4 * Windows NT Filesystem Driver Developer Kit
6 * This file is part of the w32api package.
9 * Created by Bo Brantén <bosse@acc.umu.se>
11 * THIS SOFTWARE IS NOT COPYRIGHTED
13 * This source code is offered for use in the public domain. You may
14 * use, modify or distribute it freely.
16 * This code is distributed in the hope that it will be useful but
17 * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
18 * DISCLAIMED. This includes but is not limited to warranties of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
25 #define _NTIFS_INCLUDED_
28 /* Helper macro to enable gcc's extension. */
29 #ifndef __GNU_EXTENSION
31 #define __GNU_EXTENSION __extension__
33 #define __GNU_EXTENSION
41 #if !defined(_NTHALDLL_) && !defined(_BLDR_)
42 #define NTHALAPI DECLSPEC_IMPORT
48 #if !defined(_NTOSKRNL_) && !defined(_BLDR_)
49 #define NTKERNELAPI DECLSPEC_IMPORT
61 /* FIXME : #include <ntiologc.h> */
64 #define FlagOn(_F,_SF) ((_F) & (_SF))
68 #define BooleanFlagOn(F,SF) ((BOOLEAN)(((F) & (SF)) != 0))
72 #define SetFlag(_F,_SF) ((_F) |= (_SF))
76 #define ClearFlag(_F,_SF) ((_F) &= ~(_SF))
79 #define PsGetCurrentProcess IoGetCurrentProcess
81 #if (NTDDI_VERSION >= NTDDI_VISTA)
82 extern NTSYSAPI
volatile CCHAR KeNumberProcessors
;
83 #elif (NTDDI_VERSION >= NTDDI_WINXP)
84 extern NTSYSAPI CCHAR KeNumberProcessors
;
86 extern PCCHAR KeNumberProcessors
;
89 typedef UNICODE_STRING LSA_UNICODE_STRING
, *PLSA_UNICODE_STRING
;
90 typedef STRING LSA_STRING
, *PLSA_STRING
;
91 typedef OBJECT_ATTRIBUTES LSA_OBJECT_ATTRIBUTES
, *PLSA_OBJECT_ATTRIBUTES
;
93 #ifndef SID_IDENTIFIER_AUTHORITY_DEFINED
94 #define SID_IDENTIFIER_AUTHORITY_DEFINED
95 typedef struct _SID_IDENTIFIER_AUTHORITY
{
97 } SID_IDENTIFIER_AUTHORITY
,*PSID_IDENTIFIER_AUTHORITY
,*LPSID_IDENTIFIER_AUTHORITY
;
102 typedef struct _SID
{
104 UCHAR SubAuthorityCount
;
105 SID_IDENTIFIER_AUTHORITY IdentifierAuthority
;
106 ULONG SubAuthority
[ANYSIZE_ARRAY
];
110 #define SID_REVISION 1
111 #define SID_MAX_SUB_AUTHORITIES 15
112 #define SID_RECOMMENDED_SUB_AUTHORITIES 1
114 typedef enum _SID_NAME_USE
{
119 SidTypeWellKnownGroup
,
120 SidTypeDeletedAccount
,
125 } SID_NAME_USE
, *PSID_NAME_USE
;
127 typedef struct _SID_AND_ATTRIBUTES
{
130 } SID_AND_ATTRIBUTES
, *PSID_AND_ATTRIBUTES
;
131 typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY
[ANYSIZE_ARRAY
];
132 typedef SID_AND_ATTRIBUTES_ARRAY
*PSID_AND_ATTRIBUTES_ARRAY
;
134 #define SID_HASH_SIZE 32
135 typedef ULONG_PTR SID_HASH_ENTRY
, *PSID_HASH_ENTRY
;
137 typedef struct _SID_AND_ATTRIBUTES_HASH
{
139 PSID_AND_ATTRIBUTES SidAttr
;
140 SID_HASH_ENTRY Hash
[SID_HASH_SIZE
];
141 } SID_AND_ATTRIBUTES_HASH
, *PSID_AND_ATTRIBUTES_HASH
;
143 /* Universal well-known SIDs */
145 #define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0}
146 #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
147 #define SECURITY_LOCAL_SID_AUTHORITY {0,0,0,0,0,2}
148 #define SECURITY_CREATOR_SID_AUTHORITY {0,0,0,0,0,3}
149 #define SECURITY_NON_UNIQUE_AUTHORITY {0,0,0,0,0,4}
150 #define SECURITY_RESOURCE_MANAGER_AUTHORITY {0,0,0,0,0,9}
152 #define SECURITY_NULL_RID (0x00000000L)
153 #define SECURITY_WORLD_RID (0x00000000L)
154 #define SECURITY_LOCAL_RID (0x00000000L)
155 #define SECURITY_LOCAL_LOGON_RID (0x00000001L)
157 #define SECURITY_CREATOR_OWNER_RID (0x00000000L)
158 #define SECURITY_CREATOR_GROUP_RID (0x00000001L)
159 #define SECURITY_CREATOR_OWNER_SERVER_RID (0x00000002L)
160 #define SECURITY_CREATOR_GROUP_SERVER_RID (0x00000003L)
161 #define SECURITY_CREATOR_OWNER_RIGHTS_RID (0x00000004L)
163 /* NT well-known SIDs */
165 #define SECURITY_NT_AUTHORITY {0,0,0,0,0,5}
167 #define SECURITY_DIALUP_RID (0x00000001L)
168 #define SECURITY_NETWORK_RID (0x00000002L)
169 #define SECURITY_BATCH_RID (0x00000003L)
170 #define SECURITY_INTERACTIVE_RID (0x00000004L)
171 #define SECURITY_LOGON_IDS_RID (0x00000005L)
172 #define SECURITY_LOGON_IDS_RID_COUNT (3L)
173 #define SECURITY_SERVICE_RID (0x00000006L)
174 #define SECURITY_ANONYMOUS_LOGON_RID (0x00000007L)
175 #define SECURITY_PROXY_RID (0x00000008L)
176 #define SECURITY_ENTERPRISE_CONTROLLERS_RID (0x00000009L)
177 #define SECURITY_SERVER_LOGON_RID SECURITY_ENTERPRISE_CONTROLLERS_RID
178 #define SECURITY_PRINCIPAL_SELF_RID (0x0000000AL)
179 #define SECURITY_AUTHENTICATED_USER_RID (0x0000000BL)
180 #define SECURITY_RESTRICTED_CODE_RID (0x0000000CL)
181 #define SECURITY_TERMINAL_SERVER_RID (0x0000000DL)
182 #define SECURITY_REMOTE_LOGON_RID (0x0000000EL)
183 #define SECURITY_THIS_ORGANIZATION_RID (0x0000000FL)
184 #define SECURITY_IUSER_RID (0x00000011L)
185 #define SECURITY_LOCAL_SYSTEM_RID (0x00000012L)
186 #define SECURITY_LOCAL_SERVICE_RID (0x00000013L)
187 #define SECURITY_NETWORK_SERVICE_RID (0x00000014L)
188 #define SECURITY_NT_NON_UNIQUE (0x00000015L)
189 #define SECURITY_NT_NON_UNIQUE_SUB_AUTH_COUNT (3L)
190 #define SECURITY_ENTERPRISE_READONLY_CONTROLLERS_RID (0x00000016L)
192 #define SECURITY_BUILTIN_DOMAIN_RID (0x00000020L)
193 #define SECURITY_WRITE_RESTRICTED_CODE_RID (0x00000021L)
196 #define SECURITY_PACKAGE_BASE_RID (0x00000040L)
197 #define SECURITY_PACKAGE_RID_COUNT (2L)
198 #define SECURITY_PACKAGE_NTLM_RID (0x0000000AL)
199 #define SECURITY_PACKAGE_SCHANNEL_RID (0x0000000EL)
200 #define SECURITY_PACKAGE_DIGEST_RID (0x00000015L)
202 #define SECURITY_CRED_TYPE_BASE_RID (0x00000041L)
203 #define SECURITY_CRED_TYPE_RID_COUNT (2L)
204 #define SECURITY_CRED_TYPE_THIS_ORG_CERT_RID (0x00000001L)
206 #define SECURITY_MIN_BASE_RID (0x00000050L)
207 #define SECURITY_SERVICE_ID_BASE_RID (0x00000050L)
208 #define SECURITY_SERVICE_ID_RID_COUNT (6L)
209 #define SECURITY_RESERVED_ID_BASE_RID (0x00000051L)
210 #define SECURITY_APPPOOL_ID_BASE_RID (0x00000052L)
211 #define SECURITY_APPPOOL_ID_RID_COUNT (6L)
212 #define SECURITY_VIRTUALSERVER_ID_BASE_RID (0x00000053L)
213 #define SECURITY_VIRTUALSERVER_ID_RID_COUNT (6L)
214 #define SECURITY_USERMODEDRIVERHOST_ID_BASE_RID (0x00000054L)
215 #define SECURITY_USERMODEDRIVERHOST_ID_RID_COUNT (6L)
216 #define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_BASE_RID (0x00000055L)
217 #define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_RID_COUNT (6L)
218 #define SECURITY_WMIHOST_ID_BASE_RID (0x00000056L)
219 #define SECURITY_WMIHOST_ID_RID_COUNT (6L)
220 #define SECURITY_TASK_ID_BASE_RID (0x00000057L)
221 #define SECURITY_NFS_ID_BASE_RID (0x00000058L)
222 #define SECURITY_COM_ID_BASE_RID (0x00000059L)
223 #define SECURITY_VIRTUALACCOUNT_ID_RID_COUNT (6L)
225 #define SECURITY_MAX_BASE_RID (0x0000006FL)
227 #define SECURITY_MAX_ALWAYS_FILTERED (0x000003E7L)
228 #define SECURITY_MIN_NEVER_FILTERED (0x000003E8L)
230 #define SECURITY_OTHER_ORGANIZATION_RID (0x000003E8L)
232 #define SECURITY_WINDOWSMOBILE_ID_BASE_RID (0x00000070L)
234 /* Well-known domain relative sub-authority values (RIDs) */
236 #define DOMAIN_GROUP_RID_ENTERPRISE_READONLY_DOMAIN_CONTROLLERS (0x000001F2L)
238 #define FOREST_USER_RID_MAX (0x000001F3L)
240 /* Well-known users */
242 #define DOMAIN_USER_RID_ADMIN (0x000001F4L)
243 #define DOMAIN_USER_RID_GUEST (0x000001F5L)
244 #define DOMAIN_USER_RID_KRBTGT (0x000001F6L)
246 #define DOMAIN_USER_RID_MAX (0x000003E7L)
248 /* Well-known groups */
250 #define DOMAIN_GROUP_RID_ADMINS (0x00000200L)
251 #define DOMAIN_GROUP_RID_USERS (0x00000201L)
252 #define DOMAIN_GROUP_RID_GUESTS (0x00000202L)
253 #define DOMAIN_GROUP_RID_COMPUTERS (0x00000203L)
254 #define DOMAIN_GROUP_RID_CONTROLLERS (0x00000204L)
255 #define DOMAIN_GROUP_RID_CERT_ADMINS (0x00000205L)
256 #define DOMAIN_GROUP_RID_SCHEMA_ADMINS (0x00000206L)
257 #define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS (0x00000207L)
258 #define DOMAIN_GROUP_RID_POLICY_ADMINS (0x00000208L)
259 #define DOMAIN_GROUP_RID_READONLY_CONTROLLERS (0x00000209L)
261 /* Well-known aliases */
263 #define DOMAIN_ALIAS_RID_ADMINS (0x00000220L)
264 #define DOMAIN_ALIAS_RID_USERS (0x00000221L)
265 #define DOMAIN_ALIAS_RID_GUESTS (0x00000222L)
266 #define DOMAIN_ALIAS_RID_POWER_USERS (0x00000223L)
268 #define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L)
269 #define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x00000225L)
270 #define DOMAIN_ALIAS_RID_PRINT_OPS (0x00000226L)
271 #define DOMAIN_ALIAS_RID_BACKUP_OPS (0x00000227L)
273 #define DOMAIN_ALIAS_RID_REPLICATOR (0x00000228L)
274 #define DOMAIN_ALIAS_RID_RAS_SERVERS (0x00000229L)
275 #define DOMAIN_ALIAS_RID_PREW2KCOMPACCESS (0x0000022AL)
276 #define DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS (0x0000022BL)
277 #define DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS (0x0000022CL)
278 #define DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS (0x0000022DL)
280 #define DOMAIN_ALIAS_RID_MONITORING_USERS (0x0000022EL)
281 #define DOMAIN_ALIAS_RID_LOGGING_USERS (0x0000022FL)
282 #define DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS (0x00000230L)
283 #define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS (0x00000231L)
284 #define DOMAIN_ALIAS_RID_DCOM_USERS (0x00000232L)
285 #define DOMAIN_ALIAS_RID_IUSERS (0x00000238L)
286 #define DOMAIN_ALIAS_RID_CRYPTO_OPERATORS (0x00000239L)
287 #define DOMAIN_ALIAS_RID_CACHEABLE_PRINCIPALS_GROUP (0x0000023BL)
288 #define DOMAIN_ALIAS_RID_NON_CACHEABLE_PRINCIPALS_GROUP (0x0000023CL)
289 #define DOMAIN_ALIAS_RID_EVENT_LOG_READERS_GROUP (0x0000023DL)
290 #define DOMAIN_ALIAS_RID_CERTSVC_DCOM_ACCESS_GROUP (0x0000023EL)
292 #define SECURITY_MANDATORY_LABEL_AUTHORITY {0,0,0,0,0,16}
293 #define SECURITY_MANDATORY_UNTRUSTED_RID (0x00000000L)
294 #define SECURITY_MANDATORY_LOW_RID (0x00001000L)
295 #define SECURITY_MANDATORY_MEDIUM_RID (0x00002000L)
296 #define SECURITY_MANDATORY_HIGH_RID (0x00003000L)
297 #define SECURITY_MANDATORY_SYSTEM_RID (0x00004000L)
298 #define SECURITY_MANDATORY_PROTECTED_PROCESS_RID (0x00005000L)
300 /* SECURITY_MANDATORY_MAXIMUM_USER_RID is the highest RID that
301 can be set by a usermode caller.*/
303 #define SECURITY_MANDATORY_MAXIMUM_USER_RID SECURITY_MANDATORY_SYSTEM_RID
305 #define MANDATORY_LEVEL_TO_MANDATORY_RID(IL) (IL * 0x1000)
307 /* Allocate the System Luid. The first 1000 LUIDs are reserved.
308 Use #999 here (0x3e7 = 999) */
310 #define SYSTEM_LUID { 0x3e7, 0x0 }
311 #define ANONYMOUS_LOGON_LUID { 0x3e6, 0x0 }
312 #define LOCALSERVICE_LUID { 0x3e5, 0x0 }
313 #define NETWORKSERVICE_LUID { 0x3e4, 0x0 }
314 #define IUSER_LUID { 0x3e3, 0x0 }
316 typedef struct _ACE_HEADER
{
320 } ACE_HEADER
, *PACE_HEADER
;
322 /* also in winnt.h */
323 #define ACCESS_MIN_MS_ACE_TYPE (0x0)
324 #define ACCESS_ALLOWED_ACE_TYPE (0x0)
325 #define ACCESS_DENIED_ACE_TYPE (0x1)
326 #define SYSTEM_AUDIT_ACE_TYPE (0x2)
327 #define SYSTEM_ALARM_ACE_TYPE (0x3)
328 #define ACCESS_MAX_MS_V2_ACE_TYPE (0x3)
329 #define ACCESS_ALLOWED_COMPOUND_ACE_TYPE (0x4)
330 #define ACCESS_MAX_MS_V3_ACE_TYPE (0x4)
331 #define ACCESS_MIN_MS_OBJECT_ACE_TYPE (0x5)
332 #define ACCESS_ALLOWED_OBJECT_ACE_TYPE (0x5)
333 #define ACCESS_DENIED_OBJECT_ACE_TYPE (0x6)
334 #define SYSTEM_AUDIT_OBJECT_ACE_TYPE (0x7)
335 #define SYSTEM_ALARM_OBJECT_ACE_TYPE (0x8)
336 #define ACCESS_MAX_MS_OBJECT_ACE_TYPE (0x8)
337 #define ACCESS_MAX_MS_V4_ACE_TYPE (0x8)
338 #define ACCESS_MAX_MS_ACE_TYPE (0x8)
339 #define ACCESS_ALLOWED_CALLBACK_ACE_TYPE (0x9)
340 #define ACCESS_DENIED_CALLBACK_ACE_TYPE (0xA)
341 #define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE (0xB)
342 #define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE (0xC)
343 #define SYSTEM_AUDIT_CALLBACK_ACE_TYPE (0xD)
344 #define SYSTEM_ALARM_CALLBACK_ACE_TYPE (0xE)
345 #define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE (0xF)
346 #define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE (0x10)
347 #define ACCESS_MAX_MS_V5_ACE_TYPE (0x11)
348 #define SYSTEM_MANDATORY_LABEL_ACE_TYPE (0x11)
350 /* The following are the inherit flags that go into the AceFlags field
353 #define OBJECT_INHERIT_ACE (0x1)
354 #define CONTAINER_INHERIT_ACE (0x2)
355 #define NO_PROPAGATE_INHERIT_ACE (0x4)
356 #define INHERIT_ONLY_ACE (0x8)
357 #define INHERITED_ACE (0x10)
358 #define VALID_INHERIT_FLAGS (0x1F)
360 #define SUCCESSFUL_ACCESS_ACE_FLAG (0x40)
361 #define FAILED_ACCESS_ACE_FLAG (0x80)
363 typedef struct _ACCESS_ALLOWED_ACE
{
367 } ACCESS_ALLOWED_ACE
, *PACCESS_ALLOWED_ACE
;
369 typedef struct _ACCESS_DENIED_ACE
{
373 } ACCESS_DENIED_ACE
, *PACCESS_DENIED_ACE
;
375 typedef struct _SYSTEM_AUDIT_ACE
{
379 } SYSTEM_AUDIT_ACE
, *PSYSTEM_AUDIT_ACE
;
381 typedef struct _SYSTEM_ALARM_ACE
{
385 } SYSTEM_ALARM_ACE
, *PSYSTEM_ALARM_ACE
;
387 typedef struct _SYSTEM_MANDATORY_LABEL_ACE
{
391 } SYSTEM_MANDATORY_LABEL_ACE
, *PSYSTEM_MANDATORY_LABEL_ACE
;
393 #define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP 0x1
394 #define SYSTEM_MANDATORY_LABEL_NO_READ_UP 0x2
395 #define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP 0x4
396 #define SYSTEM_MANDATORY_LABEL_VALID_MASK (SYSTEM_MANDATORY_LABEL_NO_WRITE_UP | \
397 SYSTEM_MANDATORY_LABEL_NO_READ_UP | \
398 SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP)
400 #define SECURITY_DESCRIPTOR_MIN_LENGTH (sizeof(SECURITY_DESCRIPTOR))
402 typedef USHORT SECURITY_DESCRIPTOR_CONTROL
,*PSECURITY_DESCRIPTOR_CONTROL
;
404 #define SE_OWNER_DEFAULTED 0x0001
405 #define SE_GROUP_DEFAULTED 0x0002
406 #define SE_DACL_PRESENT 0x0004
407 #define SE_DACL_DEFAULTED 0x0008
408 #define SE_SACL_PRESENT 0x0010
409 #define SE_SACL_DEFAULTED 0x0020
410 #define SE_DACL_UNTRUSTED 0x0040
411 #define SE_SERVER_SECURITY 0x0080
412 #define SE_DACL_AUTO_INHERIT_REQ 0x0100
413 #define SE_SACL_AUTO_INHERIT_REQ 0x0200
414 #define SE_DACL_AUTO_INHERITED 0x0400
415 #define SE_SACL_AUTO_INHERITED 0x0800
416 #define SE_DACL_PROTECTED 0x1000
417 #define SE_SACL_PROTECTED 0x2000
418 #define SE_RM_CONTROL_VALID 0x4000
419 #define SE_SELF_RELATIVE 0x8000
421 typedef struct _SECURITY_DESCRIPTOR_RELATIVE
{
424 SECURITY_DESCRIPTOR_CONTROL Control
;
429 } SECURITY_DESCRIPTOR_RELATIVE
, *PISECURITY_DESCRIPTOR_RELATIVE
;
431 typedef struct _SECURITY_DESCRIPTOR
{
434 SECURITY_DESCRIPTOR_CONTROL Control
;
439 } SECURITY_DESCRIPTOR
, *PISECURITY_DESCRIPTOR
;
441 typedef struct _OBJECT_TYPE_LIST
{
445 } OBJECT_TYPE_LIST
, *POBJECT_TYPE_LIST
;
447 #define ACCESS_OBJECT_GUID 0
448 #define ACCESS_PROPERTY_SET_GUID 1
449 #define ACCESS_PROPERTY_GUID 2
450 #define ACCESS_MAX_LEVEL 4
452 typedef enum _AUDIT_EVENT_TYPE
{
453 AuditEventObjectAccess
,
454 AuditEventDirectoryServiceAccess
455 } AUDIT_EVENT_TYPE
, *PAUDIT_EVENT_TYPE
;
457 #define AUDIT_ALLOW_NO_PRIVILEGE 0x1
459 #define ACCESS_DS_SOURCE_A "DS"
460 #define ACCESS_DS_SOURCE_W L"DS"
461 #define ACCESS_DS_OBJECT_TYPE_NAME_A "Directory Service Object"
462 #define ACCESS_DS_OBJECT_TYPE_NAME_W L"Directory Service Object"
464 #define ACCESS_REASON_TYPE_MASK 0xffff0000
465 #define ACCESS_REASON_DATA_MASK 0x0000ffff
467 typedef enum _ACCESS_REASON_TYPE
{
468 AccessReasonNone
= 0x00000000,
469 AccessReasonAllowedAce
= 0x00010000,
470 AccessReasonDeniedAce
= 0x00020000,
471 AccessReasonAllowedParentAce
= 0x00030000,
472 AccessReasonDeniedParentAce
= 0x00040000,
473 AccessReasonMissingPrivilege
= 0x00100000,
474 AccessReasonFromPrivilege
= 0x00200000,
475 AccessReasonIntegrityLevel
= 0x00300000,
476 AccessReasonOwnership
= 0x00400000,
477 AccessReasonNullDacl
= 0x00500000,
478 AccessReasonEmptyDacl
= 0x00600000,
479 AccessReasonNoSD
= 0x00700000,
480 AccessReasonNoGrant
= 0x00800000
481 } ACCESS_REASON_TYPE
;
483 typedef ULONG ACCESS_REASON
;
485 typedef struct _ACCESS_REASONS
{
486 ACCESS_REASON Data
[32];
487 } ACCESS_REASONS
, *PACCESS_REASONS
;
489 #define SE_SECURITY_DESCRIPTOR_FLAG_NO_OWNER_ACE 0x00000001
490 #define SE_SECURITY_DESCRIPTOR_FLAG_NO_LABEL_ACE 0x00000002
491 #define SE_SECURITY_DESCRIPTOR_VALID_FLAGS 0x00000003
493 typedef struct _SE_SECURITY_DESCRIPTOR
{
496 PSECURITY_DESCRIPTOR SecurityDescriptor
;
497 } SE_SECURITY_DESCRIPTOR
, *PSE_SECURITY_DESCRIPTOR
;
499 typedef struct _SE_ACCESS_REQUEST
{
501 PSE_SECURITY_DESCRIPTOR SeSecurityDescriptor
;
502 ACCESS_MASK DesiredAccess
;
503 ACCESS_MASK PreviouslyGrantedAccess
;
504 PSID PrincipalSelfSid
;
505 PGENERIC_MAPPING GenericMapping
;
506 ULONG ObjectTypeListCount
;
507 POBJECT_TYPE_LIST ObjectTypeList
;
508 } SE_ACCESS_REQUEST
, *PSE_ACCESS_REQUEST
;
510 typedef struct _SE_ACCESS_REPLY
{
512 ULONG ResultListCount
;
513 PACCESS_MASK GrantedAccess
;
514 PNTSTATUS AccessStatus
;
515 PACCESS_REASONS AccessReason
;
516 PPRIVILEGE_SET
* Privileges
;
517 } SE_ACCESS_REPLY
, *PSE_ACCESS_REPLY
;
519 typedef enum _SE_AUDIT_OPERATION
{
520 AuditPrivilegeObject
,
521 AuditPrivilegeService
,
524 AuditOpenObjectWithTransaction
,
527 AuditOpenObjectForDelete
,
528 AuditOpenObjectForDeleteWithTransaction
,
531 AuditObjectReference
,
533 } SE_AUDIT_OPERATION
, *PSE_AUDIT_OPERATION
;
535 typedef struct _SE_AUDIT_INFO
{
537 AUDIT_EVENT_TYPE AuditType
;
538 SE_AUDIT_OPERATION AuditOperation
;
540 UNICODE_STRING SubsystemName
;
541 UNICODE_STRING ObjectTypeName
;
542 UNICODE_STRING ObjectName
;
546 BOOLEAN ObjectCreation
;
547 BOOLEAN GenerateOnClose
;
548 } SE_AUDIT_INFO
, *PSE_AUDIT_INFO
;
550 #define TOKEN_ASSIGN_PRIMARY (0x0001)
551 #define TOKEN_DUPLICATE (0x0002)
552 #define TOKEN_IMPERSONATE (0x0004)
553 #define TOKEN_QUERY (0x0008)
554 #define TOKEN_QUERY_SOURCE (0x0010)
555 #define TOKEN_ADJUST_PRIVILEGES (0x0020)
556 #define TOKEN_ADJUST_GROUPS (0x0040)
557 #define TOKEN_ADJUST_DEFAULT (0x0080)
558 #define TOKEN_ADJUST_SESSIONID (0x0100)
560 #define TOKEN_ALL_ACCESS_P (STANDARD_RIGHTS_REQUIRED |\
561 TOKEN_ASSIGN_PRIMARY |\
565 TOKEN_QUERY_SOURCE |\
566 TOKEN_ADJUST_PRIVILEGES |\
567 TOKEN_ADJUST_GROUPS |\
568 TOKEN_ADJUST_DEFAULT )
570 #if ((defined(_WIN32_WINNT) && (_WIN32_WINNT > 0x0400)) || (!defined(_WIN32_WINNT)))
571 #define TOKEN_ALL_ACCESS (TOKEN_ALL_ACCESS_P |\
572 TOKEN_ADJUST_SESSIONID )
574 #define TOKEN_ALL_ACCESS (TOKEN_ALL_ACCESS_P)
577 #define TOKEN_READ (STANDARD_RIGHTS_READ |\
580 #define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\
581 TOKEN_ADJUST_PRIVILEGES |\
582 TOKEN_ADJUST_GROUPS |\
583 TOKEN_ADJUST_DEFAULT)
585 #define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE)
587 typedef enum _TOKEN_TYPE
{
590 } TOKEN_TYPE
,*PTOKEN_TYPE
;
592 typedef enum _TOKEN_INFORMATION_CLASS
{
601 TokenImpersonationLevel
,
605 TokenGroupsAndPrivileges
,
606 TokenSessionReference
,
613 TokenHasRestrictions
,
614 TokenAccessInformation
,
615 TokenVirtualizationAllowed
,
616 TokenVirtualizationEnabled
,
619 TokenMandatoryPolicy
,
622 } TOKEN_INFORMATION_CLASS
, *PTOKEN_INFORMATION_CLASS
;
624 typedef struct _TOKEN_USER
{
625 SID_AND_ATTRIBUTES User
;
626 } TOKEN_USER
, *PTOKEN_USER
;
628 typedef struct _TOKEN_GROUPS
{
630 SID_AND_ATTRIBUTES Groups
[ANYSIZE_ARRAY
];
631 } TOKEN_GROUPS
,*PTOKEN_GROUPS
,*LPTOKEN_GROUPS
;
633 typedef struct _TOKEN_PRIVILEGES
{
634 ULONG PrivilegeCount
;
635 LUID_AND_ATTRIBUTES Privileges
[ANYSIZE_ARRAY
];
636 } TOKEN_PRIVILEGES
,*PTOKEN_PRIVILEGES
,*LPTOKEN_PRIVILEGES
;
638 typedef struct _TOKEN_OWNER
{
640 } TOKEN_OWNER
,*PTOKEN_OWNER
;
642 typedef struct _TOKEN_PRIMARY_GROUP
{
644 } TOKEN_PRIMARY_GROUP
,*PTOKEN_PRIMARY_GROUP
;
646 typedef struct _TOKEN_DEFAULT_DACL
{
648 } TOKEN_DEFAULT_DACL
,*PTOKEN_DEFAULT_DACL
;
650 typedef struct _TOKEN_GROUPS_AND_PRIVILEGES
{
653 PSID_AND_ATTRIBUTES Sids
;
654 ULONG RestrictedSidCount
;
655 ULONG RestrictedSidLength
;
656 PSID_AND_ATTRIBUTES RestrictedSids
;
657 ULONG PrivilegeCount
;
658 ULONG PrivilegeLength
;
659 PLUID_AND_ATTRIBUTES Privileges
;
660 LUID AuthenticationId
;
661 } TOKEN_GROUPS_AND_PRIVILEGES
, *PTOKEN_GROUPS_AND_PRIVILEGES
;
663 typedef struct _TOKEN_LINKED_TOKEN
{
665 } TOKEN_LINKED_TOKEN
, *PTOKEN_LINKED_TOKEN
;
667 typedef struct _TOKEN_ELEVATION
{
668 ULONG TokenIsElevated
;
669 } TOKEN_ELEVATION
, *PTOKEN_ELEVATION
;
671 typedef struct _TOKEN_MANDATORY_LABEL
{
672 SID_AND_ATTRIBUTES Label
;
673 } TOKEN_MANDATORY_LABEL
, *PTOKEN_MANDATORY_LABEL
;
675 #define TOKEN_MANDATORY_POLICY_OFF 0x0
676 #define TOKEN_MANDATORY_POLICY_NO_WRITE_UP 0x1
677 #define TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN 0x2
679 #define TOKEN_MANDATORY_POLICY_VALID_MASK (TOKEN_MANDATORY_POLICY_NO_WRITE_UP | \
680 TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN)
682 typedef struct _TOKEN_MANDATORY_POLICY
{
684 } TOKEN_MANDATORY_POLICY
, *PTOKEN_MANDATORY_POLICY
;
686 typedef struct _TOKEN_ACCESS_INFORMATION
{
687 PSID_AND_ATTRIBUTES_HASH SidHash
;
688 PSID_AND_ATTRIBUTES_HASH RestrictedSidHash
;
689 PTOKEN_PRIVILEGES Privileges
;
690 LUID AuthenticationId
;
691 TOKEN_TYPE TokenType
;
692 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
;
693 TOKEN_MANDATORY_POLICY MandatoryPolicy
;
695 } TOKEN_ACCESS_INFORMATION
, *PTOKEN_ACCESS_INFORMATION
;
697 #define POLICY_AUDIT_SUBCATEGORY_COUNT (53)
699 typedef struct _TOKEN_AUDIT_POLICY
{
700 UCHAR PerUserPolicy
[((POLICY_AUDIT_SUBCATEGORY_COUNT
) >> 1) + 1];
701 } TOKEN_AUDIT_POLICY
, *PTOKEN_AUDIT_POLICY
;
703 #define TOKEN_SOURCE_LENGTH 8
705 typedef struct _TOKEN_SOURCE
{
706 CHAR SourceName
[TOKEN_SOURCE_LENGTH
];
707 LUID SourceIdentifier
;
708 } TOKEN_SOURCE
,*PTOKEN_SOURCE
;
710 typedef struct _TOKEN_STATISTICS
{
712 LUID AuthenticationId
;
713 LARGE_INTEGER ExpirationTime
;
714 TOKEN_TYPE TokenType
;
715 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
;
716 ULONG DynamicCharged
;
717 ULONG DynamicAvailable
;
719 ULONG PrivilegeCount
;
721 } TOKEN_STATISTICS
, *PTOKEN_STATISTICS
;
723 typedef struct _TOKEN_CONTROL
{
725 LUID AuthenticationId
;
727 TOKEN_SOURCE TokenSource
;
728 } TOKEN_CONTROL
,*PTOKEN_CONTROL
;
730 typedef struct _TOKEN_ORIGIN
{
731 LUID OriginatingLogonSession
;
732 } TOKEN_ORIGIN
, *PTOKEN_ORIGIN
;
734 typedef enum _MANDATORY_LEVEL
{
735 MandatoryLevelUntrusted
= 0,
737 MandatoryLevelMedium
,
739 MandatoryLevelSystem
,
740 MandatoryLevelSecureProcess
,
742 } MANDATORY_LEVEL
, *PMANDATORY_LEVEL
;
744 typedef enum _OBJECT_INFORMATION_CLASS
{
745 ObjectBasicInformation
= 0,
746 ObjectNameInformation
= 1, /* FIXME, not in WDK */
747 ObjectTypeInformation
= 2,
748 ObjectTypesInformation
= 3, /* FIXME, not in WDK */
749 ObjectHandleFlagInformation
= 4, /* FIXME, not in WDK */
750 ObjectSessionInformation
= 5, /* FIXME, not in WDK */
751 MaxObjectInfoClass
/* FIXME, not in WDK */
752 } OBJECT_INFORMATION_CLASS
;
754 #if (NTDDI_VERSION >= NTDDI_NT4)
760 IN HANDLE Handle OPTIONAL
,
761 IN OBJECT_INFORMATION_CLASS ObjectInformationClass
,
762 OUT PVOID ObjectInformation OPTIONAL
,
763 IN ULONG ObjectInformationLength
,
764 OUT PULONG ReturnLength OPTIONAL
);
768 #if (NTDDI_VERSION >= NTDDI_WIN2K)
774 IN HANDLE ThreadHandle
,
775 IN ACCESS_MASK DesiredAccess
,
776 IN BOOLEAN OpenAsSelf
,
777 OUT PHANDLE TokenHandle
);
783 IN HANDLE ProcessHandle
,
784 IN ACCESS_MASK DesiredAccess
,
785 OUT PHANDLE TokenHandle
);
790 NtQueryInformationToken(
791 IN HANDLE TokenHandle
,
792 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
793 OUT PVOID TokenInformation OPTIONAL
,
794 IN ULONG TokenInformationLength
,
795 OUT PULONG ReturnLength
);
800 NtAdjustPrivilegesToken(
801 IN HANDLE TokenHandle
,
802 IN BOOLEAN DisableAllPrivileges
,
803 IN PTOKEN_PRIVILEGES NewState OPTIONAL
,
804 IN ULONG BufferLength
,
805 OUT PTOKEN_PRIVILEGES PreviousState
,
806 OUT PULONG ReturnLength OPTIONAL
);
812 OUT PHANDLE FileHandle
,
813 IN ACCESS_MASK DesiredAccess
,
814 IN POBJECT_ATTRIBUTES ObjectAttributes
,
815 OUT PIO_STATUS_BLOCK IoStatusBlock
,
816 IN PLARGE_INTEGER AllocationSize OPTIONAL
,
817 IN ULONG FileAttributes
,
818 IN ULONG ShareAccess
,
819 IN ULONG CreateDisposition
,
820 IN ULONG CreateOptions
,
827 NtDeviceIoControlFile(
828 IN HANDLE FileHandle
,
829 IN HANDLE Event OPTIONAL
,
830 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
831 IN PVOID ApcContext OPTIONAL
,
832 OUT PIO_STATUS_BLOCK IoStatusBlock
,
833 IN ULONG IoControlCode
,
834 IN PVOID InputBuffer OPTIONAL
,
835 IN ULONG InputBufferLength
,
836 OUT PVOID OutputBuffer OPTIONAL
,
837 IN ULONG OutputBufferLength
);
843 IN HANDLE FileHandle
,
844 IN HANDLE Event OPTIONAL
,
845 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
846 IN PVOID ApcContext OPTIONAL
,
847 OUT PIO_STATUS_BLOCK IoStatusBlock
,
848 IN ULONG FsControlCode
,
849 IN PVOID InputBuffer OPTIONAL
,
850 IN ULONG InputBufferLength
,
851 OUT PVOID OutputBuffer OPTIONAL
,
852 IN ULONG OutputBufferLength
);
858 IN HANDLE FileHandle
,
859 IN HANDLE Event OPTIONAL
,
860 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
861 IN PVOID ApcContext OPTIONAL
,
862 OUT PIO_STATUS_BLOCK IoStatusBlock
,
863 IN PLARGE_INTEGER ByteOffset
,
864 IN PLARGE_INTEGER Length
,
866 IN BOOLEAN FailImmediately
,
867 IN BOOLEAN ExclusiveLock
);
873 OUT PHANDLE FileHandle
,
874 IN ACCESS_MASK DesiredAccess
,
875 IN POBJECT_ATTRIBUTES ObjectAttributes
,
876 OUT PIO_STATUS_BLOCK IoStatusBlock
,
877 IN ULONG ShareAccess
,
878 IN ULONG OpenOptions
);
883 NtQueryDirectoryFile(
884 IN HANDLE FileHandle
,
885 IN HANDLE Event OPTIONAL
,
886 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
887 IN PVOID ApcContext OPTIONAL
,
888 OUT PIO_STATUS_BLOCK IoStatusBlock
,
889 OUT PVOID FileInformation
,
891 IN FILE_INFORMATION_CLASS FileInformationClass
,
892 IN BOOLEAN ReturnSingleEntry
,
893 IN PUNICODE_STRING FileName OPTIONAL
,
894 IN BOOLEAN RestartScan
);
899 NtQueryInformationFile(
900 IN HANDLE FileHandle
,
901 OUT PIO_STATUS_BLOCK IoStatusBlock
,
902 OUT PVOID FileInformation
,
904 IN FILE_INFORMATION_CLASS FileInformationClass
);
909 NtQueryQuotaInformationFile(
910 IN HANDLE FileHandle
,
911 OUT PIO_STATUS_BLOCK IoStatusBlock
,
914 IN BOOLEAN ReturnSingleEntry
,
916 IN ULONG SidListLength
,
917 IN PSID StartSid OPTIONAL
,
918 IN BOOLEAN RestartScan
);
923 NtQueryVolumeInformationFile(
924 IN HANDLE FileHandle
,
925 OUT PIO_STATUS_BLOCK IoStatusBlock
,
926 OUT PVOID FsInformation
,
928 IN FS_INFORMATION_CLASS FsInformationClass
);
934 IN HANDLE FileHandle
,
935 IN HANDLE Event OPTIONAL
,
936 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
937 IN PVOID ApcContext OPTIONAL
,
938 OUT PIO_STATUS_BLOCK IoStatusBlock
,
941 IN PLARGE_INTEGER ByteOffset OPTIONAL
,
942 IN PULONG Key OPTIONAL
);
947 NtSetInformationFile(
948 IN HANDLE FileHandle
,
949 OUT PIO_STATUS_BLOCK IoStatusBlock
,
950 IN PVOID FileInformation
,
952 IN FILE_INFORMATION_CLASS FileInformationClass
);
957 NtSetQuotaInformationFile(
958 IN HANDLE FileHandle
,
959 OUT PIO_STATUS_BLOCK IoStatusBlock
,
966 NtSetVolumeInformationFile(
967 IN HANDLE FileHandle
,
968 OUT PIO_STATUS_BLOCK IoStatusBlock
,
969 IN PVOID FsInformation
,
971 IN FS_INFORMATION_CLASS FsInformationClass
);
977 IN HANDLE FileHandle
,
978 IN HANDLE Event OPTIONAL
,
979 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
980 IN PVOID ApcContext OPTIONAL
,
981 OUT PIO_STATUS_BLOCK IoStatusBlock
,
984 IN PLARGE_INTEGER ByteOffset OPTIONAL
,
985 IN PULONG Key OPTIONAL
);
991 IN HANDLE FileHandle
,
992 OUT PIO_STATUS_BLOCK IoStatusBlock
,
993 IN PLARGE_INTEGER ByteOffset
,
994 IN PLARGE_INTEGER Length
,
1000 NtSetSecurityObject(
1002 IN SECURITY_INFORMATION SecurityInformation
,
1003 IN PSECURITY_DESCRIPTOR SecurityDescriptor
);
1008 NtQuerySecurityObject(
1010 IN SECURITY_INFORMATION SecurityInformation
,
1011 OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
1013 OUT PULONG LengthNeeded
);
1024 NtAllocateVirtualMemory(
1025 IN HANDLE ProcessHandle
,
1026 IN OUT PVOID
*BaseAddress
,
1027 IN ULONG_PTR ZeroBits
,
1028 IN OUT PSIZE_T RegionSize
,
1029 IN ULONG AllocationType
,
1035 NtFreeVirtualMemory(
1036 IN HANDLE ProcessHandle
,
1037 IN OUT PVOID
*BaseAddress
,
1038 IN OUT PSIZE_T RegionSize
,
1043 #if (NTDDI_VERSION >= NTDDI_WINXP)
1048 NtOpenThreadTokenEx(
1049 IN HANDLE ThreadHandle
,
1050 IN ACCESS_MASK DesiredAccess
,
1051 IN BOOLEAN OpenAsSelf
,
1052 IN ULONG HandleAttributes
,
1053 OUT PHANDLE TokenHandle
);
1058 NtOpenProcessTokenEx(
1059 IN HANDLE ProcessHandle
,
