projects / reactos.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
[NTIFS]
[reactos.git] / include / ddk / ntifs.h
1 /*
2 * ntifs.h
3 *
4 * Windows NT Filesystem Driver Developer Kit
5 *
6 * This file is part of the w32api package.
7 *
8 * Contributors:
9 * Created by Bo Brantén <bosse@acc.umu.se>
10 *
11 * THIS SOFTWARE IS NOT COPYRIGHTED
12 *
13 * This source code is offered for use in the public domain. You may
14 * use, modify or distribute it freely.
15 *
16 * This code is distributed in the hope that it will be useful but
17 * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
18 * DISCLAIMED. This includes but is not limited to warranties of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
20 *
21 */
22
23 #pragma once
24
25 #define _NTIFS_INCLUDED_
26 #define _GNU_NTIFS_
27
28 /* Helper macro to enable gcc's extension. */
29 #ifndef __GNU_EXTENSION
30 #ifdef __GNUC__
31 #define __GNU_EXTENSION __extension__
32 #else
33 #define __GNU_EXTENSION
34 #endif
35 #endif
36
37 #ifdef __cplusplus
38 extern "C" {
39 #endif
40
41 #if !defined(_NTHALDLL_) && !defined(_BLDR_)
42 #define NTHALAPI DECLSPEC_IMPORT
43 #else
44 #define NTHALAPI
45 #endif
46
47 #if !defined(_NTOSKRNL_) /* For ReactOS */
48 #define NTKERNELAPI DECLSPEC_IMPORT
49 #else
50 #define NTKERNELAPI
51 #endif
52
53 /* Dependencies */
54 #include <ntddk.h>
55 #include <excpt.h>
56 #include <ntdef.h>
57 #include <ntnls.h>
58 #include <ntstatus.h>
59 #include <bugcodes.h>
60 /* FIXME : #include <ntiologc.h> */
61
62 #ifndef FlagOn
63 #define FlagOn(_F,_SF) ((_F) & (_SF))
64 #endif
65
66 #ifndef BooleanFlagOn
67 #define BooleanFlagOn(F,SF) ((BOOLEAN)(((F) & (SF)) != 0))
68 #endif
69
70 #ifndef SetFlag
71 #define SetFlag(_F,_SF) ((_F) |= (_SF))
72 #endif
73
74 #ifndef ClearFlag
75 #define ClearFlag(_F,_SF) ((_F) &= ~(_SF))
76 #endif
77
78 #define PsGetCurrentProcess IoGetCurrentProcess
79
80 #if (NTDDI_VERSION >= NTDDI_VISTA)
81 extern NTSYSAPI volatile CCHAR KeNumberProcessors;
82 #elif (NTDDI_VERSION >= NTDDI_WINXP)
83 extern NTSYSAPI CCHAR KeNumberProcessors;
84 #else
85 extern PCCHAR KeNumberProcessors;
86 #endif
87
88 typedef UNICODE_STRING LSA_UNICODE_STRING, *PLSA_UNICODE_STRING;
89 typedef STRING LSA_STRING, *PLSA_STRING;
90 typedef OBJECT_ATTRIBUTES LSA_OBJECT_ATTRIBUTES, *PLSA_OBJECT_ATTRIBUTES;
91
92 #ifndef SID_IDENTIFIER_AUTHORITY_DEFINED
93 #define SID_IDENTIFIER_AUTHORITY_DEFINED
94 typedef struct _SID_IDENTIFIER_AUTHORITY {
95 UCHAR Value[6];
96 } SID_IDENTIFIER_AUTHORITY,*PSID_IDENTIFIER_AUTHORITY,*LPSID_IDENTIFIER_AUTHORITY;
97 #endif
98
99 #ifndef SID_DEFINED
100 #define SID_DEFINED
101 typedef struct _SID {
102 UCHAR Revision;
103 UCHAR SubAuthorityCount;
104 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
105 ULONG SubAuthority[ANYSIZE_ARRAY];
106 } SID, *PISID;
107 #endif
108
109 #define SID_REVISION 1
110 #define SID_MAX_SUB_AUTHORITIES 15
111 #define SID_RECOMMENDED_SUB_AUTHORITIES 1
112
113 typedef enum _SID_NAME_USE {
114 SidTypeUser = 1,
115 SidTypeGroup,
116 SidTypeDomain,
117 SidTypeAlias,
118 SidTypeWellKnownGroup,
119 SidTypeDeletedAccount,
120 SidTypeInvalid,
121 SidTypeUnknown,
122 SidTypeComputer,
123 SidTypeLabel
124 } SID_NAME_USE, *PSID_NAME_USE;
125
126 typedef struct _SID_AND_ATTRIBUTES {
127 PSID Sid;
128 ULONG Attributes;
129 } SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES;
130 typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
131 typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY;
132
133 #define SID_HASH_SIZE 32
134 typedef ULONG_PTR SID_HASH_ENTRY, *PSID_HASH_ENTRY;
135
136 typedef struct _SID_AND_ATTRIBUTES_HASH {
137 ULONG SidCount;
138 PSID_AND_ATTRIBUTES SidAttr;
139 SID_HASH_ENTRY Hash[SID_HASH_SIZE];
140 } SID_AND_ATTRIBUTES_HASH, *PSID_AND_ATTRIBUTES_HASH;
141
142 /* Universal well-known SIDs */
143
144 #define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0}
145 #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
146 #define SECURITY_LOCAL_SID_AUTHORITY {0,0,0,0,0,2}
147 #define SECURITY_CREATOR_SID_AUTHORITY {0,0,0,0,0,3}
148 #define SECURITY_NON_UNIQUE_AUTHORITY {0,0,0,0,0,4}
149 #define SECURITY_RESOURCE_MANAGER_AUTHORITY {0,0,0,0,0,9}
150
151 #define SECURITY_NULL_RID (0x00000000L)
152 #define SECURITY_WORLD_RID (0x00000000L)
153 #define SECURITY_LOCAL_RID (0x00000000L)
154 #define SECURITY_LOCAL_LOGON_RID (0x00000001L)
155
156 #define SECURITY_CREATOR_OWNER_RID (0x00000000L)
157 #define SECURITY_CREATOR_GROUP_RID (0x00000001L)
158 #define SECURITY_CREATOR_OWNER_SERVER_RID (0x00000002L)
159 #define SECURITY_CREATOR_GROUP_SERVER_RID (0x00000003L)
160 #define SECURITY_CREATOR_OWNER_RIGHTS_RID (0x00000004L)
161
162 /* NT well-known SIDs */
163
164 #define SECURITY_NT_AUTHORITY {0,0,0,0,0,5}
165
166 #define SECURITY_DIALUP_RID (0x00000001L)
167 #define SECURITY_NETWORK_RID (0x00000002L)
168 #define SECURITY_BATCH_RID (0x00000003L)
169 #define SECURITY_INTERACTIVE_RID (0x00000004L)
170 #define SECURITY_LOGON_IDS_RID (0x00000005L)
171 #define SECURITY_LOGON_IDS_RID_COUNT (3L)
172 #define SECURITY_SERVICE_RID (0x00000006L)
173 #define SECURITY_ANONYMOUS_LOGON_RID (0x00000007L)
174 #define SECURITY_PROXY_RID (0x00000008L)
175 #define SECURITY_ENTERPRISE_CONTROLLERS_RID (0x00000009L)
176 #define SECURITY_SERVER_LOGON_RID SECURITY_ENTERPRISE_CONTROLLERS_RID
177 #define SECURITY_PRINCIPAL_SELF_RID (0x0000000AL)
178 #define SECURITY_AUTHENTICATED_USER_RID (0x0000000BL)
179 #define SECURITY_RESTRICTED_CODE_RID (0x0000000CL)
180 #define SECURITY_TERMINAL_SERVER_RID (0x0000000DL)
181 #define SECURITY_REMOTE_LOGON_RID (0x0000000EL)
182 #define SECURITY_THIS_ORGANIZATION_RID (0x0000000FL)
183 #define SECURITY_IUSER_RID (0x00000011L)
184 #define SECURITY_LOCAL_SYSTEM_RID (0x00000012L)
185 #define SECURITY_LOCAL_SERVICE_RID (0x00000013L)
186 #define SECURITY_NETWORK_SERVICE_RID (0x00000014L)
187 #define SECURITY_NT_NON_UNIQUE (0x00000015L)
188 #define SECURITY_NT_NON_UNIQUE_SUB_AUTH_COUNT (3L)
189 #define SECURITY_ENTERPRISE_READONLY_CONTROLLERS_RID (0x00000016L)
190
191 #define SECURITY_BUILTIN_DOMAIN_RID (0x00000020L)
192 #define SECURITY_WRITE_RESTRICTED_CODE_RID (0x00000021L)
193
194
195 #define SECURITY_PACKAGE_BASE_RID (0x00000040L)
196 #define SECURITY_PACKAGE_RID_COUNT (2L)
197 #define SECURITY_PACKAGE_NTLM_RID (0x0000000AL)
198 #define SECURITY_PACKAGE_SCHANNEL_RID (0x0000000EL)
199 #define SECURITY_PACKAGE_DIGEST_RID (0x00000015L)
200
201 #define SECURITY_CRED_TYPE_BASE_RID (0x00000041L)
202 #define SECURITY_CRED_TYPE_RID_COUNT (2L)
203 #define SECURITY_CRED_TYPE_THIS_ORG_CERT_RID (0x00000001L)
204
205 #define SECURITY_MIN_BASE_RID (0x00000050L)
206 #define SECURITY_SERVICE_ID_BASE_RID (0x00000050L)
207 #define SECURITY_SERVICE_ID_RID_COUNT (6L)
208 #define SECURITY_RESERVED_ID_BASE_RID (0x00000051L)
209 #define SECURITY_APPPOOL_ID_BASE_RID (0x00000052L)
210 #define SECURITY_APPPOOL_ID_RID_COUNT (6L)
211 #define SECURITY_VIRTUALSERVER_ID_BASE_RID (0x00000053L)
212 #define SECURITY_VIRTUALSERVER_ID_RID_COUNT (6L)
213 #define SECURITY_USERMODEDRIVERHOST_ID_BASE_RID (0x00000054L)
214 #define SECURITY_USERMODEDRIVERHOST_ID_RID_COUNT (6L)
215 #define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_BASE_RID (0x00000055L)
216 #define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_RID_COUNT (6L)
217 #define SECURITY_WMIHOST_ID_BASE_RID (0x00000056L)
218 #define SECURITY_WMIHOST_ID_RID_COUNT (6L)
219 #define SECURITY_TASK_ID_BASE_RID (0x00000057L)
220 #define SECURITY_NFS_ID_BASE_RID (0x00000058L)
221 #define SECURITY_COM_ID_BASE_RID (0x00000059L)
222 #define SECURITY_VIRTUALACCOUNT_ID_RID_COUNT (6L)
223
224 #define SECURITY_MAX_BASE_RID (0x0000006FL)
225
226 #define SECURITY_MAX_ALWAYS_FILTERED (0x000003E7L)
227 #define SECURITY_MIN_NEVER_FILTERED (0x000003E8L)
228
229 #define SECURITY_OTHER_ORGANIZATION_RID (0x000003E8L)
230
231 #define SECURITY_WINDOWSMOBILE_ID_BASE_RID (0x00000070L)
232
233 /* Well-known domain relative sub-authority values (RIDs) */
234
235 #define DOMAIN_GROUP_RID_ENTERPRISE_READONLY_DOMAIN_CONTROLLERS (0x000001F2L)
236
237 #define FOREST_USER_RID_MAX (0x000001F3L)
238
239 /* Well-known users */
240
241 #define DOMAIN_USER_RID_ADMIN (0x000001F4L)
242 #define DOMAIN_USER_RID_GUEST (0x000001F5L)
243 #define DOMAIN_USER_RID_KRBTGT (0x000001F6L)
244
245 #define DOMAIN_USER_RID_MAX (0x000003E7L)
246
247 /* Well-known groups */
248
249 #define DOMAIN_GROUP_RID_ADMINS (0x00000200L)
250 #define DOMAIN_GROUP_RID_USERS (0x00000201L)
251 #define DOMAIN_GROUP_RID_GUESTS (0x00000202L)
252 #define DOMAIN_GROUP_RID_COMPUTERS (0x00000203L)
253 #define DOMAIN_GROUP_RID_CONTROLLERS (0x00000204L)
254 #define DOMAIN_GROUP_RID_CERT_ADMINS (0x00000205L)
255 #define DOMAIN_GROUP_RID_SCHEMA_ADMINS (0x00000206L)
256 #define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS (0x00000207L)
257 #define DOMAIN_GROUP_RID_POLICY_ADMINS (0x00000208L)
258 #define DOMAIN_GROUP_RID_READONLY_CONTROLLERS (0x00000209L)
259
260 /* Well-known aliases */
261
262 #define DOMAIN_ALIAS_RID_ADMINS (0x00000220L)
263 #define DOMAIN_ALIAS_RID_USERS (0x00000221L)
264 #define DOMAIN_ALIAS_RID_GUESTS (0x00000222L)
265 #define DOMAIN_ALIAS_RID_POWER_USERS (0x00000223L)
266
267 #define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L)
268 #define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x00000225L)
269 #define DOMAIN_ALIAS_RID_PRINT_OPS (0x00000226L)
270 #define DOMAIN_ALIAS_RID_BACKUP_OPS (0x00000227L)
271
272 #define DOMAIN_ALIAS_RID_REPLICATOR (0x00000228L)
273 #define DOMAIN_ALIAS_RID_RAS_SERVERS (0x00000229L)
274 #define DOMAIN_ALIAS_RID_PREW2KCOMPACCESS (0x0000022AL)
275 #define DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS (0x0000022BL)
276 #define DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS (0x0000022CL)
277 #define DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS (0x0000022DL)
278
279 #define DOMAIN_ALIAS_RID_MONITORING_USERS (0x0000022EL)
280 #define DOMAIN_ALIAS_RID_LOGGING_USERS (0x0000022FL)
281 #define DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS (0x00000230L)
282 #define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS (0x00000231L)
283 #define DOMAIN_ALIAS_RID_DCOM_USERS (0x00000232L)
284 #define DOMAIN_ALIAS_RID_IUSERS (0x00000238L)
285 #define DOMAIN_ALIAS_RID_CRYPTO_OPERATORS (0x00000239L)
286 #define DOMAIN_ALIAS_RID_CACHEABLE_PRINCIPALS_GROUP (0x0000023BL)
287 #define DOMAIN_ALIAS_RID_NON_CACHEABLE_PRINCIPALS_GROUP (0x0000023CL)
288 #define DOMAIN_ALIAS_RID_EVENT_LOG_READERS_GROUP (0x0000023DL)
289 #define DOMAIN_ALIAS_RID_CERTSVC_DCOM_ACCESS_GROUP (0x0000023EL)
290
291 #define SECURITY_MANDATORY_LABEL_AUTHORITY {0,0,0,0,0,16}
292 #define SECURITY_MANDATORY_UNTRUSTED_RID (0x00000000L)
293 #define SECURITY_MANDATORY_LOW_RID (0x00001000L)
294 #define SECURITY_MANDATORY_MEDIUM_RID (0x00002000L)
295 #define SECURITY_MANDATORY_HIGH_RID (0x00003000L)
296 #define SECURITY_MANDATORY_SYSTEM_RID (0x00004000L)
297 #define SECURITY_MANDATORY_PROTECTED_PROCESS_RID (0x00005000L)
298
299 /* SECURITY_MANDATORY_MAXIMUM_USER_RID is the highest RID that
300 can be set by a usermode caller.*/
301
302 #define SECURITY_MANDATORY_MAXIMUM_USER_RID SECURITY_MANDATORY_SYSTEM_RID
303
304 #define MANDATORY_LEVEL_TO_MANDATORY_RID(IL) (IL * 0x1000)
305
306 /* Allocate the System Luid. The first 1000 LUIDs are reserved.
307 Use #999 here (0x3e7 = 999) */
308
309 #define SYSTEM_LUID { 0x3e7, 0x0 }
310 #define ANONYMOUS_LOGON_LUID { 0x3e6, 0x0 }
311 #define LOCALSERVICE_LUID { 0x3e5, 0x0 }
312 #define NETWORKSERVICE_LUID { 0x3e4, 0x0 }
313 #define IUSER_LUID { 0x3e3, 0x0 }
314
315 typedef struct _ACE_HEADER {
316 UCHAR AceType;
317 UCHAR AceFlags;
318 USHORT AceSize;
319 } ACE_HEADER, *PACE_HEADER;
320
321 /* also in winnt.h */
322 #define ACCESS_MIN_MS_ACE_TYPE (0x0)
323 #define ACCESS_ALLOWED_ACE_TYPE (0x0)
324 #define ACCESS_DENIED_ACE_TYPE (0x1)
325 #define SYSTEM_AUDIT_ACE_TYPE (0x2)
326 #define SYSTEM_ALARM_ACE_TYPE (0x3)
327 #define ACCESS_MAX_MS_V2_ACE_TYPE (0x3)
328 #define ACCESS_ALLOWED_COMPOUND_ACE_TYPE (0x4)
329 #define ACCESS_MAX_MS_V3_ACE_TYPE (0x4)
330 #define ACCESS_MIN_MS_OBJECT_ACE_TYPE (0x5)
331 #define ACCESS_ALLOWED_OBJECT_ACE_TYPE (0x5)
332 #define ACCESS_DENIED_OBJECT_ACE_TYPE (0x6)
333 #define SYSTEM_AUDIT_OBJECT_ACE_TYPE (0x7)
334 #define SYSTEM_ALARM_OBJECT_ACE_TYPE (0x8)
335 #define ACCESS_MAX_MS_OBJECT_ACE_TYPE (0x8)
336 #define ACCESS_MAX_MS_V4_ACE_TYPE (0x8)
337 #define ACCESS_MAX_MS_ACE_TYPE (0x8)
338 #define ACCESS_ALLOWED_CALLBACK_ACE_TYPE (0x9)
339 #define ACCESS_DENIED_CALLBACK_ACE_TYPE (0xA)
340 #define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE (0xB)
341 #define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE (0xC)
342 #define SYSTEM_AUDIT_CALLBACK_ACE_TYPE (0xD)
343 #define SYSTEM_ALARM_CALLBACK_ACE_TYPE (0xE)
344 #define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE (0xF)
345 #define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE (0x10)
346 #define ACCESS_MAX_MS_V5_ACE_TYPE (0x11)
347 #define SYSTEM_MANDATORY_LABEL_ACE_TYPE (0x11)
348
349 /* The following are the inherit flags that go into the AceFlags field
350 of an Ace header. */
351
352 #define OBJECT_INHERIT_ACE (0x1)
353 #define CONTAINER_INHERIT_ACE (0x2)
354 #define NO_PROPAGATE_INHERIT_ACE (0x4)
355 #define INHERIT_ONLY_ACE (0x8)
356 #define INHERITED_ACE (0x10)
357 #define VALID_INHERIT_FLAGS (0x1F)
358
359 #define SUCCESSFUL_ACCESS_ACE_FLAG (0x40)
360 #define FAILED_ACCESS_ACE_FLAG (0x80)
361
362 typedef struct _ACCESS_ALLOWED_ACE {
363 ACE_HEADER Header;
364 ACCESS_MASK Mask;
365 ULONG SidStart;
366 } ACCESS_ALLOWED_ACE, *PACCESS_ALLOWED_ACE;
367
368 typedef struct _ACCESS_DENIED_ACE {
369 ACE_HEADER Header;
370 ACCESS_MASK Mask;
371 ULONG SidStart;
372 } ACCESS_DENIED_ACE, *PACCESS_DENIED_ACE;
373
374 typedef struct _SYSTEM_AUDIT_ACE {
375 ACE_HEADER Header;
376 ACCESS_MASK Mask;
377 ULONG SidStart;
378 } SYSTEM_AUDIT_ACE, *PSYSTEM_AUDIT_ACE;
379
380 typedef struct _SYSTEM_ALARM_ACE {
381 ACE_HEADER Header;
382 ACCESS_MASK Mask;
383 ULONG SidStart;
384 } SYSTEM_ALARM_ACE, *PSYSTEM_ALARM_ACE;
385
386 typedef struct _SYSTEM_MANDATORY_LABEL_ACE {
387 ACE_HEADER Header;
388 ACCESS_MASK Mask;
389 ULONG SidStart;
390 } SYSTEM_MANDATORY_LABEL_ACE, *PSYSTEM_MANDATORY_LABEL_ACE;
391
392 #define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP 0x1
393 #define SYSTEM_MANDATORY_LABEL_NO_READ_UP 0x2
394 #define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP 0x4
395 #define SYSTEM_MANDATORY_LABEL_VALID_MASK (SYSTEM_MANDATORY_LABEL_NO_WRITE_UP | \
396 SYSTEM_MANDATORY_LABEL_NO_READ_UP | \
397 SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP)
398
399 #define SECURITY_DESCRIPTOR_MIN_LENGTH (sizeof(SECURITY_DESCRIPTOR))
400
401 typedef USHORT SECURITY_DESCRIPTOR_CONTROL,*PSECURITY_DESCRIPTOR_CONTROL;
402
403 #define SE_OWNER_DEFAULTED 0x0001
404 #define SE_GROUP_DEFAULTED 0x0002
405 #define SE_DACL_PRESENT 0x0004
406 #define SE_DACL_DEFAULTED 0x0008
407 #define SE_SACL_PRESENT 0x0010
408 #define SE_SACL_DEFAULTED 0x0020
409 #define SE_DACL_UNTRUSTED 0x0040
410 #define SE_SERVER_SECURITY 0x0080
411 #define SE_DACL_AUTO_INHERIT_REQ 0x0100
412 #define SE_SACL_AUTO_INHERIT_REQ 0x0200
413 #define SE_DACL_AUTO_INHERITED 0x0400
414 #define SE_SACL_AUTO_INHERITED 0x0800
415 #define SE_DACL_PROTECTED 0x1000
416 #define SE_SACL_PROTECTED 0x2000
417 #define SE_RM_CONTROL_VALID 0x4000
418 #define SE_SELF_RELATIVE 0x8000
419
420 typedef struct _SECURITY_DESCRIPTOR_RELATIVE {
421 UCHAR Revision;
422 UCHAR Sbz1;
423 SECURITY_DESCRIPTOR_CONTROL Control;
424 ULONG Owner;
425 ULONG Group;
426 ULONG Sacl;
427 ULONG Dacl;
428 } SECURITY_DESCRIPTOR_RELATIVE, *PISECURITY_DESCRIPTOR_RELATIVE;
429
430 typedef struct _SECURITY_DESCRIPTOR {
431 UCHAR Revision;
432 UCHAR Sbz1;
433 SECURITY_DESCRIPTOR_CONTROL Control;
434 PSID Owner;
435 PSID Group;
436 PACL Sacl;
437 PACL Dacl;
438 } SECURITY_DESCRIPTOR, *PISECURITY_DESCRIPTOR;
439
440 typedef struct _OBJECT_TYPE_LIST {
441 USHORT Level;
442 USHORT Sbz;
443 GUID *ObjectType;
444 } OBJECT_TYPE_LIST, *POBJECT_TYPE_LIST;
445
446 #define ACCESS_OBJECT_GUID 0
447 #define ACCESS_PROPERTY_SET_GUID 1
448 #define ACCESS_PROPERTY_GUID 2
449 #define ACCESS_MAX_LEVEL 4
450
451 typedef enum _AUDIT_EVENT_TYPE {
452 AuditEventObjectAccess,
453 AuditEventDirectoryServiceAccess
454 } AUDIT_EVENT_TYPE, *PAUDIT_EVENT_TYPE;
455
456 #define AUDIT_ALLOW_NO_PRIVILEGE 0x1
457
458 #define ACCESS_DS_SOURCE_A "DS"
459 #define ACCESS_DS_SOURCE_W L"DS"
460 #define ACCESS_DS_OBJECT_TYPE_NAME_A "Directory Service Object"
461 #define ACCESS_DS_OBJECT_TYPE_NAME_W L"Directory Service Object"
462
463 #define ACCESS_REASON_TYPE_MASK 0xffff0000
464 #define ACCESS_REASON_DATA_MASK 0x0000ffff
465
466 typedef enum _ACCESS_REASON_TYPE {
467 AccessReasonNone = 0x00000000,
468 AccessReasonAllowedAce = 0x00010000,
469 AccessReasonDeniedAce = 0x00020000,
470 AccessReasonAllowedParentAce = 0x00030000,
471 AccessReasonDeniedParentAce = 0x00040000,
472 AccessReasonMissingPrivilege = 0x00100000,
473 AccessReasonFromPrivilege = 0x00200000,
474 AccessReasonIntegrityLevel = 0x00300000,
475 AccessReasonOwnership = 0x00400000,
476 AccessReasonNullDacl = 0x00500000,
477 AccessReasonEmptyDacl = 0x00600000,
478 AccessReasonNoSD = 0x00700000,
479 AccessReasonNoGrant = 0x00800000
480 } ACCESS_REASON_TYPE;
481
482 typedef ULONG ACCESS_REASON;
483
484 typedef struct _ACCESS_REASONS {
485 ACCESS_REASON Data[32];
486 } ACCESS_REASONS, *PACCESS_REASONS;
487
488 #define SE_SECURITY_DESCRIPTOR_FLAG_NO_OWNER_ACE 0x00000001
489 #define SE_SECURITY_DESCRIPTOR_FLAG_NO_LABEL_ACE 0x00000002
490 #define SE_SECURITY_DESCRIPTOR_VALID_FLAGS 0x00000003
491
492 typedef struct _SE_SECURITY_DESCRIPTOR {
493 ULONG Size;
494 ULONG Flags;
495 PSECURITY_DESCRIPTOR SecurityDescriptor;
496 } SE_SECURITY_DESCRIPTOR, *PSE_SECURITY_DESCRIPTOR;
497
498 typedef struct _SE_ACCESS_REQUEST {
499 ULONG Size;
500 PSE_SECURITY_DESCRIPTOR SeSecurityDescriptor;
501 ACCESS_MASK DesiredAccess;
502 ACCESS_MASK PreviouslyGrantedAccess;
503 PSID PrincipalSelfSid;
504 PGENERIC_MAPPING GenericMapping;
505 ULONG ObjectTypeListCount;
506 POBJECT_TYPE_LIST ObjectTypeList;
507 } SE_ACCESS_REQUEST, *PSE_ACCESS_REQUEST;
508
509 typedef struct _SE_ACCESS_REPLY {
510 ULONG Size;
511 ULONG ResultListCount;
512 PACCESS_MASK GrantedAccess;
513 PNTSTATUS AccessStatus;
514 PACCESS_REASONS AccessReason;
515 PPRIVILEGE_SET* Privileges;
516 } SE_ACCESS_REPLY, *PSE_ACCESS_REPLY;
517
518 typedef enum _SE_AUDIT_OPERATION {
519 AuditPrivilegeObject,
520 AuditPrivilegeService,
521 AuditAccessCheck,
522 AuditOpenObject,
523 AuditOpenObjectWithTransaction,
524 AuditCloseObject,
525 AuditDeleteObject,
526 AuditOpenObjectForDelete,
527 AuditOpenObjectForDeleteWithTransaction,
528 AuditCloseNonObject,
529 AuditOpenNonObject,
530 AuditObjectReference,
531 AuditHandleCreation,
532 } SE_AUDIT_OPERATION, *PSE_AUDIT_OPERATION;
533
534 typedef struct _SE_AUDIT_INFO {
535 ULONG Size;
536 AUDIT_EVENT_TYPE AuditType;
537 SE_AUDIT_OPERATION AuditOperation;
538 ULONG AuditFlags;
539 UNICODE_STRING SubsystemName;
540 UNICODE_STRING ObjectTypeName;
541 UNICODE_STRING ObjectName;
542 PVOID HandleId;
543 GUID* TransactionId;
544 LUID* OperationId;
545 BOOLEAN ObjectCreation;
546 BOOLEAN GenerateOnClose;
547 } SE_AUDIT_INFO, *PSE_AUDIT_INFO;
548
549 #define TOKEN_ASSIGN_PRIMARY (0x0001)
550 #define TOKEN_DUPLICATE (0x0002)
551 #define TOKEN_IMPERSONATE (0x0004)
552 #define TOKEN_QUERY (0x0008)
553 #define TOKEN_QUERY_SOURCE (0x0010)
554 #define TOKEN_ADJUST_PRIVILEGES (0x0020)
555 #define TOKEN_ADJUST_GROUPS (0x0040)
556 #define TOKEN_ADJUST_DEFAULT (0x0080)
557 #define TOKEN_ADJUST_SESSIONID (0x0100)
558
559 #define TOKEN_ALL_ACCESS_P (STANDARD_RIGHTS_REQUIRED |\
560 TOKEN_ASSIGN_PRIMARY |\
561 TOKEN_DUPLICATE |\
562 TOKEN_IMPERSONATE |\
563 TOKEN_QUERY |\
564 TOKEN_QUERY_SOURCE |\
565 TOKEN_ADJUST_PRIVILEGES |\
566 TOKEN_ADJUST_GROUPS |\
567 TOKEN_ADJUST_DEFAULT )
568
569 #if ((defined(_WIN32_WINNT) && (_WIN32_WINNT > 0x0400)) || (!defined(_WIN32_WINNT)))
570 #define TOKEN_ALL_ACCESS (TOKEN_ALL_ACCESS_P |\
571 TOKEN_ADJUST_SESSIONID )
572 #else
573 #define TOKEN_ALL_ACCESS (TOKEN_ALL_ACCESS_P)
574 #endif
575
576 #define TOKEN_READ (STANDARD_RIGHTS_READ |\
577 TOKEN_QUERY)
578
579 #define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\
580 TOKEN_ADJUST_PRIVILEGES |\
581 TOKEN_ADJUST_GROUPS |\
582 TOKEN_ADJUST_DEFAULT)
583
584 #define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE)
585
586 typedef enum _TOKEN_TYPE {
587 TokenPrimary = 1,
588 TokenImpersonation
589 } TOKEN_TYPE,*PTOKEN_TYPE;
590
591 typedef enum _TOKEN_INFORMATION_CLASS {
592 TokenUser = 1,
593 TokenGroups,
594 TokenPrivileges,
595 TokenOwner,
596 TokenPrimaryGroup,
597 TokenDefaultDacl,
598 TokenSource,
599 TokenType,
600 TokenImpersonationLevel,
601 TokenStatistics,
602 TokenRestrictedSids,
603 TokenSessionId,
604 TokenGroupsAndPrivileges,
605 TokenSessionReference,
606 TokenSandBoxInert,
607 TokenAuditPolicy,
608 TokenOrigin,
609 TokenElevationType,
610 TokenLinkedToken,
611 TokenElevation,
612 TokenHasRestrictions,
613 TokenAccessInformation,
614 TokenVirtualizationAllowed,
615 TokenVirtualizationEnabled,
616 TokenIntegrityLevel,
617 TokenUIAccess,
618 TokenMandatoryPolicy,
619 TokenLogonSid,
620 MaxTokenInfoClass
621 } TOKEN_INFORMATION_CLASS, *PTOKEN_INFORMATION_CLASS;
622
623 typedef struct _TOKEN_USER {
624 SID_AND_ATTRIBUTES User;
625 } TOKEN_USER, *PTOKEN_USER;
626
627 typedef struct _TOKEN_GROUPS {
628 ULONG GroupCount;
629 SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
630 } TOKEN_GROUPS,*PTOKEN_GROUPS,*LPTOKEN_GROUPS;
631
632 typedef struct _TOKEN_PRIVILEGES {
633 ULONG PrivilegeCount;
634 LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
635 } TOKEN_PRIVILEGES,*PTOKEN_PRIVILEGES,*LPTOKEN_PRIVILEGES;
636
637 typedef struct _TOKEN_OWNER {
638 PSID Owner;
639 } TOKEN_OWNER,*PTOKEN_OWNER;
640
641 typedef struct _TOKEN_PRIMARY_GROUP {
642 PSID PrimaryGroup;
643 } TOKEN_PRIMARY_GROUP,*PTOKEN_PRIMARY_GROUP;
644
645 typedef struct _TOKEN_DEFAULT_DACL {
646 PACL DefaultDacl;
647 } TOKEN_DEFAULT_DACL,*PTOKEN_DEFAULT_DACL;
648
649 typedef struct _TOKEN_GROUPS_AND_PRIVILEGES {
650 ULONG SidCount;
651 ULONG SidLength;
652 PSID_AND_ATTRIBUTES Sids;
653 ULONG RestrictedSidCount;
654 ULONG RestrictedSidLength;
655 PSID_AND_ATTRIBUTES RestrictedSids;
656 ULONG PrivilegeCount;
657 ULONG PrivilegeLength;
658 PLUID_AND_ATTRIBUTES Privileges;
659 LUID AuthenticationId;
660 } TOKEN_GROUPS_AND_PRIVILEGES, *PTOKEN_GROUPS_AND_PRIVILEGES;
661
662 typedef struct _TOKEN_LINKED_TOKEN {
663 HANDLE LinkedToken;
664 } TOKEN_LINKED_TOKEN, *PTOKEN_LINKED_TOKEN;
665
666 typedef struct _TOKEN_ELEVATION {
667 ULONG TokenIsElevated;
668 } TOKEN_ELEVATION, *PTOKEN_ELEVATION;
669
670 typedef struct _TOKEN_MANDATORY_LABEL {
671 SID_AND_ATTRIBUTES Label;
672 } TOKEN_MANDATORY_LABEL, *PTOKEN_MANDATORY_LABEL;
673
674 #define TOKEN_MANDATORY_POLICY_OFF 0x0
675 #define TOKEN_MANDATORY_POLICY_NO_WRITE_UP 0x1
676 #define TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN 0x2
677
678 #define TOKEN_MANDATORY_POLICY_VALID_MASK (TOKEN_MANDATORY_POLICY_NO_WRITE_UP | \
679 TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN)
680
681 typedef struct _TOKEN_MANDATORY_POLICY {
682 ULONG Policy;
683 } TOKEN_MANDATORY_POLICY, *PTOKEN_MANDATORY_POLICY;
684
685 typedef struct _TOKEN_ACCESS_INFORMATION {
686 PSID_AND_ATTRIBUTES_HASH SidHash;
687 PSID_AND_ATTRIBUTES_HASH RestrictedSidHash;
688 PTOKEN_PRIVILEGES Privileges;
689 LUID AuthenticationId;
690 TOKEN_TYPE TokenType;
691 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
692 TOKEN_MANDATORY_POLICY MandatoryPolicy;
693 ULONG Flags;
694 } TOKEN_ACCESS_INFORMATION, *PTOKEN_ACCESS_INFORMATION;
695
696 #define POLICY_AUDIT_SUBCATEGORY_COUNT (53)
697
698 typedef struct _TOKEN_AUDIT_POLICY {
699 UCHAR PerUserPolicy[((POLICY_AUDIT_SUBCATEGORY_COUNT) >> 1) + 1];
700 } TOKEN_AUDIT_POLICY, *PTOKEN_AUDIT_POLICY;
701
702 #define TOKEN_SOURCE_LENGTH 8
703
704 typedef struct _TOKEN_SOURCE {
705 CHAR SourceName[TOKEN_SOURCE_LENGTH];
706 LUID SourceIdentifier;
707 } TOKEN_SOURCE,*PTOKEN_SOURCE;
708
709 typedef struct _TOKEN_STATISTICS {
710 LUID TokenId;
