NtFunc.h

Go to the documentation of this file.

//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
// Project: uLib - User mode utility library.
// Module: Dynalinks to NtDll functions, and user mode APIs based on them.
// Author: Copyright (c) Love Nystrom
// License: NNOSL (BSD descendant, see NNOSL.txt in the base directory).
//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#ifndef __NtFunc_h_incl__
#define __NtFunc_h_incl__

#ifndef NO_NDK_FILES

#include <uLib/NtTypes.h>

#ifndef INOUT // Supplements to classic annotations
  #define INOUT
  #define OPTIN
  #define OPTOUT
  #define OPTIO
#endif

BEGIN_EXTERN_C


//==---------------------------------------------------------------------------
//==---------------------------------------------------------------------------


bool InitNtFunc();

// OBJECT_ATTRIBUTES                -> ndk/umtypes.h
// OBJ_INHERIT et c.                -> ndk/obtypes.h
// InitializeObjectAttributes macro -> ndk/obtypes.h
// RTL_CONSTANT_OBJECT_ATTRIBUTES   -> ndk/rtltypes.h


bool _InitializeObjectAttributes (
    OUT   POBJECT_ATTRIBUTES pObjAttr,
    IN    HANDLE             BaseObj, 
    IN    PUNICODE_STRING    ObjName, 
    IN    ULONG              Attrib,
    OPTIN PSECURITY_DESCRIPTOR SecurityDesc,
    OPTIN PSECURITY_QUALITY_OF_SERVICE SecurityQoS
    );


typedef struct _PACKED_OBJ_ATTRIBUTES
{
    OBJECT_ATTRIBUTES oa; 
    UNICODE_STRING uName; 
    WCHAR NameBuf[1];     
}
*PPACKED_OBJ_ATTRIBUTES, PACKED_OBJ_ATTRIBUTES; // (Backwards due to doxygen)


PACKED_OBJ_ATTRIBUTES* AllocPackedObjAttributes(
    HANDLE BaseObj, PCWSTR ObjName, ULONG Attributes,
    PSECURITY_DESCRIPTOR SecurityDesc,
    PSECURITY_QUALITY_OF_SERVICE SecurityQoS
    );

//==---------------------------------------------------------------------------
//==---------------------------------------------------------------------------

PPEB GetPEBAddress( HANDLE hProcess ); 
bool GetProcPEB( HANDLE hProcess, OUT PPEB pPeb ); 


bool GetProcPathname( DWORD procId, OUT TSTR PathName, UINT ccPathName );


bool CopyProcUStringBuf(
    HANDLE hProc, PUNICODE_STRING pProcStr, OUT WSTR wzBuf, UINT ccBuf
    );


UINT GetProcDllData( HANDLE hProcess, WCSTR DllName, OUT PLDR_MODULE pModule, bool Localize );


void FreeLdrModBuffers( PLDR_MODULE pMod );

// "Light-weight" module enumeration. (Alternative to ToolHelp32)


typedef bool (__stdcall *PFnEnumModuleAction)(
    HANDLE hProcess,            
    const PLDR_MODULE pModule,  
    PVOID Context               
    );


UINT EnumProcModules( HANDLE hProcess, PFnEnumModuleAction Action, PVOID Context );

//==---------------------------------------------------------------------------
// Dynalinks for NTDLL Functions
//==---------------------------------------------------------------------------

// Use declaration macros so the naming scheme can be easily changed.
// The current scheme is "_NtSomeFunction" (a leading underscore).

#define NTFUNC(Name)        NTSTATUS (NTAPI *_##Name)
#define NTFUNCT(Type,Name)  Type (NTAPI *_##Name)
#define NTFUNCC(Type,Name)  Type (__cdecl *_##Name)

// INIT_NTFUNC is used in NtFunc.cpp, but we keep it here for proximity reasons.
// Note: Use LITERAL as left-cast macro, rather than (FARPROC&), for C compatibility.
// A common C++ trick is: (FARPROC&)_SomeFuncPtr = GetProcAddress( hMod, "SomeFunc" );
// but in C it is: (FARPROC)_SomeFuncPtr = GetProcAddress( hMod, "SomeFunc" );
// which C++ won't accept.. Ergo, LITERAL() to the rescue, accepted by both.

#define INIT_NTFUNC(Name) \
    LITERAL( FARPROC, _##Name )= GetProcAddress( hNtDll, #Name ); \
    if (!_##Name) { \
        TRACE( DP_WARNING, _F("API missing: %s\n"), #Name ); \
        missApi = true; \
    }

// Use an _INIT_FP_ construct, so we can have a single set of fnptr declarations.
// Also, the normal case that uLib user's see will have them 'extern'.

#if _INIT_FP_ // INTERNAL
  #define _FP_ = NULL
  #define _NTFN_EXTERN
#else
  #define _FP_
  #define _NTFN_EXTERN extern
#endif

//== Memo: Win7 sp1 x64 -------------------------------------------------------

//[uLib] WARNING: [InitNtFunc] API missing: NtW32Call
//[uLib] WARNING: [InitNtFunc] API missing: DbgBreakPointWithStatus
//[uLib] WARNING: [InitNtFunc] API missing: LdrVerifyMappedImageMatchesChecksum
//[uLib] WARNING: [InitNtFunc] API missing: LdrRelocateImage
//[uLib] WARNING: [InitNtFunc] API missing: LdrProcessRelocationBlockLongLong
//[uLib] WARNING: [InitNtFunc] API missing: RtlDispatchException
//[uLib] WARNING: [InitNtFunc] API missing: RtlDebugCreateHeap
//[uLib] WARNING: [InitNtFunc] API missing: RtlExtendHeap
//[uLib] WARNING: [InitNtFunc] API missing: RtlUsageHeap
//[uLib] WARNING: [InitNtFunc] API missing: RtlCreateSecurityDescriptorRelative
//[uLib] WARNING: [InitNtFunc] API missing: RtlIntegerToUnicode
//[uLib] WARNING: [InitNtFunc] API missing: RtlIsDosDeviceName_Ustr
//[uLib] WARNING: [InitNtFunc] API missing: RtlFindFirstRunClear
//[uLib] WARNING: [InitNtFunc] API missing: RtlFindNextForwardRunSet
//[uLib] WARNING: [InitNtFunc] API missing: RtlSetBit
//[uLib] WARNING: [InitNtFunc] API missing: InterlockedPushListSList
//[uLib] WARNING: [InitNtFunc] API missing: RtlInitializeRangeList
//[uLib] WARNING: [InitNtFunc] API missing: RtlFreeRangeList
//[uLib] WARNING: [InitNtFunc] API missing: RtlAddRange
//[uLib] WARNING: [InitNtFunc] API missing: DbgLoadImageSymbols
//[uLib] WARNING: [InitNtFunc] API missing: DbgUnLoadImageSymbols
//[uLib] WARNING: [InitNtFunc] API missing: DbgCommandString
//[uLib] WARNING: [InitNtFunc] API missing: LdrRelocateImageWithBias
//[uLib] WARNING: [InitNtFunc] API missing: RtlGetDefaultCodePage
//[uLib] WARNING: [InitNtFunc] API missing: RtlLookupFirstMatchingElementGenericTableAvl

//=============================================================================
//=============================================================================

_NTFN_EXTERN NTFUNC( NtQueryInformationProcess )(
    IN     HANDLE  ProcessHandle,
    IN     PROCESSINFOCLASS ProcessInformationClass,
    OUT    PVOID   ProcessInformation,
    IN     ULONG   ProcessInformationLength,
    OPTOUT PULONG  ReturnLength
  )_FP_;

_NTFN_EXTERN NTFUNC( NtQueryInformationThread )(
    IN     HANDLE  ThreadHandle,
    IN     THREADINFOCLASS ThreadInformationClass,
    OUT    PVOID   ThreadInformation,
    IN     ULONG   ThreadInformationLength,
    OPTOUT PULONG  ReturnLength
  )_FP_;

_NTFN_EXTERN NTFUNC( NtQueryInformationJobObject )(
    IN  HANDLE  JobHandle,
    IN  JOBOBJECTINFOCLASS JobInformationClass,
    OUT PVOID   JobInformation,
    IN  ULONG   JobInformationLength,
    OUT PULONG  ReturnLength
  )_FP_;

// Process --------------------------------------------------------------------

_NTFN_EXTERN NTFUNC( NtCreateProcess )(
    OUT   PHANDLE ProcessHandle,
    IN    ACCESS_MASK DesiredAccess,
    OPTIN POBJECT_ATTRIBUTES ObjectAttributes,
    IN    HANDLE  ParentProcess,
    IN    BOOLEAN InheritObjectTable,
    OPTIN HANDLE  SectionHandle,
    OPTIN HANDLE  DebugPort,
    OPTIN HANDLE  ExceptionPort
  )_FP_;

_NTFN_EXTERN NTFUNC( NtCreateProcessEx )(
    OUT   PHANDLE ProcessHandle,
    IN    ACCESS_MASK DesiredAccess,
    OPTIN POBJECT_ATTRIBUTES ObjectAttributes,
    IN    HANDLE  ParentProcess,
    IN    ULONG   Flags,
    OPTIN HANDLE  SectionHandle,
    OPTIN HANDLE  DebugPort,
    OPTIN HANDLE  ExceptionPort,
    IN    BOOLEAN InJob
  )_FP_;

_NTFN_EXTERN NTFUNC( NtOpenProcess )(
    OUT   PHANDLE ProcessHandle,
    IN    ACCESS_MASK DesiredAccess,
    IN    POBJECT_ATTRIBUTES ObjectAttributes,
    OPTIN PCLIENT_ID ClientId
  )_FP_;

// Thread ---------------------------------------------------------------------

_NTFN_EXTERN NTFUNC( NtCreateThread )(
    OUT   PHANDLE ThreadHandle,
    IN    ACCESS_MASK DesiredAccess,
    OPTIN POBJECT_ATTRIBUTES ObjectAttributes,
    IN    HANDLE ProcessHandle,
    OUT   PCLIENT_ID ClientId,
    IN    PCONTEXT ThreadContext,
    IN    PINITIAL_TEB UserStack,
    IN    BOOLEAN CreateSuspended
  )_FP_;

_NTFN_EXTERN NTFUNC( NtOpenThread )(
    OUT PHANDLE ThreadHandle,
    IN  ACCESS_MASK DesiredAccess,
    IN  POBJECT_ATTRIBUTES ObjectAttributes,
    IN  PCLIENT_ID ClientId
  )_FP_;

_NTFN_EXTERN NTFUNC( NtAlertThread )( IN HANDLE ThreadHandle )_FP_;

_NTFN_EXTERN NTFUNC( NtAlertResumeThread )(
    IN     HANDLE ThreadHandle,
    OPTOUT PULONG SuspendCount
  )_FP_;

_NTFN_EXTERN NTFUNCT( PTEB, NtCurrentTeb )( void )_FP_;

_NTFN_EXTERN NTFUNC( NtImpersonateThread )(
    IN HANDLE ThreadHandle,
    IN HANDLE ThreadToImpersonate,
    IN PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService
  )_FP_;

// Job ------------------------------------------------------------------------

_NTFN_EXTERN NTFUNC( NtCreateJobObject )(
    OUT PHANDLE JobHandle,
    IN  ACCESS_MASK DesiredAccess,
    IN  POBJECT_ATTRIBUTES ObjectAttributes
  )_FP_;

_NTFN_EXTERN NTFUNC( NtOpenJobObject )(
    OUT PHANDLE JobHandle,
    IN  ACCESS_MASK DesiredAccess,
    IN  POBJECT_ATTRIBUTES ObjectAttributes
  )_FP_;

_NTFN_EXTERN NTFUNC( NtCreateJobSet )(
    IN  ULONG NumJob,
    IN  PJOB_SET_ARRAY UserJobSet,
    IN  ULONG Flags
  )_FP_;

_NTFN_EXTERN NTFUNC( NtAssignProcessToJobObject )(
    IN HANDLE JobHandle,
    IN HANDLE ProcessHandle
  )_FP_;

_NTFN_EXTERN NTFUNC( NtIsProcessInJob )(
    IN    HANDLE ProcessHandle,
    OPTIN HANDLE JobHandle
  )_FP_;

// Misc

_NTFN_EXTERN NTFUNC( NtApphelpCacheControl )(
    IN    APPHELPCACHESERVICECLASS Service,
    OPTIN PAPPHELP_CACHE_SERVICE_LOOKUP ServiceData
  )_FP_;

//=============================================================================
//=============================================================================

_NTFN_EXTERN NTFUNC( NtClose )( IN HANDLE Handle )_FP_;

_NTFN_EXTERN NTFUNC( NtDuplicateObject )(
    IN  HANDLE SourceProcessHandle,
    IN  HANDLE SourceHandle,
    IN  HANDLE TargetProcessHandle,
    OUT PHANDLE TargetHandle,
    IN  ACCESS_MASK DesiredAccess,
    IN  ULONG HandleAttributes,
    IN  ULONG Options
  )_FP_;

_NTFN_EXTERN NTFUNC( NtMakePermanentObject )( IN HANDLE Object )_FP_;
_NTFN_EXTERN NTFUNC( NtMakeTemporaryObject )( IN HANDLE Handle )_FP_;

_NTFN_EXTERN NTFUNC( NtQueryObject )(
    OPTIN  HANDLE Handle,
    IN     OBJECT_INFORMATION_CLASS ObjectInformationClass,
    OUT    PVOID  ObjectInformation,
    IN     ULONG  ObjectInformationLength,
    OPTOUT PULONG ReturnLength
  )_FP_;

_NTFN_EXTERN NTFUNC( NtSetInformationObject )(
    IN HANDLE ObjectHandle,
    IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
    IN PVOID ObjectInformation,
    IN ULONG Length
  )_FP_;

// Security -------------------------------------------------------------------

_NTFN_EXTERN NTFUNC( NtQuerySecurityObject )(
    IN  HANDLE Handle,
    IN  SECURITY_INFORMATION SecurityInformation,
    OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
    IN  ULONG Length,
    OUT PULONG LengthNeeded
  )_FP_;

_NTFN_EXTERN NTFUNC( NtSetSecurityObject )(
    IN HANDLE Handle,
    IN SECURITY_INFORMATION SecurityInformation,
    IN PSECURITY_DESCRIPTOR SecurityDescriptor
  )_FP_;

// Wait -----------------------------------------------------------------------

_NTFN_EXTERN NTFUNC( NtWaitForSingleObject )(
    IN HANDLE Object,
    IN BOOLEAN Alertable,
    IN PLARGE_INTEGER Timeout OPTIONAL
  )_FP_;

_NTFN_EXTERN NTFUNC( NtSignalAndWaitForSingleObject )(
    IN HANDLE SignalObject,
    IN HANDLE WaitObject,
    IN BOOLEAN Alertable,
    IN PLARGE_INTEGER Time
  )_FP_;

_NTFN_EXTERN NTFUNC( NtWaitForMultipleObjects )(
    IN ULONG Count,
    IN HANDLE Object[],
    IN WAIT_TYPE WaitType,
    IN BOOLEAN Alertable,
    IN PLARGE_INTEGER Time
  )_FP_;

_NTFN_EXTERN NTFUNC( NtWaitForMultipleObjects32 )(
    IN ULONG ObjectCount,
    IN PLONG Handles,
    IN WAIT_TYPE WaitType,
    IN BOOLEAN Alertable,
    IN PLARGE_INTEGER TimeOut OPTIONAL
  )_FP_;

// Directory ------------------------------------------------------------------

_NTFN_EXTERN NTFUNC( NtCreateDirectoryObject )(
    OUT PHANDLE DirectoryHandle,
    IN  ACCESS_MASK DesiredAccess,
    IN  POBJECT_ATTRIBUTES ObjectAttributes
  )_FP_;

_NTFN_EXTERN NTFUNC( NtOpenDirectoryObject )(
    OUT PHANDLE FileHandle,
    IN  ACCESS_MASK DesiredAccess,
    IN  POBJECT_ATTRIBUTES ObjectAttributes
  )_FP_;

_NTFN_EXTERN NTFUNC( NtQueryDirectoryObject )(
    IN     HANDLE  DirectoryHandle,
    OUT    PVOID   Buffer,
    IN     ULONG   BufferLength,
    IN     BOOLEAN ReturnSingleEntry,
    IN     BOOLEAN RestartScan,
    INOUT  PULONG  Context,
    OPTOUT PULONG  ReturnLength
  )_FP_;

// SymLink --------------------------------------------------------------------

_NTFN_EXTERN NTFUNC( NtCreateSymbolicLinkObject )(
    OUT PHANDLE SymbolicLinkHandle,
    IN  ACCESS_MASK DesiredAccess,
    IN  POBJECT_ATTRIBUTES ObjectAttributes,
    IN  PUNICODE_STRING Name
  )_FP_;

_NTFN_EXTERN NTFUNC( NtOpenSymbolicLinkObject )(
    OUT PHANDLE SymbolicLinkHandle,
    IN  ACCESS_MASK DesiredAccess,
    IN  POBJECT_ATTRIBUTES ObjectAttributes
  )_FP_;

_NTFN_EXTERN NTFUNC( NtQuerySymbolicLinkObject )(
    IN     HANDLE SymLinkObjHandle,
    OUT    PUNICODE_STRING LinkTarget,
    OPTOUT PULONG DataWritten
  )_FP_;

// Audit ----------------------------------------------------------------------

_NTFN_EXTERN NTFUNC( NtCloseObjectAuditAlarm )(
    IN PUNICODE_STRING SubsystemName,
    IN PVOID   HandleId  OPTIONAL,
    IN BOOLEAN GenerateOnClose
  )_FP_;

_NTFN_EXTERN NTFUNC( NtDeleteObjectAuditAlarm )(
    IN PUNICODE_STRING SubsystemName,
    IN PVOID HandleId OPTIONAL,
    IN BOOLEAN GenerateOnClose
  )_FP_;

//=============================================================================
//=============================================================================

// SystemInfo

_NTFN_EXTERN NTFUNC( NtQuerySystemInformation )(
    IN     SYSTEM_INFORMATION_CLASS SystemInformationClass,
    OUT    PVOID  SystemInformation,
    IN     ULONG  InformationLength,
    OPTOUT PULONG ResultLength
  )_FP_;

_NTFN_EXTERN NTFUNC( NtSetSystemInformation )(
    IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
    IN PVOID SystemInformation,
    IN ULONG SystemInformationLength
  )_FP_;

// Environment ----------------------------------------------------------------

_NTFN_EXTERN NTFUNC( NtEnumerateSystemEnvironmentValuesEx )(
    IN  ULONG InformationClass,
    IN  PVOID Buffer,
    IN  ULONG BufferLength
  )_FP_;

_NTFN_EXTERN NTFUNC( NtQuerySystemEnvironmentValue )(
    IN     PUNICODE_STRING Name,
    OUT    PWSTR  Value,
    IN     ULONG  Length,
    OPTOUT PULONG ReturnLength
  )_FP_;

_NTFN_EXTERN NTFUNC( NtQuerySystemEnvironmentValueEx )(
    IN    PUNICODE_STRING VariableName,
    IN    LPGUID VendorGuid,
    IN    PVOID  Value,
    INOUT PULONG ReturnLength,
    INOUT PULONG Attributes
  )_FP_;

_NTFN_EXTERN NTFUNC( NtSetSystemEnvironmentValue )(
    IN PUNICODE_STRING VariableName,
    IN PUNICODE_STRING Value
  )_FP_;

_NTFN_EXTERN NTFUNC( NtSetSystemEnvironmentValueEx )(
    IN    PUNICODE_STRING VariableName,
    IN    LPGUID VendorGuid,
    IN    PVOID Value,
    INOUT PULONG ReturnLength,
    INOUT PULONG Attributes
  )_FP_;

// Language/Locale ------------------------------------------------------------

_NTFN_EXTERN NTFUNC( NtQueryDefaultUILanguage )( OUT LANGID* LanguageId )_FP_;
_NTFN_EXTERN NTFUNC( NtQueryInstallUILanguage )( OUT LANGID* LanguageId )_FP_;
_NTFN_EXTERN NTFUNC( NtSetDefaultUILanguage )( IN LANGID LanguageId )_FP_;

_NTFN_EXTERN NTFUNC( NtQueryDefaultLocale )(
    IN  BOOLEAN UserProfile,
    OUT PLCID DefaultLocaleId
  )_FP_;

_NTFN_EXTERN NTFUNC( NtSetDefaultLocale )(
    IN BOOLEAN UserProfile,
    IN LCID    DefaultLocaleId
  )_FP_;

// Atom -----------------------------------------------------------------------

_NTFN_EXTERN NTFUNC( NtAddAtom )(
    IN    PWSTR AtomName,
    IN    ULONG AtomNameLength,
    INOUT PRTL_ATOM Atom
  )_FP_;

_NTFN_EXTERN NTFUNC( NtDeleteAtom )( IN RTL_ATOM Atom )_FP_;

_NTFN_EXTERN NTFUNC( NtFindAtom )(
    IN     PWSTR AtomName,
    IN     ULONG AtomNameLength,
    OPTOUT PRTL_ATOM Atom
  )_FP_;

_NTFN_EXTERN NTFUNC( NtQueryInformationAtom )(
    IN     RTL_ATOM Atom,
    IN     ATOM_INFORMATION_CLASS AtomInformationClass,
    OUT    PVOID AtomInformation,
    IN     ULONG AtomInformationLength,
    OPTOUT PULONG ReturnLength
  )_FP_;

// Timer ----------------------------------------------------------------------

_NTFN_EXTERN NTFUNC( NtCreateTimer )(
    OUT   PHANDLE TimerHandle,
    IN    ACCESS_MASK DesiredAccess,
    OPTIN POBJECT_ATTRIBUTES ObjectAttributes,
    IN    TIMER_TYPE TimerType
  )_FP_;

_NTFN_EXTERN NTFUNC( NtOpenTimer )(
    OUT PHANDLE TimerHandle,
    IN  ACCESS_MASK DesiredAccess,
    IN  POBJECT_ATTRIBUTES ObjectAttributes
  )_FP_;

_NTFN_EXTERN NTFUNC( NtQueryTimer )(
    IN  HANDLE TimerHandle,
    IN  TIMER_INFORMATION_CLASS TimerInformationClass,
    OUT PVOID  TimerInformation,
    IN  ULONG  Length,
    OUT PULONG ResultLength
  )_FP_;

_NTFN_EXTERN NTFUNC( NtSetTimer )(
    IN     HANDLE   TimerHandle,
    IN     PLARGE_INTEGER DueTime,
    IN     PTIMER_APC_ROUTINE TimerApcRoutine,
    IN     PVOID    TimerContext,
    IN     BOOLEAN  WakeTimer,
    OPTIN  LONG     Period,
    OPTOUT PBOOLEAN PreviousState
  )_FP_;

_NTFN_EXTERN NTFUNC( NtCancelTimer )(
    IN     HANDLE TimerHandle,
    OPTOUT PBOOLEAN CurrentState
  )_FP_;

// Event ----------------------------------------------------------------------

_NTFN_EXTERN NTFUNC( NtCreateEvent )(
    OUT   PHANDLE EventHandle,
    IN    ACCESS_MASK DesiredAccess,
    OPTIN POBJECT_ATTRIBUTES ObjectAttributes,
    IN    EVENT_TYPE EventType,
    IN    BOOLEAN InitialState
  )_FP_;

_NTFN_EXTERN NTFUNC( NtOpenEvent )(
    OUT PHANDLE EventHandle,
    IN  ACCESS_MASK DesiredAccess,
    IN  POBJECT_ATTRIBUTES ObjectAttributes
  )_FP_;

