freepascal.compiler/packages/base/winunits/jwanative.pas

{******************************************************************************}
{                                                                              }
{ Interface unit for the Windows NT Native API                                 }
{ Copyright (C) 1999, 2000, 2005 Marcel van Brakel (brakelm)                   }
{ Copyright (C) 2000-2001, 2005 Oliver Schneider (assarbad)                    }
{                                                                              }
{ Obtained through: Joint Endeavour of Delphi Innovators (Project JEDI)        }
{                                                                              }
{ You may retrieve the latest version of this file at the Project JEDI         }
{ APILIB home page, located at http://jedi-apilib.sourceforge.net              }
{                                                                              }
{ The contents of this file are used with permission, subject to the Mozilla   }
{ Public License Version 1.1 (the "License"); you may not use this file except }
{ in compliance with the License. You may obtain a copy of the License at      }
{ http://www.mozilla.org/MPL/MPL-1.1.html                                      }
{                                                                              }
{ Software distributed under the License is distributed on an "AS IS" basis,   }
{ WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for }
{ the specific language governing rights and limitations under the License.    }
{                                                                              }
{ Alternatively, the contents of this file may be used under the terms of the  }
{ GNU Lesser General Public License (the  "LGPL License"), in which case the   }
{ provisions of the LGPL License are applicable instead of those above.        }
{ If you wish to allow use of your version of this file only under the terms   }
{ of the LGPL License and not to allow others to use your version of this file }
{ under the MPL, indicate your decision by deleting  the provisions above and  }
{ replace  them with the notice and other provisions required by the LGPL      }
{ License.  If you do not delete the provisions above, a recipient may use     }
{ your version of this file under either the MPL or the LGPL License.          }
{                                                                              }
{ For more information about the LGPL: http://www.gnu.org/copyleft/lesser.html }
{                                                                              }
{******************************************************************************}

// $Id: JwaNative.pas,v 1.21 2005/09/03 14:27:48 marquardt Exp $

{******************************************************************************}
{** WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING  **}
{******************************************************************************}
{**                                                                          **}
{** The prototypes, declarations and information in this file has been       **}
{** compiled from various sources as well as through reverse engineering     **}
{** techniques. We make no guarantee as to the correctness of the contents.  **}
{** Caution is recommended, USE AT YOUR OWN RISK.                            **}
{**                                                                          **}
{******************************************************************************}
{** About the Native API						     **                                          }
{******************************************************************************}
{**                                                                          **}
{** The functions herein are usually referred to as the NT Native API.       **}
{** The Native API is subdivided into several functional categories, which   **}
{** you can distinguish by the function name prefix:                         **}
{**                                                                          **}
{**   Cc   = Cache Controller                                                **}
{**   Cm   = Configuration Manager                                           **}
{**   Csr  = Client Server support functions (LPC; related: CSRSS.EXE)       **}
{**   Dbg  = Debugger support functions                                      **}
{**   Etw  = Event Tracing for Windows                                       **}
{**   Ex   = Executive                                                       **}
{**   Fs   = File system support functions                                   **}
{**   Hal  = Hardware abstraction layer functions                            **}
{**   Inbv = Something like: _In_itial _B_oot _V_ideo functions              **}
{**   Io   = I/O manager support functions                                   **}
{**   Kd   = Kernel debugger support functions                               **}
{**   Ke   = General Kernel                                                  **}
{**   Ki   = Kernel internal support functions (???)                         **}
{**   Ldr  = PE image loader support functions                               **}
{**   Lpc  = LPC support functions                                           **}
{**   Lsa  = Local security authority support functions                      **}
{**   Mm   = Memory manager support functions                                **}
{**   Nls  = National Language Support                                       **}
{**   Nt   = Generic Native APIs                                             **}
{**   Ob   = Object manager functions                                        **}
{**   Pfx  = Name prefix support functions (???)                             **}
{**   Po   = Power management support functions                              **}
{**   Ps   = Process management support functions                            **}
{**   Rtl  = Runtime library functions                                       **}
{**   Rtlp = Private runtime library functions 1)                            **}
{**   Se   = Security support functions                                      **}
{**   Wmi  = Windows management instrumentation support functions            **}
{**   Vf   = Driver Verifier                                                 **}
{**   Zw   = Nt* counterparts. Zw == "Zero Warranty"???                      **}
{**          1) "p" after the prefix means "private"                         **}
{**                                                                          **}
{** The Native API is split into a user mode component (mainly NTDLL.DLL)    **}
{** and a kernel mode component (mainly NTOSKRNL.EXE). While a large part of **}
{** the Native API is available both from usermode and kernelmode, some      **}
{** functions are exclusive to either mode. This unit only deals with 	     **}
{** functions that are available to usermode code.                           **}
{**                                                                          **}
{** Note that the functions prefixed with "Nt" and "Zw" usually appear in    **}
{** pairs, though not always! For details see http://native.assarbad.net     **}
{**                                                                          **}
{** Most of the Native API is undocumented. However, Microsoft recently      **}
{** started to document a subset of the API in "winternl.h" in the Platform  **}
{** SDK. A small part of the Native API functions, specifically those useful **}
{** for kernel mode development (device drivers) are documented in the DDK.  **}
{**                                                                          **}
{******************************************************************************}
{** Special notes                                                            **}
{******************************************************************************}
{**                                                                          **}
{** Some functions herein have been implemented instead of being imported.   **}
{** That's due to the fact, that the FASTCALL calling convention is not      **}
{** available in Delphi. These functions include:                            **}
{** - RtlUshortByteSwap()                                                    **}
{** - RtlUlongByteSwap()                                                     **}
{** - RtlUlonglongByteSwap()                                                 **}
{**                                                                          **}
{** Other functions are implemented and also imported, but have been made    **}
{** available for OS versions not actually supporting them. These are:       **}
{** - RtlGetLastWin32Error()                                                 **}
{** - RtlSetLastWin32Error()                                                 **}
{**                                                                          **}
{** Starting with Windows XP, the Kernel32!GetLastError() and counterpart    **}
{** Kernel32!SetLastError() have been moved into NTDLL and are only function **}
{** forwarders to the NTDLL functions with the names above.                  **}
{** By importing them directly from Kernel32.dll via their old names we      **}
{** enable you to use these functions transparently without regard to the OS **}
{** version.                                                                 **}
{**                                                                          **}
{** RtlCopyMemory() had to be implemented via Delphi means because it's only **}
{** a macro (pointing to memcpy) in the C-world.                             **}
{**                                                                          **}
{** Last but not least we've implemented our own versions of some of the     **}
{** functions available through NTDLL [declared private Ntp*, Rtlp*]:        **}
{** - NtpGetProcessHeap()                                                    **}
{** - NtpCurrentTeb()                                                        **}
{** - RtlpGetCurrentPeb()                                                    **}
{**                                                                          **}
{** Plus a function that is available starting from Windows XP, but could be **}
{** useful on earlier versions as well [declared private Rtlp*]:             **}
{** - RtlpValidateUnicodeString()                                            **}
{**                                                                          **}
{** And our own flavor of it, omitting the first (currently unused)          **}
{** parameter:                                                               **}
{** - RtlpValidateUnicodeString2()                                           **}
{**                                                                          **}
{******************************************************************************}
{** References, Tools, Docs                                                  **}
{******************************************************************************}
{**                                                                          **}
{** - Windows NT/2000 Native API References (Gary Nebbett)                   **}
{**   ISBN 1-57870-199-6                                                     **}
{** - Undocumented Windows 2000 Secrets (Sven B. Schreiber)                  **}
{**   ISBN 0-201-72187-2                                                     **}
{** - Undocumented Windows NT (Prasad Dabak, Sandeep Phadke, Milind Borate)  **}
{**   ISBN 0-7645-4569-8                                                     **}
{** - Platform SDK for Windows 2003 Server (or later version)                **}
{**   http://www.microsoft.com/msdownload/platformsdk/sdkupdate/             **}
{** - Windows 2003 DDK (or similar DDK version                               **}
{**   http://www.microsoft.com/whdc/ddk/                                     **}
{** - WinDbg - a debugger that is usually badly underestimated!              **}
{**   http://www.microsoft.com/whdc/devtools/debugging                       **}
{** - IDA Pro Standard 4.7 (or later) - world's best disassembler            **}
{**   http://www.datarescue.com/idabase/                                     **}
{** - NTDEV, NTFSD, WINDBG mailing lists and more ...                        **}
{**   http://www.osronline.com/                                              **}
{** - Sysinternals tools and documentation of some "Windows secrets"         **}
{**   http://www.sysinternals.com/                                           **}
{** - A nicely done online compilation of NT Native APIs                     **}
{**   http://undocumented.ntinternals.net/                                   **}
{** - ReactOS (to cross-check own assumptions with those of other smart guys)**}
{**   http://www.reactos.com/                                                **}
{**                                                                          **}
{******************************************************************************}

unit JwaNative;

interface
{$INCLUDE jediapilib.inc}
uses
  JwaWinType, JwaWinBase, JwaNTStatus, JwaWinNT;

{$WEAKPACKAGEUNIT}

// For native APIs we consider RTDL the better method of importing
{$DEFINE RTDL}
{$IFDEF RTDL}{$DEFINE DYNAMIC_LINK}{$ENDIF}
const
  ntdll = 'ntdll.dll';

//------------------------------------------------------------------------------

type
  _CLIENT_ID = record
    UniqueProcess: HANDLE;
    UniqueThread: HANDLE;
  end;
  CLIENT_ID = _CLIENT_ID;
  PCLIENT_ID = ^CLIENT_ID;
  TClientID = CLIENT_ID;
  PClientID = ^TClientID;

  KPRIORITY = LONG;

  _KWAIT_REASON = (
    Executive,
    FreePage,
    PageIn,
    PoolAllocation,
    DelayExecution,
    Suspended,
    UserRequest,
    WrExecutive,
    WrFreePage,
    WrPageIn,
    WrPoolAllocation,
    WrDelayExecution,
    WrSuspended,
    WrUserRequest,
    WrEventPair,
    WrQueue,
    WrLpcReceive,
    WrLpcReply,
    WrVirtualMemory,
    WrPageOut,
    WrRendezvous,
    Spare2,
    Spare3,
    Spare4,
    Spare5,
    Spare6,
    WrKernel,
    MaximumWaitReason);
  KWAIT_REASON = _KWAIT_REASON;
  TKWaitReason = KWAIT_REASON;

  _VM_COUNTERS = record
    PeakVirtualSize: SIZE_T;
    VirtualSize: SIZE_T;
    PageFaultCount: ULONG;
    PeakWorkingSetSize: SIZE_T;
    WorkingSetSize: SIZE_T;
    QuotaPeakPagedPoolUsage: SIZE_T;
    QuotaPagedPoolUsage: SIZE_T;
    QuotaPeakNonPagedPoolUsage: SIZE_T;
    QuotaNonPagedPoolUsage: SIZE_T;
    PagefileUsage: SIZE_T;
    PeakPagefileUsage: SIZE_T;
  end;
  VM_COUNTERS = _VM_COUNTERS;
  PVM_COUNTERS = ^VM_COUNTERS;
  TVmCounters = VM_COUNTERS;
  PVmCounters = ^TVmCounters;

const
  NonPagedPool = 0;
  PagedPool = 1;
  NonPagedPoolMustSucceed = 2;
  DontUseThisType = 3;
  NonPagedPoolCacheAligned = 4;
  PagedPoolCacheAligned = 5;
  NonPagedPoolCacheAlignedMustS = 6;
  MaxPoolType = 7;
  NonPagedPoolSession = 32;
  PagedPoolSession = NonPagedPoolSession + 1;
  NonPagedPoolMustSucceedSession = PagedPoolSession + 1;
  DontUseThisTypeSession = NonPagedPoolMustSucceedSession + 1;
  NonPagedPoolCacheAlignedSession = DontUseThisTypeSession + 1;
  PagedPoolCacheAlignedSession = NonPagedPoolCacheAlignedSession + 1;
  NonPagedPoolCacheAlignedMustSSession = PagedPoolCacheAlignedSession + 1;

type
  POOL_TYPE = NonPagedPool..NonPagedPoolCacheAlignedMustSSession;

  _IO_STATUS_BLOCK = record
    //union {
    Status: NTSTATUS;
    //    PVOID Pointer;
    //}
    Information: ULONG_PTR;
  end;
  IO_STATUS_BLOCK = _IO_STATUS_BLOCK;
  PIO_STATUS_BLOCK = ^IO_STATUS_BLOCK;
  TIoStatusBlock = IO_STATUS_BLOCK;
  PIoStatusBlock = ^TIoStatusBlock;

const
  ViewShare = 1;
  ViewUnmap = 2;

type
  SECTION_INHERIT = ViewShare..ViewUnmap;

  _THREADINFOCLASS = (
    ThreadBasicInformation,
    ThreadTimes,
    ThreadPriority,
    ThreadBasePriority,
    ThreadAffinityMask,
    ThreadImpersonationToken,
    ThreadDescriptorTableEntry,
    ThreadEnableAlignmentFaultFixup,
    ThreadEventPair_Reusable,
    ThreadQuerySetWin32StartAddress,
    ThreadZeroTlsCell,
    ThreadPerformanceCount,
    ThreadAmILastThread,
    ThreadIdealProcessor,
    ThreadPriorityBoost,
    ThreadSetTlsArrayAddress,
    ThreadIsIoPending,
    ThreadHideFromDebugger,
    ThreadBreakOnTermination, // was added in XP - used by RtlSetThreadIsCritical()
    MaxThreadInfoClass);
  THREADINFOCLASS = _THREADINFOCLASS;
  THREAD_INFORMATION_CLASS = THREADINFOCLASS;
  TThreadInfoClass = THREADINFOCLASS;

  KAFFINITY = ULONG;
  PKAFFINITY = ^KAFFINITY;

  PKNORMAL_ROUTINE = procedure(NormalContext, SystemArgument1, SystemArgument2: PVOID); stdcall;

  _PROCESSINFOCLASS = (
    ProcessBasicInformation,
    ProcessQuotaLimits,
    ProcessIoCounters,
    ProcessVmCounters,
    ProcessTimes,
    ProcessBasePriority,
    ProcessRaisePriority,
    ProcessDebugPort,
    ProcessExceptionPort,
    ProcessAccessToken,
    ProcessLdtInformation,
    ProcessLdtSize,
    ProcessDefaultHardErrorMode,
    ProcessIoPortHandlers, // Note: this is kernel mode only
    ProcessPooledUsageAndLimits,
    ProcessWorkingSetWatch,
    ProcessUserModeIOPL,
    ProcessEnableAlignmentFaultFixup,
    ProcessPriorityClass,
    ProcessWx86Information,
    ProcessHandleCount,
    ProcessAffinityMask,
    ProcessPriorityBoost,
    ProcessDeviceMap,
    ProcessSessionInformation,
    ProcessForegroundInformation,
    ProcessWow64Information, // = 26
    ProcessImageFileName, // added after W2K
    ProcessLUIDDeviceMapsEnabled,
    ProcessBreakOnTermination, // used by RtlSetProcessIsCritical()
    ProcessDebugObjectHandle,
    ProcessDebugFlags,
    ProcessHandleTracing,
    MaxProcessInfoClass);
  PROCESSINFOCLASS = _PROCESSINFOCLASS;
  PROCESS_INFORMATION_CLASS = PROCESSINFOCLASS;
  TProcessInfoClass = PROCESSINFOCLASS;

  _KPROFILE_SOURCE = (
    ProfileTime,
    ProfileAlignmentFixup,
    ProfileTotalIssues,
    ProfilePipelineDry,
    ProfileLoadInstructions,
    ProfilePipelineFrozen,
    ProfileBranchInstructions,
    ProfileTotalNonissues,
    ProfileDcacheMisses,
    ProfileIcacheMisses,
    ProfileCacheMisses,
    ProfileBranchMispredictions,
    ProfileStoreInstructions,
    ProfileFpInstructions,
    ProfileIntegerInstructions,
    Profile2Issue,
    Profile3Issue,
    Profile4Issue,
    ProfileSpecialInstructions,
    ProfileTotalCycles,
    ProfileIcacheIssues,
    ProfileDcacheAccesses,
    ProfileMemoryBarrierCycles,
    ProfileLoadLinkedIssues,
    ProfileMaximum);
  KPROFILE_SOURCE = _KPROFILE_SOURCE;
  TKProfileSource = KPROFILE_SOURCE;

  PIO_APC_ROUTINE = procedure(ApcContext: PVOID; IoStatusBlock: PIO_STATUS_BLOCK; Reserved: ULONG); stdcall;

  _FILE_FULL_EA_INFORMATION = record
    NextEntryOffset: ULONG;
    Flags: UCHAR;
    EaNameLength: UCHAR;
    EaValueLength: USHORT;
    EaName: array[0..0] of CHAR;
  end;
  FILE_FULL_EA_INFORMATION = _FILE_FULL_EA_INFORMATION;
  PFILE_FULL_EA_INFORMATION = ^FILE_FULL_EA_INFORMATION;
  TFileFullEaInformation = FILE_FULL_EA_INFORMATION;
  PFileFullEaInformation = ^TFileFullEaInformation;

  _FSINFOCLASS = (
    FileFsFiller0,
    FileFsVolumeInformation, // 1
    FileFsLabelInformation, // 2
    FileFsSizeInformation, // 3
    FileFsDeviceInformation, // 4
    FileFsAttributeInformation, // 5
    FileFsControlInformation, // 6
    FileFsFullSizeInformation, // 7
    FileFsObjectIdInformation, // 8
    FileFsMaximumInformation);
  FS_INFORMATION_CLASS = _FSINFOCLASS;
  PFS_INFORMATION_CLASS = ^FS_INFORMATION_CLASS;
  TFsInformationClass = FS_INFORMATION_CLASS;
  PFsInformationClass = ^TFsInformationClass;

  UUID = GUID;

  _FILE_BASIC_INFORMATION = record
    CreationTime: LARGE_INTEGER;
    LastAccessTime: LARGE_INTEGER;
    LastWriteTime: LARGE_INTEGER;
    ChangeTime: LARGE_INTEGER;
    FileAttributes: ULONG;
  end;
  FILE_BASIC_INFORMATION = _FILE_BASIC_INFORMATION;
  PFILE_BASIC_INFORMATION = ^FILE_BASIC_INFORMATION;
  TFileBasicInformation = FILE_BASIC_INFORMATION;
  PFileBasicInformation = ^TFileBasicInformation;

  _FILE_NETWORK_OPEN_INFORMATION = record
    CreationTime: LARGE_INTEGER;
    LastAccessTime: LARGE_INTEGER;
    LastWriteTime: LARGE_INTEGER;
    ChangeTime: LARGE_INTEGER;
    AllocationSize: LARGE_INTEGER;
    EndOfFile: LARGE_INTEGER;
    FileAttributes: ULONG;
  end;
  FILE_NETWORK_OPEN_INFORMATION = _FILE_NETWORK_OPEN_INFORMATION;
  PFILE_NETWORK_OPEN_INFORMATION = ^FILE_NETWORK_OPEN_INFORMATION;
  TFileNetworkOpenInformation = FILE_NETWORK_OPEN_INFORMATION;
  PFileNetworkOpenInformation = ^TFileNetworkOpenInformation;

  _FILE_INFORMATION_CLASS = (
    FileFiller0,
    FileDirectoryInformation, // 1
    FileFullDirectoryInformation, // 2
    FileBothDirectoryInformation, // 3
    FileBasicInformation, // 4  wdm
    FileStandardInformation, // 5  wdm
    FileInternalInformation, // 6
    FileEaInformation, // 7
    FileAccessInformation, // 8
    FileNameInformation, // 9
    FileRenameInformation, // 10
    FileLinkInformation, // 11
    FileNamesInformation, // 12
    FileDispositionInformation, // 13
    FilePositionInformation, // 14 wdm
    FileFullEaInformation, // 15
    FileModeInformation, // 16
    FileAlignmentInformation, // 17
    FileAllInformation, // 18
    FileAllocationInformation, // 19
    FileEndOfFileInformation, // 20 wdm
    FileAlternateNameInformation, // 21
    FileStreamInformation, // 22
    FilePipeInformation, // 23
    FilePipeLocalInformation, // 24
    FilePipeRemoteInformation, // 25
    FileMailslotQueryInformation, // 26
    FileMailslotSetInformation, // 27
    FileCompressionInformation, // 28
    FileObjectIdInformation, // 29
    FileCompletionInformation, // 30
    FileMoveClusterInformation, // 31
    FileQuotaInformation, // 32
    FileReparsePointInformation, // 33
    FileNetworkOpenInformation, // 34
    FileAttributeTagInformation, // 35
    FileTrackingInformation, // 36
    FileMaximumInformation);
  FILE_INFORMATION_CLASS = _FILE_INFORMATION_CLASS;
  PFILE_INFORMATION_CLASS = ^FILE_INFORMATION_CLASS;
  TFileInformationClass = FILE_INFORMATION_CLASS;
  PFileInformationClass = ^TFileInformationClass;

  _FILE_STANDARD_INFORMATION = record
    AllocationSize: LARGE_INTEGER;
    EndOfFile: LARGE_INTEGER;
    NumberOfLinks: ULONG;
    DeletePending: ByteBool;
    Directory: ByteBool;
  end;
  FILE_STANDARD_INFORMATION = _FILE_STANDARD_INFORMATION;
  PFILE_STANDARD_INFORMATION = ^FILE_STANDARD_INFORMATION;
  TFileStandardInformation = FILE_STANDARD_INFORMATION;
  PFileStandardInformation = ^TFileStandardInformation;

  _FILE_POSITION_INFORMATION = record
    CurrentByteOffset: LARGE_INTEGER;
  end;
  FILE_POSITION_INFORMATION = _FILE_POSITION_INFORMATION;
  PFILE_POSITION_INFORMATION = ^FILE_POSITION_INFORMATION;
  TFilePositionInformation = FILE_POSITION_INFORMATION;
  PFilePositionInformation = ^TFilePositionInformation;

  _FILE_ALIGNMENT_INFORMATION = record
    AlignmentRequirement: ULONG;
  end;
  FILE_ALIGNMENT_INFORMATION = _FILE_ALIGNMENT_INFORMATION;
  PFILE_ALIGNMENT_INFORMATION = ^FILE_ALIGNMENT_INFORMATION;
  TFileAlignmentInformation = FILE_ALIGNMENT_INFORMATION;
  PFileAlignmentInformation = ^TFileAlignmentInformation;

  _KEY_SET_INFORMATION_CLASS = (KeyWriteTimeInformation);
  KEY_SET_INFORMATION_CLASS = _KEY_SET_INFORMATION_CLASS;

  _KEY_INFORMATION_CLASS = (
    KeyBasicInformation,
    KeyNodeInformation,
    KeyFullInformation,
    KeyNameInformation);
  KEY_INFORMATION_CLASS = _KEY_INFORMATION_CLASS;
  TKeyInformationClass = KEY_INFORMATION_CLASS;

  _KEY_VALUE_INFORMATION_CLASS = (
    KeyValueBasicInformation,
    KeyValueFullInformation,
    KeyValuePartialInformation,
    KeyValueFullInformationAlign64,
    KeyValuePartialInformationAlign64);
  KEY_VALUE_INFORMATION_CLASS = _KEY_VALUE_INFORMATION_CLASS;
  TKeyValueInformationClass = KEY_VALUE_INFORMATION_CLASS;

  _KEY_VALUE_ENTRY = record
    ValueName: PUNICODE_STRING;
    DataLength: ULONG;
    DataOffset: ULONG;
    Type_: ULONG;
  end;
  KEY_VALUE_ENTRY = _KEY_VALUE_ENTRY;
  PKEY_VALUE_ENTRY = ^KEY_VALUE_ENTRY;
  TKeyValueEntry = KEY_VALUE_ENTRY;
  PKeyValueEntry = ^TKeyValueEntry;

  _DEVICE_POWER_STATE = (
    PowerDeviceUnspecified,
    PowerDeviceD0,
    PowerDeviceD1,
    PowerDeviceD2,
    PowerDeviceD3,
    PowerDeviceMaximum);
  DEVICE_POWER_STATE = _DEVICE_POWER_STATE;
  PDEVICE_POWER_STATE = ^DEVICE_POWER_STATE;
  TDevicePowerState = DEVICE_POWER_STATE;

  POWER_ACTION = (
    PowerActionNone,
    PowerActionReserved,
    PowerActionSleep,
    PowerActionHibernate,
    PowerActionShutdown,
    PowerActionShutdownReset,
    PowerActionShutdownOff,
    PowerActionWarmEject);
  PPOWER_ACTION = ^POWER_ACTION;
  TPowerAction = POWER_ACTION;

  _SYSTEM_POWER_STATE = (
    PowerSystemUnspecified,
    PowerSystemWorking,
    PowerSystemSleeping1,
    PowerSystemSleeping2,
    PowerSystemSleeping3,
    PowerSystemHibernate,
    PowerSystemShutdown,
    PowerSystemMaximum);
  SYSTEM_POWER_STATE = _SYSTEM_POWER_STATE;
  PSYSTEM_POWER_STATE = ^SYSTEM_POWER_STATE;
  TSystemPowerState = SYSTEM_POWER_STATE;

  POWER_INFORMATION_LEVEL = (
    SystemPowerPolicyAc,
    SystemPowerPolicyDc,
    VerifySystemPolicyAc,
    VerifySystemPolicyDc,
    SystemPowerCapabilities,
    SystemBatteryState,
    SystemPowerStateHandler,
    ProcessorStateHandler,
    SystemPowerPolicyCurrent,
    AdministratorPowerPolicy,
    SystemReserveHiberFile,
    ProcessorInformation,
    SystemPowerInformation);
  TPowerInformationLevel = POWER_INFORMATION_LEVEL;

  _RTL_RANGE = record
    // The start of the range
    Start: ULONGLONG; // Read only
    // The end of the range
    End_: ULONGLONG; // Read only
    // Data the user passed in when they created the range
    UserData: PVOID; // Read/Write
    // The owner of the range
    Owner: PVOID; // Read/Write
    // User defined flags the user specified when they created the range
    Attributes: UCHAR; // Read/Write
    // Flags (RTL_RANGE_*)
    Flags: UCHAR; // Read only
  end;
  RTL_RANGE = _RTL_RANGE;
  PRTL_RANGE = ^RTL_RANGE;
  TRtlRange = RTL_RANGE;
  PRtlRange = ^TRtlRange;

const
  RTL_RANGE_SHARED = $01;
  RTL_RANGE_CONFLICT = $02;

type
  _RTL_RANGE_LIST = record
    // The list of ranges
    ListHead: LIST_ENTRY;
    // These always come in useful
    Flags: ULONG; // use RANGE_LIST_FLAG_*
    // The number of entries in the list
    Count: ULONG;
    // Every time an add/delete operation is performed on the list this is
    // incremented.  It is checked during iteration to ensure that the list
    // hasn't changed between GetFirst/GetNext or GetNext/GetNext calls
    Stamp: ULONG;
  end;
  RTL_RANGE_LIST = _RTL_RANGE_LIST;
  PRTL_RANGE_LIST = ^RTL_RANGE_LIST;
  TRtlRangeList = RTL_RANGE_LIST;
  PRtlRangeList = ^TRtlRangeList;

  _RANGE_LIST_ITERATOR = record
    RangeListHead: PLIST_ENTRY;
    MergedHead: PLIST_ENTRY;
    Current: PVOID;
    Stamp: ULONG;
  end;
  RTL_RANGE_LIST_ITERATOR = _RANGE_LIST_ITERATOR;
  PRTL_RANGE_LIST_ITERATOR = ^RTL_RANGE_LIST_ITERATOR;
  TRtlRangeListIterator = RTL_RANGE_LIST_ITERATOR;
  PRtlRangeListIterator = ^TRtlRangeListIterator;

// End of NTDDK.H

//==============================================================================
// NT System Services
//==============================================================================

type
  _SYSTEM_INFORMATION_CLASS = (
    SystemBasicInformation,
    SystemProcessorInformation,
    SystemPerformanceInformation,
    SystemTimeOfDayInformation,
    SystemNotImplemented1,
    SystemProcessesAndThreadsInformation,
    SystemCallCounts,
    SystemConfigurationInformation,
    SystemProcessorTimes,
    SystemGlobalFlag,
    SystemNotImplemented2,
    SystemModuleInformation,
    SystemLockInformation,
    SystemNotImplemented3,
    SystemNotImplemented4,
    SystemNotImplemented5,
    SystemHandleInformation,
    SystemObjectInformation,
    SystemPagefileInformation,
    SystemInstructionEmulationCounts,
    SystemInvalidInfoClass1,
    SystemCacheInformation,
    SystemPoolTagInformation,
    SystemProcessorStatistics,
    SystemDpcInformation,
    SystemNotImplemented6,
    SystemLoadImage,
    SystemUnloadImage,
    SystemTimeAdjustment,
    SystemNotImplemented7,
    SystemNotImplemented8,
    SystemNotImplemented9,
    SystemCrashDumpInformation,
    SystemExceptionInformation,
    SystemCrashDumpStateInformation,
    SystemKernelDebuggerInformation,
    SystemContextSwitchInformation,
    SystemRegistryQuotaInformation,
    SystemLoadAndCallImage,
    SystemPrioritySeparation,
    SystemNotImplemented10,
    SystemNotImplemented11,
    SystemInvalidInfoClass2,
    SystemInvalidInfoClass3,
    SystemTimeZoneInformation,
    SystemLookasideInformation,
    SystemSetTimeSlipEvent,
    SystemCreateSession,
    SystemDeleteSession,
    SystemInvalidInfoClass4,
    SystemRangeStartInformation,
    SystemVerifierInformation,
    SystemAddVerifier,
    SystemSessionProcessesInformation);
  SYSTEM_INFORMATION_CLASS = _SYSTEM_INFORMATION_CLASS;
  TSystemInformationClass = SYSTEM_INFORMATION_CLASS;

type
  _SYSTEM_BASIC_INFORMATION = record // Information Class 0
    Unknown: ULONG;
    MaximumIncrement: ULONG;
    PhysicalPageSize: ULONG;
    NumberOfPhysicalPages: ULONG;
    LowestPhysicalPage: ULONG;
    HighestPhysicalPage: ULONG;
    AllocationGranularity: ULONG;
    LowestUserAddress: ULONG;
    HighestUserAddress: ULONG;
    ActiveProcessors: ULONG;
    NumberProcessors: UCHAR;
  end;
  SYSTEM_BASIC_INFORMATION = _SYSTEM_BASIC_INFORMATION;
  PSYSTEM_BASIC_INFORMATION = ^SYSTEM_BASIC_INFORMATION;
  TSystemBasicInformation = SYSTEM_BASIC_INFORMATION;
  PSystemBasicInformation = ^TSystemBasicInformation;

  _SYSTEM_PROCESSOR_INFORMATION = record // Information Class 1
    ProcessorArchitecture: USHORT;
    ProcessorLevel: USHORT;
    ProcessorRevision: USHORT;
    Unknown: USHORT;
    FeatureBits: ULONG;
  end;
  SYSTEM_PROCESSOR_INFORMATION = _SYSTEM_PROCESSOR_INFORMATION;
  PSYSTEM_PROCESSOR_INFORMATION = ^SYSTEM_PROCESSOR_INFORMATION;
  TSystemProcessorInformation = SYSTEM_PROCESSOR_INFORMATION;
  PSystemProcessorInformation = ^TSystemProcessorInformation;

  _SYSTEM_PERFORMANCE_INFORMATION = record // Information Class 2
    IdleTime: LARGE_INTEGER;
    ReadTransferCount: LARGE_INTEGER;
    WriteTransferCount: LARGE_INTEGER;
    OtherTransferCount: LARGE_INTEGER;
    ReadOperationCount: ULONG;
    WriteOperationCount: ULONG;
    OtherOperationCount: ULONG;
    AvailablePages: ULONG;
    TotalCommittedPages: ULONG;
    TotalCommitLimit: ULONG;
    PeakCommitment: ULONG;
    PageFaults: ULONG;
    WriteCopyFaults: ULONG;
    TransistionFaults: ULONG;
    Reserved1: ULONG;
    DemandZeroFaults: ULONG;
    PagesRead: ULONG;
    PageReadIos: ULONG;
    Reserved2: array[0..1] of ULONG;
    PagefilePagesWritten: ULONG;
    PagefilePageWriteIos: ULONG;
    MappedFilePagesWritten: ULONG;
    MappedFilePageWriteIos: ULONG;
    PagedPoolUsage: ULONG;
    NonPagedPoolUsage: ULONG;
    PagedPoolAllocs: ULONG;
    PagedPoolFrees: ULONG;
    NonPagedPoolAllocs: ULONG;
    NonPagedPoolFrees: ULONG;
    TotalFreeSystemPtes: ULONG;
    SystemCodePage: ULONG;
    TotalSystemDriverPages: ULONG;
    TotalSystemCodePages: ULONG;
    SmallNonPagedLookasideListAllocateHits: ULONG;
    SmallPagedLookasideListAllocateHits: ULONG;
    Reserved3: ULONG;
    MmSystemCachePage: ULONG;
    PagedPoolPage: ULONG;
    SystemDriverPage: ULONG;
    FastReadNoWait: ULONG;
    FastReadWait: ULONG;
    FastReadResourceMiss: ULONG;
    FastReadNotPossible: ULONG;
    FastMdlReadNoWait: ULONG;
    FastMdlReadWait: ULONG;
    FastMdlReadResourceMiss: ULONG;
    FastMdlReadNotPossible: ULONG;
    MapDataNoWait: ULONG;
    MapDataWait: ULONG;
    MapDataNoWaitMiss: ULONG;
    MapDataWaitMiss: ULONG;
    PinMappedDataCount: ULONG;
    PinReadNoWait: ULONG;
    PinReadWait: ULONG;
    PinReadNoWaitMiss: ULONG;
    PinReadWaitMiss: ULONG;
    CopyReadNoWait: ULONG;
    CopyReadWait: ULONG;
    CopyReadNoWaitMiss: ULONG;
    CopyReadWaitMiss: ULONG;
    MdlReadNoWait: ULONG;
    MdlReadWait: ULONG;
    MdlReadNoWaitMiss: ULONG;
    MdlReadWaitMiss: ULONG;
    ReadAheadIos: ULONG;
    LazyWriteIos: ULONG;
    LazyWritePages: ULONG;
    DataFlushes: ULONG;
    DataPages: ULONG;
    ContextSwitches: ULONG;
    FirstLevelTbFills: ULONG;
    SecondLevelTbFills: ULONG;
    SystemCalls: ULONG;
  end;
  SYSTEM_PERFORMANCE_INFORMATION = _SYSTEM_PERFORMANCE_INFORMATION;
  PSYSTEM_PERFORMANCE_INFORMATION = ^SYSTEM_PERFORMANCE_INFORMATION;
  TSystemPerformanceInformation = SYSTEM_PERFORMANCE_INFORMATION;
  PSystemPerformanceInformation = ^TSystemPerformanceInformation;

  _SYSTEM_TIME_OF_DAY_INFORMATION = record // Information Class 3
    BootTime: LARGE_INTEGER;
    CurrentTime: LARGE_INTEGER;
    TimeZoneBias: LARGE_INTEGER;
    CurrentTimeZoneId: ULONG;
  end;
  SYSTEM_TIME_OF_DAY_INFORMATION = _SYSTEM_TIME_OF_DAY_INFORMATION;
  PSYSTEM_TIME_OF_DAY_INFORMATION = ^SYSTEM_TIME_OF_DAY_INFORMATION;
  TSystemTimeOfDayInformation = SYSTEM_TIME_OF_DAY_INFORMATION;
  PSystemTimeOfDayInformation = ^TSystemTimeOfDayInformation;

  _IO_COUNTERSEX = record
    ReadOperationCount: LARGE_INTEGER;
    WriteOperationCount: LARGE_INTEGER;
    OtherOperationCount: LARGE_INTEGER;
    ReadTransferCount: LARGE_INTEGER;
    WriteTransferCount: LARGE_INTEGER;
    OtherTransferCount: LARGE_INTEGER;
  end;
  IO_COUNTERSEX = _IO_COUNTERSEX;
  PIO_COUNTERSEX = ^IO_COUNTERSEX;
  TIoCountersEx = IO_COUNTERSEX;
  PIoCountersEx = ^TIoCountersEx;

  THREAD_STATE = (
    StateInitialized,
    StateReady,
    StateRunning,
    StateStandby,
    StateTerminated,
    StateWait,
    StateTransition,
    StateUnknown);
  TThreadState = THREAD_STATE;

  _SYSTEM_THREADS = record
    KernelTime: LARGE_INTEGER;
    UserTime: LARGE_INTEGER;
    CreateTime: LARGE_INTEGER;
    WaitTime: ULONG;
    StartAddress: PVOID;
    ClientId: CLIENT_ID;
    Priority: KPRIORITY;
    BasePriority: KPRIORITY;
    ContextSwitchCount: ULONG;
    State: THREAD_STATE;
    WaitReason: KWAIT_REASON;
  end;
  SYSTEM_THREADS = _SYSTEM_THREADS;
  PSYSTEM_THREADS = ^SYSTEM_THREADS;
  TSystemThreads = SYSTEM_THREADS;
  PSystemThreads = PSYSTEM_THREADS;

  _SYSTEM_PROCESSES = record // Information Class 5
    NextEntryDelta: ULONG;
    ThreadCount: ULONG;
    Reserved1: array[0..5] of ULONG;
    CreateTime: LARGE_INTEGER;
    UserTime: LARGE_INTEGER;
    KernelTime: LARGE_INTEGER;
    ProcessName: UNICODE_STRING;
    BasePriority: KPRIORITY;
    ProcessId: ULONG;
    InheritedFromProcessId: ULONG;
    HandleCount: ULONG;
    // next two were Reserved2: array [0..1] of ULONG; thanks to Nico Bendlin
    SessionId: ULONG;
    Reserved2: ULONG;
    VmCounters: VM_COUNTERS;
    PrivatePageCount: ULONG;
    IoCounters: IO_COUNTERSEX; // Windows 2000 only
    Threads: array[0..0] of SYSTEM_THREADS;
  end;
  SYSTEM_PROCESSES = _SYSTEM_PROCESSES;
  PSYSTEM_PROCESSES = ^SYSTEM_PROCESSES;
  TSystemProcesses = SYSTEM_PROCESSES;
  PSystemProcesses = PSYSTEM_PROCESSES;

  _SYSTEM_CALLS_INFORMATION = record // Information Class 6
    Size: ULONG;
    NumberOfDescriptorTables: ULONG;
    NumberOfRoutinesInTable: array[0..0] of ULONG;
    // ULONG CallCounts[];
  end;
  SYSTEM_CALLS_INFORMATION = _SYSTEM_CALLS_INFORMATION;
  PSYSTEM_CALLS_INFORMATION = ^SYSTEM_CALLS_INFORMATION;
  TSystemCallsInformation = SYSTEM_CALLS_INFORMATION;
  PSystemCallsInformation = ^TSystemCallsInformation;

  _SYSTEM_CONFIGURATION_INFORMATION = record // Information Class 7
    DiskCount: ULONG;
    FloppyCount: ULONG;
    CdRomCount: ULONG;
    TapeCount: ULONG;
    SerialCount: ULONG;
    ParallelCount: ULONG;
  end;
  SYSTEM_CONFIGURATION_INFORMATION = _SYSTEM_CONFIGURATION_INFORMATION;
  PSYSTEM_CONFIGURATION_INFORMATION = ^SYSTEM_CONFIGURATION_INFORMATION;
  TSystemConfigurationInformation = SYSTEM_CONFIGURATION_INFORMATION;
  PSystemConfigurationInformation = ^TSystemConfigurationInformation;

  _SYSTEM_PROCESSOR_TIMES = record // Information Class 8
    IdleTime: LARGE_INTEGER;
    KernelTime: LARGE_INTEGER;
    UserTime: LARGE_INTEGER;
    DpcTime: LARGE_INTEGER;
    InterruptTime: LARGE_INTEGER;
    InterruptCount: ULONG;
  end;
  SYSTEM_PROCESSOR_TIMES = _SYSTEM_PROCESSOR_TIMES;
  PSYSTEM_PROCESSOR_TIMES = ^SYSTEM_PROCESSOR_TIMES;
  TSystemProcessorTimes = SYSTEM_PROCESSOR_TIMES;
  PSystemProcessorTimes = ^TSystemProcessorTimes;

  _SYSTEM_GLOBAL_FLAG = record // Information Class 9
    GlobalFlag: ULONG;
  end;
  SYSTEM_GLOBAL_FLAG = _SYSTEM_GLOBAL_FLAG;
  PSYSTEM_GLOBAL_FLAG = ^SYSTEM_GLOBAL_FLAG;
  TSystemGlobalFlag = SYSTEM_GLOBAL_FLAG;
  PSystemGlobalFlag = ^TSystemGlobalFlag;

  _SYSTEM_MODULE_INFORMATION = record // Information Class 11
    Reserved: array[0..1] of ULONG;
    Base: PVOID;
    Size: ULONG;
    Flags: ULONG;
    Index: USHORT;
    Unknown: USHORT;
    LoadCount: USHORT;
    ModuleNameOffset: USHORT;
    ImageName: array[0..255] of CHAR;
  end;
  SYSTEM_MODULE_INFORMATION = _SYSTEM_MODULE_INFORMATION;
  PSYSTEM_MODULE_INFORMATION = ^SYSTEM_MODULE_INFORMATION;
  TSystemModuleInformation = SYSTEM_MODULE_INFORMATION;
  PSystemModuleInformation = PSYSTEM_MODULE_INFORMATION;

  _SYSTEM_LOCK_INFORMATION = record // Information Class 12
    Address: PVOID;
    Type_: USHORT;
    Reserved1: USHORT;
    ExclusiveOwnerThreadId: ULONG;
    ActiveCount: ULONG;
    ContentionCount: ULONG;
    Reserved2: array[0..1] of ULONG;
    NumberOfSharedWaiters: ULONG;
    NumberOfExclusiveWaiters: ULONG;
  end;
  SYSTEM_LOCK_INFORMATION = _SYSTEM_LOCK_INFORMATION;
  PSYSTEM_LOCK_INFORMATION = ^SYSTEM_LOCK_INFORMATION;
  TSystemLockInformation = SYSTEM_LOCK_INFORMATION;
  PSystemLockInformation = ^TSystemLockInformation;

  _SYSTEM_HANDLE_INFORMATION = record // Information Class 16
    ProcessId: ULONG;
    ObjectTypeNumber: UCHAR;
    Flags: UCHAR; // 0x01 = PROTECT_FROM_CLOSE, 0x02 = INHERIT
    Handle: USHORT;
    Object_: PVOID;
    GrantedAccess: ACCESS_MASK;
  end;
  SYSTEM_HANDLE_INFORMATION = _SYSTEM_HANDLE_INFORMATION;
  PSYSTEM_HANDLE_INFORMATION = ^SYSTEM_HANDLE_INFORMATION;
  TSystemHandleInformation = SYSTEM_HANDLE_INFORMATION;
  PSystemHandleInformation = ^TSystemHandleInformation;

  _SYSTEM_OBJECT_TYPE_INFORMATION = record // Information Class 17
    NextEntryOffset: ULONG;
    ObjectCount: ULONG;
    HandleCount: ULONG;
    TypeNumber: ULONG;
    InvalidAttributes: ULONG;
    GenericMapping: GENERIC_MAPPING;
    ValidAccessMask: ACCESS_MASK;
    PoolType: POOL_TYPE;
    Unknown: UCHAR;
    Name: UNICODE_STRING;
  end;
  SYSTEM_OBJECT_TYPE_INFORMATION = _SYSTEM_OBJECT_TYPE_INFORMATION;
  PSYSTEM_OBJECT_TYPE_INFORMATION = ^SYSTEM_OBJECT_TYPE_INFORMATION;
  TSystemObjectTypeInformation = SYSTEM_OBJECT_TYPE_INFORMATION;
  PSystemObjectTypeInformation = ^TSystemObjectTypeInformation;

  _SYSTEM_OBJECT_INFORMATION = record
    NextEntryOffset: ULONG;
    Object_: PVOID;
    CreatorProcessId: ULONG;
    Unknown: USHORT;
    Flags: USHORT;
    PointerCount: ULONG;
    HandleCount: ULONG;
    PagedPoolUsage: ULONG;
    NonPagedPoolUsage: ULONG;
    ExclusiveProcessId: ULONG;
    SecurityDescriptor: PSECURITY_DESCRIPTOR;
    Name: UNICODE_STRING;
  end;
  SYSTEM_OBJECT_INFORMATION = _SYSTEM_OBJECT_INFORMATION;
  PSYSTEM_OBJECT_INFORMATION = ^SYSTEM_OBJECT_INFORMATION;
  TSystemObjectInformation = SYSTEM_OBJECT_INFORMATION;
  PSystemObjectInformation = ^TSystemObjectInformation;

  _SYSTEM_PAGEFILE_INFORMATION = record // Information Class 18
    NextEntryOffset: ULONG;
    CurrentSize: ULONG;
    TotalUsed: ULONG;
    PeakUsed: ULONG;
    FileName: UNICODE_STRING;
  end;
  SYSTEM_PAGEFILE_INFORMATION = _SYSTEM_PAGEFILE_INFORMATION;
  PSYSTEM_PAGEFILE_INFORMATION = ^SYSTEM_PAGEFILE_INFORMATION;
  TSystemPageFileInformation = SYSTEM_PAGEFILE_INFORMATION;
  PSystemPageFileInformation = PSYSTEM_PAGEFILE_INFORMATION;

  _SYSTEM_INSTRUCTION_EMULATION_INFORMATION = record // Info Class 19
    GenericInvalidOpcode: ULONG;
    TwoByteOpcode: ULONG;
    ESprefix: ULONG;
    CSprefix: ULONG;
    SSprefix: ULONG;
    DSprefix: ULONG;
    FSPrefix: ULONG;
    GSprefix: ULONG;
    OPER32prefix: ULONG;
    ADDR32prefix: ULONG;
    INSB: ULONG;
    INSW: ULONG;
    OUTSB: ULONG;
    OUTSW: ULONG;
    PUSHFD: ULONG;
    POPFD: ULONG;
    INTnn: ULONG;
    INTO: ULONG;
    IRETD: ULONG;
    FloatingPointOpcode: ULONG;
    INBimm: ULONG;
    INWimm: ULONG;
    OUTBimm: ULONG;
    OUTWimm: ULONG;
    INB: ULONG;
    INW: ULONG;
    OUTB: ULONG;
    OUTW: ULONG;
    LOCKprefix: ULONG;
    REPNEprefix: ULONG;
    REPprefix: ULONG;
    CLI: ULONG;
    STI: ULONG;
    HLT: ULONG;
  end;
  SYSTEM_INSTRUCTION_EMULATION_INFORMATION = _SYSTEM_INSTRUCTION_EMULATION_INFORMATION;
  PSYSTEM_INSTRUCTION_EMULATION_INFORMATION = ^SYSTEM_INSTRUCTION_EMULATION_INFORMATION;
  TSystemInstructionEmulationInformation = SYSTEM_INSTRUCTION_EMULATION_INFORMATION;
  PSystemInstructionEmulationInformation = ^TSystemInstructionEmulationInformation;

  _SYSTEM_CACHE_INFORMATION = record // Information Class 21
    SystemCacheWsSize: ULONG;
    SystemCacheWsPeakSize: ULONG;
    SystemCacheWsFaults: ULONG;
    SystemCacheWsMinimum: ULONG;
    SystemCacheWsMaximum: ULONG;
    TransitionSharedPages: ULONG;
    TransitionSharedPagesPeak: ULONG;
    Reserved: array[0..1] of ULONG;
  end;
  SYSTEM_CACHE_INFORMATION = _SYSTEM_CACHE_INFORMATION;
  PSYSTEM_CACHE_INFORMATION = ^SYSTEM_CACHE_INFORMATION;
  TSystemCacheInformation = SYSTEM_CACHE_INFORMATION;
  PSystemCacheInformation = ^TSystemCacheInformation;

  _SYSTEM_POOL_TAG_INFORMATION = record // Information Class 22
    Tag: array[0..3] of CHAR;
    PagedPoolAllocs: ULONG;
    PagedPoolFrees: ULONG;
    PagedPoolUsage: ULONG;
    NonPagedPoolAllocs: ULONG;
    NonPagedPoolFrees: ULONG;
    NonPagedPoolUsage: ULONG;
  end;
  SYSTEM_POOL_TAG_INFORMATION = _SYSTEM_POOL_TAG_INFORMATION;
  PSYSTEM_POOL_TAG_INFORMATION = ^SYSTEM_POOL_TAG_INFORMATION;
  TSystemPoolTagInformation = SYSTEM_POOL_TAG_INFORMATION;
  PSystemPoolTagInformation = ^TSystemPoolTagInformation;

  _SYSTEM_PROCESSOR_STATISTICS = record // Information Class 23
    ContextSwitches: ULONG;
    DpcCount: ULONG;
    DpcRequestRate: ULONG;
    TimeIncrement: ULONG;
    DpcBypassCount: ULONG;
    ApcBypassCount: ULONG;
  end;
  SYSTEM_PROCESSOR_STATISTICS = _SYSTEM_PROCESSOR_STATISTICS;
  PSYSTEM_PROCESSOR_STATISTICS = ^SYSTEM_PROCESSOR_STATISTICS;
  TSystemProcessorStatistics = SYSTEM_PROCESSOR_STATISTICS;
  PSystemProcessorStatistics = ^TSystemProcessorStatistics;

  _SYSTEM_DPC_INFORMATION = record // Information Class 24
    Reserved: ULONG;
    MaximumDpcQueueDepth: ULONG;
    MinimumDpcRate: ULONG;
    AdjustDpcThreshold: ULONG;
    IdealDpcRate: ULONG;
  end;
  SYSTEM_DPC_INFORMATION = _SYSTEM_DPC_INFORMATION;
  PSYSTEM_DPC_INFORMATION = ^SYSTEM_DPC_INFORMATION;
  TSystemDpcInformation = SYSTEM_DPC_INFORMATION;
  PSystemDpcInformation = ^TSystemDpcInformation;

  _SYSTEM_LOAD_IMAGE = record // Information Class 26
    ModuleName: UNICODE_STRING;
    ModuleBase: PVOID;
    Unknown: PVOID;
    EntryPoint: PVOID;
    ExportDirectory: PVOID;
  end;
  SYSTEM_LOAD_IMAGE = _SYSTEM_LOAD_IMAGE;
  PSYSTEM_LOAD_IMAGE = ^SYSTEM_LOAD_IMAGE;
  TSystemLoadImage = SYSTEM_LOAD_IMAGE;
  PSystemLoadImage = ^TSystemLoadImage;

  _SYSTEM_UNLOAD_IMAGE = record // Information Class 27
    ModuleBase: PVOID;
  end;
  SYSTEM_UNLOAD_IMAGE = _SYSTEM_UNLOAD_IMAGE;
  PSYSTEM_UNLOAD_IMAGE = ^SYSTEM_UNLOAD_IMAGE;
  TSystemUnloadImage = SYSTEM_UNLOAD_IMAGE;
  PSystemUnloadImage = ^TSystemUnloadImage;

  _SYSTEM_QUERY_TIME_ADJUSTMENT = record // Information Class 28
    TimeAdjustment: ULONG;
    MaximumIncrement: ULONG;
    TimeSynchronization: ByteBool;
  end;
  SYSTEM_QUERY_TIME_ADJUSTMENT = _SYSTEM_QUERY_TIME_ADJUSTMENT;
  PSYSTEM_QUERY_TIME_ADJUSTMENT = ^SYSTEM_QUERY_TIME_ADJUSTMENT;
  TSystemQueryTimeAdjustment = SYSTEM_QUERY_TIME_ADJUSTMENT;
  PSystemQueryTimeAdjustment = ^TSystemQueryTimeAdjustment;

  _SYSTEM_SET_TIME_ADJUSTMENT = record // Information Class 28
    TimeAdjustment: ULONG;
    TimeSynchronization: ByteBool;
  end;
  SYSTEM_SET_TIME_ADJUSTMENT = _SYSTEM_SET_TIME_ADJUSTMENT;
  PSYSTEM_SET_TIME_ADJUSTMENT = ^SYSTEM_SET_TIME_ADJUSTMENT;
  TSystemSetTimeAdjustment = SYSTEM_SET_TIME_ADJUSTMENT;
  PSystemSetTimeAdjustment = ^TSystemSetTimeAdjustment;

  _SYSTEM_CRASH_DUMP_INFORMATION = record // Information Class 32
    CrashDumpSectionHandle: HANDLE;
    Unknown: HANDLE; // Windows 2000 only
  end;
  SYSTEM_CRASH_DUMP_INFORMATION = _SYSTEM_CRASH_DUMP_INFORMATION;
  PSYSTEM_CRASH_DUMP_INFORMATION = ^SYSTEM_CRASH_DUMP_INFORMATION;
  TSystemCrashDumpInformation = SYSTEM_CRASH_DUMP_INFORMATION;
  PSystemCrashDumpInformation = ^TSystemCrashDumpInformation;

  _SYSTEM_EXCEPTION_INFORMATION = record // Information Class 33
    AlignmentFixupCount: ULONG;
    ExceptionDispatchCount: ULONG;
    FloatingEmulationCount: ULONG;
    Reserved: ULONG;
  end;
  SYSTEM_EXCEPTION_INFORMATION = _SYSTEM_EXCEPTION_INFORMATION;
  PSYSTEM_EXCEPTION_INFORMATION = ^SYSTEM_EXCEPTION_INFORMATION;
  TSystemExceptionInformation = SYSTEM_EXCEPTION_INFORMATION;
  PSystemExceptionInformation = ^TSystemExceptionInformation;

  _SYSTEM_CRASH_STATE_INFORMATION = record // Information Class 34
    ValidCrashDump: ULONG;
    Unknown: ULONG; // Windows 2000 only
  end;
  SYSTEM_CRASH_STATE_INFORMATION = _SYSTEM_CRASH_STATE_INFORMATION;
  PSYSTEM_CRASH_STATE_INFORMATION = ^SYSTEM_CRASH_STATE_INFORMATION;
  TSystemCrashStateInformation = SYSTEM_CRASH_STATE_INFORMATION;
  PSystemCrashStateInformation = ^TSystemCrashStateInformation;

  _SYSTEM_KERNEL_DEBUGGER_INFORMATION = record // Information Class 35
    DebuggerEnabled: ByteBool;
    DebuggerNotPresent: ByteBool;
  end;
  SYSTEM_KERNEL_DEBUGGER_INFORMATION = _SYSTEM_KERNEL_DEBUGGER_INFORMATION;
  PSYSTEM_KERNEL_DEBUGGER_INFORMATION = ^SYSTEM_KERNEL_DEBUGGER_INFORMATION;
  TSystemKernelDebuggerInformation = SYSTEM_KERNEL_DEBUGGER_INFORMATION;
  PSystemKernelDebuggerInformation = ^TSystemKernelDebuggerInformation;

  _SYSTEM_CONTEXT_SWITCH_INFORMATION = record // Information Class 36
    ContextSwitches: ULONG;
    ContextSwitchCounters: array[0..10] of ULONG;
  end;
  SYSTEM_CONTEXT_SWITCH_INFORMATION = _SYSTEM_CONTEXT_SWITCH_INFORMATION;
  PSYSTEM_CONTEXT_SWITCH_INFORMATION = ^SYSTEM_CONTEXT_SWITCH_INFORMATION;
  TSystemContextSwitchInformation = SYSTEM_CONTEXT_SWITCH_INFORMATION;
  PSystemContextSwitchInformation = ^TSystemContextSwitchInformation;

  _SYSTEM_REGISTRY_QUOTA_INFORMATION = record // Information Class 37
    RegistryQuota: ULONG;
    RegistryQuotaInUse: ULONG;
    PagedPoolSize: ULONG;
  end;
  SYSTEM_REGISTRY_QUOTA_INFORMATION = _SYSTEM_REGISTRY_QUOTA_INFORMATION;
  PSYSTEM_REGISTRY_QUOTA_INFORMATION = ^SYSTEM_REGISTRY_QUOTA_INFORMATION;
  TSystemRegistryQuotaInformation = SYSTEM_REGISTRY_QUOTA_INFORMATION;
  PSystemRegistryQuotaInformation = ^TSystemRegistryQuotaInformation;

  _SYSTEM_LOAD_AND_CALL_IMAGE = record // Information Class 38
    ModuleName: UNICODE_STRING;
  end;
  SYSTEM_LOAD_AND_CALL_IMAGE = _SYSTEM_LOAD_AND_CALL_IMAGE;
  PSYSTEM_LOAD_AND_CALL_IMAGE = ^SYSTEM_LOAD_AND_CALL_IMAGE;
  TSystemLoadAndCallImage = SYSTEM_LOAD_AND_CALL_IMAGE;
  PSystemLoadAndCallImage = ^TSystemLoadAndCallImage;

  _SYSTEM_PRIORITY_SEPARATION = record // Information Class 39
    PrioritySeparation: ULONG;
  end;
  SYSTEM_PRIORITY_SEPARATION = _SYSTEM_PRIORITY_SEPARATION;
  PSYSTEM_PRIORITY_SEPARATION = ^SYSTEM_PRIORITY_SEPARATION;
  TSystemPrioritySeparation = SYSTEM_PRIORITY_SEPARATION;
  PSystemPrioritySeparation = ^TSystemPrioritySeparation;

  _SYSTEM_TIME_ZONE_INFORMATION = record // Information Class 44
    Bias: LONG;
    StandardName: array[0..31] of WCHAR;
    StandardDate: SYSTEMTIME;
    StandardBias: LONG;
    DaylightName: array[0..31] of WCHAR;
    DaylightDate: SYSTEMTIME;
    DaylightBias: LONG;
  end;
  SYSTEM_TIME_ZONE_INFORMATION = _SYSTEM_TIME_ZONE_INFORMATION;
  PSYSTEM_TIME_ZONE_INFORMATION = ^SYSTEM_TIME_ZONE_INFORMATION;
  TSystemTimeZoneInformation = SYSTEM_TIME_ZONE_INFORMATION;
  PSystemTimeZoneInformation = ^TSystemTimeZoneInformation;

  _SYSTEM_LOOKASIDE_INFORMATION = record // Information Class 45
    Depth: USHORT;
    MaximumDepth: USHORT;
    TotalAllocates: ULONG;
    AllocateMisses: ULONG;
    TotalFrees: ULONG;
    FreeMisses: ULONG;
    Type_: POOL_TYPE;
    Tag: ULONG;
    Size: ULONG;
  end;
  SYSTEM_LOOKASIDE_INFORMATION = _SYSTEM_LOOKASIDE_INFORMATION;
  PSYSTEM_LOOKASIDE_INFORMATION = ^SYSTEM_LOOKASIDE_INFORMATION;
  TSystemLookAsideInformation = SYSTEM_LOOKASIDE_INFORMATION;
  PSystemLookAsideInformation = ^TSystemLookAsideInformation;

  _SYSTEM_SET_TIME_SLIP_EVENT = record // Information Class 46
    TimeSlipEvent: HANDLE;
  end;
  SYSTEM_SET_TIME_SLIP_EVENT = _SYSTEM_SET_TIME_SLIP_EVENT;
  PSYSTEM_SET_TIME_SLIP_EVENT = ^SYSTEM_SET_TIME_SLIP_EVENT;
  TSystemSetTimeSlipEvent = SYSTEM_SET_TIME_SLIP_EVENT;
  PSystemSetTimeSlipEvent = ^TSystemSetTimeSlipEvent;

  _SYSTEM_CREATE_SESSION = record // Information Class 47
    Session: ULONG;
  end;
  SYSTEM_CREATE_SESSION = _SYSTEM_CREATE_SESSION;
  PSYSTEM_CREATE_SESSION = ^SYSTEM_CREATE_SESSION;
  TSystemCreateSession = SYSTEM_CREATE_SESSION;
  PSystemCreateSession = ^TSystemCreateSession;

  _SYSTEM_DELETE_SESSION = record // Information Class 48
    Session: ULONG;
  end;
  SYSTEM_DELETE_SESSION = _SYSTEM_DELETE_SESSION;
  PSYSTEM_DELETE_SESSION = ^SYSTEM_DELETE_SESSION;
  TSystemDeleteSession = SYSTEM_DELETE_SESSION;
  PSystemDeleteSession = ^TSystemDeleteSession;

  _SYSTEM_RANGE_START_INFORMATION = record // Information Class 50
    SystemRangeStart: PVOID;
  end;
  SYSTEM_RANGE_START_INFORMATION = _SYSTEM_RANGE_START_INFORMATION;
  PSYSTEM_RANGE_START_INFORMATION = ^SYSTEM_RANGE_START_INFORMATION;
  TSystemRangeStartInformation = SYSTEM_RANGE_START_INFORMATION;
  PSystemRangeStartInformation = ^TSystemRangeStartInformation;

  _SYSTEM_POOL_BLOCK = record
    Allocated: ByteBool;
    Unknown: USHORT;
    Size: ULONG;
    Tag: array[0..3] of CHAR;
  end;
  SYSTEM_POOL_BLOCK = _SYSTEM_POOL_BLOCK;
  PSYSTEM_POOL_BLOCK = ^SYSTEM_POOL_BLOCK;
  TSystemPoolBlock = SYSTEM_POOL_BLOCK;
  PSystemPoolBlock = ^TSystemPoolBlock;

  _SYSTEM_POOL_BLOCKS_INFORMATION = record // Info Classes 14 and 15
    PoolSize: ULONG;
    PoolBase: PVOID;
    Unknown: USHORT;
    NumberOfBlocks: ULONG;
    PoolBlocks: array[0..0] of SYSTEM_POOL_BLOCK;
  end;
  SYSTEM_POOL_BLOCKS_INFORMATION = _SYSTEM_POOL_BLOCKS_INFORMATION;
  PSYSTEM_POOL_BLOCKS_INFORMATION = ^SYSTEM_POOL_BLOCKS_INFORMATION;
  TSystemPoolBlocksInformation = SYSTEM_POOL_BLOCKS_INFORMATION;
  PSystemPoolBlocksInformation = ^TSystemPoolBlocksInformation;

  _SYSTEM_MEMORY_USAGE = record
    Name: PVOID;
    Valid: USHORT;
    Standby: USHORT;
    Modified: USHORT;
    PageTables: USHORT;
  end;
  SYSTEM_MEMORY_USAGE = _SYSTEM_MEMORY_USAGE;
  PSYSTEM_MEMORY_USAGE = ^SYSTEM_MEMORY_USAGE;
  TSystemMemoryUsage = SYSTEM_MEMORY_USAGE;
  PSystemMemoryUsage = ^TSystemMemoryUsage;

  _SYSTEM_MEMORY_USAGE_INFORMATION = record // Info Classes 25 and 29
    Reserved: ULONG;
    EndOfData: PVOID;
    MemoryUsage: array[0..0] of SYSTEM_MEMORY_USAGE;
  end;
  SYSTEM_MEMORY_USAGE_INFORMATION = _SYSTEM_MEMORY_USAGE_INFORMATION;
  PSYSTEM_MEMORY_USAGE_INFORMATION = ^SYSTEM_MEMORY_USAGE_INFORMATION;
  TSystemMemoryUsageInformation = SYSTEM_MEMORY_USAGE_INFORMATION;
  PSystemMemoryUsageInformation = ^TSystemMemoryUsageInformation;

type
  _SHUTDOWN_ACTION = (
    ShutdownNoReboot,
    ShutdownReboot,
    ShutdownPowerOff);
  SHUTDOWN_ACTION = _SHUTDOWN_ACTION;
  TShutdownAction = SHUTDOWN_ACTION;

type
  _DEBUG_CONTROL_CODE = (
    DebugFiller0,
    DebugGetTraceInformation,
    DebugSetInternalBreakpoint,
    DebugSetSpecialCall,
    DebugClearSpecialCalls,
    DebugQuerySpecialCalls,
    DebugDbgBreakPoint);
  DEBUG_CONTROL_CODE = _DEBUG_CONTROL_CODE;
  TDebugControlCode = DEBUG_CONTROL_CODE;

type
  _OBJECT_INFORMATION_CLASS = (
    ObjectBasicInformation,
    ObjectNameInformation,
    ObjectTypeInformation,
    ObjectAllTypesInformation,
    ObjectHandleInformation);
  OBJECT_INFORMATION_CLASS = _OBJECT_INFORMATION_CLASS;
  TObjectInformationClass = OBJECT_INFORMATION_CLASS;

type
  _OBJECT_BASIC_INFORMATION = record // Information Class 0
    Attributes: ULONG;
    GrantedAccess: ACCESS_MASK;
    HandleCount: ULONG;
    PointerCount: ULONG;
    PagedPoolUsage: ULONG;
    NonPagedPoolUsage: ULONG;
    Reserved: array[0..2] of ULONG;
    NameInformationLength: ULONG;
    TypeInformationLength: ULONG;
    SecurityDescriptorLength: ULONG;
    CreateTime: LARGE_INTEGER;
  end;
  OBJECT_BASIC_INFORMATION = _OBJECT_BASIC_INFORMATION;
  POBJECT_BASIC_INFORMATION = ^OBJECT_BASIC_INFORMATION;
  TObjectBasicInformation = OBJECT_BASIC_INFORMATION;
  PObjectBasicInformation = ^TObjectBasicInformation;

  _OBJECT_TYPE_INFORMATION = record // Information Class 2
    Name: UNICODE_STRING;
    ObjectCount: ULONG;
    HandleCount: ULONG;
    Reserved1: array[0..3] of ULONG;
    PeakObjectCount: ULONG;
    PeakHandleCount: ULONG;
    Reserved2: array[0..3] of ULONG;
    InvalidAttributes: ULONG;
    GenericMapping: GENERIC_MAPPING;
    ValidAccess: ULONG;
    Unknown: UCHAR;
    MaintainHandleDatabase: ByteBool;
    Reserved3: array[0..1] of UCHAR;
    PoolType: POOL_TYPE;
    PagedPoolUsage: ULONG;
    NonPagedPoolUsage: ULONG;
  end;
  OBJECT_TYPE_INFORMATION = _OBJECT_TYPE_INFORMATION;
  POBJECT_TYPE_INFORMATION = ^OBJECT_TYPE_INFORMATION;
  TObjectTypeInformation = OBJECT_TYPE_INFORMATION;
  PObjectTypeInformation = ^TObjectTypeInformation;

  _OBJECT_ALL_TYPES_INFORMATION = record // Information Class 3
    NumberOfTypes: ULONG;
    TypeInformation: OBJECT_TYPE_INFORMATION;
  end;
  OBJECT_ALL_TYPES_INFORMATION = _OBJECT_ALL_TYPES_INFORMATION;
  POBJECT_ALL_TYPES_INFORMATION = ^OBJECT_ALL_TYPES_INFORMATION;
  TObjectAllTypesInformation = OBJECT_ALL_TYPES_INFORMATION;
  PObjectAllTypesInformation = ^TObjectAllTypesInformation;

  _OBJECT_HANDLE_ATTRIBUTE_INFORMATION = record // Information Class 4
    Inherit: ByteBool;
    ProtectFromClose: ByteBool;
  end;
  OBJECT_HANDLE_ATTRIBUTE_INFORMATION = _OBJECT_HANDLE_ATTRIBUTE_INFORMATION;
  POBJECT_HANDLE_ATTRIBUTE_INFORMATION = ^OBJECT_HANDLE_ATTRIBUTE_INFORMATION;
  TObjectHandleAttributeInformation = OBJECT_HANDLE_ATTRIBUTE_INFORMATION;
  PObjectHandleAttributeInformation = ^TObjectHandleAttributeInformation;

type
  _DIRECTORY_BASIC_INFORMATION = record
    ObjectName: UNICODE_STRING;
    ObjectTypeName: UNICODE_STRING;
  end;
  DIRECTORY_BASIC_INFORMATION = _DIRECTORY_BASIC_INFORMATION;
  PDIRECTORY_BASIC_INFORMATION = ^DIRECTORY_BASIC_INFORMATION;
  TDirectoryBasicInformation = DIRECTORY_BASIC_INFORMATION;
  PDirectoryBasicInformation = ^TDirectoryBasicInformation;

type
  _MEMORY_INFORMATION_CLASS = (
    MemoryBasicInformation,
    MemoryWorkingSetList,
    MemorySectionName,
    MemoryBasicVlmInformation);
  MEMORY_INFORMATION_CLASS = _MEMORY_INFORMATION_CLASS;
  TMemoryInformationClass = MEMORY_INFORMATION_CLASS;
  PMemoryInformationClass = ^TMemoryInformationClass;

type
  _MEMORY_BASIC_INFORMATION = record // Information Class 0
    BaseAddress: PVOID;
    AllocationBase: PVOID;
    AllocationProtect: ULONG;
    RegionSize: ULONG;
    State: ULONG;
    Protect: ULONG;
    Type_: ULONG;
  end;
  MEMORY_BASIC_INFORMATION = _MEMORY_BASIC_INFORMATION;
  PMEMORY_BASIC_INFORMATION = ^MEMORY_BASIC_INFORMATION;
  TMemoryBasicInformation = MEMORY_BASIC_INFORMATION;
  PMemoryBasicInformation = ^TMemoryBasicInformation;

  _MEMORY_WORKING_SET_LIST = record // Information Class 1
    NumberOfPages: ULONG;
    WorkingSetList: array[0..0] of ULONG;
  end;
  MEMORY_WORKING_SET_LIST = _MEMORY_WORKING_SET_LIST;
  PMEMORY_WORKING_SET_LIST = ^MEMORY_WORKING_SET_LIST;
  TMemoryWorkingSetList = MEMORY_WORKING_SET_LIST;
  PMemoryWorkingSetList = ^TMemoryWorkingSetList;

  _MEMORY_SECTION_NAME = record // Information Class 2
    SectionFileName: UNICODE_STRING;
  end;
  MEMORY_SECTION_NAME = _MEMORY_SECTION_NAME;
  PMEMORY_SECTION_NAME = ^MEMORY_SECTION_NAME;
  TMemorySectionName = MEMORY_SECTION_NAME;
  PMemorySectionName = ^TMemorySectionName;

type
  _SECTION_INFORMATION_CLASS = (
    SectionBasicInformation,
    SectionImageInformation);
  SECTION_INFORMATION_CLASS = _SECTION_INFORMATION_CLASS;
  TSectionInformationClass = SECTION_INFORMATION_CLASS;

type
  _SECTION_BASIC_INFORMATION = record // Information Class 0
    BaseAddress: PVOID;
    Attributes: ULONG;
    Size: LARGE_INTEGER;
  end;
  SECTION_BASIC_INFORMATION = _SECTION_BASIC_INFORMATION;
  PSECTION_BASIC_INFORMATION = ^SECTION_BASIC_INFORMATION;
  TSectionBasicInformation = SECTION_BASIC_INFORMATION;
  PSectionBasicInformation = ^TSectionBasicInformation;

  _SECTION_IMAGE_INFORMATION = record // Information Class 1
    EntryPoint: PVOID;
    Unknown1: ULONG;
    StackReserve: ULONG;
    StackCommit: ULONG;
    Subsystem: ULONG;
    MinorSubsystemVersion: USHORT;
    MajorSubsystemVersion: USHORT;
    Unknown2: ULONG;
    Characteristics: ULONG;
    ImageNumber: USHORT;
    Executable: ByteBool;
    Unknown3: UCHAR;
    Unknown4: array[0..2] of ULONG;
  end;
  SECTION_IMAGE_INFORMATION = _SECTION_IMAGE_INFORMATION;
  PSECTION_IMAGE_INFORMATION = ^SECTION_IMAGE_INFORMATION;
  TSectionImageInformation = SECTION_IMAGE_INFORMATION;
  PSectionImageInformation = TSectionImageInformation;

type
  _USER_STACK = record
    FixedStackBase: PVOID;
    FixedStackLimit: PVOID;
    ExpandableStackBase: PVOID;
    ExpandableStackLimit: PVOID;
    ExpandableStackBottom: PVOID;
  end;
  USER_STACK = _USER_STACK;
  PUSER_STACK = ^USER_STACK;
  TUserStack = USER_STACK;
  PUserStack = ^TUserStack;

type
  _THREAD_BASIC_INFORMATION = record // Information Class 0
    ExitStatus: NTSTATUS;
    TebBaseAddress: PNT_TIB;
    ClientId: CLIENT_ID;
    AffinityMask: KAFFINITY;
    Priority: KPRIORITY;
    BasePriority: KPRIORITY;
  end;
  THREAD_BASIC_INFORMATION = _THREAD_BASIC_INFORMATION;
  PTHREAD_BASIC_INFORMATION = ^THREAD_BASIC_INFORMATION;
  TThreadBasicInformation = THREAD_BASIC_INFORMATION;
  PThreadBasicInformation = ^TThreadBasicInformation;

type
  _PROCESS_PRIORITY_CLASS = record // Information Class 18
    Foreground: ByteBool;
    PriorityClass: UCHAR;
  end;
  PROCESS_PRIORITY_CLASS = _PROCESS_PRIORITY_CLASS;
  PPROCESS_PRIORITY_CLASS = ^PROCESS_PRIORITY_CLASS;
  TProcessPriorityClass = PROCESS_PRIORITY_CLASS;
  PProcessPriorityClass = ^TProcessPriorityClass;

  _RTL_PROCESS_INFORMATION = record
    Size: ULONG;
    hProcess: HANDLE;
    hThread: HANDLE;
    ClientId: CLIENT_ID;
    ImageInfo: SECTION_IMAGE_INFORMATION;
  end;
  RTL_PROCESS_INFORMATION = _RTL_PROCESS_INFORMATION;
  PRTL_PROCESS_INFORMATION = ^RTL_PROCESS_INFORMATION;
  TRtlProcessInformation = RTL_PROCESS_INFORMATION;
  PRtlProcessInformation = ^RTL_PROCESS_INFORMATION;

type
  _DEBUG_BUFFER = record
    SectionHandle: HANDLE;
    SectionBase: PVOID;
    RemoteSectionBase: PVOID;
    SectionBaseDelta: ULONG;
    EventPairHandle: HANDLE;
    Unknown: array[0..1] of ULONG;
    RemoteThreadHandle: HANDLE;
    InfoClassMask: ULONG;
    SizeOfInfo: ULONG;
    AllocatedSize: ULONG;
    SectionSize: ULONG;
    ModuleInformation: PVOID;
    BackTraceInformation: PVOID;
    HeapInformation: PVOID;
    LockInformation: PVOID;
    Reserved: array[0..7] of PVOID;
  end;
  DEBUG_BUFFER = _DEBUG_BUFFER;
  PDEBUG_BUFFER = ^DEBUG_BUFFER;
  TDebugBuffer = DEBUG_BUFFER;
  PDebugBuffer = ^TDebugBuffer;

const
  PDI_MODULES = $01;
  PDI_BACKTRACE = $02;
  PDI_HEAPS = $04;
  PDI_HEAP_TAGS = $08;
  PDI_HEAP_BLOCKS = $10;
  PDI_LOCKS = $20;

type
  _DEBUG_MODULE_INFORMATION = record // c.f. SYSTEM_MODULE_INFORMATION
    Reserved: array[0..1] of ULONG;
    Base: ULONG;
    Size: ULONG;
    Flags: ULONG;
    Index: USHORT;
    Unknown: USHORT;
    LoadCount: USHORT;
    ModuleNameOffset: USHORT;
    ImageName: array[0..255] of CHAR;
  end;
  DEBUG_MODULE_INFORMATION = _DEBUG_MODULE_INFORMATION;
  PDEBUG_MODULE_INFORMATION = ^DEBUG_MODULE_INFORMATION;
  TDebugModuleInformation = DEBUG_MODULE_INFORMATION;
  PDebugModuleInformation = ^TDebugModuleInformation;

  _DEBUG_HEAP_INFORMATION = record
    Base: ULONG;
    Flags: ULONG;
    Granularity: USHORT;
    Unknown: USHORT;
    Allocated: ULONG;
    Committed: ULONG;
    TagCount: ULONG;
    BlockCount: ULONG;
    Reserved: array[0..6] of ULONG;
    Tags: PVOID;
    Blocks: PVOID;
  end;
  DEBUG_HEAP_INFORMATION = _DEBUG_HEAP_INFORMATION;
  PDEBUG_HEAP_INFORMATION = ^DEBUG_HEAP_INFORMATION;
  TDebugHeapInformation = DEBUG_HEAP_INFORMATION;
  PDebugHeapInformation = ^TDebugHeapInformation;

  _DEBUG_LOCK_INFORMATION = record // c.f. SYSTEM_LOCK_INFORMATION
    Address: PVOID;
    Type_: USHORT;
    CreatorBackTraceIndex: USHORT;
    OwnerThreadId: ULONG;
    ActiveCount: ULONG;
    ContentionCount: ULONG;
    EntryCount: ULONG;
    RecursionCount: ULONG;
    NumberOfSharedWaiters: ULONG;
    NumberOfExclusiveWaiters: ULONG;
  end;
  DEBUG_LOCK_INFORMATION = _DEBUG_LOCK_INFORMATION;
  PDEBUG_LOCK_INFORMATION = ^DEBUG_LOCK_INFORMATION;
  TDebugLockInformation = DEBUG_LOCK_INFORMATION;
  PDebugLockInformation = ^TDebugLockInformation;

type
  PTIMER_APC_ROUTINE = procedure(TimerContext: PVOID; TimerLowValue: ULONG; TimerHighValue: LONG); stdcall;

type
  _TIMER_INFORMATION_CLASS = (TimerBasicInformation);
  TIMER_INFORMATION_CLASS = _TIMER_INFORMATION_CLASS;
  TTimerInformationClass = TIMER_INFORMATION_CLASS;

type
  _TIMER_BASIC_INFORMATION = record
    TimeRemaining: LARGE_INTEGER;
    SignalState: ByteBool;
  end;
  TIMER_BASIC_INFORMATION = _TIMER_BASIC_INFORMATION;
  PTIMER_BASIC_INFORMATION = ^TIMER_BASIC_INFORMATION;
  TTimerBasicInformation = TIMER_BASIC_INFORMATION;
  PTimerBasicInformation = ^TTimerBasicInformation;

type
  _EVENT_INFORMATION_CLASS = (EventBasicInformation);
  EVENT_INFORMATION_CLASS = _EVENT_INFORMATION_CLASS;
  TEventInformationClass = EVENT_INFORMATION_CLASS;

type
  _EVENT_BASIC_INFORMATION = record
    EventType: EVENT_TYPE;
    SignalState: LONG;
  end;
  EVENT_BASIC_INFORMATION = _EVENT_BASIC_INFORMATION;
  PEVENT_BASIC_INFORMATION = ^EVENT_BASIC_INFORMATION;
  TEventBasicInformation = EVENT_BASIC_INFORMATION;
  PEventBasicInformation = ^TEventBasicInformation;

type
  _SEMAPHORE_INFORMATION_CLASS = (SemaphoreBasicInformation);
  SEMAPHORE_INFORMATION_CLASS = _SEMAPHORE_INFORMATION_CLASS;
  TSemaphoreInformationClass = SEMAPHORE_INFORMATION_CLASS;

type
  _SEMAPHORE_BASIC_INFORMATION = record
    CurrentCount: LONG;
    MaximumCount: LONG;
  end;
  SEMAPHORE_BASIC_INFORMATION = _SEMAPHORE_BASIC_INFORMATION;
  PSEMAPHORE_BASIC_INFORMATION = ^SEMAPHORE_BASIC_INFORMATION;
  TSemaphoreBasicInformation = SEMAPHORE_BASIC_INFORMATION;

type
  _MUTANT_INFORMATION_CLASS = (MutantBasicInformation);
  MUTANT_INFORMATION_CLASS = _MUTANT_INFORMATION_CLASS;
  TMutantInformationClass = MUTANT_INFORMATION_CLASS;

type
  _MUTANT_BASIC_INFORMATION = record
    SignalState: LONG;
    Owned: ByteBool;
    Abandoned: ByteBool;
  end;
  MUTANT_BASIC_INFORMATION = _MUTANT_BASIC_INFORMATION;
  PMUTANT_BASIC_INFORMATION = ^MUTANT_BASIC_INFORMATION;
  TMutantBasicInformation = MUTANT_BASIC_INFORMATION;
  PMutantBasicInformation = ^TMutantBasicInformation;

type
  _IO_COMPLETION_INFORMATION_CLASS = (IoCompletionBasicInformation);
  IO_COMPLETION_INFORMATION_CLASS = _IO_COMPLETION_INFORMATION_CLASS;
  TIoCompletionInformationClass = IO_COMPLETION_INFORMATION_CLASS;

type
  _IO_COMPLETION_BASIC_INFORMATION = record
    SignalState: LONG;
  end;
  IO_COMPLETION_BASIC_INFORMATION = _IO_COMPLETION_BASIC_INFORMATION;
  PIO_COMPLETION_BASIC_INFORMATION = ^IO_COMPLETION_BASIC_INFORMATION;
  TIoCompletionBasicInformation = IO_COMPLETION_BASIC_INFORMATION;
  PIoCompletionBasicInformation = ^TIoCompletionBasicInformation;

type
  _PORT_MESSAGE = record
    DataSize: USHORT;
    MessageSize: USHORT;
    MessageType: USHORT;
    VirtualRangesOffset: USHORT;
    ClientId: CLIENT_ID;
    MessageId: ULONG;
    SectionSize: ULONG;
    // UCHAR Data[];
  end;
  PORT_MESSAGE = _PORT_MESSAGE;
  PPORT_MESSAGE = ^PORT_MESSAGE;
  TPortMessage = PORT_MESSAGE;
  PPortMessage = ^TPortMessage;

  _LPC_TYPE = (
    LPC_NEW_MESSAGE, // A new message
    LPC_REQUEST, // A request message
    LPC_REPLY, // A reply to a request message
    LPC_DATAGRAM, //
    LPC_LOST_REPLY, //
    LPC_PORT_CLOSED, // Sent when port is deleted
    LPC_CLIENT_DIED, // Messages to thread termination ports
    LPC_EXCEPTION, // Messages to thread exception port
    LPC_DEBUG_EVENT, // Messages to thread debug port
    LPC_ERROR_EVENT, // Used by ZwRaiseHardError
    LPC_CONNECTION_REQUEST); // Used by ZwConnectPort
  LPC_TYPE = _LPC_TYPE;
  TLpcType = LPC_TYPE;

  _PORT_SECTION_WRITE = record
    Length: ULONG;
    SectionHandle: HANDLE;
    SectionOffset: ULONG;
    ViewSize: ULONG;
    ViewBase: PVOID;
    TargetViewBase: PVOID;
  end;
  PORT_SECTION_WRITE = _PORT_SECTION_WRITE;
  PPORT_SECTION_WRITE = ^PORT_SECTION_WRITE;
  TPortSectionWrite = PORT_SECTION_WRITE;
  PPortSectionWrite = ^TPortSectionWrite;

  _PORT_SECTION_READ = record
    Length: ULONG;
    ViewSize: ULONG;
    ViewBase: ULONG;
  end;
  PORT_SECTION_READ = _PORT_SECTION_READ;
  PPORT_SECTION_READ = ^PORT_SECTION_READ;
  TPortSectionRead = PORT_SECTION_READ;
  PPortSectionRead = ^TPortSectionRead;

type
  _PORT_INFORMATION_CLASS = (PortBasicInformation);
  PORT_INFORMATION_CLASS = _PORT_INFORMATION_CLASS;
  TPortInformationClass = PORT_INFORMATION_CLASS;


type
  _PORT_BASIC_INFORMATION = record
  end;
  PORT_BASIC_INFORMATION = _PORT_BASIC_INFORMATION;
  PPORT_BASIC_INFORMATION = ^PORT_BASIC_INFORMATION;
  TPortBasicInformation = PORT_BASIC_INFORMATION;
  PPortBasicInformation = ^TPortBasicInformation;

type
  _FILE_GET_EA_INFORMATION = record
    NextEntryOffset: ULONG;
    EaNameLength: UCHAR;
    EaName: array[0..0] of CHAR;
  end;
  FILE_GET_EA_INFORMATION = _FILE_GET_EA_INFORMATION;
  PFILE_GET_EA_INFORMATION = ^FILE_GET_EA_INFORMATION;
  TFileGetEaInformation = FILE_GET_EA_INFORMATION;
  PFileGetEaInformation = ^TFileGetEaInformation;

type
  _FILE_FS_VOLUME_INFORMATION = record
    VolumeCreationTime: LARGE_INTEGER;
    VolumeSerialNumber: ULONG;
    VolumeLabelLength: ULONG;
    Unknown: UCHAR;
    VolumeLabel: array[0..0] of WCHAR;
  end;
  FILE_FS_VOLUME_INFORMATION = _FILE_FS_VOLUME_INFORMATION;
  PFILE_FS_VOLUME_INFORMATION = ^FILE_FS_VOLUME_INFORMATION;
  TFileFsVolumeInformation = FILE_FS_VOLUME_INFORMATION;
  PFileFsVolumeInformation = ^TFileFsVolumeInformation;

  _FILE_FS_LABEL_INFORMATION = record
    VolumeLabelLength: ULONG;
    VolumeLabel: WCHAR;
  end;
  FILE_FS_LABEL_INFORMATION = _FILE_FS_LABEL_INFORMATION;
  PFILE_FS_LABEL_INFORMATION = ^FILE_FS_LABEL_INFORMATION;
  TFileFsLabelInformation = FILE_FS_LABEL_INFORMATION;
  PFileFsLabelInformation = ^TFileFsLabelInformation;

  _FILE_FS_SIZE_INFORMATION = record
    TotalAllocationUnits: LARGE_INTEGER;
    AvailableAllocationUnits: LARGE_INTEGER;
    SectorsPerAllocationUnit: ULONG;
    BytesPerSector: ULONG;
  end;
  FILE_FS_SIZE_INFORMATION = _FILE_FS_SIZE_INFORMATION;
  PFILE_FS_SIZE_INFORMATION = ^FILE_FS_SIZE_INFORMATION;
  TFileFsSizeInformation = FILE_FS_SIZE_INFORMATION;
  PFileFsSizeInformation = ^TFileFsSizeInformation;

  _FILE_FS_ATTRIBUTE_INFORMATION = record
    FileSystemFlags: ULONG;
    MaximumComponentNameLength: ULONG;
    FileSystemNameLength: ULONG;
    FileSystemName: array[0..0] of WCHAR
  end;
  FILE_FS_ATTRIBUTE_INFORMATION = _FILE_FS_ATTRIBUTE_INFORMATION;
  PFILE_FS_ATTRIBUTE_INFORMATION = ^FILE_FS_ATTRIBUTE_INFORMATION;
  TFileFsAttributeInformation = FILE_FS_ATTRIBUTE_INFORMATION;
  PFileFsAttributeInformation = ^TFileFsAttributeInformation;

  _FILE_FS_CONTROL_INFORMATION = record
    Reserved: array[0..2] of LARGE_INTEGER;
    DefaultQuotaThreshold: LARGE_INTEGER;
    DefaultQuotaLimit: LARGE_INTEGER;
    QuotaFlags: ULONG;
  end;
  FILE_FS_CONTROL_INFORMATION = _FILE_FS_CONTROL_INFORMATION;
  PFILE_FS_CONTROL_INFORMATION = ^FILE_FS_CONTROL_INFORMATION;
  TFileFsControlInformation = FILE_FS_CONTROL_INFORMATION;
  PFileFsControlInformation = ^TFileFsControlInformation;

  _FILE_FS_FULL_SIZE_INFORMATION = record
    TotalQuotaAllocationUnits: LARGE_INTEGER;
    AvailableQuotaAllocationUnits: LARGE_INTEGER;
    AvailableAllocationUnits: LARGE_INTEGER;
    SectorsPerAllocationUnit: ULONG;
    BytesPerSector: ULONG;
  end;
  FILE_FS_FULL_SIZE_INFORMATION = _FILE_FS_FULL_SIZE_INFORMATION;
  PFILE_FS_FULL_SIZE_INFORMATION = ^FILE_FS_FULL_SIZE_INFORMATION;
  TFileFsFullSizeInformation = FILE_FS_FULL_SIZE_INFORMATION;
  PFileFsFullSizeInformation = ^TFileFsFullSizeInformation;

  _FILE_FS_OBJECT_ID_INFORMATION = record
    VolumeObjectId: UUID;
    VolumeObjectIdExtendedInfo: array[0..11] of ULONG;
  end;
  FILE_FS_OBJECT_ID_INFORMATION = _FILE_FS_OBJECT_ID_INFORMATION;
  PFILE_FS_OBJECT_ID_INFORMATION = ^FILE_FS_OBJECT_ID_INFORMATION;
  TFileFsObjectIdInformation = FILE_FS_OBJECT_ID_INFORMATION;
  PFileFsObjectIdInformation = ^TFileFsObjectIdInformation;

  _FILE_USER_QUOTA_INFORMATION = record
    NextEntryOffset: ULONG;
    SidLength: ULONG;
    ChangeTime: LARGE_INTEGER;
    QuotaUsed: LARGE_INTEGER;
    QuotaThreshold: LARGE_INTEGER;
    QuotaLimit: LARGE_INTEGER;
    Sid: array[0..0] of SID;
  end;
  FILE_USER_QUOTA_INFORMATION = _FILE_USER_QUOTA_INFORMATION;
  PFILE_USER_QUOTA_INFORMATION = ^FILE_USER_QUOTA_INFORMATION;
  TFileUserQuotaInformation = FILE_USER_QUOTA_INFORMATION;
  PFileUserQuotaInformation = ^TFileUserQuotaInformation;

  _FILE_QUOTA_LIST_INFORMATION = record
    NextEntryOffset: ULONG;
    SidLength: ULONG;
    Sid: array[0..0] of SID;
  end;
  FILE_QUOTA_LIST_INFORMATION = _FILE_QUOTA_LIST_INFORMATION;
  PFILE_QUOTA_LIST_INFORMATION = ^FILE_QUOTA_LIST_INFORMATION;
  TFileQuotaListInformation = FILE_QUOTA_LIST_INFORMATION;
  PFileQuotaListInformation = ^TFileQuotaListInformation;

type
  _FILE_DIRECTORY_INFORMATION = record // Information Class 1
    NextEntryOffset: ULONG;
    Unknown: ULONG;
    CreationTime: LARGE_INTEGER;
    LastAccessTime: LARGE_INTEGER;
    LastWriteTime: LARGE_INTEGER;
    ChangeTime: LARGE_INTEGER;
    EndOfFile: LARGE_INTEGER;
    AllocationSize: LARGE_INTEGER;
    FileAttributes: ULONG;
    FileNameLength: ULONG;
    FileName: array[0..0] of WCHAR
  end;
  FILE_DIRECTORY_INFORMATION = _FILE_DIRECTORY_INFORMATION;
  PFILE_DIRECTORY_INFORMATION = ^FILE_DIRECTORY_INFORMATION;
  TFileDirectoryInformation = FILE_DIRECTORY_INFORMATION;
  PFileDirectoryInformation = ^TFileDirectoryInformation;

  _FILE_FULL_DIRECTORY_INFORMATION = record // Information Class 2
    NextEntryOffset: ULONG;
    Unknown: ULONG;
    CreationTime: LARGE_INTEGER;
    LastAccessTime: LARGE_INTEGER;
    LastWriteTime: LARGE_INTEGER;
    ChangeTime: LARGE_INTEGER;
    EndOfFile: LARGE_INTEGER;
    AllocationSize: LARGE_INTEGER;
    FileAttributes: ULONG;
    FileNameLength: ULONG;
    EaInformationLength: ULONG;
    FileName: array[0..0] of WCHAR
  end;
  FILE_FULL_DIRECTORY_INFORMATION = _FILE_FULL_DIRECTORY_INFORMATION;
  PFILE_FULL_DIRECTORY_INFORMATION = ^FILE_FULL_DIRECTORY_INFORMATION;
  TFileFullDirectoryInformation = FILE_FULL_DIRECTORY_INFORMATION;
  PFileFullDirectoryInformation = ^TFileFullDirectoryInformation;

  _FILE_BOTH_DIRECTORY_INFORMATION = record // Information Class 3
    NextEntryOffset: ULONG;
    Unknown: ULONG;
    CreationTime: LARGE_INTEGER;
    LastAccessTime: LARGE_INTEGER;
    LastWriteTime: LARGE_INTEGER;
    ChangeTime: LARGE_INTEGER;
    EndOfFile: LARGE_INTEGER;
    AllocationSize: LARGE_INTEGER;
    FileAttributes: ULONG;
    FileNameLength: ULONG;
    EaInformationLength: ULONG;
    AlternateNameLength: UCHAR;
    AlternateName: array[0..11] of WCHAR;
    FileName: array[0..0] of WCHAR;
  end;
  FILE_BOTH_DIRECTORY_INFORMATION = _FILE_BOTH_DIRECTORY_INFORMATION;
  PFILE_BOTH_DIRECTORY_INFORMATION = ^FILE_BOTH_DIRECTORY_INFORMATION;
  TFileBothDirectoryInformation = FILE_BOTH_DIRECTORY_INFORMATION;
  PFileBothDirectoryInformation = ^TFileBothDirectoryInformation;

  _FILE_INTERNAL_INFORMATION = record // Information Class 6
    FileId: LARGE_INTEGER;
  end;
  FILE_INTERNAL_INFORMATION = _FILE_INTERNAL_INFORMATION;
  PFILE_INTERNAL_INFORMATION = ^FILE_INTERNAL_INFORMATION;
  TFileInternalInformation = FILE_INTERNAL_INFORMATION;
  PFileInternalInformation = ^TFileInternalInformation;

  _FILE_EA_INFORMATION = record // Information Class 7
    EaInformationLength: ULONG;
  end;
  FILE_EA_INFORMATION = _FILE_EA_INFORMATION;
  PFILE_EA_INFORMATION = ^FILE_EA_INFORMATION;
  TFileEaInformation = FILE_EA_INFORMATION;
  PFileEaInformation = ^TFileEaInformation;

  _FILE_ACCESS_INFORMATION = record // Information Class 8
    GrantedAccess: ACCESS_MASK;
  end;
  FILE_ACCESS_INFORMATION = _FILE_ACCESS_INFORMATION;
  PFILE_ACCESS_INFORMATION = ^FILE_ACCESS_INFORMATION;
  TFileAccessInformation = FILE_ACCESS_INFORMATION;
  PFileAccessInformation = ^TFileAccessInformation;

  _FILE_NAME_INFORMATION = record // Information Classes 9 and 21
    FileNameLength: ULONG;
    FileName: array[0..0] of WCHAR;
  end;
  FILE_NAME_INFORMATION = _FILE_NAME_INFORMATION;
  PFILE_NAME_INFORMATION = ^FILE_NAME_INFORMATION;
  FILE_ALTERNATE_NAME_INFORMATION = _FILE_NAME_INFORMATION;
  PFILE_ALTERNATE_NAME_INFORMATION = ^FILE_ALTERNATE_NAME_INFORMATION;
  TFileNameInformation = FILE_NAME_INFORMATION;
  PFileNameInformation = ^TFileNameInformation;

  _FILE_LINK_RENAME_INFORMATION = record // Info Classes 10 and 11
    ReplaceIfExists: ByteBool;
    RootDirectory: HANDLE;
    FileNameLength: ULONG;
    FileName: array[0..0] of WCHAR;
  end;
  FILE_LINK_INFORMATION = _FILE_LINK_RENAME_INFORMATION;
  PFILE_LINK_INFORMATION = ^FILE_LINK_INFORMATION;
  FILE_RENAME_INFORMATION = _FILE_LINK_RENAME_INFORMATION;
  PFILE_RENAME_INFORMATION = ^FILE_RENAME_INFORMATION;
  TFileLinkInformation = FILE_LINK_INFORMATION;
  PFileLinkInformation = ^TFileLinkInformation;

  _FILE_NAMES_INFORMATION = record // Information Class 12
    NextEntryOffset: ULONG;
    Unknown: ULONG;
    FileNameLength: ULONG;
    FileName: array[0..0] of WCHAR;
  end;
  FILE_NAMES_INFORMATION = _FILE_NAMES_INFORMATION;
  PFILE_NAMES_INFORMATION = ^FILE_NAMES_INFORMATION;
  TFileNamesInformation = FILE_NAMES_INFORMATION;
  PFileNamesInformation = ^TFileNamesInformation;

  _FILE_MODE_INFORMATION = record // Information Class 16
    Mode: ULONG;
  end;
  FILE_MODE_INFORMATION = _FILE_MODE_INFORMATION;
  PFILE_MODE_INFORMATION = ^FILE_MODE_INFORMATION;
  TFileModeInformation = FILE_MODE_INFORMATION;
  PFileModeInformation = ^TFileModeInformation;

  _FILE_ALL_INFORMATION = record // Information Class 18
    BasicInformation: FILE_BASIC_INFORMATION;
    StandardInformation: FILE_STANDARD_INFORMATION;
    InternalInformation: FILE_INTERNAL_INFORMATION;
    EaInformation: FILE_EA_INFORMATION;
    AccessInformation: FILE_ACCESS_INFORMATION;
    PositionInformation: FILE_POSITION_INFORMATION;
    ModeInformation: FILE_MODE_INFORMATION;
    AlignmentInformation: FILE_ALIGNMENT_INFORMATION;
    NameInformation: FILE_NAME_INFORMATION;
  end;
  FILE_ALL_INFORMATION = _FILE_ALL_INFORMATION;
  PFILE_ALL_INFORMATION = ^FILE_ALL_INFORMATION;
  TFileAllInformation = FILE_ALL_INFORMATION;
  PFileAllInformation = ^TFileAllInformation;

  _FILE_ALLOCATION_INFORMATION = record // Information Class 19
    AllocationSize: LARGE_INTEGER;
  end;
  FILE_ALLOCATION_INFORMATION = _FILE_ALLOCATION_INFORMATION;
  PFILE_ALLOCATION_INFORMATION = ^FILE_ALLOCATION_INFORMATION;
  TFileAllocationInformation = FILE_ALLOCATION_INFORMATION;
  PFileAllocationInformation = ^TFileAllocationInformation;

  _FILE_STREAM_INFORMATION = record // Information Class 22
    NextEntryOffset: ULONG;
    StreamNameLength: ULONG;
    EndOfStream: LARGE_INTEGER;
    AllocationSize: LARGE_INTEGER;
    StreamName: array[0..0] of WCHAR;
  end;
  FILE_STREAM_INFORMATION = _FILE_STREAM_INFORMATION;
  PFILE_STREAM_INFORMATION = ^FILE_STREAM_INFORMATION;
  TFileStreamInformation = FILE_STREAM_INFORMATION;
  PFileStreamInformation = ^TFileStreamInformation;

  _FILE_PIPE_INFORMATION = record // Information Class 23
    ReadModeMessage: ULONG;
    WaitModeBlocking: ULONG;
  end;
  FILE_PIPE_INFORMATION = _FILE_PIPE_INFORMATION;
  PFILE_PIPE_INFORMATION = ^FILE_PIPE_INFORMATION;
  TFilePipeInformation = FILE_PIPE_INFORMATION;
  PFilePipeInformation = ^TFilePipeInformation;

  _FILE_PIPE_LOCAL_INFORMATION = record // Information Class 24
    MessageType: ULONG;
    Unknown1: ULONG;
    MaxInstances: ULONG;
    CurInstances: ULONG;
    InBufferSize: ULONG;
    Unknown2: ULONG;
    OutBufferSize: ULONG;
    Unknown3: array[0..1] of ULONG;
    ServerEnd: ULONG;
  end;
  FILE_PIPE_LOCAL_INFORMATION = _FILE_PIPE_LOCAL_INFORMATION;
  PFILE_PIPE_LOCAL_INFORMATION = ^FILE_PIPE_LOCAL_INFORMATION;
  TFilePipeLocalInformation = FILE_PIPE_LOCAL_INFORMATION;
  PFilePipeLocalInformation = ^TFilePipeLocalInformation;

  _FILE_PIPE_REMOTE_INFORMATION = record // Information Class 25
    CollectDataTimeout: LARGE_INTEGER;
    MaxCollectionCount: ULONG;
  end;
  FILE_PIPE_REMOTE_INFORMATION = _FILE_PIPE_REMOTE_INFORMATION;
  PFILE_PIPE_REMOTE_INFORMATION = ^FILE_PIPE_REMOTE_INFORMATION;
  TFilePipeRemoteInformation = FILE_PIPE_REMOTE_INFORMATION;
  PFilePipeRemoteInformation = ^TFilePipeRemoteInformation;

  _FILE_MAILSLOT_QUERY_INFORMATION = record // Information Class 26
    MaxMessageSize: ULONG;
    Unknown: ULONG;
    NextSize: ULONG;
    MessageCount: ULONG;
    ReadTimeout: LARGE_INTEGER;
  end;
  FILE_MAILSLOT_QUERY_INFORMATION = _FILE_MAILSLOT_QUERY_INFORMATION;
  PFILE_MAILSLOT_QUERY_INFORMATION = ^FILE_MAILSLOT_QUERY_INFORMATION;
  TFileMailslotQueryInformation = FILE_MAILSLOT_QUERY_INFORMATION;
  PFileMailslotQueryInformation = ^TFileMailslotQueryInformation;

  _FILE_MAILSLOT_SET_INFORMATION = record // Information Class 27
    ReadTimeout: LARGE_INTEGER;
  end;
  FILE_MAILSLOT_SET_INFORMATION = _FILE_MAILSLOT_SET_INFORMATION;
  PFILE_MAILSLOT_SET_INFORMATION = ^FILE_MAILSLOT_SET_INFORMATION;
  TFileMailslotSetInformation = FILE_MAILSLOT_SET_INFORMATION;
  PFileMailslotSetInformation = ^TFileMailslotSetInformation;

  _FILE_COMPRESSION_INFORMATION = record // Information Class 28
    CompressedSize: LARGE_INTEGER;
    CompressionFormat: USHORT;
    CompressionUnitShift: UCHAR;
    Unknown: UCHAR;
    ClusterSizeShift: UCHAR;
  end;
  FILE_COMPRESSION_INFORMATION = _FILE_COMPRESSION_INFORMATION;
  PFILE_COMPRESSION_INFORMATION = ^FILE_COMPRESSION_INFORMATION;
  TFileCompressionInformation = FILE_COMPRESSION_INFORMATION;
  PFileCompressionInformation = ^TFileCompressionInformation;

  _FILE_COMPLETION_INFORMATION = record // Information Class 30
    IoCompletionHandle: HANDLE;
    CompletionKey: ULONG;
  end;
  FILE_COMPLETION_INFORMATION = _FILE_COMPLETION_INFORMATION;
  PFILE_COMPLETION_INFORMATION = ^FILE_COMPLETION_INFORMATION;
  TFileCompletionInformation = FILE_COMPLETION_INFORMATION;
  PFileCompletionInformation = ^TFileCompletionInformation;

type
  PEXECUTION_STATE = ^EXECUTION_STATE;
  PExecutionState = PEXECUTION_STATE;


type
  PLANGID = ^LANGID;
type
  _ATOM_INFORMATION_CLASS = (AtomBasicInformation, AtomListInformation);
  ATOM_INFORMATION_CLASS = _ATOM_INFORMATION_CLASS;
  TAtomInformationClass = ATOM_INFORMATION_CLASS;

type
  _ATOM_BASIC_INFORMATION = record
    ReferenceCount: USHORT;
    Pinned: USHORT;
    NameLength: USHORT;
    Name: array[0..0] of WCHAR;
  end;
  ATOM_BASIC_INFORMATION = _ATOM_BASIC_INFORMATION;
  PATOM_BASIC_INFORMATION = ^ATOM_BASIC_INFORMATION;
  TAtomBasicInformation = ATOM_BASIC_INFORMATION;
  PAtomBasicInformation = ^TAtomBasicInformation;

  _ATOM_LIST_INFORMATION = record
    NumberOfAtoms: ULONG;
    Atoms: array[0..0] of ATOM;
  end;
  ATOM_LIST_INFORMATION = _ATOM_LIST_INFORMATION;
  PATOM_LIST_INFORMATION = ^ATOM_LIST_INFORMATION;
  TAtomListInformation = ATOM_LIST_INFORMATION;
  PAtomListInformation = ^TAtomListInformation;

//==============================================================================
// NTFS on disk structure structures
//==============================================================================

type
  _NTFS_RECORD_HEADER = record
    Type_: ULONG;
    UsaOffset: USHORT;
    UsaCount: USHORT;
    Usn: USN;
  end;
  NTFS_RECORD_HEADER = _NTFS_RECORD_HEADER;
  PNTFS_RECORD_HEADER = ^NTFS_RECORD_HEADER;
  TNtfsRecordHeader = NTFS_RECORD_HEADER;
  PNtfsRecordHeader = ^TNtfsRecordHeader;

  _FILE_RECORD_HEADER = record
    Ntfs: NTFS_RECORD_HEADER;
    SequenceNumber: USHORT;
    LinkCount: USHORT;
    AttributesOffset: USHORT;
    Flags: USHORT; // 0x0001 = InUse, 0x0002 = Directory
    BytesInUse: ULONG;
    BytesAllocated: ULONG;
    BaseFileRecord: ULONGLONG;
    NextAttributeNumber: USHORT;
  end;
  FILE_RECORD_HEADER = _FILE_RECORD_HEADER;
  PFILE_RECORD_HEADER = ^FILE_RECORD_HEADER;
  TFileRecordHeader = FILE_RECORD_HEADER;
  PFileRecordHeader = ^TFileRecordHeader;

const
  AttributeStandardInformation = $10;
  AttributeAttributeList = $20;
  AttributeFileName = $30;
  AttributeObjectId = $40;
  AttributeSecurityDescriptor = $50;
  AttributeVolumeName = $60;
  AttributeVolumeInformation = $70;
  AttributeData = $80;
  AttributeIndexRoot = $90;
  AttributeIndexAllocation = $A0;
  AttributeBitmap = $B0;
  AttributeReparsePoint = $C0;
  AttributeEAInformation = $D0;
  AttributeEA = $E0;
  AttributePropertySet = $F0;
  AttributeLoggedUtilityStream = $100;

type
  ATTRIBUTE_TYPE = AttributeStandardInformation..AttributeLoggedUtilityStream;
  PATTRIBUTE_TYPE = ^ATTRIBUTE_TYPE;
  TAttributeType = ATTRIBUTE_TYPE;

  _ATTRIBUTE = record
    AttributeType: ATTRIBUTE_TYPE;
    Length: ULONG;
    Nonresident: ByteBool;
    NameLength: UCHAR;
    NameOffset: USHORT;
    Flags: USHORT; // 0x0001 = Compressed
    AttributeNumber: USHORT;
  end;
  ATTRIBUTE = _ATTRIBUTE;
  PATTRIBUTE = ^ATTRIBUTE;
  TAttribute = ATTRIBUTE;

  _RESIDENT_ATTRIBUTE = record
    Attribute: ATTRIBUTE;
    ValueLength: ULONG;
    ValueOffset: USHORT;
    Flags: USHORT; // 0x0001 = Indexed
  end;
  RESIDENT_ATTRIBUTE = _RESIDENT_ATTRIBUTE;
  PRESIDENT_ATTRIBUTE = ^RESIDENT_ATTRIBUTE;
  TResidentAttribute = RESIDENT_ATTRIBUTE;
  PResidentAttribute = ^TResidentAttribute;

  _NONRESIDENT_ATTRIBUTE = record
    Attribute: ATTRIBUTE;
    LowVcn: ULONGLONG;
    HighVcn: ULONGLONG;
    RunArrayOffset: USHORT;
    CompressionUnit: UCHAR;
    AlignmentOrReserved: array[0..4] of UCHAR;
    AllocatedSize: ULONGLONG;
    DataSize: ULONGLONG;
    InitializedSize: ULONGLONG;
    CompressedSize: ULONGLONG; // Only when compressed
  end;
  NONRESIDENT_ATTRIBUTE = _NONRESIDENT_ATTRIBUTE;
  PNONRESIDENT_ATTRIBUTE = ^NONRESIDENT_ATTRIBUTE;
  TNonResidentAttribute = NONRESIDENT_ATTRIBUTE;
  PNonResidentAttribute = ^TNonResidentAttribute;

  _STANDARD_INFORMATION = record
    CreationTime: ULONGLONG;
    ChangeTime: ULONGLONG;
    LastWriteTime: ULONGLONG;
    LastAccessTime: ULONGLONG;
    FileAttributes: ULONG;
    AlignmentOrReservedOrUnknown: array[0..2] of ULONG;
    QuotaId: ULONG; // NTFS 3.0 only
    SecurityId: ULONG; // NTFS 3.0 only
    QuotaCharge: ULONGLONG; // NTFS 3.0 only
    Usn: USN; // NTFS 3.0 only
  end;
  STANDARD_INFORMATION = _STANDARD_INFORMATION;
  PSTANDARD_INFORMATION = ^STANDARD_INFORMATION;
  TStandardInformation = STANDARD_INFORMATION;
  PStandardInformation = ^TStandardInformation;

  _ATTRIBUTE_LIST = record
    AttributeType: ATTRIBUTE_TYPE;
    Length: USHORT;
    NameLength: UCHAR;
    NameOffset: UCHAR;
    LowVcn: ULONGLONG;
    FileReferenceNumber: ULONGLONG;
    AttributeNumber: USHORT;
    AlignmentOrReserved: array[0..2] of USHORT;
  end;
  ATTRIBUTE_LIST = _ATTRIBUTE_LIST;
  PATTRIBUTE_LIST = ^ATTRIBUTE_LIST;
  TAttributeList = ATTRIBUTE_LIST;
  PAttributeList = ^TAttributeList;

