Result := NtNotImplemented;
5605. end;
5606.  
5607. function DbgUiWaitStateChange(StateChange: PDBGUI_WAIT_STATE_CHANGE;
5608.   Timeout: PLARGE_INTEGER): NTSTATUS; stdcall;
5609. begin
5610.   if InitNt and Assigned(_DbgUiWaitStateChange) then
5611.     Result := _DbgUiWaitStateChange(StateChange, Timeout)
5612.   else
5613.     Result := NtNotImplemented;
5614. end;
5615.  
5616. { Loader API }
5617. function LdrAccessResource(DllHandle: PVOID;
5618.   ResourceDataEntry: PIMAGE_RESOURCE_DATA_ENTRY; Address: PPVOID;
5619.   Size: PULONG): NTSTATUS; stdcall;
5620. begin
5621.   if InitNt and Assigned(_LdrAccessResource) then
5622.     Result := _LdrAccessResource(DllHandle, ResourceDataEntry, Address, Size)
5623.   else
5624.     Result := NtNotImplemented;
5625. end;
5626.  
5627. function LdrAlternateResourcesEnabled: BOOL; stdcall;
5628. begin
5629.   if InitNt and Assigned(_LdrAlternateResourcesEnabled) then
5630.     Result := _LdrAlternateResourcesEnabled
5631.   else
5632.     Result := NtNotImplementedBoolean;
5633. end;
5634.  
5635. procedure LdrDestroyOutOfProcessImage(AImage: PVOID); stdcall;
5636. begin
5637.   if InitNt and Assigned(_LdrDestroyOutOfProcessImage) then
5638.     _LdrDestroyOutOfProcessImage(AImage)
5639.   else
5640.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
5641. end;
5642.  
5643. procedure LdrDisableThreadCalloutsForDll (hMod: THandle); stdcall;
5644. begin
5645.   if InitNt and Assigned(_LdrDisableThreadCalloutsForDll) then
5646.     _LdrDisableThreadCalloutsForDll(hMod)
5647.   else
5648.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
5649. end;
5650.  
5651. procedure LdrEnumerateLoadedModules(dwReserved: DWORD; Enumerator: Pointer;
5652.   ImageBaseAddress: PVOID); stdcall;
5653. begin
5654.   if InitNt and Assigned(_LdrEnumerateLoadedModules) then
5655.     _LdrEnumerateLoadedModules(dwReserved, Enumerator, ImageBaseAddress)
5656.   else
5657.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
5658. end;
5659.  
5660. function LdrFindResource_U(DllHandle: PVOID; ResourceIdPath: PULONG;
5661.   ResourceIdPathLength: ULONG;
5662.   ResourceDataEntry: PPIMAGE_RESOURCE_DATA_ENTRY): NTSTATUS; stdcall;
5663. begin
5664.   if InitNt and Assigned(_LdrFindResource_U) then
5665.     Result := _LdrFindResource_U(DllHandle, ResourceIdPath,
5666.       ResourceIdPathLength, ResourceDataEntry)
5667.   else
5668.     Result := NtNotImplemented;
5669. end;
5670.  
5671. function LdrFindResourceDirectory_U(DllHandle: PVOID; ResourceIdPath: PULONG;
5672.   ResourceIdPathLength: ULONG;
5673.   ResourceDataEntry: PPIMAGE_RESOURCE_DATA_ENTRY): NTSTATUS; stdcall;
5674. begin
5675.   if InitNt and Assigned(_LdrFindResourceDirectory_U) then
5676.     Result := _LdrFindResourceDirectory_U(DllHandle, ResourceIdPath,
5677.       ResourceIdPathLength, ResourceDataEntry)
5678.   else
5679.     Result := NtNotImplemented;
5680. end;
5681.  
5682. function LdrFlushAlternateResourceModules: BOOL; stdcall;
5683. begin
5684.   if InitNt and Assigned(_LdrFlushAlternateResourceModules) then
5685.     Result := _LdrFlushAlternateResourceModules
5686.   else
5687.     Result := NtNotImplementedBoolean;
5688. end;
5689.  
5690. function LdrGetDllHandle (Path: LPWSTR; DllCharacteristics: PULONG;
5691.   DllName: PUNICODE_STRING; DllHandle: PHandle): NTSTATUS; stdcall;
5692. begin
5693.   if InitNt and Assigned(_LdrGetDllHandle) then
5694.     Result := _LdrGetDllHandle(Path, DllCharacteristics, DllName, DllHandle)
5695.   else
5696.     Result := NtNotImplemented;
5697. end;
5698.  
5699. function LdrGetDllHandleEx(dwFlags: DWORD; DllPath: LPWSTR;
5700.   DllCharacteristics: PULONG; DllName: PUNICODE_STRING;
5701.   DllHandle: PHMODULE): NTSTATUS; stdcall;
5702. begin
5703.   if InitNt and Assigned(_LdrGetDllHandleEx) then
5704.     Result := _LdrGetDllHandleEx(dwFlags, DllPath, DllCharacteristics, DllName,
5705.       DllHandle)
5706.   else
5707.     Result := NtNotImplemented;
5708. end;
5709.  
5710. function LdrGetProcedureAddress(ImageBase: PVOID; ProcName: PANSI_STRING;
5711.   ProcedureOrdinalValue: PULONG; ProcedureAddress: PPvoid): NTSTATUS; stdcall;
5712. begin
5713.   if InitNt and Assigned(_LdrGetProcedureAddress) then
5714.     Result := _LdrGetProcedureAddress(ImageBase, ProcName,
5715.       ProcedureOrdinalValue, ProcedureAddress)
5716.   else
5717.     Result := NtNotImplemented;
5718. end;
5719.  
5720. function LdrLoadAlternateResourceModule (DllHandle: THandle;
5721.   ModuleName: LPWSTR): THandle; stdcall;
5722. begin
5723.   if InitNt and Assigned(_LdrLoadAlternateResourceModule) then
5724.     Result := _LdrLoadAlternateResourceModule (DllHandle, ModuleName)
5725.   else begin
5726.     SetLastError (ERROR_CALL_NOT_IMPLEMENTED);
5727.     Result := 0;
5728.   end;
5729. end;
5730.  
5731. function LdrLoadAlternateResourceModuleEx(uLangID: WORD; Module: HMODULE;
5732.   ModuleName: LPWSTR): PVOID; stdcall;
5733. begin
5734.   if InitNt and Assigned(_LdrLoadAlternateResourceModuleEx) then
5735.     Result := _LdrLoadAlternateResourceModuleEx(uLangID, Module, ModuleName)
5736.   else
5737.     Result := NtNotImplementedPointer;
5738. end;
5739.  
5740. function LdrLoadDll (Path: LPWSTR; DllCharacteristics: PULONG;
5741.   DllName: PUNICODE_STRING; DllHandle: PHandle): NTSTATUS; stdcall;
5742. begin
5743.   if InitNt and Assigned(_LdrLoadDll) then
5744.     Result := _LdrLoadDll(Path, DllCharacteristics, DllName, DllHandle)
5745.   else
5746.     Result := NtNotImplemented;
5747. end;
5748.  
5749. function LdrLockLoaderLock (LockType: Integer;
5750.   var LockStatus, LockId: Integer): NTSTATUS; stdcall;
5751. begin
5752.   if InitNt and Assigned(_LdrLockLoaderLock) then
5753.     Result := _LdrLockLoaderLock(LockType, LockStatus, LockId)
5754.   else
5755.     Result := NtNotImplemented;
5756. end;
5757.  
5758. function LdrQueryImageFileExecutionOptions (SubKey: PUNICODE_STRING;
5759.   ValueName: LPWSTR; ValueSize: ULONG; Buffer: PVOID; BufferSize: ULONG;
5760.   ReturnedLength: PULONG): NTSTATUS; stdcall;
5761. begin
5762.   if InitNt and Assigned(_LdrQueryImageFileExecutionOptions) then
5763.     Result := _LdrQueryImageFileExecutionOptions(SubKey, ValueName, ValueSize,
5764.       Buffer, BufferSize, ReturnedLength)
5765.   else
5766.     Result := NtNotImplemented;
5767. end;
5768.  
5769. procedure LdrSetDllManifestProber(ProberRoutine: Pointer); stdcall;
5770. begin
5771.   if InitNt and Assigned(_LdrSetDllManifestProber) then
5772.     _LdrSetDllManifestProber(ProberRoutine)
5773.   else
5774.     SetLastError (ERROR_CALL_NOT_IMPLEMENTED);
5775. end;
5776.  
5777. procedure LdrShutdownProcess; stdcall;
5778. begin
5779.   if InitNt and Assigned(_LdrShutdownProcess) then
5780.     _LdrShutdownProcess
5781.   else
5782.     SetLastError (ERROR_CALL_NOT_IMPLEMENTED);
5783. end;
5784.  
5785. procedure LdrShutdownThread; stdcall;
5786. begin
5787.   if InitNt and Assigned(_LdrShutdownThread) then
5788.     _LdrShutdownThread
5789.   else
5790.     SetLastError (ERROR_CALL_NOT_IMPLEMENTED);
5791. end;
5792.  
5793. function LdrUnloadAlternateResourceModule(Module: PVOID): BOOL; stdcall;
5794. begin
5795.   if InitNt and Assigned(_LdrUnloadAlternateResourceModule) then
5796.     Result := _LdrUnloadAlternateResourceModule(Module)
5797.   else
5798.     Result := NtNotImplementedBoolean;
5799. end;
5800.  
5801. function LdrUnloadDll (ImageBase: PVOID): NTSTATUS; stdcall;
5802. begin
5803.   if InitNt and Assigned(_LdrUnloadDll) then
5804.     Result := _LdrUnloadDll(ImageBase)
5805.   else
5806.     Result := NtNotImplemented;
5807. end;
5808.  
5809. function LdrUnlockLoaderLock (LockType, LockId: Integer): NTSTATUS; stdcall;
5810. begin
5811.   if InitNt and Assigned(_LdrUnlockLoaderLock) then
5812.     Result := _LdrUnlockLoaderLock(LockType, LockId)
5813.   else
5814.     Result := NtNotImplemented;
5815. end;
5816.  
5817. function NlsAnsiCodePage : WORD;
5818. begin
5819.   if InitNt then
5820.     Result := _NlsAnsiCodePage^
5821.   else begin
5822.     Result := 0;
5823.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
5824.   end;
5825. end;
5826.  
5827. function NtAcceptConnectPort (PortHandle: PHANDLE; PortIdentifier: ULONG;
5828.   LpcMessage: PLPCMESSAGE; Accept: ULONG; WriteSection: PPORT_SECTION_WRITE;
5829.   ReadSection: PPORT_SECTION_READ): NTSTATUS; stdcall;
5830. begin
5831.   if InitNt and Assigned(_NtAcceptConnectPort) then
5832.     Result := _NtAcceptConnectPort(PortHandle, PortIdentifier, LpcMessage,
5833.       Accept, WriteSection, ReadSection)
5834.   else
5835.     Result := NtNotImplemented;
5836. end;
5837.  
5838. function NtAccessCheck(SecurityDescriptor: PSECURITY_DESCRIPTOR;
5839.   hTokenClient: THANDLE; DesiredAccess: ACCESS_MASK;
5840.   pGenericMapping: PGENERIC_MAPPING; pPrivilegeSet: PPRIVILEGE_SET;
5841.   pPrivilegeSetLength: PULONG; pAccessGranted: PACCESS_MASK;
5842.   AccessGrantedReturnStatus: PNTSTATUS): NTSTATUS; stdcall;
5843. begin
5844.   if InitNt and Assigned(_NtAccessCheck) then
5845.     Result := _NtAccessCheck(SecurityDescriptor, hTokenClient, DesiredAccess,
5846.       pGenericMapping, pPrivilegeSet, pPrivilegeSetLength, pAccessGranted,
5847.       AccessGrantedReturnStatus)
5848.   else
5849.     Result := NtNotImplemented;
5850. end;
5851.  
5852. function NtAccessCheckAndAuditAlarm(SubSystemName: PUNICODE_STRING;
5853.   HandleId: PVOID; ObjectTypeName, ObjectName: PUNICODE_STRING;
5854.   SecurityDescriptor: PSECURITY_DESCRIPTOR; DesiredAccess: ACCESS_MASK;
5855.   pGenericMapping: PGENERIC_MAPPING; bObjectCreation: BOOL;
5856.   pAccessGranted: PACCESS_MASK; AccessGrantedReturnStatus: PNTSTATUS;
5857.   bGenerateOnClose: PBOOLEAN): NTSTATUS; stdcall;
5858. begin
5859.   if InitNt and Assigned(_NtAccessCheckAndAuditAlarm) then
5860.     Result := _NtAccessCheckAndAuditAlarm(SubSystemName, HandleId,
5861.       ObjectTypeName, ObjectName, SecurityDescriptor, DesiredAccess,
5862.       pGenericMapping, bObjectCreation, pAccessGranted,
5863.       AccessGrantedReturnStatus, bGenerateOnClose)
5864.   else
5865.     Result := NtNotImplemented;
5866. end;
5867.  
5868. function NtAccessCheckByType(pSecurityDescriptor: PSECURITY_DESCRIPTOR;
5869.   PrincipalSelfSid: PSID; hClientToken: THANDLE; DesiredAccess: ACCESS_MASK;
5870.   ObjectTypeList: POBJECT_TYPE_LIST; ObjectTypeListLength: ULONG;
5871.   pGenericMapping: PGENERIC_MAPPING; pPrivilegeSet: PPRIVILEGE_SET;
5872.   pPrivilegeSetLength: PULONG; pAccessGranted: PACCESS_MASK;
5873.   AccessGrantedReturnStatus: PNTSTATUS): NTSTATUS; stdcall;
5874. begin
5875.   if InitNt and Assigned(_NtAccessCheckByType) then
5876.     Result := _NtAccessCheckByType(pSecurityDescriptor, PrincipalSelfSid,
5877.       hClientToken, DesiredAccess, ObjectTypeList, ObjectTypeListLength,
5878.       pGenericMapping, pPrivilegeSet, pPrivilegeSetLength, pAccessGranted,
5879.       AccessGrantedReturnStatus)
5880.   else
5881.     Result := NtNotImplemented;
5882. end;
5883.  
5884. function NtAccessCheckByTypeAndAuditAlarm(SubSystemName: PUNICODE_STRING;
5885.   HandleId: PVOID; ObjectTypeName, ObjectName: PUNICODE_STRING;
5886.   SecurityDescriptor: PSECURITY_DESCRIPTOR; PrincipalSelfSid: PSID;
5887.   DesiredAccess: ACCESS_MASK; AuditType: AUDIT_EVENT_TYPE; Flags: ULONG;
5888.   ObjectTypeList: POBJECT_TYPE_LIST; ObjectTypeListLength: ULONG;
5889.   pGenericMapping: PGENERIC_MAPPING; bObjectCreation: BOOL;
5890.   pAccessGranted: PACCESS_MASK; AccessGrantedReturnStatus: PNTSTATUS;
5891.   bGenerateOnClose: PBOOLEAN): NTSTATUS; stdcall;
5892. begin
5893.   if InitNt and Assigned(_NtAccessCheckByTypeAndAuditAlarm) then
5894.     Result := _NtAccessCheckByTypeAndAuditAlarm(SubSystemName, HandleId,
5895.       ObjectTypeName, ObjectName, SecurityDescriptor, PrincipalSelfSid,
5896.       DesiredAccess, AuditType, Flags, ObjectTypeList, ObjectTypeListLength,
5897.       pGenericMapping, bObjectCreation, pAccessGranted,
5898.       AccessGrantedReturnStatus, bGenerateOnClose)
5899.   else
5900.     Result := NtNotImplemented;
5901. end;
5902.  
5903. function NtAccessCheckByTypeResultList(
5904.   pSecurityDescriptor: PSECURITY_DESCRIPTOR; PrincipalSelfSid: PSID;
5905.   hClientToken: THANDLE; DesiredAccess: ACCESS_MASK;
5906.   ObjectTypeList: POBJECT_TYPE_LIST; ObjectTypeListLength: ULONG;
5907.   pGenericMapping: PGENERIC_MAPPING; pPrivilegeSet: PPRIVILEGE_SET;
5908.   pPrivilegeSetLength: PULONG; pAccessGranted: PACCESS_MASK;
5909.   AccessGrantedReturnStatus: PNTSTATUS): NTSTATUS; stdcall;
5910. begin
5911.   if InitNt and Assigned(_NtAccessCheckByTypeResultList) then
5912.     Result := _NtAccessCheckByTypeResultList(pSecurityDescriptor,
5913.       PrincipalSelfSid, hClientToken, DesiredAccess, ObjectTypeList,
5914.       ObjectTypeListLength, pGenericMapping, pPrivilegeSet, pPrivilegeSetLength,
5915.       pAccessGranted, AccessGrantedReturnStatus)
5916.   else
5917.     Result := NtNotImplemented;
5918. end;
5919.  
5920. function NtAccessCheckByTypeResultListAndAuditAlarm(
5921.   SubSystemName: PUNICODE_STRING; HandleId: PVOID;
5922.   ObjectTypeName, ObjectName: PUNICODE_STRING;
5923.   SecurityDescriptor: PSECURITY_DESCRIPTOR; PrincipalSelfSid: PSID;
5924.   DesiredAccess: ACCESS_MASK; AuditType: AUDIT_EVENT_TYPE; Flags: ULONG;
5925.   ObjectTypeList: POBJECT_TYPE_LIST; ObjectTypeListLength: ULONG;
5926.   pGenericMapping: PGENERIC_MAPPING; bObjectCreation: BOOLEAN;
5927.   pAccessGranted: PACCESS_MASK; AccessGrantedReturnStatus: PNTSTATUS;
5928.   bGenerateOnClose: PBOOLEAN): NTSTATUS; stdcall;
5929. begin
5930.   if InitNt and Assigned(_NtAccessCheckByTypeResultListAndAuditAlarm) then
5931.     Result := _NtAccessCheckByTypeResultListAndAuditAlarm(SubSystemName,
5932.       HandleId, ObjectTypeName, ObjectName, SecurityDescriptor,
5933.       PrincipalSelfSid, DesiredAccess, AuditType, Flags, ObjectTypeList,
5934.       ObjectTypeListLength, pGenericMapping, bObjectCreation, pAccessGranted,
5935.       AccessGrantedReturnStatus, bGenerateOnClose)
5936.   else
5937.     Result := NtNotImplemented;
5938. end;
5939.  
5940. function NtAccessCheckByTypeResultListAndAuditAlarmByHandle(
5941.   SubsystemName: PUNICODE_STRING; HandleId: PVOID; TokenHandle: THANDLE;
5942.   ObjectTypeName, ObjectName: PUNICODE_STRING;
5943.   SecurityDescriptor: PSECURITY_DESCRIPTOR; PrincipalSelfSid: PSID;
5944.   DesiredAccess: ACCESS_MASK; AuditType: AUDIT_EVENT_TYPE; Flags: ULONG;
5945.   ObjectTypeList: POBJECT_TYPE_LIST; ObjectTypeListLength: ULONG;
5946.   GenericMapping: PGENERIC_MAPPING; ObjectCreation: BOOL;
5947.   GrantedAccessList: PACCESS_MASK; AccessStatusList: PULONG;
5948.   GenerateOnClose: PULONG): NTSTATUS; stdcall;
5949. begin
5950.   if InitNt and Assigned(_NtAccessCheckByTypeResultListAndAuditAlarmByHandle) then
5951.     Result := _NtAccessCheckByTypeResultListAndAuditAlarmByHandle(SubsystemName,
5952.       HandleId, TokenHandle, ObjectTypeName, ObjectName, SecurityDescriptor,
5953.       PrincipalSelfSid, DesiredAccess, AuditType, Flags, ObjectTypeList,
5954.       ObjectTypeListLength, GenericMapping, ObjectCreation, GrantedAccessList,
5955.       AccessStatusList, GenerateOnClose)
5956.   else
5957.     Result := NtNotImplemented;
5958. end;
5959.  
5960. function NtAddAtom (pString: LPWSTR; StringLength: ULONG;
5961.   Atom: PATOM): NTSTATUS; stdcall;
5962. begin
5963.   if InitNt and Assigned(_NtAddAtom) then
5964.     Result := _NtAddAtom(pString, StringLength, Atom)
5965.   else
5966.     Result := NtNotImplemented;
5967. end;
5968.  
5969. function NtAdjustGroupsToken(hToken: THANDLE; ResetToDefault: BOOL;
5970.   pNewTokenGroups: PTOKEN_GROUPS; pOldTokenGroupsLength: ULONG;
5971.   pOldTokenGroups: PTOKEN_GROUPS;
5972.   pOldTokenGroupsActualLength: PULONG): NTSTATUS; stdcall;
5973. begin
5974.   if InitNt and Assigned(_NtAdjustGroupsToken) then
5975.     Result := _NtAdjustGroupsToken(hToken, ResetToDefault, pNewTokenGroups,
5976.       pOldTokenGroupsLength, pOldTokenGroups, pOldTokenGroupsActualLength)
5977.   else
5978.     Result := NtNotImplemented;
5979. end;
5980.  
5981. function NtAdjustPrivilegesToken (hToken: THANDLE;
5982.   DisableAllPrivileges: Boolean; pNewPrivlegeSet: PTOKEN_PRIVILEGES;
5983.   PreviousPrivilegeSetBufferLength: ULONG;
5984.   pPreviousPrivlegeSet: PTOKEN_PRIVILEGES;
5985.   PreviousPrivlegeSetReturnLength: PULONG): NTSTATUS; stdcall;
5986. begin
5987.   if InitNt and Assigned(_NtAdjustPrivilegesToken) then
5988.     Result := _NtAdjustPrivilegesToken(hToken, DisableAllPrivileges,
5989.       pNewPrivlegeSet, PreviousPrivilegeSetBufferLength,
5990.       pPreviousPrivlegeSet, PreviousPrivlegeSetReturnLength)
5991.   else
5992.     Result := NtNotImplemented;
5993. end;
5994.  
5995. function NtAlertThread(hThread: THANDLE): NTSTATUS; stdcall;
5996. begin
5997.   if InitNt and Assigned(_NtAlertThread) then
5998.     Result := _NtAlertThread(hThread)
5999.   else
6000.     Result := NtNotImplemented;
6001. end;
6002.  
6003. function NtAllocateLocallyUniqueId(Luid: PLUID): NTSTATUS; stdcall;
6004. begin
6005.   if InitNt and Assigned(_NtAllocateLocallyUniqueId) then
6006.     Result := _NtAllocateLocallyUniqueId(Luid)
6007.   else
6008.     Result := NtNotImplemented;
6009. end;
6010.  
6011. function NtAllocateUserPhysicalPages(ProcessHandle: THANDLE;
6012.   NumberOfPages, PageFrameNumbers: PULONG): NTSTATUS; stdcall;
6013. begin
6014.   if InitNt and Assigned(_NtAllocateUserPhysicalPages) then
6015.     Result := _NtAllocateUserPhysicalPages(ProcessHandle, NumberOfPages,
6016.       PageFrameNumbers)
6017.   else
6018.     Result := NtNotImplemented;
6019. end;
6020.  
6021. function NtAllocateVirtualMemory (hProcess: THANDLE;
6022.   PreferredBaseAddress: PVOID; nLowerZeroBits: DWORD;
6023.   SizeRequestedAllocated: LPDWORD;
6024.   AllocationType, ProtectionAttributes: DWORD): NTSTATUS; stdcall;
6025. begin
6026.   if InitNt and Assigned(_NtAllocateVirtualMemory) then
6027.     Result := _NtAllocateVirtualMemory(hProcess, PreferredBaseAddress,
6028.       nLowerZeroBits, SizeRequestedAllocated, AllocationType,
6029.       ProtectionAttributes)
6030.   else
6031.     Result := NtNotImplemented;
6032. end;
6033.  
6034. function NtApphelpCacheControl(ControlCode: LONG;
6035.   ControlData: PVOID): NTSTATUS; stdcall;
6036. begin
6037.   if InitNt and Assigned(_NtApphelpCacheControl) then
6038.     Result := _NtApphelpCacheControl(ControlCode, ControlData)
6039.   else
6040.     Result := NtNotImplemented;
6041. end;
6042.  
6043. function NtAssignProcessToJobObject (
6044.   hJob, hProcess: THANDLE): NTSTATUS; stdcall;
6045. begin
6046.   if InitNt and Assigned(_NtAssignProcessToJobObject) then
6047.     Result := _NtAssignProcessToJobObject(hJob, hProcess)
6048.   else
6049.     Result := NtNotImplemented;
6050. end;
6051.  
6052. function NtAssociateProcessWithReserve(
6053.   ProcessHandle, ReserveHandle: THANDLE): NTSTATUS; stdcall;
6054. begin
6055.   if InitNt and Assigned(_NtAssociateProcessWithReserve) then
6056.     Result := _NtAssociateProcessWithReserve(ProcessHandle, ReserveHandle)
6057.   else
6058.     Result := NtNotImplemented;
6059. end;
6060.  
6061. function NtCancelDeviceWakeupRequest(DeviceHandle: THANDLE): NTSTATUS; stdcall;
6062. begin
6063.   if InitNt and Assigned(_NtCancelDeviceWakeupRequest) then
6064.     Result := _NtCancelDeviceWakeupRequest(DeviceHandle)
6065.   else
6066.     Result := NtNotImplemented;
6067. end;
6068.  
