4 * Windows NT Filesystem Driver Developer Kit
6 * This file is part of the w32api package.
9 * Created by Bo Brantén <bosse@acc.umu.se>
11 * THIS SOFTWARE IS NOT COPYRIGHTED
13 * This source code is offered for use in the public domain. You may
14 * use, modify or distribute it freely.
16 * This code is distributed in the hope that it will be useful but
17 * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
18 * DISCLAIMED. This includes but is not limited to warranties of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
27 /* Helper macro to enable gcc's extension. */
28 #ifndef __GNU_EXTENSION
30 #define __GNU_EXTENSION __extension__
32 #define __GNU_EXTENSION
36 #define NTKERNELAPI DECLSPEC_IMPORT
40 #define _NTIFS_INCLUDED_
47 #ifndef VER_PRODUCTBUILD
48 #define VER_PRODUCTBUILD 10000
51 #define EX_PUSH_LOCK ULONG_PTR
52 #define PEX_PUSH_LOCK PULONG_PTR
56 #define FlagOn(_F,_SF) ((_F) & (_SF))
60 #define BooleanFlagOn(F,SF) ((BOOLEAN)(((F) & (SF)) != 0))
64 #define SetFlag(_F,_SF) ((_F) |= (_SF))
68 #define ClearFlag(_F,_SF) ((_F) &= ~(_SF))
74 extern PUCHAR FsRtlLegalAnsiCharacterArray
;
76 extern DECLSPEC_IMPORT PUCHAR FsRtlLegalAnsiCharacterArray
;
78 extern PACL SePublicDefaultDacl
;
79 extern PACL SeSystemDefaultDacl
;
81 extern KSPIN_LOCK IoStatisticsLock
;
82 extern ULONG IoReadOperationCount
;
83 extern ULONG IoWriteOperationCount
;
84 extern ULONG IoOtherOperationCount
;
85 extern LARGE_INTEGER IoReadTransferCount
;
86 extern LARGE_INTEGER IoWriteTransferCount
;
87 extern LARGE_INTEGER IoOtherTransferCount
;
89 typedef STRING LSA_STRING
, *PLSA_STRING
;
90 typedef ULONG LSA_OPERATIONAL_MODE
, *PLSA_OPERATIONAL_MODE
;
92 typedef enum _SECURITY_LOGON_TYPE
94 UndefinedLogonType
= 0,
103 #if (_WIN32_WINNT >= 0x0501)
107 #if (_WIN32_WINNT >= 0x0502)
108 CachedRemoteInteractive
,
111 } SECURITY_LOGON_TYPE
, *PSECURITY_LOGON_TYPE
;
113 #define ANSI_DOS_STAR ('<')
114 #define ANSI_DOS_QM ('>')
115 #define ANSI_DOS_DOT ('"')
117 #define DOS_STAR (L'<')
118 #define DOS_QM (L'>')
119 #define DOS_DOT (L'"')
121 /* also in winnt.h */
122 #define ACCESS_MIN_MS_ACE_TYPE (0x0)
123 #define ACCESS_ALLOWED_ACE_TYPE (0x0)
124 #define ACCESS_DENIED_ACE_TYPE (0x1)
125 #define SYSTEM_AUDIT_ACE_TYPE (0x2)
126 #define SYSTEM_ALARM_ACE_TYPE (0x3)
127 #define ACCESS_MAX_MS_V2_ACE_TYPE (0x3)
128 #define ACCESS_ALLOWED_COMPOUND_ACE_TYPE (0x4)
129 #define ACCESS_MAX_MS_V3_ACE_TYPE (0x4)
130 #define ACCESS_MIN_MS_OBJECT_ACE_TYPE (0x5)
131 #define ACCESS_ALLOWED_OBJECT_ACE_TYPE (0x5)
132 #define ACCESS_DENIED_OBJECT_ACE_TYPE (0x6)
133 #define SYSTEM_AUDIT_OBJECT_ACE_TYPE (0x7)
134 #define SYSTEM_ALARM_OBJECT_ACE_TYPE (0x8)
135 #define ACCESS_MAX_MS_OBJECT_ACE_TYPE (0x8)
136 #define ACCESS_MAX_MS_V4_ACE_TYPE (0x8)
137 #define ACCESS_MAX_MS_ACE_TYPE (0x8)
138 #define ACCESS_ALLOWED_CALLBACK_ACE_TYPE (0x9)
139 #define ACCESS_DENIED_CALLBACK_ACE_TYPE (0xA)
140 #define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE (0xB)
141 #define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE (0xC)
142 #define SYSTEM_AUDIT_CALLBACK_ACE_TYPE (0xD)
143 #define SYSTEM_ALARM_CALLBACK_ACE_TYPE (0xE)
144 #define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE (0xF)
145 #define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE (0x10)
146 #define ACCESS_MAX_MS_V5_ACE_TYPE (0x10)
148 #define COMPRESSION_FORMAT_NONE (0x0000)
149 #define COMPRESSION_FORMAT_DEFAULT (0x0001)
150 #define COMPRESSION_FORMAT_LZNT1 (0x0002)
151 #define COMPRESSION_ENGINE_STANDARD (0x0000)
152 #define COMPRESSION_ENGINE_MAXIMUM (0x0100)
153 #define COMPRESSION_ENGINE_HIBER (0x0200)
155 #define FILE_ACTION_ADDED 0x00000001
156 #define FILE_ACTION_REMOVED 0x00000002
157 #define FILE_ACTION_MODIFIED 0x00000003
158 #define FILE_ACTION_RENAMED_OLD_NAME 0x00000004
159 #define FILE_ACTION_RENAMED_NEW_NAME 0x00000005
160 #define FILE_ACTION_ADDED_STREAM 0x00000006
161 #define FILE_ACTION_REMOVED_STREAM 0x00000007
162 #define FILE_ACTION_MODIFIED_STREAM 0x00000008
163 #define FILE_ACTION_REMOVED_BY_DELETE 0x00000009
164 #define FILE_ACTION_ID_NOT_TUNNELLED 0x0000000A
165 #define FILE_ACTION_TUNNELLED_ID_COLLISION 0x0000000B
168 #define FILE_EA_TYPE_BINARY 0xfffe
169 #define FILE_EA_TYPE_ASCII 0xfffd
170 #define FILE_EA_TYPE_BITMAP 0xfffb
171 #define FILE_EA_TYPE_METAFILE 0xfffa
172 #define FILE_EA_TYPE_ICON 0xfff9
173 #define FILE_EA_TYPE_EA 0xffee
174 #define FILE_EA_TYPE_MVMT 0xffdf
175 #define FILE_EA_TYPE_MVST 0xffde
176 #define FILE_EA_TYPE_ASN1 0xffdd
177 #define FILE_EA_TYPE_FAMILY_IDS 0xff01
179 #define FILE_NEED_EA 0x00000080
181 /* also in winnt.h */
182 #define FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001
183 #define FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002
184 #define FILE_NOTIFY_CHANGE_NAME 0x00000003
185 #define FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004
186 #define FILE_NOTIFY_CHANGE_SIZE 0x00000008
187 #define FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010
188 #define FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020
189 #define FILE_NOTIFY_CHANGE_CREATION 0x00000040
190 #define FILE_NOTIFY_CHANGE_EA 0x00000080
191 #define FILE_NOTIFY_CHANGE_SECURITY 0x00000100
192 #define FILE_NOTIFY_CHANGE_STREAM_NAME 0x00000200
193 #define FILE_NOTIFY_CHANGE_STREAM_SIZE 0x00000400
194 #define FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800
195 #define FILE_NOTIFY_VALID_MASK 0x00000fff
198 #define FILE_OPLOCK_BROKEN_TO_LEVEL_2 0x00000007
199 #define FILE_OPLOCK_BROKEN_TO_NONE 0x00000008
201 #define FILE_OPBATCH_BREAK_UNDERWAY 0x00000009
203 #define FILE_CASE_SENSITIVE_SEARCH 0x00000001
204 #define FILE_CASE_PRESERVED_NAMES 0x00000002
205 #define FILE_UNICODE_ON_DISK 0x00000004
206 #define FILE_PERSISTENT_ACLS 0x00000008
207 #define FILE_FILE_COMPRESSION 0x00000010
208 #define FILE_VOLUME_QUOTAS 0x00000020
209 #define FILE_SUPPORTS_SPARSE_FILES 0x00000040
210 #define FILE_SUPPORTS_REPARSE_POINTS 0x00000080
211 #define FILE_SUPPORTS_REMOTE_STORAGE 0x00000100
212 #define FS_LFN_APIS 0x00004000
213 #define FILE_VOLUME_IS_COMPRESSED 0x00008000
214 #define FILE_SUPPORTS_OBJECT_IDS 0x00010000
215 #define FILE_SUPPORTS_ENCRYPTION 0x00020000
216 #define FILE_NAMED_STREAMS 0x00040000
217 #define FILE_READ_ONLY_VOLUME 0x00080000
218 #define FILE_SEQUENTIAL_WRITE_ONCE 0x00100000
219 #define FILE_SUPPORTS_TRANSACTIONS 0x00200000
221 #define FILE_PIPE_BYTE_STREAM_TYPE 0x00000000
222 #define FILE_PIPE_MESSAGE_TYPE 0x00000001
224 #define FILE_PIPE_BYTE_STREAM_MODE 0x00000000
225 #define FILE_PIPE_MESSAGE_MODE 0x00000001
227 #define FILE_PIPE_QUEUE_OPERATION 0x00000000
228 #define FILE_PIPE_COMPLETE_OPERATION 0x00000001
230 #define FILE_PIPE_INBOUND 0x00000000
231 #define FILE_PIPE_OUTBOUND 0x00000001
232 #define FILE_PIPE_FULL_DUPLEX 0x00000002
234 #define FILE_PIPE_DISCONNECTED_STATE 0x00000001
235 #define FILE_PIPE_LISTENING_STATE 0x00000002
236 #define FILE_PIPE_CONNECTED_STATE 0x00000003
237 #define FILE_PIPE_CLOSING_STATE 0x00000004
239 #define FILE_PIPE_CLIENT_END 0x00000000
240 #define FILE_PIPE_SERVER_END 0x00000001
242 #define FILE_PIPE_READ_DATA 0x00000000
243 #define FILE_PIPE_WRITE_SPACE 0x00000001
245 #define FILE_STORAGE_TYPE_SPECIFIED 0x00000041 /* FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE */
246 #define FILE_STORAGE_TYPE_DEFAULT (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT)
247 #define FILE_STORAGE_TYPE_DIRECTORY (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT)
248 #define FILE_STORAGE_TYPE_FILE (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT)
249 #define FILE_STORAGE_TYPE_DOCFILE (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT)
250 #define FILE_STORAGE_TYPE_JUNCTION_POINT (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT)
251 #define FILE_STORAGE_TYPE_CATALOG (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT)
252 #define FILE_STORAGE_TYPE_STRUCTURED_STORAGE (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT)
253 #define FILE_STORAGE_TYPE_EMBEDDING (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT)
254 #define FILE_STORAGE_TYPE_STREAM (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT)
255 #define FILE_MINIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_DEFAULT
256 #define FILE_MAXIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_STREAM
257 #define FILE_STORAGE_TYPE_MASK 0x000f0000
258 #define FILE_STORAGE_TYPE_SHIFT 16
260 #define FILE_VC_QUOTA_NONE 0x00000000
261 #define FILE_VC_QUOTA_TRACK 0x00000001
262 #define FILE_VC_QUOTA_ENFORCE 0x00000002
263 #define FILE_VC_QUOTA_MASK 0x00000003
265 #define FILE_VC_QUOTAS_LOG_VIOLATIONS 0x00000004
266 #define FILE_VC_CONTENT_INDEX_DISABLED 0x00000008
268 #define FILE_VC_LOG_QUOTA_THRESHOLD 0x00000010
269 #define FILE_VC_LOG_QUOTA_LIMIT 0x00000020
270 #define FILE_VC_LOG_VOLUME_THRESHOLD 0x00000040
271 #define FILE_VC_LOG_VOLUME_LIMIT 0x00000080
273 #define FILE_VC_QUOTAS_INCOMPLETE 0x00000100
274 #define FILE_VC_QUOTAS_REBUILDING 0x00000200
276 #define FILE_VC_VALID_MASK 0x000003ff
278 #define FSRTL_FLAG_FILE_MODIFIED (0x01)
279 #define FSRTL_FLAG_FILE_LENGTH_CHANGED (0x02)
280 #define FSRTL_FLAG_LIMIT_MODIFIED_PAGES (0x04)
281 #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_EX (0x08)
282 #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_SH (0x10)
283 #define FSRTL_FLAG_USER_MAPPED_FILE (0x20)
284 #define FSRTL_FLAG_ADVANCED_HEADER (0x40)
285 #define FSRTL_FLAG_EOF_ADVANCE_ACTIVE (0x80)
287 #define FSRTL_FLAG2_DO_MODIFIED_WRITE (0x01)
288 #define FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS (0x02)
289 #define FSRTL_FLAG2_PURGE_WHEN_MAPPED (0x04)
290 #define FSRTL_FLAG2_IS_PAGING_FILE (0x08)
292 #define FSRTL_FSP_TOP_LEVEL_IRP (0x01)
293 #define FSRTL_CACHE_TOP_LEVEL_IRP (0x02)
294 #define FSRTL_MOD_WRITE_TOP_LEVEL_IRP (0x03)
295 #define FSRTL_FAST_IO_TOP_LEVEL_IRP (0x04)
296 #define FSRTL_MAX_TOP_LEVEL_IRP_FLAG (0x04)
298 #define FSRTL_VOLUME_DISMOUNT 1
299 #define FSRTL_VOLUME_DISMOUNT_FAILED 2
300 #define FSRTL_VOLUME_LOCK 3
301 #define FSRTL_VOLUME_LOCK_FAILED 4
302 #define FSRTL_VOLUME_UNLOCK 5
303 #define FSRTL_VOLUME_MOUNT 6
305 #define FSRTL_WILD_CHARACTER 0x08
307 #define FSRTL_FAT_LEGAL 0x01
308 #define FSRTL_HPFS_LEGAL 0x02
309 #define FSRTL_NTFS_LEGAL 0x04
310 #define FSRTL_WILD_CHARACTER 0x08
311 #define FSRTL_OLE_LEGAL 0x10
312 #define FSRTL_NTFS_STREAM_LEGAL 0x14
315 #define HARDWARE_PTE HARDWARE_PTE_X86
316 #define PHARDWARE_PTE PHARDWARE_PTE_X86
319 #define IO_CHECK_CREATE_PARAMETERS 0x0200
320 #define IO_ATTACH_DEVICE 0x0400
322 #define IO_ATTACH_DEVICE_API 0x80000000
324 #define IO_FILE_OBJECT_NON_PAGED_POOL_CHARGE 64
325 #define IO_FILE_OBJECT_PAGED_POOL_CHARGE 1024
327 #define IO_TYPE_APC 18
328 #define IO_TYPE_DPC 19
329 #define IO_TYPE_DEVICE_QUEUE 20
330 #define IO_TYPE_EVENT_PAIR 21
331 #define IO_TYPE_INTERRUPT 22
332 #define IO_TYPE_PROFILE 23
334 #define IRP_BEING_VERIFIED 0x10
336 #define MAILSLOT_CLASS_FIRSTCLASS 1
337 #define MAILSLOT_CLASS_SECONDCLASS 2
339 #define MAILSLOT_SIZE_AUTO 0
341 #define MEM_DOS_LIM 0x40000000
343 #define MCB_FLAG_RAISE_ON_ALLOCATION_FAILURE 1
345 #define OB_TYPE_TYPE 1
346 #define OB_TYPE_DIRECTORY 2
347 #define OB_TYPE_SYMBOLIC_LINK 3
348 #define OB_TYPE_TOKEN 4
349 #define OB_TYPE_PROCESS 5
350 #define OB_TYPE_THREAD 6
351 #define OB_TYPE_EVENT 7
352 #define OB_TYPE_EVENT_PAIR 8
353 #define OB_TYPE_MUTANT 9
354 #define OB_TYPE_SEMAPHORE 10
355 #define OB_TYPE_TIMER 11
356 #define OB_TYPE_PROFILE 12
357 #define OB_TYPE_WINDOW_STATION 13
358 #define OB_TYPE_DESKTOP 14
359 #define OB_TYPE_SECTION 15
360 #define OB_TYPE_KEY 16
361 #define OB_TYPE_PORT 17
362 #define OB_TYPE_ADAPTER 18
363 #define OB_TYPE_CONTROLLER 19
364 #define OB_TYPE_DEVICE 20
365 #define OB_TYPE_DRIVER 21
366 #define OB_TYPE_IO_COMPLETION 22
367 #define OB_TYPE_FILE 23
370 #define PIN_EXCLUSIVE (2)
371 #define PIN_NO_READ (4)
372 #define PIN_IF_BCB (8)
374 #define RTL_DUPLICATE_UNICODE_STRING_NULL_TERMINATE 1
375 #define RTL_DUPLICATE_UNICODE_STRING_ALLOCATE_NULL_STRING 2
377 #define SEC_BASED 0x00200000
379 #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
380 #define SECURITY_WORLD_RID (0x00000000L)
382 #define SID_REVISION 1
383 #define SID_MAX_SUB_AUTHORITIES 15
384 #define SID_RECOMMENDED_SUB_AUTHORITIES 1
386 #define TOKEN_ASSIGN_PRIMARY (0x0001)
387 #define TOKEN_DUPLICATE (0x0002)
388 #define TOKEN_IMPERSONATE (0x0004)
389 #define TOKEN_QUERY (0x0008)
390 #define TOKEN_QUERY_SOURCE (0x0010)
391 #define TOKEN_ADJUST_PRIVILEGES (0x0020)
392 #define TOKEN_ADJUST_GROUPS (0x0040)
393 #define TOKEN_ADJUST_DEFAULT (0x0080)
394 #define TOKEN_ADJUST_SESSIONID (0x0100)
396 #define TOKEN_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED |\
397 TOKEN_ASSIGN_PRIMARY |\
401 TOKEN_QUERY_SOURCE |\
402 TOKEN_ADJUST_PRIVILEGES |\
403 TOKEN_ADJUST_GROUPS |\
404 TOKEN_ADJUST_DEFAULT |\
405 TOKEN_ADJUST_SESSIONID)
407 #define TOKEN_READ (STANDARD_RIGHTS_READ |\
410 #define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\
411 TOKEN_ADJUST_PRIVILEGES |\
412 TOKEN_ADJUST_GROUPS |\
413 TOKEN_ADJUST_DEFAULT)
415 #define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE)
417 #define TOKEN_SOURCE_LENGTH 8
420 #define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x01
421 #define TOKEN_HAS_BACKUP_PRIVILEGE 0x02
422 #define TOKEN_HAS_RESTORE_PRIVILEGE 0x04
423 #define TOKEN_HAS_ADMIN_GROUP 0x08
424 #define TOKEN_WRITE_RESTRICTED 0x08
425 #define TOKEN_IS_RESTRICTED 0x10
426 #define SE_BACKUP_PRIVILEGES_CHECKED 0x0100
428 #define VACB_MAPPING_GRANULARITY (0x40000)
429 #define VACB_OFFSET_SHIFT (18)
431 #define SE_OWNER_DEFAULTED 0x0001
432 #define SE_GROUP_DEFAULTED 0x0002
433 #define SE_DACL_PRESENT 0x0004
434 #define SE_DACL_DEFAULTED 0x0008
435 #define SE_SACL_PRESENT 0x0010
436 #define SE_SACL_DEFAULTED 0x0020
437 #define SE_DACL_UNTRUSTED 0x0040
438 #define SE_SERVER_SECURITY 0x0080
439 #define SE_DACL_AUTO_INHERIT_REQ 0x0100
440 #define SE_SACL_AUTO_INHERIT_REQ 0x0200
441 #define SE_DACL_AUTO_INHERITED 0x0400
442 #define SE_SACL_AUTO_INHERITED 0x0800
443 #define SE_DACL_PROTECTED 0x1000
444 #define SE_SACL_PROTECTED 0x2000
445 #define SE_RM_CONTROL_VALID 0x4000
446 #define SE_SELF_RELATIVE 0x8000
449 #define _AUDIT_EVENT_TYPE_HACK 0
451 #if (_AUDIT_EVENT_TYPE_HACK == 1)
454 typedef enum _AUDIT_EVENT_TYPE
456 AuditEventObjectAccess
,
457 AuditEventDirectoryServiceAccess
458 } AUDIT_EVENT_TYPE
, *PAUDIT_EVENT_TYPE
;
461 #define AUDIT_ALLOW_NO_PRIVILEGE 0x1
463 #define FSCTL_REQUEST_OPLOCK_LEVEL_1 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
464 #define FSCTL_REQUEST_OPLOCK_LEVEL_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
465 #define FSCTL_REQUEST_BATCH_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
466 #define FSCTL_OPLOCK_BREAK_ACKNOWLEDGE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 3, METHOD_BUFFERED, FILE_ANY_ACCESS)
467 #define FSCTL_OPBATCH_ACK_CLOSE_PENDING CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
468 #define FSCTL_OPLOCK_BREAK_NOTIFY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 5, METHOD_BUFFERED, FILE_ANY_ACCESS)
469 #define FSCTL_LOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
470 #define FSCTL_UNLOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
471 #define FSCTL_DISMOUNT_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
473 #define FSCTL_IS_VOLUME_MOUNTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 10, METHOD_BUFFERED, FILE_ANY_ACCESS)
474 #define FSCTL_IS_PATHNAME_VALID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 11, METHOD_BUFFERED, FILE_ANY_ACCESS)
475 #define FSCTL_MARK_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 12, METHOD_BUFFERED, FILE_ANY_ACCESS)
477 #define FSCTL_QUERY_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 14, METHOD_NEITHER, FILE_ANY_ACCESS)
478 #define FSCTL_GET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 15, METHOD_BUFFERED, FILE_ANY_ACCESS)
479 #define FSCTL_SET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 16, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
482 #define FSCTL_MARK_AS_SYSTEM_HIVE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 19, METHOD_NEITHER, FILE_ANY_ACCESS)
483 #define FSCTL_OPLOCK_BREAK_ACK_NO_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 20, METHOD_BUFFERED, FILE_ANY_ACCESS)
484 #define FSCTL_INVALIDATE_VOLUMES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 21, METHOD_BUFFERED, FILE_ANY_ACCESS)
485 #define FSCTL_QUERY_FAT_BPB CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 22, METHOD_BUFFERED, FILE_ANY_ACCESS)
486 #define FSCTL_REQUEST_FILTER_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 23, METHOD_BUFFERED, FILE_ANY_ACCESS)
487 #define FSCTL_FILESYSTEM_GET_STATISTICS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 24, METHOD_BUFFERED, FILE_ANY_ACCESS)
489 #if (VER_PRODUCTBUILD >= 1381)
