4 * Windows NT Filesystem Driver Developer Kit
6 * This file is part of the w32api package.
9 * Created by Bo Brantén <bosse@acc.umu.se>
11 * THIS SOFTWARE IS NOT COPYRIGHTED
13 * This source code is offered for use in the public domain. You may
14 * use, modify or distribute it freely.
16 * This code is distributed in the hope that it will be useful but
17 * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
18 * DISCLAIMED. This includes but is not limited to warranties of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
25 #define _NTIFS_INCLUDED_
28 /* Helper macro to enable gcc's extension. */
29 #ifndef __GNU_EXTENSION
31 #define __GNU_EXTENSION __extension__
33 #define __GNU_EXTENSION
41 #define NTKERNELAPI DECLSPEC_IMPORT
42 #define NTHALAPI DECLSPEC_IMPORT
53 #define FlagOn(_F,_SF) ((_F) & (_SF))
57 #define BooleanFlagOn(F,SF) ((BOOLEAN)(((F) & (SF)) != 0))
61 #define SetFlag(_F,_SF) ((_F) |= (_SF))
65 #define ClearFlag(_F,_SF) ((_F) &= ~(_SF))
68 typedef struct _BUS_HANDLER
*PBUS_HANDLER
;
69 typedef struct _CALLBACK_OBJECT
*PCALLBACK_OBJECT
;
70 typedef struct _DEVICE_HANDLER_OBJECT
*PDEVICE_HANDLER_OBJECT
;
71 typedef struct _IO_TIMER
*PIO_TIMER
;
72 typedef struct _KINTERRUPT
*PKINTERRUPT
;
73 typedef struct _KPROCESS
*PKPROCESS
,*PRKPROCESS
, *PEPROCESS
;
74 typedef struct _KTHREAD
*PKTHREAD
, *PRKTHREAD
, *PETHREAD
;
75 typedef struct _OBJECT_TYPE
*POBJECT_TYPE
;
76 typedef struct _PEB
*PPEB
;
77 typedef struct _ACL
*PACL
;
79 #define PsGetCurrentProcess IoGetCurrentProcess
81 #if (NTDDI_VERSION >= NTDDI_VISTA)
82 extern NTSYSAPI
volatile CCHAR KeNumberProcessors
;
83 #elif (NTDDI_VERSION >= NTDDI_WINXP)
84 extern NTSYSAPI CCHAR KeNumberProcessors
;
86 extern PCCHAR KeNumberProcessors
;
89 typedef UNICODE_STRING LSA_UNICODE_STRING
, *PLSA_UNICODE_STRING
;
90 typedef STRING LSA_STRING
, *PLSA_STRING
;
91 typedef OBJECT_ATTRIBUTES LSA_OBJECT_ATTRIBUTES
, *PLSA_OBJECT_ATTRIBUTES
;
93 #ifndef SID_IDENTIFIER_AUTHORITY_DEFINED
94 #define SID_IDENTIFIER_AUTHORITY_DEFINED
95 typedef struct _SID_IDENTIFIER_AUTHORITY
{
97 } SID_IDENTIFIER_AUTHORITY
,*PSID_IDENTIFIER_AUTHORITY
,*LPSID_IDENTIFIER_AUTHORITY
;
102 typedef struct _SID
{
104 UCHAR SubAuthorityCount
;
105 SID_IDENTIFIER_AUTHORITY IdentifierAuthority
;
106 ULONG SubAuthority
[ANYSIZE_ARRAY
];
110 #define SID_REVISION 1
111 #define SID_MAX_SUB_AUTHORITIES 15
112 #define SID_RECOMMENDED_SUB_AUTHORITIES 1
114 typedef enum _SID_NAME_USE
{
119 SidTypeWellKnownGroup
,
120 SidTypeDeletedAccount
,
125 } SID_NAME_USE
, *PSID_NAME_USE
;
127 typedef struct _SID_AND_ATTRIBUTES
{
130 } SID_AND_ATTRIBUTES
, *PSID_AND_ATTRIBUTES
;
131 typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY
[ANYSIZE_ARRAY
];
132 typedef SID_AND_ATTRIBUTES_ARRAY
*PSID_AND_ATTRIBUTES_ARRAY
;
134 #define SID_HASH_SIZE 32
135 typedef ULONG_PTR SID_HASH_ENTRY
, *PSID_HASH_ENTRY
;
137 typedef struct _SID_AND_ATTRIBUTES_HASH
{
139 PSID_AND_ATTRIBUTES SidAttr
;
140 SID_HASH_ENTRY Hash
[SID_HASH_SIZE
];
141 } SID_AND_ATTRIBUTES_HASH
, *PSID_AND_ATTRIBUTES_HASH
;
143 /* Universal well-known SIDs */
145 #define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0}
146 #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
147 #define SECURITY_LOCAL_SID_AUTHORITY {0,0,0,0,0,2}
148 #define SECURITY_CREATOR_SID_AUTHORITY {0,0,0,0,0,3}
149 #define SECURITY_NON_UNIQUE_AUTHORITY {0,0,0,0,0,4}
150 #define SECURITY_RESOURCE_MANAGER_AUTHORITY {0,0,0,0,0,9}
152 #define SECURITY_NULL_RID (0x00000000L)
153 #define SECURITY_WORLD_RID (0x00000000L)
154 #define SECURITY_LOCAL_RID (0x00000000L)
155 #define SECURITY_LOCAL_LOGON_RID (0x00000001L)
157 #define SECURITY_CREATOR_OWNER_RID (0x00000000L)
158 #define SECURITY_CREATOR_GROUP_RID (0x00000001L)
159 #define SECURITY_CREATOR_OWNER_SERVER_RID (0x00000002L)
160 #define SECURITY_CREATOR_GROUP_SERVER_RID (0x00000003L)
161 #define SECURITY_CREATOR_OWNER_RIGHTS_RID (0x00000004L)
163 /* NT well-known SIDs */
165 #define SECURITY_NT_AUTHORITY {0,0,0,0,0,5}
167 #define SECURITY_DIALUP_RID (0x00000001L)
168 #define SECURITY_NETWORK_RID (0x00000002L)
169 #define SECURITY_BATCH_RID (0x00000003L)
170 #define SECURITY_INTERACTIVE_RID (0x00000004L)
171 #define SECURITY_LOGON_IDS_RID (0x00000005L)
172 #define SECURITY_LOGON_IDS_RID_COUNT (3L)
173 #define SECURITY_SERVICE_RID (0x00000006L)
174 #define SECURITY_ANONYMOUS_LOGON_RID (0x00000007L)
175 #define SECURITY_PROXY_RID (0x00000008L)
176 #define SECURITY_ENTERPRISE_CONTROLLERS_RID (0x00000009L)
177 #define SECURITY_SERVER_LOGON_RID SECURITY_ENTERPRISE_CONTROLLERS_RID
178 #define SECURITY_PRINCIPAL_SELF_RID (0x0000000AL)
179 #define SECURITY_AUTHENTICATED_USER_RID (0x0000000BL)
180 #define SECURITY_RESTRICTED_CODE_RID (0x0000000CL)
181 #define SECURITY_TERMINAL_SERVER_RID (0x0000000DL)
182 #define SECURITY_REMOTE_LOGON_RID (0x0000000EL)
183 #define SECURITY_THIS_ORGANIZATION_RID (0x0000000FL)
184 #define SECURITY_IUSER_RID (0x00000011L)
185 #define SECURITY_LOCAL_SYSTEM_RID (0x00000012L)
186 #define SECURITY_LOCAL_SERVICE_RID (0x00000013L)
187 #define SECURITY_NETWORK_SERVICE_RID (0x00000014L)
188 #define SECURITY_NT_NON_UNIQUE (0x00000015L)
189 #define SECURITY_NT_NON_UNIQUE_SUB_AUTH_COUNT (3L)
190 #define SECURITY_ENTERPRISE_READONLY_CONTROLLERS_RID (0x00000016L)
192 #define SECURITY_BUILTIN_DOMAIN_RID (0x00000020L)
193 #define SECURITY_WRITE_RESTRICTED_CODE_RID (0x00000021L)
196 #define SECURITY_PACKAGE_BASE_RID (0x00000040L)
197 #define SECURITY_PACKAGE_RID_COUNT (2L)
198 #define SECURITY_PACKAGE_NTLM_RID (0x0000000AL)
199 #define SECURITY_PACKAGE_SCHANNEL_RID (0x0000000EL)
200 #define SECURITY_PACKAGE_DIGEST_RID (0x00000015L)
202 #define SECURITY_CRED_TYPE_BASE_RID (0x00000041L)
203 #define SECURITY_CRED_TYPE_RID_COUNT (2L)
204 #define SECURITY_CRED_TYPE_THIS_ORG_CERT_RID (0x00000001L)
206 #define SECURITY_MIN_BASE_RID (0x00000050L)
207 #define SECURITY_SERVICE_ID_BASE_RID (0x00000050L)
208 #define SECURITY_SERVICE_ID_RID_COUNT (6L)
209 #define SECURITY_RESERVED_ID_BASE_RID (0x00000051L)
210 #define SECURITY_APPPOOL_ID_BASE_RID (0x00000052L)
211 #define SECURITY_APPPOOL_ID_RID_COUNT (6L)
212 #define SECURITY_VIRTUALSERVER_ID_BASE_RID (0x00000053L)
213 #define SECURITY_VIRTUALSERVER_ID_RID_COUNT (6L)
214 #define SECURITY_USERMODEDRIVERHOST_ID_BASE_RID (0x00000054L)
215 #define SECURITY_USERMODEDRIVERHOST_ID_RID_COUNT (6L)
216 #define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_BASE_RID (0x00000055L)
217 #define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_RID_COUNT (6L)
218 #define SECURITY_WMIHOST_ID_BASE_RID (0x00000056L)
219 #define SECURITY_WMIHOST_ID_RID_COUNT (6L)
220 #define SECURITY_TASK_ID_BASE_RID (0x00000057L)
221 #define SECURITY_NFS_ID_BASE_RID (0x00000058L)
222 #define SECURITY_COM_ID_BASE_RID (0x00000059L)
223 #define SECURITY_VIRTUALACCOUNT_ID_RID_COUNT (6L)
225 #define SECURITY_MAX_BASE_RID (0x0000006FL)
227 #define SECURITY_MAX_ALWAYS_FILTERED (0x000003E7L)
228 #define SECURITY_MIN_NEVER_FILTERED (0x000003E8L)
230 #define SECURITY_OTHER_ORGANIZATION_RID (0x000003E8L)
232 #define SECURITY_WINDOWSMOBILE_ID_BASE_RID (0x00000070L)
234 /* Well-known domain relative sub-authority values (RIDs) */
236 #define DOMAIN_GROUP_RID_ENTERPRISE_READONLY_DOMAIN_CONTROLLERS (0x000001F2L)
238 #define FOREST_USER_RID_MAX (0x000001F3L)
240 /* Well-known users */
242 #define DOMAIN_USER_RID_ADMIN (0x000001F4L)
243 #define DOMAIN_USER_RID_GUEST (0x000001F5L)
244 #define DOMAIN_USER_RID_KRBTGT (0x000001F6L)
246 #define DOMAIN_USER_RID_MAX (0x000003E7L)
248 /* Well-known groups */
250 #define DOMAIN_GROUP_RID_ADMINS (0x00000200L)
251 #define DOMAIN_GROUP_RID_USERS (0x00000201L)
252 #define DOMAIN_GROUP_RID_GUESTS (0x00000202L)
253 #define DOMAIN_GROUP_RID_COMPUTERS (0x00000203L)
254 #define DOMAIN_GROUP_RID_CONTROLLERS (0x00000204L)
255 #define DOMAIN_GROUP_RID_CERT_ADMINS (0x00000205L)
256 #define DOMAIN_GROUP_RID_SCHEMA_ADMINS (0x00000206L)
257 #define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS (0x00000207L)
258 #define DOMAIN_GROUP_RID_POLICY_ADMINS (0x00000208L)
259 #define DOMAIN_GROUP_RID_READONLY_CONTROLLERS (0x00000209L)
261 /* Well-known aliases */
263 #define DOMAIN_ALIAS_RID_ADMINS (0x00000220L)
264 #define DOMAIN_ALIAS_RID_USERS (0x00000221L)
265 #define DOMAIN_ALIAS_RID_GUESTS (0x00000222L)
266 #define DOMAIN_ALIAS_RID_POWER_USERS (0x00000223L)
268 #define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L)
269 #define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x00000225L)
270 #define DOMAIN_ALIAS_RID_PRINT_OPS (0x00000226L)
271 #define DOMAIN_ALIAS_RID_BACKUP_OPS (0x00000227L)
273 #define DOMAIN_ALIAS_RID_REPLICATOR (0x00000228L)
274 #define DOMAIN_ALIAS_RID_RAS_SERVERS (0x00000229L)
275 #define DOMAIN_ALIAS_RID_PREW2KCOMPACCESS (0x0000022AL)
276 #define DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS (0x0000022BL)
277 #define DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS (0x0000022CL)
278 #define DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS (0x0000022DL)
280 #define DOMAIN_ALIAS_RID_MONITORING_USERS (0x0000022EL)
281 #define DOMAIN_ALIAS_RID_LOGGING_USERS (0x0000022FL)
282 #define DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS (0x00000230L)
283 #define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS (0x00000231L)
284 #define DOMAIN_ALIAS_RID_DCOM_USERS (0x00000232L)
285 #define DOMAIN_ALIAS_RID_IUSERS (0x00000238L)
286 #define DOMAIN_ALIAS_RID_CRYPTO_OPERATORS (0x00000239L)
287 #define DOMAIN_ALIAS_RID_CACHEABLE_PRINCIPALS_GROUP (0x0000023BL)
288 #define DOMAIN_ALIAS_RID_NON_CACHEABLE_PRINCIPALS_GROUP (0x0000023CL)
289 #define DOMAIN_ALIAS_RID_EVENT_LOG_READERS_GROUP (0x0000023DL)
290 #define DOMAIN_ALIAS_RID_CERTSVC_DCOM_ACCESS_GROUP (0x0000023EL)
292 #define SECURITY_MANDATORY_LABEL_AUTHORITY {0,0,0,0,0,16}
293 #define SECURITY_MANDATORY_UNTRUSTED_RID (0x00000000L)
294 #define SECURITY_MANDATORY_LOW_RID (0x00001000L)
295 #define SECURITY_MANDATORY_MEDIUM_RID (0x00002000L)
296 #define SECURITY_MANDATORY_HIGH_RID (0x00003000L)
297 #define SECURITY_MANDATORY_SYSTEM_RID (0x00004000L)
298 #define SECURITY_MANDATORY_PROTECTED_PROCESS_RID (0x00005000L)
300 /* SECURITY_MANDATORY_MAXIMUM_USER_RID is the highest RID that
301 can be set by a usermode caller.*/
303 #define SECURITY_MANDATORY_MAXIMUM_USER_RID SECURITY_MANDATORY_SYSTEM_RID
305 #define MANDATORY_LEVEL_TO_MANDATORY_RID(IL) (IL * 0x1000)
307 /* Allocate the System Luid. The first 1000 LUIDs are reserved.
308 Use #999 here (0x3e7 = 999) */
310 #define SYSTEM_LUID { 0x3e7, 0x0 }
311 #define ANONYMOUS_LOGON_LUID { 0x3e6, 0x0 }
312 #define LOCALSERVICE_LUID { 0x3e5, 0x0 }
313 #define NETWORKSERVICE_LUID { 0x3e4, 0x0 }
314 #define IUSER_LUID { 0x3e3, 0x0 }
316 typedef struct _ACE_HEADER
{
320 } ACE_HEADER
, *PACE_HEADER
;
322 /* also in winnt.h */
323 #define ACCESS_MIN_MS_ACE_TYPE (0x0)
324 #define ACCESS_ALLOWED_ACE_TYPE (0x0)
325 #define ACCESS_DENIED_ACE_TYPE (0x1)
326 #define SYSTEM_AUDIT_ACE_TYPE (0x2)
327 #define SYSTEM_ALARM_ACE_TYPE (0x3)
328 #define ACCESS_MAX_MS_V2_ACE_TYPE (0x3)
329 #define ACCESS_ALLOWED_COMPOUND_ACE_TYPE (0x4)
330 #define ACCESS_MAX_MS_V3_ACE_TYPE (0x4)
331 #define ACCESS_MIN_MS_OBJECT_ACE_TYPE (0x5)
332 #define ACCESS_ALLOWED_OBJECT_ACE_TYPE (0x5)
333 #define ACCESS_DENIED_OBJECT_ACE_TYPE (0x6)
334 #define SYSTEM_AUDIT_OBJECT_ACE_TYPE (0x7)
335 #define SYSTEM_ALARM_OBJECT_ACE_TYPE (0x8)
336 #define ACCESS_MAX_MS_OBJECT_ACE_TYPE (0x8)
337 #define ACCESS_MAX_MS_V4_ACE_TYPE (0x8)
338 #define ACCESS_MAX_MS_ACE_TYPE (0x8)
339 #define ACCESS_ALLOWED_CALLBACK_ACE_TYPE (0x9)
340 #define ACCESS_DENIED_CALLBACK_ACE_TYPE (0xA)
341 #define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE (0xB)
342 #define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE (0xC)
343 #define SYSTEM_AUDIT_CALLBACK_ACE_TYPE (0xD)
344 #define SYSTEM_ALARM_CALLBACK_ACE_TYPE (0xE)
345 #define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE (0xF)
346 #define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE (0x10)
347 #define ACCESS_MAX_MS_V5_ACE_TYPE (0x11)
348 #define SYSTEM_MANDATORY_LABEL_ACE_TYPE (0x11)
350 /* The following are the inherit flags that go into the AceFlags field
353 #define OBJECT_INHERIT_ACE (0x1)
354 #define CONTAINER_INHERIT_ACE (0x2)
355 #define NO_PROPAGATE_INHERIT_ACE (0x4)
356 #define INHERIT_ONLY_ACE (0x8)
357 #define INHERITED_ACE (0x10)
358 #define VALID_INHERIT_FLAGS (0x1F)
360 #define SUCCESSFUL_ACCESS_ACE_FLAG (0x40)
361 #define FAILED_ACCESS_ACE_FLAG (0x80)
363 typedef struct _ACCESS_ALLOWED_ACE
{
367 } ACCESS_ALLOWED_ACE
, *PACCESS_ALLOWED_ACE
;
369 typedef struct _ACCESS_DENIED_ACE
{
373 } ACCESS_DENIED_ACE
, *PACCESS_DENIED_ACE
;
375 typedef struct _SYSTEM_AUDIT_ACE
{
379 } SYSTEM_AUDIT_ACE
, *PSYSTEM_AUDIT_ACE
;
381 typedef struct _SYSTEM_ALARM_ACE
{
385 } SYSTEM_ALARM_ACE
, *PSYSTEM_ALARM_ACE
;
387 typedef struct _SYSTEM_MANDATORY_LABEL_ACE
{
391 } SYSTEM_MANDATORY_LABEL_ACE
, *PSYSTEM_MANDATORY_LABEL_ACE
;
393 #define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP 0x1
394 #define SYSTEM_MANDATORY_LABEL_NO_READ_UP 0x2
395 #define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP 0x4
396 #define SYSTEM_MANDATORY_LABEL_VALID_MASK (SYSTEM_MANDATORY_LABEL_NO_WRITE_UP | \
397 SYSTEM_MANDATORY_LABEL_NO_READ_UP | \
398 SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP)
400 #define SECURITY_DESCRIPTOR_MIN_LENGTH (sizeof(SECURITY_DESCRIPTOR))
402 typedef USHORT SECURITY_DESCRIPTOR_CONTROL
,*PSECURITY_DESCRIPTOR_CONTROL
;
404 #define SE_OWNER_DEFAULTED 0x0001
405 #define SE_GROUP_DEFAULTED 0x0002
406 #define SE_DACL_PRESENT 0x0004
407 #define SE_DACL_DEFAULTED 0x0008
408 #define SE_SACL_PRESENT 0x0010
409 #define SE_SACL_DEFAULTED 0x0020
410 #define SE_DACL_UNTRUSTED 0x0040
411 #define SE_SERVER_SECURITY 0x0080
412 #define SE_DACL_AUTO_INHERIT_REQ 0x0100
413 #define SE_SACL_AUTO_INHERIT_REQ 0x0200
414 #define SE_DACL_AUTO_INHERITED 0x0400
415 #define SE_SACL_AUTO_INHERITED 0x0800
416 #define SE_DACL_PROTECTED 0x1000
417 #define SE_SACL_PROTECTED 0x2000
418 #define SE_RM_CONTROL_VALID 0x4000
419 #define SE_SELF_RELATIVE 0x8000
421 typedef struct _SECURITY_DESCRIPTOR_RELATIVE
{
424 SECURITY_DESCRIPTOR_CONTROL Control
;
429 } SECURITY_DESCRIPTOR_RELATIVE
, *PISECURITY_DESCRIPTOR_RELATIVE
;
433 #ifndef VER_PRODUCTBUILD
434 #define VER_PRODUCTBUILD 10000
437 #define EX_PUSH_LOCK ULONG_PTR
438 #define PEX_PUSH_LOCK PULONG_PTR
443 extern PUCHAR FsRtlLegalAnsiCharacterArray
;
445 extern DECLSPEC_IMPORT PUCHAR FsRtlLegalAnsiCharacterArray
;
447 extern PACL SePublicDefaultDacl
;
448 extern PACL SeSystemDefaultDacl
;
450 extern KSPIN_LOCK IoStatisticsLock
;
451 extern ULONG IoReadOperationCount
;
452 extern ULONG IoWriteOperationCount
;
453 extern ULONG IoOtherOperationCount
;
454 extern LARGE_INTEGER IoReadTransferCount
;
455 extern LARGE_INTEGER IoWriteTransferCount
;
456 extern LARGE_INTEGER IoOtherTransferCount
;
458 typedef ULONG LSA_OPERATIONAL_MODE
, *PLSA_OPERATIONAL_MODE
;
460 typedef enum _SECURITY_LOGON_TYPE
462 UndefinedLogonType
= 0,
471 #if (_WIN32_WINNT >= 0x0501)
475 #if (_WIN32_WINNT >= 0x0502)
476 CachedRemoteInteractive
,
479 } SECURITY_LOGON_TYPE
, *PSECURITY_LOGON_TYPE
;
481 #define ANSI_DOS_STAR ('<')
482 #define ANSI_DOS_QM ('>')
483 #define ANSI_DOS_DOT ('"')
485 #define DOS_STAR (L'<')
486 #define DOS_QM (L'>')
487 #define DOS_DOT (L'"')
489 #define COMPRESSION_FORMAT_NONE (0x0000)
490 #define COMPRESSION_FORMAT_DEFAULT (0x0001)
491 #define COMPRESSION_FORMAT_LZNT1 (0x0002)
492 #define COMPRESSION_ENGINE_STANDARD (0x0000)
493 #define COMPRESSION_ENGINE_MAXIMUM (0x0100)
494 #define COMPRESSION_ENGINE_HIBER (0x0200)
496 #define FILE_ACTION_ADDED 0x00000001
497 #define FILE_ACTION_REMOVED 0x00000002
498 #define FILE_ACTION_MODIFIED 0x00000003
499 #define FILE_ACTION_RENAMED_OLD_NAME 0x00000004
500 #define FILE_ACTION_RENAMED_NEW_NAME 0x00000005
501 #define FILE_ACTION_ADDED_STREAM 0x00000006
502 #define FILE_ACTION_REMOVED_STREAM 0x00000007
503 #define FILE_ACTION_MODIFIED_STREAM 0x00000008
