4 * Windows NT Filesystem Driver Developer Kit
6 * This file is part of the w32api package.
9 * Created by Bo Brantén <bosse@acc.umu.se>
11 * THIS SOFTWARE IS NOT COPYRIGHTED
13 * This source code is offered for use in the public domain. You may
14 * use, modify or distribute it freely.
16 * This code is distributed in the hope that it will be useful but
17 * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
18 * DISCLAIMED. This includes but is not limited to warranties of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
25 #define _NTIFS_INCLUDED_
28 /* Helper macro to enable gcc's extension. */
29 #ifndef __GNU_EXTENSION
31 #define __GNU_EXTENSION __extension__
33 #define __GNU_EXTENSION
41 #define NTKERNELAPI DECLSPEC_IMPORT
42 #define NTHALAPI DECLSPEC_IMPORT
53 #define FlagOn(_F,_SF) ((_F) & (_SF))
57 #define BooleanFlagOn(F,SF) ((BOOLEAN)(((F) & (SF)) != 0))
61 #define SetFlag(_F,_SF) ((_F) |= (_SF))
65 #define ClearFlag(_F,_SF) ((_F) &= ~(_SF))
68 typedef struct _BUS_HANDLER
*PBUS_HANDLER
;
69 typedef struct _CALLBACK_OBJECT
*PCALLBACK_OBJECT
;
70 typedef struct _DEVICE_HANDLER_OBJECT
*PDEVICE_HANDLER_OBJECT
;
71 typedef struct _IO_TIMER
*PIO_TIMER
;
72 typedef struct _KINTERRUPT
*PKINTERRUPT
;
73 typedef struct _KPROCESS
*PKPROCESS
,*PRKPROCESS
, *PEPROCESS
;
74 typedef struct _KTHREAD
*PKTHREAD
, *PRKTHREAD
, *PETHREAD
;
75 typedef struct _OBJECT_TYPE
*POBJECT_TYPE
;
76 typedef struct _PEB
*PPEB
;
77 typedef struct _ACL
*PACL
;
79 #define PsGetCurrentProcess IoGetCurrentProcess
81 #if (NTDDI_VERSION >= NTDDI_VISTA)
82 extern NTSYSAPI
volatile CCHAR KeNumberProcessors
;
83 #elif (NTDDI_VERSION >= NTDDI_WINXP)
84 extern NTSYSAPI CCHAR KeNumberProcessors
;
86 extern PCCHAR KeNumberProcessors
;
89 typedef UNICODE_STRING LSA_UNICODE_STRING
, *PLSA_UNICODE_STRING
;
90 typedef STRING LSA_STRING
, *PLSA_STRING
;
91 typedef OBJECT_ATTRIBUTES LSA_OBJECT_ATTRIBUTES
, *PLSA_OBJECT_ATTRIBUTES
;
93 #ifndef SID_IDENTIFIER_AUTHORITY_DEFINED
94 #define SID_IDENTIFIER_AUTHORITY_DEFINED
95 typedef struct _SID_IDENTIFIER_AUTHORITY
{
97 } SID_IDENTIFIER_AUTHORITY
,*PSID_IDENTIFIER_AUTHORITY
,*LPSID_IDENTIFIER_AUTHORITY
;
102 typedef struct _SID
{
104 UCHAR SubAuthorityCount
;
105 SID_IDENTIFIER_AUTHORITY IdentifierAuthority
;
106 ULONG SubAuthority
[ANYSIZE_ARRAY
];
110 #define SID_REVISION 1
111 #define SID_MAX_SUB_AUTHORITIES 15
112 #define SID_RECOMMENDED_SUB_AUTHORITIES 1
114 typedef enum _SID_NAME_USE
{
119 SidTypeWellKnownGroup
,
120 SidTypeDeletedAccount
,
125 } SID_NAME_USE
, *PSID_NAME_USE
;
127 typedef struct _SID_AND_ATTRIBUTES
{
130 } SID_AND_ATTRIBUTES
, *PSID_AND_ATTRIBUTES
;
131 typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY
[ANYSIZE_ARRAY
];
132 typedef SID_AND_ATTRIBUTES_ARRAY
*PSID_AND_ATTRIBUTES_ARRAY
;
134 #define SID_HASH_SIZE 32
135 typedef ULONG_PTR SID_HASH_ENTRY
, *PSID_HASH_ENTRY
;
137 typedef struct _SID_AND_ATTRIBUTES_HASH
{
139 PSID_AND_ATTRIBUTES SidAttr
;
140 SID_HASH_ENTRY Hash
[SID_HASH_SIZE
];
141 } SID_AND_ATTRIBUTES_HASH
, *PSID_AND_ATTRIBUTES_HASH
;
143 /* Universal well-known SIDs */
145 #define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0}
146 #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
147 #define SECURITY_LOCAL_SID_AUTHORITY {0,0,0,0,0,2}
148 #define SECURITY_CREATOR_SID_AUTHORITY {0,0,0,0,0,3}
149 #define SECURITY_NON_UNIQUE_AUTHORITY {0,0,0,0,0,4}
150 #define SECURITY_RESOURCE_MANAGER_AUTHORITY {0,0,0,0,0,9}
152 #define SECURITY_NULL_RID (0x00000000L)
153 #define SECURITY_WORLD_RID (0x00000000L)
154 #define SECURITY_LOCAL_RID (0x00000000L)
155 #define SECURITY_LOCAL_LOGON_RID (0x00000001L)
157 #define SECURITY_CREATOR_OWNER_RID (0x00000000L)
158 #define SECURITY_CREATOR_GROUP_RID (0x00000001L)
159 #define SECURITY_CREATOR_OWNER_SERVER_RID (0x00000002L)
160 #define SECURITY_CREATOR_GROUP_SERVER_RID (0x00000003L)
161 #define SECURITY_CREATOR_OWNER_RIGHTS_RID (0x00000004L)
163 /* NT well-known SIDs */
165 #define SECURITY_NT_AUTHORITY {0,0,0,0,0,5}
167 #define SECURITY_DIALUP_RID (0x00000001L)
168 #define SECURITY_NETWORK_RID (0x00000002L)
169 #define SECURITY_BATCH_RID (0x00000003L)
170 #define SECURITY_INTERACTIVE_RID (0x00000004L)
171 #define SECURITY_LOGON_IDS_RID (0x00000005L)
172 #define SECURITY_LOGON_IDS_RID_COUNT (3L)
173 #define SECURITY_SERVICE_RID (0x00000006L)
174 #define SECURITY_ANONYMOUS_LOGON_RID (0x00000007L)
175 #define SECURITY_PROXY_RID (0x00000008L)
176 #define SECURITY_ENTERPRISE_CONTROLLERS_RID (0x00000009L)
177 #define SECURITY_SERVER_LOGON_RID SECURITY_ENTERPRISE_CONTROLLERS_RID
178 #define SECURITY_PRINCIPAL_SELF_RID (0x0000000AL)
179 #define SECURITY_AUTHENTICATED_USER_RID (0x0000000BL)
180 #define SECURITY_RESTRICTED_CODE_RID (0x0000000CL)
181 #define SECURITY_TERMINAL_SERVER_RID (0x0000000DL)
182 #define SECURITY_REMOTE_LOGON_RID (0x0000000EL)
183 #define SECURITY_THIS_ORGANIZATION_RID (0x0000000FL)
184 #define SECURITY_IUSER_RID (0x00000011L)
185 #define SECURITY_LOCAL_SYSTEM_RID (0x00000012L)
186 #define SECURITY_LOCAL_SERVICE_RID (0x00000013L)
187 #define SECURITY_NETWORK_SERVICE_RID (0x00000014L)
188 #define SECURITY_NT_NON_UNIQUE (0x00000015L)
189 #define SECURITY_NT_NON_UNIQUE_SUB_AUTH_COUNT (3L)
190 #define SECURITY_ENTERPRISE_READONLY_CONTROLLERS_RID (0x00000016L)
192 #define SECURITY_BUILTIN_DOMAIN_RID (0x00000020L)
193 #define SECURITY_WRITE_RESTRICTED_CODE_RID (0x00000021L)
196 #define SECURITY_PACKAGE_BASE_RID (0x00000040L)
197 #define SECURITY_PACKAGE_RID_COUNT (2L)
198 #define SECURITY_PACKAGE_NTLM_RID (0x0000000AL)
199 #define SECURITY_PACKAGE_SCHANNEL_RID (0x0000000EL)
200 #define SECURITY_PACKAGE_DIGEST_RID (0x00000015L)
202 #define SECURITY_CRED_TYPE_BASE_RID (0x00000041L)
203 #define SECURITY_CRED_TYPE_RID_COUNT (2L)
204 #define SECURITY_CRED_TYPE_THIS_ORG_CERT_RID (0x00000001L)
206 #define SECURITY_MIN_BASE_RID (0x00000050L)
207 #define SECURITY_SERVICE_ID_BASE_RID (0x00000050L)
208 #define SECURITY_SERVICE_ID_RID_COUNT (6L)
209 #define SECURITY_RESERVED_ID_BASE_RID (0x00000051L)
210 #define SECURITY_APPPOOL_ID_BASE_RID (0x00000052L)
211 #define SECURITY_APPPOOL_ID_RID_COUNT (6L)
212 #define SECURITY_VIRTUALSERVER_ID_BASE_RID (0x00000053L)
213 #define SECURITY_VIRTUALSERVER_ID_RID_COUNT (6L)
214 #define SECURITY_USERMODEDRIVERHOST_ID_BASE_RID (0x00000054L)
215 #define SECURITY_USERMODEDRIVERHOST_ID_RID_COUNT (6L)
216 #define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_BASE_RID (0x00000055L)
217 #define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_RID_COUNT (6L)
218 #define SECURITY_WMIHOST_ID_BASE_RID (0x00000056L)
219 #define SECURITY_WMIHOST_ID_RID_COUNT (6L)
220 #define SECURITY_TASK_ID_BASE_RID (0x00000057L)
221 #define SECURITY_NFS_ID_BASE_RID (0x00000058L)
222 #define SECURITY_COM_ID_BASE_RID (0x00000059L)
223 #define SECURITY_VIRTUALACCOUNT_ID_RID_COUNT (6L)
225 #define SECURITY_MAX_BASE_RID (0x0000006FL)
227 #define SECURITY_MAX_ALWAYS_FILTERED (0x000003E7L)
228 #define SECURITY_MIN_NEVER_FILTERED (0x000003E8L)
230 #define SECURITY_OTHER_ORGANIZATION_RID (0x000003E8L)
232 #define SECURITY_WINDOWSMOBILE_ID_BASE_RID (0x00000070L)
236 #ifndef VER_PRODUCTBUILD
237 #define VER_PRODUCTBUILD 10000
240 #define EX_PUSH_LOCK ULONG_PTR
241 #define PEX_PUSH_LOCK PULONG_PTR
246 extern PUCHAR FsRtlLegalAnsiCharacterArray
;
248 extern DECLSPEC_IMPORT PUCHAR FsRtlLegalAnsiCharacterArray
;
250 extern PACL SePublicDefaultDacl
;
251 extern PACL SeSystemDefaultDacl
;
253 extern KSPIN_LOCK IoStatisticsLock
;
254 extern ULONG IoReadOperationCount
;
255 extern ULONG IoWriteOperationCount
;
256 extern ULONG IoOtherOperationCount
;
257 extern LARGE_INTEGER IoReadTransferCount
;
258 extern LARGE_INTEGER IoWriteTransferCount
;
259 extern LARGE_INTEGER IoOtherTransferCount
;
261 typedef ULONG LSA_OPERATIONAL_MODE
, *PLSA_OPERATIONAL_MODE
;
263 typedef enum _SECURITY_LOGON_TYPE
265 UndefinedLogonType
= 0,
274 #if (_WIN32_WINNT >= 0x0501)
278 #if (_WIN32_WINNT >= 0x0502)
279 CachedRemoteInteractive
,
282 } SECURITY_LOGON_TYPE
, *PSECURITY_LOGON_TYPE
;
284 #define ANSI_DOS_STAR ('<')
285 #define ANSI_DOS_QM ('>')
286 #define ANSI_DOS_DOT ('"')
288 #define DOS_STAR (L'<')
289 #define DOS_QM (L'>')
290 #define DOS_DOT (L'"')
292 /* also in winnt.h */
293 #define ACCESS_MIN_MS_ACE_TYPE (0x0)
294 #define ACCESS_ALLOWED_ACE_TYPE (0x0)
295 #define ACCESS_DENIED_ACE_TYPE (0x1)
296 #define SYSTEM_AUDIT_ACE_TYPE (0x2)
297 #define SYSTEM_ALARM_ACE_TYPE (0x3)
298 #define ACCESS_MAX_MS_V2_ACE_TYPE (0x3)
299 #define ACCESS_ALLOWED_COMPOUND_ACE_TYPE (0x4)
300 #define ACCESS_MAX_MS_V3_ACE_TYPE (0x4)
301 #define ACCESS_MIN_MS_OBJECT_ACE_TYPE (0x5)
302 #define ACCESS_ALLOWED_OBJECT_ACE_TYPE (0x5)
303 #define ACCESS_DENIED_OBJECT_ACE_TYPE (0x6)
304 #define SYSTEM_AUDIT_OBJECT_ACE_TYPE (0x7)
305 #define SYSTEM_ALARM_OBJECT_ACE_TYPE (0x8)
306 #define ACCESS_MAX_MS_OBJECT_ACE_TYPE (0x8)
307 #define ACCESS_MAX_MS_V4_ACE_TYPE (0x8)
308 #define ACCESS_MAX_MS_ACE_TYPE (0x8)
309 #define ACCESS_ALLOWED_CALLBACK_ACE_TYPE (0x9)
310 #define ACCESS_DENIED_CALLBACK_ACE_TYPE (0xA)
311 #define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE (0xB)
312 #define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE (0xC)
313 #define SYSTEM_AUDIT_CALLBACK_ACE_TYPE (0xD)
314 #define SYSTEM_ALARM_CALLBACK_ACE_TYPE (0xE)
315 #define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE (0xF)
316 #define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE (0x10)
317 #define ACCESS_MAX_MS_V5_ACE_TYPE (0x10)
319 #define COMPRESSION_FORMAT_NONE (0x0000)
320 #define COMPRESSION_FORMAT_DEFAULT (0x0001)
321 #define COMPRESSION_FORMAT_LZNT1 (0x0002)
322 #define COMPRESSION_ENGINE_STANDARD (0x0000)
323 #define COMPRESSION_ENGINE_MAXIMUM (0x0100)
324 #define COMPRESSION_ENGINE_HIBER (0x0200)
326 #define FILE_ACTION_ADDED 0x00000001
327 #define FILE_ACTION_REMOVED 0x00000002
328 #define FILE_ACTION_MODIFIED 0x00000003
329 #define FILE_ACTION_RENAMED_OLD_NAME 0x00000004
330 #define FILE_ACTION_RENAMED_NEW_NAME 0x00000005
331 #define FILE_ACTION_ADDED_STREAM 0x00000006
332 #define FILE_ACTION_REMOVED_STREAM 0x00000007
333 #define FILE_ACTION_MODIFIED_STREAM 0x00000008
334 #define FILE_ACTION_REMOVED_BY_DELETE 0x00000009
335 #define FILE_ACTION_ID_NOT_TUNNELLED 0x0000000A
336 #define FILE_ACTION_TUNNELLED_ID_COLLISION 0x0000000B
339 #define FILE_EA_TYPE_BINARY 0xfffe
340 #define FILE_EA_TYPE_ASCII 0xfffd
341 #define FILE_EA_TYPE_BITMAP 0xfffb
342 #define FILE_EA_TYPE_METAFILE 0xfffa
343 #define FILE_EA_TYPE_ICON 0xfff9
344 #define FILE_EA_TYPE_EA 0xffee
345 #define FILE_EA_TYPE_MVMT 0xffdf
346 #define FILE_EA_TYPE_MVST 0xffde
347 #define FILE_EA_TYPE_ASN1 0xffdd
348 #define FILE_EA_TYPE_FAMILY_IDS 0xff01
350 #define FILE_NEED_EA 0x00000080
352 /* also in winnt.h */
353 #define FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001
354 #define FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002
355 #define FILE_NOTIFY_CHANGE_NAME 0x00000003
356 #define FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004
357 #define FILE_NOTIFY_CHANGE_SIZE 0x00000008
358 #define FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010
359 #define FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020
360 #define FILE_NOTIFY_CHANGE_CREATION 0x00000040
361 #define FILE_NOTIFY_CHANGE_EA 0x00000080
362 #define FILE_NOTIFY_CHANGE_SECURITY 0x00000100
363 #define FILE_NOTIFY_CHANGE_STREAM_NAME 0x00000200
364 #define FILE_NOTIFY_CHANGE_STREAM_SIZE 0x00000400
365 #define FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800
366 #define FILE_NOTIFY_VALID_MASK 0x00000fff
369 #define FILE_OPLOCK_BROKEN_TO_LEVEL_2 0x00000007
370 #define FILE_OPLOCK_BROKEN_TO_NONE 0x00000008
372 #define FILE_OPBATCH_BREAK_UNDERWAY 0x00000009
374 #define FILE_CASE_SENSITIVE_SEARCH 0x00000001
375 #define FILE_CASE_PRESERVED_NAMES 0x00000002
376 #define FILE_UNICODE_ON_DISK 0x00000004
377 #define FILE_PERSISTENT_ACLS 0x00000008
378 #define FILE_FILE_COMPRESSION 0x00000010
379 #define FILE_VOLUME_QUOTAS 0x00000020
380 #define FILE_SUPPORTS_SPARSE_FILES 0x00000040
381 #define FILE_SUPPORTS_REPARSE_POINTS 0x00000080
382 #define FILE_SUPPORTS_REMOTE_STORAGE 0x00000100
383 #define FS_LFN_APIS 0x00004000
384 #define FILE_VOLUME_IS_COMPRESSED 0x00008000
385 #define FILE_SUPPORTS_OBJECT_IDS 0x00010000
386 #define FILE_SUPPORTS_ENCRYPTION 0x00020000
387 #define FILE_NAMED_STREAMS 0x00040000
388 #define FILE_READ_ONLY_VOLUME 0x00080000
389 #define FILE_SEQUENTIAL_WRITE_ONCE 0x00100000
390 #define FILE_SUPPORTS_TRANSACTIONS 0x00200000
392 #define FILE_PIPE_BYTE_STREAM_TYPE 0x00000000
393 #define FILE_PIPE_MESSAGE_TYPE 0x00000001
395 #define FILE_PIPE_BYTE_STREAM_MODE 0x00000000
396 #define FILE_PIPE_MESSAGE_MODE 0x00000001
398 #define FILE_PIPE_QUEUE_OPERATION 0x00000000
399 #define FILE_PIPE_COMPLETE_OPERATION 0x00000001
401 #define FILE_PIPE_INBOUND 0x00000000
402 #define FILE_PIPE_OUTBOUND 0x00000001
403 #define FILE_PIPE_FULL_DUPLEX 0x00000002
405 #define FILE_PIPE_DISCONNECTED_STATE 0x00000001
406 #define FILE_PIPE_LISTENING_STATE 0x00000002
407 #define FILE_PIPE_CONNECTED_STATE 0x00000003
408 #define FILE_PIPE_CLOSING_STATE 0x00000004
410 #define FILE_PIPE_CLIENT_END 0x00000000
411 #define FILE_PIPE_SERVER_END 0x00000001
413 #define FILE_PIPE_READ_DATA 0x00000000
414 #define FILE_PIPE_WRITE_SPACE 0x00000001
416 #define FILE_STORAGE_TYPE_SPECIFIED 0x00000041 /* FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE */
417 #define FILE_STORAGE_TYPE_DEFAULT (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT)
418 #define FILE_STORAGE_TYPE_DIRECTORY (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT)
419 #define FILE_STORAGE_TYPE_FILE (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT)
420 #define FILE_STORAGE_TYPE_DOCFILE (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT)
421 #define FILE_STORAGE_TYPE_JUNCTION_POINT (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT)
422 #define FILE_STORAGE_TYPE_CATALOG (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT)
423 #define FILE_STORAGE_TYPE_STRUCTURED_STORAGE (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT)
424 #define FILE_STORAGE_TYPE_EMBEDDING (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT)
425 #define FILE_STORAGE_TYPE_STREAM (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT)
426 #define FILE_MINIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_DEFAULT
427 #define FILE_MAXIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_STREAM
428 #define FILE_STORAGE_TYPE_MASK 0x000f0000
429 #define FILE_STORAGE_TYPE_SHIFT 16
431 #define FILE_VC_QUOTA_NONE 0x00000000
432 #define FILE_VC_QUOTA_TRACK 0x00000001
433 #define FILE_VC_QUOTA_ENFORCE 0x00000002
434 #define FILE_VC_QUOTA_MASK 0x00000003
436 #define FILE_VC_QUOTAS_LOG_VIOLATIONS 0x00000004
437 #define FILE_VC_CONTENT_INDEX_DISABLED 0x00000008
439 #define FILE_VC_LOG_QUOTA_THRESHOLD 0x00000010
440 #define FILE_VC_LOG_QUOTA_LIMIT 0x00000020
441 #define FILE_VC_LOG_VOLUME_THRESHOLD 0x00000040
442 #define FILE_VC_LOG_VOLUME_LIMIT 0x00000080
444 #define FILE_VC_QUOTAS_INCOMPLETE 0x00000100
445 #define FILE_VC_QUOTAS_REBUILDING 0x00000200
447 #define FILE_VC_VALID_MASK 0x000003ff
449 #define FSRTL_FLAG_FILE_MODIFIED (0x01)
450 #define FSRTL_FLAG_FILE_LENGTH_CHANGED (0x02)
451 #define FSRTL_FLAG_LIMIT_MODIFIED_PAGES (0x04)
452 #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_EX (0x08)
453 #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_SH (0x10)
454 #define FSRTL_FLAG_USER_MAPPED_FILE (0x20)
455 #define FSRTL_FLAG_ADVANCED_HEADER (0x40)
456 #define FSRTL_FLAG_EOF_ADVANCE_ACTIVE (0x80)
458 #define FSRTL_FLAG2_DO_MODIFIED_WRITE (0x01)
459 #define FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS (0x02)
460 #define FSRTL_FLAG2_PURGE_WHEN_MAPPED (0x04)
461 #define FSRTL_FLAG2_IS_PAGING_FILE (0x08)
463 #define FSRTL_FSP_TOP_LEVEL_IRP (0x01)
464 #define FSRTL_CACHE_TOP_LEVEL_IRP (0x02)
465 #define FSRTL_MOD_WRITE_TOP_LEVEL_IRP (0x03)
466 #define FSRTL_FAST_IO_TOP_LEVEL_IRP (0x04)
467 #define FSRTL_MAX_TOP_LEVEL_IRP_FLAG (0x04)
469 #define FSRTL_VOLUME_DISMOUNT 1
470 #define FSRTL_VOLUME_DISMOUNT_FAILED 2
471 #define FSRTL_VOLUME_LOCK 3
472 #define FSRTL_VOLUME_LOCK_FAILED 4
473 #define FSRTL_VOLUME_UNLOCK 5
474 #define FSRTL_VOLUME_MOUNT 6
476 #define FSRTL_WILD_CHARACTER 0x08
478 #define FSRTL_FAT_LEGAL 0x01
479 #define FSRTL_HPFS_LEGAL 0x02
480 #define FSRTL_NTFS_LEGAL 0x04
481 #define FSRTL_WILD_CHARACTER 0x08
482 #define FSRTL_OLE_LEGAL 0x10
483 #define FSRTL_NTFS_STREAM_LEGAL 0x14
486 #define HARDWARE_PTE HARDWARE_PTE_X86
487 #define PHARDWARE_PTE PHARDWARE_PTE_X86
490 #define IO_CHECK_CREATE_PARAMETERS 0x0200
491 #define IO_ATTACH_DEVICE 0x0400
493 #define IO_ATTACH_DEVICE_API 0x80000000
495 #define IO_FILE_OBJECT_NON_PAGED_POOL_CHARGE 64
496 #define IO_FILE_OBJECT_PAGED_POOL_CHARGE 1024
498 #define IO_TYPE_APC 18
499 #define IO_TYPE_DPC 19
500 #define IO_TYPE_DEVICE_QUEUE 20
501 #define IO_TYPE_EVENT_PAIR 21
502 #define IO_TYPE_INTERRUPT 22
503 #define IO_TYPE_PROFILE 23
505 #define IRP_BEING_VERIFIED 0x10
507 #define MAILSLOT_CLASS_FIRSTCLASS 1
508 #define MAILSLOT_CLASS_SECONDCLASS 2
510 #define MAILSLOT_SIZE_AUTO 0
512 #define MEM_DOS_LIM 0x40000000
514 #define MCB_FLAG_RAISE_ON_ALLOCATION_FAILURE 1
516 #define OB_TYPE_TYPE 1
517 #define OB_TYPE_DIRECTORY 2
518 #define OB_TYPE_SYMBOLIC_LINK 3
519 #define OB_TYPE_TOKEN 4
520 #define OB_TYPE_PROCESS 5
521 #define OB_TYPE_THREAD 6
522 #define OB_TYPE_EVENT 7
523 #define OB_TYPE_EVENT_PAIR 8
524 #define OB_TYPE_MUTANT 9
525 #define OB_TYPE_SEMAPHORE 10
526 #define OB_TYPE_TIMER 11
527 #define OB_TYPE_PROFILE 12
528 #define OB_TYPE_WINDOW_STATION 13
529 #define OB_TYPE_DESKTOP 14
530 #define OB_TYPE_SECTION 15
531 #define OB_TYPE_KEY 16
532 #define OB_TYPE_PORT 17
533 #define OB_TYPE_ADAPTER 18
534 #define OB_TYPE_CONTROLLER 19
535 #define OB_TYPE_DEVICE 20
536 #define OB_TYPE_DRIVER 21
537 #define OB_TYPE_IO_COMPLETION 22