491 #define FSCTL_GET_NTFS_VOLUME_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 25, METHOD_BUFFERED, FILE_ANY_ACCESS)
492 #define FSCTL_GET_NTFS_FILE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 26, METHOD_BUFFERED, FILE_ANY_ACCESS)
493 #define FSCTL_GET_VOLUME_BITMAP CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 27, METHOD_NEITHER, FILE_ANY_ACCESS)
494 #define FSCTL_GET_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 28, METHOD_NEITHER, FILE_ANY_ACCESS)
495 #define FSCTL_MOVE_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 29, METHOD_BUFFERED, FILE_ANY_ACCESS)
496 #define FSCTL_IS_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 30, METHOD_BUFFERED, FILE_ANY_ACCESS)
497 #define FSCTL_GET_HFS_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS)
498 #define FSCTL_ALLOW_EXTENDED_DASD_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 32, METHOD_NEITHER, FILE_ANY_ACCESS)
500 #endif /* (VER_PRODUCTBUILD >= 1381) */
502 #if (VER_PRODUCTBUILD >= 2195)
504 #define FSCTL_READ_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS)
505 #define FSCTL_WRITE_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS)
506 #define FSCTL_FIND_FILES_BY_SID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 35, METHOD_NEITHER, FILE_ANY_ACCESS)
508 #define FSCTL_DUMP_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS)
509 #define FSCTL_SET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 38, METHOD_BUFFERED, FILE_WRITE_DATA)
510 #define FSCTL_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 39, METHOD_BUFFERED, FILE_ANY_ACCESS)
511 #define FSCTL_DELETE_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 40, METHOD_BUFFERED, FILE_WRITE_DATA)
512 #define FSCTL_SET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 41, METHOD_BUFFERED, FILE_WRITE_DATA)
513 #define FSCTL_GET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 42, METHOD_BUFFERED, FILE_ANY_ACCESS)
514 #define FSCTL_DELETE_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 43, METHOD_BUFFERED, FILE_WRITE_DATA)
515 #define FSCTL_ENUM_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 44, METHOD_NEITHER, FILE_READ_DATA)
516 #define FSCTL_SECURITY_ID_CHECK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 45, METHOD_NEITHER, FILE_READ_DATA)
517 #define FSCTL_READ_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 46, METHOD_NEITHER, FILE_READ_DATA)
518 #define FSCTL_SET_OBJECT_ID_EXTENDED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 47, METHOD_BUFFERED, FILE_WRITE_DATA)
519 #define FSCTL_CREATE_OR_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 48, METHOD_BUFFERED, FILE_ANY_ACCESS)
520 #define FSCTL_SET_SPARSE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 49, METHOD_BUFFERED, FILE_WRITE_DATA)
521 #define FSCTL_SET_ZERO_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 50, METHOD_BUFFERED, FILE_WRITE_DATA)
522 #define FSCTL_QUERY_ALLOCATED_RANGES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 51, METHOD_NEITHER, FILE_READ_DATA)
523 #define FSCTL_ENABLE_UPGRADE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 52, METHOD_BUFFERED, FILE_WRITE_DATA)
524 #define FSCTL_SET_ENCRYPTION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 53, METHOD_BUFFERED, FILE_ANY_ACCESS)
525 #define FSCTL_ENCRYPTION_FSCTL_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 54, METHOD_NEITHER, FILE_ANY_ACCESS)
526 #define FSCTL_WRITE_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 55, METHOD_NEITHER, FILE_ANY_ACCESS)
527 #define FSCTL_READ_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 56, METHOD_NEITHER, FILE_ANY_ACCESS)
528 #define FSCTL_CREATE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 57, METHOD_NEITHER, FILE_READ_DATA)
529 #define FSCTL_READ_FILE_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 58, METHOD_NEITHER, FILE_READ_DATA)
530 #define FSCTL_WRITE_USN_CLOSE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 59, METHOD_NEITHER, FILE_READ_DATA)
531 #define FSCTL_EXTEND_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 60, METHOD_BUFFERED, FILE_ANY_ACCESS)
532 #define FSCTL_QUERY_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 61, METHOD_BUFFERED, FILE_ANY_ACCESS)
533 #define FSCTL_DELETE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 62, METHOD_BUFFERED, FILE_ANY_ACCESS)
534 #define FSCTL_MARK_HANDLE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 63, METHOD_BUFFERED, FILE_ANY_ACCESS)
535 #define FSCTL_SIS_COPYFILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 64, METHOD_BUFFERED, FILE_ANY_ACCESS)
536 #define FSCTL_SIS_LINK_FILES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 65, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
537 #define FSCTL_HSM_MSG CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
538 #define FSCTL_NSS_CONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 67, METHOD_BUFFERED, FILE_WRITE_DATA)
539 #define FSCTL_HSM_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
540 #define FSCTL_RECALL_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 69, METHOD_NEITHER, FILE_ANY_ACCESS)
541 #define FSCTL_NSS_RCONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 70, METHOD_BUFFERED, FILE_READ_DATA)
542 #define FSCTL_READ_FROM_PLEX CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 71, METHOD_OUT_DIRECT, FILE_READ_DATA)
543 #define FSCTL_FILE_PREFETCH CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 72, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
545 #endif /* (VER_PRODUCTBUILD >= 2195) */
547 #define FSCTL_MAILSLOT_PEEK CTL_CODE(FILE_DEVICE_MAILSLOT, 0, METHOD_NEITHER, FILE_READ_DATA)
549 #define FSCTL_NETWORK_SET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
550 #define FSCTL_NETWORK_GET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
551 #define FSCTL_NETWORK_GET_CONNECTION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS)
552 #define FSCTL_NETWORK_ENUMERATE_CONNECTIONS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS)
553 #define FSCTL_NETWORK_DELETE_CONNECTION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS)
554 #define FSCTL_NETWORK_GET_STATISTICS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 116, METHOD_BUFFERED, FILE_ANY_ACCESS)
555 #define FSCTL_NETWORK_SET_DOMAIN_NAME CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS)
556 #define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS)
558 #define FSCTL_PIPE_ASSIGN_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
559 #define FSCTL_PIPE_DISCONNECT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
560 #define FSCTL_PIPE_LISTEN CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
561 #define FSCTL_PIPE_PEEK CTL_CODE(FILE_DEVICE_NAMED_PIPE, 3, METHOD_BUFFERED, FILE_READ_DATA)
562 #define FSCTL_PIPE_QUERY_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
563 #define FSCTL_PIPE_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 5, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
564 #define FSCTL_PIPE_WAIT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
565 #define FSCTL_PIPE_IMPERSONATE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
566 #define FSCTL_PIPE_SET_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
567 #define FSCTL_PIPE_QUERY_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 9, METHOD_BUFFERED, FILE_ANY_ACCESS)
568 #define FSCTL_PIPE_INTERNAL_READ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2045, METHOD_BUFFERED, FILE_READ_DATA)
569 #define FSCTL_PIPE_INTERNAL_WRITE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2046, METHOD_BUFFERED, FILE_WRITE_DATA)
570 #define FSCTL_PIPE_INTERNAL_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2047, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
571 #define FSCTL_PIPE_INTERNAL_READ_OVFLOW CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2048, METHOD_BUFFERED, FILE_READ_DATA)
573 #define IOCTL_REDIR_QUERY_PATH CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS)
575 typedef PVOID OPLOCK
, *POPLOCK
;
580 struct _RTL_AVL_TABLE
;
581 struct _RTL_GENERIC_TABLE
;
589 typedef PVOID PNOTIFY_SYNC
;
591 typedef enum _FAST_IO_POSSIBLE
{
597 typedef enum _FILE_STORAGE_TYPE
{
598 StorageTypeDefault
= 1,
599 StorageTypeDirectory
,
601 StorageTypeJunctionPoint
,
603 StorageTypeStructuredStorage
,
604 StorageTypeEmbedding
,
608 typedef enum _OBJECT_INFORMATION_CLASS
610 ObjectBasicInformation
,
611 ObjectNameInformation
,
612 ObjectTypeInformation
,
613 ObjectTypesInformation
,
614 ObjectHandleFlagInformation
,
615 ObjectSessionInformation
,
617 } OBJECT_INFORMATION_CLASS
;
619 typedef struct _OBJECT_BASIC_INFORMATION
622 ACCESS_MASK GrantedAccess
;
625 ULONG PagedPoolCharge
;
626 ULONG NonPagedPoolCharge
;
630 ULONG SecurityDescriptorSize
;
631 LARGE_INTEGER CreationTime
;
632 } OBJECT_BASIC_INFORMATION
, *POBJECT_BASIC_INFORMATION
;
634 typedef struct _KAPC_STATE
{
635 LIST_ENTRY ApcListHead
[2];
637 BOOLEAN KernelApcInProgress
;
638 BOOLEAN KernelApcPending
;
639 BOOLEAN UserApcPending
;
640 } KAPC_STATE
, *PKAPC_STATE
, *RESTRICTED_POINTER PRKAPC_STATE
;
641 #define KAPC_STATE_ACTUAL_LENGTH (FIELD_OFFSET(KAPC_STATE, UserApcPending) + sizeof(BOOLEAN))
643 typedef struct _BITMAP_RANGE
{
646 ULONG FirstDirtyPage
;
650 } BITMAP_RANGE
, *PBITMAP_RANGE
;
652 typedef struct _CACHE_UNINITIALIZE_EVENT
{
653 struct _CACHE_UNINITIALIZE_EVENT
*Next
;
655 } CACHE_UNINITIALIZE_EVENT
, *PCACHE_UNINITIALIZE_EVENT
;
657 typedef struct _CC_FILE_SIZES
{
658 LARGE_INTEGER AllocationSize
;
659 LARGE_INTEGER FileSize
;
660 LARGE_INTEGER ValidDataLength
;
661 } CC_FILE_SIZES
, *PCC_FILE_SIZES
;
663 typedef struct _COMPRESSED_DATA_INFO
{
664 USHORT CompressionFormatAndEngine
;
665 UCHAR CompressionUnitShift
;
669 USHORT NumberOfChunks
;
670 ULONG CompressedChunkSizes
[ANYSIZE_ARRAY
];
671 } COMPRESSED_DATA_INFO
, *PCOMPRESSED_DATA_INFO
;
673 typedef struct _SID_IDENTIFIER_AUTHORITY
{
675 } SID_IDENTIFIER_AUTHORITY
,*PSID_IDENTIFIER_AUTHORITY
,*LPSID_IDENTIFIER_AUTHORITY
;
677 typedef struct _SID
{
679 UCHAR SubAuthorityCount
;
680 SID_IDENTIFIER_AUTHORITY IdentifierAuthority
;
681 ULONG SubAuthority
[ANYSIZE_ARRAY
];
683 typedef struct _SID_AND_ATTRIBUTES
{
686 } SID_AND_ATTRIBUTES
, *PSID_AND_ATTRIBUTES
;
687 typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY
[ANYSIZE_ARRAY
];
688 typedef SID_AND_ATTRIBUTES_ARRAY
*PSID_AND_ATTRIBUTES_ARRAY
;
693 // Universal well-known SIDs
695 #define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0}
696 #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
697 #define SECURITY_LOCAL_SID_AUTHORITY {0,0,0,0,0,2}
698 #define SECURITY_CREATOR_SID_AUTHORITY {0,0,0,0,0,3}
699 #define SECURITY_NON_UNIQUE_AUTHORITY {0,0,0,0,0,4}
700 #define SECURITY_RESOURCE_MANAGER_AUTHORITY {0,0,0,0,0,9}
702 #define SECURITY_NULL_RID (0x00000000L)
703 #define SECURITY_WORLD_RID (0x00000000L)
704 #define SECURITY_LOCAL_RID (0x00000000L)
706 #define SECURITY_CREATOR_OWNER_RID (0x00000000L)
707 #define SECURITY_CREATOR_GROUP_RID (0x00000001L)
709 #define SECURITY_CREATOR_OWNER_SERVER_RID (0x00000002L)
710 #define SECURITY_CREATOR_GROUP_SERVER_RID (0x00000003L)
712 #define SECURITY_CREATOR_OWNER_RIGHTS_RID (0x00000004L)
717 // NT well-known SIDs
719 #define SECURITY_NT_AUTHORITY {0,0,0,0,0,5}
721 #define SECURITY_DIALUP_RID (0x00000001L)
722 #define SECURITY_NETWORK_RID (0x00000002L)
723 #define SECURITY_BATCH_RID (0x00000003L)
724 #define SECURITY_INTERACTIVE_RID (0x00000004L)
725 #define SECURITY_LOGON_IDS_RID (0x00000005L)
726 #define SECURITY_LOGON_IDS_RID_COUNT (3L)
727 #define SECURITY_SERVICE_RID (0x00000006L)
728 #define SECURITY_ANONYMOUS_LOGON_RID (0x00000007L)
729 #define SECURITY_PROXY_RID (0x00000008L)
730 #define SECURITY_ENTERPRISE_CONTROLLERS_RID (0x00000009L)
731 #define SECURITY_SERVER_LOGON_RID SECURITY_ENTERPRISE_CONTROLLERS_RID
732 #define SECURITY_PRINCIPAL_SELF_RID (0x0000000AL)
733 #define SECURITY_AUTHENTICATED_USER_RID (0x0000000BL)
734 #define SECURITY_RESTRICTED_CODE_RID (0x0000000CL)
735 #define SECURITY_TERMINAL_SERVER_RID (0x0000000DL)
736 #define SECURITY_REMOTE_LOGON_RID (0x0000000EL)
737 #define SECURITY_THIS_ORGANIZATION_RID (0x0000000FL)
738 #define SECURITY_IUSER_RID (0x00000011L)
739 #define SECURITY_LOCAL_SYSTEM_RID (0x00000012L)
740 #define SECURITY_LOCAL_SERVICE_RID (0x00000013L)
741 #define SECURITY_NETWORK_SERVICE_RID (0x00000014L)
743 #define SECURITY_NT_NON_UNIQUE (0x00000015L)
744 #define SECURITY_NT_NON_UNIQUE_SUB_AUTH_COUNT (3L)
746 #define SECURITY_ENTERPRISE_READONLY_CONTROLLERS_RID (0x00000016L)
748 #define SECURITY_BUILTIN_DOMAIN_RID (0x00000020L)
749 #define SECURITY_WRITE_RESTRICTED_CODE_RID (0x00000021L)
752 #define SECURITY_PACKAGE_BASE_RID (0x00000040L)
753 #define SECURITY_PACKAGE_RID_COUNT (2L)
754 #define SECURITY_PACKAGE_NTLM_RID (0x0000000AL)
755 #define SECURITY_PACKAGE_SCHANNEL_RID (0x0000000EL)
756 #define SECURITY_PACKAGE_DIGEST_RID (0x00000015L)
758 #define SECURITY_MIN_BASE_RID (0x00000050L)
760 #define SECURITY_SERVICE_ID_BASE_RID (0x00000050L)
761 #define SECURITY_SERVICE_ID_RID_COUNT (6L)
763 #define SECURITY_RESERVED_ID_BASE_RID (0x00000051L)
765 #define SECURITY_APPPOOL_ID_BASE_RID (0x00000052L)
766 #define SECURITY_APPPOOL_ID_RID_COUNT (6L)
768 #define SECURITY_VIRTUALSERVER_ID_BASE_RID (0x00000053L)
769 #define SECURITY_VIRTUALSERVER_ID_RID_COUNT (6L)
771 #define SECURITY_MAX_BASE_RID (0x0000006FL)
773 #define SECURITY_MAX_ALWAYS_FILTERED (0x000003E7L)
774 #define SECURITY_MIN_NEVER_FILTERED (0x000003E8L)
776 #define SECURITY_OTHER_ORGANIZATION_RID (0x000003E8L)
781 // Well-known domain relative sub-authority values (RIDs)
783 #define DOMAIN_GROUP_RID_ENTERPRISE_READONLY_DOMAIN_CONTROLLERS (0x000001F2L)
785 #define FOREST_USER_RID_MAX (0x000001F3L)
790 #define DOMAIN_USER_RID_ADMIN (0x000001F4L)
791 #define DOMAIN_USER_RID_GUEST (0x000001F5L)
792 #define DOMAIN_USER_RID_KRBTGT (0x000001F6L)
794 #define DOMAIN_USER_RID_MAX (0x000003E7L)
799 #define DOMAIN_GROUP_RID_ADMINS (0x00000200L)
800 #define DOMAIN_GROUP_RID_USERS (0x00000201L)
801 #define DOMAIN_GROUP_RID_GUESTS (0x00000202L)
802 #define DOMAIN_GROUP_RID_COMPUTERS (0x00000203L)
803 #define DOMAIN_GROUP_RID_CONTROLLERS (0x00000204L)
804 #define DOMAIN_GROUP_RID_CERT_ADMINS (0x00000205L)
805 #define DOMAIN_GROUP_RID_SCHEMA_ADMINS (0x00000206L)
806 #define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS (0x00000207L)
807 #define DOMAIN_GROUP_RID_POLICY_ADMINS (0x00000208L)
808 #define DOMAIN_GROUP_RID_READONLY_CONTROLLERS (0x00000209L)
811 // Well-known aliases
813 #define DOMAIN_ALIAS_RID_ADMINS (0x00000220L)
814 #define DOMAIN_ALIAS_RID_USERS (0x00000221L)
815 #define DOMAIN_ALIAS_RID_GUESTS (0x00000222L)
816 #define DOMAIN_ALIAS_RID_POWER_USERS (0x00000223L)
818 #define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L)
819 #define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x00000225L)
820 #define DOMAIN_ALIAS_RID_PRINT_OPS (0x00000226L)
821 #define DOMAIN_ALIAS_RID_BACKUP_OPS (0x00000227L)
823 #define DOMAIN_ALIAS_RID_REPLICATOR (0x00000228L)
824 #define DOMAIN_ALIAS_RID_RAS_SERVERS (0x00000229L)
825 #define DOMAIN_ALIAS_RID_PREW2KCOMPACCESS (0x0000022AL)
826 #define DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS (0x0000022BL)
827 #define DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS (0x0000022CL)
828 #define DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS (0x0000022DL)
830 #define DOMAIN_ALIAS_RID_MONITORING_USERS (0x0000022EL)
831 #define DOMAIN_ALIAS_RID_LOGGING_USERS (0x0000022FL)
832 #define DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS (0x00000230L)
833 #define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS (0x00000231L)
834 #define DOMAIN_ALIAS_RID_DCOM_USERS (0x00000232L)
835 #define DOMAIN_ALIAS_RID_IUSERS (0x00000238L)
836 #define DOMAIN_ALIAS_RID_CRYPTO_OPERATORS (0x00000239L)
837 #define DOMAIN_ALIAS_RID_CACHEABLE_PRINCIPALS_GROUP (0x0000023BL)
838 #define DOMAIN_ALIAS_RID_NON_CACHEABLE_PRINCIPALS_GROUP (0x0000023CL)
839 #define DOMAIN_ALIAS_RID_EVENT_LOG_READERS_GROUP (0x0000023DL)
840 #define DOMAIN_ALIAS_RID_CERTSVC_DCOM_ACCESS_GROUP (0x0000023EL)
843 #define SECURITY_MANDATORY_LABEL_AUTHORITY {0,0,0,0,0,16}
844 #define SECURITY_MANDATORY_UNTRUSTED_RID (0x00000000L)
845 #define SECURITY_MANDATORY_LOW_RID (0x00001000L)
846 #define SECURITY_MANDATORY_MEDIUM_RID (0x00002000L)
847 #define SECURITY_MANDATORY_HIGH_RID (0x00003000L)
848 #define SECURITY_MANDATORY_SYSTEM_RID (0x00004000L)
849 #define SECURITY_MANDATORY_PROTECTED_PROCESS_RID (0x00005000L)
852 // SECURITY_MANDATORY_MAXIMUM_USER_RID is the highest RID that
853 // can be set by a usermode caller.
855 #define SECURITY_MANDATORY_MAXIMUM_USER_RID SECURITY_MANDATORY_SYSTEM_RID
857 #define MANDATORY_LEVEL_TO_MANDATORY_RID(IL) (IL * 0x1000)
860 // Allocate the System Luid. The first 1000 LUIDs are reserved.
