[NTIFS]
[reactos.git] / include / ddk / ntifs.h
1 /*
2 * ntifs.h
3 *
4 * Windows NT Filesystem Driver Developer Kit
5 *
6 * This file is part of the w32api package.
7 *
8 * Contributors:
9 * Created by Bo Brantén <bosse@acc.umu.se>
10 *
11 * THIS SOFTWARE IS NOT COPYRIGHTED
12 *
13 * This source code is offered for use in the public domain. You may
14 * use, modify or distribute it freely.
15 *
16 * This code is distributed in the hope that it will be useful but
17 * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
18 * DISCLAIMED. This includes but is not limited to warranties of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
20 *
21 */
22
23 #pragma once
24
25 #define _NTIFS_INCLUDED_
26 #define _GNU_NTIFS_
27
28 /* Helper macro to enable gcc's extension. */
29 #ifndef __GNU_EXTENSION
30 #ifdef __GNUC__
31 #define __GNU_EXTENSION __extension__
32 #else
33 #define __GNU_EXTENSION
34 #endif
35 #endif
36
37 #ifdef __cplusplus
38 extern "C" {
39 #endif
40
41 #if !defined(_NTHALDLL_) && !defined(_BLDR_)
42 #define NTHALAPI DECLSPEC_IMPORT
43 #else
44 #define NTHALAPI
45 #endif
46
47 #if !defined(_NTOSKRNL_) /* For ReactOS */
48 #define NTKERNELAPI DECLSPEC_IMPORT
49 #else
50 #define NTKERNELAPI
51 #endif
52
53 /* Dependencies */
54 #include <ntddk.h>
55 #include <excpt.h>
56 #include <ntdef.h>
57 #include <ntnls.h>
58 #include <ntstatus.h>
59 #include <bugcodes.h>
60 /* FIXME : #include <ntiologc.h> */
61
62 #ifndef FlagOn
63 #define FlagOn(_F,_SF) ((_F) & (_SF))
64 #endif
65
66 #ifndef BooleanFlagOn
67 #define BooleanFlagOn(F,SF) ((BOOLEAN)(((F) & (SF)) != 0))
68 #endif
69
70 #ifndef SetFlag
71 #define SetFlag(_F,_SF) ((_F) |= (_SF))
72 #endif
73
74 #ifndef ClearFlag
75 #define ClearFlag(_F,_SF) ((_F) &= ~(_SF))
76 #endif
77
78 #define PsGetCurrentProcess IoGetCurrentProcess
79
80 #if (NTDDI_VERSION >= NTDDI_VISTA)
81 extern NTSYSAPI volatile CCHAR KeNumberProcessors;
82 #elif (NTDDI_VERSION >= NTDDI_WINXP)
83 extern NTSYSAPI CCHAR KeNumberProcessors;
84 #else
85 extern PCCHAR KeNumberProcessors;
86 #endif
87
88 typedef UNICODE_STRING LSA_UNICODE_STRING, *PLSA_UNICODE_STRING;
89 typedef STRING LSA_STRING, *PLSA_STRING;
90 typedef OBJECT_ATTRIBUTES LSA_OBJECT_ATTRIBUTES, *PLSA_OBJECT_ATTRIBUTES;
91
92 #ifndef SID_IDENTIFIER_AUTHORITY_DEFINED
93 #define SID_IDENTIFIER_AUTHORITY_DEFINED
94 typedef struct _SID_IDENTIFIER_AUTHORITY {
95 UCHAR Value[6];
96 } SID_IDENTIFIER_AUTHORITY,*PSID_IDENTIFIER_AUTHORITY,*LPSID_IDENTIFIER_AUTHORITY;
97 #endif
98
99 #ifndef SID_DEFINED
100 #define SID_DEFINED
101 typedef struct _SID {
102 UCHAR Revision;
103 UCHAR SubAuthorityCount;
104 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
105 ULONG SubAuthority[ANYSIZE_ARRAY];
106 } SID, *PISID;
107 #endif
108
109 #define SID_REVISION 1
110 #define SID_MAX_SUB_AUTHORITIES 15
111 #define SID_RECOMMENDED_SUB_AUTHORITIES 1
112
113 typedef enum _SID_NAME_USE {
114 SidTypeUser = 1,
115 SidTypeGroup,
116 SidTypeDomain,
117 SidTypeAlias,
118 SidTypeWellKnownGroup,
119 SidTypeDeletedAccount,
120 SidTypeInvalid,
121 SidTypeUnknown,
122 SidTypeComputer,
123 SidTypeLabel
124 } SID_NAME_USE, *PSID_NAME_USE;
125
126 typedef struct _SID_AND_ATTRIBUTES {
127 PSID Sid;
128 ULONG Attributes;
129 } SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES;
130 typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
131 typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY;
132
133 #define SID_HASH_SIZE 32
134 typedef ULONG_PTR SID_HASH_ENTRY, *PSID_HASH_ENTRY;
135
136 typedef struct _SID_AND_ATTRIBUTES_HASH {
137 ULONG SidCount;
138 PSID_AND_ATTRIBUTES SidAttr;
139 SID_HASH_ENTRY Hash[SID_HASH_SIZE];
140 } SID_AND_ATTRIBUTES_HASH, *PSID_AND_ATTRIBUTES_HASH;
141
142 /* Universal well-known SIDs */
143
144 #define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0}
145 #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
146 #define SECURITY_LOCAL_SID_AUTHORITY {0,0,0,0,0,2}
147 #define SECURITY_CREATOR_SID_AUTHORITY {0,0,0,0,0,3}
148 #define SECURITY_NON_UNIQUE_AUTHORITY {0,0,0,0,0,4}
149 #define SECURITY_RESOURCE_MANAGER_AUTHORITY {0,0,0,0,0,9}
150
151 #define SECURITY_NULL_RID (0x00000000L)
152 #define SECURITY_WORLD_RID (0x00000000L)
153 #define SECURITY_LOCAL_RID (0x00000000L)
154 #define SECURITY_LOCAL_LOGON_RID (0x00000001L)
155
156 #define SECURITY_CREATOR_OWNER_RID (0x00000000L)
157 #define SECURITY_CREATOR_GROUP_RID (0x00000001L)
158 #define SECURITY_CREATOR_OWNER_SERVER_RID (0x00000002L)
159 #define SECURITY_CREATOR_GROUP_SERVER_RID (0x00000003L)
160 #define SECURITY_CREATOR_OWNER_RIGHTS_RID (0x00000004L)
161
162 /* NT well-known SIDs */
163
164 #define SECURITY_NT_AUTHORITY {0,0,0,0,0,5}
165
166 #define SECURITY_DIALUP_RID (0x00000001L)
167 #define SECURITY_NETWORK_RID (0x00000002L)
168 #define SECURITY_BATCH_RID (0x00000003L)
169 #define SECURITY_INTERACTIVE_RID (0x00000004L)
170 #define SECURITY_LOGON_IDS_RID (0x00000005L)
171 #define SECURITY_LOGON_IDS_RID_COUNT (3L)
172 #define SECURITY_SERVICE_RID (0x00000006L)
173 #define SECURITY_ANONYMOUS_LOGON_RID (0x00000007L)
174 #define SECURITY_PROXY_RID (0x00000008L)
175 #define SECURITY_ENTERPRISE_CONTROLLERS_RID (0x00000009L)
176 #define SECURITY_SERVER_LOGON_RID SECURITY_ENTERPRISE_CONTROLLERS_RID
177 #define SECURITY_PRINCIPAL_SELF_RID (0x0000000AL)
178 #define SECURITY_AUTHENTICATED_USER_RID (0x0000000BL)
179 #define SECURITY_RESTRICTED_CODE_RID (0x0000000CL)
180 #define SECURITY_TERMINAL_SERVER_RID (0x0000000DL)
181 #define SECURITY_REMOTE_LOGON_RID (0x0000000EL)
182 #define SECURITY_THIS_ORGANIZATION_RID (0x0000000FL)
183 #define SECURITY_IUSER_RID (0x00000011L)
184 #define SECURITY_LOCAL_SYSTEM_RID (0x00000012L)
185 #define SECURITY_LOCAL_SERVICE_RID (0x00000013L)
186 #define SECURITY_NETWORK_SERVICE_RID (0x00000014L)
187 #define SECURITY_NT_NON_UNIQUE (0x00000015L)
188 #define SECURITY_NT_NON_UNIQUE_SUB_AUTH_COUNT (3L)
189 #define SECURITY_ENTERPRISE_READONLY_CONTROLLERS_RID (0x00000016L)
190
191 #define SECURITY_BUILTIN_DOMAIN_RID (0x00000020L)
192 #define SECURITY_WRITE_RESTRICTED_CODE_RID (0x00000021L)
193
194
195 #define SECURITY_PACKAGE_BASE_RID (0x00000040L)
196 #define SECURITY_PACKAGE_RID_COUNT (2L)
197 #define SECURITY_PACKAGE_NTLM_RID (0x0000000AL)
198 #define SECURITY_PACKAGE_SCHANNEL_RID (0x0000000EL)
199 #define SECURITY_PACKAGE_DIGEST_RID (0x00000015L)
200
201 #define SECURITY_CRED_TYPE_BASE_RID (0x00000041L)
202 #define SECURITY_CRED_TYPE_RID_COUNT (2L)
203 #define SECURITY_CRED_TYPE_THIS_ORG_CERT_RID (0x00000001L)
204
205 #define SECURITY_MIN_BASE_RID (0x00000050L)
206 #define SECURITY_SERVICE_ID_BASE_RID (0x00000050L)
207 #define SECURITY_SERVICE_ID_RID_COUNT (6L)
208 #define SECURITY_RESERVED_ID_BASE_RID (0x00000051L)
209 #define SECURITY_APPPOOL_ID_BASE_RID (0x00000052L)
210 #define SECURITY_APPPOOL_ID_RID_COUNT (6L)
211 #define SECURITY_VIRTUALSERVER_ID_BASE_RID (0x00000053L)
212 #define SECURITY_VIRTUALSERVER_ID_RID_COUNT (6L)
213 #define SECURITY_USERMODEDRIVERHOST_ID_BASE_RID (0x00000054L)
214 #define SECURITY_USERMODEDRIVERHOST_ID_RID_COUNT (6L)
215 #define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_BASE_RID (0x00000055L)
216 #define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_RID_COUNT (6L)
217 #define SECURITY_WMIHOST_ID_BASE_RID (0x00000056L)
218 #define SECURITY_WMIHOST_ID_RID_COUNT (6L)
219 #define SECURITY_TASK_ID_BASE_RID (0x00000057L)
220 #define SECURITY_NFS_ID_BASE_RID (0x00000058L)
221 #define SECURITY_COM_ID_BASE_RID (0x00000059L)
222 #define SECURITY_VIRTUALACCOUNT_ID_RID_COUNT (6L)
223
224 #define SECURITY_MAX_BASE_RID (0x0000006FL)
225
226 #define SECURITY_MAX_ALWAYS_FILTERED (0x000003E7L)
227 #define SECURITY_MIN_NEVER_FILTERED (0x000003E8L)
228
229 #define SECURITY_OTHER_ORGANIZATION_RID (0x000003E8L)
230
231 #define SECURITY_WINDOWSMOBILE_ID_BASE_RID (0x00000070L)
232
233 /* Well-known domain relative sub-authority values (RIDs) */
234
235 #define DOMAIN_GROUP_RID_ENTERPRISE_READONLY_DOMAIN_CONTROLLERS (0x000001F2L)
236
237 #define FOREST_USER_RID_MAX (0x000001F3L)
238
239 /* Well-known users */
240
241 #define DOMAIN_USER_RID_ADMIN (0x000001F4L)
242 #define DOMAIN_USER_RID_GUEST (0x000001F5L)
243 #define DOMAIN_USER_RID_KRBTGT (0x000001F6L)
244
245 #define DOMAIN_USER_RID_MAX (0x000003E7L)
246
247 /* Well-known groups */
248
249 #define DOMAIN_GROUP_RID_ADMINS (0x00000200L)
250 #define DOMAIN_GROUP_RID_USERS (0x00000201L)
251 #define DOMAIN_GROUP_RID_GUESTS (0x00000202L)
252 #define DOMAIN_GROUP_RID_COMPUTERS (0x00000203L)
253 #define DOMAIN_GROUP_RID_CONTROLLERS (0x00000204L)
254 #define DOMAIN_GROUP_RID_CERT_ADMINS (0x00000205L)
255 #define DOMAIN_GROUP_RID_SCHEMA_ADMINS (0x00000206L)
256 #define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS (0x00000207L)
257 #define DOMAIN_GROUP_RID_POLICY_ADMINS (0x00000208L)
258 #define DOMAIN_GROUP_RID_READONLY_CONTROLLERS (0x00000209L)
259
260 /* Well-known aliases */
261
262 #define DOMAIN_ALIAS_RID_ADMINS (0x00000220L)
263 #define DOMAIN_ALIAS_RID_USERS (0x00000221L)
264 #define DOMAIN_ALIAS_RID_GUESTS (0x00000222L)
265 #define DOMAIN_ALIAS_RID_POWER_USERS (0x00000223L)
266
267 #define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L)
268 #define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x00000225L)
269 #define DOMAIN_ALIAS_RID_PRINT_OPS (0x00000226L)
270 #define DOMAIN_ALIAS_RID_BACKUP_OPS (0x00000227L)
271
272 #define DOMAIN_ALIAS_RID_REPLICATOR (0x00000228L)
273 #define DOMAIN_ALIAS_RID_RAS_SERVERS (0x00000229L)
274 #define DOMAIN_ALIAS_RID_PREW2KCOMPACCESS (0x0000022AL)
275 #define DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS (0x0000022BL)
276 #define DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS (0x0000022CL)
277 #define DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS (0x0000022DL)
278
279 #define DOMAIN_ALIAS_RID_MONITORING_USERS (0x0000022EL)
280 #define DOMAIN_ALIAS_RID_LOGGING_USERS (0x0000022FL)
281 #define DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS (0x00000230L)
282 #define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS (0x00000231L)
283 #define DOMAIN_ALIAS_RID_DCOM_USERS (0x00000232L)
284 #define DOMAIN_ALIAS_RID_IUSERS (0x00000238L)
285 #define DOMAIN_ALIAS_RID_CRYPTO_OPERATORS (0x00000239L)
286 #define DOMAIN_ALIAS_RID_CACHEABLE_PRINCIPALS_GROUP (0x0000023BL)
287 #define DOMAIN_ALIAS_RID_NON_CACHEABLE_PRINCIPALS_GROUP (0x0000023CL)
288 #define DOMAIN_ALIAS_RID_EVENT_LOG_READERS_GROUP (0x0000023DL)
289 #define DOMAIN_ALIAS_RID_CERTSVC_DCOM_ACCESS_GROUP (0x0000023EL)
290
291 #define SECURITY_MANDATORY_LABEL_AUTHORITY {0,0,0,0,0,16}
292 #define SECURITY_MANDATORY_UNTRUSTED_RID (0x00000000L)
293 #define SECURITY_MANDATORY_LOW_RID (0x00001000L)
294 #define SECURITY_MANDATORY_MEDIUM_RID (0x00002000L)
295 #define SECURITY_MANDATORY_HIGH_RID (0x00003000L)
296 #define SECURITY_MANDATORY_SYSTEM_RID (0x00004000L)
297 #define SECURITY_MANDATORY_PROTECTED_PROCESS_RID (0x00005000L)
298
299 /* SECURITY_MANDATORY_MAXIMUM_USER_RID is the highest RID that
300 can be set by a usermode caller.*/
301
302 #define SECURITY_MANDATORY_MAXIMUM_USER_RID SECURITY_MANDATORY_SYSTEM_RID
303
304 #define MANDATORY_LEVEL_TO_MANDATORY_RID(IL) (IL * 0x1000)
305
306 /* Allocate the System Luid. The first 1000 LUIDs are reserved.
307 Use #999 here (0x3e7 = 999) */
308
309 #define SYSTEM_LUID { 0x3e7, 0x0 }
310 #define ANONYMOUS_LOGON_LUID { 0x3e6, 0x0 }
311 #define LOCALSERVICE_LUID { 0x3e5, 0x0 }
312 #define NETWORKSERVICE_LUID { 0x3e4, 0x0 }
313 #define IUSER_LUID { 0x3e3, 0x0 }
314
315 typedef struct _ACE_HEADER {
316 UCHAR AceType;
317 UCHAR AceFlags;
318 USHORT AceSize;
319 } ACE_HEADER, *PACE_HEADER;
320
321 /* also in winnt.h */
322 #define ACCESS_MIN_MS_ACE_TYPE (0x0)
323 #define ACCESS_ALLOWED_ACE_TYPE (0x0)
324 #define ACCESS_DENIED_ACE_TYPE (0x1)
325 #define SYSTEM_AUDIT_ACE_TYPE (0x2)
326 #define SYSTEM_ALARM_ACE_TYPE (0x3)
327 #define ACCESS_MAX_MS_V2_ACE_TYPE (0x3)
328 #define ACCESS_ALLOWED_COMPOUND_ACE_TYPE (0x4)
329 #define ACCESS_MAX_MS_V3_ACE_TYPE (0x4)
330 #define ACCESS_MIN_MS_OBJECT_ACE_TYPE (0x5)
331 #define ACCESS_ALLOWED_OBJECT_ACE_TYPE (0x5)
332 #define ACCESS_DENIED_OBJECT_ACE_TYPE (0x6)
333 #define SYSTEM_AUDIT_OBJECT_ACE_TYPE (0x7)
334 #define SYSTEM_ALARM_OBJECT_ACE_TYPE (0x8)
335 #define ACCESS_MAX_MS_OBJECT_ACE_TYPE (0x8)
336 #define ACCESS_MAX_MS_V4_ACE_TYPE (0x8)
337 #define ACCESS_MAX_MS_ACE_TYPE (0x8)
338 #define ACCESS_ALLOWED_CALLBACK_ACE_TYPE (0x9)
339 #define ACCESS_DENIED_CALLBACK_ACE_TYPE (0xA)
340 #define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE (0xB)
341 #define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE (0xC)
342 #define SYSTEM_AUDIT_CALLBACK_ACE_TYPE (0xD)
343 #define SYSTEM_ALARM_CALLBACK_ACE_TYPE (0xE)
344 #define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE (0xF)
345 #define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE (0x10)
346 #define ACCESS_MAX_MS_V5_ACE_TYPE (0x11)
347 #define SYSTEM_MANDATORY_LABEL_ACE_TYPE (0x11)
348
349 /* The following are the inherit flags that go into the AceFlags field
350 of an Ace header. */
351
352 #define OBJECT_INHERIT_ACE (0x1)
353 #define CONTAINER_INHERIT_ACE (0x2)
354 #define NO_PROPAGATE_INHERIT_ACE (0x4)
355 #define INHERIT_ONLY_ACE (0x8)
356 #define INHERITED_ACE (0x10)
357 #define VALID_INHERIT_FLAGS (0x1F)
358
359 #define SUCCESSFUL_ACCESS_ACE_FLAG (0x40)
360 #define FAILED_ACCESS_ACE_FLAG (0x80)
361
362 typedef struct _ACCESS_ALLOWED_ACE {
363 ACE_HEADER Header;
364 ACCESS_MASK Mask;
365 ULONG SidStart;
366 } ACCESS_ALLOWED_ACE, *PACCESS_ALLOWED_ACE;
367
368 typedef struct _ACCESS_DENIED_ACE {
369 ACE_HEADER Header;
370 ACCESS_MASK Mask;
371 ULONG SidStart;
372 } ACCESS_DENIED_ACE, *PACCESS_DENIED_ACE;
373
374 typedef struct _SYSTEM_AUDIT_ACE {
375 ACE_HEADER Header;
376 ACCESS_MASK Mask;
377 ULONG SidStart;
378 } SYSTEM_AUDIT_ACE, *PSYSTEM_AUDIT_ACE;
379
380 typedef struct _SYSTEM_ALARM_ACE {
381 ACE_HEADER Header;
382 ACCESS_MASK Mask;
383 ULONG SidStart;
384 } SYSTEM_ALARM_ACE, *PSYSTEM_ALARM_ACE;
385
386 typedef struct _SYSTEM_MANDATORY_LABEL_ACE {
387 ACE_HEADER Header;
388 ACCESS_MASK Mask;
389 ULONG SidStart;
390 } SYSTEM_MANDATORY_LABEL_ACE, *PSYSTEM_MANDATORY_LABEL_ACE;
391
392 #define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP 0x1
393 #define SYSTEM_MANDATORY_LABEL_NO_READ_UP 0x2
394 #define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP 0x4
395 #define SYSTEM_MANDATORY_LABEL_VALID_MASK (SYSTEM_MANDATORY_LABEL_NO_WRITE_UP | \
396 SYSTEM_MANDATORY_LABEL_NO_READ_UP | \
397 SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP)
398
399 #define SECURITY_DESCRIPTOR_MIN_LENGTH (sizeof(SECURITY_DESCRIPTOR))
400
401 typedef USHORT SECURITY_DESCRIPTOR_CONTROL,*PSECURITY_DESCRIPTOR_CONTROL;
402
403 #define SE_OWNER_DEFAULTED 0x0001
404 #define SE_GROUP_DEFAULTED 0x0002
405 #define SE_DACL_PRESENT 0x0004
406 #define SE_DACL_DEFAULTED 0x0008
407 #define SE_SACL_PRESENT 0x0010
408 #define SE_SACL_DEFAULTED 0x0020
409 #define SE_DACL_UNTRUSTED 0x0040
410 #define SE_SERVER_SECURITY 0x0080
411 #define SE_DACL_AUTO_INHERIT_REQ 0x0100
412 #define SE_SACL_AUTO_INHERIT_REQ 0x0200
413 #define SE_DACL_AUTO_INHERITED 0x0400
414 #define SE_SACL_AUTO_INHERITED 0x0800
415 #define SE_DACL_PROTECTED 0x1000
416 #define SE_SACL_PROTECTED 0x2000
417 #define SE_RM_CONTROL_VALID 0x4000
418 #define SE_SELF_RELATIVE 0x8000
419
420 typedef struct _SECURITY_DESCRIPTOR_RELATIVE {
