/// <summary><para>The <c>KEY_INFORMATION_CLASS</c> enumeration type represents the type of information to supply about a registry key.</para></summary><remarks><para>Use the <c>KEY_INFORMATION_CLASS</c> values to specify the type of data to be supplied by the ZwEnumerateKey and ZwQueryKey routines.</para></remarks>
/// <summary>A KEY_NODE_INFORMATION structure is supplied.</summary>
[CorrespondingType(typeof(KEY_NODE_INFORMATION))]
KeyNodeInformation,
/// <summary>A KEY_FULL_INFORMATION structure is supplied.</summary>
[CorrespondingType(typeof(KEY_FULL_INFORMATION))]
KeyFullInformation,
/// <summary>A KEY_NAME_INFORMATION structure is supplied.</summary>
[CorrespondingType(typeof(KEY_NAME_INFORMATION))]
KeyNameInformation,
/// <summary>A KEY_CACHED_INFORMATION structure is supplied.</summary>
KeyCachedInformation,
/// <summary>Reserved for system use.</summary>
KeyFlagsInformation,
/// <summary>A KEY_VIRTUALIZATION_INFORMATION structure is supplied.</summary>
KeyVirtualizationInformation,
/// <summary>Reserved for system use.</summary>
KeyHandleTagsInformation,
/// <summary />
KeyTrustInformation,
/// <summary />
KeyLayerInformation,
/// <summary>The maximum value in this enumeration type.</summary>
MaxKeyInfoClass,
}
/// <summary>
/// <para>The <c>NtCreateFile</c> routine creates a new file or opens an existing file.</para>
/// </summary>
/// <param name="FileHandle">
/// <para>A pointer to a HANDLE variable that receives a handle to the file.</para>
/// </param>
/// <param name="DesiredAccess">
/// <para>
/// Specifies an ACCESS_MASK value that determines the requested access to the object. In addition to the access rights that are
/// defined for all types of objects, the caller can specify any of the following access rights, which are specific to files.
/// </para>
/// <list type="table">
/// <listheader>
/// <term>ACCESS_MASK flag</term>
/// <term>Allows caller to do this</term>
/// </listheader>
/// <item>
/// <term>FILE_READ_DATA</term>
/// <term>Read data from the file.</term>
/// </item>
/// <item>
/// <term>FILE_READ_ATTRIBUTES</term>
/// <term>Read the attributes of the file. (For more information, see the description of the FileAttributes parameter.)</term>
/// </item>
/// <item>
/// <term>FILE_READ_EA</term>
/// <term>Read the extended attributes (EAs) of the file. This flag is irrelevant for device and intermediate drivers.</term>
/// </item>
/// <item>
/// <term>FILE_WRITE_DATA</term>
/// <term>Write data to the file.</term>
/// </item>
/// <item>
/// <term>FILE_WRITE_ATTRIBUTES</term>
/// <term>Write the attributes of the file. (For more information, see the description of the FileAttributes parameter.)</term>
/// </item>
/// <item>
/// <term>FILE_WRITE_EA</term>
/// <term>Change the extended attributes (EAs) of the file. This flag is irrelevant for device and intermediate drivers.</term>
/// </item>
/// <item>
/// <term>FILE_APPEND_DATA</term>
/// <term>Append data to the file.</term>
/// </item>
/// <item>
/// <term>FILE_EXECUTE</term>
/// <term>Use system paging I/O to read data from the file into memory. This flag is irrelevant for device and intermediate drivers.</term>
/// </item>
/// </list>
/// <para>
/// <c>Note</c> Do not specify FILE_READ_DATA, FILE_WRITE_DATA, FILE_APPEND_DATA, or FILE_EXECUTE when you create or open a directory.
/// </para>
/// <para>The caller can only specify a generic access right, GENERIC_</para>
/// <para>XXX</para>
/// <para>, for a file, not a directory. Generic access rights correspond to specific access rights as shown in the following table.</para>
/// <list type="table">
/// <listheader>
/// <term>Generic access right</term>
/// <term>Set of specific access rights</term>
/// </listheader>
/// <item>
/// <term>GENERIC_READ</term>
/// <term>STANDARD_RIGHTS_READ, FILE_READ_DATA, FILE_READ_ATTRIBUTES, FILE_READ_EA, and SYNCHRONIZE.</term>
/// </item>
/// <item>
/// <term>GENERIC_WRITE</term>
/// <term>STANDARD_RIGHTS_WRITE, FILE_WRITE_DATA, FILE_WRITE_ATTRIBUTES, FILE_WRITE_EA, FILE_APPEND_DATA, and SYNCHRONIZE.</term>
/// </item>
/// <item>
/// <term>GENERIC_EXECUTE</term>
/// <term>
/// STANDARD_RIGHTS_EXECUTE, FILE_EXECUTE, FILE_READ_ATTRIBUTES, and SYNCHRONIZE. This value is irrelevant for device and
/// intermediate drivers.
/// </term>
/// </item>
/// <item>
/// <term>GENERIC_ALL</term>
/// <term>FILE_ALL_ACCESS.</term>
/// </item>
/// </list>
/// <para>
/// For example, if you specify GENERIC_READ for a file object, the routine maps this value to the FILE_GENERIC_READ bitmask of
/// specific access rights. In the preceding table, the specific access rights that are listed for GENERIC_READ correspond to the
/// access flags that are contained in the FILE_GENERIC_READ bitmask. If the file is actually a directory, the caller can also
/// specify the following generic access rights.
/// </para>
/// <list type="table">
/// <listheader>
/// <term>DesiredAccess flag</term>
/// <term>Allows caller to do this</term>
/// </listheader>
/// <item>
/// <term>FILE_LIST_DIRECTORY</term>
/// <term>List the files in the directory.</term>
/// </item>
/// <item>
/// <term>FILE_TRAVERSE</term>
/// <term>Traverse the directory, in other words, include the directory in the path of a file.</term>
/// </item>
/// </list>
/// <para>For more information about access rights, see ACCESS_MASK.</para>
/// </param>
/// <param name="ObjectAttributes">
/// <para>A pointer to an OBJECT_ATTRIBUTES structure that specifies the object name and other attributes. Use InitializeObjectAttributes to initialize this structure. If the caller is not running in a system thread context, it must set the OBJ_KERNEL_HANDLE attribute when it calls InitializeObjectAttributes.</para>
/// </param>
/// <param name="IoStatusBlock">
/// <para>A pointer to an IO_STATUS_BLOCK structure that receives the final completion status and other information about the requested operation. In particular, the Information member receives one of the following values:</para>
/// <list type="bullet">
/// <item>
/// <term>FILE_CREATED</term>
/// </item>
/// <item>
/// <term>FILE_OPENED</term>
/// </item>
/// <item>
/// <term>FILE_OVERWRITTEN</term>
/// </item>
/// <item>
/// <term>FILE_SUPERSEDED</term>
/// </item>
/// <item>
/// <term>FILE_EXISTS</term>
/// </item>
/// <item>
/// <term>FILE_DOES_NOT_EXIST</term>
/// </item>
/// </list>
/// </param>
/// <param name="AllocationSize">
/// <para>
/// A pointer to a LARGE_INTEGER that contains the initial allocation size, in bytes, for a file that is created or overwritten. If AllocationSize is NULL, no allocation size is specified. If no file is created or overwritten, AllocationSize is ignored.</para>
/// </param>
/// <param name="FileAttributes">
/// <para>Specifies one or more FILE_ATTRIBUTE_XXX flags, which represent the file attributes to set if you create or overwrite a file. The caller usually specifies
/// FILE_ATTRIBUTE_NORMAL, which sets the default attributes. For a list of valid FILE_ATTRIBUTE_XXXflags, see the CreateFile routine in the Microsoft Windows SDK documentation. If no file is created or overwritten, FileAttributes is ignored.</para>
/// </param>
/// <param name="ShareAccess">
/// <para>Type of share access, which is specified as zero or any combination of the following flags.</para>
/// <list type="table">
/// <listheader>
/// <term>ShareAccess flag</term>
/// <term>Allows other threads to do this</term>
/// </listheader>
/// <item>
/// <term>FILE_SHARE_READ</term>
/// <term>Read the file</term>
/// </item>
/// <item>
/// <term>FILE_SHARE_WRITE</term>
/// <term>Write the file</term>
/// </item>
/// <item>
/// <term>FILE_SHARE_DELETE</term>
/// <term>Delete the file</term>
/// </item>
/// </list>
/// <para>Device and intermediate drivers usually set ShareAccess to zero, which gives the caller exclusive access to the open file.</para>
/// </param>
/// <param name="CreateDisposition">
/// <para>Specifies the action to perform if the file does or does not exist. CreateDisposition can be one of the values in the following table.</para>
/// <list type="table">
/// <listheader>
/// <term>CreateDisposition value</term>
/// <term>Action if file exists</term>
/// <term>Action if file does not exist</term>
/// </listheader>
/// <item>
/// <term>FILE_SUPERSEDE</term>
/// <term>Replace the file.</term>
/// <term>Create the file.</term>
/// </item>
/// <item>
/// <term>FILE_CREATE</term>
/// <term>Return an error.</term>
/// <term>Create the file.</term>
/// </item>
/// <item>
/// <term>FILE_OPEN</term>
/// <term>Open the file.</term>
/// <term>Return an error.</term>
/// </item>
/// <item>
/// <term>FILE_OPEN_IF</term>
/// <term>Open the file.</term>
/// <term>Create the file.</term>
/// </item>
/// <item>
/// <term>FILE_OVERWRITE</term>
/// <term>Open the file, and overwrite it.</term>
/// <term>Return an error.</term>
/// </item>
/// <item>
/// <term>FILE_OVERWRITE_IF</term>
/// <term>Open the file, and overwrite it.</term>
/// <term>Create the file.</term>
/// </item>
/// </list>
/// </param>
/// <param name="CreateOptions">
/// <para>
/// Specifies the options to apply when the driver creates or opens the file. Use one or more of the flags in the following table.
