4 * Windows NT Filesystem Driver Developer Kit
6 * This file is part of the w32api package.
9 * Created by Bo Brantén <bosse@acc.umu.se>
11 * THIS SOFTWARE IS NOT COPYRIGHTED
13 * This source code is offered for use in the public domain. You may
14 * use, modify or distribute it freely.
16 * This code is distributed in the hope that it will be useful but
17 * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
18 * DISCLAIMED. This includes but is not limited to warranties of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
25 #define _NTIFS_INCLUDED_
28 /* Helper macro to enable gcc's extension. */
29 #ifndef __GNU_EXTENSION
31 #define __GNU_EXTENSION __extension__
33 #define __GNU_EXTENSION
41 #if !defined(_NTHALDLL_) && !defined(_BLDR_)
42 #define NTHALAPI DECLSPEC_IMPORT
47 #if !defined(_NTOSKRNL_) /* For ReactOS */
48 #define NTKERNELAPI DECLSPEC_IMPORT
60 /* FIXME : #include <ntiologc.h> */
63 #define FlagOn(_F,_SF) ((_F) & (_SF))
67 #define BooleanFlagOn(F,SF) ((BOOLEAN)(((F) & (SF)) != 0))
71 #define SetFlag(_F,_SF) ((_F) |= (_SF))
75 #define ClearFlag(_F,_SF) ((_F) &= ~(_SF))
78 #define PsGetCurrentProcess IoGetCurrentProcess
80 #if (NTDDI_VERSION >= NTDDI_VISTA)
81 extern NTSYSAPI
volatile CCHAR KeNumberProcessors
;
82 #elif (NTDDI_VERSION >= NTDDI_WINXP)
83 extern NTSYSAPI CCHAR KeNumberProcessors
;
85 extern PCCHAR KeNumberProcessors
;
88 typedef UNICODE_STRING LSA_UNICODE_STRING
, *PLSA_UNICODE_STRING
;
89 typedef STRING LSA_STRING
, *PLSA_STRING
;
90 typedef OBJECT_ATTRIBUTES LSA_OBJECT_ATTRIBUTES
, *PLSA_OBJECT_ATTRIBUTES
;
92 #ifndef SID_IDENTIFIER_AUTHORITY_DEFINED
93 #define SID_IDENTIFIER_AUTHORITY_DEFINED
94 typedef struct _SID_IDENTIFIER_AUTHORITY
{
96 } SID_IDENTIFIER_AUTHORITY
,*PSID_IDENTIFIER_AUTHORITY
,*LPSID_IDENTIFIER_AUTHORITY
;
101 typedef struct _SID
{
103 UCHAR SubAuthorityCount
;
104 SID_IDENTIFIER_AUTHORITY IdentifierAuthority
;
105 ULONG SubAuthority
[ANYSIZE_ARRAY
];
109 #define SID_REVISION 1
110 #define SID_MAX_SUB_AUTHORITIES 15
111 #define SID_RECOMMENDED_SUB_AUTHORITIES 1
113 typedef enum _SID_NAME_USE
{
118 SidTypeWellKnownGroup
,
119 SidTypeDeletedAccount
,
124 } SID_NAME_USE
, *PSID_NAME_USE
;
126 typedef struct _SID_AND_ATTRIBUTES
{
129 } SID_AND_ATTRIBUTES
, *PSID_AND_ATTRIBUTES
;
130 typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY
[ANYSIZE_ARRAY
];
131 typedef SID_AND_ATTRIBUTES_ARRAY
*PSID_AND_ATTRIBUTES_ARRAY
;
133 #define SID_HASH_SIZE 32
134 typedef ULONG_PTR SID_HASH_ENTRY
, *PSID_HASH_ENTRY
;
136 typedef struct _SID_AND_ATTRIBUTES_HASH
{
138 PSID_AND_ATTRIBUTES SidAttr
;
139 SID_HASH_ENTRY Hash
[SID_HASH_SIZE
];
140 } SID_AND_ATTRIBUTES_HASH
, *PSID_AND_ATTRIBUTES_HASH
;
142 /* Universal well-known SIDs */
144 #define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0}
145 #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
146 #define SECURITY_LOCAL_SID_AUTHORITY {0,0,0,0,0,2}
147 #define SECURITY_CREATOR_SID_AUTHORITY {0,0,0,0,0,3}
148 #define SECURITY_NON_UNIQUE_AUTHORITY {0,0,0,0,0,4}
149 #define SECURITY_RESOURCE_MANAGER_AUTHORITY {0,0,0,0,0,9}
151 #define SECURITY_NULL_RID (0x00000000L)
152 #define SECURITY_WORLD_RID (0x00000000L)
153 #define SECURITY_LOCAL_RID (0x00000000L)
154 #define SECURITY_LOCAL_LOGON_RID (0x00000001L)
156 #define SECURITY_CREATOR_OWNER_RID (0x00000000L)
157 #define SECURITY_CREATOR_GROUP_RID (0x00000001L)
158 #define SECURITY_CREATOR_OWNER_SERVER_RID (0x00000002L)
159 #define SECURITY_CREATOR_GROUP_SERVER_RID (0x00000003L)
160 #define SECURITY_CREATOR_OWNER_RIGHTS_RID (0x00000004L)
162 /* NT well-known SIDs */
164 #define SECURITY_NT_AUTHORITY {0,0,0,0,0,5}
166 #define SECURITY_DIALUP_RID (0x00000001L)
167 #define SECURITY_NETWORK_RID (0x00000002L)
168 #define SECURITY_BATCH_RID (0x00000003L)
169 #define SECURITY_INTERACTIVE_RID (0x00000004L)
170 #define SECURITY_LOGON_IDS_RID (0x00000005L)
171 #define SECURITY_LOGON_IDS_RID_COUNT (3L)
172 #define SECURITY_SERVICE_RID (0x00000006L)
173 #define SECURITY_ANONYMOUS_LOGON_RID (0x00000007L)
174 #define SECURITY_PROXY_RID (0x00000008L)
175 #define SECURITY_ENTERPRISE_CONTROLLERS_RID (0x00000009L)
176 #define SECURITY_SERVER_LOGON_RID SECURITY_ENTERPRISE_CONTROLLERS_RID
177 #define SECURITY_PRINCIPAL_SELF_RID (0x0000000AL)
178 #define SECURITY_AUTHENTICATED_USER_RID (0x0000000BL)
179 #define SECURITY_RESTRICTED_CODE_RID (0x0000000CL)
180 #define SECURITY_TERMINAL_SERVER_RID (0x0000000DL)
181 #define SECURITY_REMOTE_LOGON_RID (0x0000000EL)
182 #define SECURITY_THIS_ORGANIZATION_RID (0x0000000FL)
183 #define SECURITY_IUSER_RID (0x00000011L)
184 #define SECURITY_LOCAL_SYSTEM_RID (0x00000012L)
185 #define SECURITY_LOCAL_SERVICE_RID (0x00000013L)
186 #define SECURITY_NETWORK_SERVICE_RID (0x00000014L)
187 #define SECURITY_NT_NON_UNIQUE (0x00000015L)
188 #define SECURITY_NT_NON_UNIQUE_SUB_AUTH_COUNT (3L)
189 #define SECURITY_ENTERPRISE_READONLY_CONTROLLERS_RID (0x00000016L)
191 #define SECURITY_BUILTIN_DOMAIN_RID (0x00000020L)
192 #define SECURITY_WRITE_RESTRICTED_CODE_RID (0x00000021L)
195 #define SECURITY_PACKAGE_BASE_RID (0x00000040L)
196 #define SECURITY_PACKAGE_RID_COUNT (2L)
197 #define SECURITY_PACKAGE_NTLM_RID (0x0000000AL)
198 #define SECURITY_PACKAGE_SCHANNEL_RID (0x0000000EL)
199 #define SECURITY_PACKAGE_DIGEST_RID (0x00000015L)
201 #define SECURITY_CRED_TYPE_BASE_RID (0x00000041L)
202 #define SECURITY_CRED_TYPE_RID_COUNT (2L)
203 #define SECURITY_CRED_TYPE_THIS_ORG_CERT_RID (0x00000001L)
205 #define SECURITY_MIN_BASE_RID (0x00000050L)
206 #define SECURITY_SERVICE_ID_BASE_RID (0x00000050L)
207 #define SECURITY_SERVICE_ID_RID_COUNT (6L)
208 #define SECURITY_RESERVED_ID_BASE_RID (0x00000051L)
209 #define SECURITY_APPPOOL_ID_BASE_RID (0x00000052L)
210 #define SECURITY_APPPOOL_ID_RID_COUNT (6L)
211 #define SECURITY_VIRTUALSERVER_ID_BASE_RID (0x00000053L)
212 #define SECURITY_VIRTUALSERVER_ID_RID_COUNT (6L)
213 #define SECURITY_USERMODEDRIVERHOST_ID_BASE_RID (0x00000054L)
214 #define SECURITY_USERMODEDRIVERHOST_ID_RID_COUNT (6L)
215 #define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_BASE_RID (0x00000055L)
216 #define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_RID_COUNT (6L)
217 #define SECURITY_WMIHOST_ID_BASE_RID (0x00000056L)
218 #define SECURITY_WMIHOST_ID_RID_COUNT (6L)
219 #define SECURITY_TASK_ID_BASE_RID (0x00000057L)
220 #define SECURITY_NFS_ID_BASE_RID (0x00000058L)
221 #define SECURITY_COM_ID_BASE_RID (0x00000059L)
222 #define SECURITY_VIRTUALACCOUNT_ID_RID_COUNT (6L)
224 #define SECURITY_MAX_BASE_RID (0x0000006FL)
226 #define SECURITY_MAX_ALWAYS_FILTERED (0x000003E7L)
227 #define SECURITY_MIN_NEVER_FILTERED (0x000003E8L)
229 #define SECURITY_OTHER_ORGANIZATION_RID (0x000003E8L)
231 #define SECURITY_WINDOWSMOBILE_ID_BASE_RID (0x00000070L)
233 /* Well-known domain relative sub-authority values (RIDs) */
235 #define DOMAIN_GROUP_RID_ENTERPRISE_READONLY_DOMAIN_CONTROLLERS (0x000001F2L)
237 #define FOREST_USER_RID_MAX (0x000001F3L)
239 /* Well-known users */
241 #define DOMAIN_USER_RID_ADMIN (0x000001F4L)
242 #define DOMAIN_USER_RID_GUEST (0x000001F5L)
243 #define DOMAIN_USER_RID_KRBTGT (0x000001F6L)
245 #define DOMAIN_USER_RID_MAX (0x000003E7L)
247 /* Well-known groups */
249 #define DOMAIN_GROUP_RID_ADMINS (0x00000200L)
250 #define DOMAIN_GROUP_RID_USERS (0x00000201L)
251 #define DOMAIN_GROUP_RID_GUESTS (0x00000202L)
252 #define DOMAIN_GROUP_RID_COMPUTERS (0x00000203L)
253 #define DOMAIN_GROUP_RID_CONTROLLERS (0x00000204L)
254 #define DOMAIN_GROUP_RID_CERT_ADMINS (0x00000205L)
255 #define DOMAIN_GROUP_RID_SCHEMA_ADMINS (0x00000206L)
256 #define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS (0x00000207L)
257 #define DOMAIN_GROUP_RID_POLICY_ADMINS (0x00000208L)
258 #define DOMAIN_GROUP_RID_READONLY_CONTROLLERS (0x00000209L)
260 /* Well-known aliases */
262 #define DOMAIN_ALIAS_RID_ADMINS (0x00000220L)
263 #define DOMAIN_ALIAS_RID_USERS (0x00000221L)
264 #define DOMAIN_ALIAS_RID_GUESTS (0x00000222L)
265 #define DOMAIN_ALIAS_RID_POWER_USERS (0x00000223L)
267 #define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L)
268 #define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x00000225L)
269 #define DOMAIN_ALIAS_RID_PRINT_OPS (0x00000226L)
270 #define DOMAIN_ALIAS_RID_BACKUP_OPS (0x00000227L)
272 #define DOMAIN_ALIAS_RID_REPLICATOR (0x00000228L)
273 #define DOMAIN_ALIAS_RID_RAS_SERVERS (0x00000229L)
274 #define DOMAIN_ALIAS_RID_PREW2KCOMPACCESS (0x0000022AL)
275 #define DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS (0x0000022BL)
276 #define DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS (0x0000022CL)
277 #define DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS (0x0000022DL)
279 #define DOMAIN_ALIAS_RID_MONITORING_USERS (0x0000022EL)
280 #define DOMAIN_ALIAS_RID_LOGGING_USERS (0x0000022FL)
281 #define DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS (0x00000230L)
282 #define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS (0x00000231L)
283 #define DOMAIN_ALIAS_RID_DCOM_USERS (0x00000232L)
284 #define DOMAIN_ALIAS_RID_IUSERS (0x00000238L)
285 #define DOMAIN_ALIAS_RID_CRYPTO_OPERATORS (0x00000239L)
286 #define DOMAIN_ALIAS_RID_CACHEABLE_PRINCIPALS_GROUP (0x0000023BL)
287 #define DOMAIN_ALIAS_RID_NON_CACHEABLE_PRINCIPALS_GROUP (0x0000023CL)
288 #define DOMAIN_ALIAS_RID_EVENT_LOG_READERS_GROUP (0x0000023DL)
289 #define DOMAIN_ALIAS_RID_CERTSVC_DCOM_ACCESS_GROUP (0x0000023EL)
291 #define SECURITY_MANDATORY_LABEL_AUTHORITY {0,0,0,0,0,16}
292 #define SECURITY_MANDATORY_UNTRUSTED_RID (0x00000000L)
293 #define SECURITY_MANDATORY_LOW_RID (0x00001000L)
294 #define SECURITY_MANDATORY_MEDIUM_RID (0x00002000L)
295 #define SECURITY_MANDATORY_HIGH_RID (0x00003000L)
296 #define SECURITY_MANDATORY_SYSTEM_RID (0x00004000L)
297 #define SECURITY_MANDATORY_PROTECTED_PROCESS_RID (0x00005000L)
299 /* SECURITY_MANDATORY_MAXIMUM_USER_RID is the highest RID that
300 can be set by a usermode caller.*/
302 #define SECURITY_MANDATORY_MAXIMUM_USER_RID SECURITY_MANDATORY_SYSTEM_RID
304 #define MANDATORY_LEVEL_TO_MANDATORY_RID(IL) (IL * 0x1000)
306 /* Allocate the System Luid. The first 1000 LUIDs are reserved.