  _FILENAME_ATTRIBUTE = record
    DirectoryFileReferenceNumber: ULONGLONG;
    CreationTime: ULONGLONG; // Saved when filename last changed
    ChangeTime: ULONGLONG; // ditto
    LastWriteTime: ULONGLONG; // ditto
    LastAccessTime: ULONGLONG; // ditto
    AllocatedSize: ULONGLONG; // ditto
    DataSize: ULONGLONG; // ditto
    FileAttributes: ULONG; // ditto
    AlignmentOrReserved: ULONG;
    NameLength: UCHAR;
    NameType: UCHAR; // 0x01 = Long, 0x02 = Short
    Name: array[0..0] of UCHAR;
  end;
  FILENAME_ATTRIBUTE = _FILENAME_ATTRIBUTE;
  PFILENAME_ATTRIBUTE = ^FILENAME_ATTRIBUTE;
  TFilenameAttribute = FILENAME_ATTRIBUTE;
  PFilenameAttribute = ^TFilenameAttribute;

  _OBJECTID_ATTRIBUTE = record
    ObjectId: GUID;
    case Integer of
      0: (
        BirthVolumeId: GUID;
        BirthObjectId: GUID;
        DomainId: GUID);
      1: (
        ExtendedInfo: array[0..47] of UCHAR
        );
  end;
  OBJECTID_ATTRIBUTE = _OBJECTID_ATTRIBUTE;
  POBJECTID_ATTRIBUTE = ^OBJECTID_ATTRIBUTE;
  TObjectIdAttribute = OBJECTID_ATTRIBUTE;
  PObjectIdAttribute = ^TObjectIdAttribute;

  _VOLUME_INFORMATION = record
    Unknown: array[0..1] of ULONG;
    MajorVersion: UCHAR;
    MinorVersion: UCHAR;
    Flags: USHORT;
  end;
  VOLUME_INFORMATION = _VOLUME_INFORMATION;
  PVOLUME_INFORMATION = ^VOLUME_INFORMATION;
  TVolumeInformation = VOLUME_INFORMATION;
  PVolumeInformation = ^TVolumeInformation;

  _DIRECTORY_INDEX = record
    EntriesOffset: ULONG;
    IndexBlockLength: ULONG;
    AllocatedSize: ULONG;
    Flags: ULONG; // 0x00 = Small directory, 0x01 = Large directory
  end;
  DIRECTORY_INDEX = _DIRECTORY_INDEX;
  PDIRECTORY_INDEX = ^DIRECTORY_INDEX;
  TDirectoryIndex = DIRECTORY_INDEX;
  PDirectoryIndex = ^TDirectoryIndex;

  _DIRECTORY_ENTRY = record
    FileReferenceNumber: ULONGLONG;
    Length: USHORT;
    AttributeLength: USHORT;
    Flags: ULONG; // 0x01 = Has trailing VCN, 0x02 = Last entry
    // FILENAME_ATTRIBUTE Name;
    // ULONGLONG Vcn;       // VCN in IndexAllocation of earlier entries
  end;
  DIRECTORY_ENTRY = _DIRECTORY_ENTRY;
  PDIRECTORY_ENTRY = ^DIRECTORY_ENTRY;
  TDirectoryEntry = DIRECTORY_ENTRY;
  PDirectoryEntry = ^TDirectoryEntry;

  _INDEX_ROOT = record
    Type_: ATTRIBUTE_TYPE;
    CollationRule: ULONG;
    BytesPerIndexBlock: ULONG;
    ClustersPerIndexBlock: ULONG;
    DirectoryIndex: DIRECTORY_INDEX;
  end;
  INDEX_ROOT = _INDEX_ROOT;
  PINDEX_ROOT = ^INDEX_ROOT;
  TIndexRoot = INDEX_ROOT;
  PIndexRoot = ^TIndexRoot;

  _INDEX_BLOCK_HEADER = record
    Ntfs: NTFS_RECORD_HEADER;
    IndexBlockVcn: ULONGLONG;
    DirectoryIndex: DIRECTORY_INDEX;
  end;
  INDEX_BLOCK_HEADER = _INDEX_BLOCK_HEADER;
  PINDEX_BLOCK_HEADER = ^INDEX_BLOCK_HEADER;
  TIndexBlockHeader = _INDEX_BLOCK_HEADER;
  PIndexBlockHeader = ^TIndexBlockHeader;

  _REPARSE_POINT = record
    ReparseTag: ULONG;
    ReparseDataLength: USHORT;
    Reserved: USHORT;
    ReparseData: array[0..0] of UCHAR;
  end;
  REPARSE_POINT = _REPARSE_POINT;
  PREPARSE_POINT = ^REPARSE_POINT;
  TReparsePoint = REPARSE_POINT;
  PReparsePoint = ^TReparsePoint;

  _EA_INFORMATION = record
    EaLength: ULONG;
    EaQueryLength: ULONG;
  end;
  EA_INFORMATION = _EA_INFORMATION;
  PEA_INFORMATION = ^EA_INFORMATION;
  TEaInformation = EA_INFORMATION;
  PEaInformation = ^TEaInformation;

  _EA_ATTRIBUTE = record
    NextEntryOffset: ULONG;
    Flags: UCHAR;
    EaNameLength: UCHAR;
    EaValueLength: USHORT;
    EaName: array[0..0] of CHAR;
    // UCHAR EaData[];
  end;
  EA_ATTRIBUTE = _EA_ATTRIBUTE;
  PEA_ATTRIBUTE = ^EA_ATTRIBUTE;
  TEaAttribute = EA_ATTRIBUTE;
  PEaAttribute = ^TEaAttribute;

  _ATTRIBUTE_DEFINITION = record
    AttributeName: array[0..63] of WCHAR;
    AttributeNumber: ULONG;
    Unknown: array[0..1] of ULONG;
    Flags: ULONG;
    MinimumSize: ULONGLONG;
    MaximumSize: ULONGLONG;
  end;
  ATTRIBUTE_DEFINITION = _ATTRIBUTE_DEFINITION;
  PATTRIBUTE_DEFINITION = ^ATTRIBUTE_DEFINITION;
  TAttributeDefinition = ATTRIBUTE_DEFINITION;
  PAttributeDefinition = ^TAttributeDefinition;

  _BOOT_BLOCK = record
    Jump: array[0..2] of UCHAR;
    Format: array[0..7] of UCHAR;
    BytesPerSector: USHORT;
    SectorsPerCluster: UCHAR;
    BootSectors: USHORT;
    Mbz1: UCHAR;
    Mbz2: USHORT;
    Reserved1: USHORT;
    MediaType: UCHAR;
    Mbz3: USHORT;
    SectorsPerTrack: USHORT;
    NumberOfHeads: USHORT;
    PartitionOffset: ULONG;
    Reserved2: array[0..1] of ULONG;
    TotalSectors: ULONGLONG;
    MftStartLcn: ULONGLONG;
    Mft2StartLcn: ULONGLONG;
    ClustersPerFileRecord: ULONG;
    ClustersPerIndexBlock: ULONG;
    VolumeSerialNumber: ULONGLONG;
    Code: array[0..$1AD] of UCHAR;
    BootSignature: USHORT;
  end;
  BOOT_BLOCK = _BOOT_BLOCK;
  PBOOT_BLOCK = ^BOOT_BLOCK;
  TBootBlock = BOOT_BLOCK;
  PBootBlock = ^TBootBlock;

const
  DBG_STATUS_CONTROL_C = 1;
  DBG_STATUS_SYSRQ = 2;
  DBG_STATUS_BUGCHECK_FIRST = 3;
  DBG_STATUS_BUGCHECK_SECOND = 4;
  DBG_STATUS_FATAL = 5;
  DBG_STATUS_DEBUG_CONTROL = 6;

//function DbgPrint(Format: PCH; ...): ULONG; cdecl;
//function DbgPrintReturnControlC(Format: PCH; ...): ULONG; cdecl;

//==============================================================================
// Runtime Library
//==============================================================================

const
  RTL_RANGE_LIST_ADD_IF_CONFLICT = $00000001;
  RTL_RANGE_LIST_ADD_SHARED = $00000002;

const
  RTL_RANGE_LIST_SHARED_OK = $00000001;
  RTL_RANGE_LIST_NULL_CONFLICT_OK = $00000002;

type
  PRTL_CONFLICT_RANGE_CALLBACK = function(Context: PVOID; Range: PRTL_RANGE): ByteBool; stdcall;

type
  _OSVERSIONINFOW = record
    dwOSVersionInfoSize: ULONG;
    dwMajorVersion: ULONG;
    dwMinorVersion: ULONG;
    dwBuildNumber: ULONG;
    dwPlatformId: ULONG;
    szCSDVersion: array[0..127] of WCHAR; // Maintenance string for PSS usage
  end;
  OSVERSIONINFOW = _OSVERSIONINFOW;
  POSVERSIONINFOW = ^OSVERSIONINFOW;
  LPOSVERSIONINFOW = ^OSVERSIONINFOW;
  RTL_OSVERSIONINFOW = OSVERSIONINFOW;
  PRTL_OSVERSIONINFOW = ^OSVERSIONINFOW;

  TOsVersionInfoW = OSVERSIONINFOW;
  //POsVersionInfoW = ^TOsVersionInfoW;

  OSVERSIONINFO = OSVERSIONINFOW;
  POSVERSIONINFO = POSVERSIONINFOW;
  LPOSVERSIONINFO = LPOSVERSIONINFOW;

const
  VER_PLATFORM_WIN32s = 0;
  VER_PLATFORM_WIN32_WINDOWS = 1;
  VER_PLATFORM_WIN32_NT = 2;

type
  _RTL_BITMAP = record
    SizeOfBitMap: ULONG; // Number of bits in bit map
    Buffer: PULONG; // Pointer to the bit map itself
  end;
  RTL_BITMAP = _RTL_BITMAP;
  PRTL_BITMAP = ^RTL_BITMAP;
  TRtlBitmap = RTL_BITMAP;
  PRtlBitmap = ^TRtlBitmap;

const
  RTL_REGISTRY_ABSOLUTE = 0; // Path is a full path
  RTL_REGISTRY_SERVICES = 1; // \Registry\Machine\System\CurrentControlSet\Services
  RTL_REGISTRY_CONTROL = 2; // \Registry\Machine\System\CurrentControlSet\Control
  RTL_REGISTRY_WINDOWS_NT = 3; // \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion
  RTL_REGISTRY_DEVICEMAP = 4; // \Registry\Machine\Hardware\DeviceMap
  RTL_REGISTRY_USER = 5; // \Registry\User\CurrentUser
  RTL_REGISTRY_MAXIMUM = 6;
  RTL_REGISTRY_HANDLE = $40000000; // Low order bits are registry handle
  RTL_REGISTRY_OPTIONAL = $80000000; // Indicates the key node is optional

type
  _TIME_FIELDS = record
    Year: CSHORT; // range [1601...]
    Month: CSHORT; // range [1..12]
    Day: CSHORT; // range [1..31]
    Hour: CSHORT; // range [0..23]
    Minute: CSHORT; // range [0..59]
    Second: CSHORT; // range [0..59]
    Milliseconds: CSHORT; // range [0..999]
    Weekday: CSHORT; // range [0..6] == [Sunday..Saturday]
  end;
  TIME_FIELDS = _TIME_FIELDS;
  PTIME_FIELDS = ^TIME_FIELDS;
  TTimeFields = TIME_FIELDS;
  PTimeFields = ^TTimeFields;

type
  _OSVERSIONINFOEXW = record
    dwOSVersionInfoSize: ULONG;
    dwMajorVersion: ULONG;
    dwMinorVersion: ULONG;
    dwBuildNumber: ULONG;
    dwPlatformId: ULONG;
    szCSDVersion: array[0..127] of WCHAR; // Maintenance string for PSS usage
    wServicePackMajor: USHORT;
    wServicePackMinor: USHORT;
    wSuiteMask: USHORT;
    wProductType: UCHAR;
    wReserved: UCHAR;
  end;
  OSVERSIONINFOEXW = _OSVERSIONINFOEXW;
  POSVERSIONINFOEXW = ^OSVERSIONINFOEXW;
  LPOSVERSIONINFOEXW = ^OSVERSIONINFOEXW;
  RTL_OSVERSIONINFOEXW = OSVERSIONINFOEXW;
  PRTL_OSVERSIONINFOEXW = ^OSVERSIONINFOEXW;

  TOsVersionInfoExW = OSVERSIONINFOEXW;
  //POsVersionInfoExW = ^TOsVersionInfoExW;

  OSVERSIONINFOEX = OSVERSIONINFOEXW;
  POSVERSIONINFOEX = POSVERSIONINFOEXW;
  LPOSVERSIONINFOEX = LPOSVERSIONINFOEXW;

//
// RtlVerifyVersionInfo() conditions
//

const
  VER_EQUAL = 1;
  VER_GREATER = 2;
  VER_GREATER_EQUAL = 3;
  VER_LESS = 4;
  VER_LESS_EQUAL = 5;
  VER_AND = 6;
  VER_OR = 7;

  VER_CONDITION_MASK = 7;
  VER_NUM_BITS_PER_CONDITION_MASK = 3;

//
// RtlVerifyVersionInfo() type mask bits
//

  VER_MINORVERSION = $0000001;
  VER_MAJORVERSION = $0000002;
  VER_BUILDNUMBER = $0000004;
  VER_PLATFORMID = $0000008;
  VER_SERVICEPACKMINOR = $0000010;
  VER_SERVICEPACKMAJOR = $0000020;
  VER_SUITENAME = $0000040;
  VER_PRODUCT_TYPE = $0000080;

//
// RtlVerifyVersionInfo() os product type values
//

  VER_NT_WORKSTATION = $0000001;
  VER_NT_DOMAIN_CONTROLLER = $0000002;
  VER_NT_SERVER = $0000003;

//
// Related constant(s) for RtlDetermineDosPathNameType_U()
//
  INVALID_PATH = 0;
  UNC_PATH = 1;
  ABSOLUTE_DRIVE_PATH = 2;
  RELATIVE_DRIVE_PATH = 3;
  ABSOLUTE_PATH = 4;
  RELATIVE_PATH = 5;
  DEVICE_PATH = 6;
  UNC_DOT_PATH = 7;

type
  PRTL_QUERY_REGISTRY_ROUTINE = function(ValueName: PWSTR; ValueType: ULONG;
    ValueData: PVOID; ValueLength: ULONG; Context, EntryContext: PVOID): NTSTATUS; stdcall;

  _RTL_QUERY_REGISTRY_TABLE = record
    QueryRoutine: PRTL_QUERY_REGISTRY_ROUTINE;
    Flags: ULONG;
    Name: PWSTR;
    EntryContext: PVOID;
    DefaultType: ULONG;
    DefaultData: PVOID;
    DefaultLength: ULONG;
  end;
  RTL_QUERY_REGISTRY_TABLE = _RTL_QUERY_REGISTRY_TABLE;
  PRTL_QUERY_REGISTRY_TABLE = ^RTL_QUERY_REGISTRY_TABLE;
  TRtlQueryRegistryTable = RTL_QUERY_REGISTRY_TABLE;
  PRtlQueryRegistryTable = ^TRtlQueryRegistryTable;

  REFGUID = ^GUID;
  TRefGuid = REFGUID;

const
  // Should be defined, but isn't
  HEAP_ZERO_MEMORY = $00000008;

type
// =================================================================
// PROCESS ENVIRONMENT BLOCK (PEB)
// =================================================================

// Verified in XP using WinDbg
  _LDR_DATA_TABLE_ENTRY = record // not packed!
    case Integer of
  (*   *)0: (
  (*000*)InLoadOrderLinks: LIST_ENTRY
        );
  (*   *)1: (
  (*000*)InMemoryOrderLinks: LIST_ENTRY
        );
  (*   *)2: (
  (*000*)InInitializationOrderLinks: LIST_ENTRY;
  (*008*)DllBase: PVOID;
  (*00c*)EntryPoint: PVOID;
  (*010*)SizeOfImage: ULONG;
  (*014*)FullDllName: UNICODE_STRING;
  (*01c*)BaseDllName: UNICODE_STRING;
  (*024*)Flags: ULONG;
  (*028*)LoadCount: USHORT;
  (*02a*)TlsIndex: USHORT;
  (*02c*)HashLinks: LIST_ENTRY;
  (*034*)SectionPointer: PVOID;
  (*038*)CheckSum: ULONG;
  (*03C*)TimeDateStamp: ULONG;
  (*040*)LoadedImports: PVOID;
  (*044*)EntryPointActivationContext: PVOID; // PACTIVATION_CONTEXT
  (*048*)PatchInformation: PVOID;
        )
  end;
  LDR_DATA_TABLE_ENTRY = _LDR_DATA_TABLE_ENTRY;
  PLDR_DATA_TABLE_ENTRY = ^_LDR_DATA_TABLE_ENTRY;
  PPLDR_DATA_TABLE_ENTRY = ^PLDR_DATA_TABLE_ENTRY;
  TLdrDataTableEntry = _LDR_DATA_TABLE_ENTRY;
  PLdrDataTableEntry = ^_LDR_DATA_TABLE_ENTRY;

// Verified in XP using WinDbg
  _PEB_LDR_DATA = record // not packed!
  (*000*)Length: ULONG;
  (*004*)Initialized: BOOLEAN;
  (*008*)SsHandle: PVOID;
  (*00c*)InLoadOrderModuleList: LIST_ENTRY;
  (*014*)InMemoryOrderModuleList: LIST_ENTRY;
  (*01c*)InInitializationOrderModuleList: LIST_ENTRY;
  (*024*)EntryInProgress: PVOID;
  end;
  PEB_LDR_DATA = _PEB_LDR_DATA;
  PPEB_LDR_DATA = ^_PEB_LDR_DATA;
  PPPEB_LDR_DATA = ^PPEB_LDR_DATA;
  TPebLdrData = _PEB_LDR_DATA;
  PPebLdrData = ^_PEB_LDR_DATA;

// Verified in XP using WinDbg
  _RTL_DRIVE_LETTER_CURDIR = record // not packed!
  (*000*)Flags: USHORT;
  (*002*)Length: USHORT;
  (*004*)TimeStamp: ULONG;
  (*008*)DosPath: _STRING;
  end;
  RTL_DRIVE_LETTER_CURDIR = _RTL_DRIVE_LETTER_CURDIR;
  PRTL_DRIVE_LETTER_CURDIR = ^_RTL_DRIVE_LETTER_CURDIR;
  PPRTL_DRIVE_LETTER_CURDIR = ^PRTL_DRIVE_LETTER_CURDIR;
  TRtlDriveLetterCurdir = _RTL_DRIVE_LETTER_CURDIR;
  PRtlDriveLetterCurdir = ^_RTL_DRIVE_LETTER_CURDIR;

  _CURDIR = record // not packed!
  (*000*)DosPath: UNICODE_STRING;
  (*008*)Handle: HANDLE;
  end;
  CURDIR = _CURDIR;
  PCURDIR = ^_CURDIR;
  PPCURDIR = ^PCURDIR;
  TCurdir = _CURDIR;
// PCurdir = ^_CURDIR; // <--- Pascal is case-insensitive

// Verified in XP using WinDbg
  _RTL_USER_PROCESS_PARAMETERS = record // not packed!
  (*000*)MaximumLength: ULONG;
  (*004*)Length: ULONG;
  (*008*)Flags: ULONG; // Bit 0: all pointers normalized
  (*00c*)DebugFlags: ULONG;
  (*010*)ConsoleHandle: HANDLE;
  (*014*)ConsoleFlags: ULONG;
  (*018*)StandardInput: HANDLE;
  (*01c*)StandardOutput: HANDLE;
  (*020*)StandardError: HANDLE;
  (*024*)CurrentDirectory: CURDIR;
  (*030*)DllPath: UNICODE_STRING;
  (*038*)ImagePathName: UNICODE_STRING;
  (*040*)CommandLine: UNICODE_STRING;
  (*048*)Environment: PVOID;
  (*04c*)StartingX: ULONG;
  (*050*)StartingY: ULONG;
  (*054*)CountX: ULONG;
  (*058*)CountY: ULONG;
  (*05c*)CountCharsX: ULONG;
  (*060*)CountCharsY: ULONG;
  (*064*)FillAttribute: ULONG;
  (*068*)WindowFlags: ULONG;
  (*06c*)ShowWindowFlags: ULONG;
  (*070*)WindowTitle: UNICODE_STRING;
  (*078*)DesktopInfo: UNICODE_STRING;
  (*080*)ShellInfo: UNICODE_STRING;
  (*088*)RuntimeData: UNICODE_STRING;
  (*090*)CurrentDirectories: array[0..31] of RTL_DRIVE_LETTER_CURDIR;
  end;
  RTL_USER_PROCESS_PARAMETERS = _RTL_USER_PROCESS_PARAMETERS;
  PRTL_USER_PROCESS_PARAMETERS = ^_RTL_USER_PROCESS_PARAMETERS;
  PPRTL_USER_PROCESS_PARAMETERS = ^PRTL_USER_PROCESS_PARAMETERS;
  TRtlUserProcessParameters = _RTL_USER_PROCESS_PARAMETERS;
  PRtlUserProcessParameters = ^_RTL_USER_PROCESS_PARAMETERS;
  TProcessParameters = _RTL_USER_PROCESS_PARAMETERS;
  PProcessParameters = ^_RTL_USER_PROCESS_PARAMETERS;

  _SYSTEM_STRINGS = record // not packed!
  (*000*)SystemRoot: UNICODE_STRING; // %SystemRoot%
  (*008*)System32Root: UNICODE_STRING; // %SystemRoot%\System32
  (*010*)BaseNamedObjects: UNICODE_STRING; // \BaseNamedObjects
  end;
  SYSTEM_STRINGS = _SYSTEM_STRINGS;
  PSYSTEM_STRINGS = ^_SYSTEM_STRINGS;
  PPSYSTEM_STRINGS = ^PSYSTEM_STRINGS;
  TSystemStrings = _SYSTEM_STRINGS;
  PSystemStrings = ^_SYSTEM_STRINGS;

// Verified in XP using WinDbg
  _TEXT_INFO = record // not packed!
  (*000*)Reserved: PVOID;
  (*004*)SystemStrings: PSYSTEM_STRINGS;
  end;
  TEXT_INFO = _TEXT_INFO;
  PTEXT_INFO = ^_TEXT_INFO;
  PPTEXT_INFO = ^PTEXT_INFO;
  TTextInfo = _TEXT_INFO;
  PTextInfo = ^_TEXT_INFO;

// Verified in XP using WinDbg
  PPEB_FREE_BLOCK = ^_PEB_FREE_BLOCK;
  _PEB_FREE_BLOCK = record // not packed!
  (*000*)Next: PPEB_FREE_BLOCK;
  (*004*)Size: ULONG;
  end;
  PEB_FREE_BLOCK = _PEB_FREE_BLOCK;
  PPPEB_FREE_BLOCK = ^PPEB_FREE_BLOCK;
  TPebFreeBlock = _PEB_FREE_BLOCK;
  PPebFreeBlock = ^_PEB_FREE_BLOCK;

// Verified in W2K, WXP and W2K3 using WinDbg
  _PEB_W2K = packed record // packed!
  (*000*)InheritedAddressSpace: BOOLEAN;
  (*001*)ReadImageFileExecOptions: BOOLEAN;
  (*002*)BeingDebugged: BOOLEAN;
  (*003*)SpareBool: BOOLEAN;
  (*004*)Mutant: PVOID;
  (*008*)ImageBaseAddress: PVOID;
  (*00c*)Ldr: PPEB_LDR_DATA;
  (*010*)ProcessParameters: PRTL_USER_PROCESS_PARAMETERS;
  (*014*)SubSystemData: PVOID;
  (*018*)ProcessHeap: PVOID;
  (*01c*)FastPebLock: PRTL_CRITICAL_SECTION;
  (*020*)FastPebLockRoutine: PVOID; // RtlEnterCriticalSection
  (*024*)FastPebUnlockRoutine: PVOID; // RtlLeaveCriticalSection
  (*028*)EnvironmentUpdateCount: ULONG;
  (*02c*)KernelCallbackTable: PPVOID; // List of callback functions
  (*030*)SystemReserved: array[0..0] of ULONG;
  (*034*)d034: ULONG;
  (*038*)FreeList: PPEB_FREE_BLOCK;
  (*03c*)TlsExpansionCounter: ULONG;
  (*040*)TlsBitmap: PVOID; // ntdll!TlsBitMap of type PRTL_BITMAP
  (*044*)TlsBitmapBits: array[0..1] of ULONG; // 64 bits
  (*04c*)ReadOnlySharedMemoryBase: PVOID;
  (*050*)ReadOnlySharedMemoryHeap: PVOID;
  (*054*)ReadOnlyStaticServerData: PTEXT_INFO;
  (*058*)AnsiCodePageData: PVOID;
  (*05c*)OemCodePageData: PVOID;
  (*060*)UnicodeCaseTableData: PVOID;
  (*064*)NumberOfProcessors: ULONG;
  (*068*)NtGlobalFlag: ULONG;
  (*06C*)Unknown01: ULONG; // Padding or something
  (*070*)CriticalSectionTimeout: LARGE_INTEGER;
  (*078*)HeapSegmentReserve: ULONG;
  (*07c*)HeapSegmentCommit: ULONG;
  (*080*)HeapDeCommitTotalFreeThreshold: ULONG;
  (*084*)HeapDeCommitFreeBlockThreshold: ULONG;
  (*088*)NumberOfHeaps: ULONG;
  (*08c*)MaximumNumberOfHeaps: ULONG;
  (*090*)ProcessHeaps: PPVOID;
  (*094*)GdiSharedHandleTable: PPVOID;
  (*098*)ProcessStarterHelper: PVOID;
  (*09c*)GdiDCAttributeList: ULONG;
  (*0a0*)LoaderLock: PCRITICAL_SECTION;
  (*0a4*)OSMajorVersion: ULONG;
  (*0a8*)OSMinorVersion: ULONG;
  (*0ac*)OSBuildNumber: USHORT;
  (*0ae*)OSCSDVersion: USHORT;
  (*0b0*)OSPlatformId: ULONG;
  (*0b4*)ImageSubsystem: ULONG;
  (*0b8*)ImageSubsystemMajorVersion: ULONG;
  (*0bc*)ImageSubsystemMinorVersion: ULONG;
  (*0c0*)ImageProcessAffinityMask: ULONG;
  (*0c4*)GdiHandleBuffer: array[0..33] of HANDLE;
  (*14c*)PostProcessInitRoutine: PVOID;
  (*150*)TlsExpansionBitmap: PVOID;
  (*154*)TlsExpansionBitmapBits: array[0..31] of ULONG;
  (*1d4*)SessionId: ULONG;
  // Windows 2000
  (*1d8*)AppCompatInfo: PVOID;
  (*1dc*)CSDVersion: UNICODE_STRING;
  end;

// Verified in W2K, WXP and W2K3 using WinDbg
  _PEB_WXP = packed record // packed!
  (*000*)InheritedAddressSpace: BOOLEAN;
  (*001*)ReadImageFileExecOptions: BOOLEAN;
  (*002*)BeingDebugged: BOOLEAN;
  (*003*)SpareBool: BOOLEAN;
  (*004*)Mutant: PVOID;
  (*008*)ImageBaseAddress: PVOID;
  (*00c*)Ldr: PPEB_LDR_DATA;
  (*010*)ProcessParameters: PRTL_USER_PROCESS_PARAMETERS;
  (*014*)SubSystemData: PVOID;
  (*018*)ProcessHeap: PVOID;
  (*01c*)FastPebLock: PRTL_CRITICAL_SECTION;
  (*020*)FastPebLockRoutine: PVOID; // RtlEnterCriticalSection
  (*024*)FastPebUnlockRoutine: PVOID; // RtlLeaveCriticalSection
  (*028*)EnvironmentUpdateCount: ULONG;
  (*02c*)KernelCallbackTable: PPVOID; // List of callback functions
  (*030*)SystemReserved: array[0..0] of ULONG;
  (*034*)AtlThunkSListPtr32: PVOID; // (Windows XP)
  (*038*)FreeList: PPEB_FREE_BLOCK;
  (*03c*)TlsExpansionCounter: ULONG;
  (*040*)TlsBitmap: PVOID; // ntdll!TlsBitMap of type PRTL_BITMAP
  (*044*)TlsBitmapBits: array[0..1] of ULONG; // 64 bits
  (*04c*)ReadOnlySharedMemoryBase: PVOID;
  (*050*)ReadOnlySharedMemoryHeap: PVOID;
  (*054*)ReadOnlyStaticServerData: PTEXT_INFO;
  (*058*)AnsiCodePageData: PVOID;
  (*05c*)OemCodePageData: PVOID;
  (*060*)UnicodeCaseTableData: PVOID;
  (*064*)NumberOfProcessors: ULONG;
  (*068*)NtGlobalFlag: ULONG;
  (*06C*)Unknown01: ULONG; // Padding or something
  (*070*)CriticalSectionTimeout: LARGE_INTEGER;
  (*078*)HeapSegmentReserve: ULONG;
  (*07c*)HeapSegmentCommit: ULONG;
  (*080*)HeapDeCommitTotalFreeThreshold: ULONG;
  (*084*)HeapDeCommitFreeBlockThreshold: ULONG;
  (*088*)NumberOfHeaps: ULONG;
  (*08c*)MaximumNumberOfHeaps: ULONG;
  (*090*)ProcessHeaps: PPVOID;
  (*094*)GdiSharedHandleTable: PPVOID;
  (*098*)ProcessStarterHelper: PVOID;
  (*09c*)GdiDCAttributeList: ULONG;
  (*0a0*)LoaderLock: PCRITICAL_SECTION;
  (*0a4*)OSMajorVersion: ULONG;
  (*0a8*)OSMinorVersion: ULONG;
  (*0ac*)OSBuildNumber: USHORT;
  (*0ae*)OSCSDVersion: USHORT;
  (*0b0*)OSPlatformId: ULONG;
  (*0b4*)ImageSubsystem: ULONG;
  (*0b8*)ImageSubsystemMajorVersion: ULONG;
  (*0bc*)ImageSubsystemMinorVersion: ULONG;
  (*0c0*)ImageProcessAffinityMask: ULONG;
  (*0c4*)GdiHandleBuffer: array[0..33] of HANDLE;
  (*14c*)PostProcessInitRoutine: PVOID;
  (*150*)TlsExpansionBitmap: PVOID;
  (*154*)TlsExpansionBitmapBits: array[0..31] of ULONG;
  (*1d4*)SessionId: ULONG;
  // Windows XP
  (*1d8*)AppCompatFlags: ULARGE_INTEGER;
  (*1e0*)AppCompatFlagsUser: ULARGE_INTEGER;
  (*1e8*)pShimData: PVOID;
  (*1ec*)AppCompatInfo: PVOID;
  (*1f0*)CSDVersion: UNICODE_STRING;
  (*1f8*)ActivationContextData: PVOID; // PACTIVATION_CONTEXT_DATA
  (*1fc*)ProcessAssemblyStorageMap: PVOID; // PASSEMBLY_STORAGE_MAP
  (*200*)SystemDefaultActivationContextData: PVOID; // PACTIVATION_CONTEXT_DATA
  (*204*)SystemAssemblyStorageMap: PVOID; // PASSEMBLY_STORAGE_MAP
  (*208*)MinimumStackCommit: ULONG;
  end;

// Verified in W2K, WXP and W2K3 using WinDbg
  _PEB_2K3 = packed record // packed!
  (*000*)InheritedAddressSpace: BOOLEAN;
  (*001*)ReadImageFileExecOptions: BOOLEAN;
  (*002*)BeingDebugged: BOOLEAN;
  (*003*)SpareBool: BOOLEAN;
  (*004*)Mutant: PVOID;
  (*008*)ImageBaseAddress: PVOID;
  (*00c*)Ldr: PPEB_LDR_DATA;
  (*010*)ProcessParameters: PRTL_USER_PROCESS_PARAMETERS;
  (*014*)SubSystemData: PVOID;
  (*018*)ProcessHeap: PVOID;
  (*01c*)FastPebLock: PRTL_CRITICAL_SECTION;
  (*020*)FastPebLockRoutine: PVOID; // RtlEnterCriticalSection
  (*024*)FastPebUnlockRoutine: PVOID; // RtlLeaveCriticalSection
  (*028*)EnvironmentUpdateCount: ULONG;
  (*02c*)KernelCallbackTable: PPVOID; // List of callback functions
  (*030*)SystemReserved: array[0..0] of ULONG;
  (*034*)ExecuteOptions: ULONG; // 2 Bits used (Windows 2003)
  (*038*)FreeList: PPEB_FREE_BLOCK;
  (*03c*)TlsExpansionCounter: ULONG;
  (*040*)TlsBitmap: PVOID; // ntdll!TlsBitMap of type PRTL_BITMAP
  (*044*)TlsBitmapBits: array[0..1] of ULONG; // 64 bits
  (*04c*)ReadOnlySharedMemoryBase: PVOID;
  (*050*)ReadOnlySharedMemoryHeap: PVOID;
  (*054*)ReadOnlyStaticServerData: PTEXT_INFO;
  (*058*)AnsiCodePageData: PVOID;
  (*05c*)OemCodePageData: PVOID;
  (*060*)UnicodeCaseTableData: PVOID;
  (*064*)NumberOfProcessors: ULONG;
  (*068*)NtGlobalFlag: ULONG;
  (*06C*)Unknown01: ULONG; // Padding or something
  (*070*)CriticalSectionTimeout: LARGE_INTEGER;
  (*078*)HeapSegmentReserve: ULONG;
  (*07c*)HeapSegmentCommit: ULONG;
  (*080*)HeapDeCommitTotalFreeThreshold: ULONG;
  (*084*)HeapDeCommitFreeBlockThreshold: ULONG;
  (*088*)NumberOfHeaps: ULONG;
  (*08c*)MaximumNumberOfHeaps: ULONG;
  (*090*)ProcessHeaps: PPVOID;
  (*094*)GdiSharedHandleTable: PPVOID;
  (*098*)ProcessStarterHelper: PVOID;
  (*09c*)GdiDCAttributeList: ULONG;
  (*0a0*)LoaderLock: PCRITICAL_SECTION;
  (*0a4*)OSMajorVersion: ULONG;
  (*0a8*)OSMinorVersion: ULONG;
  (*0ac*)OSBuildNumber: USHORT;
  (*0ae*)OSCSDVersion: USHORT;
  (*0b0*)OSPlatformId: ULONG;
  (*0b4*)ImageSubsystem: ULONG;
  (*0b8*)ImageSubsystemMajorVersion: ULONG;
  (*0bc*)ImageSubsystemMinorVersion: ULONG;
  (*0c0*)ImageProcessAffinityMask: ULONG;
  (*0c4*)GdiHandleBuffer: array[0..33] of HANDLE;
  (*14c*)PostProcessInitRoutine: PVOID;
  (*150*)TlsExpansionBitmap: PVOID;
  (*154*)TlsExpansionBitmapBits: array[0..31] of ULONG;
  (*1d4*)SessionId: ULONG;
  // Windows XP
  (*1d8*)AppCompatFlags: ULARGE_INTEGER;
  (*1e0*)AppCompatFlagsUser: ULARGE_INTEGER;
  (*1e8*)pShimData: PVOID;
  (*1ec*)AppCompatInfo: PVOID;
  (*1f0*)CSDVersion: UNICODE_STRING;
  (*1f8*)ActivationContextData: PVOID; // PACTIVATION_CONTEXT_DATA
  (*1fc*)ProcessAssemblyStorageMap: PVOID; // PASSEMBLY_STORAGE_MAP
  (*200*)SystemDefaultActivationContextData: PVOID; // PACTIVATION_CONTEXT_DATA
  (*204*)SystemAssemblyStorageMap: PVOID; // PASSEMBLY_STORAGE_MAP
  (*208*)MinimumStackCommit: ULONG;
  // New members in Windows 2003
  (*20c*)FlsCallback: PPVOID;
  (*210*)FlsListHead: LIST_ENTRY;
  (*218*)FlsBitmap: PVOID;
  (*21c*)FlsBitmapBits: array[0..3] of ULONG;
  (*22c*)FlsHighIndex: ULONG;
  end;

{$IFDEF WINNT4}
  _PEB = _PEB_W2K; // Exact layout for NT4 unknown
{$ENDIF}

{$IFDEF WIN2000}
  _PEB = _PEB_W2K;
{$ENDIF}

{$IFDEF WINXP}
  _PEB = _PEB_WXP;
{$ENDIF}

{$IFDEF WIN2003}
  _PEB = _PEB_2K3;
{$ENDIF}
  PEB = _PEB;
  PPEB = ^_PEB;
  PPPEB = ^PPEB;


// =================================================================
// THREAD ENVIRONMENT BLOCK (TEB)
// =================================================================

  PNT_TIB = ^_NT_TIB;
  _NT_TIB = record
    ExceptionList: Pointer; // ^_EXCEPTION_REGISTRATION_RECORD
    StackBase,
      StackLimit,
      SubSystemTib: Pointer;
    case Integer of
      0: (
        FiberData: Pointer
        );
      1: (
        Version: ULONG;
        ArbitraryUserPointer: Pointer;
        Self: PNT_TIB;
        )
  end;
  NT_TIB = _NT_TIB;
  PPNT_TIB = ^PNT_TIB;

  tagACTCTX = record // not packed!
  (*000*)cbSize: ULONG;
  (*004*)dwFlags: DWORD;
  (*008*)lpSource: LPCWSTR;
  (*00C*)wProcessorArchitecture: USHORT;
  (*00E*)wLangId: LANGID;
  (*010*)lpAssemblyDirectory: LPCTSTR;
  (*014*)lpResourceName: LPCTSTR;
  (*018*)lpApplicationName: LPCTSTR;
  (*01C*)hModule: HMODULE;
  end;
  ACTCTX = tagACTCTX;
  PACTCTX = ^tagACTCTX;
  ACTIVATION_CONTEXT = tagACTCTX;
  PACTIVATION_CONTEXT = ^tagACTCTX;
  PPACTIVATION_CONTEXT = ^PACTIVATION_CONTEXT;

  PRTL_ACTIVATION_CONTEXT_STACK_FRAME = ^_RTL_ACTIVATION_CONTEXT_STACK_FRAME;
  _RTL_ACTIVATION_CONTEXT_STACK_FRAME = record // not packed!
  (*000*)Previous: PRTL_ACTIVATION_CONTEXT_STACK_FRAME;
  (*004*)ActivationContext: PACTIVATION_CONTEXT;
  (*008*)Flags: ULONG;
  end;
  RTL_ACTIVATION_CONTEXT_STACK_FRAME = _RTL_ACTIVATION_CONTEXT_STACK_FRAME;
  PPRTL_ACTIVATION_CONTEXT_STACK_FRAME = ^PRTL_ACTIVATION_CONTEXT_STACK_FRAME;

// Verified in XP using WinDbg
  _ACTIVATION_CONTEXT_STACK = record // not packed!
  (*000*)Flags: ULONG;
  (*004*)NextCookieSequenceNumber: ULONG;
  (*008*)ActiveFrame: PRTL_ACTIVATION_CONTEXT_STACK_FRAME;
  (*00c*)FrameListCache: LIST_ENTRY;
  end;
  ACTIVATION_CONTEXT_STACK = _ACTIVATION_CONTEXT_STACK;
  PACTIVATION_CONTEXT_STACK = ^_ACTIVATION_CONTEXT_STACK;
  PPACTIVATION_CONTEXT_STACK = ^PACTIVATION_CONTEXT_STACK;

// Verified in XP using WinDbg
  _GDI_TEB_BATCH = record // not packed!
  (*000*)Offset: ULONG;
  (*004*)HDC: HANDLE;
  (*008*)Buffer: array[0..309] of ULONG;
  end;
  GDI_TEB_BATCH = _GDI_TEB_BATCH;
  PGDI_TEB_BATCH = ^_GDI_TEB_BATCH;
  PPGDI_TEB_BATCH = ^PGDI_TEB_BATCH;

// Verified in XP using WinDbg
  _Wx86ThreadState = packed record // packed!
  (*000*)CallBx86Eip: PULONG;
  (*004*)DeallocationCpu: PVOID;
  (*008*)UseKnownWx86Dll: BOOLEAN;
  (*009*)OleStubInvoked: CHAR;
  end;
  Wx86ThreadState = _Wx86ThreadState;
  PWx86ThreadState = ^_Wx86ThreadState;
  PPWx86ThreadState = ^PWx86ThreadState;

// Verified in XP using WinDbg
  _TEB_ACTIVE_FRAME_CONTEXT = record // not packed!
  (*000*)Flags: ULONG;
  (*004*)FrameName: PCHAR;
  end;
  TEB_ACTIVE_FRAME_CONTEXT = _TEB_ACTIVE_FRAME_CONTEXT;
  PTEB_ACTIVE_FRAME_CONTEXT = ^_TEB_ACTIVE_FRAME_CONTEXT;
  PPTEB_ACTIVE_FRAME_CONTEXT = ^PTEB_ACTIVE_FRAME_CONTEXT;

// Verified in XP using WinDbg
  PTEB_ACTIVE_FRAME = ^_TEB_ACTIVE_FRAME;
  _TEB_ACTIVE_FRAME = record // not packed!
  (*000*)Flags: ULONG;
  (*004*)Previous: PTEB_ACTIVE_FRAME;
  (*008*)Context: PTEB_ACTIVE_FRAME_CONTEXT;
  end;
  TEB_ACTIVE_FRAME = _TEB_ACTIVE_FRAME;
  PPTEB_ACTIVE_FRAME = ^PTEB_ACTIVE_FRAME;

// Verified in W2K, WXP and W2K3 using WinDbg
  _TEB = record // not packed!
  (*000*)NtTib: NT_TIB;
  (*01c*)EnvironmentPointer: PVOID;
  (*020*)ClientId: CLIENT_ID;
  (*028*)ActiveRpcHandle: PVOID;
  (*02c*)ThreadLocalStoragePointer: PVOID;
  (*030*)Peb: PPEB;
  (*034*)LastErrorValue: ULONG;
  (*038*)CountOfOwnedCriticalSections: ULONG;
  (*03c*)CsrClientThread: PVOID;
  (*040*)Win32ThreadInfo: PVOID;
  (*044*)User32Reserved: array[0..25] of ULONG;
  (*0ac*)UserReserved: array[0..4] of ULONG;
  (*0c0*)WOW32Reserved: PVOID;
  (*0c4*)CurrentLocale: LCID;
  (*0c8*)FpSoftwareStatusRegister: ULONG;
  (*0cc*)SystemReserved1: array[0..53] of PVOID;
  (*1a4*)ExceptionCode: LONG;
  (*1a8*)ActivationContextStack: ACTIVATION_CONTEXT_STACK;
  (*1bc*)SpareBytes1: array[0..23] of UCHAR;
  (*1d4*)GdiTebBatch: GDI_TEB_BATCH;
  (*6b4*)RealClientId: CLIENT_ID;
  (*6bc*)GdiCachedProcessHandle: PVOID;
  (*6c0*)GdiClientPID: ULONG;
  (*6c4*)GdiClientTID: ULONG;
  (*6c8*)GdiThreadLocalInfo: PVOID;
  (*6cc*)Win32ClientInfo: array[0..61] of ULONG;
  (*7c4*)glDispatchTable: array[0..232] of PVOID;
  (*b68*)glReserved1: array[0..28] of ULONG;
  (*bdc*)glReserved2: PVOID;
  (*be0*)glSectionInfo: PVOID;
  (*be4*)glSection: PVOID;
  (*be8*)glTable: PVOID;
  (*bec*)glCurrentRC: PVOID;
  (*bf0*)glContext: PVOID;
  (*bf4*)LastStatusValue: ULONG;
  (*bf8*)StaticUnicodeString: UNICODE_STRING;
  (*c00*)StaticUnicodeBuffer: array[0..MAX_PATH] of WCHAR;
  (*e0a*)Padding: USHORT;
  (*e0c*)DeallocationStack: PVOID;
  (*e10*)TlsSlots: array[0..63] of PVOID;
  (*f10*)TlsLinks: LIST_ENTRY;
  (*f18*)Vdm: PVOID;
  (*f1c*)ReservedForNtRpc: PVOID;
  (*f20*)DbgSsReserved: array[0..1] of PVOID;
    case Integer of
  (*   *)0: (
  (*f28*)HardErrorMode: ULONG // (Windows 2003)
        );
  (*   *)1: (
  (*f28*)HardErrorsAreDisabled: ULONG; // (Windows XP)
  (*f2c*)Instrumentation: array[0..15] of PVOID;
  (*f6c*)WinSockData: PVOID;
  (*f70*)GdiBatchCount: ULONG;
  (*f74*)InDbgPrint: BOOLEAN;
  (*f75*)FreeStackOnTermination: BOOLEAN;
  (*f76*)HasFiberData: BOOLEAN;
  (*f77*)IdealProcessor: BOOLEAN;
  (*f78*)Spare3: ULONG;
  (*f7c*)ReservedForPerf: PVOID;
  (*f80*)ReservedForOle: PVOID;
  (*f84*)WaitingOnLoaderLock: PVOID;
  (*f88*)Wx86Thread: Wx86ThreadState;
  (*f94*)TlsExpansionSlots: PPVOID;
  (*f98*)ImpersonationLocale: LCID;
  (*f9c*)IsImpersonating: ULONG;
  (*fa0*)NlsCache: PVOID;
  (*fa4*)pShimData: PVOID;
  (*fa8*)HeapVirtualAffinity: ULONG;
  (*fac*)CurrentTransactionHandle: PVOID;
  (*fb0*)ActiveFrame: PTEB_ACTIVE_FRAME;
        case Integer of
          0: (
  (*fb4*)SafeThunkCall: BOOLEAN; // Before Windows 2003
  (*fb5*)BooleanSpare: array[0..2] of BOOLEAN // Before Windows 2003
            );
          1: (
  (*fb4*)FlsData: PVOID; // Starting with Windows 2003
            )
          )
  end;
  TEB = _TEB;
  PTEB = ^_TEB;
  PPTEB = ^PTEB;

type
  _OBJECT_NAME_INFORMATION = record
    Name: UNICODE_STRING;
  end;
  OBJECT_NAME_INFORMATION = _OBJECT_NAME_INFORMATION;
  POBJECT_NAME_INFORMATION = ^OBJECT_NAME_INFORMATION;
  TObjectNameInformation = OBJECT_NAME_INFORMATION;
  PObjectNameInformation = ^OBJECT_NAME_INFORMATION;

const
  NtCurrentProcess = HANDLE(-1);
  NtCurrentThread = HANDLE(-2);

// Object Manager specific stuff
  OBJ_NAME_PATH_SEPARATOR = '\';

// Object Manager Object Type Specific Access Rights.
  OBJECT_TYPE_CREATE = $0001;
  OBJECT_TYPE_ALL_ACCESS = STANDARD_RIGHTS_REQUIRED or $1;

// Object Manager Directory Specific Access Rights.
  DIRECTORY_QUERY = $0001;
  DIRECTORY_TRAVERSE = $0002;
  DIRECTORY_CREATE_OBJECT = $0004;
  DIRECTORY_CREATE_SUBDIRECTORY = $0008;
  DIRECTORY_ALL_ACCESS = STANDARD_RIGHTS_REQUIRED or $F;

// Object Manager Symbolic Link Specific Access Rights.
  SYMBOLIC_LINK_QUERY = $0001;
  SYMBOLIC_LINK_ALL_ACCESS = STANDARD_RIGHTS_REQUIRED or $1;

  DUPLICATE_CLOSE_SOURCE = $00000001;
  DUPLICATE_SAME_ACCESS = $00000002;
  DUPLICATE_SAME_ATTRIBUTES = $00000004;

//
// Define the access check value for any access
//
//
// The FILE_READ_ACCESS and FILE_WRITE_ACCESS constants are also defined in
// ntioapi.h as FILE_READ_DATA and FILE_WRITE_DATA. The values for these
// constants *MUST* always be in sync.
//
//
// FILE_SPECIAL_ACCESS is checked by the NT I/O system the same as FILE_ANY_ACCESS.
// The file systems, however, may add additional access checks for I/O and FS controls
// that use this value.
//

  FILE_ANY_ACCESS = 0;
  FILE_SPECIAL_ACCESS = FILE_ANY_ACCESS;
  FILE_READ_ACCESS = $0001; // file & pipe
  FILE_WRITE_ACCESS = $0002; // file & pipe

//
// Define share access rights to files and directories
//
  FILE_SHARE_READ = $00000001; // JwaWindows.pas
  FILE_SHARE_WRITE = $00000002; // JwaWindows.pas
  FILE_SHARE_DELETE = $00000004; // JwaWindows.pas
  FILE_SHARE_VALID_FLAGS = $00000007;

//
// Define the file attributes values
//
// Note:  = $00000008 is reserved for use for the old DOS VOLID (volume ID)
//        and is therefore not considered valid in NT.
//
// Note:  = $00000010 is reserved for use for the old DOS SUBDIRECTORY flag
//        and is therefore not considered valid in NT.  This flag has
//        been disassociated with file attributes since the other flags are
//        protected with READ_ and WRITE_ATTRIBUTES access to the file.
//
// Note:  Note also that the order of these flags is set to allow both the
//        FAT and the Pinball File Systems to directly set the attributes
//        flags in attributes words without having to pick each flag out
//        individually.  The order of these flags should not be changed!
//

  FILE_ATTRIBUTE_READONLY = $00000001; // JwaWindows.pas
  FILE_ATTRIBUTE_HIDDEN = $00000002; // JwaWindows.pas
  FILE_ATTRIBUTE_SYSTEM = $00000004; // JwaWindows.pas
//OLD DOS VOLID                               = $00000008

  FILE_ATTRIBUTE_DIRECTORY = $00000010; // JwaWindows.pas
  FILE_ATTRIBUTE_ARCHIVE = $00000020; // JwaWindows.pas
  FILE_ATTRIBUTE_DEVICE = $00000040; // JwaWindows.pas
  FILE_ATTRIBUTE_NORMAL = $00000080; // JwaWindows.pas

  FILE_ATTRIBUTE_TEMPORARY = $00000100; // JwaWindows.pas
  FILE_ATTRIBUTE_SPARSE_FILE = $00000200; // JwaWindows.pas
  FILE_ATTRIBUTE_REPARSE_POINT = $00000400; // JwaWindows.pas
  FILE_ATTRIBUTE_COMPRESSED = $00000800; // JwaWindows.pas

  FILE_ATTRIBUTE_OFFLINE = $00001000; // JwaWindows.pas
  FILE_ATTRIBUTE_NOT_CONTENT_INDEXED = $00002000; // JwaWindows.pas
  FILE_ATTRIBUTE_ENCRYPTED = $00004000; // JwaWindows.pas

//
//  This definition is old and will disappear shortly
//

  FILE_ATTRIBUTE_VALID_FLAGS = $00007FB7;
  FILE_ATTRIBUTE_VALID_SET_FLAGS = $000031A7;

//
// Define the create disposition values
//

  FILE_SUPERSEDE = $00000000;
  FILE_OPEN = $00000001;
  FILE_CREATE = $00000002;
  FILE_OPEN_IF = $00000003;
  FILE_OVERWRITE = $00000004;
  FILE_OVERWRITE_IF = $00000005;
  FILE_MAXIMUM_DISPOSITION = $00000005;

//
// Define the create/open option flags
//

  FILE_DIRECTORY_FILE = $00000001;
  FILE_WRITE_THROUGH = $00000002;
  FILE_SEQUENTIAL_ONLY = $00000004;
  FILE_NO_INTERMEDIATE_BUFFERING = $00000008;

  FILE_SYNCHRONOUS_IO_ALERT = $00000010;
  FILE_SYNCHRONOUS_IO_NONALERT = $00000020;
  FILE_NON_DIRECTORY_FILE = $00000040;
  FILE_CREATE_TREE_CONNECTION = $00000080;

  FILE_COMPLETE_IF_OPLOCKED = $00000100;
  FILE_NO_EA_KNOWLEDGE = $00000200;
  FILE_OPEN_FOR_RECOVERY = $00000400;
  FILE_RANDOM_ACCESS = $00000800;

  FILE_DELETE_ON_CLOSE = $00001000;
  FILE_OPEN_BY_FILE_ID = $00002000;
  FILE_OPEN_FOR_BACKUP_INTENT = $00004000;
  FILE_NO_COMPRESSION = $00008000;

  FILE_RESERVE_OPFILTER = $00100000;
  FILE_OPEN_REPARSE_POINT = $00200000;
  FILE_OPEN_NO_RECALL = $00400000;
  FILE_OPEN_FOR_FREE_SPACE_QUERY = $00800000;

  FILE_COPY_STRUCTURED_STORAGE = $00000041;
  FILE_STRUCTURED_STORAGE = $00000441;

  FILE_VALID_OPTION_FLAGS = $00FFFFFF;
  FILE_VALID_PIPE_OPTION_FLAGS = $00000032;
  FILE_VALID_MAILSLOT_OPTION_FLAGS = $00000032;
  FILE_VALID_SET_FLAGS = $00000036;

//
// Define the I/O status information return values for NtCreateFile/NtOpenFile
//

  FILE_SUPERSEDED = $00000000;
  FILE_OPENED = $00000001;
  FILE_CREATED = $00000002;
  FILE_OVERWRITTEN = $00000003;
  FILE_EXISTS = $00000004;
  FILE_DOES_NOT_EXIST = $00000005;

//
// Define special ByteOffset parameters for read and write operations
//

  FILE_WRITE_TO_END_OF_FILE = $FFFFFFFF;
  FILE_USE_FILE_POINTER_POSITION = $FFFFFFFE;

//
// Define alignment requirement values
//

  FILE_BYTE_ALIGNMENT = $00000000;
  FILE_WORD_ALIGNMENT = $00000001;
  FILE_LONG_ALIGNMENT = $00000003;
  FILE_QUAD_ALIGNMENT = $00000007;
  FILE_OCTA_ALIGNMENT = $0000000F;
  FILE_32_BYTE_ALIGNMENT = $0000001F;
  FILE_64_BYTE_ALIGNMENT = $0000003F;
  FILE_128_BYTE_ALIGNMENT = $0000007F;
  FILE_256_BYTE_ALIGNMENT = $000000FF;
  FILE_512_BYTE_ALIGNMENT = $000001FF;

//
// Define the maximum length of a filename string
//

  MAXIMUM_FILENAME_LENGTH = 256;

//
// Define the various device characteristics flags
//

  FILE_REMOVABLE_MEDIA = $00000001;
  FILE_READ_ONLY_DEVICE = $00000002;
  FILE_FLOPPY_DISKETTE = $00000004;
  FILE_WRITE_ONCE_MEDIA = $00000008;
  FILE_REMOTE_DEVICE = $00000010;
  FILE_DEVICE_IS_MOUNTED = $00000020;
  FILE_VIRTUAL_VOLUME = $00000040;
  FILE_AUTOGENERATED_DEVICE_NAME = $00000080;
  FILE_DEVICE_SECURE_OPEN = $00000100;

//
// Define kernel debugger print prototypes and macros.
//
// N.B. The following function cannot be directly imported because there are
//      a few places in the source tree where this function is redefined.
//
//procedure DbgBreakPoint(); stdcall;
//procedure DbgUserBreakPoint(); stdcall;
//procedure DbgBreakPointWithStatus(Status: ULONG); stdcall;

//// BEGIN: Reverse function forwarders and custom functions
//// Using Kernel32 function with same functionality for macros and "future version" functions
(* Compatibility: All *)
procedure RtlCopyMemory(
  Destination: PVOID;
  Source: PVOID;
  Length: SIZE_T
  ); stdcall; // Own replacement function

(* XREF: see GetLastError()! *)
(* Compatibility: All *)
// This functions was introduced with Windows XP. The Kernel32 version
// is a function forwarder for this function.
function RtlGetLastWin32Error(): DWORD; external 'kernel32.dll' name 'GetLastError'; // imported as kernel32!GetLastError

(* XREF: see SetLastError()! *)
(* Compatibility: All *)
// This functions was introduced with Windows XP. The Kernel32 version
// is a function forwarder for this function.
procedure RtlSetLastWin32Error(dwErrCode: DWORD); external 'kernel32.dll' name 'SetLastError'; // imported as kernel32!SetLastError

// Own function to retrieve the process's heap handle
(* XREF: see GetProcessHeap()! *)
(* Compatibility: All *)
function NtpGetProcessHeap(): HANDLE;

// Own function to retrieve the thread environment block (TEB) pointer
(* Compatibility: All *)
function NtpCurrentTeb(): PTEB;

// Own function to retrieve the process environment block (PEB) pointer
(* Compatibility: All *)
function RtlpGetCurrentPeb(): PPEB;

// No FASTCALL directive exists in Delphi so we write our own versions ...
// Own function to swap bytes in 16bit values
function RtlUshortByteSwap(Source: USHORT): USHORT;

// Own function to swap bytes in 32bit values
function RtlUlongByteSwap(Source: ULONG): ULONG;

// Own function to swap bytes in 64bit values
function RtlUlonglongByteSwap(Source: ULONGLONG): ULONGLONG;

// Resembles the RtlValidateUnicodeString() function available from Windows XP
// on exactly as it is on this OS version, except for the calling convention.
function RtlpValidateUnicodeString(dwMustBeNull: DWORD; UnicodeString: PUNICODE_STRING): NTSTATUS;

// Resembles the RtlValidateUnicodeString() function available from Windows XP
// on, but does not require the first parameter which anyway must be zero.
function RtlpValidateUnicodeString2(UnicodeString: PUNICODE_STRING): NTSTATUS;

//// END  : Reverse function forwarders and custom functions

//// BEGIN: Function prototypes
// Compatibility: WXP, 2K3
function  CsrGetProcessId(): DWORD; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: WXP, 2K3
function  DbgQueryDebugFilterState(
    ComponentId : ULONG;
    Level : ULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: WXP, 2K3
function  DbgSetDebugFilterState(
    ComponentId : ULONG;
    Level : ULONG;
    State : BOOLEAN
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Unknown return value, maybe NTSTATUS?
// Compatibility: NT4, W2K, WXP, 2K3
function  KiRaiseUserExceptionDispatcher(): ULONG; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  LdrAccessResource(
    hModule : HANDLE;
    ResourceDataEntry : PIMAGE_RESOURCE_DATA_ENTRY;
    Address : PPVOID;
    dwSize : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: W2K, WXP, 2K3
function  LdrAlternateResourcesEnabled(): BOOLEAN; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  LdrDisableThreadCalloutsForDll(
    hModule : HANDLE
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to GetModuleHandle() from Kernel32.dll.
// Refer to the PSDK for additional information. Usually the same flags
// apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  LdrGetDllHandle(
    pwPath : PWORD;
    pReserved : PVOID;
    pusPath : PUNICODE_STRING;
    var phModule : HANDLE
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to GetProcAddress() from Kernel32.dll.
// Refer to the PSDK for additional information. Usually the same flags
// apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  LdrGetProcedureAddress(
    hModule : HANDLE;
    dwOrdinal : ULONG;
    psName : PSTRING;
    var pProcedure : PVOID
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to LoadLibrary() from Kernel32.dll. Refer
// to the PSDK for additional information. Usually the same flags apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  LdrLoadDll(
    pwPath : PWORD;
    pdwFlags : PDWORD;
    pusPath : PUNICODE_STRING;
    var phModule : HANDLE
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  LdrQueryImageFileExecutionOptions(
    pusImagePath : PUNICODE_STRING;
    pwOptionName : PWORD;
    dwRequestedType : DWORD;
    pData : PVOID;
    dwSize : DWORD;
    pdwSize : PDWORD
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  LdrQueryProcessModuleInformation(
    psmi : PSYSTEM_MODULE_INFORMATION;
    dwSize : DWORD;
    pdwSize : PDWORD
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to TerminateProcess() from Kernel32.dll.
// Refer to the PSDK for additional information. Usually the same flags
// apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
procedure LdrShutdownProcess(); stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to TerminateThread() from Kernel32.dll.
// Refer to the PSDK for additional information. Usually the same flags
// apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
procedure LdrShutdownThread(); stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to FreeLibrary() from Kernel32.dll. Refer
// to the PSDK for additional information. Usually the same flags apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  LdrUnloadDll(
    hModule : HANDLE
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtAcceptConnectPort(
    PortHandle : PHANDLE;
    PortIdentifier : ULONG;
    Message : PPORT_MESSAGE;
    Accept : BOOLEAN;
    WriteSection : PPORT_SECTION_WRITE;
    ReadSection : PPORT_SECTION_READ
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwAcceptConnectPort(PortHandle: PHANDLE; PortIdentifier: ULONG; Message: PPORT_MESSAGE; Accept: BOOLEAN; WriteSection: PPORT_SECTION_WRITE; ReadSection: PPORT_SECTION_READ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;
   {$ENDIF}

// This function is very similar to AccessCheck() from Advapi32.dll. Refer
// to the PSDK for additional information. Usually the same flags apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtAccessCheck(
    SecurityDescriptor : PSECURITY_DESCRIPTOR;
    TokenHandle : HANDLE;
    DesiredAccess : ACCESS_MASK;
    GenericMapping : PGENERIC_MAPPING;
    PrivilegeSet : PPRIVILEGE_SET;
    PrivilegeSetLength : PULONG;
    GrantedAccess : PACCESS_MASK;
    AccessStatus : PBOOLEAN
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwAccessCheck(SecurityDescriptor: PSECURITY_DESCRIPTOR; TokenHandle: HANDLE; DesiredAccess: ACCESS_MASK; GenericMapping: PGENERIC_MAPPING; PrivilegeSet: PPRIVILEGE_SET; PrivilegeSetLength: PULONG; GrantedAccess: PACCESS_MASK;
    AccessStatus: PBOOLEAN): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to AccessCheckAndAuditAlarm() from
// Advapi32.dll. Refer to the PSDK for additional information. Usually the
// same flags apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtAccessCheckAndAuditAlarm(
    SubsystemName : PUNICODE_STRING;
    HandleId : PVOID;
    ObjectTypeName : PUNICODE_STRING;
    ObjectName : PUNICODE_STRING;
    SecurityDescriptor : PSECURITY_DESCRIPTOR;
    DesiredAccess : ACCESS_MASK;
    GenericMapping : PGENERIC_MAPPING;
    ObjectCreation : BOOLEAN;
    GrantedAccess : PACCESS_MASK;
    AccessStatus : PBOOLEAN;
    GenerateOnClose : PBOOLEAN
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwAccessCheckAndAuditAlarm(SubsystemName: PUNICODE_STRING; HandleId: PVOID; ObjectTypeName: PUNICODE_STRING; ObjectName: PUNICODE_STRING; SecurityDescriptor: PSECURITY_DESCRIPTOR; DesiredAccess: ACCESS_MASK;
    GenericMapping: PGENERIC_MAPPING; ObjectCreation: BOOLEAN; GrantedAccess: PACCESS_MASK; AccessStatus: PBOOLEAN; GenerateOnClose: PBOOLEAN): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to AccessCheckByType() from Advapi32.dll.
// Refer to the PSDK for additional information. Usually the same flags
// apply.
// Compatibility: W2K, WXP, 2K3
function  NtAccessCheckByType(
    SecurityDescriptor : PSECURITY_DESCRIPTOR;
    PrincipalSelfSid : PSID;
    TokenHandle : HANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectTypeList : POBJECT_TYPE_LIST;
    ObjectTypeListLength : ULONG;
    GenericMapping : PGENERIC_MAPPING;
    PrivilegeSet : PPRIVILEGE_SET;
    PrivilegeSetLength : PULONG;
    GrantedAccess : PACCESS_MASK;
    AccessStatus : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwAccessCheckByType(SecurityDescriptor: PSECURITY_DESCRIPTOR; PrincipalSelfSid: PSID; TokenHandle: HANDLE; DesiredAccess: ACCESS_MASK; ObjectTypeList: POBJECT_TYPE_LIST; ObjectTypeListLength: ULONG;
    GenericMapping: PGENERIC_MAPPING; PrivilegeSet: PPRIVILEGE_SET; PrivilegeSetLength: PULONG; GrantedAccess: PACCESS_MASK; AccessStatus: PULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to AccessCheckByTypeAndAuditAlarm() from
// Advapi32.dll. Refer to the PSDK for additional information. Usually the
// same flags apply.
// Compatibility: W2K, WXP, 2K3
function  NtAccessCheckByTypeAndAuditAlarm(
    SubsystemName : PUNICODE_STRING;
    HandleId : PVOID;
    ObjectTypeName : PUNICODE_STRING;
    ObjectName : PUNICODE_STRING;
    SecurityDescriptor : PSECURITY_DESCRIPTOR;
    PrincipalSelfSid : PSID;
    DesiredAccess : ACCESS_MASK;
    AuditType : AUDIT_EVENT_TYPE;
    Flags : ULONG;
    ObjectTypeList : POBJECT_TYPE_LIST;
    ObjectTypeListLength : ULONG;
    GenericMapping : PGENERIC_MAPPING;
    ObjectCreation : BOOLEAN;
    GrantedAccess : PACCESS_MASK;
    AccessStatus : PULONG;
    GenerateOnClose : PBOOLEAN
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwAccessCheckByTypeAndAuditAlarm(SubsystemName: PUNICODE_STRING; HandleId: PVOID; ObjectTypeName: PUNICODE_STRING; ObjectName: PUNICODE_STRING; SecurityDescriptor: PSECURITY_DESCRIPTOR; PrincipalSelfSid: PSID;
    DesiredAccess: ACCESS_MASK; AuditType: AUDIT_EVENT_TYPE; Flags: ULONG; ObjectTypeList: POBJECT_TYPE_LIST; ObjectTypeListLength: ULONG; GenericMapping: PGENERIC_MAPPING; ObjectCreation: BOOLEAN; GrantedAccess: PACCESS_MASK;
    AccessStatus: PULONG; GenerateOnClose: PBOOLEAN): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to AccessCheckByTypeResultList() from
// Advapi32.dll. Refer to the PSDK for additional information. Usually the
// same flags apply.
// Compatibility: W2K, WXP, 2K3
function  NtAccessCheckByTypeResultList(
    SecurityDescriptor : PSECURITY_DESCRIPTOR;
    PrincipalSelfSid : PSID;
    TokenHandle : HANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectTypeList : POBJECT_TYPE_LIST;
    ObjectTypeListLength : ULONG;
    GenericMapping : PGENERIC_MAPPING;
    PrivilegeSet : PPRIVILEGE_SET;
    PrivilegeSetLength : PULONG;
    GrantedAccessList : PACCESS_MASK;
    AccessStatusList : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwAccessCheckByTypeResultList(SecurityDescriptor: PSECURITY_DESCRIPTOR; PrincipalSelfSid: PSID; TokenHandle: HANDLE; DesiredAccess: ACCESS_MASK; ObjectTypeList: POBJECT_TYPE_LIST; ObjectTypeListLength: ULONG;
    GenericMapping: PGENERIC_MAPPING; PrivilegeSet: PPRIVILEGE_SET; PrivilegeSetLength: PULONG; GrantedAccessList: PACCESS_MASK; AccessStatusList: PULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to
// AccessCheckByTypeResultListAndAuditAlarm() from Advapi32.dll. Refer to
// the PSDK for additional information. Usually the same flags apply.
// Compatibility: W2K, WXP, 2K3
function  NtAccessCheckByTypeResultListAndAuditAlarm(
    SubsystemName : PUNICODE_STRING;
    HandleId : PVOID;
    ObjectTypeName : PUNICODE_STRING;
    ObjectName : PUNICODE_STRING;
    SecurityDescriptor : PSECURITY_DESCRIPTOR;
    PrincipalSelfSid : PSID;
    DesiredAccess : ACCESS_MASK;
    AuditType : AUDIT_EVENT_TYPE;
    Flags : ULONG;
    ObjectTypeList : POBJECT_TYPE_LIST;
    ObjectTypeListLength : ULONG;
    GenericMapping : PGENERIC_MAPPING;
    ObjectCreation : BOOLEAN;
    GrantedAccessList : PACCESS_MASK;
    AccessStatusList : PULONG;
    GenerateOnClose : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwAccessCheckByTypeResultListAndAuditAlarm(SubsystemName: PUNICODE_STRING; HandleId: PVOID; ObjectTypeName: PUNICODE_STRING; ObjectName: PUNICODE_STRING; SecurityDescriptor: PSECURITY_DESCRIPTOR; PrincipalSelfSid: PSID;
    DesiredAccess: ACCESS_MASK; AuditType: AUDIT_EVENT_TYPE; Flags: ULONG; ObjectTypeList: POBJECT_TYPE_LIST; ObjectTypeListLength: ULONG; GenericMapping: PGENERIC_MAPPING; ObjectCreation: BOOLEAN; GrantedAccessList: PACCESS_MASK;
    AccessStatusList: PULONG; GenerateOnClose: PULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to
// AccessCheckByTypeResultListAndAuditAlarmByHandle() from Advapi32.dll.
// Refer to the PSDK for additional information. Usually the same flags
// apply.
// Compatibility: W2K, WXP, 2K3
function  NtAccessCheckByTypeResultListAndAuditAlarmByHandle(
    SubsystemName : PUNICODE_STRING;
    HandleId : PVOID;
    TokenHandle : HANDLE;
    ObjectTypeName : PUNICODE_STRING;
    ObjectName : PUNICODE_STRING;
    SecurityDescriptor : PSECURITY_DESCRIPTOR;
    PrincipalSelfSid : PSID;
    DesiredAccess : ACCESS_MASK;
    AuditType : AUDIT_EVENT_TYPE;
    Flags : ULONG;
    ObjectTypeList : POBJECT_TYPE_LIST;
    ObjectTypeListLength : ULONG;
    GenericMapping : PGENERIC_MAPPING;
    ObjectCreation : BOOLEAN;
    GrantedAccessList : PACCESS_MASK;
    AccessStatusList : PULONG;
    GenerateOnClose : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwAccessCheckByTypeResultListAndAuditAlarmByHandle(SubsystemName: PUNICODE_STRING; HandleId: PVOID; TokenHandle: HANDLE; ObjectTypeName: PUNICODE_STRING; ObjectName: PUNICODE_STRING; SecurityDescriptor: PSECURITY_DESCRIPTOR;
    PrincipalSelfSid: PSID; DesiredAccess: ACCESS_MASK; AuditType: AUDIT_EVENT_TYPE; Flags: ULONG; ObjectTypeList: POBJECT_TYPE_LIST; ObjectTypeListLength: ULONG; GenericMapping: PGENERIC_MAPPING; ObjectCreation: BOOLEAN;
    GrantedAccessList: PACCESS_MASK; AccessStatusList: PULONG; GenerateOnClose: PULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT4, W2K, WXP, 2K3
function  NtAddAtom(
    Str : PWSTR;
    StringLength : ULONG;
    Atom : PUSHORT
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwAddAtom(Str: PWSTR; StringLength: ULONG; Atom: PUSHORT): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtAdjustGroupsToken(
    TokenHandle : HANDLE;
    ResetToDefault : BOOLEAN;
    NewState : PTOKEN_GROUPS;
    BufferLength : ULONG;
    PreviousState : PTOKEN_GROUPS;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwAdjustGroupsToken(TokenHandle: HANDLE; ResetToDefault: BOOLEAN; NewState: PTOKEN_GROUPS; BufferLength: ULONG; PreviousState: PTOKEN_GROUPS; ReturnLength: PULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtAdjustPrivilegesToken(
    TokenHandle : HANDLE;
    DisableAllPrivileges : BOOLEAN;
    NewState : PTOKEN_PRIVILEGES;
    BufferLength : ULONG;
    PreviousState : PTOKEN_PRIVILEGES;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwAdjustPrivilegesToken(TokenHandle: HANDLE; DisableAllPrivileges: BOOLEAN; NewState: PTOKEN_PRIVILEGES; BufferLength: ULONG; PreviousState: PTOKEN_PRIVILEGES; ReturnLength: PULONG): NTSTATUS; stdcall;
    {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtAlertResumeThread(
    ThreadHandle : HANDLE;
    PreviousSuspendCount : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwAlertResumeThread(ThreadHandle: HANDLE; PreviousSuspendCount: PULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtAlertThread(
    ThreadHandle : HANDLE
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwAlertThread(ThreadHandle: HANDLE): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtAllocateLocallyUniqueId(
    Luid : PLUID
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwAllocateLocallyUniqueId(Luid: PLUID): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: W2K, WXP, 2K3
function  NtAllocateUserPhysicalPages(
    ProcessHandle : HANDLE;
    NumberOfPages : PULONG;
    PageFrameNumbers : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwAllocateUserPhysicalPages(ProcessHandle: HANDLE; NumberOfPages: PULONG; PageFrameNumbers: PULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtAllocateUuids(
    UuidLastTimeAllocated : PLARGE_INTEGER;
    UuidDeltaTime : PULONG;
    UuidSequenceNumber : PULONG;
    UuidSeed : PUCHAR
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwAllocateUuids(UuidLastTimeAllocated: PLARGE_INTEGER; UuidDeltaTime: PULONG; UuidSequenceNumber: PULONG; UuidSeed: PUCHAR): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtAllocateVirtualMemory(
    ProcessHandle : HANDLE;
    BaseAddress : PPVOID;
    ZeroBits : ULONG;
    AllocationSize : PULONG;
    AllocationType : ULONG;
    Protect : ULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwAllocateVirtualMemory(ProcessHandle: HANDLE; BaseAddress: PPVOID; ZeroBits: ULONG; AllocationSize: PULONG; AllocationType: ULONG; Protect: ULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: W2K, WXP, 2K3
function  NtAreMappedFilesTheSame(
    Address1 : PVOID;
    Address2 : PVOID
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwAreMappedFilesTheSame(Address1: PVOID; Address2: PVOID): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: W2K, WXP, 2K3
function  NtAssignProcessToJobObject(
    JobHandle : HANDLE;
    ProcessHandle : HANDLE
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwAssignProcessToJobObject(JobHandle: HANDLE; ProcessHandle: HANDLE): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtCallbackReturn(
    Result_ : PVOID;
    ResultLength : ULONG;
    Status : NTSTATUS
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwCallbackReturn(Result_: PVOID; ResultLength: ULONG; Status: NTSTATUS): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: W2K, WXP, 2K3
function  NtCancelDeviceWakeupRequest(
    DeviceHandle : HANDLE
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwCancelDeviceWakeupRequest(DeviceHandle: HANDLE): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtCancelIoFile(
    FileHandle : HANDLE;
    IoStatusBlock : PIO_STATUS_BLOCK
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwCancelIoFile(FileHandle: HANDLE; IoStatusBlock: PIO_STATUS_BLOCK): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtCancelTimer(
    TimerHandle : HANDLE;
    PreviousState : PBOOLEAN
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwCancelTimer(TimerHandle: HANDLE; PreviousState: PBOOLEAN): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtClearEvent(
    EventHandle : HANDLE
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwClearEvent(EventHandle: HANDLE): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to CloseHandle() from Kernel32.dll. Refer
// to the PSDK for additional information. Usually the same flags apply.
// Documented in the DDK as ZwClose().
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtClose(
    Handle : HANDLE
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwClose(Handle: HANDLE): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtCloseObjectAuditAlarm(
    SubsystemName : PUNICODE_STRING;
    HandleId : PVOID;
    GenerateOnClose : BOOLEAN
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwCloseObjectAuditAlarm(SubsystemName: PUNICODE_STRING; HandleId: PVOID; GenerateOnClose: BOOLEAN): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtCompleteConnectPort(
    PortHandle : HANDLE
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwCompleteConnectPort(PortHandle: HANDLE): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtConnectPort(
    PortHandle : PHANDLE;
    PortName : PUNICODE_STRING;
    SecurityQos : PSECURITY_QUALITY_OF_SERVICE;
    WriteSection : PPORT_SECTION_WRITE;
    ReadSection : PPORT_SECTION_READ;
    MaxMessageSize : PULONG;
    ConnectData : PVOID;
    ConnectDataLength : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwConnectPort(PortHandle: PHANDLE; PortName: PUNICODE_STRING; SecurityQos: PSECURITY_QUALITY_OF_SERVICE; WriteSection: PPORT_SECTION_WRITE; ReadSection: PPORT_SECTION_READ; MaxMessageSize: PULONG; ConnectData: PVOID;
    ConnectDataLength: PULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtContinue(
    Context : PCONTEXT;
    TestAlert : BOOLEAN
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwContinue(Context: PCONTEXT; TestAlert: BOOLEAN): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Returns STATUS_NOT_IMPLEMENTED. Only MS knows the intention behind this.
//
// !!!DO NOT USE!!!
// Compatibility: NT4, W2K
function  NtCreateChannel(
    ChannelHandle : PHANDLE;
    ObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwCreateChannel(ChannelHandle: PHANDLE; ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK as ZwCreateDirectoryObject().
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtCreateDirectoryObject(
    DirectoryHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwCreateDirectoryObject(DirectoryHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtCreateEvent(
    EventHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    EventType : EVENT_TYPE;
    InitialState : BOOLEAN
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwCreateEvent(EventHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; EventType: EVENT_TYPE; InitialState: BOOLEAN): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtCreateEventPair(
    EventPairHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwCreateEventPair(EventPairHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK as ZwCreateFile().
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtCreateFile(
    FileHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    IoStatusBlock : PIO_STATUS_BLOCK;
    AllocationSize : PLARGE_INTEGER;
    FileAttributes : ULONG;
    ShareAccess : ULONG;
    CreateDisposition : ULONG;
    CreateOptions : ULONG;
    EaBuffer : PVOID;
    EaLength : ULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwCreateFile(FileHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; IoStatusBlock: PIO_STATUS_BLOCK; AllocationSize: PLARGE_INTEGER; FileAttributes: ULONG; ShareAccess: ULONG;
    CreateDisposition: ULONG; CreateOptions: ULONG; EaBuffer: PVOID; EaLength: ULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtCreateIoCompletion(
    IoCompletionHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    NumberOfConcurrentThreads : ULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwCreateIoCompletion(IoCompletionHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; NumberOfConcurrentThreads: ULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: W2K, WXP, 2K3
function  NtCreateJobObject(
    JobHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwCreateJobObject(JobHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK as ZwCreateKey().
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtCreateKey(
    KeyHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    TitleIndex : ULONG;
    Class_ : PUNICODE_STRING;
    CreateOptions : ULONG;
    Disposition : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwCreateKey(KeyHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; TitleIndex: ULONG; Class_: PUNICODE_STRING; CreateOptions: ULONG; Disposition: PULONG): NTSTATUS; stdcall;
    {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtCreateMailslotFile(
    FileHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    IoStatusBlock : PIO_STATUS_BLOCK;
    CreateOptions : ULONG;
    Unknown : ULONG;
    MaxMessageSize : ULONG;
    ReadTimeout : PLARGE_INTEGER
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwCreateMailslotFile(FileHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; IoStatusBlock: PIO_STATUS_BLOCK; CreateOptions: ULONG; Unknown: ULONG; MaxMessageSize: ULONG;
    ReadTimeout: PLARGE_INTEGER): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtCreateMutant(
    MutantHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    InitialOwner : BOOLEAN
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwCreateMutant(MutantHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; InitialOwner: BOOLEAN): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtCreateNamedPipeFile(
    FileHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    IoStatusBlock : PIO_STATUS_BLOCK;
    ShareAccess : ULONG;
    CreateDisposition : ULONG;
    CreateOptions : ULONG;
    TypeMessage : BOOLEAN;
    ReadmodeMessage : BOOLEAN;
    Nonblocking : BOOLEAN;
    MaxInstances : ULONG;
    InBufferSize : ULONG;
    OutBufferSize : ULONG;
    DefaultTimeout : PLARGE_INTEGER
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwCreateNamedPipeFile(FileHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; IoStatusBlock: PIO_STATUS_BLOCK; ShareAccess: ULONG; CreateDisposition: ULONG; CreateOptions: ULONG;
    TypeMessage: BOOLEAN; ReadmodeMessage: BOOLEAN; Nonblocking: BOOLEAN; MaxInstances: ULONG; InBufferSize: ULONG; OutBufferSize: ULONG; DefaultTimeout: PLARGE_INTEGER): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtCreatePagingFile(
    FileName : PUNICODE_STRING;
    InitialSize : PULARGE_INTEGER;
    MaximumSize : PULARGE_INTEGER;
    Reserved : ULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwCreatePagingFile(FileName: PUNICODE_STRING; InitialSize: PULARGE_INTEGER; MaximumSize: PULARGE_INTEGER; Reserved: ULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtCreatePort(
    PortHandle : PHANDLE;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    MaxDataSize : ULONG;
    MaxMessageSize : ULONG;
    Reserved : ULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwCreatePort(PortHandle: PHANDLE; ObjectAttributes: POBJECT_ATTRIBUTES; MaxDataSize: ULONG; MaxMessageSize: ULONG; Reserved: ULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtCreateProcess(
    ProcessHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    InheritFromProcessHandle : HANDLE;
    InheritHandles : BOOLEAN;
    SectionHandle : HANDLE;
    DebugPort : HANDLE;
    ExceptionPort : HANDLE
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwCreateProcess(ProcessHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; InheritFromProcessHandle: HANDLE; InheritHandles: BOOLEAN; SectionHandle: HANDLE; DebugPort: HANDLE;
    ExceptionPort: HANDLE): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtCreateProfile(
    ProfileHandle : PHANDLE;
    ProcessHandle : HANDLE;
    Base : PVOID;
    Size : ULONG;
    BucketShift : ULONG;
    Buffer : PULONG;
    BufferLength : ULONG;
    Source : KPROFILE_SOURCE;
    ProcessorMask : ULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwCreateProfile(ProfileHandle: PHANDLE; ProcessHandle: HANDLE; Base: PVOID; Size: ULONG; BucketShift: ULONG; Buffer: PULONG; BufferLength: ULONG; Source: KPROFILE_SOURCE; ProcessorMask: ULONG): NTSTATUS; stdcall;
    {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK as ZwCreateSection().
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtCreateSection(
    SectionHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    SectionSize : PLARGE_INTEGER;
    Protect : ULONG;
    Attributes : ULONG;
    FileHandle : HANDLE
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwCreateSection(SectionHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; SectionSize: PLARGE_INTEGER; Protect: ULONG; Attributes: ULONG; FileHandle: HANDLE): NTSTATUS; stdcall;
    {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtCreateSemaphore(
    SemaphoreHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    InitialCount : LONG;
    MaximumCount : LONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwCreateSemaphore(SemaphoreHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; InitialCount: LONG; MaximumCount: LONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtCreateSymbolicLinkObject(
    SymbolicLinkHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    TargetName : PUNICODE_STRING
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwCreateSymbolicLinkObject(SymbolicLinkHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; TargetName: PUNICODE_STRING): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtCreateThread(
    ThreadHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    ProcessHandle : HANDLE;
    ClientId : PCLIENT_ID;
    ThreadContext : PCONTEXT;
    UserStack : PUSER_STACK;
    CreateSuspended : BOOLEAN
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwCreateThread(ThreadHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; ProcessHandle: HANDLE; ClientId: PCLIENT_ID; ThreadContext: PCONTEXT; UserStack: PUSER_STACK;
    CreateSuspended: BOOLEAN): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtCreateTimer(
    TimerHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    TimerType : TIMER_TYPE
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwCreateTimer(TimerHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; TimerType: TIMER_TYPE): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtCreateToken(
    TokenHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    Type_ : TOKEN_TYPE;
    AuthenticationId : PLUID;
    ExpirationTime : PLARGE_INTEGER;
    User : PTOKEN_USER;
    Groups : PTOKEN_GROUPS;
    Privileges : PTOKEN_PRIVILEGES;
    Owner : PTOKEN_OWNER;
    PrimaryGroup : PTOKEN_PRIMARY_GROUP;
    DefaultDacl : PTOKEN_DEFAULT_DACL;
    Source : PTOKEN_SOURCE
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwCreateToken(TokenHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; Type_: TOKEN_TYPE; AuthenticationId: PLUID; ExpirationTime: PLARGE_INTEGER; User: PTOKEN_USER; Groups: PTOKEN_GROUPS;
    Privileges: PTOKEN_PRIVILEGES; Owner: PTOKEN_OWNER; PrimaryGroup: PTOKEN_PRIMARY_GROUP; DefaultDacl: PTOKEN_DEFAULT_DACL; Source: PTOKEN_SOURCE): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: W2K, WXP, 2K3
function  NtCreateWaitablePort(
    PortHandle : PHANDLE;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    MaxDataSize : ULONG;
    MaxMessageSize : ULONG;
    Reserved : ULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwCreateWaitablePort(PortHandle: PHANDLE; ObjectAttributes: POBJECT_ATTRIBUTES; MaxDataSize: ULONG; MaxMessageSize: ULONG; Reserved: ULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtCurrentTeb(): PTEB; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwCurrentTeb(): PTEB; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: WXP, 2K3
function  NtDebugActiveProcess(
    hProcess : HANDLE;
    hDebugObject : HANDLE
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwDebugActiveProcess(hProcess: HANDLE; hDebugObject: HANDLE): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtDelayExecution(
    Alertable : BOOLEAN;
    Interval : PLARGE_INTEGER
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwDelayExecution(Alertable: BOOLEAN; Interval: PLARGE_INTEGER): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT4, W2K, WXP, 2K3
function  NtDeleteAtom(
    Atom : USHORT
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwDeleteAtom(Atom: USHORT): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtDeleteFile(
    ObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwDeleteFile(ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK as ZwDeleteKey().
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtDeleteKey(
    KeyHandle : HANDLE
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwDeleteKey(KeyHandle: HANDLE): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT4, W2K, WXP, 2K3
function  NtDeleteObjectAuditAlarm(
    SubsystemName : PUNICODE_STRING;
    HandleId : PVOID;
    GenerateOnClose : BOOLEAN
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwDeleteObjectAuditAlarm(SubsystemName: PUNICODE_STRING; HandleId: PVOID; GenerateOnClose: BOOLEAN): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtDeleteValueKey(
    KeyHandle : HANDLE;
    ValueName : PUNICODE_STRING
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwDeleteValueKey(KeyHandle: HANDLE; ValueName: PUNICODE_STRING): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtDeviceIoControlFile(
    FileHandle : HANDLE;
    Event : HANDLE;
    ApcRoutine : PIO_APC_ROUTINE;
    ApcContext : PVOID;
    IoStatusBlock : PIO_STATUS_BLOCK;
    IoControlCode : ULONG;
    InputBuffer : PVOID;
    InputBufferLength : ULONG;
    OutputBuffer : PVOID;
    OutputBufferLength : ULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwDeviceIoControlFile(FileHandle: HANDLE; Event: HANDLE; ApcRoutine: PIO_APC_ROUTINE; ApcContext: PVOID; IoStatusBlock: PIO_STATUS_BLOCK; IoControlCode: ULONG; InputBuffer: PVOID; InputBufferLength: ULONG; OutputBuffer: PVOID;
    OutputBufferLength: ULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtDisplayString(
    Str : PUNICODE_STRING
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwDisplayString(Str: PUNICODE_STRING): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtDuplicateObject(
    SourceProcessHandle : HANDLE;
    SourceHandle : HANDLE;
    TargetProcessHandle : HANDLE;
    TargetHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    Attributes : ULONG;
    Options : ULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwDuplicateObject(SourceProcessHandle: HANDLE; SourceHandle: HANDLE; TargetProcessHandle: HANDLE; TargetHandle: PHANDLE; DesiredAccess: ACCESS_MASK; Attributes: ULONG; Options: ULONG): NTSTATUS; stdcall;
    {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtDuplicateToken(
    ExistingTokenHandle : HANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    EffectiveOnly : BOOLEAN;
    TokenType : TOKEN_TYPE;
    NewTokenHandle : PHANDLE
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwDuplicateToken(ExistingTokenHandle: HANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; EffectiveOnly: BOOLEAN; TokenType: TOKEN_TYPE; NewTokenHandle: PHANDLE): NTSTATUS; stdcall;
    {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK as ZwEnumerateKey().
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtEnumerateKey(
    KeyHandle : HANDLE;
    Index : ULONG;
    KeyInformationClass : KEY_INFORMATION_CLASS;
    KeyInformation : PVOID;
    KeyInformationLength : ULONG;
    ResultLength : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwEnumerateKey(KeyHandle: HANDLE; Index: ULONG; KeyInformationClass: KEY_INFORMATION_CLASS; KeyInformation: PVOID; KeyInformationLength: ULONG; ResultLength: PULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK as ZwEnumerateValueKey().
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtEnumerateValueKey(
    KeyHandle : HANDLE;
    Index : ULONG;
    KeyValueInformationClass : KEY_VALUE_INFORMATION_CLASS;
    KeyValueInformation : PVOID;
    KeyValueInformationLength : ULONG;
    ResultLength : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwEnumerateValueKey(KeyHandle: HANDLE; Index: ULONG; KeyValueInformationClass: KEY_VALUE_INFORMATION_CLASS; KeyValueInformation: PVOID; KeyValueInformationLength: ULONG; ResultLength: PULONG): NTSTATUS; stdcall;
    {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtExtendSection(
    SectionHandle : HANDLE;
    SectionSize : PLARGE_INTEGER
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwExtendSection(SectionHandle: HANDLE; SectionSize: PLARGE_INTEGER): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: W2K, WXP, 2K3
function  NtFilterToken(
    ExistingTokenHandle : HANDLE;
    Flags : ULONG;
    SidsToDisable : PTOKEN_GROUPS;
    PrivilegesToDelete : PTOKEN_PRIVILEGES;
    SidsToRestricted : PTOKEN_GROUPS;
    NewTokenHandle : PHANDLE
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwFilterToken(ExistingTokenHandle: HANDLE; Flags: ULONG; SidsToDisable: PTOKEN_GROUPS; PrivilegesToDelete: PTOKEN_PRIVILEGES; SidsToRestricted: PTOKEN_GROUPS; NewTokenHandle: PHANDLE): NTSTATUS; stdcall;
    {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT4, W2K, WXP, 2K3
function  NtFindAtom(
    Str : PWSTR;
    StringLength : ULONG;
    Atom : PUSHORT
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwFindAtom(Str: PWSTR; StringLength: ULONG; Atom: PUSHORT): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtFlushBuffersFile(
    FileHandle : HANDLE;
    IoStatusBlock : PIO_STATUS_BLOCK
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwFlushBuffersFile(FileHandle: HANDLE; IoStatusBlock: PIO_STATUS_BLOCK): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtFlushInstructionCache(
    ProcessHandle : HANDLE;
    BaseAddress : PVOID;
    FlushSize : ULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwFlushInstructionCache(ProcessHandle: HANDLE; BaseAddress: PVOID; FlushSize: ULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK as ZwFlushKey().
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtFlushKey(
    KeyHandle : HANDLE
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwFlushKey(KeyHandle: HANDLE): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtFlushVirtualMemory(
    ProcessHandle : HANDLE;
    BaseAddress : PPVOID;
    FlushSize : PULONG;
    IoStatusBlock : PIO_STATUS_BLOCK
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwFlushVirtualMemory(ProcessHandle: HANDLE; BaseAddress: PPVOID; FlushSize: PULONG; IoStatusBlock: PIO_STATUS_BLOCK): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtFlushWriteBuffer(): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwFlushWriteBuffer(): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: W2K, WXP, 2K3
function  NtFreeUserPhysicalPages(
    ProcessHandle : HANDLE;
    NumberOfPages : PULONG;
    PageFrameNumbers : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwFreeUserPhysicalPages(ProcessHandle: HANDLE; NumberOfPages: PULONG; PageFrameNumbers: PULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtFreeVirtualMemory(
    ProcessHandle : HANDLE;
    BaseAddress : PPVOID;
    FreeSize : PULONG;
    FreeType : ULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwFreeVirtualMemory(ProcessHandle: HANDLE; BaseAddress: PPVOID; FreeSize: PULONG; FreeType: ULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtFsControlFile(
    FileHandle : HANDLE;
    Event : HANDLE;
    ApcRoutine : PIO_APC_ROUTINE;
    ApcContext : PVOID;
    IoStatusBlock : PIO_STATUS_BLOCK;
    FsControlCode : ULONG;
    InputBuffer : PVOID;
    InputBufferLength : ULONG;
    OutputBuffer : PVOID;
    OutputBufferLength : ULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwFsControlFile(FileHandle: HANDLE; Event: HANDLE; ApcRoutine: PIO_APC_ROUTINE; ApcContext: PVOID; IoStatusBlock: PIO_STATUS_BLOCK; FsControlCode: ULONG; InputBuffer: PVOID; InputBufferLength: ULONG; OutputBuffer: PVOID;
    OutputBufferLength: ULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtGetContextThread(
    ThreadHandle : HANDLE;
    Context : PCONTEXT
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwGetContextThread(ThreadHandle: HANDLE; Context: PCONTEXT): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: 2K3
function  NtGetCurrentProcessorNumber(): ULONG; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwGetCurrentProcessorNumber(): ULONG; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: W2K, WXP, 2K3
function  NtGetDevicePowerState(
    DeviceHandle : HANDLE;
    DevicePowerState : PDEVICE_POWER_STATE
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwGetDevicePowerState(DeviceHandle: HANDLE; DevicePowerState: PDEVICE_POWER_STATE): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtGetPlugPlayEvent(
    Reserved1 : ULONG;
    Reserved2 : ULONG;
    Buffer : PVOID;
    BufferLength : ULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwGetPlugPlayEvent(Reserved1: ULONG; Reserved2: ULONG; Buffer: PVOID; BufferLength: ULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, 2K3
function  NtGetTickCount(): ULONG; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwGetTickCount(): ULONG; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: W2K, WXP, 2K3
function  NtGetWriteWatch(
    ProcessHandle : HANDLE;
    Flags : ULONG;
    BaseAddress : PVOID;
    RegionSize : ULONG;
    Buffer : PULONG;
    BufferEntries : PULONG;
    Granularity : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwGetWriteWatch(ProcessHandle: HANDLE; Flags: ULONG; BaseAddress: PVOID; RegionSize: ULONG; Buffer: PULONG; BufferEntries: PULONG; Granularity: PULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: W2K, WXP, 2K3
function  NtImpersonateAnonymousToken(
    ThreadHandle : HANDLE
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwImpersonateAnonymousToken(ThreadHandle: HANDLE): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtImpersonateClientOfPort(
    PortHandle : HANDLE;
    Message : PPORT_MESSAGE
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwImpersonateClientOfPort(PortHandle: HANDLE; Message: PPORT_MESSAGE): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtImpersonateThread(
    ThreadHandle : HANDLE;
    TargetThreadHandle : HANDLE;
    SecurityQos : PSECURITY_QUALITY_OF_SERVICE
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwImpersonateThread(ThreadHandle: HANDLE; TargetThreadHandle: HANDLE; SecurityQos: PSECURITY_QUALITY_OF_SERVICE): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtInitializeRegistry(
    Setup : BOOLEAN
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwInitializeRegistry(Setup: BOOLEAN): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: W2K, WXP, 2K3
function  NtInitiatePowerAction(
    SystemAction : POWER_ACTION;
    MinSystemState : SYSTEM_POWER_STATE;
    Flags : ULONG;
    Asynchronous : BOOLEAN
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwInitiatePowerAction(SystemAction: POWER_ACTION; MinSystemState: SYSTEM_POWER_STATE; Flags: ULONG; Asynchronous: BOOLEAN): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: W2K, WXP, 2K3
function  NtIsSystemResumeAutomatic(): BOOLEAN; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwIsSystemResumeAutomatic(): BOOLEAN; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Returns STATUS_NOT_IMPLEMENTED. Only MS knows the intention behind this.
//
// !!!DO NOT USE!!!
// Compatibility: NT4, W2K
function  NtListenChannel(
    x : PVOID;
    y : PVOID
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwListenChannel(x: PVOID; y: PVOID): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtListenPort(
    PortHandle : HANDLE;
    Message : PPORT_MESSAGE
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwListenPort(PortHandle: HANDLE; Message: PPORT_MESSAGE): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtLoadDriver(
    DriverServiceName : PUNICODE_STRING
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwLoadDriver(DriverServiceName: PUNICODE_STRING): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Relates to RegLoadKey().
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtLoadKey(
    KeyObjectAttributes : POBJECT_ATTRIBUTES;
    FileObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwLoadKey(KeyObjectAttributes: POBJECT_ATTRIBUTES; FileObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Relates to RegLoadKey().
// Compatibility: NT4, W2K, WXP, 2K3
function  NtLoadKey2(
    KeyObjectAttributes : POBJECT_ATTRIBUTES;
    FileObjectAttributes : POBJECT_ATTRIBUTES;
    Flags : ULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwLoadKey2(KeyObjectAttributes: POBJECT_ATTRIBUTES; FileObjectAttributes: POBJECT_ATTRIBUTES; Flags: ULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtLockFile(
    FileHandle : HANDLE;
    Event : HANDLE;
    ApcRoutine : PIO_APC_ROUTINE;
    ApcContext : PVOID;
    IoStatusBlock : PIO_STATUS_BLOCK;
    LockOffset : PULARGE_INTEGER;
    LockLength : PULARGE_INTEGER;
    Key : ULONG;
    FailImmediately : BOOLEAN;
    ExclusiveLock : BOOLEAN
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwLockFile(FileHandle: HANDLE; Event: HANDLE; ApcRoutine: PIO_APC_ROUTINE; ApcContext: PVOID; IoStatusBlock: PIO_STATUS_BLOCK; LockOffset: PULARGE_INTEGER; LockLength: PULARGE_INTEGER; Key: ULONG; FailImmediately: BOOLEAN;
    ExclusiveLock: BOOLEAN): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtLockVirtualMemory(
    ProcessHandle : HANDLE;
    BaseAddress : PPVOID;
    LockSize : PULONG;
    LockType : ULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwLockVirtualMemory(ProcessHandle: HANDLE; BaseAddress: PPVOID; LockSize: PULONG; LockType: ULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: WXP, 2K3
function  NtMakePermanentObject(
    Handle : HANDLE
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwMakePermanentObject(Handle: HANDLE): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK as ZwMakeTemporaryObject().
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtMakeTemporaryObject(
    Handle : HANDLE
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwMakeTemporaryObject(Handle: HANDLE): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: W2K, WXP, 2K3
function  NtMapUserPhysicalPages(
    BaseAddress : PVOID;
    NumberOfPages : PULONG;
    PageFrameNumbers : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwMapUserPhysicalPages(BaseAddress: PVOID; NumberOfPages: PULONG; PageFrameNumbers: PULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: W2K, WXP, 2K3
function  NtMapUserPhysicalPagesScatter(
    BaseAddresses : PPVOID;
    NumberOfPages : PULONG;
    PageFrameNumbers : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwMapUserPhysicalPagesScatter(BaseAddresses: PPVOID; NumberOfPages: PULONG; PageFrameNumbers: PULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK as ZwMapViewOfSection().
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtMapViewOfSection(
    SectionHandle : HANDLE;
    ProcessHandle : HANDLE;
    BaseAddress : PPVOID;
    ZeroBits : ULONG;
    CommitSize : ULONG;
    SectionOffset : PLARGE_INTEGER;
    ViewSize : PULONG;
    InheritDisposition : SECTION_INHERIT;
    AllocationType : ULONG;
    Protect : ULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwMapViewOfSection(SectionHandle: HANDLE; ProcessHandle: HANDLE; BaseAddress: PPVOID; ZeroBits: ULONG; CommitSize: ULONG; SectionOffset: PLARGE_INTEGER; ViewSize: PULONG; InheritDisposition: SECTION_INHERIT; AllocationType: ULONG;
    Protect: ULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtNotifyChangeDirectoryFile(
    FileHandle : HANDLE;
    Event : HANDLE;
    ApcRoutine : PIO_APC_ROUTINE;
    ApcContext : PVOID;
    IoStatusBlock : PIO_STATUS_BLOCK;
    Buffer : PFILE_NOTIFY_INFORMATION;
    BufferLength : ULONG;
    NotifyFilter : ULONG;
    WatchSubtree : BOOLEAN
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwNotifyChangeDirectoryFile(FileHandle: HANDLE; Event: HANDLE; ApcRoutine: PIO_APC_ROUTINE; ApcContext: PVOID; IoStatusBlock: PIO_STATUS_BLOCK; Buffer: PFILE_NOTIFY_INFORMATION; BufferLength: ULONG; NotifyFilter: ULONG;
    WatchSubtree: BOOLEAN): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtNotifyChangeKey(
    KeyHandle : HANDLE;
    EventHandle : HANDLE;
    ApcRoutine : PIO_APC_ROUTINE;
    ApcContext : PVOID;
    IoStatusBlock : PIO_STATUS_BLOCK;
    NotifyFilter : ULONG;
    WatchSubtree : BOOLEAN;
    Buffer : PVOID;
    BufferLength : ULONG;
    Asynchronous : BOOLEAN
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwNotifyChangeKey(KeyHandle: HANDLE; EventHandle: HANDLE; ApcRoutine: PIO_APC_ROUTINE; ApcContext: PVOID; IoStatusBlock: PIO_STATUS_BLOCK; NotifyFilter: ULONG; WatchSubtree: BOOLEAN; Buffer: PVOID; BufferLength: ULONG;
    Asynchronous: BOOLEAN): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: W2K, WXP, 2K3
function  NtNotifyChangeMultipleKeys(
    KeyHandle : HANDLE;
    Flags : ULONG;
    KeyObjectAttributes : POBJECT_ATTRIBUTES;
    EventHandle : HANDLE;
    ApcRoutine : PIO_APC_ROUTINE;
    ApcContext : PVOID;
    IoStatusBlock : PIO_STATUS_BLOCK;
    NotifyFilter : ULONG;
    WatchSubtree : BOOLEAN;
    Buffer : PVOID;
    BufferLength : ULONG;
    Asynchronous : BOOLEAN
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwNotifyChangeMultipleKeys(KeyHandle: HANDLE; Flags: ULONG; KeyObjectAttributes: POBJECT_ATTRIBUTES; EventHandle: HANDLE; ApcRoutine: PIO_APC_ROUTINE; ApcContext: PVOID; IoStatusBlock: PIO_STATUS_BLOCK; NotifyFilter: ULONG;
    WatchSubtree: BOOLEAN; Buffer: PVOID; BufferLength: ULONG; Asynchronous: BOOLEAN): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Returns STATUS_NOT_IMPLEMENTED. Only MS knows the intention behind this.
//
// !!!DO NOT USE!!!
// Compatibility: NT4, W2K
function  NtOpenChannel(
    ChannelHandle : PHANDLE;
    ObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwOpenChannel(ChannelHandle: PHANDLE; ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtOpenDirectoryObject(
    DirectoryHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwOpenDirectoryObject(DirectoryHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtOpenEvent(
    EventHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwOpenEvent(EventHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtOpenEventPair(
    EventPairHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwOpenEventPair(EventPairHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK as ZwOpenFile().
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtOpenFile(
    FileHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    IoStatusBlock : PIO_STATUS_BLOCK;
    ShareAccess : ULONG;
    OpenOptions : ULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwOpenFile(FileHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; IoStatusBlock: PIO_STATUS_BLOCK; ShareAccess: ULONG; OpenOptions: ULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtOpenIoCompletion(
    IoCompletionHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwOpenIoCompletion(IoCompletionHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: W2K, WXP, 2K3
function  NtOpenJobObject(
    JobHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwOpenJobObject(JobHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK as ZwOpenKey().
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtOpenKey(
    KeyHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwOpenKey(KeyHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtOpenMutant(
    MutantHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwOpenMutant(MutantHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtOpenObjectAuditAlarm(
    SubsystemName : PUNICODE_STRING;
    HandleId : PPVOID;
    ObjectTypeName : PUNICODE_STRING;
    ObjectName : PUNICODE_STRING;
    SecurityDescriptor : PSECURITY_DESCRIPTOR;
    TokenHandle : HANDLE;
    DesiredAccess : ACCESS_MASK;
    GrantedAccess : ACCESS_MASK;
    Privileges : PPRIVILEGE_SET;
    ObjectCreation : BOOLEAN;
    AccessGranted : BOOLEAN;
    GenerateOnClose : PBOOLEAN
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwOpenObjectAuditAlarm(SubsystemName: PUNICODE_STRING; HandleId: PPVOID; ObjectTypeName: PUNICODE_STRING; ObjectName: PUNICODE_STRING; SecurityDescriptor: PSECURITY_DESCRIPTOR; TokenHandle: HANDLE; DesiredAccess: ACCESS_MASK;
    GrantedAccess: ACCESS_MASK; Privileges: PPRIVILEGE_SET; ObjectCreation: BOOLEAN; AccessGranted: BOOLEAN; GenerateOnClose: PBOOLEAN): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtOpenProcess(
    ProcessHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    ClientId : PCLIENT_ID
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwOpenProcess(ProcessHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; ClientId: PCLIENT_ID): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtOpenProcessToken(
    ProcessHandle : HANDLE;
    DesiredAccess : ACCESS_MASK;
    TokenHandle : PHANDLE
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwOpenProcessToken(ProcessHandle: HANDLE; DesiredAccess: ACCESS_MASK; TokenHandle: PHANDLE): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK as ZwOpenSection().
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtOpenSection(
    SectionHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwOpenSection(SectionHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtOpenSemaphore(
    SemaphoreHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwOpenSemaphore(SemaphoreHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK as ZwOpenSymbolicLinkObject().
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtOpenSymbolicLinkObject(
    SymbolicLinkHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwOpenSymbolicLinkObject(SymbolicLinkHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtOpenThread(
    ThreadHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    ClientId : PCLIENT_ID
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwOpenThread(ThreadHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; ClientId: PCLIENT_ID): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtOpenThreadToken(
    ThreadHandle : HANDLE;
    DesiredAccess : ACCESS_MASK;
    OpenAsSelf : BOOLEAN;
    TokenHandle : PHANDLE
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwOpenThreadToken(ThreadHandle: HANDLE; DesiredAccess: ACCESS_MASK; OpenAsSelf: BOOLEAN; TokenHandle: PHANDLE): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtOpenTimer(
    TimerHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwOpenTimer(TimerHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtPlugPlayControl(
    ControlCode : ULONG;
    Buffer : PVOID;
    BufferLength : ULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwPlugPlayControl(ControlCode: ULONG; Buffer: PVOID; BufferLength: ULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: W2K, WXP, 2K3
function  NtPowerInformation(
    PowerInformationLevel : POWER_INFORMATION_LEVEL;
    InputBuffer : PVOID;
    InputBufferLength : ULONG;
    OutputBuffer : PVOID;
    OutputBufferLength : ULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwPowerInformation(PowerInformationLevel: POWER_INFORMATION_LEVEL; InputBuffer: PVOID; InputBufferLength: ULONG; OutputBuffer: PVOID; OutputBufferLength: ULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to PrivilegeCheck() from Advapi32.dll.
// Refer to the PSDK for additional information. Usually the same flags
// apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtPrivilegeCheck(
    TokenHandle : HANDLE;
    RequiredPrivileges : PPRIVILEGE_SET;
    Result_ : PBOOLEAN
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwPrivilegeCheck(TokenHandle: HANDLE; RequiredPrivileges: PPRIVILEGE_SET; Result_: PBOOLEAN): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to PrivilegedServiceAuditAlarm() from
// Advapi32.dll. Refer to the PSDK for additional information. Usually the
// same flags apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtPrivilegedServiceAuditAlarm(
    SubsystemName : PUNICODE_STRING;
    ServiceName : PUNICODE_STRING;
    TokenHandle : HANDLE;
    Privileges : PPRIVILEGE_SET;
    AccessGranted : BOOLEAN
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwPrivilegedServiceAuditAlarm(SubsystemName: PUNICODE_STRING; ServiceName: PUNICODE_STRING; TokenHandle: HANDLE; Privileges: PPRIVILEGE_SET; AccessGranted: BOOLEAN): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtPrivilegeObjectAuditAlarm(
    SubsystemName : PUNICODE_STRING;
    HandleId : PVOID;
    TokenHandle : HANDLE;
    DesiredAccess : ACCESS_MASK;
    Privileges : PPRIVILEGE_SET;
    AccessGranted : BOOLEAN
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwPrivilegeObjectAuditAlarm(SubsystemName: PUNICODE_STRING; HandleId: PVOID; TokenHandle: HANDLE; DesiredAccess: ACCESS_MASK; Privileges: PPRIVILEGE_SET; AccessGranted: BOOLEAN): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;
   {$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtProtectVirtualMemory(
    ProcessHandle : HANDLE;
    BaseAddress : PPVOID;
    ProtectSize : PULONG;
    NewProtect : ULONG;
    OldProtect : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwProtectVirtualMemory(ProcessHandle: HANDLE; BaseAddress: PPVOID; ProtectSize: PULONG; NewProtect: ULONG; OldProtect: PULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtPulseEvent(
    EventHandle : HANDLE;
    PreviousState : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwPulseEvent(EventHandle: HANDLE; PreviousState: PULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtQueryAttributesFile(
    ObjectAttributes : POBJECT_ATTRIBUTES;
    FileInformation : PFILE_BASIC_INFORMATION
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwQueryAttributesFile(ObjectAttributes: POBJECT_ATTRIBUTES; FileInformation: PFILE_BASIC_INFORMATION): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtQueryDefaultLocale(
    ThreadOrSystem : BOOLEAN;
    Locale : PLCID
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwQueryDefaultLocale(ThreadOrSystem: BOOLEAN; Locale: PLCID): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: W2K, WXP, 2K3
function  NtQueryDefaultUILanguage(
    LanguageId : PLANGID
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwQueryDefaultUILanguage(LanguageId: PLANGID): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtQueryDirectoryFile(
    FileHandle : HANDLE;
    Event : HANDLE;
    ApcRoutine : PIO_APC_ROUTINE;
    ApcContext : PVOID;
    IoStatusBlock : PIO_STATUS_BLOCK;
    FileInformation : PVOID;
    FileInformationLength : ULONG;
    FileInformationClass : FILE_INFORMATION_CLASS;
    ReturnSingleEntry : BOOLEAN;
    FileName : PUNICODE_STRING;
    RestartScan : BOOLEAN
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwQueryDirectoryFile(FileHandle: HANDLE; Event: HANDLE; ApcRoutine: PIO_APC_ROUTINE; ApcContext: PVOID; IoStatusBlock: PIO_STATUS_BLOCK; FileInformation: PVOID; FileInformationLength: ULONG;
    FileInformationClass: FILE_INFORMATION_CLASS; ReturnSingleEntry: BOOLEAN; FileName: PUNICODE_STRING; RestartScan: BOOLEAN): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtQueryDirectoryObject(
    DirectoryHandle : HANDLE;
    Buffer : PVOID;
    BufferLength : ULONG;
    ReturnSingleEntry : BOOLEAN;
    RestartScan : BOOLEAN;
    Context : PULONG;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwQueryDirectoryObject(DirectoryHandle: HANDLE; Buffer: PVOID; BufferLength: ULONG; ReturnSingleEntry: BOOLEAN; RestartScan: BOOLEAN; Context: PULONG; ReturnLength: PULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;
   {$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtQueryEaFile(
    FileHandle : HANDLE;
    IoStatusBlock : PIO_STATUS_BLOCK;
    Buffer : PFILE_FULL_EA_INFORMATION;
    BufferLength : ULONG;
    ReturnSingleEntry : BOOLEAN;
    EaList : PFILE_GET_EA_INFORMATION;
    EaListLength : ULONG;
    EaIndex : PULONG;
    RestartScan : BOOLEAN
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwQueryEaFile(FileHandle: HANDLE; IoStatusBlock: PIO_STATUS_BLOCK; Buffer: PFILE_FULL_EA_INFORMATION; BufferLength: ULONG; ReturnSingleEntry: BOOLEAN; EaList: PFILE_GET_EA_INFORMATION; EaListLength: ULONG; EaIndex: PULONG;
    RestartScan: BOOLEAN): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtQueryEvent(
    EventHandle : HANDLE;
    EventInformationClass : EVENT_INFORMATION_CLASS;
    EventInformation : PVOID;
    EventInformationLength : ULONG;
    ResultLength : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwQueryEvent(EventHandle: HANDLE; EventInformationClass: EVENT_INFORMATION_CLASS; EventInformation: PVOID; EventInformationLength: ULONG; ResultLength: PULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT4, W2K, WXP, 2K3
function  NtQueryFullAttributesFile(
    ObjectAttributes : POBJECT_ATTRIBUTES;
    FileInformation : PFILE_NETWORK_OPEN_INFORMATION
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwQueryFullAttributesFile(ObjectAttributes: POBJECT_ATTRIBUTES; FileInformation: PFILE_NETWORK_OPEN_INFORMATION): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT4, W2K, WXP, 2K3
function  NtQueryInformationAtom(
    Atom : USHORT;
    AtomInformationClass : ATOM_INFORMATION_CLASS;
    AtomInformation : PVOID;
    AtomInformationLength : ULONG;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwQueryInformationAtom(Atom: USHORT; AtomInformationClass: ATOM_INFORMATION_CLASS; AtomInformation: PVOID; AtomInformationLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK as ZwQueryInformationFile().
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtQueryInformationFile(
    FileHandle : HANDLE;
    IoStatusBlock : PIO_STATUS_BLOCK;
    FileInformation : PVOID;
    FileInformationLength : ULONG;
    FileInformationClass : FILE_INFORMATION_CLASS
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwQueryInformationFile(FileHandle: HANDLE; IoStatusBlock: PIO_STATUS_BLOCK; FileInformation: PVOID; FileInformationLength: ULONG; FileInformationClass: FILE_INFORMATION_CLASS): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;
   {$ENDIF}