/// </para>
/// <list type="table">
/// <listheader>
/// <term>CreateOptions flag</term>
/// <term>Meaning</term>
/// </listheader>
/// <item>
/// <term>FILE_DIRECTORY_FILE</term>
/// <term>
/// The file is a directory. Compatible CreateOptions flags are FILE_SYNCHRONOUS_IO_ALERT, FILE_SYNCHRONOUS_IO_NONALERT,
/// FILE_WRITE_THROUGH, FILE_OPEN_FOR_BACKUP_INTENT, and FILE_OPEN_BY_FILE_ID. The CreateDisposition parameter must be set to
/// FILE_CREATE, FILE_OPEN, or FILE_OPEN_IF.
/// </term>
/// </item>
/// <item>
/// <term>FILE_NON_DIRECTORY_FILE</term>
/// <term>
/// The file is a directory. The file object to open can represent a data file; a logical, virtual, or physical device; or a volume.
/// </term>
/// </item>
/// <item>
/// <term>FILE_WRITE_THROUGH</term>
/// <term>
/// System services, file-system drivers, and drivers that write data to the file must actually transfer the data to the file before
/// any requested write operation is considered complete.
/// </term>
/// </item>
/// <item>
/// <term>FILE_SEQUENTIAL_ONLY</term>
/// <term>All access to the file will be sequential.</term>
/// </item>
/// <item>
/// <term>FILE_RANDOM_ACCESS</term>
/// <term>
/// Access to the file can be random, so no sequential read-ahead operations should be performed by file-system drivers or by the system.
/// </term>
/// </item>
/// <item>
/// <term>FILE_NO_INTERMEDIATE_BUFFERING</term>
/// <term>
/// The file cannot be cached or buffered in a driver's internal buffers. This flag is incompatible with the DesiredAccess
/// parameter's FILE_APPEND_DATA flag.
/// </term>
/// </item>
/// <item>
/// <term>FILE_SYNCHRONOUS_IO_ALERT</term>
/// <term>
/// All operations on the file are performed synchronously. Any wait on behalf of the caller is subject to premature termination from
/// alerts. This flag also causes the I/O system to maintain the file-position pointer. If this flag is set, the SYNCHRONIZE flag
/// must be set in the DesiredAccess parameter.
/// </term>
/// </item>
/// <item>
/// <term>FILE_SYNCHRONOUS_IO_NONALERT</term>
/// <term>
/// All operations on the file are performed synchronously. Waits in the system that synchronize I/O queuing and completion are not
/// subject to alerts. This flag also causes the I/O system to maintain the file-position context. If this flag is set, the
/// SYNCHRONIZE flag must be set in the DesiredAccess parameter.
/// </term>
/// </item>
/// <item>
/// <term>FILE_CREATE_TREE_CONNECTION</term>
/// <term>
/// Create a tree connection for this file in order to open it over the network. This flag is not used by device and intermediate drivers.
/// </term>
/// </item>
/// <item>
/// <term>FILE_COMPLETE_IF_OPLOCKED</term>
/// <term>
/// Complete this operation immediately with an alternate success code of STATUS_OPLOCK_BREAK_IN_PROGRESS if the target file is
/// oplocked, rather than blocking the caller's thread. If the file is oplocked, another caller already has access to the file. This
/// flag is not used by device and intermediate drivers.
/// </term>
/// </item>
/// <item>
/// <term>FILE_NO_EA_KNOWLEDGE</term>
/// <term>
/// If the extended attributes (EAs) for an existing file being opened indicate that the caller must understand EAs to properly
/// interpret the file, NtCreateFile should return an error. This flag is irrelevant for device and intermediate drivers.
/// </term>
/// </item>
/// <item>
/// <term>FILE_OPEN_REPARSE_POINT</term>
/// <term>
/// Open a file with a reparse point and bypass normal reparse point processing for the file. For more information, see the following
/// Remarks section.
/// </term>
/// </item>
/// <item>
/// <term>FILE_DELETE_ON_CLOSE</term>
/// <term>
/// The system deletes the file when the last handle to the file is passed to NtClose. If this flag is set, the DELETE flag must be
/// set in the DesiredAccess parameter.
/// </term>
/// </item>
/// <item>
/// <term>FILE_OPEN_BY_FILE_ID</term>
/// <term>
/// The file name that is specified by the ObjectAttributes parameter includes a binary 8-byte or 16-byte file reference number or
/// object ID for the file, depending on the file system as shown below. Optionally, a device name followed by a backslash character
/// may proceed these binary values. For example, a device name will have the following format. This number is assigned by and
/// specific to the particular file system.
/// </term>
/// </item>
/// <item>
/// <term>FILE_OPEN_FOR_BACKUP_INTENT</term>
/// <term>
/// The file is being opened for backup intent. Therefore, the system should check for certain access rights and grant the caller the
/// appropriate access to the file—before checking the DesiredAccess parameter against the file's security descriptor. This flag not
/// used by device and intermediate drivers.
/// </term>
/// </item>
/// <item>
/// <term>FILE_RESERVE_OPFILTER</term>
/// <term>
/// This flag allows an application to request a Filter opportunistic lock (oplock) to prevent other applications from getting share
/// violations. If there are already open handles, the create request will fail with STATUS_OPLOCK_NOT_GRANTED. For more information,
/// see the following Remarks section.
/// </term>
/// </item>
/// <item>
/// <term>FILE_OPEN_REQUIRING_OPLOCK</term>
/// <term>
/// The file is being opened and an opportunistic lock (oplock) on the file is being requested as a single atomic operation. The file
/// system checks for oplocks before it performs the create operation, and will fail the create with a return code of
/// STATUS_CANNOT_BREAK_OPLOCK if the result would be to break an existing oplock.
/// </term>
/// </item>
/// <item>
/// <term>FILE_SESSION_AWARE</term>
/// <term>The client opening the file or device is session aware and per session access is validated if necessary.</term>
/// </item>
/// </list>
/// </param>
/// <param name="EaBuffer">
/// <para>For device and intermediate drivers, this parameter must be a NULL pointer.</para>
/// </param>
/// <param name="EaLength">
/// <para>For device and intermediate drivers, this parameter must be zero.</para>
/// </param>
/// <returns>NtCreateFile returns STATUS_SUCCESS on success or an appropriate NTSTATUS error code on failure. In the latter case, the caller can determine the cause of the failure by checking the IoStatusBlock parameter.
/// <para>
/// <c>Note</c><c>NtCreateFile</c> might return STATUS_FILE_LOCK_CONFLICT as the return value or in the <c>Status</c> member of the
/// <c>IO_STATUS_BLOCK</c> structure that is pointed to by the IoStatusBlock parameter. This would occur only if the NTFS log file is
/// full, and an error occurs while <c>NtCreateFile</c> tries to handle this situation.
/// </para>
/// </returns>
/// <remarks>
/// <para>
/// <c>NtCreateFile</c> supplies a handle that the caller can use to manipulate a file's data, or the file object's state and
/// attributes. For more information, see Using Files in a Driver.
/// </para>
/// <para>Once the handle pointed to by FileHandle is no longer in use, the driver must call NtClose to close it.</para>
/// <para>
/// If the caller is not running in a system thread context, it must ensure that any handles it creates are private handles.