307 Use #999 here (0x3e7 = 999) */
309 #define SYSTEM_LUID { 0x3e7, 0x0 }
310 #define ANONYMOUS_LOGON_LUID { 0x3e6, 0x0 }
311 #define LOCALSERVICE_LUID { 0x3e5, 0x0 }
312 #define NETWORKSERVICE_LUID { 0x3e4, 0x0 }
313 #define IUSER_LUID { 0x3e3, 0x0 }
315 typedef struct _ACE_HEADER
{
319 } ACE_HEADER
, *PACE_HEADER
;
321 /* also in winnt.h */
322 #define ACCESS_MIN_MS_ACE_TYPE (0x0)
323 #define ACCESS_ALLOWED_ACE_TYPE (0x0)
324 #define ACCESS_DENIED_ACE_TYPE (0x1)
325 #define SYSTEM_AUDIT_ACE_TYPE (0x2)
326 #define SYSTEM_ALARM_ACE_TYPE (0x3)
327 #define ACCESS_MAX_MS_V2_ACE_TYPE (0x3)
328 #define ACCESS_ALLOWED_COMPOUND_ACE_TYPE (0x4)
329 #define ACCESS_MAX_MS_V3_ACE_TYPE (0x4)
330 #define ACCESS_MIN_MS_OBJECT_ACE_TYPE (0x5)
331 #define ACCESS_ALLOWED_OBJECT_ACE_TYPE (0x5)
332 #define ACCESS_DENIED_OBJECT_ACE_TYPE (0x6)
333 #define SYSTEM_AUDIT_OBJECT_ACE_TYPE (0x7)
334 #define SYSTEM_ALARM_OBJECT_ACE_TYPE (0x8)
335 #define ACCESS_MAX_MS_OBJECT_ACE_TYPE (0x8)
336 #define ACCESS_MAX_MS_V4_ACE_TYPE (0x8)
337 #define ACCESS_MAX_MS_ACE_TYPE (0x8)
338 #define ACCESS_ALLOWED_CALLBACK_ACE_TYPE (0x9)
339 #define ACCESS_DENIED_CALLBACK_ACE_TYPE (0xA)
340 #define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE (0xB)
341 #define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE (0xC)
342 #define SYSTEM_AUDIT_CALLBACK_ACE_TYPE (0xD)
343 #define SYSTEM_ALARM_CALLBACK_ACE_TYPE (0xE)
344 #define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE (0xF)
345 #define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE (0x10)
346 #define ACCESS_MAX_MS_V5_ACE_TYPE (0x11)
347 #define SYSTEM_MANDATORY_LABEL_ACE_TYPE (0x11)
349 /* The following are the inherit flags that go into the AceFlags field
352 #define OBJECT_INHERIT_ACE (0x1)
353 #define CONTAINER_INHERIT_ACE (0x2)
354 #define NO_PROPAGATE_INHERIT_ACE (0x4)
355 #define INHERIT_ONLY_ACE (0x8)
356 #define INHERITED_ACE (0x10)
357 #define VALID_INHERIT_FLAGS (0x1F)
359 #define SUCCESSFUL_ACCESS_ACE_FLAG (0x40)
360 #define FAILED_ACCESS_ACE_FLAG (0x80)
362 typedef struct _ACCESS_ALLOWED_ACE
{
366 } ACCESS_ALLOWED_ACE
, *PACCESS_ALLOWED_ACE
;
368 typedef struct _ACCESS_DENIED_ACE
{
372 } ACCESS_DENIED_ACE
, *PACCESS_DENIED_ACE
;
374 typedef struct _SYSTEM_AUDIT_ACE
{
378 } SYSTEM_AUDIT_ACE
, *PSYSTEM_AUDIT_ACE
;
380 typedef struct _SYSTEM_ALARM_ACE
{
384 } SYSTEM_ALARM_ACE
, *PSYSTEM_ALARM_ACE
;
386 typedef struct _SYSTEM_MANDATORY_LABEL_ACE
{
390 } SYSTEM_MANDATORY_LABEL_ACE
, *PSYSTEM_MANDATORY_LABEL_ACE
;
392 #define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP 0x1
393 #define SYSTEM_MANDATORY_LABEL_NO_READ_UP 0x2
394 #define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP 0x4
395 #define SYSTEM_MANDATORY_LABEL_VALID_MASK (SYSTEM_MANDATORY_LABEL_NO_WRITE_UP | \
396 SYSTEM_MANDATORY_LABEL_NO_READ_UP | \
397 SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP)
399 #define SECURITY_DESCRIPTOR_MIN_LENGTH (sizeof(SECURITY_DESCRIPTOR))
401 typedef USHORT SECURITY_DESCRIPTOR_CONTROL
,*PSECURITY_DESCRIPTOR_CONTROL
;
403 #define SE_OWNER_DEFAULTED 0x0001
404 #define SE_GROUP_DEFAULTED 0x0002
405 #define SE_DACL_PRESENT 0x0004
406 #define SE_DACL_DEFAULTED 0x0008
407 #define SE_SACL_PRESENT 0x0010
408 #define SE_SACL_DEFAULTED 0x0020
409 #define SE_DACL_UNTRUSTED 0x0040
410 #define SE_SERVER_SECURITY 0x0080
411 #define SE_DACL_AUTO_INHERIT_REQ 0x0100
412 #define SE_SACL_AUTO_INHERIT_REQ 0x0200
413 #define SE_DACL_AUTO_INHERITED 0x0400
414 #define SE_SACL_AUTO_INHERITED 0x0800
415 #define SE_DACL_PROTECTED 0x1000
416 #define SE_SACL_PROTECTED 0x2000
417 #define SE_RM_CONTROL_VALID 0x4000
418 #define SE_SELF_RELATIVE 0x8000
420 typedef struct _SECURITY_DESCRIPTOR_RELATIVE
{
423 SECURITY_DESCRIPTOR_CONTROL Control
;
428 } SECURITY_DESCRIPTOR_RELATIVE
, *PISECURITY_DESCRIPTOR_RELATIVE
;
430 typedef struct _SECURITY_DESCRIPTOR
{
433 SECURITY_DESCRIPTOR_CONTROL Control
;
438 } SECURITY_DESCRIPTOR
, *PISECURITY_DESCRIPTOR
;
440 typedef struct _OBJECT_TYPE_LIST
{
444 } OBJECT_TYPE_LIST
, *POBJECT_TYPE_LIST
;
446 #define ACCESS_OBJECT_GUID 0
447 #define ACCESS_PROPERTY_SET_GUID 1
448 #define ACCESS_PROPERTY_GUID 2
449 #define ACCESS_MAX_LEVEL 4
451 typedef enum _AUDIT_EVENT_TYPE
{
452 AuditEventObjectAccess
,
453 AuditEventDirectoryServiceAccess
454 } AUDIT_EVENT_TYPE
, *PAUDIT_EVENT_TYPE
;
456 #define AUDIT_ALLOW_NO_PRIVILEGE 0x1
458 #define ACCESS_DS_SOURCE_A "DS"
459 #define ACCESS_DS_SOURCE_W L"DS"
460 #define ACCESS_DS_OBJECT_TYPE_NAME_A "Directory Service Object"
461 #define ACCESS_DS_OBJECT_TYPE_NAME_W L"Directory Service Object"
463 #define ACCESS_REASON_TYPE_MASK 0xffff0000
464 #define ACCESS_REASON_DATA_MASK 0x0000ffff
466 typedef enum _ACCESS_REASON_TYPE
{
467 AccessReasonNone
= 0x00000000,
468 AccessReasonAllowedAce
= 0x00010000,
469 AccessReasonDeniedAce
= 0x00020000,
470 AccessReasonAllowedParentAce
= 0x00030000,
471 AccessReasonDeniedParentAce
= 0x00040000,
472 AccessReasonMissingPrivilege
= 0x00100000,
473 AccessReasonFromPrivilege
= 0x00200000,
474 AccessReasonIntegrityLevel
= 0x00300000,
475 AccessReasonOwnership
= 0x00400000,
476 AccessReasonNullDacl
= 0x00500000,
477 AccessReasonEmptyDacl
= 0x00600000,
478 AccessReasonNoSD
= 0x00700000,
479 AccessReasonNoGrant
= 0x00800000
480 } ACCESS_REASON_TYPE
;
482 typedef ULONG ACCESS_REASON
;
484 typedef struct _ACCESS_REASONS
{
485 ACCESS_REASON Data
[32];
486 } ACCESS_REASONS
, *PACCESS_REASONS
;
488 #define SE_SECURITY_DESCRIPTOR_FLAG_NO_OWNER_ACE 0x00000001
489 #define SE_SECURITY_DESCRIPTOR_FLAG_NO_LABEL_ACE 0x00000002
490 #define SE_SECURITY_DESCRIPTOR_VALID_FLAGS 0x00000003
492 typedef struct _SE_SECURITY_DESCRIPTOR
{
495 PSECURITY_DESCRIPTOR SecurityDescriptor
;
496 } SE_SECURITY_DESCRIPTOR
, *PSE_SECURITY_DESCRIPTOR
;
498 typedef struct _SE_ACCESS_REQUEST
{
500 PSE_SECURITY_DESCRIPTOR SeSecurityDescriptor
;
501 ACCESS_MASK DesiredAccess
;
502 ACCESS_MASK PreviouslyGrantedAccess
;
503 PSID PrincipalSelfSid
;
504 PGENERIC_MAPPING GenericMapping
;
505 ULONG ObjectTypeListCount
;
506 POBJECT_TYPE_LIST ObjectTypeList
;
507 } SE_ACCESS_REQUEST
, *PSE_ACCESS_REQUEST
;
509 typedef struct _SE_ACCESS_REPLY
{
511 ULONG ResultListCount
;
512 PACCESS_MASK GrantedAccess
;
513 PNTSTATUS AccessStatus
;
514 PACCESS_REASONS AccessReason
;
515 PPRIVILEGE_SET
* Privileges
;
516 } SE_ACCESS_REPLY
, *PSE_ACCESS_REPLY
;
518 typedef enum _SE_AUDIT_OPERATION
{
519 AuditPrivilegeObject
,
520 AuditPrivilegeService
,
523 AuditOpenObjectWithTransaction
,
526 AuditOpenObjectForDelete
,
527 AuditOpenObjectForDeleteWithTransaction
,
530 AuditObjectReference
,
532 } SE_AUDIT_OPERATION
, *PSE_AUDIT_OPERATION
;
534 typedef struct _SE_AUDIT_INFO
{
536 AUDIT_EVENT_TYPE AuditType
;
537 SE_AUDIT_OPERATION AuditOperation
;
539 UNICODE_STRING SubsystemName
;
540 UNICODE_STRING ObjectTypeName
;
541 UNICODE_STRING ObjectName
;
545 BOOLEAN ObjectCreation
;
546 BOOLEAN GenerateOnClose
;
547 } SE_AUDIT_INFO
, *PSE_AUDIT_INFO
;
549 #define TOKEN_ASSIGN_PRIMARY (0x0001)
550 #define TOKEN_DUPLICATE (0x0002)
551 #define TOKEN_IMPERSONATE (0x0004)
552 #define TOKEN_QUERY (0x0008)
553 #define TOKEN_QUERY_SOURCE (0x0010)
554 #define TOKEN_ADJUST_PRIVILEGES (0x0020)
555 #define TOKEN_ADJUST_GROUPS (0x0040)
556 #define TOKEN_ADJUST_DEFAULT (0x0080)
557 #define TOKEN_ADJUST_SESSIONID (0x0100)
