4 * Windows NT Filesystem Driver Developer Kit
6 * This file is part of the w32api package.
9 * Created by Bo Brantén <bosse@acc.umu.se>
11 * THIS SOFTWARE IS NOT COPYRIGHTED
13 * This source code is offered for use in the public domain. You may
14 * use, modify or distribute it freely.
16 * This code is distributed in the hope that it will be useful but
17 * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
18 * DISCLAIMED. This includes but is not limited to warranties of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
25 #define _NTIFS_INCLUDED_
28 /* Helper macro to enable gcc's extension. */
29 #ifndef __GNU_EXTENSION
31 #define __GNU_EXTENSION __extension__
33 #define __GNU_EXTENSION
41 #define NTKERNELAPI DECLSPEC_IMPORT
42 #define NTHALAPI DECLSPEC_IMPORT
50 /* FIXME : #include <ntiologc.h> */
53 #define FlagOn(_F,_SF) ((_F) & (_SF))
57 #define BooleanFlagOn(F,SF) ((BOOLEAN)(((F) & (SF)) != 0))
61 #define SetFlag(_F,_SF) ((_F) |= (_SF))
65 #define ClearFlag(_F,_SF) ((_F) &= ~(_SF))
68 #define PsGetCurrentProcess IoGetCurrentProcess
70 #if (NTDDI_VERSION >= NTDDI_VISTA)
71 extern NTSYSAPI
volatile CCHAR KeNumberProcessors
;
72 #elif (NTDDI_VERSION >= NTDDI_WINXP)
73 extern NTSYSAPI CCHAR KeNumberProcessors
;
75 extern PCCHAR KeNumberProcessors
;
78 typedef UNICODE_STRING LSA_UNICODE_STRING
, *PLSA_UNICODE_STRING
;
79 typedef STRING LSA_STRING
, *PLSA_STRING
;
80 typedef OBJECT_ATTRIBUTES LSA_OBJECT_ATTRIBUTES
, *PLSA_OBJECT_ATTRIBUTES
;
82 #ifndef SID_IDENTIFIER_AUTHORITY_DEFINED
83 #define SID_IDENTIFIER_AUTHORITY_DEFINED
84 typedef struct _SID_IDENTIFIER_AUTHORITY
{
86 } SID_IDENTIFIER_AUTHORITY
,*PSID_IDENTIFIER_AUTHORITY
,*LPSID_IDENTIFIER_AUTHORITY
;
93 UCHAR SubAuthorityCount
;
94 SID_IDENTIFIER_AUTHORITY IdentifierAuthority
;
95 ULONG SubAuthority
[ANYSIZE_ARRAY
];
99 #define SID_REVISION 1
100 #define SID_MAX_SUB_AUTHORITIES 15
101 #define SID_RECOMMENDED_SUB_AUTHORITIES 1
103 typedef enum _SID_NAME_USE
{
108 SidTypeWellKnownGroup
,
109 SidTypeDeletedAccount
,
114 } SID_NAME_USE
, *PSID_NAME_USE
;
116 typedef struct _SID_AND_ATTRIBUTES
{
119 } SID_AND_ATTRIBUTES
, *PSID_AND_ATTRIBUTES
;
120 typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY
[ANYSIZE_ARRAY
];
121 typedef SID_AND_ATTRIBUTES_ARRAY
*PSID_AND_ATTRIBUTES_ARRAY
;
123 #define SID_HASH_SIZE 32
124 typedef ULONG_PTR SID_HASH_ENTRY
, *PSID_HASH_ENTRY
;
126 typedef struct _SID_AND_ATTRIBUTES_HASH
{
128 PSID_AND_ATTRIBUTES SidAttr
;
129 SID_HASH_ENTRY Hash
[SID_HASH_SIZE
];
130 } SID_AND_ATTRIBUTES_HASH
, *PSID_AND_ATTRIBUTES_HASH
;
132 /* Universal well-known SIDs */
134 #define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0}
135 #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
136 #define SECURITY_LOCAL_SID_AUTHORITY {0,0,0,0,0,2}
137 #define SECURITY_CREATOR_SID_AUTHORITY {0,0,0,0,0,3}
138 #define SECURITY_NON_UNIQUE_AUTHORITY {0,0,0,0,0,4}
139 #define SECURITY_RESOURCE_MANAGER_AUTHORITY {0,0,0,0,0,9}
141 #define SECURITY_NULL_RID (0x00000000L)
142 #define SECURITY_WORLD_RID (0x00000000L)
143 #define SECURITY_LOCAL_RID (0x00000000L)
144 #define SECURITY_LOCAL_LOGON_RID (0x00000001L)
146 #define SECURITY_CREATOR_OWNER_RID (0x00000000L)
147 #define SECURITY_CREATOR_GROUP_RID (0x00000001L)
148 #define SECURITY_CREATOR_OWNER_SERVER_RID (0x00000002L)
149 #define SECURITY_CREATOR_GROUP_SERVER_RID (0x00000003L)
150 #define SECURITY_CREATOR_OWNER_RIGHTS_RID (0x00000004L)
152 /* NT well-known SIDs */
154 #define SECURITY_NT_AUTHORITY {0,0,0,0,0,5}
156 #define SECURITY_DIALUP_RID (0x00000001L)
157 #define SECURITY_NETWORK_RID (0x00000002L)
158 #define SECURITY_BATCH_RID (0x00000003L)
159 #define SECURITY_INTERACTIVE_RID (0x00000004L)
160 #define SECURITY_LOGON_IDS_RID (0x00000005L)
161 #define SECURITY_LOGON_IDS_RID_COUNT (3L)
162 #define SECURITY_SERVICE_RID (0x00000006L)
163 #define SECURITY_ANONYMOUS_LOGON_RID (0x00000007L)
164 #define SECURITY_PROXY_RID (0x00000008L)
165 #define SECURITY_ENTERPRISE_CONTROLLERS_RID (0x00000009L)
166 #define SECURITY_SERVER_LOGON_RID SECURITY_ENTERPRISE_CONTROLLERS_RID
167 #define SECURITY_PRINCIPAL_SELF_RID (0x0000000AL)
168 #define SECURITY_AUTHENTICATED_USER_RID (0x0000000BL)
169 #define SECURITY_RESTRICTED_CODE_RID (0x0000000CL)
170 #define SECURITY_TERMINAL_SERVER_RID (0x0000000DL)
171 #define SECURITY_REMOTE_LOGON_RID (0x0000000EL)
172 #define SECURITY_THIS_ORGANIZATION_RID (0x0000000FL)
173 #define SECURITY_IUSER_RID (0x00000011L)
174 #define SECURITY_LOCAL_SYSTEM_RID (0x00000012L)
175 #define SECURITY_LOCAL_SERVICE_RID (0x00000013L)
176 #define SECURITY_NETWORK_SERVICE_RID (0x00000014L)
177 #define SECURITY_NT_NON_UNIQUE (0x00000015L)
178 #define SECURITY_NT_NON_UNIQUE_SUB_AUTH_COUNT (3L)
179 #define SECURITY_ENTERPRISE_READONLY_CONTROLLERS_RID (0x00000016L)
181 #define SECURITY_BUILTIN_DOMAIN_RID (0x00000020L)
182 #define SECURITY_WRITE_RESTRICTED_CODE_RID (0x00000021L)
185 #define SECURITY_PACKAGE_BASE_RID (0x00000040L)
186 #define SECURITY_PACKAGE_RID_COUNT (2L)
187 #define SECURITY_PACKAGE_NTLM_RID (0x0000000AL)
188 #define SECURITY_PACKAGE_SCHANNEL_RID (0x0000000EL)
189 #define SECURITY_PACKAGE_DIGEST_RID (0x00000015L)
191 #define SECURITY_CRED_TYPE_BASE_RID (0x00000041L)
192 #define SECURITY_CRED_TYPE_RID_COUNT (2L)
193 #define SECURITY_CRED_TYPE_THIS_ORG_CERT_RID (0x00000001L)
195 #define SECURITY_MIN_BASE_RID (0x00000050L)
196 #define SECURITY_SERVICE_ID_BASE_RID (0x00000050L)
197 #define SECURITY_SERVICE_ID_RID_COUNT (6L)
198 #define SECURITY_RESERVED_ID_BASE_RID (0x00000051L)
199 #define SECURITY_APPPOOL_ID_BASE_RID (0x00000052L)
200 #define SECURITY_APPPOOL_ID_RID_COUNT (6L)
201 #define SECURITY_VIRTUALSERVER_ID_BASE_RID (0x00000053L)
202 #define SECURITY_VIRTUALSERVER_ID_RID_COUNT (6L)
203 #define SECURITY_USERMODEDRIVERHOST_ID_BASE_RID (0x00000054L)
204 #define SECURITY_USERMODEDRIVERHOST_ID_RID_COUNT (6L)
205 #define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_BASE_RID (0x00000055L)
206 #define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_RID_COUNT (6L)
207 #define SECURITY_WMIHOST_ID_BASE_RID (0x00000056L)
208 #define SECURITY_WMIHOST_ID_RID_COUNT (6L)
209 #define SECURITY_TASK_ID_BASE_RID (0x00000057L)
210 #define SECURITY_NFS_ID_BASE_RID (0x00000058L)
211 #define SECURITY_COM_ID_BASE_RID (0x00000059L)
212 #define SECURITY_VIRTUALACCOUNT_ID_RID_COUNT (6L)
214 #define SECURITY_MAX_BASE_RID (0x0000006FL)
216 #define SECURITY_MAX_ALWAYS_FILTERED (0x000003E7L)
217 #define SECURITY_MIN_NEVER_FILTERED (0x000003E8L)
219 #define SECURITY_OTHER_ORGANIZATION_RID (0x000003E8L)
221 #define SECURITY_WINDOWSMOBILE_ID_BASE_RID (0x00000070L)
223 /* Well-known domain relative sub-authority values (RIDs) */
225 #define DOMAIN_GROUP_RID_ENTERPRISE_READONLY_DOMAIN_CONTROLLERS (0x000001F2L)
227 #define FOREST_USER_RID_MAX (0x000001F3L)
229 /* Well-known users */
231 #define DOMAIN_USER_RID_ADMIN (0x000001F4L)
232 #define DOMAIN_USER_RID_GUEST (0x000001F5L)
233 #define DOMAIN_USER_RID_KRBTGT (0x000001F6L)
235 #define DOMAIN_USER_RID_MAX (0x000003E7L)
237 /* Well-known groups */
239 #define DOMAIN_GROUP_RID_ADMINS (0x00000200L)
240 #define DOMAIN_GROUP_RID_USERS (0x00000201L)
241 #define DOMAIN_GROUP_RID_GUESTS (0x00000202L)
242 #define DOMAIN_GROUP_RID_COMPUTERS (0x00000203L)
243 #define DOMAIN_GROUP_RID_CONTROLLERS (0x00000204L)
244 #define DOMAIN_GROUP_RID_CERT_ADMINS (0x00000205L)
245 #define DOMAIN_GROUP_RID_SCHEMA_ADMINS (0x00000206L)
246 #define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS (0x00000207L)
247 #define DOMAIN_GROUP_RID_POLICY_ADMINS (0x00000208L)
248 #define DOMAIN_GROUP_RID_READONLY_CONTROLLERS (0x00000209L)
250 /* Well-known aliases */
252 #define DOMAIN_ALIAS_RID_ADMINS (0x00000220L)
253 #define DOMAIN_ALIAS_RID_USERS (0x00000221L)
254 #define DOMAIN_ALIAS_RID_GUESTS (0x00000222L)
255 #define DOMAIN_ALIAS_RID_POWER_USERS (0x00000223L)
257 #define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L)
258 #define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x00000225L)
259 #define DOMAIN_ALIAS_RID_PRINT_OPS (0x00000226L)
260 #define DOMAIN_ALIAS_RID_BACKUP_OPS (0x00000227L)
262 #define DOMAIN_ALIAS_RID_REPLICATOR (0x00000228L)
263 #define DOMAIN_ALIAS_RID_RAS_SERVERS (0x00000229L)
264 #define DOMAIN_ALIAS_RID_PREW2KCOMPACCESS (0x0000022AL)
265 #define DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS (0x0000022BL)
266 #define DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS (0x0000022CL)
267 #define DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS (0x0000022DL)
269 #define DOMAIN_ALIAS_RID_MONITORING_USERS (0x0000022EL)
270 #define DOMAIN_ALIAS_RID_LOGGING_USERS (0x0000022FL)
271 #define DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS (0x00000230L)
272 #define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS (0x00000231L)
273 #define DOMAIN_ALIAS_RID_DCOM_USERS (0x00000232L)
274 #define DOMAIN_ALIAS_RID_IUSERS (0x00000238L)
275 #define DOMAIN_ALIAS_RID_CRYPTO_OPERATORS (0x00000239L)
276 #define DOMAIN_ALIAS_RID_CACHEABLE_PRINCIPALS_GROUP (0x0000023BL)
277 #define DOMAIN_ALIAS_RID_NON_CACHEABLE_PRINCIPALS_GROUP (0x0000023CL)
278 #define DOMAIN_ALIAS_RID_EVENT_LOG_READERS_GROUP (0x0000023DL)
279 #define DOMAIN_ALIAS_RID_CERTSVC_DCOM_ACCESS_GROUP (0x0000023EL)
281 #define SECURITY_MANDATORY_LABEL_AUTHORITY {0,0,0,0,0,16}
282 #define SECURITY_MANDATORY_UNTRUSTED_RID (0x00000000L)
283 #define SECURITY_MANDATORY_LOW_RID (0x00001000L)
284 #define SECURITY_MANDATORY_MEDIUM_RID (0x00002000L)
285 #define SECURITY_MANDATORY_HIGH_RID (0x00003000L)
286 #define SECURITY_MANDATORY_SYSTEM_RID (0x00004000L)
287 #define SECURITY_MANDATORY_PROTECTED_PROCESS_RID (0x00005000L)
289 /* SECURITY_MANDATORY_MAXIMUM_USER_RID is the highest RID that
290 can be set by a usermode caller.*/
292 #define SECURITY_MANDATORY_MAXIMUM_USER_RID SECURITY_MANDATORY_SYSTEM_RID
294 #define MANDATORY_LEVEL_TO_MANDATORY_RID(IL) (IL * 0x1000)
296 /* Allocate the System Luid. The first 1000 LUIDs are reserved.
297 Use #999 here (0x3e7 = 999) */
299 #define SYSTEM_LUID { 0x3e7, 0x0 }
300 #define ANONYMOUS_LOGON_LUID { 0x3e6, 0x0 }
301 #define LOCALSERVICE_LUID { 0x3e5, 0x0 }
302 #define NETWORKSERVICE_LUID { 0x3e4, 0x0 }
303 #define IUSER_LUID { 0x3e3, 0x0 }
305 typedef struct _ACE_HEADER
{
309 } ACE_HEADER
, *PACE_HEADER
;
311 /* also in winnt.h */
312 #define ACCESS_MIN_MS_ACE_TYPE (0x0)
313 #define ACCESS_ALLOWED_ACE_TYPE (0x0)
314 #define ACCESS_DENIED_ACE_TYPE (0x1)
315 #define SYSTEM_AUDIT_ACE_TYPE (0x2)
316 #define SYSTEM_ALARM_ACE_TYPE (0x3)
317 #define ACCESS_MAX_MS_V2_ACE_TYPE (0x3)
318 #define ACCESS_ALLOWED_COMPOUND_ACE_TYPE (0x4)
319 #define ACCESS_MAX_MS_V3_ACE_TYPE (0x4)
320 #define ACCESS_MIN_MS_OBJECT_ACE_TYPE (0x5)
321 #define ACCESS_ALLOWED_OBJECT_ACE_TYPE (0x5)
322 #define ACCESS_DENIED_OBJECT_ACE_TYPE (0x6)
323 #define SYSTEM_AUDIT_OBJECT_ACE_TYPE (0x7)
324 #define SYSTEM_ALARM_OBJECT_ACE_TYPE (0x8)
325 #define ACCESS_MAX_MS_OBJECT_ACE_TYPE (0x8)
326 #define ACCESS_MAX_MS_V4_ACE_TYPE (0x8)
327 #define ACCESS_MAX_MS_ACE_TYPE (0x8)
328 #define ACCESS_ALLOWED_CALLBACK_ACE_TYPE (0x9)
329 #define ACCESS_DENIED_CALLBACK_ACE_TYPE (0xA)
330 #define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE (0xB)
331 #define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE (0xC)
332 #define SYSTEM_AUDIT_CALLBACK_ACE_TYPE (0xD)
333 #define SYSTEM_ALARM_CALLBACK_ACE_TYPE (0xE)
334 #define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE (0xF)
335 #define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE (0x10)
336 #define ACCESS_MAX_MS_V5_ACE_TYPE (0x11)
337 #define SYSTEM_MANDATORY_LABEL_ACE_TYPE (0x11)
339 /* The following are the inherit flags that go into the AceFlags field
342 #define OBJECT_INHERIT_ACE (0x1)
343 #define CONTAINER_INHERIT_ACE (0x2)
344 #define NO_PROPAGATE_INHERIT_ACE (0x4)
345 #define INHERIT_ONLY_ACE (0x8)
346 #define INHERITED_ACE (0x10)
347 #define VALID_INHERIT_FLAGS (0x1F)
349 #define SUCCESSFUL_ACCESS_ACE_FLAG (0x40)
350 #define FAILED_ACCESS_ACE_FLAG (0x80)
352 typedef struct _ACCESS_ALLOWED_ACE
{
356 } ACCESS_ALLOWED_ACE
, *PACCESS_ALLOWED_ACE
;
358 typedef struct _ACCESS_DENIED_ACE
{
362 } ACCESS_DENIED_ACE
, *PACCESS_DENIED_ACE
;
364 typedef struct _SYSTEM_AUDIT_ACE
{
368 } SYSTEM_AUDIT_ACE
, *PSYSTEM_AUDIT_ACE
;
370 typedef struct _SYSTEM_ALARM_ACE
{
374 } SYSTEM_ALARM_ACE
, *PSYSTEM_ALARM_ACE
;
376 typedef struct _SYSTEM_MANDATORY_LABEL_ACE
{
380 } SYSTEM_MANDATORY_LABEL_ACE
, *PSYSTEM_MANDATORY_LABEL_ACE
;
382 #define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP 0x1
383 #define SYSTEM_MANDATORY_LABEL_NO_READ_UP 0x2
384 #define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP 0x4
385 #define SYSTEM_MANDATORY_LABEL_VALID_MASK (SYSTEM_MANDATORY_LABEL_NO_WRITE_UP | \
386 SYSTEM_MANDATORY_LABEL_NO_READ_UP | \
387 SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP)
389 #define SECURITY_DESCRIPTOR_MIN_LENGTH (sizeof(SECURITY_DESCRIPTOR))
391 typedef USHORT SECURITY_DESCRIPTOR_CONTROL
,*PSECURITY_DESCRIPTOR_CONTROL
;
393 #define SE_OWNER_DEFAULTED 0x0001
394 #define SE_GROUP_DEFAULTED 0x0002
395 #define SE_DACL_PRESENT 0x0004
396 #define SE_DACL_DEFAULTED 0x0008
397 #define SE_SACL_PRESENT 0x0010
398 #define SE_SACL_DEFAULTED 0x0020
399 #define SE_DACL_UNTRUSTED 0x0040
400 #define SE_SERVER_SECURITY 0x0080
401 #define SE_DACL_AUTO_INHERIT_REQ 0x0100
402 #define SE_SACL_AUTO_INHERIT_REQ 0x0200
403 #define SE_DACL_AUTO_INHERITED 0x0400
404 #define SE_SACL_AUTO_INHERITED 0x0800
405 #define SE_DACL_PROTECTED 0x1000
406 #define SE_SACL_PROTECTED 0x2000
407 #define SE_RM_CONTROL_VALID 0x4000
408 #define SE_SELF_RELATIVE 0x8000
410 typedef struct _SECURITY_DESCRIPTOR_RELATIVE
{
413 SECURITY_DESCRIPTOR_CONTROL Control
;
418 } SECURITY_DESCRIPTOR_RELATIVE
, *PISECURITY_DESCRIPTOR_RELATIVE
;
422 #ifndef VER_PRODUCTBUILD
423 #define VER_PRODUCTBUILD 10000
426 #define EX_PUSH_LOCK ULONG_PTR
427 #define PEX_PUSH_LOCK PULONG_PTR
432 extern PUCHAR FsRtlLegalAnsiCharacterArray
;
434 extern DECLSPEC_IMPORT PUCHAR FsRtlLegalAnsiCharacterArray
;
436 extern PACL SePublicDefaultDacl
;
437 extern PACL SeSystemDefaultDacl
;
439 extern KSPIN_LOCK IoStatisticsLock
;
440 extern ULONG IoReadOperationCount
;
441 extern ULONG IoWriteOperationCount
;
442 extern ULONG IoOtherOperationCount
;
443 extern LARGE_INTEGER IoReadTransferCount
;
444 extern LARGE_INTEGER IoWriteTransferCount
;
445 extern LARGE_INTEGER IoOtherTransferCount
;
447 typedef ULONG LSA_OPERATIONAL_MODE
, *PLSA_OPERATIONAL_MODE
;
449 typedef enum _SECURITY_LOGON_TYPE
451 UndefinedLogonType
= 0,
460 #if (_WIN32_WINNT >= 0x0501)
464 #if (_WIN32_WINNT >= 0x0502)
465 CachedRemoteInteractive
,
468 } SECURITY_LOGON_TYPE
, *PSECURITY_LOGON_TYPE
;
470 #define ANSI_DOS_STAR ('<')
471 #define ANSI_DOS_QM ('>')
472 #define ANSI_DOS_DOT ('"')
474 #define DOS_STAR (L'<')
475 #define DOS_QM (L'>')
476 #define DOS_DOT (L'"')
478 #define COMPRESSION_FORMAT_NONE (0x0000)
479 #define COMPRESSION_FORMAT_DEFAULT (0x0001)
480 #define COMPRESSION_FORMAT_LZNT1 (0x0002)
481 #define COMPRESSION_ENGINE_STANDARD (0x0000)
482 #define COMPRESSION_ENGINE_MAXIMUM (0x0100)
483 #define COMPRESSION_ENGINE_HIBER (0x0200)
485 #define FILE_ACTION_ADDED 0x00000001
486 #define FILE_ACTION_REMOVED 0x00000002
487 #define FILE_ACTION_MODIFIED 0x00000003
488 #define FILE_ACTION_RENAMED_OLD_NAME 0x00000004
489 #define FILE_ACTION_RENAMED_NEW_NAME 0x00000005
490 #define FILE_ACTION_ADDED_STREAM 0x00000006
491 #define FILE_ACTION_REMOVED_STREAM 0x00000007
492 #define FILE_ACTION_MODIFIED_STREAM 0x00000008
493 #define FILE_ACTION_REMOVED_BY_DELETE 0x00000009
494 #define FILE_ACTION_ID_NOT_TUNNELLED 0x0000000A
495 #define FILE_ACTION_TUNNELLED_ID_COLLISION 0x0000000B
498 #define FILE_EA_TYPE_BINARY 0xfffe
499 #define FILE_EA_TYPE_ASCII 0xfffd
500 #define FILE_EA_TYPE_BITMAP 0xfffb
501 #define FILE_EA_TYPE_METAFILE 0xfffa
502 #define FILE_EA_TYPE_ICON 0xfff9
503 #define FILE_EA_TYPE_EA 0xffee