538 #define OB_TYPE_FILE 23
541 #define PIN_EXCLUSIVE (2)
542 #define PIN_NO_READ (4)
543 #define PIN_IF_BCB (8)
545 #define RTL_DUPLICATE_UNICODE_STRING_NULL_TERMINATE 1
546 #define RTL_DUPLICATE_UNICODE_STRING_ALLOCATE_NULL_STRING 2
548 #define SEC_BASED 0x00200000
550 #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
551 #define SECURITY_WORLD_RID (0x00000000L)
553 #define TOKEN_ASSIGN_PRIMARY (0x0001)
554 #define TOKEN_DUPLICATE (0x0002)
555 #define TOKEN_IMPERSONATE (0x0004)
556 #define TOKEN_QUERY (0x0008)
557 #define TOKEN_QUERY_SOURCE (0x0010)
558 #define TOKEN_ADJUST_PRIVILEGES (0x0020)
559 #define TOKEN_ADJUST_GROUPS (0x0040)
560 #define TOKEN_ADJUST_DEFAULT (0x0080)
561 #define TOKEN_ADJUST_SESSIONID (0x0100)
563 #define TOKEN_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED |\
564 TOKEN_ASSIGN_PRIMARY |\
568 TOKEN_QUERY_SOURCE |\
569 TOKEN_ADJUST_PRIVILEGES |\
570 TOKEN_ADJUST_GROUPS |\
571 TOKEN_ADJUST_DEFAULT |\
572 TOKEN_ADJUST_SESSIONID)
574 #define TOKEN_READ (STANDARD_RIGHTS_READ |\
577 #define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\
578 TOKEN_ADJUST_PRIVILEGES |\
579 TOKEN_ADJUST_GROUPS |\
580 TOKEN_ADJUST_DEFAULT)
582 #define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE)
584 #define TOKEN_SOURCE_LENGTH 8
587 #define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x01
588 #define TOKEN_HAS_BACKUP_PRIVILEGE 0x02
589 #define TOKEN_HAS_RESTORE_PRIVILEGE 0x04
590 #define TOKEN_HAS_ADMIN_GROUP 0x08
591 #define TOKEN_WRITE_RESTRICTED 0x08
592 #define TOKEN_IS_RESTRICTED 0x10
593 #define SE_BACKUP_PRIVILEGES_CHECKED 0x0100
595 #define VACB_MAPPING_GRANULARITY (0x40000)
596 #define VACB_OFFSET_SHIFT (18)
598 #define SE_OWNER_DEFAULTED 0x0001
599 #define SE_GROUP_DEFAULTED 0x0002
600 #define SE_DACL_PRESENT 0x0004
601 #define SE_DACL_DEFAULTED 0x0008
602 #define SE_SACL_PRESENT 0x0010
603 #define SE_SACL_DEFAULTED 0x0020
604 #define SE_DACL_UNTRUSTED 0x0040
605 #define SE_SERVER_SECURITY 0x0080
606 #define SE_DACL_AUTO_INHERIT_REQ 0x0100
607 #define SE_SACL_AUTO_INHERIT_REQ 0x0200
608 #define SE_DACL_AUTO_INHERITED 0x0400
609 #define SE_SACL_AUTO_INHERITED 0x0800
610 #define SE_DACL_PROTECTED 0x1000
611 #define SE_SACL_PROTECTED 0x2000
612 #define SE_RM_CONTROL_VALID 0x4000
613 #define SE_SELF_RELATIVE 0x8000
616 #define _AUDIT_EVENT_TYPE_HACK 0
618 #if (_AUDIT_EVENT_TYPE_HACK == 1)
621 typedef enum _AUDIT_EVENT_TYPE
623 AuditEventObjectAccess
,
624 AuditEventDirectoryServiceAccess
625 } AUDIT_EVENT_TYPE
, *PAUDIT_EVENT_TYPE
;
628 #define AUDIT_ALLOW_NO_PRIVILEGE 0x1
630 #define FSCTL_REQUEST_OPLOCK_LEVEL_1 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
631 #define FSCTL_REQUEST_OPLOCK_LEVEL_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
632 #define FSCTL_REQUEST_BATCH_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
633 #define FSCTL_OPLOCK_BREAK_ACKNOWLEDGE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 3, METHOD_BUFFERED, FILE_ANY_ACCESS)
634 #define FSCTL_OPBATCH_ACK_CLOSE_PENDING CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
635 #define FSCTL_OPLOCK_BREAK_NOTIFY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 5, METHOD_BUFFERED, FILE_ANY_ACCESS)
636 #define FSCTL_LOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
637 #define FSCTL_UNLOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
638 #define FSCTL_DISMOUNT_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
640 #define FSCTL_IS_VOLUME_MOUNTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 10, METHOD_BUFFERED, FILE_ANY_ACCESS)
641 #define FSCTL_IS_PATHNAME_VALID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 11, METHOD_BUFFERED, FILE_ANY_ACCESS)
642 #define FSCTL_MARK_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 12, METHOD_BUFFERED, FILE_ANY_ACCESS)
644 #define FSCTL_QUERY_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 14, METHOD_NEITHER, FILE_ANY_ACCESS)
645 #define FSCTL_GET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 15, METHOD_BUFFERED, FILE_ANY_ACCESS)
646 #define FSCTL_SET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 16, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
649 #define FSCTL_MARK_AS_SYSTEM_HIVE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 19, METHOD_NEITHER, FILE_ANY_ACCESS)
650 #define FSCTL_OPLOCK_BREAK_ACK_NO_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 20, METHOD_BUFFERED, FILE_ANY_ACCESS)
651 #define FSCTL_INVALIDATE_VOLUMES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 21, METHOD_BUFFERED, FILE_ANY_ACCESS)
652 #define FSCTL_QUERY_FAT_BPB CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 22, METHOD_BUFFERED, FILE_ANY_ACCESS)
653 #define FSCTL_REQUEST_FILTER_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 23, METHOD_BUFFERED, FILE_ANY_ACCESS)
654 #define FSCTL_FILESYSTEM_GET_STATISTICS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 24, METHOD_BUFFERED, FILE_ANY_ACCESS)
656 #if (VER_PRODUCTBUILD >= 1381)
658 #define FSCTL_GET_NTFS_VOLUME_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 25, METHOD_BUFFERED, FILE_ANY_ACCESS)
659 #define FSCTL_GET_NTFS_FILE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 26, METHOD_BUFFERED, FILE_ANY_ACCESS)
660 #define FSCTL_GET_VOLUME_BITMAP CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 27, METHOD_NEITHER, FILE_ANY_ACCESS)
661 #define FSCTL_GET_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 28, METHOD_NEITHER, FILE_ANY_ACCESS)
662 #define FSCTL_MOVE_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 29, METHOD_BUFFERED, FILE_ANY_ACCESS)
663 #define FSCTL_IS_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 30, METHOD_BUFFERED, FILE_ANY_ACCESS)
664 #define FSCTL_GET_HFS_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS)
665 #define FSCTL_ALLOW_EXTENDED_DASD_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 32, METHOD_NEITHER, FILE_ANY_ACCESS)
667 #endif /* (VER_PRODUCTBUILD >= 1381) */
669 #if (VER_PRODUCTBUILD >= 2195)
671 #define FSCTL_READ_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS)
672 #define FSCTL_WRITE_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS)
673 #define FSCTL_FIND_FILES_BY_SID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 35, METHOD_NEITHER, FILE_ANY_ACCESS)
675 #define FSCTL_DUMP_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS)
676 #define FSCTL_SET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 38, METHOD_BUFFERED, FILE_WRITE_DATA)
677 #define FSCTL_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 39, METHOD_BUFFERED, FILE_ANY_ACCESS)
678 #define FSCTL_DELETE_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 40, METHOD_BUFFERED, FILE_WRITE_DATA)
679 #define FSCTL_SET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 41, METHOD_BUFFERED, FILE_WRITE_DATA)
680 #define FSCTL_GET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 42, METHOD_BUFFERED, FILE_ANY_ACCESS)
681 #define FSCTL_DELETE_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 43, METHOD_BUFFERED, FILE_WRITE_DATA)
682 #define FSCTL_ENUM_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 44, METHOD_NEITHER, FILE_READ_DATA)
683 #define FSCTL_SECURITY_ID_CHECK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 45, METHOD_NEITHER, FILE_READ_DATA)
684 #define FSCTL_READ_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 46, METHOD_NEITHER, FILE_READ_DATA)
685 #define FSCTL_SET_OBJECT_ID_EXTENDED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 47, METHOD_BUFFERED, FILE_WRITE_DATA)
686 #define FSCTL_CREATE_OR_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 48, METHOD_BUFFERED, FILE_ANY_ACCESS)
687 #define FSCTL_SET_SPARSE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 49, METHOD_BUFFERED, FILE_WRITE_DATA)
688 #define FSCTL_SET_ZERO_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 50, METHOD_BUFFERED, FILE_WRITE_DATA)
689 #define FSCTL_QUERY_ALLOCATED_RANGES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 51, METHOD_NEITHER, FILE_READ_DATA)
690 #define FSCTL_ENABLE_UPGRADE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 52, METHOD_BUFFERED, FILE_WRITE_DATA)
691 #define FSCTL_SET_ENCRYPTION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 53, METHOD_BUFFERED, FILE_ANY_ACCESS)
692 #define FSCTL_ENCRYPTION_FSCTL_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 54, METHOD_NEITHER, FILE_ANY_ACCESS)
693 #define FSCTL_WRITE_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 55, METHOD_NEITHER, FILE_ANY_ACCESS)
694 #define FSCTL_READ_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 56, METHOD_NEITHER, FILE_ANY_ACCESS)
695 #define FSCTL_CREATE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 57, METHOD_NEITHER, FILE_READ_DATA)
696 #define FSCTL_READ_FILE_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 58, METHOD_NEITHER, FILE_READ_DATA)
697 #define FSCTL_WRITE_USN_CLOSE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 59, METHOD_NEITHER, FILE_READ_DATA)
698 #define FSCTL_EXTEND_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 60, METHOD_BUFFERED, FILE_ANY_ACCESS)
699 #define FSCTL_QUERY_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 61, METHOD_BUFFERED, FILE_ANY_ACCESS)
700 #define FSCTL_DELETE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 62, METHOD_BUFFERED, FILE_ANY_ACCESS)
701 #define FSCTL_MARK_HANDLE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 63, METHOD_BUFFERED, FILE_ANY_ACCESS)
702 #define FSCTL_SIS_COPYFILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 64, METHOD_BUFFERED, FILE_ANY_ACCESS)
703 #define FSCTL_SIS_LINK_FILES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 65, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
704 #define FSCTL_HSM_MSG CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
705 #define FSCTL_NSS_CONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 67, METHOD_BUFFERED, FILE_WRITE_DATA)
706 #define FSCTL_HSM_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
707 #define FSCTL_RECALL_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 69, METHOD_NEITHER, FILE_ANY_ACCESS)
708 #define FSCTL_NSS_RCONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 70, METHOD_BUFFERED, FILE_READ_DATA)
709 #define FSCTL_READ_FROM_PLEX CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 71, METHOD_OUT_DIRECT, FILE_READ_DATA)
710 #define FSCTL_FILE_PREFETCH CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 72, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
712 #endif /* (VER_PRODUCTBUILD >= 2195) */
714 #define FSCTL_MAILSLOT_PEEK CTL_CODE(FILE_DEVICE_MAILSLOT, 0, METHOD_NEITHER, FILE_READ_DATA)
716 #define FSCTL_NETWORK_SET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
717 #define FSCTL_NETWORK_GET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
718 #define FSCTL_NETWORK_GET_CONNECTION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS)
719 #define FSCTL_NETWORK_ENUMERATE_CONNECTIONS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS)
720 #define FSCTL_NETWORK_DELETE_CONNECTION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS)
721 #define FSCTL_NETWORK_GET_STATISTICS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 116, METHOD_BUFFERED, FILE_ANY_ACCESS)
722 #define FSCTL_NETWORK_SET_DOMAIN_NAME CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS)
723 #define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS)
725 #define FSCTL_PIPE_ASSIGN_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
726 #define FSCTL_PIPE_DISCONNECT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
727 #define FSCTL_PIPE_LISTEN CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
728 #define FSCTL_PIPE_PEEK CTL_CODE(FILE_DEVICE_NAMED_PIPE, 3, METHOD_BUFFERED, FILE_READ_DATA)
729 #define FSCTL_PIPE_QUERY_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
730 #define FSCTL_PIPE_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 5, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
731 #define FSCTL_PIPE_WAIT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
732 #define FSCTL_PIPE_IMPERSONATE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
733 #define FSCTL_PIPE_SET_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
734 #define FSCTL_PIPE_QUERY_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 9, METHOD_BUFFERED, FILE_ANY_ACCESS)
735 #define FSCTL_PIPE_INTERNAL_READ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2045, METHOD_BUFFERED, FILE_READ_DATA)
736 #define FSCTL_PIPE_INTERNAL_WRITE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2046, METHOD_BUFFERED, FILE_WRITE_DATA)
737 #define FSCTL_PIPE_INTERNAL_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2047, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
738 #define FSCTL_PIPE_INTERNAL_READ_OVFLOW CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2048, METHOD_BUFFERED, FILE_READ_DATA)
740 #define IOCTL_REDIR_QUERY_PATH CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS)
742 typedef PVOID OPLOCK
, *POPLOCK
;
747 struct _RTL_AVL_TABLE
;
748 struct _RTL_GENERIC_TABLE
;
756 typedef PVOID PNOTIFY_SYNC
;
758 typedef enum _FAST_IO_POSSIBLE
{
764 typedef enum _FILE_STORAGE_TYPE
{
765 StorageTypeDefault
= 1,
766 StorageTypeDirectory
,
768 StorageTypeJunctionPoint
,
770 StorageTypeStructuredStorage
,
771 StorageTypeEmbedding
,
775 typedef enum _OBJECT_INFORMATION_CLASS
777 ObjectBasicInformation
,
778 ObjectNameInformation
,
779 ObjectTypeInformation
,
780 ObjectTypesInformation
,
781 ObjectHandleFlagInformation
,
782 ObjectSessionInformation
,
784 } OBJECT_INFORMATION_CLASS
;
786 typedef struct _OBJECT_BASIC_INFORMATION
789 ACCESS_MASK GrantedAccess
;
792 ULONG PagedPoolCharge
;
793 ULONG NonPagedPoolCharge
;
797 ULONG SecurityDescriptorSize
;
798 LARGE_INTEGER CreationTime
;
799 } OBJECT_BASIC_INFORMATION
, *POBJECT_BASIC_INFORMATION
;
801 typedef struct _KAPC_STATE
{
802 LIST_ENTRY ApcListHead
[2];
804 BOOLEAN KernelApcInProgress
;
805 BOOLEAN KernelApcPending
;
806 BOOLEAN UserApcPending
;
807 } KAPC_STATE
, *PKAPC_STATE
, *RESTRICTED_POINTER PRKAPC_STATE
;
808 #define KAPC_STATE_ACTUAL_LENGTH (FIELD_OFFSET(KAPC_STATE, UserApcPending) + sizeof(BOOLEAN))
810 typedef struct _BITMAP_RANGE
{
813 ULONG FirstDirtyPage
;
817 } BITMAP_RANGE
, *PBITMAP_RANGE
;
819 typedef struct _CACHE_UNINITIALIZE_EVENT
{
820 struct _CACHE_UNINITIALIZE_EVENT
*Next
;
822 } CACHE_UNINITIALIZE_EVENT
, *PCACHE_UNINITIALIZE_EVENT
;
824 typedef struct _CC_FILE_SIZES
{
825 LARGE_INTEGER AllocationSize
;
826 LARGE_INTEGER FileSize
;
827 LARGE_INTEGER ValidDataLength
;
828 } CC_FILE_SIZES
, *PCC_FILE_SIZES
;
830 typedef struct _COMPRESSED_DATA_INFO
{
831 USHORT CompressionFormatAndEngine
;
832 UCHAR CompressionUnitShift
;
836 USHORT NumberOfChunks
;
837 ULONG CompressedChunkSizes
[ANYSIZE_ARRAY
];
838 } COMPRESSED_DATA_INFO
, *PCOMPRESSED_DATA_INFO
;
841 // Well-known domain relative sub-authority values (RIDs)
843 #define DOMAIN_GROUP_RID_ENTERPRISE_READONLY_DOMAIN_CONTROLLERS (0x000001F2L)
845 #define FOREST_USER_RID_MAX (0x000001F3L)
850 #define DOMAIN_USER_RID_ADMIN (0x000001F4L)
851 #define DOMAIN_USER_RID_GUEST (0x000001F5L)
852 #define DOMAIN_USER_RID_KRBTGT (0x000001F6L)
854 #define DOMAIN_USER_RID_MAX (0x000003E7L)
859 #define DOMAIN_GROUP_RID_ADMINS (0x00000200L)
860 #define DOMAIN_GROUP_RID_USERS (0x00000201L)
861 #define DOMAIN_GROUP_RID_GUESTS (0x00000202L)
862 #define DOMAIN_GROUP_RID_COMPUTERS (0x00000203L)
863 #define DOMAIN_GROUP_RID_CONTROLLERS (0x00000204L)
864 #define DOMAIN_GROUP_RID_CERT_ADMINS (0x00000205L)
865 #define DOMAIN_GROUP_RID_SCHEMA_ADMINS (0x00000206L)
866 #define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS (0x00000207L)
867 #define DOMAIN_GROUP_RID_POLICY_ADMINS (0x00000208L)
868 #define DOMAIN_GROUP_RID_READONLY_CONTROLLERS (0x00000209L)
871 // Well-known aliases
873 #define DOMAIN_ALIAS_RID_ADMINS (0x00000220L)
874 #define DOMAIN_ALIAS_RID_USERS (0x00000221L)
875 #define DOMAIN_ALIAS_RID_GUESTS (0x00000222L)
876 #define DOMAIN_ALIAS_RID_POWER_USERS (0x00000223L)
878 #define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L)
879 #define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x00000225L)
880 #define DOMAIN_ALIAS_RID_PRINT_OPS (0x00000226L)
881 #define DOMAIN_ALIAS_RID_BACKUP_OPS (0x00000227L)
883 #define DOMAIN_ALIAS_RID_REPLICATOR (0x00000228L)
884 #define DOMAIN_ALIAS_RID_RAS_SERVERS (0x00000229L)
885 #define DOMAIN_ALIAS_RID_PREW2KCOMPACCESS (0x0000022AL)
886 #define DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS (0x0000022BL)
887 #define DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS (0x0000022CL)
888 #define DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS (0x0000022DL)
890 #define DOMAIN_ALIAS_RID_MONITORING_USERS (0x0000022EL)
891 #define DOMAIN_ALIAS_RID_LOGGING_USERS (0x0000022FL)
892 #define DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS (0x00000230L)
893 #define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS (0x00000231L)
894 #define DOMAIN_ALIAS_RID_DCOM_USERS (0x00000232L)
895 #define DOMAIN_ALIAS_RID_IUSERS (0x00000238L)
896 #define DOMAIN_ALIAS_RID_CRYPTO_OPERATORS (0x00000239L)
897 #define DOMAIN_ALIAS_RID_CACHEABLE_PRINCIPALS_GROUP (0x0000023BL)
898 #define DOMAIN_ALIAS_RID_NON_CACHEABLE_PRINCIPALS_GROUP (0x0000023CL)
899 #define DOMAIN_ALIAS_RID_EVENT_LOG_READERS_GROUP (0x0000023DL)
900 #define DOMAIN_ALIAS_RID_CERTSVC_DCOM_ACCESS_GROUP (0x0000023EL)
903 #define SECURITY_MANDATORY_LABEL_AUTHORITY {0,0,0,0,0,16}
904 #define SECURITY_MANDATORY_UNTRUSTED_RID (0x00000000L)
905 #define SECURITY_MANDATORY_LOW_RID (0x00001000L)
906 #define SECURITY_MANDATORY_MEDIUM_RID (0x00002000L)
907 #define SECURITY_MANDATORY_HIGH_RID (0x00003000L)
908 #define SECURITY_MANDATORY_SYSTEM_RID (0x00004000L)
909 #define SECURITY_MANDATORY_PROTECTED_PROCESS_RID (0x00005000L)
912 // SECURITY_MANDATORY_MAXIMUM_USER_RID is the highest RID that
913 // can be set by a usermode caller.