421 UCHAR Revision;
422 UCHAR Sbz1;
423 SECURITY_DESCRIPTOR_CONTROL Control;
424 ULONG Owner;
425 ULONG Group;
426 ULONG Sacl;
427 ULONG Dacl;
428 } SECURITY_DESCRIPTOR_RELATIVE, *PISECURITY_DESCRIPTOR_RELATIVE;
429
430 typedef struct _SECURITY_DESCRIPTOR {
431 UCHAR Revision;
432 UCHAR Sbz1;
433 SECURITY_DESCRIPTOR_CONTROL Control;
434 PSID Owner;
435 PSID Group;
436 PACL Sacl;
437 PACL Dacl;
438 } SECURITY_DESCRIPTOR, *PISECURITY_DESCRIPTOR;
439
440 typedef struct _OBJECT_TYPE_LIST {
441 USHORT Level;
442 USHORT Sbz;
443 GUID *ObjectType;
444 } OBJECT_TYPE_LIST, *POBJECT_TYPE_LIST;
445
446 #define ACCESS_OBJECT_GUID 0
447 #define ACCESS_PROPERTY_SET_GUID 1
448 #define ACCESS_PROPERTY_GUID 2
449 #define ACCESS_MAX_LEVEL 4
450
451 typedef enum _AUDIT_EVENT_TYPE {
452 AuditEventObjectAccess,
453 AuditEventDirectoryServiceAccess
454 } AUDIT_EVENT_TYPE, *PAUDIT_EVENT_TYPE;
455
456 #define AUDIT_ALLOW_NO_PRIVILEGE 0x1
457
458 #define ACCESS_DS_SOURCE_A "DS"
459 #define ACCESS_DS_SOURCE_W L"DS"
460 #define ACCESS_DS_OBJECT_TYPE_NAME_A "Directory Service Object"
461 #define ACCESS_DS_OBJECT_TYPE_NAME_W L"Directory Service Object"
462
463 #define ACCESS_REASON_TYPE_MASK 0xffff0000
464 #define ACCESS_REASON_DATA_MASK 0x0000ffff
465
466 typedef enum _ACCESS_REASON_TYPE {
467 AccessReasonNone = 0x00000000,
468 AccessReasonAllowedAce = 0x00010000,
469 AccessReasonDeniedAce = 0x00020000,
470 AccessReasonAllowedParentAce = 0x00030000,
471 AccessReasonDeniedParentAce = 0x00040000,
472 AccessReasonMissingPrivilege = 0x00100000,
473 AccessReasonFromPrivilege = 0x00200000,
474 AccessReasonIntegrityLevel = 0x00300000,
475 AccessReasonOwnership = 0x00400000,
476 AccessReasonNullDacl = 0x00500000,
477 AccessReasonEmptyDacl = 0x00600000,
478 AccessReasonNoSD = 0x00700000,
479 AccessReasonNoGrant = 0x00800000
480 } ACCESS_REASON_TYPE;
481
482 typedef ULONG ACCESS_REASON;
483
484 typedef struct _ACCESS_REASONS {
485 ACCESS_REASON Data[32];
486 } ACCESS_REASONS, *PACCESS_REASONS;
487
488 #define SE_SECURITY_DESCRIPTOR_FLAG_NO_OWNER_ACE 0x00000001
489 #define SE_SECURITY_DESCRIPTOR_FLAG_NO_LABEL_ACE 0x00000002
490 #define SE_SECURITY_DESCRIPTOR_VALID_FLAGS 0x00000003
491
492 typedef struct _SE_SECURITY_DESCRIPTOR {
493 ULONG Size;
494 ULONG Flags;
495 PSECURITY_DESCRIPTOR SecurityDescriptor;
496 } SE_SECURITY_DESCRIPTOR, *PSE_SECURITY_DESCRIPTOR;
497
498 typedef struct _SE_ACCESS_REQUEST {
499 ULONG Size;
500 PSE_SECURITY_DESCRIPTOR SeSecurityDescriptor;
501 ACCESS_MASK DesiredAccess;
502 ACCESS_MASK PreviouslyGrantedAccess;
503 PSID PrincipalSelfSid;
504 PGENERIC_MAPPING GenericMapping;
505 ULONG ObjectTypeListCount;
506 POBJECT_TYPE_LIST ObjectTypeList;
507 } SE_ACCESS_REQUEST, *PSE_ACCESS_REQUEST;
508
509 typedef struct _SE_ACCESS_REPLY {
510 ULONG Size;
511 ULONG ResultListCount;
512 PACCESS_MASK GrantedAccess;
513 PNTSTATUS AccessStatus;
514 PACCESS_REASONS AccessReason;
515 PPRIVILEGE_SET* Privileges;
516 } SE_ACCESS_REPLY, *PSE_ACCESS_REPLY;
517
518 typedef enum _SE_AUDIT_OPERATION {
519 AuditPrivilegeObject,
520 AuditPrivilegeService,
521 AuditAccessCheck,
522 AuditOpenObject,
523 AuditOpenObjectWithTransaction,
524 AuditCloseObject,
525 AuditDeleteObject,
526 AuditOpenObjectForDelete,
527 AuditOpenObjectForDeleteWithTransaction,
528 AuditCloseNonObject,
529 AuditOpenNonObject,
530 AuditObjectReference,
531 AuditHandleCreation,
532 } SE_AUDIT_OPERATION, *PSE_AUDIT_OPERATION;
533
534 typedef struct _SE_AUDIT_INFO {
535 ULONG Size;
536 AUDIT_EVENT_TYPE AuditType;
537 SE_AUDIT_OPERATION AuditOperation;
538 ULONG AuditFlags;
539 UNICODE_STRING SubsystemName;
540 UNICODE_STRING ObjectTypeName;
541 UNICODE_STRING ObjectName;
542 PVOID HandleId;
543 GUID* TransactionId;
544 LUID* OperationId;
545 BOOLEAN ObjectCreation;
546 BOOLEAN GenerateOnClose;
547 } SE_AUDIT_INFO, *PSE_AUDIT_INFO;
548
549 #define TOKEN_ASSIGN_PRIMARY (0x0001)
550 #define TOKEN_DUPLICATE (0x0002)
551 #define TOKEN_IMPERSONATE (0x0004)
552 #define TOKEN_QUERY (0x0008)
553 #define TOKEN_QUERY_SOURCE (0x0010)
554 #define TOKEN_ADJUST_PRIVILEGES (0x0020)
555 #define TOKEN_ADJUST_GROUPS (0x0040)
556 #define TOKEN_ADJUST_DEFAULT (0x0080)
557 #define TOKEN_ADJUST_SESSIONID (0x0100)
558
559 #define TOKEN_ALL_ACCESS_P (STANDARD_RIGHTS_REQUIRED |\
560 TOKEN_ASSIGN_PRIMARY |\
561 TOKEN_DUPLICATE |\
562 TOKEN_IMPERSONATE |\
563 TOKEN_QUERY |\
564 TOKEN_QUERY_SOURCE |\
565 TOKEN_ADJUST_PRIVILEGES |\
566 TOKEN_ADJUST_GROUPS |\
567 TOKEN_ADJUST_DEFAULT )
568
569 #if ((defined(_WIN32_WINNT) && (_WIN32_WINNT > 0x0400)) || (!defined(_WIN32_WINNT)))
570 #define TOKEN_ALL_ACCESS (TOKEN_ALL_ACCESS_P |\
571 TOKEN_ADJUST_SESSIONID )
572 #else
573 #define TOKEN_ALL_ACCESS (TOKEN_ALL_ACCESS_P)
574 #endif
575
576 #define TOKEN_READ (STANDARD_RIGHTS_READ |\
577 TOKEN_QUERY)
578
579 #define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\
580 TOKEN_ADJUST_PRIVILEGES |\
581 TOKEN_ADJUST_GROUPS |\
582 TOKEN_ADJUST_DEFAULT)
583
584 #define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE)
585
586 typedef enum _TOKEN_TYPE {
587 TokenPrimary = 1,
588 TokenImpersonation
589 } TOKEN_TYPE,*PTOKEN_TYPE;
590
591 typedef enum _TOKEN_INFORMATION_CLASS {
592 TokenUser = 1,
593 TokenGroups,
594 TokenPrivileges,
595 TokenOwner,
596 TokenPrimaryGroup,
597 TokenDefaultDacl,
598 TokenSource,
599 TokenType,
600 TokenImpersonationLevel,
601 TokenStatistics,
602 TokenRestrictedSids,
603 TokenSessionId,
604 TokenGroupsAndPrivileges,
605 TokenSessionReference,
606 TokenSandBoxInert,
607 TokenAuditPolicy,
608 TokenOrigin,
609 TokenElevationType,
610 TokenLinkedToken,
611 TokenElevation,
612 TokenHasRestrictions,
613 TokenAccessInformation,
614 TokenVirtualizationAllowed,
615 TokenVirtualizationEnabled,
616 TokenIntegrityLevel,
617 TokenUIAccess,
618 TokenMandatoryPolicy,
619 TokenLogonSid,
620 MaxTokenInfoClass
621 } TOKEN_INFORMATION_CLASS, *PTOKEN_INFORMATION_CLASS;
622
623 typedef struct _TOKEN_USER {
624 SID_AND_ATTRIBUTES User;
625 } TOKEN_USER, *PTOKEN_USER;
626
627 typedef struct _TOKEN_GROUPS {
628 ULONG GroupCount;
629 SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
630 } TOKEN_GROUPS,*PTOKEN_GROUPS,*LPTOKEN_GROUPS;
631
632 typedef struct _TOKEN_PRIVILEGES {
633 ULONG PrivilegeCount;
634 LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
635 } TOKEN_PRIVILEGES,*PTOKEN_PRIVILEGES,*LPTOKEN_PRIVILEGES;
636
637 typedef struct _TOKEN_OWNER {
638 PSID Owner;
639 } TOKEN_OWNER,*PTOKEN_OWNER;
640
641 typedef struct _TOKEN_PRIMARY_GROUP {
642 PSID PrimaryGroup;
643 } TOKEN_PRIMARY_GROUP,*PTOKEN_PRIMARY_GROUP;
644
645 typedef struct _TOKEN_DEFAULT_DACL {
646 PACL DefaultDacl;
647 } TOKEN_DEFAULT_DACL,*PTOKEN_DEFAULT_DACL;
648
649 typedef struct _TOKEN_GROUPS_AND_PRIVILEGES {
650 ULONG SidCount;
651 ULONG SidLength;
652 PSID_AND_ATTRIBUTES Sids;
653 ULONG RestrictedSidCount;
654 ULONG RestrictedSidLength;
655 PSID_AND_ATTRIBUTES RestrictedSids;
656 ULONG PrivilegeCount;
657 ULONG PrivilegeLength;
658 PLUID_AND_ATTRIBUTES Privileges;
659 LUID AuthenticationId;
660 } TOKEN_GROUPS_AND_PRIVILEGES, *PTOKEN_GROUPS_AND_PRIVILEGES;
661
662 typedef struct _TOKEN_LINKED_TOKEN {
663 HANDLE LinkedToken;
664 } TOKEN_LINKED_TOKEN, *PTOKEN_LINKED_TOKEN;
665
666 typedef struct _TOKEN_ELEVATION {
667 ULONG TokenIsElevated;
668 } TOKEN_ELEVATION, *PTOKEN_ELEVATION;
669
670 typedef struct _TOKEN_MANDATORY_LABEL {
671 SID_AND_ATTRIBUTES Label;
672 } TOKEN_MANDATORY_LABEL, *PTOKEN_MANDATORY_LABEL;
673
674 #define TOKEN_MANDATORY_POLICY_OFF 0x0
675 #define TOKEN_MANDATORY_POLICY_NO_WRITE_UP 0x1
676 #define TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN 0x2
677
678 #define TOKEN_MANDATORY_POLICY_VALID_MASK (TOKEN_MANDATORY_POLICY_NO_WRITE_UP | \
679 TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN)
680
681 typedef struct _TOKEN_MANDATORY_POLICY {
682 ULONG Policy;
683 } TOKEN_MANDATORY_POLICY, *PTOKEN_MANDATORY_POLICY;
684
685 typedef struct _TOKEN_ACCESS_INFORMATION {
686 PSID_AND_ATTRIBUTES_HASH SidHash;
687 PSID_AND_ATTRIBUTES_HASH RestrictedSidHash;
688 PTOKEN_PRIVILEGES Privileges;
689 LUID AuthenticationId;
690 TOKEN_TYPE TokenType;
691 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
692 TOKEN_MANDATORY_POLICY MandatoryPolicy;
693 ULONG Flags;
694 } TOKEN_ACCESS_INFORMATION, *PTOKEN_ACCESS_INFORMATION;
695
696 #define POLICY_AUDIT_SUBCATEGORY_COUNT (53)
697
698 typedef struct _TOKEN_AUDIT_POLICY {
699 UCHAR PerUserPolicy[((POLICY_AUDIT_SUBCATEGORY_COUNT) >> 1) + 1];
700 } TOKEN_AUDIT_POLICY, *PTOKEN_AUDIT_POLICY;
701
702 #define TOKEN_SOURCE_LENGTH 8
703
704 typedef struct _TOKEN_SOURCE {
705 CHAR SourceName[TOKEN_SOURCE_LENGTH];
706 LUID SourceIdentifier;
707 } TOKEN_SOURCE,*PTOKEN_SOURCE;
708
709 typedef struct _TOKEN_STATISTICS {
710 LUID TokenId;
711 LUID AuthenticationId;
712 LARGE_INTEGER ExpirationTime;
713 TOKEN_TYPE TokenType;
714 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
715 ULONG DynamicCharged;
716 ULONG DynamicAvailable;
717 ULONG GroupCount;
718 ULONG PrivilegeCount;
719 LUID ModifiedId;
720 } TOKEN_STATISTICS, *PTOKEN_STATISTICS;
721
722 typedef struct _TOKEN_CONTROL {
723 LUID TokenId;
724 LUID AuthenticationId;
725 LUID ModifiedId;
726 TOKEN_SOURCE TokenSource;
727 } TOKEN_CONTROL,*PTOKEN_CONTROL;
728
729 typedef struct _TOKEN_ORIGIN {
730 LUID OriginatingLogonSession;
731 } TOKEN_ORIGIN, *PTOKEN_ORIGIN;
732
733 typedef enum _MANDATORY_LEVEL {
734 MandatoryLevelUntrusted = 0,
735 MandatoryLevelLow,
736 MandatoryLevelMedium,
737 MandatoryLevelHigh,
738 MandatoryLevelSystem,
739 MandatoryLevelSecureProcess,
740 MandatoryLevelCount
741 } MANDATORY_LEVEL, *PMANDATORY_LEVEL;
742
743 #if (NTDDI_VERSION >= NTDDI_WIN2K)
744
745 NTSYSCALLAPI
746 NTSTATUS
747 NTAPI
748 NtOpenThreadToken(
749 IN HANDLE ThreadHandle,
750 IN ACCESS_MASK DesiredAccess,
751 IN BOOLEAN OpenAsSelf,
752 OUT PHANDLE TokenHandle);
753
754 NTSYSCALLAPI
755 NTSTATUS
756 NTAPI
757 NtOpenProcessToken(
758 IN HANDLE ProcessHandle,
759 IN ACCESS_MASK DesiredAccess,
760 OUT PHANDLE TokenHandle);
761
762 NTSYSCALLAPI
763 NTSTATUS
764 NTAPI
765 NtQueryInformationToken(
766 IN HANDLE TokenHandle,
767 IN TOKEN_INFORMATION_CLASS TokenInformationClass,
768 OUT PVOID TokenInformation OPTIONAL,
769 IN ULONG TokenInformationLength,
770 OUT PULONG ReturnLength);
771
772 NTSYSCALLAPI
773 NTSTATUS
774 NTAPI
775 NtAdjustPrivilegesToken(
776 IN HANDLE TokenHandle,
777 IN BOOLEAN DisableAllPrivileges,
778 IN PTOKEN_PRIVILEGES NewState OPTIONAL,
779 IN ULONG BufferLength,
780 OUT PTOKEN_PRIVILEGES PreviousState,
781 OUT PULONG ReturnLength OPTIONAL);
782
783 #endif
784
785 #if (NTDDI_VERSION >= NTDDI_WINXP)
786
787 NTSYSCALLAPI
788 NTSTATUS
789 NTAPI
790 NtOpenThreadTokenEx(
791 IN HANDLE ThreadHandle,
792 IN ACCESS_MASK DesiredAccess,
793 IN BOOLEAN OpenAsSelf,
794 IN ULONG HandleAttributes,
795 OUT PHANDLE TokenHandle);
796
797 NTSYSCALLAPI
798 NTSTATUS
799 NTAPI
800 NtOpenProcessTokenEx(
801 IN HANDLE ProcessHandle,
802 IN ACCESS_MASK DesiredAccess,
803 IN ULONG HandleAttributes,
804 OUT PHANDLE TokenHandle);
805
806 NTSYSAPI
807 NTSTATUS
808 NTAPI
809 NtOpenJobObjectToken(
810 IN HANDLE JobHandle,
811 IN ACCESS_MASK DesiredAccess,
812 OUT PHANDLE TokenHandle);
813
814 NTSYSCALLAPI
815 NTSTATUS
816 NTAPI
817 NtDuplicateToken(
818 IN HANDLE ExistingTokenHandle,
819 IN ACCESS_MASK DesiredAccess,
820 IN POBJECT_ATTRIBUTES ObjectAttributes,
821 IN BOOLEAN EffectiveOnly,
822 IN TOKEN_TYPE TokenType,
823 OUT PHANDLE NewTokenHandle);
824
825 NTSYSCALLAPI
826 NTSTATUS
827 NTAPI
828 NtFilterToken(
829 IN HANDLE ExistingTokenHandle,
830 IN ULONG Flags,
831 IN PTOKEN_GROUPS SidsToDisable OPTIONAL,
832 IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL,
833 IN PTOKEN_GROUPS RestrictedSids OPTIONAL,
834 OUT PHANDLE NewTokenHandle);
835
836 NTSYSCALLAPI
837 NTSTATUS
838 NTAPI
839 NtImpersonateAnonymousToken(
840 IN HANDLE ThreadHandle);
841
842 NTSYSCALLAPI
843 NTSTATUS
844 NTAPI
845 NtSetInformationToken(
846 IN HANDLE TokenHandle,
847 IN TOKEN_INFORMATION_CLASS TokenInformationClass,
848 IN PVOID TokenInformation,
849 IN ULONG TokenInformationLength);
850
851 NTSYSCALLAPI
852 NTSTATUS
853 NTAPI
854 NtAdjustGroupsToken(
855 IN HANDLE TokenHandle,
856 IN BOOLEAN ResetToDefault,
857 IN PTOKEN_GROUPS NewState OPTIONAL,
858 IN ULONG BufferLength OPTIONAL,
859 OUT PTOKEN_GROUPS PreviousState,
860 OUT PULONG ReturnLength);
861
862 NTSYSCALLAPI
863 NTSTATUS
864 NTAPI
865 NtPrivilegeCheck(
866 IN HANDLE ClientToken,
867 IN OUT PPRIVILEGE_SET RequiredPrivileges,
868 OUT PBOOLEAN Result);
869
870 NTSYSCALLAPI
871 NTSTATUS
872 NTAPI
873 NtAccessCheckAndAuditAlarm(
874 IN PUNICODE_STRING SubsystemName,
875 IN PVOID HandleId OPTIONAL,
876 IN PUNICODE_STRING ObjectTypeName,
877 IN PUNICODE_STRING ObjectName,
878 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
879 IN ACCESS_MASK DesiredAccess,
880 IN PGENERIC_MAPPING GenericMapping,
881 IN BOOLEAN ObjectCreation,
882 OUT PACCESS_MASK GrantedAccess,
883 OUT PNTSTATUS AccessStatus,
884 OUT PBOOLEAN GenerateOnClose);
885
886 NTSYSCALLAPI
887 NTSTATUS
888 NTAPI
889 NtAccessCheckByTypeAndAuditAlarm(
890 IN PUNICODE_STRING SubsystemName,
891 IN PVOID HandleId,
892 IN PUNICODE_STRING ObjectTypeName,
893 IN PUNICODE_STRING ObjectName,
894 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
895 IN PSID PrincipalSelfSid OPTIONAL,
896 IN ACCESS_MASK DesiredAccess,
897 IN AUDIT_EVENT_TYPE AuditType,
898 IN ULONG Flags,
899 IN POBJECT_TYPE_LIST ObjectTypeList OPTIONAL,
900 IN ULONG ObjectTypeLength,
901 IN PGENERIC_MAPPING GenericMapping,
902 IN BOOLEAN ObjectCreation,
903 OUT PACCESS_MASK GrantedAccess,
904 OUT PNTSTATUS AccessStatus,
905 OUT PBOOLEAN GenerateOnClose);
906
907 NTSYSCALLAPI
908 NTSTATUS
909 NTAPI
910 NtAccessCheckByTypeResultListAndAuditAlarm(
911 IN PUNICODE_STRING SubsystemName,
912 IN PVOID HandleId OPTIONAL,
913 IN PUNICODE_STRING ObjectTypeName,
914 IN PUNICODE_STRING ObjectName,
915 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
916 IN PSID PrincipalSelfSid OPTIONAL,
917 IN ACCESS_MASK DesiredAccess,
918 IN AUDIT_EVENT_TYPE AuditType,
919 IN ULONG Flags,
920 IN POBJECT_TYPE_LIST ObjectTypeList OPTIONAL,
921 IN ULONG ObjectTypeLength,
922 IN PGENERIC_MAPPING GenericMapping,
923 IN BOOLEAN ObjectCreation,
924 OUT PACCESS_MASK GrantedAccess,
925 OUT PNTSTATUS AccessStatus,
926 OUT PBOOLEAN GenerateOnClose);
927
928 NTSTATUS
929 NTAPI
930 NtAccessCheckByTypeResultListAndAuditAlarmByHandle(
931 IN PUNICODE_STRING SubsystemName,
932 IN PVOID HandleId OPTIONAL,
933 IN HANDLE ClientToken,
934 IN PUNICODE_STRING ObjectTypeName,
935 IN PUNICODE_STRING ObjectName,
936 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
937 IN PSID PrincipalSelfSid OPTIONAL,
938 IN ACCESS_MASK DesiredAccess,
939 IN AUDIT_EVENT_TYPE AuditType,
940 IN ULONG Flags,
941 IN POBJECT_TYPE_LIST ObjectTypeList OPTIONAL,
942 IN ULONG ObjectTypeLength,
943 IN PGENERIC_MAPPING GenericMapping,
944 IN BOOLEAN ObjectCreation,
945 OUT PACCESS_MASK GrantedAccess,
946 OUT PNTSTATUS AccessStatus,
947 OUT PBOOLEAN GenerateOnClose);
948
949 NTSYSCALLAPI
950 NTSTATUS
951 NTAPI
952 NtOpenObjectAuditAlarm(
953 IN PUNICODE_STRING SubsystemName,
954 IN PVOID HandleId OPTIONAL,
955 IN PUNICODE_STRING ObjectTypeName,
956 IN PUNICODE_STRING ObjectName,
957 IN PSECURITY_DESCRIPTOR SecurityDescriptor OPTIONAL,
958 IN HANDLE ClientToken,
959 IN ACCESS_MASK DesiredAccess,
960 IN ACCESS_MASK GrantedAccess,