861 // Use #999 here (0x3e7 = 999)
863 #define SYSTEM_LUID { 0x3e7, 0x0 }
864 #define ANONYMOUS_LOGON_LUID { 0x3e6, 0x0 }
865 #define LOCALSERVICE_LUID { 0x3e5, 0x0 }
866 #define NETWORKSERVICE_LUID { 0x3e4, 0x0 }
867 #define IUSER_LUID { 0x3e3, 0x0 }
871 typedef struct _TOKEN_SOURCE
{
872 CHAR SourceName
[TOKEN_SOURCE_LENGTH
];
873 LUID SourceIdentifier
;
874 } TOKEN_SOURCE
,*PTOKEN_SOURCE
;
875 typedef struct _TOKEN_CONTROL
{
877 LUID AuthenticationId
;
879 TOKEN_SOURCE TokenSource
;
880 } TOKEN_CONTROL
,*PTOKEN_CONTROL
;
881 typedef struct _TOKEN_DEFAULT_DACL
{
883 } TOKEN_DEFAULT_DACL
,*PTOKEN_DEFAULT_DACL
;
884 typedef struct _TOKEN_GROUPS
{
886 SID_AND_ATTRIBUTES Groups
[ANYSIZE_ARRAY
];
887 } TOKEN_GROUPS
,*PTOKEN_GROUPS
,*LPTOKEN_GROUPS
;
888 typedef struct _TOKEN_GROUPS_AND_PRIVILEGES
{
891 PSID_AND_ATTRIBUTES Sids
;
892 ULONG RestrictedSidCount
;
893 ULONG RestrictedSidLength
;
894 PSID_AND_ATTRIBUTES RestrictedSids
;
895 ULONG PrivilegeCount
;
896 ULONG PrivilegeLength
;
897 PLUID_AND_ATTRIBUTES Privileges
;
898 LUID AuthenticationId
;
899 } TOKEN_GROUPS_AND_PRIVILEGES
, *PTOKEN_GROUPS_AND_PRIVILEGES
;
900 typedef struct _TOKEN_ORIGIN
{
901 LUID OriginatingLogonSession
;
902 } TOKEN_ORIGIN
, *PTOKEN_ORIGIN
;
903 typedef struct _TOKEN_OWNER
{
905 } TOKEN_OWNER
,*PTOKEN_OWNER
;
906 typedef struct _TOKEN_PRIMARY_GROUP
{
908 } TOKEN_PRIMARY_GROUP
,*PTOKEN_PRIMARY_GROUP
;
909 typedef struct _TOKEN_PRIVILEGES
{
910 ULONG PrivilegeCount
;
911 LUID_AND_ATTRIBUTES Privileges
[ANYSIZE_ARRAY
];
912 } TOKEN_PRIVILEGES
,*PTOKEN_PRIVILEGES
,*LPTOKEN_PRIVILEGES
;
913 typedef enum tagTOKEN_TYPE
{
916 } TOKEN_TYPE
,*PTOKEN_TYPE
;
917 typedef struct _TOKEN_STATISTICS
{
919 LUID AuthenticationId
;
920 LARGE_INTEGER ExpirationTime
;
921 TOKEN_TYPE TokenType
;
922 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
;
923 ULONG DynamicCharged
;
924 ULONG DynamicAvailable
;
926 ULONG PrivilegeCount
;
928 } TOKEN_STATISTICS
, *PTOKEN_STATISTICS
;
929 typedef struct _TOKEN_USER
{
930 SID_AND_ATTRIBUTES User
;
931 } TOKEN_USER
, *PTOKEN_USER
;
932 typedef USHORT SECURITY_DESCRIPTOR_CONTROL
,*PSECURITY_DESCRIPTOR_CONTROL
;
933 typedef struct _SECURITY_DESCRIPTOR
{
936 SECURITY_DESCRIPTOR_CONTROL Control
;
941 } SECURITY_DESCRIPTOR
, *PISECURITY_DESCRIPTOR
;
943 #define SECURITY_DESCRIPTOR_MIN_LENGTH (sizeof(SECURITY_DESCRIPTOR))
945 typedef struct _OBJECT_TYPE_LIST
{
949 } OBJECT_TYPE_LIST
, *POBJECT_TYPE_LIST
;
951 typedef struct _SECURITY_DESCRIPTOR_RELATIVE
{
954 SECURITY_DESCRIPTOR_CONTROL Control
;
959 } SECURITY_DESCRIPTOR_RELATIVE
, *PISECURITY_DESCRIPTOR_RELATIVE
;
960 typedef enum _TOKEN_INFORMATION_CLASS
{
961 TokenUser
=1,TokenGroups
,TokenPrivileges
,TokenOwner
,
962 TokenPrimaryGroup
,TokenDefaultDacl
,TokenSource
,TokenType
,
963 TokenImpersonationLevel
,TokenStatistics
,TokenRestrictedSids
,
964 TokenSessionId
,TokenGroupsAndPrivileges
,TokenSessionReference
,
965 TokenSandBoxInert
,TokenAuditPolicy
,TokenOrigin
,
966 } TOKEN_INFORMATION_CLASS
;
968 #define SYMLINK_FLAG_RELATIVE 1
970 typedef struct _REPARSE_DATA_BUFFER
{
972 USHORT ReparseDataLength
;
974 __GNU_EXTENSION
union {
976 USHORT SubstituteNameOffset
;
977 USHORT SubstituteNameLength
;
978 USHORT PrintNameOffset
;
979 USHORT PrintNameLength
;
982 } SymbolicLinkReparseBuffer
;
984 USHORT SubstituteNameOffset
;
985 USHORT SubstituteNameLength
;
986 USHORT PrintNameOffset
;
987 USHORT PrintNameLength
;
989 } MountPointReparseBuffer
;
992 } GenericReparseBuffer
;
994 } REPARSE_DATA_BUFFER
, *PREPARSE_DATA_BUFFER
;
999 // MicroSoft reparse point tags
1001 #define IO_REPARSE_TAG_MOUNT_POINT (0xA0000003L)
1002 #define IO_REPARSE_TAG_HSM (0xC0000004L)
1003 #define IO_REPARSE_TAG_DRIVE_EXTENDER (0x80000005L)
1004 #define IO_REPARSE_TAG_HSM2 (0x80000006L)
1005 #define IO_REPARSE_TAG_SIS (0x80000007L)
1006 #define IO_REPARSE_TAG_DFS (0x8000000AL)
1007 #define IO_REPARSE_TAG_FILTER_MANAGER (0x8000000BL)
1008 #define IO_REPARSE_TAG_SYMLINK (0xA000000CL)
1009 #define IO_REPARSE_TAG_IIS_CACHE (0xA0000010L)
1010 #define IO_REPARSE_TAG_DFSR (0x80000012L)
1013 // Reserved reparse tags
1015 #define IO_REPARSE_TAG_RESERVED_ZERO (0)
1016 #define IO_REPARSE_TAG_RESERVED_ONE (1)
1017 #define IO_REPARSE_TAG_RESERVED_RANGE IO_REPARSE_TAG_RESERVED_ONE
1020 #define REPARSE_DATA_BUFFER_HEADER_SIZE FIELD_OFFSET(REPARSE_DATA_BUFFER, GenericReparseBuffer)
1022 typedef struct _FILE_ACCESS_INFORMATION
{
1023 ACCESS_MASK AccessFlags
;
1024 } FILE_ACCESS_INFORMATION
, *PFILE_ACCESS_INFORMATION
;
1026 typedef struct _FILE_ALLOCATION_INFORMATION
{
1027 LARGE_INTEGER AllocationSize
;
1028 } FILE_ALLOCATION_INFORMATION
, *PFILE_ALLOCATION_INFORMATION
;
1030 typedef struct _FILE_BOTH_DIR_INFORMATION
{
1031 ULONG NextEntryOffset
;
1033 LARGE_INTEGER CreationTime
;
1034 LARGE_INTEGER LastAccessTime
;
1035 LARGE_INTEGER LastWriteTime
;
1036 LARGE_INTEGER ChangeTime
;
1037 LARGE_INTEGER EndOfFile
;
1038 LARGE_INTEGER AllocationSize
;
1039 ULONG FileAttributes
;
1040 ULONG FileNameLength
;
1042 CCHAR ShortNameLength
;
1043 WCHAR ShortName
[12];
1045 } FILE_BOTH_DIR_INFORMATION
, *PFILE_BOTH_DIR_INFORMATION
;
1047 typedef struct _FILE_COMPLETION_INFORMATION
{
1050 } FILE_COMPLETION_INFORMATION
, *PFILE_COMPLETION_INFORMATION
;
1052 typedef struct _FILE_COMPRESSION_INFORMATION
{
1053 LARGE_INTEGER CompressedFileSize
;
1054 USHORT CompressionFormat
;
1055 UCHAR CompressionUnitShift
;
1059 } FILE_COMPRESSION_INFORMATION
, *PFILE_COMPRESSION_INFORMATION
;
1061 typedef struct _FILE_COPY_ON_WRITE_INFORMATION
{
1062 BOOLEAN ReplaceIfExists
;
1063 HANDLE RootDirectory
;
1064 ULONG FileNameLength
;
1066 } FILE_COPY_ON_WRITE_INFORMATION
, *PFILE_COPY_ON_WRITE_INFORMATION
;
1068 typedef struct _FILE_DIRECTORY_INFORMATION
{
1069 ULONG NextEntryOffset
;
1071 LARGE_INTEGER CreationTime
;
1072 LARGE_INTEGER LastAccessTime
;
1073 LARGE_INTEGER LastWriteTime
;
1074 LARGE_INTEGER ChangeTime
;
1075 LARGE_INTEGER EndOfFile
;
1076 LARGE_INTEGER AllocationSize
;
1077 ULONG FileAttributes
;
1078 ULONG FileNameLength
;
1080 } FILE_DIRECTORY_INFORMATION
, *PFILE_DIRECTORY_INFORMATION
;
1082 typedef struct _FILE_FULL_DIRECTORY_INFORMATION
{
1083 ULONG NextEntryOffset
;
1085 LARGE_INTEGER CreationTime
;
1086 LARGE_INTEGER LastAccessTime
;
1087 LARGE_INTEGER LastWriteTime
;
1088 LARGE_INTEGER ChangeTime
;
1089 LARGE_INTEGER EndOfFile
;
1090 LARGE_INTEGER AllocationSize
;
1091 ULONG FileAttributes
;
1092 ULONG FileNameLength
;
1094 WCHAR FileName
[ANYSIZE_ARRAY
];
1095 } FILE_FULL_DIRECTORY_INFORMATION
, *PFILE_FULL_DIRECTORY_INFORMATION
;
1097 typedef struct _FILE_ID_FULL_DIR_INFORMATION
{
1098 ULONG NextEntryOffset
;
1100 LARGE_INTEGER CreationTime
;
1101 LARGE_INTEGER LastAccessTime
;
1102 LARGE_INTEGER LastWriteTime
;
1103 LARGE_INTEGER ChangeTime
;
1104 LARGE_INTEGER EndOfFile
;
1105 LARGE_INTEGER AllocationSize
;
1106 ULONG FileAttributes
;
1107 ULONG FileNameLength
;
1109 LARGE_INTEGER FileId
;
1111 } FILE_ID_FULL_DIR_INFORMATION
, *PFILE_ID_FULL_DIR_INFORMATION
;
1113 typedef struct _FILE_ID_BOTH_DIR_INFORMATION
{
1114 ULONG NextEntryOffset
;
1116 LARGE_INTEGER CreationTime
;
1117 LARGE_INTEGER LastAccessTime
;
1118 LARGE_INTEGER LastWriteTime
;
1119 LARGE_INTEGER ChangeTime
;
1120 LARGE_INTEGER EndOfFile
;
1121 LARGE_INTEGER AllocationSize
;
1122 ULONG FileAttributes
;
1123 ULONG FileNameLength
;
1125 CCHAR ShortNameLength
;
1126 WCHAR ShortName
[12];
1127 LARGE_INTEGER FileId
;
1129 } FILE_ID_BOTH_DIR_INFORMATION
, *PFILE_ID_BOTH_DIR_INFORMATION
;
1131 typedef struct _FILE_EA_INFORMATION
{
1133 } FILE_EA_INFORMATION
, *PFILE_EA_INFORMATION
;
1135 typedef struct _FILE_FS_ATTRIBUTE_INFORMATION
{
1136 ULONG FileSystemAttributes
;
1137 ULONG MaximumComponentNameLength
;
1138 ULONG FileSystemNameLength
;
1139 WCHAR FileSystemName
[1];
1140 } FILE_FS_ATTRIBUTE_INFORMATION
, *PFILE_FS_ATTRIBUTE_INFORMATION
;
1142 typedef struct _FILE_FS_CONTROL_INFORMATION
{
1143 LARGE_INTEGER FreeSpaceStartFiltering
;
1144 LARGE_INTEGER FreeSpaceThreshold
;
1145 LARGE_INTEGER FreeSpaceStopFiltering
;
1146 LARGE_INTEGER DefaultQuotaThreshold
;
1147 LARGE_INTEGER DefaultQuotaLimit
;
1148 ULONG FileSystemControlFlags
;
1149 } FILE_FS_CONTROL_INFORMATION
, *PFILE_FS_CONTROL_INFORMATION
;
1151 typedef struct _FILE_FS_FULL_SIZE_INFORMATION
{
1152 LARGE_INTEGER TotalAllocationUnits
;
1153 LARGE_INTEGER CallerAvailableAllocationUnits
;
1154 LARGE_INTEGER ActualAvailableAllocationUnits
;
1155 ULONG SectorsPerAllocationUnit
;
1156 ULONG BytesPerSector
;
1157 } FILE_FS_FULL_SIZE_INFORMATION
, *PFILE_FS_FULL_SIZE_INFORMATION
;
1159 typedef struct _FILE_FS_LABEL_INFORMATION
{
1160 ULONG VolumeLabelLength
;
1161 WCHAR VolumeLabel
[1];
1162 } FILE_FS_LABEL_INFORMATION
, *PFILE_FS_LABEL_INFORMATION
;
1164 #if (VER_PRODUCTBUILD >= 2195)
1166 typedef struct _FILE_FS_OBJECT_ID_INFORMATION
{
1168 UCHAR ExtendedInfo
[48];
1169 } FILE_FS_OBJECT_ID_INFORMATION
, *PFILE_FS_OBJECT_ID_INFORMATION
;
1171 #endif /* (VER_PRODUCTBUILD >= 2195) */
1173 typedef struct _FILE_FS_SIZE_INFORMATION
{
1174 LARGE_INTEGER TotalAllocationUnits
;
1175 LARGE_INTEGER AvailableAllocationUnits
;
1176 ULONG SectorsPerAllocationUnit
;
1177 ULONG BytesPerSector
;
1178 } FILE_FS_SIZE_INFORMATION
, *PFILE_FS_SIZE_INFORMATION
;
1180 typedef struct _FILE_FS_VOLUME_INFORMATION
{
1181 LARGE_INTEGER VolumeCreationTime
;
1182 ULONG VolumeSerialNumber
;
1183 ULONG VolumeLabelLength
;
1184 BOOLEAN SupportsObjects
;
1185 WCHAR VolumeLabel
[1];
1186 } FILE_FS_VOLUME_INFORMATION
, *PFILE_FS_VOLUME_INFORMATION
;
1188 typedef struct _FILE_FS_OBJECTID_INFORMATION
1191 UCHAR ExtendedInfo
[48];
1192 } FILE_FS_OBJECTID_INFORMATION
, *PFILE_FS_OBJECTID_INFORMATION
;
1194 typedef struct _FILE_FS_DRIVER_PATH_INFORMATION
1196 BOOLEAN DriverInPath
;
1197 ULONG DriverNameLength
;
1198 WCHAR DriverName
[1];
1199 } FILE_FS_DRIVER_PATH_INFORMATION
, *PFILE_FS_DRIVER_PATH_INFORMATION
;
1201 typedef struct _FILE_FULL_DIR_INFORMATION
{
1202 ULONG NextEntryOffset
;
1204 LARGE_INTEGER CreationTime
;
1205 LARGE_INTEGER LastAccessTime
;
1206 LARGE_INTEGER LastWriteTime
;
1207 LARGE_INTEGER ChangeTime
;
1208 LARGE_INTEGER EndOfFile
;
1209 LARGE_INTEGER AllocationSize
;
1210 ULONG FileAttributes
;
1211 ULONG FileNameLength
;
1214 } FILE_FULL_DIR_INFORMATION
, *PFILE_FULL_DIR_INFORMATION
;
1216 typedef struct _FILE_GET_EA_INFORMATION
{
1217 ULONG NextEntryOffset
;
1220 } FILE_GET_EA_INFORMATION
, *PFILE_GET_EA_INFORMATION
;
1222 typedef struct _FILE_GET_QUOTA_INFORMATION
{
1223 ULONG NextEntryOffset
;
1226 } FILE_GET_QUOTA_INFORMATION
, *PFILE_GET_QUOTA_INFORMATION
;
1228 typedef struct _FILE_QUOTA_INFORMATION
1230 ULONG NextEntryOffset
;
1232 LARGE_INTEGER ChangeTime
;
1233 LARGE_INTEGER QuotaUsed
;
1234 LARGE_INTEGER QuotaThreshold
;
1235 LARGE_INTEGER QuotaLimit
;
1237 } FILE_QUOTA_INFORMATION
, *PFILE_QUOTA_INFORMATION
;
1239 typedef struct _FILE_INTERNAL_INFORMATION
{
1240 LARGE_INTEGER IndexNumber
;
1241 } FILE_INTERNAL_INFORMATION
, *PFILE_INTERNAL_INFORMATION
;
1243 typedef struct _FILE_LINK_INFORMATION
{
1244 BOOLEAN ReplaceIfExists
;
1245 HANDLE RootDirectory
;
1246 ULONG FileNameLength
;
1248 } FILE_LINK_INFORMATION
, *PFILE_LINK_INFORMATION
;
1250 typedef struct _FILE_LOCK_INFO
1252 LARGE_INTEGER StartingByte
;
1253 LARGE_INTEGER Length
;
1254 BOOLEAN ExclusiveLock
;
1256 PFILE_OBJECT FileObject
;
1258 LARGE_INTEGER EndingByte
;
1259 } FILE_LOCK_INFO
, *PFILE_LOCK_INFO
;
1261 typedef struct _FILE_REPARSE_POINT_INFORMATION
1263 LONGLONG FileReference
;
1265 } FILE_REPARSE_POINT_INFORMATION
, *PFILE_REPARSE_POINT_INFORMATION
;
1267 typedef struct _FILE_MOVE_CLUSTER_INFORMATION
1270 HANDLE RootDirectory
;
1271 ULONG FileNameLength
;
1273 } FILE_MOVE_CLUSTER_INFORMATION
, *PFILE_MOVE_CLUSTER_INFORMATION
;
1275 typedef struct _FILE_NOTIFY_INFORMATION
1277 ULONG NextEntryOffset
;
1279 ULONG FileNameLength
;
1281 } FILE_NOTIFY_INFORMATION
, *PFILE_NOTIFY_INFORMATION
;
1283 /* raw internal file lock struct returned from FsRtlGetNextFileLock */
1284 typedef struct _FILE_SHARED_LOCK_ENTRY
{
1287 FILE_LOCK_INFO FileLock
;
1288 } FILE_SHARED_LOCK_ENTRY
, *PFILE_SHARED_LOCK_ENTRY
;
1290 /* raw internal file lock struct returned from FsRtlGetNextFileLock */
1291 typedef struct _FILE_EXCLUSIVE_LOCK_ENTRY
{
1292 LIST_ENTRY ListEntry
;
1295 FILE_LOCK_INFO FileLock
;
1296 } FILE_EXCLUSIVE_LOCK_ENTRY
, *PFILE_EXCLUSIVE_LOCK_ENTRY
;
1298 typedef NTSTATUS (NTAPI
*PCOMPLETE_LOCK_IRP_ROUTINE
) (
1303 typedef VOID (NTAPI
*PUNLOCK_ROUTINE
) (
1305 IN PFILE_LOCK_INFO FileLockInfo
1308 typedef struct _FILE_LOCK
{
1309 PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine
;
1310 PUNLOCK_ROUTINE UnlockRoutine
;
1311 BOOLEAN FastIoIsQuestionable
;
1313 PVOID LockInformation
;
1314 FILE_LOCK_INFO LastReturnedLockInfo
;
1315 PVOID LastReturnedLock
;
1316 } FILE_LOCK
, *PFILE_LOCK
;
1318 typedef struct _FILE_MAILSLOT_PEEK_BUFFER
{
1319 ULONG ReadDataAvailable
;
1320 ULONG NumberOfMessages
;
1321 ULONG MessageLength
;
1322 } FILE_MAILSLOT_PEEK_BUFFER
, *PFILE_MAILSLOT_PEEK_BUFFER
;
1324 typedef struct _FILE_MAILSLOT_QUERY_INFORMATION
{
1325 ULONG MaximumMessageSize
;
1326 ULONG MailslotQuota
;
1327 ULONG NextMessageSize
;
1328 ULONG MessagesAvailable
;
1329 LARGE_INTEGER ReadTimeout
;
1330 } FILE_MAILSLOT_QUERY_INFORMATION
, *PFILE_MAILSLOT_QUERY_INFORMATION
;
1332 typedef struct _FILE_MAILSLOT_SET_INFORMATION
{
1333 PLARGE_INTEGER ReadTimeout
;
1334 } FILE_MAILSLOT_SET_INFORMATION
, *PFILE_MAILSLOT_SET_INFORMATION
;
1336 typedef struct _FILE_MODE_INFORMATION
{
1338 } FILE_MODE_INFORMATION
, *PFILE_MODE_INFORMATION
;
1340 typedef struct _FILE_ALL_INFORMATION
{
1341 FILE_BASIC_INFORMATION BasicInformation
;
1342 FILE_STANDARD_INFORMATION StandardInformation
;
1343 FILE_INTERNAL_INFORMATION InternalInformation
;
1344 FILE_EA_INFORMATION EaInformation
;
1345 FILE_ACCESS_INFORMATION AccessInformation
;
1346 FILE_POSITION_INFORMATION PositionInformation
;
1347 FILE_MODE_INFORMATION ModeInformation
;
1348 FILE_ALIGNMENT_INFORMATION AlignmentInformation
;
1349 FILE_NAME_INFORMATION NameInformation
;
1350 } FILE_ALL_INFORMATION
, *PFILE_ALL_INFORMATION
;
1352 typedef struct _FILE_NAMES_INFORMATION
{
1353 ULONG NextEntryOffset
;
1355 ULONG FileNameLength
;
1357 } FILE_NAMES_INFORMATION
, *PFILE_NAMES_INFORMATION
;
1359 typedef struct _FILE_OBJECTID_INFORMATION
{
1360 LONGLONG FileReference
;
1362 _ANONYMOUS_UNION
union {
1363 __GNU_EXTENSION
struct {
1364 UCHAR BirthVolumeId
[16];
1365 UCHAR BirthObjectId
[16];
1368 UCHAR ExtendedInfo
[48];
1370 } FILE_OBJECTID_INFORMATION
, *PFILE_OBJECTID_INFORMATION
;
1372 typedef struct _FILE_OLE_CLASSID_INFORMATION
{
1374 } FILE_OLE_CLASSID_INFORMATION
, *PFILE_OLE_CLASSID_INFORMATION
;
1376 typedef struct _FILE_OLE_ALL_INFORMATION
{
1377 FILE_BASIC_INFORMATION BasicInformation
;
1378 FILE_STANDARD_INFORMATION StandardInformation
;
1379 FILE_INTERNAL_INFORMATION InternalInformation
;
1380 FILE_EA_INFORMATION EaInformation
;
1381 FILE_ACCESS_INFORMATION AccessInformation
;
1382 FILE_POSITION_INFORMATION PositionInformation
;
1383 FILE_MODE_INFORMATION ModeInformation
;
1384 FILE_ALIGNMENT_INFORMATION AlignmentInformation
;
1387 LARGE_INTEGER SecurityChangeTime
;
1388 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation
;
1389 FILE_OBJECTID_INFORMATION ObjectIdInformation
;
1390 FILE_STORAGE_TYPE StorageType
;
1393 ULONG NumberOfStreamReferences
;
1396 BOOLEAN ContentIndexDisable
;
1397 BOOLEAN InheritContentIndexDisable
;
1398 FILE_NAME_INFORMATION NameInformation
;
1399 } FILE_OLE_ALL_INFORMATION
, *PFILE_OLE_ALL_INFORMATION
;
1401 typedef struct _FILE_OLE_DIR_INFORMATION
{
1402 ULONG NextEntryOffset
;
1404 LARGE_INTEGER CreationTime
;
1405 LARGE_INTEGER LastAccessTime
;
1406 LARGE_INTEGER LastWriteTime
;
1407 LARGE_INTEGER ChangeTime
;
1408 LARGE_INTEGER EndOfFile
;
1409 LARGE_INTEGER AllocationSize
;
1410 ULONG FileAttributes
;
1411 ULONG FileNameLength
;
1412 FILE_STORAGE_TYPE StorageType
;
1415 BOOLEAN ContentIndexDisable
;
1416 BOOLEAN InheritContentIndexDisable
;
1418 } FILE_OLE_DIR_INFORMATION
, *PFILE_OLE_DIR_INFORMATION
;
1420 typedef struct _FILE_OLE_INFORMATION
{
1421 LARGE_INTEGER SecurityChangeTime
