projects / reactos.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Move more stuff to wdm.h
[reactos.git] / include / ddk / ntifs.h
1 /*
2 * ntifs.h
3 *
4 * Windows NT Filesystem Driver Developer Kit
5 *
6 * This file is part of the w32api package.
7 *
8 * Contributors:
9 * Created by Bo Brantén <bosse@acc.umu.se>
10 *
11 * THIS SOFTWARE IS NOT COPYRIGHTED
12 *
13 * This source code is offered for use in the public domain. You may
14 * use, modify or distribute it freely.
15 *
16 * This code is distributed in the hope that it will be useful but
17 * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
18 * DISCLAIMED. This includes but is not limited to warranties of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
20 *
21 */
22
23 #ifndef _NTIFS_
24 #define _NTIFS_
25 #define _GNU_NTIFS_
26
27 /* Helper macro to enable gcc's extension. */
28 #ifndef __GNU_EXTENSION
29 #ifdef __GNUC__
30 #define __GNU_EXTENSION __extension__
31 #else
32 #define __GNU_EXTENSION
33 #endif
34 #endif
35
36 #define NTKERNELAPI DECLSPEC_IMPORT
37
38 #include <ntddk.h>
39
40 #define _NTIFS_INCLUDED_
41 #ifdef __cplusplus
42 extern "C" {
43 #endif
44
45 #pragma pack(push,4)
46
47 #ifndef VER_PRODUCTBUILD
48 #define VER_PRODUCTBUILD 10000
49 #endif
50
51 #define EX_PUSH_LOCK ULONG_PTR
52 #define PEX_PUSH_LOCK PULONG_PTR
53
54
55 #ifndef FlagOn
56 #define FlagOn(_F,_SF) ((_F) & (_SF))
57 #endif
58
59 #ifndef BooleanFlagOn
60 #define BooleanFlagOn(F,SF) ((BOOLEAN)(((F) & (SF)) != 0))
61 #endif
62
63 #ifndef SetFlag
64 #define SetFlag(_F,_SF) ((_F) |= (_SF))
65 #endif
66
67 #ifndef ClearFlag
68 #define ClearFlag(_F,_SF) ((_F) &= ~(_SF))
69 #endif
70
71 #include "csq.h"
72
73 #ifdef _NTOSKRNL_
74 extern PUCHAR FsRtlLegalAnsiCharacterArray;
75 #else
76 extern DECLSPEC_IMPORT PUCHAR FsRtlLegalAnsiCharacterArray;
77 #endif
78 extern PACL SePublicDefaultDacl;
79 extern PACL SeSystemDefaultDacl;
80
81 extern KSPIN_LOCK IoStatisticsLock;
82 extern ULONG IoReadOperationCount;
83 extern ULONG IoWriteOperationCount;
84 extern ULONG IoOtherOperationCount;
85 extern LARGE_INTEGER IoReadTransferCount;
86 extern LARGE_INTEGER IoWriteTransferCount;
87 extern LARGE_INTEGER IoOtherTransferCount;
88
89 typedef STRING LSA_STRING, *PLSA_STRING;
90 typedef ULONG LSA_OPERATIONAL_MODE, *PLSA_OPERATIONAL_MODE;
91
92 typedef enum _SECURITY_LOGON_TYPE
93 {
94 UndefinedLogonType = 0,
95 Interactive = 2,
96 Network,
97 Batch,
98 Service,
99 Proxy,
100 Unlock,
101 NetworkCleartext,
102 NewCredentials,
103 #if (_WIN32_WINNT >= 0x0501)
104 RemoteInteractive,
105 CachedInteractive,
106 #endif
107 #if (_WIN32_WINNT >= 0x0502)
108 CachedRemoteInteractive,
109 CachedUnlock
110 #endif
111 } SECURITY_LOGON_TYPE, *PSECURITY_LOGON_TYPE;
112
113 #define ANSI_DOS_STAR ('<')
114 #define ANSI_DOS_QM ('>')
115 #define ANSI_DOS_DOT ('"')
116
117 #define DOS_STAR (L'<')
118 #define DOS_QM (L'>')
119 #define DOS_DOT (L'"')
120
121 /* also in winnt.h */
122 #define ACCESS_MIN_MS_ACE_TYPE (0x0)
123 #define ACCESS_ALLOWED_ACE_TYPE (0x0)
124 #define ACCESS_DENIED_ACE_TYPE (0x1)
125 #define SYSTEM_AUDIT_ACE_TYPE (0x2)
126 #define SYSTEM_ALARM_ACE_TYPE (0x3)
127 #define ACCESS_MAX_MS_V2_ACE_TYPE (0x3)
128 #define ACCESS_ALLOWED_COMPOUND_ACE_TYPE (0x4)
129 #define ACCESS_MAX_MS_V3_ACE_TYPE (0x4)
130 #define ACCESS_MIN_MS_OBJECT_ACE_TYPE (0x5)
131 #define ACCESS_ALLOWED_OBJECT_ACE_TYPE (0x5)
132 #define ACCESS_DENIED_OBJECT_ACE_TYPE (0x6)
133 #define SYSTEM_AUDIT_OBJECT_ACE_TYPE (0x7)
134 #define SYSTEM_ALARM_OBJECT_ACE_TYPE (0x8)
135 #define ACCESS_MAX_MS_OBJECT_ACE_TYPE (0x8)
136 #define ACCESS_MAX_MS_V4_ACE_TYPE (0x8)
137 #define ACCESS_MAX_MS_ACE_TYPE (0x8)
138 #define ACCESS_ALLOWED_CALLBACK_ACE_TYPE (0x9)
139 #define ACCESS_DENIED_CALLBACK_ACE_TYPE (0xA)
140 #define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE (0xB)
141 #define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE (0xC)
142 #define SYSTEM_AUDIT_CALLBACK_ACE_TYPE (0xD)
143 #define SYSTEM_ALARM_CALLBACK_ACE_TYPE (0xE)
144 #define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE (0xF)
145 #define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE (0x10)
146 #define ACCESS_MAX_MS_V5_ACE_TYPE (0x10)
147
148 #define COMPRESSION_FORMAT_NONE (0x0000)
149 #define COMPRESSION_FORMAT_DEFAULT (0x0001)
150 #define COMPRESSION_FORMAT_LZNT1 (0x0002)
151 #define COMPRESSION_ENGINE_STANDARD (0x0000)
152 #define COMPRESSION_ENGINE_MAXIMUM (0x0100)
153 #define COMPRESSION_ENGINE_HIBER (0x0200)
154
155 #define FILE_ACTION_ADDED 0x00000001
156 #define FILE_ACTION_REMOVED 0x00000002
157 #define FILE_ACTION_MODIFIED 0x00000003
158 #define FILE_ACTION_RENAMED_OLD_NAME 0x00000004
159 #define FILE_ACTION_RENAMED_NEW_NAME 0x00000005
160 #define FILE_ACTION_ADDED_STREAM 0x00000006
161 #define FILE_ACTION_REMOVED_STREAM 0x00000007
162 #define FILE_ACTION_MODIFIED_STREAM 0x00000008
163 #define FILE_ACTION_REMOVED_BY_DELETE 0x00000009
164 #define FILE_ACTION_ID_NOT_TUNNELLED 0x0000000A
165 #define FILE_ACTION_TUNNELLED_ID_COLLISION 0x0000000B
166 /* end winnt.h */
167
168 #define FILE_EA_TYPE_BINARY 0xfffe
169 #define FILE_EA_TYPE_ASCII 0xfffd
170 #define FILE_EA_TYPE_BITMAP 0xfffb
171 #define FILE_EA_TYPE_METAFILE 0xfffa
172 #define FILE_EA_TYPE_ICON 0xfff9
173 #define FILE_EA_TYPE_EA 0xffee
174 #define FILE_EA_TYPE_MVMT 0xffdf
175 #define FILE_EA_TYPE_MVST 0xffde
176 #define FILE_EA_TYPE_ASN1 0xffdd
177 #define FILE_EA_TYPE_FAMILY_IDS 0xff01
178
179 #define FILE_NEED_EA 0x00000080
180
181 /* also in winnt.h */
182 #define FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001
183 #define FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002
184 #define FILE_NOTIFY_CHANGE_NAME 0x00000003
185 #define FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004
186 #define FILE_NOTIFY_CHANGE_SIZE 0x00000008
187 #define FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010
188 #define FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020
189 #define FILE_NOTIFY_CHANGE_CREATION 0x00000040
190 #define FILE_NOTIFY_CHANGE_EA 0x00000080
191 #define FILE_NOTIFY_CHANGE_SECURITY 0x00000100
192 #define FILE_NOTIFY_CHANGE_STREAM_NAME 0x00000200
193 #define FILE_NOTIFY_CHANGE_STREAM_SIZE 0x00000400
194 #define FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800
195 #define FILE_NOTIFY_VALID_MASK 0x00000fff
196 /* end winnt.h */
197
198 #define FILE_OPLOCK_BROKEN_TO_LEVEL_2 0x00000007
199 #define FILE_OPLOCK_BROKEN_TO_NONE 0x00000008
200
201 #define FILE_OPBATCH_BREAK_UNDERWAY 0x00000009
202
203 #define FILE_CASE_SENSITIVE_SEARCH 0x00000001
204 #define FILE_CASE_PRESERVED_NAMES 0x00000002
205 #define FILE_UNICODE_ON_DISK 0x00000004
206 #define FILE_PERSISTENT_ACLS 0x00000008
207 #define FILE_FILE_COMPRESSION 0x00000010
208 #define FILE_VOLUME_QUOTAS 0x00000020
209 #define FILE_SUPPORTS_SPARSE_FILES 0x00000040
210 #define FILE_SUPPORTS_REPARSE_POINTS 0x00000080
211 #define FILE_SUPPORTS_REMOTE_STORAGE 0x00000100
212 #define FS_LFN_APIS 0x00004000
213 #define FILE_VOLUME_IS_COMPRESSED 0x00008000
214 #define FILE_SUPPORTS_OBJECT_IDS 0x00010000
215 #define FILE_SUPPORTS_ENCRYPTION 0x00020000
216 #define FILE_NAMED_STREAMS 0x00040000
217 #define FILE_READ_ONLY_VOLUME 0x00080000
218 #define FILE_SEQUENTIAL_WRITE_ONCE 0x00100000
219 #define FILE_SUPPORTS_TRANSACTIONS 0x00200000
220
221 #define FILE_PIPE_BYTE_STREAM_TYPE 0x00000000
222 #define FILE_PIPE_MESSAGE_TYPE 0x00000001
223
224 #define FILE_PIPE_BYTE_STREAM_MODE 0x00000000
225 #define FILE_PIPE_MESSAGE_MODE 0x00000001
226
227 #define FILE_PIPE_QUEUE_OPERATION 0x00000000
228 #define FILE_PIPE_COMPLETE_OPERATION 0x00000001
229
230 #define FILE_PIPE_INBOUND 0x00000000
231 #define FILE_PIPE_OUTBOUND 0x00000001
232 #define FILE_PIPE_FULL_DUPLEX 0x00000002
233
234 #define FILE_PIPE_DISCONNECTED_STATE 0x00000001
235 #define FILE_PIPE_LISTENING_STATE 0x00000002
236 #define FILE_PIPE_CONNECTED_STATE 0x00000003
237 #define FILE_PIPE_CLOSING_STATE 0x00000004
238
239 #define FILE_PIPE_CLIENT_END 0x00000000
240 #define FILE_PIPE_SERVER_END 0x00000001
241
242 #define FILE_PIPE_READ_DATA 0x00000000
243 #define FILE_PIPE_WRITE_SPACE 0x00000001
244
245 #define FILE_STORAGE_TYPE_SPECIFIED 0x00000041 /* FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE */
246 #define FILE_STORAGE_TYPE_DEFAULT (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT)
247 #define FILE_STORAGE_TYPE_DIRECTORY (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT)
248 #define FILE_STORAGE_TYPE_FILE (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT)
249 #define FILE_STORAGE_TYPE_DOCFILE (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT)
250 #define FILE_STORAGE_TYPE_JUNCTION_POINT (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT)
251 #define FILE_STORAGE_TYPE_CATALOG (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT)
252 #define FILE_STORAGE_TYPE_STRUCTURED_STORAGE (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT)
253 #define FILE_STORAGE_TYPE_EMBEDDING (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT)
254 #define FILE_STORAGE_TYPE_STREAM (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT)
255 #define FILE_MINIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_DEFAULT
256 #define FILE_MAXIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_STREAM
257 #define FILE_STORAGE_TYPE_MASK 0x000f0000
258 #define FILE_STORAGE_TYPE_SHIFT 16
259
260 #define FILE_VC_QUOTA_NONE 0x00000000
261 #define FILE_VC_QUOTA_TRACK 0x00000001
262 #define FILE_VC_QUOTA_ENFORCE 0x00000002
263 #define FILE_VC_QUOTA_MASK 0x00000003
264
265 #define FILE_VC_QUOTAS_LOG_VIOLATIONS 0x00000004
266 #define FILE_VC_CONTENT_INDEX_DISABLED 0x00000008
267
268 #define FILE_VC_LOG_QUOTA_THRESHOLD 0x00000010
269 #define FILE_VC_LOG_QUOTA_LIMIT 0x00000020
270 #define FILE_VC_LOG_VOLUME_THRESHOLD 0x00000040
271 #define FILE_VC_LOG_VOLUME_LIMIT 0x00000080
272
273 #define FILE_VC_QUOTAS_INCOMPLETE 0x00000100
274 #define FILE_VC_QUOTAS_REBUILDING 0x00000200
275
276 #define FILE_VC_VALID_MASK 0x000003ff
277
278 #define FSRTL_FLAG_FILE_MODIFIED (0x01)
279 #define FSRTL_FLAG_FILE_LENGTH_CHANGED (0x02)
280 #define FSRTL_FLAG_LIMIT_MODIFIED_PAGES (0x04)
281 #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_EX (0x08)
282 #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_SH (0x10)
283 #define FSRTL_FLAG_USER_MAPPED_FILE (0x20)
284 #define FSRTL_FLAG_ADVANCED_HEADER (0x40)
285 #define FSRTL_FLAG_EOF_ADVANCE_ACTIVE (0x80)
286
287 #define FSRTL_FLAG2_DO_MODIFIED_WRITE (0x01)
288 #define FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS (0x02)
289 #define FSRTL_FLAG2_PURGE_WHEN_MAPPED (0x04)
290 #define FSRTL_FLAG2_IS_PAGING_FILE (0x08)
291
292 #define FSRTL_FSP_TOP_LEVEL_IRP (0x01)
293 #define FSRTL_CACHE_TOP_LEVEL_IRP (0x02)
294 #define FSRTL_MOD_WRITE_TOP_LEVEL_IRP (0x03)
295 #define FSRTL_FAST_IO_TOP_LEVEL_IRP (0x04)
296 #define FSRTL_MAX_TOP_LEVEL_IRP_FLAG (0x04)
297
298 #define FSRTL_VOLUME_DISMOUNT 1
299 #define FSRTL_VOLUME_DISMOUNT_FAILED 2
300 #define FSRTL_VOLUME_LOCK 3
301 #define FSRTL_VOLUME_LOCK_FAILED 4
302 #define FSRTL_VOLUME_UNLOCK 5
303 #define FSRTL_VOLUME_MOUNT 6
304
305 #define FSRTL_WILD_CHARACTER 0x08
306
307 #define FSRTL_FAT_LEGAL 0x01
308 #define FSRTL_HPFS_LEGAL 0x02
309 #define FSRTL_NTFS_LEGAL 0x04
310 #define FSRTL_WILD_CHARACTER 0x08
311 #define FSRTL_OLE_LEGAL 0x10
312 #define FSRTL_NTFS_STREAM_LEGAL 0x14
313
314 #ifdef _X86_
315 #define HARDWARE_PTE HARDWARE_PTE_X86
316 #define PHARDWARE_PTE PHARDWARE_PTE_X86
317 #endif
318
319 #define IO_CHECK_CREATE_PARAMETERS 0x0200
320 #define IO_ATTACH_DEVICE 0x0400
321
322 #define IO_ATTACH_DEVICE_API 0x80000000
323
324 #define IO_FILE_OBJECT_NON_PAGED_POOL_CHARGE 64
325 #define IO_FILE_OBJECT_PAGED_POOL_CHARGE 1024
326
327 #define IO_TYPE_APC 18
328 #define IO_TYPE_DPC 19
329 #define IO_TYPE_DEVICE_QUEUE 20
330 #define IO_TYPE_EVENT_PAIR 21
331 #define IO_TYPE_INTERRUPT 22
332 #define IO_TYPE_PROFILE 23
333
334 #define IRP_BEING_VERIFIED 0x10
335
336 #define MAILSLOT_CLASS_FIRSTCLASS 1
337 #define MAILSLOT_CLASS_SECONDCLASS 2
338
339 #define MAILSLOT_SIZE_AUTO 0
340
341 #define MEM_DOS_LIM 0x40000000
342
343 #define MCB_FLAG_RAISE_ON_ALLOCATION_FAILURE 1
344
345 #define OB_TYPE_TYPE 1
346 #define OB_TYPE_DIRECTORY 2
347 #define OB_TYPE_SYMBOLIC_LINK 3
348 #define OB_TYPE_TOKEN 4
349 #define OB_TYPE_PROCESS 5
350 #define OB_TYPE_THREAD 6
351 #define OB_TYPE_EVENT 7
352 #define OB_TYPE_EVENT_PAIR 8
353 #define OB_TYPE_MUTANT 9
354 #define OB_TYPE_SEMAPHORE 10
355 #define OB_TYPE_TIMER 11
356 #define OB_TYPE_PROFILE 12
357 #define OB_TYPE_WINDOW_STATION 13
358 #define OB_TYPE_DESKTOP 14
359 #define OB_TYPE_SECTION 15
360 #define OB_TYPE_KEY 16
361 #define OB_TYPE_PORT 17
362 #define OB_TYPE_ADAPTER 18
363 #define OB_TYPE_CONTROLLER 19
364 #define OB_TYPE_DEVICE 20
365 #define OB_TYPE_DRIVER 21
366 #define OB_TYPE_IO_COMPLETION 22
367 #define OB_TYPE_FILE 23
368
369 #define PIN_WAIT (1)
370 #define PIN_EXCLUSIVE (2)
371 #define PIN_NO_READ (4)
372 #define PIN_IF_BCB (8)
373
374 #define RTL_DUPLICATE_UNICODE_STRING_NULL_TERMINATE 1
375 #define RTL_DUPLICATE_UNICODE_STRING_ALLOCATE_NULL_STRING 2
376
377 #define SEC_BASED 0x00200000
378
379 #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
380 #define SECURITY_WORLD_RID (0x00000000L)
381
382 #define SID_REVISION 1
383 #define SID_MAX_SUB_AUTHORITIES 15
384 #define SID_RECOMMENDED_SUB_AUTHORITIES 1
385
386 #define TOKEN_ASSIGN_PRIMARY (0x0001)
387 #define TOKEN_DUPLICATE (0x0002)
388 #define TOKEN_IMPERSONATE (0x0004)
389 #define TOKEN_QUERY (0x0008)
390 #define TOKEN_QUERY_SOURCE (0x0010)
391 #define TOKEN_ADJUST_PRIVILEGES (0x0020)
392 #define TOKEN_ADJUST_GROUPS (0x0040)
393 #define TOKEN_ADJUST_DEFAULT (0x0080)
394 #define TOKEN_ADJUST_SESSIONID (0x0100)
395
396 #define TOKEN_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED |\
397 TOKEN_ASSIGN_PRIMARY |\
398 TOKEN_DUPLICATE |\
399 TOKEN_IMPERSONATE |\
400 TOKEN_QUERY |\
401 TOKEN_QUERY_SOURCE |\
402 TOKEN_ADJUST_PRIVILEGES |\
403 TOKEN_ADJUST_GROUPS |\
404 TOKEN_ADJUST_DEFAULT |\
405 TOKEN_ADJUST_SESSIONID)
406
407 #define TOKEN_READ (STANDARD_RIGHTS_READ |\
408 TOKEN_QUERY)
409
410 #define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\
411 TOKEN_ADJUST_PRIVILEGES |\
412 TOKEN_ADJUST_GROUPS |\
413 TOKEN_ADJUST_DEFAULT)
414
415 #define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE)
416
417 #define TOKEN_SOURCE_LENGTH 8
418 /* end winnt.h */
419
420 #define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x01
421 #define TOKEN_HAS_BACKUP_PRIVILEGE 0x02
422 #define TOKEN_HAS_RESTORE_PRIVILEGE 0x04
423 #define TOKEN_HAS_ADMIN_GROUP 0x08
424 #define TOKEN_WRITE_RESTRICTED 0x08
425 #define TOKEN_IS_RESTRICTED 0x10
426 #define SE_BACKUP_PRIVILEGES_CHECKED 0x0100
427
428 #define VACB_MAPPING_GRANULARITY (0x40000)
429 #define VACB_OFFSET_SHIFT (18)
430
431 #define SE_OWNER_DEFAULTED 0x0001
432 #define SE_GROUP_DEFAULTED 0x0002
433 #define SE_DACL_PRESENT 0x0004
434 #define SE_DACL_DEFAULTED 0x0008
435 #define SE_SACL_PRESENT 0x0010
436 #define SE_SACL_DEFAULTED 0x0020
437 #define SE_DACL_UNTRUSTED 0x0040
438 #define SE_SERVER_SECURITY 0x0080
439 #define SE_DACL_AUTO_INHERIT_REQ 0x0100
440 #define SE_SACL_AUTO_INHERIT_REQ 0x0200
441 #define SE_DACL_AUTO_INHERITED 0x0400
442 #define SE_SACL_AUTO_INHERITED 0x0800
443 #define SE_DACL_PROTECTED 0x1000
444 #define SE_SACL_PROTECTED 0x2000
445 #define SE_RM_CONTROL_VALID 0x4000
446 #define SE_SELF_RELATIVE 0x8000
447
448 #ifndef _WINNT_H
449 #define _AUDIT_EVENT_TYPE_HACK 0
450 #endif
451 #if (_AUDIT_EVENT_TYPE_HACK == 1)
452
453 #else
454 typedef enum _AUDIT_EVENT_TYPE
455 {
456 AuditEventObjectAccess,
457 AuditEventDirectoryServiceAccess
458 } AUDIT_EVENT_TYPE, *PAUDIT_EVENT_TYPE;
459 #endif
460
461 #define AUDIT_ALLOW_NO_PRIVILEGE 0x1
462
463 #define FSCTL_REQUEST_OPLOCK_LEVEL_1 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
464 #define FSCTL_REQUEST_OPLOCK_LEVEL_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
465 #define FSCTL_REQUEST_BATCH_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
466 #define FSCTL_OPLOCK_BREAK_ACKNOWLEDGE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 3, METHOD_BUFFERED, FILE_ANY_ACCESS)
467 #define FSCTL_OPBATCH_ACK_CLOSE_PENDING CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
468 #define FSCTL_OPLOCK_BREAK_NOTIFY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 5, METHOD_BUFFERED, FILE_ANY_ACCESS)
469 #define FSCTL_LOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
470 #define FSCTL_UNLOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
471 #define FSCTL_DISMOUNT_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
472
473 #define FSCTL_IS_VOLUME_MOUNTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 10, METHOD_BUFFERED, FILE_ANY_ACCESS)
474 #define FSCTL_IS_PATHNAME_VALID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 11, METHOD_BUFFERED, FILE_ANY_ACCESS)
475 #define FSCTL_MARK_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 12, METHOD_BUFFERED, FILE_ANY_ACCESS)
476
477 #define FSCTL_QUERY_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 14, METHOD_NEITHER, FILE_ANY_ACCESS)
478 #define FSCTL_GET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 15, METHOD_BUFFERED, FILE_ANY_ACCESS)
479 #define FSCTL_SET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 16, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
480
481
482 #define FSCTL_MARK_AS_SYSTEM_HIVE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 19, METHOD_NEITHER, FILE_ANY_ACCESS)
483 #define FSCTL_OPLOCK_BREAK_ACK_NO_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 20, METHOD_BUFFERED, FILE_ANY_ACCESS)
484 #define FSCTL_INVALIDATE_VOLUMES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 21, METHOD_BUFFERED, FILE_ANY_ACCESS)
485 #define FSCTL_QUERY_FAT_BPB CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 22, METHOD_BUFFERED, FILE_ANY_ACCESS)
486 #define FSCTL_REQUEST_FILTER_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 23, METHOD_BUFFERED, FILE_ANY_ACCESS)
487 #define FSCTL_FILESYSTEM_GET_STATISTICS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 24, METHOD_BUFFERED, FILE_ANY_ACCESS)
488
489 #if (VER_PRODUCTBUILD >= 1381)
490
491 #define FSCTL_GET_NTFS_VOLUME_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 25, METHOD_BUFFERED, FILE_ANY_ACCESS)
492 #define FSCTL_GET_NTFS_FILE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 26, METHOD_BUFFERED, FILE_ANY_ACCESS)
493 #define FSCTL_GET_VOLUME_BITMAP CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 27, METHOD_NEITHER, FILE_ANY_ACCESS)
494 #define FSCTL_GET_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 28, METHOD_NEITHER, FILE_ANY_ACCESS)
495 #define FSCTL_MOVE_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 29, METHOD_BUFFERED, FILE_ANY_ACCESS)
496 #define FSCTL_IS_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 30, METHOD_BUFFERED, FILE_ANY_ACCESS)
497 #define FSCTL_GET_HFS_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS)
498 #define FSCTL_ALLOW_EXTENDED_DASD_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 32, METHOD_NEITHER, FILE_ANY_ACCESS)
499
500 #endif /* (VER_PRODUCTBUILD >= 1381) */
501
502 #if (VER_PRODUCTBUILD >= 2195)
503
504 #define FSCTL_READ_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS)
505 #define FSCTL_WRITE_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS)
506 #define FSCTL_FIND_FILES_BY_SID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 35, METHOD_NEITHER, FILE_ANY_ACCESS)
507
508 #define FSCTL_DUMP_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS)
509 #define FSCTL_SET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 38, METHOD_BUFFERED, FILE_WRITE_DATA)
510 #define FSCTL_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 39, METHOD_BUFFERED, FILE_ANY_ACCESS)
511 #define FSCTL_DELETE_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 40, METHOD_BUFFERED, FILE_WRITE_DATA)