6069. function NtCancelIoFile (hFile: THANDLE;
6070.   IoStatusBlock: PIoStatusBlock): NTSTATUS; stdcall;
6071. begin
6072.   if InitNt and Assigned(_NtCancelIoFile) then
6073.     Result := _NtCancelIoFile(hFile, IoStatusBlock)
6074.   else
6075.     Result := NtNotImplemented;
6076. end;
6077.  
6078. function NtCancelTimer (TimerHandle: THANDLE;
6079.   CurrentState: PBOOLEAN): NTSTATUS; stdcall;
6080. begin
6081.   if InitNt and Assigned(_NtCancelTimer) then
6082.     Result := _NtCancelTimer(TimerHandle, CurrentState)
6083.   else
6084.     Result := NtNotImplemented;
6085. end;
6086.  
6087. function NtClearEvent (hEvent: THANDLE): NTSTATUS; stdcall;
6088. begin
6089.   if InitNt and Assigned(_NtClearEvent) then
6090.     Result := _NtClearEvent(hEvent)
6091.   else
6092.     Result := NtNotImplemented;
6093. end;
6094.  
6095. function NtClose (AHandle : THandle) : NTSTATUS; stdcall;
6096. begin
6097.   if InitNt and Assigned(_NtClose) then
6098.     Result := _NtClose(AHandle)
6099.   else
6100.     Result := NtNotImplemented;
6101. end;
6102.  
6103. function NtCloseObjectAuditAlarm(SubSystemName: PUNICODE_STRING;
6104.   HandleId: PVOID; bGenerateOnClose: BOOL): NTSTATUS; stdcall;
6105. begin
6106.   if InitNt and Assigned(_NtCloseObjectAuditAlarm) then
6107.     Result := _NtCloseObjectAuditAlarm(SubSystemName, HandleId,
6108.       bGenerateOnClose)
6109.   else
6110.     Result := NtNotImplemented;
6111. end;
6112.  
6113. function NtCommitTransaction(TransactionHandle: THANDLE;
6114.   AddInfo: ULONG): NTSTATUS; stdcall;
6115. begin
6116.   if InitNt and Assigned(_NtCommitTransaction) then
6117.     Result := _NtCommitTransaction(TransactionHandle, AddInfo)
6118.   else
6119.     Result := NtNotImplemented;
6120. end;
6121.  
6122. function NtCompleteConnectPort (PortHandle: THANDLE): NTSTATUS; stdcall;
6123. begin
6124.   if InitNt and Assigned(_NtCompleteConnectPort) then
6125.     Result := _NtCompleteConnectPort(PortHandle)
6126.   else
6127.     Result := NtNotImplemented;
6128. end;
6129.  
6130. function NtConnectPort (PortHandle: PHANDLE; PortName: PUNICODE_STRING;
6131.   SecurityQos: PSECURITY_QUALITY_OF_SERVICE;
6132.   WriteSection: PPORT_SECTION_WRITE; ReadSection: PPORT_SECTION_READ;
6133.   MaxMesageSize: PULONG; ConnectInfo: PVOID;
6134.   pConnectInfoLength: PULONG): NTSTATUS; stdcall;
6135. begin
6136.   if InitNt and Assigned(_NtConnectPort) then
6137.     Result := _NtConnectPort(PortHandle, PortName, SecurityQos, WriteSection,
6138.       ReadSection, MaxMesageSize, ConnectInfo, pConnectInfoLength)
6139.   else
6140.     Result := NtNotImplemented;
6141. end;
6142.  
6143. function NtCreateEvent (EventHandle: PHANDLE; DesiredAccess: ACCESS_MASK;
6144.   ObjectAttributes: POBJECT_ATTRIBUTES; EventType: Integer;
6145.   InitialState: BOOL): NTSTATUS; stdcall;
6146. begin
6147.   if InitNt and Assigned(_NtCreateEvent) then
6148.     Result := _NtCreateEvent(EventHandle, DesiredAccess,
6149.       ObjectAttributes, EventType, InitialState)
6150.   else
6151.     Result := NtNotImplemented;
6152. end;
6153.  
6154. function NtCreateDirectoryObject (DirectoryHandle: PHandle;
6155.   DesiredAccess: ACCESS_MASK;
6156.   ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
6157. begin
6158.   if InitNt and Assigned(_NtCreateDirectoryObject) then
6159.     Result := _NtCreateDirectoryObject(DirectoryHandle, DesiredAccess,
6160.       ObjectAttributes)
6161.   else
6162.     Result := NtNotImplemented;
6163. end;
6164.  
6165. function NtCreateFile (FileHandle: PHandle; const DesiredAccess: ACCESS_MASK;
6166.   ObjectAttributes: POBJECT_ATTRIBUTES; IoStatusBlock: PIoStatusBlock;
6167.   AllocationSize: PLARGE_INTEGER;
6168.   FileAttributes, ShareAccess, CreateDisposition, CreateOptions: ULONG;
6169.   EaBuffer: PVOID; EaLength: ULONG): NTSTATUS; stdcall;
6170. begin
6171.   if InitNt and Assigned(_NtCreateFile) then
6172.     Result := _NtCreateFile(FileHandle, DesiredAccess, ObjectAttributes,
6173.       IoStatusBlock, AllocationSize, FileAttributes, ShareAccess,
6174.       CreateDisposition, CreateOptions, EaBuffer, EaLength)
6175.   else
6176.     Result := NtNotImplemented;
6177. end;
6178.  
6179. function NtCreateJobObject (phJob: PHANDLE; DesiredAccess: ACCESS_MASK;
6180.   ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
6181. begin
6182.   if InitNt and Assigned(_NtCreateJobObject) then
6183.     Result := _NtCreateJobObject(phJob, DesiredAccess, ObjectAttributes)
6184.   else
6185.     Result := NtNotImplemented;
6186. end;
6187.  
6188. function NtCreateKey (phKey: PHandle; DesiredAccess: ACCESS_MASK;
6189.   ObjectAttributes: POBJECT_ATTRIBUTES; TitleIndex: ULONG;
6190.   AClass: PUNICODE_STRING; CreateOptions: ULONG;
6191.   pDisposition: PULONG): NTSTATUS; stdcall;
6192. begin
6193.   if InitNt and Assigned(_NtCreateKey) then
6194.     Result := _NtCreateKey(phKey, DesiredAccess, ObjectAttributes, TitleIndex,
6195.       AClass, CreateOptions, pDisposition)
6196.   else
6197.     Result := NtNotImplemented;
6198. end;
6199.  
6200. function NtCreateMailSlotFile (hMailSlot: PHANDLE; DesiredAccess: ACCESS_MASK;
6201.   ObjectAttributes: POBJECT_ATTRIBUTES; IoStatusBlock: PIoStatusBlock;
6202.   CreateOptions, InBufferSize, nMaxMessageSize: ULONG;
6203.   ReadTimeout: PLARGE_INTEGER): NTSTATUS; stdcall;
6204. begin
6205.   if InitNt and Assigned(_NtCreateMailSlotFile) then
6206.     Result := _NtCreateMailSlotFile(hMailSlot, DesiredAccess, ObjectAttributes,
6207.       IoStatusBlock, CreateOptions, InBufferSize, nMaxMessageSize, ReadTimeout)
6208.   else
6209.     Result := NtNotImplemented;
6210. end;
6211.  
6212. function NtCreateMutant (hMutex: PHandle; AccessMask: ACCESS_MASK;
6213.   ObjectAttributes: POBJECT_ATTRIBUTES; bOwnMutant: Boolean): NTSTATUS; stdcall;
6214. begin
6215.   if InitNt and Assigned(_NtCreateMutant) then
6216.     Result := _NtCreateMutant(hMutex, AccessMask, ObjectAttributes, bOwnMutant)
6217.   else
6218.     Result := NtNotImplemented;
6219. end;
6220.  
6221. function NtCreateNamedPipeFile (hPipe: PHANDLE; DesiredAccess: ACCESS_MASK;
6222.   ObjectAttributes: POBJECT_ATTRIBUTES; IoStatusBlock: PIOSTATUSBLOCK;
6223.   AllocationSize: PLARGE_INTEGER;
6224.   FileAttributes, ShareAccess, PipeType, PipeReadMode, PipeWaitMode,
6225.   nMaxInstances, nOutBufferSize, nInBufferSize: ULONG;
6226.   DefaultTimeOut: PLARGE_INTEGER): NTSTATUS; stdcall;
6227. begin
6228.   if InitNt and Assigned(_NtCreateNamedPipeFile) then
6229.     Result := _NtCreateNamedPipeFile(hPipe, DesiredAccess, ObjectAttributes,
6230.       IoStatusBlock, AllocationSize, FileAttributes, ShareAccess, PipeType,
6231.       PipeReadMode, PipeWaitMode, nMaxInstances, nOutBufferSize, nInBufferSize,
6232.       DefaultTimeOut)
6233.   else
6234.     Result := NtNotImplemented;
6235. end;
6236.  
6237. function NtCreatePort (PortHandle: PHANDLE; ObjectAttributes: OBJECT_ATTRIBUTES;
6238.   MaxConnectInfoLength, MaxDataLength, MaxPoolUsage: ULONG): NTSTATUS; stdcall;
6239. begin
6240.   if InitNt and Assigned(_NtCreatePort) then
6241.     Result := _NtCreatePort(PortHandle, ObjectAttributes, MaxConnectInfoLength,
6242.       MaxDataLength, MaxPoolUsage)
6243.   else
6244.     Result := NtNotImplemented;
6245. end;
6246.  
6247. function NtCreateSection (phSection: PHANDLE; DesiredAccess: ACCESS_MASK;
6248.   ObjectAttributes: POBJECT_ATTRIBUTES; MaximumSize: PLARGE_INTEGER;
6249.   SectionPageProtection, AllocationAttributes: ULONG;
6250.   hFile: THANDLE): NTSTATUS; stdcall;
6251. begin
6252.   if InitNt and Assigned(_NtCreateSection) then
6253.     Result := _NtCreateSection(phSection, DesiredAccess, ObjectAttributes,
6254.       MaximumSize, SectionPageProtection, AllocationAttributes, hFile)
6255.   else
6256.     Result := NtNotImplemented;
6257. end;
6258.  
6259. function NtCreateSemaphore (hSemaphore: PHANDLE; AccessMask: ACCESS_MASK;
6260.   ObjectAttributes: POBJECT_ATTRIBUTES;
6261.   InitialCount, MaximumCount: ULONG): NTSTATUS; stdcall;
6262. begin
6263.   if InitNt and Assigned(_NtCreateSemaphore) then
6264.     Result := _NtCreateSemaphore(hSemaphore, AccessMask, ObjectAttributes,
6265.       InitialCount, MaximumCount)
6266.   else
6267.     Result := NtNotImplemented;
6268. end;
6269.  
6270. function NtCreateSymbolicLinkObject (SymbolicLinkHandle: PHandle;
6271.   DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES;
6272.   SubstituteString: PUNICODE_STRING): NTSTATUS; stdcall;
6273. begin
6274.   if InitNt and Assigned(_NtCreateSymbolicLinkObject) then
6275.     Result := _NtCreateSymbolicLinkObject(SymbolicLinkHandle, DesiredAccess,
6276.       ObjectAttributes, SubstituteString)
6277.   else
6278.     Result := NtNotImplemented;
6279. end;
6280.  
6281. function NtCreateThread(phThread: PHANDLE; AccessMask: ACCESS_MASK;
6282.   ObjectAttributes: POBJECT_ATTRIBUTES; hProcess: THANDLE;
6283.   pClientId: PCLIENT_ID; pContext: PCONTEXT; pStackInfo: PSTACKINFO;
6284.   bSuspended: BOOL): NTSTATUS; stdcall;
6285. begin
6286.   if InitNt and Assigned(_NtCreateThread) then
6287.     Result := _NtCreateThread(phThread, AccessMask, ObjectAttributes, hProcess,
6288.       pClientId, pContext, pStackInfo, bSuspended)
6289.   else
6290.     Result := NtNotImplemented;
6291. end;
6292.  
6293. function NtCreateTimer (TimerHandle: PHandle; DesiredAccess: ACCESS_MASK;
6294.   ObjectAttributes: POBJECT_ATTRIBUTES;
6295.   TimerType: TIMER_TYPE): NTSTATUS; stdcall;
6296. begin
6297.   if InitNt and Assigned(_NtCreateTimer) then
6298.     Result := _NtCreateTimer(TimerHandle, DesiredAccess, ObjectAttributes,
6299.       TimerType)
6300.   else
6301.     Result := NtNotImplemented;
6302. end;
6303.  
6304. { Íå áóäåò ðàáîòàòü â Windows 64 }
6305. function NtCurrentTEB : Pointer; assembler;
6306. asm
6307.   mov eax,fs:[$18]
6308. end;
6309.  
6310. function NtCreateWaitablePort(PortHandle: PHANDLE;
6311.   ObjectAttributes: POBJECT_ATTRIBUTES;
6312.   MaxConnectInfoLength, MaxDataLength, Reserved: ULONG): NTSTATUS; stdcall;
6313. begin
6314.   if InitNt and Assigned(_NtCreateWaitablePort) then
6315.     Result := _NtCreateWaitablePort(PortHandle, ObjectAttributes,
6316.       MaxConnectInfoLength, MaxDataLength, Reserved)
6317.   else
6318.     Result := NtNotImplemented;
6319. end;
6320.  
6321. function NtDebugActiveProcess(ProcessHandle: THANDLE;
6322.   DebugObject: PVOID): NTSTATUS; stdcall;
6323. begin
6324.   if InitNt and Assigned(_NtDebugActiveProcess) then
6325.     Result := _NtDebugActiveProcess(ProcessHandle, DebugObject)
6326.   else
6327.     Result := NtNotImplemented;
6328. end;
6329.  
6330. function NtDelayExecution (bAlertable: ULONG;
6331.   pDuration: PLARGE_INTEGER): NTSTATUS; stdcall;
6332. begin
6333.   if InitNt and Assigned(_NtDelayExecution) then
6334.     Result := _NtDelayExecution(bAlertable, pDuration)
6335.   else
6336.     Result := NtNotImplemented;
6337. end;
6338.  
6339. function NtDeleteAtom (AAtom: ATOM): NTSTATUS; stdcall;
6340. begin
6341.   if InitNt and Assigned(_NtDeleteAtom) then
6342.     Result := _NtDeleteAtom(AAtom)
6343.   else
6344.     Result := NtNotImplemented;
6345. end;
6346.  
6347. function NtDeleteFile(ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
6348. begin
6349.   if InitNt and Assigned(_NtDeleteFile) then
6350.     Result := _NtDeleteFile(ObjectAttributes)
6351.   else
6352.     Result := NtNotImplemented;
6353. end;
6354.  
6355. function NtDeleteKey (KeyHandle: THANDLE): NTSTATUS; stdcall;
6356. begin
6357.   if InitNt and Assigned(_NtDeleteKey) then
6358.     Result := _NtDeleteKey(KeyHandle)
6359.   else
6360.     Result := NtNotImplemented;
6361. end;
6362.  
6363. function NtDeleteObjectAuditAlarm(SubSystemName: PUNICODE_STRING;
6364.   HandleId: PVOID; bGenerateOnClose: BOOL): NTSTATUS; stdcall;
6365. begin
6366.   if InitNt and Assigned(_NtDeleteObjectAuditAlarm) then
6367.     Result := _NtDeleteObjectAuditAlarm(SubSystemName, HandleId,
6368.       bGenerateOnClose)
6369.   else
6370.     Result := NtNotImplemented;
6371. end;
6372.  
6373. function NtDeleteValueKey (hKey: THANDLE;
6374.   pValueName: PUNICODE_STRING):NTSTATUS; stdcall;
6375. begin
6376.   if InitNt and Assigned(_NtDeleteValueKey) then
6377.     Result := _NtDeleteValueKey(hKey, pValueName)
6378.   else
6379.     Result := NtNotImplemented;
6380. end;
6381.  
6382. function NtDeviceIoControlFile (hFile, hEvent: THANDLE;
6383.   IoApcRoutine: Pointer; IoApcContext: PVOID; IoStatusBlock: PIOSTATUSBLOCK;
6384.   DeviceIoControlCode: ULONG; InBuffer: PVOID; InBufferLength: ULONG;
6385.   OutBuffer: PVOID; OutBufferLength: ULONG): NTSTATUS; stdcall;
6386. begin
6387.   if InitNt and Assigned(_NtDeviceIoControlFile) then
6388.     Result := _NtDeviceIoControlFile(hFile, hEvent, IoApcRoutine, IoApcContext,
6389.       IoStatusBlock, DeviceIoControlCode, InBuffer, InBufferLength, OutBuffer,
6390.       OutBufferLength)
6391.   else
6392.     Result := NtNotImplemented;
6393. end;
6394.  
6395. function NtDisassociateProcessFromReserve(
6396.   ProcessHandle: THANDLE): NTSTATUS; stdcall;
6397. begin
6398.   if InitNt and Assigned(_NtDisassociateProcessFromReserve) then
6399.     Result := _NtDisassociateProcessFromReserve(ProcessHandle)
6400.   else
6401.     Result := NtNotImplemented;
6402. end;
6403.  
6404. function NtDisjoinThreadFromReserve(hThread: THANDLE): NTSTATUS; stdcall;
6405. begin
6406.   if InitNt and Assigned(_NtDisjoinThreadFromReserve) then
6407.     Result := _NtDisjoinThreadFromReserve(hThread)
6408.   else
6409.     Result := NtNotImplemented;
6410. end;
6411.  
6412. function NtDuplicateObject (SourceProcessHandle, SourceHandle,
6413.   TargetProcessHandle: THandle; TargetHandle: PHandle;
6414.   DesiredAccess: ACCESS_MASK; Attributes: ULONG; //OBJ_xxx
6415.   Options: ULONG): NTSTATUS; stdcall;
6416. begin
6417.   if InitNt and Assigned(_NtDuplicateObject) then
6418.     Result := _NtDuplicateObject(SourceProcessHandle, SourceHandle,
6419.       TargetProcessHandle, TargetHandle, DesiredAccess, Attributes, Options)
6420.   else
6421.     Result := NtNotImplemented;
6422. end;
6423.  
6424. function NtDuplicateToken(hToken: THANDLE; DesiredAccess: ACCESS_MASK;
6425.   ObjectAttributes: POBJECT_ATTRIBUTES; bMakeTokenEffectiveOnly: BOOL;
6426.   TokenType: TOKEN_TYPE; phNewToken: PHANDLE): NTSTATUS; stdcall;
6427. begin
6428.   if InitNt and Assigned(_NtDuplicateToken) then
6429.     Result := _NtDuplicateToken(hToken, DesiredAccess, ObjectAttributes,
6430.       bMakeTokenEffectiveOnly, TokenType, phNewToken)
6431.   else
6432.     Result := NtNotImplemented;
6433. end;
6434.  
6435. function NtEnumerateKey (hKey: THANDLE; Index: ULONG;
6436.   KeyInfoClass: KEY_INFORMATION_CLASS; KeyInfoBuffer: PVOID;
6437.   KeyInfoBufferLength: ULONG; BytesCopied: PULONG): NTSTATUS; stdcall;
6438. begin
6439.   if InitNt and Assigned(_NtEnumerateKey) then
6440.     Result := _NtEnumerateKey(hKey, Index, KeyInfoClass, KeyInfoBuffer,
6441.       KeyInfoBufferLength, BytesCopied)
6442.   else
6443.     Result := NtNotImplemented;
6444. end;
6445.  
6446. function NtEnumerateValueKey (hKey: THANDLE; Index: ULONG;
6447.   KeyValueInfoClass: KEY_VALUE_INFORMATION_CLASS; KeyValueInfoBuffer: PVOID;
6448.   KeyValueInfoBufferLength: ULONG; BytesCopied: PULONG): NTSTATUS; stdcall;
6449. begin
6450.   if InitNt and Assigned(_NtEnumerateValueKey) then
6451.     Result := _NtEnumerateValueKey(hKey, Index, KeyValueInfoClass,
6452.       KeyValueInfoBuffer, KeyValueInfoBufferLength, BytesCopied)
6453.   else
6454.     Result := NtNotImplemented;
6455. end;
6456.  
6457. function NtFilterToken(ExistingTokenHandle: THANDLE; Flags: ULONG;
6458.   SidsToDisable: PTOKEN_GROUPS; PrivilegesToDelete: PTOKEN_PRIVILEGES;
6459.   SidsToRestrict: PTOKEN_GROUPS; NewTokenHandle: PHANDLE): NTSTATUS; stdcall;
6460. begin
6461.   if InitNt and Assigned(_NtFilterToken) then
6462.     Result := _NtFilterToken(ExistingTokenHandle, Flags, SidsToDisable,
6463.       PrivilegesToDelete, SidsToRestrict, NewTokenHandle)
6464.   else
6465.     Result := NtNotImplemented;
6466. end;
6467.  
6468. function NtFindAtom (pString: PWideChar; StringLength: ULONG;
6469.   AAtom: PATOM): NTSTATUS; stdcall;
6470. begin
6471.   if InitNt and Assigned(_NtFindAtom) then
6472.     Result := _NtFindAtom(pString, StringLength, AAtom)
6473.   else
6474.     Result := NtNotImplemented;
6475. end;
6476.  
6477. function NtFlushBuffersFile(hFile: THANDLE;
6478.   IoStatusBlock: PIOSTATUSBLOCK): NTSTATUS; stdcall;
6479. begin
6480.   if InitNt and Assigned(_NtFlushBuffersFile) then
6481.     Result := _NtFlushBuffersFile (hFile, IoStatusBlock)
6482.   else
6483.     Result := NtNotImplemented;
6484. end;
6485.  
6486. function NtFlushInstructionCache(hProcess: THANDLE; BaseAddressRegion: PVOID;
6487.   RegionSize: ULONG): NTSTATUS; stdcall;
6488. begin
6489.   if InitNt and Assigned(_NtFlushInstructionCache) then
6490.     Result := _NtFlushInstructionCache(hProcess, BaseAddressRegion, RegionSize)
6491.   else
6492.     Result := NtNotImplemented;
6493. end;
6494.  
6495. function NtFlushKey(KeyHandle: THANDLE): NTSTATUS; stdcall;
6496. begin
6497.   if InitNt and Assigned(_NtFlushKey) then
6498.     Result := _NtFlushKey(KeyHandle)
6499.   else
6500.     Result := NtNotImplemented;
6501. end;
6502.  
6503. function NtFlushVirtualMemory(hProcess: THANDLE; StartingAddress: PVOID;
6504.   SizeToFlush: PULONG; IoStatusBlock: PIOSTATUSBLOCK): NTSTATUS; stdcall;
6505. begin
6506.   if InitNt and Assigned(_NtFlushVirtualMemory) then
6507.     Result := _NtFlushVirtualMemory(hProcess, StartingAddress, SizeToFlush,
6508.       IoStatusBlock)
6509.   else
6510.     Result := NtNotImplemented;
6511. end;
6512.  
6513. function NtFreeUserPhysicalPages(ProcessHandle: THANDLE;
6514.   NumberOfPages, PageFrameNumbers: PULONG): NTSTATUS; stdcall;
6515. begin
6516.   if InitNt and Assigned(_NtFreeUserPhysicalPages) then
6517.     Result := _NtFreeUserPhysicalPages(ProcessHandle, NumberOfPages,
6518.       PageFrameNumbers)
6519.   else
6520.     Result := NtNotImplemented;
6521. end;
6522.  
6523. function NtFreeVirtualMemory(hProcess: THANDLE; StartingAddress: PVOID;
6524.   SizeRequestedReleased: LPDWORD; ReleaseType: UINT): NTSTATUS; stdcall;
6525. begin
6526.   if InitNt and Assigned(_NtFreeVirtualMemory) then
6527.     Result := _NtFreeVirtualMemory(hProcess, StartingAddress,
6528.       SizeRequestedReleased, ReleaseType)
6529.   else
6530.     Result := NtNotImplemented;
6531. end;
6532.  
6533. function NtFsControlFile(hFile, hEvent: THANDLE; IoApcRoutine: Pointer;
6534.   IoApcContext: PVOID; IoStatusBlock: PIOSTATUSBLOCK;
6535.   FileSystemControlCode: ULONG; InBuffer: PVOID; InBufferLength: ULONG;
6536.   OutBuffer: PVOID; OutBufferLength: ULONG): NTSTATUS; stdcall;
6537. begin
6538.   if InitNt and Assigned(_NtFsControlFile) then
6539.     Result := _NtFsControlFile(hFile, hEvent, IoApcRoutine, IoApcContext,
6540.       IoStatusBlock, FileSystemControlCode, InBuffer, InBufferLength, OutBuffer,
6541.       OutBufferLength)
6542.   else
6543.     Result := NtNotImplemented;
6544. end;
6545.  
6546. function NtGetContextThread(hThread: THANDLE;
6547.   pContext: PCONTEXT): NTSTATUS; stdcall;
6548. begin
6549.   if InitNt and Assigned(_NtGetContextThread) then
6550.     Result := _NtGetContextThread(hThread, pContext)
6551.   else
6552.     Result := NtNotImplemented;
6553. end;
6554.  