711 LUID AuthenticationId;
712 LARGE_INTEGER ExpirationTime;
713 TOKEN_TYPE TokenType;
714 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
715 ULONG DynamicCharged;
716 ULONG DynamicAvailable;
717 ULONG GroupCount;
718 ULONG PrivilegeCount;
719 LUID ModifiedId;
720 } TOKEN_STATISTICS, *PTOKEN_STATISTICS;
721
722 typedef struct _TOKEN_CONTROL {
723 LUID TokenId;
724 LUID AuthenticationId;
725 LUID ModifiedId;
726 TOKEN_SOURCE TokenSource;
727 } TOKEN_CONTROL,*PTOKEN_CONTROL;
728
729 typedef struct _TOKEN_ORIGIN {
730 LUID OriginatingLogonSession;
731 } TOKEN_ORIGIN, *PTOKEN_ORIGIN;
732
733 typedef enum _MANDATORY_LEVEL {
734 MandatoryLevelUntrusted = 0,
735 MandatoryLevelLow,
736 MandatoryLevelMedium,
737 MandatoryLevelHigh,
738 MandatoryLevelSystem,
739 MandatoryLevelSecureProcess,
740 MandatoryLevelCount
741 } MANDATORY_LEVEL, *PMANDATORY_LEVEL;
742
743 #if (NTDDI_VERSION >= NTDDI_WIN2K)
744
745 NTSYSCALLAPI
746 NTSTATUS
747 NTAPI
748 NtOpenThreadToken(
749 IN HANDLE ThreadHandle,
750 IN ACCESS_MASK DesiredAccess,
751 IN BOOLEAN OpenAsSelf,
752 OUT PHANDLE TokenHandle);
753
754 NTSYSCALLAPI
755 NTSTATUS
756 NTAPI
757 NtOpenProcessToken(
758 IN HANDLE ProcessHandle,
759 IN ACCESS_MASK DesiredAccess,
760 OUT PHANDLE TokenHandle);
761
762 NTSYSCALLAPI
763 NTSTATUS
764 NTAPI
765 NtQueryInformationToken(
766 IN HANDLE TokenHandle,
767 IN TOKEN_INFORMATION_CLASS TokenInformationClass,
768 OUT PVOID TokenInformation OPTIONAL,
769 IN ULONG TokenInformationLength,
770 OUT PULONG ReturnLength);
771
772 NTSYSCALLAPI
773 NTSTATUS
774 NTAPI
775 NtAdjustPrivilegesToken(
776 IN HANDLE TokenHandle,
777 IN BOOLEAN DisableAllPrivileges,
778 IN PTOKEN_PRIVILEGES NewState OPTIONAL,
779 IN ULONG BufferLength,
780 OUT PTOKEN_PRIVILEGES PreviousState,
781 OUT PULONG ReturnLength OPTIONAL);
782
783 #endif
784
785 #if (NTDDI_VERSION >= NTDDI_WINXP)
786
787 NTSYSCALLAPI
788 NTSTATUS
789 NTAPI
790 NtOpenThreadTokenEx(
791 IN HANDLE ThreadHandle,
792 IN ACCESS_MASK DesiredAccess,
793 IN BOOLEAN OpenAsSelf,
794 IN ULONG HandleAttributes,
795 OUT PHANDLE TokenHandle);
796
797 NTSYSCALLAPI
798 NTSTATUS
799 NTAPI
800 NtOpenProcessTokenEx(
801 IN HANDLE ProcessHandle,
802 IN ACCESS_MASK DesiredAccess,
803 IN ULONG HandleAttributes,
804 OUT PHANDLE TokenHandle);
805
806 NTSYSAPI
807 NTSTATUS
808 NTAPI
809 NtOpenJobObjectToken(
810 IN HANDLE JobHandle,
811 IN ACCESS_MASK DesiredAccess,
812 OUT PHANDLE TokenHandle);
813
814 NTSYSCALLAPI
815 NTSTATUS
816 NTAPI
817 NtDuplicateToken(
818 IN HANDLE ExistingTokenHandle,
819 IN ACCESS_MASK DesiredAccess,
820 IN POBJECT_ATTRIBUTES ObjectAttributes,
821 IN BOOLEAN EffectiveOnly,
822 IN TOKEN_TYPE TokenType,
823 OUT PHANDLE NewTokenHandle);
824
825 NTSYSCALLAPI
826 NTSTATUS
827 NTAPI
828 NtFilterToken(
829 IN HANDLE ExistingTokenHandle,
830 IN ULONG Flags,
831 IN PTOKEN_GROUPS SidsToDisable OPTIONAL,
832 IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL,
833 IN PTOKEN_GROUPS RestrictedSids OPTIONAL,
834 OUT PHANDLE NewTokenHandle);
835
836 NTSYSCALLAPI
837 NTSTATUS
838 NTAPI
839 NtImpersonateAnonymousToken(
840 IN HANDLE ThreadHandle);
841
842 NTSYSCALLAPI
843 NTSTATUS
844 NTAPI
845 NtSetInformationToken(
846 IN HANDLE TokenHandle,
847 IN TOKEN_INFORMATION_CLASS TokenInformationClass,
848 IN PVOID TokenInformation,
849 IN ULONG TokenInformationLength);
850
851 NTSYSCALLAPI
852 NTSTATUS
853 NTAPI
854 NtAdjustGroupsToken(
855 IN HANDLE TokenHandle,
856 IN BOOLEAN ResetToDefault,
857 IN PTOKEN_GROUPS NewState OPTIONAL,
858 IN ULONG BufferLength OPTIONAL,
859 OUT PTOKEN_GROUPS PreviousState,
860 OUT PULONG ReturnLength);
861
862 NTSYSCALLAPI
863 NTSTATUS
864 NTAPI
865 NtPrivilegeCheck(
866 IN HANDLE ClientToken,
867 IN OUT PPRIVILEGE_SET RequiredPrivileges,
868 OUT PBOOLEAN Result);
869
870 NTSYSCALLAPI
871 NTSTATUS
872 NTAPI
873 NtAccessCheckAndAuditAlarm(
874 IN PUNICODE_STRING SubsystemName,
875 IN PVOID HandleId OPTIONAL,
876 IN PUNICODE_STRING ObjectTypeName,
877 IN PUNICODE_STRING ObjectName,
878 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
879 IN ACCESS_MASK DesiredAccess,
880 IN PGENERIC_MAPPING GenericMapping,
881 IN BOOLEAN ObjectCreation,
882 OUT PACCESS_MASK GrantedAccess,
883 OUT PNTSTATUS AccessStatus,
884 OUT PBOOLEAN GenerateOnClose);
885
886 NTSYSCALLAPI
887 NTSTATUS
888 NTAPI
889 NtAccessCheckByTypeAndAuditAlarm(
890 IN PUNICODE_STRING SubsystemName,
891 IN PVOID HandleId,
892 IN PUNICODE_STRING ObjectTypeName,
893 IN PUNICODE_STRING ObjectName,
894 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
895 IN PSID PrincipalSelfSid OPTIONAL,
896 IN ACCESS_MASK DesiredAccess,
897 IN AUDIT_EVENT_TYPE AuditType,
898 IN ULONG Flags,
899 IN POBJECT_TYPE_LIST ObjectTypeList OPTIONAL,
900 IN ULONG ObjectTypeLength,
901 IN PGENERIC_MAPPING GenericMapping,
902 IN BOOLEAN ObjectCreation,
903 OUT PACCESS_MASK GrantedAccess,
904 OUT PNTSTATUS AccessStatus,
905 OUT PBOOLEAN GenerateOnClose);
906
907 NTSYSCALLAPI
908 NTSTATUS
909 NTAPI
910 NtAccessCheckByTypeResultListAndAuditAlarm(
911 IN PUNICODE_STRING SubsystemName,
912 IN PVOID HandleId OPTIONAL,
913 IN PUNICODE_STRING ObjectTypeName,
914 IN PUNICODE_STRING ObjectName,
915 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
916 IN PSID PrincipalSelfSid OPTIONAL,
917 IN ACCESS_MASK DesiredAccess,
918 IN AUDIT_EVENT_TYPE AuditType,
919 IN ULONG Flags,
920 IN POBJECT_TYPE_LIST ObjectTypeList OPTIONAL,
921 IN ULONG ObjectTypeLength,
922 IN PGENERIC_MAPPING GenericMapping,
923 IN BOOLEAN ObjectCreation,
924 OUT PACCESS_MASK GrantedAccess,
925 OUT PNTSTATUS AccessStatus,
926 OUT PBOOLEAN GenerateOnClose);
927
928 NTSTATUS
929 NTAPI
930 NtAccessCheckByTypeResultListAndAuditAlarmByHandle(
931 IN PUNICODE_STRING SubsystemName,
932 IN PVOID HandleId OPTIONAL,
933 IN HANDLE ClientToken,
934 IN PUNICODE_STRING ObjectTypeName,
935 IN PUNICODE_STRING ObjectName,
936 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
937 IN PSID PrincipalSelfSid OPTIONAL,
938 IN ACCESS_MASK DesiredAccess,
939 IN AUDIT_EVENT_TYPE AuditType,
940 IN ULONG Flags,
941 IN POBJECT_TYPE_LIST ObjectTypeList OPTIONAL,
942 IN ULONG ObjectTypeLength,
943 IN PGENERIC_MAPPING GenericMapping,
944 IN BOOLEAN ObjectCreation,
945 OUT PACCESS_MASK GrantedAccess,
946 OUT PNTSTATUS AccessStatus,
947 OUT PBOOLEAN GenerateOnClose);
948
949 NTSYSCALLAPI
950 NTSTATUS
951 NTAPI
952 NtOpenObjectAuditAlarm(
953 IN PUNICODE_STRING SubsystemName,
954 IN PVOID HandleId OPTIONAL,
955 IN PUNICODE_STRING ObjectTypeName,
956 IN PUNICODE_STRING ObjectName,
957 IN PSECURITY_DESCRIPTOR SecurityDescriptor OPTIONAL,
958 IN HANDLE ClientToken,
959 IN ACCESS_MASK DesiredAccess,
960 IN ACCESS_MASK GrantedAccess,
961 IN PPRIVILEGE_SET Privileges OPTIONAL,
962 IN BOOLEAN ObjectCreation,
963 IN BOOLEAN AccessGranted,
964 OUT PBOOLEAN GenerateOnClose);
965
966 NTSYSCALLAPI
967 NTSTATUS
968 NTAPI
969 NtPrivilegeObjectAuditAlarm(
970 IN PUNICODE_STRING SubsystemName,
971 IN PVOID HandleId OPTIONAL,
972 IN HANDLE ClientToken,
973 IN ACCESS_MASK DesiredAccess,
974 IN PPRIVILEGE_SET Privileges,
975 IN BOOLEAN AccessGranted);
976
977 NTSYSCALLAPI
978 NTSTATUS
979 NTAPI
980 NtCloseObjectAuditAlarm(
981 IN PUNICODE_STRING SubsystemName,
982 IN PVOID HandleId OPTIONAL,
983 IN BOOLEAN GenerateOnClose);
984
985 NTSYSCALLAPI
986 NTSTATUS
987 NTAPI
988 NtDeleteObjectAuditAlarm(
989 IN PUNICODE_STRING SubsystemName,
990 IN PVOID HandleId OPTIONAL,
991 IN BOOLEAN GenerateOnClose);
992
993 NTSYSCALLAPI
994 NTSTATUS
995 NTAPI
996 NtPrivilegedServiceAuditAlarm(
997 IN PUNICODE_STRING SubsystemName,
998 IN PUNICODE_STRING ServiceName,
999 IN HANDLE ClientToken,
1000 IN PPRIVILEGE_SET Privileges,
1001 IN BOOLEAN AccessGranted);
1002
1003 NTSYSCALLAPI
1004 NTSTATUS
1005 NTAPI
1006 NtSetInformationThread(
1007 IN HANDLE ThreadHandle,
1008 IN THREADINFOCLASS ThreadInformationClass,
1009 IN PVOID ThreadInformation,
1010 IN ULONG ThreadInformationLength);
1011
1012 #endif
1013
1014 typedef NTSTATUS
1015 (NTAPI * PRTL_HEAP_COMMIT_ROUTINE) (
1016 IN PVOID Base,
1017 IN OUT PVOID *CommitAddress,
1018 IN OUT PSIZE_T CommitSize);
1019
1020 typedef struct _RTL_HEAP_PARAMETERS {
1021 ULONG Length;
1022 SIZE_T SegmentReserve;
1023 SIZE_T SegmentCommit;
1024 SIZE_T DeCommitFreeBlockThreshold;
1025 SIZE_T DeCommitTotalFreeThreshold;
1026 SIZE_T MaximumAllocationSize;
1027 SIZE_T VirtualMemoryThreshold;
1028 SIZE_T InitialCommit;
1029 SIZE_T InitialReserve;
1030 PRTL_HEAP_COMMIT_ROUTINE CommitRoutine;
1031 SIZE_T Reserved[2];
1032 } RTL_HEAP_PARAMETERS, *PRTL_HEAP_PARAMETERS;
1033
1034 #if (NTDDI_VERSION >= NTDDI_WIN2K)
1035
1036 NTSYSAPI
1037 PVOID
1038 NTAPI
1039 RtlAllocateHeap(
1040 IN HANDLE HeapHandle,
1041 IN ULONG Flags OPTIONAL,
1042 IN SIZE_T Size);
1043
1044 NTSYSAPI
1045 BOOLEAN
1046 NTAPI
1047 RtlFreeHeap(
1048 IN PVOID HeapHandle,
1049 IN ULONG Flags OPTIONAL,
1050 IN PVOID BaseAddress);
1051
1052 NTSYSAPI
1053 VOID
1054 NTAPI
1055 RtlCaptureContext(
1056 OUT PCONTEXT ContextRecord);
1057
1058 NTSYSAPI
1059 ULONG
1060 NTAPI
1061 RtlRandom(
1062 IN OUT PULONG Seed);
1063
1064 NTSYSAPI
1065 BOOLEAN
1066 NTAPI
1067 RtlCreateUnicodeString(
1068 OUT PUNICODE_STRING DestinationString,
1069 IN PCWSTR SourceString);
1070
1071 NTSYSAPI
1072 NTSTATUS
1073 NTAPI
1074 RtlAppendStringToString(
1075 IN OUT PSTRING Destination,
1076 IN const STRING *Source);
1077
1078 NTSYSAPI
1079 NTSTATUS
1080 NTAPI
1081 RtlOemStringToUnicodeString(
1082 IN OUT PUNICODE_STRING DestinationString,
1083 IN PCOEM_STRING SourceString,
1084 IN BOOLEAN AllocateDestinationString);
1085
1086 NTSYSAPI
1087 NTSTATUS
1088 NTAPI
1089 RtlUnicodeStringToOemString(
1090 IN OUT POEM_STRING DestinationString,
1091 IN PCUNICODE_STRING SourceString,
1092 IN BOOLEAN AllocateDestinationString);
1093
1094 NTSYSAPI
1095 NTSTATUS
1096 NTAPI
1097 RtlUpcaseUnicodeStringToOemString(
1098 IN OUT POEM_STRING DestinationString,
1099 IN PCUNICODE_STRING SourceString,
1100 IN BOOLEAN AllocateDestinationString);
1101
1102 NTSYSAPI
1103 NTSTATUS
1104 NTAPI
1105 RtlOemStringToCountedUnicodeString(
1106 IN OUT PUNICODE_STRING DestinationString,
1107 IN PCOEM_STRING SourceString,
1108 IN BOOLEAN AllocateDestinationString);
1109
1110 NTSYSAPI
1111 NTSTATUS
1112 NTAPI
1113 RtlUnicodeStringToCountedOemString(
1114 IN OUT POEM_STRING DestinationString,
1115 IN PCUNICODE_STRING SourceString,
1116 IN BOOLEAN AllocateDestinationString);
1117
1118 NTSYSAPI
1119 NTSTATUS
1120 NTAPI
1121 RtlUpcaseUnicodeStringToCountedOemString(
1122 IN OUT POEM_STRING DestinationString,
1123 IN PCUNICODE_STRING SourceString,
1124 IN BOOLEAN AllocateDestinationString);
1125
1126 NTSYSAPI
1127 NTSTATUS
1128 NTAPI
1129 RtlDowncaseUnicodeString(
1130 IN OUT PUNICODE_STRING UniDest,
1131 IN PCUNICODE_STRING UniSource,
1132 IN BOOLEAN AllocateDestinationString);
1133
1134 NTSYSAPI
1135 VOID
1136 NTAPI
1137 RtlFreeOemString (
1138 IN OUT POEM_STRING OemString);
1139
1140 NTSYSAPI
1141 ULONG
1142 NTAPI
1143 RtlxUnicodeStringToOemSize(
1144 IN PCUNICODE_STRING UnicodeString);
1145
1146 NTSYSAPI
1147 ULONG
1148 NTAPI
1149 RtlxOemStringToUnicodeSize(
1150 IN PCOEM_STRING OemString);
1151
1152 NTSYSAPI
1153 NTSTATUS
1154 NTAPI
1155 RtlMultiByteToUnicodeN(
1156 OUT PWCH UnicodeString,
1157 IN ULONG MaxBytesInUnicodeString,
1158 OUT PULONG BytesInUnicodeString OPTIONAL,
1159 IN const CHAR *MultiByteString,
1160 IN ULONG BytesInMultiByteString);
1161
1162 NTSYSAPI
1163 NTSTATUS
1164 NTAPI
1165 RtlMultiByteToUnicodeSize(
1166 OUT PULONG BytesInUnicodeString,
1167 IN const CHAR *MultiByteString,
1168 IN ULONG BytesInMultiByteString);
1169
1170 NTSYSAPI
1171 NTSTATUS
1172 NTAPI
1173 RtlUnicodeToMultiByteSize(
1174 OUT PULONG BytesInMultiByteString,
1175 IN PCWCH UnicodeString,
1176 IN ULONG BytesInUnicodeString);
1177
1178 NTSYSAPI
1179 NTSTATUS
1180 NTAPI
1181 RtlUnicodeToMultiByteN(
1182 OUT PCHAR MultiByteString,
1183 IN ULONG MaxBytesInMultiByteString,
1184 OUT PULONG BytesInMultiByteString OPTIONAL,
1185 IN PWCH UnicodeString,
1186 IN ULONG BytesInUnicodeString);
1187
1188 NTSYSAPI
1189 NTSTATUS
1190 NTAPI
1191 RtlUpcaseUnicodeToMultiByteN(
1192 OUT PCHAR MultiByteString,
1193 IN ULONG MaxBytesInMultiByteString,
1194 OUT PULONG BytesInMultiByteString OPTIONAL,
1195 IN PCWCH UnicodeString,
1196 IN ULONG BytesInUnicodeString);
1197
1198 NTSYSAPI
1199 NTSTATUS
1200 NTAPI
1201 RtlOemToUnicodeN(
1202 OUT PWSTR UnicodeString,
1203 IN ULONG MaxBytesInUnicodeString,
1204 OUT PULONG BytesInUnicodeString OPTIONAL,
1205 IN PCCH OemString,
1206 IN ULONG BytesInOemString);
1207
1208 NTSYSAPI
1209 NTSTATUS
1210 NTAPI
1211 RtlUnicodeToOemN(
1212 OUT PCHAR OemString,
1213 IN ULONG MaxBytesInOemString,
1214 OUT PULONG BytesInOemString OPTIONAL,
1215 IN PCWCH UnicodeString,
1216 IN ULONG BytesInUnicodeString);
1217
1218 NTSYSAPI
1219 NTSTATUS
1220 NTAPI
1221 RtlUpcaseUnicodeToOemN(
1222 OUT PCHAR OemString,
1223 IN ULONG MaxBytesInOemString,
1224 OUT PULONG BytesInOemString OPTIONAL,
1225 IN PCWCH UnicodeString,
1226 IN ULONG BytesInUnicodeString);
1227
1228 #if (NTDDI_VERSION >= NTDDI_VISTASP1)
1229 NTSYSAPI
1230 NTSTATUS
1231 NTAPI
1232 RtlGenerate8dot3Name(
1233 IN PCUNICODE_STRING Name,
1234 IN BOOLEAN AllowExtendedCharacters,
1235 IN OUT PGENERATE_NAME_CONTEXT Context,
1236 IN OUT PUNICODE_STRING Name8dot3);
1237 #else
1238 NTSYSAPI
1239 VOID
1240 NTAPI
1241 RtlGenerate8dot3Name(
1242 IN PCUNICODE_STRING Name,
1243 IN BOOLEAN AllowExtendedCharacters,
1244 IN OUT PGENERATE_NAME_CONTEXT Context,
1245 IN OUT PUNICODE_STRING Name8dot3);
1246 #endif
1247
1248 NTSYSAPI
1249 BOOLEAN
1250 NTAPI
1251 RtlIsNameLegalDOS8Dot3(
1252 IN PCUNICODE_STRING Name,
1253 IN OUT POEM_STRING OemName OPTIONAL,
1254 IN OUT PBOOLEAN NameContainsSpaces OPTIONAL);
1255
1256 NTSYSAPI
1257 BOOLEAN
1258 NTAPI
1259 RtlIsValidOemCharacter(
1260 IN OUT PWCHAR Char);
1261
1262 NTSYSAPI
1263 VOID
1264 NTAPI
1265 PfxInitialize(
1266 OUT PPREFIX_TABLE PrefixTable);
1267
1268 NTSYSAPI
1269 BOOLEAN
1270 NTAPI
1271 PfxInsertPrefix(
1272 IN PPREFIX_TABLE PrefixTable,
1273 IN PSTRING Prefix,
1274 OUT PPREFIX_TABLE_ENTRY PrefixTableEntry);
1275
1276 NTSYSAPI
1277 VOID
1278 NTAPI
1279 PfxRemovePrefix(
1280 IN PPREFIX_TABLE PrefixTable,
1281 IN PPREFIX_TABLE_ENTRY PrefixTableEntry);
1282
1283 NTSYSAPI
1284 PPREFIX_TABLE_ENTRY
1285 NTAPI
1286 PfxFindPrefix(
1287 IN PPREFIX_TABLE PrefixTable,
1288 IN PSTRING FullName);
1289
1290 NTSYSAPI
1291 VOID
1292 NTAPI
1293 RtlInitializeUnicodePrefix(
1294 OUT PUNICODE_PREFIX_TABLE PrefixTable);
1295
1296 NTSYSAPI
1297 BOOLEAN
1298 NTAPI
1299 RtlInsertUnicodePrefix(
1300 IN PUNICODE_PREFIX_TABLE PrefixTable,
1301 IN PUNICODE_STRING Prefix,
1302 OUT PUNICODE_PREFIX_TABLE_ENTRY PrefixTableEntry);
1303
1304 NTSYSAPI
1305 VOID
1306 NTAPI
1307 RtlRemoveUnicodePrefix(
1308 IN PUNICODE_PREFIX_TABLE PrefixTable,
1309 IN PUNICODE_PREFIX_TABLE_ENTRY PrefixTableEntry);
1310
1311 NTSYSAPI
1312 PUNICODE_PREFIX_TABLE_ENTRY
1313 NTAPI
1314 RtlFindUnicodePrefix(
1315 IN PUNICODE_PREFIX_TABLE PrefixTable,
1316 IN PUNICODE_STRING FullName,
1317 IN ULONG CaseInsensitiveIndex);
1318
1319 NTSYSAPI
1320 PUNICODE_PREFIX_TABLE_ENTRY
1321 NTAPI
1322 RtlNextUnicodePrefix(
1323 IN PUNICODE_PREFIX_TABLE PrefixTable,
1324 IN BOOLEAN Restart);
1325
1326 NTSYSAPI
1327 SIZE_T
1328 NTAPI
1329 RtlCompareMemoryUlong(
1330 IN PVOID Source,
1331 IN SIZE_T Length,
1332 IN ULONG Pattern);
1333
1334 NTSYSAPI
1335 BOOLEAN
1336 NTAPI
1337 RtlTimeToSecondsSince1980(
1338 IN PLARGE_INTEGER Time,
1339 OUT PULONG ElapsedSeconds);
1340
1341 NTSYSAPI
1342 VOID
1343 NTAPI
1344 RtlSecondsSince1980ToTime(
1345 IN ULONG ElapsedSeconds,
1346 OUT PLARGE_INTEGER Time);
1347
1348 NTSYSAPI
1349 BOOLEAN
1350 NTAPI
1351 RtlTimeToSecondsSince1970(
1352 IN PLARGE_INTEGER Time,
1353 OUT PULONG ElapsedSeconds);
1354
1355 NTSYSAPI
1356 VOID
1357 NTAPI
1358 RtlSecondsSince1970ToTime(
1359 IN ULONG ElapsedSeconds,
1360 OUT PLARGE_INTEGER Time);
1361
1362 NTSYSAPI
1363 BOOLEAN
1364 NTAPI
1365 RtlValidSid(
1366 IN PSID Sid);
1367
1368 NTSYSAPI
1369 BOOLEAN
1370 NTAPI
1371 RtlEqualSid(
1372 IN PSID Sid1,
1373 IN PSID Sid2);
1374
1375 NTSYSAPI
1376 BOOLEAN
1377 NTAPI
1378 RtlEqualPrefixSid(
1379 IN PSID Sid1,
1380 IN PSID Sid2);
1381
1382 NTSYSAPI
1383 ULONG
1384 NTAPI
1385 RtlLengthRequiredSid(
1386 IN ULONG SubAuthorityCount);
1387
1388 NTSYSAPI
1389 PVOID
1390 NTAPI
1391 RtlFreeSid(
1392 IN PSID Sid);
1393
1394 NTSYSAPI
1395 NTSTATUS
1396 NTAPI
1397 RtlAllocateAndInitializeSid(
1398 IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
1399 IN UCHAR SubAuthorityCount,
1400 IN ULONG SubAuthority0,
1401 IN ULONG SubAuthority1,
1402 IN ULONG SubAuthority2,
1403 IN ULONG SubAuthority3,
1404 IN ULONG SubAuthority4,
1405 IN ULONG SubAuthority5,
1406 IN ULONG SubAuthority6,
1407 IN ULONG SubAuthority7,
1408 OUT PSID *Sid);
1409
1410 NTSYSAPI
1411 NTSTATUS
1412 NTAPI
1413 RtlInitializeSid(
1414 OUT PSID Sid,
1415 IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
1416 IN UCHAR SubAuthorityCount);
1417
1418 NTSYSAPI
1419 PULONG
1420 NTAPI
1421 RtlSubAuthoritySid(
1422 IN PSID Sid,
1423 IN ULONG SubAuthority);
1424
1425 NTSYSAPI
1426 ULONG
1427 NTAPI
1428 RtlLengthSid(
1429 IN PSID Sid);
1430
1431 NTSYSAPI
1432 NTSTATUS
1433 NTAPI
1434 RtlCopySid(
1435 IN ULONG Length,
1436 IN PSID Destination,
1437 IN PSID Source);
1438
1439 NTSYSAPI
1440 NTSTATUS
1441 NTAPI
1442 RtlConvertSidToUnicodeString(
1443 IN OUT PUNICODE_STRING UnicodeString,
1444 IN PSID Sid,
1445 IN BOOLEAN AllocateDestinationString);
1446
1447 NTSYSAPI
1448 VOID
1449 NTAPI
1450 RtlCopyLuid(
1451 OUT PLUID DestinationLuid,
1452 IN PLUID SourceLuid);
1453
1454 NTSYSAPI
1455 NTSTATUS
1456 NTAPI
1457 RtlCreateAcl(
1458 OUT PACL Acl,
1459 IN ULONG AclLength,
1460 IN ULONG AclRevision);
1461
1462 NTSYSAPI
1463 NTSTATUS
1464 NTAPI
1465 RtlAddAce(
1466 IN OUT PACL Acl,
1467 IN ULONG AceRevision,
1468 IN ULONG StartingAceIndex,
1469 IN PVOID AceList,
1470 IN ULONG AceListLength);
1471
1472 NTSYSAPI
1473 NTSTATUS
1474 NTAPI
1475 RtlDeleteAce(
1476 IN OUT PACL Acl,
1477 IN ULONG AceIndex);
1478
1479 NTSYSAPI
1480 NTSTATUS
1481 NTAPI
1482 RtlGetAce(
1483 IN PACL Acl,
1484 IN ULONG AceIndex,
1485 OUT PVOID *Ace);
1486
1487 NTSYSAPI
1488 NTSTATUS
1489 NTAPI
1490 RtlAddAccessAllowedAce(
1491 IN OUT PACL Acl,
1492 IN ULONG AceRevision,
1493 IN ACCESS_MASK AccessMask,
1494 IN PSID Sid);
1495
1496 NTSYSAPI
1497 NTSTATUS
1498 NTAPI
1499 RtlAddAccessAllowedAceEx(
1500 IN OUT PACL Acl,
1501 IN ULONG AceRevision,
1502 IN ULONG AceFlags,
1503 IN ACCESS_MASK AccessMask,
1504 IN PSID Sid);
1505
1506 NTSYSAPI
1507 NTSTATUS
1508 NTAPI
1509 RtlCreateSecurityDescriptorRelative(
1510 OUT PISECURITY_DESCRIPTOR_RELATIVE SecurityDescriptor,
1511 IN ULONG Revision);
1512
1513 NTSYSAPI
1514 NTSTATUS
1515 NTAPI
1516 RtlGetDaclSecurityDescriptor(
1517 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
1518 OUT PBOOLEAN DaclPresent,
1519 OUT PACL *Dacl,
1520 OUT PBOOLEAN DaclDefaulted);
1521
1522 NTSYSAPI
1523 NTSTATUS
1524 NTAPI
1525 RtlSetOwnerSecurityDescriptor(
1526 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
1527 IN PSID Owner OPTIONAL,
1528 IN BOOLEAN OwnerDefaulted);
1529
1530 NTSYSAPI
1531 NTSTATUS
1532 NTAPI
1533 RtlGetOwnerSecurityDescriptor(
1534 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
1535 OUT PSID *Owner,
1536 OUT PBOOLEAN OwnerDefaulted);
1537
1538 NTSYSAPI
1539 ULONG
1540 NTAPI
1541 RtlNtStatusToDosError(
1542 IN NTSTATUS Status);
1543
1544 NTSYSAPI
1545 NTSTATUS
1546 NTAPI
1547 RtlCustomCPToUnicodeN(
1548 IN PCPTABLEINFO CustomCP,
1549 OUT PWCH UnicodeString,
1550 IN ULONG MaxBytesInUnicodeString,
1551 OUT PULONG BytesInUnicodeString OPTIONAL,
1552 IN PCH CustomCPString,
1553 IN ULONG BytesInCustomCPString);
1554
1555 NTSYSAPI
1556 NTSTATUS
1557 NTAPI
1558 RtlUnicodeToCustomCPN(
1559 IN PCPTABLEINFO CustomCP,
1560 OUT PCH CustomCPString,
1561 IN ULONG MaxBytesInCustomCPString,
1562 OUT PULONG BytesInCustomCPString OPTIONAL,
1563 IN PWCH UnicodeString,
1564 IN ULONG BytesInUnicodeString);
1565
1566 NTSYSAPI
1567 NTSTATUS
1568 NTAPI
1569 RtlUpcaseUnicodeToCustomCPN(
1570 IN PCPTABLEINFO CustomCP,
1571 OUT PCH CustomCPString,
1572 IN ULONG MaxBytesInCustomCPString,
1573 OUT PULONG BytesInCustomCPString OPTIONAL,
1574 IN PWCH UnicodeString,
1575 IN ULONG BytesInUnicodeString);
1576
1577 NTSYSAPI
1578 VOID
1579 NTAPI
1580 RtlInitCodePageTable(
1581 IN PUSHORT TableBase,
1582 IN OUT PCPTABLEINFO CodePageTable);
1583
1584 #endif
1585
1586 #if (NTDDI_VERSION >= NTDDI_WINXP)
1587
1588 NTSYSAPI
1589 PVOID
1590 NTAPI
1591 RtlCreateHeap(
1592 IN ULONG Flags,
1593 IN PVOID HeapBase OPTIONAL,
1594 IN SIZE_T ReserveSize OPTIONAL,
1595 IN SIZE_T CommitSize OPTIONAL,
1596 IN PVOID Lock OPTIONAL,
1597 IN PRTL_HEAP_PARAMETERS Parameters OPTIONAL);
1598
1599 NTSYSAPI
1600 PVOID
1601 NTAPI
1602 RtlDestroyHeap(
1603 IN PVOID HeapHandle);
1604
1605 NTSYSAPI
1606 USHORT
1607 NTAPI
1608 RtlCaptureStackBackTrace(
1609 IN ULONG FramesToSkip,
1610 IN ULONG FramesToCapture,
1611 OUT PVOID *BackTrace,
1612 OUT PULONG BackTraceHash OPTIONAL);
1613
1614 NTSYSAPI
1615 ULONG
1616 NTAPI
1617 RtlRandomEx(
1618 IN OUT PULONG Seed);
1619
1620 NTSYSAPI
1621 NTSTATUS
1622 NTAPI
1623 RtlInitUnicodeStringEx(
1624 OUT PUNICODE_STRING DestinationString,
1625 IN PCWSTR SourceString OPTIONAL);
1626
1627 NTSYSAPI
1628 NTSTATUS
1629 NTAPI
1630 RtlValidateUnicodeString(
1631 IN ULONG Flags,
1632 IN PCUNICODE_STRING String);
1633
1634 NTSYSAPI
1635 NTSTATUS
1636 NTAPI
1637 RtlDuplicateUnicodeString(
1638 IN ULONG Flags,
1639 IN PCUNICODE_STRING SourceString,
1640 OUT PUNICODE_STRING DestinationString);
1641
1642 NTSYSAPI
1643 NTSTATUS
1644 NTAPI
1645 RtlGetCompressionWorkSpaceSize(
1646 IN USHORT CompressionFormatAndEngine,
1647 OUT PULONG CompressBufferWorkSpaceSize,
1648 OUT PULONG CompressFragmentWorkSpaceSize);
1649
1650 NTSYSAPI
1651 NTSTATUS
1652 NTAPI
1653 RtlCompressBuffer(
1654 IN USHORT CompressionFormatAndEngine,
1655 IN PUCHAR UncompressedBuffer,
1656 IN ULONG UncompressedBufferSize,
1657 OUT PUCHAR CompressedBuffer,
1658 IN ULONG CompressedBufferSize,
1659 IN ULONG UncompressedChunkSize,
1660 OUT PULONG FinalCompressedSize,
1661 IN PVOID WorkSpace);
1662
1663 NTSYSAPI
1664 NTSTATUS
1665 NTAPI
1666 RtlDecompressBuffer(
1667 IN USHORT CompressionFormat,
1668 OUT PUCHAR UncompressedBuffer,
1669 IN ULONG UncompressedBufferSize,
1670 IN PUCHAR CompressedBuffer,
1671 IN ULONG CompressedBufferSize,
1672 OUT PULONG FinalUncompressedSize);
1673
1674 NTSYSAPI
1675 NTSTATUS
1676 NTAPI
1677 RtlDecompressFragment(
1678 IN USHORT CompressionFormat,
1679 OUT PUCHAR UncompressedFragment,
1680 IN ULONG UncompressedFragmentSize,
1681 IN PUCHAR CompressedBuffer,
1682 IN ULONG CompressedBufferSize,
1683 IN ULONG FragmentOffset,
1684 OUT PULONG FinalUncompressedSize,
1685 IN PVOID WorkSpace);
1686
1687 NTSYSAPI
1688 NTSTATUS
1689 NTAPI
1690 RtlDescribeChunk(
1691 IN USHORT CompressionFormat,
1692 IN OUT PUCHAR *CompressedBuffer,
1693 IN PUCHAR EndOfCompressedBufferPlus1,
1694 OUT PUCHAR *ChunkBuffer,
1695 OUT PULONG ChunkSize);
1696
1697 NTSYSAPI
1698 NTSTATUS
1699 NTAPI
1700 RtlReserveChunk(
1701 IN USHORT CompressionFormat,
1702 IN OUT PUCHAR *CompressedBuffer,
1703 IN PUCHAR EndOfCompressedBufferPlus1,
1704 OUT PUCHAR *ChunkBuffer,
1705 IN ULONG ChunkSize);
1706
1707 NTSYSAPI
1708 NTSTATUS
1709 NTAPI
1710 RtlDecompressChunks(
1711 OUT PUCHAR UncompressedBuffer,
1712 IN ULONG UncompressedBufferSize,
1713 IN PUCHAR CompressedBuffer,
1714 IN ULONG CompressedBufferSize,
1715 IN PUCHAR CompressedTail,
1716 IN ULONG CompressedTailSize,
1717 IN PCOMPRESSED_DATA_INFO CompressedDataInfo);
1718
1719 NTSYSAPI
1720 NTSTATUS
1721 NTAPI
1722 RtlCompressChunks(
1723 IN PUCHAR UncompressedBuffer,
1724 IN ULONG UncompressedBufferSize,
1725 OUT PUCHAR CompressedBuffer,
1726 IN ULONG CompressedBufferSize,
1727 IN OUT PCOMPRESSED_DATA_INFO CompressedDataInfo,
1728 IN ULONG CompressedDataInfoLength,
1729 IN PVOID WorkSpace);
1730
1731 NTSYSAPI
1732 PSID_IDENTIFIER_AUTHORITY
1733 NTAPI
1734 RtlIdentifierAuthoritySid(
1735 IN PSID Sid);
1736
1737 NTSYSAPI
1738 PUCHAR
1739 NTAPI
1740 RtlSubAuthorityCountSid(
1741 IN PSID Sid);
1742
1743 NTSYSAPI
1744 ULONG
1745 NTAPI
1746 RtlNtStatusToDosErrorNoTeb(
1747 IN NTSTATUS Status);
1748
1749 NTSYSAPI
1750 NTSTATUS
1751 NTAPI