915 #define SECURITY_MANDATORY_MAXIMUM_USER_RID SECURITY_MANDATORY_SYSTEM_RID
917 #define MANDATORY_LEVEL_TO_MANDATORY_RID(IL) (IL * 0x1000)
920 // Allocate the System Luid. The first 1000 LUIDs are reserved.
921 // Use #999 here (0x3e7 = 999)
923 #define SYSTEM_LUID { 0x3e7, 0x0 }
924 #define ANONYMOUS_LOGON_LUID { 0x3e6, 0x0 }
925 #define LOCALSERVICE_LUID { 0x3e5, 0x0 }
926 #define NETWORKSERVICE_LUID { 0x3e4, 0x0 }
927 #define IUSER_LUID { 0x3e3, 0x0 }
931 typedef struct _TOKEN_SOURCE
{
932 CHAR SourceName
[TOKEN_SOURCE_LENGTH
];
933 LUID SourceIdentifier
;
934 } TOKEN_SOURCE
,*PTOKEN_SOURCE
;
935 typedef struct _TOKEN_CONTROL
{
937 LUID AuthenticationId
;
939 TOKEN_SOURCE TokenSource
;
940 } TOKEN_CONTROL
,*PTOKEN_CONTROL
;
941 typedef struct _TOKEN_DEFAULT_DACL
{
943 } TOKEN_DEFAULT_DACL
,*PTOKEN_DEFAULT_DACL
;
944 typedef struct _TOKEN_GROUPS
{
946 SID_AND_ATTRIBUTES Groups
[ANYSIZE_ARRAY
];
947 } TOKEN_GROUPS
,*PTOKEN_GROUPS
,*LPTOKEN_GROUPS
;
948 typedef struct _TOKEN_GROUPS_AND_PRIVILEGES
{
951 PSID_AND_ATTRIBUTES Sids
;
952 ULONG RestrictedSidCount
;
953 ULONG RestrictedSidLength
;
954 PSID_AND_ATTRIBUTES RestrictedSids
;
955 ULONG PrivilegeCount
;
956 ULONG PrivilegeLength
;
957 PLUID_AND_ATTRIBUTES Privileges
;
958 LUID AuthenticationId
;
959 } TOKEN_GROUPS_AND_PRIVILEGES
, *PTOKEN_GROUPS_AND_PRIVILEGES
;
960 typedef struct _TOKEN_ORIGIN
{
961 LUID OriginatingLogonSession
;
962 } TOKEN_ORIGIN
, *PTOKEN_ORIGIN
;
963 typedef struct _TOKEN_OWNER
{
965 } TOKEN_OWNER
,*PTOKEN_OWNER
;
966 typedef struct _TOKEN_PRIMARY_GROUP
{
968 } TOKEN_PRIMARY_GROUP
,*PTOKEN_PRIMARY_GROUP
;
969 typedef struct _TOKEN_PRIVILEGES
{
970 ULONG PrivilegeCount
;
971 LUID_AND_ATTRIBUTES Privileges
[ANYSIZE_ARRAY
];
972 } TOKEN_PRIVILEGES
,*PTOKEN_PRIVILEGES
,*LPTOKEN_PRIVILEGES
;
973 typedef enum tagTOKEN_TYPE
{
976 } TOKEN_TYPE
,*PTOKEN_TYPE
;
977 typedef struct _TOKEN_STATISTICS
{
979 LUID AuthenticationId
;
980 LARGE_INTEGER ExpirationTime
;
981 TOKEN_TYPE TokenType
;
982 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
;
983 ULONG DynamicCharged
;
984 ULONG DynamicAvailable
;
986 ULONG PrivilegeCount
;
988 } TOKEN_STATISTICS
, *PTOKEN_STATISTICS
;
989 typedef struct _TOKEN_USER
{
990 SID_AND_ATTRIBUTES User
;
991 } TOKEN_USER
, *PTOKEN_USER
;
992 typedef USHORT SECURITY_DESCRIPTOR_CONTROL
,*PSECURITY_DESCRIPTOR_CONTROL
;
993 typedef struct _SECURITY_DESCRIPTOR
{
996 SECURITY_DESCRIPTOR_CONTROL Control
;
1001 } SECURITY_DESCRIPTOR
, *PISECURITY_DESCRIPTOR
;
1003 #define SECURITY_DESCRIPTOR_MIN_LENGTH (sizeof(SECURITY_DESCRIPTOR))
1005 typedef struct _OBJECT_TYPE_LIST
{
1009 } OBJECT_TYPE_LIST
, *POBJECT_TYPE_LIST
;
1011 typedef struct _SECURITY_DESCRIPTOR_RELATIVE
{
1014 SECURITY_DESCRIPTOR_CONTROL Control
;
1019 } SECURITY_DESCRIPTOR_RELATIVE
, *PISECURITY_DESCRIPTOR_RELATIVE
;
1020 typedef enum _TOKEN_INFORMATION_CLASS
{
1021 TokenUser
=1,TokenGroups
,TokenPrivileges
,TokenOwner
,
1022 TokenPrimaryGroup
,TokenDefaultDacl
,TokenSource
,TokenType
,
1023 TokenImpersonationLevel
,TokenStatistics
,TokenRestrictedSids
,
1024 TokenSessionId
,TokenGroupsAndPrivileges
,TokenSessionReference
,
1025 TokenSandBoxInert
,TokenAuditPolicy
,TokenOrigin
,
1026 } TOKEN_INFORMATION_CLASS
;
1028 #define SYMLINK_FLAG_RELATIVE 1
1030 typedef struct _REPARSE_DATA_BUFFER
{
1032 USHORT ReparseDataLength
;
1034 __GNU_EXTENSION
union {
1036 USHORT SubstituteNameOffset
;
1037 USHORT SubstituteNameLength
;
1038 USHORT PrintNameOffset
;
1039 USHORT PrintNameLength
;
1041 WCHAR PathBuffer
[1];
1042 } SymbolicLinkReparseBuffer
;
1044 USHORT SubstituteNameOffset
;
1045 USHORT SubstituteNameLength
;
1046 USHORT PrintNameOffset
;
1047 USHORT PrintNameLength
;
1048 WCHAR PathBuffer
[1];
1049 } MountPointReparseBuffer
;
1051 UCHAR DataBuffer
[1];
1052 } GenericReparseBuffer
;
1054 } REPARSE_DATA_BUFFER
, *PREPARSE_DATA_BUFFER
;
1059 // MicroSoft reparse point tags
1061 #define IO_REPARSE_TAG_MOUNT_POINT (0xA0000003L)
1062 #define IO_REPARSE_TAG_HSM (0xC0000004L)
1063 #define IO_REPARSE_TAG_DRIVE_EXTENDER (0x80000005L)
1064 #define IO_REPARSE_TAG_HSM2 (0x80000006L)
1065 #define IO_REPARSE_TAG_SIS (0x80000007L)
1066 #define IO_REPARSE_TAG_DFS (0x8000000AL)
1067 #define IO_REPARSE_TAG_FILTER_MANAGER (0x8000000BL)
1068 #define IO_REPARSE_TAG_SYMLINK (0xA000000CL)
1069 #define IO_REPARSE_TAG_IIS_CACHE (0xA0000010L)
1070 #define IO_REPARSE_TAG_DFSR (0x80000012L)
1073 // Reserved reparse tags
1075 #define IO_REPARSE_TAG_RESERVED_ZERO (0)
1076 #define IO_REPARSE_TAG_RESERVED_ONE (1)
1077 #define IO_REPARSE_TAG_RESERVED_RANGE IO_REPARSE_TAG_RESERVED_ONE
1080 #define REPARSE_DATA_BUFFER_HEADER_SIZE FIELD_OFFSET(REPARSE_DATA_BUFFER, GenericReparseBuffer)
1082 typedef struct _FILE_ACCESS_INFORMATION
{
1083 ACCESS_MASK AccessFlags
;
1084 } FILE_ACCESS_INFORMATION
, *PFILE_ACCESS_INFORMATION
;
1086 typedef struct _FILE_ALLOCATION_INFORMATION
{
1087 LARGE_INTEGER AllocationSize
;
1088 } FILE_ALLOCATION_INFORMATION
, *PFILE_ALLOCATION_INFORMATION
;
1090 typedef struct _FILE_BOTH_DIR_INFORMATION
{
1091 ULONG NextEntryOffset
;
1093 LARGE_INTEGER CreationTime
;
1094 LARGE_INTEGER LastAccessTime
;
1095 LARGE_INTEGER LastWriteTime
;
1096 LARGE_INTEGER ChangeTime
;
1097 LARGE_INTEGER EndOfFile
;
1098 LARGE_INTEGER AllocationSize
;
1099 ULONG FileAttributes
;
1100 ULONG FileNameLength
;
1102 CCHAR ShortNameLength
;
1103 WCHAR ShortName
[12];
1105 } FILE_BOTH_DIR_INFORMATION
, *PFILE_BOTH_DIR_INFORMATION
;
1107 typedef struct _FILE_COMPLETION_INFORMATION
{
1110 } FILE_COMPLETION_INFORMATION
, *PFILE_COMPLETION_INFORMATION
;
1112 typedef struct _FILE_COMPRESSION_INFORMATION
{
1113 LARGE_INTEGER CompressedFileSize
;
1114 USHORT CompressionFormat
;
1115 UCHAR CompressionUnitShift
;
1119 } FILE_COMPRESSION_INFORMATION
, *PFILE_COMPRESSION_INFORMATION
;
1121 typedef struct _FILE_COPY_ON_WRITE_INFORMATION
{
1122 BOOLEAN ReplaceIfExists
;
1123 HANDLE RootDirectory
;
1124 ULONG FileNameLength
;
1126 } FILE_COPY_ON_WRITE_INFORMATION
, *PFILE_COPY_ON_WRITE_INFORMATION
;
1128 typedef struct _FILE_DIRECTORY_INFORMATION
{
1129 ULONG NextEntryOffset
;
1131 LARGE_INTEGER CreationTime
;
1132 LARGE_INTEGER LastAccessTime
;
1133 LARGE_INTEGER LastWriteTime
;
1134 LARGE_INTEGER ChangeTime
;
1135 LARGE_INTEGER EndOfFile
;
1136 LARGE_INTEGER AllocationSize
;
1137 ULONG FileAttributes
;
1138 ULONG FileNameLength
;
1140 } FILE_DIRECTORY_INFORMATION
, *PFILE_DIRECTORY_INFORMATION
;
1142 typedef struct _FILE_FULL_DIRECTORY_INFORMATION
{
1143 ULONG NextEntryOffset
;
1145 LARGE_INTEGER CreationTime
;
1146 LARGE_INTEGER LastAccessTime
;
1147 LARGE_INTEGER LastWriteTime
;
1148 LARGE_INTEGER ChangeTime
;
1149 LARGE_INTEGER EndOfFile
;
1150 LARGE_INTEGER AllocationSize
;
1151 ULONG FileAttributes
;
1152 ULONG FileNameLength
;
1154 WCHAR FileName
[ANYSIZE_ARRAY
];
1155 } FILE_FULL_DIRECTORY_INFORMATION
, *PFILE_FULL_DIRECTORY_INFORMATION
;
1157 typedef struct _FILE_ID_FULL_DIR_INFORMATION
{
1158 ULONG NextEntryOffset
;
1160 LARGE_INTEGER CreationTime
;
1161 LARGE_INTEGER LastAccessTime
;
1162 LARGE_INTEGER LastWriteTime
;
1163 LARGE_INTEGER ChangeTime
;
1164 LARGE_INTEGER EndOfFile
;
1165 LARGE_INTEGER AllocationSize
;
1166 ULONG FileAttributes
;
1167 ULONG FileNameLength
;
1169 LARGE_INTEGER FileId
;
1171 } FILE_ID_FULL_DIR_INFORMATION
, *PFILE_ID_FULL_DIR_INFORMATION
;
1173 typedef struct _FILE_ID_BOTH_DIR_INFORMATION
{
1174 ULONG NextEntryOffset
;
1176 LARGE_INTEGER CreationTime
;
1177 LARGE_INTEGER LastAccessTime
;
1178 LARGE_INTEGER LastWriteTime
;
1179 LARGE_INTEGER ChangeTime
;
1180 LARGE_INTEGER EndOfFile
;
1181 LARGE_INTEGER AllocationSize
;
1182 ULONG FileAttributes
;
1183 ULONG FileNameLength
;
1185 CCHAR ShortNameLength
;
1186 WCHAR ShortName
[12];
1187 LARGE_INTEGER FileId
;
1189 } FILE_ID_BOTH_DIR_INFORMATION
, *PFILE_ID_BOTH_DIR_INFORMATION
;
1191 typedef struct _FILE_EA_INFORMATION
{
1193 } FILE_EA_INFORMATION
, *PFILE_EA_INFORMATION
;
1195 typedef struct _FILE_FS_ATTRIBUTE_INFORMATION
{
1196 ULONG FileSystemAttributes
;
1197 ULONG MaximumComponentNameLength
;
1198 ULONG FileSystemNameLength
;
1199 WCHAR FileSystemName
[1];
1200 } FILE_FS_ATTRIBUTE_INFORMATION
, *PFILE_FS_ATTRIBUTE_INFORMATION
;
1202 typedef struct _FILE_FS_CONTROL_INFORMATION
{
1203 LARGE_INTEGER FreeSpaceStartFiltering
;
1204 LARGE_INTEGER FreeSpaceThreshold
;
1205 LARGE_INTEGER FreeSpaceStopFiltering
;
1206 LARGE_INTEGER DefaultQuotaThreshold
;
1207 LARGE_INTEGER DefaultQuotaLimit
;
1208 ULONG FileSystemControlFlags
;
1209 } FILE_FS_CONTROL_INFORMATION
, *PFILE_FS_CONTROL_INFORMATION
;
1211 typedef struct _FILE_FS_FULL_SIZE_INFORMATION
{
1212 LARGE_INTEGER TotalAllocationUnits
;
1213 LARGE_INTEGER CallerAvailableAllocationUnits
;
1214 LARGE_INTEGER ActualAvailableAllocationUnits
;
1215 ULONG SectorsPerAllocationUnit
;
1216 ULONG BytesPerSector
;
1217 } FILE_FS_FULL_SIZE_INFORMATION
, *PFILE_FS_FULL_SIZE_INFORMATION
;
1219 typedef struct _FILE_FS_LABEL_INFORMATION
{
1220 ULONG VolumeLabelLength
;
1221 WCHAR VolumeLabel
[1];
1222 } FILE_FS_LABEL_INFORMATION
, *PFILE_FS_LABEL_INFORMATION
;
1224 #if (VER_PRODUCTBUILD >= 2195)
1226 typedef struct _FILE_FS_OBJECT_ID_INFORMATION
{
1228 UCHAR ExtendedInfo
[48];
1229 } FILE_FS_OBJECT_ID_INFORMATION
, *PFILE_FS_OBJECT_ID_INFORMATION
;
1231 #endif /* (VER_PRODUCTBUILD >= 2195) */
1233 typedef struct _FILE_FS_SIZE_INFORMATION
{
1234 LARGE_INTEGER TotalAllocationUnits
;
1235 LARGE_INTEGER AvailableAllocationUnits
;
1236 ULONG SectorsPerAllocationUnit
;
1237 ULONG BytesPerSector
;
1238 } FILE_FS_SIZE_INFORMATION
, *PFILE_FS_SIZE_INFORMATION
;
1240 typedef struct _FILE_FS_VOLUME_INFORMATION
{
1241 LARGE_INTEGER VolumeCreationTime
;
1242 ULONG VolumeSerialNumber
;
1243 ULONG VolumeLabelLength
;
1244 BOOLEAN SupportsObjects
;
1245 WCHAR VolumeLabel
[1];
1246 } FILE_FS_VOLUME_INFORMATION
, *PFILE_FS_VOLUME_INFORMATION
;
1248 typedef struct _FILE_FS_OBJECTID_INFORMATION
1251 UCHAR ExtendedInfo
[48];
1252 } FILE_FS_OBJECTID_INFORMATION
, *PFILE_FS_OBJECTID_INFORMATION
;
1254 typedef struct _FILE_FS_DRIVER_PATH_INFORMATION
1256 BOOLEAN DriverInPath
;
1257 ULONG DriverNameLength
;
1258 WCHAR DriverName
[1];
1259 } FILE_FS_DRIVER_PATH_INFORMATION
, *PFILE_FS_DRIVER_PATH_INFORMATION
;
1261 typedef struct _FILE_FULL_DIR_INFORMATION
{
1262 ULONG NextEntryOffset
;
1264 LARGE_INTEGER CreationTime
;
1265 LARGE_INTEGER LastAccessTime
;
1266 LARGE_INTEGER LastWriteTime
;
1267 LARGE_INTEGER ChangeTime
;
1268 LARGE_INTEGER EndOfFile
;
1269 LARGE_INTEGER AllocationSize
;
1270 ULONG FileAttributes
;
1271 ULONG FileNameLength
;
1274 } FILE_FULL_DIR_INFORMATION
, *PFILE_FULL_DIR_INFORMATION
;
1276 typedef struct _FILE_GET_EA_INFORMATION
{
1277 ULONG NextEntryOffset
;
1280 } FILE_GET_EA_INFORMATION
, *PFILE_GET_EA_INFORMATION
;
1282 typedef struct _FILE_GET_QUOTA_INFORMATION
{
1283 ULONG NextEntryOffset
;
1286 } FILE_GET_QUOTA_INFORMATION
, *PFILE_GET_QUOTA_INFORMATION
;
1288 typedef struct _FILE_QUOTA_INFORMATION
1290 ULONG NextEntryOffset
;
1292 LARGE_INTEGER ChangeTime
;
1293 LARGE_INTEGER QuotaUsed
;
1294 LARGE_INTEGER QuotaThreshold
;
1295 LARGE_INTEGER QuotaLimit
;
1297 } FILE_QUOTA_INFORMATION
, *PFILE_QUOTA_INFORMATION
;
1299 typedef struct _FILE_INTERNAL_INFORMATION
{
1300 LARGE_INTEGER IndexNumber
;
1301 } FILE_INTERNAL_INFORMATION
, *PFILE_INTERNAL_INFORMATION
;
1303 typedef struct _FILE_LINK_INFORMATION
{
1304 BOOLEAN ReplaceIfExists
;
1305 HANDLE RootDirectory
;
1306 ULONG FileNameLength
;
1308 } FILE_LINK_INFORMATION
, *PFILE_LINK_INFORMATION
;
1310 typedef struct _FILE_LOCK_INFO
1312 LARGE_INTEGER StartingByte
;
1313 LARGE_INTEGER Length
;
1314 BOOLEAN ExclusiveLock
;
1316 PFILE_OBJECT FileObject
;
1318 LARGE_INTEGER EndingByte
;
1319 } FILE_LOCK_INFO
, *PFILE_LOCK_INFO
;
1321 typedef struct _FILE_REPARSE_POINT_INFORMATION
1323 LONGLONG FileReference
;
1325 } FILE_REPARSE_POINT_INFORMATION
, *PFILE_REPARSE_POINT_INFORMATION
;
1327 typedef struct _FILE_MOVE_CLUSTER_INFORMATION
1330 HANDLE RootDirectory
;
1331 ULONG FileNameLength
;
1333 } FILE_MOVE_CLUSTER_INFORMATION
, *PFILE_MOVE_CLUSTER_INFORMATION
;
1335 typedef struct _FILE_NOTIFY_INFORMATION
1337 ULONG NextEntryOffset
;
1339 ULONG FileNameLength
;
1341 } FILE_NOTIFY_INFORMATION
, *PFILE_NOTIFY_INFORMATION
;
1343 /* raw internal file lock struct returned from FsRtlGetNextFileLock */
1344 typedef struct _FILE_SHARED_LOCK_ENTRY
{
1347 FILE_LOCK_INFO FileLock
;
1348 } FILE_SHARED_LOCK_ENTRY
, *PFILE_SHARED_LOCK_ENTRY
;
1350 /* raw internal file lock struct returned from FsRtlGetNextFileLock */
1351 typedef struct _FILE_EXCLUSIVE_LOCK_ENTRY
{
1352 LIST_ENTRY ListEntry
;
1355 FILE_LOCK_INFO FileLock
;
1356 } FILE_EXCLUSIVE_LOCK_ENTRY
, *PFILE_EXCLUSIVE_LOCK_ENTRY
;
1358 typedef NTSTATUS (NTAPI
*PCOMPLETE_LOCK_IRP_ROUTINE
) (
1363 typedef VOID (NTAPI
*PUNLOCK_ROUTINE
) (
1365 IN PFILE_LOCK_INFO FileLockInfo
1368 typedef struct _FILE_LOCK
{
1369 PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine
;
1370 PUNLOCK_ROUTINE UnlockRoutine
;
1371 BOOLEAN FastIoIsQuestionable
;
1373 PVOID LockInformation
;
1374 FILE_LOCK_INFO LastReturnedLockInfo
;
1375 PVOID LastReturnedLock
;
1376 } FILE_LOCK
, *PFILE_LOCK
;
1378 typedef struct _FILE_MAILSLOT_PEEK_BUFFER
{
1379 ULONG ReadDataAvailable
;
1380 ULONG NumberOfMessages
;
1381 ULONG MessageLength
;
1382 } FILE_MAILSLOT_PEEK_BUFFER
, *PFILE_MAILSLOT_PEEK_BUFFER
;
1384 typedef struct _FILE_MAILSLOT_QUERY_INFORMATION
{
1385 ULONG MaximumMessageSize
;
1386 ULONG MailslotQuota
;
1387 ULONG NextMessageSize
;
1388 ULONG MessagesAvailable
;
1389 LARGE_INTEGER ReadTimeout
;
1390 } FILE_MAILSLOT_QUERY_INFORMATION
, *PFILE_MAILSLOT_QUERY_INFORMATION
;
1392 typedef struct _FILE_MAILSLOT_SET_INFORMATION
{
1393 PLARGE_INTEGER ReadTimeout
;
1394 } FILE_MAILSLOT_SET_INFORMATION
, *PFILE_MAILSLOT_SET_INFORMATION
;
1396 typedef struct _FILE_MODE_INFORMATION
{
1398 } FILE_MODE_INFORMATION
, *PFILE_MODE_INFORMATION
;
1400 typedef struct _FILE_ALL_INFORMATION
{
1401 FILE_BASIC_INFORMATION BasicInformation
;
1402 FILE_STANDARD_INFORMATION StandardInformation
;
1403 FILE_INTERNAL_INFORMATION InternalInformation
;
1404 FILE_EA_INFORMATION EaInformation
;
1405 FILE_ACCESS_INFORMATION AccessInformation
;
1406 FILE_POSITION_INFORMATION PositionInformation
;
1407 FILE_MODE_INFORMATION ModeInformation
;
1408 FILE_ALIGNMENT_INFORMATION AlignmentInformation
;
1409 FILE_NAME_INFORMATION NameInformation
;
1410 } FILE_ALL_INFORMATION
, *PFILE_ALL_INFORMATION
;
1412 typedef struct _FILE_NAMES_INFORMATION
{
1413 ULONG NextEntryOffset
;
1415 ULONG FileNameLength
;
1417 } FILE_NAMES_INFORMATION
, *PFILE_NAMES_INFORMATION
;
1419 typedef struct _FILE_OBJECTID_INFORMATION
{
1420 LONGLONG FileReference
;
1422 _ANONYMOUS_UNION
union {
1423 __GNU_EXTENSION
struct {
1424 UCHAR BirthVolumeId
[16];
1425 UCHAR BirthObjectId
[16];
1428 UCHAR ExtendedInfo
[48];
1430 } FILE_OBJECTID_INFORMATION
, *PFILE_OBJECTID_INFORMATION
;
1432 typedef struct _FILE_OLE_CLASSID_INFORMATION
{
1434 } FILE_OLE_CLASSID_INFORMATION
, *PFILE_OLE_CLASSID_INFORMATION
;
1436 typedef struct _FILE_OLE_ALL_INFORMATION
{
1437 FILE_BASIC_INFORMATION BasicInformation
;
1438 FILE_STANDARD_INFORMATION StandardInformation
;
1439 FILE_INTERNAL_INFORMATION InternalInformation
;
1440 FILE_EA_INFORMATION EaInformation
;
1441 FILE_ACCESS_INFORMATION AccessInformation
;
1442 FILE_POSITION_INFORMATION PositionInformation
;
1443 FILE_MODE_INFORMATION ModeInformation
;
1444 FILE_ALIGNMENT_INFORMATION AlignmentInformation
;
1447 LARGE_INTEGER SecurityChangeTime
;
1448 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation
;
1449 FILE_OBJECTID_INFORMATION ObjectIdInformation
;
1450 FILE_STORAGE_TYPE StorageType
;
1453 ULONG NumberOfStreamReferences
;
1456 BOOLEAN ContentIndexDisable
;
1457 BOOLEAN InheritContentIndexDisable
;
1458 FILE_NAME_INFORMATION NameInformation
;
1459 } FILE_OLE_ALL_INFORMATION
, *PFILE_OLE_ALL_INFORMATION
;
1461 typedef struct _FILE_OLE_DIR_INFORMATION
{
1462 ULONG NextEntryOffset
;
1464 LARGE_INTEGER CreationTime
;
1465 LARGE_INTEGER LastAccessTime
;
1466 LARGE_INTEGER LastWriteTime
;
1467 LARGE_INTEGER ChangeTime
;
1468 LARGE_INTEGER EndOfFile
;
1469 LARGE_INTEGER AllocationSize
;
1470 ULONG FileAttributes
;
1471 ULONG FileNameLength
;
1472 FILE_STORAGE_TYPE StorageType
;
1475 BOOLEAN ContentIndexDisable
;
1476 BOOLEAN InheritContentIndexDisable