6555. function NtGetCurrentProcessorNumber: Integer; stdcall;
6556. begin
6557.   if InitNt and Assigned(_NtGetCurrentProcessorNumber) then
6558.     Result := _NtGetCurrentProcessorNumber
6559.   else begin
6560.     Result := 0;
6561.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
6562.   end;
6563. end;
6564.  
6565. function NtGetDevicePowerState(DeviceHandle: THANDLE;
6566.   DevicePowerState: PDEVICE_POWER_STATE): NTSTATUS; stdcall;
6567. begin
6568.   if InitNt and Assigned(_NtGetDevicePowerState) then
6569.     Result := _NtGetDevicePowerState(DeviceHandle, DevicePowerState)
6570.   else
6571.     Result := NtNotImplemented;
6572. end;
6573.  
6574. function NtGetWriteWatch(ProcessHandle: THANDLE; Flags: ULONG;
6575.   BaseAddress: PVOID; RegionSize: ULONG;
6576.   Buffer, BufferEntries, Granularity: PULONG): NTSTATUS; stdcall;
6577. begin
6578.   if InitNt and Assigned(_NtGetWriteWatch) then
6579.     Result := _NtGetWriteWatch(ProcessHandle, Flags, BaseAddress, RegionSize,
6580.       Buffer, BufferEntries, Granularity)
6581.   else
6582.     Result := NtNotImplemented;
6583. end;
6584.  
6585. function NtImpersonateAnonymousToken(hThread: THANDLE): NTSTATUS; stdcall;
6586. begin
6587.   if InitNt and Assigned(_NtImpersonateAnonymousToken) then
6588.     Result := _NtImpersonateAnonymousToken(hThread)
6589.   else
6590.     Result := NtNotImplemented;
6591. end;
6592.  
6593. function NtImpersonateClientOfPort(PortHandle: THANDLE;
6594.   LpcMessage: PLPCMESSAGE): NTSTATUS; stdcall;
6595. begin
6596.   if InitNt and Assigned(_NtImpersonateClientOfPort) then
6597.     Result := _NtImpersonateClientOfPort(PortHandle, LpcMessage)
6598.   else
6599.     Result := NtNotImplemented;
6600. end;
6601.  
6602. function NtInitiatePowerAction(SystemAction: POWER_ACTION;
6603.   MinSystemState: SYSTEM_POWER_STATE; Flags: ULONG;
6604.   Asynchronous: BOOL): NTSTATUS; stdcall;
6605. begin
6606.   if InitNt and Assigned(_NtInitiatePowerAction) then
6607.     Result := _NtInitiatePowerAction(SystemAction, MinSystemState, Flags,
6608.       Asynchronous)
6609.   else
6610.     Result := NtNotImplemented;
6611. end;
6612.  
6613. function NtIsProcessInJob(ProcessHandle, JobHandle: THANDLE): NTSTATUS; stdcall;
6614. begin
6615.   if InitNt and Assigned(_NtIsProcessInJob) then
6616.     Result := _NtIsProcessInJob(ProcessHandle, JobHandle)
6617.   else
6618.     Result := NtNotImplemented;
6619. end;
6620.  
6621. function NtIsSystemResumeAutomatic: NTSTATUS; stdcall;
6622. begin
6623.   if InitNt and Assigned(_NtIsSystemResumeAutomatic) then
6624.     Result := _NtIsSystemResumeAutomatic
6625.   else
6626.     Result := NtNotImplemented;
6627. end;
6628.  
6629. function NtJoinThreadToReserve(
6630.   ThreadHandle, ReserveHandle: THANDLE): NTSTATUS; stdcall;
6631. begin
6632.   if InitNt and Assigned(_NtJoinThreadToReserve) then
6633.     Result := _NtJoinThreadToReserve(ThreadHandle, ReserveHandle)
6634.   else
6635.     Result := NtNotImplemented;
6636. end;
6637.  
6638. function NtListenPort(PortHandle: THANDLE;
6639.   LpcMessage: PLPCMESSAGE): NTSTATUS; stdcall;
6640. begin
6641.   if InitNt and Assigned(_NtListenPort) then
6642.     Result := _NtListenPort(PortHandle, LpcMessage)
6643.   else
6644.     Result := NtNotImplemented;
6645. end;
6646.  
6647. function NtLoadDriver (DriverRegistryEntry: PUNICODE_STRING): NTSTATUS; stdcall;
6648. begin
6649.   if InitNt and Assigned(_NtLoadDriver) then
6650.     Result := _NtLoadDriver(DriverRegistryEntry)
6651.   else
6652.     Result := NtNotImplemented;
6653. end;
6654.  
6655. function NtLoadKey(KeyNameAttributes,
6656.   HiveFileNameAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
6657. begin
6658.   if InitNt and Assigned(_NtLoadKey) then
6659.     Result := _NtLoadKey(KeyNameAttributes, HiveFileNameAttributes)
6660.   else
6661.     Result := NtNotImplemented;
6662. end;
6663.  
6664. function NtLockFile(hFile, hEvent: THANDLE; IoApcRoutine: Pointer;
6665.   IoApcContext: PVOID; IoStatusBlock: PIOSTATUSBLOCK;
6666.   FileOffset, Length: PLARGE_INTEGER; LockOperationKey: PULONG;
6667.   bFailIfNotPossibleAtThisPoint, bExclusiveLock: BOOL): NTSTATUS; stdcall;
6668. begin
6669.   if InitNt and Assigned(_NtLockFile) then
6670.     Result := _NtLockFile(hFile, hEvent, IoApcRoutine, IoApcContext,
6671.       IoStatusBlock, FileOffset, Length, LockOperationKey,
6672.       bFailIfNotPossibleAtThisPoint, bExclusiveLock)
6673.   else
6674.     Result := NtNotImplemented;
6675. end;
6676.  
6677. function NtLockVirtualMemory(hProcess: THANDLE; BaseAddress: PPVOID;
6678.   RegionSize: PULONG; LockType: ULONG): NTSTATUS; stdcall;
6679. begin
6680.   if InitNt and Assigned(_NtLockVirtualMemory) then
6681.     Result := _NtLockVirtualMemory(hProcess, BaseAddress, RegionSize, LockType)
6682.   else
6683.     Result := NtNotImplemented;
6684. end;
6685.  
6686. function NtMakeTemporaryObject (AHandle: THandle): NTSTATUS; stdcall;
6687. begin
6688.   if InitNt and Assigned(_NtMakeTemporaryObject) then
6689.     Result := _NtMakeTemporaryObject(AHandle)
6690.   else
6691.     Result := NtNotImplemented;
6692. end;
6693.  
6694. function NtMapUserPhysicalPages(BaseAddress: PVOID;
6695.   NumberOfPages, PageFrameNumbers: PULONG): NTSTATUS; stdcall;
6696. begin
6697.   if InitNt and Assigned(_NtMapUserPhysicalPages) then
6698.     Result := _NtMapUserPhysicalPages(BaseAddress, NumberOfPages,
6699.       PageFrameNumbers)
6700.   else
6701.     Result := NtNotImplemented;
6702. end;
6703.  
6704. function NtMapUserPhysicalPagesScatter(BaseAddresses: PPVOID;
6705.   NumberOfPages, PageFrameNumbers: PULONG): NTSTATUS; stdcall;
6706. begin
6707.   if InitNt and Assigned(_NtMapUserPhysicalPagesScatter) then
6708.     Result := _NtMapUserPhysicalPagesScatter(BaseAddresses, NumberOfPages,
6709.       PageFrameNumbers)
6710.   else
6711.     Result := NtNotImplemented;
6712. end;
6713.  
6714. function NtMapViewOfSection (hSection: THandle; hProcess: THandle;
6715.   BaseAddress: PPVoid; ZeroBits: ULONG; CommitSize: ULONG;
6716.   SectionOffset: PLARGE_INTEGER; ViewSize: PULONG;
6717.   InheritDisposition: SECTION_INHERIT; AllocationType: ULONG;
6718.   Protect: ULONG): NTSTATUS; stdcall;
6719. begin
6720.   if InitNt and Assigned(_NtMapViewOfSection) then
6721.     Result := _NtMapViewOfSection(hSection, hProcess, BaseAddress, ZeroBits,
6722.       CommitSize, SectionOffset, ViewSize, InheritDisposition,
6723.       AllocationType, Protect)
6724.   else
6725.     Result := NtNotImplemented;
6726. end;
6727.  
6728. function NtNotifyChangeDirectoryFile(hFile, hEvent: THANDLE;
6729.   IoApcRoutine: Pointer; IoApcContext: PVOID; IoStatusBlock: PIOSTATUSBLOCK;
6730.   ChangeBuffer: PVOID; ChangeBufferLength, NotifyFilter: ULONG;
6731.   bWatchSubtree: BOOL): NTSTATUS; stdcall;
6732. begin
6733.   if InitNt and Assigned(_NtNotifyChangeDirectoryFile) then
6734.     Result := _NtNotifyChangeDirectoryFile(hFile, hEvent, IoApcRoutine,
6735.       IoApcContext, IoStatusBlock, ChangeBuffer, ChangeBufferLength,
6736.       NotifyFilter, bWatchSubtree)
6737.   else
6738.     Result := NtNotImplemented;
6739. end;
6740.  
6741. function NtNotifyChangeKey(hKey, hEvent: THANDLE; ApcRoutine: Pointer;
6742.   ApcRoutineContext: PVOID; IoStatusBlock: PIOSTATUSBLOCK; NotifyFilter: ULONG;
6743.   bWatchSubtree: BOOL; RegChangesDataBuffer: PVOID;
6744.   RegChangesDataBufferLength: ULONG; bAynchronous: BOOL): NTSTATUS; stdcall;
6745. begin
6746.   if InitNt and Assigned(_NtNotifyChangeKey) then
6747.     Result := _NtNotifyChangeKey(hKey, hEvent, ApcRoutine, ApcRoutineContext,
6748.       IoStatusBlock, NotifyFilter, bWatchSubtree, RegChangesDataBuffer,
6749.       RegChangesDataBufferLength, bAynchronous)
6750.   else
6751.     Result := NtNotImplemented;
6752. end;
6753.  
6754. function NtNotifyChangeMultipleKeys(KeyHandle: THANDLE; Flags: ULONG;
6755.   KeyObjectAttributes: POBJECT_ATTRIBUTES; EventHandle: THANDLE;
6756.   ApcRoutine: Pointer; ApcContext: PVOID; IoStatusBlock: PIOSTATUSBLOCK;
6757.   NotifyFilter: ULONG; WatchSubTree: BOOL; Buffer: PVOID; BufferLength: ULONG;
6758.   Asynchronous: BOOL): NTSTATUS; stdcall;
6759. begin
6760.   if InitNt and Assigned(_NtNotifyChangeMultipleKeys) then
6761.     Result := _NtNotifyChangeMultipleKeys(KeyHandle, Flags, KeyObjectAttributes,
6762.       EventHandle, ApcRoutine, ApcContext, IoStatusBlock, NotifyFilter,
6763.       WatchSubTree, Buffer, BufferLength, Asynchronous)
6764.   else
6765.     Result := NtNotImplemented;
6766. end;
6767.  
6768. function NtOpenDirectoryObject (DirectoryHandle: PHandle;
6769.   DesiredAccess: ACCESS_MASK;
6770.   ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
6771. begin
6772.   if InitNt and Assigned(_NtOpenDirectoryObject) then
6773.     Result := _NtOpenDirectoryObject(DirectoryHandle, DesiredAccess,
6774.       ObjectAttributes)
6775.   else
6776.     Result := NtNotImplemented;
6777. end;
6778.  
6779. function NtOpenEvent(hEvent: PHANDLE; DesiredAccess: ACCESS_MASK;
6780.   ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
6781. begin
6782.   if InitNt and Assigned(_NtOpenEvent) then
6783.     Result := _NtOpenEvent(hEvent, DesiredAccess, ObjectAttributes)
6784.   else
6785.     Result := NtNotImplemented;
6786. end;
6787.  
6788. function NtOpenFile(FileHandle: PHandle; const DesiredAccess: ACCESS_MASK;
6789.   ObjectAttributes: POBJECT_ATTRIBUTES; IoStatusBlock: PIoStatusBlock;
6790.   const ShareAccess, OpenOptions: ULONG) : NTSTATUS; stdcall;
6791. begin
6792.   if InitNt and Assigned(_NtOpenFile) then
6793.     Result := _NtOpenFile(FileHandle, DesiredAccess, ObjectAttributes,
6794.       IoStatusBlock, ShareAccess, OpenOptions)
6795.   else
6796.     Result := NtNotImplemented;
6797. end;
6798.  
6799. function NtOpenJobObject(phJob: PHANDLE; DesiredAccess: ACCESS_MASK;
6800.   ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
6801. begin
6802.   if InitNt and Assigned(_NtOpenJobObject) then
6803.     Result := _NtOpenJobObject(phJob, DesiredAccess, ObjectAttributes)
6804.   else
6805.     Result := NtNotImplemented;
6806. end;
6807.  
6808. function NtOpenKey (phKey: PHandle; DesiredAccess: ACCESS_MASK;
6809.   oa: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
6810. begin
6811.   if InitNt and Assigned(_NtOpenKey) then
6812.     Result := _NtOpenKey(phKey, DesiredAccess, oa)
6813.   else
6814.     Result := NtNotImplemented;
6815. end;
6816.  
6817. function NtOpenMutant(hMutex: PHANDLE; DesiredAccess: ACCESS_MASK;
6818.   ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
6819. begin
6820.   if InitNt and Assigned(_NtOpenMutant) then
6821.     Result := _NtOpenMutant(hMutex, DesiredAccess, ObjectAttributes)
6822.   else
6823.     Result := NtNotImplemented;
6824. end;
6825.  
6826. function NtOpenObjectAuditAlarm(SubsystemName: PUNICODE_STRING; HandleId: PVOID;
6827.   ObjectTypeName, ObjectName: PUNICODE_STRING;
6828.   pSecurityDescriptor: PSECURITY_DESCRIPTOR; hTokenClient: THANDLE;
6829.   DesiredAccess, GrantedAccess: ACCESS_MASK; pPrivilegeSet: PPRIVILEGE_SET;
6830.   bObjectCreation, bAccessGranted: BOOL;
6831.   bGenerateOnClose: PBOOLEAN): NTSTATUS; stdcall;
6832. begin
6833.   if InitNt and Assigned(_NtOpenObjectAuditAlarm) then
6834.     Result := _NtOpenObjectAuditAlarm(SubsystemName, HandleId, ObjectTypeName,
6835.       ObjectName, pSecurityDescriptor, hTokenClient, DesiredAccess,
6836.       GrantedAccess, pPrivilegeSet, bObjectCreation, bAccessGranted,
6837.       bGenerateOnClose)
6838.   else
6839.     Result := NtNotImplemented;
6840. end;
6841.  
6842. function NtOpenProcess (phProcess: PHandle; DesiredAccess: ACCESS_MASK;
6843.   oa: POBJECT_ATTRIBUTES; pClientId: PCLIENT_ID): NTSTATUS; stdcall;
6844. begin
6845.   if InitNt and Assigned(_NtOpenProcess) then
6846.     Result := _NtOpenProcess(phProcess, DesiredAccess, oa, pClientId)
6847.   else
6848.     Result := NtNotImplemented;
6849. end;
6850.  
6851. function NtOpenProcessToken (hProcess: THandle; DesiredAccess: ACCESS_MASK;
6852.   hToken: PHandle): NTSTATUS; stdcall;
6853. begin
6854.   if InitNt and Assigned(_NtOpenProcessToken) then
6855.     Result := _NtOpenProcessToken(hProcess, DesiredAccess, hToken)
6856.   else
6857.     Result := NtNotImplemented;
6858. end;
6859.  
6860. function NtOpenReserve(ReserveHandle: PHANDLE; DesiredAccess: ACCESS_MASK;
6861.   oa: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
6862. begin
6863.   if InitNt and Assigned(_NtOpenReserve) then
6864.     Result := _NtOpenReserve(ReserveHandle, DesiredAccess, oa)
6865.   else
6866.     Result := NtNotImplemented;
6867. end;
6868.  
6869. function NtOpenSection(SectionHandle: PHANDLE; DesiredAccess: ACCESS_MASK;
6870.   ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
6871. begin
6872.   if InitNt and Assigned(_NtOpenSection) then
6873.     Result := _NtOpenSection(SectionHandle, DesiredAccess, ObjectAttributes)
6874.   else
6875.     Result := NtNotImplemented;
6876. end;
6877.  
6878. function NtOpenSemaphore(hSemaphore: PHANDLE; DesiredAccess: ACCESS_MASK;
6879.   ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
6880. begin
6881.   if InitNt and Assigned(_NtOpenSemaphore) then
6882.     Result := _NtOpenSemaphore(hSemaphore, DesiredAccess, ObjectAttributes)
6883.   else
6884.     Result := NtNotImplemented;
6885. end;
6886.  
6887. function NtOpenSymbolicLinkObject (SymbolicLinkHandle: PHandle;
6888.   DesiredAccess: ACCESS_MASK;
6889.   ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
6890. begin
6891.   if InitNt and Assigned(_NtOpenSymbolicLinkObject) then
6892.     Result := _NtOpenSymbolicLinkObject(SymbolicLinkHandle,
6893.       DesiredAccess, ObjectAttributes)
6894.   else
6895.     Result := NtNotImplemented;
6896. end;
6897.  
6898. function NtOpenThread(phThread: PHANDLE; AccessMask: ACCESS_MASK;
6899.   ObjectAttributes: POBJECT_ATTRIBUTES;
6900.   pClientId: PCLIENT_ID): NTSTATUS; stdcall;
6901. begin
6902.   if InitNt and Assigned(_NtOpenThread) then
6903.     Result := _NtOpenThread(phThread, AccessMask, ObjectAttributes, pClientId)
6904.   else
6905.     Result := NtNotImplemented;
6906. end;
6907.  
6908. function NtOpenThreadToken (hThread: THANDLE; DesiredAccess: ACCESS_MASK;
6909.   bUseContextOfProcess: LongBool; phToken: PHANDLE): NTSTATUS; stdcall;
6910. begin
6911.   if InitNt and Assigned(_NtOpenThreadToken) then
6912.     Result := _NtOpenThreadToken(hThread, DesiredAccess, bUseContextOfProcess,
6913.       phToken)
6914.   else
6915.     Result := NtNotImplemented;
6916. end;
6917.  
6918. function NtOpenTimer(TimerHandle: PHANDLE; DesiredAccess: ACCESS_MASK;
6919.   ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
6920. begin
6921.   if InitNt and Assigned(_NtOpenTimer) then
6922.     Result := _NtOpenTimer(TimerHandle, DesiredAccess, ObjectAttributes)
6923.   else
6924.     Result := NtNotImplemented;
6925. end;
6926.  
6927. function NtPowerInformation(PowerInformationLevel: POWER_INFORMATION_LEVEL;
6928.   InputBuffer: PVOID; InputBufferLength: ULONG; OutputBuffer: PVOID;
6929.   OutputBufferLength: ULONG): NTSTATUS; stdcall;
6930. begin
6931.   if InitNt and Assigned(_NtPowerInformation) then
6932.     Result := _NtPowerInformation(PowerInformationLevel, InputBuffer,
6933.       InputBufferLength, OutputBuffer, OutputBufferLength)
6934.   else
6935.     Result := NtNotImplemented;
6936. end;
6937.  
6938. function NtPrivilegeCheck(hToken: THANDLE; PrivilegeSet: PPRIVILEGE_SET;
6939.   pbHasPrivileges: PBOOLEAN): NTSTATUS; stdcall;
6940. begin
6941.   if InitNt and Assigned(_NtPrivilegeCheck) then
6942.     Result := _NtPrivilegeCheck(hToken, PrivilegeSet, pbHasPrivileges)
6943.   else
6944.     Result := NtNotImplemented;
6945. end;
6946.  
6947. function NtPrivilegedServiceAuditAlarm(
6948.   SubsystemName, ServiceName: PUNICODE_STRING; hToken: THANDLE;
6949.   pPrivilegeSet: PPRIVILEGE_SET; AccessGranted: BOOL): NTSTATUS; stdcall;
6950. begin
6951.   if InitNt and Assigned(_NtPrivilegedServiceAuditAlarm) then
6952.     Result := _NtPrivilegedServiceAuditAlarm(SubsystemName, ServiceName, hToken,
6953.       pPrivilegeSet, AccessGranted)
6954.   else
6955.     Result := NtNotImplemented;
6956. end;
6957.  
6958. function NtPrivilegeObjectAuditAlarm(SubsystemName: PUNICODE_STRING;
6959.   HandleId: PVOID; hToken: THANDLE; DesiredAccess: ACCESS_MASK;
6960.   pPrivilegeSet: PPRIVILEGE_SET; AccessGranted: BOOL): NTSTATUS; stdcall;
6961. begin
6962.   if InitNt and Assigned(_NtPrivilegeObjectAuditAlarm) then
6963.     Result := _NtPrivilegeObjectAuditAlarm(SubsystemName, HandleId, hToken,
6964.       DesiredAccess, pPrivilegeSet, AccessGranted)
6965.   else
6966.     Result := NtNotImplemented;
6967. end;
6968.  
6969. function NtProtectVirtualMemory(hProcess: THANDLE; BaseAddress: PPVOID;
6970.   RegionSize: PULONG; Protect: ULONG; OldProtect: PULONG): NTSTATUS; stdcall;
6971. begin
6972.   if InitNt and Assigned(_NtProtectVirtualMemory) then
6973.     Result := _NtProtectVirtualMemory(hProcess, BaseAddress, RegionSize,
6974.       Protect, OldProtect)
6975.   else
6976.     Result := NtNotImplemented;
6977. end;
6978.  
6979. function NtPulseEvent(hEvent: THANDLE;
6980.   PreviousState: PULONG): NTSTATUS; stdcall;
6981. begin
6982.   if InitNt and Assigned(_NtPulseEvent) then
6983.     Result := _NtPulseEvent(hEvent, PreviousState)
6984.   else
6985.     Result := NtNotImplemented;
6986. end;
6987.  
6988. function NtQueryAttributesFile(ObjectAttributes: POBJECT_ATTRIBUTES;
6989.   pFileBasicInfo: PFILE_BASIC_INFORMATION): NTSTATUS; stdcall;
6990. begin
6991.   if InitNt and Assigned(_NtQueryAttributesFile) then
6992.     Result := _NtQueryAttributesFile(ObjectAttributes, pFileBasicInfo)
6993.   else
6994.     Result := NtNotImplemented;
6995. end;
6996.  
6997. function NtQueryDefaultLocale(bSystemOrThreadLocale: BOOL;
6998.   DefaultLocale: PULONG): NTSTATUS; stdcall;
6999. begin
7000.   if InitNt and Assigned(_NtQueryDefaultLocale) then
7001.     Result := _NtQueryDefaultLocale(bSystemOrThreadLocale, DefaultLocale)
7002.   else
7003.     Result := NtNotImplemented;
7004. end;
7005.  
7006. function NtQueryDefaultUILanguage(
7007.   DefaultUILanguage: PUSHORT): NTSTATUS; stdcall;
7008. begin
7009.   if InitNt and Assigned(_NtQueryDefaultUILanguage) then
7010.     Result := _NtQueryDefaultUILanguage(DefaultUILanguage)
7011.   else
7012.     Result := NtNotImplemented;
7013. end;
7014.  
7015. function NtQueryDirectoryFile(FileHandle, Event: THandle;
7016.   ApcRoutine: Pointer; ApcContext: Pointer;
7017.   IoStatusBlock: PIoStatusBlock; FileInformation: Pointer;
7018.   FileInformationLength: ULONG; FileInformationClass: Integer;
7019.   ReturnSingleEntry: LongBool; FileName: PUNICODE_STRING;
7020.   RestartScan: LongBool): NTSTATUS; stdcall;
7021. begin
7022.   if InitNt and Assigned(_NtQueryDirectoryFile) then
7023.     Result := _NtQueryDirectoryFile(FileHandle, Event, ApcRoutine, ApcContext,
7024.       IoStatusBlock, FileInformation, FileInformationLength,
7025.       FileInformationClass, ReturnSingleEntry, FileName, RestartScan)
7026.   else
7027.     Result := NtNotImplemented;
7028. end;
7029.  
7030. function NtQueryDirectoryObject (DirectoryHandle: THandle;
7031.   Buffer: PVOID; BufferLength: ULONG; ReturnSingleEntry, RestartScan : Boolean;
7032.   Context: PDWORD; ReturnLength : PDWORD) : NTSTATUS; stdcall;
7033. begin
7034.   if InitNt and Assigned(_NtQueryDirectoryObject) then
7035.     Result := _NtQueryDirectoryObject(DirectoryHandle, Buffer, BufferLength,
7036.       ReturnSingleEntry, RestartScan, Context, ReturnLength)
7037.   else
7038.     Result := NtNotImplemented;
7039. end;
7040.  
7041. function NtQueryEaFile(hFile: THANDLE; IoStatusBlock: PIOSTATUSBLOCK;
7042.   QueryEaBuffer: PVOID; QueryEaBufferLength: ULONG; bReturnSingleEa: BOOL;
7043.   pListEa: PVOID; pListEaLength: ULONG; ListEaIndex: PULONG;
7044.   bRestartQuery: BOOL): NTSTATUS; stdcall;
7045. begin
7046.   if InitNt and Assigned(_NtQueryEaFile) then
7047.     Result := _NtQueryEaFile(hFile, IoStatusBlock, QueryEaBuffer,
7048.       QueryEaBufferLength, bReturnSingleEa, pListEa, pListEaLength, ListEaIndex,
7049.       bRestartQuery)
7050.   else
7051.     Result := NtNotImplemented;
7052. end;
7053.  