// Compatibility: W2K, WXP, 2K3
function  NtQueryInformationJobObject(
    JobHandle : HANDLE;
    JobInformationClass : JOBOBJECTINFOCLASS;
    JobInformation : PVOID;
    JobInformationLength : ULONG;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwQueryInformationJobObject(JobHandle: HANDLE; JobInformationClass: JOBOBJECTINFOCLASS; JobInformation: PVOID; JobInformationLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtQueryInformationPort(
    PortHandle : HANDLE;
    PortInformationClass : PORT_INFORMATION_CLASS;
    PortInformation : PVOID;
    PortInformationLength : ULONG;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwQueryInformationPort(PortHandle: HANDLE; PortInformationClass: PORT_INFORMATION_CLASS; PortInformation: PVOID; PortInformationLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtQueryInformationProcess(
    ProcessHandle : HANDLE;
    ProcessInformationClass : PROCESSINFOCLASS;
    ProcessInformation : PVOID;
    ProcessInformationLength : ULONG;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwQueryInformationProcess(ProcessHandle: HANDLE; ProcessInformationClass: PROCESSINFOCLASS; ProcessInformation: PVOID; ProcessInformationLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;
   {$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtQueryInformationThread(
    ThreadHandle : HANDLE;
    ThreadInformationClass : THREADINFOCLASS;
    ThreadInformation : PVOID;
    ThreadInformationLength : ULONG;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwQueryInformationThread(ThreadHandle: HANDLE; ThreadInformationClass: THREADINFOCLASS; ThreadInformation: PVOID; ThreadInformationLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtQueryInformationToken(
    TokenHandle : HANDLE;
    TokenInformationClass : TOKEN_INFORMATION_CLASS;
    TokenInformation : PVOID;
    TokenInformationLength : ULONG;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwQueryInformationToken(TokenHandle: HANDLE; TokenInformationClass: TOKEN_INFORMATION_CLASS; TokenInformation: PVOID; TokenInformationLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: W2K, WXP, 2K3
function  NtQueryInstallUILanguage(
    LanguageId : PLANGID
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwQueryInstallUILanguage(LanguageId: PLANGID): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtQueryIntervalProfile(
    Source : KPROFILE_SOURCE;
    Interval : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwQueryIntervalProfile(Source: KPROFILE_SOURCE; Interval: PULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtQueryIoCompletion(
    IoCompletionHandle : HANDLE;
    IoCompletionInformationClass : IO_COMPLETION_INFORMATION_CLASS;
    IoCompletionInformation : PVOID;
    IoCompletionInformationLength : ULONG;
    ResultLength : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwQueryIoCompletion(IoCompletionHandle: HANDLE; IoCompletionInformationClass: IO_COMPLETION_INFORMATION_CLASS; IoCompletionInformation: PVOID; IoCompletionInformationLength: ULONG; ResultLength: PULONG): NTSTATUS; stdcall;
    {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK as ZwQueryKey().
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtQueryKey(
    KeyHandle : HANDLE;
    KeyInformationClass : KEY_INFORMATION_CLASS;
    KeyInformation : PVOID;
    KeyInformationLength : ULONG;
    ResultLength : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwQueryKey(KeyHandle: HANDLE; KeyInformationClass: KEY_INFORMATION_CLASS; KeyInformation: PVOID; KeyInformationLength: ULONG; ResultLength: PULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT4, W2K, WXP, 2K3
function  NtQueryMultipleValueKey(
    KeyHandle : HANDLE;
    ValueList : PKEY_VALUE_ENTRY;
    NumberOfValues : ULONG;
    Buffer : PVOID;
    Length : PULONG;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwQueryMultipleValueKey(KeyHandle: HANDLE; ValueList: PKEY_VALUE_ENTRY; NumberOfValues: ULONG; Buffer: PVOID; Length: PULONG; ReturnLength: PULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtQueryMutant(
    MutantHandle : HANDLE;
    MutantInformationClass : MUTANT_INFORMATION_CLASS;
    MutantInformation : PVOID;
    MutantInformationLength : ULONG;
    ResultLength : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwQueryMutant(MutantHandle: HANDLE; MutantInformationClass: MUTANT_INFORMATION_CLASS; MutantInformation: PVOID; MutantInformationLength: ULONG; ResultLength: PULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtQueryObject(
    ObjectHandle : HANDLE;
    ObjectInformationClass : OBJECT_INFORMATION_CLASS;
    ObjectInformation : PVOID;
    ObjectInformationLength : ULONG;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwQueryObject(ObjectHandle: HANDLE; ObjectInformationClass: OBJECT_INFORMATION_CLASS; ObjectInformation: PVOID; ObjectInformationLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: W2K, WXP, 2K3
function  NtQueryOpenSubKeys(
    KeyObjectAttributes : POBJECT_ATTRIBUTES;
    NumberOfKey : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwQueryOpenSubKeys(KeyObjectAttributes: POBJECT_ATTRIBUTES; NumberOfKey: PULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtQueryPerformanceCounter(
    PerformanceCount : PLARGE_INTEGER;
    PerformanceFrequency : PLARGE_INTEGER
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwQueryPerformanceCounter(PerformanceCount: PLARGE_INTEGER; PerformanceFrequency: PLARGE_INTEGER): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: WXP, 2K3
function  NtQueryPortInformationProcess(): ULONG; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwQueryPortInformationProcess(): ULONG; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: W2K, WXP, 2K3
function  NtQueryQuotaInformationFile(
    FileHandle : HANDLE;
    IoStatusBlock : PIO_STATUS_BLOCK;
    Buffer : PFILE_USER_QUOTA_INFORMATION;
    BufferLength : ULONG;
    ReturnSingleEntry : BOOLEAN;
    QuotaList : PFILE_QUOTA_LIST_INFORMATION;
    QuotaListLength : ULONG;
    ResumeSid : PSID;
    RestartScan : BOOLEAN
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwQueryQuotaInformationFile(FileHandle: HANDLE; IoStatusBlock: PIO_STATUS_BLOCK; Buffer: PFILE_USER_QUOTA_INFORMATION; BufferLength: ULONG; ReturnSingleEntry: BOOLEAN; QuotaList: PFILE_QUOTA_LIST_INFORMATION;
    QuotaListLength: ULONG; ResumeSid: PSID; RestartScan: BOOLEAN): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtQuerySection(
    SectionHandle : HANDLE;
    SectionInformationClass : SECTION_INFORMATION_CLASS;
    SectionInformation : PVOID;
    SectionInformationLength : ULONG;
    ResultLength : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwQuerySection(SectionHandle: HANDLE; SectionInformationClass: SECTION_INFORMATION_CLASS; SectionInformation: PVOID; SectionInformationLength: ULONG; ResultLength: PULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtQuerySecurityObject(
    Handle : HANDLE;
    RequestedInformation : SECURITY_INFORMATION;
    SecurityDescriptor : PSECURITY_DESCRIPTOR;
    SecurityDescriptorLength : ULONG;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwQuerySecurityObject(Handle: HANDLE; RequestedInformation: SECURITY_INFORMATION; SecurityDescriptor: PSECURITY_DESCRIPTOR; SecurityDescriptorLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;
   {$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtQuerySemaphore(
    SemaphoreHandle : HANDLE;
    SemaphoreInformationClass : SEMAPHORE_INFORMATION_CLASS;
    SemaphoreInformation : PVOID;
    SemaphoreInformationLength : ULONG;
    ResultLength : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwQuerySemaphore(SemaphoreHandle: HANDLE; SemaphoreInformationClass: SEMAPHORE_INFORMATION_CLASS; SemaphoreInformation: PVOID; SemaphoreInformationLength: ULONG; ResultLength: PULONG): NTSTATUS; stdcall;
    {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK as ZwQuerySymbolicLinkObject().
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtQuerySymbolicLinkObject(
    SymbolicLinkHandle : HANDLE;
    TargetName : PUNICODE_STRING;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwQuerySymbolicLinkObject(SymbolicLinkHandle: HANDLE; TargetName: PUNICODE_STRING; ReturnLength: PULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtQuerySystemEnvironmentValue(
    Name : PUNICODE_STRING;
    Value : PVOID;
    ValueLength : ULONG;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwQuerySystemEnvironmentValue(Name: PUNICODE_STRING; Value: PVOID; ValueLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtQuerySystemInformation(
    SystemInformationClass : SYSTEM_INFORMATION_CLASS;
    SystemInformation : PVOID;
    SystemInformationLength : ULONG;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwQuerySystemInformation(SystemInformationClass: SYSTEM_INFORMATION_CLASS; SystemInformation: PVOID; SystemInformationLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtQuerySystemTime(
    CurrentTime : PLARGE_INTEGER
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwQuerySystemTime(CurrentTime: PLARGE_INTEGER): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtQueryTimer(
    TimerHandle : HANDLE;
    TimerInformationClass : TIMER_INFORMATION_CLASS;
    TimerInformation : PVOID;
    TimerInformationLength : ULONG;
    ResultLength : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwQueryTimer(TimerHandle: HANDLE; TimerInformationClass: TIMER_INFORMATION_CLASS; TimerInformation: PVOID; TimerInformationLength: ULONG; ResultLength: PULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtQueryTimerResolution(
    CoarsestResolution : PULONG;
    FinestResolution : PULONG;
    ActualResolution : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwQueryTimerResolution(CoarsestResolution: PULONG; FinestResolution: PULONG; ActualResolution: PULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK as ZwQueryValueKey().
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtQueryValueKey(
    KeyHandle : HANDLE;
    ValueName : PUNICODE_STRING;
    KeyValueInformationClass : KEY_VALUE_INFORMATION_CLASS;
    KeyValueInformation : PVOID;
    KeyValueInformationLength : ULONG;
    ResultLength : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwQueryValueKey(KeyHandle: HANDLE; ValueName: PUNICODE_STRING; KeyValueInformationClass: KEY_VALUE_INFORMATION_CLASS; KeyValueInformation: PVOID; KeyValueInformationLength: ULONG; ResultLength: PULONG): NTSTATUS; stdcall;
    {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtQueryVirtualMemory(
    ProcessHandle : HANDLE;
    BaseAddress : PVOID;
    MemoryInformationClass : MEMORY_INFORMATION_CLASS;
    MemoryInformation : PVOID;
    MemoryInformationLength : ULONG;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwQueryVirtualMemory(ProcessHandle: HANDLE; BaseAddress: PVOID; MemoryInformationClass: MEMORY_INFORMATION_CLASS; MemoryInformation: PVOID; MemoryInformationLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall;
    {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtQueryVolumeInformationFile(
    FileHandle : HANDLE;
    IoStatusBlock : PIO_STATUS_BLOCK;
    VolumeInformation : PVOID;
    VolumeInformationLength : ULONG;
    VolumeInformationClass : FS_INFORMATION_CLASS
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwQueryVolumeInformationFile(FileHandle: HANDLE; IoStatusBlock: PIO_STATUS_BLOCK; VolumeInformation: PVOID; VolumeInformationLength: ULONG; VolumeInformationClass: FS_INFORMATION_CLASS): NTSTATUS; stdcall;
    {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT4, W2K, WXP, 2K3
function  NtQueueApcThread(
    ThreadHandle : HANDLE;
    ApcRoutine : PKNORMAL_ROUTINE;
    ApcContext : PVOID;
    Argument1 : PVOID;
    Argument2 : PVOID
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwQueueApcThread(ThreadHandle: HANDLE; ApcRoutine: PKNORMAL_ROUTINE; ApcContext: PVOID; Argument1: PVOID; Argument2: PVOID): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtRaiseException(
    ExceptionRecord : PEXCEPTION_RECORD;
    Context : PCONTEXT;
    SearchFrames : BOOLEAN
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwRaiseException(ExceptionRecord: PEXCEPTION_RECORD; Context: PCONTEXT; SearchFrames: BOOLEAN): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtRaiseHardError(
    Status : NTSTATUS;
    NumberOfArguments : ULONG;
    StringArgumentsMask : ULONG;
    Arguments : PULONG;
    MessageBoxType : ULONG;
    MessageBoxResult : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwRaiseHardError(Status: NTSTATUS; NumberOfArguments: ULONG; StringArgumentsMask: ULONG; Arguments: PULONG; MessageBoxType: ULONG; MessageBoxResult: PULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK as ZwReadFile().
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtReadFile(
    FileHandle : HANDLE;
    Event : HANDLE;
    ApcRoutine : PIO_APC_ROUTINE;
    ApcContext : PVOID;
    IoStatusBlock : PIO_STATUS_BLOCK;
    Buffer : PVOID;
    Length : ULONG;
    ByteOffset : PLARGE_INTEGER;
    Key : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwReadFile(FileHandle: HANDLE; Event: HANDLE; ApcRoutine: PIO_APC_ROUTINE; ApcContext: PVOID; IoStatusBlock: PIO_STATUS_BLOCK; Buffer: PVOID; Length: ULONG; ByteOffset: PLARGE_INTEGER; Key: PULONG): NTSTATUS; stdcall;
    {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT4, W2K, WXP, 2K3
function  NtReadFileScatter(
    FileHandle : HANDLE;
    Event : HANDLE;
    ApcRoutine : PIO_APC_ROUTINE;
    ApcContext : PVOID;
    IoStatusBlock : PIO_STATUS_BLOCK;
    Buffer : PFILE_SEGMENT_ELEMENT;
    Length : ULONG;
    ByteOffset : PLARGE_INTEGER;
    Key : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwReadFileScatter(FileHandle: HANDLE; Event: HANDLE; ApcRoutine: PIO_APC_ROUTINE; ApcContext: PVOID; IoStatusBlock: PIO_STATUS_BLOCK; Buffer: PFILE_SEGMENT_ELEMENT; Length: ULONG; ByteOffset: PLARGE_INTEGER;
    Key: PULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtReadRequestData(
    PortHandle : HANDLE;
    Message : PPORT_MESSAGE;
    Index : ULONG;
    Buffer : PVOID;
    BufferLength : ULONG;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwReadRequestData(PortHandle: HANDLE; Message: PPORT_MESSAGE; Index: ULONG; Buffer: PVOID; BufferLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtReadVirtualMemory(
    ProcessHandle : HANDLE;
    BaseAddress : PVOID;
    Buffer : PVOID;
    BufferLength : ULONG;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwReadVirtualMemory(ProcessHandle: HANDLE; BaseAddress: PVOID; Buffer: PVOID; BufferLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtRegisterThreadTerminatePort(
    PortHandle : HANDLE
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwRegisterThreadTerminatePort(PortHandle: HANDLE): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtReleaseMutant(
    MutantHandle : HANDLE;
    PreviousState : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwReleaseMutant(MutantHandle: HANDLE; PreviousState: PULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtReleaseSemaphore(
    SemaphoreHandle : HANDLE;
    ReleaseCount : LONG;
    PreviousCount : PLONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwReleaseSemaphore(SemaphoreHandle: HANDLE; ReleaseCount: LONG; PreviousCount: PLONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtRemoveIoCompletion(
    IoCompletionHandle : HANDLE;
    CompletionKey : PULONG;
    CompletionValue : PULONG;
    IoStatusBlock : PIO_STATUS_BLOCK;
    Timeout : PLARGE_INTEGER
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwRemoveIoCompletion(IoCompletionHandle: HANDLE; CompletionKey: PULONG; CompletionValue: PULONG; IoStatusBlock: PIO_STATUS_BLOCK; Timeout: PLARGE_INTEGER): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: WXP, 2K3
function  NtRemoveProcessDebug(
    hProcess : HANDLE;
    hDebugObject : HANDLE
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwRemoveProcessDebug(hProcess: HANDLE; hDebugObject: HANDLE): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtReplaceKey(
    NewFileObjectAttributes : POBJECT_ATTRIBUTES;
    KeyHandle : HANDLE;
    OldFileObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwReplaceKey(NewFileObjectAttributes: POBJECT_ATTRIBUTES; KeyHandle: HANDLE; OldFileObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtReplyPort(
    PortHandle : HANDLE;
    ReplyMessage : PPORT_MESSAGE
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwReplyPort(PortHandle: HANDLE; ReplyMessage: PPORT_MESSAGE): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtReplyWaitReceivePort(
    PortHandle : HANDLE;
    PortIdentifier : PULONG;
    ReplyMessage : PPORT_MESSAGE;
    Message : PPORT_MESSAGE
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwReplyWaitReceivePort(PortHandle: HANDLE; PortIdentifier: PULONG; ReplyMessage: PPORT_MESSAGE; Message: PPORT_MESSAGE): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: W2K, WXP, 2K3
function  NtReplyWaitReceivePortEx(
    PortHandle : HANDLE;
    PortIdentifier : PULONG;
    ReplyMessage : PPORT_MESSAGE;
    Message : PPORT_MESSAGE;
    Timeout : PLARGE_INTEGER
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwReplyWaitReceivePortEx(PortHandle: HANDLE; PortIdentifier: PULONG; ReplyMessage: PPORT_MESSAGE; Message: PPORT_MESSAGE; Timeout: PLARGE_INTEGER): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtReplyWaitReplyPort(
    PortHandle : HANDLE;
    ReplyMessage : PPORT_MESSAGE
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwReplyWaitReplyPort(PortHandle: HANDLE; ReplyMessage: PPORT_MESSAGE): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Returns STATUS_NOT_IMPLEMENTED. Only MS knows the intention behind this.
//
// !!!DO NOT USE!!!
// Compatibility: NT4, W2K
function  NtReplyWaitSendChannel(
    x : PVOID;
    y : PVOID;
    z : PVOID
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwReplyWaitSendChannel(x: PVOID; y: PVOID; z: PVOID): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: W2K, WXP, 2K3
function  NtRequestDeviceWakeup(
    DeviceHandle : HANDLE
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwRequestDeviceWakeup(DeviceHandle: HANDLE): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtRequestPort(
    PortHandle : HANDLE;
    RequestMessage : PPORT_MESSAGE
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwRequestPort(PortHandle: HANDLE; RequestMessage: PPORT_MESSAGE): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtRequestWaitReplyPort(
    PortHandle : HANDLE;
    RequestMessage : PPORT_MESSAGE;
    ReplyMessage : PPORT_MESSAGE
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwRequestWaitReplyPort(PortHandle: HANDLE; RequestMessage: PPORT_MESSAGE; ReplyMessage: PPORT_MESSAGE): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: W2K, WXP, 2K3
function  NtRequestWakeupLatency(
    Latency : LATENCY_TIME
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwRequestWakeupLatency(Latency: LATENCY_TIME): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtResetEvent(
    EventHandle : HANDLE;
    PreviousState : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwResetEvent(EventHandle: HANDLE; PreviousState: PULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: W2K, WXP, 2K3
function  NtResetWriteWatch(
    ProcessHandle : HANDLE;
    BaseAddress : PVOID;
    RegionSize : ULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwResetWriteWatch(ProcessHandle: HANDLE; BaseAddress: PVOID; RegionSize: ULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtRestoreKey(
    KeyHandle : HANDLE;
    FileHandle : HANDLE;
    Flags : ULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwRestoreKey(KeyHandle: HANDLE; FileHandle: HANDLE; Flags: ULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: WXP, 2K3
function  NtResumeProcess(
    hProcess : HANDLE
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwResumeProcess(hProcess: HANDLE): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to ResumeThread() from Kernel32.dll. Refer
// to the PSDK for additional information. Usually the same flags apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtResumeThread(
    hThread : HANDLE;
    dwResumeCount : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwResumeThread(hThread: HANDLE; dwResumeCount: PULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Relates to RegSaveKey().
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtSaveKey(
    KeyHandle : HANDLE;
    FileHandle : HANDLE
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwSaveKey(KeyHandle: HANDLE; FileHandle: HANDLE): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Relates to RegSaveKeyEx().
// Compatibility: WXP, 2K3
function  NtSaveKeyEx(
    KeyHandle : HANDLE;
    FileHandle : HANDLE;
    Flags : DWORD
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwSaveKeyEx(KeyHandle: HANDLE; FileHandle: HANDLE; Flags: DWORD): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: W2K, WXP, 2K3
function  NtSaveMergedKeys(
    KeyHandle1 : HANDLE;
    KeyHandle2 : HANDLE;
    FileHandle : HANDLE
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwSaveMergedKeys(KeyHandle1: HANDLE; KeyHandle2: HANDLE; FileHandle: HANDLE): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: W2K, WXP, 2K3
function  NtSecureConnectPort(
    PortHandle : PHANDLE;
    PortName : PUNICODE_STRING;
    SecurityQos : PSECURITY_QUALITY_OF_SERVICE;
    WriteSection : PPORT_SECTION_WRITE;
    ServerSid : PSID;
    ReadSection : PPORT_SECTION_READ;
    MaxMessageSize : PULONG;
    ConnectData : PVOID;
    ConnectDataLength : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwSecureConnectPort(PortHandle: PHANDLE; PortName: PUNICODE_STRING; SecurityQos: PSECURITY_QUALITY_OF_SERVICE; WriteSection: PPORT_SECTION_WRITE; ServerSid: PSID; ReadSection: PPORT_SECTION_READ; MaxMessageSize: PULONG;
    ConnectData: PVOID; ConnectDataLength: PULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Returns STATUS_NOT_IMPLEMENTED. Only MS knows the intention behind this.
//
// !!!DO NOT USE!!!
// Compatibility: NT4, W2K
function  NtSendWaitReplyChannel(
    x : PVOID;
    y : PVOID;
    z : PVOID;
    z2 : PVOID
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwSendWaitReplyChannel(x: PVOID; y: PVOID; z: PVOID; z2: PVOID): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Returns STATUS_NOT_IMPLEMENTED. Only MS knows the intention behind this.
//
// !!!DO NOT USE!!!
// Compatibility: NT4, W2K
function  NtSetContextChannel(
    x : PVOID
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwSetContextChannel(x: PVOID): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtSetContextThread(
    ThreadHandle : HANDLE;
    Context : PCONTEXT
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwSetContextThread(ThreadHandle: HANDLE; Context: PCONTEXT): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtSetDefaultHardErrorPort(
    PortHandle : HANDLE
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwSetDefaultHardErrorPort(PortHandle: HANDLE): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtSetDefaultLocale(
    ThreadOrSystem : BOOLEAN;
    Locale : LCID
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwSetDefaultLocale(ThreadOrSystem: BOOLEAN; Locale: LCID): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: W2K, WXP, 2K3
function  NtSetDefaultUILanguage(
    LanguageId : LANGID
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwSetDefaultUILanguage(LanguageId: LANGID): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtSetEaFile(
    FileHandle : HANDLE;
    IoStatusBlock : PIO_STATUS_BLOCK;
    Buffer : PFILE_FULL_EA_INFORMATION;
    BufferLength : ULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwSetEaFile(FileHandle: HANDLE; IoStatusBlock: PIO_STATUS_BLOCK; Buffer: PFILE_FULL_EA_INFORMATION; BufferLength: ULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtSetEvent(
    EventHandle : HANDLE;
    PreviousState : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwSetEvent(EventHandle: HANDLE; PreviousState: PULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtSetHighEventPair(
    EventPairHandle : HANDLE
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwSetHighEventPair(EventPairHandle: HANDLE): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtSetHighWaitLowEventPair(
    EventPairHandle : HANDLE
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwSetHighWaitLowEventPair(EventPairHandle: HANDLE): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4
function  NtSetHighWaitLowThread(): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwSetHighWaitLowThread(): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK as ZwSetInformationFile().
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtSetInformationFile(
    FileHandle : HANDLE;
    IoStatusBlock : PIO_STATUS_BLOCK;
    FileInformation : PVOID;
    FileInformationLength : ULONG;
    FileInformationClass : FILE_INFORMATION_CLASS
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwSetInformationFile(FileHandle: HANDLE; IoStatusBlock: PIO_STATUS_BLOCK; FileInformation: PVOID; FileInformationLength: ULONG; FileInformationClass: FILE_INFORMATION_CLASS): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;
   {$ENDIF}

// Compatibility: W2K, WXP, 2K3
function  NtSetInformationJobObject(
    JobHandle : HANDLE;
    JobInformationClass : JOBOBJECTINFOCLASS;
    JobInformation : PVOID;
    JobInformationLength : ULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwSetInformationJobObject(JobHandle: HANDLE; JobInformationClass: JOBOBJECTINFOCLASS; JobInformation: PVOID; JobInformationLength: ULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtSetInformationKey(
    KeyHandle : HANDLE;
    KeyInformationClass : KEY_SET_INFORMATION_CLASS;
    KeyInformation : PVOID;
    KeyInformationLength : ULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwSetInformationKey(KeyHandle: HANDLE; KeyInformationClass: KEY_SET_INFORMATION_CLASS; KeyInformation: PVOID; KeyInformationLength: ULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtSetInformationObject(
    ObjectHandle : HANDLE;
    ObjectInformationClass : OBJECT_INFORMATION_CLASS;
    ObjectInformation : PVOID;
    ObjectInformationLength : ULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwSetInformationObject(ObjectHandle: HANDLE; ObjectInformationClass: OBJECT_INFORMATION_CLASS; ObjectInformation: PVOID; ObjectInformationLength: ULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtSetInformationProcess(
    ProcessHandle : HANDLE;
    ProcessInformationClass : PROCESSINFOCLASS;
    ProcessInformation : PVOID;
    ProcessInformationLength : ULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwSetInformationProcess(ProcessHandle: HANDLE; ProcessInformationClass: PROCESSINFOCLASS; ProcessInformation: PVOID; ProcessInformationLength: ULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK as ZwSetInformationThread().
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtSetInformationThread(
    ThreadHandle : HANDLE;
    ThreadInformationClass : THREADINFOCLASS;
    ThreadInformation : PVOID;
    ThreadInformationLength : ULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwSetInformationThread(ThreadHandle: HANDLE; ThreadInformationClass: THREADINFOCLASS; ThreadInformation: PVOID; ThreadInformationLength: ULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtSetInformationToken(
    TokenHandle : HANDLE;
    TokenInformationClass : TOKEN_INFORMATION_CLASS;
    TokenInformation : PVOID;
    TokenInformationLength : ULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwSetInformationToken(TokenHandle: HANDLE; TokenInformationClass: TOKEN_INFORMATION_CLASS; TokenInformation: PVOID; TokenInformationLength: ULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtSetIntervalProfile(
    Interval : ULONG;
    Source : KPROFILE_SOURCE
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwSetIntervalProfile(Interval: ULONG; Source: KPROFILE_SOURCE): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtSetIoCompletion(
    IoCompletionHandle : HANDLE;
    CompletionKey : ULONG;
    CompletionValue : ULONG;
    Status : NTSTATUS;
    Information : ULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwSetIoCompletion(IoCompletionHandle: HANDLE; CompletionKey: ULONG; CompletionValue: ULONG; Status: NTSTATUS; Information: ULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtSetLdtEntries(
    Selector1 : ULONG;
    LdtEntry1 : LDT_ENTRY;
    Selector2 : ULONG;
    LdtEntry2 : LDT_ENTRY
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwSetLdtEntries(Selector1: ULONG; LdtEntry1: LDT_ENTRY; Selector2: ULONG; LdtEntry2: LDT_ENTRY): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtSetLowEventPair(
    EventPairHandle : HANDLE
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwSetLowEventPair(EventPairHandle: HANDLE): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtSetLowWaitHighEventPair(
    EventPairHandle : HANDLE
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwSetLowWaitHighEventPair(EventPairHandle: HANDLE): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4
function  NtSetLowWaitHighThread(): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwSetLowWaitHighThread(): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: W2K, WXP, 2K3
function  NtSetQuotaInformationFile(
    FileHandle : HANDLE;
    IoStatusBlock : PIO_STATUS_BLOCK;
    Buffer : PFILE_USER_QUOTA_INFORMATION;
    BufferLength : ULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwSetQuotaInformationFile(FileHandle: HANDLE; IoStatusBlock: PIO_STATUS_BLOCK; Buffer: PFILE_USER_QUOTA_INFORMATION; BufferLength: ULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtSetSecurityObject(
    Handle : HANDLE;
    SecurityInformation : SECURITY_INFORMATION;
    SecurityDescriptor : PSECURITY_DESCRIPTOR
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwSetSecurityObject(Handle: HANDLE; SecurityInformation: SECURITY_INFORMATION; SecurityDescriptor: PSECURITY_DESCRIPTOR): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtSetSystemEnvironmentValue(
    Name : PUNICODE_STRING;
    Value : PUNICODE_STRING
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwSetSystemEnvironmentValue(Name: PUNICODE_STRING; Value: PUNICODE_STRING): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtSetSystemInformation(
    SystemInformationClass : SYSTEM_INFORMATION_CLASS;
    SystemInformation : PVOID;
    SystemInformationLength : ULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwSetSystemInformation(SystemInformationClass: SYSTEM_INFORMATION_CLASS; SystemInformation: PVOID; SystemInformationLength: ULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtSetSystemPowerState(
    SystemAction : POWER_ACTION;
    MinSystemState : SYSTEM_POWER_STATE;
    Flags : ULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwSetSystemPowerState(SystemAction: POWER_ACTION; MinSystemState: SYSTEM_POWER_STATE; Flags: ULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtSetSystemTime(
    NewTime : PLARGE_INTEGER;
    OldTime : PLARGE_INTEGER
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwSetSystemTime(NewTime: PLARGE_INTEGER; OldTime: PLARGE_INTEGER): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: W2K, WXP, 2K3
function  NtSetThreadExecutionState(
    ExecutionState : EXECUTION_STATE;
    PreviousExecutionState : PEXECUTION_STATE
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwSetThreadExecutionState(ExecutionState: EXECUTION_STATE; PreviousExecutionState: PEXECUTION_STATE): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtSetTimer(
    TimerHandle : HANDLE;
    DueTime : PLARGE_INTEGER;
    TimerApcRoutine : PTIMER_APC_ROUTINE;
    TimerContext : PVOID;
    Resume : BOOLEAN;
    Period : LONG;
    PreviousState : PBOOLEAN
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwSetTimer(TimerHandle: HANDLE; DueTime: PLARGE_INTEGER; TimerApcRoutine: PTIMER_APC_ROUTINE; TimerContext: PVOID; Resume: BOOLEAN; Period: LONG; PreviousState: PBOOLEAN): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtSetTimerResolution(
    RequestedResolution : ULONG;
    Set_ : BOOLEAN;
    ActualResolution : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwSetTimerResolution(RequestedResolution: ULONG; Set_: BOOLEAN; ActualResolution: PULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: W2K, WXP, 2K3
function  NtSetUuidSeed(
    UuidSeed : PUCHAR
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwSetUuidSeed(UuidSeed: PUCHAR): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK as ZwSetValueKey().
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtSetValueKey(
    KeyHandle : HANDLE;
    ValueName : PUNICODE_STRING;
    TitleIndex : ULONG;
    Type_ : ULONG;
    Data : PVOID;
    DataSize : ULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwSetValueKey(KeyHandle: HANDLE; ValueName: PUNICODE_STRING; TitleIndex: ULONG; Type_: ULONG; Data: PVOID; DataSize: ULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtSetVolumeInformationFile(
    FileHandle : HANDLE;
    IoStatusBlock : PIO_STATUS_BLOCK;
    Buffer : PVOID;
    BufferLength : ULONG;
    VolumeInformationClass : FS_INFORMATION_CLASS
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwSetVolumeInformationFile(FileHandle: HANDLE; IoStatusBlock: PIO_STATUS_BLOCK; Buffer: PVOID; BufferLength: ULONG; VolumeInformationClass: FS_INFORMATION_CLASS): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtShutdownSystem(
    Action : SHUTDOWN_ACTION
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwShutdownSystem(Action: SHUTDOWN_ACTION): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT4, W2K, WXP, 2K3
function  NtSignalAndWaitForSingleObject(
    HandleToSignal : HANDLE;
    HandleToWait : HANDLE;
    Alertable : BOOLEAN;
    Timeout : PLARGE_INTEGER
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwSignalAndWaitForSingleObject(HandleToSignal: HANDLE; HandleToWait: HANDLE; Alertable: BOOLEAN; Timeout: PLARGE_INTEGER): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtStartProfile(
    ProfileHandle : HANDLE
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwStartProfile(ProfileHandle: HANDLE): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtStopProfile(
    ProfileHandle : HANDLE
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwStopProfile(ProfileHandle: HANDLE): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: WXP, 2K3
function  NtSuspendProcess(
    hProcess : HANDLE
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwSuspendProcess(hProcess: HANDLE): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to SuspendThread() from Kernel32.dll.
// Refer to the PSDK for additional information. Usually the same flags
// apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtSuspendThread(
    hThread : HANDLE;
    dwLastResumeCount : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwSuspendThread(hThread: HANDLE; dwLastResumeCount: PULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtSystemDebugControl(
    ControlCode : DEBUG_CONTROL_CODE;
    InputBuffer : PVOID;
    InputBufferLength : ULONG;
    OutputBuffer : PVOID;
    OutputBufferLength : ULONG;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwSystemDebugControl(ControlCode: DEBUG_CONTROL_CODE; InputBuffer: PVOID; InputBufferLength: ULONG; OutputBuffer: PVOID; OutputBufferLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: W2K, WXP, 2K3
function  NtTerminateJobObject(
    JobHandle : HANDLE;
    ExitStatus : NTSTATUS
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwTerminateJobObject(JobHandle: HANDLE; ExitStatus: NTSTATUS): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtTerminateProcess(
    ProcessHandle : HANDLE;
    ExitStatus : NTSTATUS
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwTerminateProcess(ProcessHandle: HANDLE; ExitStatus: NTSTATUS): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtTerminateThread(
    ThreadHandle : HANDLE;
    ExitStatus : NTSTATUS
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwTerminateThread(ThreadHandle: HANDLE; ExitStatus: NTSTATUS): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtTestAlert(): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwTestAlert(): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtUnloadDriver(
    DriverServiceName : PUNICODE_STRING
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwUnloadDriver(DriverServiceName: PUNICODE_STRING): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtUnloadKey(
    KeyObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwUnloadKey(KeyObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtUnlockFile(
    FileHandle : HANDLE;
    IoStatusBlock : PIO_STATUS_BLOCK;
    LockOffset : PULARGE_INTEGER;
    LockLength : PULARGE_INTEGER;
    Key : ULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwUnlockFile(FileHandle: HANDLE; IoStatusBlock: PIO_STATUS_BLOCK; LockOffset: PULARGE_INTEGER; LockLength: PULARGE_INTEGER; Key: ULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtUnlockVirtualMemory(
    ProcessHandle : HANDLE;
    BaseAddress : PPVOID;
    LockSize : PULONG;
    LockType : ULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwUnlockVirtualMemory(ProcessHandle: HANDLE; BaseAddress: PPVOID; LockSize: PULONG; LockType: ULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK as ZwUnmapViewOfSection().
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtUnmapViewOfSection(
    ProcessHandle : HANDLE;
    BaseAddress : PVOID
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwUnmapViewOfSection(ProcessHandle: HANDLE; BaseAddress: PVOID): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtVdmControl(
    ControlCode : ULONG;
    ControlData : PVOID
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwVdmControl(ControlCode: ULONG; ControlData: PVOID): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3
function  NtW32Call(
    RoutineIndex : ULONG;
    Argument : PVOID;
    ArgumentLength : ULONG;
    Result_ : PPVOID;
    ResultLength : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwW32Call(RoutineIndex: ULONG; Argument: PVOID; ArgumentLength: ULONG; Result_: PPVOID; ResultLength: PULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtWaitForMultipleObjects(
    HandleCount : ULONG;
    Handles : PHANDLE;
    WaitType : WAIT_TYPE;
    Alertable : BOOLEAN;
    Timeout : PLARGE_INTEGER
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwWaitForMultipleObjects(HandleCount: ULONG; Handles: PHANDLE; WaitType: WAIT_TYPE; Alertable: BOOLEAN; Timeout: PLARGE_INTEGER): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtWaitForSingleObject(
    Handle : HANDLE;
    Alertable : BOOLEAN;
    Timeout : PLARGE_INTEGER
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwWaitForSingleObject(Handle: HANDLE; Alertable: BOOLEAN; Timeout: PLARGE_INTEGER): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtWaitHighEventPair(
    EventPairHandle : HANDLE
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwWaitHighEventPair(EventPairHandle: HANDLE): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtWaitLowEventPair(
    EventPairHandle : HANDLE
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwWaitLowEventPair(EventPairHandle: HANDLE): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK as ZwWriteFile().
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtWriteFile(
    FileHandle : HANDLE;
    Event : HANDLE;
    ApcRoutine : PIO_APC_ROUTINE;
    ApcContext : PVOID;
    IoStatusBlock : PIO_STATUS_BLOCK;
    Buffer : PVOID;
    Length : ULONG;
    ByteOffset : PLARGE_INTEGER;
    Key : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwWriteFile(FileHandle: HANDLE; Event: HANDLE; ApcRoutine: PIO_APC_ROUTINE; ApcContext: PVOID; IoStatusBlock: PIO_STATUS_BLOCK; Buffer: PVOID; Length: ULONG; ByteOffset: PLARGE_INTEGER; Key: PULONG): NTSTATUS; stdcall;
    {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT4, W2K, WXP, 2K3
function  NtWriteFileGather(
    FileHandle : HANDLE;
    Event : HANDLE;
    ApcRoutine : PIO_APC_ROUTINE;
    ApcContext : PVOID;
    IoStatusBlock : PIO_STATUS_BLOCK;
    Buffer : PFILE_SEGMENT_ELEMENT;
    Length : ULONG;
    ByteOffset : PLARGE_INTEGER;
    Key : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwWriteFileGather(FileHandle: HANDLE; Event: HANDLE; ApcRoutine: PIO_APC_ROUTINE; ApcContext: PVOID; IoStatusBlock: PIO_STATUS_BLOCK; Buffer: PFILE_SEGMENT_ELEMENT; Length: ULONG; ByteOffset: PLARGE_INTEGER;
    Key: PULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtWriteRequestData(
    PortHandle : HANDLE;
    Message : PPORT_MESSAGE;
    Index : ULONG;
    Buffer : PVOID;
    BufferLength : ULONG;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwWriteRequestData(PortHandle: HANDLE; Message: PPORT_MESSAGE; Index: ULONG; Buffer: PVOID; BufferLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  NtWriteVirtualMemory(
    ProcessHandle : HANDLE;
    BaseAddress : PVOID;
    Buffer : PVOID;
    BufferLength : ULONG;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwWriteVirtualMemory(ProcessHandle: HANDLE; BaseAddress: PVOID; Buffer: PVOID; BufferLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT4, W2K, WXP, 2K3
function  NtYieldExecution(): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}
function  ZwYieldExecution(): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to MakeSelfRelativeSD() from Advapi32.dll.
// Refer to the PSDK for additional information. Usually the same flags
// apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlAbsoluteToSelfRelativeSD(
    pAbsoluteSD : PSECURITY_DESCRIPTOR;
    pSelfRelativeSD : PSECURITY_DESCRIPTOR;
    lpdwBufferLength : LPDWORD
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
procedure RtlAcquirePebLock(); stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to AddAccessAllowedAce() from
// Advapi32.dll. Refer to the PSDK for additional information. Usually the
// same flags apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlAddAccessAllowedAce(
    pAcl : PACL;
    dwAceRevision : DWORD;
    AccessMask : ACCESS_MASK;
    pSid : PSID
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to AddAccessAllowedAceEx() from
// Advapi32.dll. Refer to the PSDK for additional information. Usually the
// same flags apply.
// Compatibility: W2K, WXP, 2K3
function  RtlAddAccessAllowedAceEx(
    pAcl : PACL;
    dwAceRevision : DWORD;
    AceFlags : DWORD;
    AccessMask : ACCESS_MASK;
    pSid : PSID
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to AddAccessDeniedAce() from Advapi32.dll.
// Refer to the PSDK for additional information. Usually the same flags
// apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlAddAccessDeniedAce(
    pAcl : PACL;
    dwAceRevision : DWORD;
    AccessMask : ACCESS_MASK;
    pSid : PSID
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to AddAccessDeniedAceEx() from
// Advapi32.dll. Refer to the PSDK for additional information. Usually the
// same flags apply.
// Compatibility: W2K, WXP, 2K3
function  RtlAddAccessDeniedAceEx(
    pAcl : PACL;
    dwAceRevision : DWORD;
    AceFlags : DWORD;
    AccessMask : ACCESS_MASK;
    pSid : PSID
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to AddAce() from Advapi32.dll. Refer to
// the PSDK for additional information. Usually the same flags apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlAddAce(
    pAcl : PACL;
    dwAceRevision : DWORD;
    dwStartingAceIndex : DWORD;
    pAceList : PVOID;
    nAceListLength : DWORD
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to AddAuditAccessAce() from Advapi32.dll.
// Refer to the PSDK for additional information. Usually the same flags
// apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlAddAuditAccessAce(
    pAcl : PACL;
    dwAceRevision : DWORD;
    AccessMask : ACCESS_MASK;
    pSid : PSID;
    bAuditSuccess : BOOLEAN;
    bAuditFailure : BOOLEAN
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to AddAuditAccessAceEx() from
// Advapi32.dll. Refer to the PSDK for additional information. Usually the
// same flags apply.
// Compatibility: W2K, WXP, 2K3
function  RtlAddAuditAccessAceEx(
    pAcl : PACL;
    dwAceRevision : DWORD;
    AceFlags : DWORD;
    AccessMask : ACCESS_MASK;
    pSid : PSID;
    bAuditSuccess : BOOLEAN;
    bAuditFailure : BOOLEAN
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: W2K, WXP
function  RtlAddRange(
    RangeList : PRTL_RANGE_LIST;
    Start : ULONGLONG;
    End_ : ULONGLONG;
    Attributes : UCHAR;
    Flags : ULONG;
    UserData : PVOID;
    Owner : PVOID
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: WXP, 2K3
function  RtlAddVectoredExceptionHandler(
    FirstHandler : ULONG;
    VectoredHandler : PVECTORED_EXCEPTION_HANDLER
  ): PVOID; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlAdjustPrivilege(
    Privilege : ULONG;
    Enable : BOOLEAN;
    CurrentThread : BOOLEAN;
    Enabled : PBOOLEAN
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to AllocateAndInitializeSid() from
// Advapi32.dll. Refer to the PSDK for additional information. Usually the
// same flags apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlAllocateAndInitializeSid(
    pIdentifierAuthority : PSID_IDENTIFIER_AUTHORITY;
    SubAuthorityCount : BYTE;
    nSubAuthority0 : DWORD;
    nSubAuthority1 : DWORD;
    nSubAuthority2 : DWORD;
    nSubAuthority3 : DWORD;
    nSubAuthority4 : DWORD;
    nSubAuthority5 : DWORD;
    nSubAuthority6 : DWORD;
    nSubAuthority7 : DWORD;
    var pSid : PSID
  ): BOOL; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// The function HeapAlloc() from Kernel32.dll is an export forwarder to
// this function. This means you can refer to the documentation of
// HeapAlloc()!
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlAllocateHeap(
    hHeap : HANDLE;
    dwFlags : ULONG;
    Size : ULONG
  ): PVOID; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlAnsiCharToUnicodeChar(
    AnsiChar : CHAR
  ): WCHAR; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlAnsiStringToUnicodeSize(
    AnsiString : PANSI_STRING
  ): ULONG; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlAnsiStringToUnicodeString(
    DestinationString : PUNICODE_STRING;
    SourceString : PANSI_STRING;
    AllocateDestinationString : BOOLEAN
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlAppendAsciizToString(
    DestinationString : PSTRING;
    AppendThisString : LPCSTR
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlAppendStringToString(
    DestinationString : PSTRING;
    AppendThisString : PSTRING
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlAppendUnicodeStringToString(
    DestinationString : PUNICODE_STRING;
    SourceString : PUNICODE_STRING
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlAppendUnicodeToString(
    Destination : PUNICODE_STRING;
    Source : LPCWSTR
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to AreAllAccessesGranted() from
// Advapi32.dll. Refer to the PSDK for additional information. Usually the
// same flags apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlAreAllAccessesGranted(
    GrantedAccess : ACCESS_MASK;
    WantedAccess : ACCESS_MASK
  ): BOOLEAN; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to AreAnyAccessesGranted() from
// Advapi32.dll. Refer to the PSDK for additional information. Usually the
// same flags apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlAreAnyAccessesGranted(
    GrantedAccess : ACCESS_MASK;
    WantedAccess : ACCESS_MASK
  ): BOOLEAN; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlAreBitsClear(
    BitMapHeader : PRTL_BITMAP;
    StartingIndex : ULONG;
    Length : ULONG
  ): BOOLEAN; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlAreBitsSet(
    BitMapHeader : PRTL_BITMAP;
    StartingIndex : ULONG;
    Length : ULONG
  ): BOOLEAN; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Mentioned in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
procedure RtlAssert(
    FailedAssertion : PVOID;
    FileName : PVOID;
    LineNumber : ULONG;
    Message : PCHAR
  ); stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// The function RtlCaptureContext() from Kernel32.dll is an export
// forwarder to this function. This means you can refer to the
// documentation of RtlCaptureContext()!
// Compatibility: WXP, 2K3
procedure RtlCaptureContext(
    ContextRecord : PCONTEXT
  ); stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlCharToInteger(
    Str : PCSZ;
    Base : ULONG;
    Value : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Somehow internally used.
// Compatibility: W2K, WXP, 2K3
procedure RtlCheckForOrphanedCriticalSections(
    hThread : HANDLE
  ); stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlCheckRegistryKey(
    RelativeTo : ULONG;
    Path : PWSTR
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
procedure RtlClearAllBits(
    BitMapHeader : PRTL_BITMAP
  ); stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
procedure RtlClearBits(
    BitMapHeader : PRTL_BITMAP;
    StartingIndex : ULONG;
    NumberToClear : ULONG
  ); stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to HeapCompact() from Kernel32.dll. Refer
// to the PSDK for additional information. Usually the same flags apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlCompactHeap(
    hHeap : HANDLE;
    dwFlags : ULONG
  ): ULONG; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlCompareMemory(
    Source1 : PVOID;
    Source2 : PVOID;
    Length : SIZE_T
  ): SIZE_T; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlCompareMemoryUlong(
    Source : PVOID;
    Length : ULONG;
    Value : ULONG
  ): ULONG; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlCompareString(
    String1 : PSTRING;
    String2 : PSTRING;
    CaseInsensitive : BOOLEAN
  ): LONG; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlCompareUnicodeString(
    String1 : PUNICODE_STRING;
    String2 : PUNICODE_STRING;
    CaseInsensitive : BOOLEAN
  ): LONG; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlConvertLongToLargeInteger(
    SignedInteger : LONG
  ): LARGE_INTEGER; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to ConvertSidToStringSid() from
// Advapi32.dll. Refer to the PSDK for additional information. Usually the
// same flags apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlConvertSidToUnicodeString(
    UnicodeString : PUNICODE_STRING;
    Sid : PSID;
    AllocateDestinationString : BOOLEAN
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlConvertUlongToLargeInteger(
    UnsignedInteger : ULONG
  ): LARGE_INTEGER; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
procedure RtlCopyLuid(
    Destination : PLUID;
    Source : PLUID
  ); stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: W2K, WXP
function  RtlCopyRangeList(
    CopyRangeList : PRTL_RANGE_LIST;
    RangeList : PRTL_RANGE_LIST
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlCopySecurityDescriptor(
    Source : PSECURITY_DESCRIPTOR;
    var Destination : PSECURITY_DESCRIPTOR
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to CopySid() from Advapi32.dll. Refer to
// the PSDK for additional information. Usually the same flags apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlCopySid(
    DestinationLength : ULONG;
    Destination : PSID;
    Source : PSID
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
procedure RtlCopyString(
    DestinationString : PSTRING;
    SourceString : PSTRING
  ); stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
procedure RtlCopyUnicodeString(
    DestinationString : PUNICODE_STRING;
    SourceString : PUNICODE_STRING
  ); stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to InitializeAcl() from Advapi32.dll.
// Refer to the PSDK for additional information. Usually the same flags
// apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlCreateAcl(
    pAcl : PACL;
    nAclLength : DWORD;
    dwAclRevision : DWORD
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to HeapCreate() from Kernel32.dll. Refer
// to the PSDK for additional information. Usually the same flags apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlCreateHeap(
    dwOptions : ULONG;
    Base : PVOID;
    dwMaximumSize : SIZE_T;
    dwInitialSize : SIZE_T;
    UnknownOptional1 : PVOID;
    UnknownOptional2 : PVOID
  ): HANDLE; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlCreateProcessParameters(
    ProcessParameters : PPRTL_USER_PROCESS_PARAMETERS;
    ImageFile : PUNICODE_STRING;
    DllPath : PUNICODE_STRING;
    CurrentDirectory : PUNICODE_STRING;
    CommandLine : PUNICODE_STRING;
    CreationFlags : ULONG;
    WindowTitle : PUNICODE_STRING;
    Desktop : PUNICODE_STRING;
    Reserved : PUNICODE_STRING;
    Reserved2 : PUNICODE_STRING
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlCreateQueryDebugBuffer(
    Size : ULONG;
    EventPair : BOOLEAN
  ): PDEBUG_BUFFER; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlCreateRegistryKey(
    RelativeTo : ULONG;
    Path : PWSTR
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlCreateSecurityDescriptor(
    SecurityDescriptor : PSECURITY_DESCRIPTOR;
    Revision : ULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlCreateUnicodeString(
    DestinationString : PUNICODE_STRING;
    SourceString : PWSTR
  ): BOOLEAN; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlCreateUnicodeStringFromAsciiz(
    DestinationString : PUNICODE_STRING;
    SourceString : PCHAR
  ): BOOLEAN; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlCreateUserProcess(
    ImageFileName : PUNICODE_STRING;
    Attributes : ULONG;
    ProcessParameters : PRTL_USER_PROCESS_PARAMETERS;
    ProcessSecurityDescriptor : PSECURITY_DESCRIPTOR;
    ThreadSecurityDescriptor : PSECURITY_DESCRIPTOR;
    ParentProcess : HANDLE;
    InheritHandles : BOOLEAN;
    DebugPort : HANDLE;
    ExceptionPort : HANDLE;
    ProcessInfo : PRTL_PROCESS_INFORMATION
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlCreateUserThread(
    hProcess : HANDLE;
    SecurityDescriptor : PSECURITY_DESCRIPTOR;
    CreateSuspended : BOOLEAN;
    StackZeroBits : ULONG;
    StackReserve : ULONG;
    StackCommit : ULONG;
    lpStartAddress : PTHREAD_START_ROUTINE;
    lpParameter : PVOID;
    phThread : PHANDLE;
    ClientId : PCLIENT_ID
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// #->REVIEW LAST PARAMETER
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlCutoverTimeToSystemTime(
    TargetTimeFields : PTIME_FIELDS;
    Time : PLARGE_INTEGER;
    CurrentTime : PLARGE_INTEGER;
    bUnknown : BOOLEAN
  ): BOOLEAN; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to DeleteAce() from Advapi32.dll. Refer to
// the PSDK for additional information. Usually the same flags apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlDeleteAce(
    pAcl : PACL;
    dwAceIndex : DWORD
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// The function DeleteCriticalSection() from Kernel32.dll is an export
// forwarder to this function. This means you can refer to the
// documentation of DeleteCriticalSection()!
// Compatibility: NT3, NT4, W2K, WXP, 2K3
procedure RtlDeleteCriticalSection(
    lpCriticalSection : PRTL_CRITICAL_SECTION
  ); stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: W2K, WXP
function  RtlDeleteOwnersRanges(
    RangeList : PRTL_RANGE_LIST;
    Owner : PVOID
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: W2K, WXP
function  RtlDeleteRange(
    RangeList : PRTL_RANGE_LIST;
    Start : ULONGLONG;
    End_ : ULONGLONG;
    Owner : PVOID
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlDeleteRegistryValue(
    RelativeTo : ULONG;
    Path : LPCWSTR;
    ValueName : LPCWSTR
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlDeNormalizeProcessParams(
    ProcessParameters : PRTL_USER_PROCESS_PARAMETERS
  ): PRTL_USER_PROCESS_PARAMETERS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to HeapDestroy() from Kernel32.dll. Refer
// to the PSDK for additional information. Usually the same flags apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlDestroyHeap(
    HeapHandle : HANDLE
  ): HANDLE; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlDestroyProcessParameters(
    ProcessParameters : PRTL_USER_PROCESS_PARAMETERS
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlDestroyQueryDebugBuffer(
    DebugBuffer : PDEBUG_BUFFER
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlDetermineDosPathNameType_U(
    wcsPathNameType : PWSTR
  ): ULONG; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: W2K, WXP, 2K3
function  RtlDnsHostNameToComputerName(
    ComputerName : PUNICODE_STRING;
    DnsName : PUNICODE_STRING;
    AllocateComputerNameString : BOOLEAN
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlDoesFileExists_U(
    FileName : PWSTR
  ): BOOLEAN; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlDosPathNameToNtPathName_U(
    DosName : PWSTR;
    var NtName : UNICODE_STRING;
    DosFilePath : PPWSTR;
    NtFilePath : PUNICODE_STRING
  ): BOOLEAN; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlDosSearchPath_U(
    SearchPath : PWSTR;
    Name : PWSTR;
    Ext : PWSTR;
    cbBuf : ULONG;
    Buffer : PWSTR;
    var Shortname : PWSTR
  ): ULONG; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: WXP, 2K3
function  RtlDowncaseUnicodeChar(
    Source : WCHAR
  ): WCHAR; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT4, W2K, WXP, 2K3
function  RtlDowncaseUnicodeString(
    DestinationString : PUNICODE_STRING;
    SourceString : PUNICODE_STRING;
    AllocateDestinationString : BOOLEAN
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// #->REVIEW First parameter must be 0..3, but details have to be
// investigated!!!
// Compatibility: WXP, 2K3
function  RtlDuplicateUnicodeString(
    AddTerminatingZero : ULONG;
    Source : PUNICODE_STRING;
    Destination : PUNICODE_STRING
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: W2K, WXP, 2K3
procedure RtlEnableEarlyCriticalSectionEventCreation(); stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlEnlargedIntegerMultiply(
    Multiplicand : LONG;
    Multiplier : LONG
  ): LARGE_INTEGER; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlEnlargedUnsignedDivide(
    Dividend : ULARGE_INTEGER;
    Divisor : ULONG;
    Remainder : PULONG
  ): ULONG; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlEnlargedUnsignedMultiply(
    Multiplicand : ULONG;
    Multiplier : ULONG
  ): LARGE_INTEGER; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// The function EnterCriticalSection() from Kernel32.dll is an export
// forwarder to this function. This means you can refer to the
// documentation of EnterCriticalSection()!
// Compatibility: NT3, NT4, W2K, WXP, 2K3
procedure RtlEnterCriticalSection(
    lpCriticalSection : PRTL_CRITICAL_SECTION
  ); stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlEqualComputerName(
    String1 : PUNICODE_STRING;
    String2 : PUNICODE_STRING
  ): BOOLEAN; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlEqualDomainName(
    String1 : PUNICODE_STRING;
    String2 : PUNICODE_STRING
  ): BOOLEAN; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlEqualLuid(
    Luid1 : PLUID;
    Luid2 : PLUID
  ): BOOLEAN; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to EqualPrefixSid() from Advapi32.dll.
// Refer to the PSDK for additional information. Usually the same flags
// apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlEqualPrefixSid(
    pSid1 : PSID;
    pSid2 : PSID
  ): BOOLEAN; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to EqualSid() from Advapi32.dll. Refer to
// the PSDK for additional information. Usually the same flags apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlEqualSid(
    pSid1 : PSID;
    pSid2 : PSID
  ): BOOLEAN; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlEqualString(
    String1 : PSTRING;
    String2 : PSTRING;
    CaseInsensitive : BOOLEAN
  ): BOOLEAN; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlEqualUnicodeString(
    String1 : PUNICODE_STRING;
    String2 : PUNICODE_STRING;
    CaseInsensitive : BOOLEAN
  ): BOOLEAN; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
procedure RtlEraseUnicodeString(
    Str : PUNICODE_STRING
  ); stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlExpandEnvironmentStrings_U(
    Environment : PVOID;
    Source : PUNICODE_STRING;
    Destination : PUNICODE_STRING;
    ReturnedLength : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlExtendedIntegerMultiply(
    Multiplicand : LARGE_INTEGER;
    Multiplier : LONG
  ): LARGE_INTEGER; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlExtendedLargeIntegerDivide(
    Dividend : LARGE_INTEGER;
    Divisor : ULONG;
    Remainder : PULONG
  ): LARGE_INTEGER; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlExtendedMagicDivide(
    Dividend : LARGE_INTEGER;
    MagicDivisor : LARGE_INTEGER;
    ShiftCount : CCHAR
  ): LARGE_INTEGER; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// The function RtlFillMemory() from Kernel32.dll is an export forwarder to
// this function. This means you can refer to the documentation of
// RtlFillMemory()!
// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
procedure RtlFillMemory(
    Destination : PVOID;
    Length : SIZE_T;
    Fill : UCHAR
  ); stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
procedure RtlFillMemoryUlong(
    Destination : PVOID;
    Length : ULONG;
    Fill : ULONG
  ); stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Finds characters out of the set contained in CharactersToFind inside
// UnicodeString - description of flags will follow. Only the lower 3 bits
// are valid!!!
// Compatibility: WXP, 2K3
function  RtlFindCharInUnicodeString(
    dwFlags : ULONG;
    UnicodeString : PUNICODE_STRING;
    CharactersToFind : PUNICODE_STRING;
    Positions : PUSHORT
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlFindClearBits(
    BitMapHeader : PRTL_BITMAP;
    NumberToFind : ULONG;
    HintIndex : ULONG
  ): ULONG; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlFindClearBitsAndSet(
    BitMapHeader : PRTL_BITMAP;
    NumberToFind : ULONG;
    HintIndex : ULONG
  ): ULONG; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: W2K, WXP, 2K3
function  RtlFindLastBackwardRunClear(
    BitMapHeader : PRTL_BITMAP;
    FromIndex : ULONG;
    StartingRunIndex : PULONG
  ): ULONG; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: W2K, WXP, 2K3
function  RtlFindLeastSignificantBit(
    Set_ : ULONGLONG
  ): CCHAR; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlFindLongestRunClear(
    BitMapHeader : PRTL_BITMAP;
    StartingIndex : PULONG
  ): ULONG; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: W2K, WXP, 2K3
function  RtlFindMostSignificantBit(
    Set_ : ULONGLONG
  ): CCHAR; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: W2K, WXP, 2K3
function  RtlFindNextForwardRunClear(
    BitMapHeader : PRTL_BITMAP;
    FromIndex : ULONG;
    StartingRunIndex : PULONG
  ): ULONG; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: W2K, WXP
function  RtlFindRange(
    RangeList : PRTL_RANGE_LIST;
    Minimum : ULONGLONG;
    Maximum : ULONGLONG;
    Length : ULONG;
    Alignment : ULONG;
    Flags : ULONG;
    AttributeAvailableMask : UCHAR;
    Context : PVOID;
    Callback : PRTL_CONFLICT_RANGE_CALLBACK;
    Start : PULONGLONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlFindSetBits(
    BitMapHeader : PRTL_BITMAP;
    NumberToFind : ULONG;
    HintIndex : ULONG
  ): ULONG; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlFindSetBitsAndClear(
    BitMapHeader : PRTL_BITMAP;
    NumberToFind : ULONG;
    HintIndex : ULONG
  ): ULONG; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to FindFirstFreeAce() from Advapi32.dll.
// Refer to the PSDK for additional information. Usually the same flags
// apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlFirstFreeAce(
    pAcl : PACL;
    var pAce : PVOID
  ): BOOLEAN; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlFormatCurrentUserKeyPath(
    CurrentUserKeyPath : PUNICODE_STRING
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
procedure RtlFreeAnsiString(
    AnsiString : PANSI_STRING
  ); stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// The function HeapFree() from Kernel32.dll is an export forwarder to this
// function. This means you can refer to the documentation of HeapFree()!
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlFreeHeap(
    hHeap : HANDLE;
    dwFlags : ULONG;
    MemoryPointer : PVOID
  ): BOOLEAN; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
procedure RtlFreeOemString(
    OemString : POEM_STRING
  ); stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: W2K, WXP
procedure RtlFreeRangeList(
    RangeList : PRTL_RANGE_LIST
  ); stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to FreeSid() from Advapi32.dll. Refer to
// the PSDK for additional information. Usually the same flags apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlFreeSid(
    pSid : PSID
  ): PVOID; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
procedure RtlFreeUnicodeString(
    UnicodeString : PUNICODE_STRING
  ); stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to GetAce() from Advapi32.dll. Refer to
// the PSDK for additional information. Usually the same flags apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlGetAce(
    pAcl : PACL;
    dwAceIndex : DWORD;
    var pAce : PVOID
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Mentioned in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
procedure RtlGetCallersAddress(
    CallersAddress : PPVOID;
    CallersCaller : PPVOID
  ); stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to GetSecurityDescriptorControl() from
// Advapi32.dll. Refer to the PSDK for additional information. Usually the
// same flags apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlGetControlSecurityDescriptor(
    pSecurityDescriptor : PSECURITY_DESCRIPTOR;
    var Control : SECURITY_DESCRIPTOR_CONTROL;
    var dwRevision : DWORD
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlGetCurrentDirectory_U(
    MaximumLength : ULONG;
    Buffer : PWSTR
  ): ULONG; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: WXP, 2K3
function  RtlGetCurrentPeb(): PPEB; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to GetSecurityDescriptorDacl() from
// Advapi32.dll. Refer to the PSDK for additional information. Usually the
// same flags apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlGetDaclSecurityDescriptor(
    pSecurityDescriptor : PSECURITY_DESCRIPTOR;
    var bDaclPresent : BOOLEAN;
    var Dacl : PACL;
    var bDaclDefaulted : BOOLEAN
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: W2K, WXP
function  RtlGetFirstRange(
    RangeList : PRTL_RANGE_LIST;
    Iterator : PRTL_RANGE_LIST_ITERATOR;
    var Range : PRTL_RANGE
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlGetFullPathName_U(
    DosName : PWSTR;
    Size : ULONG;
    Buf : PWSTR;
    var Shortname : PWSTR
  ): ULONG; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to GetSecurityDescriptorGroup() from
// Advapi32.dll. Refer to the PSDK for additional information. Usually the
// same flags apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlGetGroupSecurityDescriptor(
    pSecurityDescriptor : PSECURITY_DESCRIPTOR;
    var pGroup : PSID;
    var bGroupDefaulted : BOOLEAN
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: WXP, 2K3
function  RtlGetLastNtStatus(): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlGetLongestNtPathLength(): ULONG; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: W2K, WXP
function  RtlGetNextRange(
    Iterator : PRTL_RANGE_LIST_ITERATOR;
    var Range : PRTL_RANGE;
    MoveForwards : BOOLEAN
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlGetNtGlobalFlags(): ULONG; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlGetNtProductType(
    var ProductType : ULONG
  ): BOOLEAN; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// #->REVIEW LAST PARAMETER
// Compatibility: WXP, 2K3
procedure RtlGetNtVersionNumbers(
    var dwMajorVersion : ULONG;
    var dwMinorVersion : ULONG;
    UnknownCanBeNull : PDWORD
  ); stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to GetSecurityDescriptorOwner() from
// Advapi32.dll. Refer to the PSDK for additional information. Usually the
// same flags apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlGetOwnerSecurityDescriptor(
    pSecurityDescriptor : PSECURITY_DESCRIPTOR;
    var pOwner : PSID;
    var OwnerDefaulted : BOOLEAN
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to GetProcessHeaps() from Kernel32.dll.
// Refer to the PSDK for additional information. Usually the same flags
// apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlGetProcessHeaps(
    ArraySize : ULONG;
    HeapArray : PHANDLE
  ): ULONG; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to GetSecurityDescriptorSacl() from
// Advapi32.dll. Refer to the PSDK for additional information. Usually the
// same flags apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlGetSaclSecurityDescriptor(
    pSecurityDescriptor : PSECURITY_DESCRIPTOR;
    var bSaclPresent : BOOLEAN;
    var Sacl : PACL;
    var bSaclDefaulted : BOOLEAN
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to GetVersionEx() from Kernel32.dll. Refer
// to the PSDK for additional information. Usually the same flags apply.
// Documented in the DDK.
// Compatibility: W2K, WXP, 2K3
function  RtlGetVersion(
    lpVersionInformation : PRTL_OSVERSIONINFOW
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: W2K, WXP, 2K3
function  RtlGUIDFromString(
    GuidString : PUNICODE_STRING;
    Guid : LPGUID
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to GetSidIdentifierAuthority() from
// Advapi32.dll. Refer to the PSDK for additional information. Usually the
// same flags apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlIdentifierAuthoritySid(
    Sid : PSID
  ): PSID_IDENTIFIER_AUTHORITY; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to ImageDirectoryEntryToData() from
// Dbghelp.dll. Refer to the PSDK for additional information. Usually the
// same flags apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlImageDirectoryEntryToData(
    ImageBase : HMODULE;
    MappedAsImage : BOOLEAN;
    DirectoryEntry : USHORT;
    Size : PULONG
  ): PVOID; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to ImageNtHeader() from Dbghelp.dll. Refer
// to the PSDK for additional information. Usually the same flags apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlImageNtHeader(
    ImageBase : HMODULE
  ): PIMAGE_NT_HEADERS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to ImageNtHeader() from Dbghelp.dll. Refer
// to the PSDK for additional information. Usually the same flags apply.
// With dwFlags equal 1 it shows the same behavior as RtlImageNtHeader()
// Compatibility: 2K3
function  RtlImageNtHeaderEx(
    dwFlags : DWORD;
    ImageBase : HMODULE
  ): PIMAGE_NT_HEADERS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to ImageRvaToSection() from Dbghelp.dll.
// Refer to the PSDK for additional information. Usually the same flags
// apply.
// Compatibility: NT4, W2K, WXP, 2K3
function  RtlImageRvaToSection(
    NtHeaders : PIMAGE_NT_HEADERS;
    ImageBase : HMODULE;
    Rva : ULONG
  ): PIMAGE_SECTION_HEADER; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to ImageRvaToVa() from Dbghelp.dll. Refer
// to the PSDK for additional information. Usually the same flags apply.
// Compatibility: NT4, W2K, WXP, 2K3
function  RtlImageRvaToVa(
    NtHeaders : PIMAGE_NT_HEADERS;
    ImageBase : HMODULE;
    Rva : ULONG;
    var LastRvaSection : PIMAGE_SECTION_HEADER
  ): PVOID; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to ImpersonateSelf() from Advapi32.dll.
// Refer to the PSDK for additional information. Usually the same flags
// apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlImpersonateSelf(
    ImpersonationLevel : SECURITY_IMPERSONATION_LEVEL
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
procedure RtlInitAnsiString(
    DestinationString : PANSI_STRING;
    SourceString : PCSZ
  ); stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: 2K3
function  RtlInitAnsiStringEx(
    DestinationString : PANSI_STRING;
    SourceString : PCSZ
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
procedure RtlInitializeBitMap(
    BitMapHeader : PRTL_BITMAP;
    BitMapBuffer : PULONG;
    SizeOfBitMap : ULONG
  ); stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlInitializeCriticalSection(
    lpCriticalSection : PRTL_CRITICAL_SECTION
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT4, W2K, WXP, 2K3
function  RtlInitializeCriticalSectionAndSpinCount(
    lpCriticalSection : PRTL_CRITICAL_SECTION;
    dwSpinCount : ULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: W2K, WXP
procedure RtlInitializeRangeList(
    RangeList : PRTL_RANGE_LIST
  ); stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to InitializeSid() from Advapi32.dll.
// Refer to the PSDK for additional information. Usually the same flags
// apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlInitializeSid(
    pSid : PSID;
    pIdentifierAuthority : PSID_IDENTIFIER_AUTHORITY;
    nSubAuthorityCount : UCHAR
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: WXP, 2K3
procedure RtlInitializeSListHead(
    ListHead : PSLIST_HEADER
  ); stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
procedure RtlInitString(
    DestinationString : PSTRING;
    SourceString : PCSZ
  ); stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
procedure RtlInitUnicodeString(
    DestinationString : PUNICODE_STRING;
    SourceString : LPCWSTR
  ); stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: WXP, 2K3
function  RtlInitUnicodeStringEx(
    DestinationString : PUNICODE_STRING;
    SourceString : LPCWSTR
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: W2K, WXP, 2K3
function  RtlInt64ToUnicodeString(
    Value : ULONGLONG;
    Base : ULONG;
    Str : PUNICODE_STRING
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlIntegerToChar(
    Value : ULONG;
    Base : ULONG;
    Length : ULONG;
    Str : PCHAR
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlIntegerToUnicodeString(
    Value : ULONG;
    Base : ULONG;
    Str : PUNICODE_STRING
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: WXP, 2K3
function  RtlInterlockedFlushSList(
    ListHead : PSLIST_HEADER
  ): PSLIST_ENTRY; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: WXP, 2K3
function  RtlInterlockedPopEntrySList(
    ListHead : PSLIST_HEADER
  ): PSLIST_ENTRY; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: WXP, 2K3
function  RtlInterlockedPushEntrySList(
    ListHead : PSLIST_HEADER;
    ListEntry : PSLIST_ENTRY
  ): PSLIST_ENTRY; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: W2K, WXP
function  RtlInvertRangeList(
    InvertedRangeList : PRTL_RANGE_LIST;
    RangeList : PRTL_RANGE_LIST
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: WXP, 2K3
function  RtlIpv4AddressToStringA(
    IP : PULONG;
    Buffer : LPSTR
  ): LPSTR; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: WXP, 2K3
function  RtlIpv4AddressToStringW(
    IP : PULONG;
    Buffer : LPWSTR
  ): LPWSTR; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlIsDosDeviceName_U(
    TestString : LPCWSTR
  ): ULONG; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlIsNameLegalDOS8Dot3(
    Name : PUNICODE_STRING;
    OemName : POEM_STRING;
    NameContainsSpaces : PBOOLEAN
  ): BOOLEAN; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: W2K, WXP
function  RtlIsRangeAvailable(
    RangeList : PRTL_RANGE_LIST;
    Start : ULONGLONG;
    End_ : ULONGLONG;
    Flags : ULONG;
    AttributeAvailableMask : UCHAR;
    Context : PVOID;
    Callback : PRTL_CONFLICT_RANGE_CALLBACK;
    Available : PBOOLEAN
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to IsTextUnicode() from Advapi32.dll.
// Refer to the PSDK for additional information. Usually the same flags
// apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlIsTextUnicode(
    lpBuffer : PVOID;
    cb : Integer;
    lpi : LPINT
  ): BOOLEAN; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlLargeIntegerAdd(
    Addend1 : LARGE_INTEGER;
    Addend2 : LARGE_INTEGER
  ): LARGE_INTEGER; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlLargeIntegerArithmeticShift(
    LargeInteger : LARGE_INTEGER;
    ShiftCount : CCHAR
  ): LARGE_INTEGER; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlLargeIntegerDivide(
    Dividend : LARGE_INTEGER;
    Divisor : LARGE_INTEGER;
    Remainder : PLARGE_INTEGER
  ): LARGE_INTEGER; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlLargeIntegerNegate(
    NegateThis : LARGE_INTEGER
  ): LARGE_INTEGER; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlLargeIntegerShiftLeft(
    LargeInteger : LARGE_INTEGER;
    ShiftCount : CCHAR
  ): LARGE_INTEGER; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlLargeIntegerShiftRight(
    LargeInteger : LARGE_INTEGER;
    ShiftCount : CCHAR
  ): LARGE_INTEGER; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlLargeIntegerSubtract(
    Number : LARGE_INTEGER;
    Subtrahend : LARGE_INTEGER
  ): LARGE_INTEGER; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlLargeIntegerToChar(
    Value : PLARGE_INTEGER;
    Base : ULONG;
    BufferLength : ULONG;
    Buffer : PCHAR
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// The function LeaveCriticalSection() from Kernel32.dll is an export
// forwarder to this function. This means you can refer to the
// documentation of LeaveCriticalSection()!
// Compatibility: NT3, NT4, W2K, WXP, 2K3
procedure RtlLeaveCriticalSection(
    lpCriticalSection : PRTL_CRITICAL_SECTION
  ); stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to GetSidLengthRequired() from
// Advapi32.dll. Refer to the PSDK for additional information. Usually the
// same flags apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlLengthRequiredSid(
    nSubAuthorityCount : ULONG
  ): ULONG; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to GetSecurityDescriptorLength() from
// Advapi32.dll. Refer to the PSDK for additional information. Usually the
// same flags apply.
// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlLengthSecurityDescriptor(
    SecurityDescriptor : PSECURITY_DESCRIPTOR
  ): ULONG; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to GetLengthSid() from Advapi32.dll. Refer
// to the PSDK for additional information. Usually the same flags apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlLengthSid(
    pSid : PSID
  ): ULONG; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlLocalTimeToSystemTime(
    LocalTime : PLARGE_INTEGER;
    SystemTime : PLARGE_INTEGER
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to HeapLock() from Kernel32.dll. Refer to
// the PSDK for additional information. Usually the same flags apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlLockHeap(
    hHeap : PVOID
  ): BOOLEAN; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to MakeSelfRelativeSD() from Advapi32.dll.
// Refer to the PSDK for additional information. Usually the same flags
// apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlMakeSelfRelativeSD(
    pAbsoluteSD : PSECURITY_DESCRIPTOR;
    pSelfRelativeSD : PSECURITY_DESCRIPTOR;
    lpdwBufferLength : LPDWORD
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to MapGenericMask() from Advapi32.dll.
// Refer to the PSDK for additional information. Usually the same flags
// apply.
// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
procedure RtlMapGenericMask(
    AccessMask : PACCESS_MASK;
    GenericMapping : PGENERIC_MAPPING
  ); stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Maps an error from the security subsystem to a native error status.
// Compatibility: WXP, 2K3
function  RtlMapSecurityErrorToNtStatus(
    SecurityError : DWORD
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: W2K, WXP
function  RtlMergeRangeLists(
    MergedRangeList : PRTL_RANGE_LIST;
    RangeList1 : PRTL_RANGE_LIST;
    RangeList2 : PRTL_RANGE_LIST;
    Flags : ULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
procedure RtlMoveMemory(
    Destination : PVOID;
    Source : PVOID;
    Length : SIZE_T
  ); stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlNormalizeProcessParams(
    ProcessParameters : PRTL_USER_PROCESS_PARAMETERS
  ): PRTL_USER_PROCESS_PARAMETERS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlNtStatusToDosError(
    Status : NTSTATUS
  ): ULONG; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: WXP, 2K3
function  RtlNtStatusToDosErrorNoTeb(
    Status : NTSTATUS
  ): ULONG; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlNumberOfClearBits(
    BitMapHeader : PRTL_BITMAP
  ): ULONG; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlNumberOfSetBits(
    BitMapHeader : PRTL_BITMAP
  ): ULONG; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlOemStringToUnicodeSize(
    AnsiString : POEM_STRING
  ): ULONG; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlOemStringToUnicodeString(
    DestinationString : PUNICODE_STRING;
    SourceString : POEM_STRING;
    AllocateDestinationString : BOOLEAN
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlOemToUnicodeN(
    UnicodeString : PWSTR;
    UnicodeSize : ULONG;
    var ResultSize : ULONG;
    OemString : PCHAR;
    OemSize : ULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlOpenCurrentUser(
    samDesired : ACCESS_MASK;
    phkResult : PHKEY
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Either raises an exception of type STATUS_RESOURCE_NOT_OWNED or returns
// a BOOLEAN value.
// Should perhaps not be called explicitly.
// Compatibility: WXP, 2K3
function  RtlpNotOwnerCriticalSection(
    lpCriticalSection : PRTL_CRITICAL_SECTION
  ): BOOLEAN; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This is a private wrapper for NtCreateKey().
// However, 2 of the parameters are not being used!
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlpNtCreateKey(
    KeyHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    Unused1 : ULONG;
    Unused2 : ULONG;
    Disposition : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlpNtEnumerateSubKey(
    KeyHandle : HANDLE;
    SubKeyName : PUNICODE_STRING;
    Index : ULONG;
    Unused1 : ULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to NtCreateKey() from Ntdll.dll. Usually
// the same or similar flags apply.
// This is exactly the same as NtDeleteKey() by now!
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlpNtMakeTemporaryKey(
    KeyHandle : HANDLE
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlpNtOpenKey(
    KeyHandle : HANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    Unused : ULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlpNtQueryValueKey(
    KeyHandle : HANDLE;
    Type_ : PULONG;
    Data : PVOID;
    DataSize : PULONG;
    Unused : ULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This is a private wrapper for NtSetValueKey().
// The parameters of TitleIndex and ValueName are not being passed, that is
// empty.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlpNtSetValueKey(
    KeyHandle : HANDLE;
    Type_ : ULONG;
    Data : PVOID;
    DataSize : ULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlPrefixString(
    String1 : PANSI_STRING;
    String2 : PANSI_STRING;
    CaseInsensitive : BOOLEAN
  ): BOOLEAN; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlPrefixUnicodeString(
    String1 : PUNICODE_STRING;
    String2 : PUNICODE_STRING;
    CaseInsensitive : BOOLEAN
  ): BOOLEAN; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: WXP, 2K3
function  RtlQueryDepthSList(
    ListHead : PSLIST_HEADER
  ): USHORT; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// VarValue has to have a buffer assigned big enough to hold the value.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlQueryEnvironmentVariable_U(
    Environment : PVOID;
    VarName : PUNICODE_STRING;
    VarValue : PUNICODE_STRING
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to GetAclInformation() from Advapi32.dll.
// Refer to the PSDK for additional information. Usually the same flags
// apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlQueryInformationAcl(
    pAcl : PACL;
    pAclInformation : PVOID;
    nAclInformationLength : DWORD;
    dwAclInformationClass : ACL_INFORMATION_CLASS
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlQueryProcessDebugInformation(
    ProcessId : ULONG;
    DebugInfoClassMask : ULONG;
    DebugBuffer : PDEBUG_BUFFER
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlQueryRegistryValues(
    RelativeTo : ULONG;
    Path : LPCWSTR;
    QueryTable : PRTL_QUERY_REGISTRY_TABLE;
    Context : PVOID;
    Environment : PVOID
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
procedure RtlRaiseStatus(
    Status : NTSTATUS
  ); stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlRandom(
    Seed : PULONG
  ): ULONG; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: WXP, 2K3
function  RtlRandomEx(
    Seed : PULONG
  ): ULONG; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// The function HeapReAlloc() from Kernel32.dll is an export forwarder to
// this function. This means you can refer to the documentation of
// HeapReAlloc()!
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlReAllocateHeap(
    hHeap : HANDLE;
    dwFlags : ULONG;
    lpMem : PVOID;
    dwBytes : SIZE_T
  ): PVOID; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
procedure RtlReleasePebLock(); stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: WXP, 2K3
function  RtlRemoveVectoredExceptionHandler(
    VectoredHandlerHandle : PVOID
  ): ULONG; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: WXP, 2K3
procedure RtlRestoreLastWin32Error(
    dwErrCode : DWORD
  ); stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
procedure RtlRunDecodeUnicodeString(
    CodeSeed : UCHAR;
    StringToDecode : PUNICODE_STRING
  ); stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// If CodeSeed == 0 it will be assigned a value by the function. Use this
// very value in a call to RtlRunDecodeUnicodeString()! To decode the
// string afterwards.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
procedure RtlRunEncodeUnicodeString(
    var CodeSeed : UCHAR;
    StringToEncode : PUNICODE_STRING
  ); stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
procedure RtlSecondsSince1970ToTime(
    SecondsSince1970 : ULONG;
    Time : PLARGE_INTEGER
  ); stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
procedure RtlSecondsSince1980ToTime(
    SecondsSince1980 : ULONG;
    Time : PLARGE_INTEGER
  ); stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to MakeAbsoluteSD() from Advapi32.dll.
// Refer to the PSDK for additional information. Usually the same flags
// apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlSelfRelativeToAbsoluteSD(
    pSelfRelativeSD : PSECURITY_DESCRIPTOR;
    pAbsoluteSD : PSECURITY_DESCRIPTOR;
    lpdwAbsoluteSDSize : LPDWORD;
    pDacl : PACL;
    lpdwDaclSize : LPDWORD;
    pSacl : PACL;
    lpdwSaclSize : LPDWORD;
    pOwner : PSID;
    lpdwOwnerSize : LPDWORD;
    pPrimaryGroup : PSID;
    lpdwPrimaryGroupSize : LPDWORD
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
procedure RtlSetAllBits(
    BitMapHeader : PRTL_BITMAP
  ); stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
procedure RtlSetBits(
    BitMapHeader : PRTL_BITMAP;
    StartingIndex : ULONG;
    NumberToSet : ULONG
  ); stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to SetSecurityDescriptorControl() from
// Advapi32.dll. Refer to the PSDK for additional information. Usually the
// same flags apply.
// Compatibility: W2K, WXP, 2K3
function  RtlSetControlSecurityDescriptor(
    pSecurityDescriptor : PSECURITY_DESCRIPTOR;
    ControlBitsOfInterest : SECURITY_DESCRIPTOR_CONTROL;
    ControlBitsToSet : SECURITY_DESCRIPTOR_CONTROL
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// The function SetCriticalSectionSpinCount() from Kernel32.dll is an
// export forwarder to this function. This means you can refer to the
// documentation of SetCriticalSectionSpinCount()!
// Compatibility: NT4, W2K, WXP, 2K3
function  RtlSetCriticalSectionSpinCount(
    lpCriticalSection : PRTL_CRITICAL_SECTION;
    dwSpinCount : ULONG
  ): DWORD; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlSetCurrentDirectory_U(
    NewCurrentDirectory : PUNICODE_STRING
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlSetDaclSecurityDescriptor(
    SecurityDescriptor : PSECURITY_DESCRIPTOR;
    DaclPresent : BOOLEAN;
    Dacl : PACL;
    DaclDefaulted : BOOLEAN
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlSetGroupSecurityDescriptor(
    pSecurityDescriptor : PSECURITY_DESCRIPTOR;
    pGroup : PSID;
    bGroupDefaulted : BOOLEAN
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to SetAclInformation() from Advapi32.dll.
// Refer to the PSDK for additional information. Usually the same flags
// apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlSetInformationAcl(
    pAcl : PACL;
    pAclInformation : PVOID;
    nInformationLength : DWORD;
    dwAclInformationClass : ACL_INFORMATION_CLASS
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: WXP, 2K3
function  RtlSetLastWin32ErrorAndNtStatusFromNtStatus(
    Status : NTSTATUS
  ): ULONG; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlSetOwnerSecurityDescriptor(
    pSecurityDescriptor : PSECURITY_DESCRIPTOR;
    pOwner : PSID;
    bOwnerDefaulted : BOOLEAN
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: WXP, 2K3
function  RtlSetProcessIsCritical(
    bIsCritical : BOOLEAN;
    pbOldIsCriticalValue : PBOOLEAN;
    bUnknownCanBeFalse : BOOLEAN
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to SetSecurityDescriptorSacl() from
// Advapi32.dll. Refer to the PSDK for additional information. Usually the
// same flags apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlSetSaclSecurityDescriptor(
    pSecurityDescriptor : PSECURITY_DESCRIPTOR;
    bSaclPresent : BOOLEAN;
    pSacl : PACL;
    SaclDefaulted : BOOLEAN
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: WXP, 2K3
function  RtlSetThreadIsCritical(
    bIsCritical : BOOLEAN;
    pbOldIsCriticalValue : PBOOLEAN;
    bUnknownCanBeFalse : BOOLEAN
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// The function HeapSize() from Kernel32.dll is an export forwarder to this
// function. This means you can refer to the documentation of HeapSize()!
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlSizeHeap(
    hHeap : HANDLE;
    dwFlags : ULONG;
    lpMem : PVOID
  ): SIZE_T; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: W2K, WXP, 2K3
function  RtlStringFromGUID(
    Guid : REFGUID;
    GuidString : PUNICODE_STRING
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to GetSidSubAuthorityCount() from
// Advapi32.dll. Refer to the PSDK for additional information. Usually the
// same flags apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlSubAuthorityCountSid(
    pSid : PSID
  ): PUCHAR; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to GetSidSubAuthority() from Advapi32.dll.
// Refer to the PSDK for additional information. Usually the same flags
// apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlSubAuthoritySid(
    pSid : PSID;
    nSubAuthority : DWORD
  ): PDWORD; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlSystemTimeToLocalTime(
    SystemTime : PLARGE_INTEGER;
    LocalTime : PLARGE_INTEGER
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlTimeFieldsToTime(
    TimeFields : PTIME_FIELDS;
    Time : PLARGE_INTEGER
  ): BOOLEAN; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
procedure RtlTimeToElapsedTimeFields(
    Time : PLARGE_INTEGER;
    TimeFields : PTIME_FIELDS
  ); stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlTimeToSecondsSince1970(
    Time : PLARGE_INTEGER;
    ElapsedSeconds : PULONG
  ): BOOLEAN; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlTimeToSecondsSince1980(
    Time : PLARGE_INTEGER;
    ElapsedSeconds : PULONG
  ): BOOLEAN; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
procedure RtlTimeToTimeFields(
    Time : PLARGE_INTEGER;
    TimeFields : PTIME_FIELDS
  ); stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// The function TryEnterCriticalSection() from Kernel32.dll is an export
// forwarder to this function. This means you can refer to the
// documentation of TryEnterCriticalSection()!
// Compatibility: NT4, W2K, WXP, 2K3
function  RtlTryEnterCriticalSection(
    lpCriticalSection : PRTL_CRITICAL_SECTION
  ): BOOL; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlUnicodeStringToAnsiSize(
    UnicodeString : PUNICODE_STRING
  ): ULONG; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlUnicodeStringToAnsiString(
    DestinationString : PANSI_STRING;
    SourceString : PUNICODE_STRING;
    AllocateDestinationString : BOOLEAN
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlUnicodeStringToCountedOemString(
    DestinationString : POEM_STRING;
    SourceString : PUNICODE_STRING;
    AllocateDestinationString : BOOLEAN
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlUnicodeStringToInteger(
    Str : PUNICODE_STRING;
    Base : ULONG;
    Value : PULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlUnicodeStringToOemSize(
    UnicodeString : PUNICODE_STRING
  ): ULONG; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlUnicodeStringToOemString(
    DestinationString : POEM_STRING;
    SourceString : PCUNICODE_STRING;
    AllocateDestinationString : BOOLEAN
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlUnicodeToMultiByteSize(
    BytesInMultiByteString : PULONG;
    UnicodeString : PWSTR;
    BytesInUnicodeString : ULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlUniform(
    Seed : PULONG
  ): ULONG; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// The function RtlUnwind() from Kernel32.dll is an export forwarder to
// this function. This means you can refer to the documentation of
// RtlUnwind()!
// Compatibility: NT3, NT4, W2K, WXP, 2K3
procedure RtlUnwind(
    TargetFrame : PVOID;
    TargetIp : PVOID;
    ExceptionRecord : PEXCEPTION_RECORD;
    ReturnValue : PVOID
  ); stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlUpcaseUnicodeChar(
    SourceCharacter : WCHAR
  ): WCHAR; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlUpcaseUnicodeString(
    DestinationString : PUNICODE_STRING;
    SourceString : PUNICODE_STRING;
    AllocateDestinationString : BOOLEAN
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlUpcaseUnicodeStringToAnsiString(
    DestinationString : PSTRING;
    SourceString : PUNICODE_STRING;
    AllocateDestinationString : BOOLEAN
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlUpcaseUnicodeStringToCountedOemString(
    DestinationString : PSTRING;
    SourceString : PUNICODE_STRING;
    AllocateDestinationString : BOOLEAN
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlUpcaseUnicodeStringToOemString(
    DestinationString : PSTRING;
    SourceString : PUNICODE_STRING;
    AllocateDestinationString : BOOLEAN
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlUpcaseUnicodeToMultiByteN(
    MbString : PCHAR;
    MbSize : ULONG;
    var ResultSize : ULONG;
    UnicodeString : PWSTR;
    UnicodeSize : ULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlUpcaseUnicodeToOemN(
    OemString : PCHAR;
    OemSize : ULONG;
    var ResultSize : ULONG;
    UnicodeString : PWSTR;
    UnicodeSize : ULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlUpperChar(
    Character : CHAR
  ): CHAR; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
procedure RtlUpperString(
    DestinationString : PSTRING;
    SourceString : PSTRING
  ); stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// #->REVIEW NUMBER OF PARAMETERS
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlValidAcl(
    Acl : PACL
  ): BOOLEAN; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to HeapValidate() from Kernel32.dll. Refer
// to the PSDK for additional information. Usually the same flags apply.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlValidateHeap(
    hHeap : HANDLE;
    dwFlags : ULONG;
    lpMem : LPCVOID
  ): BOOL; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: WXP, 2K3
function  RtlValidateUnicodeString(
    dwMustBeNull : ULONG;
    ValidateThis : PUNICODE_STRING
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: W2K, WXP, 2K3
function  RtlValidRelativeSecurityDescriptor(
    SecurityDescriptorInput : PSECURITY_DESCRIPTOR;
    SecurityDescriptorLength : ULONG;
    RequiredInformation : SECURITY_INFORMATION
  ): BOOLEAN; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlValidSecurityDescriptor(
    SecurityDescriptor : PSECURITY_DESCRIPTOR
  ): BOOLEAN; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// #->REVIEW NUMBER OF PARAMETERS; XREF: see IsValidSid()!
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlValidSid(
    pSid : PSID
  ): BOOLEAN; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: W2K, WXP, 2K3
function  RtlVerifyVersionInfo(
    VersionInfo : PRTL_OSVERSIONINFOEXW;
    TypeMask : ULONG;
    ConditionMask : ULONGLONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
function  RtlVolumeDeviceToDosName(
    VolumeDeviceObject : PVOID;
    DosName : PUNICODE_STRING
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlWriteRegistryValue(
    RelativeTo : ULONG;
    Path : LPCWSTR;
    ValueName : LPCWSTR;
    ValueType : ULONG;
    ValueData : PVOID;
    ValueLength : ULONG
  ): NTSTATUS; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlxAnsiStringToUnicodeSize(
    AnsiString : PANSI_STRING
  ): ULONG; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlxOemStringToUnicodeSize(
    AnsiString : POEM_STRING
  ): ULONG; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlxUnicodeStringToAnsiSize(
    UnicodeString : PUNICODE_STRING
  ): ULONG; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlxUnicodeStringToOemSize(
    UnicodeString : PUNICODE_STRING
  ): ULONG; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Compatibility: NT3, NT4, W2K, WXP, 2K3
function  RtlZeroHeap(
    hHeap : HANDLE;
    dwFlags : ULONG
  ): BOOLEAN; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// Documented in the DDK.
// Compatibility: NT3, NT4, W2K, WXP, 2K3
procedure RtlZeroMemory(
    Destination : PVOID;
    Length : SIZE_T
  ); stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

// This function is very similar to VerSetConditionMask() from
// Kernel32.dll. Refer to the PSDK for additional information. Usually the
// same flags apply.
// Compatibility: W2K, WXP, 2K3
function  VerSetConditionMask(
    ConditionMask : ULONGLONG;
    dwTypeMask : DWORD;
    Condition : BYTE
  ): ULONGLONG; stdcall; {$IFNDEF RTDL}external ntdll;{$ENDIF}

//// 810 automatically created prototype entries.
//// END  : Function prototypes

implementation

// This function is actually declared as a macro defined as memcpy()

procedure RtlCopyMemory(Destination: PVOID; Source: PVOID; Length: SIZE_T); stdcall;
begin
  Move(Source^, Destination^, Length);
end;

// Own function to retrieve the process's heap handle

function NtpGetProcessHeap(): HANDLE;
asm
{$ifdef cpu386}
  mov   EAX, FS:[018h]            // EAX now holds the TEB address
  mov   EAX, [EAX+030h]           // TEB+$30 holds the PEB address
  mov   EAX, DWORD PTR [EAX+24] // PEB+$30 holds the ProcessHeap's handle
{$endif cpu386}
{$ifdef cpux86_64}
  mov   RAX, GS:[48]              // EAX now holds the TEB address
  mov   RAX, [RAX+060h]           // TEB+$30 holds the PEB address
  mov   RAX, DWORD PTR [RAX+48]   // PEB+$30 holds the ProcessHeap's handle
{$endif cpux86_64}
end;

// Own function to retrieve the thread environment block (TEB) pointer

function NtpCurrentTeb(): PTEB;
asm
{$ifdef cpu386}
  mov   EAX, FS:[24]
{$endif cpu386}
{$ifdef cpux86_64}
  mov   RAX, GS:[48]
{$endif cpux86_64}
end;

// Own function to retrieve the process environment block (PEB) pointer

function RtlpGetCurrentPeb(): PPEB;
asm
{$ifdef cpu386}
  mov   EAX, FS:[24]
  mov   EAX, [EAX+030h]
{$endif cpu386}
{$ifdef cpux86_64}
  mov   RAX, GS:[24]
  mov   RAX, [RAX+060h]
{$endif cpux86_64}
end;

(* Own function to swap bytes in 16bit values

   The RtlUshortByteSwap routine converts a USHORT from
   little-endian to big-endian, and vice versa. *)

function RtlUshortByteSwap(Source: USHORT): USHORT;
asm
{$ifdef cpux86_64}
  mov   CX, AX
{$endif cpux86_64}
  rol   AX, 08h
end;

(* Own function to swap bytes in 32bit values

   The RtlUlongByteSwap routine converts a ULONG from little-endian to
   big-endian, and vice versa. *)

function RtlUlongByteSwap(Source: ULONG): ULONG;
asm
{$ifdef cpux86_64}
  mov   ECX, EAX
{$endif cpux86_64}
  bswap EAX
(*
// Does the same but perhaps slower ...
                        // Source = $11223344
  rol   AX,  08h        // Source = $11224433
  rol   EAX, 0Fh        // Source = $44331122
  rol   AX,  08h        // Source = $44332211
*)
end;

(* Own function to swap bytes in 64bit values

   The RtlUlonglongByteSwap routine converts a ULONGLONG from
   little-endian to big-endian, and vice versa. *)

function RtlUlonglongByteSwap(Source: ULONGLONG): ULONGLONG;
asm
{$ifdef cpu386}
  mov   EAX, [ESP+0Ch]  // Get the high part of the ULONGLONG into EAX
  mov   EDX, [ESP+08h]  // Get the low part of the ULONGLONG into EDX
  // This is not written as mnemonics to be compatible with D4!
  db    0Fh, 0C8h       // "bswap EAX" can only be executed on 486+!!!
  db    0Fh, 0CAh       // "bswap EDX" can only be executed on 486+!!!
  // High part returns in EDX, low part in EAX
{$endif cpu386}
{$ifdef cpux86_64}
  MOV   RCX,RAX
  BSWAP EAX
{$endif cpux86_64}
end;

// Resembles the RtlValidateUnicodeString() function available from Windows XP
// on exactly as it is on this OS version, except for the calling convention.

function RtlpValidateUnicodeString(dwMustBeNull: DWORD; UnicodeString: PUNICODE_STRING): NTSTATUS;
begin
  result := STATUS_INVALID_PARAMETER;
  if (dwMustBeNull = 0) then
  begin
    result := STATUS_SUCCESS;
    if (Assigned(UnicodeString)) then
    begin
      result := STATUS_INVALID_PARAMETER;
      if ((UnicodeString^.Length mod 2 = 0) and (UnicodeString^.MaximumLength mod 2 = 0) and (UnicodeString^.Length <= UnicodeString^.MaximumLength)) then
        if ((UnicodeString^.Length > 0) and (UnicodeString^.MaximumLength > 0)) then
          if (Assigned(UnicodeString^.Buffer)) then
            result := STATUS_SUCCESS;
    end;
  end;
end;

// Resembles the RtlValidateUnicodeString() function available from Windows XP
// on, but does not require the first parameter which anyway must be zero.

function RtlpValidateUnicodeString2(UnicodeString: PUNICODE_STRING): NTSTATUS;
begin
  result := STATUS_SUCCESS;
  if (Assigned(UnicodeString)) then
  begin
    result := STATUS_INVALID_PARAMETER;
    if ((UnicodeString^.Length mod 2 = 0) and (UnicodeString^.MaximumLength mod 2 = 0) and (UnicodeString^.Length <= UnicodeString^.MaximumLength)) then
      if ((UnicodeString^.Length > 0) and (UnicodeString^.MaximumLength > 0)) then
        if (Assigned(UnicodeString^.Buffer)) then
          result := STATUS_SUCCESS;
  end;
end;