1752 RtlCreateSystemVolumeInformationFolder(
1753 IN PCUNICODE_STRING VolumeRootPath);
1754
1755 #endif
1756
1757 #if defined(_M_AMD64)
1758
1759 FORCEINLINE
1760 VOID
1761 RtlFillMemoryUlong (
1762 OUT PVOID Destination,
1763 IN SIZE_T Length,
1764 IN ULONG Pattern)
1765 {
1766 PULONG Address = (PULONG)Destination;
1767 if ((Length /= 4) != 0) {
1768 if (((ULONG64)Address & 4) != 0) {
1769 *Address = Pattern;
1770 if ((Length -= 1) == 0) {
1771 return;
1772 }
1773 Address += 1;
1774 }
1775 __stosq((PULONG64)(Address), Pattern | ((ULONG64)Pattern << 32), Length / 2);
1776 if ((Length & 1) != 0) Address[Length - 1] = Pattern;
1777 }
1778 return;
1779 }
1780
1781 #define RtlFillMemoryUlonglong(Destination, Length, Pattern) \
1782 __stosq((PULONG64)(Destination), Pattern, (Length) / 8)
1783
1784 #else
1785
1786 #if (NTDDI_VERSION >= NTDDI_WINXP)
1787
1788 NTSYSAPI
1789 VOID
1790 NTAPI
1791 RtlFillMemoryUlong(
1792 OUT PVOID Destination,
1793 IN SIZE_T Length,
1794 IN ULONG Pattern);
1795
1796 NTSYSAPI
1797 VOID
1798 NTAPI
1799 RtlFillMemoryUlonglong(
1800 OUT PVOID Destination,
1801 IN SIZE_T Length,
1802 IN ULONGLONG Pattern);
1803
1804 #endif
1805
1806 #endif // defined(_M_AMD64)
1807
1808 #if (NTDDI_VERSION >= NTDDI_WS03)
1809
1810 NTSYSAPI
1811 NTSTATUS
1812 NTAPI
1813 RtlInitAnsiStringEx(
1814 OUT PANSI_STRING DestinationString,
1815 IN PCSZ SourceString OPTIONAL);
1816
1817 #endif
1818
1819 #if (NTDDI_VERSION >= NTDDI_WS03SP1)
1820
1821 NTSYSAPI
1822 NTSTATUS
1823 NTAPI
1824 RtlGetSaclSecurityDescriptor(
1825 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
1826 OUT PBOOLEAN SaclPresent,
1827 OUT PACL *Sacl,
1828 OUT PBOOLEAN SaclDefaulted);
1829
1830 NTSYSAPI
1831 NTSTATUS
1832 NTAPI
1833 RtlSetGroupSecurityDescriptor(
1834 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
1835 IN PSID Group OPTIONAL,
1836 IN BOOLEAN GroupDefaulted OPTIONAL);
1837
1838 NTSYSAPI
1839 NTSTATUS
1840 NTAPI
1841 RtlGetGroupSecurityDescriptor(
1842 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
1843 OUT PSID *Group,
1844 OUT PBOOLEAN GroupDefaulted);
1845
1846 NTSYSAPI
1847 NTSTATUS
1848 NTAPI
1849 RtlAbsoluteToSelfRelativeSD(
1850 IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor,
1851 OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor OPTIONAL,
1852 IN OUT PULONG BufferLength);
1853
1854 NTSYSAPI
1855 NTSTATUS
1856 NTAPI
1857 RtlSelfRelativeToAbsoluteSD(
1858 IN PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor,
1859 OUT PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor OPTIONAL,
1860 IN OUT PULONG AbsoluteSecurityDescriptorSize,
1861 OUT PACL Dacl OPTIONAL,
1862 IN OUT PULONG DaclSize,
1863 OUT PACL Sacl OPTIONAL,
1864 IN OUT PULONG SaclSize,
1865 OUT PSID Owner OPTIONAL,
1866 IN OUT PULONG OwnerSize,
1867 OUT PSID PrimaryGroup OPTIONAL,
1868 IN OUT PULONG PrimaryGroupSize);
1869
1870 #endif
1871
1872 #if (NTDDI_VERSION >= NTDDI_VISTA)
1873
1874 NTSYSAPI
1875 NTSTATUS
1876 NTAPI
1877 RtlNormalizeString(
1878 IN ULONG NormForm,
1879 IN PCWSTR SourceString,
1880 IN LONG SourceStringLength,
1881 OUT PWSTR DestinationString,
1882 IN OUT PLONG DestinationStringLength);
1883
1884 NTSYSAPI
1885 NTSTATUS
1886 NTAPI
1887 RtlIsNormalizedString(
1888 IN ULONG NormForm,
1889 IN PCWSTR SourceString,
1890 IN LONG SourceStringLength,
1891 OUT PBOOLEAN Normalized);
1892
1893 NTSYSAPI
1894 NTSTATUS
1895 NTAPI
1896 RtlIdnToAscii(
1897 IN ULONG Flags,
1898 IN PCWSTR SourceString,
1899 IN LONG SourceStringLength,
1900 OUT PWSTR DestinationString,
1901 IN OUT PLONG DestinationStringLength);
1902
1903 NTSYSAPI
1904 NTSTATUS
1905 NTAPI
1906 RtlIdnToUnicode(
1907 IN ULONG Flags,
1908 IN PCWSTR SourceString,
1909 IN LONG SourceStringLength,
1910 OUT PWSTR DestinationString,
1911 IN OUT PLONG DestinationStringLength);
1912
1913 NTSYSAPI
1914 NTSTATUS
1915 NTAPI
1916 RtlIdnToNameprepUnicode(
1917 IN ULONG Flags,
1918 IN PCWSTR SourceString,
1919 IN LONG SourceStringLength,
1920 OUT PWSTR DestinationString,
1921 IN OUT PLONG DestinationStringLength);
1922
1923 NTSYSAPI
1924 NTSTATUS
1925 NTAPI
1926 RtlCreateServiceSid(
1927 IN PUNICODE_STRING ServiceName,
1928 OUT PSID ServiceSid,
1929 IN OUT PULONG ServiceSidLength);
1930
1931 NTSYSAPI
1932 LONG
1933 NTAPI
1934 RtlCompareAltitudes(
1935 IN PCUNICODE_STRING Altitude1,
1936 IN PCUNICODE_STRING Altitude2);
1937
1938 #endif
1939
1940 #if (NTDDI_VERSION >= NTDDI_WIN7)
1941
1942 NTSYSAPI
1943 NTSTATUS
1944 NTAPI
1945 RtlUnicodeToUTF8N(
1946 OUT PCHAR UTF8StringDestination,
1947 IN ULONG UTF8StringMaxByteCount,
1948 OUT PULONG UTF8StringActualByteCount,
1949 IN PCWCH UnicodeStringSource,
1950 IN ULONG UnicodeStringByteCount);
1951
1952 NTSYSAPI
1953 NTSTATUS
1954 NTAPI
1955 RtlUTF8ToUnicodeN(
1956 OUT PWSTR UnicodeStringDestination,
1957 IN ULONG UnicodeStringMaxByteCount,
1958 OUT PULONG UnicodeStringActualByteCount,
1959 IN PCCH UTF8StringSource,
1960 IN ULONG UTF8StringByteCount);
1961
1962 NTSYSAPI
1963 NTSTATUS
1964 NTAPI
1965 RtlReplaceSidInSd(
1966 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
1967 IN PSID OldSid,
1968 IN PSID NewSid,
1969 OUT ULONG *NumChanges);
1970
1971 NTSYSAPI
1972 NTSTATUS
1973 NTAPI
1974 RtlCreateVirtualAccountSid(
1975 IN PCUNICODE_STRING Name,
1976 IN ULONG BaseSubAuthority,
1977 OUT PSID Sid,
1978 IN OUT PULONG SidLength);
1979
1980 #endif
1981
1982 #define HEAP_NO_SERIALIZE 0x00000001
1983 #define HEAP_GROWABLE 0x00000002
1984 #define HEAP_GENERATE_EXCEPTIONS 0x00000004
1985 #define HEAP_ZERO_MEMORY 0x00000008
1986 #define HEAP_REALLOC_IN_PLACE_ONLY 0x00000010
1987 #define HEAP_TAIL_CHECKING_ENABLED 0x00000020
1988 #define HEAP_FREE_CHECKING_ENABLED 0x00000040
1989 #define HEAP_DISABLE_COALESCE_ON_FREE 0x00000080
1990
1991 #define HEAP_CREATE_ALIGN_16 0x00010000
1992 #define HEAP_CREATE_ENABLE_TRACING 0x00020000
1993 #define HEAP_CREATE_ENABLE_EXECUTE 0x00040000
1994
1995 #define HEAP_SETTABLE_USER_VALUE 0x00000100
1996 #define HEAP_SETTABLE_USER_FLAG1 0x00000200
1997 #define HEAP_SETTABLE_USER_FLAG2 0x00000400
1998 #define HEAP_SETTABLE_USER_FLAG3 0x00000800
1999 #define HEAP_SETTABLE_USER_FLAGS 0x00000E00
2000
2001 #define HEAP_CLASS_0 0x00000000
2002 #define HEAP_CLASS_1 0x00001000
2003 #define HEAP_CLASS_2 0x00002000
2004 #define HEAP_CLASS_3 0x00003000
2005 #define HEAP_CLASS_4 0x00004000
2006 #define HEAP_CLASS_5 0x00005000
2007 #define HEAP_CLASS_6 0x00006000
2008 #define HEAP_CLASS_7 0x00007000
2009 #define HEAP_CLASS_8 0x00008000
2010 #define HEAP_CLASS_MASK 0x0000F000
2011
2012 #define HEAP_MAXIMUM_TAG 0x0FFF
2013 #define HEAP_GLOBAL_TAG 0x0800
2014 #define HEAP_PSEUDO_TAG_FLAG 0x8000
2015 #define HEAP_TAG_SHIFT 18
2016 #define HEAP_TAG_MASK (HEAP_MAXIMUM_TAG << HEAP_TAG_SHIFT)
2017
2018 #define HEAP_CREATE_VALID_MASK (HEAP_NO_SERIALIZE | \
2019 HEAP_GROWABLE | \
2020 HEAP_GENERATE_EXCEPTIONS | \
2021 HEAP_ZERO_MEMORY | \
2022 HEAP_REALLOC_IN_PLACE_ONLY | \
2023 HEAP_TAIL_CHECKING_ENABLED | \
2024 HEAP_FREE_CHECKING_ENABLED | \
2025 HEAP_DISABLE_COALESCE_ON_FREE | \
2026 HEAP_CLASS_MASK | \
2027 HEAP_CREATE_ALIGN_16 | \
2028 HEAP_CREATE_ENABLE_TRACING | \
2029 HEAP_CREATE_ENABLE_EXECUTE)
2030
2031 FORCEINLINE
2032 ULONG
2033 HEAP_MAKE_TAG_FLAGS(
2034 IN ULONG TagBase,
2035 IN ULONG Tag)
2036 {
2037 __assume_bound(TagBase);
2038 return ((ULONG)((TagBase) + ((Tag) << HEAP_TAG_SHIFT)));
2039 }
2040
2041 #define RTL_DUPLICATE_UNICODE_STRING_NULL_TERMINATE 1
2042 #define RTL_DUPLICATE_UNICODE_STRING_ALLOCATE_NULL_STRING 2
2043
2044 #define RtlUnicodeStringToOemSize(STRING) (NLS_MB_OEM_CODE_PAGE_TAG ? \
2045 RtlxUnicodeStringToOemSize(STRING) : \
2046 ((STRING)->Length + sizeof(UNICODE_NULL)) / sizeof(WCHAR) \
2047 )
2048
2049 #define RtlOemStringToUnicodeSize(STRING) ( \
2050 NLS_MB_OEM_CODE_PAGE_TAG ? \
2051 RtlxOemStringToUnicodeSize(STRING) : \
2052 ((STRING)->Length + sizeof(ANSI_NULL)) * sizeof(WCHAR) \
2053 )
2054
2055 #define RtlOemStringToCountedUnicodeSize(STRING) ( \
2056 (ULONG)(RtlOemStringToUnicodeSize(STRING) - sizeof(UNICODE_NULL)) \
2057 )
2058
2059 typedef PVOID
2060 (NTAPI *PRTL_ALLOCATE_STRING_ROUTINE (
2061 IN SIZE_T NumberOfBytes);
2062
2063 #if _WIN32_WINNT >= 0x0600
2064
2065 typedef PVOID
2066 (NTAPI *PRTL_REALLOCATE_STRING_ROUTINE (
2067 IN SIZE_T NumberOfBytes,
2068 IN PVOID Buffer);
2069
2070 #endif
2071
2072 typedef VOID
2073 (NTAPI *PRTL_FREE_STRING_ROUTINE (
2074 IN PVOID Buffer);
2075
2076 extern const PRTL_ALLOCATE_STRING_ROUTINE RtlAllocateStringRoutine;
2077 extern const PRTL_FREE_STRING_ROUTINE RtlFreeStringRoutine;
2078
2079 #if _WIN32_WINNT >= 0x0600
2080 extern const PRTL_REALLOCATE_STRING_ROUTINE RtlReallocateStringRoutine;
2081 #endif
2082
2083 typedef struct _GENERATE_NAME_CONTEXT {
2084 USHORT Checksum;
2085 BOOLEAN CheckSumInserted;
2086 UCHAR NameLength;
2087 WCHAR NameBuffer[8];
2088 ULONG ExtensionLength;
2089 WCHAR ExtensionBuffer[4];
2090 ULONG LastIndexValue;
2091 } GENERATE_NAME_CONTEXT, *PGENERATE_NAME_CONTEXT;
2092
2093 typedef struct _PREFIX_TABLE_ENTRY {
2094 CSHORT NodeTypeCode;
2095 CSHORT NameLength;
2096 struct _PREFIX_TABLE_ENTRY *NextPrefixTree;
2097 RTL_SPLAY_LINKS Links;
2098 PSTRING Prefix;
2099 } PREFIX_TABLE_ENTRY, *PPREFIX_TABLE_ENTRY;
2100
2101 typedef struct _PREFIX_TABLE {
2102 CSHORT NodeTypeCode;
2103 CSHORT NameLength;
2104 PPREFIX_TABLE_ENTRY NextPrefixTree;
2105 } PREFIX_TABLE, *PPREFIX_TABLE;
2106
2107 typedef struct _UNICODE_PREFIX_TABLE_ENTRY {
2108 CSHORT NodeTypeCode;
2109 CSHORT NameLength;
2110 struct _UNICODE_PREFIX_TABLE_ENTRY *NextPrefixTree;
2111 struct _UNICODE_PREFIX_TABLE_ENTRY *CaseMatch;
2112 RTL_SPLAY_LINKS Links;
2113 PUNICODE_STRING Prefix;
2114 } UNICODE_PREFIX_TABLE_ENTRY, *PUNICODE_PREFIX_TABLE_ENTRY;
2115
2116 typedef struct _UNICODE_PREFIX_TABLE {
2117 CSHORT NodeTypeCode;
2118 CSHORT NameLength;
2119 PUNICODE_PREFIX_TABLE_ENTRY NextPrefixTree;
2120 PUNICODE_PREFIX_TABLE_ENTRY LastNextEntry;
2121 } UNICODE_PREFIX_TABLE, *PUNICODE_PREFIX_TABLE;
2122
2123 #define COMPRESSION_FORMAT_NONE (0x0000)
2124 #define COMPRESSION_FORMAT_DEFAULT (0x0001)
2125 #define COMPRESSION_FORMAT_LZNT1 (0x0002)
2126 #define COMPRESSION_ENGINE_STANDARD (0x0000)
2127 #define COMPRESSION_ENGINE_MAXIMUM (0x0100)
2128 #define COMPRESSION_ENGINE_HIBER (0x0200)
2129
2130 typedef struct _COMPRESSED_DATA_INFO {
2131 USHORT CompressionFormatAndEngine;
2132 UCHAR CompressionUnitShift;
2133 UCHAR ChunkShift;
2134 UCHAR ClusterShift;
2135 UCHAR Reserved;
2136 USHORT NumberOfChunks;
2137 ULONG CompressedChunkSizes[ANYSIZE_ARRAY];
2138 } COMPRESSED_DATA_INFO, *PCOMPRESSED_DATA_INFO;
2139
2140 #define RtlOffsetToPointer(B,O) ((PCHAR)( ((PCHAR)(B)) + ((ULONG_PTR)(O)) ))
2141 #define RtlPointerToOffset(B,P) ((ULONG)( ((PCHAR)(P)) - ((PCHAR)(B)) ))
2142
2143 #define MAX_UNICODE_STACK_BUFFER_LENGTH 256
2144
2145 #define RTL_SYSTEM_VOLUME_INFORMATION_FOLDER L"System Volume Information"
2146
2147 #define DEVICE_TYPE ULONG
2148
2149 #define FILE_DEVICE_BEEP 0x00000001
2150 #define FILE_DEVICE_CD_ROM 0x00000002
2151 #define FILE_DEVICE_CD_ROM_FILE_SYSTEM 0x00000003
2152 #define FILE_DEVICE_CONTROLLER 0x00000004
2153 #define FILE_DEVICE_DATALINK 0x00000005
2154 #define FILE_DEVICE_DFS 0x00000006
2155 #define FILE_DEVICE_DISK 0x00000007
2156 #define FILE_DEVICE_DISK_FILE_SYSTEM 0x00000008
2157 #define FILE_DEVICE_FILE_SYSTEM 0x00000009
2158 #define FILE_DEVICE_INPORT_PORT 0x0000000a
2159 #define FILE_DEVICE_KEYBOARD 0x0000000b
2160 #define FILE_DEVICE_MAILSLOT 0x0000000c
2161 #define FILE_DEVICE_MIDI_IN 0x0000000d
2162 #define FILE_DEVICE_MIDI_OUT 0x0000000e
2163 #define FILE_DEVICE_MOUSE 0x0000000f
2164 #define FILE_DEVICE_MULTI_UNC_PROVIDER 0x00000010
2165 #define FILE_DEVICE_NAMED_PIPE 0x00000011
2166 #define FILE_DEVICE_NETWORK 0x00000012
2167 #define FILE_DEVICE_NETWORK_BROWSER 0x00000013
2168 #define FILE_DEVICE_NETWORK_FILE_SYSTEM 0x00000014
2169 #define FILE_DEVICE_NULL 0x00000015
2170 #define FILE_DEVICE_PARALLEL_PORT 0x00000016
2171 #define FILE_DEVICE_PHYSICAL_NETCARD 0x00000017
2172 #define FILE_DEVICE_PRINTER 0x00000018
2173 #define FILE_DEVICE_SCANNER 0x00000019
2174 #define FILE_DEVICE_SERIAL_MOUSE_PORT 0x0000001a
2175 #define FILE_DEVICE_SERIAL_PORT 0x0000001b
2176 #define FILE_DEVICE_SCREEN 0x0000001c
2177 #define FILE_DEVICE_SOUND 0x0000001d
2178 #define FILE_DEVICE_STREAMS 0x0000001e
2179 #define FILE_DEVICE_TAPE 0x0000001f
2180 #define FILE_DEVICE_TAPE_FILE_SYSTEM 0x00000020
2181 #define FILE_DEVICE_TRANSPORT 0x00000021
2182 #define FILE_DEVICE_UNKNOWN 0x00000022
2183 #define FILE_DEVICE_VIDEO 0x00000023
2184 #define FILE_DEVICE_VIRTUAL_DISK 0x00000024
2185 #define FILE_DEVICE_WAVE_IN 0x00000025
2186 #define FILE_DEVICE_WAVE_OUT 0x00000026
2187 #define FILE_DEVICE_8042_PORT 0x00000027
2188 #define FILE_DEVICE_NETWORK_REDIRECTOR 0x00000028
2189 #define FILE_DEVICE_BATTERY 0x00000029
2190 #define FILE_DEVICE_BUS_EXTENDER 0x0000002a
2191 #define FILE_DEVICE_MODEM 0x0000002b
2192 #define FILE_DEVICE_VDM 0x0000002c
2193 #define FILE_DEVICE_MASS_STORAGE 0x0000002d
2194 #define FILE_DEVICE_SMB 0x0000002e
2195 #define FILE_DEVICE_KS 0x0000002f
2196 #define FILE_DEVICE_CHANGER 0x00000030
2197 #define FILE_DEVICE_SMARTCARD 0x00000031
2198 #define FILE_DEVICE_ACPI 0x00000032
2199 #define FILE_DEVICE_DVD 0x00000033
2200 #define FILE_DEVICE_FULLSCREEN_VIDEO 0x00000034
2201 #define FILE_DEVICE_DFS_FILE_SYSTEM 0x00000035
2202 #define FILE_DEVICE_DFS_VOLUME 0x00000036
2203 #define FILE_DEVICE_SERENUM 0x00000037
2204 #define FILE_DEVICE_TERMSRV 0x00000038
2205 #define FILE_DEVICE_KSEC 0x00000039
2206 #define FILE_DEVICE_FIPS 0x0000003A
2207 #define FILE_DEVICE_INFINIBAND 0x0000003B
2208 #define FILE_DEVICE_VMBUS 0x0000003E
2209 #define FILE_DEVICE_CRYPT_PROVIDER 0x0000003F
2210 #define FILE_DEVICE_WPD 0x00000040
2211 #define FILE_DEVICE_BLUETOOTH 0x00000041
2212 #define FILE_DEVICE_MT_COMPOSITE 0x00000042
2213 #define FILE_DEVICE_MT_TRANSPORT 0x00000043
2214 #define FILE_DEVICE_BIOMETRIC 0x00000044
2215 #define FILE_DEVICE_PMI 0x00000045
2216
2217 #define CTL_CODE( DeviceType, Function, Method, Access ) ( \
2218 ((DeviceType) << 16) | ((Access) << 14) | ((Function) << 2) | (Method) \
2219 )
2220 #define DEVICE_TYPE_FROM_CTL_CODE(ctrlCode) (((ULONG)(ctrlCode & 0xffff0000)) >> 16)
2221 #define METHOD_FROM_CTL_CODE(ctrlCode) ((ULONG)(ctrlCode & 3))
2222
2223 #define METHOD_BUFFERED 0
2224 #define METHOD_IN_DIRECT 1
2225 #define METHOD_OUT_DIRECT 2
2226 #define METHOD_NEITHER 3
2227 #define METHOD_DIRECT_TO_HARDWARE METHOD_IN_DIRECT
2228 #define METHOD_DIRECT_FROM_HARDWARE METHOD_OUT_DIRECT
2229
2230 #define FILE_ANY_ACCESS 0
2231 #define FILE_SPECIAL_ACCESS (FILE_ANY_ACCESS)
2232 #define FILE_READ_ACCESS ( 0x0001 )
2233 #define FILE_WRITE_ACCESS ( 0x0002 )
2234
2235 typedef ULONG LSA_OPERATIONAL_MODE, *PLSA_OPERATIONAL_MODE;
2236
2237 typedef enum _SECURITY_LOGON_TYPE {
2238 UndefinedLogonType = 0,
2239 Interactive = 2,
2240 Network,
2241 Batch,
2242 Service,
2243 Proxy,
2244 Unlock,
2245 NetworkCleartext,
2246 NewCredentials,
2247 #if (_WIN32_WINNT >= 0x0501)
2248 RemoteInteractive,
2249 CachedInteractive,
2250 #endif
2251 #if (_WIN32_WINNT >= 0x0502)
2252 CachedRemoteInteractive,
2253 CachedUnlock
2254 #endif
2255 } SECURITY_LOGON_TYPE, *PSECURITY_LOGON_TYPE;
2256
2257 #ifndef _NTLSA_AUDIT_
2258 #define _NTLSA_AUDIT_
2259
2260 typedef enum _SE_ADT_PARAMETER_TYPE {
2261 SeAdtParmTypeNone = 0,
2262 SeAdtParmTypeString,
2263 SeAdtParmTypeFileSpec,
2264 SeAdtParmTypeUlong,
2265 SeAdtParmTypeSid,
2266 SeAdtParmTypeLogonId,
2267 SeAdtParmTypeNoLogonId,
2268 SeAdtParmTypeAccessMask,
2269 SeAdtParmTypePrivs,
2270 SeAdtParmTypeObjectTypes,
2271 SeAdtParmTypeHexUlong,
2272 SeAdtParmTypePtr,
2273 SeAdtParmTypeTime,
2274 SeAdtParmTypeGuid,
2275 SeAdtParmTypeLuid,
2276 SeAdtParmTypeHexInt64,
2277 SeAdtParmTypeStringList,
2278 SeAdtParmTypeSidList,
2279 SeAdtParmTypeDuration,
2280 SeAdtParmTypeUserAccountControl,
2281 SeAdtParmTypeNoUac,
2282 SeAdtParmTypeMessage,
2283 SeAdtParmTypeDateTime,
2284 SeAdtParmTypeSockAddr,
2285 SeAdtParmTypeSD,
2286 SeAdtParmTypeLogonHours,
2287 SeAdtParmTypeLogonIdNoSid,
2288 SeAdtParmTypeUlongNoConv,
2289 SeAdtParmTypeSockAddrNoPort,
2290 SeAdtParmTypeAccessReason
2291 } SE_ADT_PARAMETER_TYPE, *PSE_ADT_PARAMETER_TYPE;
2292
2293 #ifndef GUID_DEFINED
2294 #include <guiddef.h>
2295 #endif
2296
2297 typedef struct _SE_ADT_OBJECT_TYPE {
2298 GUID ObjectType;
2299 USHORT Flags;
2300 #define SE_ADT_OBJECT_ONLY 0x1
2301 USHORT Level;
2302 ACCESS_MASK AccessMask;
2303 } SE_ADT_OBJECT_TYPE, *PSE_ADT_OBJECT_TYPE;
2304
2305 typedef struct _SE_ADT_PARAMETER_ARRAY_ENTRY {
2306 SE_ADT_PARAMETER_TYPE Type;
2307 ULONG Length;
2308 ULONG_PTR Data[2];
2309 PVOID Address;
2310 } SE_ADT_PARAMETER_ARRAY_ENTRY, *PSE_ADT_PARAMETER_ARRAY_ENTRY;
2311
2312 typedef struct _SE_ADT_ACCESS_REASON {
2313 ACCESS_MASK AccessMask;
2314 ULONG AccessReasons[32];
2315 ULONG ObjectTypeIndex;
2316 ULONG AccessGranted;
2317 PSECURITY_DESCRIPTOR SecurityDescriptor;
2318 } SE_ADT_ACCESS_REASON, *PSE_ADT_ACCESS_REASON;
2319
2320 #define SE_MAX_AUDIT_PARAMETERS 32
2321 #define SE_MAX_GENERIC_AUDIT_PARAMETERS 28
2322
2323 typedef struct _SE_ADT_PARAMETER_ARRAY {
2324 ULONG CategoryId;
2325 ULONG AuditId;
2326 ULONG ParameterCount;
2327 ULONG Length;
2328 USHORT FlatSubCategoryId;
2329 USHORT Type;
2330 ULONG Flags;
2331 SE_ADT_PARAMETER_ARRAY_ENTRY Parameters[ SE_MAX_AUDIT_PARAMETERS ];
2332 } SE_ADT_PARAMETER_ARRAY, *PSE_ADT_PARAMETER_ARRAY;
2333
2334 #define SE_ADT_PARAMETERS_SELF_RELATIVE 0x00000001
2335 #define SE_ADT_PARAMETERS_SEND_TO_LSA 0x00000002
2336 #define SE_ADT_PARAMETER_EXTENSIBLE_AUDIT 0x00000004
2337 #define SE_ADT_PARAMETER_GENERIC_AUDIT 0x00000008
2338 #define SE_ADT_PARAMETER_WRITE_SYNCHRONOUS 0x00000010
2339
2340 #define LSAP_SE_ADT_PARAMETER_ARRAY_TRUE_SIZE(AuditParameters) \
2341 ( sizeof(SE_ADT_PARAMETER_ARRAY) - \
2342 sizeof(SE_ADT_PARAMETER_ARRAY_ENTRY) * \
2343 (SE_MAX_AUDIT_PARAMETERS - AuditParameters->ParameterCount) )
2344
2345 #endif /* _NTLSA_AUDIT_ */
2346
2347 #pragma pack(push,4)
2348
2349 #ifndef VER_PRODUCTBUILD
2350 #define VER_PRODUCTBUILD 10000
2351 #endif
2352
2353 #define EX_PUSH_LOCK ULONG_PTR
2354 #define PEX_PUSH_LOCK PULONG_PTR
2355
2356 #include "csq.h"
2357
2358 #ifdef _NTOSKRNL_
2359 extern PUCHAR FsRtlLegalAnsiCharacterArray;
2360 #else
2361 extern DECLSPEC_IMPORT PUCHAR FsRtlLegalAnsiCharacterArray;
2362 #endif
2363 extern PACL SePublicDefaultDacl;
2364 extern PACL SeSystemDefaultDacl;
2365
2366 extern KSPIN_LOCK IoStatisticsLock;
2367 extern ULONG IoReadOperationCount;
2368 extern ULONG IoWriteOperationCount;
2369 extern ULONG IoOtherOperationCount;
2370 extern LARGE_INTEGER IoReadTransferCount;
2371 extern LARGE_INTEGER IoWriteTransferCount;
2372 extern LARGE_INTEGER IoOtherTransferCount;
2373
2374 #define ANSI_DOS_STAR ('<')
2375 #define ANSI_DOS_QM ('>')
2376 #define ANSI_DOS_DOT ('"')
2377
2378 #define DOS_STAR (L'<')
2379 #define DOS_QM (L'>')
2380 #define DOS_DOT (L'"')
2381
2382 #define FILE_ACTION_ADDED 0x00000001
2383 #define FILE_ACTION_REMOVED 0x00000002
2384 #define FILE_ACTION_MODIFIED 0x00000003
2385 #define FILE_ACTION_RENAMED_OLD_NAME 0x00000004
2386 #define FILE_ACTION_RENAMED_NEW_NAME 0x00000005
2387 #define FILE_ACTION_ADDED_STREAM 0x00000006
2388 #define FILE_ACTION_REMOVED_STREAM 0x00000007
2389 #define FILE_ACTION_MODIFIED_STREAM 0x00000008
2390 #define FILE_ACTION_REMOVED_BY_DELETE 0x00000009
2391 #define FILE_ACTION_ID_NOT_TUNNELLED 0x0000000A
2392 #define FILE_ACTION_TUNNELLED_ID_COLLISION 0x0000000B
2393 /* end winnt.h */
2394
2395 #define FILE_EA_TYPE_BINARY 0xfffe
2396 #define FILE_EA_TYPE_ASCII 0xfffd
2397 #define FILE_EA_TYPE_BITMAP 0xfffb
2398 #define FILE_EA_TYPE_METAFILE 0xfffa
2399 #define FILE_EA_TYPE_ICON 0xfff9
2400 #define FILE_EA_TYPE_EA 0xffee
2401 #define FILE_EA_TYPE_MVMT 0xffdf
2402 #define FILE_EA_TYPE_MVST 0xffde
2403 #define FILE_EA_TYPE_ASN1 0xffdd
2404 #define FILE_EA_TYPE_FAMILY_IDS 0xff01
2405
2406 #define FILE_NEED_EA 0x00000080
2407
2408 /* also in winnt.h */
2409 #define FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001
2410 #define FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002
2411 #define FILE_NOTIFY_CHANGE_NAME 0x00000003
2412 #define FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004
2413 #define FILE_NOTIFY_CHANGE_SIZE 0x00000008
2414 #define FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010
2415 #define FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020
2416 #define FILE_NOTIFY_CHANGE_CREATION 0x00000040
2417 #define FILE_NOTIFY_CHANGE_EA 0x00000080
2418 #define FILE_NOTIFY_CHANGE_SECURITY 0x00000100
2419 #define FILE_NOTIFY_CHANGE_STREAM_NAME 0x00000200
2420 #define FILE_NOTIFY_CHANGE_STREAM_SIZE 0x00000400
2421 #define FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800
2422 #define FILE_NOTIFY_VALID_MASK 0x00000fff
2423 /* end winnt.h */
2424
2425 #define FILE_OPLOCK_BROKEN_TO_LEVEL_2 0x00000007
2426 #define FILE_OPLOCK_BROKEN_TO_NONE 0x00000008
2427
2428 #define FILE_OPBATCH_BREAK_UNDERWAY 0x00000009
2429
2430 #define FILE_CASE_SENSITIVE_SEARCH 0x00000001
2431 #define FILE_CASE_PRESERVED_NAMES 0x00000002
2432 #define FILE_UNICODE_ON_DISK 0x00000004
2433 #define FILE_PERSISTENT_ACLS 0x00000008
2434 #define FILE_FILE_COMPRESSION 0x00000010
2435 #define FILE_VOLUME_QUOTAS 0x00000020
2436 #define FILE_SUPPORTS_SPARSE_FILES 0x00000040
2437 #define FILE_SUPPORTS_REPARSE_POINTS 0x00000080
2438 #define FILE_SUPPORTS_REMOTE_STORAGE 0x00000100
2439 #define FS_LFN_APIS 0x00004000
2440 #define FILE_VOLUME_IS_COMPRESSED 0x00008000
2441 #define FILE_SUPPORTS_OBJECT_IDS 0x00010000
2442 #define FILE_SUPPORTS_ENCRYPTION 0x00020000
2443 #define FILE_NAMED_STREAMS 0x00040000
2444 #define FILE_READ_ONLY_VOLUME 0x00080000
2445 #define FILE_SEQUENTIAL_WRITE_ONCE 0x00100000
2446 #define FILE_SUPPORTS_TRANSACTIONS 0x00200000
2447
2448 #define FILE_PIPE_BYTE_STREAM_TYPE 0x00000000
2449 #define FILE_PIPE_MESSAGE_TYPE 0x00000001
2450
2451 #define FILE_PIPE_BYTE_STREAM_MODE 0x00000000
2452 #define FILE_PIPE_MESSAGE_MODE 0x00000001
2453
2454 #define FILE_PIPE_QUEUE_OPERATION 0x00000000
2455 #define FILE_PIPE_COMPLETE_OPERATION 0x00000001
2456
2457 #define FILE_PIPE_INBOUND 0x00000000
2458 #define FILE_PIPE_OUTBOUND 0x00000001
2459 #define FILE_PIPE_FULL_DUPLEX 0x00000002
2460
2461 #define FILE_PIPE_DISCONNECTED_STATE 0x00000001
2462 #define FILE_PIPE_LISTENING_STATE 0x00000002
2463 #define FILE_PIPE_CONNECTED_STATE 0x00000003
2464 #define FILE_PIPE_CLOSING_STATE 0x00000004
2465
2466 #define FILE_PIPE_CLIENT_END 0x00000000
2467 #define FILE_PIPE_SERVER_END 0x00000001
2468
2469 #define FILE_PIPE_READ_DATA 0x00000000
2470 #define FILE_PIPE_WRITE_SPACE 0x00000001
2471
2472 #define FILE_STORAGE_TYPE_SPECIFIED 0x00000041 /* FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE */
2473 #define FILE_STORAGE_TYPE_DEFAULT (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT)
2474 #define FILE_STORAGE_TYPE_DIRECTORY (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT)
2475 #define FILE_STORAGE_TYPE_FILE (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT)
2476 #define FILE_STORAGE_TYPE_DOCFILE (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT)
2477 #define FILE_STORAGE_TYPE_JUNCTION_POINT (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT)
2478 #define FILE_STORAGE_TYPE_CATALOG (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT)
2479 #define FILE_STORAGE_TYPE_STRUCTURED_STORAGE (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT)
2480 #define FILE_STORAGE_TYPE_EMBEDDING (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT)
2481 #define FILE_STORAGE_TYPE_STREAM (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT)
2482 #define FILE_MINIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_DEFAULT
2483 #define FILE_MAXIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_STREAM
2484 #define FILE_STORAGE_TYPE_MASK 0x000f0000
2485 #define FILE_STORAGE_TYPE_SHIFT 16
2486
2487 #define FILE_VC_QUOTA_NONE 0x00000000
2488 #define FILE_VC_QUOTA_TRACK 0x00000001
2489 #define FILE_VC_QUOTA_ENFORCE 0x00000002
2490 #define FILE_VC_QUOTA_MASK 0x00000003
2491
2492 #define FILE_VC_QUOTAS_LOG_VIOLATIONS 0x00000004
2493 #define FILE_VC_CONTENT_INDEX_DISABLED 0x00000008
2494