_NTFN_EXTERN NTFUNC( NtQueryEvent )(
    IN  HANDLE EventHandle,
    IN  EVENT_INFORMATION_CLASS EventInformationClass,
    OUT PVOID  EventInformation,
    IN  ULONG  EventInformationLength,
    OUT PULONG ReturnLength
  )_FP_;

_NTFN_EXTERN NTFUNC( NtSetEvent )(
    IN     HANDLE EventHandle,
    OPTOUT PLONG  PreviousState
  )_FP_;

_NTFN_EXTERN NTFUNC( NtResetEvent )(
    IN     HANDLE EventHandle,
    OPTOUT PLONG  NumberOfWaitingThreads
  )_FP_;

_NTFN_EXTERN NTFUNC( NtClearEvent )( IN HANDLE EventHandle )_FP_;

_NTFN_EXTERN NTFUNC( NtPulseEvent )(
    IN    HANDLE EventHandle,
    OPTIN PLONG  PulseCount
  )_FP_;

// KeyedEvent -----------------------------------------------------------------

_NTFN_EXTERN NTFUNC( NtCreateKeyedEvent )(
    OUT PHANDLE OutHandle,
    IN  ACCESS_MASK AccessMask,
    IN  POBJECT_ATTRIBUTES ObjectAttributes,
    IN  ULONG Flags
  )_FP_;

_NTFN_EXTERN NTFUNC( NtOpenKeyedEvent )(
    OUT PHANDLE OutHandle,
    IN  ACCESS_MASK AccessMask,
    IN  POBJECT_ATTRIBUTES ObjectAttributes
  )_FP_;

_NTFN_EXTERN NTFUNC( NtWaitForKeyedEvent )(
    OPTIN HANDLE EventHandle,
    IN    PVOID  Key, // NOTE: Must be evenly aligned
    IN    BOOLEAN Alertable,
    OPTIN PLARGE_INTEGER Timeout
  )_FP_;

_NTFN_EXTERN NTFUNC( NtReleaseKeyedEvent )(
    OPTIN HANDLE  EventHandle,
    IN    PVOID   Key, // NOTE: Must be evenly aligned
    IN    BOOLEAN Alertable,
    OPTIN PLARGE_INTEGER Timeout
  )_FP_;

// EventPair ------------------------------------------------------------------

_NTFN_EXTERN NTFUNC( NtCreateEventPair )(
    OUT PHANDLE EventPairHandle,
    IN  ACCESS_MASK DesiredAccess,
    IN  POBJECT_ATTRIBUTES ObjectAttributes
  )_FP_;

_NTFN_EXTERN NTFUNC( NtOpenEventPair )(
    OUT PHANDLE EventPairHandle,
    IN  ACCESS_MASK DesiredAccess,
    IN  POBJECT_ATTRIBUTES ObjectAttributes
  )_FP_;

_NTFN_EXTERN NTFUNC( NtSetHighEventPair )( IN HANDLE EventPair )_FP_;
_NTFN_EXTERN NTFUNC( NtSetLowEventPair )( IN HANDLE EventPair )_FP_;

_NTFN_EXTERN NTFUNC( NtSetHighWaitLowEventPair )( IN HANDLE EventPair )_FP_;
_NTFN_EXTERN NTFUNC( NtSetLowWaitHighEventPair )( IN HANDLE EventPair )_FP_;

_NTFN_EXTERN NTFUNC( NtWaitHighEventPair )( IN HANDLE EventPairHandle )_FP_;
_NTFN_EXTERN NTFUNC( NtWaitLowEventPair )( IN HANDLE EventPairHandle )_FP_;

// Mutant ---------------------------------------------------------------------

_NTFN_EXTERN NTFUNC( NtCreateMutant )(
    OUT PHANDLE MutantHandle,
    IN  ACCESS_MASK DesiredAccess,
    IN  POBJECT_ATTRIBUTES ObjectAttributes,
    IN  BOOLEAN InitialOwner
  )_FP_;

_NTFN_EXTERN NTFUNC( NtOpenMutant )(
    OUT PHANDLE MutantHandle,
    IN  ACCESS_MASK DesiredAccess,
    IN  POBJECT_ATTRIBUTES ObjectAttributes
  )_FP_;

_NTFN_EXTERN NTFUNC( NtQueryMutant )(
    IN  HANDLE MutantHandle,
    IN  MUTANT_INFORMATION_CLASS MutantInformationClass,
    OUT PVOID  MutantInformation,
    IN  ULONG  Length,
    OUT PULONG ResultLength
  )_FP_;

_NTFN_EXTERN NTFUNC( NtReleaseMutant )(
    IN    HANDLE MutantHandle,
    OPTIN PLONG  ReleaseCount
  )_FP_;

// Semaphore ------------------------------------------------------------------

_NTFN_EXTERN NTFUNC( NtCreateSemaphore )(
    OUT   PHANDLE SemaphoreHandle,
    IN    ACCESS_MASK DesiredAccess,
    OPTIN POBJECT_ATTRIBUTES ObjectAttributes,
    IN    LONG InitialCount,
    IN    LONG MaximumCount
  )_FP_;

_NTFN_EXTERN NTFUNC( NtOpenSemaphore )(
    OUT PHANDLE SemaphoreHandle,
    IN  ACCESS_MASK DesiredAcces,
    IN  POBJECT_ATTRIBUTES ObjectAttributes
  )_FP_;

_NTFN_EXTERN NTFUNC( NtQuerySemaphore )(
    IN  HANDLE SemaphoreHandle,
    IN  SEMAPHORE_INFORMATION_CLASS SemaphoreInformationClass,
    OUT PVOID  SemaphoreInformation,
    IN  ULONG  Length,
    OUT PULONG ReturnLength
  )_FP_;

_NTFN_EXTERN NTFUNC( NtReleaseSemaphore )(
    IN     HANDLE SemaphoreHandle,
    IN     LONG   ReleaseCount,
    OPTOUT PLONG  PreviousCount
  )_FP_;

// Misc Executive -------------------------------------------------------------

_NTFN_EXTERN NTFUNC( NtDisplayString )(
    IN PUNICODE_STRING DisplayString
  )_FP_;

_NTFN_EXTERN NTFUNC( NtRaiseHardError )(
    IN  NTSTATUS ErrorStatus,
    IN  ULONG    NumberOfParameters,
    IN  ULONG    UnicodeStringParameterMask,
    IN  PULONG_PTR Parameters,
    IN  ULONG    ValidResponseOptions,
    OUT PULONG   Response
  )_FP_;

_NTFN_EXTERN NTFUNC( NtSetDefaultHardErrorPort )( IN HANDLE PortHandle )_FP_;
_NTFN_EXTERN NTFUNC( NtShutdownSystem )( IN SHUTDOWN_ACTION Action )_FP_;
_NTFN_EXTERN NTFUNC( NtSetEventBoostPriority )( IN HANDLE EventHandle )_FP_;
_NTFN_EXTERN NTFUNC( NtSetUuidSeed )( IN PUCHAR UuidSeed )_FP_;

_NTFN_EXTERN NTFUNC( NtTraceEvent )(
    IN ULONG TraceHandle,
    IN ULONG Flags,
    IN ULONG TraceHeaderLength,
    IN PEVENT_TRACE_HEADER TraceHeader
  )_FP_;

//=============================================================================
//=============================================================================

_NTFN_EXTERN NTFUNCT( ULONG, NtGetCurrentProcessorNumber )( VOID )_FP_;

// ExecutionControl -----------------------------------------------------------

_NTFN_EXTERN NTFUNC( NtYieldExecution )( VOID )_FP_;

_NTFN_EXTERN NTFUNC( NtDelayExecution )(
    IN  BOOLEAN Alertable,
    IN  LARGE_INTEGER* Interval
  )_FP_;

_NTFN_EXTERN NTFUNC( NtRaiseException )(
    IN  PEXCEPTION_RECORD ExceptionRecord,
    IN  PCONTEXT Context,
    IN  BOOLEAN  SearchFrames
  )_FP_;

_NTFN_EXTERN NTFUNC( NtContinue )(
    IN  PCONTEXT Context,
    IN  BOOLEAN  TestAlert
  )_FP_;

_NTFN_EXTERN NTFUNC( NtW32Call )( // Not in Win7 x64 NTDLL.
    IN     ULONG RoutineIndex,
    IN     PVOID Argument,
    IN     ULONG ArgumentLength,
    OPTOUT PVOID* Result,
    OPTOUT PULONG ResultLength
  )_FP_;

// KernelTime -----------------------------------------------------------------

_NTFN_EXTERN NTFUNCT( ULONG, NtGetTickCount )( VOID )_FP_;

_NTFN_EXTERN NTFUNC( NtQuerySystemTime )(
    OUT PLARGE_INTEGER CurrentTime
  )_FP_;

_NTFN_EXTERN NTFUNC( NtSetSystemTime )(
    IN    PLARGE_INTEGER SystemTime,
    OPTIN PLARGE_INTEGER NewSystemTime
  )_FP_;

_NTFN_EXTERN NTFUNC( NtQueryPerformanceCounter )(
    OUT    PLARGE_INTEGER Counter,
    OPTOUT PLARGE_INTEGER Frequency
  )_FP_;

_NTFN_EXTERN NTFUNC( NtQueryTimerResolution )(
    OUT PULONG MinimumResolution,
    OUT PULONG MaximumResolution,
    OUT PULONG ActualResolution
  )_FP_;

_NTFN_EXTERN NTFUNC( NtSetTimerResolution )(
    IN  ULONG   RequestedResolution,
    IN  BOOLEAN SetOrUnset,
    OUT PULONG  ActualResolution
  )_FP_;

// ThreadContext --------------------------------------------------------------

_NTFN_EXTERN NTFUNC( NtGetContextThread )(
    IN  HANDLE   ThreadHandle,
    OUT PCONTEXT Context
  )_FP_;

_NTFN_EXTERN NTFUNC( NtSetContextThread )(
    IN  HANDLE   ThreadHandle,
    IN  PCONTEXT Context
  )_FP_;

// Profiling ------------------------------------------------------------------

_NTFN_EXTERN NTFUNC( NtCreateProfile )(
    OUT PHANDLE ProfileHandle,
    IN  HANDLE  ProcessHandle,
    IN  PVOID   ImageBase,
    IN  SIZE_T  ImageSize,
    IN  ULONG   Granularity,
    OUT PVOID   Buffer,
    IN  ULONG   ProfilingSize,
    IN  KPROFILE_SOURCE Source,
    IN  KAFFINITY ProcessorMask
  )_FP_;

#if 0 // temp hack
typedef struct _GROUP_AFFINITY {
  KAFFINITY Mask;
  WORD      Group;
  WORD      Reserved[3];
} GROUP_AFFINITY, *PGROUP_AFFINITY;
#endif

_NTFN_EXTERN NTFUNC( NtCreateProfileEx )(
    OUT PHANDLE ProfileHandle,
    IN  HANDLE  ProcessHandle,
    IN  PVOID   ImageBase,
    IN  SIZE_T  ImageSize,
    IN  ULONG   Granularity,
    OUT PVOID   Buffer,
    IN  ULONG   ProfilingSize,
    IN  KPROFILE_SOURCE Source,
    IN  USHORT  GroupCount,
    IN  PGROUP_AFFINITY Affinity
  )_FP_;

_NTFN_EXTERN NTFUNC( NtStartProfile )( IN HANDLE ProfileHandle )_FP_;
_NTFN_EXTERN NTFUNC( NtStopProfile )( IN HANDLE ProfileHandle )_FP_;

_NTFN_EXTERN NTFUNC( NtQueryIntervalProfile )(
    IN  KPROFILE_SOURCE ProfileSource,
    OUT PULONG Interval
  )_FP_;

_NTFN_EXTERN NTFUNC( NtSetIntervalProfile )(
    IN  ULONG Interval,
    IN  KPROFILE_SOURCE ClockSource
  )_FP_;

// APC ------------------------------------------------------------------------

_NTFN_EXTERN NTFUNC( NtQueueApcThread )(
    IN    HANDLE ThreadHandle,
    IN    PKNORMAL_ROUTINE ApcRoutine,
    OPTIN PVOID NormalContext,
    OPTIN PVOID SystemArgument1,
    OPTIN PVOID SystemArgument2
  )_FP_;

_NTFN_EXTERN NTFUNC( NtTestAlert )( VOID )_FP_;

_NTFN_EXTERN NTFUNC( NtCallbackReturn )( // Careful with that axe, Eugene!
    OPTIN PVOID Result,
    IN    ULONG ResultLength,
    IN    NTSTATUS Status
  )_FP_;

// Banana Benders & Raisin Wrinklers ------------------------------------------

_NTFN_EXTERN NTFUNC( NtSetLdtEntries )(
    IN  ULONG     Selector1,
    IN  LDT_ENTRY LdtEntry1,
    IN  ULONG     Selector2,
    IN  LDT_ENTRY LdtEntry2
  )_FP_;

_NTFN_EXTERN NTFUNC( NtVdmControl )(
    IN  ULONG ControlCode,
    IN  PVOID ControlData
  )_FP_;

//=============================================================================
//=============================================================================

_NTFN_EXTERN NTFUNC( NtQueryDebugFilterState )(
     ULONG  ComponentId,
     ULONG  Level
   )_FP_;

//_NTFN_EXTERN NTFUNCT( ULONG, NtQueryDebugFilterLevel )( // PONDER: TODO?
//     ULONG  ComponentId
//   )_FP_;

_NTFN_EXTERN NTFUNC( NtSetDebugFilterState )(
    ULONG   ComponentId,
    ULONG   Level,
    BOOLEAN State
  )_FP_;

_NTFN_EXTERN NTFUNC( NtSystemDebugControl )(
    SYSDBG_COMMAND ControlCode,
    PVOID   InputBuffer,
    ULONG   InputBufferLength,
    PVOID   OutputBuffer,
    ULONG   OutputBufferLength,
    PULONG  ReturnLength
  )_FP_;

//=============================================================================
//=============================================================================

_NTFN_EXTERN NTFUNC( NtDebugActiveProcess )(
    IN  HANDLE Process,
    IN  HANDLE DebugObject
  )_FP_;

_NTFN_EXTERN NTFUNC( NtRemoveProcessDebug )(
    IN  HANDLE Process,
    IN  HANDLE DebugObject
  )_FP_;

_NTFN_EXTERN NTFUNC( NtCreateDebugObject )(
    OUT PHANDLE DebugHandle,
    IN  ACCESS_MASK DesiredAccess,
    IN  POBJECT_ATTRIBUTES ObjectAttributes,
    IN  ULONG Flags
  )_FP_;

_NTFN_EXTERN NTFUNC( NtDebugContinue )(
    IN  HANDLE DebugObject,
    IN  PCLIENT_ID AppClientId,
    IN  NTSTATUS ContinueStatus
  )_FP_;

_NTFN_EXTERN NTFUNC( NtWaitForDebugEvent )(
    IN  HANDLE DebugObject,
    IN  BOOLEAN Alertable,
    OPTIN PLARGE_INTEGER Timeout,
    OUT PDBGUI_WAIT_STATE_CHANGE StateChange
  )_FP_;

_NTFN_EXTERN NTFUNC( NtSetInformationDebugObject )(
    IN  HANDLE DebugObject,
    IN  DEBUGOBJECTINFOCLASS InformationClass,
    IN  PVOID Information,
    IN  ULONG InformationLength,
    OPTOUT PULONG ReturnLength
  )_FP_;

// <- User-Mode NT Library Functions ------------------------------------------

_NTFN_EXTERN NTFUNC( DbgUiConnectToDbg )( VOID )_FP_;

_NTFN_EXTERN NTFUNC( DbgUiDebugActiveProcess )(
    IN HANDLE Process
  )_FP_;

_NTFN_EXTERN NTFUNC( DbgUiStopDebugging )(
    IN HANDLE Process
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, DbgBreakPointWithStatus )( IN ULONG Status )_FP_;

_NTFN_EXTERN NTFUNC( DbgUiContinue )(
    IN PCLIENT_ID ClientId,
    IN NTSTATUS ContinueStatus
  )_FP_;

_NTFN_EXTERN NTFUNC( DbgUiWaitStateChange )(
    IN PDBGUI_WAIT_STATE_CHANGE DbgUiWaitStateCange,
    IN PLARGE_INTEGER TimeOut
  )_FP_;

_NTFN_EXTERN NTFUNC( DbgUiConvertStateChangeStructure )(
    IN PDBGUI_WAIT_STATE_CHANGE WaitStateChange,
    IN PVOID DebugEvent
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, DbgUiRemoteBreakin )( VOID )_FP_;

_NTFN_EXTERN NTFUNC( DbgUiIssueRemoteBreakin )( IN HANDLE Process )_FP_;

_NTFN_EXTERN NTFUNCT( HANDLE, DbgUiGetThreadDebugObject )( VOID )_FP_;

//=============================================================================
//=============================================================================

// File

_NTFN_EXTERN NTFUNC( NtCreateFile )(
    OUT   PHANDLE FileHandle,
    IN    ACCESS_MASK DesiredAccess,
    IN    POBJECT_ATTRIBUTES ObjectAttributes,
    OUT   PIO_STATUS_BLOCK IoStatusBlock,
    OPTIN PLARGE_INTEGER AllocationSize,
    IN    ULONG FileAttributes,
    IN    ULONG ShareAccess,
    IN    ULONG CreateDisposition,
    IN    ULONG CreateOptions,
    IN    PVOID EaBuffer,
    IN    ULONG EaLength
  )_FP_;

_NTFN_EXTERN NTFUNC( NtOpenFile )(
    OUT PHANDLE FileHandle,
    IN  ACCESS_MASK DesiredAccess,
    IN  POBJECT_ATTRIBUTES ObjectAttributes,
    OUT PIO_STATUS_BLOCK IoStatusBlock,
    IN  ULONG   ShareAccess,
    IN  ULONG   OpenOptions
  )_FP_;

_NTFN_EXTERN NTFUNC( NtDeleteFile )(
    IN  POBJECT_ATTRIBUTES ObjectAttributes
  )_FP_;

_NTFN_EXTERN NTFUNC( NtLockFile )(
    IN    HANDLE  FileHandle,
    OPTIN HANDLE  Event,
    OPTIN PIO_APC_ROUTINE ApcRoutine,
    OPTIN PVOID   ApcContext,
    OUT   PIO_STATUS_BLOCK IoStatusBlock,
    IN    PLARGE_INTEGER ByteOffset,
    IN    PLARGE_INTEGER Length,
    IN    ULONG   Key,
    IN    BOOLEAN FailImmediatedly,
    IN    BOOLEAN ExclusiveLock
  )_FP_;

_NTFN_EXTERN NTFUNC( NtUnlockFile )(
    IN  HANDLE FileHandle,
    OUT PIO_STATUS_BLOCK IoStatusBlock,
    IN  PLARGE_INTEGER ByteOffset,
    IN  PLARGE_INTEGER Length,
    IN  ULONG Key
  )_FP_;

_NTFN_EXTERN NTFUNC( NtReadFile )(
    IN    HANDLE FileHandle,
    OPTIN HANDLE Event,
    OPTIN PIO_APC_ROUTINE ApcRoutine,
    OPTIN PVOID ApcContext,
    OUT   PIO_STATUS_BLOCK IoStatusBlock,
    OUT   PVOID Buffer, //_Out_writes_bytes_(Length)
    IN    ULONG Length,
    OPTIN PLARGE_INTEGER ByteOffset,
    OPTIN PULONG Key
  )_FP_;

_NTFN_EXTERN NTFUNC( NtReadFileScatter )(
    IN    HANDLE FileHandle,
    OPTIN HANDLE Event,
    OPTIN PIO_APC_ROUTINE UserApcRoutine,
    OPTIN PVOID UserApcContext,
    OUT   PIO_STATUS_BLOCK UserIoStatusBlock,
    IN    FILE_SEGMENT_ELEMENT BufferDescription[],
    IN    ULONG BufferLength,
    IN    PLARGE_INTEGER ByteOffset,
    OPTIN PULONG Key
  )_FP_;

_NTFN_EXTERN NTFUNC( NtWriteFile )(
    IN    HANDLE FileHandle,
    OPTIN HANDLE Event,
    OPTIN PIO_APC_ROUTINE ApcRoutine,
    OPTIN PVOID ApcContext,
    OUT   PIO_STATUS_BLOCK IoStatusBlock,
    IN    PVOID Buffer, //_In_reads_bytes_(Length)
    IN    ULONG Length,
    OPTIN PLARGE_INTEGER ByteOffset,
    OPTIN PULONG Key
  )_FP_;

_NTFN_EXTERN NTFUNC( NtWriteFileGather )(
    IN    HANDLE FileHandle,
    OPTIN HANDLE Event,
    OPTIN PIO_APC_ROUTINE ApcRoutine,
    OPTIN PVOID ApcContext,
    OUT   PIO_STATUS_BLOCK IoStatusBlock,
    IN    FILE_SEGMENT_ELEMENT BufferDescription[],
    IN    ULONG BufferLength,
    IN    PLARGE_INTEGER ByteOffset,
    OPTIN PULONG Key
  )_FP_;

_NTFN_EXTERN NTFUNC( NtCancelIoFile )(
    IN  HANDLE FileHandle,
    OUT PIO_STATUS_BLOCK IoStatusBlock
  )_FP_;

_NTFN_EXTERN NTFUNC( NtFlushBuffersFile )(
    IN  HANDLE FileHandle,
    OUT PIO_STATUS_BLOCK IoStatusBlock
  )_FP_;

_NTFN_EXTERN NTFUNC( NtFlushWriteBuffer )( VOID )_FP_; // NOP on x86

_NTFN_EXTERN NTFUNC( NtQueryInformationFile )(
    IN  HANDLE FileHandle,
    OUT PIO_STATUS_BLOCK IoStatusBlock,
    OUT PVOID  FileInformation,
    IN  ULONG  Length,
    IN  FILE_INFORMATION_CLASS FileInformationClass
  )_FP_;

_NTFN_EXTERN NTFUNC( NtSetInformationFile )(
    IN  HANDLE FileHandle,
    OUT PIO_STATUS_BLOCK IoStatusBlock,
    IN  PVOID  FileInformation, //_In_reads_bytes_(Length)
    IN  ULONG  Length,
    IN  FILE_INFORMATION_CLASS FileInformationClass
  )_FP_;

_NTFN_EXTERN NTFUNC( NtQueryEaFile )(
    IN    HANDLE  FileHandle,
    OUT   PIO_STATUS_BLOCK IoStatusBlock,
    OUT   PVOID   Buffer,
    IN    ULONG   Length,
    IN    BOOLEAN ReturnSingleEntry,
    OPTIN PVOID   EaList,
    IN    ULONG   EaListLength,
    OPTIN PULONG  EaIndex,
    IN    BOOLEAN RestartScan
  )_FP_;

_NTFN_EXTERN NTFUNC( NtSetEaFile )(
    IN  HANDLE FileHandle,
    OUT PIO_STATUS_BLOCK IoStatusBlock,
    IN  PVOID  EaBuffer,
    IN  ULONG  EaBufferSize
  )_FP_;

_NTFN_EXTERN NTFUNC( NtQueryAttributesFile )(
    IN  POBJECT_ATTRIBUTES ObjectAttributes,
    OUT PFILE_BASIC_INFORMATION FileInformation
  )_FP_;

_NTFN_EXTERN NTFUNC( NtQueryFullAttributesFile )(
    IN  POBJECT_ATTRIBUTES ObjectAttributes,
    OUT PFILE_NETWORK_OPEN_INFORMATION FileInformation
  )_FP_;