512 #define FSCTL_SET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 41, METHOD_BUFFERED, FILE_WRITE_DATA)
513 #define FSCTL_GET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 42, METHOD_BUFFERED, FILE_ANY_ACCESS)
514 #define FSCTL_DELETE_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 43, METHOD_BUFFERED, FILE_WRITE_DATA)
515 #define FSCTL_ENUM_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 44, METHOD_NEITHER, FILE_READ_DATA)
516 #define FSCTL_SECURITY_ID_CHECK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 45, METHOD_NEITHER, FILE_READ_DATA)
517 #define FSCTL_READ_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 46, METHOD_NEITHER, FILE_READ_DATA)
518 #define FSCTL_SET_OBJECT_ID_EXTENDED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 47, METHOD_BUFFERED, FILE_WRITE_DATA)
519 #define FSCTL_CREATE_OR_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 48, METHOD_BUFFERED, FILE_ANY_ACCESS)
520 #define FSCTL_SET_SPARSE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 49, METHOD_BUFFERED, FILE_WRITE_DATA)
521 #define FSCTL_SET_ZERO_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 50, METHOD_BUFFERED, FILE_WRITE_DATA)
522 #define FSCTL_QUERY_ALLOCATED_RANGES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 51, METHOD_NEITHER, FILE_READ_DATA)
523 #define FSCTL_ENABLE_UPGRADE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 52, METHOD_BUFFERED, FILE_WRITE_DATA)
524 #define FSCTL_SET_ENCRYPTION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 53, METHOD_BUFFERED, FILE_ANY_ACCESS)
525 #define FSCTL_ENCRYPTION_FSCTL_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 54, METHOD_NEITHER, FILE_ANY_ACCESS)
526 #define FSCTL_WRITE_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 55, METHOD_NEITHER, FILE_ANY_ACCESS)
527 #define FSCTL_READ_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 56, METHOD_NEITHER, FILE_ANY_ACCESS)
528 #define FSCTL_CREATE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 57, METHOD_NEITHER, FILE_READ_DATA)
529 #define FSCTL_READ_FILE_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 58, METHOD_NEITHER, FILE_READ_DATA)
530 #define FSCTL_WRITE_USN_CLOSE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 59, METHOD_NEITHER, FILE_READ_DATA)
531 #define FSCTL_EXTEND_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 60, METHOD_BUFFERED, FILE_ANY_ACCESS)
532 #define FSCTL_QUERY_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 61, METHOD_BUFFERED, FILE_ANY_ACCESS)
533 #define FSCTL_DELETE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 62, METHOD_BUFFERED, FILE_ANY_ACCESS)
534 #define FSCTL_MARK_HANDLE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 63, METHOD_BUFFERED, FILE_ANY_ACCESS)
535 #define FSCTL_SIS_COPYFILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 64, METHOD_BUFFERED, FILE_ANY_ACCESS)
536 #define FSCTL_SIS_LINK_FILES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 65, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
537 #define FSCTL_HSM_MSG CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
538 #define FSCTL_NSS_CONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 67, METHOD_BUFFERED, FILE_WRITE_DATA)
539 #define FSCTL_HSM_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
540 #define FSCTL_RECALL_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 69, METHOD_NEITHER, FILE_ANY_ACCESS)
541 #define FSCTL_NSS_RCONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 70, METHOD_BUFFERED, FILE_READ_DATA)
542 #define FSCTL_READ_FROM_PLEX CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 71, METHOD_OUT_DIRECT, FILE_READ_DATA)
543 #define FSCTL_FILE_PREFETCH CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 72, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
544
545 #endif /* (VER_PRODUCTBUILD >= 2195) */
546
547 #define FSCTL_MAILSLOT_PEEK CTL_CODE(FILE_DEVICE_MAILSLOT, 0, METHOD_NEITHER, FILE_READ_DATA)
548
549 #define FSCTL_NETWORK_SET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
550 #define FSCTL_NETWORK_GET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
551 #define FSCTL_NETWORK_GET_CONNECTION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS)
552 #define FSCTL_NETWORK_ENUMERATE_CONNECTIONS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS)
553 #define FSCTL_NETWORK_DELETE_CONNECTION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS)
554 #define FSCTL_NETWORK_GET_STATISTICS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 116, METHOD_BUFFERED, FILE_ANY_ACCESS)
555 #define FSCTL_NETWORK_SET_DOMAIN_NAME CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS)
556 #define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS)
557
558 #define FSCTL_PIPE_ASSIGN_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
559 #define FSCTL_PIPE_DISCONNECT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
560 #define FSCTL_PIPE_LISTEN CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
561 #define FSCTL_PIPE_PEEK CTL_CODE(FILE_DEVICE_NAMED_PIPE, 3, METHOD_BUFFERED, FILE_READ_DATA)
562 #define FSCTL_PIPE_QUERY_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
563 #define FSCTL_PIPE_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 5, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
564 #define FSCTL_PIPE_WAIT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
565 #define FSCTL_PIPE_IMPERSONATE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
566 #define FSCTL_PIPE_SET_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
567 #define FSCTL_PIPE_QUERY_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 9, METHOD_BUFFERED, FILE_ANY_ACCESS)
568 #define FSCTL_PIPE_INTERNAL_READ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2045, METHOD_BUFFERED, FILE_READ_DATA)
569 #define FSCTL_PIPE_INTERNAL_WRITE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2046, METHOD_BUFFERED, FILE_WRITE_DATA)
570 #define FSCTL_PIPE_INTERNAL_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2047, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
571 #define FSCTL_PIPE_INTERNAL_READ_OVFLOW CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2048, METHOD_BUFFERED, FILE_READ_DATA)
572
573 #define IOCTL_REDIR_QUERY_PATH CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS)
574
575 typedef PVOID OPLOCK, *POPLOCK;
576
577 //
578 // Forwarders
579 //
580 struct _RTL_AVL_TABLE;
581 struct _RTL_GENERIC_TABLE;
582
583 typedef ULONG LBN;
584 typedef LBN *PLBN;
585
586 typedef ULONG VBN;
587 typedef VBN *PVBN;
588
589 typedef PVOID PNOTIFY_SYNC;
590
591 typedef enum _FAST_IO_POSSIBLE {
592 FastIoIsNotPossible,
593 FastIoIsPossible,
594 FastIoIsQuestionable
595 } FAST_IO_POSSIBLE;
596
597 typedef enum _FILE_STORAGE_TYPE {
598 StorageTypeDefault = 1,
599 StorageTypeDirectory,
600 StorageTypeFile,
601 StorageTypeJunctionPoint,
602 StorageTypeCatalog,
603 StorageTypeStructuredStorage,
604 StorageTypeEmbedding,
605 StorageTypeStream
606 } FILE_STORAGE_TYPE;
607
608 typedef enum _OBJECT_INFORMATION_CLASS
609 {
610 ObjectBasicInformation,
611 ObjectNameInformation,
612 ObjectTypeInformation,
613 ObjectTypesInformation,
614 ObjectHandleFlagInformation,
615 ObjectSessionInformation,
616 MaxObjectInfoClass
617 } OBJECT_INFORMATION_CLASS;
618
619 typedef struct _OBJECT_BASIC_INFORMATION
620 {
621 ULONG Attributes;
622 ACCESS_MASK GrantedAccess;
623 ULONG HandleCount;
624 ULONG PointerCount;
625 ULONG PagedPoolCharge;
626 ULONG NonPagedPoolCharge;
627 ULONG Reserved[ 3 ];
628 ULONG NameInfoSize;
629 ULONG TypeInfoSize;
630 ULONG SecurityDescriptorSize;
631 LARGE_INTEGER CreationTime;
632 } OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION;
633
634 typedef struct _KAPC_STATE {
635 LIST_ENTRY ApcListHead[2];
636 PKPROCESS Process;
637 BOOLEAN KernelApcInProgress;
638 BOOLEAN KernelApcPending;
639 BOOLEAN UserApcPending;
640 } KAPC_STATE, *PKAPC_STATE, *RESTRICTED_POINTER PRKAPC_STATE;
641 #define KAPC_STATE_ACTUAL_LENGTH (FIELD_OFFSET(KAPC_STATE, UserApcPending) + sizeof(BOOLEAN))
642
643 typedef struct _BITMAP_RANGE {
644 LIST_ENTRY Links;
645 LONGLONG BasePage;
646 ULONG FirstDirtyPage;
647 ULONG LastDirtyPage;
648 ULONG DirtyPages;
649 PULONG Bitmap;
650 } BITMAP_RANGE, *PBITMAP_RANGE;
651
652 typedef struct _CACHE_UNINITIALIZE_EVENT {
653 struct _CACHE_UNINITIALIZE_EVENT *Next;
654 KEVENT Event;
655 } CACHE_UNINITIALIZE_EVENT, *PCACHE_UNINITIALIZE_EVENT;
656
657 typedef struct _CC_FILE_SIZES {
658 LARGE_INTEGER AllocationSize;
659 LARGE_INTEGER FileSize;
660 LARGE_INTEGER ValidDataLength;
661 } CC_FILE_SIZES, *PCC_FILE_SIZES;
662
663 typedef struct _COMPRESSED_DATA_INFO {
664 USHORT CompressionFormatAndEngine;
665 UCHAR CompressionUnitShift;
666 UCHAR ChunkShift;
667 UCHAR ClusterShift;
668 UCHAR Reserved;
669 USHORT NumberOfChunks;
670 ULONG CompressedChunkSizes[ANYSIZE_ARRAY];
671 } COMPRESSED_DATA_INFO, *PCOMPRESSED_DATA_INFO;
672
673 typedef struct _SID_IDENTIFIER_AUTHORITY {
674 UCHAR Value[6];
675 } SID_IDENTIFIER_AUTHORITY,*PSID_IDENTIFIER_AUTHORITY,*LPSID_IDENTIFIER_AUTHORITY;
676
677 typedef struct _SID {
678 UCHAR Revision;
679 UCHAR SubAuthorityCount;
680 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
681 ULONG SubAuthority[ANYSIZE_ARRAY];
682 } SID, *PISID;
683 typedef struct _SID_AND_ATTRIBUTES {
684 PSID Sid;
685 ULONG Attributes;
686 } SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES;
687 typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
688 typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY;
689
690
691
692 //
693 // Universal well-known SIDs
694 //
695 #define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0}
696 #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
697 #define SECURITY_LOCAL_SID_AUTHORITY {0,0,0,0,0,2}
698 #define SECURITY_CREATOR_SID_AUTHORITY {0,0,0,0,0,3}
699 #define SECURITY_NON_UNIQUE_AUTHORITY {0,0,0,0,0,4}
700 #define SECURITY_RESOURCE_MANAGER_AUTHORITY {0,0,0,0,0,9}
701
702 #define SECURITY_NULL_RID (0x00000000L)
703 #define SECURITY_WORLD_RID (0x00000000L)
704 #define SECURITY_LOCAL_RID (0x00000000L)
705
706 #define SECURITY_CREATOR_OWNER_RID (0x00000000L)
707 #define SECURITY_CREATOR_GROUP_RID (0x00000001L)
708
709 #define SECURITY_CREATOR_OWNER_SERVER_RID (0x00000002L)
710 #define SECURITY_CREATOR_GROUP_SERVER_RID (0x00000003L)
711
712 #define SECURITY_CREATOR_OWNER_RIGHTS_RID (0x00000004L)
713
714
715
716 //
717 // NT well-known SIDs
718 //
719 #define SECURITY_NT_AUTHORITY {0,0,0,0,0,5}
720
721 #define SECURITY_DIALUP_RID (0x00000001L)
722 #define SECURITY_NETWORK_RID (0x00000002L)
723 #define SECURITY_BATCH_RID (0x00000003L)
724 #define SECURITY_INTERACTIVE_RID (0x00000004L)
725 #define SECURITY_LOGON_IDS_RID (0x00000005L)
726 #define SECURITY_LOGON_IDS_RID_COUNT (3L)
727 #define SECURITY_SERVICE_RID (0x00000006L)
728 #define SECURITY_ANONYMOUS_LOGON_RID (0x00000007L)
729 #define SECURITY_PROXY_RID (0x00000008L)
730 #define SECURITY_ENTERPRISE_CONTROLLERS_RID (0x00000009L)
731 #define SECURITY_SERVER_LOGON_RID SECURITY_ENTERPRISE_CONTROLLERS_RID
732 #define SECURITY_PRINCIPAL_SELF_RID (0x0000000AL)
733 #define SECURITY_AUTHENTICATED_USER_RID (0x0000000BL)
734 #define SECURITY_RESTRICTED_CODE_RID (0x0000000CL)
735 #define SECURITY_TERMINAL_SERVER_RID (0x0000000DL)
736 #define SECURITY_REMOTE_LOGON_RID (0x0000000EL)
737 #define SECURITY_THIS_ORGANIZATION_RID (0x0000000FL)
738 #define SECURITY_IUSER_RID (0x00000011L)
739 #define SECURITY_LOCAL_SYSTEM_RID (0x00000012L)
740 #define SECURITY_LOCAL_SERVICE_RID (0x00000013L)
741 #define SECURITY_NETWORK_SERVICE_RID (0x00000014L)
742
743 #define SECURITY_NT_NON_UNIQUE (0x00000015L)
744 #define SECURITY_NT_NON_UNIQUE_SUB_AUTH_COUNT (3L)
745
746 #define SECURITY_ENTERPRISE_READONLY_CONTROLLERS_RID (0x00000016L)
747
748 #define SECURITY_BUILTIN_DOMAIN_RID (0x00000020L)
749 #define SECURITY_WRITE_RESTRICTED_CODE_RID (0x00000021L)
750
751
752 #define SECURITY_PACKAGE_BASE_RID (0x00000040L)
753 #define SECURITY_PACKAGE_RID_COUNT (2L)
754 #define SECURITY_PACKAGE_NTLM_RID (0x0000000AL)
755 #define SECURITY_PACKAGE_SCHANNEL_RID (0x0000000EL)
756 #define SECURITY_PACKAGE_DIGEST_RID (0x00000015L)
757
758 #define SECURITY_MIN_BASE_RID (0x00000050L)
759
760 #define SECURITY_SERVICE_ID_BASE_RID (0x00000050L)
761 #define SECURITY_SERVICE_ID_RID_COUNT (6L)
762
763 #define SECURITY_RESERVED_ID_BASE_RID (0x00000051L)
764
765 #define SECURITY_APPPOOL_ID_BASE_RID (0x00000052L)
766 #define SECURITY_APPPOOL_ID_RID_COUNT (6L)
767
768 #define SECURITY_VIRTUALSERVER_ID_BASE_RID (0x00000053L)
769 #define SECURITY_VIRTUALSERVER_ID_RID_COUNT (6L)
770
771 #define SECURITY_MAX_BASE_RID (0x0000006FL)
772
773 #define SECURITY_MAX_ALWAYS_FILTERED (0x000003E7L)
774 #define SECURITY_MIN_NEVER_FILTERED (0x000003E8L)
775
776 #define SECURITY_OTHER_ORGANIZATION_RID (0x000003E8L)
777
778
779
780 //
781 // Well-known domain relative sub-authority values (RIDs)
782 //
783 #define DOMAIN_GROUP_RID_ENTERPRISE_READONLY_DOMAIN_CONTROLLERS (0x000001F2L)
784
785 #define FOREST_USER_RID_MAX (0x000001F3L)
786
787 //
788 // Well-known users
789 //
790 #define DOMAIN_USER_RID_ADMIN (0x000001F4L)
791 #define DOMAIN_USER_RID_GUEST (0x000001F5L)
792 #define DOMAIN_USER_RID_KRBTGT (0x000001F6L)
793
794 #define DOMAIN_USER_RID_MAX (0x000003E7L)
795
796 //
797 // Well-known groups
798 //
799 #define DOMAIN_GROUP_RID_ADMINS (0x00000200L)
800 #define DOMAIN_GROUP_RID_USERS (0x00000201L)
801 #define DOMAIN_GROUP_RID_GUESTS (0x00000202L)
802 #define DOMAIN_GROUP_RID_COMPUTERS (0x00000203L)
803 #define DOMAIN_GROUP_RID_CONTROLLERS (0x00000204L)
804 #define DOMAIN_GROUP_RID_CERT_ADMINS (0x00000205L)
805 #define DOMAIN_GROUP_RID_SCHEMA_ADMINS (0x00000206L)
806 #define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS (0x00000207L)
807 #define DOMAIN_GROUP_RID_POLICY_ADMINS (0x00000208L)
808 #define DOMAIN_GROUP_RID_READONLY_CONTROLLERS (0x00000209L)
809
810 //
811 // Well-known aliases
812 //
813 #define DOMAIN_ALIAS_RID_ADMINS (0x00000220L)
814 #define DOMAIN_ALIAS_RID_USERS (0x00000221L)
815 #define DOMAIN_ALIAS_RID_GUESTS (0x00000222L)
816 #define DOMAIN_ALIAS_RID_POWER_USERS (0x00000223L)
817
818 #define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L)
819 #define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x00000225L)
820 #define DOMAIN_ALIAS_RID_PRINT_OPS (0x00000226L)
821 #define DOMAIN_ALIAS_RID_BACKUP_OPS (0x00000227L)
822
823 #define DOMAIN_ALIAS_RID_REPLICATOR (0x00000228L)
824 #define DOMAIN_ALIAS_RID_RAS_SERVERS (0x00000229L)
825 #define DOMAIN_ALIAS_RID_PREW2KCOMPACCESS (0x0000022AL)
826 #define DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS (0x0000022BL)
827 #define DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS (0x0000022CL)
828 #define DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS (0x0000022DL)
829
830 #define DOMAIN_ALIAS_RID_MONITORING_USERS (0x0000022EL)
831 #define DOMAIN_ALIAS_RID_LOGGING_USERS (0x0000022FL)
832 #define DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS (0x00000230L)
833 #define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS (0x00000231L)
834 #define DOMAIN_ALIAS_RID_DCOM_USERS (0x00000232L)
835 #define DOMAIN_ALIAS_RID_IUSERS (0x00000238L)
836 #define DOMAIN_ALIAS_RID_CRYPTO_OPERATORS (0x00000239L)
837 #define DOMAIN_ALIAS_RID_CACHEABLE_PRINCIPALS_GROUP (0x0000023BL)
838 #define DOMAIN_ALIAS_RID_NON_CACHEABLE_PRINCIPALS_GROUP (0x0000023CL)
839 #define DOMAIN_ALIAS_RID_EVENT_LOG_READERS_GROUP (0x0000023DL)
840 #define DOMAIN_ALIAS_RID_CERTSVC_DCOM_ACCESS_GROUP (0x0000023EL)
841
842
843 #define SECURITY_MANDATORY_LABEL_AUTHORITY {0,0,0,0,0,16}
844 #define SECURITY_MANDATORY_UNTRUSTED_RID (0x00000000L)
845 #define SECURITY_MANDATORY_LOW_RID (0x00001000L)
846 #define SECURITY_MANDATORY_MEDIUM_RID (0x00002000L)
847 #define SECURITY_MANDATORY_HIGH_RID (0x00003000L)
848 #define SECURITY_MANDATORY_SYSTEM_RID (0x00004000L)
849 #define SECURITY_MANDATORY_PROTECTED_PROCESS_RID (0x00005000L)
850
851 //
852 // SECURITY_MANDATORY_MAXIMUM_USER_RID is the highest RID that
853 // can be set by a usermode caller.
854 //
855 #define SECURITY_MANDATORY_MAXIMUM_USER_RID SECURITY_MANDATORY_SYSTEM_RID
856
857 #define MANDATORY_LEVEL_TO_MANDATORY_RID(IL) (IL * 0x1000)
858
859 //
860 // Allocate the System Luid. The first 1000 LUIDs are reserved.
861 // Use #999 here (0x3e7 = 999)
862 //
863 #define SYSTEM_LUID { 0x3e7, 0x0 }
864 #define ANONYMOUS_LOGON_LUID { 0x3e6, 0x0 }
865 #define LOCALSERVICE_LUID { 0x3e5, 0x0 }
866 #define NETWORKSERVICE_LUID { 0x3e4, 0x0 }
867 #define IUSER_LUID { 0x3e3, 0x0 }
868
869
870
871 typedef struct _TOKEN_SOURCE {
872 CHAR SourceName[TOKEN_SOURCE_LENGTH];
873 LUID SourceIdentifier;
874 } TOKEN_SOURCE,*PTOKEN_SOURCE;
875 typedef struct _TOKEN_CONTROL {
876 LUID TokenId;
877 LUID AuthenticationId;
878 LUID ModifiedId;
879 TOKEN_SOURCE TokenSource;
880 } TOKEN_CONTROL,*PTOKEN_CONTROL;
881 typedef struct _TOKEN_DEFAULT_DACL {
882 PACL DefaultDacl;
883 } TOKEN_DEFAULT_DACL,*PTOKEN_DEFAULT_DACL;
884 typedef struct _TOKEN_GROUPS {
885 ULONG GroupCount;
886 SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
887 } TOKEN_GROUPS,*PTOKEN_GROUPS,*LPTOKEN_GROUPS;
888 typedef struct _TOKEN_GROUPS_AND_PRIVILEGES {
889 ULONG SidCount;
890 ULONG SidLength;
891 PSID_AND_ATTRIBUTES Sids;
892 ULONG RestrictedSidCount;
893 ULONG RestrictedSidLength;
894 PSID_AND_ATTRIBUTES RestrictedSids;
895 ULONG PrivilegeCount;
896 ULONG PrivilegeLength;
897 PLUID_AND_ATTRIBUTES Privileges;
898 LUID AuthenticationId;
899 } TOKEN_GROUPS_AND_PRIVILEGES, *PTOKEN_GROUPS_AND_PRIVILEGES;
900 typedef struct _TOKEN_ORIGIN {
901 LUID OriginatingLogonSession;
902 } TOKEN_ORIGIN, *PTOKEN_ORIGIN;
903 typedef struct _TOKEN_OWNER {
904 PSID Owner;
905 } TOKEN_OWNER,*PTOKEN_OWNER;
906 typedef struct _TOKEN_PRIMARY_GROUP {
907 PSID PrimaryGroup;
908 } TOKEN_PRIMARY_GROUP,*PTOKEN_PRIMARY_GROUP;
909 typedef struct _TOKEN_PRIVILEGES {
910 ULONG PrivilegeCount;
911 LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
912 } TOKEN_PRIVILEGES,*PTOKEN_PRIVILEGES,*LPTOKEN_PRIVILEGES;
913 typedef enum tagTOKEN_TYPE {
914 TokenPrimary = 1,
915 TokenImpersonation
916 } TOKEN_TYPE,*PTOKEN_TYPE;
917 typedef struct _TOKEN_STATISTICS {
918 LUID TokenId;
919 LUID AuthenticationId;
920 LARGE_INTEGER ExpirationTime;
921 TOKEN_TYPE TokenType;
922 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
923 ULONG DynamicCharged;
924 ULONG DynamicAvailable;
925 ULONG GroupCount;
926 ULONG PrivilegeCount;
927 LUID ModifiedId;
928 } TOKEN_STATISTICS, *PTOKEN_STATISTICS;
929 typedef struct _TOKEN_USER {
930 SID_AND_ATTRIBUTES User;
931 } TOKEN_USER, *PTOKEN_USER;
932 typedef USHORT SECURITY_DESCRIPTOR_CONTROL,*PSECURITY_DESCRIPTOR_CONTROL;
933 typedef struct _SECURITY_DESCRIPTOR {
934 UCHAR Revision;
935 UCHAR Sbz1;
936 SECURITY_DESCRIPTOR_CONTROL Control;
937 PSID Owner;
938 PSID Group;
939 PACL Sacl;
940 PACL Dacl;
941 } SECURITY_DESCRIPTOR, *PISECURITY_DESCRIPTOR;
942
943 #define SECURITY_DESCRIPTOR_MIN_LENGTH (sizeof(SECURITY_DESCRIPTOR))
944
945 typedef struct _OBJECT_TYPE_LIST {
946 USHORT Level;
947 USHORT Sbz;
948 GUID *ObjectType;
949 } OBJECT_TYPE_LIST, *POBJECT_TYPE_LIST;
950
951 typedef struct _SECURITY_DESCRIPTOR_RELATIVE {
952 UCHAR Revision;
953 UCHAR Sbz1;
954 SECURITY_DESCRIPTOR_CONTROL Control;
955 ULONG Owner;
956 ULONG Group;
957 ULONG Sacl;
958 ULONG Dacl;
959 } SECURITY_DESCRIPTOR_RELATIVE, *PISECURITY_DESCRIPTOR_RELATIVE;
960 typedef enum _TOKEN_INFORMATION_CLASS {
961 TokenUser=1,TokenGroups,TokenPrivileges,TokenOwner,
962 TokenPrimaryGroup,TokenDefaultDacl,TokenSource,TokenType,
963 TokenImpersonationLevel,TokenStatistics,TokenRestrictedSids,
964 TokenSessionId,TokenGroupsAndPrivileges,TokenSessionReference,
965 TokenSandBoxInert,TokenAuditPolicy,TokenOrigin,
966 } TOKEN_INFORMATION_CLASS;
967
968 #define SYMLINK_FLAG_RELATIVE 1
969
970 typedef struct _REPARSE_DATA_BUFFER {
971 ULONG ReparseTag;
972 USHORT ReparseDataLength;
973 USHORT Reserved;
974 __GNU_EXTENSION union {
975 struct {
976 USHORT SubstituteNameOffset;