2495 #define FILE_VC_LOG_QUOTA_THRESHOLD 0x00000010
2496 #define FILE_VC_LOG_QUOTA_LIMIT 0x00000020
2497 #define FILE_VC_LOG_VOLUME_THRESHOLD 0x00000040
2498 #define FILE_VC_LOG_VOLUME_LIMIT 0x00000080
2499
2500 #define FILE_VC_QUOTAS_INCOMPLETE 0x00000100
2501 #define FILE_VC_QUOTAS_REBUILDING 0x00000200
2502
2503 #define FILE_VC_VALID_MASK 0x000003ff
2504
2505 #define FSRTL_FLAG_FILE_MODIFIED (0x01)
2506 #define FSRTL_FLAG_FILE_LENGTH_CHANGED (0x02)
2507 #define FSRTL_FLAG_LIMIT_MODIFIED_PAGES (0x04)
2508 #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_EX (0x08)
2509 #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_SH (0x10)
2510 #define FSRTL_FLAG_USER_MAPPED_FILE (0x20)
2511 #define FSRTL_FLAG_ADVANCED_HEADER (0x40)
2512 #define FSRTL_FLAG_EOF_ADVANCE_ACTIVE (0x80)
2513
2514 #define FSRTL_FLAG2_DO_MODIFIED_WRITE (0x01)
2515 #define FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS (0x02)
2516 #define FSRTL_FLAG2_PURGE_WHEN_MAPPED (0x04)
2517 #define FSRTL_FLAG2_IS_PAGING_FILE (0x08)
2518
2519 #define FSRTL_FSP_TOP_LEVEL_IRP (0x01)
2520 #define FSRTL_CACHE_TOP_LEVEL_IRP (0x02)
2521 #define FSRTL_MOD_WRITE_TOP_LEVEL_IRP (0x03)
2522 #define FSRTL_FAST_IO_TOP_LEVEL_IRP (0x04)
2523 #define FSRTL_MAX_TOP_LEVEL_IRP_FLAG (0x04)
2524
2525 #define FSRTL_VOLUME_DISMOUNT 1
2526 #define FSRTL_VOLUME_DISMOUNT_FAILED 2
2527 #define FSRTL_VOLUME_LOCK 3
2528 #define FSRTL_VOLUME_LOCK_FAILED 4
2529 #define FSRTL_VOLUME_UNLOCK 5
2530 #define FSRTL_VOLUME_MOUNT 6
2531
2532 #define FSRTL_WILD_CHARACTER 0x08
2533
2534 #define FSRTL_FAT_LEGAL 0x01
2535 #define FSRTL_HPFS_LEGAL 0x02
2536 #define FSRTL_NTFS_LEGAL 0x04
2537 #define FSRTL_WILD_CHARACTER 0x08
2538 #define FSRTL_OLE_LEGAL 0x10
2539 #define FSRTL_NTFS_STREAM_LEGAL 0x14
2540
2541 #ifdef _X86_
2542 #define HARDWARE_PTE HARDWARE_PTE_X86
2543 #define PHARDWARE_PTE PHARDWARE_PTE_X86
2544 #endif
2545
2546 #define IO_CHECK_CREATE_PARAMETERS 0x0200
2547 #define IO_ATTACH_DEVICE 0x0400
2548
2549 #define IO_ATTACH_DEVICE_API 0x80000000
2550
2551 #define IO_FILE_OBJECT_NON_PAGED_POOL_CHARGE 64
2552 #define IO_FILE_OBJECT_PAGED_POOL_CHARGE 1024
2553
2554 #define IO_TYPE_APC 18
2555 #define IO_TYPE_DPC 19
2556 #define IO_TYPE_DEVICE_QUEUE 20
2557 #define IO_TYPE_EVENT_PAIR 21
2558 #define IO_TYPE_INTERRUPT 22
2559 #define IO_TYPE_PROFILE 23
2560
2561 #define IRP_BEING_VERIFIED 0x10
2562
2563 #define MAILSLOT_CLASS_FIRSTCLASS 1
2564 #define MAILSLOT_CLASS_SECONDCLASS 2
2565
2566 #define MAILSLOT_SIZE_AUTO 0
2567
2568 #define MEM_DOS_LIM 0x40000000
2569
2570 #define MCB_FLAG_RAISE_ON_ALLOCATION_FAILURE 1
2571
2572 #define OB_TYPE_TYPE 1
2573 #define OB_TYPE_DIRECTORY 2
2574 #define OB_TYPE_SYMBOLIC_LINK 3
2575 #define OB_TYPE_TOKEN 4
2576 #define OB_TYPE_PROCESS 5
2577 #define OB_TYPE_THREAD 6
2578 #define OB_TYPE_EVENT 7
2579 #define OB_TYPE_EVENT_PAIR 8
2580 #define OB_TYPE_MUTANT 9
2581 #define OB_TYPE_SEMAPHORE 10
2582 #define OB_TYPE_TIMER 11
2583 #define OB_TYPE_PROFILE 12
2584 #define OB_TYPE_WINDOW_STATION 13
2585 #define OB_TYPE_DESKTOP 14
2586 #define OB_TYPE_SECTION 15
2587 #define OB_TYPE_KEY 16
2588 #define OB_TYPE_PORT 17
2589 #define OB_TYPE_ADAPTER 18
2590 #define OB_TYPE_CONTROLLER 19
2591 #define OB_TYPE_DEVICE 20
2592 #define OB_TYPE_DRIVER 21
2593 #define OB_TYPE_IO_COMPLETION 22
2594 #define OB_TYPE_FILE 23
2595
2596 #define PIN_WAIT (1)
2597 #define PIN_EXCLUSIVE (2)
2598 #define PIN_NO_READ (4)
2599 #define PIN_IF_BCB (8)
2600
2601 #define SEC_BASED 0x00200000
2602
2603 #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
2604 #define SECURITY_WORLD_RID (0x00000000L)
2605
2606 /* end winnt.h */
2607
2608 #define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x01
2609 #define TOKEN_HAS_BACKUP_PRIVILEGE 0x02
2610 #define TOKEN_HAS_RESTORE_PRIVILEGE 0x04
2611 #define TOKEN_HAS_ADMIN_GROUP 0x08
2612 #define TOKEN_WRITE_RESTRICTED 0x08
2613 #define TOKEN_IS_RESTRICTED 0x10
2614 #define SE_BACKUP_PRIVILEGES_CHECKED 0x0100
2615
2616 #define VACB_MAPPING_GRANULARITY (0x40000)
2617 #define VACB_OFFSET_SHIFT (18)
2618
2619 #define FSCTL_REQUEST_OPLOCK_LEVEL_1 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
2620 #define FSCTL_REQUEST_OPLOCK_LEVEL_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
2621 #define FSCTL_REQUEST_BATCH_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
2622 #define FSCTL_OPLOCK_BREAK_ACKNOWLEDGE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 3, METHOD_BUFFERED, FILE_ANY_ACCESS)
2623 #define FSCTL_OPBATCH_ACK_CLOSE_PENDING CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
2624 #define FSCTL_OPLOCK_BREAK_NOTIFY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 5, METHOD_BUFFERED, FILE_ANY_ACCESS)
2625 #define FSCTL_LOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
2626 #define FSCTL_UNLOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
2627 #define FSCTL_DISMOUNT_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
2628
2629 #define FSCTL_IS_VOLUME_MOUNTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 10, METHOD_BUFFERED, FILE_ANY_ACCESS)
2630 #define FSCTL_IS_PATHNAME_VALID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 11, METHOD_BUFFERED, FILE_ANY_ACCESS)
2631 #define FSCTL_MARK_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 12, METHOD_BUFFERED, FILE_ANY_ACCESS)
2632
2633 #define FSCTL_QUERY_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 14, METHOD_NEITHER, FILE_ANY_ACCESS)
2634 #define FSCTL_GET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 15, METHOD_BUFFERED, FILE_ANY_ACCESS)
2635 #define FSCTL_SET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 16, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
2636
2637
2638 #define FSCTL_MARK_AS_SYSTEM_HIVE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 19, METHOD_NEITHER, FILE_ANY_ACCESS)
2639 #define FSCTL_OPLOCK_BREAK_ACK_NO_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 20, METHOD_BUFFERED, FILE_ANY_ACCESS)
2640 #define FSCTL_INVALIDATE_VOLUMES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 21, METHOD_BUFFERED, FILE_ANY_ACCESS)
2641 #define FSCTL_QUERY_FAT_BPB CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 22, METHOD_BUFFERED, FILE_ANY_ACCESS)
2642 #define FSCTL_REQUEST_FILTER_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 23, METHOD_BUFFERED, FILE_ANY_ACCESS)
2643 #define FSCTL_FILESYSTEM_GET_STATISTICS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 24, METHOD_BUFFERED, FILE_ANY_ACCESS)
2644
2645 #if (VER_PRODUCTBUILD >= 1381)
2646
2647 #define FSCTL_GET_NTFS_VOLUME_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 25, METHOD_BUFFERED, FILE_ANY_ACCESS)
2648 #define FSCTL_GET_NTFS_FILE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 26, METHOD_BUFFERED, FILE_ANY_ACCESS)
2649 #define FSCTL_GET_VOLUME_BITMAP CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 27, METHOD_NEITHER, FILE_ANY_ACCESS)
2650 #define FSCTL_GET_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 28, METHOD_NEITHER, FILE_ANY_ACCESS)
2651 #define FSCTL_MOVE_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 29, METHOD_BUFFERED, FILE_ANY_ACCESS)
2652 #define FSCTL_IS_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 30, METHOD_BUFFERED, FILE_ANY_ACCESS)
2653 #define FSCTL_GET_HFS_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS)
2654 #define FSCTL_ALLOW_EXTENDED_DASD_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 32, METHOD_NEITHER, FILE_ANY_ACCESS)
2655
2656 #endif /* (VER_PRODUCTBUILD >= 1381) */
2657
2658 #if (VER_PRODUCTBUILD >= 2195)
2659
2660 #define FSCTL_READ_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS)
2661 #define FSCTL_WRITE_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS)
2662 #define FSCTL_FIND_FILES_BY_SID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 35, METHOD_NEITHER, FILE_ANY_ACCESS)
2663
2664 #define FSCTL_DUMP_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS)
2665 #define FSCTL_SET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 38, METHOD_BUFFERED, FILE_WRITE_DATA)
2666 #define FSCTL_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 39, METHOD_BUFFERED, FILE_ANY_ACCESS)
2667 #define FSCTL_DELETE_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 40, METHOD_BUFFERED, FILE_WRITE_DATA)
2668 #define FSCTL_SET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 41, METHOD_BUFFERED, FILE_WRITE_DATA)
2669 #define FSCTL_GET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 42, METHOD_BUFFERED, FILE_ANY_ACCESS)
2670 #define FSCTL_DELETE_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 43, METHOD_BUFFERED, FILE_WRITE_DATA)
2671 #define FSCTL_ENUM_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 44, METHOD_NEITHER, FILE_READ_DATA)
2672 #define FSCTL_SECURITY_ID_CHECK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 45, METHOD_NEITHER, FILE_READ_DATA)
2673 #define FSCTL_READ_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 46, METHOD_NEITHER, FILE_READ_DATA)
2674 #define FSCTL_SET_OBJECT_ID_EXTENDED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 47, METHOD_BUFFERED, FILE_WRITE_DATA)
2675 #define FSCTL_CREATE_OR_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 48, METHOD_BUFFERED, FILE_ANY_ACCESS)
2676 #define FSCTL_SET_SPARSE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 49, METHOD_BUFFERED, FILE_WRITE_DATA)
2677 #define FSCTL_SET_ZERO_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 50, METHOD_BUFFERED, FILE_WRITE_DATA)
2678 #define FSCTL_QUERY_ALLOCATED_RANGES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 51, METHOD_NEITHER, FILE_READ_DATA)
2679 #define FSCTL_ENABLE_UPGRADE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 52, METHOD_BUFFERED, FILE_WRITE_DATA)
2680 #define FSCTL_SET_ENCRYPTION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 53, METHOD_BUFFERED, FILE_ANY_ACCESS)
2681 #define FSCTL_ENCRYPTION_FSCTL_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 54, METHOD_NEITHER, FILE_ANY_ACCESS)
2682 #define FSCTL_WRITE_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 55, METHOD_NEITHER, FILE_ANY_ACCESS)
2683 #define FSCTL_READ_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 56, METHOD_NEITHER, FILE_ANY_ACCESS)
2684 #define FSCTL_CREATE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 57, METHOD_NEITHER, FILE_READ_DATA)
2685 #define FSCTL_READ_FILE_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 58, METHOD_NEITHER, FILE_READ_DATA)
2686 #define FSCTL_WRITE_USN_CLOSE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 59, METHOD_NEITHER, FILE_READ_DATA)
2687 #define FSCTL_EXTEND_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 60, METHOD_BUFFERED, FILE_ANY_ACCESS)
2688 #define FSCTL_QUERY_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 61, METHOD_BUFFERED, FILE_ANY_ACCESS)
2689 #define FSCTL_DELETE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 62, METHOD_BUFFERED, FILE_ANY_ACCESS)
2690 #define FSCTL_MARK_HANDLE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 63, METHOD_BUFFERED, FILE_ANY_ACCESS)
2691 #define FSCTL_SIS_COPYFILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 64, METHOD_BUFFERED, FILE_ANY_ACCESS)
2692 #define FSCTL_SIS_LINK_FILES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 65, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
2693 #define FSCTL_HSM_MSG CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
2694 #define FSCTL_NSS_CONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 67, METHOD_BUFFERED, FILE_WRITE_DATA)
2695 #define FSCTL_HSM_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
2696 #define FSCTL_RECALL_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 69, METHOD_NEITHER, FILE_ANY_ACCESS)
2697 #define FSCTL_NSS_RCONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 70, METHOD_BUFFERED, FILE_READ_DATA)
2698 #define FSCTL_READ_FROM_PLEX CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 71, METHOD_OUT_DIRECT, FILE_READ_DATA)
2699 #define FSCTL_FILE_PREFETCH CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 72, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
2700
2701 #endif /* (VER_PRODUCTBUILD >= 2195) */
2702
2703 #define FSCTL_MAILSLOT_PEEK CTL_CODE(FILE_DEVICE_MAILSLOT, 0, METHOD_NEITHER, FILE_READ_DATA)
2704
2705 #define FSCTL_NETWORK_SET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
2706 #define FSCTL_NETWORK_GET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
2707 #define FSCTL_NETWORK_GET_CONNECTION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS)
2708 #define FSCTL_NETWORK_ENUMERATE_CONNECTIONS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS)
2709 #define FSCTL_NETWORK_DELETE_CONNECTION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS)
2710 #define FSCTL_NETWORK_GET_STATISTICS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 116, METHOD_BUFFERED, FILE_ANY_ACCESS)
2711 #define FSCTL_NETWORK_SET_DOMAIN_NAME CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS)
2712 #define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS)
2713
2714 #define FSCTL_PIPE_ASSIGN_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
2715 #define FSCTL_PIPE_DISCONNECT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
2716 #define FSCTL_PIPE_LISTEN CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
2717 #define FSCTL_PIPE_PEEK CTL_CODE(FILE_DEVICE_NAMED_PIPE, 3, METHOD_BUFFERED, FILE_READ_DATA)
2718 #define FSCTL_PIPE_QUERY_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
2719 #define FSCTL_PIPE_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 5, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
2720 #define FSCTL_PIPE_WAIT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
2721 #define FSCTL_PIPE_IMPERSONATE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
2722 #define FSCTL_PIPE_SET_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
2723 #define FSCTL_PIPE_QUERY_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 9, METHOD_BUFFERED, FILE_ANY_ACCESS)
2724 #define FSCTL_PIPE_INTERNAL_READ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2045, METHOD_BUFFERED, FILE_READ_DATA)
2725 #define FSCTL_PIPE_INTERNAL_WRITE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2046, METHOD_BUFFERED, FILE_WRITE_DATA)
2726 #define FSCTL_PIPE_INTERNAL_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2047, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
2727 #define FSCTL_PIPE_INTERNAL_READ_OVFLOW CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2048, METHOD_BUFFERED, FILE_READ_DATA)
2728
2729 #define IOCTL_REDIR_QUERY_PATH CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS)
2730
2731 typedef PVOID OPLOCK, *POPLOCK;
2732
2733 //
2734 // Forwarders
2735 //
2736 struct _RTL_AVL_TABLE;
2737 struct _RTL_GENERIC_TABLE;
2738
2739 typedef ULONG LBN;
2740 typedef LBN *PLBN;
2741
2742 typedef ULONG VBN;
2743 typedef VBN *PVBN;
2744
2745 typedef PVOID PNOTIFY_SYNC;
2746
2747 typedef enum _FAST_IO_POSSIBLE {
2748 FastIoIsNotPossible,
2749 FastIoIsPossible,
2750 FastIoIsQuestionable
2751 } FAST_IO_POSSIBLE;
2752
2753 typedef enum _FILE_STORAGE_TYPE {
2754 StorageTypeDefault = 1,
2755 StorageTypeDirectory,
2756 StorageTypeFile,
2757 StorageTypeJunctionPoint,
2758 StorageTypeCatalog,
2759 StorageTypeStructuredStorage,
2760 StorageTypeEmbedding,
2761 StorageTypeStream
2762 } FILE_STORAGE_TYPE;
2763
2764 typedef enum _OBJECT_INFORMATION_CLASS
2765 {
2766 ObjectBasicInformation,
2767 ObjectNameInformation,
2768 ObjectTypeInformation,
2769 ObjectTypesInformation,
2770 ObjectHandleFlagInformation,
2771 ObjectSessionInformation,
2772 MaxObjectInfoClass
2773 } OBJECT_INFORMATION_CLASS;
2774
2775 typedef struct _OBJECT_BASIC_INFORMATION
2776 {
2777 ULONG Attributes;
2778 ACCESS_MASK GrantedAccess;
2779 ULONG HandleCount;
2780 ULONG PointerCount;
2781 ULONG PagedPoolCharge;
2782 ULONG NonPagedPoolCharge;
2783 ULONG Reserved[ 3 ];
2784 ULONG NameInfoSize;
2785 ULONG TypeInfoSize;
2786 ULONG SecurityDescriptorSize;
2787 LARGE_INTEGER CreationTime;
2788 } OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION;
2789
2790 typedef struct _KAPC_STATE {
2791 LIST_ENTRY ApcListHead[2];
2792 PKPROCESS Process;
2793 BOOLEAN KernelApcInProgress;
2794 BOOLEAN KernelApcPending;
2795 BOOLEAN UserApcPending;
2796 } KAPC_STATE, *PKAPC_STATE, *RESTRICTED_POINTER PRKAPC_STATE;
2797 #define KAPC_STATE_ACTUAL_LENGTH (FIELD_OFFSET(KAPC_STATE, UserApcPending) + sizeof(BOOLEAN))
2798
2799 typedef struct _BITMAP_RANGE {
2800 LIST_ENTRY Links;
2801 LONGLONG BasePage;
2802 ULONG FirstDirtyPage;
2803 ULONG LastDirtyPage;
2804 ULONG DirtyPages;
2805 PULONG Bitmap;
2806 } BITMAP_RANGE, *PBITMAP_RANGE;
2807
2808 typedef struct _CACHE_UNINITIALIZE_EVENT {
2809 struct _CACHE_UNINITIALIZE_EVENT *Next;
2810 KEVENT Event;
2811 } CACHE_UNINITIALIZE_EVENT, *PCACHE_UNINITIALIZE_EVENT;
2812
2813 typedef struct _CC_FILE_SIZES {
2814 LARGE_INTEGER AllocationSize;
2815 LARGE_INTEGER FileSize;
2816 LARGE_INTEGER ValidDataLength;
2817 } CC_FILE_SIZES, *PCC_FILE_SIZES;
2818
2819 #define SYMLINK_FLAG_RELATIVE 1
2820
2821 typedef struct _REPARSE_DATA_BUFFER {
2822 ULONG ReparseTag;
2823 USHORT ReparseDataLength;
2824 USHORT Reserved;
2825 __GNU_EXTENSION union {
2826 struct {
2827 USHORT SubstituteNameOffset;
2828 USHORT SubstituteNameLength;
2829 USHORT PrintNameOffset;
2830 USHORT PrintNameLength;
2831 ULONG Flags;
2832 WCHAR PathBuffer[1];
2833 } SymbolicLinkReparseBuffer;
2834 struct {
2835 USHORT SubstituteNameOffset;
2836 USHORT SubstituteNameLength;
2837 USHORT PrintNameOffset;
2838 USHORT PrintNameLength;
2839 WCHAR PathBuffer[1];
2840 } MountPointReparseBuffer;
2841 struct {
2842 UCHAR DataBuffer[1];
2843 } GenericReparseBuffer;
2844 };
2845 } REPARSE_DATA_BUFFER, *PREPARSE_DATA_BUFFER;
2846
2847
2848
2849 //
2850 // MicroSoft reparse point tags
2851 //
2852 #define IO_REPARSE_TAG_MOUNT_POINT (0xA0000003L)
2853 #define IO_REPARSE_TAG_HSM (0xC0000004L)
2854 #define IO_REPARSE_TAG_DRIVE_EXTENDER (0x80000005L)
2855 #define IO_REPARSE_TAG_HSM2 (0x80000006L)
2856 #define IO_REPARSE_TAG_SIS (0x80000007L)
2857 #define IO_REPARSE_TAG_DFS (0x8000000AL)
2858 #define IO_REPARSE_TAG_FILTER_MANAGER (0x8000000BL)
2859 #define IO_REPARSE_TAG_SYMLINK (0xA000000CL)
2860 #define IO_REPARSE_TAG_IIS_CACHE (0xA0000010L)
2861 #define IO_REPARSE_TAG_DFSR (0x80000012L)
2862
2863 //
2864 // Reserved reparse tags
2865 //
2866 #define IO_REPARSE_TAG_RESERVED_ZERO (0)
2867 #define IO_REPARSE_TAG_RESERVED_ONE (1)
2868 #define IO_REPARSE_TAG_RESERVED_RANGE IO_REPARSE_TAG_RESERVED_ONE
2869
2870
2871 #define REPARSE_DATA_BUFFER_HEADER_SIZE FIELD_OFFSET(REPARSE_DATA_BUFFER, GenericReparseBuffer)
2872
2873 typedef struct _FILE_ACCESS_INFORMATION {
2874 ACCESS_MASK AccessFlags;
2875 } FILE_ACCESS_INFORMATION, *PFILE_ACCESS_INFORMATION;
2876
2877 typedef struct _FILE_ALLOCATION_INFORMATION {
2878 LARGE_INTEGER AllocationSize;
2879 } FILE_ALLOCATION_INFORMATION, *PFILE_ALLOCATION_INFORMATION;
2880
2881 typedef struct _FILE_BOTH_DIR_INFORMATION {
2882 ULONG NextEntryOffset;
2883 ULONG FileIndex;
2884 LARGE_INTEGER CreationTime;
2885 LARGE_INTEGER LastAccessTime;
2886 LARGE_INTEGER LastWriteTime;
2887 LARGE_INTEGER ChangeTime;
2888 LARGE_INTEGER EndOfFile;
2889 LARGE_INTEGER AllocationSize;
2890 ULONG FileAttributes;
2891 ULONG FileNameLength;
2892 ULONG EaSize;
2893 CCHAR ShortNameLength;
2894 WCHAR ShortName[12];
2895 WCHAR FileName[1];
2896 } FILE_BOTH_DIR_INFORMATION, *PFILE_BOTH_DIR_INFORMATION;
2897
2898 typedef struct _FILE_COMPLETION_INFORMATION {
2899 HANDLE Port;
2900 PVOID Key;
2901 } FILE_COMPLETION_INFORMATION, *PFILE_COMPLETION_INFORMATION;
2902
2903 typedef struct _FILE_COMPRESSION_INFORMATION {
2904 LARGE_INTEGER CompressedFileSize;
2905 USHORT CompressionFormat;
2906 UCHAR CompressionUnitShift;
2907 UCHAR ChunkShift;
2908 UCHAR ClusterShift;
2909 UCHAR Reserved[3];
2910 } FILE_COMPRESSION_INFORMATION, *PFILE_COMPRESSION_INFORMATION;
2911
2912 typedef struct _FILE_COPY_ON_WRITE_INFORMATION {
2913 BOOLEAN ReplaceIfExists;
2914 HANDLE RootDirectory;
2915 ULONG FileNameLength;
2916 WCHAR FileName[1];
2917 } FILE_COPY_ON_WRITE_INFORMATION, *PFILE_COPY_ON_WRITE_INFORMATION;
2918
2919 typedef struct _FILE_DIRECTORY_INFORMATION {
2920 ULONG NextEntryOffset;
2921 ULONG FileIndex;
2922 LARGE_INTEGER CreationTime;
2923 LARGE_INTEGER LastAccessTime;
2924 LARGE_INTEGER LastWriteTime;
2925 LARGE_INTEGER ChangeTime;
2926 LARGE_INTEGER EndOfFile;
2927 LARGE_INTEGER AllocationSize;
2928 ULONG FileAttributes;
2929 ULONG FileNameLength;
2930 WCHAR FileName[1];
2931 } FILE_DIRECTORY_INFORMATION, *PFILE_DIRECTORY_INFORMATION;
2932
2933 typedef struct _FILE_FULL_DIRECTORY_INFORMATION {
2934 ULONG NextEntryOffset;
2935 ULONG FileIndex;
2936 LARGE_INTEGER CreationTime;
2937 LARGE_INTEGER LastAccessTime;
2938 LARGE_INTEGER LastWriteTime;
2939 LARGE_INTEGER ChangeTime;
2940 LARGE_INTEGER EndOfFile;
2941 LARGE_INTEGER AllocationSize;
2942 ULONG FileAttributes;
2943 ULONG FileNameLength;
2944 ULONG EaSize;
2945 WCHAR FileName[ANYSIZE_ARRAY];
2946 } FILE_FULL_DIRECTORY_INFORMATION, *PFILE_FULL_DIRECTORY_INFORMATION;
2947
2948 typedef struct _FILE_ID_FULL_DIR_INFORMATION {
2949 ULONG NextEntryOffset;
2950 ULONG FileIndex;
2951 LARGE_INTEGER CreationTime;
2952 LARGE_INTEGER LastAccessTime;
2953 LARGE_INTEGER LastWriteTime;
2954 LARGE_INTEGER ChangeTime;
2955 LARGE_INTEGER EndOfFile;
2956 LARGE_INTEGER AllocationSize;
2957 ULONG FileAttributes;
2958 ULONG FileNameLength;
2959 ULONG EaSize;
2960 LARGE_INTEGER FileId;
2961 WCHAR FileName[1];
2962 } FILE_ID_FULL_DIR_INFORMATION, *PFILE_ID_FULL_DIR_INFORMATION;
2963
2964 typedef struct _FILE_ID_BOTH_DIR_INFORMATION {
2965 ULONG NextEntryOffset;
2966 ULONG FileIndex;
2967 LARGE_INTEGER CreationTime;
2968 LARGE_INTEGER LastAccessTime;
2969 LARGE_INTEGER LastWriteTime;
2970 LARGE_INTEGER ChangeTime;
2971 LARGE_INTEGER EndOfFile;
2972 LARGE_INTEGER AllocationSize;
2973 ULONG FileAttributes;
2974 ULONG FileNameLength;
2975 ULONG EaSize;
2976 CCHAR ShortNameLength;
2977 WCHAR ShortName[12];
2978 LARGE_INTEGER FileId;
2979 WCHAR FileName[1];
2980 } FILE_ID_BOTH_DIR_INFORMATION, *PFILE_ID_BOTH_DIR_INFORMATION;
2981
2982 typedef struct _FILE_EA_INFORMATION {
2983 ULONG EaSize;
2984 } FILE_EA_INFORMATION, *PFILE_EA_INFORMATION;
2985
2986 typedef struct _FILE_FS_ATTRIBUTE_INFORMATION {
2987 ULONG FileSystemAttributes;
2988 ULONG MaximumComponentNameLength;
2989 ULONG FileSystemNameLength;
2990 WCHAR FileSystemName[1];
2991 } FILE_FS_ATTRIBUTE_INFORMATION, *PFILE_FS_ATTRIBUTE_INFORMATION;
2992
2993 typedef struct _FILE_FS_CONTROL_INFORMATION {
2994 LARGE_INTEGER FreeSpaceStartFiltering;
2995 LARGE_INTEGER FreeSpaceThreshold;
2996 LARGE_INTEGER FreeSpaceStopFiltering;
2997 LARGE_INTEGER DefaultQuotaThreshold;
2998 LARGE_INTEGER DefaultQuotaLimit;
2999 ULONG FileSystemControlFlags;
3000 } FILE_FS_CONTROL_INFORMATION, *PFILE_FS_CONTROL_INFORMATION;
3001
3002 typedef struct _FILE_FS_FULL_SIZE_INFORMATION {
3003 LARGE_INTEGER TotalAllocationUnits;
3004 LARGE_INTEGER CallerAvailableAllocationUnits;
3005 LARGE_INTEGER ActualAvailableAllocationUnits;
3006 ULONG SectorsPerAllocationUnit;
3007 ULONG BytesPerSector;
3008 } FILE_FS_FULL_SIZE_INFORMATION, *PFILE_FS_FULL_SIZE_INFORMATION;
3009
3010 typedef struct _FILE_FS_LABEL_INFORMATION {
3011 ULONG VolumeLabelLength;
3012 WCHAR VolumeLabel[1];
3013 } FILE_FS_LABEL_INFORMATION, *PFILE_FS_LABEL_INFORMATION;
3014
3015 #if (VER_PRODUCTBUILD >= 2195)
3016
3017 typedef struct _FILE_FS_OBJECT_ID_INFORMATION {
3018 UCHAR ObjectId[16];
3019 UCHAR ExtendedInfo[48];
3020 } FILE_FS_OBJECT_ID_INFORMATION, *PFILE_FS_OBJECT_ID_INFORMATION;
3021
3022 #endif /* (VER_PRODUCTBUILD >= 2195) */
3023
3024 typedef struct _FILE_FS_SIZE_INFORMATION {
3025 LARGE_INTEGER TotalAllocationUnits;
3026 LARGE_INTEGER AvailableAllocationUnits;
3027 ULONG SectorsPerAllocationUnit;
3028 ULONG BytesPerSector;
3029 } FILE_FS_SIZE_INFORMATION, *PFILE_FS_SIZE_INFORMATION;
3030
3031 typedef struct _FILE_FS_VOLUME_INFORMATION {
3032 LARGE_INTEGER VolumeCreationTime;
3033 ULONG VolumeSerialNumber;
3034 ULONG VolumeLabelLength;
3035 BOOLEAN SupportsObjects;
3036 WCHAR VolumeLabel[1];
3037 } FILE_FS_VOLUME_INFORMATION, *PFILE_FS_VOLUME_INFORMATION;
3038
3039 typedef struct _FILE_FS_OBJECTID_INFORMATION