/// Otherwise, the handle can be accessed by the process in whose context the driver is running. For more information, see Object Handles.
/// </para>
/// <para>There are two alternate ways to specify the name of the file to be created or opened with <c>NtCreateFile</c>:</para>
/// <para>Setting certain flags in the DesiredAccess parameter results in the following effects:</para>
/// <para>
/// The ShareAccess parameter determines whether separate threads can access the same file, possibly simultaneously. Provided that
/// both callers have the appropriate access privileges, the file can be successfully opened and shared. If the original caller of
/// <c>NtCreateFile</c> does not specify FILE_SHARE_READ, FILE_SHARE_WRITE, or FILE_SHARE_DELETE, no other caller can open the
/// file—that is, the original caller is granted exclusive access.
/// </para>
/// <para>
/// To successfully open a shared file, the DesiredAccess flags must be compatible with the DesiredAccess and ShareAccess flags of
/// all the previous open operations that have not yet been released through . That is, the DesiredAccess specified to
/// <c>NtCreateFile</c> for a given file must not conflict with the accesses that other openers of the file have disallowed.
/// </para>
/// <para>
/// The CreateDisposition value FILE_SUPERSEDE requires that the caller have DELETE access to a existing file object. If so, a
/// successful call to <c>NtCreateFile</c> with FILE_SUPERSEDE on an existing file effectively deletes that file, and then recreates
/// it. This implies that, if the file has already been opened by another thread, it opened the file by specifying a ShareAccess
/// parameter with the FILE_SHARE_DELETE flag set. Note that this type of disposition is consistent with the POSIX style of
/// overwriting files.
/// </para>
/// <para>
/// The CreateDisposition values FILE_OVERWRITE_IF and FILE_SUPERSEDE are similar. If <c>NtCreateFile</c> is called with a existing
/// file and either of these CreateDisposition values, the file will be replaced.
/// </para>
/// <para>Overwriting a file is semantically equivalent to a supersede operation, except for the following:</para>
/// <para>
/// The FILE_DIRECTORY_FILE CreateOptions value specifies that the file to be created or opened is a directory. When a directory file
/// is created, the file system creates an appropriate structure on the disk to represent an empty directory for that particular file
/// system's on-disk structure. If this option was specified and the given file to be opened is not a directory file, or if the
/// caller specified an inconsistent CreateOptions or CreateDisposition value, the call to <c>NtCreateFile</c> will fail.
/// </para>
/// <para>
/// The FILE_NO_INTERMEDIATE_BUFFERING CreateOptions flag prevents the file system from performing any intermediate buffering on
/// behalf of the caller. Specifying this flag places the following restrictions on the caller's parameters to other <c>ZwXxxFile</c> routines.
/// </para>
/// <para>
/// The FILE_SYNCHRONOUS_IO_ALERT and FILE_SYNCHRONOUS_IO_NONALERT CreateOptions flags, which are mutually exclusive as their names
/// suggest, specify that all I/O operations on the file will be synchronous—as long as they occur through the file object referred
/// to by the returned FileHandle. All I/O on such a file is serialized across all threads using the returned handle. If either of
/// these CreateOptions flags is set, the SYNCHRONIZE DesiredAccess flag must also be set—to compel the I/O manager to use the file
/// object as a synchronization object. In these cases, the I/O manager keeps track of the current file-position offset, which you
/// can pass to <c>NtReadFile</c> and <c>NtWriteFile</c>. Call <c>NtQueryInformationFile</c> or <c>NtSetInformationFile</c> to get or
/// set this position.
/// </para>
/// <para>
/// If the CreateOptions FILE_OPEN_REPARSE_POINT flag is specified and <c>NtCreateFile</c> attempts to open a file with a reparse
/// point, normal reparse point processing occurs for the file. If, on the other hand, the FILE_OPEN_REPARSE_POINT flag is specified,
/// normal reparse processing does occur and <c>NtCreateFile</c> attempts to directly open the reparse point file. In either case, if
/// the open operation was successful, <c>NtCreateFile</c> returns STATUS_SUCCESS; otherwise, the routine returns an NTSTATUS error
/// code. <c>NtCreateFile</c> never returns STATUS_REPARSE.
/// </para>
/// <para>
/// The CreateOptions FILE_OPEN_REQUIRING_OPLOCK flag eliminates the time between when you open the file and request an oplock that
/// could potentially allow a third party to open the file and get a sharing violation. An application can use the
/// FILE_OPEN_REQUIRING_OPLOCK flag on <c>NtCreateFile</c> and then request any oplock. This ensures that an oplock owner will be
/// notified of any subsequent open request that causes a sharing violation.
/// </para>
/// <para>
/// In Windows 7, if other handles exist on the file when an application uses the FILE_OPEN_REQUIRING_OPLOCK flag, the create
/// operation will fail with STATUS_OPLOCK_NOT_GRANTED. This restriction no longer exists starting with Windows 8.
/// </para>
/// <para>
/// If this create operation would break an oplock that already exists on the file, then setting the FILE_OPEN_REQUIRING_OPLOCK flag
/// will cause the create operation to fail with STATUS_CANNOT_BREAK_OPLOCK. The existing oplock will not be broken by this create operation.
/// </para>
/// <para>
/// An application that uses the FILE_OPEN_REQUIRING_OPLOCK flag must request an oplock after this call succeeds, or all subsequent
/// attempts to open the file will be blocked without the benefit of normal oplock processing. Similarly, if this call succeeds but
/// the subsequent oplock request fails, an application that uses this flag must close its handle after it detects that the oplock
/// request has failed.
/// </para>
/// <para>
/// The CreateOptions flag FILE_RESERVE_OPFILTER allows an application to request a Level 1, Batch, or Filter oplock to prevent other
/// applications from getting share violations. However, FILE_RESERVE_OPFILTER is only practically useful for Filter oplocks. To use
/// it, you must complete the following steps:
/// </para>
/// <para>
/// Step three makes this practical only for Filter oplocks. The handle opened in step 3 can have a DesiredAccess that contains a
/// maximum of FILE_READ_ATTRIBUTES | FILE_WRITE_ATTRIBUTES | FILE_READ_DATA | FILE_READ_EA | FILE_EXECUTE | SYNCHRONIZE |
/// READ_CONTROL and still not break a Filter oplock. However, any DesiredAccess greater than FILE_READ_ATTRIBUTES |
/// FILE_WRITE_ATTRIBUTES | SYNCHRONIZE will break a Level 1 or Batch oplock and make the FILE_RESERVE_OPFILTER flag useless for
/// those oplock types.
/// </para>
/// <para>NTFS is the only Microsoft file system that implements FILE_RESERVE_OPFILTER.</para>
/// <para>Callers of <c>NtCreateFile</c> must be running at IRQL = PASSIVE_LEVEL and with special kernel APCs enabled.</para>
/// <para>
/// For calls from kernel-mode drivers, the <c>NtXxx</c> and <c>ZwXxx</c> versions of a Windows Native System Services routine can
/// behave differently in the way that they handle and interpret input parameters. For more information about the relationship
/// between the <c>NtXxx</c> and <c>ZwXxx</c> versions of a routine, see Using Nt and Zw Versions of the Native System Services Routines.
/// This is the completion status, either STATUS_SUCCESS if the requested operation was completed successfully or an informational,
/// warning, or error STATUS_XXX value. For more information, see Using NTSTATUS values.
/// </summary>
publicuintStatus;
/// <summary>
/// This is set to a request-dependent value. For example, on successful completion of a transfer request, this is set to the
/// number of bytes transferred. If a transfer request is completed with another STATUS_XXX, this member is set to zero.