961 IN PPRIVILEGE_SET Privileges OPTIONAL,
962 IN BOOLEAN ObjectCreation,
963 IN BOOLEAN AccessGranted,
964 OUT PBOOLEAN GenerateOnClose);
965
966 NTSYSCALLAPI
967 NTSTATUS
968 NTAPI
969 NtPrivilegeObjectAuditAlarm(
970 IN PUNICODE_STRING SubsystemName,
971 IN PVOID HandleId OPTIONAL,
972 IN HANDLE ClientToken,
973 IN ACCESS_MASK DesiredAccess,
974 IN PPRIVILEGE_SET Privileges,
975 IN BOOLEAN AccessGranted);
976
977 NTSYSCALLAPI
978 NTSTATUS
979 NTAPI
980 NtCloseObjectAuditAlarm(
981 IN PUNICODE_STRING SubsystemName,
982 IN PVOID HandleId OPTIONAL,
983 IN BOOLEAN GenerateOnClose);
984
985 NTSYSCALLAPI
986 NTSTATUS
987 NTAPI
988 NtDeleteObjectAuditAlarm(
989 IN PUNICODE_STRING SubsystemName,
990 IN PVOID HandleId OPTIONAL,
991 IN BOOLEAN GenerateOnClose);
992
993 NTSYSCALLAPI
994 NTSTATUS
995 NTAPI
996 NtPrivilegedServiceAuditAlarm(
997 IN PUNICODE_STRING SubsystemName,
998 IN PUNICODE_STRING ServiceName,
999 IN HANDLE ClientToken,
1000 IN PPRIVILEGE_SET Privileges,
1001 IN BOOLEAN AccessGranted);
1002
1003 NTSYSCALLAPI
1004 NTSTATUS
1005 NTAPI
1006 NtSetInformationThread(
1007 IN HANDLE ThreadHandle,
1008 IN THREADINFOCLASS ThreadInformationClass,
1009 IN PVOID ThreadInformation,
1010 IN ULONG ThreadInformationLength);
1011
1012 #endif
1013
1014 typedef NTSTATUS
1015 (NTAPI * PRTL_HEAP_COMMIT_ROUTINE) (
1016 IN PVOID Base,
1017 IN OUT PVOID *CommitAddress,
1018 IN OUT PSIZE_T CommitSize);
1019
1020 typedef struct _RTL_HEAP_PARAMETERS {
1021 ULONG Length;
1022 SIZE_T SegmentReserve;
1023 SIZE_T SegmentCommit;
1024 SIZE_T DeCommitFreeBlockThreshold;
1025 SIZE_T DeCommitTotalFreeThreshold;
1026 SIZE_T MaximumAllocationSize;
1027 SIZE_T VirtualMemoryThreshold;
1028 SIZE_T InitialCommit;
1029 SIZE_T InitialReserve;
1030 PRTL_HEAP_COMMIT_ROUTINE CommitRoutine;
1031 SIZE_T Reserved[2];
1032 } RTL_HEAP_PARAMETERS, *PRTL_HEAP_PARAMETERS;
1033
1034 #if (NTDDI_VERSION >= NTDDI_WIN2K)
1035
1036 NTSYSAPI
1037 PVOID
1038 NTAPI
1039 RtlAllocateHeap(
1040 IN HANDLE HeapHandle,
1041 IN ULONG Flags OPTIONAL,
1042 IN SIZE_T Size);
1043
1044 NTSYSAPI
1045 BOOLEAN
1046 NTAPI
1047 RtlFreeHeap(
1048 IN PVOID HeapHandle,
1049 IN ULONG Flags OPTIONAL,
1050 IN PVOID BaseAddress);
1051
1052 NTSYSAPI
1053 VOID
1054 NTAPI
1055 RtlCaptureContext(
1056 OUT PCONTEXT ContextRecord);
1057
1058 NTSYSAPI
1059 ULONG
1060 NTAPI
1061 RtlRandom(
1062 IN OUT PULONG Seed);
1063
1064 NTSYSAPI
1065 BOOLEAN
1066 NTAPI
1067 RtlCreateUnicodeString(
1068 OUT PUNICODE_STRING DestinationString,
1069 IN PCWSTR SourceString);
1070
1071 NTSYSAPI
1072 NTSTATUS
1073 NTAPI
1074 RtlAppendStringToString(
1075 IN OUT PSTRING Destination,
1076 IN const STRING *Source);
1077
1078 NTSYSAPI
1079 NTSTATUS
1080 NTAPI
1081 RtlOemStringToUnicodeString(
1082 IN OUT PUNICODE_STRING DestinationString,
1083 IN PCOEM_STRING SourceString,
1084 IN BOOLEAN AllocateDestinationString);
1085
1086 NTSYSAPI
1087 NTSTATUS
1088 NTAPI
1089 RtlUnicodeStringToOemString(
1090 IN OUT POEM_STRING DestinationString,
1091 IN PCUNICODE_STRING SourceString,
1092 IN BOOLEAN AllocateDestinationString);
1093
1094 NTSYSAPI
1095 NTSTATUS
1096 NTAPI
1097 RtlUpcaseUnicodeStringToOemString(
1098 IN OUT POEM_STRING DestinationString,
1099 IN PCUNICODE_STRING SourceString,
1100 IN BOOLEAN AllocateDestinationString);
1101
1102 NTSYSAPI
1103 NTSTATUS
1104 NTAPI
1105 RtlOemStringToCountedUnicodeString(
1106 IN OUT PUNICODE_STRING DestinationString,
1107 IN PCOEM_STRING SourceString,
1108 IN BOOLEAN AllocateDestinationString);
1109
1110 NTSYSAPI
1111 NTSTATUS
1112 NTAPI
1113 RtlUnicodeStringToCountedOemString(
1114 IN OUT POEM_STRING DestinationString,
1115 IN PCUNICODE_STRING SourceString,
1116 IN BOOLEAN AllocateDestinationString);
1117
1118 NTSYSAPI
1119 NTSTATUS
1120 NTAPI
1121 RtlUpcaseUnicodeStringToCountedOemString(
1122 IN OUT POEM_STRING DestinationString,
1123 IN PCUNICODE_STRING SourceString,
1124 IN BOOLEAN AllocateDestinationString);
1125
1126 NTSYSAPI
1127 NTSTATUS
1128 NTAPI
1129 RtlDowncaseUnicodeString(
1130 IN OUT PUNICODE_STRING UniDest,
1131 IN PCUNICODE_STRING UniSource,
1132 IN BOOLEAN AllocateDestinationString);
1133
1134 NTSYSAPI
1135 VOID
1136 NTAPI
1137 RtlFreeOemString (
1138 IN OUT POEM_STRING OemString);
1139
1140 NTSYSAPI
1141 ULONG
1142 NTAPI
1143 RtlxUnicodeStringToOemSize(
1144 IN PCUNICODE_STRING UnicodeString);
1145
1146 NTSYSAPI
1147 ULONG
1148 NTAPI
1149 RtlxOemStringToUnicodeSize(
1150 IN PCOEM_STRING OemString);
1151
1152 NTSYSAPI
1153 NTSTATUS
1154 NTAPI
1155 RtlMultiByteToUnicodeN(
1156 OUT PWCH UnicodeString,
1157 IN ULONG MaxBytesInUnicodeString,
1158 OUT PULONG BytesInUnicodeString OPTIONAL,
1159 IN const CHAR *MultiByteString,
1160 IN ULONG BytesInMultiByteString);
1161
1162 NTSYSAPI
1163 NTSTATUS
1164 NTAPI
1165 RtlMultiByteToUnicodeSize(
1166 OUT PULONG BytesInUnicodeString,
1167 IN const CHAR *MultiByteString,
1168 IN ULONG BytesInMultiByteString);
1169
1170 NTSYSAPI
1171 NTSTATUS
1172 NTAPI
1173 RtlUnicodeToMultiByteSize(
1174 OUT PULONG BytesInMultiByteString,
1175 IN PCWCH UnicodeString,
1176 IN ULONG BytesInUnicodeString);
1177
1178 NTSYSAPI
1179 NTSTATUS
1180 NTAPI
1181 RtlUnicodeToMultiByteN(
1182 OUT PCHAR MultiByteString,
1183 IN ULONG MaxBytesInMultiByteString,
1184 OUT PULONG BytesInMultiByteString OPTIONAL,
1185 IN PWCH UnicodeString,
1186 IN ULONG BytesInUnicodeString);
1187
1188 NTSYSAPI
1189 NTSTATUS
1190 NTAPI
1191 RtlUpcaseUnicodeToMultiByteN(
1192 OUT PCHAR MultiByteString,
1193 IN ULONG MaxBytesInMultiByteString,
1194 OUT PULONG BytesInMultiByteString OPTIONAL,
1195 IN PCWCH UnicodeString,
1196 IN ULONG BytesInUnicodeString);
1197
1198 NTSYSAPI
1199 NTSTATUS
1200 NTAPI
1201 RtlOemToUnicodeN(
1202 OUT PWSTR UnicodeString,
1203 IN ULONG MaxBytesInUnicodeString,
1204 OUT PULONG BytesInUnicodeString OPTIONAL,
1205 IN PCCH OemString,
1206 IN ULONG BytesInOemString);
1207
1208 NTSYSAPI
1209 NTSTATUS
1210 NTAPI
1211 RtlUnicodeToOemN(
1212 OUT PCHAR OemString,
1213 IN ULONG MaxBytesInOemString,
1214 OUT PULONG BytesInOemString OPTIONAL,
1215 IN PCWCH UnicodeString,
1216 IN ULONG BytesInUnicodeString);
1217
1218 NTSYSAPI
1219 NTSTATUS
1220 NTAPI
1221 RtlUpcaseUnicodeToOemN(
1222 OUT PCHAR OemString,
1223 IN ULONG MaxBytesInOemString,
1224 OUT PULONG BytesInOemString OPTIONAL,
1225 IN PCWCH UnicodeString,
1226 IN ULONG BytesInUnicodeString);
1227
1228 #if (NTDDI_VERSION >= NTDDI_VISTASP1)
1229 NTSYSAPI
1230 NTSTATUS
1231 NTAPI
1232 RtlGenerate8dot3Name(
1233 IN PCUNICODE_STRING Name,
1234 IN BOOLEAN AllowExtendedCharacters,
1235 IN OUT PGENERATE_NAME_CONTEXT Context,
1236 IN OUT PUNICODE_STRING Name8dot3);
1237 #else
1238 NTSYSAPI
1239 VOID
1240 NTAPI
1241 RtlGenerate8dot3Name(
1242 IN PCUNICODE_STRING Name,
1243 IN BOOLEAN AllowExtendedCharacters,
1244 IN OUT PGENERATE_NAME_CONTEXT Context,
1245 IN OUT PUNICODE_STRING Name8dot3);
1246 #endif
1247
1248 NTSYSAPI
1249 BOOLEAN
1250 NTAPI
1251 RtlIsNameLegalDOS8Dot3(
1252 IN PCUNICODE_STRING Name,
1253 IN OUT POEM_STRING OemName OPTIONAL,
1254 IN OUT PBOOLEAN NameContainsSpaces OPTIONAL);
1255
1256 NTSYSAPI
1257 BOOLEAN
1258 NTAPI
1259 RtlIsValidOemCharacter(
1260 IN OUT PWCHAR Char);
1261
1262 NTSYSAPI
1263 VOID
1264 NTAPI
1265 PfxInitialize(
1266 OUT PPREFIX_TABLE PrefixTable);
1267
1268 NTSYSAPI
1269 BOOLEAN
1270 NTAPI
1271 PfxInsertPrefix(
1272 IN PPREFIX_TABLE PrefixTable,
1273 IN PSTRING Prefix,
1274 OUT PPREFIX_TABLE_ENTRY PrefixTableEntry);
1275
1276 NTSYSAPI
1277 VOID
1278 NTAPI
1279 PfxRemovePrefix(
1280 IN PPREFIX_TABLE PrefixTable,
1281 IN PPREFIX_TABLE_ENTRY PrefixTableEntry);
1282
1283 NTSYSAPI
1284 PPREFIX_TABLE_ENTRY
1285 NTAPI
1286 PfxFindPrefix(
1287 IN PPREFIX_TABLE PrefixTable,
1288 IN PSTRING FullName);
1289
1290 NTSYSAPI
1291 VOID
1292 NTAPI
1293 RtlInitializeUnicodePrefix(
1294 OUT PUNICODE_PREFIX_TABLE PrefixTable);
1295
1296 NTSYSAPI
1297 BOOLEAN
1298 NTAPI
1299 RtlInsertUnicodePrefix(
1300 IN PUNICODE_PREFIX_TABLE PrefixTable,
1301 IN PUNICODE_STRING Prefix,
1302 OUT PUNICODE_PREFIX_TABLE_ENTRY PrefixTableEntry);
1303
1304 NTSYSAPI
1305 VOID
1306 NTAPI
1307 RtlRemoveUnicodePrefix(
1308 IN PUNICODE_PREFIX_TABLE PrefixTable,
1309 IN PUNICODE_PREFIX_TABLE_ENTRY PrefixTableEntry);
1310
1311 NTSYSAPI
1312 PUNICODE_PREFIX_TABLE_ENTRY
1313 NTAPI
1314 RtlFindUnicodePrefix(
1315 IN PUNICODE_PREFIX_TABLE PrefixTable,
1316 IN PUNICODE_STRING FullName,
1317 IN ULONG CaseInsensitiveIndex);
1318
1319 NTSYSAPI
1320 PUNICODE_PREFIX_TABLE_ENTRY
1321 NTAPI
1322 RtlNextUnicodePrefix(
1323 IN PUNICODE_PREFIX_TABLE PrefixTable,
1324 IN BOOLEAN Restart);
1325
1326 NTSYSAPI
1327 SIZE_T
1328 NTAPI
1329 RtlCompareMemoryUlong(
1330 IN PVOID Source,
1331 IN SIZE_T Length,
1332 IN ULONG Pattern);
1333
1334 NTSYSAPI
1335 BOOLEAN
1336 NTAPI
1337 RtlTimeToSecondsSince1980(
1338 IN PLARGE_INTEGER Time,
1339 OUT PULONG ElapsedSeconds);
1340
1341 NTSYSAPI
1342 VOID
1343 NTAPI
1344 RtlSecondsSince1980ToTime(
1345 IN ULONG ElapsedSeconds,
1346 OUT PLARGE_INTEGER Time);
1347
1348 NTSYSAPI
1349 BOOLEAN
1350 NTAPI
1351 RtlTimeToSecondsSince1970(
1352 IN PLARGE_INTEGER Time,
1353 OUT PULONG ElapsedSeconds);
1354
1355 NTSYSAPI
1356 VOID
1357 NTAPI
1358 RtlSecondsSince1970ToTime(
1359 IN ULONG ElapsedSeconds,
1360 OUT PLARGE_INTEGER Time);
1361
1362 NTSYSAPI
1363 BOOLEAN
1364 NTAPI
1365 RtlValidSid(
1366 IN PSID Sid);
1367
1368 NTSYSAPI
1369 BOOLEAN
1370 NTAPI
1371 RtlEqualSid(
1372 IN PSID Sid1,
1373 IN PSID Sid2);
1374
1375 NTSYSAPI
1376 BOOLEAN
1377 NTAPI
1378 RtlEqualPrefixSid(
1379 IN PSID Sid1,
1380 IN PSID Sid2);
1381
1382 NTSYSAPI
1383 ULONG
1384 NTAPI
1385 RtlLengthRequiredSid(
1386 IN ULONG SubAuthorityCount);
1387
1388 NTSYSAPI
1389 PVOID
1390 NTAPI
1391 RtlFreeSid(
1392 IN PSID Sid);
1393
1394 NTSYSAPI
1395 NTSTATUS
1396 NTAPI
1397 RtlAllocateAndInitializeSid(
1398 IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
1399 IN UCHAR SubAuthorityCount,
1400 IN ULONG SubAuthority0,
1401 IN ULONG SubAuthority1,
1402 IN ULONG SubAuthority2,
1403 IN ULONG SubAuthority3,
1404 IN ULONG SubAuthority4,
1405 IN ULONG SubAuthority5,
1406 IN ULONG SubAuthority6,
1407 IN ULONG SubAuthority7,
1408 OUT PSID *Sid);
1409
1410 NTSYSAPI
1411 NTSTATUS
1412 NTAPI
1413 RtlInitializeSid(
1414 OUT PSID Sid,
1415 IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
1416 IN UCHAR SubAuthorityCount);
1417
1418 NTSYSAPI
1419 PULONG
1420 NTAPI
1421 RtlSubAuthoritySid(
1422 IN PSID Sid,
1423 IN ULONG SubAuthority);
1424
1425 NTSYSAPI
1426 ULONG
1427 NTAPI
1428 RtlLengthSid(
1429 IN PSID Sid);
1430
1431 NTSYSAPI
1432 NTSTATUS
1433 NTAPI
1434 RtlCopySid(
1435 IN ULONG Length,
1436 IN PSID Destination,
1437 IN PSID Source);
1438
1439 NTSYSAPI
1440 NTSTATUS
1441 NTAPI
1442 RtlConvertSidToUnicodeString(
1443 IN OUT PUNICODE_STRING UnicodeString,
1444 IN PSID Sid,
1445 IN BOOLEAN AllocateDestinationString);
1446
1447 NTSYSAPI
1448 VOID
1449 NTAPI
1450 RtlCopyLuid(
1451 OUT PLUID DestinationLuid,
1452 IN PLUID SourceLuid);
1453
1454 NTSYSAPI
1455 NTSTATUS
1456 NTAPI
1457 RtlCreateAcl(
1458 OUT PACL Acl,
1459 IN ULONG AclLength,
1460 IN ULONG AclRevision);
1461
1462 NTSYSAPI
1463 NTSTATUS
1464 NTAPI
1465 RtlAddAce(
1466 IN OUT PACL Acl,
1467 IN ULONG AceRevision,
1468 IN ULONG StartingAceIndex,
1469 IN PVOID AceList,
1470 IN ULONG AceListLength);
1471
1472 NTSYSAPI
1473 NTSTATUS
1474 NTAPI
1475 RtlDeleteAce(
1476 IN OUT PACL Acl,
1477 IN ULONG AceIndex);
1478
1479 NTSYSAPI
1480 NTSTATUS
1481 NTAPI
1482 RtlGetAce(
1483 IN PACL Acl,
1484 IN ULONG AceIndex,
1485 OUT PVOID *Ace);
1486
1487 NTSYSAPI
1488 NTSTATUS
1489 NTAPI
1490 RtlAddAccessAllowedAce(
1491 IN OUT PACL Acl,
1492 IN ULONG AceRevision,
1493 IN ACCESS_MASK AccessMask,
1494 IN PSID Sid);
1495
1496 NTSYSAPI
1497 NTSTATUS
1498 NTAPI
1499 RtlAddAccessAllowedAceEx(
1500 IN OUT PACL Acl,
1501 IN ULONG AceRevision,
1502 IN ULONG AceFlags,
1503 IN ACCESS_MASK AccessMask,
1504 IN PSID Sid);
1505
1506 NTSYSAPI
1507 NTSTATUS
1508 NTAPI
1509 RtlCreateSecurityDescriptorRelative(
1510 OUT PISECURITY_DESCRIPTOR_RELATIVE SecurityDescriptor,
1511 IN ULONG Revision);
1512
1513 NTSYSAPI
1514 NTSTATUS
1515 NTAPI
1516 RtlGetDaclSecurityDescriptor(
1517 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
1518 OUT PBOOLEAN DaclPresent,
1519 OUT PACL *Dacl,
1520 OUT PBOOLEAN DaclDefaulted);
1521
1522 NTSYSAPI
1523 NTSTATUS
1524 NTAPI
1525 RtlSetOwnerSecurityDescriptor(
1526 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
1527 IN PSID Owner OPTIONAL,
1528 IN BOOLEAN OwnerDefaulted);
1529
1530 NTSYSAPI
1531 NTSTATUS
1532 NTAPI
1533 RtlGetOwnerSecurityDescriptor(
1534 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
1535 OUT PSID *Owner,
1536 OUT PBOOLEAN OwnerDefaulted);
1537
1538 NTSYSAPI
1539 ULONG
1540 NTAPI
1541 RtlNtStatusToDosError(
1542 IN NTSTATUS Status);
1543
1544 NTSYSAPI
1545 NTSTATUS
1546 NTAPI
1547 RtlCustomCPToUnicodeN(
1548 IN PCPTABLEINFO CustomCP,
1549 OUT PWCH UnicodeString,
1550 IN ULONG MaxBytesInUnicodeString,
1551 OUT PULONG BytesInUnicodeString OPTIONAL,
1552 IN PCH CustomCPString,
1553 IN ULONG BytesInCustomCPString);
1554
1555 NTSYSAPI
1556 NTSTATUS
1557 NTAPI
1558 RtlUnicodeToCustomCPN(
1559 IN PCPTABLEINFO CustomCP,
1560 OUT PCH CustomCPString,
1561 IN ULONG MaxBytesInCustomCPString,
1562 OUT PULONG BytesInCustomCPString OPTIONAL,
1563 IN PWCH UnicodeString,
1564 IN ULONG BytesInUnicodeString);
1565
1566 NTSYSAPI
1567 NTSTATUS
1568 NTAPI
1569 RtlUpcaseUnicodeToCustomCPN(
1570 IN PCPTABLEINFO CustomCP,
1571 OUT PCH CustomCPString,
1572 IN ULONG MaxBytesInCustomCPString,
1573 OUT PULONG BytesInCustomCPString OPTIONAL,
1574 IN PWCH UnicodeString,
1575 IN ULONG BytesInUnicodeString);
1576
1577 NTSYSAPI
1578 VOID
1579 NTAPI
1580 RtlInitCodePageTable(
1581 IN PUSHORT TableBase,
1582 IN OUT PCPTABLEINFO CodePageTable);
1583
1584 #endif
1585
1586 #if (NTDDI_VERSION >= NTDDI_WINXP)
1587
1588 NTSYSAPI
1589 PVOID
1590 NTAPI
1591 RtlCreateHeap(
1592 IN ULONG Flags,
1593 IN PVOID HeapBase OPTIONAL,
1594 IN SIZE_T ReserveSize OPTIONAL,
1595 IN SIZE_T CommitSize OPTIONAL,
1596 IN PVOID Lock OPTIONAL,
1597 IN PRTL_HEAP_PARAMETERS Parameters OPTIONAL);
1598
1599 NTSYSAPI
1600 PVOID
1601 NTAPI
1602 RtlDestroyHeap(
1603 IN PVOID HeapHandle);
1604
1605 NTSYSAPI
1606 USHORT
1607 NTAPI
1608 RtlCaptureStackBackTrace(
1609 IN ULONG FramesToSkip,
1610 IN ULONG FramesToCapture,
1611 OUT PVOID *BackTrace,
1612 OUT PULONG BackTraceHash OPTIONAL);
1613
1614 NTSYSAPI
1615 ULONG
1616 NTAPI
1617 RtlRandomEx(
1618 IN OUT PULONG Seed);
1619
1620 NTSYSAPI
1621 NTSTATUS
1622 NTAPI
1623 RtlInitUnicodeStringEx(
1624 OUT PUNICODE_STRING DestinationString,
1625 IN PCWSTR SourceString OPTIONAL);
1626
1627 NTSYSAPI
1628 NTSTATUS
1629 NTAPI
1630 RtlValidateUnicodeString(
1631 IN ULONG Flags,
1632 IN PCUNICODE_STRING String);
1633
1634 NTSYSAPI
1635 NTSTATUS
1636 NTAPI
1637 RtlDuplicateUnicodeString(
1638 IN ULONG Flags,
1639 IN PCUNICODE_STRING SourceString,
1640 OUT PUNICODE_STRING DestinationString);
1641
1642 NTSYSAPI
1643 NTSTATUS
1644 NTAPI
1645 RtlGetCompressionWorkSpaceSize(
1646 IN USHORT CompressionFormatAndEngine,
1647 OUT PULONG CompressBufferWorkSpaceSize,
1648 OUT PULONG CompressFragmentWorkSpaceSize);
1649
1650 NTSYSAPI
1651 NTSTATUS
1652 NTAPI
1653 RtlCompressBuffer(
1654 IN USHORT CompressionFormatAndEngine,
1655 IN PUCHAR UncompressedBuffer,
1656 IN ULONG UncompressedBufferSize,
1657 OUT PUCHAR CompressedBuffer,
1658 IN ULONG CompressedBufferSize,
1659 IN ULONG UncompressedChunkSize,
1660 OUT PULONG FinalCompressedSize,
