#ifndef GET_SYSCALL64_IDS_H
#define GET_SYSCALL64_IDS_H
/**
\file
*/

/**
\brief Definition of the hashs of APIs and the error value INVALID_SYSCALL_ID
*/
enum SYSCALL_IDS
{
	// Files
	NTOPENFILE = 0xC29C5019, //! Supported by get_basic_syscall_ID
	NTCREATEFILE = 0x15A5ECDB, //! Supported by get_basic_syscall_ID
	NTREADFILE = 0x2E979AE3,  //! Supported by get_basic_syscall_ID
	NTCLOSE = 0x8B8E133D,  //! Supported by get_basic_syscall_ID
	NTWRITEFILE = 0xD69326B2,

	// Mutexes
	NTCREATEMUTANT = 0x280632B4,
	NTOPENMUTANT = 0xEC225D72,
	NTRELEASEMUTANT = 0x29567961,

	// Registry
	NTOPENKEY = 0x4BB73E02,
	NTQUERYVALUEKEY = 0xB4C18A83,

	// Process
	NTQUERYSYSTEMINFORMATION = 0xEE4F73A8,

	INVALID_SYSCALL_ID = 0xFFFFFFFF, //! Used to signify errors
};

/**
\brief Gets the basic ID for the hash given.

This function does not dependent on the ID table but instead has
hardcoded definitions for a FEW Apis (these are marked in the
SYSCALL_IDS enum)
\param func The hash of the API that the ID is searched for
\return Returns the ID or INVALID_SYSCALL_ID
\sa get_syscall_ID()
*/
DWORD get_basic_syscall_ID(SYSCALL_IDS func);

/**
\brief Initalizes the ID table.
\return If FALSE no direct syscalls can be made.
\sa free_ID_table()
*/
BOOL initalize_ID_table();

/**
\brief Frees the ID table. After this is done
no direct syscalls can be made anymore
\sa initalize_ID_table()
*/
VOID destroy_ID_table();

/**
\brief Gets the ID for the hash given.
\pre This function does dependent on the ID table so make sure
to initalize_ID_table() first.
\param func The hash of the API that the ID is searched for
\return Returns the ID or INVALID_SYSCALL_ID
\sa initalize_ID_table()
*/
DWORD get_syscall_ID(DWORD func);

#endif // GET_SYSCALL64_IDS_H