// Mailslot -------------------------------------------------------------------

_NTFN_EXTERN NTFUNC( NtCreateMailslotFile )(
    OUT PHANDLE MailSlotFileHandle,
    IN  ACCESS_MASK DesiredAccess,
    IN  POBJECT_ATTRIBUTES ObjectAttributes,
    OUT PIO_STATUS_BLOCK IoStatusBlock,
    IN  ULONG FileAttributes,
    IN  ULONG ShareAccess,
    IN  ULONG MaxMessageSize,
    IN  PLARGE_INTEGER TimeOut
  )_FP_;

// Pipe -----------------------------------------------------------------------

_NTFN_EXTERN NTFUNC( NtCreateNamedPipeFile )(
    OUT PHANDLE NamedPipeFileHandle,
    IN  ACCESS_MASK DesiredAccess,
    IN  POBJECT_ATTRIBUTES ObjectAttributes,
    OUT PIO_STATUS_BLOCK IoStatusBlock,
    IN  ULONG ShareAccess,
    IN  ULONG CreateDisposition,
    IN  ULONG CreateOptions,
    IN  ULONG WriteModeMessage,
    IN  ULONG ReadModeMessage,
    IN  ULONG NonBlocking,
    IN  ULONG MaxInstances,
    IN  ULONG InBufferSize,
    IN  ULONG OutBufferSize,
    IN  PLARGE_INTEGER DefaultTimeOut
  )_FP_;

// Directory/Volume -----------------------------------------------------------

_NTFN_EXTERN NTFUNC( NtQueryDirectoryFile )(
    IN    HANDLE  DirectoryFileHandle,
    OPTIN HANDLE  Event,
    OPTIN PIO_APC_ROUTINE ApcRoutine,
    OPTIN PVOID ApcContext,
    OUT   PIO_STATUS_BLOCK IoStatusBlock,
    OUT   PVOID   FileInformation,
    IN    ULONG   Length,
    IN    FILE_INFORMATION_CLASS FileInformationClass,
    IN    BOOLEAN ReturnSingleEntry,
    OPTIN PUNICODE_STRING FileNamePattern,
    IN    BOOLEAN RestartScan
  )_FP_;

_NTFN_EXTERN NTFUNC( NtNotifyChangeDirectoryFile )(
    IN    HANDLE  DirectoryFileHandle,
    OPTIN HANDLE  Event,
    OPTIN PIO_APC_ROUTINE ApcRoutine,
    OPTIN PVOID ApcContext,
    OUT   PIO_STATUS_BLOCK IoStatusBlock,
    OUT   PVOID   Buffer,
    IN    ULONG   BufferSize,
    IN    ULONG   CompletionFilter,
    IN    BOOLEAN WatchTree
  )_FP_;

_NTFN_EXTERN NTFUNC( NtQueryVolumeInformationFile )(
    IN  HANDLE  FileHandle, // File, Directory, Storage device, or Volume.
    OUT PIO_STATUS_BLOCK IoStatusBlock,
    OUT PVOID   FsInformation,
    IN  ULONG   Length,
    IN  FS_INFORMATION_CLASS FsInformationClass
  )_FP_;

_NTFN_EXTERN NTFUNC( NtSetVolumeInformationFile )(
    IN  HANDLE  FileHandle, // File, Directory, Storage device, or Volume.
    OUT PIO_STATUS_BLOCK IoStatusBlock,
    IN  PVOID   FsInformation,
    IN  ULONG   Length,
    IN  FS_INFORMATION_CLASS FsInformationClass
  )_FP_;

_NTFN_EXTERN NTFUNC( NtQueryQuotaInformationFile )(
    IN  HANDLE  VolumeFileHandle,
    OUT PIO_STATUS_BLOCK IoStatusBlock,
    OUT PVOID   Buffer,
    IN  ULONG   Length,
    IN  BOOLEAN ReturnSingleEntry,
    IN  PVOID   SidList,
    IN  ULONG   SidListLength,
    IN  PSID    StartSid,
    IN  BOOLEAN RestartScan
  )_FP_;

_NTFN_EXTERN NTFUNC( NtSetQuotaInformationFile )(
    HANDLE  VolumeFileHandle,
    PIO_STATUS_BLOCK IoStatusBlock,
    PVOID   Buffer,
    ULONG   BufferLength
  )_FP_;

// I/O Completion -------------------------------------------------------------

_NTFN_EXTERN NTFUNC( NtCreateIoCompletion )(
    OUT   PHANDLE IoCompletionHandle,
    IN    ACCESS_MASK DesiredAccess,
    OPTIN POBJECT_ATTRIBUTES ObjectAttributes,
    IN    ULONG NumberOfConcurrentThreads
  )_FP_;

_NTFN_EXTERN NTFUNC( NtOpenIoCompletion )(
    OUT PHANDLE CompetionPort,
    IN  ACCESS_MASK DesiredAccess,
    IN  POBJECT_ATTRIBUTES ObjectAttributes
  )_FP_;

_NTFN_EXTERN NTFUNC( NtQueryIoCompletion )(
    IN  HANDLE IoCompletionHandle,
    IN  IO_COMPLETION_INFORMATION_CLASS IoCompletionInformationClass,
    OUT PVOID IoCompletionInformation,
    IN  ULONG IoCompletionInformationLength,
    OUT OPTIONAL PULONG ResultLength
  )_FP_;

_NTFN_EXTERN NTFUNC( NtSetIoCompletion )(
    IN  HANDLE IoCompletionPortHandle,
    IN  PVOID  CompletionKey,
    IN  PVOID  CompletionContext,
    IN  NTSTATUS CompletionStatus,
    IN  ULONG  CompletionInformation
  )_FP_;

_NTFN_EXTERN NTFUNC( NtRemoveIoCompletion )(
    IN    HANDLE IoCompletionHandle,
    OUT   PVOID* CompletionKey,
    OUT   PVOID* CompletionContext,
    OUT   PIO_STATUS_BLOCK IoStatusBlock,
    OPTIN PLARGE_INTEGER Timeout
  )_FP_;

// I/O Control ----------------------------------------------------------------

_NTFN_EXTERN NTFUNC( NtDeviceIoControlFile )(
    IN    HANDLE FileHandle,
    OPTIN HANDLE Event,
    OPTIN PIO_APC_ROUTINE ApcRoutine,
    OPTIN PVOID ApcContext,
    OUT   PIO_STATUS_BLOCK IoStatusBlock,
    IN    ULONG IoControlCode,
    IN    PVOID InputBuffer,
    IN    ULONG InputBufferLength,
    IN    PVOID OutputBuffer,
    IN    ULONG OutputBufferLength
  )_FP_;

_NTFN_EXTERN NTFUNC( NtFsControlFile )(
    IN    HANDLE FileHandle,
    OPTIN HANDLE Event,
    OPTIN PIO_APC_ROUTINE ApcRoutine,
    OPTIN PVOID ApcContext,
    OUT   PIO_STATUS_BLOCK IoStatusBlock,
    IN    ULONG FsControlCode,
    IN    PVOID InputBuffer,
    IN    ULONG InputBufferLength,
    IN    PVOID OutputBuffer,
    IN    ULONG OutputBufferLength
  )_FP_;

// Driver ---------------------------------------------------------------------

_NTFN_EXTERN NTFUNC( NtLoadDriver )(
    IN  PUNICODE_STRING DriverServiceName
  )_FP_;

_NTFN_EXTERN NTFUNC( NtUnloadDriver )(
    IN  PUNICODE_STRING DriverServiceName
  )_FP_;

// DriverEntry (assumed to be UEFI) -------------------------------------------
// Note: These APIs return STATUS_NOT_IMPLEMENTED on a non-EFI machine.
// However, I have no UEFI machine to verify this assumption.

_NTFN_EXTERN NTFUNC( NtAddDriverEntry )(
    IN  PEFI_DRIVER_ENTRY BootEntry,
    IN  ULONG Id
  )_FP_;

_NTFN_EXTERN NTFUNC( NtDeleteDriverEntry )(
    IN  ULONG Id
  )_FP_;

_NTFN_EXTERN NTFUNC( NtModifyDriverEntry )(
    IN  PEFI_DRIVER_ENTRY DriverEntry
  )_FP_;

_NTFN_EXTERN NTFUNC( NtEnumerateDriverEntries )(
    IN  PVOID Buffer,
    IN  PULONG BufferLength
  )_FP_;

_NTFN_EXTERN NTFUNC( NtQueryDriverEntryOrder )(
    IN  PULONG Ids,
    IN  PULONG Count
  )_FP_;

_NTFN_EXTERN NTFUNC( NtSetDriverEntryOrder )(
    IN  PULONG Ids,
    IN  PULONG Count
  )_FP_;

// Boot (assumed to be EFI) ---------------------------------------------------

_NTFN_EXTERN NTFUNC( NtQueryBootOptions )(
    IN  PBOOT_OPTIONS BootOptions,
    IN  PULONG BootOptionsLength
  )_FP_;

_NTFN_EXTERN NTFUNC( NtSetBootOptions )(
    IN  PBOOT_OPTIONS BootOptions,
    IN  ULONG FieldsToChange
  )_FP_;

_NTFN_EXTERN NTFUNC( NtAddBootEntry )(
    IN  PBOOT_ENTRY BootEntry,
    IN  ULONG Id
  )_FP_;

_NTFN_EXTERN NTFUNC( NtDeleteBootEntry )(
    IN  ULONG Id
  )_FP_;

_NTFN_EXTERN NTFUNC( NtModifyBootEntry )(
    IN  PBOOT_ENTRY BootEntry
  )_FP_;

_NTFN_EXTERN NTFUNC( NtEnumerateBootEntries )(
    IN  PVOID Buffer,
    IN  PULONG BufferLength
  )_FP_;

_NTFN_EXTERN NTFUNC( NtQueryBootEntryOrder )(
    IN  PULONG Ids,
    IN  PULONG Count
  )_FP_;

_NTFN_EXTERN NTFUNC( NtSetBootEntryOrder )(
    IN  PULONG Ids,
    IN  PULONG Count
  )_FP_;

// Misc (assumed to be EFI) ---------------------------------------------------

_NTFN_EXTERN NTFUNC( NtTranslateFilePath )(
    IN    PFILE_PATH InputFilePath,
    IN    ULONG OutputType,
    OUT   PFILE_PATH OutputFilePath,
    INOUT PULONG OutputFilePathLength
  )_FP_;

//=============================================================================
//=============================================================================

// Resource Functions

_NTFN_EXTERN NTFUNC( LdrFindResource_U )(
    IN  PVOID BaseAddress,
    IN  PLDR_RESOURCE_INFO ResourceInfo,
    IN  ULONG Level,
    OUT PIMAGE_RESOURCE_DATA_ENTRY *ResourceDataEntry
  )_FP_;

_NTFN_EXTERN NTFUNC( LdrFindResourceDirectory_U )(
    IN  PVOID BaseAddress,
    IN  PLDR_RESOURCE_INFO ResourceInfo,
    IN  ULONG Level,
    OUT PIMAGE_RESOURCE_DIRECTORY *ResourceDirectory
  )_FP_;

_NTFN_EXTERN NTFUNC( LdrEnumResources )(
    IN    PVOID BaseAddress,
    IN    PLDR_RESOURCE_INFO ResourceInfo,
    IN    ULONG Level,
    INOUT ULONG* ResourceCount,
    OUT   LDR_ENUM_RESOURCE_INFO* Resources
  )_FP_;

_NTFN_EXTERN NTFUNC( LdrAccessResource )(
    IN     PVOID BaseAddress,
    IN     PIMAGE_RESOURCE_DATA_ENTRY ResourceDataEntry,
    OPTOUT PVOID *Resource,
    OPTOUT PULONG Size
  )_FP_;

_NTFN_EXTERN NTFUNC( LdrLoadAlternateResourceModule )(
    IN  PVOID Module,
    IN  PWSTR Buffer
  )_FP_;

_NTFN_EXTERN NTFUNCT( BOOLEAN, LdrUnloadAlternateResourceModule )(
    IN  PVOID BaseAddress
  )_FP_;

// Misc. Functions ------------------------------------------------------------

_NTFN_EXTERN NTFUNC( LdrEnumerateLoadedModules )(
    IN  BOOLEAN ReservedFlag,
    IN  PLDR_ENUM_CALLBACK EnumProc,
    IN  PVOID Context
  )_FP_;

_NTFN_EXTERN NTFUNC( LdrGetProcedureAddress )(
    IN  PVOID BaseAddress,
    IN  PANSI_STRING Name,
    IN  ULONG Ordinal,
    OUT PVOID* ProcedureAddress
  )_FP_;

_NTFN_EXTERN NTFUNC( LdrLockLoaderLock )(
    IN     ULONG Flags,
    OPTOUT PULONG Disposition,
    OPTOUT PULONG Cookie
  )_FP_;

_NTFN_EXTERN NTFUNC( LdrUnlockLoaderLock )(
    IN    ULONG Flags,
    OPTIN ULONG Cookie
  )_FP_;

_NTFN_EXTERN NTFUNCT( BOOLEAN, LdrVerifyMappedImageMatchesChecksum )(
    IN  PVOID BaseAddress,
    IN  SIZE_T NumberOfBytes,
    IN  ULONG FileLength
  )_FP_;

_NTFN_EXTERN NTFUNCT( ULONG, LdrRelocateImage )(
    IN  PVOID NewBase,
    IN  PCCH LoaderName,
    IN  ULONG Success,
    IN  ULONG Conflict,
    IN  ULONG Invalid
  )_FP_;

_NTFN_EXTERN NTFUNCT( PIMAGE_BASE_RELOCATION, LdrProcessRelocationBlockLongLong )(
    IN  ULONG_PTR Address,
    IN  ULONG Count,
    IN  PUSHORT TypeOffset,
    IN  LONGLONG Delta
  )_FP_;

// <- User-Mode NT Library Functions ------------------------------------------

_NTFN_EXTERN NTFUNC( LdrDisableThreadCalloutsForDll )(
    IN PVOID BaseAddress
  )_FP_;

_NTFN_EXTERN NTFUNC( LdrLoadDll )(
    OPTIN  PWSTR  SearchPath,
    OPTIN  PULONG LoadFlags,
    IN     PUNICODE_STRING Name,
    OPTOUT PVOID* BaseAddress
  )_FP_;

_NTFN_EXTERN NTFUNC( LdrUnloadDll )( IN PVOID BaseAddress )_FP_;

_NTFN_EXTERN NTFUNC( LdrAddRefDll )(
    IN ULONG Flags,
    IN PVOID BaseAddress
  )_FP_;

_NTFN_EXTERN NTFUNC( LdrGetDllHandle )(
    OPTIN PWSTR DllPath,
    IN    PULONG DllCharacteristics,
    IN    PUNICODE_STRING DllName,
    OUT   HANDLE* DllHandle
  )_FP_;

_NTFN_EXTERN NTFUNC( LdrGetDllHandleEx )(
    IN     ULONG Flags,
    OPTIN  PWSTR DllPath,
    OPTIN  PULONG DllCharacteristics,
    IN     PUNICODE_STRING DllName,
    OPTOUT HANDLE* DllHandle
  )_FP_;

_NTFN_EXTERN NTFUNC( LdrFindEntryForAddress )(
    IN  PVOID Address,
    OUT PLDR_DATA_TABLE_ENTRY* Module
  )_FP_;

_NTFN_EXTERN NTFUNC( LdrQueryImageFileExecutionOptions )(
    IN     PUNICODE_STRING SubKey,
    IN     PCWSTR ValueName,
    IN     ULONG  ValueSize,
    OUT    PVOID  Buffer,
    IN     ULONG  BufferSize,
    OPTOUT PULONG RetunedLength
  )_FP_;

_NTFN_EXTERN NTFUNC( LdrQueryProcessModuleInformation )(
    OPTIN PRTL_PROCESS_MODULES ModuleInformation,
    OPTIN ULONG  Size,
    OUT   PULONG ReturnedSize
  )_FP_;

_NTFN_EXTERN NTFUNC( LdrQueryImageFileKeyOption )(
    IN     HANDLE KeyHandle,
    IN     PCWSTR ValueName,
    IN     ULONG Type,
    OUT    PVOID Buffer,
    IN     ULONG BufferSize,
    OPTOUT PULONG ReturnedLength
  )_FP_;

_NTFN_EXTERN NTFUNC( LdrOpenImageFileOptionsKey )(
    IN  PUNICODE_STRING SubKey,
    IN  BOOLEAN Wow64,
    OUT PHANDLE NewKeyHandle
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, LdrSetDllManifestProber )(
    IN PLDR_MANIFEST_PROBER_ROUTINE Routine
  )_FP_;

_NTFN_EXTERN NTFUNC( LdrShutdownProcess )( VOID )_FP_;
_NTFN_EXTERN NTFUNC( LdrShutdownThread )( VOID )_FP_;

typedef VOID (NTAPI *PLDR_CALLBACK)( PVOID CallbackContext, PCHAR Name );

_NTFN_EXTERN NTFUNC( LdrVerifyImageMatchesChecksum )(
    IN  HANDLE FileHandle,
    IN  PLDR_CALLBACK Callback,
    IN  PVOID CallbackContext,
    OUT PUSHORT ImageCharacterstics
  )_FP_;

_NTFN_EXTERN NTFUNCT( PIMAGE_BASE_RELOCATION, LdrProcessRelocationBlock )(
    IN ULONG_PTR Address,
    IN ULONG     Count,
    IN PUSHORT   TypeOffset,
    IN LONG_PTR  Delta
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, LdrInitializeThunk )(
    ULONG Unknown1, ULONG Unknown2,
    ULONG Unknown3, ULONG Unknown4
  )_FP_;

//=============================================================================
//=============================================================================

// PhysicalPages

_NTFN_EXTERN NTFUNC( NtAllocateUserPhysicalPages )(
    IN    HANDLE ProcessHandle,
    INOUT PULONG_PTR NumberOfPages,
    INOUT PULONG_PTR UserPfnArray
  )_FP_;

_NTFN_EXTERN NTFUNC( NtFreeUserPhysicalPages )(
    IN    HANDLE ProcessHandle,
    INOUT PULONG_PTR NumberOfPages,
    INOUT PULONG_PTR UserPfnArray
  )_FP_;

_NTFN_EXTERN NTFUNC( NtMapUserPhysicalPages )(
    IN    PVOID VirtualAddresses,
    IN    ULONG_PTR NumberOfPages,
    INOUT PULONG_PTR UserPfnArray
  )_FP_;

_NTFN_EXTERN NTFUNC( NtMapUserPhysicalPagesScatter )(
    IN    PVOID* VirtualAddresses,
    IN    ULONG_PTR NumberOfPages,
    INOUT PULONG_PTR UserPfnArray
  )_FP_;

// VirtualMemory --------------------------------------------------------------

_NTFN_EXTERN NTFUNC( NtAllocateVirtualMemory )(
    IN    HANDLE  ProcessHandle,
    INOUT PVOID   *BaseAddress,
    IN    ULONG_PTR ZeroBits,
    INOUT PSIZE_T RegionSize,
    IN    ULONG   AllocationType,
    IN    ULONG   Protect
  )_FP_;

_NTFN_EXTERN NTFUNC( NtFreeVirtualMemory )(
    IN    HANDLE ProcessHandle,
    INOUT PVOID* BaseAddress,
    INOUT PSIZE_T RegionSize,
    IN    ULONG FreeType
  )_FP_;

_NTFN_EXTERN NTFUNC( NtQueryVirtualMemory )(
    IN     HANDLE  ProcessHandle,
    IN     PVOID   Address,
    IN     MEMORY_INFORMATION_CLASS VirtualMemoryInformationClass,
    OUT    PVOID   VirtualMemoryInformation,
    IN     SIZE_T  Length,
    OPTOUT PSIZE_T ResultLength
  )_FP_;

_NTFN_EXTERN NTFUNC( NtReadVirtualMemory )(
    IN     HANDLE  ProcessHandle,
    IN     PVOID   BaseAddress,
    OUT    PVOID   Buffer,
    IN     SIZE_T  NumberOfBytesToRead,
    OPTOUT PSIZE_T NumberOfBytesRead
  )_FP_;

_NTFN_EXTERN NTFUNC( NtWriteVirtualMemory )(
    IN     HANDLE  ProcessHandle,
    IN     PVOID   BaseAddress,
    IN     PVOID   Buffer,
    IN     SIZE_T  NumberOfBytesToWrite,
    OPTOUT PSIZE_T NumberOfBytesWritten
  )_FP_;


_NTFN_EXTERN NTFUNC( NtLockVirtualMemory )(
    IN    HANDLE  ProcessHandle,
    INOUT PVOID   *BaseAddress,
    INOUT PSIZE_T NumberOfBytesToLock,
    IN    ULONG   LockType
  )_FP_;

_NTFN_EXTERN NTFUNC( NtUnlockVirtualMemory )(
    IN    HANDLE  ProcessHandle,
    INOUT PVOID   *BaseAddress,
    INOUT PSIZE_T NumberOfBytesToUnlock,
    IN    ULONG   LockType
  )_FP_;

_NTFN_EXTERN NTFUNC( NtFlushVirtualMemory )(
    IN    HANDLE  ProcessHandle,
    INOUT PVOID   *BaseAddress,
    INOUT PSIZE_T RegionSize,
    OUT   PIO_STATUS_BLOCK IoStatus
  )_FP_;

_NTFN_EXTERN NTFUNC( NtProtectVirtualMemory )(
    IN    HANDLE ProcessHandle,
    INOUT PVOID  *BaseAddress, 
    INOUT SIZE_T *NumberOfBytesToProtect, 
    IN    ULONG  NewAccessProtection,
    OUT   PULONG OldAccessProtection
  )_FP_;

// Section --------------------------------------------------------------------

_NTFN_EXTERN NTFUNC( NtCreateSection )(
    OUT   PHANDLE SectionHandle,
    IN    ACCESS_MASK DesiredAccess,
    OPTIN POBJECT_ATTRIBUTES ObjectAttributes,
    OPTIN PLARGE_INTEGER MaximumSize,
    IN    ULONG SectionPageProtection,
    IN    ULONG AllocationAttributes,
    OPTIN HANDLE FileHandle
  )_FP_;

_NTFN_EXTERN NTFUNC( NtOpenSection )(
    OUT PHANDLE SectionHandle,
    IN  ACCESS_MASK DesiredAccess,
    IN  POBJECT_ATTRIBUTES ObjectAttributes
  )_FP_;

_NTFN_EXTERN NTFUNC( NtQuerySection )(
    IN  HANDLE  SectionHandle,
    IN  SECTION_INFORMATION_CLASS SectionInformationClass,
    OUT PVOID   SectionInformation,
    IN  SIZE_T  Length,
    OUT PSIZE_T ResultLength
  )_FP_;

_NTFN_EXTERN NTFUNC( NtExtendSection )(
    IN  HANDLE  SectionHandle,
    IN  PLARGE_INTEGER NewMaximumSize
  )_FP_;

_NTFN_EXTERN NTFUNC( NtMapViewOfSection )(
    IN    HANDLE    SectionHandle,
    IN    HANDLE    ProcessHandle,
    INOUT PVOID     *BaseAddress,
    IN    ULONG_PTR ZeroBits,
    IN    SIZE_T    CommitSize,
    INOUT PLARGE_INTEGER SectionOffset OPTIONAL,
    INOUT PSIZE_T   ViewSize,
    IN    SECTION_INHERIT InheritDisposition,
    IN    ULONG     AllocationType,
    IN    ULONG     AccessProtection
  )_FP_;