504 #define FILE_EA_TYPE_MVMT 0xffdf
505 #define FILE_EA_TYPE_MVST 0xffde
506 #define FILE_EA_TYPE_ASN1 0xffdd
507 #define FILE_EA_TYPE_FAMILY_IDS 0xff01
509 #define FILE_NEED_EA 0x00000080
511 /* also in winnt.h */
512 #define FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001
513 #define FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002
514 #define FILE_NOTIFY_CHANGE_NAME 0x00000003
515 #define FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004
516 #define FILE_NOTIFY_CHANGE_SIZE 0x00000008
517 #define FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010
518 #define FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020
519 #define FILE_NOTIFY_CHANGE_CREATION 0x00000040
520 #define FILE_NOTIFY_CHANGE_EA 0x00000080
521 #define FILE_NOTIFY_CHANGE_SECURITY 0x00000100
522 #define FILE_NOTIFY_CHANGE_STREAM_NAME 0x00000200
523 #define FILE_NOTIFY_CHANGE_STREAM_SIZE 0x00000400
524 #define FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800
525 #define FILE_NOTIFY_VALID_MASK 0x00000fff
528 #define FILE_OPLOCK_BROKEN_TO_LEVEL_2 0x00000007
529 #define FILE_OPLOCK_BROKEN_TO_NONE 0x00000008
531 #define FILE_OPBATCH_BREAK_UNDERWAY 0x00000009
533 #define FILE_CASE_SENSITIVE_SEARCH 0x00000001
534 #define FILE_CASE_PRESERVED_NAMES 0x00000002
535 #define FILE_UNICODE_ON_DISK 0x00000004
536 #define FILE_PERSISTENT_ACLS 0x00000008
537 #define FILE_FILE_COMPRESSION 0x00000010
538 #define FILE_VOLUME_QUOTAS 0x00000020
539 #define FILE_SUPPORTS_SPARSE_FILES 0x00000040
540 #define FILE_SUPPORTS_REPARSE_POINTS 0x00000080
541 #define FILE_SUPPORTS_REMOTE_STORAGE 0x00000100
542 #define FS_LFN_APIS 0x00004000
543 #define FILE_VOLUME_IS_COMPRESSED 0x00008000
544 #define FILE_SUPPORTS_OBJECT_IDS 0x00010000
545 #define FILE_SUPPORTS_ENCRYPTION 0x00020000
546 #define FILE_NAMED_STREAMS 0x00040000
547 #define FILE_READ_ONLY_VOLUME 0x00080000
548 #define FILE_SEQUENTIAL_WRITE_ONCE 0x00100000
549 #define FILE_SUPPORTS_TRANSACTIONS 0x00200000
551 #define FILE_PIPE_BYTE_STREAM_TYPE 0x00000000
552 #define FILE_PIPE_MESSAGE_TYPE 0x00000001
554 #define FILE_PIPE_BYTE_STREAM_MODE 0x00000000
555 #define FILE_PIPE_MESSAGE_MODE 0x00000001
557 #define FILE_PIPE_QUEUE_OPERATION 0x00000000
558 #define FILE_PIPE_COMPLETE_OPERATION 0x00000001
560 #define FILE_PIPE_INBOUND 0x00000000
561 #define FILE_PIPE_OUTBOUND 0x00000001
562 #define FILE_PIPE_FULL_DUPLEX 0x00000002
564 #define FILE_PIPE_DISCONNECTED_STATE 0x00000001
565 #define FILE_PIPE_LISTENING_STATE 0x00000002
566 #define FILE_PIPE_CONNECTED_STATE 0x00000003
567 #define FILE_PIPE_CLOSING_STATE 0x00000004
569 #define FILE_PIPE_CLIENT_END 0x00000000
570 #define FILE_PIPE_SERVER_END 0x00000001
572 #define FILE_PIPE_READ_DATA 0x00000000
573 #define FILE_PIPE_WRITE_SPACE 0x00000001
575 #define FILE_STORAGE_TYPE_SPECIFIED 0x00000041 /* FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE */
576 #define FILE_STORAGE_TYPE_DEFAULT (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT)
577 #define FILE_STORAGE_TYPE_DIRECTORY (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT)
578 #define FILE_STORAGE_TYPE_FILE (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT)
579 #define FILE_STORAGE_TYPE_DOCFILE (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT)
580 #define FILE_STORAGE_TYPE_JUNCTION_POINT (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT)
581 #define FILE_STORAGE_TYPE_CATALOG (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT)
582 #define FILE_STORAGE_TYPE_STRUCTURED_STORAGE (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT)
583 #define FILE_STORAGE_TYPE_EMBEDDING (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT)
584 #define FILE_STORAGE_TYPE_STREAM (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT)
585 #define FILE_MINIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_DEFAULT
586 #define FILE_MAXIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_STREAM
587 #define FILE_STORAGE_TYPE_MASK 0x000f0000
588 #define FILE_STORAGE_TYPE_SHIFT 16
590 #define FILE_VC_QUOTA_NONE 0x00000000
591 #define FILE_VC_QUOTA_TRACK 0x00000001
592 #define FILE_VC_QUOTA_ENFORCE 0x00000002
593 #define FILE_VC_QUOTA_MASK 0x00000003
595 #define FILE_VC_QUOTAS_LOG_VIOLATIONS 0x00000004
596 #define FILE_VC_CONTENT_INDEX_DISABLED 0x00000008
598 #define FILE_VC_LOG_QUOTA_THRESHOLD 0x00000010
599 #define FILE_VC_LOG_QUOTA_LIMIT 0x00000020
600 #define FILE_VC_LOG_VOLUME_THRESHOLD 0x00000040
601 #define FILE_VC_LOG_VOLUME_LIMIT 0x00000080
603 #define FILE_VC_QUOTAS_INCOMPLETE 0x00000100
604 #define FILE_VC_QUOTAS_REBUILDING 0x00000200
606 #define FILE_VC_VALID_MASK 0x000003ff
608 #define FSRTL_FLAG_FILE_MODIFIED (0x01)
609 #define FSRTL_FLAG_FILE_LENGTH_CHANGED (0x02)
610 #define FSRTL_FLAG_LIMIT_MODIFIED_PAGES (0x04)
611 #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_EX (0x08)
612 #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_SH (0x10)
613 #define FSRTL_FLAG_USER_MAPPED_FILE (0x20)
614 #define FSRTL_FLAG_ADVANCED_HEADER (0x40)
615 #define FSRTL_FLAG_EOF_ADVANCE_ACTIVE (0x80)
617 #define FSRTL_FLAG2_DO_MODIFIED_WRITE (0x01)
618 #define FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS (0x02)
619 #define FSRTL_FLAG2_PURGE_WHEN_MAPPED (0x04)
620 #define FSRTL_FLAG2_IS_PAGING_FILE (0x08)
622 #define FSRTL_FSP_TOP_LEVEL_IRP (0x01)
623 #define FSRTL_CACHE_TOP_LEVEL_IRP (0x02)
624 #define FSRTL_MOD_WRITE_TOP_LEVEL_IRP (0x03)
625 #define FSRTL_FAST_IO_TOP_LEVEL_IRP (0x04)
626 #define FSRTL_MAX_TOP_LEVEL_IRP_FLAG (0x04)
628 #define FSRTL_VOLUME_DISMOUNT 1
629 #define FSRTL_VOLUME_DISMOUNT_FAILED 2
630 #define FSRTL_VOLUME_LOCK 3
631 #define FSRTL_VOLUME_LOCK_FAILED 4
632 #define FSRTL_VOLUME_UNLOCK 5
633 #define FSRTL_VOLUME_MOUNT 6
635 #define FSRTL_WILD_CHARACTER 0x08
637 #define FSRTL_FAT_LEGAL 0x01
638 #define FSRTL_HPFS_LEGAL 0x02
639 #define FSRTL_NTFS_LEGAL 0x04
640 #define FSRTL_WILD_CHARACTER 0x08
641 #define FSRTL_OLE_LEGAL 0x10
642 #define FSRTL_NTFS_STREAM_LEGAL 0x14
645 #define HARDWARE_PTE HARDWARE_PTE_X86
646 #define PHARDWARE_PTE PHARDWARE_PTE_X86
649 #define IO_CHECK_CREATE_PARAMETERS 0x0200
650 #define IO_ATTACH_DEVICE 0x0400
652 #define IO_ATTACH_DEVICE_API 0x80000000
654 #define IO_FILE_OBJECT_NON_PAGED_POOL_CHARGE 64
655 #define IO_FILE_OBJECT_PAGED_POOL_CHARGE 1024
657 #define IO_TYPE_APC 18
658 #define IO_TYPE_DPC 19
659 #define IO_TYPE_DEVICE_QUEUE 20
660 #define IO_TYPE_EVENT_PAIR 21
661 #define IO_TYPE_INTERRUPT 22
662 #define IO_TYPE_PROFILE 23
664 #define IRP_BEING_VERIFIED 0x10
666 #define MAILSLOT_CLASS_FIRSTCLASS 1
667 #define MAILSLOT_CLASS_SECONDCLASS 2
669 #define MAILSLOT_SIZE_AUTO 0
671 #define MEM_DOS_LIM 0x40000000
673 #define MCB_FLAG_RAISE_ON_ALLOCATION_FAILURE 1
675 #define OB_TYPE_TYPE 1
676 #define OB_TYPE_DIRECTORY 2
677 #define OB_TYPE_SYMBOLIC_LINK 3
678 #define OB_TYPE_TOKEN 4
679 #define OB_TYPE_PROCESS 5
680 #define OB_TYPE_THREAD 6
681 #define OB_TYPE_EVENT 7
682 #define OB_TYPE_EVENT_PAIR 8
683 #define OB_TYPE_MUTANT 9
684 #define OB_TYPE_SEMAPHORE 10
685 #define OB_TYPE_TIMER 11
686 #define OB_TYPE_PROFILE 12
687 #define OB_TYPE_WINDOW_STATION 13
688 #define OB_TYPE_DESKTOP 14
689 #define OB_TYPE_SECTION 15
690 #define OB_TYPE_KEY 16
691 #define OB_TYPE_PORT 17
692 #define OB_TYPE_ADAPTER 18
693 #define OB_TYPE_CONTROLLER 19
694 #define OB_TYPE_DEVICE 20
695 #define OB_TYPE_DRIVER 21
696 #define OB_TYPE_IO_COMPLETION 22
697 #define OB_TYPE_FILE 23
700 #define PIN_EXCLUSIVE (2)
701 #define PIN_NO_READ (4)
702 #define PIN_IF_BCB (8)
704 #define RTL_DUPLICATE_UNICODE_STRING_NULL_TERMINATE 1
705 #define RTL_DUPLICATE_UNICODE_STRING_ALLOCATE_NULL_STRING 2
707 #define SEC_BASED 0x00200000
709 #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
710 #define SECURITY_WORLD_RID (0x00000000L)
712 #define TOKEN_ASSIGN_PRIMARY (0x0001)
713 #define TOKEN_DUPLICATE (0x0002)
714 #define TOKEN_IMPERSONATE (0x0004)
715 #define TOKEN_QUERY (0x0008)
716 #define TOKEN_QUERY_SOURCE (0x0010)
717 #define TOKEN_ADJUST_PRIVILEGES (0x0020)
718 #define TOKEN_ADJUST_GROUPS (0x0040)
719 #define TOKEN_ADJUST_DEFAULT (0x0080)
720 #define TOKEN_ADJUST_SESSIONID (0x0100)
722 #define TOKEN_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED |\
723 TOKEN_ASSIGN_PRIMARY |\
727 TOKEN_QUERY_SOURCE |\
728 TOKEN_ADJUST_PRIVILEGES |\
729 TOKEN_ADJUST_GROUPS |\
730 TOKEN_ADJUST_DEFAULT |\
731 TOKEN_ADJUST_SESSIONID)
733 #define TOKEN_READ (STANDARD_RIGHTS_READ |\
736 #define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\
737 TOKEN_ADJUST_PRIVILEGES |\
738 TOKEN_ADJUST_GROUPS |\
739 TOKEN_ADJUST_DEFAULT)
741 #define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE)
743 #define TOKEN_SOURCE_LENGTH 8
746 #define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x01
747 #define TOKEN_HAS_BACKUP_PRIVILEGE 0x02
748 #define TOKEN_HAS_RESTORE_PRIVILEGE 0x04
749 #define TOKEN_HAS_ADMIN_GROUP 0x08
750 #define TOKEN_WRITE_RESTRICTED 0x08
751 #define TOKEN_IS_RESTRICTED 0x10
752 #define SE_BACKUP_PRIVILEGES_CHECKED 0x0100
754 #define VACB_MAPPING_GRANULARITY (0x40000)
755 #define VACB_OFFSET_SHIFT (18)
758 #define _AUDIT_EVENT_TYPE_HACK 0
760 #if (_AUDIT_EVENT_TYPE_HACK == 1)
763 typedef enum _AUDIT_EVENT_TYPE
765 AuditEventObjectAccess
,
766 AuditEventDirectoryServiceAccess
767 } AUDIT_EVENT_TYPE
, *PAUDIT_EVENT_TYPE
;
770 #define AUDIT_ALLOW_NO_PRIVILEGE 0x1
772 #define FSCTL_REQUEST_OPLOCK_LEVEL_1 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
773 #define FSCTL_REQUEST_OPLOCK_LEVEL_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
774 #define FSCTL_REQUEST_BATCH_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
775 #define FSCTL_OPLOCK_BREAK_ACKNOWLEDGE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 3, METHOD_BUFFERED, FILE_ANY_ACCESS)
776 #define FSCTL_OPBATCH_ACK_CLOSE_PENDING CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
777 #define FSCTL_OPLOCK_BREAK_NOTIFY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 5, METHOD_BUFFERED, FILE_ANY_ACCESS)
778 #define FSCTL_LOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
779 #define FSCTL_UNLOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
780 #define FSCTL_DISMOUNT_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
782 #define FSCTL_IS_VOLUME_MOUNTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 10, METHOD_BUFFERED, FILE_ANY_ACCESS)
783 #define FSCTL_IS_PATHNAME_VALID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 11, METHOD_BUFFERED, FILE_ANY_ACCESS)
784 #define FSCTL_MARK_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 12, METHOD_BUFFERED, FILE_ANY_ACCESS)
786 #define FSCTL_QUERY_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 14, METHOD_NEITHER, FILE_ANY_ACCESS)
787 #define FSCTL_GET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 15, METHOD_BUFFERED, FILE_ANY_ACCESS)
788 #define FSCTL_SET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 16, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
791 #define FSCTL_MARK_AS_SYSTEM_HIVE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 19, METHOD_NEITHER, FILE_ANY_ACCESS)
792 #define FSCTL_OPLOCK_BREAK_ACK_NO_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 20, METHOD_BUFFERED, FILE_ANY_ACCESS)
793 #define FSCTL_INVALIDATE_VOLUMES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 21, METHOD_BUFFERED, FILE_ANY_ACCESS)
794 #define FSCTL_QUERY_FAT_BPB CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 22, METHOD_BUFFERED, FILE_ANY_ACCESS)
795 #define FSCTL_REQUEST_FILTER_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 23, METHOD_BUFFERED, FILE_ANY_ACCESS)
796 #define FSCTL_FILESYSTEM_GET_STATISTICS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 24, METHOD_BUFFERED, FILE_ANY_ACCESS)
798 #if (VER_PRODUCTBUILD >= 1381)
800 #define FSCTL_GET_NTFS_VOLUME_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 25, METHOD_BUFFERED, FILE_ANY_ACCESS)
801 #define FSCTL_GET_NTFS_FILE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 26, METHOD_BUFFERED, FILE_ANY_ACCESS)
802 #define FSCTL_GET_VOLUME_BITMAP CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 27, METHOD_NEITHER, FILE_ANY_ACCESS)
803 #define FSCTL_GET_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 28, METHOD_NEITHER, FILE_ANY_ACCESS)
804 #define FSCTL_MOVE_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 29, METHOD_BUFFERED, FILE_ANY_ACCESS)
805 #define FSCTL_IS_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 30, METHOD_BUFFERED, FILE_ANY_ACCESS)
806 #define FSCTL_GET_HFS_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS)
807 #define FSCTL_ALLOW_EXTENDED_DASD_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 32, METHOD_NEITHER, FILE_ANY_ACCESS)
809 #endif /* (VER_PRODUCTBUILD >= 1381) */
811 #if (VER_PRODUCTBUILD >= 2195)
813 #define FSCTL_READ_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS)
814 #define FSCTL_WRITE_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS)
815 #define FSCTL_FIND_FILES_BY_SID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 35, METHOD_NEITHER, FILE_ANY_ACCESS)
817 #define FSCTL_DUMP_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS)
818 #define FSCTL_SET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 38, METHOD_BUFFERED, FILE_WRITE_DATA)
819 #define FSCTL_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 39, METHOD_BUFFERED, FILE_ANY_ACCESS)
820 #define FSCTL_DELETE_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 40, METHOD_BUFFERED, FILE_WRITE_DATA)
821 #define FSCTL_SET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 41, METHOD_BUFFERED, FILE_WRITE_DATA)
822 #define FSCTL_GET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 42, METHOD_BUFFERED, FILE_ANY_ACCESS)
823 #define FSCTL_DELETE_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 43, METHOD_BUFFERED, FILE_WRITE_DATA)
824 #define FSCTL_ENUM_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 44, METHOD_NEITHER, FILE_READ_DATA)
825 #define FSCTL_SECURITY_ID_CHECK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 45, METHOD_NEITHER, FILE_READ_DATA)
826 #define FSCTL_READ_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 46, METHOD_NEITHER, FILE_READ_DATA)
827 #define FSCTL_SET_OBJECT_ID_EXTENDED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 47, METHOD_BUFFERED, FILE_WRITE_DATA)
828 #define FSCTL_CREATE_OR_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 48, METHOD_BUFFERED, FILE_ANY_ACCESS)
829 #define FSCTL_SET_SPARSE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 49, METHOD_BUFFERED, FILE_WRITE_DATA)
830 #define FSCTL_SET_ZERO_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 50, METHOD_BUFFERED, FILE_WRITE_DATA)
831 #define FSCTL_QUERY_ALLOCATED_RANGES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 51, METHOD_NEITHER, FILE_READ_DATA)
832 #define FSCTL_ENABLE_UPGRADE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 52, METHOD_BUFFERED, FILE_WRITE_DATA)
833 #define FSCTL_SET_ENCRYPTION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 53, METHOD_BUFFERED, FILE_ANY_ACCESS)
834 #define FSCTL_ENCRYPTION_FSCTL_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 54, METHOD_NEITHER, FILE_ANY_ACCESS)
835 #define FSCTL_WRITE_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 55, METHOD_NEITHER, FILE_ANY_ACCESS)
836 #define FSCTL_READ_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 56, METHOD_NEITHER, FILE_ANY_ACCESS)
837 #define FSCTL_CREATE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 57, METHOD_NEITHER, FILE_READ_DATA)
838 #define FSCTL_READ_FILE_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 58, METHOD_NEITHER, FILE_READ_DATA)
839 #define FSCTL_WRITE_USN_CLOSE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 59, METHOD_NEITHER, FILE_READ_DATA)
840 #define FSCTL_EXTEND_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 60, METHOD_BUFFERED, FILE_ANY_ACCESS)