1661 IN PVOID WorkSpace);
1662
1663 NTSYSAPI
1664 NTSTATUS
1665 NTAPI
1666 RtlDecompressBuffer(
1667 IN USHORT CompressionFormat,
1668 OUT PUCHAR UncompressedBuffer,
1669 IN ULONG UncompressedBufferSize,
1670 IN PUCHAR CompressedBuffer,
1671 IN ULONG CompressedBufferSize,
1672 OUT PULONG FinalUncompressedSize);
1673
1674 NTSYSAPI
1675 NTSTATUS
1676 NTAPI
1677 RtlDecompressFragment(
1678 IN USHORT CompressionFormat,
1679 OUT PUCHAR UncompressedFragment,
1680 IN ULONG UncompressedFragmentSize,
1681 IN PUCHAR CompressedBuffer,
1682 IN ULONG CompressedBufferSize,
1683 IN ULONG FragmentOffset,
1684 OUT PULONG FinalUncompressedSize,
1685 IN PVOID WorkSpace);
1686
1687 NTSYSAPI
1688 NTSTATUS
1689 NTAPI
1690 RtlDescribeChunk(
1691 IN USHORT CompressionFormat,
1692 IN OUT PUCHAR *CompressedBuffer,
1693 IN PUCHAR EndOfCompressedBufferPlus1,
1694 OUT PUCHAR *ChunkBuffer,
1695 OUT PULONG ChunkSize);
1696
1697 NTSYSAPI
1698 NTSTATUS
1699 NTAPI
1700 RtlReserveChunk(
1701 IN USHORT CompressionFormat,
1702 IN OUT PUCHAR *CompressedBuffer,
1703 IN PUCHAR EndOfCompressedBufferPlus1,
1704 OUT PUCHAR *ChunkBuffer,
1705 IN ULONG ChunkSize);
1706
1707 NTSYSAPI
1708 NTSTATUS
1709 NTAPI
1710 RtlDecompressChunks(
1711 OUT PUCHAR UncompressedBuffer,
1712 IN ULONG UncompressedBufferSize,
1713 IN PUCHAR CompressedBuffer,
1714 IN ULONG CompressedBufferSize,
1715 IN PUCHAR CompressedTail,
1716 IN ULONG CompressedTailSize,
1717 IN PCOMPRESSED_DATA_INFO CompressedDataInfo);
1718
1719 NTSYSAPI
1720 NTSTATUS
1721 NTAPI
1722 RtlCompressChunks(
1723 IN PUCHAR UncompressedBuffer,
1724 IN ULONG UncompressedBufferSize,
1725 OUT PUCHAR CompressedBuffer,
1726 IN ULONG CompressedBufferSize,
1727 IN OUT PCOMPRESSED_DATA_INFO CompressedDataInfo,
1728 IN ULONG CompressedDataInfoLength,
1729 IN PVOID WorkSpace);
1730
1731 NTSYSAPI
1732 PSID_IDENTIFIER_AUTHORITY
1733 NTAPI
1734 RtlIdentifierAuthoritySid(
1735 IN PSID Sid);
1736
1737 NTSYSAPI
1738 PUCHAR
1739 NTAPI
1740 RtlSubAuthorityCountSid(
1741 IN PSID Sid);
1742
1743 NTSYSAPI
1744 ULONG
1745 NTAPI
1746 RtlNtStatusToDosErrorNoTeb(
1747 IN NTSTATUS Status);
1748
1749 NTSYSAPI
1750 NTSTATUS
1751 NTAPI
1752 RtlCreateSystemVolumeInformationFolder(
1753 IN PCUNICODE_STRING VolumeRootPath);
1754
1755 #endif
1756
1757 #if defined(_M_AMD64)
1758
1759 FORCEINLINE
1760 VOID
1761 RtlFillMemoryUlong (
1762 OUT PVOID Destination,
1763 IN SIZE_T Length,
1764 IN ULONG Pattern)
1765 {
1766 PULONG Address = (PULONG)Destination;
1767 if ((Length /= 4) != 0) {
1768 if (((ULONG64)Address & 4) != 0) {
1769 *Address = Pattern;
1770 if ((Length -= 1) == 0) {
1771 return;
1772 }
1773 Address += 1;
1774 }
1775 __stosq((PULONG64)(Address), Pattern | ((ULONG64)Pattern << 32), Length / 2);
1776 if ((Length & 1) != 0) Address[Length - 1] = Pattern;
1777 }
1778 return;
1779 }
1780
1781 #define RtlFillMemoryUlonglong(Destination, Length, Pattern) \
1782 __stosq((PULONG64)(Destination), Pattern, (Length) / 8)
1783
1784 #else
1785
1786 #if (NTDDI_VERSION >= NTDDI_WINXP)
1787
1788 NTSYSAPI
1789 VOID
1790 NTAPI
1791 RtlFillMemoryUlong(
1792 OUT PVOID Destination,
1793 IN SIZE_T Length,
1794 IN ULONG Pattern);
1795
1796 NTSYSAPI
1797 VOID
1798 NTAPI
1799 RtlFillMemoryUlonglong(
1800 OUT PVOID Destination,
1801 IN SIZE_T Length,
1802 IN ULONGLONG Pattern);
1803
1804 #endif
1805
1806 #endif // defined(_M_AMD64)
1807
1808 #if (NTDDI_VERSION >= NTDDI_WS03)
1809
1810 NTSYSAPI
1811 NTSTATUS
1812 NTAPI
1813 RtlInitAnsiStringEx(
1814 OUT PANSI_STRING DestinationString,
1815 IN PCSZ SourceString OPTIONAL);
1816
1817 #endif
1818
1819 #if (NTDDI_VERSION >= NTDDI_WS03SP1)
1820
1821 NTSYSAPI
1822 NTSTATUS
1823 NTAPI
1824 RtlGetSaclSecurityDescriptor(
1825 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
1826 OUT PBOOLEAN SaclPresent,
1827 OUT PACL *Sacl,
1828 OUT PBOOLEAN SaclDefaulted);
1829
1830 NTSYSAPI
1831 NTSTATUS
1832 NTAPI
1833 RtlSetGroupSecurityDescriptor(
1834 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
1835 IN PSID Group OPTIONAL,
1836 IN BOOLEAN GroupDefaulted OPTIONAL);
1837
1838 NTSYSAPI
1839 NTSTATUS
1840 NTAPI
1841 RtlGetGroupSecurityDescriptor(
1842 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
1843 OUT PSID *Group,
1844 OUT PBOOLEAN GroupDefaulted);
1845
1846 NTSYSAPI
1847 NTSTATUS
1848 NTAPI
1849 RtlAbsoluteToSelfRelativeSD(
1850 IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor,
1851 OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor OPTIONAL,
1852 IN OUT PULONG BufferLength);
1853
1854 NTSYSAPI
1855 NTSTATUS
1856 NTAPI
1857 RtlSelfRelativeToAbsoluteSD(
1858 IN PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor,
1859 OUT PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor OPTIONAL,
1860 IN OUT PULONG AbsoluteSecurityDescriptorSize,
1861 OUT PACL Dacl OPTIONAL,
1862 IN OUT PULONG DaclSize,
1863 OUT PACL Sacl OPTIONAL,
1864 IN OUT PULONG SaclSize,
1865 OUT PSID Owner OPTIONAL,
1866 IN OUT PULONG OwnerSize,
1867 OUT PSID PrimaryGroup OPTIONAL,
1868 IN OUT PULONG PrimaryGroupSize);
1869
1870 #endif
1871
1872 #if (NTDDI_VERSION >= NTDDI_VISTA)
1873
1874 NTSYSAPI
1875 NTSTATUS
1876 NTAPI
1877 RtlNormalizeString(
1878 IN ULONG NormForm,
1879 IN PCWSTR SourceString,
1880 IN LONG SourceStringLength,
1881 OUT PWSTR DestinationString,
1882 IN OUT PLONG DestinationStringLength);
1883
1884 NTSYSAPI
1885 NTSTATUS
1886 NTAPI
1887 RtlIsNormalizedString(
1888 IN ULONG NormForm,
1889 IN PCWSTR SourceString,
1890 IN LONG SourceStringLength,
1891 OUT PBOOLEAN Normalized);
1892
1893 NTSYSAPI
1894 NTSTATUS
1895 NTAPI
1896 RtlIdnToAscii(
1897 IN ULONG Flags,
1898 IN PCWSTR SourceString,
1899 IN LONG SourceStringLength,
1900 OUT PWSTR DestinationString,
1901 IN OUT PLONG DestinationStringLength);
1902
1903 NTSYSAPI
1904 NTSTATUS
1905 NTAPI
1906 RtlIdnToUnicode(
1907 IN ULONG Flags,
1908 IN PCWSTR SourceString,
1909 IN LONG SourceStringLength,
1910 OUT PWSTR DestinationString,
1911 IN OUT PLONG DestinationStringLength);
1912
1913 NTSYSAPI
1914 NTSTATUS
1915 NTAPI
1916 RtlIdnToNameprepUnicode(
1917 IN ULONG Flags,
1918 IN PCWSTR SourceString,
1919 IN LONG SourceStringLength,
1920 OUT PWSTR DestinationString,
1921 IN OUT PLONG DestinationStringLength);
1922
1923 NTSYSAPI
1924 NTSTATUS
1925 NTAPI
1926 RtlCreateServiceSid(
1927 IN PUNICODE_STRING ServiceName,
1928 OUT PSID ServiceSid,
1929 IN OUT PULONG ServiceSidLength);
1930
1931 NTSYSAPI
1932 LONG
1933 NTAPI
1934 RtlCompareAltitudes(
1935 IN PCUNICODE_STRING Altitude1,
1936 IN PCUNICODE_STRING Altitude2);
1937
1938 #endif
1939
1940 #if (NTDDI_VERSION >= NTDDI_WIN7)
1941
1942 NTSYSAPI
1943 NTSTATUS
1944 NTAPI
1945 RtlUnicodeToUTF8N(
1946 OUT PCHAR UTF8StringDestination,
1947 IN ULONG UTF8StringMaxByteCount,
1948 OUT PULONG UTF8StringActualByteCount,
1949 IN PCWCH UnicodeStringSource,
1950 IN ULONG UnicodeStringByteCount);
1951
1952 NTSYSAPI
1953 NTSTATUS
1954 NTAPI
1955 RtlUTF8ToUnicodeN(
1956 OUT PWSTR UnicodeStringDestination,
1957 IN ULONG UnicodeStringMaxByteCount,
1958 OUT PULONG UnicodeStringActualByteCount,
1959 IN PCCH UTF8StringSource,
1960 IN ULONG UTF8StringByteCount);
1961
1962 NTSYSAPI
1963 NTSTATUS
1964 NTAPI
1965 RtlReplaceSidInSd(
1966 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
1967 IN PSID OldSid,
1968 IN PSID NewSid,
1969 OUT ULONG *NumChanges);
1970
1971 NTSYSAPI
1972 NTSTATUS
1973 NTAPI
1974 RtlCreateVirtualAccountSid(
1975 IN PCUNICODE_STRING Name,
1976 IN ULONG BaseSubAuthority,
1977 OUT PSID Sid,
1978 IN OUT PULONG SidLength);
1979
1980 #endif
1981
1982 #define HEAP_NO_SERIALIZE 0x00000001
1983 #define HEAP_GROWABLE 0x00000002
1984 #define HEAP_GENERATE_EXCEPTIONS 0x00000004
1985 #define HEAP_ZERO_MEMORY 0x00000008
1986 #define HEAP_REALLOC_IN_PLACE_ONLY 0x00000010
1987 #define HEAP_TAIL_CHECKING_ENABLED 0x00000020
1988 #define HEAP_FREE_CHECKING_ENABLED 0x00000040
1989 #define HEAP_DISABLE_COALESCE_ON_FREE 0x00000080
1990
1991 #define HEAP_CREATE_ALIGN_16 0x00010000
1992 #define HEAP_CREATE_ENABLE_TRACING 0x00020000
1993 #define HEAP_CREATE_ENABLE_EXECUTE 0x00040000
1994
1995 #define HEAP_SETTABLE_USER_VALUE 0x00000100
1996 #define HEAP_SETTABLE_USER_FLAG1 0x00000200
1997 #define HEAP_SETTABLE_USER_FLAG2 0x00000400
1998 #define HEAP_SETTABLE_USER_FLAG3 0x00000800
1999 #define HEAP_SETTABLE_USER_FLAGS 0x00000E00
2000
2001 #define HEAP_CLASS_0 0x00000000
2002 #define HEAP_CLASS_1 0x00001000
2003 #define HEAP_CLASS_2 0x00002000
2004 #define HEAP_CLASS_3 0x00003000
2005 #define HEAP_CLASS_4 0x00004000
2006 #define HEAP_CLASS_5 0x00005000
2007 #define HEAP_CLASS_6 0x00006000
2008 #define HEAP_CLASS_7 0x00007000
2009 #define HEAP_CLASS_8 0x00008000
2010 #define HEAP_CLASS_MASK 0x0000F000
2011
2012 #define HEAP_MAXIMUM_TAG 0x0FFF
2013 #define HEAP_GLOBAL_TAG 0x0800
2014 #define HEAP_PSEUDO_TAG_FLAG 0x8000
2015 #define HEAP_TAG_SHIFT 18
2016 #define HEAP_TAG_MASK (HEAP_MAXIMUM_TAG << HEAP_TAG_SHIFT)
2017
2018 #define HEAP_CREATE_VALID_MASK (HEAP_NO_SERIALIZE | \
2019 HEAP_GROWABLE | \
2020 HEAP_GENERATE_EXCEPTIONS | \
2021 HEAP_ZERO_MEMORY | \
2022 HEAP_REALLOC_IN_PLACE_ONLY | \
2023 HEAP_TAIL_CHECKING_ENABLED | \
2024 HEAP_FREE_CHECKING_ENABLED | \
2025 HEAP_DISABLE_COALESCE_ON_FREE | \
2026 HEAP_CLASS_MASK | \
2027 HEAP_CREATE_ALIGN_16 | \
2028 HEAP_CREATE_ENABLE_TRACING | \
2029 HEAP_CREATE_ENABLE_EXECUTE)
2030
2031 FORCEINLINE
2032 ULONG
2033 HEAP_MAKE_TAG_FLAGS(
2034 IN ULONG TagBase,
2035 IN ULONG Tag)
2036 {
2037 __assume_bound(TagBase);
2038 return ((ULONG)((TagBase) + ((Tag) << HEAP_TAG_SHIFT)));
2039 }
2040
2041 #define RTL_DUPLICATE_UNICODE_STRING_NULL_TERMINATE 1
2042 #define RTL_DUPLICATE_UNICODE_STRING_ALLOCATE_NULL_STRING 2
2043
2044 #define RtlUnicodeStringToOemSize(STRING) (NLS_MB_OEM_CODE_PAGE_TAG ? \
2045 RtlxUnicodeStringToOemSize(STRING) : \
2046 ((STRING)->Length + sizeof(UNICODE_NULL)) / sizeof(WCHAR) \
2047 )
2048
2049 #define RtlOemStringToUnicodeSize(STRING) ( \
2050 NLS_MB_OEM_CODE_PAGE_TAG ? \
2051 RtlxOemStringToUnicodeSize(STRING) : \
2052 ((STRING)->Length + sizeof(ANSI_NULL)) * sizeof(WCHAR) \
2053 )
2054
2055 #define RtlOemStringToCountedUnicodeSize(STRING) ( \
2056 (ULONG)(RtlOemStringToUnicodeSize(STRING) - sizeof(UNICODE_NULL)) \
2057 )
2058
2059 typedef PVOID
2060 (NTAPI *PRTL_ALLOCATE_STRING_ROUTINE (
2061 IN SIZE_T NumberOfBytes);
2062
2063 #if _WIN32_WINNT >= 0x0600
2064
2065 typedef PVOID
2066 (NTAPI *PRTL_REALLOCATE_STRING_ROUTINE (
2067 IN SIZE_T NumberOfBytes,
2068 IN PVOID Buffer);
2069
2070 #endif
2071
2072 typedef VOID
2073 (NTAPI *PRTL_FREE_STRING_ROUTINE (
2074 IN PVOID Buffer);
2075
2076 extern const PRTL_ALLOCATE_STRING_ROUTINE RtlAllocateStringRoutine;
2077 extern const PRTL_FREE_STRING_ROUTINE RtlFreeStringRoutine;
2078
2079 #if _WIN32_WINNT >= 0x0600
2080 extern const PRTL_REALLOCATE_STRING_ROUTINE RtlReallocateStringRoutine;
2081 #endif
2082
2083 typedef struct _GENERATE_NAME_CONTEXT {
2084 USHORT Checksum;
2085 BOOLEAN CheckSumInserted;
2086 UCHAR NameLength;
2087 WCHAR NameBuffer[8];
2088 ULONG ExtensionLength;
2089 WCHAR ExtensionBuffer[4];
2090 ULONG LastIndexValue;
2091 } GENERATE_NAME_CONTEXT, *PGENERATE_NAME_CONTEXT;
2092
2093 typedef struct _PREFIX_TABLE_ENTRY {
2094 CSHORT NodeTypeCode;
2095 CSHORT NameLength;
2096 struct _PREFIX_TABLE_ENTRY *NextPrefixTree;
2097 RTL_SPLAY_LINKS Links;
2098 PSTRING Prefix;
2099 } PREFIX_TABLE_ENTRY, *PPREFIX_TABLE_ENTRY;
2100
2101 typedef struct _PREFIX_TABLE {
2102 CSHORT NodeTypeCode;
2103 CSHORT NameLength;
2104 PPREFIX_TABLE_ENTRY NextPrefixTree;
2105 } PREFIX_TABLE, *PPREFIX_TABLE;
2106
2107 typedef struct _UNICODE_PREFIX_TABLE_ENTRY {
2108 CSHORT NodeTypeCode;
2109 CSHORT NameLength;
2110 struct _UNICODE_PREFIX_TABLE_ENTRY *NextPrefixTree;
2111 struct _UNICODE_PREFIX_TABLE_ENTRY *CaseMatch;
2112 RTL_SPLAY_LINKS Links;
2113 PUNICODE_STRING Prefix;
2114 } UNICODE_PREFIX_TABLE_ENTRY, *PUNICODE_PREFIX_TABLE_ENTRY;
2115
2116 typedef struct _UNICODE_PREFIX_TABLE {
2117 CSHORT NodeTypeCode;
2118 CSHORT NameLength;
2119 PUNICODE_PREFIX_TABLE_ENTRY NextPrefixTree;
2120 PUNICODE_PREFIX_TABLE_ENTRY LastNextEntry;
2121 } UNICODE_PREFIX_TABLE, *PUNICODE_PREFIX_TABLE;
2122
2123 #define COMPRESSION_FORMAT_NONE (0x0000)
2124 #define COMPRESSION_FORMAT_DEFAULT (0x0001)
2125 #define COMPRESSION_FORMAT_LZNT1 (0x0002)
2126 #define COMPRESSION_ENGINE_STANDARD (0x0000)
2127 #define COMPRESSION_ENGINE_MAXIMUM (0x0100)
2128 #define COMPRESSION_ENGINE_HIBER (0x0200)
2129
2130 typedef struct _COMPRESSED_DATA_INFO {
2131 USHORT CompressionFormatAndEngine;
2132 UCHAR CompressionUnitShift;
2133 UCHAR ChunkShift;
2134 UCHAR ClusterShift;
2135 UCHAR Reserved;
2136 USHORT NumberOfChunks;
2137 ULONG CompressedChunkSizes[ANYSIZE_ARRAY];
2138 } COMPRESSED_DATA_INFO, *PCOMPRESSED_DATA_INFO;
2139
2140 #define RtlOffsetToPointer(B,O) ((PCHAR)( ((PCHAR)(B)) + ((ULONG_PTR)(O)) ))
2141 #define RtlPointerToOffset(B,P) ((ULONG)( ((PCHAR)(P)) - ((PCHAR)(B)) ))
2142
2143 #define MAX_UNICODE_STACK_BUFFER_LENGTH 256
2144
2145 #define RTL_SYSTEM_VOLUME_INFORMATION_FOLDER L"System Volume Information"
2146
2147 #define DEVICE_TYPE ULONG
2148
2149 #define FILE_DEVICE_BEEP 0x00000001
2150 #define FILE_DEVICE_CD_ROM 0x00000002
2151 #define FILE_DEVICE_CD_ROM_FILE_SYSTEM 0x00000003
2152 #define FILE_DEVICE_CONTROLLER 0x00000004
2153 #define FILE_DEVICE_DATALINK 0x00000005
2154 #define FILE_DEVICE_DFS 0x00000006
2155 #define FILE_DEVICE_DISK 0x00000007
2156 #define FILE_DEVICE_DISK_FILE_SYSTEM 0x00000008
2157 #define FILE_DEVICE_FILE_SYSTEM 0x00000009
2158 #define FILE_DEVICE_INPORT_PORT 0x0000000a
2159 #define FILE_DEVICE_KEYBOARD 0x0000000b
2160 #define FILE_DEVICE_MAILSLOT 0x0000000c
2161 #define FILE_DEVICE_MIDI_IN 0x0000000d
2162 #define FILE_DEVICE_MIDI_OUT 0x0000000e
2163 #define FILE_DEVICE_MOUSE 0x0000000f
2164 #define FILE_DEVICE_MULTI_UNC_PROVIDER 0x00000010
2165 #define FILE_DEVICE_NAMED_PIPE 0x00000011
2166 #define FILE_DEVICE_NETWORK 0x00000012
2167 #define FILE_DEVICE_NETWORK_BROWSER 0x00000013
2168 #define FILE_DEVICE_NETWORK_FILE_SYSTEM 0x00000014
2169 #define FILE_DEVICE_NULL 0x00000015
2170 #define FILE_DEVICE_PARALLEL_PORT 0x00000016
2171 #define FILE_DEVICE_PHYSICAL_NETCARD 0x00000017
2172 #define FILE_DEVICE_PRINTER 0x00000018
2173 #define FILE_DEVICE_SCANNER 0x00000019
2174 #define FILE_DEVICE_SERIAL_MOUSE_PORT 0x0000001a
2175 #define FILE_DEVICE_SERIAL_PORT 0x0000001b
2176 #define FILE_DEVICE_SCREEN 0x0000001c
2177 #define FILE_DEVICE_SOUND 0x0000001d
2178 #define FILE_DEVICE_STREAMS 0x0000001e
2179 #define FILE_DEVICE_TAPE 0x0000001f
2180 #define FILE_DEVICE_TAPE_FILE_SYSTEM 0x00000020
2181 #define FILE_DEVICE_TRANSPORT 0x00000021
2182 #define FILE_DEVICE_UNKNOWN 0x00000022
2183 #define FILE_DEVICE_VIDEO 0x00000023
2184 #define FILE_DEVICE_VIRTUAL_DISK 0x00000024
2185 #define FILE_DEVICE_WAVE_IN 0x00000025
2186 #define FILE_DEVICE_WAVE_OUT 0x00000026
2187 #define FILE_DEVICE_8042_PORT 0x00000027
2188 #define FILE_DEVICE_NETWORK_REDIRECTOR 0x00000028
2189 #define FILE_DEVICE_BATTERY 0x00000029
2190 #define FILE_DEVICE_BUS_EXTENDER 0x0000002a
2191 #define FILE_DEVICE_MODEM 0x0000002b
2192 #define FILE_DEVICE_VDM 0x0000002c
2193 #define FILE_DEVICE_MASS_STORAGE 0x0000002d
2194 #define FILE_DEVICE_SMB 0x0000002e
2195 #define FILE_DEVICE_KS 0x0000002f
2196 #define FILE_DEVICE_CHANGER 0x00000030
2197 #define FILE_DEVICE_SMARTCARD 0x00000031
2198 #define FILE_DEVICE_ACPI 0x00000032
2199 #define FILE_DEVICE_DVD 0x00000033