_NTFN_EXTERN NTFUNC( NtUnmapViewOfSection )(
    IN  HANDLE ProcessHandle,
    IN  PVOID BaseAddress
  )_FP_;

// WriteWatch -----------------------------------------------------------------

_NTFN_EXTERN NTFUNC( NtGetWriteWatch )(
    IN  HANDLE ProcessHandle,
    IN  ULONG  Flags,
    IN  PVOID  BaseAddress,
    IN  SIZE_T RegionSize,
    IN  PVOID  *UserAddressArray,
    OUT PULONG_PTR EntriesInUserAddressArray,
    OUT PULONG Granularity
  )_FP_;

_NTFN_EXTERN NTFUNC( NtResetWriteWatch )(
    IN  HANDLE ProcessHandle,
    IN  PVOID  BaseAddress,
    IN  SIZE_T RegionSize
  )_FP_;

// Misc

_NTFN_EXTERN NTFUNC( NtCreatePagingFile )(
    IN  PUNICODE_STRING FileName,
    IN  PLARGE_INTEGER InitialSize,
    IN  PLARGE_INTEGER MaxiumSize,
    IN  ULONG Reserved
  )_FP_;

_NTFN_EXTERN NTFUNC( NtAreMappedFilesTheSame )(
    IN  PVOID File1MappedAsAnImage,
    IN  PVOID File2MappedAsFile
  )_FP_;

_NTFN_EXTERN NTFUNC( NtFlushInstructionCache )(
    IN  HANDLE ProcessHandle,
    IN  PVOID  BaseAddress,
    IN  SIZE_T NumberOfBytesToFlush
  )_FP_;

//=============================================================================
//=============================================================================

// Token

_NTFN_EXTERN NTFUNC( NtOpenProcessToken )(
    IN  HANDLE ProcessHandle,
    IN  ACCESS_MASK DesiredAccess,
    OUT PHANDLE TokenHandle
  )_FP_;

_NTFN_EXTERN NTFUNC( NtOpenProcessTokenEx )(
    IN  HANDLE ProcessHandle,
    IN  ACCESS_MASK DesiredAccess,
    IN  ULONG HandleAttributes,
    OUT PHANDLE TokenHandle
  )_FP_;

_NTFN_EXTERN NTFUNC( NtOpenThreadToken )(
    IN  HANDLE ThreadHandle,
    IN  ACCESS_MASK DesiredAccess,
    IN  BOOLEAN OpenAsSelf,
    OUT PHANDLE TokenHandle
  )_FP_;

_NTFN_EXTERN NTFUNC( NtOpenThreadTokenEx )(
    IN  HANDLE ThreadHandle,
    IN  ACCESS_MASK DesiredAccess,
    IN  BOOLEAN OpenAsSelf,
    IN  ULONG HandleAttributes,
    OUT PHANDLE TokenHandle
  )_FP_;

_NTFN_EXTERN NTFUNC( NtCreateToken )(
    OUT PHANDLE TokenHandle,
    IN  ACCESS_MASK DesiredAccess,
    IN  POBJECT_ATTRIBUTES ObjectAttributes,
    IN  TOKEN_TYPE TokenType,
    IN  PLUID AuthenticationId,
    IN  PLARGE_INTEGER ExpirationTime,
    IN  PTOKEN_USER TokenUser,
    IN  PTOKEN_GROUPS TokenGroups,
    IN  PTOKEN_PRIVILEGES TokenPrivileges,
    IN  PTOKEN_OWNER TokenOwner,
    IN  PTOKEN_PRIMARY_GROUP TokenPrimaryGroup,
    IN  PTOKEN_DEFAULT_DACL TokenDefaultDacl,
    IN  PTOKEN_SOURCE TokenSource
  )_FP_;

_NTFN_EXTERN NTFUNC( NtDuplicateToken )(
    IN    HANDLE ExistingTokenHandle,
    IN    ACCESS_MASK DesiredAccess,
    OPTIN POBJECT_ATTRIBUTES ObjectAttributes,
    IN    BOOLEAN EffectiveOnly,
    IN    TOKEN_TYPE TokenType,
    OUT   PHANDLE NewTokenHandle
  )_FP_;

_NTFN_EXTERN NTFUNC( NtCompareTokens )(
    IN  HANDLE FirstTokenHandle,
    IN  HANDLE SecondTokenHandle,
    OUT PBOOLEAN Equal
  )_FP_;

_NTFN_EXTERN NTFUNC( NtPrivilegeCheck )(
    IN    HANDLE ClientToken,
    INOUT PPRIVILEGE_SET RequiredPrivileges,
    OUT   PBOOLEAN Result
  )_FP_;

_NTFN_EXTERN NTFUNC( NtAdjustPrivilegesToken )(
    IN     HANDLE  TokenHandle,
    IN     BOOLEAN DisableAllPrivileges,
    OPTIN  PTOKEN_PRIVILEGES NewState,
    IN     ULONG   BufferLength,
    OPTOUT PTOKEN_PRIVILEGES PreviousState,
    OPTOUT PULONG  ReturnLength
  )_FP_;

_NTFN_EXTERN NTFUNC( NtAdjustGroupsToken )(
    IN     HANDLE TokenHandle,
    IN     BOOLEAN ResetToDefault,
    OPTIN  PTOKEN_GROUPS NewState,
    OPTIN  ULONG BufferLength,
    OPTOUT PTOKEN_GROUPS PreviousState,
    OUT    PULONG ReturnLength
  )_FP_;

_NTFN_EXTERN NTFUNC( NtQueryInformationToken )(
    IN     HANDLE TokenHandle,
    IN     TOKEN_INFORMATION_CLASS TokenInformationClass,
    OPTOUT PVOID TokenInformation,
    IN     ULONG TokenInformationLength,
    OUT    PULONG ReturnLength
  )_FP_;

_NTFN_EXTERN NTFUNC( NtSetInformationToken )(
    IN  HANDLE TokenHandle,
    IN  TOKEN_INFORMATION_CLASS TokenInformationClass,
    IN  PVOID TokenInformation,
    IN  ULONG TokenInformationLength
  )_FP_;

_NTFN_EXTERN NTFUNC( NtImpersonateAnonymousToken )(
    IN  HANDLE Thread
  )_FP_;

// LUID / UUID ----------------------------------------------------------------

_NTFN_EXTERN NTFUNC( NtAllocateLocallyUniqueId )(
    OUT LUID *LocallyUniqueId
  )_FP_;

_NTFN_EXTERN NTFUNC( NtAllocateUuids )(
    OUT  PULARGE_INTEGER Time,
    OUT  PULONG Range,
    OUT  PULONG Sequence,
    OUT  PUCHAR Seed
  )_FP_;

// AccessCheck ----------------------------------------------------------------

_NTFN_EXTERN NTFUNC( NtAccessCheck )(
    IN PSECURITY_DESCRIPTOR SecurityDescriptor,
    IN HANDLE ClientToken,
    IN ACCESS_MASK DesiredAccess,
    IN PGENERIC_MAPPING GenericMapping,
    OUT PPRIVILEGE_SET PrivilegeSet,
    OUT PULONG ReturnLength,
    OUT PACCESS_MASK GrantedAccess,
    OUT PNTSTATUS AccessStatus
  )_FP_;

_NTFN_EXTERN NTFUNC( NtAccessCheckByType )(
    IN PSECURITY_DESCRIPTOR SecurityDescriptor,
    IN PSID PrincipalSelfSid,
    IN HANDLE ClientToken,
    IN ACCESS_MASK DesiredAccess,
    IN POBJECT_TYPE_LIST ObjectTypeList,
    IN ULONG ObjectTypeLength,
    IN PGENERIC_MAPPING GenericMapping,
    IN PPRIVILEGE_SET PrivilegeSet,
    INOUT PULONG PrivilegeSetLength,
    OUT PACCESS_MASK GrantedAccess,
    OUT PNTSTATUS AccessStatus
  )_FP_;

_NTFN_EXTERN NTFUNC( NtAccessCheckByTypeResultList )(
    IN PSECURITY_DESCRIPTOR SecurityDescriptor,
    IN PSID PrincipalSelfSid,
    IN HANDLE ClientToken,
    IN ACCESS_MASK DesiredAccess,
    IN POBJECT_TYPE_LIST ObjectTypeList,
    IN ULONG ObjectTypeLength,
    IN PGENERIC_MAPPING GenericMapping,
    IN PPRIVILEGE_SET PrivilegeSet,
    INOUT PULONG PrivilegeSetLength,
    OUT PACCESS_MASK GrantedAccess,
    OUT PNTSTATUS AccessStatus
  )_FP_;

_NTFN_EXTERN NTFUNC( NtAccessCheckAndAuditAlarm )(
    IN PUNICODE_STRING SubsystemName,
    OPTIN PVOID HandleId,
    IN PUNICODE_STRING ObjectTypeName,
    IN PUNICODE_STRING ObjectName,
    IN PSECURITY_DESCRIPTOR SecurityDescriptor,
    IN ACCESS_MASK DesiredAccess,
    IN PGENERIC_MAPPING GenericMapping,
    IN BOOLEAN ObjectCreation,
    OUT PACCESS_MASK GrantedAccess,
    OUT PNTSTATUS AccessStatus,
    OUT PBOOLEAN GenerateOnClose
  )_FP_;

// AuditAlarm -----------------------------------------------------------------

_NTFN_EXTERN NTFUNC( NtOpenObjectAuditAlarm )(
    IN PUNICODE_STRING SubsystemName,
    OPTIN PVOID HandleId,
    IN PUNICODE_STRING ObjectTypeName,
    IN PUNICODE_STRING ObjectName,
    OPTIN PSECURITY_DESCRIPTOR SecurityDescriptor,
    IN HANDLE ClientToken,
    IN ACCESS_MASK DesiredAccess,
    IN ACCESS_MASK GrantedAccess,
    OPTIN PPRIVILEGE_SET Privileges,
    IN BOOLEAN ObjectCreation,
    IN BOOLEAN AccessGranted,
    OUT PBOOLEAN GenerateOnClose
  )_FP_;

_NTFN_EXTERN NTFUNC( NtPrivilegedServiceAuditAlarm )(
    IN PUNICODE_STRING SubsystemName,
    IN PUNICODE_STRING ServiceName,
    IN HANDLE ClientToken,
    IN PPRIVILEGE_SET Privileges,
    IN BOOLEAN AccessGranted
  )_FP_;

_NTFN_EXTERN NTFUNC( NtPrivilegeObjectAuditAlarm )(
    IN PUNICODE_STRING SubsystemName,
    OPTIN PVOID HandleId,
    IN HANDLE ClientToken,
    IN ACCESS_MASK DesiredAccess,
    IN PPRIVILEGE_SET Privileges,
    IN BOOLEAN AccessGranted
  )_FP_;

//=============================================================================
//=============================================================================

#ifndef NtCurrentPeb
  #define NtCurrentPeb()      (NtCurrentTeb()->ProcessEnvironmentBlock)
  #define RtlGetProcessHeap() (NtCurrentPeb()->ProcessHeap)
#endif

// Exception and Error Functions ----------------------------------------------

_NTFN_EXTERN NTFUNCT( PVOID, RtlAddVectoredExceptionHandler )(
    IN  ULONG FirstHandler,
    IN  PVECTORED_EXCEPTION_HANDLER VectoredHandler
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, RtlAssert )(
    IN    PVOID FailedAssertion,
    IN    PVOID FileName,
    IN    ULONG LineNumber,
    OPTIN PCHAR Message //_In_opt_z_
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, RtlSetUnhandledExceptionFilter )(
    IN  PRTLP_UNHANDLED_EXCEPTION_FILTER TopLevelExceptionFilter
  )_FP_;

_NTFN_EXTERN NTFUNCT( LONG, RtlUnhandledExceptionFilter )(
    IN  struct _EXCEPTION_POINTERS* ExceptionInfo
  )_FP_;

_NTFN_EXTERN NTFUNCT( PVOID, RtlEncodePointer )(
    IN  PVOID Pointer
  )_FP_;

_NTFN_EXTERN NTFUNCT( PVOID, RtlDecodePointer )(
    IN  PVOID Pointer
  )_FP_;

_NTFN_EXTERN NTFUNCT( PVOID, RtlEncodeSystemPointer )(
    IN  PVOID Pointer
  )_FP_;

_NTFN_EXTERN NTFUNCT( PVOID, RtlDecodeSystemPointer )(
    IN  PVOID Pointer
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlGetLastNtStatus )( VOID )_FP_;

_NTFN_EXTERN NTFUNCT( ULONG, RtlGetLastWin32Error )( VOID )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, RtlSetLastWin32Error )(
    IN  ULONG LastError
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, RtlSetLastWin32ErrorAndNtStatusFromNtStatus )(
    IN  NTSTATUS Status
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlSetThreadErrorMode )(
    IN  ULONG NewMode,
    OPTOUT PULONG OldMode
  )_FP_;

_NTFN_EXTERN NTFUNCT( ULONG, RtlGetThreadErrorMode )( VOID )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, RtlCaptureContext )(
    OUT PCONTEXT ContextRecord
  )_FP_;

_NTFN_EXTERN NTFUNCT( BOOLEAN, RtlDispatchException )(
    IN  PEXCEPTION_RECORD ExceptionRecord,
    IN  PCONTEXT Context
  )_FP_;

_NTFN_EXTERN NTFUNCT( ULONG, RtlNtStatusToDosError )(
    IN  NTSTATUS Status
  )_FP_;

_NTFN_EXTERN NTFUNCT( ULONG, RtlNtStatusToDosErrorNoTeb )(
    IN  NTSTATUS Status
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlMapSecurityErrorToNtStatus )(
    IN  ULONG SecurityError
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, RtlRaiseException )(
    IN  PEXCEPTION_RECORD ExceptionRecord
  )_FP_;

//DECLSPEC_NORETURN
_NTFN_EXTERN NTFUNCT( VOID, RtlRaiseStatus )(
    IN  NTSTATUS Status
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, RtlUnwind )(
    OPTIN PVOID TargetFrame,
    OPTIN PVOID TargetIp,
    OPTIN PEXCEPTION_RECORD ExceptionRecord,
    IN    PVOID ReturnValue
  )_FP_;

// Tracing Functions ----------------------------------------------------------

#define RTL_STACK_WALKING_MODE_FRAMES_TO_SKIP_SHIFT 8

_NTFN_EXTERN NTFUNCT( ULONG, RtlWalkFrameChain )(
    OUT PVOID *Callers, //_Out_writes_(Count - (Flags >> RTL_STACK_WALKING_MODE_FRAMES_TO_SKIP_SHIFT))
    IN  ULONG Count,
    IN  ULONG Flags
  )_FP_;

_NTFN_EXTERN NTFUNCT( USHORT, RtlLogStackBackTrace )( VOID )_FP_;

// Heap Functions -------------------------------------------------------------

_NTFN_EXTERN NTFUNCT( PVOID, RtlAllocateHeap )(
    IN  PVOID HeapHandle,
    OPTIN ULONG Flags,
    IN  SIZE_T Size
  )_FP_;

_NTFN_EXTERN NTFUNCT( PVOID, RtlCreateHeap )(
    IN    ULONG Flags,
    OPTIN PVOID BaseAddress,
    OPTIN SIZE_T SizeToReserve,
    OPTIN SIZE_T SizeToCommit,
    OPTIN PVOID Lock,
    OPTIN PRTL_HEAP_PARAMETERS Parameters
  )_FP_;

_NTFN_EXTERN NTFUNCT( ULONG, RtlCreateTagHeap )(
    IN  HANDLE HeapHandle,
    IN  ULONG Flags,
    IN  PWSTR TagName,
    IN  PWSTR TagSubName
  )_FP_;

_NTFN_EXTERN NTFUNCT( ULONG, RtlCompactHeap )(
    IN  HANDLE Heap,
    IN  ULONG Flags
  )_FP_;

_NTFN_EXTERN NTFUNCT( PVOID, RtlDebugCreateHeap )(
    IN    ULONG Flags,
    OPTIN PVOID BaseAddress,
    OPTIN SIZE_T SizeToReserve,
    OPTIN SIZE_T SizeToCommit,
    OPTIN PVOID Lock,
    OPTIN PRTL_HEAP_PARAMETERS Parameters
  )_FP_;

_NTFN_EXTERN NTFUNCT( HANDLE, RtlDestroyHeap )(
    IN  HANDLE Heap //_Post_invalid_
  )_FP_;

_NTFN_EXTERN NTFUNCT( ULONG, RtlExtendHeap )(
    IN  HANDLE Heap,
    IN  ULONG Flags,
    IN  PVOID P,
    IN  SIZE_T Size
  )_FP_;

_NTFN_EXTERN NTFUNCT( BOOLEAN, RtlFreeHeap )(
    IN    HANDLE HeapHandle,
    OPTIN ULONG Flags,
    IN    PVOID P
  )_FP_;

_NTFN_EXTERN NTFUNCT( ULONG, RtlGetProcessHeaps )(
    IN  ULONG HeapCount,
    OUT HANDLE *HeapArray //_Out_cap_(HeapCount)
  )_FP_;

_NTFN_EXTERN NTFUNCT( BOOLEAN, RtlGetUserInfoHeap )(
    IN     PVOID HeapHandle,
    IN     ULONG Flags,
    IN     PVOID BaseAddress,
    OPTIO  PVOID *UserValue,
    OPTOUT PULONG UserFlags
  )_FP_;

_NTFN_EXTERN NTFUNCT( PVOID, RtlProtectHeap )(
    IN  PVOID HeapHandle,
    IN  BOOLEAN Protect
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlQueryHeapInformation )(
    IN  PVOID HeapHandle,
    IN  HEAP_INFORMATION_CLASS HeapInformationClass,
    OUT PVOID HeapInformation,
    IN  SIZE_T HeapInformationLength,
    OPTOUT PSIZE_T ReturnLength //_When_(HeapInformationClass==HeapCompatibilityInformation, _On_failure_(_Out_opt_))
  )_FP_;

_NTFN_EXTERN NTFUNCT( PWSTR, RtlQueryTagHeap )(
    IN  PVOID HeapHandle,
    IN  ULONG Flags,
    IN  USHORT TagIndex,
    IN  BOOLEAN ResetCounters,
    OUT PRTL_HEAP_TAG_INFO HeapTagInfo
  )_FP_;

_NTFN_EXTERN NTFUNCT( PVOID, RtlReAllocateHeap )(
    IN  HANDLE Heap,
    OPTIN ULONG Flags,
    IN  PVOID Ptr, //_Post_invalid_
    IN  SIZE_T Size
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlSetHeapInformation )(
    IN  PVOID HeapHandle,
    IN  HEAP_INFORMATION_CLASS HeapInformationClass,
    IN  PVOID HeapInformation, //_When_(HeapInformationClass==HeapCompatibilityInformation,IN )
    IN  SIZE_T HeapInformationLength
  )_FP_;

_NTFN_EXTERN NTFUNCT( BOOLEAN, RtlLockHeap )(
    IN  HANDLE Heap
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlMultipleAllocateHeap )(
    IN  HANDLE HeapHandle,
    IN  ULONG Flags,
    IN  SIZE_T Size,
    IN  ULONG Count,
    OUT PVOID * Array //_Out_cap_(Count) _Deref_post_bytecap_(Size)
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlMultipleFreeHeap )(
    IN  HANDLE HeapHandle,
    IN  ULONG Flags,
    IN  ULONG Count,
    IN  PVOID* Array //_In_count_(Count) /* _Deref_ _Post_invalid_ */
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlUsageHeap )(
    IN  HANDLE Heap,
    IN  ULONG Flags,
    OUT PRTL_HEAP_USAGE Usage
  )_FP_;

_NTFN_EXTERN NTFUNCT( BOOLEAN, RtlUnlockHeap )(
    IN  HANDLE Heap
  )_FP_;

_NTFN_EXTERN NTFUNCT( BOOLEAN, RtlSetUserValueHeap )(
    IN  PVOID HeapHandle,
    IN  ULONG Flags,
    IN  PVOID BaseAddress,
    IN  PVOID UserValue
  )_FP_;

_NTFN_EXTERN NTFUNCT( BOOLEAN, RtlSetUserFlagsHeap )(
    IN  PVOID HeapHandle,
    IN  ULONG Flags,
    IN  PVOID BaseAddress,
    IN  ULONG UserFlagsReset,
    IN  ULONG UserFlagsSet
  )_FP_;

_NTFN_EXTERN NTFUNCT( BOOLEAN, RtlValidateHeap )(
    IN  HANDLE Heap,
    IN  ULONG Flags,
    OPTIN PVOID P
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlWalkHeap )(
    IN  HANDLE HeapHandle,
    IN  PVOID HeapEntry
  )_FP_;

_NTFN_EXTERN NTFUNCT( SIZE_T, RtlSizeHeap )(
    IN  PVOID HeapHandle,
    IN  ULONG Flags,
    IN  PVOID MemoryPointer
  )_FP_;

// Security Functions ---------------------------------------------------------

_NTFN_EXTERN NTFUNC( RtlAbsoluteToSelfRelativeSD )(
    IN  PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor,
    OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor,
    INOUT PULONG BufferLength
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlAddAccessAllowedAce )(
    INOUT PACL Acl,
    IN  ULONG Revision,
    IN  ACCESS_MASK AccessMask,
    IN  PSID Sid
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlAddAccessAllowedAceEx )(
    INOUT PACL pAcl,
    IN  ULONG dwAceRevision,
    IN  ULONG AceFlags,
    IN  ACCESS_MASK AccessMask,
    IN  PSID pSid
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlAddAccessAllowedObjectAce )(
    IN OUT PACL pAcl,
    IN  ULONG dwAceRevision,
    IN  ULONG AceFlags,
    IN  ACCESS_MASK AccessMask,
    IN OPTIONAL GUID *ObjectTypeGuid,
    IN OPTIONAL GUID *InheritedObjectTypeGuid,
    IN  PSID pSid
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlAddAccessDeniedAce )(
    IN OUT PACL Acl,
    IN  ULONG Revision,
    IN  ACCESS_MASK AccessMask,
    IN  PSID Sid
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlAddAccessDeniedAceEx )(
    INOUT PACL Acl,
    IN  ULONG Revision,
    IN  ULONG Flags,
    IN  ACCESS_MASK AccessMask,
    IN  PSID Sid
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlAddAccessDeniedObjectAce )(
    INOUT PACL pAcl,
    IN    ULONG dwAceRevision,
    IN    ULONG AceFlags,
    IN    ACCESS_MASK AccessMask,
    OPTIN GUID *ObjectTypeGuid,
    OPTIN GUID *InheritedObjectTypeGuid,
    IN    PSID pSid
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlAddAce )(
    INOUT PACL Acl,
    IN  ULONG AceRevision,
    IN  ULONG StartingAceIndex,
    IN  PVOID AceList, //_In_reads_bytes_(AceListLength)
    IN  ULONG AceListLength
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlAddAuditAccessAce )(
    INOUT PACL Acl,
    IN  ULONG Revision,
    IN  ACCESS_MASK AccessMask,
    IN  PSID Sid,
    IN  BOOLEAN Success,
    IN  BOOLEAN Failure
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlAcquirePrivilege )(
    IN  PULONG Privilege,
    IN  ULONG NumPriv,
    IN  ULONG Flags,
    OUT PVOID *ReturnedState
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlAddAuditAccessAceEx )(
    IN OUT PACL Acl,
    IN  ULONG Revision,
    IN  ULONG Flags,
    IN  ACCESS_MASK AccessMask,
    IN  PSID Sid,
    IN  BOOLEAN Success,
    IN  BOOLEAN Failure
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlAddAuditAccessObjectAce )(
    INOUT PACL Acl,
    IN    ULONG Revision,
    IN    ULONG Flags,
    IN    ACCESS_MASK AccessMask,
    OPTIN GUID *ObjectTypeGuid,
    OPTIN GUID *InheritedObjectTypeGuid,
    IN    PSID Sid,
    IN    BOOLEAN Success,
    IN    BOOLEAN Failure
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlAddMandatoryAce )(
    INOUT PACL Acl,
    IN    ULONG Revision,
    IN    ULONG Flags,
    IN    ULONG MandatoryFlags,
    IN    UCHAR AceType,
    IN    PSID LabelSid
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlAdjustPrivilege )(
    IN  ULONG Privilege,
    IN  BOOLEAN NewValue,
    IN  BOOLEAN ForThread,
    OUT PBOOLEAN OldValue
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlAllocateAndInitializeSid )(
    IN  PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
    IN  UCHAR SubAuthorityCount,
    IN  ULONG SubAuthority0,
    IN  ULONG SubAuthority1,
    IN  ULONG SubAuthority2,
    IN  ULONG SubAuthority3,
    IN  ULONG SubAuthority4,
    IN  ULONG SubAuthority5,
    IN  ULONG SubAuthority6,
    IN  ULONG SubAuthority7,
    OUT PSID *Sid
  )_FP_;