1060 IN ACCESS_MASK DesiredAccess
,
1061 IN ULONG HandleAttributes
,
1062 OUT PHANDLE TokenHandle
);
1067 NtOpenJobObjectToken(
1068 IN HANDLE JobHandle
,
1069 IN ACCESS_MASK DesiredAccess
,
1070 OUT PHANDLE TokenHandle
);
1076 IN HANDLE ExistingTokenHandle
,
1077 IN ACCESS_MASK DesiredAccess
,
1078 IN POBJECT_ATTRIBUTES ObjectAttributes
,
1079 IN BOOLEAN EffectiveOnly
,
1080 IN TOKEN_TYPE TokenType
,
1081 OUT PHANDLE NewTokenHandle
);
1087 IN HANDLE ExistingTokenHandle
,
1089 IN PTOKEN_GROUPS SidsToDisable OPTIONAL
,
1090 IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL
,
1091 IN PTOKEN_GROUPS RestrictedSids OPTIONAL
,
1092 OUT PHANDLE NewTokenHandle
);
1097 NtImpersonateAnonymousToken(
1098 IN HANDLE ThreadHandle
);
1103 NtSetInformationToken(
1104 IN HANDLE TokenHandle
,
1105 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
1106 IN PVOID TokenInformation
,
1107 IN ULONG TokenInformationLength
);
1112 NtAdjustGroupsToken(
1113 IN HANDLE TokenHandle
,
1114 IN BOOLEAN ResetToDefault
,
1115 IN PTOKEN_GROUPS NewState OPTIONAL
,
1116 IN ULONG BufferLength OPTIONAL
,
1117 OUT PTOKEN_GROUPS PreviousState
,
1118 OUT PULONG ReturnLength
);
1124 IN HANDLE ClientToken
,
1125 IN OUT PPRIVILEGE_SET RequiredPrivileges
,
1126 OUT PBOOLEAN Result
);
1131 NtAccessCheckAndAuditAlarm(
1132 IN PUNICODE_STRING SubsystemName
,
1133 IN PVOID HandleId OPTIONAL
,
1134 IN PUNICODE_STRING ObjectTypeName
,
1135 IN PUNICODE_STRING ObjectName
,
1136 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
1137 IN ACCESS_MASK DesiredAccess
,
1138 IN PGENERIC_MAPPING GenericMapping
,
1139 IN BOOLEAN ObjectCreation
,
1140 OUT PACCESS_MASK GrantedAccess
,
1141 OUT PNTSTATUS AccessStatus
,
1142 OUT PBOOLEAN GenerateOnClose
);
1147 NtAccessCheckByTypeAndAuditAlarm(
1148 IN PUNICODE_STRING SubsystemName
,
1150 IN PUNICODE_STRING ObjectTypeName
,
1151 IN PUNICODE_STRING ObjectName
,
1152 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
1153 IN PSID PrincipalSelfSid OPTIONAL
,
1154 IN ACCESS_MASK DesiredAccess
,
1155 IN AUDIT_EVENT_TYPE AuditType
,
1157 IN POBJECT_TYPE_LIST ObjectTypeList OPTIONAL
,
1158 IN ULONG ObjectTypeLength
,
1159 IN PGENERIC_MAPPING GenericMapping
,
1160 IN BOOLEAN ObjectCreation
,
1161 OUT PACCESS_MASK GrantedAccess
,
1162 OUT PNTSTATUS AccessStatus
,
1163 OUT PBOOLEAN GenerateOnClose
);
1168 NtAccessCheckByTypeResultListAndAuditAlarm(
1169 IN PUNICODE_STRING SubsystemName
,
1170 IN PVOID HandleId OPTIONAL
,
1171 IN PUNICODE_STRING ObjectTypeName
,
1172 IN PUNICODE_STRING ObjectName
,
1173 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
1174 IN PSID PrincipalSelfSid OPTIONAL
,
1175 IN ACCESS_MASK DesiredAccess
,
1176 IN AUDIT_EVENT_TYPE AuditType
,
1178 IN POBJECT_TYPE_LIST ObjectTypeList OPTIONAL
,
1179 IN ULONG ObjectTypeLength
,
1180 IN PGENERIC_MAPPING GenericMapping
,
1181 IN BOOLEAN ObjectCreation
,
1182 OUT PACCESS_MASK GrantedAccess
,
1183 OUT PNTSTATUS AccessStatus
,
1184 OUT PBOOLEAN GenerateOnClose
);
1188 NtAccessCheckByTypeResultListAndAuditAlarmByHandle(
1189 IN PUNICODE_STRING SubsystemName
,
1190 IN PVOID HandleId OPTIONAL
,
1191 IN HANDLE ClientToken
,
1192 IN PUNICODE_STRING ObjectTypeName
,
1193 IN PUNICODE_STRING ObjectName
,
1194 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
1195 IN PSID PrincipalSelfSid OPTIONAL
,
1196 IN ACCESS_MASK DesiredAccess
,
1197 IN AUDIT_EVENT_TYPE AuditType
,
1199 IN POBJECT_TYPE_LIST ObjectTypeList OPTIONAL
,
1200 IN ULONG ObjectTypeLength
,
1201 IN PGENERIC_MAPPING GenericMapping
,
1202 IN BOOLEAN ObjectCreation
,
1203 OUT PACCESS_MASK GrantedAccess
,
1204 OUT PNTSTATUS AccessStatus
,
1205 OUT PBOOLEAN GenerateOnClose
);
1210 NtOpenObjectAuditAlarm(
1211 IN PUNICODE_STRING SubsystemName
,
1212 IN PVOID HandleId OPTIONAL
,
1213 IN PUNICODE_STRING ObjectTypeName
,
1214 IN PUNICODE_STRING ObjectName
,
1215 IN PSECURITY_DESCRIPTOR SecurityDescriptor OPTIONAL
,
1216 IN HANDLE ClientToken
,
1217 IN ACCESS_MASK DesiredAccess
,
1218 IN ACCESS_MASK GrantedAccess
,
1219 IN PPRIVILEGE_SET Privileges OPTIONAL
,
1220 IN BOOLEAN ObjectCreation
,
1221 IN BOOLEAN AccessGranted
,
1222 OUT PBOOLEAN GenerateOnClose
);
1227 NtPrivilegeObjectAuditAlarm(
1228 IN PUNICODE_STRING SubsystemName
,
1229 IN PVOID HandleId OPTIONAL
,
1230 IN HANDLE ClientToken
,
1231 IN ACCESS_MASK DesiredAccess
,
1232 IN PPRIVILEGE_SET Privileges
,
1233 IN BOOLEAN AccessGranted
);
1238 NtCloseObjectAuditAlarm(
1239 IN PUNICODE_STRING SubsystemName
,
1240 IN PVOID HandleId OPTIONAL
,
1241 IN BOOLEAN GenerateOnClose
);
1246 NtDeleteObjectAuditAlarm(
1247 IN PUNICODE_STRING SubsystemName
,
1248 IN PVOID HandleId OPTIONAL
,
1249 IN BOOLEAN GenerateOnClose
);
1254 NtPrivilegedServiceAuditAlarm(
1255 IN PUNICODE_STRING SubsystemName
,
1256 IN PUNICODE_STRING ServiceName
,
1257 IN HANDLE ClientToken
,
1258 IN PPRIVILEGE_SET Privileges
,
1259 IN BOOLEAN AccessGranted
);
1264 NtSetInformationThread(
1265 IN HANDLE ThreadHandle
,
1266 IN THREADINFOCLASS ThreadInformationClass
,
1267 IN PVOID ThreadInformation
,
1268 IN ULONG ThreadInformationLength
);
1274 OUT PHANDLE SectionHandle
,
1275 IN ACCESS_MASK DesiredAccess
,
1276 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
1277 IN PLARGE_INTEGER MaximumSize OPTIONAL
,
1278 IN ULONG SectionPageProtection
,
1279 IN ULONG AllocationAttributes
,
1280 IN HANDLE FileHandle OPTIONAL
);
1285 (NTAPI
* PRTL_HEAP_COMMIT_ROUTINE
) (
1287 IN OUT PVOID
*CommitAddress
,
1288 IN OUT PSIZE_T CommitSize
);
1290 typedef struct _RTL_HEAP_PARAMETERS
{
1292 SIZE_T SegmentReserve
;
1293 SIZE_T SegmentCommit
;
1294 SIZE_T DeCommitFreeBlockThreshold
;
1295 SIZE_T DeCommitTotalFreeThreshold
;
1296 SIZE_T MaximumAllocationSize
;
1297 SIZE_T VirtualMemoryThreshold
;
1298 SIZE_T InitialCommit
;
1299 SIZE_T InitialReserve
;
1300 PRTL_HEAP_COMMIT_ROUTINE CommitRoutine
;
1302 } RTL_HEAP_PARAMETERS
, *PRTL_HEAP_PARAMETERS
;
1304 #if (NTDDI_VERSION >= NTDDI_WIN2K)
1310 IN HANDLE HeapHandle
,
1311 IN ULONG Flags OPTIONAL
,
1318 IN PVOID HeapHandle
,
1319 IN ULONG Flags OPTIONAL
,
1320 IN PVOID BaseAddress
);
1326 OUT PCONTEXT ContextRecord
);
1332 IN OUT PULONG Seed
);
1337 RtlCreateUnicodeString(
1338 OUT PUNICODE_STRING DestinationString
,
1339 IN PCWSTR SourceString
);
1344 RtlAppendStringToString(
1345 IN OUT PSTRING Destination
,
1346 IN
const STRING
*Source
);
1351 RtlOemStringToUnicodeString(
1352 IN OUT PUNICODE_STRING DestinationString
,
1353 IN PCOEM_STRING SourceString
,
1354 IN BOOLEAN AllocateDestinationString
);
1359 RtlUnicodeStringToOemString(
1360 IN OUT POEM_STRING DestinationString
,
1361 IN PCUNICODE_STRING SourceString
,
1362 IN BOOLEAN AllocateDestinationString
);
1367 RtlUpcaseUnicodeStringToOemString(
1368 IN OUT POEM_STRING DestinationString
,
1369 IN PCUNICODE_STRING SourceString
,
1370 IN BOOLEAN AllocateDestinationString
);
1375 RtlOemStringToCountedUnicodeString(
1376 IN OUT PUNICODE_STRING DestinationString
,
1377 IN PCOEM_STRING SourceString
,
1378 IN BOOLEAN AllocateDestinationString
);
1383 RtlUnicodeStringToCountedOemString(
1384 IN OUT POEM_STRING DestinationString
,
1385 IN PCUNICODE_STRING SourceString
,
1386 IN BOOLEAN AllocateDestinationString
);
1391 RtlUpcaseUnicodeStringToCountedOemString(
1392 IN OUT POEM_STRING DestinationString
,
1393 IN PCUNICODE_STRING SourceString
,
1394 IN BOOLEAN AllocateDestinationString
);
1399 RtlDowncaseUnicodeString(
1400 IN OUT PUNICODE_STRING UniDest
,
1401 IN PCUNICODE_STRING UniSource
,
1402 IN BOOLEAN AllocateDestinationString
);
1408 IN OUT POEM_STRING OemString
);
1413 RtlxUnicodeStringToOemSize(
1414 IN PCUNICODE_STRING UnicodeString
);
1419 RtlxOemStringToUnicodeSize(
1420 IN PCOEM_STRING OemString
);
1425 RtlMultiByteToUnicodeN(
1426 OUT PWCH UnicodeString
,
1427 IN ULONG MaxBytesInUnicodeString
,
1428 OUT PULONG BytesInUnicodeString OPTIONAL
,
1429 IN
const CHAR
*MultiByteString
,
1430 IN ULONG BytesInMultiByteString
);
1435 RtlMultiByteToUnicodeSize(
1436 OUT PULONG BytesInUnicodeString
,
1437 IN
const CHAR
*MultiByteString
,
1438 IN ULONG BytesInMultiByteString
);
1443 RtlUnicodeToMultiByteSize(
1444 OUT PULONG BytesInMultiByteString
,
1445 IN PCWCH UnicodeString
,
1446 IN ULONG BytesInUnicodeString
);
1451 RtlUnicodeToMultiByteN(
1452 OUT PCHAR MultiByteString
,
1453 IN ULONG MaxBytesInMultiByteString
,
1454 OUT PULONG BytesInMultiByteString OPTIONAL
,
1455 IN PWCH UnicodeString
,
1456 IN ULONG BytesInUnicodeString
);
1461 RtlUpcaseUnicodeToMultiByteN(
1462 OUT PCHAR MultiByteString
,
1463 IN ULONG MaxBytesInMultiByteString
,
1464 OUT PULONG BytesInMultiByteString OPTIONAL
,
1465 IN PCWCH UnicodeString
,
1466 IN ULONG BytesInUnicodeString
);
1472 OUT PWSTR UnicodeString
,
1473 IN ULONG MaxBytesInUnicodeString
,
1474 OUT PULONG BytesInUnicodeString OPTIONAL
,
1476 IN ULONG BytesInOemString
);
1482 OUT PCHAR OemString
,
1483 IN ULONG MaxBytesInOemString
,
1484 OUT PULONG BytesInOemString OPTIONAL
,
1485 IN PCWCH UnicodeString
,
1486 IN ULONG BytesInUnicodeString
);
1491 RtlUpcaseUnicodeToOemN(
1492 OUT PCHAR OemString
,
1493 IN ULONG MaxBytesInOemString
,
1494 OUT PULONG BytesInOemString OPTIONAL
,
1495 IN PCWCH UnicodeString
,
1496 IN ULONG BytesInUnicodeString
);
1498 typedef struct _GENERATE_NAME_CONTEXT
{
1500 BOOLEAN CheckSumInserted
;
1502 WCHAR NameBuffer
[8];
1503 ULONG ExtensionLength
;
1504 WCHAR ExtensionBuffer
[4];
1505 ULONG LastIndexValue
;
1506 } GENERATE_NAME_CONTEXT
, *PGENERATE_NAME_CONTEXT
;
1508 #if (NTDDI_VERSION >= NTDDI_VISTASP1)
1512 RtlGenerate8dot3Name(
1513 IN PCUNICODE_STRING Name
,
1514 IN BOOLEAN AllowExtendedCharacters
,
1515 IN OUT PGENERATE_NAME_CONTEXT Context
,
1516 IN OUT PUNICODE_STRING Name8dot3
);
1521 RtlGenerate8dot3Name(
1522 IN PCUNICODE_STRING Name
,
1523 IN BOOLEAN AllowExtendedCharacters
,
1524 IN OUT PGENERATE_NAME_CONTEXT Context
,
1525 IN OUT PUNICODE_STRING Name8dot3
);
1531 RtlIsNameLegalDOS8Dot3(
1532 IN PCUNICODE_STRING Name
,
1533 IN OUT POEM_STRING OemName OPTIONAL
,
1534 IN OUT PBOOLEAN NameContainsSpaces OPTIONAL
);
1539 RtlIsValidOemCharacter(
1540 IN OUT PWCHAR Char
);
1542 typedef struct _PREFIX_TABLE_ENTRY
{
1543 CSHORT NodeTypeCode
;
1545 struct _PREFIX_TABLE_ENTRY
*NextPrefixTree
;
1546 RTL_SPLAY_LINKS Links
;
1548 } PREFIX_TABLE_ENTRY
, *PPREFIX_TABLE_ENTRY
;
1550 typedef struct _PREFIX_TABLE
{
1551 CSHORT NodeTypeCode
;
1553 PPREFIX_TABLE_ENTRY NextPrefixTree
;
1554 } PREFIX_TABLE
, *PPREFIX_TABLE
;
1560 OUT PPREFIX_TABLE PrefixTable
);
1566 IN PPREFIX_TABLE PrefixTable
,
1568 OUT PPREFIX_TABLE_ENTRY PrefixTableEntry
);
1574 IN PPREFIX_TABLE PrefixTable
,
1575 IN PPREFIX_TABLE_ENTRY PrefixTableEntry
);
1581 IN PPREFIX_TABLE PrefixTable
,
1582 IN PSTRING FullName
);
1584 typedef struct _UNICODE_PREFIX_TABLE_ENTRY
{
1585 CSHORT NodeTypeCode
;
1587 struct _UNICODE_PREFIX_TABLE_ENTRY
*NextPrefixTree
;
1588 struct _UNICODE_PREFIX_TABLE_ENTRY
*CaseMatch
;
1589 RTL_SPLAY_LINKS Links
;
1590 PUNICODE_STRING Prefix
;
1591 } UNICODE_PREFIX_TABLE_ENTRY
, *PUNICODE_PREFIX_TABLE_ENTRY
;
1593 typedef struct _UNICODE_PREFIX_TABLE
{
1594 CSHORT NodeTypeCode
;
1596 PUNICODE_PREFIX_TABLE_ENTRY NextPrefixTree
;
1597 PUNICODE_PREFIX_TABLE_ENTRY LastNextEntry
;
1598 } UNICODE_PREFIX_TABLE
, *PUNICODE_PREFIX_TABLE
;
1603 RtlInitializeUnicodePrefix(
1604 OUT PUNICODE_PREFIX_TABLE PrefixTable
);
1609 RtlInsertUnicodePrefix(
1610 IN PUNICODE_PREFIX_TABLE PrefixTable
,
1611 IN PUNICODE_STRING Prefix
,
1612 OUT PUNICODE_PREFIX_TABLE_ENTRY PrefixTableEntry
);
1617 RtlRemoveUnicodePrefix(
1618 IN PUNICODE_PREFIX_TABLE PrefixTable
,
1619 IN PUNICODE_PREFIX_TABLE_ENTRY PrefixTableEntry
);
1622 PUNICODE_PREFIX_TABLE_ENTRY
1624 RtlFindUnicodePrefix(
1625 IN PUNICODE_PREFIX_TABLE PrefixTable
,
1626 IN PUNICODE_STRING FullName
,
1627 IN ULONG CaseInsensitiveIndex
);
1630 PUNICODE_PREFIX_TABLE_ENTRY
1632 RtlNextUnicodePrefix(
1633 IN PUNICODE_PREFIX_TABLE PrefixTable
,
1634 IN BOOLEAN Restart
);
1639 RtlCompareMemoryUlong(
1647 RtlTimeToSecondsSince1980(
1648 IN PLARGE_INTEGER Time
,
1649 OUT PULONG ElapsedSeconds
);
1654 RtlSecondsSince1980ToTime(
1655 IN ULONG ElapsedSeconds
,
1656 OUT PLARGE_INTEGER Time
);
1661 RtlTimeToSecondsSince1970(
1662 IN PLARGE_INTEGER Time
,
1663 OUT PULONG ElapsedSeconds
);
1668 RtlSecondsSince1970ToTime(
1669 IN ULONG ElapsedSeconds
,
1670 OUT PLARGE_INTEGER Time
);
1695 RtlLengthRequiredSid(
1696 IN ULONG SubAuthorityCount
);
1707 RtlAllocateAndInitializeSid(
1708 IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority
,
1709 IN UCHAR SubAuthorityCount
,
1710 IN ULONG SubAuthority0
,
1711 IN ULONG SubAuthority1
,
1712 IN ULONG SubAuthority2
,
1713 IN ULONG SubAuthority3
,
1714 IN ULONG SubAuthority4
,
1715 IN ULONG SubAuthority5
,
1716 IN ULONG SubAuthority6
,
1717 IN ULONG SubAuthority7
,
1725 IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority
,
1726 IN UCHAR SubAuthorityCount
);
1733 IN ULONG SubAuthority
);
1746 IN PSID Destination
,
1752 RtlConvertSidToUnicodeString(
1753 IN OUT PUNICODE_STRING UnicodeString
,
1755 IN BOOLEAN AllocateDestinationString
);
1761 OUT PLUID DestinationLuid
,
1762 IN PLUID SourceLuid
);
1770 IN ULONG AclRevision
);
1777 IN ULONG AceRevision
,
1778 IN ULONG StartingAceIndex
,
1780 IN ULONG AceListLength
);
1800 RtlAddAccessAllowedAce(
1802 IN ULONG AceRevision
,
1803 IN ACCESS_MASK AccessMask
,
1809 RtlAddAccessAllowedAceEx(
1811 IN ULONG AceRevision
,
1813 IN ACCESS_MASK AccessMask
,
1819 RtlCreateSecurityDescriptorRelative(
1820 OUT PISECURITY_DESCRIPTOR_RELATIVE SecurityDescriptor
,
1826 RtlGetDaclSecurityDescriptor(
1827 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
1828 OUT PBOOLEAN DaclPresent
,
1830 OUT PBOOLEAN DaclDefaulted
);
1835 RtlSetOwnerSecurityDescriptor(
1836 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
1837 IN PSID Owner OPTIONAL
,
1838 IN BOOLEAN OwnerDefaulted
);
1843 RtlGetOwnerSecurityDescriptor(
1844 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
1846 OUT PBOOLEAN OwnerDefaulted
);
1851 RtlNtStatusToDosError(
1852 IN NTSTATUS Status
);
1857 RtlCustomCPToUnicodeN(
1858 IN PCPTABLEINFO CustomCP
,
1859 OUT PWCH UnicodeString
,
1860 IN ULONG MaxBytesInUnicodeString
,
1861 OUT PULONG BytesInUnicodeString OPTIONAL
,
1862 IN PCH CustomCPString
,
1863 IN ULONG BytesInCustomCPString
);
1868 RtlUnicodeToCustomCPN(
1869 IN PCPTABLEINFO CustomCP
,
1870 OUT PCH CustomCPString
,
1871 IN ULONG MaxBytesInCustomCPString
,
1872 OUT PULONG BytesInCustomCPString OPTIONAL
,
1873 IN PWCH UnicodeString
,
1874 IN ULONG BytesInUnicodeString
);
1879 RtlUpcaseUnicodeToCustomCPN(
1880 IN PCPTABLEINFO CustomCP
,
1881 OUT PCH CustomCPString
,
1882 IN ULONG MaxBytesInCustomCPString
,
1883 OUT PULONG BytesInCustomCPString OPTIONAL
,
1884 IN PWCH UnicodeString
,
1885 IN ULONG BytesInUnicodeString
);
1890 RtlInitCodePageTable(
1891 IN PUSHORT TableBase
,
1892 IN OUT PCPTABLEINFO CodePageTable
);
1896 #if (NTDDI_VERSION >= NTDDI_WINXP)
1903 IN PVOID HeapBase OPTIONAL
,
1904 IN SIZE_T ReserveSize OPTIONAL
,
1905 IN SIZE_T CommitSize OPTIONAL
,
1906 IN PVOID Lock OPTIONAL
,
1907 IN PRTL_HEAP_PARAMETERS Parameters OPTIONAL
);
1913 IN PVOID HeapHandle
);
1918 RtlCaptureStackBackTrace(
1919 IN ULONG FramesToSkip
,
1920 IN ULONG FramesToCapture
,
1921 OUT PVOID
*BackTrace
,
1922 OUT PULONG BackTraceHash OPTIONAL
);
1928 IN OUT PULONG Seed
);
1933 RtlInitUnicodeStringEx(
1934 OUT PUNICODE_STRING DestinationString
,
1935 IN PCWSTR SourceString OPTIONAL
);
1940 RtlValidateUnicodeString(
1942 IN PCUNICODE_STRING String
);
1947 RtlDuplicateUnicodeString(
1949 IN PCUNICODE_STRING SourceString
,
1950 OUT PUNICODE_STRING DestinationString
);
1955 RtlGetCompressionWorkSpaceSize(
1956 IN USHORT CompressionFormatAndEngine
,
1957 OUT PULONG CompressBufferWorkSpaceSize
,
1958 OUT PULONG CompressFragmentWorkSpaceSize
);
1964 IN USHORT CompressionFormatAndEngine
,
1965 IN PUCHAR UncompressedBuffer
,
1966 IN ULONG UncompressedBufferSize
,
1967 OUT PUCHAR CompressedBuffer
,
1968 IN ULONG CompressedBufferSize
,
1969 IN ULONG UncompressedChunkSize
,
1970 OUT PULONG FinalCompressedSize
,
1971 IN PVOID WorkSpace
);
1976 RtlDecompressBuffer(
1977 IN USHORT CompressionFormat
,
1978 OUT PUCHAR UncompressedBuffer
,
1979 IN ULONG UncompressedBufferSize
,
1980 IN PUCHAR CompressedBuffer
,
1981 IN ULONG CompressedBufferSize
,
1982 OUT PULONG FinalUncompressedSize
);
1987 RtlDecompressFragment(
1988 IN USHORT CompressionFormat
,
1989 OUT PUCHAR UncompressedFragment
,
1990 IN ULONG UncompressedFragmentSize
,
1991 IN PUCHAR CompressedBuffer
,
1992 IN ULONG CompressedBufferSize
,
1993 IN ULONG FragmentOffset
,
1994 OUT PULONG FinalUncompressedSize
,
1995 IN PVOID WorkSpace
);
2001 IN USHORT CompressionFormat
,
2002 IN OUT PUCHAR
*CompressedBuffer
,
2003 IN PUCHAR EndOfCompressedBufferPlus1
,
2004 OUT PUCHAR
*ChunkBuffer
,
2005 OUT PULONG ChunkSize
);
2011 IN USHORT CompressionFormat
,
2012 IN OUT PUCHAR
*CompressedBuffer
,
2013 IN PUCHAR EndOfCompressedBufferPlus1
,
2014 OUT PUCHAR
*ChunkBuffer
,
2015 IN ULONG ChunkSize
);
2017 typedef struct _COMPRESSED_DATA_INFO
{
2018 USHORT CompressionFormatAndEngine
;
2019 UCHAR CompressionUnitShift
;
2023 USHORT NumberOfChunks
;
2024 ULONG CompressedChunkSizes
[ANYSIZE_ARRAY
];
2025 } COMPRESSED_DATA_INFO
, *PCOMPRESSED_DATA_INFO
;
2030 RtlDecompressChunks(
2031 OUT PUCHAR UncompressedBuffer
,
2032 IN ULONG UncompressedBufferSize
,
2033 IN PUCHAR CompressedBuffer
,
2034 IN ULONG CompressedBufferSize
,
2035 IN PUCHAR CompressedTail
,
2036 IN ULONG CompressedTailSize
,
2037 IN PCOMPRESSED_DATA_INFO CompressedDataInfo
);
2043 IN PUCHAR UncompressedBuffer
,
2044 IN ULONG UncompressedBufferSize
,
2045 OUT PUCHAR CompressedBuffer
,
2046 IN ULONG CompressedBufferSize
,
2047 IN OUT PCOMPRESSED_DATA_INFO CompressedDataInfo
,
2048 IN ULONG CompressedDataInfoLength
,
2049 IN PVOID WorkSpace
);
2052 PSID_IDENTIFIER_AUTHORITY
2054 RtlIdentifierAuthoritySid(
2060 RtlSubAuthorityCountSid(
2066 RtlNtStatusToDosErrorNoTeb(
2067 IN NTSTATUS Status
);
2072 RtlCreateSystemVolumeInformationFolder(
2073 IN PCUNICODE_STRING VolumeRootPath
);
2077 #if defined(_M_AMD64)
2081 RtlFillMemoryUlong (
2082 OUT PVOID Destination
,
2086 PULONG Address
= (PULONG
)Destination
;
2087 if ((Length
/= 4) != 0) {
2088 if (((ULONG64
)Address
& 4) != 0) {
2090 if ((Length
-= 1) == 0) {
2095 __stosq((PULONG64
)(Address
), Pattern
| ((ULONG64
)Pattern
<< 32), Length
/ 2);
2096 if ((Length
& 1) != 0) Address
[Length
- 1] = Pattern
;
2101 #define RtlFillMemoryUlonglong(Destination, Length, Pattern) \
2102 __stosq((PULONG64)(Destination), Pattern, (Length) / 8)
2106 #if (NTDDI_VERSION >= NTDDI_WINXP)
2112 OUT PVOID Destination
,
2119 RtlFillMemoryUlonglong(
2120 OUT PVOID Destination
,
2122 IN ULONGLONG Pattern
);
2126 #endif // defined(_M_AMD64)
2128 #if (NTDDI_VERSION >= NTDDI_WS03)
2133 RtlInitAnsiStringEx(
2134 OUT PANSI_STRING DestinationString
,
2135 IN PCSZ SourceString OPTIONAL
);
2139 #if (NTDDI_VERSION >= NTDDI_WS03SP1)
2144 RtlGetSaclSecurityDescriptor(
2145 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
2146 OUT PBOOLEAN SaclPresent
,
2148 OUT PBOOLEAN SaclDefaulted
);
2153 RtlSetGroupSecurityDescriptor(
2154 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
2155 IN PSID Group OPTIONAL
,
2156 IN BOOLEAN GroupDefaulted OPTIONAL
);
2161 RtlGetGroupSecurityDescriptor(
2162 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
2164 OUT PBOOLEAN GroupDefaulted
);
2169 RtlAbsoluteToSelfRelativeSD(
2170 IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor
,
2171 OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor OPTIONAL
,
2172 IN OUT PULONG BufferLength
);
2177 RtlSelfRelativeToAbsoluteSD(
2178 IN PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor
,
2179 OUT PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor OPTIONAL
,
2180 IN OUT PULONG AbsoluteSecurityDescriptorSize
,
2181 OUT PACL Dacl OPTIONAL
,
2182 IN OUT PULONG DaclSize
,
2183 OUT PACL Sacl OPTIONAL
,
2184 IN OUT PULONG SaclSize
,
2185 OUT PSID Owner OPTIONAL
,
2186 IN OUT PULONG OwnerSize
,
2187 OUT PSID PrimaryGroup OPTIONAL
,
2188 IN OUT PULONG PrimaryGroupSize
);
2192 #if (NTDDI_VERSION >= NTDDI_VISTA)
2199 IN PCWSTR SourceString
,
2200 IN LONG SourceStringLength
,
2201 OUT PWSTR DestinationString
,
2202 IN OUT PLONG DestinationStringLength
);
2207 RtlIsNormalizedString(
2209 IN PCWSTR SourceString
,
2210 IN LONG SourceStringLength
,
2211 OUT PBOOLEAN Normalized
);
2218 IN PCWSTR SourceString
,
2219 IN LONG SourceStringLength
,
2220 OUT PWSTR DestinationString
,
2221 IN OUT PLONG DestinationStringLength
);
2228 IN PCWSTR SourceString
,
2229 IN LONG SourceStringLength
,
2230 OUT PWSTR DestinationString
,
2231 IN OUT PLONG DestinationStringLength
);
2236 RtlIdnToNameprepUnicode(
2238 IN PCWSTR SourceString
,
2239 IN LONG SourceStringLength
,
2240 OUT PWSTR DestinationString
,
2241 IN OUT PLONG DestinationStringLength
);
2246 RtlCreateServiceSid(
2247 IN PUNICODE_STRING ServiceName
,
2248 OUT PSID ServiceSid
,
2249 IN OUT PULONG ServiceSidLength
);
2254 RtlCompareAltitudes(
2255 IN PCUNICODE_STRING Altitude1
,
2256 IN PCUNICODE_STRING Altitude2
);
2260 #if (NTDDI_VERSION >= NTDDI_WIN7)
2266 OUT PCHAR UTF8StringDestination
,
2267 IN ULONG UTF8StringMaxByteCount
,
2268 OUT PULONG UTF8StringActualByteCount
,
2269 IN PCWCH UnicodeStringSource
,
2270 IN ULONG UnicodeStringByteCount
);
2276 OUT PWSTR UnicodeStringDestination
,
2277 IN ULONG UnicodeStringMaxByteCount
,
2278 OUT PULONG UnicodeStringActualByteCount
,
2279 IN PCCH UTF8StringSource
,
2280 IN ULONG UTF8StringByteCount
);
2286 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
2289 OUT ULONG
*NumChanges
);
2294 RtlCreateVirtualAccountSid(
2295 IN PCUNICODE_STRING Name
,
2296 IN ULONG BaseSubAuthority
,
2298 IN OUT PULONG SidLength
);
2302 #define HEAP_NO_SERIALIZE 0x00000001
2303 #define HEAP_GROWABLE 0x00000002
2304 #define HEAP_GENERATE_EXCEPTIONS 0x00000004
2305 #define HEAP_ZERO_MEMORY 0x00000008
2306 #define HEAP_REALLOC_IN_PLACE_ONLY 0x00000010
2307 #define HEAP_TAIL_CHECKING_ENABLED 0x00000020
2308 #define HEAP_FREE_CHECKING_ENABLED 0x00000040
2309 #define HEAP_DISABLE_COALESCE_ON_FREE 0x00000080
2311 #define HEAP_CREATE_ALIGN_16 0x00010000
2312 #define HEAP_CREATE_ENABLE_TRACING 0x00020000
2313 #define HEAP_CREATE_ENABLE_EXECUTE 0x00040000
2315 #define HEAP_SETTABLE_USER_VALUE 0x00000100
2316 #define HEAP_SETTABLE_USER_FLAG1 0x00000200
2317 #define HEAP_SETTABLE_USER_FLAG2 0x00000400
2318 #define HEAP_SETTABLE_USER_FLAG3 0x00000800
2319 #define HEAP_SETTABLE_USER_FLAGS 0x00000E00
2321 #define HEAP_CLASS_0 0x00000000
2322 #define HEAP_CLASS_1 0x00001000
2323 #define HEAP_CLASS_2 0x00002000
2324 #define HEAP_CLASS_3 0x00003000
2325 #define HEAP_CLASS_4 0x00004000
2326 #define HEAP_CLASS_5 0x00005000
2327 #define HEAP_CLASS_6 0x00006000
2328 #define HEAP_CLASS_7 0x00007000
2329 #define HEAP_CLASS_8 0x00008000
2330 #define HEAP_CLASS_MASK 0x0000F000
2332 #define HEAP_MAXIMUM_TAG 0x0FFF
2333 #define HEAP_GLOBAL_TAG 0x0800
2334 #define HEAP_PSEUDO_TAG_FLAG 0x8000
2335 #define HEAP_TAG_SHIFT 18
2336 #define HEAP_TAG_MASK (HEAP_MAXIMUM_TAG << HEAP_TAG_SHIFT)
2338 #define HEAP_CREATE_VALID_MASK (HEAP_NO_SERIALIZE | \
2340 HEAP_GENERATE_EXCEPTIONS | \
2341 HEAP_ZERO_MEMORY | \
2342 HEAP_REALLOC_IN_PLACE_ONLY | \
2343 HEAP_TAIL_CHECKING_ENABLED | \
2344 HEAP_FREE_CHECKING_ENABLED | \
2345 HEAP_DISABLE_COALESCE_ON_FREE | \
2347 HEAP_CREATE_ALIGN_16 | \
2348 HEAP_CREATE_ENABLE_TRACING | \
2349 HEAP_CREATE_ENABLE_EXECUTE)
2353 HEAP_MAKE_TAG_FLAGS(
2357 //__assume_bound(TagBase); // FIXME
2358 return ((ULONG
)((TagBase
) + ((Tag
) << HEAP_TAG_SHIFT
)));
2361 #define RTL_DUPLICATE_UNICODE_STRING_NULL_TERMINATE 1
2362 #define RTL_DUPLICATE_UNICODE_STRING_ALLOCATE_NULL_STRING 2
2364 #define RtlUnicodeStringToOemSize(STRING) (NLS_MB_OEM_CODE_PAGE_TAG ? \
2365 RtlxUnicodeStringToOemSize(STRING) : \
2366 ((STRING)->Length + sizeof(UNICODE_NULL)) / sizeof(WCHAR) \
2369 #define RtlOemStringToUnicodeSize(STRING) ( \
2370 NLS_MB_OEM_CODE_PAGE_TAG ? \
2371 RtlxOemStringToUnicodeSize(STRING) : \
2372 ((STRING)->Length + sizeof(ANSI_NULL)) * sizeof(WCHAR) \
2375 #define RtlOemStringToCountedUnicodeSize(STRING) ( \
2376 (ULONG)(RtlOemStringToUnicodeSize(STRING) - sizeof(UNICODE_NULL)) \
2380 (NTAPI
*PRTL_ALLOCATE_STRING_ROUTINE
)(
2381 IN SIZE_T NumberOfBytes
);
2383 #if _WIN32_WINNT >= 0x0600
2386 (NTAPI
*PRTL_REALLOCATE_STRING_ROUTINE
)(
2387 IN SIZE_T NumberOfBytes
,
2393 (NTAPI
*PRTL_FREE_STRING_ROUTINE
)(
2396 extern const PRTL_ALLOCATE_STRING_ROUTINE RtlAllocateStringRoutine
;
2397 extern const PRTL_FREE_STRING_ROUTINE RtlFreeStringRoutine
;
2399 #if _WIN32_WINNT >= 0x0600
2400 extern const PRTL_REALLOCATE_STRING_ROUTINE RtlReallocateStringRoutine
;
2403 #define COMPRESSION_FORMAT_NONE (0x0000)
2404 #define COMPRESSION_FORMAT_DEFAULT (0x0001)
2405 #define COMPRESSION_FORMAT_LZNT1 (0x0002)
2406 #define COMPRESSION_ENGINE_STANDARD (0x0000)
2407 #define COMPRESSION_ENGINE_MAXIMUM (0x0100)
2408 #define COMPRESSION_ENGINE_HIBER (0x0200)
2410 #define RtlOffsetToPointer(B,O) ((PCHAR)( ((PCHAR)(B)) + ((ULONG_PTR)(O)) ))
2411 #define RtlPointerToOffset(B,P) ((ULONG)( ((PCHAR)(P)) - ((PCHAR)(B)) ))
2413 #define MAX_UNICODE_STACK_BUFFER_LENGTH 256
2415 #define RTL_SYSTEM_VOLUME_INFORMATION_FOLDER L"System Volume Information"
2417 #define DEVICE_TYPE ULONG
2419 #define FILE_DEVICE_BEEP 0x00000001
2420 #define FILE_DEVICE_CD_ROM 0x00000002
2421 #define FILE_DEVICE_CD_ROM_FILE_SYSTEM 0x00000003
2422 #define FILE_DEVICE_CONTROLLER 0x00000004
2423 #define FILE_DEVICE_DATALINK 0x00000005
2424 #define FILE_DEVICE_DFS 0x00000006
2425 #define FILE_DEVICE_DISK 0x00000007
2426 #define FILE_DEVICE_DISK_FILE_SYSTEM 0x00000008
2427 #define FILE_DEVICE_FILE_SYSTEM 0x00000009
2428 #define FILE_DEVICE_INPORT_PORT 0x0000000a
2429 #define FILE_DEVICE_KEYBOARD 0x0000000b
2430 #define FILE_DEVICE_MAILSLOT 0x0000000c
2431 #define FILE_DEVICE_MIDI_IN 0x0000000d
2432 #define FILE_DEVICE_MIDI_OUT 0x0000000e
2433 #define FILE_DEVICE_MOUSE 0x0000000f
2434 #define FILE_DEVICE_MULTI_UNC_PROVIDER 0x00000010
2435 #define FILE_DEVICE_NAMED_PIPE 0x00000011
2436 #define FILE_DEVICE_NETWORK 0x00000012
2437 #define FILE_DEVICE_NETWORK_BROWSER 0x00000013
2438 #define FILE_DEVICE_NETWORK_FILE_SYSTEM 0x00000014
2439 #define FILE_DEVICE_NULL 0x00000015
2440 #define FILE_DEVICE_PARALLEL_PORT 0x00000016
2441 #define FILE_DEVICE_PHYSICAL_NETCARD 0x00000017
2442 #define FILE_DEVICE_PRINTER 0x00000018
2443 #define FILE_DEVICE_SCANNER 0x00000019
2444 #define FILE_DEVICE_SERIAL_MOUSE_PORT 0x0000001a
2445 #define FILE_DEVICE_SERIAL_PORT 0x0000001b
2446 #define FILE_DEVICE_SCREEN 0x0000001c
2447 #define FILE_DEVICE_SOUND 0x0000001d
2448 #define FILE_DEVICE_STREAMS 0x0000001e
2449 #define FILE_DEVICE_TAPE 0x0000001f
2450 #define FILE_DEVICE_TAPE_FILE_SYSTEM 0x00000020
2451 #define FILE_DEVICE_TRANSPORT 0x00000021
2452 #define FILE_DEVICE_UNKNOWN 0x00000022
2453 #define FILE_DEVICE_VIDEO 0x00000023
2454 #define FILE_DEVICE_VIRTUAL_DISK 0x00000024
2455 #define FILE_DEVICE_WAVE_IN 0x00000025
2456 #define FILE_DEVICE_WAVE_OUT 0x00000026
2457 #define FILE_DEVICE_8042_PORT 0x00000027
2458 #define FILE_DEVICE_NETWORK_REDIRECTOR 0x00000028
2459 #define FILE_DEVICE_BATTERY 0x00000029
2460 #define FILE_DEVICE_BUS_EXTENDER 0x0000002a
2461 #define FILE_DEVICE_MODEM 0x0000002b
2462 #define FILE_DEVICE_VDM 0x0000002c
2463 #define FILE_DEVICE_MASS_STORAGE 0x0000002d
2464 #define FILE_DEVICE_SMB 0x0000002e
2465 #define FILE_DEVICE_KS 0x0000002f
2466 #define FILE_DEVICE_CHANGER 0x00000030
2467 #define FILE_DEVICE_SMARTCARD 0x00000031
2468 #define FILE_DEVICE_ACPI 0x00000032
2469 #define FILE_DEVICE_DVD 0x00000033
2470 #define FILE_DEVICE_FULLSCREEN_VIDEO 0x00000034
2471 #define FILE_DEVICE_DFS_FILE_SYSTEM 0x00000035
2472 #define FILE_DEVICE_DFS_VOLUME 0x00000036
2473 #define FILE_DEVICE_SERENUM 0x00000037
2474 #define FILE_DEVICE_TERMSRV 0x00000038