559 #define TOKEN_ALL_ACCESS_P (STANDARD_RIGHTS_REQUIRED |\
560 TOKEN_ASSIGN_PRIMARY |\
564 TOKEN_QUERY_SOURCE |\
565 TOKEN_ADJUST_PRIVILEGES |\
566 TOKEN_ADJUST_GROUPS |\
567 TOKEN_ADJUST_DEFAULT )
569 #if ((defined(_WIN32_WINNT) && (_WIN32_WINNT > 0x0400)) || (!defined(_WIN32_WINNT)))
570 #define TOKEN_ALL_ACCESS (TOKEN_ALL_ACCESS_P |\
571 TOKEN_ADJUST_SESSIONID )
573 #define TOKEN_ALL_ACCESS (TOKEN_ALL_ACCESS_P)
576 #define TOKEN_READ (STANDARD_RIGHTS_READ |\
579 #define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\
580 TOKEN_ADJUST_PRIVILEGES |\
581 TOKEN_ADJUST_GROUPS |\
582 TOKEN_ADJUST_DEFAULT)
584 #define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE)
586 typedef enum _TOKEN_TYPE
{
589 } TOKEN_TYPE
,*PTOKEN_TYPE
;
591 typedef enum _TOKEN_INFORMATION_CLASS
{
600 TokenImpersonationLevel
,
604 TokenGroupsAndPrivileges
,
605 TokenSessionReference
,
612 TokenHasRestrictions
,
613 TokenAccessInformation
,
614 TokenVirtualizationAllowed
,
615 TokenVirtualizationEnabled
,
618 TokenMandatoryPolicy
,
621 } TOKEN_INFORMATION_CLASS
, *PTOKEN_INFORMATION_CLASS
;
623 typedef struct _TOKEN_USER
{
624 SID_AND_ATTRIBUTES User
;
625 } TOKEN_USER
, *PTOKEN_USER
;
627 typedef struct _TOKEN_GROUPS
{
629 SID_AND_ATTRIBUTES Groups
[ANYSIZE_ARRAY
];
630 } TOKEN_GROUPS
,*PTOKEN_GROUPS
,*LPTOKEN_GROUPS
;
632 typedef struct _TOKEN_PRIVILEGES
{
633 ULONG PrivilegeCount
;
634 LUID_AND_ATTRIBUTES Privileges
[ANYSIZE_ARRAY
];
635 } TOKEN_PRIVILEGES
,*PTOKEN_PRIVILEGES
,*LPTOKEN_PRIVILEGES
;
637 typedef struct _TOKEN_OWNER
{
639 } TOKEN_OWNER
,*PTOKEN_OWNER
;
641 typedef struct _TOKEN_PRIMARY_GROUP
{
643 } TOKEN_PRIMARY_GROUP
,*PTOKEN_PRIMARY_GROUP
;
645 typedef struct _TOKEN_DEFAULT_DACL
{
647 } TOKEN_DEFAULT_DACL
,*PTOKEN_DEFAULT_DACL
;
649 typedef struct _TOKEN_GROUPS_AND_PRIVILEGES
{
652 PSID_AND_ATTRIBUTES Sids
;
653 ULONG RestrictedSidCount
;
654 ULONG RestrictedSidLength
;
655 PSID_AND_ATTRIBUTES RestrictedSids
;
656 ULONG PrivilegeCount
;
657 ULONG PrivilegeLength
;
658 PLUID_AND_ATTRIBUTES Privileges
;
659 LUID AuthenticationId
;
660 } TOKEN_GROUPS_AND_PRIVILEGES
, *PTOKEN_GROUPS_AND_PRIVILEGES
;
662 typedef struct _TOKEN_LINKED_TOKEN
{
664 } TOKEN_LINKED_TOKEN
, *PTOKEN_LINKED_TOKEN
;
666 typedef struct _TOKEN_ELEVATION
{
667 ULONG TokenIsElevated
;
668 } TOKEN_ELEVATION
, *PTOKEN_ELEVATION
;
670 typedef struct _TOKEN_MANDATORY_LABEL
{
671 SID_AND_ATTRIBUTES Label
;
672 } TOKEN_MANDATORY_LABEL
, *PTOKEN_MANDATORY_LABEL
;
674 #define TOKEN_MANDATORY_POLICY_OFF 0x0
675 #define TOKEN_MANDATORY_POLICY_NO_WRITE_UP 0x1
676 #define TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN 0x2
678 #define TOKEN_MANDATORY_POLICY_VALID_MASK (TOKEN_MANDATORY_POLICY_NO_WRITE_UP | \
679 TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN)
681 typedef struct _TOKEN_MANDATORY_POLICY
{
683 } TOKEN_MANDATORY_POLICY
, *PTOKEN_MANDATORY_POLICY
;
685 typedef struct _TOKEN_ACCESS_INFORMATION
{
686 PSID_AND_ATTRIBUTES_HASH SidHash
;
687 PSID_AND_ATTRIBUTES_HASH RestrictedSidHash
;
688 PTOKEN_PRIVILEGES Privileges
;
689 LUID AuthenticationId
;
690 TOKEN_TYPE TokenType
;
691 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
;
692 TOKEN_MANDATORY_POLICY MandatoryPolicy
;
694 } TOKEN_ACCESS_INFORMATION
, *PTOKEN_ACCESS_INFORMATION
;
696 #define POLICY_AUDIT_SUBCATEGORY_COUNT (53)
698 typedef struct _TOKEN_AUDIT_POLICY
{
699 UCHAR PerUserPolicy
[((POLICY_AUDIT_SUBCATEGORY_COUNT
) >> 1) + 1];
700 } TOKEN_AUDIT_POLICY
, *PTOKEN_AUDIT_POLICY
;
702 #define TOKEN_SOURCE_LENGTH 8
704 typedef struct _TOKEN_SOURCE
{
705 CHAR SourceName
[TOKEN_SOURCE_LENGTH
];
706 LUID SourceIdentifier
;
707 } TOKEN_SOURCE
,*PTOKEN_SOURCE
;
709 typedef struct _TOKEN_STATISTICS
{
711 LUID AuthenticationId
;
712 LARGE_INTEGER ExpirationTime
;
713 TOKEN_TYPE TokenType
;
714 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
;
715 ULONG DynamicCharged
;
716 ULONG DynamicAvailable
;
718 ULONG PrivilegeCount
;
720 } TOKEN_STATISTICS
, *PTOKEN_STATISTICS
;
722 typedef struct _TOKEN_CONTROL
{
724 LUID AuthenticationId
;
726 TOKEN_SOURCE TokenSource
;
727 } TOKEN_CONTROL
,*PTOKEN_CONTROL
;
729 typedef struct _TOKEN_ORIGIN
{
730 LUID OriginatingLogonSession
;
731 } TOKEN_ORIGIN
, *PTOKEN_ORIGIN
;
733 typedef enum _MANDATORY_LEVEL
{
734 MandatoryLevelUntrusted
= 0,
736 MandatoryLevelMedium
,
738 MandatoryLevelSystem
,
739 MandatoryLevelSecureProcess
,
741 } MANDATORY_LEVEL
, *PMANDATORY_LEVEL
;
743 #if (NTDDI_VERSION >= NTDDI_WIN2K)
749 IN HANDLE ThreadHandle
,
750 IN ACCESS_MASK DesiredAccess
,
751 IN BOOLEAN OpenAsSelf
,
752 OUT PHANDLE TokenHandle
);
758 IN HANDLE ProcessHandle
,
759 IN ACCESS_MASK DesiredAccess
,
760 OUT PHANDLE TokenHandle
);
765 NtQueryInformationToken(
766 IN HANDLE TokenHandle
,
767 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
768 OUT PVOID TokenInformation OPTIONAL
,
769 IN ULONG TokenInformationLength
,
770 OUT PULONG ReturnLength
);
775 NtAdjustPrivilegesToken(
776 IN HANDLE TokenHandle
,
777 IN BOOLEAN DisableAllPrivileges
,
778 IN PTOKEN_PRIVILEGES NewState OPTIONAL
,
779 IN ULONG BufferLength
,
780 OUT PTOKEN_PRIVILEGES PreviousState
,
781 OUT PULONG ReturnLength OPTIONAL
);
785 #if (NTDDI_VERSION >= NTDDI_WINXP)
791 IN HANDLE ThreadHandle
,
792 IN ACCESS_MASK DesiredAccess
,
793 IN BOOLEAN OpenAsSelf
,
794 IN ULONG HandleAttributes
,
795 OUT PHANDLE TokenHandle
);
800 NtOpenProcessTokenEx(
801 IN HANDLE ProcessHandle
,
802 IN ACCESS_MASK DesiredAccess
,
803 IN ULONG HandleAttributes
,
804 OUT PHANDLE TokenHandle
);
809 NtOpenJobObjectToken(
811 IN ACCESS_MASK DesiredAccess
,
812 OUT PHANDLE TokenHandle
);
818 IN HANDLE ExistingTokenHandle
,
819 IN ACCESS_MASK DesiredAccess
,
820 IN POBJECT_ATTRIBUTES ObjectAttributes
,
821 IN BOOLEAN EffectiveOnly
,
822 IN TOKEN_TYPE TokenType
,
823 OUT PHANDLE NewTokenHandle
);
829 IN HANDLE ExistingTokenHandle
,
831 IN PTOKEN_GROUPS SidsToDisable OPTIONAL
,
832 IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL
,
833 IN PTOKEN_GROUPS RestrictedSids OPTIONAL
,
834 OUT PHANDLE NewTokenHandle
);
839 NtImpersonateAnonymousToken(
840 IN HANDLE ThreadHandle
);
845 NtSetInformationToken(
846 IN HANDLE TokenHandle
,
847 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
848 IN PVOID TokenInformation
,
849 IN ULONG TokenInformationLength
);
855 IN HANDLE TokenHandle
,
856 IN BOOLEAN ResetToDefault
,
857 IN PTOKEN_GROUPS NewState OPTIONAL
,
858 IN ULONG BufferLength OPTIONAL
,
859 OUT PTOKEN_GROUPS PreviousState
,
860 OUT PULONG ReturnLength
);
866 IN HANDLE ClientToken
,
867 IN OUT PPRIVILEGE_SET RequiredPrivileges
,
868 OUT PBOOLEAN Result
);
873 NtAccessCheckAndAuditAlarm(
874 IN PUNICODE_STRING SubsystemName
,
875 IN PVOID HandleId OPTIONAL
,
876 IN PUNICODE_STRING ObjectTypeName
,
877 IN PUNICODE_STRING ObjectName
,
878 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
879 IN ACCESS_MASK DesiredAccess
,
880 IN PGENERIC_MAPPING GenericMapping
,
881 IN BOOLEAN ObjectCreation
,
882 OUT PACCESS_MASK GrantedAccess
,
883 OUT PNTSTATUS AccessStatus
,
884 OUT PBOOLEAN GenerateOnClose
);
889 NtAccessCheckByTypeAndAuditAlarm(
890 IN PUNICODE_STRING SubsystemName
,
892 IN PUNICODE_STRING ObjectTypeName
,
893 IN PUNICODE_STRING ObjectName
,
894 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
895 IN PSID PrincipalSelfSid OPTIONAL
,
896 IN ACCESS_MASK DesiredAccess