{$IFDEF RTDL}

/// Function types
type
  TFNCsrGetProcessId = function (): DWORD; stdcall;
  TFNDbgQueryDebugFilterState = function (ComponentId: ULONG; Level: ULONG): NTSTATUS; stdcall;
  TFNDbgSetDebugFilterState = function (ComponentId: ULONG; Level: ULONG; State: BOOLEAN): NTSTATUS; stdcall;
  TFNKiRaiseUserExceptionDispatcher = function (): ULONG; stdcall;
  TFNLdrAccessResource = function (hModule: HANDLE; ResourceDataEntry: PIMAGE_RESOURCE_DATA_ENTRY; Address: PPVOID; dwSize: PULONG): NTSTATUS; stdcall;
  TFNLdrAlternateResourcesEnabled = function (): BOOLEAN; stdcall;
  TFNLdrDisableThreadCalloutsForDll = function (hModule: HANDLE): NTSTATUS; stdcall;
  TFNLdrGetDllHandle = function (pwPath: PWORD; pReserved: PVOID; pusPath: PUNICODE_STRING; var phModule: HANDLE): NTSTATUS; stdcall;
  TFNLdrGetProcedureAddress = function (hModule: HANDLE; dwOrdinal: ULONG; psName: PSTRING; var pProcedure: PVOID): NTSTATUS; stdcall;
  TFNLdrLoadDll = function (pwPath: PWORD; pdwFlags: PDWORD; pusPath: PUNICODE_STRING; var phModule: HANDLE): NTSTATUS; stdcall;
  TFNLdrQueryImageFileExecutionOptions = function (pusImagePath: PUNICODE_STRING; pwOptionName: PWORD; dwRequestedType: DWORD; pData: PVOID; dwSize: DWORD; pdwSize: PDWORD): NTSTATUS; stdcall;
  TFNLdrQueryProcessModuleInformation = function (psmi: PSYSTEM_MODULE_INFORMATION; dwSize: DWORD; pdwSize: PDWORD): NTSTATUS; stdcall;
  TFNLdrShutdownProcess = procedure(); stdcall;
  TFNLdrShutdownThread = procedure(); stdcall;
  TFNLdrUnloadDll = function (hModule: HANDLE): NTSTATUS; stdcall;
  TFNNtAcceptConnectPort = function (PortHandle: PHANDLE; PortIdentifier: ULONG; Message: PPORT_MESSAGE; Accept: BOOLEAN; WriteSection: PPORT_SECTION_WRITE; ReadSection: PPORT_SECTION_READ): NTSTATUS; stdcall;
  TFNNtAccessCheck = function (SecurityDescriptor: PSECURITY_DESCRIPTOR; TokenHandle: HANDLE; DesiredAccess: ACCESS_MASK; GenericMapping: PGENERIC_MAPPING; PrivilegeSet: PPRIVILEGE_SET; PrivilegeSetLength: PULONG;
    GrantedAccess: PACCESS_MASK; AccessStatus: PBOOLEAN): NTSTATUS; stdcall;
  TFNNtAccessCheckAndAuditAlarm = function (SubsystemName: PUNICODE_STRING; HandleId: PVOID; ObjectTypeName: PUNICODE_STRING; ObjectName: PUNICODE_STRING; SecurityDescriptor: PSECURITY_DESCRIPTOR; DesiredAccess: ACCESS_MASK;
    GenericMapping: PGENERIC_MAPPING; ObjectCreation: BOOLEAN; GrantedAccess: PACCESS_MASK; AccessStatus: PBOOLEAN; GenerateOnClose: PBOOLEAN): NTSTATUS; stdcall;
  TFNNtAccessCheckByType = function (SecurityDescriptor: PSECURITY_DESCRIPTOR; PrincipalSelfSid: PSID; TokenHandle: HANDLE; DesiredAccess: ACCESS_MASK; ObjectTypeList: POBJECT_TYPE_LIST; ObjectTypeListLength: ULONG;
    GenericMapping: PGENERIC_MAPPING; PrivilegeSet: PPRIVILEGE_SET; PrivilegeSetLength: PULONG; GrantedAccess: PACCESS_MASK; AccessStatus: PULONG): NTSTATUS; stdcall;
  TFNNtAccessCheckByTypeAndAuditAlarm = function (SubsystemName: PUNICODE_STRING; HandleId: PVOID; ObjectTypeName: PUNICODE_STRING; ObjectName: PUNICODE_STRING; SecurityDescriptor: PSECURITY_DESCRIPTOR; PrincipalSelfSid: PSID;
    DesiredAccess: ACCESS_MASK; AuditType: AUDIT_EVENT_TYPE; Flags: ULONG; ObjectTypeList: POBJECT_TYPE_LIST; ObjectTypeListLength: ULONG; GenericMapping: PGENERIC_MAPPING; ObjectCreation: BOOLEAN; GrantedAccess: PACCESS_MASK;
    AccessStatus: PULONG; GenerateOnClose: PBOOLEAN): NTSTATUS; stdcall;
  TFNNtAccessCheckByTypeResultList = function (SecurityDescriptor: PSECURITY_DESCRIPTOR; PrincipalSelfSid: PSID; TokenHandle: HANDLE; DesiredAccess: ACCESS_MASK; ObjectTypeList: POBJECT_TYPE_LIST; ObjectTypeListLength: ULONG;
    GenericMapping: PGENERIC_MAPPING; PrivilegeSet: PPRIVILEGE_SET; PrivilegeSetLength: PULONG; GrantedAccessList: PACCESS_MASK; AccessStatusList: PULONG): NTSTATUS; stdcall;
  TFNNtAccessCheckByTypeResultListAndAuditAlarm = function (SubsystemName: PUNICODE_STRING; HandleId: PVOID; ObjectTypeName: PUNICODE_STRING; ObjectName: PUNICODE_STRING; SecurityDescriptor: PSECURITY_DESCRIPTOR; PrincipalSelfSid: PSID;
    DesiredAccess: ACCESS_MASK; AuditType: AUDIT_EVENT_TYPE; Flags: ULONG; ObjectTypeList: POBJECT_TYPE_LIST; ObjectTypeListLength: ULONG; GenericMapping: PGENERIC_MAPPING; ObjectCreation: BOOLEAN; GrantedAccessList: PACCESS_MASK;
    AccessStatusList: PULONG; GenerateOnClose: PULONG): NTSTATUS; stdcall;
  TFNNtAccessCheckByTypeResultListAndAuditAlarmByHandle = function (SubsystemName: PUNICODE_STRING; HandleId: PVOID; TokenHandle: HANDLE; ObjectTypeName: PUNICODE_STRING; ObjectName: PUNICODE_STRING;
    SecurityDescriptor: PSECURITY_DESCRIPTOR; PrincipalSelfSid: PSID; DesiredAccess: ACCESS_MASK; AuditType: AUDIT_EVENT_TYPE; Flags: ULONG; ObjectTypeList: POBJECT_TYPE_LIST; ObjectTypeListLength: ULONG; GenericMapping: PGENERIC_MAPPING;
    ObjectCreation: BOOLEAN; GrantedAccessList: PACCESS_MASK; AccessStatusList: PULONG; GenerateOnClose: PULONG): NTSTATUS; stdcall;
  TFNNtAddAtom = function (Str: PWSTR; StringLength: ULONG; Atom: PUSHORT): NTSTATUS; stdcall;
  TFNNtAdjustGroupsToken = function (TokenHandle: HANDLE; ResetToDefault: BOOLEAN; NewState: PTOKEN_GROUPS; BufferLength: ULONG; PreviousState: PTOKEN_GROUPS; ReturnLength: PULONG): NTSTATUS; stdcall;
  TFNNtAdjustPrivilegesToken = function (TokenHandle: HANDLE; DisableAllPrivileges: BOOLEAN; NewState: PTOKEN_PRIVILEGES; BufferLength: ULONG; PreviousState: PTOKEN_PRIVILEGES; ReturnLength: PULONG): NTSTATUS; stdcall;
  TFNNtAlertResumeThread = function (ThreadHandle: HANDLE; PreviousSuspendCount: PULONG): NTSTATUS; stdcall;
  TFNNtAlertThread = function (ThreadHandle: HANDLE): NTSTATUS; stdcall;
  TFNNtAllocateLocallyUniqueId = function (Luid: PLUID): NTSTATUS; stdcall;
  TFNNtAllocateUserPhysicalPages = function (ProcessHandle: HANDLE; NumberOfPages: PULONG; PageFrameNumbers: PULONG): NTSTATUS; stdcall;
  TFNNtAllocateUuids = function (UuidLastTimeAllocated: PLARGE_INTEGER; UuidDeltaTime: PULONG; UuidSequenceNumber: PULONG; UuidSeed: PUCHAR): NTSTATUS; stdcall;
  TFNNtAllocateVirtualMemory = function (ProcessHandle: HANDLE; BaseAddress: PPVOID; ZeroBits: ULONG; AllocationSize: PULONG; AllocationType: ULONG; Protect: ULONG): NTSTATUS; stdcall;
  TFNNtAreMappedFilesTheSame = function (Address1: PVOID; Address2: PVOID): NTSTATUS; stdcall;
  TFNNtAssignProcessToJobObject = function (JobHandle: HANDLE; ProcessHandle: HANDLE): NTSTATUS; stdcall;
  TFNNtCallbackReturn = function (Result_: PVOID; ResultLength: ULONG; Status: NTSTATUS): NTSTATUS; stdcall;
  TFNNtCancelDeviceWakeupRequest = function (DeviceHandle: HANDLE): NTSTATUS; stdcall;
  TFNNtCancelIoFile = function (FileHandle: HANDLE; IoStatusBlock: PIO_STATUS_BLOCK): NTSTATUS; stdcall;
  TFNNtCancelTimer = function (TimerHandle: HANDLE; PreviousState: PBOOLEAN): NTSTATUS; stdcall;
  TFNNtClearEvent = function (EventHandle: HANDLE): NTSTATUS; stdcall;
  TFNNtClose = function (Handle: HANDLE): NTSTATUS; stdcall;
  TFNNtCloseObjectAuditAlarm = function (SubsystemName: PUNICODE_STRING; HandleId: PVOID; GenerateOnClose: BOOLEAN): NTSTATUS; stdcall;
  TFNNtCompleteConnectPort = function (PortHandle: HANDLE): NTSTATUS; stdcall;
  TFNNtConnectPort = function (PortHandle: PHANDLE; PortName: PUNICODE_STRING; SecurityQos: PSECURITY_QUALITY_OF_SERVICE; WriteSection: PPORT_SECTION_WRITE; ReadSection: PPORT_SECTION_READ; MaxMessageSize: PULONG; ConnectData: PVOID;
    ConnectDataLength: PULONG): NTSTATUS; stdcall;
  TFNNtContinue = function (Context: PCONTEXT; TestAlert: BOOLEAN): NTSTATUS; stdcall;
  TFNNtCreateChannel = function (ChannelHandle: PHANDLE; ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
  TFNNtCreateDirectoryObject = function (DirectoryHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
  TFNNtCreateEvent = function (EventHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; EventType: EVENT_TYPE; InitialState: BOOLEAN): NTSTATUS; stdcall;
  TFNNtCreateEventPair = function (EventPairHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
  TFNNtCreateFile = function (FileHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; IoStatusBlock: PIO_STATUS_BLOCK; AllocationSize: PLARGE_INTEGER; FileAttributes: ULONG; ShareAccess: ULONG;
    CreateDisposition: ULONG; CreateOptions: ULONG; EaBuffer: PVOID; EaLength: ULONG): NTSTATUS; stdcall;
  TFNNtCreateIoCompletion = function (IoCompletionHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; NumberOfConcurrentThreads: ULONG): NTSTATUS; stdcall;
  TFNNtCreateJobObject = function (JobHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
  TFNNtCreateKey = function (KeyHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; TitleIndex: ULONG; Class_: PUNICODE_STRING; CreateOptions: ULONG; Disposition: PULONG): NTSTATUS; stdcall;
  TFNNtCreateMailslotFile = function (FileHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; IoStatusBlock: PIO_STATUS_BLOCK; CreateOptions: ULONG; Unknown: ULONG; MaxMessageSize: ULONG;
    ReadTimeout: PLARGE_INTEGER): NTSTATUS; stdcall;
  TFNNtCreateMutant = function (MutantHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; InitialOwner: BOOLEAN): NTSTATUS; stdcall;
  TFNNtCreateNamedPipeFile = function (FileHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; IoStatusBlock: PIO_STATUS_BLOCK; ShareAccess: ULONG; CreateDisposition: ULONG; CreateOptions: ULONG;
    TypeMessage: BOOLEAN; ReadmodeMessage: BOOLEAN; Nonblocking: BOOLEAN; MaxInstances: ULONG; InBufferSize: ULONG; OutBufferSize: ULONG; DefaultTimeout: PLARGE_INTEGER): NTSTATUS; stdcall;
  TFNNtCreatePagingFile = function (FileName: PUNICODE_STRING; InitialSize: PULARGE_INTEGER; MaximumSize: PULARGE_INTEGER; Reserved: ULONG): NTSTATUS; stdcall;
  TFNNtCreatePort = function (PortHandle: PHANDLE; ObjectAttributes: POBJECT_ATTRIBUTES; MaxDataSize: ULONG; MaxMessageSize: ULONG; Reserved: ULONG): NTSTATUS; stdcall;
  TFNNtCreateProcess = function (ProcessHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; InheritFromProcessHandle: HANDLE; InheritHandles: BOOLEAN; SectionHandle: HANDLE; DebugPort: HANDLE;
    ExceptionPort: HANDLE): NTSTATUS; stdcall;
  TFNNtCreateProfile = function (ProfileHandle: PHANDLE; ProcessHandle: HANDLE; Base: PVOID; Size: ULONG; BucketShift: ULONG; Buffer: PULONG; BufferLength: ULONG; Source: KPROFILE_SOURCE; ProcessorMask: ULONG): NTSTATUS; stdcall;
  TFNNtCreateSection = function (SectionHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; SectionSize: PLARGE_INTEGER; Protect: ULONG; Attributes: ULONG; FileHandle: HANDLE): NTSTATUS; stdcall;
  TFNNtCreateSemaphore = function (SemaphoreHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; InitialCount: LONG; MaximumCount: LONG): NTSTATUS; stdcall;
  TFNNtCreateSymbolicLinkObject = function (SymbolicLinkHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; TargetName: PUNICODE_STRING): NTSTATUS; stdcall;
  TFNNtCreateThread = function (ThreadHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; ProcessHandle: HANDLE; ClientId: PCLIENT_ID; ThreadContext: PCONTEXT; UserStack: PUSER_STACK;
    CreateSuspended: BOOLEAN): NTSTATUS; stdcall;
  TFNNtCreateTimer = function (TimerHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; TimerType: TIMER_TYPE): NTSTATUS; stdcall;
  TFNNtCreateToken = function (TokenHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; Type_: TOKEN_TYPE; AuthenticationId: PLUID; ExpirationTime: PLARGE_INTEGER; User: PTOKEN_USER; Groups: PTOKEN_GROUPS;
    Privileges: PTOKEN_PRIVILEGES; Owner: PTOKEN_OWNER; PrimaryGroup: PTOKEN_PRIMARY_GROUP; DefaultDacl: PTOKEN_DEFAULT_DACL; Source: PTOKEN_SOURCE): NTSTATUS; stdcall;
  TFNNtCreateWaitablePort = function (PortHandle: PHANDLE; ObjectAttributes: POBJECT_ATTRIBUTES; MaxDataSize: ULONG; MaxMessageSize: ULONG; Reserved: ULONG): NTSTATUS; stdcall;
  TFNNtCurrentTeb = function (): PTEB; stdcall;
  TFNNtDebugActiveProcess = function (hProcess: HANDLE; hDebugObject: HANDLE): NTSTATUS; stdcall;
  TFNNtDelayExecution = function (Alertable: BOOLEAN; Interval: PLARGE_INTEGER): NTSTATUS; stdcall;
  TFNNtDeleteAtom = function (Atom: USHORT): NTSTATUS; stdcall;
  TFNNtDeleteFile = function (ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
  TFNNtDeleteKey = function (KeyHandle: HANDLE): NTSTATUS; stdcall;
  TFNNtDeleteObjectAuditAlarm = function (SubsystemName: PUNICODE_STRING; HandleId: PVOID; GenerateOnClose: BOOLEAN): NTSTATUS; stdcall;
  TFNNtDeleteValueKey = function (KeyHandle: HANDLE; ValueName: PUNICODE_STRING): NTSTATUS; stdcall;
  TFNNtDeviceIoControlFile = function (FileHandle: HANDLE; Event: HANDLE; ApcRoutine: PIO_APC_ROUTINE; ApcContext: PVOID; IoStatusBlock: PIO_STATUS_BLOCK; IoControlCode: ULONG; InputBuffer: PVOID; InputBufferLength: ULONG;
    OutputBuffer: PVOID; OutputBufferLength: ULONG): NTSTATUS; stdcall;
  TFNNtDisplayString = function (Str: PUNICODE_STRING): NTSTATUS; stdcall;
  TFNNtDuplicateObject = function (SourceProcessHandle: HANDLE; SourceHandle: HANDLE; TargetProcessHandle: HANDLE; TargetHandle: PHANDLE; DesiredAccess: ACCESS_MASK; Attributes: ULONG; Options: ULONG): NTSTATUS; stdcall;
  TFNNtDuplicateToken = function (ExistingTokenHandle: HANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; EffectiveOnly: BOOLEAN; TokenType: TOKEN_TYPE; NewTokenHandle: PHANDLE): NTSTATUS; stdcall;
  TFNNtEnumerateKey = function (KeyHandle: HANDLE; Index: ULONG; KeyInformationClass: KEY_INFORMATION_CLASS; KeyInformation: PVOID; KeyInformationLength: ULONG; ResultLength: PULONG): NTSTATUS; stdcall;
  TFNNtEnumerateValueKey = function (KeyHandle: HANDLE; Index: ULONG; KeyValueInformationClass: KEY_VALUE_INFORMATION_CLASS; KeyValueInformation: PVOID; KeyValueInformationLength: ULONG; ResultLength: PULONG): NTSTATUS; stdcall;
  TFNNtExtendSection = function (SectionHandle: HANDLE; SectionSize: PLARGE_INTEGER): NTSTATUS; stdcall;
  TFNNtFilterToken = function (ExistingTokenHandle: HANDLE; Flags: ULONG; SidsToDisable: PTOKEN_GROUPS; PrivilegesToDelete: PTOKEN_PRIVILEGES; SidsToRestricted: PTOKEN_GROUPS; NewTokenHandle: PHANDLE): NTSTATUS; stdcall;
  TFNNtFindAtom = function (Str: PWSTR; StringLength: ULONG; Atom: PUSHORT): NTSTATUS; stdcall;
  TFNNtFlushBuffersFile = function (FileHandle: HANDLE; IoStatusBlock: PIO_STATUS_BLOCK): NTSTATUS; stdcall;
  TFNNtFlushInstructionCache = function (ProcessHandle: HANDLE; BaseAddress: PVOID; FlushSize: ULONG): NTSTATUS; stdcall;
  TFNNtFlushKey = function (KeyHandle: HANDLE): NTSTATUS; stdcall;
  TFNNtFlushVirtualMemory = function (ProcessHandle: HANDLE; BaseAddress: PPVOID; FlushSize: PULONG; IoStatusBlock: PIO_STATUS_BLOCK): NTSTATUS; stdcall;
  TFNNtFlushWriteBuffer = function (): NTSTATUS; stdcall;
  TFNNtFreeUserPhysicalPages = function (ProcessHandle: HANDLE; NumberOfPages: PULONG; PageFrameNumbers: PULONG): NTSTATUS; stdcall;
  TFNNtFreeVirtualMemory = function (ProcessHandle: HANDLE; BaseAddress: PPVOID; FreeSize: PULONG; FreeType: ULONG): NTSTATUS; stdcall;
  TFNNtFsControlFile = function (FileHandle: HANDLE; Event: HANDLE; ApcRoutine: PIO_APC_ROUTINE; ApcContext: PVOID; IoStatusBlock: PIO_STATUS_BLOCK; FsControlCode: ULONG; InputBuffer: PVOID; InputBufferLength: ULONG; OutputBuffer: PVOID;
    OutputBufferLength: ULONG): NTSTATUS; stdcall;
  TFNNtGetContextThread = function (ThreadHandle: HANDLE; Context: PCONTEXT): NTSTATUS; stdcall;
  TFNNtGetCurrentProcessorNumber = function (): ULONG; stdcall;
  TFNNtGetDevicePowerState = function (DeviceHandle: HANDLE; DevicePowerState: PDEVICE_POWER_STATE): NTSTATUS; stdcall;
  TFNNtGetPlugPlayEvent = function (Reserved1: ULONG; Reserved2: ULONG; Buffer: PVOID; BufferLength: ULONG): NTSTATUS; stdcall;
  TFNNtGetTickCount = function (): ULONG; stdcall;
  TFNNtGetWriteWatch = function (ProcessHandle: HANDLE; Flags: ULONG; BaseAddress: PVOID; RegionSize: ULONG; Buffer: PULONG; BufferEntries: PULONG; Granularity: PULONG): NTSTATUS; stdcall;
  TFNNtImpersonateAnonymousToken = function (ThreadHandle: HANDLE): NTSTATUS; stdcall;
  TFNNtImpersonateClientOfPort = function (PortHandle: HANDLE; Message: PPORT_MESSAGE): NTSTATUS; stdcall;
  TFNNtImpersonateThread = function (ThreadHandle: HANDLE; TargetThreadHandle: HANDLE; SecurityQos: PSECURITY_QUALITY_OF_SERVICE): NTSTATUS; stdcall;
  TFNNtInitializeRegistry = function (Setup: BOOLEAN): NTSTATUS; stdcall;
  TFNNtInitiatePowerAction = function (SystemAction: POWER_ACTION; MinSystemState: SYSTEM_POWER_STATE; Flags: ULONG; Asynchronous: BOOLEAN): NTSTATUS; stdcall;
  TFNNtIsSystemResumeAutomatic = function (): BOOLEAN; stdcall;
  TFNNtListenChannel = function (x: PVOID; y: PVOID): NTSTATUS; stdcall;
  TFNNtListenPort = function (PortHandle: HANDLE; Message: PPORT_MESSAGE): NTSTATUS; stdcall;
  TFNNtLoadDriver = function (DriverServiceName: PUNICODE_STRING): NTSTATUS; stdcall;
  TFNNtLoadKey = function (KeyObjectAttributes: POBJECT_ATTRIBUTES; FileObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
  TFNNtLoadKey2 = function (KeyObjectAttributes: POBJECT_ATTRIBUTES; FileObjectAttributes: POBJECT_ATTRIBUTES; Flags: ULONG): NTSTATUS; stdcall;
  TFNNtLockFile = function (FileHandle: HANDLE; Event: HANDLE; ApcRoutine: PIO_APC_ROUTINE; ApcContext: PVOID; IoStatusBlock: PIO_STATUS_BLOCK; LockOffset: PULARGE_INTEGER; LockLength: PULARGE_INTEGER; Key: ULONG; FailImmediately: BOOLEAN;
    ExclusiveLock: BOOLEAN): NTSTATUS; stdcall;
  TFNNtLockVirtualMemory = function (ProcessHandle: HANDLE; BaseAddress: PPVOID; LockSize: PULONG; LockType: ULONG): NTSTATUS; stdcall;
  TFNNtMakePermanentObject = function (Handle: HANDLE): NTSTATUS; stdcall;
  TFNNtMakeTemporaryObject = function (Handle: HANDLE): NTSTATUS; stdcall;
  TFNNtMapUserPhysicalPages = function (BaseAddress: PVOID; NumberOfPages: PULONG; PageFrameNumbers: PULONG): NTSTATUS; stdcall;
  TFNNtMapUserPhysicalPagesScatter = function (BaseAddresses: PPVOID; NumberOfPages: PULONG; PageFrameNumbers: PULONG): NTSTATUS; stdcall;
  TFNNtMapViewOfSection = function (SectionHandle: HANDLE; ProcessHandle: HANDLE; BaseAddress: PPVOID; ZeroBits: ULONG; CommitSize: ULONG; SectionOffset: PLARGE_INTEGER; ViewSize: PULONG; InheritDisposition: SECTION_INHERIT;
    AllocationType: ULONG; Protect: ULONG): NTSTATUS; stdcall;
  TFNNtNotifyChangeDirectoryFile = function (FileHandle: HANDLE; Event: HANDLE; ApcRoutine: PIO_APC_ROUTINE; ApcContext: PVOID; IoStatusBlock: PIO_STATUS_BLOCK; Buffer: PFILE_NOTIFY_INFORMATION; BufferLength: ULONG; NotifyFilter: ULONG;
    WatchSubtree: BOOLEAN): NTSTATUS; stdcall;
  TFNNtNotifyChangeKey = function (KeyHandle: HANDLE; EventHandle: HANDLE; ApcRoutine: PIO_APC_ROUTINE; ApcContext: PVOID; IoStatusBlock: PIO_STATUS_BLOCK; NotifyFilter: ULONG; WatchSubtree: BOOLEAN; Buffer: PVOID; BufferLength: ULONG;
    Asynchronous: BOOLEAN): NTSTATUS; stdcall;
  TFNNtNotifyChangeMultipleKeys = function (KeyHandle: HANDLE; Flags: ULONG; KeyObjectAttributes: POBJECT_ATTRIBUTES; EventHandle: HANDLE; ApcRoutine: PIO_APC_ROUTINE; ApcContext: PVOID; IoStatusBlock: PIO_STATUS_BLOCK; NotifyFilter: ULONG;
    WatchSubtree: BOOLEAN; Buffer: PVOID; BufferLength: ULONG; Asynchronous: BOOLEAN): NTSTATUS; stdcall;
  TFNNtOpenChannel = function (ChannelHandle: PHANDLE; ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
  TFNNtOpenDirectoryObject = function (DirectoryHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
  TFNNtOpenEvent = function (EventHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
  TFNNtOpenEventPair = function (EventPairHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
  TFNNtOpenFile = function (FileHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; IoStatusBlock: PIO_STATUS_BLOCK; ShareAccess: ULONG; OpenOptions: ULONG): NTSTATUS; stdcall;
  TFNNtOpenIoCompletion = function (IoCompletionHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
  TFNNtOpenJobObject = function (JobHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
  TFNNtOpenKey = function (KeyHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
  TFNNtOpenMutant = function (MutantHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
  TFNNtOpenObjectAuditAlarm = function (SubsystemName: PUNICODE_STRING; HandleId: PPVOID; ObjectTypeName: PUNICODE_STRING; ObjectName: PUNICODE_STRING; SecurityDescriptor: PSECURITY_DESCRIPTOR; TokenHandle: HANDLE;
    DesiredAccess: ACCESS_MASK; GrantedAccess: ACCESS_MASK; Privileges: PPRIVILEGE_SET; ObjectCreation: BOOLEAN; AccessGranted: BOOLEAN; GenerateOnClose: PBOOLEAN): NTSTATUS; stdcall;
  TFNNtOpenProcess = function (ProcessHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; ClientId: PCLIENT_ID): NTSTATUS; stdcall;
  TFNNtOpenProcessToken = function (ProcessHandle: HANDLE; DesiredAccess: ACCESS_MASK; TokenHandle: PHANDLE): NTSTATUS; stdcall;
  TFNNtOpenSection = function (SectionHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
  TFNNtOpenSemaphore = function (SemaphoreHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
  TFNNtOpenSymbolicLinkObject = function (SymbolicLinkHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
  TFNNtOpenThread = function (ThreadHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; ClientId: PCLIENT_ID): NTSTATUS; stdcall;
  TFNNtOpenThreadToken = function (ThreadHandle: HANDLE; DesiredAccess: ACCESS_MASK; OpenAsSelf: BOOLEAN; TokenHandle: PHANDLE): NTSTATUS; stdcall;
  TFNNtOpenTimer = function (TimerHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
  TFNNtPlugPlayControl = function (ControlCode: ULONG; Buffer: PVOID; BufferLength: ULONG): NTSTATUS; stdcall;
  TFNNtPowerInformation = function (PowerInformationLevel: POWER_INFORMATION_LEVEL; InputBuffer: PVOID; InputBufferLength: ULONG; OutputBuffer: PVOID; OutputBufferLength: ULONG): NTSTATUS; stdcall;
  TFNNtPrivilegeCheck = function (TokenHandle: HANDLE; RequiredPrivileges: PPRIVILEGE_SET; Result_: PBOOLEAN): NTSTATUS; stdcall;
  TFNNtPrivilegeObjectAuditAlarm = function (SubsystemName: PUNICODE_STRING; HandleId: PVOID; TokenHandle: HANDLE; DesiredAccess: ACCESS_MASK; Privileges: PPRIVILEGE_SET; AccessGranted: BOOLEAN): NTSTATUS; stdcall;
  TFNNtPrivilegedServiceAuditAlarm = function (SubsystemName: PUNICODE_STRING; ServiceName: PUNICODE_STRING; TokenHandle: HANDLE; Privileges: PPRIVILEGE_SET; AccessGranted: BOOLEAN): NTSTATUS; stdcall;
  TFNNtProtectVirtualMemory = function (ProcessHandle: HANDLE; BaseAddress: PPVOID; ProtectSize: PULONG; NewProtect: ULONG; OldProtect: PULONG): NTSTATUS; stdcall;
  TFNNtPulseEvent = function (EventHandle: HANDLE; PreviousState: PULONG): NTSTATUS; stdcall;
  TFNNtQueryAttributesFile = function (ObjectAttributes: POBJECT_ATTRIBUTES; FileInformation: PFILE_BASIC_INFORMATION): NTSTATUS; stdcall;
  TFNNtQueryDefaultLocale = function (ThreadOrSystem: BOOLEAN; Locale: PLCID): NTSTATUS; stdcall;
  TFNNtQueryDefaultUILanguage = function (LanguageId: PLANGID): NTSTATUS; stdcall;
  TFNNtQueryDirectoryFile = function (FileHandle: HANDLE; Event: HANDLE; ApcRoutine: PIO_APC_ROUTINE; ApcContext: PVOID; IoStatusBlock: PIO_STATUS_BLOCK; FileInformation: PVOID; FileInformationLength: ULONG;
    FileInformationClass: FILE_INFORMATION_CLASS; ReturnSingleEntry: BOOLEAN; FileName: PUNICODE_STRING; RestartScan: BOOLEAN): NTSTATUS; stdcall;
  TFNNtQueryDirectoryObject = function (DirectoryHandle: HANDLE; Buffer: PVOID; BufferLength: ULONG; ReturnSingleEntry: BOOLEAN; RestartScan: BOOLEAN; Context: PULONG; ReturnLength: PULONG): NTSTATUS; stdcall;
  TFNNtQueryEaFile = function (FileHandle: HANDLE; IoStatusBlock: PIO_STATUS_BLOCK; Buffer: PFILE_FULL_EA_INFORMATION; BufferLength: ULONG; ReturnSingleEntry: BOOLEAN; EaList: PFILE_GET_EA_INFORMATION; EaListLength: ULONG; EaIndex: PULONG;
    RestartScan: BOOLEAN): NTSTATUS; stdcall;
  TFNNtQueryEvent = function (EventHandle: HANDLE; EventInformationClass: EVENT_INFORMATION_CLASS; EventInformation: PVOID; EventInformationLength: ULONG; ResultLength: PULONG): NTSTATUS; stdcall;
  TFNNtQueryFullAttributesFile = function (ObjectAttributes: POBJECT_ATTRIBUTES; FileInformation: PFILE_NETWORK_OPEN_INFORMATION): NTSTATUS; stdcall;
  TFNNtQueryInformationAtom = function (Atom: USHORT; AtomInformationClass: ATOM_INFORMATION_CLASS; AtomInformation: PVOID; AtomInformationLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall;
  TFNNtQueryInformationFile = function (FileHandle: HANDLE; IoStatusBlock: PIO_STATUS_BLOCK; FileInformation: PVOID; FileInformationLength: ULONG; FileInformationClass: FILE_INFORMATION_CLASS): NTSTATUS; stdcall;
  TFNNtQueryInformationJobObject = function (JobHandle: HANDLE; JobInformationClass: JOBOBJECTINFOCLASS; JobInformation: PVOID; JobInformationLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall;
  TFNNtQueryInformationPort = function (PortHandle: HANDLE; PortInformationClass: PORT_INFORMATION_CLASS; PortInformation: PVOID; PortInformationLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall;
  TFNNtQueryInformationProcess = function (ProcessHandle: HANDLE; ProcessInformationClass: PROCESSINFOCLASS; ProcessInformation: PVOID; ProcessInformationLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall;
  TFNNtQueryInformationThread = function (ThreadHandle: HANDLE; ThreadInformationClass: THREADINFOCLASS; ThreadInformation: PVOID; ThreadInformationLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall;
  TFNNtQueryInformationToken = function (TokenHandle: HANDLE; TokenInformationClass: TOKEN_INFORMATION_CLASS; TokenInformation: PVOID; TokenInformationLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall;
  TFNNtQueryInstallUILanguage = function (LanguageId: PLANGID): NTSTATUS; stdcall;
  TFNNtQueryIntervalProfile = function (Source: KPROFILE_SOURCE; Interval: PULONG): NTSTATUS; stdcall;
  TFNNtQueryIoCompletion = function (IoCompletionHandle: HANDLE; IoCompletionInformationClass: IO_COMPLETION_INFORMATION_CLASS; IoCompletionInformation: PVOID; IoCompletionInformationLength: ULONG; ResultLength: PULONG): NTSTATUS; stdcall;
  TFNNtQueryKey = function (KeyHandle: HANDLE; KeyInformationClass: KEY_INFORMATION_CLASS; KeyInformation: PVOID; KeyInformationLength: ULONG; ResultLength: PULONG): NTSTATUS; stdcall;
  TFNNtQueryMultipleValueKey = function (KeyHandle: HANDLE; ValueList: PKEY_VALUE_ENTRY; NumberOfValues: ULONG; Buffer: PVOID; Length: PULONG; ReturnLength: PULONG): NTSTATUS; stdcall;
  TFNNtQueryMutant = function (MutantHandle: HANDLE; MutantInformationClass: MUTANT_INFORMATION_CLASS; MutantInformation: PVOID; MutantInformationLength: ULONG; ResultLength: PULONG): NTSTATUS; stdcall;
  TFNNtQueryObject = function (ObjectHandle: HANDLE; ObjectInformationClass: OBJECT_INFORMATION_CLASS; ObjectInformation: PVOID; ObjectInformationLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall;
  TFNNtQueryOpenSubKeys = function (KeyObjectAttributes: POBJECT_ATTRIBUTES; NumberOfKey: PULONG): NTSTATUS; stdcall;
  TFNNtQueryPerformanceCounter = function (PerformanceCount: PLARGE_INTEGER; PerformanceFrequency: PLARGE_INTEGER): NTSTATUS; stdcall;
  TFNNtQueryPortInformationProcess = function (): ULONG; stdcall;
  TFNNtQueryQuotaInformationFile = function (FileHandle: HANDLE; IoStatusBlock: PIO_STATUS_BLOCK; Buffer: PFILE_USER_QUOTA_INFORMATION; BufferLength: ULONG; ReturnSingleEntry: BOOLEAN; QuotaList: PFILE_QUOTA_LIST_INFORMATION;
    QuotaListLength: ULONG; ResumeSid: PSID; RestartScan: BOOLEAN): NTSTATUS; stdcall;
  TFNNtQuerySection = function (SectionHandle: HANDLE; SectionInformationClass: SECTION_INFORMATION_CLASS; SectionInformation: PVOID; SectionInformationLength: ULONG; ResultLength: PULONG): NTSTATUS; stdcall;
  TFNNtQuerySecurityObject = function (Handle: HANDLE; RequestedInformation: SECURITY_INFORMATION; SecurityDescriptor: PSECURITY_DESCRIPTOR; SecurityDescriptorLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall;
  TFNNtQuerySemaphore = function (SemaphoreHandle: HANDLE; SemaphoreInformationClass: SEMAPHORE_INFORMATION_CLASS; SemaphoreInformation: PVOID; SemaphoreInformationLength: ULONG; ResultLength: PULONG): NTSTATUS; stdcall;
  TFNNtQuerySymbolicLinkObject = function (SymbolicLinkHandle: HANDLE; TargetName: PUNICODE_STRING; ReturnLength: PULONG): NTSTATUS; stdcall;
  TFNNtQuerySystemEnvironmentValue = function (Name: PUNICODE_STRING; Value: PVOID; ValueLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall;
  TFNNtQuerySystemInformation = function (SystemInformationClass: SYSTEM_INFORMATION_CLASS; SystemInformation: PVOID; SystemInformationLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall;
  TFNNtQuerySystemTime = function (CurrentTime: PLARGE_INTEGER): NTSTATUS; stdcall;
  TFNNtQueryTimer = function (TimerHandle: HANDLE; TimerInformationClass: TIMER_INFORMATION_CLASS; TimerInformation: PVOID; TimerInformationLength: ULONG; ResultLength: PULONG): NTSTATUS; stdcall;
  TFNNtQueryTimerResolution = function (CoarsestResolution: PULONG; FinestResolution: PULONG; ActualResolution: PULONG): NTSTATUS; stdcall;
  TFNNtQueryValueKey = function (KeyHandle: HANDLE; ValueName: PUNICODE_STRING; KeyValueInformationClass: KEY_VALUE_INFORMATION_CLASS; KeyValueInformation: PVOID; KeyValueInformationLength: ULONG; ResultLength: PULONG): NTSTATUS; stdcall;
  TFNNtQueryVirtualMemory = function (ProcessHandle: HANDLE; BaseAddress: PVOID; MemoryInformationClass: MEMORY_INFORMATION_CLASS; MemoryInformation: PVOID; MemoryInformationLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall;
  TFNNtQueryVolumeInformationFile = function (FileHandle: HANDLE; IoStatusBlock: PIO_STATUS_BLOCK; VolumeInformation: PVOID; VolumeInformationLength: ULONG; VolumeInformationClass: FS_INFORMATION_CLASS): NTSTATUS; stdcall;
  TFNNtQueueApcThread = function (ThreadHandle: HANDLE; ApcRoutine: PKNORMAL_ROUTINE; ApcContext: PVOID; Argument1: PVOID; Argument2: PVOID): NTSTATUS; stdcall;
  TFNNtRaiseException = function (ExceptionRecord: PEXCEPTION_RECORD; Context: PCONTEXT; SearchFrames: BOOLEAN): NTSTATUS; stdcall;
  TFNNtRaiseHardError = function (Status: NTSTATUS; NumberOfArguments: ULONG; StringArgumentsMask: ULONG; Arguments: PULONG; MessageBoxType: ULONG; MessageBoxResult: PULONG): NTSTATUS; stdcall;
  TFNNtReadFile = function (FileHandle: HANDLE; Event: HANDLE; ApcRoutine: PIO_APC_ROUTINE; ApcContext: PVOID; IoStatusBlock: PIO_STATUS_BLOCK; Buffer: PVOID; Length: ULONG; ByteOffset: PLARGE_INTEGER; Key: PULONG): NTSTATUS; stdcall;
  TFNNtReadFileScatter = function (FileHandle: HANDLE; Event: HANDLE; ApcRoutine: PIO_APC_ROUTINE; ApcContext: PVOID; IoStatusBlock: PIO_STATUS_BLOCK; Buffer: PFILE_SEGMENT_ELEMENT; Length: ULONG; ByteOffset: PLARGE_INTEGER;
    Key: PULONG): NTSTATUS; stdcall;
  TFNNtReadRequestData = function (PortHandle: HANDLE; Message: PPORT_MESSAGE; Index: ULONG; Buffer: PVOID; BufferLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall;
  TFNNtReadVirtualMemory = function (ProcessHandle: HANDLE; BaseAddress: PVOID; Buffer: PVOID; BufferLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall;
  TFNNtRegisterThreadTerminatePort = function (PortHandle: HANDLE): NTSTATUS; stdcall;
  TFNNtReleaseMutant = function (MutantHandle: HANDLE; PreviousState: PULONG): NTSTATUS; stdcall;
  TFNNtReleaseSemaphore = function (SemaphoreHandle: HANDLE; ReleaseCount: LONG; PreviousCount: PLONG): NTSTATUS; stdcall;
  TFNNtRemoveIoCompletion = function (IoCompletionHandle: HANDLE; CompletionKey: PULONG; CompletionValue: PULONG; IoStatusBlock: PIO_STATUS_BLOCK; Timeout: PLARGE_INTEGER): NTSTATUS; stdcall;
  TFNNtRemoveProcessDebug = function (hProcess: HANDLE; hDebugObject: HANDLE): NTSTATUS; stdcall;
  TFNNtReplaceKey = function (NewFileObjectAttributes: POBJECT_ATTRIBUTES; KeyHandle: HANDLE; OldFileObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
  TFNNtReplyPort = function (PortHandle: HANDLE; ReplyMessage: PPORT_MESSAGE): NTSTATUS; stdcall;
  TFNNtReplyWaitReceivePort = function (PortHandle: HANDLE; PortIdentifier: PULONG; ReplyMessage: PPORT_MESSAGE; Message: PPORT_MESSAGE): NTSTATUS; stdcall;
  TFNNtReplyWaitReceivePortEx = function (PortHandle: HANDLE; PortIdentifier: PULONG; ReplyMessage: PPORT_MESSAGE; Message: PPORT_MESSAGE; Timeout: PLARGE_INTEGER): NTSTATUS; stdcall;
  TFNNtReplyWaitReplyPort = function (PortHandle: HANDLE; ReplyMessage: PPORT_MESSAGE): NTSTATUS; stdcall;
  TFNNtReplyWaitSendChannel = function (x: PVOID; y: PVOID; z: PVOID): NTSTATUS; stdcall;
  TFNNtRequestDeviceWakeup = function (DeviceHandle: HANDLE): NTSTATUS; stdcall;
  TFNNtRequestPort = function (PortHandle: HANDLE; RequestMessage: PPORT_MESSAGE): NTSTATUS; stdcall;
  TFNNtRequestWaitReplyPort = function (PortHandle: HANDLE; RequestMessage: PPORT_MESSAGE; ReplyMessage: PPORT_MESSAGE): NTSTATUS; stdcall;
  TFNNtRequestWakeupLatency = function (Latency: LATENCY_TIME): NTSTATUS; stdcall;
  TFNNtResetEvent = function (EventHandle: HANDLE; PreviousState: PULONG): NTSTATUS; stdcall;
  TFNNtResetWriteWatch = function (ProcessHandle: HANDLE; BaseAddress: PVOID; RegionSize: ULONG): NTSTATUS; stdcall;
  TFNNtRestoreKey = function (KeyHandle: HANDLE; FileHandle: HANDLE; Flags: ULONG): NTSTATUS; stdcall;
  TFNNtResumeProcess = function (hProcess: HANDLE): NTSTATUS; stdcall;
  TFNNtResumeThread = function (hThread: HANDLE; dwResumeCount: PULONG): NTSTATUS; stdcall;
  TFNNtSaveKey = function (KeyHandle: HANDLE; FileHandle: HANDLE): NTSTATUS; stdcall;
  TFNNtSaveKeyEx = function (KeyHandle: HANDLE; FileHandle: HANDLE; Flags: DWORD): NTSTATUS; stdcall;
  TFNNtSaveMergedKeys = function (KeyHandle1: HANDLE; KeyHandle2: HANDLE; FileHandle: HANDLE): NTSTATUS; stdcall;
  TFNNtSecureConnectPort = function (PortHandle: PHANDLE; PortName: PUNICODE_STRING; SecurityQos: PSECURITY_QUALITY_OF_SERVICE; WriteSection: PPORT_SECTION_WRITE; ServerSid: PSID; ReadSection: PPORT_SECTION_READ; MaxMessageSize: PULONG;
    ConnectData: PVOID; ConnectDataLength: PULONG): NTSTATUS; stdcall;
  TFNNtSendWaitReplyChannel = function (x: PVOID; y: PVOID; z: PVOID; z2: PVOID): NTSTATUS; stdcall;
  TFNNtSetContextChannel = function (x: PVOID): NTSTATUS; stdcall;
  TFNNtSetContextThread = function (ThreadHandle: HANDLE; Context: PCONTEXT): NTSTATUS; stdcall;
  TFNNtSetDefaultHardErrorPort = function (PortHandle: HANDLE): NTSTATUS; stdcall;
  TFNNtSetDefaultLocale = function (ThreadOrSystem: BOOLEAN; Locale: LCID): NTSTATUS; stdcall;
  TFNNtSetDefaultUILanguage = function (LanguageId: LANGID): NTSTATUS; stdcall;
  TFNNtSetEaFile = function (FileHandle: HANDLE; IoStatusBlock: PIO_STATUS_BLOCK; Buffer: PFILE_FULL_EA_INFORMATION; BufferLength: ULONG): NTSTATUS; stdcall;
  TFNNtSetEvent = function (EventHandle: HANDLE; PreviousState: PULONG): NTSTATUS; stdcall;
  TFNNtSetHighEventPair = function (EventPairHandle: HANDLE): NTSTATUS; stdcall;
  TFNNtSetHighWaitLowEventPair = function (EventPairHandle: HANDLE): NTSTATUS; stdcall;
  TFNNtSetHighWaitLowThread = function (): NTSTATUS; stdcall;
  TFNNtSetInformationFile = function (FileHandle: HANDLE; IoStatusBlock: PIO_STATUS_BLOCK; FileInformation: PVOID; FileInformationLength: ULONG; FileInformationClass: FILE_INFORMATION_CLASS): NTSTATUS; stdcall;
  TFNNtSetInformationJobObject = function (JobHandle: HANDLE; JobInformationClass: JOBOBJECTINFOCLASS; JobInformation: PVOID; JobInformationLength: ULONG): NTSTATUS; stdcall;
  TFNNtSetInformationKey = function (KeyHandle: HANDLE; KeyInformationClass: KEY_SET_INFORMATION_CLASS; KeyInformation: PVOID; KeyInformationLength: ULONG): NTSTATUS; stdcall;
  TFNNtSetInformationObject = function (ObjectHandle: HANDLE; ObjectInformationClass: OBJECT_INFORMATION_CLASS; ObjectInformation: PVOID; ObjectInformationLength: ULONG): NTSTATUS; stdcall;
  TFNNtSetInformationProcess = function (ProcessHandle: HANDLE; ProcessInformationClass: PROCESSINFOCLASS; ProcessInformation: PVOID; ProcessInformationLength: ULONG): NTSTATUS; stdcall;
  TFNNtSetInformationThread = function (ThreadHandle: HANDLE; ThreadInformationClass: THREADINFOCLASS; ThreadInformation: PVOID; ThreadInformationLength: ULONG): NTSTATUS; stdcall;
  TFNNtSetInformationToken = function (TokenHandle: HANDLE; TokenInformationClass: TOKEN_INFORMATION_CLASS; TokenInformation: PVOID; TokenInformationLength: ULONG): NTSTATUS; stdcall;
  TFNNtSetIntervalProfile = function (Interval: ULONG; Source: KPROFILE_SOURCE): NTSTATUS; stdcall;
  TFNNtSetIoCompletion = function (IoCompletionHandle: HANDLE; CompletionKey: ULONG; CompletionValue: ULONG; Status: NTSTATUS; Information: ULONG): NTSTATUS; stdcall;
  TFNNtSetLdtEntries = function (Selector1: ULONG; LdtEntry1: LDT_ENTRY; Selector2: ULONG; LdtEntry2: LDT_ENTRY): NTSTATUS; stdcall;
  TFNNtSetLowEventPair = function (EventPairHandle: HANDLE): NTSTATUS; stdcall;
  TFNNtSetLowWaitHighEventPair = function (EventPairHandle: HANDLE): NTSTATUS; stdcall;
  TFNNtSetLowWaitHighThread = function (): NTSTATUS; stdcall;
  TFNNtSetQuotaInformationFile = function (FileHandle: HANDLE; IoStatusBlock: PIO_STATUS_BLOCK; Buffer: PFILE_USER_QUOTA_INFORMATION; BufferLength: ULONG): NTSTATUS; stdcall;
  TFNNtSetSecurityObject = function (Handle: HANDLE; SecurityInformation: SECURITY_INFORMATION; SecurityDescriptor: PSECURITY_DESCRIPTOR): NTSTATUS; stdcall;
  TFNNtSetSystemEnvironmentValue = function (Name: PUNICODE_STRING; Value: PUNICODE_STRING): NTSTATUS; stdcall;
  TFNNtSetSystemInformation = function (SystemInformationClass: SYSTEM_INFORMATION_CLASS; SystemInformation: PVOID; SystemInformationLength: ULONG): NTSTATUS; stdcall;
  TFNNtSetSystemPowerState = function (SystemAction: POWER_ACTION; MinSystemState: SYSTEM_POWER_STATE; Flags: ULONG): NTSTATUS; stdcall;
  TFNNtSetSystemTime = function (NewTime: PLARGE_INTEGER; OldTime: PLARGE_INTEGER): NTSTATUS; stdcall;
  TFNNtSetThreadExecutionState = function (ExecutionState: EXECUTION_STATE; PreviousExecutionState: PEXECUTION_STATE): NTSTATUS; stdcall;
  TFNNtSetTimer = function (TimerHandle: HANDLE; DueTime: PLARGE_INTEGER; TimerApcRoutine: PTIMER_APC_ROUTINE; TimerContext: PVOID; Resume: BOOLEAN; Period: LONG; PreviousState: PBOOLEAN): NTSTATUS; stdcall;
  TFNNtSetTimerResolution = function (RequestedResolution: ULONG; Set_: BOOLEAN; ActualResolution: PULONG): NTSTATUS; stdcall;
  TFNNtSetUuidSeed = function (UuidSeed: PUCHAR): NTSTATUS; stdcall;
  TFNNtSetValueKey = function (KeyHandle: HANDLE; ValueName: PUNICODE_STRING; TitleIndex: ULONG; Type_: ULONG; Data: PVOID; DataSize: ULONG): NTSTATUS; stdcall;
  TFNNtSetVolumeInformationFile = function (FileHandle: HANDLE; IoStatusBlock: PIO_STATUS_BLOCK; Buffer: PVOID; BufferLength: ULONG; VolumeInformationClass: FS_INFORMATION_CLASS): NTSTATUS; stdcall;
  TFNNtShutdownSystem = function (Action: SHUTDOWN_ACTION): NTSTATUS; stdcall;
  TFNNtSignalAndWaitForSingleObject = function (HandleToSignal: HANDLE; HandleToWait: HANDLE; Alertable: BOOLEAN; Timeout: PLARGE_INTEGER): NTSTATUS; stdcall;
  TFNNtStartProfile = function (ProfileHandle: HANDLE): NTSTATUS; stdcall;
  TFNNtStopProfile = function (ProfileHandle: HANDLE): NTSTATUS; stdcall;
  TFNNtSuspendProcess = function (hProcess: HANDLE): NTSTATUS; stdcall;
  TFNNtSuspendThread = function (hThread: HANDLE; dwLastResumeCount: PULONG): NTSTATUS; stdcall;
  TFNNtSystemDebugControl = function (ControlCode: DEBUG_CONTROL_CODE; InputBuffer: PVOID; InputBufferLength: ULONG; OutputBuffer: PVOID; OutputBufferLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall;
  TFNNtTerminateJobObject = function (JobHandle: HANDLE; ExitStatus: NTSTATUS): NTSTATUS; stdcall;
  TFNNtTerminateProcess = function (ProcessHandle: HANDLE; ExitStatus: NTSTATUS): NTSTATUS; stdcall;
  TFNNtTerminateThread = function (ThreadHandle: HANDLE; ExitStatus: NTSTATUS): NTSTATUS; stdcall;
  TFNNtTestAlert = function (): NTSTATUS; stdcall;
  TFNNtUnloadDriver = function (DriverServiceName: PUNICODE_STRING): NTSTATUS; stdcall;
  TFNNtUnloadKey = function (KeyObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
  TFNNtUnlockFile = function (FileHandle: HANDLE; IoStatusBlock: PIO_STATUS_BLOCK; LockOffset: PULARGE_INTEGER; LockLength: PULARGE_INTEGER; Key: ULONG): NTSTATUS; stdcall;
  TFNNtUnlockVirtualMemory = function (ProcessHandle: HANDLE; BaseAddress: PPVOID; LockSize: PULONG; LockType: ULONG): NTSTATUS; stdcall;
  TFNNtUnmapViewOfSection = function (ProcessHandle: HANDLE; BaseAddress: PVOID): NTSTATUS; stdcall;
  TFNNtVdmControl = function (ControlCode: ULONG; ControlData: PVOID): NTSTATUS; stdcall;
  TFNNtW32Call = function (RoutineIndex: ULONG; Argument: PVOID; ArgumentLength: ULONG; Result_: PPVOID; ResultLength: PULONG): NTSTATUS; stdcall;
  TFNNtWaitForMultipleObjects = function (HandleCount: ULONG; Handles: PHANDLE; WaitType: WAIT_TYPE; Alertable: BOOLEAN; Timeout: PLARGE_INTEGER): NTSTATUS; stdcall;
  TFNNtWaitForSingleObject = function (Handle: HANDLE; Alertable: BOOLEAN; Timeout: PLARGE_INTEGER): NTSTATUS; stdcall;
  TFNNtWaitHighEventPair = function (EventPairHandle: HANDLE): NTSTATUS; stdcall;
  TFNNtWaitLowEventPair = function (EventPairHandle: HANDLE): NTSTATUS; stdcall;
  TFNNtWriteFile = function (FileHandle: HANDLE; Event: HANDLE; ApcRoutine: PIO_APC_ROUTINE; ApcContext: PVOID; IoStatusBlock: PIO_STATUS_BLOCK; Buffer: PVOID; Length: ULONG; ByteOffset: PLARGE_INTEGER; Key: PULONG): NTSTATUS; stdcall;
  TFNNtWriteFileGather = function (FileHandle: HANDLE; Event: HANDLE; ApcRoutine: PIO_APC_ROUTINE; ApcContext: PVOID; IoStatusBlock: PIO_STATUS_BLOCK; Buffer: PFILE_SEGMENT_ELEMENT; Length: ULONG; ByteOffset: PLARGE_INTEGER;
    Key: PULONG): NTSTATUS; stdcall;
  TFNNtWriteRequestData = function (PortHandle: HANDLE; Message: PPORT_MESSAGE; Index: ULONG; Buffer: PVOID; BufferLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall;
  TFNNtWriteVirtualMemory = function (ProcessHandle: HANDLE; BaseAddress: PVOID; Buffer: PVOID; BufferLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall;
  TFNNtYieldExecution = function (): NTSTATUS; stdcall;
  TFNRtlAbsoluteToSelfRelativeSD = function (pAbsoluteSD: PSECURITY_DESCRIPTOR; pSelfRelativeSD: PSECURITY_DESCRIPTOR; lpdwBufferLength: LPDWORD): NTSTATUS; stdcall;
  TFNRtlAcquirePebLock = procedure(); stdcall;
  TFNRtlAddAccessAllowedAce = function (pAcl: PACL; dwAceRevision: DWORD; AccessMask: ACCESS_MASK; pSid: PSID): NTSTATUS; stdcall;
  TFNRtlAddAccessAllowedAceEx = function (pAcl: PACL; dwAceRevision: DWORD; AceFlags: DWORD; AccessMask: ACCESS_MASK; pSid: PSID): NTSTATUS; stdcall;
  TFNRtlAddAccessDeniedAce = function (pAcl: PACL; dwAceRevision: DWORD; AccessMask: ACCESS_MASK; pSid: PSID): NTSTATUS; stdcall;
  TFNRtlAddAccessDeniedAceEx = function (pAcl: PACL; dwAceRevision: DWORD; AceFlags: DWORD; AccessMask: ACCESS_MASK; pSid: PSID): NTSTATUS; stdcall;
  TFNRtlAddAce = function (pAcl: PACL; dwAceRevision: DWORD; dwStartingAceIndex: DWORD; pAceList: PVOID; nAceListLength: DWORD): NTSTATUS; stdcall;
  TFNRtlAddAuditAccessAce = function (pAcl: PACL; dwAceRevision: DWORD; AccessMask: ACCESS_MASK; pSid: PSID; bAuditSuccess: BOOLEAN; bAuditFailure: BOOLEAN): NTSTATUS; stdcall;
  TFNRtlAddAuditAccessAceEx = function (pAcl: PACL; dwAceRevision: DWORD; AceFlags: DWORD; AccessMask: ACCESS_MASK; pSid: PSID; bAuditSuccess: BOOLEAN; bAuditFailure: BOOLEAN): NTSTATUS; stdcall;
  TFNRtlAddRange = function (RangeList: PRTL_RANGE_LIST; Start: ULONGLONG; End_: ULONGLONG; Attributes: UCHAR; Flags: ULONG; UserData: PVOID; Owner: PVOID): NTSTATUS; stdcall;
  TFNRtlAddVectoredExceptionHandler = function (FirstHandler: ULONG; VectoredHandler: PVECTORED_EXCEPTION_HANDLER): PVOID; stdcall;
  TFNRtlAdjustPrivilege = function (Privilege: ULONG; Enable: BOOLEAN; CurrentThread: BOOLEAN; Enabled: PBOOLEAN): NTSTATUS; stdcall;
  TFNRtlAllocateAndInitializeSid = function (pIdentifierAuthority: PSID_IDENTIFIER_AUTHORITY; SubAuthorityCount: BYTE; nSubAuthority0: DWORD; nSubAuthority1: DWORD; nSubAuthority2: DWORD; nSubAuthority3: DWORD; nSubAuthority4: DWORD;
    nSubAuthority5: DWORD; nSubAuthority6: DWORD; nSubAuthority7: DWORD; var pSid: PSID): BOOL; stdcall;
  TFNRtlAllocateHeap = function (hHeap: HANDLE; dwFlags: ULONG; Size: ULONG): PVOID; stdcall;
  TFNRtlAnsiCharToUnicodeChar = function (AnsiChar: CHAR): WCHAR; stdcall;
  TFNRtlAnsiStringToUnicodeSize = function (AnsiString: PANSI_STRING): ULONG; stdcall;
  TFNRtlAnsiStringToUnicodeString = function (DestinationString: PUNICODE_STRING; SourceString: PANSI_STRING; AllocateDestinationString: BOOLEAN): NTSTATUS; stdcall;
  TFNRtlAppendAsciizToString = function (DestinationString: PSTRING; AppendThisString: LPCSTR): NTSTATUS; stdcall;
  TFNRtlAppendStringToString = function (DestinationString: PSTRING; AppendThisString: PSTRING): NTSTATUS; stdcall;
  TFNRtlAppendUnicodeStringToString = function (DestinationString: PUNICODE_STRING; SourceString: PUNICODE_STRING): NTSTATUS; stdcall;
  TFNRtlAppendUnicodeToString = function (Destination: PUNICODE_STRING; Source: LPCWSTR): NTSTATUS; stdcall;
  TFNRtlAreAllAccessesGranted = function (GrantedAccess: ACCESS_MASK; WantedAccess: ACCESS_MASK): BOOLEAN; stdcall;
  TFNRtlAreAnyAccessesGranted = function (GrantedAccess: ACCESS_MASK; WantedAccess: ACCESS_MASK): BOOLEAN; stdcall;
  TFNRtlAreBitsClear = function (BitMapHeader: PRTL_BITMAP; StartingIndex: ULONG; Length: ULONG): BOOLEAN; stdcall;
  TFNRtlAreBitsSet = function (BitMapHeader: PRTL_BITMAP; StartingIndex: ULONG; Length: ULONG): BOOLEAN; stdcall;
  TFNRtlAssert = procedure(FailedAssertion: PVOID; FileName: PVOID; LineNumber: ULONG; Message: PCHAR); stdcall;
  TFNRtlCaptureContext = procedure(ContextRecord: PCONTEXT); stdcall;
  TFNRtlCharToInteger = function (Str: PCSZ; Base: ULONG; Value: PULONG): NTSTATUS; stdcall;
  TFNRtlCheckForOrphanedCriticalSections = procedure(hThread: HANDLE); stdcall;
  TFNRtlCheckRegistryKey = function (RelativeTo: ULONG; Path: PWSTR): NTSTATUS; stdcall;
  TFNRtlClearAllBits = procedure(BitMapHeader: PRTL_BITMAP); stdcall;
  TFNRtlClearBits = procedure(BitMapHeader: PRTL_BITMAP; StartingIndex: ULONG; NumberToClear: ULONG); stdcall;
  TFNRtlCompactHeap = function (hHeap: HANDLE; dwFlags: ULONG): ULONG; stdcall;
  TFNRtlCompareMemory = function (Source1: PVOID; Source2: PVOID; Length: SIZE_T): SIZE_T; stdcall;
  TFNRtlCompareMemoryUlong = function (Source: PVOID; Length: ULONG; Value: ULONG): ULONG; stdcall;
  TFNRtlCompareString = function (String1: PSTRING; String2: PSTRING; CaseInsensitive: BOOLEAN): LONG; stdcall;
  TFNRtlCompareUnicodeString = function (String1: PUNICODE_STRING; String2: PUNICODE_STRING; CaseInsensitive: BOOLEAN): LONG; stdcall;
  TFNRtlConvertLongToLargeInteger = function (SignedInteger: LONG): LARGE_INTEGER; stdcall;
  TFNRtlConvertSidToUnicodeString = function (UnicodeString: PUNICODE_STRING; Sid: PSID; AllocateDestinationString: BOOLEAN): NTSTATUS; stdcall;
  TFNRtlConvertUlongToLargeInteger = function (UnsignedInteger: ULONG): LARGE_INTEGER; stdcall;
  TFNRtlCopyLuid = procedure(Destination: PLUID; Source: PLUID); stdcall;
  TFNRtlCopyRangeList = function (CopyRangeList: PRTL_RANGE_LIST; RangeList: PRTL_RANGE_LIST): NTSTATUS; stdcall;
  TFNRtlCopySecurityDescriptor = function (Source: PSECURITY_DESCRIPTOR; var Destination: PSECURITY_DESCRIPTOR): NTSTATUS; stdcall;
  TFNRtlCopySid = function (DestinationLength: ULONG; Destination: PSID; Source: PSID): NTSTATUS; stdcall;
  TFNRtlCopyString = procedure(DestinationString: PSTRING; SourceString: PSTRING); stdcall;
  TFNRtlCopyUnicodeString = procedure(DestinationString: PUNICODE_STRING; SourceString: PUNICODE_STRING); stdcall;
  TFNRtlCreateAcl = function (pAcl: PACL; nAclLength: DWORD; dwAclRevision: DWORD): NTSTATUS; stdcall;
  TFNRtlCreateHeap = function (dwOptions: ULONG; Base: PVOID; dwMaximumSize: SIZE_T; dwInitialSize: SIZE_T; UnknownOptional1: PVOID; UnknownOptional2: PVOID): HANDLE; stdcall;
  TFNRtlCreateProcessParameters = function (ProcessParameters: PPRTL_USER_PROCESS_PARAMETERS; ImageFile: PUNICODE_STRING; DllPath: PUNICODE_STRING; CurrentDirectory: PUNICODE_STRING; CommandLine: PUNICODE_STRING; CreationFlags: ULONG;
    WindowTitle: PUNICODE_STRING; Desktop: PUNICODE_STRING; Reserved: PUNICODE_STRING; Reserved2: PUNICODE_STRING): NTSTATUS; stdcall;
  TFNRtlCreateQueryDebugBuffer = function (Size: ULONG; EventPair: BOOLEAN): PDEBUG_BUFFER; stdcall;
  TFNRtlCreateRegistryKey = function (RelativeTo: ULONG; Path: PWSTR): NTSTATUS; stdcall;
  TFNRtlCreateSecurityDescriptor = function (SecurityDescriptor: PSECURITY_DESCRIPTOR; Revision: ULONG): NTSTATUS; stdcall;
  TFNRtlCreateUnicodeString = function (DestinationString: PUNICODE_STRING; SourceString: PWSTR): BOOLEAN; stdcall;
  TFNRtlCreateUnicodeStringFromAsciiz = function (DestinationString: PUNICODE_STRING; SourceString: PCHAR): BOOLEAN; stdcall;
  TFNRtlCreateUserProcess = function (ImageFileName: PUNICODE_STRING; Attributes: ULONG; ProcessParameters: PRTL_USER_PROCESS_PARAMETERS; ProcessSecurityDescriptor: PSECURITY_DESCRIPTOR; ThreadSecurityDescriptor: PSECURITY_DESCRIPTOR;
    ParentProcess: HANDLE; InheritHandles: BOOLEAN; DebugPort: HANDLE; ExceptionPort: HANDLE; ProcessInfo: PRTL_PROCESS_INFORMATION): NTSTATUS; stdcall;
  TFNRtlCreateUserThread = function (hProcess: HANDLE; SecurityDescriptor: PSECURITY_DESCRIPTOR; CreateSuspended: BOOLEAN; StackZeroBits: ULONG; StackReserve: ULONG; StackCommit: ULONG; lpStartAddress: PTHREAD_START_ROUTINE;
    lpParameter: PVOID; phThread: PHANDLE; ClientId: PCLIENT_ID): NTSTATUS; stdcall;
  TFNRtlCutoverTimeToSystemTime = function (TargetTimeFields: PTIME_FIELDS; Time: PLARGE_INTEGER; CurrentTime: PLARGE_INTEGER; bUnknown: BOOLEAN): BOOLEAN; stdcall;
  TFNRtlDeNormalizeProcessParams = function (ProcessParameters: PRTL_USER_PROCESS_PARAMETERS): PRTL_USER_PROCESS_PARAMETERS; stdcall;
  TFNRtlDeleteAce = function (pAcl: PACL; dwAceIndex: DWORD): NTSTATUS; stdcall;
  TFNRtlDeleteCriticalSection = procedure(lpCriticalSection: PRTL_CRITICAL_SECTION); stdcall;
  TFNRtlDeleteOwnersRanges = function (RangeList: PRTL_RANGE_LIST; Owner: PVOID): NTSTATUS; stdcall;
  TFNRtlDeleteRange = function (RangeList: PRTL_RANGE_LIST; Start: ULONGLONG; End_: ULONGLONG; Owner: PVOID): NTSTATUS; stdcall;
  TFNRtlDeleteRegistryValue = function (RelativeTo: ULONG; Path: LPCWSTR; ValueName: LPCWSTR): NTSTATUS; stdcall;
  TFNRtlDestroyHeap = function (HeapHandle: HANDLE): HANDLE; stdcall;
  TFNRtlDestroyProcessParameters = function (ProcessParameters: PRTL_USER_PROCESS_PARAMETERS): NTSTATUS; stdcall;
  TFNRtlDestroyQueryDebugBuffer = function (DebugBuffer: PDEBUG_BUFFER): NTSTATUS; stdcall;
  TFNRtlDetermineDosPathNameType_U = function (wcsPathNameType: PWSTR): ULONG; stdcall;
  TFNRtlDnsHostNameToComputerName = function (ComputerName: PUNICODE_STRING; DnsName: PUNICODE_STRING; AllocateComputerNameString: BOOLEAN): NTSTATUS; stdcall;
  TFNRtlDoesFileExists_U = function (FileName: PWSTR): BOOLEAN; stdcall;
  TFNRtlDosPathNameToNtPathName_U = function (DosName: PWSTR; var NtName: UNICODE_STRING; DosFilePath: PPWSTR; NtFilePath: PUNICODE_STRING): BOOLEAN; stdcall;
  TFNRtlDosSearchPath_U = function (SearchPath: PWSTR; Name: PWSTR; Ext: PWSTR; cbBuf: ULONG; Buffer: PWSTR; var Shortname: PWSTR): ULONG; stdcall;
  TFNRtlDowncaseUnicodeChar = function (Source: WCHAR): WCHAR; stdcall;
  TFNRtlDowncaseUnicodeString = function (DestinationString: PUNICODE_STRING; SourceString: PUNICODE_STRING; AllocateDestinationString: BOOLEAN): NTSTATUS; stdcall;
  TFNRtlDuplicateUnicodeString = function (AddTerminatingZero: ULONG; Source: PUNICODE_STRING; Destination: PUNICODE_STRING): NTSTATUS; stdcall;
  TFNRtlEnableEarlyCriticalSectionEventCreation = procedure(); stdcall;
  TFNRtlEnlargedIntegerMultiply = function (Multiplicand: LONG; Multiplier: LONG): LARGE_INTEGER; stdcall;
  TFNRtlEnlargedUnsignedDivide = function (Dividend: ULARGE_INTEGER; Divisor: ULONG; Remainder: PULONG): ULONG; stdcall;
  TFNRtlEnlargedUnsignedMultiply = function (Multiplicand: ULONG; Multiplier: ULONG): LARGE_INTEGER; stdcall;
  TFNRtlEnterCriticalSection = procedure(lpCriticalSection: PRTL_CRITICAL_SECTION); stdcall;
  TFNRtlEqualComputerName = function (String1: PUNICODE_STRING; String2: PUNICODE_STRING): BOOLEAN; stdcall;
  TFNRtlEqualDomainName = function (String1: PUNICODE_STRING; String2: PUNICODE_STRING): BOOLEAN; stdcall;
  TFNRtlEqualLuid = function (Luid1: PLUID; Luid2: PLUID): BOOLEAN; stdcall;
  TFNRtlEqualPrefixSid = function (pSid1: PSID; pSid2: PSID): BOOLEAN; stdcall;
  TFNRtlEqualSid = function (pSid1: PSID; pSid2: PSID): BOOLEAN; stdcall;
  TFNRtlEqualString = function (String1: PSTRING; String2: PSTRING; CaseInsensitive: BOOLEAN): BOOLEAN; stdcall;
  TFNRtlEqualUnicodeString = function (String1: PUNICODE_STRING; String2: PUNICODE_STRING; CaseInsensitive: BOOLEAN): BOOLEAN; stdcall;
  TFNRtlEraseUnicodeString = procedure(Str: PUNICODE_STRING); stdcall;
  TFNRtlExpandEnvironmentStrings_U = function (Environment: PVOID; Source: PUNICODE_STRING; Destination: PUNICODE_STRING; ReturnedLength: PULONG): NTSTATUS; stdcall;
  TFNRtlExtendedIntegerMultiply = function (Multiplicand: LARGE_INTEGER; Multiplier: LONG): LARGE_INTEGER; stdcall;
  TFNRtlExtendedLargeIntegerDivide = function (Dividend: LARGE_INTEGER; Divisor: ULONG; Remainder: PULONG): LARGE_INTEGER; stdcall;
  TFNRtlExtendedMagicDivide = function (Dividend: LARGE_INTEGER; MagicDivisor: LARGE_INTEGER; ShiftCount: CCHAR): LARGE_INTEGER; stdcall;
  TFNRtlFillMemory = procedure(Destination: PVOID; Length: SIZE_T; Fill: UCHAR); stdcall;
  TFNRtlFillMemoryUlong = procedure(Destination: PVOID; Length: ULONG; Fill: ULONG); stdcall;
  TFNRtlFindCharInUnicodeString = function (dwFlags: ULONG; UnicodeString: PUNICODE_STRING; CharactersToFind: PUNICODE_STRING; Positions: PUSHORT): NTSTATUS; stdcall;
  TFNRtlFindClearBits = function (BitMapHeader: PRTL_BITMAP; NumberToFind: ULONG; HintIndex: ULONG): ULONG; stdcall;
  TFNRtlFindClearBitsAndSet = function (BitMapHeader: PRTL_BITMAP; NumberToFind: ULONG; HintIndex: ULONG): ULONG; stdcall;
  TFNRtlFindLastBackwardRunClear = function (BitMapHeader: PRTL_BITMAP; FromIndex: ULONG; StartingRunIndex: PULONG): ULONG; stdcall;
  TFNRtlFindLeastSignificantBit = function (Set_: ULONGLONG): CCHAR; stdcall;
  TFNRtlFindLongestRunClear = function (BitMapHeader: PRTL_BITMAP; StartingIndex: PULONG): ULONG; stdcall;
  TFNRtlFindMostSignificantBit = function (Set_: ULONGLONG): CCHAR; stdcall;
  TFNRtlFindNextForwardRunClear = function (BitMapHeader: PRTL_BITMAP; FromIndex: ULONG; StartingRunIndex: PULONG): ULONG; stdcall;
  TFNRtlFindRange = function (RangeList: PRTL_RANGE_LIST; Minimum: ULONGLONG; Maximum: ULONGLONG; Length: ULONG; Alignment: ULONG; Flags: ULONG; AttributeAvailableMask: UCHAR; Context: PVOID; Callback: PRTL_CONFLICT_RANGE_CALLBACK;
    Start: PULONGLONG): NTSTATUS; stdcall;
  TFNRtlFindSetBits = function (BitMapHeader: PRTL_BITMAP; NumberToFind: ULONG; HintIndex: ULONG): ULONG; stdcall;
  TFNRtlFindSetBitsAndClear = function (BitMapHeader: PRTL_BITMAP; NumberToFind: ULONG; HintIndex: ULONG): ULONG; stdcall;
  TFNRtlFirstFreeAce = function (pAcl: PACL; var pAce: PVOID): BOOLEAN; stdcall;
  TFNRtlFormatCurrentUserKeyPath = function (CurrentUserKeyPath: PUNICODE_STRING): NTSTATUS; stdcall;
  TFNRtlFreeAnsiString = procedure(AnsiString: PANSI_STRING); stdcall;
  TFNRtlFreeHeap = function (hHeap: HANDLE; dwFlags: ULONG; MemoryPointer: PVOID): BOOLEAN; stdcall;
  TFNRtlFreeOemString = procedure(OemString: POEM_STRING); stdcall;
  TFNRtlFreeRangeList = procedure(RangeList: PRTL_RANGE_LIST); stdcall;
  TFNRtlFreeSid = function (pSid: PSID): PVOID; stdcall;
  TFNRtlFreeUnicodeString = procedure(UnicodeString: PUNICODE_STRING); stdcall;
  TFNRtlGUIDFromString = function (GuidString: PUNICODE_STRING; Guid: LPGUID): NTSTATUS; stdcall;
  TFNRtlGetAce = function (pAcl: PACL; dwAceIndex: DWORD; var pAce: PVOID): NTSTATUS; stdcall;
  TFNRtlGetCallersAddress = procedure(CallersAddress: PPVOID; CallersCaller: PPVOID); stdcall;
  TFNRtlGetControlSecurityDescriptor = function (pSecurityDescriptor: PSECURITY_DESCRIPTOR; var Control: SECURITY_DESCRIPTOR_CONTROL; var dwRevision: DWORD): NTSTATUS; stdcall;
  TFNRtlGetCurrentDirectory_U = function (MaximumLength: ULONG; Buffer: PWSTR): ULONG; stdcall;
  TFNRtlGetCurrentPeb = function (): PPEB; stdcall;
  TFNRtlGetDaclSecurityDescriptor = function (pSecurityDescriptor: PSECURITY_DESCRIPTOR; var bDaclPresent: BOOLEAN; var Dacl: PACL; var bDaclDefaulted: BOOLEAN): NTSTATUS; stdcall;
  TFNRtlGetFirstRange = function (RangeList: PRTL_RANGE_LIST; Iterator: PRTL_RANGE_LIST_ITERATOR; var Range: PRTL_RANGE): NTSTATUS; stdcall;
  TFNRtlGetFullPathName_U = function (DosName: PWSTR; Size: ULONG; Buf: PWSTR; var Shortname: PWSTR): ULONG; stdcall;
  TFNRtlGetGroupSecurityDescriptor = function (pSecurityDescriptor: PSECURITY_DESCRIPTOR; var pGroup: PSID; var bGroupDefaulted: BOOLEAN): NTSTATUS; stdcall;
  TFNRtlGetLastNtStatus = function (): NTSTATUS; stdcall;
  TFNRtlGetLongestNtPathLength = function (): ULONG; stdcall;
  TFNRtlGetNextRange = function (Iterator: PRTL_RANGE_LIST_ITERATOR; var Range: PRTL_RANGE; MoveForwards: BOOLEAN): NTSTATUS; stdcall;
  TFNRtlGetNtGlobalFlags = function (): ULONG; stdcall;
  TFNRtlGetNtProductType = function (var ProductType: ULONG): BOOLEAN; stdcall;
  TFNRtlGetNtVersionNumbers = procedure(var dwMajorVersion: ULONG; var dwMinorVersion: ULONG; UnknownCanBeNull: PDWORD); stdcall;
  TFNRtlGetOwnerSecurityDescriptor = function (pSecurityDescriptor: PSECURITY_DESCRIPTOR; var pOwner: PSID; var OwnerDefaulted: BOOLEAN): NTSTATUS; stdcall;
  TFNRtlGetProcessHeaps = function (ArraySize: ULONG; HeapArray: PHANDLE): ULONG; stdcall;
  TFNRtlGetSaclSecurityDescriptor = function (pSecurityDescriptor: PSECURITY_DESCRIPTOR; var bSaclPresent: BOOLEAN; var Sacl: PACL; var bSaclDefaulted: BOOLEAN): NTSTATUS; stdcall;
  TFNRtlGetVersion = function (lpVersionInformation: PRTL_OSVERSIONINFOW): NTSTATUS; stdcall;
  TFNRtlIdentifierAuthoritySid = function (Sid: PSID): PSID_IDENTIFIER_AUTHORITY; stdcall;
  TFNRtlImageDirectoryEntryToData = function (ImageBase: HMODULE; MappedAsImage: BOOLEAN; DirectoryEntry: USHORT; Size: PULONG): PVOID; stdcall;
  TFNRtlImageNtHeader = function (ImageBase: HMODULE): PIMAGE_NT_HEADERS; stdcall;
  TFNRtlImageNtHeaderEx = function (dwFlags: DWORD; ImageBase: HMODULE): PIMAGE_NT_HEADERS; stdcall;
  TFNRtlImageRvaToSection = function (NtHeaders: PIMAGE_NT_HEADERS; ImageBase: HMODULE; Rva: ULONG): PIMAGE_SECTION_HEADER; stdcall;
  TFNRtlImageRvaToVa = function (NtHeaders: PIMAGE_NT_HEADERS; ImageBase: HMODULE; Rva: ULONG; var LastRvaSection: PIMAGE_SECTION_HEADER): PVOID; stdcall;
  TFNRtlImpersonateSelf = function (ImpersonationLevel: SECURITY_IMPERSONATION_LEVEL): NTSTATUS; stdcall;
  TFNRtlInitAnsiString = procedure(DestinationString: PANSI_STRING; SourceString: PCSZ); stdcall;
  TFNRtlInitAnsiStringEx = function (DestinationString: PANSI_STRING; SourceString: PCSZ): NTSTATUS; stdcall;
  TFNRtlInitString = procedure(DestinationString: PSTRING; SourceString: PCSZ); stdcall;
  TFNRtlInitUnicodeString = procedure(DestinationString: PUNICODE_STRING; SourceString: LPCWSTR); stdcall;
  TFNRtlInitUnicodeStringEx = function (DestinationString: PUNICODE_STRING; SourceString: LPCWSTR): NTSTATUS; stdcall;
  TFNRtlInitializeBitMap = procedure(BitMapHeader: PRTL_BITMAP; BitMapBuffer: PULONG; SizeOfBitMap: ULONG); stdcall;
  TFNRtlInitializeCriticalSection = function (lpCriticalSection: PRTL_CRITICAL_SECTION): NTSTATUS; stdcall;
  TFNRtlInitializeCriticalSectionAndSpinCount = function (lpCriticalSection: PRTL_CRITICAL_SECTION; dwSpinCount: ULONG): NTSTATUS; stdcall;
  TFNRtlInitializeRangeList = procedure(RangeList: PRTL_RANGE_LIST); stdcall;
  TFNRtlInitializeSListHead = procedure(ListHead: PSLIST_HEADER); stdcall;
  TFNRtlInitializeSid = function (pSid: PSID; pIdentifierAuthority: PSID_IDENTIFIER_AUTHORITY; nSubAuthorityCount: UCHAR): NTSTATUS; stdcall;
  TFNRtlInt64ToUnicodeString = function (Value: ULONGLONG; Base: ULONG; Str: PUNICODE_STRING): NTSTATUS; stdcall;
  TFNRtlIntegerToChar = function (Value: ULONG; Base: ULONG; Length: ULONG; Str: PCHAR): NTSTATUS; stdcall;
  TFNRtlIntegerToUnicodeString = function (Value: ULONG; Base: ULONG; Str: PUNICODE_STRING): NTSTATUS; stdcall;
  TFNRtlInterlockedFlushSList = function (ListHead: PSLIST_HEADER): PSLIST_ENTRY; stdcall;
  TFNRtlInterlockedPopEntrySList = function (ListHead: PSLIST_HEADER): PSLIST_ENTRY; stdcall;
  TFNRtlInterlockedPushEntrySList = function (ListHead: PSLIST_HEADER; ListEntry: PSLIST_ENTRY): PSLIST_ENTRY; stdcall;
  TFNRtlInvertRangeList = function (InvertedRangeList: PRTL_RANGE_LIST; RangeList: PRTL_RANGE_LIST): NTSTATUS; stdcall;
  TFNRtlIpv4AddressToStringA = function (IP: PULONG; Buffer: LPSTR): LPSTR; stdcall;
  TFNRtlIpv4AddressToStringW = function (IP: PULONG; Buffer: LPWSTR): LPWSTR; stdcall;
  TFNRtlIsDosDeviceName_U = function (TestString: LPCWSTR): ULONG; stdcall;
  TFNRtlIsNameLegalDOS8Dot3 = function (Name: PUNICODE_STRING; OemName: POEM_STRING; NameContainsSpaces: PBOOLEAN): BOOLEAN; stdcall;
  TFNRtlIsRangeAvailable = function (RangeList: PRTL_RANGE_LIST; Start: ULONGLONG; End_: ULONGLONG; Flags: ULONG; AttributeAvailableMask: UCHAR; Context: PVOID; Callback: PRTL_CONFLICT_RANGE_CALLBACK; Available: PBOOLEAN): NTSTATUS;
    stdcall;
  TFNRtlIsTextUnicode = function (lpBuffer: PVOID; cb: Integer; lpi: LPINT): BOOLEAN; stdcall;
  TFNRtlLargeIntegerAdd = function (Addend1: LARGE_INTEGER; Addend2: LARGE_INTEGER): LARGE_INTEGER; stdcall;
  TFNRtlLargeIntegerArithmeticShift = function (LargeInteger: LARGE_INTEGER; ShiftCount: CCHAR): LARGE_INTEGER; stdcall;
  TFNRtlLargeIntegerDivide = function (Dividend: LARGE_INTEGER; Divisor: LARGE_INTEGER; Remainder: PLARGE_INTEGER): LARGE_INTEGER; stdcall;
  TFNRtlLargeIntegerNegate = function (NegateThis: LARGE_INTEGER): LARGE_INTEGER; stdcall;
  TFNRtlLargeIntegerShiftLeft = function (LargeInteger: LARGE_INTEGER; ShiftCount: CCHAR): LARGE_INTEGER; stdcall;
  TFNRtlLargeIntegerShiftRight = function (LargeInteger: LARGE_INTEGER; ShiftCount: CCHAR): LARGE_INTEGER; stdcall;
  TFNRtlLargeIntegerSubtract = function (Number: LARGE_INTEGER; Subtrahend: LARGE_INTEGER): LARGE_INTEGER; stdcall;
  TFNRtlLargeIntegerToChar = function (Value: PLARGE_INTEGER; Base: ULONG; BufferLength: ULONG; Buffer: PCHAR): NTSTATUS; stdcall;
  TFNRtlLeaveCriticalSection = procedure(lpCriticalSection: PRTL_CRITICAL_SECTION); stdcall;
  TFNRtlLengthRequiredSid = function (nSubAuthorityCount: ULONG): ULONG; stdcall;
  TFNRtlLengthSecurityDescriptor = function (SecurityDescriptor: PSECURITY_DESCRIPTOR): ULONG; stdcall;
  TFNRtlLengthSid = function (pSid: PSID): ULONG; stdcall;
  TFNRtlLocalTimeToSystemTime = function (LocalTime: PLARGE_INTEGER; SystemTime: PLARGE_INTEGER): NTSTATUS; stdcall;
  TFNRtlLockHeap = function (hHeap: PVOID): BOOLEAN; stdcall;
  TFNRtlMakeSelfRelativeSD = function (pAbsoluteSD: PSECURITY_DESCRIPTOR; pSelfRelativeSD: PSECURITY_DESCRIPTOR; lpdwBufferLength: LPDWORD): NTSTATUS; stdcall;
  TFNRtlMapGenericMask = procedure(AccessMask: PACCESS_MASK; GenericMapping: PGENERIC_MAPPING); stdcall;
  TFNRtlMapSecurityErrorToNtStatus = function (SecurityError: DWORD): NTSTATUS; stdcall;
  TFNRtlMergeRangeLists = function (MergedRangeList: PRTL_RANGE_LIST; RangeList1: PRTL_RANGE_LIST; RangeList2: PRTL_RANGE_LIST; Flags: ULONG): NTSTATUS; stdcall;
  TFNRtlMoveMemory = procedure(Destination: PVOID; Source: PVOID; Length: SIZE_T); stdcall;
  TFNRtlNormalizeProcessParams = function (ProcessParameters: PRTL_USER_PROCESS_PARAMETERS): PRTL_USER_PROCESS_PARAMETERS; stdcall;
  TFNRtlNtStatusToDosError = function (Status: NTSTATUS): ULONG; stdcall;
  TFNRtlNtStatusToDosErrorNoTeb = function (Status: NTSTATUS): ULONG; stdcall;
  TFNRtlNumberOfClearBits = function (BitMapHeader: PRTL_BITMAP): ULONG; stdcall;
  TFNRtlNumberOfSetBits = function (BitMapHeader: PRTL_BITMAP): ULONG; stdcall;
  TFNRtlOemStringToUnicodeSize = function (AnsiString: POEM_STRING): ULONG; stdcall;
  TFNRtlOemStringToUnicodeString = function (DestinationString: PUNICODE_STRING; SourceString: POEM_STRING; AllocateDestinationString: BOOLEAN): NTSTATUS; stdcall;
  TFNRtlOemToUnicodeN = function (UnicodeString: PWSTR; UnicodeSize: ULONG; var ResultSize: ULONG; OemString: PCHAR; OemSize: ULONG): NTSTATUS; stdcall;
  TFNRtlOpenCurrentUser = function (samDesired: ACCESS_MASK; phkResult: PHKEY): NTSTATUS; stdcall;
  TFNRtlPrefixString = function (String1: PANSI_STRING; String2: PANSI_STRING; CaseInsensitive: BOOLEAN): BOOLEAN; stdcall;
  TFNRtlPrefixUnicodeString = function (String1: PUNICODE_STRING; String2: PUNICODE_STRING; CaseInsensitive: BOOLEAN): BOOLEAN; stdcall;
  TFNRtlQueryDepthSList = function (ListHead: PSLIST_HEADER): USHORT; stdcall;
  TFNRtlQueryEnvironmentVariable_U = function (Environment: PVOID; VarName: PUNICODE_STRING; VarValue: PUNICODE_STRING): NTSTATUS; stdcall;
  TFNRtlQueryInformationAcl = function (pAcl: PACL; pAclInformation: PVOID; nAclInformationLength: DWORD; dwAclInformationClass: ACL_INFORMATION_CLASS): NTSTATUS; stdcall;
  TFNRtlQueryProcessDebugInformation = function (ProcessId: ULONG; DebugInfoClassMask: ULONG; DebugBuffer: PDEBUG_BUFFER): NTSTATUS; stdcall;
  TFNRtlQueryRegistryValues = function (RelativeTo: ULONG; Path: LPCWSTR; QueryTable: PRTL_QUERY_REGISTRY_TABLE; Context: PVOID; Environment: PVOID): NTSTATUS; stdcall;
  TFNRtlRaiseStatus = procedure(Status: NTSTATUS); stdcall;
  TFNRtlRandom = function (Seed: PULONG): ULONG; stdcall;
  TFNRtlRandomEx = function (Seed: PULONG): ULONG; stdcall;
  TFNRtlReAllocateHeap = function (hHeap: HANDLE; dwFlags: ULONG; lpMem: PVOID; dwBytes: SIZE_T): PVOID; stdcall;
  TFNRtlReleasePebLock = procedure(); stdcall;
  TFNRtlRemoveVectoredExceptionHandler = function (VectoredHandlerHandle: PVOID): ULONG; stdcall;
  TFNRtlRestoreLastWin32Error = procedure(dwErrCode: DWORD); stdcall;
  TFNRtlRunDecodeUnicodeString = procedure(CodeSeed: UCHAR; StringToDecode: PUNICODE_STRING); stdcall;
  TFNRtlRunEncodeUnicodeString = procedure(var CodeSeed: UCHAR; StringToEncode: PUNICODE_STRING); stdcall;
  TFNRtlSecondsSince1970ToTime = procedure(SecondsSince1970: ULONG; Time: PLARGE_INTEGER); stdcall;
  TFNRtlSecondsSince1980ToTime = procedure(SecondsSince1980: ULONG; Time: PLARGE_INTEGER); stdcall;
  TFNRtlSelfRelativeToAbsoluteSD = function (pSelfRelativeSD: PSECURITY_DESCRIPTOR; pAbsoluteSD: PSECURITY_DESCRIPTOR; lpdwAbsoluteSDSize: LPDWORD; pDacl: PACL; lpdwDaclSize: LPDWORD; pSacl: PACL; lpdwSaclSize: LPDWORD; pOwner: PSID;
    lpdwOwnerSize: LPDWORD; pPrimaryGroup: PSID; lpdwPrimaryGroupSize: LPDWORD): NTSTATUS; stdcall;
  TFNRtlSetAllBits = procedure(BitMapHeader: PRTL_BITMAP); stdcall;
  TFNRtlSetBits = procedure(BitMapHeader: PRTL_BITMAP; StartingIndex: ULONG; NumberToSet: ULONG); stdcall;
  TFNRtlSetControlSecurityDescriptor = function (pSecurityDescriptor: PSECURITY_DESCRIPTOR; ControlBitsOfInterest: SECURITY_DESCRIPTOR_CONTROL; ControlBitsToSet: SECURITY_DESCRIPTOR_CONTROL): NTSTATUS; stdcall;
  TFNRtlSetCriticalSectionSpinCount = function (lpCriticalSection: PRTL_CRITICAL_SECTION; dwSpinCount: ULONG): DWORD; stdcall;
  TFNRtlSetCurrentDirectory_U = function (NewCurrentDirectory: PUNICODE_STRING): NTSTATUS; stdcall;
  TFNRtlSetDaclSecurityDescriptor = function (SecurityDescriptor: PSECURITY_DESCRIPTOR; DaclPresent: BOOLEAN; Dacl: PACL; DaclDefaulted: BOOLEAN): NTSTATUS; stdcall;
  TFNRtlSetGroupSecurityDescriptor = function (pSecurityDescriptor: PSECURITY_DESCRIPTOR; pGroup: PSID; bGroupDefaulted: BOOLEAN): NTSTATUS; stdcall;
  TFNRtlSetInformationAcl = function (pAcl: PACL; pAclInformation: PVOID; nInformationLength: DWORD; dwAclInformationClass: ACL_INFORMATION_CLASS): NTSTATUS; stdcall;
  TFNRtlSetLastWin32ErrorAndNtStatusFromNtStatus = function (Status: NTSTATUS): ULONG; stdcall;
  TFNRtlSetOwnerSecurityDescriptor = function (pSecurityDescriptor: PSECURITY_DESCRIPTOR; pOwner: PSID; bOwnerDefaulted: BOOLEAN): NTSTATUS; stdcall;
  TFNRtlSetProcessIsCritical = function (bIsCritical: BOOLEAN; pbOldIsCriticalValue: PBOOLEAN; bUnknownCanBeFalse: BOOLEAN): NTSTATUS; stdcall;
  TFNRtlSetSaclSecurityDescriptor = function (pSecurityDescriptor: PSECURITY_DESCRIPTOR; bSaclPresent: BOOLEAN; pSacl: PACL; SaclDefaulted: BOOLEAN): NTSTATUS; stdcall;
  TFNRtlSetThreadIsCritical = function (bIsCritical: BOOLEAN; pbOldIsCriticalValue: PBOOLEAN; bUnknownCanBeFalse: BOOLEAN): NTSTATUS; stdcall;
  TFNRtlSizeHeap = function (hHeap: HANDLE; dwFlags: ULONG; lpMem: PVOID): SIZE_T; stdcall;
  TFNRtlStringFromGUID = function (Guid: REFGUID; GuidString: PUNICODE_STRING): NTSTATUS; stdcall;
  TFNRtlSubAuthorityCountSid = function (pSid: PSID): PUCHAR; stdcall;
  TFNRtlSubAuthoritySid = function (pSid: PSID; nSubAuthority: DWORD): PDWORD; stdcall;
  TFNRtlSystemTimeToLocalTime = function (SystemTime: PLARGE_INTEGER; LocalTime: PLARGE_INTEGER): NTSTATUS; stdcall;
  TFNRtlTimeFieldsToTime = function (TimeFields: PTIME_FIELDS; Time: PLARGE_INTEGER): BOOLEAN; stdcall;
  TFNRtlTimeToElapsedTimeFields = procedure(Time: PLARGE_INTEGER; TimeFields: PTIME_FIELDS); stdcall;
  TFNRtlTimeToSecondsSince1970 = function (Time: PLARGE_INTEGER; ElapsedSeconds: PULONG): BOOLEAN; stdcall;
  TFNRtlTimeToSecondsSince1980 = function (Time: PLARGE_INTEGER; ElapsedSeconds: PULONG): BOOLEAN; stdcall;
  TFNRtlTimeToTimeFields = procedure(Time: PLARGE_INTEGER; TimeFields: PTIME_FIELDS); stdcall;
  TFNRtlTryEnterCriticalSection = function (lpCriticalSection: PRTL_CRITICAL_SECTION): BOOL; stdcall;
  TFNRtlUnicodeStringToAnsiSize = function (UnicodeString: PUNICODE_STRING): ULONG; stdcall;
  TFNRtlUnicodeStringToAnsiString = function (DestinationString: PANSI_STRING; SourceString: PUNICODE_STRING; AllocateDestinationString: BOOLEAN): NTSTATUS; stdcall;
  TFNRtlUnicodeStringToCountedOemString = function (DestinationString: POEM_STRING; SourceString: PUNICODE_STRING; AllocateDestinationString: BOOLEAN): NTSTATUS; stdcall;
  TFNRtlUnicodeStringToInteger = function (Str: PUNICODE_STRING; Base: ULONG; Value: PULONG): NTSTATUS; stdcall;
  TFNRtlUnicodeStringToOemSize = function (UnicodeString: PUNICODE_STRING): ULONG; stdcall;
  TFNRtlUnicodeStringToOemString = function (DestinationString: POEM_STRING; SourceString: PCUNICODE_STRING; AllocateDestinationString: BOOLEAN): NTSTATUS; stdcall;
  TFNRtlUnicodeToMultiByteSize = function (BytesInMultiByteString: PULONG; UnicodeString: PWSTR; BytesInUnicodeString: ULONG): NTSTATUS; stdcall;
  TFNRtlUniform = function (Seed: PULONG): ULONG; stdcall;
  TFNRtlUnwind = procedure(TargetFrame: PVOID; TargetIp: PVOID; ExceptionRecord: PEXCEPTION_RECORD; ReturnValue: PVOID); stdcall;
  TFNRtlUpcaseUnicodeChar = function (SourceCharacter: WCHAR): WCHAR; stdcall;
  TFNRtlUpcaseUnicodeString = function (DestinationString: PUNICODE_STRING; SourceString: PUNICODE_STRING; AllocateDestinationString: BOOLEAN): NTSTATUS; stdcall;
  TFNRtlUpcaseUnicodeStringToAnsiString = function (DestinationString: PSTRING; SourceString: PUNICODE_STRING; AllocateDestinationString: BOOLEAN): NTSTATUS; stdcall;
  TFNRtlUpcaseUnicodeStringToCountedOemString = function (DestinationString: PSTRING; SourceString: PUNICODE_STRING; AllocateDestinationString: BOOLEAN): NTSTATUS; stdcall;
  TFNRtlUpcaseUnicodeStringToOemString = function (DestinationString: PSTRING; SourceString: PUNICODE_STRING; AllocateDestinationString: BOOLEAN): NTSTATUS; stdcall;
  TFNRtlUpcaseUnicodeToMultiByteN = function (MbString: PCHAR; MbSize: ULONG; var ResultSize: ULONG; UnicodeString: PWSTR; UnicodeSize: ULONG): NTSTATUS; stdcall;
  TFNRtlUpcaseUnicodeToOemN = function (OemString: PCHAR; OemSize: ULONG; var ResultSize: ULONG; UnicodeString: PWSTR; UnicodeSize: ULONG): NTSTATUS; stdcall;
  TFNRtlUpperChar = function (Character: CHAR): CHAR; stdcall;
  TFNRtlUpperString = procedure(DestinationString: PSTRING; SourceString: PSTRING); stdcall;
  TFNRtlValidAcl = function (Acl: PACL): BOOLEAN; stdcall;
  TFNRtlValidRelativeSecurityDescriptor = function (SecurityDescriptorInput: PSECURITY_DESCRIPTOR; SecurityDescriptorLength: ULONG; RequiredInformation: SECURITY_INFORMATION): BOOLEAN; stdcall;
  TFNRtlValidSecurityDescriptor = function (SecurityDescriptor: PSECURITY_DESCRIPTOR): BOOLEAN; stdcall;
  TFNRtlValidSid = function (pSid: PSID): BOOLEAN; stdcall;
  TFNRtlValidateHeap = function (hHeap: HANDLE; dwFlags: ULONG; lpMem: LPCVOID): BOOL; stdcall;
  TFNRtlValidateUnicodeString = function (dwMustBeNull: ULONG; ValidateThis: PUNICODE_STRING): NTSTATUS; stdcall;
  TFNRtlVerifyVersionInfo = function (VersionInfo: PRTL_OSVERSIONINFOEXW; TypeMask: ULONG; ConditionMask: ULONGLONG): NTSTATUS; stdcall;
  TFNRtlVolumeDeviceToDosName = function (VolumeDeviceObject: PVOID; DosName: PUNICODE_STRING): NTSTATUS; stdcall;
  TFNRtlWriteRegistryValue = function (RelativeTo: ULONG; Path: LPCWSTR; ValueName: LPCWSTR; ValueType: ULONG; ValueData: PVOID; ValueLength: ULONG): NTSTATUS; stdcall;
  TFNRtlZeroHeap = function (hHeap: HANDLE; dwFlags: ULONG): BOOLEAN; stdcall;
  TFNRtlZeroMemory = procedure(Destination: PVOID; Length: SIZE_T); stdcall;
  TFNRtlpNotOwnerCriticalSection = function (lpCriticalSection: PRTL_CRITICAL_SECTION): BOOLEAN; stdcall;
  TFNRtlpNtCreateKey = function (KeyHandle: PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; Unused1: ULONG; Unused2: ULONG; Disposition: PULONG): NTSTATUS; stdcall;
  TFNRtlpNtEnumerateSubKey = function (KeyHandle: HANDLE; SubKeyName: PUNICODE_STRING; Index: ULONG; Unused1: ULONG): NTSTATUS; stdcall;
  TFNRtlpNtMakeTemporaryKey = function (KeyHandle: HANDLE): NTSTATUS; stdcall;
  TFNRtlpNtOpenKey = function (KeyHandle: HANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; Unused: ULONG): NTSTATUS; stdcall;
  TFNRtlpNtQueryValueKey = function (KeyHandle: HANDLE; Type_: PULONG; Data: PVOID; DataSize: PULONG; Unused: ULONG): NTSTATUS; stdcall;
  TFNRtlpNtSetValueKey = function (KeyHandle: HANDLE; Type_: ULONG; Data: PVOID; DataSize: ULONG): NTSTATUS; stdcall;
  TFNRtlxAnsiStringToUnicodeSize = function (AnsiString: PANSI_STRING): ULONG; stdcall;
  TFNRtlxOemStringToUnicodeSize = function (AnsiString: POEM_STRING): ULONG; stdcall;
  TFNRtlxUnicodeStringToAnsiSize = function (UnicodeString: PUNICODE_STRING): ULONG; stdcall;
  TFNRtlxUnicodeStringToOemSize = function (UnicodeString: PUNICODE_STRING): ULONG; stdcall;
  TFNVerSetConditionMask = function (ConditionMask: ULONGLONG; dwTypeMask: DWORD; Condition: BYTE): ULONGLONG; stdcall;
  TFNZwAcceptConnectPort = TFNNtAcceptConnectPort;
  TFNZwAccessCheck = TFNNtAccessCheck;
  TFNZwAccessCheckAndAuditAlarm = TFNNtAccessCheckAndAuditAlarm;
  TFNZwAccessCheckByType = TFNNtAccessCheckByType;
  TFNZwAccessCheckByTypeAndAuditAlarm = TFNNtAccessCheckByTypeAndAuditAlarm;
  TFNZwAccessCheckByTypeResultList = TFNNtAccessCheckByTypeResultList;
  TFNZwAccessCheckByTypeResultListAndAuditAlarm = TFNNtAccessCheckByTypeResultListAndAuditAlarm;
  TFNZwAccessCheckByTypeResultListAndAuditAlarmByHandle = TFNNtAccessCheckByTypeResultListAndAuditAlarmByHandle;
  TFNZwAddAtom = TFNNtAddAtom;
  TFNZwAdjustGroupsToken = TFNNtAdjustGroupsToken;
  TFNZwAdjustPrivilegesToken = TFNNtAdjustPrivilegesToken;
  TFNZwAlertResumeThread = TFNNtAlertResumeThread;
  TFNZwAlertThread = TFNNtAlertThread;
  TFNZwAllocateLocallyUniqueId = TFNNtAllocateLocallyUniqueId;
  TFNZwAllocateUserPhysicalPages = TFNNtAllocateUserPhysicalPages;
  TFNZwAllocateUuids = TFNNtAllocateUuids;
  TFNZwAllocateVirtualMemory = TFNNtAllocateVirtualMemory;
  TFNZwAreMappedFilesTheSame = TFNNtAreMappedFilesTheSame;
  TFNZwAssignProcessToJobObject = TFNNtAssignProcessToJobObject;
  TFNZwCallbackReturn = TFNNtCallbackReturn;
  TFNZwCancelDeviceWakeupRequest = TFNNtCancelDeviceWakeupRequest;
  TFNZwCancelIoFile = TFNNtCancelIoFile;
  TFNZwCancelTimer = TFNNtCancelTimer;
  TFNZwClearEvent = TFNNtClearEvent;
  TFNZwClose = TFNNtClose;
  TFNZwCloseObjectAuditAlarm = TFNNtCloseObjectAuditAlarm;
  TFNZwCompleteConnectPort = TFNNtCompleteConnectPort;
  TFNZwConnectPort = TFNNtConnectPort;
  TFNZwContinue = TFNNtContinue;
  TFNZwCreateChannel = TFNNtCreateChannel;
  TFNZwCreateDirectoryObject = TFNNtCreateDirectoryObject;
  TFNZwCreateEvent = TFNNtCreateEvent;
  TFNZwCreateEventPair = TFNNtCreateEventPair;
  TFNZwCreateFile = TFNNtCreateFile;
  TFNZwCreateIoCompletion = TFNNtCreateIoCompletion;
  TFNZwCreateJobObject = TFNNtCreateJobObject;
  TFNZwCreateKey = TFNNtCreateKey;
  TFNZwCreateMailslotFile = TFNNtCreateMailslotFile;
  TFNZwCreateMutant = TFNNtCreateMutant;
  TFNZwCreateNamedPipeFile = TFNNtCreateNamedPipeFile;
  TFNZwCreatePagingFile = TFNNtCreatePagingFile;
  TFNZwCreatePort = TFNNtCreatePort;
  TFNZwCreateProcess = TFNNtCreateProcess;
  TFNZwCreateProfile = TFNNtCreateProfile;
  TFNZwCreateSection = TFNNtCreateSection;
  TFNZwCreateSemaphore = TFNNtCreateSemaphore;
  TFNZwCreateSymbolicLinkObject = TFNNtCreateSymbolicLinkObject;
  TFNZwCreateThread = TFNNtCreateThread;
  TFNZwCreateTimer = TFNNtCreateTimer;
  TFNZwCreateToken = TFNNtCreateToken;
  TFNZwCreateWaitablePort = TFNNtCreateWaitablePort;
  TFNZwCurrentTeb = TFNNtCurrentTeb;
  TFNZwDebugActiveProcess = TFNNtDebugActiveProcess;
  TFNZwDelayExecution = TFNNtDelayExecution;
  TFNZwDeleteAtom = TFNNtDeleteAtom;
  TFNZwDeleteFile = TFNNtDeleteFile;
  TFNZwDeleteKey = TFNNtDeleteKey;
  TFNZwDeleteObjectAuditAlarm = TFNNtDeleteObjectAuditAlarm;
  TFNZwDeleteValueKey = TFNNtDeleteValueKey;
  TFNZwDeviceIoControlFile = TFNNtDeviceIoControlFile;
  TFNZwDisplayString = TFNNtDisplayString;
  TFNZwDuplicateObject = TFNNtDuplicateObject;
  TFNZwDuplicateToken = TFNNtDuplicateToken;
  TFNZwEnumerateKey = TFNNtEnumerateKey;
  TFNZwEnumerateValueKey = TFNNtEnumerateValueKey;
  TFNZwExtendSection = TFNNtExtendSection;
  TFNZwFilterToken = TFNNtFilterToken;
  TFNZwFindAtom = TFNNtFindAtom;
  TFNZwFlushBuffersFile = TFNNtFlushBuffersFile;
  TFNZwFlushInstructionCache = TFNNtFlushInstructionCache;
  TFNZwFlushKey = TFNNtFlushKey;
  TFNZwFlushVirtualMemory = TFNNtFlushVirtualMemory;
  TFNZwFlushWriteBuffer = TFNNtFlushWriteBuffer;
  TFNZwFreeUserPhysicalPages = TFNNtFreeUserPhysicalPages;
  TFNZwFreeVirtualMemory = TFNNtFreeVirtualMemory;
  TFNZwFsControlFile = TFNNtFsControlFile;
  TFNZwGetContextThread = TFNNtGetContextThread;
  TFNZwGetCurrentProcessorNumber = TFNNtGetCurrentProcessorNumber;
  TFNZwGetDevicePowerState = TFNNtGetDevicePowerState;
  TFNZwGetPlugPlayEvent = TFNNtGetPlugPlayEvent;
  TFNZwGetTickCount = TFNNtGetTickCount;
  TFNZwGetWriteWatch = TFNNtGetWriteWatch;
  TFNZwImpersonateAnonymousToken = TFNNtImpersonateAnonymousToken;
  TFNZwImpersonateClientOfPort = TFNNtImpersonateClientOfPort;
  TFNZwImpersonateThread = TFNNtImpersonateThread;
  TFNZwInitializeRegistry = TFNNtInitializeRegistry;
  TFNZwInitiatePowerAction = TFNNtInitiatePowerAction;
  TFNZwIsSystemResumeAutomatic = TFNNtIsSystemResumeAutomatic;
  TFNZwListenChannel = TFNNtListenChannel;
  TFNZwListenPort = TFNNtListenPort;
  TFNZwLoadDriver = TFNNtLoadDriver;
  TFNZwLoadKey = TFNNtLoadKey;
  TFNZwLoadKey2 = TFNNtLoadKey2;
  TFNZwLockFile = TFNNtLockFile;
  TFNZwLockVirtualMemory = TFNNtLockVirtualMemory;
  TFNZwMakePermanentObject = TFNNtMakePermanentObject;
  TFNZwMakeTemporaryObject = TFNNtMakeTemporaryObject;
  TFNZwMapUserPhysicalPages = TFNNtMapUserPhysicalPages;
  TFNZwMapUserPhysicalPagesScatter = TFNNtMapUserPhysicalPagesScatter;
  TFNZwMapViewOfSection = TFNNtMapViewOfSection;
  TFNZwNotifyChangeDirectoryFile = TFNNtNotifyChangeDirectoryFile;
  TFNZwNotifyChangeKey = TFNNtNotifyChangeKey;
  TFNZwNotifyChangeMultipleKeys = TFNNtNotifyChangeMultipleKeys;
  TFNZwOpenChannel = TFNNtOpenChannel;
  TFNZwOpenDirectoryObject = TFNNtOpenDirectoryObject;
  TFNZwOpenEvent = TFNNtOpenEvent;
  TFNZwOpenEventPair = TFNNtOpenEventPair;
  TFNZwOpenFile = TFNNtOpenFile;
  TFNZwOpenIoCompletion = TFNNtOpenIoCompletion;
  TFNZwOpenJobObject = TFNNtOpenJobObject;
  TFNZwOpenKey = TFNNtOpenKey;
  TFNZwOpenMutant = TFNNtOpenMutant;
  TFNZwOpenObjectAuditAlarm = TFNNtOpenObjectAuditAlarm;
  TFNZwOpenProcess = TFNNtOpenProcess;
  TFNZwOpenProcessToken = TFNNtOpenProcessToken;
  TFNZwOpenSection = TFNNtOpenSection;
  TFNZwOpenSemaphore = TFNNtOpenSemaphore;
  TFNZwOpenSymbolicLinkObject = TFNNtOpenSymbolicLinkObject;
  TFNZwOpenThread = TFNNtOpenThread;
  TFNZwOpenThreadToken = TFNNtOpenThreadToken;
  TFNZwOpenTimer = TFNNtOpenTimer;
  TFNZwPlugPlayControl = TFNNtPlugPlayControl;
  TFNZwPowerInformation = TFNNtPowerInformation;
  TFNZwPrivilegeCheck = TFNNtPrivilegeCheck;
  TFNZwPrivilegeObjectAuditAlarm = TFNNtPrivilegeObjectAuditAlarm;
  TFNZwPrivilegedServiceAuditAlarm = TFNNtPrivilegedServiceAuditAlarm;
  TFNZwProtectVirtualMemory = TFNNtProtectVirtualMemory;
  TFNZwPulseEvent = TFNNtPulseEvent;
  TFNZwQueryAttributesFile = TFNNtQueryAttributesFile;
  TFNZwQueryDefaultLocale = TFNNtQueryDefaultLocale;
  TFNZwQueryDefaultUILanguage = TFNNtQueryDefaultUILanguage;
  TFNZwQueryDirectoryFile = TFNNtQueryDirectoryFile;
  TFNZwQueryDirectoryObject = TFNNtQueryDirectoryObject;
  TFNZwQueryEaFile = TFNNtQueryEaFile;
  TFNZwQueryEvent = TFNNtQueryEvent;
  TFNZwQueryFullAttributesFile = TFNNtQueryFullAttributesFile;
  TFNZwQueryInformationAtom = TFNNtQueryInformationAtom;
  TFNZwQueryInformationFile = TFNNtQueryInformationFile;
  TFNZwQueryInformationJobObject = TFNNtQueryInformationJobObject;
  TFNZwQueryInformationPort = TFNNtQueryInformationPort;
  TFNZwQueryInformationProcess = TFNNtQueryInformationProcess;
  TFNZwQueryInformationThread = TFNNtQueryInformationThread;
  TFNZwQueryInformationToken = TFNNtQueryInformationToken;
  TFNZwQueryInstallUILanguage = TFNNtQueryInstallUILanguage;
  TFNZwQueryIntervalProfile = TFNNtQueryIntervalProfile;
  TFNZwQueryIoCompletion = TFNNtQueryIoCompletion;
  TFNZwQueryKey = TFNNtQueryKey;
  TFNZwQueryMultipleValueKey = TFNNtQueryMultipleValueKey;
  TFNZwQueryMutant = TFNNtQueryMutant;
  TFNZwQueryObject = TFNNtQueryObject;
  TFNZwQueryOpenSubKeys = TFNNtQueryOpenSubKeys;
  TFNZwQueryPerformanceCounter = TFNNtQueryPerformanceCounter;
  TFNZwQueryPortInformationProcess = TFNNtQueryPortInformationProcess;
  TFNZwQueryQuotaInformationFile = TFNNtQueryQuotaInformationFile;
  TFNZwQuerySection = TFNNtQuerySection;
  TFNZwQuerySecurityObject = TFNNtQuerySecurityObject;
  TFNZwQuerySemaphore = TFNNtQuerySemaphore;
  TFNZwQuerySymbolicLinkObject = TFNNtQuerySymbolicLinkObject;
  TFNZwQuerySystemEnvironmentValue = TFNNtQuerySystemEnvironmentValue;
  TFNZwQuerySystemInformation = TFNNtQuerySystemInformation;
  TFNZwQuerySystemTime = TFNNtQuerySystemTime;
  TFNZwQueryTimer = TFNNtQueryTimer;
  TFNZwQueryTimerResolution = TFNNtQueryTimerResolution;
  TFNZwQueryValueKey = TFNNtQueryValueKey;
  TFNZwQueryVirtualMemory = TFNNtQueryVirtualMemory;
  TFNZwQueryVolumeInformationFile = TFNNtQueryVolumeInformationFile;
  TFNZwQueueApcThread = TFNNtQueueApcThread;
  TFNZwRaiseException = TFNNtRaiseException;
  TFNZwRaiseHardError = TFNNtRaiseHardError;
  TFNZwReadFile = TFNNtReadFile;
  TFNZwReadFileScatter = TFNNtReadFileScatter;
  TFNZwReadRequestData = TFNNtReadRequestData;
  TFNZwReadVirtualMemory = TFNNtReadVirtualMemory;
  TFNZwRegisterThreadTerminatePort = TFNNtRegisterThreadTerminatePort;
  TFNZwReleaseMutant = TFNNtReleaseMutant;
  TFNZwReleaseSemaphore = TFNNtReleaseSemaphore;
  TFNZwRemoveIoCompletion = TFNNtRemoveIoCompletion;
  TFNZwRemoveProcessDebug = TFNNtRemoveProcessDebug;
  TFNZwReplaceKey = TFNNtReplaceKey;
  TFNZwReplyPort = TFNNtReplyPort;
  TFNZwReplyWaitReceivePort = TFNNtReplyWaitReceivePort;
  TFNZwReplyWaitReceivePortEx = TFNNtReplyWaitReceivePortEx;
  TFNZwReplyWaitReplyPort = TFNNtReplyWaitReplyPort;
  TFNZwReplyWaitSendChannel = TFNNtReplyWaitSendChannel;
  TFNZwRequestDeviceWakeup = TFNNtRequestDeviceWakeup;
  TFNZwRequestPort = TFNNtRequestPort;
  TFNZwRequestWaitReplyPort = TFNNtRequestWaitReplyPort;
  TFNZwRequestWakeupLatency = TFNNtRequestWakeupLatency;
  TFNZwResetEvent = TFNNtResetEvent;
  TFNZwResetWriteWatch = TFNNtResetWriteWatch;
  TFNZwRestoreKey = TFNNtRestoreKey;
  TFNZwResumeProcess = TFNNtResumeProcess;
  TFNZwResumeThread = TFNNtResumeThread;
  TFNZwSaveKey = TFNNtSaveKey;
  TFNZwSaveKeyEx = TFNNtSaveKeyEx;
  TFNZwSaveMergedKeys = TFNNtSaveMergedKeys;
  TFNZwSecureConnectPort = TFNNtSecureConnectPort;
  TFNZwSendWaitReplyChannel = TFNNtSendWaitReplyChannel;
  TFNZwSetContextChannel = TFNNtSetContextChannel;
  TFNZwSetContextThread = TFNNtSetContextThread;
  TFNZwSetDefaultHardErrorPort = TFNNtSetDefaultHardErrorPort;
  TFNZwSetDefaultLocale = TFNNtSetDefaultLocale;
  TFNZwSetDefaultUILanguage = TFNNtSetDefaultUILanguage;
  TFNZwSetEaFile = TFNNtSetEaFile;
  TFNZwSetEvent = TFNNtSetEvent;
  TFNZwSetHighEventPair = TFNNtSetHighEventPair;
  TFNZwSetHighWaitLowEventPair = TFNNtSetHighWaitLowEventPair;
  TFNZwSetHighWaitLowThread = TFNNtSetHighWaitLowThread;
  TFNZwSetInformationFile = TFNNtSetInformationFile;
  TFNZwSetInformationJobObject = TFNNtSetInformationJobObject;
  TFNZwSetInformationKey = TFNNtSetInformationKey;
  TFNZwSetInformationObject = TFNNtSetInformationObject;
  TFNZwSetInformationProcess = TFNNtSetInformationProcess;
  TFNZwSetInformationThread = TFNNtSetInformationThread;
  TFNZwSetInformationToken = TFNNtSetInformationToken;
  TFNZwSetIntervalProfile = TFNNtSetIntervalProfile;
  TFNZwSetIoCompletion = TFNNtSetIoCompletion;
  TFNZwSetLdtEntries = TFNNtSetLdtEntries;
  TFNZwSetLowEventPair = TFNNtSetLowEventPair;
  TFNZwSetLowWaitHighEventPair = TFNNtSetLowWaitHighEventPair;
  TFNZwSetLowWaitHighThread = TFNNtSetLowWaitHighThread;
  TFNZwSetQuotaInformationFile = TFNNtSetQuotaInformationFile;
  TFNZwSetSecurityObject = TFNNtSetSecurityObject;
  TFNZwSetSystemEnvironmentValue = TFNNtSetSystemEnvironmentValue;
  TFNZwSetSystemInformation = TFNNtSetSystemInformation;
  TFNZwSetSystemPowerState = TFNNtSetSystemPowerState;
  TFNZwSetSystemTime = TFNNtSetSystemTime;
  TFNZwSetThreadExecutionState = TFNNtSetThreadExecutionState;
  TFNZwSetTimer = TFNNtSetTimer;
  TFNZwSetTimerResolution = TFNNtSetTimerResolution;
  TFNZwSetUuidSeed = TFNNtSetUuidSeed;
  TFNZwSetValueKey = TFNNtSetValueKey;
  TFNZwSetVolumeInformationFile = TFNNtSetVolumeInformationFile;
  TFNZwShutdownSystem = TFNNtShutdownSystem;
  TFNZwSignalAndWaitForSingleObject = TFNNtSignalAndWaitForSingleObject;
  TFNZwStartProfile = TFNNtStartProfile;
  TFNZwStopProfile = TFNNtStopProfile;
  TFNZwSuspendProcess = TFNNtSuspendProcess;
  TFNZwSuspendThread = TFNNtSuspendThread;
  TFNZwSystemDebugControl = TFNNtSystemDebugControl;
  TFNZwTerminateJobObject = TFNNtTerminateJobObject;
  TFNZwTerminateProcess = TFNNtTerminateProcess;
  TFNZwTerminateThread = TFNNtTerminateThread;
  TFNZwTestAlert = TFNNtTestAlert;
  TFNZwUnloadDriver = TFNNtUnloadDriver;
  TFNZwUnloadKey = TFNNtUnloadKey;
  TFNZwUnlockFile = TFNNtUnlockFile;
  TFNZwUnlockVirtualMemory = TFNNtUnlockVirtualMemory;
  TFNZwUnmapViewOfSection = TFNNtUnmapViewOfSection;
  TFNZwVdmControl = TFNNtVdmControl;
  TFNZwW32Call = TFNNtW32Call;
  TFNZwWaitForMultipleObjects = TFNNtWaitForMultipleObjects;
  TFNZwWaitForSingleObject = TFNNtWaitForSingleObject;
  TFNZwWaitHighEventPair = TFNNtWaitHighEventPair;
  TFNZwWaitLowEventPair = TFNNtWaitLowEventPair;
  TFNZwWriteFile = TFNNtWriteFile;
  TFNZwWriteFileGather = TFNNtWriteFileGather;
  TFNZwWriteRequestData = TFNNtWriteRequestData;
  TFNZwWriteVirtualMemory = TFNNtWriteVirtualMemory;
  TFNZwYieldExecution = TFNNtYieldExecution;