2475 #define FILE_DEVICE_KSEC 0x00000039
2476 #define FILE_DEVICE_FIPS 0x0000003A
2477 #define FILE_DEVICE_INFINIBAND 0x0000003B
2478 #define FILE_DEVICE_VMBUS 0x0000003E
2479 #define FILE_DEVICE_CRYPT_PROVIDER 0x0000003F
2480 #define FILE_DEVICE_WPD 0x00000040
2481 #define FILE_DEVICE_BLUETOOTH 0x00000041
2482 #define FILE_DEVICE_MT_COMPOSITE 0x00000042
2483 #define FILE_DEVICE_MT_TRANSPORT 0x00000043
2484 #define FILE_DEVICE_BIOMETRIC 0x00000044
2485 #define FILE_DEVICE_PMI 0x00000045
2487 #define CTL_CODE(DeviceType, Function, Method, Access) \
2488 (((DeviceType) << 16) | ((Access) << 14) | ((Function) << 2) | (Method))
2490 #define DEVICE_TYPE_FROM_CTL_CODE(ctl) (((ULONG) (ctl & 0xffff0000)) >> 16)
2492 #define METHOD_FROM_CTL_CODE(ctrlCode) ((ULONG)(ctrlCode & 3))
2494 #define METHOD_BUFFERED 0
2495 #define METHOD_IN_DIRECT 1
2496 #define METHOD_OUT_DIRECT 2
2497 #define METHOD_NEITHER 3
2498 #define METHOD_DIRECT_TO_HARDWARE METHOD_IN_DIRECT
2499 #define METHOD_DIRECT_FROM_HARDWARE METHOD_OUT_DIRECT
2501 #define FILE_ANY_ACCESS 0x00000000
2502 #define FILE_SPECIAL_ACCESS FILE_ANY_ACCESS
2503 #define FILE_READ_ACCESS 0x00000001
2504 #define FILE_WRITE_ACCESS 0x00000002
2506 typedef ULONG LSA_OPERATIONAL_MODE
, *PLSA_OPERATIONAL_MODE
;
2508 typedef enum _SECURITY_LOGON_TYPE
{
2509 UndefinedLogonType
= 0,
2518 #if (_WIN32_WINNT >= 0x0501)
2522 #if (_WIN32_WINNT >= 0x0502)
2523 CachedRemoteInteractive
,
2526 } SECURITY_LOGON_TYPE
, *PSECURITY_LOGON_TYPE
;
2528 #ifndef _NTLSA_AUDIT_
2529 #define _NTLSA_AUDIT_
2531 typedef enum _SE_ADT_PARAMETER_TYPE
{
2532 SeAdtParmTypeNone
= 0,
2533 SeAdtParmTypeString
,
2534 SeAdtParmTypeFileSpec
,
2537 SeAdtParmTypeLogonId
,
2538 SeAdtParmTypeNoLogonId
,
2539 SeAdtParmTypeAccessMask
,
2541 SeAdtParmTypeObjectTypes
,
2542 SeAdtParmTypeHexUlong
,
2547 SeAdtParmTypeHexInt64
,
2548 SeAdtParmTypeStringList
,
2549 SeAdtParmTypeSidList
,
2550 SeAdtParmTypeDuration
,
2551 SeAdtParmTypeUserAccountControl
,
2553 SeAdtParmTypeMessage
,
2554 SeAdtParmTypeDateTime
,
2555 SeAdtParmTypeSockAddr
,
2557 SeAdtParmTypeLogonHours
,
2558 SeAdtParmTypeLogonIdNoSid
,
2559 SeAdtParmTypeUlongNoConv
,
2560 SeAdtParmTypeSockAddrNoPort
,
2561 SeAdtParmTypeAccessReason
2562 } SE_ADT_PARAMETER_TYPE
, *PSE_ADT_PARAMETER_TYPE
;
2564 #ifndef GUID_DEFINED
2565 #include <guiddef.h>
2568 typedef struct _SE_ADT_OBJECT_TYPE
{
2571 #define SE_ADT_OBJECT_ONLY 0x1
2573 ACCESS_MASK AccessMask
;
2574 } SE_ADT_OBJECT_TYPE
, *PSE_ADT_OBJECT_TYPE
;
2576 typedef struct _SE_ADT_PARAMETER_ARRAY_ENTRY
{
2577 SE_ADT_PARAMETER_TYPE Type
;
2581 } SE_ADT_PARAMETER_ARRAY_ENTRY
, *PSE_ADT_PARAMETER_ARRAY_ENTRY
;
2583 typedef struct _SE_ADT_ACCESS_REASON
{
2584 ACCESS_MASK AccessMask
;
2585 ULONG AccessReasons
[32];
2586 ULONG ObjectTypeIndex
;
2587 ULONG AccessGranted
;
2588 PSECURITY_DESCRIPTOR SecurityDescriptor
;
2589 } SE_ADT_ACCESS_REASON
, *PSE_ADT_ACCESS_REASON
;
2591 #define SE_MAX_AUDIT_PARAMETERS 32
2592 #define SE_MAX_GENERIC_AUDIT_PARAMETERS 28
2594 typedef struct _SE_ADT_PARAMETER_ARRAY
{
2597 ULONG ParameterCount
;
2599 USHORT FlatSubCategoryId
;
2602 SE_ADT_PARAMETER_ARRAY_ENTRY Parameters
[ SE_MAX_AUDIT_PARAMETERS
];
2603 } SE_ADT_PARAMETER_ARRAY
, *PSE_ADT_PARAMETER_ARRAY
;
2605 #define SE_ADT_PARAMETERS_SELF_RELATIVE 0x00000001
2606 #define SE_ADT_PARAMETERS_SEND_TO_LSA 0x00000002
2607 #define SE_ADT_PARAMETER_EXTENSIBLE_AUDIT 0x00000004
2608 #define SE_ADT_PARAMETER_GENERIC_AUDIT 0x00000008
2609 #define SE_ADT_PARAMETER_WRITE_SYNCHRONOUS 0x00000010
2611 #define LSAP_SE_ADT_PARAMETER_ARRAY_TRUE_SIZE(AuditParameters) \
2612 ( sizeof(SE_ADT_PARAMETER_ARRAY) - \
2613 sizeof(SE_ADT_PARAMETER_ARRAY_ENTRY) * \
2614 (SE_MAX_AUDIT_PARAMETERS - AuditParameters->ParameterCount) )
2616 #endif /* _NTLSA_AUDIT_ */
2620 LsaRegisterLogonProcess(
2621 IN PLSA_STRING LogonProcessName
,
2622 OUT PHANDLE LsaHandle
,
2623 OUT PLSA_OPERATIONAL_MODE SecurityMode
);
2628 IN HANDLE LsaHandle
,
2629 IN PLSA_STRING OriginName
,
2630 IN SECURITY_LOGON_TYPE LogonType
,
2631 IN ULONG AuthenticationPackage
,
2632 IN PVOID AuthenticationInformation
,
2633 IN ULONG AuthenticationInformationLength
,
2634 IN PTOKEN_GROUPS LocalGroups OPTIONAL
,
2635 IN PTOKEN_SOURCE SourceContext
,
2636 OUT PVOID
*ProfileBuffer
,
2637 OUT PULONG ProfileBufferLength
,
2640 OUT PQUOTA_LIMITS Quotas
,
2641 OUT PNTSTATUS SubStatus
);
2645 LsaFreeReturnBuffer(
2652 #define MSV1_0_PACKAGE_NAME "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"
2653 #define MSV1_0_PACKAGE_NAMEW L"MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"
2654 #define MSV1_0_PACKAGE_NAMEW_LENGTH sizeof(MSV1_0_PACKAGE_NAMEW) - sizeof(WCHAR)
2656 #define MSV1_0_SUBAUTHENTICATION_KEY "SYSTEM\\CurrentControlSet\\Control\\Lsa\\MSV1_0"
2657 #define MSV1_0_SUBAUTHENTICATION_VALUE "Auth"
2659 #define MSV1_0_CHALLENGE_LENGTH 8
2660 #define MSV1_0_USER_SESSION_KEY_LENGTH 16
2661 #define MSV1_0_LANMAN_SESSION_KEY_LENGTH 8
2663 #define MSV1_0_CLEARTEXT_PASSWORD_ALLOWED 0x02
2664 #define MSV1_0_UPDATE_LOGON_STATISTICS 0x04
2665 #define MSV1_0_RETURN_USER_PARAMETERS 0x08
2666 #define MSV1_0_DONT_TRY_GUEST_ACCOUNT 0x10
2667 #define MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT 0x20
2668 #define MSV1_0_RETURN_PASSWORD_EXPIRY 0x40
2669 #define MSV1_0_USE_CLIENT_CHALLENGE 0x80
2670 #define MSV1_0_TRY_GUEST_ACCOUNT_ONLY 0x100
2671 #define MSV1_0_RETURN_PROFILE_PATH 0x200
2672 #define MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY 0x400
2673 #define MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT 0x800
2675 #define MSV1_0_DISABLE_PERSONAL_FALLBACK 0x00001000
2676 #define MSV1_0_ALLOW_FORCE_GUEST 0x00002000
2678 #if (_WIN32_WINNT >= 0x0502)
2679 #define MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED 0x00004000
2680 #define MSV1_0_USE_DOMAIN_FOR_ROUTING_ONLY 0x00008000
2683 #define MSV1_0_SUBAUTHENTICATION_DLL_EX 0x00100000
2684 #define MSV1_0_ALLOW_MSVCHAPV2 0x00010000
2686 #if (_WIN32_WINNT >= 0x0600)
2687 #define MSV1_0_S4U2SELF 0x00020000
2688 #define MSV1_0_CHECK_LOGONHOURS_FOR_S4U 0x00040000
2691 #define MSV1_0_SUBAUTHENTICATION_DLL 0xFF000000
2692 #define MSV1_0_SUBAUTHENTICATION_DLL_SHIFT 24
2693 #define MSV1_0_MNS_LOGON 0x01000000
2695 #define MSV1_0_SUBAUTHENTICATION_DLL_RAS 2
2696 #define MSV1_0_SUBAUTHENTICATION_DLL_IIS 132
2698 #define LOGON_GUEST 0x01
2699 #define LOGON_NOENCRYPTION 0x02
2700 #define LOGON_CACHED_ACCOUNT 0x04
2701 #define LOGON_USED_LM_PASSWORD 0x08
2702 #define LOGON_EXTRA_SIDS 0x20
2703 #define LOGON_SUBAUTH_SESSION_KEY 0x40
2704 #define LOGON_SERVER_TRUST_ACCOUNT 0x80
2705 #define LOGON_NTLMV2_ENABLED 0x100
2706 #define LOGON_RESOURCE_GROUPS 0x200
2707 #define LOGON_PROFILE_PATH_RETURNED 0x400
2708 #define LOGON_NT_V2 0x800
2709 #define LOGON_LM_V2 0x1000
2710 #define LOGON_NTLM_V2 0x2000
2712 #if (_WIN32_WINNT >= 0x0600)
2714 #define LOGON_OPTIMIZED 0x4000
2715 #define LOGON_WINLOGON 0x8000
2716 #define LOGON_PKINIT 0x10000
2717 #define LOGON_NO_OPTIMIZED 0x20000
2721 #define MSV1_0_SUBAUTHENTICATION_FLAGS 0xFF000000
2723 #define LOGON_GRACE_LOGON 0x01000000
2725 #define MSV1_0_OWF_PASSWORD_LENGTH 16
2726 #define MSV1_0_CRED_LM_PRESENT 0x1
2727 #define MSV1_0_CRED_NT_PRESENT 0x2
2728 #define MSV1_0_CRED_VERSION 0
2730 #define MSV1_0_NTLM3_RESPONSE_LENGTH 16
2731 #define MSV1_0_NTLM3_OWF_LENGTH 16
2733 #if (_WIN32_WINNT == 0x0500)
2734 #define MSV1_0_MAX_NTLM3_LIFE 1800
2736 #define MSV1_0_MAX_NTLM3_LIFE 129600
2738 #define MSV1_0_MAX_AVL_SIZE 64000
2740 #if (_WIN32_WINNT >= 0x0501)
2742 #define MSV1_0_AV_FLAG_FORCE_GUEST 0x00000001
2744 #if (_WIN32_WINNT >= 0x0600)
2745 #define MSV1_0_AV_FLAG_MIC_HANDSHAKE_MESSAGES 0x00000002
2750 #define MSV1_0_NTLM3_INPUT_LENGTH (sizeof(MSV1_0_NTLM3_RESPONSE) - MSV1_0_NTLM3_RESPONSE_LENGTH)
2752 #if(_WIN32_WINNT >= 0x0502)
2753 #define MSV1_0_NTLM3_MIN_NT_RESPONSE_LENGTH RTL_SIZEOF_THROUGH_FIELD(MSV1_0_NTLM3_RESPONSE, AvPairsOff)
2756 #define USE_PRIMARY_PASSWORD 0x01
2757 #define RETURN_PRIMARY_USERNAME 0x02
2758 #define RETURN_PRIMARY_LOGON_DOMAINNAME 0x04
2759 #define RETURN_NON_NT_USER_SESSION_KEY 0x08
2760 #define GENERATE_CLIENT_CHALLENGE 0x10
2761 #define GCR_NTLM3_PARMS 0x20
2762 #define GCR_TARGET_INFO 0x40
2763 #define RETURN_RESERVED_PARAMETER 0x80
2764 #define GCR_ALLOW_NTLM 0x100
2765 #define GCR_USE_OEM_SET 0x200
2766 #define GCR_MACHINE_CREDENTIAL 0x400
2767 #define GCR_USE_OWF_PASSWORD 0x800
2768 #define GCR_ALLOW_LM 0x1000
2769 #define GCR_ALLOW_NO_TARGET 0x2000
2771 typedef enum _MSV1_0_LOGON_SUBMIT_TYPE
{
2772 MsV1_0InteractiveLogon
= 2,
2776 MsV1_0WorkstationUnlockLogon
= 7,
2777 MsV1_0S4ULogon
= 12,
2778 MsV1_0VirtualLogon
= 82
2779 } MSV1_0_LOGON_SUBMIT_TYPE
, *PMSV1_0_LOGON_SUBMIT_TYPE
;
2781 typedef enum _MSV1_0_PROFILE_BUFFER_TYPE
{
2782 MsV1_0InteractiveProfile
= 2,
2783 MsV1_0Lm20LogonProfile
,
2784 MsV1_0SmartCardProfile
2785 } MSV1_0_PROFILE_BUFFER_TYPE
, *PMSV1_0_PROFILE_BUFFER_TYPE
;
2787 typedef struct _MSV1_0_INTERACTIVE_LOGON
{
2788 MSV1_0_LOGON_SUBMIT_TYPE MessageType
;
2789 UNICODE_STRING LogonDomainName
;
2790 UNICODE_STRING UserName
;
2791 UNICODE_STRING Password
;
2792 } MSV1_0_INTERACTIVE_LOGON
, *PMSV1_0_INTERACTIVE_LOGON
;
2794 typedef struct _MSV1_0_INTERACTIVE_PROFILE
{
2795 MSV1_0_PROFILE_BUFFER_TYPE MessageType
;
2797 USHORT BadPasswordCount
;
2798 LARGE_INTEGER LogonTime
;
2799 LARGE_INTEGER LogoffTime
;
2800 LARGE_INTEGER KickOffTime
;
2801 LARGE_INTEGER PasswordLastSet
;
2802 LARGE_INTEGER PasswordCanChange
;
2803 LARGE_INTEGER PasswordMustChange
;
2804 UNICODE_STRING LogonScript
;
2805 UNICODE_STRING HomeDirectory
;
2806 UNICODE_STRING FullName
;
2807 UNICODE_STRING ProfilePath
;
2808 UNICODE_STRING HomeDirectoryDrive
;
2809 UNICODE_STRING LogonServer
;
2811 } MSV1_0_INTERACTIVE_PROFILE
, *PMSV1_0_INTERACTIVE_PROFILE
;
2813 typedef struct _MSV1_0_LM20_LOGON
{
2814 MSV1_0_LOGON_SUBMIT_TYPE MessageType
;
2815 UNICODE_STRING LogonDomainName
;
2816 UNICODE_STRING UserName
;
2817 UNICODE_STRING Workstation
;
2818 UCHAR ChallengeToClient
[MSV1_0_CHALLENGE_LENGTH
];
2819 STRING CaseSensitiveChallengeResponse
;
2820 STRING CaseInsensitiveChallengeResponse
;
2821 ULONG ParameterControl
;
2822 } MSV1_0_LM20_LOGON
, * PMSV1_0_LM20_LOGON
;
2824 typedef struct _MSV1_0_SUBAUTH_LOGON
{
2825 MSV1_0_LOGON_SUBMIT_TYPE MessageType
;
2826 UNICODE_STRING LogonDomainName
;
2827 UNICODE_STRING UserName
;
2828 UNICODE_STRING Workstation
;
2829 UCHAR ChallengeToClient
[MSV1_0_CHALLENGE_LENGTH
];
2830 STRING AuthenticationInfo1
;
2831 STRING AuthenticationInfo2
;
2832 ULONG ParameterControl
;
2833 ULONG SubAuthPackageId
;
2834 } MSV1_0_SUBAUTH_LOGON
, * PMSV1_0_SUBAUTH_LOGON
;
2836 #if (_WIN32_WINNT >= 0x0600)
2838 #define MSV1_0_S4U_LOGON_FLAG_CHECK_LOGONHOURS 0x2
2840 typedef struct _MSV1_0_S4U_LOGON
{
2841 MSV1_0_LOGON_SUBMIT_TYPE MessageType
;
2843 UNICODE_STRING UserPrincipalName
;
2844 UNICODE_STRING DomainName
;
2845 } MSV1_0_S4U_LOGON
, *PMSV1_0_S4U_LOGON
;
2849 typedef struct _MSV1_0_LM20_LOGON_PROFILE
{
2850 MSV1_0_PROFILE_BUFFER_TYPE MessageType
;
2851 LARGE_INTEGER KickOffTime
;
2852 LARGE_INTEGER LogoffTime
;
2854 UCHAR UserSessionKey
[MSV1_0_USER_SESSION_KEY_LENGTH
];
2855 UNICODE_STRING LogonDomainName
;
2856 UCHAR LanmanSessionKey
[MSV1_0_LANMAN_SESSION_KEY_LENGTH
];
2857 UNICODE_STRING LogonServer
;
2858 UNICODE_STRING UserParameters
;
2859 } MSV1_0_LM20_LOGON_PROFILE
, * PMSV1_0_LM20_LOGON_PROFILE
;
2861 typedef struct _MSV1_0_SUPPLEMENTAL_CREDENTIAL
{
2864 UCHAR LmPassword
[MSV1_0_OWF_PASSWORD_LENGTH
];
2865 UCHAR NtPassword
[MSV1_0_OWF_PASSWORD_LENGTH
];
2866 } MSV1_0_SUPPLEMENTAL_CREDENTIAL
, *PMSV1_0_SUPPLEMENTAL_CREDENTIAL
;
2868 typedef struct _MSV1_0_NTLM3_RESPONSE
{
2869 UCHAR Response
[MSV1_0_NTLM3_RESPONSE_LENGTH
];
2874 ULONGLONG TimeStamp
;
2875 UCHAR ChallengeFromClient
[MSV1_0_CHALLENGE_LENGTH
];
2878 } MSV1_0_NTLM3_RESPONSE
, *PMSV1_0_NTLM3_RESPONSE
;
2880 typedef enum _MSV1_0_AVID
{
2882 MsvAvNbComputerName
,
2884 MsvAvDnsComputerName
,
2886 #if (_WIN32_WINNT >= 0x0501)
2889 #if (_WIN32_WINNT >= 0x0600)
2893 MsvAvChannelBindings
,
2898 typedef struct _MSV1_0_AV_PAIR
{
2901 } MSV1_0_AV_PAIR
, *PMSV1_0_AV_PAIR
;
2903 typedef enum _MSV1_0_PROTOCOL_MESSAGE_TYPE
{
2904 MsV1_0Lm20ChallengeRequest
= 0,
2905 MsV1_0Lm20GetChallengeResponse
,
2906 MsV1_0EnumerateUsers
,
2909 MsV1_0ChangePassword
,
2910 MsV1_0ChangeCachedPassword
,
2911 MsV1_0GenericPassthrough
,
2914 MsV1_0DeriveCredential
,
2916 #if (_WIN32_WINNT >= 0x0501)
2917 MsV1_0SetProcessOption
,
2919 #if (_WIN32_WINNT >= 0x0600)
2920 MsV1_0ConfigLocalAliases
,
2921 MsV1_0ClearCachedCredentials
,
2923 } MSV1_0_PROTOCOL_MESSAGE_TYPE
, *PMSV1_0_PROTOCOL_MESSAGE_TYPE
;
2925 typedef struct _MSV1_0_LM20_CHALLENGE_REQUEST
{
2926 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType
;
2927 } MSV1_0_LM20_CHALLENGE_REQUEST
, *PMSV1_0_LM20_CHALLENGE_REQUEST
;
2929 typedef struct _MSV1_0_LM20_CHALLENGE_RESPONSE
{
2930 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType
;
2931 UCHAR ChallengeToClient
[MSV1_0_CHALLENGE_LENGTH
];
2932 } MSV1_0_LM20_CHALLENGE_RESPONSE
, *PMSV1_0_LM20_CHALLENGE_RESPONSE
;
2934 typedef struct _MSV1_0_GETCHALLENRESP_REQUEST_V1
{
2935 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType
;
2936 ULONG ParameterControl
;
2938 UNICODE_STRING Password
;
2939 UCHAR ChallengeToClient
[MSV1_0_CHALLENGE_LENGTH
];
2940 } MSV1_0_GETCHALLENRESP_REQUEST_V1
, *PMSV1_0_GETCHALLENRESP_REQUEST_V1
;
2942 typedef struct _MSV1_0_GETCHALLENRESP_REQUEST
{
2943 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType
;
2944 ULONG ParameterControl
;
2946 UNICODE_STRING Password
;
2947 UCHAR ChallengeToClient
[MSV1_0_CHALLENGE_LENGTH
];
2948 UNICODE_STRING UserName
;
2949 UNICODE_STRING LogonDomainName
;
2950 UNICODE_STRING ServerName
;
2951 } MSV1_0_GETCHALLENRESP_REQUEST
, *PMSV1_0_GETCHALLENRESP_REQUEST
;
2953 typedef struct _MSV1_0_GETCHALLENRESP_RESPONSE
{
2954 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType
;
2955 STRING CaseSensitiveChallengeResponse
;
2956 STRING CaseInsensitiveChallengeResponse
;
2957 UNICODE_STRING UserName
;
2958 UNICODE_STRING LogonDomainName
;
2959 UCHAR UserSessionKey
[MSV1_0_USER_SESSION_KEY_LENGTH
];
2960 UCHAR LanmanSessionKey
[MSV1_0_LANMAN_SESSION_KEY_LENGTH
];
2961 } MSV1_0_GETCHALLENRESP_RESPONSE
, *PMSV1_0_GETCHALLENRESP_RESPONSE
;
2963 typedef struct _MSV1_0_ENUMUSERS_REQUEST
{
2964 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType
;
2965 } MSV1_0_ENUMUSERS_REQUEST
, *PMSV1_0_ENUMUSERS_REQUEST
;
2967 typedef struct _MSV1_0_ENUMUSERS_RESPONSE
{
2968 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType
;
2969 ULONG NumberOfLoggedOnUsers
;
2972 } MSV1_0_ENUMUSERS_RESPONSE
, *PMSV1_0_ENUMUSERS_RESPONSE
;
2974 typedef struct _MSV1_0_GETUSERINFO_REQUEST
{
2975 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType
;
2977 } MSV1_0_GETUSERINFO_REQUEST
, *PMSV1_0_GETUSERINFO_REQUEST
;
2979 typedef struct _MSV1_0_GETUSERINFO_RESPONSE
{
2980 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType
;
2982 UNICODE_STRING UserName
;
2983 UNICODE_STRING LogonDomainName
;
2984 UNICODE_STRING LogonServer
;
2985 SECURITY_LOGON_TYPE LogonType
;
2986 } MSV1_0_GETUSERINFO_RESPONSE
, *PMSV1_0_GETUSERINFO_RESPONSE
;
2988 #define FILE_OPLOCK_BROKEN_TO_LEVEL_2 0x00000007
2989 #define FILE_OPLOCK_BROKEN_TO_NONE 0x00000008
2990 #define FILE_OPBATCH_BREAK_UNDERWAY 0x00000009
2992 /* also in winnt.h */
2993 #define FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001
2994 #define FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002
2995 #define FILE_NOTIFY_CHANGE_NAME 0x00000003
2996 #define FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004
2997 #define FILE_NOTIFY_CHANGE_SIZE 0x00000008
2998 #define FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010
2999 #define FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020
3000 #define FILE_NOTIFY_CHANGE_CREATION 0x00000040
3001 #define FILE_NOTIFY_CHANGE_EA 0x00000080
3002 #define FILE_NOTIFY_CHANGE_SECURITY 0x00000100
3003 #define FILE_NOTIFY_CHANGE_STREAM_NAME 0x00000200
3004 #define FILE_NOTIFY_CHANGE_STREAM_SIZE 0x00000400
3005 #define FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800
3006 #define FILE_NOTIFY_VALID_MASK 0x00000fff
3008 #define FILE_ACTION_ADDED 0x00000001
3009 #define FILE_ACTION_REMOVED 0x00000002
3010 #define FILE_ACTION_MODIFIED 0x00000003
3011 #define FILE_ACTION_RENAMED_OLD_NAME 0x00000004
3012 #define FILE_ACTION_RENAMED_NEW_NAME 0x00000005
3013 #define FILE_ACTION_ADDED_STREAM 0x00000006
3014 #define FILE_ACTION_REMOVED_STREAM 0x00000007
3015 #define FILE_ACTION_MODIFIED_STREAM 0x00000008
3016 #define FILE_ACTION_REMOVED_BY_DELETE 0x00000009
3017 #define FILE_ACTION_ID_NOT_TUNNELLED 0x0000000A
3018 #define FILE_ACTION_TUNNELLED_ID_COLLISION 0x0000000B
3021 #define FILE_PIPE_BYTE_STREAM_TYPE 0x00000000
3022 #define FILE_PIPE_MESSAGE_TYPE 0x00000001
3024 #define FILE_PIPE_ACCEPT_REMOTE_CLIENTS 0x00000000
3025 #define FILE_PIPE_REJECT_REMOTE_CLIENTS 0x00000002
3027 #define FILE_PIPE_ACCEPT_REMOTE_CLIENTS 0x00000000
3028 #define FILE_PIPE_REJECT_REMOTE_CLIENTS 0x00000002
3029 #define FILE_PIPE_TYPE_VALID_MASK 0x00000003
3031 #define FILE_PIPE_BYTE_STREAM_MODE 0x00000000
3032 #define FILE_PIPE_MESSAGE_MODE 0x00000001
3034 #define FILE_PIPE_QUEUE_OPERATION 0x00000000
3035 #define FILE_PIPE_COMPLETE_OPERATION 0x00000001
3037 #define FILE_PIPE_INBOUND 0x00000000
3038 #define FILE_PIPE_OUTBOUND 0x00000001
3039 #define FILE_PIPE_FULL_DUPLEX 0x00000002
3041 #define FILE_PIPE_DISCONNECTED_STATE 0x00000001
3042 #define FILE_PIPE_LISTENING_STATE 0x00000002
3043 #define FILE_PIPE_CONNECTED_STATE 0x00000003
3044 #define FILE_PIPE_CLOSING_STATE 0x00000004
3046 #define FILE_PIPE_CLIENT_END 0x00000000
3047 #define FILE_PIPE_SERVER_END 0x00000001
3049 #define FILE_CASE_SENSITIVE_SEARCH 0x00000001
3050 #define FILE_CASE_PRESERVED_NAMES 0x00000002
3051 #define FILE_UNICODE_ON_DISK 0x00000004
3052 #define FILE_PERSISTENT_ACLS 0x00000008
3053 #define FILE_FILE_COMPRESSION 0x00000010
3054 #define FILE_VOLUME_QUOTAS 0x00000020
3055 #define FILE_SUPPORTS_SPARSE_FILES 0x00000040
3056 #define FILE_SUPPORTS_REPARSE_POINTS 0x00000080
3057 #define FILE_SUPPORTS_REMOTE_STORAGE 0x00000100
3058 #define FILE_VOLUME_IS_COMPRESSED 0x00008000
3059 #define FILE_SUPPORTS_OBJECT_IDS 0x00010000
3060 #define FILE_SUPPORTS_ENCRYPTION 0x00020000
3061 #define FILE_NAMED_STREAMS 0x00040000
3062 #define FILE_READ_ONLY_VOLUME 0x00080000
3063 #define FILE_SEQUENTIAL_WRITE_ONCE 0x00100000
3064 #define FILE_SUPPORTS_TRANSACTIONS 0x00200000
3065 #define FILE_SUPPORTS_HARD_LINKS 0x00400000
3066 #define FILE_SUPPORTS_EXTENDED_ATTRIBUTES 0x00800000
3067 #define FILE_SUPPORTS_OPEN_BY_FILE_ID 0x01000000
3068 #define FILE_SUPPORTS_USN_JOURNAL 0x02000000
3070 #define FILE_NEED_EA 0x00000080
3072 #define FILE_EA_TYPE_BINARY 0xfffe
3073 #define FILE_EA_TYPE_ASCII 0xfffd
3074 #define FILE_EA_TYPE_BITMAP 0xfffb
3075 #define FILE_EA_TYPE_METAFILE 0xfffa
3076 #define FILE_EA_TYPE_ICON 0xfff9
3077 #define FILE_EA_TYPE_EA 0xffee
3078 #define FILE_EA_TYPE_MVMT 0xffdf
3079 #define FILE_EA_TYPE_MVST 0xffde
3080 #define FILE_EA_TYPE_ASN1 0xffdd
3081 #define FILE_EA_TYPE_FAMILY_IDS 0xff01
3083 typedef struct _FILE_NOTIFY_INFORMATION
{
3084 ULONG NextEntryOffset
;
3086 ULONG FileNameLength
;
3088 } FILE_NOTIFY_INFORMATION
, *PFILE_NOTIFY_INFORMATION
;
3090 typedef struct _FILE_DIRECTORY_INFORMATION
{
3091 ULONG NextEntryOffset
;
3093 LARGE_INTEGER CreationTime
;
3094 LARGE_INTEGER LastAccessTime
;
3095 LARGE_INTEGER LastWriteTime
;
3096 LARGE_INTEGER ChangeTime
;
3097 LARGE_INTEGER EndOfFile
;
3098 LARGE_INTEGER AllocationSize
;
3099 ULONG FileAttributes
;
3100 ULONG FileNameLength
;
3102 } FILE_DIRECTORY_INFORMATION
, *PFILE_DIRECTORY_INFORMATION
;
3104 typedef struct _FILE_FULL_DIR_INFORMATION
{
3105 ULONG NextEntryOffset
;
3107 LARGE_INTEGER CreationTime
;
3108 LARGE_INTEGER LastAccessTime
;
3109 LARGE_INTEGER LastWriteTime
;
3110 LARGE_INTEGER ChangeTime
;
3111 LARGE_INTEGER EndOfFile
;
3112 LARGE_INTEGER AllocationSize
;
3113 ULONG FileAttributes
;
3114 ULONG FileNameLength
;
3117 } FILE_FULL_DIR_INFORMATION
, *PFILE_FULL_DIR_INFORMATION
;
3119 typedef struct _FILE_ID_FULL_DIR_INFORMATION
{
3120 ULONG NextEntryOffset
;
3122 LARGE_INTEGER CreationTime
;
3123 LARGE_INTEGER LastAccessTime
;
3124 LARGE_INTEGER LastWriteTime
;
3125 LARGE_INTEGER ChangeTime
;
3126 LARGE_INTEGER EndOfFile
;
3127 LARGE_INTEGER AllocationSize
;
3128 ULONG FileAttributes
;
3129 ULONG FileNameLength
;
3131 LARGE_INTEGER FileId
;
3133 } FILE_ID_FULL_DIR_INFORMATION
, *PFILE_ID_FULL_DIR_INFORMATION
;
3135 typedef struct _FILE_BOTH_DIR_INFORMATION
{
3136 ULONG NextEntryOffset
;
3138 LARGE_INTEGER CreationTime
;
3139 LARGE_INTEGER LastAccessTime
;
3140 LARGE_INTEGER LastWriteTime
;
3141 LARGE_INTEGER ChangeTime
;
3142 LARGE_INTEGER EndOfFile
;
3143 LARGE_INTEGER AllocationSize
;
3144 ULONG FileAttributes
;
3145 ULONG FileNameLength
;
3147 CCHAR ShortNameLength
;
3148 WCHAR ShortName
[12];
3150 } FILE_BOTH_DIR_INFORMATION
, *PFILE_BOTH_DIR_INFORMATION
;
3152 typedef struct _FILE_ID_BOTH_DIR_INFORMATION
{
3153 ULONG NextEntryOffset
;
3155 LARGE_INTEGER CreationTime
;
3156 LARGE_INTEGER LastAccessTime
;
3157 LARGE_INTEGER LastWriteTime
;
3158 LARGE_INTEGER ChangeTime
;
3159 LARGE_INTEGER EndOfFile
;
3160 LARGE_INTEGER AllocationSize
;
3161 ULONG FileAttributes
;
3162 ULONG FileNameLength
;
3164 CCHAR ShortNameLength
;
3165 WCHAR ShortName
[12];
3166 LARGE_INTEGER FileId
;
3168 } FILE_ID_BOTH_DIR_INFORMATION
, *PFILE_ID_BOTH_DIR_INFORMATION
;
3170 typedef struct _FILE_NAMES_INFORMATION
{
3171 ULONG NextEntryOffset
;
3173 ULONG FileNameLength
;
3175 } FILE_NAMES_INFORMATION
, *PFILE_NAMES_INFORMATION
;
3177 typedef struct _FILE_ID_GLOBAL_TX_DIR_INFORMATION
{
3178 ULONG NextEntryOffset
;
3180 LARGE_INTEGER CreationTime
;
3181 LARGE_INTEGER LastAccessTime
;
3182 LARGE_INTEGER LastWriteTime
;
3183 LARGE_INTEGER ChangeTime
;
3184 LARGE_INTEGER EndOfFile
;
3185 LARGE_INTEGER AllocationSize
;
3186 ULONG FileAttributes
;
3187 ULONG FileNameLength
;
3188 LARGE_INTEGER FileId
;
3189 GUID LockingTransactionId
;
3192 } FILE_ID_GLOBAL_TX_DIR_INFORMATION
, *PFILE_ID_GLOBAL_TX_DIR_INFORMATION
;
3194 #define FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_WRITELOCKED 0x00000001
3195 #define FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_VISIBLE_TO_TX 0x00000002
3196 #define FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_VISIBLE_OUTSIDE_TX 0x00000004
3198 typedef struct _FILE_OBJECTID_INFORMATION
{
3199 LONGLONG FileReference
;
3201 _ANONYMOUS_UNION
union {
3202 __GNU_EXTENSION
struct {
3203 UCHAR BirthVolumeId
[16];
3204 UCHAR BirthObjectId
[16];
3207 UCHAR ExtendedInfo
[48];
3209 } FILE_OBJECTID_INFORMATION
, *PFILE_OBJECTID_INFORMATION
;
3211 #define ANSI_DOS_STAR ('<')
3212 #define ANSI_DOS_QM ('>')
3213 #define ANSI_DOS_DOT ('"')
3215 #define DOS_STAR (L'<')
3216 #define DOS_QM (L'>')
3217 #define DOS_DOT (L'"')
3219 typedef struct _FILE_INTERNAL_INFORMATION
{
3220 LARGE_INTEGER IndexNumber
;
3221 } FILE_INTERNAL_INFORMATION
, *PFILE_INTERNAL_INFORMATION
;
3223 typedef struct _FILE_EA_INFORMATION
{
3225 } FILE_EA_INFORMATION
, *PFILE_EA_INFORMATION
;
3227 typedef struct _FILE_ACCESS_INFORMATION
{
3228 ACCESS_MASK AccessFlags
;
3229 } FILE_ACCESS_INFORMATION
, *PFILE_ACCESS_INFORMATION
;
3231 typedef struct _FILE_MODE_INFORMATION
{
3233 } FILE_MODE_INFORMATION
, *PFILE_MODE_INFORMATION
;
3235 typedef struct _FILE_ALL_INFORMATION
{
3236 FILE_BASIC_INFORMATION BasicInformation
;
3237 FILE_STANDARD_INFORMATION StandardInformation
;
3238 FILE_INTERNAL_INFORMATION InternalInformation
;
3239 FILE_EA_INFORMATION EaInformation
;
3240 FILE_ACCESS_INFORMATION AccessInformation
;
3241 FILE_POSITION_INFORMATION PositionInformation
;
3242 FILE_MODE_INFORMATION ModeInformation
;
3243 FILE_ALIGNMENT_INFORMATION AlignmentInformation
;
3244 FILE_NAME_INFORMATION NameInformation
;
3245 } FILE_ALL_INFORMATION
, *PFILE_ALL_INFORMATION
;
3247 typedef struct _FILE_ALLOCATION_INFORMATION
{
3248 LARGE_INTEGER AllocationSize
;
3249 } FILE_ALLOCATION_INFORMATION
, *PFILE_ALLOCATION_INFORMATION
;
3251 typedef struct _FILE_COMPRESSION_INFORMATION
{
3252 LARGE_INTEGER CompressedFileSize
;
3253 USHORT CompressionFormat
;
3254 UCHAR CompressionUnitShift
;
3258 } FILE_COMPRESSION_INFORMATION
, *PFILE_COMPRESSION_INFORMATION
;
3260 typedef struct _FILE_LINK_INFORMATION
{
3261 BOOLEAN ReplaceIfExists
;
3262 HANDLE RootDirectory
;
3263 ULONG FileNameLength
;
3265 } FILE_LINK_INFORMATION
, *PFILE_LINK_INFORMATION
;
3267 typedef struct _FILE_MOVE_CLUSTER_INFORMATION
{
3269 HANDLE RootDirectory
;
3270 ULONG FileNameLength
;
3272 } FILE_MOVE_CLUSTER_INFORMATION
, *PFILE_MOVE_CLUSTER_INFORMATION
;
3274 typedef struct _FILE_RENAME_INFORMATION
{
3275 BOOLEAN ReplaceIfExists
;
3276 HANDLE RootDirectory
;
3277 ULONG FileNameLength
;
3279 } FILE_RENAME_INFORMATION
, *PFILE_RENAME_INFORMATION
;
3281 typedef struct _FILE_STREAM_INFORMATION
{
3282 ULONG NextEntryOffset
;
3283 ULONG StreamNameLength
;
3284 LARGE_INTEGER StreamSize
;
3285 LARGE_INTEGER StreamAllocationSize
;
3286 WCHAR StreamName
[1];
3287 } FILE_STREAM_INFORMATION
, *PFILE_STREAM_INFORMATION
;
3289 typedef struct _FILE_TRACKING_INFORMATION
{
3290 HANDLE DestinationFile
;
3291 ULONG ObjectInformationLength
;
3292 CHAR ObjectInformation
[1];
3293 } FILE_TRACKING_INFORMATION
, *PFILE_TRACKING_INFORMATION
;
3295 typedef struct _FILE_COMPLETION_INFORMATION
{
3298 } FILE_COMPLETION_INFORMATION
, *PFILE_COMPLETION_INFORMATION
;
3300 typedef struct _FILE_PIPE_INFORMATION
{
3302 ULONG CompletionMode
;
3303 } FILE_PIPE_INFORMATION
, *PFILE_PIPE_INFORMATION
;
3305 typedef struct _FILE_PIPE_LOCAL_INFORMATION
{
3306 ULONG NamedPipeType
;
3307 ULONG NamedPipeConfiguration
;
3308 ULONG MaximumInstances
;
3309 ULONG CurrentInstances
;
3311 ULONG ReadDataAvailable
;
3312 ULONG OutboundQuota
;
3313 ULONG WriteQuotaAvailable
;
3314 ULONG NamedPipeState
;
3316 } FILE_PIPE_LOCAL_INFORMATION
, *PFILE_PIPE_LOCAL_INFORMATION
;
3318 typedef struct _FILE_PIPE_REMOTE_INFORMATION
{
3319 LARGE_INTEGER CollectDataTime
;
3320 ULONG MaximumCollectionCount
;
3321 } FILE_PIPE_REMOTE_INFORMATION
, *PFILE_PIPE_REMOTE_INFORMATION
;
3323 typedef struct _FILE_MAILSLOT_QUERY_INFORMATION
{
3324 ULONG MaximumMessageSize
;
3325 ULONG MailslotQuota
;
3326 ULONG NextMessageSize
;
3327 ULONG MessagesAvailable
;
3328 LARGE_INTEGER ReadTimeout
;
3329 } FILE_MAILSLOT_QUERY_INFORMATION
, *PFILE_MAILSLOT_QUERY_INFORMATION
;
3331 typedef struct _FILE_MAILSLOT_SET_INFORMATION
{
3332 PLARGE_INTEGER ReadTimeout
;
3333 } FILE_MAILSLOT_SET_INFORMATION
, *PFILE_MAILSLOT_SET_INFORMATION
;
3335 typedef struct _FILE_REPARSE_POINT_INFORMATION
{
3336 LONGLONG FileReference
;
3338 } FILE_REPARSE_POINT_INFORMATION
, *PFILE_REPARSE_POINT_INFORMATION
;
3340 typedef struct _FILE_LINK_ENTRY_INFORMATION
{
3341 ULONG NextEntryOffset
;
3342 LONGLONG ParentFileId
;
3343 ULONG FileNameLength
;
3345 } FILE_LINK_ENTRY_INFORMATION
, *PFILE_LINK_ENTRY_INFORMATION
;
3347 typedef struct _FILE_LINKS_INFORMATION
{
3349 ULONG EntriesReturned
;
3350 FILE_LINK_ENTRY_INFORMATION Entry
;
3351 } FILE_LINKS_INFORMATION
, *PFILE_LINKS_INFORMATION
;
3353 typedef struct _FILE_NETWORK_PHYSICAL_NAME_INFORMATION
{
3354 ULONG FileNameLength
;
3356 } FILE_NETWORK_PHYSICAL_NAME_INFORMATION
, *PFILE_NETWORK_PHYSICAL_NAME_INFORMATION
;
3358 typedef struct _FILE_STANDARD_LINK_INFORMATION
{
3359 ULONG NumberOfAccessibleLinks
;
3360 ULONG TotalNumberOfLinks
;
3361 BOOLEAN DeletePending
;
3363 } FILE_STANDARD_LINK_INFORMATION
, *PFILE_STANDARD_LINK_INFORMATION
;
3365 typedef struct _FILE_GET_EA_INFORMATION
{
3366 ULONG NextEntryOffset
;
3369 } FILE_GET_EA_INFORMATION
, *PFILE_GET_EA_INFORMATION
;
3371 #define REMOTE_PROTOCOL_FLAG_LOOPBACK 0x00000001
3372 #define REMOTE_PROTOCOL_FLAG_OFFLINE 0x00000002