977 USHORT SubstituteNameLength;
978 USHORT PrintNameOffset;
979 USHORT PrintNameLength;
980 ULONG Flags;
981 WCHAR PathBuffer[1];
982 } SymbolicLinkReparseBuffer;
983 struct {
984 USHORT SubstituteNameOffset;
985 USHORT SubstituteNameLength;
986 USHORT PrintNameOffset;
987 USHORT PrintNameLength;
988 WCHAR PathBuffer[1];
989 } MountPointReparseBuffer;
990 struct {
991 UCHAR DataBuffer[1];
992 } GenericReparseBuffer;
993 };
994 } REPARSE_DATA_BUFFER, *PREPARSE_DATA_BUFFER;
995
996
997
998 //
999 // MicroSoft reparse point tags
1000 //
1001 #define IO_REPARSE_TAG_MOUNT_POINT (0xA0000003L)
1002 #define IO_REPARSE_TAG_HSM (0xC0000004L)
1003 #define IO_REPARSE_TAG_DRIVE_EXTENDER (0x80000005L)
1004 #define IO_REPARSE_TAG_HSM2 (0x80000006L)
1005 #define IO_REPARSE_TAG_SIS (0x80000007L)
1006 #define IO_REPARSE_TAG_DFS (0x8000000AL)
1007 #define IO_REPARSE_TAG_FILTER_MANAGER (0x8000000BL)
1008 #define IO_REPARSE_TAG_SYMLINK (0xA000000CL)
1009 #define IO_REPARSE_TAG_IIS_CACHE (0xA0000010L)
1010 #define IO_REPARSE_TAG_DFSR (0x80000012L)
1011
1012 //
1013 // Reserved reparse tags
1014 //
1015 #define IO_REPARSE_TAG_RESERVED_ZERO (0)
1016 #define IO_REPARSE_TAG_RESERVED_ONE (1)
1017 #define IO_REPARSE_TAG_RESERVED_RANGE IO_REPARSE_TAG_RESERVED_ONE
1018
1019
1020 #define REPARSE_DATA_BUFFER_HEADER_SIZE FIELD_OFFSET(REPARSE_DATA_BUFFER, GenericReparseBuffer)
1021
1022 typedef struct _FILE_ACCESS_INFORMATION {
1023 ACCESS_MASK AccessFlags;
1024 } FILE_ACCESS_INFORMATION, *PFILE_ACCESS_INFORMATION;
1025
1026 typedef struct _FILE_ALLOCATION_INFORMATION {
1027 LARGE_INTEGER AllocationSize;
1028 } FILE_ALLOCATION_INFORMATION, *PFILE_ALLOCATION_INFORMATION;
1029
1030 typedef struct _FILE_BOTH_DIR_INFORMATION {
1031 ULONG NextEntryOffset;
1032 ULONG FileIndex;
1033 LARGE_INTEGER CreationTime;
1034 LARGE_INTEGER LastAccessTime;
1035 LARGE_INTEGER LastWriteTime;
1036 LARGE_INTEGER ChangeTime;
1037 LARGE_INTEGER EndOfFile;
1038 LARGE_INTEGER AllocationSize;
1039 ULONG FileAttributes;
1040 ULONG FileNameLength;
1041 ULONG EaSize;
1042 CCHAR ShortNameLength;
1043 WCHAR ShortName[12];
1044 WCHAR FileName[1];
1045 } FILE_BOTH_DIR_INFORMATION, *PFILE_BOTH_DIR_INFORMATION;
1046
1047 typedef struct _FILE_COMPLETION_INFORMATION {
1048 HANDLE Port;
1049 PVOID Key;
1050 } FILE_COMPLETION_INFORMATION, *PFILE_COMPLETION_INFORMATION;
1051
1052 typedef struct _FILE_COMPRESSION_INFORMATION {
1053 LARGE_INTEGER CompressedFileSize;
1054 USHORT CompressionFormat;
1055 UCHAR CompressionUnitShift;
1056 UCHAR ChunkShift;
1057 UCHAR ClusterShift;
1058 UCHAR Reserved[3];
1059 } FILE_COMPRESSION_INFORMATION, *PFILE_COMPRESSION_INFORMATION;
1060
1061 typedef struct _FILE_COPY_ON_WRITE_INFORMATION {
1062 BOOLEAN ReplaceIfExists;
1063 HANDLE RootDirectory;
1064 ULONG FileNameLength;
1065 WCHAR FileName[1];
1066 } FILE_COPY_ON_WRITE_INFORMATION, *PFILE_COPY_ON_WRITE_INFORMATION;
1067
1068 typedef struct _FILE_DIRECTORY_INFORMATION {
1069 ULONG NextEntryOffset;
1070 ULONG FileIndex;
1071 LARGE_INTEGER CreationTime;
1072 LARGE_INTEGER LastAccessTime;
1073 LARGE_INTEGER LastWriteTime;
1074 LARGE_INTEGER ChangeTime;
1075 LARGE_INTEGER EndOfFile;
1076 LARGE_INTEGER AllocationSize;
1077 ULONG FileAttributes;
1078 ULONG FileNameLength;
1079 WCHAR FileName[1];
1080 } FILE_DIRECTORY_INFORMATION, *PFILE_DIRECTORY_INFORMATION;
1081
1082 typedef struct _FILE_FULL_DIRECTORY_INFORMATION {
1083 ULONG NextEntryOffset;
1084 ULONG FileIndex;
1085 LARGE_INTEGER CreationTime;
1086 LARGE_INTEGER LastAccessTime;
1087 LARGE_INTEGER LastWriteTime;
1088 LARGE_INTEGER ChangeTime;
1089 LARGE_INTEGER EndOfFile;
1090 LARGE_INTEGER AllocationSize;
1091 ULONG FileAttributes;
1092 ULONG FileNameLength;
1093 ULONG EaSize;
1094 WCHAR FileName[ANYSIZE_ARRAY];
1095 } FILE_FULL_DIRECTORY_INFORMATION, *PFILE_FULL_DIRECTORY_INFORMATION;
1096
1097 typedef struct _FILE_ID_FULL_DIR_INFORMATION {
1098 ULONG NextEntryOffset;
1099 ULONG FileIndex;
1100 LARGE_INTEGER CreationTime;
1101 LARGE_INTEGER LastAccessTime;
1102 LARGE_INTEGER LastWriteTime;
1103 LARGE_INTEGER ChangeTime;
1104 LARGE_INTEGER EndOfFile;
1105 LARGE_INTEGER AllocationSize;
1106 ULONG FileAttributes;
1107 ULONG FileNameLength;
1108 ULONG EaSize;
1109 LARGE_INTEGER FileId;
1110 WCHAR FileName[1];
1111 } FILE_ID_FULL_DIR_INFORMATION, *PFILE_ID_FULL_DIR_INFORMATION;
1112
1113 typedef struct _FILE_ID_BOTH_DIR_INFORMATION {
1114 ULONG NextEntryOffset;
1115 ULONG FileIndex;
1116 LARGE_INTEGER CreationTime;
1117 LARGE_INTEGER LastAccessTime;
1118 LARGE_INTEGER LastWriteTime;
1119 LARGE_INTEGER ChangeTime;
1120 LARGE_INTEGER EndOfFile;
1121 LARGE_INTEGER AllocationSize;
1122 ULONG FileAttributes;
1123 ULONG FileNameLength;
1124 ULONG EaSize;
1125 CCHAR ShortNameLength;
1126 WCHAR ShortName[12];
1127 LARGE_INTEGER FileId;
1128 WCHAR FileName[1];
1129 } FILE_ID_BOTH_DIR_INFORMATION, *PFILE_ID_BOTH_DIR_INFORMATION;
1130
1131 typedef struct _FILE_EA_INFORMATION {
1132 ULONG EaSize;
1133 } FILE_EA_INFORMATION, *PFILE_EA_INFORMATION;
1134
1135 typedef struct _FILE_FS_ATTRIBUTE_INFORMATION {
1136 ULONG FileSystemAttributes;
1137 ULONG MaximumComponentNameLength;
1138 ULONG FileSystemNameLength;
1139 WCHAR FileSystemName[1];
1140 } FILE_FS_ATTRIBUTE_INFORMATION, *PFILE_FS_ATTRIBUTE_INFORMATION;
1141
1142 typedef struct _FILE_FS_CONTROL_INFORMATION {
1143 LARGE_INTEGER FreeSpaceStartFiltering;
1144 LARGE_INTEGER FreeSpaceThreshold;
1145 LARGE_INTEGER FreeSpaceStopFiltering;
1146 LARGE_INTEGER DefaultQuotaThreshold;
1147 LARGE_INTEGER DefaultQuotaLimit;
1148 ULONG FileSystemControlFlags;
1149 } FILE_FS_CONTROL_INFORMATION, *PFILE_FS_CONTROL_INFORMATION;
1150
1151 typedef struct _FILE_FS_FULL_SIZE_INFORMATION {
1152 LARGE_INTEGER TotalAllocationUnits;
1153 LARGE_INTEGER CallerAvailableAllocationUnits;
1154 LARGE_INTEGER ActualAvailableAllocationUnits;
1155 ULONG SectorsPerAllocationUnit;
1156 ULONG BytesPerSector;
1157 } FILE_FS_FULL_SIZE_INFORMATION, *PFILE_FS_FULL_SIZE_INFORMATION;
1158
1159 typedef struct _FILE_FS_LABEL_INFORMATION {
1160 ULONG VolumeLabelLength;
1161 WCHAR VolumeLabel[1];
1162 } FILE_FS_LABEL_INFORMATION, *PFILE_FS_LABEL_INFORMATION;
1163
1164 #if (VER_PRODUCTBUILD >= 2195)
1165
1166 typedef struct _FILE_FS_OBJECT_ID_INFORMATION {
1167 UCHAR ObjectId[16];
1168 UCHAR ExtendedInfo[48];
1169 } FILE_FS_OBJECT_ID_INFORMATION, *PFILE_FS_OBJECT_ID_INFORMATION;
1170
1171 #endif /* (VER_PRODUCTBUILD >= 2195) */
1172
1173 typedef struct _FILE_FS_SIZE_INFORMATION {
1174 LARGE_INTEGER TotalAllocationUnits;
1175 LARGE_INTEGER AvailableAllocationUnits;
1176 ULONG SectorsPerAllocationUnit;
1177 ULONG BytesPerSector;
1178 } FILE_FS_SIZE_INFORMATION, *PFILE_FS_SIZE_INFORMATION;
1179
1180 typedef struct _FILE_FS_VOLUME_INFORMATION {
1181 LARGE_INTEGER VolumeCreationTime;
1182 ULONG VolumeSerialNumber;
1183 ULONG VolumeLabelLength;
1184 BOOLEAN SupportsObjects;
1185 WCHAR VolumeLabel[1];
1186 } FILE_FS_VOLUME_INFORMATION, *PFILE_FS_VOLUME_INFORMATION;
1187
1188 typedef struct _FILE_FS_OBJECTID_INFORMATION
1189 {
1190 UCHAR ObjectId[16];
1191 UCHAR ExtendedInfo[48];
1192 } FILE_FS_OBJECTID_INFORMATION, *PFILE_FS_OBJECTID_INFORMATION;
1193
1194 typedef struct _FILE_FS_DRIVER_PATH_INFORMATION
1195 {
1196 BOOLEAN DriverInPath;
1197 ULONG DriverNameLength;
1198 WCHAR DriverName[1];
1199 } FILE_FS_DRIVER_PATH_INFORMATION, *PFILE_FS_DRIVER_PATH_INFORMATION;
1200
1201 typedef struct _FILE_FULL_DIR_INFORMATION {
1202 ULONG NextEntryOffset;
1203 ULONG FileIndex;
1204 LARGE_INTEGER CreationTime;
1205 LARGE_INTEGER LastAccessTime;
1206 LARGE_INTEGER LastWriteTime;
1207 LARGE_INTEGER ChangeTime;
1208 LARGE_INTEGER EndOfFile;
1209 LARGE_INTEGER AllocationSize;
1210 ULONG FileAttributes;
1211 ULONG FileNameLength;
1212 ULONG EaSize;
1213 WCHAR FileName[1];
1214 } FILE_FULL_DIR_INFORMATION, *PFILE_FULL_DIR_INFORMATION;
1215
1216 typedef struct _FILE_GET_EA_INFORMATION {
1217 ULONG NextEntryOffset;
1218 UCHAR EaNameLength;
1219 CHAR EaName[1];
1220 } FILE_GET_EA_INFORMATION, *PFILE_GET_EA_INFORMATION;
1221
1222 typedef struct _FILE_GET_QUOTA_INFORMATION {
1223 ULONG NextEntryOffset;
1224 ULONG SidLength;
1225 SID Sid;
1226 } FILE_GET_QUOTA_INFORMATION, *PFILE_GET_QUOTA_INFORMATION;
1227
1228 typedef struct _FILE_QUOTA_INFORMATION
1229 {
1230 ULONG NextEntryOffset;
1231 ULONG SidLength;
1232 LARGE_INTEGER ChangeTime;
1233 LARGE_INTEGER QuotaUsed;
1234 LARGE_INTEGER QuotaThreshold;
1235 LARGE_INTEGER QuotaLimit;
1236 SID Sid;
1237 } FILE_QUOTA_INFORMATION, *PFILE_QUOTA_INFORMATION;
1238
1239 typedef struct _FILE_INTERNAL_INFORMATION {
1240 LARGE_INTEGER IndexNumber;
1241 } FILE_INTERNAL_INFORMATION, *PFILE_INTERNAL_INFORMATION;
1242
1243 typedef struct _FILE_LINK_INFORMATION {
1244 BOOLEAN ReplaceIfExists;
1245 HANDLE RootDirectory;
1246 ULONG FileNameLength;
1247 WCHAR FileName[1];
1248 } FILE_LINK_INFORMATION, *PFILE_LINK_INFORMATION;
1249
1250 typedef struct _FILE_LOCK_INFO
1251 {
1252 LARGE_INTEGER StartingByte;
1253 LARGE_INTEGER Length;
1254 BOOLEAN ExclusiveLock;
1255 ULONG Key;
1256 PFILE_OBJECT FileObject;
1257 PVOID ProcessId;
1258 LARGE_INTEGER EndingByte;
1259 } FILE_LOCK_INFO, *PFILE_LOCK_INFO;
1260
1261 typedef struct _FILE_REPARSE_POINT_INFORMATION
1262 {
1263 LONGLONG FileReference;
1264 ULONG Tag;
1265 } FILE_REPARSE_POINT_INFORMATION, *PFILE_REPARSE_POINT_INFORMATION;
1266
1267 typedef struct _FILE_MOVE_CLUSTER_INFORMATION
1268 {
1269 ULONG ClusterCount;
1270 HANDLE RootDirectory;
1271 ULONG FileNameLength;
1272 WCHAR FileName[1];
1273 } FILE_MOVE_CLUSTER_INFORMATION, *PFILE_MOVE_CLUSTER_INFORMATION;
1274
1275 typedef struct _FILE_NOTIFY_INFORMATION
1276 {
1277 ULONG NextEntryOffset;
1278 ULONG Action;
1279 ULONG FileNameLength;
1280 WCHAR FileName[1];
1281 } FILE_NOTIFY_INFORMATION, *PFILE_NOTIFY_INFORMATION;
1282
1283 /* raw internal file lock struct returned from FsRtlGetNextFileLock */
1284 typedef struct _FILE_SHARED_LOCK_ENTRY {
1285 PVOID Unknown1;
1286 PVOID Unknown2;
1287 FILE_LOCK_INFO FileLock;
1288 } FILE_SHARED_LOCK_ENTRY, *PFILE_SHARED_LOCK_ENTRY;
1289
1290 /* raw internal file lock struct returned from FsRtlGetNextFileLock */
1291 typedef struct _FILE_EXCLUSIVE_LOCK_ENTRY {
1292 LIST_ENTRY ListEntry;
1293 PVOID Unknown1;
1294 PVOID Unknown2;
1295 FILE_LOCK_INFO FileLock;
1296 } FILE_EXCLUSIVE_LOCK_ENTRY, *PFILE_EXCLUSIVE_LOCK_ENTRY;
1297
1298 typedef NTSTATUS (NTAPI *PCOMPLETE_LOCK_IRP_ROUTINE) (
1299 IN PVOID Context,
1300 IN PIRP Irp
1301 );
1302
1303 typedef VOID (NTAPI *PUNLOCK_ROUTINE) (
1304 IN PVOID Context,
1305 IN PFILE_LOCK_INFO FileLockInfo
1306 );
1307
1308 typedef struct _FILE_LOCK {
1309 PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine;
1310 PUNLOCK_ROUTINE UnlockRoutine;
1311 BOOLEAN FastIoIsQuestionable;
1312 BOOLEAN Pad[3];
1313 PVOID LockInformation;
1314 FILE_LOCK_INFO LastReturnedLockInfo;
1315 PVOID LastReturnedLock;
1316 } FILE_LOCK, *PFILE_LOCK;
1317
1318 typedef struct _FILE_MAILSLOT_PEEK_BUFFER {
1319 ULONG ReadDataAvailable;
1320 ULONG NumberOfMessages;
1321 ULONG MessageLength;
1322 } FILE_MAILSLOT_PEEK_BUFFER, *PFILE_MAILSLOT_PEEK_BUFFER;
1323
1324 typedef struct _FILE_MAILSLOT_QUERY_INFORMATION {
1325 ULONG MaximumMessageSize;
1326 ULONG MailslotQuota;
1327 ULONG NextMessageSize;
1328 ULONG MessagesAvailable;
1329 LARGE_INTEGER ReadTimeout;
1330 } FILE_MAILSLOT_QUERY_INFORMATION, *PFILE_MAILSLOT_QUERY_INFORMATION;
1331
1332 typedef struct _FILE_MAILSLOT_SET_INFORMATION {
1333 PLARGE_INTEGER ReadTimeout;
1334 } FILE_MAILSLOT_SET_INFORMATION, *PFILE_MAILSLOT_SET_INFORMATION;
1335
1336 typedef struct _FILE_MODE_INFORMATION {
1337 ULONG Mode;
1338 } FILE_MODE_INFORMATION, *PFILE_MODE_INFORMATION;
1339
1340 typedef struct _FILE_ALL_INFORMATION {
1341 FILE_BASIC_INFORMATION BasicInformation;
1342 FILE_STANDARD_INFORMATION StandardInformation;
1343 FILE_INTERNAL_INFORMATION InternalInformation;
1344 FILE_EA_INFORMATION EaInformation;
1345 FILE_ACCESS_INFORMATION AccessInformation;
1346 FILE_POSITION_INFORMATION PositionInformation;
1347 FILE_MODE_INFORMATION ModeInformation;
1348 FILE_ALIGNMENT_INFORMATION AlignmentInformation;
1349 FILE_NAME_INFORMATION NameInformation;
1350 } FILE_ALL_INFORMATION, *PFILE_ALL_INFORMATION;
1351
1352 typedef struct _FILE_NAMES_INFORMATION {
1353 ULONG NextEntryOffset;
1354 ULONG FileIndex;
1355 ULONG FileNameLength;
1356 WCHAR FileName[1];
1357 } FILE_NAMES_INFORMATION, *PFILE_NAMES_INFORMATION;
1358
1359 typedef struct _FILE_OBJECTID_INFORMATION {
1360 LONGLONG FileReference;
1361 UCHAR ObjectId[16];
1362 _ANONYMOUS_UNION union {
1363 __GNU_EXTENSION struct {
1364 UCHAR BirthVolumeId[16];
1365 UCHAR BirthObjectId[16];
1366 UCHAR DomainId[16];
1367 };
1368 UCHAR ExtendedInfo[48];
1369 } DUMMYUNIONNAME;
1370 } FILE_OBJECTID_INFORMATION, *PFILE_OBJECTID_INFORMATION;
1371
1372 typedef struct _FILE_OLE_CLASSID_INFORMATION {
1373 GUID ClassId;
1374 } FILE_OLE_CLASSID_INFORMATION, *PFILE_OLE_CLASSID_INFORMATION;
1375
1376 typedef struct _FILE_OLE_ALL_INFORMATION {
1377 FILE_BASIC_INFORMATION BasicInformation;
1378 FILE_STANDARD_INFORMATION StandardInformation;
1379 FILE_INTERNAL_INFORMATION InternalInformation;
1380 FILE_EA_INFORMATION EaInformation;
1381 FILE_ACCESS_INFORMATION AccessInformation;
1382 FILE_POSITION_INFORMATION PositionInformation;
1383 FILE_MODE_INFORMATION ModeInformation;
1384 FILE_ALIGNMENT_INFORMATION AlignmentInformation;
1385 USN LastChangeUsn;
1386 USN ReplicationUsn;
1387 LARGE_INTEGER SecurityChangeTime;
1388 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation;
1389 FILE_OBJECTID_INFORMATION ObjectIdInformation;
1390 FILE_STORAGE_TYPE StorageType;
1391 ULONG OleStateBits;
1392 ULONG OleId;
1393 ULONG NumberOfStreamReferences;
1394 ULONG StreamIndex;
1395 ULONG SecurityId;
1396 BOOLEAN ContentIndexDisable;
1397 BOOLEAN InheritContentIndexDisable;
1398 FILE_NAME_INFORMATION NameInformation;
1399 } FILE_OLE_ALL_INFORMATION, *PFILE_OLE_ALL_INFORMATION;
1400
1401 typedef struct _FILE_OLE_DIR_INFORMATION {
1402 ULONG NextEntryOffset;
1403 ULONG FileIndex;
1404 LARGE_INTEGER CreationTime;
1405 LARGE_INTEGER LastAccessTime;
1406 LARGE_INTEGER LastWriteTime;
1407 LARGE_INTEGER ChangeTime;
1408 LARGE_INTEGER EndOfFile;
1409 LARGE_INTEGER AllocationSize;
1410 ULONG FileAttributes;
1411 ULONG FileNameLength;
1412 FILE_STORAGE_TYPE StorageType;
1413 GUID OleClassId;
1414 ULONG OleStateBits;
1415 BOOLEAN ContentIndexDisable;
1416 BOOLEAN InheritContentIndexDisable;
1417 WCHAR FileName[1];
1418 } FILE_OLE_DIR_INFORMATION, *PFILE_OLE_DIR_INFORMATION;
1419
1420 typedef struct _FILE_OLE_INFORMATION {
1421 LARGE_INTEGER SecurityChangeTime;
1422 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation;
1423 FILE_OBJECTID_INFORMATION ObjectIdInformation;
1424 FILE_STORAGE_TYPE StorageType;
1425 ULONG OleStateBits;
1426 BOOLEAN ContentIndexDisable;
1427 BOOLEAN InheritContentIndexDisable;
1428 } FILE_OLE_INFORMATION, *PFILE_OLE_INFORMATION;
1429
1430 typedef struct _FILE_OLE_STATE_BITS_INFORMATION {
1431 ULONG StateBits;
1432 ULONG StateBitsMask;
1433 } FILE_OLE_STATE_BITS_INFORMATION, *PFILE_OLE_STATE_BITS_INFORMATION;
1434
1435 typedef struct _FILE_PIPE_ASSIGN_EVENT_BUFFER {
1436 HANDLE EventHandle;
1437 ULONG KeyValue;
1438 } FILE_PIPE_ASSIGN_EVENT_BUFFER, *PFILE_PIPE_ASSIGN_EVENT_BUFFER;
1439
1440 typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER {
1441 PVOID ClientSession;
1442 PVOID ClientProcess;
1443 } FILE_PIPE_CLIENT_PROCESS_BUFFER, *PFILE_PIPE_CLIENT_PROCESS_BUFFER;
1444
1445 typedef struct _FILE_PIPE_EVENT_BUFFER {
1446 ULONG NamedPipeState;
1447 ULONG EntryType;
1448 ULONG ByteCount;
1449 ULONG KeyValue;
1450 ULONG NumberRequests;
1451 } FILE_PIPE_EVENT_BUFFER, *PFILE_PIPE_EVENT_BUFFER;
1452
1453 typedef struct _FILE_PIPE_PEEK_BUFFER
1454 {
1455 ULONG NamedPipeState;
1456 ULONG ReadDataAvailable;
1457 ULONG NumberOfMessages;
1458 ULONG MessageLength;
1459 CHAR Data[1];
1460 } FILE_PIPE_PEEK_BUFFER, *PFILE_PIPE_PEEK_BUFFER;
1461
1462 typedef struct _FILE_PIPE_INFORMATION {
1463 ULONG ReadMode;
1464 ULONG CompletionMode;
1465 } FILE_PIPE_INFORMATION, *PFILE_PIPE_INFORMATION;
1466
1467 typedef struct _FILE_PIPE_LOCAL_INFORMATION {
1468 ULONG NamedPipeType;
1469 ULONG NamedPipeConfiguration;
1470 ULONG MaximumInstances;
1471 ULONG CurrentInstances;
1472 ULONG InboundQuota;
1473 ULONG ReadDataAvailable;
1474 ULONG OutboundQuota;
1475 ULONG WriteQuotaAvailable;
1476 ULONG NamedPipeState;
1477 ULONG NamedPipeEnd;
1478 } FILE_PIPE_LOCAL_INFORMATION, *PFILE_PIPE_LOCAL_INFORMATION;
1479
1480 typedef struct _FILE_PIPE_REMOTE_INFORMATION {
1481 LARGE_INTEGER CollectDataTime;
1482 ULONG MaximumCollectionCount;
1483 } FILE_PIPE_REMOTE_INFORMATION, *PFILE_PIPE_REMOTE_INFORMATION;
1484
1485 typedef struct _FILE_PIPE_WAIT_FOR_BUFFER {
1486 LARGE_INTEGER Timeout;
1487 ULONG NameLength;
1488 BOOLEAN TimeoutSpecified;
1489 WCHAR Name[1];
1490 } FILE_PIPE_WAIT_FOR_BUFFER, *PFILE_PIPE_WAIT_FOR_BUFFER;
1491
1492 typedef struct _FILE_RENAME_INFORMATION {
1493 BOOLEAN ReplaceIfExists;
1494 HANDLE RootDirectory;
1495 ULONG FileNameLength;
1496 WCHAR FileName[1];
1497 } FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION;
1498
1499 typedef struct _FILE_STREAM_INFORMATION {
1500 ULONG NextEntryOffset;
1501 ULONG StreamNameLength;
1502 LARGE_INTEGER StreamSize;
1503 LARGE_INTEGER StreamAllocationSize;
1504 WCHAR StreamName[1];
1505 } FILE_STREAM_INFORMATION, *PFILE_STREAM_INFORMATION;
1506
1507 typedef struct _FILE_TRACKING_INFORMATION {
1508 HANDLE DestinationFile;
1509 ULONG ObjectInformationLength;
1510 CHAR ObjectInformation[1];
1511 } FILE_TRACKING_INFORMATION, *PFILE_TRACKING_INFORMATION;
1512
1513 #if (VER_PRODUCTBUILD >= 2195)
1514 typedef struct _FILE_ZERO_DATA_INFORMATION {
1515 LARGE_INTEGER FileOffset;
1516 LARGE_INTEGER BeyondFinalZero;
1517 } FILE_ZERO_DATA_INFORMATION, *PFILE_ZERO_DATA_INFORMATION;
1518
1519 typedef struct FILE_ALLOCATED_RANGE_BUFFER {
1520 LARGE_INTEGER FileOffset;
1521 LARGE_INTEGER Length;
1522 } FILE_ALLOCATED_RANGE_BUFFER, *PFILE_ALLOCATED_RANGE_BUFFER;
1523 #endif /* (VER_PRODUCTBUILD >= 2195) */
1524
1525 #define FSRTL_FCB_HEADER_V0 (0x00)
1526 #define FSRTL_FCB_HEADER_V1 (0x01)
1527
1528
1529 typedef struct _FSRTL_COMMON_FCB_HEADER {
1530 CSHORT NodeTypeCode;
1531 CSHORT NodeByteSize;
1532 UCHAR Flags;
1533 UCHAR IsFastIoPossible;
1534 #if (VER_PRODUCTBUILD >= 1381)
1535 UCHAR Flags2;
1536 UCHAR Reserved;
1537 #endif /* (VER_PRODUCTBUILD >= 1381) */
1538 PERESOURCE Resource;
1539 PERESOURCE PagingIoResource;
1540 LARGE_INTEGER AllocationSize;
1541 LARGE_INTEGER FileSize;
1542 LARGE_INTEGER ValidDataLength;
1543 } FSRTL_COMMON_FCB_HEADER, *PFSRTL_COMMON_FCB_HEADER;
1544
1545 typedef enum _FSRTL_COMPARISON_RESULT
1546 {
1547 LessThan = -1,
1548 EqualTo = 0,
1549 GreaterThan = 1
1550 } FSRTL_COMPARISON_RESULT;
1551
1552 #if (VER_PRODUCTBUILD >= 2600)
1553
1554 typedef struct _FSRTL_ADVANCED_FCB_HEADER {
1555 CSHORT NodeTypeCode;
1556 CSHORT NodeByteSize;
1557 UCHAR Flags;
1558 UCHAR IsFastIoPossible;
1559 UCHAR Flags2;
1560 UCHAR Reserved: 4;
1561 UCHAR Version: 4;
1562 PERESOURCE Resource;
1563 PERESOURCE PagingIoResource;
1564 LARGE_INTEGER AllocationSize;
1565 LARGE_INTEGER FileSize;
1566 LARGE_INTEGER ValidDataLength;
1567 PFAST_MUTEX FastMutex;
1568 LIST_ENTRY FilterContexts;
1569 EX_PUSH_LOCK PushLock;
1570 PVOID *FileContextSupportPointer;
1571 } FSRTL_ADVANCED_FCB_HEADER, *PFSRTL_ADVANCED_FCB_HEADER;
1572
1573 typedef struct _FSRTL_PER_STREAM_CONTEXT {
1574 LIST_ENTRY Links;
1575 PVOID OwnerId;
1576 PVOID InstanceId;
1577 PFREE_FUNCTION FreeCallback;
1578 } FSRTL_PER_STREAM_CONTEXT, *PFSRTL_PER_STREAM_CONTEXT;
1579
1580 typedef struct _FSRTL_PER_FILEOBJECT_CONTEXT
1581 {
1582 LIST_ENTRY Links;
1583 PVOID OwnerId;
1584 PVOID InstanceId;
1585 } FSRTL_PER_FILEOBJECT_CONTEXT, *PFSRTL_PER_FILEOBJECT_CONTEXT;
1586
1587 #endif /* (VER_PRODUCTBUILD >= 2600) */
1588
1589 typedef struct _BASE_MCB
1590 {
1591 ULONG MaximumPairCount;
1592 ULONG PairCount;
1593 USHORT PoolType;
1594 USHORT Flags;
1595 PVOID Mapping;
1596 } BASE_MCB, *PBASE_MCB;