_NTFN_EXTERN NTFUNCT( BOOLEAN, RtlAreAllAccessesGranted )(
    ACCESS_MASK GrantedAccess,
    ACCESS_MASK DesiredAccess
  )_FP_;

_NTFN_EXTERN NTFUNCT( BOOLEAN, RtlAreAnyAccessesGranted )(
    ACCESS_MASK GrantedAccess,
    ACCESS_MASK DesiredAccess
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, RtlCopyLuid )(
    OUT PLUID DestinationLuid,
    IN  PLUID SourceLuid
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, RtlCopyLuidAndAttributesArray )(
    ULONG Count,
    PLUID_AND_ATTRIBUTES Src,
    PLUID_AND_ATTRIBUTES Dest
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlCopySidAndAttributesArray )(
    ULONG  Count,
    PSID_AND_ATTRIBUTES Src,
    ULONG  SidAreaSize,
    PSID_AND_ATTRIBUTES Dest,
    PVOID  SidArea,
    PVOID* RemainingSidArea,
    PULONG RemainingSidAreaSize
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlConvertSidToUnicodeString )(
    INOUT PUNICODE_STRING UnicodeString,
    IN    PSID Sid,
    IN    BOOLEAN AllocateDestinationString
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlCopySid )(
    IN  ULONG DestinationSidLength,
    OUT PSID DestinationSid, //_Out_writes_bytes_(DestinationSidLength)
    IN  PSID SourceSid
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlCreateAcl )(
    PACL  Acl,
    ULONG AclSize,
    ULONG AclRevision
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlCreateSecurityDescriptor )(
    OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
    IN  ULONG Revision
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlCreateSecurityDescriptorRelative )(
    OUT PISECURITY_DESCRIPTOR_RELATIVE SecurityDescriptor,
    IN  ULONG Revision
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlCopySecurityDescriptor )(
    IN  PSECURITY_DESCRIPTOR pSourceSecurityDescriptor,
    OUT PSECURITY_DESCRIPTOR *pDestinationSecurityDescriptor
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlDeleteAce )(
    PACL Acl,
    ULONG AceIndex
  )_FP_;

_NTFN_EXTERN NTFUNCT( BOOLEAN, RtlEqualPrefixSid )(
    PSID Sid1,
    PSID Sid2
  )_FP_;

_NTFN_EXTERN NTFUNCT( BOOLEAN, RtlEqualSid )(
    IN  PSID Sid1,
    IN  PSID Sid2
  )_FP_;

_NTFN_EXTERN NTFUNCT( BOOLEAN, RtlFirstFreeAce )(
    PACL  Acl,
    PACE* Ace
  )_FP_;

_NTFN_EXTERN NTFUNCT( PVOID, RtlFreeSid )(
    IN  PSID Sid //_Post_invalid_
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlGetAce )(
    PACL  Acl,
    ULONG AceIndex,
    PVOID *Ace
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlGetControlSecurityDescriptor )(
    IN  PSECURITY_DESCRIPTOR SecurityDescriptor,
    OUT PSECURITY_DESCRIPTOR_CONTROL Control,
    OUT PULONG Revision
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlGetDaclSecurityDescriptor )(
    IN  PSECURITY_DESCRIPTOR SecurityDescriptor,
    OUT PBOOLEAN DaclPresent,
    OUT PACL *Dacl,
    OUT PBOOLEAN DaclDefaulted
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlGetSaclSecurityDescriptor )(
    IN  PSECURITY_DESCRIPTOR SecurityDescriptor,
    OUT PBOOLEAN SaclPresent,
    OUT PACL* Sacl,
    OUT PBOOLEAN SaclDefaulted
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlGetGroupSecurityDescriptor )(
    IN  PSECURITY_DESCRIPTOR SecurityDescriptor,
    OUT PSID *Group,
    OUT PBOOLEAN GroupDefaulted
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlGetOwnerSecurityDescriptor )(
    IN  PSECURITY_DESCRIPTOR SecurityDescriptor,
    OUT PSID *Owner,
    OUT PBOOLEAN OwnerDefaulted
  )_FP_;

_NTFN_EXTERN NTFUNCT( BOOLEAN, RtlGetSecurityDescriptorRMControl )(
    IN  PSECURITY_DESCRIPTOR SecurityDescriptor,
    OUT PUCHAR RMControl
  )_FP_;

_NTFN_EXTERN NTFUNCT( PSID_IDENTIFIER_AUTHORITY, RtlIdentifierAuthoritySid )(
    PSID Sid
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlImpersonateSelf )(
    IN  SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlInitializeSid )(
    OUT PSID Sid,
    IN  PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
    IN  UCHAR SubAuthorityCount
  )_FP_;

_NTFN_EXTERN NTFUNCT( ULONG, RtlLengthRequiredSid )(
    IN ULONG SubAuthorityCount
  )_FP_;

_NTFN_EXTERN NTFUNCT( ULONG, RtlLengthSecurityDescriptor )(
    IN  PSECURITY_DESCRIPTOR SecurityDescriptor
  )_FP_;

_NTFN_EXTERN NTFUNCT( ULONG, RtlLengthSid )(
    IN PSID Sid
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlMakeSelfRelativeSD )(
    IN    PSECURITY_DESCRIPTOR AbsoluteSD,
    OUT   PSECURITY_DESCRIPTOR SelfRelativeSD,
    INOUT PULONG BufferLength
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, RtlMapGenericMask )(
    PACCESS_MASK AccessMask,
    PGENERIC_MAPPING GenericMapping
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlQueryInformationAcl )(
    PACL Acl,
    PVOID Information,
    ULONG InformationLength,
    ACL_INFORMATION_CLASS InformationClass
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, RtlReleasePrivilege )(
    IN  PVOID ReturnedState
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlSelfRelativeToAbsoluteSD )(
    IN     PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor,
    OUT    PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor,
    INOUT  PULONG AbsoluteSecurityDescriptorSize,
    OUT    PACL Dacl,
    INOUT  PULONG DaclSize,
    OUT    PACL Sacl,
    INOUT  PULONG SaclSize,
    OUT    PSID Owner,
    INOUT  PULONG OwnerSize,
    OUT    PSID PrimaryGroup,
    INOUT  PULONG PrimaryGroupSize
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlSelfRelativeToAbsoluteSD2 )(
    IN OUT PSECURITY_DESCRIPTOR SelfRelativeSD,
    OUT PULONG BufferSize
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlSetAttributesSecurityDescriptor )(
    INOUT PSECURITY_DESCRIPTOR SecurityDescriptor,
    IN    SECURITY_DESCRIPTOR_CONTROL Control,
    OUT   PULONG Revision
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlSetControlSecurityDescriptor )(
    IN  PSECURITY_DESCRIPTOR SecurityDescriptor,
    IN  SECURITY_DESCRIPTOR_CONTROL ControlBitsOfInterest,
    IN  SECURITY_DESCRIPTOR_CONTROL ControlBitsToSet
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlSetDaclSecurityDescriptor )(
    INOUT PSECURITY_DESCRIPTOR SecurityDescriptor,
    IN    BOOLEAN DaclPresent,
    OPTIN PACL Dacl,
    OPTIN BOOLEAN DaclDefaulted
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlSetGroupSecurityDescriptor )(
    INOUT PSECURITY_DESCRIPTOR SecurityDescriptor,
    OPTIN PSID Group,
    OPTIN BOOLEAN GroupDefaulted
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlSetInformationAcl )(
    PACL Acl,
    PVOID Information,
    ULONG InformationLength,
    ACL_INFORMATION_CLASS InformationClass
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlSetOwnerSecurityDescriptor )(
    INOUT PSECURITY_DESCRIPTOR SecurityDescriptor,
    OPTIN PSID Owner,
    OPTIN BOOLEAN OwnerDefaulted
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlSetSaclSecurityDescriptor )(
    INOUT PSECURITY_DESCRIPTOR SecurityDescriptor,
    IN    BOOLEAN SaclPresent,
    IN    PACL Sacl,
    IN    BOOLEAN SaclDefaulted
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, RtlSetSecurityDescriptorRMControl )(
    INOUT PSECURITY_DESCRIPTOR SecurityDescriptor,
    IN    PUCHAR RMControl
  )_FP_;

_NTFN_EXTERN NTFUNCT( PUCHAR, RtlSubAuthorityCountSid )(
    IN  PSID Sid
  )_FP_;

_NTFN_EXTERN NTFUNCT( PULONG, RtlSubAuthoritySid )(
    IN  PSID Sid,
    IN  ULONG SubAuthority
  )_FP_;

_NTFN_EXTERN NTFUNCT( BOOLEAN, RtlValidRelativeSecurityDescriptor )(
    IN  PSECURITY_DESCRIPTOR SecurityDescriptorInput,
    IN  ULONG SecurityDescriptorLength,
    IN  SECURITY_INFORMATION RequiredInformation
  )_FP_;

_NTFN_EXTERN NTFUNCT( BOOLEAN, RtlValidSecurityDescriptor )(
    IN PSECURITY_DESCRIPTOR SecurityDescriptor
  )_FP_;

_NTFN_EXTERN NTFUNCT( BOOLEAN, RtlValidSid )(
    IN PSID Sid
  )_FP_;

_NTFN_EXTERN NTFUNCT( BOOLEAN, RtlValidAcl )(
    PACL Acl
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlDeleteSecurityObject )(
    IN  PSECURITY_DESCRIPTOR *ObjectDescriptor
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlNewSecurityObject )(
    IN  PSECURITY_DESCRIPTOR ParentDescriptor,
    IN  PSECURITY_DESCRIPTOR CreatorDescriptor,
    OUT PSECURITY_DESCRIPTOR *NewDescriptor,
    IN  BOOLEAN IsDirectoryObject,
    IN  HANDLE Token,
    IN  PGENERIC_MAPPING GenericMapping
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlQuerySecurityObject )(
    IN  PSECURITY_DESCRIPTOR ObjectDescriptor,
    IN  SECURITY_INFORMATION SecurityInformation,
    OUT PSECURITY_DESCRIPTOR ResultantDescriptor,
    IN  ULONG DescriptorLength,
    OUT PULONG ReturnLength
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlSetSecurityObject )(
    IN  SECURITY_INFORMATION SecurityInformation,
    IN  PSECURITY_DESCRIPTOR ModificationDescriptor,
    OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
    IN  PGENERIC_MAPPING GenericMapping,
    IN  HANDLE Token
  )_FP_;

// Single-Character Functions -------------------------------------------------

_NTFN_EXTERN NTFUNC( RtlLargeIntegerToChar )(
    IN  PLARGE_INTEGER Value,
    IN  ULONG Base,
    IN  ULONG Length,
    OUT PCHAR String
  )_FP_;

_NTFN_EXTERN NTFUNCT( CHAR, RtlUpperChar )(
    CHAR Source
  )_FP_;

_NTFN_EXTERN NTFUNCT( WCHAR, RtlUpcaseUnicodeChar )(
    WCHAR Source
  )_FP_;

_NTFN_EXTERN NTFUNCT( WCHAR, RtlDowncaseUnicodeChar )(
    IN  WCHAR Source
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlIntegerToChar )(
    IN  ULONG Value,
    IN  ULONG Base,
    IN  ULONG Length,
    OUT PCHAR String
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlIntegerToUnicode )(
    IN    ULONG Value,
    OPTIN ULONG Base,
    OPTIN ULONG Length,
    INOUT LPWSTR String
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlIntegerToUnicodeString )(
    IN    ULONG Value,
    OPTIN ULONG Base,
    INOUT PUNICODE_STRING String
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlCharToInteger )(
    PCSZ   String,
    ULONG  Base,
    PULONG Value
  )_FP_;

// Byte Swap Functions --------------------------------------------------------

#ifndef RtlUshortByteSwap
#if 0
  unsigned short __cdecl _byteswap_ushort(unsigned short);
  unsigned long  __cdecl _byteswap_ulong (unsigned long);
  unsigned __int64 __cdecl _byteswap_uint64(unsigned __int64);
  #ifdef _MSC_VER
    #pragma intrinsic(_byteswap_ushort)
    #pragma intrinsic(_byteswap_ulong)
    #pragma intrinsic(_byteswap_uint64)
  #endif // _MSC_VER
#endif
#define RtlUshortByteSwap(_x)   _byteswap_ushort((USHORT)(_x))
#define RtlUlongByteSwap(_x)    _byteswap_ulong((_x))
#define RtlUlonglongByteSwap(_x) _byteswap_uint64((_x))
#endif//ndef RtlUshortByteSwap

// Unicode->Ansi String Functions ---------------------------------------------

_NTFN_EXTERN NTFUNCT( ULONG, RtlxUnicodeStringToAnsiSize )(
    IN PCUNICODE_STRING UnicodeString
  )_FP_;

#define RtlUnicodeStringToAnsiSize( S )(    \
    NLS_MB_CODE_PAGE_TAG ?                  \
    RtlxUnicodeStringToAnsiSize( S ) :      \
    ((S)->Length + sizeof(UNICODE_NULL)) / sizeof(WCHAR) \
    )

_NTFN_EXTERN NTFUNC( RtlUnicodeStringToAnsiString )(
    PANSI_STRING DestinationString,
    PCUNICODE_STRING SourceString,
    BOOLEAN AllocateDestinationString
  )_FP_;

// Unicode->OEM String Functions ----------------------------------------------

_NTFN_EXTERN NTFUNC( RtlUpcaseUnicodeStringToOemString )(
    POEM_STRING DestinationString,
    PCUNICODE_STRING SourceString,
    BOOLEAN AllocateDestinationString
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlUpcaseUnicodeStringToCountedOemString )(
    OUT POEM_STRING DestinationString, //_When_(AllocateDestinationString, OUT _At_(DestinationString->Buffer, __drv_allocatesMem(Mem))) _When_(!AllocateDestinationString, IN OUT)
    IN  PCUNICODE_STRING SourceString,
    IN  BOOLEAN AllocateDestinationString
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlUnicodeStringToOemString )(
    POEM_STRING DestinationString,
    PCUNICODE_STRING SourceString,
    BOOLEAN AllocateDestinationString
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlUpcaseUnicodeToOemN )(
    PCHAR  OemString,
    ULONG  OemSize,
    PULONG ResultSize,
    PCWCH  UnicodeString,
    ULONG  UnicodeSize
  )_FP_;

_NTFN_EXTERN NTFUNCT( ULONG, RtlxUnicodeStringToOemSize )(
    IN  PCUNICODE_STRING UnicodeString
  )_FP_;

#ifndef RtlUnicodeStringToOemSize
#define RtlUnicodeStringToOemSize( S ) (    \
    NLS_MB_OEM_CODE_PAGE_TAG ?              \
    RtlxUnicodeStringToOemSize( S ) :       \
    ((S)->Length + sizeof(UNICODE_NULL)) / sizeof(WCHAR) \
    )

#define RtlUnicodeStringToCountedOemSize( S ) ( \
    (ULONG)(RtlUnicodeStringToOemSize( S ) - sizeof(ANSI_NULL)) \
    )
#endif//ndef RtlUnicodeStringToOemSize

_NTFN_EXTERN NTFUNC( RtlUnicodeToOemN )(
    PCHAR  OemString,
    ULONG  OemSize,
    PULONG ResultSize,
    PCWCH  UnicodeString,
    ULONG  UnicodeSize
  )_FP_;

// Unicode->MultiByte String Functions ----------------------------------------

_NTFN_EXTERN NTFUNC( RtlUnicodeToMultiByteN )(
    PCHAR  MbString,
    ULONG  MbSize,
    PULONG ResultSize,
    PCWCH  UnicodeString,
    ULONG  UnicodeSize
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlUpcaseUnicodeToMultiByteN )(
    PCHAR  MbString,
    ULONG  MbSize,
    PULONG ResultSize,
    PCWCH  UnicodeString,
    ULONG  UnicodeSize
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlUnicodeToMultiByteSize )(
    PULONG MbSize,
    PCWCH UnicodeString,
    ULONG UnicodeSize
  )_FP_;

_NTFN_EXTERN NTFUNCT( ULONG, RtlxOemStringToUnicodeSize )(
    IN  PCOEM_STRING OemString
  )_FP_;

// OEM to Unicode Functions ---------------------------------------------------

_NTFN_EXTERN NTFUNC( RtlOemStringToUnicodeString )(
    PUNICODE_STRING DestinationString,
    PCOEM_STRING SourceString,
    BOOLEAN AllocateDestinationString
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlOemToUnicodeN )(
    OUT    PWCH UnicodeString,
    IN     ULONG MaxBytesInUnicodeString,
    OPTOUT PULONG BytesInUnicodeString,
    IN     PCCH OemString,
    IN     ULONG BytesInOemString
  )_FP_;

#ifndef RtlOemStringToUnicodeSize
#define RtlOemStringToUnicodeSize( S ) (    \
    NLS_MB_OEM_CODE_PAGE_TAG ?              \
    RtlxOemStringToUnicodeSize( S ) :       \
    ((S)->Length + sizeof(ANSI_NULL)) * sizeof(WCHAR) \
    )

#define RtlOemStringToCountedUnicodeSize( S ) ( \
    (ULONG)(RtlOemStringToUnicodeSize( S ) - sizeof(UNICODE_NULL)) \
    )
#endif//ndef RtlOemStringToUnicodeSize

// Ansi->Unicode String Functions ---------------------------------------------

_NTFN_EXTERN NTFUNCT( WCHAR, RtlAnsiCharToUnicodeChar )(
    INOUT PUCHAR *SourceCharacter
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlAnsiStringToUnicodeString )(
    PUNICODE_STRING DestinationString,
    PCANSI_STRING SourceString,
    BOOLEAN AllocateDestinationString
  )_FP_;

_NTFN_EXTERN NTFUNCT( ULONG, RtlxAnsiStringToUnicodeSize )(
    PCANSI_STRING AnsiString
  )_FP_;

#ifndef RtlAnsiStringToUnicodeSize
#define RtlAnsiStringToUnicodeSize( S ) (   \
    NLS_MB_CODE_PAGE_TAG ?                  \
    RtlxAnsiStringToUnicodeSize( S ) :      \
    ((S)->Length + sizeof(ANSI_NULL)) * sizeof(WCHAR) \
    )
#endif

_NTFN_EXTERN NTFUNCT( BOOLEAN, RtlCreateUnicodeStringFromAsciiz )(
    OUT PUNICODE_STRING Destination,
    IN  PCSZ Source
  )_FP_;

// Unicode String Functions ---------------------------------------------------

_NTFN_EXTERN NTFUNC( RtlAppendUnicodeToString )(
    PUNICODE_STRING Destination,
    PCWSTR Source
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlAppendUnicodeStringToString )(
    PUNICODE_STRING Destination,
    PCUNICODE_STRING Source
  )_FP_;

_NTFN_EXTERN NTFUNCT( LONG, RtlCompareUnicodeString )(
    PCUNICODE_STRING String1,
    PCUNICODE_STRING String2,
    BOOLEAN CaseInsensitive
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, RtlCopyUnicodeString )(
    PUNICODE_STRING  DestinationString,
    PCUNICODE_STRING SourceString
  )_FP_;

_NTFN_EXTERN NTFUNCT( BOOLEAN, RtlCreateUnicodeString )(
    PUNICODE_STRING DestinationString,
    PCWSTR SourceString
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlDowncaseUnicodeString )(
    INOUT PUNICODE_STRING UniDest,
    IN    PCUNICODE_STRING UniSource,
    IN    BOOLEAN AllocateDestinationString
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlDuplicateUnicodeString )(
    IN  ULONG Flags,
    IN  PCUNICODE_STRING SourceString,
    OUT PUNICODE_STRING DestinationString
  )_FP_;

// Memory Functions -----------------------------------------------------------

_NTFN_EXTERN NTFUNCT( VOID, RtlFillMemoryUlong )(
    IN  PVOID Destination,
    IN  SIZE_T Length,
    IN  ULONG Fill
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, RtlFillMemoryUlonglong )(
    OUT PVOID Destination,
    IN  SIZE_T Length,
    IN  ULONGLONG Pattern
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlCopyMappedMemory )(
    OUT PVOID Destination, //_Out_writes_bytes_all_(Size)
    IN  const VOID* Source, //_In_reads_bytes_(Size)
    IN  SIZE_T Size
  )_FP_;

_NTFN_EXTERN NTFUNCT( SIZE_T, RtlCompareMemoryUlong )(
    IN  PVOID Source,
    IN  SIZE_T Length,
    IN  ULONG Pattern
  )_FP_;

#ifndef RtlEqualMemory
#define RtlEqualMemory( Destination, Source, Length ) \
    (!memcmp( Destination, Source, Length ))
#endif

#ifndef RtlCopyBytes
#define RtlCopyBytes  RtlCopyMemory
#define RtlFillBytes  RtlFillMemory
#define RtlZeroBytes  RtlZeroMemory
#endif

// More Unicode String Functions ----------------------------------------------

_NTFN_EXTERN NTFUNCT( BOOLEAN, RtlEqualUnicodeString )(
    PCUNICODE_STRING String1,
    PCUNICODE_STRING String2,
    BOOLEAN CaseInsensitive
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlFindCharInUnicodeString )(
    IN  ULONG Flags,
    IN  PCUNICODE_STRING SearchString,
    IN  PCUNICODE_STRING MatchString,
    OUT PUSHORT Position
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, RtlFreeUnicodeString )(
    INOUT PUNICODE_STRING UnicodeString
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, RtlEraseUnicodeString )(
    INOUT PUNICODE_STRING String
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlHashUnicodeString )(
    IN  CONST UNICODE_STRING *String,
    IN  BOOLEAN CaseInSensitive,
    IN  ULONG HashAlgorithm,
    OUT PULONG HashValue
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, RtlInitUnicodeString )(
    OUT PUNICODE_STRING DestinationString,
    IN  PCWSTR SourceString
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlInitUnicodeStringEx )(
    OUT PUNICODE_STRING DestinationString,
    IN  PCWSTR SourceString
  )_FP_;

_NTFN_EXTERN NTFUNCT( BOOLEAN, RtlIsTextUnicode )(
    IN    CONST VOID* Buffer,
    IN    INT Size,
    OPTIO INT* Flags
  )_FP_;

_NTFN_EXTERN NTFUNCT( BOOLEAN, RtlPrefixString )(
    IN  const STRING *String1,
    IN  const STRING *String2,
    IN  BOOLEAN CaseInsensitive
  )_FP_;