3374 typedef struct _FILE_REMOTE_PROTOCOL_INFORMATION
{
3375 USHORT StructureVersion
;
3376 USHORT StructureSize
;
3378 USHORT ProtocolMajorVersion
;
3379 USHORT ProtocolMinorVersion
;
3380 USHORT ProtocolRevision
;
3388 } ProtocolSpecificReserved
;
3389 } FILE_REMOTE_PROTOCOL_INFORMATION
, *PFILE_REMOTE_PROTOCOL_INFORMATION
;
3391 typedef struct _FILE_GET_QUOTA_INFORMATION
{
3392 ULONG NextEntryOffset
;
3395 } FILE_GET_QUOTA_INFORMATION
, *PFILE_GET_QUOTA_INFORMATION
;
3397 typedef struct _FILE_QUOTA_INFORMATION
{
3398 ULONG NextEntryOffset
;
3400 LARGE_INTEGER ChangeTime
;
3401 LARGE_INTEGER QuotaUsed
;
3402 LARGE_INTEGER QuotaThreshold
;
3403 LARGE_INTEGER QuotaLimit
;
3405 } FILE_QUOTA_INFORMATION
, *PFILE_QUOTA_INFORMATION
;
3407 typedef struct _FILE_FS_ATTRIBUTE_INFORMATION
{
3408 ULONG FileSystemAttributes
;
3409 ULONG MaximumComponentNameLength
;
3410 ULONG FileSystemNameLength
;
3411 WCHAR FileSystemName
[1];
3412 } FILE_FS_ATTRIBUTE_INFORMATION
, *PFILE_FS_ATTRIBUTE_INFORMATION
;
3414 typedef struct _FILE_FS_DRIVER_PATH_INFORMATION
{
3415 BOOLEAN DriverInPath
;
3416 ULONG DriverNameLength
;
3417 WCHAR DriverName
[1];
3418 } FILE_FS_DRIVER_PATH_INFORMATION
, *PFILE_FS_DRIVER_PATH_INFORMATION
;
3420 typedef struct _FILE_FS_VOLUME_FLAGS_INFORMATION
{
3422 } FILE_FS_VOLUME_FLAGS_INFORMATION
, *PFILE_FS_VOLUME_FLAGS_INFORMATION
;
3424 #define FILE_VC_QUOTA_NONE 0x00000000
3425 #define FILE_VC_QUOTA_TRACK 0x00000001
3426 #define FILE_VC_QUOTA_ENFORCE 0x00000002
3427 #define FILE_VC_QUOTA_MASK 0x00000003
3428 #define FILE_VC_CONTENT_INDEX_DISABLED 0x00000008
3429 #define FILE_VC_LOG_QUOTA_THRESHOLD 0x00000010
3430 #define FILE_VC_LOG_QUOTA_LIMIT 0x00000020
3431 #define FILE_VC_LOG_VOLUME_THRESHOLD 0x00000040
3432 #define FILE_VC_LOG_VOLUME_LIMIT 0x00000080
3433 #define FILE_VC_QUOTAS_INCOMPLETE 0x00000100
3434 #define FILE_VC_QUOTAS_REBUILDING 0x00000200
3435 #define FILE_VC_VALID_MASK 0x000003ff
3437 typedef struct _FILE_FS_CONTROL_INFORMATION
{
3438 LARGE_INTEGER FreeSpaceStartFiltering
;
3439 LARGE_INTEGER FreeSpaceThreshold
;
3440 LARGE_INTEGER FreeSpaceStopFiltering
;
3441 LARGE_INTEGER DefaultQuotaThreshold
;
3442 LARGE_INTEGER DefaultQuotaLimit
;
3443 ULONG FileSystemControlFlags
;
3444 } FILE_FS_CONTROL_INFORMATION
, *PFILE_FS_CONTROL_INFORMATION
;
3446 #ifndef _FILESYSTEMFSCTL_
3447 #define _FILESYSTEMFSCTL_
3449 #define FSCTL_REQUEST_OPLOCK_LEVEL_1 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
3450 #define FSCTL_REQUEST_OPLOCK_LEVEL_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
3451 #define FSCTL_REQUEST_BATCH_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
3452 #define FSCTL_OPLOCK_BREAK_ACKNOWLEDGE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 3, METHOD_BUFFERED, FILE_ANY_ACCESS)
3453 #define FSCTL_OPBATCH_ACK_CLOSE_PENDING CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
3454 #define FSCTL_OPLOCK_BREAK_NOTIFY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 5, METHOD_BUFFERED, FILE_ANY_ACCESS)
3455 #define FSCTL_LOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
3456 #define FSCTL_UNLOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
3457 #define FSCTL_DISMOUNT_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
3458 #define FSCTL_IS_VOLUME_MOUNTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 10, METHOD_BUFFERED, FILE_ANY_ACCESS)
3459 #define FSCTL_IS_PATHNAME_VALID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 11, METHOD_BUFFERED, FILE_ANY_ACCESS)
3460 #define FSCTL_MARK_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 12, METHOD_BUFFERED, FILE_ANY_ACCESS)
3461 #define FSCTL_QUERY_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 14, METHOD_NEITHER, FILE_ANY_ACCESS)
3462 #define FSCTL_GET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 15, METHOD_BUFFERED, FILE_ANY_ACCESS)
3463 #define FSCTL_SET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 16, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
3464 #define FSCTL_SET_BOOTLOADER_ACCESSED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 19, METHOD_NEITHER, FILE_ANY_ACCESS)
3466 #define FSCTL_OPLOCK_BREAK_ACK_NO_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 20, METHOD_BUFFERED, FILE_ANY_ACCESS)
3467 #define FSCTL_INVALIDATE_VOLUMES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 21, METHOD_BUFFERED, FILE_ANY_ACCESS)
3468 #define FSCTL_QUERY_FAT_BPB CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 22, METHOD_BUFFERED, FILE_ANY_ACCESS)
3469 #define FSCTL_REQUEST_FILTER_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 23, METHOD_BUFFERED, FILE_ANY_ACCESS)
3470 #define FSCTL_FILESYSTEM_GET_STATISTICS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 24, METHOD_BUFFERED, FILE_ANY_ACCESS)
3472 #if (_WIN32_WINNT >= 0x0400)
3474 #define FSCTL_GET_NTFS_VOLUME_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 25, METHOD_BUFFERED, FILE_ANY_ACCESS)
3475 #define FSCTL_GET_NTFS_FILE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 26, METHOD_BUFFERED, FILE_ANY_ACCESS)
3476 #define FSCTL_GET_VOLUME_BITMAP CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 27, METHOD_NEITHER, FILE_ANY_ACCESS)
3477 #define FSCTL_GET_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 28, METHOD_NEITHER, FILE_ANY_ACCESS)
3478 #define FSCTL_MOVE_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 29, METHOD_BUFFERED, FILE_ANY_ACCESS)
3479 #define FSCTL_IS_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 30, METHOD_BUFFERED, FILE_ANY_ACCESS)
3480 #define FSCTL_ALLOW_EXTENDED_DASD_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 32, METHOD_NEITHER, FILE_ANY_ACCESS)
3484 #if (_WIN32_WINNT >= 0x0500)
3486 #define FSCTL_FIND_FILES_BY_SID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 35, METHOD_NEITHER, FILE_ANY_ACCESS)
3487 #define FSCTL_SET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 38, METHOD_BUFFERED, FILE_WRITE_DATA)
3488 #define FSCTL_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 39, METHOD_BUFFERED, FILE_ANY_ACCESS)
3489 #define FSCTL_DELETE_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 40, METHOD_BUFFERED, FILE_WRITE_DATA)
3490 #define FSCTL_SET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 41, METHOD_BUFFERED, FILE_WRITE_DATA)
3491 #define FSCTL_GET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 42, METHOD_BUFFERED, FILE_ANY_ACCESS)
3492 #define FSCTL_DELETE_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 43, METHOD_BUFFERED, FILE_WRITE_DATA)
3493 #define FSCTL_ENUM_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 44, METHOD_NEITHER, FILE_READ_DATA)
3494 #define FSCTL_SECURITY_ID_CHECK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 45, METHOD_NEITHER, FILE_READ_DATA)
3495 #define FSCTL_READ_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 46, METHOD_NEITHER, FILE_READ_DATA)
3496 #define FSCTL_SET_OBJECT_ID_EXTENDED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 47, METHOD_BUFFERED, FILE_WRITE_DATA)
3497 #define FSCTL_CREATE_OR_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 48, METHOD_BUFFERED, FILE_ANY_ACCESS)
3498 #define FSCTL_SET_SPARSE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 49, METHOD_BUFFERED, FILE_WRITE_DATA)
3499 #define FSCTL_SET_ZERO_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 50, METHOD_BUFFERED, FILE_WRITE_DATA)
3500 #define FSCTL_QUERY_ALLOCATED_RANGES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 51, METHOD_NEITHER, FILE_READ_DATA)
3501 #define FSCTL_ENABLE_UPGRADE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 52, METHOD_BUFFERED, FILE_WRITE_DATA)
3502 #define FSCTL_SET_ENCRYPTION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 53, METHOD_BUFFERED, FILE_ANY_ACCESS)
3503 #define FSCTL_ENCRYPTION_FSCTL_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 54, METHOD_NEITHER, FILE_ANY_ACCESS)
3504 #define FSCTL_WRITE_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 55, METHOD_NEITHER, FILE_ANY_ACCESS)
3505 #define FSCTL_READ_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 56, METHOD_NEITHER, FILE_ANY_ACCESS)
3506 #define FSCTL_CREATE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 57, METHOD_NEITHER, FILE_READ_DATA)
3507 #define FSCTL_READ_FILE_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 58, METHOD_NEITHER, FILE_READ_DATA)
3508 #define FSCTL_WRITE_USN_CLOSE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 59, METHOD_NEITHER, FILE_READ_DATA)
3509 #define FSCTL_EXTEND_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 60, METHOD_BUFFERED, FILE_ANY_ACCESS)
3510 #define FSCTL_QUERY_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 61, METHOD_BUFFERED, FILE_ANY_ACCESS)
3511 #define FSCTL_DELETE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 62, METHOD_BUFFERED, FILE_ANY_ACCESS)
3512 #define FSCTL_MARK_HANDLE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 63, METHOD_BUFFERED, FILE_ANY_ACCESS)
3513 #define FSCTL_SIS_COPYFILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 64, METHOD_BUFFERED, FILE_ANY_ACCESS)
3514 #define FSCTL_SIS_LINK_FILES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 65, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
3515 #define FSCTL_RECALL_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 69, METHOD_NEITHER, FILE_ANY_ACCESS)
3516 #define FSCTL_READ_FROM_PLEX CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 71, METHOD_OUT_DIRECT, FILE_READ_DATA)
3517 #define FSCTL_FILE_PREFETCH CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 72, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
3521 #if (_WIN32_WINNT >= 0x0600)
3523 #define FSCTL_MAKE_MEDIA_COMPATIBLE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 76, METHOD_BUFFERED, FILE_WRITE_DATA)
3524 #define FSCTL_SET_DEFECT_MANAGEMENT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 77, METHOD_BUFFERED, FILE_WRITE_DATA)
3525 #define FSCTL_QUERY_SPARING_INFO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 78, METHOD_BUFFERED, FILE_ANY_ACCESS)
3526 #define FSCTL_QUERY_ON_DISK_VOLUME_INFO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 79, METHOD_BUFFERED, FILE_ANY_ACCESS)
3527 #define FSCTL_SET_VOLUME_COMPRESSION_STATE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 80, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
3528 #define FSCTL_TXFS_MODIFY_RM CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 81, METHOD_BUFFERED, FILE_WRITE_DATA)
3529 #define FSCTL_TXFS_QUERY_RM_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 82, METHOD_BUFFERED, FILE_READ_DATA)
3530 #define FSCTL_TXFS_ROLLFORWARD_REDO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 84, METHOD_BUFFERED, FILE_WRITE_DATA)
3531 #define FSCTL_TXFS_ROLLFORWARD_UNDO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 85, METHOD_BUFFERED, FILE_WRITE_DATA)
3532 #define FSCTL_TXFS_START_RM CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 86, METHOD_BUFFERED, FILE_WRITE_DATA)
3533 #define FSCTL_TXFS_SHUTDOWN_RM CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 87, METHOD_BUFFERED, FILE_WRITE_DATA)
3534 #define FSCTL_TXFS_READ_BACKUP_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 88, METHOD_BUFFERED, FILE_READ_DATA)
3535 #define FSCTL_TXFS_WRITE_BACKUP_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 89, METHOD_BUFFERED, FILE_WRITE_DATA)
3536 #define FSCTL_TXFS_CREATE_SECONDARY_RM CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 90, METHOD_BUFFERED, FILE_WRITE_DATA)
3537 #define FSCTL_TXFS_GET_METADATA_INFO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 91, METHOD_BUFFERED, FILE_READ_DATA)
3538 #define FSCTL_TXFS_GET_TRANSACTED_VERSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 92, METHOD_BUFFERED, FILE_READ_DATA)
3539 #define FSCTL_TXFS_SAVEPOINT_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 94, METHOD_BUFFERED, FILE_WRITE_DATA)
3540 #define FSCTL_TXFS_CREATE_MINIVERSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 95, METHOD_BUFFERED, FILE_WRITE_DATA)
3541 #define FSCTL_TXFS_TRANSACTION_ACTIVE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 99, METHOD_BUFFERED, FILE_READ_DATA)
3542 #define FSCTL_SET_ZERO_ON_DEALLOCATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 101, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
3543 #define FSCTL_SET_REPAIR CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 102, METHOD_BUFFERED, FILE_ANY_ACCESS)
3544 #define FSCTL_GET_REPAIR CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 103, METHOD_BUFFERED, FILE_ANY_ACCESS)
3545 #define FSCTL_WAIT_FOR_REPAIR CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 104, METHOD_BUFFERED, FILE_ANY_ACCESS)
3546 #define FSCTL_INITIATE_REPAIR CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 106, METHOD_BUFFERED, FILE_ANY_ACCESS)
3547 #define FSCTL_CSC_INTERNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 107, METHOD_NEITHER, FILE_ANY_ACCESS)
3548 #define FSCTL_SHRINK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 108, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
3549 #define FSCTL_SET_SHORT_NAME_BEHAVIOR CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 109, METHOD_BUFFERED, FILE_ANY_ACCESS)
3550 #define FSCTL_DFSR_SET_GHOST_HANDLE_STATE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 110, METHOD_BUFFERED, FILE_ANY_ACCESS)
3552 #define FSCTL_TXFS_LIST_TRANSACTION_LOCKED_FILES \
3553 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_READ_DATA)
3554 #define FSCTL_TXFS_LIST_TRANSACTIONS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 121, METHOD_BUFFERED, FILE_READ_DATA)
3555 #define FSCTL_QUERY_PAGEFILE_ENCRYPTION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 122, METHOD_BUFFERED, FILE_ANY_ACCESS)
3556 #define FSCTL_RESET_VOLUME_ALLOCATION_HINTS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 123, METHOD_BUFFERED, FILE_ANY_ACCESS)
3557 #define FSCTL_TXFS_READ_BACKUP_INFORMATION2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 126, METHOD_BUFFERED, FILE_ANY_ACCESS)
3561 #if (_WIN32_WINNT >= 0x0601)
3563 #define FSCTL_QUERY_DEPENDENT_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 124, METHOD_BUFFERED, FILE_ANY_ACCESS)
3564 #define FSCTL_SD_GLOBAL_CHANGE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 125, METHOD_BUFFERED, FILE_ANY_ACCESS)
3565 #define FSCTL_LOOKUP_STREAM_FROM_CLUSTER CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 127, METHOD_BUFFERED, FILE_ANY_ACCESS)
3566 #define FSCTL_TXFS_WRITE_BACKUP_INFORMATION2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 128, METHOD_BUFFERED, FILE_ANY_ACCESS)
3567 #define FSCTL_FILE_TYPE_NOTIFICATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 129, METHOD_BUFFERED, FILE_ANY_ACCESS)
3568 #define FSCTL_GET_BOOT_AREA_INFO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 140, METHOD_BUFFERED, FILE_ANY_ACCESS)
3569 #define FSCTL_GET_RETRIEVAL_POINTER_BASE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 141, METHOD_BUFFERED, FILE_ANY_ACCESS)
3570 #define FSCTL_SET_PERSISTENT_VOLUME_STATE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 142, METHOD_BUFFERED, FILE_ANY_ACCESS)
3571 #define FSCTL_QUERY_PERSISTENT_VOLUME_STATE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 143, METHOD_BUFFERED, FILE_ANY_ACCESS)
3573 #define FSCTL_REQUEST_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 144, METHOD_BUFFERED, FILE_ANY_ACCESS)
3575 #define FSCTL_CSV_TUNNEL_REQUEST CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 145, METHOD_BUFFERED, FILE_ANY_ACCESS)
3576 #define FSCTL_IS_CSV_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 146, METHOD_BUFFERED, FILE_ANY_ACCESS)
3578 #define FSCTL_QUERY_FILE_SYSTEM_RECOGNITION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 147, METHOD_BUFFERED, FILE_ANY_ACCESS)
3579 #define FSCTL_CSV_GET_VOLUME_PATH_NAME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 148, METHOD_BUFFERED, FILE_ANY_ACCESS)
3580 #define FSCTL_CSV_GET_VOLUME_NAME_FOR_VOLUME_MOUNT_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 149, METHOD_BUFFERED, FILE_ANY_ACCESS)
3581 #define FSCTL_CSV_GET_VOLUME_PATH_NAMES_FOR_VOLUME_NAME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 150, METHOD_BUFFERED, FILE_ANY_ACCESS)
3582 #define FSCTL_IS_FILE_ON_CSV_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 151, METHOD_BUFFERED, FILE_ANY_ACCESS)
3584 typedef struct _CSV_NAMESPACE_INFO
{
3587 LARGE_INTEGER StartingOffset
;
3589 } CSV_NAMESPACE_INFO
, *PCSV_NAMESPACE_INFO
;
3591 #define CSV_NAMESPACE_INFO_V1 (sizeof(CSV_NAMESPACE_INFO))
3592 #define CSV_INVALID_DEVICE_NUMBER 0xFFFFFFFF
3596 #define FSCTL_MARK_AS_SYSTEM_HIVE FSCTL_SET_BOOTLOADER_ACCESSED
3598 typedef struct _PATHNAME_BUFFER
{
3599 ULONG PathNameLength
;
3601 } PATHNAME_BUFFER
, *PPATHNAME_BUFFER
;
3603 typedef struct _FSCTL_QUERY_FAT_BPB_BUFFER
{
3604 UCHAR First0x24BytesOfBootSector
[0x24];
3605 } FSCTL_QUERY_FAT_BPB_BUFFER
, *PFSCTL_QUERY_FAT_BPB_BUFFER
;
3607 #if (_WIN32_WINNT >= 0x0400)
3609 typedef struct _NTFS_VOLUME_DATA_BUFFER
{
3610 LARGE_INTEGER VolumeSerialNumber
;
3611 LARGE_INTEGER NumberSectors
;
3612 LARGE_INTEGER TotalClusters
;
3613 LARGE_INTEGER FreeClusters
;
3614 LARGE_INTEGER TotalReserved
;
3615 ULONG BytesPerSector
;
3616 ULONG BytesPerCluster
;
3617 ULONG BytesPerFileRecordSegment
;
3618 ULONG ClustersPerFileRecordSegment
;
3619 LARGE_INTEGER MftValidDataLength
;
3620 LARGE_INTEGER MftStartLcn
;
3621 LARGE_INTEGER Mft2StartLcn
;
3622 LARGE_INTEGER MftZoneStart
;
3623 LARGE_INTEGER MftZoneEnd
;
3624 } NTFS_VOLUME_DATA_BUFFER
, *PNTFS_VOLUME_DATA_BUFFER
;
3626 typedef struct _NTFS_EXTENDED_VOLUME_DATA
{
3628 USHORT MajorVersion
;
3629 USHORT MinorVersion
;
3630 } NTFS_EXTENDED_VOLUME_DATA
, *PNTFS_EXTENDED_VOLUME_DATA
;
3632 typedef struct _STARTING_LCN_INPUT_BUFFER
{
3633 LARGE_INTEGER StartingLcn
;
3634 } STARTING_LCN_INPUT_BUFFER
, *PSTARTING_LCN_INPUT_BUFFER
;
3636 typedef struct _VOLUME_BITMAP_BUFFER
{
3637 LARGE_INTEGER StartingLcn
;
3638 LARGE_INTEGER BitmapSize
;
3640 } VOLUME_BITMAP_BUFFER
, *PVOLUME_BITMAP_BUFFER
;
3642 typedef struct _STARTING_VCN_INPUT_BUFFER
{
3643 LARGE_INTEGER StartingVcn
;
3644 } STARTING_VCN_INPUT_BUFFER
, *PSTARTING_VCN_INPUT_BUFFER
;
3646 typedef struct _RETRIEVAL_POINTERS_BUFFER
{
3648 LARGE_INTEGER StartingVcn
;
3650 LARGE_INTEGER NextVcn
;
3653 } RETRIEVAL_POINTERS_BUFFER
, *PRETRIEVAL_POINTERS_BUFFER
;
3655 typedef struct _NTFS_FILE_RECORD_INPUT_BUFFER
{
3656 LARGE_INTEGER FileReferenceNumber
;
3657 } NTFS_FILE_RECORD_INPUT_BUFFER
, *PNTFS_FILE_RECORD_INPUT_BUFFER
;
3659 typedef struct _NTFS_FILE_RECORD_OUTPUT_BUFFER
{
3660 LARGE_INTEGER FileReferenceNumber
;
3661 ULONG FileRecordLength
;
3662 UCHAR FileRecordBuffer
[1];
3663 } NTFS_FILE_RECORD_OUTPUT_BUFFER
, *PNTFS_FILE_RECORD_OUTPUT_BUFFER
;
3665 typedef struct _MOVE_FILE_DATA
{
3667 LARGE_INTEGER StartingVcn
;
3668 LARGE_INTEGER StartingLcn
;
3670 } MOVE_FILE_DATA
, *PMOVE_FILE_DATA
;
3672 typedef struct _MOVE_FILE_RECORD_DATA
{
3674 LARGE_INTEGER SourceFileRecord
;
3675 LARGE_INTEGER TargetFileRecord
;
3676 } MOVE_FILE_RECORD_DATA
, *PMOVE_FILE_RECORD_DATA
;
3679 typedef struct _MOVE_FILE_DATA32
{
3681 LARGE_INTEGER StartingVcn
;
3682 LARGE_INTEGER StartingLcn
;
3684 } MOVE_FILE_DATA32
, *PMOVE_FILE_DATA32
;
3687 #endif /* (_WIN32_WINNT >= 0x0400) */
3689 #if (_WIN32_WINNT >= 0x0500)
3691 typedef struct _FIND_BY_SID_DATA
{
3694 } FIND_BY_SID_DATA
, *PFIND_BY_SID_DATA
;
3696 typedef struct _FIND_BY_SID_OUTPUT
{
3697 ULONG NextEntryOffset
;
3699 ULONG FileNameLength
;
3701 } FIND_BY_SID_OUTPUT
, *PFIND_BY_SID_OUTPUT
;
3703 typedef struct _MFT_ENUM_DATA
{
3704 ULONGLONG StartFileReferenceNumber
;
3707 } MFT_ENUM_DATA
, *PMFT_ENUM_DATA
;
3709 typedef struct _CREATE_USN_JOURNAL_DATA
{
3710 ULONGLONG MaximumSize
;
3711 ULONGLONG AllocationDelta
;
3712 } CREATE_USN_JOURNAL_DATA
, *PCREATE_USN_JOURNAL_DATA
;
3714 typedef struct _READ_USN_JOURNAL_DATA
{
3717 ULONG ReturnOnlyOnClose
;
3719 ULONGLONG BytesToWaitFor
;
3720 ULONGLONG UsnJournalID
;
3721 } READ_USN_JOURNAL_DATA
, *PREAD_USN_JOURNAL_DATA
;
3723 typedef struct _USN_RECORD
{
3725 USHORT MajorVersion
;
3726 USHORT MinorVersion
;
3727 ULONGLONG FileReferenceNumber
;
3728 ULONGLONG ParentFileReferenceNumber
;
3730 LARGE_INTEGER TimeStamp
;
3734 ULONG FileAttributes
;
3735 USHORT FileNameLength
;
3736 USHORT FileNameOffset
;
3738 } USN_RECORD
, *PUSN_RECORD
;
3740 #define USN_PAGE_SIZE (0x1000)
3742 #define USN_REASON_DATA_OVERWRITE (0x00000001)
3743 #define USN_REASON_DATA_EXTEND (0x00000002)
3744 #define USN_REASON_DATA_TRUNCATION (0x00000004)
3745 #define USN_REASON_NAMED_DATA_OVERWRITE (0x00000010)
3746 #define USN_REASON_NAMED_DATA_EXTEND (0x00000020)
3747 #define USN_REASON_NAMED_DATA_TRUNCATION (0x00000040)
3748 #define USN_REASON_FILE_CREATE (0x00000100)
3749 #define USN_REASON_FILE_DELETE (0x00000200)
3750 #define USN_REASON_EA_CHANGE (0x00000400)
3751 #define USN_REASON_SECURITY_CHANGE (0x00000800)
3752 #define USN_REASON_RENAME_OLD_NAME (0x00001000)
3753 #define USN_REASON_RENAME_NEW_NAME (0x00002000)
3754 #define USN_REASON_INDEXABLE_CHANGE (0x00004000)
3755 #define USN_REASON_BASIC_INFO_CHANGE (0x00008000)
3756 #define USN_REASON_HARD_LINK_CHANGE (0x00010000)
3757 #define USN_REASON_COMPRESSION_CHANGE (0x00020000)
3758 #define USN_REASON_ENCRYPTION_CHANGE (0x00040000)
3759 #define USN_REASON_OBJECT_ID_CHANGE (0x00080000)
3760 #define USN_REASON_REPARSE_POINT_CHANGE (0x00100000)
3761 #define USN_REASON_STREAM_CHANGE (0x00200000)
3762 #define USN_REASON_TRANSACTED_CHANGE (0x00400000)
3763 #define USN_REASON_CLOSE (0x80000000)
3765 typedef struct _USN_JOURNAL_DATA
{
3766 ULONGLONG UsnJournalID
;
3771 ULONGLONG MaximumSize
;
3772 ULONGLONG AllocationDelta
;
3773 } USN_JOURNAL_DATA
, *PUSN_JOURNAL_DATA
;
3775 typedef struct _DELETE_USN_JOURNAL_DATA
{
3776 ULONGLONG UsnJournalID
;
3778 } DELETE_USN_JOURNAL_DATA
, *PDELETE_USN_JOURNAL_DATA
;
3780 #define USN_DELETE_FLAG_DELETE (0x00000001)
3781 #define USN_DELETE_FLAG_NOTIFY (0x00000002)
3782 #define USN_DELETE_VALID_FLAGS (0x00000003)
3784 typedef struct _MARK_HANDLE_INFO
{
3785 ULONG UsnSourceInfo
;
3786 HANDLE VolumeHandle
;
3788 } MARK_HANDLE_INFO
, *PMARK_HANDLE_INFO
;
3791 typedef struct _MARK_HANDLE_INFO32
{
3792 ULONG UsnSourceInfo
;
3793 UINT32 VolumeHandle
;
3795 } MARK_HANDLE_INFO32
, *PMARK_HANDLE_INFO32
;
3798 #define USN_SOURCE_DATA_MANAGEMENT (0x00000001)
3799 #define USN_SOURCE_AUXILIARY_DATA (0x00000002)
3800 #define USN_SOURCE_REPLICATION_MANAGEMENT (0x00000004)
3802 #define MARK_HANDLE_PROTECT_CLUSTERS (0x00000001)
3803 #define MARK_HANDLE_TXF_SYSTEM_LOG (0x00000004)
3804 #define MARK_HANDLE_NOT_TXF_SYSTEM_LOG (0x00000008)
3806 typedef struct _BULK_SECURITY_TEST_DATA
{
3807 ACCESS_MASK DesiredAccess
;
3808 ULONG SecurityIds
[1];
3809 } BULK_SECURITY_TEST_DATA
, *PBULK_SECURITY_TEST_DATA
;
3811 #define VOLUME_IS_DIRTY (0x00000001)
3812 #define VOLUME_UPGRADE_SCHEDULED (0x00000002)
3813 #define VOLUME_SESSION_OPEN (0x00000004)
3815 typedef struct _FILE_PREFETCH
{
3818 ULONGLONG Prefetch
[1];
3819 } FILE_PREFETCH
, *PFILE_PREFETCH
;
3821 typedef struct _FILE_PREFETCH_EX
{
3825 ULONGLONG Prefetch
[1];
3826 } FILE_PREFETCH_EX
, *PFILE_PREFETCH_EX
;
3828 #define FILE_PREFETCH_TYPE_FOR_CREATE 0x1
3829 #define FILE_PREFETCH_TYPE_FOR_DIRENUM 0x2
3830 #define FILE_PREFETCH_TYPE_FOR_CREATE_EX 0x3
3831 #define FILE_PREFETCH_TYPE_FOR_DIRENUM_EX 0x4
3833 #define FILE_PREFETCH_TYPE_MAX 0x4
3835 typedef struct _FILE_OBJECTID_BUFFER
{
3839 UCHAR BirthVolumeId
[16];
3840 UCHAR BirthObjectId
[16];
3843 UCHAR ExtendedInfo
[48];
3845 } FILE_OBJECTID_BUFFER
, *PFILE_OBJECTID_BUFFER
;
3847 typedef struct _FILE_SET_SPARSE_BUFFER
{
3849 } FILE_SET_SPARSE_BUFFER
, *PFILE_SET_SPARSE_BUFFER
;
3851 typedef struct _FILE_ZERO_DATA_INFORMATION
{
3852 LARGE_INTEGER FileOffset
;
3853 LARGE_INTEGER BeyondFinalZero
;
3854 } FILE_ZERO_DATA_INFORMATION
, *PFILE_ZERO_DATA_INFORMATION
;
3856 typedef struct _FILE_ALLOCATED_RANGE_BUFFER
{
3857 LARGE_INTEGER FileOffset
;
3858 LARGE_INTEGER Length
;
3859 } FILE_ALLOCATED_RANGE_BUFFER
, *PFILE_ALLOCATED_RANGE_BUFFER
;
3861 typedef struct _ENCRYPTION_BUFFER
{
3862 ULONG EncryptionOperation
;
3864 } ENCRYPTION_BUFFER
, *PENCRYPTION_BUFFER
;
3866 #define FILE_SET_ENCRYPTION 0x00000001
3867 #define FILE_CLEAR_ENCRYPTION 0x00000002
3868 #define STREAM_SET_ENCRYPTION 0x00000003
3869 #define STREAM_CLEAR_ENCRYPTION 0x00000004
3871 #define MAXIMUM_ENCRYPTION_VALUE 0x00000004
3873 typedef struct _DECRYPTION_STATUS_BUFFER
{
3874 BOOLEAN NoEncryptedStreams
;
3875 } DECRYPTION_STATUS_BUFFER
, *PDECRYPTION_STATUS_BUFFER
;
3877 #define ENCRYPTION_FORMAT_DEFAULT (0x01)
3879 #define COMPRESSION_FORMAT_SPARSE (0x4000)
3881 typedef struct _REQUEST_RAW_ENCRYPTED_DATA
{
3882 LONGLONG FileOffset
;
3884 } REQUEST_RAW_ENCRYPTED_DATA
, *PREQUEST_RAW_ENCRYPTED_DATA
;
3886 typedef struct _ENCRYPTED_DATA_INFO
{
3887 ULONGLONG StartingFileOffset
;
3888 ULONG OutputBufferOffset
;
3889 ULONG BytesWithinFileSize
;
3890 ULONG BytesWithinValidDataLength
;
3891 USHORT CompressionFormat
;
3892 UCHAR DataUnitShift
;
3895 UCHAR EncryptionFormat
;
3896 USHORT NumberOfDataBlocks
;
3897 ULONG DataBlockSize
[ANYSIZE_ARRAY
];
3898 } ENCRYPTED_DATA_INFO
, *PENCRYPTED_DATA_INFO
;
3900 typedef struct _PLEX_READ_DATA_REQUEST
{
3901 LARGE_INTEGER ByteOffset
;
3904 } PLEX_READ_DATA_REQUEST
, *PPLEX_READ_DATA_REQUEST
;
3906 typedef struct _SI_COPYFILE
{
3907 ULONG SourceFileNameLength
;
3908 ULONG DestinationFileNameLength
;
3910 WCHAR FileNameBuffer
[1];
3911 } SI_COPYFILE
, *PSI_COPYFILE
;
3913 #define COPYFILE_SIS_LINK 0x0001
3914 #define COPYFILE_SIS_REPLACE 0x0002
3915 #define COPYFILE_SIS_FLAGS 0x0003
3917 #endif /* (_WIN32_WINNT >= 0x0500) */
3919 #if (_WIN32_WINNT >= 0x0600)
3921 typedef struct _FILE_MAKE_COMPATIBLE_BUFFER
{
3923 } FILE_MAKE_COMPATIBLE_BUFFER
, *PFILE_MAKE_COMPATIBLE_BUFFER
;
3925 typedef struct _FILE_SET_DEFECT_MGMT_BUFFER
{
3927 } FILE_SET_DEFECT_MGMT_BUFFER
, *PFILE_SET_DEFECT_MGMT_BUFFER
;
3929 typedef struct _FILE_QUERY_SPARING_BUFFER
{
3930 ULONG SparingUnitBytes
;
3931 BOOLEAN SoftwareSparing
;
3932 ULONG TotalSpareBlocks
;
3933 ULONG FreeSpareBlocks
;
3934 } FILE_QUERY_SPARING_BUFFER
, *PFILE_QUERY_SPARING_BUFFER
;
3936 typedef struct _FILE_QUERY_ON_DISK_VOL_INFO_BUFFER
{
3937 LARGE_INTEGER DirectoryCount
;
3938 LARGE_INTEGER FileCount
;
3939 USHORT FsFormatMajVersion
;
3940 USHORT FsFormatMinVersion
;
3941 WCHAR FsFormatName
[12];
3942 LARGE_INTEGER FormatTime
;
3943 LARGE_INTEGER LastUpdateTime
;
3944 WCHAR CopyrightInfo
[34];
3945 WCHAR AbstractInfo
[34];
3946 WCHAR FormattingImplementationInfo
[34];
3947 WCHAR LastModifyingImplementationInfo
[34];
3948 } FILE_QUERY_ON_DISK_VOL_INFO_BUFFER
, *PFILE_QUERY_ON_DISK_VOL_INFO_BUFFER
;
3950 #define SET_REPAIR_ENABLED (0x00000001)
3951 #define SET_REPAIR_VOLUME_BITMAP_SCAN (0x00000002)
3952 #define SET_REPAIR_DELETE_CROSSLINK (0x00000004)
3953 #define SET_REPAIR_WARN_ABOUT_DATA_LOSS (0x00000008)
3954 #define SET_REPAIR_DISABLED_AND_BUGCHECK_ON_CORRUPT (0x00000010)
3955 #define SET_REPAIR_VALID_MASK (0x0000001F)
3957 typedef enum _SHRINK_VOLUME_REQUEST_TYPES
{
3961 } SHRINK_VOLUME_REQUEST_TYPES
, *PSHRINK_VOLUME_REQUEST_TYPES
;
3963 typedef struct _SHRINK_VOLUME_INFORMATION
{
3964 SHRINK_VOLUME_REQUEST_TYPES ShrinkRequestType
;
3966 LONGLONG NewNumberOfSectors
;
3967 } SHRINK_VOLUME_INFORMATION
, *PSHRINK_VOLUME_INFORMATION
;
3969 #define TXFS_RM_FLAG_LOGGING_MODE 0x00000001
3970 #define TXFS_RM_FLAG_RENAME_RM 0x00000002
3971 #define TXFS_RM_FLAG_LOG_CONTAINER_COUNT_MAX 0x00000004
3972 #define TXFS_RM_FLAG_LOG_CONTAINER_COUNT_MIN 0x00000008
3973 #define TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS 0x00000010
3974 #define TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT 0x00000020
3975 #define TXFS_RM_FLAG_LOG_AUTO_SHRINK_PERCENTAGE 0x00000040
3976 #define TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX 0x00000080