2200 #define FILE_DEVICE_FULLSCREEN_VIDEO 0x00000034
2201 #define FILE_DEVICE_DFS_FILE_SYSTEM 0x00000035
2202 #define FILE_DEVICE_DFS_VOLUME 0x00000036
2203 #define FILE_DEVICE_SERENUM 0x00000037
2204 #define FILE_DEVICE_TERMSRV 0x00000038
2205 #define FILE_DEVICE_KSEC 0x00000039
2206 #define FILE_DEVICE_FIPS 0x0000003A
2207 #define FILE_DEVICE_INFINIBAND 0x0000003B
2208 #define FILE_DEVICE_VMBUS 0x0000003E
2209 #define FILE_DEVICE_CRYPT_PROVIDER 0x0000003F
2210 #define FILE_DEVICE_WPD 0x00000040
2211 #define FILE_DEVICE_BLUETOOTH 0x00000041
2212 #define FILE_DEVICE_MT_COMPOSITE 0x00000042
2213 #define FILE_DEVICE_MT_TRANSPORT 0x00000043
2214 #define FILE_DEVICE_BIOMETRIC 0x00000044
2215 #define FILE_DEVICE_PMI 0x00000045
2216
2217 #define CTL_CODE( DeviceType, Function, Method, Access ) ( \
2218 ((DeviceType) << 16) | ((Access) << 14) | ((Function) << 2) | (Method) \
2219 )
2220 #define DEVICE_TYPE_FROM_CTL_CODE(ctrlCode) (((ULONG)(ctrlCode & 0xffff0000)) >> 16)
2221 #define METHOD_FROM_CTL_CODE(ctrlCode) ((ULONG)(ctrlCode & 3))
2222
2223 #define METHOD_BUFFERED 0
2224 #define METHOD_IN_DIRECT 1
2225 #define METHOD_OUT_DIRECT 2
2226 #define METHOD_NEITHER 3
2227 #define METHOD_DIRECT_TO_HARDWARE METHOD_IN_DIRECT
2228 #define METHOD_DIRECT_FROM_HARDWARE METHOD_OUT_DIRECT
2229
2230 #define FILE_ANY_ACCESS 0
2231 #define FILE_SPECIAL_ACCESS (FILE_ANY_ACCESS)
2232 #define FILE_READ_ACCESS ( 0x0001 )
2233 #define FILE_WRITE_ACCESS ( 0x0002 )
2234
2235 typedef ULONG LSA_OPERATIONAL_MODE, *PLSA_OPERATIONAL_MODE;
2236
2237 typedef enum _SECURITY_LOGON_TYPE {
2238 UndefinedLogonType = 0,
2239 Interactive = 2,
2240 Network,
2241 Batch,
2242 Service,
2243 Proxy,
2244 Unlock,
2245 NetworkCleartext,
2246 NewCredentials,
2247 #if (_WIN32_WINNT >= 0x0501)
2248 RemoteInteractive,
2249 CachedInteractive,
2250 #endif
2251 #if (_WIN32_WINNT >= 0x0502)
2252 CachedRemoteInteractive,
2253 CachedUnlock
2254 #endif
2255 } SECURITY_LOGON_TYPE, *PSECURITY_LOGON_TYPE;
2256
2257 #ifndef _NTLSA_AUDIT_
2258 #define _NTLSA_AUDIT_
2259
2260 typedef enum _SE_ADT_PARAMETER_TYPE {
2261 SeAdtParmTypeNone = 0,
2262 SeAdtParmTypeString,
2263 SeAdtParmTypeFileSpec,
2264 SeAdtParmTypeUlong,
2265 SeAdtParmTypeSid,
2266 SeAdtParmTypeLogonId,
2267 SeAdtParmTypeNoLogonId,
2268 SeAdtParmTypeAccessMask,
2269 SeAdtParmTypePrivs,
2270 SeAdtParmTypeObjectTypes,
2271 SeAdtParmTypeHexUlong,
2272 SeAdtParmTypePtr,
2273 SeAdtParmTypeTime,
2274 SeAdtParmTypeGuid,
2275 SeAdtParmTypeLuid,
2276 SeAdtParmTypeHexInt64,
2277 SeAdtParmTypeStringList,
2278 SeAdtParmTypeSidList,
2279 SeAdtParmTypeDuration,
2280 SeAdtParmTypeUserAccountControl,
2281 SeAdtParmTypeNoUac,
2282 SeAdtParmTypeMessage,
2283 SeAdtParmTypeDateTime,
2284 SeAdtParmTypeSockAddr,
2285 SeAdtParmTypeSD,
2286 SeAdtParmTypeLogonHours,
2287 SeAdtParmTypeLogonIdNoSid,
2288 SeAdtParmTypeUlongNoConv,
2289 SeAdtParmTypeSockAddrNoPort,
2290 SeAdtParmTypeAccessReason
2291 } SE_ADT_PARAMETER_TYPE, *PSE_ADT_PARAMETER_TYPE;
2292
2293 #ifndef GUID_DEFINED
2294 #include <guiddef.h>
2295 #endif
2296
2297 typedef struct _SE_ADT_OBJECT_TYPE {
2298 GUID ObjectType;
2299 USHORT Flags;
2300 #define SE_ADT_OBJECT_ONLY 0x1
2301 USHORT Level;
2302 ACCESS_MASK AccessMask;
2303 } SE_ADT_OBJECT_TYPE, *PSE_ADT_OBJECT_TYPE;
2304
2305 typedef struct _SE_ADT_PARAMETER_ARRAY_ENTRY {
2306 SE_ADT_PARAMETER_TYPE Type;
2307 ULONG Length;
2308 ULONG_PTR Data[2];
2309 PVOID Address;
2310 } SE_ADT_PARAMETER_ARRAY_ENTRY, *PSE_ADT_PARAMETER_ARRAY_ENTRY;
2311
2312 typedef struct _SE_ADT_ACCESS_REASON {
2313 ACCESS_MASK AccessMask;
2314 ULONG AccessReasons[32];
2315 ULONG ObjectTypeIndex;
2316 ULONG AccessGranted;
2317 PSECURITY_DESCRIPTOR SecurityDescriptor;
2318 } SE_ADT_ACCESS_REASON, *PSE_ADT_ACCESS_REASON;
2319
2320 #define SE_MAX_AUDIT_PARAMETERS 32
2321 #define SE_MAX_GENERIC_AUDIT_PARAMETERS 28
2322
2323 typedef struct _SE_ADT_PARAMETER_ARRAY {
2324 ULONG CategoryId;
2325 ULONG AuditId;
2326 ULONG ParameterCount;
2327 ULONG Length;
2328 USHORT FlatSubCategoryId;
2329 USHORT Type;
2330 ULONG Flags;
2331 SE_ADT_PARAMETER_ARRAY_ENTRY Parameters[ SE_MAX_AUDIT_PARAMETERS ];
2332 } SE_ADT_PARAMETER_ARRAY, *PSE_ADT_PARAMETER_ARRAY;
2333
2334 #define SE_ADT_PARAMETERS_SELF_RELATIVE 0x00000001
2335 #define SE_ADT_PARAMETERS_SEND_TO_LSA 0x00000002
2336 #define SE_ADT_PARAMETER_EXTENSIBLE_AUDIT 0x00000004
2337 #define SE_ADT_PARAMETER_GENERIC_AUDIT 0x00000008
2338 #define SE_ADT_PARAMETER_WRITE_SYNCHRONOUS 0x00000010
2339
2340 #define LSAP_SE_ADT_PARAMETER_ARRAY_TRUE_SIZE(AuditParameters) \
2341 ( sizeof(SE_ADT_PARAMETER_ARRAY) - \
2342 sizeof(SE_ADT_PARAMETER_ARRAY_ENTRY) * \
2343 (SE_MAX_AUDIT_PARAMETERS - AuditParameters->ParameterCount) )
2344
2345 #endif /* _NTLSA_AUDIT_ */
2346
2347 #pragma pack(push,4)
2348
2349 #ifndef VER_PRODUCTBUILD
2350 #define VER_PRODUCTBUILD 10000
2351 #endif
2352
2353 #define EX_PUSH_LOCK ULONG_PTR
2354 #define PEX_PUSH_LOCK PULONG_PTR
2355
2356 #include "csq.h"
2357
2358 #ifdef _NTOSKRNL_
2359 extern PUCHAR FsRtlLegalAnsiCharacterArray;
2360 #else
2361 extern DECLSPEC_IMPORT PUCHAR FsRtlLegalAnsiCharacterArray;
2362 #endif
2363 extern PACL SePublicDefaultDacl;
2364 extern PACL SeSystemDefaultDacl;
2365
2366 extern KSPIN_LOCK IoStatisticsLock;
2367 extern ULONG IoReadOperationCount;
2368 extern ULONG IoWriteOperationCount;
2369 extern ULONG IoOtherOperationCount;
2370 extern LARGE_INTEGER IoReadTransferCount;
2371 extern LARGE_INTEGER IoWriteTransferCount;
2372 extern LARGE_INTEGER IoOtherTransferCount;
2373
2374 #define ANSI_DOS_STAR ('<')
2375 #define ANSI_DOS_QM ('>')
2376 #define ANSI_DOS_DOT ('"')
2377
2378 #define DOS_STAR (L'<')
2379 #define DOS_QM (L'>')
2380 #define DOS_DOT (L'"')
2381
2382 #define FILE_ACTION_ADDED 0x00000001
2383 #define FILE_ACTION_REMOVED 0x00000002
2384 #define FILE_ACTION_MODIFIED 0x00000003
2385 #define FILE_ACTION_RENAMED_OLD_NAME 0x00000004
2386 #define FILE_ACTION_RENAMED_NEW_NAME 0x00000005
2387 #define FILE_ACTION_ADDED_STREAM 0x00000006
2388 #define FILE_ACTION_REMOVED_STREAM 0x00000007
2389 #define FILE_ACTION_MODIFIED_STREAM 0x00000008
2390 #define FILE_ACTION_REMOVED_BY_DELETE 0x00000009
2391 #define FILE_ACTION_ID_NOT_TUNNELLED 0x0000000A
2392 #define FILE_ACTION_TUNNELLED_ID_COLLISION 0x0000000B
2393 /* end winnt.h */
2394
2395 #define FILE_EA_TYPE_BINARY 0xfffe
2396 #define FILE_EA_TYPE_ASCII 0xfffd
2397 #define FILE_EA_TYPE_BITMAP 0xfffb
2398 #define FILE_EA_TYPE_METAFILE 0xfffa
2399 #define FILE_EA_TYPE_ICON 0xfff9
2400 #define FILE_EA_TYPE_EA 0xffee
2401 #define FILE_EA_TYPE_MVMT 0xffdf
2402 #define FILE_EA_TYPE_MVST 0xffde
2403 #define FILE_EA_TYPE_ASN1 0xffdd
2404 #define FILE_EA_TYPE_FAMILY_IDS 0xff01
2405
2406 #define FILE_NEED_EA 0x00000080
2407
2408 /* also in winnt.h */
2409 #define FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001
2410 #define FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002
2411 #define FILE_NOTIFY_CHANGE_NAME 0x00000003
2412 #define FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004
2413 #define FILE_NOTIFY_CHANGE_SIZE 0x00000008
2414 #define FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010
2415 #define FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020
2416 #define FILE_NOTIFY_CHANGE_CREATION 0x00000040
2417 #define FILE_NOTIFY_CHANGE_EA 0x00000080
2418 #define FILE_NOTIFY_CHANGE_SECURITY 0x00000100
2419 #define FILE_NOTIFY_CHANGE_STREAM_NAME 0x00000200
2420 #define FILE_NOTIFY_CHANGE_STREAM_SIZE 0x00000400
2421 #define FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800
2422 #define FILE_NOTIFY_VALID_MASK 0x00000fff
2423 /* end winnt.h */
2424
2425 #define FILE_OPLOCK_BROKEN_TO_LEVEL_2 0x00000007
2426 #define FILE_OPLOCK_BROKEN_TO_NONE 0x00000008
2427
2428 #define FILE_OPBATCH_BREAK_UNDERWAY 0x00000009
2429
2430 #define FILE_CASE_SENSITIVE_SEARCH 0x00000001
2431 #define FILE_CASE_PRESERVED_NAMES 0x00000002
2432 #define FILE_UNICODE_ON_DISK 0x00000004
2433 #define FILE_PERSISTENT_ACLS 0x00000008
2434 #define FILE_FILE_COMPRESSION 0x00000010
2435 #define FILE_VOLUME_QUOTAS 0x00000020
2436 #define FILE_SUPPORTS_SPARSE_FILES 0x00000040
2437 #define FILE_SUPPORTS_REPARSE_POINTS 0x00000080
2438 #define FILE_SUPPORTS_REMOTE_STORAGE 0x00000100
2439 #define FS_LFN_APIS 0x00004000
2440 #define FILE_VOLUME_IS_COMPRESSED 0x00008000
2441 #define FILE_SUPPORTS_OBJECT_IDS 0x00010000
2442 #define FILE_SUPPORTS_ENCRYPTION 0x00020000
2443 #define FILE_NAMED_STREAMS 0x00040000
2444 #define FILE_READ_ONLY_VOLUME 0x00080000
2445 #define FILE_SEQUENTIAL_WRITE_ONCE 0x00100000
2446 #define FILE_SUPPORTS_TRANSACTIONS 0x00200000
2447
2448 #define FILE_PIPE_BYTE_STREAM_TYPE 0x00000000
2449 #define FILE_PIPE_MESSAGE_TYPE 0x00000001
2450
2451 #define FILE_PIPE_BYTE_STREAM_MODE 0x00000000
2452 #define FILE_PIPE_MESSAGE_MODE 0x00000001
2453
2454 #define FILE_PIPE_QUEUE_OPERATION 0x00000000
2455 #define FILE_PIPE_COMPLETE_OPERATION 0x00000001
2456
2457 #define FILE_PIPE_INBOUND 0x00000000
2458 #define FILE_PIPE_OUTBOUND 0x00000001
2459 #define FILE_PIPE_FULL_DUPLEX 0x00000002
2460
2461 #define FILE_PIPE_DISCONNECTED_STATE 0x00000001
2462 #define FILE_PIPE_LISTENING_STATE 0x00000002
2463 #define FILE_PIPE_CONNECTED_STATE 0x00000003
2464 #define FILE_PIPE_CLOSING_STATE 0x00000004
2465
2466 #define FILE_PIPE_CLIENT_END 0x00000000
2467 #define FILE_PIPE_SERVER_END 0x00000001
2468
2469 #define FILE_PIPE_READ_DATA 0x00000000
2470 #define FILE_PIPE_WRITE_SPACE 0x00000001
2471
2472 #define FILE_STORAGE_TYPE_SPECIFIED 0x00000041 /* FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE */
2473 #define FILE_STORAGE_TYPE_DEFAULT (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT)
2474 #define FILE_STORAGE_TYPE_DIRECTORY (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT)
2475 #define FILE_STORAGE_TYPE_FILE (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT)
2476 #define FILE_STORAGE_TYPE_DOCFILE (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT)
2477 #define FILE_STORAGE_TYPE_JUNCTION_POINT (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT)
2478 #define FILE_STORAGE_TYPE_CATALOG (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT)
2479 #define FILE_STORAGE_TYPE_STRUCTURED_STORAGE (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT)
2480 #define FILE_STORAGE_TYPE_EMBEDDING (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT)
2481 #define FILE_STORAGE_TYPE_STREAM (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT)
2482 #define FILE_MINIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_DEFAULT
2483 #define FILE_MAXIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_STREAM
2484 #define FILE_STORAGE_TYPE_MASK 0x000f0000
2485 #define FILE_STORAGE_TYPE_SHIFT 16
2486
2487 #define FILE_VC_QUOTA_NONE 0x00000000
2488 #define FILE_VC_QUOTA_TRACK 0x00000001
2489 #define FILE_VC_QUOTA_ENFORCE 0x00000002
2490 #define FILE_VC_QUOTA_MASK 0x00000003
2491
2492 #define FILE_VC_QUOTAS_LOG_VIOLATIONS 0x00000004
2493 #define FILE_VC_CONTENT_INDEX_DISABLED 0x00000008
2494
2495 #define FILE_VC_LOG_QUOTA_THRESHOLD 0x00000010
2496 #define FILE_VC_LOG_QUOTA_LIMIT 0x00000020
2497 #define FILE_VC_LOG_VOLUME_THRESHOLD 0x00000040
2498 #define FILE_VC_LOG_VOLUME_LIMIT 0x00000080
2499
2500 #define FILE_VC_QUOTAS_INCOMPLETE 0x00000100
2501 #define FILE_VC_QUOTAS_REBUILDING 0x00000200
2502
2503 #define FILE_VC_VALID_MASK 0x000003ff
2504
2505 #define FSRTL_FLAG_FILE_MODIFIED (0x01)
2506 #define FSRTL_FLAG_FILE_LENGTH_CHANGED (0x02)
2507 #define FSRTL_FLAG_LIMIT_MODIFIED_PAGES (0x04)
2508 #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_EX (0x08)
2509 #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_SH (0x10)
2510 #define FSRTL_FLAG_USER_MAPPED_FILE (0x20)
2511 #define FSRTL_FLAG_ADVANCED_HEADER (0x40)
2512 #define FSRTL_FLAG_EOF_ADVANCE_ACTIVE (0x80)
2513
2514 #define FSRTL_FLAG2_DO_MODIFIED_WRITE (0x01)
2515 #define FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS (0x02)
2516 #define FSRTL_FLAG2_PURGE_WHEN_MAPPED (0x04)
2517 #define FSRTL_FLAG2_IS_PAGING_FILE (0x08)
2518
2519 #define FSRTL_FSP_TOP_LEVEL_IRP (0x01)
2520 #define FSRTL_CACHE_TOP_LEVEL_IRP (0x02)
2521 #define FSRTL_MOD_WRITE_TOP_LEVEL_IRP (0x03)
2522 #define FSRTL_FAST_IO_TOP_LEVEL_IRP (0x04)
2523 #define FSRTL_MAX_TOP_LEVEL_IRP_FLAG (0x04)
2524
2525 #define FSRTL_VOLUME_DISMOUNT 1
2526 #define FSRTL_VOLUME_DISMOUNT_FAILED 2
2527 #define FSRTL_VOLUME_LOCK 3
2528 #define FSRTL_VOLUME_LOCK_FAILED 4
2529 #define FSRTL_VOLUME_UNLOCK 5
2530 #define FSRTL_VOLUME_MOUNT 6
2531
2532 #define FSRTL_WILD_CHARACTER 0x08
2533
2534 #define FSRTL_FAT_LEGAL 0x01
2535 #define FSRTL_HPFS_LEGAL 0x02
2536 #define FSRTL_NTFS_LEGAL 0x04
2537 #define FSRTL_WILD_CHARACTER 0x08
2538 #define FSRTL_OLE_LEGAL 0x10
2539 #define FSRTL_NTFS_STREAM_LEGAL 0x14
2540
2541 #ifdef _X86_
2542 #define HARDWARE_PTE HARDWARE_PTE_X86
2543 #define PHARDWARE_PTE PHARDWARE_PTE_X86
2544 #endif
2545
2546 #define IO_CHECK_CREATE_PARAMETERS 0x0200
2547 #define IO_ATTACH_DEVICE 0x0400
2548
2549 #define IO_ATTACH_DEVICE_API 0x80000000
2550
2551 #define IO_FILE_OBJECT_NON_PAGED_POOL_CHARGE 64
2552 #define IO_FILE_OBJECT_PAGED_POOL_CHARGE 1024
2553
2554 #define IO_TYPE_APC 18
2555 #define IO_TYPE_DPC 19
2556 #define IO_TYPE_DEVICE_QUEUE 20
2557 #define IO_TYPE_EVENT_PAIR 21
2558 #define IO_TYPE_INTERRUPT 22
2559 #define IO_TYPE_PROFILE 23
2560
2561 #define IRP_BEING_VERIFIED 0x10
2562
2563 #define MAILSLOT_CLASS_FIRSTCLASS 1
2564 #define MAILSLOT_CLASS_SECONDCLASS 2
2565
2566 #define MAILSLOT_SIZE_AUTO 0
2567
2568 #define MEM_DOS_LIM 0x40000000
2569
2570 #define MCB_FLAG_RAISE_ON_ALLOCATION_FAILURE 1
2571
2572 #define OB_TYPE_TYPE 1
2573 #define OB_TYPE_DIRECTORY 2
2574 #define OB_TYPE_SYMBOLIC_LINK 3
2575 #define OB_TYPE_TOKEN 4
2576 #define OB_TYPE_PROCESS 5
2577 #define OB_TYPE_THREAD 6
2578 #define OB_TYPE_EVENT 7
2579 #define OB_TYPE_EVENT_PAIR 8
2580 #define OB_TYPE_MUTANT 9
2581 #define OB_TYPE_SEMAPHORE 10
2582 #define OB_TYPE_TIMER 11
2583 #define OB_TYPE_PROFILE 12
2584 #define OB_TYPE_WINDOW_STATION 13
2585 #define OB_TYPE_DESKTOP 14
2586 #define OB_TYPE_SECTION 15
2587 #define OB_TYPE_KEY 16
2588 #define OB_TYPE_PORT 17
2589 #define OB_TYPE_ADAPTER 18
2590 #define OB_TYPE_CONTROLLER 19
2591 #define OB_TYPE_DEVICE 20
2592 #define OB_TYPE_DRIVER 21
2593 #define OB_TYPE_IO_COMPLETION 22
2594 #define OB_TYPE_FILE 23
2595
2596 #define PIN_WAIT (1)
2597 #define PIN_EXCLUSIVE (2)
2598 #define PIN_NO_READ (4)
2599 #define PIN_IF_BCB (8)
2600
2601 #define SEC_BASED 0x00200000
2602
2603 #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
2604 #define SECURITY_WORLD_RID (0x00000000L)
2605
2606 /* end winnt.h */
2607
2608 #define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x01
2609 #define TOKEN_HAS_BACKUP_PRIVILEGE 0x02
2610 #define TOKEN_HAS_RESTORE_PRIVILEGE 0x04
2611 #define TOKEN_HAS_ADMIN_GROUP 0x08
2612 #define TOKEN_WRITE_RESTRICTED 0x08
2613 #define TOKEN_IS_RESTRICTED 0x10
2614 #define SE_BACKUP_PRIVILEGES_CHECKED 0x0100
2615
2616 #define VACB_MAPPING_GRANULARITY (0x40000)
2617 #define VACB_OFFSET_SHIFT (18)
2618
2619 #define FSCTL_REQUEST_OPLOCK_LEVEL_1 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
2620 #define FSCTL_REQUEST_OPLOCK_LEVEL_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
2621 #define FSCTL_REQUEST_BATCH_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
2622 #define FSCTL_OPLOCK_BREAK_ACKNOWLEDGE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 3, METHOD_BUFFERED, FILE_ANY_ACCESS)