,
897 IN AUDIT_EVENT_TYPE AuditType
,
899 IN POBJECT_TYPE_LIST ObjectTypeList OPTIONAL
,
900 IN ULONG ObjectTypeLength
,
901 IN PGENERIC_MAPPING GenericMapping
,
902 IN BOOLEAN ObjectCreation
,
903 OUT PACCESS_MASK GrantedAccess
,
904 OUT PNTSTATUS AccessStatus
,
905 OUT PBOOLEAN GenerateOnClose
);
910 NtAccessCheckByTypeResultListAndAuditAlarm(
911 IN PUNICODE_STRING SubsystemName
,
912 IN PVOID HandleId OPTIONAL
,
913 IN PUNICODE_STRING ObjectTypeName
,
914 IN PUNICODE_STRING ObjectName
,
915 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
916 IN PSID PrincipalSelfSid OPTIONAL
,
917 IN ACCESS_MASK DesiredAccess
,
918 IN AUDIT_EVENT_TYPE AuditType
,
920 IN POBJECT_TYPE_LIST ObjectTypeList OPTIONAL
,
921 IN ULONG ObjectTypeLength
,
922 IN PGENERIC_MAPPING GenericMapping
,
923 IN BOOLEAN ObjectCreation
,
924 OUT PACCESS_MASK GrantedAccess
,
925 OUT PNTSTATUS AccessStatus
,
926 OUT PBOOLEAN GenerateOnClose
);
930 NtAccessCheckByTypeResultListAndAuditAlarmByHandle(
931 IN PUNICODE_STRING SubsystemName
,
932 IN PVOID HandleId OPTIONAL
,
933 IN HANDLE ClientToken
,
934 IN PUNICODE_STRING ObjectTypeName
,
935 IN PUNICODE_STRING ObjectName
,
936 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
937 IN PSID PrincipalSelfSid OPTIONAL
,
938 IN ACCESS_MASK DesiredAccess
,
939 IN AUDIT_EVENT_TYPE AuditType
,
941 IN POBJECT_TYPE_LIST ObjectTypeList OPTIONAL
,
942 IN ULONG ObjectTypeLength
,
943 IN PGENERIC_MAPPING GenericMapping
,
944 IN BOOLEAN ObjectCreation
,
945 OUT PACCESS_MASK GrantedAccess
,
946 OUT PNTSTATUS AccessStatus
,
947 OUT PBOOLEAN GenerateOnClose
);
952 NtOpenObjectAuditAlarm(
953 IN PUNICODE_STRING SubsystemName
,
954 IN PVOID HandleId OPTIONAL
,
955 IN PUNICODE_STRING ObjectTypeName
,
956 IN PUNICODE_STRING ObjectName
,
957 IN PSECURITY_DESCRIPTOR SecurityDescriptor OPTIONAL
,
958 IN HANDLE ClientToken
,
959 IN ACCESS_MASK DesiredAccess
,
960 IN ACCESS_MASK GrantedAccess
,
961 IN PPRIVILEGE_SET Privileges OPTIONAL
,
962 IN BOOLEAN ObjectCreation
,
963 IN BOOLEAN AccessGranted
,
964 OUT PBOOLEAN GenerateOnClose
);
969 NtPrivilegeObjectAuditAlarm(
970 IN PUNICODE_STRING SubsystemName
,
971 IN PVOID HandleId OPTIONAL
,
972 IN HANDLE ClientToken
,
973 IN ACCESS_MASK DesiredAccess
,
974 IN PPRIVILEGE_SET Privileges
,
975 IN BOOLEAN AccessGranted
);
980 NtCloseObjectAuditAlarm(
981 IN PUNICODE_STRING SubsystemName
,
982 IN PVOID HandleId OPTIONAL
,
983 IN BOOLEAN GenerateOnClose
);
988 NtDeleteObjectAuditAlarm(
989 IN PUNICODE_STRING SubsystemName
,
990 IN PVOID HandleId OPTIONAL
,
991 IN BOOLEAN GenerateOnClose
);
996 NtPrivilegedServiceAuditAlarm(
997 IN PUNICODE_STRING SubsystemName
,
998 IN PUNICODE_STRING ServiceName
,
999 IN HANDLE ClientToken
,
1000 IN PPRIVILEGE_SET Privileges
,
1001 IN BOOLEAN AccessGranted
);
1006 NtSetInformationThread(
1007 IN HANDLE ThreadHandle
,
1008 IN THREADINFOCLASS ThreadInformationClass
,
1009 IN PVOID ThreadInformation
,
1010 IN ULONG ThreadInformationLength
);
1015 (NTAPI
* PRTL_HEAP_COMMIT_ROUTINE
) (
1017 IN OUT PVOID
*CommitAddress
,
1018 IN OUT PSIZE_T CommitSize
);
1020 typedef struct _RTL_HEAP_PARAMETERS
{
1022 SIZE_T SegmentReserve
;
1023 SIZE_T SegmentCommit
;
1024 SIZE_T DeCommitFreeBlockThreshold
;
1025 SIZE_T DeCommitTotalFreeThreshold
;
1026 SIZE_T MaximumAllocationSize
;
1027 SIZE_T VirtualMemoryThreshold
;
1028 SIZE_T InitialCommit
;
1029 SIZE_T InitialReserve
;
1030 PRTL_HEAP_COMMIT_ROUTINE CommitRoutine
;
1032 } RTL_HEAP_PARAMETERS
, *PRTL_HEAP_PARAMETERS
;
1034 #if (NTDDI_VERSION >= NTDDI_WIN2K)
1040 IN HANDLE HeapHandle
,
1041 IN ULONG Flags OPTIONAL
,
1048 IN PVOID HeapHandle
,
1049 IN ULONG Flags OPTIONAL
,
1050 IN PVOID BaseAddress
);
1056 OUT PCONTEXT ContextRecord
);
1062 IN OUT PULONG Seed
);
1067 RtlCreateUnicodeString(
1068 OUT PUNICODE_STRING DestinationString
,
1069 IN PCWSTR SourceString
);
1074 RtlAppendStringToString(
1075 IN OUT PSTRING Destination
,
1076 IN
const STRING
*Source
);
1081 RtlOemStringToUnicodeString(
1082 IN OUT PUNICODE_STRING DestinationString
,
1083 IN PCOEM_STRING SourceString
,
1084 IN BOOLEAN AllocateDestinationString
);
1089 RtlUnicodeStringToOemString(
1090 IN OUT POEM_STRING DestinationString
,
1091 IN PCUNICODE_STRING SourceString
,
1092 IN BOOLEAN AllocateDestinationString
);
1097 RtlUpcaseUnicodeStringToOemString(
1098 IN OUT POEM_STRING DestinationString
,
1099 IN PCUNICODE_STRING SourceString
,
1100 IN BOOLEAN AllocateDestinationString
);
1105 RtlOemStringToCountedUnicodeString(
1106 IN OUT PUNICODE_STRING DestinationString
,
1107 IN PCOEM_STRING SourceString
,
1108 IN BOOLEAN AllocateDestinationString
);
1113 RtlUnicodeStringToCountedOemString(
1114 IN OUT POEM_STRING DestinationString
,
1115 IN PCUNICODE_STRING SourceString
,
1116 IN BOOLEAN AllocateDestinationString
);
1121 RtlUpcaseUnicodeStringToCountedOemString(
1122 IN OUT POEM_STRING DestinationString
,
1123 IN PCUNICODE_STRING SourceString
,
1124 IN BOOLEAN AllocateDestinationString
);
1129 RtlDowncaseUnicodeString(
1130 IN OUT PUNICODE_STRING UniDest
,
1131 IN PCUNICODE_STRING UniSource
,
1132 IN BOOLEAN AllocateDestinationString
);
1138 IN OUT POEM_STRING OemString
);
1143 RtlxUnicodeStringToOemSize(
1144 IN PCUNICODE_STRING UnicodeString
);
1149 RtlxOemStringToUnicodeSize(
1150 IN PCOEM_STRING OemString
);
1155 RtlMultiByteToUnicodeN(
1156 OUT PWCH UnicodeString
,
1157 IN ULONG MaxBytesInUnicodeString
,
1158 OUT PULONG BytesInUnicodeString OPTIONAL
,
1159 IN
const CHAR
*MultiByteString
,
1160 IN ULONG BytesInMultiByteString
);
1165 RtlMultiByteToUnicodeSize(
1166 OUT PULONG BytesInUnicodeString
,
1167 IN
const CHAR
*MultiByteString
,
1168 IN ULONG BytesInMultiByteString
);
1173 RtlUnicodeToMultiByteSize(
1174 OUT PULONG BytesInMultiByteString
,
1175 IN PCWCH UnicodeString
,
1176 IN ULONG BytesInUnicodeString
);
1181 RtlUnicodeToMultiByteN(
1182 OUT PCHAR MultiByteString
,
1183 IN ULONG MaxBytesInMultiByteString
,
1184 OUT PULONG BytesInMultiByteString OPTIONAL
,
1185 IN PWCH UnicodeString
,
1186 IN ULONG BytesInUnicodeString
);
1191 RtlUpcaseUnicodeToMultiByteN(
1192 OUT PCHAR MultiByteString
,
1193 IN ULONG MaxBytesInMultiByteString
,
1194 OUT PULONG BytesInMultiByteString OPTIONAL
,
1195 IN PCWCH UnicodeString
,
1196 IN ULONG BytesInUnicodeString
);
1202 OUT PWSTR UnicodeString
,
1203 IN ULONG MaxBytesInUnicodeString
,
1204 OUT PULONG BytesInUnicodeString OPTIONAL
,
1206 IN ULONG BytesInOemString
);
1212 OUT PCHAR OemString
,
1213 IN ULONG MaxBytesInOemString
,
1214 OUT PULONG BytesInOemString OPTIONAL
,
1215 IN PCWCH UnicodeString
,
1216 IN ULONG BytesInUnicodeString
);
1221 RtlUpcaseUnicodeToOemN(
1222 OUT PCHAR OemString
,
1223 IN ULONG MaxBytesInOemString
,
1224 OUT PULONG BytesInOemString OPTIONAL
,
1225 IN PCWCH UnicodeString
,
1226 IN ULONG BytesInUnicodeString
);
1228 #if (NTDDI_VERSION >= NTDDI_VISTASP1)
1232 RtlGenerate8dot3Name(
1233 IN PCUNICODE_STRING Name
,
1234 IN BOOLEAN AllowExtendedCharacters
,
1235 IN OUT PGENERATE_NAME_CONTEXT Context
,
1236 IN OUT PUNICODE_STRING Name8dot3
);
1241 RtlGenerate8dot3Name(
1242 IN PCUNICODE_STRING Name
,
1243 IN BOOLEAN AllowExtendedCharacters
,
1244 IN OUT PGENERATE_NAME_CONTEXT Context
,
1245 IN OUT PUNICODE_STRING Name8dot3
);
1251 RtlIsNameLegalDOS8Dot3(
1252 IN PCUNICODE_STRING Name
,
1253 IN OUT POEM_STRING OemName OPTIONAL