504 #define FILE_ACTION_REMOVED_BY_DELETE 0x00000009
505 #define FILE_ACTION_ID_NOT_TUNNELLED 0x0000000A
506 #define FILE_ACTION_TUNNELLED_ID_COLLISION 0x0000000B
509 #define FILE_EA_TYPE_BINARY 0xfffe
510 #define FILE_EA_TYPE_ASCII 0xfffd
511 #define FILE_EA_TYPE_BITMAP 0xfffb
512 #define FILE_EA_TYPE_METAFILE 0xfffa
513 #define FILE_EA_TYPE_ICON 0xfff9
514 #define FILE_EA_TYPE_EA 0xffee
515 #define FILE_EA_TYPE_MVMT 0xffdf
516 #define FILE_EA_TYPE_MVST 0xffde
517 #define FILE_EA_TYPE_ASN1 0xffdd
518 #define FILE_EA_TYPE_FAMILY_IDS 0xff01
520 #define FILE_NEED_EA 0x00000080
522 /* also in winnt.h */
523 #define FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001
524 #define FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002
525 #define FILE_NOTIFY_CHANGE_NAME 0x00000003
526 #define FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004
527 #define FILE_NOTIFY_CHANGE_SIZE 0x00000008
528 #define FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010
529 #define FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020
530 #define FILE_NOTIFY_CHANGE_CREATION 0x00000040
531 #define FILE_NOTIFY_CHANGE_EA 0x00000080
532 #define FILE_NOTIFY_CHANGE_SECURITY 0x00000100
533 #define FILE_NOTIFY_CHANGE_STREAM_NAME 0x00000200
534 #define FILE_NOTIFY_CHANGE_STREAM_SIZE 0x00000400
535 #define FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800
536 #define FILE_NOTIFY_VALID_MASK 0x00000fff
539 #define FILE_OPLOCK_BROKEN_TO_LEVEL_2 0x00000007
540 #define FILE_OPLOCK_BROKEN_TO_NONE 0x00000008
542 #define FILE_OPBATCH_BREAK_UNDERWAY 0x00000009
544 #define FILE_CASE_SENSITIVE_SEARCH 0x00000001
545 #define FILE_CASE_PRESERVED_NAMES 0x00000002
546 #define FILE_UNICODE_ON_DISK 0x00000004
547 #define FILE_PERSISTENT_ACLS 0x00000008
548 #define FILE_FILE_COMPRESSION 0x00000010
549 #define FILE_VOLUME_QUOTAS 0x00000020
550 #define FILE_SUPPORTS_SPARSE_FILES 0x00000040
551 #define FILE_SUPPORTS_REPARSE_POINTS 0x00000080
552 #define FILE_SUPPORTS_REMOTE_STORAGE 0x00000100
553 #define FS_LFN_APIS 0x00004000
554 #define FILE_VOLUME_IS_COMPRESSED 0x00008000
555 #define FILE_SUPPORTS_OBJECT_IDS 0x00010000
556 #define FILE_SUPPORTS_ENCRYPTION 0x00020000
557 #define FILE_NAMED_STREAMS 0x00040000
558 #define FILE_READ_ONLY_VOLUME 0x00080000
559 #define FILE_SEQUENTIAL_WRITE_ONCE 0x00100000
560 #define FILE_SUPPORTS_TRANSACTIONS 0x00200000
562 #define FILE_PIPE_BYTE_STREAM_TYPE 0x00000000
563 #define FILE_PIPE_MESSAGE_TYPE 0x00000001
565 #define FILE_PIPE_BYTE_STREAM_MODE 0x00000000
566 #define FILE_PIPE_MESSAGE_MODE 0x00000001
568 #define FILE_PIPE_QUEUE_OPERATION 0x00000000
569 #define FILE_PIPE_COMPLETE_OPERATION 0x00000001
571 #define FILE_PIPE_INBOUND 0x00000000
572 #define FILE_PIPE_OUTBOUND 0x00000001
573 #define FILE_PIPE_FULL_DUPLEX 0x00000002
575 #define FILE_PIPE_DISCONNECTED_STATE 0x00000001
576 #define FILE_PIPE_LISTENING_STATE 0x00000002
577 #define FILE_PIPE_CONNECTED_STATE 0x00000003
578 #define FILE_PIPE_CLOSING_STATE 0x00000004
580 #define FILE_PIPE_CLIENT_END 0x00000000
581 #define FILE_PIPE_SERVER_END 0x00000001
583 #define FILE_PIPE_READ_DATA 0x00000000
584 #define FILE_PIPE_WRITE_SPACE 0x00000001
586 #define FILE_STORAGE_TYPE_SPECIFIED 0x00000041 /* FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE */
587 #define FILE_STORAGE_TYPE_DEFAULT (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT)
588 #define FILE_STORAGE_TYPE_DIRECTORY (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT)
589 #define FILE_STORAGE_TYPE_FILE (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT)
590 #define FILE_STORAGE_TYPE_DOCFILE (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT)
591 #define FILE_STORAGE_TYPE_JUNCTION_POINT (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT)
592 #define FILE_STORAGE_TYPE_CATALOG (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT)
593 #define FILE_STORAGE_TYPE_STRUCTURED_STORAGE (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT)
594 #define FILE_STORAGE_TYPE_EMBEDDING (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT)
595 #define FILE_STORAGE_TYPE_STREAM (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT)
596 #define FILE_MINIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_DEFAULT
597 #define FILE_MAXIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_STREAM
598 #define FILE_STORAGE_TYPE_MASK 0x000f0000
599 #define FILE_STORAGE_TYPE_SHIFT 16
601 #define FILE_VC_QUOTA_NONE 0x00000000
602 #define FILE_VC_QUOTA_TRACK 0x00000001
603 #define FILE_VC_QUOTA_ENFORCE 0x00000002
604 #define FILE_VC_QUOTA_MASK 0x00000003
606 #define FILE_VC_QUOTAS_LOG_VIOLATIONS 0x00000004
607 #define FILE_VC_CONTENT_INDEX_DISABLED 0x00000008
609 #define FILE_VC_LOG_QUOTA_THRESHOLD 0x00000010
610 #define FILE_VC_LOG_QUOTA_LIMIT 0x00000020
611 #define FILE_VC_LOG_VOLUME_THRESHOLD 0x00000040
612 #define FILE_VC_LOG_VOLUME_LIMIT 0x00000080
614 #define FILE_VC_QUOTAS_INCOMPLETE 0x00000100
615 #define FILE_VC_QUOTAS_REBUILDING 0x00000200
617 #define FILE_VC_VALID_MASK 0x000003ff
619 #define FSRTL_FLAG_FILE_MODIFIED (0x01)
620 #define FSRTL_FLAG_FILE_LENGTH_CHANGED (0x02)
621 #define FSRTL_FLAG_LIMIT_MODIFIED_PAGES (0x04)
622 #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_EX (0x08)
623 #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_SH (0x10)
624 #define FSRTL_FLAG_USER_MAPPED_FILE (0x20)
625 #define FSRTL_FLAG_ADVANCED_HEADER (0x40)
626 #define FSRTL_FLAG_EOF_ADVANCE_ACTIVE (0x80)
628 #define FSRTL_FLAG2_DO_MODIFIED_WRITE (0x01)
629 #define FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS (0x02)
630 #define FSRTL_FLAG2_PURGE_WHEN_MAPPED (0x04)
631 #define FSRTL_FLAG2_IS_PAGING_FILE (0x08)
633 #define FSRTL_FSP_TOP_LEVEL_IRP (0x01)
634 #define FSRTL_CACHE_TOP_LEVEL_IRP (0x02)
635 #define FSRTL_MOD_WRITE_TOP_LEVEL_IRP (0x03)
636 #define FSRTL_FAST_IO_TOP_LEVEL_IRP (0x04)
637 #define FSRTL_MAX_TOP_LEVEL_IRP_FLAG (0x04)
639 #define FSRTL_VOLUME_DISMOUNT 1
640 #define FSRTL_VOLUME_DISMOUNT_FAILED 2
641 #define FSRTL_VOLUME_LOCK 3
642 #define FSRTL_VOLUME_LOCK_FAILED 4
643 #define FSRTL_VOLUME_UNLOCK 5
644 #define FSRTL_VOLUME_MOUNT 6
646 #define FSRTL_WILD_CHARACTER 0x08
648 #define FSRTL_FAT_LEGAL 0x01
649 #define FSRTL_HPFS_LEGAL 0x02
650 #define FSRTL_NTFS_LEGAL 0x04
651 #define FSRTL_WILD_CHARACTER 0x08
652 #define FSRTL_OLE_LEGAL 0x10
653 #define FSRTL_NTFS_STREAM_LEGAL 0x14
656 #define HARDWARE_PTE HARDWARE_PTE_X86
657 #define PHARDWARE_PTE PHARDWARE_PTE_X86
660 #define IO_CHECK_CREATE_PARAMETERS 0x0200
661 #define IO_ATTACH_DEVICE 0x0400
663 #define IO_ATTACH_DEVICE_API 0x80000000
665 #define IO_FILE_OBJECT_NON_PAGED_POOL_CHARGE 64
666 #define IO_FILE_OBJECT_PAGED_POOL_CHARGE 1024
668 #define IO_TYPE_APC 18
669 #define IO_TYPE_DPC 19
670 #define IO_TYPE_DEVICE_QUEUE 20
671 #define IO_TYPE_EVENT_PAIR 21
672 #define IO_TYPE_INTERRUPT 22
673 #define IO_TYPE_PROFILE 23
675 #define IRP_BEING_VERIFIED 0x10
677 #define MAILSLOT_CLASS_FIRSTCLASS 1
678 #define MAILSLOT_CLASS_SECONDCLASS 2
680 #define MAILSLOT_SIZE_AUTO 0
682 #define MEM_DOS_LIM 0x40000000
684 #define MCB_FLAG_RAISE_ON_ALLOCATION_FAILURE 1
686 #define OB_TYPE_TYPE 1
687 #define OB_TYPE_DIRECTORY 2
688 #define OB_TYPE_SYMBOLIC_LINK 3
689 #define OB_TYPE_TOKEN 4
690 #define OB_TYPE_PROCESS 5
691 #define OB_TYPE_THREAD 6
692 #define OB_TYPE_EVENT 7
693 #define OB_TYPE_EVENT_PAIR 8
694 #define OB_TYPE_MUTANT 9
695 #define OB_TYPE_SEMAPHORE 10
696 #define OB_TYPE_TIMER 11
697 #define OB_TYPE_PROFILE 12
698 #define OB_TYPE_WINDOW_STATION 13
699 #define OB_TYPE_DESKTOP 14
700 #define OB_TYPE_SECTION 15
701 #define OB_TYPE_KEY 16
702 #define OB_TYPE_PORT 17
703 #define OB_TYPE_ADAPTER 18
704 #define OB_TYPE_CONTROLLER 19
705 #define OB_TYPE_DEVICE 20
706 #define OB_TYPE_DRIVER 21
707 #define OB_TYPE_IO_COMPLETION 22
708 #define OB_TYPE_FILE 23
711 #define PIN_EXCLUSIVE (2)
712 #define PIN_NO_READ (4)
713 #define PIN_IF_BCB (8)
715 #define RTL_DUPLICATE_UNICODE_STRING_NULL_TERMINATE 1
716 #define RTL_DUPLICATE_UNICODE_STRING_ALLOCATE_NULL_STRING 2
718 #define SEC_BASED 0x00200000
720 #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
721 #define SECURITY_WORLD_RID (0x00000000L)
723 #define TOKEN_ASSIGN_PRIMARY (0x0001)
724 #define TOKEN_DUPLICATE (0x0002)
725 #define TOKEN_IMPERSONATE (0x0004)
726 #define TOKEN_QUERY (0x0008)
727 #define TOKEN_QUERY_SOURCE (0x0010)
728 #define TOKEN_ADJUST_PRIVILEGES (0x0020)
729 #define TOKEN_ADJUST_GROUPS (0x0040)
730 #define TOKEN_ADJUST_DEFAULT (0x0080)
731 #define TOKEN_ADJUST_SESSIONID (0x0100)
733 #define TOKEN_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED |\
734 TOKEN_ASSIGN_PRIMARY |\
738 TOKEN_QUERY_SOURCE |\
739 TOKEN_ADJUST_PRIVILEGES |\
740 TOKEN_ADJUST_GROUPS |\
741 TOKEN_ADJUST_DEFAULT |\
742 TOKEN_ADJUST_SESSIONID)
744 #define TOKEN_READ (STANDARD_RIGHTS_READ |\
747 #define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\
748 TOKEN_ADJUST_PRIVILEGES |\
749 TOKEN_ADJUST_GROUPS |\
750 TOKEN_ADJUST_DEFAULT)
752 #define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE)
754 #define TOKEN_SOURCE_LENGTH 8
757 #define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x01
758 #define TOKEN_HAS_BACKUP_PRIVILEGE 0x02
759 #define TOKEN_HAS_RESTORE_PRIVILEGE 0x04
760 #define TOKEN_HAS_ADMIN_GROUP 0x08
761 #define TOKEN_WRITE_RESTRICTED 0x08
762 #define TOKEN_IS_RESTRICTED 0x10
763 #define SE_BACKUP_PRIVILEGES_CHECKED 0x0100
765 #define VACB_MAPPING_GRANULARITY (0x40000)
766 #define VACB_OFFSET_SHIFT (18)
769 #define _AUDIT_EVENT_TYPE_HACK 0
771 #if (_AUDIT_EVENT_TYPE_HACK == 1)
774 typedef enum _AUDIT_EVENT_TYPE
776 AuditEventObjectAccess
,
777 AuditEventDirectoryServiceAccess
778 } AUDIT_EVENT_TYPE
, *PAUDIT_EVENT_TYPE
;
781 #define AUDIT_ALLOW_NO_PRIVILEGE 0x1
783 #define FSCTL_REQUEST_OPLOCK_LEVEL_1 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
784 #define FSCTL_REQUEST_OPLOCK_LEVEL_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
785 #define FSCTL_REQUEST_BATCH_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
786 #define FSCTL_OPLOCK_BREAK_ACKNOWLEDGE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 3, METHOD_BUFFERED, FILE_ANY_ACCESS)
787 #define FSCTL_OPBATCH_ACK_CLOSE_PENDING CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
788 #define FSCTL_OPLOCK_BREAK_NOTIFY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 5, METHOD_BUFFERED, FILE_ANY_ACCESS)
789 #define FSCTL_LOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
790 #define FSCTL_UNLOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
791 #define FSCTL_DISMOUNT_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
793 #define FSCTL_IS_VOLUME_MOUNTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 10, METHOD_BUFFERED, FILE_ANY_ACCESS)
794 #define FSCTL_IS_PATHNAME_VALID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 11, METHOD_BUFFERED, FILE_ANY_ACCESS)
795 #define FSCTL_MARK_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 12, METHOD_BUFFERED, FILE_ANY_ACCESS)
797 #define FSCTL_QUERY_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 14, METHOD_NEITHER, FILE_ANY_ACCESS)
798 #define FSCTL_GET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 15, METHOD_BUFFERED, FILE_ANY_ACCESS)
799 #define FSCTL_SET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 16, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
802 #define FSCTL_MARK_AS_SYSTEM_HIVE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 19, METHOD_NEITHER, FILE_ANY_ACCESS)
803 #define FSCTL_OPLOCK_BREAK_ACK_NO_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 20, METHOD_BUFFERED, FILE_ANY_ACCESS)
804 #define FSCTL_INVALIDATE_VOLUMES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 21, METHOD_BUFFERED, FILE_ANY_ACCESS)
805 #define FSCTL_QUERY_FAT_BPB CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 22, METHOD_BUFFERED, FILE_ANY_ACCESS)
806 #define FSCTL_REQUEST_FILTER_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 23, METHOD_BUFFERED, FILE_ANY_ACCESS)
807 #define FSCTL_FILESYSTEM_GET_STATISTICS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 24, METHOD_BUFFERED, FILE_ANY_ACCESS)
809 #if (VER_PRODUCTBUILD >= 1381)
811 #define FSCTL_GET_NTFS_VOLUME_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 25, METHOD_BUFFERED, FILE_ANY_ACCESS)
812 #define FSCTL_GET_NTFS_FILE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 26, METHOD_BUFFERED, FILE_ANY_ACCESS)
813 #define FSCTL_GET_VOLUME_BITMAP CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 27, METHOD_NEITHER, FILE_ANY_ACCESS)
814 #define FSCTL_GET_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 28, METHOD_NEITHER, FILE_ANY_ACCESS)
815 #define FSCTL_MOVE_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 29, METHOD_BUFFERED, FILE_ANY_ACCESS)
816 #define FSCTL_IS_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 30, METHOD_BUFFERED, FILE_ANY_ACCESS)
817 #define FSCTL_GET_HFS_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS)
818 #define FSCTL_ALLOW_EXTENDED_DASD_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 32, METHOD_NEITHER, FILE_ANY_ACCESS)
820 #endif /* (VER_PRODUCTBUILD >= 1381) */
822 #if (VER_PRODUCTBUILD >= 2195)
824 #define FSCTL_READ_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS)
825 #define FSCTL_WRITE_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS)
826 #define FSCTL_FIND_FILES_BY_SID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 35, METHOD_NEITHER, FILE_ANY_ACCESS)
828 #define FSCTL_DUMP_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS)
829 #define FSCTL_SET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 38, METHOD_BUFFERED, FILE_WRITE_DATA)
830 #define FSCTL_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 39, METHOD_BUFFERED, FILE_ANY_ACCESS)
831 #define FSCTL_DELETE_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 40, METHOD_BUFFERED, FILE_WRITE_DATA)
832 #define FSCTL_SET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 41, METHOD_BUFFERED, FILE_WRITE_DATA)
833 #define FSCTL_GET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 42, METHOD_BUFFERED, FILE_ANY_ACCESS)
834 #define FSCTL_DELETE_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 43, METHOD_BUFFERED, FILE_WRITE_DATA)
835 #define FSCTL_ENUM_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 44, METHOD_NEITHER, FILE_READ_DATA)
836 #define FSCTL_SECURITY_ID_CHECK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 45, METHOD_NEITHER, FILE_READ_DATA)
837 #define FSCTL_READ_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 46, METHOD_NEITHER, FILE_READ_DATA)
838 #define FSCTL_SET_OBJECT_ID_EXTENDED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 47, METHOD_BUFFERED, FILE_WRITE_DATA)
839 #define FSCTL_CREATE_OR_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 48, METHOD_BUFFERED, FILE_ANY_ACCESS)
840 #define FSCTL_SET_SPARSE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 49, METHOD_BUFFERED, FILE_WRITE_DATA)
841 #define FSCTL_SET_ZERO_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 50, METHOD_BUFFERED, FILE_WRITE_DATA)
842 #define FSCTL_QUERY_ALLOCATED_RANGES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 51, METHOD_NEITHER, FILE_READ_DATA)
843 #define FSCTL_ENABLE_UPGRADE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 52, METHOD_BUFFERED, FILE_WRITE_DATA)
844 #define FSCTL_SET_ENCRYPTION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 53, METHOD_BUFFERED, FILE_ANY_ACCESS)
845 #define FSCTL_ENCRYPTION_FSCTL_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 54, METHOD_NEITHER, FILE_ANY_ACCESS)
846 #define FSCTL_WRITE_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 55, METHOD_NEITHER, FILE_ANY_ACCESS)
847 #define FSCTL_READ_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 56, METHOD_NEITHER, FILE_ANY_ACCESS)
848 #define FSCTL_CREATE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 57, METHOD_NEITHER, FILE_READ_DATA)
849 #define FSCTL_READ_FILE_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 58, METHOD_NEITHER, FILE_READ_DATA)