2623 #define FSCTL_OPBATCH_ACK_CLOSE_PENDING CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
2624 #define FSCTL_OPLOCK_BREAK_NOTIFY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 5, METHOD_BUFFERED, FILE_ANY_ACCESS)
2625 #define FSCTL_LOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
2626 #define FSCTL_UNLOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
2627 #define FSCTL_DISMOUNT_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
2628
2629 #define FSCTL_IS_VOLUME_MOUNTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 10, METHOD_BUFFERED, FILE_ANY_ACCESS)
2630 #define FSCTL_IS_PATHNAME_VALID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 11, METHOD_BUFFERED, FILE_ANY_ACCESS)
2631 #define FSCTL_MARK_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 12, METHOD_BUFFERED, FILE_ANY_ACCESS)
2632
2633 #define FSCTL_QUERY_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 14, METHOD_NEITHER, FILE_ANY_ACCESS)
2634 #define FSCTL_GET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 15, METHOD_BUFFERED, FILE_ANY_ACCESS)
2635 #define FSCTL_SET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 16, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
2636
2637
2638 #define FSCTL_MARK_AS_SYSTEM_HIVE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 19, METHOD_NEITHER, FILE_ANY_ACCESS)
2639 #define FSCTL_OPLOCK_BREAK_ACK_NO_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 20, METHOD_BUFFERED, FILE_ANY_ACCESS)
2640 #define FSCTL_INVALIDATE_VOLUMES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 21, METHOD_BUFFERED, FILE_ANY_ACCESS)
2641 #define FSCTL_QUERY_FAT_BPB CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 22, METHOD_BUFFERED, FILE_ANY_ACCESS)
2642 #define FSCTL_REQUEST_FILTER_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 23, METHOD_BUFFERED, FILE_ANY_ACCESS)
2643 #define FSCTL_FILESYSTEM_GET_STATISTICS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 24, METHOD_BUFFERED, FILE_ANY_ACCESS)
2644
2645 #if (VER_PRODUCTBUILD >= 1381)
2646
2647 #define FSCTL_GET_NTFS_VOLUME_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 25, METHOD_BUFFERED, FILE_ANY_ACCESS)
2648 #define FSCTL_GET_NTFS_FILE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 26, METHOD_BUFFERED, FILE_ANY_ACCESS)
2649 #define FSCTL_GET_VOLUME_BITMAP CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 27, METHOD_NEITHER, FILE_ANY_ACCESS)
2650 #define FSCTL_GET_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 28, METHOD_NEITHER, FILE_ANY_ACCESS)
2651 #define FSCTL_MOVE_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 29, METHOD_BUFFERED, FILE_ANY_ACCESS)
2652 #define FSCTL_IS_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 30, METHOD_BUFFERED, FILE_ANY_ACCESS)
2653 #define FSCTL_GET_HFS_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS)
2654 #define FSCTL_ALLOW_EXTENDED_DASD_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 32, METHOD_NEITHER, FILE_ANY_ACCESS)
2655
2656 #endif /* (VER_PRODUCTBUILD >= 1381) */
2657
2658 #if (VER_PRODUCTBUILD >= 2195)
2659
2660 #define FSCTL_READ_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS)
2661 #define FSCTL_WRITE_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS)
2662 #define FSCTL_FIND_FILES_BY_SID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 35, METHOD_NEITHER, FILE_ANY_ACCESS)
2663
2664 #define FSCTL_DUMP_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS)
2665 #define FSCTL_SET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 38, METHOD_BUFFERED, FILE_WRITE_DATA)
2666 #define FSCTL_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 39, METHOD_BUFFERED, FILE_ANY_ACCESS)
2667 #define FSCTL_DELETE_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 40, METHOD_BUFFERED, FILE_WRITE_DATA)
2668 #define FSCTL_SET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 41, METHOD_BUFFERED, FILE_WRITE_DATA)
2669 #define FSCTL_GET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 42, METHOD_BUFFERED, FILE_ANY_ACCESS)
2670 #define FSCTL_DELETE_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 43, METHOD_BUFFERED, FILE_WRITE_DATA)
2671 #define FSCTL_ENUM_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 44, METHOD_NEITHER, FILE_READ_DATA)
2672 #define FSCTL_SECURITY_ID_CHECK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 45, METHOD_NEITHER, FILE_READ_DATA)
2673 #define FSCTL_READ_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 46, METHOD_NEITHER, FILE_READ_DATA)
2674 #define FSCTL_SET_OBJECT_ID_EXTENDED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 47, METHOD_BUFFERED, FILE_WRITE_DATA)
2675 #define FSCTL_CREATE_OR_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 48, METHOD_BUFFERED, FILE_ANY_ACCESS)
2676 #define FSCTL_SET_SPARSE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 49, METHOD_BUFFERED, FILE_WRITE_DATA)
2677 #define FSCTL_SET_ZERO_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 50, METHOD_BUFFERED, FILE_WRITE_DATA)
2678 #define FSCTL_QUERY_ALLOCATED_RANGES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 51, METHOD_NEITHER, FILE_READ_DATA)
2679 #define FSCTL_ENABLE_UPGRADE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 52, METHOD_BUFFERED, FILE_WRITE_DATA)
2680 #define FSCTL_SET_ENCRYPTION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 53, METHOD_BUFFERED, FILE_ANY_ACCESS)
2681 #define FSCTL_ENCRYPTION_FSCTL_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 54, METHOD_NEITHER, FILE_ANY_ACCESS)
2682 #define FSCTL_WRITE_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 55, METHOD_NEITHER, FILE_ANY_ACCESS)
2683 #define FSCTL_READ_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 56, METHOD_NEITHER, FILE_ANY_ACCESS)
2684 #define FSCTL_CREATE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 57, METHOD_NEITHER, FILE_READ_DATA)
2685 #define FSCTL_READ_FILE_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 58, METHOD_NEITHER, FILE_READ_DATA)
2686 #define FSCTL_WRITE_USN_CLOSE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 59, METHOD_NEITHER, FILE_READ_DATA)
2687 #define FSCTL_EXTEND_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 60, METHOD_BUFFERED, FILE_ANY_ACCESS)
2688 #define FSCTL_QUERY_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 61, METHOD_BUFFERED, FILE_ANY_ACCESS)
2689 #define FSCTL_DELETE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 62, METHOD_BUFFERED, FILE_ANY_ACCESS)
2690 #define FSCTL_MARK_HANDLE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 63, METHOD_BUFFERED, FILE_ANY_ACCESS)
2691 #define FSCTL_SIS_COPYFILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 64, METHOD_BUFFERED, FILE_ANY_ACCESS)
2692 #define FSCTL_SIS_LINK_FILES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 65, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
2693 #define FSCTL_HSM_MSG CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
2694 #define FSCTL_NSS_CONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 67, METHOD_BUFFERED, FILE_WRITE_DATA)
2695 #define FSCTL_HSM_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
2696 #define FSCTL_RECALL_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 69, METHOD_NEITHER, FILE_ANY_ACCESS)
2697 #define FSCTL_NSS_RCONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 70, METHOD_BUFFERED, FILE_READ_DATA)
2698 #define FSCTL_READ_FROM_PLEX CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 71, METHOD_OUT_DIRECT, FILE_READ_DATA)
2699 #define FSCTL_FILE_PREFETCH CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 72, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
2700
2701 #endif /* (VER_PRODUCTBUILD >= 2195) */
2702
2703 #define FSCTL_MAILSLOT_PEEK CTL_CODE(FILE_DEVICE_MAILSLOT, 0, METHOD_NEITHER, FILE_READ_DATA)
2704
2705 #define FSCTL_NETWORK_SET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
2706 #define FSCTL_NETWORK_GET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
2707 #define FSCTL_NETWORK_GET_CONNECTION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS)
2708 #define FSCTL_NETWORK_ENUMERATE_CONNECTIONS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS)
2709 #define FSCTL_NETWORK_DELETE_CONNECTION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS)
2710 #define FSCTL_NETWORK_GET_STATISTICS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 116, METHOD_BUFFERED, FILE_ANY_ACCESS)
2711 #define FSCTL_NETWORK_SET_DOMAIN_NAME CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS)
2712 #define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS)
2713
2714 #define FSCTL_PIPE_ASSIGN_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
2715 #define FSCTL_PIPE_DISCONNECT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
2716 #define FSCTL_PIPE_LISTEN CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
2717 #define FSCTL_PIPE_PEEK CTL_CODE(FILE_DEVICE_NAMED_PIPE, 3, METHOD_BUFFERED, FILE_READ_DATA)
2718 #define FSCTL_PIPE_QUERY_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
2719 #define FSCTL_PIPE_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 5, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
2720 #define FSCTL_PIPE_WAIT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
2721 #define FSCTL_PIPE_IMPERSONATE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
2722 #define FSCTL_PIPE_SET_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
2723 #define FSCTL_PIPE_QUERY_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 9, METHOD_BUFFERED, FILE_ANY_ACCESS)
2724 #define FSCTL_PIPE_INTERNAL_READ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2045, METHOD_BUFFERED, FILE_READ_DATA)
2725 #define FSCTL_PIPE_INTERNAL_WRITE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2046, METHOD_BUFFERED, FILE_WRITE_DATA)
2726 #define FSCTL_PIPE_INTERNAL_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2047, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
2727 #define FSCTL_PIPE_INTERNAL_READ_OVFLOW CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2048, METHOD_BUFFERED, FILE_READ_DATA)
2728
2729 #define IOCTL_REDIR_QUERY_PATH CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS)
2730
2731 typedef PVOID OPLOCK, *POPLOCK;
2732
2733 //
2734 // Forwarders
2735 //
2736 struct _RTL_AVL_TABLE;
2737 struct _RTL_GENERIC_TABLE;
2738
2739 typedef ULONG LBN;
2740 typedef LBN *PLBN;
2741
2742 typedef ULONG VBN;
2743 typedef VBN *PVBN;
2744
2745 typedef PVOID PNOTIFY_SYNC;
2746
2747 typedef enum _FAST_IO_POSSIBLE {
2748 FastIoIsNotPossible,
2749 FastIoIsPossible,
2750 FastIoIsQuestionable
2751 } FAST_IO_POSSIBLE;
2752
2753 typedef enum _FILE_STORAGE_TYPE {
2754 StorageTypeDefault = 1,
2755 StorageTypeDirectory,
2756 StorageTypeFile,
2757 StorageTypeJunctionPoint,
2758 StorageTypeCatalog,
2759 StorageTypeStructuredStorage,
2760 StorageTypeEmbedding,
2761 StorageTypeStream
2762 } FILE_STORAGE_TYPE;
2763
2764 typedef enum _OBJECT_INFORMATION_CLASS
2765 {
2766 ObjectBasicInformation,
2767 ObjectNameInformation,
2768 ObjectTypeInformation,
2769 ObjectTypesInformation,
2770 ObjectHandleFlagInformation,
2771 ObjectSessionInformation,
2772 MaxObjectInfoClass
2773 } OBJECT_INFORMATION_CLASS;
2774
2775 typedef struct _OBJECT_BASIC_INFORMATION
2776 {
2777 ULONG Attributes;
2778 ACCESS_MASK GrantedAccess;
2779 ULONG HandleCount;
2780 ULONG PointerCount;
2781 ULONG PagedPoolCharge;
2782 ULONG NonPagedPoolCharge;
2783 ULONG Reserved[ 3 ];
2784 ULONG NameInfoSize;
2785 ULONG TypeInfoSize;
2786 ULONG SecurityDescriptorSize;
2787 LARGE_INTEGER CreationTime;
2788 } OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION;
2789
2790 typedef struct _KAPC_STATE {
2791 LIST_ENTRY ApcListHead[2];
2792 PKPROCESS Process;
2793 BOOLEAN KernelApcInProgress;
2794 BOOLEAN KernelApcPending;
2795 BOOLEAN UserApcPending;
2796 } KAPC_STATE, *PKAPC_STATE, *RESTRICTED_POINTER PRKAPC_STATE;
2797 #define KAPC_STATE_ACTUAL_LENGTH (FIELD_OFFSET(KAPC_STATE, UserApcPending) + sizeof(BOOLEAN))
2798
2799 typedef struct _BITMAP_RANGE {
2800 LIST_ENTRY Links;
2801 LONGLONG BasePage;
2802 ULONG FirstDirtyPage;
2803 ULONG LastDirtyPage;
2804 ULONG DirtyPages;
2805 PULONG Bitmap;
2806 } BITMAP_RANGE, *PBITMAP_RANGE;
2807
2808 typedef struct _CACHE_UNINITIALIZE_EVENT {
2809 struct _CACHE_UNINITIALIZE_EVENT *Next;
2810 KEVENT Event;
2811 } CACHE_UNINITIALIZE_EVENT, *PCACHE_UNINITIALIZE_EVENT;
2812
2813 typedef struct _CC_FILE_SIZES {
2814 LARGE_INTEGER AllocationSize;
2815 LARGE_INTEGER FileSize;
2816 LARGE_INTEGER ValidDataLength;
2817 } CC_FILE_SIZES, *PCC_FILE_SIZES;
2818
2819 #define SYMLINK_FLAG_RELATIVE 1
2820
2821 typedef struct _REPARSE_DATA_BUFFER {
2822 ULONG ReparseTag;
2823 USHORT ReparseDataLength;
2824 USHORT Reserved;
2825 __GNU_EXTENSION union {
2826 struct {
2827 USHORT SubstituteNameOffset;
2828 USHORT SubstituteNameLength;
2829 USHORT PrintNameOffset;
2830 USHORT PrintNameLength;
2831 ULONG Flags;
2832 WCHAR PathBuffer[1];
2833 } SymbolicLinkReparseBuffer;
2834 struct {
2835 USHORT SubstituteNameOffset;
2836 USHORT SubstituteNameLength;
2837 USHORT PrintNameOffset;
2838 USHORT PrintNameLength;
2839 WCHAR PathBuffer[1];
2840 } MountPointReparseBuffer;
2841 struct {
2842 UCHAR DataBuffer[1];
2843 } GenericReparseBuffer;
2844 };
2845 } REPARSE_DATA_BUFFER, *PREPARSE_DATA_BUFFER;
2846
2847
2848
2849 //
2850 // MicroSoft reparse point tags
2851 //
2852 #define IO_REPARSE_TAG_MOUNT_POINT (0xA0000003L)
2853 #define IO_REPARSE_TAG_HSM (0xC0000004L)
2854 #define IO_REPARSE_TAG_DRIVE_EXTENDER (0x80000005L)
2855 #define IO_REPARSE_TAG_HSM2 (0x80000006L)
2856 #define IO_REPARSE_TAG_SIS (0x80000007L)
2857 #define IO_REPARSE_TAG_DFS (0x8000000AL)
2858 #define IO_REPARSE_TAG_FILTER_MANAGER (0x8000000BL)
2859 #define IO_REPARSE_TAG_SYMLINK (0xA000000CL)
2860 #define IO_REPARSE_TAG_IIS_CACHE (0xA0000010L)
2861 #define IO_REPARSE_TAG_DFSR (0x80000012L)
2862
2863 //
2864 // Reserved reparse tags
2865 //
2866 #define IO_REPARSE_TAG_RESERVED_ZERO (0)
2867 #define IO_REPARSE_TAG_RESERVED_ONE (1)
2868 #define IO_REPARSE_TAG_RESERVED_RANGE IO_REPARSE_TAG_RESERVED_ONE
2869
2870
2871 #define REPARSE_DATA_BUFFER_HEADER_SIZE FIELD_OFFSET(REPARSE_DATA_BUFFER, GenericReparseBuffer)
2872
2873 typedef struct _FILE_ACCESS_INFORMATION {
2874 ACCESS_MASK AccessFlags;
2875 } FILE_ACCESS_INFORMATION, *PFILE_ACCESS_INFORMATION;
2876
2877 typedef struct _FILE_ALLOCATION_INFORMATION {
2878 LARGE_INTEGER AllocationSize;
2879 } FILE_ALLOCATION_INFORMATION, *PFILE_ALLOCATION_INFORMATION;
2880
2881 typedef struct _FILE_BOTH_DIR_INFORMATION {
2882 ULONG NextEntryOffset;
2883 ULONG FileIndex;
2884 LARGE_INTEGER CreationTime;
2885 LARGE_INTEGER LastAccessTime;
2886 LARGE_INTEGER LastWriteTime;
2887 LARGE_INTEGER ChangeTime;
2888 LARGE_INTEGER EndOfFile;
2889 LARGE_INTEGER AllocationSize;
2890 ULONG FileAttributes;
2891 ULONG FileNameLength;
2892 ULONG EaSize;
2893 CCHAR ShortNameLength;
2894 WCHAR ShortName[12];
2895 WCHAR FileName[1];
2896 } FILE_BOTH_DIR_INFORMATION, *PFILE_BOTH_DIR_INFORMATION;
2897
2898 typedef struct _FILE_COMPLETION_INFORMATION {
2899 HANDLE Port;
2900 PVOID Key;
2901 } FILE_COMPLETION_INFORMATION, *PFILE_COMPLETION_INFORMATION;
2902
2903 typedef struct _FILE_COMPRESSION_INFORMATION {
2904 LARGE_INTEGER CompressedFileSize;
2905 USHORT CompressionFormat;
2906 UCHAR CompressionUnitShift;
2907 UCHAR ChunkShift;
2908 UCHAR ClusterShift;
2909 UCHAR Reserved[3];