1597
1598 typedef struct _LARGE_MCB
1599 {
1600 PKGUARDED_MUTEX GuardedMutex;
1601 BASE_MCB BaseMcb;
1602 } LARGE_MCB, *PLARGE_MCB;
1603
1604 typedef struct _MCB
1605 {
1606 LARGE_MCB DummyFieldThatSizesThisStructureCorrectly;
1607 } MCB, *PMCB;
1608
1609 typedef struct _GENERATE_NAME_CONTEXT {
1610 USHORT Checksum;
1611 BOOLEAN CheckSumInserted;
1612 UCHAR NameLength;
1613 WCHAR NameBuffer[8];
1614 ULONG ExtensionLength;
1615 WCHAR ExtensionBuffer[4];
1616 ULONG LastIndexValue;
1617 } GENERATE_NAME_CONTEXT, *PGENERATE_NAME_CONTEXT;
1618
1619 typedef struct _MAPPING_PAIR {
1620 ULONGLONG Vcn;
1621 ULONGLONG Lcn;
1622 } MAPPING_PAIR, *PMAPPING_PAIR;
1623
1624 typedef struct _GET_RETRIEVAL_DESCRIPTOR {
1625 ULONG NumberOfPairs;
1626 ULONGLONG StartVcn;
1627 MAPPING_PAIR Pair[1];
1628 } GET_RETRIEVAL_DESCRIPTOR, *PGET_RETRIEVAL_DESCRIPTOR;
1629
1630 typedef struct _KQUEUE {
1631 DISPATCHER_HEADER Header;
1632 LIST_ENTRY EntryListHead;
1633 ULONG CurrentCount;
1634 ULONG MaximumCount;
1635 LIST_ENTRY ThreadListHead;
1636 } KQUEUE, *PKQUEUE, *RESTRICTED_POINTER PRKQUEUE;
1637
1638 #define ASSERT_QUEUE(Q) ASSERT(((Q)->Header.Type & KOBJECT_TYPE_MASK) == QueueObject);
1639
1640 typedef struct _MBCB {
1641 CSHORT NodeTypeCode;
1642 CSHORT NodeIsInZone;
1643 ULONG PagesToWrite;
1644 ULONG DirtyPages;
1645 ULONG Reserved;
1646 LIST_ENTRY BitmapRanges;
1647 LONGLONG ResumeWritePage;
1648 BITMAP_RANGE BitmapRange1;
1649 BITMAP_RANGE BitmapRange2;
1650 BITMAP_RANGE BitmapRange3;
1651 } MBCB, *PMBCB;
1652
1653 typedef struct _MOVEFILE_DESCRIPTOR {
1654 HANDLE FileHandle;
1655 ULONG Reserved;
1656 LARGE_INTEGER StartVcn;
1657 LARGE_INTEGER TargetLcn;
1658 ULONG NumVcns;
1659 ULONG Reserved1;
1660 } MOVEFILE_DESCRIPTOR, *PMOVEFILE_DESCRIPTOR;
1661
1662 typedef struct _OBJECT_BASIC_INFO {
1663 ULONG Attributes;
1664 ACCESS_MASK GrantedAccess;
1665 ULONG HandleCount;
1666 ULONG ReferenceCount;
1667 ULONG PagedPoolUsage;
1668 ULONG NonPagedPoolUsage;
1669 ULONG Reserved[3];
1670 ULONG NameInformationLength;
1671 ULONG TypeInformationLength;
1672 ULONG SecurityDescriptorLength;
1673 LARGE_INTEGER CreateTime;
1674 } OBJECT_BASIC_INFO, *POBJECT_BASIC_INFO;
1675
1676 typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFO {
1677 BOOLEAN Inherit;
1678 BOOLEAN ProtectFromClose;
1679 } OBJECT_HANDLE_ATTRIBUTE_INFO, *POBJECT_HANDLE_ATTRIBUTE_INFO;
1680
1681 typedef struct _OBJECT_NAME_INFO {
1682 UNICODE_STRING ObjectName;
1683 WCHAR ObjectNameBuffer[1];
1684 } OBJECT_NAME_INFO, *POBJECT_NAME_INFO;
1685
1686 typedef struct _OBJECT_PROTECTION_INFO {
1687 BOOLEAN Inherit;
1688 BOOLEAN ProtectHandle;
1689 } OBJECT_PROTECTION_INFO, *POBJECT_PROTECTION_INFO;
1690
1691 typedef struct _OBJECT_TYPE_INFO {
1692 UNICODE_STRING ObjectTypeName;
1693 UCHAR Unknown[0x58];
1694 WCHAR ObjectTypeNameBuffer[1];
1695 } OBJECT_TYPE_INFO, *POBJECT_TYPE_INFO;
1696
1697 typedef struct _OBJECT_ALL_TYPES_INFO {
1698 ULONG NumberOfObjectTypes;
1699 OBJECT_TYPE_INFO ObjectsTypeInfo[1];
1700 } OBJECT_ALL_TYPES_INFO, *POBJECT_ALL_TYPES_INFO;
1701
1702
1703 typedef struct _PATHNAME_BUFFER {
1704 ULONG PathNameLength;
1705 WCHAR Name[1];
1706 } PATHNAME_BUFFER, *PPATHNAME_BUFFER;
1707
1708 typedef enum _RTL_GENERIC_COMPARE_RESULTS
1709 {
1710 GenericLessThan,
1711 GenericGreaterThan,
1712 GenericEqual
1713 } RTL_GENERIC_COMPARE_RESULTS;
1714
1715 typedef enum _TABLE_SEARCH_RESULT
1716 {
1717 TableEmptyTree,
1718 TableFoundNode,
1719 TableInsertAsLeft,
1720 TableInsertAsRight
1721 } TABLE_SEARCH_RESULT;
1722
1723 typedef NTSTATUS
1724 (NTAPI *PRTL_AVL_MATCH_FUNCTION)(
1725 struct _RTL_AVL_TABLE *Table,
1726 PVOID UserData,
1727 PVOID MatchData
1728 );
1729
1730 typedef RTL_GENERIC_COMPARE_RESULTS
1731 (NTAPI *PRTL_AVL_COMPARE_ROUTINE) (
1732 struct _RTL_AVL_TABLE *Table,
1733 PVOID FirstStruct,
1734 PVOID SecondStruct
1735 );
1736
1737 typedef RTL_GENERIC_COMPARE_RESULTS
1738 (NTAPI *PRTL_GENERIC_COMPARE_ROUTINE) (
1739 struct _RTL_GENERIC_TABLE *Table,
1740 PVOID FirstStruct,
1741 PVOID SecondStruct
1742 );
1743
1744 typedef PVOID
1745 (NTAPI *PRTL_GENERIC_ALLOCATE_ROUTINE) (
1746 struct _RTL_GENERIC_TABLE *Table,
1747 CLONG ByteSize
1748 );
1749
1750 typedef VOID
1751 (NTAPI *PRTL_GENERIC_FREE_ROUTINE) (
1752 struct _RTL_GENERIC_TABLE *Table,
1753 PVOID Buffer
1754 );
1755
1756 typedef PVOID
1757 (NTAPI *PRTL_AVL_ALLOCATE_ROUTINE) (
1758 struct _RTL_AVL_TABLE *Table,
1759 CLONG ByteSize
1760 );
1761
1762 typedef VOID
1763 (NTAPI *PRTL_AVL_FREE_ROUTINE) (
1764 struct _RTL_AVL_TABLE *Table,
1765 PVOID Buffer
1766 );
1767
1768 typedef struct _PUBLIC_BCB {
1769 CSHORT NodeTypeCode;
1770 CSHORT NodeByteSize;
1771 ULONG MappedLength;
1772 LARGE_INTEGER MappedFileOffset;
1773 } PUBLIC_BCB, *PPUBLIC_BCB;
1774
1775 typedef struct _QUERY_PATH_REQUEST {
1776 ULONG PathNameLength;
1777 PIO_SECURITY_CONTEXT SecurityContext;
1778 WCHAR FilePathName[1];
1779 } QUERY_PATH_REQUEST, *PQUERY_PATH_REQUEST;
1780
1781 typedef struct _QUERY_PATH_RESPONSE {
1782 ULONG LengthAccepted;
1783 } QUERY_PATH_RESPONSE, *PQUERY_PATH_RESPONSE;
1784
1785 typedef struct _RETRIEVAL_POINTERS_BUFFER {
1786 ULONG ExtentCount;
1787 LARGE_INTEGER StartingVcn;
1788 struct {
1789 LARGE_INTEGER NextVcn;
1790 LARGE_INTEGER Lcn;
1791 } Extents[1];
1792 } RETRIEVAL_POINTERS_BUFFER, *PRETRIEVAL_POINTERS_BUFFER;
1793
1794 typedef struct _RTL_SPLAY_LINKS {
1795 struct _RTL_SPLAY_LINKS *Parent;
1796 struct _RTL_SPLAY_LINKS *LeftChild;
1797 struct _RTL_SPLAY_LINKS *RightChild;
1798 } RTL_SPLAY_LINKS, *PRTL_SPLAY_LINKS;
1799
1800 typedef struct _RTL_BALANCED_LINKS
1801 {
1802 struct _RTL_BALANCED_LINKS *Parent;
1803 struct _RTL_BALANCED_LINKS *LeftChild;
1804 struct _RTL_BALANCED_LINKS *RightChild;
1805 CHAR Balance;
1806 UCHAR Reserved[3];
1807 } RTL_BALANCED_LINKS, *PRTL_BALANCED_LINKS;
1808
1809 typedef struct _RTL_GENERIC_TABLE
1810 {
1811 PRTL_SPLAY_LINKS TableRoot;
1812 LIST_ENTRY InsertOrderList;
1813 PLIST_ENTRY OrderedPointer;
1814 ULONG WhichOrderedElement;
1815 ULONG NumberGenericTableElements;
1816 PRTL_GENERIC_COMPARE_ROUTINE CompareRoutine;
1817 PRTL_GENERIC_ALLOCATE_ROUTINE AllocateRoutine;
1818 PRTL_GENERIC_FREE_ROUTINE FreeRoutine;
1819 PVOID TableContext;
1820 } RTL_GENERIC_TABLE, *PRTL_GENERIC_TABLE;
1821
1822 typedef struct _UNICODE_PREFIX_TABLE_ENTRY
1823 {
1824 CSHORT NodeTypeCode;
1825 CSHORT NameLength;
1826 struct _UNICODE_PREFIX_TABLE_ENTRY *NextPrefixTree;
1827 struct _UNICODE_PREFIX_TABLE_ENTRY *CaseMatch;
1828 RTL_SPLAY_LINKS Links;
1829 PUNICODE_STRING Prefix;
1830 } UNICODE_PREFIX_TABLE_ENTRY, *PUNICODE_PREFIX_TABLE_ENTRY;
1831
1832 typedef struct _UNICODE_PREFIX_TABLE
1833 {
1834 CSHORT NodeTypeCode;
1835 CSHORT NameLength;
1836 PUNICODE_PREFIX_TABLE_ENTRY NextPrefixTree;
1837 PUNICODE_PREFIX_TABLE_ENTRY LastNextEntry;
1838 } UNICODE_PREFIX_TABLE, *PUNICODE_PREFIX_TABLE;
1839
1840 NTSYSAPI
1841 VOID
1842 NTAPI
1843 RtlInitializeUnicodePrefix (
1844 IN PUNICODE_PREFIX_TABLE PrefixTable
1845 );
1846
1847 NTSYSAPI
1848 BOOLEAN
1849 NTAPI
1850 RtlInsertUnicodePrefix (
1851 IN PUNICODE_PREFIX_TABLE PrefixTable,
1852 IN PUNICODE_STRING Prefix,
1853 IN PUNICODE_PREFIX_TABLE_ENTRY PrefixTableEntry
1854 );
1855
1856 NTSYSAPI
1857 VOID
1858 NTAPI
1859 RtlRemoveUnicodePrefix (
1860 IN PUNICODE_PREFIX_TABLE PrefixTable,
1861 IN PUNICODE_PREFIX_TABLE_ENTRY PrefixTableEntry
1862 );
1863
1864 NTSYSAPI
1865 PUNICODE_PREFIX_TABLE_ENTRY
1866 NTAPI
1867 RtlFindUnicodePrefix (
1868 IN PUNICODE_PREFIX_TABLE PrefixTable,
1869 IN PUNICODE_STRING FullName,
1870 IN ULONG CaseInsensitiveIndex
1871 );
1872
1873 NTSYSAPI
1874 PUNICODE_PREFIX_TABLE_ENTRY
1875 NTAPI
1876 RtlNextUnicodePrefix (
1877 IN PUNICODE_PREFIX_TABLE PrefixTable,
1878 IN BOOLEAN Restart
1879 );
1880
1881 #undef PRTL_GENERIC_COMPARE_ROUTINE
1882 #undef PRTL_GENERIC_ALLOCATE_ROUTINE
1883 #undef PRTL_GENERIC_FREE_ROUTINE
1884 #undef RTL_GENERIC_TABLE
1885 #undef PRTL_GENERIC_TABLE
1886
1887 #define PRTL_GENERIC_COMPARE_ROUTINE PRTL_AVL_COMPARE_ROUTINE
1888 #define PRTL_GENERIC_ALLOCATE_ROUTINE PRTL_AVL_ALLOCATE_ROUTINE
1889 #define PRTL_GENERIC_FREE_ROUTINE PRTL_AVL_FREE_ROUTINE
1890 #define RTL_GENERIC_TABLE RTL_AVL_TABLE
1891 #define PRTL_GENERIC_TABLE PRTL_AVL_TABLE
1892
1893 #define RtlInitializeGenericTable RtlInitializeGenericTableAvl
1894 #define RtlInsertElementGenericTable RtlInsertElementGenericTableAvl
1895 #define RtlInsertElementGenericTableFull RtlInsertElementGenericTableFullAvl
1896 #define RtlDeleteElementGenericTable RtlDeleteElementGenericTableAvl
1897 #define RtlLookupElementGenericTable RtlLookupElementGenericTableAvl
1898 #define RtlLookupElementGenericTableFull RtlLookupElementGenericTableFullAvl
1899 #define RtlEnumerateGenericTable RtlEnumerateGenericTableAvl
1900 #define RtlEnumerateGenericTableWithoutSplaying RtlEnumerateGenericTableWithoutSplayingAvl
1901 #define RtlGetElementGenericTable RtlGetElementGenericTableAvl
1902 #define RtlNumberGenericTableElements RtlNumberGenericTableElementsAvl
1903 #define RtlIsGenericTableEmpty RtlIsGenericTableEmptyAvl
1904
1905 typedef struct _RTL_AVL_TABLE
1906 {
1907 RTL_BALANCED_LINKS BalancedRoot;
1908 PVOID OrderedPointer;
1909 ULONG WhichOrderedElement;
1910 ULONG NumberGenericTableElements;
1911 ULONG DepthOfTree;
1912 PRTL_BALANCED_LINKS RestartKey;
1913 ULONG DeleteCount;
1914 PRTL_AVL_COMPARE_ROUTINE CompareRoutine;
1915 PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine;
1916 PRTL_AVL_FREE_ROUTINE FreeRoutine;
1917 PVOID TableContext;
1918 } RTL_AVL_TABLE, *PRTL_AVL_TABLE;
1919
1920 NTSYSAPI
1921 VOID
1922 NTAPI
1923 RtlInitializeGenericTableAvl(
1924 PRTL_AVL_TABLE Table,
1925 PRTL_AVL_COMPARE_ROUTINE CompareRoutine,
1926 PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine,
1927 PRTL_AVL_FREE_ROUTINE FreeRoutine,
1928 PVOID TableContext
1929 );
1930
1931 NTSYSAPI
1932 PVOID
1933 NTAPI
1934 RtlInsertElementGenericTableAvl (
1935 PRTL_AVL_TABLE Table,
1936 PVOID Buffer,
1937 CLONG BufferSize,
1938 PBOOLEAN NewElement OPTIONAL
1939 );
1940
1941 NTSYSAPI
1942 BOOLEAN
1943 NTAPI
1944 RtlDeleteElementGenericTableAvl (
1945 PRTL_AVL_TABLE Table,
1946 PVOID Buffer
1947 );
1948
1949 NTSYSAPI
1950 PVOID
1951 NTAPI
1952 RtlLookupElementGenericTableAvl (
1953 PRTL_AVL_TABLE Table,
1954 PVOID Buffer
1955 );
1956
1957 NTSYSAPI
1958 PVOID
1959 NTAPI
1960 RtlEnumerateGenericTableWithoutSplayingAvl (
1961 PRTL_AVL_TABLE Table,
1962 PVOID *RestartKey
1963 );
1964
1965 #if defined(USE_LPC6432)
1966 #define LPC_CLIENT_ID CLIENT_ID64
1967 #define LPC_SIZE_T ULONGLONG
1968 #define LPC_PVOID ULONGLONG
1969 #define LPC_HANDLE ULONGLONG
1970 #else
1971 #define LPC_CLIENT_ID CLIENT_ID
1972 #define LPC_SIZE_T SIZE_T
1973 #define LPC_PVOID PVOID
1974 #define LPC_HANDLE HANDLE
1975 #endif
1976
1977 typedef struct _PORT_MESSAGE
1978 {
1979 union
1980 {
1981 struct
1982 {
1983 CSHORT DataLength;
1984 CSHORT TotalLength;
1985 } s1;
1986 ULONG Length;
1987 } u1;
1988 union
1989 {
1990 struct
1991 {
1992 CSHORT Type;
1993 CSHORT DataInfoOffset;
1994 } s2;
1995 ULONG ZeroInit;
1996 } u2;
1997 __GNU_EXTENSION union
1998 {
1999 LPC_CLIENT_ID ClientId;
2000 double DoNotUseThisField;
2001 };
2002 ULONG MessageId;
2003 __GNU_EXTENSION union
2004 {
2005 LPC_SIZE_T ClientViewSize;
2006 ULONG CallbackId;
2007 };
2008 } PORT_MESSAGE, *PPORT_MESSAGE;
2009
2010 #define LPC_KERNELMODE_MESSAGE (CSHORT)((USHORT)0x8000)
2011
2012 typedef struct _PORT_VIEW
2013 {
2014 ULONG Length;
2015 LPC_HANDLE SectionHandle;
2016 ULONG SectionOffset;
2017 LPC_SIZE_T ViewSize;
2018 LPC_PVOID ViewBase;
2019 LPC_PVOID ViewRemoteBase;
2020 } PORT_VIEW, *PPORT_VIEW;
2021
2022 typedef struct _REMOTE_PORT_VIEW
2023 {
2024 ULONG Length;
2025 LPC_SIZE_T ViewSize;
2026 LPC_PVOID ViewBase;
2027 } REMOTE_PORT_VIEW, *PREMOTE_PORT_VIEW;
2028
2029 typedef struct _SE_EXPORTS {
2030
2031 LUID SeCreateTokenPrivilege;
2032 LUID SeAssignPrimaryTokenPrivilege;
2033 LUID SeLockMemoryPrivilege;
2034 LUID SeIncreaseQuotaPrivilege;
2035 LUID SeUnsolicitedInputPrivilege;
2036 LUID SeTcbPrivilege;
2037 LUID SeSecurityPrivilege;
2038 LUID SeTakeOwnershipPrivilege;
2039 LUID SeLoadDriverPrivilege;
2040 LUID SeCreatePagefilePrivilege;
2041 LUID SeIncreaseBasePriorityPrivilege;
2042 LUID SeSystemProfilePrivilege;
2043 LUID SeSystemtimePrivilege;
2044 LUID SeProfileSingleProcessPrivilege;
2045 LUID SeCreatePermanentPrivilege;
2046 LUID SeBackupPrivilege;
2047 LUID SeRestorePrivilege;
2048 LUID SeShutdownPrivilege;
2049 LUID SeDebugPrivilege;
2050 LUID SeAuditPrivilege;
2051 LUID SeSystemEnvironmentPrivilege;
2052 LUID SeChangeNotifyPrivilege;
2053 LUID SeRemoteShutdownPrivilege;
2054
2055 PSID SeNullSid;
2056 PSID SeWorldSid;
2057 PSID SeLocalSid;
2058 PSID SeCreatorOwnerSid;
2059 PSID SeCreatorGroupSid;
2060
2061 PSID SeNtAuthoritySid;
2062 PSID SeDialupSid;
2063 PSID SeNetworkSid;
2064 PSID SeBatchSid;
2065 PSID SeInteractiveSid;
2066 PSID SeLocalSystemSid;
2067 PSID SeAliasAdminsSid;
2068 PSID SeAliasUsersSid;
2069 PSID SeAliasGuestsSid;
2070 PSID SeAliasPowerUsersSid;
2071 PSID SeAliasAccountOpsSid;
2072 PSID SeAliasSystemOpsSid;
2073 PSID SeAliasPrintOpsSid;
2074 PSID SeAliasBackupOpsSid;
2075
2076 PSID SeAuthenticatedUsersSid;
2077
2078 PSID SeRestrictedSid;
2079 PSID SeAnonymousLogonSid;
2080
2081 LUID SeUndockPrivilege;
2082 LUID SeSyncAgentPrivilege;
2083 LUID SeEnableDelegationPrivilege;
2084
2085 } SE_EXPORTS, *PSE_EXPORTS;
2086
2087 extern PSE_EXPORTS SeExports;
2088
2089 typedef struct
2090 {
2091 LARGE_INTEGER StartingLcn;
2092 } STARTING_LCN_INPUT_BUFFER, *PSTARTING_LCN_INPUT_BUFFER;
2093
2094 typedef struct _STARTING_VCN_INPUT_BUFFER {
2095 LARGE_INTEGER StartingVcn;
2096 } STARTING_VCN_INPUT_BUFFER, *PSTARTING_VCN_INPUT_BUFFER;
2097
2098 typedef struct _SECURITY_CLIENT_CONTEXT {
2099 SECURITY_QUALITY_OF_SERVICE SecurityQos;
2100 PACCESS_TOKEN ClientToken;
2101 BOOLEAN DirectlyAccessClientToken;
2102 BOOLEAN DirectAccessEffectiveOnly;
2103 BOOLEAN ServerIsRemote;
2104 TOKEN_CONTROL ClientTokenControl;
2105 } SECURITY_CLIENT_CONTEXT, *PSECURITY_CLIENT_CONTEXT;
2106
2107 //
2108 // The following are the inherit flags that go into the AceFlags field
2109 // of an Ace header.
2110 //
2111 #define OBJECT_INHERIT_ACE (0x1)
2112 #define CONTAINER_INHERIT_ACE (0x2)
2113 #define NO_PROPAGATE_INHERIT_ACE (0x4)
2114 #define INHERIT_ONLY_ACE (0x8)
2115 #define INHERITED_ACE (0x10)
2116 #define VALID_INHERIT_FLAGS (0x1F)
2117
2118 typedef struct _ACE_HEADER
2119 {
2120 UCHAR AceType;
2121 UCHAR AceFlags;
2122 USHORT AceSize;
2123 } ACE_HEADER, *PACE_HEADER;
2124
2125 typedef struct _ACCESS_ALLOWED_ACE
2126 {
2127 ACE_HEADER Header;
2128 ACCESS_MASK Mask;
2129 ULONG SidStart;
2130 } ACCESS_ALLOWED_ACE, *PACCESS_ALLOWED_ACE;
2131
2132 typedef struct _ACCESS_DENIED_ACE
2133 {
2134 ACE_HEADER Header;
2135 ACCESS_MASK Mask;
2136 ULONG SidStart;
2137 } ACCESS_DENIED_ACE, *PACCESS_DENIED_ACE;
2138
2139 typedef struct _SYSTEM_AUDIT_ACE
2140 {
2141 ACE_HEADER Header;
2142 ACCESS_MASK Mask;
2143 ULONG SidStart;
2144 } SYSTEM_AUDIT_ACE, *PSYSTEM_AUDIT_ACE;
2145
2146 typedef struct _SYSTEM_ALARM_ACE
2147 {
2148 ACE_HEADER Header;
2149 ACCESS_MASK Mask;
2150 ULONG SidStart;
2151 } SYSTEM_ALARM_ACE, *PSYSTEM_ALARM_ACE;
2152
2153 typedef struct _SYSTEM_MANDATORY_LABEL_ACE
2154 {
2155 ACE_HEADER Header;
2156 ACCESS_MASK Mask;
2157 ULONG SidStart;
2158 } SYSTEM_MANDATORY_LABEL_ACE, *PSYSTEM_MANDATORY_LABEL_ACE;
2159
2160 typedef struct _TUNNEL {
2161 FAST_MUTEX Mutex;
2162 PRTL_SPLAY_LINKS Cache;
2163 LIST_ENTRY TimerQueue;
2164 USHORT NumEntries;
2165 } TUNNEL, *PTUNNEL;
2166
2167 typedef struct _VAD_HEADER {
2168 PVOID StartVPN;
2169 PVOID EndVPN;
2170 struct _VAD_HEADER* ParentLink;
2171 struct _VAD_HEADER* LeftLink;
2172 struct _VAD_HEADER* RightLink;
2173 ULONG Flags; /* LSB = CommitCharge */
2174 PVOID ControlArea;
2175 PVOID FirstProtoPte;
2176 PVOID LastPTE;
2177 ULONG Unknown;
2178 LIST_ENTRY Secured;
2179 } VAD_HEADER, *PVAD_HEADER;
2180
2181 typedef struct
2182 {
2183 LARGE_INTEGER StartingLcn;
2184 LARGE_INTEGER BitmapSize;
2185 UCHAR Buffer[1];
2186 } VOLUME_BITMAP_BUFFER, *PVOLUME_BITMAP_BUFFER;
2187
2188 #if (VER_PRODUCTBUILD >= 2600)
2189
2190 typedef BOOLEAN
2191 (NTAPI *PFILTER_REPORT_CHANGE) (
2192 IN PVOID NotifyContext,
2193 IN PVOID FilterContext
2194 );
2195
2196 typedef enum _FS_FILTER_SECTION_SYNC_TYPE {
2197 SyncTypeOther = 0,
2198 SyncTypeCreateSection
2199 } FS_FILTER_SECTION_SYNC_TYPE, *PFS_FILTER_SECTION_SYNC_TYPE;
2200
2201 typedef enum _FS_FILTER_STREAM_FO_NOTIFICATION_TYPE {
2202 NotifyTypeCreate = 0,
2203 NotifyTypeRetired
2204 } FS_FILTER_STREAM_FO_NOTIFICATION_TYPE, *PFS_FILTER_STREAM_FO_NOTIFICATION_TYPE;
2205
2206 typedef union _FS_FILTER_PARAMETERS {
2207 struct {
2208 PLARGE_INTEGER EndingOffset;
2209 PERESOURCE *ResourceToRelease;
2210 } AcquireForModifiedPageWriter;
2211
2212 struct {
2213 PERESOURCE ResourceToRelease;
2214 } ReleaseForModifiedPageWriter;
2215
2216 struct {
2217 FS_FILTER_SECTION_SYNC_TYPE SyncType;
2218 ULONG PageProtection;
2219 } AcquireForSectionSynchronization;
2220
2221 struct {
2222 FS_FILTER_STREAM_FO_NOTIFICATION_TYPE NotificationType;
2223 BOOLEAN POINTER_ALIGNMENT SafeToRecurse;
2224 } NotifyStreamFileObject;
2225
2226 struct {
2227 PVOID Argument1;
2228 PVOID Argument2;
2229 PVOID Argument3;
2230 PVOID Argument4;
2231 PVOID Argument5;
2232 } Others;
2233 } FS_FILTER_PARAMETERS, *PFS_FILTER_PARAMETERS;
2234
2235 typedef struct _FS_FILTER_CALLBACK_DATA {
2236 ULONG SizeOfFsFilterCallbackData;
2237 UCHAR Operation;
2238 UCHAR Reserved;
2239 struct _DEVICE_OBJECT *DeviceObject;
2240 struct _FILE_OBJECT *FileObject;
2241 FS_FILTER_PARAMETERS Parameters;
2242 } FS_FILTER_CALLBACK_DATA, *PFS_FILTER_CALLBACK_DATA;
2243
2244 typedef NTSTATUS
2245 (NTAPI *PFS_FILTER_CALLBACK) (
2246 IN PFS_FILTER_CALLBACK_DATA Data,
2247 OUT PVOID *CompletionContext
2248 );
2249
2250 typedef VOID
2251 (NTAPI *PFS_FILTER_COMPLETION_CALLBACK) (
2252 IN PFS_FILTER_CALLBACK_DATA Data,
2253 IN NTSTATUS OperationStatus,
2254 IN PVOID CompletionContext
2255 );
2256
2257 typedef struct _FS_FILTER_CALLBACKS {
2258 ULONG SizeOfFsFilterCallbacks;
2259 ULONG Reserved;
2260 PFS_FILTER_CALLBACK PreAcquireForSectionSynchronization;
2261 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForSectionSynchronization;
2262 PFS_FILTER_CALLBACK PreReleaseForSectionSynchronization;
2263 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForSectionSynchronization;
2264 PFS_FILTER_CALLBACK PreAcquireForCcFlush;
2265 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForCcFlush;
2266 PFS_FILTER_CALLBACK PreReleaseForCcFlush;
2267 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForCcFlush;
2268 PFS_FILTER_CALLBACK PreAcquireForModifiedPageWriter;
2269 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForModifiedPageWriter;
2270 PFS_FILTER_CALLBACK PreReleaseForModifiedPageWriter;
2271 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForModifiedPageWriter;
2272 } FS_FILTER_CALLBACKS, *PFS_FILTER_CALLBACKS;
2273
2274 typedef struct _READ_LIST {
2275 PFILE_OBJECT FileObject;
2276 ULONG NumberOfEntries;
2277 LOGICAL IsImage;
2278 FILE_SEGMENT_ELEMENT List[ANYSIZE_ARRAY];
2279 } READ_LIST, *PREAD_LIST;
2280
2281 #endif
2282
2283 typedef NTSTATUS
2284 (NTAPI * PRTL_HEAP_COMMIT_ROUTINE) (
2285 IN PVOID Base,
2286 IN OUT PVOID *CommitAddress,
2287 IN OUT PSIZE_T CommitSize
2288 );
2289
2290 typedef struct _RTL_HEAP_PARAMETERS {
2291 ULONG Length;
2292 SIZE_T SegmentReserve;
2293 SIZE_T SegmentCommit;
2294 SIZE_T DeCommitFreeBlockThreshold;
2295 SIZE_T DeCommitTotalFreeThreshold;
2296 SIZE_T MaximumAllocationSize;
2297 SIZE_T VirtualMemoryThreshold;
2298 SIZE_T InitialCommit;
2299 SIZE_T InitialReserve;
2300 PRTL_HEAP_COMMIT_ROUTINE CommitRoutine;
2301 SIZE_T Reserved[2];
2302 } RTL_HEAP_PARAMETERS, *PRTL_HEAP_PARAMETERS;
2303
2304 NTKERNELAPI
2305 BOOLEAN
2306 NTAPI
2307 CcCanIWrite (
2308 IN PFILE_OBJECT FileObject,
2309 IN ULONG BytesToWrite,
2310 IN BOOLEAN Wait,
2311 IN BOOLEAN Retrying
2312 );
2313
2314 NTKERNELAPI