/// </summary>
publicIntPtrInformation;
}
/// <summary><para>The <c>KEY_BASIC_INFORMATION</c> structure defines a subset of the full information that is available for a registry key.</para></summary><remarks><para>The ZwEnumerateKey and ZwQueryKey routines use the <c>KEY_BASIC_INFORMATION</c> structure to contain the basic information for a registry key. When the KeyInformationClass parameter of either routine is <c>KeyBasicInformation</c>, the KeyInformation buffer is treated as a <c>KEY_BASIC_INFORMATION</c> structure. For more information about the <c>KeyBasicInformation</c> enumeration value, see KEY_INFORMATION_CLASS.</para></remarks>
/// <summary><para>The last time this key or any of its values changed. This time value is expressed in absolute system time format. Absolute system time is the number of 100-nanosecond intervals since the start of the year 1601 in the Gregorian calendar.</para></summary>
publiclongLastWriteTime;
/// <summary><para>Device and intermediate drivers should ignore this member.</para></summary>
publicuintTitleIndex;
/// <summary><para>The size, in bytes, of the key name string in the <c>Name</c> array.</para></summary>
publicuintNameLength;
/// <summary><para>An array of wide characters that contains the name of the registry key. This character string is null-terminated. Only the first element in this array is included in the <c>KEY_BASIC_INFORMATION</c> structure definition. The storage for the remaining elements in the array immediately follows this element.</para></summary>
publicStrPtrUniName;
}
/// <summary><para>The <c>KEY_FULL_INFORMATION</c> structure defines the information available for a registry key, including information about its subkeys and the maximum length for their names and value entries. This information can be used to size buffers to get the names of subkeys and their value entries.</para></summary><remarks><para>The ZwEnumerateKey and ZwQueryKey routines use the <c>KEY_FULL_INFORMATION</c> structure to contain the full information for a registry key. When the KeyInformationClass parameter of either routine is <c>KeyFullInformation</c>, the KeyInformation buffer is treated as a <c>KEY_FULL_INFORMATION</c> structure. For more information about the <c>KeyFullInformation</c> enumeration value, see KEY_INFORMATION_CLASS.</para></remarks>
/// <summary><para>The last time this key or any of its values changed. This time value is expressed in absolute system time format. Absolute system time is the number of 100-nanosecond intervals since the start of the year 1601 in the Gregorian calendar.</para></summary>
publiclongLastWriteTime;
/// <summary><para>Device and intermediate drivers should ignore this member.</para></summary>
publicuintTitleIndex;
/// <summary><para>The byte offset from the start of this structure to the <c>Class</c> member.</para></summary>
publicuintClassOffset;
/// <summary><para>The size, in bytes, of the key class name string in the <c>Class</c> array.</para></summary>
publicuintClassLength;
/// <summary><para>The number of subkeys for this key.</para></summary>
publicuintSubKeys;
/// <summary><para>The maximum size, in bytes, of any name for a subkey.</para></summary>
publicuintMaxNameLen;
/// <summary><para>The maximum size, in bytes, of a class name.</para></summary>
publicuintMaxClassLen;
/// <summary><para>The number of value entries for this key.</para></summary>
publicuintValues;
/// <summary><para>The maximum size, in bytes, of a value entry name.</para></summary>
publicuintMaxValueNameLen;
/// <summary><para>The maximum size, in bytes, of a value entry data field.</para></summary>
publicuintMaxValueDataLen;
/// <summary><para>An array of wide characters that contains the name of the class of the key. This character string is null-terminated. Only the first element in this array is included in the <c>KEY_FULL_INFORMATION</c> structure definition. The storage for the remaining elements in the array immediately follows this element.</para></summary>
publicStrPtrUniClass;
}
/// <summary><para>The <c>KEY_NAME_INFORMATION</c> structure holds the name and name length of the key.</para></summary><remarks><para>The ZwQueryKey routine uses the <c>KEY_NAME_INFORMATION</c> structure to contain the registry key name. When the KeyInformationClass parameter of this routine is <c>KeyNameInformation</c>, the KeyInformation buffer is treated as a <c>KEY_NAME_INFORMATION</c> structure. For more information about the <c>KeyNameInformation</c> enumeration value, see KEY_INFORMATION_CLASS.</para></remarks>
/// <summary><para>The size, in bytes, of the key name string in the <c>Name</c> array.</para></summary>
publicuintNameLength;
/// <summary><para>An array of wide characters that contains the name of the registry key. This character string is null-terminated. Only the first element in this array is included in the <c>KEY_NAME_INFORMATION</c> structure definition. The storage for the remaining elements in the array immediately follows this element.</para></summary>
publicStrPtrUniName;
}
/// <summary>
/// <para>The <c>KEY_NODE_INFORMATION</c> structure defines the basic information available for a registry (sub)key.</para>
/// </summary>
/// <remarks>
/// <para>
/// The ZwEnumerateKey and ZwQueryKey routines use the <c>KEY_NODE_INFORMATION</c> structure to contain the registry key name and key
/// class name. When the KeyInformationClass parameter of either routine is <c>KeyNodeInformation</c>, the KeyInformation buffer is
/// treated as a <c>KEY_NODE_INFORMATION</c> structure. For more information about the <c>KeyNodeInformation</c> enumeration value,
/// <summary><para>The last time this key or any of its values changed. This time value is expressed in absolute system time format. Absolute system time is the number of 100-nanosecond intervals since the start of the year 1601 in the Gregorian calendar.</para></summary>
publiclongLastWriteTime;
/// <summary><para>Device and intermediate drivers should ignore this member.</para></summary>
publicuintTitleIndex;
/// <summary><para>The byte offset from the start of this structure to the class name string, which is located in the <c>Name</c> array immediately following the key name string. Like the key name string, the class name string is not null-terminated.</para></summary>
publicuintClassOffset;
/// <summary><para>The size, in bytes, in the class name string.</para></summary>
publicuintClassLength;
/// <summary><para>The size, in bytes, of the key name string contained in the <c>Name</c> array.</para></summary>
publicuintNameLength;
/// <summary><para>An array of wide characters that contains the name of the registry key. This character string is null-terminated. Only the first element in this array is included in the <c>KEY_NODE_INFORMATION</c> structure definition. The storage for the remaining elements in the array immediately follows this element.</para></summary>
publicStrPtrUniName;
}
/// <summary><para>The <c>OBJECT_ATTRIBUTES</c> structure specifies attributes that can be applied to objects or object handles by routines that create objects and/or return handles to objects.</para></summary><remarks><para>Use the InitializeObjectAttributes macro to initialize the members of the <c>OBJECT_ATTRIBUTES</c> structure. Note that <c>InitializeObjectAttributes</c> initializes the <c>SecurityQualityOfService</c> member to <c>NULL</c>. If you must specify a non-<c>NULL</c> value, set the <c>SecurityQualityOfService</c> member after initialization.</para><para>To apply the attributes contained in this structure to an object or object handle, pass a pointer to this structure to a routine that accesses objects or returns object handles, such as ZwCreateFile or ZwCreateDirectoryObject.</para><para>All members of this structure are read-only. If a member of this structure is a pointer, the object that this member points to is read-only as well. Read-only members and objects can be used to acquire relevant information but must not be modified. To set the members of this structure, use the <c>InitializeObjectAttributes</c> macro.</para><para>Driver routines that run in a process context other than that of the system process must set the OBJ_KERNEL_HANDLE flag for the <c>Attributes</c> member (by using the <c>InitializeObjectAttributes</c> macro). This restricts the use of a handle opened for that object to processes running only in kernel mode. Otherwise, the handle can be accessed by the process in whose context the driver is running.</para></remarks>
/// <summary><para>The number of bytes of data contained in this structure. The InitializeObjectAttributes macro sets this member to <c>sizeof</c>(<c>OBJECT_ATTRIBUTES</c>).</para></summary>
publicuintlength;
/// <summary><para>Optional handle to the root object directory for the path name specified by the <c>ObjectName</c> member. If <c>RootDirectory</c> is <c>NULL</c>, <c>ObjectName</c> must point to a fully qualified object name that includes the full path to the target object. If <c>RootDirectory</c> is non-<c>NULL</c>, <c>ObjectName</c> specifies an object name relative to the <c>RootDirectory</c> directory. The <c>RootDirectory</c> handle can refer to a file system directory or an object directory in the object manager namespace.</para></summary>
publicIntPtrrootDirectory;
/// <summary><para>Pointer to a Unicode string that contains the name of the object for which a handle is to be opened. This must either be a fully qualified object name, or a relative path name to the directory specified by the <c>RootDirectory</c> member.</para></summary>
publicIntPtrobjectName;