7054. function NtQueryEvent(hEvent: THANDLE; InfoClass: EVENT_INFO_CLASS;
7055.   EventInfoBuffer: PVOID; EventInfoBufferSize: ULONG;
7056.   BytesCopied: PULONG): NTSTATUS; stdcall;
7057. begin
7058.   if InitNt and Assigned(_NtQueryEvent) then
7059.     Result := _NtQueryEvent(hEvent, InfoClass, EventInfoBuffer,
7060.       EventInfoBufferSize, BytesCopied)
7061.   else
7062.     Result := NtNotImplemented;
7063. end;
7064.  
7065. function NtQueryFullAttributesFile(FileObjectAttributes: POBJECT_ATTRIBUTES;
7066.   FullFileAttributes: PFULL_FILE_ATTRIBUTES): NTSTATUS; stdcall;
7067. begin
7068.   if InitNt and Assigned(_NtQueryFullAttributesFile) then
7069.     Result := _NtQueryFullAttributesFile(FileObjectAttributes,
7070.       FullFileAttributes)
7071.   else
7072.     Result := NtNotImplemented;
7073. end;
7074.  
7075. function NtQueryInformationAtom(AnAtom: ATOM; AtomInfoClass: ATOM_INFO_CLASS;
7076.   AtomInfoBuffer: PVOID; AtomInfoBufferLength: ULONG;
7077.   BytesCopied: PULONG): NTSTATUS; stdcall;
7078. begin
7079.   if InitNt and Assigned(_NtQueryInformationAtom) then
7080.     Result := _NtQueryInformationAtom(AnAtom, AtomInfoClass, AtomInfoBuffer,
7081.       AtomInfoBufferLength, BytesCopied)
7082.   else
7083.     Result := NtNotImplemented;
7084. end;
7085.  
7086. function NtQueryInformationFile(FileHandle: THandle;
7087.   IoStatusBlock: PIoStatusBlock; FileInformation: PVOID; Length: ULONG;
7088.   FileInformationClass: Integer): NTSTATUS; stdcall;
7089. begin
7090.   if InitNt and Assigned(_NtQueryInformationFile) then
7091.     Result := _NtQueryInformationFile(FileHandle, IoStatusBlock,
7092.       FileInformation, Length, FileInformationClass)
7093.   else
7094.     Result := NtNotImplemented;
7095. end;
7096.  
7097. function NtQueryInformationJobObject(hJob: THANDLE;
7098.   JobObjectInfoClass: JOBOBJECTINFOCLASS; JobObjectInfoBuffer: PVOID;
7099.   JobObjectInfoBufferLength: ULONG; BytesReturned: PULONG): NTSTATUS; stdcall;
7100. begin
7101.   if InitNt and Assigned(_NtQueryInformationJobObject) then
7102.     Result := _NtQueryInformationJobObject(hJob, JobObjectInfoClass,
7103.       JobObjectInfoBuffer, JobObjectInfoBufferLength, BytesReturned)
7104.   else
7105.     Result := NtNotImplemented;
7106. end;
7107.  
7108. function NtQueryInformationPort(PortHandle: THANDLE; InfoClass: ULONG;
7109.   Buffer: PVOID; BufferSize: ULONG; BytesReturned: PULONG): NTSTATUS; stdcall;
7110. begin
7111.   if InitNt and Assigned(_NtQueryInformationPort) then
7112.     Result := _NtQueryInformationPort(PortHandle, InfoClass, Buffer, BufferSize,
7113.       BytesReturned)
7114.   else
7115.     Result := NtNotImplemented;
7116. end;
7117.  
7118. function NtQueryInformationProcess (hProcess : THandle;
7119.   ProcessInformationClass : LongInt; ProcessInformation : Pointer;
7120.   ProcessInformationLength : ULONG; ReturnLength : PDWORD) : NTSTATUS; stdcall;
7121. begin
7122.   if InitNt and Assigned(_NtQueryInformationProcess) then
7123.     Result := _NtQueryInformationProcess(hProcess, ProcessInformationClass,
7124.       ProcessInformation, ProcessInformationLength, ReturnLength)
7125.   else
7126.     Result := NtNotImplemented;
7127. end;
7128.  
7129. function NtQueryInformationReserve(ReserveHandle: THANDLE;
7130.   InformationClass: Integer; InformationBuffer: PVOID;
7131.   InformationBufferSize: ULONG; ReturnedLength: PULONG): NTSTATUS; stdcall;
7132. begin
7133.   if InitNt and Assigned(_NtQueryInformationReserve) then
7134.     Result := _NtQueryInformationReserve(ReserveHandle, InformationClass,
7135.       InformationBuffer, InformationBufferSize, ReturnedLength)
7136.   else
7137.     Result := NtNotImplemented;
7138. end;
7139.  
7140. function NtQueryInformationThread (hThread: THANDLE; ThreadInfoClass: Integer;
7141.   ThreadInfoBuffer: PVOID; ThreadInfoBufferLength: ULONG;
7142.   BytesReturned: PULONG): NTSTATUS; stdcall;
7143. begin
7144.   if InitNt and Assigned(_NtQueryInformationThread) then
7145.     Result := _NtQueryInformationThread(hThread, ThreadInfoClass,
7146.       ThreadInfoBuffer, ThreadInfoBufferLength, BytesReturned)
7147.   else
7148.     Result := NtNotImplemented;
7149. end;
7150.  
7151. function NtQueryInformationToken (hToken: THandle;
7152.   TokenInformationType: Integer; TokenInformationBuffer: Pointer;
7153.   TokenInformationBufferSize: ULONG; ReturnLength: PDWORD): NTSTATUS; stdcall;
7154. begin
7155.   if InitNt and Assigned(_NtQueryInformationToken) then
7156.     Result := _NtQueryInformationToken(hToken, TokenInformationType,
7157.       TokenInformationBuffer, TokenInformationBufferSize, ReturnLength)
7158.   else
7159.     Result := NtNotImplemented;
7160. end;
7161.  
7162. function NtQueryInstallUILanguage(
7163.   InstallUILanguage: PUSHORT): NTSTATUS; stdcall;
7164. begin
7165.   if InitNt and Assigned(_NtQueryInstallUILanguage) then
7166.     Result := _NtQueryInstallUILanguage(InstallUILanguage)
7167.   else
7168.     Result := NtNotImplemented;
7169. end;
7170.  
7171. function NtQueryKey (KeyHandle: THandle; KeyInformationClass: Integer;
7172.   KeyInformation: PVOID; Length: ULONG;
7173.   ResultLength: LPDWORD): NTSTATUS; stdcall;
7174. begin
7175.   if InitNt and Assigned(_NtQueryKey) then
7176.     Result := _NtQueryKey(KeyHandle, KeyInformationClass, KeyInformation,
7177.       Length, ResultLength)
7178.   else
7179.     Result := NtNotImplemented;
7180. end;
7181.  
7182. function NtQueryObject (ObjectHandle: THandle;
7183.   ObjectInformationClass: OBJECT_INFO_CLASS; ObjectInformation: Pointer;
7184.   ObjectInformationLength: ULONG; ReturnLength: PDWORD): NTSTATUS; stdcall;
7185. begin
7186.   if InitNt and Assigned(_NtQueryObject) then
7187.     Result := _NtQueryObject(ObjectHandle, ObjectInformationClass,
7188.       ObjectInformation, ObjectInformationLength, ReturnLength)
7189.   else
7190.     Result := NtNotImplemented;
7191. end;
7192.  
7193. function NtQueryPerformanceCounter(
7194.   pPerformanceCount, pFrequency: PLARGE_INTEGER): NTSTATUS; stdcall;
7195. begin
7196.   if InitNt and Assigned(_NtQueryPerformanceCounter) then
7197.     Result := _NtQueryPerformanceCounter(pPerformanceCount, pFrequency)
7198.   else
7199.     Result := NtNotImplemented;
7200. end;
7201.  
7202. function NtQuerySection(hSection: THANDLE;
7203.   SectionInfoClass: SECTION_INFORMATION_CLASS; Buffer: PVOID;
7204.   BufferSize: ULONG; BytesReturned: PULONG): NTSTATUS; stdcall;
7205. begin
7206.   if InitNt and Assigned(_NtQuerySection) then
7207.     Result := _NtQuerySection(hSection, SectionInfoClass, Buffer, BufferSize,
7208.       BytesReturned)
7209.   else
7210.     Result := NtNotImplemented;
7211. end;
7212.  
7213. function NtQuerySecurityObject(hObject: THANDLE;
7214.   SecurityInfoRequested: SECURITY_INFORMATION;
7215.   pSecurityDescriptor: PSECURITY_DESCRIPTOR; pSecurityDescriptorLength: ULONG;
7216.   BytesRequired: PULONG): NTSTATUS; stdcall;
7217. begin
7218.   if InitNt and Assigned(_NtQuerySecurityObject) then
7219.     Result := _NtQuerySecurityObject(hObject, SecurityInfoRequested,
7220.       pSecurityDescriptor, pSecurityDescriptorLength, BytesRequired)
7221.   else
7222.     Result := NtNotImplemented;
7223. end;
7224.  
7225. function NtQuerySymbolicLinkObject (SymbolicLinkHandle: THandle;
7226.   TargetName: PUNICODE_STRING; ReturnLength: PDWORD): NTSTATUS; stdcall;
7227. begin
7228.   if InitNt and Assigned(_NtQuerySymbolicLinkObject) then
7229.     Result := _NtQuerySymbolicLinkObject(SymbolicLinkHandle, TargetName,
7230.       ReturnLength)
7231.   else
7232.     Result := NtNotImplemented;
7233. end;
7234.  
7235. function NtQuerySystemInformation (SystemInformationClass: LongInt;
7236.   SystemInformation: Pointer; SystemInformationLength: ULONG;
7237.   ReturnLength: PDWORD): NTSTATUS; stdcall;
7238. begin
7239.   if InitNt and Assigned(_NtQuerySystemInformation) then
7240.     Result := _NtQuerySystemInformation(SystemInformationClass,
7241.       SystemInformation, SystemInformationLength, ReturnLength)
7242.   else
7243.     Result := NtNotImplemented;
7244. end;
7245.  
7246. function NtQuerySystemTime(pSystemTime: PLARGE_INTEGER): NTSTATUS; stdcall;
7247. begin
7248.   if InitNt and Assigned(_NtQuerySystemTime) then
7249.     Result := _NtQuerySystemTime(pSystemTime)
7250.   else
7251.     Result := NtNotImplemented;
7252. end;
7253.  
7254. function NtQueryValueKey (KeyHandle: THandle; ValueName: PUNICODE_STRING;
7255.   KeyValueInformationClass: KEY_VALUE_INFORMATION_CLASS;
7256.   KeyValueInformation: PVOID; KeyValueInformationLength: ULONG;
7257.   ResultLength: PULONG): NTSTATUS; stdcall;
7258. begin
7259.   if InitNt and Assigned(_NtQueryValueKey) then
7260.     Result := _NtQueryValueKey(KeyHandle, ValueName, KeyValueInformationClass,
7261.       KeyValueInformation, KeyValueInformationLength, ResultLength)
7262.   else
7263.     Result := NtNotImplemented;
7264. end;
7265.  
7266. function NtQueryVirtualMemory (hProcess : THandle; Address : PVOID;
7267.   MemoryInformationClass : Integer; MemoryInformationBuffer : PVOID;
7268.   MemoryInformationBufferLength : ULONG;
7269.   ReturnLength : PDWORD) : NTSTATUS; stdcall;
7270. begin
7271.   if InitNt and Assigned(_NtQueryVirtualMemory) then
7272.     Result := _NtQueryVirtualMemory(hProcess, Address, MemoryInformationClass,
7273.       MemoryInformationBuffer, MemoryInformationBufferLength, ReturnLength)
7274.   else
7275.     Result := NtNotImplemented;
7276. end;
7277.  
7278. function NtQueryVolumeInformationFile (Handle: THandle;
7279.   IoStatusBlock: PIoStatusBlock; VolumeInformation: Pointer;
7280.   VolumeInformationLength: ULONG;
7281.   VolumeInformationClass: LongInt): NTSTATUS; stdcall;
7282. begin
7283.   if InitNt and Assigned(_NtQueryVolumeInformationFile) then
7284.     Result := _NtQueryVolumeInformationFile(Handle, IoStatusBlock,
7285.       VolumeInformation, VolumeInformationLength, VolumeInformationClass)
7286.   else
7287.     Result := NtNotImplemented;
7288. end;
7289.  
7290. function NtQueueApcThread(hThread: THANDLE; ApcRoutine: Pointer;
7291.   NormalContext, SystemArgument1, SystemArgument2: PVOID): NTSTATUS; stdcall;
7292. begin
7293.   if InitNt and Assigned(_NtQueueApcThread) then
7294.     Result := _NtQueueApcThread(hThread, ApcRoutine, NormalContext,
7295.       SystemArgument1, SystemArgument2)
7296.   else
7297.     Result := NtNotImplemented;
7298. end;
7299.  
7300. function NtRaiseHardError(Status: NTSTATUS; NumberOfArguments,
7301.   StringArgumentMask : ULONG; Arguments: PULONG; ResponseOption: Integer;
7302.   Response: PLONG): NTSTATUS; stdcall;
7303. begin
7304.   if InitNt and Assigned(_NtRaiseHardError) then
7305.     Result := _NtRaiseHardError(Status, NumberOfArguments, StringArgumentMask,
7306.       Arguments, ResponseOption, Response)
7307.   else
7308.     Result := NtNotImplemented;
7309. end;
7310.  
7311. function NtReadFile (FileHandle: THandle; Event: THandle; ApcRoutine: Pointer;
7312.   ApcContext: Pointer; IoStatusBlock: PIoStatusBlock; Buffer: Pointer;
7313.   Length: ULONG; ByteOffset: PLARGE_INTEGER; Key: PDWORD): NTSTATUS; stdcall;
7314. begin
7315.   if InitNt and Assigned(_NtReadFile) then
7316.     Result := _NtReadFile(FileHandle, Event, ApcRoutine, ApcContext,
7317.       IoStatusBlock, Buffer, Length, ByteOffset, Key)
7318.   else
7319.     Result := NtNotImplemented;
7320. end;
7321.  
7322. function NtReadFileScatter(hFile, hEvent: THANDLE; IoApcRoutine: Pointer;
7323.   IoApcContext: PVOID; IoStatusBlock: PIOSTATUSBLOCK;
7324.   aSegmentArray: PFILE_SEGMENT_ELEMENT; nBytesToRead: ULONG;
7325.   FileOffset: PLARGE_INTEGER; LockOperationKey: PULONG): NTSTATUS; stdcall;
7326. begin
7327.   if InitNt and Assigned(_NtReadFileScatter) then
7328.     Result := _NtReadFileScatter(hFile, hEvent, IoApcRoutine, IoApcContext,
7329.       IoStatusBlock, aSegmentArray, nBytesToRead, FileOffset, LockOperationKey)
7330.   else
7331.     Result := NtNotImplemented;
7332. end;
7333.  
7334. function NtReadVirtualMemory (hProcess : THandle; BaseAddress, Buffer: PVOID;
7335.   BytesToRead: ULONG; BytesRead: PULONG): NTSTATUS; stdcall;
7336. begin
7337.   if InitNt and Assigned(_NtReadVirtualMemory) then
7338.     Result := _NtReadVirtualMemory(hProcess, BaseAddress, Buffer, BytesToRead,
7339.       BytesRead)
7340.   else
7341.     Result := NtNotImplemented;
7342. end;
7343.  
7344. function NtRegisterThreadTerminatePort(PortHandle: THANDLE): NTSTATUS; stdcall;
7345. begin
7346.   if InitNt and Assigned(_NtRegisterThreadTerminatePort) then
7347.     Result := _NtRegisterThreadTerminatePort(PortHandle)
7348.   else
7349.     Result := NtNotImplemented;
7350. end;
7351.  
7352. function NtReleaseMutant(hMutant: THANDLE;
7353.   bWasSignalled: PULONG): NTSTATUS; stdcall;
7354. begin
7355.   if InitNt and Assigned(_NtReleaseMutant) then
7356.     Result := _NtReleaseMutant(hMutant, bWasSignalled)
7357.   else
7358.     Result := NtNotImplemented;
7359. end;
7360.  
7361. function NtReleaseSemaphore(hSemaphore: THANDLE; ReleaseCount: ULONG;
7362.   PreviousCount: PULONG): NTSTATUS; stdcall;
7363. begin
7364.   if InitNt and Assigned(_NtReleaseSemaphore) then
7365.     Result := _NtReleaseSemaphore(hSemaphore, ReleaseCount, PreviousCount)
7366.   else
7367.     Result := NtNotImplemented;
7368. end;
7369.  
7370. function NtRelinquishBudget: NTSTATUS; stdcall;
7371. begin
7372.   if InitNt and Assigned(_NtRelinquishBudget) then
7373.     Result := _NtRelinquishBudget
7374.   else
7375.     Result := NtNotImplemented;
7376. end;
7377.  
7378. function NtRemoveIoCompletion(hIoCompletion: THANDLE;
7379.   lpCompletionKey, lpCompletionValue: PULONG; IoStatusBlock: PIOSTATUSBLOCK;
7380.   Timeout: PLARGE_INTEGER): NTSTATUS; stdcall;
7381. begin
7382.   if InitNt and Assigned(_NtRemoveIoCompletion) then
7383.     Result := _NtRemoveIoCompletion(hIoCompletion, lpCompletionKey,
7384.       lpCompletionValue, IoStatusBlock, Timeout)
7385.   else
7386.     Result := NtNotImplemented;
7387. end;
7388.  
7389. function NtRemoveProcessDebug(ProcessHandle: THANDLE;
7390.   DebugObject: PVOID): NTSTATUS; stdcall;
7391. begin
7392.   if InitNt and Assigned(_NtRemoveProcessDebug) then
7393.     Result := _NtRemoveProcessDebug(ProcessHandle, DebugObject)
7394.   else
7395.     Result := NtNotImplemented;
7396. end;
7397.  
7398. function NtReplaceKey(NewHiveFile: POBJECT_ATTRIBUTES; hKey: THANDLE;
7399.   BackupHiveFile: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
7400. begin
7401.   if InitNt and Assigned(_NtReplaceKey) then
7402.     Result := _NtReplaceKey(NewHiveFile, hKey, BackupHiveFile)
7403.   else
7404.     Result := NtNotImplemented;
7405. end;
7406.  
7407. function NtReplyPort (PortHandle: THANDLE;
7408.   LpcMessage: PLPCMESSAGE): NTSTATUS; stdcall;
7409. begin
7410.   if InitNt and Assigned(_NtReplyPort) then
7411.     Result := _NtReplyPort(PortHandle, LpcMessage)
7412.   else
7413.     Result := NtNotImplemented;
7414. end;
7415.  
7416. function NtReplyWaitReceivePort (PortHandle: THANDLE; PortIdentifier: PULONG;
7417.   LpcMessageOut, LpcMessageIn: PLPCMESSAGE): NTSTATUS; stdcall;
7418. begin
7419.   if InitNt and Assigned(_NtReplyWaitReceivePort) then
7420.     Result := _NtReplyWaitReceivePort(PortHandle, PortIdentifier, LpcMessageOut,
7421.       LpcMessageIn)
7422.   else
7423.     Result := NtNotImplemented;
7424. end;
7425.  
7426. function NtReplyWaitReplyPort(PortHandle: THANDLE;
7427.   LpcMessage: PLPCMESSAGE): NTSTATUS; stdcall;
7428. begin
7429.   if InitNt and Assigned(_NtReplyWaitReplyPort) then
7430.     Result := _NtReplyWaitReplyPort(PortHandle, LpcMessage)
7431.   else
7432.     Result := NtNotImplemented;
7433. end;
7434.  
7435. function NtRequestDeviceWakeup (hDevice: THANDLE): NTSTATUS; stdcall;
7436. begin
7437.   if InitNt and Assigned(_NtRequestDeviceWakeup) then
7438.     Result := _NtRequestDeviceWakeup(hDevice)
7439.   else
7440.     Result := NtNotImplemented;
7441. end;
7442.  
7443. function NtRequestPort(PortHandle: THANDLE;
7444.   LpcMessage: PLPCMESSAGE): NTSTATUS; stdcall;
7445. begin
7446.   if InitNt and Assigned(_NtRequestPort) then
7447.     Result := _NtRequestPort(PortHandle, LpcMessage)
7448.   else
7449.     Result := NtNotImplemented;
7450. end;
7451.  
7452. function NtRequestWaitReplyPort (PortHandle: THANDLE;
7453.   pLpcMessageIn, pLpcMessageOut: PLPCMESSAGE): NTSTATUS; stdcall;
7454. begin
7455.   if InitNt and Assigned(_NtRequestWaitReplyPort) then
7456.     Result := _NtRequestWaitReplyPort(PortHandle, pLpcMessageIn, pLpcMessageOut)
7457.   else
7458.     Result := NtNotImplemented;
7459. end;
7460.  
7461. function NtRequestWakeupLatency(Latency: LATENCY_TIME): NTSTATUS; stdcall;
7462. begin
7463.   if InitNt and Assigned(_NtRequestWakeupLatency) then
7464.     Result := _NtRequestWakeupLatency(Latency)
7465.   else
7466.     Result := NtNotImplemented;
7467. end;
7468.  
7469. function NtResetEvent (hEvent: THANDLE; OldState: PBOOLEAN): NTSTATUS; stdcall;
7470. begin
7471.   if InitNt and Assigned(_NtResetEvent) then
7472.     Result := _NtResetEvent(hEvent, OldState)
7473.   else
7474.     Result := NtNotImplemented;
7475. end;
7476.  
7477. function NtResetWriteWatch(ProcessHandle: THANDLE; BaseAddress: PVOID;
7478.   RegionSize: ULONG): NTSTATUS; stdcall;
7479. begin
7480.   if InitNt and Assigned(_NtResetWriteWatch) then
7481.     Result := _NtResetWriteWatch(ProcessHandle, BaseAddress, RegionSize)
7482.   else
7483.     Result := NtNotImplemented;
7484. end;
7485.  
7486. function NtRestoreKey(hKey, hFile: THANDLE; Flags: ULONG): NTSTATUS; stdcall;
7487. begin
7488.   if InitNt and Assigned(_NtRestoreKey) then
7489.     Result := _NtRestoreKey(hKey, hFile, Flags)
7490.   else
7491.     Result := NtNotImplemented;
7492. end;
7493.  
7494. function NtResumeThread (hThread: THANDLE;
7495.   pSuspendCount: PULONG): NTSTATUS; stdcall;
7496. begin
7497.   if InitNt and Assigned(_NtResumeThread) then
7498.     Result := _NtResumeThread(hThread, pSuspendCount)
7499.   else
7500.     Result := NtNotImplemented;
7501. end;
7502.  
7503. function NtRollbackTransaction(TransactionHandle: THANDLE;
7504.   AddInfo: ULONG): NTSTATUS; stdcall;
7505. begin
7506.   if InitNt and Assigned(_NtRollbackTransaction) then
7507.     Result := _NtRollbackTransaction(TransactionHandle, AddInfo)
7508.   else
7509.     Result := NtNotImplemented;
7510. end;
7511.  
7512. function NtSaveKey(hKey, hFile: THANDLE): NTSTATUS; stdcall;
7513. begin
7514.   if InitNt and Assigned(_NtSaveKey) then
7515.     Result := _NtSaveKey(hKey, hFile)
7516.   else
7517.     Result := NtNotImplemented;
7518. end;
7519.  
7520. function NtSecureConnectPort (PortHandle: PHANDLE; PortName: PUNICODE_STRING;
7521.   SecurityQos: PSECURITY_QUALITY_OF_SERVICE;
7522.   WriteSection: PPORT_SECTION_WRITE; ServerSid: PSID;
7523.   ReadSection: PPORT_SECTION_READ; MAxMessageSize: PULONG; ConnectData: PVOID;
7524.   ConnectDataLength: PULONG): NTSTATUS; stdcall;
7525. begin
7526.   if InitNt and Assigned(_NtSecureConnectPort) then
7527.     Result := _NtSecureConnectPort (PortHandle, PortName, SecurityQos,
7528.       WriteSection, ServerSid, ReadSection, MAxMessageSize, ConnectData,
7529.       ConnectDataLength)
7530.   else
7531.     Result := NtNotImplemented;
7532. end;
7533.  
7534. function NtSetContextThread(hThread: THANDLE;
7535.   pContext: PCONTEXT): NTSTATUS; stdcall;
7536. begin
7537.   if InitNt and Assigned(_NtSetContextThread) then
7538.     Result := _NtSetContextThread(hThread, pContext)
7539.   else
7540.     Result := NtNotImplemented;
7541. end;
7542.  
7543. function NtSetDefaultHardErrorPort (hPort: THandle): NTSTATUS; stdcall;
7544. begin
7545.   if InitNt and Assigned(_NtSetDefaultHardErrorPort) then
7546.     Result := _NtSetDefaultHardErrorPort(hPort)
7547.   else
7548.     Result := NtNotImplemented;
7549. end;
7550.  