_NTFN_EXTERN NTFUNCT( BOOLEAN, RtlPrefixUnicodeString )(
    IN  PCUNICODE_STRING String1,
    IN  PCUNICODE_STRING String2,
    IN  BOOLEAN CaseInsensitive
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlUpcaseUnicodeString )(
    OUT PUNICODE_STRING DestinationString,
    IN  PCUNICODE_STRING SourceString,
    IN  BOOLEAN AllocateDestinationString
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlUnicodeStringToInteger )(
    IN    PCUNICODE_STRING String,
    OPTIN ULONG Base,
    OUT   PULONG Value
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlValidateUnicodeString )(
    IN  ULONG Flags,
    IN  PCUNICODE_STRING String
  )_FP_;

// More String Functions ------------------------------------------------------

_NTFN_EXTERN NTFUNCT( VOID, RtlUpperString )(
    INOUT PSTRING DestinationString,
    IN    const STRING *SourceString
  )_FP_;

_NTFN_EXTERN NTFUNCT( LONG, RtlCompareString )(
    IN  const STRING *String1,
    IN  const STRING *String2,
    IN  BOOLEAN CaseInSensitive
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, RtlCopyString )(
    OUT   PSTRING DestinationString,
    OPTIN const STRING *SourceString
  )_FP_;

_NTFN_EXTERN NTFUNCT( BOOLEAN, RtlEqualString )(
    IN  const STRING *String1,
    IN  const STRING *String2,
    IN  BOOLEAN CaseInSensitive
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlAppendStringToString )(
    INOUT PSTRING Destination,
    IN    const STRING *Source
  )_FP_;

// Ansi String Functions ------------------------------------------------------

_NTFN_EXTERN NTFUNCT( VOID, RtlFreeAnsiString )(
    INOUT PANSI_STRING AnsiString
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, RtlInitAnsiString )(
    OUT PANSI_STRING DestinationString,
    IN  PCSZ SourceString
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlInitAnsiStringEx )(
    OUT PANSI_STRING DestinationString,
    IN  PCSZ SourceString
  )_FP_;

// OEM String Functions -------------------------------------------------------

_NTFN_EXTERN NTFUNCT( VOID, RtlFreeOemString )(
    INOUT POEM_STRING OemString
  )_FP_;

// MultiByte->Unicode String Functions ----------------------------------------

_NTFN_EXTERN NTFUNC( RtlMultiByteToUnicodeN )(
    OUT    PWCH UnicodeString,
    IN     ULONG MaxBytesInUnicodeString,
    OPTOUT PULONG BytesInUnicodeString,
    IN     const CHAR *MultiByteString,
    IN     ULONG BytesInMultiByteString
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlMultiByteToUnicodeSize )(
    OUT PULONG BytesInUnicodeString,
    IN  const CHAR *MultiByteString,
    IN  ULONG BytesInMultiByteString
  )_FP_;

// Atom Functions -------------------------------------------------------------

_NTFN_EXTERN NTFUNC( RtlAddAtomToAtomTable )(
    IN  PRTL_ATOM_TABLE AtomTable,
    IN  PWSTR AtomName,
    OUT PRTL_ATOM Atom
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlCreateAtomTable )(
    IN    ULONG TableSize,
    INOUT PRTL_ATOM_TABLE *AtomTable
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlDeleteAtomFromAtomTable )(
    IN  PRTL_ATOM_TABLE AtomTable,
    IN  RTL_ATOM Atom
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlDestroyAtomTable )(
    IN  PRTL_ATOM_TABLE AtomTable
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlQueryAtomInAtomTable )(
    IN     PRTL_ATOM_TABLE AtomTable,
    IN     RTL_ATOM Atom,
    OPTOUT PULONG RefCount,
    OPTOUT PULONG PinCount,
    OUT    PWSTR AtomName,
    OPTIO  PULONG NameLength
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlPinAtomInAtomTable )(
    IN  PRTL_ATOM_TABLE AtomTable,
    IN  RTL_ATOM Atom
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlLookupAtomInAtomTable )(
    IN  PRTL_ATOM_TABLE AtomTable,
    IN  PWSTR AtomName,
    OUT PRTL_ATOM Atom
  )_FP_;

// Process Management Functions -----------------------------------------------

_NTFN_EXTERN NTFUNCT( PPEB, RtlGetCurrentPeb )( VOID )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, RtlAcquirePebLock )( VOID )_FP_;
_NTFN_EXTERN NTFUNCT( VOID, RtlReleasePebLock )( VOID )_FP_;

_NTFN_EXTERN NTFUNC( RtlCreateProcessParameters )(
    OUT   PRTL_USER_PROCESS_PARAMETERS *ProcessParameters,
    IN    PUNICODE_STRING ImagePathName,
    OPTIN PUNICODE_STRING DllPath,
    OPTIN PUNICODE_STRING CurrentDirectory,
    OPTIN PUNICODE_STRING CommandLine,
    OPTIN PWSTR Environment,
    OPTIN PUNICODE_STRING WindowTitle,
    OPTIN PUNICODE_STRING DesktopInfo,
    OPTIN PUNICODE_STRING ShellInfo,
    OPTIN PUNICODE_STRING RuntimeInfo
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlCreateUserProcess )(
    IN    PUNICODE_STRING ImageFileName,
    IN    ULONG Attributes,
    IN    PRTL_USER_PROCESS_PARAMETERS ProcessParameters,
    OPTIN PSECURITY_DESCRIPTOR ProcessSecutityDescriptor,
    OPTIN PSECURITY_DESCRIPTOR ThreadSecurityDescriptor,
    OPTIN HANDLE ParentProcess,
    IN    BOOLEAN CurrentDirectory,
    OPTIN HANDLE DebugPort,
    OPTIN HANDLE ExceptionPort,
    OUT   PRTL_USER_PROCESS_INFORMATION ProcessInfo
  )_FP_;


#if (NTDDI_VERSION >= NTDDI_WIN7)
_NTFN_EXTERN NTFUNC( RtlCreateUserThread )(
    IN  PVOID ThreadContext,
    OUT HANDLE *OutThreadHandle,
    PVOID Reserved1, //_Reserved_
    PVOID Reserved2, //_Reserved_
    PVOID Reserved3, //_Reserved_
    PVOID Reserved4, //_Reserved_
    PVOID Reserved5, //_Reserved_
    PVOID Reserved6, //_Reserved_
    PVOID Reserved7, //_Reserved_
    PVOID Reserved8  //_Reserved_
  )_FP_;
#else
_NTFN_EXTERN NTFUNC( RtlCreateUserThread )(
    IN     HANDLE  ProcessHandle,
    OPTIN  PSECURITY_DESCRIPTOR SecurityDescriptor,
    IN     BOOLEAN CreateSuspended,
    IN     ULONG   StackZeroBits,
    IN     SIZE_T  StackReserve,
    IN     SIZE_T  StackCommit,
    IN     PTHREAD_START_ROUTINE StartAddress,
    IN     PVOID   Parameter,
    OPTOUT PHANDLE ThreadHandle,
    OPTOUT PCLIENT_ID ClientId
  )_FP_;
#endif

_NTFN_EXTERN NTFUNCT( PRTL_USER_PROCESS_PARAMETERS, RtlDeNormalizeProcessParams )(
    IN  PRTL_USER_PROCESS_PARAMETERS ProcessParameters
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlDestroyProcessParameters )(
    IN  PRTL_USER_PROCESS_PARAMETERS ProcessParameters
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, RtlExitUserThread )(
    IN  NTSTATUS Status
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, RtlInitializeContext )(
    IN    HANDLE ProcessHandle,
    OUT   PCONTEXT ThreadContext,
    OPTIN PVOID ThreadStartParam,
    IN    PTHREAD_START_ROUTINE ThreadStartAddress,
    IN    PINITIAL_TEB InitialTeb
  )_FP_;

#ifdef _M_AMD64
typedef struct _WOW64_CONTEXT *PWOW64_CONTEXT;

_NTFN_EXTERN NTFUNC( RtlWow64GetThreadContext )(
    IN    HANDLE ThreadHandle,
    INOUT PWOW64_CONTEXT ThreadContext
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlWow64SetThreadContext )(
    IN  HANDLE ThreadHandle,
    IN  PWOW64_CONTEXT ThreadContext
  )_FP_;
#endif

_NTFN_EXTERN NTFUNCT( BOOLEAN, RtlIsThreadWithinLoaderCallout )( VOID )_FP_;

_NTFN_EXTERN NTFUNCT( PRTL_USER_PROCESS_PARAMETERS, RtlNormalizeProcessParams )(
    IN  PRTL_USER_PROCESS_PARAMETERS ProcessParameters
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlRemoteCall )(
    IN  HANDLE Process,
    IN  HANDLE Thread,
    IN  PVOID CallSite,
    IN  ULONG ArgumentCount,
    IN  PULONG Arguments,
    IN  BOOLEAN PassContext,
    IN  BOOLEAN AlreadySuspended
  )_FP_;

_NTFN_EXTERN NTFUNCC( NTSTATUS, RtlSetProcessIsCritical )( // __cdecl
    IN     BOOLEAN NewValue,
    OPTOUT PBOOLEAN OldValue,
    IN     BOOLEAN NeedBreaks
  )_FP_;

_NTFN_EXTERN NTFUNCC( NTSTATUS, RtlSetThreadIsCritical )( // __cdecl
    IN     BOOLEAN NewValue,
    OPTOUT PBOOLEAN OldValue,
    IN     BOOLEAN NeedBreaks
  )_FP_;

_NTFN_EXTERN NTFUNCT( ULONG, RtlGetCurrentProcessorNumber )( VOID )_FP_;

// Thread Pool Functions ------------------------------------------------------

_NTFN_EXTERN NTFUNC( RtlSetThreadPoolStartFunc )(
    IN  PRTL_START_POOL_THREAD StartPoolThread,
    IN  PRTL_EXIT_POOL_THREAD ExitPoolThread
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlDeregisterWaitEx )(
    IN    HANDLE hWaitHandle,
    OPTIN HANDLE hCompletionEvent
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlDeregisterWait )(
    IN  HANDLE hWaitHandle
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlQueueWorkItem )(
    IN    WORKERCALLBACKFUNC Function,
    OPTIN PVOID Context,
    IN    ULONG Flags
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlSetIoCompletionCallback )(
    IN  HANDLE FileHandle,
    IN  PIO_APC_ROUTINE Callback,
    IN  ULONG Flags
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlRegisterWait )(
    IN  PHANDLE phNewWaitObject,
    IN  HANDLE hObject,
    IN  WAITORTIMERCALLBACKFUNC Callback,
    IN  PVOID pvContext,
    IN  ULONG ulMilliseconds,
    IN  ULONG ulFlags
  )_FP_;

// Environment/Path Functions -------------------------------------------------

_NTFN_EXTERN NTFUNC( RtlCreateEnvironment )(
    IN  BOOLEAN Clone,
    OUT PWSTR *Environment
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlComputePrivatizedDllName_U )(
    IN  PUNICODE_STRING DllName,
    OUT PUNICODE_STRING RealName,
    OUT PUNICODE_STRING LocalName
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, RtlDestroyEnvironment )(
    IN  PWSTR Environment
  )_FP_;

_NTFN_EXTERN NTFUNCT( BOOLEAN, RtlDoesFileExists_U )(
    IN  PCWSTR FileName
  )_FP_;

_NTFN_EXTERN NTFUNCT( RTL_PATH_TYPE, RtlDetermineDosPathNameType_U )(
    IN  PCWSTR Path
  )_FP_;

_NTFN_EXTERN NTFUNCT( ULONG, RtlDosSearchPath_U )(
    IN  PCWSTR Path,
    IN  PCWSTR FileName,
    IN  PCWSTR Extension,
    IN  ULONG BufferSize,
    OUT PWSTR Buffer,
    OUT PWSTR *PartName
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlDosSearchPath_Ustr )(
    IN     ULONG Flags,
    IN     PUNICODE_STRING PathString,
    IN     PUNICODE_STRING FileNameString,
    IN     PUNICODE_STRING ExtensionString,
    IN     PUNICODE_STRING CallerBuffer,
    OPTIO  PUNICODE_STRING DynamicString,
    OPTOUT PUNICODE_STRING* FullNameOut,
    OPTOUT PSIZE_T FilePartSize,
    OPTOUT PSIZE_T LengthNeeded
  )_FP_;

_NTFN_EXTERN NTFUNCT( BOOLEAN, RtlDosPathNameToNtPathName_U  )(
    OPTIN  PCWSTR DosPathName,
    OUT    PUNICODE_STRING NtPathName,
    OPTOUT PCWSTR *NtFileNamePart,
    OPTOUT PRTL_RELATIVE_NAME_U DirectoryInfo
  )_FP_;

_NTFN_EXTERN NTFUNCT( BOOLEAN, RtlDosPathNameToRelativeNtPathName_U )(
    IN  PCWSTR DosName,
    OUT PUNICODE_STRING NtName,
    OUT PCWSTR *PartName,
    OUT PRTL_RELATIVE_NAME_U RelativeName
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlExpandEnvironmentStrings_U )(
    IN    PWSTR Environment, //_In_z_
    IN    PUNICODE_STRING Source,
    INOUT PUNICODE_STRING Destination,
    OUT   PULONG Length
  )_FP_;

_NTFN_EXTERN NTFUNCT( ULONG, RtlGetCurrentDirectory_U )(
    IN  ULONG MaximumLength,
    OUT PWSTR Buffer //_Out_bytecap_(MaximumLength)
  )_FP_;

_NTFN_EXTERN NTFUNCT( ULONG, RtlGetFullPathName_U )(
    IN     PCWSTR FileName,
    IN     ULONG Size,
    OUT    PWSTR Buffer, //_Out_z_bytecap_(Size)
    OPTOUT PWSTR *ShortName
  )_FP_;

#if (NTDDI_VERSION >= NTDDI_WIN7)
_NTFN_EXTERN NTFUNC( RtlGetFullPathName_UEx )(
    IN     PWSTR FileName,
    IN     ULONG BufferLength,
    OUT    PWSTR Buffer,
    OPTOUT PWSTR *FilePart,
    OPTOUT RTL_PATH_TYPE *InputPathType
  )_FP_;
#endif

_NTFN_EXTERN NTFUNC( RtlGetFullPathName_UstrEx )(
    IN     PUNICODE_STRING FileName,
    OPTIN  PUNICODE_STRING StaticString,
    OPTIN  PUNICODE_STRING DynamicString,
    OPTOUT PUNICODE_STRING *StringUsed,
    OPTOUT PSIZE_T FilePartSize,
    OPTOUT PBOOLEAN NameInvalid,
    OUT    RTL_PATH_TYPE* PathType,
    OPTOUT PSIZE_T LengthNeeded
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlGetLengthWithoutTrailingPathSeperators )(
    IN  ULONG Flags, //_Reserved_
    IN  PCUNICODE_STRING PathString,
    OUT PULONG Length
  )_FP_;

_NTFN_EXTERN NTFUNCT( ULONG, RtlGetLongestNtPathLength )( VOID )_FP_;

_NTFN_EXTERN NTFUNCT( ULONG, RtlIsDosDeviceName_U )(
    IN  PCWSTR Name
  )_FP_;

_NTFN_EXTERN NTFUNCT( ULONG, RtlIsDosDeviceName_Ustr )(
    IN  PCUNICODE_STRING Name
  )_FP_;

_NTFN_EXTERN NTFUNCT( BOOLEAN, RtlIsNameLegalDOS8Dot3 )(
    IN  PCUNICODE_STRING Name,
    IN OUT OPTIONAL POEM_STRING OemName,
    OUT OPTIONAL PBOOLEAN NameContainsSpaces
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlQueryEnvironmentVariable_U )(
    IN OPTIONAL PWSTR Environment,
    IN  PUNICODE_STRING Name,
    OUT PUNICODE_STRING Value
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, RtlReleaseRelativeName )(
    IN  PRTL_RELATIVE_NAME_U RelativeName
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlSetCurrentDirectory_U )(
    IN  PUNICODE_STRING name
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlSetEnvironmentVariable )(
    IN  PWSTR *Environment,
    IN  PUNICODE_STRING Name,
    IN  PUNICODE_STRING Value
  )_FP_;

// Critical Section/Resource Functions ----------------------------------------

_NTFN_EXTERN NTFUNC( RtlDeleteCriticalSection )(
    IN  PRTL_CRITICAL_SECTION CriticalSection
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlEnterCriticalSection )(
    IN  PRTL_CRITICAL_SECTION CriticalSection
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlInitializeCriticalSection )(
    IN  PRTL_CRITICAL_SECTION CriticalSection
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlInitializeCriticalSectionAndSpinCount )(
    IN  PRTL_CRITICAL_SECTION CriticalSection,
    IN  ULONG SpinCount
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlLeaveCriticalSection )(
    IN  PRTL_CRITICAL_SECTION CriticalSection
  )_FP_;

_NTFN_EXTERN NTFUNCT( BOOLEAN, RtlTryEnterCriticalSection )(
    IN  PRTL_CRITICAL_SECTION CriticalSection
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, RtlpUnWaitCriticalSection )(
    IN  PRTL_CRITICAL_SECTION CriticalSection
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlpWaitForCriticalSection )(
    IN  PRTL_CRITICAL_SECTION CriticalSection
  )_FP_;

_NTFN_EXTERN NTFUNCT( BOOLEAN, RtlAcquireResourceExclusive )(
    IN  PRTL_RESOURCE Resource,
    IN  BOOLEAN Wait
  )_FP_;

_NTFN_EXTERN NTFUNCT( BOOLEAN, RtlAcquireResourceShared )(
    IN  PRTL_RESOURCE Resource,
    IN  BOOLEAN Wait
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, RtlConvertExclusiveToShared )(
    IN  PRTL_RESOURCE Resource
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, RtlConvertSharedToExclusive )(
    IN  PRTL_RESOURCE Resource
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, RtlDeleteResource )(
    IN  PRTL_RESOURCE Resource
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, RtlDumpResource )(
    IN  PRTL_RESOURCE Resource
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, RtlInitializeResource )(
    IN  PRTL_RESOURCE Resource
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, RtlReleaseResource )(
    IN  PRTL_RESOURCE Resource
  )_FP_;

// Compression Functions ------------------------------------------------------

_NTFN_EXTERN NTFUNC( RtlCompressBuffer )(
    IN  USHORT CompressionFormatAndEngine,
    IN  PUCHAR UncompressedBuffer,
    IN  ULONG  UncompressedBufferSize,
    OUT PUCHAR CompressedBuffer,
    IN  ULONG  CompressedBufferSize,
    IN  ULONG  UncompressedChunkSize,
    OUT PULONG FinalCompressedSize,
    IN  PVOID  WorkSpace
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlDecompressBuffer )(
    IN  USHORT CompressionFormat,
    OUT PUCHAR UncompressedBuffer,
    IN  ULONG  UncompressedBufferSize,
    IN  PUCHAR CompressedBuffer,
    IN  ULONG  CompressedBufferSize,
    OUT PULONG FinalUncompressedSize
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlGetCompressionWorkSpaceSize )(
    IN  USHORT CompressionFormatAndEngine,
    OUT PULONG CompressBufferWorkSpaceSize,
    OUT PULONG CompressFragmentWorkSpaceSize
  )_FP_;

// Frame Functions ------------------------------------------------------------

_NTFN_EXTERN NTFUNCT( VOID, RtlPopFrame )(
    IN  PTEB_ACTIVE_FRAME Frame
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, RtlPushFrame )(
    IN  PTEB_ACTIVE_FRAME Frame
  )_FP_;

_NTFN_EXTERN NTFUNCT( PTEB_ACTIVE_FRAME, RtlGetFrame )( VOID )_FP_;

// Debug Info Functions -------------------------------------------------------

_NTFN_EXTERN NTFUNCT( PRTL_DEBUG_INFORMATION, RtlCreateQueryDebugBuffer )(
    IN  ULONG Size,
    IN  BOOLEAN EventPair
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlDestroyQueryDebugBuffer )(
    IN  PRTL_DEBUG_INFORMATION DebugBuffer
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlQueryProcessDebugInformation )(
    IN    ULONG ProcessId,
    IN    ULONG DebugInfoClassMask,
    INOUT PRTL_DEBUG_INFORMATION DebugBuffer
  )_FP_;

// Bitmap Functions -----------------------------------------------------------

_NTFN_EXTERN NTFUNCT( BOOLEAN, RtlAreBitsClear )(
    IN  PRTL_BITMAP BitMapHeader,
    IN  ULONG StartingIndex,
    IN  ULONG Length
  )_FP_;

_NTFN_EXTERN NTFUNCT( BOOLEAN, RtlAreBitsSet )(
    IN  PRTL_BITMAP BitMapHeader,
    IN  ULONG StartingIndex,
    IN  ULONG Length
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, RtlClearAllBits )(
    IN  PRTL_BITMAP BitMapHeader
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, RtlClearBits )(
    IN  PRTL_BITMAP BitMapHeader,
    IN  ULONG StartingIndex, //_In_range_(0, BitMapHeader->SizeOfBitMap - NumberToClear)
    IN  ULONG NumberToClear //_In_range_(0, BitMapHeader->SizeOfBitMap - StartingIndex)
  )_FP_;

_NTFN_EXTERN NTFUNCT( ULONG, RtlFindClearBits )(
    IN  PRTL_BITMAP BitMapHeader,
    IN  ULONG NumberToFind,
    IN  ULONG HintIndex
  )_FP_;

_NTFN_EXTERN NTFUNCT( ULONG, RtlFindClearBitsAndSet )(
    IN  PRTL_BITMAP BitMapHeader,
    IN  ULONG NumberToFind,
    IN  ULONG HintIndex
  )_FP_;

_NTFN_EXTERN NTFUNCT( ULONG, RtlFindFirstRunClear )(
    IN  PRTL_BITMAP BitMapHeader,
    OUT PULONG StartingIndex
  )_FP_;

_NTFN_EXTERN NTFUNCT( ULONG, RtlFindClearRuns )(
    IN  PRTL_BITMAP BitMapHeader,
    OUT PRTL_BITMAP_RUN RunArray, //_Out_writes_to_(SizeOfRunArray, return)
    IN  ULONG SizeOfRunArray, //_In_range_(>, 0)
    IN  BOOLEAN LocateLongestRuns
  )_FP_;

_NTFN_EXTERN NTFUNCT( ULONG, RtlFindLastBackwardRunClear )(
    IN  PRTL_BITMAP BitMapHeader,
    IN  ULONG FromIndex,
    OUT PULONG StartingRunIndex
  )_FP_;

_NTFN_EXTERN NTFUNCT( CCHAR, RtlFindLeastSignificantBit )(
    IN  ULONGLONG Value
  )_FP_;

_NTFN_EXTERN NTFUNCT( CCHAR, RtlFindMostSignificantBit )(
    IN  ULONGLONG Value
  )_FP_;

_NTFN_EXTERN NTFUNCT( ULONG, RtlFindNextForwardRunClear )(
    IN  PRTL_BITMAP BitMapHeader,
    IN  ULONG FromIndex,
    OUT PULONG StartingRunIndex
  )_FP_;

_NTFN_EXTERN NTFUNCT( ULONG, RtlFindNextForwardRunSet )(
    IN  PRTL_BITMAP BitMapHeader,
    IN  ULONG FromIndex,
    OUT PULONG StartingRunIndex
  )_FP_;

_NTFN_EXTERN NTFUNCT( ULONG, RtlFindSetBits )(
    IN  PRTL_BITMAP BitMapHeader,
    IN  ULONG NumberToFind,
    IN  ULONG HintIndex
  )_FP_;