/// <summary><para>Bitmask of flags that specify object handle attributes. This member can contain one or more of the flags in the following table.</para><list type="table"><listheader><term>Flag</term><term>Meaning</term></listheader><item><term>OBJ_INHERIT</term><term>This handle can be inherited by child processes of the current process.</term></item><item><term>OBJ_PERMANENT</term><term> This flag only applies to objects that are named within the object manager. By default, such objects are deleted when all open handles to them are closed. If this flag is specified, the object is not deleted when all open handles are closed. Drivers can use the ZwMakeTemporaryObject routine to make a permanent object non-permanent. </term></item><item><term>OBJ_EXCLUSIVE</term><term> If this flag is set and the OBJECT_ATTRIBUTES structure is passed to a routine that creates an object, the object can be accessed exclusively. That is, once a process opens such a handle to the object, no other processes can open handles to this object. If this flag is set and the OBJECT_ATTRIBUTES structure is passed to a routine that creates an object handle, the caller is requesting exclusive access to the object for the process context that the handle was created in. This request can be granted only if the OBJ_EXCLUSIVE flag was set when the object was created. </term></item><item><term>OBJ_CASE_INSENSITIVE</term><term> If this flag is specified, a case-insensitive comparison is used when matching the name pointed to by the ObjectName member against the names of existing objects. Otherwise, object names are compared using the default system settings. </term></item><item><term>OBJ_OPENIF</term><term>If this flag is specified, by using the object handle, to a routine that creates objects and if that object already exists, the routine should open that object. Otherwise, the routine creating the object returns an NTSTATUS code of STATUS_OBJECT_NAME_COLLISION.</term></item><item><term>OBJ_OPENLINK</term><term>If an object handle, with this flag set, is passed to a routine that opens objects and if the object is a symbolic link object, the routine should open the symbolic link object itself, rather than the object that the symbolic link refers to (which is the default behavior).</term></item><item><term>OBJ_KERNEL_HANDLE</term><term>The handle is created in system process context and can only be accessed from kernel mode.</term></item><item><term>OBJ_FORCE_ACCESS_CHECK</term><term>The routine that opens the handle should enforce all access checks for the object, even if the handle is being opened in kernel mode.</term></item><item><term>OBJ_VALID_ATTRIBUTES</term><term>Reserved.</term></item></list></summary>
publicuintattributes;
/// <summary><para>Specifies a security descriptor (SECURITY_DESCRIPTOR) for the object when the object is created. If this member is <c>NULL</c>, the object will receive default security settings.</para></summary>
publicIntPtrsecurityDescriptor;
/// <summary><para>Optional quality of service to be applied to the object when it is created. Used to indicate the security impersonation level and context tracking mode (dynamic or static). Currently, the InitializeObjectAttributes macro sets this member to <c>NULL</c>.</para></summary>
publicIntPtrsecurityQualityOfService;
}
/// <summary><para>The <c>UNICODE_STRING</c> structure is used to define Unicode strings.</para></summary><remarks><para>The <c>UNICODE_STRING</c> structure is used to pass Unicode strings. Use RtlUnicodeStringInit or RtlUnicodeStringInitEx to initialize a <c>UNICODE_STRING</c> structure.</para><para>If the string is null-terminated, <c>Length</c> does not include the trailing null character.</para><para>The <c>MaximumLength</c> is used to indicate the length of <c>Buffer</c> so that if the string is passed to a conversion routine such as RtlAnsiStringToUnicodeString the returned string does not exceed the buffer size.</para></remarks>
/// <summary><para>The length, in bytes, of the string stored in <c>Buffer</c>.</para></summary>
publicushortLength;
/// <summary><para>The length, in bytes, of <c>Buffer</c>.</para></summary>
publicushortMaximumLength;
[MarshalAs(UnmanagedType.LPWStr)]
publicstringBuffer;
}
/// <summary><para>The <c>DbgBreakPoint</c> routine breaks into the kernel debugger.</para></summary><returns><para>None</para></returns><remarks><para>The <c>DbgBreakPoint</c> routine is the kernel-mode equivalent of <c>DebugBreak</c>.</para><para>This routine raises an exception that is handled by the kernel debugger if one is installed; otherwise, it is handled by the debug system. If a debugger is not connected to the system, the exception can be handled in the standard way.</para><para>In kernel mode, a break exception that is not handled will cause a bug check. You can, however, connect a kernel-mode debugger to a target computer that has stopped responding and has kernel debugging enabled. For more information, see Windows Debugging.</para></remarks>
/// <summary><para>[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</para><para>This function forcefully terminates the calling program if it is invoked inside a loader callout. Otherwise, it has no effect.</para></summary><returns><para>This function does not return a value.</para></returns><remarks><para>This routine does not catch all potential deadlock cases; it is possible for a thread inside a loader callout to acquire a lock while some thread outside a loader callout holds the same lock and makes a call into the loader. In other words, there can be a lock order inversion between the loader lock and a client lock.</para></remarks>
/// <summary><para>[This function may be changed or removed from Windows without further notice.]</para><para>Registers for notification when a DLL is first loaded. This notification occurs before dynamic linking takes place.</para></summary><returns><para>If the function succeeds, it returns <c>STATUS_SUCCESS</c>.</para><para>The forms and significance of <c>NTSTATUS</c> error codes are listed in the Ntstatus.h header file available in the WDK, and are described in the WDK documentation.</para></returns><remarks><para>This function has no associated header file. The associated import library, Ntdll.lib, is available in the WDK. You can also use the <c>LoadLibrary</c> and <c>GetProcAddress</c> functions to dynamically link to Ntdll.dll.</para></remarks>
/// <summary><para>[This function may be changed or removed from Windows without further notice.]</para><para>A notification callback function specified with the <c>LdrRegisterDllNotification</c> function. The loader calls this function when a DLL is first loaded.</para><para><c>Warning:</c> It is unsafe for the notification callback function to call functions in any DLL.</para></summary><returns><para>This callback function does not return a value.</para></returns><remarks><para>The notification callback function is called before dynamic linking takes place.</para></remarks>
publicIntPtrFullDllName;//The full path name of the DLL module.
publicIntPtrBaseDllName;//The base file name of the DLL module.
publicIntPtrDllBase;//A pointer to the base address for the DLL in memory.
publicuintSizeOfImage;//The size of the DLL image, in bytes.
}
/// <summary><para>[This function may be changed or removed from Windows without further notice.]</para><para>Cancels DLL load notification previously registered by calling the <c>LdrRegisterDllNotification</c> function.</para></summary><returns><para>Returns an <c>NTSTATUS</c> or error code.</para><para>If the function succeeds, it returns <c>STATUS_SUCCESS</c>.</para><para>If the callback function is not found, the function returns <c>STATUS_DLL_NOT_FOUND</c>.</para><para>The forms and significance of <c>NTSTATUS</c> error codes are listed in the Ntstatus.h header file available in the WDK, and are described in the WDK documentation.</para></returns><remarks><para>This function has no associated header file. The associated import library, Ntdll.lib, is available in the WDK. You can also use the <c>LoadLibrary</c> and <c>GetProcAddress</c> functions to dynamically link to Ntdll.dll.</para></remarks>
/// <summary><para>The <c>NtAllocateVirtualMemory</c> routine reserves, commits, or both, a region of pages within the user-mode virtual address space of a specified process.</para></summary><param name="ProcessHandle"><para>A handle for the process for which the mapping should be done. Use the <c>NtCurrentProcess</c> macro, defined in Ntddk.h, to specify the current process.</para></param><param name="BaseAddress"><para>A pointer to a variable that will receive the base address of the allocated region of pages. If the initial value of this parameter is non-<c>NULL</c>, the region is allocated starting at the specified virtual address rounded down to the next host page size address boundary. If the initial value of this parameter is <c>NULL</c>, the operating system will determine where to allocate the region.</para></param><param name="ZeroBits"><para>The number of high-order address bits that must be zero in the base address of the section view. Used only when the operating system determines where to allocate the region, as when BaseAddress is <c>NULL</c>. Note that when ZeroBits is larger than 32, it becomes a bitmask.</para></param><param name="RegionSize"><para>A pointer to a variable that will receive the actual size, in bytes, of the allocated region of pages. The initial value of this parameter specifies the size, in bytes, of the region and is rounded up to the next host page size boundary. *RegionSize cannot be zero on input.</para></param><param name="AllocationType"><para>A bitmask containing flags that specify the type of allocation to be performed. The following table describes these flags.</para><list type="table"><listheader><term>Flag</term><term>Meaning</term></listheader><item><term>MEM_COMMIT</term><term>The specified region of pages is to be committed. One of MEM_COMMIT, MEM_RESET, or MEM_RESERVE must be set.</term></item><item><term>MEM_PHYSICAL</term><term> Allocate physical memory. This flag is solely for use with Address Windowing Extensions (AWE) memory. If MEM_PHYSICAL is set, MEM_RESERVE must also be set. No other flags may be set. If MEM_PHYSICAL is set, Protect must be set to PAGE_READWRITE. </term></item><item><term>MEM_RESERVE</term><term>The specified region of pages is to be reserved. One of MEM_COMMIT, MEM_RESET, or MEM_RESERVE must be set.</term></item><item><term>MEM_RESET</term><term> Reset the state of the specified region so that if the pages are in paging file, they are discarded and pages of zeros are brought in. If the pages are in memory and modified, they are marked as not modified so that they will not be written out to the paging file. The contents are zeroed. The Protect parameter is not used, but it must be set to a valid value. One of MEM_COMMIT, MEM_RESET, or MEM_RESERVE must be set. If MEM_RESET is set, no other flag may be set. </term></item><item><term>MEM_TOP_DOWN</term><term> The specified region should be created at the highest virtual address possible based on ZeroBits. </term></item><item><term>MEM_WRITE_WATCH</term><term> The specified region should be created at the highest virtual address possible based on ZeroBits. </term></item></list></param><param name="Protect"><para>A bitmask containing page protection flags that specify the protection desired for the committed region of pages. The following table describes these flags.</para><list type="table"><listheader><term>Flag</term><term>Meaning</term></listheader><item><term>PAGE_NOACCESS</term><term>No access to the committed region of pages is allowed. An attempt to read, write, or execute the committed region results in an access violation exception, called a general protection (GP) fault.</term></item><item><term>PAGE_READONLY</term><term>Read-only and execute access to the committed region of pages is allowed. An attempt to write the committed region results in an access violation.</term></item><item><term>PAGE_READWRITE</term><term>Read, write, and execute access to the committed region of pages is allowed. If write access to the underlying section is allowed, then a single copy of the pages is shared.