7551. function NtSetEaFile(hFile: THANDLE; IoStatusBlock: PIOSTATUSBLOCK;
7552.   EaBuffer: PVOID; EaBufferLength: ULONG): NTSTATUS; stdcall;
7553. begin
7554.   if InitNt and Assigned(_NtSetEaFile) then
7555.     Result := _NtSetEaFile(hFile, IoStatusBlock, EaBuffer, EaBufferLength)
7556.   else
7557.     Result := NtNotImplemented;
7558. end;
7559.  
7560.  
7561. function NtSetEvent (EventHandle: THANDLE;
7562.   OldState: PBOOLEAN): NTSTATUS; stdcall;
7563. begin
7564.   if InitNt and Assigned(_NtSetEvent) then
7565.     Result := _NtSetEvent(EventHandle, OldState)
7566.   else
7567.     Result := NtNotImplemented;
7568. end;
7569.  
7570. function NtSetInformationDebugObject(DebugObjectHandle: THANDLE;
7571.   InformationClass: Integer; InformationBuffer: PVOID;
7572.   InformationBufferSize: ULONG; Unknown: PULONG): NTSTATUS; stdcall;
7573. begin
7574.   if InitNt and Assigned(_NtSetInformationDebugObject) then
7575.     Result := _NtSetInformationDebugObject(DebugObjectHandle, InformationClass,
7576.       InformationBuffer, InformationBufferSize, Unknown)
7577.   else
7578.     Result := NtNotImplemented;
7579. end;
7580.  
7581. function NtSetInformationFile (FileHandle: THandle;
7582.   IoStatusBlock: PIoStatusBlock; FileInformation: Pointer; Length: ULONG;
7583.   FileInformationClass: Integer): NTSTATUS; stdcall;
7584. begin
7585.   if InitNt and Assigned(_NtSetInformationFile) then
7586.     Result := _NtSetInformationFile(FileHandle, IoStatusBlock,
7587.       FileInformation, Length, FileInformationClass)
7588.   else
7589.     Result := NtNotImplemented;
7590. end;
7591.  
7592. function NtSetInformationJobObject(hJob: THANDLE;
7593.   JobObjectInfoClass: JOBOBJECTINFOCLASS; JobObjectInfoBuffer: PVOID;
7594.   JobObjectInfoBufferLength: ULONG): NTSTATUS; stdcall;
7595. begin
7596.   if InitNt and Assigned(_NtSetInformationJobObject) then
7597.     Result := _NtSetInformationJobObject(hJob, JobObjectInfoClass,
7598.       JobObjectInfoBuffer, JobObjectInfoBufferLength)
7599.   else
7600.     Result := NtNotImplemented;
7601. end;
7602.  
7603. function NtSetInformationObject(hObject: THANDLE;
7604.   ObjectInfoClass: OBJECT_INFO_CLASS; Buffer: PVOID;
7605.   BufferSize: ULONG): NTSTATUS; stdcall;
7606. begin
7607.   if InitNt and Assigned(_NtSetInformationObject) then
7608.     Result := _NtSetInformationObject(hObject, ObjectInfoClass, Buffer,
7609.       BufferSize)
7610.   else
7611.     Result := NtNotImplemented;
7612. end;
7613.  
7614. function NtSetInformationProcess (hProcess : THandle;
7615.   ProcessInformationClass : LongInt; ProcessInformation : Pointer;
7616.   ProcessInformationLength : ULONG) : NTSTATUS; stdcall;
7617. begin
7618.   if InitNt and Assigned(_NtSetInformationProcess) then
7619.     Result := _NtSetInformationProcess(hProcess, ProcessInformationClass,
7620.       ProcessInformation, ProcessInformationLength)
7621.   else
7622.     Result := NtNotImplemented;
7623. end;
7624.  
7625. function NtSetInformationReserve(ReserveHandle: THANDLE;
7626.   InformationClass: Integer; InformationBuffer: PVOID;
7627.   InformationBufferSize: ULONG): NTSTATUS; stdcall;
7628. begin
7629.   if InitNt and Assigned(_NtSetInformationReserve) then
7630.     Result := _NtSetInformationReserve(ReserveHandle, InformationClass,
7631.       InformationBuffer, InformationBufferSize)
7632.   else
7633.     Result := NtNotImplemented;
7634. end;
7635.  
7636. function NtSetInformationThread (hThread: THANDLE; ThreadInfoClass: Integer;
7637.   ThreadInfoBuffer: PVOID; ThreadInfoBufferLength: ULONG): NTSTATUS; stdcall;
7638. begin
7639.   if InitNt and Assigned(_NtSetInformationThread) then
7640.     Result := _NtSetInformationThread(hThread, ThreadInfoClass,
7641.       ThreadInfoBuffer, ThreadInfoBufferLength)
7642.   else
7643.     Result := NtNotImplemented;
7644. end;
7645.  
7646. function NtSetInformationToken(hToken: THANDLE;
7647.   TokenInfoClass: TOKEN_INFORMATION_CLASS; TokenInfoBuffer: PVOID;
7648.   TokenInfoBufferLength: ULONG): NTSTATUS; stdcall;
7649. begin
7650.   if InitNt and Assigned(_NtSetInformationToken) then
7651.     Result := _NtSetInformationToken(hToken, TokenInfoClass, TokenInfoBuffer,
7652.       TokenInfoBufferLength)
7653.   else
7654.     Result := NtNotImplemented;
7655. end;
7656.  
7657. function NtSetIoCompletion(IoCompletionPortHandle: THANDLE;
7658.   CompletionKey, CompletionValue: ULONG; CompletionStatus: NTSTATUS;
7659.   CompletionInformation: ULONG): NTSTATUS; stdcall;
7660. begin
7661.   if InitNt and Assigned(_NtSetIoCompletion) then
7662.     Result := _NtSetIoCompletion(IoCompletionPortHandle, CompletionKey,
7663.       CompletionValue, CompletionStatus, CompletionInformation)
7664.   else
7665.     Result := NtNotImplemented;
7666. end;
7667.  
7668. function NtSetSecurityObject(hObj: THANDLE; SI: SECURITY_INFORMATION;
7669.   pSD: PVOID): NTSTATUS; stdcall;
7670. begin
7671.   if InitNt and Assigned(_NtSetSecurityObject) then
7672.     Result := _NtSetSecurityObject(hObj, SI, pSD)
7673.   else
7674.     Result := NtNotImplemented;
7675. end;
7676.  
7677. function NtSetSystemInformation (SystemInformationClass: LongInt;
7678.   SystemInformation: Pointer;
7679.   SystemInformationLength: ULONG): Integer; stdcall;
7680. begin
7681.   if InitNt and Assigned(_NtSetSystemInformation) then
7682.     Result := _NtSetSystemInformation(SystemInformationClass,
7683.       SystemInformation, SystemInformationLength)
7684.   else
7685.     Result := NtNotImplemented;
7686. end;
7687.  
7688. function NtSetSystemTime(
7689.   pSystemTime, pOldsystemTime: PLARGE_INTEGER): NTSTATUS; stdcall;
7690. begin
7691.   if InitNt and Assigned(_NtSetSystemTime) then
7692.     Result := _NtSetSystemTime(pSystemTime, pOldsystemTime)
7693.   else
7694.     Result := NtNotImplemented;
7695. end;
7696.  
7697. function NtSetThreadExecutionState(ExecutionState: Integer;
7698.   PreviousExecutionState: PInteger): NTSTATUS; stdcall;
7699. begin
7700.   if InitNt and Assigned(_NtSetThreadExecutionState) then
7701.     Result := _NtSetThreadExecutionState(ExecutionState, PreviousExecutionState)
7702.   else
7703.     Result := NtNotImplemented;
7704. end;
7705.  
7706. function NtSetTimer(TimerHandle: THANDLE; DueTime: PLARGE_INTEGER;
7707.   TimerApcRoutine: Pointer; TimerContext: PVOID; WakeTimer: BOOL;
7708.   Period: LONG; PreviousState: PBOOLEAN): NTSTATUS; stdcall;
7709. begin
7710.   if InitNt and Assigned(_NtSetTimer) then
7711.     Result := _NtSetTimer(TimerHandle, DueTime, TimerApcRoutine, TimerContext, WakeTimer, Period, PreviousState)
7712.   else
7713.     Result := NtNotImplemented;
7714. end;
7715.  
7716. function NtSetValueKey (hKey: THANDLE; uValueName: PUNICODE_STRING;
7717.   TitleIndex, ValueType: ULONG; pValueData: PVOID;
7718.   pValueDataLength: ULONG): NTSTATUS; stdcall;
7719. begin
7720.   if InitNt and Assigned(_NtSetValueKey) then
7721.     Result := _NtSetValueKey(hKey, uValueName, TitleIndex, ValueType,
7722.       pValueData, pValueDataLength)
7723.   else
7724.     Result := NtNotImplemented;
7725. end;
7726.  
7727. function NtSetVolumeInformationFile(hFile: THANDLE;
7728.   IoStatusBlock: PIOSTATUSBLOCK; VolumeInformationBuffer: PVOID;
7729.   VolumeInformationBufferLength: ULONG;
7730.   FileSystemInformationClass: FS_INFORMATION_CLASS): NTSTATUS; stdcall;
7731. begin
7732.   if InitNt and Assigned(_NtSetVolumeInformationFile) then
7733.     Result := _NtSetVolumeInformationFile(hFile, IoStatusBlock,
7734.       VolumeInformationBuffer, VolumeInformationBufferLength,
7735.       FileSystemInformationClass)
7736.   else
7737.     Result := NtNotImplemented;
7738. end;
7739.  
7740. function NtSignalAndWaitForSingleObject(hSignalObject, hWaitObject: THANDLE;
7741.   bAlertable: BOOL; Timeout: PLARGE_INTEGER): NTSTATUS; stdcall;
7742. begin
7743.   if InitNt and Assigned(_NtSignalAndWaitForSingleObject) then
7744.     Result := _NtSignalAndWaitForSingleObject(hSignalObject, hWaitObject,
7745.       bAlertable, Timeout)
7746.   else
7747.     Result := NtNotImplemented;
7748. end;
7749.  
7750. function NtSuspendThread(hThread: THANDLE;
7751.   pSuspendCount: PULONG): NTSTATUS; stdcall;
7752. begin
7753.   if InitNt and Assigned(_NtSuspendThread) then
7754.     Result := _NtSuspendThread(hThread, pSuspendCount)
7755.   else
7756.     Result := NtNotImplemented;
7757. end;
7758.  
7759. function NtTerminateJobObject(hJob: THANDLE;
7760.   ExitCode: NTSTATUS): NTSTATUS; stdcall;
7761. begin
7762.   if InitNt and Assigned(_NtTerminateJobObject) then
7763.     Result := _NtTerminateJobObject(hJob, ExitCode)
7764.   else
7765.     Result := NtNotImplemented;
7766. end;
7767.  
7768. function NtTerminateProcess (hProcess: THandle;
7769.   ExitCode: DWORD): NTSTATUS; stdcall;
7770. begin
7771.   if InitNt and Assigned(_NtTerminateProcess) then
7772.     Result := _NtTerminateProcess(hProcess, ExitCode)
7773.   else
7774.     Result := NtNotImplemented;
7775. end;
7776.  
7777. function NtTerminateThread (hThread: THandle;
7778.   ExitCode: DWORD): NTSTATUS; stdcall;
7779. begin
7780.   if InitNt and Assigned(_NtTerminateThread) then
7781.     Result := _NtTerminateThread(hThread, ExitCode)
7782.   else
7783.     Result := NtNotImplemented;
7784. end;
7785.  
7786. function NtTestAlert: NTSTATUS; stdcall;
7787. begin
7788.   if InitNt and Assigned(_NtTestAlert) then
7789.     Result := _NtTestAlert
7790.   else
7791.     Result := NtNotImplemented;
7792. end;
7793.  
7794. function NtUnloadDriver(
7795.   DriverRegistryEntry: PUNICODE_STRING): NTSTATUS; stdcall;
7796. begin
7797.   if InitNt and Assigned(_NtUnloadDriver) then
7798.     Result := _NtUnloadDriver(DriverRegistryEntry)
7799.   else
7800.     Result := NtNotImplemented;
7801. end;
7802.  
7803. function NtUnloadKey(KeyNameAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
7804. begin
7805.   if InitNt and Assigned(_NtUnloadKey) then
7806.     Result := _NtUnloadKey(KeyNameAttributes)
7807.   else
7808.     Result := NtNotImplemented;
7809. end;
7810.  
7811. function NtUnlockFile(hFile: THANDLE; IoStatusBlock: PIOSTATUSBLOCK;
7812.   FileOffset, Length: PLARGE_INTEGER;
7813.   LockOperationKey: PULONG): NTSTATUS; stdcall;
7814. begin
7815.   if InitNt and Assigned(_NtUnlockFile) then
7816.     Result := _NtUnlockFile(hFile, IoStatusBlock, FileOffset, Length, LockOperationKey)
7817.   else
7818.     Result := NtNotImplemented;
7819. end;
7820.  
7821. function NtUnlockVirtualMemory(hProcess: THANDLE; BaseAddress: PPVOID;
7822.   RegionSize: PULONG; UnlockTypeRequested: ULONG): NTSTATUS; stdcall;
7823. begin
7824.   if InitNt and Assigned(_NtUnlockVirtualMemory) then
7825.     Result := _NtUnlockVirtualMemory(hProcess, BaseAddress, RegionSize,
7826.       UnlockTypeRequested)
7827.   else
7828.     Result := NtNotImplemented;
7829. end;
7830.  
7831. function NtUnmapViewOfSection (hProcess: THandle;
7832.   BaseAddress: Pointer): NTSTATUS; stdcall;
7833. begin
7834.   if InitNt and Assigned(_NtUnmapViewOfSection) then
7835.     Result := _NtUnmapViewOfSection(hProcess, BaseAddress)
7836.   else
7837.     Result := NtNotImplemented;
7838. end;
7839.  
7840. function NtVdmControl(ControlCode: ULONG;
7841.   ControlData: PVOID): NTSTATUS; stdcall;
7842. begin
7843.   if InitNt and Assigned(_NtVdmControl) then
7844.     Result := _NtVdmControl(ControlCode, ControlData)
7845.   else
7846.     Result := NtNotImplemented;
7847. end;
7848.  
7849. function NtWaitForMultipleObjects(NumberOfHandles: ULONG;
7850.   ArrayOfHandles: PHANDLE; WaitType: Integer; Alertable: BOOL;
7851.   Timeout: ULONG): NTSTATUS; stdcall;
7852. begin
7853.   if InitNt and Assigned(_NtWaitForMultipleObjects) then
7854.     Result := _NtWaitForMultipleObjects(NumberOfHandles, ArrayOfHandles,
7855.       WaitType, Alertable, Timeout)
7856.   else
7857.     Result := NtNotImplemented;
7858. end;
7859.  
7860. function NtWaitForSingleObject (Handle: THandle;
7861.   Alertable: LongBool; Timeout: PLARGE_INTEGER): NTSTATUS; stdcall;
7862. begin
7863.   if InitNt and Assigned(_NtWaitForSingleObject) then
7864.     Result := _NtWaitForSingleObject(Handle, Alertable, Timeout)
7865.   else
7866.     Result := NtNotImplemented;
7867. end;
7868.  
7869. function NtWriteFile (FileHandle: THandle; Event: THandle;
7870.   ApcRoutine: Pointer; ApcContext:Pointer; IoStatusBlock: PIoStatusBlock;
7871.   Buffer: Pointer; Length: ULONG; ByteOffset: PLARGE_INTEGER;
7872.   Key: PDWORD): NTSTATUS; stdcall;
7873. begin
7874.   if InitNt and Assigned(_NtWriteFile) then
7875.     Result := _NtWriteFile(FileHandle, Event, ApcRoutine, ApcContext,
7876.       IoStatusBlock, Buffer, Length, ByteOffset, Key)
7877.   else
7878.     Result := NtNotImplemented;
7879. end;
7880.  
7881. function NtWriteFileGather(hFile, hEvent: THANDLE; IoApcRoutine: Pointer;
7882.   IoApcContext: PVOID; IoStatusBlock: PIOSTATUSBLOCK;
7883.   aSegmentArray: PFILE_SEGMENT_ELEMENT; nBytesToWrite: ULONG;
7884.   FileOffset: PLARGE_INTEGER; LockOperationKey: PULONG): NTSTATUS; stdcall;
7885. begin
7886.   if InitNt and Assigned(_NtWriteFileGather) then
7887.     Result := _NtWriteFileGather(hFile, hEvent, IoApcRoutine, IoApcContext,
7888.       IoStatusBlock, aSegmentArray, nBytesToWrite, FileOffset, LockOperationKey)
7889.   else
7890.     Result := NtNotImplemented;
7891. end;
7892.  
7893. function NtWriteVirtualMemory(hProcess: THANDLE; BaseAddress: PVOID;
7894.   Buffer: PVOID; BytesToWrite: ULONG; BytesWritten: PULONG): NTSTATUS; stdcall;
7895. begin
7896.   if InitNt and Assigned(_NtWriteVirtualMemory) then
7897.     Result := _NtWriteVirtualMemory(hProcess, BaseAddress, Buffer, BytesToWrite,
7898.       BytesWritten)
7899.   else
7900.     Result := NtNotImplemented;
7901. end;
7902.  
7903. function NtYieldExecution: NTSTATUS; stdcall;
7904. begin
7905.   if InitNt and Assigned(_NtYieldExecution) then
7906.     Result := _NtYieldExecution
7907.   else
7908.     Result := NtNotImplemented;
7909. end;
7910.  
7911. procedure RtlAcquirePebLock; stdcall;
7912. begin
7913.   if InitNt and Assigned(_RtlAcquirePebLock) then
7914.     _RtlAcquirePebLock
7915.   else
7916.     NtNotImplemented;
7917. end;
7918.  
7919. function RtlActivateActivationContext(dwFlags: DWORD; hActCtx: THANDLE;
7920.   lpCookie: PPDWORD): NTSTATUS; stdcall;
7921. begin
7922.   if InitNt and Assigned(_RtlActivateActivationContext) then
7923.     Result := _RtlActivateActivationContext(dwFlags, hActCtx, lpCookie)
7924.   else
7925.     Result := NtNotImplemented;
7926. end;
7927.  
7928. function RtlActivateActivationContextEx(dwFlags: DWORD; Teb: PVOID;
7929.   hActCtx: THANDLE; lpCookie: PPDWORD): NTSTATUS; stdcall;
7930. begin
7931.   if InitNt and Assigned(_RtlActivateActivationContextEx) then
7932.     Result := _RtlActivateActivationContextEx(dwFlags, Teb, hActCtx, lpCookie)
7933.   else
7934.     Result := NtNotImplemented;
7935. end;
7936.  
7937. function RtlAddAccessAllowedAce(pAcl: PACL; dwAceRevision: ULONG;
7938.   AccessMask: ULONG; pSid: PSID): NTSTATUS; stdcall;
7939. begin
7940.   if InitNt and Assigned(_RtlAddAccessAllowedAce) then
7941.     Result := _RtlAddAccessAllowedAce(pAcl, dwAceRevision, AccessMask, pSid)
7942.   else
7943.     Result := NtNotImplemented;
7944. end;
7945.  
7946. procedure RtlAddRefActivationContext(hActCtx: THANDLE); stdcall;
7947. begin
7948.   if InitNt and Assigned(_RtlAddRefActivationContext) then
7949.     _RtlAddRefActivationContext(hActCtx)
7950.   else
7951.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
7952. end;
7953.  
7954. function RtlAdjustPrivilege(Privilege: ULONG; Enable, CurrentThread: BOOL;
7955.   Enabled: PBOOLEAN): NTSTATUS; stdcall;
7956. begin
7957.   if InitNt and Assigned(_RtlAdjustPrivilege) then
7958.     Result := _RtlAdjustPrivilege(Privilege, Enable, CurrentThread, Enabled)
7959.   else
7960.     Result := NtNotImplemented;
7961. end;
7962.  
7963. function RtlAllocateAndInitializeSid(
7964.   pIdentifierAuthority: PSID_IDENTIFIER_AUTHORITY;
7965.   nSubAuthorityCount: Integer; dwSubAuthority0, dwSubAuthority1,
7966.   dwSubAuthority2, dwSubAuthority3, dwSubAuthority4, dwSubAuthority5,
7967.   dwSubAuthority6, dwSubAuthority7: DWORD; pSid: PPSID): NTSTATUS; stdcall;
7968. begin
7969.   if InitNt and Assigned(_RtlAllocateAndInitializeSid) then
7970.     Result := _RtlAllocateAndInitializeSid(pIdentifierAuthority,
7971.       nSubAuthorityCount, dwSubAuthority0, dwSubAuthority1, dwSubAuthority2,
7972.       dwSubAuthority3, dwSubAuthority4, dwSubAuthority5, dwSubAuthority6,
7973.       dwSubAuthority7, pSid)
7974.   else
7975.     Result := NtNotImplemented;
7976. end;
7977.  
7978. function RtlAllocateHandle(HandleTable: PRTL_HANDLE_TABLE;
7979.   HandleIndex: PULONG): PRTL_HANDLE_TABLE_ENTRY; stdcall;
7980. begin
7981.   if InitNt and Assigned(_RtlAllocateHandle) then
7982.     Result := _RtlAllocateHandle(HandleTable, HandleIndex)
7983.   else
7984.     Result := NtNotImplementedPointer;
7985. end;
7986.  
7987. function RtlAllocateHeap (Heap: THandle; AllocationFlags: DWORD;
7988.   Size: DWORD): Pointer; stdcall;
7989. begin
7990.   if InitNt and Assigned(_RtlAllocateHeap) then
7991.     Result := _RtlAllocateHeap(Heap, AllocationFlags, Size)
7992.   else
7993.     Result := NtNotImplementedPointer;
7994. end;
7995.  
7996. function RtlAnsiCharToUnicodeChar(SourceCharacter: PPBYTE): WCHAR; stdcall;
7997. begin
7998.   if InitNt and Assigned(_RtlAnsiCharToUnicodeChar) then
7999.     Result := _RtlAnsiCharToUnicodeChar(SourceCharacter)
8000.   else
8001.     Result := WideChar(0);
8002. end;
8003.  
8004. function RtlAnsiStringToUnicodeSize(AAnsiString: PANSI_STRING): ULONG; stdcall;
8005. begin
8006.   if InitNt and Assigned(_RtlAnsiStringToUnicodeSize) then
8007.     Result := _RtlAnsiStringToUnicodeSize(AAnsiString)
8008.   else begin
8009.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
8010.     Result := ULONG(-1);
8011.   end;
8012. end;
8013.  
8014. function RtlAnsiStringToUnicodeString (DestinationString: PUNICODE_STRING;
8015.   SourceString: PANSI_STRING;
8016.   AllocateDestinationString: BOOL): NTSTATUS; stdcall;
8017. begin
8018.   if InitNt and Assigned(_RtlAnsiStringToUnicodeString) then
8019.     Result := _RtlAnsiStringToUnicodeString(DestinationString, SourceString,
8020.       AllocateDestinationString)
8021.   else
8022.     Result := NtNotImplemented;
8023. end;
8024.  
8025. function RtlAppendUnicodeStringToString(
8026.   Destination, Source: PUNICODE_STRING): NTSTATUS; stdcall;
8027. begin
8028.   if InitNt and Assigned(_RtlAppendUnicodeStringToString) then
8029.     Result := _RtlAppendUnicodeStringToString(Destination, Source)
8030.   else
8031.     Result := NtNotImplemented;
8032. end;
8033.  
8034. function RtlAppendUnicodeToString (us: PUNICODE_STRING;
8035.   sAppend: LPCWSTR): NTSTATUS; stdcall;
8036. begin
8037.   if InitNt and Assigned(_RtlAppendUnicodeToString) then
8038.     Result := _RtlAppendUnicodeToString(us, sAppend)
8039.   else
8040.     Result := NtNotImplemented;
8041. end;
8042.  
8043. procedure RtlApplicationVerifierStop(Code: ULONG; Message: LPSTR;
8044.   Param1: ULONG; Description1: LPSTR; Param2: ULONG; Description2: LPSTR;
8045.   Param3: ULONG; Description3: LPSTR; Param4: ULONG;
8046.   Description4: LPSTR); stdcall;
8047. begin
8048.   if InitNt and Assigned(_RtlApplicationVerifierStop) then
8049.     _RtlApplicationVerifierStop(Code, Message, Param1, Description1,
8050.       Param2, Description2, Param3, Description3, Param4, Description4)
8051.   else
8052.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
8053. end;
8054.  
8055. function RtlAreBitsSet(BitMapHeader: PRTL_BITMAP;
8056.   StartingIndex, Length: ULONG): BOOL; stdcall;
8057. begin
8058.   if InitNt and Assigned(_RtlAreBitsSet) then
8059.     Result := _RtlAreBitsSet(BitMapHeader, StartingIndex, Length)
8060.   else
8061.     Result := NtNotImplementedBoolean;
8062. end;
8063.  
8064. function RtlCharToInteger(AString: LPSTR; Base: ULONG;
8065.   Value: PULONG): NTSTATUS; stdcall;
8066. begin
8067.   if InitNt and Assigned(_RtlCharToInteger) then
8068.     Result := _RtlCharToInteger(AString, Base, Value)
8069.   else
8070.     Result := NtNotImplemented;
8071. end;
8072.  