2910 } FILE_COMPRESSION_INFORMATION, *PFILE_COMPRESSION_INFORMATION;
2911
2912 typedef struct _FILE_COPY_ON_WRITE_INFORMATION {
2913 BOOLEAN ReplaceIfExists;
2914 HANDLE RootDirectory;
2915 ULONG FileNameLength;
2916 WCHAR FileName[1];
2917 } FILE_COPY_ON_WRITE_INFORMATION, *PFILE_COPY_ON_WRITE_INFORMATION;
2918
2919 typedef struct _FILE_DIRECTORY_INFORMATION {
2920 ULONG NextEntryOffset;
2921 ULONG FileIndex;
2922 LARGE_INTEGER CreationTime;
2923 LARGE_INTEGER LastAccessTime;
2924 LARGE_INTEGER LastWriteTime;
2925 LARGE_INTEGER ChangeTime;
2926 LARGE_INTEGER EndOfFile;
2927 LARGE_INTEGER AllocationSize;
2928 ULONG FileAttributes;
2929 ULONG FileNameLength;
2930 WCHAR FileName[1];
2931 } FILE_DIRECTORY_INFORMATION, *PFILE_DIRECTORY_INFORMATION;
2932
2933 typedef struct _FILE_FULL_DIRECTORY_INFORMATION {
2934 ULONG NextEntryOffset;
2935 ULONG FileIndex;
2936 LARGE_INTEGER CreationTime;
2937 LARGE_INTEGER LastAccessTime;
2938 LARGE_INTEGER LastWriteTime;
2939 LARGE_INTEGER ChangeTime;
2940 LARGE_INTEGER EndOfFile;
2941 LARGE_INTEGER AllocationSize;
2942 ULONG FileAttributes;
2943 ULONG FileNameLength;
2944 ULONG EaSize;
2945 WCHAR FileName[ANYSIZE_ARRAY];
2946 } FILE_FULL_DIRECTORY_INFORMATION, *PFILE_FULL_DIRECTORY_INFORMATION;
2947
2948 typedef struct _FILE_ID_FULL_DIR_INFORMATION {
2949 ULONG NextEntryOffset;
2950 ULONG FileIndex;
2951 LARGE_INTEGER CreationTime;
2952 LARGE_INTEGER LastAccessTime;
2953 LARGE_INTEGER LastWriteTime;
2954 LARGE_INTEGER ChangeTime;
2955 LARGE_INTEGER EndOfFile;
2956 LARGE_INTEGER AllocationSize;
2957 ULONG FileAttributes;
2958 ULONG FileNameLength;
2959 ULONG EaSize;
2960 LARGE_INTEGER FileId;
2961 WCHAR FileName[1];
2962 } FILE_ID_FULL_DIR_INFORMATION, *PFILE_ID_FULL_DIR_INFORMATION;
2963
2964 typedef struct _FILE_ID_BOTH_DIR_INFORMATION {
2965 ULONG NextEntryOffset;
2966 ULONG FileIndex;
2967 LARGE_INTEGER CreationTime;
2968 LARGE_INTEGER LastAccessTime;
2969 LARGE_INTEGER LastWriteTime;
2970 LARGE_INTEGER ChangeTime;
2971 LARGE_INTEGER EndOfFile;
2972 LARGE_INTEGER AllocationSize;
2973 ULONG FileAttributes;
2974 ULONG FileNameLength;
2975 ULONG EaSize;
2976 CCHAR ShortNameLength;
2977 WCHAR ShortName[12];
2978 LARGE_INTEGER FileId;
2979 WCHAR FileName[1];
2980 } FILE_ID_BOTH_DIR_INFORMATION, *PFILE_ID_BOTH_DIR_INFORMATION;
2981
2982 typedef struct _FILE_EA_INFORMATION {
2983 ULONG EaSize;
2984 } FILE_EA_INFORMATION, *PFILE_EA_INFORMATION;
2985
2986 typedef struct _FILE_FS_ATTRIBUTE_INFORMATION {
2987 ULONG FileSystemAttributes;
2988 ULONG MaximumComponentNameLength;
2989 ULONG FileSystemNameLength;
2990 WCHAR FileSystemName[1];
2991 } FILE_FS_ATTRIBUTE_INFORMATION, *PFILE_FS_ATTRIBUTE_INFORMATION;
2992
2993 typedef struct _FILE_FS_CONTROL_INFORMATION {
2994 LARGE_INTEGER FreeSpaceStartFiltering;
2995 LARGE_INTEGER FreeSpaceThreshold;
2996 LARGE_INTEGER FreeSpaceStopFiltering;
2997 LARGE_INTEGER DefaultQuotaThreshold;
2998 LARGE_INTEGER DefaultQuotaLimit;
2999 ULONG FileSystemControlFlags;
3000 } FILE_FS_CONTROL_INFORMATION, *PFILE_FS_CONTROL_INFORMATION;
3001
3002 typedef struct _FILE_FS_FULL_SIZE_INFORMATION {
3003 LARGE_INTEGER TotalAllocationUnits;
3004 LARGE_INTEGER CallerAvailableAllocationUnits;
3005 LARGE_INTEGER ActualAvailableAllocationUnits;
3006 ULONG SectorsPerAllocationUnit;
3007 ULONG BytesPerSector;
3008 } FILE_FS_FULL_SIZE_INFORMATION, *PFILE_FS_FULL_SIZE_INFORMATION;
3009
3010 typedef struct _FILE_FS_LABEL_INFORMATION {
3011 ULONG VolumeLabelLength;
3012 WCHAR VolumeLabel[1];
3013 } FILE_FS_LABEL_INFORMATION, *PFILE_FS_LABEL_INFORMATION;
3014
3015 #if (VER_PRODUCTBUILD >= 2195)
3016
3017 typedef struct _FILE_FS_OBJECT_ID_INFORMATION {
3018 UCHAR ObjectId[16];
3019 UCHAR ExtendedInfo[48];
3020 } FILE_FS_OBJECT_ID_INFORMATION, *PFILE_FS_OBJECT_ID_INFORMATION;
3021
3022 #endif /* (VER_PRODUCTBUILD >= 2195) */
3023
3024 typedef struct _FILE_FS_SIZE_INFORMATION {
3025 LARGE_INTEGER TotalAllocationUnits;
3026 LARGE_INTEGER AvailableAllocationUnits;
3027 ULONG SectorsPerAllocationUnit;
3028 ULONG BytesPerSector;
3029 } FILE_FS_SIZE_INFORMATION, *PFILE_FS_SIZE_INFORMATION;
3030
3031 typedef struct _FILE_FS_VOLUME_INFORMATION {
3032 LARGE_INTEGER VolumeCreationTime;
3033 ULONG VolumeSerialNumber;
3034 ULONG VolumeLabelLength;
3035 BOOLEAN SupportsObjects;
3036 WCHAR VolumeLabel[1];
3037 } FILE_FS_VOLUME_INFORMATION, *PFILE_FS_VOLUME_INFORMATION;
3038
3039 typedef struct _FILE_FS_OBJECTID_INFORMATION
3040 {
3041 UCHAR ObjectId[16];
3042 UCHAR ExtendedInfo[48];
3043 } FILE_FS_OBJECTID_INFORMATION, *PFILE_FS_OBJECTID_INFORMATION;
3044
3045 typedef struct _FILE_FS_DRIVER_PATH_INFORMATION
3046 {
3047 BOOLEAN DriverInPath;
3048 ULONG DriverNameLength;
3049 WCHAR DriverName[1];
3050 } FILE_FS_DRIVER_PATH_INFORMATION, *PFILE_FS_DRIVER_PATH_INFORMATION;
3051
3052 typedef struct _FILE_FULL_DIR_INFORMATION {
3053 ULONG NextEntryOffset;
3054 ULONG FileIndex;
3055 LARGE_INTEGER CreationTime;
3056 LARGE_INTEGER LastAccessTime;
3057 LARGE_INTEGER LastWriteTime;
3058 LARGE_INTEGER ChangeTime;
3059 LARGE_INTEGER EndOfFile;
3060 LARGE_INTEGER AllocationSize;
3061 ULONG FileAttributes;
3062 ULONG FileNameLength;
3063 ULONG EaSize;
3064 WCHAR FileName[1];
3065 } FILE_FULL_DIR_INFORMATION, *PFILE_FULL_DIR_INFORMATION;
3066
3067 typedef struct _FILE_GET_EA_INFORMATION {
3068 ULONG NextEntryOffset;
3069 UCHAR EaNameLength;
3070 CHAR EaName[1];
3071 } FILE_GET_EA_INFORMATION, *PFILE_GET_EA_INFORMATION;
3072
3073 typedef struct _FILE_GET_QUOTA_INFORMATION {
3074 ULONG NextEntryOffset;
3075 ULONG SidLength;
3076 SID Sid;
3077 } FILE_GET_QUOTA_INFORMATION, *PFILE_GET_QUOTA_INFORMATION;
3078
3079 typedef struct _FILE_QUOTA_INFORMATION
3080 {
3081 ULONG NextEntryOffset;
3082 ULONG SidLength;
3083 LARGE_INTEGER ChangeTime;
3084 LARGE_INTEGER QuotaUsed;
3085 LARGE_INTEGER QuotaThreshold;
3086 LARGE_INTEGER QuotaLimit;
3087 SID Sid;
3088 } FILE_QUOTA_INFORMATION, *PFILE_QUOTA_INFORMATION;
3089
3090 typedef struct _FILE_INTERNAL_INFORMATION {
3091 LARGE_INTEGER IndexNumber;
3092 } FILE_INTERNAL_INFORMATION, *PFILE_INTERNAL_INFORMATION;
3093
3094 typedef struct _FILE_LINK_INFORMATION {
3095 BOOLEAN ReplaceIfExists;
3096 HANDLE RootDirectory;
3097 ULONG FileNameLength;
3098 WCHAR FileName[1];
3099 } FILE_LINK_INFORMATION, *PFILE_LINK_INFORMATION;
3100
3101 typedef struct _FILE_LOCK_INFO
3102 {
3103 LARGE_INTEGER StartingByte;
3104 LARGE_INTEGER Length;
3105 BOOLEAN ExclusiveLock;
3106 ULONG Key;
3107 PFILE_OBJECT FileObject;
3108 PVOID ProcessId;
3109 LARGE_INTEGER EndingByte;
3110 } FILE_LOCK_INFO, *PFILE_LOCK_INFO;
3111
3112 typedef struct _FILE_REPARSE_POINT_INFORMATION
3113 {
3114 LONGLONG FileReference;
3115 ULONG Tag;
3116 } FILE_REPARSE_POINT_INFORMATION, *PFILE_REPARSE_POINT_INFORMATION;
3117
3118 typedef struct _FILE_MOVE_CLUSTER_INFORMATION
3119 {
3120 ULONG ClusterCount;
3121 HANDLE RootDirectory;
3122 ULONG FileNameLength;
3123 WCHAR FileName[1];
3124 } FILE_MOVE_CLUSTER_INFORMATION, *PFILE_MOVE_CLUSTER_INFORMATION;
3125
3126 typedef struct _FILE_NOTIFY_INFORMATION
3127 {
3128 ULONG NextEntryOffset;
3129 ULONG Action;
3130 ULONG FileNameLength;
3131 WCHAR FileName[1];
3132 } FILE_NOTIFY_INFORMATION, *PFILE_NOTIFY_INFORMATION;
3133
3134 /* raw internal file lock struct returned from FsRtlGetNextFileLock */
3135 typedef struct _FILE_SHARED_LOCK_ENTRY {
3136 PVOID Unknown1;
3137 PVOID Unknown2;
3138 FILE_LOCK_INFO FileLock;
3139 } FILE_SHARED_LOCK_ENTRY, *PFILE_SHARED_LOCK_ENTRY;
3140
3141 /* raw internal file lock struct returned from FsRtlGetNextFileLock */
3142 typedef struct _FILE_EXCLUSIVE_LOCK_ENTRY {
3143 LIST_ENTRY ListEntry;
3144 PVOID Unknown1;
3145 PVOID Unknown2;
3146 FILE_LOCK_INFO FileLock;
3147 } FILE_EXCLUSIVE_LOCK_ENTRY, *PFILE_EXCLUSIVE_LOCK_ENTRY;
3148
3149 typedef NTSTATUS (NTAPI *PCOMPLETE_LOCK_IRP_ROUTINE) (
3150 IN PVOID Context,
3151 IN PIRP Irp
3152 );
3153
3154 typedef VOID (NTAPI *PUNLOCK_ROUTINE) (
3155 IN PVOID Context,
3156 IN PFILE_LOCK_INFO FileLockInfo
3157 );
3158
3159 typedef struct _FILE_LOCK {
3160 PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine;
3161 PUNLOCK_ROUTINE UnlockRoutine;
3162 BOOLEAN FastIoIsQuestionable;
3163 BOOLEAN Pad[3];
3164 PVOID LockInformation;
3165 FILE_LOCK_INFO LastReturnedLockInfo;
3166 PVOID LastReturnedLock;
3167 } FILE_LOCK, *PFILE_LOCK;
3168
3169 typedef struct _FILE_MAILSLOT_PEEK_BUFFER {
3170 ULONG ReadDataAvailable;
3171 ULONG NumberOfMessages;
3172 ULONG MessageLength;
3173 } FILE_MAILSLOT_PEEK_BUFFER, *PFILE_MAILSLOT_PEEK_BUFFER;
3174
3175 typedef struct _FILE_MAILSLOT_QUERY_INFORMATION {
3176 ULONG MaximumMessageSize;
3177 ULONG MailslotQuota;
3178 ULONG NextMessageSize;
3179 ULONG MessagesAvailable;
3180 LARGE_INTEGER ReadTimeout;
3181 } FILE_MAILSLOT_QUERY_INFORMATION, *PFILE_MAILSLOT_QUERY_INFORMATION;
3182
3183 typedef struct _FILE_MAILSLOT_SET_INFORMATION {
3184 PLARGE_INTEGER ReadTimeout;
3185 } FILE_MAILSLOT_SET_INFORMATION, *PFILE_MAILSLOT_SET_INFORMATION;
3186
3187 typedef struct _FILE_MODE_INFORMATION {
3188 ULONG Mode;
3189 } FILE_MODE_INFORMATION, *PFILE_MODE_INFORMATION;
3190
3191 typedef struct _FILE_ALL_INFORMATION {
3192 FILE_BASIC_INFORMATION BasicInformation;
3193 FILE_STANDARD_INFORMATION StandardInformation;
3194 FILE_INTERNAL_INFORMATION InternalInformation;
3195 FILE_EA_INFORMATION EaInformation;
3196 FILE_ACCESS_INFORMATION AccessInformation;
3197 FILE_POSITION_INFORMATION PositionInformation;
3198 FILE_MODE_INFORMATION ModeInformation;
3199 FILE_ALIGNMENT_INFORMATION AlignmentInformation;
3200 FILE_NAME_INFORMATION NameInformation;
3201 } FILE_ALL_INFORMATION, *PFILE_ALL_INFORMATION;
3202
3203 typedef struct _FILE_NAMES_INFORMATION {
3204 ULONG NextEntryOffset;
3205 ULONG FileIndex;
3206 ULONG FileNameLength;
3207 WCHAR FileName[1];
3208 } FILE_NAMES_INFORMATION, *PFILE_NAMES_INFORMATION;
3209
3210 typedef struct _FILE_OBJECTID_INFORMATION {
3211 LONGLONG FileReference;
3212 UCHAR ObjectId[16];
3213 _ANONYMOUS_UNION union {
3214 __GNU_EXTENSION struct {
3215 UCHAR BirthVolumeId[16];
3216 UCHAR BirthObjectId[16];
3217 UCHAR DomainId[16];
3218 };
3219 UCHAR ExtendedInfo[48];
3220 } DUMMYUNIONNAME;
3221 } FILE_OBJECTID_INFORMATION, *PFILE_OBJECTID_INFORMATION;
3222
3223 typedef struct _FILE_OLE_CLASSID_INFORMATION {
3224 GUID ClassId;
3225 } FILE_OLE_CLASSID_INFORMATION, *PFILE_OLE_CLASSID_INFORMATION;
3226
3227 typedef struct _FILE_OLE_ALL_INFORMATION {
3228 FILE_BASIC_INFORMATION BasicInformation;
3229 FILE_STANDARD_INFORMATION StandardInformation;
3230 FILE_INTERNAL_INFORMATION InternalInformation;
3231 FILE_EA_INFORMATION EaInformation;
3232 FILE_ACCESS_INFORMATION AccessInformation;
3233 FILE_POSITION_INFORMATION PositionInformation;
3234 FILE_MODE_INFORMATION ModeInformation;
3235 FILE_ALIGNMENT_INFORMATION AlignmentInformation;
3236 USN LastChangeUsn;
3237 USN ReplicationUsn;
3238 LARGE_INTEGER SecurityChangeTime;
3239 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation;
3240 FILE_OBJECTID_INFORMATION ObjectIdInformation;
3241 FILE_STORAGE_TYPE StorageType;
3242 ULONG OleStateBits;
3243 ULONG OleId;
3244 ULONG NumberOfStreamReferences;
3245 ULONG StreamIndex;
3246 ULONG SecurityId;
3247 BOOLEAN ContentIndexDisable;
3248 BOOLEAN InheritContentIndexDisable;
3249 FILE_NAME_INFORMATION NameInformation;
3250 } FILE_OLE_ALL_INFORMATION, *PFILE_OLE_ALL_INFORMATION;
3251
3252 typedef struct _FILE_OLE_DIR_INFORMATION {
3253 ULONG NextEntryOffset;
3254 ULONG FileIndex;
3255 LARGE_INTEGER CreationTime;
3256 LARGE_INTEGER LastAccessTime;
3257 LARGE_INTEGER LastWriteTime;
3258 LARGE_INTEGER ChangeTime;
3259 LARGE_INTEGER EndOfFile;
3260 LARGE_INTEGER AllocationSize;
3261 ULONG FileAttributes;
3262 ULONG FileNameLength;
3263 FILE_STORAGE_TYPE StorageType;
3264 GUID OleClassId;
3265 ULONG OleStateBits;
3266 BOOLEAN ContentIndexDisable;
3267 BOOLEAN InheritContentIndexDisable;
3268 WCHAR FileName[1];
3269 } FILE_OLE_DIR_INFORMATION, *PFILE_OLE_DIR_INFORMATION;
3270
3271 typedef struct _FILE_OLE_INFORMATION {
3272 LARGE_INTEGER SecurityChangeTime;
3273 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation;
3274 FILE_OBJECTID_INFORMATION ObjectIdInformation;
3275 FILE_STORAGE_TYPE StorageType;
3276 ULONG OleStateBits;
3277 BOOLEAN ContentIndexDisable;
3278 BOOLEAN InheritContentIndexDisable;
3279 } FILE_OLE_INFORMATION, *PFILE_OLE_INFORMATION;
3280
3281 typedef struct _FILE_OLE_STATE_BITS_INFORMATION {
3282 ULONG StateBits;
3283 ULONG StateBitsMask;
3284 } FILE_OLE_STATE_BITS_INFORMATION, *PFILE_OLE_STATE_BITS_INFORMATION;
3285
3286 typedef struct _FILE_PIPE_ASSIGN_EVENT_BUFFER {
3287 HANDLE EventHandle;
3288 ULONG KeyValue;
3289 } FILE_PIPE_ASSIGN_EVENT_BUFFER, *PFILE_PIPE_ASSIGN_EVENT_BUFFER;
3290
3291 typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER {
3292 PVOID ClientSession;
3293 PVOID ClientProcess;
3294 } FILE_PIPE_CLIENT_PROCESS_BUFFER, *PFILE_PIPE_CLIENT_PROCESS_BUFFER;
3295
3296 typedef struct _FILE_PIPE_EVENT_BUFFER {
3297 ULONG NamedPipeState;
3298 ULONG EntryType;
3299 ULONG ByteCount;
3300 ULONG KeyValue;
3301 ULONG NumberRequests;
3302 } FILE_PIPE_EVENT_BUFFER, *PFILE_PIPE_EVENT_BUFFER;
3303
3304 typedef struct _FILE_PIPE_PEEK_BUFFER
3305 {
3306 ULONG NamedPipeState;
3307 ULONG ReadDataAvailable;
3308 ULONG NumberOfMessages;
3309 ULONG MessageLength;
3310 CHAR Data[1];
3311 } FILE_PIPE_PEEK_BUFFER, *PFILE_PIPE_PEEK_BUFFER;
3312
3313 typedef struct _FILE_PIPE_INFORMATION {
3314 ULONG ReadMode;
3315 ULONG CompletionMode;
3316 } FILE_PIPE_INFORMATION, *PFILE_PIPE_INFORMATION;
3317
3318 typedef struct _FILE_PIPE_LOCAL_INFORMATION {
3319 ULONG NamedPipeType;
3320 ULONG NamedPipeConfiguration;
3321 ULONG MaximumInstances;
3322 ULONG CurrentInstances;
3323 ULONG InboundQuota;
3324 ULONG ReadDataAvailable;
3325 ULONG OutboundQuota;
3326 ULONG WriteQuotaAvailable;
3327 ULONG NamedPipeState;
3328 ULONG NamedPipeEnd;
3329 } FILE_PIPE_LOCAL_INFORMATION, *PFILE_PIPE_LOCAL_INFORMATION;
3330
3331 typedef struct _FILE_PIPE_REMOTE_INFORMATION {
3332 LARGE_INTEGER CollectDataTime;
3333 ULONG MaximumCollectionCount;
3334 } FILE_PIPE_REMOTE_INFORMATION, *PFILE_PIPE_REMOTE_INFORMATION;
3335
3336 typedef struct _FILE_PIPE_WAIT_FOR_BUFFER {
3337 LARGE_INTEGER Timeout;
3338 ULONG NameLength;
3339 BOOLEAN TimeoutSpecified;
3340 WCHAR Name[1];
3341 } FILE_PIPE_WAIT_FOR_BUFFER, *PFILE_PIPE_WAIT_FOR_BUFFER;
3342
3343 typedef struct _FILE_RENAME_INFORMATION {
3344 BOOLEAN ReplaceIfExists;
3345 HANDLE RootDirectory;
3346 ULONG FileNameLength;
3347 WCHAR FileName[1];
3348 } FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION;
3349
3350 typedef struct _FILE_STREAM_INFORMATION {
3351 ULONG NextEntryOffset;
3352 ULONG StreamNameLength;
3353 LARGE_INTEGER StreamSize;
3354 LARGE_INTEGER StreamAllocationSize;
3355 WCHAR StreamName[1];
3356 } FILE_STREAM_INFORMATION, *PFILE_STREAM_INFORMATION;
3357
3358 typedef struct _FILE_TRACKING_INFORMATION {
3359 HANDLE DestinationFile;
3360 ULONG ObjectInformationLength;
3361 CHAR ObjectInformation[1];
3362 } FILE_TRACKING_INFORMATION, *PFILE_TRACKING_INFORMATION;
3363
3364 #if (VER_PRODUCTBUILD >= 2195)
3365 typedef struct _FILE_ZERO_DATA_INFORMATION {
3366 LARGE_INTEGER FileOffset;
3367 LARGE_INTEGER BeyondFinalZero;
3368 } FILE_ZERO_DATA_INFORMATION, *PFILE_ZERO_DATA_INFORMATION;
3369
3370 typedef struct FILE_ALLOCATED_RANGE_BUFFER {
3371 LARGE_INTEGER FileOffset;
3372 LARGE_INTEGER Length;
3373 } FILE_ALLOCATED_RANGE_BUFFER, *PFILE_ALLOCATED_RANGE_BUFFER;