/// <summary><para>Deprecated. Closes the specified handle. <c>NtClose</c> is superseded by CloseHandle.</para></summary><param name="Handle"><para>The handle being closed.</para></param><returns><para>The various NTSTATUS values are defined in NTSTATUS.H, which is distributed with the Windows DDK.</para><list type="table"><listheader><term>Return code</term><term>Description</term></listheader><item><term> STATUS_SUCCESS </term><term>The handle was closed.</term></item></list></returns><remarks><para>The <c>NtClose</c> function closes handles to the following objects.</para><list type="bullet"><item><term>Access token</term></item><item><term>Communications device</term></item><item><term>Console input</term></item><item><term>Console screen buffer</term></item><item><term>Event</term></item><item><term>File</term></item><item><term>File mapping</term></item><item><term>Job</term></item><item><term>Mailslot</term></item><item><term>Mutex</term></item><item><term>Named pipe</term></item><item><term>Process</term></item><item><term>Semaphore</term></item><item><term>Socket</term></item><item><term>Thread</term></item></list><para>Because there is no import library for this function, you must use GetProcAddress.</para></remarks>
/// <summary><para>The <c>ZwCommitComplete</c> routine notifies KTM that the calling resource manager has finished committing a transaction's data.</para></summary><param name="EnlistmentHandle"><para>A handle to an enlistment object that was obtained by a previous call to ZwCreateEnlistment or ZwOpenEnlistment. The handle must have ENLISTMENT_SUBORDINATE_RIGHTS access to the object.</para></param><param name="TmVirtualClock"><para>A pointer to a virtual clock value. This parameter is optional and can be <c>NULL</c>.</para></param><returns><para><c>ZwCommitComplete</c> returns STATUS_SUCCESS if the operation succeeds. Otherwise, this routine might return one of the following values:</para><list type="table"><listheader><term>Return code</term><term>Description</term></listheader><item><term> STATUS_OBJECT_TYPE_MISMATCH </term><term>The specified handle is not a handle to an enlistment object.</term></item><item><term> STATUS_INVALID_HANDLE </term><term>The object handle is invalid.</term></item><item><term> STATUS_ACCESS_DENIED </term><term>The caller does not have appropriate access to the enlistment object.</term></item><item><term> STATUS_TRANSACTION_NOT_REQUESTED </term><term>The transaction or its enlistment is not in the correct state.</term></item></list><para>The routine might return other NTSTATUS values.</para></returns><remarks><para>A resource manager must call <c>ZwCommitComplete</c> after it has finished servicing a TRANSACTION_NOTIFY_COMMIT notification.</para><para>For more information about <c>ZwCommitComplete</c>, see Handling Commit Operations.</para><para>For calls from kernel-mode drivers, the <c>NtXxx</c> and <c>ZwXxx</c> versions of a Windows Native System Services routine can behave differently in the way that they handle and interpret input parameters. For more information about the relationship between the <c>NtXxx</c> and <c>ZwXxx</c> versions of a routine, see Using Nt and Zw Versions of the Native System Services Routines.</para></remarks>
/// <summary><para>The <c>ZwCommitEnlistment</c> routine initiates the commit operation for a specified enlistment's transaction.</para></summary><param name="EnlistmentHandle"><para>A handle to an enlistment object that was obtained by a previous call to ZwCreateEnlistment or ZwOpenEnlistment. The object must represent a superior enlistment and the handle must have ENLISTMENT_SUPERIOR_RIGHTS access to the object.</para></param><param name="TmVirtualClock"><para>A pointer to a virtual clock value. This parameter is optional and can be <c>NULL</c>.</para></param><returns><para><c>ZwCommitEnlistment</c> returns STATUS_SUCCESS if the operation succeeds. Otherwise, this routine might return one of the following values:</para><list type="table"><listheader><term>Return code</term><term>Description</term></listheader><item><term> STATUS_OBJECT_TYPE_MISMATCH </term><term>The specified handle is not a handle to an enlistment object.</term></item><item><term> STATUS_INVALID_HANDLE </term><term>The object handle is invalid.</term></item><item><term> STATUS_ACCESS_DENIED </term><term>The caller does not have appropriate access to the enlistment object.</term></item><item><term> STATUS_ENLISTMENT_NOT_SUPERIOR </term><term> The caller is not a superior transaction manager for the enlistment. </term></item><item><term> STATUS_TRANSACTION_RESPONSE_NOT_ENLISTED </term><term>The caller did not register to receive TRANSACTION_NOTIFY_COMMIT_COMPLETE notifications.</term></item><item><term> STATUS_TRANSACTION_REQUEST_NOT_VALID </term><term>The enlistment's transaction is not in a state that allows it to be committed.</term></item><item><term> STATUS_TRANSACTION_NOT_ACTIVE </term><term>The commit operation for this transaction has already been started.</term></item><item><term> STATUS_TRANSACTION_ALREADY_ABORTED </term><term>The transaction cannot be committed because it has been rolled back.</term></item></list><para>The routine might return other NTSTATUS values.</para></returns><remarks><para>Only superior transaction managers can call <c>ZwCommitEnlistment</c>.</para><para>Callers of <c>ZwCommitEnlistment</c> must register to receive TRANSACTION_NOTIFY_COMMIT_COMPLETE notifications.</para><para>The <c>ZwCommitEnlistment</c> routine causes KTM to send TRANSACTION_NOTIFY_COMMIT notifications to all resource managers that have enlisted in the transaction.</para><para>For more information about <c>ZwCommitEnlistment</c>, see Creating a Superior Transaction Manager and Handling Commit Operations.</para><para>For calls from kernel-mode drivers, the <c>NtXxx</c> and <c>ZwXxx</c> versions of a Windows Native System Services routine can behave differently in the way that they handle and interpret input parameters. For more information about the relationship between the <c>NtXxx</c> and <c>ZwXxx</c> versions of a routine, see Using Nt and Zw Versions of the Native System Services Routines.</para></remarks>
/// <summary><para>The <c>ZwCommitTransaction</c> routine initiates a commit operation for a specified transaction.</para></summary><param name="TransactionHandle"><para>A handle to a transaction object. Your component receives this handle from ZwCreateTransaction or ZwOpenTransaction. The handle must have TRANSACTION_COMMIT access to the object.</para></param><param name="Wait"><para>A Boolean value that the caller sets to <c>TRUE</c> for synchronous operation or <c>FALSE</c> for asynchronous operation. If this parameter is <c>TRUE</c>, the call returns after the commit operation is complete.</para></param><returns><para><c>ZwCommitTransaction</c> returns STATUS_SUCCESS if the operation succeeds. Otherwise, this routine might return one of the following values:</para><list type="table"><listheader><term>Return code</term><term>Description</term></listheader><item><term> STATUS_OBJECT_TYPE_MISMATCH </term><term> The handle that was specified for the TransactionHandle parameter is not a handle to a transaction object. </term></item><item><term> STATUS_INVALID_HANDLE </term><term>The specified transaction object handle is invalid.</term></item><item><term> STATUS_ACCESS_DENIED </term><term>The caller does not have appropriate access to the transaction object.</term></item><item><term> STATUS_TRANSACTION_SUPERIOR_EXISTS </term><term> The caller cannot commit the transaction because a superior transaction manager exists. </term></item><item><term> STATUS_TRANSACTION_ALREADY_ABORTED </term><term>The transaction cannot be committed because it has been rolled back.</term></item><item><term> STATUS_TRANSACTION_ALREADY_COMMITTED </term><term>The transaction is already committed.</term></item><item><term> STATUS_TRANSACTION_REQUEST_NOT_VALID </term><term>The commit operation for this transaction has already been started.</term></item><item><term> STATUS_PENDING </term><term> Commit notifications have been queued to resource managers, and the caller specified FALSE for the Wait parameter. </term></item></list><para>The routine might return other NTSTATUS values.</para></returns><remarks><para>For more information about how transaction clients should use the <c>ZwCommitTransaction</c> routine, see Creating a Transactional Client.</para><para>For more information about commit operations, see Handling Commit Operations.</para><para>For calls from kernel-mode drivers, the <c>NtXxx</c> and <c>ZwXxx</c> versions of a Windows Native System Services routine can behave differently in the way that they handle and interpret input parameters. For more information about the relationship between the <c>NtXxx</c> and <c>ZwXxx</c> versions of a routine, see Using Nt and Zw Versions of the Native System Services Routines.</para></remarks>