8073. function RtlCheckRegistryKey(RelativeTo: ULONG;
8074.   Path: LPWSTR): NTSTATUS; stdcall;
8075. begin
8076.   if InitNt and Assigned(_RtlCheckRegistryKey) then
8077.     Result := _RtlCheckRegistryKey(RelativeTo, Path)
8078.   else
8079.     Result := NtNotImplemented;
8080. end;
8081.  
8082. procedure RtlClearBits(BitMapHeader: PRTL_BITMAP;
8083.   StartingIndex, NumberToClear: ULONG); stdcall;
8084. begin
8085.   if InitNt and Assigned(_RtlClearBits) then
8086.     _RtlClearBits(BitMapHeader, StartingIndex, NumberToClear)
8087.   else
8088.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
8089. end;
8090.  
8091. function RtlCompactHeap(HeapHandle: PVOID; Flags: ULONG): SIZE_T; stdcall;
8092. begin
8093.   if InitNt and Assigned(_RtlCompactHeap) then
8094.     Result := _RtlCompactHeap(HeapHandle, Flags)
8095.   else begin
8096.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
8097.     Result := 0;
8098.   end;
8099. end;
8100.  
8101. function RtlCompareMemory(Source1, Source2: PVOID;
8102.   Length: SIZE_T): SIZE_T; stdcall;
8103. begin
8104.   if InitNt and Assigned(_RtlCompareMemory) then
8105.     Result := _RtlCompareMemory(Source1, Source2, Length)
8106.   else begin
8107.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
8108.     Result := 0;
8109.   end;
8110. end;
8111.  
8112. function RtlCompareString(String1, String2: PSTRING;
8113.   CaseInSensitive: BOOL): LONG; stdcall;
8114. begin
8115.   if InitNt and Assigned(_RtlCompareString) then
8116.     Result := _RtlCompareString(String1, String2, CaseInSensitive)
8117.   else begin
8118.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
8119.     Result := -1;
8120.   end;
8121. end;
8122.  
8123. function RtlCompareUnicodeString(String1, String2: PUNICODE_STRING;
8124.   CaseInSensitive: BOOL): LONG; stdcall;
8125. begin
8126.   if InitNt and Assigned(_RtlCompareUnicodeString) then
8127.     Result := _RtlCompareUnicodeString(String1, String2, CaseInSensitive)
8128.   else begin
8129.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
8130.     Result := -1;
8131.   end;
8132. end;
8133.  
8134. function RtlConvertSidToUnicodeString(UnicodeString: PUNICODE_STRING;
8135.   Sid: PSID; AllocateDestinationString: BOOL): NTSTATUS; stdcall;
8136. begin
8137.   if InitNt and Assigned(_RtlConvertSidToUnicodeString) then
8138.     Result := _RtlConvertSidToUnicodeString(UnicodeString, Sid,
8139.       AllocateDestinationString)
8140.   else
8141.     Result := NtNotImplemented;
8142. end;
8143.  
8144. procedure RtlCopyLuid (DestLuid, SrcLuid: PLUID); stdcall;
8145. begin
8146.   if InitNt and Assigned(_RtlCopyLuid) then
8147.     _RtlCopyLuid(DestLuid, SrcLuid)
8148.   else
8149.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
8150. end;
8151.  
8152. procedure RtlCopyString(
8153.   DestinationString, SourceString: PSTRING); stdcall;
8154. begin
8155.   if InitNt and Assigned(_RtlCopyString) then
8156.     _RtlCopyString(DestinationString, SourceString)
8157.   else
8158.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
8159. end;
8160.  
8161. procedure RtlCopyUnicodeString(
8162.   DestinationString, SourceString: PUNICODE_STRING); stdcall;
8163. begin
8164.   if InitNt and Assigned(_RtlCopyUnicodeString) then
8165.     _RtlCopyUnicodeString(DestinationString, SourceString)
8166.   else
8167.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
8168. end;
8169.  
8170. function RtlCreateAcl(Acl: PACL; nAclLength: ULONG;
8171.   dwAclRevision: ULONG): NTSTATUS; stdcall;
8172. begin
8173.   if InitNt and Assigned(_RtlCreateAcl) then
8174.     Result := _RtlCreateAcl(Acl, nAclLength, dwAclRevision)
8175.   else
8176.     Result := NtNotImplemented;
8177. end;
8178.  
8179. function RtlCreateAtomTable(InitSize: DWORD;
8180.   pAtomTableHandle: PHANDLE): NTSTATUS; stdcall;
8181. begin
8182.   if InitNt and Assigned(_RtlCreateAtomTable) then
8183.     Result := _RtlCreateAtomTable(InitSize, pAtomTableHandle)
8184.   else
8185.     Result := NtNotImplemented;
8186. end;
8187.  
8188. function RtlCreateEnvironment(CopyCurrent: BOOL;
8189.   EnvironmentBlock: PPVOID): NTSTATUS; stdcall;
8190. begin
8191.   if InitNt and Assigned(_RtlCreateEnvironment) then
8192.     Result := _RtlCreateEnvironment(CopyCurrent, EnvironmentBlock)
8193.   else
8194.     Result := NtNotImplemented;
8195. end;
8196.  
8197. function RtlCreateHeap(AllocationFlags: ULONG; BaseAddress: PVOID;
8198.   MaximumSize, InitialSize: ULONG; UnknownAddress: PVOID;
8199.   HeapInfo: PHEAP_INFO): THANDLE; stdcall;
8200. begin
8201.   if InitNt and Assigned(_RtlCreateHeap) then
8202.     Result := _RtlCreateHeap(AllocationFlags, BaseAddress, MaximumSize,
8203.       InitialSize, UnknownAddress, HeapInfo)
8204.   else begin
8205.     Result := 0;
8206.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
8207.   end;
8208. end;
8209.  
8210. function RtlCreateProcessParameters(ProcessParameters: PPPROCESS_PARAMETERS;
8211.   ImagePathName, DllPath, CurrentDirectory, CommandLine: PUNICODE_STRING;
8212.   EnvironmentBlock: PVOID; WindowTitle, DesktopInfo,
8213.   ShellInfo, RuntimeData: PUNICODE_STRING): NTSTATUS; stdcall;
8214. begin
8215.   if InitNt and Assigned(_RtlCreateProcessParameters) then
8216.     Result := _RtlCreateProcessParameters(ProcessParameters, ImagePathName,
8217.       DllPath, CurrentDirectory, CommandLine, EnvironmentBlock, WindowTitle,
8218.       DesktopInfo, ShellInfo, RuntimeData)
8219.   else
8220.     Result := NtNotImplemented;
8221. end;
8222.  
8223. function RtlCreateQueryDebugBuffer(MaximumCommit: ULONG;
8224.   UseEventPair: BOOL): PRTL_DEBUG_INFORMATION; stdcall;
8225. begin
8226.   if InitNt and Assigned(_RtlCreateQueryDebugBuffer) then
8227.     Result := _RtlCreateQueryDebugBuffer(MaximumCommit, UseEventPair)
8228.   else begin
8229.     Result := nil;
8230.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
8231.   end;
8232. end;
8233.  
8234. function RtlCreateSecurityDescriptor(
8235.   SecurityDescriptor: PSECURITY_DESCRIPTOR; Revision: ULONG): NTSTATUS; stdcall;
8236. begin
8237.   if InitNt and Assigned(_RtlCreateSecurityDescriptor) then
8238.     Result := _RtlCreateSecurityDescriptor(SecurityDescriptor, Revision)
8239.   else
8240.     Result := NtNotImplemented;
8241. end;
8242.  
8243. function RtlCreateTagHeap (Heap: THandle; Flags: ULONG;
8244.   TagPrefix, TagNames: LPWSTR): DWORD; stdcall;
8245. begin
8246.   if InitNt and Assigned(_RtlCreateTagHeap) then
8247.     Result := _RtlCreateTagHeap (Heap, Flags, TagPrefix, TagNames)
8248.   else begin
8249.     Result := 0;
8250.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
8251.   end;
8252. end;
8253.  
8254. function RtlCreateTimer(TimerQueueHandle: THANDLE; Handle: PHANDLE;
8255.   AFunction: Pointer; Context: PVOID;
8256.   DueTime, Period, Flags: ULONG): NTSTATUS; stdcall;
8257. begin
8258.   if InitNt and Assigned(_RtlCreateTimer) then
8259.     Result := _RtlCreateTimer(TimerQueueHandle, Handle, AFunction, Context,
8260.       DueTime, Period, Flags)
8261.   else
8262.     Result := NtNotImplemented;
8263. end;
8264.  
8265. function RtlCreateTimerQueue(TimerQueueHandle: PHANDLE): NTSTATUS; stdcall;
8266. begin
8267.   if InitNt and Assigned(_RtlCreateTimerQueue) then
8268.     Result := _RtlCreateTimerQueue(TimerQueueHandle)
8269.   else
8270.     Result := NtNotImplemented;
8271. end;
8272.  
8273. function RtlCreateUnicodeString (us: PUNICODE_STRING;
8274.   s: PWideChar): Boolean; stdcall;
8275. begin
8276.   if InitNt and Assigned(_RtlCreateUnicodeString) then
8277.     Result := _RtlCreateUnicodeString(us, s)
8278.   else
8279.     Result := NtNotImplementedBoolean;
8280. end;
8281.  
8282. function RtlCreateUnicodeStringFromAsciiz (us: PUNICODE_STRING;
8283.   s: PAnsiChar): Boolean; stdcall;
8284. begin
8285.   if InitNt and Assigned(_RtlCreateUnicodeStringFromAsciiz) then
8286.     Result := _RtlCreateUnicodeStringFromAsciiz(us, s)
8287.   else
8288.     Result := NtNotImplementedBoolean;
8289. end;
8290.  
8291. function RtlCustomCPToUnicodeN(CustomCP: PCPTABLEINFO; UnicodeString: LPWSTR;
8292.   MaxBytesInUnicodeString: ULONG; BytesInUnicodeString: PULONG;
8293.   CustomCPString: LPSTR; BytesInCustomCPString: ULONG): NTSTATUS; stdcall;
8294. begin
8295.   if InitNt and Assigned(_RtlCustomCPToUnicodeN) then
8296.     Result := _RtlCustomCPToUnicodeN(CustomCP, UnicodeString,
8297.       MaxBytesInUnicodeString, BytesInUnicodeString, CustomCPString,
8298.       BytesInCustomCPString)
8299.   else
8300.     Result := NtNotImplemented;
8301. end;
8302.  
8303. function RtlCutoverTimeToSystemTime(CutoverTime: PTIME_FIELDS;
8304.   SystemTime: PLARGE_INTEGER; CurrentSystemTime: PLARGE_INTEGER;
8305.   ThisYear: BOOL): BOOL; stdcall;
8306. begin
8307.   if InitNt and Assigned(_RtlCutoverTimeToSystemTime) then
8308.     Result := _RtlCutoverTimeToSystemTime(CutoverTime, SystemTime,
8309.       CurrentSystemTime, ThisYear)
8310.   else begin
8311.     Result := false;
8312.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
8313.   end;
8314. end;
8315.  
8316. function RtlDefaultNpAcl(pAcl: PPACL): NTSTATUS; stdcall;
8317. begin
8318.   if InitNt and Assigned(_RtlDefaultNpAcl) then
8319.     Result := _RtlDefaultNpAcl(pAcl)
8320.   else
8321.     Result := NtNotImplemented;
8322. end;
8323.  
8324. function RtlDeleteAtomFromAtomTable(AtomTable: THANDLE;
8325.   AnAtom: ATOM): NTSTATUS; stdcall;
8326. begin
8327.   if InitNt and Assigned(_RtlDeleteAtomFromAtomTable) then
8328.     Result := _RtlDeleteAtomFromAtomTable(AtomTable, AnAtom)
8329.   else
8330.     Result := NtNotImplemented;
8331. end;
8332.  
8333. function RtlDeleteCriticalSection(
8334.   var Section: TRTLCriticalSection): NTSTATUS; stdcall;
8335. begin
8336.   if InitNt and Assigned(_RtlDeleteCriticalSection) then
8337.     Result := _RtlDeleteCriticalSection(Section)
8338.   else
8339.     Result := NtNotImplemented;
8340. end;
8341.  
8342. function RtlDeleteTimer(
8343.   TimerQueueHandle, TimerToCancel, Event: THANDLE): NTSTATUS; stdcall;
8344. begin
8345.   if InitNt and Assigned(_RtlDeleteTimer) then
8346.     Result := _RtlDeleteTimer(TimerQueueHandle, TimerToCancel, Event)
8347.   else
8348.     Result := NtNotImplemented;
8349. end;
8350.  
8351. function RtlDeleteTimerQueue(QueueHandle: THANDLE): NTSTATUS; stdcall;
8352. begin
8353.   if InitNt and Assigned(_RtlDeleteTimerQueue) then
8354.     Result := _RtlDeleteTimerQueue(QueueHandle)
8355.   else
8356.     Result := NtNotImplemented;
8357. end;
8358.  
8359. function RtlDeleteTimerQueueEx(QueueHandle, Event: THANDLE): NTSTATUS; stdcall;
8360. begin
8361.   if InitNt and Assigned(_RtlDeleteTimerQueueEx) then
8362.     Result := _RtlDeleteTimerQueueEx(QueueHandle, Event)
8363.   else
8364.     Result := NtNotImplemented;
8365. end;
8366.  
8367. function RtlDeregisterWait(WaitHandle: THANDLE): NTSTATUS; stdcall;
8368. begin
8369.   if InitNt and Assigned(_RtlDeregisterWait) then
8370.     Result := _RtlDeregisterWait(WaitHandle)
8371.   else
8372.     Result := NtNotImplemented;
8373. end;
8374.  
8375. function RtlDeregisterWaitEx(WaitHandle, Event: THANDLE): NTSTATUS; stdcall;
8376. begin
8377.   if InitNt and Assigned(_RtlDeregisterWaitEx) then
8378.     Result := _RtlDeregisterWaitEx(WaitHandle, Event)
8379.   else
8380.     Result := NtNotImplemented;
8381. end;
8382.  
8383. function RtlDestroyEnvironment(Environment: PVOID): NTSTATUS; stdcall;
8384. begin
8385.   if InitNt and Assigned(_RtlDestroyEnvironment) then
8386.     Result := _RtlDestroyEnvironment(Environment)
8387.   else
8388.     Result := NtNotImplemented;
8389. end;
8390.  
8391. function RtlDestroyHeap (hHeap : THandle) : PVOID; stdcall;
8392. begin
8393.   if InitNt and Assigned(_RtlDestroyHeap) then
8394.     Result := _RtlDestroyHeap (hHeap)
8395.   else begin
8396.     Result := PVOID(-1);
8397.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
8398.   end;
8399. end;
8400.  
8401. function RtlDestroyProcessParameters(
8402.   ProcessParameters: PPROCESS_PARAMETERS): NTSTATUS; stdcall;
8403. begin
8404.   if InitNt and Assigned(_RtlDestroyProcessParameters) then
8405.     Result := _RtlDestroyProcessParameters(ProcessParameters)
8406.   else
8407.     Result := NtNotImplemented;
8408. end;
8409.  
8410. function RtlDestroyQueryDebugBuffer(
8411.   Buffer: PRTL_DEBUG_INFORMATION): NTSTATUS; stdcall;
8412. begin
8413.   if InitNt and Assigned(_RtlDestroyQueryDebugBuffer) then
8414.     Result := _RtlDestroyQueryDebugBuffer(Buffer)
8415.   else
8416.     Result := NtNotImplemented;
8417. end;
8418.  
8419. function RtlDetermineDosPathNameType_U(
8420.   DosFileName: LPWSTR): RTL_PATH_TYPE; stdcall;
8421. begin
8422.   if InitNt and Assigned(_RtlDetermineDosPathNameType_U) then
8423.     Result := _RtlDetermineDosPathNameType_U(DosFileName)
8424.   else begin
8425.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
8426.     Result := RTL_PATH_TYPE(-1);
8427.   end;
8428. end;
8429.  
8430. function RtlDllShutdownInProgress: Boolean; stdcall;
8431. begin
8432.   if InitNt and Assigned(_RtlDllShutdownInProgress) then
8433.     Result := _RtlDllShutdownInProgress
8434.   else
8435.     Result := NtNotImplementedBoolean;
8436. end;
8437.  
8438. function RtlDnsHostNameToComputerName(
8439.   ComputerNameString, DnsHostNameString: PUNICODE_STRING;
8440.   AllocateComputerNameString: BOOL): NTSTATUS; stdcall;
8441. begin
8442.   if InitNt and Assigned(_RtlDnsHostNameToComputerName) then
8443.     Result := _RtlDnsHostNameToComputerName(ComputerNameString,
8444.       DnsHostNameString, AllocateComputerNameString)
8445.   else
8446.     Result := NtNotImplemented;
8447. end;
8448.  
8449. function RtlDoesFileExists_U(FileName: LPWSTR): BOOL; stdcall;
8450. begin
8451.   if InitNt and Assigned(_RtlDoesFileExists_U) then
8452.     Result := _RtlDoesFileExists_U(FileName)
8453.   else
8454.     Result := NtNotImplementedBoolean;
8455. end;
8456.  
8457. function RtlDosPathNameToNtPathName_U (const DosFileName: PWideChar;
8458.   NtFileName: PUNICODE_STRING; FilePart: PPWideChar;
8459.   RelativeName: PRTL_RELATIVE_NAME): Boolean; stdcall;
8460. begin
8461.   if InitNt and Assigned(_RtlDosPathNameToNtPathName_U) then
8462.     Result := _RtlDosPathNameToNtPathName_U(DosFileName, NtFileName,
8463.       FilePart, RelativeName)
8464.   else
8465.     Result := NtNotImplementedBoolean;
8466. end;
8467.  
8468. function RtlDosSearchPath_U(lpPath, lpFileName, lpExtension: LPWSTR;
8469.   nBufferLength: ULONG; lpBuffer: LPWSTR;
8470.   lpFilePart: PLPWSTR): ULONG; stdcall;
8471. begin
8472.   if InitNt and Assigned(_RtlDosSearchPath_U) then
8473.     Result := _RtlDosSearchPath_U(lpPath, lpFileName, lpExtension,
8474.       nBufferLength, lpBuffer, lpFilePart)
8475.   else begin
8476.     Result := 0;
8477.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
8478.   end;
8479. end;
8480.  
8481. procedure RtlEnterCriticalSection (var Section : TRTLCriticalSection);
8482. begin
8483.   if InitNt and Assigned(_RtlEnterCriticalSection) then
8484.     _RtlEnterCriticalSection (Section)
8485.   else
8486.     NtNotImplemented;
8487. end;
8488.  
8489. function RtlEqualSid(sid1: PSID; sid2: PSID): BOOL; stdcall;
8490. begin
8491.   if InitNt and Assigned(_RtlEqualSid) then
8492.     Result := _RtlEqualSid(sid1, sid2)
8493.   else
8494.     Result := NtNotImplementedBoolean;
8495. end;
8496.  
8497. function RtlEqualString (String1, String2: PAnsiString;
8498.   CaseInSensitive: Boolean): Boolean; stdcall;
8499. begin
8500.   if InitNt and Assigned(_RtlEqualString) then
8501.     Result := _RtlEqualString(String1, String2, CaseInSensitive)
8502.   else
8503.     Result := NtNotImplementedBoolean;
8504. end;
8505.  
8506. function RtlExpandEnvironmentStrings_U(Environment: PVOID;
8507.   Source, Destination: PUNICODE_STRING;
8508.   ReturnedLength: PULONG): NTSTATUS; stdcall;
8509. begin
8510.   if InitNt and Assigned(_RtlExpandEnvironmentStrings_U) then
8511.     Result := _RtlExpandEnvironmentStrings_U(Environment, Source, Destination,
8512.       ReturnedLength)
8513.   else
8514.     Result := NtNotImplemented;
8515. end;
8516.  
8517. function RtlExtendedLargeIntegerDivide(Dividend: LARGE_INTEGER;
8518.   Divisor: ULONG; Remainder: PULONG): int64; stdcall;
8519. begin
8520.   if InitNt and Assigned(_RtlExtendedLargeIntegerDivide) then
8521.     Result := _RtlExtendedLargeIntegerDivide(Dividend, Divisor, Remainder)
8522.   else
8523.     Result := NtNotImplemented;
8524. end;
8525.  
8526. function RtlExtendHeap(HeapHandle: PVOID; Flags: ULONG; Base: PVOID;
8527.   Size: SIZE_T): NTSTATUS; stdcall;
8528. begin
8529.   if InitNt and Assigned(_RtlExtendHeap) then
8530.     Result := _RtlExtendHeap(HeapHandle, Flags, Base, Size)
8531.   else
8532.     Result := NtNotImplemented;
8533. end;
8534.  
8535. function RtlFindClearBitsAndSet(BitMapHeader: PRTL_BITMAP;
8536.   NumberToFind, HintIndex: ULONG): ULONG; stdcall;
8537. begin
8538.   if InitNt and Assigned(_RtlFindClearBitsAndSet) then
8539.     Result := _RtlFindClearBitsAndSet(BitMapHeader, NumberToFind, HintIndex)
8540.   else begin
8541.     Result := 0;
8542.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
8543.   end;
8544. end;
8545.  
8546. function RtlFindMessage(DllHandle: PVOID;
8547.   MessageTableId, MessageLanguageId, MessageId: ULONG;
8548.   MessageEntry: PPMESSAGE_RESOURCE_ENTRY): NTSTATUS; stdcall;
8549. begin
8550.   if InitNt and Assigned(_RtlFindMessage) then
8551.     Result := _RtlFindMessage(DllHandle, MessageTableId, MessageLanguageId,
8552.       MessageId, MessageEntry)
8553.   else
8554.     Result := NtNotImplemented;
8555. end;
8556.  
8557. function RtlFlushSecureMemoryCache(MemoryAddress: PVOID;
8558.   dwUnknown: DWORD): BOOL; stdcall;
8559. begin
8560.   if InitNt and Assigned(_RtlFlushSecureMemoryCache) then
8561.     Result := _RtlFlushSecureMemoryCache(MemoryAddress, dwUnknown)
8562.   else
8563.     Result := NtNotImplementedBoolean;
8564. end;
8565.  
8566. function RtlFormatCurrentUserKeyPath(
8567.   CurrentUserKeyPath: PUNICODE_STRING): NTSTATUS; stdcall;
8568. begin
8569.   if InitNt and Assigned(_RtlFormatCurrentUserKeyPath) then
8570.     Result := _RtlFormatCurrentUserKeyPath(CurrentUserKeyPath)
8571.   else
8572.     Result := NtNotImplemented;
8573. end;
8574.  
8575. function RtlFormatMessage(MessageFormat: LPWSTR; MaximumWidth: ULONG;
8576.   IgnoreInserts, ArgumentsAreAnsi, ArgumentsAreAnArray: BOOL;
8577.   Arguments: PVOID; Buffer: LPWSTR; Length: ULONG;
8578.   ReturnLength: PULONG): NTSTATUS; stdcall;
8579. begin
8580.   if InitNt and Assigned(_RtlFormatMessage) then
8581.     Result := _RtlFormatMessage(MessageFormat, MaximumWidth, IgnoreInserts,
8582.       ArgumentsAreAnsi, ArgumentsAreAnArray, Arguments, Buffer, Length,
8583.       ReturnLength)
8584.   else
8585.     Result := NtNotImplemented;
8586. end;
8587.  
8588. function RtlFreeHandle(HandleTable: PRTL_HANDLE_TABLE;
8589.   Handle: PRTL_HANDLE_TABLE_ENTRY): BOOL; stdcall;
8590. begin
8591.   if InitNt and Assigned(_RtlFreeHandle) then
8592.     Result := _RtlFreeHandle(HandleTable, Handle)
8593.   else
8594.     Result := NtNotImplementedBoolean;
8595. end;
8596.  
8597. procedure RtlFreeOemString(OemString: PSTRING); stdcall;
8598. begin
8599.   if InitNt and Assigned(_RtlFreeOemString) then
8600.     _RtlFreeOemString(OemString)
8601.   else
8602.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
8603. end;
8604.  
8605. function RtlFreeSid(Sid: PSID): NTSTATUS; stdcall;
8606. begin
8607.   if InitNt and Assigned(_RtlFreeSid) then
8608.     Result := _RtlFreeSid(Sid)
8609.   else
8610.     Result := NtNotImplemented;
8611. end;
8612.  
8613. function RtlGetAce(pAcl: PACL; dwAceIndex: DWORD;
8614.   pAce: PPvoid): NTSTATUS; stdcall;
8615. begin
8616.   if InitNt and Assigned(_RtlGetAce) then
8617.     Result := _RtlGetAce(pAcl, dwAceIndex, pAce)
8618.   else
8619.     Result := NtNotImplemented;
8620. end;
8621.  
8622. function RtlGetActiveActivationContext(pActCtx: PHANDLE): NTSTATUS; stdcall;
8623. begin
8624.   if InitNt and Assigned(_RtlGetActiveActivationContext) then
8625.     Result := _RtlGetActiveActivationContext(pActCtx)
8626.   else
8627.     Result := NtNotImplemented;
8628. end;
8629.  