3040 {
3041 UCHAR ObjectId[16];
3042 UCHAR ExtendedInfo[48];
3043 } FILE_FS_OBJECTID_INFORMATION, *PFILE_FS_OBJECTID_INFORMATION;
3044
3045 typedef struct _FILE_FS_DRIVER_PATH_INFORMATION
3046 {
3047 BOOLEAN DriverInPath;
3048 ULONG DriverNameLength;
3049 WCHAR DriverName[1];
3050 } FILE_FS_DRIVER_PATH_INFORMATION, *PFILE_FS_DRIVER_PATH_INFORMATION;
3051
3052 typedef struct _FILE_FULL_DIR_INFORMATION {
3053 ULONG NextEntryOffset;
3054 ULONG FileIndex;
3055 LARGE_INTEGER CreationTime;
3056 LARGE_INTEGER LastAccessTime;
3057 LARGE_INTEGER LastWriteTime;
3058 LARGE_INTEGER ChangeTime;
3059 LARGE_INTEGER EndOfFile;
3060 LARGE_INTEGER AllocationSize;
3061 ULONG FileAttributes;
3062 ULONG FileNameLength;
3063 ULONG EaSize;
3064 WCHAR FileName[1];
3065 } FILE_FULL_DIR_INFORMATION, *PFILE_FULL_DIR_INFORMATION;
3066
3067 typedef struct _FILE_GET_EA_INFORMATION {
3068 ULONG NextEntryOffset;
3069 UCHAR EaNameLength;
3070 CHAR EaName[1];
3071 } FILE_GET_EA_INFORMATION, *PFILE_GET_EA_INFORMATION;
3072
3073 typedef struct _FILE_GET_QUOTA_INFORMATION {
3074 ULONG NextEntryOffset;
3075 ULONG SidLength;
3076 SID Sid;
3077 } FILE_GET_QUOTA_INFORMATION, *PFILE_GET_QUOTA_INFORMATION;
3078
3079 typedef struct _FILE_QUOTA_INFORMATION
3080 {
3081 ULONG NextEntryOffset;
3082 ULONG SidLength;
3083 LARGE_INTEGER ChangeTime;
3084 LARGE_INTEGER QuotaUsed;
3085 LARGE_INTEGER QuotaThreshold;
3086 LARGE_INTEGER QuotaLimit;
3087 SID Sid;
3088 } FILE_QUOTA_INFORMATION, *PFILE_QUOTA_INFORMATION;
3089
3090 typedef struct _FILE_INTERNAL_INFORMATION {
3091 LARGE_INTEGER IndexNumber;
3092 } FILE_INTERNAL_INFORMATION, *PFILE_INTERNAL_INFORMATION;
3093
3094 typedef struct _FILE_LINK_INFORMATION {
3095 BOOLEAN ReplaceIfExists;
3096 HANDLE RootDirectory;
3097 ULONG FileNameLength;
3098 WCHAR FileName[1];
3099 } FILE_LINK_INFORMATION, *PFILE_LINK_INFORMATION;
3100
3101 typedef struct _FILE_LOCK_INFO
3102 {
3103 LARGE_INTEGER StartingByte;
3104 LARGE_INTEGER Length;
3105 BOOLEAN ExclusiveLock;
3106 ULONG Key;
3107 PFILE_OBJECT FileObject;
3108 PVOID ProcessId;
3109 LARGE_INTEGER EndingByte;
3110 } FILE_LOCK_INFO, *PFILE_LOCK_INFO;
3111
3112 typedef struct _FILE_REPARSE_POINT_INFORMATION
3113 {
3114 LONGLONG FileReference;
3115 ULONG Tag;
3116 } FILE_REPARSE_POINT_INFORMATION, *PFILE_REPARSE_POINT_INFORMATION;
3117
3118 typedef struct _FILE_MOVE_CLUSTER_INFORMATION
3119 {
3120 ULONG ClusterCount;
3121 HANDLE RootDirectory;
3122 ULONG FileNameLength;
3123 WCHAR FileName[1];
3124 } FILE_MOVE_CLUSTER_INFORMATION, *PFILE_MOVE_CLUSTER_INFORMATION;
3125
3126 typedef struct _FILE_NOTIFY_INFORMATION
3127 {
3128 ULONG NextEntryOffset;
3129 ULONG Action;
3130 ULONG FileNameLength;
3131 WCHAR FileName[1];
3132 } FILE_NOTIFY_INFORMATION, *PFILE_NOTIFY_INFORMATION;
3133
3134 /* raw internal file lock struct returned from FsRtlGetNextFileLock */
3135 typedef struct _FILE_SHARED_LOCK_ENTRY {
3136 PVOID Unknown1;
3137 PVOID Unknown2;
3138 FILE_LOCK_INFO FileLock;
3139 } FILE_SHARED_LOCK_ENTRY, *PFILE_SHARED_LOCK_ENTRY;
3140
3141 /* raw internal file lock struct returned from FsRtlGetNextFileLock */
3142 typedef struct _FILE_EXCLUSIVE_LOCK_ENTRY {
3143 LIST_ENTRY ListEntry;
3144 PVOID Unknown1;
3145 PVOID Unknown2;
3146 FILE_LOCK_INFO FileLock;
3147 } FILE_EXCLUSIVE_LOCK_ENTRY, *PFILE_EXCLUSIVE_LOCK_ENTRY;
3148
3149 typedef NTSTATUS (NTAPI *PCOMPLETE_LOCK_IRP_ROUTINE) (
3150 IN PVOID Context,
3151 IN PIRP Irp
3152 );
3153
3154 typedef VOID (NTAPI *PUNLOCK_ROUTINE) (
3155 IN PVOID Context,
3156 IN PFILE_LOCK_INFO FileLockInfo
3157 );
3158
3159 typedef struct _FILE_LOCK {
3160 PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine;
3161 PUNLOCK_ROUTINE UnlockRoutine;
3162 BOOLEAN FastIoIsQuestionable;
3163 BOOLEAN Pad[3];
3164 PVOID LockInformation;
3165 FILE_LOCK_INFO LastReturnedLockInfo;
3166 PVOID LastReturnedLock;
3167 } FILE_LOCK, *PFILE_LOCK;
3168
3169 typedef struct _FILE_MAILSLOT_PEEK_BUFFER {
3170 ULONG ReadDataAvailable;
3171 ULONG NumberOfMessages;
3172 ULONG MessageLength;
3173 } FILE_MAILSLOT_PEEK_BUFFER, *PFILE_MAILSLOT_PEEK_BUFFER;
3174
3175 typedef struct _FILE_MAILSLOT_QUERY_INFORMATION {
3176 ULONG MaximumMessageSize;
3177 ULONG MailslotQuota;
3178 ULONG NextMessageSize;
3179 ULONG MessagesAvailable;
3180 LARGE_INTEGER ReadTimeout;
3181 } FILE_MAILSLOT_QUERY_INFORMATION, *PFILE_MAILSLOT_QUERY_INFORMATION;
3182
3183 typedef struct _FILE_MAILSLOT_SET_INFORMATION {
3184 PLARGE_INTEGER ReadTimeout;
3185 } FILE_MAILSLOT_SET_INFORMATION, *PFILE_MAILSLOT_SET_INFORMATION;
3186
3187 typedef struct _FILE_MODE_INFORMATION {
3188 ULONG Mode;
3189 } FILE_MODE_INFORMATION, *PFILE_MODE_INFORMATION;
3190
3191 typedef struct _FILE_ALL_INFORMATION {
3192 FILE_BASIC_INFORMATION BasicInformation;
3193 FILE_STANDARD_INFORMATION StandardInformation;
3194 FILE_INTERNAL_INFORMATION InternalInformation;
3195 FILE_EA_INFORMATION EaInformation;
3196 FILE_ACCESS_INFORMATION AccessInformation;
3197 FILE_POSITION_INFORMATION PositionInformation;
3198 FILE_MODE_INFORMATION ModeInformation;
3199 FILE_ALIGNMENT_INFORMATION AlignmentInformation;
3200 FILE_NAME_INFORMATION NameInformation;
3201 } FILE_ALL_INFORMATION, *PFILE_ALL_INFORMATION;
3202
3203 typedef struct _FILE_NAMES_INFORMATION {
3204 ULONG NextEntryOffset;
3205 ULONG FileIndex;
3206 ULONG FileNameLength;
3207 WCHAR FileName[1];
3208 } FILE_NAMES_INFORMATION, *PFILE_NAMES_INFORMATION;
3209
3210 typedef struct _FILE_OBJECTID_INFORMATION {
3211 LONGLONG FileReference;
3212 UCHAR ObjectId[16];
3213 _ANONYMOUS_UNION union {
3214 __GNU_EXTENSION struct {
3215 UCHAR BirthVolumeId[16];
3216 UCHAR BirthObjectId[16];
3217 UCHAR DomainId[16];
3218 };
3219 UCHAR ExtendedInfo[48];
3220 } DUMMYUNIONNAME;
3221 } FILE_OBJECTID_INFORMATION, *PFILE_OBJECTID_INFORMATION;
3222
3223 typedef struct _FILE_OLE_CLASSID_INFORMATION {
3224 GUID ClassId;
3225 } FILE_OLE_CLASSID_INFORMATION, *PFILE_OLE_CLASSID_INFORMATION;
3226
3227 typedef struct _FILE_OLE_ALL_INFORMATION {
3228 FILE_BASIC_INFORMATION BasicInformation;
3229 FILE_STANDARD_INFORMATION StandardInformation;
3230 FILE_INTERNAL_INFORMATION InternalInformation;
3231 FILE_EA_INFORMATION EaInformation;
3232 FILE_ACCESS_INFORMATION AccessInformation;
3233 FILE_POSITION_INFORMATION PositionInformation;
3234 FILE_MODE_INFORMATION ModeInformation;
3235 FILE_ALIGNMENT_INFORMATION AlignmentInformation;
3236 USN LastChangeUsn;
3237 USN ReplicationUsn;
3238 LARGE_INTEGER SecurityChangeTime;
3239 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation;
3240 FILE_OBJECTID_INFORMATION ObjectIdInformation;
3241 FILE_STORAGE_TYPE StorageType;
3242 ULONG OleStateBits;
3243 ULONG OleId;
3244 ULONG NumberOfStreamReferences;
3245 ULONG StreamIndex;
3246 ULONG SecurityId;
3247 BOOLEAN ContentIndexDisable;
3248 BOOLEAN InheritContentIndexDisable;
3249 FILE_NAME_INFORMATION NameInformation;
3250 } FILE_OLE_ALL_INFORMATION, *PFILE_OLE_ALL_INFORMATION;
3251
3252 typedef struct _FILE_OLE_DIR_INFORMATION {
3253 ULONG NextEntryOffset;
3254 ULONG FileIndex;
3255 LARGE_INTEGER CreationTime;
3256 LARGE_INTEGER LastAccessTime;
3257 LARGE_INTEGER LastWriteTime;
3258 LARGE_INTEGER ChangeTime;
3259 LARGE_INTEGER EndOfFile;
3260 LARGE_INTEGER AllocationSize;
3261 ULONG FileAttributes;
3262 ULONG FileNameLength;
3263 FILE_STORAGE_TYPE StorageType;
3264 GUID OleClassId;
3265 ULONG OleStateBits;
3266 BOOLEAN ContentIndexDisable;
3267 BOOLEAN InheritContentIndexDisable;
3268 WCHAR FileName[1];
3269 } FILE_OLE_DIR_INFORMATION, *PFILE_OLE_DIR_INFORMATION;
3270
3271 typedef struct _FILE_OLE_INFORMATION {
3272 LARGE_INTEGER SecurityChangeTime;
3273 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation;
3274 FILE_OBJECTID_INFORMATION ObjectIdInformation;
3275 FILE_STORAGE_TYPE StorageType;
3276 ULONG OleStateBits;
3277 BOOLEAN ContentIndexDisable;
3278 BOOLEAN InheritContentIndexDisable;
3279 } FILE_OLE_INFORMATION, *PFILE_OLE_INFORMATION;
3280
3281 typedef struct _FILE_OLE_STATE_BITS_INFORMATION {
3282 ULONG StateBits;
3283 ULONG StateBitsMask;
3284 } FILE_OLE_STATE_BITS_INFORMATION, *PFILE_OLE_STATE_BITS_INFORMATION;
3285
3286 typedef struct _FILE_PIPE_ASSIGN_EVENT_BUFFER {
3287 HANDLE EventHandle;
3288 ULONG KeyValue;
3289 } FILE_PIPE_ASSIGN_EVENT_BUFFER, *PFILE_PIPE_ASSIGN_EVENT_BUFFER;
3290
3291 typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER {
3292 PVOID ClientSession;
3293 PVOID ClientProcess;
3294 } FILE_PIPE_CLIENT_PROCESS_BUFFER, *PFILE_PIPE_CLIENT_PROCESS_BUFFER;
3295
3296 typedef struct _FILE_PIPE_EVENT_BUFFER {
3297 ULONG NamedPipeState;
3298 ULONG EntryType;
3299 ULONG ByteCount;
3300 ULONG KeyValue;
3301 ULONG NumberRequests;
3302 } FILE_PIPE_EVENT_BUFFER, *PFILE_PIPE_EVENT_BUFFER;
3303
3304 typedef struct _FILE_PIPE_PEEK_BUFFER
3305 {
3306 ULONG NamedPipeState;
3307 ULONG ReadDataAvailable;
3308 ULONG NumberOfMessages;
3309 ULONG MessageLength;
3310 CHAR Data[1];
3311 } FILE_PIPE_PEEK_BUFFER, *PFILE_PIPE_PEEK_BUFFER;
3312
3313 typedef struct _FILE_PIPE_INFORMATION {
3314 ULONG ReadMode;
3315 ULONG CompletionMode;
3316 } FILE_PIPE_INFORMATION, *PFILE_PIPE_INFORMATION;
3317
3318 typedef struct _FILE_PIPE_LOCAL_INFORMATION {
3319 ULONG NamedPipeType;
3320 ULONG NamedPipeConfiguration;
3321 ULONG MaximumInstances;
3322 ULONG CurrentInstances;
3323 ULONG InboundQuota;
3324 ULONG ReadDataAvailable;
3325 ULONG OutboundQuota;
3326 ULONG WriteQuotaAvailable;
3327 ULONG NamedPipeState;
3328 ULONG NamedPipeEnd;
3329 } FILE_PIPE_LOCAL_INFORMATION, *PFILE_PIPE_LOCAL_INFORMATION;
3330
3331 typedef struct _FILE_PIPE_REMOTE_INFORMATION {
3332 LARGE_INTEGER CollectDataTime;
3333 ULONG MaximumCollectionCount;
3334 } FILE_PIPE_REMOTE_INFORMATION, *PFILE_PIPE_REMOTE_INFORMATION;
3335
3336 typedef struct _FILE_PIPE_WAIT_FOR_BUFFER {
3337 LARGE_INTEGER Timeout;
3338 ULONG NameLength;
3339 BOOLEAN TimeoutSpecified;
3340 WCHAR Name[1];
3341 } FILE_PIPE_WAIT_FOR_BUFFER, *PFILE_PIPE_WAIT_FOR_BUFFER;
3342
3343 typedef struct _FILE_RENAME_INFORMATION {
3344 BOOLEAN ReplaceIfExists;
3345 HANDLE RootDirectory;
3346 ULONG FileNameLength;
3347 WCHAR FileName[1];
3348 } FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION;
3349
3350 typedef struct _FILE_STREAM_INFORMATION {
3351 ULONG NextEntryOffset;
3352 ULONG StreamNameLength;
3353 LARGE_INTEGER StreamSize;
3354 LARGE_INTEGER StreamAllocationSize;
3355 WCHAR StreamName[1];
3356 } FILE_STREAM_INFORMATION, *PFILE_STREAM_INFORMATION;
3357
3358 typedef struct _FILE_TRACKING_INFORMATION {
3359 HANDLE DestinationFile;
3360 ULONG ObjectInformationLength;
3361 CHAR ObjectInformation[1];
3362 } FILE_TRACKING_INFORMATION, *PFILE_TRACKING_INFORMATION;
3363
3364 #if (VER_PRODUCTBUILD >= 2195)
3365 typedef struct _FILE_ZERO_DATA_INFORMATION {
3366 LARGE_INTEGER FileOffset;
3367 LARGE_INTEGER BeyondFinalZero;
3368 } FILE_ZERO_DATA_INFORMATION, *PFILE_ZERO_DATA_INFORMATION;
3369
3370 typedef struct FILE_ALLOCATED_RANGE_BUFFER {
3371 LARGE_INTEGER FileOffset;
3372 LARGE_INTEGER Length;
3373 } FILE_ALLOCATED_RANGE_BUFFER, *PFILE_ALLOCATED_RANGE_BUFFER;
3374 #endif /* (VER_PRODUCTBUILD >= 2195) */
3375
3376 #define FSRTL_FCB_HEADER_V0 (0x00)
3377 #define FSRTL_FCB_HEADER_V1 (0x01)
3378
3379
3380 typedef struct _FSRTL_COMMON_FCB_HEADER {
3381 CSHORT NodeTypeCode;
3382 CSHORT NodeByteSize;
3383 UCHAR Flags;
3384 UCHAR IsFastIoPossible;
3385 #if (VER_PRODUCTBUILD >= 1381)
3386 UCHAR Flags2;
3387 UCHAR Reserved;
3388 #endif /* (VER_PRODUCTBUILD >= 1381) */
3389 PERESOURCE Resource;
3390 PERESOURCE PagingIoResource;
3391 LARGE_INTEGER AllocationSize;
3392 LARGE_INTEGER FileSize;
3393 LARGE_INTEGER ValidDataLength;
3394 } FSRTL_COMMON_FCB_HEADER, *PFSRTL_COMMON_FCB_HEADER;
3395
3396 typedef enum _FSRTL_COMPARISON_RESULT
3397 {
3398 LessThan = -1,
3399 EqualTo = 0,
3400 GreaterThan = 1
3401 } FSRTL_COMPARISON_RESULT;
3402
3403 #if (VER_PRODUCTBUILD >= 2600)
3404
3405 typedef struct _FSRTL_ADVANCED_FCB_HEADER {
3406 CSHORT NodeTypeCode;
3407 CSHORT NodeByteSize;
3408 UCHAR Flags;
3409 UCHAR IsFastIoPossible;
3410 UCHAR Flags2;
3411 UCHAR Reserved: 4;
3412 UCHAR Version: 4;
3413 PERESOURCE Resource;
3414 PERESOURCE PagingIoResource;
3415 LARGE_INTEGER AllocationSize;
3416 LARGE_INTEGER FileSize;
3417 LARGE_INTEGER ValidDataLength;
3418 PFAST_MUTEX FastMutex;
3419 LIST_ENTRY FilterContexts;
3420 EX_PUSH_LOCK PushLock;
3421 PVOID *FileContextSupportPointer;
3422 } FSRTL_ADVANCED_FCB_HEADER, *PFSRTL_ADVANCED_FCB_HEADER;
3423
3424 typedef struct _FSRTL_PER_STREAM_CONTEXT {
3425 LIST_ENTRY Links;
3426 PVOID OwnerId;
3427 PVOID InstanceId;
3428 PFREE_FUNCTION FreeCallback;
3429 } FSRTL_PER_STREAM_CONTEXT, *PFSRTL_PER_STREAM_CONTEXT;
3430
3431 typedef struct _FSRTL_PER_FILEOBJECT_CONTEXT
3432 {
3433 LIST_ENTRY Links;
3434 PVOID OwnerId;
3435 PVOID InstanceId;
3436 } FSRTL_PER_FILEOBJECT_CONTEXT, *PFSRTL_PER_FILEOBJECT_CONTEXT;
3437
3438 #endif /* (VER_PRODUCTBUILD >= 2600) */
3439
3440 typedef struct _BASE_MCB
3441 {
3442 ULONG MaximumPairCount;
3443 ULONG PairCount;
3444 USHORT PoolType;
3445 USHORT Flags;
3446 PVOID Mapping;
3447 } BASE_MCB, *PBASE_MCB;
3448
3449 typedef struct _LARGE_MCB
3450 {
3451 PKGUARDED_MUTEX GuardedMutex;
3452 BASE_MCB BaseMcb;
3453 } LARGE_MCB, *PLARGE_MCB;
3454
3455 typedef struct _MCB
3456 {
3457 LARGE_MCB DummyFieldThatSizesThisStructureCorrectly;
3458 } MCB, *PMCB;
3459
3460 typedef struct _MAPPING_PAIR {
3461 ULONGLONG Vcn;
3462 ULONGLONG Lcn;
3463 } MAPPING_PAIR, *PMAPPING_PAIR;
3464
3465 typedef struct _GET_RETRIEVAL_DESCRIPTOR {
3466 ULONG NumberOfPairs;
3467 ULONGLONG StartVcn;
3468 MAPPING_PAIR Pair[1];
3469 } GET_RETRIEVAL_DESCRIPTOR, *PGET_RETRIEVAL_DESCRIPTOR;
3470
3471 typedef struct _KQUEUE {
3472 DISPATCHER_HEADER Header;
3473 LIST_ENTRY EntryListHead;
3474 ULONG CurrentCount;
3475 ULONG MaximumCount;
3476 LIST_ENTRY ThreadListHead;
3477 } KQUEUE, *PKQUEUE, *RESTRICTED_POINTER PRKQUEUE;
3478
3479 #define ASSERT_QUEUE(Q) ASSERT(((Q)->Header.Type & KOBJECT_TYPE_MASK) == QueueObject);
3480
3481 typedef struct _MBCB {
3482 CSHORT NodeTypeCode;
3483 CSHORT NodeIsInZone;
3484 ULONG PagesToWrite;
3485 ULONG DirtyPages;
3486 ULONG Reserved;
3487 LIST_ENTRY BitmapRanges;
3488 LONGLONG ResumeWritePage;
3489 BITMAP_RANGE BitmapRange1;
3490 BITMAP_RANGE BitmapRange2;
3491 BITMAP_RANGE BitmapRange3;
3492 } MBCB, *PMBCB;
3493
3494 typedef enum _MMFLUSH_TYPE {
3495 MmFlushForDelete,
3496 MmFlushForWrite
3497 } MMFLUSH_TYPE;
3498
3499 typedef struct _MOVEFILE_DESCRIPTOR {
3500 HANDLE FileHandle;
3501 ULONG Reserved;
3502 LARGE_INTEGER StartVcn;
3503 LARGE_INTEGER TargetLcn;
3504 ULONG NumVcns;
3505 ULONG Reserved1;
3506 } MOVEFILE_DESCRIPTOR, *PMOVEFILE_DESCRIPTOR;
3507
3508 typedef struct _OBJECT_BASIC_INFO {
3509 ULONG Attributes;
3510 ACCESS_MASK GrantedAccess;
3511 ULONG HandleCount;
3512 ULONG ReferenceCount;
3513 ULONG PagedPoolUsage;
3514 ULONG NonPagedPoolUsage;
3515 ULONG Reserved[3];
3516 ULONG NameInformationLength;
3517 ULONG TypeInformationLength;
3518 ULONG SecurityDescriptorLength;
3519 LARGE_INTEGER CreateTime;
3520 } OBJECT_BASIC_INFO, *POBJECT_BASIC_INFO;
3521
3522 typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFO {
3523 BOOLEAN Inherit;
3524 BOOLEAN ProtectFromClose;
3525 } OBJECT_HANDLE_ATTRIBUTE_INFO, *POBJECT_HANDLE_ATTRIBUTE_INFO;
3526
3527 typedef struct _OBJECT_NAME_INFO {
3528 UNICODE_STRING ObjectName;
3529 WCHAR ObjectNameBuffer[1];
3530 } OBJECT_NAME_INFO, *POBJECT_NAME_INFO;
3531
3532 typedef struct _OBJECT_PROTECTION_INFO {
3533 BOOLEAN Inherit;
3534 BOOLEAN ProtectHandle;
3535 } OBJECT_PROTECTION_INFO, *POBJECT_PROTECTION_INFO;
3536
3537 typedef struct _OBJECT_TYPE_INFO {
3538 UNICODE_STRING ObjectTypeName;
3539 UCHAR Unknown[0x58];
3540 WCHAR ObjectTypeNameBuffer[1];
3541 } OBJECT_TYPE_INFO, *POBJECT_TYPE_INFO;
3542
3543 typedef struct _OBJECT_ALL_TYPES_INFO {
3544 ULONG NumberOfObjectTypes;
3545 OBJECT_TYPE_INFO ObjectsTypeInfo[1];
3546 } OBJECT_ALL_TYPES_INFO, *POBJECT_ALL_TYPES_INFO;
3547
3548 typedef struct _PATHNAME_BUFFER {
3549 ULONG PathNameLength;
3550 WCHAR Name[1];
3551 } PATHNAME_BUFFER, *PPATHNAME_BUFFER;
3552
3553 typedef enum _RTL_GENERIC_COMPARE_RESULTS
3554 {
3555 GenericLessThan,
3556 GenericGreaterThan,
3557 GenericEqual
3558 } RTL_GENERIC_COMPARE_RESULTS;
3559
3560 typedef enum _TABLE_SEARCH_RESULT
3561 {
3562 TableEmptyTree,
3563 TableFoundNode,
3564 TableInsertAsLeft,
3565 TableInsertAsRight
3566 } TABLE_SEARCH_RESULT;
3567
3568 typedef NTSTATUS
3569 (NTAPI *PRTL_AVL_MATCH_FUNCTION)(
3570 struct _RTL_AVL_TABLE *Table,
3571 PVOID UserData,
3572 PVOID MatchData
3573 );
3574
3575 typedef RTL_GENERIC_COMPARE_RESULTS
3576 (NTAPI *PRTL_AVL_COMPARE_ROUTINE) (
3577 struct _RTL_AVL_TABLE *Table,
3578 PVOID FirstStruct,
3579 PVOID SecondStruct
3580 );
3581
3582 typedef RTL_GENERIC_COMPARE_RESULTS
3583 (NTAPI *PRTL_GENERIC_COMPARE_ROUTINE) (
3584 struct _RTL_GENERIC_TABLE *Table,
3585 PVOID FirstStruct,
3586 PVOID SecondStruct
3587 );
3588
3589 typedef PVOID
3590 (NTAPI *PRTL_GENERIC_ALLOCATE_ROUTINE) (
3591 struct _RTL_GENERIC_TABLE *Table,
3592 CLONG ByteSize
3593 );
3594
3595 typedef VOID
3596 (NTAPI *PRTL_GENERIC_FREE_ROUTINE) (
3597 struct _RTL_GENERIC_TABLE *Table,
3598 PVOID Buffer
3599 );
3600
3601 typedef PVOID
3602 (NTAPI *PRTL_AVL_ALLOCATE_ROUTINE) (
3603 struct _RTL_AVL_TABLE *Table,
3604 CLONG ByteSize
3605 );
3606
3607 typedef VOID
3608 (NTAPI *PRTL_AVL_FREE_ROUTINE) (
3609 struct _RTL_AVL_TABLE *Table,
3610 PVOID Buffer
3611 );
3612
3613 typedef struct _PUBLIC_BCB {
3614 CSHORT NodeTypeCode;
3615 CSHORT NodeByteSize;
3616 ULONG MappedLength;
3617 LARGE_INTEGER MappedFileOffset;
3618 } PUBLIC_BCB, *PPUBLIC_BCB;
3619
3620 typedef struct _QUERY_PATH_REQUEST {
3621 ULONG PathNameLength;
3622 PIO_SECURITY_CONTEXT SecurityContext;
3623 WCHAR FilePathName[1];
3624 } QUERY_PATH_REQUEST, *PQUERY_PATH_REQUEST;
3625
3626 typedef struct _QUERY_PATH_RESPONSE {
3627 ULONG LengthAccepted;
3628 } QUERY_PATH_RESPONSE, *PQUERY_PATH_RESPONSE;
3629
3630 typedef struct _RETRIEVAL_POINTERS_BUFFER {
3631 ULONG ExtentCount;
3632 LARGE_INTEGER StartingVcn;
3633 struct {
3634 LARGE_INTEGER NextVcn;
3635 LARGE_INTEGER Lcn;
3636 } Extents[1];
3637 } RETRIEVAL_POINTERS_BUFFER, *PRETRIEVAL_POINTERS_BUFFER;
3638
3639 typedef struct _RTL_SPLAY_LINKS {
3640 struct _RTL_SPLAY_LINKS *Parent;
3641 struct _RTL_SPLAY_LINKS *LeftChild;
3642 struct _RTL_SPLAY_LINKS *RightChild;
3643 } RTL_SPLAY_LINKS, *PRTL_SPLAY_LINKS;
3644
3645 typedef struct _RTL_BALANCED_LINKS
3646 {
3647 struct _RTL_BALANCED_LINKS *Parent;
3648 struct _RTL_BALANCED_LINKS *LeftChild;
3649 struct _RTL_BALANCED_LINKS *RightChild;
3650 CHAR Balance;
3651 UCHAR Reserved[3];
3652 } RTL_BALANCED_LINKS, *PRTL_BALANCED_LINKS;
3653
3654 typedef struct _RTL_GENERIC_TABLE
3655 {
3656 PRTL_SPLAY_LINKS TableRoot;
3657 LIST_ENTRY InsertOrderList;
3658 PLIST_ENTRY OrderedPointer;
3659 ULONG WhichOrderedElement;
3660 ULONG NumberGenericTableElements;
3661 PRTL_GENERIC_COMPARE_ROUTINE CompareRoutine;
3662 PRTL_GENERIC_ALLOCATE_ROUTINE AllocateRoutine;
3663 PRTL_GENERIC_FREE_ROUTINE FreeRoutine;
3664 PVOID TableContext;
3665 } RTL_GENERIC_TABLE, *PRTL_GENERIC_TABLE;
3666
3667 #undef PRTL_GENERIC_COMPARE_ROUTINE
3668 #undef PRTL_GENERIC_ALLOCATE_ROUTINE
3669 #undef PRTL_GENERIC_FREE_ROUTINE
3670 #undef RTL_GENERIC_TABLE
3671 #undef PRTL_GENERIC_TABLE
3672
3673 #define PRTL_GENERIC_COMPARE_ROUTINE PRTL_AVL_COMPARE_ROUTINE
3674 #define PRTL_GENERIC_ALLOCATE_ROUTINE PRTL_AVL_ALLOCATE_ROUTINE
3675 #define PRTL_GENERIC_FREE_ROUTINE PRTL_AVL_FREE_ROUTINE
3676 #define RTL_GENERIC_TABLE RTL_AVL_TABLE
3677 #define PRTL_GENERIC_TABLE PRTL_AVL_TABLE
3678
3679 #define RtlInitializeGenericTable RtlInitializeGenericTableAvl
3680 #define RtlInsertElementGenericTable RtlInsertElementGenericTableAvl
3681 #define RtlInsertElementGenericTableFull RtlInsertElementGenericTableFullAvl
3682 #define RtlDeleteElementGenericTable RtlDeleteElementGenericTableAvl
3683 #define RtlLookupElementGenericTable RtlLookupElementGenericTableAvl
3684 #define RtlLookupElementGenericTableFull RtlLookupElementGenericTableFullAvl
3685 #define RtlEnumerateGenericTable RtlEnumerateGenericTableAvl
3686 #define RtlEnumerateGenericTableWithoutSplaying RtlEnumerateGenericTableWithoutSplayingAvl
3687 #define RtlGetElementGenericTable RtlGetElementGenericTableAvl
3688 #define RtlNumberGenericTableElements RtlNumberGenericTableElementsAvl
3689 #define RtlIsGenericTableEmpty RtlIsGenericTableEmptyAvl
3690
3691 typedef struct _RTL_AVL_TABLE
3692 {
3693 RTL_BALANCED_LINKS BalancedRoot;
3694 PVOID OrderedPointer;
3695 ULONG WhichOrderedElement;
3696 ULONG NumberGenericTableElements;
3697 ULONG DepthOfTree;
3698 PRTL_BALANCED_LINKS RestartKey;
3699 ULONG DeleteCount;
3700 PRTL_AVL_COMPARE_ROUTINE CompareRoutine;
3701 PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine;
3702 PRTL_AVL_FREE_ROUTINE FreeRoutine;
3703 PVOID TableContext;
3704 } RTL_AVL_TABLE, *PRTL_AVL_TABLE;
3705
3706 NTSYSAPI
3707 VOID
3708 NTAPI
3709 RtlInitializeGenericTableAvl(
3710 PRTL_AVL_TABLE Table,
3711 PRTL_AVL_COMPARE_ROUTINE CompareRoutine,
3712 PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine,
3713 PRTL_AVL_FREE_ROUTINE FreeRoutine,
3714 PVOID TableContext
3715 );
3716
3717 NTSYSAPI
3718 PVOID
3719 NTAPI
3720 RtlInsertElementGenericTableAvl (
3721 PRTL_AVL_TABLE Table,
3722 PVOID Buffer,
3723 CLONG BufferSize,
3724 PBOOLEAN NewElement OPTIONAL
3725 );
3726
3727 NTSYSAPI
3728 BOOLEAN
3729 NTAPI
3730 RtlDeleteElementGenericTableAvl (
3731 PRTL_AVL_TABLE Table,
3732 PVOID Buffer
3733 );
3734
3735 NTSYSAPI
3736 PVOID
3737 NTAPI
3738 RtlLookupElementGenericTableAvl (
3739 PRTL_AVL_TABLE Table,
3740 PVOID Buffer
3741 );
3742
3743 NTSYSAPI
3744 PVOID
3745 NTAPI
3746 RtlEnumerateGenericTableWithoutSplayingAvl (
3747 PRTL_AVL_TABLE Table,
3748 PVOID *RestartKey
3749 );
3750
3751 #if defined(USE_LPC6432)
3752 #define LPC_CLIENT_ID CLIENT_ID64
3753 #define LPC_SIZE_T ULONGLONG
3754 #define LPC_PVOID ULONGLONG
3755 #define LPC_HANDLE ULONGLONG
3756 #else
3757 #define LPC_CLIENT_ID CLIENT_ID
3758 #define LPC_SIZE_T SIZE_T
3759 #define LPC_PVOID PVOID
3760 #define LPC_HANDLE HANDLE
3761 #endif
3762
3763 typedef struct _PORT_MESSAGE
3764 {
3765 union
3766 {
3767 struct
3768 {
3769 CSHORT DataLength;
3770 CSHORT TotalLength;
3771 } s1;
3772 ULONG Length;
3773 } u1;
3774 union
3775 {
3776 struct
3777 {
3778 CSHORT Type;
3779 CSHORT DataInfoOffset;
3780 } s2;
3781 ULONG ZeroInit;
3782 } u2;
3783 __GNU_EXTENSION union
3784 {
3785 LPC_CLIENT_ID ClientId;
3786 double DoNotUseThisField;
3787 };
3788 ULONG MessageId;
3789 __GNU_EXTENSION union
3790 {
3791 LPC_SIZE_T ClientViewSize;
3792 ULONG CallbackId;
3793 };
3794 } PORT_MESSAGE, *PPORT_MESSAGE;
3795
3796 #define LPC_KERNELMODE_MESSAGE (CSHORT)((USHORT)0x8000)
3797
3798 typedef struct _PORT_VIEW
3799 {
3800 ULONG Length;
3801 LPC_HANDLE SectionHandle;
3802 ULONG SectionOffset;
3803 LPC_SIZE_T ViewSize;
3804 LPC_PVOID ViewBase;
3805 LPC_PVOID ViewRemoteBase;
3806 } PORT_VIEW, *PPORT_VIEW;
3807
3808 typedef struct _REMOTE_PORT_VIEW
3809 {
3810 ULONG Length;
3811 LPC_SIZE_T ViewSize;
3812 LPC_PVOID ViewBase;
3813 } REMOTE_PORT_VIEW, *PREMOTE_PORT_VIEW;
3814
3815 typedef struct _SE_EXPORTS {
3816
3817 LUID SeCreateTokenPrivilege;
3818 LUID SeAssignPrimaryTokenPrivilege;
3819 LUID SeLockMemoryPrivilege;
3820 LUID SeIncreaseQuotaPrivilege;
3821 LUID SeUnsolicitedInputPrivilege;
3822 LUID SeTcbPrivilege;
3823 LUID SeSecurityPrivilege;
3824 LUID SeTakeOwnershipPrivilege;
3825 LUID SeLoadDriverPrivilege;
3826 LUID SeCreatePagefilePrivilege;
3827 LUID SeIncreaseBasePriorityPrivilege;
3828 LUID SeSystemProfilePrivilege;
3829 LUID SeSystemtimePrivilege;
3830 LUID SeProfileSingleProcessPrivilege;
3831 LUID SeCreatePermanentPrivilege;
3832 LUID SeBackupPrivilege;
3833 LUID SeRestorePrivilege;
3834 LUID SeShutdownPrivilege;
3835 LUID SeDebugPrivilege;
3836 LUID SeAuditPrivilege;
3837 LUID SeSystemEnvironmentPrivilege;
3838 LUID SeChangeNotifyPrivilege;
3839 LUID SeRemoteShutdownPrivilege;
3840
3841 PSID SeNullSid;
3842 PSID SeWorldSid;
3843 PSID SeLocalSid;
3844 PSID SeCreatorOwnerSid;
3845 PSID SeCreatorGroupSid;
3846
3847 PSID SeNtAuthoritySid;
3848 PSID SeDialupSid;
3849 PSID SeNetworkSid;
3850 PSID SeBatchSid;
3851 PSID SeInteractiveSid;
3852 PSID SeLocalSystemSid;