_NTFN_EXTERN NTFUNCT( ULONG, RtlFindSetBitsAndClear )(
    IN  PRTL_BITMAP BitMapHeader,
    IN  ULONG NumberToFind,
    IN  ULONG HintIndex
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, RtlInitializeBitMap )(
    OUT   PRTL_BITMAP BitMapHeader,
    OPTIN PULONG BitMapBuffer, //__drv_aliasesMem
    OPTIN ULONG SizeOfBitMap
  )_FP_;

_NTFN_EXTERN NTFUNCT( ULONG, RtlNumberOfClearBits )(
    IN  PRTL_BITMAP BitMapHeader
  )_FP_;

_NTFN_EXTERN NTFUNCT( ULONG, RtlNumberOfSetBits )(
    IN  PRTL_BITMAP BitMapHeader
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, RtlSetBit )(
    IN  PRTL_BITMAP BitMapHeader,
    IN  ULONG BitNumber //_In_range_(<, BitMapHeader->SizeOfBitMap)
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, RtlSetBits )(
    IN  PRTL_BITMAP BitMapHeader,
    IN  ULONG StartingIndex, //_In_range_(0, BitMapHeader->SizeOfBitMap - NumberToSet)
    IN  ULONG NumberToSet //_In_range_(0, BitMapHeader->SizeOfBitMap - StartingIndex)
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, RtlSetAllBits )(
    IN  PRTL_BITMAP BitMapHeader
  )_FP_;

_NTFN_EXTERN NTFUNCT( BOOLEAN, RtlTestBit )(
    IN  PRTL_BITMAP BitMapHeader,
    IN  ULONG BitNumber //_In_range_(<, BitMapHeader->SizeOfBitMap)
  )_FP_;

// Timer Functions ------------------------------------------------------------

_NTFN_EXTERN NTFUNC( RtlCreateTimer )(
    IN  HANDLE TimerQueue,
    IN  PHANDLE phNewTimer,
    IN  WAITORTIMERCALLBACKFUNC Callback,
    IN  PVOID Parameter,
    IN  ULONG DueTime,
    IN  ULONG Period,
    IN  ULONG Flags
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlCreateTimerQueue )(
    OUT  PHANDLE TimerQueue
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlDeleteTimer )(
    IN  HANDLE TimerQueue,
    IN  HANDLE Timer,
    IN  HANDLE CompletionEvent
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlUpdateTimer )(
    IN  HANDLE TimerQueue,
    IN  HANDLE Timer,
    IN  ULONG DueTime,
    IN  ULONG Period
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlDeleteTimerQueueEx )(
    IN    HANDLE TimerQueue,
    OPTIN HANDLE CompletionEvent
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlDeleteTimerQueue )(
    HANDLE TimerQueue
  )_FP_;

// SList functions ------------------------------------------------------------

_NTFN_EXTERN NTFUNCT( PSLIST_ENTRY, InterlockedPushListSList )(
    INOUT PSLIST_HEADER ListHead,
    INOUT PSLIST_ENTRY List, //__drv_aliasesMem
    INOUT PSLIST_ENTRY ListEnd,
    IN    ULONG Count
  )_FP_;

// Range List functions -------------------------------------------------------

_NTFN_EXTERN NTFUNCT( VOID, RtlInitializeRangeList )(
    INOUT PRTL_RANGE_LIST RangeList
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, RtlFreeRangeList )(
    IN  PRTL_RANGE_LIST RangeList
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlAddRange )(
    INOUT PRTL_RANGE_LIST RangeList,
    IN    ULONGLONG Start,
    IN    ULONGLONG End,
    IN    UCHAR Attributes,
    IN    ULONG Flags,
    OPTIN PVOID UserData,
    OPTIN PVOID Owner
  )_FP_;

// Debug Functions ------------------------------------------------------------

// __cdecl
_NTFN_EXTERN NTFUNCC( ULONG, DbgPrint )(
    IN PCSTR Format,
    ...
  )_FP_;

// __cdecl
_NTFN_EXTERN NTFUNCC( ULONG, DbgPrintEx )(
    IN ULONG ComponentId,
    IN ULONG Level,
    IN PCSTR Format,
    ...
  )_FP_;

_NTFN_EXTERN NTFUNCT( ULONG, DbgPrompt )(
    IN  PCCH Prompt, //_In_z_
    OUT PCH Response, //_Out_writes_bytes_(MaximumResponseLength)
    IN  ULONG MaximumResponseLength
  )_FP_;

#undef DbgBreakPoint
_NTFN_EXTERN NTFUNCT( VOID, DbgBreakPoint )( VOID )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, DbgLoadImageSymbols )(
    IN  PSTRING Name,
    IN  PVOID Base,
    IN  ULONG_PTR ProcessId
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, DbgUnLoadImageSymbols )(
    IN  PSTRING Name,
    IN  PVOID Base,
    IN  ULONG_PTR ProcessId
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, DbgCommandString )(
    IN  PCCH Name,
    IN  PCCH Command
  )_FP_;

// Handle Table Functions -----------------------------------------------------

_NTFN_EXTERN NTFUNCT( PRTL_HANDLE_TABLE_ENTRY, RtlAllocateHandle )(
    IN    PRTL_HANDLE_TABLE HandleTable,
    INOUT PULONG Index
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, RtlDestroyHandleTable )(
    INOUT PRTL_HANDLE_TABLE HandleTable
  )_FP_;

_NTFN_EXTERN NTFUNCT( BOOLEAN, RtlFreeHandle )(
    IN  PRTL_HANDLE_TABLE HandleTable,
    IN  PRTL_HANDLE_TABLE_ENTRY Handle
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, RtlInitializeHandleTable )(
    IN  ULONG TableSize,
    IN  ULONG HandleSize,
    IN  PRTL_HANDLE_TABLE HandleTable
  )_FP_;

_NTFN_EXTERN NTFUNCT( BOOLEAN, RtlIsValidHandle )(
    IN  PRTL_HANDLE_TABLE HandleTable,
    IN  PRTL_HANDLE_TABLE_ENTRY Handle
  )_FP_;

_NTFN_EXTERN NTFUNCT( BOOLEAN, RtlIsValidIndexHandle )(
    IN  PRTL_HANDLE_TABLE HandleTable,
    IN  ULONG Index,
    OUT PRTL_HANDLE_TABLE_ENTRY *Handle
  )_FP_;

// PE Functions ---------------------------------------------------------------

_NTFN_EXTERN NTFUNC( RtlFindMessage )(
    IN  PVOID BaseAddress,
    IN  ULONG Type,
    IN  ULONG Language,
    IN  ULONG MessageId,
    OUT PMESSAGE_RESOURCE_ENTRY *MessageResourceEntry
  )_FP_;

_NTFN_EXTERN NTFUNCT( ULONG, RtlGetNtGlobalFlags )( VOID )_FP_;

_NTFN_EXTERN NTFUNCT( PVOID, RtlImageDirectoryEntryToData )(
    IN  PVOID BaseAddress,
    IN  BOOLEAN MappedAsImage,
    IN  USHORT Directory,
    OUT PULONG Size
  )_FP_;

_NTFN_EXTERN NTFUNCT( PVOID, RtlImageRvaToVa )(
    IN    PIMAGE_NT_HEADERS NtHeader,
    IN    PVOID BaseAddress,
    IN    ULONG Rva,
    OPTIO PIMAGE_SECTION_HEADER *SectionHeader
  )_FP_;

_NTFN_EXTERN NTFUNCT( PIMAGE_NT_HEADERS, RtlImageNtHeader )(
    IN  PVOID BaseAddress
  )_FP_;

_NTFN_EXTERN NTFUNCT( NTSTATUS, RtlImageNtHeaderEx )(
    IN  ULONG Flags,
    IN  PVOID BaseAddress,
    IN  ULONGLONG Size,
    OUT PIMAGE_NT_HEADERS *NtHeader
  )_FP_;

_NTFN_EXTERN NTFUNCT( PIMAGE_SECTION_HEADER, RtlImageRvaToSection )(
    IN  PIMAGE_NT_HEADERS NtHeader,
    IN  PVOID BaseAddress,
    IN  ULONG Rva
  )_FP_;

_NTFN_EXTERN NTFUNCT( ULONG, LdrRelocateImageWithBias )(
    IN  PVOID NewAddress,
    IN  LONGLONG AdditionalBias,
    IN  PCCH LoaderName,
    IN  ULONG Success,
    IN  ULONG Conflict,
    IN  ULONG Invalid
  )_FP_;

// Activation Context Functions -----------------------------------------------

_NTFN_EXTERN NTFUNC( RtlActivateActivationContextEx )(
    IN  ULONG Flags,
    IN  PTEB Teb,
    IN  PVOID Context,
    OUT PULONG_PTR Cookie
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlActivateActivationContext )(
    IN  ULONG Flags,
    IN  HANDLE Handle,
    OUT PULONG_PTR Cookie
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, RtlAddRefActivationContext )(
    IN  PVOID Context
  )_FP_;

_NTFN_EXTERN NTFUNCT( PRTL_ACTIVATION_CONTEXT_STACK_FRAME, RtlActivateActivationContextUnsafeFast )(
    IN  PRTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_EXTENDED Frame,
    IN  PVOID Context
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlAllocateActivationContextStack )(
    IN  PACTIVATION_CONTEXT_STACK *Stack
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlCreateActivationContext )(
    IN  ULONG Flags,
    IN  PACTIVATION_CONTEXT_DATA ActivationContextData,
    IN  ULONG ExtraBytes,
    IN  PVOID NotificationRoutine,
    IN  PVOID NotificationContext,
    OUT PACTIVATION_CONTEXT *ActCtx
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlGetActiveActivationContext )(
    IN  PVOID *Context
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, RtlReleaseActivationContext )(
    IN  HANDLE handle
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlDeactivateActivationContext )(
    IN  ULONG dwFlags,
    IN  ULONG_PTR ulCookie
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, RtlFreeActivationContextStack )(
    IN  PACTIVATION_CONTEXT_STACK Stack
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, RtlFreeThreadActivationContextStack )( VOID )_FP_;

_NTFN_EXTERN NTFUNCT( PRTL_ACTIVATION_CONTEXT_STACK_FRAME, RtlDeactivateActivationContextUnsafeFast )(
    IN  PRTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_EXTENDED Frame
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlDosApplyFileIsolationRedirection_Ustr )(
    IN    ULONG Flags,
    IN    PUNICODE_STRING OriginalName,
    IN    PUNICODE_STRING Extension,
    INOUT PUNICODE_STRING StaticString,
    INOUT PUNICODE_STRING DynamicString,
    INOUT PUNICODE_STRING *NewName,
    IN    PULONG NewFlags,
    IN    PSIZE_T FileNameSize,
    IN    PSIZE_T RequiredLength
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlFindActivationContextSectionString )(
    IN    ULONG dwFlags,
    IN    const GUID *ExtensionGuid,
    IN    ULONG SectionType,
    IN    const UNICODE_STRING *SectionName,
    INOUT PVOID ReturnedData
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlQueryInformationActivationContext )(
    IN     DWORD dwFlags,
    OPTIN  PVOID Context,
    OPTIN  PVOID pvSubInstance,
    IN     ULONG ulInfoClass,
    OUT    PVOID pvBuffer, //_Out_bytecap_(cbBuffer)
    OPTIN  SIZE_T cbBuffer,
    OPTOUT SIZE_T *pcbWrittenOrRequired
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlQueryInformationActiveActivationContext )(
    IN     ULONG ulInfoClass,
    OUT    PVOID pvBuffer, //_Out_bytecap_(cbBuffer)
    OPTIN  SIZE_T cbBuffer,
    OPTOUT SIZE_T *pcbWrittenOrRequired
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlZombifyActivationContext )(
    PVOID Context
  )_FP_;

// WOW64 Functions ------------------------------------------------------------

_NTFN_EXTERN NTFUNC( RtlWow64EnableFsRedirection )(
    IN  BOOLEAN Wow64FsEnableRedirection
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlWow64EnableFsRedirectionEx )(
    IN  PVOID Wow64FsEnableRedirection,
    OUT PVOID *OldFsRedirectionLevel
  )_FP_;

// Registry Functions ---------------------------------------------------------

_NTFN_EXTERN NTFUNC( RtlCheckRegistryKey )(
    IN  ULONG RelativeTo,
    IN  PWSTR Path
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlCreateRegistryKey )(
    IN  ULONG RelativeTo,
    IN  PWSTR Path
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlFormatCurrentUserKeyPath )(
    OUT PUNICODE_STRING KeyPath
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlOpenCurrentUser )(
    IN  ACCESS_MASK DesiredAccess,
    OUT PHANDLE KeyHandle
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlQueryRegistryValues )(
    IN    ULONG RelativeTo,
    IN    PCWSTR Path,
    INOUT PRTL_QUERY_REGISTRY_TABLE QueryTable,
    OPTIN PVOID Context,
    OPTIN PVOID Environment
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlWriteRegistryValue )(
    IN  ULONG RelativeTo,
    IN  PCWSTR Path,
    IN  PCWSTR ValueName,
    IN  ULONG ValueType,
    IN  PVOID ValueData,
    IN  ULONG ValueLength
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlpNtCreateKey )(
    OUT HANDLE KeyHandle,
    IN  ACCESS_MASK DesiredAccess,
    IN  POBJECT_ATTRIBUTES ObjectAttributes,
    IN  ULONG TitleIndex,
    IN  PUNICODE_STRING Class,
    OUT PULONG Disposition
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlpNtEnumerateSubKey )(
    IN    HANDLE KeyHandle,
    INOUT PUNICODE_STRING SubKeyName,
    IN    ULONG Index,
    IN    ULONG Unused
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlpNtMakeTemporaryKey )(
    IN  HANDLE KeyHandle
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlpNtOpenKey )(
    OUT HANDLE KeyHandle,
    IN  ACCESS_MASK DesiredAccess,
    IN  POBJECT_ATTRIBUTES ObjectAttributes,
    IN  ULONG Unused
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlpNtQueryValueKey )(
    IN     HANDLE KeyHandle,
    OPTOUT PULONG Type,
    OPTOUT PVOID Data,
    OPTIO  PULONG DataLength,
    IN     ULONG Unused
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlpNtSetValueKey )(
    IN  HANDLE KeyHandle,
    IN  ULONG Type,
    IN  PVOID Data,
    IN  ULONG DataLength
  )_FP_;


_NTFN_EXTERN NTFUNC( NtRenameKey )(
    IN  HANDLE  KeyHandle,
    IN  PUNICODE_STRING  NewName
  )_FP_;

// NLS Functions --------------------------------------------------------------

_NTFN_EXTERN NTFUNCT( VOID, RtlGetDefaultCodePage )(
    OUT PUSHORT AnsiCodePage,
    OUT PUSHORT OemCodePage
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, RtlInitNlsTables )(
    IN  PUSHORT AnsiTableBase,
    IN  PUSHORT OemTableBase,
    IN  PUSHORT CaseTableBase,
    OUT PNLSTABLEINFO NlsTable
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, RtlInitCodePageTable )(
    IN  PUSHORT TableBase,
    OUT PCPTABLEINFO CodePageTable
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, RtlResetRtlTranslations )(
    IN  PNLSTABLEINFO NlsTable
  )_FP_;

// Misc conversion functions --------------------------------------------------

#if !defined(NO_RTL_INLINES)

static __inline LARGE_INTEGER NTAPI_INLINE
    RtlConvertLongToLargeInteger( IN  LONG SignedInteger )
    {
        LARGE_INTEGER Result;
        Result.QuadPart = SignedInteger;
        return Result;
    }

static __inline LARGE_INTEGER NTAPI_INLINE
    RtlEnlargedIntegerMultiply( IN  LONG Multiplicand, IN  LONG Multiplier )
    {
        LARGE_INTEGER Product;
        Product.QuadPart = (LONGLONG)Multiplicand * (ULONGLONG)Multiplier;
        return Product;
    }

static __inline ULONG NTAPI_INLINE
    RtlEnlargedUnsignedDivide( IN ULARGE_INTEGER Dividend, IN ULONG Divisor, OPTIN PULONG Remainder )
    {
        ULONG Quotient;
        Quotient = (ULONG)(Dividend.QuadPart / Divisor);
        if (Remainder) *Remainder = (ULONG)(Dividend.QuadPart % Divisor);
        return Quotient;
    }

static __inline LARGE_INTEGER NTAPI_INLINE
    RtlEnlargedUnsignedMultiply( IN  ULONG Multiplicand, IN  ULONG Multiplier )
    {
        LARGE_INTEGER Product;
        Product.QuadPart = (ULONGLONG)Multiplicand * (ULONGLONG)Multiplier;
        return Product;
    }

#if defined(_AMD64_) || defined(_IA64_)
static __inline LARGE_INTEGER NTAPI_INLINE
    RtlExtendedLargeIntegerDivide( IN LARGE_INTEGER Dividend, IN ULONG Divisor, OPTOUT PULONG Remainder )
    {
      LARGE_INTEGER ret;
      ret.QuadPart = (ULONG64)Dividend.QuadPart / Divisor;
      if (Remainder) *Remainder = (ULONG)(Dividend.QuadPart % Divisor);
      return ret;
    }
#define defined_RtlExtendedLargeIntegerDivide
#endif // defined(_AMD64_) || defined(_IA64_)
#endif 

#ifndef defined_RtlExtendedLargeIntegerDivide
_NTFN_EXTERN NTFUNCT( LARGE_INTEGER, RtlExtendedLargeIntegerDivide )(
    IN LARGE_INTEGER Dividend, IN ULONG Divisor, OPTOUT PULONG Remainder
  )_FP_;
#endif

_NTFN_EXTERN NTFUNCT( ULONG, RtlUniform )(
    IN  PULONG Seed
  )_FP_;

_NTFN_EXTERN NTFUNCT( ULONG, RtlRandom )(
    INOUT PULONG Seed
  )_FP_;

_NTFN_EXTERN NTFUNCT( ULONG, RtlComputeCrc32 )(
    IN  ULONG InitialCrc,
    IN  PUCHAR Buffer,
    IN  ULONG Length
  )_FP_;

// Network Functions ----------------------------------------------------------

_NTFN_EXTERN NTFUNCT( LPSTR, RtlIpv4AddressToStringA )(
    IN  const struct in_addr *Addr,
    OUT PCHAR S //_Out_writes_(16)
  )_FP_;

_NTFN_EXTERN NTFUNCT( PWSTR, RtlIpv4AddressToStringW )(
    IN  const struct in_addr *Addr,
    OUT PWCHAR S //_Out_writes_(16)
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlIpv4AddressToStringExA )(
    IN    const struct in_addr *Address,
    IN    USHORT Port,
    OUT   PCHAR AddressString, //_Out_writes_to_(*AddressStringLength, *AddressStringLength)
    INOUT PULONG AddressStringLength
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlIpv4AddressToStringExW )(
    IN    const struct in_addr *Address,
    IN    USHORT Port,
    OUT   PWCHAR AddressString, //_Out_writes_to_(*AddressStringLength, *AddressStringLength)
    INOUT PULONG AddressStringLength
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlIpv4StringToAddressA )(
    IN  PCSTR String,
    IN  BOOLEAN Strict,
    OUT PCSTR *Terminator,
    OUT struct in_addr *Addr
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlIpv4StringToAddressW )(
    IN  PCWSTR String,
    IN  BOOLEAN Strict,
    OUT PCWSTR *Terminator,
    OUT struct in_addr *Addr
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlIpv4StringToAddressExA )(
    IN  PCSTR AddressString,
    IN  BOOLEAN Strict,
    OUT struct in_addr *Address,
    OUT PUSHORT Port
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlIpv4StringToAddressExW )(
    IN  PCWSTR AddressString,
    IN  BOOLEAN Strict,
    OUT struct in_addr *Address,
    OUT PUSHORT Port
  )_FP_;

_NTFN_EXTERN NTFUNCT( LPSTR, RtlIpv6AddressToStringA )(
    IN  const struct in6_addr *Addr,
    OUT TSTR S //_Out_writes_(46)
  )_FP_;

_NTFN_EXTERN NTFUNCT( PWSTR, RtlIpv6AddressToStringW )(
    IN  const struct in6_addr *Addr,
    OUT PWSTR S //_Out_writes_(46)
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlIpv6AddressToStringExA )(
    IN    const struct in6_addr *Address,
    IN    ULONG ScopeId,
    IN    USHORT Port,
    OUT   TSTR AddressString,
    INOUT PULONG AddressStringLength
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlIpv6AddressToStringExW )(
    IN    const struct in6_addr *Address,
    IN    ULONG ScopeId,
    IN    USHORT Port,
    OUT   PWCHAR AddressString,
    INOUT PULONG AddressStringLength
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlIpv6StringToAddressA )(
    IN  PCSTR String,
    OUT PCSTR *Terminator,
    OUT struct in6_addr *Addr
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlIpv6StringToAddressW )(
    IN  PCWSTR String,
    OUT PCWSTR *Terminator,
    OUT struct in6_addr *Addr
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlIpv6StringToAddressExA )(
    IN  PCSTR AddressString,
    OUT struct in6_addr *Address,
    OUT PULONG ScopeId,
    OUT PUSHORT Port
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlIpv6StringToAddressExW )(
    IN  PCWSTR AddressString,
    OUT struct in6_addr *Address,
    OUT PULONG ScopeId,
    OUT PUSHORT Port
  )_FP_;

// Time Functions

_NTFN_EXTERN NTFUNC( RtlQueryTimeZoneInformation )(
    OUT PRTL_TIME_ZONE_INFORMATION TimeZoneInformation
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, RtlSecondsSince1970ToTime )(
    IN  ULONG SecondsSince1970,
    OUT PLARGE_INTEGER Time 
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlSetTimeZoneInformation )(
    IN  PRTL_TIME_ZONE_INFORMATION TimeZoneInformation
  )_FP_;

_NTFN_EXTERN NTFUNCT( BOOLEAN, RtlTimeFieldsToTime )(
    IN  PTIME_FIELDS TimeFields,
    OUT PLARGE_INTEGER Time 
  )_FP_;

_NTFN_EXTERN NTFUNCT( BOOLEAN, RtlTimeToSecondsSince1970 )(
    IN  PLARGE_INTEGER Time, 
    OUT PULONG ElapsedSeconds
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, RtlTimeToTimeFields )(
    PLARGE_INTEGER Time, 
    PTIME_FIELDS TimeFields
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlSystemTimeToLocalTime )(
    IN  PLARGE_INTEGER SystemTime,  
    OUT PLARGE_INTEGER LocalTime    
  )_FP_;

// Version Functions ----------------------------------------------------------

_NTFN_EXTERN NTFUNC( RtlVerifyVersionInfo )(
    IN  PRTL_OSVERSIONINFOEXW VersionInfo,
    IN  ULONG TypeMask,
    IN  ULONGLONG ConditionMask
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlGetVersion )(
    OUT PRTL_OSVERSIONINFOW lpVersionInformation
  )_FP_;

_NTFN_EXTERN NTFUNCT( BOOLEAN, RtlGetNtProductType )(
    OUT PNT_PRODUCT_TYPE ProductType
  )_FP_;

// Secure Memory Functions ----------------------------------------------------

_NTFN_EXTERN NTFUNC( RtlRegisterSecureMemoryCacheCallback )(
    IN  PRTL_SECURE_MEMORY_CACHE_CALLBACK Callback
  )_FP_;

_NTFN_EXTERN NTFUNCT( BOOLEAN, RtlFlushSecureMemoryCache )(
    IN    PVOID MemoryCache,
    OPTIN SIZE_T MemoryLength
  )_FP_;