8630. function RtlGetCurrentDirectory_U(nBufferLength: ULONG;
8631.   lpBuffer: LPWSTR): ULONG; stdcall;
8632. begin
8633.   if InitNt and Assigned(_RtlGetCurrentDirectory_U) then
8634.     Result := _RtlGetCurrentDirectory_U(nBufferLength, lpBuffer)
8635.   else begin
8636.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
8637.     Result := 0;
8638.   end;
8639. end;
8640.  
8641. function RtlGetDaclSecurityDescriptor(
8642.   pSecurityDescriptor: PSECURITY_DESCRIPTOR; lpbDaclPresent: PBOOLEAN;
8643.   pDacl: PPACL; lpbDaclDefaulted: PBOOLEAN): NTSTATUS; stdcall;
8644. begin
8645.   if InitNt and Assigned(_RtlGetDaclSecurityDescriptor) then
8646.     Result := _RtlGetDaclSecurityDescriptor(pSecurityDescriptor, lpbDaclPresent,
8647.       pDacl, lpbDaclDefaulted)
8648.   else
8649.     Result := NtNotImplemented;
8650. end;
8651.  
8652. { Íå áóäåò ðàáîòàòü â Windows 64 }
8653. function RtlGetCurrentPEB : Pointer; assembler;
8654. asm
8655.   mov eax,fs:[$18]
8656.   mov eax,[eax+$30]
8657. end;
8658.  
8659. function RtlGetFrame: PVOID; stdcall;
8660. begin
8661.   if InitNt and Assigned(_RtlGetFrame) then
8662.     Result := _RtlGetFrame
8663.   else
8664.     Result := NtNotImplementedPointer;
8665. end;
8666.  
8667. function RtlGetFullPathName_U(FileName: PUNICODE_STRING;
8668.   nBufferLength: ULONG; lpBuffer: LPWSTR; lpFilePart: PLPWSTR;
8669.   NameInvalid: PBOOLEAN; InputPathType: PRTL_PATH_TYPE): ULONG; stdcall;
8670. begin
8671.   if InitNt and Assigned(_RtlGetFullPathName_U) then
8672.     Result := _RtlGetFullPathName_U(FileName, nBufferLength, lpBuffer,
8673.       lpFilePart, NameInvalid, InputPathType)
8674.   else
8675.     Result := NtNotImplemented;
8676. end;
8677.  
8678. function RtlGetNtGlobalFlags: DWORD; stdcall;
8679. begin
8680.   if InitNt and Assigned(_RtlGetNtGlobalFlags) then
8681.     Result := _RtlGetNtGlobalFlags
8682.   else begin
8683.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
8684.     Result := 0;
8685.   end;
8686. end;
8687.  
8688. function RtlGetProcessHeaps(NumberOfHeapsToReturn: ULONG;
8689.   ProcessHeaps: PPVOID): ULONG; stdcall;
8690. begin
8691.   if InitNt and Assigned(_RtlGetProcessHeaps) then
8692.     Result := _RtlGetProcessHeaps(NumberOfHeapsToReturn, ProcessHeaps)
8693.   else begin
8694.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
8695.     Result := 0;
8696.   end;
8697. end;
8698.  
8699. function RtlGetUserInfoHeap(HeapHandle: PVOID; Flags: ULONG; BaseAddress: PVOID;
8700.   UserValue: PPVOID; UserFlags: PULONG): BOOL; stdcall;
8701. begin
8702.   if InitNt and Assigned(_RtlGetUserInfoHeap) then
8703.     Result := _RtlGetUserInfoHeap(HeapHandle, Flags, BaseAddress, UserValue,
8704.       UserFlags)
8705.   else
8706.     Result := NtNotImplementedBoolean;
8707. end;
8708.  
8709. function RtlGetVersion(
8710.   lpVersionInformation: PRTL_OSVERSIONINFOW): NTSTATUS; stdcall;
8711. begin
8712.   if InitNt and Assigned(_RtlGetVersion) then
8713.     Result := _RtlGetVersion(lpVersionInformation)
8714.   else
8715.     Result := NtNotImplemented;
8716. end;
8717.  
8718. function RtlGUIDFromString(GuidString: PUNICODE_STRING;
8719.   Guid: PGUID): NTSTATUS; stdcall;
8720. begin
8721.   if InitNt and Assigned(_RtlGUIDFromString) then
8722.     Result := _RtlGUIDFromString(GuidString, Guid)
8723.   else
8724.     Result := NtNotImplemented;
8725. end;
8726.  
8727. function RtlImageDirectoryEntryToData(Base: PVOID; MappedAsImage: BOOL;
8728.   DirectoryEntry: USHORT; Size: PULONG): PVOID; stdcall;
8729. begin
8730.   if InitNt and Assigned(_RtlImageDirectoryEntryToData) then
8731.     Result := _RtlImageDirectoryEntryToData(Base, MappedAsImage,
8732.       DirectoryEntry, Size)
8733.   else
8734.     Result := NtNotImplementedPointer;
8735. end;
8736.  
8737. function RtlImageNtHeader (hMod: HMODULE): PImageNTHeaders;
8738. begin
8739.   if InitNt and Assigned(_RtlImageNtHeader) then
8740.     Result := _RtlImageNtHeader(hMod)
8741.   else
8742.     Result := NtNotImplementedPointer;
8743. end;
8744.  
8745. function RtlImpersonateSelf(
8746.   ImpersonationLevel: SECURITY_IMPERSONATION_LEVEL): NTSTATUS; stdcall;
8747. begin
8748.   if InitNt and Assigned(_RtlImpersonateSelf) then
8749.     Result := _RtlImpersonateSelf(ImpersonationLevel)
8750.   else
8751.     Result := NtNotImplemented;
8752. end;
8753.  
8754. function RtlInitializeCriticalSection (
8755.   var Section: TRTLCriticalSection): NTSTATUS;
8756. begin
8757.   if InitNt and Assigned(_RtlInitializeCriticalSection) then
8758.     Result := _RtlInitializeCriticalSection (Section)
8759.   else
8760.     Result := NtNotImplemented;
8761. end;
8762.  
8763. function RtlInitializeCriticalSectionAndSpinCount (
8764.   var Section: TRTLCriticalSection; SpinCount: DWORD): NTSTATUS; stdcall;
8765. begin
8766.   if InitNt and Assigned(_RtlInitializeCriticalSectionAndSpinCount) then
8767.     Result := _RtlInitializeCriticalSectionAndSpinCount (Section, SpinCount)
8768.   else
8769.     Result := NtNotImplemented;
8770. end;
8771.  
8772. procedure RtlInitializeHandleTable(MaximumNumberOfHandles,
8773.   SizeOfHandleTableEntry: ULONG; HandleTable: PRTL_HANDLE_TABLE); stdcall;
8774. begin
8775.   if InitNt and Assigned(_RtlInitializeHandleTable) then
8776.     _RtlInitializeHandleTable(MaximumNumberOfHandles,
8777.       SizeOfHandleTableEntry, HandleTable)
8778.   else
8779.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
8780. end;
8781.  
8782. function RtlInitializeSid(Sid: PSID;
8783.   pIdentifierAuthority: PSID_IDENTIFIER_AUTHORITY;
8784.   nSubAuthorityCount: Integer): BOOL; stdcall;
8785. begin
8786.   if InitNt and Assigned(_RtlInitializeSid) then
8787.     Result := _RtlInitializeSid(Sid, pIdentifierAuthority, nSubAuthorityCount)
8788.   else
8789.     Result := NtNotImplementedBoolean;
8790. end;
8791.  
8792. procedure RtlInitUnicodeString (var Buffer : TUNICODE_STRING;
8793.   Source : PWideChar); stdcall;
8794. begin
8795.   if InitNt and Assigned(_RtlInitUnicodeString) then
8796.     _RtlInitUnicodeString(Buffer, Source);
8797. end;
8798.  
8799. function RtlIntegerToChar(Value, Base: ULONG; OutputLength: LONG;
8800.   AString: LPSTR): NTSTATUS; stdcall;
8801. begin
8802.   if InitNt and Assigned(_RtlIntegerToChar) then
8803.     Result := _RtlIntegerToChar(Value, Base, OutputLength, AString)
8804.   else
8805.     Result := NtNotImplemented;
8806. end;
8807.  
8808. function RtlIntegerToUnicodeString(Value, Base: ULONG;
8809.   AString: PUNICODE_STRING): NTSTATUS; stdcall;
8810. begin
8811.   if InitNt and Assigned(_RtlIntegerToUnicodeString) then
8812.     Result := _RtlIntegerToUnicodeString(Value, Base, AString)
8813.   else
8814.     Result := NtNotImplemented;
8815. end;
8816.  
8817. function RtlIsActivationContextActive(hActCtx: THANDLE): BOOL; stdcall;
8818. begin
8819.   if InitNt and Assigned(_RtlIsActivationContextActive) then
8820.     Result := _RtlIsActivationContextActive(hActCtx)
8821.   else
8822.     Result := NtNotImplementedBoolean;
8823. end;
8824.  
8825. function RtlIsDosDeviceName_U (PathName: LPWSTR): BOOL; stdcall;
8826. begin
8827.   if InitNt and Assigned(_RtlIsDosDeviceName_U) then
8828.     Result := _RtlIsDosDeviceName_U (PathName)
8829.   else
8830.     Result := NtNotImplementedBoolean;
8831. end;
8832.  
8833. function RtlIsNameLegalDOS8Dot3(Name: PUNICODE_STRING; OemName: PPSTRING;
8834.   NameContainsSpaces: PBOOLEAN): BOOL; stdcall;
8835. begin
8836.   if InitNt and Assigned(_RtlIsNameLegalDOS8Dot3) then
8837.     Result := _RtlIsNameLegalDOS8Dot3(Name, OemName, NameContainsSpaces)
8838.   else
8839.     Result := NtNotImplementedBoolean;
8840. end;
8841.  
8842. function RtlIsTextUnicode(Buffer: PVOID; Size: ULONG;
8843.   AResult: PULONG): BOOL; stdcall;
8844. begin
8845.   if InitNt and Assigned(_RtlIsTextUnicode) then
8846.     Result := _RtlIsTextUnicode(Buffer, Size, AResult)
8847.   else
8848.     Result := NtNotImplementedBoolean;
8849. end;
8850.  
8851. function RtlIsValidHandle(HandleTable: PRTL_HANDLE_TABLE;
8852.   Handle: PRTL_HANDLE_TABLE_ENTRY): BOOL; stdcall;
8853. begin
8854.   if InitNt and Assigned(_RtlIsValidHandle) then
8855.     Result := _RtlIsValidHandle(HandleTable, Handle)
8856.   else
8857.     Result := NtNotImplementedBoolean;
8858. end;
8859.  
8860. procedure RtlLeaveCriticalSection (var Section : TRTLCriticalSection);
8861. begin
8862.   if InitNt and Assigned(_RtlLeaveCriticalSection) then
8863.     _RtlLeaveCriticalSection (Section)
8864.   else
8865.     NtNotImplemented;
8866. end;
8867.  
8868. function RtlLengthRequiredSid(nSubAuthorityCount: Integer): ULONG; stdcall;
8869. begin
8870.   if InitNt and Assigned(_RtlLengthRequiredSid) then
8871.     Result := _RtlLengthRequiredSid(nSubAuthorityCount)
8872.   else begin
8873.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
8874.     Result := 0;
8875.   end;
8876. end;
8877.  
8878. function RtlLengthSecurityDescriptor(
8879.   SecurityDescriptor: PSECURITY_DESCRIPTOR): ULONG; stdcall;
8880. begin
8881.   if InitNt and Assigned(_RtlLengthSecurityDescriptor) then
8882.     Result := _RtlLengthSecurityDescriptor(SecurityDescriptor)
8883.   else begin
8884.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
8885.     Result := 0;
8886.   end;
8887. end;
8888.  
8889. function RtlLengthSid(Sid: PSID): DWORD; stdcall;
8890. begin
8891.   if InitNt and Assigned(_RtlLengthSid) then
8892.     Result := _RtlLengthSid(Sid)
8893.   else begin
8894.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
8895.     Result := 0;
8896.   end;
8897. end;
8898.  
8899. function RtlLockHeap(HeapHandle: PVOID): BOOL; stdcall;
8900. begin
8901.   if InitNt and Assigned(_RtlLockHeap) then
8902.     Result := _RtlLockHeap(HeapHandle)
8903.   else
8904.     Result := NtNotImplementedBoolean;
8905. end;
8906.  
8907. function RtlMultiByteToUnicodeN (Dest: PWideChar; MaxDestBufferSize: DWORD;
8908.   PDestBufferSize: LPDWORD; Source: PAnsiChar;
8909.   SourceSize: DWORD): NTSTATUS;
8910. begin
8911.   if InitNt and Assigned(_RtlMultiByteToUnicodeN) then
8912.     Result := _RtlMultiByteToUnicodeN(Dest, MaxDestBufferSize, PDestBufferSize,
8913.       Source, SourceSize)
8914.   else
8915.     Result := NtNotImplemented;
8916. end;
8917.  
8918. function RtlMultiByteToUnicodeSize(BytesInUnicodeString: PULONG;
8919.   MultiByteString: LPSTR; BytesInMultiByteString: ULONG): NTSTATUS; stdcall;
8920. begin
8921.   if InitNt and Assigned(_RtlMultiByteToUnicodeSize) then
8922.     Result := _RtlMultiByteToUnicodeSize(BytesInUnicodeString, MultiByteString,
8923.       BytesInMultiByteString)
8924.   else
8925.     Result := NtNotImplemented;
8926. end;
8927.  
8928. function RtlNtStatusToDosError (Status: NTSTATUS): LongInt; stdcall;
8929. begin
8930.   if InitNt and Assigned(_RtlNtStatusToDosError) then
8931.     Result := _RtlNtStatusToDosError(Status)
8932.   else
8933.     Result := ERROR_CALL_NOT_IMPLEMENTED;
8934. end;
8935.  
8936. function RtlNtStatusToDosErrorNoTeb (Status: NTSTATUS): LongInt; stdcall;
8937. begin
8938.   if InitNt and Assigned(_RtlNtStatusToDosErrorNoTeb) then
8939.     Result := _RtlNtStatusToDosErrorNoTeb(Status)
8940.   else
8941.     Result := ERROR_CALL_NOT_IMPLEMENTED;
8942. end;
8943.  
8944. function RtlOemStringToUnicodeString(DestinationString: PUNICODE_STRING;
8945.   SourceString: PSTRING; AllocateDestinationString: BOOL): NTSTATUS; stdcall;
8946. begin
8947.   if InitNt and Assigned(_RtlOemStringToUnicodeString) then
8948.     Result := _RtlOemStringToUnicodeString(DestinationString, SourceString,
8949.       AllocateDestinationString)
8950.   else
8951.     Result := NtNotImplemented;
8952. end;
8953.  
8954. function RtlOemToUnicodeN(UnicodeString: LPWSTR; MaxBytesInUnicodeString: ULONG;
8955.   BytesInUnicodeString: PULONG; OemString: LPSTR;
8956.   BytesInOemString: ULONG): NTSTATUS; stdcall;
8957. begin
8958.   if InitNt and Assigned(_RtlOemToUnicodeN) then
8959.     Result := _RtlOemToUnicodeN(UnicodeString, MaxBytesInUnicodeString,
8960.       BytesInUnicodeString, OemString, BytesInOemString)
8961.   else
8962.     Result := NtNotImplemented;
8963. end;
8964.  
8965. function RtlOpenCurrentUser(dwDesiredAccess: DWORD;
8966.   phKey: PHANDLE): NTSTATUS; stdcall;
8967. begin
8968.   if InitNt and Assigned(_RtlOpenCurrentUser) then
8969.     Result := _RtlOpenCurrentUser(dwDesiredAccess, phKey)
8970.   else
8971.     Result := NtNotImplemented;
8972. end;
8973.  
8974. function RtlPcToFileHeader(PcValue: PVOID; BaseOfImage: PPVOID): PVOID; stdcall;
8975. begin
8976.   if InitNt and Assigned(_RtlPcToFileHeader) then
8977.     Result := _RtlPcToFileHeader(PcValue, BaseOfImage)
8978.   else
8979.     Result := NtNotImplementedPointer;
8980. end;
8981.  
8982. function RtlPrefixString(String1, String2: PSTRING;
8983.   CaseInSensitive: BOOL): BOOL; stdcall;
8984. begin
8985.   if InitNt and Assigned(_RtlPrefixString) then
8986.     Result := _RtlPrefixString(String1, String2, CaseInSensitive)
8987.   else
8988.     Result := NtNotImplementedBoolean;
8989. end;
8990.  
8991. function RtlPrefixUnicodeString(String1, String2: PUNICODE_STRING;
8992.   CaseInSensitive: BOOL): BOOL; stdcall;
8993. begin
8994.   if InitNt and Assigned(_RtlPrefixUnicodeString) then
8995.     Result := _RtlPrefixUnicodeString(String1, String2, CaseInSensitive)
8996.   else
8997.     Result := NtNotImplementedBoolean;
8998. end;
8999.  
9000. procedure RtlpUnWaitCriticalSection (var Section: TRTLCriticalSection);
9001. begin
9002.   if InitNt and Assigned(_RtlpUnWaitCriticalSection) then
9003.     _RtlpUnWaitCriticalSection (Section)
9004.   else
9005.     NtNotImplemented;
9006. end;
9007.  
9008. procedure RtlpWaitForCriticalSection (var Section: TRTLCriticalSection);
9009. begin
9010.   if InitNt and Assigned(_RtlpWaitForCriticalSection) then
9011.     _RtlpWaitForCriticalSection (Section)
9012.   else
9013.     NtNotImplemented;
9014. end;
9015.  
9016. function RtlQueryAtomInAtomTable(AtomTable: THANDLE; AAtom: ATOM;
9017.   AtomUsage, AtomFlags: PULONG; AtomName: LPWSTR;
9018.   AtomNameLength: LPDWORD): NTSTATUS; stdcall;
9019. begin
9020.   if InitNt and Assigned(_RtlQueryAtomInAtomTable) then
9021.     Result := _RtlQueryAtomInAtomTable(AtomTable, AAtom, AtomUsage, AtomFlags,
9022.       AtomName, AtomNameLength)
9023.   else
9024.     Result := NtNotImplemented;
9025. end;
9026.  
9027. function RtlQueryEnvironmentVariable_U (EnvBlock: PVOID;
9028.   VarName, usResult: PUNICODE_STRING): NTSTATUS; stdcall;
9029. begin
9030.   if InitNt and Assigned(_RtlQueryEnvironmentVariable_U) then
9031.     Result := _RtlQueryEnvironmentVariable_U(EnvBlock, VarName, usResult)
9032.   else
9033.     Result := NtNotImplemented;
9034. end;
9035.  
9036. function RtlQueryHeapInformation(HeapHandle: PVOID;
9037.   HeapInformationClass: HEAP_INFORMATION_CLASS; HeapInformation: PVOID;
9038.   HeapInformationLength: SIZE_T; ReturnLength: PULONG): DWORD; stdcall;
9039. begin
9040.   if InitNt and Assigned(_RtlQueryHeapInformation) then
9041.     Result := _RtlQueryHeapInformation(HeapHandle, HeapInformationClass,
9042.       HeapInformation, HeapInformationLength, ReturnLength)
9043.   else begin
9044.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
9045.     Result := 0;
9046.   end;
9047. end;
9048.  
9049. function RtlQueryInformationAcl(Acl: PACL; AclInformation: PVOID;
9050.   AclInformationLength: ULONG;
9051.   AclInformationClass: ACL_INFORMATION_CLASS): NTSTATUS; stdcall;
9052. begin
9053.   if InitNt and Assigned(_RtlQueryInformationAcl) then
9054.     Result := _RtlQueryInformationAcl(Acl, AclInformation, AclInformationLength,
9055.       AclInformationClass)
9056.   else
9057.     Result := NtNotImplemented;
9058. end;
9059.  
9060. function RtlQueryInformationActivationContext(dwFlags: DWORD;
9061.   hActCtx: THANDLE; pvSubInstance: PVOID; InfoClass: ULONG; pvBuffer: PVOID;
9062.   cbBuffer: SIZE_T; pcbWrittenOrRequired: PULONG): NTSTATUS; stdcall;
9063. begin
9064.   if InitNt and Assigned(_RtlQueryInformationActivationContext) then
9065.     Result := _RtlQueryInformationActivationContext(dwFlags, hActCtx,
9066.       pvSubInstance, InfoClass, pvBuffer, cbBuffer, pcbWrittenOrRequired)
9067.   else
9068.     Result := NtNotImplemented;
9069. end;
9070.  
9071. function RtlQueryInformationActiveActivationContext(InfoClass: ULONG;
9072.   pvBuffer: PVOID; cbBuffer: SIZE_T;
9073.   pcbWrittenOrRequired: PULONG): NTSTATUS; stdcall;
9074. begin
9075.   if InitNt and Assigned(_RtlQueryInformationActiveActivationContext) then
9076.     Result := _RtlQueryInformationActiveActivationContext(InfoClass, pvBuffer,
9077.       cbBuffer, pcbWrittenOrRequired)
9078.   else
9079.     Result := NtNotImplemented;
9080. end;
9081.  
9082. function RtlQueryProcessDebugInformation(UniqueProcessId: THANDLE;
9083.   Flags: ULONG; Buffer: PRTL_DEBUG_INFORMATION): NTSTATUS; stdcall;
9084. begin
9085.   if InitNt and Assigned(_RtlQueryProcessDebugInformation) then
9086.     Result := _RtlQueryProcessDebugInformation(UniqueProcessId, Flags, Buffer)
9087.   else
9088.     Result := NtNotImplemented;
9089. end;
9090.  
9091. function RtlQueryRegistryValues(RelativeTo: ULONG; Path: LPCWSTR;
9092.   QueryTable: PRTL_QUERY_REGISTRY_TABLE;
9093.   Context, Environment: PVOID): NTSTATUS; stdcall;
9094. begin
9095.   if InitNt and Assigned(_RtlQueryRegistryValues) then
9096.     Result := _RtlQueryRegistryValues(RelativeTo, Path, QueryTable, Context,
9097.       Environment)
9098.   else
9099.     Result := NtNotImplemented;
9100. end;
9101.  
9102. function RtlQueryTagHeap(HeapHandle: PVOID; Flags: ULONG; TagIndex: USHORT;
9103.   ResetCounters: BOOL; TagInfo: PRTL_HEAP_TAG_INFO): LPWSTR; stdcall;
9104. begin
9105.   if InitNt and Assigned(_RtlQueryTagHeap) then
9106.     Result := _RtlQueryTagHeap(HeapHandle, Flags, TagIndex, ResetCounters,
9107.       TagInfo)
9108.   else
9109.     Result := NtNotImplementedPointer;
9110. end;
9111.  
9112. function RtlQueueWorkItem(AFunction: Pointer; Context: PVOID;
9113.   Flags: ULONG): NTSTATUS; stdcall;
9114. begin
9115.   if InitNt and Assigned(_RtlQueueWorkItem) then
9116.     Result := _RtlQueueWorkItem(AFunction, Context, Flags)
9117.   else
9118.     Result := NtNotImplemented;
9119. end;
9120.  
9121. procedure RtlRaiseException(ExceptionRecord: PEXCEPTION_RECORD); stdcall;
9122. begin
9123.   if InitNt and Assigned(_RtlRaiseException) then
9124.     _RtlRaiseException(ExceptionRecord)
9125.   else
9126.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
9127. end;
9128.  
9129. procedure RtlRaiseStatus (Status: NTSTATUS); stdcall;
9130. begin
9131.   if InitNt and Assigned(_RtlRaiseStatus) then
9132.     _RtlRaiseStatus (Status);
9133. end;
9134.  
9135. function RtlReAllocateHeap(HeapHandle: PVOID; Flags: ULONG;
9136.   BaseAddress: PVOID; Size: SIZE_T): PVOID; stdcall;
9137. begin
9138.   if InitNt and Assigned(_RtlReAllocateHeap) then
9139.     Result := _RtlReAllocateHeap(HeapHandle, Flags, BaseAddress, Size)
9140.   else
9141.     Result := NtNotImplementedPointer;
9142. end;
9143.  
9144. function RtlRegisterWait(WaitHandle: PHANDLE; AHandle: THANDLE;
9145.   AFunction: Pointer; Context: PVOID;
9146.   Milliseconds, Flags: ULONG): NTSTATUS; stdcall;
9147. begin
9148.   if InitNt and Assigned(_RtlRegisterWait) then
9149.     Result := _RtlRegisterWait(WaitHandle, AHandle, AFunction, Context,
9150.       Milliseconds, Flags)
9151.   else
9152.     Result := NtNotImplemented;
9153. end;
9154.  
9155. procedure RtlReleaseActivationContext(hActCtx: THANDLE); stdcall;
9156. begin
9157.   if InitNt and Assigned(_RtlReleaseActivationContext) then
9158.     _RtlReleaseActivationContext(hActCtx)
9159.   else
9160.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
9161. end;
9162.  
9163. procedure RtlRunDecodeUnicodeString(Seed: BYTE;
9164.   AString: PUNICODE_STRING); stdcall;
9165. begin
9166.   if InitNt and Assigned(_RtlRunDecodeUnicodeString) then
9167.     _RtlRunDecodeUnicodeString(Seed, AString)
9168.   else
9169.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
9170. end;
9171.  