;
1422 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation
;
1423 FILE_OBJECTID_INFORMATION ObjectIdInformation
;
1424 FILE_STORAGE_TYPE StorageType
;
1426 BOOLEAN ContentIndexDisable
;
1427 BOOLEAN InheritContentIndexDisable
;
1428 } FILE_OLE_INFORMATION
, *PFILE_OLE_INFORMATION
;
1430 typedef struct _FILE_OLE_STATE_BITS_INFORMATION
{
1432 ULONG StateBitsMask
;
1433 } FILE_OLE_STATE_BITS_INFORMATION
, *PFILE_OLE_STATE_BITS_INFORMATION
;
1435 typedef struct _FILE_PIPE_ASSIGN_EVENT_BUFFER
{
1438 } FILE_PIPE_ASSIGN_EVENT_BUFFER
, *PFILE_PIPE_ASSIGN_EVENT_BUFFER
;
1440 typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER
{
1441 PVOID ClientSession
;
1442 PVOID ClientProcess
;
1443 } FILE_PIPE_CLIENT_PROCESS_BUFFER
, *PFILE_PIPE_CLIENT_PROCESS_BUFFER
;
1445 typedef struct _FILE_PIPE_EVENT_BUFFER
{
1446 ULONG NamedPipeState
;
1450 ULONG NumberRequests
;
1451 } FILE_PIPE_EVENT_BUFFER
, *PFILE_PIPE_EVENT_BUFFER
;
1453 typedef struct _FILE_PIPE_PEEK_BUFFER
1455 ULONG NamedPipeState
;
1456 ULONG ReadDataAvailable
;
1457 ULONG NumberOfMessages
;
1458 ULONG MessageLength
;
1460 } FILE_PIPE_PEEK_BUFFER
, *PFILE_PIPE_PEEK_BUFFER
;
1462 typedef struct _FILE_PIPE_INFORMATION
{
1464 ULONG CompletionMode
;
1465 } FILE_PIPE_INFORMATION
, *PFILE_PIPE_INFORMATION
;
1467 typedef struct _FILE_PIPE_LOCAL_INFORMATION
{
1468 ULONG NamedPipeType
;
1469 ULONG NamedPipeConfiguration
;
1470 ULONG MaximumInstances
;
1471 ULONG CurrentInstances
;
1473 ULONG ReadDataAvailable
;
1474 ULONG OutboundQuota
;
1475 ULONG WriteQuotaAvailable
;
1476 ULONG NamedPipeState
;
1478 } FILE_PIPE_LOCAL_INFORMATION
, *PFILE_PIPE_LOCAL_INFORMATION
;
1480 typedef struct _FILE_PIPE_REMOTE_INFORMATION
{
1481 LARGE_INTEGER CollectDataTime
;
1482 ULONG MaximumCollectionCount
;
1483 } FILE_PIPE_REMOTE_INFORMATION
, *PFILE_PIPE_REMOTE_INFORMATION
;
1485 typedef struct _FILE_PIPE_WAIT_FOR_BUFFER
{
1486 LARGE_INTEGER Timeout
;
1488 BOOLEAN TimeoutSpecified
;
1490 } FILE_PIPE_WAIT_FOR_BUFFER
, *PFILE_PIPE_WAIT_FOR_BUFFER
;
1492 typedef struct _FILE_RENAME_INFORMATION
{
1493 BOOLEAN ReplaceIfExists
;
1494 HANDLE RootDirectory
;
1495 ULONG FileNameLength
;
1497 } FILE_RENAME_INFORMATION
, *PFILE_RENAME_INFORMATION
;
1499 typedef struct _FILE_STREAM_INFORMATION
{
1500 ULONG NextEntryOffset
;
1501 ULONG StreamNameLength
;
1502 LARGE_INTEGER StreamSize
;
1503 LARGE_INTEGER StreamAllocationSize
;
1504 WCHAR StreamName
[1];
1505 } FILE_STREAM_INFORMATION
, *PFILE_STREAM_INFORMATION
;
1507 typedef struct _FILE_TRACKING_INFORMATION
{
1508 HANDLE DestinationFile
;
1509 ULONG ObjectInformationLength
;
1510 CHAR ObjectInformation
[1];
1511 } FILE_TRACKING_INFORMATION
, *PFILE_TRACKING_INFORMATION
;
1513 #if (VER_PRODUCTBUILD >= 2195)
1514 typedef struct _FILE_ZERO_DATA_INFORMATION
{
1515 LARGE_INTEGER FileOffset
;
1516 LARGE_INTEGER BeyondFinalZero
;
1517 } FILE_ZERO_DATA_INFORMATION
, *PFILE_ZERO_DATA_INFORMATION
;
1519 typedef struct FILE_ALLOCATED_RANGE_BUFFER
{
1520 LARGE_INTEGER FileOffset
;
1521 LARGE_INTEGER Length
;
1522 } FILE_ALLOCATED_RANGE_BUFFER
, *PFILE_ALLOCATED_RANGE_BUFFER
;
1523 #endif /* (VER_PRODUCTBUILD >= 2195) */
1525 #define FSRTL_FCB_HEADER_V0 (0x00)
1526 #define FSRTL_FCB_HEADER_V1 (0x01)
1529 typedef struct _FSRTL_COMMON_FCB_HEADER
{
1530 CSHORT NodeTypeCode
;
1531 CSHORT NodeByteSize
;
1533 UCHAR IsFastIoPossible
;
1534 #if (VER_PRODUCTBUILD >= 1381)
1537 #endif /* (VER_PRODUCTBUILD >= 1381) */
1538 PERESOURCE Resource
;
1539 PERESOURCE PagingIoResource
;
1540 LARGE_INTEGER AllocationSize
;
1541 LARGE_INTEGER FileSize
;
1542 LARGE_INTEGER ValidDataLength
;
1543 } FSRTL_COMMON_FCB_HEADER
, *PFSRTL_COMMON_FCB_HEADER
;
1545 typedef enum _FSRTL_COMPARISON_RESULT
1550 } FSRTL_COMPARISON_RESULT
;
1552 #if (VER_PRODUCTBUILD >= 2600)
1554 typedef struct _FSRTL_ADVANCED_FCB_HEADER
{
1555 CSHORT NodeTypeCode
;
1556 CSHORT NodeByteSize
;
1558 UCHAR IsFastIoPossible
;
1562 PERESOURCE Resource
;
1563 PERESOURCE PagingIoResource
;
1564 LARGE_INTEGER AllocationSize
;
1565 LARGE_INTEGER FileSize
;
1566 LARGE_INTEGER ValidDataLength
;
1567 PFAST_MUTEX FastMutex
;
1568 LIST_ENTRY FilterContexts
;
1569 EX_PUSH_LOCK PushLock
;
1570 PVOID
*FileContextSupportPointer
;
1571 } FSRTL_ADVANCED_FCB_HEADER
, *PFSRTL_ADVANCED_FCB_HEADER
;
1573 typedef struct _FSRTL_PER_STREAM_CONTEXT
{
1577 PFREE_FUNCTION FreeCallback
;
1578 } FSRTL_PER_STREAM_CONTEXT
, *PFSRTL_PER_STREAM_CONTEXT
;
1580 typedef struct _FSRTL_PER_FILEOBJECT_CONTEXT
1585 } FSRTL_PER_FILEOBJECT_CONTEXT
, *PFSRTL_PER_FILEOBJECT_CONTEXT
;
1587 #endif /* (VER_PRODUCTBUILD >= 2600) */
1589 typedef struct _BASE_MCB
1591 ULONG MaximumPairCount
;
1596 } BASE_MCB
, *PBASE_MCB
;
1598 typedef struct _LARGE_MCB
1600 PKGUARDED_MUTEX GuardedMutex
;
1602 } LARGE_MCB
, *PLARGE_MCB
;
1606 LARGE_MCB DummyFieldThatSizesThisStructureCorrectly
;
1609 typedef struct _GENERATE_NAME_CONTEXT
{
1611 BOOLEAN CheckSumInserted
;
1613 WCHAR NameBuffer
[8];
1614 ULONG ExtensionLength
;
1615 WCHAR ExtensionBuffer
[4];
1616 ULONG LastIndexValue
;
1617 } GENERATE_NAME_CONTEXT
, *PGENERATE_NAME_CONTEXT
;
1619 typedef struct _MAPPING_PAIR
{
1622 } MAPPING_PAIR
, *PMAPPING_PAIR
;
1624 typedef struct _GET_RETRIEVAL_DESCRIPTOR
{
1625 ULONG NumberOfPairs
;
1627 MAPPING_PAIR Pair
[1];
1628 } GET_RETRIEVAL_DESCRIPTOR
, *PGET_RETRIEVAL_DESCRIPTOR
;
1630 typedef struct _KQUEUE
{
1631 DISPATCHER_HEADER Header
;
1632 LIST_ENTRY EntryListHead
;
1635 LIST_ENTRY ThreadListHead
;
1636 } KQUEUE
, *PKQUEUE
, *RESTRICTED_POINTER PRKQUEUE
;
1638 #define ASSERT_QUEUE(Q) ASSERT(((Q)->Header.Type & KOBJECT_TYPE_MASK) == QueueObject);
1640 typedef struct _MBCB
{
1641 CSHORT NodeTypeCode
;
1642 CSHORT NodeIsInZone
;
1646 LIST_ENTRY BitmapRanges
;
1647 LONGLONG ResumeWritePage
;
1648 BITMAP_RANGE BitmapRange1
;
1649 BITMAP_RANGE BitmapRange2
;
1650 BITMAP_RANGE BitmapRange3
;
1653 typedef enum _MMFLUSH_TYPE
{
1658 typedef struct _MOVEFILE_DESCRIPTOR
{
1661 LARGE_INTEGER StartVcn
;
1662 LARGE_INTEGER TargetLcn
;
1665 } MOVEFILE_DESCRIPTOR
, *PMOVEFILE_DESCRIPTOR
;
1667 typedef struct _OBJECT_BASIC_INFO
{
1669 ACCESS_MASK GrantedAccess
;
1671 ULONG ReferenceCount
;
1672 ULONG PagedPoolUsage
;
1673 ULONG NonPagedPoolUsage
;
1675 ULONG NameInformationLength
;
1676 ULONG TypeInformationLength
;
1677 ULONG SecurityDescriptorLength
;
1678 LARGE_INTEGER CreateTime
;
1679 } OBJECT_BASIC_INFO
, *POBJECT_BASIC_INFO
;
1681 typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFO
{
1683 BOOLEAN ProtectFromClose
;
1684 } OBJECT_HANDLE_ATTRIBUTE_INFO
, *POBJECT_HANDLE_ATTRIBUTE_INFO
;
1686 typedef struct _OBJECT_NAME_INFO
{
1687 UNICODE_STRING ObjectName
;
1688 WCHAR ObjectNameBuffer
[1];
1689 } OBJECT_NAME_INFO
, *POBJECT_NAME_INFO
;
1691 typedef struct _OBJECT_PROTECTION_INFO
{
1693 BOOLEAN ProtectHandle
;
1694 } OBJECT_PROTECTION_INFO
, *POBJECT_PROTECTION_INFO
;
1696 typedef struct _OBJECT_TYPE_INFO
{
1697 UNICODE_STRING ObjectTypeName
;
1698 UCHAR Unknown
[0x58];
1699 WCHAR ObjectTypeNameBuffer
[1];
1700 } OBJECT_TYPE_INFO
, *POBJECT_TYPE_INFO
;
1702 typedef struct _OBJECT_ALL_TYPES_INFO
{
1703 ULONG NumberOfObjectTypes
;
1704 OBJECT_TYPE_INFO ObjectsTypeInfo
[1];
1705 } OBJECT_ALL_TYPES_INFO
, *POBJECT_ALL_TYPES_INFO
;
1707 typedef struct _PATHNAME_BUFFER
{
1708 ULONG PathNameLength
;
1710 } PATHNAME_BUFFER
, *PPATHNAME_BUFFER
;
1712 typedef enum _RTL_GENERIC_COMPARE_RESULTS
1717 } RTL_GENERIC_COMPARE_RESULTS
;
1719 typedef enum _TABLE_SEARCH_RESULT
1725 } TABLE_SEARCH_RESULT
;
1728 (NTAPI
*PRTL_AVL_MATCH_FUNCTION
)(
1729 struct _RTL_AVL_TABLE
*Table
,
1734 typedef RTL_GENERIC_COMPARE_RESULTS
1735 (NTAPI
*PRTL_AVL_COMPARE_ROUTINE
) (
1736 struct _RTL_AVL_TABLE
*Table
,
1741 typedef RTL_GENERIC_COMPARE_RESULTS
1742 (NTAPI
*PRTL_GENERIC_COMPARE_ROUTINE
) (
1743 struct _RTL_GENERIC_TABLE
*Table
,
1749 (NTAPI
*PRTL_GENERIC_ALLOCATE_ROUTINE
) (
1750 struct _RTL_GENERIC_TABLE
*Table
,
1755 (NTAPI
*PRTL_GENERIC_FREE_ROUTINE
) (
1756 struct _RTL_GENERIC_TABLE
*Table
,
1761 (NTAPI
*PRTL_AVL_ALLOCATE_ROUTINE
) (
1762 struct _RTL_AVL_TABLE
*Table
,
1767 (NTAPI
*PRTL_AVL_FREE_ROUTINE
) (
1768 struct _RTL_AVL_TABLE
*Table
,
1772 typedef struct _PUBLIC_BCB
{
1773 CSHORT NodeTypeCode
;
1774 CSHORT NodeByteSize
;
1776 LARGE_INTEGER MappedFileOffset
;
1777 } PUBLIC_BCB
, *PPUBLIC_BCB
;
1779 typedef struct _QUERY_PATH_REQUEST
{
1780 ULONG PathNameLength
;
1781 PIO_SECURITY_CONTEXT SecurityContext
;
1782 WCHAR FilePathName
[1];
1783 } QUERY_PATH_REQUEST
, *PQUERY_PATH_REQUEST
;
1785 typedef struct _QUERY_PATH_RESPONSE
{
1786 ULONG LengthAccepted
;
1787 } QUERY_PATH_RESPONSE
, *PQUERY_PATH_RESPONSE
;
1789 typedef struct _RETRIEVAL_POINTERS_BUFFER
{
1791 LARGE_INTEGER StartingVcn
;
1793 LARGE_INTEGER NextVcn
;
1796 } RETRIEVAL_POINTERS_BUFFER
, *PRETRIEVAL_POINTERS_BUFFER
;
1798 typedef struct _RTL_SPLAY_LINKS
{
1799 struct _RTL_SPLAY_LINKS
*Parent
;
1800 struct _RTL_SPLAY_LINKS
*LeftChild
;
1801 struct _RTL_SPLAY_LINKS
*RightChild
;
1802 } RTL_SPLAY_LINKS
, *PRTL_SPLAY_LINKS
;
1804 typedef struct _RTL_BALANCED_LINKS
1806 struct _RTL_BALANCED_LINKS
*Parent
;
1807 struct _RTL_BALANCED_LINKS
*LeftChild
;
1808 struct _RTL_BALANCED_LINKS
*RightChild
;
1811 } RTL_BALANCED_LINKS
, *PRTL_BALANCED_LINKS
;
1813 typedef struct _RTL_GENERIC_TABLE
1815 PRTL_SPLAY_LINKS TableRoot
;
1816 LIST_ENTRY InsertOrderList
;
1817 PLIST_ENTRY OrderedPointer
;
1818 ULONG WhichOrderedElement
;
1819 ULONG NumberGenericTableElements
;
1820 PRTL_GENERIC_COMPARE_ROUTINE CompareRoutine
;
1821 PRTL_GENERIC_ALLOCATE_ROUTINE AllocateRoutine
;
1822 PRTL_GENERIC_FREE_ROUTINE FreeRoutine
;
1824 } RTL_GENERIC_TABLE
, *PRTL_GENERIC_TABLE
;
1826 typedef struct _UNICODE_PREFIX_TABLE_ENTRY
1828 CSHORT NodeTypeCode
;
1830 struct _UNICODE_PREFIX_TABLE_ENTRY
*NextPrefixTree
;
1831 struct _UNICODE_PREFIX_TABLE_ENTRY
*CaseMatch
;
1832 RTL_SPLAY_LINKS Links
;
1833 PUNICODE_STRING Prefix
;
1834 } UNICODE_PREFIX_TABLE_ENTRY
, *PUNICODE_PREFIX_TABLE_ENTRY
;
1836 typedef struct _UNICODE_PREFIX_TABLE
1838 CSHORT NodeTypeCode
;
1840 PUNICODE_PREFIX_TABLE_ENTRY NextPrefixTree
;
1841 PUNICODE_PREFIX_TABLE_ENTRY LastNextEntry
;
1842 } UNICODE_PREFIX_TABLE
, *PUNICODE_PREFIX_TABLE
;
1847 RtlInitializeUnicodePrefix (
1848 IN PUNICODE_PREFIX_TABLE PrefixTable
1854 RtlInsertUnicodePrefix (
1855 IN PUNICODE_PREFIX_TABLE PrefixTable
,
1856 IN PUNICODE_STRING Prefix
,
1857 IN PUNICODE_PREFIX_TABLE_ENTRY PrefixTableEntry
1863 RtlRemoveUnicodePrefix (
1864 IN PUNICODE_PREFIX_TABLE PrefixTable
,
1865 IN PUNICODE_PREFIX_TABLE_ENTRY PrefixTableEntry
1869 PUNICODE_PREFIX_TABLE_ENTRY
1871 RtlFindUnicodePrefix (
1872 IN PUNICODE_PREFIX_TABLE PrefixTable
,
1873 IN PUNICODE_STRING FullName
,
1874 IN ULONG CaseInsensitiveIndex
1878 PUNICODE_PREFIX_TABLE_ENTRY
1880 RtlNextUnicodePrefix (
1881 IN PUNICODE_PREFIX_TABLE PrefixTable
,
1885 #undef PRTL_GENERIC_COMPARE_ROUTINE
1886 #undef PRTL_GENERIC_ALLOCATE_ROUTINE
1887 #undef PRTL_GENERIC_FREE_ROUTINE
1888 #undef RTL_GENERIC_TABLE
1889 #undef PRTL_GENERIC_TABLE
1891 #define PRTL_GENERIC_COMPARE_ROUTINE PRTL_AVL_COMPARE_ROUTINE
1892 #define PRTL_GENERIC_ALLOCATE_ROUTINE PRTL_AVL_ALLOCATE_ROUTINE
1893 #define PRTL_GENERIC_FREE_ROUTINE PRTL_AVL_FREE_ROUTINE
1894 #define RTL_GENERIC_TABLE RTL_AVL_TABLE
1895 #define PRTL_GENERIC_TABLE PRTL_AVL_TABLE
1897 #define RtlInitializeGenericTable RtlInitializeGenericTableAvl
1898 #define RtlInsertElementGenericTable RtlInsertElementGenericTableAvl
1899 #define RtlInsertElementGenericTableFull RtlInsertElementGenericTableFullAvl
1900 #define RtlDeleteElementGenericTable RtlDeleteElementGenericTableAvl
1901 #define RtlLookupElementGenericTable RtlLookupElementGenericTableAvl
1902 #define RtlLookupElementGenericTableFull RtlLookupElementGenericTableFullAvl
1903 #define RtlEnumerateGenericTable RtlEnumerateGenericTableAvl
1904 #define RtlEnumerateGenericTableWithoutSplaying RtlEnumerateGenericTableWithoutSplayingAvl
1905 #define RtlGetElementGenericTable RtlGetElementGenericTableAvl
1906 #define RtlNumberGenericTableElements RtlNumberGenericTableElementsAvl
1907 #define RtlIsGenericTableEmpty RtlIsGenericTableEmptyAvl
1909 typedef struct _RTL_AVL_TABLE
1911 RTL_BALANCED_LINKS BalancedRoot
;
1912 PVOID OrderedPointer
;
1913 ULONG WhichOrderedElement
;
1914 ULONG NumberGenericTableElements
;
1916 PRTL_BALANCED_LINKS RestartKey
;
1918 PRTL_AVL_COMPARE_ROUTINE CompareRoutine
;
1919 PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine
;
1920 PRTL_AVL_FREE_ROUTINE FreeRoutine
;
1922 } RTL_AVL_TABLE
, *PRTL_AVL_TABLE
;
1927 RtlInitializeGenericTableAvl(
1928 PRTL_AVL_TABLE Table
,
1929 PRTL_AVL_COMPARE_ROUTINE CompareRoutine
,
1930 PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine
,
1931 PRTL_AVL_FREE_ROUTINE FreeRoutine
,
1938 RtlInsertElementGenericTableAvl (
1939 PRTL_AVL_TABLE Table
,
1942 PBOOLEAN NewElement OPTIONAL
1948 RtlDeleteElementGenericTableAvl (
1949 PRTL_AVL_TABLE Table
,
1956 RtlLookupElementGenericTableAvl (
1957 PRTL_AVL_TABLE Table
,
1964 RtlEnumerateGenericTableWithoutSplayingAvl (
1965 PRTL_AVL_TABLE Table
,
1969 #if defined(USE_LPC6432)
1970 #define LPC_CLIENT_ID CLIENT_ID64
1971 #define LPC_SIZE_T ULONGLONG
1972 #define LPC_PVOID ULONGLONG
1973 #define LPC_HANDLE ULONGLONG
1975 #define LPC_CLIENT_ID CLIENT_ID
1976 #define LPC_SIZE_T SIZE_T
1977 #define LPC_PVOID PVOID
1978 #define LPC_HANDLE HANDLE
1981 typedef struct _PORT_MESSAGE
1997 CSHORT DataInfoOffset
;
2001 __GNU_EXTENSION
union
2003 LPC_CLIENT_ID ClientId
;
2004 double DoNotUseThisField
;
2007 __GNU_EXTENSION
union
2009 LPC_SIZE_T ClientViewSize
;
2012 } PORT_MESSAGE
, *PPORT_MESSAGE
;
2014 #define LPC_KERNELMODE_MESSAGE (CSHORT)((USHORT)0x8000)
2016 typedef struct _PORT_VIEW
2019 LPC_HANDLE SectionHandle
;
2020 ULONG SectionOffset
;
2021 LPC_SIZE_T ViewSize
;
2023 LPC_PVOID ViewRemoteBase
;
2024 } PORT_VIEW
, *PPORT_VIEW
;
2026 typedef struct _REMOTE_PORT_VIEW
2029 LPC_SIZE_T ViewSize
;
2031 } REMOTE_PORT_VIEW
, *PREMOTE_PORT_VIEW
;
2033 typedef struct _SE_EXPORTS
{
2035 LUID SeCreateTokenPrivilege
;
2036 LUID SeAssignPrimaryTokenPrivilege
;
2037 LUID SeLockMemoryPrivilege
;
2038 LUID SeIncreaseQuotaPrivilege
;
2039 LUID SeUnsolicitedInputPrivilege
;
2040 LUID SeTcbPrivilege
;
2041 LUID SeSecurityPrivilege
;
2042 LUID SeTakeOwnershipPrivilege
;
2043 LUID SeLoadDriverPrivilege
;
2044 LUID SeCreatePagefilePrivilege
;
2045 LUID SeIncreaseBasePriorityPrivilege
;
2046 LUID SeSystemProfilePrivilege
;
2047 LUID SeSystemtimePrivilege
;
2048 LUID SeProfileSingleProcessPrivilege
;
2049 LUID SeCreatePermanentPrivilege
;
2050 LUID SeBackupPrivilege
;
2051 LUID SeRestorePrivilege
;
2052 LUID SeShutdownPrivilege
;
2053 LUID SeDebugPrivilege
;
2054 LUID SeAuditPrivilege
;
2055 LUID SeSystemEnvironmentPrivilege
;
2056 LUID SeChangeNotifyPrivilege
;
2057 LUID SeRemoteShutdownPrivilege
;
2062 PSID SeCreatorOwnerSid
;
2063 PSID SeCreatorGroupSid
;
2065 PSID SeNtAuthoritySid
;
2069 PSID SeInteractiveSid
;
2070 PSID SeLocalSystemSid
;
2071 PSID SeAliasAdminsSid
;
2072 PSID SeAliasUsersSid
;
2073 PSID SeAliasGuestsSid
;
2074 PSID SeAliasPowerUsersSid
;
2075 PSID SeAliasAccountOpsSid
;
2076 PSID SeAliasSystemOpsSid
;
2077 PSID SeAliasPrintOpsSid
;
2078 PSID SeAliasBackupOpsSid
;
2080 PSID SeAuthenticatedUsersSid
;
2082 PSID SeRestrictedSid
;
2083 PSID SeAnonymousLogonSid
;
2085 LUID SeUndockPrivilege
;
2086 LUID SeSyncAgentPrivilege
;
2087 LUID SeEnableDelegationPrivilege
;
2089 } SE_EXPORTS
, *PSE_EXPORTS
;
2091 extern PSE_EXPORTS SeExports
;
2095 LARGE_INTEGER StartingLcn
;
2096 } STARTING_LCN_INPUT_BUFFER
, *PSTARTING_LCN_INPUT_BUFFER
;
2098 typedef struct _STARTING_VCN_INPUT_BUFFER
{
2099 LARGE_INTEGER StartingVcn
;
2100 } STARTING_VCN_INPUT_BUFFER
, *PSTARTING_VCN_INPUT_BUFFER
;
2102 typedef struct _SECURITY_CLIENT_CONTEXT
{
2103 SECURITY_QUALITY_OF_SERVICE SecurityQos
;
2104 PACCESS_TOKEN ClientToken
;
2105 BOOLEAN DirectlyAccessClientToken
;
2106 BOOLEAN DirectAccessEffectiveOnly
;
2107 BOOLEAN ServerIsRemote
;
2108 TOKEN_CONTROL ClientTokenControl
;
2109 } SECURITY_CLIENT_CONTEXT
, *PSECURITY_CLIENT_CONTEXT
;
2112 // The following are the inherit flags that go into the AceFlags field
2113 // of an Ace header.