/// (Global) function pointers
var
  _CsrGetProcessId : Pointer = nil;
  _DbgQueryDebugFilterState : Pointer = nil;
  _DbgSetDebugFilterState : Pointer = nil;
  _KiRaiseUserExceptionDispatcher : Pointer = nil;
  _LdrAccessResource : Pointer = nil;
  _LdrAlternateResourcesEnabled : Pointer = nil;
  _LdrDisableThreadCalloutsForDll : Pointer = nil;
  _LdrGetDllHandle : Pointer = nil;
  _LdrGetProcedureAddress : Pointer = nil;
  _LdrLoadDll : Pointer = nil;
  _LdrQueryImageFileExecutionOptions : Pointer = nil;
  _LdrQueryProcessModuleInformation : Pointer = nil;
  _LdrShutdownProcess : Pointer = nil;
  _LdrShutdownThread : Pointer = nil;
  _LdrUnloadDll : Pointer = nil;
  _NtAcceptConnectPort : Pointer = nil;
  _NtAccessCheck : Pointer = nil;
  _NtAccessCheckAndAuditAlarm : Pointer = nil;
  _NtAccessCheckByType : Pointer = nil;
  _NtAccessCheckByTypeAndAuditAlarm : Pointer = nil;
  _NtAccessCheckByTypeResultList : Pointer = nil;
  _NtAccessCheckByTypeResultListAndAuditAlarm : Pointer = nil;
  _NtAccessCheckByTypeResultListAndAuditAlarmByHandle : Pointer = nil;
  _NtAddAtom : Pointer = nil;
  _NtAdjustGroupsToken : Pointer = nil;
  _NtAdjustPrivilegesToken : Pointer = nil;
  _NtAlertResumeThread : Pointer = nil;
  _NtAlertThread : Pointer = nil;
  _NtAllocateLocallyUniqueId : Pointer = nil;
  _NtAllocateUserPhysicalPages : Pointer = nil;
  _NtAllocateUuids : Pointer = nil;
  _NtAllocateVirtualMemory : Pointer = nil;
  _NtAreMappedFilesTheSame : Pointer = nil;
  _NtAssignProcessToJobObject : Pointer = nil;
  _NtCallbackReturn : Pointer = nil;
  _NtCancelDeviceWakeupRequest : Pointer = nil;
  _NtCancelIoFile : Pointer = nil;
  _NtCancelTimer : Pointer = nil;
  _NtClearEvent : Pointer = nil;
  _NtClose : Pointer = nil;
  _NtCloseObjectAuditAlarm : Pointer = nil;
  _NtCompleteConnectPort : Pointer = nil;
  _NtConnectPort : Pointer = nil;
  _NtContinue : Pointer = nil;
  _NtCreateChannel : Pointer = nil;
  _NtCreateDirectoryObject : Pointer = nil;
  _NtCreateEvent : Pointer = nil;
  _NtCreateEventPair : Pointer = nil;
  _NtCreateFile : Pointer = nil;
  _NtCreateIoCompletion : Pointer = nil;
  _NtCreateJobObject : Pointer = nil;
  _NtCreateKey : Pointer = nil;
  _NtCreateMailslotFile : Pointer = nil;
  _NtCreateMutant : Pointer = nil;
  _NtCreateNamedPipeFile : Pointer = nil;
  _NtCreatePagingFile : Pointer = nil;
  _NtCreatePort : Pointer = nil;
  _NtCreateProcess : Pointer = nil;
  _NtCreateProfile : Pointer = nil;
  _NtCreateSection : Pointer = nil;
  _NtCreateSemaphore : Pointer = nil;
  _NtCreateSymbolicLinkObject : Pointer = nil;
  _NtCreateThread : Pointer = nil;
  _NtCreateTimer : Pointer = nil;
  _NtCreateToken : Pointer = nil;
  _NtCreateWaitablePort : Pointer = nil;
  _NtCurrentTeb : Pointer = nil;
  _NtDebugActiveProcess : Pointer = nil;
  _NtDelayExecution : Pointer = nil;
  _NtDeleteAtom : Pointer = nil;
  _NtDeleteFile : Pointer = nil;
  _NtDeleteKey : Pointer = nil;
  _NtDeleteObjectAuditAlarm : Pointer = nil;
  _NtDeleteValueKey : Pointer = nil;
  _NtDeviceIoControlFile : Pointer = nil;
  _NtDisplayString : Pointer = nil;
  _NtDuplicateObject : Pointer = nil;
  _NtDuplicateToken : Pointer = nil;
  _NtEnumerateKey : Pointer = nil;
  _NtEnumerateValueKey : Pointer = nil;
  _NtExtendSection : Pointer = nil;
  _NtFilterToken : Pointer = nil;
  _NtFindAtom : Pointer = nil;
  _NtFlushBuffersFile : Pointer = nil;
  _NtFlushInstructionCache : Pointer = nil;
  _NtFlushKey : Pointer = nil;
  _NtFlushVirtualMemory : Pointer = nil;
  _NtFlushWriteBuffer : Pointer = nil;
  _NtFreeUserPhysicalPages : Pointer = nil;
  _NtFreeVirtualMemory : Pointer = nil;
  _NtFsControlFile : Pointer = nil;
  _NtGetContextThread : Pointer = nil;
  _NtGetCurrentProcessorNumber : Pointer = nil;
  _NtGetDevicePowerState : Pointer = nil;
  _NtGetPlugPlayEvent : Pointer = nil;
  _NtGetTickCount : Pointer = nil;
  _NtGetWriteWatch : Pointer = nil;
  _NtImpersonateAnonymousToken : Pointer = nil;
  _NtImpersonateClientOfPort : Pointer = nil;
  _NtImpersonateThread : Pointer = nil;
  _NtInitializeRegistry : Pointer = nil;
  _NtInitiatePowerAction : Pointer = nil;
  _NtIsSystemResumeAutomatic : Pointer = nil;
  _NtListenChannel : Pointer = nil;
  _NtListenPort : Pointer = nil;
  _NtLoadDriver : Pointer = nil;
  _NtLoadKey : Pointer = nil;
  _NtLoadKey2 : Pointer = nil;
  _NtLockFile : Pointer = nil;
  _NtLockVirtualMemory : Pointer = nil;
  _NtMakePermanentObject : Pointer = nil;
  _NtMakeTemporaryObject : Pointer = nil;
  _NtMapUserPhysicalPages : Pointer = nil;
  _NtMapUserPhysicalPagesScatter : Pointer = nil;
  _NtMapViewOfSection : Pointer = nil;
  _NtNotifyChangeDirectoryFile : Pointer = nil;
  _NtNotifyChangeKey : Pointer = nil;
  _NtNotifyChangeMultipleKeys : Pointer = nil;
  _NtOpenChannel : Pointer = nil;
  _NtOpenDirectoryObject : Pointer = nil;
  _NtOpenEvent : Pointer = nil;
  _NtOpenEventPair : Pointer = nil;
  _NtOpenFile : Pointer = nil;
  _NtOpenIoCompletion : Pointer = nil;
  _NtOpenJobObject : Pointer = nil;
  _NtOpenKey : Pointer = nil;
  _NtOpenMutant : Pointer = nil;
  _NtOpenObjectAuditAlarm : Pointer = nil;
  _NtOpenProcess : Pointer = nil;
  _NtOpenProcessToken : Pointer = nil;
  _NtOpenSection : Pointer = nil;
  _NtOpenSemaphore : Pointer = nil;
  _NtOpenSymbolicLinkObject : Pointer = nil;
  _NtOpenThread : Pointer = nil;
  _NtOpenThreadToken : Pointer = nil;
  _NtOpenTimer : Pointer = nil;
  _NtPlugPlayControl : Pointer = nil;
  _NtPowerInformation : Pointer = nil;
  _NtPrivilegeCheck : Pointer = nil;
  _NtPrivilegeObjectAuditAlarm : Pointer = nil;
  _NtPrivilegedServiceAuditAlarm : Pointer = nil;
  _NtProtectVirtualMemory : Pointer = nil;
  _NtPulseEvent : Pointer = nil;
  _NtQueryAttributesFile : Pointer = nil;
  _NtQueryDefaultLocale : Pointer = nil;
  _NtQueryDefaultUILanguage : Pointer = nil;
  _NtQueryDirectoryFile : Pointer = nil;
  _NtQueryDirectoryObject : Pointer = nil;
  _NtQueryEaFile : Pointer = nil;
  _NtQueryEvent : Pointer = nil;
  _NtQueryFullAttributesFile : Pointer = nil;
  _NtQueryInformationAtom : Pointer = nil;
  _NtQueryInformationFile : Pointer = nil;
  _NtQueryInformationJobObject : Pointer = nil;
  _NtQueryInformationPort : Pointer = nil;
  _NtQueryInformationProcess : Pointer = nil;
  _NtQueryInformationThread : Pointer = nil;
  _NtQueryInformationToken : Pointer = nil;
  _NtQueryInstallUILanguage : Pointer = nil;
  _NtQueryIntervalProfile : Pointer = nil;
  _NtQueryIoCompletion : Pointer = nil;
  _NtQueryKey : Pointer = nil;
  _NtQueryMultipleValueKey : Pointer = nil;
  _NtQueryMutant : Pointer = nil;
  _NtQueryObject : Pointer = nil;
  _NtQueryOpenSubKeys : Pointer = nil;
  _NtQueryPerformanceCounter : Pointer = nil;
  _NtQueryPortInformationProcess : Pointer = nil;
  _NtQueryQuotaInformationFile : Pointer = nil;
  _NtQuerySection : Pointer = nil;
  _NtQuerySecurityObject : Pointer = nil;
  _NtQuerySemaphore : Pointer = nil;
  _NtQuerySymbolicLinkObject : Pointer = nil;
  _NtQuerySystemEnvironmentValue : Pointer = nil;
  _NtQuerySystemInformation : Pointer = nil;
  _NtQuerySystemTime : Pointer = nil;
  _NtQueryTimer : Pointer = nil;
  _NtQueryTimerResolution : Pointer = nil;
  _NtQueryValueKey : Pointer = nil;
  _NtQueryVirtualMemory : Pointer = nil;
  _NtQueryVolumeInformationFile : Pointer = nil;
  _NtQueueApcThread : Pointer = nil;
  _NtRaiseException : Pointer = nil;
  _NtRaiseHardError : Pointer = nil;
  _NtReadFile : Pointer = nil;
  _NtReadFileScatter : Pointer = nil;
  _NtReadRequestData : Pointer = nil;
  _NtReadVirtualMemory : Pointer = nil;
  _NtRegisterThreadTerminatePort : Pointer = nil;
  _NtReleaseMutant : Pointer = nil;
  _NtReleaseSemaphore : Pointer = nil;
  _NtRemoveIoCompletion : Pointer = nil;
  _NtRemoveProcessDebug : Pointer = nil;
  _NtReplaceKey : Pointer = nil;
  _NtReplyPort : Pointer = nil;
  _NtReplyWaitReceivePort : Pointer = nil;
  _NtReplyWaitReceivePortEx : Pointer = nil;
  _NtReplyWaitReplyPort : Pointer = nil;
  _NtReplyWaitSendChannel : Pointer = nil;
  _NtRequestDeviceWakeup : Pointer = nil;
  _NtRequestPort : Pointer = nil;
  _NtRequestWaitReplyPort : Pointer = nil;
  _NtRequestWakeupLatency : Pointer = nil;
  _NtResetEvent : Pointer = nil;
  _NtResetWriteWatch : Pointer = nil;
  _NtRestoreKey : Pointer = nil;
  _NtResumeProcess : Pointer = nil;
  _NtResumeThread : Pointer = nil;
  _NtSaveKey : Pointer = nil;
  _NtSaveKeyEx : Pointer = nil;
  _NtSaveMergedKeys : Pointer = nil;
  _NtSecureConnectPort : Pointer = nil;
  _NtSendWaitReplyChannel : Pointer = nil;
  _NtSetContextChannel : Pointer = nil;
  _NtSetContextThread : Pointer = nil;
  _NtSetDefaultHardErrorPort : Pointer = nil;
  _NtSetDefaultLocale : Pointer = nil;
  _NtSetDefaultUILanguage : Pointer = nil;
  _NtSetEaFile : Pointer = nil;
  _NtSetEvent : Pointer = nil;
  _NtSetHighEventPair : Pointer = nil;
  _NtSetHighWaitLowEventPair : Pointer = nil;
  _NtSetHighWaitLowThread : Pointer = nil;
  _NtSetInformationFile : Pointer = nil;
  _NtSetInformationJobObject : Pointer = nil;
  _NtSetInformationKey : Pointer = nil;
  _NtSetInformationObject : Pointer = nil;
  _NtSetInformationProcess : Pointer = nil;
  _NtSetInformationThread : Pointer = nil;
  _NtSetInformationToken : Pointer = nil;
  _NtSetIntervalProfile : Pointer = nil;
  _NtSetIoCompletion : Pointer = nil;
  _NtSetLdtEntries : Pointer = nil;
  _NtSetLowEventPair : Pointer = nil;
  _NtSetLowWaitHighEventPair : Pointer = nil;
  _NtSetLowWaitHighThread : Pointer = nil;
  _NtSetQuotaInformationFile : Pointer = nil;
  _NtSetSecurityObject : Pointer = nil;
  _NtSetSystemEnvironmentValue : Pointer = nil;
  _NtSetSystemInformation : Pointer = nil;
  _NtSetSystemPowerState : Pointer = nil;
  _NtSetSystemTime : Pointer = nil;
  _NtSetThreadExecutionState : Pointer = nil;
  _NtSetTimer : Pointer = nil;
  _NtSetTimerResolution : Pointer = nil;
  _NtSetUuidSeed : Pointer = nil;
  _NtSetValueKey : Pointer = nil;
  _NtSetVolumeInformationFile : Pointer = nil;
  _NtShutdownSystem : Pointer = nil;
  _NtSignalAndWaitForSingleObject : Pointer = nil;
  _NtStartProfile : Pointer = nil;
  _NtStopProfile : Pointer = nil;
  _NtSuspendProcess : Pointer = nil;
  _NtSuspendThread : Pointer = nil;
  _NtSystemDebugControl : Pointer = nil;
  _NtTerminateJobObject : Pointer = nil;
  _NtTerminateProcess : Pointer = nil;
  _NtTerminateThread : Pointer = nil;
  _NtTestAlert : Pointer = nil;
  _NtUnloadDriver : Pointer = nil;
  _NtUnloadKey : Pointer = nil;
  _NtUnlockFile : Pointer = nil;
  _NtUnlockVirtualMemory : Pointer = nil;
  _NtUnmapViewOfSection : Pointer = nil;
  _NtVdmControl : Pointer = nil;
  _NtW32Call : Pointer = nil;
  _NtWaitForMultipleObjects : Pointer = nil;
  _NtWaitForSingleObject : Pointer = nil;
  _NtWaitHighEventPair : Pointer = nil;
  _NtWaitLowEventPair : Pointer = nil;
  _NtWriteFile : Pointer = nil;
  _NtWriteFileGather : Pointer = nil;
  _NtWriteRequestData : Pointer = nil;
  _NtWriteVirtualMemory : Pointer = nil;
  _NtYieldExecution : Pointer = nil;
  _RtlAbsoluteToSelfRelativeSD : Pointer = nil;
  _RtlAcquirePebLock : Pointer = nil;
  _RtlAddAccessAllowedAce : Pointer = nil;
  _RtlAddAccessAllowedAceEx : Pointer = nil;
  _RtlAddAccessDeniedAce : Pointer = nil;
  _RtlAddAccessDeniedAceEx : Pointer = nil;
  _RtlAddAce : Pointer = nil;
  _RtlAddAuditAccessAce : Pointer = nil;
  _RtlAddAuditAccessAceEx : Pointer = nil;
  _RtlAddRange : Pointer = nil;
  _RtlAddVectoredExceptionHandler : Pointer = nil;
  _RtlAdjustPrivilege : Pointer = nil;
  _RtlAllocateAndInitializeSid : Pointer = nil;
  _RtlAllocateHeap : Pointer = nil;
  _RtlAnsiCharToUnicodeChar : Pointer = nil;
  _RtlAnsiStringToUnicodeSize : Pointer = nil;
  _RtlAnsiStringToUnicodeString : Pointer = nil;
  _RtlAppendAsciizToString : Pointer = nil;
  _RtlAppendStringToString : Pointer = nil;
  _RtlAppendUnicodeStringToString : Pointer = nil;
  _RtlAppendUnicodeToString : Pointer = nil;
  _RtlAreAllAccessesGranted : Pointer = nil;
  _RtlAreAnyAccessesGranted : Pointer = nil;
  _RtlAreBitsClear : Pointer = nil;
  _RtlAreBitsSet : Pointer = nil;
  _RtlAssert : Pointer = nil;
  _RtlCaptureContext : Pointer = nil;
  _RtlCharToInteger : Pointer = nil;
  _RtlCheckForOrphanedCriticalSections : Pointer = nil;
  _RtlCheckRegistryKey : Pointer = nil;
  _RtlClearAllBits : Pointer = nil;
  _RtlClearBits : Pointer = nil;
  _RtlCompactHeap : Pointer = nil;
  _RtlCompareMemory : Pointer = nil;
  _RtlCompareMemoryUlong : Pointer = nil;
  _RtlCompareString : Pointer = nil;
  _RtlCompareUnicodeString : Pointer = nil;
  _RtlConvertLongToLargeInteger : Pointer = nil;
  _RtlConvertSidToUnicodeString : Pointer = nil;
  _RtlConvertUlongToLargeInteger : Pointer = nil;
  _RtlCopyLuid : Pointer = nil;
  _RtlCopyRangeList : Pointer = nil;
  _RtlCopySecurityDescriptor : Pointer = nil;
  _RtlCopySid : Pointer = nil;
  _RtlCopyString : Pointer = nil;
  _RtlCopyUnicodeString : Pointer = nil;
  _RtlCreateAcl : Pointer = nil;
  _RtlCreateHeap : Pointer = nil;
  _RtlCreateProcessParameters : Pointer = nil;
  _RtlCreateQueryDebugBuffer : Pointer = nil;
  _RtlCreateRegistryKey : Pointer = nil;
  _RtlCreateSecurityDescriptor : Pointer = nil;
  _RtlCreateUnicodeString : Pointer = nil;
  _RtlCreateUnicodeStringFromAsciiz : Pointer = nil;
  _RtlCreateUserProcess : Pointer = nil;
  _RtlCreateUserThread : Pointer = nil;
  _RtlCutoverTimeToSystemTime : Pointer = nil;
  _RtlDeNormalizeProcessParams : Pointer = nil;
  _RtlDeleteAce : Pointer = nil;
  _RtlDeleteCriticalSection : Pointer = nil;
  _RtlDeleteOwnersRanges : Pointer = nil;
  _RtlDeleteRange : Pointer = nil;
  _RtlDeleteRegistryValue : Pointer = nil;
  _RtlDestroyHeap : Pointer = nil;
  _RtlDestroyProcessParameters : Pointer = nil;
  _RtlDestroyQueryDebugBuffer : Pointer = nil;
  _RtlDetermineDosPathNameType_U : Pointer = nil;
  _RtlDnsHostNameToComputerName : Pointer = nil;
  _RtlDoesFileExists_U : Pointer = nil;
  _RtlDosPathNameToNtPathName_U : Pointer = nil;
  _RtlDosSearchPath_U : Pointer = nil;
  _RtlDowncaseUnicodeChar : Pointer = nil;
  _RtlDowncaseUnicodeString : Pointer = nil;
  _RtlDuplicateUnicodeString : Pointer = nil;
  _RtlEnableEarlyCriticalSectionEventCreation : Pointer = nil;
  _RtlEnlargedIntegerMultiply : Pointer = nil;
  _RtlEnlargedUnsignedDivide : Pointer = nil;
  _RtlEnlargedUnsignedMultiply : Pointer = nil;
  _RtlEnterCriticalSection : Pointer = nil;
  _RtlEqualComputerName : Pointer = nil;
  _RtlEqualDomainName : Pointer = nil;
  _RtlEqualLuid : Pointer = nil;
  _RtlEqualPrefixSid : Pointer = nil;
  _RtlEqualSid : Pointer = nil;
  _RtlEqualString : Pointer = nil;
  _RtlEqualUnicodeString : Pointer = nil;
  _RtlEraseUnicodeString : Pointer = nil;
  _RtlExpandEnvironmentStrings_U : Pointer = nil;
  _RtlExtendedIntegerMultiply : Pointer = nil;
  _RtlExtendedLargeIntegerDivide : Pointer = nil;
  _RtlExtendedMagicDivide : Pointer = nil;
  _RtlFillMemory : Pointer = nil;
  _RtlFillMemoryUlong : Pointer = nil;
  _RtlFindCharInUnicodeString : Pointer = nil;
  _RtlFindClearBits : Pointer = nil;
  _RtlFindClearBitsAndSet : Pointer = nil;
  _RtlFindLastBackwardRunClear : Pointer = nil;
  _RtlFindLeastSignificantBit : Pointer = nil;
  _RtlFindLongestRunClear : Pointer = nil;
  _RtlFindMostSignificantBit : Pointer = nil;
  _RtlFindNextForwardRunClear : Pointer = nil;
  _RtlFindRange : Pointer = nil;
  _RtlFindSetBits : Pointer = nil;
  _RtlFindSetBitsAndClear : Pointer = nil;
  _RtlFirstFreeAce : Pointer = nil;
  _RtlFormatCurrentUserKeyPath : Pointer = nil;
  _RtlFreeAnsiString : Pointer = nil;
  _RtlFreeHeap : Pointer = nil;
  _RtlFreeOemString : Pointer = nil;
  _RtlFreeRangeList : Pointer = nil;
  _RtlFreeSid : Pointer = nil;
  _RtlFreeUnicodeString : Pointer = nil;
  _RtlGUIDFromString : Pointer = nil;
  _RtlGetAce : Pointer = nil;
  _RtlGetCallersAddress : Pointer = nil;
  _RtlGetControlSecurityDescriptor : Pointer = nil;
  _RtlGetCurrentDirectory_U : Pointer = nil;
  _RtlGetCurrentPeb : Pointer = nil;
  _RtlGetDaclSecurityDescriptor : Pointer = nil;
  _RtlGetFirstRange : Pointer = nil;
  _RtlGetFullPathName_U : Pointer = nil;
  _RtlGetGroupSecurityDescriptor : Pointer = nil;
  _RtlGetLastNtStatus : Pointer = nil;
  _RtlGetLongestNtPathLength : Pointer = nil;
  _RtlGetNextRange : Pointer = nil;
  _RtlGetNtGlobalFlags : Pointer = nil;
  _RtlGetNtProductType : Pointer = nil;
  _RtlGetNtVersionNumbers : Pointer = nil;
  _RtlGetOwnerSecurityDescriptor : Pointer = nil;
  _RtlGetProcessHeaps : Pointer = nil;
  _RtlGetSaclSecurityDescriptor : Pointer = nil;
  _RtlGetVersion : Pointer = nil;
  _RtlIdentifierAuthoritySid : Pointer = nil;
  _RtlImageDirectoryEntryToData : Pointer = nil;
  _RtlImageNtHeader : Pointer = nil;
  _RtlImageNtHeaderEx : Pointer = nil;
  _RtlImageRvaToSection : Pointer = nil;
  _RtlImageRvaToVa : Pointer = nil;
  _RtlImpersonateSelf : Pointer = nil;
  _RtlInitAnsiString : Pointer = nil;
  _RtlInitAnsiStringEx : Pointer = nil;
  _RtlInitString : Pointer = nil;
  _RtlInitUnicodeString : Pointer = nil;
  _RtlInitUnicodeStringEx : Pointer = nil;
  _RtlInitializeBitMap : Pointer = nil;
  _RtlInitializeCriticalSection : Pointer = nil;
  _RtlInitializeCriticalSectionAndSpinCount : Pointer = nil;
  _RtlInitializeRangeList : Pointer = nil;
  _RtlInitializeSListHead : Pointer = nil;
  _RtlInitializeSid : Pointer = nil;
  _RtlInt64ToUnicodeString : Pointer = nil;
  _RtlIntegerToChar : Pointer = nil;
  _RtlIntegerToUnicodeString : Pointer = nil;
  _RtlInterlockedFlushSList : Pointer = nil;
  _RtlInterlockedPopEntrySList : Pointer = nil;
  _RtlInterlockedPushEntrySList : Pointer = nil;
  _RtlInvertRangeList : Pointer = nil;
  _RtlIpv4AddressToStringA : Pointer = nil;
  _RtlIpv4AddressToStringW : Pointer = nil;
  _RtlIsDosDeviceName_U : Pointer = nil;
  _RtlIsNameLegalDOS8Dot3 : Pointer = nil;
  _RtlIsRangeAvailable : Pointer = nil;
  _RtlIsTextUnicode : Pointer = nil;
  _RtlLargeIntegerAdd : Pointer = nil;
  _RtlLargeIntegerArithmeticShift : Pointer = nil;
  _RtlLargeIntegerDivide : Pointer = nil;
  _RtlLargeIntegerNegate : Pointer = nil;
  _RtlLargeIntegerShiftLeft : Pointer = nil;
  _RtlLargeIntegerShiftRight : Pointer = nil;
  _RtlLargeIntegerSubtract : Pointer = nil;
  _RtlLargeIntegerToChar : Pointer = nil;
  _RtlLeaveCriticalSection : Pointer = nil;
  _RtlLengthRequiredSid : Pointer = nil;
  _RtlLengthSecurityDescriptor : Pointer = nil;
  _RtlLengthSid : Pointer = nil;
  _RtlLocalTimeToSystemTime : Pointer = nil;
  _RtlLockHeap : Pointer = nil;
  _RtlMakeSelfRelativeSD : Pointer = nil;
  _RtlMapGenericMask : Pointer = nil;
  _RtlMapSecurityErrorToNtStatus : Pointer = nil;
  _RtlMergeRangeLists : Pointer = nil;
  _RtlMoveMemory : Pointer = nil;
  _RtlNormalizeProcessParams : Pointer = nil;
  _RtlNtStatusToDosError : Pointer = nil;
  _RtlNtStatusToDosErrorNoTeb : Pointer = nil;
  _RtlNumberOfClearBits : Pointer = nil;
  _RtlNumberOfSetBits : Pointer = nil;
  _RtlOemStringToUnicodeSize : Pointer = nil;
  _RtlOemStringToUnicodeString : Pointer = nil;
  _RtlOemToUnicodeN : Pointer = nil;
  _RtlOpenCurrentUser : Pointer = nil;
  _RtlPrefixString : Pointer = nil;
  _RtlPrefixUnicodeString : Pointer = nil;
  _RtlQueryDepthSList : Pointer = nil;
  _RtlQueryEnvironmentVariable_U : Pointer = nil;
  _RtlQueryInformationAcl : Pointer = nil;
  _RtlQueryProcessDebugInformation : Pointer = nil;
  _RtlQueryRegistryValues : Pointer = nil;
  _RtlRaiseStatus : Pointer = nil;
  _RtlRandom : Pointer = nil;
  _RtlRandomEx : Pointer = nil;
  _RtlReAllocateHeap : Pointer = nil;
  _RtlReleasePebLock : Pointer = nil;
  _RtlRemoveVectoredExceptionHandler : Pointer = nil;
  _RtlRestoreLastWin32Error : Pointer = nil;
  _RtlRunDecodeUnicodeString : Pointer = nil;
  _RtlRunEncodeUnicodeString : Pointer = nil;
  _RtlSecondsSince1970ToTime : Pointer = nil;
  _RtlSecondsSince1980ToTime : Pointer = nil;
  _RtlSelfRelativeToAbsoluteSD : Pointer = nil;
  _RtlSetAllBits : Pointer = nil;
  _RtlSetBits : Pointer = nil;
  _RtlSetControlSecurityDescriptor : Pointer = nil;
  _RtlSetCriticalSectionSpinCount : Pointer = nil;
  _RtlSetCurrentDirectory_U : Pointer = nil;
  _RtlSetDaclSecurityDescriptor : Pointer = nil;
  _RtlSetGroupSecurityDescriptor : Pointer = nil;
  _RtlSetInformationAcl : Pointer = nil;
  _RtlSetLastWin32ErrorAndNtStatusFromNtStatus : Pointer = nil;
  _RtlSetOwnerSecurityDescriptor : Pointer = nil;
  _RtlSetProcessIsCritical : Pointer = nil;
  _RtlSetSaclSecurityDescriptor : Pointer = nil;
  _RtlSetThreadIsCritical : Pointer = nil;
  _RtlSizeHeap : Pointer = nil;
  _RtlStringFromGUID : Pointer = nil;
  _RtlSubAuthorityCountSid : Pointer = nil;
  _RtlSubAuthoritySid : Pointer = nil;
  _RtlSystemTimeToLocalTime : Pointer = nil;
  _RtlTimeFieldsToTime : Pointer = nil;
  _RtlTimeToElapsedTimeFields : Pointer = nil;
  _RtlTimeToSecondsSince1970 : Pointer = nil;
  _RtlTimeToSecondsSince1980 : Pointer = nil;
  _RtlTimeToTimeFields : Pointer = nil;
  _RtlTryEnterCriticalSection : Pointer = nil;
  _RtlUnicodeStringToAnsiSize : Pointer = nil;
  _RtlUnicodeStringToAnsiString : Pointer = nil;
  _RtlUnicodeStringToCountedOemString : Pointer = nil;
  _RtlUnicodeStringToInteger : Pointer = nil;
  _RtlUnicodeStringToOemSize : Pointer = nil;
  _RtlUnicodeStringToOemString : Pointer = nil;
  _RtlUnicodeToMultiByteSize : Pointer = nil;
  _RtlUniform : Pointer = nil;
  _RtlUnwind : Pointer = nil;
  _RtlUpcaseUnicodeChar : Pointer = nil;
  _RtlUpcaseUnicodeString : Pointer = nil;
  _RtlUpcaseUnicodeStringToAnsiString : Pointer = nil;
  _RtlUpcaseUnicodeStringToCountedOemString : Pointer = nil;
  _RtlUpcaseUnicodeStringToOemString : Pointer = nil;
  _RtlUpcaseUnicodeToMultiByteN : Pointer = nil;
  _RtlUpcaseUnicodeToOemN : Pointer = nil;
  _RtlUpperChar : Pointer = nil;
  _RtlUpperString : Pointer = nil;
  _RtlValidAcl : Pointer = nil;
  _RtlValidRelativeSecurityDescriptor : Pointer = nil;
  _RtlValidSecurityDescriptor : Pointer = nil;
  _RtlValidSid : Pointer = nil;
  _RtlValidateHeap : Pointer = nil;
  _RtlValidateUnicodeString : Pointer = nil;
  _RtlVerifyVersionInfo : Pointer = nil;
  _RtlVolumeDeviceToDosName : Pointer = nil;
  _RtlWriteRegistryValue : Pointer = nil;
  _RtlZeroHeap : Pointer = nil;
  _RtlZeroMemory : Pointer = nil;
  _RtlpNotOwnerCriticalSection : Pointer = nil;
  _RtlpNtCreateKey : Pointer = nil;
  _RtlpNtEnumerateSubKey : Pointer = nil;
  _RtlpNtMakeTemporaryKey : Pointer = nil;
  _RtlpNtOpenKey : Pointer = nil;
  _RtlpNtQueryValueKey : Pointer = nil;
  _RtlpNtSetValueKey : Pointer = nil;
  _RtlxAnsiStringToUnicodeSize : Pointer = nil;
  _RtlxOemStringToUnicodeSize : Pointer = nil;
  _RtlxUnicodeStringToAnsiSize : Pointer = nil;
  _RtlxUnicodeStringToOemSize : Pointer = nil;
  _VerSetConditionMask : Pointer = nil;


// Dynamic version of CsrGetProcessId
function  CsrGetProcessId(): DWORD; stdcall;
begin
  GetProcedureAddress(_CsrGetProcessId, ntdll, 'CsrGetProcessId');
  Result := TFNCsrGetProcessId(_CsrGetProcessId)();
end;

// Dynamic version of DbgQueryDebugFilterState
function  DbgQueryDebugFilterState(
    ComponentId : ULONG;
    Level : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_DbgQueryDebugFilterState, ntdll, 'DbgQueryDebugFilterState');
  Result := TFNDbgQueryDebugFilterState(_DbgQueryDebugFilterState)(
    ComponentId, Level
  );
end;

// Dynamic version of DbgSetDebugFilterState
function  DbgSetDebugFilterState(
    ComponentId : ULONG;
    Level : ULONG;
    State : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_DbgSetDebugFilterState, ntdll, 'DbgSetDebugFilterState');
  Result := TFNDbgSetDebugFilterState(_DbgSetDebugFilterState)(
    ComponentId, Level, State
  );
end;

// Dynamic version of KiRaiseUserExceptionDispatcher
function  KiRaiseUserExceptionDispatcher(): ULONG; stdcall;
begin
  GetProcedureAddress(_KiRaiseUserExceptionDispatcher, ntdll, 'KiRaiseUserExceptionDispatcher');
  Result := TFNKiRaiseUserExceptionDispatcher(_KiRaiseUserExceptionDispatcher)();
end;

// Dynamic version of LdrAccessResource
function  LdrAccessResource(
    hModule : HANDLE;
    ResourceDataEntry : PIMAGE_RESOURCE_DATA_ENTRY;
    Address : PPVOID;
    dwSize : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_LdrAccessResource, ntdll, 'LdrAccessResource');
  Result := TFNLdrAccessResource(_LdrAccessResource)(
    hModule, ResourceDataEntry, Address, dwSize
  );
end;

// Dynamic version of LdrAlternateResourcesEnabled
function  LdrAlternateResourcesEnabled(): BOOLEAN; stdcall;
begin
  GetProcedureAddress(_LdrAlternateResourcesEnabled, ntdll, 'LdrAlternateResourcesEnabled');
  Result := TFNLdrAlternateResourcesEnabled(_LdrAlternateResourcesEnabled)();
end;

// Dynamic version of LdrDisableThreadCalloutsForDll
function  LdrDisableThreadCalloutsForDll(
    hModule : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_LdrDisableThreadCalloutsForDll, ntdll, 'LdrDisableThreadCalloutsForDll');
  Result := TFNLdrDisableThreadCalloutsForDll(_LdrDisableThreadCalloutsForDll)(
    hModule
  );
end;

// Dynamic version of LdrGetDllHandle
function  LdrGetDllHandle(
    pwPath : PWORD;
    pReserved : PVOID;
    pusPath : PUNICODE_STRING;
    var phModule : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_LdrGetDllHandle, ntdll, 'LdrGetDllHandle');
  Result := TFNLdrGetDllHandle(_LdrGetDllHandle)(
    pwPath, pReserved, pusPath, phModule
  );
end;

// Dynamic version of LdrGetProcedureAddress
function  LdrGetProcedureAddress(
    hModule : HANDLE;
    dwOrdinal : ULONG;
    psName : PSTRING;
    var pProcedure : PVOID
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_LdrGetProcedureAddress, ntdll, 'LdrGetProcedureAddress');
  Result := TFNLdrGetProcedureAddress(_LdrGetProcedureAddress)(
    hModule, dwOrdinal, psName, pProcedure
  );
end;

// Dynamic version of LdrLoadDll
function  LdrLoadDll(
    pwPath : PWORD;
    pdwFlags : PDWORD;
    pusPath : PUNICODE_STRING;
    var phModule : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_LdrLoadDll, ntdll, 'LdrLoadDll');
  Result := TFNLdrLoadDll(_LdrLoadDll)(
    pwPath, pdwFlags, pusPath, phModule
  );
end;

// Dynamic version of LdrQueryImageFileExecutionOptions
function  LdrQueryImageFileExecutionOptions(
    pusImagePath : PUNICODE_STRING;
    pwOptionName : PWORD;
    dwRequestedType : DWORD;
    pData : PVOID;
    dwSize : DWORD;
    pdwSize : PDWORD
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_LdrQueryImageFileExecutionOptions, ntdll, 'LdrQueryImageFileExecutionOptions');
  Result := TFNLdrQueryImageFileExecutionOptions(_LdrQueryImageFileExecutionOptions)(
    pusImagePath, pwOptionName, dwRequestedType, pData, dwSize, pdwSize
  );
end;

// Dynamic version of LdrQueryProcessModuleInformation
function  LdrQueryProcessModuleInformation(
    psmi : PSYSTEM_MODULE_INFORMATION;
    dwSize : DWORD;
    pdwSize : PDWORD
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_LdrQueryProcessModuleInformation, ntdll, 'LdrQueryProcessModuleInformation');
  Result := TFNLdrQueryProcessModuleInformation(_LdrQueryProcessModuleInformation)(
    psmi, dwSize, pdwSize
  );
end;

// Dynamic version of LdrShutdownProcess
procedure LdrShutdownProcess(); stdcall;
begin
  GetProcedureAddress(_LdrShutdownProcess, ntdll, 'LdrShutdownProcess');
  TFNLdrShutdownProcess(_LdrShutdownProcess)();
end;

// Dynamic version of LdrShutdownThread
procedure LdrShutdownThread(); stdcall;
begin
  GetProcedureAddress(_LdrShutdownThread, ntdll, 'LdrShutdownThread');
  TFNLdrShutdownThread(_LdrShutdownThread)();
end;

// Dynamic version of LdrUnloadDll
function  LdrUnloadDll(
    hModule : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_LdrUnloadDll, ntdll, 'LdrUnloadDll');
  Result := TFNLdrUnloadDll(_LdrUnloadDll)(
    hModule
  );
end;

// Dynamic version of NtAcceptConnectPort
function  NtAcceptConnectPort(
    PortHandle : PHANDLE;
    PortIdentifier : ULONG;
    Message : PPORT_MESSAGE;
    Accept : BOOLEAN;
    WriteSection : PPORT_SECTION_WRITE;
    ReadSection : PPORT_SECTION_READ
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtAcceptConnectPort, ntdll, 'NtAcceptConnectPort');
  Result := TFNNtAcceptConnectPort(_NtAcceptConnectPort)(
    PortHandle, PortIdentifier, Message, Accept, WriteSection, ReadSection
  );
end;

// Dynamic version of NtAcceptConnectPort
function  ZwAcceptConnectPort(
    PortHandle : PHANDLE;
    PortIdentifier : ULONG;
    Message : PPORT_MESSAGE;
    Accept : BOOLEAN;
    WriteSection : PPORT_SECTION_WRITE;
    ReadSection : PPORT_SECTION_READ
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtAcceptConnectPort, ntdll, 'NtAcceptConnectPort');
  Result := TFNNtAcceptConnectPort(_NtAcceptConnectPort)(
    PortHandle, PortIdentifier, Message, Accept, WriteSection, ReadSection
  );
end;

// Dynamic version of NtAccessCheck
function  NtAccessCheck(
    SecurityDescriptor : PSECURITY_DESCRIPTOR;
    TokenHandle : HANDLE;
    DesiredAccess : ACCESS_MASK;
    GenericMapping : PGENERIC_MAPPING;
    PrivilegeSet : PPRIVILEGE_SET;
    PrivilegeSetLength : PULONG;
    GrantedAccess : PACCESS_MASK;
    AccessStatus : PBOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtAccessCheck, ntdll, 'NtAccessCheck');
  Result := TFNNtAccessCheck(_NtAccessCheck)(
    SecurityDescriptor, TokenHandle, DesiredAccess, GenericMapping, PrivilegeSet, PrivilegeSetLength, GrantedAccess, AccessStatus
  );
end;

// Dynamic version of NtAccessCheck
function  ZwAccessCheck(
    SecurityDescriptor : PSECURITY_DESCRIPTOR;
    TokenHandle : HANDLE;
    DesiredAccess : ACCESS_MASK;
    GenericMapping : PGENERIC_MAPPING;
    PrivilegeSet : PPRIVILEGE_SET;
    PrivilegeSetLength : PULONG;
    GrantedAccess : PACCESS_MASK;
    AccessStatus : PBOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtAccessCheck, ntdll, 'NtAccessCheck');
  Result := TFNNtAccessCheck(_NtAccessCheck)(
    SecurityDescriptor, TokenHandle, DesiredAccess, GenericMapping, PrivilegeSet, PrivilegeSetLength, GrantedAccess, AccessStatus
  );
end;

// Dynamic version of NtAccessCheckAndAuditAlarm
function  NtAccessCheckAndAuditAlarm(
    SubsystemName : PUNICODE_STRING;
    HandleId : PVOID;
    ObjectTypeName : PUNICODE_STRING;
    ObjectName : PUNICODE_STRING;
    SecurityDescriptor : PSECURITY_DESCRIPTOR;
    DesiredAccess : ACCESS_MASK;
    GenericMapping : PGENERIC_MAPPING;
    ObjectCreation : BOOLEAN;
    GrantedAccess : PACCESS_MASK;
    AccessStatus : PBOOLEAN;
    GenerateOnClose : PBOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtAccessCheckAndAuditAlarm, ntdll, 'NtAccessCheckAndAuditAlarm');
  Result := TFNNtAccessCheckAndAuditAlarm(_NtAccessCheckAndAuditAlarm)(
    SubsystemName, HandleId, ObjectTypeName, ObjectName, SecurityDescriptor, DesiredAccess, GenericMapping, ObjectCreation, GrantedAccess, AccessStatus, GenerateOnClose
  );
end;

// Dynamic version of NtAccessCheckAndAuditAlarm
function  ZwAccessCheckAndAuditAlarm(
    SubsystemName : PUNICODE_STRING;
    HandleId : PVOID;
    ObjectTypeName : PUNICODE_STRING;
    ObjectName : PUNICODE_STRING;
    SecurityDescriptor : PSECURITY_DESCRIPTOR;
    DesiredAccess : ACCESS_MASK;
    GenericMapping : PGENERIC_MAPPING;
    ObjectCreation : BOOLEAN;
    GrantedAccess : PACCESS_MASK;
    AccessStatus : PBOOLEAN;
    GenerateOnClose : PBOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtAccessCheckAndAuditAlarm, ntdll, 'NtAccessCheckAndAuditAlarm');
  Result := TFNNtAccessCheckAndAuditAlarm(_NtAccessCheckAndAuditAlarm)(
    SubsystemName, HandleId, ObjectTypeName, ObjectName, SecurityDescriptor, DesiredAccess, GenericMapping, ObjectCreation, GrantedAccess, AccessStatus, GenerateOnClose
  );
end;

// Dynamic version of NtAccessCheckByType
function  NtAccessCheckByType(
    SecurityDescriptor : PSECURITY_DESCRIPTOR;
    PrincipalSelfSid : PSID;
    TokenHandle : HANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectTypeList : POBJECT_TYPE_LIST;
    ObjectTypeListLength : ULONG;
    GenericMapping : PGENERIC_MAPPING;
    PrivilegeSet : PPRIVILEGE_SET;
    PrivilegeSetLength : PULONG;
    GrantedAccess : PACCESS_MASK;
    AccessStatus : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtAccessCheckByType, ntdll, 'NtAccessCheckByType');
  Result := TFNNtAccessCheckByType(_NtAccessCheckByType)(
    SecurityDescriptor, PrincipalSelfSid, TokenHandle, DesiredAccess, ObjectTypeList, ObjectTypeListLength, GenericMapping, PrivilegeSet, PrivilegeSetLength, GrantedAccess, AccessStatus
  );
end;

// Dynamic version of NtAccessCheckByType
function  ZwAccessCheckByType(
    SecurityDescriptor : PSECURITY_DESCRIPTOR;
    PrincipalSelfSid : PSID;
    TokenHandle : HANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectTypeList : POBJECT_TYPE_LIST;
    ObjectTypeListLength : ULONG;
    GenericMapping : PGENERIC_MAPPING;
    PrivilegeSet : PPRIVILEGE_SET;
    PrivilegeSetLength : PULONG;
    GrantedAccess : PACCESS_MASK;
    AccessStatus : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtAccessCheckByType, ntdll, 'NtAccessCheckByType');
  Result := TFNNtAccessCheckByType(_NtAccessCheckByType)(
    SecurityDescriptor, PrincipalSelfSid, TokenHandle, DesiredAccess, ObjectTypeList, ObjectTypeListLength, GenericMapping, PrivilegeSet, PrivilegeSetLength, GrantedAccess, AccessStatus
  );
end;

// Dynamic version of NtAccessCheckByTypeAndAuditAlarm
function  NtAccessCheckByTypeAndAuditAlarm(
    SubsystemName : PUNICODE_STRING;
    HandleId : PVOID;
    ObjectTypeName : PUNICODE_STRING;
    ObjectName : PUNICODE_STRING;
    SecurityDescriptor : PSECURITY_DESCRIPTOR;
    PrincipalSelfSid : PSID;
    DesiredAccess : ACCESS_MASK;
    AuditType : AUDIT_EVENT_TYPE;
    Flags : ULONG;
    ObjectTypeList : POBJECT_TYPE_LIST;
    ObjectTypeListLength : ULONG;
    GenericMapping : PGENERIC_MAPPING;
    ObjectCreation : BOOLEAN;
    GrantedAccess : PACCESS_MASK;
    AccessStatus : PULONG;
    GenerateOnClose : PBOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtAccessCheckByTypeAndAuditAlarm, ntdll, 'NtAccessCheckByTypeAndAuditAlarm');
  Result := TFNNtAccessCheckByTypeAndAuditAlarm(_NtAccessCheckByTypeAndAuditAlarm)(
    SubsystemName, HandleId, ObjectTypeName, ObjectName, SecurityDescriptor, PrincipalSelfSid, DesiredAccess, AuditType, Flags, ObjectTypeList, ObjectTypeListLength, GenericMapping, ObjectCreation, GrantedAccess, AccessStatus,
    GenerateOnClose
  );
end;

// Dynamic version of NtAccessCheckByTypeAndAuditAlarm
function  ZwAccessCheckByTypeAndAuditAlarm(
    SubsystemName : PUNICODE_STRING;
    HandleId : PVOID;
    ObjectTypeName : PUNICODE_STRING;
    ObjectName : PUNICODE_STRING;
    SecurityDescriptor : PSECURITY_DESCRIPTOR;
    PrincipalSelfSid : PSID;
    DesiredAccess : ACCESS_MASK;
    AuditType : AUDIT_EVENT_TYPE;
    Flags : ULONG;
    ObjectTypeList : POBJECT_TYPE_LIST;
    ObjectTypeListLength : ULONG;
    GenericMapping : PGENERIC_MAPPING;
    ObjectCreation : BOOLEAN;
    GrantedAccess : PACCESS_MASK;
    AccessStatus : PULONG;
    GenerateOnClose : PBOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtAccessCheckByTypeAndAuditAlarm, ntdll, 'NtAccessCheckByTypeAndAuditAlarm');
  Result := TFNNtAccessCheckByTypeAndAuditAlarm(_NtAccessCheckByTypeAndAuditAlarm)(
    SubsystemName, HandleId, ObjectTypeName, ObjectName, SecurityDescriptor, PrincipalSelfSid, DesiredAccess, AuditType, Flags, ObjectTypeList, ObjectTypeListLength, GenericMapping, ObjectCreation, GrantedAccess, AccessStatus,
    GenerateOnClose
  );
end;

// Dynamic version of NtAccessCheckByTypeResultList
function  NtAccessCheckByTypeResultList(
    SecurityDescriptor : PSECURITY_DESCRIPTOR;
    PrincipalSelfSid : PSID;
    TokenHandle : HANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectTypeList : POBJECT_TYPE_LIST;
    ObjectTypeListLength : ULONG;
    GenericMapping : PGENERIC_MAPPING;
    PrivilegeSet : PPRIVILEGE_SET;
    PrivilegeSetLength : PULONG;
    GrantedAccessList : PACCESS_MASK;
    AccessStatusList : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtAccessCheckByTypeResultList, ntdll, 'NtAccessCheckByTypeResultList');
  Result := TFNNtAccessCheckByTypeResultList(_NtAccessCheckByTypeResultList)(
    SecurityDescriptor, PrincipalSelfSid, TokenHandle, DesiredAccess, ObjectTypeList, ObjectTypeListLength, GenericMapping, PrivilegeSet, PrivilegeSetLength, GrantedAccessList, AccessStatusList
  );
end;

// Dynamic version of NtAccessCheckByTypeResultList
function  ZwAccessCheckByTypeResultList(
    SecurityDescriptor : PSECURITY_DESCRIPTOR;
    PrincipalSelfSid : PSID;
    TokenHandle : HANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectTypeList : POBJECT_TYPE_LIST;
    ObjectTypeListLength : ULONG;
    GenericMapping : PGENERIC_MAPPING;
    PrivilegeSet : PPRIVILEGE_SET;
    PrivilegeSetLength : PULONG;
    GrantedAccessList : PACCESS_MASK;
    AccessStatusList : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtAccessCheckByTypeResultList, ntdll, 'NtAccessCheckByTypeResultList');
  Result := TFNNtAccessCheckByTypeResultList(_NtAccessCheckByTypeResultList)(
    SecurityDescriptor, PrincipalSelfSid, TokenHandle, DesiredAccess, ObjectTypeList, ObjectTypeListLength, GenericMapping, PrivilegeSet, PrivilegeSetLength, GrantedAccessList, AccessStatusList
  );
end;

// Dynamic version of NtAccessCheckByTypeResultListAndAuditAlarm
function  NtAccessCheckByTypeResultListAndAuditAlarm(
    SubsystemName : PUNICODE_STRING;
    HandleId : PVOID;
    ObjectTypeName : PUNICODE_STRING;
    ObjectName : PUNICODE_STRING;
    SecurityDescriptor : PSECURITY_DESCRIPTOR;
    PrincipalSelfSid : PSID;
    DesiredAccess : ACCESS_MASK;
    AuditType : AUDIT_EVENT_TYPE;
    Flags : ULONG;
    ObjectTypeList : POBJECT_TYPE_LIST;
    ObjectTypeListLength : ULONG;
    GenericMapping : PGENERIC_MAPPING;
    ObjectCreation : BOOLEAN;
    GrantedAccessList : PACCESS_MASK;
    AccessStatusList : PULONG;
    GenerateOnClose : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtAccessCheckByTypeResultListAndAuditAlarm, ntdll, 'NtAccessCheckByTypeResultListAndAuditAlarm');
  Result := TFNNtAccessCheckByTypeResultListAndAuditAlarm(_NtAccessCheckByTypeResultListAndAuditAlarm)(
    SubsystemName, HandleId, ObjectTypeName, ObjectName, SecurityDescriptor, PrincipalSelfSid, DesiredAccess, AuditType, Flags, ObjectTypeList, ObjectTypeListLength, GenericMapping, ObjectCreation, GrantedAccessList, AccessStatusList,
    GenerateOnClose
  );
end;

// Dynamic version of NtAccessCheckByTypeResultListAndAuditAlarm
function  ZwAccessCheckByTypeResultListAndAuditAlarm(
    SubsystemName : PUNICODE_STRING;
    HandleId : PVOID;
    ObjectTypeName : PUNICODE_STRING;
    ObjectName : PUNICODE_STRING;
    SecurityDescriptor : PSECURITY_DESCRIPTOR;
    PrincipalSelfSid : PSID;
    DesiredAccess : ACCESS_MASK;
    AuditType : AUDIT_EVENT_TYPE;
    Flags : ULONG;
    ObjectTypeList : POBJECT_TYPE_LIST;
    ObjectTypeListLength : ULONG;
    GenericMapping : PGENERIC_MAPPING;
    ObjectCreation : BOOLEAN;
    GrantedAccessList : PACCESS_MASK;
    AccessStatusList : PULONG;
    GenerateOnClose : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtAccessCheckByTypeResultListAndAuditAlarm, ntdll, 'NtAccessCheckByTypeResultListAndAuditAlarm');
  Result := TFNNtAccessCheckByTypeResultListAndAuditAlarm(_NtAccessCheckByTypeResultListAndAuditAlarm)(
    SubsystemName, HandleId, ObjectTypeName, ObjectName, SecurityDescriptor, PrincipalSelfSid, DesiredAccess, AuditType, Flags, ObjectTypeList, ObjectTypeListLength, GenericMapping, ObjectCreation, GrantedAccessList, AccessStatusList,
    GenerateOnClose
  );
end;

// Dynamic version of NtAccessCheckByTypeResultListAndAuditAlarmByHandle
function  NtAccessCheckByTypeResultListAndAuditAlarmByHandle(
    SubsystemName : PUNICODE_STRING;
    HandleId : PVOID;
    TokenHandle : HANDLE;
    ObjectTypeName : PUNICODE_STRING;
    ObjectName : PUNICODE_STRING;
    SecurityDescriptor : PSECURITY_DESCRIPTOR;
    PrincipalSelfSid : PSID;
    DesiredAccess : ACCESS_MASK;
    AuditType : AUDIT_EVENT_TYPE;
    Flags : ULONG;
    ObjectTypeList : POBJECT_TYPE_LIST;
    ObjectTypeListLength : ULONG;
    GenericMapping : PGENERIC_MAPPING;
    ObjectCreation : BOOLEAN;
    GrantedAccessList : PACCESS_MASK;
    AccessStatusList : PULONG;
    GenerateOnClose : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtAccessCheckByTypeResultListAndAuditAlarmByHandle, ntdll, 'NtAccessCheckByTypeResultListAndAuditAlarmByHandle');
  Result := TFNNtAccessCheckByTypeResultListAndAuditAlarmByHandle(_NtAccessCheckByTypeResultListAndAuditAlarmByHandle)(
    SubsystemName, HandleId, TokenHandle, ObjectTypeName, ObjectName, SecurityDescriptor, PrincipalSelfSid, DesiredAccess, AuditType, Flags, ObjectTypeList, ObjectTypeListLength, GenericMapping, ObjectCreation, GrantedAccessList,
    AccessStatusList, GenerateOnClose
  );
end;

// Dynamic version of NtAccessCheckByTypeResultListAndAuditAlarmByHandle
function  ZwAccessCheckByTypeResultListAndAuditAlarmByHandle(
    SubsystemName : PUNICODE_STRING;
    HandleId : PVOID;
    TokenHandle : HANDLE;
    ObjectTypeName : PUNICODE_STRING;
    ObjectName : PUNICODE_STRING;
    SecurityDescriptor : PSECURITY_DESCRIPTOR;
    PrincipalSelfSid : PSID;
    DesiredAccess : ACCESS_MASK;
    AuditType : AUDIT_EVENT_TYPE;
    Flags : ULONG;
    ObjectTypeList : POBJECT_TYPE_LIST;
    ObjectTypeListLength : ULONG;
    GenericMapping : PGENERIC_MAPPING;
    ObjectCreation : BOOLEAN;
    GrantedAccessList : PACCESS_MASK;
    AccessStatusList : PULONG;
    GenerateOnClose : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtAccessCheckByTypeResultListAndAuditAlarmByHandle, ntdll, 'NtAccessCheckByTypeResultListAndAuditAlarmByHandle');
  Result := TFNNtAccessCheckByTypeResultListAndAuditAlarmByHandle(_NtAccessCheckByTypeResultListAndAuditAlarmByHandle)(
    SubsystemName, HandleId, TokenHandle, ObjectTypeName, ObjectName, SecurityDescriptor, PrincipalSelfSid, DesiredAccess, AuditType, Flags, ObjectTypeList, ObjectTypeListLength, GenericMapping, ObjectCreation, GrantedAccessList,
    AccessStatusList, GenerateOnClose
  );
end;

// Dynamic version of NtAddAtom
function  NtAddAtom(
    Str : PWSTR;
    StringLength : ULONG;
    Atom : PUSHORT
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtAddAtom, ntdll, 'NtAddAtom');
  Result := TFNNtAddAtom(_NtAddAtom)(
    Str, StringLength, Atom
  );
end;

// Dynamic version of NtAddAtom
function  ZwAddAtom(
    Str : PWSTR;
    StringLength : ULONG;
    Atom : PUSHORT
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtAddAtom, ntdll, 'NtAddAtom');
  Result := TFNNtAddAtom(_NtAddAtom)(
    Str, StringLength, Atom
  );
end;

// Dynamic version of NtAdjustGroupsToken
function  NtAdjustGroupsToken(
    TokenHandle : HANDLE;
    ResetToDefault : BOOLEAN;
    NewState : PTOKEN_GROUPS;
    BufferLength : ULONG;
    PreviousState : PTOKEN_GROUPS;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtAdjustGroupsToken, ntdll, 'NtAdjustGroupsToken');
  Result := TFNNtAdjustGroupsToken(_NtAdjustGroupsToken)(
    TokenHandle, ResetToDefault, NewState, BufferLength, PreviousState, ReturnLength
  );
end;

// Dynamic version of NtAdjustGroupsToken
function  ZwAdjustGroupsToken(
    TokenHandle : HANDLE;
    ResetToDefault : BOOLEAN;
    NewState : PTOKEN_GROUPS;
    BufferLength : ULONG;
    PreviousState : PTOKEN_GROUPS;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtAdjustGroupsToken, ntdll, 'NtAdjustGroupsToken');
  Result := TFNNtAdjustGroupsToken(_NtAdjustGroupsToken)(
    TokenHandle, ResetToDefault, NewState, BufferLength, PreviousState, ReturnLength
  );
end;

// Dynamic version of NtAdjustPrivilegesToken
function  NtAdjustPrivilegesToken(
    TokenHandle : HANDLE;
    DisableAllPrivileges : BOOLEAN;
    NewState : PTOKEN_PRIVILEGES;
    BufferLength : ULONG;
    PreviousState : PTOKEN_PRIVILEGES;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtAdjustPrivilegesToken, ntdll, 'NtAdjustPrivilegesToken');
  Result := TFNNtAdjustPrivilegesToken(_NtAdjustPrivilegesToken)(
    TokenHandle, DisableAllPrivileges, NewState, BufferLength, PreviousState, ReturnLength
  );
end;

// Dynamic version of NtAdjustPrivilegesToken
function  ZwAdjustPrivilegesToken(
    TokenHandle : HANDLE;
    DisableAllPrivileges : BOOLEAN;
    NewState : PTOKEN_PRIVILEGES;
    BufferLength : ULONG;
    PreviousState : PTOKEN_PRIVILEGES;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtAdjustPrivilegesToken, ntdll, 'NtAdjustPrivilegesToken');
  Result := TFNNtAdjustPrivilegesToken(_NtAdjustPrivilegesToken)(
    TokenHandle, DisableAllPrivileges, NewState, BufferLength, PreviousState, ReturnLength
  );
end;

// Dynamic version of NtAlertResumeThread
function  NtAlertResumeThread(
    ThreadHandle : HANDLE;
    PreviousSuspendCount : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtAlertResumeThread, ntdll, 'NtAlertResumeThread');
  Result := TFNNtAlertResumeThread(_NtAlertResumeThread)(
    ThreadHandle, PreviousSuspendCount
  );
end;

// Dynamic version of NtAlertResumeThread
function  ZwAlertResumeThread(
    ThreadHandle : HANDLE;
    PreviousSuspendCount : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtAlertResumeThread, ntdll, 'NtAlertResumeThread');
  Result := TFNNtAlertResumeThread(_NtAlertResumeThread)(
    ThreadHandle, PreviousSuspendCount
  );
end;

// Dynamic version of NtAlertThread
function  NtAlertThread(
    ThreadHandle : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtAlertThread, ntdll, 'NtAlertThread');
  Result := TFNNtAlertThread(_NtAlertThread)(
    ThreadHandle
  );
end;

// Dynamic version of NtAlertThread
function  ZwAlertThread(
    ThreadHandle : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtAlertThread, ntdll, 'NtAlertThread');
  Result := TFNNtAlertThread(_NtAlertThread)(
    ThreadHandle
  );
end;

// Dynamic version of NtAllocateLocallyUniqueId
function  NtAllocateLocallyUniqueId(
    Luid : PLUID
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtAllocateLocallyUniqueId, ntdll, 'NtAllocateLocallyUniqueId');
  Result := TFNNtAllocateLocallyUniqueId(_NtAllocateLocallyUniqueId)(
    Luid
  );
end;

// Dynamic version of NtAllocateLocallyUniqueId
function  ZwAllocateLocallyUniqueId(
    Luid : PLUID
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtAllocateLocallyUniqueId, ntdll, 'NtAllocateLocallyUniqueId');
  Result := TFNNtAllocateLocallyUniqueId(_NtAllocateLocallyUniqueId)(
    Luid
  );
end;

// Dynamic version of NtAllocateUserPhysicalPages
function  NtAllocateUserPhysicalPages(
    ProcessHandle : HANDLE;
    NumberOfPages : PULONG;
    PageFrameNumbers : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtAllocateUserPhysicalPages, ntdll, 'NtAllocateUserPhysicalPages');
  Result := TFNNtAllocateUserPhysicalPages(_NtAllocateUserPhysicalPages)(
    ProcessHandle, NumberOfPages, PageFrameNumbers
  );
end;

// Dynamic version of NtAllocateUserPhysicalPages
function  ZwAllocateUserPhysicalPages(
    ProcessHandle : HANDLE;
    NumberOfPages : PULONG;
    PageFrameNumbers : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtAllocateUserPhysicalPages, ntdll, 'NtAllocateUserPhysicalPages');
  Result := TFNNtAllocateUserPhysicalPages(_NtAllocateUserPhysicalPages)(
    ProcessHandle, NumberOfPages, PageFrameNumbers
  );
end;

// Dynamic version of NtAllocateUuids
function  NtAllocateUuids(
    UuidLastTimeAllocated : PLARGE_INTEGER;
    UuidDeltaTime : PULONG;
    UuidSequenceNumber : PULONG;
    UuidSeed : PUCHAR
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtAllocateUuids, ntdll, 'NtAllocateUuids');
  Result := TFNNtAllocateUuids(_NtAllocateUuids)(
    UuidLastTimeAllocated, UuidDeltaTime, UuidSequenceNumber, UuidSeed
  );
end;

// Dynamic version of NtAllocateUuids
function  ZwAllocateUuids(
    UuidLastTimeAllocated : PLARGE_INTEGER;
    UuidDeltaTime : PULONG;
    UuidSequenceNumber : PULONG;
    UuidSeed : PUCHAR
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtAllocateUuids, ntdll, 'NtAllocateUuids');
  Result := TFNNtAllocateUuids(_NtAllocateUuids)(
    UuidLastTimeAllocated, UuidDeltaTime, UuidSequenceNumber, UuidSeed
  );
end;

// Dynamic version of NtAllocateVirtualMemory
function  NtAllocateVirtualMemory(
    ProcessHandle : HANDLE;
    BaseAddress : PPVOID;
    ZeroBits : ULONG;
    AllocationSize : PULONG;
    AllocationType : ULONG;
    Protect : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtAllocateVirtualMemory, ntdll, 'NtAllocateVirtualMemory');
  Result := TFNNtAllocateVirtualMemory(_NtAllocateVirtualMemory)(
    ProcessHandle, BaseAddress, ZeroBits, AllocationSize, AllocationType, Protect
  );
end;

// Dynamic version of NtAllocateVirtualMemory
function  ZwAllocateVirtualMemory(
    ProcessHandle : HANDLE;
    BaseAddress : PPVOID;
    ZeroBits : ULONG;
    AllocationSize : PULONG;
    AllocationType : ULONG;
    Protect : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtAllocateVirtualMemory, ntdll, 'NtAllocateVirtualMemory');
  Result := TFNNtAllocateVirtualMemory(_NtAllocateVirtualMemory)(
    ProcessHandle, BaseAddress, ZeroBits, AllocationSize, AllocationType, Protect
  );
end;

// Dynamic version of NtAreMappedFilesTheSame
function  NtAreMappedFilesTheSame(
    Address1 : PVOID;
    Address2 : PVOID
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtAreMappedFilesTheSame, ntdll, 'NtAreMappedFilesTheSame');
  Result := TFNNtAreMappedFilesTheSame(_NtAreMappedFilesTheSame)(
    Address1, Address2
  );
end;

// Dynamic version of NtAreMappedFilesTheSame
function  ZwAreMappedFilesTheSame(
    Address1 : PVOID;
    Address2 : PVOID
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtAreMappedFilesTheSame, ntdll, 'NtAreMappedFilesTheSame');
  Result := TFNNtAreMappedFilesTheSame(_NtAreMappedFilesTheSame)(
    Address1, Address2
  );
end;

// Dynamic version of NtAssignProcessToJobObject
function  NtAssignProcessToJobObject(
    JobHandle : HANDLE;
    ProcessHandle : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtAssignProcessToJobObject, ntdll, 'NtAssignProcessToJobObject');
  Result := TFNNtAssignProcessToJobObject(_NtAssignProcessToJobObject)(
    JobHandle, ProcessHandle
  );
end;

// Dynamic version of NtAssignProcessToJobObject
function  ZwAssignProcessToJobObject(
    JobHandle : HANDLE;
    ProcessHandle : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtAssignProcessToJobObject, ntdll, 'NtAssignProcessToJobObject');
  Result := TFNNtAssignProcessToJobObject(_NtAssignProcessToJobObject)(
    JobHandle, ProcessHandle
  );
end;

// Dynamic version of NtCallbackReturn
function  NtCallbackReturn(
    Result_ : PVOID;
    ResultLength : ULONG;
    Status : NTSTATUS
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCallbackReturn, ntdll, 'NtCallbackReturn');
  Result := TFNNtCallbackReturn(_NtCallbackReturn)(
    Result_, ResultLength, Status
  );
end;

// Dynamic version of NtCallbackReturn
function  ZwCallbackReturn(
    Result_ : PVOID;
    ResultLength : ULONG;
    Status : NTSTATUS
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCallbackReturn, ntdll, 'NtCallbackReturn');
  Result := TFNNtCallbackReturn(_NtCallbackReturn)(
    Result_, ResultLength, Status
  );
end;

// Dynamic version of NtCancelDeviceWakeupRequest
function  NtCancelDeviceWakeupRequest(
    DeviceHandle : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCancelDeviceWakeupRequest, ntdll, 'NtCancelDeviceWakeupRequest');
  Result := TFNNtCancelDeviceWakeupRequest(_NtCancelDeviceWakeupRequest)(
    DeviceHandle
  );
end;

// Dynamic version of NtCancelDeviceWakeupRequest
function  ZwCancelDeviceWakeupRequest(
    DeviceHandle : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCancelDeviceWakeupRequest, ntdll, 'NtCancelDeviceWakeupRequest');
  Result := TFNNtCancelDeviceWakeupRequest(_NtCancelDeviceWakeupRequest)(
    DeviceHandle
  );
end;

// Dynamic version of NtCancelIoFile
function  NtCancelIoFile(
    FileHandle : HANDLE;
    IoStatusBlock : PIO_STATUS_BLOCK
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCancelIoFile, ntdll, 'NtCancelIoFile');
  Result := TFNNtCancelIoFile(_NtCancelIoFile)(
    FileHandle, IoStatusBlock
  );
end;

// Dynamic version of NtCancelIoFile
function  ZwCancelIoFile(
    FileHandle : HANDLE;
    IoStatusBlock : PIO_STATUS_BLOCK
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCancelIoFile, ntdll, 'NtCancelIoFile');
  Result := TFNNtCancelIoFile(_NtCancelIoFile)(
    FileHandle, IoStatusBlock
  );
end;

// Dynamic version of NtCancelTimer
function  NtCancelTimer(
    TimerHandle : HANDLE;
    PreviousState : PBOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCancelTimer, ntdll, 'NtCancelTimer');
  Result := TFNNtCancelTimer(_NtCancelTimer)(
    TimerHandle, PreviousState
  );
end;

// Dynamic version of NtCancelTimer
function  ZwCancelTimer(
    TimerHandle : HANDLE;
    PreviousState : PBOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCancelTimer, ntdll, 'NtCancelTimer');
  Result := TFNNtCancelTimer(_NtCancelTimer)(
    TimerHandle, PreviousState
  );
end;

// Dynamic version of NtClearEvent
function  NtClearEvent(
    EventHandle : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtClearEvent, ntdll, 'NtClearEvent');
  Result := TFNNtClearEvent(_NtClearEvent)(
    EventHandle
  );
end;

// Dynamic version of NtClearEvent
function  ZwClearEvent(
    EventHandle : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtClearEvent, ntdll, 'NtClearEvent');
  Result := TFNNtClearEvent(_NtClearEvent)(
    EventHandle
  );
end;

// Dynamic version of NtClose
function  NtClose(
    Handle : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtClose, ntdll, 'NtClose');
  Result := TFNNtClose(_NtClose)(
    Handle
  );
end;

// Dynamic version of NtClose
function  ZwClose(
    Handle : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtClose, ntdll, 'NtClose');
  Result := TFNNtClose(_NtClose)(
    Handle
  );
end;

// Dynamic version of NtCloseObjectAuditAlarm
function  NtCloseObjectAuditAlarm(
    SubsystemName : PUNICODE_STRING;
    HandleId : PVOID;
    GenerateOnClose : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCloseObjectAuditAlarm, ntdll, 'NtCloseObjectAuditAlarm');
  Result := TFNNtCloseObjectAuditAlarm(_NtCloseObjectAuditAlarm)(
    SubsystemName, HandleId, GenerateOnClose
  );
end;

// Dynamic version of NtCloseObjectAuditAlarm
function  ZwCloseObjectAuditAlarm(
    SubsystemName : PUNICODE_STRING;
    HandleId : PVOID;
    GenerateOnClose : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCloseObjectAuditAlarm, ntdll, 'NtCloseObjectAuditAlarm');
  Result := TFNNtCloseObjectAuditAlarm(_NtCloseObjectAuditAlarm)(
    SubsystemName, HandleId, GenerateOnClose
  );
end;

// Dynamic version of NtCompleteConnectPort
function  NtCompleteConnectPort(
    PortHandle : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCompleteConnectPort, ntdll, 'NtCompleteConnectPort');
  Result := TFNNtCompleteConnectPort(_NtCompleteConnectPort)(
    PortHandle
  );
end;

// Dynamic version of NtCompleteConnectPort
function  ZwCompleteConnectPort(
    PortHandle : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCompleteConnectPort, ntdll, 'NtCompleteConnectPort');
  Result := TFNNtCompleteConnectPort(_NtCompleteConnectPort)(
    PortHandle
  );
end;

// Dynamic version of NtConnectPort
function  NtConnectPort(
    PortHandle : PHANDLE;
    PortName : PUNICODE_STRING;
    SecurityQos : PSECURITY_QUALITY_OF_SERVICE;
    WriteSection : PPORT_SECTION_WRITE;
    ReadSection : PPORT_SECTION_READ;
    MaxMessageSize : PULONG;
    ConnectData : PVOID;
    ConnectDataLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtConnectPort, ntdll, 'NtConnectPort');
  Result := TFNNtConnectPort(_NtConnectPort)(
    PortHandle, PortName, SecurityQos, WriteSection, ReadSection, MaxMessageSize, ConnectData, ConnectDataLength
  );
end;

// Dynamic version of NtConnectPort
function  ZwConnectPort(
    PortHandle : PHANDLE;
    PortName : PUNICODE_STRING;
    SecurityQos : PSECURITY_QUALITY_OF_SERVICE;
    WriteSection : PPORT_SECTION_WRITE;
    ReadSection : PPORT_SECTION_READ;
    MaxMessageSize : PULONG;
    ConnectData : PVOID;
    ConnectDataLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtConnectPort, ntdll, 'NtConnectPort');
  Result := TFNNtConnectPort(_NtConnectPort)(
    PortHandle, PortName, SecurityQos, WriteSection, ReadSection, MaxMessageSize, ConnectData, ConnectDataLength
  );
end;

// Dynamic version of NtContinue
function  NtContinue(
    Context : PCONTEXT;
    TestAlert : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtContinue, ntdll, 'NtContinue');
  Result := TFNNtContinue(_NtContinue)(
    Context, TestAlert
  );
end;

// Dynamic version of NtContinue
function  ZwContinue(
    Context : PCONTEXT;
    TestAlert : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtContinue, ntdll, 'NtContinue');
  Result := TFNNtContinue(_NtContinue)(
    Context, TestAlert
  );
end;

// Dynamic version of NtCreateChannel
function  NtCreateChannel(
    ChannelHandle : PHANDLE;
    ObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCreateChannel, ntdll, 'NtCreateChannel');
  Result := TFNNtCreateChannel(_NtCreateChannel)(
    ChannelHandle, ObjectAttributes
  );
end;

// Dynamic version of NtCreateChannel
function  ZwCreateChannel(
    ChannelHandle : PHANDLE;
    ObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCreateChannel, ntdll, 'NtCreateChannel');
  Result := TFNNtCreateChannel(_NtCreateChannel)(
    ChannelHandle, ObjectAttributes
  );
end;

// Dynamic version of NtCreateDirectoryObject
function  NtCreateDirectoryObject(
    DirectoryHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCreateDirectoryObject, ntdll, 'NtCreateDirectoryObject');
  Result := TFNNtCreateDirectoryObject(_NtCreateDirectoryObject)(
    DirectoryHandle, DesiredAccess, ObjectAttributes
  );
end;

// Dynamic version of NtCreateDirectoryObject
function  ZwCreateDirectoryObject(
    DirectoryHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCreateDirectoryObject, ntdll, 'NtCreateDirectoryObject');
  Result := TFNNtCreateDirectoryObject(_NtCreateDirectoryObject)(
    DirectoryHandle, DesiredAccess, ObjectAttributes
  );
end;

// Dynamic version of NtCreateEvent
function  NtCreateEvent(
    EventHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    EventType : EVENT_TYPE;
    InitialState : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCreateEvent, ntdll, 'NtCreateEvent');
  Result := TFNNtCreateEvent(_NtCreateEvent)(
    EventHandle, DesiredAccess, ObjectAttributes, EventType, InitialState
  );
end;

// Dynamic version of NtCreateEvent
function  ZwCreateEvent(
    EventHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    EventType : EVENT_TYPE;
    InitialState : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCreateEvent, ntdll, 'NtCreateEvent');
  Result := TFNNtCreateEvent(_NtCreateEvent)(
    EventHandle, DesiredAccess, ObjectAttributes, EventType, InitialState
  );
end;

// Dynamic version of NtCreateEventPair
function  NtCreateEventPair(
    EventPairHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCreateEventPair, ntdll, 'NtCreateEventPair');
  Result := TFNNtCreateEventPair(_NtCreateEventPair)(
    EventPairHandle, DesiredAccess, ObjectAttributes
  );
end;

// Dynamic version of NtCreateEventPair
function  ZwCreateEventPair(
    EventPairHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCreateEventPair, ntdll, 'NtCreateEventPair');
  Result := TFNNtCreateEventPair(_NtCreateEventPair)(
    EventPairHandle, DesiredAccess, ObjectAttributes
  );
end;

// Dynamic version of NtCreateFile
function  NtCreateFile(
    FileHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    IoStatusBlock : PIO_STATUS_BLOCK;
    AllocationSize : PLARGE_INTEGER;
    FileAttributes : ULONG;
    ShareAccess : ULONG;
    CreateDisposition : ULONG;
    CreateOptions : ULONG;
    EaBuffer : PVOID;
    EaLength : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCreateFile, ntdll, 'NtCreateFile');
  Result := TFNNtCreateFile(_NtCreateFile)(
    FileHandle, DesiredAccess, ObjectAttributes, IoStatusBlock, AllocationSize, FileAttributes, ShareAccess, CreateDisposition, CreateOptions, EaBuffer, EaLength
  );
end;

// Dynamic version of NtCreateFile
function  ZwCreateFile(
    FileHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    IoStatusBlock : PIO_STATUS_BLOCK;
    AllocationSize : PLARGE_INTEGER;
    FileAttributes : ULONG;
    ShareAccess : ULONG;
    CreateDisposition : ULONG;
    CreateOptions : ULONG;
    EaBuffer : PVOID;
    EaLength : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCreateFile, ntdll, 'NtCreateFile');
  Result := TFNNtCreateFile(_NtCreateFile)(
    FileHandle, DesiredAccess, ObjectAttributes, IoStatusBlock, AllocationSize, FileAttributes, ShareAccess, CreateDisposition, CreateOptions, EaBuffer, EaLength
  );
end;

// Dynamic version of NtCreateIoCompletion
function  NtCreateIoCompletion(
    IoCompletionHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    NumberOfConcurrentThreads : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCreateIoCompletion, ntdll, 'NtCreateIoCompletion');
  Result := TFNNtCreateIoCompletion(_NtCreateIoCompletion)(
    IoCompletionHandle, DesiredAccess, ObjectAttributes, NumberOfConcurrentThreads
  );
end;

// Dynamic version of NtCreateIoCompletion
function  ZwCreateIoCompletion(
    IoCompletionHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    NumberOfConcurrentThreads : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCreateIoCompletion, ntdll, 'NtCreateIoCompletion');
  Result := TFNNtCreateIoCompletion(_NtCreateIoCompletion)(
    IoCompletionHandle, DesiredAccess, ObjectAttributes, NumberOfConcurrentThreads
  );
end;

// Dynamic version of NtCreateJobObject
function  NtCreateJobObject(
    JobHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCreateJobObject, ntdll, 'NtCreateJobObject');
  Result := TFNNtCreateJobObject(_NtCreateJobObject)(
    JobHandle, DesiredAccess, ObjectAttributes
  );
end;

// Dynamic version of NtCreateJobObject
function  ZwCreateJobObject(
    JobHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCreateJobObject, ntdll, 'NtCreateJobObject');
  Result := TFNNtCreateJobObject(_NtCreateJobObject)(
    JobHandle, DesiredAccess, ObjectAttributes
  );
end;

// Dynamic version of NtCreateKey
function  NtCreateKey(
    KeyHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    TitleIndex : ULONG;
    Class_ : PUNICODE_STRING;
    CreateOptions : ULONG;
    Disposition : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCreateKey, ntdll, 'NtCreateKey');
  Result := TFNNtCreateKey(_NtCreateKey)(
    KeyHandle, DesiredAccess, ObjectAttributes, TitleIndex, Class_, CreateOptions, Disposition
  );
end;

// Dynamic version of NtCreateKey
function  ZwCreateKey(
    KeyHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    TitleIndex : ULONG;
    Class_ : PUNICODE_STRING;
    CreateOptions : ULONG;
    Disposition : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCreateKey, ntdll, 'NtCreateKey');
  Result := TFNNtCreateKey(_NtCreateKey)(
    KeyHandle, DesiredAccess, ObjectAttributes, TitleIndex, Class_, CreateOptions, Disposition
  );
end;

// Dynamic version of NtCreateMailslotFile
function  NtCreateMailslotFile(
    FileHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    IoStatusBlock : PIO_STATUS_BLOCK;
    CreateOptions : ULONG;
    Unknown : ULONG;
    MaxMessageSize : ULONG;
    ReadTimeout : PLARGE_INTEGER
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCreateMailslotFile, ntdll, 'NtCreateMailslotFile');
  Result := TFNNtCreateMailslotFile(_NtCreateMailslotFile)(
    FileHandle, DesiredAccess, ObjectAttributes, IoStatusBlock, CreateOptions, Unknown, MaxMessageSize, ReadTimeout
  );
end;

// Dynamic version of NtCreateMailslotFile
function  ZwCreateMailslotFile(
    FileHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    IoStatusBlock : PIO_STATUS_BLOCK;
    CreateOptions : ULONG;
    Unknown : ULONG;
    MaxMessageSize : ULONG;
    ReadTimeout : PLARGE_INTEGER
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCreateMailslotFile, ntdll, 'NtCreateMailslotFile');
  Result := TFNNtCreateMailslotFile(_NtCreateMailslotFile)(
    FileHandle, DesiredAccess, ObjectAttributes, IoStatusBlock, CreateOptions, Unknown, MaxMessageSize, ReadTimeout
  );
end;

// Dynamic version of NtCreateMutant
function  NtCreateMutant(
    MutantHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    InitialOwner : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCreateMutant, ntdll, 'NtCreateMutant');
  Result := TFNNtCreateMutant(_NtCreateMutant)(
    MutantHandle, DesiredAccess, ObjectAttributes, InitialOwner
  );
end;

// Dynamic version of NtCreateMutant
function  ZwCreateMutant(
    MutantHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    InitialOwner : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCreateMutant, ntdll, 'NtCreateMutant');
  Result := TFNNtCreateMutant(_NtCreateMutant)(
    MutantHandle, DesiredAccess, ObjectAttributes, InitialOwner
  );
end;

// Dynamic version of NtCreateNamedPipeFile
function  NtCreateNamedPipeFile(
    FileHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    IoStatusBlock : PIO_STATUS_BLOCK;
    ShareAccess : ULONG;
    CreateDisposition : ULONG;
    CreateOptions : ULONG;
    TypeMessage : BOOLEAN;
    ReadmodeMessage : BOOLEAN;
    Nonblocking : BOOLEAN;
    MaxInstances : ULONG;
    InBufferSize : ULONG;
    OutBufferSize : ULONG;
    DefaultTimeout : PLARGE_INTEGER
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCreateNamedPipeFile, ntdll, 'NtCreateNamedPipeFile');
  Result := TFNNtCreateNamedPipeFile(_NtCreateNamedPipeFile)(
    FileHandle, DesiredAccess, ObjectAttributes, IoStatusBlock, ShareAccess, CreateDisposition, CreateOptions, TypeMessage, ReadmodeMessage, Nonblocking, MaxInstances, InBufferSize, OutBufferSize, DefaultTimeout
  );
end;

// Dynamic version of NtCreateNamedPipeFile
function  ZwCreateNamedPipeFile(
    FileHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    IoStatusBlock : PIO_STATUS_BLOCK;
    ShareAccess : ULONG;
    CreateDisposition : ULONG;
    CreateOptions : ULONG;
    TypeMessage : BOOLEAN;
    ReadmodeMessage : BOOLEAN;
    Nonblocking : BOOLEAN;
    MaxInstances : ULONG;
    InBufferSize : ULONG;
    OutBufferSize : ULONG;
    DefaultTimeout : PLARGE_INTEGER
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCreateNamedPipeFile, ntdll, 'NtCreateNamedPipeFile');
  Result := TFNNtCreateNamedPipeFile(_NtCreateNamedPipeFile)(
    FileHandle, DesiredAccess, ObjectAttributes, IoStatusBlock, ShareAccess, CreateDisposition, CreateOptions, TypeMessage, ReadmodeMessage, Nonblocking, MaxInstances, InBufferSize, OutBufferSize, DefaultTimeout
  );
end;

// Dynamic version of NtCreatePagingFile
function  NtCreatePagingFile(
    FileName : PUNICODE_STRING;
    InitialSize : PULARGE_INTEGER;
    MaximumSize : PULARGE_INTEGER;
    Reserved : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCreatePagingFile, ntdll, 'NtCreatePagingFile');
  Result := TFNNtCreatePagingFile(_NtCreatePagingFile)(
    FileName, InitialSize, MaximumSize, Reserved
  );
end;

// Dynamic version of NtCreatePagingFile
function  ZwCreatePagingFile(
    FileName : PUNICODE_STRING;
    InitialSize : PULARGE_INTEGER;
    MaximumSize : PULARGE_INTEGER;
    Reserved : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCreatePagingFile, ntdll, 'NtCreatePagingFile');
  Result := TFNNtCreatePagingFile(_NtCreatePagingFile)(
    FileName, InitialSize, MaximumSize, Reserved
  );
end;

// Dynamic version of NtCreatePort
function  NtCreatePort(
    PortHandle : PHANDLE;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    MaxDataSize : ULONG;
    MaxMessageSize : ULONG;
    Reserved : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCreatePort, ntdll, 'NtCreatePort');
  Result := TFNNtCreatePort(_NtCreatePort)(
    PortHandle, ObjectAttributes, MaxDataSize, MaxMessageSize, Reserved
  );
end;

// Dynamic version of NtCreatePort
function  ZwCreatePort(
    PortHandle : PHANDLE;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    MaxDataSize : ULONG;
    MaxMessageSize : ULONG;
    Reserved : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCreatePort, ntdll, 'NtCreatePort');
  Result := TFNNtCreatePort(_NtCreatePort)(
    PortHandle, ObjectAttributes, MaxDataSize, MaxMessageSize, Reserved
  );
end;

// Dynamic version of NtCreateProcess
function  NtCreateProcess(
    ProcessHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    InheritFromProcessHandle : HANDLE;
    InheritHandles : BOOLEAN;
    SectionHandle : HANDLE;
    DebugPort : HANDLE;
    ExceptionPort : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCreateProcess, ntdll, 'NtCreateProcess');
  Result := TFNNtCreateProcess(_NtCreateProcess)(
    ProcessHandle, DesiredAccess, ObjectAttributes, InheritFromProcessHandle, InheritHandles, SectionHandle, DebugPort, ExceptionPort
  );
end;

// Dynamic version of NtCreateProcess
function  ZwCreateProcess(
    ProcessHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    InheritFromProcessHandle : HANDLE;
    InheritHandles : BOOLEAN;
    SectionHandle : HANDLE;
    DebugPort : HANDLE;
    ExceptionPort : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCreateProcess, ntdll, 'NtCreateProcess');
  Result := TFNNtCreateProcess(_NtCreateProcess)(
    ProcessHandle, DesiredAccess, ObjectAttributes, InheritFromProcessHandle, InheritHandles, SectionHandle, DebugPort, ExceptionPort
  );
end;

// Dynamic version of NtCreateProfile
function  NtCreateProfile(
    ProfileHandle : PHANDLE;
    ProcessHandle : HANDLE;
    Base : PVOID;
    Size : ULONG;
    BucketShift : ULONG;
    Buffer : PULONG;
    BufferLength : ULONG;
    Source : KPROFILE_SOURCE;
    ProcessorMask : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCreateProfile, ntdll, 'NtCreateProfile');
  Result := TFNNtCreateProfile(_NtCreateProfile)(
    ProfileHandle, ProcessHandle, Base, Size, BucketShift, Buffer, BufferLength, Source, ProcessorMask
  );
end;

// Dynamic version of NtCreateProfile
function  ZwCreateProfile(
    ProfileHandle : PHANDLE;
    ProcessHandle : HANDLE;
    Base : PVOID;
    Size : ULONG;
    BucketShift : ULONG;
    Buffer : PULONG;
    BufferLength : ULONG;
    Source : KPROFILE_SOURCE;
    ProcessorMask : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCreateProfile, ntdll, 'NtCreateProfile');
  Result := TFNNtCreateProfile(_NtCreateProfile)(
    ProfileHandle, ProcessHandle, Base, Size, BucketShift, Buffer, BufferLength, Source, ProcessorMask
  );
end;

// Dynamic version of NtCreateSection
function  NtCreateSection(
    SectionHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    SectionSize : PLARGE_INTEGER;
    Protect : ULONG;
    Attributes : ULONG;
    FileHandle : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCreateSection, ntdll, 'NtCreateSection');
  Result := TFNNtCreateSection(_NtCreateSection)(
    SectionHandle, DesiredAccess, ObjectAttributes, SectionSize, Protect, Attributes, FileHandle
  );
end;

// Dynamic version of NtCreateSection
function  ZwCreateSection(
    SectionHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    SectionSize : PLARGE_INTEGER;
    Protect : ULONG;
    Attributes : ULONG;
    FileHandle : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCreateSection, ntdll, 'NtCreateSection');
  Result := TFNNtCreateSection(_NtCreateSection)(
    SectionHandle, DesiredAccess, ObjectAttributes, SectionSize, Protect, Attributes, FileHandle
  );
end;

// Dynamic version of NtCreateSemaphore
function  NtCreateSemaphore(
    SemaphoreHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    InitialCount : LONG;
    MaximumCount : LONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCreateSemaphore, ntdll, 'NtCreateSemaphore');
  Result := TFNNtCreateSemaphore(_NtCreateSemaphore)(
    SemaphoreHandle, DesiredAccess, ObjectAttributes, InitialCount, MaximumCount
  );
end;

// Dynamic version of NtCreateSemaphore
function  ZwCreateSemaphore(
    SemaphoreHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    InitialCount : LONG;
    MaximumCount : LONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCreateSemaphore, ntdll, 'NtCreateSemaphore');
  Result := TFNNtCreateSemaphore(_NtCreateSemaphore)(
    SemaphoreHandle, DesiredAccess, ObjectAttributes, InitialCount, MaximumCount
  );
end;

// Dynamic version of NtCreateSymbolicLinkObject
function  NtCreateSymbolicLinkObject(
    SymbolicLinkHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    TargetName : PUNICODE_STRING
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCreateSymbolicLinkObject, ntdll, 'NtCreateSymbolicLinkObject');
  Result := TFNNtCreateSymbolicLinkObject(_NtCreateSymbolicLinkObject)(
    SymbolicLinkHandle, DesiredAccess, ObjectAttributes, TargetName
  );
end;

// Dynamic version of NtCreateSymbolicLinkObject
function  ZwCreateSymbolicLinkObject(
    SymbolicLinkHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    TargetName : PUNICODE_STRING
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCreateSymbolicLinkObject, ntdll, 'NtCreateSymbolicLinkObject');
  Result := TFNNtCreateSymbolicLinkObject(_NtCreateSymbolicLinkObject)(
    SymbolicLinkHandle, DesiredAccess, ObjectAttributes, TargetName
  );
end;

// Dynamic version of NtCreateThread
function  NtCreateThread(
    ThreadHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    ProcessHandle : HANDLE;
    ClientId : PCLIENT_ID;
    ThreadContext : PCONTEXT;
    UserStack : PUSER_STACK;
    CreateSuspended : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCreateThread, ntdll, 'NtCreateThread');
  Result := TFNNtCreateThread(_NtCreateThread)(
    ThreadHandle, DesiredAccess, ObjectAttributes, ProcessHandle, ClientId, ThreadContext, UserStack, CreateSuspended
  );
end;

// Dynamic version of NtCreateThread
function  ZwCreateThread(
    ThreadHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    ProcessHandle : HANDLE;
    ClientId : PCLIENT_ID;
    ThreadContext : PCONTEXT;
    UserStack : PUSER_STACK;
    CreateSuspended : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCreateThread, ntdll, 'NtCreateThread');
  Result := TFNNtCreateThread(_NtCreateThread)(
    ThreadHandle, DesiredAccess, ObjectAttributes, ProcessHandle, ClientId, ThreadContext, UserStack, CreateSuspended
  );
end;

// Dynamic version of NtCreateTimer
function  NtCreateTimer(
    TimerHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    TimerType : TIMER_TYPE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCreateTimer, ntdll, 'NtCreateTimer');
  Result := TFNNtCreateTimer(_NtCreateTimer)(
    TimerHandle, DesiredAccess, ObjectAttributes, TimerType
  );
end;

// Dynamic version of NtCreateTimer
function  ZwCreateTimer(
    TimerHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    TimerType : TIMER_TYPE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCreateTimer, ntdll, 'NtCreateTimer');
  Result := TFNNtCreateTimer(_NtCreateTimer)(
    TimerHandle, DesiredAccess, ObjectAttributes, TimerType
  );
end;

// Dynamic version of NtCreateToken
function  NtCreateToken(
    TokenHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    Type_ : TOKEN_TYPE;
    AuthenticationId : PLUID;
    ExpirationTime : PLARGE_INTEGER;
    User : PTOKEN_USER;
    Groups : PTOKEN_GROUPS;
    Privileges : PTOKEN_PRIVILEGES;
    Owner : PTOKEN_OWNER;
    PrimaryGroup : PTOKEN_PRIMARY_GROUP;
    DefaultDacl : PTOKEN_DEFAULT_DACL;
    Source : PTOKEN_SOURCE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCreateToken, ntdll, 'NtCreateToken');
  Result := TFNNtCreateToken(_NtCreateToken)(
    TokenHandle, DesiredAccess, ObjectAttributes, Type_, AuthenticationId, ExpirationTime, User, Groups, Privileges, Owner, PrimaryGroup, DefaultDacl, Source
  );
end;

// Dynamic version of NtCreateToken
function  ZwCreateToken(
    TokenHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    Type_ : TOKEN_TYPE;
    AuthenticationId : PLUID;
    ExpirationTime : PLARGE_INTEGER;
    User : PTOKEN_USER;
    Groups : PTOKEN_GROUPS;
    Privileges : PTOKEN_PRIVILEGES;
    Owner : PTOKEN_OWNER;
    PrimaryGroup : PTOKEN_PRIMARY_GROUP;
    DefaultDacl : PTOKEN_DEFAULT_DACL;
    Source : PTOKEN_SOURCE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCreateToken, ntdll, 'NtCreateToken');
  Result := TFNNtCreateToken(_NtCreateToken)(
    TokenHandle, DesiredAccess, ObjectAttributes, Type_, AuthenticationId, ExpirationTime, User, Groups, Privileges, Owner, PrimaryGroup, DefaultDacl, Source
  );
end;

// Dynamic version of NtCreateWaitablePort
function  NtCreateWaitablePort(
    PortHandle : PHANDLE;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    MaxDataSize : ULONG;
    MaxMessageSize : ULONG;
    Reserved : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCreateWaitablePort, ntdll, 'NtCreateWaitablePort');
  Result := TFNNtCreateWaitablePort(_NtCreateWaitablePort)(
    PortHandle, ObjectAttributes, MaxDataSize, MaxMessageSize, Reserved
  );
end;

// Dynamic version of NtCreateWaitablePort
function  ZwCreateWaitablePort(
    PortHandle : PHANDLE;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    MaxDataSize : ULONG;
    MaxMessageSize : ULONG;
    Reserved : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtCreateWaitablePort, ntdll, 'NtCreateWaitablePort');
  Result := TFNNtCreateWaitablePort(_NtCreateWaitablePort)(
    PortHandle, ObjectAttributes, MaxDataSize, MaxMessageSize, Reserved
  );
end;

// Dynamic version of NtCurrentTeb
function  NtCurrentTeb(): PTEB; stdcall;
begin
  GetProcedureAddress(_NtCurrentTeb, ntdll, 'NtCurrentTeb');
  Result := TFNNtCurrentTeb(_NtCurrentTeb)();
end;

// Dynamic version of NtCurrentTeb
function  ZwCurrentTeb(): PTEB; stdcall;
begin
  GetProcedureAddress(_NtCurrentTeb, ntdll, 'NtCurrentTeb');
  Result := TFNNtCurrentTeb(_NtCurrentTeb)();
end;

// Dynamic version of NtDebugActiveProcess
function  NtDebugActiveProcess(
    hProcess : HANDLE;
    hDebugObject : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtDebugActiveProcess, ntdll, 'NtDebugActiveProcess');
  Result := TFNNtDebugActiveProcess(_NtDebugActiveProcess)(
    hProcess, hDebugObject
  );
end;

// Dynamic version of NtDebugActiveProcess
function  ZwDebugActiveProcess(
    hProcess : HANDLE;
    hDebugObject : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtDebugActiveProcess, ntdll, 'NtDebugActiveProcess');
  Result := TFNNtDebugActiveProcess(_NtDebugActiveProcess)(
    hProcess, hDebugObject
  );
end;

// Dynamic version of NtDelayExecution
function  NtDelayExecution(
    Alertable : BOOLEAN;
    Interval : PLARGE_INTEGER
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtDelayExecution, ntdll, 'NtDelayExecution');
  Result := TFNNtDelayExecution(_NtDelayExecution)(
    Alertable, Interval
  );
end;

// Dynamic version of NtDelayExecution
function  ZwDelayExecution(
    Alertable : BOOLEAN;
    Interval : PLARGE_INTEGER
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtDelayExecution, ntdll, 'NtDelayExecution');
  Result := TFNNtDelayExecution(_NtDelayExecution)(
    Alertable, Interval
  );
end;

// Dynamic version of NtDeleteAtom
function  NtDeleteAtom(
    Atom : USHORT
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtDeleteAtom, ntdll, 'NtDeleteAtom');
  Result := TFNNtDeleteAtom(_NtDeleteAtom)(
    Atom
  );
end;

// Dynamic version of NtDeleteAtom
function  ZwDeleteAtom(
    Atom : USHORT
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtDeleteAtom, ntdll, 'NtDeleteAtom');
  Result := TFNNtDeleteAtom(_NtDeleteAtom)(
    Atom
  );
end;

// Dynamic version of NtDeleteFile
function  NtDeleteFile(
    ObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtDeleteFile, ntdll, 'NtDeleteFile');
  Result := TFNNtDeleteFile(_NtDeleteFile)(
    ObjectAttributes
  );
end;

// Dynamic version of NtDeleteFile
function  ZwDeleteFile(
    ObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtDeleteFile, ntdll, 'NtDeleteFile');
  Result := TFNNtDeleteFile(_NtDeleteFile)(
    ObjectAttributes
  );
end;

// Dynamic version of NtDeleteKey
function  NtDeleteKey(
    KeyHandle : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtDeleteKey, ntdll, 'NtDeleteKey');
  Result := TFNNtDeleteKey(_NtDeleteKey)(
    KeyHandle
  );
end;

// Dynamic version of NtDeleteKey
function  ZwDeleteKey(
    KeyHandle : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtDeleteKey, ntdll, 'NtDeleteKey');
  Result := TFNNtDeleteKey(_NtDeleteKey)(
    KeyHandle
  );
end;

// Dynamic version of NtDeleteObjectAuditAlarm
function  NtDeleteObjectAuditAlarm(
    SubsystemName : PUNICODE_STRING;
    HandleId : PVOID;
    GenerateOnClose : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtDeleteObjectAuditAlarm, ntdll, 'NtDeleteObjectAuditAlarm');
  Result := TFNNtDeleteObjectAuditAlarm(_NtDeleteObjectAuditAlarm)(
    SubsystemName, HandleId, GenerateOnClose
  );
end;

// Dynamic version of NtDeleteObjectAuditAlarm
function  ZwDeleteObjectAuditAlarm(
    SubsystemName : PUNICODE_STRING;
    HandleId : PVOID;
    GenerateOnClose : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtDeleteObjectAuditAlarm, ntdll, 'NtDeleteObjectAuditAlarm');
  Result := TFNNtDeleteObjectAuditAlarm(_NtDeleteObjectAuditAlarm)(
    SubsystemName, HandleId, GenerateOnClose
  );
end;

// Dynamic version of NtDeleteValueKey
function  NtDeleteValueKey(
    KeyHandle : HANDLE;
    ValueName : PUNICODE_STRING
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtDeleteValueKey, ntdll, 'NtDeleteValueKey');
  Result := TFNNtDeleteValueKey(_NtDeleteValueKey)(
    KeyHandle, ValueName
  );
end;

// Dynamic version of NtDeleteValueKey
function  ZwDeleteValueKey(
    KeyHandle : HANDLE;
    ValueName : PUNICODE_STRING
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtDeleteValueKey, ntdll, 'NtDeleteValueKey');
  Result := TFNNtDeleteValueKey(_NtDeleteValueKey)(
    KeyHandle, ValueName
  );
end;

// Dynamic version of NtDeviceIoControlFile
function  NtDeviceIoControlFile(
    FileHandle : HANDLE;
    Event : HANDLE;
    ApcRoutine : PIO_APC_ROUTINE;
    ApcContext : PVOID;
    IoStatusBlock : PIO_STATUS_BLOCK;
    IoControlCode : ULONG;
    InputBuffer : PVOID;
    InputBufferLength : ULONG;
    OutputBuffer : PVOID;
    OutputBufferLength : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtDeviceIoControlFile, ntdll, 'NtDeviceIoControlFile');
  Result := TFNNtDeviceIoControlFile(_NtDeviceIoControlFile)(
    FileHandle, Event, ApcRoutine, ApcContext, IoStatusBlock, IoControlCode, InputBuffer, InputBufferLength, OutputBuffer, OutputBufferLength
  );
end;

// Dynamic version of NtDeviceIoControlFile
function  ZwDeviceIoControlFile(
    FileHandle : HANDLE;
    Event : HANDLE;
    ApcRoutine : PIO_APC_ROUTINE;
    ApcContext : PVOID;
    IoStatusBlock : PIO_STATUS_BLOCK;
    IoControlCode : ULONG;
    InputBuffer : PVOID;
    InputBufferLength : ULONG;
    OutputBuffer : PVOID;
    OutputBufferLength : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtDeviceIoControlFile, ntdll, 'NtDeviceIoControlFile');
  Result := TFNNtDeviceIoControlFile(_NtDeviceIoControlFile)(
    FileHandle, Event, ApcRoutine, ApcContext, IoStatusBlock, IoControlCode, InputBuffer, InputBufferLength, OutputBuffer, OutputBufferLength
  );
end;

// Dynamic version of NtDisplayString
function  NtDisplayString(
    Str : PUNICODE_STRING
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtDisplayString, ntdll, 'NtDisplayString');
  Result := TFNNtDisplayString(_NtDisplayString)(
    Str
  );
end;

// Dynamic version of NtDisplayString
function  ZwDisplayString(
    Str : PUNICODE_STRING
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtDisplayString, ntdll, 'NtDisplayString');
  Result := TFNNtDisplayString(_NtDisplayString)(
    Str
  );
end;

// Dynamic version of NtDuplicateObject
function  NtDuplicateObject(
    SourceProcessHandle : HANDLE;
    SourceHandle : HANDLE;
    TargetProcessHandle : HANDLE;
    TargetHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    Attributes : ULONG;
    Options : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtDuplicateObject, ntdll, 'NtDuplicateObject');
  Result := TFNNtDuplicateObject(_NtDuplicateObject)(
    SourceProcessHandle, SourceHandle, TargetProcessHandle, TargetHandle, DesiredAccess, Attributes, Options
  );
end;

// Dynamic version of NtDuplicateObject
function  ZwDuplicateObject(
    SourceProcessHandle : HANDLE;
    SourceHandle : HANDLE;
    TargetProcessHandle : HANDLE;
    TargetHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    Attributes : ULONG;
    Options : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtDuplicateObject, ntdll, 'NtDuplicateObject');
  Result := TFNNtDuplicateObject(_NtDuplicateObject)(
    SourceProcessHandle, SourceHandle, TargetProcessHandle, TargetHandle, DesiredAccess, Attributes, Options
  );
end;

// Dynamic version of NtDuplicateToken
function  NtDuplicateToken(
    ExistingTokenHandle : HANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    EffectiveOnly : BOOLEAN;
    TokenType : TOKEN_TYPE;
    NewTokenHandle : PHANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtDuplicateToken, ntdll, 'NtDuplicateToken');
  Result := TFNNtDuplicateToken(_NtDuplicateToken)(
    ExistingTokenHandle, DesiredAccess, ObjectAttributes, EffectiveOnly, TokenType, NewTokenHandle
  );
end;

// Dynamic version of NtDuplicateToken
function  ZwDuplicateToken(
    ExistingTokenHandle : HANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    EffectiveOnly : BOOLEAN;
    TokenType : TOKEN_TYPE;
    NewTokenHandle : PHANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtDuplicateToken, ntdll, 'NtDuplicateToken');
  Result := TFNNtDuplicateToken(_NtDuplicateToken)(
    ExistingTokenHandle, DesiredAccess, ObjectAttributes, EffectiveOnly, TokenType, NewTokenHandle
  );
end;

// Dynamic version of NtEnumerateKey
function  NtEnumerateKey(
    KeyHandle : HANDLE;
    Index : ULONG;
    KeyInformationClass : KEY_INFORMATION_CLASS;
    KeyInformation : PVOID;
    KeyInformationLength : ULONG;
    ResultLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtEnumerateKey, ntdll, 'NtEnumerateKey');
  Result := TFNNtEnumerateKey(_NtEnumerateKey)(
    KeyHandle, Index, KeyInformationClass, KeyInformation, KeyInformationLength, ResultLength
  );
end;

// Dynamic version of NtEnumerateKey
function  ZwEnumerateKey(
    KeyHandle : HANDLE;
    Index : ULONG;
    KeyInformationClass : KEY_INFORMATION_CLASS;
    KeyInformation : PVOID;
    KeyInformationLength : ULONG;
    ResultLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtEnumerateKey, ntdll, 'NtEnumerateKey');
  Result := TFNNtEnumerateKey(_NtEnumerateKey)(
    KeyHandle, Index, KeyInformationClass, KeyInformation, KeyInformationLength, ResultLength
  );
end;

// Dynamic version of NtEnumerateValueKey
function  NtEnumerateValueKey(
    KeyHandle : HANDLE;
    Index : ULONG;
    KeyValueInformationClass : KEY_VALUE_INFORMATION_CLASS;
    KeyValueInformation : PVOID;
    KeyValueInformationLength : ULONG;
    ResultLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtEnumerateValueKey, ntdll, 'NtEnumerateValueKey');
  Result := TFNNtEnumerateValueKey(_NtEnumerateValueKey)(
    KeyHandle, Index, KeyValueInformationClass, KeyValueInformation, KeyValueInformationLength, ResultLength
  );
end;

// Dynamic version of NtEnumerateValueKey
function  ZwEnumerateValueKey(
    KeyHandle : HANDLE;
    Index : ULONG;
    KeyValueInformationClass : KEY_VALUE_INFORMATION_CLASS;
    KeyValueInformation : PVOID;
    KeyValueInformationLength : ULONG;
    ResultLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtEnumerateValueKey, ntdll, 'NtEnumerateValueKey');
  Result := TFNNtEnumerateValueKey(_NtEnumerateValueKey)(
    KeyHandle, Index, KeyValueInformationClass, KeyValueInformation, KeyValueInformationLength, ResultLength
  );
end;

// Dynamic version of NtExtendSection
function  NtExtendSection(
    SectionHandle : HANDLE;
    SectionSize : PLARGE_INTEGER
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtExtendSection, ntdll, 'NtExtendSection');
  Result := TFNNtExtendSection(_NtExtendSection)(
    SectionHandle, SectionSize
  );
end;

// Dynamic version of NtExtendSection
function  ZwExtendSection(
    SectionHandle : HANDLE;
    SectionSize : PLARGE_INTEGER
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtExtendSection, ntdll, 'NtExtendSection');
  Result := TFNNtExtendSection(_NtExtendSection)(
    SectionHandle, SectionSize
  );
end;

// Dynamic version of NtFilterToken
function  NtFilterToken(
    ExistingTokenHandle : HANDLE;
    Flags : ULONG;
    SidsToDisable : PTOKEN_GROUPS;
    PrivilegesToDelete : PTOKEN_PRIVILEGES;
    SidsToRestricted : PTOKEN_GROUPS;
    NewTokenHandle : PHANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtFilterToken, ntdll, 'NtFilterToken');
  Result := TFNNtFilterToken(_NtFilterToken)(
    ExistingTokenHandle, Flags, SidsToDisable, PrivilegesToDelete, SidsToRestricted, NewTokenHandle
  );
end;

// Dynamic version of NtFilterToken
function  ZwFilterToken(
    ExistingTokenHandle : HANDLE;
    Flags : ULONG;
    SidsToDisable : PTOKEN_GROUPS;
    PrivilegesToDelete : PTOKEN_PRIVILEGES;
    SidsToRestricted : PTOKEN_GROUPS;
    NewTokenHandle : PHANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtFilterToken, ntdll, 'NtFilterToken');
  Result := TFNNtFilterToken(_NtFilterToken)(
    ExistingTokenHandle, Flags, SidsToDisable, PrivilegesToDelete, SidsToRestricted, NewTokenHandle
  );
end;