850 #define FSCTL_WRITE_USN_CLOSE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 59, METHOD_NEITHER, FILE_READ_DATA)
851 #define FSCTL_EXTEND_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 60, METHOD_BUFFERED, FILE_ANY_ACCESS)
852 #define FSCTL_QUERY_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 61, METHOD_BUFFERED, FILE_ANY_ACCESS)
853 #define FSCTL_DELETE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 62, METHOD_BUFFERED, FILE_ANY_ACCESS)
854 #define FSCTL_MARK_HANDLE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 63, METHOD_BUFFERED, FILE_ANY_ACCESS)
855 #define FSCTL_SIS_COPYFILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 64, METHOD_BUFFERED, FILE_ANY_ACCESS)
856 #define FSCTL_SIS_LINK_FILES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 65, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
857 #define FSCTL_HSM_MSG CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
858 #define FSCTL_NSS_CONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 67, METHOD_BUFFERED, FILE_WRITE_DATA)
859 #define FSCTL_HSM_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
860 #define FSCTL_RECALL_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 69, METHOD_NEITHER, FILE_ANY_ACCESS)
861 #define FSCTL_NSS_RCONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 70, METHOD_BUFFERED, FILE_READ_DATA)
862 #define FSCTL_READ_FROM_PLEX CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 71, METHOD_OUT_DIRECT, FILE_READ_DATA)
863 #define FSCTL_FILE_PREFETCH CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 72, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
865 #endif /* (VER_PRODUCTBUILD >= 2195) */
867 #define FSCTL_MAILSLOT_PEEK CTL_CODE(FILE_DEVICE_MAILSLOT, 0, METHOD_NEITHER, FILE_READ_DATA)
869 #define FSCTL_NETWORK_SET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
870 #define FSCTL_NETWORK_GET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
871 #define FSCTL_NETWORK_GET_CONNECTION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS)
872 #define FSCTL_NETWORK_ENUMERATE_CONNECTIONS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS)
873 #define FSCTL_NETWORK_DELETE_CONNECTION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS)
874 #define FSCTL_NETWORK_GET_STATISTICS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 116, METHOD_BUFFERED, FILE_ANY_ACCESS)
875 #define FSCTL_NETWORK_SET_DOMAIN_NAME CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS)
876 #define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS)
878 #define FSCTL_PIPE_ASSIGN_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
879 #define FSCTL_PIPE_DISCONNECT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
880 #define FSCTL_PIPE_LISTEN CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
881 #define FSCTL_PIPE_PEEK CTL_CODE(FILE_DEVICE_NAMED_PIPE, 3, METHOD_BUFFERED, FILE_READ_DATA)
882 #define FSCTL_PIPE_QUERY_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
883 #define FSCTL_PIPE_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 5, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
884 #define FSCTL_PIPE_WAIT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
885 #define FSCTL_PIPE_IMPERSONATE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
886 #define FSCTL_PIPE_SET_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
887 #define FSCTL_PIPE_QUERY_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 9, METHOD_BUFFERED, FILE_ANY_ACCESS)
888 #define FSCTL_PIPE_INTERNAL_READ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2045, METHOD_BUFFERED, FILE_READ_DATA)
889 #define FSCTL_PIPE_INTERNAL_WRITE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2046, METHOD_BUFFERED, FILE_WRITE_DATA)
890 #define FSCTL_PIPE_INTERNAL_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2047, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
891 #define FSCTL_PIPE_INTERNAL_READ_OVFLOW CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2048, METHOD_BUFFERED, FILE_READ_DATA)
893 #define IOCTL_REDIR_QUERY_PATH CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS)
895 typedef PVOID OPLOCK
, *POPLOCK
;
900 struct _RTL_AVL_TABLE
;
901 struct _RTL_GENERIC_TABLE
;
909 typedef PVOID PNOTIFY_SYNC
;
911 typedef enum _FAST_IO_POSSIBLE
{
917 typedef enum _FILE_STORAGE_TYPE
{
918 StorageTypeDefault
= 1,
919 StorageTypeDirectory
,
921 StorageTypeJunctionPoint
,
923 StorageTypeStructuredStorage
,
924 StorageTypeEmbedding
,
928 typedef enum _OBJECT_INFORMATION_CLASS
930 ObjectBasicInformation
,
931 ObjectNameInformation
,
932 ObjectTypeInformation
,
933 ObjectTypesInformation
,
934 ObjectHandleFlagInformation
,
935 ObjectSessionInformation
,
937 } OBJECT_INFORMATION_CLASS
;
939 typedef struct _OBJECT_BASIC_INFORMATION
942 ACCESS_MASK GrantedAccess
;
945 ULONG PagedPoolCharge
;
946 ULONG NonPagedPoolCharge
;
950 ULONG SecurityDescriptorSize
;
951 LARGE_INTEGER CreationTime
;
952 } OBJECT_BASIC_INFORMATION
, *POBJECT_BASIC_INFORMATION
;
954 typedef struct _KAPC_STATE
{
955 LIST_ENTRY ApcListHead
[2];
957 BOOLEAN KernelApcInProgress
;
958 BOOLEAN KernelApcPending
;
959 BOOLEAN UserApcPending
;
960 } KAPC_STATE
, *PKAPC_STATE
, *RESTRICTED_POINTER PRKAPC_STATE
;
961 #define KAPC_STATE_ACTUAL_LENGTH (FIELD_OFFSET(KAPC_STATE, UserApcPending) + sizeof(BOOLEAN))
963 typedef struct _BITMAP_RANGE
{
966 ULONG FirstDirtyPage
;
970 } BITMAP_RANGE
, *PBITMAP_RANGE
;
972 typedef struct _CACHE_UNINITIALIZE_EVENT
{
973 struct _CACHE_UNINITIALIZE_EVENT
*Next
;
975 } CACHE_UNINITIALIZE_EVENT
, *PCACHE_UNINITIALIZE_EVENT
;
977 typedef struct _CC_FILE_SIZES
{
978 LARGE_INTEGER AllocationSize
;
979 LARGE_INTEGER FileSize
;
980 LARGE_INTEGER ValidDataLength
;
981 } CC_FILE_SIZES
, *PCC_FILE_SIZES
;
983 typedef struct _COMPRESSED_DATA_INFO
{
984 USHORT CompressionFormatAndEngine
;
985 UCHAR CompressionUnitShift
;
989 USHORT NumberOfChunks
;
990 ULONG CompressedChunkSizes
[ANYSIZE_ARRAY
];
991 } COMPRESSED_DATA_INFO
, *PCOMPRESSED_DATA_INFO
;
993 typedef struct _TOKEN_SOURCE
{
994 CHAR SourceName
[TOKEN_SOURCE_LENGTH
];
995 LUID SourceIdentifier
;
996 } TOKEN_SOURCE
,*PTOKEN_SOURCE
;
997 typedef struct _TOKEN_CONTROL
{
999 LUID AuthenticationId
;
1001 TOKEN_SOURCE TokenSource
;
1002 } TOKEN_CONTROL
,*PTOKEN_CONTROL
;
1003 typedef struct _TOKEN_DEFAULT_DACL
{
1005 } TOKEN_DEFAULT_DACL
,*PTOKEN_DEFAULT_DACL
;
1006 typedef struct _TOKEN_GROUPS
{
1008 SID_AND_ATTRIBUTES Groups
[ANYSIZE_ARRAY
];
1009 } TOKEN_GROUPS
,*PTOKEN_GROUPS
,*LPTOKEN_GROUPS
;
1010 typedef struct _TOKEN_GROUPS_AND_PRIVILEGES
{
1013 PSID_AND_ATTRIBUTES Sids
;
1014 ULONG RestrictedSidCount
;
1015 ULONG RestrictedSidLength
;
1016 PSID_AND_ATTRIBUTES RestrictedSids
;
1017 ULONG PrivilegeCount
;
1018 ULONG PrivilegeLength
;
1019 PLUID_AND_ATTRIBUTES Privileges
;
1020 LUID AuthenticationId
;
1021 } TOKEN_GROUPS_AND_PRIVILEGES
, *PTOKEN_GROUPS_AND_PRIVILEGES
;
1022 typedef struct _TOKEN_ORIGIN
{
1023 LUID OriginatingLogonSession
;
1024 } TOKEN_ORIGIN
, *PTOKEN_ORIGIN
;
1025 typedef struct _TOKEN_OWNER
{
1027 } TOKEN_OWNER
,*PTOKEN_OWNER
;
1028 typedef struct _TOKEN_PRIMARY_GROUP
{
1030 } TOKEN_PRIMARY_GROUP
,*PTOKEN_PRIMARY_GROUP
;
1031 typedef struct _TOKEN_PRIVILEGES
{
1032 ULONG PrivilegeCount
;
1033 LUID_AND_ATTRIBUTES Privileges
[ANYSIZE_ARRAY
];
1034 } TOKEN_PRIVILEGES
,*PTOKEN_PRIVILEGES
,*LPTOKEN_PRIVILEGES
;
1035 typedef enum tagTOKEN_TYPE
{
1038 } TOKEN_TYPE
,*PTOKEN_TYPE
;
1039 typedef struct _TOKEN_STATISTICS
{
1041 LUID AuthenticationId
;
1042 LARGE_INTEGER ExpirationTime
;
1043 TOKEN_TYPE TokenType
;
1044 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
;
1045 ULONG DynamicCharged
;
1046 ULONG DynamicAvailable
;
1048 ULONG PrivilegeCount
;
1050 } TOKEN_STATISTICS
, *PTOKEN_STATISTICS
;
1051 typedef struct _TOKEN_USER
{
1052 SID_AND_ATTRIBUTES User
;
1053 } TOKEN_USER
, *PTOKEN_USER
;
1055 typedef struct _SECURITY_DESCRIPTOR
{
1058 SECURITY_DESCRIPTOR_CONTROL Control
;
1063 } SECURITY_DESCRIPTOR
, *PISECURITY_DESCRIPTOR
;
1065 typedef struct _OBJECT_TYPE_LIST
{
1069 } OBJECT_TYPE_LIST
, *POBJECT_TYPE_LIST
;
1071 typedef enum _TOKEN_INFORMATION_CLASS
{
1072 TokenUser
=1,TokenGroups
,TokenPrivileges
,TokenOwner
,
1073 TokenPrimaryGroup
,TokenDefaultDacl
,TokenSource
,TokenType
,
1074 TokenImpersonationLevel
,TokenStatistics
,TokenRestrictedSids
,
1075 TokenSessionId
,TokenGroupsAndPrivileges
,TokenSessionReference
,
1076 TokenSandBoxInert
,TokenAuditPolicy
,TokenOrigin
,
1077 } TOKEN_INFORMATION_CLASS
;
1079 #define SYMLINK_FLAG_RELATIVE 1
1081 typedef struct _REPARSE_DATA_BUFFER
{
1083 USHORT ReparseDataLength
;
1085 __GNU_EXTENSION
union {
1087 USHORT SubstituteNameOffset
;
1088 USHORT SubstituteNameLength
;
1089 USHORT PrintNameOffset
;
1090 USHORT PrintNameLength
;
1092 WCHAR PathBuffer
[1];
1093 } SymbolicLinkReparseBuffer
;
1095 USHORT SubstituteNameOffset
;
1096 USHORT SubstituteNameLength
;
1097 USHORT PrintNameOffset
;
1098 USHORT PrintNameLength
;
1099 WCHAR PathBuffer
[1];
1100 } MountPointReparseBuffer
;
1102 UCHAR DataBuffer
[1];
1103 } GenericReparseBuffer
;
1105 } REPARSE_DATA_BUFFER
, *PREPARSE_DATA_BUFFER
;
1110 // MicroSoft reparse point tags
1112 #define IO_REPARSE_TAG_MOUNT_POINT (0xA0000003L)
1113 #define IO_REPARSE_TAG_HSM (0xC0000004L)
1114 #define IO_REPARSE_TAG_DRIVE_EXTENDER (0x80000005L)
1115 #define IO_REPARSE_TAG_HSM2 (0x80000006L)
1116 #define IO_REPARSE_TAG_SIS (0x80000007L)
1117 #define IO_REPARSE_TAG_DFS (0x8000000AL)
1118 #define IO_REPARSE_TAG_FILTER_MANAGER (0x8000000BL)
1119 #define IO_REPARSE_TAG_SYMLINK (0xA000000CL)
1120 #define IO_REPARSE_TAG_IIS_CACHE (0xA0000010L)
1121 #define IO_REPARSE_TAG_DFSR (0x80000012L)
1124 // Reserved reparse tags
1126 #define IO_REPARSE_TAG_RESERVED_ZERO (0)
1127 #define IO_REPARSE_TAG_RESERVED_ONE (1)
1128 #define IO_REPARSE_TAG_RESERVED_RANGE IO_REPARSE_TAG_RESERVED_ONE
1131 #define REPARSE_DATA_BUFFER_HEADER_SIZE FIELD_OFFSET(REPARSE_DATA_BUFFER, GenericReparseBuffer)
1133 typedef struct _FILE_ACCESS_INFORMATION
{
1134 ACCESS_MASK AccessFlags
;
1135 } FILE_ACCESS_INFORMATION
, *PFILE_ACCESS_INFORMATION
;
1137 typedef struct _FILE_ALLOCATION_INFORMATION
{
1138 LARGE_INTEGER AllocationSize
;
1139 } FILE_ALLOCATION_INFORMATION
, *PFILE_ALLOCATION_INFORMATION
;
1141 typedef struct _FILE_BOTH_DIR_INFORMATION
{
1142 ULONG NextEntryOffset
;
1144 LARGE_INTEGER CreationTime
;
1145 LARGE_INTEGER LastAccessTime
;
1146 LARGE_INTEGER LastWriteTime
;
1147 LARGE_INTEGER ChangeTime
;
1148 LARGE_INTEGER EndOfFile
;
1149 LARGE_INTEGER AllocationSize
;
1150 ULONG FileAttributes
;
1151 ULONG FileNameLength
;
1153 CCHAR ShortNameLength
;
1154 WCHAR ShortName
[12];
1156 } FILE_BOTH_DIR_INFORMATION
, *PFILE_BOTH_DIR_INFORMATION
;
1158 typedef struct _FILE_COMPLETION_INFORMATION
{
1161 } FILE_COMPLETION_INFORMATION
, *PFILE_COMPLETION_INFORMATION
;
1163 typedef struct _FILE_COMPRESSION_INFORMATION
{
1164 LARGE_INTEGER CompressedFileSize
;
1165 USHORT CompressionFormat
;
1166 UCHAR CompressionUnitShift
;
1170 } FILE_COMPRESSION_INFORMATION
, *PFILE_COMPRESSION_INFORMATION
;
1172 typedef struct _FILE_COPY_ON_WRITE_INFORMATION
{
1173 BOOLEAN ReplaceIfExists
;
1174 HANDLE RootDirectory
;
1175 ULONG FileNameLength
;
1177 } FILE_COPY_ON_WRITE_INFORMATION
, *PFILE_COPY_ON_WRITE_INFORMATION
;
1179 typedef struct _FILE_DIRECTORY_INFORMATION
{
1180 ULONG NextEntryOffset
;
1182 LARGE_INTEGER CreationTime
;
1183 LARGE_INTEGER LastAccessTime
;
1184 LARGE_INTEGER LastWriteTime
;
1185 LARGE_INTEGER ChangeTime
;
1186 LARGE_INTEGER EndOfFile
;
1187 LARGE_INTEGER AllocationSize
;
1188 ULONG FileAttributes
;
1189 ULONG FileNameLength
;
1191 } FILE_DIRECTORY_INFORMATION
, *PFILE_DIRECTORY_INFORMATION
;
1193 typedef struct _FILE_FULL_DIRECTORY_INFORMATION
{
1194 ULONG NextEntryOffset
;
1196 LARGE_INTEGER CreationTime
;
1197 LARGE_INTEGER LastAccessTime
;
1198 LARGE_INTEGER LastWriteTime
;
1199 LARGE_INTEGER ChangeTime
;
1200 LARGE_INTEGER EndOfFile
;
1201 LARGE_INTEGER AllocationSize
;
1202 ULONG FileAttributes
;
1203 ULONG FileNameLength
;
1205 WCHAR FileName
[ANYSIZE_ARRAY
];
1206 } FILE_FULL_DIRECTORY_INFORMATION
, *PFILE_FULL_DIRECTORY_INFORMATION
;
1208 typedef struct _FILE_ID_FULL_DIR_INFORMATION
{
1209 ULONG NextEntryOffset
;
1211 LARGE_INTEGER CreationTime
;
1212 LARGE_INTEGER LastAccessTime
;
1213 LARGE_INTEGER LastWriteTime
;
1214 LARGE_INTEGER ChangeTime
;
1215 LARGE_INTEGER EndOfFile
;
1216 LARGE_INTEGER AllocationSize
;
1217 ULONG FileAttributes
;
1218 ULONG FileNameLength
;
1220 LARGE_INTEGER FileId
;
1222 } FILE_ID_FULL_DIR_INFORMATION
, *PFILE_ID_FULL_DIR_INFORMATION
;
1224 typedef struct _FILE_ID_BOTH_DIR_INFORMATION
{
1225 ULONG NextEntryOffset
;
1227 LARGE_INTEGER CreationTime
;
1228 LARGE_INTEGER LastAccessTime
;
1229 LARGE_INTEGER LastWriteTime
;
1230 LARGE_INTEGER ChangeTime
;
1231 LARGE_INTEGER EndOfFile
;
1232 LARGE_INTEGER AllocationSize
;
1233 ULONG FileAttributes
;
1234 ULONG FileNameLength
;
1236 CCHAR ShortNameLength
;
1237 WCHAR ShortName
[12];
1238 LARGE_INTEGER FileId
;
1240 } FILE_ID_BOTH_DIR_INFORMATION
, *PFILE_ID_BOTH_DIR_INFORMATION
;
1242 typedef struct _FILE_EA_INFORMATION
{
1244 } FILE_EA_INFORMATION
, *PFILE_EA_INFORMATION
;
1246 typedef struct _FILE_FS_ATTRIBUTE_INFORMATION
{
1247 ULONG FileSystemAttributes
;
1248 ULONG MaximumComponentNameLength
;
1249 ULONG FileSystemNameLength
;
1250 WCHAR FileSystemName
[1];
1251 } FILE_FS_ATTRIBUTE_INFORMATION
, *PFILE_FS_ATTRIBUTE_INFORMATION
;
1253 typedef struct _FILE_FS_CONTROL_INFORMATION
{
1254 LARGE_INTEGER FreeSpaceStartFiltering
;
1255 LARGE_INTEGER FreeSpaceThreshold
;
1256 LARGE_INTEGER FreeSpaceStopFiltering
;
1257 LARGE_INTEGER DefaultQuotaThreshold
;
1258 LARGE_INTEGER DefaultQuotaLimit
;
1259 ULONG FileSystemControlFlags
;
1260 } FILE_FS_CONTROL_INFORMATION
, *PFILE_FS_CONTROL_INFORMATION
;
1262 typedef struct _FILE_FS_FULL_SIZE_INFORMATION
{
1263 LARGE_INTEGER TotalAllocationUnits
;
1264 LARGE_INTEGER CallerAvailableAllocationUnits
;
1265 LARGE_INTEGER ActualAvailableAllocationUnits
;
1266 ULONG SectorsPerAllocationUnit
;
1267 ULONG BytesPerSector
;
1268 } FILE_FS_FULL_SIZE_INFORMATION
, *PFILE_FS_FULL_SIZE_INFORMATION
;
1270 typedef struct _FILE_FS_LABEL_INFORMATION
{
1271 ULONG VolumeLabelLength
;
1272 WCHAR VolumeLabel
[1];
1273 } FILE_FS_LABEL_INFORMATION
, *PFILE_FS_LABEL_INFORMATION
;
1275 #if (VER_PRODUCTBUILD >= 2195)
1277 typedef struct _FILE_FS_OBJECT_ID_INFORMATION
{
1279 UCHAR ExtendedInfo
[48];
1280 } FILE_FS_OBJECT_ID_INFORMATION
, *PFILE_FS_OBJECT_ID_INFORMATION
;
1282 #endif /* (VER_PRODUCTBUILD >= 2195) */
1284 typedef struct _FILE_FS_SIZE_INFORMATION
{
1285 LARGE_INTEGER TotalAllocationUnits
;
1286 LARGE_INTEGER AvailableAllocationUnits
;
1287 ULONG SectorsPerAllocationUnit
;
1288 ULONG BytesPerSector
;
1289 } FILE_FS_SIZE_INFORMATION
, *PFILE_FS_SIZE_INFORMATION
;
1291 typedef struct _FILE_FS_VOLUME_INFORMATION
{
1292 LARGE_INTEGER VolumeCreationTime
;
1293 ULONG VolumeSerialNumber
;
1294 ULONG VolumeLabelLength
;
1295 BOOLEAN SupportsObjects
;
1296 WCHAR VolumeLabel
[1];
1297 } FILE_FS_VOLUME_INFORMATION
, *PFILE_FS_VOLUME_INFORMATION
;
1299 typedef struct _FILE_FS_OBJECTID_INFORMATION
1302 UCHAR ExtendedInfo
[48];
1303 } FILE_FS_OBJECTID_INFORMATION
, *PFILE_FS_OBJECTID_INFORMATION
;
1305 typedef struct _FILE_FS_DRIVER_PATH_INFORMATION
1307 BOOLEAN DriverInPath
;
1308 ULONG DriverNameLength
;
1309 WCHAR DriverName
[1];
1310 } FILE_FS_DRIVER_PATH_INFORMATION
, *PFILE_FS_DRIVER_PATH_INFORMATION
;
1312 typedef struct _FILE_FULL_DIR_INFORMATION
{
1313 ULONG NextEntryOffset
;
1315 LARGE_INTEGER CreationTime
;
1316 LARGE_INTEGER LastAccessTime
;
1317 LARGE_INTEGER LastWriteTime
;
1318 LARGE_INTEGER ChangeTime
;
1319 LARGE_INTEGER EndOfFile
;
1320 LARGE_INTEGER AllocationSize
;
1321 ULONG FileAttributes
;
1322 ULONG FileNameLength
;
1325 } FILE_FULL_DIR_INFORMATION
, *PFILE_FULL_DIR_INFORMATION
;
1327 typedef struct _FILE_GET_EA_INFORMATION
{
1328 ULONG NextEntryOffset
;
1331 } FILE_GET_EA_INFORMATION
, *PFILE_GET_EA_INFORMATION
;