841 #define FSCTL_QUERY_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 61, METHOD_BUFFERED, FILE_ANY_ACCESS)
842 #define FSCTL_DELETE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 62, METHOD_BUFFERED, FILE_ANY_ACCESS)
843 #define FSCTL_MARK_HANDLE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 63, METHOD_BUFFERED, FILE_ANY_ACCESS)
844 #define FSCTL_SIS_COPYFILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 64, METHOD_BUFFERED, FILE_ANY_ACCESS)
845 #define FSCTL_SIS_LINK_FILES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 65, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
846 #define FSCTL_HSM_MSG CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
847 #define FSCTL_NSS_CONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 67, METHOD_BUFFERED, FILE_WRITE_DATA)
848 #define FSCTL_HSM_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
849 #define FSCTL_RECALL_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 69, METHOD_NEITHER, FILE_ANY_ACCESS)
850 #define FSCTL_NSS_RCONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 70, METHOD_BUFFERED, FILE_READ_DATA)
851 #define FSCTL_READ_FROM_PLEX CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 71, METHOD_OUT_DIRECT, FILE_READ_DATA)
852 #define FSCTL_FILE_PREFETCH CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 72, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
854 #endif /* (VER_PRODUCTBUILD >= 2195) */
856 #define FSCTL_MAILSLOT_PEEK CTL_CODE(FILE_DEVICE_MAILSLOT, 0, METHOD_NEITHER, FILE_READ_DATA)
858 #define FSCTL_NETWORK_SET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
859 #define FSCTL_NETWORK_GET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
860 #define FSCTL_NETWORK_GET_CONNECTION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS)
861 #define FSCTL_NETWORK_ENUMERATE_CONNECTIONS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS)
862 #define FSCTL_NETWORK_DELETE_CONNECTION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS)
863 #define FSCTL_NETWORK_GET_STATISTICS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 116, METHOD_BUFFERED, FILE_ANY_ACCESS)
864 #define FSCTL_NETWORK_SET_DOMAIN_NAME CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS)
865 #define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS)
867 #define FSCTL_PIPE_ASSIGN_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
868 #define FSCTL_PIPE_DISCONNECT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
869 #define FSCTL_PIPE_LISTEN CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
870 #define FSCTL_PIPE_PEEK CTL_CODE(FILE_DEVICE_NAMED_PIPE, 3, METHOD_BUFFERED, FILE_READ_DATA)
871 #define FSCTL_PIPE_QUERY_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
872 #define FSCTL_PIPE_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 5, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
873 #define FSCTL_PIPE_WAIT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
874 #define FSCTL_PIPE_IMPERSONATE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
875 #define FSCTL_PIPE_SET_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
876 #define FSCTL_PIPE_QUERY_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 9, METHOD_BUFFERED, FILE_ANY_ACCESS)
877 #define FSCTL_PIPE_INTERNAL_READ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2045, METHOD_BUFFERED, FILE_READ_DATA)
878 #define FSCTL_PIPE_INTERNAL_WRITE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2046, METHOD_BUFFERED, FILE_WRITE_DATA)
879 #define FSCTL_PIPE_INTERNAL_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2047, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
880 #define FSCTL_PIPE_INTERNAL_READ_OVFLOW CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2048, METHOD_BUFFERED, FILE_READ_DATA)
882 #define IOCTL_REDIR_QUERY_PATH CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS)
884 typedef PVOID OPLOCK
, *POPLOCK
;
889 struct _RTL_AVL_TABLE
;
890 struct _RTL_GENERIC_TABLE
;
898 typedef PVOID PNOTIFY_SYNC
;
900 typedef enum _FAST_IO_POSSIBLE
{
906 typedef enum _FILE_STORAGE_TYPE
{
907 StorageTypeDefault
= 1,
908 StorageTypeDirectory
,
910 StorageTypeJunctionPoint
,
912 StorageTypeStructuredStorage
,
913 StorageTypeEmbedding
,
917 typedef enum _OBJECT_INFORMATION_CLASS
919 ObjectBasicInformation
,
920 ObjectNameInformation
,
921 ObjectTypeInformation
,
922 ObjectTypesInformation
,
923 ObjectHandleFlagInformation
,
924 ObjectSessionInformation
,
926 } OBJECT_INFORMATION_CLASS
;
928 typedef struct _OBJECT_BASIC_INFORMATION
931 ACCESS_MASK GrantedAccess
;
934 ULONG PagedPoolCharge
;
935 ULONG NonPagedPoolCharge
;
939 ULONG SecurityDescriptorSize
;
940 LARGE_INTEGER CreationTime
;
941 } OBJECT_BASIC_INFORMATION
, *POBJECT_BASIC_INFORMATION
;
943 typedef struct _KAPC_STATE
{
944 LIST_ENTRY ApcListHead
[2];
946 BOOLEAN KernelApcInProgress
;
947 BOOLEAN KernelApcPending
;
948 BOOLEAN UserApcPending
;
949 } KAPC_STATE
, *PKAPC_STATE
, *RESTRICTED_POINTER PRKAPC_STATE
;
950 #define KAPC_STATE_ACTUAL_LENGTH (FIELD_OFFSET(KAPC_STATE, UserApcPending) + sizeof(BOOLEAN))
952 typedef struct _BITMAP_RANGE
{
955 ULONG FirstDirtyPage
;
959 } BITMAP_RANGE
, *PBITMAP_RANGE
;
961 typedef struct _CACHE_UNINITIALIZE_EVENT
{
962 struct _CACHE_UNINITIALIZE_EVENT
*Next
;
964 } CACHE_UNINITIALIZE_EVENT
, *PCACHE_UNINITIALIZE_EVENT
;
966 typedef struct _CC_FILE_SIZES
{
967 LARGE_INTEGER AllocationSize
;
968 LARGE_INTEGER FileSize
;
969 LARGE_INTEGER ValidDataLength
;
970 } CC_FILE_SIZES
, *PCC_FILE_SIZES
;
972 typedef struct _COMPRESSED_DATA_INFO
{
973 USHORT CompressionFormatAndEngine
;
974 UCHAR CompressionUnitShift
;
978 USHORT NumberOfChunks
;
979 ULONG CompressedChunkSizes
[ANYSIZE_ARRAY
];
980 } COMPRESSED_DATA_INFO
, *PCOMPRESSED_DATA_INFO
;
982 typedef struct _TOKEN_SOURCE
{
983 CHAR SourceName
[TOKEN_SOURCE_LENGTH
];
984 LUID SourceIdentifier
;
985 } TOKEN_SOURCE
,*PTOKEN_SOURCE
;
986 typedef struct _TOKEN_CONTROL
{
988 LUID AuthenticationId
;
990 TOKEN_SOURCE TokenSource
;
991 } TOKEN_CONTROL
,*PTOKEN_CONTROL
;
992 typedef struct _TOKEN_DEFAULT_DACL
{
994 } TOKEN_DEFAULT_DACL
,*PTOKEN_DEFAULT_DACL
;
995 typedef struct _TOKEN_GROUPS
{
997 SID_AND_ATTRIBUTES Groups
[ANYSIZE_ARRAY
];
998 } TOKEN_GROUPS
,*PTOKEN_GROUPS
,*LPTOKEN_GROUPS
;
999 typedef struct _TOKEN_GROUPS_AND_PRIVILEGES
{
1002 PSID_AND_ATTRIBUTES Sids
;
1003 ULONG RestrictedSidCount
;
1004 ULONG RestrictedSidLength
;
1005 PSID_AND_ATTRIBUTES RestrictedSids
;
1006 ULONG PrivilegeCount
;
1007 ULONG PrivilegeLength
;
1008 PLUID_AND_ATTRIBUTES Privileges
;
1009 LUID AuthenticationId
;
1010 } TOKEN_GROUPS_AND_PRIVILEGES
, *PTOKEN_GROUPS_AND_PRIVILEGES
;
1011 typedef struct _TOKEN_ORIGIN
{
1012 LUID OriginatingLogonSession
;
1013 } TOKEN_ORIGIN
, *PTOKEN_ORIGIN
;
1014 typedef struct _TOKEN_OWNER
{
1016 } TOKEN_OWNER
,*PTOKEN_OWNER
;
1017 typedef struct _TOKEN_PRIMARY_GROUP
{
1019 } TOKEN_PRIMARY_GROUP
,*PTOKEN_PRIMARY_GROUP
;
1020 typedef struct _TOKEN_PRIVILEGES
{
1021 ULONG PrivilegeCount
;
1022 LUID_AND_ATTRIBUTES Privileges
[ANYSIZE_ARRAY
];
1023 } TOKEN_PRIVILEGES
,*PTOKEN_PRIVILEGES
,*LPTOKEN_PRIVILEGES
;
1025 typedef enum _TOKEN_TYPE
{
1028 } TOKEN_TYPE
,*PTOKEN_TYPE
;
1029 typedef struct _TOKEN_STATISTICS
{
1031 LUID AuthenticationId
;
1032 LARGE_INTEGER ExpirationTime
;
1033 TOKEN_TYPE TokenType
;
1034 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
;
1035 ULONG DynamicCharged
;
1036 ULONG DynamicAvailable
;
1038 ULONG PrivilegeCount
;
1040 } TOKEN_STATISTICS
, *PTOKEN_STATISTICS
;
1041 typedef struct _TOKEN_USER
{
1042 SID_AND_ATTRIBUTES User
;
1043 } TOKEN_USER
, *PTOKEN_USER
;
1045 typedef struct _SECURITY_DESCRIPTOR
{
1048 SECURITY_DESCRIPTOR_CONTROL Control
;
1053 } SECURITY_DESCRIPTOR
, *PISECURITY_DESCRIPTOR
;
1055 typedef struct _OBJECT_TYPE_LIST
{
1059 } OBJECT_TYPE_LIST
, *POBJECT_TYPE_LIST
;
1061 typedef enum _TOKEN_INFORMATION_CLASS
{
1062 TokenUser
=1,TokenGroups
,TokenPrivileges
,TokenOwner
,
1063 TokenPrimaryGroup
,TokenDefaultDacl
,TokenSource
,TokenType
,
1064 TokenImpersonationLevel
,TokenStatistics
,TokenRestrictedSids
,
1065 TokenSessionId
,TokenGroupsAndPrivileges
,TokenSessionReference
,
1066 TokenSandBoxInert
,TokenAuditPolicy
,TokenOrigin
,
1067 } TOKEN_INFORMATION_CLASS
;
1069 #define SYMLINK_FLAG_RELATIVE 1
1071 typedef struct _REPARSE_DATA_BUFFER
{
1073 USHORT ReparseDataLength
;
1075 __GNU_EXTENSION
union {
1077 USHORT SubstituteNameOffset
;
1078 USHORT SubstituteNameLength
;
1079 USHORT PrintNameOffset
;
1080 USHORT PrintNameLength
;
1082 WCHAR PathBuffer
[1];
1083 } SymbolicLinkReparseBuffer
;
1085 USHORT SubstituteNameOffset
;
1086 USHORT SubstituteNameLength
;
1087 USHORT PrintNameOffset
;
1088 USHORT PrintNameLength
;
1089 WCHAR PathBuffer
[1];
1090 } MountPointReparseBuffer
;
1092 UCHAR DataBuffer
[1];
1093 } GenericReparseBuffer
;
1095 } REPARSE_DATA_BUFFER
, *PREPARSE_DATA_BUFFER
;
1100 // MicroSoft reparse point tags
1102 #define IO_REPARSE_TAG_MOUNT_POINT (0xA0000003L)
1103 #define IO_REPARSE_TAG_HSM (0xC0000004L)
1104 #define IO_REPARSE_TAG_DRIVE_EXTENDER (0x80000005L)
1105 #define IO_REPARSE_TAG_HSM2 (0x80000006L)
1106 #define IO_REPARSE_TAG_SIS (0x80000007L)
1107 #define IO_REPARSE_TAG_DFS (0x8000000AL)
1108 #define IO_REPARSE_TAG_FILTER_MANAGER (0x8000000BL)
1109 #define IO_REPARSE_TAG_SYMLINK (0xA000000CL)
1110 #define IO_REPARSE_TAG_IIS_CACHE (0xA0000010L)
1111 #define IO_REPARSE_TAG_DFSR (0x80000012L)
1114 // Reserved reparse tags
1116 #define IO_REPARSE_TAG_RESERVED_ZERO (0)
1117 #define IO_REPARSE_TAG_RESERVED_ONE (1)
1118 #define IO_REPARSE_TAG_RESERVED_RANGE IO_REPARSE_TAG_RESERVED_ONE
1121 #define REPARSE_DATA_BUFFER_HEADER_SIZE FIELD_OFFSET(REPARSE_DATA_BUFFER, GenericReparseBuffer)
1123 typedef struct _FILE_ACCESS_INFORMATION
{
1124 ACCESS_MASK AccessFlags
;
1125 } FILE_ACCESS_INFORMATION
, *PFILE_ACCESS_INFORMATION
;
1127 typedef struct _FILE_ALLOCATION_INFORMATION
{
1128 LARGE_INTEGER AllocationSize
;
1129 } FILE_ALLOCATION_INFORMATION
, *PFILE_ALLOCATION_INFORMATION
;
1131 typedef struct _FILE_BOTH_DIR_INFORMATION
{
1132 ULONG NextEntryOffset
;
1134 LARGE_INTEGER CreationTime
;
1135 LARGE_INTEGER LastAccessTime
;
1136 LARGE_INTEGER LastWriteTime
;
1137 LARGE_INTEGER ChangeTime
;
1138 LARGE_INTEGER EndOfFile
;
1139 LARGE_INTEGER AllocationSize
;
1140 ULONG FileAttributes
;
1141 ULONG FileNameLength
;
1143 CCHAR ShortNameLength
;
1144 WCHAR ShortName
[12];
1146 } FILE_BOTH_DIR_INFORMATION
, *PFILE_BOTH_DIR_INFORMATION
;
1148 typedef struct _FILE_COMPLETION_INFORMATION
{
1151 } FILE_COMPLETION_INFORMATION
, *PFILE_COMPLETION_INFORMATION
;
1153 typedef struct _FILE_COMPRESSION_INFORMATION
{
1154 LARGE_INTEGER CompressedFileSize
;
1155 USHORT CompressionFormat
;
1156 UCHAR CompressionUnitShift
;
1160 } FILE_COMPRESSION_INFORMATION
, *PFILE_COMPRESSION_INFORMATION
;
1162 typedef struct _FILE_COPY_ON_WRITE_INFORMATION
{
1163 BOOLEAN ReplaceIfExists
;
1164 HANDLE RootDirectory
;
1165 ULONG FileNameLength
;
1167 } FILE_COPY_ON_WRITE_INFORMATION
, *PFILE_COPY_ON_WRITE_INFORMATION
;
1169 typedef struct _FILE_DIRECTORY_INFORMATION
{
1170 ULONG NextEntryOffset
;
1172 LARGE_INTEGER CreationTime
;
1173 LARGE_INTEGER LastAccessTime
;
1174 LARGE_INTEGER LastWriteTime
;
1175 LARGE_INTEGER ChangeTime
;
1176 LARGE_INTEGER EndOfFile
;
1177 LARGE_INTEGER AllocationSize
;
1178 ULONG FileAttributes
;
1179 ULONG FileNameLength
;
1181 } FILE_DIRECTORY_INFORMATION
, *PFILE_DIRECTORY_INFORMATION
;
1183 typedef struct _FILE_FULL_DIRECTORY_INFORMATION
{
1184 ULONG NextEntryOffset
;
1186 LARGE_INTEGER CreationTime
;
1187 LARGE_INTEGER LastAccessTime
;
1188 LARGE_INTEGER LastWriteTime
;
1189 LARGE_INTEGER ChangeTime
;
1190 LARGE_INTEGER EndOfFile
;
1191 LARGE_INTEGER AllocationSize
;
1192 ULONG FileAttributes
;
1193 ULONG FileNameLength
;
1195 WCHAR FileName
[ANYSIZE_ARRAY
];
1196 } FILE_FULL_DIRECTORY_INFORMATION
, *PFILE_FULL_DIRECTORY_INFORMATION
;
1198 typedef struct _FILE_ID_FULL_DIR_INFORMATION
{
1199 ULONG NextEntryOffset
;
1201 LARGE_INTEGER CreationTime
;
1202 LARGE_INTEGER LastAccessTime
;
1203 LARGE_INTEGER LastWriteTime
;
1204 LARGE_INTEGER ChangeTime
;
1205 LARGE_INTEGER EndOfFile
;
1206 LARGE_INTEGER AllocationSize
;
1207 ULONG FileAttributes
;
1208 ULONG FileNameLength
;
1210 LARGE_INTEGER FileId
;
1212 } FILE_ID_FULL_DIR_INFORMATION
, *PFILE_ID_FULL_DIR_INFORMATION
;
1214 typedef struct _FILE_ID_BOTH_DIR_INFORMATION
{
1215 ULONG NextEntryOffset
;
1217 LARGE_INTEGER CreationTime
;
1218 LARGE_INTEGER LastAccessTime
;
1219 LARGE_INTEGER LastWriteTime
;
1220 LARGE_INTEGER ChangeTime
;
1221 LARGE_INTEGER EndOfFile
;
1222 LARGE_INTEGER AllocationSize
;
1223 ULONG FileAttributes
;
1224 ULONG FileNameLength
;
1226 CCHAR ShortNameLength
;
1227 WCHAR ShortName
[12];
1228 LARGE_INTEGER FileId
;
1230 } FILE_ID_BOTH_DIR_INFORMATION
, *PFILE_ID_BOTH_DIR_INFORMATION
;
1232 typedef struct _FILE_EA_INFORMATION
{
1234 } FILE_EA_INFORMATION
, *PFILE_EA_INFORMATION
;
1236 typedef struct _FILE_FS_ATTRIBUTE_INFORMATION
{
1237 ULONG FileSystemAttributes
;
1238 ULONG MaximumComponentNameLength
;
1239 ULONG FileSystemNameLength
;
1240 WCHAR FileSystemName
[1];
1241 } FILE_FS_ATTRIBUTE_INFORMATION
, *PFILE_FS_ATTRIBUTE_INFORMATION
;
1243 typedef struct _FILE_FS_CONTROL_INFORMATION
{
1244 LARGE_INTEGER FreeSpaceStartFiltering
;
1245 LARGE_INTEGER FreeSpaceThreshold
;
1246 LARGE_INTEGER FreeSpaceStopFiltering
;
1247 LARGE_INTEGER DefaultQuotaThreshold
;
1248 LARGE_INTEGER DefaultQuotaLimit
;
1249 ULONG FileSystemControlFlags
;
1250 } FILE_FS_CONTROL_INFORMATION
, *PFILE_FS_CONTROL_INFORMATION
;
1252 typedef struct _FILE_FS_FULL_SIZE_INFORMATION
{
1253 LARGE_INTEGER TotalAllocationUnits
;
1254 LARGE_INTEGER CallerAvailableAllocationUnits
;
1255 LARGE_INTEGER ActualAvailableAllocationUnits
;
1256 ULONG SectorsPerAllocationUnit
;
1257 ULONG BytesPerSector
;
1258 } FILE_FS_FULL_SIZE_INFORMATION
, *PFILE_FS_FULL_SIZE_INFORMATION
;
1260 typedef struct _FILE_FS_LABEL_INFORMATION
{
1261 ULONG VolumeLabelLength
;
1262 WCHAR VolumeLabel
[1];
1263 } FILE_FS_LABEL_INFORMATION
, *PFILE_FS_LABEL_INFORMATION
;
1265 #if (VER_PRODUCTBUILD >= 2195)
1267 typedef struct _FILE_FS_OBJECT_ID_INFORMATION
{
1269 UCHAR ExtendedInfo
[48];
1270 } FILE_FS_OBJECT_ID_INFORMATION
, *PFILE_FS_OBJECT_ID_INFORMATION
;
1272 #endif /* (VER_PRODUCTBUILD >= 2195) */
1274 typedef struct _FILE_FS_SIZE_INFORMATION
{
1275 LARGE_INTEGER TotalAllocationUnits
;
1276 LARGE_INTEGER AvailableAllocationUnits
;
1277 ULONG SectorsPerAllocationUnit
;
1278 ULONG BytesPerSector
;
1279 } FILE_FS_SIZE_INFORMATION
, *PFILE_FS_SIZE_INFORMATION
;
1281 typedef struct _FILE_FS_VOLUME_INFORMATION
{
1282 LARGE_INTEGER VolumeCreationTime
;
1283 ULONG VolumeSerialNumber
;
1284 ULONG VolumeLabelLength
;
1285 BOOLEAN SupportsObjects
;
1286 WCHAR VolumeLabel
[1];
1287 } FILE_FS_VOLUME_INFORMATION
, *PFILE_FS_VOLUME_INFORMATION
;
1289 typedef struct _FILE_FS_OBJECTID_INFORMATION
1292 UCHAR ExtendedInfo
[48];
1293 } FILE_FS_OBJECTID_INFORMATION
, *PFILE_FS_OBJECTID_INFORMATION
;
1295 typedef struct _FILE_FS_DRIVER_PATH_INFORMATION
1297 BOOLEAN DriverInPath
;
1298 ULONG DriverNameLength
;
1299 WCHAR DriverName
[1];
1300 } FILE_FS_DRIVER_PATH_INFORMATION
, *PFILE_FS_DRIVER_PATH_INFORMATION
;
1302 typedef struct _FILE_FULL_DIR_INFORMATION
{
1303 ULONG NextEntryOffset
;
1305 LARGE_INTEGER CreationTime
;
1306 LARGE_INTEGER LastAccessTime
;
1307 LARGE_INTEGER LastWriteTime
;
1308 LARGE_INTEGER ChangeTime
;
1309 LARGE_INTEGER EndOfFile
;
1310 LARGE_INTEGER AllocationSize
;
1311 ULONG FileAttributes
;
1312 ULONG FileNameLength
;
1315 } FILE_FULL_DIR_INFORMATION
, *PFILE_FULL_DIR_INFORMATION
;
1317 typedef struct _FILE_GET_EA_INFORMATION
{
1318 ULONG NextEntryOffset
;
1321 } FILE_GET_EA_INFORMATION
, *PFILE_GET_EA_INFORMATION
;
1323 typedef struct _FILE_GET_QUOTA_INFORMATION
{
1324 ULONG NextEntryOffset
;
1327 } FILE_GET_QUOTA_INFORMATION
, *PFILE_GET_QUOTA_INFORMATION
;
1329 typedef struct _FILE_QUOTA_INFORMATION
1331 ULONG NextEntryOffset
;