;
1478 } FILE_OLE_DIR_INFORMATION
, *PFILE_OLE_DIR_INFORMATION
;
1480 typedef struct _FILE_OLE_INFORMATION
{
1481 LARGE_INTEGER SecurityChangeTime
;
1482 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation
;
1483 FILE_OBJECTID_INFORMATION ObjectIdInformation
;
1484 FILE_STORAGE_TYPE StorageType
;
1486 BOOLEAN ContentIndexDisable
;
1487 BOOLEAN InheritContentIndexDisable
;
1488 } FILE_OLE_INFORMATION
, *PFILE_OLE_INFORMATION
;
1490 typedef struct _FILE_OLE_STATE_BITS_INFORMATION
{
1492 ULONG StateBitsMask
;
1493 } FILE_OLE_STATE_BITS_INFORMATION
, *PFILE_OLE_STATE_BITS_INFORMATION
;
1495 typedef struct _FILE_PIPE_ASSIGN_EVENT_BUFFER
{
1498 } FILE_PIPE_ASSIGN_EVENT_BUFFER
, *PFILE_PIPE_ASSIGN_EVENT_BUFFER
;
1500 typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER
{
1501 PVOID ClientSession
;
1502 PVOID ClientProcess
;
1503 } FILE_PIPE_CLIENT_PROCESS_BUFFER
, *PFILE_PIPE_CLIENT_PROCESS_BUFFER
;
1505 typedef struct _FILE_PIPE_EVENT_BUFFER
{
1506 ULONG NamedPipeState
;
1510 ULONG NumberRequests
;
1511 } FILE_PIPE_EVENT_BUFFER
, *PFILE_PIPE_EVENT_BUFFER
;
1513 typedef struct _FILE_PIPE_PEEK_BUFFER
1515 ULONG NamedPipeState
;
1516 ULONG ReadDataAvailable
;
1517 ULONG NumberOfMessages
;
1518 ULONG MessageLength
;
1520 } FILE_PIPE_PEEK_BUFFER
, *PFILE_PIPE_PEEK_BUFFER
;
1522 typedef struct _FILE_PIPE_INFORMATION
{
1524 ULONG CompletionMode
;
1525 } FILE_PIPE_INFORMATION
, *PFILE_PIPE_INFORMATION
;
1527 typedef struct _FILE_PIPE_LOCAL_INFORMATION
{
1528 ULONG NamedPipeType
;
1529 ULONG NamedPipeConfiguration
;
1530 ULONG MaximumInstances
;
1531 ULONG CurrentInstances
;
1533 ULONG ReadDataAvailable
;
1534 ULONG OutboundQuota
;
1535 ULONG WriteQuotaAvailable
;
1536 ULONG NamedPipeState
;
1538 } FILE_PIPE_LOCAL_INFORMATION
, *PFILE_PIPE_LOCAL_INFORMATION
;
1540 typedef struct _FILE_PIPE_REMOTE_INFORMATION
{
1541 LARGE_INTEGER CollectDataTime
;
1542 ULONG MaximumCollectionCount
;
1543 } FILE_PIPE_REMOTE_INFORMATION
, *PFILE_PIPE_REMOTE_INFORMATION
;
1545 typedef struct _FILE_PIPE_WAIT_FOR_BUFFER
{
1546 LARGE_INTEGER Timeout
;
1548 BOOLEAN TimeoutSpecified
;
1550 } FILE_PIPE_WAIT_FOR_BUFFER
, *PFILE_PIPE_WAIT_FOR_BUFFER
;
1552 typedef struct _FILE_RENAME_INFORMATION
{
1553 BOOLEAN ReplaceIfExists
;
1554 HANDLE RootDirectory
;
1555 ULONG FileNameLength
;
1557 } FILE_RENAME_INFORMATION
, *PFILE_RENAME_INFORMATION
;
1559 typedef struct _FILE_STREAM_INFORMATION
{
1560 ULONG NextEntryOffset
;
1561 ULONG StreamNameLength
;
1562 LARGE_INTEGER StreamSize
;
1563 LARGE_INTEGER StreamAllocationSize
;
1564 WCHAR StreamName
[1];
1565 } FILE_STREAM_INFORMATION
, *PFILE_STREAM_INFORMATION
;
1567 typedef struct _FILE_TRACKING_INFORMATION
{
1568 HANDLE DestinationFile
;
1569 ULONG ObjectInformationLength
;
1570 CHAR ObjectInformation
[1];
1571 } FILE_TRACKING_INFORMATION
, *PFILE_TRACKING_INFORMATION
;
1573 #if (VER_PRODUCTBUILD >= 2195)
1574 typedef struct _FILE_ZERO_DATA_INFORMATION
{
1575 LARGE_INTEGER FileOffset
;
1576 LARGE_INTEGER BeyondFinalZero
;
1577 } FILE_ZERO_DATA_INFORMATION
, *PFILE_ZERO_DATA_INFORMATION
;
1579 typedef struct FILE_ALLOCATED_RANGE_BUFFER
{
1580 LARGE_INTEGER FileOffset
;
1581 LARGE_INTEGER Length
;
1582 } FILE_ALLOCATED_RANGE_BUFFER
, *PFILE_ALLOCATED_RANGE_BUFFER
;
1583 #endif /* (VER_PRODUCTBUILD >= 2195) */
1585 #define FSRTL_FCB_HEADER_V0 (0x00)
1586 #define FSRTL_FCB_HEADER_V1 (0x01)
1589 typedef struct _FSRTL_COMMON_FCB_HEADER
{
1590 CSHORT NodeTypeCode
;
1591 CSHORT NodeByteSize
;
1593 UCHAR IsFastIoPossible
;
1594 #if (VER_PRODUCTBUILD >= 1381)
1597 #endif /* (VER_PRODUCTBUILD >= 1381) */
1598 PERESOURCE Resource
;
1599 PERESOURCE PagingIoResource
;
1600 LARGE_INTEGER AllocationSize
;
1601 LARGE_INTEGER FileSize
;
1602 LARGE_INTEGER ValidDataLength
;
1603 } FSRTL_COMMON_FCB_HEADER
, *PFSRTL_COMMON_FCB_HEADER
;
1605 typedef enum _FSRTL_COMPARISON_RESULT
1610 } FSRTL_COMPARISON_RESULT
;
1612 #if (VER_PRODUCTBUILD >= 2600)
1614 typedef struct _FSRTL_ADVANCED_FCB_HEADER
{
1615 CSHORT NodeTypeCode
;
1616 CSHORT NodeByteSize
;
1618 UCHAR IsFastIoPossible
;
1622 PERESOURCE Resource
;
1623 PERESOURCE PagingIoResource
;
1624 LARGE_INTEGER AllocationSize
;
1625 LARGE_INTEGER FileSize
;
1626 LARGE_INTEGER ValidDataLength
;
1627 PFAST_MUTEX FastMutex
;
1628 LIST_ENTRY FilterContexts
;
1629 EX_PUSH_LOCK PushLock
;
1630 PVOID
*FileContextSupportPointer
;
1631 } FSRTL_ADVANCED_FCB_HEADER
, *PFSRTL_ADVANCED_FCB_HEADER
;
1633 typedef struct _FSRTL_PER_STREAM_CONTEXT
{
1637 PFREE_FUNCTION FreeCallback
;
1638 } FSRTL_PER_STREAM_CONTEXT
, *PFSRTL_PER_STREAM_CONTEXT
;
1640 typedef struct _FSRTL_PER_FILEOBJECT_CONTEXT
1645 } FSRTL_PER_FILEOBJECT_CONTEXT
, *PFSRTL_PER_FILEOBJECT_CONTEXT
;
1647 #endif /* (VER_PRODUCTBUILD >= 2600) */
1649 typedef struct _BASE_MCB
1651 ULONG MaximumPairCount
;
1656 } BASE_MCB
, *PBASE_MCB
;
1658 typedef struct _LARGE_MCB
1660 PKGUARDED_MUTEX GuardedMutex
;
1662 } LARGE_MCB
, *PLARGE_MCB
;
1666 LARGE_MCB DummyFieldThatSizesThisStructureCorrectly
;
1669 typedef struct _GENERATE_NAME_CONTEXT
{
1671 BOOLEAN CheckSumInserted
;
1673 WCHAR NameBuffer
[8];
1674 ULONG ExtensionLength
;
1675 WCHAR ExtensionBuffer
[4];
1676 ULONG LastIndexValue
;
1677 } GENERATE_NAME_CONTEXT
, *PGENERATE_NAME_CONTEXT
;
1679 typedef struct _MAPPING_PAIR
{
1682 } MAPPING_PAIR
, *PMAPPING_PAIR
;
1684 typedef struct _GET_RETRIEVAL_DESCRIPTOR
{
1685 ULONG NumberOfPairs
;
1687 MAPPING_PAIR Pair
[1];
1688 } GET_RETRIEVAL_DESCRIPTOR
, *PGET_RETRIEVAL_DESCRIPTOR
;
1690 typedef struct _KQUEUE
{
1691 DISPATCHER_HEADER Header
;
1692 LIST_ENTRY EntryListHead
;
1695 LIST_ENTRY ThreadListHead
;
1696 } KQUEUE
, *PKQUEUE
, *RESTRICTED_POINTER PRKQUEUE
;
1698 #define ASSERT_QUEUE(Q) ASSERT(((Q)->Header.Type & KOBJECT_TYPE_MASK) == QueueObject);
1700 typedef struct _MBCB
{
1701 CSHORT NodeTypeCode
;
1702 CSHORT NodeIsInZone
;
1706 LIST_ENTRY BitmapRanges
;
1707 LONGLONG ResumeWritePage
;
1708 BITMAP_RANGE BitmapRange1
;
1709 BITMAP_RANGE BitmapRange2
;
1710 BITMAP_RANGE BitmapRange3
;
1713 typedef enum _MMFLUSH_TYPE
{
1718 typedef struct _MOVEFILE_DESCRIPTOR
{
1721 LARGE_INTEGER StartVcn
;
1722 LARGE_INTEGER TargetLcn
;
1725 } MOVEFILE_DESCRIPTOR
, *PMOVEFILE_DESCRIPTOR
;
1727 typedef struct _OBJECT_BASIC_INFO
{
1729 ACCESS_MASK GrantedAccess
;
1731 ULONG ReferenceCount
;
1732 ULONG PagedPoolUsage
;
1733 ULONG NonPagedPoolUsage
;
1735 ULONG NameInformationLength
;
1736 ULONG TypeInformationLength
;
1737 ULONG SecurityDescriptorLength
;
1738 LARGE_INTEGER CreateTime
;
1739 } OBJECT_BASIC_INFO
, *POBJECT_BASIC_INFO
;
1741 typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFO
{
1743 BOOLEAN ProtectFromClose
;
1744 } OBJECT_HANDLE_ATTRIBUTE_INFO
, *POBJECT_HANDLE_ATTRIBUTE_INFO
;
1746 typedef struct _OBJECT_NAME_INFO
{
1747 UNICODE_STRING ObjectName
;
1748 WCHAR ObjectNameBuffer
[1];
1749 } OBJECT_NAME_INFO
, *POBJECT_NAME_INFO
;
1751 typedef struct _OBJECT_PROTECTION_INFO
{
1753 BOOLEAN ProtectHandle
;
1754 } OBJECT_PROTECTION_INFO
, *POBJECT_PROTECTION_INFO
;
1756 typedef struct _OBJECT_TYPE_INFO
{
1757 UNICODE_STRING ObjectTypeName
;
1758 UCHAR Unknown
[0x58];
1759 WCHAR ObjectTypeNameBuffer
[1];
1760 } OBJECT_TYPE_INFO
, *POBJECT_TYPE_INFO
;
1762 typedef struct _OBJECT_ALL_TYPES_INFO
{
1763 ULONG NumberOfObjectTypes
;
1764 OBJECT_TYPE_INFO ObjectsTypeInfo
[1];
1765 } OBJECT_ALL_TYPES_INFO
, *POBJECT_ALL_TYPES_INFO
;
1767 typedef struct _PATHNAME_BUFFER
{
1768 ULONG PathNameLength
;
1770 } PATHNAME_BUFFER
, *PPATHNAME_BUFFER
;
1772 typedef enum _RTL_GENERIC_COMPARE_RESULTS
1777 } RTL_GENERIC_COMPARE_RESULTS
;
1779 typedef enum _TABLE_SEARCH_RESULT
1785 } TABLE_SEARCH_RESULT
;
1788 (NTAPI
*PRTL_AVL_MATCH_FUNCTION
)(
1789 struct _RTL_AVL_TABLE
*Table
,
1794 typedef RTL_GENERIC_COMPARE_RESULTS
1795 (NTAPI
*PRTL_AVL_COMPARE_ROUTINE
) (
1796 struct _RTL_AVL_TABLE
*Table
,
1801 typedef RTL_GENERIC_COMPARE_RESULTS
1802 (NTAPI
*PRTL_GENERIC_COMPARE_ROUTINE
) (
1803 struct _RTL_GENERIC_TABLE
*Table
,
1809 (NTAPI
*PRTL_GENERIC_ALLOCATE_ROUTINE
) (
1810 struct _RTL_GENERIC_TABLE
*Table
,
1815 (NTAPI
*PRTL_GENERIC_FREE_ROUTINE
) (
1816 struct _RTL_GENERIC_TABLE
*Table
,
1821 (NTAPI
*PRTL_AVL_ALLOCATE_ROUTINE
) (
1822 struct _RTL_AVL_TABLE
*Table
,
1827 (NTAPI
*PRTL_AVL_FREE_ROUTINE
) (
1828 struct _RTL_AVL_TABLE
*Table
,
1832 typedef struct _PUBLIC_BCB
{
1833 CSHORT NodeTypeCode
;
1834 CSHORT NodeByteSize
;
1836 LARGE_INTEGER MappedFileOffset
;
1837 } PUBLIC_BCB
, *PPUBLIC_BCB
;
1839 typedef struct _QUERY_PATH_REQUEST
{
1840 ULONG PathNameLength
;
1841 PIO_SECURITY_CONTEXT SecurityContext
;
1842 WCHAR FilePathName
[1];
1843 } QUERY_PATH_REQUEST
, *PQUERY_PATH_REQUEST
;
1845 typedef struct _QUERY_PATH_RESPONSE
{
1846 ULONG LengthAccepted
;
1847 } QUERY_PATH_RESPONSE
, *PQUERY_PATH_RESPONSE
;
1849 typedef struct _RETRIEVAL_POINTERS_BUFFER
{
1851 LARGE_INTEGER StartingVcn
;
1853 LARGE_INTEGER NextVcn
;
1856 } RETRIEVAL_POINTERS_BUFFER
, *PRETRIEVAL_POINTERS_BUFFER
;
1858 typedef struct _RTL_SPLAY_LINKS
{
1859 struct _RTL_SPLAY_LINKS
*Parent
;
1860 struct _RTL_SPLAY_LINKS
*LeftChild
;
1861 struct _RTL_SPLAY_LINKS
*RightChild
;
1862 } RTL_SPLAY_LINKS
, *PRTL_SPLAY_LINKS
;
1864 typedef struct _RTL_BALANCED_LINKS
1866 struct _RTL_BALANCED_LINKS
*Parent
;
1867 struct _RTL_BALANCED_LINKS
*LeftChild
;
1868 struct _RTL_BALANCED_LINKS
*RightChild
;
1871 } RTL_BALANCED_LINKS
, *PRTL_BALANCED_LINKS
;
1873 typedef struct _RTL_GENERIC_TABLE
1875 PRTL_SPLAY_LINKS TableRoot
;
1876 LIST_ENTRY InsertOrderList
;
1877 PLIST_ENTRY OrderedPointer
;
1878 ULONG WhichOrderedElement
;
1879 ULONG NumberGenericTableElements
;
1880 PRTL_GENERIC_COMPARE_ROUTINE CompareRoutine
;
1881 PRTL_GENERIC_ALLOCATE_ROUTINE AllocateRoutine
;
1882 PRTL_GENERIC_FREE_ROUTINE FreeRoutine
;
1884 } RTL_GENERIC_TABLE
, *PRTL_GENERIC_TABLE
;
1886 typedef struct _UNICODE_PREFIX_TABLE_ENTRY
1888 CSHORT NodeTypeCode
;
1890 struct _UNICODE_PREFIX_TABLE_ENTRY
*NextPrefixTree
;
1891 struct _UNICODE_PREFIX_TABLE_ENTRY
*CaseMatch
;
1892 RTL_SPLAY_LINKS Links
;
1893 PUNICODE_STRING Prefix
;
1894 } UNICODE_PREFIX_TABLE_ENTRY
, *PUNICODE_PREFIX_TABLE_ENTRY
;
1896 typedef struct _UNICODE_PREFIX_TABLE
1898 CSHORT NodeTypeCode
;
1900 PUNICODE_PREFIX_TABLE_ENTRY NextPrefixTree
;
1901 PUNICODE_PREFIX_TABLE_ENTRY LastNextEntry
;
1902 } UNICODE_PREFIX_TABLE
, *PUNICODE_PREFIX_TABLE
;
1907 RtlInitializeUnicodePrefix (
1908 IN PUNICODE_PREFIX_TABLE PrefixTable
1914 RtlInsertUnicodePrefix (
1915 IN PUNICODE_PREFIX_TABLE PrefixTable
,
1916 IN PUNICODE_STRING Prefix
,
1917 IN PUNICODE_PREFIX_TABLE_ENTRY PrefixTableEntry
1923 RtlRemoveUnicodePrefix (
1924 IN PUNICODE_PREFIX_TABLE PrefixTable
,
1925 IN PUNICODE_PREFIX_TABLE_ENTRY PrefixTableEntry
1929 PUNICODE_PREFIX_TABLE_ENTRY
1931 RtlFindUnicodePrefix (
1932 IN PUNICODE_PREFIX_TABLE PrefixTable
,
1933 IN PUNICODE_STRING FullName
,
1934 IN ULONG CaseInsensitiveIndex
1938 PUNICODE_PREFIX_TABLE_ENTRY
1940 RtlNextUnicodePrefix (
1941 IN PUNICODE_PREFIX_TABLE PrefixTable
,
1945 #undef PRTL_GENERIC_COMPARE_ROUTINE
1946 #undef PRTL_GENERIC_ALLOCATE_ROUTINE
1947 #undef PRTL_GENERIC_FREE_ROUTINE
1948 #undef RTL_GENERIC_TABLE
1949 #undef PRTL_GENERIC_TABLE
1951 #define PRTL_GENERIC_COMPARE_ROUTINE PRTL_AVL_COMPARE_ROUTINE
1952 #define PRTL_GENERIC_ALLOCATE_ROUTINE PRTL_AVL_ALLOCATE_ROUTINE
1953 #define PRTL_GENERIC_FREE_ROUTINE PRTL_AVL_FREE_ROUTINE
1954 #define RTL_GENERIC_TABLE RTL_AVL_TABLE
1955 #define PRTL_GENERIC_TABLE PRTL_AVL_TABLE
1957 #define RtlInitializeGenericTable RtlInitializeGenericTableAvl
1958 #define RtlInsertElementGenericTable RtlInsertElementGenericTableAvl
1959 #define RtlInsertElementGenericTableFull RtlInsertElementGenericTableFullAvl
1960 #define RtlDeleteElementGenericTable RtlDeleteElementGenericTableAvl
1961 #define RtlLookupElementGenericTable RtlLookupElementGenericTableAvl
1962 #define RtlLookupElementGenericTableFull RtlLookupElementGenericTableFullAvl
1963 #define RtlEnumerateGenericTable RtlEnumerateGenericTableAvl
1964 #define RtlEnumerateGenericTableWithoutSplaying RtlEnumerateGenericTableWithoutSplayingAvl
1965 #define RtlGetElementGenericTable RtlGetElementGenericTableAvl
1966 #define RtlNumberGenericTableElements RtlNumberGenericTableElementsAvl
1967 #define RtlIsGenericTableEmpty RtlIsGenericTableEmptyAvl
1969 typedef struct _RTL_AVL_TABLE
1971 RTL_BALANCED_LINKS BalancedRoot
;
1972 PVOID OrderedPointer
;
1973 ULONG WhichOrderedElement
;
1974 ULONG NumberGenericTableElements
;
1976 PRTL_BALANCED_LINKS RestartKey
;
1978 PRTL_AVL_COMPARE_ROUTINE CompareRoutine
;
1979 PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine
;
1980 PRTL_AVL_FREE_ROUTINE FreeRoutine
;
1982 } RTL_AVL_TABLE
, *PRTL_AVL_TABLE
;
1987 RtlInitializeGenericTableAvl(
1988 PRTL_AVL_TABLE Table
,
1989 PRTL_AVL_COMPARE_ROUTINE CompareRoutine
,
1990 PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine
,
1991 PRTL_AVL_FREE_ROUTINE FreeRoutine
,
1998 RtlInsertElementGenericTableAvl (
1999 PRTL_AVL_TABLE Table
,
2002 PBOOLEAN NewElement OPTIONAL
2008 RtlDeleteElementGenericTableAvl (
2009 PRTL_AVL_TABLE Table
,
2016 RtlLookupElementGenericTableAvl (
2017 PRTL_AVL_TABLE Table
,
2024 RtlEnumerateGenericTableWithoutSplayingAvl (
2025 PRTL_AVL_TABLE Table
,
2029 #if defined(USE_LPC6432)
2030 #define LPC_CLIENT_ID CLIENT_ID64
2031 #define LPC_SIZE_T ULONGLONG
2032 #define LPC_PVOID ULONGLONG
2033 #define LPC_HANDLE ULONGLONG
2035 #define LPC_CLIENT_ID CLIENT_ID
2036 #define LPC_SIZE_T SIZE_T
2037 #define LPC_PVOID PVOID
2038 #define LPC_HANDLE HANDLE
2041 typedef struct _PORT_MESSAGE
2057 CSHORT DataInfoOffset
;
2061 __GNU_EXTENSION
union
2063 LPC_CLIENT_ID ClientId
;
2064 double DoNotUseThisField
;
2067 __GNU_EXTENSION
union
2069 LPC_SIZE_T ClientViewSize
;
2072 } PORT_MESSAGE
, *PPORT_MESSAGE
;
2074 #define LPC_KERNELMODE_MESSAGE (CSHORT)((USHORT)0x8000)
2076 typedef struct _PORT_VIEW
2079 LPC_HANDLE SectionHandle
;
2080 ULONG SectionOffset
;
2081 LPC_SIZE_T ViewSize
;
2083 LPC_PVOID ViewRemoteBase
;
2084 } PORT_VIEW
, *PPORT_VIEW
;
2086 typedef struct _REMOTE_PORT_VIEW
2089 LPC_SIZE_T ViewSize
;
2091 } REMOTE_PORT_VIEW
, *PREMOTE_PORT_VIEW
;
2093 typedef struct _SE_EXPORTS
{
2095 LUID SeCreateTokenPrivilege
;
2096 LUID SeAssignPrimaryTokenPrivilege
;
2097 LUID SeLockMemoryPrivilege
;
2098 LUID SeIncreaseQuotaPrivilege
;
2099 LUID SeUnsolicitedInputPrivilege
;
2100 LUID SeTcbPrivilege
;
2101 LUID SeSecurityPrivilege
;
2102 LUID SeTakeOwnershipPrivilege
;
2103 LUID SeLoadDriverPrivilege
;
2104 LUID SeCreatePagefilePrivilege
;
2105 LUID SeIncreaseBasePriorityPrivilege
;
2106 LUID SeSystemProfilePrivilege
;
2107 LUID SeSystemtimePrivilege
;
2108 LUID SeProfileSingleProcessPrivilege
;
2109 LUID SeCreatePermanentPrivilege
;
2110 LUID SeBackupPrivilege
;
2111 LUID SeRestorePrivilege
;
2112 LUID SeShutdownPrivilege
;
2113 LUID SeDebugPrivilege
;
2114 LUID SeAuditPrivilege
;
2115 LUID SeSystemEnvironmentPrivilege
;
2116 LUID SeChangeNotifyPrivilege
;
2117 LUID SeRemoteShutdownPrivilege
;
2122 PSID SeCreatorOwnerSid
;
2123 PSID SeCreatorGroupSid
;
2125 PSID SeNtAuthoritySid
;
2129 PSID SeInteractiveSid
;
2130 PSID SeLocalSystemSid
;
2131 PSID SeAliasAdminsSid
;
2132 PSID SeAliasUsersSid
;
2133 PSID SeAliasGuestsSid
;
2134 PSID SeAliasPowerUsersSid
;
2135 PSID SeAliasAccountOpsSid
;
2136 PSID SeAliasSystemOpsSid
;
2137 PSID SeAliasPrintOpsSid
;
2138 PSID SeAliasBackupOpsSid
;
2140 PSID SeAuthenticatedUsersSid
;
2142 PSID SeRestrictedSid
;
2143 PSID SeAnonymousLogonSid
;
2145 LUID SeUndockPrivilege
;
2146 LUID SeSyncAgentPrivilege
;
2147 LUID SeEnableDelegationPrivilege
;
2149 } SE_EXPORTS
, *PSE_EXPORTS
;
2151 extern PSE_EXPORTS SeExports
;
2155 LARGE_INTEGER StartingLcn
;
2156 } STARTING_LCN_INPUT_BUFFER
, *PSTARTING_LCN_INPUT_BUFFER
;
2158 typedef struct _STARTING_VCN_INPUT_BUFFER
{
2159 LARGE_INTEGER StartingVcn
;
2160 } STARTING_VCN_INPUT_BUFFER
, *PSTARTING_VCN_INPUT_BUFFER
;
2162 typedef struct _SECURITY_CLIENT_CONTEXT
{
2163 SECURITY_QUALITY_OF_SERVICE SecurityQos
;
2164 PACCESS_TOKEN ClientToken
;
2165 BOOLEAN DirectlyAccessClientToken
;
2166 BOOLEAN DirectAccessEffectiveOnly
;
2167 BOOLEAN ServerIsRemote
;
2168 TOKEN_CONTROL ClientTokenControl
;
2169 } SECURITY_CLIENT_CONTEXT
, *PSECURITY_CLIENT_CONTEXT
;
2172 // The following are the inherit flags that go into the AceFlags field
2173 // of an Ace header.