3977 #define TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MIN 0x00000100
3978 #define TXFS_RM_FLAG_GROW_LOG 0x00000400
3979 #define TXFS_RM_FLAG_SHRINK_LOG 0x00000800
3980 #define TXFS_RM_FLAG_ENFORCE_MINIMUM_SIZE 0x00001000
3981 #define TXFS_RM_FLAG_PRESERVE_CHANGES 0x00002000
3982 #define TXFS_RM_FLAG_RESET_RM_AT_NEXT_START 0x00004000
3983 #define TXFS_RM_FLAG_DO_NOT_RESET_RM_AT_NEXT_START 0x00008000
3984 #define TXFS_RM_FLAG_PREFER_CONSISTENCY 0x00010000
3985 #define TXFS_RM_FLAG_PREFER_AVAILABILITY 0x00020000
3987 #define TXFS_LOGGING_MODE_SIMPLE (0x0001)
3988 #define TXFS_LOGGING_MODE_FULL (0x0002)
3990 #define TXFS_TRANSACTION_STATE_NONE 0x00
3991 #define TXFS_TRANSACTION_STATE_ACTIVE 0x01
3992 #define TXFS_TRANSACTION_STATE_PREPARED 0x02
3993 #define TXFS_TRANSACTION_STATE_NOTACTIVE 0x03
3995 #define TXFS_MODIFY_RM_VALID_FLAGS \
3996 (TXFS_RM_FLAG_LOGGING_MODE | \
3997 TXFS_RM_FLAG_RENAME_RM | \
3998 TXFS_RM_FLAG_LOG_CONTAINER_COUNT_MAX | \
3999 TXFS_RM_FLAG_LOG_CONTAINER_COUNT_MIN | \
4000 TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS | \
4001 TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT | \
4002 TXFS_RM_FLAG_LOG_AUTO_SHRINK_PERCENTAGE | \
4003 TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX | \
4004 TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MIN | \
4005 TXFS_RM_FLAG_SHRINK_LOG | \
4006 TXFS_RM_FLAG_GROW_LOG | \
4007 TXFS_RM_FLAG_ENFORCE_MINIMUM_SIZE | \
4008 TXFS_RM_FLAG_PRESERVE_CHANGES | \
4009 TXFS_RM_FLAG_RESET_RM_AT_NEXT_START | \
4010 TXFS_RM_FLAG_DO_NOT_RESET_RM_AT_NEXT_START | \
4011 TXFS_RM_FLAG_PREFER_CONSISTENCY | \
4012 TXFS_RM_FLAG_PREFER_AVAILABILITY)
4014 typedef struct _TXFS_MODIFY_RM
{
4016 ULONG LogContainerCountMax
;
4017 ULONG LogContainerCountMin
;
4018 ULONG LogContainerCount
;
4019 ULONG LogGrowthIncrement
;
4020 ULONG LogAutoShrinkPercentage
;
4023 } TXFS_MODIFY_RM
, *PTXFS_MODIFY_RM
;
4025 #define TXFS_RM_STATE_NOT_STARTED 0
4026 #define TXFS_RM_STATE_STARTING 1
4027 #define TXFS_RM_STATE_ACTIVE 2
4028 #define TXFS_RM_STATE_SHUTTING_DOWN 3
4030 #define TXFS_QUERY_RM_INFORMATION_VALID_FLAGS \
4031 (TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS | \
4032 TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT | \
4033 TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX | \
4034 TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MIN | \
4035 TXFS_RM_FLAG_RESET_RM_AT_NEXT_START | \
4036 TXFS_RM_FLAG_DO_NOT_RESET_RM_AT_NEXT_START | \
4037 TXFS_RM_FLAG_PREFER_CONSISTENCY | \
4038 TXFS_RM_FLAG_PREFER_AVAILABILITY)
4040 typedef struct _TXFS_QUERY_RM_INFORMATION
{
4041 ULONG BytesRequired
;
4043 ULONGLONG CurrentLsn
;
4044 ULONGLONG ArchiveTailLsn
;
4045 ULONGLONG LogContainerSize
;
4046 LARGE_INTEGER HighestVirtualClock
;
4047 ULONG LogContainerCount
;
4048 ULONG LogContainerCountMax
;
4049 ULONG LogContainerCountMin
;
4050 ULONG LogGrowthIncrement
;
4051 ULONG LogAutoShrinkPercentage
;
4056 ULONGLONG LogCapacity
;
4060 ULONGLONG TransactionCount
;
4061 ULONGLONG OnePCCount
;
4062 ULONGLONG TwoPCCount
;
4063 ULONGLONG NumberLogFileFull
;
4064 ULONGLONG OldestTransactionAge
;
4066 ULONG TmLogPathOffset
;
4067 } TXFS_QUERY_RM_INFORMATION
, *PTXFS_QUERY_RM_INFORMATION
;
4069 #define TXFS_ROLLFORWARD_REDO_FLAG_USE_LAST_REDO_LSN 0x01
4070 #define TXFS_ROLLFORWARD_REDO_FLAG_USE_LAST_VIRTUAL_CLOCK 0x02
4072 #define TXFS_ROLLFORWARD_REDO_VALID_FLAGS \
4073 (TXFS_ROLLFORWARD_REDO_FLAG_USE_LAST_REDO_LSN | \
4074 TXFS_ROLLFORWARD_REDO_FLAG_USE_LAST_VIRTUAL_CLOCK)
4076 typedef struct _TXFS_ROLLFORWARD_REDO_INFORMATION
{
4077 LARGE_INTEGER LastVirtualClock
;
4078 ULONGLONG LastRedoLsn
;
4079 ULONGLONG HighestRecoveryLsn
;
4081 } TXFS_ROLLFORWARD_REDO_INFORMATION
, *PTXFS_ROLLFORWARD_REDO_INFORMATION
;
4083 #define TXFS_START_RM_FLAG_LOG_CONTAINER_COUNT_MAX 0x00000001
4084 #define TXFS_START_RM_FLAG_LOG_CONTAINER_COUNT_MIN 0x00000002
4085 #define TXFS_START_RM_FLAG_LOG_CONTAINER_SIZE 0x00000004
4086 #define TXFS_START_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS 0x00000008
4087 #define TXFS_START_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT 0x00000010
4088 #define TXFS_START_RM_FLAG_LOG_AUTO_SHRINK_PERCENTAGE 0x00000020
4089 #define TXFS_START_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX 0x00000040
4090 #define TXFS_START_RM_FLAG_LOG_NO_CONTAINER_COUNT_MIN 0x00000080
4092 #define TXFS_START_RM_FLAG_RECOVER_BEST_EFFORT 0x00000200
4093 #define TXFS_START_RM_FLAG_LOGGING_MODE 0x00000400
4094 #define TXFS_START_RM_FLAG_PRESERVE_CHANGES 0x00000800
4096 #define TXFS_START_RM_FLAG_PREFER_CONSISTENCY 0x00001000
4097 #define TXFS_START_RM_FLAG_PREFER_AVAILABILITY 0x00002000
4099 #define TXFS_START_RM_VALID_FLAGS \
4100 (TXFS_START_RM_FLAG_LOG_CONTAINER_COUNT_MAX | \
4101 TXFS_START_RM_FLAG_LOG_CONTAINER_COUNT_MIN | \
4102 TXFS_START_RM_FLAG_LOG_CONTAINER_SIZE | \
4103 TXFS_START_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS | \
4104 TXFS_START_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT | \
4105 TXFS_START_RM_FLAG_LOG_AUTO_SHRINK_PERCENTAGE | \
4106 TXFS_START_RM_FLAG_RECOVER_BEST_EFFORT | \
4107 TXFS_START_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX | \
4108 TXFS_START_RM_FLAG_LOGGING_MODE | \
4109 TXFS_START_RM_FLAG_PRESERVE_CHANGES | \
4110 TXFS_START_RM_FLAG_PREFER_CONSISTENCY | \
4111 TXFS_START_RM_FLAG_PREFER_AVAILABILITY)
4113 typedef struct _TXFS_START_RM_INFORMATION
{
4115 ULONGLONG LogContainerSize
;
4116 ULONG LogContainerCountMin
;
4117 ULONG LogContainerCountMax
;
4118 ULONG LogGrowthIncrement
;
4119 ULONG LogAutoShrinkPercentage
;
4120 ULONG TmLogPathOffset
;
4121 USHORT TmLogPathLength
;
4123 USHORT LogPathLength
;
4126 } TXFS_START_RM_INFORMATION
, *PTXFS_START_RM_INFORMATION
;
4128 typedef struct _TXFS_GET_METADATA_INFO_OUT
{
4133 GUID LockingTransaction
;
4135 ULONG TransactionState
;
4136 } TXFS_GET_METADATA_INFO_OUT
, *PTXFS_GET_METADATA_INFO_OUT
;
4138 #define TXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY_FLAG_CREATED 0x00000001
4139 #define TXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY_FLAG_DELETED 0x00000002
4141 typedef struct _TXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY
{
4149 } TXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY
, *PTXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY
;
4151 typedef struct _TXFS_LIST_TRANSACTION_LOCKED_FILES
{
4152 GUID KtmTransaction
;
4153 ULONGLONG NumberOfFiles
;
4154 ULONGLONG BufferSizeRequired
;
4156 } TXFS_LIST_TRANSACTION_LOCKED_FILES
, *PTXFS_LIST_TRANSACTION_LOCKED_FILES
;
4158 typedef struct _TXFS_LIST_TRANSACTIONS_ENTRY
{
4160 ULONG TransactionState
;
4164 } TXFS_LIST_TRANSACTIONS_ENTRY
, *PTXFS_LIST_TRANSACTIONS_ENTRY
;
4166 typedef struct _TXFS_LIST_TRANSACTIONS
{
4167 ULONGLONG NumberOfTransactions
;
4168 ULONGLONG BufferSizeRequired
;
4169 } TXFS_LIST_TRANSACTIONS
, *PTXFS_LIST_TRANSACTIONS
;
4171 typedef struct _TXFS_READ_BACKUP_INFORMATION_OUT
{
4176 } TXFS_READ_BACKUP_INFORMATION_OUT
, *PTXFS_READ_BACKUP_INFORMATION_OUT
;
4178 typedef struct _TXFS_WRITE_BACKUP_INFORMATION
{
4180 } TXFS_WRITE_BACKUP_INFORMATION
, *PTXFS_WRITE_BACKUP_INFORMATION
;
4182 #define TXFS_TRANSACTED_VERSION_NONTRANSACTED 0xFFFFFFFE
4183 #define TXFS_TRANSACTED_VERSION_UNCOMMITTED 0xFFFFFFFF
4185 typedef struct _TXFS_GET_TRANSACTED_VERSION
{
4186 ULONG ThisBaseVersion
;
4187 ULONG LatestVersion
;
4188 USHORT ThisMiniVersion
;
4189 USHORT FirstMiniVersion
;
4190 USHORT LatestMiniVersion
;
4191 } TXFS_GET_TRANSACTED_VERSION
, *PTXFS_GET_TRANSACTED_VERSION
;
4193 #define TXFS_SAVEPOINT_SET 0x00000001
4194 #define TXFS_SAVEPOINT_ROLLBACK 0x00000002
4195 #define TXFS_SAVEPOINT_CLEAR 0x00000004
4196 #define TXFS_SAVEPOINT_CLEAR_ALL 0x00000010
4198 typedef struct _TXFS_SAVEPOINT_INFORMATION
{
4199 HANDLE KtmTransaction
;
4202 } TXFS_SAVEPOINT_INFORMATION
, *PTXFS_SAVEPOINT_INFORMATION
;
4204 typedef struct _TXFS_CREATE_MINIVERSION_INFO
{
4205 USHORT StructureVersion
;
4206 USHORT StructureLength
;
4209 } TXFS_CREATE_MINIVERSION_INFO
, *PTXFS_CREATE_MINIVERSION_INFO
;
4211 typedef struct _TXFS_TRANSACTION_ACTIVE_INFO
{
4212 BOOLEAN TransactionsActiveAtSnapshot
;
4213 } TXFS_TRANSACTION_ACTIVE_INFO
, *PTXFS_TRANSACTION_ACTIVE_INFO
;
4215 #endif /* (_WIN32_WINNT >= 0x0600) */
4217 #if (_WIN32_WINNT >= 0x0601)
4219 #define MARK_HANDLE_REALTIME (0x00000020)
4220 #define MARK_HANDLE_NOT_REALTIME (0x00000040)
4222 #define NO_8DOT3_NAME_PRESENT (0x00000001)
4223 #define REMOVED_8DOT3_NAME (0x00000002)
4225 #define PERSISTENT_VOLUME_STATE_SHORT_NAME_CREATION_DISABLED (0x00000001)
4227 typedef struct _BOOT_AREA_INFO
{
4228 ULONG BootSectorCount
;
4230 LARGE_INTEGER Offset
;
4232 } BOOT_AREA_INFO
, *PBOOT_AREA_INFO
;
4234 typedef struct _RETRIEVAL_POINTER_BASE
{
4235 LARGE_INTEGER FileAreaOffset
;
4236 } RETRIEVAL_POINTER_BASE
, *PRETRIEVAL_POINTER_BASE
;
4238 typedef struct _FILE_FS_PERSISTENT_VOLUME_INFORMATION
{
4243 } FILE_FS_PERSISTENT_VOLUME_INFORMATION
, *PFILE_FS_PERSISTENT_VOLUME_INFORMATION
;
4245 typedef struct _FILE_SYSTEM_RECOGNITION_INFORMATION
{
4247 } FILE_SYSTEM_RECOGNITION_INFORMATION
, *PFILE_SYSTEM_RECOGNITION_INFORMATION
;
4249 #define OPLOCK_LEVEL_CACHE_READ (0x00000001)
4250 #define OPLOCK_LEVEL_CACHE_HANDLE (0x00000002)
4251 #define OPLOCK_LEVEL_CACHE_WRITE (0x00000004)
4253 #define REQUEST_OPLOCK_INPUT_FLAG_REQUEST (0x00000001)
4254 #define REQUEST_OPLOCK_INPUT_FLAG_ACK (0x00000002)
4255 #define REQUEST_OPLOCK_INPUT_FLAG_COMPLETE_ACK_ON_CLOSE (0x00000004)
4257 #define REQUEST_OPLOCK_CURRENT_VERSION 1
4259 typedef struct _REQUEST_OPLOCK_INPUT_BUFFER
{
4260 USHORT StructureVersion
;
4261 USHORT StructureLength
;
4262 ULONG RequestedOplockLevel
;
4264 } REQUEST_OPLOCK_INPUT_BUFFER
, *PREQUEST_OPLOCK_INPUT_BUFFER
;
4266 #define REQUEST_OPLOCK_OUTPUT_FLAG_ACK_REQUIRED (0x00000001)
4267 #define REQUEST_OPLOCK_OUTPUT_FLAG_MODES_PROVIDED (0x00000002)
4269 typedef struct _REQUEST_OPLOCK_OUTPUT_BUFFER
{
4270 USHORT StructureVersion
;
4271 USHORT StructureLength
;
4272 ULONG OriginalOplockLevel
;
4273 ULONG NewOplockLevel
;
4275 ACCESS_MASK AccessMode
;
4277 } REQUEST_OPLOCK_OUTPUT_BUFFER
, *PREQUEST_OPLOCK_OUTPUT_BUFFER
;
4279 #define SD_GLOBAL_CHANGE_TYPE_MACHINE_SID 1
4281 typedef struct _SD_CHANGE_MACHINE_SID_INPUT
{
4282 USHORT CurrentMachineSIDOffset
;
4283 USHORT CurrentMachineSIDLength
;
4284 USHORT NewMachineSIDOffset
;
4285 USHORT NewMachineSIDLength
;
4286 } SD_CHANGE_MACHINE_SID_INPUT
, *PSD_CHANGE_MACHINE_SID_INPUT
;
4288 typedef struct _SD_CHANGE_MACHINE_SID_OUTPUT
{
4289 ULONGLONG NumSDChangedSuccess
;
4290 ULONGLONG NumSDChangedFail
;
4291 ULONGLONG NumSDUnused
;
4292 ULONGLONG NumSDTotal
;
4293 ULONGLONG NumMftSDChangedSuccess
;
4294 ULONGLONG NumMftSDChangedFail
;
4295 ULONGLONG NumMftSDTotal
;
4296 } SD_CHANGE_MACHINE_SID_OUTPUT
, *PSD_CHANGE_MACHINE_SID_OUTPUT
;
4298 typedef struct _SD_GLOBAL_CHANGE_INPUT
{
4302 SD_CHANGE_MACHINE_SID_INPUT SdChange
;
4304 } SD_GLOBAL_CHANGE_INPUT
, *PSD_GLOBAL_CHANGE_INPUT
;
4306 typedef struct _SD_GLOBAL_CHANGE_OUTPUT
{
4310 SD_CHANGE_MACHINE_SID_OUTPUT SdChange
;
4312 } SD_GLOBAL_CHANGE_OUTPUT
, *PSD_GLOBAL_CHANGE_OUTPUT
;
4314 #define ENCRYPTED_DATA_INFO_SPARSE_FILE 1
4316 typedef struct _EXTENDED_ENCRYPTED_DATA_INFO
{
4321 } EXTENDED_ENCRYPTED_DATA_INFO
, *PEXTENDED_ENCRYPTED_DATA_INFO
;
4323 typedef struct _LOOKUP_STREAM_FROM_CLUSTER_INPUT
{
4325 ULONG NumberOfClusters
;
4326 LARGE_INTEGER Cluster
[1];
4327 } LOOKUP_STREAM_FROM_CLUSTER_INPUT
, *PLOOKUP_STREAM_FROM_CLUSTER_INPUT
;
4329 typedef struct _LOOKUP_STREAM_FROM_CLUSTER_OUTPUT
{
4331 ULONG NumberOfMatches
;
4332 ULONG BufferSizeRequired
;
4333 } LOOKUP_STREAM_FROM_CLUSTER_OUTPUT
, *PLOOKUP_STREAM_FROM_CLUSTER_OUTPUT
;
4335 #define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_FLAG_PAGE_FILE 0x00000001
4336 #define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_FLAG_DENY_DEFRAG_SET 0x00000002
4337 #define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_FLAG_FS_SYSTEM_FILE 0x00000004
4338 #define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_FLAG_TXF_SYSTEM_FILE 0x00000008
4340 #define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_ATTRIBUTE_MASK 0xff000000
4341 #define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_ATTRIBUTE_DATA 0x01000000
4342 #define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_ATTRIBUTE_INDEX 0x02000000
4343 #define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_ATTRIBUTE_SYSTEM 0x03000000
4345 typedef struct _LOOKUP_STREAM_FROM_CLUSTER_ENTRY
{
4348 LARGE_INTEGER Reserved
;
4349 LARGE_INTEGER Cluster
;
4351 } LOOKUP_STREAM_FROM_CLUSTER_ENTRY
, *PLOOKUP_STREAM_FROM_CLUSTER_ENTRY
;
4353 typedef struct _FILE_TYPE_NOTIFICATION_INPUT
{
4355 ULONG NumFileTypeIDs
;
4357 } FILE_TYPE_NOTIFICATION_INPUT
, *PFILE_TYPE_NOTIFICATION_INPUT
;
4359 #define FILE_TYPE_NOTIFICATION_FLAG_USAGE_BEGIN 0x00000001
4360 #define FILE_TYPE_NOTIFICATION_FLAG_USAGE_END 0x00000002
4362 DEFINE_GUID( FILE_TYPE_NOTIFICATION_GUID_PAGE_FILE
, 0x0d0a64a1, 0x38fc, 0x4db8, 0x9f, 0xe7, 0x3f, 0x43, 0x52, 0xcd, 0x7c, 0x5c );
4363 DEFINE_GUID( FILE_TYPE_NOTIFICATION_GUID_HIBERNATION_FILE
, 0xb7624d64, 0xb9a3, 0x4cf8, 0x80, 0x11, 0x5b, 0x86, 0xc9, 0x40, 0xe7, 0xb7 );
4364 DEFINE_GUID( FILE_TYPE_NOTIFICATION_GUID_CRASHDUMP_FILE
, 0x9d453eb7, 0xd2a6, 0x4dbd, 0xa2, 0xe3, 0xfb, 0xd0, 0xed, 0x91, 0x09, 0xa9 );
4366 #ifndef _VIRTUAL_STORAGE_TYPE_DEFINED
4367 #define _VIRTUAL_STORAGE_TYPE_DEFINED
4368 typedef struct _VIRTUAL_STORAGE_TYPE
{
4371 } VIRTUAL_STORAGE_TYPE
, *PVIRTUAL_STORAGE_TYPE
;
4374 typedef struct _STORAGE_QUERY_DEPENDENT_VOLUME_REQUEST
{
4377 } STORAGE_QUERY_DEPENDENT_VOLUME_REQUEST
, *PSTORAGE_QUERY_DEPENDENT_VOLUME_REQUEST
;
4379 #define QUERY_DEPENDENT_VOLUME_REQUEST_FLAG_HOST_VOLUMES 0x1
4380 #define QUERY_DEPENDENT_VOLUME_REQUEST_FLAG_GUEST_VOLUMES 0x2
4382 typedef struct _STORAGE_QUERY_DEPENDENT_VOLUME_LEV1_ENTRY
{
4384 ULONG DependencyTypeFlags
;
4385 ULONG ProviderSpecificFlags
;
4386 VIRTUAL_STORAGE_TYPE VirtualStorageType
;
4387 } STORAGE_QUERY_DEPENDENT_VOLUME_LEV1_ENTRY
, *PSTORAGE_QUERY_DEPENDENT_VOLUME_LEV1_ENTRY
;
4389 typedef struct _STORAGE_QUERY_DEPENDENT_VOLUME_LEV2_ENTRY
{
4391 ULONG DependencyTypeFlags
;
4392 ULONG ProviderSpecificFlags
;
4393 VIRTUAL_STORAGE_TYPE VirtualStorageType
;
4394 ULONG AncestorLevel
;
4395 ULONG HostVolumeNameOffset
;
4396 ULONG HostVolumeNameSize
;
4397 ULONG DependentVolumeNameOffset
;
4398 ULONG DependentVolumeNameSize
;
4399 ULONG RelativePathOffset
;
4400 ULONG RelativePathSize
;
4401 ULONG DependentDeviceNameOffset
;
4402 ULONG DependentDeviceNameSize
;
4403 } STORAGE_QUERY_DEPENDENT_VOLUME_LEV2_ENTRY
, *PSTORAGE_QUERY_DEPENDENT_VOLUME_LEV2_ENTRY
;
4405 typedef struct _STORAGE_QUERY_DEPENDENT_VOLUME_RESPONSE
{
4406 ULONG ResponseLevel
;
4407 ULONG NumberEntries
;
4409 STORAGE_QUERY_DEPENDENT_VOLUME_LEV1_ENTRY Lev1Depends
[];
4410 STORAGE_QUERY_DEPENDENT_VOLUME_LEV2_ENTRY Lev2Depends
[];
4412 } STORAGE_QUERY_DEPENDENT_VOLUME_RESPONSE
, *PSTORAGE_QUERY_DEPENDENT_VOLUME_RESPONSE
;
4414 #endif /* (_WIN32_WINNT >= 0x0601) */
4416 typedef struct _FILESYSTEM_STATISTICS
{
4417 USHORT FileSystemType
;
4419 ULONG SizeOfCompleteStructure
;
4420 ULONG UserFileReads
;
4421 ULONG UserFileReadBytes
;
4422 ULONG UserDiskReads
;
4423 ULONG UserFileWrites
;
4424 ULONG UserFileWriteBytes
;
4425 ULONG UserDiskWrites
;
4426 ULONG MetaDataReads
;
4427 ULONG MetaDataReadBytes
;
4428 ULONG MetaDataDiskReads
;
4429 ULONG MetaDataWrites
;
4430 ULONG MetaDataWriteBytes
;
4431 ULONG MetaDataDiskWrites
;
4432 } FILESYSTEM_STATISTICS
, *PFILESYSTEM_STATISTICS
;
4434 #define FILESYSTEM_STATISTICS_TYPE_NTFS 1
4435 #define FILESYSTEM_STATISTICS_TYPE_FAT 2
4436 #define FILESYSTEM_STATISTICS_TYPE_EXFAT 3
4438 typedef struct _FAT_STATISTICS
{
4440 ULONG SuccessfulCreates
;
4441 ULONG FailedCreates
;
4442 ULONG NonCachedReads
;
4443 ULONG NonCachedReadBytes
;
4444 ULONG NonCachedWrites
;
4445 ULONG NonCachedWriteBytes
;
4446 ULONG NonCachedDiskReads
;
4447 ULONG NonCachedDiskWrites
;
4448 } FAT_STATISTICS
, *PFAT_STATISTICS
;
4450 typedef struct _EXFAT_STATISTICS
{
4452 ULONG SuccessfulCreates
;
4453 ULONG FailedCreates
;
4454 ULONG NonCachedReads
;
4455 ULONG NonCachedReadBytes
;
4456 ULONG NonCachedWrites
;
4457 ULONG NonCachedWriteBytes
;
4458 ULONG NonCachedDiskReads
;
4459 ULONG NonCachedDiskWrites
;
4460 } EXFAT_STATISTICS
, *PEXFAT_STATISTICS
;
4462 typedef struct _NTFS_STATISTICS
{
4463 ULONG LogFileFullExceptions
;
4464 ULONG OtherExceptions
;
4468 ULONG MftWriteBytes
;
4474 } MftWritesUserLevel
;
4475 USHORT MftWritesFlushForLogFileFull
;
4476 USHORT MftWritesLazyWriter
;
4477 USHORT MftWritesUserRequest
;
4479 ULONG Mft2WriteBytes
;
4485 } Mft2WritesUserLevel
;
4486 USHORT Mft2WritesFlushForLogFileFull
;
4487 USHORT Mft2WritesLazyWriter
;
4488 USHORT Mft2WritesUserRequest
;
4489 ULONG RootIndexReads
;
4490 ULONG RootIndexReadBytes
;
4491 ULONG RootIndexWrites
;
4492 ULONG RootIndexWriteBytes
;
4494 ULONG BitmapReadBytes
;
4496 ULONG BitmapWriteBytes
;
4497 USHORT BitmapWritesFlushForLogFileFull
;
4498 USHORT BitmapWritesLazyWriter
;
4499 USHORT BitmapWritesUserRequest
;
4504 } BitmapWritesUserLevel
;
4505 ULONG MftBitmapReads
;
4506 ULONG MftBitmapReadBytes
;
4507 ULONG MftBitmapWrites
;
4508 ULONG MftBitmapWriteBytes
;
4509 USHORT MftBitmapWritesFlushForLogFileFull
;
4510 USHORT MftBitmapWritesLazyWriter
;
4511 USHORT MftBitmapWritesUserRequest
;
4517 } MftBitmapWritesUserLevel
;
4518 ULONG UserIndexReads
;
4519 ULONG UserIndexReadBytes
;
4520 ULONG UserIndexWrites
;
4521 ULONG UserIndexWriteBytes
;
4523 ULONG LogFileReadBytes
;
4524 ULONG LogFileWrites
;
4525 ULONG LogFileWriteBytes
;
4532 ULONG HintsClusters
;
4534 ULONG CacheClusters
;
4536 ULONG CacheMissClusters
;
4538 } NTFS_STATISTICS
, *PNTFS_STATISTICS
;
4540 #endif // _FILESYSTEMFSCTL_
4542 #define SYMLINK_FLAG_RELATIVE 1
4544 typedef struct _REPARSE_DATA_BUFFER
{
4546 USHORT ReparseDataLength
;
4548 __GNU_EXTENSION
union {
4550 USHORT SubstituteNameOffset
;
4551 USHORT SubstituteNameLength
;
4552 USHORT PrintNameOffset
;
4553 USHORT PrintNameLength
;
4555 WCHAR PathBuffer
[1];
4556 } SymbolicLinkReparseBuffer
;
4558 USHORT SubstituteNameOffset
;
4559 USHORT SubstituteNameLength
;
4560 USHORT PrintNameOffset
;
4561 USHORT PrintNameLength
;
4562 WCHAR PathBuffer
[1];
4563 } MountPointReparseBuffer
;
4565 UCHAR DataBuffer
[1];
4566 } GenericReparseBuffer
;
4568 } REPARSE_DATA_BUFFER
, *PREPARSE_DATA_BUFFER
;
4570 #define REPARSE_DATA_BUFFER_HEADER_SIZE FIELD_OFFSET(REPARSE_DATA_BUFFER, GenericReparseBuffer)
4572 typedef struct _REPARSE_GUID_DATA_BUFFER
{
4574 USHORT ReparseDataLength
;
4578 UCHAR DataBuffer
[1];
4579 } GenericReparseBuffer
;
4580 } REPARSE_GUID_DATA_BUFFER
, *PREPARSE_GUID_DATA_BUFFER
;
4582 #define REPARSE_GUID_DATA_BUFFER_HEADER_SIZE FIELD_OFFSET(REPARSE_GUID_DATA_BUFFER, GenericReparseBuffer)
4584 #define MAXIMUM_REPARSE_DATA_BUFFER_SIZE ( 16 * 1024 )
4586 /* Reserved reparse tags */
4587 #define IO_REPARSE_TAG_RESERVED_ZERO (0)
4588 #define IO_REPARSE_TAG_RESERVED_ONE (1)
4589 #define IO_REPARSE_TAG_RESERVED_RANGE IO_REPARSE_TAG_RESERVED_ONE
4591 #define IsReparseTagMicrosoft(_tag) (((_tag) & 0x80000000))
4592 #define IsReparseTagNameSurrogate(_tag) (((_tag) & 0x20000000))
4594 #define IO_REPARSE_TAG_VALID_VALUES (0xF000FFFF)
4596 #define IsReparseTagValid(tag) ( \
4597 !((tag) & ~IO_REPARSE_TAG_VALID_VALUES) && \
4598 ((tag) > IO_REPARSE_TAG_RESERVED_RANGE) \
4601 /* MicroSoft reparse point tags */
4602 #define IO_REPARSE_TAG_MOUNT_POINT (0xA0000003L)
4603 #define IO_REPARSE_TAG_HSM (0xC0000004L)
4604 #define IO_REPARSE_TAG_DRIVE_EXTENDER (0x80000005L)
4605 #define IO_REPARSE_TAG_HSM2 (0x80000006L)
4606 #define IO_REPARSE_TAG_SIS (0x80000007L)
4607 #define IO_REPARSE_TAG_WIM (0x80000008L)
4608 #define IO_REPARSE_TAG_CSV (0x80000009L)
4609 #define IO_REPARSE_TAG_DFS (0x8000000AL)
4610 #define IO_REPARSE_TAG_FILTER_MANAGER (0x8000000BL)
4611 #define IO_REPARSE_TAG_SYMLINK (0xA000000CL)
4612 #define IO_REPARSE_TAG_IIS_CACHE (0xA0000010L)
4613 #define IO_REPARSE_TAG_DFSR (0x80000012L)
4616 typedef struct _REPARSE_INDEX_KEY
{
4617 ULONG FileReparseTag
;
4618 LARGE_INTEGER FileId
;
4619 } REPARSE_INDEX_KEY
, *PREPARSE_INDEX_KEY
;
4622 #define FSCTL_LMR_GET_LINK_TRACKING_INFORMATION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM,58,METHOD_BUFFERED,FILE_ANY_ACCESS)
4623 #define FSCTL_LMR_SET_LINK_TRACKING_INFORMATION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM,59,METHOD_BUFFERED,FILE_ANY_ACCESS)
4624 #define IOCTL_LMR_ARE_FILE_OBJECTS_ON_SAME_SERVER CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM,60,METHOD_BUFFERED,FILE_ANY_ACCESS)
4626 #define FSCTL_PIPE_ASSIGN_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
4627 #define FSCTL_PIPE_DISCONNECT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
4628 #define FSCTL_PIPE_LISTEN CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
4629 #define FSCTL_PIPE_PEEK CTL_CODE(FILE_DEVICE_NAMED_PIPE, 3, METHOD_BUFFERED, FILE_READ_DATA)
4630 #define FSCTL_PIPE_QUERY_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
4631 #define FSCTL_PIPE_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 5, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
4632 #define FSCTL_PIPE_WAIT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
4633 #define FSCTL_PIPE_IMPERSONATE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
4634 #define FSCTL_PIPE_SET_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
4635 #define FSCTL_PIPE_QUERY_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 9, METHOD_BUFFERED, FILE_ANY_ACCESS)
4636 #define FSCTL_PIPE_GET_PIPE_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 10, METHOD_BUFFERED, FILE_ANY_ACCESS)
4637 #define FSCTL_PIPE_SET_PIPE_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 11, METHOD_BUFFERED, FILE_ANY_ACCESS)
4638 #define FSCTL_PIPE_GET_CONNECTION_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 12, METHOD_BUFFERED, FILE_ANY_ACCESS)
4639 #define FSCTL_PIPE_SET_CONNECTION_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 13, METHOD_BUFFERED, FILE_ANY_ACCESS)
4640 #define FSCTL_PIPE_GET_HANDLE_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 14, METHOD_BUFFERED, FILE_ANY_ACCESS)
4641 #define FSCTL_PIPE_SET_HANDLE_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 15, METHOD_BUFFERED, FILE_ANY_ACCESS)
4642 #define FSCTL_PIPE_FLUSH CTL_CODE(FILE_DEVICE_NAMED_PIPE, 16, METHOD_BUFFERED, FILE_WRITE_DATA)
4644 #define FSCTL_PIPE_INTERNAL_READ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2045, METHOD_BUFFERED, FILE_READ_DATA)
4645 #define FSCTL_PIPE_INTERNAL_WRITE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2046, METHOD_BUFFERED, FILE_WRITE_DATA)
4646 #define FSCTL_PIPE_INTERNAL_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2047, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
4647 #define FSCTL_PIPE_INTERNAL_READ_OVFLOW CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2048, METHOD_BUFFERED, FILE_READ_DATA)
4649 #define FILE_PIPE_READ_DATA 0x00000000
4650 #define FILE_PIPE_WRITE_SPACE 0x00000001
4652 typedef struct _FILE_PIPE_ASSIGN_EVENT_BUFFER
{
4655 } FILE_PIPE_ASSIGN_EVENT_BUFFER
, *PFILE_PIPE_ASSIGN_EVENT_BUFFER
;
4657 typedef struct _FILE_PIPE_EVENT_BUFFER
{
4658 ULONG NamedPipeState
;
4662 ULONG NumberRequests
;
4663 } FILE_PIPE_EVENT_BUFFER
, *PFILE_PIPE_EVENT_BUFFER
;
4665 typedef struct _FILE_PIPE_PEEK_BUFFER
{
4666 ULONG NamedPipeState
;
4667 ULONG ReadDataAvailable
;
4668 ULONG NumberOfMessages
;
4669 ULONG MessageLength
;
4671 } FILE_PIPE_PEEK_BUFFER
, *PFILE_PIPE_PEEK_BUFFER
;
4673 typedef struct _FILE_PIPE_WAIT_FOR_BUFFER
{
4674 LARGE_INTEGER Timeout
;
4676 BOOLEAN TimeoutSpecified
;
4678 } FILE_PIPE_WAIT_FOR_BUFFER
, *PFILE_PIPE_WAIT_FOR_BUFFER
;
4680 typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER
{
4681 #if !defined(BUILD_WOW6432)
4682 PVOID ClientSession
;
4683 PVOID ClientProcess
;
4685 ULONGLONG ClientSession
;
4686 ULONGLONG ClientProcess
;
4688 } FILE_PIPE_CLIENT_PROCESS_BUFFER
, *PFILE_PIPE_CLIENT_PROCESS_BUFFER
;
4690 #define FILE_PIPE_COMPUTER_NAME_LENGTH 15
4692 typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER_EX
{
4693 #if !defined(BUILD_WOW6432)
4694 PVOID ClientSession
;
4695 PVOID ClientProcess
;
4697 ULONGLONG ClientSession
;
4698 ULONGLONG ClientProcess
;
4700 USHORT ClientComputerNameLength
;
4701 WCHAR ClientComputerBuffer
[FILE_PIPE_COMPUTER_NAME_LENGTH
+1];
4702 } FILE_PIPE_CLIENT_PROCESS_BUFFER_EX
, *PFILE_PIPE_CLIENT_PROCESS_BUFFER_EX
;
4704 #define FSCTL_MAILSLOT_PEEK CTL_CODE(FILE_DEVICE_MAILSLOT, 0, METHOD_NEITHER, FILE_READ_DATA)
4706 typedef enum _LINK_TRACKING_INFORMATION_TYPE
{
4707 NtfsLinkTrackingInformation
,
4708 DfsLinkTrackingInformation
4709 } LINK_TRACKING_INFORMATION_TYPE
, *PLINK_TRACKING_INFORMATION_TYPE
;
4711 typedef struct _LINK_TRACKING_INFORMATION
{
4712 LINK_TRACKING_INFORMATION_TYPE Type
;
4714 } LINK_TRACKING_INFORMATION
, *PLINK_TRACKING_INFORMATION
;
4716 typedef struct _REMOTE_LINK_TRACKING_INFORMATION
{
4717 PVOID TargetFileObject
;
4718 ULONG TargetLinkTrackingInformationLength
;
4719 UCHAR TargetLinkTrackingInformationBuffer
[1];
4720 } REMOTE_LINK_TRACKING_INFORMATION
, *PREMOTE_LINK_TRACKING_INFORMATION
;
4722 typedef struct _PUBLIC_OBJECT_BASIC_INFORMATION
{
4724 ACCESS_MASK GrantedAccess
;
4728 } PUBLIC_OBJECT_BASIC_INFORMATION
, *PPUBLIC_OBJECT_BASIC_INFORMATION
;
4730 typedef struct _PUBLIC_OBJECT_TYPE_INFORMATION
{
4731 UNICODE_STRING TypeName
;
4732 ULONG Reserved
[22];
4733 } PUBLIC_OBJECT_TYPE_INFORMATION
, *PPUBLIC_OBJECT_TYPE_INFORMATION
;
4735 typedef struct _SECURITY_CLIENT_CONTEXT
{
4736 SECURITY_QUALITY_OF_SERVICE SecurityQos
;
4737 PACCESS_TOKEN ClientToken
;
4738 BOOLEAN DirectlyAccessClientToken
;
4739 BOOLEAN DirectAccessEffectiveOnly
;
4740 BOOLEAN ServerIsRemote
;
4741 TOKEN_CONTROL ClientTokenControl
;
4742 } SECURITY_CLIENT_CONTEXT
, *PSECURITY_CLIENT_CONTEXT
;
4744 #define EVENT_INCREMENT 1
4745 #define IO_NO_INCREMENT 0
4746 #define IO_CD_ROM_INCREMENT 1
4747 #define IO_DISK_INCREMENT 1
4748 #define IO_MAILSLOT_INCREMENT 2
4749 #define IO_NAMED_PIPE_INCREMENT 2
4750 #define IO_NETWORK_INCREMENT 2
4751 #define SEMAPHORE_INCREMENT 1
4753 #define SYSTEM_PAGE_PRIORITY_BITS 3
4754 #define SYSTEM_PAGE_PRIORITY_LEVELS (1 << SYSTEM_PAGE_PRIORITY_BITS)
4756 typedef struct _KAPC_STATE
{
4757 LIST_ENTRY ApcListHead
[MaximumMode
];
4759 BOOLEAN KernelApcInProgress
;
4760 BOOLEAN KernelApcPending
;
4761 BOOLEAN UserApcPending
;
4762 } KAPC_STATE
, *PKAPC_STATE
, *RESTRICTED_POINTER PRKAPC_STATE
;
4764 #define KAPC_STATE_ACTUAL_LENGTH (FIELD_OFFSET(KAPC_STATE, UserApcPending) + sizeof(BOOLEAN))
4766 typedef struct _KQUEUE
{
4767 DISPATCHER_HEADER Header
;
4768 LIST_ENTRY EntryListHead
;
4769 volatile ULONG CurrentCount
;
4771 LIST_ENTRY ThreadListHead
;
4772 } KQUEUE
, *PKQUEUE
, *RESTRICTED_POINTER PRKQUEUE
;
4774 #if (NTDDI_VERSION >= NTDDI_WIN2K)
4780 OUT PRKMUTANT Mutant
,
4781 IN BOOLEAN InitialOwner
);
4787 IN PRKMUTANT Mutant
);
4793 IN OUT PRKMUTANT Mutant
,
4794 IN KPRIORITY Increment
,
4795 IN BOOLEAN Abandoned
,
4815 IN OUT PRKQUEUE Queue
,
4816 IN OUT PLIST_ENTRY Entry
);
4822 IN OUT PRKQUEUE Queue
,
4823 IN OUT PLIST_ENTRY Entry
);
4829 IN OUT PRKQUEUE Queue
,
4830 IN KPROCESSOR_MODE WaitMode
,
4831 IN PLARGE_INTEGER Timeout OPTIONAL
);
4837 IN OUT PKPROCESS Process
);
4849 IN OUT PRKQUEUE Queue
);
4854 KeStackAttachProcess(
4855 IN OUT PKPROCESS Process
,
4856 OUT PKAPC_STATE ApcState
);
4861 KeUnstackDetachProcess(
4862 IN PKAPC_STATE ApcState
);
4867 KeSetIdealProcessorThread(
4868 IN OUT PKTHREAD Thread
,
4869 IN UCHAR Processor
);
4874 KeSetKernelStackSwapEnable(
4881 KeAcquireSpinLockRaiseToSynch(
4882 IN OUT PKSPIN_LOCK SpinLock
);
4886 KeAcquireSpinLockRaiseToSynch(
4887 IN OUT PKSPIN_LOCK SpinLock