9172. procedure RtlRunEncodeUnicodeString(Seed: PBYTE; AString: PUNICODE_STRING); stdcall;
9173. begin
9174.   if InitNt and Assigned(_RtlRunEncodeUnicodeString) then
9175.     _RtlRunEncodeUnicodeString(Seed, AString)
9176.   else
9177.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
9178. end;
9179.  
9180. function RtlSetCurrentDirectory_U(PathName: PUNICODE_STRING): NTSTATUS; stdcall;
9181. begin
9182.   if InitNt and Assigned(_RtlSetCurrentDirectory_U) then
9183.     Result := _RtlSetCurrentDirectory_U(PathName)
9184.   else
9185.     Result := NtNotImplemented;
9186. end;
9187.  
9188. function RtlSetDaclSecurityDescriptor(
9189.   SecurityDescriptor: PSECURITY_DESCRIPTOR; DaclPresent: BOOL; Dacl: PACL;
9190.   DaclDefaulted: BOOL): NTSTATUS; stdcall;
9191. begin
9192.   if InitNt and Assigned(_RtlSetDaclSecurityDescriptor) then
9193.     Result := _RtlSetDaclSecurityDescriptor(SecurityDescriptor, DaclPresent,
9194.       Dacl, DaclDefaulted)
9195.   else
9196.     Result := NtNotImplemented;
9197. end;
9198.  
9199. function RtlSetEnvironmentVariable(Environment: PPVOID;
9200.   Name, Value: PUNICODE_STRING): NTSTATUS; stdcall;
9201. begin
9202.   if InitNt and Assigned(_RtlSetEnvironmentVariable) then
9203.     Result := _RtlSetEnvironmentVariable(Environment, Name, Value)
9204.   else
9205.     Result := NtNotImplemented;
9206. end;
9207.  
9208. function RtlSetHeapInformation(HeapHandle: PVOID;
9209.   HeapInformationClass: HEAP_INFORMATION_CLASS; HeapInformation: PVOID;
9210.   HeapInformationLength: SIZE_T): DWORD; stdcall;
9211. begin
9212.   if InitNt and Assigned(_RtlSetHeapInformation) then
9213.     Result := _RtlSetHeapInformation(HeapHandle, HeapInformationClass,
9214.       HeapInformation, HeapInformationLength)
9215.   else begin
9216.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
9217.     Result := 0;
9218.   end;
9219. end;
9220.  
9221. function RtlSetIoCompletionCallback(FileHandle: THANDLE;
9222.   CompletionProc: Pointer; Flags: ULONG): NTSTATUS; stdcall;
9223. begin
9224.   if InitNt and Assigned(_RtlSetIoCompletionCallback) then
9225.     Result := _RtlSetIoCompletionCallback(FileHandle, CompletionProc, Flags)
9226.   else
9227.     Result := NtNotImplemented;
9228. end;
9229.  
9230. function RtlSetThreadErrorMode (ErrorMode: DWORD): NTSTATUS; stdcall;
9231. begin
9232.   if InitNt and Assigned(_RtlSetThreadErrorMode) then
9233.     Result := _RtlSetThreadErrorMode(ErrorMode)
9234.   else
9235.     Result := NtNotImplemented;
9236. end;
9237.  
9238. function RtlSetThreadPoolStartFunc(lpfnStartThreadFunc: Pointer;
9239.   lpfnExitThreadFunc: Pointer): NTSTATUS; stdcall;
9240. begin
9241.   if InitNt and Assigned(_RtlSetThreadPoolStartFunc) then
9242.     Result := _RtlSetThreadPoolStartFunc(lpfnStartThreadFunc,
9243.       lpfnExitThreadFunc)
9244.   else
9245.     Result := NtNotImplemented;
9246. end;
9247.  
9248. function RtlSetTimeZoneInformation(
9249.   TimeZoneInformation: PRTL_TIME_ZONE_INFORMATION): NTSTATUS; stdcall;
9250. begin
9251.   if InitNt and Assigned(_RtlSetTimeZoneInformation) then
9252.     Result := _RtlSetTimeZoneInformation(TimeZoneInformation)
9253.   else
9254.     Result := NtNotImplemented;
9255. end;
9256.  
9257. procedure RtlSetUnicodeCallouts(Callouts: PVOID); stdcall;
9258. begin
9259.   if InitNt and Assigned(_RtlSetUnicodeCallouts) then
9260.     _RtlSetUnicodeCallouts(Callouts)
9261.   else
9262.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
9263. end;
9264.  
9265. function RtlSetUserValueHeap(HeapHandle: PVOID; Flags: ULONG;
9266.   BaseAddress, UserValue: PVOID): BOOL; stdcall;
9267. begin
9268.   if InitNt and Assigned(_RtlSetUserValueHeap) then
9269.     Result := _RtlSetUserValueHeap(HeapHandle, Flags, BaseAddress, UserValue)
9270.   else
9271.     Result := NtNotImplementedBoolean;
9272. end;
9273.  
9274. function RtlSizeHeap(HeapHandle: PVOID; Flags: ULONG;
9275.   BaseAddress: PVOID): SIZE_T; stdcall;
9276. begin
9277.   if InitNt and Assigned(_RtlSizeHeap) then
9278.     Result := _RtlSizeHeap(HeapHandle, Flags, BaseAddress)
9279.   else begin
9280.     Result := 0;
9281.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
9282.   end;
9283. end;
9284.  
9285. function RtlStringFromGUID(AGuid: PGUID;
9286.   GuidString: PUNICODE_STRING): NTSTATUS; stdcall;
9287. begin
9288.   if InitNt and Assigned(_RtlStringFromGUID) then
9289.     Result := _RtlStringFromGUID(AGuid, GuidString)
9290.   else
9291.     Result := NtNotImplemented;
9292. end;
9293.  
9294. function RtlSubAuthoritySid(Sid: PSID; nSubAuthority: ULONG): PULONG; stdcall;
9295. begin
9296.   if InitNt and Assigned(_RtlSubAuthoritySid) then
9297.     Result := _RtlSubAuthoritySid(Sid, nSubAuthority)
9298.   else
9299.     Result := NtNotImplementedPointer;
9300. end;
9301.  
9302. function RtlTimeFieldsToTime(TimeFields: PTIME_FIELDS;
9303.   Time: PLARGE_INTEGER): BOOL; stdcall;
9304. begin
9305.   if InitNt and Assigned(_RtlTimeFieldsToTime) then
9306.     Result := _RtlTimeFieldsToTime(TimeFields, Time)
9307.   else
9308.     Result := NtNotImplementedBoolean;
9309. end;
9310.  
9311. procedure RtlTimeToTimeFields (ATime: PLARGE_INTEGER;
9312.   ATimeFields: PTIME_FIELDS); stdcall;
9313. begin
9314.   if InitNt and Assigned(_RtlTimeToTimeFields) then
9315.     _RtlTimeToTimeFields (ATime, ATimeFields);
9316. end;
9317.  
9318. function RtlTryEnterCriticalSection (
9319.   var Section: TRTLCriticalSection): Boolean; stdcall;
9320. begin
9321.   if InitNt and Assigned(_RtlTryEnterCriticalSection) then
9322.     Result := _RtlTryEnterCriticalSection(Section)
9323.   else
9324.     Result := NtNotImplementedBoolean;
9325. end;
9326.  
9327. function RtlUnicodeStringToAnsiString (AnsiString: PANSI_STRING;
9328.   UnicodeString: PUNICODE_STRING; fAllocate: LongBool): NTSTATUS; stdcall;
9329. begin
9330.   if InitNt and Assigned(_RtlUnicodeStringToAnsiString) then
9331.     Result := _RtlUnicodeStringToAnsiString(AnsiString, UnicodeString,
9332.       fAllocate)
9333.   else
9334.     Result := NtNotImplemented;
9335. end;
9336.  
9337. function RtlUnicodeStringToInteger(AString: PUNICODE_STRING; Base: ULONG;
9338.   Value: PULONG): NTSTATUS; stdcall;
9339. begin
9340.   if InitNt and Assigned(_RtlUnicodeStringToInteger) then
9341.     Result := _RtlUnicodeStringToInteger(AString, Base, Value)
9342.   else
9343.     Result := NtNotImplemented;
9344. end;
9345.  
9346. function RtlUnicodeStringToOemString(DestinationString: PSTRING;
9347.   SourceString: PUNICODE_STRING;
9348.   AllocateDestinationString: BOOL): NTSTATUS; stdcall;
9349. begin
9350.   if InitNt and Assigned(_RtlUnicodeStringToOemString) then
9351.     Result := _RtlUnicodeStringToOemString(DestinationString, SourceString,
9352.       AllocateDestinationString)
9353.   else
9354.     Result := NtNotImplemented;
9355. end;
9356.  
9357. function RtlUnicodeToMultiByteN(Dest: LPSTR; DestSize: Integer;
9358.   ReturnLength: PLONG; Source: LPWSTR; dwNumChars: Integer): NTSTATUS; stdcall;
9359. begin
9360.   if InitNt and Assigned(_RtlUnicodeToMultiByteN) then
9361.     Result := _RtlUnicodeToMultiByteN(Dest, DestSize, ReturnLength, Source,
9362.       dwNumChars)
9363.   else
9364.     Result := NtNotImplemented;
9365. end;
9366.  
9367. function RtlUnicodeToMultiByteSize(pResult: LPDWORD; lpusString: PWideChar;
9368.   cchusString: DWORD): NTSTATUS; stdcall;
9369. begin
9370.   if InitNt and Assigned(_RtlUnicodeToMultiByteSize) then
9371.     Result := _RtlUnicodeToMultiByteSize(pResult, lpusString, cchusString)
9372.   else
9373.     Result := NtNotImplemented;
9374. end;
9375.  
9376. function RtlUnicodeToOemN(OemString: LPSTR; MaxBytesInOemString: ULONG;
9377.   BytesInOemString: PULONG; UnicodeString: LPWSTR;
9378.   BytesInUnicodeString: ULONG): NTSTATUS; stdcall;
9379. begin
9380.   if InitNt and Assigned(_RtlUnicodeToOemN) then
9381.     Result := _RtlUnicodeToOemN(OemString, MaxBytesInOemString,
9382.       BytesInOemString, UnicodeString, BytesInUnicodeString)
9383.   else
9384.     Result := NtNotImplemented;
9385. end;
9386.  
9387. function RtlUnlockHeap(HeapHandle: PVOID): BOOL; stdcall;
9388. begin
9389.   if InitNt and Assigned(_RtlUnlockHeap) then
9390.     Result := _RtlUnlockHeap(HeapHandle)
9391.   else
9392.     Result := NtNotImplementedBoolean;
9393. end;
9394.  
9395. procedure RtlUnwind(TargetFrame, TargetIp: PVOID;
9396.   ExceptionRecord: PEXCEPTION_RECORD; ReturnValue: PVOID); stdcall;
9397. begin
9398.   if InitNt and Assigned(_RtlUnwind) then
9399.     _RtlUnwind(TargetFrame, TargetIp, ExceptionRecord, ReturnValue)
9400.   else
9401.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
9402. end;
9403.  
9404. function RtlUpcaseUnicodeChar(SourceCharacter: WideChar): WideChar; stdcall;
9405. begin
9406.   if InitNt and Assigned(_RtlUpcaseUnicodeChar) then
9407.     Result := _RtlUpcaseUnicodeChar(SourceCharacter)
9408.   else begin
9409.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
9410.     Result := #0;
9411.   end;
9412. end;
9413.  
9414. function RtlUpcaseUnicodeString(DestinationString: PUNICODE_STRING;
9415.   SourceString: PUNICODE_STRING;
9416.   AllocateDestinationString: BOOL): NTSTATUS; stdcall;
9417. begin
9418.   if InitNt and Assigned(_RtlUpcaseUnicodeString) then
9419.     Result := _RtlUpcaseUnicodeString(DestinationString, SourceString,
9420.       AllocateDestinationString)
9421.   else
9422.     Result := NtNotImplemented;
9423. end;
9424.  
9425. function RtlUpdateTimer(TimerQueueHandle, Timer: THANDLE;
9426.   DueTime, Period: ULONG): NTSTATUS; stdcall;
9427. begin
9428.   if InitNt and Assigned(_RtlUpdateTimer) then
9429.     Result := _RtlUpdateTimer(TimerQueueHandle, Timer, DueTime, Period)
9430.   else
9431.     Result := NtNotImplemented;
9432. end;
9433.  
9434. function RtlUpperChar(c: Char): Char; stdcall;
9435. begin
9436.   if InitNt and Assigned(_RtlUpperChar) then
9437.     Result := _RtlUpperChar(c)
9438.   else begin
9439.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
9440.     Result := #0;
9441.   end;
9442. end;
9443.  
9444. procedure RtlUpperString(DestinationString, SourceString: PSTRING); stdcall;
9445. begin
9446.   if InitNt and Assigned(_RtlUpperString) then
9447.     _RtlUpperString(DestinationString, SourceString)
9448.   else
9449.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
9450. end;
9451.  
9452. function RtlUsageHeap(HeapHandle: PVOID; Flags: ULONG;
9453.   Usage: PRTL_HEAP_USAGE): NTSTATUS; stdcall;
9454. begin
9455.   if InitNt and Assigned(_RtlUsageHeap) then
9456.     Result := _RtlUsageHeap(HeapHandle, Flags, Usage)
9457.   else
9458.     Result := NtNotImplemented;
9459. end;
9460.  
9461. function RtlValidAcl(Acl: PACL): BOOL; stdcall;
9462. begin
9463.   if InitNt and Assigned(_RtlValidAcl) then
9464.     Result := _RtlValidAcl(Acl)
9465.   else
9466.     Result := NtNotImplementedBoolean;
9467. end;
9468.  
9469. function RtlValidateHeap(HeapHandle: PVOID; Flags: ULONG;
9470.   BaseAddress: PVOID): BOOL; stdcall;
9471. begin
9472.   if InitNt and Assigned(_RtlValidateHeap) then
9473.     Result := _RtlValidateHeap(HeapHandle, Flags, BaseAddress)
9474.   else
9475.     Result := NtNotImplementedBoolean;
9476. end;
9477.  
9478. function RtlValidRelativeSecurityDescriptor(
9479.   SecurityDescriptorInput: PSECURITY_DESCRIPTOR;
9480.   SecurityDescriptorLength: ULONG;
9481.   RequiredInformation: SECURITY_INFORMATION): BOOL; stdcall;
9482. begin
9483.   if InitNt and Assigned(_RtlValidRelativeSecurityDescriptor) then
9484.     Result := _RtlValidRelativeSecurityDescriptor(SecurityDescriptorInput,
9485.       SecurityDescriptorLength, RequiredInformation)
9486.   else
9487.     Result := NtNotImplementedBoolean;
9488. end;
9489.  
9490. function RtlValidSecurityDescriptor(
9491.   SecurityDescriptor: PSECURITY_DESCRIPTOR): BOOL; stdcall;
9492. begin
9493.   if InitNt and Assigned(_RtlValidSecurityDescriptor) then
9494.     Result := _RtlValidSecurityDescriptor(SecurityDescriptor)
9495.   else
9496.     Result := NtNotImplementedBoolean;
9497. end;
9498.  
9499. function RtlValidSid(Sid: PSID): BOOL; stdcall;
9500. begin
9501.   if InitNt and Assigned(_RtlValidSid) then
9502.     Result := _RtlValidSid(Sid)
9503.   else
9504.     Result := NtNotImplementedBoolean;
9505. end;
9506.  
9507. function RtlVerifyVersionInfo(VersionInfo: PRTL_OSVERSIONINFOEXW;
9508.   TypeMask: ULONG; ConditionMask: ULONGLONG): NTSTATUS; stdcall;
9509. begin
9510.   if InitNt and Assigned(_RtlVerifyVersionInfo) then
9511.     Result := _RtlVerifyVersionInfo(VersionInfo, TypeMask, ConditionMask)
9512.   else
9513.     Result := NtNotImplemented;
9514. end;
9515.  
9516. function RtlWalkHeap(HeapHandle: PVOID;
9517.   Entry: PRTL_HEAP_WALK_ENTRY): NTSTATUS; stdcall;
9518. begin
9519.   if InitNt and Assigned(_RtlWalkHeap) then
9520.     Result := _RtlWalkHeap(HeapHandle, Entry)
9521.   else
9522.     Result := NtNotImplemented;
9523. end;
9524.  
9525. function RtlxAnsiStringToUnicodeSize(AAnsiString: PANSI_STRING): ULONG; stdcall;
9526. begin
9527.   if InitNt and Assigned(_RtlxAnsiStringToUnicodeSize) then
9528.     Result := _RtlxAnsiStringToUnicodeSize(AAnsiString)
9529.   else begin
9530.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
9531.     Result := 0;
9532.   end;
9533. end;
9534.  
9535. function RtlxOemStringToUnicodeSize(OemString: PSTRING): ULONG; stdcall;
9536. begin
9537.   if InitNt and Assigned(_RtlxOemStringToUnicodeSize) then
9538.     Result := _RtlxOemStringToUnicodeSize(OemString)
9539.   else begin
9540.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
9541.     Result := 0;
9542.   end;
9543. end;
9544.  
9545. function RtlxUnicodeStringToAnsiSize(
9546.   UnicodeString: PUNICODE_STRING): ULONG; stdcall;
9547. begin
9548.   if InitNt and Assigned(_RtlxUnicodeStringToAnsiSize) then
9549.     Result := _RtlxUnicodeStringToAnsiSize(UnicodeString)
9550.   else
9551.     Result := NtNotImplemented;
9552. end;
9553.  
9554. function RtlxUnicodeStringToOemSize(
9555.   UnicodeString: PUNICODE_STRING): ULONG; stdcall;
9556. begin
9557.   if InitNt and Assigned(_RtlxUnicodeStringToOemSize) then
9558.     Result := _RtlxUnicodeStringToOemSize(UnicodeString)
9559.   else
9560.     Result := NtNotImplemented;
9561. end;
9562.  
9563. function RtlZombifyActivationContext(hActCtx: THANDLE): NTSTATUS; stdcall;
9564. begin
9565.   if InitNt and Assigned(_RtlZombifyActivationContext) then
9566.     Result := _RtlZombifyActivationContext(hActCtx)
9567.   else
9568.     Result := NtNotImplemented;
9569. end;
9570.  
9571. function wcscat(s1: LPWSTR; s2: LPWSTR): LPWSTR; cdecl;
9572. begin
9573.   if InitNt and Assigned(_wcscat) then
9574.     Result := _wcscat(s1, s2)
9575.   else
9576.     Result := NtNotImplementedPointer;
9577. end;
9578.  
9579. function wcscmp(s1: LPWSTR; s2: LPWSTR): Integer; cdecl;
9580. begin
9581.   if InitNt and Assigned(_wcscmp) then
9582.     Result := _wcscmp(s1, s2)
9583.   else begin
9584.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
9585.     Result := 0;
9586.   end;
9587. end;
9588.  
9589. function wcslen(s: LPWSTR): SIZE_T; cdecl;
9590. begin
9591.   if InitNt and Assigned(_wcslen) then
9592.     Result := _wcslen(s)
9593.   else begin
9594.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
9595.     Result := 0;
9596.   end;
9597. end;
9598.  
9599. function wcsrchr(s: LPWSTR; c: Integer): LPWSTR; cdecl;
9600. begin
9601.   if InitNt and Assigned(_wcsrchr) then
9602.     Result := _wcsrchr(s, c)
9603.   else
9604.     Result := NtNotImplementedPointer;
9605. end;
9606.  
9607. function RtlGetLongestNtPathLength : DWORD; stdcall;
9608. begin
9609.   if InitNt and Assigned(_RtlGetLongestNtPathLength) then
9610.     Result := _RtlGetLongestNtPathLength
9611.   else begin
9612.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
9613.     Result := 0;
9614.   end;
9615. end;
9616.  
9617. procedure RtlReleasePebLock; stdcall;
9618. begin
9619.   if InitNt and Assigned(_RtlReleasePebLock) then
9620.     _RtlReleasePebLock
9621.   else
9622.     NtNotImplemented();
9623. end;
9624.  
9625. function RtlFreeHeap (Heap: THandle; FreeingFlags: DWORD;
9626.   Memory: Pointer): Boolean; stdcall;
9627. begin
9628.   if InitNt and Assigned(_RtlFreeHeap) then
9629.     Result := _RtlFreeHeap(Heap, FreeingFlags, Memory)
9630.   else
9631.     Result := NtNotImplementedBoolean;
9632. end;
9633.  
9634. procedure RtlInitAnsiString (var Buffer : TANSI_STRING;
9635.   Source : PAnsiChar); stdcall;
9636. begin
9637.   if InitNt and Assigned(_RtlInitAnsiString) then
9638.     _RtlInitAnsiString(Buffer, Source);
9639. end;
9640.  
9641. procedure RtlInitString (var Buffer : TANSI_STRING;
9642.   Source : PAnsiChar); stdcall;
9643. begin
9644.   if InitNt and Assigned(_RtlInitString) then
9645.     _RtlInitString(Buffer, Source);
9646. end;
9647.  
9648. procedure RtlRestoreLastWin32Error (dwError: DWORD); stdcall;
9649. begin
9650.   if InitNt and Assigned(_RtlRestoreLastWin32Error) then
9651.     _RtlRestoreLastWin32Error(dwError);
9652. end;
9653.  
9654. procedure RtlFreeThreadActivationContextStack; stdcall;
9655. begin
9656.   if InitNt and Assigned(_RtlFreeThreadActivationContextStack) then
9657.     _RtlFreeThreadActivationContextStack;
9658. end;
9659.  
9660. procedure RtlFreeAnsiString (Buffer : PAnsiString); stdcall;
9661. begin
9662.   if InitNt and Assigned(_RtlFreeAnsiString) then
9663.     _RtlFreeAnsiString(Buffer);
9664. end;
9665.  
9666. procedure RtlFreeUnicodeString (Buffer : PUnicodeString); stdcall;
9667. begin
9668.   if InitNt and Assigned(_RtlFreeUnicodeString) then
9669.     _RtlFreeUnicodeString(Buffer);
9670. end;
9671.  
9672. function RtlEqualUnicodeString (String1, String2: PUnicodeString;
9673.   CaseInSensitive: Boolean): Boolean; stdcall;
9674. begin
9675.   if InitNt and Assigned(_RtlEqualUnicodeString) then
9676.     Result := _RtlEqualUnicodeString(String1, String2, CaseInSensitive)
9677.   else
9678.     Result := NtNotImplementedBoolean;
9679. end;
9680.  
9681. function RtlImageNtHeaderEx (dwFlags: DWORD; ImageBase: HMODULE;
9682.   ImageSize, ImageSizeHigh: ULONG;
9683.   NtHeaders: PPImageNTHeaders): NTSTATUS; stdcall;
9684. begin
9685.   if InitNt and Assigned(_RtlImageNtHeaderEx) then
9686.     Result := _RtlImageNtHeaderEx(dwFlags, ImageBase, ImageSize, ImageSizeHigh,
9687.       NtHeaders)
9688.   else
9689.     Result := NtNotImplemented;
9690. end;
9691.  
9692. function RtlGetThreadErrorMode: DWORD; stdcall;
9693. begin
9694.   if InitNt and Assigned(_RtlGetThreadErrorMode) then
9695.     Result := _RtlGetThreadErrorMode
9696.   else begin
9697.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
9698.     Result := DWORD(-1);
9699.   end;
9700. end;
9701.  
9702. function RtlGetLastNtStatus: NTSTATUS; stdcall;
9703. begin
9704.   if InitNt and Assigned(_RtlGetLastNtStatus) then
9705.     Result := _RtlGetLastNtStatus
9706.   else
9707.     Result := NtNotImplemented;
9708. end;
9709.  
9710. function RtlGetLastWin32Error: DWORD; stdcall;
9711. begin
9712.   if InitNt and Assigned(_RtlGetLastWin32Error) then
9713.     Result := _RtlGetLastWin32Error
9714.   else begin
9715.     SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
9716.     Result := DWORD(-1);
9717.   end;
9718. end;
9719.  
9720. function wcscpy (const Dst, Src: PWideChar): PWideChar; cdecl;
9721. begin
9722.   if InitNt and Assigned(_wcscpy) then
9723.     Result := _wcscpy (Dst, Src)
9724.   else
9725.     Result := NtNotImplementedPointer;
9726. end;
9727.  
9728. function wcschr (const s: PWideChar; c: WideChar): PWideChar; cdecl;
9729. begin
9730.   if InitNt and Assigned(_wcschr) then
9731.     Result := _wcschr (s, c)
9732.   else
9733.     Result := NtNotImplementedPointer;
9734. end;
9735.  
9736. procedure InitializeObjectAttributes (P: POBJECT_ATTRIBUTES; N: PUNICODE_STRING;
9737.   A: ULONG; R: THANDLE; S: PSECURITY_DESCRIPTOR);
9738. begin
9739.   P^.Length := SizeOf(OBJECT_ATTRIBUTES);
9740.   P^.RootDirectory := R;
9741.   P^.Attributes := A;
9742.   P^.ObjectName := N;
9743.   P^.SecurityDescriptor := S;
9744.   P^.SecurityQualityOfService := nil;
9745. end;
9746.  
9747. end.