2115 #define OBJECT_INHERIT_ACE (0x1)
2116 #define CONTAINER_INHERIT_ACE (0x2)
2117 #define NO_PROPAGATE_INHERIT_ACE (0x4)
2118 #define INHERIT_ONLY_ACE (0x8)
2119 #define INHERITED_ACE (0x10)
2120 #define VALID_INHERIT_FLAGS (0x1F)
2122 typedef struct _ACE_HEADER
2127 } ACE_HEADER
, *PACE_HEADER
;
2129 typedef struct _ACCESS_ALLOWED_ACE
2134 } ACCESS_ALLOWED_ACE
, *PACCESS_ALLOWED_ACE
;
2136 typedef struct _ACCESS_DENIED_ACE
2141 } ACCESS_DENIED_ACE
, *PACCESS_DENIED_ACE
;
2143 typedef struct _SYSTEM_AUDIT_ACE
2148 } SYSTEM_AUDIT_ACE
, *PSYSTEM_AUDIT_ACE
;
2150 typedef struct _SYSTEM_ALARM_ACE
2155 } SYSTEM_ALARM_ACE
, *PSYSTEM_ALARM_ACE
;
2157 typedef struct _SYSTEM_MANDATORY_LABEL_ACE
2162 } SYSTEM_MANDATORY_LABEL_ACE
, *PSYSTEM_MANDATORY_LABEL_ACE
;
2164 typedef struct _TUNNEL
{
2166 PRTL_SPLAY_LINKS Cache
;
2167 LIST_ENTRY TimerQueue
;
2171 typedef struct _VAD_HEADER
{
2174 struct _VAD_HEADER
* ParentLink
;
2175 struct _VAD_HEADER
* LeftLink
;
2176 struct _VAD_HEADER
* RightLink
;
2177 ULONG Flags
; /* LSB = CommitCharge */
2179 PVOID FirstProtoPte
;
2183 } VAD_HEADER
, *PVAD_HEADER
;
2187 LARGE_INTEGER StartingLcn
;
2188 LARGE_INTEGER BitmapSize
;
2190 } VOLUME_BITMAP_BUFFER
, *PVOLUME_BITMAP_BUFFER
;
2192 #if (VER_PRODUCTBUILD >= 2600)
2195 (NTAPI
*PFILTER_REPORT_CHANGE
) (
2196 IN PVOID NotifyContext
,
2197 IN PVOID FilterContext
2200 typedef enum _FS_FILTER_SECTION_SYNC_TYPE
{
2202 SyncTypeCreateSection
2203 } FS_FILTER_SECTION_SYNC_TYPE
, *PFS_FILTER_SECTION_SYNC_TYPE
;
2205 typedef enum _FS_FILTER_STREAM_FO_NOTIFICATION_TYPE
{
2206 NotifyTypeCreate
= 0,
2208 } FS_FILTER_STREAM_FO_NOTIFICATION_TYPE
, *PFS_FILTER_STREAM_FO_NOTIFICATION_TYPE
;
2210 typedef union _FS_FILTER_PARAMETERS
{
2212 PLARGE_INTEGER EndingOffset
;
2213 PERESOURCE
*ResourceToRelease
;
2214 } AcquireForModifiedPageWriter
;
2217 PERESOURCE ResourceToRelease
;
2218 } ReleaseForModifiedPageWriter
;
2221 FS_FILTER_SECTION_SYNC_TYPE SyncType
;
2222 ULONG PageProtection
;
2223 } AcquireForSectionSynchronization
;
2226 FS_FILTER_STREAM_FO_NOTIFICATION_TYPE NotificationType
;
2227 BOOLEAN POINTER_ALIGNMENT SafeToRecurse
;
2228 } NotifyStreamFileObject
;
2237 } FS_FILTER_PARAMETERS
, *PFS_FILTER_PARAMETERS
;
2239 typedef struct _FS_FILTER_CALLBACK_DATA
{
2240 ULONG SizeOfFsFilterCallbackData
;
2243 struct _DEVICE_OBJECT
*DeviceObject
;
2244 struct _FILE_OBJECT
*FileObject
;
2245 FS_FILTER_PARAMETERS Parameters
;
2246 } FS_FILTER_CALLBACK_DATA
, *PFS_FILTER_CALLBACK_DATA
;
2249 (NTAPI
*PFS_FILTER_CALLBACK
) (
2250 IN PFS_FILTER_CALLBACK_DATA Data
,
2251 OUT PVOID
*CompletionContext
2255 (NTAPI
*PFS_FILTER_COMPLETION_CALLBACK
) (
2256 IN PFS_FILTER_CALLBACK_DATA Data
,
2257 IN NTSTATUS OperationStatus
,
2258 IN PVOID CompletionContext
2261 typedef struct _FS_FILTER_CALLBACKS
{
2262 ULONG SizeOfFsFilterCallbacks
;
2264 PFS_FILTER_CALLBACK PreAcquireForSectionSynchronization
;
2265 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForSectionSynchronization
;
2266 PFS_FILTER_CALLBACK PreReleaseForSectionSynchronization
;
2267 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForSectionSynchronization
;
2268 PFS_FILTER_CALLBACK PreAcquireForCcFlush
;
2269 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForCcFlush
;
2270 PFS_FILTER_CALLBACK PreReleaseForCcFlush
;
2271 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForCcFlush
;
2272 PFS_FILTER_CALLBACK PreAcquireForModifiedPageWriter
;
2273 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForModifiedPageWriter
;
2274 PFS_FILTER_CALLBACK PreReleaseForModifiedPageWriter
;
2275 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForModifiedPageWriter
;
2276 } FS_FILTER_CALLBACKS
, *PFS_FILTER_CALLBACKS
;
2278 typedef struct _READ_LIST
{
2279 PFILE_OBJECT FileObject
;
2280 ULONG NumberOfEntries
;
2282 FILE_SEGMENT_ELEMENT List
[ANYSIZE_ARRAY
];
2283 } READ_LIST
, *PREAD_LIST
;
2288 (NTAPI
* PRTL_HEAP_COMMIT_ROUTINE
) (
2290 IN OUT PVOID
*CommitAddress
,
2291 IN OUT PSIZE_T CommitSize
2294 typedef struct _RTL_HEAP_PARAMETERS
{
2296 SIZE_T SegmentReserve
;
2297 SIZE_T SegmentCommit
;
2298 SIZE_T DeCommitFreeBlockThreshold
;
2299 SIZE_T DeCommitTotalFreeThreshold
;
2300 SIZE_T MaximumAllocationSize
;
2301 SIZE_T VirtualMemoryThreshold
;
2302 SIZE_T InitialCommit
;
2303 SIZE_T InitialReserve
;
2304 PRTL_HEAP_COMMIT_ROUTINE CommitRoutine
;
2306 } RTL_HEAP_PARAMETERS
, *PRTL_HEAP_PARAMETERS
;
2312 IN PFILE_OBJECT FileObject
,
2313 IN ULONG BytesToWrite
,
2322 IN PFILE_OBJECT FileObject
,
2323 IN PLARGE_INTEGER FileOffset
,
2327 OUT PIO_STATUS_BLOCK IoStatus
2334 IN PFILE_OBJECT FileObject
,
2335 IN PLARGE_INTEGER FileOffset
,
2341 #define CcCopyWriteWontFlush(FO, FOFF, LEN) ((LEN) <= 0x10000)
2343 typedef VOID (NTAPI
*PCC_POST_DEFERRED_WRITE
) (
2352 IN PFILE_OBJECT FileObject
,
2353 IN PCC_POST_DEFERRED_WRITE PostRoutine
,
2356 IN ULONG BytesToWrite
,
2364 IN PFILE_OBJECT FileObject
,
2365 IN ULONG FileOffset
,
2369 OUT PIO_STATUS_BLOCK IoStatus
2376 IN PFILE_OBJECT FileObject
,
2377 IN ULONG FileOffset
,
2386 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
2387 IN PLARGE_INTEGER FileOffset OPTIONAL
,
2389 OUT PIO_STATUS_BLOCK IoStatus OPTIONAL
2392 typedef VOID (NTAPI
*PDIRTY_PAGE_ROUTINE
) (
2393 IN PFILE_OBJECT FileObject
,
2394 IN PLARGE_INTEGER FileOffset
,
2396 IN PLARGE_INTEGER OldestLsn
,
2397 IN PLARGE_INTEGER NewestLsn
,
2407 IN PDIRTY_PAGE_ROUTINE DirtyPageRoutine
,
2415 CcGetFileObjectFromBcb (
2422 CcGetFileObjectFromSectionPtrs (
2423 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
2426 #define CcGetFileSizePointer(FO) ( \
2427 ((PLARGE_INTEGER)((FO)->SectionObjectPointer->SharedCacheMap) + 1) \
2430 #if (VER_PRODUCTBUILD >= 2195)
2435 CcGetFlushedValidData (
2436 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
2437 IN BOOLEAN BcbListHeld
2440 #endif /* (VER_PRODUCTBUILD >= 2195) */
2445 CcGetLsnForFileObject (
2446 IN PFILE_OBJECT FileObject
,
2447 OUT PLARGE_INTEGER OldestLsn OPTIONAL
2450 typedef BOOLEAN (NTAPI
*PACQUIRE_FOR_LAZY_WRITE
) (
2455 typedef VOID (NTAPI
*PRELEASE_FROM_LAZY_WRITE
) (
2459 typedef BOOLEAN (NTAPI
*PACQUIRE_FOR_READ_AHEAD
) (
2464 typedef VOID (NTAPI
*PRELEASE_FROM_READ_AHEAD
) (
2468 typedef struct _CACHE_MANAGER_CALLBACKS
{
2469 PACQUIRE_FOR_LAZY_WRITE AcquireForLazyWrite
;
2470 PRELEASE_FROM_LAZY_WRITE ReleaseFromLazyWrite
;
2471 PACQUIRE_FOR_READ_AHEAD AcquireForReadAhead
;
2472 PRELEASE_FROM_READ_AHEAD ReleaseFromReadAhead
;
2473 } CACHE_MANAGER_CALLBACKS
, *PCACHE_MANAGER_CALLBACKS
;
2478 CcInitializeCacheMap (
2479 IN PFILE_OBJECT FileObject
,
2480 IN PCC_FILE_SIZES FileSizes
,
2481 IN BOOLEAN PinAccess
,
2482 IN PCACHE_MANAGER_CALLBACKS Callbacks
,
2483 IN PVOID LazyWriteContext
2486 #define CcIsFileCached(FO) ( \
2487 ((FO)->SectionObjectPointer != NULL) && \
2488 (((PSECTION_OBJECT_POINTERS)(FO)->SectionObjectPointer)->SharedCacheMap != NULL) \
2491 extern ULONG CcFastMdlReadWait
;
2496 CcIsThereDirtyData (
2504 IN PFILE_OBJECT FileObject
,
2505 IN PLARGE_INTEGER FileOffset
,
2516 IN PFILE_OBJECT FileObject
,
2517 IN PLARGE_INTEGER FileOffset
,
2520 OUT PIO_STATUS_BLOCK IoStatus
2527 IN PFILE_OBJECT FileObject
,
2534 CcMdlWriteComplete (
2535 IN PFILE_OBJECT FileObject
,
2536 IN PLARGE_INTEGER FileOffset
,
2546 IN PFILE_OBJECT FileObject
,
2547 IN PLARGE_INTEGER FileOffset
,
2557 IN PFILE_OBJECT FileObject
,
2558 IN PLARGE_INTEGER FileOffset
,
2569 IN PFILE_OBJECT FileObject
,
2570 IN PLARGE_INTEGER FileOffset
,
2573 OUT PIO_STATUS_BLOCK IoStatus
2580 IN PFILE_OBJECT FileObject
,
2581 IN PLARGE_INTEGER FileOffset
,
2592 CcPurgeCacheSection (
2593 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
2594 IN PLARGE_INTEGER FileOffset OPTIONAL
,
2596 IN BOOLEAN UninitializeCacheMaps
2599 #define CcReadAhead(FO, FOFF, LEN) ( \
2600 if ((LEN) >= 256) { \
2601 CcScheduleReadAhead((FO), (FOFF), (LEN)); \
2605 #if (VER_PRODUCTBUILD >= 2195)
2614 #endif /* (VER_PRODUCTBUILD >= 2195) */
2626 CcScheduleReadAhead (
2627 IN PFILE_OBJECT FileObject
,
2628 IN PLARGE_INTEGER FileOffset
,
2635 CcSetAdditionalCacheAttributes (
2636 IN PFILE_OBJECT FileObject
,
2637 IN BOOLEAN DisableReadAhead
,
2638 IN BOOLEAN DisableWriteBehind
2644 CcSetBcbOwnerPointer (
2646 IN PVOID OwnerPointer
2652 CcSetDirtyPageThreshold (
2653 IN PFILE_OBJECT FileObject
,
2654 IN ULONG DirtyPageThreshold
2660 CcSetDirtyPinnedData (
2662 IN PLARGE_INTEGER Lsn OPTIONAL
2669 IN PFILE_OBJECT FileObject
,
2670 IN PCC_FILE_SIZES FileSizes
2673 typedef VOID (NTAPI
*PFLUSH_TO_LSN
) (
2675 IN LARGE_INTEGER Lsn
2681 CcSetLogHandleForFile (
2682 IN PFILE_OBJECT FileObject
,
2684 IN PFLUSH_TO_LSN FlushToLsnRoutine
2690 CcSetReadAheadGranularity (
2691 IN PFILE_OBJECT FileObject
,
2692 IN ULONG Granularity
/* default: PAGE_SIZE */
2693 /* allowed: 2^n * PAGE_SIZE */
2699 CcUninitializeCacheMap (
2700 IN PFILE_OBJECT FileObject
,
2701 IN PLARGE_INTEGER TruncateSize OPTIONAL
,
2702 IN PCACHE_UNINITIALIZE_EVENT UninitializeCompleteEvent OPTIONAL
2715 CcUnpinDataForThread (
2717 IN ERESOURCE_THREAD ResourceThreadId
2723 CcUnpinRepinnedBcb (
2725 IN BOOLEAN WriteThrough
,
2726 OUT PIO_STATUS_BLOCK IoStatus
2729 #if (VER_PRODUCTBUILD >= 2195)
2734 CcWaitForCurrentLazyWriterActivity (
2738 #endif /* (VER_PRODUCTBUILD >= 2195) */
2744 IN PFILE_OBJECT FileObject
,
2745 IN PLARGE_INTEGER StartOffset
,
2746 IN PLARGE_INTEGER EndOffset
,
2753 ExDisableResourceBoostLite (
2754 IN PERESOURCE Resource
2760 ExQueryPoolBlockSize (
2762 OUT PBOOLEAN QuotaCharged
2765 #if (VER_PRODUCTBUILD >= 2600)
2767 #ifndef __NTOSKRNL__
2771 ExInitializeRundownProtection (
2772 IN PEX_RUNDOWN_REF RunRef
2778 ExReInitializeRundownProtection (
2779 IN PEX_RUNDOWN_REF RunRef
2785 ExAcquireRundownProtection (
2786 IN PEX_RUNDOWN_REF RunRef
2792 ExAcquireRundownProtectionEx (
2793 IN PEX_RUNDOWN_REF RunRef
,
2800 ExReleaseRundownProtection (
2801 IN PEX_RUNDOWN_REF RunRef
2807 ExReleaseRundownProtectionEx (
2808 IN PEX_RUNDOWN_REF RunRef
,
2815 ExRundownCompleted (
2816 IN PEX_RUNDOWN_REF RunRef
2822 ExWaitForRundownProtectionRelease (
2823 IN PEX_RUNDOWN_REF RunRef
2827 #endif /* (VER_PRODUCTBUILD >= 2600) */
2830 #define FsRtlSetupAdvancedHeader( _advhdr, _fmutx ) \
2832 SetFlag( (_advhdr)->Flags, FSRTL_FLAG_ADVANCED_HEADER ); \
2833 SetFlag( (_advhdr)->Flags2, FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS ); \
2834 (_advhdr)->Version = FSRTL_FCB_HEADER_V1; \
2835 InitializeListHead( &(_advhdr)->FilterContexts ); \
2836 if ((_fmutx) != NULL) { \
2837 (_advhdr)->FastMutex = (_fmutx); \
2839 *((PULONG_PTR)(&(_advhdr)->PushLock)) = 0; \
2840 /*ExInitializePushLock( &(_advhdr)->PushLock ); API Not avaliable downlevel*/\
2841 (_advhdr)->FileContextSupportPointer = NULL; \
2847 FsRtlAddBaseMcbEntry (
2851 IN LONGLONG SectorCount
2857 FsRtlAddLargeMcbEntry (
2861 IN LONGLONG SectorCount
2871 IN ULONG SectorCount
2877 FsRtlAddToTunnelCache (
2879 IN ULONGLONG DirectoryKey
,
2880 IN PUNICODE_STRING ShortName
,
2881 IN PUNICODE_STRING LongName
,
2882 IN BOOLEAN KeyByShortName
,
2883 IN ULONG DataLength
,
2887 #if (VER_PRODUCTBUILD >= 2195)
