From 78c2f8ea85e0fcda674418edbf20e8f86972a86c Mon Sep 17 00:00:00 2001 From: Wojciech <69240079+cyber-wojtek@users.noreply.github.com> Date: Sat, 10 Feb 2024 11:48:10 +0100 Subject: [PATCH 01/19] Update ntcreatefile.md --- descriptions/ntcreatefile.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/descriptions/ntcreatefile.md b/descriptions/ntcreatefile.md index 3cc49a94e61..64a669020a1 100644 --- a/descriptions/ntcreatefile.md +++ b/descriptions/ntcreatefile.md @@ -75,6 +75,10 @@ Buffer for Extended Attributes contains one or more of `FILE_FULL_EA_INFORMATION Length of `EaBuffer`. +# Related Win32 API + - [`CreateFileA`](https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-createfilea) + - [`CreateFileW`](https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-createfilew) + # Documented by * Tomasz Nowak From b4501b6cbdca849c66d28c5e1f266594b60f5f75 Mon Sep 17 00:00:00 2001 From: Wojciech <69240079+cyber-wojtek@users.noreply.github.com> Date: Sat, 10 Feb 2024 11:49:41 +0100 Subject: [PATCH 02/19] Update ntcreatefile.md --- descriptions/ntcreatefile.md | 1 + 1 file changed, 1 insertion(+) diff --git a/descriptions/ntcreatefile.md b/descriptions/ntcreatefile.md index 64a669020a1..6b0dba6bb9c 100644 --- a/descriptions/ntcreatefile.md +++ b/descriptions/ntcreatefile.md @@ -82,6 +82,7 @@ Length of `EaBuffer`. # Documented by * Tomasz Nowak +* Wojciech Dudek # See also From 76880b0633b89fef7ee783cd601d294a5f816258 Mon Sep 17 00:00:00 2001 From: Wojciech <69240079+cyber-wojtek@users.noreply.github.com> Date: Sat, 10 Feb 2024 11:50:48 +0100 Subject: [PATCH 03/19] Update ntopenfile.md --- descriptions/ntopenfile.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/descriptions/ntopenfile.md b/descriptions/ntopenfile.md index 2b49db38977..8adf050b45b 100644 --- a/descriptions/ntopenfile.md +++ b/descriptions/ntopenfile.md @@ -28,9 +28,14 @@ Sharing option defined as `FILE_SHARE_*`. Open options. +# Related Win32 API + - [`OpenFile`](https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-openfile) + + # Documented by * Tomasz Nowak +* Wojciech Dudek # See also From f9549df6e7a63bac34491935b8ad810843d79476 Mon Sep 17 00:00:00 2001 From: Wojciech <69240079+cyber-wojtek@users.noreply.github.com> Date: Sat, 10 Feb 2024 11:54:21 +0100 Subject: [PATCH 04/19] Update ntopenfile.md --- descriptions/ntopenfile.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/descriptions/ntopenfile.md b/descriptions/ntopenfile.md index 8adf050b45b..bfb0ef00a37 100644 --- a/descriptions/ntopenfile.md +++ b/descriptions/ntopenfile.md @@ -30,6 +30,8 @@ Open options. # Related Win32 API - [`OpenFile`](https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-openfile) + - *[`CreateFileA`](https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-createfilea)* + - *[`CreateFileW`](https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-createfilew)* # Documented by From 5982b4659443d028f1970bf4cf3565e80c6d1932 Mon Sep 17 00:00:00 2001 From: Wojciech <69240079+cyber-wojtek@users.noreply.github.com> Date: Sat, 10 Feb 2024 21:42:09 +0100 Subject: [PATCH 05/19] Update ntopenfile.md --- descriptions/ntopenfile.