3853 PSID SeAliasAdminsSid;
3854 PSID SeAliasUsersSid;
3855 PSID SeAliasGuestsSid;
3856 PSID SeAliasPowerUsersSid;
3857 PSID SeAliasAccountOpsSid;
3858 PSID SeAliasSystemOpsSid;
3859 PSID SeAliasPrintOpsSid;
3860 PSID SeAliasBackupOpsSid;
3861
3862 PSID SeAuthenticatedUsersSid;
3863
3864 PSID SeRestrictedSid;
3865 PSID SeAnonymousLogonSid;
3866
3867 LUID SeUndockPrivilege;
3868 LUID SeSyncAgentPrivilege;
3869 LUID SeEnableDelegationPrivilege;
3870
3871 } SE_EXPORTS, *PSE_EXPORTS;
3872
3873 extern PSE_EXPORTS SeExports;
3874
3875 typedef struct
3876 {
3877 LARGE_INTEGER StartingLcn;
3878 } STARTING_LCN_INPUT_BUFFER, *PSTARTING_LCN_INPUT_BUFFER;
3879
3880 typedef struct _STARTING_VCN_INPUT_BUFFER {
3881 LARGE_INTEGER StartingVcn;
3882 } STARTING_VCN_INPUT_BUFFER, *PSTARTING_VCN_INPUT_BUFFER;
3883
3884 typedef struct _SECURITY_CLIENT_CONTEXT {
3885 SECURITY_QUALITY_OF_SERVICE SecurityQos;
3886 PACCESS_TOKEN ClientToken;
3887 BOOLEAN DirectlyAccessClientToken;
3888 BOOLEAN DirectAccessEffectiveOnly;
3889 BOOLEAN ServerIsRemote;
3890 TOKEN_CONTROL ClientTokenControl;
3891 } SECURITY_CLIENT_CONTEXT, *PSECURITY_CLIENT_CONTEXT;
3892
3893 typedef struct _TUNNEL {
3894 FAST_MUTEX Mutex;
3895 PRTL_SPLAY_LINKS Cache;
3896 LIST_ENTRY TimerQueue;
3897 USHORT NumEntries;
3898 } TUNNEL, *PTUNNEL;
3899
3900 typedef struct _VAD_HEADER {
3901 PVOID StartVPN;
3902 PVOID EndVPN;
3903 struct _VAD_HEADER* ParentLink;
3904 struct _VAD_HEADER* LeftLink;
3905 struct _VAD_HEADER* RightLink;
3906 ULONG Flags; /* LSB = CommitCharge */
3907 PVOID ControlArea;
3908 PVOID FirstProtoPte;
3909 PVOID LastPTE;
3910 ULONG Unknown;
3911 LIST_ENTRY Secured;
3912 } VAD_HEADER, *PVAD_HEADER;
3913
3914 typedef struct
3915 {
3916 LARGE_INTEGER StartingLcn;
3917 LARGE_INTEGER BitmapSize;
3918 UCHAR Buffer[1];
3919 } VOLUME_BITMAP_BUFFER, *PVOLUME_BITMAP_BUFFER;
3920
3921 #if (VER_PRODUCTBUILD >= 2600)
3922
3923 typedef BOOLEAN
3924 (NTAPI *PFILTER_REPORT_CHANGE) (
3925 IN PVOID NotifyContext,
3926 IN PVOID FilterContext
3927 );
3928
3929 typedef enum _FS_FILTER_SECTION_SYNC_TYPE {
3930 SyncTypeOther = 0,
3931 SyncTypeCreateSection
3932 } FS_FILTER_SECTION_SYNC_TYPE, *PFS_FILTER_SECTION_SYNC_TYPE;
3933
3934 typedef enum _FS_FILTER_STREAM_FO_NOTIFICATION_TYPE {
3935 NotifyTypeCreate = 0,
3936 NotifyTypeRetired
3937 } FS_FILTER_STREAM_FO_NOTIFICATION_TYPE, *PFS_FILTER_STREAM_FO_NOTIFICATION_TYPE;
3938
3939 typedef union _FS_FILTER_PARAMETERS {
3940 struct {
3941 PLARGE_INTEGER EndingOffset;
3942 PERESOURCE *ResourceToRelease;
3943 } AcquireForModifiedPageWriter;
3944
3945 struct {
3946 PERESOURCE ResourceToRelease;
3947 } ReleaseForModifiedPageWriter;
3948
3949 struct {
3950 FS_FILTER_SECTION_SYNC_TYPE SyncType;
3951 ULONG PageProtection;
3952 } AcquireForSectionSynchronization;
3953
3954 struct {
3955 FS_FILTER_STREAM_FO_NOTIFICATION_TYPE NotificationType;
3956 BOOLEAN POINTER_ALIGNMENT SafeToRecurse;
3957 } NotifyStreamFileObject;
3958
3959 struct {
3960 PVOID Argument1;
3961 PVOID Argument2;
3962 PVOID Argument3;
3963 PVOID Argument4;
3964 PVOID Argument5;
3965 } Others;
3966 } FS_FILTER_PARAMETERS, *PFS_FILTER_PARAMETERS;
3967
3968 typedef struct _FS_FILTER_CALLBACK_DATA {
3969 ULONG SizeOfFsFilterCallbackData;
3970 UCHAR Operation;
3971 UCHAR Reserved;
3972 struct _DEVICE_OBJECT *DeviceObject;
3973 struct _FILE_OBJECT *FileObject;
3974 FS_FILTER_PARAMETERS Parameters;
3975 } FS_FILTER_CALLBACK_DATA, *PFS_FILTER_CALLBACK_DATA;
3976
3977 typedef NTSTATUS
3978 (NTAPI *PFS_FILTER_CALLBACK) (
3979 IN PFS_FILTER_CALLBACK_DATA Data,
3980 OUT PVOID *CompletionContext
3981 );
3982
3983 typedef VOID
3984 (NTAPI *PFS_FILTER_COMPLETION_CALLBACK) (
3985 IN PFS_FILTER_CALLBACK_DATA Data,
3986 IN NTSTATUS OperationStatus,
3987 IN PVOID CompletionContext
3988 );
3989
3990 typedef struct _FS_FILTER_CALLBACKS {
3991 ULONG SizeOfFsFilterCallbacks;
3992 ULONG Reserved;
3993 PFS_FILTER_CALLBACK PreAcquireForSectionSynchronization;
3994 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForSectionSynchronization;
3995 PFS_FILTER_CALLBACK PreReleaseForSectionSynchronization;
3996 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForSectionSynchronization;
3997 PFS_FILTER_CALLBACK PreAcquireForCcFlush;
3998 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForCcFlush;
3999 PFS_FILTER_CALLBACK PreReleaseForCcFlush;
4000 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForCcFlush;
4001 PFS_FILTER_CALLBACK PreAcquireForModifiedPageWriter;
4002 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForModifiedPageWriter;
4003 PFS_FILTER_CALLBACK PreReleaseForModifiedPageWriter;
4004 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForModifiedPageWriter;
4005 } FS_FILTER_CALLBACKS, *PFS_FILTER_CALLBACKS;
4006
4007 typedef struct _READ_LIST {
4008 PFILE_OBJECT FileObject;
4009 ULONG NumberOfEntries;
4010 LOGICAL IsImage;
4011 FILE_SEGMENT_ELEMENT List[ANYSIZE_ARRAY];
4012 } READ_LIST, *PREAD_LIST;
4013
4014 #endif
4015
4016 NTKERNELAPI
4017 BOOLEAN
4018 NTAPI
4019 CcCanIWrite (
4020 IN PFILE_OBJECT FileObject,
4021 IN ULONG BytesToWrite,
4022 IN BOOLEAN Wait,
4023 IN BOOLEAN Retrying
4024 );
4025
4026 NTKERNELAPI
4027 BOOLEAN
4028 NTAPI
4029 CcCopyRead (
4030 IN PFILE_OBJECT FileObject,
4031 IN PLARGE_INTEGER FileOffset,
4032 IN ULONG Length,
4033 IN BOOLEAN Wait,
4034 OUT PVOID Buffer,
4035 OUT PIO_STATUS_BLOCK IoStatus
4036 );
4037
4038 NTKERNELAPI
4039 BOOLEAN
4040 NTAPI
4041 CcCopyWrite (
4042 IN PFILE_OBJECT FileObject,
4043 IN PLARGE_INTEGER FileOffset,
4044 IN ULONG Length,
4045 IN BOOLEAN Wait,
4046 IN PVOID Buffer
4047 );
4048
4049 #define CcCopyWriteWontFlush(FO, FOFF, LEN) ((LEN) <= 0x10000)
4050
4051 typedef VOID (NTAPI *PCC_POST_DEFERRED_WRITE) (
4052 IN PVOID Context1,
4053 IN PVOID Context2
4054 );
4055
4056 NTKERNELAPI
4057 VOID
4058 NTAPI
4059 CcDeferWrite (
4060 IN PFILE_OBJECT FileObject,
4061 IN PCC_POST_DEFERRED_WRITE PostRoutine,
4062 IN PVOID Context1,
4063 IN PVOID Context2,
4064 IN ULONG BytesToWrite,
4065 IN BOOLEAN Retrying
4066 );
4067
4068 NTKERNELAPI
4069 VOID
4070 NTAPI
4071 CcFastCopyRead (
4072 IN PFILE_OBJECT FileObject,
4073 IN ULONG FileOffset,
4074 IN ULONG Length,
4075 IN ULONG PageCount,
4076 OUT PVOID Buffer,
4077 OUT PIO_STATUS_BLOCK IoStatus
4078 );
4079
4080 NTKERNELAPI
4081 VOID
4082 NTAPI
4083 CcFastCopyWrite (
4084 IN PFILE_OBJECT FileObject,
4085 IN ULONG FileOffset,
4086 IN ULONG Length,
4087 IN PVOID Buffer
4088 );
4089
4090 NTKERNELAPI
4091 VOID
4092 NTAPI
4093 CcFlushCache (
4094 IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
4095 IN PLARGE_INTEGER FileOffset OPTIONAL,
4096 IN ULONG Length,
4097 OUT PIO_STATUS_BLOCK IoStatus OPTIONAL
4098 );
4099
4100 typedef VOID (NTAPI *PDIRTY_PAGE_ROUTINE) (
4101 IN PFILE_OBJECT FileObject,
4102 IN PLARGE_INTEGER FileOffset,
4103 IN ULONG Length,
4104 IN PLARGE_INTEGER OldestLsn,
4105 IN PLARGE_INTEGER NewestLsn,
4106 IN PVOID Context1,
4107 IN PVOID Context2
4108 );
4109
4110 NTKERNELAPI
4111 LARGE_INTEGER
4112 NTAPI
4113 CcGetDirtyPages (
4114 IN PVOID LogHandle,
4115 IN PDIRTY_PAGE_ROUTINE DirtyPageRoutine,
4116 IN PVOID Context1,
4117 IN PVOID Context2
4118 );
4119
4120 NTKERNELAPI
4121 PFILE_OBJECT
4122 NTAPI
4123 CcGetFileObjectFromBcb (
4124 IN PVOID Bcb
4125 );
4126
4127 NTKERNELAPI
4128 PFILE_OBJECT
4129 NTAPI
4130 CcGetFileObjectFromSectionPtrs (
4131 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
4132 );
4133
4134 #define CcGetFileSizePointer(FO) ( \
4135 ((PLARGE_INTEGER)((FO)->SectionObjectPointer->SharedCacheMap) + 1) \
4136 )
4137
4138 #if (VER_PRODUCTBUILD >= 2195)
4139
4140 NTKERNELAPI
4141 LARGE_INTEGER
4142 NTAPI
4143 CcGetFlushedValidData (
4144 IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
4145 IN BOOLEAN BcbListHeld
4146 );
4147
4148 #endif /* (VER_PRODUCTBUILD >= 2195) */
4149
4150 NTKERNELAPI
4151 LARGE_INTEGER
4152 NTAPI
4153 CcGetLsnForFileObject (
4154 IN PFILE_OBJECT FileObject,
4155 OUT PLARGE_INTEGER OldestLsn OPTIONAL
4156 );
4157
4158 typedef BOOLEAN (NTAPI *PACQUIRE_FOR_LAZY_WRITE) (
4159 IN PVOID Context,
4160 IN BOOLEAN Wait
4161 );
4162
4163 typedef VOID (NTAPI *PRELEASE_FROM_LAZY_WRITE) (
4164 IN PVOID Context
4165 );
4166
4167 typedef BOOLEAN (NTAPI *PACQUIRE_FOR_READ_AHEAD) (
4168 IN PVOID Context,
4169 IN BOOLEAN Wait
4170 );
4171
4172 typedef VOID (NTAPI *PRELEASE_FROM_READ_AHEAD) (
4173 IN PVOID Context
4174 );
4175
4176 typedef struct _CACHE_MANAGER_CALLBACKS {
4177 PACQUIRE_FOR_LAZY_WRITE AcquireForLazyWrite;
4178 PRELEASE_FROM_LAZY_WRITE ReleaseFromLazyWrite;
4179 PACQUIRE_FOR_READ_AHEAD AcquireForReadAhead;
4180 PRELEASE_FROM_READ_AHEAD ReleaseFromReadAhead;
4181 } CACHE_MANAGER_CALLBACKS, *PCACHE_MANAGER_CALLBACKS;
4182
4183 NTKERNELAPI
4184 VOID
4185 NTAPI
4186 CcInitializeCacheMap (
4187 IN PFILE_OBJECT FileObject,
4188 IN PCC_FILE_SIZES FileSizes,
4189 IN BOOLEAN PinAccess,
4190 IN PCACHE_MANAGER_CALLBACKS Callbacks,
4191 IN PVOID LazyWriteContext
4192 );
4193
4194 #define CcIsFileCached(FO) ( \
4195 ((FO)->SectionObjectPointer != NULL) && \
4196 (((PSECTION_OBJECT_POINTERS)(FO)->SectionObjectPointer)->SharedCacheMap != NULL) \
4197 )
4198
4199 extern ULONG CcFastMdlReadWait;
4200
4201 NTKERNELAPI
4202 BOOLEAN
4203 NTAPI
4204 CcIsThereDirtyData (
4205 IN PVPB Vpb
4206 );
4207
4208 NTKERNELAPI
4209 BOOLEAN
4210 NTAPI
4211 CcMapData (
4212 IN PFILE_OBJECT FileObject,
4213 IN PLARGE_INTEGER FileOffset,
4214 IN ULONG Length,
4215 IN ULONG Flags,
4216 OUT PVOID *Bcb,
4217 OUT PVOID *Buffer
4218 );
4219
4220 NTKERNELAPI
4221 VOID
4222 NTAPI
4223 CcMdlRead (
4224 IN PFILE_OBJECT FileObject,
4225 IN PLARGE_INTEGER FileOffset,
4226 IN ULONG Length,
4227 OUT PMDL *MdlChain,
4228 OUT PIO_STATUS_BLOCK IoStatus
4229 );
4230
4231 NTKERNELAPI
4232 VOID
4233 NTAPI
4234 CcMdlReadComplete (
4235 IN PFILE_OBJECT FileObject,
4236 IN PMDL MdlChain
4237 );
4238
4239 NTKERNELAPI
4240 VOID
4241 NTAPI
4242 CcMdlWriteComplete (
4243 IN PFILE_OBJECT FileObject,
4244 IN PLARGE_INTEGER FileOffset,
4245 IN PMDL MdlChain
4246 );
4247
4248 #define MAP_WAIT 1
4249
4250 NTKERNELAPI
4251 BOOLEAN
4252 NTAPI
4253 CcPinMappedData (
4254 IN PFILE_OBJECT FileObject,
4255 IN PLARGE_INTEGER FileOffset,
4256 IN ULONG Length,
4257 IN ULONG Flags,
4258 IN OUT PVOID *Bcb
4259 );
4260
4261 NTKERNELAPI
4262 BOOLEAN
4263 NTAPI
4264 CcPinRead (
4265 IN PFILE_OBJECT FileObject,
4266 IN PLARGE_INTEGER FileOffset,
4267 IN ULONG Length,
4268 IN ULONG Flags,
4269 OUT PVOID *Bcb,
4270 OUT PVOID *Buffer
4271 );
4272
4273 NTKERNELAPI
4274 VOID
4275 NTAPI
4276 CcPrepareMdlWrite (
4277 IN PFILE_OBJECT FileObject,
4278 IN PLARGE_INTEGER FileOffset,
4279 IN ULONG Length,
4280 OUT PMDL *MdlChain,
4281 OUT PIO_STATUS_BLOCK IoStatus
4282 );
4283
4284 NTKERNELAPI
4285 BOOLEAN
4286 NTAPI
4287 CcPreparePinWrite (
4288 IN PFILE_OBJECT FileObject,
4289 IN PLARGE_INTEGER FileOffset,
4290 IN ULONG Length,
4291 IN BOOLEAN Zero,
4292 IN ULONG Flags,
4293 OUT PVOID *Bcb,
4294 OUT PVOID *Buffer
4295 );
4296
4297 NTKERNELAPI
4298 BOOLEAN
4299 NTAPI
4300 CcPurgeCacheSection (
4301 IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
4302 IN PLARGE_INTEGER FileOffset OPTIONAL,
4303 IN ULONG Length,
4304 IN BOOLEAN UninitializeCacheMaps
4305 );
4306
4307 #define CcReadAhead(FO, FOFF, LEN) ( \
4308 if ((LEN) >= 256) { \
4309 CcScheduleReadAhead((FO), (FOFF), (LEN)); \
4310 } \
4311 )
4312
4313 #if (VER_PRODUCTBUILD >= 2195)
4314
4315 NTKERNELAPI
4316 PVOID
4317 NTAPI
4318 CcRemapBcb (
4319 IN PVOID Bcb
4320 );
4321
4322 #endif /* (VER_PRODUCTBUILD >= 2195) */
4323
4324 NTKERNELAPI
4325 VOID
4326 NTAPI
4327 CcRepinBcb (
4328 IN PVOID Bcb
4329 );
4330
4331 NTKERNELAPI
4332 VOID
4333 NTAPI
4334 CcScheduleReadAhead (
4335 IN PFILE_OBJECT FileObject,
4336 IN PLARGE_INTEGER FileOffset,
4337 IN ULONG Length
4338 );
4339
4340 NTKERNELAPI
4341 VOID
4342 NTAPI
4343 CcSetAdditionalCacheAttributes (
4344 IN PFILE_OBJECT FileObject,
4345 IN BOOLEAN DisableReadAhead,
4346 IN BOOLEAN DisableWriteBehind
4347 );
4348
4349 NTKERNELAPI
4350 VOID
4351 NTAPI
4352 CcSetBcbOwnerPointer (
4353 IN PVOID Bcb,
4354 IN PVOID OwnerPointer
4355 );
4356
4357 NTKERNELAPI
4358 VOID
4359 NTAPI
4360 CcSetDirtyPageThreshold (
4361 IN PFILE_OBJECT FileObject,
4362 IN ULONG DirtyPageThreshold
4363 );
4364
4365 NTKERNELAPI
4366 VOID
4367 NTAPI
4368 CcSetDirtyPinnedData (
4369 IN PVOID BcbVoid,
4370 IN PLARGE_INTEGER Lsn OPTIONAL
4371 );
4372
4373 NTKERNELAPI
4374 VOID
4375 NTAPI
4376 CcSetFileSizes (
4377 IN PFILE_OBJECT FileObject,
4378 IN PCC_FILE_SIZES FileSizes
4379 );
4380
4381 typedef VOID (NTAPI *PFLUSH_TO_LSN) (
4382 IN PVOID LogHandle,
4383 IN LARGE_INTEGER Lsn
4384 );
4385
4386 NTKERNELAPI
4387 VOID
4388 NTAPI
4389 CcSetLogHandleForFile (
4390 IN PFILE_OBJECT FileObject,
4391 IN PVOID LogHandle,
4392 IN PFLUSH_TO_LSN FlushToLsnRoutine
4393 );
4394
4395 NTKERNELAPI
4396 VOID
4397 NTAPI
4398 CcSetReadAheadGranularity (
4399 IN PFILE_OBJECT FileObject,
4400 IN ULONG Granularity /* default: PAGE_SIZE */
4401 /* allowed: 2^n * PAGE_SIZE */
4402 );
4403
4404 NTKERNELAPI
4405 BOOLEAN
4406 NTAPI
4407 CcUninitializeCacheMap (
4408 IN PFILE_OBJECT FileObject,
4409 IN PLARGE_INTEGER TruncateSize OPTIONAL,
4410 IN PCACHE_UNINITIALIZE_EVENT UninitializeCompleteEvent OPTIONAL
4411 );
4412
4413 NTKERNELAPI
4414 VOID
4415 NTAPI
4416 CcUnpinData (
4417 IN PVOID Bcb
4418 );
4419
4420 NTKERNELAPI
4421 VOID
4422 NTAPI
4423 CcUnpinDataForThread (
4424 IN PVOID Bcb,
4425 IN ERESOURCE_THREAD ResourceThreadId
4426 );
4427
4428 NTKERNELAPI
4429 VOID
4430 NTAPI
4431 CcUnpinRepinnedBcb (
4432 IN PVOID Bcb,
4433 IN BOOLEAN WriteThrough,
4434 OUT PIO_STATUS_BLOCK IoStatus
4435 );
4436
4437 #if (VER_PRODUCTBUILD >= 2195)
4438
4439 NTKERNELAPI
4440 NTSTATUS
4441 NTAPI
4442 CcWaitForCurrentLazyWriterActivity (
4443 VOID
4444 );
4445
4446 #endif /* (VER_PRODUCTBUILD >= 2195) */
4447
4448 NTKERNELAPI
4449 BOOLEAN
4450 NTAPI
4451 CcZeroData (
4452 IN PFILE_OBJECT FileObject,
4453 IN PLARGE_INTEGER StartOffset,
4454 IN PLARGE_INTEGER EndOffset,
4455 IN BOOLEAN Wait
4456 );
4457
4458 NTKERNELAPI
4459 VOID
4460 NTAPI
4461 ExDisableResourceBoostLite (
4462 IN PERESOURCE Resource
4463 );
4464
4465 NTKERNELAPI
4466 SIZE_T
4467 NTAPI
4468 ExQueryPoolBlockSize (
4469 IN PVOID PoolBlock,
4470 OUT PBOOLEAN QuotaCharged
4471 );
4472
4473 #if (VER_PRODUCTBUILD >= 2600)
4474
4475 #ifndef __NTOSKRNL__
4476 NTKERNELAPI
4477 VOID
4478 FASTCALL
4479 ExInitializeRundownProtection (
4480 IN PEX_RUNDOWN_REF RunRef
4481 );
4482
4483 NTKERNELAPI
4484 VOID
4485 FASTCALL
4486 ExReInitializeRundownProtection (
4487 IN PEX_RUNDOWN_REF RunRef
4488 );
4489
4490 NTKERNELAPI
4491 BOOLEAN
4492 FASTCALL
4493 ExAcquireRundownProtection (
4494 IN PEX_RUNDOWN_REF RunRef
4495 );
4496
4497 NTKERNELAPI
4498 BOOLEAN
4499 FASTCALL
4500 ExAcquireRundownProtectionEx (
4501 IN PEX_RUNDOWN_REF RunRef,
4502 IN ULONG Count
4503 );
4504
4505 NTKERNELAPI
4506 VOID
4507 FASTCALL
4508 ExReleaseRundownProtection (
4509 IN PEX_RUNDOWN_REF RunRef
4510 );
4511
4512 NTKERNELAPI
4513 VOID
4514 FASTCALL
4515 ExReleaseRundownProtectionEx (
4516 IN PEX_RUNDOWN_REF RunRef,
4517 IN ULONG Count
4518 );
4519
4520 NTKERNELAPI
4521 VOID
4522 FASTCALL
4523 ExRundownCompleted (
4524 IN PEX_RUNDOWN_REF RunRef
4525 );
4526
4527 NTKERNELAPI
4528 VOID
4529 FASTCALL
4530 ExWaitForRundownProtectionRelease (
4531 IN PEX_RUNDOWN_REF RunRef
4532 );
4533
4534 #endif
4535 #endif /* (VER_PRODUCTBUILD >= 2600) */
4536
4537
4538 #define FsRtlSetupAdvancedHeader( _advhdr, _fmutx ) \
4539 { \
4540 SetFlag( (_advhdr)->Flags, FSRTL_FLAG_ADVANCED_HEADER ); \
4541 SetFlag( (_advhdr)->Flags2, FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS ); \
4542 (_advhdr)->Version = FSRTL_FCB_HEADER_V1; \
4543 InitializeListHead( &(_advhdr)->FilterContexts ); \
4544 if ((_fmutx) != NULL) { \
4545 (_advhdr)->FastMutex = (_fmutx); \
4546 } \
4547 *((PULONG_PTR)(&(_advhdr)->PushLock)) = 0; \
4548 /*ExInitializePushLock( &(_advhdr)->PushLock ); API Not avaliable downlevel*/\
4549 (_advhdr)->FileContextSupportPointer = NULL; \
4550 }
4551
4552 NTKERNELAPI
4553 BOOLEAN
4554 NTAPI
4555 FsRtlAddBaseMcbEntry (
4556 IN PBASE_MCB Mcb,
4557 IN LONGLONG Vbn,
4558 IN LONGLONG Lbn,
4559 IN LONGLONG SectorCount
4560 );
4561
4562 NTKERNELAPI
4563 BOOLEAN
4564 NTAPI
4565 FsRtlAddLargeMcbEntry (
4566 IN PLARGE_MCB Mcb,
4567 IN LONGLONG Vbn,
4568 IN LONGLONG Lbn,
4569 IN LONGLONG SectorCount
4570 );
4571
4572 NTKERNELAPI
4573 BOOLEAN
4574 NTAPI
4575 FsRtlAddMcbEntry (
4576 IN PMCB Mcb,
4577 IN VBN Vbn,
4578 IN LBN Lbn,
4579 IN ULONG SectorCount
4580 );
4581
4582 NTKERNELAPI
4583 VOID
4584 NTAPI
4585 FsRtlAddToTunnelCache (
4586 IN PTUNNEL Cache,
4587 IN ULONGLONG DirectoryKey,
4588 IN PUNICODE_STRING ShortName,
4589 IN PUNICODE_STRING LongName,
4590 IN BOOLEAN KeyByShortName,
4591 IN ULONG DataLength,
4592 IN PVOID Data
4593 );
4594
4595 #if (VER_PRODUCTBUILD >= 2195)
4596
4597 PFILE_LOCK
4598 NTAPI
4599 FsRtlAllocateFileLock (
4600 IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL,
4601 IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL
4602 );
4603
4604 #endif /* (VER_PRODUCTBUILD >= 2195) */
4605
4606 NTKERNELAPI
4607 PVOID
4608 NTAPI
4609 FsRtlAllocatePool (
4610 IN POOL_TYPE PoolType,
4611 IN ULONG NumberOfBytes
4612 );
4613
4614 NTKERNELAPI
4615 PVOID
4616 NTAPI
4617 FsRtlAllocatePoolWithQuota (
4618 IN POOL_TYPE PoolType,
4619 IN ULONG NumberOfBytes
4620 );
4621
4622 NTKERNELAPI
4623 PVOID
4624 NTAPI
4625 FsRtlAllocatePoolWithQuotaTag (
4626 IN POOL_TYPE PoolType,
4627 IN ULONG NumberOfBytes,
4628 IN ULONG Tag
4629 );
4630
4631 NTKERNELAPI
4632 PVOID
4633 NTAPI
4634 FsRtlAllocatePoolWithTag (
4635 IN POOL_TYPE PoolType,
4636 IN ULONG NumberOfBytes,
4637 IN ULONG Tag
4638 );
4639
4640 NTKERNELAPI
4641 BOOLEAN
4642 NTAPI
4643 FsRtlAreNamesEqual (
4644 IN PCUNICODE_STRING Name1,
4645 IN PCUNICODE_STRING Name2,
4646 IN BOOLEAN IgnoreCase,
4647 IN PCWCH UpcaseTable OPTIONAL
4648 );
4649
4650 #define FsRtlAreThereCurrentFileLocks(FL) ( \
4651 ((FL)->FastIoIsQuestionable) \
4652 )
4653
4654 /*
4655 FsRtlCheckLockForReadAccess:
4656
4657 All this really does is pick out the lock parameters from the irp (io stack
4658 location?), get IoGetRequestorProcess, and pass values on to
4659 FsRtlFastCheckLockForRead.
4660 */
4661 NTKERNELAPI
4662 BOOLEAN
4663 NTAPI
4664 FsRtlCheckLockForReadAccess (
4665 IN PFILE_LOCK FileLock,
4666 IN PIRP Irp
4667 );
4668
4669 /*
4670 FsRtlCheckLockForWriteAccess:
4671
4672 All this really does is pick out the lock parameters from the irp (io stack
4673 location?), get IoGetRequestorProcess, and pass values on to
4674 FsRtlFastCheckLockForWrite.
4675 */
4676 NTKERNELAPI
4677 BOOLEAN
4678 NTAPI
4679 FsRtlCheckLockForWriteAccess (
4680 IN PFILE_LOCK FileLock,
4681 IN PIRP Irp
4682 );
4683
4684 typedef
4685 VOID
4686 (NTAPI*POPLOCK_WAIT_COMPLETE_ROUTINE) (
4687 IN PVOID Context,
4688 IN PIRP Irp
4689 );
4690
4691 typedef
4692 VOID
4693 (NTAPI*POPLOCK_FS_PREPOST_IRP) (
4694 IN PVOID Context,
4695 IN PIRP Irp
4696 );
4697
4698 NTKERNELAPI
4699 NTSTATUS
4700 NTAPI
4701 FsRtlCheckOplock (
4702 IN POPLOCK Oplock,
4703 IN PIRP Irp,
4704 IN PVOID Context,
4705 IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL,
4706 IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL
4707 );
4708
4709 NTKERNELAPI
4710 BOOLEAN
4711 NTAPI
4712 FsRtlCopyRead (
4713 IN PFILE_OBJECT FileObject,
4714 IN PLARGE_INTEGER FileOffset,
4715 IN ULONG Length,
4716 IN BOOLEAN Wait,
4717 IN ULONG LockKey,
4718 OUT PVOID Buffer,
4719 OUT PIO_STATUS_BLOCK IoStatus,
4720 IN PDEVICE_OBJECT DeviceObject
4721 );
4722
4723 NTKERNELAPI
4724 BOOLEAN
4725 NTAPI
4726 FsRtlCopyWrite (
4727 IN PFILE_OBJECT FileObject,
4728 IN PLARGE_INTEGER FileOffset,
4729 IN ULONG Length,
4730 IN BOOLEAN Wait,
4731 IN ULONG LockKey,
4732 IN PVOID Buffer,
4733 OUT PIO_STATUS_BLOCK IoStatus,
4734 IN PDEVICE_OBJECT DeviceObject
4735 );
4736
4737 NTKERNELAPI
4738 BOOLEAN
4739 NTAPI
4740 FsRtlCurrentBatchOplock (
4741 IN POPLOCK Oplock
4742 );
4743
4744 NTKERNELAPI
4745 VOID
4746 NTAPI
4747 FsRtlDeleteKeyFromTunnelCache (
4748 IN PTUNNEL Cache,
4749 IN ULONGLONG DirectoryKey
4750 );
4751
4752 NTKERNELAPI
4753 VOID
4754 NTAPI
4755 FsRtlDeleteTunnelCache (
4756 IN PTUNNEL Cache
4757 );
4758
4759 NTKERNELAPI
4760 VOID
4761 NTAPI
4762 FsRtlDeregisterUncProvider (
4763 IN HANDLE Handle
4764 );
4765
4766 NTKERNELAPI
4767 VOID
4768 NTAPI
4769 FsRtlDissectDbcs (
4770 IN ANSI_STRING Name,
4771 OUT PANSI_STRING FirstPart,
4772 OUT PANSI_STRING RemainingPart
4773 );
4774
4775 NTKERNELAPI
4776 VOID
4777 NTAPI
4778 FsRtlDissectName (
4779 IN UNICODE_STRING Name,
4780 OUT PUNICODE_STRING FirstPart,
4781 OUT PUNICODE_STRING RemainingPart
4782 );
4783
4784 NTKERNELAPI
4785 BOOLEAN
4786 NTAPI
4787 FsRtlDoesDbcsContainWildCards (
4788 IN PANSI_STRING Name
4789 );
4790
4791 NTKERNELAPI
4792 BOOLEAN
4793 NTAPI
4794 FsRtlDoesNameContainWildCards (
4795 IN PUNICODE_STRING Name
4796 );
4797
4798 NTKERNELAPI
4799 BOOLEAN
4800 NTAPI
4801 FsRtlIsFatDbcsLegal (
4802 IN ANSI_STRING DbcsName,
4803 IN BOOLEAN WildCardsPermissible,
4804 IN BOOLEAN PathNamePermissible,
4805 IN BOOLEAN LeadingBackslashPermissible
4806 );
4807
4808
4809 #define FsRtlCompleteRequest(IRP,STATUS) { \
4810 (IRP)->IoStatus.Status = (STATUS); \
4811 IoCompleteRequest( (IRP), IO_DISK_INCREMENT ); \
4812 }
4813
4814 #define FsRtlEnterFileSystem KeEnterCriticalRegion
4815
4816 #define FsRtlExitFileSystem KeLeaveCriticalRegion
4817
4818 NTKERNELAPI
4819 BOOLEAN
4820 NTAPI
4821 FsRtlFastCheckLockForRead (
4822 IN PFILE_LOCK FileLock,
4823 IN PLARGE_INTEGER FileOffset,
4824 IN PLARGE_INTEGER Length,
4825 IN ULONG Key,
4826 IN PFILE_OBJECT FileObject,
4827 IN PVOID Process
4828 );
4829
4830 NTKERNELAPI
4831 BOOLEAN
4832 NTAPI
4833 FsRtlFastCheckLockForWrite (
4834 IN PFILE_LOCK FileLock,
4835 IN PLARGE_INTEGER FileOffset,
4836 IN PLARGE_INTEGER Length,
4837 IN ULONG Key,
4838 IN PFILE_OBJECT FileObject,
4839 IN PVOID Process
4840 );
4841
4842 #define FsRtlFastLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, A10, A11) ( \
4843 FsRtlPrivateLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, NULL, A10, A11) \
4844 )
4845
4846 NTKERNELAPI
4847 NTSTATUS
4848 NTAPI
4849 FsRtlFastUnlockAll (
4850 IN PFILE_LOCK FileLock,
4851 IN PFILE_OBJECT FileObject,
4852 IN PEPROCESS Process,
4853 IN PVOID Context OPTIONAL
4854 );
4855 /* ret: STATUS_RANGE_NOT_LOCKED */
4856
4857 NTKERNELAPI
4858 NTSTATUS
4859 NTAPI
4860 FsRtlFastUnlockAllByKey (
4861 IN PFILE_LOCK FileLock,
4862 IN PFILE_OBJECT FileObject,
4863 IN PEPROCESS Process,
4864 IN ULONG Key,
4865 IN PVOID Context OPTIONAL
4866 );
4867 /* ret: STATUS_RANGE_NOT_LOCKED */
4868
4869 NTKERNELAPI
4870 NTSTATUS
4871 NTAPI
4872 FsRtlFastUnlockSingle (
4873 IN PFILE_LOCK FileLock,
4874 IN PFILE_OBJECT FileObject,
4875 IN PLARGE_INTEGER FileOffset,
4876 IN PLARGE_INTEGER Length,
4877 IN PEPROCESS Process,
4878 IN ULONG Key,
4879 IN PVOID Context OPTIONAL,
4880 IN BOOLEAN AlreadySynchronized
4881 );
4882 /* ret: STATUS_RANGE_NOT_LOCKED */
4883
4884 NTKERNELAPI
4885 BOOLEAN
4886 NTAPI
4887 FsRtlFindInTunnelCache (
4888 IN PTUNNEL Cache,
4889 IN ULONGLONG DirectoryKey,
4890 IN PUNICODE_STRING Name,
4891 OUT PUNICODE_STRING ShortName,
4892 OUT PUNICODE_STRING LongName,
4893 IN OUT PULONG DataLength,
4894 OUT PVOID Data
4895 );
4896
4897 #if (VER_PRODUCTBUILD >= 2195)
4898
4899 NTKERNELAPI
4900 VOID
4901 NTAPI
4902 FsRtlFreeFileLock (
4903 IN PFILE_LOCK FileLock
4904 );
4905
4906 #endif /* (VER_PRODUCTBUILD >= 2195) */
4907
4908 NTKERNELAPI
4909 NTSTATUS
4910 NTAPI
4911 FsRtlGetFileSize (
4912 IN PFILE_OBJECT FileObject,
4913 IN OUT PLARGE_INTEGER FileSize
4914 );
4915
4916 NTKERNELAPI
4917 BOOLEAN
4918 NTAPI
4919 FsRtlGetNextBaseMcbEntry (
4920 IN PBASE_MCB Mcb,
4921 IN ULONG RunIndex,
4922 OUT PLONGLONG Vbn,
4923 OUT PLONGLONG Lbn,
4924 OUT PLONGLONG SectorCount
4925 );
4926
4927 /*
4928 FsRtlGetNextFileLock:
4929
4930 ret: NULL if no more locks
4931
4932 Internals:
4933 FsRtlGetNextFileLock uses FileLock->LastReturnedLockInfo and
4934 FileLock->LastReturnedLock as storage.
4935 LastReturnedLock is a pointer to the 'raw' lock inkl. double linked
4936 list, and FsRtlGetNextFileLock needs this to get next lock on subsequent
4937 calls with Restart = FALSE.