2315 BOOLEAN
2316 NTAPI
2317 CcCopyRead (
2318 IN PFILE_OBJECT FileObject,
2319 IN PLARGE_INTEGER FileOffset,
2320 IN ULONG Length,
2321 IN BOOLEAN Wait,
2322 OUT PVOID Buffer,
2323 OUT PIO_STATUS_BLOCK IoStatus
2324 );
2325
2326 NTKERNELAPI
2327 BOOLEAN
2328 NTAPI
2329 CcCopyWrite (
2330 IN PFILE_OBJECT FileObject,
2331 IN PLARGE_INTEGER FileOffset,
2332 IN ULONG Length,
2333 IN BOOLEAN Wait,
2334 IN PVOID Buffer
2335 );
2336
2337 #define CcCopyWriteWontFlush(FO, FOFF, LEN) ((LEN) <= 0x10000)
2338
2339 typedef VOID (NTAPI *PCC_POST_DEFERRED_WRITE) (
2340 IN PVOID Context1,
2341 IN PVOID Context2
2342 );
2343
2344 NTKERNELAPI
2345 VOID
2346 NTAPI
2347 CcDeferWrite (
2348 IN PFILE_OBJECT FileObject,
2349 IN PCC_POST_DEFERRED_WRITE PostRoutine,
2350 IN PVOID Context1,
2351 IN PVOID Context2,
2352 IN ULONG BytesToWrite,
2353 IN BOOLEAN Retrying
2354 );
2355
2356 NTKERNELAPI
2357 VOID
2358 NTAPI
2359 CcFastCopyRead (
2360 IN PFILE_OBJECT FileObject,
2361 IN ULONG FileOffset,
2362 IN ULONG Length,
2363 IN ULONG PageCount,
2364 OUT PVOID Buffer,
2365 OUT PIO_STATUS_BLOCK IoStatus
2366 );
2367
2368 NTKERNELAPI
2369 VOID
2370 NTAPI
2371 CcFastCopyWrite (
2372 IN PFILE_OBJECT FileObject,
2373 IN ULONG FileOffset,
2374 IN ULONG Length,
2375 IN PVOID Buffer
2376 );
2377
2378 NTKERNELAPI
2379 VOID
2380 NTAPI
2381 CcFlushCache (
2382 IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
2383 IN PLARGE_INTEGER FileOffset OPTIONAL,
2384 IN ULONG Length,
2385 OUT PIO_STATUS_BLOCK IoStatus OPTIONAL
2386 );
2387
2388 typedef VOID (NTAPI *PDIRTY_PAGE_ROUTINE) (
2389 IN PFILE_OBJECT FileObject,
2390 IN PLARGE_INTEGER FileOffset,
2391 IN ULONG Length,
2392 IN PLARGE_INTEGER OldestLsn,
2393 IN PLARGE_INTEGER NewestLsn,
2394 IN PVOID Context1,
2395 IN PVOID Context2
2396 );
2397
2398 NTKERNELAPI
2399 LARGE_INTEGER
2400 NTAPI
2401 CcGetDirtyPages (
2402 IN PVOID LogHandle,
2403 IN PDIRTY_PAGE_ROUTINE DirtyPageRoutine,
2404 IN PVOID Context1,
2405 IN PVOID Context2
2406 );
2407
2408 NTKERNELAPI
2409 PFILE_OBJECT
2410 NTAPI
2411 CcGetFileObjectFromBcb (
2412 IN PVOID Bcb
2413 );
2414
2415 NTKERNELAPI
2416 PFILE_OBJECT
2417 NTAPI
2418 CcGetFileObjectFromSectionPtrs (
2419 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
2420 );
2421
2422 #define CcGetFileSizePointer(FO) ( \
2423 ((PLARGE_INTEGER)((FO)->SectionObjectPointer->SharedCacheMap) + 1) \
2424 )
2425
2426 #if (VER_PRODUCTBUILD >= 2195)
2427
2428 NTKERNELAPI
2429 LARGE_INTEGER
2430 NTAPI
2431 CcGetFlushedValidData (
2432 IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
2433 IN BOOLEAN BcbListHeld
2434 );
2435
2436 #endif /* (VER_PRODUCTBUILD >= 2195) */
2437
2438 NTKERNELAPI
2439 LARGE_INTEGER
2440 NTAPI
2441 CcGetLsnForFileObject (
2442 IN PFILE_OBJECT FileObject,
2443 OUT PLARGE_INTEGER OldestLsn OPTIONAL
2444 );
2445
2446 typedef BOOLEAN (NTAPI *PACQUIRE_FOR_LAZY_WRITE) (
2447 IN PVOID Context,
2448 IN BOOLEAN Wait
2449 );
2450
2451 typedef VOID (NTAPI *PRELEASE_FROM_LAZY_WRITE) (
2452 IN PVOID Context
2453 );
2454
2455 typedef BOOLEAN (NTAPI *PACQUIRE_FOR_READ_AHEAD) (
2456 IN PVOID Context,
2457 IN BOOLEAN Wait
2458 );
2459
2460 typedef VOID (NTAPI *PRELEASE_FROM_READ_AHEAD) (
2461 IN PVOID Context
2462 );
2463
2464 typedef struct _CACHE_MANAGER_CALLBACKS {
2465 PACQUIRE_FOR_LAZY_WRITE AcquireForLazyWrite;
2466 PRELEASE_FROM_LAZY_WRITE ReleaseFromLazyWrite;
2467 PACQUIRE_FOR_READ_AHEAD AcquireForReadAhead;
2468 PRELEASE_FROM_READ_AHEAD ReleaseFromReadAhead;
2469 } CACHE_MANAGER_CALLBACKS, *PCACHE_MANAGER_CALLBACKS;
2470
2471 NTKERNELAPI
2472 VOID
2473 NTAPI
2474 CcInitializeCacheMap (
2475 IN PFILE_OBJECT FileObject,
2476 IN PCC_FILE_SIZES FileSizes,
2477 IN BOOLEAN PinAccess,
2478 IN PCACHE_MANAGER_CALLBACKS Callbacks,
2479 IN PVOID LazyWriteContext
2480 );
2481
2482 #define CcIsFileCached(FO) ( \
2483 ((FO)->SectionObjectPointer != NULL) && \
2484 (((PSECTION_OBJECT_POINTERS)(FO)->SectionObjectPointer)->SharedCacheMap != NULL) \
2485 )
2486
2487 extern ULONG CcFastMdlReadWait;
2488
2489 NTKERNELAPI
2490 BOOLEAN
2491 NTAPI
2492 CcIsThereDirtyData (
2493 IN PVPB Vpb
2494 );
2495
2496 NTKERNELAPI
2497 BOOLEAN
2498 NTAPI
2499 CcMapData (
2500 IN PFILE_OBJECT FileObject,
2501 IN PLARGE_INTEGER FileOffset,
2502 IN ULONG Length,
2503 IN ULONG Flags,
2504 OUT PVOID *Bcb,
2505 OUT PVOID *Buffer
2506 );
2507
2508 NTKERNELAPI
2509 VOID
2510 NTAPI
2511 CcMdlRead (
2512 IN PFILE_OBJECT FileObject,
2513 IN PLARGE_INTEGER FileOffset,
2514 IN ULONG Length,
2515 OUT PMDL *MdlChain,
2516 OUT PIO_STATUS_BLOCK IoStatus
2517 );
2518
2519 NTKERNELAPI
2520 VOID
2521 NTAPI
2522 CcMdlReadComplete (
2523 IN PFILE_OBJECT FileObject,
2524 IN PMDL MdlChain
2525 );
2526
2527 NTKERNELAPI
2528 VOID
2529 NTAPI
2530 CcMdlWriteComplete (
2531 IN PFILE_OBJECT FileObject,
2532 IN PLARGE_INTEGER FileOffset,
2533 IN PMDL MdlChain
2534 );
2535
2536 #define MAP_WAIT 1
2537
2538 NTKERNELAPI
2539 BOOLEAN
2540 NTAPI
2541 CcPinMappedData (
2542 IN PFILE_OBJECT FileObject,
2543 IN PLARGE_INTEGER FileOffset,
2544 IN ULONG Length,
2545 IN ULONG Flags,
2546 IN OUT PVOID *Bcb
2547 );
2548
2549 NTKERNELAPI
2550 BOOLEAN
2551 NTAPI
2552 CcPinRead (
2553 IN PFILE_OBJECT FileObject,
2554 IN PLARGE_INTEGER FileOffset,
2555 IN ULONG Length,
2556 IN ULONG Flags,
2557 OUT PVOID *Bcb,
2558 OUT PVOID *Buffer
2559 );
2560
2561 NTKERNELAPI
2562 VOID
2563 NTAPI
2564 CcPrepareMdlWrite (
2565 IN PFILE_OBJECT FileObject,
2566 IN PLARGE_INTEGER FileOffset,
2567 IN ULONG Length,
2568 OUT PMDL *MdlChain,
2569 OUT PIO_STATUS_BLOCK IoStatus
2570 );
2571
2572 NTKERNELAPI
2573 BOOLEAN
2574 NTAPI
2575 CcPreparePinWrite (
2576 IN PFILE_OBJECT FileObject,
2577 IN PLARGE_INTEGER FileOffset,
2578 IN ULONG Length,
2579 IN BOOLEAN Zero,
2580 IN ULONG Flags,
2581 OUT PVOID *Bcb,
2582 OUT PVOID *Buffer
2583 );
2584
2585 NTKERNELAPI
2586 BOOLEAN
2587 NTAPI
2588 CcPurgeCacheSection (
2589 IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
2590 IN PLARGE_INTEGER FileOffset OPTIONAL,
2591 IN ULONG Length,
2592 IN BOOLEAN UninitializeCacheMaps
2593 );
2594
2595 #define CcReadAhead(FO, FOFF, LEN) ( \
2596 if ((LEN) >= 256) { \
2597 CcScheduleReadAhead((FO), (FOFF), (LEN)); \
2598 } \
2599 )
2600
2601 #if (VER_PRODUCTBUILD >= 2195)
2602
2603 NTKERNELAPI
2604 PVOID
2605 NTAPI
2606 CcRemapBcb (
2607 IN PVOID Bcb
2608 );
2609
2610 #endif /* (VER_PRODUCTBUILD >= 2195) */
2611
2612 NTKERNELAPI
2613 VOID
2614 NTAPI
2615 CcRepinBcb (
2616 IN PVOID Bcb
2617 );
2618
2619 NTKERNELAPI
2620 VOID
2621 NTAPI
2622 CcScheduleReadAhead (
2623 IN PFILE_OBJECT FileObject,
2624 IN PLARGE_INTEGER FileOffset,
2625 IN ULONG Length
2626 );
2627
2628 NTKERNELAPI
2629 VOID
2630 NTAPI
2631 CcSetAdditionalCacheAttributes (
2632 IN PFILE_OBJECT FileObject,
2633 IN BOOLEAN DisableReadAhead,
2634 IN BOOLEAN DisableWriteBehind
2635 );
2636
2637 NTKERNELAPI
2638 VOID
2639 NTAPI
2640 CcSetBcbOwnerPointer (
2641 IN PVOID Bcb,
2642 IN PVOID OwnerPointer
2643 );
2644
2645 NTKERNELAPI
2646 VOID
2647 NTAPI
2648 CcSetDirtyPageThreshold (
2649 IN PFILE_OBJECT FileObject,
2650 IN ULONG DirtyPageThreshold
2651 );
2652
2653 NTKERNELAPI
2654 VOID
2655 NTAPI
2656 CcSetDirtyPinnedData (
2657 IN PVOID BcbVoid,
2658 IN PLARGE_INTEGER Lsn OPTIONAL
2659 );
2660
2661 NTKERNELAPI
2662 VOID
2663 NTAPI
2664 CcSetFileSizes (
2665 IN PFILE_OBJECT FileObject,
2666 IN PCC_FILE_SIZES FileSizes
2667 );
2668
2669 typedef VOID (NTAPI *PFLUSH_TO_LSN) (
2670 IN PVOID LogHandle,
2671 IN LARGE_INTEGER Lsn
2672 );
2673
2674 NTKERNELAPI
2675 VOID
2676 NTAPI
2677 CcSetLogHandleForFile (
2678 IN PFILE_OBJECT FileObject,
2679 IN PVOID LogHandle,
2680 IN PFLUSH_TO_LSN FlushToLsnRoutine
2681 );
2682
2683 NTKERNELAPI
2684 VOID
2685 NTAPI
2686 CcSetReadAheadGranularity (
2687 IN PFILE_OBJECT FileObject,
2688 IN ULONG Granularity /* default: PAGE_SIZE */
2689 /* allowed: 2^n * PAGE_SIZE */
2690 );
2691
2692 NTKERNELAPI
2693 BOOLEAN
2694 NTAPI
2695 CcUninitializeCacheMap (
2696 IN PFILE_OBJECT FileObject,
2697 IN PLARGE_INTEGER TruncateSize OPTIONAL,
2698 IN PCACHE_UNINITIALIZE_EVENT UninitializeCompleteEvent OPTIONAL
2699 );
2700
2701 NTKERNELAPI
2702 VOID
2703 NTAPI
2704 CcUnpinData (
2705 IN PVOID Bcb
2706 );
2707
2708 NTKERNELAPI
2709 VOID
2710 NTAPI
2711 CcUnpinDataForThread (
2712 IN PVOID Bcb,
2713 IN ERESOURCE_THREAD ResourceThreadId
2714 );
2715
2716 NTKERNELAPI
2717 VOID
2718 NTAPI
2719 CcUnpinRepinnedBcb (
2720 IN PVOID Bcb,
2721 IN BOOLEAN WriteThrough,
2722 OUT PIO_STATUS_BLOCK IoStatus
2723 );
2724
2725 #if (VER_PRODUCTBUILD >= 2195)
2726
2727 NTKERNELAPI
2728 NTSTATUS
2729 NTAPI
2730 CcWaitForCurrentLazyWriterActivity (
2731 VOID
2732 );
2733
2734 #endif /* (VER_PRODUCTBUILD >= 2195) */
2735
2736 NTKERNELAPI
2737 BOOLEAN
2738 NTAPI
2739 CcZeroData (
2740 IN PFILE_OBJECT FileObject,
2741 IN PLARGE_INTEGER StartOffset,
2742 IN PLARGE_INTEGER EndOffset,
2743 IN BOOLEAN Wait
2744 );
2745
2746 NTKERNELAPI
2747 VOID
2748 NTAPI
2749 ExDisableResourceBoostLite (
2750 IN PERESOURCE Resource
2751 );
2752
2753 NTKERNELAPI
2754 SIZE_T
2755 NTAPI
2756 ExQueryPoolBlockSize (
2757 IN PVOID PoolBlock,
2758 OUT PBOOLEAN QuotaCharged
2759 );
2760
2761 #if (VER_PRODUCTBUILD >= 2600)
2762
2763 #ifndef __NTOSKRNL__
2764 NTKERNELAPI
2765 VOID
2766 FASTCALL
2767 ExInitializeRundownProtection (
2768 IN PEX_RUNDOWN_REF RunRef
2769 );
2770
2771 NTKERNELAPI
2772 VOID
2773 FASTCALL
2774 ExReInitializeRundownProtection (
2775 IN PEX_RUNDOWN_REF RunRef
2776 );
2777
2778 NTKERNELAPI
2779 BOOLEAN
2780 FASTCALL
2781 ExAcquireRundownProtection (
2782 IN PEX_RUNDOWN_REF RunRef
2783 );
2784
2785 NTKERNELAPI
2786 BOOLEAN
2787 FASTCALL
2788 ExAcquireRundownProtectionEx (
2789 IN PEX_RUNDOWN_REF RunRef,
2790 IN ULONG Count
2791 );
2792
2793 NTKERNELAPI
2794 VOID
2795 FASTCALL
2796 ExReleaseRundownProtection (
2797 IN PEX_RUNDOWN_REF RunRef
2798 );
2799
2800 NTKERNELAPI
2801 VOID
2802 FASTCALL
2803 ExReleaseRundownProtectionEx (
2804 IN PEX_RUNDOWN_REF RunRef,
2805 IN ULONG Count
2806 );
2807
2808 NTKERNELAPI
2809 VOID
2810 FASTCALL
2811 ExRundownCompleted (
2812 IN PEX_RUNDOWN_REF RunRef
2813 );
2814
2815 NTKERNELAPI
2816 VOID
2817 FASTCALL
2818 ExWaitForRundownProtectionRelease (
2819 IN PEX_RUNDOWN_REF RunRef
2820 );
2821
2822 #endif
2823 #endif /* (VER_PRODUCTBUILD >= 2600) */
2824
2825
2826 #define FsRtlSetupAdvancedHeader( _advhdr, _fmutx ) \
2827 { \
2828 SetFlag( (_advhdr)->Flags, FSRTL_FLAG_ADVANCED_HEADER ); \
2829 SetFlag( (_advhdr)->Flags2, FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS ); \
2830 (_advhdr)->Version = FSRTL_FCB_HEADER_V1; \
2831 InitializeListHead( &(_advhdr)->FilterContexts ); \
2832 if ((_fmutx) != NULL) { \
2833 (_advhdr)->FastMutex = (_fmutx); \
2834 } \
2835 *((PULONG_PTR)(&(_advhdr)->PushLock)) = 0; \
2836 /*ExInitializePushLock( &(_advhdr)->PushLock ); API Not avaliable downlevel*/\
2837 (_advhdr)->FileContextSupportPointer = NULL; \
2838 }
2839
2840 NTKERNELAPI
2841 BOOLEAN
2842 NTAPI
2843 FsRtlAddBaseMcbEntry (
2844 IN PBASE_MCB Mcb,
2845 IN LONGLONG Vbn,
2846 IN LONGLONG Lbn,
2847 IN LONGLONG SectorCount
2848 );
2849
2850 NTKERNELAPI
2851 BOOLEAN
2852 NTAPI
2853 FsRtlAddLargeMcbEntry (
2854 IN PLARGE_MCB Mcb,
2855 IN LONGLONG Vbn,
2856 IN LONGLONG Lbn,
2857 IN LONGLONG SectorCount
2858 );
2859
2860 NTKERNELAPI
2861 BOOLEAN
2862 NTAPI
2863 FsRtlAddMcbEntry (
2864 IN PMCB Mcb,
2865 IN VBN Vbn,
2866 IN LBN Lbn,
2867 IN ULONG SectorCount
2868 );
2869
2870 NTKERNELAPI
2871 VOID
2872 NTAPI
2873 FsRtlAddToTunnelCache (
2874 IN PTUNNEL Cache,
2875 IN ULONGLONG DirectoryKey,
2876 IN PUNICODE_STRING ShortName,
2877 IN PUNICODE_STRING LongName,
2878 IN BOOLEAN KeyByShortName,
2879 IN ULONG DataLength,
2880 IN PVOID Data
2881 );
2882
2883 #if (VER_PRODUCTBUILD >= 2195)
2884
2885 PFILE_LOCK
2886 NTAPI
2887 FsRtlAllocateFileLock (
2888 IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL,
2889 IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL
2890 );
2891
2892 #endif /* (VER_PRODUCTBUILD >= 2195) */
2893
2894 NTKERNELAPI
2895 PVOID
2896 NTAPI
2897 FsRtlAllocatePool (
2898 IN POOL_TYPE PoolType,
2899 IN ULONG NumberOfBytes
2900 );
2901
2902 NTKERNELAPI
2903 PVOID
2904 NTAPI
2905 FsRtlAllocatePoolWithQuota (
2906 IN POOL_TYPE PoolType,
2907 IN ULONG NumberOfBytes
2908 );
2909
2910 NTKERNELAPI
2911 PVOID
2912 NTAPI
2913 FsRtlAllocatePoolWithQuotaTag (
2914 IN POOL_TYPE PoolType,
2915 IN ULONG NumberOfBytes,
2916 IN ULONG Tag
2917 );
2918
2919 NTKERNELAPI
2920 PVOID
2921 NTAPI
2922 FsRtlAllocatePoolWithTag (
2923 IN POOL_TYPE PoolType,
2924 IN ULONG NumberOfBytes,
2925 IN ULONG Tag
2926 );
2927
2928 NTKERNELAPI
2929 BOOLEAN
2930 NTAPI
2931 FsRtlAreNamesEqual (
2932 IN PCUNICODE_STRING Name1,
2933 IN PCUNICODE_STRING Name2,
2934 IN BOOLEAN IgnoreCase,
2935 IN PCWCH UpcaseTable OPTIONAL
2936 );
2937
2938 #define FsRtlAreThereCurrentFileLocks(FL) ( \
2939 ((FL)->FastIoIsQuestionable) \
2940 )
2941
2942 /*
2943 FsRtlCheckLockForReadAccess:
2944
2945 All this really does is pick out the lock parameters from the irp (io stack
2946 location?), get IoGetRequestorProcess, and pass values on to
2947 FsRtlFastCheckLockForRead.
2948 */
2949 NTKERNELAPI
2950 BOOLEAN
2951 NTAPI
2952 FsRtlCheckLockForReadAccess (
2953 IN PFILE_LOCK FileLock,
2954 IN PIRP Irp
2955 );
2956
2957 /*
2958 FsRtlCheckLockForWriteAccess:
2959
2960 All this really does is pick out the lock parameters from the irp (io stack
2961 location?), get IoGetRequestorProcess, and pass values on to
2962 FsRtlFastCheckLockForWrite.
2963 */
2964 NTKERNELAPI
2965 BOOLEAN
2966 NTAPI
2967 FsRtlCheckLockForWriteAccess (
2968 IN PFILE_LOCK FileLock,
2969 IN PIRP Irp
2970 );
2971
2972 typedef
2973 VOID
2974 (NTAPI*POPLOCK_WAIT_COMPLETE_ROUTINE) (
2975 IN PVOID Context,
2976 IN PIRP Irp
2977 );
2978
2979 typedef
2980 VOID
2981 (NTAPI*POPLOCK_FS_PREPOST_IRP) (
2982 IN PVOID Context,
2983 IN PIRP Irp
2984 );
2985
2986 NTKERNELAPI
2987 NTSTATUS
2988 NTAPI
2989 FsRtlCheckOplock (
2990 IN POPLOCK Oplock,
2991 IN PIRP Irp,
2992 IN PVOID Context,
2993 IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL,
2994 IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL
2995 );
2996
2997 NTKERNELAPI
2998 BOOLEAN
2999 NTAPI
3000 FsRtlCopyRead (
3001 IN PFILE_OBJECT FileObject,
3002 IN PLARGE_INTEGER FileOffset,
3003 IN ULONG Length,
3004 IN BOOLEAN Wait,
3005 IN ULONG LockKey,
3006 OUT PVOID Buffer,
3007 OUT PIO_STATUS_BLOCK IoStatus,
3008 IN PDEVICE_OBJECT DeviceObject
3009 );
3010
3011 NTKERNELAPI
3012 BOOLEAN
3013 NTAPI
3014 FsRtlCopyWrite (
3015 IN PFILE_OBJECT FileObject,
3016 IN PLARGE_INTEGER FileOffset,
3017 IN ULONG Length,
3018 IN BOOLEAN Wait,
3019 IN ULONG LockKey,
3020 IN PVOID Buffer,
3021 OUT PIO_STATUS_BLOCK IoStatus,
3022 IN PDEVICE_OBJECT DeviceObject
3023 );
3024
3025 #define HEAP_NO_SERIALIZE 0x00000001
3026 #define HEAP_GROWABLE 0x00000002
3027 #define HEAP_GENERATE_EXCEPTIONS 0x00000004
3028 #define HEAP_ZERO_MEMORY 0x00000008
3029 #define HEAP_REALLOC_IN_PLACE_ONLY 0x00000010
3030 #define HEAP_TAIL_CHECKING_ENABLED 0x00000020
3031 #define HEAP_FREE_CHECKING_ENABLED 0x00000040
3032 #define HEAP_DISABLE_COALESCE_ON_FREE 0x00000080
3033
3034 #define HEAP_CREATE_ALIGN_16 0x00010000
3035 #define HEAP_CREATE_ENABLE_TRACING 0x00020000
3036 #define HEAP_CREATE_ENABLE_EXECUTE 0x00040000
3037
3038 NTSYSAPI
3039 PVOID
3040 NTAPI
3041 RtlCreateHeap (
3042 IN ULONG Flags,
3043 IN PVOID HeapBase OPTIONAL,
3044 IN SIZE_T ReserveSize OPTIONAL,
3045 IN SIZE_T CommitSize OPTIONAL,
3046 IN PVOID Lock OPTIONAL,
3047 IN PRTL_HEAP_PARAMETERS Parameters OPTIONAL
3048 );
3049
3050 NTKERNELAPI
3051 BOOLEAN
3052 NTAPI
3053 FsRtlCurrentBatchOplock (
3054 IN POPLOCK Oplock
3055 );
3056
3057 NTKERNELAPI
3058 VOID
3059 NTAPI
3060 FsRtlDeleteKeyFromTunnelCache (
3061 IN PTUNNEL Cache,
3062 IN ULONGLONG DirectoryKey
3063 );
3064
3065 NTKERNELAPI
3066 VOID
3067 NTAPI
3068 FsRtlDeleteTunnelCache (
3069 IN PTUNNEL Cache
3070 );
3071
3072 NTKERNELAPI
3073 VOID
3074 NTAPI
3075 FsRtlDeregisterUncProvider (
3076 IN HANDLE Handle
3077 );
3078
3079 NTSYSAPI
3080 PVOID
3081 NTAPI
3082 RtlDestroyHeap(
3083 IN PVOID HeapHandle
3084 );
3085
3086 NTKERNELAPI
3087 VOID
3088 NTAPI
3089 FsRtlDissectDbcs (
3090 IN ANSI_STRING Name,
3091 OUT PANSI_STRING FirstPart,
3092 OUT PANSI_STRING RemainingPart
3093 );
3094
3095 NTKERNELAPI
3096 VOID
3097 NTAPI
3098 FsRtlDissectName (
3099 IN UNICODE_STRING Name,
3100 OUT PUNICODE_STRING FirstPart,
3101 OUT PUNICODE_STRING RemainingPart
3102 );
3103
3104 NTKERNELAPI
3105 BOOLEAN
3106 NTAPI
3107 FsRtlDoesDbcsContainWildCards (
3108 IN PANSI_STRING Name
3109 );
3110
3111 NTKERNELAPI
3112 BOOLEAN
3113 NTAPI
3114 FsRtlDoesNameContainWildCards (
3115 IN PUNICODE_STRING Name
3116 );
3117
3118 NTKERNELAPI
3119 BOOLEAN
3120 NTAPI
3121 FsRtlIsFatDbcsLegal (
3122 IN ANSI_STRING DbcsName,
3123 IN BOOLEAN WildCardsPermissible,
3124 IN BOOLEAN PathNamePermissible,
3125 IN BOOLEAN LeadingBackslashPermissible
3126 );
3127
3128
3129 #define FsRtlCompleteRequest(IRP,STATUS) { \
3130 (IRP)->IoStatus.Status = (STATUS); \
3131 IoCompleteRequest( (IRP), IO_DISK_INCREMENT ); \
3132 }
3133
3134 #define FsRtlEnterFileSystem KeEnterCriticalRegion
3135
3136 #define FsRtlExitFileSystem KeLeaveCriticalRegion
3137
3138 NTKERNELAPI
3139 BOOLEAN
3140 NTAPI
3141 FsRtlFastCheckLockForRead (
3142 IN PFILE_LOCK FileLock,
3143 IN PLARGE_INTEGER FileOffset,
3144 IN PLARGE_INTEGER Length,
3145 IN ULONG Key,
3146 IN PFILE_OBJECT FileObject,
3147 IN PVOID Process
3148 );
3149
3150 NTKERNELAPI
3151 BOOLEAN
3152 NTAPI
3153 FsRtlFastCheckLockForWrite (
3154 IN PFILE_LOCK FileLock,
3155 IN PLARGE_INTEGER FileOffset,
3156 IN PLARGE_INTEGER Length,
3157 IN ULONG Key,
3158 IN PFILE_OBJECT FileObject,
3159 IN PVOID Process
3160 );
3161
3162 #define FsRtlFastLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, A10, A11) ( \
3163 FsRtlPrivateLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, NULL, A10, A11) \
3164 )
3165
3166 NTKERNELAPI
3167 NTSTATUS
3168 NTAPI
3169 FsRtlFastUnlockAll (
3170 IN PFILE_LOCK FileLock,
3171 IN PFILE_OBJECT FileObject,
3172 IN PEPROCESS Process,
3173 IN PVOID Context OPTIONAL
3174 );
3175 /* ret: STATUS_RANGE_NOT_LOCKED */
3176
3177 NTKERNELAPI
3178 NTSTATUS
3179 NTAPI
3180 FsRtlFastUnlockAllByKey (
3181 IN PFILE_LOCK FileLock,
3182 IN PFILE_OBJECT FileObject,
3183 IN PEPROCESS Process,
3184 IN ULONG Key,
3185 IN PVOID Context OPTIONAL
3186 );
3187 /* ret: STATUS_RANGE_NOT_LOCKED */
3188
3189 NTKERNELAPI
3190 NTSTATUS
3191 NTAPI
3192 FsRtlFastUnlockSingle (
3193 IN PFILE_LOCK FileLock,
3194 IN PFILE_OBJECT FileObject,
3195 IN PLARGE_INTEGER FileOffset,
3196 IN PLARGE_INTEGER Length,
3197 IN PEPROCESS Process,
3198 IN ULONG Key,
3199 IN PVOID Context OPTIONAL,
3200 IN BOOLEAN AlreadySynchronized
3201 );
3202 /* ret: STATUS_RANGE_NOT_LOCKED */
3203
3204 NTKERNELAPI
3205 BOOLEAN
3206 NTAPI
3207 FsRtlFindInTunnelCache (
3208 IN PTUNNEL Cache,
3209 IN ULONGLONG DirectoryKey,
3210 IN PUNICODE_STRING Name,
3211 OUT PUNICODE_STRING ShortName,
3212 OUT PUNICODE_STRING LongName,
3213 IN OUT PULONG DataLength,
3214 OUT PVOID Data
3215 );
3216
3217 #if (VER_PRODUCTBUILD >= 2195)
3218
3219 NTKERNELAPI
3220 VOID
3221 NTAPI
3222 FsRtlFreeFileLock (
3223 IN PFILE_LOCK FileLock
3224 );
3225
3226 #endif /* (VER_PRODUCTBUILD >= 2195) */
3227
3228 NTKERNELAPI
3229 NTSTATUS
3230 NTAPI
3231 FsRtlGetFileSize (
3232 IN PFILE_OBJECT FileObject,
3233 IN OUT PLARGE_INTEGER FileSize
3234 );
3235
3236 NTKERNELAPI
3237 BOOLEAN
3238 NTAPI
3239 FsRtlGetNextBaseMcbEntry (
3240 IN PBASE_MCB Mcb,
3241 IN ULONG RunIndex,
3242 OUT PLONGLONG Vbn,
3243 OUT PLONGLONG Lbn,
3244 OUT PLONGLONG SectorCount
3245 );
3246
3247 /*
3248 FsRtlGetNextFileLock:
3249
3250 ret: NULL if no more locks
3251
3252 Internals:
3253 FsRtlGetNextFileLock uses FileLock->LastReturnedLockInfo and
3254 FileLock->LastReturnedLock as storage.
3255 LastReturnedLock is a pointer to the 'raw' lock inkl. double linked
3256 list, and FsRtlGetNextFileLock needs this to get next lock on subsequent
3257 calls with Restart = FALSE.