1333 LARGE_INTEGER ChangeTime
;
1334 LARGE_INTEGER QuotaUsed
;
1335 LARGE_INTEGER QuotaThreshold
;
1336 LARGE_INTEGER QuotaLimit
;
1338 } FILE_QUOTA_INFORMATION
, *PFILE_QUOTA_INFORMATION
;
1340 typedef struct _FILE_INTERNAL_INFORMATION
{
1341 LARGE_INTEGER IndexNumber
;
1342 } FILE_INTERNAL_INFORMATION
, *PFILE_INTERNAL_INFORMATION
;
1344 typedef struct _FILE_LINK_INFORMATION
{
1345 BOOLEAN ReplaceIfExists
;
1346 HANDLE RootDirectory
;
1347 ULONG FileNameLength
;
1349 } FILE_LINK_INFORMATION
, *PFILE_LINK_INFORMATION
;
1351 typedef struct _FILE_LOCK_INFO
1353 LARGE_INTEGER StartingByte
;
1354 LARGE_INTEGER Length
;
1355 BOOLEAN ExclusiveLock
;
1357 PFILE_OBJECT FileObject
;
1359 LARGE_INTEGER EndingByte
;
1360 } FILE_LOCK_INFO
, *PFILE_LOCK_INFO
;
1362 typedef struct _FILE_REPARSE_POINT_INFORMATION
1364 LONGLONG FileReference
;
1366 } FILE_REPARSE_POINT_INFORMATION
, *PFILE_REPARSE_POINT_INFORMATION
;
1368 typedef struct _FILE_MOVE_CLUSTER_INFORMATION
1371 HANDLE RootDirectory
;
1372 ULONG FileNameLength
;
1374 } FILE_MOVE_CLUSTER_INFORMATION
, *PFILE_MOVE_CLUSTER_INFORMATION
;
1376 typedef struct _FILE_NOTIFY_INFORMATION
1378 ULONG NextEntryOffset
;
1380 ULONG FileNameLength
;
1382 } FILE_NOTIFY_INFORMATION
, *PFILE_NOTIFY_INFORMATION
;
1384 /* raw internal file lock struct returned from FsRtlGetNextFileLock */
1385 typedef struct _FILE_SHARED_LOCK_ENTRY
{
1388 FILE_LOCK_INFO FileLock
;
1389 } FILE_SHARED_LOCK_ENTRY
, *PFILE_SHARED_LOCK_ENTRY
;
1391 /* raw internal file lock struct returned from FsRtlGetNextFileLock */
1392 typedef struct _FILE_EXCLUSIVE_LOCK_ENTRY
{
1393 LIST_ENTRY ListEntry
;
1396 FILE_LOCK_INFO FileLock
;
1397 } FILE_EXCLUSIVE_LOCK_ENTRY
, *PFILE_EXCLUSIVE_LOCK_ENTRY
;
1399 typedef NTSTATUS (NTAPI
*PCOMPLETE_LOCK_IRP_ROUTINE
) (
1404 typedef VOID (NTAPI
*PUNLOCK_ROUTINE
) (
1406 IN PFILE_LOCK_INFO FileLockInfo
1409 typedef struct _FILE_LOCK
{
1410 PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine
;
1411 PUNLOCK_ROUTINE UnlockRoutine
;
1412 BOOLEAN FastIoIsQuestionable
;
1414 PVOID LockInformation
;
1415 FILE_LOCK_INFO LastReturnedLockInfo
;
1416 PVOID LastReturnedLock
;
1417 } FILE_LOCK
, *PFILE_LOCK
;
1419 typedef struct _FILE_MAILSLOT_PEEK_BUFFER
{
1420 ULONG ReadDataAvailable
;
1421 ULONG NumberOfMessages
;
1422 ULONG MessageLength
;
1423 } FILE_MAILSLOT_PEEK_BUFFER
, *PFILE_MAILSLOT_PEEK_BUFFER
;
1425 typedef struct _FILE_MAILSLOT_QUERY_INFORMATION
{
1426 ULONG MaximumMessageSize
;
1427 ULONG MailslotQuota
;
1428 ULONG NextMessageSize
;
1429 ULONG MessagesAvailable
;
1430 LARGE_INTEGER ReadTimeout
;
1431 } FILE_MAILSLOT_QUERY_INFORMATION
, *PFILE_MAILSLOT_QUERY_INFORMATION
;
1433 typedef struct _FILE_MAILSLOT_SET_INFORMATION
{
1434 PLARGE_INTEGER ReadTimeout
;
1435 } FILE_MAILSLOT_SET_INFORMATION
, *PFILE_MAILSLOT_SET_INFORMATION
;
1437 typedef struct _FILE_MODE_INFORMATION
{
1439 } FILE_MODE_INFORMATION
, *PFILE_MODE_INFORMATION
;
1441 typedef struct _FILE_ALL_INFORMATION
{
1442 FILE_BASIC_INFORMATION BasicInformation
;
1443 FILE_STANDARD_INFORMATION StandardInformation
;
1444 FILE_INTERNAL_INFORMATION InternalInformation
;
1445 FILE_EA_INFORMATION EaInformation
;
1446 FILE_ACCESS_INFORMATION AccessInformation
;
1447 FILE_POSITION_INFORMATION PositionInformation
;
1448 FILE_MODE_INFORMATION ModeInformation
;
1449 FILE_ALIGNMENT_INFORMATION AlignmentInformation
;
1450 FILE_NAME_INFORMATION NameInformation
;
1451 } FILE_ALL_INFORMATION
, *PFILE_ALL_INFORMATION
;
1453 typedef struct _FILE_NAMES_INFORMATION
{
1454 ULONG NextEntryOffset
;
1456 ULONG FileNameLength
;
1458 } FILE_NAMES_INFORMATION
, *PFILE_NAMES_INFORMATION
;
1460 typedef struct _FILE_OBJECTID_INFORMATION
{
1461 LONGLONG FileReference
;
1463 _ANONYMOUS_UNION
union {
1464 __GNU_EXTENSION
struct {
1465 UCHAR BirthVolumeId
[16];
1466 UCHAR BirthObjectId
[16];
1469 UCHAR ExtendedInfo
[48];
1471 } FILE_OBJECTID_INFORMATION
, *PFILE_OBJECTID_INFORMATION
;
1473 typedef struct _FILE_OLE_CLASSID_INFORMATION
{
1475 } FILE_OLE_CLASSID_INFORMATION
, *PFILE_OLE_CLASSID_INFORMATION
;
1477 typedef struct _FILE_OLE_ALL_INFORMATION
{
1478 FILE_BASIC_INFORMATION BasicInformation
;
1479 FILE_STANDARD_INFORMATION StandardInformation
;
1480 FILE_INTERNAL_INFORMATION InternalInformation
;
1481 FILE_EA_INFORMATION EaInformation
;
1482 FILE_ACCESS_INFORMATION AccessInformation
;
1483 FILE_POSITION_INFORMATION PositionInformation
;
1484 FILE_MODE_INFORMATION ModeInformation
;
1485 FILE_ALIGNMENT_INFORMATION AlignmentInformation
;
1488 LARGE_INTEGER SecurityChangeTime
;
1489 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation
;
1490 FILE_OBJECTID_INFORMATION ObjectIdInformation
;
1491 FILE_STORAGE_TYPE StorageType
;
1494 ULONG NumberOfStreamReferences
;
1497 BOOLEAN ContentIndexDisable
;
1498 BOOLEAN InheritContentIndexDisable
;
1499 FILE_NAME_INFORMATION NameInformation
;
1500 } FILE_OLE_ALL_INFORMATION
, *PFILE_OLE_ALL_INFORMATION
;
1502 typedef struct _FILE_OLE_DIR_INFORMATION
{
1503 ULONG NextEntryOffset
;
1505 LARGE_INTEGER CreationTime
;
1506 LARGE_INTEGER LastAccessTime
;
1507 LARGE_INTEGER LastWriteTime
;
1508 LARGE_INTEGER ChangeTime
;
1509 LARGE_INTEGER EndOfFile
;
1510 LARGE_INTEGER AllocationSize
;
1511 ULONG FileAttributes
;
1512 ULONG FileNameLength
;
1513 FILE_STORAGE_TYPE StorageType
;
1516 BOOLEAN ContentIndexDisable
;
1517 BOOLEAN InheritContentIndexDisable
;
1519 } FILE_OLE_DIR_INFORMATION
, *PFILE_OLE_DIR_INFORMATION
;
1521 typedef struct _FILE_OLE_INFORMATION
{
1522 LARGE_INTEGER SecurityChangeTime
;
1523 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation
;
1524 FILE_OBJECTID_INFORMATION ObjectIdInformation
;
1525 FILE_STORAGE_TYPE StorageType
;
1527 BOOLEAN ContentIndexDisable
;
1528 BOOLEAN InheritContentIndexDisable
;
1529 } FILE_OLE_INFORMATION
, *PFILE_OLE_INFORMATION
;
1531 typedef struct _FILE_OLE_STATE_BITS_INFORMATION
{
1533 ULONG StateBitsMask
;
1534 } FILE_OLE_STATE_BITS_INFORMATION
, *PFILE_OLE_STATE_BITS_INFORMATION
;
1536 typedef struct _FILE_PIPE_ASSIGN_EVENT_BUFFER
{
1539 } FILE_PIPE_ASSIGN_EVENT_BUFFER
, *PFILE_PIPE_ASSIGN_EVENT_BUFFER
;
1541 typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER
{
1542 PVOID ClientSession
;
1543 PVOID ClientProcess
;
1544 } FILE_PIPE_CLIENT_PROCESS_BUFFER
, *PFILE_PIPE_CLIENT_PROCESS_BUFFER
;
1546 typedef struct _FILE_PIPE_EVENT_BUFFER
{
1547 ULONG NamedPipeState
;
1551 ULONG NumberRequests
;
1552 } FILE_PIPE_EVENT_BUFFER
, *PFILE_PIPE_EVENT_BUFFER
;
1554 typedef struct _FILE_PIPE_PEEK_BUFFER
1556 ULONG NamedPipeState
;
1557 ULONG ReadDataAvailable
;
1558 ULONG NumberOfMessages
;
1559 ULONG MessageLength
;
1561 } FILE_PIPE_PEEK_BUFFER
, *PFILE_PIPE_PEEK_BUFFER
;
1563 typedef struct _FILE_PIPE_INFORMATION
{
1565 ULONG CompletionMode
;
1566 } FILE_PIPE_INFORMATION
, *PFILE_PIPE_INFORMATION
;
1568 typedef struct _FILE_PIPE_LOCAL_INFORMATION
{
1569 ULONG NamedPipeType
;
1570 ULONG NamedPipeConfiguration
;
1571 ULONG MaximumInstances
;
1572 ULONG CurrentInstances
;
1574 ULONG ReadDataAvailable
;
1575 ULONG OutboundQuota
;
1576 ULONG WriteQuotaAvailable
;
1577 ULONG NamedPipeState
;
1579 } FILE_PIPE_LOCAL_INFORMATION
, *PFILE_PIPE_LOCAL_INFORMATION
;
1581 typedef struct _FILE_PIPE_REMOTE_INFORMATION
{
1582 LARGE_INTEGER CollectDataTime
;
1583 ULONG MaximumCollectionCount
;
1584 } FILE_PIPE_REMOTE_INFORMATION
, *PFILE_PIPE_REMOTE_INFORMATION
;
1586 typedef struct _FILE_PIPE_WAIT_FOR_BUFFER
{
1587 LARGE_INTEGER Timeout
;
1589 BOOLEAN TimeoutSpecified
;
1591 } FILE_PIPE_WAIT_FOR_BUFFER
, *PFILE_PIPE_WAIT_FOR_BUFFER
;
1593 typedef struct _FILE_RENAME_INFORMATION
{
1594 BOOLEAN ReplaceIfExists
;
1595 HANDLE RootDirectory
;
1596 ULONG FileNameLength
;
1598 } FILE_RENAME_INFORMATION
, *PFILE_RENAME_INFORMATION
;
1600 typedef struct _FILE_STREAM_INFORMATION
{
1601 ULONG NextEntryOffset
;
1602 ULONG StreamNameLength
;
1603 LARGE_INTEGER StreamSize
;
1604 LARGE_INTEGER StreamAllocationSize
;
1605 WCHAR StreamName
[1];
1606 } FILE_STREAM_INFORMATION
, *PFILE_STREAM_INFORMATION
;
1608 typedef struct _FILE_TRACKING_INFORMATION
{
1609 HANDLE DestinationFile
;
1610 ULONG ObjectInformationLength
;
1611 CHAR ObjectInformation
[1];
1612 } FILE_TRACKING_INFORMATION
, *PFILE_TRACKING_INFORMATION
;
1614 #if (VER_PRODUCTBUILD >= 2195)
1615 typedef struct _FILE_ZERO_DATA_INFORMATION
{
1616 LARGE_INTEGER FileOffset
;
1617 LARGE_INTEGER BeyondFinalZero
;
1618 } FILE_ZERO_DATA_INFORMATION
, *PFILE_ZERO_DATA_INFORMATION
;
1620 typedef struct FILE_ALLOCATED_RANGE_BUFFER
{
1621 LARGE_INTEGER FileOffset
;
1622 LARGE_INTEGER Length
;
1623 } FILE_ALLOCATED_RANGE_BUFFER
, *PFILE_ALLOCATED_RANGE_BUFFER
;
1624 #endif /* (VER_PRODUCTBUILD >= 2195) */
1626 #define FSRTL_FCB_HEADER_V0 (0x00)
1627 #define FSRTL_FCB_HEADER_V1 (0x01)
1630 typedef struct _FSRTL_COMMON_FCB_HEADER
{
1631 CSHORT NodeTypeCode
;
1632 CSHORT NodeByteSize
;
1634 UCHAR IsFastIoPossible
;
1635 #if (VER_PRODUCTBUILD >= 1381)
1638 #endif /* (VER_PRODUCTBUILD >= 1381) */
1639 PERESOURCE Resource
;
1640 PERESOURCE PagingIoResource
;
1641 LARGE_INTEGER AllocationSize
;
1642 LARGE_INTEGER FileSize
;
1643 LARGE_INTEGER ValidDataLength
;
1644 } FSRTL_COMMON_FCB_HEADER
, *PFSRTL_COMMON_FCB_HEADER
;
1646 typedef enum _FSRTL_COMPARISON_RESULT
1651 } FSRTL_COMPARISON_RESULT
;
1653 #if (VER_PRODUCTBUILD >= 2600)
1655 typedef struct _FSRTL_ADVANCED_FCB_HEADER
{
1656 CSHORT NodeTypeCode
;
1657 CSHORT NodeByteSize
;
1659 UCHAR IsFastIoPossible
;
1663 PERESOURCE Resource
;
1664 PERESOURCE PagingIoResource
;
1665 LARGE_INTEGER AllocationSize
;
1666 LARGE_INTEGER FileSize
;
1667 LARGE_INTEGER ValidDataLength
;
1668 PFAST_MUTEX FastMutex
;
1669 LIST_ENTRY FilterContexts
;
1670 EX_PUSH_LOCK PushLock
;
1671 PVOID
*FileContextSupportPointer
;
1672 } FSRTL_ADVANCED_FCB_HEADER
, *PFSRTL_ADVANCED_FCB_HEADER
;
1674 typedef struct _FSRTL_PER_STREAM_CONTEXT
{
1678 PFREE_FUNCTION FreeCallback
;
1679 } FSRTL_PER_STREAM_CONTEXT
, *PFSRTL_PER_STREAM_CONTEXT
;
1681 typedef struct _FSRTL_PER_FILEOBJECT_CONTEXT
1686 } FSRTL_PER_FILEOBJECT_CONTEXT
, *PFSRTL_PER_FILEOBJECT_CONTEXT
;
1688 #endif /* (VER_PRODUCTBUILD >= 2600) */
1690 typedef struct _BASE_MCB
1692 ULONG MaximumPairCount
;
1697 } BASE_MCB
, *PBASE_MCB
;
1699 typedef struct _LARGE_MCB
1701 PKGUARDED_MUTEX GuardedMutex
;
1703 } LARGE_MCB
, *PLARGE_MCB
;
1707 LARGE_MCB DummyFieldThatSizesThisStructureCorrectly
;
1710 typedef struct _GENERATE_NAME_CONTEXT
{
1712 BOOLEAN CheckSumInserted
;
1714 WCHAR NameBuffer
[8];
1715 ULONG ExtensionLength
;
1716 WCHAR ExtensionBuffer
[4];
1717 ULONG LastIndexValue
;
1718 } GENERATE_NAME_CONTEXT
, *PGENERATE_NAME_CONTEXT
;
1720 typedef struct _MAPPING_PAIR
{
1723 } MAPPING_PAIR
, *PMAPPING_PAIR
;
1725 typedef struct _GET_RETRIEVAL_DESCRIPTOR
{
1726 ULONG NumberOfPairs
;
1728 MAPPING_PAIR Pair
[1];
1729 } GET_RETRIEVAL_DESCRIPTOR
, *PGET_RETRIEVAL_DESCRIPTOR
;
1731 typedef struct _KQUEUE
{
1732 DISPATCHER_HEADER Header
;
1733 LIST_ENTRY EntryListHead
;
1736 LIST_ENTRY ThreadListHead
;
1737 } KQUEUE
, *PKQUEUE
, *RESTRICTED_POINTER PRKQUEUE
;
1739 #define ASSERT_QUEUE(Q) ASSERT(((Q)->Header.Type & KOBJECT_TYPE_MASK) == QueueObject);
1741 typedef struct _MBCB
{
1742 CSHORT NodeTypeCode
;
1743 CSHORT NodeIsInZone
;
1747 LIST_ENTRY BitmapRanges
;
1748 LONGLONG ResumeWritePage
;
1749 BITMAP_RANGE BitmapRange1
;
1750 BITMAP_RANGE BitmapRange2
;
1751 BITMAP_RANGE BitmapRange3
;
1754 typedef enum _MMFLUSH_TYPE
{
1759 typedef struct _MOVEFILE_DESCRIPTOR
{
1762 LARGE_INTEGER StartVcn
;
1763 LARGE_INTEGER TargetLcn
;
1766 } MOVEFILE_DESCRIPTOR
, *PMOVEFILE_DESCRIPTOR
;
1768 typedef struct _OBJECT_BASIC_INFO
{
1770 ACCESS_MASK GrantedAccess
;
1772 ULONG ReferenceCount
;
1773 ULONG PagedPoolUsage
;
1774 ULONG NonPagedPoolUsage
;
1776 ULONG NameInformationLength
;
1777 ULONG TypeInformationLength
;
1778 ULONG SecurityDescriptorLength
;
1779 LARGE_INTEGER CreateTime
;
1780 } OBJECT_BASIC_INFO
, *POBJECT_BASIC_INFO
;
1782 typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFO
{
1784 BOOLEAN ProtectFromClose
;
1785 } OBJECT_HANDLE_ATTRIBUTE_INFO
, *POBJECT_HANDLE_ATTRIBUTE_INFO
;
1787 typedef struct _OBJECT_NAME_INFO
{
1788 UNICODE_STRING ObjectName
;
1789 WCHAR ObjectNameBuffer
[1];
1790 } OBJECT_NAME_INFO
, *POBJECT_NAME_INFO
;
1792 typedef struct _OBJECT_PROTECTION_INFO
{
1794 BOOLEAN ProtectHandle
;
1795 } OBJECT_PROTECTION_INFO
, *POBJECT_PROTECTION_INFO
;
1797 typedef struct _OBJECT_TYPE_INFO
{
1798 UNICODE_STRING ObjectTypeName
;
1799 UCHAR Unknown
[0x58];
1800 WCHAR ObjectTypeNameBuffer
[1];
1801 } OBJECT_TYPE_INFO
, *POBJECT_TYPE_INFO
;
1803 typedef struct _OBJECT_ALL_TYPES_INFO
{
1804 ULONG NumberOfObjectTypes
;
1805 OBJECT_TYPE_INFO ObjectsTypeInfo
[1];
1806 } OBJECT_ALL_TYPES_INFO
, *POBJECT_ALL_TYPES_INFO
;
1808 typedef struct _PATHNAME_BUFFER
{
1809 ULONG PathNameLength
;
1811 } PATHNAME_BUFFER
, *PPATHNAME_BUFFER
;
1813 typedef enum _RTL_GENERIC_COMPARE_RESULTS
1818 } RTL_GENERIC_COMPARE_RESULTS
;
1820 typedef enum _TABLE_SEARCH_RESULT
1826 } TABLE_SEARCH_RESULT
;
1829 (NTAPI
*PRTL_AVL_MATCH_FUNCTION
)(
1830 struct _RTL_AVL_TABLE
*Table
,
1835 typedef RTL_GENERIC_COMPARE_RESULTS
1836 (NTAPI
*PRTL_AVL_COMPARE_ROUTINE
) (
1837 struct _RTL_AVL_TABLE
*Table
,
1842 typedef RTL_GENERIC_COMPARE_RESULTS
1843 (NTAPI
*PRTL_GENERIC_COMPARE_ROUTINE
) (
1844 struct _RTL_GENERIC_TABLE
*Table
,
1850 (NTAPI
*PRTL_GENERIC_ALLOCATE_ROUTINE
) (
1851 struct _RTL_GENERIC_TABLE
*Table
,
1856 (NTAPI
*PRTL_GENERIC_FREE_ROUTINE
) (
1857 struct _RTL_GENERIC_TABLE
*Table
,
1862 (NTAPI
*PRTL_AVL_ALLOCATE_ROUTINE
) (
1863 struct _RTL_AVL_TABLE
*Table
,
1868 (NTAPI
*PRTL_AVL_FREE_ROUTINE
) (
1869 struct _RTL_AVL_TABLE
*Table
,
1873 typedef struct _PUBLIC_BCB
{
1874 CSHORT NodeTypeCode
;
1875 CSHORT NodeByteSize
;
1877 LARGE_INTEGER MappedFileOffset
;
1878 } PUBLIC_BCB
, *PPUBLIC_BCB
;
1880 typedef struct _QUERY_PATH_REQUEST
{
1881 ULONG PathNameLength
;
1882 PIO_SECURITY_CONTEXT SecurityContext
;
1883 WCHAR FilePathName
[1];
1884 } QUERY_PATH_REQUEST
, *PQUERY_PATH_REQUEST
;
1886 typedef struct _QUERY_PATH_RESPONSE
{
1887 ULONG LengthAccepted
;
1888 } QUERY_PATH_RESPONSE
, *PQUERY_PATH_RESPONSE
;
1890 typedef struct _RETRIEVAL_POINTERS_BUFFER
{
1892 LARGE_INTEGER StartingVcn
;
1894 LARGE_INTEGER NextVcn
;
1897 } RETRIEVAL_POINTERS_BUFFER
, *PRETRIEVAL_POINTERS_BUFFER
;
1899 typedef struct _RTL_SPLAY_LINKS
{
1900 struct _RTL_SPLAY_LINKS
*Parent
;
1901 struct _RTL_SPLAY_LINKS
*LeftChild
;
1902 struct _RTL_SPLAY_LINKS
*RightChild
;
1903 } RTL_SPLAY_LINKS
, *PRTL_SPLAY_LINKS
;
1905 typedef struct _RTL_BALANCED_LINKS
1907 struct _RTL_BALANCED_LINKS
*Parent
;
1908 struct _RTL_BALANCED_LINKS
*LeftChild
;
1909 struct _RTL_BALANCED_LINKS
*RightChild
;
1912 } RTL_BALANCED_LINKS
, *PRTL_BALANCED_LINKS
;
1914 typedef struct _RTL_GENERIC_TABLE
1916 PRTL_SPLAY_LINKS TableRoot
;
1917 LIST_ENTRY InsertOrderList
;
1918 PLIST_ENTRY OrderedPointer
;
1919 ULONG WhichOrderedElement
;
1920 ULONG NumberGenericTableElements
;
1921 PRTL_GENERIC_COMPARE_ROUTINE CompareRoutine
;
1922 PRTL_GENERIC_ALLOCATE_ROUTINE AllocateRoutine
;
1923 PRTL_GENERIC_FREE_ROUTINE FreeRoutine
;
1925 } RTL_GENERIC_TABLE
, *PRTL_GENERIC_TABLE
;
1927 typedef struct _UNICODE_PREFIX_TABLE_ENTRY
1929 CSHORT NodeTypeCode
;
1931 struct _UNICODE_PREFIX_TABLE_ENTRY
*NextPrefixTree
;
1932 struct _UNICODE_PREFIX_TABLE_ENTRY
*CaseMatch
;
1933 RTL_SPLAY_LINKS Links
;
1934 PUNICODE_STRING Prefix
;
1935 } UNICODE_PREFIX_TABLE_ENTRY
, *PUNICODE_PREFIX_TABLE_ENTRY
;
1937 typedef struct _UNICODE_PREFIX_TABLE
1939 CSHORT NodeTypeCode
;
1941 PUNICODE_PREFIX_TABLE_ENTRY NextPrefixTree
;
1942 PUNICODE_PREFIX_TABLE_ENTRY LastNextEntry
;
1943 } UNICODE_PREFIX_TABLE
, *PUNICODE_PREFIX_TABLE
;
1948 RtlInitializeUnicodePrefix (
1949 IN PUNICODE_PREFIX_TABLE PrefixTable
1955 RtlInsertUnicodePrefix (
1956 IN PUNICODE_PREFIX_TABLE PrefixTable
,
1957 IN PUNICODE_STRING Prefix
,
1958 IN PUNICODE_PREFIX_TABLE_ENTRY PrefixTableEntry
1964 RtlRemoveUnicodePrefix (