1333 typedef struct _FILE_GET_QUOTA_INFORMATION
{
1334 ULONG NextEntryOffset
;
1337 } FILE_GET_QUOTA_INFORMATION
, *PFILE_GET_QUOTA_INFORMATION
;
1339 typedef struct _FILE_QUOTA_INFORMATION
1341 ULONG NextEntryOffset
;
1343 LARGE_INTEGER ChangeTime
;
1344 LARGE_INTEGER QuotaUsed
;
1345 LARGE_INTEGER QuotaThreshold
;
1346 LARGE_INTEGER QuotaLimit
;
1348 } FILE_QUOTA_INFORMATION
, *PFILE_QUOTA_INFORMATION
;
1350 typedef struct _FILE_INTERNAL_INFORMATION
{
1351 LARGE_INTEGER IndexNumber
;
1352 } FILE_INTERNAL_INFORMATION
, *PFILE_INTERNAL_INFORMATION
;
1354 typedef struct _FILE_LINK_INFORMATION
{
1355 BOOLEAN ReplaceIfExists
;
1356 HANDLE RootDirectory
;
1357 ULONG FileNameLength
;
1359 } FILE_LINK_INFORMATION
, *PFILE_LINK_INFORMATION
;
1361 typedef struct _FILE_LOCK_INFO
1363 LARGE_INTEGER StartingByte
;
1364 LARGE_INTEGER Length
;
1365 BOOLEAN ExclusiveLock
;
1367 PFILE_OBJECT FileObject
;
1369 LARGE_INTEGER EndingByte
;
1370 } FILE_LOCK_INFO
, *PFILE_LOCK_INFO
;
1372 typedef struct _FILE_REPARSE_POINT_INFORMATION
1374 LONGLONG FileReference
;
1376 } FILE_REPARSE_POINT_INFORMATION
, *PFILE_REPARSE_POINT_INFORMATION
;
1378 typedef struct _FILE_MOVE_CLUSTER_INFORMATION
1381 HANDLE RootDirectory
;
1382 ULONG FileNameLength
;
1384 } FILE_MOVE_CLUSTER_INFORMATION
, *PFILE_MOVE_CLUSTER_INFORMATION
;
1386 typedef struct _FILE_NOTIFY_INFORMATION
1388 ULONG NextEntryOffset
;
1390 ULONG FileNameLength
;
1392 } FILE_NOTIFY_INFORMATION
, *PFILE_NOTIFY_INFORMATION
;
1394 /* raw internal file lock struct returned from FsRtlGetNextFileLock */
1395 typedef struct _FILE_SHARED_LOCK_ENTRY
{
1398 FILE_LOCK_INFO FileLock
;
1399 } FILE_SHARED_LOCK_ENTRY
, *PFILE_SHARED_LOCK_ENTRY
;
1401 /* raw internal file lock struct returned from FsRtlGetNextFileLock */
1402 typedef struct _FILE_EXCLUSIVE_LOCK_ENTRY
{
1403 LIST_ENTRY ListEntry
;
1406 FILE_LOCK_INFO FileLock
;
1407 } FILE_EXCLUSIVE_LOCK_ENTRY
, *PFILE_EXCLUSIVE_LOCK_ENTRY
;
1409 typedef NTSTATUS (NTAPI
*PCOMPLETE_LOCK_IRP_ROUTINE
) (
1414 typedef VOID (NTAPI
*PUNLOCK_ROUTINE
) (
1416 IN PFILE_LOCK_INFO FileLockInfo
1419 typedef struct _FILE_LOCK
{
1420 PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine
;
1421 PUNLOCK_ROUTINE UnlockRoutine
;
1422 BOOLEAN FastIoIsQuestionable
;
1424 PVOID LockInformation
;
1425 FILE_LOCK_INFO LastReturnedLockInfo
;
1426 PVOID LastReturnedLock
;
1427 } FILE_LOCK
, *PFILE_LOCK
;
1429 typedef struct _FILE_MAILSLOT_PEEK_BUFFER
{
1430 ULONG ReadDataAvailable
;
1431 ULONG NumberOfMessages
;
1432 ULONG MessageLength
;
1433 } FILE_MAILSLOT_PEEK_BUFFER
, *PFILE_MAILSLOT_PEEK_BUFFER
;
1435 typedef struct _FILE_MAILSLOT_QUERY_INFORMATION
{
1436 ULONG MaximumMessageSize
;
1437 ULONG MailslotQuota
;
1438 ULONG NextMessageSize
;
1439 ULONG MessagesAvailable
;
1440 LARGE_INTEGER ReadTimeout
;
1441 } FILE_MAILSLOT_QUERY_INFORMATION
, *PFILE_MAILSLOT_QUERY_INFORMATION
;
1443 typedef struct _FILE_MAILSLOT_SET_INFORMATION
{
1444 PLARGE_INTEGER ReadTimeout
;
1445 } FILE_MAILSLOT_SET_INFORMATION
, *PFILE_MAILSLOT_SET_INFORMATION
;
1447 typedef struct _FILE_MODE_INFORMATION
{
1449 } FILE_MODE_INFORMATION
, *PFILE_MODE_INFORMATION
;
1451 typedef struct _FILE_ALL_INFORMATION
{
1452 FILE_BASIC_INFORMATION BasicInformation
;
1453 FILE_STANDARD_INFORMATION StandardInformation
;
1454 FILE_INTERNAL_INFORMATION InternalInformation
;
1455 FILE_EA_INFORMATION EaInformation
;
1456 FILE_ACCESS_INFORMATION AccessInformation
;
1457 FILE_POSITION_INFORMATION PositionInformation
;
1458 FILE_MODE_INFORMATION ModeInformation
;
1459 FILE_ALIGNMENT_INFORMATION AlignmentInformation
;
1460 FILE_NAME_INFORMATION NameInformation
;
1461 } FILE_ALL_INFORMATION
, *PFILE_ALL_INFORMATION
;
1463 typedef struct _FILE_NAMES_INFORMATION
{
1464 ULONG NextEntryOffset
;
1466 ULONG FileNameLength
;
1468 } FILE_NAMES_INFORMATION
, *PFILE_NAMES_INFORMATION
;
1470 typedef struct _FILE_OBJECTID_INFORMATION
{
1471 LONGLONG FileReference
;
1473 _ANONYMOUS_UNION
union {
1474 __GNU_EXTENSION
struct {
1475 UCHAR BirthVolumeId
[16];
1476 UCHAR BirthObjectId
[16];
1479 UCHAR ExtendedInfo
[48];
1481 } FILE_OBJECTID_INFORMATION
, *PFILE_OBJECTID_INFORMATION
;
1483 typedef struct _FILE_OLE_CLASSID_INFORMATION
{
1485 } FILE_OLE_CLASSID_INFORMATION
, *PFILE_OLE_CLASSID_INFORMATION
;
1487 typedef struct _FILE_OLE_ALL_INFORMATION
{
1488 FILE_BASIC_INFORMATION BasicInformation
;
1489 FILE_STANDARD_INFORMATION StandardInformation
;
1490 FILE_INTERNAL_INFORMATION InternalInformation
;
1491 FILE_EA_INFORMATION EaInformation
;
1492 FILE_ACCESS_INFORMATION AccessInformation
;
1493 FILE_POSITION_INFORMATION PositionInformation
;
1494 FILE_MODE_INFORMATION ModeInformation
;
1495 FILE_ALIGNMENT_INFORMATION AlignmentInformation
;
1498 LARGE_INTEGER SecurityChangeTime
;
1499 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation
;
1500 FILE_OBJECTID_INFORMATION ObjectIdInformation
;
1501 FILE_STORAGE_TYPE StorageType
;
1504 ULONG NumberOfStreamReferences
;
1507 BOOLEAN ContentIndexDisable
;
1508 BOOLEAN InheritContentIndexDisable
;
1509 FILE_NAME_INFORMATION NameInformation
;
1510 } FILE_OLE_ALL_INFORMATION
, *PFILE_OLE_ALL_INFORMATION
;
1512 typedef struct _FILE_OLE_DIR_INFORMATION
{
1513 ULONG NextEntryOffset
;
1515 LARGE_INTEGER CreationTime
;
1516 LARGE_INTEGER LastAccessTime
;
1517 LARGE_INTEGER LastWriteTime
;
1518 LARGE_INTEGER ChangeTime
;
1519 LARGE_INTEGER EndOfFile
;
1520 LARGE_INTEGER AllocationSize
;
1521 ULONG FileAttributes
;
1522 ULONG FileNameLength
;
1523 FILE_STORAGE_TYPE StorageType
;
1526 BOOLEAN ContentIndexDisable
;
1527 BOOLEAN InheritContentIndexDisable
;
1529 } FILE_OLE_DIR_INFORMATION
, *PFILE_OLE_DIR_INFORMATION
;
1531 typedef struct _FILE_OLE_INFORMATION
{
1532 LARGE_INTEGER SecurityChangeTime
;
1533 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation
;
1534 FILE_OBJECTID_INFORMATION ObjectIdInformation
;
1535 FILE_STORAGE_TYPE StorageType
;
1537 BOOLEAN ContentIndexDisable
;
1538 BOOLEAN InheritContentIndexDisable
;
1539 } FILE_OLE_INFORMATION
, *PFILE_OLE_INFORMATION
;
1541 typedef struct _FILE_OLE_STATE_BITS_INFORMATION
{
1543 ULONG StateBitsMask
;
1544 } FILE_OLE_STATE_BITS_INFORMATION
, *PFILE_OLE_STATE_BITS_INFORMATION
;
1546 typedef struct _FILE_PIPE_ASSIGN_EVENT_BUFFER
{
1549 } FILE_PIPE_ASSIGN_EVENT_BUFFER
, *PFILE_PIPE_ASSIGN_EVENT_BUFFER
;
1551 typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER
{
1552 PVOID ClientSession
;
1553 PVOID ClientProcess
;
1554 } FILE_PIPE_CLIENT_PROCESS_BUFFER
, *PFILE_PIPE_CLIENT_PROCESS_BUFFER
;
1556 typedef struct _FILE_PIPE_EVENT_BUFFER
{
1557 ULONG NamedPipeState
;
1561 ULONG NumberRequests
;
1562 } FILE_PIPE_EVENT_BUFFER
, *PFILE_PIPE_EVENT_BUFFER
;
1564 typedef struct _FILE_PIPE_PEEK_BUFFER
1566 ULONG NamedPipeState
;
1567 ULONG ReadDataAvailable
;
1568 ULONG NumberOfMessages
;
1569 ULONG MessageLength
;
1571 } FILE_PIPE_PEEK_BUFFER
, *PFILE_PIPE_PEEK_BUFFER
;
1573 typedef struct _FILE_PIPE_INFORMATION
{
1575 ULONG CompletionMode
;
1576 } FILE_PIPE_INFORMATION
, *PFILE_PIPE_INFORMATION
;
1578 typedef struct _FILE_PIPE_LOCAL_INFORMATION
{
1579 ULONG NamedPipeType
;
1580 ULONG NamedPipeConfiguration
;
1581 ULONG MaximumInstances
;
1582 ULONG CurrentInstances
;
1584 ULONG ReadDataAvailable
;
1585 ULONG OutboundQuota
;
1586 ULONG WriteQuotaAvailable
;
1587 ULONG NamedPipeState
;
1589 } FILE_PIPE_LOCAL_INFORMATION
, *PFILE_PIPE_LOCAL_INFORMATION
;
1591 typedef struct _FILE_PIPE_REMOTE_INFORMATION
{
1592 LARGE_INTEGER CollectDataTime
;
1593 ULONG MaximumCollectionCount
;
1594 } FILE_PIPE_REMOTE_INFORMATION
, *PFILE_PIPE_REMOTE_INFORMATION
;
1596 typedef struct _FILE_PIPE_WAIT_FOR_BUFFER
{
1597 LARGE_INTEGER Timeout
;
1599 BOOLEAN TimeoutSpecified
;
1601 } FILE_PIPE_WAIT_FOR_BUFFER
, *PFILE_PIPE_WAIT_FOR_BUFFER
;
1603 typedef struct _FILE_RENAME_INFORMATION
{
1604 BOOLEAN ReplaceIfExists
;
1605 HANDLE RootDirectory
;
1606 ULONG FileNameLength
;
1608 } FILE_RENAME_INFORMATION
, *PFILE_RENAME_INFORMATION
;
1610 typedef struct _FILE_STREAM_INFORMATION
{
1611 ULONG NextEntryOffset
;
1612 ULONG StreamNameLength
;
1613 LARGE_INTEGER StreamSize
;
1614 LARGE_INTEGER StreamAllocationSize
;
1615 WCHAR StreamName
[1];
1616 } FILE_STREAM_INFORMATION
, *PFILE_STREAM_INFORMATION
;
1618 typedef struct _FILE_TRACKING_INFORMATION
{
1619 HANDLE DestinationFile
;
1620 ULONG ObjectInformationLength
;
1621 CHAR ObjectInformation
[1];
1622 } FILE_TRACKING_INFORMATION
, *PFILE_TRACKING_INFORMATION
;
1624 #if (VER_PRODUCTBUILD >= 2195)
1625 typedef struct _FILE_ZERO_DATA_INFORMATION
{
1626 LARGE_INTEGER FileOffset
;
1627 LARGE_INTEGER BeyondFinalZero
;
1628 } FILE_ZERO_DATA_INFORMATION
, *PFILE_ZERO_DATA_INFORMATION
;
1630 typedef struct FILE_ALLOCATED_RANGE_BUFFER
{
1631 LARGE_INTEGER FileOffset
;
1632 LARGE_INTEGER Length
;
1633 } FILE_ALLOCATED_RANGE_BUFFER
, *PFILE_ALLOCATED_RANGE_BUFFER
;
1634 #endif /* (VER_PRODUCTBUILD >= 2195) */
1636 #define FSRTL_FCB_HEADER_V0 (0x00)
1637 #define FSRTL_FCB_HEADER_V1 (0x01)
1640 typedef struct _FSRTL_COMMON_FCB_HEADER
{
1641 CSHORT NodeTypeCode
;
1642 CSHORT NodeByteSize
;
1644 UCHAR IsFastIoPossible
;
1645 #if (VER_PRODUCTBUILD >= 1381)
1648 #endif /* (VER_PRODUCTBUILD >= 1381) */
1649 PERESOURCE Resource
;
1650 PERESOURCE PagingIoResource
;
1651 LARGE_INTEGER AllocationSize
;
1652 LARGE_INTEGER FileSize
;
1653 LARGE_INTEGER ValidDataLength
;
1654 } FSRTL_COMMON_FCB_HEADER
, *PFSRTL_COMMON_FCB_HEADER
;
1656 typedef enum _FSRTL_COMPARISON_RESULT
1661 } FSRTL_COMPARISON_RESULT
;
1663 #if (VER_PRODUCTBUILD >= 2600)
1665 typedef struct _FSRTL_ADVANCED_FCB_HEADER
{
1666 CSHORT NodeTypeCode
;
1667 CSHORT NodeByteSize
;
1669 UCHAR IsFastIoPossible
;
1673 PERESOURCE Resource
;
1674 PERESOURCE PagingIoResource
;
1675 LARGE_INTEGER AllocationSize
;
1676 LARGE_INTEGER FileSize
;
1677 LARGE_INTEGER ValidDataLength
;
1678 PFAST_MUTEX FastMutex
;
1679 LIST_ENTRY FilterContexts
;
1680 EX_PUSH_LOCK PushLock
;
1681 PVOID
*FileContextSupportPointer
;
1682 } FSRTL_ADVANCED_FCB_HEADER
, *PFSRTL_ADVANCED_FCB_HEADER
;
1684 typedef struct _FSRTL_PER_STREAM_CONTEXT
{
1688 PFREE_FUNCTION FreeCallback
;
1689 } FSRTL_PER_STREAM_CONTEXT
, *PFSRTL_PER_STREAM_CONTEXT
;
1691 typedef struct _FSRTL_PER_FILEOBJECT_CONTEXT
1696 } FSRTL_PER_FILEOBJECT_CONTEXT
, *PFSRTL_PER_FILEOBJECT_CONTEXT
;
1698 #endif /* (VER_PRODUCTBUILD >= 2600) */
1700 typedef struct _BASE_MCB
1702 ULONG MaximumPairCount
;
1707 } BASE_MCB
, *PBASE_MCB
;
1709 typedef struct _LARGE_MCB
1711 PKGUARDED_MUTEX GuardedMutex
;
1713 } LARGE_MCB
, *PLARGE_MCB
;
1717 LARGE_MCB DummyFieldThatSizesThisStructureCorrectly
;
1720 typedef struct _GENERATE_NAME_CONTEXT
{
1722 BOOLEAN CheckSumInserted
;
1724 WCHAR NameBuffer
[8];
1725 ULONG ExtensionLength
;
1726 WCHAR ExtensionBuffer
[4];
1727 ULONG LastIndexValue
;
1728 } GENERATE_NAME_CONTEXT
, *PGENERATE_NAME_CONTEXT
;
1730 typedef struct _MAPPING_PAIR
{
1733 } MAPPING_PAIR
, *PMAPPING_PAIR
;
1735 typedef struct _GET_RETRIEVAL_DESCRIPTOR
{
1736 ULONG NumberOfPairs
;
1738 MAPPING_PAIR Pair
[1];
1739 } GET_RETRIEVAL_DESCRIPTOR
, *PGET_RETRIEVAL_DESCRIPTOR
;
1741 typedef struct _KQUEUE
{
1742 DISPATCHER_HEADER Header
;
1743 LIST_ENTRY EntryListHead
;
1746 LIST_ENTRY ThreadListHead
;
1747 } KQUEUE
, *PKQUEUE
, *RESTRICTED_POINTER PRKQUEUE
;
1749 #define ASSERT_QUEUE(Q) ASSERT(((Q)->Header.Type & KOBJECT_TYPE_MASK) == QueueObject);
1751 typedef struct _MBCB
{
1752 CSHORT NodeTypeCode
;
1753 CSHORT NodeIsInZone
;
1757 LIST_ENTRY BitmapRanges
;
1758 LONGLONG ResumeWritePage
;
1759 BITMAP_RANGE BitmapRange1
;
1760 BITMAP_RANGE BitmapRange2
;
1761 BITMAP_RANGE BitmapRange3
;
1764 typedef enum _MMFLUSH_TYPE
{
1769 typedef struct _MOVEFILE_DESCRIPTOR
{
1772 LARGE_INTEGER StartVcn
;
1773 LARGE_INTEGER TargetLcn
;
1776 } MOVEFILE_DESCRIPTOR
, *PMOVEFILE_DESCRIPTOR
;
1778 typedef struct _OBJECT_BASIC_INFO
{
1780 ACCESS_MASK GrantedAccess
;
1782 ULONG ReferenceCount
;
1783 ULONG PagedPoolUsage
;
1784 ULONG NonPagedPoolUsage
;
1786 ULONG NameInformationLength
;
1787 ULONG TypeInformationLength
;
1788 ULONG SecurityDescriptorLength
;
1789 LARGE_INTEGER CreateTime
;
1790 } OBJECT_BASIC_INFO
, *POBJECT_BASIC_INFO
;
1792 typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFO
{
1794 BOOLEAN ProtectFromClose
;
1795 } OBJECT_HANDLE_ATTRIBUTE_INFO
, *POBJECT_HANDLE_ATTRIBUTE_INFO
;
1797 typedef struct _OBJECT_NAME_INFO
{
1798 UNICODE_STRING ObjectName
;
1799 WCHAR ObjectNameBuffer
[1];
1800 } OBJECT_NAME_INFO
, *POBJECT_NAME_INFO
;
1802 typedef struct _OBJECT_PROTECTION_INFO
{
1804 BOOLEAN ProtectHandle
;
1805 } OBJECT_PROTECTION_INFO
, *POBJECT_PROTECTION_INFO
;
1807 typedef struct _OBJECT_TYPE_INFO
{
1808 UNICODE_STRING ObjectTypeName
;
1809 UCHAR Unknown
[0x58];
1810 WCHAR ObjectTypeNameBuffer
[1];
1811 } OBJECT_TYPE_INFO
, *POBJECT_TYPE_INFO
;
1813 typedef struct _OBJECT_ALL_TYPES_INFO
{
1814 ULONG NumberOfObjectTypes
;
1815 OBJECT_TYPE_INFO ObjectsTypeInfo
[1];
1816 } OBJECT_ALL_TYPES_INFO
, *POBJECT_ALL_TYPES_INFO
;
1818 typedef struct _PATHNAME_BUFFER
{
1819 ULONG PathNameLength
;
1821 } PATHNAME_BUFFER
, *PPATHNAME_BUFFER
;
1823 typedef enum _RTL_GENERIC_COMPARE_RESULTS
1828 } RTL_GENERIC_COMPARE_RESULTS
;
1830 typedef enum _TABLE_SEARCH_RESULT
1836 } TABLE_SEARCH_RESULT
;
1839 (NTAPI
*PRTL_AVL_MATCH_FUNCTION
)(
1840 struct _RTL_AVL_TABLE
*Table
,
1845 typedef RTL_GENERIC_COMPARE_RESULTS
1846 (NTAPI
*PRTL_AVL_COMPARE_ROUTINE
) (
1847 struct _RTL_AVL_TABLE
*Table
,
1852 typedef RTL_GENERIC_COMPARE_RESULTS
1853 (NTAPI
*PRTL_GENERIC_COMPARE_ROUTINE
) (
1854 struct _RTL_GENERIC_TABLE
*Table
,
1860 (NTAPI
*PRTL_GENERIC_ALLOCATE_ROUTINE
) (
1861 struct _RTL_GENERIC_TABLE
*Table
,
1866 (NTAPI
*PRTL_GENERIC_FREE_ROUTINE
) (
1867 struct _RTL_GENERIC_TABLE
*Table
,
1872 (NTAPI
*PRTL_AVL_ALLOCATE_ROUTINE
) (
1873 struct _RTL_AVL_TABLE
*Table
,
1878 (NTAPI
*PRTL_AVL_FREE_ROUTINE
) (
1879 struct _RTL_AVL_TABLE
*Table
,
1883 typedef struct _PUBLIC_BCB
{
1884 CSHORT NodeTypeCode
;
1885 CSHORT NodeByteSize
;
1887 LARGE_INTEGER MappedFileOffset
;
1888 } PUBLIC_BCB
, *PPUBLIC_BCB
;
1890 typedef struct _QUERY_PATH_REQUEST
{
1891 ULONG PathNameLength
;
1892 PIO_SECURITY_CONTEXT SecurityContext
;
1893 WCHAR FilePathName
[1];
1894 } QUERY_PATH_REQUEST
, *PQUERY_PATH_REQUEST
;
1896 typedef struct _QUERY_PATH_RESPONSE
{
1897 ULONG LengthAccepted
;
1898 } QUERY_PATH_RESPONSE
, *PQUERY_PATH_RESPONSE
;
1900 typedef struct _RETRIEVAL_POINTERS_BUFFER
{
1902 LARGE_INTEGER StartingVcn
;
1904 LARGE_INTEGER NextVcn
;
1907 } RETRIEVAL_POINTERS_BUFFER
, *PRETRIEVAL_POINTERS_BUFFER
;
1909 typedef struct _RTL_SPLAY_LINKS
{
1910 struct _RTL_SPLAY_LINKS
*Parent
;
1911 struct _RTL_SPLAY_LINKS
*LeftChild
;
1912 struct _RTL_SPLAY_LINKS
*RightChild
;
1913 } RTL_SPLAY_LINKS
, *PRTL_SPLAY_LINKS
;
1915 typedef struct _RTL_BALANCED_LINKS
1917 struct _RTL_BALANCED_LINKS
*Parent
;
1918 struct _RTL_BALANCED_LINKS
*LeftChild
;
1919 struct _RTL_BALANCED_LINKS
*RightChild
;
1922 } RTL_BALANCED_LINKS
, *PRTL_BALANCED_LINKS
;
1924 typedef struct _RTL_GENERIC_TABLE
1926 PRTL_SPLAY_LINKS TableRoot
;
1927 LIST_ENTRY InsertOrderList
;
1928 PLIST_ENTRY OrderedPointer
;
1929 ULONG WhichOrderedElement
;
1930 ULONG NumberGenericTableElements
;
1931 PRTL_GENERIC_COMPARE_ROUTINE CompareRoutine
;
1932 PRTL_GENERIC_ALLOCATE_ROUTINE AllocateRoutine
;
1933 PRTL_GENERIC_FREE_ROUTINE FreeRoutine
;
1935 } RTL_GENERIC_TABLE
, *PRTL_GENERIC_TABLE
;
1937 typedef struct _UNICODE_PREFIX_TABLE_ENTRY
1939 CSHORT NodeTypeCode
;
1941 struct _UNICODE_PREFIX_TABLE_ENTRY
*NextPrefixTree
;
1942 struct _UNICODE_PREFIX_TABLE_ENTRY
*CaseMatch
;
1943 RTL_SPLAY_LINKS Links
;
1944 PUNICODE_STRING Prefix
;
1945 } UNICODE_PREFIX_TABLE_ENTRY
, *PUNICODE_PREFIX_TABLE_ENTRY
;
1947 typedef struct _UNICODE_PREFIX_TABLE
1949 CSHORT NodeTypeCode
;
1951 PUNICODE_PREFIX_TABLE_ENTRY NextPrefixTree
;
1952 PUNICODE_PREFIX_TABLE_ENTRY LastNextEntry
;
1953 } UNICODE_PREFIX_TABLE
, *PUNICODE_PREFIX_TABLE
;
1958 RtlInitializeUnicodePrefix (
1959 IN PUNICODE_PREFIX_TABLE PrefixTable
1965 RtlInsertUnicodePrefix (
1966 IN PUNICODE_PREFIX_TABLE PrefixTable
,
1967 IN PUNICODE_STRING Prefix