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/descriptions/ntopenfile.md b/descriptions/ntopenfile.md index bfb0ef00a37..b4b7b6a1b7b 100644 --- a/descriptions/ntopenfile.md +++ b/descriptions/ntopenfile.md @@ -28,10 +28,6 @@ Sharing option defined as `FILE_SHARE_*`. Open options. -# Related Win32 API - - [`OpenFile`](https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-openfile) - - *[`CreateFileA`](https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-createfilea)* - - *[`CreateFileW`](https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-createfilew)* # Documented by From fcf5de32bb73a3c959bd6eaceb09429acc13fdaa Mon Sep 17 00:00:00 2001 From: Wojciech <69240079+cyber-wojtek@users.noreply.github.com> Date: Sat, 10 Feb 2024 21:42:24 +0100 Subject: [PATCH 06/19] Update ntopenfile.md --- descriptions/ntopenfile.md | 1 - 1 file changed, 1 deletion(-) diff --git a/descriptions/ntopenfile.md b/descriptions/ntopenfile.md index b4b7b6a1b7b..f35db18be10 100644 --- a/descriptions/ntopenfile.md +++ b/descriptions/ntopenfile.md @@ -33,7 +33,6 @@ Open options. # Documented by * Tomasz Nowak -* Wojciech Dudek # See also From 571c70935acd3eb45ccda916ab17b3e6198b3340 Mon Sep 17 00:00:00 2001 From: Wojciech <69240079+cyber-wojtek@users.noreply.github.com> Date: Sat, 10 Feb 2024 21:45:18 +0100 Subject: [PATCH 07/19] Update ntreadfile.md --- descriptions/ntreadfile.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/descriptions/ntreadfile.md b/descriptions/ntreadfile.md index efc05b68768..82ca357f735 100644 --- a/descriptions/ntreadfile.md +++ b/descriptions/ntreadfile.md @@ -40,6 +40,9 @@ Offset from beginning of file, in bytes. ??? (In my opinion: use this, if you previously lock file, and now you want read it, but without unlocking). +# Related Win32 API + - [`ReadFile`](https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-readfile) (though it does a lot more on itself than just calling this function) + # Documented by * Tomasz Nowak From 7a345ed57c012368e03aea8c2fc1fcd588e9bf07 Mon Sep 17 00:00:00 2001 From: Wojciech <69240079+cyber-wojtek@users.noreply.github.com> Date: Sat, 10 Feb 2024 21:51:21 +0100 Subject: [PATCH 08/19] Update ntreadfile.md --- descriptions/ntreadfile.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/descriptions/ntreadfile.md b/descriptions/ntreadfile.md index 82ca357f735..6baf9ba2140 100644 --- a/descriptions/ntreadfile.md +++ b/descriptions/ntreadfile.md @@ -41,7 +41,7 @@ Offset from beginning of file, in bytes. ??? (In my opinion: use this, if you previously lock file, and now you want read it, but without unlocking). # Related Win32 API - - [`ReadFile`](https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-readfile) (though it does a lot more on itself than just calling this function) + - [`ReadFile`](https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-readfile) (Although it does more than just forwarding the arguments and invoking this procedure.) # Documented by From f726f9ac3af02c112de443d3c28b4f86f435f4bf Mon Sep 17 00:00:00 2001 From: Wojciech <69240079+cyber-wojtek@users.noreply.github.com> Date: Sat, 10 Feb 2024 21:52:26 +0100 Subject: [PATCH 09/19] Update ntreadfile.md --- descriptions/ntreadfile.md | 1 + 1 file changed, 1 insertion(+) diff --git a/descriptions/ntreadfile.md b/descriptions/ntreadfile.md index 6baf9ba2140..0c3cbd9d928 100644 --- a/descriptions/ntreadfile.md +++ b/descriptions/ntreadfile.md @@ -46,6 +46,7 @@ Offset from beginning of file, in bytes. # Documented by * Tomasz Nowak +* Wojciech Dudek # See also From 387316a2099b159cfab4631c5b39f52abbe1af99 Mon Sep 17 00:00:00 2001 From: Wojciech <69240079+cyber-wojtek@users.noreply.github.com> Date: Sat, 10 Feb 2024 21:53:03 +0100 Subject: [PATCH 10/19] Update ntwritefile.md --- descriptions/ntwritefile.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/descriptions/ntwritefile.md b/descriptions/ntwritefile.md index 5cbc33e56c3..0479735f34b 100644 --- a/descriptions/ntwritefile.md +++ b/descriptions/ntwritefile.md @@ -40,9 +40,13 @@ Offset from beginning of file, where write starts. ??? (See `NtReadFile`). +# Related Win32 API + - [`WriteFile`](https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-writefile) (Although it does more than just forwarding the arguments and invoking this procedure.) + # Documented by * Tomasz Nowak +* Wojciech Dudek # See also From 9e55e0789eafb285056c5a16498be49a9ce37bb5 Mon Sep 17 00:00:00 2001 From: Wojciech <69240079+cyber-wojtek@users.noreply.github.com> Date: Sat, 10 Feb 2024 21:55:47 +0100 Subject: [PATCH 11/19] Update ntdeletefile.md --- descriptions/ntdeletefile.