4938 */
4939 NTKERNELAPI
4940 PFILE_LOCK_INFO
4941 NTAPI
4942 FsRtlGetNextFileLock (
4943 IN PFILE_LOCK FileLock,
4944 IN BOOLEAN Restart
4945 );
4946
4947 NTKERNELAPI
4948 BOOLEAN
4949 NTAPI
4950 FsRtlGetNextLargeMcbEntry (
4951 IN PLARGE_MCB Mcb,
4952 IN ULONG RunIndex,
4953 OUT PLONGLONG Vbn,
4954 OUT PLONGLONG Lbn,
4955 OUT PLONGLONG SectorCount
4956 );
4957
4958 NTKERNELAPI
4959 BOOLEAN
4960 NTAPI
4961 FsRtlGetNextMcbEntry (
4962 IN PMCB Mcb,
4963 IN ULONG RunIndex,
4964 OUT PVBN Vbn,
4965 OUT PLBN Lbn,
4966 OUT PULONG SectorCount
4967 );
4968
4969 #define FsRtlGetPerStreamContextPointer(FO) ( \
4970 (PFSRTL_ADVANCED_FCB_HEADER)(FO)->FsContext \
4971 )
4972
4973 NTKERNELAPI
4974 VOID
4975 NTAPI
4976 FsRtlInitializeBaseMcb (
4977 IN PBASE_MCB Mcb,
4978 IN POOL_TYPE PoolType
4979 );
4980
4981 NTKERNELAPI
4982 VOID
4983 NTAPI
4984 FsRtlInitializeFileLock (
4985 IN PFILE_LOCK FileLock,
4986 IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL,
4987 IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL
4988 );
4989
4990 NTKERNELAPI
4991 VOID
4992 NTAPI
4993 FsRtlInitializeLargeMcb (
4994 IN PLARGE_MCB Mcb,
4995 IN POOL_TYPE PoolType
4996 );
4997
4998 NTKERNELAPI
4999 VOID
5000 NTAPI
5001 FsRtlInitializeMcb (
5002 IN PMCB Mcb,
5003 IN POOL_TYPE PoolType
5004 );
5005
5006 NTKERNELAPI
5007 VOID
5008 NTAPI
5009 FsRtlInitializeOplock (
5010 IN OUT POPLOCK Oplock
5011 );
5012
5013 NTKERNELAPI
5014 VOID
5015 NTAPI
5016 FsRtlInitializeTunnelCache (
5017 IN PTUNNEL Cache
5018 );
5019
5020 #define FsRtlInitPerStreamContext(PSC, O, I, FC) ( \
5021 (PSC)->OwnerId = (O), \
5022 (PSC)->InstanceId = (I), \
5023 (PSC)->FreeCallback = (FC) \
5024 )
5025
5026 NTKERNELAPI
5027 NTSTATUS
5028 NTAPI
5029 FsRtlInsertPerStreamContext (
5030 IN PFSRTL_ADVANCED_FCB_HEADER PerStreamContext,
5031 IN PFSRTL_PER_STREAM_CONTEXT Ptr
5032 );
5033
5034 #define FsRtlIsAnsiCharacterLegalFat(C, WILD) ( \
5035 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_FAT_LEGAL) | \
5036 ((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \
5037 )
5038
5039 #define FsRtlIsAnsiCharacterLegalHpfs(C, WILD) ( \
5040 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_HPFS_LEGAL) | \
5041 ((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \
5042 )
5043
5044 #define FsRtlIsAnsiCharacterLegalNtfs(C, WILD) ( \
5045 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_NTFS_LEGAL) | \
5046 ((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \
5047 )
5048
5049 #define FsRtlIsAnsiCharacterWild(C) ( \
5050 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], FSRTL_WILD_CHARACTER ) \
5051 )
5052
5053 NTKERNELAPI
5054 BOOLEAN
5055 NTAPI
5056 FsRtlIsFatDbcsLegal (
5057 IN ANSI_STRING DbcsName,
5058 IN BOOLEAN WildCardsPermissible,
5059 IN BOOLEAN PathNamePermissible,
5060 IN BOOLEAN LeadingBackslashPermissible
5061 );
5062
5063 NTKERNELAPI
5064 BOOLEAN
5065 NTAPI
5066 FsRtlIsHpfsDbcsLegal (
5067 IN ANSI_STRING DbcsName,
5068 IN BOOLEAN WildCardsPermissible,
5069 IN BOOLEAN PathNamePermissible,
5070 IN BOOLEAN LeadingBackslashPermissible
5071 );
5072
5073 NTKERNELAPI
5074 BOOLEAN
5075 NTAPI
5076 FsRtlIsNameInExpression (
5077 IN PUNICODE_STRING Expression,
5078 IN PUNICODE_STRING Name,
5079 IN BOOLEAN IgnoreCase,
5080 IN PWCHAR UpcaseTable OPTIONAL
5081 );
5082
5083 NTKERNELAPI
5084 BOOLEAN
5085 NTAPI
5086 FsRtlIsNtstatusExpected (
5087 IN NTSTATUS Ntstatus
5088 );
5089
5090 #define NLS_OEM_LEAD_BYTE_INFO NlsOemLeadByteInfo
5091
5092 extern PUSHORT NlsOemLeadByteInfo;
5093
5094 #define FsRtlIsLeadDbcsCharacter(DBCS_CHAR) ( \
5095 (BOOLEAN)((UCHAR)(DBCS_CHAR) < 0x80 ? FALSE : \
5096 (NLS_MB_CODE_PAGE_TAG && \
5097 (NLS_OEM_LEAD_BYTE_INFO[(UCHAR)(DBCS_CHAR)] != 0))) \
5098 )
5099
5100 #define FsRtlIsUnicodeCharacterWild(C) ( \
5101 (((C) >= 0x40) ? \
5102 FALSE : \
5103 FlagOn(FsRtlLegalAnsiCharacterArray[(C)], FSRTL_WILD_CHARACTER )) \
5104 )
5105
5106 NTKERNELAPI
5107 BOOLEAN
5108 NTAPI
5109 FsRtlLookupBaseMcbEntry (
5110 IN PBASE_MCB Mcb,
5111 IN LONGLONG Vbn,
5112 OUT PLONGLONG Lbn OPTIONAL,
5113 OUT PLONGLONG SectorCountFromLbn OPTIONAL,
5114 OUT PLONGLONG StartingLbn OPTIONAL,
5115 OUT PLONGLONG SectorCountFromStartingLbn OPTIONAL,
5116 OUT PULONG Index OPTIONAL
5117 );
5118
5119 NTKERNELAPI
5120 BOOLEAN
5121 NTAPI
5122 FsRtlLookupLargeMcbEntry (
5123 IN PLARGE_MCB Mcb,
5124 IN LONGLONG Vbn,
5125 OUT PLONGLONG Lbn OPTIONAL,
5126 OUT PLONGLONG SectorCountFromLbn OPTIONAL,
5127 OUT PLONGLONG StartingLbn OPTIONAL,
5128 OUT PLONGLONG SectorCountFromStartingLbn OPTIONAL,
5129 OUT PULONG Index OPTIONAL
5130 );
5131
5132 NTKERNELAPI
5133 BOOLEAN
5134 NTAPI
5135 FsRtlLookupLastBaseMcbEntry (
5136 IN PBASE_MCB Mcb,
5137 OUT PLONGLONG Vbn,
5138 OUT PLONGLONG Lbn
5139 );
5140
5141 NTKERNELAPI
5142 BOOLEAN
5143 NTAPI
5144 FsRtlLookupLastLargeMcbEntry (
5145 IN PLARGE_MCB Mcb,
5146 OUT PLONGLONG Vbn,
5147 OUT PLONGLONG Lbn
5148 );
5149
5150 NTKERNELAPI
5151 BOOLEAN
5152 NTAPI
5153 FsRtlLookupLastMcbEntry (
5154 IN PMCB Mcb,
5155 OUT PVBN Vbn,
5156 OUT PLBN Lbn
5157 );
5158
5159 NTKERNELAPI
5160 BOOLEAN
5161 NTAPI
5162 FsRtlLookupLastBaseMcbEntryAndIndex (
5163 IN PBASE_MCB OpaqueMcb,
5164 IN OUT PLONGLONG LargeVbn,
5165 IN OUT PLONGLONG LargeLbn,
5166 IN OUT PULONG Index
5167 );
5168
5169 NTKERNELAPI
5170 BOOLEAN
5171 NTAPI
5172 FsRtlLookupLastLargeMcbEntryAndIndex (
5173 IN PLARGE_MCB OpaqueMcb,
5174 OUT PLONGLONG LargeVbn,
5175 OUT PLONGLONG LargeLbn,
5176 OUT PULONG Index
5177 );
5178
5179 NTKERNELAPI
5180 BOOLEAN
5181 NTAPI
5182 FsRtlLookupMcbEntry (
5183 IN PMCB Mcb,
5184 IN VBN Vbn,
5185 OUT PLBN Lbn,
5186 OUT PULONG SectorCount OPTIONAL,
5187 OUT PULONG Index
5188 );
5189
5190 NTKERNELAPI
5191 PFSRTL_PER_STREAM_CONTEXT
5192 NTAPI
5193 FsRtlLookupPerStreamContextInternal (
5194 IN PFSRTL_ADVANCED_FCB_HEADER StreamContext,
5195 IN PVOID OwnerId OPTIONAL,
5196 IN PVOID InstanceId OPTIONAL
5197 );
5198
5199 NTKERNELAPI
5200 BOOLEAN
5201 NTAPI
5202 FsRtlMdlReadDev (
5203 IN PFILE_OBJECT FileObject,
5204 IN PLARGE_INTEGER FileOffset,
5205 IN ULONG Length,
5206 IN ULONG LockKey,
5207 OUT PMDL *MdlChain,
5208 OUT PIO_STATUS_BLOCK IoStatus,
5209 IN PDEVICE_OBJECT DeviceObject
5210 );
5211
5212 NTKERNELAPI
5213 BOOLEAN
5214 NTAPI
5215 FsRtlMdlReadComplete (
5216 IN PFILE_OBJECT FileObject,
5217 IN PMDL MdlChain
5218 );
5219
5220 NTKERNELAPI
5221 BOOLEAN
5222 NTAPI
5223 FsRtlMdlReadCompleteDev (
5224 IN PFILE_OBJECT FileObject,
5225 IN PMDL MdlChain,
5226 IN PDEVICE_OBJECT DeviceObject
5227 );
5228
5229 NTKERNELAPI
5230 BOOLEAN
5231 NTAPI
5232 FsRtlPrepareMdlWriteDev (
5233 IN PFILE_OBJECT FileObject,
5234 IN PLARGE_INTEGER FileOffset,
5235 IN ULONG Length,
5236 IN ULONG LockKey,
5237 OUT PMDL *MdlChain,
5238 OUT PIO_STATUS_BLOCK IoStatus,
5239 IN PDEVICE_OBJECT DeviceObject
5240 );
5241
5242 NTKERNELAPI
5243 BOOLEAN
5244 NTAPI
5245 FsRtlMdlWriteComplete (
5246 IN PFILE_OBJECT FileObject,
5247 IN PLARGE_INTEGER FileOffset,
5248 IN PMDL MdlChain
5249 );
5250
5251 NTKERNELAPI
5252 BOOLEAN
5253 NTAPI
5254 FsRtlMdlWriteCompleteDev (
5255 IN PFILE_OBJECT FileObject,
5256 IN PLARGE_INTEGER FileOffset,
5257 IN PMDL MdlChain,
5258 IN PDEVICE_OBJECT DeviceObject
5259 );
5260
5261 NTKERNELAPI
5262 NTSTATUS
5263 NTAPI
5264 FsRtlNormalizeNtstatus (
5265 IN NTSTATUS Exception,
5266 IN NTSTATUS GenericException
5267 );
5268
5269 NTKERNELAPI
5270 VOID
5271 NTAPI
5272 FsRtlNotifyChangeDirectory (
5273 IN PNOTIFY_SYNC NotifySync,
5274 IN PVOID FsContext,
5275 IN PSTRING FullDirectoryName,
5276 IN PLIST_ENTRY NotifyList,
5277 IN BOOLEAN WatchTree,
5278 IN ULONG CompletionFilter,
5279 IN PIRP NotifyIrp
5280 );
5281
5282 NTKERNELAPI
5283 VOID
5284 NTAPI
5285 FsRtlNotifyCleanup (
5286 IN PNOTIFY_SYNC NotifySync,
5287 IN PLIST_ENTRY NotifyList,
5288 IN PVOID FsContext
5289 );
5290
5291 typedef BOOLEAN (NTAPI *PCHECK_FOR_TRAVERSE_ACCESS) (
5292 IN PVOID NotifyContext,
5293 IN PVOID TargetContext,
5294 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
5295 );
5296
5297 NTKERNELAPI
5298 VOID
5299 NTAPI
5300 FsRtlNotifyFilterChangeDirectory (
5301 IN PNOTIFY_SYNC NotifySync,
5302 IN PLIST_ENTRY NotifyList,
5303 IN PVOID FsContext,
5304 IN PSTRING FullDirectoryName,
5305 IN BOOLEAN WatchTree,
5306 IN BOOLEAN IgnoreBuffer,
5307 IN ULONG CompletionFilter,
5308 IN PIRP NotifyIrp,
5309 IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL,
5310 IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL,
5311 IN PFILTER_REPORT_CHANGE FilterCallback OPTIONAL);
5312
5313 NTKERNELAPI
5314 VOID
5315 NTAPI
5316 FsRtlNotifyFilterReportChange (
5317 IN PNOTIFY_SYNC NotifySync,
5318 IN PLIST_ENTRY NotifyList,
5319 IN PSTRING FullTargetName,
5320 IN USHORT TargetNameOffset,
5321 IN PSTRING StreamName OPTIONAL,
5322 IN PSTRING NormalizedParentName OPTIONAL,
5323 IN ULONG FilterMatch,
5324 IN ULONG Action,
5325 IN PVOID TargetContext,
5326 IN PVOID FilterContext);
5327
5328 NTKERNELAPI
5329 VOID
5330 NTAPI
5331 FsRtlNotifyFullChangeDirectory (
5332 IN PNOTIFY_SYNC NotifySync,
5333 IN PLIST_ENTRY NotifyList,
5334 IN PVOID FsContext,
5335 IN PSTRING FullDirectoryName,
5336 IN BOOLEAN WatchTree,
5337 IN BOOLEAN IgnoreBuffer,
5338 IN ULONG CompletionFilter,
5339 IN PIRP NotifyIrp,
5340 IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL,
5341 IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL
5342 );
5343
5344 NTKERNELAPI
5345 VOID
5346 NTAPI
5347 FsRtlNotifyFullReportChange (
5348 IN PNOTIFY_SYNC NotifySync,
5349 IN PLIST_ENTRY NotifyList,
5350 IN PSTRING FullTargetName,
5351 IN USHORT TargetNameOffset,
5352 IN PSTRING StreamName OPTIONAL,
5353 IN PSTRING NormalizedParentName OPTIONAL,
5354 IN ULONG FilterMatch,
5355 IN ULONG Action,
5356 IN PVOID TargetContext
5357 );
5358
5359 NTKERNELAPI
5360 VOID
5361 NTAPI
5362 FsRtlNotifyInitializeSync (
5363 IN PNOTIFY_SYNC *NotifySync
5364 );
5365
5366 NTKERNELAPI
5367 VOID
5368 NTAPI
5369 FsRtlNotifyUninitializeSync (
5370 IN PNOTIFY_SYNC *NotifySync
5371 );
5372
5373 #if (VER_PRODUCTBUILD >= 2195)
5374
5375 NTKERNELAPI
5376 NTSTATUS
5377 NTAPI
5378 FsRtlNotifyVolumeEvent (
5379 IN PFILE_OBJECT FileObject,
5380 IN ULONG EventCode
5381 );
5382
5383 #endif /* (VER_PRODUCTBUILD >= 2195) */
5384
5385 NTKERNELAPI
5386 ULONG
5387 NTAPI
5388 FsRtlNumberOfRunsInBaseMcb (
5389 IN PBASE_MCB Mcb
5390 );
5391
5392 NTKERNELAPI
5393 ULONG
5394 NTAPI
5395 FsRtlNumberOfRunsInLargeMcb (
5396 IN PLARGE_MCB Mcb
5397 );
5398
5399 NTKERNELAPI
5400 ULONG
5401 NTAPI
5402 FsRtlNumberOfRunsInMcb (
5403 IN PMCB Mcb
5404 );
5405
5406 NTKERNELAPI
5407 NTSTATUS
5408 NTAPI
5409 FsRtlOplockFsctrl (
5410 IN POPLOCK Oplock,
5411 IN PIRP Irp,
5412 IN ULONG OpenCount
5413 );
5414
5415 NTKERNELAPI
5416 BOOLEAN
5417 NTAPI
5418 FsRtlOplockIsFastIoPossible (
5419 IN POPLOCK Oplock
5420 );
5421
5422 typedef VOID
5423 (NTAPI *PFSRTL_STACK_OVERFLOW_ROUTINE) (
5424 IN PVOID Context,
5425 IN PKEVENT Event
5426 );
5427
5428 NTKERNELAPI
5429 VOID
5430 NTAPI
5431 FsRtlPostPagingFileStackOverflow (
5432 IN PVOID Context,
5433 IN PKEVENT Event,
5434 IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine
5435 );
5436
5437 NTKERNELAPI
5438 VOID
5439 NTAPI
5440 FsRtlPostStackOverflow (
5441 IN PVOID Context,
5442 IN PKEVENT Event,
5443 IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine
5444 );
5445
5446 /*
5447 FsRtlPrivateLock:
5448
5449 ret: IoStatus->Status: STATUS_PENDING, STATUS_LOCK_NOT_GRANTED
5450
5451 Internals:
5452 -Calls IoCompleteRequest if Irp
5453 -Uses exception handling / ExRaiseStatus with STATUS_INSUFFICIENT_RESOURCES
5454 */
5455 NTKERNELAPI
5456 BOOLEAN
5457 NTAPI
5458 FsRtlPrivateLock (
5459 IN PFILE_LOCK FileLock,
5460 IN PFILE_OBJECT FileObject,
5461 IN PLARGE_INTEGER FileOffset,
5462 IN PLARGE_INTEGER Length,
5463 IN PEPROCESS Process,
5464 IN ULONG Key,
5465 IN BOOLEAN FailImmediately,
5466 IN BOOLEAN ExclusiveLock,
5467 OUT PIO_STATUS_BLOCK IoStatus,
5468 IN PIRP Irp OPTIONAL,
5469 IN PVOID Context,
5470 IN BOOLEAN AlreadySynchronized
5471 );
5472
5473 /*
5474 FsRtlProcessFileLock:
5475
5476 ret:
5477 -STATUS_INVALID_DEVICE_REQUEST
5478 -STATUS_RANGE_NOT_LOCKED from unlock routines.
5479 -STATUS_PENDING, STATUS_LOCK_NOT_GRANTED from FsRtlPrivateLock
5480 (redirected IoStatus->Status).
5481
5482 Internals:
5483 -switch ( Irp->CurrentStackLocation->MinorFunction )
5484 lock: return FsRtlPrivateLock;
5485 unlocksingle: return FsRtlFastUnlockSingle;
5486 unlockall: return FsRtlFastUnlockAll;
5487 unlockallbykey: return FsRtlFastUnlockAllByKey;
5488 default: IofCompleteRequest with STATUS_INVALID_DEVICE_REQUEST;
5489 return STATUS_INVALID_DEVICE_REQUEST;
5490
5491 -'AllwaysZero' is passed thru as 'AllwaysZero' to lock / unlock routines.
5492 -'Irp' is passet thru as 'Irp' to FsRtlPrivateLock.
5493 */
5494 NTKERNELAPI
5495 NTSTATUS
5496 NTAPI
5497 FsRtlProcessFileLock (
5498 IN PFILE_LOCK FileLock,
5499 IN PIRP Irp,
5500 IN PVOID Context OPTIONAL
5501 );
5502
5503 NTKERNELAPI
5504 NTSTATUS
5505 NTAPI
5506 FsRtlRegisterUncProvider (
5507 IN OUT PHANDLE MupHandle,
5508 IN PUNICODE_STRING RedirectorDeviceName,
5509 IN BOOLEAN MailslotsSupported
5510 );
5511
5512 NTKERNELAPI
5513 VOID
5514 NTAPI
5515 FsRtlRemoveBaseMcbEntry (
5516 IN PBASE_MCB Mcb,
5517 IN LONGLONG Vbn,
5518 IN LONGLONG SectorCount
5519 );
5520
5521 NTKERNELAPI
5522 VOID
5523 NTAPI
5524 FsRtlRemoveLargeMcbEntry (
5525 IN PLARGE_MCB Mcb,
5526 IN LONGLONG Vbn,
5527 IN LONGLONG SectorCount
5528 );
5529
5530 NTKERNELAPI
5531 VOID
5532 NTAPI
5533 FsRtlRemoveMcbEntry (
5534 IN PMCB Mcb,
5535 IN VBN Vbn,
5536 IN ULONG SectorCount
5537 );
5538
5539 NTKERNELAPI
5540 PFSRTL_PER_STREAM_CONTEXT
5541 NTAPI
5542 FsRtlRemovePerStreamContext (
5543 IN PFSRTL_ADVANCED_FCB_HEADER StreamContext,
5544 IN PVOID OwnerId OPTIONAL,
5545 IN PVOID InstanceId OPTIONAL
5546 );
5547
5548 NTKERNELAPI
5549 VOID
5550 NTAPI
5551 FsRtlResetBaseMcb (
5552 IN PBASE_MCB Mcb
5553 );
5554
5555 NTKERNELAPI
5556 VOID
5557 NTAPI
5558 FsRtlResetLargeMcb (
5559 IN PLARGE_MCB Mcb,
5560 IN BOOLEAN SelfSynchronized
5561 );
5562
5563 NTKERNELAPI
5564 BOOLEAN
5565 NTAPI
5566 FsRtlSplitBaseMcb (
5567 IN PBASE_MCB Mcb,
5568 IN LONGLONG Vbn,
5569 IN LONGLONG Amount
5570 );
5571
5572 NTKERNELAPI
5573 BOOLEAN
5574 NTAPI
5575 FsRtlSplitLargeMcb (
5576 IN PLARGE_MCB Mcb,
5577 IN LONGLONG Vbn,
5578 IN LONGLONG Amount
5579 );
5580
5581 #define FsRtlSupportsPerStreamContexts(FO) ( \
5582 (BOOLEAN)((NULL != FsRtlGetPerStreamContextPointer(FO) && \
5583 FlagOn(FsRtlGetPerStreamContextPointer(FO)->Flags2, \
5584 FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS)) \
5585 )
5586
5587 NTKERNELAPI
5588 VOID
5589 NTAPI
5590 FsRtlTruncateBaseMcb (
5591 IN PBASE_MCB Mcb,
5592 IN LONGLONG Vbn
5593 );
5594
5595 NTKERNELAPI
5596 VOID
5597 NTAPI
5598 FsRtlTruncateLargeMcb (
5599 IN PLARGE_MCB Mcb,
5600 IN LONGLONG Vbn
5601 );
5602
5603 NTKERNELAPI
5604 VOID
5605 NTAPI
5606 FsRtlTruncateMcb (
5607 IN PMCB Mcb,
5608 IN VBN Vbn
5609 );
5610
5611 NTKERNELAPI
5612 VOID
5613 NTAPI
5614 FsRtlUninitializeBaseMcb (
5615 IN PBASE_MCB Mcb
5616 );
5617
5618 NTKERNELAPI
5619 VOID
5620 NTAPI
5621 FsRtlUninitializeFileLock (
5622 IN PFILE_LOCK FileLock
5623 );
5624
5625 NTKERNELAPI
5626 VOID
5627 NTAPI
5628 FsRtlUninitializeLargeMcb (
5629 IN PLARGE_MCB Mcb
5630 );
5631
5632 NTKERNELAPI
5633 VOID
5634 NTAPI
5635 FsRtlUninitializeMcb (
5636 IN PMCB Mcb
5637 );
5638
5639 NTKERNELAPI
5640 VOID
5641 NTAPI
5642 FsRtlUninitializeOplock (
5643 IN OUT POPLOCK Oplock
5644 );
5645
5646 NTKERNELAPI
5647 UCHAR
5648 NTAPI
5649 KeSetIdealProcessorThread(
5650 IN OUT PKTHREAD Thread,
5651 IN UCHAR Processor
5652 );
5653
5654 NTKERNELAPI
5655 NTSTATUS
5656 NTAPI
5657 IoAttachDeviceToDeviceStackSafe(
5658 IN PDEVICE_OBJECT SourceDevice,
5659 IN PDEVICE_OBJECT TargetDevice,
5660 OUT PDEVICE_OBJECT *AttachedToDeviceObject
5661 );
5662
5663 NTKERNELAPI
5664 VOID
5665 NTAPI
5666 IoAcquireVpbSpinLock (
5667 OUT PKIRQL Irql
5668 );
5669
5670 NTKERNELAPI
5671 NTSTATUS
5672 NTAPI
5673 IoCheckDesiredAccess (
5674 IN OUT PACCESS_MASK DesiredAccess,
5675 IN ACCESS_MASK GrantedAccess
5676 );
5677
5678 NTKERNELAPI
5679 NTSTATUS
5680 NTAPI
5681 IoCheckEaBufferValidity (
5682 IN PFILE_FULL_EA_INFORMATION EaBuffer,
5683 IN ULONG EaLength,
5684 OUT PULONG ErrorOffset
5685 );
5686
5687 NTKERNELAPI
5688 NTSTATUS
5689 NTAPI
5690 IoCheckFunctionAccess (
5691 IN ACCESS_MASK GrantedAccess,
5692 IN UCHAR MajorFunction,
5693 IN UCHAR MinorFunction,
5694 IN ULONG IoControlCode,
5695 IN PVOID Argument1 OPTIONAL,
5696 IN PVOID Argument2 OPTIONAL
5697 );
5698
5699 #if (VER_PRODUCTBUILD >= 2195)
5700
5701 NTKERNELAPI
5702 NTSTATUS
5703 NTAPI
5704 IoCheckQuotaBufferValidity (
5705 IN PFILE_QUOTA_INFORMATION QuotaBuffer,
5706 IN ULONG QuotaLength,
5707 OUT PULONG ErrorOffset
5708 );
5709
5710 #endif /* (VER_PRODUCTBUILD >= 2195) */
5711
5712 NTKERNELAPI
5713 PFILE_OBJECT
5714 NTAPI
5715 IoCreateStreamFileObject (
5716 IN PFILE_OBJECT FileObject OPTIONAL,
5717 IN PDEVICE_OBJECT DeviceObject OPTIONAL
5718 );
5719
5720 #if (VER_PRODUCTBUILD >= 2195)
5721
5722 NTKERNELAPI
5723 PFILE_OBJECT
5724 NTAPI
5725 IoCreateStreamFileObjectLite (
5726 IN PFILE_OBJECT FileObject OPTIONAL,
5727 IN PDEVICE_OBJECT DeviceObject OPTIONAL
5728 );
5729
5730 #endif /* (VER_PRODUCTBUILD >= 2195) */
5731
5732 NTKERNELAPI
5733 BOOLEAN
5734 NTAPI
5735 IoFastQueryNetworkAttributes (
5736 IN POBJECT_ATTRIBUTES ObjectAttributes,
5737 IN ACCESS_MASK DesiredAccess,
5738 IN ULONG OpenOptions,
5739 OUT PIO_STATUS_BLOCK IoStatus,
5740 OUT PFILE_NETWORK_OPEN_INFORMATION Buffer
5741 );
5742
5743 NTKERNELAPI
5744 PDEVICE_OBJECT
5745 NTAPI
5746 IoGetAttachedDevice (
5747 IN PDEVICE_OBJECT DeviceObject
5748 );
5749
5750 NTKERNELAPI
5751 PDEVICE_OBJECT
5752 NTAPI
5753 IoGetBaseFileSystemDeviceObject (
5754 IN PFILE_OBJECT FileObject
5755 );
5756
5757 #if (VER_PRODUCTBUILD >= 2600)
5758
5759 NTKERNELAPI
5760 PDEVICE_OBJECT
5761 NTAPI
5762 IoGetDeviceAttachmentBaseRef (
5763 IN PDEVICE_OBJECT DeviceObject
5764 );
5765
5766 NTKERNELAPI
5767 NTSTATUS
5768 NTAPI
5769 IoGetDiskDeviceObject (
5770 IN PDEVICE_OBJECT FileSystemDeviceObject,
5771 OUT PDEVICE_OBJECT *DiskDeviceObject
5772 );
5773
5774 NTKERNELAPI
5775 PDEVICE_OBJECT
5776 NTAPI
5777 IoGetLowerDeviceObject (
5778 IN PDEVICE_OBJECT DeviceObject
5779 );
5780
5781 #endif /* (VER_PRODUCTBUILD >= 2600) */
5782
5783 NTKERNELAPI
5784 PEPROCESS
5785 NTAPI
5786 IoGetRequestorProcess (
5787 IN PIRP Irp
5788 );
5789
5790 #if (VER_PRODUCTBUILD >= 2195)
5791
5792 NTKERNELAPI
5793 ULONG
5794 NTAPI
5795 IoGetRequestorProcessId (
5796 IN PIRP Irp
5797 );
5798
5799 #endif /* (VER_PRODUCTBUILD >= 2195) */
5800
5801 NTKERNELAPI
5802 PIRP
5803 NTAPI
5804 IoGetTopLevelIrp (
5805 VOID
5806 );
5807
5808 #define IoIsFileOpenedExclusively(FileObject) ( \
5809 (BOOLEAN) !( \
5810 (FileObject)->SharedRead || \
5811 (FileObject)->SharedWrite || \
5812 (FileObject)->SharedDelete \
5813 ) \
5814 )
5815
5816 NTKERNELAPI
5817 BOOLEAN
5818 NTAPI
5819 IoIsOperationSynchronous (
5820 IN PIRP Irp
5821 );
5822
5823 NTKERNELAPI
5824 BOOLEAN
5825 NTAPI
5826 IoIsSystemThread (
5827 IN PETHREAD Thread
5828 );
5829
5830 #if (VER_PRODUCTBUILD >= 2195)
5831
5832 NTKERNELAPI
5833 BOOLEAN
5834 NTAPI
5835 IoIsValidNameGraftingBuffer (
5836 IN PIRP Irp,
5837 IN PREPARSE_DATA_BUFFER ReparseBuffer
5838 );
5839
5840 #endif /* (VER_PRODUCTBUILD >= 2195) */
5841
5842 NTKERNELAPI
5843 NTSTATUS
5844 NTAPI
5845 IoPageRead (
5846 IN PFILE_OBJECT FileObject,
5847 IN PMDL Mdl,
5848 IN PLARGE_INTEGER Offset,
5849 IN PKEVENT Event,
5850 OUT PIO_STATUS_BLOCK IoStatusBlock
5851 );
5852
5853 NTKERNELAPI
5854 NTSTATUS
5855 NTAPI
5856 IoQueryFileInformation (
5857 IN PFILE_OBJECT FileObject,
5858 IN FILE_INFORMATION_CLASS FileInformationClass,
5859 IN ULONG Length,
5860 OUT PVOID FileInformation,
5861 OUT PULONG ReturnedLength
5862 );
5863
5864 NTKERNELAPI
5865 NTSTATUS
5866 NTAPI
5867 IoQueryVolumeInformation (
5868 IN PFILE_OBJECT FileObject,
5869 IN FS_INFORMATION_CLASS FsInformationClass,
5870 IN ULONG Length,
5871 OUT PVOID FsInformation,
5872 OUT PULONG ReturnedLength
5873 );
5874
5875 NTKERNELAPI
5876 VOID
5877 NTAPI
5878 IoQueueThreadIrp(
5879 IN PIRP Irp
5880 );
5881
5882 NTKERNELAPI
5883 VOID
5884 NTAPI
5885 IoRegisterFileSystem (
5886 IN OUT PDEVICE_OBJECT DeviceObject
5887 );
5888
5889 #if (VER_PRODUCTBUILD >= 1381)
5890
5891 typedef VOID (NTAPI *PDRIVER_FS_NOTIFICATION) (
5892 IN PDEVICE_OBJECT DeviceObject,
5893 IN BOOLEAN DriverActive
5894 );
5895
5896 NTKERNELAPI
5897 NTSTATUS
5898 NTAPI
5899 IoRegisterFsRegistrationChange (
5900 IN PDRIVER_OBJECT DriverObject,
5901 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
5902 );
5903
5904 #endif /* (VER_PRODUCTBUILD >= 1381) */
5905
5906 NTKERNELAPI
5907 VOID
5908 NTAPI
5909 IoReleaseVpbSpinLock (
5910 IN KIRQL Irql
5911 );
5912
5913 NTKERNELAPI
5914 VOID
5915 NTAPI
5916 IoSetDeviceToVerify (
5917 IN PETHREAD Thread,
5918 IN PDEVICE_OBJECT DeviceObject
5919 );
5920
5921 NTKERNELAPI
5922 NTSTATUS
5923 NTAPI
5924 IoSetInformation (
5925 IN PFILE_OBJECT FileObject,
5926 IN FILE_INFORMATION_CLASS FileInformationClass,
5927 IN ULONG Length,
5928 IN PVOID FileInformation
5929 );
5930
5931 NTKERNELAPI
5932 VOID
5933 NTAPI
5934 IoSetTopLevelIrp (
5935 IN PIRP Irp
5936 );
5937
5938 NTKERNELAPI
5939 NTSTATUS
5940 NTAPI
5941 IoSynchronousPageWrite (
5942 IN PFILE_OBJECT FileObject,
5943 IN PMDL Mdl,
5944 IN PLARGE_INTEGER FileOffset,
5945 IN PKEVENT Event,
5946 OUT PIO_STATUS_BLOCK IoStatusBlock
5947 );
5948
5949 NTKERNELAPI
5950 PEPROCESS
5951 NTAPI
5952 IoThreadToProcess (
5953 IN PETHREAD Thread
5954 );
5955
5956 NTKERNELAPI
5957 VOID
5958 NTAPI
5959 IoUnregisterFileSystem (
5960 IN OUT PDEVICE_OBJECT DeviceObject
5961 );
5962
5963 #if (VER_PRODUCTBUILD >= 1381)
5964
5965 NTKERNELAPI
5966 VOID
5967 NTAPI
5968 IoUnregisterFsRegistrationChange (
5969 IN PDRIVER_OBJECT DriverObject,
5970 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
5971 );
5972
5973 #endif /* (VER_PRODUCTBUILD >= 1381) */
5974
5975 NTKERNELAPI
5976 NTSTATUS
5977 NTAPI
5978 IoVerifyVolume (
5979 IN PDEVICE_OBJECT DeviceObject,
5980 IN BOOLEAN AllowRawMount
5981 );
5982
5983 #if !defined (_M_AMD64)
5984
5985 NTHALAPI
5986 KIRQL
5987 FASTCALL
5988 KeAcquireQueuedSpinLock (
5989 IN KSPIN_LOCK_QUEUE_NUMBER Number
5990 );
5991
5992 NTHALAPI
5993 VOID
5994 FASTCALL
5995 KeReleaseQueuedSpinLock (
5996 IN KSPIN_LOCK_QUEUE_NUMBER Number,
5997 IN KIRQL OldIrql
5998 );
5999
6000 NTHALAPI
6001 KIRQL
6002 FASTCALL
6003 KeAcquireSpinLockRaiseToSynch(
6004 IN OUT PKSPIN_LOCK SpinLock
6005 );
6006
6007 NTHALAPI
6008 LOGICAL
6009 FASTCALL
6010 KeTryToAcquireQueuedSpinLock(
6011 KSPIN_LOCK_QUEUE_NUMBER Number,
6012 PKIRQL OldIrql);
6013
6014 #else
6015
6016 NTKERNELAPI
6017 KIRQL
6018 FASTCALL
6019 KeAcquireQueuedSpinLock (
6020 IN KSPIN_LOCK_QUEUE_NUMBER Number
6021 );
6022
6023 NTKERNELAPI
6024 VOID
6025 FASTCALL
6026 KeReleaseQueuedSpinLock (
6027 IN KSPIN_LOCK_QUEUE_NUMBER Number,
6028 IN KIRQL OldIrql
6029 );
6030
6031 NTKERNELAPI
6032 KIRQL
6033 KeAcquireSpinLockRaiseToSynch(
6034 IN OUT PKSPIN_LOCK SpinLock
6035 );
6036
6037 NTKERNELAPI
6038 LOGICAL
6039 KeTryToAcquireQueuedSpinLock(
6040 KSPIN_LOCK_QUEUE_NUMBER Number,
6041 PKIRQL OldIrql);
6042
6043 #endif
6044
6045 NTKERNELAPI
6046 VOID
6047 NTAPI
6048 KeAttachProcess (
6049 IN PKPROCESS Process
6050 );
6051
6052 NTKERNELAPI
6053 VOID
6054 NTAPI
6055 KeDetachProcess (
6056 VOID
6057 );
6058
6059 NTKERNELAPI
6060 VOID
6061 NTAPI
6062 KeInitializeQueue (
6063 IN PRKQUEUE Queue,
6064 IN ULONG Count OPTIONAL
6065 );
6066
6067 NTKERNELAPI
6068 LONG
6069 NTAPI
6070 KeInsertHeadQueue (
6071 IN PRKQUEUE Queue,
6072 IN PLIST_ENTRY Entry
6073 );
6074
6075 NTKERNELAPI
6076 LONG
6077 NTAPI
6078 KeInsertQueue (
6079 IN PRKQUEUE Queue,
6080 IN PLIST_ENTRY Entry
6081 );
6082
6083 NTKERNELAPI
6084 LONG
6085 NTAPI
6086 KeReadStateQueue (
6087 IN PRKQUEUE Queue
6088 );
6089
6090 NTKERNELAPI
6091 PLIST_ENTRY
6092 NTAPI
6093 KeRemoveQueue (
6094 IN PRKQUEUE Queue,
6095 IN KPROCESSOR_MODE WaitMode,
6096 IN PLARGE_INTEGER Timeout OPTIONAL
6097 );
6098
6099 NTKERNELAPI
6100 PLIST_ENTRY
6101 NTAPI
6102 KeRundownQueue (
6103 IN PRKQUEUE Queue
6104 );
6105
6106 NTKERNELAPI
6107 VOID
6108 NTAPI
6109 KeInitializeMutant (
6110 IN PRKMUTANT Mutant,
6111 IN BOOLEAN InitialOwner
6112 );
6113
6114 NTKERNELAPI
6115 LONG
6116 NTAPI
6117 KeReadStateMutant (
6118 IN PRKMUTANT Mutant
6119 );
6120
6121 NTKERNELAPI
6122 LONG
6123 NTAPI
6124 KeReleaseMutant (
6125 IN PRKMUTANT Mutant,
6126 IN KPRIORITY Increment,
6127 IN BOOLEAN Abandoned,
6128 IN BOOLEAN Wait
6129 );
6130
6131 #if (VER_PRODUCTBUILD >= 2195)
6132
6133 NTKERNELAPI
6134 VOID
6135 NTAPI
6136 KeStackAttachProcess (
6137 IN PKPROCESS Process,
6138 OUT PKAPC_STATE ApcState
6139 );
6140
6141 NTKERNELAPI
6142 VOID
6143 NTAPI
6144 KeUnstackDetachProcess (
6145 IN PKAPC_STATE ApcState
6146 );
6147
6148 #endif /* (VER_PRODUCTBUILD >= 2195) */
6149
6150 NTKERNELAPI
6151 BOOLEAN
6152 NTAPI
6153 KeSetKernelStackSwapEnable(
6154 IN BOOLEAN Enable
6155 );
6156
6157 NTKERNELAPI
6158 BOOLEAN
6159 NTAPI
6160 MmCanFileBeTruncated (
6161 IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
6162 IN PLARGE_INTEGER NewFileSize
6163 );
6164
6165 NTKERNELAPI
6166 BOOLEAN
6167 NTAPI
6168 MmFlushImageSection (
6169 IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
6170 IN MMFLUSH_TYPE FlushType
6171 );
6172
6173 NTKERNELAPI
6174 BOOLEAN
6175 NTAPI
6176 MmForceSectionClosed (
6177 IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
6178 IN BOOLEAN DelayClose
6179 );
6180
6181 #if (VER_PRODUCTBUILD >= 1381)
6182
6183 NTKERNELAPI
6184 BOOLEAN
6185 NTAPI
6186 MmIsRecursiveIoFault (
6187 VOID
6188 );
6189
6190 #else
6191
6192 #define MmIsRecursiveIoFault() ( \
6193 (PsGetCurrentThread()->DisablePageFaultClustering) | \
6194 (PsGetCurrentThread()->ForwardClusterOnly) \
6195 )
6196
6197 #endif
6198
6199
6200 NTKERNELAPI
6201 BOOLEAN
6202 NTAPI
6203 MmSetAddressRangeModified (
6204 IN PVOID Address,
6205 IN SIZE_T Length
6206 );
6207
6208 NTKERNELAPI
6209 NTSTATUS
6210 NTAPI
6211 ObCreateObject (
6212 IN KPROCESSOR_MODE ObjectAttributesAccessMode OPTIONAL,
6213 IN POBJECT_TYPE ObjectType,
6214 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
6215 IN KPROCESSOR_MODE AccessMode,
6216 IN OUT PVOID ParseContext OPTIONAL,
6217 IN ULONG ObjectSize,
6218 IN ULONG PagedPoolCharge OPTIONAL,
6219 IN ULONG NonPagedPoolCharge OPTIONAL,
6220 OUT PVOID *Object
6221 );
6222
6223 NTKERNELAPI
6224 ULONG
6225 NTAPI
6226 ObGetObjectPointerCount (
6227 IN PVOID Object
6228 );
6229
6230 #if (NTDDI_VERSION >= NTDDI_WIN2K)
6231
6232 NTKERNELAPI
6233 NTSTATUS
6234 NTAPI
6235 ObInsertObject (
6236 IN PVOID Object,
6237 IN PACCESS_STATE PassedAccessState OPTIONAL,
6238 IN ACCESS_MASK DesiredAccess OPTIONAL,
6239 IN ULONG ObjectPointerBias,
6240 OUT PVOID *NewObject OPTIONAL,
6241 OUT PHANDLE Handle OPTIONAL);
6242
6243 NTKERNELAPI
6244 NTSTATUS
6245 NTAPI
6246 ObOpenObjectByPointer (
6247 IN PVOID Object,
6248 IN ULONG HandleAttributes,
6249 IN PACCESS_STATE PassedAccessState OPTIONAL,
6250 IN ACCESS_MASK DesiredAccess OPTIONAL,
6251 IN POBJECT_TYPE ObjectType OPTIONAL,
6252 IN KPROCESSOR_MODE AccessMode,
6253 OUT PHANDLE Handle);
6254
6255 NTKERNELAPI
6256 VOID
6257 NTAPI
6258 ObMakeTemporaryObject (
6259 IN PVOID Object);
6260
6261 NTKERNELAPI
6262 NTSTATUS
6263 NTAPI