,
1968 IN PUNICODE_PREFIX_TABLE_ENTRY PrefixTableEntry
1974 RtlRemoveUnicodePrefix (
1975 IN PUNICODE_PREFIX_TABLE PrefixTable
,
1976 IN PUNICODE_PREFIX_TABLE_ENTRY PrefixTableEntry
1980 PUNICODE_PREFIX_TABLE_ENTRY
1982 RtlFindUnicodePrefix (
1983 IN PUNICODE_PREFIX_TABLE PrefixTable
,
1984 IN PUNICODE_STRING FullName
,
1985 IN ULONG CaseInsensitiveIndex
1989 PUNICODE_PREFIX_TABLE_ENTRY
1991 RtlNextUnicodePrefix (
1992 IN PUNICODE_PREFIX_TABLE PrefixTable
,
1996 #undef PRTL_GENERIC_COMPARE_ROUTINE
1997 #undef PRTL_GENERIC_ALLOCATE_ROUTINE
1998 #undef PRTL_GENERIC_FREE_ROUTINE
1999 #undef RTL_GENERIC_TABLE
2000 #undef PRTL_GENERIC_TABLE
2002 #define PRTL_GENERIC_COMPARE_ROUTINE PRTL_AVL_COMPARE_ROUTINE
2003 #define PRTL_GENERIC_ALLOCATE_ROUTINE PRTL_AVL_ALLOCATE_ROUTINE
2004 #define PRTL_GENERIC_FREE_ROUTINE PRTL_AVL_FREE_ROUTINE
2005 #define RTL_GENERIC_TABLE RTL_AVL_TABLE
2006 #define PRTL_GENERIC_TABLE PRTL_AVL_TABLE
2008 #define RtlInitializeGenericTable RtlInitializeGenericTableAvl
2009 #define RtlInsertElementGenericTable RtlInsertElementGenericTableAvl
2010 #define RtlInsertElementGenericTableFull RtlInsertElementGenericTableFullAvl
2011 #define RtlDeleteElementGenericTable RtlDeleteElementGenericTableAvl
2012 #define RtlLookupElementGenericTable RtlLookupElementGenericTableAvl
2013 #define RtlLookupElementGenericTableFull RtlLookupElementGenericTableFullAvl
2014 #define RtlEnumerateGenericTable RtlEnumerateGenericTableAvl
2015 #define RtlEnumerateGenericTableWithoutSplaying RtlEnumerateGenericTableWithoutSplayingAvl
2016 #define RtlGetElementGenericTable RtlGetElementGenericTableAvl
2017 #define RtlNumberGenericTableElements RtlNumberGenericTableElementsAvl
2018 #define RtlIsGenericTableEmpty RtlIsGenericTableEmptyAvl
2020 typedef struct _RTL_AVL_TABLE
2022 RTL_BALANCED_LINKS BalancedRoot
;
2023 PVOID OrderedPointer
;
2024 ULONG WhichOrderedElement
;
2025 ULONG NumberGenericTableElements
;
2027 PRTL_BALANCED_LINKS RestartKey
;
2029 PRTL_AVL_COMPARE_ROUTINE CompareRoutine
;
2030 PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine
;
2031 PRTL_AVL_FREE_ROUTINE FreeRoutine
;
2033 } RTL_AVL_TABLE
, *PRTL_AVL_TABLE
;
2038 RtlInitializeGenericTableAvl(
2039 PRTL_AVL_TABLE Table
,
2040 PRTL_AVL_COMPARE_ROUTINE CompareRoutine
,
2041 PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine
,
2042 PRTL_AVL_FREE_ROUTINE FreeRoutine
,
2049 RtlInsertElementGenericTableAvl (
2050 PRTL_AVL_TABLE Table
,
2053 PBOOLEAN NewElement OPTIONAL
2059 RtlDeleteElementGenericTableAvl (
2060 PRTL_AVL_TABLE Table
,
2067 RtlLookupElementGenericTableAvl (
2068 PRTL_AVL_TABLE Table
,
2075 RtlEnumerateGenericTableWithoutSplayingAvl (
2076 PRTL_AVL_TABLE Table
,
2080 #if defined(USE_LPC6432)
2081 #define LPC_CLIENT_ID CLIENT_ID64
2082 #define LPC_SIZE_T ULONGLONG
2083 #define LPC_PVOID ULONGLONG
2084 #define LPC_HANDLE ULONGLONG
2086 #define LPC_CLIENT_ID CLIENT_ID
2087 #define LPC_SIZE_T SIZE_T
2088 #define LPC_PVOID PVOID
2089 #define LPC_HANDLE HANDLE
2092 typedef struct _PORT_MESSAGE
2108 CSHORT DataInfoOffset
;
2112 __GNU_EXTENSION
union
2114 LPC_CLIENT_ID ClientId
;
2115 double DoNotUseThisField
;
2118 __GNU_EXTENSION
union
2120 LPC_SIZE_T ClientViewSize
;
2123 } PORT_MESSAGE
, *PPORT_MESSAGE
;
2125 #define LPC_KERNELMODE_MESSAGE (CSHORT)((USHORT)0x8000)
2127 typedef struct _PORT_VIEW
2130 LPC_HANDLE SectionHandle
;
2131 ULONG SectionOffset
;
2132 LPC_SIZE_T ViewSize
;
2134 LPC_PVOID ViewRemoteBase
;
2135 } PORT_VIEW
, *PPORT_VIEW
;
2137 typedef struct _REMOTE_PORT_VIEW
2140 LPC_SIZE_T ViewSize
;
2142 } REMOTE_PORT_VIEW
, *PREMOTE_PORT_VIEW
;
2144 typedef struct _SE_EXPORTS
{
2146 LUID SeCreateTokenPrivilege
;
2147 LUID SeAssignPrimaryTokenPrivilege
;
2148 LUID SeLockMemoryPrivilege
;
2149 LUID SeIncreaseQuotaPrivilege
;
2150 LUID SeUnsolicitedInputPrivilege
;
2151 LUID SeTcbPrivilege
;
2152 LUID SeSecurityPrivilege
;
2153 LUID SeTakeOwnershipPrivilege
;
2154 LUID SeLoadDriverPrivilege
;
2155 LUID SeCreatePagefilePrivilege
;
2156 LUID SeIncreaseBasePriorityPrivilege
;
2157 LUID SeSystemProfilePrivilege
;
2158 LUID SeSystemtimePrivilege
;
2159 LUID SeProfileSingleProcessPrivilege
;
2160 LUID SeCreatePermanentPrivilege
;
2161 LUID SeBackupPrivilege
;
2162 LUID SeRestorePrivilege
;
2163 LUID SeShutdownPrivilege
;
2164 LUID SeDebugPrivilege
;
2165 LUID SeAuditPrivilege
;
2166 LUID SeSystemEnvironmentPrivilege
;
2167 LUID SeChangeNotifyPrivilege
;
2168 LUID SeRemoteShutdownPrivilege
;
2173 PSID SeCreatorOwnerSid
;
2174 PSID SeCreatorGroupSid
;
2176 PSID SeNtAuthoritySid
;
2180 PSID SeInteractiveSid
;
2181 PSID SeLocalSystemSid
;
2182 PSID SeAliasAdminsSid
;
2183 PSID SeAliasUsersSid
;
2184 PSID SeAliasGuestsSid
;
2185 PSID SeAliasPowerUsersSid
;
2186 PSID SeAliasAccountOpsSid
;
2187 PSID SeAliasSystemOpsSid
;
2188 PSID SeAliasPrintOpsSid
;
2189 PSID SeAliasBackupOpsSid
;
2191 PSID SeAuthenticatedUsersSid
;
2193 PSID SeRestrictedSid
;
2194 PSID SeAnonymousLogonSid
;
2196 LUID SeUndockPrivilege
;
2197 LUID SeSyncAgentPrivilege
;
2198 LUID SeEnableDelegationPrivilege
;
2200 } SE_EXPORTS
, *PSE_EXPORTS
;
2202 extern PSE_EXPORTS SeExports
;
2206 LARGE_INTEGER StartingLcn
;
2207 } STARTING_LCN_INPUT_BUFFER
, *PSTARTING_LCN_INPUT_BUFFER
;
2209 typedef struct _STARTING_VCN_INPUT_BUFFER
{
2210 LARGE_INTEGER StartingVcn
;
2211 } STARTING_VCN_INPUT_BUFFER
, *PSTARTING_VCN_INPUT_BUFFER
;
2213 typedef struct _SECURITY_CLIENT_CONTEXT
{
2214 SECURITY_QUALITY_OF_SERVICE SecurityQos
;
2215 PACCESS_TOKEN ClientToken
;
2216 BOOLEAN DirectlyAccessClientToken
;
2217 BOOLEAN DirectAccessEffectiveOnly
;
2218 BOOLEAN ServerIsRemote
;
2219 TOKEN_CONTROL ClientTokenControl
;
2220 } SECURITY_CLIENT_CONTEXT
, *PSECURITY_CLIENT_CONTEXT
;
2222 typedef struct _TUNNEL
{
2224 PRTL_SPLAY_LINKS Cache
;
2225 LIST_ENTRY TimerQueue
;
2229 typedef struct _VAD_HEADER
{
2232 struct _VAD_HEADER
* ParentLink
;
2233 struct _VAD_HEADER
* LeftLink
;
2234 struct _VAD_HEADER
* RightLink
;
2235 ULONG Flags
; /* LSB = CommitCharge */
2237 PVOID FirstProtoPte
;
2241 } VAD_HEADER
, *PVAD_HEADER
;
2245 LARGE_INTEGER StartingLcn
;
2246 LARGE_INTEGER BitmapSize
;
2248 } VOLUME_BITMAP_BUFFER
, *PVOLUME_BITMAP_BUFFER
;
2250 #if (VER_PRODUCTBUILD >= 2600)
2253 (NTAPI
*PFILTER_REPORT_CHANGE
) (
2254 IN PVOID NotifyContext
,
2255 IN PVOID FilterContext
2258 typedef enum _FS_FILTER_SECTION_SYNC_TYPE
{
2260 SyncTypeCreateSection
2261 } FS_FILTER_SECTION_SYNC_TYPE
, *PFS_FILTER_SECTION_SYNC_TYPE
;
2263 typedef enum _FS_FILTER_STREAM_FO_NOTIFICATION_TYPE
{
2264 NotifyTypeCreate
= 0,
2266 } FS_FILTER_STREAM_FO_NOTIFICATION_TYPE
, *PFS_FILTER_STREAM_FO_NOTIFICATION_TYPE
;
2268 typedef union _FS_FILTER_PARAMETERS
{
2270 PLARGE_INTEGER EndingOffset
;
2271 PERESOURCE
*ResourceToRelease
;
2272 } AcquireForModifiedPageWriter
;
2275 PERESOURCE ResourceToRelease
;
2276 } ReleaseForModifiedPageWriter
;
2279 FS_FILTER_SECTION_SYNC_TYPE SyncType
;
2280 ULONG PageProtection
;
2281 } AcquireForSectionSynchronization
;
2284 FS_FILTER_STREAM_FO_NOTIFICATION_TYPE NotificationType
;
2285 BOOLEAN POINTER_ALIGNMENT SafeToRecurse
;
2286 } NotifyStreamFileObject
;
2295 } FS_FILTER_PARAMETERS
, *PFS_FILTER_PARAMETERS
;
2297 typedef struct _FS_FILTER_CALLBACK_DATA
{
2298 ULONG SizeOfFsFilterCallbackData
;
2301 struct _DEVICE_OBJECT
*DeviceObject
;
2302 struct _FILE_OBJECT
*FileObject
;
2303 FS_FILTER_PARAMETERS Parameters
;
2304 } FS_FILTER_CALLBACK_DATA
, *PFS_FILTER_CALLBACK_DATA
;
2307 (NTAPI
*PFS_FILTER_CALLBACK
) (
2308 IN PFS_FILTER_CALLBACK_DATA Data
,
2309 OUT PVOID
*CompletionContext
2313 (NTAPI
*PFS_FILTER_COMPLETION_CALLBACK
) (
2314 IN PFS_FILTER_CALLBACK_DATA Data
,
2315 IN NTSTATUS OperationStatus
,
2316 IN PVOID CompletionContext
2319 typedef struct _FS_FILTER_CALLBACKS
{
2320 ULONG SizeOfFsFilterCallbacks
;
2322 PFS_FILTER_CALLBACK PreAcquireForSectionSynchronization
;
2323 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForSectionSynchronization
;
2324 PFS_FILTER_CALLBACK PreReleaseForSectionSynchronization
;
2325 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForSectionSynchronization
;
2326 PFS_FILTER_CALLBACK PreAcquireForCcFlush
;
2327 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForCcFlush
;
2328 PFS_FILTER_CALLBACK PreReleaseForCcFlush
;
2329 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForCcFlush
;
2330 PFS_FILTER_CALLBACK PreAcquireForModifiedPageWriter
;
2331 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForModifiedPageWriter
;
2332 PFS_FILTER_CALLBACK PreReleaseForModifiedPageWriter
;
2333 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForModifiedPageWriter
;
2334 } FS_FILTER_CALLBACKS
, *PFS_FILTER_CALLBACKS
;
2336 typedef struct _READ_LIST
{
2337 PFILE_OBJECT FileObject
;
2338 ULONG NumberOfEntries
;
2340 FILE_SEGMENT_ELEMENT List
[ANYSIZE_ARRAY
];
2341 } READ_LIST
, *PREAD_LIST
;
2346 (NTAPI
* PRTL_HEAP_COMMIT_ROUTINE
) (
2348 IN OUT PVOID
*CommitAddress
,
2349 IN OUT PSIZE_T CommitSize
2352 typedef struct _RTL_HEAP_PARAMETERS
{
2354 SIZE_T SegmentReserve
;
2355 SIZE_T SegmentCommit
;
2356 SIZE_T DeCommitFreeBlockThreshold
;
2357 SIZE_T DeCommitTotalFreeThreshold
;
2358 SIZE_T MaximumAllocationSize
;
2359 SIZE_T VirtualMemoryThreshold
;
2360 SIZE_T InitialCommit
;
2361 SIZE_T InitialReserve
;
2362 PRTL_HEAP_COMMIT_ROUTINE CommitRoutine
;
2364 } RTL_HEAP_PARAMETERS
, *PRTL_HEAP_PARAMETERS
;
2370 IN PFILE_OBJECT FileObject
,
2371 IN ULONG BytesToWrite
,
2380 IN PFILE_OBJECT FileObject
,
2381 IN PLARGE_INTEGER FileOffset
,
2385 OUT PIO_STATUS_BLOCK IoStatus
2392 IN PFILE_OBJECT FileObject
,
2393 IN PLARGE_INTEGER FileOffset
,
2399 #define CcCopyWriteWontFlush(FO, FOFF, LEN) ((LEN) <= 0x10000)
2401 typedef VOID (NTAPI
*PCC_POST_DEFERRED_WRITE
) (
2410 IN PFILE_OBJECT FileObject
,
2411 IN PCC_POST_DEFERRED_WRITE PostRoutine
,
2414 IN ULONG BytesToWrite
,
2422 IN PFILE_OBJECT FileObject
,
2423 IN ULONG FileOffset
,
2427 OUT PIO_STATUS_BLOCK IoStatus
2434 IN PFILE_OBJECT FileObject
,
2435 IN ULONG FileOffset
,
2444 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
2445 IN PLARGE_INTEGER FileOffset OPTIONAL
,
2447 OUT PIO_STATUS_BLOCK IoStatus OPTIONAL
2450 typedef VOID (NTAPI
*PDIRTY_PAGE_ROUTINE
) (
2451 IN PFILE_OBJECT FileObject
,
2452 IN PLARGE_INTEGER FileOffset
,
2454 IN PLARGE_INTEGER OldestLsn
,
2455 IN PLARGE_INTEGER NewestLsn
,
2465 IN PDIRTY_PAGE_ROUTINE DirtyPageRoutine
,
2473 CcGetFileObjectFromBcb (
2480 CcGetFileObjectFromSectionPtrs (
2481 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
2484 #define CcGetFileSizePointer(FO) ( \
2485 ((PLARGE_INTEGER)((FO)->SectionObjectPointer->SharedCacheMap) + 1) \
2488 #if (VER_PRODUCTBUILD >= 2195)
2493 CcGetFlushedValidData (
2494 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
2495 IN BOOLEAN BcbListHeld
2498 #endif /* (VER_PRODUCTBUILD >= 2195) */
2503 CcGetLsnForFileObject (
2504 IN PFILE_OBJECT FileObject
,
2505 OUT PLARGE_INTEGER OldestLsn OPTIONAL
2508 typedef BOOLEAN (NTAPI
*PACQUIRE_FOR_LAZY_WRITE
) (
2513 typedef VOID (NTAPI
*PRELEASE_FROM_LAZY_WRITE
) (
2517 typedef BOOLEAN (NTAPI
*PACQUIRE_FOR_READ_AHEAD
) (
2522 typedef VOID (NTAPI
*PRELEASE_FROM_READ_AHEAD
) (
2526 typedef struct _CACHE_MANAGER_CALLBACKS
{
2527 PACQUIRE_FOR_LAZY_WRITE AcquireForLazyWrite
;
2528 PRELEASE_FROM_LAZY_WRITE ReleaseFromLazyWrite
;
2529 PACQUIRE_FOR_READ_AHEAD AcquireForReadAhead
;
2530 PRELEASE_FROM_READ_AHEAD ReleaseFromReadAhead
;
2531 } CACHE_MANAGER_CALLBACKS
, *PCACHE_MANAGER_CALLBACKS
;
2536 CcInitializeCacheMap (
2537 IN PFILE_OBJECT FileObject
,
2538 IN PCC_FILE_SIZES FileSizes
,
2539 IN BOOLEAN PinAccess
,
2540 IN PCACHE_MANAGER_CALLBACKS Callbacks
,
2541 IN PVOID LazyWriteContext
2544 #define CcIsFileCached(FO) ( \
2545 ((FO)->SectionObjectPointer != NULL) && \
2546 (((PSECTION_OBJECT_POINTERS)(FO)->SectionObjectPointer)->SharedCacheMap != NULL) \
2549 extern ULONG CcFastMdlReadWait
;
2554 CcIsThereDirtyData (
2562 IN PFILE_OBJECT FileObject
,
2563 IN PLARGE_INTEGER FileOffset
,
2574 IN PFILE_OBJECT FileObject
,
2575 IN PLARGE_INTEGER FileOffset
,
2578 OUT PIO_STATUS_BLOCK IoStatus
2585 IN PFILE_OBJECT FileObject
,
2592 CcMdlWriteComplete (
2593 IN PFILE_OBJECT FileObject
,
2594 IN PLARGE_INTEGER FileOffset
,
2604 IN PFILE_OBJECT FileObject
,
2605 IN PLARGE_INTEGER FileOffset
,
2615 IN PFILE_OBJECT FileObject
,
2616 IN PLARGE_INTEGER FileOffset
,
2627 IN PFILE_OBJECT FileObject
,
2628 IN PLARGE_INTEGER FileOffset
,
2631 OUT PIO_STATUS_BLOCK IoStatus
2638 IN PFILE_OBJECT FileObject
,
2639 IN PLARGE_INTEGER FileOffset
,
2650 CcPurgeCacheSection (
2651 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
2652 IN PLARGE_INTEGER FileOffset OPTIONAL
,
2654 IN BOOLEAN UninitializeCacheMaps
2657 #define CcReadAhead(FO, FOFF, LEN) ( \
2658 if ((LEN) >= 256) { \
2659 CcScheduleReadAhead((FO), (FOFF), (LEN)); \
2663 #if (VER_PRODUCTBUILD >= 2195)
2672 #endif /* (VER_PRODUCTBUILD >= 2195) */
2684 CcScheduleReadAhead (
2685 IN PFILE_OBJECT FileObject
,
2686 IN PLARGE_INTEGER FileOffset
,
2693 CcSetAdditionalCacheAttributes (
2694 IN PFILE_OBJECT FileObject
,
2695 IN BOOLEAN DisableReadAhead
,
2696 IN BOOLEAN DisableWriteBehind
2702 CcSetBcbOwnerPointer (
2704 IN PVOID OwnerPointer
2710 CcSetDirtyPageThreshold (
2711 IN PFILE_OBJECT FileObject
,
2712 IN ULONG DirtyPageThreshold
2718 CcSetDirtyPinnedData (
2720 IN PLARGE_INTEGER Lsn OPTIONAL
2727 IN PFILE_OBJECT FileObject
,
2728 IN PCC_FILE_SIZES FileSizes
2731 typedef VOID (NTAPI
*PFLUSH_TO_LSN
) (
2733 IN LARGE_INTEGER Lsn
2739 CcSetLogHandleForFile (
2740 IN PFILE_OBJECT FileObject
,
2742 IN PFLUSH_TO_LSN FlushToLsnRoutine
2748 CcSetReadAheadGranularity (
2749 IN PFILE_OBJECT FileObject
,
2750 IN ULONG Granularity
/* default: PAGE_SIZE */
2751 /* allowed: 2^n * PAGE_SIZE */
2757 CcUninitializeCacheMap (
2758 IN PFILE_OBJECT FileObject
,
2759 IN PLARGE_INTEGER TruncateSize OPTIONAL
,
2760 IN PCACHE_UNINITIALIZE_EVENT UninitializeCompleteEvent OPTIONAL
2773 CcUnpinDataForThread (
2775 IN ERESOURCE_THREAD ResourceThreadId
2781 CcUnpinRepinnedBcb (
2783 IN BOOLEAN WriteThrough
,
2784 OUT PIO_STATUS_BLOCK IoStatus
2787 #if (VER_PRODUCTBUILD >= 2195)
2792 CcWaitForCurrentLazyWriterActivity (
2796 #endif /* (VER_PRODUCTBUILD >= 2195) */
2802 IN PFILE_OBJECT FileObject
,
2803 IN PLARGE_INTEGER StartOffset
,
2804 IN PLARGE_INTEGER EndOffset
,
2811 ExDisableResourceBoostLite (
2812 IN PERESOURCE Resource
2818 ExQueryPoolBlockSize (
2820 OUT PBOOLEAN QuotaCharged
2823 #if (VER_PRODUCTBUILD >= 2600)
2825 #ifndef __NTOSKRNL__
2829 ExInitializeRundownProtection (
2830 IN PEX_RUNDOWN_REF RunRef
2836 ExReInitializeRundownProtection (
2837 IN PEX_RUNDOWN_REF RunRef
2843 ExAcquireRundownProtection (
2844 IN PEX_RUNDOWN_REF RunRef
2850 ExAcquireRundownProtectionEx (
2851 IN PEX_RUNDOWN_REF RunRef
,
2858 ExReleaseRundownProtection (
2859 IN PEX_RUNDOWN_REF RunRef
2865 ExReleaseRundownProtectionEx (
2866 IN PEX_RUNDOWN_REF RunRef
,
2873 ExRundownCompleted (
2874 IN PEX_RUNDOWN_REF RunRef
2880 ExWaitForRundownProtectionRelease (
2881 IN PEX_RUNDOWN_REF RunRef
2885 #endif /* (VER_PRODUCTBUILD >= 2600) */
2888 #define FsRtlSetupAdvancedHeader( _advhdr, _fmutx ) \
2890 SetFlag( (_advhdr)->Flags, FSRTL_FLAG_ADVANCED_HEADER ); \
2891 SetFlag( (_advhdr)->Flags2, FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS ); \
2892 (_advhdr)->Version = FSRTL_FCB_HEADER_V1; \
2893 InitializeListHead( &(_advhdr)->FilterContexts ); \
2894 if ((_fmutx) != NULL) { \
2895 (_advhdr)->FastMutex = (_fmutx); \
2897 *((PULONG_PTR)(&(_advhdr)->PushLock)) = 0; \
2898 /*ExInitializePushLock( &(_advhdr)->PushLock ); API Not avaliable downlevel*/\
2899 (_advhdr)->FileContextSupportPointer = NULL; \
2905 FsRtlAddBaseMcbEntry (
2909 IN LONGLONG SectorCount
2915 FsRtlAddLargeMcbEntry (
2919 IN LONGLONG SectorCount
2929 IN ULONG SectorCount
2935 FsRtlAddToTunnelCache (
2937 IN ULONGLONG DirectoryKey
,
2938 IN PUNICODE_STRING ShortName
,
2939 IN PUNICODE_STRING LongName
,
2940 IN BOOLEAN KeyByShortName
,
2941 IN ULONG DataLength
,
2945 #if (VER_PRODUCTBUILD >= 2195)