2175 #define OBJECT_INHERIT_ACE (0x1)
2176 #define CONTAINER_INHERIT_ACE (0x2)
2177 #define NO_PROPAGATE_INHERIT_ACE (0x4)
2178 #define INHERIT_ONLY_ACE (0x8)
2179 #define INHERITED_ACE (0x10)
2180 #define VALID_INHERIT_FLAGS (0x1F)
2182 typedef struct _ACE_HEADER
2187 } ACE_HEADER
, *PACE_HEADER
;
2189 typedef struct _ACCESS_ALLOWED_ACE
2194 } ACCESS_ALLOWED_ACE
, *PACCESS_ALLOWED_ACE
;
2196 typedef struct _ACCESS_DENIED_ACE
2201 } ACCESS_DENIED_ACE
, *PACCESS_DENIED_ACE
;
2203 typedef struct _SYSTEM_AUDIT_ACE
2208 } SYSTEM_AUDIT_ACE
, *PSYSTEM_AUDIT_ACE
;
2210 typedef struct _SYSTEM_ALARM_ACE
2215 } SYSTEM_ALARM_ACE
, *PSYSTEM_ALARM_ACE
;
2217 typedef struct _SYSTEM_MANDATORY_LABEL_ACE
2222 } SYSTEM_MANDATORY_LABEL_ACE
, *PSYSTEM_MANDATORY_LABEL_ACE
;
2224 typedef struct _TUNNEL
{
2226 PRTL_SPLAY_LINKS Cache
;
2227 LIST_ENTRY TimerQueue
;
2231 typedef struct _VAD_HEADER
{
2234 struct _VAD_HEADER
* ParentLink
;
2235 struct _VAD_HEADER
* LeftLink
;
2236 struct _VAD_HEADER
* RightLink
;
2237 ULONG Flags
; /* LSB = CommitCharge */
2239 PVOID FirstProtoPte
;
2243 } VAD_HEADER
, *PVAD_HEADER
;
2247 LARGE_INTEGER StartingLcn
;
2248 LARGE_INTEGER BitmapSize
;
2250 } VOLUME_BITMAP_BUFFER
, *PVOLUME_BITMAP_BUFFER
;
2252 #if (VER_PRODUCTBUILD >= 2600)
2255 (NTAPI
*PFILTER_REPORT_CHANGE
) (
2256 IN PVOID NotifyContext
,
2257 IN PVOID FilterContext
2260 typedef enum _FS_FILTER_SECTION_SYNC_TYPE
{
2262 SyncTypeCreateSection
2263 } FS_FILTER_SECTION_SYNC_TYPE
, *PFS_FILTER_SECTION_SYNC_TYPE
;
2265 typedef enum _FS_FILTER_STREAM_FO_NOTIFICATION_TYPE
{
2266 NotifyTypeCreate
= 0,
2268 } FS_FILTER_STREAM_FO_NOTIFICATION_TYPE
, *PFS_FILTER_STREAM_FO_NOTIFICATION_TYPE
;
2270 typedef union _FS_FILTER_PARAMETERS
{
2272 PLARGE_INTEGER EndingOffset
;
2273 PERESOURCE
*ResourceToRelease
;
2274 } AcquireForModifiedPageWriter
;
2277 PERESOURCE ResourceToRelease
;
2278 } ReleaseForModifiedPageWriter
;
2281 FS_FILTER_SECTION_SYNC_TYPE SyncType
;
2282 ULONG PageProtection
;
2283 } AcquireForSectionSynchronization
;
2286 FS_FILTER_STREAM_FO_NOTIFICATION_TYPE NotificationType
;
2287 BOOLEAN POINTER_ALIGNMENT SafeToRecurse
;
2288 } NotifyStreamFileObject
;
2297 } FS_FILTER_PARAMETERS
, *PFS_FILTER_PARAMETERS
;
2299 typedef struct _FS_FILTER_CALLBACK_DATA
{
2300 ULONG SizeOfFsFilterCallbackData
;
2303 struct _DEVICE_OBJECT
*DeviceObject
;
2304 struct _FILE_OBJECT
*FileObject
;
2305 FS_FILTER_PARAMETERS Parameters
;
2306 } FS_FILTER_CALLBACK_DATA
, *PFS_FILTER_CALLBACK_DATA
;
2309 (NTAPI
*PFS_FILTER_CALLBACK
) (
2310 IN PFS_FILTER_CALLBACK_DATA Data
,
2311 OUT PVOID
*CompletionContext
2315 (NTAPI
*PFS_FILTER_COMPLETION_CALLBACK
) (
2316 IN PFS_FILTER_CALLBACK_DATA Data
,
2317 IN NTSTATUS OperationStatus
,
2318 IN PVOID CompletionContext
2321 typedef struct _FS_FILTER_CALLBACKS
{
2322 ULONG SizeOfFsFilterCallbacks
;
2324 PFS_FILTER_CALLBACK PreAcquireForSectionSynchronization
;
2325 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForSectionSynchronization
;
2326 PFS_FILTER_CALLBACK PreReleaseForSectionSynchronization
;
2327 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForSectionSynchronization
;
2328 PFS_FILTER_CALLBACK PreAcquireForCcFlush
;
2329 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForCcFlush
;
2330 PFS_FILTER_CALLBACK PreReleaseForCcFlush
;
2331 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForCcFlush
;
2332 PFS_FILTER_CALLBACK PreAcquireForModifiedPageWriter
;
2333 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForModifiedPageWriter
;
2334 PFS_FILTER_CALLBACK PreReleaseForModifiedPageWriter
;
2335 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForModifiedPageWriter
;
2336 } FS_FILTER_CALLBACKS
, *PFS_FILTER_CALLBACKS
;
2338 typedef struct _READ_LIST
{
2339 PFILE_OBJECT FileObject
;
2340 ULONG NumberOfEntries
;
2342 FILE_SEGMENT_ELEMENT List
[ANYSIZE_ARRAY
];
2343 } READ_LIST
, *PREAD_LIST
;
2348 (NTAPI
* PRTL_HEAP_COMMIT_ROUTINE
) (
2350 IN OUT PVOID
*CommitAddress
,
2351 IN OUT PSIZE_T CommitSize
2354 typedef struct _RTL_HEAP_PARAMETERS
{
2356 SIZE_T SegmentReserve
;
2357 SIZE_T SegmentCommit
;
2358 SIZE_T DeCommitFreeBlockThreshold
;
2359 SIZE_T DeCommitTotalFreeThreshold
;
2360 SIZE_T MaximumAllocationSize
;
2361 SIZE_T VirtualMemoryThreshold
;
2362 SIZE_T InitialCommit
;
2363 SIZE_T InitialReserve
;
2364 PRTL_HEAP_COMMIT_ROUTINE CommitRoutine
;
2366 } RTL_HEAP_PARAMETERS
, *PRTL_HEAP_PARAMETERS
;
2372 IN PFILE_OBJECT FileObject
,
2373 IN ULONG BytesToWrite
,
2382 IN PFILE_OBJECT FileObject
,
2383 IN PLARGE_INTEGER FileOffset
,
2387 OUT PIO_STATUS_BLOCK IoStatus
2394 IN PFILE_OBJECT FileObject
,
2395 IN PLARGE_INTEGER FileOffset
,
2401 #define CcCopyWriteWontFlush(FO, FOFF, LEN) ((LEN) <= 0x10000)
2403 typedef VOID (NTAPI
*PCC_POST_DEFERRED_WRITE
) (
2412 IN PFILE_OBJECT FileObject
,
2413 IN PCC_POST_DEFERRED_WRITE PostRoutine
,
2416 IN ULONG BytesToWrite
,
2424 IN PFILE_OBJECT FileObject
,
2425 IN ULONG FileOffset
,
2429 OUT PIO_STATUS_BLOCK IoStatus
2436 IN PFILE_OBJECT FileObject
,
2437 IN ULONG FileOffset
,
2446 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
2447 IN PLARGE_INTEGER FileOffset OPTIONAL
,
2449 OUT PIO_STATUS_BLOCK IoStatus OPTIONAL
2452 typedef VOID (NTAPI
*PDIRTY_PAGE_ROUTINE
) (
2453 IN PFILE_OBJECT FileObject
,
2454 IN PLARGE_INTEGER FileOffset
,
2456 IN PLARGE_INTEGER OldestLsn
,
2457 IN PLARGE_INTEGER NewestLsn
,
2467 IN PDIRTY_PAGE_ROUTINE DirtyPageRoutine
,
2475 CcGetFileObjectFromBcb (
2482 CcGetFileObjectFromSectionPtrs (
2483 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
2486 #define CcGetFileSizePointer(FO) ( \
2487 ((PLARGE_INTEGER)((FO)->SectionObjectPointer->SharedCacheMap) + 1) \
2490 #if (VER_PRODUCTBUILD >= 2195)
2495 CcGetFlushedValidData (
2496 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
2497 IN BOOLEAN BcbListHeld
2500 #endif /* (VER_PRODUCTBUILD >= 2195) */
2505 CcGetLsnForFileObject (
2506 IN PFILE_OBJECT FileObject
,
2507 OUT PLARGE_INTEGER OldestLsn OPTIONAL
2510 typedef BOOLEAN (NTAPI
*PACQUIRE_FOR_LAZY_WRITE
) (
2515 typedef VOID (NTAPI
*PRELEASE_FROM_LAZY_WRITE
) (
2519 typedef BOOLEAN (NTAPI
*PACQUIRE_FOR_READ_AHEAD
) (
2524 typedef VOID (NTAPI
*PRELEASE_FROM_READ_AHEAD
) (
2528 typedef struct _CACHE_MANAGER_CALLBACKS
{
2529 PACQUIRE_FOR_LAZY_WRITE AcquireForLazyWrite
;
2530 PRELEASE_FROM_LAZY_WRITE ReleaseFromLazyWrite
;
2531 PACQUIRE_FOR_READ_AHEAD AcquireForReadAhead
;
2532 PRELEASE_FROM_READ_AHEAD ReleaseFromReadAhead
;
2533 } CACHE_MANAGER_CALLBACKS
, *PCACHE_MANAGER_CALLBACKS
;
2538 CcInitializeCacheMap (
2539 IN PFILE_OBJECT FileObject
,
2540 IN PCC_FILE_SIZES FileSizes
,
2541 IN BOOLEAN PinAccess
,
2542 IN PCACHE_MANAGER_CALLBACKS Callbacks
,
2543 IN PVOID LazyWriteContext
2546 #define CcIsFileCached(FO) ( \
2547 ((FO)->SectionObjectPointer != NULL) && \
2548 (((PSECTION_OBJECT_POINTERS)(FO)->SectionObjectPointer)->SharedCacheMap != NULL) \
2551 extern ULONG CcFastMdlReadWait
;
2556 CcIsThereDirtyData (
2564 IN PFILE_OBJECT FileObject
,
2565 IN PLARGE_INTEGER FileOffset
,
2576 IN PFILE_OBJECT FileObject
,
2577 IN PLARGE_INTEGER FileOffset
,
2580 OUT PIO_STATUS_BLOCK IoStatus
2587 IN PFILE_OBJECT FileObject
,
2594 CcMdlWriteComplete (
2595 IN PFILE_OBJECT FileObject
,
2596 IN PLARGE_INTEGER FileOffset
,
2606 IN PFILE_OBJECT FileObject
,
2607 IN PLARGE_INTEGER FileOffset
,
2617 IN PFILE_OBJECT FileObject
,
2618 IN PLARGE_INTEGER FileOffset
,
2629 IN PFILE_OBJECT FileObject
,
2630 IN PLARGE_INTEGER FileOffset
,
2633 OUT PIO_STATUS_BLOCK IoStatus
2640 IN PFILE_OBJECT FileObject
,
2641 IN PLARGE_INTEGER FileOffset
,
2652 CcPurgeCacheSection (
2653 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
2654 IN PLARGE_INTEGER FileOffset OPTIONAL
,
2656 IN BOOLEAN UninitializeCacheMaps
2659 #define CcReadAhead(FO, FOFF, LEN) ( \
2660 if ((LEN) >= 256) { \
2661 CcScheduleReadAhead((FO), (FOFF), (LEN)); \
2665 #if (VER_PRODUCTBUILD >= 2195)
2674 #endif /* (VER_PRODUCTBUILD >= 2195) */
2686 CcScheduleReadAhead (
2687 IN PFILE_OBJECT FileObject
,
2688 IN PLARGE_INTEGER FileOffset
,
2695 CcSetAdditionalCacheAttributes (
2696 IN PFILE_OBJECT FileObject
,
2697 IN BOOLEAN DisableReadAhead
,
2698 IN BOOLEAN DisableWriteBehind
2704 CcSetBcbOwnerPointer (
2706 IN PVOID OwnerPointer
2712 CcSetDirtyPageThreshold (
2713 IN PFILE_OBJECT FileObject
,
2714 IN ULONG DirtyPageThreshold
2720 CcSetDirtyPinnedData (
2722 IN PLARGE_INTEGER Lsn OPTIONAL
2729 IN PFILE_OBJECT FileObject
,
2730 IN PCC_FILE_SIZES FileSizes
2733 typedef VOID (NTAPI
*PFLUSH_TO_LSN
) (
2735 IN LARGE_INTEGER Lsn
2741 CcSetLogHandleForFile (
2742 IN PFILE_OBJECT FileObject
,
2744 IN PFLUSH_TO_LSN FlushToLsnRoutine
2750 CcSetReadAheadGranularity (
2751 IN PFILE_OBJECT FileObject
,
2752 IN ULONG Granularity
/* default: PAGE_SIZE */
2753 /* allowed: 2^n * PAGE_SIZE */
2759 CcUninitializeCacheMap (
2760 IN PFILE_OBJECT FileObject
,
2761 IN PLARGE_INTEGER TruncateSize OPTIONAL
,
2762 IN PCACHE_UNINITIALIZE_EVENT UninitializeCompleteEvent OPTIONAL
2775 CcUnpinDataForThread (
2777 IN ERESOURCE_THREAD ResourceThreadId
2783 CcUnpinRepinnedBcb (
2785 IN BOOLEAN WriteThrough
,
2786 OUT PIO_STATUS_BLOCK IoStatus
2789 #if (VER_PRODUCTBUILD >= 2195)
2794 CcWaitForCurrentLazyWriterActivity (
2798 #endif /* (VER_PRODUCTBUILD >= 2195) */
2804 IN PFILE_OBJECT FileObject
,
2805 IN PLARGE_INTEGER StartOffset
,
2806 IN PLARGE_INTEGER EndOffset
,
2813 ExDisableResourceBoostLite (
2814 IN PERESOURCE Resource
2820 ExQueryPoolBlockSize (
2822 OUT PBOOLEAN QuotaCharged
2825 #if (VER_PRODUCTBUILD >= 2600)
2827 #ifndef __NTOSKRNL__
2831 ExInitializeRundownProtection (
2832 IN PEX_RUNDOWN_REF RunRef
2838 ExReInitializeRundownProtection (
2839 IN PEX_RUNDOWN_REF RunRef
2845 ExAcquireRundownProtection (
2846 IN PEX_RUNDOWN_REF RunRef
2852 ExAcquireRundownProtectionEx (
2853 IN PEX_RUNDOWN_REF RunRef
,
2860 ExReleaseRundownProtection (
2861 IN PEX_RUNDOWN_REF RunRef
2867 ExReleaseRundownProtectionEx (
2868 IN PEX_RUNDOWN_REF RunRef
,
2875 ExRundownCompleted (
2876 IN PEX_RUNDOWN_REF RunRef
2882 ExWaitForRundownProtectionRelease (
2883 IN PEX_RUNDOWN_REF RunRef
2887 #endif /* (VER_PRODUCTBUILD >= 2600) */
2890 #define FsRtlSetupAdvancedHeader( _advhdr, _fmutx ) \
2892 SetFlag( (_advhdr)->Flags, FSRTL_FLAG_ADVANCED_HEADER ); \
2893 SetFlag( (_advhdr)->Flags2, FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS ); \
2894 (_advhdr)->Version = FSRTL_FCB_HEADER_V1; \
2895 InitializeListHead( &(_advhdr)->FilterContexts ); \
2896 if ((_fmutx) != NULL) { \
2897 (_advhdr)->FastMutex = (_fmutx); \
2899 *((PULONG_PTR)(&(_advhdr)->PushLock)) = 0; \
2900 /*ExInitializePushLock( &(_advhdr)->PushLock ); API Not avaliable downlevel*/\
2901 (_advhdr)->FileContextSupportPointer = NULL; \
2907 FsRtlAddBaseMcbEntry (
2911 IN LONGLONG SectorCount
2917 FsRtlAddLargeMcbEntry (
2921 IN LONGLONG SectorCount
2931 IN ULONG SectorCount
2937 FsRtlAddToTunnelCache (
2939 IN ULONGLONG DirectoryKey
,
2940 IN PUNICODE_STRING ShortName
,
2941 IN PUNICODE_STRING LongName
,
2942 IN BOOLEAN KeyByShortName
,
2943 IN ULONG DataLength
,
2947 #if (VER_PRODUCTBUILD >= 2195)