// Dynamic version of NtFindAtom
function  NtFindAtom(
    Str : PWSTR;
    StringLength : ULONG;
    Atom : PUSHORT
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtFindAtom, ntdll, 'NtFindAtom');
  Result := TFNNtFindAtom(_NtFindAtom)(
    Str, StringLength, Atom
  );
end;

// Dynamic version of NtFindAtom
function  ZwFindAtom(
    Str : PWSTR;
    StringLength : ULONG;
    Atom : PUSHORT
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtFindAtom, ntdll, 'NtFindAtom');
  Result := TFNNtFindAtom(_NtFindAtom)(
    Str, StringLength, Atom
  );
end;

// Dynamic version of NtFlushBuffersFile
function  NtFlushBuffersFile(
    FileHandle : HANDLE;
    IoStatusBlock : PIO_STATUS_BLOCK
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtFlushBuffersFile, ntdll, 'NtFlushBuffersFile');
  Result := TFNNtFlushBuffersFile(_NtFlushBuffersFile)(
    FileHandle, IoStatusBlock
  );
end;

// Dynamic version of NtFlushBuffersFile
function  ZwFlushBuffersFile(
    FileHandle : HANDLE;
    IoStatusBlock : PIO_STATUS_BLOCK
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtFlushBuffersFile, ntdll, 'NtFlushBuffersFile');
  Result := TFNNtFlushBuffersFile(_NtFlushBuffersFile)(
    FileHandle, IoStatusBlock
  );
end;

// Dynamic version of NtFlushInstructionCache
function  NtFlushInstructionCache(
    ProcessHandle : HANDLE;
    BaseAddress : PVOID;
    FlushSize : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtFlushInstructionCache, ntdll, 'NtFlushInstructionCache');
  Result := TFNNtFlushInstructionCache(_NtFlushInstructionCache)(
    ProcessHandle, BaseAddress, FlushSize
  );
end;

// Dynamic version of NtFlushInstructionCache
function  ZwFlushInstructionCache(
    ProcessHandle : HANDLE;
    BaseAddress : PVOID;
    FlushSize : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtFlushInstructionCache, ntdll, 'NtFlushInstructionCache');
  Result := TFNNtFlushInstructionCache(_NtFlushInstructionCache)(
    ProcessHandle, BaseAddress, FlushSize
  );
end;

// Dynamic version of NtFlushKey
function  NtFlushKey(
    KeyHandle : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtFlushKey, ntdll, 'NtFlushKey');
  Result := TFNNtFlushKey(_NtFlushKey)(
    KeyHandle
  );
end;

// Dynamic version of NtFlushKey
function  ZwFlushKey(
    KeyHandle : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtFlushKey, ntdll, 'NtFlushKey');
  Result := TFNNtFlushKey(_NtFlushKey)(
    KeyHandle
  );
end;

// Dynamic version of NtFlushVirtualMemory
function  NtFlushVirtualMemory(
    ProcessHandle : HANDLE;
    BaseAddress : PPVOID;
    FlushSize : PULONG;
    IoStatusBlock : PIO_STATUS_BLOCK
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtFlushVirtualMemory, ntdll, 'NtFlushVirtualMemory');
  Result := TFNNtFlushVirtualMemory(_NtFlushVirtualMemory)(
    ProcessHandle, BaseAddress, FlushSize, IoStatusBlock
  );
end;

// Dynamic version of NtFlushVirtualMemory
function  ZwFlushVirtualMemory(
    ProcessHandle : HANDLE;
    BaseAddress : PPVOID;
    FlushSize : PULONG;
    IoStatusBlock : PIO_STATUS_BLOCK
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtFlushVirtualMemory, ntdll, 'NtFlushVirtualMemory');
  Result := TFNNtFlushVirtualMemory(_NtFlushVirtualMemory)(
    ProcessHandle, BaseAddress, FlushSize, IoStatusBlock
  );
end;

// Dynamic version of NtFlushWriteBuffer
function  NtFlushWriteBuffer(): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtFlushWriteBuffer, ntdll, 'NtFlushWriteBuffer');
  Result := TFNNtFlushWriteBuffer(_NtFlushWriteBuffer)();
end;

// Dynamic version of NtFlushWriteBuffer
function  ZwFlushWriteBuffer(): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtFlushWriteBuffer, ntdll, 'NtFlushWriteBuffer');
  Result := TFNNtFlushWriteBuffer(_NtFlushWriteBuffer)();
end;

// Dynamic version of NtFreeUserPhysicalPages
function  NtFreeUserPhysicalPages(
    ProcessHandle : HANDLE;
    NumberOfPages : PULONG;
    PageFrameNumbers : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtFreeUserPhysicalPages, ntdll, 'NtFreeUserPhysicalPages');
  Result := TFNNtFreeUserPhysicalPages(_NtFreeUserPhysicalPages)(
    ProcessHandle, NumberOfPages, PageFrameNumbers
  );
end;

// Dynamic version of NtFreeUserPhysicalPages
function  ZwFreeUserPhysicalPages(
    ProcessHandle : HANDLE;
    NumberOfPages : PULONG;
    PageFrameNumbers : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtFreeUserPhysicalPages, ntdll, 'NtFreeUserPhysicalPages');
  Result := TFNNtFreeUserPhysicalPages(_NtFreeUserPhysicalPages)(
    ProcessHandle, NumberOfPages, PageFrameNumbers
  );
end;

// Dynamic version of NtFreeVirtualMemory
function  NtFreeVirtualMemory(
    ProcessHandle : HANDLE;
    BaseAddress : PPVOID;
    FreeSize : PULONG;
    FreeType : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtFreeVirtualMemory, ntdll, 'NtFreeVirtualMemory');
  Result := TFNNtFreeVirtualMemory(_NtFreeVirtualMemory)(
    ProcessHandle, BaseAddress, FreeSize, FreeType
  );
end;

// Dynamic version of NtFreeVirtualMemory
function  ZwFreeVirtualMemory(
    ProcessHandle : HANDLE;
    BaseAddress : PPVOID;
    FreeSize : PULONG;
    FreeType : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtFreeVirtualMemory, ntdll, 'NtFreeVirtualMemory');
  Result := TFNNtFreeVirtualMemory(_NtFreeVirtualMemory)(
    ProcessHandle, BaseAddress, FreeSize, FreeType
  );
end;

// Dynamic version of NtFsControlFile
function  NtFsControlFile(
    FileHandle : HANDLE;
    Event : HANDLE;
    ApcRoutine : PIO_APC_ROUTINE;
    ApcContext : PVOID;
    IoStatusBlock : PIO_STATUS_BLOCK;
    FsControlCode : ULONG;
    InputBuffer : PVOID;
    InputBufferLength : ULONG;
    OutputBuffer : PVOID;
    OutputBufferLength : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtFsControlFile, ntdll, 'NtFsControlFile');
  Result := TFNNtFsControlFile(_NtFsControlFile)(
    FileHandle, Event, ApcRoutine, ApcContext, IoStatusBlock, FsControlCode, InputBuffer, InputBufferLength, OutputBuffer, OutputBufferLength
  );
end;

// Dynamic version of NtFsControlFile
function  ZwFsControlFile(
    FileHandle : HANDLE;
    Event : HANDLE;
    ApcRoutine : PIO_APC_ROUTINE;
    ApcContext : PVOID;
    IoStatusBlock : PIO_STATUS_BLOCK;
    FsControlCode : ULONG;
    InputBuffer : PVOID;
    InputBufferLength : ULONG;
    OutputBuffer : PVOID;
    OutputBufferLength : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtFsControlFile, ntdll, 'NtFsControlFile');
  Result := TFNNtFsControlFile(_NtFsControlFile)(
    FileHandle, Event, ApcRoutine, ApcContext, IoStatusBlock, FsControlCode, InputBuffer, InputBufferLength, OutputBuffer, OutputBufferLength
  );
end;

// Dynamic version of NtGetContextThread
function  NtGetContextThread(
    ThreadHandle : HANDLE;
    Context : PCONTEXT
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtGetContextThread, ntdll, 'NtGetContextThread');
  Result := TFNNtGetContextThread(_NtGetContextThread)(
    ThreadHandle, Context
  );
end;

// Dynamic version of NtGetContextThread
function  ZwGetContextThread(
    ThreadHandle : HANDLE;
    Context : PCONTEXT
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtGetContextThread, ntdll, 'NtGetContextThread');
  Result := TFNNtGetContextThread(_NtGetContextThread)(
    ThreadHandle, Context
  );
end;

// Dynamic version of NtGetCurrentProcessorNumber
function  NtGetCurrentProcessorNumber(): ULONG; stdcall;
begin
  GetProcedureAddress(_NtGetCurrentProcessorNumber, ntdll, 'NtGetCurrentProcessorNumber');
  Result := TFNNtGetCurrentProcessorNumber(_NtGetCurrentProcessorNumber)();
end;

// Dynamic version of NtGetCurrentProcessorNumber
function  ZwGetCurrentProcessorNumber(): ULONG; stdcall;
begin
  GetProcedureAddress(_NtGetCurrentProcessorNumber, ntdll, 'NtGetCurrentProcessorNumber');
  Result := TFNNtGetCurrentProcessorNumber(_NtGetCurrentProcessorNumber)();
end;

// Dynamic version of NtGetDevicePowerState
function  NtGetDevicePowerState(
    DeviceHandle : HANDLE;
    DevicePowerState : PDEVICE_POWER_STATE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtGetDevicePowerState, ntdll, 'NtGetDevicePowerState');
  Result := TFNNtGetDevicePowerState(_NtGetDevicePowerState)(
    DeviceHandle, DevicePowerState
  );
end;

// Dynamic version of NtGetDevicePowerState
function  ZwGetDevicePowerState(
    DeviceHandle : HANDLE;
    DevicePowerState : PDEVICE_POWER_STATE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtGetDevicePowerState, ntdll, 'NtGetDevicePowerState');
  Result := TFNNtGetDevicePowerState(_NtGetDevicePowerState)(
    DeviceHandle, DevicePowerState
  );
end;

// Dynamic version of NtGetPlugPlayEvent
function  NtGetPlugPlayEvent(
    Reserved1 : ULONG;
    Reserved2 : ULONG;
    Buffer : PVOID;
    BufferLength : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtGetPlugPlayEvent, ntdll, 'NtGetPlugPlayEvent');
  Result := TFNNtGetPlugPlayEvent(_NtGetPlugPlayEvent)(
    Reserved1, Reserved2, Buffer, BufferLength
  );
end;

// Dynamic version of NtGetPlugPlayEvent
function  ZwGetPlugPlayEvent(
    Reserved1 : ULONG;
    Reserved2 : ULONG;
    Buffer : PVOID;
    BufferLength : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtGetPlugPlayEvent, ntdll, 'NtGetPlugPlayEvent');
  Result := TFNNtGetPlugPlayEvent(_NtGetPlugPlayEvent)(
    Reserved1, Reserved2, Buffer, BufferLength
  );
end;

// Dynamic version of NtGetTickCount
function  NtGetTickCount(): ULONG; stdcall;
begin
  GetProcedureAddress(_NtGetTickCount, ntdll, 'NtGetTickCount');
  Result := TFNNtGetTickCount(_NtGetTickCount)();
end;

// Dynamic version of NtGetTickCount
function  ZwGetTickCount(): ULONG; stdcall;
begin
  GetProcedureAddress(_NtGetTickCount, ntdll, 'NtGetTickCount');
  Result := TFNNtGetTickCount(_NtGetTickCount)();
end;

// Dynamic version of NtGetWriteWatch
function  NtGetWriteWatch(
    ProcessHandle : HANDLE;
    Flags : ULONG;
    BaseAddress : PVOID;
    RegionSize : ULONG;
    Buffer : PULONG;
    BufferEntries : PULONG;
    Granularity : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtGetWriteWatch, ntdll, 'NtGetWriteWatch');
  Result := TFNNtGetWriteWatch(_NtGetWriteWatch)(
    ProcessHandle, Flags, BaseAddress, RegionSize, Buffer, BufferEntries, Granularity
  );
end;

// Dynamic version of NtGetWriteWatch
function  ZwGetWriteWatch(
    ProcessHandle : HANDLE;
    Flags : ULONG;
    BaseAddress : PVOID;
    RegionSize : ULONG;
    Buffer : PULONG;
    BufferEntries : PULONG;
    Granularity : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtGetWriteWatch, ntdll, 'NtGetWriteWatch');
  Result := TFNNtGetWriteWatch(_NtGetWriteWatch)(
    ProcessHandle, Flags, BaseAddress, RegionSize, Buffer, BufferEntries, Granularity
  );
end;

// Dynamic version of NtImpersonateAnonymousToken
function  NtImpersonateAnonymousToken(
    ThreadHandle : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtImpersonateAnonymousToken, ntdll, 'NtImpersonateAnonymousToken');
  Result := TFNNtImpersonateAnonymousToken(_NtImpersonateAnonymousToken)(
    ThreadHandle
  );
end;

// Dynamic version of NtImpersonateAnonymousToken
function  ZwImpersonateAnonymousToken(
    ThreadHandle : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtImpersonateAnonymousToken, ntdll, 'NtImpersonateAnonymousToken');
  Result := TFNNtImpersonateAnonymousToken(_NtImpersonateAnonymousToken)(
    ThreadHandle
  );
end;

// Dynamic version of NtImpersonateClientOfPort
function  NtImpersonateClientOfPort(
    PortHandle : HANDLE;
    Message : PPORT_MESSAGE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtImpersonateClientOfPort, ntdll, 'NtImpersonateClientOfPort');
  Result := TFNNtImpersonateClientOfPort(_NtImpersonateClientOfPort)(
    PortHandle, Message
  );
end;

// Dynamic version of NtImpersonateClientOfPort
function  ZwImpersonateClientOfPort(
    PortHandle : HANDLE;
    Message : PPORT_MESSAGE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtImpersonateClientOfPort, ntdll, 'NtImpersonateClientOfPort');
  Result := TFNNtImpersonateClientOfPort(_NtImpersonateClientOfPort)(
    PortHandle, Message
  );
end;

// Dynamic version of NtImpersonateThread
function  NtImpersonateThread(
    ThreadHandle : HANDLE;
    TargetThreadHandle : HANDLE;
    SecurityQos : PSECURITY_QUALITY_OF_SERVICE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtImpersonateThread, ntdll, 'NtImpersonateThread');
  Result := TFNNtImpersonateThread(_NtImpersonateThread)(
    ThreadHandle, TargetThreadHandle, SecurityQos
  );
end;

// Dynamic version of NtImpersonateThread
function  ZwImpersonateThread(
    ThreadHandle : HANDLE;
    TargetThreadHandle : HANDLE;
    SecurityQos : PSECURITY_QUALITY_OF_SERVICE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtImpersonateThread, ntdll, 'NtImpersonateThread');
  Result := TFNNtImpersonateThread(_NtImpersonateThread)(
    ThreadHandle, TargetThreadHandle, SecurityQos
  );
end;

// Dynamic version of NtInitializeRegistry
function  NtInitializeRegistry(
    Setup : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtInitializeRegistry, ntdll, 'NtInitializeRegistry');
  Result := TFNNtInitializeRegistry(_NtInitializeRegistry)(
    Setup
  );
end;

// Dynamic version of NtInitializeRegistry
function  ZwInitializeRegistry(
    Setup : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtInitializeRegistry, ntdll, 'NtInitializeRegistry');
  Result := TFNNtInitializeRegistry(_NtInitializeRegistry)(
    Setup
  );
end;

// Dynamic version of NtInitiatePowerAction
function  NtInitiatePowerAction(
    SystemAction : POWER_ACTION;
    MinSystemState : SYSTEM_POWER_STATE;
    Flags : ULONG;
    Asynchronous : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtInitiatePowerAction, ntdll, 'NtInitiatePowerAction');
  Result := TFNNtInitiatePowerAction(_NtInitiatePowerAction)(
    SystemAction, MinSystemState, Flags, Asynchronous
  );
end;

// Dynamic version of NtInitiatePowerAction
function  ZwInitiatePowerAction(
    SystemAction : POWER_ACTION;
    MinSystemState : SYSTEM_POWER_STATE;
    Flags : ULONG;
    Asynchronous : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtInitiatePowerAction, ntdll, 'NtInitiatePowerAction');
  Result := TFNNtInitiatePowerAction(_NtInitiatePowerAction)(
    SystemAction, MinSystemState, Flags, Asynchronous
  );
end;

// Dynamic version of NtIsSystemResumeAutomatic
function  NtIsSystemResumeAutomatic(): BOOLEAN; stdcall;
begin
  GetProcedureAddress(_NtIsSystemResumeAutomatic, ntdll, 'NtIsSystemResumeAutomatic');
  Result := TFNNtIsSystemResumeAutomatic(_NtIsSystemResumeAutomatic)();
end;

// Dynamic version of NtIsSystemResumeAutomatic
function  ZwIsSystemResumeAutomatic(): BOOLEAN; stdcall;
begin
  GetProcedureAddress(_NtIsSystemResumeAutomatic, ntdll, 'NtIsSystemResumeAutomatic');
  Result := TFNNtIsSystemResumeAutomatic(_NtIsSystemResumeAutomatic)();
end;

// Dynamic version of NtListenChannel
function  NtListenChannel(
    x : PVOID;
    y : PVOID
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtListenChannel, ntdll, 'NtListenChannel');
  Result := TFNNtListenChannel(_NtListenChannel)(
    x, y
  );
end;

// Dynamic version of NtListenChannel
function  ZwListenChannel(
    x : PVOID;
    y : PVOID
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtListenChannel, ntdll, 'NtListenChannel');
  Result := TFNNtListenChannel(_NtListenChannel)(
    x, y
  );
end;

// Dynamic version of NtListenPort
function  NtListenPort(
    PortHandle : HANDLE;
    Message : PPORT_MESSAGE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtListenPort, ntdll, 'NtListenPort');
  Result := TFNNtListenPort(_NtListenPort)(
    PortHandle, Message
  );
end;

// Dynamic version of NtListenPort
function  ZwListenPort(
    PortHandle : HANDLE;
    Message : PPORT_MESSAGE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtListenPort, ntdll, 'NtListenPort');
  Result := TFNNtListenPort(_NtListenPort)(
    PortHandle, Message
  );
end;

// Dynamic version of NtLoadDriver
function  NtLoadDriver(
    DriverServiceName : PUNICODE_STRING
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtLoadDriver, ntdll, 'NtLoadDriver');
  Result := TFNNtLoadDriver(_NtLoadDriver)(
    DriverServiceName
  );
end;

// Dynamic version of NtLoadDriver
function  ZwLoadDriver(
    DriverServiceName : PUNICODE_STRING
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtLoadDriver, ntdll, 'NtLoadDriver');
  Result := TFNNtLoadDriver(_NtLoadDriver)(
    DriverServiceName
  );
end;

// Dynamic version of NtLoadKey
function  NtLoadKey(
    KeyObjectAttributes : POBJECT_ATTRIBUTES;
    FileObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtLoadKey, ntdll, 'NtLoadKey');
  Result := TFNNtLoadKey(_NtLoadKey)(
    KeyObjectAttributes, FileObjectAttributes
  );
end;

// Dynamic version of NtLoadKey
function  ZwLoadKey(
    KeyObjectAttributes : POBJECT_ATTRIBUTES;
    FileObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtLoadKey, ntdll, 'NtLoadKey');
  Result := TFNNtLoadKey(_NtLoadKey)(
    KeyObjectAttributes, FileObjectAttributes
  );
end;

// Dynamic version of NtLoadKey2
function  NtLoadKey2(
    KeyObjectAttributes : POBJECT_ATTRIBUTES;
    FileObjectAttributes : POBJECT_ATTRIBUTES;
    Flags : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtLoadKey2, ntdll, 'NtLoadKey2');
  Result := TFNNtLoadKey2(_NtLoadKey2)(
    KeyObjectAttributes, FileObjectAttributes, Flags
  );
end;

// Dynamic version of NtLoadKey2
function  ZwLoadKey2(
    KeyObjectAttributes : POBJECT_ATTRIBUTES;
    FileObjectAttributes : POBJECT_ATTRIBUTES;
    Flags : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtLoadKey2, ntdll, 'NtLoadKey2');
  Result := TFNNtLoadKey2(_NtLoadKey2)(
    KeyObjectAttributes, FileObjectAttributes, Flags
  );
end;

// Dynamic version of NtLockFile
function  NtLockFile(
    FileHandle : HANDLE;
    Event : HANDLE;
    ApcRoutine : PIO_APC_ROUTINE;
    ApcContext : PVOID;
    IoStatusBlock : PIO_STATUS_BLOCK;
    LockOffset : PULARGE_INTEGER;
    LockLength : PULARGE_INTEGER;
    Key : ULONG;
    FailImmediately : BOOLEAN;
    ExclusiveLock : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtLockFile, ntdll, 'NtLockFile');
  Result := TFNNtLockFile(_NtLockFile)(
    FileHandle, Event, ApcRoutine, ApcContext, IoStatusBlock, LockOffset, LockLength, Key, FailImmediately, ExclusiveLock
  );
end;

// Dynamic version of NtLockFile
function  ZwLockFile(
    FileHandle : HANDLE;
    Event : HANDLE;
    ApcRoutine : PIO_APC_ROUTINE;
    ApcContext : PVOID;
    IoStatusBlock : PIO_STATUS_BLOCK;
    LockOffset : PULARGE_INTEGER;
    LockLength : PULARGE_INTEGER;
    Key : ULONG;
    FailImmediately : BOOLEAN;
    ExclusiveLock : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtLockFile, ntdll, 'NtLockFile');
  Result := TFNNtLockFile(_NtLockFile)(
    FileHandle, Event, ApcRoutine, ApcContext, IoStatusBlock, LockOffset, LockLength, Key, FailImmediately, ExclusiveLock
  );
end;

// Dynamic version of NtLockVirtualMemory
function  NtLockVirtualMemory(
    ProcessHandle : HANDLE;
    BaseAddress : PPVOID;
    LockSize : PULONG;
    LockType : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtLockVirtualMemory, ntdll, 'NtLockVirtualMemory');
  Result := TFNNtLockVirtualMemory(_NtLockVirtualMemory)(
    ProcessHandle, BaseAddress, LockSize, LockType
  );
end;

// Dynamic version of NtLockVirtualMemory
function  ZwLockVirtualMemory(
    ProcessHandle : HANDLE;
    BaseAddress : PPVOID;
    LockSize : PULONG;
    LockType : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtLockVirtualMemory, ntdll, 'NtLockVirtualMemory');
  Result := TFNNtLockVirtualMemory(_NtLockVirtualMemory)(
    ProcessHandle, BaseAddress, LockSize, LockType
  );
end;

// Dynamic version of NtMakePermanentObject
function  NtMakePermanentObject(
    Handle : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtMakePermanentObject, ntdll, 'NtMakePermanentObject');
  Result := TFNNtMakePermanentObject(_NtMakePermanentObject)(
    Handle
  );
end;

// Dynamic version of NtMakePermanentObject
function  ZwMakePermanentObject(
    Handle : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtMakePermanentObject, ntdll, 'NtMakePermanentObject');
  Result := TFNNtMakePermanentObject(_NtMakePermanentObject)(
    Handle
  );
end;

// Dynamic version of NtMakeTemporaryObject
function  NtMakeTemporaryObject(
    Handle : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtMakeTemporaryObject, ntdll, 'NtMakeTemporaryObject');
  Result := TFNNtMakeTemporaryObject(_NtMakeTemporaryObject)(
    Handle
  );
end;

// Dynamic version of NtMakeTemporaryObject
function  ZwMakeTemporaryObject(
    Handle : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtMakeTemporaryObject, ntdll, 'NtMakeTemporaryObject');
  Result := TFNNtMakeTemporaryObject(_NtMakeTemporaryObject)(
    Handle
  );
end;

// Dynamic version of NtMapUserPhysicalPages
function  NtMapUserPhysicalPages(
    BaseAddress : PVOID;
    NumberOfPages : PULONG;
    PageFrameNumbers : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtMapUserPhysicalPages, ntdll, 'NtMapUserPhysicalPages');
  Result := TFNNtMapUserPhysicalPages(_NtMapUserPhysicalPages)(
    BaseAddress, NumberOfPages, PageFrameNumbers
  );
end;

// Dynamic version of NtMapUserPhysicalPages
function  ZwMapUserPhysicalPages(
    BaseAddress : PVOID;
    NumberOfPages : PULONG;
    PageFrameNumbers : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtMapUserPhysicalPages, ntdll, 'NtMapUserPhysicalPages');
  Result := TFNNtMapUserPhysicalPages(_NtMapUserPhysicalPages)(
    BaseAddress, NumberOfPages, PageFrameNumbers
  );
end;

// Dynamic version of NtMapUserPhysicalPagesScatter
function  NtMapUserPhysicalPagesScatter(
    BaseAddresses : PPVOID;
    NumberOfPages : PULONG;
    PageFrameNumbers : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtMapUserPhysicalPagesScatter, ntdll, 'NtMapUserPhysicalPagesScatter');
  Result := TFNNtMapUserPhysicalPagesScatter(_NtMapUserPhysicalPagesScatter)(
    BaseAddresses, NumberOfPages, PageFrameNumbers
  );
end;

// Dynamic version of NtMapUserPhysicalPagesScatter
function  ZwMapUserPhysicalPagesScatter(
    BaseAddresses : PPVOID;
    NumberOfPages : PULONG;
    PageFrameNumbers : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtMapUserPhysicalPagesScatter, ntdll, 'NtMapUserPhysicalPagesScatter');
  Result := TFNNtMapUserPhysicalPagesScatter(_NtMapUserPhysicalPagesScatter)(
    BaseAddresses, NumberOfPages, PageFrameNumbers
  );
end;

// Dynamic version of NtMapViewOfSection
function  NtMapViewOfSection(
    SectionHandle : HANDLE;
    ProcessHandle : HANDLE;
    BaseAddress : PPVOID;
    ZeroBits : ULONG;
    CommitSize : ULONG;
    SectionOffset : PLARGE_INTEGER;
    ViewSize : PULONG;
    InheritDisposition : SECTION_INHERIT;
    AllocationType : ULONG;
    Protect : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtMapViewOfSection, ntdll, 'NtMapViewOfSection');
  Result := TFNNtMapViewOfSection(_NtMapViewOfSection)(
    SectionHandle, ProcessHandle, BaseAddress, ZeroBits, CommitSize, SectionOffset, ViewSize, InheritDisposition, AllocationType, Protect
  );
end;

// Dynamic version of NtMapViewOfSection
function  ZwMapViewOfSection(
    SectionHandle : HANDLE;
    ProcessHandle : HANDLE;
    BaseAddress : PPVOID;
    ZeroBits : ULONG;
    CommitSize : ULONG;
    SectionOffset : PLARGE_INTEGER;
    ViewSize : PULONG;
    InheritDisposition : SECTION_INHERIT;
    AllocationType : ULONG;
    Protect : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtMapViewOfSection, ntdll, 'NtMapViewOfSection');
  Result := TFNNtMapViewOfSection(_NtMapViewOfSection)(
    SectionHandle, ProcessHandle, BaseAddress, ZeroBits, CommitSize, SectionOffset, ViewSize, InheritDisposition, AllocationType, Protect
  );
end;

// Dynamic version of NtNotifyChangeDirectoryFile
function  NtNotifyChangeDirectoryFile(
    FileHandle : HANDLE;
    Event : HANDLE;
    ApcRoutine : PIO_APC_ROUTINE;
    ApcContext : PVOID;
    IoStatusBlock : PIO_STATUS_BLOCK;
    Buffer : PFILE_NOTIFY_INFORMATION;
    BufferLength : ULONG;
    NotifyFilter : ULONG;
    WatchSubtree : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtNotifyChangeDirectoryFile, ntdll, 'NtNotifyChangeDirectoryFile');
  Result := TFNNtNotifyChangeDirectoryFile(_NtNotifyChangeDirectoryFile)(
    FileHandle, Event, ApcRoutine, ApcContext, IoStatusBlock, Buffer, BufferLength, NotifyFilter, WatchSubtree
  );
end;

// Dynamic version of NtNotifyChangeDirectoryFile
function  ZwNotifyChangeDirectoryFile(
    FileHandle : HANDLE;
    Event : HANDLE;
    ApcRoutine : PIO_APC_ROUTINE;
    ApcContext : PVOID;
    IoStatusBlock : PIO_STATUS_BLOCK;
    Buffer : PFILE_NOTIFY_INFORMATION;
    BufferLength : ULONG;
    NotifyFilter : ULONG;
    WatchSubtree : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtNotifyChangeDirectoryFile, ntdll, 'NtNotifyChangeDirectoryFile');
  Result := TFNNtNotifyChangeDirectoryFile(_NtNotifyChangeDirectoryFile)(
    FileHandle, Event, ApcRoutine, ApcContext, IoStatusBlock, Buffer, BufferLength, NotifyFilter, WatchSubtree
  );
end;

// Dynamic version of NtNotifyChangeKey
function  NtNotifyChangeKey(
    KeyHandle : HANDLE;
    EventHandle : HANDLE;
    ApcRoutine : PIO_APC_ROUTINE;
    ApcContext : PVOID;
    IoStatusBlock : PIO_STATUS_BLOCK;
    NotifyFilter : ULONG;
    WatchSubtree : BOOLEAN;
    Buffer : PVOID;
    BufferLength : ULONG;
    Asynchronous : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtNotifyChangeKey, ntdll, 'NtNotifyChangeKey');
  Result := TFNNtNotifyChangeKey(_NtNotifyChangeKey)(
    KeyHandle, EventHandle, ApcRoutine, ApcContext, IoStatusBlock, NotifyFilter, WatchSubtree, Buffer, BufferLength, Asynchronous
  );
end;

// Dynamic version of NtNotifyChangeKey
function  ZwNotifyChangeKey(
    KeyHandle : HANDLE;
    EventHandle : HANDLE;
    ApcRoutine : PIO_APC_ROUTINE;
    ApcContext : PVOID;
    IoStatusBlock : PIO_STATUS_BLOCK;
    NotifyFilter : ULONG;
    WatchSubtree : BOOLEAN;
    Buffer : PVOID;
    BufferLength : ULONG;
    Asynchronous : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtNotifyChangeKey, ntdll, 'NtNotifyChangeKey');
  Result := TFNNtNotifyChangeKey(_NtNotifyChangeKey)(
    KeyHandle, EventHandle, ApcRoutine, ApcContext, IoStatusBlock, NotifyFilter, WatchSubtree, Buffer, BufferLength, Asynchronous
  );
end;

// Dynamic version of NtNotifyChangeMultipleKeys
function  NtNotifyChangeMultipleKeys(
    KeyHandle : HANDLE;
    Flags : ULONG;
    KeyObjectAttributes : POBJECT_ATTRIBUTES;
    EventHandle : HANDLE;
    ApcRoutine : PIO_APC_ROUTINE;
    ApcContext : PVOID;
    IoStatusBlock : PIO_STATUS_BLOCK;
    NotifyFilter : ULONG;
    WatchSubtree : BOOLEAN;
    Buffer : PVOID;
    BufferLength : ULONG;
    Asynchronous : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtNotifyChangeMultipleKeys, ntdll, 'NtNotifyChangeMultipleKeys');
  Result := TFNNtNotifyChangeMultipleKeys(_NtNotifyChangeMultipleKeys)(
    KeyHandle, Flags, KeyObjectAttributes, EventHandle, ApcRoutine, ApcContext, IoStatusBlock, NotifyFilter, WatchSubtree, Buffer, BufferLength, Asynchronous
  );
end;

// Dynamic version of NtNotifyChangeMultipleKeys
function  ZwNotifyChangeMultipleKeys(
    KeyHandle : HANDLE;
    Flags : ULONG;
    KeyObjectAttributes : POBJECT_ATTRIBUTES;
    EventHandle : HANDLE;
    ApcRoutine : PIO_APC_ROUTINE;
    ApcContext : PVOID;
    IoStatusBlock : PIO_STATUS_BLOCK;
    NotifyFilter : ULONG;
    WatchSubtree : BOOLEAN;
    Buffer : PVOID;
    BufferLength : ULONG;
    Asynchronous : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtNotifyChangeMultipleKeys, ntdll, 'NtNotifyChangeMultipleKeys');
  Result := TFNNtNotifyChangeMultipleKeys(_NtNotifyChangeMultipleKeys)(
    KeyHandle, Flags, KeyObjectAttributes, EventHandle, ApcRoutine, ApcContext, IoStatusBlock, NotifyFilter, WatchSubtree, Buffer, BufferLength, Asynchronous
  );
end;

// Dynamic version of NtOpenChannel
function  NtOpenChannel(
    ChannelHandle : PHANDLE;
    ObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtOpenChannel, ntdll, 'NtOpenChannel');
  Result := TFNNtOpenChannel(_NtOpenChannel)(
    ChannelHandle, ObjectAttributes
  );
end;

// Dynamic version of NtOpenChannel
function  ZwOpenChannel(
    ChannelHandle : PHANDLE;
    ObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtOpenChannel, ntdll, 'NtOpenChannel');
  Result := TFNNtOpenChannel(_NtOpenChannel)(
    ChannelHandle, ObjectAttributes
  );
end;

// Dynamic version of NtOpenDirectoryObject
function  NtOpenDirectoryObject(
    DirectoryHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtOpenDirectoryObject, ntdll, 'NtOpenDirectoryObject');
  Result := TFNNtOpenDirectoryObject(_NtOpenDirectoryObject)(
    DirectoryHandle, DesiredAccess, ObjectAttributes
  );
end;

// Dynamic version of NtOpenDirectoryObject
function  ZwOpenDirectoryObject(
    DirectoryHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtOpenDirectoryObject, ntdll, 'NtOpenDirectoryObject');
  Result := TFNNtOpenDirectoryObject(_NtOpenDirectoryObject)(
    DirectoryHandle, DesiredAccess, ObjectAttributes
  );
end;

// Dynamic version of NtOpenEvent
function  NtOpenEvent(
    EventHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtOpenEvent, ntdll, 'NtOpenEvent');
  Result := TFNNtOpenEvent(_NtOpenEvent)(
    EventHandle, DesiredAccess, ObjectAttributes
  );
end;

// Dynamic version of NtOpenEvent
function  ZwOpenEvent(
    EventHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtOpenEvent, ntdll, 'NtOpenEvent');
  Result := TFNNtOpenEvent(_NtOpenEvent)(
    EventHandle, DesiredAccess, ObjectAttributes
  );
end;

// Dynamic version of NtOpenEventPair
function  NtOpenEventPair(
    EventPairHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtOpenEventPair, ntdll, 'NtOpenEventPair');
  Result := TFNNtOpenEventPair(_NtOpenEventPair)(
    EventPairHandle, DesiredAccess, ObjectAttributes
  );
end;

// Dynamic version of NtOpenEventPair
function  ZwOpenEventPair(
    EventPairHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtOpenEventPair, ntdll, 'NtOpenEventPair');
  Result := TFNNtOpenEventPair(_NtOpenEventPair)(
    EventPairHandle, DesiredAccess, ObjectAttributes
  );
end;

// Dynamic version of NtOpenFile
function  NtOpenFile(
    FileHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    IoStatusBlock : PIO_STATUS_BLOCK;
    ShareAccess : ULONG;
    OpenOptions : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtOpenFile, ntdll, 'NtOpenFile');
  Result := TFNNtOpenFile(_NtOpenFile)(
    FileHandle, DesiredAccess, ObjectAttributes, IoStatusBlock, ShareAccess, OpenOptions
  );
end;

// Dynamic version of NtOpenFile
function  ZwOpenFile(
    FileHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    IoStatusBlock : PIO_STATUS_BLOCK;
    ShareAccess : ULONG;
    OpenOptions : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtOpenFile, ntdll, 'NtOpenFile');
  Result := TFNNtOpenFile(_NtOpenFile)(
    FileHandle, DesiredAccess, ObjectAttributes, IoStatusBlock, ShareAccess, OpenOptions
  );
end;

// Dynamic version of NtOpenIoCompletion
function  NtOpenIoCompletion(
    IoCompletionHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtOpenIoCompletion, ntdll, 'NtOpenIoCompletion');
  Result := TFNNtOpenIoCompletion(_NtOpenIoCompletion)(
    IoCompletionHandle, DesiredAccess, ObjectAttributes
  );
end;

// Dynamic version of NtOpenIoCompletion
function  ZwOpenIoCompletion(
    IoCompletionHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtOpenIoCompletion, ntdll, 'NtOpenIoCompletion');
  Result := TFNNtOpenIoCompletion(_NtOpenIoCompletion)(
    IoCompletionHandle, DesiredAccess, ObjectAttributes
  );
end;

// Dynamic version of NtOpenJobObject
function  NtOpenJobObject(
    JobHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtOpenJobObject, ntdll, 'NtOpenJobObject');
  Result := TFNNtOpenJobObject(_NtOpenJobObject)(
    JobHandle, DesiredAccess, ObjectAttributes
  );
end;

// Dynamic version of NtOpenJobObject
function  ZwOpenJobObject(
    JobHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtOpenJobObject, ntdll, 'NtOpenJobObject');
  Result := TFNNtOpenJobObject(_NtOpenJobObject)(
    JobHandle, DesiredAccess, ObjectAttributes
  );
end;

// Dynamic version of NtOpenKey
function  NtOpenKey(
    KeyHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtOpenKey, ntdll, 'NtOpenKey');
  Result := TFNNtOpenKey(_NtOpenKey)(
    KeyHandle, DesiredAccess, ObjectAttributes
  );
end;

// Dynamic version of NtOpenKey
function  ZwOpenKey(
    KeyHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtOpenKey, ntdll, 'NtOpenKey');
  Result := TFNNtOpenKey(_NtOpenKey)(
    KeyHandle, DesiredAccess, ObjectAttributes
  );
end;

// Dynamic version of NtOpenMutant
function  NtOpenMutant(
    MutantHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtOpenMutant, ntdll, 'NtOpenMutant');
  Result := TFNNtOpenMutant(_NtOpenMutant)(
    MutantHandle, DesiredAccess, ObjectAttributes
  );
end;

// Dynamic version of NtOpenMutant
function  ZwOpenMutant(
    MutantHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtOpenMutant, ntdll, 'NtOpenMutant');
  Result := TFNNtOpenMutant(_NtOpenMutant)(
    MutantHandle, DesiredAccess, ObjectAttributes
  );
end;

// Dynamic version of NtOpenObjectAuditAlarm
function  NtOpenObjectAuditAlarm(
    SubsystemName : PUNICODE_STRING;
    HandleId : PPVOID;
    ObjectTypeName : PUNICODE_STRING;
    ObjectName : PUNICODE_STRING;
    SecurityDescriptor : PSECURITY_DESCRIPTOR;
    TokenHandle : HANDLE;
    DesiredAccess : ACCESS_MASK;
    GrantedAccess : ACCESS_MASK;
    Privileges : PPRIVILEGE_SET;
    ObjectCreation : BOOLEAN;
    AccessGranted : BOOLEAN;
    GenerateOnClose : PBOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtOpenObjectAuditAlarm, ntdll, 'NtOpenObjectAuditAlarm');
  Result := TFNNtOpenObjectAuditAlarm(_NtOpenObjectAuditAlarm)(
    SubsystemName, HandleId, ObjectTypeName, ObjectName, SecurityDescriptor, TokenHandle, DesiredAccess, GrantedAccess, Privileges, ObjectCreation, AccessGranted, GenerateOnClose
  );
end;

// Dynamic version of NtOpenObjectAuditAlarm
function  ZwOpenObjectAuditAlarm(
    SubsystemName : PUNICODE_STRING;
    HandleId : PPVOID;
    ObjectTypeName : PUNICODE_STRING;
    ObjectName : PUNICODE_STRING;
    SecurityDescriptor : PSECURITY_DESCRIPTOR;
    TokenHandle : HANDLE;
    DesiredAccess : ACCESS_MASK;
    GrantedAccess : ACCESS_MASK;
    Privileges : PPRIVILEGE_SET;
    ObjectCreation : BOOLEAN;
    AccessGranted : BOOLEAN;
    GenerateOnClose : PBOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtOpenObjectAuditAlarm, ntdll, 'NtOpenObjectAuditAlarm');
  Result := TFNNtOpenObjectAuditAlarm(_NtOpenObjectAuditAlarm)(
    SubsystemName, HandleId, ObjectTypeName, ObjectName, SecurityDescriptor, TokenHandle, DesiredAccess, GrantedAccess, Privileges, ObjectCreation, AccessGranted, GenerateOnClose
  );
end;

// Dynamic version of NtOpenProcess
function  NtOpenProcess(
    ProcessHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    ClientId : PCLIENT_ID
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtOpenProcess, ntdll, 'NtOpenProcess');
  Result := TFNNtOpenProcess(_NtOpenProcess)(
    ProcessHandle, DesiredAccess, ObjectAttributes, ClientId
  );
end;

// Dynamic version of NtOpenProcess
function  ZwOpenProcess(
    ProcessHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    ClientId : PCLIENT_ID
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtOpenProcess, ntdll, 'NtOpenProcess');
  Result := TFNNtOpenProcess(_NtOpenProcess)(
    ProcessHandle, DesiredAccess, ObjectAttributes, ClientId
  );
end;

// Dynamic version of NtOpenProcessToken
function  NtOpenProcessToken(
    ProcessHandle : HANDLE;
    DesiredAccess : ACCESS_MASK;
    TokenHandle : PHANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtOpenProcessToken, ntdll, 'NtOpenProcessToken');
  Result := TFNNtOpenProcessToken(_NtOpenProcessToken)(
    ProcessHandle, DesiredAccess, TokenHandle
  );
end;

// Dynamic version of NtOpenProcessToken
function  ZwOpenProcessToken(
    ProcessHandle : HANDLE;
    DesiredAccess : ACCESS_MASK;
    TokenHandle : PHANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtOpenProcessToken, ntdll, 'NtOpenProcessToken');
  Result := TFNNtOpenProcessToken(_NtOpenProcessToken)(
    ProcessHandle, DesiredAccess, TokenHandle
  );
end;

// Dynamic version of NtOpenSection
function  NtOpenSection(
    SectionHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtOpenSection, ntdll, 'NtOpenSection');
  Result := TFNNtOpenSection(_NtOpenSection)(
    SectionHandle, DesiredAccess, ObjectAttributes
  );
end;

// Dynamic version of NtOpenSection
function  ZwOpenSection(
    SectionHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtOpenSection, ntdll, 'NtOpenSection');
  Result := TFNNtOpenSection(_NtOpenSection)(
    SectionHandle, DesiredAccess, ObjectAttributes
  );
end;

// Dynamic version of NtOpenSemaphore
function  NtOpenSemaphore(
    SemaphoreHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtOpenSemaphore, ntdll, 'NtOpenSemaphore');
  Result := TFNNtOpenSemaphore(_NtOpenSemaphore)(
    SemaphoreHandle, DesiredAccess, ObjectAttributes
  );
end;

// Dynamic version of NtOpenSemaphore
function  ZwOpenSemaphore(
    SemaphoreHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtOpenSemaphore, ntdll, 'NtOpenSemaphore');
  Result := TFNNtOpenSemaphore(_NtOpenSemaphore)(
    SemaphoreHandle, DesiredAccess, ObjectAttributes
  );
end;

// Dynamic version of NtOpenSymbolicLinkObject
function  NtOpenSymbolicLinkObject(
    SymbolicLinkHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtOpenSymbolicLinkObject, ntdll, 'NtOpenSymbolicLinkObject');
  Result := TFNNtOpenSymbolicLinkObject(_NtOpenSymbolicLinkObject)(
    SymbolicLinkHandle, DesiredAccess, ObjectAttributes
  );
end;

// Dynamic version of NtOpenSymbolicLinkObject
function  ZwOpenSymbolicLinkObject(
    SymbolicLinkHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtOpenSymbolicLinkObject, ntdll, 'NtOpenSymbolicLinkObject');
  Result := TFNNtOpenSymbolicLinkObject(_NtOpenSymbolicLinkObject)(
    SymbolicLinkHandle, DesiredAccess, ObjectAttributes
  );
end;

// Dynamic version of NtOpenThread
function  NtOpenThread(
    ThreadHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    ClientId : PCLIENT_ID
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtOpenThread, ntdll, 'NtOpenThread');
  Result := TFNNtOpenThread(_NtOpenThread)(
    ThreadHandle, DesiredAccess, ObjectAttributes, ClientId
  );
end;

// Dynamic version of NtOpenThread
function  ZwOpenThread(
    ThreadHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    ClientId : PCLIENT_ID
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtOpenThread, ntdll, 'NtOpenThread');
  Result := TFNNtOpenThread(_NtOpenThread)(
    ThreadHandle, DesiredAccess, ObjectAttributes, ClientId
  );
end;

// Dynamic version of NtOpenThreadToken
function  NtOpenThreadToken(
    ThreadHandle : HANDLE;
    DesiredAccess : ACCESS_MASK;
    OpenAsSelf : BOOLEAN;
    TokenHandle : PHANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtOpenThreadToken, ntdll, 'NtOpenThreadToken');
  Result := TFNNtOpenThreadToken(_NtOpenThreadToken)(
    ThreadHandle, DesiredAccess, OpenAsSelf, TokenHandle
  );
end;

// Dynamic version of NtOpenThreadToken
function  ZwOpenThreadToken(
    ThreadHandle : HANDLE;
    DesiredAccess : ACCESS_MASK;
    OpenAsSelf : BOOLEAN;
    TokenHandle : PHANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtOpenThreadToken, ntdll, 'NtOpenThreadToken');
  Result := TFNNtOpenThreadToken(_NtOpenThreadToken)(
    ThreadHandle, DesiredAccess, OpenAsSelf, TokenHandle
  );
end;

// Dynamic version of NtOpenTimer
function  NtOpenTimer(
    TimerHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtOpenTimer, ntdll, 'NtOpenTimer');
  Result := TFNNtOpenTimer(_NtOpenTimer)(
    TimerHandle, DesiredAccess, ObjectAttributes
  );
end;

// Dynamic version of NtOpenTimer
function  ZwOpenTimer(
    TimerHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtOpenTimer, ntdll, 'NtOpenTimer');
  Result := TFNNtOpenTimer(_NtOpenTimer)(
    TimerHandle, DesiredAccess, ObjectAttributes
  );
end;

// Dynamic version of NtPlugPlayControl
function  NtPlugPlayControl(
    ControlCode : ULONG;
    Buffer : PVOID;
    BufferLength : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtPlugPlayControl, ntdll, 'NtPlugPlayControl');
  Result := TFNNtPlugPlayControl(_NtPlugPlayControl)(
    ControlCode, Buffer, BufferLength
  );
end;

// Dynamic version of NtPlugPlayControl
function  ZwPlugPlayControl(
    ControlCode : ULONG;
    Buffer : PVOID;
    BufferLength : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtPlugPlayControl, ntdll, 'NtPlugPlayControl');
  Result := TFNNtPlugPlayControl(_NtPlugPlayControl)(
    ControlCode, Buffer, BufferLength
  );
end;

// Dynamic version of NtPowerInformation
function  NtPowerInformation(
    PowerInformationLevel : POWER_INFORMATION_LEVEL;
    InputBuffer : PVOID;
    InputBufferLength : ULONG;
    OutputBuffer : PVOID;
    OutputBufferLength : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtPowerInformation, ntdll, 'NtPowerInformation');
  Result := TFNNtPowerInformation(_NtPowerInformation)(
    PowerInformationLevel, InputBuffer, InputBufferLength, OutputBuffer, OutputBufferLength
  );
end;

// Dynamic version of NtPowerInformation
function  ZwPowerInformation(
    PowerInformationLevel : POWER_INFORMATION_LEVEL;
    InputBuffer : PVOID;
    InputBufferLength : ULONG;
    OutputBuffer : PVOID;
    OutputBufferLength : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtPowerInformation, ntdll, 'NtPowerInformation');
  Result := TFNNtPowerInformation(_NtPowerInformation)(
    PowerInformationLevel, InputBuffer, InputBufferLength, OutputBuffer, OutputBufferLength
  );
end;

// Dynamic version of NtPrivilegeCheck
function  NtPrivilegeCheck(
    TokenHandle : HANDLE;
    RequiredPrivileges : PPRIVILEGE_SET;
    Result_ : PBOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtPrivilegeCheck, ntdll, 'NtPrivilegeCheck');
  Result := TFNNtPrivilegeCheck(_NtPrivilegeCheck)(
    TokenHandle, RequiredPrivileges, Result_
  );
end;

// Dynamic version of NtPrivilegeCheck
function  ZwPrivilegeCheck(
    TokenHandle : HANDLE;
    RequiredPrivileges : PPRIVILEGE_SET;
    Result_ : PBOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtPrivilegeCheck, ntdll, 'NtPrivilegeCheck');
  Result := TFNNtPrivilegeCheck(_NtPrivilegeCheck)(
    TokenHandle, RequiredPrivileges, Result_
  );
end;

// Dynamic version of NtPrivilegeObjectAuditAlarm
function  NtPrivilegeObjectAuditAlarm(
    SubsystemName : PUNICODE_STRING;
    HandleId : PVOID;
    TokenHandle : HANDLE;
    DesiredAccess : ACCESS_MASK;
    Privileges : PPRIVILEGE_SET;
    AccessGranted : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtPrivilegeObjectAuditAlarm, ntdll, 'NtPrivilegeObjectAuditAlarm');
  Result := TFNNtPrivilegeObjectAuditAlarm(_NtPrivilegeObjectAuditAlarm)(
    SubsystemName, HandleId, TokenHandle, DesiredAccess, Privileges, AccessGranted
  );
end;

// Dynamic version of NtPrivilegeObjectAuditAlarm
function  ZwPrivilegeObjectAuditAlarm(
    SubsystemName : PUNICODE_STRING;
    HandleId : PVOID;
    TokenHandle : HANDLE;
    DesiredAccess : ACCESS_MASK;
    Privileges : PPRIVILEGE_SET;
    AccessGranted : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtPrivilegeObjectAuditAlarm, ntdll, 'NtPrivilegeObjectAuditAlarm');
  Result := TFNNtPrivilegeObjectAuditAlarm(_NtPrivilegeObjectAuditAlarm)(
    SubsystemName, HandleId, TokenHandle, DesiredAccess, Privileges, AccessGranted
  );
end;

// Dynamic version of NtPrivilegedServiceAuditAlarm
function  NtPrivilegedServiceAuditAlarm(
    SubsystemName : PUNICODE_STRING;
    ServiceName : PUNICODE_STRING;
    TokenHandle : HANDLE;
    Privileges : PPRIVILEGE_SET;
    AccessGranted : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtPrivilegedServiceAuditAlarm, ntdll, 'NtPrivilegedServiceAuditAlarm');
  Result := TFNNtPrivilegedServiceAuditAlarm(_NtPrivilegedServiceAuditAlarm)(
    SubsystemName, ServiceName, TokenHandle, Privileges, AccessGranted
  );
end;

// Dynamic version of NtPrivilegedServiceAuditAlarm
function  ZwPrivilegedServiceAuditAlarm(
    SubsystemName : PUNICODE_STRING;
    ServiceName : PUNICODE_STRING;
    TokenHandle : HANDLE;
    Privileges : PPRIVILEGE_SET;
    AccessGranted : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtPrivilegedServiceAuditAlarm, ntdll, 'NtPrivilegedServiceAuditAlarm');
  Result := TFNNtPrivilegedServiceAuditAlarm(_NtPrivilegedServiceAuditAlarm)(
    SubsystemName, ServiceName, TokenHandle, Privileges, AccessGranted
  );
end;

// Dynamic version of NtProtectVirtualMemory
function  NtProtectVirtualMemory(
    ProcessHandle : HANDLE;
    BaseAddress : PPVOID;
    ProtectSize : PULONG;
    NewProtect : ULONG;
    OldProtect : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtProtectVirtualMemory, ntdll, 'NtProtectVirtualMemory');
  Result := TFNNtProtectVirtualMemory(_NtProtectVirtualMemory)(
    ProcessHandle, BaseAddress, ProtectSize, NewProtect, OldProtect
  );
end;

// Dynamic version of NtProtectVirtualMemory
function  ZwProtectVirtualMemory(
    ProcessHandle : HANDLE;
    BaseAddress : PPVOID;
    ProtectSize : PULONG;
    NewProtect : ULONG;
    OldProtect : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtProtectVirtualMemory, ntdll, 'NtProtectVirtualMemory');
  Result := TFNNtProtectVirtualMemory(_NtProtectVirtualMemory)(
    ProcessHandle, BaseAddress, ProtectSize, NewProtect, OldProtect
  );
end;

// Dynamic version of NtPulseEvent
function  NtPulseEvent(
    EventHandle : HANDLE;
    PreviousState : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtPulseEvent, ntdll, 'NtPulseEvent');
  Result := TFNNtPulseEvent(_NtPulseEvent)(
    EventHandle, PreviousState
  );
end;

// Dynamic version of NtPulseEvent
function  ZwPulseEvent(
    EventHandle : HANDLE;
    PreviousState : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtPulseEvent, ntdll, 'NtPulseEvent');
  Result := TFNNtPulseEvent(_NtPulseEvent)(
    EventHandle, PreviousState
  );
end;

// Dynamic version of NtQueryAttributesFile
function  NtQueryAttributesFile(
    ObjectAttributes : POBJECT_ATTRIBUTES;
    FileInformation : PFILE_BASIC_INFORMATION
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryAttributesFile, ntdll, 'NtQueryAttributesFile');
  Result := TFNNtQueryAttributesFile(_NtQueryAttributesFile)(
    ObjectAttributes, FileInformation
  );
end;

// Dynamic version of NtQueryAttributesFile
function  ZwQueryAttributesFile(
    ObjectAttributes : POBJECT_ATTRIBUTES;
    FileInformation : PFILE_BASIC_INFORMATION
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryAttributesFile, ntdll, 'NtQueryAttributesFile');
  Result := TFNNtQueryAttributesFile(_NtQueryAttributesFile)(
    ObjectAttributes, FileInformation
  );
end;

// Dynamic version of NtQueryDefaultLocale
function  NtQueryDefaultLocale(
    ThreadOrSystem : BOOLEAN;
    Locale : PLCID
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryDefaultLocale, ntdll, 'NtQueryDefaultLocale');
  Result := TFNNtQueryDefaultLocale(_NtQueryDefaultLocale)(
    ThreadOrSystem, Locale
  );
end;

// Dynamic version of NtQueryDefaultLocale
function  ZwQueryDefaultLocale(
    ThreadOrSystem : BOOLEAN;
    Locale : PLCID
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryDefaultLocale, ntdll, 'NtQueryDefaultLocale');
  Result := TFNNtQueryDefaultLocale(_NtQueryDefaultLocale)(
    ThreadOrSystem, Locale
  );
end;

// Dynamic version of NtQueryDefaultUILanguage
function  NtQueryDefaultUILanguage(
    LanguageId : PLANGID
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryDefaultUILanguage, ntdll, 'NtQueryDefaultUILanguage');
  Result := TFNNtQueryDefaultUILanguage(_NtQueryDefaultUILanguage)(
    LanguageId
  );
end;

// Dynamic version of NtQueryDefaultUILanguage
function  ZwQueryDefaultUILanguage(
    LanguageId : PLANGID
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryDefaultUILanguage, ntdll, 'NtQueryDefaultUILanguage');
  Result := TFNNtQueryDefaultUILanguage(_NtQueryDefaultUILanguage)(
    LanguageId
  );
end;

// Dynamic version of NtQueryDirectoryFile
function  NtQueryDirectoryFile(
    FileHandle : HANDLE;
    Event : HANDLE;
    ApcRoutine : PIO_APC_ROUTINE;
    ApcContext : PVOID;
    IoStatusBlock : PIO_STATUS_BLOCK;
    FileInformation : PVOID;
    FileInformationLength : ULONG;
    FileInformationClass : FILE_INFORMATION_CLASS;
    ReturnSingleEntry : BOOLEAN;
    FileName : PUNICODE_STRING;
    RestartScan : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryDirectoryFile, ntdll, 'NtQueryDirectoryFile');
  Result := TFNNtQueryDirectoryFile(_NtQueryDirectoryFile)(
    FileHandle, Event, ApcRoutine, ApcContext, IoStatusBlock, FileInformation, FileInformationLength, FileInformationClass, ReturnSingleEntry, FileName, RestartScan
  );
end;

// Dynamic version of NtQueryDirectoryFile
function  ZwQueryDirectoryFile(
    FileHandle : HANDLE;
    Event : HANDLE;
    ApcRoutine : PIO_APC_ROUTINE;
    ApcContext : PVOID;
    IoStatusBlock : PIO_STATUS_BLOCK;
    FileInformation : PVOID;
    FileInformationLength : ULONG;
    FileInformationClass : FILE_INFORMATION_CLASS;
    ReturnSingleEntry : BOOLEAN;
    FileName : PUNICODE_STRING;
    RestartScan : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryDirectoryFile, ntdll, 'NtQueryDirectoryFile');
  Result := TFNNtQueryDirectoryFile(_NtQueryDirectoryFile)(
    FileHandle, Event, ApcRoutine, ApcContext, IoStatusBlock, FileInformation, FileInformationLength, FileInformationClass, ReturnSingleEntry, FileName, RestartScan
  );
end;

// Dynamic version of NtQueryDirectoryObject
function  NtQueryDirectoryObject(
    DirectoryHandle : HANDLE;
    Buffer : PVOID;
    BufferLength : ULONG;
    ReturnSingleEntry : BOOLEAN;
    RestartScan : BOOLEAN;
    Context : PULONG;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryDirectoryObject, ntdll, 'NtQueryDirectoryObject');
  Result := TFNNtQueryDirectoryObject(_NtQueryDirectoryObject)(
    DirectoryHandle, Buffer, BufferLength, ReturnSingleEntry, RestartScan, Context, ReturnLength
  );
end;

// Dynamic version of NtQueryDirectoryObject
function  ZwQueryDirectoryObject(
    DirectoryHandle : HANDLE;
    Buffer : PVOID;
    BufferLength : ULONG;
    ReturnSingleEntry : BOOLEAN;
    RestartScan : BOOLEAN;
    Context : PULONG;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryDirectoryObject, ntdll, 'NtQueryDirectoryObject');
  Result := TFNNtQueryDirectoryObject(_NtQueryDirectoryObject)(
    DirectoryHandle, Buffer, BufferLength, ReturnSingleEntry, RestartScan, Context, ReturnLength
  );
end;

// Dynamic version of NtQueryEaFile
function  NtQueryEaFile(
    FileHandle : HANDLE;
    IoStatusBlock : PIO_STATUS_BLOCK;
    Buffer : PFILE_FULL_EA_INFORMATION;
    BufferLength : ULONG;
    ReturnSingleEntry : BOOLEAN;
    EaList : PFILE_GET_EA_INFORMATION;
    EaListLength : ULONG;
    EaIndex : PULONG;
    RestartScan : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryEaFile, ntdll, 'NtQueryEaFile');
  Result := TFNNtQueryEaFile(_NtQueryEaFile)(
    FileHandle, IoStatusBlock, Buffer, BufferLength, ReturnSingleEntry, EaList, EaListLength, EaIndex, RestartScan
  );
end;

// Dynamic version of NtQueryEaFile
function  ZwQueryEaFile(
    FileHandle : HANDLE;
    IoStatusBlock : PIO_STATUS_BLOCK;
    Buffer : PFILE_FULL_EA_INFORMATION;
    BufferLength : ULONG;
    ReturnSingleEntry : BOOLEAN;
    EaList : PFILE_GET_EA_INFORMATION;
    EaListLength : ULONG;
    EaIndex : PULONG;
    RestartScan : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryEaFile, ntdll, 'NtQueryEaFile');
  Result := TFNNtQueryEaFile(_NtQueryEaFile)(
    FileHandle, IoStatusBlock, Buffer, BufferLength, ReturnSingleEntry, EaList, EaListLength, EaIndex, RestartScan
  );
end;

// Dynamic version of NtQueryEvent
function  NtQueryEvent(
    EventHandle : HANDLE;
    EventInformationClass : EVENT_INFORMATION_CLASS;
    EventInformation : PVOID;
    EventInformationLength : ULONG;
    ResultLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryEvent, ntdll, 'NtQueryEvent');
  Result := TFNNtQueryEvent(_NtQueryEvent)(
    EventHandle, EventInformationClass, EventInformation, EventInformationLength, ResultLength
  );
end;

// Dynamic version of NtQueryEvent
function  ZwQueryEvent(
    EventHandle : HANDLE;
    EventInformationClass : EVENT_INFORMATION_CLASS;
    EventInformation : PVOID;
    EventInformationLength : ULONG;
    ResultLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryEvent, ntdll, 'NtQueryEvent');
  Result := TFNNtQueryEvent(_NtQueryEvent)(
    EventHandle, EventInformationClass, EventInformation, EventInformationLength, ResultLength
  );
end;

// Dynamic version of NtQueryFullAttributesFile
function  NtQueryFullAttributesFile(
    ObjectAttributes : POBJECT_ATTRIBUTES;
    FileInformation : PFILE_NETWORK_OPEN_INFORMATION
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryFullAttributesFile, ntdll, 'NtQueryFullAttributesFile');
  Result := TFNNtQueryFullAttributesFile(_NtQueryFullAttributesFile)(
    ObjectAttributes, FileInformation
  );
end;

// Dynamic version of NtQueryFullAttributesFile
function  ZwQueryFullAttributesFile(
    ObjectAttributes : POBJECT_ATTRIBUTES;
    FileInformation : PFILE_NETWORK_OPEN_INFORMATION
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryFullAttributesFile, ntdll, 'NtQueryFullAttributesFile');
  Result := TFNNtQueryFullAttributesFile(_NtQueryFullAttributesFile)(
    ObjectAttributes, FileInformation
  );
end;

// Dynamic version of NtQueryInformationAtom
function  NtQueryInformationAtom(
    Atom : USHORT;
    AtomInformationClass : ATOM_INFORMATION_CLASS;
    AtomInformation : PVOID;
    AtomInformationLength : ULONG;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryInformationAtom, ntdll, 'NtQueryInformationAtom');
  Result := TFNNtQueryInformationAtom(_NtQueryInformationAtom)(
    Atom, AtomInformationClass, AtomInformation, AtomInformationLength, ReturnLength
  );
end;

// Dynamic version of NtQueryInformationAtom
function  ZwQueryInformationAtom(
    Atom : USHORT;
    AtomInformationClass : ATOM_INFORMATION_CLASS;
    AtomInformation : PVOID;
    AtomInformationLength : ULONG;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryInformationAtom, ntdll, 'NtQueryInformationAtom');
  Result := TFNNtQueryInformationAtom(_NtQueryInformationAtom)(
    Atom, AtomInformationClass, AtomInformation, AtomInformationLength, ReturnLength
  );
end;

// Dynamic version of NtQueryInformationFile
function  NtQueryInformationFile(
    FileHandle : HANDLE;
    IoStatusBlock : PIO_STATUS_BLOCK;
    FileInformation : PVOID;
    FileInformationLength : ULONG;
    FileInformationClass : FILE_INFORMATION_CLASS
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryInformationFile, ntdll, 'NtQueryInformationFile');
  Result := TFNNtQueryInformationFile(_NtQueryInformationFile)(
    FileHandle, IoStatusBlock, FileInformation, FileInformationLength, FileInformationClass
  );
end;

// Dynamic version of NtQueryInformationFile
function  ZwQueryInformationFile(
    FileHandle : HANDLE;
    IoStatusBlock : PIO_STATUS_BLOCK;
    FileInformation : PVOID;
    FileInformationLength : ULONG;
    FileInformationClass : FILE_INFORMATION_CLASS
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryInformationFile, ntdll, 'NtQueryInformationFile');
  Result := TFNNtQueryInformationFile(_NtQueryInformationFile)(
    FileHandle, IoStatusBlock, FileInformation, FileInformationLength, FileInformationClass
  );
end;

// Dynamic version of NtQueryInformationJobObject
function  NtQueryInformationJobObject(
    JobHandle : HANDLE;
    JobInformationClass : JOBOBJECTINFOCLASS;
    JobInformation : PVOID;
    JobInformationLength : ULONG;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryInformationJobObject, ntdll, 'NtQueryInformationJobObject');
  Result := TFNNtQueryInformationJobObject(_NtQueryInformationJobObject)(
    JobHandle, JobInformationClass, JobInformation, JobInformationLength, ReturnLength
  );
end;

// Dynamic version of NtQueryInformationJobObject
function  ZwQueryInformationJobObject(
    JobHandle : HANDLE;
    JobInformationClass : JOBOBJECTINFOCLASS;
    JobInformation : PVOID;
    JobInformationLength : ULONG;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryInformationJobObject, ntdll, 'NtQueryInformationJobObject');
  Result := TFNNtQueryInformationJobObject(_NtQueryInformationJobObject)(
    JobHandle, JobInformationClass, JobInformation, JobInformationLength, ReturnLength
  );
end;

// Dynamic version of NtQueryInformationPort
function  NtQueryInformationPort(
    PortHandle : HANDLE;
    PortInformationClass : PORT_INFORMATION_CLASS;
    PortInformation : PVOID;
    PortInformationLength : ULONG;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryInformationPort, ntdll, 'NtQueryInformationPort');
  Result := TFNNtQueryInformationPort(_NtQueryInformationPort)(
    PortHandle, PortInformationClass, PortInformation, PortInformationLength, ReturnLength
  );
end;

// Dynamic version of NtQueryInformationPort
function  ZwQueryInformationPort(
    PortHandle : HANDLE;
    PortInformationClass : PORT_INFORMATION_CLASS;
    PortInformation : PVOID;
    PortInformationLength : ULONG;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryInformationPort, ntdll, 'NtQueryInformationPort');
  Result := TFNNtQueryInformationPort(_NtQueryInformationPort)(
    PortHandle, PortInformationClass, PortInformation, PortInformationLength, ReturnLength
  );
end;

// Dynamic version of NtQueryInformationProcess
function  NtQueryInformationProcess(
    ProcessHandle : HANDLE;
    ProcessInformationClass : PROCESSINFOCLASS;
    ProcessInformation : PVOID;
    ProcessInformationLength : ULONG;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryInformationProcess, ntdll, 'NtQueryInformationProcess');
  Result := TFNNtQueryInformationProcess(_NtQueryInformationProcess)(
    ProcessHandle, ProcessInformationClass, ProcessInformation, ProcessInformationLength, ReturnLength
  );
end;

// Dynamic version of NtQueryInformationProcess
function  ZwQueryInformationProcess(
    ProcessHandle : HANDLE;
    ProcessInformationClass : PROCESSINFOCLASS;
    ProcessInformation : PVOID;
    ProcessInformationLength : ULONG;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryInformationProcess, ntdll, 'NtQueryInformationProcess');
  Result := TFNNtQueryInformationProcess(_NtQueryInformationProcess)(
    ProcessHandle, ProcessInformationClass, ProcessInformation, ProcessInformationLength, ReturnLength
  );
end;

// Dynamic version of NtQueryInformationThread
function  NtQueryInformationThread(
    ThreadHandle : HANDLE;
    ThreadInformationClass : THREADINFOCLASS;
    ThreadInformation : PVOID;
    ThreadInformationLength : ULONG;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryInformationThread, ntdll, 'NtQueryInformationThread');
  Result := TFNNtQueryInformationThread(_NtQueryInformationThread)(
    ThreadHandle, ThreadInformationClass, ThreadInformation, ThreadInformationLength, ReturnLength
  );
end;

// Dynamic version of NtQueryInformationThread
function  ZwQueryInformationThread(
    ThreadHandle : HANDLE;
    ThreadInformationClass : THREADINFOCLASS;
    ThreadInformation : PVOID;
    ThreadInformationLength : ULONG;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryInformationThread, ntdll, 'NtQueryInformationThread');
  Result := TFNNtQueryInformationThread(_NtQueryInformationThread)(
    ThreadHandle, ThreadInformationClass, ThreadInformation, ThreadInformationLength, ReturnLength
  );
end;

// Dynamic version of NtQueryInformationToken
function  NtQueryInformationToken(
    TokenHandle : HANDLE;
    TokenInformationClass : TOKEN_INFORMATION_CLASS;
    TokenInformation : PVOID;
    TokenInformationLength : ULONG;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryInformationToken, ntdll, 'NtQueryInformationToken');
  Result := TFNNtQueryInformationToken(_NtQueryInformationToken)(
    TokenHandle, TokenInformationClass, TokenInformation, TokenInformationLength, ReturnLength
  );
end;

// Dynamic version of NtQueryInformationToken
function  ZwQueryInformationToken(
    TokenHandle : HANDLE;
    TokenInformationClass : TOKEN_INFORMATION_CLASS;
    TokenInformation : PVOID;
    TokenInformationLength : ULONG;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryInformationToken, ntdll, 'NtQueryInformationToken');
  Result := TFNNtQueryInformationToken(_NtQueryInformationToken)(
    TokenHandle, TokenInformationClass, TokenInformation, TokenInformationLength, ReturnLength
  );
end;

// Dynamic version of NtQueryInstallUILanguage
function  NtQueryInstallUILanguage(
    LanguageId : PLANGID
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryInstallUILanguage, ntdll, 'NtQueryInstallUILanguage');
  Result := TFNNtQueryInstallUILanguage(_NtQueryInstallUILanguage)(
    LanguageId
  );
end;

// Dynamic version of NtQueryInstallUILanguage
function  ZwQueryInstallUILanguage(
    LanguageId : PLANGID
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryInstallUILanguage, ntdll, 'NtQueryInstallUILanguage');
  Result := TFNNtQueryInstallUILanguage(_NtQueryInstallUILanguage)(
    LanguageId
  );
end;

// Dynamic version of NtQueryIntervalProfile
function  NtQueryIntervalProfile(
    Source : KPROFILE_SOURCE;
    Interval : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryIntervalProfile, ntdll, 'NtQueryIntervalProfile');
  Result := TFNNtQueryIntervalProfile(_NtQueryIntervalProfile)(
    Source, Interval
  );
end;

// Dynamic version of NtQueryIntervalProfile
function  ZwQueryIntervalProfile(
    Source : KPROFILE_SOURCE;
    Interval : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryIntervalProfile, ntdll, 'NtQueryIntervalProfile');
  Result := TFNNtQueryIntervalProfile(_NtQueryIntervalProfile)(
    Source, Interval
  );
end;

// Dynamic version of NtQueryIoCompletion
function  NtQueryIoCompletion(
    IoCompletionHandle : HANDLE;
    IoCompletionInformationClass : IO_COMPLETION_INFORMATION_CLASS;
    IoCompletionInformation : PVOID;
    IoCompletionInformationLength : ULONG;
    ResultLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryIoCompletion, ntdll, 'NtQueryIoCompletion');
  Result := TFNNtQueryIoCompletion(_NtQueryIoCompletion)(
    IoCompletionHandle, IoCompletionInformationClass, IoCompletionInformation, IoCompletionInformationLength, ResultLength
  );
end;

// Dynamic version of NtQueryIoCompletion
function  ZwQueryIoCompletion(
    IoCompletionHandle : HANDLE;
    IoCompletionInformationClass : IO_COMPLETION_INFORMATION_CLASS;
    IoCompletionInformation : PVOID;
    IoCompletionInformationLength : ULONG;
    ResultLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryIoCompletion, ntdll, 'NtQueryIoCompletion');
  Result := TFNNtQueryIoCompletion(_NtQueryIoCompletion)(
    IoCompletionHandle, IoCompletionInformationClass, IoCompletionInformation, IoCompletionInformationLength, ResultLength
  );
end;

// Dynamic version of NtQueryKey
function  NtQueryKey(
    KeyHandle : HANDLE;
    KeyInformationClass : KEY_INFORMATION_CLASS;
    KeyInformation : PVOID;
    KeyInformationLength : ULONG;
    ResultLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryKey, ntdll, 'NtQueryKey');
  Result := TFNNtQueryKey(_NtQueryKey)(
    KeyHandle, KeyInformationClass, KeyInformation, KeyInformationLength, ResultLength
  );
end;

// Dynamic version of NtQueryKey
function  ZwQueryKey(
    KeyHandle : HANDLE;
    KeyInformationClass : KEY_INFORMATION_CLASS;
    KeyInformation : PVOID;
    KeyInformationLength : ULONG;
    ResultLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryKey, ntdll, 'NtQueryKey');
  Result := TFNNtQueryKey(_NtQueryKey)(
    KeyHandle, KeyInformationClass, KeyInformation, KeyInformationLength, ResultLength
  );
end;

// Dynamic version of NtQueryMultipleValueKey
function  NtQueryMultipleValueKey(
    KeyHandle : HANDLE;
    ValueList : PKEY_VALUE_ENTRY;
    NumberOfValues : ULONG;
    Buffer : PVOID;
    Length : PULONG;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryMultipleValueKey, ntdll, 'NtQueryMultipleValueKey');
  Result := TFNNtQueryMultipleValueKey(_NtQueryMultipleValueKey)(
    KeyHandle, ValueList, NumberOfValues, Buffer, Length, ReturnLength
  );
end;

// Dynamic version of NtQueryMultipleValueKey
function  ZwQueryMultipleValueKey(
    KeyHandle : HANDLE;
    ValueList : PKEY_VALUE_ENTRY;
    NumberOfValues : ULONG;
    Buffer : PVOID;
    Length : PULONG;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryMultipleValueKey, ntdll, 'NtQueryMultipleValueKey');
  Result := TFNNtQueryMultipleValueKey(_NtQueryMultipleValueKey)(
    KeyHandle, ValueList, NumberOfValues, Buffer, Length, ReturnLength
  );
end;

// Dynamic version of NtQueryMutant
function  NtQueryMutant(
    MutantHandle : HANDLE;
    MutantInformationClass : MUTANT_INFORMATION_CLASS;
    MutantInformation : PVOID;
    MutantInformationLength : ULONG;
    ResultLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryMutant, ntdll, 'NtQueryMutant');
  Result := TFNNtQueryMutant(_NtQueryMutant)(
    MutantHandle, MutantInformationClass, MutantInformation, MutantInformationLength, ResultLength
  );
end;

// Dynamic version of NtQueryMutant
function  ZwQueryMutant(
    MutantHandle : HANDLE;
    MutantInformationClass : MUTANT_INFORMATION_CLASS;
    MutantInformation : PVOID;
    MutantInformationLength : ULONG;
    ResultLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryMutant, ntdll, 'NtQueryMutant');
  Result := TFNNtQueryMutant(_NtQueryMutant)(
    MutantHandle, MutantInformationClass, MutantInformation, MutantInformationLength, ResultLength
  );
end;

// Dynamic version of NtQueryObject
function  NtQueryObject(
    ObjectHandle : HANDLE;
    ObjectInformationClass : OBJECT_INFORMATION_CLASS;
    ObjectInformation : PVOID;
    ObjectInformationLength : ULONG;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryObject, ntdll, 'NtQueryObject');
  Result := TFNNtQueryObject(_NtQueryObject)(
    ObjectHandle, ObjectInformationClass, ObjectInformation, ObjectInformationLength, ReturnLength
  );
end;

// Dynamic version of NtQueryObject
function  ZwQueryObject(
    ObjectHandle : HANDLE;
    ObjectInformationClass : OBJECT_INFORMATION_CLASS;
    ObjectInformation : PVOID;
    ObjectInformationLength : ULONG;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryObject, ntdll, 'NtQueryObject');
  Result := TFNNtQueryObject(_NtQueryObject)(
    ObjectHandle, ObjectInformationClass, ObjectInformation, ObjectInformationLength, ReturnLength
  );
end;

// Dynamic version of NtQueryOpenSubKeys
function  NtQueryOpenSubKeys(
    KeyObjectAttributes : POBJECT_ATTRIBUTES;
    NumberOfKey : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryOpenSubKeys, ntdll, 'NtQueryOpenSubKeys');
  Result := TFNNtQueryOpenSubKeys(_NtQueryOpenSubKeys)(
    KeyObjectAttributes, NumberOfKey
  );
end;

// Dynamic version of NtQueryOpenSubKeys
function  ZwQueryOpenSubKeys(
    KeyObjectAttributes : POBJECT_ATTRIBUTES;
    NumberOfKey : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryOpenSubKeys, ntdll, 'NtQueryOpenSubKeys');
  Result := TFNNtQueryOpenSubKeys(_NtQueryOpenSubKeys)(
    KeyObjectAttributes, NumberOfKey
  );
end;

// Dynamic version of NtQueryPerformanceCounter
function  NtQueryPerformanceCounter(
    PerformanceCount : PLARGE_INTEGER;
    PerformanceFrequency : PLARGE_INTEGER
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryPerformanceCounter, ntdll, 'NtQueryPerformanceCounter');
  Result := TFNNtQueryPerformanceCounter(_NtQueryPerformanceCounter)(
    PerformanceCount, PerformanceFrequency
  );
end;

// Dynamic version of NtQueryPerformanceCounter
function  ZwQueryPerformanceCounter(
    PerformanceCount : PLARGE_INTEGER;
    PerformanceFrequency : PLARGE_INTEGER
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryPerformanceCounter, ntdll, 'NtQueryPerformanceCounter');
  Result := TFNNtQueryPerformanceCounter(_NtQueryPerformanceCounter)(
    PerformanceCount, PerformanceFrequency
  );
end;

// Dynamic version of NtQueryPortInformationProcess
function  NtQueryPortInformationProcess(): ULONG; stdcall;
begin
  GetProcedureAddress(_NtQueryPortInformationProcess, ntdll, 'NtQueryPortInformationProcess');
  Result := TFNNtQueryPortInformationProcess(_NtQueryPortInformationProcess)();
end;

// Dynamic version of NtQueryPortInformationProcess
function  ZwQueryPortInformationProcess(): ULONG; stdcall;
begin
  GetProcedureAddress(_NtQueryPortInformationProcess, ntdll, 'NtQueryPortInformationProcess');
  Result := TFNNtQueryPortInformationProcess(_NtQueryPortInformationProcess)();
end;

// Dynamic version of NtQueryQuotaInformationFile
function  NtQueryQuotaInformationFile(
    FileHandle : HANDLE;
    IoStatusBlock : PIO_STATUS_BLOCK;
    Buffer : PFILE_USER_QUOTA_INFORMATION;
    BufferLength : ULONG;
    ReturnSingleEntry : BOOLEAN;
    QuotaList : PFILE_QUOTA_LIST_INFORMATION;
    QuotaListLength : ULONG;
    ResumeSid : PSID;
    RestartScan : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryQuotaInformationFile, ntdll, 'NtQueryQuotaInformationFile');
  Result := TFNNtQueryQuotaInformationFile(_NtQueryQuotaInformationFile)(
    FileHandle, IoStatusBlock, Buffer, BufferLength, ReturnSingleEntry, QuotaList, QuotaListLength, ResumeSid, RestartScan
  );
end;

// Dynamic version of NtQueryQuotaInformationFile
function  ZwQueryQuotaInformationFile(
    FileHandle : HANDLE;
    IoStatusBlock : PIO_STATUS_BLOCK;
    Buffer : PFILE_USER_QUOTA_INFORMATION;
    BufferLength : ULONG;
    ReturnSingleEntry : BOOLEAN;
    QuotaList : PFILE_QUOTA_LIST_INFORMATION;
    QuotaListLength : ULONG;
    ResumeSid : PSID;
    RestartScan : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryQuotaInformationFile, ntdll, 'NtQueryQuotaInformationFile');
  Result := TFNNtQueryQuotaInformationFile(_NtQueryQuotaInformationFile)(
    FileHandle, IoStatusBlock, Buffer, BufferLength, ReturnSingleEntry, QuotaList, QuotaListLength, ResumeSid, RestartScan
  );
end;

// Dynamic version of NtQuerySection
function  NtQuerySection(
    SectionHandle : HANDLE;
    SectionInformationClass : SECTION_INFORMATION_CLASS;
    SectionInformation : PVOID;
    SectionInformationLength : ULONG;
    ResultLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQuerySection, ntdll, 'NtQuerySection');
  Result := TFNNtQuerySection(_NtQuerySection)(
    SectionHandle, SectionInformationClass, SectionInformation, SectionInformationLength, ResultLength
  );
end;

// Dynamic version of NtQuerySection
function  ZwQuerySection(
    SectionHandle : HANDLE;
    SectionInformationClass : SECTION_INFORMATION_CLASS;
    SectionInformation : PVOID;
    SectionInformationLength : ULONG;
    ResultLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQuerySection, ntdll, 'NtQuerySection');
  Result := TFNNtQuerySection(_NtQuerySection)(
    SectionHandle, SectionInformationClass, SectionInformation, SectionInformationLength, ResultLength
  );
end;

// Dynamic version of NtQuerySecurityObject
function  NtQuerySecurityObject(
    Handle : HANDLE;
    RequestedInformation : SECURITY_INFORMATION;
    SecurityDescriptor : PSECURITY_DESCRIPTOR;
    SecurityDescriptorLength : ULONG;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQuerySecurityObject, ntdll, 'NtQuerySecurityObject');
  Result := TFNNtQuerySecurityObject(_NtQuerySecurityObject)(
    Handle, RequestedInformation, SecurityDescriptor, SecurityDescriptorLength, ReturnLength
  );
end;

// Dynamic version of NtQuerySecurityObject
function  ZwQuerySecurityObject(
    Handle : HANDLE;
    RequestedInformation : SECURITY_INFORMATION;
    SecurityDescriptor : PSECURITY_DESCRIPTOR;
    SecurityDescriptorLength : ULONG;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQuerySecurityObject, ntdll, 'NtQuerySecurityObject');
  Result := TFNNtQuerySecurityObject(_NtQuerySecurityObject)(
    Handle, RequestedInformation, SecurityDescriptor, SecurityDescriptorLength, ReturnLength
  );
end;

// Dynamic version of NtQuerySemaphore
function  NtQuerySemaphore(
    SemaphoreHandle : HANDLE;
    SemaphoreInformationClass : SEMAPHORE_INFORMATION_CLASS;
    SemaphoreInformation : PVOID;
    SemaphoreInformationLength : ULONG;
    ResultLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQuerySemaphore, ntdll, 'NtQuerySemaphore');
  Result := TFNNtQuerySemaphore(_NtQuerySemaphore)(
    SemaphoreHandle, SemaphoreInformationClass, SemaphoreInformation, SemaphoreInformationLength, ResultLength
  );
end;

// Dynamic version of NtQuerySemaphore
function  ZwQuerySemaphore(
    SemaphoreHandle : HANDLE;
    SemaphoreInformationClass : SEMAPHORE_INFORMATION_CLASS;
    SemaphoreInformation : PVOID;
    SemaphoreInformationLength : ULONG;
    ResultLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQuerySemaphore, ntdll, 'NtQuerySemaphore');
  Result := TFNNtQuerySemaphore(_NtQuerySemaphore)(
    SemaphoreHandle, SemaphoreInformationClass, SemaphoreInformation, SemaphoreInformationLength, ResultLength
  );
end;

// Dynamic version of NtQuerySymbolicLinkObject
function  NtQuerySymbolicLinkObject(
    SymbolicLinkHandle : HANDLE;
    TargetName : PUNICODE_STRING;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQuerySymbolicLinkObject, ntdll, 'NtQuerySymbolicLinkObject');
  Result := TFNNtQuerySymbolicLinkObject(_NtQuerySymbolicLinkObject)(
    SymbolicLinkHandle, TargetName, ReturnLength
  );
end;

// Dynamic version of NtQuerySymbolicLinkObject
function  ZwQuerySymbolicLinkObject(
    SymbolicLinkHandle : HANDLE;
    TargetName : PUNICODE_STRING;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQuerySymbolicLinkObject, ntdll, 'NtQuerySymbolicLinkObject');
  Result := TFNNtQuerySymbolicLinkObject(_NtQuerySymbolicLinkObject)(
    SymbolicLinkHandle, TargetName, ReturnLength
  );
end;

// Dynamic version of NtQuerySystemEnvironmentValue
function  NtQuerySystemEnvironmentValue(
    Name : PUNICODE_STRING;
    Value : PVOID;
    ValueLength : ULONG;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQuerySystemEnvironmentValue, ntdll, 'NtQuerySystemEnvironmentValue');
  Result := TFNNtQuerySystemEnvironmentValue(_NtQuerySystemEnvironmentValue)(
    Name, Value, ValueLength, ReturnLength
  );
end;

// Dynamic version of NtQuerySystemEnvironmentValue
function  ZwQuerySystemEnvironmentValue(
    Name : PUNICODE_STRING;
    Value : PVOID;
    ValueLength : ULONG;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQuerySystemEnvironmentValue, ntdll, 'NtQuerySystemEnvironmentValue');
  Result := TFNNtQuerySystemEnvironmentValue(_NtQuerySystemEnvironmentValue)(
    Name, Value, ValueLength, ReturnLength
  );
end;

// Dynamic version of NtQuerySystemInformation
function  NtQuerySystemInformation(
    SystemInformationClass : SYSTEM_INFORMATION_CLASS;
    SystemInformation : PVOID;
    SystemInformationLength : ULONG;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQuerySystemInformation, ntdll, 'NtQuerySystemInformation');
  Result := TFNNtQuerySystemInformation(_NtQuerySystemInformation)(
    SystemInformationClass, SystemInformation, SystemInformationLength, ReturnLength
  );
end;

// Dynamic version of NtQuerySystemInformation
function  ZwQuerySystemInformation(
    SystemInformationClass : SYSTEM_INFORMATION_CLASS;
    SystemInformation : PVOID;
    SystemInformationLength : ULONG;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQuerySystemInformation, ntdll, 'NtQuerySystemInformation');
  Result := TFNNtQuerySystemInformation(_NtQuerySystemInformation)(
    SystemInformationClass, SystemInformation, SystemInformationLength, ReturnLength
  );
end;

// Dynamic version of NtQuerySystemTime
function  NtQuerySystemTime(
    CurrentTime : PLARGE_INTEGER
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQuerySystemTime, ntdll, 'NtQuerySystemTime');
  Result := TFNNtQuerySystemTime(_NtQuerySystemTime)(
    CurrentTime
  );
end;

// Dynamic version of NtQuerySystemTime
function  ZwQuerySystemTime(
    CurrentTime : PLARGE_INTEGER
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQuerySystemTime, ntdll, 'NtQuerySystemTime');
  Result := TFNNtQuerySystemTime(_NtQuerySystemTime)(
    CurrentTime
  );
end;

// Dynamic version of NtQueryTimer
function  NtQueryTimer(
    TimerHandle : HANDLE;
    TimerInformationClass : TIMER_INFORMATION_CLASS;
    TimerInformation : PVOID;
    TimerInformationLength : ULONG;
    ResultLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryTimer, ntdll, 'NtQueryTimer');
  Result := TFNNtQueryTimer(_NtQueryTimer)(
    TimerHandle, TimerInformationClass, TimerInformation, TimerInformationLength, ResultLength
  );
end;

// Dynamic version of NtQueryTimer
function  ZwQueryTimer(
    TimerHandle : HANDLE;
    TimerInformationClass : TIMER_INFORMATION_CLASS;
    TimerInformation : PVOID;
    TimerInformationLength : ULONG;
    ResultLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryTimer, ntdll, 'NtQueryTimer');
  Result := TFNNtQueryTimer(_NtQueryTimer)(
    TimerHandle, TimerInformationClass, TimerInformation, TimerInformationLength, ResultLength
  );
end;

// Dynamic version of NtQueryTimerResolution
function  NtQueryTimerResolution(
    CoarsestResolution : PULONG;
    FinestResolution : PULONG;
    ActualResolution : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryTimerResolution, ntdll, 'NtQueryTimerResolution');
  Result := TFNNtQueryTimerResolution(_NtQueryTimerResolution)(
    CoarsestResolution, FinestResolution, ActualResolution
  );
end;

// Dynamic version of NtQueryTimerResolution
function  ZwQueryTimerResolution(
    CoarsestResolution : PULONG;
    FinestResolution : PULONG;
    ActualResolution : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryTimerResolution, ntdll, 'NtQueryTimerResolution');
  Result := TFNNtQueryTimerResolution(_NtQueryTimerResolution)(
    CoarsestResolution, FinestResolution, ActualResolution
  );
end;

// Dynamic version of NtQueryValueKey
function  NtQueryValueKey(
    KeyHandle : HANDLE;
    ValueName : PUNICODE_STRING;
    KeyValueInformationClass : KEY_VALUE_INFORMATION_CLASS;
    KeyValueInformation : PVOID;
    KeyValueInformationLength : ULONG;
    ResultLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryValueKey, ntdll, 'NtQueryValueKey');
  Result := TFNNtQueryValueKey(_NtQueryValueKey)(
    KeyHandle, ValueName, KeyValueInformationClass, KeyValueInformation, KeyValueInformationLength, ResultLength
  );
end;

// Dynamic version of NtQueryValueKey
function  ZwQueryValueKey(
    KeyHandle : HANDLE;
    ValueName : PUNICODE_STRING;
    KeyValueInformationClass : KEY_VALUE_INFORMATION_CLASS;
    KeyValueInformation : PVOID;
    KeyValueInformationLength : ULONG;
    ResultLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryValueKey, ntdll, 'NtQueryValueKey');
  Result := TFNNtQueryValueKey(_NtQueryValueKey)(
    KeyHandle, ValueName, KeyValueInformationClass, KeyValueInformation, KeyValueInformationLength, ResultLength
  );
end;

// Dynamic version of NtQueryVirtualMemory
function  NtQueryVirtualMemory(
    ProcessHandle : HANDLE;
    BaseAddress : PVOID;
    MemoryInformationClass : MEMORY_INFORMATION_CLASS;
    MemoryInformation : PVOID;
    MemoryInformationLength : ULONG;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryVirtualMemory, ntdll, 'NtQueryVirtualMemory');
  Result := TFNNtQueryVirtualMemory(_NtQueryVirtualMemory)(
    ProcessHandle, BaseAddress, MemoryInformationClass, MemoryInformation, MemoryInformationLength, ReturnLength
  );
end;

// Dynamic version of NtQueryVirtualMemory
function  ZwQueryVirtualMemory(
    ProcessHandle : HANDLE;
    BaseAddress : PVOID;
    MemoryInformationClass : MEMORY_INFORMATION_CLASS;
    MemoryInformation : PVOID;
    MemoryInformationLength : ULONG;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryVirtualMemory, ntdll, 'NtQueryVirtualMemory');
  Result := TFNNtQueryVirtualMemory(_NtQueryVirtualMemory)(
    ProcessHandle, BaseAddress, MemoryInformationClass, MemoryInformation, MemoryInformationLength, ReturnLength
  );
end;

// Dynamic version of NtQueryVolumeInformationFile
function  NtQueryVolumeInformationFile(
    FileHandle : HANDLE;
    IoStatusBlock : PIO_STATUS_BLOCK;
    VolumeInformation : PVOID;
    VolumeInformationLength : ULONG;
    VolumeInformationClass : FS_INFORMATION_CLASS
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryVolumeInformationFile, ntdll, 'NtQueryVolumeInformationFile');
  Result := TFNNtQueryVolumeInformationFile(_NtQueryVolumeInformationFile)(
    FileHandle, IoStatusBlock, VolumeInformation, VolumeInformationLength, VolumeInformationClass
  );
end;

// Dynamic version of NtQueryVolumeInformationFile
function  ZwQueryVolumeInformationFile(
    FileHandle : HANDLE;
    IoStatusBlock : PIO_STATUS_BLOCK;
    VolumeInformation : PVOID;
    VolumeInformationLength : ULONG;
    VolumeInformationClass : FS_INFORMATION_CLASS
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueryVolumeInformationFile, ntdll, 'NtQueryVolumeInformationFile');
  Result := TFNNtQueryVolumeInformationFile(_NtQueryVolumeInformationFile)(
    FileHandle, IoStatusBlock, VolumeInformation, VolumeInformationLength, VolumeInformationClass
  );
end;

// Dynamic version of NtQueueApcThread
function  NtQueueApcThread(
    ThreadHandle : HANDLE;
    ApcRoutine : PKNORMAL_ROUTINE;
    ApcContext : PVOID;
    Argument1 : PVOID;
    Argument2 : PVOID
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueueApcThread, ntdll, 'NtQueueApcThread');
  Result := TFNNtQueueApcThread(_NtQueueApcThread)(
    ThreadHandle, ApcRoutine, ApcContext, Argument1, Argument2
  );
end;

// Dynamic version of NtQueueApcThread
function  ZwQueueApcThread(
    ThreadHandle : HANDLE;
    ApcRoutine : PKNORMAL_ROUTINE;
    ApcContext : PVOID;
    Argument1 : PVOID;
    Argument2 : PVOID
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtQueueApcThread, ntdll, 'NtQueueApcThread');
  Result := TFNNtQueueApcThread(_NtQueueApcThread)(
    ThreadHandle, ApcRoutine, ApcContext, Argument1, Argument2
  );
end;

// Dynamic version of NtRaiseException
function  NtRaiseException(
    ExceptionRecord : PEXCEPTION_RECORD;
    Context : PCONTEXT;
    SearchFrames : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtRaiseException, ntdll, 'NtRaiseException');
  Result := TFNNtRaiseException(_NtRaiseException)(
    ExceptionRecord, Context, SearchFrames
  );
end;

// Dynamic version of NtRaiseException
function  ZwRaiseException(
    ExceptionRecord : PEXCEPTION_RECORD;
    Context : PCONTEXT;
    SearchFrames : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtRaiseException, ntdll, 'NtRaiseException');
  Result := TFNNtRaiseException(_NtRaiseException)(
    ExceptionRecord, Context, SearchFrames
  );
end;

// Dynamic version of NtRaiseHardError
function  NtRaiseHardError(
    Status : NTSTATUS;
    NumberOfArguments : ULONG;
    StringArgumentsMask : ULONG;
    Arguments : PULONG;
    MessageBoxType : ULONG;
    MessageBoxResult : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtRaiseHardError, ntdll, 'NtRaiseHardError');
  Result := TFNNtRaiseHardError(_NtRaiseHardError)(
    Status, NumberOfArguments, StringArgumentsMask, Arguments, MessageBoxType, MessageBoxResult
  );
end;

// Dynamic version of NtRaiseHardError
function  ZwRaiseHardError(
    Status : NTSTATUS;
    NumberOfArguments : ULONG;
    StringArgumentsMask : ULONG;
    Arguments : PULONG;
    MessageBoxType : ULONG;
    MessageBoxResult : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtRaiseHardError, ntdll, 'NtRaiseHardError');
  Result := TFNNtRaiseHardError(_NtRaiseHardError)(
    Status, NumberOfArguments, StringArgumentsMask, Arguments, MessageBoxType, MessageBoxResult
  );
end;

// Dynamic version of NtReadFile
function  NtReadFile(
    FileHandle : HANDLE;
    Event : HANDLE;
    ApcRoutine : PIO_APC_ROUTINE;
    ApcContext : PVOID;
    IoStatusBlock : PIO_STATUS_BLOCK;
    Buffer : PVOID;
    Length : ULONG;
    ByteOffset : PLARGE_INTEGER;
    Key : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtReadFile, ntdll, 'NtReadFile');
  Result := TFNNtReadFile(_NtReadFile)(
    FileHandle, Event, ApcRoutine, ApcContext, IoStatusBlock, Buffer, Length, ByteOffset, Key
  );
end;

// Dynamic version of NtReadFile
function  ZwReadFile(
    FileHandle : HANDLE;
    Event : HANDLE;
    ApcRoutine : PIO_APC_ROUTINE;
    ApcContext : PVOID;
    IoStatusBlock : PIO_STATUS_BLOCK;
    Buffer : PVOID;
    Length : ULONG;
    ByteOffset : PLARGE_INTEGER;
    Key : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtReadFile, ntdll, 'NtReadFile');
  Result := TFNNtReadFile(_NtReadFile)(
    FileHandle, Event, ApcRoutine, ApcContext, IoStatusBlock, Buffer, Length, ByteOffset, Key
  );
end;

// Dynamic version of NtReadFileScatter
function  NtReadFileScatter(
    FileHandle : HANDLE;
    Event : HANDLE;
    ApcRoutine : PIO_APC_ROUTINE;
    ApcContext : PVOID;
    IoStatusBlock : PIO_STATUS_BLOCK;
    Buffer : PFILE_SEGMENT_ELEMENT;
    Length : ULONG;
    ByteOffset : PLARGE_INTEGER;
    Key : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtReadFileScatter, ntdll, 'NtReadFileScatter');
  Result := TFNNtReadFileScatter(_NtReadFileScatter)(
    FileHandle, Event, ApcRoutine, ApcContext, IoStatusBlock, Buffer, Length, ByteOffset, Key
  );
end;

// Dynamic version of NtReadFileScatter
function  ZwReadFileScatter(
    FileHandle : HANDLE;
    Event : HANDLE;
    ApcRoutine : PIO_APC_ROUTINE;
    ApcContext : PVOID;
    IoStatusBlock : PIO_STATUS_BLOCK;
    Buffer : PFILE_SEGMENT_ELEMENT;
    Length : ULONG;
    ByteOffset : PLARGE_INTEGER;
    Key : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtReadFileScatter, ntdll, 'NtReadFileScatter');
  Result := TFNNtReadFileScatter(_NtReadFileScatter)(
    FileHandle, Event, ApcRoutine, ApcContext, IoStatusBlock, Buffer, Length, ByteOffset, Key
  );
end;

// Dynamic version of NtReadRequestData
function  NtReadRequestData(
    PortHandle : HANDLE;
    Message : PPORT_MESSAGE;
    Index : ULONG;
    Buffer : PVOID;
    BufferLength : ULONG;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtReadRequestData, ntdll, 'NtReadRequestData');
  Result := TFNNtReadRequestData(_NtReadRequestData)(
    PortHandle, Message, Index, Buffer, BufferLength, ReturnLength
  );
end;

// Dynamic version of NtReadRequestData
function  ZwReadRequestData(
    PortHandle : HANDLE;
    Message : PPORT_MESSAGE;
    Index : ULONG;
    Buffer : PVOID;
    BufferLength : ULONG;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtReadRequestData, ntdll, 'NtReadRequestData');
  Result := TFNNtReadRequestData(_NtReadRequestData)(
    PortHandle, Message, Index, Buffer, BufferLength, ReturnLength
  );
end;

// Dynamic version of NtReadVirtualMemory
function  NtReadVirtualMemory(
    ProcessHandle : HANDLE;
    BaseAddress : PVOID;
    Buffer : PVOID;
    BufferLength : ULONG;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtReadVirtualMemory, ntdll, 'NtReadVirtualMemory');
  Result := TFNNtReadVirtualMemory(_NtReadVirtualMemory)(
    ProcessHandle, BaseAddress, Buffer, BufferLength, ReturnLength
  );
end;

// Dynamic version of NtReadVirtualMemory
function  ZwReadVirtualMemory(
    ProcessHandle : HANDLE;
    BaseAddress : PVOID;
    Buffer : PVOID;
    BufferLength : ULONG;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtReadVirtualMemory, ntdll, 'NtReadVirtualMemory');
  Result := TFNNtReadVirtualMemory(_NtReadVirtualMemory)(
    ProcessHandle, BaseAddress, Buffer, BufferLength, ReturnLength
  );
end;

// Dynamic version of NtRegisterThreadTerminatePort
function  NtRegisterThreadTerminatePort(
    PortHandle : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtRegisterThreadTerminatePort, ntdll, 'NtRegisterThreadTerminatePort');
  Result := TFNNtRegisterThreadTerminatePort(_NtRegisterThreadTerminatePort)(
    PortHandle
  );
end;

// Dynamic version of NtRegisterThreadTerminatePort
function  ZwRegisterThreadTerminatePort(
    PortHandle : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtRegisterThreadTerminatePort, ntdll, 'NtRegisterThreadTerminatePort');
  Result := TFNNtRegisterThreadTerminatePort(_NtRegisterThreadTerminatePort)(
    PortHandle
  );
end;

// Dynamic version of NtReleaseMutant
function  NtReleaseMutant(
    MutantHandle : HANDLE;
    PreviousState : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtReleaseMutant, ntdll, 'NtReleaseMutant');
  Result := TFNNtReleaseMutant(_NtReleaseMutant)(
    MutantHandle, PreviousState
  );
end;

// Dynamic version of NtReleaseMutant
function  ZwReleaseMutant(
    MutantHandle : HANDLE;
    PreviousState : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtReleaseMutant, ntdll, 'NtReleaseMutant');
  Result := TFNNtReleaseMutant(_NtReleaseMutant)(
    MutantHandle, PreviousState
  );
end;

// Dynamic version of NtReleaseSemaphore
function  NtReleaseSemaphore(
    SemaphoreHandle : HANDLE;
    ReleaseCount : LONG;
    PreviousCount : PLONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtReleaseSemaphore, ntdll, 'NtReleaseSemaphore');
  Result := TFNNtReleaseSemaphore(_NtReleaseSemaphore)(
    SemaphoreHandle, ReleaseCount, PreviousCount
  );
end;

// Dynamic version of NtReleaseSemaphore
function  ZwReleaseSemaphore(
    SemaphoreHandle : HANDLE;
    ReleaseCount : LONG;
    PreviousCount : PLONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtReleaseSemaphore, ntdll, 'NtReleaseSemaphore');
  Result := TFNNtReleaseSemaphore(_NtReleaseSemaphore)(
    SemaphoreHandle, ReleaseCount, PreviousCount
  );
end;

// Dynamic version of NtRemoveIoCompletion
function  NtRemoveIoCompletion(
    IoCompletionHandle : HANDLE;
    CompletionKey : PULONG;
    CompletionValue : PULONG;
    IoStatusBlock : PIO_STATUS_BLOCK;
    Timeout : PLARGE_INTEGER
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtRemoveIoCompletion, ntdll, 'NtRemoveIoCompletion');
  Result := TFNNtRemoveIoCompletion(_NtRemoveIoCompletion)(
    IoCompletionHandle, CompletionKey, CompletionValue, IoStatusBlock, Timeout
  );
end;

// Dynamic version of NtRemoveIoCompletion
function  ZwRemoveIoCompletion(
    IoCompletionHandle : HANDLE;
    CompletionKey : PULONG;
    CompletionValue : PULONG;
    IoStatusBlock : PIO_STATUS_BLOCK;
    Timeout : PLARGE_INTEGER
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtRemoveIoCompletion, ntdll, 'NtRemoveIoCompletion');
  Result := TFNNtRemoveIoCompletion(_NtRemoveIoCompletion)(
    IoCompletionHandle, CompletionKey, CompletionValue, IoStatusBlock, Timeout
  );
end;

// Dynamic version of NtRemoveProcessDebug
function  NtRemoveProcessDebug(
    hProcess : HANDLE;
    hDebugObject : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtRemoveProcessDebug, ntdll, 'NtRemoveProcessDebug');
  Result := TFNNtRemoveProcessDebug(_NtRemoveProcessDebug)(
    hProcess, hDebugObject
  );
end;

// Dynamic version of NtRemoveProcessDebug
function  ZwRemoveProcessDebug(
    hProcess : HANDLE;
    hDebugObject : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtRemoveProcessDebug, ntdll, 'NtRemoveProcessDebug');
  Result := TFNNtRemoveProcessDebug(_NtRemoveProcessDebug)(
    hProcess, hDebugObject
  );
end;

// Dynamic version of NtReplaceKey
function  NtReplaceKey(
    NewFileObjectAttributes : POBJECT_ATTRIBUTES;
    KeyHandle : HANDLE;
    OldFileObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtReplaceKey, ntdll, 'NtReplaceKey');
  Result := TFNNtReplaceKey(_NtReplaceKey)(
    NewFileObjectAttributes, KeyHandle, OldFileObjectAttributes
  );
end;

// Dynamic version of NtReplaceKey
function  ZwReplaceKey(
    NewFileObjectAttributes : POBJECT_ATTRIBUTES;
    KeyHandle : HANDLE;
    OldFileObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtReplaceKey, ntdll, 'NtReplaceKey');
  Result := TFNNtReplaceKey(_NtReplaceKey)(
    NewFileObjectAttributes, KeyHandle, OldFileObjectAttributes
  );
end;

// Dynamic version of NtReplyPort
function  NtReplyPort(
    PortHandle : HANDLE;
    ReplyMessage : PPORT_MESSAGE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtReplyPort, ntdll, 'NtReplyPort');
  Result := TFNNtReplyPort(_NtReplyPort)(
    PortHandle, ReplyMessage
  );
end;

// Dynamic version of NtReplyPort
function  ZwReplyPort(
    PortHandle : HANDLE;
    ReplyMessage : PPORT_MESSAGE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtReplyPort, ntdll, 'NtReplyPort');
  Result := TFNNtReplyPort(_NtReplyPort)(
    PortHandle, ReplyMessage
  );
end;

// Dynamic version of NtReplyWaitReceivePort
function  NtReplyWaitReceivePort(
    PortHandle : HANDLE;
    PortIdentifier : PULONG;
    ReplyMessage : PPORT_MESSAGE;
    Message : PPORT_MESSAGE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtReplyWaitReceivePort, ntdll, 'NtReplyWaitReceivePort');
  Result := TFNNtReplyWaitReceivePort(_NtReplyWaitReceivePort)(
    PortHandle, PortIdentifier, ReplyMessage, Message
  );
end;

// Dynamic version of NtReplyWaitReceivePort
function  ZwReplyWaitReceivePort(
    PortHandle : HANDLE;
    PortIdentifier : PULONG;
    ReplyMessage : PPORT_MESSAGE;
    Message : PPORT_MESSAGE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtReplyWaitReceivePort, ntdll, 'NtReplyWaitReceivePort');
  Result := TFNNtReplyWaitReceivePort(_NtReplyWaitReceivePort)(
    PortHandle, PortIdentifier, ReplyMessage, Message
  );
end;

// Dynamic version of NtReplyWaitReceivePortEx
function  NtReplyWaitReceivePortEx(
    PortHandle : HANDLE;
    PortIdentifier : PULONG;
    ReplyMessage : PPORT_MESSAGE;
    Message : PPORT_MESSAGE;
    Timeout : PLARGE_INTEGER
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtReplyWaitReceivePortEx, ntdll, 'NtReplyWaitReceivePortEx');
  Result := TFNNtReplyWaitReceivePortEx(_NtReplyWaitReceivePortEx)(
    PortHandle, PortIdentifier, ReplyMessage, Message, Timeout
  );
end;

// Dynamic version of NtReplyWaitReceivePortEx
function  ZwReplyWaitReceivePortEx(
    PortHandle : HANDLE;
    PortIdentifier : PULONG;
    ReplyMessage : PPORT_MESSAGE;
    Message : PPORT_MESSAGE;
    Timeout : PLARGE_INTEGER
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtReplyWaitReceivePortEx, ntdll, 'NtReplyWaitReceivePortEx');
  Result := TFNNtReplyWaitReceivePortEx(_NtReplyWaitReceivePortEx)(
    PortHandle, PortIdentifier, ReplyMessage, Message, Timeout
  );
end;

// Dynamic version of NtReplyWaitReplyPort
function  NtReplyWaitReplyPort(
    PortHandle : HANDLE;
    ReplyMessage : PPORT_MESSAGE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtReplyWaitReplyPort, ntdll, 'NtReplyWaitReplyPort');
  Result := TFNNtReplyWaitReplyPort(_NtReplyWaitReplyPort)(
    PortHandle, ReplyMessage
  );
end;

// Dynamic version of NtReplyWaitReplyPort
function  ZwReplyWaitReplyPort(
    PortHandle : HANDLE;
    ReplyMessage : PPORT_MESSAGE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtReplyWaitReplyPort, ntdll, 'NtReplyWaitReplyPort');
  Result := TFNNtReplyWaitReplyPort(_NtReplyWaitReplyPort)(
    PortHandle, ReplyMessage
  );
end;

// Dynamic version of NtReplyWaitSendChannel
function  NtReplyWaitSendChannel(
    x : PVOID;
    y : PVOID;
    z : PVOID
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtReplyWaitSendChannel, ntdll, 'NtReplyWaitSendChannel');
  Result := TFNNtReplyWaitSendChannel(_NtReplyWaitSendChannel)(
    x, y, z
  );
end;

// Dynamic version of NtReplyWaitSendChannel
function  ZwReplyWaitSendChannel(
    x : PVOID;
    y : PVOID;
    z : PVOID
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtReplyWaitSendChannel, ntdll, 'NtReplyWaitSendChannel');
  Result := TFNNtReplyWaitSendChannel(_NtReplyWaitSendChannel)(
    x, y, z
  );
end;

// Dynamic version of NtRequestDeviceWakeup
function  NtRequestDeviceWakeup(
    DeviceHandle : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtRequestDeviceWakeup, ntdll, 'NtRequestDeviceWakeup');
  Result := TFNNtRequestDeviceWakeup(_NtRequestDeviceWakeup)(
    DeviceHandle
  );
end;

// Dynamic version of NtRequestDeviceWakeup
function  ZwRequestDeviceWakeup(
    DeviceHandle : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtRequestDeviceWakeup, ntdll, 'NtRequestDeviceWakeup');
  Result := TFNNtRequestDeviceWakeup(_NtRequestDeviceWakeup)(
    DeviceHandle
  );
end;