2949 FsRtlAllocateFileLock (
2950 IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL
,
2951 IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL
2954 #endif /* (VER_PRODUCTBUILD >= 2195) */
2960 IN POOL_TYPE PoolType
,
2961 IN ULONG NumberOfBytes
2967 FsRtlAllocatePoolWithQuota (
2968 IN POOL_TYPE PoolType
,
2969 IN ULONG NumberOfBytes
2975 FsRtlAllocatePoolWithQuotaTag (
2976 IN POOL_TYPE PoolType
,
2977 IN ULONG NumberOfBytes
,
2984 FsRtlAllocatePoolWithTag (
2985 IN POOL_TYPE PoolType
,
2986 IN ULONG NumberOfBytes
,
2993 FsRtlAreNamesEqual (
2994 IN PCUNICODE_STRING Name1
,
2995 IN PCUNICODE_STRING Name2
,
2996 IN BOOLEAN IgnoreCase
,
2997 IN PCWCH UpcaseTable OPTIONAL
3000 #define FsRtlAreThereCurrentFileLocks(FL) ( \
3001 ((FL)->FastIoIsQuestionable) \
3005 FsRtlCheckLockForReadAccess:
3007 All this really does is pick out the lock parameters from the irp (io stack
3008 location?), get IoGetRequestorProcess, and pass values on to
3009 FsRtlFastCheckLockForRead.
3014 FsRtlCheckLockForReadAccess (
3015 IN PFILE_LOCK FileLock
,
3020 FsRtlCheckLockForWriteAccess:
3022 All this really does is pick out the lock parameters from the irp (io stack
3023 location?), get IoGetRequestorProcess, and pass values on to
3024 FsRtlFastCheckLockForWrite.
3029 FsRtlCheckLockForWriteAccess (
3030 IN PFILE_LOCK FileLock
,
3036 (NTAPI
*POPLOCK_WAIT_COMPLETE_ROUTINE
) (
3043 (NTAPI
*POPLOCK_FS_PREPOST_IRP
) (
3055 IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL
,
3056 IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL
3063 IN PFILE_OBJECT FileObject
,
3064 IN PLARGE_INTEGER FileOffset
,
3069 OUT PIO_STATUS_BLOCK IoStatus
,
3070 IN PDEVICE_OBJECT DeviceObject
3077 IN PFILE_OBJECT FileObject
,
3078 IN PLARGE_INTEGER FileOffset
,
3083 OUT PIO_STATUS_BLOCK IoStatus
,
3084 IN PDEVICE_OBJECT DeviceObject
3087 #define HEAP_NO_SERIALIZE 0x00000001
3088 #define HEAP_GROWABLE 0x00000002
3089 #define HEAP_GENERATE_EXCEPTIONS 0x00000004
3090 #define HEAP_ZERO_MEMORY 0x00000008
3091 #define HEAP_REALLOC_IN_PLACE_ONLY 0x00000010
3092 #define HEAP_TAIL_CHECKING_ENABLED 0x00000020
3093 #define HEAP_FREE_CHECKING_ENABLED 0x00000040
3094 #define HEAP_DISABLE_COALESCE_ON_FREE 0x00000080
3096 #define HEAP_CREATE_ALIGN_16 0x00010000
3097 #define HEAP_CREATE_ENABLE_TRACING 0x00020000
3098 #define HEAP_CREATE_ENABLE_EXECUTE 0x00040000
3105 IN PVOID HeapBase OPTIONAL
,
3106 IN SIZE_T ReserveSize OPTIONAL
,
3107 IN SIZE_T CommitSize OPTIONAL
,
3108 IN PVOID Lock OPTIONAL
,
3109 IN PRTL_HEAP_PARAMETERS Parameters OPTIONAL
3115 FsRtlCurrentBatchOplock (
3122 FsRtlDeleteKeyFromTunnelCache (
3124 IN ULONGLONG DirectoryKey
3130 FsRtlDeleteTunnelCache (
3137 FsRtlDeregisterUncProvider (
3152 IN ANSI_STRING Name
,
3153 OUT PANSI_STRING FirstPart
,
3154 OUT PANSI_STRING RemainingPart
3161 IN UNICODE_STRING Name
,
3162 OUT PUNICODE_STRING FirstPart
,
3163 OUT PUNICODE_STRING RemainingPart
3169 FsRtlDoesDbcsContainWildCards (
3170 IN PANSI_STRING Name
3176 FsRtlDoesNameContainWildCards (
3177 IN PUNICODE_STRING Name
3183 FsRtlIsFatDbcsLegal (
3184 IN ANSI_STRING DbcsName
,
3185 IN BOOLEAN WildCardsPermissible
,
3186 IN BOOLEAN PathNamePermissible
,
3187 IN BOOLEAN LeadingBackslashPermissible
3191 #define FsRtlCompleteRequest(IRP,STATUS) { \
3192 (IRP)->IoStatus.Status = (STATUS); \
3193 IoCompleteRequest( (IRP), IO_DISK_INCREMENT ); \
3196 #define FsRtlEnterFileSystem KeEnterCriticalRegion
3198 #define FsRtlExitFileSystem KeLeaveCriticalRegion
3203 FsRtlFastCheckLockForRead (
3204 IN PFILE_LOCK FileLock
,
3205 IN PLARGE_INTEGER FileOffset
,
3206 IN PLARGE_INTEGER Length
,
3208 IN PFILE_OBJECT FileObject
,
3215 FsRtlFastCheckLockForWrite (
3216 IN PFILE_LOCK FileLock
,
3217 IN PLARGE_INTEGER FileOffset
,
3218 IN PLARGE_INTEGER Length
,
3220 IN PFILE_OBJECT FileObject
,
3224 #define FsRtlFastLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, A10, A11) ( \
3225 FsRtlPrivateLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, NULL, A10, A11) \
3231 FsRtlFastUnlockAll (
3232 IN PFILE_LOCK FileLock
,
3233 IN PFILE_OBJECT FileObject
,
3234 IN PEPROCESS Process
,
3235 IN PVOID Context OPTIONAL
3237 /* ret: STATUS_RANGE_NOT_LOCKED */
3242 FsRtlFastUnlockAllByKey (
3243 IN PFILE_LOCK FileLock
,
3244 IN PFILE_OBJECT FileObject
,
3245 IN PEPROCESS Process
,
3247 IN PVOID Context OPTIONAL
3249 /* ret: STATUS_RANGE_NOT_LOCKED */
3254 FsRtlFastUnlockSingle (
3255 IN PFILE_LOCK FileLock
,
3256 IN PFILE_OBJECT FileObject
,
3257 IN PLARGE_INTEGER FileOffset
,
3258 IN PLARGE_INTEGER Length
,
3259 IN PEPROCESS Process
,
3261 IN PVOID Context OPTIONAL
,
3262 IN BOOLEAN AlreadySynchronized
3264 /* ret: STATUS_RANGE_NOT_LOCKED */
3269 FsRtlFindInTunnelCache (
3271 IN ULONGLONG DirectoryKey
,
3272 IN PUNICODE_STRING Name
,
3273 OUT PUNICODE_STRING ShortName
,
3274 OUT PUNICODE_STRING LongName
,
3275 IN OUT PULONG DataLength
,
3279 #if (VER_PRODUCTBUILD >= 2195)
3285 IN PFILE_LOCK FileLock
3288 #endif /* (VER_PRODUCTBUILD >= 2195) */
3294 IN PFILE_OBJECT FileObject
,
3295 IN OUT PLARGE_INTEGER FileSize
3301 FsRtlGetNextBaseMcbEntry (
3306 OUT PLONGLONG SectorCount
3310 FsRtlGetNextFileLock:
3312 ret: NULL if no more locks
3315 FsRtlGetNextFileLock uses FileLock->LastReturnedLockInfo and
3316 FileLock->LastReturnedLock as storage.
3317 LastReturnedLock is a pointer to the 'raw' lock inkl. double linked
3318 list, and FsRtlGetNextFileLock needs this to get next lock on subsequent
3319 calls with Restart = FALSE.
3324 FsRtlGetNextFileLock (
3325 IN PFILE_LOCK FileLock
,
3332 FsRtlGetNextLargeMcbEntry (
3337 OUT PLONGLONG SectorCount
3343 FsRtlGetNextMcbEntry (
3348 OUT PULONG SectorCount
3351 #define FsRtlGetPerStreamContextPointer(FO) ( \
3352 (PFSRTL_ADVANCED_FCB_HEADER)(FO)->FsContext \
3358 FsRtlInitializeBaseMcb (
3360 IN POOL_TYPE PoolType
3366 FsRtlInitializeFileLock (
3367 IN PFILE_LOCK FileLock
,
3368 IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL
,
3369 IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL
3375 FsRtlInitializeLargeMcb (
3377 IN POOL_TYPE PoolType
3383 FsRtlInitializeMcb (
3385 IN POOL_TYPE PoolType
3391 FsRtlInitializeOplock (
3392 IN OUT POPLOCK Oplock
3398 FsRtlInitializeTunnelCache (
3402 #define FsRtlInitPerStreamContext(PSC, O, I, FC) ( \
3403 (PSC)->OwnerId = (O), \
3404 (PSC)->InstanceId = (I), \
3405 (PSC)->FreeCallback = (FC) \
3411 FsRtlInsertPerStreamContext (
3412 IN PFSRTL_ADVANCED_FCB_HEADER PerStreamContext
,
3413 IN PFSRTL_PER_STREAM_CONTEXT Ptr
3416 #define FsRtlIsAnsiCharacterLegalFat(C, WILD) ( \
3417 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_FAT_LEGAL) | \
3418 ((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \
3421 #define FsRtlIsAnsiCharacterLegalHpfs(C, WILD) ( \
3422 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_HPFS_LEGAL) | \
3423 ((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \
3426 #define FsRtlIsAnsiCharacterLegalNtfs(C, WILD) ( \
3427 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_NTFS_LEGAL) | \
3428 ((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \
3431 #define FsRtlIsAnsiCharacterWild(C) ( \
3432 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], FSRTL_WILD_CHARACTER ) \
3438 FsRtlIsFatDbcsLegal (
3439 IN ANSI_STRING DbcsName
,
3440 IN BOOLEAN WildCardsPermissible
,
3441 IN BOOLEAN PathNamePermissible
,
3442 IN BOOLEAN LeadingBackslashPermissible
3448 FsRtlIsHpfsDbcsLegal (
3449 IN ANSI_STRING DbcsName
,
3450 IN BOOLEAN WildCardsPermissible
,
3451 IN BOOLEAN PathNamePermissible
,
3452 IN BOOLEAN LeadingBackslashPermissible
3458 FsRtlIsNameInExpression (
3459 IN PUNICODE_STRING Expression
,
3460 IN PUNICODE_STRING Name
,
3461 IN BOOLEAN IgnoreCase
,
3462 IN PWCHAR UpcaseTable OPTIONAL
3468 FsRtlIsNtstatusExpected (
3469 IN NTSTATUS Ntstatus
3472 #define NLS_OEM_LEAD_BYTE_INFO NlsOemLeadByteInfo
3474 extern PUSHORT NlsOemLeadByteInfo
;
3476 #define FsRtlIsLeadDbcsCharacter(DBCS_CHAR) ( \
3477 (BOOLEAN)((UCHAR)(DBCS_CHAR) < 0x80 ? FALSE : \
3478 (NLS_MB_CODE_PAGE_TAG && \
3479 (NLS_OEM_LEAD_BYTE_INFO[(UCHAR)(DBCS_CHAR)] != 0))) \
3482 #define FsRtlIsUnicodeCharacterWild(C) ( \
3485 FlagOn(FsRtlLegalAnsiCharacterArray[(C)], FSRTL_WILD_CHARACTER )) \
3491 FsRtlLookupBaseMcbEntry (
3494 OUT PLONGLONG Lbn OPTIONAL
,
3495 OUT PLONGLONG SectorCountFromLbn OPTIONAL
,
3496 OUT PLONGLONG StartingLbn OPTIONAL
,
3497 OUT PLONGLONG SectorCountFromStartingLbn OPTIONAL
,
3498 OUT PULONG Index OPTIONAL
3504 FsRtlLookupLargeMcbEntry (
3507 OUT PLONGLONG Lbn OPTIONAL
,
3508 OUT PLONGLONG SectorCountFromLbn OPTIONAL
,
3509 OUT PLONGLONG StartingLbn OPTIONAL
,
3510 OUT PLONGLONG SectorCountFromStartingLbn OPTIONAL
,
3511 OUT PULONG Index OPTIONAL
3517 FsRtlLookupLastBaseMcbEntry (
3526 FsRtlLookupLastLargeMcbEntry (
3535 FsRtlLookupLastMcbEntry (
3544 FsRtlLookupLastBaseMcbEntryAndIndex (
3545 IN PBASE_MCB OpaqueMcb
,
3546 IN OUT PLONGLONG LargeVbn
,
3547 IN OUT PLONGLONG LargeLbn
,
3554 FsRtlLookupLastLargeMcbEntryAndIndex (
3555 IN PLARGE_MCB OpaqueMcb
,
3556 OUT PLONGLONG LargeVbn
,
3557 OUT PLONGLONG LargeLbn
,
3564 FsRtlLookupMcbEntry (
3568 OUT PULONG SectorCount OPTIONAL
,
3573 PFSRTL_PER_STREAM_CONTEXT
3575 FsRtlLookupPerStreamContextInternal (
3576 IN PFSRTL_ADVANCED_FCB_HEADER StreamContext
,
3577 IN PVOID OwnerId OPTIONAL
,
3578 IN PVOID InstanceId OPTIONAL
3585 IN PFILE_OBJECT FileObject
,
3586 IN PLARGE_INTEGER FileOffset
,
3590 OUT PIO_STATUS_BLOCK IoStatus
,
3591 IN PDEVICE_OBJECT DeviceObject
3597 FsRtlMdlReadComplete (
3598 IN PFILE_OBJECT FileObject
,
3605 FsRtlMdlReadCompleteDev (
3606 IN PFILE_OBJECT FileObject
,
3608 IN PDEVICE_OBJECT DeviceObject
3614 FsRtlPrepareMdlWriteDev (
3615 IN PFILE_OBJECT FileObject
,
3616 IN PLARGE_INTEGER FileOffset
,
3620 OUT PIO_STATUS_BLOCK IoStatus
,
3621 IN PDEVICE_OBJECT DeviceObject
3627 FsRtlMdlWriteComplete (
3628 IN PFILE_OBJECT FileObject
,
3629 IN PLARGE_INTEGER FileOffset
,
3636 FsRtlMdlWriteCompleteDev (
3637 IN PFILE_OBJECT FileObject
,
3638 IN PLARGE_INTEGER FileOffset
,
3640 IN PDEVICE_OBJECT DeviceObject
3646 FsRtlNormalizeNtstatus (
3647 IN NTSTATUS Exception
,
3648 IN NTSTATUS GenericException
3654 FsRtlNotifyChangeDirectory (
3655 IN PNOTIFY_SYNC NotifySync
,
3657 IN PSTRING FullDirectoryName
,
3658 IN PLIST_ENTRY NotifyList
,
3659 IN BOOLEAN WatchTree
,
3660 IN ULONG CompletionFilter
,
3667 FsRtlNotifyCleanup (
3668 IN PNOTIFY_SYNC NotifySync
,
3669 IN PLIST_ENTRY NotifyList
,
3673 typedef BOOLEAN (NTAPI
*PCHECK_FOR_TRAVERSE_ACCESS
) (
3674 IN PVOID NotifyContext
,
3675 IN PVOID TargetContext
,
3676 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
3682 FsRtlNotifyFilterChangeDirectory (
3683 IN PNOTIFY_SYNC NotifySync
,
3684 IN PLIST_ENTRY NotifyList
,
3686 IN PSTRING FullDirectoryName
,
3687 IN BOOLEAN WatchTree
,
3688 IN BOOLEAN IgnoreBuffer
,
3689 IN ULONG CompletionFilter
,
3691 IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL
,
3692 IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL
,
3693 IN PFILTER_REPORT_CHANGE FilterCallback OPTIONAL
);
3698 FsRtlNotifyFilterReportChange (
3699 IN PNOTIFY_SYNC NotifySync
,
3700 IN PLIST_ENTRY NotifyList
,
3701 IN PSTRING FullTargetName
,
3702 IN USHORT TargetNameOffset
,
3703 IN PSTRING StreamName OPTIONAL
,
3704 IN PSTRING NormalizedParentName OPTIONAL
,
3705 IN ULONG FilterMatch
,
3707 IN PVOID TargetContext
,
3708 IN PVOID FilterContext
);
3713 FsRtlNotifyFullChangeDirectory (
3714 IN PNOTIFY_SYNC NotifySync
,
3715 IN PLIST_ENTRY NotifyList
,
3717 IN PSTRING FullDirectoryName
,
3718 IN BOOLEAN WatchTree
,
3719 IN BOOLEAN IgnoreBuffer
,
3720 IN ULONG CompletionFilter
,
3722 IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL
,
3723 IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL
3729 FsRtlNotifyFullReportChange (
3730 IN PNOTIFY_SYNC NotifySync
,
3731 IN PLIST_ENTRY NotifyList
,
3732 IN PSTRING FullTargetName
,
3733 IN USHORT TargetNameOffset
,
3734 IN PSTRING StreamName OPTIONAL
,
3735 IN PSTRING NormalizedParentName OPTIONAL
,
3736 IN ULONG FilterMatch
,
3738 IN PVOID TargetContext
3744 FsRtlNotifyInitializeSync (
3745 IN PNOTIFY_SYNC
*NotifySync
3751 FsRtlNotifyUninitializeSync (
3752 IN PNOTIFY_SYNC
*NotifySync
3755 #if (VER_PRODUCTBUILD >= 2195)
3760 FsRtlNotifyVolumeEvent (
3761 IN PFILE_OBJECT FileObject
,
3765 #endif /* (VER_PRODUCTBUILD >= 2195) */
3770 FsRtlNumberOfRunsInBaseMcb (
3777 FsRtlNumberOfRunsInLargeMcb (
3784 FsRtlNumberOfRunsInMcb (
3800 FsRtlOplockIsFastIoPossible (
3805 (NTAPI
*PFSRTL_STACK_OVERFLOW_ROUTINE
) (
3813 FsRtlPostPagingFileStackOverflow (
3816 IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine
3822 FsRtlPostStackOverflow (
3825 IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine
3831 ret: IoStatus->Status: STATUS_PENDING, STATUS_LOCK_NOT_GRANTED
3834 -Calls IoCompleteRequest if Irp
3835 -Uses exception handling / ExRaiseStatus with STATUS_INSUFFICIENT_RESOURCES
3841 IN PFILE_LOCK FileLock
,
3842 IN PFILE_OBJECT FileObject
,
3843 IN PLARGE_INTEGER FileOffset
,
3844 IN PLARGE_INTEGER Length
,
3845 IN PEPROCESS Process
,
3847 IN BOOLEAN FailImmediately
,
3848 IN BOOLEAN ExclusiveLock
,
3849 OUT PIO_STATUS_BLOCK IoStatus
,
3850 IN PIRP Irp OPTIONAL
,
3852 IN BOOLEAN AlreadySynchronized
3856 FsRtlProcessFileLock:
3859 -STATUS_INVALID_DEVICE_REQUEST
3860 -STATUS_RANGE_NOT_LOCKED from unlock routines.
3861 -STATUS_PENDING, STATUS_LOCK_NOT_GRANTED from FsRtlPrivateLock
3862 (redirected IoStatus->Status).
3865 -switch ( Irp->CurrentStackLocation->MinorFunction )
3866 lock: return FsRtlPrivateLock;
3867 unlocksingle: return FsRtlFastUnlockSingle;
3868 unlockall: return FsRtlFastUnlockAll;
3869 unlockallbykey: return FsRtlFastUnlockAllByKey;
3870 default: IofCompleteRequest with STATUS_INVALID_DEVICE_REQUEST;
3871 return STATUS_INVALID_DEVICE_REQUEST;
3873 -'AllwaysZero' is passed thru as 'AllwaysZero' to lock / unlock routines.
3874 -'Irp' is passet thru as 'Irp' to FsRtlPrivateLock.