3374 #endif /* (VER_PRODUCTBUILD >= 2195) */
3375
3376 #define FSRTL_FCB_HEADER_V0 (0x00)
3377 #define FSRTL_FCB_HEADER_V1 (0x01)
3378
3379
3380 typedef struct _FSRTL_COMMON_FCB_HEADER {
3381 CSHORT NodeTypeCode;
3382 CSHORT NodeByteSize;
3383 UCHAR Flags;
3384 UCHAR IsFastIoPossible;
3385 #if (VER_PRODUCTBUILD >= 1381)
3386 UCHAR Flags2;
3387 UCHAR Reserved;
3388 #endif /* (VER_PRODUCTBUILD >= 1381) */
3389 PERESOURCE Resource;
3390 PERESOURCE PagingIoResource;
3391 LARGE_INTEGER AllocationSize;
3392 LARGE_INTEGER FileSize;
3393 LARGE_INTEGER ValidDataLength;
3394 } FSRTL_COMMON_FCB_HEADER, *PFSRTL_COMMON_FCB_HEADER;
3395
3396 typedef enum _FSRTL_COMPARISON_RESULT
3397 {
3398 LessThan = -1,
3399 EqualTo = 0,
3400 GreaterThan = 1
3401 } FSRTL_COMPARISON_RESULT;
3402
3403 #if (VER_PRODUCTBUILD >= 2600)
3404
3405 typedef struct _FSRTL_ADVANCED_FCB_HEADER {
3406 CSHORT NodeTypeCode;
3407 CSHORT NodeByteSize;
3408 UCHAR Flags;
3409 UCHAR IsFastIoPossible;
3410 UCHAR Flags2;
3411 UCHAR Reserved: 4;
3412 UCHAR Version: 4;
3413 PERESOURCE Resource;
3414 PERESOURCE PagingIoResource;
3415 LARGE_INTEGER AllocationSize;
3416 LARGE_INTEGER FileSize;
3417 LARGE_INTEGER ValidDataLength;
3418 PFAST_MUTEX FastMutex;
3419 LIST_ENTRY FilterContexts;
3420 EX_PUSH_LOCK PushLock;
3421 PVOID *FileContextSupportPointer;
3422 } FSRTL_ADVANCED_FCB_HEADER, *PFSRTL_ADVANCED_FCB_HEADER;
3423
3424 typedef struct _FSRTL_PER_STREAM_CONTEXT {
3425 LIST_ENTRY Links;
3426 PVOID OwnerId;
3427 PVOID InstanceId;
3428 PFREE_FUNCTION FreeCallback;
3429 } FSRTL_PER_STREAM_CONTEXT, *PFSRTL_PER_STREAM_CONTEXT;
3430
3431 typedef struct _FSRTL_PER_FILEOBJECT_CONTEXT
3432 {
3433 LIST_ENTRY Links;
3434 PVOID OwnerId;
3435 PVOID InstanceId;
3436 } FSRTL_PER_FILEOBJECT_CONTEXT, *PFSRTL_PER_FILEOBJECT_CONTEXT;
3437
3438 #endif /* (VER_PRODUCTBUILD >= 2600) */
3439
3440 typedef struct _BASE_MCB
3441 {
3442 ULONG MaximumPairCount;
3443 ULONG PairCount;
3444 USHORT PoolType;
3445 USHORT Flags;
3446 PVOID Mapping;
3447 } BASE_MCB, *PBASE_MCB;
3448
3449 typedef struct _LARGE_MCB
3450 {
3451 PKGUARDED_MUTEX GuardedMutex;
3452 BASE_MCB BaseMcb;
3453 } LARGE_MCB, *PLARGE_MCB;
3454
3455 typedef struct _MCB
3456 {
3457 LARGE_MCB DummyFieldThatSizesThisStructureCorrectly;
3458 } MCB, *PMCB;
3459
3460 typedef struct _MAPPING_PAIR {
3461 ULONGLONG Vcn;
3462 ULONGLONG Lcn;
3463 } MAPPING_PAIR, *PMAPPING_PAIR;
3464
3465 typedef struct _GET_RETRIEVAL_DESCRIPTOR {
3466 ULONG NumberOfPairs;
3467 ULONGLONG StartVcn;
3468 MAPPING_PAIR Pair[1];
3469 } GET_RETRIEVAL_DESCRIPTOR, *PGET_RETRIEVAL_DESCRIPTOR;
3470
3471 typedef struct _KQUEUE {
3472 DISPATCHER_HEADER Header;
3473 LIST_ENTRY EntryListHead;
3474 ULONG CurrentCount;
3475 ULONG MaximumCount;
3476 LIST_ENTRY ThreadListHead;
3477 } KQUEUE, *PKQUEUE, *RESTRICTED_POINTER PRKQUEUE;
3478
3479 #define ASSERT_QUEUE(Q) ASSERT(((Q)->Header.Type & KOBJECT_TYPE_MASK) == QueueObject);
3480
3481 typedef struct _MBCB {
3482 CSHORT NodeTypeCode;
3483 CSHORT NodeIsInZone;
3484 ULONG PagesToWrite;
3485 ULONG DirtyPages;
3486 ULONG Reserved;
3487 LIST_ENTRY BitmapRanges;
3488 LONGLONG ResumeWritePage;
3489 BITMAP_RANGE BitmapRange1;
3490 BITMAP_RANGE BitmapRange2;
3491 BITMAP_RANGE BitmapRange3;
3492 } MBCB, *PMBCB;
3493
3494 typedef enum _MMFLUSH_TYPE {
3495 MmFlushForDelete,
3496 MmFlushForWrite
3497 } MMFLUSH_TYPE;
3498
3499 typedef struct _MOVEFILE_DESCRIPTOR {
3500 HANDLE FileHandle;
3501 ULONG Reserved;
3502 LARGE_INTEGER StartVcn;
3503 LARGE_INTEGER TargetLcn;
3504 ULONG NumVcns;
3505 ULONG Reserved1;
3506 } MOVEFILE_DESCRIPTOR, *PMOVEFILE_DESCRIPTOR;
3507
3508 typedef struct _OBJECT_BASIC_INFO {
3509 ULONG Attributes;
3510 ACCESS_MASK GrantedAccess;
3511 ULONG HandleCount;
3512 ULONG ReferenceCount;
3513 ULONG PagedPoolUsage;
3514 ULONG NonPagedPoolUsage;
3515 ULONG Reserved[3];
3516 ULONG NameInformationLength;
3517 ULONG TypeInformationLength;
3518 ULONG SecurityDescriptorLength;
3519 LARGE_INTEGER CreateTime;
3520 } OBJECT_BASIC_INFO, *POBJECT_BASIC_INFO;
3521
3522 typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFO {
3523 BOOLEAN Inherit;
3524 BOOLEAN ProtectFromClose;
3525 } OBJECT_HANDLE_ATTRIBUTE_INFO, *POBJECT_HANDLE_ATTRIBUTE_INFO;
3526
3527 typedef struct _OBJECT_NAME_INFO {
3528 UNICODE_STRING ObjectName;
3529 WCHAR ObjectNameBuffer[1];
3530 } OBJECT_NAME_INFO, *POBJECT_NAME_INFO;
3531
3532 typedef struct _OBJECT_PROTECTION_INFO {
3533 BOOLEAN Inherit;
3534 BOOLEAN ProtectHandle;
3535 } OBJECT_PROTECTION_INFO, *POBJECT_PROTECTION_INFO;
3536
3537 typedef struct _OBJECT_TYPE_INFO {
3538 UNICODE_STRING ObjectTypeName;
3539 UCHAR Unknown[0x58];
3540 WCHAR ObjectTypeNameBuffer[1];
3541 } OBJECT_TYPE_INFO, *POBJECT_TYPE_INFO;
3542
3543 typedef struct _OBJECT_ALL_TYPES_INFO {
3544 ULONG NumberOfObjectTypes;
3545 OBJECT_TYPE_INFO ObjectsTypeInfo[1];
3546 } OBJECT_ALL_TYPES_INFO, *POBJECT_ALL_TYPES_INFO;
3547
3548 typedef struct _PATHNAME_BUFFER {
3549 ULONG PathNameLength;
3550 WCHAR Name[1];
3551 } PATHNAME_BUFFER, *PPATHNAME_BUFFER;
3552
3553 typedef enum _RTL_GENERIC_COMPARE_RESULTS
3554 {
3555 GenericLessThan,
3556 GenericGreaterThan,
3557 GenericEqual
3558 } RTL_GENERIC_COMPARE_RESULTS;
3559
3560 typedef enum _TABLE_SEARCH_RESULT
3561 {
3562 TableEmptyTree,
3563 TableFoundNode,
3564 TableInsertAsLeft,
3565 TableInsertAsRight
3566 } TABLE_SEARCH_RESULT;
3567
3568 typedef NTSTATUS
3569 (NTAPI *PRTL_AVL_MATCH_FUNCTION)(
3570 struct _RTL_AVL_TABLE *Table,
3571 PVOID UserData,
3572 PVOID MatchData
3573 );
3574
3575 typedef RTL_GENERIC_COMPARE_RESULTS
3576 (NTAPI *PRTL_AVL_COMPARE_ROUTINE) (
3577 struct _RTL_AVL_TABLE *Table,
3578 PVOID FirstStruct,
3579 PVOID SecondStruct
3580 );
3581
3582 typedef RTL_GENERIC_COMPARE_RESULTS
3583 (NTAPI *PRTL_GENERIC_COMPARE_ROUTINE) (
3584 struct _RTL_GENERIC_TABLE *Table,
3585 PVOID FirstStruct,
3586 PVOID SecondStruct
3587 );
3588
3589 typedef PVOID
3590 (NTAPI *PRTL_GENERIC_ALLOCATE_ROUTINE) (
3591 struct _RTL_GENERIC_TABLE *Table,
3592 CLONG ByteSize
3593 );
3594
3595 typedef VOID
3596 (NTAPI *PRTL_GENERIC_FREE_ROUTINE) (
3597 struct _RTL_GENERIC_TABLE *Table,
3598 PVOID Buffer
3599 );
3600
3601 typedef PVOID
3602 (NTAPI *PRTL_AVL_ALLOCATE_ROUTINE) (
3603 struct _RTL_AVL_TABLE *Table,
3604 CLONG ByteSize
3605 );
3606
3607 typedef VOID
3608 (NTAPI *PRTL_AVL_FREE_ROUTINE) (
3609 struct _RTL_AVL_TABLE *Table,
3610 PVOID Buffer
3611 );
3612
3613 typedef struct _PUBLIC_BCB {
3614 CSHORT NodeTypeCode;
3615 CSHORT NodeByteSize;
3616 ULONG MappedLength;
3617 LARGE_INTEGER MappedFileOffset;
3618 } PUBLIC_BCB, *PPUBLIC_BCB;
3619
3620 typedef struct _QUERY_PATH_REQUEST {
3621 ULONG PathNameLength;
3622 PIO_SECURITY_CONTEXT SecurityContext;
3623 WCHAR FilePathName[1];
3624 } QUERY_PATH_REQUEST, *PQUERY_PATH_REQUEST;
3625
3626 typedef struct _QUERY_PATH_RESPONSE {
3627 ULONG LengthAccepted;
3628 } QUERY_PATH_RESPONSE, *PQUERY_PATH_RESPONSE;
3629
3630 typedef struct _RETRIEVAL_POINTERS_BUFFER {
3631 ULONG ExtentCount;
3632 LARGE_INTEGER StartingVcn;
3633 struct {
3634 LARGE_INTEGER NextVcn;
3635 LARGE_INTEGER Lcn;
3636 } Extents[1];
3637 } RETRIEVAL_POINTERS_BUFFER, *PRETRIEVAL_POINTERS_BUFFER;
3638
3639 typedef struct _RTL_SPLAY_LINKS {
3640 struct _RTL_SPLAY_LINKS *Parent;
3641 struct _RTL_SPLAY_LINKS *LeftChild;
3642 struct _RTL_SPLAY_LINKS *RightChild;
3643 } RTL_SPLAY_LINKS, *PRTL_SPLAY_LINKS;
3644
3645 typedef struct _RTL_BALANCED_LINKS
3646 {
3647 struct _RTL_BALANCED_LINKS *Parent;
3648 struct _RTL_BALANCED_LINKS *LeftChild;
3649 struct _RTL_BALANCED_LINKS *RightChild;
3650 CHAR Balance;
3651 UCHAR Reserved[3];
3652 } RTL_BALANCED_LINKS, *PRTL_BALANCED_LINKS;
3653
3654 typedef struct _RTL_GENERIC_TABLE
3655 {
3656 PRTL_SPLAY_LINKS TableRoot;
3657 LIST_ENTRY InsertOrderList;
3658 PLIST_ENTRY OrderedPointer;
3659 ULONG WhichOrderedElement;
3660 ULONG NumberGenericTableElements;
3661 PRTL_GENERIC_COMPARE_ROUTINE CompareRoutine;
3662 PRTL_GENERIC_ALLOCATE_ROUTINE AllocateRoutine;
3663 PRTL_GENERIC_FREE_ROUTINE FreeRoutine;
3664 PVOID TableContext;
3665 } RTL_GENERIC_TABLE, *PRTL_GENERIC_TABLE;
3666
3667 #undef PRTL_GENERIC_COMPARE_ROUTINE
3668 #undef PRTL_GENERIC_ALLOCATE_ROUTINE
3669 #undef PRTL_GENERIC_FREE_ROUTINE
3670 #undef RTL_GENERIC_TABLE
3671 #undef PRTL_GENERIC_TABLE
3672
3673 #define PRTL_GENERIC_COMPARE_ROUTINE PRTL_AVL_COMPARE_ROUTINE
3674 #define PRTL_GENERIC_ALLOCATE_ROUTINE PRTL_AVL_ALLOCATE_ROUTINE
3675 #define PRTL_GENERIC_FREE_ROUTINE PRTL_AVL_FREE_ROUTINE
3676 #define RTL_GENERIC_TABLE RTL_AVL_TABLE
3677 #define PRTL_GENERIC_TABLE PRTL_AVL_TABLE
3678
3679 #define RtlInitializeGenericTable RtlInitializeGenericTableAvl
3680 #define RtlInsertElementGenericTable RtlInsertElementGenericTableAvl
3681 #define RtlInsertElementGenericTableFull RtlInsertElementGenericTableFullAvl
3682 #define RtlDeleteElementGenericTable RtlDeleteElementGenericTableAvl
3683 #define RtlLookupElementGenericTable RtlLookupElementGenericTableAvl
3684 #define RtlLookupElementGenericTableFull RtlLookupElementGenericTableFullAvl
3685 #define RtlEnumerateGenericTable RtlEnumerateGenericTableAvl
3686 #define RtlEnumerateGenericTableWithoutSplaying RtlEnumerateGenericTableWithoutSplayingAvl
3687 #define RtlGetElementGenericTable RtlGetElementGenericTableAvl
3688 #define RtlNumberGenericTableElements RtlNumberGenericTableElementsAvl
3689 #define RtlIsGenericTableEmpty RtlIsGenericTableEmptyAvl
3690
3691 typedef struct _RTL_AVL_TABLE
3692 {
3693 RTL_BALANCED_LINKS BalancedRoot;
3694 PVOID OrderedPointer;
3695 ULONG WhichOrderedElement;
3696 ULONG NumberGenericTableElements;
3697 ULONG DepthOfTree;
3698 PRTL_BALANCED_LINKS RestartKey;
3699 ULONG DeleteCount;
3700 PRTL_AVL_COMPARE_ROUTINE CompareRoutine;
3701 PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine;
3702 PRTL_AVL_FREE_ROUTINE FreeRoutine;
3703 PVOID TableContext;
3704 } RTL_AVL_TABLE, *PRTL_AVL_TABLE;
3705
3706 NTSYSAPI
3707 VOID
3708 NTAPI
3709 RtlInitializeGenericTableAvl(
3710 PRTL_AVL_TABLE Table,
3711 PRTL_AVL_COMPARE_ROUTINE CompareRoutine,
3712 PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine,
3713 PRTL_AVL_FREE_ROUTINE FreeRoutine,
3714 PVOID TableContext
3715 );
3716
3717 NTSYSAPI
3718 PVOID
3719 NTAPI
3720 RtlInsertElementGenericTableAvl (
3721 PRTL_AVL_TABLE Table,
3722 PVOID Buffer,
3723 CLONG BufferSize,
3724 PBOOLEAN NewElement OPTIONAL
3725 );
3726
3727 NTSYSAPI
3728 BOOLEAN
3729 NTAPI
3730 RtlDeleteElementGenericTableAvl (
3731 PRTL_AVL_TABLE Table,
3732 PVOID Buffer
3733 );
3734
3735 NTSYSAPI
3736 PVOID
3737 NTAPI
3738 RtlLookupElementGenericTableAvl (
3739 PRTL_AVL_TABLE Table,
3740 PVOID Buffer
3741 );
3742
3743 NTSYSAPI
3744 PVOID
3745 NTAPI
3746 RtlEnumerateGenericTableWithoutSplayingAvl (
3747 PRTL_AVL_TABLE Table,
3748 PVOID *RestartKey
3749 );
3750
3751 #if defined(USE_LPC6432)
3752 #define LPC_CLIENT_ID CLIENT_ID64
3753 #define LPC_SIZE_T ULONGLONG
3754 #define LPC_PVOID ULONGLONG
3755 #define LPC_HANDLE ULONGLONG
3756 #else
3757 #define LPC_CLIENT_ID CLIENT_ID
3758 #define LPC_SIZE_T SIZE_T
3759 #define LPC_PVOID PVOID
3760 #define LPC_HANDLE HANDLE
3761 #endif
3762
3763 typedef struct _PORT_MESSAGE
3764 {
3765 union
3766 {
3767 struct
3768 {
3769 CSHORT DataLength;
3770 CSHORT TotalLength;
3771 } s1;
3772 ULONG Length;
3773 } u1;
3774 union
3775 {
3776 struct
3777 {
3778 CSHORT Type;
3779 CSHORT DataInfoOffset;
3780 } s2;
3781 ULONG ZeroInit;
3782 } u2;
3783 __GNU_EXTENSION union
3784 {
3785 LPC_CLIENT_ID ClientId;
3786 double DoNotUseThisField;
3787 };
3788 ULONG MessageId;
3789 __GNU_EXTENSION union
3790 {
3791 LPC_SIZE_T ClientViewSize;
3792 ULONG CallbackId;
3793 };
3794 } PORT_MESSAGE, *PPORT_MESSAGE;
3795
3796 #define LPC_KERNELMODE_MESSAGE (CSHORT)((USHORT)0x8000)
3797
3798 typedef struct _PORT_VIEW
3799 {
3800 ULONG Length;
3801 LPC_HANDLE SectionHandle;
3802 ULONG SectionOffset;
3803 LPC_SIZE_T ViewSize;
3804 LPC_PVOID ViewBase;
3805 LPC_PVOID ViewRemoteBase;
3806 } PORT_VIEW, *PPORT_VIEW;
3807
3808 typedef struct _REMOTE_PORT_VIEW
3809 {
3810 ULONG Length;
3811 LPC_SIZE_T ViewSize;
3812 LPC_PVOID ViewBase;
3813 } REMOTE_PORT_VIEW, *PREMOTE_PORT_VIEW;
3814
3815 typedef struct _SE_EXPORTS {
3816
3817 LUID SeCreateTokenPrivilege;
3818 LUID SeAssignPrimaryTokenPrivilege;
3819 LUID SeLockMemoryPrivilege;
3820 LUID SeIncreaseQuotaPrivilege;
3821 LUID SeUnsolicitedInputPrivilege;
3822 LUID SeTcbPrivilege;
3823 LUID SeSecurityPrivilege;
3824 LUID SeTakeOwnershipPrivilege;
3825 LUID SeLoadDriverPrivilege;
3826 LUID SeCreatePagefilePrivilege;
3827 LUID SeIncreaseBasePriorityPrivilege;
3828 LUID SeSystemProfilePrivilege;
3829 LUID SeSystemtimePrivilege;
3830 LUID SeProfileSingleProcessPrivilege;
3831 LUID SeCreatePermanentPrivilege;
3832 LUID SeBackupPrivilege;
3833 LUID SeRestorePrivilege;
3834 LUID SeShutdownPrivilege;
3835 LUID SeDebugPrivilege;
3836 LUID SeAuditPrivilege;
3837 LUID SeSystemEnvironmentPrivilege;
3838 LUID SeChangeNotifyPrivilege;
3839 LUID SeRemoteShutdownPrivilege;
3840
3841 PSID SeNullSid;
3842 PSID SeWorldSid;
3843 PSID SeLocalSid;
3844 PSID SeCreatorOwnerSid;
3845 PSID SeCreatorGroupSid;
3846
3847 PSID SeNtAuthoritySid;
3848 PSID SeDialupSid;
3849 PSID SeNetworkSid;
3850 PSID SeBatchSid;
3851 PSID SeInteractiveSid;
3852 PSID SeLocalSystemSid;
3853 PSID SeAliasAdminsSid;
3854 PSID SeAliasUsersSid;
3855 PSID SeAliasGuestsSid;
3856 PSID SeAliasPowerUsersSid;
3857 PSID SeAliasAccountOpsSid;
3858 PSID SeAliasSystemOpsSid;
3859 PSID SeAliasPrintOpsSid;
3860 PSID SeAliasBackupOpsSid;
3861
3862 PSID SeAuthenticatedUsersSid;
3863
3864 PSID SeRestrictedSid;
3865 PSID SeAnonymousLogonSid;
3866
3867 LUID SeUndockPrivilege;
3868 LUID SeSyncAgentPrivilege;
3869 LUID SeEnableDelegationPrivilege;
3870
3871 } SE_EXPORTS, *PSE_EXPORTS;
3872
3873 extern PSE_EXPORTS SeExports;
3874
3875 typedef struct
3876 {
3877 LARGE_INTEGER StartingLcn;
3878 } STARTING_LCN_INPUT_BUFFER, *PSTARTING_LCN_INPUT_BUFFER;
3879
3880 typedef struct _STARTING_VCN_INPUT_BUFFER {
3881 LARGE_INTEGER StartingVcn;
3882 } STARTING_VCN_INPUT_BUFFER, *PSTARTING_VCN_INPUT_BUFFER;
3883
3884 typedef struct _SECURITY_CLIENT_CONTEXT {
3885 SECURITY_QUALITY_OF_SERVICE SecurityQos;
3886 PACCESS_TOKEN ClientToken;
3887 BOOLEAN DirectlyAccessClientToken;
3888 BOOLEAN DirectAccessEffectiveOnly;
3889 BOOLEAN ServerIsRemote;
3890 TOKEN_CONTROL ClientTokenControl;
3891 } SECURITY_CLIENT_CONTEXT, *PSECURITY_CLIENT_CONTEXT;
3892
3893 typedef struct _TUNNEL {
3894 FAST_MUTEX Mutex;
3895 PRTL_SPLAY_LINKS Cache;
3896 LIST_ENTRY TimerQueue;
3897 USHORT NumEntries;
3898 } TUNNEL, *PTUNNEL;
3899
3900 typedef struct _VAD_HEADER {
3901 PVOID StartVPN;
3902 PVOID EndVPN;
3903 struct _VAD_HEADER* ParentLink;
3904 struct _VAD_HEADER* LeftLink;
3905 struct _VAD_HEADER* RightLink;
3906 ULONG Flags; /* LSB = CommitCharge */
3907 PVOID ControlArea;
3908 PVOID FirstProtoPte;
3909 PVOID LastPTE;
3910 ULONG Unknown;
3911 LIST_ENTRY Secured;
3912 } VAD_HEADER, *PVAD_HEADER;
3913
3914 typedef struct
3915 {
3916 LARGE_INTEGER StartingLcn;
3917 LARGE_INTEGER BitmapSize;
3918 UCHAR Buffer[1];
3919 } VOLUME_BITMAP_BUFFER, *PVOLUME_BITMAP_BUFFER;
3920
3921 #if (VER_PRODUCTBUILD >= 2600)
3922
3923 typedef BOOLEAN
3924 (NTAPI *PFILTER_REPORT_CHANGE) (
3925 IN PVOID NotifyContext,
3926 IN PVOID FilterContext
3927 );
3928
3929 typedef enum _FS_FILTER_SECTION_SYNC_TYPE {
3930 SyncTypeOther = 0,
3931 SyncTypeCreateSection
3932 } FS_FILTER_SECTION_SYNC_TYPE, *PFS_FILTER_SECTION_SYNC_TYPE;
3933