// Dynamic version of NtRequestPort
function  NtRequestPort(
    PortHandle : HANDLE;
    RequestMessage : PPORT_MESSAGE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtRequestPort, ntdll, 'NtRequestPort');
  Result := TFNNtRequestPort(_NtRequestPort)(
    PortHandle, RequestMessage
  );
end;

// Dynamic version of NtRequestPort
function  ZwRequestPort(
    PortHandle : HANDLE;
    RequestMessage : PPORT_MESSAGE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtRequestPort, ntdll, 'NtRequestPort');
  Result := TFNNtRequestPort(_NtRequestPort)(
    PortHandle, RequestMessage
  );
end;

// Dynamic version of NtRequestWaitReplyPort
function  NtRequestWaitReplyPort(
    PortHandle : HANDLE;
    RequestMessage : PPORT_MESSAGE;
    ReplyMessage : PPORT_MESSAGE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtRequestWaitReplyPort, ntdll, 'NtRequestWaitReplyPort');
  Result := TFNNtRequestWaitReplyPort(_NtRequestWaitReplyPort)(
    PortHandle, RequestMessage, ReplyMessage
  );
end;

// Dynamic version of NtRequestWaitReplyPort
function  ZwRequestWaitReplyPort(
    PortHandle : HANDLE;
    RequestMessage : PPORT_MESSAGE;
    ReplyMessage : PPORT_MESSAGE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtRequestWaitReplyPort, ntdll, 'NtRequestWaitReplyPort');
  Result := TFNNtRequestWaitReplyPort(_NtRequestWaitReplyPort)(
    PortHandle, RequestMessage, ReplyMessage
  );
end;

// Dynamic version of NtRequestWakeupLatency
function  NtRequestWakeupLatency(
    Latency : LATENCY_TIME
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtRequestWakeupLatency, ntdll, 'NtRequestWakeupLatency');
  Result := TFNNtRequestWakeupLatency(_NtRequestWakeupLatency)(
    Latency
  );
end;

// Dynamic version of NtRequestWakeupLatency
function  ZwRequestWakeupLatency(
    Latency : LATENCY_TIME
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtRequestWakeupLatency, ntdll, 'NtRequestWakeupLatency');
  Result := TFNNtRequestWakeupLatency(_NtRequestWakeupLatency)(
    Latency
  );
end;

// Dynamic version of NtResetEvent
function  NtResetEvent(
    EventHandle : HANDLE;
    PreviousState : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtResetEvent, ntdll, 'NtResetEvent');
  Result := TFNNtResetEvent(_NtResetEvent)(
    EventHandle, PreviousState
  );
end;

// Dynamic version of NtResetEvent
function  ZwResetEvent(
    EventHandle : HANDLE;
    PreviousState : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtResetEvent, ntdll, 'NtResetEvent');
  Result := TFNNtResetEvent(_NtResetEvent)(
    EventHandle, PreviousState
  );
end;

// Dynamic version of NtResetWriteWatch
function  NtResetWriteWatch(
    ProcessHandle : HANDLE;
    BaseAddress : PVOID;
    RegionSize : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtResetWriteWatch, ntdll, 'NtResetWriteWatch');
  Result := TFNNtResetWriteWatch(_NtResetWriteWatch)(
    ProcessHandle, BaseAddress, RegionSize
  );
end;

// Dynamic version of NtResetWriteWatch
function  ZwResetWriteWatch(
    ProcessHandle : HANDLE;
    BaseAddress : PVOID;
    RegionSize : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtResetWriteWatch, ntdll, 'NtResetWriteWatch');
  Result := TFNNtResetWriteWatch(_NtResetWriteWatch)(
    ProcessHandle, BaseAddress, RegionSize
  );
end;

// Dynamic version of NtRestoreKey
function  NtRestoreKey(
    KeyHandle : HANDLE;
    FileHandle : HANDLE;
    Flags : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtRestoreKey, ntdll, 'NtRestoreKey');
  Result := TFNNtRestoreKey(_NtRestoreKey)(
    KeyHandle, FileHandle, Flags
  );
end;

// Dynamic version of NtRestoreKey
function  ZwRestoreKey(
    KeyHandle : HANDLE;
    FileHandle : HANDLE;
    Flags : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtRestoreKey, ntdll, 'NtRestoreKey');
  Result := TFNNtRestoreKey(_NtRestoreKey)(
    KeyHandle, FileHandle, Flags
  );
end;

// Dynamic version of NtResumeProcess
function  NtResumeProcess(
    hProcess : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtResumeProcess, ntdll, 'NtResumeProcess');
  Result := TFNNtResumeProcess(_NtResumeProcess)(
    hProcess
  );
end;

// Dynamic version of NtResumeProcess
function  ZwResumeProcess(
    hProcess : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtResumeProcess, ntdll, 'NtResumeProcess');
  Result := TFNNtResumeProcess(_NtResumeProcess)(
    hProcess
  );
end;

// Dynamic version of NtResumeThread
function  NtResumeThread(
    hThread : HANDLE;
    dwResumeCount : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtResumeThread, ntdll, 'NtResumeThread');
  Result := TFNNtResumeThread(_NtResumeThread)(
    hThread, dwResumeCount
  );
end;

// Dynamic version of NtResumeThread
function  ZwResumeThread(
    hThread : HANDLE;
    dwResumeCount : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtResumeThread, ntdll, 'NtResumeThread');
  Result := TFNNtResumeThread(_NtResumeThread)(
    hThread, dwResumeCount
  );
end;

// Dynamic version of NtSaveKey
function  NtSaveKey(
    KeyHandle : HANDLE;
    FileHandle : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSaveKey, ntdll, 'NtSaveKey');
  Result := TFNNtSaveKey(_NtSaveKey)(
    KeyHandle, FileHandle
  );
end;

// Dynamic version of NtSaveKey
function  ZwSaveKey(
    KeyHandle : HANDLE;
    FileHandle : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSaveKey, ntdll, 'NtSaveKey');
  Result := TFNNtSaveKey(_NtSaveKey)(
    KeyHandle, FileHandle
  );
end;

// Dynamic version of NtSaveKeyEx
function  NtSaveKeyEx(
    KeyHandle : HANDLE;
    FileHandle : HANDLE;
    Flags : DWORD
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSaveKeyEx, ntdll, 'NtSaveKeyEx');
  Result := TFNNtSaveKeyEx(_NtSaveKeyEx)(
    KeyHandle, FileHandle, Flags
  );
end;

// Dynamic version of NtSaveKeyEx
function  ZwSaveKeyEx(
    KeyHandle : HANDLE;
    FileHandle : HANDLE;
    Flags : DWORD
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSaveKeyEx, ntdll, 'NtSaveKeyEx');
  Result := TFNNtSaveKeyEx(_NtSaveKeyEx)(
    KeyHandle, FileHandle, Flags
  );
end;

// Dynamic version of NtSaveMergedKeys
function  NtSaveMergedKeys(
    KeyHandle1 : HANDLE;
    KeyHandle2 : HANDLE;
    FileHandle : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSaveMergedKeys, ntdll, 'NtSaveMergedKeys');
  Result := TFNNtSaveMergedKeys(_NtSaveMergedKeys)(
    KeyHandle1, KeyHandle2, FileHandle
  );
end;

// Dynamic version of NtSaveMergedKeys
function  ZwSaveMergedKeys(
    KeyHandle1 : HANDLE;
    KeyHandle2 : HANDLE;
    FileHandle : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSaveMergedKeys, ntdll, 'NtSaveMergedKeys');
  Result := TFNNtSaveMergedKeys(_NtSaveMergedKeys)(
    KeyHandle1, KeyHandle2, FileHandle
  );
end;

// Dynamic version of NtSecureConnectPort
function  NtSecureConnectPort(
    PortHandle : PHANDLE;
    PortName : PUNICODE_STRING;
    SecurityQos : PSECURITY_QUALITY_OF_SERVICE;
    WriteSection : PPORT_SECTION_WRITE;
    ServerSid : PSID;
    ReadSection : PPORT_SECTION_READ;
    MaxMessageSize : PULONG;
    ConnectData : PVOID;
    ConnectDataLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSecureConnectPort, ntdll, 'NtSecureConnectPort');
  Result := TFNNtSecureConnectPort(_NtSecureConnectPort)(
    PortHandle, PortName, SecurityQos, WriteSection, ServerSid, ReadSection, MaxMessageSize, ConnectData, ConnectDataLength
  );
end;

// Dynamic version of NtSecureConnectPort
function  ZwSecureConnectPort(
    PortHandle : PHANDLE;
    PortName : PUNICODE_STRING;
    SecurityQos : PSECURITY_QUALITY_OF_SERVICE;
    WriteSection : PPORT_SECTION_WRITE;
    ServerSid : PSID;
    ReadSection : PPORT_SECTION_READ;
    MaxMessageSize : PULONG;
    ConnectData : PVOID;
    ConnectDataLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSecureConnectPort, ntdll, 'NtSecureConnectPort');
  Result := TFNNtSecureConnectPort(_NtSecureConnectPort)(
    PortHandle, PortName, SecurityQos, WriteSection, ServerSid, ReadSection, MaxMessageSize, ConnectData, ConnectDataLength
  );
end;

// Dynamic version of NtSendWaitReplyChannel
function  NtSendWaitReplyChannel(
    x : PVOID;
    y : PVOID;
    z : PVOID;
    z2 : PVOID
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSendWaitReplyChannel, ntdll, 'NtSendWaitReplyChannel');
  Result := TFNNtSendWaitReplyChannel(_NtSendWaitReplyChannel)(
    x, y, z, z2
  );
end;

// Dynamic version of NtSendWaitReplyChannel
function  ZwSendWaitReplyChannel(
    x : PVOID;
    y : PVOID;
    z : PVOID;
    z2 : PVOID
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSendWaitReplyChannel, ntdll, 'NtSendWaitReplyChannel');
  Result := TFNNtSendWaitReplyChannel(_NtSendWaitReplyChannel)(
    x, y, z, z2
  );
end;

// Dynamic version of NtSetContextChannel
function  NtSetContextChannel(
    x : PVOID
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetContextChannel, ntdll, 'NtSetContextChannel');
  Result := TFNNtSetContextChannel(_NtSetContextChannel)(
    x
  );
end;

// Dynamic version of NtSetContextChannel
function  ZwSetContextChannel(
    x : PVOID
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetContextChannel, ntdll, 'NtSetContextChannel');
  Result := TFNNtSetContextChannel(_NtSetContextChannel)(
    x
  );
end;

// Dynamic version of NtSetContextThread
function  NtSetContextThread(
    ThreadHandle : HANDLE;
    Context : PCONTEXT
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetContextThread, ntdll, 'NtSetContextThread');
  Result := TFNNtSetContextThread(_NtSetContextThread)(
    ThreadHandle, Context
  );
end;

// Dynamic version of NtSetContextThread
function  ZwSetContextThread(
    ThreadHandle : HANDLE;
    Context : PCONTEXT
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetContextThread, ntdll, 'NtSetContextThread');
  Result := TFNNtSetContextThread(_NtSetContextThread)(
    ThreadHandle, Context
  );
end;

// Dynamic version of NtSetDefaultHardErrorPort
function  NtSetDefaultHardErrorPort(
    PortHandle : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetDefaultHardErrorPort, ntdll, 'NtSetDefaultHardErrorPort');
  Result := TFNNtSetDefaultHardErrorPort(_NtSetDefaultHardErrorPort)(
    PortHandle
  );
end;

// Dynamic version of NtSetDefaultHardErrorPort
function  ZwSetDefaultHardErrorPort(
    PortHandle : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetDefaultHardErrorPort, ntdll, 'NtSetDefaultHardErrorPort');
  Result := TFNNtSetDefaultHardErrorPort(_NtSetDefaultHardErrorPort)(
    PortHandle
  );
end;

// Dynamic version of NtSetDefaultLocale
function  NtSetDefaultLocale(
    ThreadOrSystem : BOOLEAN;
    Locale : LCID
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetDefaultLocale, ntdll, 'NtSetDefaultLocale');
  Result := TFNNtSetDefaultLocale(_NtSetDefaultLocale)(
    ThreadOrSystem, Locale
  );
end;

// Dynamic version of NtSetDefaultLocale
function  ZwSetDefaultLocale(
    ThreadOrSystem : BOOLEAN;
    Locale : LCID
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetDefaultLocale, ntdll, 'NtSetDefaultLocale');
  Result := TFNNtSetDefaultLocale(_NtSetDefaultLocale)(
    ThreadOrSystem, Locale
  );
end;

// Dynamic version of NtSetDefaultUILanguage
function  NtSetDefaultUILanguage(
    LanguageId : LANGID
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetDefaultUILanguage, ntdll, 'NtSetDefaultUILanguage');
  Result := TFNNtSetDefaultUILanguage(_NtSetDefaultUILanguage)(
    LanguageId
  );
end;

// Dynamic version of NtSetDefaultUILanguage
function  ZwSetDefaultUILanguage(
    LanguageId : LANGID
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetDefaultUILanguage, ntdll, 'NtSetDefaultUILanguage');
  Result := TFNNtSetDefaultUILanguage(_NtSetDefaultUILanguage)(
    LanguageId
  );
end;

// Dynamic version of NtSetEaFile
function  NtSetEaFile(
    FileHandle : HANDLE;
    IoStatusBlock : PIO_STATUS_BLOCK;
    Buffer : PFILE_FULL_EA_INFORMATION;
    BufferLength : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetEaFile, ntdll, 'NtSetEaFile');
  Result := TFNNtSetEaFile(_NtSetEaFile)(
    FileHandle, IoStatusBlock, Buffer, BufferLength
  );
end;

// Dynamic version of NtSetEaFile
function  ZwSetEaFile(
    FileHandle : HANDLE;
    IoStatusBlock : PIO_STATUS_BLOCK;
    Buffer : PFILE_FULL_EA_INFORMATION;
    BufferLength : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetEaFile, ntdll, 'NtSetEaFile');
  Result := TFNNtSetEaFile(_NtSetEaFile)(
    FileHandle, IoStatusBlock, Buffer, BufferLength
  );
end;

// Dynamic version of NtSetEvent
function  NtSetEvent(
    EventHandle : HANDLE;
    PreviousState : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetEvent, ntdll, 'NtSetEvent');
  Result := TFNNtSetEvent(_NtSetEvent)(
    EventHandle, PreviousState
  );
end;

// Dynamic version of NtSetEvent
function  ZwSetEvent(
    EventHandle : HANDLE;
    PreviousState : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetEvent, ntdll, 'NtSetEvent');
  Result := TFNNtSetEvent(_NtSetEvent)(
    EventHandle, PreviousState
  );
end;

// Dynamic version of NtSetHighEventPair
function  NtSetHighEventPair(
    EventPairHandle : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetHighEventPair, ntdll, 'NtSetHighEventPair');
  Result := TFNNtSetHighEventPair(_NtSetHighEventPair)(
    EventPairHandle
  );
end;

// Dynamic version of NtSetHighEventPair
function  ZwSetHighEventPair(
    EventPairHandle : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetHighEventPair, ntdll, 'NtSetHighEventPair');
  Result := TFNNtSetHighEventPair(_NtSetHighEventPair)(
    EventPairHandle
  );
end;

// Dynamic version of NtSetHighWaitLowEventPair
function  NtSetHighWaitLowEventPair(
    EventPairHandle : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetHighWaitLowEventPair, ntdll, 'NtSetHighWaitLowEventPair');
  Result := TFNNtSetHighWaitLowEventPair(_NtSetHighWaitLowEventPair)(
    EventPairHandle
  );
end;

// Dynamic version of NtSetHighWaitLowEventPair
function  ZwSetHighWaitLowEventPair(
    EventPairHandle : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetHighWaitLowEventPair, ntdll, 'NtSetHighWaitLowEventPair');
  Result := TFNNtSetHighWaitLowEventPair(_NtSetHighWaitLowEventPair)(
    EventPairHandle
  );
end;

// Dynamic version of NtSetHighWaitLowThread
function  NtSetHighWaitLowThread(): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetHighWaitLowThread, ntdll, 'NtSetHighWaitLowThread');
  Result := TFNNtSetHighWaitLowThread(_NtSetHighWaitLowThread)();
end;

// Dynamic version of NtSetHighWaitLowThread
function  ZwSetHighWaitLowThread(): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetHighWaitLowThread, ntdll, 'NtSetHighWaitLowThread');
  Result := TFNNtSetHighWaitLowThread(_NtSetHighWaitLowThread)();
end;

// Dynamic version of NtSetInformationFile
function  NtSetInformationFile(
    FileHandle : HANDLE;
    IoStatusBlock : PIO_STATUS_BLOCK;
    FileInformation : PVOID;
    FileInformationLength : ULONG;
    FileInformationClass : FILE_INFORMATION_CLASS
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetInformationFile, ntdll, 'NtSetInformationFile');
  Result := TFNNtSetInformationFile(_NtSetInformationFile)(
    FileHandle, IoStatusBlock, FileInformation, FileInformationLength, FileInformationClass
  );
end;

// Dynamic version of NtSetInformationFile
function  ZwSetInformationFile(
    FileHandle : HANDLE;
    IoStatusBlock : PIO_STATUS_BLOCK;
    FileInformation : PVOID;
    FileInformationLength : ULONG;
    FileInformationClass : FILE_INFORMATION_CLASS
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetInformationFile, ntdll, 'NtSetInformationFile');
  Result := TFNNtSetInformationFile(_NtSetInformationFile)(
    FileHandle, IoStatusBlock, FileInformation, FileInformationLength, FileInformationClass
  );
end;

// Dynamic version of NtSetInformationJobObject
function  NtSetInformationJobObject(
    JobHandle : HANDLE;
    JobInformationClass : JOBOBJECTINFOCLASS;
    JobInformation : PVOID;
    JobInformationLength : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetInformationJobObject, ntdll, 'NtSetInformationJobObject');
  Result := TFNNtSetInformationJobObject(_NtSetInformationJobObject)(
    JobHandle, JobInformationClass, JobInformation, JobInformationLength
  );
end;

// Dynamic version of NtSetInformationJobObject
function  ZwSetInformationJobObject(
    JobHandle : HANDLE;
    JobInformationClass : JOBOBJECTINFOCLASS;
    JobInformation : PVOID;
    JobInformationLength : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetInformationJobObject, ntdll, 'NtSetInformationJobObject');
  Result := TFNNtSetInformationJobObject(_NtSetInformationJobObject)(
    JobHandle, JobInformationClass, JobInformation, JobInformationLength
  );
end;

// Dynamic version of NtSetInformationKey
function  NtSetInformationKey(
    KeyHandle : HANDLE;
    KeyInformationClass : KEY_SET_INFORMATION_CLASS;
    KeyInformation : PVOID;
    KeyInformationLength : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetInformationKey, ntdll, 'NtSetInformationKey');
  Result := TFNNtSetInformationKey(_NtSetInformationKey)(
    KeyHandle, KeyInformationClass, KeyInformation, KeyInformationLength
  );
end;

// Dynamic version of NtSetInformationKey
function  ZwSetInformationKey(
    KeyHandle : HANDLE;
    KeyInformationClass : KEY_SET_INFORMATION_CLASS;
    KeyInformation : PVOID;
    KeyInformationLength : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetInformationKey, ntdll, 'NtSetInformationKey');
  Result := TFNNtSetInformationKey(_NtSetInformationKey)(
    KeyHandle, KeyInformationClass, KeyInformation, KeyInformationLength
  );
end;

// Dynamic version of NtSetInformationObject
function  NtSetInformationObject(
    ObjectHandle : HANDLE;
    ObjectInformationClass : OBJECT_INFORMATION_CLASS;
    ObjectInformation : PVOID;
    ObjectInformationLength : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetInformationObject, ntdll, 'NtSetInformationObject');
  Result := TFNNtSetInformationObject(_NtSetInformationObject)(
    ObjectHandle, ObjectInformationClass, ObjectInformation, ObjectInformationLength
  );
end;

// Dynamic version of NtSetInformationObject
function  ZwSetInformationObject(
    ObjectHandle : HANDLE;
    ObjectInformationClass : OBJECT_INFORMATION_CLASS;
    ObjectInformation : PVOID;
    ObjectInformationLength : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetInformationObject, ntdll, 'NtSetInformationObject');
  Result := TFNNtSetInformationObject(_NtSetInformationObject)(
    ObjectHandle, ObjectInformationClass, ObjectInformation, ObjectInformationLength
  );
end;

// Dynamic version of NtSetInformationProcess
function  NtSetInformationProcess(
    ProcessHandle : HANDLE;
    ProcessInformationClass : PROCESSINFOCLASS;
    ProcessInformation : PVOID;
    ProcessInformationLength : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetInformationProcess, ntdll, 'NtSetInformationProcess');
  Result := TFNNtSetInformationProcess(_NtSetInformationProcess)(
    ProcessHandle, ProcessInformationClass, ProcessInformation, ProcessInformationLength
  );
end;

// Dynamic version of NtSetInformationProcess
function  ZwSetInformationProcess(
    ProcessHandle : HANDLE;
    ProcessInformationClass : PROCESSINFOCLASS;
    ProcessInformation : PVOID;
    ProcessInformationLength : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetInformationProcess, ntdll, 'NtSetInformationProcess');
  Result := TFNNtSetInformationProcess(_NtSetInformationProcess)(
    ProcessHandle, ProcessInformationClass, ProcessInformation, ProcessInformationLength
  );
end;

// Dynamic version of NtSetInformationThread
function  NtSetInformationThread(
    ThreadHandle : HANDLE;
    ThreadInformationClass : THREADINFOCLASS;
    ThreadInformation : PVOID;
    ThreadInformationLength : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetInformationThread, ntdll, 'NtSetInformationThread');
  Result := TFNNtSetInformationThread(_NtSetInformationThread)(
    ThreadHandle, ThreadInformationClass, ThreadInformation, ThreadInformationLength
  );
end;

// Dynamic version of NtSetInformationThread
function  ZwSetInformationThread(
    ThreadHandle : HANDLE;
    ThreadInformationClass : THREADINFOCLASS;
    ThreadInformation : PVOID;
    ThreadInformationLength : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetInformationThread, ntdll, 'NtSetInformationThread');
  Result := TFNNtSetInformationThread(_NtSetInformationThread)(
    ThreadHandle, ThreadInformationClass, ThreadInformation, ThreadInformationLength
  );
end;

// Dynamic version of NtSetInformationToken
function  NtSetInformationToken(
    TokenHandle : HANDLE;
    TokenInformationClass : TOKEN_INFORMATION_CLASS;
    TokenInformation : PVOID;
    TokenInformationLength : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetInformationToken, ntdll, 'NtSetInformationToken');
  Result := TFNNtSetInformationToken(_NtSetInformationToken)(
    TokenHandle, TokenInformationClass, TokenInformation, TokenInformationLength
  );
end;

// Dynamic version of NtSetInformationToken
function  ZwSetInformationToken(
    TokenHandle : HANDLE;
    TokenInformationClass : TOKEN_INFORMATION_CLASS;
    TokenInformation : PVOID;
    TokenInformationLength : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetInformationToken, ntdll, 'NtSetInformationToken');
  Result := TFNNtSetInformationToken(_NtSetInformationToken)(
    TokenHandle, TokenInformationClass, TokenInformation, TokenInformationLength
  );
end;

// Dynamic version of NtSetIntervalProfile
function  NtSetIntervalProfile(
    Interval : ULONG;
    Source : KPROFILE_SOURCE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetIntervalProfile, ntdll, 'NtSetIntervalProfile');
  Result := TFNNtSetIntervalProfile(_NtSetIntervalProfile)(
    Interval, Source
  );
end;

// Dynamic version of NtSetIntervalProfile
function  ZwSetIntervalProfile(
    Interval : ULONG;
    Source : KPROFILE_SOURCE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetIntervalProfile, ntdll, 'NtSetIntervalProfile');
  Result := TFNNtSetIntervalProfile(_NtSetIntervalProfile)(
    Interval, Source
  );
end;

// Dynamic version of NtSetIoCompletion
function  NtSetIoCompletion(
    IoCompletionHandle : HANDLE;
    CompletionKey : ULONG;
    CompletionValue : ULONG;
    Status : NTSTATUS;
    Information : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetIoCompletion, ntdll, 'NtSetIoCompletion');
  Result := TFNNtSetIoCompletion(_NtSetIoCompletion)(
    IoCompletionHandle, CompletionKey, CompletionValue, Status, Information
  );
end;

// Dynamic version of NtSetIoCompletion
function  ZwSetIoCompletion(
    IoCompletionHandle : HANDLE;
    CompletionKey : ULONG;
    CompletionValue : ULONG;
    Status : NTSTATUS;
    Information : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetIoCompletion, ntdll, 'NtSetIoCompletion');
  Result := TFNNtSetIoCompletion(_NtSetIoCompletion)(
    IoCompletionHandle, CompletionKey, CompletionValue, Status, Information
  );
end;

// Dynamic version of NtSetLdtEntries
function  NtSetLdtEntries(
    Selector1 : ULONG;
    LdtEntry1 : LDT_ENTRY;
    Selector2 : ULONG;
    LdtEntry2 : LDT_ENTRY
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetLdtEntries, ntdll, 'NtSetLdtEntries');
  Result := TFNNtSetLdtEntries(_NtSetLdtEntries)(
    Selector1, LdtEntry1, Selector2, LdtEntry2
  );
end;

// Dynamic version of NtSetLdtEntries
function  ZwSetLdtEntries(
    Selector1 : ULONG;
    LdtEntry1 : LDT_ENTRY;
    Selector2 : ULONG;
    LdtEntry2 : LDT_ENTRY
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetLdtEntries, ntdll, 'NtSetLdtEntries');
  Result := TFNNtSetLdtEntries(_NtSetLdtEntries)(
    Selector1, LdtEntry1, Selector2, LdtEntry2
  );
end;

// Dynamic version of NtSetLowEventPair
function  NtSetLowEventPair(
    EventPairHandle : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetLowEventPair, ntdll, 'NtSetLowEventPair');
  Result := TFNNtSetLowEventPair(_NtSetLowEventPair)(
    EventPairHandle
  );
end;

// Dynamic version of NtSetLowEventPair
function  ZwSetLowEventPair(
    EventPairHandle : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetLowEventPair, ntdll, 'NtSetLowEventPair');
  Result := TFNNtSetLowEventPair(_NtSetLowEventPair)(
    EventPairHandle
  );
end;

// Dynamic version of NtSetLowWaitHighEventPair
function  NtSetLowWaitHighEventPair(
    EventPairHandle : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetLowWaitHighEventPair, ntdll, 'NtSetLowWaitHighEventPair');
  Result := TFNNtSetLowWaitHighEventPair(_NtSetLowWaitHighEventPair)(
    EventPairHandle
  );
end;

// Dynamic version of NtSetLowWaitHighEventPair
function  ZwSetLowWaitHighEventPair(
    EventPairHandle : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetLowWaitHighEventPair, ntdll, 'NtSetLowWaitHighEventPair');
  Result := TFNNtSetLowWaitHighEventPair(_NtSetLowWaitHighEventPair)(
    EventPairHandle
  );
end;

// Dynamic version of NtSetLowWaitHighThread
function  NtSetLowWaitHighThread(): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetLowWaitHighThread, ntdll, 'NtSetLowWaitHighThread');
  Result := TFNNtSetLowWaitHighThread(_NtSetLowWaitHighThread)();
end;

// Dynamic version of NtSetLowWaitHighThread
function  ZwSetLowWaitHighThread(): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetLowWaitHighThread, ntdll, 'NtSetLowWaitHighThread');
  Result := TFNNtSetLowWaitHighThread(_NtSetLowWaitHighThread)();
end;

// Dynamic version of NtSetQuotaInformationFile
function  NtSetQuotaInformationFile(
    FileHandle : HANDLE;
    IoStatusBlock : PIO_STATUS_BLOCK;
    Buffer : PFILE_USER_QUOTA_INFORMATION;
    BufferLength : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetQuotaInformationFile, ntdll, 'NtSetQuotaInformationFile');
  Result := TFNNtSetQuotaInformationFile(_NtSetQuotaInformationFile)(
    FileHandle, IoStatusBlock, Buffer, BufferLength
  );
end;

// Dynamic version of NtSetQuotaInformationFile
function  ZwSetQuotaInformationFile(
    FileHandle : HANDLE;
    IoStatusBlock : PIO_STATUS_BLOCK;
    Buffer : PFILE_USER_QUOTA_INFORMATION;
    BufferLength : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetQuotaInformationFile, ntdll, 'NtSetQuotaInformationFile');
  Result := TFNNtSetQuotaInformationFile(_NtSetQuotaInformationFile)(
    FileHandle, IoStatusBlock, Buffer, BufferLength
  );
end;

// Dynamic version of NtSetSecurityObject
function  NtSetSecurityObject(
    Handle : HANDLE;
    SecurityInformation : SECURITY_INFORMATION;
    SecurityDescriptor : PSECURITY_DESCRIPTOR
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetSecurityObject, ntdll, 'NtSetSecurityObject');
  Result := TFNNtSetSecurityObject(_NtSetSecurityObject)(
    Handle, SecurityInformation, SecurityDescriptor
  );
end;

// Dynamic version of NtSetSecurityObject
function  ZwSetSecurityObject(
    Handle : HANDLE;
    SecurityInformation : SECURITY_INFORMATION;
    SecurityDescriptor : PSECURITY_DESCRIPTOR
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetSecurityObject, ntdll, 'NtSetSecurityObject');
  Result := TFNNtSetSecurityObject(_NtSetSecurityObject)(
    Handle, SecurityInformation, SecurityDescriptor
  );
end;

// Dynamic version of NtSetSystemEnvironmentValue
function  NtSetSystemEnvironmentValue(
    Name : PUNICODE_STRING;
    Value : PUNICODE_STRING
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetSystemEnvironmentValue, ntdll, 'NtSetSystemEnvironmentValue');
  Result := TFNNtSetSystemEnvironmentValue(_NtSetSystemEnvironmentValue)(
    Name, Value
  );
end;

// Dynamic version of NtSetSystemEnvironmentValue
function  ZwSetSystemEnvironmentValue(
    Name : PUNICODE_STRING;
    Value : PUNICODE_STRING
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetSystemEnvironmentValue, ntdll, 'NtSetSystemEnvironmentValue');
  Result := TFNNtSetSystemEnvironmentValue(_NtSetSystemEnvironmentValue)(
    Name, Value
  );
end;

// Dynamic version of NtSetSystemInformation
function  NtSetSystemInformation(
    SystemInformationClass : SYSTEM_INFORMATION_CLASS;
    SystemInformation : PVOID;
    SystemInformationLength : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetSystemInformation, ntdll, 'NtSetSystemInformation');
  Result := TFNNtSetSystemInformation(_NtSetSystemInformation)(
    SystemInformationClass, SystemInformation, SystemInformationLength
  );
end;

// Dynamic version of NtSetSystemInformation
function  ZwSetSystemInformation(
    SystemInformationClass : SYSTEM_INFORMATION_CLASS;
    SystemInformation : PVOID;
    SystemInformationLength : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetSystemInformation, ntdll, 'NtSetSystemInformation');
  Result := TFNNtSetSystemInformation(_NtSetSystemInformation)(
    SystemInformationClass, SystemInformation, SystemInformationLength
  );
end;

// Dynamic version of NtSetSystemPowerState
function  NtSetSystemPowerState(
    SystemAction : POWER_ACTION;
    MinSystemState : SYSTEM_POWER_STATE;
    Flags : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetSystemPowerState, ntdll, 'NtSetSystemPowerState');
  Result := TFNNtSetSystemPowerState(_NtSetSystemPowerState)(
    SystemAction, MinSystemState, Flags
  );
end;

// Dynamic version of NtSetSystemPowerState
function  ZwSetSystemPowerState(
    SystemAction : POWER_ACTION;
    MinSystemState : SYSTEM_POWER_STATE;
    Flags : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetSystemPowerState, ntdll, 'NtSetSystemPowerState');
  Result := TFNNtSetSystemPowerState(_NtSetSystemPowerState)(
    SystemAction, MinSystemState, Flags
  );
end;

// Dynamic version of NtSetSystemTime
function  NtSetSystemTime(
    NewTime : PLARGE_INTEGER;
    OldTime : PLARGE_INTEGER
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetSystemTime, ntdll, 'NtSetSystemTime');
  Result := TFNNtSetSystemTime(_NtSetSystemTime)(
    NewTime, OldTime
  );
end;

// Dynamic version of NtSetSystemTime
function  ZwSetSystemTime(
    NewTime : PLARGE_INTEGER;
    OldTime : PLARGE_INTEGER
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetSystemTime, ntdll, 'NtSetSystemTime');
  Result := TFNNtSetSystemTime(_NtSetSystemTime)(
    NewTime, OldTime
  );
end;

// Dynamic version of NtSetThreadExecutionState
function  NtSetThreadExecutionState(
    ExecutionState : EXECUTION_STATE;
    PreviousExecutionState : PEXECUTION_STATE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetThreadExecutionState, ntdll, 'NtSetThreadExecutionState');
  Result := TFNNtSetThreadExecutionState(_NtSetThreadExecutionState)(
    ExecutionState, PreviousExecutionState
  );
end;

// Dynamic version of NtSetThreadExecutionState
function  ZwSetThreadExecutionState(
    ExecutionState : EXECUTION_STATE;
    PreviousExecutionState : PEXECUTION_STATE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetThreadExecutionState, ntdll, 'NtSetThreadExecutionState');
  Result := TFNNtSetThreadExecutionState(_NtSetThreadExecutionState)(
    ExecutionState, PreviousExecutionState
  );
end;

// Dynamic version of NtSetTimer
function  NtSetTimer(
    TimerHandle : HANDLE;
    DueTime : PLARGE_INTEGER;
    TimerApcRoutine : PTIMER_APC_ROUTINE;
    TimerContext : PVOID;
    Resume : BOOLEAN;
    Period : LONG;
    PreviousState : PBOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetTimer, ntdll, 'NtSetTimer');
  Result := TFNNtSetTimer(_NtSetTimer)(
    TimerHandle, DueTime, TimerApcRoutine, TimerContext, Resume, Period, PreviousState
  );
end;

// Dynamic version of NtSetTimer
function  ZwSetTimer(
    TimerHandle : HANDLE;
    DueTime : PLARGE_INTEGER;
    TimerApcRoutine : PTIMER_APC_ROUTINE;
    TimerContext : PVOID;
    Resume : BOOLEAN;
    Period : LONG;
    PreviousState : PBOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetTimer, ntdll, 'NtSetTimer');
  Result := TFNNtSetTimer(_NtSetTimer)(
    TimerHandle, DueTime, TimerApcRoutine, TimerContext, Resume, Period, PreviousState
  );
end;

// Dynamic version of NtSetTimerResolution
function  NtSetTimerResolution(
    RequestedResolution : ULONG;
    Set_ : BOOLEAN;
    ActualResolution : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetTimerResolution, ntdll, 'NtSetTimerResolution');
  Result := TFNNtSetTimerResolution(_NtSetTimerResolution)(
    RequestedResolution, Set_, ActualResolution
  );
end;

// Dynamic version of NtSetTimerResolution
function  ZwSetTimerResolution(
    RequestedResolution : ULONG;
    Set_ : BOOLEAN;
    ActualResolution : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetTimerResolution, ntdll, 'NtSetTimerResolution');
  Result := TFNNtSetTimerResolution(_NtSetTimerResolution)(
    RequestedResolution, Set_, ActualResolution
  );
end;

// Dynamic version of NtSetUuidSeed
function  NtSetUuidSeed(
    UuidSeed : PUCHAR
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetUuidSeed, ntdll, 'NtSetUuidSeed');
  Result := TFNNtSetUuidSeed(_NtSetUuidSeed)(
    UuidSeed
  );
end;

// Dynamic version of NtSetUuidSeed
function  ZwSetUuidSeed(
    UuidSeed : PUCHAR
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetUuidSeed, ntdll, 'NtSetUuidSeed');
  Result := TFNNtSetUuidSeed(_NtSetUuidSeed)(
    UuidSeed
  );
end;

// Dynamic version of NtSetValueKey
function  NtSetValueKey(
    KeyHandle : HANDLE;
    ValueName : PUNICODE_STRING;
    TitleIndex : ULONG;
    Type_ : ULONG;
    Data : PVOID;
    DataSize : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetValueKey, ntdll, 'NtSetValueKey');
  Result := TFNNtSetValueKey(_NtSetValueKey)(
    KeyHandle, ValueName, TitleIndex, Type_, Data, DataSize
  );
end;

// Dynamic version of NtSetValueKey
function  ZwSetValueKey(
    KeyHandle : HANDLE;
    ValueName : PUNICODE_STRING;
    TitleIndex : ULONG;
    Type_ : ULONG;
    Data : PVOID;
    DataSize : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetValueKey, ntdll, 'NtSetValueKey');
  Result := TFNNtSetValueKey(_NtSetValueKey)(
    KeyHandle, ValueName, TitleIndex, Type_, Data, DataSize
  );
end;

// Dynamic version of NtSetVolumeInformationFile
function  NtSetVolumeInformationFile(
    FileHandle : HANDLE;
    IoStatusBlock : PIO_STATUS_BLOCK;
    Buffer : PVOID;
    BufferLength : ULONG;
    VolumeInformationClass : FS_INFORMATION_CLASS
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetVolumeInformationFile, ntdll, 'NtSetVolumeInformationFile');
  Result := TFNNtSetVolumeInformationFile(_NtSetVolumeInformationFile)(
    FileHandle, IoStatusBlock, Buffer, BufferLength, VolumeInformationClass
  );
end;

// Dynamic version of NtSetVolumeInformationFile
function  ZwSetVolumeInformationFile(
    FileHandle : HANDLE;
    IoStatusBlock : PIO_STATUS_BLOCK;
    Buffer : PVOID;
    BufferLength : ULONG;
    VolumeInformationClass : FS_INFORMATION_CLASS
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSetVolumeInformationFile, ntdll, 'NtSetVolumeInformationFile');
  Result := TFNNtSetVolumeInformationFile(_NtSetVolumeInformationFile)(
    FileHandle, IoStatusBlock, Buffer, BufferLength, VolumeInformationClass
  );
end;

// Dynamic version of NtShutdownSystem
function  NtShutdownSystem(
    Action : SHUTDOWN_ACTION
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtShutdownSystem, ntdll, 'NtShutdownSystem');
  Result := TFNNtShutdownSystem(_NtShutdownSystem)(
    Action
  );
end;

// Dynamic version of NtShutdownSystem
function  ZwShutdownSystem(
    Action : SHUTDOWN_ACTION
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtShutdownSystem, ntdll, 'NtShutdownSystem');
  Result := TFNNtShutdownSystem(_NtShutdownSystem)(
    Action
  );
end;

// Dynamic version of NtSignalAndWaitForSingleObject
function  NtSignalAndWaitForSingleObject(
    HandleToSignal : HANDLE;
    HandleToWait : HANDLE;
    Alertable : BOOLEAN;
    Timeout : PLARGE_INTEGER
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSignalAndWaitForSingleObject, ntdll, 'NtSignalAndWaitForSingleObject');
  Result := TFNNtSignalAndWaitForSingleObject(_NtSignalAndWaitForSingleObject)(
    HandleToSignal, HandleToWait, Alertable, Timeout
  );
end;

// Dynamic version of NtSignalAndWaitForSingleObject
function  ZwSignalAndWaitForSingleObject(
    HandleToSignal : HANDLE;
    HandleToWait : HANDLE;
    Alertable : BOOLEAN;
    Timeout : PLARGE_INTEGER
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSignalAndWaitForSingleObject, ntdll, 'NtSignalAndWaitForSingleObject');
  Result := TFNNtSignalAndWaitForSingleObject(_NtSignalAndWaitForSingleObject)(
    HandleToSignal, HandleToWait, Alertable, Timeout
  );
end;

// Dynamic version of NtStartProfile
function  NtStartProfile(
    ProfileHandle : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtStartProfile, ntdll, 'NtStartProfile');
  Result := TFNNtStartProfile(_NtStartProfile)(
    ProfileHandle
  );
end;

// Dynamic version of NtStartProfile
function  ZwStartProfile(
    ProfileHandle : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtStartProfile, ntdll, 'NtStartProfile');
  Result := TFNNtStartProfile(_NtStartProfile)(
    ProfileHandle
  );
end;

// Dynamic version of NtStopProfile
function  NtStopProfile(
    ProfileHandle : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtStopProfile, ntdll, 'NtStopProfile');
  Result := TFNNtStopProfile(_NtStopProfile)(
    ProfileHandle
  );
end;

// Dynamic version of NtStopProfile
function  ZwStopProfile(
    ProfileHandle : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtStopProfile, ntdll, 'NtStopProfile');
  Result := TFNNtStopProfile(_NtStopProfile)(
    ProfileHandle
  );
end;

// Dynamic version of NtSuspendProcess
function  NtSuspendProcess(
    hProcess : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSuspendProcess, ntdll, 'NtSuspendProcess');
  Result := TFNNtSuspendProcess(_NtSuspendProcess)(
    hProcess
  );
end;

// Dynamic version of NtSuspendProcess
function  ZwSuspendProcess(
    hProcess : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSuspendProcess, ntdll, 'NtSuspendProcess');
  Result := TFNNtSuspendProcess(_NtSuspendProcess)(
    hProcess
  );
end;

// Dynamic version of NtSuspendThread
function  NtSuspendThread(
    hThread : HANDLE;
    dwLastResumeCount : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSuspendThread, ntdll, 'NtSuspendThread');
  Result := TFNNtSuspendThread(_NtSuspendThread)(
    hThread, dwLastResumeCount
  );
end;

// Dynamic version of NtSuspendThread
function  ZwSuspendThread(
    hThread : HANDLE;
    dwLastResumeCount : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSuspendThread, ntdll, 'NtSuspendThread');
  Result := TFNNtSuspendThread(_NtSuspendThread)(
    hThread, dwLastResumeCount
  );
end;

// Dynamic version of NtSystemDebugControl
function  NtSystemDebugControl(
    ControlCode : DEBUG_CONTROL_CODE;
    InputBuffer : PVOID;
    InputBufferLength : ULONG;
    OutputBuffer : PVOID;
    OutputBufferLength : ULONG;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSystemDebugControl, ntdll, 'NtSystemDebugControl');
  Result := TFNNtSystemDebugControl(_NtSystemDebugControl)(
    ControlCode, InputBuffer, InputBufferLength, OutputBuffer, OutputBufferLength, ReturnLength
  );
end;

// Dynamic version of NtSystemDebugControl
function  ZwSystemDebugControl(
    ControlCode : DEBUG_CONTROL_CODE;
    InputBuffer : PVOID;
    InputBufferLength : ULONG;
    OutputBuffer : PVOID;
    OutputBufferLength : ULONG;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtSystemDebugControl, ntdll, 'NtSystemDebugControl');
  Result := TFNNtSystemDebugControl(_NtSystemDebugControl)(
    ControlCode, InputBuffer, InputBufferLength, OutputBuffer, OutputBufferLength, ReturnLength
  );
end;

// Dynamic version of NtTerminateJobObject
function  NtTerminateJobObject(
    JobHandle : HANDLE;
    ExitStatus : NTSTATUS
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtTerminateJobObject, ntdll, 'NtTerminateJobObject');
  Result := TFNNtTerminateJobObject(_NtTerminateJobObject)(
    JobHandle, ExitStatus
  );
end;

// Dynamic version of NtTerminateJobObject
function  ZwTerminateJobObject(
    JobHandle : HANDLE;
    ExitStatus : NTSTATUS
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtTerminateJobObject, ntdll, 'NtTerminateJobObject');
  Result := TFNNtTerminateJobObject(_NtTerminateJobObject)(
    JobHandle, ExitStatus
  );
end;

// Dynamic version of NtTerminateProcess
function  NtTerminateProcess(
    ProcessHandle : HANDLE;
    ExitStatus : NTSTATUS
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtTerminateProcess, ntdll, 'NtTerminateProcess');
  Result := TFNNtTerminateProcess(_NtTerminateProcess)(
    ProcessHandle, ExitStatus
  );
end;

// Dynamic version of NtTerminateProcess
function  ZwTerminateProcess(
    ProcessHandle : HANDLE;
    ExitStatus : NTSTATUS
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtTerminateProcess, ntdll, 'NtTerminateProcess');
  Result := TFNNtTerminateProcess(_NtTerminateProcess)(
    ProcessHandle, ExitStatus
  );
end;

// Dynamic version of NtTerminateThread
function  NtTerminateThread(
    ThreadHandle : HANDLE;
    ExitStatus : NTSTATUS
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtTerminateThread, ntdll, 'NtTerminateThread');
  Result := TFNNtTerminateThread(_NtTerminateThread)(
    ThreadHandle, ExitStatus
  );
end;

// Dynamic version of NtTerminateThread
function  ZwTerminateThread(
    ThreadHandle : HANDLE;
    ExitStatus : NTSTATUS
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtTerminateThread, ntdll, 'NtTerminateThread');
  Result := TFNNtTerminateThread(_NtTerminateThread)(
    ThreadHandle, ExitStatus
  );
end;

// Dynamic version of NtTestAlert
function  NtTestAlert(): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtTestAlert, ntdll, 'NtTestAlert');
  Result := TFNNtTestAlert(_NtTestAlert)();
end;

// Dynamic version of NtTestAlert
function  ZwTestAlert(): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtTestAlert, ntdll, 'NtTestAlert');
  Result := TFNNtTestAlert(_NtTestAlert)();
end;

// Dynamic version of NtUnloadDriver
function  NtUnloadDriver(
    DriverServiceName : PUNICODE_STRING
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtUnloadDriver, ntdll, 'NtUnloadDriver');
  Result := TFNNtUnloadDriver(_NtUnloadDriver)(
    DriverServiceName
  );
end;

// Dynamic version of NtUnloadDriver
function  ZwUnloadDriver(
    DriverServiceName : PUNICODE_STRING
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtUnloadDriver, ntdll, 'NtUnloadDriver');
  Result := TFNNtUnloadDriver(_NtUnloadDriver)(
    DriverServiceName
  );
end;

// Dynamic version of NtUnloadKey
function  NtUnloadKey(
    KeyObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtUnloadKey, ntdll, 'NtUnloadKey');
  Result := TFNNtUnloadKey(_NtUnloadKey)(
    KeyObjectAttributes
  );
end;

// Dynamic version of NtUnloadKey
function  ZwUnloadKey(
    KeyObjectAttributes : POBJECT_ATTRIBUTES
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtUnloadKey, ntdll, 'NtUnloadKey');
  Result := TFNNtUnloadKey(_NtUnloadKey)(
    KeyObjectAttributes
  );
end;

// Dynamic version of NtUnlockFile
function  NtUnlockFile(
    FileHandle : HANDLE;
    IoStatusBlock : PIO_STATUS_BLOCK;
    LockOffset : PULARGE_INTEGER;
    LockLength : PULARGE_INTEGER;
    Key : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtUnlockFile, ntdll, 'NtUnlockFile');
  Result := TFNNtUnlockFile(_NtUnlockFile)(
    FileHandle, IoStatusBlock, LockOffset, LockLength, Key
  );
end;

// Dynamic version of NtUnlockFile
function  ZwUnlockFile(
    FileHandle : HANDLE;
    IoStatusBlock : PIO_STATUS_BLOCK;
    LockOffset : PULARGE_INTEGER;
    LockLength : PULARGE_INTEGER;
    Key : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtUnlockFile, ntdll, 'NtUnlockFile');
  Result := TFNNtUnlockFile(_NtUnlockFile)(
    FileHandle, IoStatusBlock, LockOffset, LockLength, Key
  );
end;

// Dynamic version of NtUnlockVirtualMemory
function  NtUnlockVirtualMemory(
    ProcessHandle : HANDLE;
    BaseAddress : PPVOID;
    LockSize : PULONG;
    LockType : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtUnlockVirtualMemory, ntdll, 'NtUnlockVirtualMemory');
  Result := TFNNtUnlockVirtualMemory(_NtUnlockVirtualMemory)(
    ProcessHandle, BaseAddress, LockSize, LockType
  );
end;

// Dynamic version of NtUnlockVirtualMemory
function  ZwUnlockVirtualMemory(
    ProcessHandle : HANDLE;
    BaseAddress : PPVOID;
    LockSize : PULONG;
    LockType : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtUnlockVirtualMemory, ntdll, 'NtUnlockVirtualMemory');
  Result := TFNNtUnlockVirtualMemory(_NtUnlockVirtualMemory)(
    ProcessHandle, BaseAddress, LockSize, LockType
  );
end;

// Dynamic version of NtUnmapViewOfSection
function  NtUnmapViewOfSection(
    ProcessHandle : HANDLE;
    BaseAddress : PVOID
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtUnmapViewOfSection, ntdll, 'NtUnmapViewOfSection');
  Result := TFNNtUnmapViewOfSection(_NtUnmapViewOfSection)(
    ProcessHandle, BaseAddress
  );
end;

// Dynamic version of NtUnmapViewOfSection
function  ZwUnmapViewOfSection(
    ProcessHandle : HANDLE;
    BaseAddress : PVOID
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtUnmapViewOfSection, ntdll, 'NtUnmapViewOfSection');
  Result := TFNNtUnmapViewOfSection(_NtUnmapViewOfSection)(
    ProcessHandle, BaseAddress
  );
end;

// Dynamic version of NtVdmControl
function  NtVdmControl(
    ControlCode : ULONG;
    ControlData : PVOID
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtVdmControl, ntdll, 'NtVdmControl');
  Result := TFNNtVdmControl(_NtVdmControl)(
    ControlCode, ControlData
  );
end;

// Dynamic version of NtVdmControl
function  ZwVdmControl(
    ControlCode : ULONG;
    ControlData : PVOID
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtVdmControl, ntdll, 'NtVdmControl');
  Result := TFNNtVdmControl(_NtVdmControl)(
    ControlCode, ControlData
  );
end;

// Dynamic version of NtW32Call
function  NtW32Call(
    RoutineIndex : ULONG;
    Argument : PVOID;
    ArgumentLength : ULONG;
    Result_ : PPVOID;
    ResultLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtW32Call, ntdll, 'NtW32Call');
  Result := TFNNtW32Call(_NtW32Call)(
    RoutineIndex, Argument, ArgumentLength, Result_, ResultLength
  );
end;

// Dynamic version of NtW32Call
function  ZwW32Call(
    RoutineIndex : ULONG;
    Argument : PVOID;
    ArgumentLength : ULONG;
    Result_ : PPVOID;
    ResultLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtW32Call, ntdll, 'NtW32Call');
  Result := TFNNtW32Call(_NtW32Call)(
    RoutineIndex, Argument, ArgumentLength, Result_, ResultLength
  );
end;

// Dynamic version of NtWaitForMultipleObjects
function  NtWaitForMultipleObjects(
    HandleCount : ULONG;
    Handles : PHANDLE;
    WaitType : WAIT_TYPE;
    Alertable : BOOLEAN;
    Timeout : PLARGE_INTEGER
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtWaitForMultipleObjects, ntdll, 'NtWaitForMultipleObjects');
  Result := TFNNtWaitForMultipleObjects(_NtWaitForMultipleObjects)(
    HandleCount, Handles, WaitType, Alertable, Timeout
  );
end;

// Dynamic version of NtWaitForMultipleObjects
function  ZwWaitForMultipleObjects(
    HandleCount : ULONG;
    Handles : PHANDLE;
    WaitType : WAIT_TYPE;
    Alertable : BOOLEAN;
    Timeout : PLARGE_INTEGER
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtWaitForMultipleObjects, ntdll, 'NtWaitForMultipleObjects');
  Result := TFNNtWaitForMultipleObjects(_NtWaitForMultipleObjects)(
    HandleCount, Handles, WaitType, Alertable, Timeout
  );
end;

// Dynamic version of NtWaitForSingleObject
function  NtWaitForSingleObject(
    Handle : HANDLE;
    Alertable : BOOLEAN;
    Timeout : PLARGE_INTEGER
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtWaitForSingleObject, ntdll, 'NtWaitForSingleObject');
  Result := TFNNtWaitForSingleObject(_NtWaitForSingleObject)(
    Handle, Alertable, Timeout
  );
end;

// Dynamic version of NtWaitForSingleObject
function  ZwWaitForSingleObject(
    Handle : HANDLE;
    Alertable : BOOLEAN;
    Timeout : PLARGE_INTEGER
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtWaitForSingleObject, ntdll, 'NtWaitForSingleObject');
  Result := TFNNtWaitForSingleObject(_NtWaitForSingleObject)(
    Handle, Alertable, Timeout
  );
end;

// Dynamic version of NtWaitHighEventPair
function  NtWaitHighEventPair(
    EventPairHandle : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtWaitHighEventPair, ntdll, 'NtWaitHighEventPair');
  Result := TFNNtWaitHighEventPair(_NtWaitHighEventPair)(
    EventPairHandle
  );
end;

// Dynamic version of NtWaitHighEventPair
function  ZwWaitHighEventPair(
    EventPairHandle : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtWaitHighEventPair, ntdll, 'NtWaitHighEventPair');
  Result := TFNNtWaitHighEventPair(_NtWaitHighEventPair)(
    EventPairHandle
  );
end;

// Dynamic version of NtWaitLowEventPair
function  NtWaitLowEventPair(
    EventPairHandle : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtWaitLowEventPair, ntdll, 'NtWaitLowEventPair');
  Result := TFNNtWaitLowEventPair(_NtWaitLowEventPair)(
    EventPairHandle
  );
end;

// Dynamic version of NtWaitLowEventPair
function  ZwWaitLowEventPair(
    EventPairHandle : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtWaitLowEventPair, ntdll, 'NtWaitLowEventPair');
  Result := TFNNtWaitLowEventPair(_NtWaitLowEventPair)(
    EventPairHandle
  );
end;

// Dynamic version of NtWriteFile
function  NtWriteFile(
    FileHandle : HANDLE;
    Event : HANDLE;
    ApcRoutine : PIO_APC_ROUTINE;
    ApcContext : PVOID;
    IoStatusBlock : PIO_STATUS_BLOCK;
    Buffer : PVOID;
    Length : ULONG;
    ByteOffset : PLARGE_INTEGER;
    Key : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtWriteFile, ntdll, 'NtWriteFile');
  Result := TFNNtWriteFile(_NtWriteFile)(
    FileHandle, Event, ApcRoutine, ApcContext, IoStatusBlock, Buffer, Length, ByteOffset, Key
  );
end;

// Dynamic version of NtWriteFile
function  ZwWriteFile(
    FileHandle : HANDLE;
    Event : HANDLE;
    ApcRoutine : PIO_APC_ROUTINE;
    ApcContext : PVOID;
    IoStatusBlock : PIO_STATUS_BLOCK;
    Buffer : PVOID;
    Length : ULONG;
    ByteOffset : PLARGE_INTEGER;
    Key : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtWriteFile, ntdll, 'NtWriteFile');
  Result := TFNNtWriteFile(_NtWriteFile)(
    FileHandle, Event, ApcRoutine, ApcContext, IoStatusBlock, Buffer, Length, ByteOffset, Key
  );
end;

// Dynamic version of NtWriteFileGather
function  NtWriteFileGather(
    FileHandle : HANDLE;
    Event : HANDLE;
    ApcRoutine : PIO_APC_ROUTINE;
    ApcContext : PVOID;
    IoStatusBlock : PIO_STATUS_BLOCK;
    Buffer : PFILE_SEGMENT_ELEMENT;
    Length : ULONG;
    ByteOffset : PLARGE_INTEGER;
    Key : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtWriteFileGather, ntdll, 'NtWriteFileGather');
  Result := TFNNtWriteFileGather(_NtWriteFileGather)(
    FileHandle, Event, ApcRoutine, ApcContext, IoStatusBlock, Buffer, Length, ByteOffset, Key
  );
end;

// Dynamic version of NtWriteFileGather
function  ZwWriteFileGather(
    FileHandle : HANDLE;
    Event : HANDLE;
    ApcRoutine : PIO_APC_ROUTINE;
    ApcContext : PVOID;
    IoStatusBlock : PIO_STATUS_BLOCK;
    Buffer : PFILE_SEGMENT_ELEMENT;
    Length : ULONG;
    ByteOffset : PLARGE_INTEGER;
    Key : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtWriteFileGather, ntdll, 'NtWriteFileGather');
  Result := TFNNtWriteFileGather(_NtWriteFileGather)(
    FileHandle, Event, ApcRoutine, ApcContext, IoStatusBlock, Buffer, Length, ByteOffset, Key
  );
end;

// Dynamic version of NtWriteRequestData
function  NtWriteRequestData(
    PortHandle : HANDLE;
    Message : PPORT_MESSAGE;
    Index : ULONG;
    Buffer : PVOID;
    BufferLength : ULONG;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtWriteRequestData, ntdll, 'NtWriteRequestData');
  Result := TFNNtWriteRequestData(_NtWriteRequestData)(
    PortHandle, Message, Index, Buffer, BufferLength, ReturnLength
  );
end;

// Dynamic version of NtWriteRequestData
function  ZwWriteRequestData(
    PortHandle : HANDLE;
    Message : PPORT_MESSAGE;
    Index : ULONG;
    Buffer : PVOID;
    BufferLength : ULONG;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtWriteRequestData, ntdll, 'NtWriteRequestData');
  Result := TFNNtWriteRequestData(_NtWriteRequestData)(
    PortHandle, Message, Index, Buffer, BufferLength, ReturnLength
  );
end;

// Dynamic version of NtWriteVirtualMemory
function  NtWriteVirtualMemory(
    ProcessHandle : HANDLE;
    BaseAddress : PVOID;
    Buffer : PVOID;
    BufferLength : ULONG;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtWriteVirtualMemory, ntdll, 'NtWriteVirtualMemory');
  Result := TFNNtWriteVirtualMemory(_NtWriteVirtualMemory)(
    ProcessHandle, BaseAddress, Buffer, BufferLength, ReturnLength
  );
end;

// Dynamic version of NtWriteVirtualMemory
function  ZwWriteVirtualMemory(
    ProcessHandle : HANDLE;
    BaseAddress : PVOID;
    Buffer : PVOID;
    BufferLength : ULONG;
    ReturnLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtWriteVirtualMemory, ntdll, 'NtWriteVirtualMemory');
  Result := TFNNtWriteVirtualMemory(_NtWriteVirtualMemory)(
    ProcessHandle, BaseAddress, Buffer, BufferLength, ReturnLength
  );
end;

// Dynamic version of NtYieldExecution
function  NtYieldExecution(): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtYieldExecution, ntdll, 'NtYieldExecution');
  Result := TFNNtYieldExecution(_NtYieldExecution)();
end;

// Dynamic version of NtYieldExecution
function  ZwYieldExecution(): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_NtYieldExecution, ntdll, 'NtYieldExecution');
  Result := TFNNtYieldExecution(_NtYieldExecution)();
end;

// Dynamic version of RtlAbsoluteToSelfRelativeSD
function  RtlAbsoluteToSelfRelativeSD(
    pAbsoluteSD : PSECURITY_DESCRIPTOR;
    pSelfRelativeSD : PSECURITY_DESCRIPTOR;
    lpdwBufferLength : LPDWORD
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlAbsoluteToSelfRelativeSD, ntdll, 'RtlAbsoluteToSelfRelativeSD');
  Result := TFNRtlAbsoluteToSelfRelativeSD(_RtlAbsoluteToSelfRelativeSD)(
    pAbsoluteSD, pSelfRelativeSD, lpdwBufferLength
  );
end;

// Dynamic version of RtlAcquirePebLock
procedure RtlAcquirePebLock(); stdcall;
begin
  GetProcedureAddress(_RtlAcquirePebLock, ntdll, 'RtlAcquirePebLock');
  TFNRtlAcquirePebLock(_RtlAcquirePebLock)();
end;

// Dynamic version of RtlAddAccessAllowedAce
function  RtlAddAccessAllowedAce(
    pAcl : PACL;
    dwAceRevision : DWORD;
    AccessMask : ACCESS_MASK;
    pSid : PSID
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlAddAccessAllowedAce, ntdll, 'RtlAddAccessAllowedAce');
  Result := TFNRtlAddAccessAllowedAce(_RtlAddAccessAllowedAce)(
    pAcl, dwAceRevision, AccessMask, pSid
  );
end;

// Dynamic version of RtlAddAccessAllowedAceEx
function  RtlAddAccessAllowedAceEx(
    pAcl : PACL;
    dwAceRevision : DWORD;
    AceFlags : DWORD;
    AccessMask : ACCESS_MASK;
    pSid : PSID
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlAddAccessAllowedAceEx, ntdll, 'RtlAddAccessAllowedAceEx');
  Result := TFNRtlAddAccessAllowedAceEx(_RtlAddAccessAllowedAceEx)(
    pAcl, dwAceRevision, AceFlags, AccessMask, pSid
  );
end;

// Dynamic version of RtlAddAccessDeniedAce
function  RtlAddAccessDeniedAce(
    pAcl : PACL;
    dwAceRevision : DWORD;
    AccessMask : ACCESS_MASK;
    pSid : PSID
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlAddAccessDeniedAce, ntdll, 'RtlAddAccessDeniedAce');
  Result := TFNRtlAddAccessDeniedAce(_RtlAddAccessDeniedAce)(
    pAcl, dwAceRevision, AccessMask, pSid
  );
end;

// Dynamic version of RtlAddAccessDeniedAceEx
function  RtlAddAccessDeniedAceEx(
    pAcl : PACL;
    dwAceRevision : DWORD;
    AceFlags : DWORD;
    AccessMask : ACCESS_MASK;
    pSid : PSID
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlAddAccessDeniedAceEx, ntdll, 'RtlAddAccessDeniedAceEx');
  Result := TFNRtlAddAccessDeniedAceEx(_RtlAddAccessDeniedAceEx)(
    pAcl, dwAceRevision, AceFlags, AccessMask, pSid
  );
end;

// Dynamic version of RtlAddAce
function  RtlAddAce(
    pAcl : PACL;
    dwAceRevision : DWORD;
    dwStartingAceIndex : DWORD;
    pAceList : PVOID;
    nAceListLength : DWORD
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlAddAce, ntdll, 'RtlAddAce');
  Result := TFNRtlAddAce(_RtlAddAce)(
    pAcl, dwAceRevision, dwStartingAceIndex, pAceList, nAceListLength
  );
end;

// Dynamic version of RtlAddAuditAccessAce
function  RtlAddAuditAccessAce(
    pAcl : PACL;
    dwAceRevision : DWORD;
    AccessMask : ACCESS_MASK;
    pSid : PSID;
    bAuditSuccess : BOOLEAN;
    bAuditFailure : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlAddAuditAccessAce, ntdll, 'RtlAddAuditAccessAce');
  Result := TFNRtlAddAuditAccessAce(_RtlAddAuditAccessAce)(
    pAcl, dwAceRevision, AccessMask, pSid, bAuditSuccess, bAuditFailure
  );
end;

// Dynamic version of RtlAddAuditAccessAceEx
function  RtlAddAuditAccessAceEx(
    pAcl : PACL;
    dwAceRevision : DWORD;
    AceFlags : DWORD;
    AccessMask : ACCESS_MASK;
    pSid : PSID;
    bAuditSuccess : BOOLEAN;
    bAuditFailure : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlAddAuditAccessAceEx, ntdll, 'RtlAddAuditAccessAceEx');
  Result := TFNRtlAddAuditAccessAceEx(_RtlAddAuditAccessAceEx)(
    pAcl, dwAceRevision, AceFlags, AccessMask, pSid, bAuditSuccess, bAuditFailure
  );
end;

// Dynamic version of RtlAddRange
function  RtlAddRange(
    RangeList : PRTL_RANGE_LIST;
    Start : ULONGLONG;
    End_ : ULONGLONG;
    Attributes : UCHAR;
    Flags : ULONG;
    UserData : PVOID;
    Owner : PVOID
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlAddRange, ntdll, 'RtlAddRange');
  Result := TFNRtlAddRange(_RtlAddRange)(
    RangeList, Start, End_, Attributes, Flags, UserData, Owner
  );
end;

// Dynamic version of RtlAddVectoredExceptionHandler
function  RtlAddVectoredExceptionHandler(
    FirstHandler : ULONG;
    VectoredHandler : PVECTORED_EXCEPTION_HANDLER
  ): PVOID; stdcall;
begin
  GetProcedureAddress(_RtlAddVectoredExceptionHandler, ntdll, 'RtlAddVectoredExceptionHandler');
  Result := TFNRtlAddVectoredExceptionHandler(_RtlAddVectoredExceptionHandler)(
    FirstHandler, VectoredHandler
  );
end;

// Dynamic version of RtlAdjustPrivilege
function  RtlAdjustPrivilege(
    Privilege : ULONG;
    Enable : BOOLEAN;
    CurrentThread : BOOLEAN;
    Enabled : PBOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlAdjustPrivilege, ntdll, 'RtlAdjustPrivilege');
  Result := TFNRtlAdjustPrivilege(_RtlAdjustPrivilege)(
    Privilege, Enable, CurrentThread, Enabled
  );
end;

// Dynamic version of RtlAllocateAndInitializeSid
function  RtlAllocateAndInitializeSid(
    pIdentifierAuthority : PSID_IDENTIFIER_AUTHORITY;
    SubAuthorityCount : BYTE;
    nSubAuthority0 : DWORD;
    nSubAuthority1 : DWORD;
    nSubAuthority2 : DWORD;
    nSubAuthority3 : DWORD;
    nSubAuthority4 : DWORD;
    nSubAuthority5 : DWORD;
    nSubAuthority6 : DWORD;
    nSubAuthority7 : DWORD;
    var pSid : PSID
  ): BOOL; stdcall;
begin
  GetProcedureAddress(_RtlAllocateAndInitializeSid, ntdll, 'RtlAllocateAndInitializeSid');
  Result := TFNRtlAllocateAndInitializeSid(_RtlAllocateAndInitializeSid)(
    pIdentifierAuthority, SubAuthorityCount, nSubAuthority0, nSubAuthority1, nSubAuthority2, nSubAuthority3, nSubAuthority4, nSubAuthority5, nSubAuthority6, nSubAuthority7, pSid
  );
end;

// Dynamic version of RtlAllocateHeap
function  RtlAllocateHeap(
    hHeap : HANDLE;
    dwFlags : ULONG;
    Size : ULONG
  ): PVOID; stdcall;
begin
  GetProcedureAddress(_RtlAllocateHeap, ntdll, 'RtlAllocateHeap');
  Result := TFNRtlAllocateHeap(_RtlAllocateHeap)(
    hHeap, dwFlags, Size
  );
end;

// Dynamic version of RtlAnsiCharToUnicodeChar
function  RtlAnsiCharToUnicodeChar(
    AnsiChar : CHAR
  ): WCHAR; stdcall;
begin
  GetProcedureAddress(_RtlAnsiCharToUnicodeChar, ntdll, 'RtlAnsiCharToUnicodeChar');
  Result := TFNRtlAnsiCharToUnicodeChar(_RtlAnsiCharToUnicodeChar)(
    AnsiChar
  );
end;

// Dynamic version of RtlAnsiStringToUnicodeSize
function  RtlAnsiStringToUnicodeSize(
    AnsiString : PANSI_STRING
  ): ULONG; stdcall;
begin
  GetProcedureAddress(_RtlAnsiStringToUnicodeSize, ntdll, 'RtlAnsiStringToUnicodeSize');
  Result := TFNRtlAnsiStringToUnicodeSize(_RtlAnsiStringToUnicodeSize)(
    AnsiString
  );
end;

// Dynamic version of RtlAnsiStringToUnicodeString
function  RtlAnsiStringToUnicodeString(
    DestinationString : PUNICODE_STRING;
    SourceString : PANSI_STRING;
    AllocateDestinationString : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlAnsiStringToUnicodeString, ntdll, 'RtlAnsiStringToUnicodeString');
  Result := TFNRtlAnsiStringToUnicodeString(_RtlAnsiStringToUnicodeString)(
    DestinationString, SourceString, AllocateDestinationString
  );
end;

// Dynamic version of RtlAppendAsciizToString
function  RtlAppendAsciizToString(
    DestinationString : PSTRING;
    AppendThisString : LPCSTR
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlAppendAsciizToString, ntdll, 'RtlAppendAsciizToString');
  Result := TFNRtlAppendAsciizToString(_RtlAppendAsciizToString)(
    DestinationString, AppendThisString
  );
end;

// Dynamic version of RtlAppendStringToString
function  RtlAppendStringToString(
    DestinationString : PSTRING;
    AppendThisString : PSTRING
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlAppendStringToString, ntdll, 'RtlAppendStringToString');
  Result := TFNRtlAppendStringToString(_RtlAppendStringToString)(
    DestinationString, AppendThisString
  );
end;

// Dynamic version of RtlAppendUnicodeStringToString
function  RtlAppendUnicodeStringToString(
    DestinationString : PUNICODE_STRING;
    SourceString : PUNICODE_STRING
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlAppendUnicodeStringToString, ntdll, 'RtlAppendUnicodeStringToString');
  Result := TFNRtlAppendUnicodeStringToString(_RtlAppendUnicodeStringToString)(
    DestinationString, SourceString
  );
end;

// Dynamic version of RtlAppendUnicodeToString
function  RtlAppendUnicodeToString(
    Destination : PUNICODE_STRING;
    Source : LPCWSTR
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlAppendUnicodeToString, ntdll, 'RtlAppendUnicodeToString');
  Result := TFNRtlAppendUnicodeToString(_RtlAppendUnicodeToString)(
    Destination, Source
  );
end;

// Dynamic version of RtlAreAllAccessesGranted
function  RtlAreAllAccessesGranted(
    GrantedAccess : ACCESS_MASK;
    WantedAccess : ACCESS_MASK
  ): BOOLEAN; stdcall;
begin
  GetProcedureAddress(_RtlAreAllAccessesGranted, ntdll, 'RtlAreAllAccessesGranted');
  Result := TFNRtlAreAllAccessesGranted(_RtlAreAllAccessesGranted)(
    GrantedAccess, WantedAccess
  );
end;

// Dynamic version of RtlAreAnyAccessesGranted
function  RtlAreAnyAccessesGranted(
    GrantedAccess : ACCESS_MASK;
    WantedAccess : ACCESS_MASK
  ): BOOLEAN; stdcall;
begin
  GetProcedureAddress(_RtlAreAnyAccessesGranted, ntdll, 'RtlAreAnyAccessesGranted');
  Result := TFNRtlAreAnyAccessesGranted(_RtlAreAnyAccessesGranted)(
    GrantedAccess, WantedAccess
  );
end;

// Dynamic version of RtlAreBitsClear
function  RtlAreBitsClear(
    BitMapHeader : PRTL_BITMAP;
    StartingIndex : ULONG;
    Length : ULONG
  ): BOOLEAN; stdcall;
begin
  GetProcedureAddress(_RtlAreBitsClear, ntdll, 'RtlAreBitsClear');
  Result := TFNRtlAreBitsClear(_RtlAreBitsClear)(
    BitMapHeader, StartingIndex, Length
  );
end;

// Dynamic version of RtlAreBitsSet
function  RtlAreBitsSet(
    BitMapHeader : PRTL_BITMAP;
    StartingIndex : ULONG;
    Length : ULONG
  ): BOOLEAN; stdcall;
begin
  GetProcedureAddress(_RtlAreBitsSet, ntdll, 'RtlAreBitsSet');
  Result := TFNRtlAreBitsSet(_RtlAreBitsSet)(
    BitMapHeader, StartingIndex, Length
  );
end;

// Dynamic version of RtlAssert
procedure RtlAssert(
    FailedAssertion : PVOID;
    FileName : PVOID;
    LineNumber : ULONG;
    Message : PCHAR
  ); stdcall;
begin
  GetProcedureAddress(_RtlAssert, ntdll, 'RtlAssert');
  TFNRtlAssert(_RtlAssert)(
    FailedAssertion, FileName, LineNumber, Message
  );
end;

// Dynamic version of RtlCaptureContext
procedure RtlCaptureContext(
    ContextRecord : PCONTEXT
  ); stdcall;
begin
  GetProcedureAddress(_RtlCaptureContext, ntdll, 'RtlCaptureContext');
  TFNRtlCaptureContext(_RtlCaptureContext)(
    ContextRecord
  );
end;

// Dynamic version of RtlCharToInteger
function  RtlCharToInteger(
    Str : PCSZ;
    Base : ULONG;
    Value : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlCharToInteger, ntdll, 'RtlCharToInteger');
  Result := TFNRtlCharToInteger(_RtlCharToInteger)(
    Str, Base, Value
  );
end;

// Dynamic version of RtlCheckForOrphanedCriticalSections
procedure RtlCheckForOrphanedCriticalSections(
    hThread : HANDLE
  ); stdcall;
begin
  GetProcedureAddress(_RtlCheckForOrphanedCriticalSections, ntdll, 'RtlCheckForOrphanedCriticalSections');
  TFNRtlCheckForOrphanedCriticalSections(_RtlCheckForOrphanedCriticalSections)(
    hThread
  );
end;

// Dynamic version of RtlCheckRegistryKey
function  RtlCheckRegistryKey(
    RelativeTo : ULONG;
    Path : PWSTR
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlCheckRegistryKey, ntdll, 'RtlCheckRegistryKey');
  Result := TFNRtlCheckRegistryKey(_RtlCheckRegistryKey)(
    RelativeTo, Path
  );
end;

// Dynamic version of RtlClearAllBits
procedure RtlClearAllBits(
    BitMapHeader : PRTL_BITMAP
  ); stdcall;
begin
  GetProcedureAddress(_RtlClearAllBits, ntdll, 'RtlClearAllBits');
  TFNRtlClearAllBits(_RtlClearAllBits)(
    BitMapHeader
  );
end;

// Dynamic version of RtlClearBits
procedure RtlClearBits(
    BitMapHeader : PRTL_BITMAP;
    StartingIndex : ULONG;
    NumberToClear : ULONG
  ); stdcall;
begin
  GetProcedureAddress(_RtlClearBits, ntdll, 'RtlClearBits');
  TFNRtlClearBits(_RtlClearBits)(
    BitMapHeader, StartingIndex, NumberToClear
  );
end;

// Dynamic version of RtlCompactHeap
function  RtlCompactHeap(
    hHeap : HANDLE;
    dwFlags : ULONG
  ): ULONG; stdcall;
begin
  GetProcedureAddress(_RtlCompactHeap, ntdll, 'RtlCompactHeap');
  Result := TFNRtlCompactHeap(_RtlCompactHeap)(
    hHeap, dwFlags
  );
end;

// Dynamic version of RtlCompareMemory
function  RtlCompareMemory(
    Source1 : PVOID;
    Source2 : PVOID;
    Length : SIZE_T
  ): SIZE_T; stdcall;
begin
  GetProcedureAddress(_RtlCompareMemory, ntdll, 'RtlCompareMemory');
  Result := TFNRtlCompareMemory(_RtlCompareMemory)(
    Source1, Source2, Length
  );
end;

// Dynamic version of RtlCompareMemoryUlong
function  RtlCompareMemoryUlong(
    Source : PVOID;
    Length : ULONG;
    Value : ULONG
  ): ULONG; stdcall;
begin
  GetProcedureAddress(_RtlCompareMemoryUlong, ntdll, 'RtlCompareMemoryUlong');
  Result := TFNRtlCompareMemoryUlong(_RtlCompareMemoryUlong)(
    Source, Length, Value
  );
end;

// Dynamic version of RtlCompareString
function  RtlCompareString(
    String1 : PSTRING;
    String2 : PSTRING;
    CaseInsensitive : BOOLEAN
  ): LONG; stdcall;
begin
  GetProcedureAddress(_RtlCompareString, ntdll, 'RtlCompareString');
  Result := TFNRtlCompareString(_RtlCompareString)(
    String1, String2, CaseInsensitive
  );
end;

// Dynamic version of RtlCompareUnicodeString
function  RtlCompareUnicodeString(
    String1 : PUNICODE_STRING;
    String2 : PUNICODE_STRING;
    CaseInsensitive : BOOLEAN
  ): LONG; stdcall;
begin
  GetProcedureAddress(_RtlCompareUnicodeString, ntdll, 'RtlCompareUnicodeString');
  Result := TFNRtlCompareUnicodeString(_RtlCompareUnicodeString)(
    String1, String2, CaseInsensitive
  );
end;

// Dynamic version of RtlConvertLongToLargeInteger
function  RtlConvertLongToLargeInteger(
    SignedInteger : LONG
  ): LARGE_INTEGER; stdcall;
begin
  GetProcedureAddress(_RtlConvertLongToLargeInteger, ntdll, 'RtlConvertLongToLargeInteger');
  Result := TFNRtlConvertLongToLargeInteger(_RtlConvertLongToLargeInteger)(
    SignedInteger
  );
end;

// Dynamic version of RtlConvertSidToUnicodeString
function  RtlConvertSidToUnicodeString(
    UnicodeString : PUNICODE_STRING;
    Sid : PSID;
    AllocateDestinationString : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlConvertSidToUnicodeString, ntdll, 'RtlConvertSidToUnicodeString');
  Result := TFNRtlConvertSidToUnicodeString(_RtlConvertSidToUnicodeString)(
    UnicodeString, Sid, AllocateDestinationString
  );
end;

// Dynamic version of RtlConvertUlongToLargeInteger
function  RtlConvertUlongToLargeInteger(
    UnsignedInteger : ULONG
  ): LARGE_INTEGER; stdcall;
begin
  GetProcedureAddress(_RtlConvertUlongToLargeInteger, ntdll, 'RtlConvertUlongToLargeInteger');
  Result := TFNRtlConvertUlongToLargeInteger(_RtlConvertUlongToLargeInteger)(
    UnsignedInteger
  );
end;

// Dynamic version of RtlCopyLuid
procedure RtlCopyLuid(
    Destination : PLUID;
    Source : PLUID
  ); stdcall;
begin
  GetProcedureAddress(_RtlCopyLuid, ntdll, 'RtlCopyLuid');
  TFNRtlCopyLuid(_RtlCopyLuid)(
    Destination, Source
  );
end;

// Dynamic version of RtlCopyRangeList
function  RtlCopyRangeList(
    CopyRangeList : PRTL_RANGE_LIST;
    RangeList : PRTL_RANGE_LIST
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlCopyRangeList, ntdll, 'RtlCopyRangeList');
  Result := TFNRtlCopyRangeList(_RtlCopyRangeList)(
    CopyRangeList, RangeList
  );
end;

// Dynamic version of RtlCopySecurityDescriptor
function  RtlCopySecurityDescriptor(
    Source : PSECURITY_DESCRIPTOR;
    var Destination : PSECURITY_DESCRIPTOR
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlCopySecurityDescriptor, ntdll, 'RtlCopySecurityDescriptor');
  Result := TFNRtlCopySecurityDescriptor(_RtlCopySecurityDescriptor)(
    Source, Destination
  );
end;

// Dynamic version of RtlCopySid
function  RtlCopySid(
    DestinationLength : ULONG;
    Destination : PSID;
    Source : PSID
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlCopySid, ntdll, 'RtlCopySid');
  Result := TFNRtlCopySid(_RtlCopySid)(
    DestinationLength, Destination, Source
  );
end;

// Dynamic version of RtlCopyString
procedure RtlCopyString(
    DestinationString : PSTRING;
    SourceString : PSTRING
  ); stdcall;
begin
  GetProcedureAddress(_RtlCopyString, ntdll, 'RtlCopyString');
  TFNRtlCopyString(_RtlCopyString)(
    DestinationString, SourceString
  );
end;

// Dynamic version of RtlCopyUnicodeString
procedure RtlCopyUnicodeString(
    DestinationString : PUNICODE_STRING;
    SourceString : PUNICODE_STRING
  ); stdcall;
begin
  GetProcedureAddress(_RtlCopyUnicodeString, ntdll, 'RtlCopyUnicodeString');
  TFNRtlCopyUnicodeString(_RtlCopyUnicodeString)(
    DestinationString, SourceString
  );
end;

// Dynamic version of RtlCreateAcl
function  RtlCreateAcl(
    pAcl : PACL;
    nAclLength : DWORD;
    dwAclRevision : DWORD
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlCreateAcl, ntdll, 'RtlCreateAcl');
  Result := TFNRtlCreateAcl(_RtlCreateAcl)(
    pAcl, nAclLength, dwAclRevision
  );
end;

// Dynamic version of RtlCreateHeap
function  RtlCreateHeap(
    dwOptions : ULONG;
    Base : PVOID;
    dwMaximumSize : SIZE_T;
    dwInitialSize : SIZE_T;
    UnknownOptional1 : PVOID;
    UnknownOptional2 : PVOID
  ): HANDLE; stdcall;
begin
  GetProcedureAddress(_RtlCreateHeap, ntdll, 'RtlCreateHeap');
  Result := TFNRtlCreateHeap(_RtlCreateHeap)(
    dwOptions, Base, dwMaximumSize, dwInitialSize, UnknownOptional1, UnknownOptional2
  );
end;

// Dynamic version of RtlCreateProcessParameters
function  RtlCreateProcessParameters(
    ProcessParameters : PPRTL_USER_PROCESS_PARAMETERS;
    ImageFile : PUNICODE_STRING;
    DllPath : PUNICODE_STRING;
    CurrentDirectory : PUNICODE_STRING;
    CommandLine : PUNICODE_STRING;
    CreationFlags : ULONG;
    WindowTitle : PUNICODE_STRING;
    Desktop : PUNICODE_STRING;
    Reserved : PUNICODE_STRING;
    Reserved2 : PUNICODE_STRING
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlCreateProcessParameters, ntdll, 'RtlCreateProcessParameters');
  Result := TFNRtlCreateProcessParameters(_RtlCreateProcessParameters)(
    ProcessParameters, ImageFile, DllPath, CurrentDirectory, CommandLine, CreationFlags, WindowTitle, Desktop, Reserved, Reserved2
  );
end;

// Dynamic version of RtlCreateQueryDebugBuffer
function  RtlCreateQueryDebugBuffer(
    Size : ULONG;
    EventPair : BOOLEAN
  ): PDEBUG_BUFFER; stdcall;
begin
  GetProcedureAddress(_RtlCreateQueryDebugBuffer, ntdll, 'RtlCreateQueryDebugBuffer');
  Result := TFNRtlCreateQueryDebugBuffer(_RtlCreateQueryDebugBuffer)(
    Size, EventPair
  );
end;

// Dynamic version of RtlCreateRegistryKey
function  RtlCreateRegistryKey(
    RelativeTo : ULONG;
    Path : PWSTR
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlCreateRegistryKey, ntdll, 'RtlCreateRegistryKey');
  Result := TFNRtlCreateRegistryKey(_RtlCreateRegistryKey)(
    RelativeTo, Path
  );
end;

// Dynamic version of RtlCreateSecurityDescriptor
function  RtlCreateSecurityDescriptor(
    SecurityDescriptor : PSECURITY_DESCRIPTOR;
    Revision : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlCreateSecurityDescriptor, ntdll, 'RtlCreateSecurityDescriptor');
  Result := TFNRtlCreateSecurityDescriptor(_RtlCreateSecurityDescriptor)(
    SecurityDescriptor, Revision
  );
end;

// Dynamic version of RtlCreateUnicodeString
function  RtlCreateUnicodeString(
    DestinationString : PUNICODE_STRING;
    SourceString : PWSTR
  ): BOOLEAN; stdcall;
begin
  GetProcedureAddress(_RtlCreateUnicodeString, ntdll, 'RtlCreateUnicodeString');
  Result := TFNRtlCreateUnicodeString(_RtlCreateUnicodeString)(
    DestinationString, SourceString
  );
end;

// Dynamic version of RtlCreateUnicodeStringFromAsciiz
function  RtlCreateUnicodeStringFromAsciiz(
    DestinationString : PUNICODE_STRING;
    SourceString : PCHAR
  ): BOOLEAN; stdcall;
begin
  GetProcedureAddress(_RtlCreateUnicodeStringFromAsciiz, ntdll, 'RtlCreateUnicodeStringFromAsciiz');
  Result := TFNRtlCreateUnicodeStringFromAsciiz(_RtlCreateUnicodeStringFromAsciiz)(
    DestinationString, SourceString
  );
end;

// Dynamic version of RtlCreateUserProcess
function  RtlCreateUserProcess(
    ImageFileName : PUNICODE_STRING;
    Attributes : ULONG;
    ProcessParameters : PRTL_USER_PROCESS_PARAMETERS;
    ProcessSecurityDescriptor : PSECURITY_DESCRIPTOR;
    ThreadSecurityDescriptor : PSECURITY_DESCRIPTOR;
    ParentProcess : HANDLE;
    InheritHandles : BOOLEAN;
    DebugPort : HANDLE;
    ExceptionPort : HANDLE;
    ProcessInfo : PRTL_PROCESS_INFORMATION
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlCreateUserProcess, ntdll, 'RtlCreateUserProcess');
  Result := TFNRtlCreateUserProcess(_RtlCreateUserProcess)(
    ImageFileName, Attributes, ProcessParameters, ProcessSecurityDescriptor, ThreadSecurityDescriptor, ParentProcess, InheritHandles, DebugPort, ExceptionPort, ProcessInfo
  );
end;

// Dynamic version of RtlCreateUserThread
function  RtlCreateUserThread(
    hProcess : HANDLE;
    SecurityDescriptor : PSECURITY_DESCRIPTOR;
    CreateSuspended : BOOLEAN;
    StackZeroBits : ULONG;
    StackReserve : ULONG;
    StackCommit : ULONG;
    lpStartAddress : PTHREAD_START_ROUTINE;
    lpParameter : PVOID;
    phThread : PHANDLE;
    ClientId : PCLIENT_ID
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlCreateUserThread, ntdll, 'RtlCreateUserThread');
  Result := TFNRtlCreateUserThread(_RtlCreateUserThread)(
    hProcess, SecurityDescriptor, CreateSuspended, StackZeroBits, StackReserve, StackCommit, lpStartAddress, lpParameter, phThread, ClientId
  );
end;

// Dynamic version of RtlCutoverTimeToSystemTime
function  RtlCutoverTimeToSystemTime(
    TargetTimeFields : PTIME_FIELDS;
    Time : PLARGE_INTEGER;
    CurrentTime : PLARGE_INTEGER;
    bUnknown : BOOLEAN
  ): BOOLEAN; stdcall;
begin
  GetProcedureAddress(_RtlCutoverTimeToSystemTime, ntdll, 'RtlCutoverTimeToSystemTime');
  Result := TFNRtlCutoverTimeToSystemTime(_RtlCutoverTimeToSystemTime)(
    TargetTimeFields, Time, CurrentTime, bUnknown
  );
end;

// Dynamic version of RtlDeNormalizeProcessParams
function  RtlDeNormalizeProcessParams(
    ProcessParameters : PRTL_USER_PROCESS_PARAMETERS
  ): PRTL_USER_PROCESS_PARAMETERS; stdcall;
begin
  GetProcedureAddress(_RtlDeNormalizeProcessParams, ntdll, 'RtlDeNormalizeProcessParams');
  Result := TFNRtlDeNormalizeProcessParams(_RtlDeNormalizeProcessParams)(
    ProcessParameters
  );
end;

// Dynamic version of RtlDeleteAce
function  RtlDeleteAce(
    pAcl : PACL;
    dwAceIndex : DWORD
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlDeleteAce, ntdll, 'RtlDeleteAce');
  Result := TFNRtlDeleteAce(_RtlDeleteAce)(
    pAcl, dwAceIndex
  );
end;

// Dynamic version of RtlDeleteCriticalSection
procedure RtlDeleteCriticalSection(
    lpCriticalSection : PRTL_CRITICAL_SECTION
  ); stdcall;
begin
  GetProcedureAddress(_RtlDeleteCriticalSection, ntdll, 'RtlDeleteCriticalSection');
  TFNRtlDeleteCriticalSection(_RtlDeleteCriticalSection)(
    lpCriticalSection
  );
end;

// Dynamic version of RtlDeleteOwnersRanges
function  RtlDeleteOwnersRanges(
    RangeList : PRTL_RANGE_LIST;
    Owner : PVOID
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlDeleteOwnersRanges, ntdll, 'RtlDeleteOwnersRanges');
  Result := TFNRtlDeleteOwnersRanges(_RtlDeleteOwnersRanges)(
    RangeList, Owner
  );
end;

// Dynamic version of RtlDeleteRange
function  RtlDeleteRange(
    RangeList : PRTL_RANGE_LIST;
    Start : ULONGLONG;
    End_ : ULONGLONG;
    Owner : PVOID
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlDeleteRange, ntdll, 'RtlDeleteRange');
  Result := TFNRtlDeleteRange(_RtlDeleteRange)(
    RangeList, Start, End_, Owner
  );
end;

// Dynamic version of RtlDeleteRegistryValue
function  RtlDeleteRegistryValue(
    RelativeTo : ULONG;
    Path : LPCWSTR;
    ValueName : LPCWSTR
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlDeleteRegistryValue, ntdll, 'RtlDeleteRegistryValue');
  Result := TFNRtlDeleteRegistryValue(_RtlDeleteRegistryValue)(
    RelativeTo, Path, ValueName
  );
end;

// Dynamic version of RtlDestroyHeap
function  RtlDestroyHeap(
    HeapHandle : HANDLE
  ): HANDLE; stdcall;
begin
  GetProcedureAddress(_RtlDestroyHeap, ntdll, 'RtlDestroyHeap');
  Result := TFNRtlDestroyHeap(_RtlDestroyHeap)(
    HeapHandle
  );
end;

// Dynamic version of RtlDestroyProcessParameters
function  RtlDestroyProcessParameters(
    ProcessParameters : PRTL_USER_PROCESS_PARAMETERS
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlDestroyProcessParameters, ntdll, 'RtlDestroyProcessParameters');
  Result := TFNRtlDestroyProcessParameters(_RtlDestroyProcessParameters)(
    ProcessParameters
  );
end;

// Dynamic version of RtlDestroyQueryDebugBuffer
function  RtlDestroyQueryDebugBuffer(
    DebugBuffer : PDEBUG_BUFFER
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlDestroyQueryDebugBuffer, ntdll, 'RtlDestroyQueryDebugBuffer');
  Result := TFNRtlDestroyQueryDebugBuffer(_RtlDestroyQueryDebugBuffer)(
    DebugBuffer
  );
end;

// Dynamic version of RtlDetermineDosPathNameType_U
function  RtlDetermineDosPathNameType_U(
    wcsPathNameType : PWSTR
  ): ULONG; stdcall;
begin
  GetProcedureAddress(_RtlDetermineDosPathNameType_U, ntdll, 'RtlDetermineDosPathNameType_U');
  Result := TFNRtlDetermineDosPathNameType_U(_RtlDetermineDosPathNameType_U)(
    wcsPathNameType
  );
end;

// Dynamic version of RtlDnsHostNameToComputerName
function  RtlDnsHostNameToComputerName(
    ComputerName : PUNICODE_STRING;
    DnsName : PUNICODE_STRING;
    AllocateComputerNameString : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlDnsHostNameToComputerName, ntdll, 'RtlDnsHostNameToComputerName');
  Result := TFNRtlDnsHostNameToComputerName(_RtlDnsHostNameToComputerName)(
    ComputerName, DnsName, AllocateComputerNameString
  );
end;

// Dynamic version of RtlDoesFileExists_U
function  RtlDoesFileExists_U(
    FileName : PWSTR
  ): BOOLEAN; stdcall;
begin
  GetProcedureAddress(_RtlDoesFileExists_U, ntdll, 'RtlDoesFileExists_U');
  Result := TFNRtlDoesFileExists_U(_RtlDoesFileExists_U)(
    FileName
  );
end;

// Dynamic version of RtlDosPathNameToNtPathName_U
function  RtlDosPathNameToNtPathName_U(
    DosName : PWSTR;
    var NtName : UNICODE_STRING;
    DosFilePath : PPWSTR;
    NtFilePath : PUNICODE_STRING
  ): BOOLEAN; stdcall;
begin
  GetProcedureAddress(_RtlDosPathNameToNtPathName_U, ntdll, 'RtlDosPathNameToNtPathName_U');
  Result := TFNRtlDosPathNameToNtPathName_U(_RtlDosPathNameToNtPathName_U)(
    DosName, NtName, DosFilePath, NtFilePath
  );
end;

// Dynamic version of RtlDosSearchPath_U
function  RtlDosSearchPath_U(
    SearchPath : PWSTR;
    Name : PWSTR;
    Ext : PWSTR;
    cbBuf : ULONG;
    Buffer : PWSTR;
    var Shortname : PWSTR
  ): ULONG; stdcall;
begin
  GetProcedureAddress(_RtlDosSearchPath_U, ntdll, 'RtlDosSearchPath_U');
  Result := TFNRtlDosSearchPath_U(_RtlDosSearchPath_U)(
    SearchPath, Name, Ext, cbBuf, Buffer, Shortname
  );
end;

// Dynamic version of RtlDowncaseUnicodeChar
function  RtlDowncaseUnicodeChar(
    Source : WCHAR
  ): WCHAR; stdcall;
begin
  GetProcedureAddress(_RtlDowncaseUnicodeChar, ntdll, 'RtlDowncaseUnicodeChar');
  Result := TFNRtlDowncaseUnicodeChar(_RtlDowncaseUnicodeChar)(
    Source
  );
end;

// Dynamic version of RtlDowncaseUnicodeString
function  RtlDowncaseUnicodeString(
    DestinationString : PUNICODE_STRING;
    SourceString : PUNICODE_STRING;
    AllocateDestinationString : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlDowncaseUnicodeString, ntdll, 'RtlDowncaseUnicodeString');
  Result := TFNRtlDowncaseUnicodeString(_RtlDowncaseUnicodeString)(
    DestinationString, SourceString, AllocateDestinationString
  );
end;

// Dynamic version of RtlDuplicateUnicodeString
function  RtlDuplicateUnicodeString(
    AddTerminatingZero : ULONG;
    Source : PUNICODE_STRING;
    Destination : PUNICODE_STRING
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlDuplicateUnicodeString, ntdll, 'RtlDuplicateUnicodeString');
  Result := TFNRtlDuplicateUnicodeString(_RtlDuplicateUnicodeString)(
    AddTerminatingZero, Source, Destination
  );
end;

// Dynamic version of RtlEnableEarlyCriticalSectionEventCreation
procedure RtlEnableEarlyCriticalSectionEventCreation(); stdcall;
begin
  GetProcedureAddress(_RtlEnableEarlyCriticalSectionEventCreation, ntdll, 'RtlEnableEarlyCriticalSectionEventCreation');
  TFNRtlEnableEarlyCriticalSectionEventCreation(_RtlEnableEarlyCriticalSectionEventCreation)();
end;

// Dynamic version of RtlEnlargedIntegerMultiply
function  RtlEnlargedIntegerMultiply(
    Multiplicand : LONG;
    Multiplier : LONG
  ): LARGE_INTEGER; stdcall;
begin
  GetProcedureAddress(_RtlEnlargedIntegerMultiply, ntdll, 'RtlEnlargedIntegerMultiply');
  Result := TFNRtlEnlargedIntegerMultiply(_RtlEnlargedIntegerMultiply)(
    Multiplicand, Multiplier
  );
end;

// Dynamic version of RtlEnlargedUnsignedDivide
function  RtlEnlargedUnsignedDivide(
    Dividend : ULARGE_INTEGER;
    Divisor : ULONG;
    Remainder : PULONG
  ): ULONG; stdcall;
begin
  GetProcedureAddress(_RtlEnlargedUnsignedDivide, ntdll, 'RtlEnlargedUnsignedDivide');
  Result := TFNRtlEnlargedUnsignedDivide(_RtlEnlargedUnsignedDivide)(
    Dividend, Divisor, Remainder
  );
end;

// Dynamic version of RtlEnlargedUnsignedMultiply
function  RtlEnlargedUnsignedMultiply(
    Multiplicand : ULONG;
    Multiplier : ULONG
  ): LARGE_INTEGER; stdcall;
begin
  GetProcedureAddress(_RtlEnlargedUnsignedMultiply, ntdll, 'RtlEnlargedUnsignedMultiply');
  Result := TFNRtlEnlargedUnsignedMultiply(_RtlEnlargedUnsignedMultiply)(
    Multiplicand, Multiplier
  );
end;

// Dynamic version of RtlEnterCriticalSection
procedure RtlEnterCriticalSection(
    lpCriticalSection : PRTL_CRITICAL_SECTION
  ); stdcall;
begin
  GetProcedureAddress(_RtlEnterCriticalSection, ntdll, 'RtlEnterCriticalSection');
  TFNRtlEnterCriticalSection(_RtlEnterCriticalSection)(
    lpCriticalSection
  );
end;

// Dynamic version of RtlEqualComputerName
function  RtlEqualComputerName(
    String1 : PUNICODE_STRING;
    String2 : PUNICODE_STRING
  ): BOOLEAN; stdcall;
begin
  GetProcedureAddress(_RtlEqualComputerName, ntdll, 'RtlEqualComputerName');
  Result := TFNRtlEqualComputerName(_RtlEqualComputerName)(
    String1, String2
  );
end;

// Dynamic version of RtlEqualDomainName
function  RtlEqualDomainName(
    String1 : PUNICODE_STRING;
    String2 : PUNICODE_STRING
  ): BOOLEAN; stdcall;
begin
  GetProcedureAddress(_RtlEqualDomainName, ntdll, 'RtlEqualDomainName');
  Result := TFNRtlEqualDomainName(_RtlEqualDomainName)(
    String1, String2
  );
end;

// Dynamic version of RtlEqualLuid
function  RtlEqualLuid(
    Luid1 : PLUID;
    Luid2 : PLUID
  ): BOOLEAN; stdcall;
begin
  GetProcedureAddress(_RtlEqualLuid, ntdll, 'RtlEqualLuid');
  Result := TFNRtlEqualLuid(_RtlEqualLuid)(
    Luid1, Luid2
  );
end;

// Dynamic version of RtlEqualPrefixSid
function  RtlEqualPrefixSid(
    pSid1 : PSID;
    pSid2 : PSID
  ): BOOLEAN; stdcall;
begin
  GetProcedureAddress(_RtlEqualPrefixSid, ntdll, 'RtlEqualPrefixSid');
  Result := TFNRtlEqualPrefixSid(_RtlEqualPrefixSid)(
    pSid1, pSid2
  );
end;

// Dynamic version of RtlEqualSid
function  RtlEqualSid(
    pSid1 : PSID;
    pSid2 : PSID
  ): BOOLEAN; stdcall;
begin
  GetProcedureAddress(_RtlEqualSid, ntdll, 'RtlEqualSid');
  Result := TFNRtlEqualSid(_RtlEqualSid)(
    pSid1, pSid2
  );
end;

// Dynamic version of RtlEqualString
function  RtlEqualString(
    String1 : PSTRING;
    String2 : PSTRING;
    CaseInsensitive : BOOLEAN
  ): BOOLEAN; stdcall;
begin
  GetProcedureAddress(_RtlEqualString, ntdll, 'RtlEqualString');
  Result := TFNRtlEqualString(_RtlEqualString)(
    String1, String2, CaseInsensitive
  );
end;

// Dynamic version of RtlEqualUnicodeString
function  RtlEqualUnicodeString(
    String1 : PUNICODE_STRING;
    String2 : PUNICODE_STRING;
    CaseInsensitive : BOOLEAN
  ): BOOLEAN; stdcall;
begin
  GetProcedureAddress(_RtlEqualUnicodeString, ntdll, 'RtlEqualUnicodeString');
  Result := TFNRtlEqualUnicodeString(_RtlEqualUnicodeString)(
    String1, String2, CaseInsensitive
  );
end;

// Dynamic version of RtlEraseUnicodeString
procedure RtlEraseUnicodeString(
    Str : PUNICODE_STRING
  ); stdcall;
begin
  GetProcedureAddress(_RtlEraseUnicodeString, ntdll, 'RtlEraseUnicodeString');
  TFNRtlEraseUnicodeString(_RtlEraseUnicodeString)(
    Str
  );
end;

// Dynamic version of RtlExpandEnvironmentStrings_U
function  RtlExpandEnvironmentStrings_U(
    Environment : PVOID;
    Source : PUNICODE_STRING;
    Destination : PUNICODE_STRING;
    ReturnedLength : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlExpandEnvironmentStrings_U, ntdll, 'RtlExpandEnvironmentStrings_U');
  Result := TFNRtlExpandEnvironmentStrings_U(_RtlExpandEnvironmentStrings_U)(
    Environment, Source, Destination, ReturnedLength
  );
end;

// Dynamic version of RtlExtendedIntegerMultiply
function  RtlExtendedIntegerMultiply(
    Multiplicand : LARGE_INTEGER;
    Multiplier : LONG
  ): LARGE_INTEGER; stdcall;
begin
  GetProcedureAddress(_RtlExtendedIntegerMultiply, ntdll, 'RtlExtendedIntegerMultiply');
  Result := TFNRtlExtendedIntegerMultiply(_RtlExtendedIntegerMultiply)(
    Multiplicand, Multiplier
  );
end;

// Dynamic version of RtlExtendedLargeIntegerDivide
function  RtlExtendedLargeIntegerDivide(
    Dividend : LARGE_INTEGER;
    Divisor : ULONG;
    Remainder : PULONG
  ): LARGE_INTEGER; stdcall;
begin
  GetProcedureAddress(_RtlExtendedLargeIntegerDivide, ntdll, 'RtlExtendedLargeIntegerDivide');
  Result := TFNRtlExtendedLargeIntegerDivide(_RtlExtendedLargeIntegerDivide)(
    Dividend, Divisor, Remainder
  );
end;

// Dynamic version of RtlExtendedMagicDivide
function  RtlExtendedMagicDivide(
    Dividend : LARGE_INTEGER;
    MagicDivisor : LARGE_INTEGER;
    ShiftCount : CCHAR
  ): LARGE_INTEGER; stdcall;
begin
  GetProcedureAddress(_RtlExtendedMagicDivide, ntdll, 'RtlExtendedMagicDivide');
  Result := TFNRtlExtendedMagicDivide(_RtlExtendedMagicDivide)(
    Dividend, MagicDivisor, ShiftCount
  );
end;

// Dynamic version of RtlFillMemory
procedure RtlFillMemory(
    Destination : PVOID;
    Length : SIZE_T;
    Fill : UCHAR
  ); stdcall;
begin
  GetProcedureAddress(_RtlFillMemory, ntdll, 'RtlFillMemory');
  TFNRtlFillMemory(_RtlFillMemory)(
    Destination, Length, Fill
  );
end;

// Dynamic version of RtlFillMemoryUlong
procedure RtlFillMemoryUlong(
    Destination : PVOID;
    Length : ULONG;
    Fill : ULONG
  ); stdcall;
begin
  GetProcedureAddress(_RtlFillMemoryUlong, ntdll, 'RtlFillMemoryUlong');
  TFNRtlFillMemoryUlong(_RtlFillMemoryUlong)(
    Destination, Length, Fill
  );
end;

// Dynamic version of RtlFindCharInUnicodeString
function  RtlFindCharInUnicodeString(
    dwFlags : ULONG;
    UnicodeString : PUNICODE_STRING;
    CharactersToFind : PUNICODE_STRING;
    Positions : PUSHORT
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlFindCharInUnicodeString, ntdll, 'RtlFindCharInUnicodeString');
  Result := TFNRtlFindCharInUnicodeString(_RtlFindCharInUnicodeString)(
    dwFlags, UnicodeString, CharactersToFind, Positions
  );
end;

// Dynamic version of RtlFindClearBits
function  RtlFindClearBits(
    BitMapHeader : PRTL_BITMAP;
    NumberToFind : ULONG;
    HintIndex : ULONG
  ): ULONG; stdcall;
begin
  GetProcedureAddress(_RtlFindClearBits, ntdll, 'RtlFindClearBits');
  Result := TFNRtlFindClearBits(_RtlFindClearBits)(
    BitMapHeader, NumberToFind, HintIndex
  );
end;

// Dynamic version of RtlFindClearBitsAndSet
function  RtlFindClearBitsAndSet(
    BitMapHeader : PRTL_BITMAP;
    NumberToFind : ULONG;
    HintIndex : ULONG
  ): ULONG; stdcall;
begin
  GetProcedureAddress(_RtlFindClearBitsAndSet, ntdll, 'RtlFindClearBitsAndSet');
  Result := TFNRtlFindClearBitsAndSet(_RtlFindClearBitsAndSet)(
    BitMapHeader, NumberToFind, HintIndex
  );
end;

// Dynamic version of RtlFindLastBackwardRunClear
function  RtlFindLastBackwardRunClear(
    BitMapHeader : PRTL_BITMAP;
    FromIndex : ULONG;
    StartingRunIndex : PULONG
  ): ULONG; stdcall;
begin
  GetProcedureAddress(_RtlFindLastBackwardRunClear, ntdll, 'RtlFindLastBackwardRunClear');
  Result := TFNRtlFindLastBackwardRunClear(_RtlFindLastBackwardRunClear)(
    BitMapHeader, FromIndex, StartingRunIndex
  );
end;

// Dynamic version of RtlFindLeastSignificantBit
function  RtlFindLeastSignificantBit(
    Set_ : ULONGLONG
  ): CCHAR; stdcall;
begin
  GetProcedureAddress(_RtlFindLeastSignificantBit, ntdll, 'RtlFindLeastSignificantBit');
  Result := TFNRtlFindLeastSignificantBit(_RtlFindLeastSignificantBit)(
    Set_
  );
end;

// Dynamic version of RtlFindLongestRunClear
function  RtlFindLongestRunClear(
    BitMapHeader : PRTL_BITMAP;
    StartingIndex : PULONG
  ): ULONG; stdcall;
begin
  GetProcedureAddress(_RtlFindLongestRunClear, ntdll, 'RtlFindLongestRunClear');
  Result := TFNRtlFindLongestRunClear(_RtlFindLongestRunClear)(
    BitMapHeader, StartingIndex
  );
end;

// Dynamic version of RtlFindMostSignificantBit
function  RtlFindMostSignificantBit(
    Set_ : ULONGLONG
  ): CCHAR; stdcall;
begin
  GetProcedureAddress(_RtlFindMostSignificantBit, ntdll, 'RtlFindMostSignificantBit');
  Result := TFNRtlFindMostSignificantBit(_RtlFindMostSignificantBit)(
    Set_
  );
end;

// Dynamic version of RtlFindNextForwardRunClear
function  RtlFindNextForwardRunClear(
    BitMapHeader : PRTL_BITMAP;
    FromIndex : ULONG;
    StartingRunIndex : PULONG
  ): ULONG; stdcall;
begin
  GetProcedureAddress(_RtlFindNextForwardRunClear, ntdll, 'RtlFindNextForwardRunClear');
  Result := TFNRtlFindNextForwardRunClear(_RtlFindNextForwardRunClear)(
    BitMapHeader, FromIndex, StartingRunIndex
  );
end;

// Dynamic version of RtlFindRange
function  RtlFindRange(
    RangeList : PRTL_RANGE_LIST;
    Minimum : ULONGLONG;
    Maximum : ULONGLONG;
    Length : ULONG;
    Alignment : ULONG;
    Flags : ULONG;
    AttributeAvailableMask : UCHAR;
    Context : PVOID;
    Callback : PRTL_CONFLICT_RANGE_CALLBACK;
    Start : PULONGLONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlFindRange, ntdll, 'RtlFindRange');
  Result := TFNRtlFindRange(_RtlFindRange)(
    RangeList, Minimum, Maximum, Length, Alignment, Flags, AttributeAvailableMask, Context, Callback, Start
  );
end;

// Dynamic version of RtlFindSetBits
function  RtlFindSetBits(
    BitMapHeader : PRTL_BITMAP;
    NumberToFind : ULONG;
    HintIndex : ULONG
  ): ULONG; stdcall;
begin
  GetProcedureAddress(_RtlFindSetBits, ntdll, 'RtlFindSetBits');
  Result := TFNRtlFindSetBits(_RtlFindSetBits)(
    BitMapHeader, NumberToFind, HintIndex
  );
end;

// Dynamic version of RtlFindSetBitsAndClear
function  RtlFindSetBitsAndClear(
    BitMapHeader : PRTL_BITMAP;
    NumberToFind : ULONG;
    HintIndex : ULONG
  ): ULONG; stdcall;
begin
  GetProcedureAddress(_RtlFindSetBitsAndClear, ntdll, 'RtlFindSetBitsAndClear');
  Result := TFNRtlFindSetBitsAndClear(_RtlFindSetBitsAndClear)(
    BitMapHeader, NumberToFind, HintIndex
  );
end;

// Dynamic version of RtlFirstFreeAce
function  RtlFirstFreeAce(
    pAcl : PACL;
    var pAce : PVOID
  ): BOOLEAN; stdcall;
begin
  GetProcedureAddress(_RtlFirstFreeAce, ntdll, 'RtlFirstFreeAce');
  Result := TFNRtlFirstFreeAce(_RtlFirstFreeAce)(
    pAcl, pAce
  );
end;

// Dynamic version of RtlFormatCurrentUserKeyPath
function  RtlFormatCurrentUserKeyPath(
    CurrentUserKeyPath : PUNICODE_STRING
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlFormatCurrentUserKeyPath, ntdll, 'RtlFormatCurrentUserKeyPath');
  Result := TFNRtlFormatCurrentUserKeyPath(_RtlFormatCurrentUserKeyPath)(
    CurrentUserKeyPath
  );
end;