2891 FsRtlAllocateFileLock (
2892 IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL
,
2893 IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL
2896 #endif /* (VER_PRODUCTBUILD >= 2195) */
2902 IN POOL_TYPE PoolType
,
2903 IN ULONG NumberOfBytes
2909 FsRtlAllocatePoolWithQuota (
2910 IN POOL_TYPE PoolType
,
2911 IN ULONG NumberOfBytes
2917 FsRtlAllocatePoolWithQuotaTag (
2918 IN POOL_TYPE PoolType
,
2919 IN ULONG NumberOfBytes
,
2926 FsRtlAllocatePoolWithTag (
2927 IN POOL_TYPE PoolType
,
2928 IN ULONG NumberOfBytes
,
2935 FsRtlAreNamesEqual (
2936 IN PCUNICODE_STRING Name1
,
2937 IN PCUNICODE_STRING Name2
,
2938 IN BOOLEAN IgnoreCase
,
2939 IN PCWCH UpcaseTable OPTIONAL
2942 #define FsRtlAreThereCurrentFileLocks(FL) ( \
2943 ((FL)->FastIoIsQuestionable) \
2947 FsRtlCheckLockForReadAccess:
2949 All this really does is pick out the lock parameters from the irp (io stack
2950 location?), get IoGetRequestorProcess, and pass values on to
2951 FsRtlFastCheckLockForRead.
2956 FsRtlCheckLockForReadAccess (
2957 IN PFILE_LOCK FileLock
,
2962 FsRtlCheckLockForWriteAccess:
2964 All this really does is pick out the lock parameters from the irp (io stack
2965 location?), get IoGetRequestorProcess, and pass values on to
2966 FsRtlFastCheckLockForWrite.
2971 FsRtlCheckLockForWriteAccess (
2972 IN PFILE_LOCK FileLock
,
2978 (NTAPI
*POPLOCK_WAIT_COMPLETE_ROUTINE
) (
2985 (NTAPI
*POPLOCK_FS_PREPOST_IRP
) (
2997 IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL
,
2998 IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL
3005 IN PFILE_OBJECT FileObject
,
3006 IN PLARGE_INTEGER FileOffset
,
3011 OUT PIO_STATUS_BLOCK IoStatus
,
3012 IN PDEVICE_OBJECT DeviceObject
3019 IN PFILE_OBJECT FileObject
,
3020 IN PLARGE_INTEGER FileOffset
,
3025 OUT PIO_STATUS_BLOCK IoStatus
,
3026 IN PDEVICE_OBJECT DeviceObject
3029 #define HEAP_NO_SERIALIZE 0x00000001
3030 #define HEAP_GROWABLE 0x00000002
3031 #define HEAP_GENERATE_EXCEPTIONS 0x00000004
3032 #define HEAP_ZERO_MEMORY 0x00000008
3033 #define HEAP_REALLOC_IN_PLACE_ONLY 0x00000010
3034 #define HEAP_TAIL_CHECKING_ENABLED 0x00000020
3035 #define HEAP_FREE_CHECKING_ENABLED 0x00000040
3036 #define HEAP_DISABLE_COALESCE_ON_FREE 0x00000080
3038 #define HEAP_CREATE_ALIGN_16 0x00010000
3039 #define HEAP_CREATE_ENABLE_TRACING 0x00020000
3040 #define HEAP_CREATE_ENABLE_EXECUTE 0x00040000
3047 IN PVOID HeapBase OPTIONAL
,
3048 IN SIZE_T ReserveSize OPTIONAL
,
3049 IN SIZE_T CommitSize OPTIONAL
,
3050 IN PVOID Lock OPTIONAL
,
3051 IN PRTL_HEAP_PARAMETERS Parameters OPTIONAL
3057 FsRtlCurrentBatchOplock (
3064 FsRtlDeleteKeyFromTunnelCache (
3066 IN ULONGLONG DirectoryKey
3072 FsRtlDeleteTunnelCache (
3079 FsRtlDeregisterUncProvider (
3094 IN ANSI_STRING Name
,
3095 OUT PANSI_STRING FirstPart
,
3096 OUT PANSI_STRING RemainingPart
3103 IN UNICODE_STRING Name
,
3104 OUT PUNICODE_STRING FirstPart
,
3105 OUT PUNICODE_STRING RemainingPart
3111 FsRtlDoesDbcsContainWildCards (
3112 IN PANSI_STRING Name
3118 FsRtlDoesNameContainWildCards (
3119 IN PUNICODE_STRING Name
3125 FsRtlIsFatDbcsLegal (
3126 IN ANSI_STRING DbcsName
,
3127 IN BOOLEAN WildCardsPermissible
,
3128 IN BOOLEAN PathNamePermissible
,
3129 IN BOOLEAN LeadingBackslashPermissible
3133 #define FsRtlCompleteRequest(IRP,STATUS) { \
3134 (IRP)->IoStatus.Status = (STATUS); \
3135 IoCompleteRequest( (IRP), IO_DISK_INCREMENT ); \
3138 #define FsRtlEnterFileSystem KeEnterCriticalRegion
3140 #define FsRtlExitFileSystem KeLeaveCriticalRegion
3145 FsRtlFastCheckLockForRead (
3146 IN PFILE_LOCK FileLock
,
3147 IN PLARGE_INTEGER FileOffset
,
3148 IN PLARGE_INTEGER Length
,
3150 IN PFILE_OBJECT FileObject
,
3157 FsRtlFastCheckLockForWrite (
3158 IN PFILE_LOCK FileLock
,
3159 IN PLARGE_INTEGER FileOffset
,
3160 IN PLARGE_INTEGER Length
,
3162 IN PFILE_OBJECT FileObject
,
3166 #define FsRtlFastLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, A10, A11) ( \
3167 FsRtlPrivateLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, NULL, A10, A11) \
3173 FsRtlFastUnlockAll (
3174 IN PFILE_LOCK FileLock
,
3175 IN PFILE_OBJECT FileObject
,
3176 IN PEPROCESS Process
,
3177 IN PVOID Context OPTIONAL
3179 /* ret: STATUS_RANGE_NOT_LOCKED */
3184 FsRtlFastUnlockAllByKey (
3185 IN PFILE_LOCK FileLock
,
3186 IN PFILE_OBJECT FileObject
,
3187 IN PEPROCESS Process
,
3189 IN PVOID Context OPTIONAL
3191 /* ret: STATUS_RANGE_NOT_LOCKED */
3196 FsRtlFastUnlockSingle (
3197 IN PFILE_LOCK FileLock
,
3198 IN PFILE_OBJECT FileObject
,
3199 IN PLARGE_INTEGER FileOffset
,
3200 IN PLARGE_INTEGER Length
,
3201 IN PEPROCESS Process
,
3203 IN PVOID Context OPTIONAL
,
3204 IN BOOLEAN AlreadySynchronized
3206 /* ret: STATUS_RANGE_NOT_LOCKED */
3211 FsRtlFindInTunnelCache (
3213 IN ULONGLONG DirectoryKey
,
3214 IN PUNICODE_STRING Name
,
3215 OUT PUNICODE_STRING ShortName
,
3216 OUT PUNICODE_STRING LongName
,
3217 IN OUT PULONG DataLength
,
3221 #if (VER_PRODUCTBUILD >= 2195)
3227 IN PFILE_LOCK FileLock
3230 #endif /* (VER_PRODUCTBUILD >= 2195) */
3236 IN PFILE_OBJECT FileObject
,
3237 IN OUT PLARGE_INTEGER FileSize
3243 FsRtlGetNextBaseMcbEntry (
3248 OUT PLONGLONG SectorCount
3252 FsRtlGetNextFileLock:
3254 ret: NULL if no more locks
3257 FsRtlGetNextFileLock uses FileLock->LastReturnedLockInfo and
3258 FileLock->LastReturnedLock as storage.
3259 LastReturnedLock is a pointer to the 'raw' lock inkl. double linked
3260 list, and FsRtlGetNextFileLock needs this to get next lock on subsequent
3261 calls with Restart = FALSE.
3266 FsRtlGetNextFileLock (
3267 IN PFILE_LOCK FileLock
,
3274 FsRtlGetNextLargeMcbEntry (
3279 OUT PLONGLONG SectorCount
3285 FsRtlGetNextMcbEntry (
3290 OUT PULONG SectorCount
3293 #define FsRtlGetPerStreamContextPointer(FO) ( \
3294 (PFSRTL_ADVANCED_FCB_HEADER)(FO)->FsContext \
3300 FsRtlInitializeBaseMcb (
3302 IN POOL_TYPE PoolType
3308 FsRtlInitializeFileLock (
3309 IN PFILE_LOCK FileLock
,
3310 IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL
,
3311 IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL
3317 FsRtlInitializeLargeMcb (
3319 IN POOL_TYPE PoolType
3325 FsRtlInitializeMcb (
3327 IN POOL_TYPE PoolType
3333 FsRtlInitializeOplock (
3334 IN OUT POPLOCK Oplock
3340 FsRtlInitializeTunnelCache (
3344 #define FsRtlInitPerStreamContext(PSC, O, I, FC) ( \
3345 (PSC)->OwnerId = (O), \
3346 (PSC)->InstanceId = (I), \
3347 (PSC)->FreeCallback = (FC) \
3353 FsRtlInsertPerStreamContext (
3354 IN PFSRTL_ADVANCED_FCB_HEADER PerStreamContext
,
3355 IN PFSRTL_PER_STREAM_CONTEXT Ptr
3358 #define FsRtlIsAnsiCharacterLegalFat(C, WILD) ( \
3359 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_FAT_LEGAL) | \
3360 ((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \
3363 #define FsRtlIsAnsiCharacterLegalHpfs(C, WILD) ( \
3364 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_HPFS_LEGAL) | \
3365 ((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \
3368 #define FsRtlIsAnsiCharacterLegalNtfs(C, WILD) ( \
3369 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_NTFS_LEGAL) | \
3370 ((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \
3373 #define FsRtlIsAnsiCharacterWild(C) ( \
3374 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], FSRTL_WILD_CHARACTER ) \
3380 FsRtlIsFatDbcsLegal (
3381 IN ANSI_STRING DbcsName
,
3382 IN BOOLEAN WildCardsPermissible
,
3383 IN BOOLEAN PathNamePermissible
,
3384 IN BOOLEAN LeadingBackslashPermissible
3390 FsRtlIsHpfsDbcsLegal (
3391 IN ANSI_STRING DbcsName
,
3392 IN BOOLEAN WildCardsPermissible
,
3393 IN BOOLEAN PathNamePermissible
,
3394 IN BOOLEAN LeadingBackslashPermissible
3400 FsRtlIsNameInExpression (
3401 IN PUNICODE_STRING Expression
,
3402 IN PUNICODE_STRING Name
,
3403 IN BOOLEAN IgnoreCase
,
3404 IN PWCHAR UpcaseTable OPTIONAL
3410 FsRtlIsNtstatusExpected (
3411 IN NTSTATUS Ntstatus
3414 #define NLS_OEM_LEAD_BYTE_INFO NlsOemLeadByteInfo
3416 extern PUSHORT NlsOemLeadByteInfo
;
3418 #define FsRtlIsLeadDbcsCharacter(DBCS_CHAR) ( \
3419 (BOOLEAN)((UCHAR)(DBCS_CHAR) < 0x80 ? FALSE : \
3420 (NLS_MB_CODE_PAGE_TAG && \
3421 (NLS_OEM_LEAD_BYTE_INFO[(UCHAR)(DBCS_CHAR)] != 0))) \
3424 #define FsRtlIsUnicodeCharacterWild(C) ( \
3427 FlagOn(FsRtlLegalAnsiCharacterArray[(C)], FSRTL_WILD_CHARACTER )) \
3433 FsRtlLookupBaseMcbEntry (
3436 OUT PLONGLONG Lbn OPTIONAL
,
3437 OUT PLONGLONG SectorCountFromLbn OPTIONAL
,
3438 OUT PLONGLONG StartingLbn OPTIONAL
,
3439 OUT PLONGLONG SectorCountFromStartingLbn OPTIONAL
,
3440 OUT PULONG Index OPTIONAL
3446 FsRtlLookupLargeMcbEntry (
3449 OUT PLONGLONG Lbn OPTIONAL
,
3450 OUT PLONGLONG SectorCountFromLbn OPTIONAL
,
3451 OUT PLONGLONG StartingLbn OPTIONAL
,
3452 OUT PLONGLONG SectorCountFromStartingLbn OPTIONAL
,
3453 OUT PULONG Index OPTIONAL
3459 FsRtlLookupLastBaseMcbEntry (
3468 FsRtlLookupLastLargeMcbEntry (
3477 FsRtlLookupLastMcbEntry (
3486 FsRtlLookupLastBaseMcbEntryAndIndex (
3487 IN PBASE_MCB OpaqueMcb
,
3488 IN OUT PLONGLONG LargeVbn
,
3489 IN OUT PLONGLONG LargeLbn
,
3496 FsRtlLookupLastLargeMcbEntryAndIndex (
3497 IN PLARGE_MCB OpaqueMcb
,
3498 OUT PLONGLONG LargeVbn
,
3499 OUT PLONGLONG LargeLbn
,
3506 FsRtlLookupMcbEntry (
3510 OUT PULONG SectorCount OPTIONAL
,
3515 PFSRTL_PER_STREAM_CONTEXT
3517 FsRtlLookupPerStreamContextInternal (
3518 IN PFSRTL_ADVANCED_FCB_HEADER StreamContext
,
3519 IN PVOID OwnerId OPTIONAL
,
3520 IN PVOID InstanceId OPTIONAL
3527 IN PFILE_OBJECT FileObject
,
3528 IN PLARGE_INTEGER FileOffset
,
3532 OUT PIO_STATUS_BLOCK IoStatus
,
3533 IN PDEVICE_OBJECT DeviceObject
3539 FsRtlMdlReadComplete (
3540 IN PFILE_OBJECT FileObject
,
3547 FsRtlMdlReadCompleteDev (
3548 IN PFILE_OBJECT FileObject
,
3550 IN PDEVICE_OBJECT DeviceObject
3556 FsRtlPrepareMdlWriteDev (
3557 IN PFILE_OBJECT FileObject
,
3558 IN PLARGE_INTEGER FileOffset
,
3562 OUT PIO_STATUS_BLOCK IoStatus
,
3563 IN PDEVICE_OBJECT DeviceObject
3569 FsRtlMdlWriteComplete (
3570 IN PFILE_OBJECT FileObject
,
3571 IN PLARGE_INTEGER FileOffset
,
3578 FsRtlMdlWriteCompleteDev (
3579 IN PFILE_OBJECT FileObject
,
3580 IN PLARGE_INTEGER FileOffset
,
3582 IN PDEVICE_OBJECT DeviceObject
3588 FsRtlNormalizeNtstatus (
3589 IN NTSTATUS Exception
,
3590 IN NTSTATUS GenericException
3596 FsRtlNotifyChangeDirectory (
3597 IN PNOTIFY_SYNC NotifySync
,
3599 IN PSTRING FullDirectoryName
,
3600 IN PLIST_ENTRY NotifyList
,
3601 IN BOOLEAN WatchTree
,
3602 IN ULONG CompletionFilter
,
3609 FsRtlNotifyCleanup (
3610 IN PNOTIFY_SYNC NotifySync
,
3611 IN PLIST_ENTRY NotifyList
,
3615 typedef BOOLEAN (NTAPI
*PCHECK_FOR_TRAVERSE_ACCESS
) (
3616 IN PVOID NotifyContext
,
3617 IN PVOID TargetContext
,
3618 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
3624 FsRtlNotifyFilterChangeDirectory (
3625 IN PNOTIFY_SYNC NotifySync
,
3626 IN PLIST_ENTRY NotifyList
,
3628 IN PSTRING FullDirectoryName
,
3629 IN BOOLEAN WatchTree
,
3630 IN BOOLEAN IgnoreBuffer
,
3631 IN ULONG CompletionFilter
,
3633 IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL
,
3634 IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL
,
3635 IN PFILTER_REPORT_CHANGE FilterCallback OPTIONAL
);
3640 FsRtlNotifyFilterReportChange (
3641 IN PNOTIFY_SYNC NotifySync
,
3642 IN PLIST_ENTRY NotifyList
,
3643 IN PSTRING FullTargetName
,
3644 IN USHORT TargetNameOffset
,
3645 IN PSTRING StreamName OPTIONAL
,
3646 IN PSTRING NormalizedParentName OPTIONAL
,
3647 IN ULONG FilterMatch
,
3649 IN PVOID TargetContext
,
3650 IN PVOID FilterContext
);
3655 FsRtlNotifyFullChangeDirectory (
3656 IN PNOTIFY_SYNC NotifySync
,
3657 IN PLIST_ENTRY NotifyList
,
3659 IN PSTRING FullDirectoryName
,
3660 IN BOOLEAN WatchTree
,
3661 IN BOOLEAN IgnoreBuffer
,
3662 IN ULONG CompletionFilter
,
3664 IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL
,
3665 IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL
3671 FsRtlNotifyFullReportChange (
3672 IN PNOTIFY_SYNC NotifySync
,
3673 IN PLIST_ENTRY NotifyList
,
3674 IN PSTRING FullTargetName
,
3675 IN USHORT TargetNameOffset
,
3676 IN PSTRING StreamName OPTIONAL
,
3677 IN PSTRING NormalizedParentName OPTIONAL
,
3678 IN ULONG FilterMatch
,
3680 IN PVOID TargetContext
3686 FsRtlNotifyInitializeSync (
3687 IN PNOTIFY_SYNC
*NotifySync
3693 FsRtlNotifyUninitializeSync (
3694 IN PNOTIFY_SYNC
*NotifySync
3697 #if (VER_PRODUCTBUILD >= 2195)
3702 FsRtlNotifyVolumeEvent (
3703 IN PFILE_OBJECT FileObject
,
3707 #endif /* (VER_PRODUCTBUILD >= 2195) */
3712 FsRtlNumberOfRunsInBaseMcb (
3719 FsRtlNumberOfRunsInLargeMcb (
3726 FsRtlNumberOfRunsInMcb (
3742 FsRtlOplockIsFastIoPossible (
3747 (NTAPI
*PFSRTL_STACK_OVERFLOW_ROUTINE
) (
3755 FsRtlPostPagingFileStackOverflow (
3758 IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine
3764 FsRtlPostStackOverflow (
3767 IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine
3773 ret: IoStatus->Status: STATUS_PENDING, STATUS_LOCK_NOT_GRANTED
3776 -Calls IoCompleteRequest if Irp
3777 -Uses exception handling / ExRaiseStatus with STATUS_INSUFFICIENT_RESOURCES
3783 IN PFILE_LOCK FileLock
,
3784 IN PFILE_OBJECT FileObject
,
3785 IN PLARGE_INTEGER FileOffset
,
3786 IN PLARGE_INTEGER Length
,
3787 IN PEPROCESS Process
,
3789 IN BOOLEAN FailImmediately
,
3790 IN BOOLEAN ExclusiveLock
,
3791 OUT PIO_STATUS_BLOCK IoStatus
,
3792 IN PIRP Irp OPTIONAL
,
3794 IN BOOLEAN AlreadySynchronized
3798 FsRtlProcessFileLock:
3801 -STATUS_INVALID_DEVICE_REQUEST
3802 -STATUS_RANGE_NOT_LOCKED from unlock routines.
3803 -STATUS_PENDING, STATUS_LOCK_NOT_GRANTED from FsRtlPrivateLock
3804 (redirected IoStatus->Status).
3807 -switch ( Irp->CurrentStackLocation->MinorFunction )
3808 lock: return FsRtlPrivateLock;
3809 unlocksingle: return FsRtlFastUnlockSingle;
3810 unlockall: return FsRtlFastUnlockAll;
3811 unlockallbykey: return FsRtlFastUnlockAllByKey;
3812 default: IofCompleteRequest with STATUS_INVALID_DEVICE_REQUEST;
3813 return STATUS_INVALID_DEVICE_REQUEST;
3815 -'AllwaysZero' is passed thru as 'AllwaysZero' to lock / unlock routines.
3816 -'Irp' is passet thru as 'Irp' to FsRtlPrivateLock.