);
4890 #endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */
4892 #if (NTDDI_VERSION >= NTDDI_WINXP)
4897 KeAcquireQueuedSpinLock(
4898 IN OUT KSPIN_LOCK_QUEUE_NUMBER Number
);
4903 KeReleaseQueuedSpinLock(
4904 IN OUT KSPIN_LOCK_QUEUE_NUMBER Number
,
4910 KeTryToAcquireQueuedSpinLock(
4911 IN KSPIN_LOCK_QUEUE_NUMBER Number
,
4912 OUT PKIRQL OldIrql
);
4914 #endif /* (NTDDI_VERSION >= NTDDI_WINXP) */
4916 #if (NTDDI_VERSION >= NTDDI_VISTA)
4922 OUT PCLIENT_ID ClientId
);
4927 IN OUT PKQUEUE Queue
,
4928 IN KPROCESSOR_MODE WaitMode
,
4929 IN BOOLEAN Alertable
,
4930 IN PLARGE_INTEGER Timeout OPTIONAL
,
4931 OUT PLIST_ENTRY
*EntryArray
,
4934 #endif /* (NTDDI_VERSION >= NTDDI_VISTA) */
4936 #define INVALID_PROCESSOR_INDEX 0xffffffff
4940 KeGetProcessorNumberFromIndex(
4942 OUT PPROCESSOR_NUMBER ProcNumber
);
4946 KeGetProcessorIndexFromNumber(
4947 IN PPROCESSOR_NUMBER ProcNumber
);
4949 #if (NTDDI_VERSION >= NTDDI_WIN2K)
4954 ExQueryPoolBlockSize(
4956 OUT PBOOLEAN QuotaCharged
);
4959 ExAdjustLookasideDepth(
4965 ExDisableResourceBoostLite(
4966 IN PERESOURCE Resource
);
4970 #define ExDisableResourceBoost ExDisableResourceBoostLite
4972 #define EX_PUSH_LOCK ULONG_PTR
4973 #define PEX_PUSH_LOCK PULONG_PTR
4976 ExInitializePushLock (
4977 OUT PEX_PUSH_LOCK PushLock
);
4979 #if (NTDDI_VERSION >= NTDDI_WINXP)
4982 InterlockedPushListSList(
4983 IN OUT PSLIST_HEADER ListHead
,
4984 IN OUT PSLIST_ENTRY List
,
4985 IN OUT PSLIST_ENTRY ListEnd
,
4990 /* #if !defined(_X86AMD64_) FIXME : WHAT ?! */
4993 C_ASSERT(sizeof(ERESOURCE
) == 0x68);
4994 C_ASSERT(FIELD_OFFSET(ERESOURCE
,ActiveCount
) == 0x18);
4995 C_ASSERT(FIELD_OFFSET(ERESOURCE
,Flag
) == 0x1a);
4999 C_ASSERT(sizeof(ERESOURCE
) == 0x38);
5000 C_ASSERT(FIELD_OFFSET(ERESOURCE
,ActiveCount
) == 0x0c);
5001 C_ASSERT(FIELD_OFFSET(ERESOURCE
,Flag
) == 0x0e);
5006 #define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x0001
5007 #define TOKEN_HAS_BACKUP_PRIVILEGE 0x0002
5008 #define TOKEN_HAS_RESTORE_PRIVILEGE 0x0004
5009 #define TOKEN_WRITE_RESTRICTED 0x0008
5010 #define TOKEN_IS_RESTRICTED 0x0010
5011 #define TOKEN_SESSION_NOT_REFERENCED 0x0020
5012 #define TOKEN_SANDBOX_INERT 0x0040
5013 #define TOKEN_HAS_IMPERSONATE_PRIVILEGE 0x0080
5014 #define SE_BACKUP_PRIVILEGES_CHECKED 0x0100
5015 #define TOKEN_VIRTUALIZE_ALLOWED 0x0200
5016 #define TOKEN_VIRTUALIZE_ENABLED 0x0400
5017 #define TOKEN_IS_FILTERED 0x0800
5018 #define TOKEN_UIACCESS 0x1000
5019 #define TOKEN_NOT_LOW 0x2000
5021 typedef struct _SE_EXPORTS
{
5022 LUID SeCreateTokenPrivilege
;
5023 LUID SeAssignPrimaryTokenPrivilege
;
5024 LUID SeLockMemoryPrivilege
;
5025 LUID SeIncreaseQuotaPrivilege
;
5026 LUID SeUnsolicitedInputPrivilege
;
5027 LUID SeTcbPrivilege
;
5028 LUID SeSecurityPrivilege
;
5029 LUID SeTakeOwnershipPrivilege
;
5030 LUID SeLoadDriverPrivilege
;
5031 LUID SeCreatePagefilePrivilege
;
5032 LUID SeIncreaseBasePriorityPrivilege
;
5033 LUID SeSystemProfilePrivilege
;
5034 LUID SeSystemtimePrivilege
;
5035 LUID SeProfileSingleProcessPrivilege
;
5036 LUID SeCreatePermanentPrivilege
;
5037 LUID SeBackupPrivilege
;
5038 LUID SeRestorePrivilege
;
5039 LUID SeShutdownPrivilege
;
5040 LUID SeDebugPrivilege
;
5041 LUID SeAuditPrivilege
;
5042 LUID SeSystemEnvironmentPrivilege
;
5043 LUID SeChangeNotifyPrivilege
;
5044 LUID SeRemoteShutdownPrivilege
;
5048 PSID SeCreatorOwnerSid
;
5049 PSID SeCreatorGroupSid
;
5050 PSID SeNtAuthoritySid
;
5054 PSID SeInteractiveSid
;
5055 PSID SeLocalSystemSid
;
5056 PSID SeAliasAdminsSid
;
5057 PSID SeAliasUsersSid
;
5058 PSID SeAliasGuestsSid
;
5059 PSID SeAliasPowerUsersSid
;
5060 PSID SeAliasAccountOpsSid
;
5061 PSID SeAliasSystemOpsSid
;
5062 PSID SeAliasPrintOpsSid
;
5063 PSID SeAliasBackupOpsSid
;
5064 PSID SeAuthenticatedUsersSid
;
5065 PSID SeRestrictedSid
;
5066 PSID SeAnonymousLogonSid
;
5067 LUID SeUndockPrivilege
;
5068 LUID SeSyncAgentPrivilege
;
5069 LUID SeEnableDelegationPrivilege
;
5070 PSID SeLocalServiceSid
;
5071 PSID SeNetworkServiceSid
;
5072 LUID SeManageVolumePrivilege
;
5073 LUID SeImpersonatePrivilege
;
5074 LUID SeCreateGlobalPrivilege
;
5075 LUID SeTrustedCredManAccessPrivilege
;
5076 LUID SeRelabelPrivilege
;
5077 LUID SeIncreaseWorkingSetPrivilege
;
5078 LUID SeTimeZonePrivilege
;
5079 LUID SeCreateSymbolicLinkPrivilege
;
5081 PSID SeUntrustedMandatorySid
;
5082 PSID SeLowMandatorySid
;
5083 PSID SeMediumMandatorySid
;
5084 PSID SeHighMandatorySid
;
5085 PSID SeSystemMandatorySid
;
5086 PSID SeOwnerRightsSid
;
5087 } SE_EXPORTS
, *PSE_EXPORTS
;
5090 (NTAPI
*PSE_LOGON_SESSION_TERMINATED_ROUTINE
)(
5093 #define SeLengthSid( Sid ) \
5094 (8 + (4 * ((SID *)Sid)->SubAuthorityCount))
5096 #define SeDeleteClientSecurity(C) { \
5097 if (SeTokenType((C)->ClientToken) == TokenPrimary) { \
5098 PsDereferencePrimaryToken( (C)->ClientToken ); \
5100 PsDereferenceImpersonationToken( (C)->ClientToken ); \
5104 #define SeStopImpersonatingClient() PsRevertToSelf()
5106 #define SeQuerySubjectContextToken( SubjectContext ) \
5107 ( ARGUMENT_PRESENT( \
5108 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken \
5110 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken : \
5111 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->PrimaryToken )
5113 #if (NTDDI_VERSION >= NTDDI_WIN2K)
5118 SeCaptureSubjectContext(
5119 OUT PSECURITY_SUBJECT_CONTEXT SubjectContext
);
5124 SeLockSubjectContext(
5125 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
);
5130 SeUnlockSubjectContext(
5131 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
);
5136 SeReleaseSubjectContext(
5137 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
);
5143 IN OUT PPRIVILEGE_SET RequiredPrivileges
,
5144 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
,
5145 IN KPROCESSOR_MODE AccessMode
);
5150 SeOpenObjectAuditAlarm(
5151 IN PUNICODE_STRING ObjectTypeName
,
5152 IN PVOID Object OPTIONAL
,
5153 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL
,
5154 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5155 IN PACCESS_STATE AccessState
,
5156 IN BOOLEAN ObjectCreated
,
5157 IN BOOLEAN AccessGranted
,
5158 IN KPROCESSOR_MODE AccessMode
,
5159 OUT PBOOLEAN GenerateOnClose
);
5164 SeOpenObjectForDeleteAuditAlarm(
5165 IN PUNICODE_STRING ObjectTypeName
,
5166 IN PVOID Object OPTIONAL
,
5167 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL
,
5168 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5169 IN PACCESS_STATE AccessState
,
5170 IN BOOLEAN ObjectCreated
,
5171 IN BOOLEAN AccessGranted
,
5172 IN KPROCESSOR_MODE AccessMode
,
5173 OUT PBOOLEAN GenerateOnClose
);
5178 SeDeleteObjectAuditAlarm(
5186 IN PACCESS_TOKEN Token
);
5192 IN PACCESS_TOKEN Token
);
5197 SeTokenIsRestricted(
5198 IN PACCESS_TOKEN Token
);
5203 SeQueryAuthenticationIdToken(
5204 IN PACCESS_TOKEN Token
,
5205 OUT PLUID AuthenticationId
);
5210 SeQuerySessionIdToken(
5211 IN PACCESS_TOKEN Token
,
5212 OUT PULONG SessionId
);
5217 SeCreateClientSecurity(
5218 IN PETHREAD ClientThread
,
5219 IN PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos
,
5220 IN BOOLEAN RemoteSession
,
5221 OUT PSECURITY_CLIENT_CONTEXT ClientContext
);
5226 SeImpersonateClient(
5227 IN PSECURITY_CLIENT_CONTEXT ClientContext
,
5228 IN PETHREAD ServerThread OPTIONAL
);
5233 SeImpersonateClientEx(
5234 IN PSECURITY_CLIENT_CONTEXT ClientContext
,
5235 IN PETHREAD ServerThread OPTIONAL
);
5240 SeCreateClientSecurityFromSubjectContext(
5241 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
,
5242 IN PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos
,
5243 IN BOOLEAN ServerIsRemote
,
5244 OUT PSECURITY_CLIENT_CONTEXT ClientContext
);
5249 SeQuerySecurityDescriptorInfo(
5250 IN PSECURITY_INFORMATION SecurityInformation
,
5251 OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
5252 IN OUT PULONG Length
,
5253 IN OUT PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
);
5258 SeSetSecurityDescriptorInfo(
5259 IN PVOID Object OPTIONAL
,
5260 IN PSECURITY_INFORMATION SecurityInformation
,
5261 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5262 IN OUT PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
,
5263 IN POOL_TYPE PoolType
,
5264 IN PGENERIC_MAPPING GenericMapping
);
5269 SeSetSecurityDescriptorInfoEx(
5270 IN PVOID Object OPTIONAL
,
5271 IN PSECURITY_INFORMATION SecurityInformation
,
5272 IN PSECURITY_DESCRIPTOR ModificationDescriptor
,
5273 IN OUT PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
,
5274 IN ULONG AutoInheritFlags
,
5275 IN POOL_TYPE PoolType
,
5276 IN PGENERIC_MAPPING GenericMapping
);
5282 IN OUT PACCESS_STATE AccessState
,
5283 IN PPRIVILEGE_SET Privileges
);
5288 SeAuditingFileEvents(
5289 IN BOOLEAN AccessGranted
,
5290 IN PSECURITY_DESCRIPTOR SecurityDescriptor
);
5295 SeAuditingFileOrGlobalEvents(
5296 IN BOOLEAN AccessGranted
,
5297 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5298 IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext
);
5302 SeSetAccessStateGenericMapping(
5303 IN OUT PACCESS_STATE AccessState
,
5304 IN PGENERIC_MAPPING GenericMapping
);
5309 SeRegisterLogonSessionTerminatedRoutine(
5310 IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
);
5315 SeUnregisterLogonSessionTerminatedRoutine(
5316 IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
);
5321 SeMarkLogonSessionForTerminationNotification(
5327 SeQueryInformationToken(
5328 IN PACCESS_TOKEN Token
,
5329 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
5330 OUT PVOID
*TokenInformation
);
5332 #endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */
5334 #if (NTDDI_VERSION >= NTDDI_WIN2KSP3)
5338 SeAuditingHardLinkEvents(
5339 IN BOOLEAN AccessGranted
,
5340 IN PSECURITY_DESCRIPTOR SecurityDescriptor
);
5343 #if (NTDDI_VERSION >= NTDDI_WINXP)
5349 IN PACCESS_TOKEN ExistingToken
,
5351 IN PTOKEN_GROUPS SidsToDisable OPTIONAL
,
5352 IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL
,
5353 IN PTOKEN_GROUPS RestrictedSids OPTIONAL
,
5354 OUT PACCESS_TOKEN
*FilteredToken
);
5359 SeAuditHardLinkCreation(
5360 IN PUNICODE_STRING FileName
,
5361 IN PUNICODE_STRING LinkName
,
5362 IN BOOLEAN bSuccess
);
5364 #endif /* (NTDDI_VERSION >= NTDDI_WINXP) */
5366 #if (NTDDI_VERSION >= NTDDI_WINXPSP2)
5371 SeAuditingFileEventsWithContext(
5372 IN BOOLEAN AccessGranted
,
5373 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5374 IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL
);
5379 SeAuditingHardLinkEventsWithContext(
5380 IN BOOLEAN AccessGranted
,
5381 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5382 IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL
);
5386 #if (NTDDI_VERSION >= NTDDI_VISTA)
5391 SeOpenObjectAuditAlarmWithTransaction(
5392 IN PUNICODE_STRING ObjectTypeName
,
5393 IN PVOID Object OPTIONAL
,
5394 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL
,
5395 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5396 IN PACCESS_STATE AccessState
,
5397 IN BOOLEAN ObjectCreated
,
5398 IN BOOLEAN AccessGranted
,
5399 IN KPROCESSOR_MODE AccessMode
,
5400 IN GUID
*TransactionId OPTIONAL
,
5401 OUT PBOOLEAN GenerateOnClose
);
5406 SeOpenObjectForDeleteAuditAlarmWithTransaction(
5407 IN PUNICODE_STRING ObjectTypeName
,
5408 IN PVOID Object OPTIONAL
,
5409 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL
,
5410 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5411 IN PACCESS_STATE AccessState
,
5412 IN BOOLEAN ObjectCreated
,
5413 IN BOOLEAN AccessGranted
,
5414 IN KPROCESSOR_MODE AccessMode
,
5415 IN GUID
*TransactionId OPTIONAL
,
5416 OUT PBOOLEAN GenerateOnClose
);
5423 IN PACCESS_TOKEN Token
,
5424 IN ACCESS_MASK DesiredAccess
,
5425 IN BOOLEAN AccessGranted
,
5426 OUT PBOOLEAN GenerateAudit
,
5427 OUT PBOOLEAN GenerateAlarm
);
5432 SeDeleteObjectAuditAlarmWithTransaction(
5435 IN GUID
*TransactionId OPTIONAL
);
5440 SeQueryTokenIntegrity(
5441 IN PACCESS_TOKEN Token
,
5442 IN OUT PSID_AND_ATTRIBUTES IntegritySA
);
5447 SeSetSessionIdToken(
5448 IN PACCESS_TOKEN Token
,
5449 IN ULONG SessionId
);
5454 SeAuditHardLinkCreationWithTransaction(
5455 IN PUNICODE_STRING FileName
,
5456 IN PUNICODE_STRING LinkName
,
5457 IN BOOLEAN bSuccess
,
5458 IN GUID
*TransactionId OPTIONAL
);
5463 SeAuditTransactionStateChange(
5464 IN GUID
*TransactionId
,
5465 IN GUID
*ResourceManagerId
,
5466 IN ULONG NewTransactionState
);
5468 #endif /* (NTDDI_VERSION >= NTDDI_VISTA) */
5470 #if (NTDDI_VERSION >= NTDDI_VISTA || (NTDDI_VERSION >= NTDDI_WINXPSP2 && NTDDI_VERSION < NTDDI_WS03))
5474 SeTokenIsWriteRestricted(
5475 IN PACCESS_TOKEN Token
);
5478 #if (NTDDI_VERSION >= NTDDI_WIN7)
5483 SeAuditingAnyFileEventsWithContext(
5484 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5485 IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL
);
5490 SeExamineGlobalSacl(
5491 IN PUNICODE_STRING ObjectType
,
5492 IN PACCESS_TOKEN Token
,
5493 IN ACCESS_MASK DesiredAccess
,
5494 IN BOOLEAN AccessGranted
,
5495 IN OUT PBOOLEAN GenerateAudit
,
5496 IN OUT PBOOLEAN GenerateAlarm OPTIONAL
);
5501 SeMaximumAuditMaskFromGlobalSacl(
5502 IN PUNICODE_STRING ObjectTypeName OPTIONAL
,
5503 IN ACCESS_MASK GrantedAccess
,
5504 IN PACCESS_TOKEN Token
,
5505 IN OUT PACCESS_MASK AuditMask
);
5511 SeReportSecurityEventWithSubCategory(
5513 IN PUNICODE_STRING SourceName
,
5514 IN PSID UserSid OPTIONAL
,
5515 IN PSE_ADT_PARAMETER_ARRAY AuditParameters
,
5516 IN ULONG AuditSubcategoryId
);
5520 SeAccessCheckFromState(
5521 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5522 IN PTOKEN_ACCESS_INFORMATION PrimaryTokenInformation
,
5523 IN PTOKEN_ACCESS_INFORMATION ClientTokenInformation OPTIONAL
,
5524 IN ACCESS_MASK DesiredAccess
,
5525 IN ACCESS_MASK PreviouslyGrantedAccess
,
5526 OUT PPRIVILEGE_SET
*Privileges OPTIONAL
,
5527 IN PGENERIC_MAPPING GenericMapping
,
5528 IN KPROCESSOR_MODE AccessMode
,
5529 OUT PACCESS_MASK GrantedAccess
,
5530 OUT PNTSTATUS AccessStatus
);
5536 IN PPRIVILEGE_SET Privileges
);
5540 SeLocateProcessImageName(
5541 IN OUT PEPROCESS Process
,
5542 OUT PUNICODE_STRING
*pImageFileName
);
5544 extern NTKERNELAPI PSE_EXPORTS SeExports
;
5546 #if !defined(_PSGETCURRENTTHREAD_)
5547 #define _PSGETCURRENTTHREAD_
5554 return (PETHREAD
)KeGetCurrentThread();
5558 #if (NTDDI_VERSION >= NTDDI_WIN2K)
5563 PsReferenceImpersonationToken(
5564 IN OUT PETHREAD Thread
,
5565 OUT PBOOLEAN CopyOnOpen
,
5566 OUT PBOOLEAN EffectiveOnly
,
5567 OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
);
5572 PsGetProcessExitTime(
5578 PsIsThreadTerminating(
5579 IN PETHREAD Thread
);
5584 PsImpersonateClient(
5585 IN OUT PETHREAD Thread
,
5586 IN PACCESS_TOKEN Token
,
5587 IN BOOLEAN CopyOnOpen
,
5588 IN BOOLEAN EffectiveOnly
,
5589 IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
);
5594 PsDisableImpersonation(
5595 IN OUT PETHREAD Thread
,
5596 IN OUT PSE_IMPERSONATION_STATE ImpersonationState
);
5601 PsRestoreImpersonation(
5603 IN PSE_IMPERSONATION_STATE ImpersonationState
);
5615 IN PEPROCESS Process
,
5616 IN POOL_TYPE PoolType
,
5617 IN ULONG_PTR Amount
);
5623 IN PEPROCESS Process
,
5624 IN POOL_TYPE PoolType
,
5625 IN ULONG_PTR Amount
);
5629 #if (NTDDI_VERSION >= NTDDI_WINXP)
5634 PsDereferencePrimaryToken(
5635 IN PACCESS_TOKEN PrimaryToken
);
5639 PsDereferenceImpersonationToken(
5640 IN PACCESS_TOKEN ImpersonationToken
);
5645 PsChargeProcessPoolQuota(
5646 IN PEPROCESS Process
,
5647 IN POOL_TYPE PoolType
,
5648 IN ULONG_PTR Amount
);
5654 IN PETHREAD Thread
);
5661 PsLookupProcessByProcessId(
5662 IN HANDLE ProcessId
,
5663 OUT PEPROCESS
*Process
);
5668 PsLookupThreadByThreadId(
5669 IN HANDLE UniqueThreadId
,
5670 OUT PETHREAD
*Thread
);
5672 #define IO_OPEN_PAGING_FILE 0x0002
5673 #define IO_OPEN_TARGET_DIRECTORY 0x0004
5674 #define IO_STOP_ON_SYMLINK 0x0008
5675 #define IO_MM_PAGING_FILE 0x0010
5678 (NTAPI
*PDRIVER_FS_NOTIFICATION
) (
5679 IN PDEVICE_OBJECT DeviceObject
,
5680 IN BOOLEAN FsActive
);
5682 typedef enum _FS_FILTER_SECTION_SYNC_TYPE
{
5684 SyncTypeCreateSection
5685 } FS_FILTER_SECTION_SYNC_TYPE
, *PFS_FILTER_SECTION_SYNC_TYPE
;
5687 typedef enum _FS_FILTER_STREAM_FO_NOTIFICATION_TYPE
{
5688 NotifyTypeCreate
= 0,
5690 } FS_FILTER_STREAM_FO_NOTIFICATION_TYPE
, *PFS_FILTER_STREAM_FO_NOTIFICATION_TYPE
;
5692 typedef union _FS_FILTER_PARAMETERS
{
5694 PLARGE_INTEGER EndingOffset
;
5695 PERESOURCE
*ResourceToRelease
;
5696 } AcquireForModifiedPageWriter
;
5698 PERESOURCE ResourceToRelease
;
5699 } ReleaseForModifiedPageWriter
;
5701 FS_FILTER_SECTION_SYNC_TYPE SyncType
;
5702 ULONG PageProtection
;
5703 } AcquireForSectionSynchronization
;
5705 FS_FILTER_STREAM_FO_NOTIFICATION_TYPE NotificationType
;
5706 BOOLEAN POINTER_ALIGNMENT SafeToRecurse
;
5707 } NotifyStreamFileObject
;
5715 } FS_FILTER_PARAMETERS
, *PFS_FILTER_PARAMETERS
;
5717 #define FS_FILTER_ACQUIRE_FOR_SECTION_SYNCHRONIZATION (UCHAR)-1
5718 #define FS_FILTER_RELEASE_FOR_SECTION_SYNCHRONIZATION (UCHAR)-2
5719 #define FS_FILTER_ACQUIRE_FOR_MOD_WRITE (UCHAR)-3
5720 #define FS_FILTER_RELEASE_FOR_MOD_WRITE (UCHAR)-4
5721 #define FS_FILTER_ACQUIRE_FOR_CC_FLUSH (UCHAR)-5
5722 #define FS_FILTER_RELEASE_FOR_CC_FLUSH (UCHAR)-6
5724 typedef struct _FS_FILTER_CALLBACK_DATA
{
5725 ULONG SizeOfFsFilterCallbackData
;
5728 struct _DEVICE_OBJECT
*DeviceObject
;
5729 struct _FILE_OBJECT
*FileObject
;
5730 FS_FILTER_PARAMETERS Parameters
;
5731 } FS_FILTER_CALLBACK_DATA
, *PFS_FILTER_CALLBACK_DATA
;
5734 (NTAPI
*PFS_FILTER_CALLBACK
) (
5735 IN PFS_FILTER_CALLBACK_DATA Data
,
5736 OUT PVOID
*CompletionContext
);
5739 (NTAPI
*PFS_FILTER_COMPLETION_CALLBACK
) (
5740 IN PFS_FILTER_CALLBACK_DATA Data
,
5741 IN NTSTATUS OperationStatus
,
5742 IN PVOID CompletionContext
);
5744 typedef struct _FS_FILTER_CALLBACKS
{
5745 ULONG SizeOfFsFilterCallbacks
;
5747 PFS_FILTER_CALLBACK PreAcquireForSectionSynchronization
;
5748 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForSectionSynchronization
;
5749 PFS_FILTER_CALLBACK PreReleaseForSectionSynchronization
;
5750 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForSectionSynchronization
;
5751 PFS_FILTER_CALLBACK PreAcquireForCcFlush
;
5752 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForCcFlush
;
5753 PFS_FILTER_CALLBACK PreReleaseForCcFlush
;
5754 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForCcFlush
;
5755 PFS_FILTER_CALLBACK PreAcquireForModifiedPageWriter
;
5756 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForModifiedPageWriter
;
5757 PFS_FILTER_CALLBACK PreReleaseForModifiedPageWriter
;
5758 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForModifiedPageWriter
;
5759 } FS_FILTER_CALLBACKS
, *PFS_FILTER_CALLBACKS
;
5761 #if (NTDDI_VERSION >= NTDDI_WINXP)
5765 FsRtlRegisterFileSystemFilterCallbacks(
5766 IN
struct _DRIVER_OBJECT
*FilterDriverObject
,
5767 IN PFS_FILTER_CALLBACKS Callbacks
);
5768 #endif /* (NTDDI_VERSION >= NTDDI_WINXP) */
5770 #if (NTDDI_VERSION >= NTDDI_VISTA)
5774 FsRtlNotifyStreamFileObject(
5775 IN
struct _FILE_OBJECT
* StreamFileObject
,
5776 IN
struct _DEVICE_OBJECT
*DeviceObjectHint OPTIONAL
,
5777 IN FS_FILTER_STREAM_FO_NOTIFICATION_TYPE NotificationType
,
5778 IN BOOLEAN SafeToRecurse
);
5779 #endif /* (NTDDI_VERSION >= NTDDI_VISTA) */
5781 #define DO_VERIFY_VOLUME 0x00000002
5782 #define DO_BUFFERED_IO 0x00000004
5783 #define DO_EXCLUSIVE 0x00000008
5784 #define DO_DIRECT_IO 0x00000010
5785 #define DO_MAP_IO_BUFFER 0x00000020
5786 #define DO_DEVICE_HAS_NAME 0x00000040
5787 #define DO_DEVICE_INITIALIZING 0x00000080
5788 #define DO_SYSTEM_BOOT_PARTITION 0x00000100
5789 #define DO_LONG_TERM_REQUESTS 0x00000200
5790 #define DO_NEVER_LAST_DEVICE 0x00000400
5791 #define DO_SHUTDOWN_REGISTERED 0x00000800
5792 #define DO_BUS_ENUMERATED_DEVICE 0x00001000
5793 #define DO_POWER_PAGABLE 0x00002000
5794 #define DO_POWER_INRUSH 0x00004000
5795 #define DO_LOW_PRIORITY_FILESYSTEM 0x00010000
5796 #define DO_SUPPORTS_TRANSACTIONS 0x00040000
5797 #define DO_FORCE_NEITHER_IO 0x00080000
5798 #define DO_VOLUME_DEVICE_OBJECT 0x00100000
5799 #define DO_SYSTEM_SYSTEM_PARTITION 0x00200000
5800 #define DO_SYSTEM_CRITICAL_PARTITION 0x00400000
5801 #define DO_DISALLOW_EXECUTE 0x00800000
5803 extern KSPIN_LOCK IoStatisticsLock
;
5804 extern ULONG IoReadOperationCount
;
5805 extern ULONG IoWriteOperationCount
;
5806 extern ULONG IoOtherOperationCount
;
5807 extern LARGE_INTEGER IoReadTransferCount
;
5808 extern LARGE_INTEGER IoWriteTransferCount
;
5809 extern LARGE_INTEGER IoOtherTransferCount
;
5811 #define IO_FILE_OBJECT_NON_PAGED_POOL_CHARGE 64
5812 #define IO_FILE_OBJECT_PAGED_POOL_CHARGE 1024
5814 #if (NTDDI_VERSION == NTDDI_WIN2K)
5818 IoRegisterFsRegistrationChangeEx(
5819 IN PDRIVER_OBJECT DriverObject
,
5820 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
);
5823 #if (NTDDI_VERSION >= NTDDI_WIN2K)
5828 IoAcquireVpbSpinLock(
5834 IoCheckDesiredAccess(
5835 IN OUT PACCESS_MASK DesiredAccess
,
5836 IN ACCESS_MASK GrantedAccess
);
5841 IoCheckEaBufferValidity(
5842 IN PFILE_FULL_EA_INFORMATION EaBuffer
,
5844 OUT PULONG ErrorOffset
);
5849 IoCheckFunctionAccess(
5850 IN ACCESS_MASK GrantedAccess
,
5851 IN UCHAR MajorFunction
,
5852 IN UCHAR MinorFunction
,
5853 IN ULONG IoControlCode
,
5854 IN PVOID Argument1 OPTIONAL
,
5855 IN PVOID Argument2 OPTIONAL
);
5860 IoCheckQuerySetFileInformation(
5861 IN FILE_INFORMATION_CLASS FileInformationClass
,
5863 IN BOOLEAN SetOperation
);
5868 IoCheckQuerySetVolumeInformation(
5869 IN FS_INFORMATION_CLASS FsInformationClass
,
5871 IN BOOLEAN SetOperation
);
5876 IoCheckQuotaBufferValidity(
5877 IN PFILE_QUOTA_INFORMATION QuotaBuffer
,
5878 IN ULONG QuotaLength
,
5879 OUT PULONG ErrorOffset
);
5884 IoCreateStreamFileObject(
5885 IN PFILE_OBJECT FileObject OPTIONAL
,
5886 IN PDEVICE_OBJECT DeviceObject OPTIONAL
);
5891 IoCreateStreamFileObjectLite(
5892 IN PFILE_OBJECT FileObject OPTIONAL
,
5893 IN PDEVICE_OBJECT DeviceObject OPTIONAL
);
5898 IoFastQueryNetworkAttributes(
5899 IN POBJECT_ATTRIBUTES ObjectAttributes
,
5900 IN ACCESS_MASK DesiredAccess
,
5901 IN ULONG OpenOptions
,
5902 OUT PIO_STATUS_BLOCK IoStatus
,
5903 OUT PFILE_NETWORK_OPEN_INFORMATION Buffer
);
5909 IN PFILE_OBJECT FileObject
,
5911 IN PLARGE_INTEGER Offset
,
5913 OUT PIO_STATUS_BLOCK IoStatusBlock
);
5918 IoGetAttachedDevice(
5919 IN PDEVICE_OBJECT DeviceObject
);
5924 IoGetAttachedDeviceReference(
5925 IN PDEVICE_OBJECT DeviceObject
);
5930 IoGetBaseFileSystemDeviceObject(
5931 IN PFILE_OBJECT FileObject
);
5934 PCONFIGURATION_INFORMATION
5936 IoGetConfigurationInformation(
5942 IoGetRequestorProcessId(
5948 IoGetRequestorProcess(
5960 IoIsOperationSynchronous(
5967 IN PETHREAD Thread
);
5972 IoIsValidNameGraftingBuffer(
5974 IN PREPARSE_DATA_BUFFER ReparseBuffer
);
5979 IoQueryFileInformation(
5980 IN PFILE_OBJECT FileObject
,
5981 IN FILE_INFORMATION_CLASS FileInformationClass
,
5983 OUT PVOID FileInformation
,
5984 OUT PULONG ReturnedLength
);
5989 IoQueryVolumeInformation(
5990 IN PFILE_OBJECT FileObject
,
5991 IN FS_INFORMATION_CLASS FsInformationClass
,
5993 OUT PVOID FsInformation
,
5994 OUT PULONG ReturnedLength
);
6005 IoRegisterFileSystem(
6006 IN PDEVICE_OBJECT DeviceObject
);
6011 IoRegisterFsRegistrationChange(
6012 IN PDRIVER_OBJECT DriverObject
,
6013 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
);
6018 IoReleaseVpbSpinLock(
6024 IoSetDeviceToVerify(
6026 IN PDEVICE_OBJECT DeviceObject OPTIONAL
);
6032 IN PFILE_OBJECT FileObject
,
6033 IN FILE_INFORMATION_CLASS FileInformationClass
,
6035 IN PVOID FileInformation
);
6041 IN PIRP Irp OPTIONAL
);
6047 IN PDEVICE_OBJECT DeviceObject
,
6048 IN BOOLEAN Cancelable
);
6053 IoStartNextPacketByKey(
6054 IN PDEVICE_OBJECT DeviceObject
,
6055 IN BOOLEAN Cancelable
,
6062 IN PDEVICE_OBJECT DeviceObject
,
6064 IN PULONG Key OPTIONAL
,
6065 IN PDRIVER_CANCEL CancelFunction OPTIONAL
);
6071 IN PDEVICE_OBJECT DeviceObject
);
6077 IN PDEVICE_OBJECT DeviceObject
);
6082 IoSynchronousPageWrite(
6083 IN PFILE_OBJECT FileObject
,
6085 IN PLARGE_INTEGER FileOffset
,
6087 OUT PIO_STATUS_BLOCK IoStatusBlock
);
6093 IN PETHREAD Thread
);
6098 IoUnregisterFileSystem(
6099 IN PDEVICE_OBJECT DeviceObject
);
6104 IoUnregisterFsRegistrationChange(
6105 IN PDRIVER_OBJECT DriverObject
,
6106 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
);
6112 IN PDEVICE_OBJECT DeviceObject
,
6113 IN BOOLEAN AllowRawMount
);
6118 IoWriteErrorLogEntry(
6124 IoGetRequestorSessionId(
6126 OUT PULONG pSessionId
);
6128 #endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */
6130 #if (NTDDI_VERSION >= NTDDI_WINXP)
6135 IoCreateStreamFileObjectEx(
6136 IN PFILE_OBJECT FileObject OPTIONAL
,
6137 IN PDEVICE_OBJECT DeviceObject OPTIONAL
,
6138 OUT PHANDLE FileObjectHandle OPTIONAL
);
6143 IoQueryFileDosDeviceName(
6144 IN PFILE_OBJECT FileObject
,
6145 OUT POBJECT_NAME_INFORMATION
*ObjectNameInformation
);
6149 IoSetStartIoAttributes(
6150 IN PDEVICE_OBJECT DeviceObject
,
6151 IN BOOLEAN DeferredStartIo
,
6152 IN BOOLEAN NonCancelable
);
6157 IoEnumerateDeviceObjectList(
6158 IN PDRIVER_OBJECT DriverObject
,
6159 OUT PDEVICE_OBJECT
*DeviceObjectList
,
6160 IN ULONG DeviceObjectListSize
,
6161 OUT PULONG ActualNumberDeviceObjects
);
6166 IoGetLowerDeviceObject(
6167 IN PDEVICE_OBJECT DeviceObject
);
6172 IoGetDeviceAttachmentBaseRef(
6173 IN PDEVICE_OBJECT DeviceObject
);
6178 IoGetDiskDeviceObject(
6179 IN PDEVICE_OBJECT FileSystemDeviceObject
,
6180 OUT PDEVICE_OBJECT
*DiskDeviceObject
);
6184 #if (NTDDI_VERSION >= NTDDI_WS03SP1)
6188 IoEnumerateRegisteredFiltersList(
6189 OUT PDRIVER_OBJECT
*DriverObjectList
,
6190 IN ULONG DriverObjectListSize
,
6191 OUT PULONG ActualNumberDriverObjects
);
6194 #if (NTDDI_VERSION >= NTDDI_VISTA)
6198 IoInitializePriorityInfo(
6199 IN PIO_PRIORITY_INFO PriorityInfo
)
6201 PriorityInfo
->Size
= sizeof(IO_PRIORITY_INFO
);
6202 PriorityInfo
->ThreadPriority
= 0xffff;
6203 PriorityInfo
->IoPriority
= IoPriorityNormal
;
6204 PriorityInfo
->PagePriority
= 0;
6208 #if (NTDDI_VERSION >= NTDDI_WIN7)
6213 IoRegisterFsRegistrationChangeMountAware(
6214 IN PDRIVER_OBJECT DriverObject
,
6215 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
,
6216 IN BOOLEAN SynchronizeWithMounts
);
6221 IoReplaceFileObjectName(
6222 IN PFILE_OBJECT FileObject
,
6223 IN PWSTR NewFileName
,
6224 IN USHORT FileNameLength
);
6228 #define IoIsFileOpenedExclusively(FileObject) ( \
6230 (FileObject)->SharedRead || \
6231 (FileObject)->SharedWrite || \
6232 (FileObject)->SharedDelete \
6236 #define IoSizeOfIrp( StackSize ) \
6237 ((USHORT) (sizeof( IRP ) + ((StackSize) * (sizeof( IO_STACK_LOCATION )))))
6239 #if (NTDDI_VERSION >= NTDDI_VISTA)
6240 typedef struct _IO_PRIORITY_INFO
{
6242 ULONG ThreadPriority
;
6244 IO_PRIORITY_HINT IoPriority
;
6245 } IO_PRIORITY_INFO
, *PIO_PRIORITY_INFO
;
6248 #pragma pack(push,4)
6250 #ifndef VER_PRODUCTBUILD
6251 #define VER_PRODUCTBUILD 10000
6257 extern PUCHAR FsRtlLegalAnsiCharacterArray
;
6259 extern DECLSPEC_IMPORT PUCHAR FsRtlLegalAnsiCharacterArray
;
6261 extern PACL SePublicDefaultDacl
;
6262 extern PACL SeSystemDefaultDacl
;
6264 #define FS_LFN_APIS 0x00004000
6266 #define FILE_STORAGE_TYPE_SPECIFIED 0x00000041 /* FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE */
6267 #define FILE_STORAGE_TYPE_DEFAULT (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT)
6268 #define FILE_STORAGE_TYPE_DIRECTORY (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT)
6269 #define FILE_STORAGE_TYPE_FILE (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT)
6270 #define FILE_STORAGE_TYPE_DOCFILE (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT)
6271 #define FILE_STORAGE_TYPE_JUNCTION_POINT (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT)
6272 #define FILE_STORAGE_TYPE_CATALOG (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT)
6273 #define FILE_STORAGE_TYPE_STRUCTURED_STORAGE (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT)
6274 #define FILE_STORAGE_TYPE_EMBEDDING (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT)