,
1254 IN OUT PBOOLEAN NameContainsSpaces OPTIONAL
);
1259 RtlIsValidOemCharacter(
1260 IN OUT PWCHAR Char
);
1266 OUT PPREFIX_TABLE PrefixTable
);
1272 IN PPREFIX_TABLE PrefixTable
,
1274 OUT PPREFIX_TABLE_ENTRY PrefixTableEntry
);
1280 IN PPREFIX_TABLE PrefixTable
,
1281 IN PPREFIX_TABLE_ENTRY PrefixTableEntry
);
1287 IN PPREFIX_TABLE PrefixTable
,
1288 IN PSTRING FullName
);
1293 RtlInitializeUnicodePrefix(
1294 OUT PUNICODE_PREFIX_TABLE PrefixTable
);
1299 RtlInsertUnicodePrefix(
1300 IN PUNICODE_PREFIX_TABLE PrefixTable
,
1301 IN PUNICODE_STRING Prefix
,
1302 OUT PUNICODE_PREFIX_TABLE_ENTRY PrefixTableEntry
);
1307 RtlRemoveUnicodePrefix(
1308 IN PUNICODE_PREFIX_TABLE PrefixTable
,
1309 IN PUNICODE_PREFIX_TABLE_ENTRY PrefixTableEntry
);
1312 PUNICODE_PREFIX_TABLE_ENTRY
1314 RtlFindUnicodePrefix(
1315 IN PUNICODE_PREFIX_TABLE PrefixTable
,
1316 IN PUNICODE_STRING FullName
,
1317 IN ULONG CaseInsensitiveIndex
);
1320 PUNICODE_PREFIX_TABLE_ENTRY
1322 RtlNextUnicodePrefix(
1323 IN PUNICODE_PREFIX_TABLE PrefixTable
,
1324 IN BOOLEAN Restart
);
1329 RtlCompareMemoryUlong(
1337 RtlTimeToSecondsSince1980(
1338 IN PLARGE_INTEGER Time
,
1339 OUT PULONG ElapsedSeconds
);
1344 RtlSecondsSince1980ToTime(
1345 IN ULONG ElapsedSeconds
,
1346 OUT PLARGE_INTEGER Time
);
1351 RtlTimeToSecondsSince1970(
1352 IN PLARGE_INTEGER Time
,
1353 OUT PULONG ElapsedSeconds
);
1358 RtlSecondsSince1970ToTime(
1359 IN ULONG ElapsedSeconds
,
1360 OUT PLARGE_INTEGER Time
);
1385 RtlLengthRequiredSid(
1386 IN ULONG SubAuthorityCount
);
1397 RtlAllocateAndInitializeSid(
1398 IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority
,
1399 IN UCHAR SubAuthorityCount
,
1400 IN ULONG SubAuthority0
,
1401 IN ULONG SubAuthority1
,
1402 IN ULONG SubAuthority2
,
1403 IN ULONG SubAuthority3
,
1404 IN ULONG SubAuthority4
,
1405 IN ULONG SubAuthority5
,
1406 IN ULONG SubAuthority6
,
1407 IN ULONG SubAuthority7
,
1415 IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority
,
1416 IN UCHAR SubAuthorityCount
);
1423 IN ULONG SubAuthority
);
1436 IN PSID Destination
,
1442 RtlConvertSidToUnicodeString(
1443 IN OUT PUNICODE_STRING UnicodeString
,
1445 IN BOOLEAN AllocateDestinationString
);
1451 OUT PLUID DestinationLuid
,
1452 IN PLUID SourceLuid
);
1460 IN ULONG AclRevision
);
1467 IN ULONG AceRevision
,
1468 IN ULONG StartingAceIndex
,
1470 IN ULONG AceListLength
);
1490 RtlAddAccessAllowedAce(
1492 IN ULONG AceRevision
,
1493 IN ACCESS_MASK AccessMask
,
1499 RtlAddAccessAllowedAceEx(
1501 IN ULONG AceRevision
,
1503 IN ACCESS_MASK AccessMask
,
1509 RtlCreateSecurityDescriptorRelative(
1510 OUT PISECURITY_DESCRIPTOR_RELATIVE SecurityDescriptor
,
1516 RtlGetDaclSecurityDescriptor(
1517 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
1518 OUT PBOOLEAN DaclPresent
,
1520 OUT PBOOLEAN DaclDefaulted
);
1525 RtlSetOwnerSecurityDescriptor(
1526 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
1527 IN PSID Owner OPTIONAL
,
1528 IN BOOLEAN OwnerDefaulted
);
1533 RtlGetOwnerSecurityDescriptor(
1534 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
1536 OUT PBOOLEAN OwnerDefaulted
);
1541 RtlNtStatusToDosError(
1542 IN NTSTATUS Status
);
1547 RtlCustomCPToUnicodeN(
1548 IN PCPTABLEINFO CustomCP
,
1549 OUT PWCH UnicodeString
,
1550 IN ULONG MaxBytesInUnicodeString
,
1551 OUT PULONG BytesInUnicodeString OPTIONAL
,
1552 IN PCH CustomCPString
,
1553 IN ULONG BytesInCustomCPString
);
1558 RtlUnicodeToCustomCPN(
1559 IN PCPTABLEINFO CustomCP
,
1560 OUT PCH CustomCPString
,
1561 IN ULONG MaxBytesInCustomCPString
,
1562 OUT PULONG BytesInCustomCPString OPTIONAL
,
1563 IN PWCH UnicodeString
,
1564 IN ULONG BytesInUnicodeString
);
1569 RtlUpcaseUnicodeToCustomCPN(
1570 IN PCPTABLEINFO CustomCP
,
1571 OUT PCH CustomCPString
,
1572 IN ULONG MaxBytesInCustomCPString
,
1573 OUT PULONG BytesInCustomCPString OPTIONAL
,
1574 IN PWCH UnicodeString
,
1575 IN ULONG BytesInUnicodeString
);
1580 RtlInitCodePageTable(
1581 IN PUSHORT TableBase
,
1582 IN OUT PCPTABLEINFO CodePageTable
);
1586 #if (NTDDI_VERSION >= NTDDI_WINXP)
1593 IN PVOID HeapBase OPTIONAL
,
1594 IN SIZE_T ReserveSize OPTIONAL
,
1595 IN SIZE_T CommitSize OPTIONAL
,
1596 IN PVOID Lock OPTIONAL
,
1597 IN PRTL_HEAP_PARAMETERS Parameters OPTIONAL
);
1603 IN PVOID HeapHandle
);
1608 RtlCaptureStackBackTrace(
1609 IN ULONG FramesToSkip
,
1610 IN ULONG FramesToCapture
,
1611 OUT PVOID
*BackTrace
,
1612 OUT PULONG BackTraceHash OPTIONAL
);
1618 IN OUT PULONG Seed
);
1623 RtlInitUnicodeStringEx(
1624 OUT PUNICODE_STRING DestinationString
,
1625 IN PCWSTR SourceString OPTIONAL
);
1630 RtlValidateUnicodeString(
1632 IN PCUNICODE_STRING String
);
1637 RtlDuplicateUnicodeString(
1639 IN PCUNICODE_STRING SourceString
,
1640 OUT PUNICODE_STRING DestinationString
);
1645 RtlGetCompressionWorkSpaceSize(
1646 IN USHORT CompressionFormatAndEngine
,
1647 OUT PULONG CompressBufferWorkSpaceSize
,
1648 OUT PULONG CompressFragmentWorkSpaceSize
);
1654 IN USHORT CompressionFormatAndEngine
,
1655 IN PUCHAR UncompressedBuffer
,
1656 IN ULONG UncompressedBufferSize
,
1657 OUT PUCHAR CompressedBuffer
,
1658 IN ULONG CompressedBufferSize
,
1659 IN ULONG UncompressedChunkSize
,
1660 OUT PULONG FinalCompressedSize
,
1661 IN PVOID WorkSpace
);
1666 RtlDecompressBuffer(
1667 IN USHORT CompressionFormat
,
1668 OUT PUCHAR UncompressedBuffer
,
1669 IN ULONG UncompressedBufferSize
,
1670 IN PUCHAR CompressedBuffer
,
1671 IN ULONG CompressedBufferSize
,
1672 OUT PULONG FinalUncompressedSize
);
1677 RtlDecompressFragment(
1678 IN USHORT CompressionFormat
,
1679 OUT PUCHAR UncompressedFragment
,
1680 IN ULONG UncompressedFragmentSize
,
1681 IN PUCHAR CompressedBuffer
,
1682 IN ULONG CompressedBufferSize
,
1683 IN ULONG FragmentOffset
,
1684 OUT PULONG FinalUncompressedSize
,
1685 IN PVOID WorkSpace
);
1691 IN USHORT CompressionFormat
,
1692 IN OUT PUCHAR
*CompressedBuffer
,
1693 IN PUCHAR EndOfCompressedBufferPlus1
,
1694 OUT PUCHAR
*ChunkBuffer
,
1695 OUT PULONG ChunkSize
);
1701 IN USHORT CompressionFormat
,
1702 IN OUT PUCHAR
*CompressedBuffer
,
1703 IN PUCHAR EndOfCompressedBufferPlus1
,
1704 OUT PUCHAR
*ChunkBuffer
,
1705 IN ULONG ChunkSize
);
1710 RtlDecompressChunks(
1711 OUT PUCHAR UncompressedBuffer
,
1712 IN ULONG UncompressedBufferSize
,
1713 IN PUCHAR CompressedBuffer
,
1714 IN ULONG CompressedBufferSize
,
1715 IN PUCHAR CompressedTail
,
1716 IN ULONG CompressedTailSize
,
1717 IN PCOMPRESSED_DATA_INFO CompressedDataInfo
);
1723 IN PUCHAR UncompressedBuffer
,
1724 IN ULONG UncompressedBufferSize
,
1725 OUT PUCHAR CompressedBuffer
,
1726 IN ULONG CompressedBufferSize
,
1727 IN OUT PCOMPRESSED_DATA_INFO CompressedDataInfo
,
1728 IN ULONG CompressedDataInfoLength
,
1729 IN PVOID WorkSpace
);
1732 PSID_IDENTIFIER_AUTHORITY
1734 RtlIdentifierAuthoritySid(
1740 RtlSubAuthorityCountSid(
1746 RtlNtStatusToDosErrorNoTeb(
1747 IN NTSTATUS Status
);
1752 RtlCreateSystemVolumeInformationFolder(
1753 IN PCUNICODE_STRING VolumeRootPath
);
1757 #if defined(_M_AMD64)
1761 RtlFillMemoryUlong (
1762 OUT PVOID Destination
,
1766 PULONG Address
= (PULONG
)Destination
;
1767 if ((Length
/= 4) != 0) {
1768 if (((ULONG64
)Address
& 4) != 0) {
1770 if ((Length
-= 1) == 0) {
1775 __stosq((PULONG64
)(Address
), Pattern
| ((ULONG64
)Pattern
<< 32), Length
/ 2);
1776 if ((Length
& 1) != 0) Address
[Length