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/descriptions/ntdeletefile.md b/descriptions/ntdeletefile.md index 635d88c19c2..4b090f6c38b 100644 --- a/descriptions/ntdeletefile.md +++ b/descriptions/ntdeletefile.md @@ -11,9 +11,13 @@ Example: \ If you have only file name as Unicode string, use it as **ObjectName**. \ If you have only a `HANDLE` to file, set it as **RootDirectory**. Set **ObjectName** as empty string. +# Related Win32 API + - [`DeleteFile`](https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-deletefile) (Although it does more than just forwarding the arguments and invoking this procedure.) + # Documented by * Tomasz Nowak +* Wojciech Dudek # See also From a657cb1f47736b0c7027ec1a72aa26c71de50afe Mon Sep 17 00:00:00 2001 From: Wojciech <69240079+cyber-wojtek@users.noreply.github.com> Date: Sat, 10 Feb 2024 22:00:01 +0100 Subject: [PATCH 12/19] Update ntdelayexecution.md --- descriptions/ntdelayexecution.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/descriptions/ntdelayexecution.md b/descriptions/ntdelayexecution.md index 3d1eb411ea8..1de0cf8e7e3 100644 --- a/descriptions/ntdelayexecution.md +++ b/descriptions/ntdelayexecution.md @@ -15,6 +15,10 @@ Despite the name, `NtAlertThreadByThreadId` is unrelated to alertable sleeps and # Related Win32 API - [`SleepEx`](https://learn.microsoft.com/en-us/windows/win32/api/synchapi/nf-synchapi-sleepex) + - [`Sleep`](https://learn.microsoft.com/en-us/windows/win32/api/synchapi/nf-synchapi-sleep) + +# Documented by +* Wojciech Dudek # See also - `NtWaitForSingleObject` From 891aa24db13ef566405f875311f608ba3c3e5c7a Mon Sep 17 00:00:00 2001 From: Wojciech <69240079+cyber-wojtek@users.noreply.github.com> Date: Sat, 10 Feb 2024 22:01:04 +0100 Subject: [PATCH 13/19] Update ntopenfile.md --- descriptions/ntopenfile.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/descriptions/ntopenfile.md b/descriptions/ntopenfile.md index f35db18be10..2b49db38977 100644 --- a/descriptions/ntopenfile.md +++ b/descriptions/ntopenfile.md @@ -28,8 +28,6 @@ Sharing option defined as `FILE_SHARE_*`. Open options. - - # Documented by * Tomasz Nowak From af766a1e070b5c4c1d8818bf2747df0c3db3ceed Mon Sep 17 00:00:00 2001 From: Wojciech <69240079+cyber-wojtek@users.noreply.github.com> Date: Sun, 11 Feb 2024 10:11:12 +0100 Subject: [PATCH 14/19] Update ntdelayexecution.md --- descriptions/ntdelayexecution.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/descriptions/ntdelayexecution.md b/descriptions/ntdelayexecution.md index 1de0cf8e7e3..edd55082060 100644 --- a/descriptions/ntdelayexecution.md +++ b/descriptions/ntdelayexecution.md @@ -17,9 +17,6 @@ Despite the name, `NtAlertThreadByThreadId` is unrelated to alertable sleeps and - [`SleepEx`](https://learn.microsoft.com/en-us/windows/win32/api/synchapi/nf-synchapi-sleepex) - [`Sleep`](https://learn.microsoft.com/en-us/windows/win32/api/synchapi/nf-synchapi-sleep) -# Documented by -* Wojciech Dudek - # See also - `NtWaitForSingleObject` - `NtWaitForMultipleObjects` From 5cb8b6c0a443cdfa18dd06e021b4db3ee8fe4735 Mon Sep 17 00:00:00 2001 From: Wojciech <69240079+cyber-wojtek@users.noreply.github.com> Date: Sun, 11 Feb 2024 10:11:34 +0100 Subject: [PATCH 15/19] Update ntcreatefile.md --- descriptions/ntcreatefile.md | 5 ----- 1 file changed, 5 