2951 FsRtlAllocateFileLock (
2952 IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL
,
2953 IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL
2956 #endif /* (VER_PRODUCTBUILD >= 2195) */
2962 IN POOL_TYPE PoolType
,
2963 IN ULONG NumberOfBytes
2969 FsRtlAllocatePoolWithQuota (
2970 IN POOL_TYPE PoolType
,
2971 IN ULONG NumberOfBytes
2977 FsRtlAllocatePoolWithQuotaTag (
2978 IN POOL_TYPE PoolType
,
2979 IN ULONG NumberOfBytes
,
2986 FsRtlAllocatePoolWithTag (
2987 IN POOL_TYPE PoolType
,
2988 IN ULONG NumberOfBytes
,
2995 FsRtlAreNamesEqual (
2996 IN PCUNICODE_STRING Name1
,
2997 IN PCUNICODE_STRING Name2
,
2998 IN BOOLEAN IgnoreCase
,
2999 IN PCWCH UpcaseTable OPTIONAL
3002 #define FsRtlAreThereCurrentFileLocks(FL) ( \
3003 ((FL)->FastIoIsQuestionable) \
3007 FsRtlCheckLockForReadAccess:
3009 All this really does is pick out the lock parameters from the irp (io stack
3010 location?), get IoGetRequestorProcess, and pass values on to
3011 FsRtlFastCheckLockForRead.
3016 FsRtlCheckLockForReadAccess (
3017 IN PFILE_LOCK FileLock
,
3022 FsRtlCheckLockForWriteAccess:
3024 All this really does is pick out the lock parameters from the irp (io stack
3025 location?), get IoGetRequestorProcess, and pass values on to
3026 FsRtlFastCheckLockForWrite.
3031 FsRtlCheckLockForWriteAccess (
3032 IN PFILE_LOCK FileLock
,
3038 (NTAPI
*POPLOCK_WAIT_COMPLETE_ROUTINE
) (
3045 (NTAPI
*POPLOCK_FS_PREPOST_IRP
) (
3057 IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL
,
3058 IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL
3065 IN PFILE_OBJECT FileObject
,
3066 IN PLARGE_INTEGER FileOffset
,
3071 OUT PIO_STATUS_BLOCK IoStatus
,
3072 IN PDEVICE_OBJECT DeviceObject
3079 IN PFILE_OBJECT FileObject
,
3080 IN PLARGE_INTEGER FileOffset
,
3085 OUT PIO_STATUS_BLOCK IoStatus
,
3086 IN PDEVICE_OBJECT DeviceObject
3089 #define HEAP_NO_SERIALIZE 0x00000001
3090 #define HEAP_GROWABLE 0x00000002
3091 #define HEAP_GENERATE_EXCEPTIONS 0x00000004
3092 #define HEAP_ZERO_MEMORY 0x00000008
3093 #define HEAP_REALLOC_IN_PLACE_ONLY 0x00000010
3094 #define HEAP_TAIL_CHECKING_ENABLED 0x00000020
3095 #define HEAP_FREE_CHECKING_ENABLED 0x00000040
3096 #define HEAP_DISABLE_COALESCE_ON_FREE 0x00000080
3098 #define HEAP_CREATE_ALIGN_16 0x00010000
3099 #define HEAP_CREATE_ENABLE_TRACING 0x00020000
3100 #define HEAP_CREATE_ENABLE_EXECUTE 0x00040000
3107 IN PVOID HeapBase OPTIONAL
,
3108 IN SIZE_T ReserveSize OPTIONAL
,
3109 IN SIZE_T CommitSize OPTIONAL
,
3110 IN PVOID Lock OPTIONAL
,
3111 IN PRTL_HEAP_PARAMETERS Parameters OPTIONAL
3117 FsRtlCurrentBatchOplock (
3124 FsRtlDeleteKeyFromTunnelCache (
3126 IN ULONGLONG DirectoryKey
3132 FsRtlDeleteTunnelCache (
3139 FsRtlDeregisterUncProvider (
3154 IN ANSI_STRING Name
,
3155 OUT PANSI_STRING FirstPart
,
3156 OUT PANSI_STRING RemainingPart
3163 IN UNICODE_STRING Name
,
3164 OUT PUNICODE_STRING FirstPart
,
3165 OUT PUNICODE_STRING RemainingPart
3171 FsRtlDoesDbcsContainWildCards (
3172 IN PANSI_STRING Name
3178 FsRtlDoesNameContainWildCards (
3179 IN PUNICODE_STRING Name
3185 FsRtlIsFatDbcsLegal (
3186 IN ANSI_STRING DbcsName
,
3187 IN BOOLEAN WildCardsPermissible
,
3188 IN BOOLEAN PathNamePermissible
,
3189 IN BOOLEAN LeadingBackslashPermissible
3193 #define FsRtlCompleteRequest(IRP,STATUS) { \
3194 (IRP)->IoStatus.Status = (STATUS); \
3195 IoCompleteRequest( (IRP), IO_DISK_INCREMENT ); \
3198 #define FsRtlEnterFileSystem KeEnterCriticalRegion
3200 #define FsRtlExitFileSystem KeLeaveCriticalRegion
3205 FsRtlFastCheckLockForRead (
3206 IN PFILE_LOCK FileLock
,
3207 IN PLARGE_INTEGER FileOffset
,
3208 IN PLARGE_INTEGER Length
,
3210 IN PFILE_OBJECT FileObject
,
3217 FsRtlFastCheckLockForWrite (
3218 IN PFILE_LOCK FileLock
,
3219 IN PLARGE_INTEGER FileOffset
,
3220 IN PLARGE_INTEGER Length
,
3222 IN PFILE_OBJECT FileObject
,
3226 #define FsRtlFastLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, A10, A11) ( \
3227 FsRtlPrivateLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, NULL, A10, A11) \
3233 FsRtlFastUnlockAll (
3234 IN PFILE_LOCK FileLock
,
3235 IN PFILE_OBJECT FileObject
,
3236 IN PEPROCESS Process
,
3237 IN PVOID Context OPTIONAL
3239 /* ret: STATUS_RANGE_NOT_LOCKED */
3244 FsRtlFastUnlockAllByKey (
3245 IN PFILE_LOCK FileLock
,
3246 IN PFILE_OBJECT FileObject
,
3247 IN PEPROCESS Process
,
3249 IN PVOID Context OPTIONAL
3251 /* ret: STATUS_RANGE_NOT_LOCKED */
3256 FsRtlFastUnlockSingle (
3257 IN PFILE_LOCK FileLock
,
3258 IN PFILE_OBJECT FileObject
,
3259 IN PLARGE_INTEGER FileOffset
,
3260 IN PLARGE_INTEGER Length
,
3261 IN PEPROCESS Process
,
3263 IN PVOID Context OPTIONAL
,
3264 IN BOOLEAN AlreadySynchronized
3266 /* ret: STATUS_RANGE_NOT_LOCKED */
3271 FsRtlFindInTunnelCache (
3273 IN ULONGLONG DirectoryKey
,
3274 IN PUNICODE_STRING Name
,
3275 OUT PUNICODE_STRING ShortName
,
3276 OUT PUNICODE_STRING LongName
,
3277 IN OUT PULONG DataLength
,
3281 #if (VER_PRODUCTBUILD >= 2195)
3287 IN PFILE_LOCK FileLock
3290 #endif /* (VER_PRODUCTBUILD >= 2195) */
3296 IN PFILE_OBJECT FileObject
,
3297 IN OUT PLARGE_INTEGER FileSize
3303 FsRtlGetNextBaseMcbEntry (
3308 OUT PLONGLONG SectorCount
3312 FsRtlGetNextFileLock:
3314 ret: NULL if no more locks
3317 FsRtlGetNextFileLock uses FileLock->LastReturnedLockInfo and
3318 FileLock->LastReturnedLock as storage.
3319 LastReturnedLock is a pointer to the 'raw' lock inkl. double linked
3320 list, and FsRtlGetNextFileLock needs this to get next lock on subsequent
3321 calls with Restart = FALSE.
3326 FsRtlGetNextFileLock (
3327 IN PFILE_LOCK FileLock
,
3334 FsRtlGetNextLargeMcbEntry (
3339 OUT PLONGLONG SectorCount
3345 FsRtlGetNextMcbEntry (
3350 OUT PULONG SectorCount
3353 #define FsRtlGetPerStreamContextPointer(FO) ( \
3354 (PFSRTL_ADVANCED_FCB_HEADER)(FO)->FsContext \
3360 FsRtlInitializeBaseMcb (
3362 IN POOL_TYPE PoolType
3368 FsRtlInitializeFileLock (
3369 IN PFILE_LOCK FileLock
,
3370 IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL
,
3371 IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL
3377 FsRtlInitializeLargeMcb (
3379 IN POOL_TYPE PoolType
3385 FsRtlInitializeMcb (
3387 IN POOL_TYPE PoolType
3393 FsRtlInitializeOplock (
3394 IN OUT POPLOCK Oplock
3400 FsRtlInitializeTunnelCache (
3404 #define FsRtlInitPerStreamContext(PSC, O, I, FC) ( \
3405 (PSC)->OwnerId = (O), \
3406 (PSC)->InstanceId = (I), \
3407 (PSC)->FreeCallback = (FC) \
3413 FsRtlInsertPerStreamContext (
3414 IN PFSRTL_ADVANCED_FCB_HEADER PerStreamContext
,
3415 IN PFSRTL_PER_STREAM_CONTEXT Ptr
3418 #define FsRtlIsAnsiCharacterLegalFat(C, WILD) ( \
3419 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_FAT_LEGAL) | \
3420 ((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \
3423 #define FsRtlIsAnsiCharacterLegalHpfs(C, WILD) ( \
3424 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_HPFS_LEGAL) | \
3425 ((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \
3428 #define FsRtlIsAnsiCharacterLegalNtfs(C, WILD) ( \
3429 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_NTFS_LEGAL) | \
3430 ((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \
3433 #define FsRtlIsAnsiCharacterWild(C) ( \
3434 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], FSRTL_WILD_CHARACTER ) \
3440 FsRtlIsFatDbcsLegal (
3441 IN ANSI_STRING DbcsName
,
3442 IN BOOLEAN WildCardsPermissible
,
3443 IN BOOLEAN PathNamePermissible
,
3444 IN BOOLEAN LeadingBackslashPermissible
3450 FsRtlIsHpfsDbcsLegal (
3451 IN ANSI_STRING DbcsName
,
3452 IN BOOLEAN WildCardsPermissible
,
3453 IN BOOLEAN PathNamePermissible
,
3454 IN BOOLEAN LeadingBackslashPermissible
3460 FsRtlIsNameInExpression (
3461 IN PUNICODE_STRING Expression
,
3462 IN PUNICODE_STRING Name
,
3463 IN BOOLEAN IgnoreCase
,
3464 IN PWCHAR UpcaseTable OPTIONAL
3470 FsRtlIsNtstatusExpected (
3471 IN NTSTATUS Ntstatus
3474 #define NLS_OEM_LEAD_BYTE_INFO NlsOemLeadByteInfo
3476 extern PUSHORT NlsOemLeadByteInfo
;
3478 #define FsRtlIsLeadDbcsCharacter(DBCS_CHAR) ( \
3479 (BOOLEAN)((UCHAR)(DBCS_CHAR) < 0x80 ? FALSE : \
3480 (NLS_MB_CODE_PAGE_TAG && \
3481 (NLS_OEM_LEAD_BYTE_INFO[(UCHAR)(DBCS_CHAR)] != 0))) \
3484 #define FsRtlIsUnicodeCharacterWild(C) ( \
3487 FlagOn(FsRtlLegalAnsiCharacterArray[(C)], FSRTL_WILD_CHARACTER )) \
3493 FsRtlLookupBaseMcbEntry (
3496 OUT PLONGLONG Lbn OPTIONAL
,
3497 OUT PLONGLONG SectorCountFromLbn OPTIONAL
,
3498 OUT PLONGLONG StartingLbn OPTIONAL
,
3499 OUT PLONGLONG SectorCountFromStartingLbn OPTIONAL
,
3500 OUT PULONG Index OPTIONAL
3506 FsRtlLookupLargeMcbEntry (
3509 OUT PLONGLONG Lbn OPTIONAL
,
3510 OUT PLONGLONG SectorCountFromLbn OPTIONAL
,
3511 OUT PLONGLONG StartingLbn OPTIONAL
,
3512 OUT PLONGLONG SectorCountFromStartingLbn OPTIONAL
,
3513 OUT PULONG Index OPTIONAL
3519 FsRtlLookupLastBaseMcbEntry (
3528 FsRtlLookupLastLargeMcbEntry (
3537 FsRtlLookupLastMcbEntry (
3546 FsRtlLookupLastBaseMcbEntryAndIndex (
3547 IN PBASE_MCB OpaqueMcb
,
3548 IN OUT PLONGLONG LargeVbn
,
3549 IN OUT PLONGLONG LargeLbn
,
3556 FsRtlLookupLastLargeMcbEntryAndIndex (
3557 IN PLARGE_MCB OpaqueMcb
,
3558 OUT PLONGLONG LargeVbn
,
3559 OUT PLONGLONG LargeLbn
,
3566 FsRtlLookupMcbEntry (
3570 OUT PULONG SectorCount OPTIONAL
,
3575 PFSRTL_PER_STREAM_CONTEXT
3577 FsRtlLookupPerStreamContextInternal (
3578 IN PFSRTL_ADVANCED_FCB_HEADER StreamContext
,
3579 IN PVOID OwnerId OPTIONAL
,
3580 IN PVOID InstanceId OPTIONAL
3587 IN PFILE_OBJECT FileObject
,
3588 IN PLARGE_INTEGER FileOffset
,
3592 OUT PIO_STATUS_BLOCK IoStatus
,
3593 IN PDEVICE_OBJECT DeviceObject
3599 FsRtlMdlReadComplete (
3600 IN PFILE_OBJECT FileObject
,
3607 FsRtlMdlReadCompleteDev (
3608 IN PFILE_OBJECT FileObject
,
3610 IN PDEVICE_OBJECT DeviceObject
3616 FsRtlPrepareMdlWriteDev (
3617 IN PFILE_OBJECT FileObject
,
3618 IN PLARGE_INTEGER FileOffset
,
3622 OUT PIO_STATUS_BLOCK IoStatus
,
3623 IN PDEVICE_OBJECT DeviceObject
3629 FsRtlMdlWriteComplete (
3630 IN PFILE_OBJECT FileObject
,
3631 IN PLARGE_INTEGER FileOffset
,
3638 FsRtlMdlWriteCompleteDev (
3639 IN PFILE_OBJECT FileObject
,
3640 IN PLARGE_INTEGER FileOffset
,
3642 IN PDEVICE_OBJECT DeviceObject
3648 FsRtlNormalizeNtstatus (
3649 IN NTSTATUS Exception
,
3650 IN NTSTATUS GenericException
3656 FsRtlNotifyChangeDirectory (
3657 IN PNOTIFY_SYNC NotifySync
,
3659 IN PSTRING FullDirectoryName
,
3660 IN PLIST_ENTRY NotifyList
,
3661 IN BOOLEAN WatchTree
,
3662 IN ULONG CompletionFilter
,
3669 FsRtlNotifyCleanup (
3670 IN PNOTIFY_SYNC NotifySync
,
3671 IN PLIST_ENTRY NotifyList
,
3675 typedef BOOLEAN (NTAPI
*PCHECK_FOR_TRAVERSE_ACCESS
) (
3676 IN PVOID NotifyContext
,
3677 IN PVOID TargetContext
,
3678 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
3684 FsRtlNotifyFilterChangeDirectory (
3685 IN PNOTIFY_SYNC NotifySync
,
3686 IN PLIST_ENTRY NotifyList
,
3688 IN PSTRING FullDirectoryName
,
3689 IN BOOLEAN WatchTree
,
3690 IN BOOLEAN IgnoreBuffer
,
3691 IN ULONG CompletionFilter
,
3693 IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL
,
3694 IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL
,
3695 IN PFILTER_REPORT_CHANGE FilterCallback OPTIONAL
);
3700 FsRtlNotifyFilterReportChange (
3701 IN PNOTIFY_SYNC NotifySync
,
3702 IN PLIST_ENTRY NotifyList
,
3703 IN PSTRING FullTargetName
,
3704 IN USHORT TargetNameOffset
,
3705 IN PSTRING StreamName OPTIONAL
,
3706 IN PSTRING NormalizedParentName OPTIONAL
,
3707 IN ULONG FilterMatch
,
3709 IN PVOID TargetContext
,
3710 IN PVOID FilterContext
);
3715 FsRtlNotifyFullChangeDirectory (
3716 IN PNOTIFY_SYNC NotifySync
,
3717 IN PLIST_ENTRY NotifyList
,
3719 IN PSTRING FullDirectoryName
,
3720 IN BOOLEAN WatchTree
,
3721 IN BOOLEAN IgnoreBuffer
,
3722 IN ULONG CompletionFilter
,
3724 IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL
,
3725 IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL
3731 FsRtlNotifyFullReportChange (
3732 IN PNOTIFY_SYNC NotifySync
,
3733 IN PLIST_ENTRY NotifyList
,
3734 IN PSTRING FullTargetName
,
3735 IN USHORT TargetNameOffset
,
3736 IN PSTRING StreamName OPTIONAL
,
3737 IN PSTRING NormalizedParentName OPTIONAL
,
3738 IN ULONG FilterMatch
,
3740 IN PVOID TargetContext
3746 FsRtlNotifyInitializeSync (
3747 IN PNOTIFY_SYNC
*NotifySync
3753 FsRtlNotifyUninitializeSync (
3754 IN PNOTIFY_SYNC
*NotifySync
3757 #if (VER_PRODUCTBUILD >= 2195)
3762 FsRtlNotifyVolumeEvent (
3763 IN PFILE_OBJECT FileObject
,
3767 #endif /* (VER_PRODUCTBUILD >= 2195) */
3772 FsRtlNumberOfRunsInBaseMcb (
3779 FsRtlNumberOfRunsInLargeMcb (
3786 FsRtlNumberOfRunsInMcb (
3802 FsRtlOplockIsFastIoPossible (
3807 (NTAPI
*PFSRTL_STACK_OVERFLOW_ROUTINE
) (
3815 FsRtlPostPagingFileStackOverflow (
3818 IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine
3824 FsRtlPostStackOverflow (
3827 IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine
3833 ret: IoStatus->Status: STATUS_PENDING, STATUS_LOCK_NOT_GRANTED
3836 -Calls IoCompleteRequest if Irp
3837 -Uses exception handling / ExRaiseStatus with STATUS_INSUFFICIENT_RESOURCES
3843 IN PFILE_LOCK FileLock
,
3844 IN PFILE_OBJECT FileObject
,
3845 IN PLARGE_INTEGER FileOffset
,
3846 IN PLARGE_INTEGER Length
,
3847 IN PEPROCESS Process
,
3849 IN BOOLEAN FailImmediately
,
3850 IN BOOLEAN ExclusiveLock
,
3851 OUT PIO_STATUS_BLOCK IoStatus
,
3852 IN PIRP Irp OPTIONAL
,
3854 IN BOOLEAN AlreadySynchronized
3858 FsRtlProcessFileLock:
3861 -STATUS_INVALID_DEVICE_REQUEST
3862 -STATUS_RANGE_NOT_LOCKED from unlock routines.
3863 -STATUS_PENDING, STATUS_LOCK_NOT_GRANTED from FsRtlPrivateLock
3864 (redirected IoStatus->Status).
3867 -switch ( Irp->CurrentStackLocation->MinorFunction )
3868 lock: return FsRtlPrivateLock;
3869 unlocksingle: return FsRtlFastUnlockSingle;
3870 unlockall: return FsRtlFastUnlockAll;
3871 unlockallbykey: return FsRtlFastUnlockAllByKey;
3872 default: IofCompleteRequest with STATUS_INVALID_DEVICE_REQUEST;
3873 return STATUS_INVALID_DEVICE_REQUEST;
3875 -'AllwaysZero' is passed thru as 'AllwaysZero' to lock / unlock routines.
3876 -'Irp' is passet thru as 'Irp' to FsRtlPrivateLock.