// Boot Status Data Functions -------------------------------------------------

_NTFN_EXTERN NTFUNC( RtlCreateBootStatusDataFile )( VOID )_FP_;

_NTFN_EXTERN NTFUNC( RtlGetSetBootStatusData )(
    IN     HANDLE  FileHandle,
    IN     BOOLEAN WriteMode,
    IN     RTL_BSD_ITEM_TYPE DataClass,
    IN     PVOID  Buffer,
    IN     ULONG  BufferSize,
    OPTOUT PULONG ReturnLength
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlLockBootStatusData )(
    OUT PHANDLE FileHandle
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlUnlockBootStatusData )(
    IN  HANDLE FileHandle
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlGUIDFromString )(
    IN  PUNICODE_STRING GuidString,
    OUT GUID *Guid
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlStringFromGUID )(
    IN  REFGUID Guid,
    OUT PUNICODE_STRING GuidString
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlComputeImportTableHash )(
    IN  HANDLE hFile,
    OUT PCHAR Hash,
    IN  ULONG ImportTableHashRevision
  )_FP_;

// MemoryStream functions -----------------------------------------------------

_NTFN_EXTERN NTFUNCT( VOID, RtlInitMemoryStream )(
    OUT PRTL_MEMORY_STREAM Stream
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, RtlInitOutOfProcessMemoryStream )(
    OUT PRTL_MEMORY_STREAM Stream
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, RtlFinalReleaseOutOfProcessMemoryStream )(
    IN  PRTL_MEMORY_STREAM Stream
  )_FP_;

_NTFN_EXTERN NTFUNCT( HRESULT, RtlQueryInterfaceMemoryStream )(
    IN  struct IStream *This,
    IN  REFIID RequestedIid,
    OUT PVOID *ResultObject //_Outptr_
  )_FP_;

_NTFN_EXTERN NTFUNCT( ULONG, RtlAddRefMemoryStream )(
    IN  struct IStream *This
  )_FP_;

_NTFN_EXTERN NTFUNCT( ULONG, RtlReleaseMemoryStream )(
    IN  struct IStream *This
  )_FP_;

_NTFN_EXTERN NTFUNCT( HRESULT, RtlReadMemoryStream )(
    IN     struct IStream *This,
    OUT    PVOID Buffer, //_Out_writes_bytes_(Length)
    IN     ULONG Length,
    OPTOUT PULONG BytesRead
  )_FP_;

_NTFN_EXTERN NTFUNCT( HRESULT, RtlReadOutOfProcessMemoryStream )(
    IN     struct IStream *This,
    OUT    PVOID Buffer, //_Out_writes_bytes_(Length)
    IN     ULONG Length,
    OPTOUT PULONG BytesRead
  )_FP_;

_NTFN_EXTERN NTFUNCT( HRESULT, RtlSeekMemoryStream )(
    IN     struct IStream *This,
    IN     LARGE_INTEGER RelativeOffset,
    IN     ULONG Origin,
    OPTOUT PULARGE_INTEGER ResultOffset
  )_FP_;

_NTFN_EXTERN NTFUNCT( HRESULT, RtlCopyMemoryStreamTo )(
    IN     struct IStream *This,
    IN     struct IStream *Target,
    IN     ULARGE_INTEGER Length,
    OPTOUT PULARGE_INTEGER BytesRead,
    OPTOUT PULARGE_INTEGER BytesWritten
  )_FP_;

_NTFN_EXTERN NTFUNCT( HRESULT, RtlCopyOutOfProcessMemoryStreamTo )(
    IN     struct IStream *This,
    IN     struct IStream *Target,
    IN     ULARGE_INTEGER Length,
    OPTOUT PULARGE_INTEGER BytesRead,
    OPTOUT PULARGE_INTEGER BytesWritten
  )_FP_;

_NTFN_EXTERN NTFUNCT( HRESULT, RtlStatMemoryStream )(
    IN  struct IStream *This,
    OUT struct tagSTATSTG *Stats,
    IN  ULONG Flags
  )_FP_;

// Dummy functions ------------------------------------------------------------

_NTFN_EXTERN NTFUNCT( HRESULT, RtlWriteMemoryStream )(
    IN     struct IStream *This,
    IN     CONST VOID *Buffer, //_In_reads_bytes_(Length)
    IN     ULONG Length,
    OPTOUT PULONG BytesWritten
  )_FP_;

_NTFN_EXTERN NTFUNCT( HRESULT, RtlSetMemoryStreamSize )(
    IN  struct IStream *This,
    IN  ULARGE_INTEGER NewSize
  )_FP_;

_NTFN_EXTERN NTFUNCT( HRESULT, RtlCommitMemoryStream )(
    IN  struct IStream *This,
    IN  ULONG CommitFlags
  )_FP_;

_NTFN_EXTERN NTFUNCT( HRESULT, RtlRevertMemoryStream )(
    IN  struct IStream *This
  )_FP_;

_NTFN_EXTERN NTFUNCT( HRESULT, RtlLockMemoryStreamRegion )(
    IN  struct IStream *This,
    IN  ULARGE_INTEGER Offset,
    IN  ULARGE_INTEGER Length,
    IN  ULONG LockType
  )_FP_;

_NTFN_EXTERN NTFUNCT( HRESULT, RtlUnlockMemoryStreamRegion )(
    IN  struct IStream *This,
    IN  ULARGE_INTEGER Offset,
    IN  ULARGE_INTEGER Length,
    IN  ULONG LockType
  )_FP_;

_NTFN_EXTERN NTFUNCT( HRESULT, RtlCloneMemoryStream )(
    IN  struct IStream *This,
    OUT struct IStream **ResultStream
  )_FP_;

_NTFN_EXTERN NTFUNC( RtlFindActivationContextSectionGuid )(
    ULONG flags,
    const GUID *extguid,
    ULONG section_kind,
    const GUID *guid,
    void *ptr
  )_FP_;

// RTL Splay Tree Functions ---------------------------------------------------

_NTFN_EXTERN NTFUNCT( PRTL_SPLAY_LINKS, RtlSplay )(
    INOUT PRTL_SPLAY_LINKS Links
  )_FP_;

_NTFN_EXTERN NTFUNCT( PRTL_SPLAY_LINKS, RtlDelete )(
    IN  PRTL_SPLAY_LINKS Links
  )_FP_;

_NTFN_EXTERN NTFUNCT( VOID, RtlDeleteNoSplay )(
    IN    PRTL_SPLAY_LINKS Links,
    INOUT PRTL_SPLAY_LINKS *Root
  )_FP_;

_NTFN_EXTERN NTFUNCT( PRTL_SPLAY_LINKS, RtlSubtreeSuccessor )(
    IN  PRTL_SPLAY_LINKS Links
  )_FP_;

_NTFN_EXTERN NTFUNCT( PRTL_SPLAY_LINKS, RtlSubtreePredecessor )(
    IN  PRTL_SPLAY_LINKS Links
  )_FP_;

_NTFN_EXTERN NTFUNCT( PRTL_SPLAY_LINKS, RtlRealSuccessor )(
    IN  PRTL_SPLAY_LINKS Links
  )_FP_;

_NTFN_EXTERN NTFUNCT( PRTL_SPLAY_LINKS, RtlRealPredecessor )(
    IN  PRTL_SPLAY_LINKS Links
  )_FP_;

#ifndef RtlIsLeftChild
#define RtlIsLeftChild( Links ) \
    (RtlLeftChild( RtlParent( Links )) == (PRTL_SPLAY_LINKS)(Links))

#define RtlIsRightChild( Links ) \
    (RtlRightChild( RtlParent( Links )) == (PRTL_SPLAY_LINKS)(Links))

#define RtlRightChild( Links ) \
    ((PRTL_SPLAY_LINKS)(Links))->RightChild

#define RtlIsRoot( Links ) \
    (RtlParent( Links ) == (PRTL_SPLAY_LINKS)(Links))

#define RtlLeftChild( Links ) \
    ((PRTL_SPLAY_LINKS)(Links))->LeftChild

#define RtlParent( Links ) \
    ((PRTL_SPLAY_LINKS)(Links))->Parent

#define RtlInitializeSplayLinks( Links )                \
    {                                                   \
        PRTL_SPLAY_LINKS _SplayLinks;                   \
        _SplayLinks = (PRTL_SPLAY_LINKS)(Links);        \
        _SplayLinks->Parent = _SplayLinks;              \
        _SplayLinks->LeftChild = NULL;                  \
        _SplayLinks->RightChild = NULL;                 \
    }

#define RtlInsertAsLeftChild( ParentLinks, ChildLinks ) \
    {                                                   \
        PRTL_SPLAY_LINKS _SplayParent;                  \
        PRTL_SPLAY_LINKS _SplayChild;                   \
        _SplayParent = (PRTL_SPLAY_LINKS)(ParentLinks); \
        _SplayChild = (PRTL_SPLAY_LINKS)(ChildLinks);   \
        _SplayParent->LeftChild = _SplayChild;          \
        _SplayChild->Parent = _SplayParent;             \
    }

#define RtlInsertAsRightChild( ParentLinks, ChildLinks ) \
    {                                                   \
        PRTL_SPLAY_LINKS _SplayParent;                  \
        PRTL_SPLAY_LINKS _SplayChild;                   \
        _SplayParent = (PRTL_SPLAY_LINKS)(ParentLinks); \
        _SplayChild = (PRTL_SPLAY_LINKS)(ChildLinks);   \
        _SplayParent->RightChild = _SplayChild;         \
        _SplayChild->Parent = _SplayParent;             \
    }
#endif//ndef RtlIsLeftChild

// RTL AVL Tree Functions -----------------------------------------------------

_NTFN_EXTERN NTFUNCT( VOID, RtlInitializeGenericTableAvl )(
    OUT   PRTL_AVL_TABLE Table,
    IN    PRTL_AVL_COMPARE_ROUTINE CompareRoutine,
    OPTIN PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine,
    OPTIN PRTL_AVL_FREE_ROUTINE FreeRoutine,
    OPTIN PVOID TableContext
  )_FP_;

_NTFN_EXTERN NTFUNCT( PVOID, RtlInsertElementGenericTableAvl )(
    IN     PRTL_AVL_TABLE Table,
    IN     PVOID Buffer, //_In_reads_bytes_(BufferSize)
    IN     CLONG BufferSize,
    OPTOUT PBOOLEAN NewElement
  )_FP_;

_NTFN_EXTERN NTFUNCT( PVOID, RtlInsertElementGenericTableFullAvl )(
    IN     PRTL_AVL_TABLE Table,
    IN     PVOID Buffer, //_In_reads_bytes_(BufferSize)
    IN     CLONG BufferSize,
    OPTOUT PBOOLEAN NewElement,
    IN     PVOID NodeOrParent,
    IN     TABLE_SEARCH_RESULT SearchResult
  )_FP_;

_NTFN_EXTERN NTFUNCT( BOOLEAN, RtlDeleteElementGenericTableAvl )(
    IN  PRTL_AVL_TABLE Table,
    IN  PVOID Buffer
  )_FP_;

_NTFN_EXTERN NTFUNCT( PVOID, RtlLookupElementGenericTableAvl )(
    IN  PRTL_AVL_TABLE Table,
    IN  PVOID Buffer
  )_FP_;

_NTFN_EXTERN NTFUNCT( PVOID, RtlLookupElementGenericTableFullAvl )(
    IN  PRTL_AVL_TABLE Table,
    IN  PVOID Buffer,
    OUT PVOID *NodeOrParent,
    OUT TABLE_SEARCH_RESULT *SearchResult
  )_FP_;

_NTFN_EXTERN NTFUNCT( PVOID, RtlEnumerateGenericTableAvl )(
    IN  PRTL_AVL_TABLE Table,
    IN  BOOLEAN Restart
  )_FP_;

_NTFN_EXTERN NTFUNCT( PVOID, RtlEnumerateGenericTableWithoutSplayingAvl )(
    IN    PRTL_AVL_TABLE Table,
    INOUT PVOID *RestartKey
  )_FP_;

_NTFN_EXTERN NTFUNCT( PVOID, RtlLookupFirstMatchingElementGenericTableAvl )(
    IN  PRTL_AVL_TABLE Table,
    IN  PVOID Buffer,
    OUT PVOID *RestartKey
  )_FP_;

_NTFN_EXTERN NTFUNCT( PVOID, RtlEnumerateGenericTableLikeADirectory )(
    IN    PRTL_AVL_TABLE Table,
    OPTIN PRTL_AVL_MATCH_FUNCTION MatchFunction,
    OPTIN PVOID MatchData,
    IN    ULONG NextFlag,
    INOUT PVOID *RestartKey,
    INOUT PULONG DeleteCount,
    IN    PVOID Buffer
  )_FP_;

_NTFN_EXTERN NTFUNCT( PVOID, RtlGetElementGenericTableAvl )(
    IN  PRTL_AVL_TABLE Table,
    IN  ULONG I
  )_FP_;

_NTFN_EXTERN NTFUNCT( ULONG, RtlNumberGenericTableElementsAvl )(
    IN  PRTL_AVL_TABLE Table
  )_FP_;

_NTFN_EXTERN NTFUNCT( BOOLEAN, RtlIsGenericTableEmptyAvl )(
    IN  PRTL_AVL_TABLE Table
  )_FP_;

// RTL Generic Table Functions ------------------------------------------------

#ifdef RTL_USE_AVL_TABLES

#define RtlInitializeGenericTable               RtlInitializeGenericTableAvl
#define RtlInsertElementGenericTable            RtlInsertElementGenericTableAvl
#define RtlInsertElementGenericTableFull        RtlInsertElementGenericTableFullAvl
#define RtlDeleteElementGenericTable            RtlDeleteElementGenericTableAvl
#define RtlLookupElementGenericTable            RtlLookupElementGenericTableAvl
#define RtlLookupElementGenericTableFull        RtlLookupElementGenericTableFullAvl
#define RtlEnumerateGenericTable                RtlEnumerateGenericTableAvl
#define RtlEnumerateGenericTableWithoutSplaying RtlEnumerateGenericTableWithoutSplayingAvl
#define RtlGetElementGenericTable               RtlGetElementGenericTableAvl
#define RtlNumberGenericTableElements           RtlNumberGenericTableElementsAvl
#define RtlIsGenericTableEmpty                  RtlIsGenericTableEmptyAvl

#else 

_NTFN_EXTERN NTFUNCT( VOID, RtlInitializeGenericTable )(
    OUT     PRTL_GENERIC_TABLE Table,
    IN      PRTL_GENERIC_COMPARE_ROUTINE CompareRoutine,
    OPTIN   PRTL_GENERIC_ALLOCATE_ROUTINE AllocateRoutine,
    OPTIN   PRTL_GENERIC_FREE_ROUTINE FreeRoutine,
    OPTIN   PVOID TableContext
  )_FP_;

_NTFN_EXTERN NTFUNCT( PVOID, RtlInsertElementGenericTable )(
    IN      PRTL_GENERIC_TABLE Table,
    IN      PVOID Buffer, //_In_reads_bytes_(BufferSize)
    IN      CLONG BufferSize,
    OPTOUT  PBOOLEAN NewElement
  )_FP_;

_NTFN_EXTERN NTFUNCT( PVOID, RtlInsertElementGenericTableFull )(
    IN      PRTL_GENERIC_TABLE Table,
    IN      PVOID Buffer, //_In_reads_bytes_(BufferSize)
    IN      CLONG BufferSize,
    OPTOUT  PBOOLEAN NewElement,
    IN      PVOID NodeOrParent,
    IN      TABLE_SEARCH_RESULT SearchResult
  )_FP_;

_NTFN_EXTERN NTFUNCT( BOOLEAN, RtlDeleteElementGenericTable )(
    IN  PRTL_GENERIC_TABLE Table,
    IN  PVOID Buffer
  )_FP_;

_NTFN_EXTERN NTFUNCT( PVOID, RtlLookupElementGenericTable )(
    IN  PRTL_GENERIC_TABLE Table,
    IN  PVOID Buffer
  )_FP_;

_NTFN_EXTERN NTFUNCT( PVOID, RtlLookupElementGenericTableFull )(
    IN  PRTL_GENERIC_TABLE Table,
    IN  PVOID Buffer,
    OUT PVOID *NodeOrParent,
    OUT TABLE_SEARCH_RESULT *SearchResult
  )_FP_;

_NTFN_EXTERN NTFUNCT( PVOID, RtlEnumerateGenericTable )(
    IN  PRTL_GENERIC_TABLE Table,
    IN  BOOLEAN Restart
  )_FP_;

_NTFN_EXTERN NTFUNCT( PVOID, RtlEnumerateGenericTableWithoutSplaying )(
    IN    PRTL_GENERIC_TABLE Table,
    INOUT PVOID *RestartKey
  )_FP_;

_NTFN_EXTERN NTFUNCT( PVOID, RtlGetElementGenericTable )(
    IN  PRTL_GENERIC_TABLE Table,
    IN  ULONG I
  )_FP_;

_NTFN_EXTERN NTFUNCT( ULONG, RtlNumberGenericTableElements )(
    IN  PRTL_GENERIC_TABLE Table
  )_FP_;

_NTFN_EXTERN NTFUNCT( BOOLEAN, RtlIsGenericTableEmpty )(
    IN  PRTL_GENERIC_TABLE Table
  )_FP_;

#endif

//==---------------------------------------------------------------------------
// User-Mode NT Library Functions - Migrated to appropriate sections.
// PONDER: Do this migration in the NDK as well ?
//==---------------------------------------------------------------------------

// Debug Functions -> User-Mode Kernel Debugging Functions

//_NTFN_EXTERN NTFUNC( DbgUiConnectToDbg )( VOID )_FP_;
//_NTFN_EXTERN NTFUNC( DbgUiDebugActiveProcess )(
//    IN HANDLE Process
//  )_FP_;
//_NTFN_EXTERN NTFUNC( DbgUiStopDebugging )(
//    IN HANDLE Process
//  )_FP_;
//_NTFN_EXTERN NTFUNCT( VOID, DbgBreakPointWithStatus )( IN ULONG Status )_FP_;
//_NTFN_EXTERN NTFUNC( DbgUiContinue )(
//    IN PCLIENT_ID ClientId,
//    IN NTSTATUS ContinueStatus
//  )_FP_;
//_NTFN_EXTERN NTFUNC( DbgUiWaitStateChange )(
//    IN PDBGUI_WAIT_STATE_CHANGE DbgUiWaitStateCange,
//    IN PLARGE_INTEGER TimeOut
//  )_FP_;
//_NTFN_EXTERN NTFUNC( DbgUiConvertStateChangeStructure )(
//    IN PDBGUI_WAIT_STATE_CHANGE WaitStateChange,
//    IN PVOID DebugEvent
//  )_FP_;
//_NTFN_EXTERN NTFUNCT( VOID, DbgUiRemoteBreakin )( VOID )_FP_;
//_NTFN_EXTERN NTFUNC( DbgUiIssueRemoteBreakin )( IN HANDLE Process )_FP_;
//_NTFN_EXTERN NTFUNCT( HANDLE, DbgUiGetThreadDebugObject )( VOID )_FP_;

// Loader Functions

//_NTFN_EXTERN NTFUNC( LdrDisableThreadCalloutsForDll )(
//    IN PVOID BaseAddress
//  )_FP_;
//_NTFN_EXTERN NTFUNC( LdrLoadDll )(
//    OPTIN  PWSTR  SearchPath,
//    OPTIN  PULONG LoadFlags,
//    IN     PUNICODE_STRING Name,
//    OPTOUT PVOID* BaseAddress
//  )_FP_;
//_NTFN_EXTERN NTFUNC( LdrUnloadDll )( IN PVOID BaseAddress )_FP_;
//_NTFN_EXTERN NTFUNC( LdrAddRefDll )(
//    IN ULONG Flags,
//    IN PVOID BaseAddress
//  )_FP_;
//_NTFN_EXTERN NTFUNC( LdrGetDllHandle )(
//    OPTIN PWSTR DllPath,
//    IN    PULONG DllCharacteristics,
//    IN    PUNICODE_STRING DllName,
//    OUT   HANDLE* DllHandle
//  )_FP_;
//_NTFN_EXTERN NTFUNC( LdrGetDllHandleEx )(
//    IN     ULONG Flags,
//    OPTIN  PWSTR DllPath,
//    OPTIN  PULONG DllCharacteristics,
//    IN     PUNICODE_STRING DllName,
//    OPTOUT HANDLE* DllHandle
//  )_FP_;
//_NTFN_EXTERN NTFUNC( LdrFindEntryForAddress )(
//    IN  PVOID Address,
//    OUT PLDR_DATA_TABLE_ENTRY* Module
//  )_FP_;
//_NTFN_EXTERN NTFUNC( LdrQueryImageFileExecutionOptions )(
//    IN     PUNICODE_STRING SubKey,
//    IN     PCWSTR ValueName,
//    IN     ULONG  ValueSize,
//    OUT    PVOID  Buffer,
//    IN     ULONG  BufferSize,
//    OPTOUT PULONG RetunedLength
//  )_FP_;
//_NTFN_EXTERN NTFUNC( LdrQueryProcessModuleInformation )(
//    OPTIN PRTL_PROCESS_MODULES ModuleInformation,
//    OPTIN ULONG  Size,
//    OUT   PULONG ReturnedSize
//  )_FP_;
//_NTFN_EXTERN NTFUNC( LdrQueryImageFileKeyOption )(
//    IN     HANDLE KeyHandle,
//    IN     PCWSTR ValueName,
//    IN     ULONG Type,
//    OUT    PVOID Buffer,
//    IN     ULONG BufferSize,
//    OPTOUT PULONG ReturnedLength
//  )_FP_;
//_NTFN_EXTERN NTFUNC( LdrOpenImageFileOptionsKey )(
//    IN  PUNICODE_STRING SubKey,
//    IN  BOOLEAN Wow64,
//    OUT PHANDLE NewKeyHandle
//  )_FP_;
//_NTFN_EXTERN NTFUNCT( VOID, LdrSetDllManifestProber )(
//    IN PLDR_MANIFEST_PROBER_ROUTINE Routine
//  )_FP_;
//_NTFN_EXTERN NTFUNC( LdrShutdownProcess )( VOID )_FP_;
//_NTFN_EXTERN NTFUNC( LdrShutdownThread )( VOID )_FP_;
//typedef VOID (NTAPI *PLDR_CALLBACK)( PVOID CallbackContext, PCHAR Name );
//_NTFN_EXTERN NTFUNC( LdrVerifyImageMatchesChecksum )(
//    IN  HANDLE FileHandle,
//    IN  PLDR_CALLBACK Callback,
//    IN  PVOID CallbackContext,
//    OUT PUSHORT ImageCharacterstics
//  )_FP_;
//_NTFN_EXTERN NTFUNCT( PIMAGE_BASE_RELOCATION, LdrProcessRelocationBlock )(
//    IN ULONG_PTR Address,
//    IN ULONG     Count,
//    IN PUSHORT   TypeOffset,
//    IN LONG_PTR  Delta
//  )_FP_;
//_NTFN_EXTERN NTFUNCT( VOID, LdrInitializeThunk )(
//    ULONG Unknown1, ULONG Unknown2,
//    ULONG Unknown3, ULONG Unknown4
//  )_FP_;

//==---------------------------------------------------------------------------
#undef NTFUNC
#undef NTFUNCT
#undef NTFUNCC
#undef _FP_
END_EXTERN_C
#endif // ndef NO_NDK_FILES
#endif // ndef __NtFunc_h_incl__
// EOF