3821 FsRtlProcessFileLock (
3822 IN PFILE_LOCK FileLock
,
3824 IN PVOID Context OPTIONAL
3830 FsRtlRegisterUncProvider (
3831 IN OUT PHANDLE MupHandle
,
3832 IN PUNICODE_STRING RedirectorDeviceName
,
3833 IN BOOLEAN MailslotsSupported
3839 FsRtlRemoveBaseMcbEntry (
3842 IN LONGLONG SectorCount
3848 FsRtlRemoveLargeMcbEntry (
3851 IN LONGLONG SectorCount
3857 FsRtlRemoveMcbEntry (
3860 IN ULONG SectorCount
3864 PFSRTL_PER_STREAM_CONTEXT
3866 FsRtlRemovePerStreamContext (
3867 IN PFSRTL_ADVANCED_FCB_HEADER StreamContext
,
3868 IN PVOID OwnerId OPTIONAL
,
3869 IN PVOID InstanceId OPTIONAL
3882 FsRtlResetLargeMcb (
3884 IN BOOLEAN SelfSynchronized
3899 FsRtlSplitLargeMcb (
3905 #define FsRtlSupportsPerStreamContexts(FO) ( \
3906 (BOOLEAN)((NULL != FsRtlGetPerStreamContextPointer(FO) && \
3907 FlagOn(FsRtlGetPerStreamContextPointer(FO)->Flags2, \
3908 FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS)) \
3914 FsRtlTruncateBaseMcb (
3922 FsRtlTruncateLargeMcb (
3938 FsRtlUninitializeBaseMcb (
3945 FsRtlUninitializeFileLock (
3946 IN PFILE_LOCK FileLock
3952 FsRtlUninitializeLargeMcb (
3959 FsRtlUninitializeMcb (
3966 FsRtlUninitializeOplock (
3967 IN OUT POPLOCK Oplock
3973 KeSetIdealProcessorThread(
3974 IN OUT PKTHREAD Thread
,
3981 IoAttachDeviceToDeviceStackSafe(
3982 IN PDEVICE_OBJECT SourceDevice
,
3983 IN PDEVICE_OBJECT TargetDevice
,
3984 OUT PDEVICE_OBJECT
*AttachedToDeviceObject
3990 IoAcquireVpbSpinLock (
3997 IoCheckDesiredAccess (
3998 IN OUT PACCESS_MASK DesiredAccess
,
3999 IN ACCESS_MASK GrantedAccess
4005 IoCheckEaBufferValidity (
4006 IN PFILE_FULL_EA_INFORMATION EaBuffer
,
4008 OUT PULONG ErrorOffset
4014 IoCheckFunctionAccess (
4015 IN ACCESS_MASK GrantedAccess
,
4016 IN UCHAR MajorFunction
,
4017 IN UCHAR MinorFunction
,
4018 IN ULONG IoControlCode
,
4019 IN PVOID Argument1 OPTIONAL
,
4020 IN PVOID Argument2 OPTIONAL
4023 #if (VER_PRODUCTBUILD >= 2195)
4028 IoCheckQuotaBufferValidity (
4029 IN PFILE_QUOTA_INFORMATION QuotaBuffer
,
4030 IN ULONG QuotaLength
,
4031 OUT PULONG ErrorOffset
4034 #endif /* (VER_PRODUCTBUILD >= 2195) */
4039 IoCreateStreamFileObject (
4040 IN PFILE_OBJECT FileObject OPTIONAL
,
4041 IN PDEVICE_OBJECT DeviceObject OPTIONAL
4044 #if (VER_PRODUCTBUILD >= 2195)
4049 IoCreateStreamFileObjectLite (
4050 IN PFILE_OBJECT FileObject OPTIONAL
,
4051 IN PDEVICE_OBJECT DeviceObject OPTIONAL
4054 #endif /* (VER_PRODUCTBUILD >= 2195) */
4059 IoFastQueryNetworkAttributes (
4060 IN POBJECT_ATTRIBUTES ObjectAttributes
,
4061 IN ACCESS_MASK DesiredAccess
,
4062 IN ULONG OpenOptions
,
4063 OUT PIO_STATUS_BLOCK IoStatus
,
4064 OUT PFILE_NETWORK_OPEN_INFORMATION Buffer
4070 IoGetAttachedDevice (
4071 IN PDEVICE_OBJECT DeviceObject
4077 IoGetBaseFileSystemDeviceObject (
4078 IN PFILE_OBJECT FileObject
4081 #if (VER_PRODUCTBUILD >= 2600)
4086 IoGetDeviceAttachmentBaseRef (
4087 IN PDEVICE_OBJECT DeviceObject
4093 IoGetDiskDeviceObject (
4094 IN PDEVICE_OBJECT FileSystemDeviceObject
,
4095 OUT PDEVICE_OBJECT
*DiskDeviceObject
4101 IoGetLowerDeviceObject (
4102 IN PDEVICE_OBJECT DeviceObject
4105 #endif /* (VER_PRODUCTBUILD >= 2600) */
4110 IoGetRequestorProcess (
4114 #if (VER_PRODUCTBUILD >= 2195)
4119 IoGetRequestorProcessId (
4123 #endif /* (VER_PRODUCTBUILD >= 2195) */
4132 #define IoIsFileOpenedExclusively(FileObject) ( \
4134 (FileObject)->SharedRead || \
4135 (FileObject)->SharedWrite || \
4136 (FileObject)->SharedDelete \
4143 IoIsOperationSynchronous (
4154 #if (VER_PRODUCTBUILD >= 2195)
4159 IoIsValidNameGraftingBuffer (
4161 IN PREPARSE_DATA_BUFFER ReparseBuffer
4164 #endif /* (VER_PRODUCTBUILD >= 2195) */
4170 IN PFILE_OBJECT FileObject
,
4172 IN PLARGE_INTEGER Offset
,
4174 OUT PIO_STATUS_BLOCK IoStatusBlock
4180 IoQueryFileInformation (
4181 IN PFILE_OBJECT FileObject
,
4182 IN FILE_INFORMATION_CLASS FileInformationClass
,
4184 OUT PVOID FileInformation
,
4185 OUT PULONG ReturnedLength
4191 IoQueryVolumeInformation (
4192 IN PFILE_OBJECT FileObject
,
4193 IN FS_INFORMATION_CLASS FsInformationClass
,
4195 OUT PVOID FsInformation
,
4196 OUT PULONG ReturnedLength
4209 IoRegisterFileSystem (
4210 IN OUT PDEVICE_OBJECT DeviceObject
4213 #if (VER_PRODUCTBUILD >= 1381)
4215 typedef VOID (NTAPI
*PDRIVER_FS_NOTIFICATION
) (
4216 IN PDEVICE_OBJECT DeviceObject
,
4217 IN BOOLEAN DriverActive
4223 IoRegisterFsRegistrationChange (
4224 IN PDRIVER_OBJECT DriverObject
,
4225 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
4228 #endif /* (VER_PRODUCTBUILD >= 1381) */
4233 IoReleaseVpbSpinLock (
4240 IoSetDeviceToVerify (
4242 IN PDEVICE_OBJECT DeviceObject
4249 IN PFILE_OBJECT FileObject
,
4250 IN FILE_INFORMATION_CLASS FileInformationClass
,
4252 IN PVOID FileInformation
4265 IoSynchronousPageWrite (
4266 IN PFILE_OBJECT FileObject
,
4268 IN PLARGE_INTEGER FileOffset
,
4270 OUT PIO_STATUS_BLOCK IoStatusBlock
4283 IoUnregisterFileSystem (
4284 IN OUT PDEVICE_OBJECT DeviceObject
4287 #if (VER_PRODUCTBUILD >= 1381)
4292 IoUnregisterFsRegistrationChange (
4293 IN PDRIVER_OBJECT DriverObject
,
4294 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
4297 #endif /* (VER_PRODUCTBUILD >= 1381) */
4303 IN PDEVICE_OBJECT DeviceObject
,
4304 IN BOOLEAN AllowRawMount
4307 #if !defined (_M_AMD64)
4312 KeAcquireQueuedSpinLock (
4313 IN KSPIN_LOCK_QUEUE_NUMBER Number
4319 KeReleaseQueuedSpinLock (
4320 IN KSPIN_LOCK_QUEUE_NUMBER Number
,
4327 KeAcquireSpinLockRaiseToSynch(
4328 IN OUT PKSPIN_LOCK SpinLock
4334 KeTryToAcquireQueuedSpinLock(
4335 KSPIN_LOCK_QUEUE_NUMBER Number
,
4343 KeAcquireQueuedSpinLock (
4344 IN KSPIN_LOCK_QUEUE_NUMBER Number
4350 KeReleaseQueuedSpinLock (
4351 IN KSPIN_LOCK_QUEUE_NUMBER Number
,
4357 KeAcquireSpinLockRaiseToSynch(
4358 IN OUT PKSPIN_LOCK SpinLock
4363 KeTryToAcquireQueuedSpinLock(
4364 KSPIN_LOCK_QUEUE_NUMBER Number
,
4373 IN PKPROCESS Process
4388 IN ULONG Count OPTIONAL
4396 IN PLIST_ENTRY Entry
4404 IN PLIST_ENTRY Entry
4419 IN KPROCESSOR_MODE WaitMode
,
4420 IN PLARGE_INTEGER Timeout OPTIONAL
4433 KeInitializeMutant (
4434 IN PRKMUTANT Mutant
,
4435 IN BOOLEAN InitialOwner
4449 IN PRKMUTANT Mutant
,
4450 IN KPRIORITY Increment
,
4451 IN BOOLEAN Abandoned
,
4455 #if (VER_PRODUCTBUILD >= 2195)
4460 KeStackAttachProcess (
4461 IN PKPROCESS Process
,
4462 OUT PKAPC_STATE ApcState
4468 KeUnstackDetachProcess (
4469 IN PKAPC_STATE ApcState
4472 #endif /* (VER_PRODUCTBUILD >= 2195) */
4477 KeSetKernelStackSwapEnable(
4484 MmCanFileBeTruncated (
4485 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
4486 IN PLARGE_INTEGER NewFileSize
4492 MmFlushImageSection (
4493 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
4494 IN MMFLUSH_TYPE FlushType
4500 MmForceSectionClosed (
4501 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
4502 IN BOOLEAN DelayClose
4505 #if (VER_PRODUCTBUILD >= 1381)
4510 MmIsRecursiveIoFault (
4516 #define MmIsRecursiveIoFault() ( \
4517 (PsGetCurrentThread()->DisablePageFaultClustering) | \
4518 (PsGetCurrentThread()->ForwardClusterOnly) \
4527 MmSetAddressRangeModified (
4536 IN KPROCESSOR_MODE ObjectAttributesAccessMode OPTIONAL
,
4537 IN POBJECT_TYPE ObjectType
,
4538 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
4539 IN KPROCESSOR_MODE AccessMode
,
4540 IN OUT PVOID ParseContext OPTIONAL
,
4541 IN ULONG ObjectSize
,
4542 IN ULONG PagedPoolCharge OPTIONAL
,
4543 IN ULONG NonPagedPoolCharge OPTIONAL
,
4550 ObGetObjectPointerCount (
4554 #if (NTDDI_VERSION >= NTDDI_WIN2K)
4561 IN PACCESS_STATE PassedAccessState OPTIONAL
,
4562 IN ACCESS_MASK DesiredAccess OPTIONAL
,
4563 IN ULONG ObjectPointerBias
,
4564 OUT PVOID
*NewObject OPTIONAL
,
4565 OUT PHANDLE Handle OPTIONAL
);
4570 ObOpenObjectByPointer (
4572 IN ULONG HandleAttributes
,
4573 IN PACCESS_STATE PassedAccessState OPTIONAL
,
4574 IN ACCESS_MASK DesiredAccess OPTIONAL
,
4575 IN POBJECT_TYPE ObjectType OPTIONAL
,
4576 IN KPROCESSOR_MODE AccessMode
,
4577 OUT PHANDLE Handle
);
4582 ObMakeTemporaryObject (
4588 ObQueryObjectAuditingByHandle (
4590 OUT PBOOLEAN GenerateOnClose
);
4599 OUT POBJECT_NAME_INFORMATION ObjectNameInfo
,
4601 OUT PULONG ReturnLength
4607 ObReferenceObjectByName (
4608 IN PUNICODE_STRING ObjectName
,
4609 IN ULONG Attributes
,
4610 IN PACCESS_STATE PassedAccessState OPTIONAL
,
4611 IN ACCESS_MASK DesiredAccess OPTIONAL
,
4612 IN POBJECT_TYPE ObjectType
,
4613 IN KPROCESSOR_MODE AccessMode
,
4614 IN OUT PVOID ParseContext OPTIONAL
,
4621 PsAssignImpersonationToken (
4630 IN PEPROCESS Process
,
4631 IN POOL_TYPE PoolType
,
4638 PsChargeProcessPoolQuota (
4639 IN PEPROCESS Process
,
4640 IN POOL_TYPE PoolType
,
4644 #define PsDereferenceImpersonationToken(T) \
4645 {if (ARGUMENT_PRESENT(T)) { \
4646 (ObDereferenceObject((T))); \
4652 #define PsDereferencePrimaryToken(T) (ObDereferenceObject((T)))
4657 PsDisableImpersonation(
4659 IN PSE_IMPERSONATION_STATE ImpersonationState
4665 PsGetProcessExitTime (
4672 PsImpersonateClient(
4674 IN PACCESS_TOKEN Token
,
4675 IN BOOLEAN CopyOnOpen
,
4676 IN BOOLEAN EffectiveOnly
,
4677 IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
4690 PsIsThreadTerminating (
4697 PsLookupProcessByProcessId (
4698 IN HANDLE ProcessId
,
4699 OUT PEPROCESS
*Process
4705 PsLookupProcessThreadByCid (
4707 OUT PEPROCESS
*Process OPTIONAL
,
4708 OUT PETHREAD
*Thread
4714 PsLookupThreadByThreadId (
4715 IN HANDLE UniqueThreadId
,
4716 OUT PETHREAD
*Thread
4722 PsReferenceImpersonationToken (
4724 OUT PBOOLEAN CopyOnUse
,
4725 OUT PBOOLEAN EffectiveOnly
,
4726 OUT PSECURITY_IMPERSONATION_LEVEL Level
4732 PsReferencePrimaryToken (
4733 IN PEPROCESS Process
4739 PsRestoreImpersonation(
4741 IN PSE_IMPERSONATION_STATE ImpersonationState
4748 IN PEPROCESS Process
,
4749 IN POOL_TYPE PoolType
,
4763 RtlAbsoluteToSelfRelativeSD (
4764 IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor
,
4765 IN OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor
,
4766 IN PULONG BufferLength
4773 IN HANDLE HeapHandle
,
4781 RtlAppendStringToString(
4782 PSTRING Destination
,
4783 const STRING
*Source
4789 RtlCaptureStackBackTrace (
4790 IN ULONG FramesToSkip
,
4791 IN ULONG FramesToCapture
,
4792 OUT PVOID
*BackTrace
,
4793 OUT PULONG BackTraceHash OPTIONAL
4799 RtlCompareMemoryUlong (
4809 IN USHORT CompressionFormatAndEngine
,
4810 IN PUCHAR UncompressedBuffer
,
4811 IN ULONG UncompressedBufferSize
,
4812 OUT PUCHAR CompressedBuffer
,
4813 IN ULONG CompressedBufferSize
,
4814 IN ULONG UncompressedChunkSize
,
4815 OUT PULONG FinalCompressedSize
,
4823 IN PUCHAR UncompressedBuffer
,
4824 IN ULONG UncompressedBufferSize
,
4825 OUT PUCHAR CompressedBuffer
,
4826 IN ULONG CompressedBufferSize
,
4827 IN OUT PCOMPRESSED_DATA_INFO CompressedDataInfo
,
4828 IN ULONG CompressedDataInfoLength
,
4835 RtlConvertSidToUnicodeString (
4836 OUT PUNICODE_STRING DestinationString
,
4838 IN BOOLEAN AllocateDestinationString
4846 IN PSID Destination
,
4853 RtlCreateUnicodeString(
4854 PUNICODE_STRING DestinationString
,
4861 RtlDecompressBuffer (
4862 IN USHORT CompressionFormat
,
4863 OUT PUCHAR UncompressedBuffer
,
4864 IN ULONG UncompressedBufferSize
,
4865 IN PUCHAR CompressedBuffer
,
4866 IN ULONG CompressedBufferSize
,
4867 OUT PULONG FinalUncompressedSize
4873 RtlDecompressChunks (
4874 OUT PUCHAR UncompressedBuffer
,
4875 IN ULONG UncompressedBufferSize
,
4876 IN PUCHAR CompressedBuffer
,
4877 IN ULONG CompressedBufferSize
,
4878 IN PUCHAR CompressedTail
,
4879 IN ULONG CompressedTailSize
,
4880 IN PCOMPRESSED_DATA_INFO CompressedDataInfo
4886 RtlDecompressFragment (
4887 IN USHORT CompressionFormat
,
4888 OUT PUCHAR UncompressedFragment
,
4889 IN ULONG UncompressedFragmentSize
,
4890 IN PUCHAR CompressedBuffer
,
4891 IN ULONG CompressedBufferSize
,
4892 IN ULONG FragmentOffset
,
4893 OUT PULONG FinalUncompressedSize
,
4901 IN USHORT CompressionFormat
,
4902 IN OUT PUCHAR
*CompressedBuffer
,
4903 IN PUCHAR EndOfCompressedBufferPlus1
,
4904 OUT PUCHAR
*ChunkBuffer
,
4905 OUT PULONG ChunkSize
4911 RtlDowncaseUnicodeString(
4912 IN OUT PUNICODE_STRING UniDest
,
4913 IN PCUNICODE_STRING UniSource
,
4914 IN BOOLEAN AllocateDestinationString
4920 RtlDuplicateUnicodeString(
4922 IN PCUNICODE_STRING SourceString
,
4923 OUT PUNICODE_STRING DestinationString
4937 RtlFillMemoryUlong (
4938 IN PVOID Destination
,
4947 IN HANDLE HeapHandle
,
4956 IN POEM_STRING OemString
4962 RtlGenerate8dot3Name (
4963 IN PUNICODE_STRING Name
,
4964 IN BOOLEAN AllowExtendedCharacters
,
4965 IN OUT PGENERATE_NAME_CONTEXT Context
,
4966 OUT PUNICODE_STRING Name8dot3
4972 RtlGetCompressionWorkSpaceSize (
4973 IN USHORT CompressionFormatAndEngine
,
4974 OUT PULONG CompressBufferWorkSpaceSize
,
4975 OUT PULONG CompressFragmentWorkSpaceSize
4981 RtlGetDaclSecurityDescriptor (
4982 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
4983 OUT PBOOLEAN DaclPresent
,
4985 OUT PBOOLEAN DaclDefaulted
4991 RtlGetGroupSecurityDescriptor (
4992 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
4994 OUT PBOOLEAN GroupDefaulted
5000 RtlGetOwnerSecurityDescriptor (
5001 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5003 OUT PBOOLEAN OwnerDefaulted
5011 IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority
,
5012 IN UCHAR SubAuthorityCount
5018 RtlIsNameLegalDOS8Dot3(
5019 IN PCUNICODE_STRING Name
,
5020 IN OUT POEM_STRING OemName OPTIONAL
,
5021 IN OUT PBOOLEAN NameContainsSpaces OPTIONAL
5027 RtlLengthRequiredSid (
5028 IN ULONG SubAuthorityCount
5041 RtlNtStatusToDosError (
5048 RtlxUnicodeStringToOemSize(
5049 PCUNICODE_STRING UnicodeString
5055 RtlxOemStringToUnicodeSize(
5056 PCOEM_STRING OemString
5059 #define RtlOemStringToUnicodeSize(STRING) ( \
5060 NLS_MB_OEM_CODE_PAGE_TAG ? \
5061 RtlxOemStringToUnicodeSize(STRING) : \
5062 ((STRING)->Length + sizeof(ANSI_NULL)) * sizeof(WCHAR) \
5065 #define RtlOemStringToCountedUnicodeSize(STRING) ( \
5066 (ULONG)(RtlOemStringToUnicodeSize(STRING) - sizeof(UNICODE_NULL)) \
5073 RtlOemStringToUnicodeString(
5074 IN OUT PUNICODE_STRING DestinationString
,
5075 IN PCOEM_STRING SourceString
,
5076 IN BOOLEAN AllocateDestinationString
5082 RtlUnicodeStringToOemString(
5083 IN OUT POEM_STRING DestinationString
,
5084 IN PCUNICODE_STRING SourceString
,
5085 IN BOOLEAN AllocateDestinationString
5091 RtlOemStringToCountedUnicodeString(
5092 IN OUT PUNICODE_STRING DestinationString
,
5093 IN PCOEM_STRING SourceString
,
5094 IN BOOLEAN AllocateDestinationString
5100 RtlUnicodeStringToCountedOemString(
5101 IN OUT POEM_STRING DestinationString
,
5102 IN PCUNICODE_STRING SourceString
,
5103 IN BOOLEAN AllocateDestinationString
5110 IN USHORT CompressionFormat
,
5111 IN OUT PUCHAR
*CompressedBuffer
,
5112 IN PUCHAR EndOfCompressedBufferPlus1
,
5113 OUT PUCHAR
*ChunkBuffer
,
5120 RtlSecondsSince1970ToTime (
5121 IN ULONG SecondsSince1970
,
5122 OUT PLARGE_INTEGER Time
5128 RtlSetGroupSecurityDescriptor (
5129 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
5131 IN BOOLEAN GroupDefaulted
5137 RtlSetOwnerSecurityDescriptor (
5138 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
5140 IN BOOLEAN OwnerDefaulted
5146 RtlSetSaclSecurityDescriptor (
5147 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
5148 IN BOOLEAN SaclPresent
,
5150 IN BOOLEAN SaclDefaulted
5156 RtlSubAuthorityCountSid (
5163 RtlSubAuthoritySid (
5165 IN ULONG SubAuthority
5171 RtlUnicodeStringToCountedOemString (
5172 IN OUT POEM_STRING DestinationString
,
5173 IN PCUNICODE_STRING SourceString
,
5174 IN BOOLEAN AllocateDestinationString
5180 RtlUnicodeToMultiByteN(
5181 OUT PCHAR MultiByteString
,
5182 IN ULONG MaxBytesInMultiByteString
,
5183 OUT PULONG BytesInMultiByteString OPTIONAL
,
5184 IN PWCH UnicodeString
,
5185 IN ULONG BytesInUnicodeString
5192 OUT PWSTR UnicodeString
,
5193 IN ULONG MaxBytesInUnicodeString
,
5194 OUT PULONG BytesInUnicodeString OPTIONAL
,
5196 IN ULONG BytesInOemString
5199 /* RTL Splay Tree Functions */
5203 RtlSplay(PRTL_SPLAY_LINKS Links
);
5208 RtlDelete(PRTL_SPLAY_LINKS Links
);
5214 PRTL_SPLAY_LINKS Links
,
5215 PRTL_SPLAY_LINKS
*Root
5221 RtlSubtreeSuccessor(PRTL_SPLAY_LINKS Links
);
5226 RtlSubtreePredecessor(PRTL_SPLAY_LINKS Links
);
5231 RtlRealSuccessor(PRTL_SPLAY_LINKS Links
);
5236 RtlRealPredecessor(PRTL_SPLAY_LINKS Links
);
5238 #define RtlIsLeftChild(Links) \
5239 (RtlLeftChild(RtlParent(Links)) == (PRTL_SPLAY_LINKS)(Links))
5241 #define RtlIsRightChild(Links) \
5242 (RtlRightChild(RtlParent(Links)) == (PRTL_SPLAY_LINKS)(Links))
5244 #define RtlRightChild(Links) \
5245 ((PRTL_SPLAY_LINKS)(Links))->RightChild
5247 #define RtlIsRoot(Links) \
5248 (RtlParent(Links) == (PRTL_SPLAY_LINKS)(Links))
5250 #define RtlLeftChild(Links) \
5251 ((PRTL_SPLAY_LINKS)(Links))->LeftChild
5253 #define RtlParent(Links) \
5254 ((PRTL_SPLAY_LINKS)(Links))->Parent
5256 #define RtlInitializeSplayLinks(Links) \
5258 PRTL_SPLAY_LINKS _SplayLinks; \
5259 _SplayLinks = (PRTL_SPLAY_LINKS)(Links); \
5260 _SplayLinks->Parent = _SplayLinks; \
5261 _SplayLinks->LeftChild = NULL; \
5262 _SplayLinks->RightChild = NULL; \
5265 #define RtlInsertAsLeftChild(ParentLinks,ChildLinks) \
5267 PRTL_SPLAY_LINKS _SplayParent; \
5268 PRTL_SPLAY_LINKS _SplayChild; \
5269 _SplayParent = (PRTL_SPLAY_LINKS)(ParentLinks); \
5270 _SplayChild = (PRTL_SPLAY_LINKS)(ChildLinks); \
5271 _SplayParent->LeftChild = _SplayChild; \
5272 _SplayChild->Parent = _SplayParent; \
5275 #define RtlInsertAsRightChild(ParentLinks,ChildLinks) \