// Dynamic version of RtlFreeAnsiString
procedure RtlFreeAnsiString(
    AnsiString : PANSI_STRING
  ); stdcall;
begin
  GetProcedureAddress(_RtlFreeAnsiString, ntdll, 'RtlFreeAnsiString');
  TFNRtlFreeAnsiString(_RtlFreeAnsiString)(
    AnsiString
  );
end;

// Dynamic version of RtlFreeHeap
function  RtlFreeHeap(
    hHeap : HANDLE;
    dwFlags : ULONG;
    MemoryPointer : PVOID
  ): BOOLEAN; stdcall;
begin
  GetProcedureAddress(_RtlFreeHeap, ntdll, 'RtlFreeHeap');
  Result := TFNRtlFreeHeap(_RtlFreeHeap)(
    hHeap, dwFlags, MemoryPointer
  );
end;

// Dynamic version of RtlFreeOemString
procedure RtlFreeOemString(
    OemString : POEM_STRING
  ); stdcall;
begin
  GetProcedureAddress(_RtlFreeOemString, ntdll, 'RtlFreeOemString');
  TFNRtlFreeOemString(_RtlFreeOemString)(
    OemString
  );
end;

// Dynamic version of RtlFreeRangeList
procedure RtlFreeRangeList(
    RangeList : PRTL_RANGE_LIST
  ); stdcall;
begin
  GetProcedureAddress(_RtlFreeRangeList, ntdll, 'RtlFreeRangeList');
  TFNRtlFreeRangeList(_RtlFreeRangeList)(
    RangeList
  );
end;

// Dynamic version of RtlFreeSid
function  RtlFreeSid(
    pSid : PSID
  ): PVOID; stdcall;
begin
  GetProcedureAddress(_RtlFreeSid, ntdll, 'RtlFreeSid');
  Result := TFNRtlFreeSid(_RtlFreeSid)(
    pSid
  );
end;

// Dynamic version of RtlFreeUnicodeString
procedure RtlFreeUnicodeString(
    UnicodeString : PUNICODE_STRING
  ); stdcall;
begin
  GetProcedureAddress(_RtlFreeUnicodeString, ntdll, 'RtlFreeUnicodeString');
  TFNRtlFreeUnicodeString(_RtlFreeUnicodeString)(
    UnicodeString
  );
end;

// Dynamic version of RtlGUIDFromString
function  RtlGUIDFromString(
    GuidString : PUNICODE_STRING;
    Guid : LPGUID
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlGUIDFromString, ntdll, 'RtlGUIDFromString');
  Result := TFNRtlGUIDFromString(_RtlGUIDFromString)(
    GuidString, Guid
  );
end;

// Dynamic version of RtlGetAce
function  RtlGetAce(
    pAcl : PACL;
    dwAceIndex : DWORD;
    var pAce : PVOID
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlGetAce, ntdll, 'RtlGetAce');
  Result := TFNRtlGetAce(_RtlGetAce)(
    pAcl, dwAceIndex, pAce
  );
end;

// Dynamic version of RtlGetCallersAddress
procedure RtlGetCallersAddress(
    CallersAddress : PPVOID;
    CallersCaller : PPVOID
  ); stdcall;
begin
  GetProcedureAddress(_RtlGetCallersAddress, ntdll, 'RtlGetCallersAddress');
  TFNRtlGetCallersAddress(_RtlGetCallersAddress)(
    CallersAddress, CallersCaller
  );
end;

// Dynamic version of RtlGetControlSecurityDescriptor
function  RtlGetControlSecurityDescriptor(
    pSecurityDescriptor : PSECURITY_DESCRIPTOR;
    var Control : SECURITY_DESCRIPTOR_CONTROL;
    var dwRevision : DWORD
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlGetControlSecurityDescriptor, ntdll, 'RtlGetControlSecurityDescriptor');
  Result := TFNRtlGetControlSecurityDescriptor(_RtlGetControlSecurityDescriptor)(
    pSecurityDescriptor, Control, dwRevision
  );
end;

// Dynamic version of RtlGetCurrentDirectory_U
function  RtlGetCurrentDirectory_U(
    MaximumLength : ULONG;
    Buffer : PWSTR
  ): ULONG; stdcall;
begin
  GetProcedureAddress(_RtlGetCurrentDirectory_U, ntdll, 'RtlGetCurrentDirectory_U');
  Result := TFNRtlGetCurrentDirectory_U(_RtlGetCurrentDirectory_U)(
    MaximumLength, Buffer
  );
end;

// Dynamic version of RtlGetCurrentPeb
function  RtlGetCurrentPeb(): PPEB; stdcall;
begin
  GetProcedureAddress(_RtlGetCurrentPeb, ntdll, 'RtlGetCurrentPeb');
  Result := TFNRtlGetCurrentPeb(_RtlGetCurrentPeb)();
end;

// Dynamic version of RtlGetDaclSecurityDescriptor
function  RtlGetDaclSecurityDescriptor(
    pSecurityDescriptor : PSECURITY_DESCRIPTOR;
    var bDaclPresent : BOOLEAN;
    var Dacl : PACL;
    var bDaclDefaulted : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlGetDaclSecurityDescriptor, ntdll, 'RtlGetDaclSecurityDescriptor');
  Result := TFNRtlGetDaclSecurityDescriptor(_RtlGetDaclSecurityDescriptor)(
    pSecurityDescriptor, bDaclPresent, Dacl, bDaclDefaulted
  );
end;

// Dynamic version of RtlGetFirstRange
function  RtlGetFirstRange(
    RangeList : PRTL_RANGE_LIST;
    Iterator : PRTL_RANGE_LIST_ITERATOR;
    var Range : PRTL_RANGE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlGetFirstRange, ntdll, 'RtlGetFirstRange');
  Result := TFNRtlGetFirstRange(_RtlGetFirstRange)(
    RangeList, Iterator, Range
  );
end;

// Dynamic version of RtlGetFullPathName_U
function  RtlGetFullPathName_U(
    DosName : PWSTR;
    Size : ULONG;
    Buf : PWSTR;
    var Shortname : PWSTR
  ): ULONG; stdcall;
begin
  GetProcedureAddress(_RtlGetFullPathName_U, ntdll, 'RtlGetFullPathName_U');
  Result := TFNRtlGetFullPathName_U(_RtlGetFullPathName_U)(
    DosName, Size, Buf, Shortname
  );
end;

// Dynamic version of RtlGetGroupSecurityDescriptor
function  RtlGetGroupSecurityDescriptor(
    pSecurityDescriptor : PSECURITY_DESCRIPTOR;
    var pGroup : PSID;
    var bGroupDefaulted : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlGetGroupSecurityDescriptor, ntdll, 'RtlGetGroupSecurityDescriptor');
  Result := TFNRtlGetGroupSecurityDescriptor(_RtlGetGroupSecurityDescriptor)(
    pSecurityDescriptor, pGroup, bGroupDefaulted
  );
end;

// Dynamic version of RtlGetLastNtStatus
function  RtlGetLastNtStatus(): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlGetLastNtStatus, ntdll, 'RtlGetLastNtStatus');
  Result := TFNRtlGetLastNtStatus(_RtlGetLastNtStatus)();
end;

// Dynamic version of RtlGetLongestNtPathLength
function  RtlGetLongestNtPathLength(): ULONG; stdcall;
begin
  GetProcedureAddress(_RtlGetLongestNtPathLength, ntdll, 'RtlGetLongestNtPathLength');
  Result := TFNRtlGetLongestNtPathLength(_RtlGetLongestNtPathLength)();
end;

// Dynamic version of RtlGetNextRange
function  RtlGetNextRange(
    Iterator : PRTL_RANGE_LIST_ITERATOR;
    var Range : PRTL_RANGE;
    MoveForwards : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlGetNextRange, ntdll, 'RtlGetNextRange');
  Result := TFNRtlGetNextRange(_RtlGetNextRange)(
    Iterator, Range, MoveForwards
  );
end;

// Dynamic version of RtlGetNtGlobalFlags
function  RtlGetNtGlobalFlags(): ULONG; stdcall;
begin
  GetProcedureAddress(_RtlGetNtGlobalFlags, ntdll, 'RtlGetNtGlobalFlags');
  Result := TFNRtlGetNtGlobalFlags(_RtlGetNtGlobalFlags)();
end;

// Dynamic version of RtlGetNtProductType
function  RtlGetNtProductType(
    var ProductType : ULONG
  ): BOOLEAN; stdcall;
begin
  GetProcedureAddress(_RtlGetNtProductType, ntdll, 'RtlGetNtProductType');
  Result := TFNRtlGetNtProductType(_RtlGetNtProductType)(
    ProductType
  );
end;

// Dynamic version of RtlGetNtVersionNumbers
procedure RtlGetNtVersionNumbers(
    var dwMajorVersion : ULONG;
    var dwMinorVersion : ULONG;
    UnknownCanBeNull : PDWORD
  ); stdcall;
begin
  GetProcedureAddress(_RtlGetNtVersionNumbers, ntdll, 'RtlGetNtVersionNumbers');
  TFNRtlGetNtVersionNumbers(_RtlGetNtVersionNumbers)(
    dwMajorVersion, dwMinorVersion, UnknownCanBeNull
  );
end;

// Dynamic version of RtlGetOwnerSecurityDescriptor
function  RtlGetOwnerSecurityDescriptor(
    pSecurityDescriptor : PSECURITY_DESCRIPTOR;
    var pOwner : PSID;
    var OwnerDefaulted : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlGetOwnerSecurityDescriptor, ntdll, 'RtlGetOwnerSecurityDescriptor');
  Result := TFNRtlGetOwnerSecurityDescriptor(_RtlGetOwnerSecurityDescriptor)(
    pSecurityDescriptor, pOwner, OwnerDefaulted
  );
end;

// Dynamic version of RtlGetProcessHeaps
function  RtlGetProcessHeaps(
    ArraySize : ULONG;
    HeapArray : PHANDLE
  ): ULONG; stdcall;
begin
  GetProcedureAddress(_RtlGetProcessHeaps, ntdll, 'RtlGetProcessHeaps');
  Result := TFNRtlGetProcessHeaps(_RtlGetProcessHeaps)(
    ArraySize, HeapArray
  );
end;

// Dynamic version of RtlGetSaclSecurityDescriptor
function  RtlGetSaclSecurityDescriptor(
    pSecurityDescriptor : PSECURITY_DESCRIPTOR;
    var bSaclPresent : BOOLEAN;
    var Sacl : PACL;
    var bSaclDefaulted : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlGetSaclSecurityDescriptor, ntdll, 'RtlGetSaclSecurityDescriptor');
  Result := TFNRtlGetSaclSecurityDescriptor(_RtlGetSaclSecurityDescriptor)(
    pSecurityDescriptor, bSaclPresent, Sacl, bSaclDefaulted
  );
end;

// Dynamic version of RtlGetVersion
function  RtlGetVersion(
    lpVersionInformation : PRTL_OSVERSIONINFOW
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlGetVersion, ntdll, 'RtlGetVersion');
  Result := TFNRtlGetVersion(_RtlGetVersion)(
    lpVersionInformation
  );
end;

// Dynamic version of RtlIdentifierAuthoritySid
function  RtlIdentifierAuthoritySid(
    Sid : PSID
  ): PSID_IDENTIFIER_AUTHORITY; stdcall;
begin
  GetProcedureAddress(_RtlIdentifierAuthoritySid, ntdll, 'RtlIdentifierAuthoritySid');
  Result := TFNRtlIdentifierAuthoritySid(_RtlIdentifierAuthoritySid)(
    Sid
  );
end;

// Dynamic version of RtlImageDirectoryEntryToData
function  RtlImageDirectoryEntryToData(
    ImageBase : HMODULE;
    MappedAsImage : BOOLEAN;
    DirectoryEntry : USHORT;
    Size : PULONG
  ): PVOID; stdcall;
begin
  GetProcedureAddress(_RtlImageDirectoryEntryToData, ntdll, 'RtlImageDirectoryEntryToData');
  Result := TFNRtlImageDirectoryEntryToData(_RtlImageDirectoryEntryToData)(
    ImageBase, MappedAsImage, DirectoryEntry, Size
  );
end;

// Dynamic version of RtlImageNtHeader
function  RtlImageNtHeader(
    ImageBase : HMODULE
  ): PIMAGE_NT_HEADERS; stdcall;
begin
  GetProcedureAddress(_RtlImageNtHeader, ntdll, 'RtlImageNtHeader');
  Result := TFNRtlImageNtHeader(_RtlImageNtHeader)(
    ImageBase
  );
end;

// Dynamic version of RtlImageNtHeaderEx
function  RtlImageNtHeaderEx(
    dwFlags : DWORD;
    ImageBase : HMODULE
  ): PIMAGE_NT_HEADERS; stdcall;
begin
  GetProcedureAddress(_RtlImageNtHeaderEx, ntdll, 'RtlImageNtHeaderEx');
  Result := TFNRtlImageNtHeaderEx(_RtlImageNtHeaderEx)(
    dwFlags, ImageBase
  );
end;

// Dynamic version of RtlImageRvaToSection
function  RtlImageRvaToSection(
    NtHeaders : PIMAGE_NT_HEADERS;
    ImageBase : HMODULE;
    Rva : ULONG
  ): PIMAGE_SECTION_HEADER; stdcall;
begin
  GetProcedureAddress(_RtlImageRvaToSection, ntdll, 'RtlImageRvaToSection');
  Result := TFNRtlImageRvaToSection(_RtlImageRvaToSection)(
    NtHeaders, ImageBase, Rva
  );
end;

// Dynamic version of RtlImageRvaToVa
function  RtlImageRvaToVa(
    NtHeaders : PIMAGE_NT_HEADERS;
    ImageBase : HMODULE;
    Rva : ULONG;
    var LastRvaSection : PIMAGE_SECTION_HEADER
  ): PVOID; stdcall;
begin
  GetProcedureAddress(_RtlImageRvaToVa, ntdll, 'RtlImageRvaToVa');
  Result := TFNRtlImageRvaToVa(_RtlImageRvaToVa)(
    NtHeaders, ImageBase, Rva, LastRvaSection
  );
end;

// Dynamic version of RtlImpersonateSelf
function  RtlImpersonateSelf(
    ImpersonationLevel : SECURITY_IMPERSONATION_LEVEL
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlImpersonateSelf, ntdll, 'RtlImpersonateSelf');
  Result := TFNRtlImpersonateSelf(_RtlImpersonateSelf)(
    ImpersonationLevel
  );
end;

// Dynamic version of RtlInitAnsiString
procedure RtlInitAnsiString(
    DestinationString : PANSI_STRING;
    SourceString : PCSZ
  ); stdcall;
begin
  GetProcedureAddress(_RtlInitAnsiString, ntdll, 'RtlInitAnsiString');
  TFNRtlInitAnsiString(_RtlInitAnsiString)(
    DestinationString, SourceString
  );
end;

// Dynamic version of RtlInitAnsiStringEx
function  RtlInitAnsiStringEx(
    DestinationString : PANSI_STRING;
    SourceString : PCSZ
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlInitAnsiStringEx, ntdll, 'RtlInitAnsiStringEx');
  Result := TFNRtlInitAnsiStringEx(_RtlInitAnsiStringEx)(
    DestinationString, SourceString
  );
end;

// Dynamic version of RtlInitString
procedure RtlInitString(
    DestinationString : PSTRING;
    SourceString : PCSZ
  ); stdcall;
begin
  GetProcedureAddress(_RtlInitString, ntdll, 'RtlInitString');
  TFNRtlInitString(_RtlInitString)(
    DestinationString, SourceString
  );
end;

// Dynamic version of RtlInitUnicodeString
procedure RtlInitUnicodeString(
    DestinationString : PUNICODE_STRING;
    SourceString : LPCWSTR
  ); stdcall;
begin
  GetProcedureAddress(_RtlInitUnicodeString, ntdll, 'RtlInitUnicodeString');
  TFNRtlInitUnicodeString(_RtlInitUnicodeString)(
    DestinationString, SourceString
  );
end;

// Dynamic version of RtlInitUnicodeStringEx
function  RtlInitUnicodeStringEx(
    DestinationString : PUNICODE_STRING;
    SourceString : LPCWSTR
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlInitUnicodeStringEx, ntdll, 'RtlInitUnicodeStringEx');
  Result := TFNRtlInitUnicodeStringEx(_RtlInitUnicodeStringEx)(
    DestinationString, SourceString
  );
end;

// Dynamic version of RtlInitializeBitMap
procedure RtlInitializeBitMap(
    BitMapHeader : PRTL_BITMAP;
    BitMapBuffer : PULONG;
    SizeOfBitMap : ULONG
  ); stdcall;
begin
  GetProcedureAddress(_RtlInitializeBitMap, ntdll, 'RtlInitializeBitMap');
  TFNRtlInitializeBitMap(_RtlInitializeBitMap)(
    BitMapHeader, BitMapBuffer, SizeOfBitMap
  );
end;

// Dynamic version of RtlInitializeCriticalSection
function  RtlInitializeCriticalSection(
    lpCriticalSection : PRTL_CRITICAL_SECTION
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlInitializeCriticalSection, ntdll, 'RtlInitializeCriticalSection');
  Result := TFNRtlInitializeCriticalSection(_RtlInitializeCriticalSection)(
    lpCriticalSection
  );
end;

// Dynamic version of RtlInitializeCriticalSectionAndSpinCount
function  RtlInitializeCriticalSectionAndSpinCount(
    lpCriticalSection : PRTL_CRITICAL_SECTION;
    dwSpinCount : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlInitializeCriticalSectionAndSpinCount, ntdll, 'RtlInitializeCriticalSectionAndSpinCount');
  Result := TFNRtlInitializeCriticalSectionAndSpinCount(_RtlInitializeCriticalSectionAndSpinCount)(
    lpCriticalSection, dwSpinCount
  );
end;

// Dynamic version of RtlInitializeRangeList
procedure RtlInitializeRangeList(
    RangeList : PRTL_RANGE_LIST
  ); stdcall;
begin
  GetProcedureAddress(_RtlInitializeRangeList, ntdll, 'RtlInitializeRangeList');
  TFNRtlInitializeRangeList(_RtlInitializeRangeList)(
    RangeList
  );
end;

// Dynamic version of RtlInitializeSListHead
procedure RtlInitializeSListHead(
    ListHead : PSLIST_HEADER
  ); stdcall;
begin
  GetProcedureAddress(_RtlInitializeSListHead, ntdll, 'RtlInitializeSListHead');
  TFNRtlInitializeSListHead(_RtlInitializeSListHead)(
    ListHead
  );
end;

// Dynamic version of RtlInitializeSid
function  RtlInitializeSid(
    pSid : PSID;
    pIdentifierAuthority : PSID_IDENTIFIER_AUTHORITY;
    nSubAuthorityCount : UCHAR
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlInitializeSid, ntdll, 'RtlInitializeSid');
  Result := TFNRtlInitializeSid(_RtlInitializeSid)(
    pSid, pIdentifierAuthority, nSubAuthorityCount
  );
end;

// Dynamic version of RtlInt64ToUnicodeString
function  RtlInt64ToUnicodeString(
    Value : ULONGLONG;
    Base : ULONG;
    Str : PUNICODE_STRING
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlInt64ToUnicodeString, ntdll, 'RtlInt64ToUnicodeString');
  Result := TFNRtlInt64ToUnicodeString(_RtlInt64ToUnicodeString)(
    Value, Base, Str
  );
end;

// Dynamic version of RtlIntegerToChar
function  RtlIntegerToChar(
    Value : ULONG;
    Base : ULONG;
    Length : ULONG;
    Str : PCHAR
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlIntegerToChar, ntdll, 'RtlIntegerToChar');
  Result := TFNRtlIntegerToChar(_RtlIntegerToChar)(
    Value, Base, Length, Str
  );
end;

// Dynamic version of RtlIntegerToUnicodeString
function  RtlIntegerToUnicodeString(
    Value : ULONG;
    Base : ULONG;
    Str : PUNICODE_STRING
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlIntegerToUnicodeString, ntdll, 'RtlIntegerToUnicodeString');
  Result := TFNRtlIntegerToUnicodeString(_RtlIntegerToUnicodeString)(
    Value, Base, Str
  );
end;

// Dynamic version of RtlInterlockedFlushSList
function  RtlInterlockedFlushSList(
    ListHead : PSLIST_HEADER
  ): PSLIST_ENTRY; stdcall;
begin
  GetProcedureAddress(_RtlInterlockedFlushSList, ntdll, 'RtlInterlockedFlushSList');
  Result := TFNRtlInterlockedFlushSList(_RtlInterlockedFlushSList)(
    ListHead
  );
end;

// Dynamic version of RtlInterlockedPopEntrySList
function  RtlInterlockedPopEntrySList(
    ListHead : PSLIST_HEADER
  ): PSLIST_ENTRY; stdcall;
begin
  GetProcedureAddress(_RtlInterlockedPopEntrySList, ntdll, 'RtlInterlockedPopEntrySList');
  Result := TFNRtlInterlockedPopEntrySList(_RtlInterlockedPopEntrySList)(
    ListHead
  );
end;

// Dynamic version of RtlInterlockedPushEntrySList
function  RtlInterlockedPushEntrySList(
    ListHead : PSLIST_HEADER;
    ListEntry : PSLIST_ENTRY
  ): PSLIST_ENTRY; stdcall;
begin
  GetProcedureAddress(_RtlInterlockedPushEntrySList, ntdll, 'RtlInterlockedPushEntrySList');
  Result := TFNRtlInterlockedPushEntrySList(_RtlInterlockedPushEntrySList)(
    ListHead, ListEntry
  );
end;

// Dynamic version of RtlInvertRangeList
function  RtlInvertRangeList(
    InvertedRangeList : PRTL_RANGE_LIST;
    RangeList : PRTL_RANGE_LIST
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlInvertRangeList, ntdll, 'RtlInvertRangeList');
  Result := TFNRtlInvertRangeList(_RtlInvertRangeList)(
    InvertedRangeList, RangeList
  );
end;

// Dynamic version of RtlIpv4AddressToStringA
function  RtlIpv4AddressToStringA(
    IP : PULONG;
    Buffer : LPSTR
  ): LPSTR; stdcall;
begin
  GetProcedureAddress(_RtlIpv4AddressToStringA, ntdll, 'RtlIpv4AddressToStringA');
  Result := TFNRtlIpv4AddressToStringA(_RtlIpv4AddressToStringA)(
    IP, Buffer
  );
end;

// Dynamic version of RtlIpv4AddressToStringW
function  RtlIpv4AddressToStringW(
    IP : PULONG;
    Buffer : LPWSTR
  ): LPWSTR; stdcall;
begin
  GetProcedureAddress(_RtlIpv4AddressToStringW, ntdll, 'RtlIpv4AddressToStringW');
  Result := TFNRtlIpv4AddressToStringW(_RtlIpv4AddressToStringW)(
    IP, Buffer
  );
end;

// Dynamic version of RtlIsDosDeviceName_U
function  RtlIsDosDeviceName_U(
    TestString : LPCWSTR
  ): ULONG; stdcall;
begin
  GetProcedureAddress(_RtlIsDosDeviceName_U, ntdll, 'RtlIsDosDeviceName_U');
  Result := TFNRtlIsDosDeviceName_U(_RtlIsDosDeviceName_U)(
    TestString
  );
end;

// Dynamic version of RtlIsNameLegalDOS8Dot3
function  RtlIsNameLegalDOS8Dot3(
    Name : PUNICODE_STRING;
    OemName : POEM_STRING;
    NameContainsSpaces : PBOOLEAN
  ): BOOLEAN; stdcall;
begin
  GetProcedureAddress(_RtlIsNameLegalDOS8Dot3, ntdll, 'RtlIsNameLegalDOS8Dot3');
  Result := TFNRtlIsNameLegalDOS8Dot3(_RtlIsNameLegalDOS8Dot3)(
    Name, OemName, NameContainsSpaces
  );
end;

// Dynamic version of RtlIsRangeAvailable
function  RtlIsRangeAvailable(
    RangeList : PRTL_RANGE_LIST;
    Start : ULONGLONG;
    End_ : ULONGLONG;
    Flags : ULONG;
    AttributeAvailableMask : UCHAR;
    Context : PVOID;
    Callback : PRTL_CONFLICT_RANGE_CALLBACK;
    Available : PBOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlIsRangeAvailable, ntdll, 'RtlIsRangeAvailable');
  Result := TFNRtlIsRangeAvailable(_RtlIsRangeAvailable)(
    RangeList, Start, End_, Flags, AttributeAvailableMask, Context, Callback, Available
  );
end;

// Dynamic version of RtlIsTextUnicode
function  RtlIsTextUnicode(
    lpBuffer : PVOID;
    cb : Integer;
    lpi : LPINT
  ): BOOLEAN; stdcall;
begin
  GetProcedureAddress(_RtlIsTextUnicode, ntdll, 'RtlIsTextUnicode');
  Result := TFNRtlIsTextUnicode(_RtlIsTextUnicode)(
    lpBuffer, cb, lpi
  );
end;

// Dynamic version of RtlLargeIntegerAdd
function  RtlLargeIntegerAdd(
    Addend1 : LARGE_INTEGER;
    Addend2 : LARGE_INTEGER
  ): LARGE_INTEGER; stdcall;
begin
  GetProcedureAddress(_RtlLargeIntegerAdd, ntdll, 'RtlLargeIntegerAdd');
  Result := TFNRtlLargeIntegerAdd(_RtlLargeIntegerAdd)(
    Addend1, Addend2
  );
end;

// Dynamic version of RtlLargeIntegerArithmeticShift
function  RtlLargeIntegerArithmeticShift(
    LargeInteger : LARGE_INTEGER;
    ShiftCount : CCHAR
  ): LARGE_INTEGER; stdcall;
begin
  GetProcedureAddress(_RtlLargeIntegerArithmeticShift, ntdll, 'RtlLargeIntegerArithmeticShift');
  Result := TFNRtlLargeIntegerArithmeticShift(_RtlLargeIntegerArithmeticShift)(
    LargeInteger, ShiftCount
  );
end;

// Dynamic version of RtlLargeIntegerDivide
function  RtlLargeIntegerDivide(
    Dividend : LARGE_INTEGER;
    Divisor : LARGE_INTEGER;
    Remainder : PLARGE_INTEGER
  ): LARGE_INTEGER; stdcall;
begin
  GetProcedureAddress(_RtlLargeIntegerDivide, ntdll, 'RtlLargeIntegerDivide');
  Result := TFNRtlLargeIntegerDivide(_RtlLargeIntegerDivide)(
    Dividend, Divisor, Remainder
  );
end;

// Dynamic version of RtlLargeIntegerNegate
function  RtlLargeIntegerNegate(
    NegateThis : LARGE_INTEGER
  ): LARGE_INTEGER; stdcall;
begin
  GetProcedureAddress(_RtlLargeIntegerNegate, ntdll, 'RtlLargeIntegerNegate');
  Result := TFNRtlLargeIntegerNegate(_RtlLargeIntegerNegate)(
    NegateThis
  );
end;

// Dynamic version of RtlLargeIntegerShiftLeft
function  RtlLargeIntegerShiftLeft(
    LargeInteger : LARGE_INTEGER;
    ShiftCount : CCHAR
  ): LARGE_INTEGER; stdcall;
begin
  GetProcedureAddress(_RtlLargeIntegerShiftLeft, ntdll, 'RtlLargeIntegerShiftLeft');
  Result := TFNRtlLargeIntegerShiftLeft(_RtlLargeIntegerShiftLeft)(
    LargeInteger, ShiftCount
  );
end;

// Dynamic version of RtlLargeIntegerShiftRight
function  RtlLargeIntegerShiftRight(
    LargeInteger : LARGE_INTEGER;
    ShiftCount : CCHAR
  ): LARGE_INTEGER; stdcall;
begin
  GetProcedureAddress(_RtlLargeIntegerShiftRight, ntdll, 'RtlLargeIntegerShiftRight');
  Result := TFNRtlLargeIntegerShiftRight(_RtlLargeIntegerShiftRight)(
    LargeInteger, ShiftCount
  );
end;

// Dynamic version of RtlLargeIntegerSubtract
function  RtlLargeIntegerSubtract(
    Number : LARGE_INTEGER;
    Subtrahend : LARGE_INTEGER
  ): LARGE_INTEGER; stdcall;
begin
  GetProcedureAddress(_RtlLargeIntegerSubtract, ntdll, 'RtlLargeIntegerSubtract');
  Result := TFNRtlLargeIntegerSubtract(_RtlLargeIntegerSubtract)(
    Number, Subtrahend
  );
end;

// Dynamic version of RtlLargeIntegerToChar
function  RtlLargeIntegerToChar(
    Value : PLARGE_INTEGER;
    Base : ULONG;
    BufferLength : ULONG;
    Buffer : PCHAR
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlLargeIntegerToChar, ntdll, 'RtlLargeIntegerToChar');
  Result := TFNRtlLargeIntegerToChar(_RtlLargeIntegerToChar)(
    Value, Base, BufferLength, Buffer
  );
end;

// Dynamic version of RtlLeaveCriticalSection
procedure RtlLeaveCriticalSection(
    lpCriticalSection : PRTL_CRITICAL_SECTION
  ); stdcall;
begin
  GetProcedureAddress(_RtlLeaveCriticalSection, ntdll, 'RtlLeaveCriticalSection');
  TFNRtlLeaveCriticalSection(_RtlLeaveCriticalSection)(
    lpCriticalSection
  );
end;

// Dynamic version of RtlLengthRequiredSid
function  RtlLengthRequiredSid(
    nSubAuthorityCount : ULONG
  ): ULONG; stdcall;
begin
  GetProcedureAddress(_RtlLengthRequiredSid, ntdll, 'RtlLengthRequiredSid');
  Result := TFNRtlLengthRequiredSid(_RtlLengthRequiredSid)(
    nSubAuthorityCount
  );
end;

// Dynamic version of RtlLengthSecurityDescriptor
function  RtlLengthSecurityDescriptor(
    SecurityDescriptor : PSECURITY_DESCRIPTOR
  ): ULONG; stdcall;
begin
  GetProcedureAddress(_RtlLengthSecurityDescriptor, ntdll, 'RtlLengthSecurityDescriptor');
  Result := TFNRtlLengthSecurityDescriptor(_RtlLengthSecurityDescriptor)(
    SecurityDescriptor
  );
end;

// Dynamic version of RtlLengthSid
function  RtlLengthSid(
    pSid : PSID
  ): ULONG; stdcall;
begin
  GetProcedureAddress(_RtlLengthSid, ntdll, 'RtlLengthSid');
  Result := TFNRtlLengthSid(_RtlLengthSid)(
    pSid
  );
end;

// Dynamic version of RtlLocalTimeToSystemTime
function  RtlLocalTimeToSystemTime(
    LocalTime : PLARGE_INTEGER;
    SystemTime : PLARGE_INTEGER
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlLocalTimeToSystemTime, ntdll, 'RtlLocalTimeToSystemTime');
  Result := TFNRtlLocalTimeToSystemTime(_RtlLocalTimeToSystemTime)(
    LocalTime, SystemTime
  );
end;

// Dynamic version of RtlLockHeap
function  RtlLockHeap(
    hHeap : PVOID
  ): BOOLEAN; stdcall;
begin
  GetProcedureAddress(_RtlLockHeap, ntdll, 'RtlLockHeap');
  Result := TFNRtlLockHeap(_RtlLockHeap)(
    hHeap
  );
end;

// Dynamic version of RtlMakeSelfRelativeSD
function  RtlMakeSelfRelativeSD(
    pAbsoluteSD : PSECURITY_DESCRIPTOR;
    pSelfRelativeSD : PSECURITY_DESCRIPTOR;
    lpdwBufferLength : LPDWORD
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlMakeSelfRelativeSD, ntdll, 'RtlMakeSelfRelativeSD');
  Result := TFNRtlMakeSelfRelativeSD(_RtlMakeSelfRelativeSD)(
    pAbsoluteSD, pSelfRelativeSD, lpdwBufferLength
  );
end;

// Dynamic version of RtlMapGenericMask
procedure RtlMapGenericMask(
    AccessMask : PACCESS_MASK;
    GenericMapping : PGENERIC_MAPPING
  ); stdcall;
begin
  GetProcedureAddress(_RtlMapGenericMask, ntdll, 'RtlMapGenericMask');
  TFNRtlMapGenericMask(_RtlMapGenericMask)(
    AccessMask, GenericMapping
  );
end;

// Dynamic version of RtlMapSecurityErrorToNtStatus
function  RtlMapSecurityErrorToNtStatus(
    SecurityError : DWORD
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlMapSecurityErrorToNtStatus, ntdll, 'RtlMapSecurityErrorToNtStatus');
  Result := TFNRtlMapSecurityErrorToNtStatus(_RtlMapSecurityErrorToNtStatus)(
    SecurityError
  );
end;

// Dynamic version of RtlMergeRangeLists
function  RtlMergeRangeLists(
    MergedRangeList : PRTL_RANGE_LIST;
    RangeList1 : PRTL_RANGE_LIST;
    RangeList2 : PRTL_RANGE_LIST;
    Flags : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlMergeRangeLists, ntdll, 'RtlMergeRangeLists');
  Result := TFNRtlMergeRangeLists(_RtlMergeRangeLists)(
    MergedRangeList, RangeList1, RangeList2, Flags
  );
end;

// Dynamic version of RtlMoveMemory
procedure RtlMoveMemory(
    Destination : PVOID;
    Source : PVOID;
    Length : SIZE_T
  ); stdcall;
begin
  GetProcedureAddress(_RtlMoveMemory, ntdll, 'RtlMoveMemory');
  TFNRtlMoveMemory(_RtlMoveMemory)(
    Destination, Source, Length
  );
end;

// Dynamic version of RtlNormalizeProcessParams
function  RtlNormalizeProcessParams(
    ProcessParameters : PRTL_USER_PROCESS_PARAMETERS
  ): PRTL_USER_PROCESS_PARAMETERS; stdcall;
begin
  GetProcedureAddress(_RtlNormalizeProcessParams, ntdll, 'RtlNormalizeProcessParams');
  Result := TFNRtlNormalizeProcessParams(_RtlNormalizeProcessParams)(
    ProcessParameters
  );
end;

// Dynamic version of RtlNtStatusToDosError
function  RtlNtStatusToDosError(
    Status : NTSTATUS
  ): ULONG; stdcall;
begin
  GetProcedureAddress(_RtlNtStatusToDosError, ntdll, 'RtlNtStatusToDosError');
  Result := TFNRtlNtStatusToDosError(_RtlNtStatusToDosError)(
    Status
  );
end;

// Dynamic version of RtlNtStatusToDosErrorNoTeb
function  RtlNtStatusToDosErrorNoTeb(
    Status : NTSTATUS
  ): ULONG; stdcall;
begin
  GetProcedureAddress(_RtlNtStatusToDosErrorNoTeb, ntdll, 'RtlNtStatusToDosErrorNoTeb');
  Result := TFNRtlNtStatusToDosErrorNoTeb(_RtlNtStatusToDosErrorNoTeb)(
    Status
  );
end;

// Dynamic version of RtlNumberOfClearBits
function  RtlNumberOfClearBits(
    BitMapHeader : PRTL_BITMAP
  ): ULONG; stdcall;
begin
  GetProcedureAddress(_RtlNumberOfClearBits, ntdll, 'RtlNumberOfClearBits');
  Result := TFNRtlNumberOfClearBits(_RtlNumberOfClearBits)(
    BitMapHeader
  );
end;

// Dynamic version of RtlNumberOfSetBits
function  RtlNumberOfSetBits(
    BitMapHeader : PRTL_BITMAP
  ): ULONG; stdcall;
begin
  GetProcedureAddress(_RtlNumberOfSetBits, ntdll, 'RtlNumberOfSetBits');
  Result := TFNRtlNumberOfSetBits(_RtlNumberOfSetBits)(
    BitMapHeader
  );
end;

// Dynamic version of RtlOemStringToUnicodeSize
function  RtlOemStringToUnicodeSize(
    AnsiString : POEM_STRING
  ): ULONG; stdcall;
begin
  GetProcedureAddress(_RtlOemStringToUnicodeSize, ntdll, 'RtlOemStringToUnicodeSize');
  Result := TFNRtlOemStringToUnicodeSize(_RtlOemStringToUnicodeSize)(
    AnsiString
  );
end;

// Dynamic version of RtlOemStringToUnicodeString
function  RtlOemStringToUnicodeString(
    DestinationString : PUNICODE_STRING;
    SourceString : POEM_STRING;
    AllocateDestinationString : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlOemStringToUnicodeString, ntdll, 'RtlOemStringToUnicodeString');
  Result := TFNRtlOemStringToUnicodeString(_RtlOemStringToUnicodeString)(
    DestinationString, SourceString, AllocateDestinationString
  );
end;

// Dynamic version of RtlOemToUnicodeN
function  RtlOemToUnicodeN(
    UnicodeString : PWSTR;
    UnicodeSize : ULONG;
    var ResultSize : ULONG;
    OemString : PCHAR;
    OemSize : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlOemToUnicodeN, ntdll, 'RtlOemToUnicodeN');
  Result := TFNRtlOemToUnicodeN(_RtlOemToUnicodeN)(
    UnicodeString, UnicodeSize, ResultSize, OemString, OemSize
  );
end;

// Dynamic version of RtlOpenCurrentUser
function  RtlOpenCurrentUser(
    samDesired : ACCESS_MASK;
    phkResult : PHKEY
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlOpenCurrentUser, ntdll, 'RtlOpenCurrentUser');
  Result := TFNRtlOpenCurrentUser(_RtlOpenCurrentUser)(
    samDesired, phkResult
  );
end;

// Dynamic version of RtlPrefixString
function  RtlPrefixString(
    String1 : PANSI_STRING;
    String2 : PANSI_STRING;
    CaseInsensitive : BOOLEAN
  ): BOOLEAN; stdcall;
begin
  GetProcedureAddress(_RtlPrefixString, ntdll, 'RtlPrefixString');
  Result := TFNRtlPrefixString(_RtlPrefixString)(
    String1, String2, CaseInsensitive
  );
end;

// Dynamic version of RtlPrefixUnicodeString
function  RtlPrefixUnicodeString(
    String1 : PUNICODE_STRING;
    String2 : PUNICODE_STRING;
    CaseInsensitive : BOOLEAN
  ): BOOLEAN; stdcall;
begin
  GetProcedureAddress(_RtlPrefixUnicodeString, ntdll, 'RtlPrefixUnicodeString');
  Result := TFNRtlPrefixUnicodeString(_RtlPrefixUnicodeString)(
    String1, String2, CaseInsensitive
  );
end;

// Dynamic version of RtlQueryDepthSList
function  RtlQueryDepthSList(
    ListHead : PSLIST_HEADER
  ): USHORT; stdcall;
begin
  GetProcedureAddress(_RtlQueryDepthSList, ntdll, 'RtlQueryDepthSList');
  Result := TFNRtlQueryDepthSList(_RtlQueryDepthSList)(
    ListHead
  );
end;

// Dynamic version of RtlQueryEnvironmentVariable_U
function  RtlQueryEnvironmentVariable_U(
    Environment : PVOID;
    VarName : PUNICODE_STRING;
    VarValue : PUNICODE_STRING
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlQueryEnvironmentVariable_U, ntdll, 'RtlQueryEnvironmentVariable_U');
  Result := TFNRtlQueryEnvironmentVariable_U(_RtlQueryEnvironmentVariable_U)(
    Environment, VarName, VarValue
  );
end;

// Dynamic version of RtlQueryInformationAcl
function  RtlQueryInformationAcl(
    pAcl : PACL;
    pAclInformation : PVOID;
    nAclInformationLength : DWORD;
    dwAclInformationClass : ACL_INFORMATION_CLASS
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlQueryInformationAcl, ntdll, 'RtlQueryInformationAcl');
  Result := TFNRtlQueryInformationAcl(_RtlQueryInformationAcl)(
    pAcl, pAclInformation, nAclInformationLength, dwAclInformationClass
  );
end;

// Dynamic version of RtlQueryProcessDebugInformation
function  RtlQueryProcessDebugInformation(
    ProcessId : ULONG;
    DebugInfoClassMask : ULONG;
    DebugBuffer : PDEBUG_BUFFER
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlQueryProcessDebugInformation, ntdll, 'RtlQueryProcessDebugInformation');
  Result := TFNRtlQueryProcessDebugInformation(_RtlQueryProcessDebugInformation)(
    ProcessId, DebugInfoClassMask, DebugBuffer
  );
end;

// Dynamic version of RtlQueryRegistryValues
function  RtlQueryRegistryValues(
    RelativeTo : ULONG;
    Path : LPCWSTR;
    QueryTable : PRTL_QUERY_REGISTRY_TABLE;
    Context : PVOID;
    Environment : PVOID
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlQueryRegistryValues, ntdll, 'RtlQueryRegistryValues');
  Result := TFNRtlQueryRegistryValues(_RtlQueryRegistryValues)(
    RelativeTo, Path, QueryTable, Context, Environment
  );
end;

// Dynamic version of RtlRaiseStatus
procedure RtlRaiseStatus(
    Status : NTSTATUS
  ); stdcall;
begin
  GetProcedureAddress(_RtlRaiseStatus, ntdll, 'RtlRaiseStatus');
  TFNRtlRaiseStatus(_RtlRaiseStatus)(
    Status
  );
end;

// Dynamic version of RtlRandom
function  RtlRandom(
    Seed : PULONG
  ): ULONG; stdcall;
begin
  GetProcedureAddress(_RtlRandom, ntdll, 'RtlRandom');
  Result := TFNRtlRandom(_RtlRandom)(
    Seed
  );
end;

// Dynamic version of RtlRandomEx
function  RtlRandomEx(
    Seed : PULONG
  ): ULONG; stdcall;
begin
  GetProcedureAddress(_RtlRandomEx, ntdll, 'RtlRandomEx');
  Result := TFNRtlRandomEx(_RtlRandomEx)(
    Seed
  );
end;

// Dynamic version of RtlReAllocateHeap
function  RtlReAllocateHeap(
    hHeap : HANDLE;
    dwFlags : ULONG;
    lpMem : PVOID;
    dwBytes : SIZE_T
  ): PVOID; stdcall;
begin
  GetProcedureAddress(_RtlReAllocateHeap, ntdll, 'RtlReAllocateHeap');
  Result := TFNRtlReAllocateHeap(_RtlReAllocateHeap)(
    hHeap, dwFlags, lpMem, dwBytes
  );
end;

// Dynamic version of RtlReleasePebLock
procedure RtlReleasePebLock(); stdcall;
begin
  GetProcedureAddress(_RtlReleasePebLock, ntdll, 'RtlReleasePebLock');
  TFNRtlReleasePebLock(_RtlReleasePebLock)();
end;

// Dynamic version of RtlRemoveVectoredExceptionHandler
function  RtlRemoveVectoredExceptionHandler(
    VectoredHandlerHandle : PVOID
  ): ULONG; stdcall;
begin
  GetProcedureAddress(_RtlRemoveVectoredExceptionHandler, ntdll, 'RtlRemoveVectoredExceptionHandler');
  Result := TFNRtlRemoveVectoredExceptionHandler(_RtlRemoveVectoredExceptionHandler)(
    VectoredHandlerHandle
  );
end;

// Dynamic version of RtlRestoreLastWin32Error
procedure RtlRestoreLastWin32Error(
    dwErrCode : DWORD
  ); stdcall;
begin
  GetProcedureAddress(_RtlRestoreLastWin32Error, ntdll, 'RtlRestoreLastWin32Error');
  TFNRtlRestoreLastWin32Error(_RtlRestoreLastWin32Error)(
    dwErrCode
  );
end;

// Dynamic version of RtlRunDecodeUnicodeString
procedure RtlRunDecodeUnicodeString(
    CodeSeed : UCHAR;
    StringToDecode : PUNICODE_STRING
  ); stdcall;
begin
  GetProcedureAddress(_RtlRunDecodeUnicodeString, ntdll, 'RtlRunDecodeUnicodeString');
  TFNRtlRunDecodeUnicodeString(_RtlRunDecodeUnicodeString)(
    CodeSeed, StringToDecode
  );
end;

// Dynamic version of RtlRunEncodeUnicodeString
procedure RtlRunEncodeUnicodeString(
    var CodeSeed : UCHAR;
    StringToEncode : PUNICODE_STRING
  ); stdcall;
begin
  GetProcedureAddress(_RtlRunEncodeUnicodeString, ntdll, 'RtlRunEncodeUnicodeString');
  TFNRtlRunEncodeUnicodeString(_RtlRunEncodeUnicodeString)(
    CodeSeed, StringToEncode
  );
end;

// Dynamic version of RtlSecondsSince1970ToTime
procedure RtlSecondsSince1970ToTime(
    SecondsSince1970 : ULONG;
    Time : PLARGE_INTEGER
  ); stdcall;
begin
  GetProcedureAddress(_RtlSecondsSince1970ToTime, ntdll, 'RtlSecondsSince1970ToTime');
  TFNRtlSecondsSince1970ToTime(_RtlSecondsSince1970ToTime)(
    SecondsSince1970, Time
  );
end;

// Dynamic version of RtlSecondsSince1980ToTime
procedure RtlSecondsSince1980ToTime(
    SecondsSince1980 : ULONG;
    Time : PLARGE_INTEGER
  ); stdcall;
begin
  GetProcedureAddress(_RtlSecondsSince1980ToTime, ntdll, 'RtlSecondsSince1980ToTime');
  TFNRtlSecondsSince1980ToTime(_RtlSecondsSince1980ToTime)(
    SecondsSince1980, Time
  );
end;

// Dynamic version of RtlSelfRelativeToAbsoluteSD
function  RtlSelfRelativeToAbsoluteSD(
    pSelfRelativeSD : PSECURITY_DESCRIPTOR;
    pAbsoluteSD : PSECURITY_DESCRIPTOR;
    lpdwAbsoluteSDSize : LPDWORD;
    pDacl : PACL;
    lpdwDaclSize : LPDWORD;
    pSacl : PACL;
    lpdwSaclSize : LPDWORD;
    pOwner : PSID;
    lpdwOwnerSize : LPDWORD;
    pPrimaryGroup : PSID;
    lpdwPrimaryGroupSize : LPDWORD
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlSelfRelativeToAbsoluteSD, ntdll, 'RtlSelfRelativeToAbsoluteSD');
  Result := TFNRtlSelfRelativeToAbsoluteSD(_RtlSelfRelativeToAbsoluteSD)(
    pSelfRelativeSD, pAbsoluteSD, lpdwAbsoluteSDSize, pDacl, lpdwDaclSize, pSacl, lpdwSaclSize, pOwner, lpdwOwnerSize, pPrimaryGroup, lpdwPrimaryGroupSize
  );
end;

// Dynamic version of RtlSetAllBits
procedure RtlSetAllBits(
    BitMapHeader : PRTL_BITMAP
  ); stdcall;
begin
  GetProcedureAddress(_RtlSetAllBits, ntdll, 'RtlSetAllBits');
  TFNRtlSetAllBits(_RtlSetAllBits)(
    BitMapHeader
  );
end;

// Dynamic version of RtlSetBits
procedure RtlSetBits(
    BitMapHeader : PRTL_BITMAP;
    StartingIndex : ULONG;
    NumberToSet : ULONG
  ); stdcall;
begin
  GetProcedureAddress(_RtlSetBits, ntdll, 'RtlSetBits');
  TFNRtlSetBits(_RtlSetBits)(
    BitMapHeader, StartingIndex, NumberToSet
  );
end;

// Dynamic version of RtlSetControlSecurityDescriptor
function  RtlSetControlSecurityDescriptor(
    pSecurityDescriptor : PSECURITY_DESCRIPTOR;
    ControlBitsOfInterest : SECURITY_DESCRIPTOR_CONTROL;
    ControlBitsToSet : SECURITY_DESCRIPTOR_CONTROL
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlSetControlSecurityDescriptor, ntdll, 'RtlSetControlSecurityDescriptor');
  Result := TFNRtlSetControlSecurityDescriptor(_RtlSetControlSecurityDescriptor)(
    pSecurityDescriptor, ControlBitsOfInterest, ControlBitsToSet
  );
end;

// Dynamic version of RtlSetCriticalSectionSpinCount
function  RtlSetCriticalSectionSpinCount(
    lpCriticalSection : PRTL_CRITICAL_SECTION;
    dwSpinCount : ULONG
  ): DWORD; stdcall;
begin
  GetProcedureAddress(_RtlSetCriticalSectionSpinCount, ntdll, 'RtlSetCriticalSectionSpinCount');
  Result := TFNRtlSetCriticalSectionSpinCount(_RtlSetCriticalSectionSpinCount)(
    lpCriticalSection, dwSpinCount
  );
end;

// Dynamic version of RtlSetCurrentDirectory_U
function  RtlSetCurrentDirectory_U(
    NewCurrentDirectory : PUNICODE_STRING
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlSetCurrentDirectory_U, ntdll, 'RtlSetCurrentDirectory_U');
  Result := TFNRtlSetCurrentDirectory_U(_RtlSetCurrentDirectory_U)(
    NewCurrentDirectory
  );
end;

// Dynamic version of RtlSetDaclSecurityDescriptor
function  RtlSetDaclSecurityDescriptor(
    SecurityDescriptor : PSECURITY_DESCRIPTOR;
    DaclPresent : BOOLEAN;
    Dacl : PACL;
    DaclDefaulted : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlSetDaclSecurityDescriptor, ntdll, 'RtlSetDaclSecurityDescriptor');
  Result := TFNRtlSetDaclSecurityDescriptor(_RtlSetDaclSecurityDescriptor)(
    SecurityDescriptor, DaclPresent, Dacl, DaclDefaulted
  );
end;

// Dynamic version of RtlSetGroupSecurityDescriptor
function  RtlSetGroupSecurityDescriptor(
    pSecurityDescriptor : PSECURITY_DESCRIPTOR;
    pGroup : PSID;
    bGroupDefaulted : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlSetGroupSecurityDescriptor, ntdll, 'RtlSetGroupSecurityDescriptor');
  Result := TFNRtlSetGroupSecurityDescriptor(_RtlSetGroupSecurityDescriptor)(
    pSecurityDescriptor, pGroup, bGroupDefaulted
  );
end;

// Dynamic version of RtlSetInformationAcl
function  RtlSetInformationAcl(
    pAcl : PACL;
    pAclInformation : PVOID;
    nInformationLength : DWORD;
    dwAclInformationClass : ACL_INFORMATION_CLASS
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlSetInformationAcl, ntdll, 'RtlSetInformationAcl');
  Result := TFNRtlSetInformationAcl(_RtlSetInformationAcl)(
    pAcl, pAclInformation, nInformationLength, dwAclInformationClass
  );
end;

// Dynamic version of RtlSetLastWin32ErrorAndNtStatusFromNtStatus
function  RtlSetLastWin32ErrorAndNtStatusFromNtStatus(
    Status : NTSTATUS
  ): ULONG; stdcall;
begin
  GetProcedureAddress(_RtlSetLastWin32ErrorAndNtStatusFromNtStatus, ntdll, 'RtlSetLastWin32ErrorAndNtStatusFromNtStatus');
  Result := TFNRtlSetLastWin32ErrorAndNtStatusFromNtStatus(_RtlSetLastWin32ErrorAndNtStatusFromNtStatus)(
    Status
  );
end;

// Dynamic version of RtlSetOwnerSecurityDescriptor
function  RtlSetOwnerSecurityDescriptor(
    pSecurityDescriptor : PSECURITY_DESCRIPTOR;
    pOwner : PSID;
    bOwnerDefaulted : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlSetOwnerSecurityDescriptor, ntdll, 'RtlSetOwnerSecurityDescriptor');
  Result := TFNRtlSetOwnerSecurityDescriptor(_RtlSetOwnerSecurityDescriptor)(
    pSecurityDescriptor, pOwner, bOwnerDefaulted
  );
end;

// Dynamic version of RtlSetProcessIsCritical
function  RtlSetProcessIsCritical(
    bIsCritical : BOOLEAN;
    pbOldIsCriticalValue : PBOOLEAN;
    bUnknownCanBeFalse : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlSetProcessIsCritical, ntdll, 'RtlSetProcessIsCritical');
  Result := TFNRtlSetProcessIsCritical(_RtlSetProcessIsCritical)(
    bIsCritical, pbOldIsCriticalValue, bUnknownCanBeFalse
  );
end;

// Dynamic version of RtlSetSaclSecurityDescriptor
function  RtlSetSaclSecurityDescriptor(
    pSecurityDescriptor : PSECURITY_DESCRIPTOR;
    bSaclPresent : BOOLEAN;
    pSacl : PACL;
    SaclDefaulted : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlSetSaclSecurityDescriptor, ntdll, 'RtlSetSaclSecurityDescriptor');
  Result := TFNRtlSetSaclSecurityDescriptor(_RtlSetSaclSecurityDescriptor)(
    pSecurityDescriptor, bSaclPresent, pSacl, SaclDefaulted
  );
end;

// Dynamic version of RtlSetThreadIsCritical
function  RtlSetThreadIsCritical(
    bIsCritical : BOOLEAN;
    pbOldIsCriticalValue : PBOOLEAN;
    bUnknownCanBeFalse : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlSetThreadIsCritical, ntdll, 'RtlSetThreadIsCritical');
  Result := TFNRtlSetThreadIsCritical(_RtlSetThreadIsCritical)(
    bIsCritical, pbOldIsCriticalValue, bUnknownCanBeFalse
  );
end;

// Dynamic version of RtlSizeHeap
function  RtlSizeHeap(
    hHeap : HANDLE;
    dwFlags : ULONG;
    lpMem : PVOID
  ): SIZE_T; stdcall;
begin
  GetProcedureAddress(_RtlSizeHeap, ntdll, 'RtlSizeHeap');
  Result := TFNRtlSizeHeap(_RtlSizeHeap)(
    hHeap, dwFlags, lpMem
  );
end;

// Dynamic version of RtlStringFromGUID
function  RtlStringFromGUID(
    Guid : REFGUID;
    GuidString : PUNICODE_STRING
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlStringFromGUID, ntdll, 'RtlStringFromGUID');
  Result := TFNRtlStringFromGUID(_RtlStringFromGUID)(
    Guid, GuidString
  );
end;

// Dynamic version of RtlSubAuthorityCountSid
function  RtlSubAuthorityCountSid(
    pSid : PSID
  ): PUCHAR; stdcall;
begin
  GetProcedureAddress(_RtlSubAuthorityCountSid, ntdll, 'RtlSubAuthorityCountSid');
  Result := TFNRtlSubAuthorityCountSid(_RtlSubAuthorityCountSid)(
    pSid
  );
end;

// Dynamic version of RtlSubAuthoritySid
function  RtlSubAuthoritySid(
    pSid : PSID;
    nSubAuthority : DWORD
  ): PDWORD; stdcall;
begin
  GetProcedureAddress(_RtlSubAuthoritySid, ntdll, 'RtlSubAuthoritySid');
  Result := TFNRtlSubAuthoritySid(_RtlSubAuthoritySid)(
    pSid, nSubAuthority
  );
end;

// Dynamic version of RtlSystemTimeToLocalTime
function  RtlSystemTimeToLocalTime(
    SystemTime : PLARGE_INTEGER;
    LocalTime : PLARGE_INTEGER
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlSystemTimeToLocalTime, ntdll, 'RtlSystemTimeToLocalTime');
  Result := TFNRtlSystemTimeToLocalTime(_RtlSystemTimeToLocalTime)(
    SystemTime, LocalTime
  );
end;

// Dynamic version of RtlTimeFieldsToTime
function  RtlTimeFieldsToTime(
    TimeFields : PTIME_FIELDS;
    Time : PLARGE_INTEGER
  ): BOOLEAN; stdcall;
begin
  GetProcedureAddress(_RtlTimeFieldsToTime, ntdll, 'RtlTimeFieldsToTime');
  Result := TFNRtlTimeFieldsToTime(_RtlTimeFieldsToTime)(
    TimeFields, Time
  );
end;

// Dynamic version of RtlTimeToElapsedTimeFields
procedure RtlTimeToElapsedTimeFields(
    Time : PLARGE_INTEGER;
    TimeFields : PTIME_FIELDS
  ); stdcall;
begin
  GetProcedureAddress(_RtlTimeToElapsedTimeFields, ntdll, 'RtlTimeToElapsedTimeFields');
  TFNRtlTimeToElapsedTimeFields(_RtlTimeToElapsedTimeFields)(
    Time, TimeFields
  );
end;

// Dynamic version of RtlTimeToSecondsSince1970
function  RtlTimeToSecondsSince1970(
    Time : PLARGE_INTEGER;
    ElapsedSeconds : PULONG
  ): BOOLEAN; stdcall;
begin
  GetProcedureAddress(_RtlTimeToSecondsSince1970, ntdll, 'RtlTimeToSecondsSince1970');
  Result := TFNRtlTimeToSecondsSince1970(_RtlTimeToSecondsSince1970)(
    Time, ElapsedSeconds
  );
end;

// Dynamic version of RtlTimeToSecondsSince1980
function  RtlTimeToSecondsSince1980(
    Time : PLARGE_INTEGER;
    ElapsedSeconds : PULONG
  ): BOOLEAN; stdcall;
begin
  GetProcedureAddress(_RtlTimeToSecondsSince1980, ntdll, 'RtlTimeToSecondsSince1980');
  Result := TFNRtlTimeToSecondsSince1980(_RtlTimeToSecondsSince1980)(
    Time, ElapsedSeconds
  );
end;

// Dynamic version of RtlTimeToTimeFields
procedure RtlTimeToTimeFields(
    Time : PLARGE_INTEGER;
    TimeFields : PTIME_FIELDS
  ); stdcall;
begin
  GetProcedureAddress(_RtlTimeToTimeFields, ntdll, 'RtlTimeToTimeFields');
  TFNRtlTimeToTimeFields(_RtlTimeToTimeFields)(
    Time, TimeFields
  );
end;

// Dynamic version of RtlTryEnterCriticalSection
function  RtlTryEnterCriticalSection(
    lpCriticalSection : PRTL_CRITICAL_SECTION
  ): BOOL; stdcall;
begin
  GetProcedureAddress(_RtlTryEnterCriticalSection, ntdll, 'RtlTryEnterCriticalSection');
  Result := TFNRtlTryEnterCriticalSection(_RtlTryEnterCriticalSection)(
    lpCriticalSection
  );
end;

// Dynamic version of RtlUnicodeStringToAnsiSize
function  RtlUnicodeStringToAnsiSize(
    UnicodeString : PUNICODE_STRING
  ): ULONG; stdcall;
begin
  GetProcedureAddress(_RtlUnicodeStringToAnsiSize, ntdll, 'RtlUnicodeStringToAnsiSize');
  Result := TFNRtlUnicodeStringToAnsiSize(_RtlUnicodeStringToAnsiSize)(
    UnicodeString
  );
end;

// Dynamic version of RtlUnicodeStringToAnsiString
function  RtlUnicodeStringToAnsiString(
    DestinationString : PANSI_STRING;
    SourceString : PUNICODE_STRING;
    AllocateDestinationString : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlUnicodeStringToAnsiString, ntdll, 'RtlUnicodeStringToAnsiString');
  Result := TFNRtlUnicodeStringToAnsiString(_RtlUnicodeStringToAnsiString)(
    DestinationString, SourceString, AllocateDestinationString
  );
end;

// Dynamic version of RtlUnicodeStringToCountedOemString
function  RtlUnicodeStringToCountedOemString(
    DestinationString : POEM_STRING;
    SourceString : PUNICODE_STRING;
    AllocateDestinationString : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlUnicodeStringToCountedOemString, ntdll, 'RtlUnicodeStringToCountedOemString');
  Result := TFNRtlUnicodeStringToCountedOemString(_RtlUnicodeStringToCountedOemString)(
    DestinationString, SourceString, AllocateDestinationString
  );
end;

// Dynamic version of RtlUnicodeStringToInteger
function  RtlUnicodeStringToInteger(
    Str : PUNICODE_STRING;
    Base : ULONG;
    Value : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlUnicodeStringToInteger, ntdll, 'RtlUnicodeStringToInteger');
  Result := TFNRtlUnicodeStringToInteger(_RtlUnicodeStringToInteger)(
    Str, Base, Value
  );
end;

// Dynamic version of RtlUnicodeStringToOemSize
function  RtlUnicodeStringToOemSize(
    UnicodeString : PUNICODE_STRING
  ): ULONG; stdcall;
begin
  GetProcedureAddress(_RtlUnicodeStringToOemSize, ntdll, 'RtlUnicodeStringToOemSize');
  Result := TFNRtlUnicodeStringToOemSize(_RtlUnicodeStringToOemSize)(
    UnicodeString
  );
end;

// Dynamic version of RtlUnicodeStringToOemString
function  RtlUnicodeStringToOemString(
    DestinationString : POEM_STRING;
    SourceString : PCUNICODE_STRING;
    AllocateDestinationString : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlUnicodeStringToOemString, ntdll, 'RtlUnicodeStringToOemString');
  Result := TFNRtlUnicodeStringToOemString(_RtlUnicodeStringToOemString)(
    DestinationString, SourceString, AllocateDestinationString
  );
end;

// Dynamic version of RtlUnicodeToMultiByteSize
function  RtlUnicodeToMultiByteSize(
    BytesInMultiByteString : PULONG;
    UnicodeString : PWSTR;
    BytesInUnicodeString : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlUnicodeToMultiByteSize, ntdll, 'RtlUnicodeToMultiByteSize');
  Result := TFNRtlUnicodeToMultiByteSize(_RtlUnicodeToMultiByteSize)(
    BytesInMultiByteString, UnicodeString, BytesInUnicodeString
  );
end;

// Dynamic version of RtlUniform
function  RtlUniform(
    Seed : PULONG
  ): ULONG; stdcall;
begin
  GetProcedureAddress(_RtlUniform, ntdll, 'RtlUniform');
  Result := TFNRtlUniform(_RtlUniform)(
    Seed
  );
end;

// Dynamic version of RtlUnwind
procedure RtlUnwind(
    TargetFrame : PVOID;
    TargetIp : PVOID;
    ExceptionRecord : PEXCEPTION_RECORD;
    ReturnValue : PVOID
  ); stdcall;
begin
  GetProcedureAddress(_RtlUnwind, ntdll, 'RtlUnwind');
  TFNRtlUnwind(_RtlUnwind)(
    TargetFrame, TargetIp, ExceptionRecord, ReturnValue
  );
end;

// Dynamic version of RtlUpcaseUnicodeChar
function  RtlUpcaseUnicodeChar(
    SourceCharacter : WCHAR
  ): WCHAR; stdcall;
begin
  GetProcedureAddress(_RtlUpcaseUnicodeChar, ntdll, 'RtlUpcaseUnicodeChar');
  Result := TFNRtlUpcaseUnicodeChar(_RtlUpcaseUnicodeChar)(
    SourceCharacter
  );
end;

// Dynamic version of RtlUpcaseUnicodeString
function  RtlUpcaseUnicodeString(
    DestinationString : PUNICODE_STRING;
    SourceString : PUNICODE_STRING;
    AllocateDestinationString : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlUpcaseUnicodeString, ntdll, 'RtlUpcaseUnicodeString');
  Result := TFNRtlUpcaseUnicodeString(_RtlUpcaseUnicodeString)(
    DestinationString, SourceString, AllocateDestinationString
  );
end;

// Dynamic version of RtlUpcaseUnicodeStringToAnsiString
function  RtlUpcaseUnicodeStringToAnsiString(
    DestinationString : PSTRING;
    SourceString : PUNICODE_STRING;
    AllocateDestinationString : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlUpcaseUnicodeStringToAnsiString, ntdll, 'RtlUpcaseUnicodeStringToAnsiString');
  Result := TFNRtlUpcaseUnicodeStringToAnsiString(_RtlUpcaseUnicodeStringToAnsiString)(
    DestinationString, SourceString, AllocateDestinationString
  );
end;

// Dynamic version of RtlUpcaseUnicodeStringToCountedOemString
function  RtlUpcaseUnicodeStringToCountedOemString(
    DestinationString : PSTRING;
    SourceString : PUNICODE_STRING;
    AllocateDestinationString : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlUpcaseUnicodeStringToCountedOemString, ntdll, 'RtlUpcaseUnicodeStringToCountedOemString');
  Result := TFNRtlUpcaseUnicodeStringToCountedOemString(_RtlUpcaseUnicodeStringToCountedOemString)(
    DestinationString, SourceString, AllocateDestinationString
  );
end;

// Dynamic version of RtlUpcaseUnicodeStringToOemString
function  RtlUpcaseUnicodeStringToOemString(
    DestinationString : PSTRING;
    SourceString : PUNICODE_STRING;
    AllocateDestinationString : BOOLEAN
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlUpcaseUnicodeStringToOemString, ntdll, 'RtlUpcaseUnicodeStringToOemString');
  Result := TFNRtlUpcaseUnicodeStringToOemString(_RtlUpcaseUnicodeStringToOemString)(
    DestinationString, SourceString, AllocateDestinationString
  );
end;

// Dynamic version of RtlUpcaseUnicodeToMultiByteN
function  RtlUpcaseUnicodeToMultiByteN(
    MbString : PCHAR;
    MbSize : ULONG;
    var ResultSize : ULONG;
    UnicodeString : PWSTR;
    UnicodeSize : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlUpcaseUnicodeToMultiByteN, ntdll, 'RtlUpcaseUnicodeToMultiByteN');
  Result := TFNRtlUpcaseUnicodeToMultiByteN(_RtlUpcaseUnicodeToMultiByteN)(
    MbString, MbSize, ResultSize, UnicodeString, UnicodeSize
  );
end;

// Dynamic version of RtlUpcaseUnicodeToOemN
function  RtlUpcaseUnicodeToOemN(
    OemString : PCHAR;
    OemSize : ULONG;
    var ResultSize : ULONG;
    UnicodeString : PWSTR;
    UnicodeSize : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlUpcaseUnicodeToOemN, ntdll, 'RtlUpcaseUnicodeToOemN');
  Result := TFNRtlUpcaseUnicodeToOemN(_RtlUpcaseUnicodeToOemN)(
    OemString, OemSize, ResultSize, UnicodeString, UnicodeSize
  );
end;

// Dynamic version of RtlUpperChar
function  RtlUpperChar(
    Character : CHAR
  ): CHAR; stdcall;
begin
  GetProcedureAddress(_RtlUpperChar, ntdll, 'RtlUpperChar');
  Result := TFNRtlUpperChar(_RtlUpperChar)(
    Character
  );
end;

// Dynamic version of RtlUpperString
procedure RtlUpperString(
    DestinationString : PSTRING;
    SourceString : PSTRING
  ); stdcall;
begin
  GetProcedureAddress(_RtlUpperString, ntdll, 'RtlUpperString');
  TFNRtlUpperString(_RtlUpperString)(
    DestinationString, SourceString
  );
end;

// Dynamic version of RtlValidAcl
function  RtlValidAcl(
    Acl : PACL
  ): BOOLEAN; stdcall;
begin
  GetProcedureAddress(_RtlValidAcl, ntdll, 'RtlValidAcl');
  Result := TFNRtlValidAcl(_RtlValidAcl)(
    Acl
  );
end;

// Dynamic version of RtlValidRelativeSecurityDescriptor
function  RtlValidRelativeSecurityDescriptor(
    SecurityDescriptorInput : PSECURITY_DESCRIPTOR;
    SecurityDescriptorLength : ULONG;
    RequiredInformation : SECURITY_INFORMATION
  ): BOOLEAN; stdcall;
begin
  GetProcedureAddress(_RtlValidRelativeSecurityDescriptor, ntdll, 'RtlValidRelativeSecurityDescriptor');
  Result := TFNRtlValidRelativeSecurityDescriptor(_RtlValidRelativeSecurityDescriptor)(
    SecurityDescriptorInput, SecurityDescriptorLength, RequiredInformation
  );
end;

// Dynamic version of RtlValidSecurityDescriptor
function  RtlValidSecurityDescriptor(
    SecurityDescriptor : PSECURITY_DESCRIPTOR
  ): BOOLEAN; stdcall;
begin
  GetProcedureAddress(_RtlValidSecurityDescriptor, ntdll, 'RtlValidSecurityDescriptor');
  Result := TFNRtlValidSecurityDescriptor(_RtlValidSecurityDescriptor)(
    SecurityDescriptor
  );
end;

// Dynamic version of RtlValidSid
function  RtlValidSid(
    pSid : PSID
  ): BOOLEAN; stdcall;
begin
  GetProcedureAddress(_RtlValidSid, ntdll, 'RtlValidSid');
  Result := TFNRtlValidSid(_RtlValidSid)(
    pSid
  );
end;

// Dynamic version of RtlValidateHeap
function  RtlValidateHeap(
    hHeap : HANDLE;
    dwFlags : ULONG;
    lpMem : LPCVOID
  ): BOOL; stdcall;
begin
  GetProcedureAddress(_RtlValidateHeap, ntdll, 'RtlValidateHeap');
  Result := TFNRtlValidateHeap(_RtlValidateHeap)(
    hHeap, dwFlags, lpMem
  );
end;

// Dynamic version of RtlValidateUnicodeString
function  RtlValidateUnicodeString(
    dwMustBeNull : ULONG;
    ValidateThis : PUNICODE_STRING
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlValidateUnicodeString, ntdll, 'RtlValidateUnicodeString');
  Result := TFNRtlValidateUnicodeString(_RtlValidateUnicodeString)(
    dwMustBeNull, ValidateThis
  );
end;

// Dynamic version of RtlVerifyVersionInfo
function  RtlVerifyVersionInfo(
    VersionInfo : PRTL_OSVERSIONINFOEXW;
    TypeMask : ULONG;
    ConditionMask : ULONGLONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlVerifyVersionInfo, ntdll, 'RtlVerifyVersionInfo');
  Result := TFNRtlVerifyVersionInfo(_RtlVerifyVersionInfo)(
    VersionInfo, TypeMask, ConditionMask
  );
end;

// Dynamic version of RtlVolumeDeviceToDosName
function  RtlVolumeDeviceToDosName(
    VolumeDeviceObject : PVOID;
    DosName : PUNICODE_STRING
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlVolumeDeviceToDosName, ntdll, 'RtlVolumeDeviceToDosName');
  Result := TFNRtlVolumeDeviceToDosName(_RtlVolumeDeviceToDosName)(
    VolumeDeviceObject, DosName
  );
end;

// Dynamic version of RtlWriteRegistryValue
function  RtlWriteRegistryValue(
    RelativeTo : ULONG;
    Path : LPCWSTR;
    ValueName : LPCWSTR;
    ValueType : ULONG;
    ValueData : PVOID;
    ValueLength : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlWriteRegistryValue, ntdll, 'RtlWriteRegistryValue');
  Result := TFNRtlWriteRegistryValue(_RtlWriteRegistryValue)(
    RelativeTo, Path, ValueName, ValueType, ValueData, ValueLength
  );
end;

// Dynamic version of RtlZeroHeap
function  RtlZeroHeap(
    hHeap : HANDLE;
    dwFlags : ULONG
  ): BOOLEAN; stdcall;
begin
  GetProcedureAddress(_RtlZeroHeap, ntdll, 'RtlZeroHeap');
  Result := TFNRtlZeroHeap(_RtlZeroHeap)(
    hHeap, dwFlags
  );
end;

// Dynamic version of RtlZeroMemory
procedure RtlZeroMemory(
    Destination : PVOID;
    Length : SIZE_T
  ); stdcall;
begin
  GetProcedureAddress(_RtlZeroMemory, ntdll, 'RtlZeroMemory');
  TFNRtlZeroMemory(_RtlZeroMemory)(
    Destination, Length
  );
end;

// Dynamic version of RtlpNotOwnerCriticalSection
function  RtlpNotOwnerCriticalSection(
    lpCriticalSection : PRTL_CRITICAL_SECTION
  ): BOOLEAN; stdcall;
begin
  GetProcedureAddress(_RtlpNotOwnerCriticalSection, ntdll, 'RtlpNotOwnerCriticalSection');
  Result := TFNRtlpNotOwnerCriticalSection(_RtlpNotOwnerCriticalSection)(
    lpCriticalSection
  );
end;

// Dynamic version of RtlpNtCreateKey
function  RtlpNtCreateKey(
    KeyHandle : PHANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    Unused1 : ULONG;
    Unused2 : ULONG;
    Disposition : PULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlpNtCreateKey, ntdll, 'RtlpNtCreateKey');
  Result := TFNRtlpNtCreateKey(_RtlpNtCreateKey)(
    KeyHandle, DesiredAccess, ObjectAttributes, Unused1, Unused2, Disposition
  );
end;

// Dynamic version of RtlpNtEnumerateSubKey
function  RtlpNtEnumerateSubKey(
    KeyHandle : HANDLE;
    SubKeyName : PUNICODE_STRING;
    Index : ULONG;
    Unused1 : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlpNtEnumerateSubKey, ntdll, 'RtlpNtEnumerateSubKey');
  Result := TFNRtlpNtEnumerateSubKey(_RtlpNtEnumerateSubKey)(
    KeyHandle, SubKeyName, Index, Unused1
  );
end;

// Dynamic version of RtlpNtMakeTemporaryKey
function  RtlpNtMakeTemporaryKey(
    KeyHandle : HANDLE
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlpNtMakeTemporaryKey, ntdll, 'RtlpNtMakeTemporaryKey');
  Result := TFNRtlpNtMakeTemporaryKey(_RtlpNtMakeTemporaryKey)(
    KeyHandle
  );
end;

// Dynamic version of RtlpNtOpenKey
function  RtlpNtOpenKey(
    KeyHandle : HANDLE;
    DesiredAccess : ACCESS_MASK;
    ObjectAttributes : POBJECT_ATTRIBUTES;
    Unused : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlpNtOpenKey, ntdll, 'RtlpNtOpenKey');
  Result := TFNRtlpNtOpenKey(_RtlpNtOpenKey)(
    KeyHandle, DesiredAccess, ObjectAttributes, Unused
  );
end;

// Dynamic version of RtlpNtQueryValueKey
function  RtlpNtQueryValueKey(
    KeyHandle : HANDLE;
    Type_ : PULONG;
    Data : PVOID;
    DataSize : PULONG;
    Unused : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlpNtQueryValueKey, ntdll, 'RtlpNtQueryValueKey');
  Result := TFNRtlpNtQueryValueKey(_RtlpNtQueryValueKey)(
    KeyHandle, Type_, Data, DataSize, Unused
  );
end;

// Dynamic version of RtlpNtSetValueKey
function  RtlpNtSetValueKey(
    KeyHandle : HANDLE;
    Type_ : ULONG;
    Data : PVOID;
    DataSize : ULONG
  ): NTSTATUS; stdcall;
begin
  GetProcedureAddress(_RtlpNtSetValueKey, ntdll, 'RtlpNtSetValueKey');
  Result := TFNRtlpNtSetValueKey(_RtlpNtSetValueKey)(
    KeyHandle, Type_, Data, DataSize
  );
end;

// Dynamic version of RtlxAnsiStringToUnicodeSize
function  RtlxAnsiStringToUnicodeSize(
    AnsiString : PANSI_STRING
  ): ULONG; stdcall;
begin
  GetProcedureAddress(_RtlxAnsiStringToUnicodeSize, ntdll, 'RtlxAnsiStringToUnicodeSize');
  Result := TFNRtlxAnsiStringToUnicodeSize(_RtlxAnsiStringToUnicodeSize)(
    AnsiString
  );
end;

// Dynamic version of RtlxOemStringToUnicodeSize
function  RtlxOemStringToUnicodeSize(
    AnsiString : POEM_STRING
  ): ULONG; stdcall;
begin
  GetProcedureAddress(_RtlxOemStringToUnicodeSize, ntdll, 'RtlxOemStringToUnicodeSize');
  Result := TFNRtlxOemStringToUnicodeSize(_RtlxOemStringToUnicodeSize)(
    AnsiString
  );
end;

// Dynamic version of RtlxUnicodeStringToAnsiSize
function  RtlxUnicodeStringToAnsiSize(
    UnicodeString : PUNICODE_STRING
  ): ULONG; stdcall;
begin
  GetProcedureAddress(_RtlxUnicodeStringToAnsiSize, ntdll, 'RtlxUnicodeStringToAnsiSize');
  Result := TFNRtlxUnicodeStringToAnsiSize(_RtlxUnicodeStringToAnsiSize)(
    UnicodeString
  );
end;

// Dynamic version of RtlxUnicodeStringToOemSize
function  RtlxUnicodeStringToOemSize(
    UnicodeString : PUNICODE_STRING
  ): ULONG; stdcall;
begin
  GetProcedureAddress(_RtlxUnicodeStringToOemSize, ntdll, 'RtlxUnicodeStringToOemSize');
  Result := TFNRtlxUnicodeStringToOemSize(_RtlxUnicodeStringToOemSize)(
    UnicodeString
  );
end;

// Dynamic version of VerSetConditionMask
function  VerSetConditionMask(
    ConditionMask : ULONGLONG;
    dwTypeMask : DWORD;
    Condition : BYTE
  ): ULONGLONG; stdcall;
begin
  GetProcedureAddress(_VerSetConditionMask, ntdll, 'VerSetConditionMask');
  Result := TFNVerSetConditionMask(_VerSetConditionMask)(
    ConditionMask, dwTypeMask, Condition
  );
end;

{$ENDIF RTDL}


(*
Function forwarders which are not implemented by this unit
because they are available only on the 64bit editions of
Windows XP and Windows 2003 Server.

[KERNEL32.dll]RtlCaptureContext -> NTDLL.RtlCaptureContext
[KERNEL32.dll]RtlCaptureStackBackTrace -> NTDLL.RtlCaptureStackBackTrace

Usually the Kernel32 functions are documented in the Platform SDK, so knowing
of these function forwarders gives you the chance to find out the prototype of
the respective Native API to which the call is forwarded.

The following usermode Native APIs are not included in this unit:
-----------------------------------------------------------------
CsrAllocateCaptureBuffer [NT3, NT4, W2K, WXP, 2K3]
CsrAllocateMessagePointer [NT3, NT4, W2K, WXP, 2K3]
CsrCaptureMessageBuffer [NT3, NT4, W2K, WXP, 2K3]
CsrCaptureMessageMultiUnicodeStringsInPlace [WXP, 2K3]
CsrCaptureMessageString [NT3, NT4, W2K, WXP, 2K3]
CsrCaptureTimeout [NT3, NT4, W2K, WXP, 2K3]
CsrClientCallServer [NT3, NT4, W2K, WXP, 2K3]
CsrClientConnectToServer [NT3, NT4, W2K, WXP, 2K3]
CsrFreeCaptureBuffer [NT3, NT4, W2K, WXP, 2K3]
CsrIdentifyAlertableThread [NT3, NT4, W2K, WXP, 2K3]
CsrNewThread [NT3, NT4, W2K, WXP, 2K3]
CsrProbeForRead [NT3, NT4, W2K, WXP, 2K3]
CsrProbeForWrite [NT3, NT4, W2K, WXP, 2K3]
CsrSetPriorityClass [NT3, NT4, W2K, WXP, 2K3]
DbgPrintEx [WXP, 2K3]
DbgPrintReturnControlC [W2K, WXP, 2K3]
DbgPrompt [NT3, NT4, W2K, WXP, 2K3]
DbgSsHandleKmApiMsg [NT3, NT4, W2K]
DbgSsInitialize [NT3, NT4, W2K]
DbgUiConnectToDbg [NT3, NT4, W2K, WXP, 2K3]
DbgUiContinue [NT3, NT4, W2K, WXP, 2K3]
DbgUiConvertStateChangeStructure [WXP, 2K3]
DbgUiDebugActiveProcess [WXP, 2K3]
DbgUiGetThreadDebugObject [WXP, 2K3]
DbgUiIssueRemoteBreakin [WXP, 2K3]
DbgUiRemoteBreakin [WXP, 2K3]
DbgUiSetThreadDebugObject [WXP, 2K3]
DbgUiStopDebugging [WXP, 2K3]
DbgUiWaitStateChange [NT3, NT4, W2K, WXP, 2K3]
DbgUserBreakPoint [NT3, NT4, W2K, WXP, 2K3]
EtwControlTraceA [2K3]
EtwControlTraceW [2K3]
EtwCreateTraceInstanceId [2K3]
EtwEnableTrace [2K3]
EtwEnumerateTraceGuids [2K3]
EtwFlushTraceA [2K3]
EtwFlushTraceW [2K3]
EtwGetTraceEnableFlags [2K3]
EtwGetTraceEnableLevel [2K3]
EtwGetTraceLoggerHandle [2K3]
EtwNotificationRegistrationA [2K3]
EtwNotificationRegistrationW [2K3]
EtwQueryAllTracesA [2K3]
EtwQueryAllTracesW [2K3]
EtwQueryTraceA [2K3]
EtwQueryTraceW [2K3]
EtwReceiveNotificationsA [2K3]
EtwReceiveNotificationsW [2K3]
EtwRegisterTraceGuidsA [2K3]
EtwRegisterTraceGuidsW [2K3]
EtwStartTraceA [2K3]
EtwStartTraceW [2K3]
EtwStopTraceA [2K3]
EtwStopTraceW [2K3]
EtwTraceEvent [2K3]
EtwTraceEventInstance [2K3]
EtwTraceMessage [2K3]
EtwTraceMessageVa [2K3]
EtwUnregisterTraceGuids [2K3]
EtwUpdateTraceA [2K3]
EtwUpdateTraceW [2K3]
EtwpGetTraceBuffer [2K3]
EtwpSetHWConfigFunction [2K3]
KiUserApcDispatcher [NT3, NT4, W2K, WXP, 2K3]
KiUserCallbackDispatcher [NT3, NT4, W2K, WXP, 2K3]
KiUserExceptionDispatcher [NT3, NT4, W2K, WXP, 2K3]
LdrAccessOutOfProcessResource [WXP, 2K3]
LdrAddRefDll [WXP, 2K3]
LdrCreateOutOfProcessImage [WXP, 2K3]
LdrDestroyOutOfProcessImage [WXP, 2K3]
LdrEnumResources [NT3, NT4, W2K, WXP, 2K3]
LdrEnumerateLoadedModules [WXP, 2K3]
LdrFindCreateProcessManifest [WXP, 2K3]
LdrFindEntryForAddress [NT3, NT4, W2K, WXP, 2K3]
LdrFindResourceDirectory_U [NT3, NT4, W2K, WXP, 2K3]
LdrFindResourceEx_U [WXP, 2K3]
LdrFindResource_U [NT3, NT4, W2K, WXP, 2K3]
LdrFlushAlternateResourceModules [W2K, WXP, 2K3]
LdrGetDllHandleEx [WXP, 2K3]
LdrHotPatchRoutine [2K3]
LdrInitShimEngineDynamic [WXP, 2K3]
LdrInitializeThunk [NT3, NT4, W2K, WXP, 2K3]
LdrLoadAlternateResourceModule [W2K, WXP, 2K3]
LdrLockLoaderLock [WXP, 2K3]
LdrProcessRelocationBlock [NT3, NT4, W2K, WXP, 2K3]
LdrQueryImageFileExecutionOptionsEx [2K3]
LdrSetAppCompatDllRedirectionCallback [WXP, 2K3]
LdrSetDllManifestProber [WXP, 2K3]
LdrUnloadAlternateResourceModule [W2K, WXP, 2K3]
LdrUnlockLoaderLock [WXP, 2K3]
LdrVerifyImageMatchesChecksum [NT3, NT4, W2K, WXP, 2K3]
NPXEMULATORTABLE [NT3, NT4, W2K]
NlsAnsiCodePage [NT4, W2K, WXP, 2K3]
NlsMbCodePageTag [NT3, NT4, W2K, WXP, 2K3]
NlsMbOemCodePageTag [NT3, NT4, W2K, WXP, 2K3]
NtAddBootEntry [WXP, 2K3]
NtAddDriverEntry [2K3]
NtApphelpCacheControl [2K3]
NtCompactKeys [WXP, 2K3]
NtCompareTokens [WXP, 2K3]
NtCompressKey [WXP, 2K3]
NtCreateDebugObject [WXP, 2K3]
NtCreateJobSet [WXP, 2K3]
NtCreateKeyedEvent [WXP, 2K3]
NtCreateProcessEx [WXP, 2K3]
NtDebugContinue [WXP, 2K3]
NtDeleteBootEntry [WXP, 2K3]
NtDeleteDriverEntry [2K3]
NtEnumerateBootEntries [WXP, 2K3]
NtEnumerateDriverEntries [2K3]
NtEnumerateSystemEnvironmentValuesEx [WXP, 2K3]
NtIsProcessInJob [WXP, 2K3]
NtLoadKeyEx [2K3]
NtLockProductActivationKeys [WXP, 2K3]
NtLockRegistryKey [WXP, 2K3]
NtModifyBootEntry [WXP, 2K3]
NtModifyDriverEntry [2K3]
NtOpenKeyedEvent [WXP, 2K3]
NtOpenProcessTokenEx [WXP, 2K3]
NtOpenThreadTokenEx [WXP, 2K3]
NtQueryBootEntryOrder [WXP, 2K3]
NtQueryBootOptions [WXP, 2K3]
NtQueryDebugFilterState [WXP, 2K3]
NtQueryDriverEntryOrder [2K3]
NtQueryOpenSubKeysEx [2K3]
NtQuerySystemEnvironmentValueEx [WXP, 2K3]
NtReleaseKeyedEvent [WXP, 2K3]
NtRenameKey [WXP, 2K3]
NtSetBootEntryOrder [WXP, 2K3]
NtSetBootOptions [WXP, 2K3]
NtSetDebugFilterState [WXP, 2K3]
NtSetDriverEntryOrder [2K3]
NtSetEventBoostPriority [WXP, 2K3]
NtSetInformationDebugObject [WXP, 2K3]
NtSetSystemEnvironmentValueEx [WXP, 2K3]
NtTraceEvent [WXP, 2K3]
NtTranslateFilePath [WXP, 2K3]
NtUnloadKey2 [2K3]
NtUnloadKeyEx [WXP, 2K3]
NtWaitForDebugEvent [WXP, 2K3]
NtWaitForKeyedEvent [WXP, 2K3]
PfxFindPrefix [NT3, NT4, W2K, WXP, 2K3]
PfxInitialize [NT3, NT4, W2K, WXP, 2K3]
PfxInsertPrefix [NT3, NT4, W2K, WXP, 2K3]
PfxRemovePrefix [NT3, NT4, W2K, WXP, 2K3]
PropertyLengthAsVariant [NT4, W2K, WXP, 2K3]
RestoreEm87Context [NT3, NT4, W2K, WXP, 2K3]
RtlAbortRXact [NT3, NT4, W2K, WXP, 2K3]
RtlAcquireResourceExclusive [NT3, NT4, W2K, WXP, 2K3]
RtlAcquireResourceShared [NT3, NT4, W2K, WXP, 2K3]
RtlActivateActivationContext [WXP, 2K3]
RtlActivateActivationContextEx [WXP, 2K3]
RtlActivateActivationContextUnsafeFast [WXP, 2K3]
RtlAddAccessAllowedObjectAce [W2K, WXP, 2K3]
RtlAddAccessDeniedObjectAce [W2K, WXP, 2K3]
RtlAddActionToRXact [NT3, NT4, W2K, WXP, 2K3]
RtlAddAtomToAtomTable [NT4, W2K, WXP, 2K3]
RtlAddAttributeActionToRXact [NT3, NT4, W2K, WXP, 2K3]
RtlAddAuditAccessObjectAce [W2K, WXP, 2K3]
RtlAddCompoundAce [NT4, W2K, WXP, 2K3]
RtlAddRefActivationContext [WXP, 2K3]
RtlAddRefMemoryStream [WXP, 2K3]
RtlAddressInSectionTable [WXP, 2K3]
RtlAllocateHandle [NT4, W2K, WXP, 2K3]
RtlAppendPathElement [WXP, 2K3]
RtlApplicationVerifierStop [WXP, 2K3]
RtlApplyRXact [NT3, NT4, W2K, WXP, 2K3]
RtlApplyRXactNoFlush [NT3, NT4, W2K, WXP, 2K3]
RtlAssert2 [WXP]
RtlCallbackLpcClient [W2K]
RtlCancelTimer [W2K, WXP, 2K3]
RtlCaptureStackBackTrace [NT3, NT4, W2K, WXP, 2K3]
RtlCaptureStackContext [WXP, 2K3]
RtlCheckProcessParameters [WXP, 2K3]
RtlCloneMemoryStream [WXP, 2K3]
RtlCommitMemoryStream [WXP, 2K3]
RtlCompressBuffer [NT3, NT4, W2K, WXP, 2K3]
RtlComputeCrc32 [WXP, 2K3]
RtlComputeImportTableHash [WXP, 2K3]
RtlComputePrivatizedDllName_U [WXP, 2K3]
RtlConsoleMultiByteToUnicodeN [NT3, NT4, W2K, WXP, 2K3]
RtlConvertExclusiveToShared [NT3, NT4, W2K, WXP, 2K3]
RtlConvertPropertyToVariant [NT4, W2K, WXP, 2K3]
RtlConvertSharedToExclusive [NT3, NT4, W2K, WXP, 2K3]
RtlConvertToAutoInheritSecurityObject [W2K, WXP, 2K3]
RtlConvertUiListToApiList [NT3, NT4, W2K, WXP, 2K3]
RtlConvertVariantToProperty [NT4, W2K, WXP, 2K3]
RtlCopyLuidAndAttributesArray [NT3, NT4, W2K, WXP, 2K3]
RtlCopyMappedMemory [2K3]
RtlCopyMemoryStreamTo [WXP, 2K3]
RtlCopyOutOfProcessMemoryStreamTo [WXP, 2K3]
RtlCopySidAndAttributesArray [NT3, NT4, W2K, WXP, 2K3]
RtlCreateActivationContext [WXP, 2K3]
RtlCreateAndSetSD [NT3, NT4, W2K, WXP, 2K3]
RtlCreateAtomTable [NT4, W2K, WXP, 2K3]
RtlCreateBootStatusDataFile [WXP, 2K3]
RtlCreateEnvironment [NT3, NT4, W2K, WXP, 2K3]
RtlCreateLpcServer [W2K]
RtlCreateSystemVolumeInformationFolder [WXP, 2K3]
RtlCreateTagHeap [NT3, NT4, W2K, WXP, 2K3]
RtlCreateTimer [W2K, WXP, 2K3]
RtlCreateTimerQueue [W2K, WXP, 2K3]
RtlCreateUserSecurityObject [NT3, NT4, W2K, WXP, 2K3]
RtlCustomCPToUnicodeN [NT3, NT4, W2K, WXP, 2K3]
RtlDeactivateActivationContext [WXP, 2K3]
RtlDeactivateActivationContextUnsafeFast [WXP, 2K3]
RtlDebugPrintTimes [W2K, WXP, 2K3]
RtlDecompressBuffer [NT3, NT4, W2K, WXP, 2K3]
RtlDecompressFragment [NT3, NT4, W2K, WXP, 2K3]
RtlDefaultNpAcl [W2K, WXP, 2K3]
RtlDeleteAtomFromAtomTable [NT4, W2K, WXP, 2K3]
RtlDeleteElementGenericTable [NT3, NT4, W2K, WXP, 2K3]
RtlDeleteElementGenericTableAvl [WXP, 2K3]
RtlDeleteNoSplay [NT4, W2K, WXP, 2K3]
RtlDeleteResource [NT3, NT4, W2K, WXP, 2K3]
RtlDeleteSecurityObject [NT3, NT4, W2K, WXP, 2K3]
RtlDeleteTimer [W2K, WXP, 2K3]
RtlDeleteTimerQueue [W2K, WXP, 2K3]
RtlDeleteTimerQueueEx [W2K, WXP, 2K3]
RtlDeregisterWait [W2K, WXP, 2K3]
RtlDeregisterWaitEx [W2K, WXP, 2K3]
RtlDestroyAtomTable [NT4, W2K, WXP, 2K3]
RtlDestroyEnvironment [NT3, NT4, W2K, WXP, 2K3]
RtlDestroyHandleTable [NT4, W2K, WXP, 2K3]
RtlDllShutdownInProgress [WXP, 2K3]
RtlDosApplyFileIsolationRedirection_Ustr [WXP, 2K3]
RtlDosPathNameToRelativeNtPathName_U [2K3]
RtlDosSearchPath_Ustr [WXP, 2K3]
RtlDumpResource [NT3, NT4, W2K, WXP, 2K3]
RtlEmptyAtomTable [NT4, W2K, WXP, 2K3]
RtlEnumProcessHeaps [NT3, NT4, W2K, WXP, 2K3]
RtlEnumerateGenericTable [NT3, NT4, W2K, WXP, 2K3]
RtlEnumerateGenericTableAvl [WXP, 2K3]
RtlEnumerateGenericTableLikeADirectory [WXP, 2K3]
RtlEnumerateGenericTableWithoutSplaying [NT3, NT4, W2K, WXP, 2K3]
RtlEnumerateGenericTableWithoutSplayingAvl [WXP, 2K3]
RtlExitUserThread [WXP, 2K3]
RtlExtendHeap [NT3, NT4, W2K, WXP, 2K3]
RtlFinalReleaseOutOfProcessMemoryStream [WXP, 2K3]
RtlFindActivationContextSectionGuid [WXP, 2K3]
RtlFindActivationContextSectionString [WXP, 2K3]
RtlFindClearRuns [WXP, 2K3]
RtlFindMessage [NT3, NT4, W2K, WXP, 2K3]
RtlFirstEntrySList [WXP, 2K3]
RtlFlushSecureMemoryCache [WXP, 2K3]
RtlFormatMessage [NT3, NT4, W2K, WXP, 2K3]
RtlFreeHandle [NT4, W2K, WXP, 2K3]
RtlFreeThreadActivationContextStack [WXP, 2K3]
RtlFreeUserThreadStack [NT4, W2K, WXP, 2K3]
RtlGenerate8dot3Name [NT3, NT4, W2K, WXP, 2K3]
RtlGetActiveActivationContext [WXP, 2K3]
RtlGetCompressionWorkSpaceSize [NT3, NT4, W2K, WXP, 2K3]
RtlGetElementGenericTable [NT3, NT4, W2K, WXP, 2K3]
RtlGetElementGenericTableAvl [WXP, 2K3]
RtlGetFrame [WXP, 2K3]
RtlGetFullPathName_UstrEx [2K3]
RtlGetLengthWithoutLastFullDosOrNtPathElement [WXP, 2K3]
RtlGetLengthWithoutTrailingPathSeperators [WXP, 2K3]
RtlGetNativeSystemInformation [WXP, 2K3]
RtlGetSecurityDescriptorRMControl [W2K, WXP, 2K3]
RtlGetSetBootStatusData [WXP, 2K3]
RtlGetThreadErrorMode [2K3]
RtlGetUnloadEventTrace [2K3]
RtlGetUserInfoHeap [NT3, NT4, W2K, WXP, 2K3]
RtlHashUnicodeString [WXP, 2K3]
RtlImpersonateLpcClient [W2K]
RtlInitCodePageTable [NT3, NT4, W2K, WXP, 2K3]
RtlInitMemoryStream [WXP, 2K3]
RtlInitNlsTables [NT3, NT4, W2K, WXP, 2K3]
RtlInitOutOfProcessMemoryStream [WXP, 2K3]
RtlInitializeAtomPackage [NT4, W2K, WXP, 2K3]
RtlInitializeContext [NT3, NT4, W2K, WXP, 2K3]
RtlInitializeGenericTable [NT3, NT4, W2K, WXP, 2K3]
RtlInitializeGenericTableAvl [WXP, 2K3]
RtlInitializeHandleTable [NT4, W2K, WXP, 2K3]
RtlInitializeRXact [NT3, NT4, W2K, WXP, 2K3]
RtlInitializeResource [NT3, NT4, W2K, WXP, 2K3]
RtlInsertElementGenericTable [NT3, NT4, W2K, WXP, 2K3]
RtlInsertElementGenericTableAvl [WXP, 2K3]
RtlInsertElementGenericTableFull [2K3]
RtlInsertElementGenericTableFullAvl [2K3]
RtlInterlockedCompareExchange64 [2K3]
RtlInterlockedPushListSList [WXP, 2K3]
RtlIpv4AddressToStringExA [2K3]
RtlIpv4AddressToStringExW [2K3]
RtlIpv4StringToAddressA [WXP, 2K3]
RtlIpv4StringToAddressExA [2K3]
RtlIpv4StringToAddressExW [2K3]
RtlIpv4StringToAddressW [WXP, 2K3]
RtlIpv6AddressToStringA [WXP, 2K3]
RtlIpv6AddressToStringExA [2K3]
RtlIpv6AddressToStringExW [2K3]
RtlIpv6AddressToStringW [WXP, 2K3]
RtlIpv6StringToAddressA [WXP, 2K3]
RtlIpv6StringToAddressExA [2K3]
RtlIpv6StringToAddressExW [2K3]
RtlIpv6StringToAddressW [WXP, 2K3]
RtlIsActivationContextActive [WXP, 2K3]
RtlIsGenericTableEmpty [NT3, NT4, W2K, WXP, 2K3]
RtlIsGenericTableEmptyAvl [WXP, 2K3]
RtlIsThreadWithinLoaderCallout [WXP, 2K3]
RtlIsValidHandle [NT4, W2K, WXP, 2K3]
RtlIsValidIndexHandle [NT4, W2K, WXP, 2K3]
RtlLockBootStatusData [WXP, 2K3]
RtlLockMemoryStreamRegion [WXP, 2K3]
RtlLogStackBackTrace [WXP, 2K3]
RtlLookupAtomInAtomTable [NT4, W2K, WXP, 2K3]
RtlLookupElementGenericTable [NT3, NT4, W2K, WXP, 2K3]
RtlLookupElementGenericTableAvl [WXP, 2K3]
RtlLookupElementGenericTableFull [2K3]
RtlLookupElementGenericTableFullAvl [2K3]
RtlMultiAppendUnicodeStringBuffer [WXP, 2K3]
RtlMultiByteToUnicodeN [NT3, NT4, W2K, WXP, 2K3]
RtlMultiByteToUnicodeSize [NT3, NT4, W2K, WXP, 2K3]
RtlMultipleAllocateHeap [2K3]
RtlMultipleFreeHeap [2K3]
RtlNewInstanceSecurityObject [NT3, NT4, W2K, WXP, 2K3]
RtlNewSecurityGrantedAccess [NT3, NT4, W2K, WXP, 2K3]
RtlNewSecurityObject [NT3, NT4, W2K, WXP, 2K3]
RtlNewSecurityObjectEx [W2K, WXP, 2K3]
RtlNewSecurityObjectWithMultipleInheritance [WXP, 2K3]
RtlNtPathNameToDosPathName [WXP, 2K3]
RtlNumberGenericTableElements [NT3, NT4, W2K, WXP, 2K3]
RtlNumberGenericTableElementsAvl [WXP, 2K3]
RtlPcToFileHeader [NT3, NT4, W2K, WXP, 2K3]
RtlPinAtomInAtomTable [NT4, W2K, WXP, 2K3]
RtlPopFrame [WXP, 2K3]
RtlProtectHeap [NT3, NT4, W2K, WXP, 2K3]
RtlPushFrame [WXP, 2K3]
RtlQueryAtomInAtomTable [NT4, W2K, WXP, 2K3]
RtlQueryHeapInformation [W2K, WXP, 2K3]
RtlQueryInformationActivationContext [WXP, 2K3]
RtlQueryInformationActiveActivationContext [WXP, 2K3]
RtlQueryInterfaceMemoryStream [WXP, 2K3]
RtlQueryProcessBackTraceInformation [NT3, NT4, W2K, WXP, 2K3]
RtlQueryProcessHeapInformation [NT3, NT4, W2K, WXP, 2K3]
RtlQueryProcessLockInformation [NT3, NT4, W2K, WXP, 2K3]
RtlQuerySecurityObject [NT3, NT4, W2K, WXP, 2K3]
RtlQueryTagHeap [NT3, NT4, W2K, WXP, 2K3]
RtlQueryTimeZoneInformation [NT3, NT4, W2K, WXP, 2K3]
RtlQueueApcWow64Thread [WXP, 2K3]
RtlQueueWorkItem [W2K, WXP, 2K3]
RtlRaiseException [NT3, NT4, W2K, WXP, 2K3]
RtlReadMemoryStream [WXP, 2K3]
RtlReadOutOfProcessMemoryStream [WXP, 2K3]
RtlRealPredecessor [NT3, NT4, W2K, WXP, 2K3]
RtlRealSuccessor [NT3, NT4, W2K, WXP, 2K3]
RtlRegisterSecureMemoryCacheCallback [WXP, 2K3]
RtlRegisterWait [W2K, WXP, 2K3]
RtlReleaseActivationContext [WXP, 2K3]
RtlReleaseMemoryStream [WXP, 2K3]
RtlReleaseRelativeName [2K3]
RtlReleaseResource [NT3, NT4, W2K, WXP, 2K3]
RtlRemoteCall [NT3, NT4, W2K, WXP, 2K3]
RtlResetRtlTranslations [NT3, NT4, W2K, WXP, 2K3]
RtlRevertMemoryStream [WXP, 2K3]
RtlSeekMemoryStream [WXP, 2K3]
RtlSelfRelativeToAbsoluteSD2 [W2K, WXP, 2K3]
RtlSetAttributesSecurityDescriptor [NT4, W2K, WXP, 2K3]
RtlSetCurrentEnvironment [NT3, NT4, W2K, WXP, 2K3]
RtlSetEnvironmentStrings [2K3]
RtlSetEnvironmentVariable [NT3, NT4, W2K, WXP, 2K3]
RtlSetHeapInformation [W2K, WXP, 2K3]
RtlSetIoCompletionCallback [W2K, WXP, 2K3]
RtlSetMemoryStreamSize [WXP, 2K3]
RtlSetSecurityDescriptorRMControl [W2K, WXP, 2K3]
RtlSetSecurityObject [NT3, NT4, W2K, WXP, 2K3]
RtlSetSecurityObjectEx [W2K, WXP, 2K3]
RtlSetThreadErrorMode [2K3]
RtlSetThreadPoolStartFunc [W2K, WXP, 2K3]
RtlSetTimeZoneInformation [NT3, NT4, W2K, WXP, 2K3]
RtlSetTimer [W2K, WXP, 2K3]
RtlSetUnicodeCallouts [NT4, W2K, WXP, 2K3]
RtlSetUserFlagsHeap [NT3, NT4, W2K, WXP, 2K3]
RtlSetUserValueHeap [NT3, NT4, W2K, WXP, 2K3]
RtlShutdownLpcServer [W2K]
RtlSplay [NT3, NT4, W2K, WXP, 2K3]
RtlStartRXact [NT3, NT4, W2K, WXP, 2K3]
RtlStatMemoryStream [WXP, 2K3]
RtlSubtreePredecessor [NT3, NT4, W2K, WXP, 2K3]
RtlSubtreeSuccessor [NT3, NT4, W2K, WXP, 2K3]
RtlTraceDatabaseAdd [W2K, WXP, 2K3]
RtlTraceDatabaseCreate [W2K, WXP, 2K3]
RtlTraceDatabaseDestroy [W2K, WXP, 2K3]
RtlTraceDatabaseEnumerate [W2K, WXP, 2K3]
RtlTraceDatabaseFind [W2K, WXP, 2K3]
RtlTraceDatabaseLock [W2K, WXP, 2K3]
RtlTraceDatabaseUnlock [W2K, WXP, 2K3]
RtlTraceDatabaseValidate [W2K, WXP, 2K3]
RtlUnhandledExceptionFilter [WXP, 2K3]
RtlUnhandledExceptionFilter2 [WXP, 2K3]
RtlUnicodeToCustomCPN [NT3, NT4, W2K, WXP, 2K3]
RtlUnicodeToMultiByteN [NT3, NT4, W2K, WXP, 2K3]
RtlUnicodeToOemN [NT3, NT4, W2K, WXP, 2K3]
RtlUnlockBootStatusData [WXP, 2K3]
RtlUnlockHeap [NT3, NT4, W2K, WXP, 2K3]
RtlUnlockMemoryStreamRegion [WXP, 2K3]
RtlUpcaseUnicodeToCustomCPN [NT3, NT4, W2K, WXP, 2K3]
RtlUpdateTimer [W2K, WXP, 2K3]
RtlUsageHeap [NT3, NT4, W2K, WXP, 2K3]
RtlValidateProcessHeaps [NT3, NT4, W2K, WXP, 2K3]
RtlWalkFrameChain [W2K, WXP, 2K3]
RtlWalkHeap [NT3, NT4, W2K, WXP, 2K3]
RtlWow64EnableFsRedirection [2K3]
RtlWriteMemoryStream [WXP, 2K3]
RtlZombifyActivationContext [WXP, 2K3]
RtlpApplyLengthFunction [WXP, 2K3]
RtlpEnsureBufferSize [WXP, 2K3]
RtlpUnWaitCriticalSection [NT3, NT4, W2K, WXP, 2K3]
RtlpWaitForCriticalSection [NT3, NT4, W2K, WXP, 2K3]
SaveEm87Context [NT3, NT4, W2K, WXP, 2K3]
ZwAddBootEntry [WXP, 2K3]
ZwAddDriverEntry [2K3]
ZwApphelpCacheControl [2K3]
ZwCompactKeys [WXP, 2K3]
ZwCompareTokens [WXP, 2K3]
ZwCompressKey [WXP, 2K3]
ZwCreateDebugObject [WXP, 2K3]
ZwCreateJobSet [WXP, 2K3]
ZwCreateKeyedEvent [WXP, 2K3]
ZwCreateProcessEx [WXP, 2K3]
ZwDebugContinue [WXP, 2K3]
ZwDeleteBootEntry [WXP, 2K3]
ZwDeleteDriverEntry [2K3]
ZwEnumerateBootEntries [WXP, 2K3]
ZwEnumerateDriverEntries [2K3]
ZwEnumerateSystemEnvironmentValuesEx [WXP, 2K3]
ZwIsProcessInJob [WXP, 2K3]
ZwLoadKeyEx [2K3]
ZwLockProductActivationKeys [WXP, 2K3]
ZwLockRegistryKey [WXP, 2K3]
ZwModifyBootEntry [WXP, 2K3]
ZwModifyDriverEntry [2K3]
ZwOpenKeyedEvent [WXP, 2K3]
ZwOpenProcessTokenEx [WXP, 2K3]
ZwOpenThreadTokenEx [WXP, 2K3]
ZwQueryBootEntryOrder [WXP, 2K3]
ZwQueryBootOptions [WXP, 2K3]
ZwQueryDebugFilterState [WXP, 2K3]
ZwQueryDriverEntryOrder [2K3]
ZwQueryOpenSubKeysEx [2K3]
ZwQuerySystemEnvironmentValueEx [WXP, 2K3]
ZwReleaseKeyedEvent [WXP, 2K3]
ZwRenameKey [WXP, 2K3]
ZwSetBootEntryOrder [WXP, 2K3]
ZwSetBootOptions [WXP, 2K3]
ZwSetDebugFilterState [WXP, 2K3]
ZwSetDriverEntryOrder [2K3]
ZwSetEventBoostPriority [WXP, 2K3]
ZwSetInformationDebugObject [WXP, 2K3]
ZwSetSystemEnvironmentValueEx [WXP, 2K3]
ZwTraceEvent [WXP, 2K3]
ZwTranslateFilePath [WXP, 2K3]
ZwUnloadKey2 [2K3]
ZwUnloadKeyEx [WXP, 2K3]
ZwWaitForDebugEvent [WXP, 2K3]
ZwWaitForKeyedEvent [WXP, 2K3]

 +  457 (35.90%) not yet declared
 +  816 (64.10%) declared already
 = 1273 (100.00%) relevant functions overall


The following usermode Native APIs are considered deprecated
since they are only available in NT3 or NT4 only or in NT3/NT4
only. Hence they are considered irrelevant. These are:
-----------------------------------------------------------------
CsrAllocateCapturePointer [NT3, NT4]
CsrClientMaxMessage [NT3]
CsrClientSendMessage [NT3]
CsrClientThreadConnect [NT3]
CsrpProcessCallbackRequest [NT3]
NtEnumerateBus [NT3]
NtQueryOleDirectoryFile [NT4]
NtRegisterNewDevice [NT3]
NtReleaseProcessMutant [NT3]
NtWaitForProcessMutant [NT3]
RtlClosePropertySet [NT4]
RtlCompareVariants [NT4]
RtlCreatePropertySet [NT4]
RtlEnumerateProperties [NT4]
RtlFindLongestRunSet [NT3, NT4]
RtlFlushPropertySet [NT4]
RtlGuidToPropertySetName [NT4]
RtlOnMappedStreamEvent [NT4]
RtlPropertySetNameToGuid [NT4]
RtlQueryProperties [NT4]
RtlQueryPropertyNames [NT4]
RtlQueryPropertySet [NT4]
RtlSetProperties [NT4]
RtlSetPropertyNames [NT4]
RtlSetPropertySetClassId [NT4]
RtlpInitializeRtl [NT3]
ZwEnumerateBus [NT3]
ZwQueryOleDirectoryFile [NT4]
ZwRegisterNewDevice [NT3]
ZwReleaseProcessMutant [NT3]
ZwWaitForProcessMutant [NT3]

 = 31 deprecated functions
*)
end.