deletions(-) diff --git a/descriptions/ntcreatefile.md b/descriptions/ntcreatefile.md index 6b0dba6bb9c..df9281564f9 100644 --- a/descriptions/ntcreatefile.md +++ b/descriptions/ntcreatefile.md @@ -79,11 +79,6 @@ Length of `EaBuffer`. - [`CreateFileA`](https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-createfilea) - [`CreateFileW`](https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-createfilew) -# Documented by - -* Tomasz Nowak -* Wojciech Dudek - # See also * `FILE_FULL_EA_INFORMATION` From 3d3303ce6b96fd0a996e7f40ced483c27736822f Mon Sep 17 00:00:00 2001 From: Wojciech <69240079+cyber-wojtek@users.noreply.github.com> Date: Sun, 11 Feb 2024 10:13:27 +0100 Subject: [PATCH 16/19] Update ntreadfile.md --- descriptions/ntreadfile.md | 5 ----- 1 file changed, 5 deletions(-) diff --git a/descriptions/ntreadfile.md b/descriptions/ntreadfile.md index 0c3cbd9d928..c899b5df639 100644 --- a/descriptions/ntreadfile.md +++ b/descriptions/ntreadfile.md @@ -43,11 +43,6 @@ Offset from beginning of file, in bytes. # Related Win32 API - [`ReadFile`](https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-readfile) (Although it does more than just forwarding the arguments and invoking this procedure.) -# Documented by - -* Tomasz Nowak -* Wojciech Dudek - # See also * `NtCreateFile` From ad950dfde3bdbfe457b69e15cfb60d54bb861ddf Mon Sep 17 00:00:00 2001 From: Wojciech <69240079+cyber-wojtek@users.noreply.github.com> Date: Sun, 11 Feb 2024 10:13:43 +0100 Subject: [PATCH 17/19] Update ntwritefile.md --- descriptions/ntwritefile.md | 5 ----- 1 file changed, 5 deletions(-) diff --git a/descriptions/ntwritefile.md b/descriptions/ntwritefile.md index 0479735f34b..0683d305fa1 100644 --- a/descriptions/ntwritefile.md +++ b/descriptions/ntwritefile.md @@ -43,11 +43,6 @@ Offset from beginning of file, where write starts. # Related Win32 API - [`WriteFile`](https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-writefile) (Although it does more than just forwarding the arguments and invoking this procedure.) -# Documented by - -* Tomasz Nowak -* Wojciech Dudek - # See also * `NtCreateFile` From 35525775182d3d66fe78bf84c132f07bc308f7cd Mon Sep 17 00:00:00 2001 From: Wojciech <69240079+cyber-wojtek@users.noreply.github.com> Date: Sun, 11 Feb 2024 10:15:14 +0100 Subject: [PATCH 18/19] Update ntopenfile.md --- descriptions/ntopenfile.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/descriptions/ntopenfile.md b/descriptions/ntopenfile.md index 2b49db38977..56a9b49dc2b 100644 --- a/descriptions/ntopenfile.md +++ b/descriptions/ntopenfile.md @@ -28,10 +28,6 @@ Sharing option defined as `FILE_SHARE_*`. Open options. -# Documented by - -* Tomasz Nowak - # See also * `NtCreateFile` From 346e64bda6b719a6c230468b807c8974cc866cdc Mon Sep 17 00:00:00 2001 From: Wojciech <69240079+cyber-wojtek@users.noreply.github.com> Date: Sun, 11 Feb 2024 10:15:36 +0100 Subject: [PATCH 19/19] Update ntqueryperformancecounter.md --- descriptions/ntqueryperformancecounter.md | 6 ------ 1 file changed, 6 deletions(-) diff --git a/descriptions/ntqueryperformancecounter.md b/descriptions/ntqueryperformancecounter.md index 289e29b794c..1d3bf84e17f 100644 --- a/descriptions/ntqueryperformancecounter.md +++ b/descriptions/ntqueryperformancecounter.md @@ -19,9 +19,3 @@ Another method of `uptime` calculation: # Related Win32 API - [`QueryPerformanceCounter`](https://learn.microsoft.com/en-us/windows/win32/api/profileapi/nf-profileapi-queryperformancecounter) - [`QueryPerformanceFrequency`](https://learn.microsoft.com/en-us/windows/win32/api/profileapi/nf-profileapi-queryperformancefrequency) - -# Documented by - -* Sven B. Schreiber -* Tomasz Nowak -* Wojciech Dudek