6264 ObQueryObjectAuditingByHandle (
6265 IN HANDLE Handle,
6266 OUT PBOOLEAN GenerateOnClose);
6267
6268 #endif
6269
6270 NTKERNELAPI
6271 NTSTATUS
6272 NTAPI
6273 ObQueryNameString (
6274 IN PVOID Object,
6275 OUT POBJECT_NAME_INFORMATION ObjectNameInfo,
6276 IN ULONG Length,
6277 OUT PULONG ReturnLength
6278 );
6279
6280 NTKERNELAPI
6281 NTSTATUS
6282 NTAPI
6283 ObReferenceObjectByName (
6284 IN PUNICODE_STRING ObjectName,
6285 IN ULONG Attributes,
6286 IN PACCESS_STATE PassedAccessState OPTIONAL,
6287 IN ACCESS_MASK DesiredAccess OPTIONAL,
6288 IN POBJECT_TYPE ObjectType,
6289 IN KPROCESSOR_MODE AccessMode,
6290 IN OUT PVOID ParseContext OPTIONAL,
6291 OUT PVOID *Object
6292 );
6293
6294 NTKERNELAPI
6295 NTSTATUS
6296 NTAPI
6297 PsAssignImpersonationToken (
6298 IN PETHREAD Thread,
6299 IN HANDLE Token
6300 );
6301
6302 NTKERNELAPI
6303 VOID
6304 NTAPI
6305 PsChargePoolQuota (
6306 IN PEPROCESS Process,
6307 IN POOL_TYPE PoolType,
6308 IN SIZE_T Amount
6309 );
6310
6311 NTKERNELAPI
6312 NTSTATUS
6313 NTAPI
6314 PsChargeProcessPoolQuota (
6315 IN PEPROCESS Process,
6316 IN POOL_TYPE PoolType,
6317 IN SIZE_T Amount
6318 );
6319
6320 #define PsDereferenceImpersonationToken(T) \
6321 {if (ARGUMENT_PRESENT(T)) { \
6322 (ObDereferenceObject((T))); \
6323 } else { \
6324 ; \
6325 } \
6326 }
6327
6328 #define PsDereferencePrimaryToken(T) (ObDereferenceObject((T)))
6329
6330 NTKERNELAPI
6331 BOOLEAN
6332 NTAPI
6333 PsDisableImpersonation(
6334 IN PETHREAD Thread,
6335 IN PSE_IMPERSONATION_STATE ImpersonationState
6336 );
6337
6338 NTKERNELAPI
6339 LARGE_INTEGER
6340 NTAPI
6341 PsGetProcessExitTime (
6342 VOID
6343 );
6344
6345 NTKERNELAPI
6346 NTSTATUS
6347 NTAPI
6348 PsImpersonateClient(
6349 IN PETHREAD Thread,
6350 IN PACCESS_TOKEN Token,
6351 IN BOOLEAN CopyOnOpen,
6352 IN BOOLEAN EffectiveOnly,
6353 IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
6354 );
6355
6356 NTKERNELAPI
6357 BOOLEAN
6358 NTAPI
6359 PsIsSystemThread(
6360 IN PETHREAD Thread
6361 );
6362
6363 NTKERNELAPI
6364 BOOLEAN
6365 NTAPI
6366 PsIsThreadTerminating (
6367 IN PETHREAD Thread
6368 );
6369
6370 NTKERNELAPI
6371 NTSTATUS
6372 NTAPI
6373 PsLookupProcessByProcessId (
6374 IN HANDLE ProcessId,
6375 OUT PEPROCESS *Process
6376 );
6377
6378 NTKERNELAPI
6379 NTSTATUS
6380 NTAPI
6381 PsLookupProcessThreadByCid (
6382 IN PCLIENT_ID Cid,
6383 OUT PEPROCESS *Process OPTIONAL,
6384 OUT PETHREAD *Thread
6385 );
6386
6387 NTKERNELAPI
6388 NTSTATUS
6389 NTAPI
6390 PsLookupThreadByThreadId (
6391 IN HANDLE UniqueThreadId,
6392 OUT PETHREAD *Thread
6393 );
6394
6395 NTKERNELAPI
6396 PACCESS_TOKEN
6397 NTAPI
6398 PsReferenceImpersonationToken (
6399 IN PETHREAD Thread,
6400 OUT PBOOLEAN CopyOnUse,
6401 OUT PBOOLEAN EffectiveOnly,
6402 OUT PSECURITY_IMPERSONATION_LEVEL Level
6403 );
6404
6405 NTKERNELAPI
6406 HANDLE
6407 NTAPI
6408 PsReferencePrimaryToken (
6409 IN PEPROCESS Process
6410 );
6411
6412 NTKERNELAPI
6413 VOID
6414 NTAPI
6415 PsRestoreImpersonation(
6416 IN PETHREAD Thread,
6417 IN PSE_IMPERSONATION_STATE ImpersonationState
6418 );
6419
6420 NTKERNELAPI
6421 VOID
6422 NTAPI
6423 PsReturnPoolQuota (
6424 IN PEPROCESS Process,
6425 IN POOL_TYPE PoolType,
6426 IN SIZE_T Amount
6427 );
6428
6429 NTKERNELAPI
6430 VOID
6431 NTAPI
6432 PsRevertToSelf (
6433 VOID
6434 );
6435
6436 NTSYSAPI
6437 VOID
6438 NTAPI
6439 RtlGenerate8dot3Name (
6440 IN PUNICODE_STRING Name,
6441 IN BOOLEAN AllowExtendedCharacters,
6442 IN OUT PGENERATE_NAME_CONTEXT Context,
6443 OUT PUNICODE_STRING Name8dot3
6444 );
6445
6446 NTSYSAPI
6447 VOID
6448 NTAPI
6449 RtlSecondsSince1970ToTime (
6450 IN ULONG SecondsSince1970,
6451 OUT PLARGE_INTEGER Time
6452 );
6453
6454 NTSYSAPI
6455 NTSTATUS
6456 NTAPI
6457 RtlSetSaclSecurityDescriptor (
6458 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
6459 IN BOOLEAN SaclPresent,
6460 IN PACL Sacl,
6461 IN BOOLEAN SaclDefaulted
6462 );
6463
6464 NTSYSAPI
6465 NTSTATUS
6466 NTAPI
6467 RtlUnicodeStringToCountedOemString (
6468 IN OUT POEM_STRING DestinationString,
6469 IN PCUNICODE_STRING SourceString,
6470 IN BOOLEAN AllocateDestinationString
6471 );
6472
6473 /* RTL Splay Tree Functions */
6474 NTSYSAPI
6475 PRTL_SPLAY_LINKS
6476 NTAPI
6477 RtlSplay(PRTL_SPLAY_LINKS Links);
6478
6479 NTSYSAPI
6480 PRTL_SPLAY_LINKS
6481 NTAPI
6482 RtlDelete(PRTL_SPLAY_LINKS Links);
6483
6484 NTSYSAPI
6485 VOID
6486 NTAPI
6487 RtlDeleteNoSplay(
6488 PRTL_SPLAY_LINKS Links,
6489 PRTL_SPLAY_LINKS *Root
6490 );
6491
6492 NTSYSAPI
6493 PRTL_SPLAY_LINKS
6494 NTAPI
6495 RtlSubtreeSuccessor(PRTL_SPLAY_LINKS Links);
6496
6497 NTSYSAPI
6498 PRTL_SPLAY_LINKS
6499 NTAPI
6500 RtlSubtreePredecessor(PRTL_SPLAY_LINKS Links);
6501
6502 NTSYSAPI
6503 PRTL_SPLAY_LINKS
6504 NTAPI
6505 RtlRealSuccessor(PRTL_SPLAY_LINKS Links);
6506
6507 NTSYSAPI
6508 PRTL_SPLAY_LINKS
6509 NTAPI
6510 RtlRealPredecessor(PRTL_SPLAY_LINKS Links);
6511
6512 #define RtlIsLeftChild(Links) \
6513 (RtlLeftChild(RtlParent(Links)) == (PRTL_SPLAY_LINKS)(Links))
6514
6515 #define RtlIsRightChild(Links) \
6516 (RtlRightChild(RtlParent(Links)) == (PRTL_SPLAY_LINKS)(Links))
6517
6518 #define RtlRightChild(Links) \
6519 ((PRTL_SPLAY_LINKS)(Links))->RightChild
6520
6521 #define RtlIsRoot(Links) \
6522 (RtlParent(Links) == (PRTL_SPLAY_LINKS)(Links))
6523
6524 #define RtlLeftChild(Links) \
6525 ((PRTL_SPLAY_LINKS)(Links))->LeftChild
6526
6527 #define RtlParent(Links) \
6528 ((PRTL_SPLAY_LINKS)(Links))->Parent
6529
6530 #define RtlInitializeSplayLinks(Links) \
6531 { \
6532 PRTL_SPLAY_LINKS _SplayLinks; \
6533 _SplayLinks = (PRTL_SPLAY_LINKS)(Links); \
6534 _SplayLinks->Parent = _SplayLinks; \
6535 _SplayLinks->LeftChild = NULL; \
6536 _SplayLinks->RightChild = NULL; \
6537 }
6538
6539 #define RtlInsertAsLeftChild(ParentLinks,ChildLinks) \
6540 { \
6541 PRTL_SPLAY_LINKS _SplayParent; \
6542 PRTL_SPLAY_LINKS _SplayChild; \
6543 _SplayParent = (PRTL_SPLAY_LINKS)(ParentLinks); \
6544 _SplayChild = (PRTL_SPLAY_LINKS)(ChildLinks); \
6545 _SplayParent->LeftChild = _SplayChild; \
6546 _SplayChild->Parent = _SplayParent; \
6547 }
6548
6549 #define RtlInsertAsRightChild(ParentLinks,ChildLinks) \
6550 { \
6551 PRTL_SPLAY_LINKS _SplayParent; \
6552 PRTL_SPLAY_LINKS _SplayChild; \
6553 _SplayParent = (PRTL_SPLAY_LINKS)(ParentLinks); \
6554 _SplayChild = (PRTL_SPLAY_LINKS)(ChildLinks); \
6555 _SplayParent->RightChild = _SplayChild; \
6556 _SplayChild->Parent = _SplayParent; \
6557 }
6558
6559 //
6560 // RTL time functions
6561 //
6562
6563 NTKERNELAPI
6564 NTSTATUS
6565 NTAPI
6566 SeAppendPrivileges (
6567 PACCESS_STATE AccessState,
6568 PPRIVILEGE_SET Privileges
6569 );
6570
6571 NTKERNELAPI
6572 BOOLEAN
6573 NTAPI
6574 SeAuditingFileEvents (
6575 IN BOOLEAN AccessGranted,
6576 IN PSECURITY_DESCRIPTOR SecurityDescriptor
6577 );
6578
6579 NTKERNELAPI
6580 BOOLEAN
6581 NTAPI
6582 SeAuditingFileOrGlobalEvents (
6583 IN BOOLEAN AccessGranted,
6584 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
6585 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
6586 );
6587
6588 NTKERNELAPI
6589 VOID
6590 NTAPI
6591 SeCaptureSubjectContext (
6592 OUT PSECURITY_SUBJECT_CONTEXT SubjectContext
6593 );
6594
6595 NTKERNELAPI
6596 NTSTATUS
6597 NTAPI
6598 SeCreateClientSecurity (
6599 IN PETHREAD Thread,
6600 IN PSECURITY_QUALITY_OF_SERVICE QualityOfService,
6601 IN BOOLEAN RemoteClient,
6602 OUT PSECURITY_CLIENT_CONTEXT ClientContext
6603 );
6604
6605 #if (VER_PRODUCTBUILD >= 2195)
6606
6607 NTKERNELAPI
6608 NTSTATUS
6609 NTAPI
6610 SeCreateClientSecurityFromSubjectContext (
6611 IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
6612 IN PSECURITY_QUALITY_OF_SERVICE QualityOfService,
6613 IN BOOLEAN ServerIsRemote,
6614 OUT PSECURITY_CLIENT_CONTEXT ClientContext
6615 );
6616
6617 #endif /* (VER_PRODUCTBUILD >= 2195) */
6618
6619
6620 #define SeLengthSid( Sid ) \
6621 (8 + (4 * ((SID *)Sid)->SubAuthorityCount))
6622
6623 #define SeDeleteClientSecurity(C) { \
6624 if (SeTokenType((C)->ClientToken) == TokenPrimary) { \
6625 PsDereferencePrimaryToken( (C)->ClientToken ); \
6626 } else { \
6627 PsDereferenceImpersonationToken( (C)->ClientToken ); \
6628 } \
6629 }
6630
6631 NTKERNELAPI
6632 VOID
6633 NTAPI
6634 SeDeleteObjectAuditAlarm (
6635 IN PVOID Object,
6636 IN HANDLE Handle
6637 );
6638
6639 #define SeEnableAccessToExports() SeExports = *(PSE_EXPORTS *)SeExports;
6640
6641 NTKERNELAPI
6642 VOID
6643 NTAPI
6644 SeFreePrivileges (
6645 IN PPRIVILEGE_SET Privileges
6646 );
6647
6648 NTKERNELAPI
6649 VOID
6650 NTAPI
6651 SeImpersonateClient (
6652 IN PSECURITY_CLIENT_CONTEXT ClientContext,
6653 IN PETHREAD ServerThread OPTIONAL
6654 );
6655
6656 #if (VER_PRODUCTBUILD >= 2195)
6657
6658 NTKERNELAPI
6659 NTSTATUS
6660 NTAPI
6661 SeImpersonateClientEx (
6662 IN PSECURITY_CLIENT_CONTEXT ClientContext,
6663 IN PETHREAD ServerThread OPTIONAL
6664 );
6665
6666 #endif /* (VER_PRODUCTBUILD >= 2195) */
6667
6668 NTKERNELAPI
6669 VOID
6670 NTAPI
6671 SeLockSubjectContext (
6672 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
6673 );
6674
6675 NTKERNELAPI
6676 NTSTATUS
6677 NTAPI
6678 SeMarkLogonSessionForTerminationNotification (
6679 IN PLUID LogonId
6680 );
6681
6682 NTKERNELAPI
6683 VOID
6684 NTAPI
6685 SeOpenObjectAuditAlarm (
6686 IN PUNICODE_STRING ObjectTypeName,
6687 IN PVOID Object OPTIONAL,
6688 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
6689 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
6690 IN PACCESS_STATE AccessState,
6691 IN BOOLEAN ObjectCreated,
6692 IN BOOLEAN AccessGranted,
6693 IN KPROCESSOR_MODE AccessMode,
6694 OUT PBOOLEAN GenerateOnClose
6695 );
6696
6697 NTKERNELAPI
6698 VOID
6699 NTAPI
6700 SeOpenObjectForDeleteAuditAlarm (
6701 IN PUNICODE_STRING ObjectTypeName,
6702 IN PVOID Object OPTIONAL,
6703 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
6704 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
6705 IN PACCESS_STATE AccessState,
6706 IN BOOLEAN ObjectCreated,
6707 IN BOOLEAN AccessGranted,
6708 IN KPROCESSOR_MODE AccessMode,
6709 OUT PBOOLEAN GenerateOnClose
6710 );
6711
6712 NTKERNELAPI
6713 BOOLEAN
6714 NTAPI
6715 SePrivilegeCheck (
6716 IN OUT PPRIVILEGE_SET RequiredPrivileges,
6717 IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
6718 IN KPROCESSOR_MODE AccessMode
6719 );
6720
6721 NTKERNELAPI
6722 NTSTATUS
6723 NTAPI
6724 SeQueryAuthenticationIdToken (
6725 IN PACCESS_TOKEN Token,
6726 OUT PLUID LogonId
6727 );
6728
6729 #if (VER_PRODUCTBUILD >= 2195)
6730
6731 NTKERNELAPI
6732 NTSTATUS
6733 NTAPI
6734 SeQueryInformationToken (
6735 IN PACCESS_TOKEN Token,
6736 IN TOKEN_INFORMATION_CLASS TokenInformationClass,
6737 OUT PVOID *TokenInformation
6738 );
6739
6740 #endif /* (VER_PRODUCTBUILD >= 2195) */
6741
6742 NTKERNELAPI
6743 NTSTATUS
6744 NTAPI
6745 SeQuerySecurityDescriptorInfo (
6746 IN PSECURITY_INFORMATION SecurityInformation,
6747 OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
6748 IN OUT PULONG Length,
6749 IN PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor
6750 );
6751
6752 #if (VER_PRODUCTBUILD >= 2195)
6753
6754 NTKERNELAPI
6755 NTSTATUS
6756 NTAPI
6757 SeQuerySessionIdToken (
6758 IN PACCESS_TOKEN Token,
6759 IN PULONG SessionId
6760 );
6761
6762 #endif /* (VER_PRODUCTBUILD >= 2195) */
6763
6764 #define SeQuerySubjectContextToken( SubjectContext ) \
6765 ( ARGUMENT_PRESENT( \
6766 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken \
6767 ) ? \
6768 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken : \
6769 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->PrimaryToken )
6770
6771 typedef NTSTATUS (NTAPI *PSE_LOGON_SESSION_TERMINATED_ROUTINE) (
6772 IN PLUID LogonId
6773 );
6774
6775 NTKERNELAPI
6776 NTSTATUS
6777 NTAPI
6778 SeRegisterLogonSessionTerminatedRoutine (
6779 IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
6780 );
6781
6782 NTKERNELAPI
6783 VOID
6784 NTAPI
6785 SeReleaseSubjectContext (
6786 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
6787 );
6788
6789 NTKERNELAPI
6790 VOID
6791 NTAPI
6792 SeSetAccessStateGenericMapping (
6793 PACCESS_STATE AccessState,
6794 PGENERIC_MAPPING GenericMapping
6795 );
6796
6797 NTKERNELAPI
6798 NTSTATUS
6799 NTAPI
6800 SeSetSecurityDescriptorInfo (
6801 IN PVOID Object OPTIONAL,
6802 IN PSECURITY_INFORMATION SecurityInformation,
6803 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
6804 IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
6805 IN POOL_TYPE PoolType,
6806 IN PGENERIC_MAPPING GenericMapping
6807 );
6808
6809 #if (VER_PRODUCTBUILD >= 2195)
6810
6811 NTKERNELAPI
6812 NTSTATUS
6813 NTAPI
6814 SeSetSecurityDescriptorInfoEx (
6815 IN PVOID Object OPTIONAL,
6816 IN PSECURITY_INFORMATION SecurityInformation,
6817 IN PSECURITY_DESCRIPTOR ModificationDescriptor,
6818 IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
6819 IN ULONG AutoInheritFlags,
6820 IN POOL_TYPE PoolType,
6821 IN PGENERIC_MAPPING GenericMapping
6822 );
6823
6824 NTKERNELAPI
6825 BOOLEAN
6826 NTAPI
6827 SeTokenIsAdmin (
6828 IN PACCESS_TOKEN Token
6829 );
6830
6831 NTKERNELAPI
6832 BOOLEAN
6833 NTAPI
6834 SeTokenIsRestricted (
6835 IN PACCESS_TOKEN Token
6836 );
6837
6838
6839 NTSTATUS
6840 NTAPI
6841 SeLocateProcessImageName(
6842 IN PEPROCESS Process,
6843 OUT PUNICODE_STRING *pImageFileName
6844 );
6845
6846 #endif /* (VER_PRODUCTBUILD >= 2195) */
6847
6848 NTKERNELAPI
6849 TOKEN_TYPE
6850 NTAPI
6851 SeTokenType (
6852 IN PACCESS_TOKEN Token
6853 );
6854
6855 NTKERNELAPI
6856 VOID
6857 NTAPI
6858 SeUnlockSubjectContext (
6859 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
6860 );
6861
6862 NTKERNELAPI
6863 NTSTATUS
6864 NTAPI
6865 SeUnregisterLogonSessionTerminatedRoutine (
6866 IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
6867 );
6868
6869 #if (VER_PRODUCTBUILD >= 2195)
6870
6871 NTSYSAPI
6872 NTSTATUS
6873 NTAPI
6874 ZwAdjustPrivilegesToken (
6875 IN HANDLE TokenHandle,
6876 IN BOOLEAN DisableAllPrivileges,
6877 IN PTOKEN_PRIVILEGES NewState,
6878 IN ULONG BufferLength,
6879 OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL,
6880 OUT PULONG ReturnLength
6881 );
6882
6883 #endif /* (VER_PRODUCTBUILD >= 2195) */
6884
6885 NTSYSAPI
6886 NTSTATUS
6887 NTAPI
6888 ZwAlertThread (
6889 IN HANDLE ThreadHandle
6890 );
6891
6892 NTSYSAPI
6893 NTSTATUS
6894 NTAPI
6895 ZwAllocateVirtualMemory (
6896 IN HANDLE ProcessHandle,
6897 IN OUT PVOID *BaseAddress,
6898 IN ULONG_PTR ZeroBits,
6899 IN OUT PSIZE_T RegionSize,
6900 IN ULONG AllocationType,
6901 IN ULONG Protect
6902 );
6903
6904 NTSYSAPI
6905 NTSTATUS
6906 NTAPI
6907 ZwAccessCheckAndAuditAlarm (
6908 IN PUNICODE_STRING SubsystemName,
6909 IN PVOID HandleId,
6910 IN PUNICODE_STRING ObjectTypeName,
6911 IN PUNICODE_STRING ObjectName,
6912 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
6913 IN ACCESS_MASK DesiredAccess,
6914 IN PGENERIC_MAPPING GenericMapping,
6915 IN BOOLEAN ObjectCreation,
6916 OUT PACCESS_MASK GrantedAccess,
6917 OUT PBOOLEAN AccessStatus,
6918 OUT PBOOLEAN GenerateOnClose
6919 );
6920
6921 #if (VER_PRODUCTBUILD >= 2195)
6922
6923 NTSYSAPI
6924 NTSTATUS
6925 NTAPI
6926 ZwCancelIoFile (
6927 IN HANDLE FileHandle,
6928 OUT PIO_STATUS_BLOCK IoStatusBlock
6929 );
6930
6931 #endif /* (VER_PRODUCTBUILD >= 2195) */
6932
6933 NTSYSAPI
6934 NTSTATUS
6935 NTAPI
6936 ZwClearEvent (
6937 IN HANDLE EventHandle
6938 );
6939
6940 NTSYSAPI
6941 NTSTATUS
6942 NTAPI
6943 ZwCloseObjectAuditAlarm (
6944 IN PUNICODE_STRING SubsystemName,
6945 IN PVOID HandleId,
6946 IN BOOLEAN GenerateOnClose
6947 );
6948
6949 NTSYSAPI
6950 NTSTATUS
6951 NTAPI
6952 ZwCreateSection (
6953 OUT PHANDLE SectionHandle,
6954 IN ACCESS_MASK DesiredAccess,
6955 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
6956 IN PLARGE_INTEGER MaximumSize OPTIONAL,
6957 IN ULONG SectionPageProtection,
6958 IN ULONG AllocationAttributes,
6959 IN HANDLE FileHandle OPTIONAL
6960 );
6961
6962 NTSYSAPI
6963 NTSTATUS
6964 NTAPI
6965 ZwCreateSymbolicLinkObject (
6966 OUT PHANDLE SymbolicLinkHandle,
6967 IN ACCESS_MASK DesiredAccess,
6968 IN POBJECT_ATTRIBUTES ObjectAttributes,
6969 IN PUNICODE_STRING TargetName
6970 );
6971
6972 NTSYSAPI
6973 NTSTATUS
6974 NTAPI
6975 ZwDeleteFile (
6976 IN POBJECT_ATTRIBUTES ObjectAttributes
6977 );
6978
6979 NTSYSAPI
6980 NTSTATUS
6981 NTAPI
6982 ZwDeleteValueKey (
6983 IN HANDLE Handle,
6984 IN PUNICODE_STRING Name
6985 );
6986
6987
6988 #if (NTDDI_VERSION >= NTDDI_WIN2K)
6989 NTSYSAPI
6990 NTSTATUS
6991 NTAPI
6992 ZwDeviceIoControlFile (
6993 IN HANDLE FileHandle,
6994 IN HANDLE Event OPTIONAL,
6995 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
6996 IN PVOID ApcContext OPTIONAL,
6997 OUT PIO_STATUS_BLOCK IoStatusBlock,
6998 IN ULONG IoControlCode,
6999 IN PVOID InputBuffer OPTIONAL,
7000 IN ULONG InputBufferLength,
7001 OUT PVOID OutputBuffer OPTIONAL,
7002 IN ULONG OutputBufferLength);
7003 #endif
7004
7005 NTSYSAPI
7006 NTSTATUS
7007 NTAPI
7008 ZwDisplayString (
7009 IN PUNICODE_STRING String
7010 );
7011
7012 NTSYSAPI
7013 NTSTATUS
7014 NTAPI
7015 ZwDuplicateObject (
7016 IN HANDLE SourceProcessHandle,
7017 IN HANDLE SourceHandle,
7018 IN HANDLE TargetProcessHandle OPTIONAL,
7019 OUT PHANDLE TargetHandle OPTIONAL,
7020 IN ACCESS_MASK DesiredAccess,
7021 IN ULONG HandleAttributes,
7022 IN ULONG Options
7023 );
7024
7025 NTSYSAPI
7026 NTSTATUS
7027 NTAPI
7028 ZwDuplicateToken (
7029 IN HANDLE ExistingTokenHandle,
7030 IN ACCESS_MASK DesiredAccess,
7031 IN POBJECT_ATTRIBUTES ObjectAttributes,
7032 IN BOOLEAN EffectiveOnly,
7033 IN TOKEN_TYPE TokenType,
7034 OUT PHANDLE NewTokenHandle
7035 );
7036
7037 NTSYSAPI
7038 NTSTATUS
7039 NTAPI
7040 ZwFlushInstructionCache (
7041 IN HANDLE ProcessHandle,
7042 IN PVOID BaseAddress OPTIONAL,
7043 IN ULONG FlushSize
7044 );
7045
7046 NTSYSAPI
7047 NTSTATUS
7048 NTAPI
7049 ZwFlushBuffersFile(
7050 IN HANDLE FileHandle,
7051 OUT PIO_STATUS_BLOCK IoStatusBlock
7052 );
7053
7054 #if (VER_PRODUCTBUILD >= 2195)
7055
7056 NTSYSAPI
7057 NTSTATUS
7058 NTAPI
7059 ZwFlushVirtualMemory (
7060 IN HANDLE ProcessHandle,
7061 IN OUT PVOID *BaseAddress,
7062 IN OUT PULONG FlushSize,
7063 OUT PIO_STATUS_BLOCK IoStatusBlock
7064 );
7065
7066 #endif /* (VER_PRODUCTBUILD >= 2195) */
7067
7068 NTSYSAPI
7069 NTSTATUS
7070 NTAPI
7071 ZwFreeVirtualMemory (
7072 IN HANDLE ProcessHandle,
7073 IN OUT PVOID *BaseAddress,
7074 IN OUT PSIZE_T RegionSize,
7075 IN ULONG FreeType
7076 );
7077
7078 NTSYSAPI
7079 NTSTATUS
7080 NTAPI
7081 ZwFsControlFile (
7082 IN HANDLE FileHandle,
7083 IN HANDLE Event OPTIONAL,
7084 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
7085 IN PVOID ApcContext OPTIONAL,
7086 OUT PIO_STATUS_BLOCK IoStatusBlock,
7087 IN ULONG FsControlCode,
7088 IN PVOID InputBuffer OPTIONAL,
7089 IN ULONG InputBufferLength,
7090 OUT PVOID OutputBuffer OPTIONAL,
7091 IN ULONG OutputBufferLength
7092 );
7093
7094 #if (VER_PRODUCTBUILD >= 2195)
7095
7096 NTSYSAPI
7097 NTSTATUS
7098 NTAPI
7099 ZwInitiatePowerAction (
7100 IN POWER_ACTION SystemAction,
7101 IN SYSTEM_POWER_STATE MinSystemState,
7102 IN ULONG Flags,
7103 IN BOOLEAN Asynchronous
7104 );
7105
7106 #endif /* (VER_PRODUCTBUILD >= 2195) */
7107
7108 NTSYSAPI
7109 NTSTATUS
7110 NTAPI
7111 ZwLoadDriver (
7112 /* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" */
7113 IN PUNICODE_STRING RegistryPath
7114 );
7115
7116 NTSYSAPI
7117 NTSTATUS
7118 NTAPI
7119 ZwLoadKey (
7120 IN POBJECT_ATTRIBUTES KeyObjectAttributes,
7121 IN POBJECT_ATTRIBUTES FileObjectAttributes
7122 );
7123
7124 NTSYSAPI
7125 NTSTATUS
7126 NTAPI
7127 ZwNotifyChangeKey (
7128 IN HANDLE KeyHandle,
7129 IN HANDLE EventHandle OPTIONAL,
7130 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
7131 IN PVOID ApcContext OPTIONAL,
7132 OUT PIO_STATUS_BLOCK IoStatusBlock,
7133 IN ULONG NotifyFilter,
7134 IN BOOLEAN WatchSubtree,
7135 IN PVOID Buffer,
7136 IN ULONG BufferLength,
7137 IN BOOLEAN Asynchronous
7138 );
7139
7140 NTSYSAPI
7141 NTSTATUS
7142 NTAPI
7143 ZwOpenDirectoryObject (
7144 OUT PHANDLE DirectoryHandle,
7145 IN ACCESS_MASK DesiredAccess,
7146 IN POBJECT_ATTRIBUTES ObjectAttributes
7147 );
7148
7149 NTSYSAPI
7150 NTSTATUS
7151 NTAPI
7152 ZwOpenEvent (
7153 OUT PHANDLE EventHandle,
7154 IN ACCESS_MASK DesiredAccess,
7155 IN POBJECT_ATTRIBUTES ObjectAttributes
7156 );
7157
7158 NTSYSAPI
7159 NTSTATUS
7160 NTAPI
7161 ZwOpenProcess (
7162 OUT PHANDLE ProcessHandle,
7163 IN ACCESS_MASK DesiredAccess,
7164 IN POBJECT_ATTRIBUTES ObjectAttributes,
7165 IN PCLIENT_ID ClientId OPTIONAL
7166 );
7167
7168 NTSYSAPI
7169 NTSTATUS
7170 NTAPI
7171 ZwOpenProcessToken (
7172 IN HANDLE ProcessHandle,
7173 IN ACCESS_MASK DesiredAccess,
7174 OUT PHANDLE TokenHandle
7175 );
7176
7177 NTSYSAPI
7178 NTSTATUS
7179 NTAPI
7180 ZwOpenThread (
7181 OUT PHANDLE ThreadHandle,
7182 IN ACCESS_MASK DesiredAccess,
7183 IN POBJECT_ATTRIBUTES ObjectAttributes,
7184 IN PCLIENT_ID ClientId
7185 );
7186
7187 NTSYSAPI
7188 NTSTATUS
7189 NTAPI
7190 ZwOpenThreadToken (
7191 IN HANDLE ThreadHandle,
7192 IN ACCESS_MASK DesiredAccess,
7193 IN BOOLEAN OpenAsSelf,
7194 OUT PHANDLE TokenHandle
7195 );
7196
7197 #if (VER_PRODUCTBUILD >= 2195)
7198
7199 NTSYSAPI
7200 NTSTATUS
7201 NTAPI
7202 ZwPowerInformation (
7203 IN POWER_INFORMATION_LEVEL PowerInformationLevel,
7204 IN PVOID InputBuffer OPTIONAL,
7205 IN ULONG InputBufferLength,
7206 OUT PVOID OutputBuffer OPTIONAL,
7207 IN ULONG OutputBufferLength
7208 );
7209
7210 #endif /* (VER_PRODUCTBUILD >= 2195) */
7211
7212 NTSYSAPI
7213 NTSTATUS
7214 NTAPI
7215 ZwPulseEvent (
7216 IN HANDLE EventHandle,
7217 OUT PLONG PreviousState OPTIONAL
7218 );
7219
7220 NTSYSAPI
7221 NTSTATUS
7222 NTAPI
7223 ZwQueryDefaultLocale (
7224 IN BOOLEAN ThreadOrSystem,
7225 OUT PLCID Locale
7226 );
7227
7228 NTSYSAPI
7229 NTSTATUS
7230 NTAPI
7231 ZwQueryDirectoryFile (
7232 IN HANDLE FileHandle,
7233 IN HANDLE Event OPTIONAL,
7234 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
7235 IN PVOID ApcContext OPTIONAL,
7236 OUT PIO_STATUS_BLOCK IoStatusBlock,
7237 OUT PVOID FileInformation,
7238 IN ULONG Length,
7239 IN FILE_INFORMATION_CLASS FileInformationClass,
7240 IN BOOLEAN ReturnSingleEntry,
7241 IN PUNICODE_STRING FileName OPTIONAL,
7242 IN BOOLEAN RestartScan
7243 );
7244
7245 #if (VER_PRODUCTBUILD >= 2195)
7246
7247 NTSYSAPI
7248 NTSTATUS
7249 NTAPI
7250 ZwQueryDirectoryObject (
7251 IN HANDLE DirectoryHandle,
7252 OUT PVOID Buffer,
7253 IN ULONG Length,
7254 IN BOOLEAN ReturnSingleEntry,
7255 IN BOOLEAN RestartScan,
7256 IN OUT PULONG Context,
7257 OUT PULONG ReturnLength OPTIONAL
7258 );
7259
7260 NTSYSAPI
7261 NTSTATUS
7262 NTAPI
7263 ZwQueryEaFile (
7264 IN HANDLE FileHandle,
7265 OUT PIO_STATUS_BLOCK IoStatusBlock,
7266 OUT PVOID Buffer,
7267 IN ULONG Length,
7268 IN BOOLEAN ReturnSingleEntry,
7269 IN PVOID EaList OPTIONAL,
7270 IN ULONG EaListLength,
7271 IN PULONG EaIndex OPTIONAL,
7272 IN BOOLEAN RestartScan
7273 );
7274
7275 #endif /* (VER_PRODUCTBUILD >= 2195) */
7276
7277 NTSYSAPI
7278 NTSTATUS
7279 NTAPI
7280 ZwQueryInformationProcess (
7281 IN HANDLE ProcessHandle,
7282 IN PROCESSINFOCLASS ProcessInformationClass,
7283 OUT PVOID ProcessInformation,
7284 IN ULONG ProcessInformationLength,
7285 OUT PULONG ReturnLength OPTIONAL
7286 );
7287
7288 NTSYSAPI
7289 NTSTATUS
7290 NTAPI
7291 ZwQueryInformationToken (
7292 IN HANDLE TokenHandle,
7293 IN TOKEN_INFORMATION_CLASS TokenInformationClass,
7294 OUT PVOID TokenInformation,
7295 IN ULONG Length,
7296 OUT PULONG ResultLength
7297 );
7298
7299 NTSYSAPI
7300 NTSTATUS
7301 NTAPI
7302 ZwQuerySecurityObject (
7303 IN HANDLE FileHandle,
7304 IN SECURITY_INFORMATION SecurityInformation,
7305 OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
7306 IN ULONG Length,
7307 OUT PULONG ResultLength
7308 );
7309
7310 NTSYSAPI
7311 NTSTATUS
7312 NTAPI
7313 ZwQueryVolumeInformationFile (
7314 IN HANDLE FileHandle,
7315 OUT PIO_STATUS_BLOCK IoStatusBlock,
7316 OUT PVOID FsInformation,
7317 IN ULONG Length,
7318 IN FS_INFORMATION_CLASS FsInformationClass
7319 );
7320
7321 NTSYSAPI
7322 NTSTATUS
7323 NTAPI
7324 ZwReplaceKey (
7325 IN POBJECT_ATTRIBUTES NewFileObjectAttributes,
7326 IN HANDLE KeyHandle,
7327 IN POBJECT_ATTRIBUTES OldFileObjectAttributes
7328 );
7329
7330 NTSYSAPI
7331 NTSTATUS
7332 NTAPI
7333 ZwResetEvent (
7334 IN HANDLE EventHandle,
7335 OUT PLONG PreviousState OPTIONAL
7336 );
7337
7338 #if (VER_PRODUCTBUILD >= 2195)
7339
7340 NTSYSAPI
7341 NTSTATUS
7342 NTAPI
7343 ZwRestoreKey (
7344 IN HANDLE KeyHandle,
7345 IN HANDLE FileHandle,
7346 IN ULONG Flags
7347 );
7348
7349 #endif /* (VER_PRODUCTBUILD >= 2195) */
7350
7351 NTSYSAPI
7352 NTSTATUS
7353 NTAPI
7354 ZwSaveKey (
7355 IN HANDLE KeyHandle,
7356 IN HANDLE FileHandle
7357 );
7358
7359 NTSYSAPI
7360 NTSTATUS
7361 NTAPI
7362 ZwSetDefaultLocale (
7363 IN BOOLEAN ThreadOrSystem,
7364 IN LCID Locale
7365 );
7366
7367 #if (VER_PRODUCTBUILD >= 2195)
7368
7369 NTSYSAPI
7370 NTSTATUS
7371 NTAPI
7372 ZwSetDefaultUILanguage (
7373 IN LANGID LanguageId
7374 );
7375
7376 NTSYSAPI
7377 NTSTATUS
7378 NTAPI
7379 ZwSetEaFile (
7380 IN HANDLE FileHandle,
7381 OUT PIO_STATUS_BLOCK IoStatusBlock,
7382 OUT PVOID Buffer,
7383 IN ULONG Length
7384 );
7385
7386 #endif /* (VER_PRODUCTBUILD >= 2195) */
7387
7388 NTSYSAPI
7389 NTSTATUS
7390 NTAPI
7391 ZwSetEvent (
7392 IN HANDLE EventHandle,
7393 OUT PLONG PreviousState OPTIONAL
7394 );
7395
7396 NTSYSAPI
7397 NTSTATUS
7398 NTAPI
7399 ZwSetInformationProcess (
7400 IN HANDLE ProcessHandle,
7401 IN PROCESSINFOCLASS ProcessInformationClass,
7402 IN PVOID ProcessInformation,
7403 IN ULONG ProcessInformationLength
7404 );
7405
7406 #if (VER_PRODUCTBUILD >= 2195)
7407
7408 NTSYSAPI
7409 NTSTATUS
7410 NTAPI
7411 ZwSetSecurityObject (
7412 IN HANDLE Handle,
7413 IN SECURITY_INFORMATION SecurityInformation,
7414 IN PSECURITY_DESCRIPTOR SecurityDescriptor
7415 );
7416
7417 #endif /* (VER_PRODUCTBUILD >= 2195) */
7418
7419 NTSYSAPI
7420 NTSTATUS
7421 NTAPI
7422 ZwSetSystemTime (
7423 IN PLARGE_INTEGER NewTime,
7424 OUT PLARGE_INTEGER OldTime OPTIONAL
7425 );
7426
7427 #if (VER_PRODUCTBUILD >= 2195)
7428
7429 NTSYSAPI
7430 NTSTATUS
7431 NTAPI
7432 ZwSetVolumeInformationFile (
7433 IN HANDLE FileHandle,
7434 OUT PIO_STATUS_BLOCK IoStatusBlock,
7435 IN PVOID FsInformation,
7436 IN ULONG Length,
7437 IN FS_INFORMATION_CLASS FsInformationClass
7438 );
7439
7440 #endif /* (VER_PRODUCTBUILD >= 2195) */
7441
7442 NTSYSAPI
7443 NTSTATUS
7444 NTAPI
7445 ZwTerminateProcess (
7446 IN HANDLE ProcessHandle OPTIONAL,
7447 IN NTSTATUS ExitStatus
7448 );
7449
7450 NTSYSAPI
7451 NTSTATUS
7452 NTAPI
7453 ZwUnloadDriver (
7454 /* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" */
7455 IN PUNICODE_STRING RegistryPath
7456 );
7457
7458 NTSYSAPI
7459 NTSTATUS
7460 NTAPI
7461 ZwUnloadKey (
7462 IN POBJECT_ATTRIBUTES KeyObjectAttributes
7463 );
7464
7465 #if (NTDDI_VERSION >= NTDDI_WIN2K)
7466 NTSYSAPI
7467 NTSTATUS
7468 NTAPI
7469 ZwWaitForSingleObject (
7470 IN HANDLE Handle,
7471 IN BOOLEAN Alertable,
7472 IN PLARGE_INTEGER Timeout OPTIONAL);
7473 #endif
7474
7475 NTSYSAPI
7476 NTSTATUS
7477 NTAPI
7478 ZwWaitForMultipleObjects (
7479 IN ULONG HandleCount,
7480 IN PHANDLE Handles,
7481 IN WAIT_TYPE WaitType,
7482 IN BOOLEAN Alertable,
7483 IN PLARGE_INTEGER Timeout OPTIONAL
7484 );
7485
7486 NTSYSAPI
7487 NTSTATUS
7488 NTAPI
7489 ZwYieldExecution (
7490 VOID
7491 );
7492
7493 #pragma pack(pop)
7494
7495 #ifdef __cplusplus
7496 }
7497 #endif
A free Windows-compatible Operating System