1965 IN PUNICODE_PREFIX_TABLE PrefixTable
,
1966 IN PUNICODE_PREFIX_TABLE_ENTRY PrefixTableEntry
1970 PUNICODE_PREFIX_TABLE_ENTRY
1972 RtlFindUnicodePrefix (
1973 IN PUNICODE_PREFIX_TABLE PrefixTable
,
1974 IN PUNICODE_STRING FullName
,
1975 IN ULONG CaseInsensitiveIndex
1979 PUNICODE_PREFIX_TABLE_ENTRY
1981 RtlNextUnicodePrefix (
1982 IN PUNICODE_PREFIX_TABLE PrefixTable
,
1986 #undef PRTL_GENERIC_COMPARE_ROUTINE
1987 #undef PRTL_GENERIC_ALLOCATE_ROUTINE
1988 #undef PRTL_GENERIC_FREE_ROUTINE
1989 #undef RTL_GENERIC_TABLE
1990 #undef PRTL_GENERIC_TABLE
1992 #define PRTL_GENERIC_COMPARE_ROUTINE PRTL_AVL_COMPARE_ROUTINE
1993 #define PRTL_GENERIC_ALLOCATE_ROUTINE PRTL_AVL_ALLOCATE_ROUTINE
1994 #define PRTL_GENERIC_FREE_ROUTINE PRTL_AVL_FREE_ROUTINE
1995 #define RTL_GENERIC_TABLE RTL_AVL_TABLE
1996 #define PRTL_GENERIC_TABLE PRTL_AVL_TABLE
1998 #define RtlInitializeGenericTable RtlInitializeGenericTableAvl
1999 #define RtlInsertElementGenericTable RtlInsertElementGenericTableAvl
2000 #define RtlInsertElementGenericTableFull RtlInsertElementGenericTableFullAvl
2001 #define RtlDeleteElementGenericTable RtlDeleteElementGenericTableAvl
2002 #define RtlLookupElementGenericTable RtlLookupElementGenericTableAvl
2003 #define RtlLookupElementGenericTableFull RtlLookupElementGenericTableFullAvl
2004 #define RtlEnumerateGenericTable RtlEnumerateGenericTableAvl
2005 #define RtlEnumerateGenericTableWithoutSplaying RtlEnumerateGenericTableWithoutSplayingAvl
2006 #define RtlGetElementGenericTable RtlGetElementGenericTableAvl
2007 #define RtlNumberGenericTableElements RtlNumberGenericTableElementsAvl
2008 #define RtlIsGenericTableEmpty RtlIsGenericTableEmptyAvl
2010 typedef struct _RTL_AVL_TABLE
2012 RTL_BALANCED_LINKS BalancedRoot
;
2013 PVOID OrderedPointer
;
2014 ULONG WhichOrderedElement
;
2015 ULONG NumberGenericTableElements
;
2017 PRTL_BALANCED_LINKS RestartKey
;
2019 PRTL_AVL_COMPARE_ROUTINE CompareRoutine
;
2020 PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine
;
2021 PRTL_AVL_FREE_ROUTINE FreeRoutine
;
2023 } RTL_AVL_TABLE
, *PRTL_AVL_TABLE
;
2028 RtlInitializeGenericTableAvl(
2029 PRTL_AVL_TABLE Table
,
2030 PRTL_AVL_COMPARE_ROUTINE CompareRoutine
,
2031 PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine
,
2032 PRTL_AVL_FREE_ROUTINE FreeRoutine
,
2039 RtlInsertElementGenericTableAvl (
2040 PRTL_AVL_TABLE Table
,
2043 PBOOLEAN NewElement OPTIONAL
2049 RtlDeleteElementGenericTableAvl (
2050 PRTL_AVL_TABLE Table
,
2057 RtlLookupElementGenericTableAvl (
2058 PRTL_AVL_TABLE Table
,
2065 RtlEnumerateGenericTableWithoutSplayingAvl (
2066 PRTL_AVL_TABLE Table
,
2070 #if defined(USE_LPC6432)
2071 #define LPC_CLIENT_ID CLIENT_ID64
2072 #define LPC_SIZE_T ULONGLONG
2073 #define LPC_PVOID ULONGLONG
2074 #define LPC_HANDLE ULONGLONG
2076 #define LPC_CLIENT_ID CLIENT_ID
2077 #define LPC_SIZE_T SIZE_T
2078 #define LPC_PVOID PVOID
2079 #define LPC_HANDLE HANDLE
2082 typedef struct _PORT_MESSAGE
2098 CSHORT DataInfoOffset
;
2102 __GNU_EXTENSION
union
2104 LPC_CLIENT_ID ClientId
;
2105 double DoNotUseThisField
;
2108 __GNU_EXTENSION
union
2110 LPC_SIZE_T ClientViewSize
;
2113 } PORT_MESSAGE
, *PPORT_MESSAGE
;
2115 #define LPC_KERNELMODE_MESSAGE (CSHORT)((USHORT)0x8000)
2117 typedef struct _PORT_VIEW
2120 LPC_HANDLE SectionHandle
;
2121 ULONG SectionOffset
;
2122 LPC_SIZE_T ViewSize
;
2124 LPC_PVOID ViewRemoteBase
;
2125 } PORT_VIEW
, *PPORT_VIEW
;
2127 typedef struct _REMOTE_PORT_VIEW
2130 LPC_SIZE_T ViewSize
;
2132 } REMOTE_PORT_VIEW
, *PREMOTE_PORT_VIEW
;
2134 typedef struct _SE_EXPORTS
{
2136 LUID SeCreateTokenPrivilege
;
2137 LUID SeAssignPrimaryTokenPrivilege
;
2138 LUID SeLockMemoryPrivilege
;
2139 LUID SeIncreaseQuotaPrivilege
;
2140 LUID SeUnsolicitedInputPrivilege
;
2141 LUID SeTcbPrivilege
;
2142 LUID SeSecurityPrivilege
;
2143 LUID SeTakeOwnershipPrivilege
;
2144 LUID SeLoadDriverPrivilege
;
2145 LUID SeCreatePagefilePrivilege
;
2146 LUID SeIncreaseBasePriorityPrivilege
;
2147 LUID SeSystemProfilePrivilege
;
2148 LUID SeSystemtimePrivilege
;
2149 LUID SeProfileSingleProcessPrivilege
;
2150 LUID SeCreatePermanentPrivilege
;
2151 LUID SeBackupPrivilege
;
2152 LUID SeRestorePrivilege
;
2153 LUID SeShutdownPrivilege
;
2154 LUID SeDebugPrivilege
;
2155 LUID SeAuditPrivilege
;
2156 LUID SeSystemEnvironmentPrivilege
;
2157 LUID SeChangeNotifyPrivilege
;
2158 LUID SeRemoteShutdownPrivilege
;
2163 PSID SeCreatorOwnerSid
;
2164 PSID SeCreatorGroupSid
;
2166 PSID SeNtAuthoritySid
;
2170 PSID SeInteractiveSid
;
2171 PSID SeLocalSystemSid
;
2172 PSID SeAliasAdminsSid
;
2173 PSID SeAliasUsersSid
;
2174 PSID SeAliasGuestsSid
;
2175 PSID SeAliasPowerUsersSid
;
2176 PSID SeAliasAccountOpsSid
;
2177 PSID SeAliasSystemOpsSid
;
2178 PSID SeAliasPrintOpsSid
;
2179 PSID SeAliasBackupOpsSid
;
2181 PSID SeAuthenticatedUsersSid
;
2183 PSID SeRestrictedSid
;
2184 PSID SeAnonymousLogonSid
;
2186 LUID SeUndockPrivilege
;
2187 LUID SeSyncAgentPrivilege
;
2188 LUID SeEnableDelegationPrivilege
;
2190 } SE_EXPORTS
, *PSE_EXPORTS
;
2192 extern PSE_EXPORTS SeExports
;
2196 LARGE_INTEGER StartingLcn
;
2197 } STARTING_LCN_INPUT_BUFFER
, *PSTARTING_LCN_INPUT_BUFFER
;
2199 typedef struct _STARTING_VCN_INPUT_BUFFER
{
2200 LARGE_INTEGER StartingVcn
;
2201 } STARTING_VCN_INPUT_BUFFER
, *PSTARTING_VCN_INPUT_BUFFER
;
2203 typedef struct _SECURITY_CLIENT_CONTEXT
{
2204 SECURITY_QUALITY_OF_SERVICE SecurityQos
;
2205 PACCESS_TOKEN ClientToken
;
2206 BOOLEAN DirectlyAccessClientToken
;
2207 BOOLEAN DirectAccessEffectiveOnly
;
2208 BOOLEAN ServerIsRemote
;
2209 TOKEN_CONTROL ClientTokenControl
;
2210 } SECURITY_CLIENT_CONTEXT
, *PSECURITY_CLIENT_CONTEXT
;
2212 typedef struct _TUNNEL
{
2214 PRTL_SPLAY_LINKS Cache
;
2215 LIST_ENTRY TimerQueue
;
2219 typedef struct _VAD_HEADER
{
2222 struct _VAD_HEADER
* ParentLink
;
2223 struct _VAD_HEADER
* LeftLink
;
2224 struct _VAD_HEADER
* RightLink
;
2225 ULONG Flags
; /* LSB = CommitCharge */
2227 PVOID FirstProtoPte
;
2231 } VAD_HEADER
, *PVAD_HEADER
;
2235 LARGE_INTEGER StartingLcn
;
2236 LARGE_INTEGER BitmapSize
;
2238 } VOLUME_BITMAP_BUFFER
, *PVOLUME_BITMAP_BUFFER
;
2240 #if (VER_PRODUCTBUILD >= 2600)
2243 (NTAPI
*PFILTER_REPORT_CHANGE
) (
2244 IN PVOID NotifyContext
,
2245 IN PVOID FilterContext
2248 typedef enum _FS_FILTER_SECTION_SYNC_TYPE
{
2250 SyncTypeCreateSection
2251 } FS_FILTER_SECTION_SYNC_TYPE
, *PFS_FILTER_SECTION_SYNC_TYPE
;
2253 typedef enum _FS_FILTER_STREAM_FO_NOTIFICATION_TYPE
{
2254 NotifyTypeCreate
= 0,
2256 } FS_FILTER_STREAM_FO_NOTIFICATION_TYPE
, *PFS_FILTER_STREAM_FO_NOTIFICATION_TYPE
;
2258 typedef union _FS_FILTER_PARAMETERS
{
2260 PLARGE_INTEGER EndingOffset
;
2261 PERESOURCE
*ResourceToRelease
;
2262 } AcquireForModifiedPageWriter
;
2265 PERESOURCE ResourceToRelease
;
2266 } ReleaseForModifiedPageWriter
;
2269 FS_FILTER_SECTION_SYNC_TYPE SyncType
;
2270 ULONG PageProtection
;
2271 } AcquireForSectionSynchronization
;
2274 FS_FILTER_STREAM_FO_NOTIFICATION_TYPE NotificationType
;
2275 BOOLEAN POINTER_ALIGNMENT SafeToRecurse
;
2276 } NotifyStreamFileObject
;
2285 } FS_FILTER_PARAMETERS
, *PFS_FILTER_PARAMETERS
;
2287 typedef struct _FS_FILTER_CALLBACK_DATA
{
2288 ULONG SizeOfFsFilterCallbackData
;
2291 struct _DEVICE_OBJECT
*DeviceObject
;
2292 struct _FILE_OBJECT
*FileObject
;
2293 FS_FILTER_PARAMETERS Parameters
;
2294 } FS_FILTER_CALLBACK_DATA
, *PFS_FILTER_CALLBACK_DATA
;
2297 (NTAPI
*PFS_FILTER_CALLBACK
) (
2298 IN PFS_FILTER_CALLBACK_DATA Data
,
2299 OUT PVOID
*CompletionContext
2303 (NTAPI
*PFS_FILTER_COMPLETION_CALLBACK
) (
2304 IN PFS_FILTER_CALLBACK_DATA Data
,
2305 IN NTSTATUS OperationStatus
,
2306 IN PVOID CompletionContext
2309 typedef struct _FS_FILTER_CALLBACKS
{
2310 ULONG SizeOfFsFilterCallbacks
;
2312 PFS_FILTER_CALLBACK PreAcquireForSectionSynchronization
;
2313 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForSectionSynchronization
;
2314 PFS_FILTER_CALLBACK PreReleaseForSectionSynchronization
;
2315 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForSectionSynchronization
;
2316 PFS_FILTER_CALLBACK PreAcquireForCcFlush
;
2317 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForCcFlush
;
2318 PFS_FILTER_CALLBACK PreReleaseForCcFlush
;
2319 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForCcFlush
;
2320 PFS_FILTER_CALLBACK PreAcquireForModifiedPageWriter
;
2321 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForModifiedPageWriter
;
2322 PFS_FILTER_CALLBACK PreReleaseForModifiedPageWriter
;
2323 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForModifiedPageWriter
;
2324 } FS_FILTER_CALLBACKS
, *PFS_FILTER_CALLBACKS
;
2326 typedef struct _READ_LIST
{
2327 PFILE_OBJECT FileObject
;
2328 ULONG NumberOfEntries
;
2330 FILE_SEGMENT_ELEMENT List
[ANYSIZE_ARRAY
];
2331 } READ_LIST
, *PREAD_LIST
;
2336 (NTAPI
* PRTL_HEAP_COMMIT_ROUTINE
) (
2338 IN OUT PVOID
*CommitAddress
,
2339 IN OUT PSIZE_T CommitSize
2342 typedef struct _RTL_HEAP_PARAMETERS
{
2344 SIZE_T SegmentReserve
;
2345 SIZE_T SegmentCommit
;
2346 SIZE_T DeCommitFreeBlockThreshold
;
2347 SIZE_T DeCommitTotalFreeThreshold
;
2348 SIZE_T MaximumAllocationSize
;
2349 SIZE_T VirtualMemoryThreshold
;
2350 SIZE_T InitialCommit
;
2351 SIZE_T InitialReserve
;
2352 PRTL_HEAP_COMMIT_ROUTINE CommitRoutine
;
2354 } RTL_HEAP_PARAMETERS
, *PRTL_HEAP_PARAMETERS
;
2360 IN PFILE_OBJECT FileObject
,
2361 IN ULONG BytesToWrite
,
2370 IN PFILE_OBJECT FileObject
,
2371 IN PLARGE_INTEGER FileOffset
,
2375 OUT PIO_STATUS_BLOCK IoStatus
2382 IN PFILE_OBJECT FileObject
,
2383 IN PLARGE_INTEGER FileOffset
,
2389 #define CcCopyWriteWontFlush(FO, FOFF, LEN) ((LEN) <= 0x10000)
2391 typedef VOID (NTAPI
*PCC_POST_DEFERRED_WRITE
) (
2400 IN PFILE_OBJECT FileObject
,
2401 IN PCC_POST_DEFERRED_WRITE PostRoutine
,
2404 IN ULONG BytesToWrite
,
2412 IN PFILE_OBJECT FileObject
,
2413 IN ULONG FileOffset
,
2417 OUT PIO_STATUS_BLOCK IoStatus
2424 IN PFILE_OBJECT FileObject
,
2425 IN ULONG FileOffset
,
2434 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
2435 IN PLARGE_INTEGER FileOffset OPTIONAL
,
2437 OUT PIO_STATUS_BLOCK IoStatus OPTIONAL
2440 typedef VOID (NTAPI
*PDIRTY_PAGE_ROUTINE
) (
2441 IN PFILE_OBJECT FileObject
,
2442 IN PLARGE_INTEGER FileOffset
,
2444 IN PLARGE_INTEGER OldestLsn
,
2445 IN PLARGE_INTEGER NewestLsn
,
2455 IN PDIRTY_PAGE_ROUTINE DirtyPageRoutine
,
2463 CcGetFileObjectFromBcb (
2470 CcGetFileObjectFromSectionPtrs (
2471 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
2474 #define CcGetFileSizePointer(FO) ( \
2475 ((PLARGE_INTEGER)((FO)->SectionObjectPointer->SharedCacheMap) + 1) \
2478 #if (VER_PRODUCTBUILD >= 2195)
2483 CcGetFlushedValidData (
2484 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
2485 IN BOOLEAN BcbListHeld
2488 #endif /* (VER_PRODUCTBUILD >= 2195) */
2493 CcGetLsnForFileObject (
2494 IN PFILE_OBJECT FileObject
,
2495 OUT PLARGE_INTEGER OldestLsn OPTIONAL
2498 typedef BOOLEAN (NTAPI
*PACQUIRE_FOR_LAZY_WRITE
) (
2503 typedef VOID (NTAPI
*PRELEASE_FROM_LAZY_WRITE
) (
2507 typedef BOOLEAN (NTAPI
*PACQUIRE_FOR_READ_AHEAD
) (
2512 typedef VOID (NTAPI
*PRELEASE_FROM_READ_AHEAD
) (
2516 typedef struct _CACHE_MANAGER_CALLBACKS
{
2517 PACQUIRE_FOR_LAZY_WRITE AcquireForLazyWrite
;
2518 PRELEASE_FROM_LAZY_WRITE ReleaseFromLazyWrite
;
2519 PACQUIRE_FOR_READ_AHEAD AcquireForReadAhead
;
2520 PRELEASE_FROM_READ_AHEAD ReleaseFromReadAhead
;
2521 } CACHE_MANAGER_CALLBACKS
, *PCACHE_MANAGER_CALLBACKS
;
2526 CcInitializeCacheMap (
2527 IN PFILE_OBJECT FileObject
,
2528 IN PCC_FILE_SIZES FileSizes
,
2529 IN BOOLEAN PinAccess
,
2530 IN PCACHE_MANAGER_CALLBACKS Callbacks
,
2531 IN PVOID LazyWriteContext
2534 #define CcIsFileCached(FO) ( \
2535 ((FO)->SectionObjectPointer != NULL) && \
2536 (((PSECTION_OBJECT_POINTERS)(FO)->SectionObjectPointer)->SharedCacheMap != NULL) \
2539 extern ULONG CcFastMdlReadWait
;
2544 CcIsThereDirtyData (
2552 IN PFILE_OBJECT FileObject
,
2553 IN PLARGE_INTEGER FileOffset
,
2564 IN PFILE_OBJECT FileObject
,
2565 IN PLARGE_INTEGER FileOffset
,
2568 OUT PIO_STATUS_BLOCK IoStatus
2575 IN PFILE_OBJECT FileObject
,
2582 CcMdlWriteComplete (
2583 IN PFILE_OBJECT FileObject
,
2584 IN PLARGE_INTEGER FileOffset
,
2594 IN PFILE_OBJECT FileObject
,
2595 IN PLARGE_INTEGER FileOffset
,
2605 IN PFILE_OBJECT FileObject
,
2606 IN PLARGE_INTEGER FileOffset
,
2617 IN PFILE_OBJECT FileObject
,
2618 IN PLARGE_INTEGER FileOffset
,
2621 OUT PIO_STATUS_BLOCK IoStatus
2628 IN PFILE_OBJECT FileObject
,
2629 IN PLARGE_INTEGER FileOffset
,
2640 CcPurgeCacheSection (
2641 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
2642 IN PLARGE_INTEGER FileOffset OPTIONAL
,
2644 IN BOOLEAN UninitializeCacheMaps
2647 #define CcReadAhead(FO, FOFF, LEN) ( \
2648 if ((LEN) >= 256) { \
2649 CcScheduleReadAhead((FO), (FOFF), (LEN)); \
2653 #if (VER_PRODUCTBUILD >= 2195)
2662 #endif /* (VER_PRODUCTBUILD >= 2195) */
2674 CcScheduleReadAhead (
2675 IN PFILE_OBJECT FileObject
,
2676 IN PLARGE_INTEGER FileOffset
,
2683 CcSetAdditionalCacheAttributes (
2684 IN PFILE_OBJECT FileObject
,
2685 IN BOOLEAN DisableReadAhead
,
2686 IN BOOLEAN DisableWriteBehind
2692 CcSetBcbOwnerPointer (
2694 IN PVOID OwnerPointer
2700 CcSetDirtyPageThreshold (
2701 IN PFILE_OBJECT FileObject
,
2702 IN ULONG DirtyPageThreshold
2708 CcSetDirtyPinnedData (
2710 IN PLARGE_INTEGER Lsn OPTIONAL
2717 IN PFILE_OBJECT FileObject
,
2718 IN PCC_FILE_SIZES FileSizes
2721 typedef VOID (NTAPI
*PFLUSH_TO_LSN
) (
2723 IN LARGE_INTEGER Lsn
2729 CcSetLogHandleForFile (
2730 IN PFILE_OBJECT FileObject
,
2732 IN PFLUSH_TO_LSN FlushToLsnRoutine
2738 CcSetReadAheadGranularity (
2739 IN PFILE_OBJECT FileObject
,
2740 IN ULONG Granularity
/* default: PAGE_SIZE */
2741 /* allowed: 2^n * PAGE_SIZE */
2747 CcUninitializeCacheMap (
2748 IN PFILE_OBJECT FileObject
,
2749 IN PLARGE_INTEGER TruncateSize OPTIONAL
,
2750 IN PCACHE_UNINITIALIZE_EVENT UninitializeCompleteEvent OPTIONAL
2763 CcUnpinDataForThread (
2765 IN ERESOURCE_THREAD ResourceThreadId
2771 CcUnpinRepinnedBcb (
2773 IN BOOLEAN WriteThrough
,
2774 OUT PIO_STATUS_BLOCK IoStatus
2777 #if (VER_PRODUCTBUILD >= 2195)
2782 CcWaitForCurrentLazyWriterActivity (
2786 #endif /* (VER_PRODUCTBUILD >= 2195) */
2792 IN PFILE_OBJECT FileObject
,
2793 IN PLARGE_INTEGER StartOffset
,
2794 IN PLARGE_INTEGER EndOffset
,
2801 ExDisableResourceBoostLite (
2802 IN PERESOURCE Resource
2808 ExQueryPoolBlockSize (
2810 OUT PBOOLEAN QuotaCharged
2813 #if (VER_PRODUCTBUILD >= 2600)
2815 #ifndef __NTOSKRNL__
2819 ExInitializeRundownProtection (
2820 IN PEX_RUNDOWN_REF RunRef
2826 ExReInitializeRundownProtection (
2827 IN PEX_RUNDOWN_REF RunRef
2833 ExAcquireRundownProtection (
2834 IN PEX_RUNDOWN_REF RunRef
2840 ExAcquireRundownProtectionEx (
2841 IN PEX_RUNDOWN_REF RunRef
,
2848 ExReleaseRundownProtection (
2849 IN PEX_RUNDOWN_REF RunRef
2855 ExReleaseRundownProtectionEx (
2856 IN PEX_RUNDOWN_REF RunRef
,
2863 ExRundownCompleted (
2864 IN PEX_RUNDOWN_REF RunRef
2870 ExWaitForRundownProtectionRelease (
2871 IN PEX_RUNDOWN_REF RunRef
2875 #endif /* (VER_PRODUCTBUILD >= 2600) */
2878 #define FsRtlSetupAdvancedHeader( _advhdr, _fmutx ) \
2880 SetFlag( (_advhdr)->Flags, FSRTL_FLAG_ADVANCED_HEADER ); \
2881 SetFlag( (_advhdr)->Flags2, FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS ); \
2882 (_advhdr)->Version = FSRTL_FCB_HEADER_V1; \
2883 InitializeListHead( &(_advhdr)->FilterContexts ); \
2884 if ((_fmutx) != NULL) { \
2885 (_advhdr)->FastMutex = (_fmutx); \
2887 *((PULONG_PTR)(&(_advhdr)->PushLock)) = 0; \
2888 /*ExInitializePushLock( &(_advhdr)->PushLock ); API Not avaliable downlevel*/\
2889 (_advhdr)->FileContextSupportPointer = NULL; \
2895 FsRtlAddBaseMcbEntry (
2899 IN LONGLONG SectorCount
2905 FsRtlAddLargeMcbEntry (
2909 IN LONGLONG SectorCount
2919 IN ULONG SectorCount
2925 FsRtlAddToTunnelCache (
2927 IN ULONGLONG DirectoryKey
,
2928 IN PUNICODE_STRING ShortName
,
2929 IN PUNICODE_STRING LongName
,
2930 IN BOOLEAN KeyByShortName
,
2931 IN ULONG DataLength
,
2935 #if (VER_PRODUCTBUILD >= 2195)