3258 */
3259 NTKERNELAPI
3260 PFILE_LOCK_INFO
3261 NTAPI
3262 FsRtlGetNextFileLock (
3263 IN PFILE_LOCK FileLock,
3264 IN BOOLEAN Restart
3265 );
3266
3267 NTKERNELAPI
3268 BOOLEAN
3269 NTAPI
3270 FsRtlGetNextLargeMcbEntry (
3271 IN PLARGE_MCB Mcb,
3272 IN ULONG RunIndex,
3273 OUT PLONGLONG Vbn,
3274 OUT PLONGLONG Lbn,
3275 OUT PLONGLONG SectorCount
3276 );
3277
3278 NTKERNELAPI
3279 BOOLEAN
3280 NTAPI
3281 FsRtlGetNextMcbEntry (
3282 IN PMCB Mcb,
3283 IN ULONG RunIndex,
3284 OUT PVBN Vbn,
3285 OUT PLBN Lbn,
3286 OUT PULONG SectorCount
3287 );
3288
3289 #define FsRtlGetPerStreamContextPointer(FO) ( \
3290 (PFSRTL_ADVANCED_FCB_HEADER)(FO)->FsContext \
3291 )
3292
3293 NTKERNELAPI
3294 VOID
3295 NTAPI
3296 FsRtlInitializeBaseMcb (
3297 IN PBASE_MCB Mcb,
3298 IN POOL_TYPE PoolType
3299 );
3300
3301 NTKERNELAPI
3302 VOID
3303 NTAPI
3304 FsRtlInitializeFileLock (
3305 IN PFILE_LOCK FileLock,
3306 IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL,
3307 IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL
3308 );
3309
3310 NTKERNELAPI
3311 VOID
3312 NTAPI
3313 FsRtlInitializeLargeMcb (
3314 IN PLARGE_MCB Mcb,
3315 IN POOL_TYPE PoolType
3316 );
3317
3318 NTKERNELAPI
3319 VOID
3320 NTAPI
3321 FsRtlInitializeMcb (
3322 IN PMCB Mcb,
3323 IN POOL_TYPE PoolType
3324 );
3325
3326 NTKERNELAPI
3327 VOID
3328 NTAPI
3329 FsRtlInitializeOplock (
3330 IN OUT POPLOCK Oplock
3331 );
3332
3333 NTKERNELAPI
3334 VOID
3335 NTAPI
3336 FsRtlInitializeTunnelCache (
3337 IN PTUNNEL Cache
3338 );
3339
3340 #define FsRtlInitPerStreamContext(PSC, O, I, FC) ( \
3341 (PSC)->OwnerId = (O), \
3342 (PSC)->InstanceId = (I), \
3343 (PSC)->FreeCallback = (FC) \
3344 )
3345
3346 NTKERNELAPI
3347 NTSTATUS
3348 NTAPI
3349 FsRtlInsertPerStreamContext (
3350 IN PFSRTL_ADVANCED_FCB_HEADER PerStreamContext,
3351 IN PFSRTL_PER_STREAM_CONTEXT Ptr
3352 );
3353
3354 #define FsRtlIsAnsiCharacterLegalFat(C, WILD) ( \
3355 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_FAT_LEGAL) | \
3356 ((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \
3357 )
3358
3359 #define FsRtlIsAnsiCharacterLegalHpfs(C, WILD) ( \
3360 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_HPFS_LEGAL) | \
3361 ((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \
3362 )
3363
3364 #define FsRtlIsAnsiCharacterLegalNtfs(C, WILD) ( \
3365 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_NTFS_LEGAL) | \
3366 ((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \
3367 )
3368
3369 #define FsRtlIsAnsiCharacterWild(C) ( \
3370 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], FSRTL_WILD_CHARACTER ) \
3371 )
3372
3373 NTKERNELAPI
3374 BOOLEAN
3375 NTAPI
3376 FsRtlIsFatDbcsLegal (
3377 IN ANSI_STRING DbcsName,
3378 IN BOOLEAN WildCardsPermissible,
3379 IN BOOLEAN PathNamePermissible,
3380 IN BOOLEAN LeadingBackslashPermissible
3381 );
3382
3383 NTKERNELAPI
3384 BOOLEAN
3385 NTAPI
3386 FsRtlIsHpfsDbcsLegal (
3387 IN ANSI_STRING DbcsName,
3388 IN BOOLEAN WildCardsPermissible,
3389 IN BOOLEAN PathNamePermissible,
3390 IN BOOLEAN LeadingBackslashPermissible
3391 );
3392
3393 NTKERNELAPI
3394 BOOLEAN
3395 NTAPI
3396 FsRtlIsNameInExpression (
3397 IN PUNICODE_STRING Expression,
3398 IN PUNICODE_STRING Name,
3399 IN BOOLEAN IgnoreCase,
3400 IN PWCHAR UpcaseTable OPTIONAL
3401 );
3402
3403 NTKERNELAPI
3404 BOOLEAN
3405 NTAPI
3406 FsRtlIsNtstatusExpected (
3407 IN NTSTATUS Ntstatus
3408 );
3409
3410 #define NLS_OEM_LEAD_BYTE_INFO NlsOemLeadByteInfo
3411
3412 extern PUSHORT NlsOemLeadByteInfo;
3413
3414 #define FsRtlIsLeadDbcsCharacter(DBCS_CHAR) ( \
3415 (BOOLEAN)((UCHAR)(DBCS_CHAR) < 0x80 ? FALSE : \
3416 (NLS_MB_CODE_PAGE_TAG && \
3417 (NLS_OEM_LEAD_BYTE_INFO[(UCHAR)(DBCS_CHAR)] != 0))) \
3418 )
3419
3420 #define FsRtlIsUnicodeCharacterWild(C) ( \
3421 (((C) >= 0x40) ? \
3422 FALSE : \
3423 FlagOn(FsRtlLegalAnsiCharacterArray[(C)], FSRTL_WILD_CHARACTER )) \
3424 )
3425
3426 NTKERNELAPI
3427 BOOLEAN
3428 NTAPI
3429 FsRtlLookupBaseMcbEntry (
3430 IN PBASE_MCB Mcb,
3431 IN LONGLONG Vbn,
3432 OUT PLONGLONG Lbn OPTIONAL,
3433 OUT PLONGLONG SectorCountFromLbn OPTIONAL,
3434 OUT PLONGLONG StartingLbn OPTIONAL,
3435 OUT PLONGLONG SectorCountFromStartingLbn OPTIONAL,
3436 OUT PULONG Index OPTIONAL
3437 );
3438
3439 NTKERNELAPI
3440 BOOLEAN
3441 NTAPI
3442 FsRtlLookupLargeMcbEntry (
3443 IN PLARGE_MCB Mcb,
3444 IN LONGLONG Vbn,
3445 OUT PLONGLONG Lbn OPTIONAL,
3446 OUT PLONGLONG SectorCountFromLbn OPTIONAL,
3447 OUT PLONGLONG StartingLbn OPTIONAL,
3448 OUT PLONGLONG SectorCountFromStartingLbn OPTIONAL,
3449 OUT PULONG Index OPTIONAL
3450 );
3451
3452 NTKERNELAPI
3453 BOOLEAN
3454 NTAPI
3455 FsRtlLookupLastBaseMcbEntry (
3456 IN PBASE_MCB Mcb,
3457 OUT PLONGLONG Vbn,
3458 OUT PLONGLONG Lbn
3459 );
3460
3461 NTKERNELAPI
3462 BOOLEAN
3463 NTAPI
3464 FsRtlLookupLastLargeMcbEntry (
3465 IN PLARGE_MCB Mcb,
3466 OUT PLONGLONG Vbn,
3467 OUT PLONGLONG Lbn
3468 );
3469
3470 NTKERNELAPI
3471 BOOLEAN
3472 NTAPI
3473 FsRtlLookupLastMcbEntry (
3474 IN PMCB Mcb,
3475 OUT PVBN Vbn,
3476 OUT PLBN Lbn
3477 );
3478
3479 NTKERNELAPI
3480 BOOLEAN
3481 NTAPI
3482 FsRtlLookupLastBaseMcbEntryAndIndex (
3483 IN PBASE_MCB OpaqueMcb,
3484 IN OUT PLONGLONG LargeVbn,
3485 IN OUT PLONGLONG LargeLbn,
3486 IN OUT PULONG Index
3487 );
3488
3489 NTKERNELAPI
3490 BOOLEAN
3491 NTAPI
3492 FsRtlLookupLastLargeMcbEntryAndIndex (
3493 IN PLARGE_MCB OpaqueMcb,
3494 OUT PLONGLONG LargeVbn,
3495 OUT PLONGLONG LargeLbn,
3496 OUT PULONG Index
3497 );
3498
3499 NTKERNELAPI
3500 BOOLEAN
3501 NTAPI
3502 FsRtlLookupMcbEntry (
3503 IN PMCB Mcb,
3504 IN VBN Vbn,
3505 OUT PLBN Lbn,
3506 OUT PULONG SectorCount OPTIONAL,
3507 OUT PULONG Index
3508 );
3509
3510 NTKERNELAPI
3511 PFSRTL_PER_STREAM_CONTEXT
3512 NTAPI
3513 FsRtlLookupPerStreamContextInternal (
3514 IN PFSRTL_ADVANCED_FCB_HEADER StreamContext,
3515 IN PVOID OwnerId OPTIONAL,
3516 IN PVOID InstanceId OPTIONAL
3517 );
3518
3519 NTKERNELAPI
3520 BOOLEAN
3521 NTAPI
3522 FsRtlMdlReadDev (
3523 IN PFILE_OBJECT FileObject,
3524 IN PLARGE_INTEGER FileOffset,
3525 IN ULONG Length,
3526 IN ULONG LockKey,
3527 OUT PMDL *MdlChain,
3528 OUT PIO_STATUS_BLOCK IoStatus,
3529 IN PDEVICE_OBJECT DeviceObject
3530 );
3531
3532 NTKERNELAPI
3533 BOOLEAN
3534 NTAPI
3535 FsRtlMdlReadComplete (
3536 IN PFILE_OBJECT FileObject,
3537 IN PMDL MdlChain
3538 );
3539
3540 NTKERNELAPI
3541 BOOLEAN
3542 NTAPI
3543 FsRtlMdlReadCompleteDev (
3544 IN PFILE_OBJECT FileObject,
3545 IN PMDL MdlChain,
3546 IN PDEVICE_OBJECT DeviceObject
3547 );
3548
3549 NTKERNELAPI
3550 BOOLEAN
3551 NTAPI
3552 FsRtlPrepareMdlWriteDev (
3553 IN PFILE_OBJECT FileObject,
3554 IN PLARGE_INTEGER FileOffset,
3555 IN ULONG Length,
3556 IN ULONG LockKey,
3557 OUT PMDL *MdlChain,
3558 OUT PIO_STATUS_BLOCK IoStatus,
3559 IN PDEVICE_OBJECT DeviceObject
3560 );
3561
3562 NTKERNELAPI
3563 BOOLEAN
3564 NTAPI
3565 FsRtlMdlWriteComplete (
3566 IN PFILE_OBJECT FileObject,
3567 IN PLARGE_INTEGER FileOffset,
3568 IN PMDL MdlChain
3569 );
3570
3571 NTKERNELAPI
3572 BOOLEAN
3573 NTAPI
3574 FsRtlMdlWriteCompleteDev (
3575 IN PFILE_OBJECT FileObject,
3576 IN PLARGE_INTEGER FileOffset,
3577 IN PMDL MdlChain,
3578 IN PDEVICE_OBJECT DeviceObject
3579 );
3580
3581 NTKERNELAPI
3582 NTSTATUS
3583 NTAPI
3584 FsRtlNormalizeNtstatus (
3585 IN NTSTATUS Exception,
3586 IN NTSTATUS GenericException
3587 );
3588
3589 NTKERNELAPI
3590 VOID
3591 NTAPI
3592 FsRtlNotifyChangeDirectory (
3593 IN PNOTIFY_SYNC NotifySync,
3594 IN PVOID FsContext,
3595 IN PSTRING FullDirectoryName,
3596 IN PLIST_ENTRY NotifyList,
3597 IN BOOLEAN WatchTree,
3598 IN ULONG CompletionFilter,
3599 IN PIRP NotifyIrp
3600 );
3601
3602 NTKERNELAPI
3603 VOID
3604 NTAPI
3605 FsRtlNotifyCleanup (
3606 IN PNOTIFY_SYNC NotifySync,
3607 IN PLIST_ENTRY NotifyList,
3608 IN PVOID FsContext
3609 );
3610
3611 typedef BOOLEAN (NTAPI *PCHECK_FOR_TRAVERSE_ACCESS) (
3612 IN PVOID NotifyContext,
3613 IN PVOID TargetContext,
3614 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
3615 );
3616
3617 NTKERNELAPI
3618 VOID
3619 NTAPI
3620 FsRtlNotifyFilterChangeDirectory (
3621 IN PNOTIFY_SYNC NotifySync,
3622 IN PLIST_ENTRY NotifyList,
3623 IN PVOID FsContext,
3624 IN PSTRING FullDirectoryName,
3625 IN BOOLEAN WatchTree,
3626 IN BOOLEAN IgnoreBuffer,
3627 IN ULONG CompletionFilter,
3628 IN PIRP NotifyIrp,
3629 IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL,
3630 IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL,
3631 IN PFILTER_REPORT_CHANGE FilterCallback OPTIONAL);
3632
3633 NTKERNELAPI
3634 VOID
3635 NTAPI
3636 FsRtlNotifyFilterReportChange (
3637 IN PNOTIFY_SYNC NotifySync,
3638 IN PLIST_ENTRY NotifyList,
3639 IN PSTRING FullTargetName,
3640 IN USHORT TargetNameOffset,
3641 IN PSTRING StreamName OPTIONAL,
3642 IN PSTRING NormalizedParentName OPTIONAL,
3643 IN ULONG FilterMatch,
3644 IN ULONG Action,
3645 IN PVOID TargetContext,
3646 IN PVOID FilterContext);
3647
3648 NTKERNELAPI
3649 VOID
3650 NTAPI
3651 FsRtlNotifyFullChangeDirectory (
3652 IN PNOTIFY_SYNC NotifySync,
3653 IN PLIST_ENTRY NotifyList,
3654 IN PVOID FsContext,
3655 IN PSTRING FullDirectoryName,
3656 IN BOOLEAN WatchTree,
3657 IN BOOLEAN IgnoreBuffer,
3658 IN ULONG CompletionFilter,
3659 IN PIRP NotifyIrp,
3660 IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL,
3661 IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL
3662 );
3663
3664 NTKERNELAPI
3665 VOID
3666 NTAPI
3667 FsRtlNotifyFullReportChange (
3668 IN PNOTIFY_SYNC NotifySync,
3669 IN PLIST_ENTRY NotifyList,
3670 IN PSTRING FullTargetName,
3671 IN USHORT TargetNameOffset,
3672 IN PSTRING StreamName OPTIONAL,
3673 IN PSTRING NormalizedParentName OPTIONAL,
3674 IN ULONG FilterMatch,
3675 IN ULONG Action,
3676 IN PVOID TargetContext
3677 );
3678
3679 NTKERNELAPI
3680 VOID
3681 NTAPI
3682 FsRtlNotifyInitializeSync (
3683 IN PNOTIFY_SYNC *NotifySync
3684 );
3685
3686 NTKERNELAPI
3687 VOID
3688 NTAPI
3689 FsRtlNotifyUninitializeSync (
3690 IN PNOTIFY_SYNC *NotifySync
3691 );
3692
3693 #if (VER_PRODUCTBUILD >= 2195)
3694
3695 NTKERNELAPI
3696 NTSTATUS
3697 NTAPI
3698 FsRtlNotifyVolumeEvent (
3699 IN PFILE_OBJECT FileObject,
3700 IN ULONG EventCode
3701 );
3702
3703 #endif /* (VER_PRODUCTBUILD >= 2195) */
3704
3705 NTKERNELAPI
3706 ULONG
3707 NTAPI
3708 FsRtlNumberOfRunsInBaseMcb (
3709 IN PBASE_MCB Mcb
3710 );
3711
3712 NTKERNELAPI
3713 ULONG
3714 NTAPI
3715 FsRtlNumberOfRunsInLargeMcb (
3716 IN PLARGE_MCB Mcb
3717 );
3718
3719 NTKERNELAPI
3720 ULONG
3721 NTAPI
3722 FsRtlNumberOfRunsInMcb (
3723 IN PMCB Mcb
3724 );
3725
3726 NTKERNELAPI
3727 NTSTATUS
3728 NTAPI
3729 FsRtlOplockFsctrl (
3730 IN POPLOCK Oplock,
3731 IN PIRP Irp,
3732 IN ULONG OpenCount
3733 );
3734
3735 NTKERNELAPI
3736 BOOLEAN
3737 NTAPI
3738 FsRtlOplockIsFastIoPossible (
3739 IN POPLOCK Oplock
3740 );
3741
3742 typedef VOID
3743 (NTAPI *PFSRTL_STACK_OVERFLOW_ROUTINE) (
3744 IN PVOID Context,
3745 IN PKEVENT Event
3746 );
3747
3748 NTKERNELAPI
3749 VOID
3750 NTAPI
3751 FsRtlPostPagingFileStackOverflow (
3752 IN PVOID Context,
3753 IN PKEVENT Event,
3754 IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine
3755 );
3756
3757 NTKERNELAPI
3758 VOID
3759 NTAPI
3760 FsRtlPostStackOverflow (
3761 IN PVOID Context,
3762 IN PKEVENT Event,
3763 IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine
3764 );
3765
3766 /*
3767 FsRtlPrivateLock:
3768
3769 ret: IoStatus->Status: STATUS_PENDING, STATUS_LOCK_NOT_GRANTED
3770
3771 Internals:
3772 -Calls IoCompleteRequest if Irp
3773 -Uses exception handling / ExRaiseStatus with STATUS_INSUFFICIENT_RESOURCES
3774 */
3775 NTKERNELAPI
3776 BOOLEAN
3777 NTAPI
3778 FsRtlPrivateLock (
3779 IN PFILE_LOCK FileLock,
3780 IN PFILE_OBJECT FileObject,
3781 IN PLARGE_INTEGER FileOffset,
3782 IN PLARGE_INTEGER Length,
3783 IN PEPROCESS Process,
3784 IN ULONG Key,
3785 IN BOOLEAN FailImmediately,
3786 IN BOOLEAN ExclusiveLock,
3787 OUT PIO_STATUS_BLOCK IoStatus,
3788 IN PIRP Irp OPTIONAL,
3789 IN PVOID Context,
3790 IN BOOLEAN AlreadySynchronized
3791 );
3792
3793 /*
3794 FsRtlProcessFileLock:
3795
3796 ret:
3797 -STATUS_INVALID_DEVICE_REQUEST
3798 -STATUS_RANGE_NOT_LOCKED from unlock routines.
3799 -STATUS_PENDING, STATUS_LOCK_NOT_GRANTED from FsRtlPrivateLock
3800 (redirected IoStatus->Status).
3801
3802 Internals:
3803 -switch ( Irp->CurrentStackLocation->MinorFunction )
3804 lock: return FsRtlPrivateLock;
3805 unlocksingle: return FsRtlFastUnlockSingle;
3806 unlockall: return FsRtlFastUnlockAll;
3807 unlockallbykey: return FsRtlFastUnlockAllByKey;
3808 default: IofCompleteRequest with STATUS_INVALID_DEVICE_REQUEST;
3809 return STATUS_INVALID_DEVICE_REQUEST;
3810
3811 -'AllwaysZero' is passed thru as 'AllwaysZero' to lock / unlock routines.
3812 -'Irp' is passet thru as 'Irp' to FsRtlPrivateLock.
3813 */
3814 NTKERNELAPI
3815 NTSTATUS
3816 NTAPI
3817 FsRtlProcessFileLock (
3818 IN PFILE_LOCK FileLock,
3819 IN PIRP Irp,
3820 IN PVOID Context OPTIONAL
3821 );
3822
3823 NTKERNELAPI
3824 NTSTATUS
3825 NTAPI
3826 FsRtlRegisterUncProvider (
3827 IN OUT PHANDLE MupHandle,
3828 IN PUNICODE_STRING RedirectorDeviceName,
3829 IN BOOLEAN MailslotsSupported
3830 );
3831
3832 NTKERNELAPI
3833 VOID
3834 NTAPI
3835 FsRtlRemoveBaseMcbEntry (
3836 IN PBASE_MCB Mcb,
3837 IN LONGLONG Vbn,
3838 IN LONGLONG SectorCount
3839 );
3840
3841 NTKERNELAPI
3842 VOID
3843 NTAPI
3844 FsRtlRemoveLargeMcbEntry (
3845 IN PLARGE_MCB Mcb,
3846 IN LONGLONG Vbn,
3847 IN LONGLONG SectorCount
3848 );
3849
3850 NTKERNELAPI
3851 VOID
3852 NTAPI
3853 FsRtlRemoveMcbEntry (
3854 IN PMCB Mcb,
3855 IN VBN Vbn,
3856 IN ULONG SectorCount
3857 );
3858
3859 NTKERNELAPI
3860 PFSRTL_PER_STREAM_CONTEXT
3861 NTAPI
3862 FsRtlRemovePerStreamContext (
3863 IN PFSRTL_ADVANCED_FCB_HEADER StreamContext,
3864 IN PVOID OwnerId OPTIONAL,
3865 IN PVOID InstanceId OPTIONAL
3866 );
3867
3868 NTKERNELAPI
3869 VOID
3870 NTAPI
3871 FsRtlResetBaseMcb (
3872 IN PBASE_MCB Mcb
3873 );
3874
3875 NTKERNELAPI
3876 VOID
3877 NTAPI
3878 FsRtlResetLargeMcb (
3879 IN PLARGE_MCB Mcb,
3880 IN BOOLEAN SelfSynchronized
3881 );
3882
3883 NTKERNELAPI
3884 BOOLEAN
3885 NTAPI
3886 FsRtlSplitBaseMcb (
3887 IN PBASE_MCB Mcb,
3888 IN LONGLONG Vbn,
3889 IN LONGLONG Amount
3890 );
3891
3892 NTKERNELAPI
3893 BOOLEAN
3894 NTAPI
3895 FsRtlSplitLargeMcb (
3896 IN PLARGE_MCB Mcb,
3897 IN LONGLONG Vbn,
3898 IN LONGLONG Amount
3899 );
3900
3901 #define FsRtlSupportsPerStreamContexts(FO) ( \
3902 (BOOLEAN)((NULL != FsRtlGetPerStreamContextPointer(FO) && \
3903 FlagOn(FsRtlGetPerStreamContextPointer(FO)->Flags2, \
3904 FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS)) \
3905 )
3906
3907 NTKERNELAPI
3908 VOID
3909 NTAPI
3910 FsRtlTruncateBaseMcb (
3911 IN PBASE_MCB Mcb,
3912 IN LONGLONG Vbn
3913 );
3914
3915 NTKERNELAPI
3916 VOID
3917 NTAPI
3918 FsRtlTruncateLargeMcb (
3919 IN PLARGE_MCB Mcb,
3920 IN LONGLONG Vbn
3921 );
3922
3923 NTKERNELAPI
3924 VOID
3925 NTAPI
3926 FsRtlTruncateMcb (
3927 IN PMCB Mcb,
3928 IN VBN Vbn
3929 );
3930
3931 NTKERNELAPI
3932 VOID
3933 NTAPI
3934 FsRtlUninitializeBaseMcb (
3935 IN PBASE_MCB Mcb
3936 );
3937
3938 NTKERNELAPI
3939 VOID
3940 NTAPI
3941 FsRtlUninitializeFileLock (
3942 IN PFILE_LOCK FileLock
3943 );
3944
3945 NTKERNELAPI
3946 VOID
3947 NTAPI
3948 FsRtlUninitializeLargeMcb (
3949 IN PLARGE_MCB Mcb
3950 );
3951
3952 NTKERNELAPI
3953 VOID
3954 NTAPI
3955 FsRtlUninitializeMcb (
3956 IN PMCB Mcb
3957 );
3958
3959 NTKERNELAPI
3960 VOID
3961 NTAPI
3962 FsRtlUninitializeOplock (
3963 IN OUT POPLOCK Oplock
3964 );
3965
3966 NTKERNELAPI
3967 UCHAR
3968 NTAPI
3969 KeSetIdealProcessorThread(
3970 IN OUT PKTHREAD Thread,
3971 IN UCHAR Processor
3972 );
3973
3974 NTKERNELAPI
3975 NTSTATUS
3976 NTAPI
3977 IoAttachDeviceToDeviceStackSafe(
3978 IN PDEVICE_OBJECT SourceDevice,
3979 IN PDEVICE_OBJECT TargetDevice,
3980 OUT PDEVICE_OBJECT *AttachedToDeviceObject
3981 );
3982
3983 NTKERNELAPI
3984 VOID
3985 NTAPI
3986 IoAcquireVpbSpinLock (
3987 OUT PKIRQL Irql
3988 );
3989
3990 NTKERNELAPI
3991 NTSTATUS
3992 NTAPI
3993 IoCheckDesiredAccess (
3994 IN OUT PACCESS_MASK DesiredAccess,
3995 IN ACCESS_MASK GrantedAccess
3996 );
3997
3998 NTKERNELAPI
3999 NTSTATUS
4000 NTAPI
4001 IoCheckEaBufferValidity (
4002 IN PFILE_FULL_EA_INFORMATION EaBuffer,
4003 IN ULONG EaLength,
4004 OUT PULONG ErrorOffset
4005 );
4006
4007 NTKERNELAPI
4008 NTSTATUS
4009 NTAPI
4010 IoCheckFunctionAccess (
4011 IN ACCESS_MASK GrantedAccess,
4012 IN UCHAR MajorFunction,
4013 IN UCHAR MinorFunction,
4014 IN ULONG IoControlCode,
4015 IN PVOID Argument1 OPTIONAL,
4016 IN PVOID Argument2 OPTIONAL
4017 );
4018
4019 #if (VER_PRODUCTBUILD >= 2195)
4020
4021 NTKERNELAPI
4022 NTSTATUS
4023 NTAPI
4024 IoCheckQuotaBufferValidity (
4025 IN PFILE_QUOTA_INFORMATION QuotaBuffer,
4026 IN ULONG QuotaLength,
4027 OUT PULONG ErrorOffset
4028 );
4029
4030 #endif /* (VER_PRODUCTBUILD >= 2195) */
4031
4032 NTKERNELAPI
4033 PFILE_OBJECT
4034 NTAPI
4035 IoCreateStreamFileObject (
4036 IN PFILE_OBJECT FileObject OPTIONAL,
4037 IN PDEVICE_OBJECT DeviceObject OPTIONAL
4038 );
4039
4040 #if (VER_PRODUCTBUILD >= 2195)
4041
4042 NTKERNELAPI
4043 PFILE_OBJECT
4044 NTAPI
4045 IoCreateStreamFileObjectLite (
4046 IN PFILE_OBJECT FileObject OPTIONAL,
4047 IN PDEVICE_OBJECT DeviceObject OPTIONAL
4048 );
4049
4050 #endif /* (VER_PRODUCTBUILD >= 2195) */
4051
4052 NTKERNELAPI
4053 BOOLEAN
4054 NTAPI
4055 IoFastQueryNetworkAttributes (
4056 IN POBJECT_ATTRIBUTES ObjectAttributes,
4057 IN ACCESS_MASK DesiredAccess,
4058 IN ULONG OpenOptions,
4059 OUT PIO_STATUS_BLOCK IoStatus,
4060 OUT PFILE_NETWORK_OPEN_INFORMATION Buffer
4061 );
4062
4063 NTKERNELAPI
4064 PDEVICE_OBJECT
4065 NTAPI
4066 IoGetAttachedDevice (
4067 IN PDEVICE_OBJECT DeviceObject
4068 );
4069
4070 NTKERNELAPI
4071 PDEVICE_OBJECT
4072 NTAPI
4073 IoGetBaseFileSystemDeviceObject (
4074 IN PFILE_OBJECT FileObject
4075 );
4076
4077 #if (VER_PRODUCTBUILD >= 2600)
4078
4079 NTKERNELAPI
4080 PDEVICE_OBJECT
4081 NTAPI
4082 IoGetDeviceAttachmentBaseRef (
4083 IN PDEVICE_OBJECT DeviceObject
4084 );
4085
4086 NTKERNELAPI
4087 NTSTATUS
4088 NTAPI
4089 IoGetDiskDeviceObject (
4090 IN PDEVICE_OBJECT FileSystemDeviceObject,
4091 OUT PDEVICE_OBJECT *DiskDeviceObject
4092 );
4093
4094 NTKERNELAPI
4095 PDEVICE_OBJECT
4096 NTAPI
4097 IoGetLowerDeviceObject (
4098 IN PDEVICE_OBJECT DeviceObject
4099 );
4100
4101 #endif /* (VER_PRODUCTBUILD >= 2600) */
4102
4103 NTKERNELAPI
4104 PEPROCESS
4105 NTAPI
4106 IoGetRequestorProcess (
4107 IN PIRP Irp
4108 );
4109
4110 #if (VER_PRODUCTBUILD >= 2195)
4111
4112 NTKERNELAPI
4113 ULONG
4114 NTAPI
4115 IoGetRequestorProcessId (
4116 IN PIRP Irp
4117 );
4118
4119 #endif /* (VER_PRODUCTBUILD >= 2195) */
4120
4121 NTKERNELAPI
4122 PIRP
4123 NTAPI
4124 IoGetTopLevelIrp (
4125 VOID
4126 );
4127
4128 #define IoIsFileOpenedExclusively(FileObject) ( \
4129 (BOOLEAN) !( \
4130 (FileObject)->SharedRead || \
4131 (FileObject)->SharedWrite || \
4132 (FileObject)->SharedDelete \
4133 ) \
4134 )
4135
4136 NTKERNELAPI
4137 BOOLEAN
4138 NTAPI
4139 IoIsOperationSynchronous (
4140 IN PIRP Irp
4141 );
4142
4143 NTKERNELAPI
4144 BOOLEAN
4145 NTAPI
4146 IoIsSystemThread (
4147 IN PETHREAD Thread
4148 );
4149
4150 #if (VER_PRODUCTBUILD >= 2195)
4151
4152 NTKERNELAPI
4153 BOOLEAN
4154 NTAPI
4155 IoIsValidNameGraftingBuffer (
4156 IN PIRP Irp,
4157 IN PREPARSE_DATA_BUFFER ReparseBuffer
4158 );
4159
4160 #endif /* (VER_PRODUCTBUILD >= 2195) */
4161
4162 NTKERNELAPI
4163 NTSTATUS
4164 NTAPI
4165 IoPageRead (
4166 IN PFILE_OBJECT FileObject,
4167 IN PMDL Mdl,
4168 IN PLARGE_INTEGER Offset,
4169 IN PKEVENT Event,
4170 OUT PIO_STATUS_BLOCK IoStatusBlock
4171 );
4172
4173 NTKERNELAPI
4174 NTSTATUS
4175 NTAPI
4176 IoQueryFileInformation (
4177 IN PFILE_OBJECT FileObject,
4178 IN FILE_INFORMATION_CLASS FileInformationClass,
4179 IN ULONG Length,
4180 OUT PVOID FileInformation,
4181 OUT PULONG ReturnedLength
4182 );
4183
4184 NTKERNELAPI
4185 NTSTATUS
4186 NTAPI
4187 IoQueryVolumeInformation (
4188 IN PFILE_OBJECT FileObject,
4189 IN FS_INFORMATION_CLASS FsInformationClass,
4190 IN ULONG Length,
4191 OUT PVOID FsInformation,
4192 OUT PULONG ReturnedLength
4193 );
4194
4195 NTKERNELAPI
4196 VOID
4197 NTAPI
4198 IoQueueThreadIrp(
4199 IN PIRP Irp
4200 );
4201
4202 NTKERNELAPI
4203 VOID
4204 NTAPI
4205 IoRegisterFileSystem (
4206 IN OUT PDEVICE_OBJECT DeviceObject
4207 );
4208
4209 #if (VER_PRODUCTBUILD >= 1381)
4210
4211 typedef VOID (NTAPI *PDRIVER_FS_NOTIFICATION) (
4212 IN PDEVICE_OBJECT DeviceObject,
4213 IN BOOLEAN DriverActive
4214 );
4215
4216 NTKERNELAPI
4217 NTSTATUS
4218 NTAPI
4219 IoRegisterFsRegistrationChange (
4220 IN PDRIVER_OBJECT DriverObject,
4221 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
4222 );
4223
4224 #endif /* (VER_PRODUCTBUILD >= 1381) */
4225
4226 NTKERNELAPI
4227 VOID
4228 NTAPI
4229 IoReleaseVpbSpinLock (
4230 IN KIRQL Irql
4231 );
4232
4233 NTKERNELAPI
4234 VOID
4235 NTAPI
4236 IoSetDeviceToVerify (
4237 IN PETHREAD Thread,
4238 IN PDEVICE_OBJECT DeviceObject
4239 );
4240
4241 NTKERNELAPI
4242 NTSTATUS
4243 NTAPI
4244 IoSetInformation (
4245 IN PFILE_OBJECT FileObject,
4246 IN FILE_INFORMATION_CLASS FileInformationClass,
4247 IN ULONG Length,
4248 IN PVOID FileInformation
4249 );
4250
4251 NTKERNELAPI
4252 VOID
4253 NTAPI
4254 IoSetTopLevelIrp (
4255 IN PIRP Irp
4256 );
4257
4258 NTKERNELAPI
4259 NTSTATUS
4260 NTAPI
4261 IoSynchronousPageWrite (
4262 IN PFILE_OBJECT FileObject,
4263 IN PMDL Mdl,
4264 IN PLARGE_INTEGER FileOffset,
4265 IN PKEVENT Event,
4266 OUT PIO_STATUS_BLOCK IoStatusBlock
4267 );
4268
4269 NTKERNELAPI
4270 PEPROCESS
4271 NTAPI
4272 IoThreadToProcess (
4273 IN PETHREAD Thread
4274 );
4275
4276 NTKERNELAPI
4277 VOID
4278 NTAPI
4279 IoUnregisterFileSystem (
4280 IN OUT PDEVICE_OBJECT DeviceObject
4281 );
4282
4283 #if (VER_PRODUCTBUILD >= 1381)
4284
4285 NTKERNELAPI
4286 VOID
4287 NTAPI
4288 IoUnregisterFsRegistrationChange (
4289 IN PDRIVER_OBJECT DriverObject,
4290 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
4291 );
4292
4293 #endif /* (VER_PRODUCTBUILD >= 1381) */
4294
4295 NTKERNELAPI
4296 NTSTATUS
4297 NTAPI
4298 IoVerifyVolume (