5277 PRTL_SPLAY_LINKS _SplayParent; \
5278 PRTL_SPLAY_LINKS _SplayChild; \
5279 _SplayParent = (PRTL_SPLAY_LINKS)(ParentLinks); \
5280 _SplayChild = (PRTL_SPLAY_LINKS)(ChildLinks); \
5281 _SplayParent->RightChild = _SplayChild; \
5282 _SplayChild->Parent = _SplayParent; \
5293 // RTL time functions
5299 RtlTimeToSecondsSince1980 (
5300 PLARGE_INTEGER Time
,
5301 PULONG ElapsedSeconds
5307 RtlSecondsSince1980ToTime (
5308 ULONG ElapsedSeconds
,
5315 RtlTimeToSecondsSince1970 (
5316 PLARGE_INTEGER Time
,
5317 PULONG ElapsedSeconds
5323 RtlSecondsSince1970ToTime (
5324 ULONG ElapsedSeconds
,
5331 SeAppendPrivileges (
5332 PACCESS_STATE AccessState
,
5333 PPRIVILEGE_SET Privileges
5339 SeAuditingFileEvents (
5340 IN BOOLEAN AccessGranted
,
5341 IN PSECURITY_DESCRIPTOR SecurityDescriptor
5347 SeAuditingFileOrGlobalEvents (
5348 IN BOOLEAN AccessGranted
,
5349 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5350 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
5356 SeCaptureSubjectContext (
5357 OUT PSECURITY_SUBJECT_CONTEXT SubjectContext
5363 SeCreateClientSecurity (
5365 IN PSECURITY_QUALITY_OF_SERVICE QualityOfService
,
5366 IN BOOLEAN RemoteClient
,
5367 OUT PSECURITY_CLIENT_CONTEXT ClientContext
5370 #if (VER_PRODUCTBUILD >= 2195)
5375 SeCreateClientSecurityFromSubjectContext (
5376 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
,
5377 IN PSECURITY_QUALITY_OF_SERVICE QualityOfService
,
5378 IN BOOLEAN ServerIsRemote
,
5379 OUT PSECURITY_CLIENT_CONTEXT ClientContext
5382 #endif /* (VER_PRODUCTBUILD >= 2195) */
5385 #define SeLengthSid( Sid ) \
5386 (8 + (4 * ((SID *)Sid)->SubAuthorityCount))
5388 #define SeDeleteClientSecurity(C) { \
5389 if (SeTokenType((C)->ClientToken) == TokenPrimary) { \
5390 PsDereferencePrimaryToken( (C)->ClientToken ); \
5392 PsDereferenceImpersonationToken( (C)->ClientToken ); \
5399 SeDeleteObjectAuditAlarm (
5404 #define SeEnableAccessToExports() SeExports = *(PSE_EXPORTS *)SeExports;
5410 IN PPRIVILEGE_SET Privileges
5416 SeImpersonateClient (
5417 IN PSECURITY_CLIENT_CONTEXT ClientContext
,
5418 IN PETHREAD ServerThread OPTIONAL
5421 #if (VER_PRODUCTBUILD >= 2195)
5426 SeImpersonateClientEx (
5427 IN PSECURITY_CLIENT_CONTEXT ClientContext
,
5428 IN PETHREAD ServerThread OPTIONAL
5431 #endif /* (VER_PRODUCTBUILD >= 2195) */
5436 SeLockSubjectContext (
5437 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
5443 SeMarkLogonSessionForTerminationNotification (
5450 SeOpenObjectAuditAlarm (
5451 IN PUNICODE_STRING ObjectTypeName
,
5452 IN PVOID Object OPTIONAL
,
5453 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL
,
5454 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5455 IN PACCESS_STATE AccessState
,
5456 IN BOOLEAN ObjectCreated
,
5457 IN BOOLEAN AccessGranted
,
5458 IN KPROCESSOR_MODE AccessMode
,
5459 OUT PBOOLEAN GenerateOnClose
5465 SeOpenObjectForDeleteAuditAlarm (
5466 IN PUNICODE_STRING ObjectTypeName
,
5467 IN PVOID Object OPTIONAL
,
5468 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL
,
5469 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5470 IN PACCESS_STATE AccessState
,
5471 IN BOOLEAN ObjectCreated
,
5472 IN BOOLEAN AccessGranted
,
5473 IN KPROCESSOR_MODE AccessMode
,
5474 OUT PBOOLEAN GenerateOnClose
5481 IN OUT PPRIVILEGE_SET RequiredPrivileges
,
5482 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
,
5483 IN KPROCESSOR_MODE AccessMode
5489 SeQueryAuthenticationIdToken (
5490 IN PACCESS_TOKEN Token
,
5494 #if (VER_PRODUCTBUILD >= 2195)
5499 SeQueryInformationToken (
5500 IN PACCESS_TOKEN Token
,
5501 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
5502 OUT PVOID
*TokenInformation
5505 #endif /* (VER_PRODUCTBUILD >= 2195) */
5510 SeQuerySecurityDescriptorInfo (
5511 IN PSECURITY_INFORMATION SecurityInformation
,
5512 OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
5513 IN OUT PULONG Length
,
5514 IN PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
5517 #if (VER_PRODUCTBUILD >= 2195)
5522 SeQuerySessionIdToken (
5523 IN PACCESS_TOKEN Token
,
5527 #endif /* (VER_PRODUCTBUILD >= 2195) */
5529 #define SeQuerySubjectContextToken( SubjectContext ) \
5530 ( ARGUMENT_PRESENT( \
5531 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken \
5533 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken : \
5534 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->PrimaryToken )
5536 typedef NTSTATUS (NTAPI
*PSE_LOGON_SESSION_TERMINATED_ROUTINE
) (
5543 SeRegisterLogonSessionTerminatedRoutine (
5544 IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
5550 SeReleaseSubjectContext (
5551 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
5557 SeSetAccessStateGenericMapping (
5558 PACCESS_STATE AccessState
,
5559 PGENERIC_MAPPING GenericMapping
5565 SeSetSecurityDescriptorInfo (
5566 IN PVOID Object OPTIONAL
,
5567 IN PSECURITY_INFORMATION SecurityInformation
,
5568 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5569 IN OUT PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
,
5570 IN POOL_TYPE PoolType
,
5571 IN PGENERIC_MAPPING GenericMapping
5574 #if (VER_PRODUCTBUILD >= 2195)
5579 SeSetSecurityDescriptorInfoEx (
5580 IN PVOID Object OPTIONAL
,
5581 IN PSECURITY_INFORMATION SecurityInformation
,
5582 IN PSECURITY_DESCRIPTOR ModificationDescriptor
,
5583 IN OUT PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
,
5584 IN ULONG AutoInheritFlags
,
5585 IN POOL_TYPE PoolType
,
5586 IN PGENERIC_MAPPING GenericMapping
5593 IN PACCESS_TOKEN Token
5599 SeTokenIsRestricted (
5600 IN PACCESS_TOKEN Token
5606 SeLocateProcessImageName(
5607 IN PEPROCESS Process
,
5608 OUT PUNICODE_STRING
*pImageFileName
5611 #endif /* (VER_PRODUCTBUILD >= 2195) */
5617 IN PACCESS_TOKEN Token
5623 SeUnlockSubjectContext (
5624 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
5630 SeUnregisterLogonSessionTerminatedRoutine (
5631 IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
5634 #if (VER_PRODUCTBUILD >= 2195)
5639 ZwAdjustPrivilegesToken (
5640 IN HANDLE TokenHandle
,
5641 IN BOOLEAN DisableAllPrivileges
,
5642 IN PTOKEN_PRIVILEGES NewState
,
5643 IN ULONG BufferLength
,
5644 OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL
,
5645 OUT PULONG ReturnLength
5648 #endif /* (VER_PRODUCTBUILD >= 2195) */
5654 IN HANDLE ThreadHandle
5660 ZwAllocateVirtualMemory (
5661 IN HANDLE ProcessHandle
,
5662 IN OUT PVOID
*BaseAddress
,
5663 IN ULONG_PTR ZeroBits
,
5664 IN OUT PSIZE_T RegionSize
,
5665 IN ULONG AllocationType
,
5671 NtAccessCheckByTypeAndAuditAlarm(
5672 IN PUNICODE_STRING SubsystemName
,
5674 IN PUNICODE_STRING ObjectTypeName
,
5675 IN PUNICODE_STRING ObjectName
,
5676 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5677 IN PSID PrincipalSelfSid
,
5678 IN ACCESS_MASK DesiredAccess
,
5679 IN AUDIT_EVENT_TYPE AuditType
,
5681 IN POBJECT_TYPE_LIST ObjectTypeList
,
5682 IN ULONG ObjectTypeLength
,
5683 IN PGENERIC_MAPPING GenericMapping
,
5684 IN BOOLEAN ObjectCreation
,
5685 OUT PACCESS_MASK GrantedAccess
,
5686 OUT PNTSTATUS AccessStatus
,
5687 OUT PBOOLEAN GenerateOnClose
5692 NtAccessCheckByTypeResultListAndAuditAlarm(
5693 IN PUNICODE_STRING SubsystemName
,
5695 IN PUNICODE_STRING ObjectTypeName
,
5696 IN PUNICODE_STRING ObjectName
,
5697 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5698 IN PSID PrincipalSelfSid
,
5699 IN ACCESS_MASK DesiredAccess
,
5700 IN AUDIT_EVENT_TYPE AuditType
,
5702 IN POBJECT_TYPE_LIST ObjectTypeList
,
5703 IN ULONG ObjectTypeLength
,
5704 IN PGENERIC_MAPPING GenericMapping
,
5705 IN BOOLEAN ObjectCreation
,
5706 OUT PACCESS_MASK GrantedAccess
,
5707 OUT PNTSTATUS AccessStatus
,
5708 OUT PBOOLEAN GenerateOnClose
5713 NtAccessCheckByTypeResultListAndAuditAlarmByHandle(
5714 IN PUNICODE_STRING SubsystemName
,
5716 IN HANDLE ClientToken
,
5717 IN PUNICODE_STRING ObjectTypeName
,
5718 IN PUNICODE_STRING ObjectName
,
5719 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5720 IN PSID PrincipalSelfSid
,
5721 IN ACCESS_MASK DesiredAccess
,
5722 IN AUDIT_EVENT_TYPE AuditType
,
5724 IN POBJECT_TYPE_LIST ObjectTypeList
,
5725 IN ULONG ObjectTypeLength
,
5726 IN PGENERIC_MAPPING GenericMapping
,
5727 IN BOOLEAN ObjectCreation
,
5728 OUT PACCESS_MASK GrantedAccess
,
5729 OUT PNTSTATUS AccessStatus
,
5730 OUT PBOOLEAN GenerateOnClose
5736 ZwAccessCheckAndAuditAlarm (
5737 IN PUNICODE_STRING SubsystemName
,
5739 IN PUNICODE_STRING ObjectTypeName
,
5740 IN PUNICODE_STRING ObjectName
,
5741 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5742 IN ACCESS_MASK DesiredAccess
,
5743 IN PGENERIC_MAPPING GenericMapping
,
5744 IN BOOLEAN ObjectCreation
,
5745 OUT PACCESS_MASK GrantedAccess
,
5746 OUT PBOOLEAN AccessStatus
,
5747 OUT PBOOLEAN GenerateOnClose
5750 #if (VER_PRODUCTBUILD >= 2195)
5756 IN HANDLE FileHandle
,
5757 OUT PIO_STATUS_BLOCK IoStatusBlock
5760 #endif /* (VER_PRODUCTBUILD >= 2195) */
5766 IN HANDLE EventHandle
5772 ZwCloseObjectAuditAlarm (
5773 IN PUNICODE_STRING SubsystemName
,
5775 IN BOOLEAN GenerateOnClose
5782 OUT PHANDLE SectionHandle
,
5783 IN ACCESS_MASK DesiredAccess
,
5784 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
5785 IN PLARGE_INTEGER MaximumSize OPTIONAL
,
5786 IN ULONG SectionPageProtection
,
5787 IN ULONG AllocationAttributes
,
5788 IN HANDLE FileHandle OPTIONAL
5794 ZwCreateSymbolicLinkObject (
5795 OUT PHANDLE SymbolicLinkHandle
,
5796 IN ACCESS_MASK DesiredAccess
,
5797 IN POBJECT_ATTRIBUTES ObjectAttributes
,
5798 IN PUNICODE_STRING TargetName
5805 IN POBJECT_ATTRIBUTES ObjectAttributes
5813 IN PUNICODE_STRING Name
5817 #if (NTDDI_VERSION >= NTDDI_WIN2K)
5821 ZwDeviceIoControlFile (
5822 IN HANDLE FileHandle
,
5823 IN HANDLE Event OPTIONAL
,
5824 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
5825 IN PVOID ApcContext OPTIONAL
,
5826 OUT PIO_STATUS_BLOCK IoStatusBlock
,
5827 IN ULONG IoControlCode
,
5828 IN PVOID InputBuffer OPTIONAL
,
5829 IN ULONG InputBufferLength
,
5830 OUT PVOID OutputBuffer OPTIONAL
,
5831 IN ULONG OutputBufferLength
);
5838 IN PUNICODE_STRING String
5845 IN HANDLE SourceProcessHandle
,
5846 IN HANDLE SourceHandle
,
5847 IN HANDLE TargetProcessHandle OPTIONAL
,
5848 OUT PHANDLE TargetHandle OPTIONAL
,
5849 IN ACCESS_MASK DesiredAccess
,
5850 IN ULONG HandleAttributes
,
5858 IN HANDLE ExistingTokenHandle
,
5859 IN ACCESS_MASK DesiredAccess
,
5860 IN POBJECT_ATTRIBUTES ObjectAttributes
,
5861 IN BOOLEAN EffectiveOnly
,
5862 IN TOKEN_TYPE TokenType
,
5863 OUT PHANDLE NewTokenHandle
5869 IN HANDLE ExistingTokenHandle
,
5871 IN PTOKEN_GROUPS SidsToDisable OPTIONAL
,
5872 IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL
,
5873 IN PTOKEN_GROUPS RestrictedSids OPTIONAL
,
5874 OUT PHANDLE NewTokenHandle
5880 ZwFlushInstructionCache (
5881 IN HANDLE ProcessHandle
,
5882 IN PVOID BaseAddress OPTIONAL
,
5890 IN HANDLE FileHandle
,
5891 OUT PIO_STATUS_BLOCK IoStatusBlock
5894 #if (VER_PRODUCTBUILD >= 2195)
5899 ZwFlushVirtualMemory (
5900 IN HANDLE ProcessHandle
,
5901 IN OUT PVOID
*BaseAddress
,
5902 IN OUT PULONG FlushSize
,
5903 OUT PIO_STATUS_BLOCK IoStatusBlock
5906 #endif /* (VER_PRODUCTBUILD >= 2195) */
5911 ZwFreeVirtualMemory (
5912 IN HANDLE ProcessHandle
,
5913 IN OUT PVOID
*BaseAddress
,
5914 IN OUT PSIZE_T RegionSize
,
5922 IN HANDLE FileHandle
,
5923 IN HANDLE Event OPTIONAL
,
5924 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
5925 IN PVOID ApcContext OPTIONAL
,
5926 OUT PIO_STATUS_BLOCK IoStatusBlock
,
5927 IN ULONG FsControlCode
,
5928 IN PVOID InputBuffer OPTIONAL
,
5929 IN ULONG InputBufferLength
,
5930 OUT PVOID OutputBuffer OPTIONAL
,
5931 IN ULONG OutputBufferLength
5934 #if (VER_PRODUCTBUILD >= 2195)
5939 ZwInitiatePowerAction (
5940 IN POWER_ACTION SystemAction
,
5941 IN SYSTEM_POWER_STATE MinSystemState
,
5943 IN BOOLEAN Asynchronous
5946 #endif /* (VER_PRODUCTBUILD >= 2195) */
5952 /* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" */
5953 IN PUNICODE_STRING RegistryPath
5960 IN POBJECT_ATTRIBUTES KeyObjectAttributes
,
5961 IN POBJECT_ATTRIBUTES FileObjectAttributes
5968 IN HANDLE KeyHandle
,
5969 IN HANDLE EventHandle OPTIONAL
,
5970 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
5971 IN PVOID ApcContext OPTIONAL
,
5972 OUT PIO_STATUS_BLOCK IoStatusBlock
,
5973 IN ULONG NotifyFilter
,
5974 IN BOOLEAN WatchSubtree
,
5976 IN ULONG BufferLength
,
5977 IN BOOLEAN Asynchronous
5983 ZwOpenDirectoryObject (
5984 OUT PHANDLE DirectoryHandle
,
5985 IN ACCESS_MASK DesiredAccess
,
5986 IN POBJECT_ATTRIBUTES ObjectAttributes
5993 OUT PHANDLE EventHandle
,
5994 IN ACCESS_MASK DesiredAccess
,
5995 IN POBJECT_ATTRIBUTES ObjectAttributes
6002 OUT PHANDLE ProcessHandle
,
6003 IN ACCESS_MASK DesiredAccess
,
6004 IN POBJECT_ATTRIBUTES ObjectAttributes
,
6005 IN PCLIENT_ID ClientId OPTIONAL
6011 ZwOpenProcessToken (
6012 IN HANDLE ProcessHandle
,
6013 IN ACCESS_MASK DesiredAccess
,
6014 OUT PHANDLE TokenHandle
6021 OUT PHANDLE ThreadHandle
,
6022 IN ACCESS_MASK DesiredAccess
,
6023 IN POBJECT_ATTRIBUTES ObjectAttributes
,
6024 IN PCLIENT_ID ClientId
6031 IN HANDLE ThreadHandle
,
6032 IN ACCESS_MASK DesiredAccess
,
6033 IN BOOLEAN OpenAsSelf
,
6034 OUT PHANDLE TokenHandle
6037 #if (VER_PRODUCTBUILD >= 2195)
6042 ZwPowerInformation (
6043 IN POWER_INFORMATION_LEVEL PowerInformationLevel
,
6044 IN PVOID InputBuffer OPTIONAL
,
6045 IN ULONG InputBufferLength
,
6046 OUT PVOID OutputBuffer OPTIONAL
,
6047 IN ULONG OutputBufferLength
6050 #endif /* (VER_PRODUCTBUILD >= 2195) */
6056 IN HANDLE EventHandle
,
6057 OUT PLONG PreviousState OPTIONAL
6063 ZwQueryDefaultLocale (
6064 IN BOOLEAN ThreadOrSystem
,
6071 ZwQueryDirectoryFile (
6072 IN HANDLE FileHandle
,
6073 IN HANDLE Event OPTIONAL
,
6074 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
6075 IN PVOID ApcContext OPTIONAL
,
6076 OUT PIO_STATUS_BLOCK IoStatusBlock
,
6077 OUT PVOID FileInformation
,
6079 IN FILE_INFORMATION_CLASS FileInformationClass
,
6080 IN BOOLEAN ReturnSingleEntry
,
6081 IN PUNICODE_STRING FileName OPTIONAL
,
6082 IN BOOLEAN RestartScan
6085 #if (VER_PRODUCTBUILD >= 2195)
6090 ZwQueryDirectoryObject (
6091 IN HANDLE DirectoryHandle
,
6094 IN BOOLEAN ReturnSingleEntry
,
6095 IN BOOLEAN RestartScan
,
6096 IN OUT PULONG Context
,
6097 OUT PULONG ReturnLength OPTIONAL
6104 IN HANDLE FileHandle
,
6105 OUT PIO_STATUS_BLOCK IoStatusBlock
,
6108 IN BOOLEAN ReturnSingleEntry
,
6109 IN PVOID EaList OPTIONAL
,
6110 IN ULONG EaListLength
,
6111 IN PULONG EaIndex OPTIONAL
,
6112 IN BOOLEAN RestartScan
6115 #endif /* (VER_PRODUCTBUILD >= 2195) */
6120 ZwQueryInformationProcess (
6121 IN HANDLE ProcessHandle
,
6122 IN PROCESSINFOCLASS ProcessInformationClass
,
6123 OUT PVOID ProcessInformation
,
6124 IN ULONG ProcessInformationLength
,
6125 OUT PULONG ReturnLength OPTIONAL
6131 ZwQueryInformationToken (
6132 IN HANDLE TokenHandle
,
6133 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
6134 OUT PVOID TokenInformation
,
6136 OUT PULONG ResultLength
6142 ZwQuerySecurityObject (
6143 IN HANDLE FileHandle
,
6144 IN SECURITY_INFORMATION SecurityInformation
,
6145 OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
6147 OUT PULONG ResultLength
6153 ZwQueryVolumeInformationFile (
6154 IN HANDLE FileHandle
,
6155 OUT PIO_STATUS_BLOCK IoStatusBlock
,
6156 OUT PVOID FsInformation
,
6158 IN FS_INFORMATION_CLASS FsInformationClass
6165 IN POBJECT_ATTRIBUTES NewFileObjectAttributes
,
6166 IN HANDLE KeyHandle
,
6167 IN POBJECT_ATTRIBUTES OldFileObjectAttributes
6174 IN HANDLE EventHandle
,
6175 OUT PLONG PreviousState OPTIONAL
6178 #if (VER_PRODUCTBUILD >= 2195)
6184 IN HANDLE KeyHandle
,
6185 IN HANDLE FileHandle
,
6189 #endif /* (VER_PRODUCTBUILD >= 2195) */
6195 IN HANDLE KeyHandle
,
6196 IN HANDLE FileHandle
6202 ZwSetDefaultLocale (
6203 IN BOOLEAN ThreadOrSystem
,
6207 #if (VER_PRODUCTBUILD >= 2195)
6212 ZwSetDefaultUILanguage (
6213 IN LANGID LanguageId
6220 IN HANDLE FileHandle
,
6221 OUT PIO_STATUS_BLOCK IoStatusBlock
,
6226 #endif /* (VER_PRODUCTBUILD >= 2195) */
6232 IN HANDLE EventHandle
,
6233 OUT PLONG PreviousState OPTIONAL
6239 ZwSetInformationProcess (
6240 IN HANDLE ProcessHandle
,
6241 IN PROCESSINFOCLASS ProcessInformationClass
,
6242 IN PVOID ProcessInformation
,
6243 IN ULONG ProcessInformationLength
6246 #if (VER_PRODUCTBUILD >= 2195)
6251 ZwSetSecurityObject (
6253 IN SECURITY_INFORMATION SecurityInformation
,
6254 IN PSECURITY_DESCRIPTOR SecurityDescriptor
6257 #endif /* (VER_PRODUCTBUILD >= 2195) */
6263 IN PLARGE_INTEGER NewTime
,
6264 OUT PLARGE_INTEGER OldTime OPTIONAL
6267 #if (VER_PRODUCTBUILD >= 2195)
6272 ZwSetVolumeInformationFile (
6273 IN HANDLE FileHandle
,
6274 OUT PIO_STATUS_BLOCK IoStatusBlock
,
6275 IN PVOID FsInformation
,
6277 IN FS_INFORMATION_CLASS FsInformationClass
6280 #endif /* (VER_PRODUCTBUILD >= 2195) */
6285 ZwTerminateProcess (
6286 IN HANDLE ProcessHandle OPTIONAL
,
6287 IN NTSTATUS ExitStatus
6294 /* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" */
6295 IN PUNICODE_STRING RegistryPath
6302 IN POBJECT_ATTRIBUTES KeyObjectAttributes
6305 #if (NTDDI_VERSION >= NTDDI_WIN2K)
6309 ZwWaitForSingleObject (
6311 IN BOOLEAN Alertable
,
6312 IN PLARGE_INTEGER Timeout OPTIONAL
);
6318 ZwWaitForMultipleObjects (
6319 IN ULONG HandleCount
,
6321 IN WAIT_TYPE WaitType
,
6322 IN BOOLEAN Alertable
,
6323 IN PLARGE_INTEGER Timeout OPTIONAL
6339 #endif /* _NTIFS_ */
projects / reactos.git / blob