2939 FsRtlAllocateFileLock (
2940 IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL
,
2941 IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL
2944 #endif /* (VER_PRODUCTBUILD >= 2195) */
2950 IN POOL_TYPE PoolType
,
2951 IN ULONG NumberOfBytes
2957 FsRtlAllocatePoolWithQuota (
2958 IN POOL_TYPE PoolType
,
2959 IN ULONG NumberOfBytes
2965 FsRtlAllocatePoolWithQuotaTag (
2966 IN POOL_TYPE PoolType
,
2967 IN ULONG NumberOfBytes
,
2974 FsRtlAllocatePoolWithTag (
2975 IN POOL_TYPE PoolType
,
2976 IN ULONG NumberOfBytes
,
2983 FsRtlAreNamesEqual (
2984 IN PCUNICODE_STRING Name1
,
2985 IN PCUNICODE_STRING Name2
,
2986 IN BOOLEAN IgnoreCase
,
2987 IN PCWCH UpcaseTable OPTIONAL
2990 #define FsRtlAreThereCurrentFileLocks(FL) ( \
2991 ((FL)->FastIoIsQuestionable) \
2995 FsRtlCheckLockForReadAccess:
2997 All this really does is pick out the lock parameters from the irp (io stack
2998 location?), get IoGetRequestorProcess, and pass values on to
2999 FsRtlFastCheckLockForRead.
3004 FsRtlCheckLockForReadAccess (
3005 IN PFILE_LOCK FileLock
,
3010 FsRtlCheckLockForWriteAccess:
3012 All this really does is pick out the lock parameters from the irp (io stack
3013 location?), get IoGetRequestorProcess, and pass values on to
3014 FsRtlFastCheckLockForWrite.
3019 FsRtlCheckLockForWriteAccess (
3020 IN PFILE_LOCK FileLock
,
3026 (NTAPI
*POPLOCK_WAIT_COMPLETE_ROUTINE
) (
3033 (NTAPI
*POPLOCK_FS_PREPOST_IRP
) (
3045 IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL
,
3046 IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL
3053 IN PFILE_OBJECT FileObject
,
3054 IN PLARGE_INTEGER FileOffset
,
3059 OUT PIO_STATUS_BLOCK IoStatus
,
3060 IN PDEVICE_OBJECT DeviceObject
3067 IN PFILE_OBJECT FileObject
,
3068 IN PLARGE_INTEGER FileOffset
,
3073 OUT PIO_STATUS_BLOCK IoStatus
,
3074 IN PDEVICE_OBJECT DeviceObject
3077 #define HEAP_NO_SERIALIZE 0x00000001
3078 #define HEAP_GROWABLE 0x00000002
3079 #define HEAP_GENERATE_EXCEPTIONS 0x00000004
3080 #define HEAP_ZERO_MEMORY 0x00000008
3081 #define HEAP_REALLOC_IN_PLACE_ONLY 0x00000010
3082 #define HEAP_TAIL_CHECKING_ENABLED 0x00000020
3083 #define HEAP_FREE_CHECKING_ENABLED 0x00000040
3084 #define HEAP_DISABLE_COALESCE_ON_FREE 0x00000080
3086 #define HEAP_CREATE_ALIGN_16 0x00010000
3087 #define HEAP_CREATE_ENABLE_TRACING 0x00020000
3088 #define HEAP_CREATE_ENABLE_EXECUTE 0x00040000
3095 IN PVOID HeapBase OPTIONAL
,
3096 IN SIZE_T ReserveSize OPTIONAL
,
3097 IN SIZE_T CommitSize OPTIONAL
,
3098 IN PVOID Lock OPTIONAL
,
3099 IN PRTL_HEAP_PARAMETERS Parameters OPTIONAL
3105 FsRtlCurrentBatchOplock (
3112 FsRtlDeleteKeyFromTunnelCache (
3114 IN ULONGLONG DirectoryKey
3120 FsRtlDeleteTunnelCache (
3127 FsRtlDeregisterUncProvider (
3142 IN ANSI_STRING Name
,
3143 OUT PANSI_STRING FirstPart
,
3144 OUT PANSI_STRING RemainingPart
3151 IN UNICODE_STRING Name
,
3152 OUT PUNICODE_STRING FirstPart
,
3153 OUT PUNICODE_STRING RemainingPart
3159 FsRtlDoesDbcsContainWildCards (
3160 IN PANSI_STRING Name
3166 FsRtlDoesNameContainWildCards (
3167 IN PUNICODE_STRING Name
3173 FsRtlIsFatDbcsLegal (
3174 IN ANSI_STRING DbcsName
,
3175 IN BOOLEAN WildCardsPermissible
,
3176 IN BOOLEAN PathNamePermissible
,
3177 IN BOOLEAN LeadingBackslashPermissible
3181 #define FsRtlCompleteRequest(IRP,STATUS) { \
3182 (IRP)->IoStatus.Status = (STATUS); \
3183 IoCompleteRequest( (IRP), IO_DISK_INCREMENT ); \
3186 #define FsRtlEnterFileSystem KeEnterCriticalRegion
3188 #define FsRtlExitFileSystem KeLeaveCriticalRegion
3193 FsRtlFastCheckLockForRead (
3194 IN PFILE_LOCK FileLock
,
3195 IN PLARGE_INTEGER FileOffset
,
3196 IN PLARGE_INTEGER Length
,
3198 IN PFILE_OBJECT FileObject
,
3205 FsRtlFastCheckLockForWrite (
3206 IN PFILE_LOCK FileLock
,
3207 IN PLARGE_INTEGER FileOffset
,
3208 IN PLARGE_INTEGER Length
,
3210 IN PFILE_OBJECT FileObject
,
3214 #define FsRtlFastLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, A10, A11) ( \
3215 FsRtlPrivateLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, NULL, A10, A11) \
3221 FsRtlFastUnlockAll (
3222 IN PFILE_LOCK FileLock
,
3223 IN PFILE_OBJECT FileObject
,
3224 IN PEPROCESS Process
,
3225 IN PVOID Context OPTIONAL
3227 /* ret: STATUS_RANGE_NOT_LOCKED */
3232 FsRtlFastUnlockAllByKey (
3233 IN PFILE_LOCK FileLock
,
3234 IN PFILE_OBJECT FileObject
,
3235 IN PEPROCESS Process
,
3237 IN PVOID Context OPTIONAL
3239 /* ret: STATUS_RANGE_NOT_LOCKED */
3244 FsRtlFastUnlockSingle (
3245 IN PFILE_LOCK FileLock
,
3246 IN PFILE_OBJECT FileObject
,
3247 IN PLARGE_INTEGER FileOffset
,
3248 IN PLARGE_INTEGER Length
,
3249 IN PEPROCESS Process
,
3251 IN PVOID Context OPTIONAL
,
3252 IN BOOLEAN AlreadySynchronized
3254 /* ret: STATUS_RANGE_NOT_LOCKED */
3259 FsRtlFindInTunnelCache (
3261 IN ULONGLONG DirectoryKey
,
3262 IN PUNICODE_STRING Name
,
3263 OUT PUNICODE_STRING ShortName
,
3264 OUT PUNICODE_STRING LongName
,
3265 IN OUT PULONG DataLength
,
3269 #if (VER_PRODUCTBUILD >= 2195)
3275 IN PFILE_LOCK FileLock
3278 #endif /* (VER_PRODUCTBUILD >= 2195) */
3284 IN PFILE_OBJECT FileObject
,
3285 IN OUT PLARGE_INTEGER FileSize
3291 FsRtlGetNextBaseMcbEntry (
3296 OUT PLONGLONG SectorCount
3300 FsRtlGetNextFileLock:
3302 ret: NULL if no more locks
3305 FsRtlGetNextFileLock uses FileLock->LastReturnedLockInfo and
3306 FileLock->LastReturnedLock as storage.
3307 LastReturnedLock is a pointer to the 'raw' lock inkl. double linked
3308 list, and FsRtlGetNextFileLock needs this to get next lock on subsequent
3309 calls with Restart = FALSE.
3314 FsRtlGetNextFileLock (
3315 IN PFILE_LOCK FileLock
,
3322 FsRtlGetNextLargeMcbEntry (
3327 OUT PLONGLONG SectorCount
3333 FsRtlGetNextMcbEntry (
3338 OUT PULONG SectorCount
3341 #define FsRtlGetPerStreamContextPointer(FO) ( \
3342 (PFSRTL_ADVANCED_FCB_HEADER)(FO)->FsContext \
3348 FsRtlInitializeBaseMcb (
3350 IN POOL_TYPE PoolType
3356 FsRtlInitializeFileLock (
3357 IN PFILE_LOCK FileLock
,
3358 IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL
,
3359 IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL
3365 FsRtlInitializeLargeMcb (
3367 IN POOL_TYPE PoolType
3373 FsRtlInitializeMcb (
3375 IN POOL_TYPE PoolType
3381 FsRtlInitializeOplock (
3382 IN OUT POPLOCK Oplock
3388 FsRtlInitializeTunnelCache (
3392 #define FsRtlInitPerStreamContext(PSC, O, I, FC) ( \
3393 (PSC)->OwnerId = (O), \
3394 (PSC)->InstanceId = (I), \
3395 (PSC)->FreeCallback = (FC) \
3401 FsRtlInsertPerStreamContext (
3402 IN PFSRTL_ADVANCED_FCB_HEADER PerStreamContext
,
3403 IN PFSRTL_PER_STREAM_CONTEXT Ptr
3406 #define FsRtlIsAnsiCharacterLegalFat(C, WILD) ( \
3407 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_FAT_LEGAL) | \
3408 ((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \
3411 #define FsRtlIsAnsiCharacterLegalHpfs(C, WILD) ( \
3412 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_HPFS_LEGAL) | \
3413 ((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \
3416 #define FsRtlIsAnsiCharacterLegalNtfs(C, WILD) ( \
3417 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_NTFS_LEGAL) | \
3418 ((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \
3421 #define FsRtlIsAnsiCharacterWild(C) ( \
3422 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], FSRTL_WILD_CHARACTER ) \
3428 FsRtlIsFatDbcsLegal (
3429 IN ANSI_STRING DbcsName
,
3430 IN BOOLEAN WildCardsPermissible
,
3431 IN BOOLEAN PathNamePermissible
,
3432 IN BOOLEAN LeadingBackslashPermissible
3438 FsRtlIsHpfsDbcsLegal (
3439 IN ANSI_STRING DbcsName
,
3440 IN BOOLEAN WildCardsPermissible
,
3441 IN BOOLEAN PathNamePermissible
,
3442 IN BOOLEAN LeadingBackslashPermissible
3448 FsRtlIsNameInExpression (
3449 IN PUNICODE_STRING Expression
,
3450 IN PUNICODE_STRING Name
,
3451 IN BOOLEAN IgnoreCase
,
3452 IN PWCHAR UpcaseTable OPTIONAL
3458 FsRtlIsNtstatusExpected (
3459 IN NTSTATUS Ntstatus
3462 #define NLS_OEM_LEAD_BYTE_INFO NlsOemLeadByteInfo
3464 extern PUSHORT NlsOemLeadByteInfo
;
3466 #define FsRtlIsLeadDbcsCharacter(DBCS_CHAR) ( \
3467 (BOOLEAN)((UCHAR)(DBCS_CHAR) < 0x80 ? FALSE : \
3468 (NLS_MB_CODE_PAGE_TAG && \
3469 (NLS_OEM_LEAD_BYTE_INFO[(UCHAR)(DBCS_CHAR)] != 0))) \
3472 #define FsRtlIsUnicodeCharacterWild(C) ( \
3475 FlagOn(FsRtlLegalAnsiCharacterArray[(C)], FSRTL_WILD_CHARACTER )) \
3481 FsRtlLookupBaseMcbEntry (
3484 OUT PLONGLONG Lbn OPTIONAL
,
3485 OUT PLONGLONG SectorCountFromLbn OPTIONAL
,
3486 OUT PLONGLONG StartingLbn OPTIONAL
,
3487 OUT PLONGLONG SectorCountFromStartingLbn OPTIONAL
,
3488 OUT PULONG Index OPTIONAL
3494 FsRtlLookupLargeMcbEntry (
3497 OUT PLONGLONG Lbn OPTIONAL
,
3498 OUT PLONGLONG SectorCountFromLbn OPTIONAL
,
3499 OUT PLONGLONG StartingLbn OPTIONAL
,
3500 OUT PLONGLONG SectorCountFromStartingLbn OPTIONAL
,
3501 OUT PULONG Index OPTIONAL
3507 FsRtlLookupLastBaseMcbEntry (
3516 FsRtlLookupLastLargeMcbEntry (
3525 FsRtlLookupLastMcbEntry (
3534 FsRtlLookupLastBaseMcbEntryAndIndex (
3535 IN PBASE_MCB OpaqueMcb
,
3536 IN OUT PLONGLONG LargeVbn
,
3537 IN OUT PLONGLONG LargeLbn
,
3544 FsRtlLookupLastLargeMcbEntryAndIndex (
3545 IN PLARGE_MCB OpaqueMcb
,
3546 OUT PLONGLONG LargeVbn
,
3547 OUT PLONGLONG LargeLbn
,
3554 FsRtlLookupMcbEntry (
3558 OUT PULONG SectorCount OPTIONAL
,
3563 PFSRTL_PER_STREAM_CONTEXT
3565 FsRtlLookupPerStreamContextInternal (
3566 IN PFSRTL_ADVANCED_FCB_HEADER StreamContext
,
3567 IN PVOID OwnerId OPTIONAL
,
3568 IN PVOID InstanceId OPTIONAL
3575 IN PFILE_OBJECT FileObject
,
3576 IN PLARGE_INTEGER FileOffset
,
3580 OUT PIO_STATUS_BLOCK IoStatus
,
3581 IN PDEVICE_OBJECT DeviceObject
3587 FsRtlMdlReadComplete (
3588 IN PFILE_OBJECT FileObject
,
3595 FsRtlMdlReadCompleteDev (
3596 IN PFILE_OBJECT FileObject
,
3598 IN PDEVICE_OBJECT DeviceObject
3604 FsRtlPrepareMdlWriteDev (
3605 IN PFILE_OBJECT FileObject
,
3606 IN PLARGE_INTEGER FileOffset
,
3610 OUT PIO_STATUS_BLOCK IoStatus
,
3611 IN PDEVICE_OBJECT DeviceObject
3617 FsRtlMdlWriteComplete (
3618 IN PFILE_OBJECT FileObject
,
3619 IN PLARGE_INTEGER FileOffset
,
3626 FsRtlMdlWriteCompleteDev (
3627 IN PFILE_OBJECT FileObject
,
3628 IN PLARGE_INTEGER FileOffset
,
3630 IN PDEVICE_OBJECT DeviceObject
3636 FsRtlNormalizeNtstatus (
3637 IN NTSTATUS Exception
,
3638 IN NTSTATUS GenericException
3644 FsRtlNotifyChangeDirectory (
3645 IN PNOTIFY_SYNC NotifySync
,
3647 IN PSTRING FullDirectoryName
,
3648 IN PLIST_ENTRY NotifyList
,
3649 IN BOOLEAN WatchTree
,
3650 IN ULONG CompletionFilter
,
3657 FsRtlNotifyCleanup (
3658 IN PNOTIFY_SYNC NotifySync
,
3659 IN PLIST_ENTRY NotifyList
,
3663 typedef BOOLEAN (NTAPI
*PCHECK_FOR_TRAVERSE_ACCESS
) (
3664 IN PVOID NotifyContext
,
3665 IN PVOID TargetContext
,
3666 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
3672 FsRtlNotifyFilterChangeDirectory (
3673 IN PNOTIFY_SYNC NotifySync
,
3674 IN PLIST_ENTRY NotifyList
,
3676 IN PSTRING FullDirectoryName
,
3677 IN BOOLEAN WatchTree
,
3678 IN BOOLEAN IgnoreBuffer
,
3679 IN ULONG CompletionFilter
,
3681 IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL
,
3682 IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL
,
3683 IN PFILTER_REPORT_CHANGE FilterCallback OPTIONAL
);
3688 FsRtlNotifyFilterReportChange (
3689 IN PNOTIFY_SYNC NotifySync
,
3690 IN PLIST_ENTRY NotifyList
,
3691 IN PSTRING FullTargetName
,
3692 IN USHORT TargetNameOffset
,
3693 IN PSTRING StreamName OPTIONAL
,
3694 IN PSTRING NormalizedParentName OPTIONAL
,
3695 IN ULONG FilterMatch
,
3697 IN PVOID TargetContext
,
3698 IN PVOID FilterContext
);
3703 FsRtlNotifyFullChangeDirectory (
3704 IN PNOTIFY_SYNC NotifySync
,
3705 IN PLIST_ENTRY NotifyList
,
3707 IN PSTRING FullDirectoryName
,
3708 IN BOOLEAN WatchTree
,
3709 IN BOOLEAN IgnoreBuffer
,
3710 IN ULONG CompletionFilter
,
3712 IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL
,
3713 IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL
3719 FsRtlNotifyFullReportChange (
3720 IN PNOTIFY_SYNC NotifySync
,
3721 IN PLIST_ENTRY NotifyList
,
3722 IN PSTRING FullTargetName
,
3723 IN USHORT TargetNameOffset
,
3724 IN PSTRING StreamName OPTIONAL
,
3725 IN PSTRING NormalizedParentName OPTIONAL
,
3726 IN ULONG FilterMatch
,
3728 IN PVOID TargetContext
3734 FsRtlNotifyInitializeSync (
3735 IN PNOTIFY_SYNC
*NotifySync
3741 FsRtlNotifyUninitializeSync (
3742 IN PNOTIFY_SYNC
*NotifySync
3745 #if (VER_PRODUCTBUILD >= 2195)
3750 FsRtlNotifyVolumeEvent (
3751 IN PFILE_OBJECT FileObject
,
3755 #endif /* (VER_PRODUCTBUILD >= 2195) */
3760 FsRtlNumberOfRunsInBaseMcb (
3767 FsRtlNumberOfRunsInLargeMcb (
3774 FsRtlNumberOfRunsInMcb (
3790 FsRtlOplockIsFastIoPossible (
3795 (NTAPI
*PFSRTL_STACK_OVERFLOW_ROUTINE
) (
3803 FsRtlPostPagingFileStackOverflow (
3806 IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine
3812 FsRtlPostStackOverflow (
3815 IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine
3821 ret: IoStatus->Status: STATUS_PENDING, STATUS_LOCK_NOT_GRANTED
3824 -Calls IoCompleteRequest if Irp
3825 -Uses exception handling / ExRaiseStatus with STATUS_INSUFFICIENT_RESOURCES
3831 IN PFILE_LOCK FileLock
,
3832 IN PFILE_OBJECT FileObject
,
3833 IN PLARGE_INTEGER FileOffset
,
3834 IN PLARGE_INTEGER Length
,
3835 IN PEPROCESS Process
,
3837 IN BOOLEAN FailImmediately
,
3838 IN BOOLEAN ExclusiveLock
,
3839 OUT PIO_STATUS_BLOCK IoStatus
,
3840 IN PIRP Irp OPTIONAL
,
3842 IN BOOLEAN AlreadySynchronized
3846 FsRtlProcessFileLock:
3849 -STATUS_INVALID_DEVICE_REQUEST
3850 -STATUS_RANGE_NOT_LOCKED from unlock routines.
3851 -STATUS_PENDING, STATUS_LOCK_NOT_GRANTED from FsRtlPrivateLock
3852 (redirected IoStatus->Status).
3855 -switch ( Irp->CurrentStackLocation->MinorFunction )
3856 lock: return FsRtlPrivateLock;
3857 unlocksingle: return FsRtlFastUnlockSingle;
3858 unlockall: return FsRtlFastUnlockAll;
3859 unlockallbykey: return FsRtlFastUnlockAllByKey;
3860 default: IofCompleteRequest with STATUS_INVALID_DEVICE_REQUEST;
3861 return STATUS_INVALID_DEVICE_REQUEST;
3863 -'AllwaysZero' is passed thru as 'AllwaysZero' to lock / unlock routines.
3864 -'Irp' is passet thru as 'Irp' to FsRtlPrivateLock.