/// <summary><para>The <c>NtCompareTokens</c> function compares two access tokens and determines whether they are equivalent with respect to a call to the <c>AccessCheck</c> function.</para></summary><returns><para>If the function succeeds, the function returns STATUS_SUCCESS.</para><para>If the function fails, it returns an <c>NTSTATUS</c> error code.</para></returns><remarks><para>Two access control tokens are considered to be equivalent if all of the following conditions are true:</para><list type="bullet"><item><term>Every security identifier (SID) that is present in either token is also present in the other token.</term></item><item><term>Neither or both of the tokens are restricted.</term></item><item><term>If both tokens are restricted, every SID that is restricted in one token is also restricted in the other token.</term></item><item><term>Every privilege present in either token is also present in the other token.</term></item></list><para>This function has no associated import library or header file; you must call it using the <c>LoadLibrary</c> and <c>GetProcAddress</c> functions.</para></remarks>
/// <summary><para>The <c>ZwCreateEnlistment</c> routine creates a new enlistment object for a transaction.</para></summary><param name="EnlistmentHandle"><para>A pointer to a caller-allocated variable that receives a handle to the new enlistment object if the call to <c>ZwCreateEnlistment</c> succeeds.</para></param><param name="DesiredAccess"><para>An ACCESS_MASK value that specifies the caller's requested access to the enlistment object. In addition to the access rights that are defined for all kinds of objects (see ACCESS_MASK), the caller can specify any of the following access right flags for enlistment objects:</para><list type="table"><listheader><term>ACCESS_MASK flag</term><term>Allows the caller to</term></listheader><item><term>ENLISTMENT_QUERY_INFORMATION</term><term> Query information about the enlistment (see ZwQueryInformationEnlistment). </term></item><item><term>ENLISTMENT_SET_INFORMATION</term><term> Set information for the enlistment (see ZwSetInformationEnlistment). </term></item><item><term>ENLISTMENT_RECOVER</term><term> Recover the enlistment (see ZwRecoverEnlistment). </term></item><item><term>ENLISTMENT_SUBORDINATE_RIGHTS</term><term> Perform operations that a resource manager that is not superior performs (see ZwRollbackEnlistment, ZwPrePrepareComplete, ZwPrepareComplete, ZwCommitComplete, ZwRollbackComplete, ZwSinglePhaseReject, ZwReadOnlyEnlistment). </term></item><item><term>ENLISTMENT_SUPERIOR_RIGHTS</term><term> Perform operations that a superior transaction manager must perform (see ZwPrepareEnlistment, ZwPrePrepareEnlistment, ZwCommitEnlistment). </term></item></list><para>Alternatively, you can specify one or more of the following ACCESS_MASK bitmaps. These bitmaps combine the flags from the previous table with the STANDARD_RIGHTS_XXX flags that are described on the ACCESS_MASK reference page. You can also combine these bitmaps together with additional flags from the previous table. The following table shows how the bitmaps correspond to specific access rights.</para><list type="table"><listheader><term>Generic access right</term><term>Set of specific access rights</term></listheader><item><term>ENLISTMENT_GENERIC_READ</term><term>STANDARD_RIGHTS_READ and ENLISTMENT_QUERY_INFORMATION</term></item><item><term>ENLISTMENT_GENERIC_WRITE</term><term>STANDARD_RIGHTS_WRITE, ENLISTMENT_SET_INFORMATION, ENLISTMENT_RECOVER, ENLISTMENT_REFERENCE, ENLISTMENT_SUBORDINATE_RIGHTS, and ENLISTMENT_SUPERIOR_RIGHTS</term></item><item><term>ENLISTMENT_GENERIC_EXECUTE</term><term>STANDARD_RIGHTS_EXECUTE, ENLISTMENT_RECOVER, ENLISTMENT_SUBORDINATE_RIGHTS, and ENLISTMENT_SUPERIOR_RIGHTS</term></item><item><term>ENLISTMENT_ALL_ACCESS</term><term>STANDARD_RIGHTS_REQUIRED, ENLISTMENT_GENERIC_READ, ENLISTMENT_GENERIC_WRITE, and ENLISTMENT_GENERIC_EXECUTE</term></item></list></param><param name="ResourceManagerHandle"><para>A handle to the caller's resource manager object that was obtained by a previous call to ZwCreateResourceManager or ZwOpenResourceManager.</para></param><param name="TransactionHandle"><para>A handle to a transaction object that was obtained by a previous call to ZwCreateTransaction or ZwOpenTransaction. KTM adds this transaction to the list of transactions that the calling resource manager is handling.</para></param><param name="ObjectAttributes"><para>A pointer to an OBJECT_ATTRIBUTES structure that specifies the object name and other attributes. Use the InitializeObjectAttributes routine to initialize this structure. If the caller is not running in a system thread context, it must set the OBJ_KERNEL_HANDLE attribute when it calls <c>InitializeObjectAttributes</c>. This parameter is optional and can be <c>NULL</c>.</para></param><param name="CreateOptions"><para>Enlistment option flags. The following table contains the only available flag.</para><list type="table"><listheader><term>CreateOptions flag</term><term>Meaning</term></listheader><item><term>ENLISTMENT_SUPERIOR</term><term> The caller is enlisting as a superior transaction manager for the specified transaction. </term></it
/// A mask that indicates all valid bits for a transaction notification.
/// </summary>
TRANSACTION_NOTIFY_MASK=0x3FFFFFFF,
/// <summary>
/// This notification is called after a client calls CommitTransaction and either no resource manager (RM) supports single-phase commit or a superior transaction manager (TM) calls PrePrepareEnlistment. This notification is received by the RMs indicating that they should complete any work that could cause other RMs to need to enlist in a transaction, such as flushing its cache. After completing these operations the RM must call PrePrepareComplete. To receive this notification the RM must also support TRANSACTION_NOTIFY_PREPARE and TRANSACTION_NOTIFY_COMMIT.
/// </summary>
TRANSACTION_NOTIFY_PREPREPARE=0x00000001,
/// <summary>
/// This notification is called after the TRANSACTION_NOTIFY_PREPREPARE processing is complete. It signals the RM to complete all the work that is associated with this enlistment so that it can guarantee that a commit operation could succeed and an abort operation could also succeed. Typically, the bulk of the work for a transaction is done during the prepare phase. For durable RMs, they must log their state prior to calling the PrepareComplete function. This is the last chance for the RM to request that the transaction be rolled back.
/// </summary>
TRANSACTION_NOTIFY_PREPARE=0x00000002,
/// <summary>
/// This notification signals the RM to complete all the work that is associated with this enlistment. Typically, the RM releases any locks, releases any information necessary to roll back the transaction. The RM must respond by calling the CommitComplete function when it has finished these operations.
/// </summary>
TRANSACTION_NOTIFY_COMMIT=0x00000004,
/// <summary>
/// This notification signals the RM to undo all the work it has done that is associated with the transaction.
/// </summary>
TRANSACTION_NOTIFY_ROLLBACK=0x00000008,
/// <summary>
/// This notification signals to the superior TM that a pre-prepare operation was completed successfully.
/// This notification signals to the superior TM that a prepare operation was completed successfully.
/// </summary>
TRANSACTION_NOTIFY_PREPARE_COMPLETE=0x00000020,
/// <summary>
/// This notification signals to the superior TM that a commit operation was completed successfully.
/// </summary>
TRANSACTION_NOTIFY_COMMIT_COMPLETE=0x00000040,
/// <summary>
/// This notification signals to the superior TM that a rollback operation was completed successfully.