- 1] = Pattern
;
1781 #define RtlFillMemoryUlonglong(Destination, Length, Pattern) \
1782 __stosq((PULONG64)(Destination), Pattern, (Length) / 8)
1786 #if (NTDDI_VERSION >= NTDDI_WINXP)
1792 OUT PVOID Destination
,
1799 RtlFillMemoryUlonglong(
1800 OUT PVOID Destination
,
1802 IN ULONGLONG Pattern
);
1806 #endif // defined(_M_AMD64)
1808 #if (NTDDI_VERSION >= NTDDI_WS03)
1813 RtlInitAnsiStringEx(
1814 OUT PANSI_STRING DestinationString
,
1815 IN PCSZ SourceString OPTIONAL
);
1819 #if (NTDDI_VERSION >= NTDDI_WS03SP1)
1824 RtlGetSaclSecurityDescriptor(
1825 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
1826 OUT PBOOLEAN SaclPresent
,
1828 OUT PBOOLEAN SaclDefaulted
);
1833 RtlSetGroupSecurityDescriptor(
1834 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
1835 IN PSID Group OPTIONAL
,
1836 IN BOOLEAN GroupDefaulted OPTIONAL
);
1841 RtlGetGroupSecurityDescriptor(
1842 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
1844 OUT PBOOLEAN GroupDefaulted
);
1849 RtlAbsoluteToSelfRelativeSD(
1850 IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor
,
1851 OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor OPTIONAL
,
1852 IN OUT PULONG BufferLength
);
1857 RtlSelfRelativeToAbsoluteSD(
1858 IN PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor
,
1859 OUT PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor OPTIONAL
,
1860 IN OUT PULONG AbsoluteSecurityDescriptorSize
,
1861 OUT PACL Dacl OPTIONAL
,
1862 IN OUT PULONG DaclSize
,
1863 OUT PACL Sacl OPTIONAL
,
1864 IN OUT PULONG SaclSize
,
1865 OUT PSID Owner OPTIONAL
,
1866 IN OUT PULONG OwnerSize
,
1867 OUT PSID PrimaryGroup OPTIONAL
,
1868 IN OUT PULONG PrimaryGroupSize
);
1872 #if (NTDDI_VERSION >= NTDDI_VISTA)
1879 IN PCWSTR SourceString
,
1880 IN LONG SourceStringLength
,
1881 OUT PWSTR DestinationString
,
1882 IN OUT PLONG DestinationStringLength
);
1887 RtlIsNormalizedString(
1889 IN PCWSTR SourceString
,
1890 IN LONG SourceStringLength
,
1891 OUT PBOOLEAN Normalized
);
1898 IN PCWSTR SourceString
,
1899 IN LONG SourceStringLength
,
1900 OUT PWSTR DestinationString
,
1901 IN OUT PLONG DestinationStringLength
);
1908 IN PCWSTR SourceString
,
1909 IN LONG SourceStringLength
,
1910 OUT PWSTR DestinationString
,
1911 IN OUT PLONG DestinationStringLength
);
1916 RtlIdnToNameprepUnicode(
1918 IN PCWSTR SourceString
,
1919 IN LONG SourceStringLength
,
1920 OUT PWSTR DestinationString
,
1921 IN OUT PLONG DestinationStringLength
);
1926 RtlCreateServiceSid(
1927 IN PUNICODE_STRING ServiceName
,
1928 OUT PSID ServiceSid
,
1929 IN OUT PULONG ServiceSidLength
);
1934 RtlCompareAltitudes(
1935 IN PCUNICODE_STRING Altitude1
,
1936 IN PCUNICODE_STRING Altitude2
);
1940 #if (NTDDI_VERSION >= NTDDI_WIN7)
1946 OUT PCHAR UTF8StringDestination
,
1947 IN ULONG UTF8StringMaxByteCount
,
1948 OUT PULONG UTF8StringActualByteCount
,
1949 IN PCWCH UnicodeStringSource
,
1950 IN ULONG UnicodeStringByteCount
);
1956 OUT PWSTR UnicodeStringDestination
,
1957 IN ULONG UnicodeStringMaxByteCount
,
1958 OUT PULONG UnicodeStringActualByteCount
,
1959 IN PCCH UTF8StringSource
,
1960 IN ULONG UTF8StringByteCount
);
1966 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
1969 OUT ULONG
*NumChanges
);
1974 RtlCreateVirtualAccountSid(
1975 IN PCUNICODE_STRING Name
,
1976 IN ULONG BaseSubAuthority
,
1978 IN OUT PULONG SidLength
);
1982 #define HEAP_NO_SERIALIZE 0x00000001
1983 #define HEAP_GROWABLE 0x00000002
1984 #define HEAP_GENERATE_EXCEPTIONS 0x00000004
1985 #define HEAP_ZERO_MEMORY 0x00000008
1986 #define HEAP_REALLOC_IN_PLACE_ONLY 0x00000010
1987 #define HEAP_TAIL_CHECKING_ENABLED 0x00000020
1988 #define HEAP_FREE_CHECKING_ENABLED 0x00000040
1989 #define HEAP_DISABLE_COALESCE_ON_FREE 0x00000080
1991 #define HEAP_CREATE_ALIGN_16 0x00010000
1992 #define HEAP_CREATE_ENABLE_TRACING 0x00020000
1993 #define HEAP_CREATE_ENABLE_EXECUTE 0x00040000
1995 #define HEAP_SETTABLE_USER_VALUE 0x00000100
1996 #define HEAP_SETTABLE_USER_FLAG1 0x00000200
1997 #define HEAP_SETTABLE_USER_FLAG2 0x00000400
1998 #define HEAP_SETTABLE_USER_FLAG3 0x00000800
1999 #define HEAP_SETTABLE_USER_FLAGS 0x00000E00
2001 #define HEAP_CLASS_0 0x00000000
2002 #define HEAP_CLASS_1 0x00001000
2003 #define HEAP_CLASS_2 0x00002000
2004 #define HEAP_CLASS_3 0x00003000
2005 #define HEAP_CLASS_4 0x00004000
2006 #define HEAP_CLASS_5 0x00005000
2007 #define HEAP_CLASS_6 0x00006000
2008 #define HEAP_CLASS_7 0x00007000
2009 #define HEAP_CLASS_8 0x00008000
2010 #define HEAP_CLASS_MASK 0x0000F000
2012 #define HEAP_MAXIMUM_TAG 0x0FFF
2013 #define HEAP_GLOBAL_TAG 0x0800
2014 #define HEAP_PSEUDO_TAG_FLAG 0x8000
2015 #define HEAP_TAG_SHIFT 18
2016 #define HEAP_TAG_MASK (HEAP_MAXIMUM_TAG << HEAP_TAG_SHIFT)
2018 #define HEAP_CREATE_VALID_MASK (HEAP_NO_SERIALIZE | \
2020 HEAP_GENERATE_EXCEPTIONS | \
2021 HEAP_ZERO_MEMORY | \
2022 HEAP_REALLOC_IN_PLACE_ONLY | \
2023 HEAP_TAIL_CHECKING_ENABLED | \
2024 HEAP_FREE_CHECKING_ENABLED | \
2025 HEAP_DISABLE_COALESCE_ON_FREE | \
2027 HEAP_CREATE_ALIGN_16 | \
2028 HEAP_CREATE_ENABLE_TRACING | \
2029 HEAP_CREATE_ENABLE_EXECUTE)
2033 HEAP_MAKE_TAG_FLAGS(
2037 __assume_bound(TagBase
);
2038 return ((ULONG
)((TagBase
) + ((Tag
) << HEAP_TAG_SHIFT
)));
2041 #define RTL_DUPLICATE_UNICODE_STRING_NULL_TERMINATE 1
2042 #define RTL_DUPLICATE_UNICODE_STRING_ALLOCATE_NULL_STRING 2
2044 #define RtlUnicodeStringToOemSize(STRING) (NLS_MB_OEM_CODE_PAGE_TAG ? \
2045 RtlxUnicodeStringToOemSize(STRING) : \
2046 ((STRING)->Length + sizeof(UNICODE_NULL)) / sizeof(WCHAR) \
2049 #define RtlOemStringToUnicodeSize(STRING) ( \
2050 NLS_MB_OEM_CODE_PAGE_TAG ? \
2051 RtlxOemStringToUnicodeSize(STRING) : \
2052 ((STRING)->Length + sizeof(ANSI_NULL)) * sizeof(WCHAR) \
2055 #define RtlOemStringToCountedUnicodeSize(STRING) ( \
2056 (ULONG)(RtlOemStringToUnicodeSize(STRING) - sizeof(UNICODE_NULL)) \
2060 (NTAPI
*PRTL_ALLOCATE_STRING_ROUTINE (
2061 IN SIZE_T NumberOfBytes
);
2063 #if _WIN32_WINNT >= 0x0600
2066 (NTAPI
*PRTL_REALLOCATE_STRING_ROUTINE (
2067 IN SIZE_T NumberOfBytes
,
2073 (NTAPI
*PRTL_FREE_STRING_ROUTINE (
2076 extern const PRTL_ALLOCATE_STRING_ROUTINE RtlAllocateStringRoutine
;
2077 extern const PRTL_FREE_STRING_ROUTINE RtlFreeStringRoutine
;
2079 #if _WIN32_WINNT >= 0x0600
2080 extern const PRTL_REALLOCATE_STRING_ROUTINE RtlReallocateStringRoutine
;
2083 typedef struct _GENERATE_NAME_CONTEXT
{
2085 BOOLEAN CheckSumInserted
;
2087 WCHAR NameBuffer
[8];
2088 ULONG ExtensionLength
;
2089 WCHAR ExtensionBuffer
[4];
2090 ULONG LastIndexValue
;
2091 } GENERATE_NAME_CONTEXT
, *PGENERATE_NAME_CONTEXT
;
2093 typedef struct _PREFIX_TABLE_ENTRY
{
2094 CSHORT NodeTypeCode
;
2096 struct _PREFIX_TABLE_ENTRY
*NextPrefixTree
;
2097 RTL_SPLAY_LINKS Links
;
2099 } PREFIX_TABLE_ENTRY
, *PPREFIX_TABLE_ENTRY
;
2101 typedef struct _PREFIX_TABLE
{
2102 CSHORT NodeTypeCode
;
2104 PPREFIX_TABLE_ENTRY NextPrefixTree
;
2105 } PREFIX_TABLE
, *PPREFIX_TABLE
;
2107 typedef struct _UNICODE_PREFIX_TABLE_ENTRY
{
2108 CSHORT NodeTypeCode
;
2110 struct _UNICODE_PREFIX_TABLE_ENTRY
*NextPrefixTree
;
2111 struct _UNICODE_PREFIX_TABLE_ENTRY
*CaseMatch
;
2112 RTL_SPLAY_LINKS Links
;
2113 PUNICODE_STRING Prefix
;
2114 } UNICODE_PREFIX_TABLE_ENTRY
, *PUNICODE_PREFIX_TABLE_ENTRY
;
2116 typedef struct _UNICODE_PREFIX_TABLE
{
2117 CSHORT NodeTypeCode
;
2119 PUNICODE_PREFIX_TABLE_ENTRY NextPrefixTree