3869 FsRtlProcessFileLock (
3870 IN PFILE_LOCK FileLock
,
3872 IN PVOID Context OPTIONAL
3878 FsRtlRegisterUncProvider (
3879 IN OUT PHANDLE MupHandle
,
3880 IN PUNICODE_STRING RedirectorDeviceName
,
3881 IN BOOLEAN MailslotsSupported
3887 FsRtlRemoveBaseMcbEntry (
3890 IN LONGLONG SectorCount
3896 FsRtlRemoveLargeMcbEntry (
3899 IN LONGLONG SectorCount
3905 FsRtlRemoveMcbEntry (
3908 IN ULONG SectorCount
3912 PFSRTL_PER_STREAM_CONTEXT
3914 FsRtlRemovePerStreamContext (
3915 IN PFSRTL_ADVANCED_FCB_HEADER StreamContext
,
3916 IN PVOID OwnerId OPTIONAL
,
3917 IN PVOID InstanceId OPTIONAL
3930 FsRtlResetLargeMcb (
3932 IN BOOLEAN SelfSynchronized
3947 FsRtlSplitLargeMcb (
3953 #define FsRtlSupportsPerStreamContexts(FO) ( \
3954 (BOOLEAN)((NULL != FsRtlGetPerStreamContextPointer(FO) && \
3955 FlagOn(FsRtlGetPerStreamContextPointer(FO)->Flags2, \
3956 FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS)) \
3962 FsRtlTruncateBaseMcb (
3970 FsRtlTruncateLargeMcb (
3986 FsRtlUninitializeBaseMcb (
3993 FsRtlUninitializeFileLock (
3994 IN PFILE_LOCK FileLock
4000 FsRtlUninitializeLargeMcb (
4007 FsRtlUninitializeMcb (
4014 FsRtlUninitializeOplock (
4015 IN OUT POPLOCK Oplock
4021 KeSetIdealProcessorThread(
4022 IN OUT PKTHREAD Thread
,
4029 IoAttachDeviceToDeviceStackSafe(
4030 IN PDEVICE_OBJECT SourceDevice
,
4031 IN PDEVICE_OBJECT TargetDevice
,
4032 OUT PDEVICE_OBJECT
*AttachedToDeviceObject
4038 IoAcquireVpbSpinLock (
4045 IoCheckDesiredAccess (
4046 IN OUT PACCESS_MASK DesiredAccess
,
4047 IN ACCESS_MASK GrantedAccess
4053 IoCheckEaBufferValidity (
4054 IN PFILE_FULL_EA_INFORMATION EaBuffer
,
4056 OUT PULONG ErrorOffset
4062 IoCheckFunctionAccess (
4063 IN ACCESS_MASK GrantedAccess
,
4064 IN UCHAR MajorFunction
,
4065 IN UCHAR MinorFunction
,
4066 IN ULONG IoControlCode
,
4067 IN PVOID Argument1 OPTIONAL
,
4068 IN PVOID Argument2 OPTIONAL
4071 #if (VER_PRODUCTBUILD >= 2195)
4076 IoCheckQuotaBufferValidity (
4077 IN PFILE_QUOTA_INFORMATION QuotaBuffer
,
4078 IN ULONG QuotaLength
,
4079 OUT PULONG ErrorOffset
4082 #endif /* (VER_PRODUCTBUILD >= 2195) */
4087 IoCreateStreamFileObject (
4088 IN PFILE_OBJECT FileObject OPTIONAL
,
4089 IN PDEVICE_OBJECT DeviceObject OPTIONAL
4092 #if (VER_PRODUCTBUILD >= 2195)
4097 IoCreateStreamFileObjectLite (
4098 IN PFILE_OBJECT FileObject OPTIONAL
,
4099 IN PDEVICE_OBJECT DeviceObject OPTIONAL
4102 #endif /* (VER_PRODUCTBUILD >= 2195) */
4107 IoFastQueryNetworkAttributes (
4108 IN POBJECT_ATTRIBUTES ObjectAttributes
,
4109 IN ACCESS_MASK DesiredAccess
,
4110 IN ULONG OpenOptions
,
4111 OUT PIO_STATUS_BLOCK IoStatus
,
4112 OUT PFILE_NETWORK_OPEN_INFORMATION Buffer
4118 IoGetAttachedDevice (
4119 IN PDEVICE_OBJECT DeviceObject
4125 IoGetBaseFileSystemDeviceObject (
4126 IN PFILE_OBJECT FileObject
4129 #if (VER_PRODUCTBUILD >= 2600)
4134 IoGetDeviceAttachmentBaseRef (
4135 IN PDEVICE_OBJECT DeviceObject
4141 IoGetDiskDeviceObject (
4142 IN PDEVICE_OBJECT FileSystemDeviceObject
,
4143 OUT PDEVICE_OBJECT
*DiskDeviceObject
4149 IoGetLowerDeviceObject (
4150 IN PDEVICE_OBJECT DeviceObject
4153 #endif /* (VER_PRODUCTBUILD >= 2600) */
4158 IoGetRequestorProcess (
4162 #if (VER_PRODUCTBUILD >= 2195)
4167 IoGetRequestorProcessId (
4171 #endif /* (VER_PRODUCTBUILD >= 2195) */
4180 #define IoIsFileOpenedExclusively(FileObject) ( \
4182 (FileObject)->SharedRead || \
4183 (FileObject)->SharedWrite || \
4184 (FileObject)->SharedDelete \
4191 IoIsOperationSynchronous (
4202 #if (VER_PRODUCTBUILD >= 2195)
4207 IoIsValidNameGraftingBuffer (
4209 IN PREPARSE_DATA_BUFFER ReparseBuffer
4212 #endif /* (VER_PRODUCTBUILD >= 2195) */
4218 IN PFILE_OBJECT FileObject
,
4220 IN PLARGE_INTEGER Offset
,
4222 OUT PIO_STATUS_BLOCK IoStatusBlock
4228 IoQueryFileInformation (
4229 IN PFILE_OBJECT FileObject
,
4230 IN FILE_INFORMATION_CLASS FileInformationClass
,
4232 OUT PVOID FileInformation
,
4233 OUT PULONG ReturnedLength
4239 IoQueryVolumeInformation (
4240 IN PFILE_OBJECT FileObject
,
4241 IN FS_INFORMATION_CLASS FsInformationClass
,
4243 OUT PVOID FsInformation
,
4244 OUT PULONG ReturnedLength
4257 IoRegisterFileSystem (
4258 IN OUT PDEVICE_OBJECT DeviceObject
4261 #if (VER_PRODUCTBUILD >= 1381)
4263 typedef VOID (NTAPI
*PDRIVER_FS_NOTIFICATION
) (
4264 IN PDEVICE_OBJECT DeviceObject
,
4265 IN BOOLEAN DriverActive
4271 IoRegisterFsRegistrationChange (
4272 IN PDRIVER_OBJECT DriverObject
,
4273 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
4276 #endif /* (VER_PRODUCTBUILD >= 1381) */
4281 IoReleaseVpbSpinLock (
4288 IoSetDeviceToVerify (
4290 IN PDEVICE_OBJECT DeviceObject
4297 IN PFILE_OBJECT FileObject
,
4298 IN FILE_INFORMATION_CLASS FileInformationClass
,
4300 IN PVOID FileInformation
4313 IoSynchronousPageWrite (
4314 IN PFILE_OBJECT FileObject
,
4316 IN PLARGE_INTEGER FileOffset
,
4318 OUT PIO_STATUS_BLOCK IoStatusBlock
4331 IoUnregisterFileSystem (
4332 IN OUT PDEVICE_OBJECT DeviceObject
4335 #if (VER_PRODUCTBUILD >= 1381)
4340 IoUnregisterFsRegistrationChange (
4341 IN PDRIVER_OBJECT DriverObject
,
4342 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
4345 #endif /* (VER_PRODUCTBUILD >= 1381) */
4351 IN PDEVICE_OBJECT DeviceObject
,
4352 IN BOOLEAN AllowRawMount
4355 #if !defined (_M_AMD64)
4360 KeAcquireQueuedSpinLock (
4361 IN KSPIN_LOCK_QUEUE_NUMBER Number
4367 KeReleaseQueuedSpinLock (
4368 IN KSPIN_LOCK_QUEUE_NUMBER Number
,
4375 KeAcquireSpinLockRaiseToSynch(
4376 IN OUT PKSPIN_LOCK SpinLock
4382 KeTryToAcquireQueuedSpinLock(
4383 KSPIN_LOCK_QUEUE_NUMBER Number
,
4391 KeAcquireQueuedSpinLock (
4392 IN KSPIN_LOCK_QUEUE_NUMBER Number
4398 KeReleaseQueuedSpinLock (
4399 IN KSPIN_LOCK_QUEUE_NUMBER Number
,
4405 KeAcquireSpinLockRaiseToSynch(
4406 IN OUT PKSPIN_LOCK SpinLock
4411 KeTryToAcquireQueuedSpinLock(
4412 KSPIN_LOCK_QUEUE_NUMBER Number
,
4421 IN PKPROCESS Process
4436 IN ULONG Count OPTIONAL
4444 IN PLIST_ENTRY Entry
4452 IN PLIST_ENTRY Entry
4467 IN KPROCESSOR_MODE WaitMode
,
4468 IN PLARGE_INTEGER Timeout OPTIONAL
4481 KeInitializeMutant (
4482 IN PRKMUTANT Mutant
,
4483 IN BOOLEAN InitialOwner
4497 IN PRKMUTANT Mutant
,
4498 IN KPRIORITY Increment
,
4499 IN BOOLEAN Abandoned
,
4503 #if (VER_PRODUCTBUILD >= 2195)
4508 KeStackAttachProcess (
4509 IN PKPROCESS Process
,
4510 OUT PKAPC_STATE ApcState
4516 KeUnstackDetachProcess (
4517 IN PKAPC_STATE ApcState
4520 #endif /* (VER_PRODUCTBUILD >= 2195) */
4525 KeSetKernelStackSwapEnable(
4532 MmCanFileBeTruncated (
4533 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
4534 IN PLARGE_INTEGER NewFileSize
4540 MmFlushImageSection (
4541 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
4542 IN MMFLUSH_TYPE FlushType
4548 MmForceSectionClosed (
4549 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
4550 IN BOOLEAN DelayClose
4553 #if (VER_PRODUCTBUILD >= 1381)
4558 MmIsRecursiveIoFault (
4564 #define MmIsRecursiveIoFault() ( \
4565 (PsGetCurrentThread()->DisablePageFaultClustering) | \
4566 (PsGetCurrentThread()->ForwardClusterOnly) \
4575 MmSetAddressRangeModified (
4584 IN KPROCESSOR_MODE ObjectAttributesAccessMode OPTIONAL
,
4585 IN POBJECT_TYPE ObjectType
,
4586 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
4587 IN KPROCESSOR_MODE AccessMode
,
4588 IN OUT PVOID ParseContext OPTIONAL
,
4589 IN ULONG ObjectSize
,
4590 IN ULONG PagedPoolCharge OPTIONAL
,
4591 IN ULONG NonPagedPoolCharge OPTIONAL
,
4598 ObGetObjectPointerCount (
4602 #if (NTDDI_VERSION >= NTDDI_WIN2K)
4609 IN PACCESS_STATE PassedAccessState OPTIONAL
,
4610 IN ACCESS_MASK DesiredAccess OPTIONAL
,
4611 IN ULONG ObjectPointerBias
,
4612 OUT PVOID
*NewObject OPTIONAL
,
4613 OUT PHANDLE Handle OPTIONAL
);
4618 ObOpenObjectByPointer (
4620 IN ULONG HandleAttributes
,
4621 IN PACCESS_STATE PassedAccessState OPTIONAL
,
4622 IN ACCESS_MASK DesiredAccess OPTIONAL
,
4623 IN POBJECT_TYPE ObjectType OPTIONAL
,
4624 IN KPROCESSOR_MODE AccessMode
,
4625 OUT PHANDLE Handle
);
4630 ObMakeTemporaryObject (
4636 ObQueryObjectAuditingByHandle (
4638 OUT PBOOLEAN GenerateOnClose
);
4647 OUT POBJECT_NAME_INFORMATION ObjectNameInfo
,
4649 OUT PULONG ReturnLength
4655 ObReferenceObjectByName (
4656 IN PUNICODE_STRING ObjectName
,
4657 IN ULONG Attributes
,
4658 IN PACCESS_STATE PassedAccessState OPTIONAL
,
4659 IN ACCESS_MASK DesiredAccess OPTIONAL
,
4660 IN POBJECT_TYPE ObjectType
,
4661 IN KPROCESSOR_MODE AccessMode
,
4662 IN OUT PVOID ParseContext OPTIONAL
,
4669 PsAssignImpersonationToken (
4678 IN PEPROCESS Process
,
4679 IN POOL_TYPE PoolType
,
4686 PsChargeProcessPoolQuota (
4687 IN PEPROCESS Process
,
4688 IN POOL_TYPE PoolType
,
4692 #define PsDereferenceImpersonationToken(T) \
4693 {if (ARGUMENT_PRESENT(T)) { \
4694 (ObDereferenceObject((T))); \
4700 #define PsDereferencePrimaryToken(T) (ObDereferenceObject((T)))
4705 PsDisableImpersonation(
4707 IN PSE_IMPERSONATION_STATE ImpersonationState
4713 PsGetProcessExitTime (
4720 PsImpersonateClient(
4722 IN PACCESS_TOKEN Token
,
4723 IN BOOLEAN CopyOnOpen
,
4724 IN BOOLEAN EffectiveOnly
,
4725 IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
4738 PsIsThreadTerminating (
4745 PsLookupProcessByProcessId (
4746 IN HANDLE ProcessId
,
4747 OUT PEPROCESS
*Process
4753 PsLookupProcessThreadByCid (
4755 OUT PEPROCESS
*Process OPTIONAL
,
4756 OUT PETHREAD
*Thread
4762 PsLookupThreadByThreadId (
4763 IN HANDLE UniqueThreadId
,
4764 OUT PETHREAD
*Thread
4770 PsReferenceImpersonationToken (
4772 OUT PBOOLEAN CopyOnUse
,
4773 OUT PBOOLEAN EffectiveOnly
,
4774 OUT PSECURITY_IMPERSONATION_LEVEL Level
4780 PsReferencePrimaryToken (
4781 IN PEPROCESS Process
4787 PsRestoreImpersonation(
4789 IN PSE_IMPERSONATION_STATE ImpersonationState
4796 IN PEPROCESS Process
,
4797 IN POOL_TYPE PoolType
,
4811 RtlAbsoluteToSelfRelativeSD (
4812 IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor
,
4813 IN OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor
,
4814 IN PULONG BufferLength
4821 IN HANDLE HeapHandle
,
4829 RtlAppendStringToString(
4830 PSTRING Destination
,
4831 const STRING
*Source
4837 RtlCaptureStackBackTrace (
4838 IN ULONG FramesToSkip
,
4839 IN ULONG FramesToCapture
,
4840 OUT PVOID
*BackTrace
,
4841 OUT PULONG BackTraceHash OPTIONAL
4847 RtlCompareMemoryUlong (
4857 IN USHORT CompressionFormatAndEngine
,
4858 IN PUCHAR UncompressedBuffer
,
4859 IN ULONG UncompressedBufferSize
,
4860 OUT PUCHAR CompressedBuffer
,
4861 IN ULONG CompressedBufferSize
,
4862 IN ULONG UncompressedChunkSize
,
4863 OUT PULONG FinalCompressedSize
,
4871 IN PUCHAR UncompressedBuffer
,
4872 IN ULONG UncompressedBufferSize
,
4873 OUT PUCHAR CompressedBuffer
,
4874 IN ULONG CompressedBufferSize
,
4875 IN OUT PCOMPRESSED_DATA_INFO CompressedDataInfo
,
4876 IN ULONG CompressedDataInfoLength
,
4883 RtlConvertSidToUnicodeString (
4884 OUT PUNICODE_STRING DestinationString
,
4886 IN BOOLEAN AllocateDestinationString
4894 IN PSID Destination
,
4901 RtlCreateUnicodeString(
4902 PUNICODE_STRING DestinationString
,
4909 RtlDecompressBuffer (
4910 IN USHORT CompressionFormat
,
4911 OUT PUCHAR UncompressedBuffer
,
4912 IN ULONG UncompressedBufferSize
,
4913 IN PUCHAR CompressedBuffer
,
4914 IN ULONG CompressedBufferSize
,
4915 OUT PULONG FinalUncompressedSize
4921 RtlDecompressChunks (
4922 OUT PUCHAR UncompressedBuffer
,
4923 IN ULONG UncompressedBufferSize
,
4924 IN PUCHAR CompressedBuffer
,
4925 IN ULONG CompressedBufferSize
,
4926 IN PUCHAR CompressedTail
,
4927 IN ULONG CompressedTailSize
,
4928 IN PCOMPRESSED_DATA_INFO CompressedDataInfo
4934 RtlDecompressFragment (
4935 IN USHORT CompressionFormat
,
4936 OUT PUCHAR UncompressedFragment
,
4937 IN ULONG UncompressedFragmentSize
,
4938 IN PUCHAR CompressedBuffer
,
4939 IN ULONG CompressedBufferSize
,
4940 IN ULONG FragmentOffset
,
4941 OUT PULONG FinalUncompressedSize
,
4949 IN USHORT CompressionFormat
,
4950 IN OUT PUCHAR
*CompressedBuffer
,
4951 IN PUCHAR EndOfCompressedBufferPlus1
,
4952 OUT PUCHAR
*ChunkBuffer
,
4953 OUT PULONG ChunkSize
4959 RtlDowncaseUnicodeString(
4960 IN OUT PUNICODE_STRING UniDest
,
4961 IN PCUNICODE_STRING UniSource
,
4962 IN BOOLEAN AllocateDestinationString
4968 RtlDuplicateUnicodeString(
4970 IN PCUNICODE_STRING SourceString
,
4971 OUT PUNICODE_STRING DestinationString
4985 RtlFillMemoryUlong (
4986 IN PVOID Destination
,
4995 IN HANDLE HeapHandle
,
5004 IN POEM_STRING OemString
5010 RtlGenerate8dot3Name (
5011 IN PUNICODE_STRING Name
,
5012 IN BOOLEAN AllowExtendedCharacters
,
5013 IN OUT PGENERATE_NAME_CONTEXT Context
,
5014 OUT PUNICODE_STRING Name8dot3
5020 RtlGetCompressionWorkSpaceSize (
5021 IN USHORT CompressionFormatAndEngine
,
5022 OUT PULONG CompressBufferWorkSpaceSize
,
5023 OUT PULONG CompressFragmentWorkSpaceSize
5029 RtlGetDaclSecurityDescriptor (
5030 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5031 OUT PBOOLEAN DaclPresent
,
5033 OUT PBOOLEAN DaclDefaulted
5039 RtlGetGroupSecurityDescriptor (
5040 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5042 OUT PBOOLEAN GroupDefaulted
5048 RtlGetOwnerSecurityDescriptor (
5049 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5051 OUT PBOOLEAN OwnerDefaulted
5059 IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority
,
5060 IN UCHAR SubAuthorityCount
5066 RtlIsNameLegalDOS8Dot3(
5067 IN PCUNICODE_STRING Name
,
5068 IN OUT POEM_STRING OemName OPTIONAL
,
5069 IN OUT PBOOLEAN NameContainsSpaces OPTIONAL
5075 RtlLengthRequiredSid (
5076 IN ULONG SubAuthorityCount
5089 RtlNtStatusToDosError (
5096 RtlxUnicodeStringToOemSize(
5097 PCUNICODE_STRING UnicodeString
5103 RtlxOemStringToUnicodeSize(
5104 PCOEM_STRING OemString
5107 #define RtlOemStringToUnicodeSize(STRING) ( \
5108 NLS_MB_OEM_CODE_PAGE_TAG ? \
5109 RtlxOemStringToUnicodeSize(STRING) : \
5110 ((STRING)->Length + sizeof(ANSI_NULL)) * sizeof(WCHAR) \
5113 #define RtlOemStringToCountedUnicodeSize(STRING) ( \
5114 (ULONG)(RtlOemStringToUnicodeSize(STRING) - sizeof(UNICODE_NULL)) \
5121 RtlOemStringToUnicodeString(
5122 IN OUT PUNICODE_STRING DestinationString
,
5123 IN PCOEM_STRING SourceString
,
5124 IN BOOLEAN AllocateDestinationString
5130 RtlUnicodeStringToOemString(
5131 IN OUT POEM_STRING DestinationString
,
5132 IN PCUNICODE_STRING SourceString
,
5133 IN BOOLEAN AllocateDestinationString
5139 RtlOemStringToCountedUnicodeString(
5140 IN OUT PUNICODE_STRING DestinationString
,
5141 IN PCOEM_STRING SourceString
,
5142 IN BOOLEAN AllocateDestinationString
5148 RtlUnicodeStringToCountedOemString(
5149 IN OUT POEM_STRING DestinationString
,
5150 IN PCUNICODE_STRING SourceString
,
5151 IN BOOLEAN AllocateDestinationString
5158 IN USHORT CompressionFormat
,
5159 IN OUT PUCHAR
*CompressedBuffer
,
5160 IN PUCHAR EndOfCompressedBufferPlus1
,
5161 OUT PUCHAR
*ChunkBuffer
,
5168 RtlSecondsSince1970ToTime (
5169 IN ULONG SecondsSince1970
,
5170 OUT PLARGE_INTEGER Time
5176 RtlSetGroupSecurityDescriptor (
5177 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
5179 IN BOOLEAN GroupDefaulted
5185 RtlSetOwnerSecurityDescriptor (
5186 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
5188 IN BOOLEAN OwnerDefaulted
5194 RtlSetSaclSecurityDescriptor (
5195 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
5196 IN BOOLEAN SaclPresent
,
5198 IN BOOLEAN SaclDefaulted
5204 RtlSubAuthorityCountSid (
5211 RtlSubAuthoritySid (
5213 IN ULONG SubAuthority
5219 RtlUnicodeStringToCountedOemString (
5220 IN OUT POEM_STRING DestinationString
,
5221 IN PCUNICODE_STRING SourceString
,
5222 IN BOOLEAN AllocateDestinationString
5228 RtlUnicodeToMultiByteN(
5229 OUT PCHAR MultiByteString
,
5230 IN ULONG MaxBytesInMultiByteString
,
5231 OUT PULONG BytesInMultiByteString OPTIONAL
,
5232 IN PWCH UnicodeString
,
5233 IN ULONG BytesInUnicodeString
5240 OUT PWSTR UnicodeString
,
5241 IN ULONG MaxBytesInUnicodeString
,
5242 OUT PULONG BytesInUnicodeString OPTIONAL
,
5244 IN ULONG BytesInOemString
5247 /* RTL Splay Tree Functions */
5251 RtlSplay(PRTL_SPLAY_LINKS Links
);
5256 RtlDelete(PRTL_SPLAY_LINKS Links
);
5262 PRTL_SPLAY_LINKS Links
,
5263 PRTL_SPLAY_LINKS
*Root
5269 RtlSubtreeSuccessor(PRTL_SPLAY_LINKS Links
);
5274 RtlSubtreePredecessor(PRTL_SPLAY_LINKS Links
);
5279 RtlRealSuccessor(PRTL_SPLAY_LINKS Links
);
5284 RtlRealPredecessor(PRTL_SPLAY_LINKS Links
);
5286 #define RtlIsLeftChild(Links) \
5287 (RtlLeftChild(RtlParent(Links)) == (PRTL_SPLAY_LINKS)(Links))
5289 #define RtlIsRightChild(Links) \
5290 (RtlRightChild(RtlParent(Links)) == (PRTL_SPLAY_LINKS)(Links))
5292 #define RtlRightChild(Links) \
5293 ((PRTL_SPLAY_LINKS)(Links))->RightChild
5295 #define RtlIsRoot(Links) \
5296 (RtlParent(Links) == (PRTL_SPLAY_LINKS)(Links))
5298 #define RtlLeftChild(Links) \
5299 ((PRTL_SPLAY_LINKS)(Links))->LeftChild
5301 #define RtlParent(Links) \
5302 ((PRTL_SPLAY_LINKS)(Links))->Parent
5304 #define RtlInitializeSplayLinks(Links) \
5306 PRTL_SPLAY_LINKS _SplayLinks; \
5307 _SplayLinks = (PRTL_SPLAY_LINKS)(Links); \
5308 _SplayLinks->Parent = _SplayLinks; \
5309 _SplayLinks->LeftChild = NULL; \
5310 _SplayLinks->RightChild = NULL; \
5313 #define RtlInsertAsLeftChild(ParentLinks,ChildLinks) \
5315 PRTL_SPLAY_LINKS _SplayParent; \
5316 PRTL_SPLAY_LINKS _SplayChild; \
5317 _SplayParent = (PRTL_SPLAY_LINKS)(ParentLinks); \
5318 _SplayChild = (PRTL_SPLAY_LINKS)(ChildLinks); \
5319 _SplayParent->LeftChild = _SplayChild; \
5320 _SplayChild->Parent = _SplayParent; \