3881 FsRtlProcessFileLock (
3882 IN PFILE_LOCK FileLock
,
3884 IN PVOID Context OPTIONAL
3890 FsRtlRegisterUncProvider (
3891 IN OUT PHANDLE MupHandle
,
3892 IN PUNICODE_STRING RedirectorDeviceName
,
3893 IN BOOLEAN MailslotsSupported
3899 FsRtlRemoveBaseMcbEntry (
3902 IN LONGLONG SectorCount
3908 FsRtlRemoveLargeMcbEntry (
3911 IN LONGLONG SectorCount
3917 FsRtlRemoveMcbEntry (
3920 IN ULONG SectorCount
3924 PFSRTL_PER_STREAM_CONTEXT
3926 FsRtlRemovePerStreamContext (
3927 IN PFSRTL_ADVANCED_FCB_HEADER StreamContext
,
3928 IN PVOID OwnerId OPTIONAL
,
3929 IN PVOID InstanceId OPTIONAL
3942 FsRtlResetLargeMcb (
3944 IN BOOLEAN SelfSynchronized
3959 FsRtlSplitLargeMcb (
3965 #define FsRtlSupportsPerStreamContexts(FO) ( \
3966 (BOOLEAN)((NULL != FsRtlGetPerStreamContextPointer(FO) && \
3967 FlagOn(FsRtlGetPerStreamContextPointer(FO)->Flags2, \
3968 FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS)) \
3974 FsRtlTruncateBaseMcb (
3982 FsRtlTruncateLargeMcb (
3998 FsRtlUninitializeBaseMcb (
4005 FsRtlUninitializeFileLock (
4006 IN PFILE_LOCK FileLock
4012 FsRtlUninitializeLargeMcb (
4019 FsRtlUninitializeMcb (
4026 FsRtlUninitializeOplock (
4027 IN OUT POPLOCK Oplock
4033 KeSetIdealProcessorThread(
4034 IN OUT PKTHREAD Thread
,
4041 IoAttachDeviceToDeviceStackSafe(
4042 IN PDEVICE_OBJECT SourceDevice
,
4043 IN PDEVICE_OBJECT TargetDevice
,
4044 OUT PDEVICE_OBJECT
*AttachedToDeviceObject
4050 IoAcquireVpbSpinLock (
4057 IoCheckDesiredAccess (
4058 IN OUT PACCESS_MASK DesiredAccess
,
4059 IN ACCESS_MASK GrantedAccess
4065 IoCheckEaBufferValidity (
4066 IN PFILE_FULL_EA_INFORMATION EaBuffer
,
4068 OUT PULONG ErrorOffset
4074 IoCheckFunctionAccess (
4075 IN ACCESS_MASK GrantedAccess
,
4076 IN UCHAR MajorFunction
,
4077 IN UCHAR MinorFunction
,
4078 IN ULONG IoControlCode
,
4079 IN PVOID Argument1 OPTIONAL
,
4080 IN PVOID Argument2 OPTIONAL
4083 #if (VER_PRODUCTBUILD >= 2195)
4088 IoCheckQuotaBufferValidity (
4089 IN PFILE_QUOTA_INFORMATION QuotaBuffer
,
4090 IN ULONG QuotaLength
,
4091 OUT PULONG ErrorOffset
4094 #endif /* (VER_PRODUCTBUILD >= 2195) */
4099 IoCreateStreamFileObject (
4100 IN PFILE_OBJECT FileObject OPTIONAL
,
4101 IN PDEVICE_OBJECT DeviceObject OPTIONAL
4104 #if (VER_PRODUCTBUILD >= 2195)
4109 IoCreateStreamFileObjectLite (
4110 IN PFILE_OBJECT FileObject OPTIONAL
,
4111 IN PDEVICE_OBJECT DeviceObject OPTIONAL
4114 #endif /* (VER_PRODUCTBUILD >= 2195) */
4119 IoFastQueryNetworkAttributes (
4120 IN POBJECT_ATTRIBUTES ObjectAttributes
,
4121 IN ACCESS_MASK DesiredAccess
,
4122 IN ULONG OpenOptions
,
4123 OUT PIO_STATUS_BLOCK IoStatus
,
4124 OUT PFILE_NETWORK_OPEN_INFORMATION Buffer
4130 IoGetAttachedDevice (
4131 IN PDEVICE_OBJECT DeviceObject
4137 IoGetBaseFileSystemDeviceObject (
4138 IN PFILE_OBJECT FileObject
4141 #if (VER_PRODUCTBUILD >= 2600)
4146 IoGetDeviceAttachmentBaseRef (
4147 IN PDEVICE_OBJECT DeviceObject
4153 IoGetDiskDeviceObject (
4154 IN PDEVICE_OBJECT FileSystemDeviceObject
,
4155 OUT PDEVICE_OBJECT
*DiskDeviceObject
4161 IoGetLowerDeviceObject (
4162 IN PDEVICE_OBJECT DeviceObject
4165 #endif /* (VER_PRODUCTBUILD >= 2600) */
4170 IoGetRequestorProcess (
4174 #if (VER_PRODUCTBUILD >= 2195)
4179 IoGetRequestorProcessId (
4183 #endif /* (VER_PRODUCTBUILD >= 2195) */
4192 #define IoIsFileOpenedExclusively(FileObject) ( \
4194 (FileObject)->SharedRead || \
4195 (FileObject)->SharedWrite || \
4196 (FileObject)->SharedDelete \
4203 IoIsOperationSynchronous (
4214 #if (VER_PRODUCTBUILD >= 2195)
4219 IoIsValidNameGraftingBuffer (
4221 IN PREPARSE_DATA_BUFFER ReparseBuffer
4224 #endif /* (VER_PRODUCTBUILD >= 2195) */
4230 IN PFILE_OBJECT FileObject
,
4232 IN PLARGE_INTEGER Offset
,
4234 OUT PIO_STATUS_BLOCK IoStatusBlock
4240 IoQueryFileInformation (
4241 IN PFILE_OBJECT FileObject
,
4242 IN FILE_INFORMATION_CLASS FileInformationClass
,
4244 OUT PVOID FileInformation
,
4245 OUT PULONG ReturnedLength
4251 IoQueryVolumeInformation (
4252 IN PFILE_OBJECT FileObject
,
4253 IN FS_INFORMATION_CLASS FsInformationClass
,
4255 OUT PVOID FsInformation
,
4256 OUT PULONG ReturnedLength
4269 IoRegisterFileSystem (
4270 IN OUT PDEVICE_OBJECT DeviceObject
4273 #if (VER_PRODUCTBUILD >= 1381)
4275 typedef VOID (NTAPI
*PDRIVER_FS_NOTIFICATION
) (
4276 IN PDEVICE_OBJECT DeviceObject
,
4277 IN BOOLEAN DriverActive
4283 IoRegisterFsRegistrationChange (
4284 IN PDRIVER_OBJECT DriverObject
,
4285 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
4288 #endif /* (VER_PRODUCTBUILD >= 1381) */
4293 IoReleaseVpbSpinLock (
4300 IoSetDeviceToVerify (
4302 IN PDEVICE_OBJECT DeviceObject
4309 IN PFILE_OBJECT FileObject
,
4310 IN FILE_INFORMATION_CLASS FileInformationClass
,
4312 IN PVOID FileInformation
4325 IoSynchronousPageWrite (
4326 IN PFILE_OBJECT FileObject
,
4328 IN PLARGE_INTEGER FileOffset
,
4330 OUT PIO_STATUS_BLOCK IoStatusBlock
4343 IoUnregisterFileSystem (
4344 IN OUT PDEVICE_OBJECT DeviceObject
4347 #if (VER_PRODUCTBUILD >= 1381)
4352 IoUnregisterFsRegistrationChange (
4353 IN PDRIVER_OBJECT DriverObject
,
4354 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
4357 #endif /* (VER_PRODUCTBUILD >= 1381) */
4363 IN PDEVICE_OBJECT DeviceObject
,
4364 IN BOOLEAN AllowRawMount
4367 #if !defined (_M_AMD64)
4372 KeAcquireQueuedSpinLock (
4373 IN KSPIN_LOCK_QUEUE_NUMBER Number
4379 KeReleaseQueuedSpinLock (
4380 IN KSPIN_LOCK_QUEUE_NUMBER Number
,
4387 KeAcquireSpinLockRaiseToSynch(
4388 IN OUT PKSPIN_LOCK SpinLock
4394 KeTryToAcquireQueuedSpinLock(
4395 KSPIN_LOCK_QUEUE_NUMBER Number
,
4403 KeAcquireQueuedSpinLock (
4404 IN KSPIN_LOCK_QUEUE_NUMBER Number
4410 KeReleaseQueuedSpinLock (
4411 IN KSPIN_LOCK_QUEUE_NUMBER Number
,
4417 KeAcquireSpinLockRaiseToSynch(
4418 IN OUT PKSPIN_LOCK SpinLock
4423 KeTryToAcquireQueuedSpinLock(
4424 KSPIN_LOCK_QUEUE_NUMBER Number
,
4433 IN PKPROCESS Process
4448 IN ULONG Count OPTIONAL
4456 IN PLIST_ENTRY Entry
4464 IN PLIST_ENTRY Entry
4479 IN KPROCESSOR_MODE WaitMode
,
4480 IN PLARGE_INTEGER Timeout OPTIONAL
4493 KeInitializeMutant (
4494 IN PRKMUTANT Mutant
,
4495 IN BOOLEAN InitialOwner
4509 IN PRKMUTANT Mutant
,
4510 IN KPRIORITY Increment
,
4511 IN BOOLEAN Abandoned
,
4515 #if (VER_PRODUCTBUILD >= 2195)
4520 KeStackAttachProcess (
4521 IN PKPROCESS Process
,
4522 OUT PKAPC_STATE ApcState
4528 KeUnstackDetachProcess (
4529 IN PKAPC_STATE ApcState
4532 #endif /* (VER_PRODUCTBUILD >= 2195) */
4537 KeSetKernelStackSwapEnable(
4544 MmCanFileBeTruncated (
4545 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
4546 IN PLARGE_INTEGER NewFileSize
4552 MmFlushImageSection (
4553 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
4554 IN MMFLUSH_TYPE FlushType
4560 MmForceSectionClosed (
4561 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
4562 IN BOOLEAN DelayClose
4565 #if (VER_PRODUCTBUILD >= 1381)
4570 MmIsRecursiveIoFault (
4576 #define MmIsRecursiveIoFault() ( \
4577 (PsGetCurrentThread()->DisablePageFaultClustering) | \
4578 (PsGetCurrentThread()->ForwardClusterOnly) \
4587 MmSetAddressRangeModified (
4596 IN KPROCESSOR_MODE ObjectAttributesAccessMode OPTIONAL
,
4597 IN POBJECT_TYPE ObjectType
,
4598 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
4599 IN KPROCESSOR_MODE AccessMode
,
4600 IN OUT PVOID ParseContext OPTIONAL
,
4601 IN ULONG ObjectSize
,
4602 IN ULONG PagedPoolCharge OPTIONAL
,
4603 IN ULONG NonPagedPoolCharge OPTIONAL
,
4610 ObGetObjectPointerCount (
4614 #if (NTDDI_VERSION >= NTDDI_WIN2K)
4621 IN PACCESS_STATE PassedAccessState OPTIONAL
,
4622 IN ACCESS_MASK DesiredAccess OPTIONAL
,
4623 IN ULONG ObjectPointerBias
,
4624 OUT PVOID
*NewObject OPTIONAL
,
4625 OUT PHANDLE Handle OPTIONAL
);
4630 ObOpenObjectByPointer (
4632 IN ULONG HandleAttributes
,
4633 IN PACCESS_STATE PassedAccessState OPTIONAL
,
4634 IN ACCESS_MASK DesiredAccess OPTIONAL
,
4635 IN POBJECT_TYPE ObjectType OPTIONAL
,
4636 IN KPROCESSOR_MODE AccessMode
,
4637 OUT PHANDLE Handle
);
4642 ObMakeTemporaryObject (
4648 ObQueryObjectAuditingByHandle (
4650 OUT PBOOLEAN GenerateOnClose
);
4659 OUT POBJECT_NAME_INFORMATION ObjectNameInfo
,
4661 OUT PULONG ReturnLength
4667 ObReferenceObjectByName (
4668 IN PUNICODE_STRING ObjectName
,
4669 IN ULONG Attributes
,
4670 IN PACCESS_STATE PassedAccessState OPTIONAL
,
4671 IN ACCESS_MASK DesiredAccess OPTIONAL
,
4672 IN POBJECT_TYPE ObjectType
,
4673 IN KPROCESSOR_MODE AccessMode
,
4674 IN OUT PVOID ParseContext OPTIONAL
,
4681 PsAssignImpersonationToken (
4690 IN PEPROCESS Process
,
4691 IN POOL_TYPE PoolType
,
4698 PsChargeProcessPoolQuota (
4699 IN PEPROCESS Process
,
4700 IN POOL_TYPE PoolType
,
4704 #define PsDereferenceImpersonationToken(T) \
4705 {if (ARGUMENT_PRESENT(T)) { \
4706 (ObDereferenceObject((T))); \
4712 #define PsDereferencePrimaryToken(T) (ObDereferenceObject((T)))
4717 PsDisableImpersonation(
4719 IN PSE_IMPERSONATION_STATE ImpersonationState
4725 PsGetProcessExitTime (
4732 PsImpersonateClient(
4734 IN PACCESS_TOKEN Token
,
4735 IN BOOLEAN CopyOnOpen
,
4736 IN BOOLEAN EffectiveOnly
,
4737 IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
4750 PsIsThreadTerminating (
4757 PsLookupProcessByProcessId (
4758 IN HANDLE ProcessId
,
4759 OUT PEPROCESS
*Process
4765 PsLookupProcessThreadByCid (
4767 OUT PEPROCESS
*Process OPTIONAL
,
4768 OUT PETHREAD
*Thread
4774 PsLookupThreadByThreadId (
4775 IN HANDLE UniqueThreadId
,
4776 OUT PETHREAD
*Thread
4782 PsReferenceImpersonationToken (
4784 OUT PBOOLEAN CopyOnUse
,
4785 OUT PBOOLEAN EffectiveOnly
,
4786 OUT PSECURITY_IMPERSONATION_LEVEL Level
4792 PsReferencePrimaryToken (
4793 IN PEPROCESS Process
4799 PsRestoreImpersonation(
4801 IN PSE_IMPERSONATION_STATE ImpersonationState
4808 IN PEPROCESS Process
,
4809 IN POOL_TYPE PoolType
,
4823 RtlAbsoluteToSelfRelativeSD (
4824 IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor
,
4825 IN OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor
,
4826 IN PULONG BufferLength
4833 IN HANDLE HeapHandle
,
4841 RtlAppendStringToString(
4842 PSTRING Destination
,
4843 const STRING
*Source
4849 RtlCaptureStackBackTrace (
4850 IN ULONG FramesToSkip
,
4851 IN ULONG FramesToCapture
,
4852 OUT PVOID
*BackTrace
,
4853 OUT PULONG BackTraceHash OPTIONAL
4859 RtlCompareMemoryUlong (
4869 IN USHORT CompressionFormatAndEngine
,
4870 IN PUCHAR UncompressedBuffer
,
4871 IN ULONG UncompressedBufferSize
,
4872 OUT PUCHAR CompressedBuffer
,
4873 IN ULONG CompressedBufferSize
,
4874 IN ULONG UncompressedChunkSize
,
4875 OUT PULONG FinalCompressedSize
,
4883 IN PUCHAR UncompressedBuffer
,
4884 IN ULONG UncompressedBufferSize
,
4885 OUT PUCHAR CompressedBuffer
,
4886 IN ULONG CompressedBufferSize
,
4887 IN OUT PCOMPRESSED_DATA_INFO CompressedDataInfo
,
4888 IN ULONG CompressedDataInfoLength
,
4895 RtlConvertSidToUnicodeString (
4896 OUT PUNICODE_STRING DestinationString
,
4898 IN BOOLEAN AllocateDestinationString
4906 IN PSID Destination
,
4913 RtlCreateUnicodeString(
4914 PUNICODE_STRING DestinationString
,
4921 RtlDecompressBuffer (
4922 IN USHORT CompressionFormat
,
4923 OUT PUCHAR UncompressedBuffer
,
4924 IN ULONG UncompressedBufferSize
,
4925 IN PUCHAR CompressedBuffer
,
4926 IN ULONG CompressedBufferSize
,
4927 OUT PULONG FinalUncompressedSize
4933 RtlDecompressChunks (
4934 OUT PUCHAR UncompressedBuffer
,
4935 IN ULONG UncompressedBufferSize
,
4936 IN PUCHAR CompressedBuffer
,
4937 IN ULONG CompressedBufferSize
,
4938 IN PUCHAR CompressedTail
,
4939 IN ULONG CompressedTailSize
,
4940 IN PCOMPRESSED_DATA_INFO CompressedDataInfo
4946 RtlDecompressFragment (
4947 IN USHORT CompressionFormat
,
4948 OUT PUCHAR UncompressedFragment
,
4949 IN ULONG UncompressedFragmentSize
,
4950 IN PUCHAR CompressedBuffer
,
4951 IN ULONG CompressedBufferSize
,
4952 IN ULONG FragmentOffset
,
4953 OUT PULONG FinalUncompressedSize
,
4961 IN USHORT CompressionFormat
,
4962 IN OUT PUCHAR
*CompressedBuffer
,
4963 IN PUCHAR EndOfCompressedBufferPlus1
,
4964 OUT PUCHAR
*ChunkBuffer
,
4965 OUT PULONG ChunkSize
4971 RtlDowncaseUnicodeString(
4972 IN OUT PUNICODE_STRING UniDest
,
4973 IN PCUNICODE_STRING UniSource
,
4974 IN BOOLEAN AllocateDestinationString
4980 RtlDuplicateUnicodeString(
4982 IN PCUNICODE_STRING SourceString
,
4983 OUT PUNICODE_STRING DestinationString
4997 RtlFillMemoryUlong (
4998 IN PVOID Destination
,
5007 IN HANDLE HeapHandle
,
5016 IN POEM_STRING OemString
5022 RtlGenerate8dot3Name (
5023 IN PUNICODE_STRING Name
,
5024 IN BOOLEAN AllowExtendedCharacters
,
5025 IN OUT PGENERATE_NAME_CONTEXT Context
,
5026 OUT PUNICODE_STRING Name8dot3
5032 RtlGetCompressionWorkSpaceSize (
5033 IN USHORT CompressionFormatAndEngine
,
5034 OUT PULONG CompressBufferWorkSpaceSize
,
5035 OUT PULONG CompressFragmentWorkSpaceSize
5041 RtlGetDaclSecurityDescriptor (
5042 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5043 OUT PBOOLEAN DaclPresent
,
5045 OUT PBOOLEAN DaclDefaulted
5051 RtlGetGroupSecurityDescriptor (
5052 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5054 OUT PBOOLEAN GroupDefaulted
5060 RtlGetOwnerSecurityDescriptor (
5061 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5063 OUT PBOOLEAN OwnerDefaulted
5071 IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority
,
5072 IN UCHAR SubAuthorityCount
5078 RtlIsNameLegalDOS8Dot3(
5079 IN PCUNICODE_STRING Name
,
5080 IN OUT POEM_STRING OemName OPTIONAL
,
5081 IN OUT PBOOLEAN NameContainsSpaces OPTIONAL
5087 RtlLengthRequiredSid (
5088 IN ULONG SubAuthorityCount
5101 RtlNtStatusToDosError (
5108 RtlxUnicodeStringToOemSize(
5109 PCUNICODE_STRING UnicodeString
5115 RtlxOemStringToUnicodeSize(
5116 PCOEM_STRING OemString
5119 #define RtlOemStringToUnicodeSize(STRING) ( \
5120 NLS_MB_OEM_CODE_PAGE_TAG ? \
5121 RtlxOemStringToUnicodeSize(STRING) : \
5122 ((STRING)->Length + sizeof(ANSI_NULL)) * sizeof(WCHAR) \
5125 #define RtlOemStringToCountedUnicodeSize(STRING) ( \
5126 (ULONG)(RtlOemStringToUnicodeSize(STRING) - sizeof(UNICODE_NULL)) \
5133 RtlOemStringToUnicodeString(
5134 IN OUT PUNICODE_STRING DestinationString
,
5135 IN PCOEM_STRING SourceString
,
5136 IN BOOLEAN AllocateDestinationString
5142 RtlUnicodeStringToOemString(
5143 IN OUT POEM_STRING DestinationString
,
5144 IN PCUNICODE_STRING SourceString
,
5145 IN BOOLEAN AllocateDestinationString
5151 RtlOemStringToCountedUnicodeString(
5152 IN OUT PUNICODE_STRING DestinationString
,
5153 IN PCOEM_STRING SourceString
,
5154 IN BOOLEAN AllocateDestinationString
5160 RtlUnicodeStringToCountedOemString(
5161 IN OUT POEM_STRING DestinationString
,
5162 IN PCUNICODE_STRING SourceString
,
5163 IN BOOLEAN AllocateDestinationString
5170 IN USHORT CompressionFormat
,
5171 IN OUT PUCHAR
*CompressedBuffer
,
5172 IN PUCHAR EndOfCompressedBufferPlus1
,
5173 OUT PUCHAR
*ChunkBuffer
,
5180 RtlSecondsSince1970ToTime (
5181 IN ULONG SecondsSince1970
,
5182 OUT PLARGE_INTEGER Time
5188 RtlSetGroupSecurityDescriptor (
5189 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
5191 IN BOOLEAN GroupDefaulted
5197 RtlSetOwnerSecurityDescriptor (
5198 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
5200 IN BOOLEAN OwnerDefaulted
5206 RtlSetSaclSecurityDescriptor (
5207 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
5208 IN BOOLEAN SaclPresent
,
5210 IN BOOLEAN SaclDefaulted
5216 RtlSubAuthorityCountSid (
5223 RtlSubAuthoritySid (
5225 IN ULONG SubAuthority
5231 RtlUnicodeStringToCountedOemString (
5232 IN OUT POEM_STRING DestinationString
,
5233 IN PCUNICODE_STRING SourceString
,
5234 IN BOOLEAN AllocateDestinationString
5240 RtlUnicodeToMultiByteN(
5241 OUT PCHAR MultiByteString
,
5242 IN ULONG MaxBytesInMultiByteString
,
5243 OUT PULONG BytesInMultiByteString OPTIONAL
,
5244 IN PWCH UnicodeString
,
5245 IN ULONG BytesInUnicodeString
5252 OUT PWSTR UnicodeString
,
5253 IN ULONG MaxBytesInUnicodeString
,
5254 OUT PULONG BytesInUnicodeString OPTIONAL
,
5256 IN ULONG BytesInOemString
5259 /* RTL Splay Tree Functions */
5263 RtlSplay(PRTL_SPLAY_LINKS Links
);
5268 RtlDelete(PRTL_SPLAY_LINKS Links
);
5274 PRTL_SPLAY_LINKS Links
,
5275 PRTL_SPLAY_LINKS
*Root
5281 RtlSubtreeSuccessor(PRTL_SPLAY_LINKS Links
);
5286 RtlSubtreePredecessor(PRTL_SPLAY_LINKS Links
);
5291 RtlRealSuccessor(PRTL_SPLAY_LINKS Links
);
5296 RtlRealPredecessor(PRTL_SPLAY_LINKS Links
);
5298 #define RtlIsLeftChild(Links) \
5299 (RtlLeftChild(RtlParent(Links)) == (PRTL_SPLAY_LINKS)(Links))
5301 #define RtlIsRightChild(Links) \
5302 (RtlRightChild(RtlParent(Links)) == (PRTL_SPLAY_LINKS)(Links))
5304 #define RtlRightChild(Links) \
5305 ((PRTL_SPLAY_LINKS)(Links))->RightChild
5307 #define RtlIsRoot(Links) \
5308 (RtlParent(Links) == (PRTL_SPLAY_LINKS)(Links))
5310 #define RtlLeftChild(Links) \
5311 ((PRTL_SPLAY_LINKS)(Links))->LeftChild
5313 #define RtlParent(Links) \
5314 ((PRTL_SPLAY_LINKS)(Links))->Parent
5316 #define RtlInitializeSplayLinks(Links) \
5318 PRTL_SPLAY_LINKS _SplayLinks; \
5319 _SplayLinks = (PRTL_SPLAY_LINKS)(Links); \
5320 _SplayLinks->Parent = _SplayLinks; \
5321 _SplayLinks->LeftChild = NULL; \
5322 _SplayLinks->RightChild = NULL; \
5325 #define RtlInsertAsLeftChild(ParentLinks,ChildLinks) \
5327 PRTL_SPLAY_LINKS _SplayParent; \
5328 PRTL_SPLAY_LINKS _SplayChild; \
5329 _SplayParent = (PRTL_SPLAY_LINKS)(ParentLinks); \
5330 _SplayChild = (PRTL_SPLAY_LINKS)(ChildLinks); \
5331 _SplayParent->LeftChild = _SplayChild; \
5332 _SplayChild->Parent = _SplayParent; \
5335 #define RtlInsertAsRightChild(ParentLinks,ChildLinks) \