;
2120 PUNICODE_PREFIX_TABLE_ENTRY LastNextEntry
;
2121 } UNICODE_PREFIX_TABLE
, *PUNICODE_PREFIX_TABLE
;
2123 #define COMPRESSION_FORMAT_NONE (0x0000)
2124 #define COMPRESSION_FORMAT_DEFAULT (0x0001)
2125 #define COMPRESSION_FORMAT_LZNT1 (0x0002)
2126 #define COMPRESSION_ENGINE_STANDARD (0x0000)
2127 #define COMPRESSION_ENGINE_MAXIMUM (0x0100)
2128 #define COMPRESSION_ENGINE_HIBER (0x0200)
2130 typedef struct _COMPRESSED_DATA_INFO
{
2131 USHORT CompressionFormatAndEngine
;
2132 UCHAR CompressionUnitShift
;
2136 USHORT NumberOfChunks
;
2137 ULONG CompressedChunkSizes
[ANYSIZE_ARRAY
];
2138 } COMPRESSED_DATA_INFO
, *PCOMPRESSED_DATA_INFO
;
2140 #define RtlOffsetToPointer(B,O) ((PCHAR)( ((PCHAR)(B)) + ((ULONG_PTR)(O)) ))
2141 #define RtlPointerToOffset(B,P) ((ULONG)( ((PCHAR)(P)) - ((PCHAR)(B)) ))
2143 #define MAX_UNICODE_STACK_BUFFER_LENGTH 256
2145 #define RTL_SYSTEM_VOLUME_INFORMATION_FOLDER L"System Volume Information"
2147 #define DEVICE_TYPE ULONG
2149 #define FILE_DEVICE_BEEP 0x00000001
2150 #define FILE_DEVICE_CD_ROM 0x00000002
2151 #define FILE_DEVICE_CD_ROM_FILE_SYSTEM 0x00000003
2152 #define FILE_DEVICE_CONTROLLER 0x00000004
2153 #define FILE_DEVICE_DATALINK 0x00000005
2154 #define FILE_DEVICE_DFS 0x00000006
2155 #define FILE_DEVICE_DISK 0x00000007
2156 #define FILE_DEVICE_DISK_FILE_SYSTEM 0x00000008
2157 #define FILE_DEVICE_FILE_SYSTEM 0x00000009
2158 #define FILE_DEVICE_INPORT_PORT 0x0000000a
2159 #define FILE_DEVICE_KEYBOARD 0x0000000b
2160 #define FILE_DEVICE_MAILSLOT 0x0000000c
2161 #define FILE_DEVICE_MIDI_IN 0x0000000d
2162 #define FILE_DEVICE_MIDI_OUT 0x0000000e
2163 #define FILE_DEVICE_MOUSE 0x0000000f
2164 #define FILE_DEVICE_MULTI_UNC_PROVIDER 0x00000010
2165 #define FILE_DEVICE_NAMED_PIPE 0x00000011
2166 #define FILE_DEVICE_NETWORK 0x00000012
2167 #define FILE_DEVICE_NETWORK_BROWSER 0x00000013
2168 #define FILE_DEVICE_NETWORK_FILE_SYSTEM 0x00000014
2169 #define FILE_DEVICE_NULL 0x00000015
2170 #define FILE_DEVICE_PARALLEL_PORT 0x00000016
2171 #define FILE_DEVICE_PHYSICAL_NETCARD 0x00000017
2172 #define FILE_DEVICE_PRINTER 0x00000018
2173 #define FILE_DEVICE_SCANNER 0x00000019
2174 #define FILE_DEVICE_SERIAL_MOUSE_PORT 0x0000001a
2175 #define FILE_DEVICE_SERIAL_PORT 0x0000001b
2176 #define FILE_DEVICE_SCREEN 0x0000001c
2177 #define FILE_DEVICE_SOUND 0x0000001d
2178 #define FILE_DEVICE_STREAMS 0x0000001e
2179 #define FILE_DEVICE_TAPE 0x0000001f
2180 #define FILE_DEVICE_TAPE_FILE_SYSTEM 0x00000020
2181 #define FILE_DEVICE_TRANSPORT 0x00000021
2182 #define FILE_DEVICE_UNKNOWN 0x00000022
2183 #define FILE_DEVICE_VIDEO 0x00000023
2184 #define FILE_DEVICE_VIRTUAL_DISK 0x00000024
2185 #define FILE_DEVICE_WAVE_IN 0x00000025
2186 #define FILE_DEVICE_WAVE_OUT 0x00000026
2187 #define FILE_DEVICE_8042_PORT 0x00000027
2188 #define FILE_DEVICE_NETWORK_REDIRECTOR 0x00000028
2189 #define FILE_DEVICE_BATTERY 0x00000029
2190 #define FILE_DEVICE_BUS_EXTENDER 0x0000002a
2191 #define FILE_DEVICE_MODEM 0x0000002b
2192 #define FILE_DEVICE_VDM 0x0000002c
2193 #define FILE_DEVICE_MASS_STORAGE 0x0000002d
2194 #define FILE_DEVICE_SMB 0x0000002e
2195 #define FILE_DEVICE_KS 0x0000002f
2196 #define FILE_DEVICE_CHANGER 0x00000030
2197 #define FILE_DEVICE_SMARTCARD 0x00000031
2198 #define FILE_DEVICE_ACPI 0x00000032
2199 #define FILE_DEVICE_DVD 0x00000033
2200 #define FILE_DEVICE_FULLSCREEN_VIDEO 0x00000034
2201 #define FILE_DEVICE_DFS_FILE_SYSTEM 0x00000035
2202 #define FILE_DEVICE_DFS_VOLUME 0x00000036
2203 #define FILE_DEVICE_SERENUM 0x00000037
2204 #define FILE_DEVICE_TERMSRV 0x00000038
2205 #define FILE_DEVICE_KSEC 0x00000039
2206 #define FILE_DEVICE_FIPS 0x0000003A
2207 #define FILE_DEVICE_INFINIBAND 0x0000003B
2208 #define FILE_DEVICE_VMBUS 0x0000003E
2209 #define FILE_DEVICE_CRYPT_PROVIDER 0x0000003F
2210 #define FILE_DEVICE_WPD 0x00000040
2211 #define FILE_DEVICE_BLUETOOTH 0x00000041
2212 #define FILE_DEVICE_MT_COMPOSITE 0x00000042
2213 #define FILE_DEVICE_MT_TRANSPORT 0x00000043
2214 #define FILE_DEVICE_BIOMETRIC 0x00000044
2215 #define FILE_DEVICE_PMI 0x00000045
2217 #define CTL_CODE( DeviceType, Function, Method, Access ) ( \
2218 ((DeviceType) << 16) | ((Access) << 14) | ((Function) << 2) | (Method) \
2220 #define DEVICE_TYPE_FROM_CTL_CODE(ctrlCode) (((ULONG)(ctrlCode & 0xffff0000)) >> 16)
2221 #define METHOD_FROM_CTL_CODE(ctrlCode) ((ULONG)(ctrlCode & 3))
2223 #define METHOD_BUFFERED 0
2224 #define METHOD_IN_DIRECT 1
2225 #define METHOD_OUT_DIRECT 2
2226 #define METHOD_NEITHER 3
2227 #define METHOD_DIRECT_TO_HARDWARE METHOD_IN_DIRECT
2228 #define METHOD_DIRECT_FROM_HARDWARE METHOD_OUT_DIRECT
2230 #define FILE_ANY_ACCESS 0
2231 #define FILE_SPECIAL_ACCESS (FILE_ANY_ACCESS)
2232 #define FILE_READ_ACCESS ( 0x0001 )
2233 #define FILE_WRITE_ACCESS ( 0x0002 )
2235 typedef ULONG LSA_OPERATIONAL_MODE
, *PLSA_OPERATIONAL_MODE
;
2237 typedef enum _SECURITY_LOGON_TYPE
{
2238 UndefinedLogonType
= 0,
2247 #if (_WIN32_WINNT >= 0x0501)
2251 #if (_WIN32_WINNT >= 0x0502)
2252 CachedRemoteInteractive
,
2255 } SECURITY_LOGON_TYPE
, *PSECURITY_LOGON_TYPE
;
2257 #ifndef _NTLSA_AUDIT_
2258 #define _NTLSA_AUDIT_
2260 typedef enum _SE_ADT_PARAMETER_TYPE
{
2261 SeAdtParmTypeNone
= 0,
2262 SeAdtParmTypeString
,
2263 SeAdtParmTypeFileSpec
,
2266 SeAdtParmTypeLogonId
,
2267 SeAdtParmTypeNoLogonId
,
2268 SeAdtParmTypeAccessMask
,
2270 SeAdtParmTypeObjectTypes
,
2271 SeAdtParmTypeHexUlong
,
2276 SeAdtParmTypeHexInt64
,
2277 SeAdtParmTypeStringList
,
2278 SeAdtParmTypeSidList
,
2279 SeAdtParmTypeDuration
,
2280 SeAdtParmTypeUserAccountControl
,
2282 SeAdtParmTypeMessage
,
2283 SeAdtParmTypeDateTime
,
2284 SeAdtParmTypeSockAddr
,
2286 SeAdtParmTypeLogonHours
,
2287 SeAdtParmTypeLogonIdNoSid
,
2288 SeAdtParmTypeUlongNoConv
,
2289 SeAdtParmTypeSockAddrNoPort
,
2290 SeAdtParmTypeAccessReason
2291 } SE_ADT_PARAMETER_TYPE
, *PSE_ADT_PARAMETER_TYPE
;
2293 #ifndef GUID_DEFINED
2294 #include <guiddef.h>
2297 typedef struct _SE_ADT_OBJECT_TYPE
{
2300 #define SE_ADT_OBJECT_ONLY 0x1
2302 ACCESS_MASK AccessMask
;
2303 } SE_ADT_OBJECT_TYPE
, *PSE_ADT_OBJECT_TYPE
;
2305 typedef struct _SE_ADT_PARAMETER_ARRAY_ENTRY
{
2306 SE_ADT_PARAMETER_TYPE Type
;
2310 } SE_ADT_PARAMETER_ARRAY_ENTRY
, *PSE_ADT_PARAMETER_ARRAY_ENTRY
;
2312 typedef struct _SE_ADT_ACCESS_REASON
{
2313 ACCESS_MASK AccessMask
;
2314 ULONG AccessReasons
[32];
2315 ULONG ObjectTypeIndex
;
2316 ULONG AccessGranted
;
2317 PSECURITY_DESCRIPTOR SecurityDescriptor
;
2318 } SE_ADT_ACCESS_REASON
, *PSE_ADT_ACCESS_REASON
;
2320 #define SE_MAX_AUDIT_PARAMETERS 32
2321 #define SE_MAX_GENERIC_AUDIT_PARAMETERS 28
2323 typedef struct _SE_ADT_PARAMETER_ARRAY
{
2326 ULONG ParameterCount
;
2328 USHORT FlatSubCategoryId
;
2331 SE_ADT_PARAMETER_ARRAY_ENTRY Parameters
[ SE_MAX_AUDIT_PARAMETERS
];
2332 } SE_ADT_PARAMETER_ARRAY
, *PSE_ADT_PARAMETER_ARRAY
;
2334 #define SE_ADT_PARAMETERS_SELF_RELATIVE 0x00000001
2335 #define SE_ADT_PARAMETERS_SEND_TO_LSA 0x00000002
2336 #define SE_ADT_PARAMETER_EXTENSIBLE_AUDIT 0x00000004
2337 #define SE_ADT_PARAMETER_GENERIC_AUDIT 0x00000008
2338 #define SE_ADT_PARAMETER_WRITE_SYNCHRONOUS 0x00000010
2340 #define LSAP_SE_ADT_PARAMETER_ARRAY_TRUE_SIZE(AuditParameters) \
2341 ( sizeof(SE_ADT_PARAMETER_ARRAY) - \
2342 sizeof(SE_ADT_PARAMETER_ARRAY_ENTRY) * \
2343 (SE_MAX_AUDIT_PARAMETERS - AuditParameters->ParameterCount) )