/// </summary>
TRANSACTION_NOTIFY_ROLLBACK_COMPLETE=0x00000080,
/// <summary>
/// This notification signals to RMs that they should recover their state because a transaction outcome must be redelivered. For example, when an RM is recovered, and when there are transactions left in-doubt. This notification is delivered once the in-doubt state is resolved.
/// </summary>
TRANSACTION_NOTIFY_RECOVER=0x00000100,
/// <summary>
/// This notification signals the RM to complete and commit the transaction without using a two-phase commit protocol. If the RM wants to use a two-phase operation, it must respond by calling the SinglePhaseReject function.
/// KTM is signaling to the superior TM to perform a commit operation.
/// </summary>
TRANSACTION_NOTIFY_DELEGATE_COMMIT=0x00000400,
/// <summary>
/// KTM is signaling to the superior TM to query the status of an in-doubt transaction.
/// </summary>
TRANSACTION_NOTIFY_RECOVER_QUERY=0x00000800,
/// <summary>
/// This notification signals to the superior TM that pre-prepare notifications must be delivered on the specified enlistment.
/// </summary>
TRANSACTION_NOTIFY_ENLIST_PREPREPARE=0x00001000,
/// <summary>
/// This notification indicates that the recovery operation is complete for this RM.
/// </summary>
TRANSACTION_NOTIFY_LAST_RECOVER=0x00002000,
/// <summary>
/// The specified transaction is in an in-doubt state. The RM receives this notification during recovery operations when a transaction has been prepared, but there is no superior transaction manager (TM) available. For example, when a transaction involves a remote TM and that node is unavailable, its node is unavailable, or the local Distributed Transaction Coordinator service is unavailable, the transaction state is in-doubt.
/// </summary>
TRANSACTION_NOTIFY_INDOUBT=0x00004000,
/// <summary>
/// Undocumented or not supported.
/// </summary>
TRANSACTION_NOTIFY_PROPAGATE_PULL=0x00008000,
/// <summary>
/// Undocumented or not supported.
/// </summary>
TRANSACTION_NOTIFY_PROPAGATE_PUSH=0x00010000,
/// <summary>
/// Undocumented or not supported.
/// </summary>
TRANSACTION_NOTIFY_MARSHAL=0x00020000,
/// <summary>
/// Undocumented or not supported.
/// </summary>
TRANSACTION_NOTIFY_ENLIST_MASK=0x00040000,
/// <summary>
/// Undocumented or not supported.
/// </summary>
TRANSACTION_NOTIFY_RM_DISCONNECTED=0x01000000,
/// <summary>
/// Undocumented or not supported.
/// </summary>
TRANSACTION_NOTIFY_TM_ONLINE=0x02000000,
/// <summary>
/// Undocumented or not supported.
/// </summary>
TRANSACTION_NOTIFY_COMMIT_REQUEST=0x04000000,
/// <summary>
/// Undocumented or not supported.
/// </summary>
TRANSACTION_NOTIFY_PROMOTE=0x08000000,
/// <summary>
/// Undocumented or not supported.
/// </summary>
TRANSACTION_NOTIFY_PROMOTE_NEW=0x10000000,
/// <summary>
/// Signals to RMs that there is outcome information available, and that a request for that information should be made.
/// </summary>
TRANSACTION_NOTIFY_REQUEST_OUTCOME=0x20000000,
/// <summary>
/// Reserved.
/// </summary>
TRANSACTION_NOTIFY_COMMIT_FINALIZE=0x40000000,
}
/// <summary><para>The <c>ZwCreateResourceManager</c> routine creates a resource manager object.</para></summary><param name="ResourceManagerHandle"><para>A pointer to a caller-allocated variable that receives a handle to the new resource manager object if the call to <c>ZwCreateResourceManager</c> is successful.</para></param><param name="DesiredAccess"><para>An ACCESS_MASK value that specifies the caller's requested access to the resource manager object. In addition to the access rights that are defined for all kinds of objects (see <c>ACCESS_MASK</c>), the caller can specify any of the following access right flags for resource manager objects:</para><list type="table"><listheader><term>ACCESS_MASK flag</term><term>Allows the caller to</term></listheader><item><term>RESOURCEMANAGER_ENLIST</term><term> Enlist in transactions (see ZwCreateEnlistment). </term></item><item><term>RESOURCEMANAGER_GET_NOTIFICATION</term><term> Receive notifications about the transactions that are associated with this resource manager (see ZwGetNotificationResourceManager). </term></item><item><term>RESOURCEMANAGER_REGISTER_PROTOCOL</term><term>Not used.</term></item><item><term>RESOURCEMANAGER_QUERY_INFORMATION</term><term> Query information about the resource manager (see ZwQueryInformationResourceManager). </term></item><item><term>RESOURCEMANAGER_SET_INFORMATION</term><term>Not used.</term></item><item><term>RESOURCEMANAGER_RECOVER</term><term> Recover the resource manager (see ZwRecoverResourceManager). </term></item><item><term>RESOURCEMANAGER_COMPLETE_PROPAGATION</term><term>Not used.</term></item></list><para>Alternatively, you can specify one or more of the following generic ACCESS_MASK flags. (The STANDARD_RIGHTS_Xxx flags are predefined system values that are used to enforce security on system objects.) You can also combine these generic flags with additional flags from the preceding table. The following table shows how generic access rights correspond to specific access rights.</para><list type="table"><listheader><term>Generic access right</term><term>Set of specific access rights</term></listheader><item><term>RESOURCEMANAGER_GENERIC_READ</term><term>STANDARD_RIGHTS_READ, RESOURCEMANAGER_QUERY_INFORMATION, and SYNCHRONIZE</term></item><item><term>RESOURCEMANAGER_GENERIC_WRITE</term><term>STANDARD_RIGHTS_WRITE, RESOURCEMANAGER_SET_INFORMATION, RESOURCEMANAGER_RECOVER, RESOURCEMANAGER_ENLIST, RESOURCEMANAGER_GET_NOTIFICATION, RESOURCEMANAGER_REGISTER_PROTOCOL, RESOURCEMANAGER_COMPLETE_PROPAGATION, and SYNCHRONIZE</term></item><item><term>RESOURCEMANAGER_GENERIC_EXECUTE</term><term>STANDARD_RIGHTS_EXECUTE, RESOURCEMANAGER_RECOVER, RESOURCEMANAGER_ENLIST, RESOURCEMANAGER_GET_NOTIFICATION, RESOURCEMANAGER_COMPLETE_PROPAGATION, and SYNCHRONIZE</term></item><item><term>RESOURCEMANAGER_ALL_ACCESS</term><term>STANDARD_RIGHTS_REQUIRED, RESOURCEMANAGER_GENERIC_READ, RESOURCEMANAGER_GENERIC_WRITE, and RESOURCEMANAGER_GENERIC_EXECUTE</term></item></list></param><param name="TmHandle"><para>A handle to a transaction manager object that was obtained by a previous all to ZwCreateTransactionManager or ZwOpenTransactionManager.</para></param><param name="RmGuid"><para>A pointer to a GUID that KTM will use to identify the resource manager. If this pointer is <c>NULL</c>, KTM generates a GUID.</para></param><param name="ObjectAttributes"><para>A pointer to an OBJECT_ATTRIBUTES structure that specifies the object name and other attributes. Use the InitializeObjectAttributes routine to initialize this structure. If the caller is not running in a system thread context, it must set the OBJ_KERNEL_HANDLE attribute when it calls <c>InitializeObjectAttributes</c>. This parameter is optional and can be <c>NULL</c>.</para></param><param name="CreateOptions"><para>Optional object creation flags. The following table contains the available flags, which are defined in Ktmtypes.h.</para><list type="table"><listheader><term>CreateOptions flag</term><term>Meaning</term></listheader><item><term>RESOURCE_MANAGER_COMMUNICATION</term><term>For internal use only.
/// <summary>The amount of time that the system has been idle, in 100-nanosecond intervals.</summary>
publiclongIdleTime;
/// <summary>The amount of time that the system has spent executing in Kernel mode (including all threads in all processes, on all processors), in 100-nanosecond intervals..</summary>
publiclongKernelTime;
/// <summary>The amount of time that the system has spent executing in User mode (including all threads in all processes, on all processors), in 100-nanosecond intervals.</summary>
// __kernel_entry NTSTATUS NtQuerySystemInformation( IN SYSTEM_INFORMATION_CLASS SystemInformationClass, OUT PVOID SystemInformation, IN ULONG SystemInformationLength, OUT PULONG ReturnLength OPTIONAL );