4299 IN PDEVICE_OBJECT DeviceObject,
4300 IN BOOLEAN AllowRawMount
4301 );
4302
4303 #if !defined (_M_AMD64)
4304
4305 NTHALAPI
4306 KIRQL
4307 FASTCALL
4308 KeAcquireQueuedSpinLock (
4309 IN KSPIN_LOCK_QUEUE_NUMBER Number
4310 );
4311
4312 NTHALAPI
4313 VOID
4314 FASTCALL
4315 KeReleaseQueuedSpinLock (
4316 IN KSPIN_LOCK_QUEUE_NUMBER Number,
4317 IN KIRQL OldIrql
4318 );
4319
4320 NTHALAPI
4321 KIRQL
4322 FASTCALL
4323 KeAcquireSpinLockRaiseToSynch(
4324 IN OUT PKSPIN_LOCK SpinLock
4325 );
4326
4327 NTHALAPI
4328 LOGICAL
4329 FASTCALL
4330 KeTryToAcquireQueuedSpinLock(
4331 KSPIN_LOCK_QUEUE_NUMBER Number,
4332 PKIRQL OldIrql);
4333
4334 #else
4335
4336 NTKERNELAPI
4337 KIRQL
4338 FASTCALL
4339 KeAcquireQueuedSpinLock (
4340 IN KSPIN_LOCK_QUEUE_NUMBER Number
4341 );
4342
4343 NTKERNELAPI
4344 VOID
4345 FASTCALL
4346 KeReleaseQueuedSpinLock (
4347 IN KSPIN_LOCK_QUEUE_NUMBER Number,
4348 IN KIRQL OldIrql
4349 );
4350
4351 NTKERNELAPI
4352 KIRQL
4353 KeAcquireSpinLockRaiseToSynch(
4354 IN OUT PKSPIN_LOCK SpinLock
4355 );
4356
4357 NTKERNELAPI
4358 LOGICAL
4359 KeTryToAcquireQueuedSpinLock(
4360 KSPIN_LOCK_QUEUE_NUMBER Number,
4361 PKIRQL OldIrql);
4362
4363 #endif
4364
4365 NTKERNELAPI
4366 VOID
4367 NTAPI
4368 KeAttachProcess (
4369 IN PKPROCESS Process
4370 );
4371
4372 NTKERNELAPI
4373 VOID
4374 NTAPI
4375 KeDetachProcess (
4376 VOID
4377 );
4378
4379 NTKERNELAPI
4380 VOID
4381 NTAPI
4382 KeInitializeQueue (
4383 IN PRKQUEUE Queue,
4384 IN ULONG Count OPTIONAL
4385 );
4386
4387 NTKERNELAPI
4388 LONG
4389 NTAPI
4390 KeInsertHeadQueue (
4391 IN PRKQUEUE Queue,
4392 IN PLIST_ENTRY Entry
4393 );
4394
4395 NTKERNELAPI
4396 LONG
4397 NTAPI
4398 KeInsertQueue (
4399 IN PRKQUEUE Queue,
4400 IN PLIST_ENTRY Entry
4401 );
4402
4403 NTKERNELAPI
4404 LONG
4405 NTAPI
4406 KeReadStateQueue (
4407 IN PRKQUEUE Queue
4408 );
4409
4410 NTKERNELAPI
4411 PLIST_ENTRY
4412 NTAPI
4413 KeRemoveQueue (
4414 IN PRKQUEUE Queue,
4415 IN KPROCESSOR_MODE WaitMode,
4416 IN PLARGE_INTEGER Timeout OPTIONAL
4417 );
4418
4419 NTKERNELAPI
4420 PLIST_ENTRY
4421 NTAPI
4422 KeRundownQueue (
4423 IN PRKQUEUE Queue
4424 );
4425
4426 NTKERNELAPI
4427 VOID
4428 NTAPI
4429 KeInitializeMutant (
4430 IN PRKMUTANT Mutant,
4431 IN BOOLEAN InitialOwner
4432 );
4433
4434 NTKERNELAPI
4435 LONG
4436 NTAPI
4437 KeReadStateMutant (
4438 IN PRKMUTANT Mutant
4439 );
4440
4441 NTKERNELAPI
4442 LONG
4443 NTAPI
4444 KeReleaseMutant (
4445 IN PRKMUTANT Mutant,
4446 IN KPRIORITY Increment,
4447 IN BOOLEAN Abandoned,
4448 IN BOOLEAN Wait
4449 );
4450
4451 #if (VER_PRODUCTBUILD >= 2195)
4452
4453 NTKERNELAPI
4454 VOID
4455 NTAPI
4456 KeStackAttachProcess (
4457 IN PKPROCESS Process,
4458 OUT PKAPC_STATE ApcState
4459 );
4460
4461 NTKERNELAPI
4462 VOID
4463 NTAPI
4464 KeUnstackDetachProcess (
4465 IN PKAPC_STATE ApcState
4466 );
4467
4468 #endif /* (VER_PRODUCTBUILD >= 2195) */
4469
4470 NTKERNELAPI
4471 BOOLEAN
4472 NTAPI
4473 KeSetKernelStackSwapEnable(
4474 IN BOOLEAN Enable
4475 );
4476
4477 NTKERNELAPI
4478 BOOLEAN
4479 NTAPI
4480 MmCanFileBeTruncated (
4481 IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
4482 IN PLARGE_INTEGER NewFileSize
4483 );
4484
4485 NTKERNELAPI
4486 BOOLEAN
4487 NTAPI
4488 MmFlushImageSection (
4489 IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
4490 IN MMFLUSH_TYPE FlushType
4491 );
4492
4493 NTKERNELAPI
4494 BOOLEAN
4495 NTAPI
4496 MmForceSectionClosed (
4497 IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
4498 IN BOOLEAN DelayClose
4499 );
4500
4501 #if (VER_PRODUCTBUILD >= 1381)
4502
4503 NTKERNELAPI
4504 BOOLEAN
4505 NTAPI
4506 MmIsRecursiveIoFault (
4507 VOID
4508 );
4509
4510 #else
4511
4512 #define MmIsRecursiveIoFault() ( \
4513 (PsGetCurrentThread()->DisablePageFaultClustering) | \
4514 (PsGetCurrentThread()->ForwardClusterOnly) \
4515 )
4516
4517 #endif
4518
4519
4520 NTKERNELAPI
4521 BOOLEAN
4522 NTAPI
4523 MmSetAddressRangeModified (
4524 IN PVOID Address,
4525 IN SIZE_T Length
4526 );
4527
4528 NTKERNELAPI
4529 NTSTATUS
4530 NTAPI
4531 ObCreateObject (
4532 IN KPROCESSOR_MODE ObjectAttributesAccessMode OPTIONAL,
4533 IN POBJECT_TYPE ObjectType,
4534 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
4535 IN KPROCESSOR_MODE AccessMode,
4536 IN OUT PVOID ParseContext OPTIONAL,
4537 IN ULONG ObjectSize,
4538 IN ULONG PagedPoolCharge OPTIONAL,
4539 IN ULONG NonPagedPoolCharge OPTIONAL,
4540 OUT PVOID *Object
4541 );
4542
4543 NTKERNELAPI
4544 ULONG
4545 NTAPI
4546 ObGetObjectPointerCount (
4547 IN PVOID Object
4548 );
4549
4550 NTKERNELAPI
4551 NTSTATUS
4552 NTAPI
4553 ObInsertObject (
4554 IN PVOID Object,
4555 IN PACCESS_STATE PassedAccessState OPTIONAL,
4556 IN ACCESS_MASK DesiredAccess,
4557 IN ULONG AdditionalReferences,
4558 OUT PVOID *ReferencedObject OPTIONAL,
4559 OUT PHANDLE Handle
4560 );
4561
4562 NTKERNELAPI
4563 VOID
4564 NTAPI
4565 ObMakeTemporaryObject (
4566 IN PVOID Object
4567 );
4568
4569 NTKERNELAPI
4570 NTSTATUS
4571 NTAPI
4572 ObOpenObjectByPointer (
4573 IN PVOID Object,
4574 IN ULONG HandleAttributes,
4575 IN PACCESS_STATE PassedAccessState OPTIONAL,
4576 IN ACCESS_MASK DesiredAccess OPTIONAL,
4577 IN POBJECT_TYPE ObjectType OPTIONAL,
4578 IN KPROCESSOR_MODE AccessMode,
4579 OUT PHANDLE Handle
4580 );
4581
4582 NTKERNELAPI
4583 NTSTATUS
4584 NTAPI
4585 ObQueryNameString (
4586 IN PVOID Object,
4587 OUT POBJECT_NAME_INFORMATION ObjectNameInfo,
4588 IN ULONG Length,
4589 OUT PULONG ReturnLength
4590 );
4591
4592 NTKERNELAPI
4593 NTSTATUS
4594 NTAPI
4595 ObQueryObjectAuditingByHandle (
4596 IN HANDLE Handle,
4597 OUT PBOOLEAN GenerateOnClose
4598 );
4599
4600 NTKERNELAPI
4601 NTSTATUS
4602 NTAPI
4603 ObReferenceObjectByName (
4604 IN PUNICODE_STRING ObjectName,
4605 IN ULONG Attributes,
4606 IN PACCESS_STATE PassedAccessState OPTIONAL,
4607 IN ACCESS_MASK DesiredAccess OPTIONAL,
4608 IN POBJECT_TYPE ObjectType,
4609 IN KPROCESSOR_MODE AccessMode,
4610 IN OUT PVOID ParseContext OPTIONAL,
4611 OUT PVOID *Object
4612 );
4613
4614 NTKERNELAPI
4615 NTSTATUS
4616 NTAPI
4617 PsAssignImpersonationToken (
4618 IN PETHREAD Thread,
4619 IN HANDLE Token
4620 );
4621
4622 NTKERNELAPI
4623 VOID
4624 NTAPI
4625 PsChargePoolQuota (
4626 IN PEPROCESS Process,
4627 IN POOL_TYPE PoolType,
4628 IN SIZE_T Amount
4629 );
4630
4631 NTKERNELAPI
4632 NTSTATUS
4633 NTAPI
4634 PsChargeProcessPoolQuota (
4635 IN PEPROCESS Process,
4636 IN POOL_TYPE PoolType,
4637 IN SIZE_T Amount
4638 );
4639
4640 #define PsDereferenceImpersonationToken(T) \
4641 {if (ARGUMENT_PRESENT(T)) { \
4642 (ObDereferenceObject((T))); \
4643 } else { \
4644 ; \
4645 } \
4646 }
4647
4648 #define PsDereferencePrimaryToken(T) (ObDereferenceObject((T)))
4649
4650 NTKERNELAPI
4651 BOOLEAN
4652 NTAPI
4653 PsDisableImpersonation(
4654 IN PETHREAD Thread,
4655 IN PSE_IMPERSONATION_STATE ImpersonationState
4656 );
4657
4658 NTKERNELAPI
4659 LARGE_INTEGER
4660 NTAPI
4661 PsGetProcessExitTime (
4662 VOID
4663 );
4664
4665 NTKERNELAPI
4666 NTSTATUS
4667 NTAPI
4668 PsImpersonateClient(
4669 IN PETHREAD Thread,
4670 IN PACCESS_TOKEN Token,
4671 IN BOOLEAN CopyOnOpen,
4672 IN BOOLEAN EffectiveOnly,
4673 IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
4674 );
4675
4676 NTKERNELAPI
4677 BOOLEAN
4678 NTAPI
4679 PsIsSystemThread(
4680 IN PETHREAD Thread
4681 );
4682
4683 NTKERNELAPI
4684 BOOLEAN
4685 NTAPI
4686 PsIsThreadTerminating (
4687 IN PETHREAD Thread
4688 );
4689
4690 NTKERNELAPI
4691 NTSTATUS
4692 NTAPI
4693 PsLookupProcessByProcessId (
4694 IN HANDLE ProcessId,
4695 OUT PEPROCESS *Process
4696 );
4697
4698 NTKERNELAPI
4699 NTSTATUS
4700 NTAPI
4701 PsLookupProcessThreadByCid (
4702 IN PCLIENT_ID Cid,
4703 OUT PEPROCESS *Process OPTIONAL,
4704 OUT PETHREAD *Thread
4705 );
4706
4707 NTKERNELAPI
4708 NTSTATUS
4709 NTAPI
4710 PsLookupThreadByThreadId (
4711 IN HANDLE UniqueThreadId,
4712 OUT PETHREAD *Thread
4713 );
4714
4715 NTKERNELAPI
4716 PACCESS_TOKEN
4717 NTAPI
4718 PsReferenceImpersonationToken (
4719 IN PETHREAD Thread,
4720 OUT PBOOLEAN CopyOnUse,
4721 OUT PBOOLEAN EffectiveOnly,
4722 OUT PSECURITY_IMPERSONATION_LEVEL Level
4723 );
4724
4725 NTKERNELAPI
4726 HANDLE
4727 NTAPI
4728 PsReferencePrimaryToken (
4729 IN PEPROCESS Process
4730 );
4731
4732 NTKERNELAPI
4733 VOID
4734 NTAPI
4735 PsRestoreImpersonation(
4736 IN PETHREAD Thread,
4737 IN PSE_IMPERSONATION_STATE ImpersonationState
4738 );
4739
4740 NTKERNELAPI
4741 VOID
4742 NTAPI
4743 PsReturnPoolQuota (
4744 IN PEPROCESS Process,
4745 IN POOL_TYPE PoolType,
4746 IN SIZE_T Amount
4747 );
4748
4749 NTKERNELAPI
4750 VOID
4751 NTAPI
4752 PsRevertToSelf (
4753 VOID
4754 );
4755
4756 NTSYSAPI
4757 NTSTATUS
4758 NTAPI
4759 RtlAbsoluteToSelfRelativeSD (
4760 IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor,
4761 IN OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor,
4762 IN PULONG BufferLength
4763 );
4764
4765 NTSYSAPI
4766 PVOID
4767 NTAPI
4768 RtlAllocateHeap (
4769 IN HANDLE HeapHandle,
4770 IN ULONG Flags,
4771 IN SIZE_T Size
4772 );
4773
4774 NTSYSAPI
4775 NTSTATUS
4776 NTAPI
4777 RtlAppendStringToString(
4778 PSTRING Destination,
4779 const STRING *Source
4780 );
4781
4782 NTSYSAPI
4783 USHORT
4784 NTAPI
4785 RtlCaptureStackBackTrace (
4786 IN ULONG FramesToSkip,
4787 IN ULONG FramesToCapture,
4788 OUT PVOID *BackTrace,
4789 OUT PULONG BackTraceHash OPTIONAL
4790 );
4791
4792 NTSYSAPI
4793 SIZE_T
4794 NTAPI
4795 RtlCompareMemoryUlong (
4796 PVOID Source,
4797 SIZE_T Length,
4798 ULONG Pattern
4799 );
4800
4801 NTSYSAPI
4802 NTSTATUS
4803 NTAPI
4804 RtlCompressBuffer (
4805 IN USHORT CompressionFormatAndEngine,
4806 IN PUCHAR UncompressedBuffer,
4807 IN ULONG UncompressedBufferSize,
4808 OUT PUCHAR CompressedBuffer,
4809 IN ULONG CompressedBufferSize,
4810 IN ULONG UncompressedChunkSize,
4811 OUT PULONG FinalCompressedSize,
4812 IN PVOID WorkSpace
4813 );
4814
4815 NTSYSAPI
4816 NTSTATUS
4817 NTAPI
4818 RtlCompressChunks (
4819 IN PUCHAR UncompressedBuffer,
4820 IN ULONG UncompressedBufferSize,
4821 OUT PUCHAR CompressedBuffer,
4822 IN ULONG CompressedBufferSize,
4823 IN OUT PCOMPRESSED_DATA_INFO CompressedDataInfo,
4824 IN ULONG CompressedDataInfoLength,
4825 IN PVOID WorkSpace
4826 );
4827
4828 NTSYSAPI
4829 NTSTATUS
4830 NTAPI
4831 RtlConvertSidToUnicodeString (
4832 OUT PUNICODE_STRING DestinationString,
4833 IN PSID Sid,
4834 IN BOOLEAN AllocateDestinationString
4835 );
4836
4837 NTSYSAPI
4838 NTSTATUS
4839 NTAPI
4840 RtlCopySid (
4841 IN ULONG Length,
4842 IN PSID Destination,
4843 IN PSID Source
4844 );
4845
4846 NTSYSAPI
4847 BOOLEAN
4848 NTAPI
4849 RtlCreateUnicodeString(
4850 PUNICODE_STRING DestinationString,
4851 PCWSTR SourceString
4852 );
4853
4854 NTSYSAPI
4855 NTSTATUS
4856 NTAPI
4857 RtlDecompressBuffer (
4858 IN USHORT CompressionFormat,
4859 OUT PUCHAR UncompressedBuffer,
4860 IN ULONG UncompressedBufferSize,
4861 IN PUCHAR CompressedBuffer,
4862 IN ULONG CompressedBufferSize,
4863 OUT PULONG FinalUncompressedSize
4864 );
4865
4866 NTSYSAPI
4867 NTSTATUS
4868 NTAPI
4869 RtlDecompressChunks (
4870 OUT PUCHAR UncompressedBuffer,
4871 IN ULONG UncompressedBufferSize,
4872 IN PUCHAR CompressedBuffer,
4873 IN ULONG CompressedBufferSize,
4874 IN PUCHAR CompressedTail,
4875 IN ULONG CompressedTailSize,
4876 IN PCOMPRESSED_DATA_INFO CompressedDataInfo
4877 );
4878
4879 NTSYSAPI
4880 NTSTATUS
4881 NTAPI
4882 RtlDecompressFragment (
4883 IN USHORT CompressionFormat,
4884 OUT PUCHAR UncompressedFragment,
4885 IN ULONG UncompressedFragmentSize,
4886 IN PUCHAR CompressedBuffer,
4887 IN ULONG CompressedBufferSize,
4888 IN ULONG FragmentOffset,
4889 OUT PULONG FinalUncompressedSize,
4890 IN PVOID WorkSpace
4891 );
4892
4893 NTSYSAPI
4894 NTSTATUS
4895 NTAPI
4896 RtlDescribeChunk (
4897 IN USHORT CompressionFormat,
4898 IN OUT PUCHAR *CompressedBuffer,
4899 IN PUCHAR EndOfCompressedBufferPlus1,
4900 OUT PUCHAR *ChunkBuffer,
4901 OUT PULONG ChunkSize
4902 );
4903
4904 NTSYSAPI
4905 NTSTATUS
4906 NTAPI
4907 RtlDowncaseUnicodeString(
4908 IN OUT PUNICODE_STRING UniDest,
4909 IN PCUNICODE_STRING UniSource,
4910 IN BOOLEAN AllocateDestinationString
4911 );
4912
4913 NTSYSAPI
4914 NTSTATUS
4915 NTAPI
4916 RtlDuplicateUnicodeString(
4917 IN ULONG Flags,
4918 IN PCUNICODE_STRING SourceString,
4919 OUT PUNICODE_STRING DestinationString
4920 );
4921
4922 NTSYSAPI
4923 BOOLEAN
4924 NTAPI
4925 RtlEqualSid (
4926 IN PSID Sid1,
4927 IN PSID Sid2
4928 );
4929
4930 NTSYSAPI
4931 VOID
4932 NTAPI
4933 RtlFillMemoryUlong (
4934 IN PVOID Destination,
4935 IN ULONG Length,
4936 IN ULONG Fill
4937 );
4938
4939 NTSYSAPI
4940 BOOLEAN
4941 NTAPI
4942 RtlFreeHeap (
4943 IN HANDLE HeapHandle,
4944 IN ULONG Flags,
4945 IN PVOID P
4946 );
4947
4948 NTSYSAPI
4949 VOID
4950 NTAPI
4951 RtlFreeOemString (
4952 IN POEM_STRING OemString
4953 );
4954
4955 NTSYSAPI
4956 VOID
4957 NTAPI
4958 RtlGenerate8dot3Name (
4959 IN PUNICODE_STRING Name,
4960 IN BOOLEAN AllowExtendedCharacters,
4961 IN OUT PGENERATE_NAME_CONTEXT Context,
4962 OUT PUNICODE_STRING Name8dot3
4963 );
4964
4965 NTSYSAPI
4966 NTSTATUS
4967 NTAPI
4968 RtlGetCompressionWorkSpaceSize (
4969 IN USHORT CompressionFormatAndEngine,
4970 OUT PULONG CompressBufferWorkSpaceSize,
4971 OUT PULONG CompressFragmentWorkSpaceSize
4972 );
4973
4974 NTSYSAPI
4975 NTSTATUS
4976 NTAPI
4977 RtlGetDaclSecurityDescriptor (
4978 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
4979 OUT PBOOLEAN DaclPresent,
4980 OUT PACL *Dacl,
4981 OUT PBOOLEAN DaclDefaulted
4982 );
4983
4984 NTSYSAPI
4985 NTSTATUS
4986 NTAPI
4987 RtlGetGroupSecurityDescriptor (
4988 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
4989 OUT PSID *Group,
4990 OUT PBOOLEAN GroupDefaulted
4991 );
4992
4993 NTSYSAPI
4994 NTSTATUS
4995 NTAPI
4996 RtlGetOwnerSecurityDescriptor (
4997 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
4998 OUT PSID *Owner,
4999 OUT PBOOLEAN OwnerDefaulted
5000 );
5001
5002 NTSYSAPI
5003 NTSTATUS
5004 NTAPI
5005 RtlInitializeSid (
5006 IN OUT PSID Sid,
5007 IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
5008 IN UCHAR SubAuthorityCount
5009 );
5010
5011 NTSYSAPI
5012 BOOLEAN
5013 NTAPI
5014 RtlIsNameLegalDOS8Dot3(
5015 IN PCUNICODE_STRING Name,
5016 IN OUT POEM_STRING OemName OPTIONAL,
5017 IN OUT PBOOLEAN NameContainsSpaces OPTIONAL
5018 );
5019
5020 NTSYSAPI
5021 ULONG
5022 NTAPI
5023 RtlLengthRequiredSid (
5024 IN ULONG SubAuthorityCount
5025 );
5026
5027 NTSYSAPI
5028 ULONG
5029 NTAPI
5030 RtlLengthSid (
5031 IN PSID Sid
5032 );
5033
5034 NTSYSAPI
5035 ULONG
5036 NTAPI
5037 RtlNtStatusToDosError (
5038 IN NTSTATUS Status
5039 );
5040
5041 NTSYSAPI
5042 ULONG
5043 NTAPI
5044 RtlxUnicodeStringToOemSize(
5045 PCUNICODE_STRING UnicodeString
5046 );
5047
5048 NTSYSAPI
5049 ULONG
5050 NTAPI
5051 RtlxOemStringToUnicodeSize(
5052 PCOEM_STRING OemString
5053 );
5054
5055 #define RtlOemStringToUnicodeSize(STRING) ( \
5056 NLS_MB_OEM_CODE_PAGE_TAG ? \
5057 RtlxOemStringToUnicodeSize(STRING) : \
5058 ((STRING)->Length + sizeof(ANSI_NULL)) * sizeof(WCHAR) \
5059 )
5060
5061 #define RtlOemStringToCountedUnicodeSize(STRING) ( \
5062 (ULONG)(RtlOemStringToUnicodeSize(STRING) - sizeof(UNICODE_NULL)) \
5063 )
5064
5065
5066 NTSYSAPI
5067 NTSTATUS
5068 NTAPI
5069 RtlOemStringToUnicodeString(
5070 IN OUT PUNICODE_STRING DestinationString,
5071 IN PCOEM_STRING SourceString,
5072 IN BOOLEAN AllocateDestinationString
5073 );
5074
5075 NTSYSAPI
5076 NTSTATUS
5077 NTAPI
5078 RtlUnicodeStringToOemString(
5079 IN OUT POEM_STRING DestinationString,
5080 IN PCUNICODE_STRING SourceString,
5081 IN BOOLEAN AllocateDestinationString
5082 );
5083
5084 NTSYSAPI
5085 NTSTATUS
5086 NTAPI
5087 RtlOemStringToCountedUnicodeString(
5088 IN OUT PUNICODE_STRING DestinationString,
5089 IN PCOEM_STRING SourceString,
5090 IN BOOLEAN AllocateDestinationString
5091 );
5092
5093 NTSYSAPI
5094 NTSTATUS
5095 NTAPI
5096 RtlUnicodeStringToCountedOemString(
5097 IN OUT POEM_STRING DestinationString,
5098 IN PCUNICODE_STRING SourceString,
5099 IN BOOLEAN AllocateDestinationString
5100 );
5101
5102 NTSYSAPI
5103 NTSTATUS
5104 NTAPI
5105 RtlReserveChunk (
5106 IN USHORT CompressionFormat,
5107 IN OUT PUCHAR *CompressedBuffer,
5108 IN PUCHAR EndOfCompressedBufferPlus1,
5109 OUT PUCHAR *ChunkBuffer,
5110 IN ULONG ChunkSize
5111 );
5112
5113 NTSYSAPI
5114 VOID
5115 NTAPI
5116 RtlSecondsSince1970ToTime (
5117 IN ULONG SecondsSince1970,
5118 OUT PLARGE_INTEGER Time
5119 );
5120
5121 NTSYSAPI
5122 NTSTATUS
5123 NTAPI
5124 RtlSetGroupSecurityDescriptor (
5125 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
5126 IN PSID Group,
5127 IN BOOLEAN GroupDefaulted
5128 );
5129
5130 NTSYSAPI
5131 NTSTATUS
5132 NTAPI
5133 RtlSetOwnerSecurityDescriptor (
5134 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
5135 IN PSID Owner,
5136 IN BOOLEAN OwnerDefaulted
5137 );
5138
5139 NTSYSAPI
5140 NTSTATUS
5141 NTAPI
5142 RtlSetSaclSecurityDescriptor (
5143 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
5144 IN BOOLEAN SaclPresent,
5145 IN PACL Sacl,
5146 IN BOOLEAN SaclDefaulted
5147 );
5148
5149 NTSYSAPI
5150 PUCHAR
5151 NTAPI
5152 RtlSubAuthorityCountSid (
5153 IN PSID Sid
5154 );
5155
5156 NTSYSAPI
5157 PULONG
5158 NTAPI
5159 RtlSubAuthoritySid (
5160 IN PSID Sid,
5161 IN ULONG SubAuthority
5162 );
5163
5164 NTSYSAPI
5165 NTSTATUS
5166 NTAPI
5167 RtlUnicodeStringToCountedOemString (
5168 IN OUT POEM_STRING DestinationString,
5169 IN PCUNICODE_STRING SourceString,
5170 IN BOOLEAN AllocateDestinationString
5171 );
5172
5173 NTSYSAPI
5174 NTSTATUS
5175 NTAPI
5176 RtlUnicodeToMultiByteN(
5177 OUT PCHAR MultiByteString,
5178 IN ULONG MaxBytesInMultiByteString,
5179 OUT PULONG BytesInMultiByteString OPTIONAL,
5180 IN PWCH UnicodeString,
5181 IN ULONG BytesInUnicodeString
5182 );
5183
5184 NTSYSAPI
5185 NTSTATUS
5186 NTAPI
5187 RtlOemToUnicodeN(
5188 OUT PWSTR UnicodeString,
5189 IN ULONG MaxBytesInUnicodeString,
5190 OUT PULONG BytesInUnicodeString OPTIONAL,
5191 IN PCH OemString,
5192 IN ULONG BytesInOemString
5193 );
5194
5195 /* RTL Splay Tree Functions */
5196 NTSYSAPI
5197 PRTL_SPLAY_LINKS
5198 NTAPI
5199 RtlSplay(PRTL_SPLAY_LINKS Links);
5200
5201 NTSYSAPI
5202 PRTL_SPLAY_LINKS
5203 NTAPI
5204 RtlDelete(PRTL_SPLAY_LINKS Links);
5205
5206 NTSYSAPI
5207 VOID
5208 NTAPI
5209 RtlDeleteNoSplay(
5210 PRTL_SPLAY_LINKS Links,
5211 PRTL_SPLAY_LINKS *Root
5212 );
5213
5214 NTSYSAPI
5215 PRTL_SPLAY_LINKS
5216 NTAPI
5217 RtlSubtreeSuccessor(PRTL_SPLAY_LINKS Links);
5218
5219 NTSYSAPI
5220 PRTL_SPLAY_LINKS
5221 NTAPI
5222 RtlSubtreePredecessor(PRTL_SPLAY_LINKS Links);
5223
5224 NTSYSAPI
5225 PRTL_SPLAY_LINKS
5226 NTAPI
5227 RtlRealSuccessor(PRTL_SPLAY_LINKS Links);
5228
5229 NTSYSAPI
5230 PRTL_SPLAY_LINKS
5231 NTAPI
5232 RtlRealPredecessor(PRTL_SPLAY_LINKS Links);
5233
5234 #define RtlIsLeftChild(Links) \
5235 (RtlLeftChild(RtlParent(Links)) == (PRTL_SPLAY_LINKS)(Links))
5236
5237 #define RtlIsRightChild(Links) \
5238 (RtlRightChild(RtlParent(Links)) == (PRTL_SPLAY_LINKS)(Links))
5239
5240 #define RtlRightChild(Links) \
5241 ((PRTL_SPLAY_LINKS)(Links))->RightChild
5242
5243 #define RtlIsRoot(Links) \
5244 (RtlParent(Links) == (PRTL_SPLAY_LINKS)(Links))
5245
5246 #define RtlLeftChild(Links) \
5247 ((PRTL_SPLAY_LINKS)(Links))->LeftChild
5248
5249 #define RtlParent(Links) \
5250 ((PRTL_SPLAY_LINKS)(Links))->Parent
5251
5252 #define RtlInitializeSplayLinks(Links) \
5253 { \
5254 PRTL_SPLAY_LINKS _SplayLinks; \
5255 _SplayLinks = (PRTL_SPLAY_LINKS)(Links); \
5256 _SplayLinks->Parent = _SplayLinks; \
5257 _SplayLinks->LeftChild = NULL; \
5258 _SplayLinks->RightChild = NULL; \
5259 }
5260
5261 #define RtlInsertAsLeftChild(ParentLinks,ChildLinks) \
5262 { \
5263 PRTL_SPLAY_LINKS _SplayParent; \
5264 PRTL_SPLAY_LINKS _SplayChild; \
5265 _SplayParent = (PRTL_SPLAY_LINKS)(ParentLinks); \
5266 _SplayChild = (PRTL_SPLAY_LINKS)(ChildLinks); \
5267 _SplayParent->LeftChild = _SplayChild; \
5268 _SplayChild->Parent = _SplayParent; \
5269 }
5270
5271 #define RtlInsertAsRightChild(ParentLinks,ChildLinks) \
5272 { \
5273 PRTL_SPLAY_LINKS _SplayParent; \
5274 PRTL_SPLAY_LINKS _SplayChild; \
5275 _SplayParent = (PRTL_SPLAY_LINKS)(ParentLinks); \
5276 _SplayChild = (PRTL_SPLAY_LINKS)(ChildLinks); \
5277 _SplayParent->RightChild = _SplayChild; \
5278 _SplayChild->Parent = _SplayParent; \
5279 }
5280
5281 NTSYSAPI
5282 BOOLEAN
5283 NTAPI
5284 RtlValidSid (
5285 IN PSID Sid
5286 );
5287
5288 //
5289 // RTL time functions
5290 //
5291
5292 NTSYSAPI
5293 BOOLEAN
5294 NTAPI
5295 RtlTimeToSecondsSince1980 (
5296 PLARGE_INTEGER Time,
5297 PULONG ElapsedSeconds
5298 );
5299
5300 NTSYSAPI
5301 VOID
5302 NTAPI
5303 RtlSecondsSince1980ToTime (
5304 ULONG ElapsedSeconds,
5305 PLARGE_INTEGER Time
5306 );
5307
5308 NTSYSAPI
5309 BOOLEAN
5310 NTAPI
5311 RtlTimeToSecondsSince1970 (
5312 PLARGE_INTEGER Time,
5313 PULONG ElapsedSeconds
5314 );
5315
5316 NTSYSAPI
5317 VOID
5318 NTAPI
5319 RtlSecondsSince1970ToTime (
5320 ULONG ElapsedSeconds,
5321 PLARGE_INTEGER Time
5322 );
5323
5324 NTKERNELAPI
5325 NTSTATUS
5326 NTAPI
5327 SeAppendPrivileges (
5328 PACCESS_STATE AccessState,
5329 PPRIVILEGE_SET Privileges
5330 );
5331
5332 NTKERNELAPI
5333 BOOLEAN
5334 NTAPI
5335 SeAuditingFileEvents (
5336 IN BOOLEAN AccessGranted,
5337 IN PSECURITY_DESCRIPTOR SecurityDescriptor
5338 );
5339
5340 NTKERNELAPI
5341 BOOLEAN
5342 NTAPI
5343 SeAuditingFileOrGlobalEvents (
5344 IN BOOLEAN AccessGranted,
5345 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
5346 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
5347 );
5348
5349 NTKERNELAPI
5350 VOID
5351 NTAPI
5352 SeCaptureSubjectContext (
5353 OUT PSECURITY_SUBJECT_CONTEXT SubjectContext
5354 );
5355
5356 NTKERNELAPI
5357 NTSTATUS
5358 NTAPI
5359 SeCreateClientSecurity (
5360 IN PETHREAD Thread,
5361 IN PSECURITY_QUALITY_OF_SERVICE QualityOfService,
5362 IN BOOLEAN RemoteClient,
5363 OUT PSECURITY_CLIENT_CONTEXT ClientContext
5364 );
5365
5366 #if (VER_PRODUCTBUILD >= 2195)
5367
5368 NTKERNELAPI
5369 NTSTATUS
5370 NTAPI
5371 SeCreateClientSecurityFromSubjectContext (
5372 IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