6275 #define FILE_STORAGE_TYPE_STREAM (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT)
6276 #define FILE_MINIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_DEFAULT
6277 #define FILE_MAXIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_STREAM
6278 #define FILE_STORAGE_TYPE_MASK 0x000f0000
6279 #define FILE_STORAGE_TYPE_SHIFT 16
6281 #define FILE_VC_QUOTAS_LOG_VIOLATIONS 0x00000004
6283 #define FSRTL_FLAG_FILE_MODIFIED (0x01)
6284 #define FSRTL_FLAG_FILE_LENGTH_CHANGED (0x02)
6285 #define FSRTL_FLAG_LIMIT_MODIFIED_PAGES (0x04)
6286 #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_EX (0x08)
6287 #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_SH (0x10)
6288 #define FSRTL_FLAG_USER_MAPPED_FILE (0x20)
6289 #define FSRTL_FLAG_ADVANCED_HEADER (0x40)
6290 #define FSRTL_FLAG_EOF_ADVANCE_ACTIVE (0x80)
6292 #define FSRTL_FLAG2_DO_MODIFIED_WRITE (0x01)
6293 #define FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS (0x02)
6294 #define FSRTL_FLAG2_PURGE_WHEN_MAPPED (0x04)
6295 #define FSRTL_FLAG2_IS_PAGING_FILE (0x08)
6297 #define FSRTL_FSP_TOP_LEVEL_IRP (0x01)
6298 #define FSRTL_CACHE_TOP_LEVEL_IRP (0x02)
6299 #define FSRTL_MOD_WRITE_TOP_LEVEL_IRP (0x03)
6300 #define FSRTL_FAST_IO_TOP_LEVEL_IRP (0x04)
6301 #define FSRTL_MAX_TOP_LEVEL_IRP_FLAG (0x04)
6303 #define FSRTL_VOLUME_DISMOUNT 1
6304 #define FSRTL_VOLUME_DISMOUNT_FAILED 2
6305 #define FSRTL_VOLUME_LOCK 3
6306 #define FSRTL_VOLUME_LOCK_FAILED 4
6307 #define FSRTL_VOLUME_UNLOCK 5
6308 #define FSRTL_VOLUME_MOUNT 6
6310 #define FSRTL_WILD_CHARACTER 0x08
6312 #define FSRTL_FAT_LEGAL 0x01
6313 #define FSRTL_HPFS_LEGAL 0x02
6314 #define FSRTL_NTFS_LEGAL 0x04
6315 #define FSRTL_WILD_CHARACTER 0x08
6316 #define FSRTL_OLE_LEGAL 0x10
6317 #define FSRTL_NTFS_STREAM_LEGAL 0x14
6320 #define HARDWARE_PTE HARDWARE_PTE_X86
6321 #define PHARDWARE_PTE PHARDWARE_PTE_X86
6324 #define IO_CHECK_CREATE_PARAMETERS 0x0200
6325 #define IO_ATTACH_DEVICE 0x0400
6327 #define IO_ATTACH_DEVICE_API 0x80000000
6329 #define IO_TYPE_APC 18
6330 #define IO_TYPE_DPC 19
6331 #define IO_TYPE_DEVICE_QUEUE 20
6332 #define IO_TYPE_EVENT_PAIR 21
6333 #define IO_TYPE_INTERRUPT 22
6334 #define IO_TYPE_PROFILE 23
6336 #define IRP_BEING_VERIFIED 0x10
6338 #define MAILSLOT_CLASS_FIRSTCLASS 1
6339 #define MAILSLOT_CLASS_SECONDCLASS 2
6341 #define MAILSLOT_SIZE_AUTO 0
6343 #define MEM_DOS_LIM 0x40000000
6345 #define MCB_FLAG_RAISE_ON_ALLOCATION_FAILURE 1
6347 #define OB_TYPE_TYPE 1
6348 #define OB_TYPE_DIRECTORY 2
6349 #define OB_TYPE_SYMBOLIC_LINK 3
6350 #define OB_TYPE_TOKEN 4
6351 #define OB_TYPE_PROCESS 5
6352 #define OB_TYPE_THREAD 6
6353 #define OB_TYPE_EVENT 7
6354 #define OB_TYPE_EVENT_PAIR 8
6355 #define OB_TYPE_MUTANT 9
6356 #define OB_TYPE_SEMAPHORE 10
6357 #define OB_TYPE_TIMER 11
6358 #define OB_TYPE_PROFILE 12
6359 #define OB_TYPE_WINDOW_STATION 13
6360 #define OB_TYPE_DESKTOP 14
6361 #define OB_TYPE_SECTION 15
6362 #define OB_TYPE_KEY 16
6363 #define OB_TYPE_PORT 17
6364 #define OB_TYPE_ADAPTER 18
6365 #define OB_TYPE_CONTROLLER 19
6366 #define OB_TYPE_DEVICE 20
6367 #define OB_TYPE_DRIVER 21
6368 #define OB_TYPE_IO_COMPLETION 22
6369 #define OB_TYPE_FILE 23
6371 #define PIN_WAIT (1)
6372 #define PIN_EXCLUSIVE (2)
6373 #define PIN_NO_READ (4)
6374 #define PIN_IF_BCB (8)
6376 #define SEC_BASED 0x00200000
6378 #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
6379 #define SECURITY_WORLD_RID (0x00000000L)
6383 #define TOKEN_HAS_ADMIN_GROUP 0x08
6385 #define VACB_MAPPING_GRANULARITY (0x40000)
6386 #define VACB_OFFSET_SHIFT (18)
6388 #if (VER_PRODUCTBUILD >= 1381)
6389 #define FSCTL_GET_HFS_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS)
6390 #endif /* (VER_PRODUCTBUILD >= 1381) */
6392 #if (VER_PRODUCTBUILD >= 2195)
6394 #define FSCTL_READ_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS)
6395 #define FSCTL_WRITE_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS)
6397 #define FSCTL_DUMP_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS)
6399 #define FSCTL_HSM_MSG CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
6400 #define FSCTL_NSS_CONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 67, METHOD_BUFFERED, FILE_WRITE_DATA)
6401 #define FSCTL_HSM_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
6402 #define FSCTL_NSS_RCONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 70, METHOD_BUFFERED, FILE_READ_DATA)
6403 #endif /* (VER_PRODUCTBUILD >= 2195) */
6405 #define FSCTL_NETWORK_SET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
6406 #define FSCTL_NETWORK_GET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
6407 #define FSCTL_NETWORK_GET_CONNECTION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS)
6408 #define FSCTL_NETWORK_ENUMERATE_CONNECTIONS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS)
6409 #define FSCTL_NETWORK_DELETE_CONNECTION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS)
6410 #define FSCTL_NETWORK_GET_STATISTICS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 116, METHOD_BUFFERED, FILE_ANY_ACCESS)
6411 #define FSCTL_NETWORK_SET_DOMAIN_NAME CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS)
6412 #define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS)
6414 #define IOCTL_REDIR_QUERY_PATH CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS)
6416 typedef PVOID OPLOCK
, *POPLOCK
;
6421 struct _RTL_AVL_TABLE
;
6422 struct _RTL_GENERIC_TABLE
;
6430 typedef PVOID PNOTIFY_SYNC
;
6432 typedef enum _FAST_IO_POSSIBLE
{
6433 FastIoIsNotPossible
,
6435 FastIoIsQuestionable
6438 typedef enum _FILE_STORAGE_TYPE
{
6439 StorageTypeDefault
= 1,
6440 StorageTypeDirectory
,
6442 StorageTypeJunctionPoint
,
6444 StorageTypeStructuredStorage
,
6445 StorageTypeEmbedding
,
6447 } FILE_STORAGE_TYPE
;
6449 typedef struct _OBJECT_BASIC_INFORMATION
6452 ACCESS_MASK GrantedAccess
;
6455 ULONG PagedPoolCharge
;
6456 ULONG NonPagedPoolCharge
;
6457 ULONG Reserved
[ 3 ];
6460 ULONG SecurityDescriptorSize
;
6461 LARGE_INTEGER CreationTime
;
6462 } OBJECT_BASIC_INFORMATION
, *POBJECT_BASIC_INFORMATION
;
6464 typedef struct _BITMAP_RANGE
{
6467 ULONG FirstDirtyPage
;
6468 ULONG LastDirtyPage
;
6471 } BITMAP_RANGE
, *PBITMAP_RANGE
;
6473 typedef struct _CACHE_UNINITIALIZE_EVENT
{
6474 struct _CACHE_UNINITIALIZE_EVENT
*Next
;
6476 } CACHE_UNINITIALIZE_EVENT
, *PCACHE_UNINITIALIZE_EVENT
;
6478 typedef struct _CC_FILE_SIZES
{
6479 LARGE_INTEGER AllocationSize
;
6480 LARGE_INTEGER FileSize
;
6481 LARGE_INTEGER ValidDataLength
;
6482 } CC_FILE_SIZES
, *PCC_FILE_SIZES
;
6484 typedef struct _FILE_COPY_ON_WRITE_INFORMATION
{
6485 BOOLEAN ReplaceIfExists
;
6486 HANDLE RootDirectory
;
6487 ULONG FileNameLength
;
6489 } FILE_COPY_ON_WRITE_INFORMATION
, *PFILE_COPY_ON_WRITE_INFORMATION
;
6491 typedef struct _FILE_FULL_DIRECTORY_INFORMATION
{
6492 ULONG NextEntryOffset
;
6494 LARGE_INTEGER CreationTime
;
6495 LARGE_INTEGER LastAccessTime
;
6496 LARGE_INTEGER LastWriteTime
;
6497 LARGE_INTEGER ChangeTime
;
6498 LARGE_INTEGER EndOfFile
;
6499 LARGE_INTEGER AllocationSize
;
6500 ULONG FileAttributes
;
6501 ULONG FileNameLength
;
6503 WCHAR FileName
[ANYSIZE_ARRAY
];
6504 } FILE_FULL_DIRECTORY_INFORMATION
, *PFILE_FULL_DIRECTORY_INFORMATION
;
6506 typedef struct _FILE_FS_FULL_SIZE_INFORMATION
{
6507 LARGE_INTEGER TotalAllocationUnits
;
6508 LARGE_INTEGER CallerAvailableAllocationUnits
;
6509 LARGE_INTEGER ActualAvailableAllocationUnits
;
6510 ULONG SectorsPerAllocationUnit
;
6511 ULONG BytesPerSector
;
6512 } FILE_FS_FULL_SIZE_INFORMATION
, *PFILE_FS_FULL_SIZE_INFORMATION
;
6514 typedef struct _FILE_FS_LABEL_INFORMATION
{
6515 ULONG VolumeLabelLength
;
6516 WCHAR VolumeLabel
[1];
6517 } FILE_FS_LABEL_INFORMATION
, *PFILE_FS_LABEL_INFORMATION
;
6519 #if (VER_PRODUCTBUILD >= 2195)
6521 typedef struct _FILE_FS_OBJECT_ID_INFORMATION
{
6523 UCHAR ExtendedInfo
[48];
6524 } FILE_FS_OBJECT_ID_INFORMATION
, *PFILE_FS_OBJECT_ID_INFORMATION
;
6526 #endif /* (VER_PRODUCTBUILD >= 2195) */
6528 typedef struct _FILE_FS_SIZE_INFORMATION
{
6529 LARGE_INTEGER TotalAllocationUnits
;
6530 LARGE_INTEGER AvailableAllocationUnits
;
6531 ULONG SectorsPerAllocationUnit
;
6532 ULONG BytesPerSector
;
6533 } FILE_FS_SIZE_INFORMATION
, *PFILE_FS_SIZE_INFORMATION
;
6535 typedef struct _FILE_FS_VOLUME_INFORMATION
{
6536 LARGE_INTEGER VolumeCreationTime
;
6537 ULONG VolumeSerialNumber
;
6538 ULONG VolumeLabelLength
;
6539 BOOLEAN SupportsObjects
;
6540 WCHAR VolumeLabel
[1];
6541 } FILE_FS_VOLUME_INFORMATION
, *PFILE_FS_VOLUME_INFORMATION
;
6543 typedef struct _FILE_FS_OBJECTID_INFORMATION
6546 UCHAR ExtendedInfo
[48];
6547 } FILE_FS_OBJECTID_INFORMATION
, *PFILE_FS_OBJECTID_INFORMATION
;
6549 typedef struct _FILE_LOCK_INFO
6551 LARGE_INTEGER StartingByte
;
6552 LARGE_INTEGER Length
;
6553 BOOLEAN ExclusiveLock
;
6555 PFILE_OBJECT FileObject
;
6557 LARGE_INTEGER EndingByte
;
6558 } FILE_LOCK_INFO
, *PFILE_LOCK_INFO
;
6560 /* raw internal file lock struct returned from FsRtlGetNextFileLock */
6561 typedef struct _FILE_SHARED_LOCK_ENTRY
{
6564 FILE_LOCK_INFO FileLock
;
6565 } FILE_SHARED_LOCK_ENTRY
, *PFILE_SHARED_LOCK_ENTRY
;
6567 /* raw internal file lock struct returned from FsRtlGetNextFileLock */
6568 typedef struct _FILE_EXCLUSIVE_LOCK_ENTRY
{
6569 LIST_ENTRY ListEntry
;
6572 FILE_LOCK_INFO FileLock
;
6573 } FILE_EXCLUSIVE_LOCK_ENTRY
, *PFILE_EXCLUSIVE_LOCK_ENTRY
;
6575 typedef NTSTATUS (NTAPI
*PCOMPLETE_LOCK_IRP_ROUTINE
) (
6580 typedef VOID (NTAPI
*PUNLOCK_ROUTINE
) (
6582 IN PFILE_LOCK_INFO FileLockInfo
6585 typedef struct _FILE_LOCK
{
6586 PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine
;
6587 PUNLOCK_ROUTINE UnlockRoutine
;
6588 BOOLEAN FastIoIsQuestionable
;
6590 PVOID LockInformation
;
6591 FILE_LOCK_INFO LastReturnedLockInfo
;
6592 PVOID LastReturnedLock
;
6593 } FILE_LOCK
, *PFILE_LOCK
;
6595 typedef struct _FILE_MAILSLOT_PEEK_BUFFER
{
6596 ULONG ReadDataAvailable
;
6597 ULONG NumberOfMessages
;
6598 ULONG MessageLength
;
6599 } FILE_MAILSLOT_PEEK_BUFFER
, *PFILE_MAILSLOT_PEEK_BUFFER
;
6601 typedef struct _FILE_OLE_CLASSID_INFORMATION
{
6603 } FILE_OLE_CLASSID_INFORMATION
, *PFILE_OLE_CLASSID_INFORMATION
;
6605 typedef struct _FILE_OLE_ALL_INFORMATION
{
6606 FILE_BASIC_INFORMATION BasicInformation
;
6607 FILE_STANDARD_INFORMATION StandardInformation
;
6608 FILE_INTERNAL_INFORMATION InternalInformation
;
6609 FILE_EA_INFORMATION EaInformation
;
6610 FILE_ACCESS_INFORMATION AccessInformation
;
6611 FILE_POSITION_INFORMATION PositionInformation
;
6612 FILE_MODE_INFORMATION ModeInformation
;
6613 FILE_ALIGNMENT_INFORMATION AlignmentInformation
;
6616 LARGE_INTEGER SecurityChangeTime
;
6617 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation
;
6618 FILE_OBJECTID_INFORMATION ObjectIdInformation
;
6619 FILE_STORAGE_TYPE StorageType
;
6622 ULONG NumberOfStreamReferences
;
6625 BOOLEAN ContentIndexDisable
;
6626 BOOLEAN InheritContentIndexDisable
;
6627 FILE_NAME_INFORMATION NameInformation
;
6628 } FILE_OLE_ALL_INFORMATION
, *PFILE_OLE_ALL_INFORMATION
;
6630 typedef struct _FILE_OLE_DIR_INFORMATION
{
6631 ULONG NextEntryOffset
;
6633 LARGE_INTEGER CreationTime
;
6634 LARGE_INTEGER LastAccessTime
;
6635 LARGE_INTEGER LastWriteTime
;
6636 LARGE_INTEGER ChangeTime
;
6637 LARGE_INTEGER EndOfFile
;
6638 LARGE_INTEGER AllocationSize
;
6639 ULONG FileAttributes
;
6640 ULONG FileNameLength
;
6641 FILE_STORAGE_TYPE StorageType
;
6644 BOOLEAN ContentIndexDisable
;
6645 BOOLEAN InheritContentIndexDisable
;
6647 } FILE_OLE_DIR_INFORMATION
, *PFILE_OLE_DIR_INFORMATION
;
6649 typedef struct _FILE_OLE_INFORMATION
{
6650 LARGE_INTEGER SecurityChangeTime
;
6651 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation
;
6652 FILE_OBJECTID_INFORMATION ObjectIdInformation
;
6653 FILE_STORAGE_TYPE StorageType
;
6655 BOOLEAN ContentIndexDisable
;
6656 BOOLEAN InheritContentIndexDisable
;
6657 } FILE_OLE_INFORMATION
, *PFILE_OLE_INFORMATION
;
6659 typedef struct _FILE_OLE_STATE_BITS_INFORMATION
{
6661 ULONG StateBitsMask
;
6662 } FILE_OLE_STATE_BITS_INFORMATION
, *PFILE_OLE_STATE_BITS_INFORMATION
;
6664 #define FSRTL_FCB_HEADER_V0 (0x00)
6665 #define FSRTL_FCB_HEADER_V1 (0x01)
6668 typedef struct _FSRTL_COMMON_FCB_HEADER
{
6669 CSHORT NodeTypeCode
;
6670 CSHORT NodeByteSize
;
6672 UCHAR IsFastIoPossible
;
6673 #if (VER_PRODUCTBUILD >= 1381)
6676 #endif /* (VER_PRODUCTBUILD >= 1381) */
6677 PERESOURCE Resource
;
6678 PERESOURCE PagingIoResource
;
6679 LARGE_INTEGER AllocationSize
;
6680 LARGE_INTEGER FileSize
;
6681 LARGE_INTEGER ValidDataLength
;
6682 } FSRTL_COMMON_FCB_HEADER
, *PFSRTL_COMMON_FCB_HEADER
;
6684 typedef enum _FSRTL_COMPARISON_RESULT
6689 } FSRTL_COMPARISON_RESULT
;
6691 #if (VER_PRODUCTBUILD >= 2600)
6693 typedef struct _FSRTL_ADVANCED_FCB_HEADER
{
6694 CSHORT NodeTypeCode
;
6695 CSHORT NodeByteSize
;
6697 UCHAR IsFastIoPossible
;
6701 PERESOURCE Resource
;
6702 PERESOURCE PagingIoResource
;
6703 LARGE_INTEGER AllocationSize
;
6704 LARGE_INTEGER FileSize
;
6705 LARGE_INTEGER ValidDataLength
;
6706 PFAST_MUTEX FastMutex
;
6707 LIST_ENTRY FilterContexts
;
6708 EX_PUSH_LOCK PushLock
;
6709 PVOID
*FileContextSupportPointer
;
6710 } FSRTL_ADVANCED_FCB_HEADER
, *PFSRTL_ADVANCED_FCB_HEADER
;
6712 typedef struct _FSRTL_PER_STREAM_CONTEXT
{
6716 PFREE_FUNCTION FreeCallback
;
6717 } FSRTL_PER_STREAM_CONTEXT
, *PFSRTL_PER_STREAM_CONTEXT
;
6719 typedef struct _FSRTL_PER_FILEOBJECT_CONTEXT
6724 } FSRTL_PER_FILEOBJECT_CONTEXT
, *PFSRTL_PER_FILEOBJECT_CONTEXT
;
6726 #endif /* (VER_PRODUCTBUILD >= 2600) */
6728 typedef struct _BASE_MCB
6730 ULONG MaximumPairCount
;
6735 } BASE_MCB
, *PBASE_MCB
;
6737 typedef struct _LARGE_MCB
6739 PKGUARDED_MUTEX GuardedMutex
;
6741 } LARGE_MCB
, *PLARGE_MCB
;
6745 LARGE_MCB DummyFieldThatSizesThisStructureCorrectly
;
6748 typedef struct _MAPPING_PAIR
{
6751 } MAPPING_PAIR
, *PMAPPING_PAIR
;
6753 typedef struct _GET_RETRIEVAL_DESCRIPTOR
{
6754 ULONG NumberOfPairs
;
6756 MAPPING_PAIR Pair
[1];
6757 } GET_RETRIEVAL_DESCRIPTOR
, *PGET_RETRIEVAL_DESCRIPTOR
;
6759 #define ASSERT_QUEUE(Q) ASSERT(((Q)->Header.Type & KOBJECT_TYPE_MASK) == QueueObject);
6761 typedef struct _MBCB
{
6762 CSHORT NodeTypeCode
;
6763 CSHORT NodeIsInZone
;
6767 LIST_ENTRY BitmapRanges
;
6768 LONGLONG ResumeWritePage
;
6769 BITMAP_RANGE BitmapRange1
;
6770 BITMAP_RANGE BitmapRange2
;
6771 BITMAP_RANGE BitmapRange3
;
6774 typedef enum _MMFLUSH_TYPE
{
6779 typedef struct _MOVEFILE_DESCRIPTOR
{
6782 LARGE_INTEGER StartVcn
;
6783 LARGE_INTEGER TargetLcn
;
6786 } MOVEFILE_DESCRIPTOR
, *PMOVEFILE_DESCRIPTOR
;
6788 typedef struct _OBJECT_BASIC_INFO
{
6790 ACCESS_MASK GrantedAccess
;
6792 ULONG ReferenceCount
;
6793 ULONG PagedPoolUsage
;
6794 ULONG NonPagedPoolUsage
;
6796 ULONG NameInformationLength
;
6797 ULONG TypeInformationLength
;
6798 ULONG SecurityDescriptorLength
;
6799 LARGE_INTEGER CreateTime
;
6800 } OBJECT_BASIC_INFO
, *POBJECT_BASIC_INFO
;
6802 typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFO
{
6804 BOOLEAN ProtectFromClose
;
6805 } OBJECT_HANDLE_ATTRIBUTE_INFO
, *POBJECT_HANDLE_ATTRIBUTE_INFO
;
6807 typedef struct _OBJECT_NAME_INFO
{
6808 UNICODE_STRING ObjectName
;
6809 WCHAR ObjectNameBuffer
[1];
6810 } OBJECT_NAME_INFO
, *POBJECT_NAME_INFO
;
6812 typedef struct _OBJECT_PROTECTION_INFO
{
6814 BOOLEAN ProtectHandle
;
6815 } OBJECT_PROTECTION_INFO
, *POBJECT_PROTECTION_INFO
;
6817 typedef struct _OBJECT_TYPE_INFO
{
6818 UNICODE_STRING ObjectTypeName
;
6819 UCHAR Unknown
[0x58];
6820 WCHAR ObjectTypeNameBuffer
[1];
6821 } OBJECT_TYPE_INFO
, *POBJECT_TYPE_INFO
;
6823 typedef struct _OBJECT_ALL_TYPES_INFO
{
6824 ULONG NumberOfObjectTypes
;
6825 OBJECT_TYPE_INFO ObjectsTypeInfo
[1];
6826 } OBJECT_ALL_TYPES_INFO
, *POBJECT_ALL_TYPES_INFO
;
6828 typedef enum _RTL_GENERIC_COMPARE_RESULTS
6833 } RTL_GENERIC_COMPARE_RESULTS
;
6835 typedef enum _TABLE_SEARCH_RESULT
6841 } TABLE_SEARCH_RESULT
;
6844 (NTAPI
*PRTL_AVL_MATCH_FUNCTION
)(
6845 struct _RTL_AVL_TABLE
*Table
,
6850 typedef RTL_GENERIC_COMPARE_RESULTS
6851 (NTAPI
*PRTL_AVL_COMPARE_ROUTINE
) (
6852 struct _RTL_AVL_TABLE
*Table
,
6857 typedef RTL_GENERIC_COMPARE_RESULTS
6858 (NTAPI
*PRTL_GENERIC_COMPARE_ROUTINE
) (
6859 struct _RTL_GENERIC_TABLE
*Table
,
6865 (NTAPI
*PRTL_GENERIC_ALLOCATE_ROUTINE
) (
6866 struct _RTL_GENERIC_TABLE
*Table
,
6871 (NTAPI
*PRTL_GENERIC_FREE_ROUTINE
) (
6872 struct _RTL_GENERIC_TABLE
*Table
,
6877 (NTAPI
*PRTL_AVL_ALLOCATE_ROUTINE
) (
6878 struct _RTL_AVL_TABLE
*Table
,
6883 (NTAPI
*PRTL_AVL_FREE_ROUTINE
) (
6884 struct _RTL_AVL_TABLE
*Table
,
6888 typedef struct _PUBLIC_BCB
{
6889 CSHORT NodeTypeCode
;
6890 CSHORT NodeByteSize
;
6892 LARGE_INTEGER MappedFileOffset
;
6893 } PUBLIC_BCB
, *PPUBLIC_BCB
;
6895 typedef struct _QUERY_PATH_REQUEST
{
6896 ULONG PathNameLength
;
6897 PIO_SECURITY_CONTEXT SecurityContext
;
6898 WCHAR FilePathName
[1];
6899 } QUERY_PATH_REQUEST
, *PQUERY_PATH_REQUEST
;
6901 typedef struct _QUERY_PATH_RESPONSE
{
6902 ULONG LengthAccepted
;
6903 } QUERY_PATH_RESPONSE
, *PQUERY_PATH_RESPONSE
;
6905 typedef struct _RTL_BALANCED_LINKS
6907 struct _RTL_BALANCED_LINKS
*Parent
;
6908 struct _RTL_BALANCED_LINKS
*LeftChild
;
6909 struct _RTL_BALANCED_LINKS
*RightChild
;
6912 } RTL_BALANCED_LINKS
, *PRTL_BALANCED_LINKS
;
6914 typedef struct _RTL_GENERIC_TABLE
6916 PRTL_SPLAY_LINKS TableRoot
;
6917 LIST_ENTRY InsertOrderList
;
6918 PLIST_ENTRY OrderedPointer
;
6919 ULONG WhichOrderedElement
;
6920 ULONG NumberGenericTableElements
;
6921 PRTL_GENERIC_COMPARE_ROUTINE CompareRoutine
;
6922 PRTL_GENERIC_ALLOCATE_ROUTINE AllocateRoutine
;
6923 PRTL_GENERIC_FREE_ROUTINE FreeRoutine
;
6925 } RTL_GENERIC_TABLE
, *PRTL_GENERIC_TABLE
;
6927 #undef PRTL_GENERIC_COMPARE_ROUTINE
6928 #undef PRTL_GENERIC_ALLOCATE_ROUTINE
6929 #undef PRTL_GENERIC_FREE_ROUTINE
6930 #undef RTL_GENERIC_TABLE
6931 #undef PRTL_GENERIC_TABLE
6933 #define PRTL_GENERIC_COMPARE_ROUTINE PRTL_AVL_COMPARE_ROUTINE
6934 #define PRTL_GENERIC_ALLOCATE_ROUTINE PRTL_AVL_ALLOCATE_ROUTINE
6935 #define PRTL_GENERIC_FREE_ROUTINE PRTL_AVL_FREE_ROUTINE
6936 #define RTL_GENERIC_TABLE RTL_AVL_TABLE
6937 #define PRTL_GENERIC_TABLE PRTL_AVL_TABLE
6939 #define RtlInitializeGenericTable RtlInitializeGenericTableAvl
6940 #define RtlInsertElementGenericTable RtlInsertElementGenericTableAvl
6941 #define RtlInsertElementGenericTableFull RtlInsertElementGenericTableFullAvl
6942 #define RtlDeleteElementGenericTable RtlDeleteElementGenericTableAvl
6943 #define RtlLookupElementGenericTable RtlLookupElementGenericTableAvl
6944 #define RtlLookupElementGenericTableFull RtlLookupElementGenericTableFullAvl
6945 #define RtlEnumerateGenericTable RtlEnumerateGenericTableAvl
6946 #define RtlEnumerateGenericTableWithoutSplaying RtlEnumerateGenericTableWithoutSplayingAvl
6947 #define RtlGetElementGenericTable RtlGetElementGenericTableAvl
6948 #define RtlNumberGenericTableElements RtlNumberGenericTableElementsAvl
6949 #define RtlIsGenericTableEmpty RtlIsGenericTableEmptyAvl
6951 typedef struct _RTL_AVL_TABLE
6953 RTL_BALANCED_LINKS BalancedRoot
;
6954 PVOID OrderedPointer
;
6955 ULONG WhichOrderedElement
;
6956 ULONG NumberGenericTableElements
;
6958 PRTL_BALANCED_LINKS RestartKey
;
6960 PRTL_AVL_COMPARE_ROUTINE CompareRoutine
;
6961 PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine
;
6962 PRTL_AVL_FREE_ROUTINE FreeRoutine
;
6964 } RTL_AVL_TABLE
, *PRTL_AVL_TABLE
;
6969 RtlInitializeGenericTableAvl(
6970 PRTL_AVL_TABLE Table
,
6971 PRTL_AVL_COMPARE_ROUTINE CompareRoutine
,
6972 PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine
,
6973 PRTL_AVL_FREE_ROUTINE FreeRoutine
,
6980 RtlInsertElementGenericTableAvl (
6981 PRTL_AVL_TABLE Table
,
6984 PBOOLEAN NewElement OPTIONAL
6990 RtlDeleteElementGenericTableAvl (
6991 PRTL_AVL_TABLE Table
,
6998 RtlLookupElementGenericTableAvl (
6999 PRTL_AVL_TABLE Table
,
7006 RtlEnumerateGenericTableWithoutSplayingAvl (
7007 PRTL_AVL_TABLE Table
,
7011 #if defined(USE_LPC6432)
7012 #define LPC_CLIENT_ID CLIENT_ID64
7013 #define LPC_SIZE_T ULONGLONG
7014 #define LPC_PVOID ULONGLONG
7015 #define LPC_HANDLE ULONGLONG
7017 #define LPC_CLIENT_ID CLIENT_ID
7018 #define LPC_SIZE_T SIZE_T
7019 #define LPC_PVOID PVOID
7020 #define LPC_HANDLE HANDLE
7023 typedef struct _PORT_MESSAGE
7039 CSHORT DataInfoOffset
;
7043 __GNU_EXTENSION
union
7045 LPC_CLIENT_ID ClientId
;
7046 double DoNotUseThisField
;
7049 __GNU_EXTENSION
union
7051 LPC_SIZE_T ClientViewSize
;
7054 } PORT_MESSAGE
, *PPORT_MESSAGE
;
7056 #define LPC_KERNELMODE_MESSAGE (CSHORT)((USHORT)0x8000)
7058 typedef struct _PORT_VIEW
7061 LPC_HANDLE SectionHandle
;
7062 ULONG SectionOffset
;
7063 LPC_SIZE_T ViewSize
;
7065 LPC_PVOID ViewRemoteBase
;
7066 } PORT_VIEW
, *PPORT_VIEW
;
7068 typedef struct _REMOTE_PORT_VIEW
7071 LPC_SIZE_T ViewSize
;
7073 } REMOTE_PORT_VIEW
, *PREMOTE_PORT_VIEW
;
7075 typedef struct _TUNNEL
{
7077 PRTL_SPLAY_LINKS Cache
;
7078 LIST_ENTRY TimerQueue
;
7082 typedef struct _VAD_HEADER
{
7085 struct _VAD_HEADER
* ParentLink
;
7086 struct _VAD_HEADER
* LeftLink
;
7087 struct _VAD_HEADER
* RightLink
;
7088 ULONG Flags
; /* LSB = CommitCharge */
7090 PVOID FirstProtoPte
;
7094 } VAD_HEADER
, *PVAD_HEADER
;
7096 #if (VER_PRODUCTBUILD >= 2600)
7099 (NTAPI
*PFILTER_REPORT_CHANGE
) (
7100 IN PVOID NotifyContext
,
7101 IN PVOID FilterContext
7104 typedef struct _READ_LIST
{
7105 PFILE_OBJECT FileObject
;
7106 ULONG NumberOfEntries
;
7108 FILE_SEGMENT_ELEMENT List
[ANYSIZE_ARRAY
];
7109 } READ_LIST
, *PREAD_LIST
;
7117 IN PFILE_OBJECT FileObject
,
7118 IN ULONG BytesToWrite
,
7127 IN PFILE_OBJECT FileObject
,
7128 IN PLARGE_INTEGER FileOffset
,
7132 OUT PIO_STATUS_BLOCK IoStatus
7139 IN PFILE_OBJECT FileObject
,
7140 IN PLARGE_INTEGER FileOffset
,
7146 #define CcCopyWriteWontFlush(FO, FOFF, LEN) ((LEN) <= 0x10000)
7148 typedef VOID (NTAPI
*PCC_POST_DEFERRED_WRITE
) (
7157 IN PFILE_OBJECT FileObject
,
7158 IN PCC_POST_DEFERRED_WRITE PostRoutine
,
7161 IN ULONG BytesToWrite
,
7169 IN PFILE_OBJECT FileObject
,
7170 IN ULONG FileOffset
,
7174 OUT PIO_STATUS_BLOCK IoStatus
7181 IN PFILE_OBJECT FileObject
,
7182 IN ULONG FileOffset
,
7191 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
7192 IN PLARGE_INTEGER FileOffset OPTIONAL
,
7194 OUT PIO_STATUS_BLOCK IoStatus OPTIONAL
7197 typedef VOID (NTAPI
*PDIRTY_PAGE_ROUTINE
) (
7198 IN PFILE_OBJECT FileObject
,
7199 IN PLARGE_INTEGER FileOffset
,
7201 IN PLARGE_INTEGER OldestLsn
,
7202 IN PLARGE_INTEGER NewestLsn
,
7212 IN PDIRTY_PAGE_ROUTINE DirtyPageRoutine
,
7220 CcGetFileObjectFromBcb (
7227 CcGetFileObjectFromSectionPtrs (
7228 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
7231 #define CcGetFileSizePointer(FO) ( \
7232 ((PLARGE_INTEGER)((FO)->SectionObjectPointer->SharedCacheMap) + 1) \
7235 #if (VER_PRODUCTBUILD >= 2195)
7240 CcGetFlushedValidData (
7241 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
7242 IN BOOLEAN BcbListHeld
7245 #endif /* (VER_PRODUCTBUILD >= 2195) */
7250 CcGetLsnForFileObject (
7251 IN PFILE_OBJECT FileObject
,
7252 OUT PLARGE_INTEGER OldestLsn OPTIONAL
7255 typedef BOOLEAN (NTAPI
*PACQUIRE_FOR_LAZY_WRITE
) (
7260 typedef VOID (NTAPI
*PRELEASE_FROM_LAZY_WRITE
) (
7264 typedef BOOLEAN (NTAPI
*PACQUIRE_FOR_READ_AHEAD
) (
7269 typedef VOID (NTAPI
*PRELEASE_FROM_READ_AHEAD
) (
7273 typedef struct _CACHE_MANAGER_CALLBACKS
{
7274 PACQUIRE_FOR_LAZY_WRITE AcquireForLazyWrite
;
7275 PRELEASE_FROM_LAZY_WRITE ReleaseFromLazyWrite
;
7276 PACQUIRE_FOR_READ_AHEAD AcquireForReadAhead
;
7277 PRELEASE_FROM_READ_AHEAD ReleaseFromReadAhead
;
7278 } CACHE_MANAGER_CALLBACKS
, *PCACHE_MANAGER_CALLBACKS
;
7283 CcInitializeCacheMap (
7284 IN PFILE_OBJECT FileObject
,
7285 IN PCC_FILE_SIZES FileSizes
,
7286 IN BOOLEAN PinAccess
,
7287 IN PCACHE_MANAGER_CALLBACKS Callbacks
,
7288 IN PVOID LazyWriteContext
7291 #define CcIsFileCached(FO) ( \
7292 ((FO)->SectionObjectPointer != NULL) && \
7293 (((PSECTION_OBJECT_POINTERS)(FO)->SectionObjectPointer)->SharedCacheMap != NULL) \
7296 extern ULONG CcFastMdlReadWait
;
7301 CcIsThereDirtyData (
7309 IN PFILE_OBJECT FileObject
,
7310 IN PLARGE_INTEGER FileOffset
,
7321 IN PFILE_OBJECT FileObject
,
7322 IN PLARGE_INTEGER FileOffset
,
7325 OUT PIO_STATUS_BLOCK IoStatus
7332 IN PFILE_OBJECT FileObject
,
7339 CcMdlWriteComplete (
7340 IN PFILE_OBJECT FileObject
,
7341 IN PLARGE_INTEGER FileOffset
,
7351 IN PFILE_OBJECT FileObject
,
7352 IN PLARGE_INTEGER FileOffset
,
7362 IN PFILE_OBJECT FileObject
,
7363 IN PLARGE_INTEGER FileOffset
,
7374 IN PFILE_OBJECT FileObject
,
7375 IN PLARGE_INTEGER FileOffset
,
7378 OUT PIO_STATUS_BLOCK IoStatus
7385 IN PFILE_OBJECT FileObject
,
7386 IN PLARGE_INTEGER FileOffset
,
7397 CcPurgeCacheSection (
7398 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
7399 IN PLARGE_INTEGER FileOffset OPTIONAL
,
7401 IN BOOLEAN UninitializeCacheMaps
7404 #define CcReadAhead(FO, FOFF, LEN) ( \
7405 if ((LEN) >= 256) { \
7406 CcScheduleReadAhead((FO), (FOFF), (LEN)); \
7410 #if (VER_PRODUCTBUILD >= 2195)
7419 #endif /* (VER_PRODUCTBUILD >= 2195) */
7431 CcScheduleReadAhead (
7432 IN PFILE_OBJECT FileObject
,
7433 IN PLARGE_INTEGER FileOffset
,
7440 CcSetAdditionalCacheAttributes (
7441 IN PFILE_OBJECT FileObject
,
7442 IN BOOLEAN DisableReadAhead
,
7443 IN BOOLEAN DisableWriteBehind
7449 CcSetBcbOwnerPointer (
7451 IN PVOID OwnerPointer
7457 CcSetDirtyPageThreshold (
7458 IN PFILE_OBJECT FileObject
,
7459 IN ULONG DirtyPageThreshold
7465 CcSetDirtyPinnedData (
7467 IN PLARGE_INTEGER Lsn OPTIONAL
7474 IN PFILE_OBJECT FileObject
,
7475 IN PCC_FILE_SIZES FileSizes
7478 typedef VOID (NTAPI
*PFLUSH_TO_LSN
) (
7480 IN LARGE_INTEGER Lsn
7486 CcSetLogHandleForFile (
7487 IN PFILE_OBJECT FileObject
,
7489 IN PFLUSH_TO_LSN FlushToLsnRoutine
7495 CcSetReadAheadGranularity (
7496 IN PFILE_OBJECT FileObject
,
7497 IN ULONG Granularity
/* default: PAGE_SIZE */
7498 /* allowed: 2^n * PAGE_SIZE */
7504 CcUninitializeCacheMap (
7505 IN PFILE_OBJECT FileObject
,
7506 IN PLARGE_INTEGER TruncateSize OPTIONAL
,
7507 IN PCACHE_UNINITIALIZE_EVENT UninitializeCompleteEvent OPTIONAL
7520 CcUnpinDataForThread (
7522 IN ERESOURCE_THREAD ResourceThreadId
7528 CcUnpinRepinnedBcb (
7530 IN BOOLEAN WriteThrough
,
7531 OUT PIO_STATUS_BLOCK IoStatus
7534 #if (VER_PRODUCTBUILD >= 2195)
7539 CcWaitForCurrentLazyWriterActivity (
7543 #endif /* (VER_PRODUCTBUILD >= 2195) */
7549 IN PFILE_OBJECT FileObject
,
7550 IN PLARGE_INTEGER StartOffset
,
7551 IN PLARGE_INTEGER EndOffset
,
7555 #if (VER_PRODUCTBUILD >= 2600)
7557 #ifndef __NTOSKRNL__
7561 ExInitializeRundownProtection (
7562 IN PEX_RUNDOWN_REF RunRef
7568 ExReInitializeRundownProtection (
7569 IN PEX_RUNDOWN_REF RunRef
7575 ExAcquireRundownProtection (
7576 IN PEX_RUNDOWN_REF RunRef
7582 ExAcquireRundownProtectionEx (
7583 IN PEX_RUNDOWN_REF RunRef
,
7590 ExReleaseRundownProtection (
7591 IN PEX_RUNDOWN_REF RunRef
7597 ExReleaseRundownProtectionEx (
7598 IN PEX_RUNDOWN_REF RunRef
,
7605 ExRundownCompleted (
7606 IN PEX_RUNDOWN_REF RunRef
7612 ExWaitForRundownProtectionRelease (
7613 IN PEX_RUNDOWN_REF RunRef
7617 #endif /* (VER_PRODUCTBUILD >= 2600) */
7620 #define FsRtlSetupAdvancedHeader( _advhdr, _fmutx ) \
7622 SetFlag( (_advhdr)->Flags, FSRTL_FLAG_ADVANCED_HEADER ); \
7623 SetFlag( (_advhdr)->Flags2, FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS ); \
7624 (_advhdr)->Version = FSRTL_FCB_HEADER_V1; \
7625 InitializeListHead( &(_advhdr)->FilterContexts ); \
7626 if ((_fmutx) != NULL) { \
7627 (_advhdr)->FastMutex = (_fmutx); \
7629 *((PULONG_PTR)(&(_advhdr)->PushLock)) = 0; \
7630 /*ExInitializePushLock( &(_advhdr)->PushLock ); API Not avaliable downlevel*/\
7631 (_advhdr)->FileContextSupportPointer = NULL; \
7637 FsRtlAddBaseMcbEntry (
7641 IN LONGLONG SectorCount
7647 FsRtlAddLargeMcbEntry (
7651 IN LONGLONG SectorCount
7661 IN ULONG SectorCount
7667 FsRtlAddToTunnelCache (
7669 IN ULONGLONG DirectoryKey
,
7670 IN PUNICODE_STRING ShortName
,
7671 IN PUNICODE_STRING LongName
,
7672 IN BOOLEAN KeyByShortName
,
7673 IN ULONG DataLength
,
7677 #if (VER_PRODUCTBUILD >= 2195)