5323 #define RtlInsertAsRightChild(ParentLinks,ChildLinks) \
5325 PRTL_SPLAY_LINKS _SplayParent; \
5326 PRTL_SPLAY_LINKS _SplayChild; \
5327 _SplayParent = (PRTL_SPLAY_LINKS)(ParentLinks); \
5328 _SplayChild = (PRTL_SPLAY_LINKS)(ChildLinks); \
5329 _SplayParent->RightChild = _SplayChild; \
5330 _SplayChild->Parent = _SplayParent; \
5341 // RTL time functions
5347 RtlTimeToSecondsSince1980 (
5348 PLARGE_INTEGER Time
,
5349 PULONG ElapsedSeconds
5355 RtlSecondsSince1980ToTime (
5356 ULONG ElapsedSeconds
,
5363 RtlTimeToSecondsSince1970 (
5364 PLARGE_INTEGER Time
,
5365 PULONG ElapsedSeconds
5371 RtlSecondsSince1970ToTime (
5372 ULONG ElapsedSeconds
,
5379 SeAppendPrivileges (
5380 PACCESS_STATE AccessState
,
5381 PPRIVILEGE_SET Privileges
5387 SeAuditingFileEvents (
5388 IN BOOLEAN AccessGranted
,
5389 IN PSECURITY_DESCRIPTOR SecurityDescriptor
5395 SeAuditingFileOrGlobalEvents (
5396 IN BOOLEAN AccessGranted
,
5397 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5398 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
5404 SeCaptureSubjectContext (
5405 OUT PSECURITY_SUBJECT_CONTEXT SubjectContext
5411 SeCreateClientSecurity (
5413 IN PSECURITY_QUALITY_OF_SERVICE QualityOfService
,
5414 IN BOOLEAN RemoteClient
,
5415 OUT PSECURITY_CLIENT_CONTEXT ClientContext
5418 #if (VER_PRODUCTBUILD >= 2195)
5423 SeCreateClientSecurityFromSubjectContext (
5424 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
,
5425 IN PSECURITY_QUALITY_OF_SERVICE QualityOfService
,
5426 IN BOOLEAN ServerIsRemote
,
5427 OUT PSECURITY_CLIENT_CONTEXT ClientContext
5430 #endif /* (VER_PRODUCTBUILD >= 2195) */
5433 #define SeLengthSid( Sid ) \
5434 (8 + (4 * ((SID *)Sid)->SubAuthorityCount))
5436 #define SeDeleteClientSecurity(C) { \
5437 if (SeTokenType((C)->ClientToken) == TokenPrimary) { \
5438 PsDereferencePrimaryToken( (C)->ClientToken ); \
5440 PsDereferenceImpersonationToken( (C)->ClientToken ); \
5447 SeDeleteObjectAuditAlarm (
5452 #define SeEnableAccessToExports() SeExports = *(PSE_EXPORTS *)SeExports;
5458 IN PPRIVILEGE_SET Privileges
5464 SeImpersonateClient (
5465 IN PSECURITY_CLIENT_CONTEXT ClientContext
,
5466 IN PETHREAD ServerThread OPTIONAL
5469 #if (VER_PRODUCTBUILD >= 2195)
5474 SeImpersonateClientEx (
5475 IN PSECURITY_CLIENT_CONTEXT ClientContext
,
5476 IN PETHREAD ServerThread OPTIONAL
5479 #endif /* (VER_PRODUCTBUILD >= 2195) */
5484 SeLockSubjectContext (
5485 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
5491 SeMarkLogonSessionForTerminationNotification (
5498 SeOpenObjectAuditAlarm (
5499 IN PUNICODE_STRING ObjectTypeName
,
5500 IN PVOID Object OPTIONAL
,
5501 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL
,
5502 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5503 IN PACCESS_STATE AccessState
,
5504 IN BOOLEAN ObjectCreated
,
5505 IN BOOLEAN AccessGranted
,
5506 IN KPROCESSOR_MODE AccessMode
,
5507 OUT PBOOLEAN GenerateOnClose
5513 SeOpenObjectForDeleteAuditAlarm (
5514 IN PUNICODE_STRING ObjectTypeName
,
5515 IN PVOID Object OPTIONAL
,
5516 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL
,
5517 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5518 IN PACCESS_STATE AccessState
,
5519 IN BOOLEAN ObjectCreated
,
5520 IN BOOLEAN AccessGranted
,
5521 IN KPROCESSOR_MODE AccessMode
,
5522 OUT PBOOLEAN GenerateOnClose
5529 IN OUT PPRIVILEGE_SET RequiredPrivileges
,
5530 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
,
5531 IN KPROCESSOR_MODE AccessMode
5537 SeQueryAuthenticationIdToken (
5538 IN PACCESS_TOKEN Token
,
5542 #if (VER_PRODUCTBUILD >= 2195)
5547 SeQueryInformationToken (
5548 IN PACCESS_TOKEN Token
,
5549 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
5550 OUT PVOID
*TokenInformation
5553 #endif /* (VER_PRODUCTBUILD >= 2195) */
5558 SeQuerySecurityDescriptorInfo (
5559 IN PSECURITY_INFORMATION SecurityInformation
,
5560 OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
5561 IN OUT PULONG Length
,
5562 IN PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
5565 #if (VER_PRODUCTBUILD >= 2195)
5570 SeQuerySessionIdToken (
5571 IN PACCESS_TOKEN Token
,
5575 #endif /* (VER_PRODUCTBUILD >= 2195) */
5577 #define SeQuerySubjectContextToken( SubjectContext ) \
5578 ( ARGUMENT_PRESENT( \
5579 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken \
5581 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken : \
5582 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->PrimaryToken )
5584 typedef NTSTATUS (NTAPI
*PSE_LOGON_SESSION_TERMINATED_ROUTINE
) (
5591 SeRegisterLogonSessionTerminatedRoutine (
5592 IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
5598 SeReleaseSubjectContext (
5599 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
5605 SeSetAccessStateGenericMapping (
5606 PACCESS_STATE AccessState
,
5607 PGENERIC_MAPPING GenericMapping
5613 SeSetSecurityDescriptorInfo (
5614 IN PVOID Object OPTIONAL
,
5615 IN PSECURITY_INFORMATION SecurityInformation
,
5616 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5617 IN OUT PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
,
5618 IN POOL_TYPE PoolType
,
5619 IN PGENERIC_MAPPING GenericMapping
5622 #if (VER_PRODUCTBUILD >= 2195)
5627 SeSetSecurityDescriptorInfoEx (
5628 IN PVOID Object OPTIONAL
,
5629 IN PSECURITY_INFORMATION SecurityInformation
,
5630 IN PSECURITY_DESCRIPTOR ModificationDescriptor
,
5631 IN OUT PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
,
5632 IN ULONG AutoInheritFlags
,
5633 IN POOL_TYPE PoolType
,
5634 IN PGENERIC_MAPPING GenericMapping
5641 IN PACCESS_TOKEN Token
5647 SeTokenIsRestricted (
5648 IN PACCESS_TOKEN Token
5654 SeLocateProcessImageName(
5655 IN PEPROCESS Process
,
5656 OUT PUNICODE_STRING
*pImageFileName
5659 #endif /* (VER_PRODUCTBUILD >= 2195) */
5665 IN PACCESS_TOKEN Token
5671 SeUnlockSubjectContext (
5672 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
5678 SeUnregisterLogonSessionTerminatedRoutine (
5679 IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
5682 #if (VER_PRODUCTBUILD >= 2195)
5687 ZwAdjustPrivilegesToken (
5688 IN HANDLE TokenHandle
,
5689 IN BOOLEAN DisableAllPrivileges
,
5690 IN PTOKEN_PRIVILEGES NewState
,
5691 IN ULONG BufferLength
,
5692 OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL
,
5693 OUT PULONG ReturnLength
5696 #endif /* (VER_PRODUCTBUILD >= 2195) */
5702 IN HANDLE ThreadHandle
5708 ZwAllocateVirtualMemory (
5709 IN HANDLE ProcessHandle
,
5710 IN OUT PVOID
*BaseAddress
,
5711 IN ULONG_PTR ZeroBits
,
5712 IN OUT PSIZE_T RegionSize
,
5713 IN ULONG AllocationType
,
5719 NtAccessCheckByTypeAndAuditAlarm(
5720 IN PUNICODE_STRING SubsystemName
,
5722 IN PUNICODE_STRING ObjectTypeName
,
5723 IN PUNICODE_STRING ObjectName
,
5724 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5725 IN PSID PrincipalSelfSid
,
5726 IN ACCESS_MASK DesiredAccess
,
5727 IN AUDIT_EVENT_TYPE AuditType
,
5729 IN POBJECT_TYPE_LIST ObjectTypeList
,
5730 IN ULONG ObjectTypeLength
,
5731 IN PGENERIC_MAPPING GenericMapping
,
5732 IN BOOLEAN ObjectCreation
,
5733 OUT PACCESS_MASK GrantedAccess
,
5734 OUT PNTSTATUS AccessStatus
,
5735 OUT PBOOLEAN GenerateOnClose
5740 NtAccessCheckByTypeResultListAndAuditAlarm(
5741 IN PUNICODE_STRING SubsystemName
,
5743 IN PUNICODE_STRING ObjectTypeName
,
5744 IN PUNICODE_STRING ObjectName
,
5745 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5746 IN PSID PrincipalSelfSid
,
5747 IN ACCESS_MASK DesiredAccess
,
5748 IN AUDIT_EVENT_TYPE AuditType
,
5750 IN POBJECT_TYPE_LIST ObjectTypeList
,
5751 IN ULONG ObjectTypeLength
,
5752 IN PGENERIC_MAPPING GenericMapping
,
5753 IN BOOLEAN ObjectCreation
,
5754 OUT PACCESS_MASK GrantedAccess
,
5755 OUT PNTSTATUS AccessStatus
,
5756 OUT PBOOLEAN GenerateOnClose
5761 NtAccessCheckByTypeResultListAndAuditAlarmByHandle(
5762 IN PUNICODE_STRING SubsystemName
,
5764 IN HANDLE ClientToken
,
5765 IN PUNICODE_STRING ObjectTypeName
,
5766 IN PUNICODE_STRING ObjectName
,
5767 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5768 IN PSID PrincipalSelfSid
,
5769 IN ACCESS_MASK DesiredAccess
,
5770 IN AUDIT_EVENT_TYPE AuditType
,
5772 IN POBJECT_TYPE_LIST ObjectTypeList
,
5773 IN ULONG ObjectTypeLength
,
5774 IN PGENERIC_MAPPING GenericMapping
,
5775 IN BOOLEAN ObjectCreation
,
5776 OUT PACCESS_MASK GrantedAccess
,
5777 OUT PNTSTATUS AccessStatus
,
5778 OUT PBOOLEAN GenerateOnClose
5784 ZwAccessCheckAndAuditAlarm (
5785 IN PUNICODE_STRING SubsystemName
,
5787 IN PUNICODE_STRING ObjectTypeName
,
5788 IN PUNICODE_STRING ObjectName
,
5789 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5790 IN ACCESS_MASK DesiredAccess
,
5791 IN PGENERIC_MAPPING GenericMapping
,
5792 IN BOOLEAN ObjectCreation
,
5793 OUT PACCESS_MASK GrantedAccess
,
5794 OUT PBOOLEAN AccessStatus
,
5795 OUT PBOOLEAN GenerateOnClose
5798 #if (VER_PRODUCTBUILD >= 2195)
5804 IN HANDLE FileHandle
,
5805 OUT PIO_STATUS_BLOCK IoStatusBlock
5808 #endif /* (VER_PRODUCTBUILD >= 2195) */
5814 IN HANDLE EventHandle
5820 ZwCloseObjectAuditAlarm (
5821 IN PUNICODE_STRING SubsystemName
,
5823 IN BOOLEAN GenerateOnClose
5830 OUT PHANDLE SectionHandle
,
5831 IN ACCESS_MASK DesiredAccess
,
5832 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
5833 IN PLARGE_INTEGER MaximumSize OPTIONAL
,
5834 IN ULONG SectionPageProtection
,
5835 IN ULONG AllocationAttributes
,
5836 IN HANDLE FileHandle OPTIONAL
5842 ZwCreateSymbolicLinkObject (
5843 OUT PHANDLE SymbolicLinkHandle
,
5844 IN ACCESS_MASK DesiredAccess
,
5845 IN POBJECT_ATTRIBUTES ObjectAttributes
,
5846 IN PUNICODE_STRING TargetName
5853 IN POBJECT_ATTRIBUTES ObjectAttributes
5861 IN PUNICODE_STRING Name
5865 #if (NTDDI_VERSION >= NTDDI_WIN2K)
5869 ZwDeviceIoControlFile (
5870 IN HANDLE FileHandle
,
5871 IN HANDLE Event OPTIONAL
,
5872 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
5873 IN PVOID ApcContext OPTIONAL
,
5874 OUT PIO_STATUS_BLOCK IoStatusBlock
,
5875 IN ULONG IoControlCode
,
5876 IN PVOID InputBuffer OPTIONAL
,
5877 IN ULONG InputBufferLength
,
5878 OUT PVOID OutputBuffer OPTIONAL
,
5879 IN ULONG OutputBufferLength
);
5886 IN PUNICODE_STRING String
5893 IN HANDLE SourceProcessHandle
,
5894 IN HANDLE SourceHandle
,
5895 IN HANDLE TargetProcessHandle OPTIONAL
,
5896 OUT PHANDLE TargetHandle OPTIONAL
,
5897 IN ACCESS_MASK DesiredAccess
,
5898 IN ULONG HandleAttributes
,
5906 IN HANDLE ExistingTokenHandle
,
5907 IN ACCESS_MASK DesiredAccess
,
5908 IN POBJECT_ATTRIBUTES ObjectAttributes
,
5909 IN BOOLEAN EffectiveOnly
,
5910 IN TOKEN_TYPE TokenType
,
5911 OUT PHANDLE NewTokenHandle
5917 IN HANDLE ExistingTokenHandle
,
5919 IN PTOKEN_GROUPS SidsToDisable OPTIONAL
,
5920 IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL
,
5921 IN PTOKEN_GROUPS RestrictedSids OPTIONAL
,
5922 OUT PHANDLE NewTokenHandle
5928 ZwFlushInstructionCache (
5929 IN HANDLE ProcessHandle
,
5930 IN PVOID BaseAddress OPTIONAL
,
5938 IN HANDLE FileHandle
,
5939 OUT PIO_STATUS_BLOCK IoStatusBlock
5942 #if (VER_PRODUCTBUILD >= 2195)
5947 ZwFlushVirtualMemory (
5948 IN HANDLE ProcessHandle
,
5949 IN OUT PVOID
*BaseAddress
,
5950 IN OUT PULONG FlushSize
,
5951 OUT PIO_STATUS_BLOCK IoStatusBlock
5954 #endif /* (VER_PRODUCTBUILD >= 2195) */
5959 ZwFreeVirtualMemory (
5960 IN HANDLE ProcessHandle
,
5961 IN OUT PVOID
*BaseAddress
,
5962 IN OUT PSIZE_T RegionSize
,
5970 IN HANDLE FileHandle
,
5971 IN HANDLE Event OPTIONAL
,
5972 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
5973 IN PVOID ApcContext OPTIONAL
,
5974 OUT PIO_STATUS_BLOCK IoStatusBlock
,
5975 IN ULONG FsControlCode
,
5976 IN PVOID InputBuffer OPTIONAL
,
5977 IN ULONG InputBufferLength
,
5978 OUT PVOID OutputBuffer OPTIONAL
,
5979 IN ULONG OutputBufferLength
5982 #if (VER_PRODUCTBUILD >= 2195)
5987 ZwInitiatePowerAction (
5988 IN POWER_ACTION SystemAction
,
5989 IN SYSTEM_POWER_STATE MinSystemState
,
5991 IN BOOLEAN Asynchronous
5994 #endif /* (VER_PRODUCTBUILD >= 2195) */
6000 /* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" */
6001 IN PUNICODE_STRING RegistryPath
6008 IN POBJECT_ATTRIBUTES KeyObjectAttributes
,
6009 IN POBJECT_ATTRIBUTES FileObjectAttributes
6016 IN HANDLE KeyHandle
,
6017 IN HANDLE EventHandle OPTIONAL
,
6018 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
6019 IN PVOID ApcContext OPTIONAL
,
6020 OUT PIO_STATUS_BLOCK IoStatusBlock
,
6021 IN ULONG NotifyFilter
,
6022 IN BOOLEAN WatchSubtree
,
6024 IN ULONG BufferLength
,
6025 IN BOOLEAN Asynchronous
6031 ZwOpenDirectoryObject (
6032 OUT PHANDLE DirectoryHandle
,
6033 IN ACCESS_MASK DesiredAccess
,
6034 IN POBJECT_ATTRIBUTES ObjectAttributes
6041 OUT PHANDLE EventHandle
,
6042 IN ACCESS_MASK DesiredAccess
,
6043 IN POBJECT_ATTRIBUTES ObjectAttributes
6050 OUT PHANDLE ProcessHandle
,
6051 IN ACCESS_MASK DesiredAccess
,
6052 IN POBJECT_ATTRIBUTES ObjectAttributes
,
6053 IN PCLIENT_ID ClientId OPTIONAL
6059 ZwOpenProcessToken (
6060 IN HANDLE ProcessHandle
,
6061 IN ACCESS_MASK DesiredAccess
,
6062 OUT PHANDLE TokenHandle
6069 OUT PHANDLE ThreadHandle
,
6070 IN ACCESS_MASK DesiredAccess
,
6071 IN POBJECT_ATTRIBUTES ObjectAttributes
,
6072 IN PCLIENT_ID ClientId
6079 IN HANDLE ThreadHandle
,
6080 IN ACCESS_MASK DesiredAccess
,
6081 IN BOOLEAN OpenAsSelf
,
6082 OUT PHANDLE TokenHandle
6085 #if (VER_PRODUCTBUILD >= 2195)
6090 ZwPowerInformation (
6091 IN POWER_INFORMATION_LEVEL PowerInformationLevel
,
6092 IN PVOID InputBuffer OPTIONAL
,
6093 IN ULONG InputBufferLength
,
6094 OUT PVOID OutputBuffer OPTIONAL
,
6095 IN ULONG OutputBufferLength
6098 #endif /* (VER_PRODUCTBUILD >= 2195) */
6104 IN HANDLE EventHandle
,
6105 OUT PLONG PreviousState OPTIONAL
6111 ZwQueryDefaultLocale (
6112 IN BOOLEAN ThreadOrSystem
,
6119 ZwQueryDirectoryFile (
6120 IN HANDLE FileHandle
,
6121 IN HANDLE Event OPTIONAL
,
6122 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
6123 IN PVOID ApcContext OPTIONAL
,
6124 OUT PIO_STATUS_BLOCK IoStatusBlock
,
6125 OUT PVOID FileInformation
,
6127 IN FILE_INFORMATION_CLASS FileInformationClass
,
6128 IN BOOLEAN ReturnSingleEntry
,
6129 IN PUNICODE_STRING FileName OPTIONAL
,
6130 IN BOOLEAN RestartScan
6133 #if (VER_PRODUCTBUILD >= 2195)
6138 ZwQueryDirectoryObject (
6139 IN HANDLE DirectoryHandle
,
6142 IN BOOLEAN ReturnSingleEntry
,
6143 IN BOOLEAN RestartScan
,
6144 IN OUT PULONG Context
,
6145 OUT PULONG ReturnLength OPTIONAL
6152 IN HANDLE FileHandle
,
6153 OUT PIO_STATUS_BLOCK IoStatusBlock
,
6156 IN BOOLEAN ReturnSingleEntry
,
6157 IN PVOID EaList OPTIONAL
,
6158 IN ULONG EaListLength
,
6159 IN PULONG EaIndex OPTIONAL
,
6160 IN BOOLEAN RestartScan
6163 #endif /* (VER_PRODUCTBUILD >= 2195) */
6168 ZwQueryInformationProcess (
6169 IN HANDLE ProcessHandle
,
6170 IN PROCESSINFOCLASS ProcessInformationClass
,
6171 OUT PVOID ProcessInformation
,
6172 IN ULONG ProcessInformationLength
,
6173 OUT PULONG ReturnLength OPTIONAL
6179 ZwQueryInformationToken (
6180 IN HANDLE TokenHandle
,
6181 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
6182 OUT PVOID TokenInformation
,
6184 OUT PULONG ResultLength
6190 ZwQuerySecurityObject (
6191 IN HANDLE FileHandle
,
6192 IN SECURITY_INFORMATION SecurityInformation
,
6193 OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
6195 OUT PULONG ResultLength
6201 ZwQueryVolumeInformationFile (
6202 IN HANDLE FileHandle
,
6203 OUT PIO_STATUS_BLOCK IoStatusBlock
,
6204 OUT PVOID FsInformation
,
6206 IN FS_INFORMATION_CLASS FsInformationClass
6213 IN POBJECT_ATTRIBUTES NewFileObjectAttributes
,
6214 IN HANDLE KeyHandle
,
6215 IN POBJECT_ATTRIBUTES OldFileObjectAttributes
6222 IN HANDLE EventHandle
,
6223 OUT PLONG PreviousState OPTIONAL
6226 #if (VER_PRODUCTBUILD >= 2195)
6232 IN HANDLE KeyHandle
,
6233 IN HANDLE FileHandle
,
6237 #endif /* (VER_PRODUCTBUILD >= 2195) */
6243 IN HANDLE KeyHandle
,
6244 IN HANDLE FileHandle
6250 ZwSetDefaultLocale (
6251 IN BOOLEAN ThreadOrSystem
,
6255 #if (VER_PRODUCTBUILD >= 2195)
6260 ZwSetDefaultUILanguage (
6261 IN LANGID LanguageId
6268 IN HANDLE FileHandle
,
6269 OUT PIO_STATUS_BLOCK IoStatusBlock
,
6274 #endif /* (VER_PRODUCTBUILD >= 2195) */
6280 IN HANDLE EventHandle
,
6281 OUT PLONG PreviousState OPTIONAL
6287 ZwSetInformationProcess (
6288 IN HANDLE ProcessHandle
,
6289 IN PROCESSINFOCLASS ProcessInformationClass
,
6290 IN PVOID ProcessInformation
,
6291 IN ULONG ProcessInformationLength
6294 #if (VER_PRODUCTBUILD >= 2195)
6299 ZwSetSecurityObject (
6301 IN SECURITY_INFORMATION SecurityInformation
,
6302 IN PSECURITY_DESCRIPTOR SecurityDescriptor
6305 #endif /* (VER_PRODUCTBUILD >= 2195) */
6311 IN PLARGE_INTEGER NewTime
,
6312 OUT PLARGE_INTEGER OldTime OPTIONAL
6315 #if (VER_PRODUCTBUILD >= 2195)
6320 ZwSetVolumeInformationFile (
6321 IN HANDLE FileHandle
,
6322 OUT PIO_STATUS_BLOCK IoStatusBlock
,
6323 IN PVOID FsInformation
,
6325 IN FS_INFORMATION_CLASS FsInformationClass
6328 #endif /* (VER_PRODUCTBUILD >= 2195) */
6333 ZwTerminateProcess (
6334 IN HANDLE ProcessHandle OPTIONAL
,
6335 IN NTSTATUS ExitStatus
6342 /* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" */
6343 IN PUNICODE_STRING RegistryPath
6350 IN POBJECT_ATTRIBUTES KeyObjectAttributes
6353 #if (NTDDI_VERSION >= NTDDI_WIN2K)
6357 ZwWaitForSingleObject (
6359 IN BOOLEAN Alertable
,
6360 IN PLARGE_INTEGER Timeout OPTIONAL
);
6366 ZwWaitForMultipleObjects (
6367 IN ULONG HandleCount
,
6369 IN WAIT_TYPE WaitType
,
6370 IN BOOLEAN Alertable
,
6371 IN PLARGE_INTEGER Timeout OPTIONAL