5373 IN PSECURITY_QUALITY_OF_SERVICE QualityOfService,
5374 IN BOOLEAN ServerIsRemote,
5375 OUT PSECURITY_CLIENT_CONTEXT ClientContext
5376 );
5377
5378 #endif /* (VER_PRODUCTBUILD >= 2195) */
5379
5380
5381 #define SeLengthSid( Sid ) \
5382 (8 + (4 * ((SID *)Sid)->SubAuthorityCount))
5383
5384 #define SeDeleteClientSecurity(C) { \
5385 if (SeTokenType((C)->ClientToken) == TokenPrimary) { \
5386 PsDereferencePrimaryToken( (C)->ClientToken ); \
5387 } else { \
5388 PsDereferenceImpersonationToken( (C)->ClientToken ); \
5389 } \
5390 }
5391
5392 NTKERNELAPI
5393 VOID
5394 NTAPI
5395 SeDeleteObjectAuditAlarm (
5396 IN PVOID Object,
5397 IN HANDLE Handle
5398 );
5399
5400 #define SeEnableAccessToExports() SeExports = *(PSE_EXPORTS *)SeExports;
5401
5402 NTKERNELAPI
5403 VOID
5404 NTAPI
5405 SeFreePrivileges (
5406 IN PPRIVILEGE_SET Privileges
5407 );
5408
5409 NTKERNELAPI
5410 VOID
5411 NTAPI
5412 SeImpersonateClient (
5413 IN PSECURITY_CLIENT_CONTEXT ClientContext,
5414 IN PETHREAD ServerThread OPTIONAL
5415 );
5416
5417 #if (VER_PRODUCTBUILD >= 2195)
5418
5419 NTKERNELAPI
5420 NTSTATUS
5421 NTAPI
5422 SeImpersonateClientEx (
5423 IN PSECURITY_CLIENT_CONTEXT ClientContext,
5424 IN PETHREAD ServerThread OPTIONAL
5425 );
5426
5427 #endif /* (VER_PRODUCTBUILD >= 2195) */
5428
5429 NTKERNELAPI
5430 VOID
5431 NTAPI
5432 SeLockSubjectContext (
5433 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
5434 );
5435
5436 NTKERNELAPI
5437 NTSTATUS
5438 NTAPI
5439 SeMarkLogonSessionForTerminationNotification (
5440 IN PLUID LogonId
5441 );
5442
5443 NTKERNELAPI
5444 VOID
5445 NTAPI
5446 SeOpenObjectAuditAlarm (
5447 IN PUNICODE_STRING ObjectTypeName,
5448 IN PVOID Object OPTIONAL,
5449 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
5450 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
5451 IN PACCESS_STATE AccessState,
5452 IN BOOLEAN ObjectCreated,
5453 IN BOOLEAN AccessGranted,
5454 IN KPROCESSOR_MODE AccessMode,
5455 OUT PBOOLEAN GenerateOnClose
5456 );
5457
5458 NTKERNELAPI
5459 VOID
5460 NTAPI
5461 SeOpenObjectForDeleteAuditAlarm (
5462 IN PUNICODE_STRING ObjectTypeName,
5463 IN PVOID Object OPTIONAL,
5464 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
5465 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
5466 IN PACCESS_STATE AccessState,
5467 IN BOOLEAN ObjectCreated,
5468 IN BOOLEAN AccessGranted,
5469 IN KPROCESSOR_MODE AccessMode,
5470 OUT PBOOLEAN GenerateOnClose
5471 );
5472
5473 NTKERNELAPI
5474 BOOLEAN
5475 NTAPI
5476 SePrivilegeCheck (
5477 IN OUT PPRIVILEGE_SET RequiredPrivileges,
5478 IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
5479 IN KPROCESSOR_MODE AccessMode
5480 );
5481
5482 NTKERNELAPI
5483 NTSTATUS
5484 NTAPI
5485 SeQueryAuthenticationIdToken (
5486 IN PACCESS_TOKEN Token,
5487 OUT PLUID LogonId
5488 );
5489
5490 #if (VER_PRODUCTBUILD >= 2195)
5491
5492 NTKERNELAPI
5493 NTSTATUS
5494 NTAPI
5495 SeQueryInformationToken (
5496 IN PACCESS_TOKEN Token,
5497 IN TOKEN_INFORMATION_CLASS TokenInformationClass,
5498 OUT PVOID *TokenInformation
5499 );
5500
5501 #endif /* (VER_PRODUCTBUILD >= 2195) */
5502
5503 NTKERNELAPI
5504 NTSTATUS
5505 NTAPI
5506 SeQuerySecurityDescriptorInfo (
5507 IN PSECURITY_INFORMATION SecurityInformation,
5508 OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
5509 IN OUT PULONG Length,
5510 IN PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor
5511 );
5512
5513 #if (VER_PRODUCTBUILD >= 2195)
5514
5515 NTKERNELAPI
5516 NTSTATUS
5517 NTAPI
5518 SeQuerySessionIdToken (
5519 IN PACCESS_TOKEN Token,
5520 IN PULONG SessionId
5521 );
5522
5523 #endif /* (VER_PRODUCTBUILD >= 2195) */
5524
5525 #define SeQuerySubjectContextToken( SubjectContext ) \
5526 ( ARGUMENT_PRESENT( \
5527 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken \
5528 ) ? \
5529 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken : \
5530 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->PrimaryToken )
5531
5532 typedef NTSTATUS (NTAPI *PSE_LOGON_SESSION_TERMINATED_ROUTINE) (
5533 IN PLUID LogonId
5534 );
5535
5536 NTKERNELAPI
5537 NTSTATUS
5538 NTAPI
5539 SeRegisterLogonSessionTerminatedRoutine (
5540 IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
5541 );
5542
5543 NTKERNELAPI
5544 VOID
5545 NTAPI
5546 SeReleaseSubjectContext (
5547 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
5548 );
5549
5550 NTKERNELAPI
5551 VOID
5552 NTAPI
5553 SeSetAccessStateGenericMapping (
5554 PACCESS_STATE AccessState,
5555 PGENERIC_MAPPING GenericMapping
5556 );
5557
5558 NTKERNELAPI
5559 NTSTATUS
5560 NTAPI
5561 SeSetSecurityDescriptorInfo (
5562 IN PVOID Object OPTIONAL,
5563 IN PSECURITY_INFORMATION SecurityInformation,
5564 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
5565 IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
5566 IN POOL_TYPE PoolType,
5567 IN PGENERIC_MAPPING GenericMapping
5568 );
5569
5570 #if (VER_PRODUCTBUILD >= 2195)
5571
5572 NTKERNELAPI
5573 NTSTATUS
5574 NTAPI
5575 SeSetSecurityDescriptorInfoEx (
5576 IN PVOID Object OPTIONAL,
5577 IN PSECURITY_INFORMATION SecurityInformation,
5578 IN PSECURITY_DESCRIPTOR ModificationDescriptor,
5579 IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
5580 IN ULONG AutoInheritFlags,
5581 IN POOL_TYPE PoolType,
5582 IN PGENERIC_MAPPING GenericMapping
5583 );
5584
5585 NTKERNELAPI
5586 BOOLEAN
5587 NTAPI
5588 SeTokenIsAdmin (
5589 IN PACCESS_TOKEN Token
5590 );
5591
5592 NTKERNELAPI
5593 BOOLEAN
5594 NTAPI
5595 SeTokenIsRestricted (
5596 IN PACCESS_TOKEN Token
5597 );
5598
5599
5600 NTSTATUS
5601 NTAPI
5602 SeLocateProcessImageName(
5603 IN PEPROCESS Process,
5604 OUT PUNICODE_STRING *pImageFileName
5605 );
5606
5607 #endif /* (VER_PRODUCTBUILD >= 2195) */
5608
5609 NTKERNELAPI
5610 TOKEN_TYPE
5611 NTAPI
5612 SeTokenType (
5613 IN PACCESS_TOKEN Token
5614 );
5615
5616 NTKERNELAPI
5617 VOID
5618 NTAPI
5619 SeUnlockSubjectContext (
5620 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
5621 );
5622
5623 NTKERNELAPI
5624 NTSTATUS
5625 NTAPI
5626 SeUnregisterLogonSessionTerminatedRoutine (
5627 IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
5628 );
5629
5630 #if (VER_PRODUCTBUILD >= 2195)
5631
5632 NTSYSAPI
5633 NTSTATUS
5634 NTAPI
5635 ZwAdjustPrivilegesToken (
5636 IN HANDLE TokenHandle,
5637 IN BOOLEAN DisableAllPrivileges,
5638 IN PTOKEN_PRIVILEGES NewState,
5639 IN ULONG BufferLength,
5640 OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL,
5641 OUT PULONG ReturnLength
5642 );
5643
5644 #endif /* (VER_PRODUCTBUILD >= 2195) */
5645
5646 NTSYSAPI
5647 NTSTATUS
5648 NTAPI
5649 ZwAlertThread (
5650 IN HANDLE ThreadHandle
5651 );
5652
5653 NTSYSAPI
5654 NTSTATUS
5655 NTAPI
5656 ZwAllocateVirtualMemory (
5657 IN HANDLE ProcessHandle,
5658 IN OUT PVOID *BaseAddress,
5659 IN ULONG_PTR ZeroBits,
5660 IN OUT PSIZE_T RegionSize,
5661 IN ULONG AllocationType,
5662 IN ULONG Protect
5663 );
5664
5665 NTSTATUS
5666 NTAPI
5667 NtAccessCheckByTypeAndAuditAlarm(
5668 IN PUNICODE_STRING SubsystemName,
5669 IN HANDLE HandleId,
5670 IN PUNICODE_STRING ObjectTypeName,
5671 IN PUNICODE_STRING ObjectName,
5672 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
5673 IN PSID PrincipalSelfSid,
5674 IN ACCESS_MASK DesiredAccess,
5675 IN AUDIT_EVENT_TYPE AuditType,
5676 IN ULONG Flags,
5677 IN POBJECT_TYPE_LIST ObjectTypeList,
5678 IN ULONG ObjectTypeLength,
5679 IN PGENERIC_MAPPING GenericMapping,
5680 IN BOOLEAN ObjectCreation,
5681 OUT PACCESS_MASK GrantedAccess,
5682 OUT PNTSTATUS AccessStatus,
5683 OUT PBOOLEAN GenerateOnClose
5684 );
5685
5686 NTSTATUS
5687 NTAPI
5688 NtAccessCheckByTypeResultListAndAuditAlarm(
5689 IN PUNICODE_STRING SubsystemName,
5690 IN HANDLE HandleId,
5691 IN PUNICODE_STRING ObjectTypeName,
5692 IN PUNICODE_STRING ObjectName,
5693 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
5694 IN PSID PrincipalSelfSid,
5695 IN ACCESS_MASK DesiredAccess,
5696 IN AUDIT_EVENT_TYPE AuditType,
5697 IN ULONG Flags,
5698 IN POBJECT_TYPE_LIST ObjectTypeList,
5699 IN ULONG ObjectTypeLength,
5700 IN PGENERIC_MAPPING GenericMapping,
5701 IN BOOLEAN ObjectCreation,
5702 OUT PACCESS_MASK GrantedAccess,
5703 OUT PNTSTATUS AccessStatus,
5704 OUT PBOOLEAN GenerateOnClose
5705 );
5706
5707 NTSTATUS
5708 NTAPI
5709 NtAccessCheckByTypeResultListAndAuditAlarmByHandle(
5710 IN PUNICODE_STRING SubsystemName,
5711 IN HANDLE HandleId,
5712 IN HANDLE ClientToken,
5713 IN PUNICODE_STRING ObjectTypeName,
5714 IN PUNICODE_STRING ObjectName,
5715 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
5716 IN PSID PrincipalSelfSid,
5717 IN ACCESS_MASK DesiredAccess,
5718 IN AUDIT_EVENT_TYPE AuditType,
5719 IN ULONG Flags,
5720 IN POBJECT_TYPE_LIST ObjectTypeList,
5721 IN ULONG ObjectTypeLength,
5722 IN PGENERIC_MAPPING GenericMapping,
5723 IN BOOLEAN ObjectCreation,
5724 OUT PACCESS_MASK GrantedAccess,
5725 OUT PNTSTATUS AccessStatus,
5726 OUT PBOOLEAN GenerateOnClose
5727 );
5728
5729 NTSYSAPI
5730 NTSTATUS
5731 NTAPI
5732 ZwAccessCheckAndAuditAlarm (
5733 IN PUNICODE_STRING SubsystemName,
5734 IN PVOID HandleId,
5735 IN PUNICODE_STRING ObjectTypeName,
5736 IN PUNICODE_STRING ObjectName,
5737 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
5738 IN ACCESS_MASK DesiredAccess,
5739 IN PGENERIC_MAPPING GenericMapping,
5740 IN BOOLEAN ObjectCreation,
5741 OUT PACCESS_MASK GrantedAccess,
5742 OUT PBOOLEAN AccessStatus,
5743 OUT PBOOLEAN GenerateOnClose
5744 );
5745
5746 #if (VER_PRODUCTBUILD >= 2195)
5747
5748 NTSYSAPI
5749 NTSTATUS
5750 NTAPI
5751 ZwCancelIoFile (
5752 IN HANDLE FileHandle,
5753 OUT PIO_STATUS_BLOCK IoStatusBlock
5754 );
5755
5756 #endif /* (VER_PRODUCTBUILD >= 2195) */
5757
5758 NTSYSAPI
5759 NTSTATUS
5760 NTAPI
5761 ZwClearEvent (
5762 IN HANDLE EventHandle
5763 );
5764
5765 NTSYSAPI
5766 NTSTATUS
5767 NTAPI
5768 ZwCloseObjectAuditAlarm (
5769 IN PUNICODE_STRING SubsystemName,
5770 IN PVOID HandleId,
5771 IN BOOLEAN GenerateOnClose
5772 );
5773
5774 NTSYSAPI
5775 NTSTATUS
5776 NTAPI
5777 ZwCreateSection (
5778 OUT PHANDLE SectionHandle,
5779 IN ACCESS_MASK DesiredAccess,
5780 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
5781 IN PLARGE_INTEGER MaximumSize OPTIONAL,
5782 IN ULONG SectionPageProtection,
5783 IN ULONG AllocationAttributes,
5784 IN HANDLE FileHandle OPTIONAL
5785 );
5786
5787 NTSYSAPI
5788 NTSTATUS
5789 NTAPI
5790 ZwCreateSymbolicLinkObject (
5791 OUT PHANDLE SymbolicLinkHandle,
5792 IN ACCESS_MASK DesiredAccess,
5793 IN POBJECT_ATTRIBUTES ObjectAttributes,
5794 IN PUNICODE_STRING TargetName
5795 );
5796
5797 NTSYSAPI
5798 NTSTATUS
5799 NTAPI
5800 ZwDeleteFile (
5801 IN POBJECT_ATTRIBUTES ObjectAttributes
5802 );
5803
5804 NTSYSAPI
5805 NTSTATUS
5806 NTAPI
5807 ZwDeleteValueKey (
5808 IN HANDLE Handle,
5809 IN PUNICODE_STRING Name
5810 );
5811
5812 NTSYSAPI
5813 NTSTATUS
5814 NTAPI
5815 ZwDeviceIoControlFile (
5816 IN HANDLE FileHandle,
5817 IN HANDLE Event OPTIONAL,
5818 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
5819 IN PVOID ApcContext OPTIONAL,
5820 OUT PIO_STATUS_BLOCK IoStatusBlock,
5821 IN ULONG IoControlCode,
5822 IN PVOID InputBuffer OPTIONAL,
5823 IN ULONG InputBufferLength,
5824 OUT PVOID OutputBuffer OPTIONAL,
5825 IN ULONG OutputBufferLength
5826 );
5827
5828 NTSYSAPI
5829 NTSTATUS
5830 NTAPI
5831 ZwDisplayString (
5832 IN PUNICODE_STRING String
5833 );
5834
5835 NTSYSAPI
5836 NTSTATUS
5837 NTAPI
5838 ZwDuplicateObject (
5839 IN HANDLE SourceProcessHandle,
5840 IN HANDLE SourceHandle,
5841 IN HANDLE TargetProcessHandle OPTIONAL,
5842 OUT PHANDLE TargetHandle OPTIONAL,
5843 IN ACCESS_MASK DesiredAccess,
5844 IN ULONG HandleAttributes,
5845 IN ULONG Options
5846 );
5847
5848 NTSYSAPI
5849 NTSTATUS
5850 NTAPI
5851 ZwDuplicateToken (
5852 IN HANDLE ExistingTokenHandle,
5853 IN ACCESS_MASK DesiredAccess,
5854 IN POBJECT_ATTRIBUTES ObjectAttributes,
5855 IN BOOLEAN EffectiveOnly,
5856 IN TOKEN_TYPE TokenType,
5857 OUT PHANDLE NewTokenHandle
5858 );
5859
5860 NTSTATUS
5861 NTAPI
5862 NtFilterToken(
5863 IN HANDLE ExistingTokenHandle,
5864 IN ULONG Flags,
5865 IN PTOKEN_GROUPS SidsToDisable OPTIONAL,
5866 IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL,
5867 IN PTOKEN_GROUPS RestrictedSids OPTIONAL,
5868 OUT PHANDLE NewTokenHandle
5869 );
5870
5871 NTSYSAPI
5872 NTSTATUS
5873 NTAPI
5874 ZwFlushInstructionCache (
5875 IN HANDLE ProcessHandle,
5876 IN PVOID BaseAddress OPTIONAL,
5877 IN ULONG FlushSize
5878 );
5879
5880 NTSYSAPI
5881 NTSTATUS
5882 NTAPI
5883 ZwFlushBuffersFile(
5884 IN HANDLE FileHandle,
5885 OUT PIO_STATUS_BLOCK IoStatusBlock
5886 );
5887
5888 #if (VER_PRODUCTBUILD >= 2195)
5889
5890 NTSYSAPI
5891 NTSTATUS
5892 NTAPI
5893 ZwFlushVirtualMemory (
5894 IN HANDLE ProcessHandle,
5895 IN OUT PVOID *BaseAddress,
5896 IN OUT PULONG FlushSize,
5897 OUT PIO_STATUS_BLOCK IoStatusBlock
5898 );
5899
5900 #endif /* (VER_PRODUCTBUILD >= 2195) */
5901
5902 NTSYSAPI
5903 NTSTATUS
5904 NTAPI
5905 ZwFreeVirtualMemory (
5906 IN HANDLE ProcessHandle,
5907 IN OUT PVOID *BaseAddress,
5908 IN OUT PSIZE_T RegionSize,
5909 IN ULONG FreeType
5910 );
5911
5912 NTSYSAPI
5913 NTSTATUS
5914 NTAPI
5915 ZwFsControlFile (
5916 IN HANDLE FileHandle,
5917 IN HANDLE Event OPTIONAL,
5918 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
5919 IN PVOID ApcContext OPTIONAL,
5920 OUT PIO_STATUS_BLOCK IoStatusBlock,
5921 IN ULONG FsControlCode,
5922 IN PVOID InputBuffer OPTIONAL,
5923 IN ULONG InputBufferLength,
5924 OUT PVOID OutputBuffer OPTIONAL,
5925 IN ULONG OutputBufferLength
5926 );
5927
5928 #if (VER_PRODUCTBUILD >= 2195)
5929
5930 NTSYSAPI
5931 NTSTATUS
5932 NTAPI
5933 ZwInitiatePowerAction (
5934 IN POWER_ACTION SystemAction,
5935 IN SYSTEM_POWER_STATE MinSystemState,
5936 IN ULONG Flags,
5937 IN BOOLEAN Asynchronous
5938 );
5939
5940 #endif /* (VER_PRODUCTBUILD >= 2195) */
5941
5942 NTSYSAPI
5943 NTSTATUS
5944 NTAPI
5945 ZwLoadDriver (
5946 /* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" */
5947 IN PUNICODE_STRING RegistryPath
5948 );
5949
5950 NTSYSAPI
5951 NTSTATUS
5952 NTAPI
5953 ZwLoadKey (
5954 IN POBJECT_ATTRIBUTES KeyObjectAttributes,
5955 IN POBJECT_ATTRIBUTES FileObjectAttributes
5956 );
5957
5958 NTSYSAPI
5959 NTSTATUS
5960 NTAPI
5961 ZwNotifyChangeKey (
5962 IN HANDLE KeyHandle,
5963 IN HANDLE EventHandle OPTIONAL,
5964 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
5965 IN PVOID ApcContext OPTIONAL,
5966 OUT PIO_STATUS_BLOCK IoStatusBlock,
5967 IN ULONG NotifyFilter,
5968 IN BOOLEAN WatchSubtree,
5969 IN PVOID Buffer,
5970 IN ULONG BufferLength,
5971 IN BOOLEAN Asynchronous
5972 );
5973
5974 NTSYSAPI
5975 NTSTATUS
5976 NTAPI
5977 ZwOpenDirectoryObject (
5978 OUT PHANDLE DirectoryHandle,
5979 IN ACCESS_MASK DesiredAccess,
5980 IN POBJECT_ATTRIBUTES ObjectAttributes
5981 );
5982
5983 NTSYSAPI
5984 NTSTATUS
5985 NTAPI
5986 ZwOpenEvent (
5987 OUT PHANDLE EventHandle,
5988 IN ACCESS_MASK DesiredAccess,
5989 IN POBJECT_ATTRIBUTES ObjectAttributes
5990 );
5991
5992 NTSYSAPI
5993 NTSTATUS
5994 NTAPI
5995 ZwOpenProcess (
5996 OUT PHANDLE ProcessHandle,
5997 IN ACCESS_MASK DesiredAccess,
5998 IN POBJECT_ATTRIBUTES ObjectAttributes,
5999 IN PCLIENT_ID ClientId OPTIONAL
6000 );
6001
6002 NTSYSAPI
6003 NTSTATUS
6004 NTAPI
6005 ZwOpenProcessToken (
6006 IN HANDLE ProcessHandle,
6007 IN ACCESS_MASK DesiredAccess,
6008 OUT PHANDLE TokenHandle
6009 );
6010
6011 NTSYSAPI
6012 NTSTATUS
6013 NTAPI
6014 ZwOpenThread (
6015 OUT PHANDLE ThreadHandle,
6016 IN ACCESS_MASK DesiredAccess,
6017 IN POBJECT_ATTRIBUTES ObjectAttributes,
6018 IN PCLIENT_ID ClientId
6019 );
6020
6021 NTSYSAPI
6022 NTSTATUS
6023 NTAPI
6024 ZwOpenThreadToken (
6025 IN HANDLE ThreadHandle,
6026 IN ACCESS_MASK DesiredAccess,
6027 IN BOOLEAN OpenAsSelf,
6028 OUT PHANDLE TokenHandle
6029 );
6030
6031 #if (VER_PRODUCTBUILD >= 2195)
6032
6033 NTSYSAPI
6034 NTSTATUS
6035 NTAPI
6036 ZwPowerInformation (
6037 IN POWER_INFORMATION_LEVEL PowerInformationLevel,
6038 IN PVOID InputBuffer OPTIONAL,
6039 IN ULONG InputBufferLength,
6040 OUT PVOID OutputBuffer OPTIONAL,
6041 IN ULONG OutputBufferLength
6042 );
6043
6044 #endif /* (VER_PRODUCTBUILD >= 2195) */
6045
6046 NTSYSAPI
6047 NTSTATUS
6048 NTAPI
6049 ZwPulseEvent (
6050 IN HANDLE EventHandle,
6051 OUT PLONG PreviousState OPTIONAL
6052 );
6053
6054 NTSYSAPI
6055 NTSTATUS
6056 NTAPI
6057 ZwQueryDefaultLocale (
6058 IN BOOLEAN ThreadOrSystem,
6059 OUT PLCID Locale
6060 );
6061
6062 NTSYSAPI
6063 NTSTATUS
6064 NTAPI
6065 ZwQueryDirectoryFile (
6066 IN HANDLE FileHandle,
6067 IN HANDLE Event OPTIONAL,
6068 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
6069 IN PVOID ApcContext OPTIONAL,
6070 OUT PIO_STATUS_BLOCK IoStatusBlock,
6071 OUT PVOID FileInformation,
6072 IN ULONG Length,
6073 IN FILE_INFORMATION_CLASS FileInformationClass,
6074 IN BOOLEAN ReturnSingleEntry,
6075 IN PUNICODE_STRING FileName OPTIONAL,
6076 IN BOOLEAN RestartScan
6077 );
6078
6079 #if (VER_PRODUCTBUILD >= 2195)
6080
6081 NTSYSAPI
6082 NTSTATUS
6083 NTAPI
6084 ZwQueryDirectoryObject (
6085 IN HANDLE DirectoryHandle,
6086 OUT PVOID Buffer,
6087 IN ULONG Length,
6088 IN BOOLEAN ReturnSingleEntry,
6089 IN BOOLEAN RestartScan,
6090 IN OUT PULONG Context,
6091 OUT PULONG ReturnLength OPTIONAL
6092 );
6093
6094 NTSYSAPI
6095 NTSTATUS
6096 NTAPI
6097 ZwQueryEaFile (
6098 IN HANDLE FileHandle,
6099 OUT PIO_STATUS_BLOCK IoStatusBlock,
6100 OUT PVOID Buffer,
6101 IN ULONG Length,
6102 IN BOOLEAN ReturnSingleEntry,
6103 IN PVOID EaList OPTIONAL,
6104 IN ULONG EaListLength,
6105 IN PULONG EaIndex OPTIONAL,
6106 IN BOOLEAN RestartScan
6107 );
6108
6109 #endif /* (VER_PRODUCTBUILD >= 2195) */
6110
6111 NTSYSAPI
6112 NTSTATUS
6113 NTAPI
6114 ZwQueryInformationProcess (
6115 IN HANDLE ProcessHandle,
6116 IN PROCESSINFOCLASS ProcessInformationClass,
6117 OUT PVOID ProcessInformation,
6118 IN ULONG ProcessInformationLength,
6119 OUT PULONG ReturnLength OPTIONAL
6120 );
6121
6122 NTSYSAPI
6123 NTSTATUS
6124 NTAPI
6125 ZwQueryInformationToken (
6126 IN HANDLE TokenHandle,
6127 IN TOKEN_INFORMATION_CLASS TokenInformationClass,
6128 OUT PVOID TokenInformation,
6129 IN ULONG Length,
6130 OUT PULONG ResultLength
6131 );
6132
6133 NTSYSAPI
6134 NTSTATUS
6135 NTAPI
6136 ZwQuerySecurityObject (
6137 IN HANDLE FileHandle,
6138 IN SECURITY_INFORMATION SecurityInformation,
6139 OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
6140 IN ULONG Length,
6141 OUT PULONG ResultLength
6142 );
6143
6144 NTSYSAPI
6145 NTSTATUS
6146 NTAPI
6147 ZwQueryVolumeInformationFile (
6148 IN HANDLE FileHandle,
6149 OUT PIO_STATUS_BLOCK IoStatusBlock,
6150 OUT PVOID FsInformation,
6151 IN ULONG Length,
6152 IN FS_INFORMATION_CLASS FsInformationClass
6153 );
6154
6155 NTSYSAPI
6156 NTSTATUS
6157 NTAPI
6158 ZwReplaceKey (
6159 IN POBJECT_ATTRIBUTES NewFileObjectAttributes,
6160 IN HANDLE KeyHandle,
6161 IN POBJECT_ATTRIBUTES OldFileObjectAttributes
6162 );
6163
6164 NTSYSAPI
6165 NTSTATUS
6166 NTAPI
6167 ZwResetEvent (
6168 IN HANDLE EventHandle,
6169 OUT PLONG PreviousState OPTIONAL
6170 );
6171
6172 #if (VER_PRODUCTBUILD >= 2195)
6173
6174 NTSYSAPI
6175 NTSTATUS
6176 NTAPI
6177 ZwRestoreKey (
6178 IN HANDLE KeyHandle,
6179 IN HANDLE FileHandle,
6180 IN ULONG Flags
6181 );
6182
6183 #endif /* (VER_PRODUCTBUILD >= 2195) */
6184
6185 NTSYSAPI
6186 NTSTATUS
6187 NTAPI
6188 ZwSaveKey (
6189 IN HANDLE KeyHandle,
6190 IN HANDLE FileHandle
6191 );
6192
6193 NTSYSAPI
6194 NTSTATUS
6195 NTAPI
6196 ZwSetDefaultLocale (
6197 IN BOOLEAN ThreadOrSystem,
6198 IN LCID Locale
6199 );
6200
6201 #if (VER_PRODUCTBUILD >= 2195)
6202
6203 NTSYSAPI
6204 NTSTATUS
6205 NTAPI
6206 ZwSetDefaultUILanguage (
6207 IN LANGID LanguageId
6208 );
6209
6210 NTSYSAPI
6211 NTSTATUS
6212 NTAPI
6213 ZwSetEaFile (
6214 IN HANDLE FileHandle,
6215 OUT PIO_STATUS_BLOCK IoStatusBlock,
6216 OUT PVOID Buffer,
6217 IN ULONG Length
6218 );
6219
6220 #endif /* (VER_PRODUCTBUILD >= 2195) */
6221
6222 NTSYSAPI
6223 NTSTATUS
6224 NTAPI
6225 ZwSetEvent (
6226 IN HANDLE EventHandle,
6227 OUT PLONG PreviousState OPTIONAL
6228 );
6229
6230 NTSYSAPI
6231 NTSTATUS
6232 NTAPI
6233 ZwSetInformationProcess (
6234 IN HANDLE ProcessHandle,
6235 IN PROCESSINFOCLASS ProcessInformationClass,
6236 IN PVOID ProcessInformation,
6237 IN ULONG ProcessInformationLength
6238 );
6239
6240 #if (VER_PRODUCTBUILD >= 2195)
6241
6242 NTSYSAPI
6243 NTSTATUS
6244 NTAPI
6245 ZwSetSecurityObject (
6246 IN HANDLE Handle,
6247 IN SECURITY_INFORMATION SecurityInformation,
6248 IN PSECURITY_DESCRIPTOR SecurityDescriptor
6249 );
6250
6251 #endif /* (VER_PRODUCTBUILD >= 2195) */
6252
6253 NTSYSAPI
6254 NTSTATUS
6255 NTAPI
6256 ZwSetSystemTime (
6257 IN PLARGE_INTEGER NewTime,
6258 OUT PLARGE_INTEGER OldTime OPTIONAL
6259 );
6260
6261 #if (VER_PRODUCTBUILD >= 2195)
6262
6263 NTSYSAPI
6264 NTSTATUS
6265 NTAPI
6266 ZwSetVolumeInformationFile (
6267 IN HANDLE FileHandle,
6268 OUT PIO_STATUS_BLOCK IoStatusBlock,
6269 IN PVOID FsInformation,
6270 IN ULONG Length,
6271 IN FS_INFORMATION_CLASS FsInformationClass
6272 );
6273
6274 #endif /* (VER_PRODUCTBUILD >= 2195) */
6275
6276 NTSYSAPI
6277 NTSTATUS
6278 NTAPI
6279 ZwTerminateProcess (
6280 IN HANDLE ProcessHandle OPTIONAL,
6281 IN NTSTATUS ExitStatus
6282 );
6283
6284 NTSYSAPI
6285 NTSTATUS
6286 NTAPI
6287 ZwUnloadDriver (
6288 /* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" */
6289 IN PUNICODE_STRING RegistryPath
6290 );
6291
6292 NTSYSAPI
6293 NTSTATUS
6294 NTAPI
6295 ZwUnloadKey (
6296 IN POBJECT_ATTRIBUTES KeyObjectAttributes
6297 );
6298
6299 NTSYSAPI
6300 NTSTATUS
6301 NTAPI
6302 ZwWaitForSingleObject (
6303 IN HANDLE Handle,
6304 IN BOOLEAN Alertable,
6305 IN PLARGE_INTEGER Timeout OPTIONAL
6306 );
6307
6308 NTSYSAPI
6309 NTSTATUS
6310 NTAPI
6311 ZwWaitForMultipleObjects (
6312 IN ULONG HandleCount,
6313 IN PHANDLE Handles,
6314 IN WAIT_TYPE WaitType,
6315 IN BOOLEAN Alertable,
6316 IN PLARGE_INTEGER Timeout OPTIONAL
6317 );
6318
6319 NTSYSAPI
6320 NTSTATUS
6321 NTAPI
6322 ZwYieldExecution (
6323 VOID
6324 );
6325
6326 #pragma pack(pop)
6327
6328 #ifdef __cplusplus
6329 }
6330 #endif
6331
6332 #endif /* _NTIFS_ */
A free Windows-compatible Operating System