3879 FsRtlProcessFileLock (
3880 IN PFILE_LOCK FileLock
,
3882 IN PVOID Context OPTIONAL
3888 FsRtlRegisterUncProvider (
3889 IN OUT PHANDLE MupHandle
,
3890 IN PUNICODE_STRING RedirectorDeviceName
,
3891 IN BOOLEAN MailslotsSupported
3897 FsRtlRemoveBaseMcbEntry (
3900 IN LONGLONG SectorCount
3906 FsRtlRemoveLargeMcbEntry (
3909 IN LONGLONG SectorCount
3915 FsRtlRemoveMcbEntry (
3918 IN ULONG SectorCount
3922 PFSRTL_PER_STREAM_CONTEXT
3924 FsRtlRemovePerStreamContext (
3925 IN PFSRTL_ADVANCED_FCB_HEADER StreamContext
,
3926 IN PVOID OwnerId OPTIONAL
,
3927 IN PVOID InstanceId OPTIONAL
3940 FsRtlResetLargeMcb (
3942 IN BOOLEAN SelfSynchronized
3957 FsRtlSplitLargeMcb (
3963 #define FsRtlSupportsPerStreamContexts(FO) ( \
3964 (BOOLEAN)((NULL != FsRtlGetPerStreamContextPointer(FO) && \
3965 FlagOn(FsRtlGetPerStreamContextPointer(FO)->Flags2, \
3966 FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS)) \
3972 FsRtlTruncateBaseMcb (
3980 FsRtlTruncateLargeMcb (
3996 FsRtlUninitializeBaseMcb (
4003 FsRtlUninitializeFileLock (
4004 IN PFILE_LOCK FileLock
4010 FsRtlUninitializeLargeMcb (
4017 FsRtlUninitializeMcb (
4024 FsRtlUninitializeOplock (
4025 IN OUT POPLOCK Oplock
4031 KeSetIdealProcessorThread(
4032 IN OUT PKTHREAD Thread
,
4039 IoAttachDeviceToDeviceStackSafe(
4040 IN PDEVICE_OBJECT SourceDevice
,
4041 IN PDEVICE_OBJECT TargetDevice
,
4042 OUT PDEVICE_OBJECT
*AttachedToDeviceObject
4048 IoAcquireVpbSpinLock (
4055 IoCheckDesiredAccess (
4056 IN OUT PACCESS_MASK DesiredAccess
,
4057 IN ACCESS_MASK GrantedAccess
4063 IoCheckEaBufferValidity (
4064 IN PFILE_FULL_EA_INFORMATION EaBuffer
,
4066 OUT PULONG ErrorOffset
4072 IoCheckFunctionAccess (
4073 IN ACCESS_MASK GrantedAccess
,
4074 IN UCHAR MajorFunction
,
4075 IN UCHAR MinorFunction
,
4076 IN ULONG IoControlCode
,
4077 IN PVOID Argument1 OPTIONAL
,
4078 IN PVOID Argument2 OPTIONAL
4081 #if (VER_PRODUCTBUILD >= 2195)
4086 IoCheckQuotaBufferValidity (
4087 IN PFILE_QUOTA_INFORMATION QuotaBuffer
,
4088 IN ULONG QuotaLength
,
4089 OUT PULONG ErrorOffset
4092 #endif /* (VER_PRODUCTBUILD >= 2195) */
4097 IoCreateStreamFileObject (
4098 IN PFILE_OBJECT FileObject OPTIONAL
,
4099 IN PDEVICE_OBJECT DeviceObject OPTIONAL
4102 #if (VER_PRODUCTBUILD >= 2195)
4107 IoCreateStreamFileObjectLite (
4108 IN PFILE_OBJECT FileObject OPTIONAL
,
4109 IN PDEVICE_OBJECT DeviceObject OPTIONAL
4112 #endif /* (VER_PRODUCTBUILD >= 2195) */
4117 IoFastQueryNetworkAttributes (
4118 IN POBJECT_ATTRIBUTES ObjectAttributes
,
4119 IN ACCESS_MASK DesiredAccess
,
4120 IN ULONG OpenOptions
,
4121 OUT PIO_STATUS_BLOCK IoStatus
,
4122 OUT PFILE_NETWORK_OPEN_INFORMATION Buffer
4128 IoGetAttachedDevice (
4129 IN PDEVICE_OBJECT DeviceObject
4135 IoGetBaseFileSystemDeviceObject (
4136 IN PFILE_OBJECT FileObject
4139 #if (VER_PRODUCTBUILD >= 2600)
4144 IoGetDeviceAttachmentBaseRef (
4145 IN PDEVICE_OBJECT DeviceObject
4151 IoGetDiskDeviceObject (
4152 IN PDEVICE_OBJECT FileSystemDeviceObject
,
4153 OUT PDEVICE_OBJECT
*DiskDeviceObject
4159 IoGetLowerDeviceObject (
4160 IN PDEVICE_OBJECT DeviceObject
4163 #endif /* (VER_PRODUCTBUILD >= 2600) */
4168 IoGetRequestorProcess (
4172 #if (VER_PRODUCTBUILD >= 2195)
4177 IoGetRequestorProcessId (
4181 #endif /* (VER_PRODUCTBUILD >= 2195) */
4190 #define IoIsFileOpenedExclusively(FileObject) ( \
4192 (FileObject)->SharedRead || \
4193 (FileObject)->SharedWrite || \
4194 (FileObject)->SharedDelete \
4201 IoIsOperationSynchronous (
4212 #if (VER_PRODUCTBUILD >= 2195)
4217 IoIsValidNameGraftingBuffer (
4219 IN PREPARSE_DATA_BUFFER ReparseBuffer
4222 #endif /* (VER_PRODUCTBUILD >= 2195) */
4228 IN PFILE_OBJECT FileObject
,
4230 IN PLARGE_INTEGER Offset
,
4232 OUT PIO_STATUS_BLOCK IoStatusBlock
4238 IoQueryFileInformation (
4239 IN PFILE_OBJECT FileObject
,
4240 IN FILE_INFORMATION_CLASS FileInformationClass
,
4242 OUT PVOID FileInformation
,
4243 OUT PULONG ReturnedLength
4249 IoQueryVolumeInformation (
4250 IN PFILE_OBJECT FileObject
,
4251 IN FS_INFORMATION_CLASS FsInformationClass
,
4253 OUT PVOID FsInformation
,
4254 OUT PULONG ReturnedLength
4267 IoRegisterFileSystem (
4268 IN OUT PDEVICE_OBJECT DeviceObject
4271 #if (VER_PRODUCTBUILD >= 1381)
4273 typedef VOID (NTAPI
*PDRIVER_FS_NOTIFICATION
) (
4274 IN PDEVICE_OBJECT DeviceObject
,
4275 IN BOOLEAN DriverActive
4281 IoRegisterFsRegistrationChange (
4282 IN PDRIVER_OBJECT DriverObject
,
4283 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
4286 #endif /* (VER_PRODUCTBUILD >= 1381) */
4291 IoReleaseVpbSpinLock (
4298 IoSetDeviceToVerify (
4300 IN PDEVICE_OBJECT DeviceObject
4307 IN PFILE_OBJECT FileObject
,
4308 IN FILE_INFORMATION_CLASS FileInformationClass
,
4310 IN PVOID FileInformation
4323 IoSynchronousPageWrite (
4324 IN PFILE_OBJECT FileObject
,
4326 IN PLARGE_INTEGER FileOffset
,
4328 OUT PIO_STATUS_BLOCK IoStatusBlock
4341 IoUnregisterFileSystem (
4342 IN OUT PDEVICE_OBJECT DeviceObject
4345 #if (VER_PRODUCTBUILD >= 1381)
4350 IoUnregisterFsRegistrationChange (
4351 IN PDRIVER_OBJECT DriverObject
,
4352 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
4355 #endif /* (VER_PRODUCTBUILD >= 1381) */
4361 IN PDEVICE_OBJECT DeviceObject
,
4362 IN BOOLEAN AllowRawMount
4365 #if !defined (_M_AMD64)
4370 KeAcquireQueuedSpinLock (
4371 IN KSPIN_LOCK_QUEUE_NUMBER Number
4377 KeReleaseQueuedSpinLock (
4378 IN KSPIN_LOCK_QUEUE_NUMBER Number
,
4385 KeAcquireSpinLockRaiseToSynch(
4386 IN OUT PKSPIN_LOCK SpinLock
4392 KeTryToAcquireQueuedSpinLock(
4393 KSPIN_LOCK_QUEUE_NUMBER Number
,
4401 KeAcquireQueuedSpinLock (
4402 IN KSPIN_LOCK_QUEUE_NUMBER Number
4408 KeReleaseQueuedSpinLock (
4409 IN KSPIN_LOCK_QUEUE_NUMBER Number
,
4415 KeAcquireSpinLockRaiseToSynch(
4416 IN OUT PKSPIN_LOCK SpinLock
4421 KeTryToAcquireQueuedSpinLock(
4422 KSPIN_LOCK_QUEUE_NUMBER Number
,
4431 IN PKPROCESS Process
4446 IN ULONG Count OPTIONAL
4454 IN PLIST_ENTRY Entry
4462 IN PLIST_ENTRY Entry
4477 IN KPROCESSOR_MODE WaitMode
,
4478 IN PLARGE_INTEGER Timeout OPTIONAL
4491 KeInitializeMutant (
4492 IN PRKMUTANT Mutant
,
4493 IN BOOLEAN InitialOwner
4507 IN PRKMUTANT Mutant
,
4508 IN KPRIORITY Increment
,
4509 IN BOOLEAN Abandoned
,
4513 #if (VER_PRODUCTBUILD >= 2195)
4518 KeStackAttachProcess (
4519 IN PKPROCESS Process
,
4520 OUT PKAPC_STATE ApcState
4526 KeUnstackDetachProcess (
4527 IN PKAPC_STATE ApcState
4530 #endif /* (VER_PRODUCTBUILD >= 2195) */
4535 KeSetKernelStackSwapEnable(
4542 MmCanFileBeTruncated (
4543 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
4544 IN PLARGE_INTEGER NewFileSize
4550 MmFlushImageSection (
4551 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
4552 IN MMFLUSH_TYPE FlushType
4558 MmForceSectionClosed (
4559 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
4560 IN BOOLEAN DelayClose
4563 #if (VER_PRODUCTBUILD >= 1381)
4568 MmIsRecursiveIoFault (
4574 #define MmIsRecursiveIoFault() ( \
4575 (PsGetCurrentThread()->DisablePageFaultClustering) | \
4576 (PsGetCurrentThread()->ForwardClusterOnly) \
4585 MmSetAddressRangeModified (
4594 IN KPROCESSOR_MODE ObjectAttributesAccessMode OPTIONAL
,
4595 IN POBJECT_TYPE ObjectType
,
4596 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
4597 IN KPROCESSOR_MODE AccessMode
,
4598 IN OUT PVOID ParseContext OPTIONAL
,
4599 IN ULONG ObjectSize
,
4600 IN ULONG PagedPoolCharge OPTIONAL
,
4601 IN ULONG NonPagedPoolCharge OPTIONAL
,
4608 ObGetObjectPointerCount (
4612 #if (NTDDI_VERSION >= NTDDI_WIN2K)
4619 IN PACCESS_STATE PassedAccessState OPTIONAL
,
4620 IN ACCESS_MASK DesiredAccess OPTIONAL
,
4621 IN ULONG ObjectPointerBias
,
4622 OUT PVOID
*NewObject OPTIONAL
,
4623 OUT PHANDLE Handle OPTIONAL
);
4628 ObOpenObjectByPointer (
4630 IN ULONG HandleAttributes
,
4631 IN PACCESS_STATE PassedAccessState OPTIONAL
,
4632 IN ACCESS_MASK DesiredAccess OPTIONAL
,
4633 IN POBJECT_TYPE ObjectType OPTIONAL
,
4634 IN KPROCESSOR_MODE AccessMode
,
4635 OUT PHANDLE Handle
);
4640 ObMakeTemporaryObject (
4646 ObQueryObjectAuditingByHandle (
4648 OUT PBOOLEAN GenerateOnClose
);
4657 OUT POBJECT_NAME_INFORMATION ObjectNameInfo
,
4659 OUT PULONG ReturnLength
4665 ObReferenceObjectByName (
4666 IN PUNICODE_STRING ObjectName
,
4667 IN ULONG Attributes
,
4668 IN PACCESS_STATE PassedAccessState OPTIONAL
,
4669 IN ACCESS_MASK DesiredAccess OPTIONAL
,
4670 IN POBJECT_TYPE ObjectType
,
4671 IN KPROCESSOR_MODE AccessMode
,
4672 IN OUT PVOID ParseContext OPTIONAL
,
4679 PsAssignImpersonationToken (
4688 IN PEPROCESS Process
,
4689 IN POOL_TYPE PoolType
,
4696 PsChargeProcessPoolQuota (
4697 IN PEPROCESS Process
,
4698 IN POOL_TYPE PoolType
,
4702 #define PsDereferenceImpersonationToken(T) \
4703 {if (ARGUMENT_PRESENT(T)) { \
4704 (ObDereferenceObject((T))); \
4710 #define PsDereferencePrimaryToken(T) (ObDereferenceObject((T)))
4715 PsDisableImpersonation(
4717 IN PSE_IMPERSONATION_STATE ImpersonationState
4723 PsGetProcessExitTime (
4730 PsImpersonateClient(
4732 IN PACCESS_TOKEN Token
,
4733 IN BOOLEAN CopyOnOpen
,
4734 IN BOOLEAN EffectiveOnly
,
4735 IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
4748 PsIsThreadTerminating (
4755 PsLookupProcessByProcessId (
4756 IN HANDLE ProcessId
,
4757 OUT PEPROCESS
*Process
4763 PsLookupProcessThreadByCid (
4765 OUT PEPROCESS
*Process OPTIONAL
,
4766 OUT PETHREAD
*Thread
4772 PsLookupThreadByThreadId (
4773 IN HANDLE UniqueThreadId
,
4774 OUT PETHREAD
*Thread
4780 PsReferenceImpersonationToken (
4782 OUT PBOOLEAN CopyOnUse
,
4783 OUT PBOOLEAN EffectiveOnly
,
4784 OUT PSECURITY_IMPERSONATION_LEVEL Level
4790 PsReferencePrimaryToken (
4791 IN PEPROCESS Process
4797 PsRestoreImpersonation(
4799 IN PSE_IMPERSONATION_STATE ImpersonationState
4806 IN PEPROCESS Process
,
4807 IN POOL_TYPE PoolType
,
4821 RtlAbsoluteToSelfRelativeSD (
4822 IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor
,
4823 IN OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor
,
4824 IN PULONG BufferLength
4831 IN HANDLE HeapHandle
,
4839 RtlAppendStringToString(
4840 PSTRING Destination
,
4841 const STRING
*Source
4847 RtlCaptureStackBackTrace (
4848 IN ULONG FramesToSkip
,
4849 IN ULONG FramesToCapture
,
4850 OUT PVOID
*BackTrace
,
4851 OUT PULONG BackTraceHash OPTIONAL
4857 RtlCompareMemoryUlong (
4867 IN USHORT CompressionFormatAndEngine
,
4868 IN PUCHAR UncompressedBuffer
,
4869 IN ULONG UncompressedBufferSize
,
4870 OUT PUCHAR CompressedBuffer
,
4871 IN ULONG CompressedBufferSize
,
4872 IN ULONG UncompressedChunkSize
,
4873 OUT PULONG FinalCompressedSize
,
4881 IN PUCHAR UncompressedBuffer
,
4882 IN ULONG UncompressedBufferSize
,
4883 OUT PUCHAR CompressedBuffer
,
4884 IN ULONG CompressedBufferSize
,
4885 IN OUT PCOMPRESSED_DATA_INFO CompressedDataInfo
,
4886 IN ULONG CompressedDataInfoLength
,
4893 RtlConvertSidToUnicodeString (
4894 OUT PUNICODE_STRING DestinationString
,
4896 IN BOOLEAN AllocateDestinationString
4904 IN PSID Destination
,
4911 RtlCreateUnicodeString(
4912 PUNICODE_STRING DestinationString
,
4919 RtlDecompressBuffer (
4920 IN USHORT CompressionFormat
,
4921 OUT PUCHAR UncompressedBuffer
,
4922 IN ULONG UncompressedBufferSize
,
4923 IN PUCHAR CompressedBuffer
,
4924 IN ULONG CompressedBufferSize
,
4925 OUT PULONG FinalUncompressedSize
4931 RtlDecompressChunks (
4932 OUT PUCHAR UncompressedBuffer
,
4933 IN ULONG UncompressedBufferSize
,
4934 IN PUCHAR CompressedBuffer
,
4935 IN ULONG CompressedBufferSize
,
4936 IN PUCHAR CompressedTail
,
4937 IN ULONG CompressedTailSize
,
4938 IN PCOMPRESSED_DATA_INFO CompressedDataInfo
4944 RtlDecompressFragment (
4945 IN USHORT CompressionFormat
,
4946 OUT PUCHAR UncompressedFragment
,
4947 IN ULONG UncompressedFragmentSize
,
4948 IN PUCHAR CompressedBuffer
,
4949 IN ULONG CompressedBufferSize
,
4950 IN ULONG FragmentOffset
,
4951 OUT PULONG FinalUncompressedSize
,
4959 IN USHORT CompressionFormat
,
4960 IN OUT PUCHAR
*CompressedBuffer
,
4961 IN PUCHAR EndOfCompressedBufferPlus1
,
4962 OUT PUCHAR
*ChunkBuffer
,
4963 OUT PULONG ChunkSize
4969 RtlDowncaseUnicodeString(
4970 IN OUT PUNICODE_STRING UniDest
,
4971 IN PCUNICODE_STRING UniSource
,
4972 IN BOOLEAN AllocateDestinationString
4978 RtlDuplicateUnicodeString(
4980 IN PCUNICODE_STRING SourceString
,
4981 OUT PUNICODE_STRING DestinationString
4995 RtlFillMemoryUlong (
4996 IN PVOID Destination
,
5005 IN HANDLE HeapHandle
,
5014 IN POEM_STRING OemString
5020 RtlGenerate8dot3Name (
5021 IN PUNICODE_STRING Name
,
5022 IN BOOLEAN AllowExtendedCharacters
,
5023 IN OUT PGENERATE_NAME_CONTEXT Context
,
5024 OUT PUNICODE_STRING Name8dot3
5030 RtlGetCompressionWorkSpaceSize (
5031 IN USHORT CompressionFormatAndEngine
,
5032 OUT PULONG CompressBufferWorkSpaceSize
,
5033 OUT PULONG CompressFragmentWorkSpaceSize
5039 RtlGetDaclSecurityDescriptor (
5040 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5041 OUT PBOOLEAN DaclPresent
,
5043 OUT PBOOLEAN DaclDefaulted
5049 RtlGetGroupSecurityDescriptor (
5050 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5052 OUT PBOOLEAN GroupDefaulted
5058 RtlGetOwnerSecurityDescriptor (
5059 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5061 OUT PBOOLEAN OwnerDefaulted
5069 IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority
,
5070 IN UCHAR SubAuthorityCount
5076 RtlIsNameLegalDOS8Dot3(
5077 IN PCUNICODE_STRING Name
,
5078 IN OUT POEM_STRING OemName OPTIONAL
,
5079 IN OUT PBOOLEAN NameContainsSpaces OPTIONAL
5085 RtlLengthRequiredSid (
5086 IN ULONG SubAuthorityCount
5099 RtlNtStatusToDosError (
5106 RtlxUnicodeStringToOemSize(
5107 PCUNICODE_STRING UnicodeString
5113 RtlxOemStringToUnicodeSize(
5114 PCOEM_STRING OemString
5117 #define RtlOemStringToUnicodeSize(STRING) ( \
5118 NLS_MB_OEM_CODE_PAGE_TAG ? \
5119 RtlxOemStringToUnicodeSize(STRING) : \
5120 ((STRING)->Length + sizeof(ANSI_NULL)) * sizeof(WCHAR) \
5123 #define RtlOemStringToCountedUnicodeSize(STRING) ( \
5124 (ULONG)(RtlOemStringToUnicodeSize(STRING) - sizeof(UNICODE_NULL)) \
5131 RtlOemStringToUnicodeString(
5132 IN OUT PUNICODE_STRING DestinationString
,
5133 IN PCOEM_STRING SourceString
,
5134 IN BOOLEAN AllocateDestinationString
5140 RtlUnicodeStringToOemString(
5141 IN OUT POEM_STRING DestinationString
,
5142 IN PCUNICODE_STRING SourceString
,
5143 IN BOOLEAN AllocateDestinationString
5149 RtlOemStringToCountedUnicodeString(
5150 IN OUT PUNICODE_STRING DestinationString
,
5151 IN PCOEM_STRING SourceString
,
5152 IN BOOLEAN AllocateDestinationString
5158 RtlUnicodeStringToCountedOemString(
5159 IN OUT POEM_STRING DestinationString
,
5160 IN PCUNICODE_STRING SourceString
,
5161 IN BOOLEAN AllocateDestinationString
5168 IN USHORT CompressionFormat
,
5169 IN OUT PUCHAR
*CompressedBuffer
,
5170 IN PUCHAR EndOfCompressedBufferPlus1
,
5171 OUT PUCHAR
*ChunkBuffer
,
5178 RtlSecondsSince1970ToTime (
5179 IN ULONG SecondsSince1970
,
5180 OUT PLARGE_INTEGER Time
5186 RtlSetGroupSecurityDescriptor (
5187 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
5189 IN BOOLEAN GroupDefaulted
5195 RtlSetOwnerSecurityDescriptor (
5196 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
5198 IN BOOLEAN OwnerDefaulted
5204 RtlSetSaclSecurityDescriptor (
5205 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
5206 IN BOOLEAN SaclPresent
,
5208 IN BOOLEAN SaclDefaulted
5214 RtlSubAuthorityCountSid (
5221 RtlSubAuthoritySid (
5223 IN ULONG SubAuthority
5229 RtlUnicodeStringToCountedOemString (
5230 IN OUT POEM_STRING DestinationString
,
5231 IN PCUNICODE_STRING SourceString
,
5232 IN BOOLEAN AllocateDestinationString
5238 RtlUnicodeToMultiByteN(
5239 OUT PCHAR MultiByteString
,
5240 IN ULONG MaxBytesInMultiByteString
,
5241 OUT PULONG BytesInMultiByteString OPTIONAL
,
5242 IN PWCH UnicodeString
,
5243 IN ULONG BytesInUnicodeString
5250 OUT PWSTR UnicodeString
,
5251 IN ULONG MaxBytesInUnicodeString
,
5252 OUT PULONG BytesInUnicodeString OPTIONAL
,
5254 IN ULONG BytesInOemString
5257 /* RTL Splay Tree Functions */
5261 RtlSplay(PRTL_SPLAY_LINKS Links
);
5266 RtlDelete(PRTL_SPLAY_LINKS Links
);
5272 PRTL_SPLAY_LINKS Links
,
5273 PRTL_SPLAY_LINKS
*Root
5279 RtlSubtreeSuccessor(PRTL_SPLAY_LINKS Links
);
5284 RtlSubtreePredecessor(PRTL_SPLAY_LINKS Links
);
5289 RtlRealSuccessor(PRTL_SPLAY_LINKS Links
);
5294 RtlRealPredecessor(PRTL_SPLAY_LINKS Links
);
5296 #define RtlIsLeftChild(Links) \
5297 (RtlLeftChild(RtlParent(Links)) == (PRTL_SPLAY_LINKS)(Links))
5299 #define RtlIsRightChild(Links) \
5300 (RtlRightChild(RtlParent(Links)) == (PRTL_SPLAY_LINKS)(Links))
5302 #define RtlRightChild(Links) \
5303 ((PRTL_SPLAY_LINKS)(Links))->RightChild
5305 #define RtlIsRoot(Links) \
5306 (RtlParent(Links) == (PRTL_SPLAY_LINKS)(Links))
5308 #define RtlLeftChild(Links) \
5309 ((PRTL_SPLAY_LINKS)(Links))->LeftChild
5311 #define RtlParent(Links) \
5312 ((PRTL_SPLAY_LINKS)(Links))->Parent
5314 #define RtlInitializeSplayLinks(Links) \
5316 PRTL_SPLAY_LINKS _SplayLinks; \
5317 _SplayLinks = (PRTL_SPLAY_LINKS)(Links); \
5318 _SplayLinks->Parent = _SplayLinks; \
5319 _SplayLinks->LeftChild = NULL; \
5320 _SplayLinks->RightChild = NULL; \
5323 #define RtlInsertAsLeftChild(ParentLinks,ChildLinks) \
5325 PRTL_SPLAY_LINKS _SplayParent; \
5326 PRTL_SPLAY_LINKS _SplayChild; \
5327 _SplayParent = (PRTL_SPLAY_LINKS)(ParentLinks); \
5328 _SplayChild = (PRTL_SPLAY_LINKS)(ChildLinks); \
5329 _SplayParent->LeftChild = _SplayChild; \
5330 _SplayChild->Parent = _SplayParent; \
5333 #define RtlInsertAsRightChild(ParentLinks,ChildLinks) \