7681 FsRtlAllocateFileLock (
7682 IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL
,
7683 IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL
7686 #endif /* (VER_PRODUCTBUILD >= 2195) */
7692 IN POOL_TYPE PoolType
,
7693 IN ULONG NumberOfBytes
7699 FsRtlAllocatePoolWithQuota (
7700 IN POOL_TYPE PoolType
,
7701 IN ULONG NumberOfBytes
7707 FsRtlAllocatePoolWithQuotaTag (
7708 IN POOL_TYPE PoolType
,
7709 IN ULONG NumberOfBytes
,
7716 FsRtlAllocatePoolWithTag (
7717 IN POOL_TYPE PoolType
,
7718 IN ULONG NumberOfBytes
,
7725 FsRtlAreNamesEqual (
7726 IN PCUNICODE_STRING Name1
,
7727 IN PCUNICODE_STRING Name2
,
7728 IN BOOLEAN IgnoreCase
,
7729 IN PCWCH UpcaseTable OPTIONAL
7732 #define FsRtlAreThereCurrentFileLocks(FL) ( \
7733 ((FL)->FastIoIsQuestionable) \
7737 FsRtlCheckLockForReadAccess:
7739 All this really does is pick out the lock parameters from the irp (io stack
7740 location?), get IoGetRequestorProcess, and pass values on to
7741 FsRtlFastCheckLockForRead.
7746 FsRtlCheckLockForReadAccess (
7747 IN PFILE_LOCK FileLock
,
7752 FsRtlCheckLockForWriteAccess:
7754 All this really does is pick out the lock parameters from the irp (io stack
7755 location?), get IoGetRequestorProcess, and pass values on to
7756 FsRtlFastCheckLockForWrite.
7761 FsRtlCheckLockForWriteAccess (
7762 IN PFILE_LOCK FileLock
,
7768 (NTAPI
*POPLOCK_WAIT_COMPLETE_ROUTINE
) (
7775 (NTAPI
*POPLOCK_FS_PREPOST_IRP
) (
7787 IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL
,
7788 IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL
7795 IN PFILE_OBJECT FileObject
,
7796 IN PLARGE_INTEGER FileOffset
,
7801 OUT PIO_STATUS_BLOCK IoStatus
,
7802 IN PDEVICE_OBJECT DeviceObject
7809 IN PFILE_OBJECT FileObject
,
7810 IN PLARGE_INTEGER FileOffset
,
7815 OUT PIO_STATUS_BLOCK IoStatus
,
7816 IN PDEVICE_OBJECT DeviceObject
7822 FsRtlCurrentBatchOplock (
7829 FsRtlDeleteKeyFromTunnelCache (
7831 IN ULONGLONG DirectoryKey
7837 FsRtlDeleteTunnelCache (
7844 FsRtlDeregisterUncProvider (
7852 IN ANSI_STRING Name
,
7853 OUT PANSI_STRING FirstPart
,
7854 OUT PANSI_STRING RemainingPart
7861 IN UNICODE_STRING Name
,
7862 OUT PUNICODE_STRING FirstPart
,
7863 OUT PUNICODE_STRING RemainingPart
7869 FsRtlDoesDbcsContainWildCards (
7870 IN PANSI_STRING Name
7876 FsRtlDoesNameContainWildCards (
7877 IN PUNICODE_STRING Name
7883 FsRtlIsFatDbcsLegal (
7884 IN ANSI_STRING DbcsName
,
7885 IN BOOLEAN WildCardsPermissible
,
7886 IN BOOLEAN PathNamePermissible
,
7887 IN BOOLEAN LeadingBackslashPermissible
7891 #define FsRtlCompleteRequest(IRP,STATUS) { \
7892 (IRP)->IoStatus.Status = (STATUS); \
7893 IoCompleteRequest( (IRP), IO_DISK_INCREMENT ); \
7896 #define FsRtlEnterFileSystem KeEnterCriticalRegion
7898 #define FsRtlExitFileSystem KeLeaveCriticalRegion
7903 FsRtlFastCheckLockForRead (
7904 IN PFILE_LOCK FileLock
,
7905 IN PLARGE_INTEGER FileOffset
,
7906 IN PLARGE_INTEGER Length
,
7908 IN PFILE_OBJECT FileObject
,
7915 FsRtlFastCheckLockForWrite (
7916 IN PFILE_LOCK FileLock
,
7917 IN PLARGE_INTEGER FileOffset
,
7918 IN PLARGE_INTEGER Length
,
7920 IN PFILE_OBJECT FileObject
,
7924 #define FsRtlFastLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, A10, A11) ( \
7925 FsRtlPrivateLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, NULL, A10, A11) \
7931 FsRtlFastUnlockAll (
7932 IN PFILE_LOCK FileLock
,
7933 IN PFILE_OBJECT FileObject
,
7934 IN PEPROCESS Process
,
7935 IN PVOID Context OPTIONAL
7937 /* ret: STATUS_RANGE_NOT_LOCKED */
7942 FsRtlFastUnlockAllByKey (
7943 IN PFILE_LOCK FileLock
,
7944 IN PFILE_OBJECT FileObject
,
7945 IN PEPROCESS Process
,
7947 IN PVOID Context OPTIONAL
7949 /* ret: STATUS_RANGE_NOT_LOCKED */
7954 FsRtlFastUnlockSingle (
7955 IN PFILE_LOCK FileLock
,
7956 IN PFILE_OBJECT FileObject
,
7957 IN PLARGE_INTEGER FileOffset
,
7958 IN PLARGE_INTEGER Length
,
7959 IN PEPROCESS Process
,
7961 IN PVOID Context OPTIONAL
,
7962 IN BOOLEAN AlreadySynchronized
7964 /* ret: STATUS_RANGE_NOT_LOCKED */
7969 FsRtlFindInTunnelCache (
7971 IN ULONGLONG DirectoryKey
,
7972 IN PUNICODE_STRING Name
,
7973 OUT PUNICODE_STRING ShortName
,
7974 OUT PUNICODE_STRING LongName
,
7975 IN OUT PULONG DataLength
,
7979 #if (VER_PRODUCTBUILD >= 2195)
7985 IN PFILE_LOCK FileLock
7988 #endif /* (VER_PRODUCTBUILD >= 2195) */
7994 IN PFILE_OBJECT FileObject
,
7995 IN OUT PLARGE_INTEGER FileSize
8001 FsRtlGetNextBaseMcbEntry (
8006 OUT PLONGLONG SectorCount
8010 FsRtlGetNextFileLock:
8012 ret: NULL if no more locks
8015 FsRtlGetNextFileLock uses FileLock->LastReturnedLockInfo and
8016 FileLock->LastReturnedLock as storage.
8017 LastReturnedLock is a pointer to the 'raw' lock inkl. double linked
8018 list, and FsRtlGetNextFileLock needs this to get next lock on subsequent
8019 calls with Restart = FALSE.
8024 FsRtlGetNextFileLock (
8025 IN PFILE_LOCK FileLock
,
8032 FsRtlGetNextLargeMcbEntry (
8037 OUT PLONGLONG SectorCount
8043 FsRtlGetNextMcbEntry (
8048 OUT PULONG SectorCount
8051 #define FsRtlGetPerStreamContextPointer(FO) ( \
8052 (PFSRTL_ADVANCED_FCB_HEADER)(FO)->FsContext \
8058 FsRtlInitializeBaseMcb (
8060 IN POOL_TYPE PoolType
8066 FsRtlInitializeFileLock (
8067 IN PFILE_LOCK FileLock
,
8068 IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL
,
8069 IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL
8075 FsRtlInitializeLargeMcb (
8077 IN POOL_TYPE PoolType
8083 FsRtlInitializeMcb (
8085 IN POOL_TYPE PoolType
8091 FsRtlInitializeOplock (
8092 IN OUT POPLOCK Oplock
8098 FsRtlInitializeTunnelCache (
8102 #define FsRtlInitPerStreamContext(PSC, O, I, FC) ( \
8103 (PSC)->OwnerId = (O), \
8104 (PSC)->InstanceId = (I), \
8105 (PSC)->FreeCallback = (FC) \
8111 FsRtlInsertPerStreamContext (
8112 IN PFSRTL_ADVANCED_FCB_HEADER PerStreamContext
,
8113 IN PFSRTL_PER_STREAM_CONTEXT Ptr
8116 #define FsRtlIsAnsiCharacterLegalFat(C, WILD) ( \
8117 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_FAT_LEGAL) | \
8118 ((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \
8121 #define FsRtlIsAnsiCharacterLegalHpfs(C, WILD) ( \
8122 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_HPFS_LEGAL) | \
8123 ((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \
8126 #define FsRtlIsAnsiCharacterLegalNtfs(C, WILD) ( \
8127 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_NTFS_LEGAL) | \
8128 ((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \
8131 #define FsRtlIsAnsiCharacterWild(C) ( \
8132 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], FSRTL_WILD_CHARACTER ) \
8138 FsRtlIsFatDbcsLegal (
8139 IN ANSI_STRING DbcsName
,
8140 IN BOOLEAN WildCardsPermissible
,
8141 IN BOOLEAN PathNamePermissible
,
8142 IN BOOLEAN LeadingBackslashPermissible
8148 FsRtlIsHpfsDbcsLegal (
8149 IN ANSI_STRING DbcsName
,
8150 IN BOOLEAN WildCardsPermissible
,
8151 IN BOOLEAN PathNamePermissible
,
8152 IN BOOLEAN LeadingBackslashPermissible
8158 FsRtlIsNameInExpression (
8159 IN PUNICODE_STRING Expression
,
8160 IN PUNICODE_STRING Name
,
8161 IN BOOLEAN IgnoreCase
,
8162 IN PWCHAR UpcaseTable OPTIONAL
8168 FsRtlIsNtstatusExpected (
8169 IN NTSTATUS Ntstatus
8172 #define NLS_OEM_LEAD_BYTE_INFO NlsOemLeadByteInfo
8174 extern PUSHORT NlsOemLeadByteInfo
;
8176 #define FsRtlIsLeadDbcsCharacter(DBCS_CHAR) ( \
8177 (BOOLEAN)((UCHAR)(DBCS_CHAR) < 0x80 ? FALSE : \
8178 (NLS_MB_CODE_PAGE_TAG && \
8179 (NLS_OEM_LEAD_BYTE_INFO[(UCHAR)(DBCS_CHAR)] != 0))) \
8182 #define FsRtlIsUnicodeCharacterWild(C) ( \
8185 FlagOn(FsRtlLegalAnsiCharacterArray[(C)], FSRTL_WILD_CHARACTER )) \
8191 FsRtlLookupBaseMcbEntry (
8194 OUT PLONGLONG Lbn OPTIONAL
,
8195 OUT PLONGLONG SectorCountFromLbn OPTIONAL
,
8196 OUT PLONGLONG StartingLbn OPTIONAL
,
8197 OUT PLONGLONG SectorCountFromStartingLbn OPTIONAL
,
8198 OUT PULONG Index OPTIONAL
8204 FsRtlLookupLargeMcbEntry (
8207 OUT PLONGLONG Lbn OPTIONAL
,
8208 OUT PLONGLONG SectorCountFromLbn OPTIONAL
,
8209 OUT PLONGLONG StartingLbn OPTIONAL
,
8210 OUT PLONGLONG SectorCountFromStartingLbn OPTIONAL
,
8211 OUT PULONG Index OPTIONAL
8217 FsRtlLookupLastBaseMcbEntry (
8226 FsRtlLookupLastLargeMcbEntry (
8235 FsRtlLookupLastMcbEntry (
8244 FsRtlLookupLastBaseMcbEntryAndIndex (
8245 IN PBASE_MCB OpaqueMcb
,
8246 IN OUT PLONGLONG LargeVbn
,
8247 IN OUT PLONGLONG LargeLbn
,
8254 FsRtlLookupLastLargeMcbEntryAndIndex (
8255 IN PLARGE_MCB OpaqueMcb
,
8256 OUT PLONGLONG LargeVbn
,
8257 OUT PLONGLONG LargeLbn
,
8264 FsRtlLookupMcbEntry (
8268 OUT PULONG SectorCount OPTIONAL
,
8273 PFSRTL_PER_STREAM_CONTEXT
8275 FsRtlLookupPerStreamContextInternal (
8276 IN PFSRTL_ADVANCED_FCB_HEADER StreamContext
,
8277 IN PVOID OwnerId OPTIONAL
,
8278 IN PVOID InstanceId OPTIONAL
8285 IN PFILE_OBJECT FileObject
,
8286 IN PLARGE_INTEGER FileOffset
,
8290 OUT PIO_STATUS_BLOCK IoStatus
,
8291 IN PDEVICE_OBJECT DeviceObject
8297 FsRtlMdlReadComplete (
8298 IN PFILE_OBJECT FileObject
,
8305 FsRtlMdlReadCompleteDev (
8306 IN PFILE_OBJECT FileObject
,
8308 IN PDEVICE_OBJECT DeviceObject
8314 FsRtlPrepareMdlWriteDev (
8315 IN PFILE_OBJECT FileObject
,
8316 IN PLARGE_INTEGER FileOffset
,
8320 OUT PIO_STATUS_BLOCK IoStatus
,
8321 IN PDEVICE_OBJECT DeviceObject
8327 FsRtlMdlWriteComplete (
8328 IN PFILE_OBJECT FileObject
,
8329 IN PLARGE_INTEGER FileOffset
,
8336 FsRtlMdlWriteCompleteDev (
8337 IN PFILE_OBJECT FileObject
,
8338 IN PLARGE_INTEGER FileOffset
,
8340 IN PDEVICE_OBJECT DeviceObject
8346 FsRtlNormalizeNtstatus (
8347 IN NTSTATUS Exception
,
8348 IN NTSTATUS GenericException
8354 FsRtlNotifyChangeDirectory (
8355 IN PNOTIFY_SYNC NotifySync
,
8357 IN PSTRING FullDirectoryName
,
8358 IN PLIST_ENTRY NotifyList
,
8359 IN BOOLEAN WatchTree
,
8360 IN ULONG CompletionFilter
,
8367 FsRtlNotifyCleanup (
8368 IN PNOTIFY_SYNC NotifySync
,
8369 IN PLIST_ENTRY NotifyList
,
8373 typedef BOOLEAN (NTAPI
*PCHECK_FOR_TRAVERSE_ACCESS
) (
8374 IN PVOID NotifyContext
,
8375 IN PVOID TargetContext
,
8376 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
8382 FsRtlNotifyFilterChangeDirectory (
8383 IN PNOTIFY_SYNC NotifySync
,
8384 IN PLIST_ENTRY NotifyList
,
8386 IN PSTRING FullDirectoryName
,
8387 IN BOOLEAN WatchTree
,
8388 IN BOOLEAN IgnoreBuffer
,
8389 IN ULONG CompletionFilter
,
8391 IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL
,
8392 IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL
,
8393 IN PFILTER_REPORT_CHANGE FilterCallback OPTIONAL
);
8398 FsRtlNotifyFilterReportChange (
8399 IN PNOTIFY_SYNC NotifySync
,
8400 IN PLIST_ENTRY NotifyList
,
8401 IN PSTRING FullTargetName
,
8402 IN USHORT TargetNameOffset
,
8403 IN PSTRING StreamName OPTIONAL
,
8404 IN PSTRING NormalizedParentName OPTIONAL
,
8405 IN ULONG FilterMatch
,
8407 IN PVOID TargetContext
,
8408 IN PVOID FilterContext
);
8413 FsRtlNotifyFullChangeDirectory (
8414 IN PNOTIFY_SYNC NotifySync
,
8415 IN PLIST_ENTRY NotifyList
,
8417 IN PSTRING FullDirectoryName
,
8418 IN BOOLEAN WatchTree
,
8419 IN BOOLEAN IgnoreBuffer
,
8420 IN ULONG CompletionFilter
,
8422 IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL
,
8423 IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL
8429 FsRtlNotifyFullReportChange (
8430 IN PNOTIFY_SYNC NotifySync
,
8431 IN PLIST_ENTRY NotifyList
,
8432 IN PSTRING FullTargetName
,
8433 IN USHORT TargetNameOffset
,
8434 IN PSTRING StreamName OPTIONAL
,
8435 IN PSTRING NormalizedParentName OPTIONAL
,
8436 IN ULONG FilterMatch
,
8438 IN PVOID TargetContext
8444 FsRtlNotifyInitializeSync (
8445 IN PNOTIFY_SYNC
*NotifySync
8451 FsRtlNotifyUninitializeSync (
8452 IN PNOTIFY_SYNC
*NotifySync
8455 #if (VER_PRODUCTBUILD >= 2195)
8460 FsRtlNotifyVolumeEvent (
8461 IN PFILE_OBJECT FileObject
,
8465 #endif /* (VER_PRODUCTBUILD >= 2195) */
8470 FsRtlNumberOfRunsInBaseMcb (
8477 FsRtlNumberOfRunsInLargeMcb (
8484 FsRtlNumberOfRunsInMcb (
8500 FsRtlOplockIsFastIoPossible (
8505 (NTAPI
*PFSRTL_STACK_OVERFLOW_ROUTINE
) (
8513 FsRtlPostPagingFileStackOverflow (
8516 IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine
8522 FsRtlPostStackOverflow (
8525 IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine
8531 ret: IoStatus->Status: STATUS_PENDING, STATUS_LOCK_NOT_GRANTED
8534 -Calls IoCompleteRequest if Irp
8535 -Uses exception handling / ExRaiseStatus with STATUS_INSUFFICIENT_RESOURCES
8541 IN PFILE_LOCK FileLock
,
8542 IN PFILE_OBJECT FileObject
,
8543 IN PLARGE_INTEGER FileOffset
,
8544 IN PLARGE_INTEGER Length
,
8545 IN PEPROCESS Process
,
8547 IN BOOLEAN FailImmediately
,
8548 IN BOOLEAN ExclusiveLock
,
8549 OUT PIO_STATUS_BLOCK IoStatus
,
8550 IN PIRP Irp OPTIONAL
,
8552 IN BOOLEAN AlreadySynchronized
8556 FsRtlProcessFileLock:
8559 -STATUS_INVALID_DEVICE_REQUEST
8560 -STATUS_RANGE_NOT_LOCKED from unlock routines.
8561 -STATUS_PENDING, STATUS_LOCK_NOT_GRANTED from FsRtlPrivateLock
8562 (redirected IoStatus->Status).
8565 -switch ( Irp->CurrentStackLocation->MinorFunction )
8566 lock: return FsRtlPrivateLock;
8567 unlocksingle: return FsRtlFastUnlockSingle;
8568 unlockall: return FsRtlFastUnlockAll;
8569 unlockallbykey: return FsRtlFastUnlockAllByKey;
8570 default: IofCompleteRequest with STATUS_INVALID_DEVICE_REQUEST;
8571 return STATUS_INVALID_DEVICE_REQUEST;
8573 -'AllwaysZero' is passed thru as 'AllwaysZero' to lock / unlock routines.
8574 -'Irp' is passet thru as 'Irp' to FsRtlPrivateLock.
8579 FsRtlProcessFileLock (
8580 IN PFILE_LOCK FileLock
,
8582 IN PVOID Context OPTIONAL
8588 FsRtlRegisterUncProvider (
8589 IN OUT PHANDLE MupHandle
,
8590 IN PUNICODE_STRING RedirectorDeviceName
,
8591 IN BOOLEAN MailslotsSupported
8597 FsRtlRemoveBaseMcbEntry (
8600 IN LONGLONG SectorCount
8606 FsRtlRemoveLargeMcbEntry (
8609 IN LONGLONG SectorCount
8615 FsRtlRemoveMcbEntry (
8618 IN ULONG SectorCount
8622 PFSRTL_PER_STREAM_CONTEXT
8624 FsRtlRemovePerStreamContext (
8625 IN PFSRTL_ADVANCED_FCB_HEADER StreamContext
,
8626 IN PVOID OwnerId OPTIONAL
,
8627 IN PVOID InstanceId OPTIONAL
8640 FsRtlResetLargeMcb (
8642 IN BOOLEAN SelfSynchronized
8657 FsRtlSplitLargeMcb (
8663 #define FsRtlSupportsPerStreamContexts(FO) ( \
8664 (BOOLEAN)((NULL != FsRtlGetPerStreamContextPointer(FO) && \
8665 FlagOn(FsRtlGetPerStreamContextPointer(FO)->Flags2, \
8666 FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS)) \
8672 FsRtlTruncateBaseMcb (
8680 FsRtlTruncateLargeMcb (
8696 FsRtlUninitializeBaseMcb (
8703 FsRtlUninitializeFileLock (
8704 IN PFILE_LOCK FileLock
8710 FsRtlUninitializeLargeMcb (
8717 FsRtlUninitializeMcb (
8724 FsRtlUninitializeOplock (
8725 IN OUT POPLOCK Oplock
8731 IoAttachDeviceToDeviceStackSafe(
8732 IN PDEVICE_OBJECT SourceDevice
,
8733 IN PDEVICE_OBJECT TargetDevice
,
8734 OUT PDEVICE_OBJECT
*AttachedToDeviceObject
8740 MmCanFileBeTruncated (
8741 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
8742 IN PLARGE_INTEGER NewFileSize
8748 MmFlushImageSection (
8749 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
8750 IN MMFLUSH_TYPE FlushType
8756 MmForceSectionClosed (
8757 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
8758 IN BOOLEAN DelayClose
8761 #if (VER_PRODUCTBUILD >= 1381)
8766 MmIsRecursiveIoFault (
8772 #define MmIsRecursiveIoFault() ( \
8773 (PsGetCurrentThread()->DisablePageFaultClustering) | \
8774 (PsGetCurrentThread()->ForwardClusterOnly) \
8783 MmSetAddressRangeModified (
8792 IN KPROCESSOR_MODE ObjectAttributesAccessMode OPTIONAL
,
8793 IN POBJECT_TYPE ObjectType
,
8794 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
8795 IN KPROCESSOR_MODE AccessMode
,
8796 IN OUT PVOID ParseContext OPTIONAL
,
8797 IN ULONG ObjectSize
,
8798 IN ULONG PagedPoolCharge OPTIONAL
,
8799 IN ULONG NonPagedPoolCharge OPTIONAL
,
8806 ObGetObjectPointerCount (
8810 #if (NTDDI_VERSION >= NTDDI_WIN2K)
8817 IN PACCESS_STATE PassedAccessState OPTIONAL
,
8818 IN ACCESS_MASK DesiredAccess OPTIONAL
,
8819 IN ULONG ObjectPointerBias
,
8820 OUT PVOID
*NewObject OPTIONAL
,
8821 OUT PHANDLE Handle OPTIONAL
);
8826 ObOpenObjectByPointer (
8828 IN ULONG HandleAttributes
,
8829 IN PACCESS_STATE PassedAccessState OPTIONAL
,
8830 IN ACCESS_MASK DesiredAccess OPTIONAL
,
8831 IN POBJECT_TYPE ObjectType OPTIONAL
,
8832 IN KPROCESSOR_MODE AccessMode
,
8833 OUT PHANDLE Handle
);
8838 ObMakeTemporaryObject (
8844 ObQueryObjectAuditingByHandle (
8846 OUT PBOOLEAN GenerateOnClose
);
8855 OUT POBJECT_NAME_INFORMATION ObjectNameInfo
,
8857 OUT PULONG ReturnLength
8863 ObReferenceObjectByName (
8864 IN PUNICODE_STRING ObjectName
,
8865 IN ULONG Attributes
,
8866 IN PACCESS_STATE PassedAccessState OPTIONAL
,
8867 IN ACCESS_MASK DesiredAccess OPTIONAL
,
8868 IN POBJECT_TYPE ObjectType
,
8869 IN KPROCESSOR_MODE AccessMode
,
8870 IN OUT PVOID ParseContext OPTIONAL
,
8874 #if (NTDDI_VERSION >= NTDDI_WIN2K)
8879 PsAssignImpersonationToken(
8881 IN HANDLE Token OPTIONAL
);
8886 PsReferencePrimaryToken(
8887 IN OUT PEPROCESS Process
);
8891 #define PsDereferenceImpersonationToken(T) \
8892 {if (ARGUMENT_PRESENT(T)) { \
8893 (ObDereferenceObject((T))); \
8902 PsLookupProcessThreadByCid (
8904 OUT PEPROCESS
*Process OPTIONAL
,
8905 OUT PETHREAD
*Thread
8911 RtlSecondsSince1970ToTime (
8912 IN ULONG SecondsSince1970
,
8913 OUT PLARGE_INTEGER Time
8919 RtlSetSaclSecurityDescriptor (
8920 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
8921 IN BOOLEAN SaclPresent
,
8923 IN BOOLEAN SaclDefaulted
8929 RtlUnicodeStringToCountedOemString (
8930 IN OUT POEM_STRING DestinationString
,
8931 IN PCUNICODE_STRING SourceString
,
8932 IN BOOLEAN AllocateDestinationString
8935 /* RTL Splay Tree Functions */
8939 RtlSplay(PRTL_SPLAY_LINKS Links
);
8944 RtlDelete(PRTL_SPLAY_LINKS Links
);
8950 PRTL_SPLAY_LINKS Links
,
8951 PRTL_SPLAY_LINKS
*Root
8957 RtlSubtreeSuccessor(PRTL_SPLAY_LINKS Links
);
8962 RtlSubtreePredecessor(PRTL_SPLAY_LINKS Links
);
8967 RtlRealSuccessor(PRTL_SPLAY_LINKS Links
);
8972 RtlRealPredecessor(PRTL_SPLAY_LINKS Links
);
8974 #define RtlIsLeftChild(Links) \
8975 (RtlLeftChild(RtlParent(Links)) == (PRTL_SPLAY_LINKS)(Links))
8977 #define RtlIsRightChild(Links) \
8978 (RtlRightChild(RtlParent(Links)) == (PRTL_SPLAY_LINKS)(Links))
8980 #define RtlRightChild(Links) \
8981 ((PRTL_SPLAY_LINKS)(Links))->RightChild
8983 #define RtlIsRoot(Links) \
8984 (RtlParent(Links) == (PRTL_SPLAY_LINKS)(Links))
8986 #define RtlLeftChild(Links) \
8987 ((PRTL_SPLAY_LINKS)(Links))->LeftChild
8989 #define RtlParent(Links) \
8990 ((PRTL_SPLAY_LINKS)(Links))->Parent
8992 #define RtlInitializeSplayLinks(Links) \
8994 PRTL_SPLAY_LINKS _SplayLinks; \
8995 _SplayLinks = (PRTL_SPLAY_LINKS)(Links); \
8996 _SplayLinks->Parent = _SplayLinks; \
8997 _SplayLinks->LeftChild = NULL; \
8998 _SplayLinks->RightChild = NULL; \
9001 #define RtlInsertAsLeftChild(ParentLinks,ChildLinks) \
9003 PRTL_SPLAY_LINKS _SplayParent; \
9004 PRTL_SPLAY_LINKS _SplayChild; \
9005 _SplayParent = (PRTL_SPLAY_LINKS)(ParentLinks); \
9006 _SplayChild = (PRTL_SPLAY_LINKS)(ChildLinks); \
9007 _SplayParent->LeftChild = _SplayChild; \
9008 _SplayChild->Parent = _SplayParent; \
9011 #define RtlInsertAsRightChild(ParentLinks,ChildLinks) \
9013 PRTL_SPLAY_LINKS _SplayParent; \
9014 PRTL_SPLAY_LINKS _SplayChild; \
9015 _SplayParent = (PRTL_SPLAY_LINKS)(ParentLinks); \
9016 _SplayChild = (PRTL_SPLAY_LINKS)(ChildLinks); \
9017 _SplayParent->RightChild = _SplayChild; \
9018 _SplayChild->Parent = _SplayParent; \
9022 // RTL time functions
9025 #define SeEnableAccessToExports() SeExports = *(PSE_EXPORTS *)SeExports;
9027 #if (VER_PRODUCTBUILD >= 2195)
9032 ZwAdjustPrivilegesToken (
9033 IN HANDLE TokenHandle
,
9034 IN BOOLEAN DisableAllPrivileges
,
9035 IN PTOKEN_PRIVILEGES NewState
,
9036 IN ULONG BufferLength
,
9037 OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL
,
9038 OUT PULONG ReturnLength
9041 #endif /* (VER_PRODUCTBUILD >= 2195) */
9047 IN HANDLE ThreadHandle
9053 ZwAllocateVirtualMemory (
9054 IN HANDLE ProcessHandle
,
9055 IN OUT PVOID
*BaseAddress
,
9056 IN ULONG_PTR ZeroBits
,
9057 IN OUT PSIZE_T RegionSize
,
9058 IN ULONG AllocationType
,
9065 ZwAccessCheckAndAuditAlarm (
9066 IN PUNICODE_STRING SubsystemName
,
9068 IN PUNICODE_STRING ObjectTypeName
,
9069 IN PUNICODE_STRING ObjectName
,
9070 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
9071 IN ACCESS_MASK DesiredAccess
,
9072 IN PGENERIC_MAPPING GenericMapping
,
9073 IN BOOLEAN ObjectCreation
,
9074 OUT PACCESS_MASK GrantedAccess
,
9075 OUT PBOOLEAN AccessStatus
,
9076 OUT PBOOLEAN GenerateOnClose
9079 #if (VER_PRODUCTBUILD >= 2195)
9085 IN HANDLE FileHandle
,
9086 OUT PIO_STATUS_BLOCK IoStatusBlock
9089 #endif /* (VER_PRODUCTBUILD >= 2195) */
9095 IN HANDLE EventHandle
9101 ZwCloseObjectAuditAlarm (
9102 IN PUNICODE_STRING SubsystemName
,
9104 IN BOOLEAN GenerateOnClose
9111 OUT PHANDLE SectionHandle
,
9112 IN ACCESS_MASK DesiredAccess
,
9113 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
9114 IN PLARGE_INTEGER MaximumSize OPTIONAL
,
9115 IN ULONG SectionPageProtection
,
9116 IN ULONG AllocationAttributes
,
9117 IN HANDLE FileHandle OPTIONAL
9123 ZwCreateSymbolicLinkObject (
9124 OUT PHANDLE SymbolicLinkHandle
,
9125 IN ACCESS_MASK DesiredAccess
,
9126 IN POBJECT_ATTRIBUTES ObjectAttributes
,
9127 IN PUNICODE_STRING TargetName
9134 IN POBJECT_ATTRIBUTES ObjectAttributes
9142 IN PUNICODE_STRING Name
9146 #if (NTDDI_VERSION >= NTDDI_WIN2K)
9150 ZwDeviceIoControlFile (
9151 IN HANDLE FileHandle
,
9152 IN HANDLE Event OPTIONAL
,
9153 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
9154 IN PVOID ApcContext OPTIONAL
,
9155 OUT PIO_STATUS_BLOCK IoStatusBlock
,
9156 IN ULONG IoControlCode
,
9157 IN PVOID InputBuffer OPTIONAL
,
9158 IN ULONG InputBufferLength
,
9159 OUT PVOID OutputBuffer OPTIONAL
,
9160 IN ULONG OutputBufferLength
);
9167 IN PUNICODE_STRING String
9174 IN HANDLE SourceProcessHandle
,
9175 IN HANDLE SourceHandle
,
9176 IN HANDLE TargetProcessHandle OPTIONAL
,
9177 OUT PHANDLE TargetHandle OPTIONAL
,
9178 IN ACCESS_MASK DesiredAccess
,
9179 IN ULONG HandleAttributes
,
9187 IN HANDLE ExistingTokenHandle
,
9188 IN ACCESS_MASK DesiredAccess
,
9189 IN POBJECT_ATTRIBUTES ObjectAttributes
,
9190 IN BOOLEAN EffectiveOnly
,
9191 IN TOKEN_TYPE TokenType
,
9192 OUT PHANDLE NewTokenHandle
9198 ZwFlushInstructionCache (
9199 IN HANDLE ProcessHandle
,
9200 IN PVOID BaseAddress OPTIONAL
,
9208 IN HANDLE FileHandle
,
9209 OUT PIO_STATUS_BLOCK IoStatusBlock
9212 #if (VER_PRODUCTBUILD >= 2195)
9217 ZwFlushVirtualMemory (
9218 IN HANDLE ProcessHandle
,
9219 IN OUT PVOID
*BaseAddress
,
9220 IN OUT PULONG FlushSize
,
9221 OUT PIO_STATUS_BLOCK IoStatusBlock
9224 #endif /* (VER_PRODUCTBUILD >= 2195) */
9229 ZwFreeVirtualMemory (
9230 IN HANDLE ProcessHandle
,
9231 IN OUT PVOID
*BaseAddress
,
9232 IN OUT PSIZE_T RegionSize
,
9240 IN HANDLE FileHandle
,
9241 IN HANDLE Event OPTIONAL
,
9242 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
9243 IN PVOID ApcContext OPTIONAL
,
9244 OUT PIO_STATUS_BLOCK IoStatusBlock
,
9245 IN ULONG FsControlCode
,
9246 IN PVOID InputBuffer OPTIONAL
,
9247 IN ULONG InputBufferLength
,
9248 OUT PVOID OutputBuffer OPTIONAL
,
9249 IN ULONG OutputBufferLength
9252 #if (VER_PRODUCTBUILD >= 2195)
9257 ZwInitiatePowerAction (
9258 IN POWER_ACTION SystemAction
,
9259 IN SYSTEM_POWER_STATE MinSystemState
,
9261 IN BOOLEAN Asynchronous
9264 #endif /* (VER_PRODUCTBUILD >= 2195) */
9270 /* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" */
9271 IN PUNICODE_STRING RegistryPath
9278 IN POBJECT_ATTRIBUTES KeyObjectAttributes
,
9279 IN POBJECT_ATTRIBUTES FileObjectAttributes
9286 IN HANDLE KeyHandle
,
9287 IN HANDLE EventHandle OPTIONAL
,
9288 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
9289 IN PVOID ApcContext OPTIONAL
,
9290 OUT PIO_STATUS_BLOCK IoStatusBlock
,
9291 IN ULONG NotifyFilter
,
9292 IN BOOLEAN WatchSubtree
,
9294 IN ULONG BufferLength
,
9295 IN BOOLEAN Asynchronous
9301 ZwOpenDirectoryObject (
9302 OUT PHANDLE DirectoryHandle
,
9303 IN ACCESS_MASK DesiredAccess
,
9304 IN POBJECT_ATTRIBUTES ObjectAttributes
9311 OUT PHANDLE ProcessHandle
,
9312 IN ACCESS_MASK DesiredAccess
,
9313 IN POBJECT_ATTRIBUTES ObjectAttributes
,
9314 IN PCLIENT_ID ClientId OPTIONAL
9320 ZwOpenProcessToken (
9321 IN HANDLE ProcessHandle
,
9322 IN ACCESS_MASK DesiredAccess
,
9323 OUT PHANDLE TokenHandle
9330 OUT PHANDLE ThreadHandle
,
9331 IN ACCESS_MASK DesiredAccess
,
9332 IN POBJECT_ATTRIBUTES ObjectAttributes
,
9333 IN PCLIENT_ID ClientId
9340 IN HANDLE ThreadHandle
,
9341 IN ACCESS_MASK DesiredAccess
,
9342 IN BOOLEAN OpenAsSelf
,
9343 OUT PHANDLE TokenHandle
9346 #if (VER_PRODUCTBUILD >= 2195)
9351 ZwPowerInformation (
9352 IN POWER_INFORMATION_LEVEL PowerInformationLevel
,
9353 IN PVOID InputBuffer OPTIONAL
,
9354 IN ULONG InputBufferLength
,
9355 OUT PVOID OutputBuffer OPTIONAL
,
9356 IN ULONG OutputBufferLength
9359 #endif /* (VER_PRODUCTBUILD >= 2195) */
9365 IN HANDLE EventHandle
,
9366 OUT PLONG PreviousState OPTIONAL
9372 ZwQueryDefaultLocale (
9373 IN BOOLEAN ThreadOrSystem
,
9380 ZwQueryDirectoryFile (
9381 IN HANDLE FileHandle
,
9382 IN HANDLE Event OPTIONAL
,
9383 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
9384 IN PVOID ApcContext OPTIONAL
,
9385 OUT PIO_STATUS_BLOCK IoStatusBlock
,
9386 OUT PVOID FileInformation
,
9388 IN FILE_INFORMATION_CLASS FileInformationClass
,
9389 IN BOOLEAN ReturnSingleEntry
,
9390 IN PUNICODE_STRING FileName OPTIONAL
,
9391 IN BOOLEAN RestartScan
9394 #if (VER_PRODUCTBUILD >= 2195)
9399 ZwQueryDirectoryObject (
9400 IN HANDLE DirectoryHandle
,
9403 IN BOOLEAN ReturnSingleEntry
,
9404 IN BOOLEAN RestartScan
,
9405 IN OUT PULONG Context
,
9406 OUT PULONG ReturnLength OPTIONAL
9413 IN HANDLE FileHandle
,
9414 OUT PIO_STATUS_BLOCK IoStatusBlock
,
9417 IN BOOLEAN ReturnSingleEntry
,
9418 IN PVOID EaList OPTIONAL
,
9419 IN ULONG EaListLength
,
9420 IN PULONG EaIndex OPTIONAL
,
9421 IN BOOLEAN RestartScan
9424 #endif /* (VER_PRODUCTBUILD >= 2195) */
9429 ZwQueryInformationProcess (
9430 IN HANDLE ProcessHandle
,
9431 IN PROCESSINFOCLASS ProcessInformationClass
,
9432 OUT PVOID ProcessInformation
,
9433 IN ULONG ProcessInformationLength
,
9434 OUT PULONG ReturnLength OPTIONAL
9440 ZwQueryInformationToken (
9441 IN HANDLE TokenHandle
,
9442 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
9443 OUT PVOID TokenInformation
,
9445 OUT PULONG ResultLength
9451 ZwQuerySecurityObject (
9452 IN HANDLE FileHandle
,
9453 IN SECURITY_INFORMATION SecurityInformation
,
9454 OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
9456 OUT PULONG ResultLength
9462 ZwQueryVolumeInformationFile (
9463 IN HANDLE FileHandle
,
9464 OUT PIO_STATUS_BLOCK IoStatusBlock
,
9465 OUT PVOID FsInformation
,
9467 IN FS_INFORMATION_CLASS FsInformationClass
9474 IN POBJECT_ATTRIBUTES NewFileObjectAttributes
,
9475 IN HANDLE KeyHandle
,
9476 IN POBJECT_ATTRIBUTES OldFileObjectAttributes
9483 IN HANDLE EventHandle
,
9484 OUT PLONG PreviousState OPTIONAL
9487 #if (VER_PRODUCTBUILD >= 2195)
9493 IN HANDLE KeyHandle
,
9494 IN HANDLE FileHandle
,
9498 #endif /* (VER_PRODUCTBUILD >= 2195) */
9504 IN HANDLE KeyHandle
,
9505 IN HANDLE FileHandle
9511 ZwSetDefaultLocale (
9512 IN BOOLEAN ThreadOrSystem
,
9516 #if (VER_PRODUCTBUILD >= 2195)
9521 ZwSetDefaultUILanguage (
9522 IN LANGID LanguageId
9529 IN HANDLE FileHandle
,
9530 OUT PIO_STATUS_BLOCK IoStatusBlock
,
9535 #endif /* (VER_PRODUCTBUILD >= 2195) */
9541 IN HANDLE EventHandle
,
9542 OUT PLONG PreviousState OPTIONAL
9548 ZwSetInformationProcess (
9549 IN HANDLE ProcessHandle
,
9550 IN PROCESSINFOCLASS ProcessInformationClass
,
9551 IN PVOID ProcessInformation
,
9552 IN ULONG ProcessInformationLength
9555 #if (VER_PRODUCTBUILD >= 2195)
9560 ZwSetSecurityObject (
9562 IN SECURITY_INFORMATION SecurityInformation
,
9563 IN PSECURITY_DESCRIPTOR SecurityDescriptor
9566 #endif /* (VER_PRODUCTBUILD >= 2195) */
9572 IN PLARGE_INTEGER NewTime
,
9573 OUT PLARGE_INTEGER OldTime OPTIONAL
9576 #if (VER_PRODUCTBUILD >= 2195)
9581 ZwSetVolumeInformationFile (
9582 IN HANDLE FileHandle
,
9583 OUT PIO_STATUS_BLOCK IoStatusBlock
,
9584 IN PVOID FsInformation
,
9586 IN FS_INFORMATION_CLASS FsInformationClass
9589 #endif /* (VER_PRODUCTBUILD >= 2195) */
9594 ZwTerminateProcess (
9595 IN HANDLE ProcessHandle OPTIONAL
,
9596 IN NTSTATUS ExitStatus
9603 /* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" */
9604 IN PUNICODE_STRING RegistryPath
9611 IN POBJECT_ATTRIBUTES KeyObjectAttributes
9614 #if (NTDDI_VERSION >= NTDDI_WIN2K)
9618 ZwWaitForSingleObject (
9620 IN BOOLEAN Alertable
,
9621 IN PLARGE_INTEGER Timeout OPTIONAL
);
9627 ZwWaitForMultipleObjects (
9628 IN ULONG HandleCount
,
9630 IN WAIT_TYPE WaitType
,
9631 IN BOOLEAN Alertable
,
9632 IN PLARGE_INTEGER Timeout OPTIONAL