5337 PRTL_SPLAY_LINKS _SplayParent; \
5338 PRTL_SPLAY_LINKS _SplayChild; \
5339 _SplayParent = (PRTL_SPLAY_LINKS)(ParentLinks); \
5340 _SplayChild = (PRTL_SPLAY_LINKS)(ChildLinks); \
5341 _SplayParent->RightChild = _SplayChild; \
5342 _SplayChild->Parent = _SplayParent; \
5353 // RTL time functions
5359 RtlTimeToSecondsSince1980 (
5360 PLARGE_INTEGER Time
,
5361 PULONG ElapsedSeconds
5367 RtlSecondsSince1980ToTime (
5368 ULONG ElapsedSeconds
,
5375 RtlTimeToSecondsSince1970 (
5376 PLARGE_INTEGER Time
,
5377 PULONG ElapsedSeconds
5383 RtlSecondsSince1970ToTime (
5384 ULONG ElapsedSeconds
,
5391 SeAppendPrivileges (
5392 PACCESS_STATE AccessState
,
5393 PPRIVILEGE_SET Privileges
5399 SeAuditingFileEvents (
5400 IN BOOLEAN AccessGranted
,
5401 IN PSECURITY_DESCRIPTOR SecurityDescriptor
5407 SeAuditingFileOrGlobalEvents (
5408 IN BOOLEAN AccessGranted
,
5409 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5410 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
5416 SeCaptureSubjectContext (
5417 OUT PSECURITY_SUBJECT_CONTEXT SubjectContext
5423 SeCreateClientSecurity (
5425 IN PSECURITY_QUALITY_OF_SERVICE QualityOfService
,
5426 IN BOOLEAN RemoteClient
,
5427 OUT PSECURITY_CLIENT_CONTEXT ClientContext
5430 #if (VER_PRODUCTBUILD >= 2195)
5435 SeCreateClientSecurityFromSubjectContext (
5436 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
,
5437 IN PSECURITY_QUALITY_OF_SERVICE QualityOfService
,
5438 IN BOOLEAN ServerIsRemote
,
5439 OUT PSECURITY_CLIENT_CONTEXT ClientContext
5442 #endif /* (VER_PRODUCTBUILD >= 2195) */
5445 #define SeLengthSid( Sid ) \
5446 (8 + (4 * ((SID *)Sid)->SubAuthorityCount))
5448 #define SeDeleteClientSecurity(C) { \
5449 if (SeTokenType((C)->ClientToken) == TokenPrimary) { \
5450 PsDereferencePrimaryToken( (C)->ClientToken ); \
5452 PsDereferenceImpersonationToken( (C)->ClientToken ); \
5459 SeDeleteObjectAuditAlarm (
5464 #define SeEnableAccessToExports() SeExports = *(PSE_EXPORTS *)SeExports;
5470 IN PPRIVILEGE_SET Privileges
5476 SeImpersonateClient (
5477 IN PSECURITY_CLIENT_CONTEXT ClientContext
,
5478 IN PETHREAD ServerThread OPTIONAL
5481 #if (VER_PRODUCTBUILD >= 2195)
5486 SeImpersonateClientEx (
5487 IN PSECURITY_CLIENT_CONTEXT ClientContext
,
5488 IN PETHREAD ServerThread OPTIONAL
5491 #endif /* (VER_PRODUCTBUILD >= 2195) */
5496 SeLockSubjectContext (
5497 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
5503 SeMarkLogonSessionForTerminationNotification (
5510 SeOpenObjectAuditAlarm (
5511 IN PUNICODE_STRING ObjectTypeName
,
5512 IN PVOID Object OPTIONAL
,
5513 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL
,
5514 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5515 IN PACCESS_STATE AccessState
,
5516 IN BOOLEAN ObjectCreated
,
5517 IN BOOLEAN AccessGranted
,
5518 IN KPROCESSOR_MODE AccessMode
,
5519 OUT PBOOLEAN GenerateOnClose
5525 SeOpenObjectForDeleteAuditAlarm (
5526 IN PUNICODE_STRING ObjectTypeName
,
5527 IN PVOID Object OPTIONAL
,
5528 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL
,
5529 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5530 IN PACCESS_STATE AccessState
,
5531 IN BOOLEAN ObjectCreated
,
5532 IN BOOLEAN AccessGranted
,
5533 IN KPROCESSOR_MODE AccessMode
,
5534 OUT PBOOLEAN GenerateOnClose
5541 IN OUT PPRIVILEGE_SET RequiredPrivileges
,
5542 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
,
5543 IN KPROCESSOR_MODE AccessMode
5549 SeQueryAuthenticationIdToken (
5550 IN PACCESS_TOKEN Token
,
5554 #if (VER_PRODUCTBUILD >= 2195)
5559 SeQueryInformationToken (
5560 IN PACCESS_TOKEN Token
,
5561 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
5562 OUT PVOID
*TokenInformation
5565 #endif /* (VER_PRODUCTBUILD >= 2195) */
5570 SeQuerySecurityDescriptorInfo (
5571 IN PSECURITY_INFORMATION SecurityInformation
,
5572 OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
5573 IN OUT PULONG Length
,
5574 IN PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
5577 #if (VER_PRODUCTBUILD >= 2195)
5582 SeQuerySessionIdToken (
5583 IN PACCESS_TOKEN Token
,
5587 #endif /* (VER_PRODUCTBUILD >= 2195) */
5589 #define SeQuerySubjectContextToken( SubjectContext ) \
5590 ( ARGUMENT_PRESENT( \
5591 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken \
5593 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken : \
5594 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->PrimaryToken )
5596 typedef NTSTATUS (NTAPI
*PSE_LOGON_SESSION_TERMINATED_ROUTINE
) (
5603 SeRegisterLogonSessionTerminatedRoutine (
5604 IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
5610 SeReleaseSubjectContext (
5611 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
5617 SeSetAccessStateGenericMapping (
5618 PACCESS_STATE AccessState
,
5619 PGENERIC_MAPPING GenericMapping
5625 SeSetSecurityDescriptorInfo (
5626 IN PVOID Object OPTIONAL
,
5627 IN PSECURITY_INFORMATION SecurityInformation
,
5628 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5629 IN OUT PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
,
5630 IN POOL_TYPE PoolType
,
5631 IN PGENERIC_MAPPING GenericMapping
5634 #if (VER_PRODUCTBUILD >= 2195)
5639 SeSetSecurityDescriptorInfoEx (
5640 IN PVOID Object OPTIONAL
,
5641 IN PSECURITY_INFORMATION SecurityInformation
,
5642 IN PSECURITY_DESCRIPTOR ModificationDescriptor
,
5643 IN OUT PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
,
5644 IN ULONG AutoInheritFlags
,
5645 IN POOL_TYPE PoolType
,
5646 IN PGENERIC_MAPPING GenericMapping
5653 IN PACCESS_TOKEN Token
5659 SeTokenIsRestricted (
5660 IN PACCESS_TOKEN Token
5666 SeLocateProcessImageName(
5667 IN PEPROCESS Process
,
5668 OUT PUNICODE_STRING
*pImageFileName
5671 #endif /* (VER_PRODUCTBUILD >= 2195) */
5677 IN PACCESS_TOKEN Token
5683 SeUnlockSubjectContext (
5684 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
5690 SeUnregisterLogonSessionTerminatedRoutine (
5691 IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
5694 #if (VER_PRODUCTBUILD >= 2195)
5699 ZwAdjustPrivilegesToken (
5700 IN HANDLE TokenHandle
,
5701 IN BOOLEAN DisableAllPrivileges
,
5702 IN PTOKEN_PRIVILEGES NewState
,
5703 IN ULONG BufferLength
,
5704 OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL
,
5705 OUT PULONG ReturnLength
5708 #endif /* (VER_PRODUCTBUILD >= 2195) */
5714 IN HANDLE ThreadHandle
5720 ZwAllocateVirtualMemory (
5721 IN HANDLE ProcessHandle
,
5722 IN OUT PVOID
*BaseAddress
,
5723 IN ULONG_PTR ZeroBits
,
5724 IN OUT PSIZE_T RegionSize
,
5725 IN ULONG AllocationType
,
5731 NtAccessCheckByTypeAndAuditAlarm(
5732 IN PUNICODE_STRING SubsystemName
,
5734 IN PUNICODE_STRING ObjectTypeName
,
5735 IN PUNICODE_STRING ObjectName
,
5736 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5737 IN PSID PrincipalSelfSid
,
5738 IN ACCESS_MASK DesiredAccess
,
5739 IN AUDIT_EVENT_TYPE AuditType
,
5741 IN POBJECT_TYPE_LIST ObjectTypeList
,
5742 IN ULONG ObjectTypeLength
,
5743 IN PGENERIC_MAPPING GenericMapping
,
5744 IN BOOLEAN ObjectCreation
,
5745 OUT PACCESS_MASK GrantedAccess
,
5746 OUT PNTSTATUS AccessStatus
,
5747 OUT PBOOLEAN GenerateOnClose
5752 NtAccessCheckByTypeResultListAndAuditAlarm(
5753 IN PUNICODE_STRING SubsystemName
,
5755 IN PUNICODE_STRING ObjectTypeName
,
5756 IN PUNICODE_STRING ObjectName
,
5757 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5758 IN PSID PrincipalSelfSid
,
5759 IN ACCESS_MASK DesiredAccess
,
5760 IN AUDIT_EVENT_TYPE AuditType
,
5762 IN POBJECT_TYPE_LIST ObjectTypeList
,
5763 IN ULONG ObjectTypeLength
,
5764 IN PGENERIC_MAPPING GenericMapping
,
5765 IN BOOLEAN ObjectCreation
,
5766 OUT PACCESS_MASK GrantedAccess
,
5767 OUT PNTSTATUS AccessStatus
,
5768 OUT PBOOLEAN GenerateOnClose
5773 NtAccessCheckByTypeResultListAndAuditAlarmByHandle(
5774 IN PUNICODE_STRING SubsystemName
,
5776 IN HANDLE ClientToken
,
5777 IN PUNICODE_STRING ObjectTypeName
,
5778 IN PUNICODE_STRING ObjectName
,
5779 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5780 IN PSID PrincipalSelfSid
,
5781 IN ACCESS_MASK DesiredAccess
,
5782 IN AUDIT_EVENT_TYPE AuditType
,
5784 IN POBJECT_TYPE_LIST ObjectTypeList
,
5785 IN ULONG ObjectTypeLength
,
5786 IN PGENERIC_MAPPING GenericMapping
,
5787 IN BOOLEAN ObjectCreation
,
5788 OUT PACCESS_MASK GrantedAccess
,
5789 OUT PNTSTATUS AccessStatus
,
5790 OUT PBOOLEAN GenerateOnClose
5796 ZwAccessCheckAndAuditAlarm (
5797 IN PUNICODE_STRING SubsystemName
,
5799 IN PUNICODE_STRING ObjectTypeName
,
5800 IN PUNICODE_STRING ObjectName
,
5801 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5802 IN ACCESS_MASK DesiredAccess
,
5803 IN PGENERIC_MAPPING GenericMapping
,
5804 IN BOOLEAN ObjectCreation
,
5805 OUT PACCESS_MASK GrantedAccess
,
5806 OUT PBOOLEAN AccessStatus
,
5807 OUT PBOOLEAN GenerateOnClose
5810 #if (VER_PRODUCTBUILD >= 2195)
5816 IN HANDLE FileHandle
,
5817 OUT PIO_STATUS_BLOCK IoStatusBlock
5820 #endif /* (VER_PRODUCTBUILD >= 2195) */
5826 IN HANDLE EventHandle
5832 ZwCloseObjectAuditAlarm (
5833 IN PUNICODE_STRING SubsystemName
,
5835 IN BOOLEAN GenerateOnClose
5842 OUT PHANDLE SectionHandle
,
5843 IN ACCESS_MASK DesiredAccess
,
5844 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
5845 IN PLARGE_INTEGER MaximumSize OPTIONAL
,
5846 IN ULONG SectionPageProtection
,
5847 IN ULONG AllocationAttributes
,
5848 IN HANDLE FileHandle OPTIONAL
5854 ZwCreateSymbolicLinkObject (
5855 OUT PHANDLE SymbolicLinkHandle
,
5856 IN ACCESS_MASK DesiredAccess
,
5857 IN POBJECT_ATTRIBUTES ObjectAttributes
,
5858 IN PUNICODE_STRING TargetName
5865 IN POBJECT_ATTRIBUTES ObjectAttributes
5873 IN PUNICODE_STRING Name
5877 #if (NTDDI_VERSION >= NTDDI_WIN2K)
5881 ZwDeviceIoControlFile (
5882 IN HANDLE FileHandle
,
5883 IN HANDLE Event OPTIONAL
,
5884 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
5885 IN PVOID ApcContext OPTIONAL
,
5886 OUT PIO_STATUS_BLOCK IoStatusBlock
,
5887 IN ULONG IoControlCode
,
5888 IN PVOID InputBuffer OPTIONAL
,
5889 IN ULONG InputBufferLength
,
5890 OUT PVOID OutputBuffer OPTIONAL
,
5891 IN ULONG OutputBufferLength
);
5898 IN PUNICODE_STRING String
5905 IN HANDLE SourceProcessHandle
,
5906 IN HANDLE SourceHandle
,
5907 IN HANDLE TargetProcessHandle OPTIONAL
,
5908 OUT PHANDLE TargetHandle OPTIONAL
,
5909 IN ACCESS_MASK DesiredAccess
,
5910 IN ULONG HandleAttributes
,
5918 IN HANDLE ExistingTokenHandle
,
5919 IN ACCESS_MASK DesiredAccess
,
5920 IN POBJECT_ATTRIBUTES ObjectAttributes
,
5921 IN BOOLEAN EffectiveOnly
,
5922 IN TOKEN_TYPE TokenType
,
5923 OUT PHANDLE NewTokenHandle
5929 IN HANDLE ExistingTokenHandle
,
5931 IN PTOKEN_GROUPS SidsToDisable OPTIONAL
,
5932 IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL
,
5933 IN PTOKEN_GROUPS RestrictedSids OPTIONAL
,
5934 OUT PHANDLE NewTokenHandle
5940 ZwFlushInstructionCache (
5941 IN HANDLE ProcessHandle
,
5942 IN PVOID BaseAddress OPTIONAL
,
5950 IN HANDLE FileHandle
,
5951 OUT PIO_STATUS_BLOCK IoStatusBlock
5954 #if (VER_PRODUCTBUILD >= 2195)
5959 ZwFlushVirtualMemory (
5960 IN HANDLE ProcessHandle
,
5961 IN OUT PVOID
*BaseAddress
,
5962 IN OUT PULONG FlushSize
,
5963 OUT PIO_STATUS_BLOCK IoStatusBlock
5966 #endif /* (VER_PRODUCTBUILD >= 2195) */
5971 ZwFreeVirtualMemory (
5972 IN HANDLE ProcessHandle
,
5973 IN OUT PVOID
*BaseAddress
,
5974 IN OUT PSIZE_T RegionSize
,
5982 IN HANDLE FileHandle
,
5983 IN HANDLE Event OPTIONAL
,
5984 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
5985 IN PVOID ApcContext OPTIONAL
,
5986 OUT PIO_STATUS_BLOCK IoStatusBlock
,
5987 IN ULONG FsControlCode
,
5988 IN PVOID InputBuffer OPTIONAL
,
5989 IN ULONG InputBufferLength
,
5990 OUT PVOID OutputBuffer OPTIONAL
,
5991 IN ULONG OutputBufferLength
5994 #if (VER_PRODUCTBUILD >= 2195)
5999 ZwInitiatePowerAction (
6000 IN POWER_ACTION SystemAction
,
6001 IN SYSTEM_POWER_STATE MinSystemState
,
6003 IN BOOLEAN Asynchronous
6006 #endif /* (VER_PRODUCTBUILD >= 2195) */
6012 /* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" */
6013 IN PUNICODE_STRING RegistryPath
6020 IN POBJECT_ATTRIBUTES KeyObjectAttributes
,
6021 IN POBJECT_ATTRIBUTES FileObjectAttributes
6028 IN HANDLE KeyHandle
,
6029 IN HANDLE EventHandle OPTIONAL
,
6030 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
6031 IN PVOID ApcContext OPTIONAL
,
6032 OUT PIO_STATUS_BLOCK IoStatusBlock
,
6033 IN ULONG NotifyFilter
,
6034 IN BOOLEAN WatchSubtree
,
6036 IN ULONG BufferLength
,
6037 IN BOOLEAN Asynchronous
6043 ZwOpenDirectoryObject (
6044 OUT PHANDLE DirectoryHandle
,
6045 IN ACCESS_MASK DesiredAccess
,
6046 IN POBJECT_ATTRIBUTES ObjectAttributes
6053 OUT PHANDLE EventHandle
,
6054 IN ACCESS_MASK DesiredAccess
,
6055 IN POBJECT_ATTRIBUTES ObjectAttributes
6062 OUT PHANDLE ProcessHandle
,
6063 IN ACCESS_MASK DesiredAccess
,
6064 IN POBJECT_ATTRIBUTES ObjectAttributes
,
6065 IN PCLIENT_ID ClientId OPTIONAL
6071 ZwOpenProcessToken (
6072 IN HANDLE ProcessHandle
,
6073 IN ACCESS_MASK DesiredAccess
,
6074 OUT PHANDLE TokenHandle
6081 OUT PHANDLE ThreadHandle
,
6082 IN ACCESS_MASK DesiredAccess
,
6083 IN POBJECT_ATTRIBUTES ObjectAttributes
,
6084 IN PCLIENT_ID ClientId
6091 IN HANDLE ThreadHandle
,
6092 IN ACCESS_MASK DesiredAccess
,
6093 IN BOOLEAN OpenAsSelf
,
6094 OUT PHANDLE TokenHandle
6097 #if (VER_PRODUCTBUILD >= 2195)
6102 ZwPowerInformation (
6103 IN POWER_INFORMATION_LEVEL PowerInformationLevel
,
6104 IN PVOID InputBuffer OPTIONAL
,
6105 IN ULONG InputBufferLength
,
6106 OUT PVOID OutputBuffer OPTIONAL
,
6107 IN ULONG OutputBufferLength
6110 #endif /* (VER_PRODUCTBUILD >= 2195) */
6116 IN HANDLE EventHandle
,
6117 OUT PLONG PreviousState OPTIONAL
6123 ZwQueryDefaultLocale (
6124 IN BOOLEAN ThreadOrSystem
,
6131 ZwQueryDirectoryFile (
6132 IN HANDLE FileHandle
,
6133 IN HANDLE Event OPTIONAL
,
6134 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
6135 IN PVOID ApcContext OPTIONAL
,
6136 OUT PIO_STATUS_BLOCK IoStatusBlock
,
6137 OUT PVOID FileInformation
,
6139 IN FILE_INFORMATION_CLASS FileInformationClass
,
6140 IN BOOLEAN ReturnSingleEntry
,
6141 IN PUNICODE_STRING FileName OPTIONAL
,
6142 IN BOOLEAN RestartScan
6145 #if (VER_PRODUCTBUILD >= 2195)
6150 ZwQueryDirectoryObject (
6151 IN HANDLE DirectoryHandle
,
6154 IN BOOLEAN ReturnSingleEntry
,
6155 IN BOOLEAN RestartScan
,
6156 IN OUT PULONG Context
,
6157 OUT PULONG ReturnLength OPTIONAL
6164 IN HANDLE FileHandle
,
6165 OUT PIO_STATUS_BLOCK IoStatusBlock
,
6168 IN BOOLEAN ReturnSingleEntry
,
6169 IN PVOID EaList OPTIONAL
,
6170 IN ULONG EaListLength
,
6171 IN PULONG EaIndex OPTIONAL
,
6172 IN BOOLEAN RestartScan
6175 #endif /* (VER_PRODUCTBUILD >= 2195) */
6180 ZwQueryInformationProcess (
6181 IN HANDLE ProcessHandle
,
6182 IN PROCESSINFOCLASS ProcessInformationClass
,
6183 OUT PVOID ProcessInformation
,
6184 IN ULONG ProcessInformationLength
,
6185 OUT PULONG ReturnLength OPTIONAL
6191 ZwQueryInformationToken (
6192 IN HANDLE TokenHandle
,
6193 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
6194 OUT PVOID TokenInformation
,
6196 OUT PULONG ResultLength
6202 ZwQuerySecurityObject (
6203 IN HANDLE FileHandle
,
6204 IN SECURITY_INFORMATION SecurityInformation
,
6205 OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
6207 OUT PULONG ResultLength
6213 ZwQueryVolumeInformationFile (
6214 IN HANDLE FileHandle
,
6215 OUT PIO_STATUS_BLOCK IoStatusBlock
,
6216 OUT PVOID FsInformation
,
6218 IN FS_INFORMATION_CLASS FsInformationClass
6225 IN POBJECT_ATTRIBUTES NewFileObjectAttributes
,
6226 IN HANDLE KeyHandle
,
6227 IN POBJECT_ATTRIBUTES OldFileObjectAttributes
6234 IN HANDLE EventHandle
,
6235 OUT PLONG PreviousState OPTIONAL
6238 #if (VER_PRODUCTBUILD >= 2195)
6244 IN HANDLE KeyHandle
,
6245 IN HANDLE FileHandle
,
6249 #endif /* (VER_PRODUCTBUILD >= 2195) */
6255 IN HANDLE KeyHandle
,
6256 IN HANDLE FileHandle
6262 ZwSetDefaultLocale (
6263 IN BOOLEAN ThreadOrSystem
,
6267 #if (VER_PRODUCTBUILD >= 2195)
6272 ZwSetDefaultUILanguage (
6273 IN LANGID LanguageId
6280 IN HANDLE FileHandle
,
6281 OUT PIO_STATUS_BLOCK IoStatusBlock
,
6286 #endif /* (VER_PRODUCTBUILD >= 2195) */
6292 IN HANDLE EventHandle
,
6293 OUT PLONG PreviousState OPTIONAL
6299 ZwSetInformationProcess (
6300 IN HANDLE ProcessHandle
,
6301 IN PROCESSINFOCLASS ProcessInformationClass
,
6302 IN PVOID ProcessInformation
,
6303 IN ULONG ProcessInformationLength
6306 #if (VER_PRODUCTBUILD >= 2195)
6311 ZwSetSecurityObject (
6313 IN SECURITY_INFORMATION SecurityInformation
,
6314 IN PSECURITY_DESCRIPTOR SecurityDescriptor
6317 #endif /* (VER_PRODUCTBUILD >= 2195) */
6323 IN PLARGE_INTEGER NewTime
,
6324 OUT PLARGE_INTEGER OldTime OPTIONAL
6327 #if (VER_PRODUCTBUILD >= 2195)
6332 ZwSetVolumeInformationFile (
6333 IN HANDLE FileHandle
,
6334 OUT PIO_STATUS_BLOCK IoStatusBlock
,
6335 IN PVOID FsInformation
,
6337 IN FS_INFORMATION_CLASS FsInformationClass
6340 #endif /* (VER_PRODUCTBUILD >= 2195) */
6345 ZwTerminateProcess (
6346 IN HANDLE ProcessHandle OPTIONAL
,
6347 IN NTSTATUS ExitStatus
6354 /* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" */
6355 IN PUNICODE_STRING RegistryPath
6362 IN POBJECT_ATTRIBUTES KeyObjectAttributes
6365 #if (NTDDI_VERSION >= NTDDI_WIN2K)
6369 ZwWaitForSingleObject (
6371 IN BOOLEAN Alertable
,
6372 IN PLARGE_INTEGER Timeout OPTIONAL
);
6378 ZwWaitForMultipleObjects (
6379 IN ULONG HandleCount
,
6381 IN WAIT_TYPE WaitType
,
6382 IN BOOLEAN Alertable
,
6383 IN PLARGE_INTEGER Timeout OPTIONAL
6399 #endif /* _NTIFS_ */
projects / reactos.git / blob