5335 PRTL_SPLAY_LINKS _SplayParent; \
5336 PRTL_SPLAY_LINKS _SplayChild; \
5337 _SplayParent = (PRTL_SPLAY_LINKS)(ParentLinks); \
5338 _SplayChild = (PRTL_SPLAY_LINKS)(ChildLinks); \
5339 _SplayParent->RightChild = _SplayChild; \
5340 _SplayChild->Parent = _SplayParent; \
5351 // RTL time functions
5357 RtlTimeToSecondsSince1980 (
5358 PLARGE_INTEGER Time
,
5359 PULONG ElapsedSeconds
5365 RtlSecondsSince1980ToTime (
5366 ULONG ElapsedSeconds
,
5373 RtlTimeToSecondsSince1970 (
5374 PLARGE_INTEGER Time
,
5375 PULONG ElapsedSeconds
5381 RtlSecondsSince1970ToTime (
5382 ULONG ElapsedSeconds
,
5389 SeAppendPrivileges (
5390 PACCESS_STATE AccessState
,
5391 PPRIVILEGE_SET Privileges
5397 SeAuditingFileEvents (
5398 IN BOOLEAN AccessGranted
,
5399 IN PSECURITY_DESCRIPTOR SecurityDescriptor
5405 SeAuditingFileOrGlobalEvents (
5406 IN BOOLEAN AccessGranted
,
5407 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5408 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
5414 SeCaptureSubjectContext (
5415 OUT PSECURITY_SUBJECT_CONTEXT SubjectContext
5421 SeCreateClientSecurity (
5423 IN PSECURITY_QUALITY_OF_SERVICE QualityOfService
,
5424 IN BOOLEAN RemoteClient
,
5425 OUT PSECURITY_CLIENT_CONTEXT ClientContext
5428 #if (VER_PRODUCTBUILD >= 2195)
5433 SeCreateClientSecurityFromSubjectContext (
5434 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
,
5435 IN PSECURITY_QUALITY_OF_SERVICE QualityOfService
,
5436 IN BOOLEAN ServerIsRemote
,
5437 OUT PSECURITY_CLIENT_CONTEXT ClientContext
5440 #endif /* (VER_PRODUCTBUILD >= 2195) */
5443 #define SeLengthSid( Sid ) \
5444 (8 + (4 * ((SID *)Sid)->SubAuthorityCount))
5446 #define SeDeleteClientSecurity(C) { \
5447 if (SeTokenType((C)->ClientToken) == TokenPrimary) { \
5448 PsDereferencePrimaryToken( (C)->ClientToken ); \
5450 PsDereferenceImpersonationToken( (C)->ClientToken ); \
5457 SeDeleteObjectAuditAlarm (
5462 #define SeEnableAccessToExports() SeExports = *(PSE_EXPORTS *)SeExports;
5468 IN PPRIVILEGE_SET Privileges
5474 SeImpersonateClient (
5475 IN PSECURITY_CLIENT_CONTEXT ClientContext
,
5476 IN PETHREAD ServerThread OPTIONAL
5479 #if (VER_PRODUCTBUILD >= 2195)
5484 SeImpersonateClientEx (
5485 IN PSECURITY_CLIENT_CONTEXT ClientContext
,
5486 IN PETHREAD ServerThread OPTIONAL
5489 #endif /* (VER_PRODUCTBUILD >= 2195) */
5494 SeLockSubjectContext (
5495 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
5501 SeMarkLogonSessionForTerminationNotification (
5508 SeOpenObjectAuditAlarm (
5509 IN PUNICODE_STRING ObjectTypeName
,
5510 IN PVOID Object OPTIONAL
,
5511 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL
,
5512 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5513 IN PACCESS_STATE AccessState
,
5514 IN BOOLEAN ObjectCreated
,
5515 IN BOOLEAN AccessGranted
,
5516 IN KPROCESSOR_MODE AccessMode
,
5517 OUT PBOOLEAN GenerateOnClose
5523 SeOpenObjectForDeleteAuditAlarm (
5524 IN PUNICODE_STRING ObjectTypeName
,
5525 IN PVOID Object OPTIONAL
,
5526 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL
,
5527 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5528 IN PACCESS_STATE AccessState
,
5529 IN BOOLEAN ObjectCreated
,
5530 IN BOOLEAN AccessGranted
,
5531 IN KPROCESSOR_MODE AccessMode
,
5532 OUT PBOOLEAN GenerateOnClose
5539 IN OUT PPRIVILEGE_SET RequiredPrivileges
,
5540 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
,
5541 IN KPROCESSOR_MODE AccessMode
5547 SeQueryAuthenticationIdToken (
5548 IN PACCESS_TOKEN Token
,
5552 #if (VER_PRODUCTBUILD >= 2195)
5557 SeQueryInformationToken (
5558 IN PACCESS_TOKEN Token
,
5559 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
5560 OUT PVOID
*TokenInformation
5563 #endif /* (VER_PRODUCTBUILD >= 2195) */
5568 SeQuerySecurityDescriptorInfo (
5569 IN PSECURITY_INFORMATION SecurityInformation
,
5570 OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
5571 IN OUT PULONG Length
,
5572 IN PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
5575 #if (VER_PRODUCTBUILD >= 2195)
5580 SeQuerySessionIdToken (
5581 IN PACCESS_TOKEN Token
,
5585 #endif /* (VER_PRODUCTBUILD >= 2195) */
5587 #define SeQuerySubjectContextToken( SubjectContext ) \
5588 ( ARGUMENT_PRESENT( \
5589 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken \
5591 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken : \
5592 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->PrimaryToken )
5594 typedef NTSTATUS (NTAPI
*PSE_LOGON_SESSION_TERMINATED_ROUTINE
) (
5601 SeRegisterLogonSessionTerminatedRoutine (
5602 IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
5608 SeReleaseSubjectContext (
5609 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
5615 SeSetAccessStateGenericMapping (
5616 PACCESS_STATE AccessState
,
5617 PGENERIC_MAPPING GenericMapping
5623 SeSetSecurityDescriptorInfo (
5624 IN PVOID Object OPTIONAL
,
5625 IN PSECURITY_INFORMATION SecurityInformation
,
5626 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5627 IN OUT PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
,
5628 IN POOL_TYPE PoolType
,
5629 IN PGENERIC_MAPPING GenericMapping
5632 #if (VER_PRODUCTBUILD >= 2195)
5637 SeSetSecurityDescriptorInfoEx (
5638 IN PVOID Object OPTIONAL
,
5639 IN PSECURITY_INFORMATION SecurityInformation
,
5640 IN PSECURITY_DESCRIPTOR ModificationDescriptor
,
5641 IN OUT PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
,
5642 IN ULONG AutoInheritFlags
,
5643 IN POOL_TYPE PoolType
,
5644 IN PGENERIC_MAPPING GenericMapping
5651 IN PACCESS_TOKEN Token
5657 SeTokenIsRestricted (
5658 IN PACCESS_TOKEN Token
5664 SeLocateProcessImageName(
5665 IN PEPROCESS Process
,
5666 OUT PUNICODE_STRING
*pImageFileName
5669 #endif /* (VER_PRODUCTBUILD >= 2195) */
5675 IN PACCESS_TOKEN Token
5681 SeUnlockSubjectContext (
5682 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
5688 SeUnregisterLogonSessionTerminatedRoutine (
5689 IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
5692 #if (VER_PRODUCTBUILD >= 2195)
5697 ZwAdjustPrivilegesToken (
5698 IN HANDLE TokenHandle
,
5699 IN BOOLEAN DisableAllPrivileges
,
5700 IN PTOKEN_PRIVILEGES NewState
,
5701 IN ULONG BufferLength
,
5702 OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL
,
5703 OUT PULONG ReturnLength
5706 #endif /* (VER_PRODUCTBUILD >= 2195) */
5712 IN HANDLE ThreadHandle
5718 ZwAllocateVirtualMemory (
5719 IN HANDLE ProcessHandle
,
5720 IN OUT PVOID
*BaseAddress
,
5721 IN ULONG_PTR ZeroBits
,
5722 IN OUT PSIZE_T RegionSize
,
5723 IN ULONG AllocationType
,
5729 NtAccessCheckByTypeAndAuditAlarm(
5730 IN PUNICODE_STRING SubsystemName
,
5732 IN PUNICODE_STRING ObjectTypeName
,
5733 IN PUNICODE_STRING ObjectName
,
5734 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5735 IN PSID PrincipalSelfSid
,
5736 IN ACCESS_MASK DesiredAccess
,
5737 IN AUDIT_EVENT_TYPE AuditType
,
5739 IN POBJECT_TYPE_LIST ObjectTypeList
,
5740 IN ULONG ObjectTypeLength
,
5741 IN PGENERIC_MAPPING GenericMapping
,
5742 IN BOOLEAN ObjectCreation
,
5743 OUT PACCESS_MASK GrantedAccess
,
5744 OUT PNTSTATUS AccessStatus
,
5745 OUT PBOOLEAN GenerateOnClose
5750 NtAccessCheckByTypeResultListAndAuditAlarm(
5751 IN PUNICODE_STRING SubsystemName
,
5753 IN PUNICODE_STRING ObjectTypeName
,
5754 IN PUNICODE_STRING ObjectName
,
5755 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5756 IN PSID PrincipalSelfSid
,
5757 IN ACCESS_MASK DesiredAccess
,
5758 IN AUDIT_EVENT_TYPE AuditType
,
5760 IN POBJECT_TYPE_LIST ObjectTypeList
,
5761 IN ULONG ObjectTypeLength
,
5762 IN PGENERIC_MAPPING GenericMapping
,
5763 IN BOOLEAN ObjectCreation
,
5764 OUT PACCESS_MASK GrantedAccess
,
5765 OUT PNTSTATUS AccessStatus
,
5766 OUT PBOOLEAN GenerateOnClose
5771 NtAccessCheckByTypeResultListAndAuditAlarmByHandle(
5772 IN PUNICODE_STRING SubsystemName
,
5774 IN HANDLE ClientToken
,
5775 IN PUNICODE_STRING ObjectTypeName
,
5776 IN PUNICODE_STRING ObjectName
,
5777 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5778 IN PSID PrincipalSelfSid
,
5779 IN ACCESS_MASK DesiredAccess
,
5780 IN AUDIT_EVENT_TYPE AuditType
,
5782 IN POBJECT_TYPE_LIST ObjectTypeList
,
5783 IN ULONG ObjectTypeLength
,
5784 IN PGENERIC_MAPPING GenericMapping
,
5785 IN BOOLEAN ObjectCreation
,
5786 OUT PACCESS_MASK GrantedAccess
,
5787 OUT PNTSTATUS AccessStatus
,
5788 OUT PBOOLEAN GenerateOnClose
5794 ZwAccessCheckAndAuditAlarm (
5795 IN PUNICODE_STRING SubsystemName
,
5797 IN PUNICODE_STRING ObjectTypeName
,
5798 IN PUNICODE_STRING ObjectName
,
5799 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5800 IN ACCESS_MASK DesiredAccess
,
5801 IN PGENERIC_MAPPING GenericMapping
,
5802 IN BOOLEAN ObjectCreation
,
5803 OUT PACCESS_MASK GrantedAccess
,
5804 OUT PBOOLEAN AccessStatus
,
5805 OUT PBOOLEAN GenerateOnClose
5808 #if (VER_PRODUCTBUILD >= 2195)
5814 IN HANDLE FileHandle
,
5815 OUT PIO_STATUS_BLOCK IoStatusBlock
5818 #endif /* (VER_PRODUCTBUILD >= 2195) */
5824 IN HANDLE EventHandle
5830 ZwCloseObjectAuditAlarm (
5831 IN PUNICODE_STRING SubsystemName
,
5833 IN BOOLEAN GenerateOnClose
5840 OUT PHANDLE SectionHandle
,
5841 IN ACCESS_MASK DesiredAccess
,
5842 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
5843 IN PLARGE_INTEGER MaximumSize OPTIONAL
,
5844 IN ULONG SectionPageProtection
,
5845 IN ULONG AllocationAttributes
,
5846 IN HANDLE FileHandle OPTIONAL
5852 ZwCreateSymbolicLinkObject (
5853 OUT PHANDLE SymbolicLinkHandle
,
5854 IN ACCESS_MASK DesiredAccess
,
5855 IN POBJECT_ATTRIBUTES ObjectAttributes
,
5856 IN PUNICODE_STRING TargetName
5863 IN POBJECT_ATTRIBUTES ObjectAttributes
5871 IN PUNICODE_STRING Name
5875 #if (NTDDI_VERSION >= NTDDI_WIN2K)
5879 ZwDeviceIoControlFile (
5880 IN HANDLE FileHandle
,
5881 IN HANDLE Event OPTIONAL
,
5882 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
5883 IN PVOID ApcContext OPTIONAL
,
5884 OUT PIO_STATUS_BLOCK IoStatusBlock
,
5885 IN ULONG IoControlCode
,
5886 IN PVOID InputBuffer OPTIONAL
,
5887 IN ULONG InputBufferLength
,
5888 OUT PVOID OutputBuffer OPTIONAL
,
5889 IN ULONG OutputBufferLength
);
5896 IN PUNICODE_STRING String
5903 IN HANDLE SourceProcessHandle
,
5904 IN HANDLE SourceHandle
,
5905 IN HANDLE TargetProcessHandle OPTIONAL
,
5906 OUT PHANDLE TargetHandle OPTIONAL
,
5907 IN ACCESS_MASK DesiredAccess
,
5908 IN ULONG HandleAttributes
,
5916 IN HANDLE ExistingTokenHandle
,
5917 IN ACCESS_MASK DesiredAccess
,
5918 IN POBJECT_ATTRIBUTES ObjectAttributes
,
5919 IN BOOLEAN EffectiveOnly
,
5920 IN TOKEN_TYPE TokenType
,
5921 OUT PHANDLE NewTokenHandle
5927 IN HANDLE ExistingTokenHandle
,
5929 IN PTOKEN_GROUPS SidsToDisable OPTIONAL
,
5930 IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL
,
5931 IN PTOKEN_GROUPS RestrictedSids OPTIONAL
,
5932 OUT PHANDLE NewTokenHandle
5938 ZwFlushInstructionCache (
5939 IN HANDLE ProcessHandle
,
5940 IN PVOID BaseAddress OPTIONAL
,
5948 IN HANDLE FileHandle
,
5949 OUT PIO_STATUS_BLOCK IoStatusBlock
5952 #if (VER_PRODUCTBUILD >= 2195)
5957 ZwFlushVirtualMemory (
5958 IN HANDLE ProcessHandle
,
5959 IN OUT PVOID
*BaseAddress
,
5960 IN OUT PULONG FlushSize
,
5961 OUT PIO_STATUS_BLOCK IoStatusBlock
5964 #endif /* (VER_PRODUCTBUILD >= 2195) */
5969 ZwFreeVirtualMemory (
5970 IN HANDLE ProcessHandle
,
5971 IN OUT PVOID
*BaseAddress
,
5972 IN OUT PSIZE_T RegionSize
,
5980 IN HANDLE FileHandle
,
5981 IN HANDLE Event OPTIONAL
,
5982 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
5983 IN PVOID ApcContext OPTIONAL
,
5984 OUT PIO_STATUS_BLOCK IoStatusBlock
,
5985 IN ULONG FsControlCode
,
5986 IN PVOID InputBuffer OPTIONAL
,
5987 IN ULONG InputBufferLength
,
5988 OUT PVOID OutputBuffer OPTIONAL
,
5989 IN ULONG OutputBufferLength
5992 #if (VER_PRODUCTBUILD >= 2195)
5997 ZwInitiatePowerAction (
5998 IN POWER_ACTION SystemAction
,
5999 IN SYSTEM_POWER_STATE MinSystemState
,
6001 IN BOOLEAN Asynchronous
6004 #endif /* (VER_PRODUCTBUILD >= 2195) */
6010 /* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" */
6011 IN PUNICODE_STRING RegistryPath
6018 IN POBJECT_ATTRIBUTES KeyObjectAttributes
,
6019 IN POBJECT_ATTRIBUTES FileObjectAttributes
6026 IN HANDLE KeyHandle
,
6027 IN HANDLE EventHandle OPTIONAL
,
6028 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
6029 IN PVOID ApcContext OPTIONAL
,
6030 OUT PIO_STATUS_BLOCK IoStatusBlock
,
6031 IN ULONG NotifyFilter
,
6032 IN BOOLEAN WatchSubtree
,
6034 IN ULONG BufferLength
,
6035 IN BOOLEAN Asynchronous
6041 ZwOpenDirectoryObject (
6042 OUT PHANDLE DirectoryHandle
,
6043 IN ACCESS_MASK DesiredAccess
,
6044 IN POBJECT_ATTRIBUTES ObjectAttributes
6051 OUT PHANDLE EventHandle
,
6052 IN ACCESS_MASK DesiredAccess
,
6053 IN POBJECT_ATTRIBUTES ObjectAttributes
6060 OUT PHANDLE ProcessHandle
,
6061 IN ACCESS_MASK DesiredAccess
,
6062 IN POBJECT_ATTRIBUTES ObjectAttributes
,
6063 IN PCLIENT_ID ClientId OPTIONAL
6069 ZwOpenProcessToken (
6070 IN HANDLE ProcessHandle
,
6071 IN ACCESS_MASK DesiredAccess
,
6072 OUT PHANDLE TokenHandle
6079 OUT PHANDLE ThreadHandle
,
6080 IN ACCESS_MASK DesiredAccess
,
6081 IN POBJECT_ATTRIBUTES ObjectAttributes
,
6082 IN PCLIENT_ID ClientId
6089 IN HANDLE ThreadHandle
,
6090 IN ACCESS_MASK DesiredAccess
,
6091 IN BOOLEAN OpenAsSelf
,
6092 OUT PHANDLE TokenHandle
6095 #if (VER_PRODUCTBUILD >= 2195)
6100 ZwPowerInformation (
6101 IN POWER_INFORMATION_LEVEL PowerInformationLevel
,
6102 IN PVOID InputBuffer OPTIONAL
,
6103 IN ULONG InputBufferLength
,
6104 OUT PVOID OutputBuffer OPTIONAL
,
6105 IN ULONG OutputBufferLength
6108 #endif /* (VER_PRODUCTBUILD >= 2195) */
6114 IN HANDLE EventHandle
,
6115 OUT PLONG PreviousState OPTIONAL
6121 ZwQueryDefaultLocale (
6122 IN BOOLEAN ThreadOrSystem
,
6129 ZwQueryDirectoryFile (
6130 IN HANDLE FileHandle
,
6131 IN HANDLE Event OPTIONAL
,
6132 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
6133 IN PVOID ApcContext OPTIONAL
,
6134 OUT PIO_STATUS_BLOCK IoStatusBlock
,
6135 OUT PVOID FileInformation
,
6137 IN FILE_INFORMATION_CLASS FileInformationClass
,
6138 IN BOOLEAN ReturnSingleEntry
,
6139 IN PUNICODE_STRING FileName OPTIONAL
,
6140 IN BOOLEAN RestartScan
6143 #if (VER_PRODUCTBUILD >= 2195)
6148 ZwQueryDirectoryObject (
6149 IN HANDLE DirectoryHandle
,
6152 IN BOOLEAN ReturnSingleEntry
,
6153 IN BOOLEAN RestartScan
,
6154 IN OUT PULONG Context
,
6155 OUT PULONG ReturnLength OPTIONAL
6162 IN HANDLE FileHandle
,
6163 OUT PIO_STATUS_BLOCK IoStatusBlock
,
6166 IN BOOLEAN ReturnSingleEntry
,
6167 IN PVOID EaList OPTIONAL
,
6168 IN ULONG EaListLength
,
6169 IN PULONG EaIndex OPTIONAL
,
6170 IN BOOLEAN RestartScan
6173 #endif /* (VER_PRODUCTBUILD >= 2195) */
6178 ZwQueryInformationProcess (
6179 IN HANDLE ProcessHandle
,
6180 IN PROCESSINFOCLASS ProcessInformationClass
,
6181 OUT PVOID ProcessInformation
,
6182 IN ULONG ProcessInformationLength
,
6183 OUT PULONG ReturnLength OPTIONAL
6189 ZwQueryInformationToken (
6190 IN HANDLE TokenHandle
,
6191 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
6192 OUT PVOID TokenInformation
,
6194 OUT PULONG ResultLength
6200 ZwQuerySecurityObject (
6201 IN HANDLE FileHandle
,
6202 IN SECURITY_INFORMATION SecurityInformation
,
6203 OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
6205 OUT PULONG ResultLength
6211 ZwQueryVolumeInformationFile (
6212 IN HANDLE FileHandle
,
6213 OUT PIO_STATUS_BLOCK IoStatusBlock
,
6214 OUT PVOID FsInformation
,
6216 IN FS_INFORMATION_CLASS FsInformationClass
6223 IN POBJECT_ATTRIBUTES NewFileObjectAttributes
,
6224 IN HANDLE KeyHandle
,
6225 IN POBJECT_ATTRIBUTES OldFileObjectAttributes
6232 IN HANDLE EventHandle
,
6233 OUT PLONG PreviousState OPTIONAL
6236 #if (VER_PRODUCTBUILD >= 2195)
6242 IN HANDLE KeyHandle
,
6243 IN HANDLE FileHandle
,
6247 #endif /* (VER_PRODUCTBUILD >= 2195) */
6253 IN HANDLE KeyHandle
,
6254 IN HANDLE FileHandle
6260 ZwSetDefaultLocale (
6261 IN BOOLEAN ThreadOrSystem
,
6265 #if (VER_PRODUCTBUILD >= 2195)
6270 ZwSetDefaultUILanguage (
6271 IN LANGID LanguageId
6278 IN HANDLE FileHandle
,
6279 OUT PIO_STATUS_BLOCK IoStatusBlock
,
6284 #endif /* (VER_PRODUCTBUILD >= 2195) */
6290 IN HANDLE EventHandle
,
6291 OUT PLONG PreviousState OPTIONAL
6297 ZwSetInformationProcess (
6298 IN HANDLE ProcessHandle
,
6299 IN PROCESSINFOCLASS ProcessInformationClass
,
6300 IN PVOID ProcessInformation
,
6301 IN ULONG ProcessInformationLength
6304 #if (VER_PRODUCTBUILD >= 2195)
6309 ZwSetSecurityObject (
6311 IN SECURITY_INFORMATION SecurityInformation
,
6312 IN PSECURITY_DESCRIPTOR SecurityDescriptor
6315 #endif /* (VER_PRODUCTBUILD >= 2195) */
6321 IN PLARGE_INTEGER NewTime
,
6322 OUT PLARGE_INTEGER OldTime OPTIONAL
6325 #if (VER_PRODUCTBUILD >= 2195)
6330 ZwSetVolumeInformationFile (
6331 IN HANDLE FileHandle
,
6332 OUT PIO_STATUS_BLOCK IoStatusBlock
,
6333 IN PVOID FsInformation
,
6335 IN FS_INFORMATION_CLASS FsInformationClass
6338 #endif /* (VER_PRODUCTBUILD >= 2195) */
6343 ZwTerminateProcess (
6344 IN HANDLE ProcessHandle OPTIONAL
,
6345 IN NTSTATUS ExitStatus
6352 /* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" */
6353 IN PUNICODE_STRING RegistryPath
6360 IN POBJECT_ATTRIBUTES KeyObjectAttributes
6363 #if (NTDDI_VERSION >= NTDDI_WIN2K)
6367 ZwWaitForSingleObject (
6369 IN BOOLEAN Alertable
,
6370 IN PLARGE_INTEGER Timeout OPTIONAL
);
6376 ZwWaitForMultipleObjects (
6377 IN ULONG HandleCount
,
6379 IN WAIT_TYPE WaitType
,
6380 IN BOOLEAN Alertable
,
6381 IN PLARGE_INTEGER Timeout OPTIONAL
6397 #endif /* _NTIFS_ */
projects / reactos.git / blob