2345 #endif /* _NTLSA_AUDIT_ */
2347 #pragma pack(push,4)
2349 #ifndef VER_PRODUCTBUILD
2350 #define VER_PRODUCTBUILD 10000
2353 #define EX_PUSH_LOCK ULONG_PTR
2354 #define PEX_PUSH_LOCK PULONG_PTR
2359 extern PUCHAR FsRtlLegalAnsiCharacterArray
;
2361 extern DECLSPEC_IMPORT PUCHAR FsRtlLegalAnsiCharacterArray
;
2363 extern PACL SePublicDefaultDacl
;
2364 extern PACL SeSystemDefaultDacl
;
2366 extern KSPIN_LOCK IoStatisticsLock
;
2367 extern ULONG IoReadOperationCount
;
2368 extern ULONG IoWriteOperationCount
;
2369 extern ULONG IoOtherOperationCount
;
2370 extern LARGE_INTEGER IoReadTransferCount
;
2371 extern LARGE_INTEGER IoWriteTransferCount
;
2372 extern LARGE_INTEGER IoOtherTransferCount
;
2374 #define ANSI_DOS_STAR ('<')
2375 #define ANSI_DOS_QM ('>')
2376 #define ANSI_DOS_DOT ('"')
2378 #define DOS_STAR (L'<')
2379 #define DOS_QM (L'>')
2380 #define DOS_DOT (L'"')
2382 #define FILE_ACTION_ADDED 0x00000001
2383 #define FILE_ACTION_REMOVED 0x00000002
2384 #define FILE_ACTION_MODIFIED 0x00000003
2385 #define FILE_ACTION_RENAMED_OLD_NAME 0x00000004
2386 #define FILE_ACTION_RENAMED_NEW_NAME 0x00000005
2387 #define FILE_ACTION_ADDED_STREAM 0x00000006
2388 #define FILE_ACTION_REMOVED_STREAM 0x00000007
2389 #define FILE_ACTION_MODIFIED_STREAM 0x00000008
2390 #define FILE_ACTION_REMOVED_BY_DELETE 0x00000009
2391 #define FILE_ACTION_ID_NOT_TUNNELLED 0x0000000A
2392 #define FILE_ACTION_TUNNELLED_ID_COLLISION 0x0000000B
2395 #define FILE_EA_TYPE_BINARY 0xfffe
2396 #define FILE_EA_TYPE_ASCII 0xfffd
2397 #define FILE_EA_TYPE_BITMAP 0xfffb
2398 #define FILE_EA_TYPE_METAFILE 0xfffa
2399 #define FILE_EA_TYPE_ICON 0xfff9
2400 #define FILE_EA_TYPE_EA 0xffee
2401 #define FILE_EA_TYPE_MVMT 0xffdf
2402 #define FILE_EA_TYPE_MVST 0xffde
2403 #define FILE_EA_TYPE_ASN1 0xffdd
2404 #define FILE_EA_TYPE_FAMILY_IDS 0xff01
2406 #define FILE_NEED_EA 0x00000080
2408 /* also in winnt.h */
2409 #define FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001
2410 #define FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002
2411 #define FILE_NOTIFY_CHANGE_NAME 0x00000003
2412 #define FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004
2413 #define FILE_NOTIFY_CHANGE_SIZE 0x00000008
2414 #define FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010
2415 #define FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020
2416 #define FILE_NOTIFY_CHANGE_CREATION 0x00000040
2417 #define FILE_NOTIFY_CHANGE_EA 0x00000080
2418 #define FILE_NOTIFY_CHANGE_SECURITY 0x00000100
2419 #define FILE_NOTIFY_CHANGE_STREAM_NAME 0x00000200
2420 #define FILE_NOTIFY_CHANGE_STREAM_SIZE 0x00000400
2421 #define FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800
2422 #define FILE_NOTIFY_VALID_MASK 0x00000fff
2425 #define FILE_OPLOCK_BROKEN_TO_LEVEL_2 0x00000007
2426 #define FILE_OPLOCK_BROKEN_TO_NONE 0x00000008
2428 #define FILE_OPBATCH_BREAK_UNDERWAY 0x00000009
2430 #define FILE_CASE_SENSITIVE_SEARCH 0x00000001
2431 #define FILE_CASE_PRESERVED_NAMES 0x00000002
2432 #define FILE_UNICODE_ON_DISK 0x00000004
2433 #define FILE_PERSISTENT_ACLS 0x00000008
2434 #define FILE_FILE_COMPRESSION 0x00000010
2435 #define FILE_VOLUME_QUOTAS 0x00000020
2436 #define FILE_SUPPORTS_SPARSE_FILES 0x00000040
2437 #define FILE_SUPPORTS_REPARSE_POINTS 0x00000080
2438 #define FILE_SUPPORTS_REMOTE_STORAGE 0x00000100
2439 #define FS_LFN_APIS 0x00004000
2440 #define FILE_VOLUME_IS_COMPRESSED 0x00008000
2441 #define FILE_SUPPORTS_OBJECT_IDS 0x00010000
2442 #define FILE_SUPPORTS_ENCRYPTION 0x00020000
2443 #define FILE_NAMED_STREAMS 0x00040000
2444 #define FILE_READ_ONLY_VOLUME 0x00080000
2445 #define FILE_SEQUENTIAL_WRITE_ONCE 0x00100000
2446 #define FILE_SUPPORTS_TRANSACTIONS 0x00200000
2448 #define FILE_PIPE_BYTE_STREAM_TYPE 0x00000000
2449 #define FILE_PIPE_MESSAGE_TYPE 0x00000001
2451 #define FILE_PIPE_BYTE_STREAM_MODE 0x00000000
2452 #define FILE_PIPE_MESSAGE_MODE 0x00000001
2454 #define FILE_PIPE_QUEUE_OPERATION 0x00000000
2455 #define FILE_PIPE_COMPLETE_OPERATION 0x00000001
2457 #define FILE_PIPE_INBOUND 0x00000000
2458 #define FILE_PIPE_OUTBOUND 0x00000001
2459 #define FILE_PIPE_FULL_DUPLEX 0x00000002
2461 #define FILE_PIPE_DISCONNECTED_STATE 0x00000001
2462 #define FILE_PIPE_LISTENING_STATE 0x00000002
2463 #define FILE_PIPE_CONNECTED_STATE 0x00000003
2464 #define FILE_PIPE_CLOSING_STATE 0x00000004
2466 #define FILE_PIPE_CLIENT_END 0x00000000
2467 #define FILE_PIPE_SERVER_END 0x00000001
2469 #define FILE_PIPE_READ_DATA 0x00000000
2470 #define FILE_PIPE_WRITE_SPACE 0x00000001
2472 #define FILE_STORAGE_TYPE_SPECIFIED 0x00000041 /* FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE */
2473 #define FILE_STORAGE_TYPE_DEFAULT (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT)
2474 #define FILE_STORAGE_TYPE_DIRECTORY (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT)
2475 #define FILE_STORAGE_TYPE_FILE (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT)
2476 #define FILE_STORAGE_TYPE_DOCFILE (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT)
2477 #define FILE_STORAGE_TYPE_JUNCTION_POINT (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT)
2478 #define FILE_STORAGE_TYPE_CATALOG (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT)
2479 #define FILE_STORAGE_TYPE_STRUCTURED_STORAGE (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT)
2480 #define FILE_STORAGE_TYPE_EMBEDDING (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT)
2481 #define FILE_STORAGE_TYPE_STREAM (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT)
2482 #define FILE_MINIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_DEFAULT
2483 #define FILE_MAXIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_STREAM
2484 #define FILE_STORAGE_TYPE_MASK 0x000f0000
2485 #define FILE_STORAGE_TYPE_SHIFT 16
2487 #define FILE_VC_QUOTA_NONE 0x00000000
2488 #define FILE_VC_QUOTA_TRACK 0x00000001
2489 #define FILE_VC_QUOTA_ENFORCE 0x00000002
2490 #define FILE_VC_QUOTA_MASK 0x00000003
2492 #define FILE_VC_QUOTAS_LOG_VIOLATIONS 0x00000004
2493 #define FILE_VC_CONTENT_INDEX_DISABLED 0x00000008
2495 #define FILE_VC_LOG_QUOTA_THRESHOLD 0x00000010
2496 #define FILE_VC_LOG_QUOTA_LIMIT 0x00000020
2497 #define FILE_VC_LOG_VOLUME_THRESHOLD 0x00000040
2498 #define FILE_VC_LOG_VOLUME_LIMIT 0x00000080
2500 #define FILE_VC_QUOTAS_INCOMPLETE 0x00000100
2501 #define FILE_VC_QUOTAS_REBUILDING 0x00000200
2503 #define FILE_VC_VALID_MASK 0x000003ff
2505 #define FSRTL_FLAG_FILE_MODIFIED (0x01)
2506 #define FSRTL_FLAG_FILE_LENGTH_CHANGED (0x02)
2507 #define FSRTL_FLAG_LIMIT_MODIFIED_PAGES (0x04)
2508 #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_EX (0x08)
2509 #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_SH (0x10)
2510 #define FSRTL_FLAG_USER_MAPPED_FILE (0x20)
2511 #define FSRTL_FLAG_ADVANCED_HEADER (0x40)
2512 #define FSRTL_FLAG_EOF_ADVANCE_ACTIVE (0x80)
2514 #define FSRTL_FLAG2_DO_MODIFIED_WRITE (0x01)
2515 #define FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS (0x02)
2516 #define FSRTL_FLAG2_PURGE_WHEN_MAPPED (0x04)
2517 #define FSRTL_FLAG2_IS_PAGING_FILE (0x08)
2519 #define FSRTL_FSP_TOP_LEVEL_IRP (0x01)
2520 #define FSRTL_CACHE_TOP_LEVEL_IRP (0x02)
2521 #define FSRTL_MOD_WRITE_TOP_LEVEL_IRP (0x03)
2522 #define FSRTL_FAST_IO_TOP_LEVEL_IRP (0x04)
2523 #define FSRTL_MAX_TOP_LEVEL_IRP_FLAG (0x04)
2525 #define FSRTL_VOLUME_DISMOUNT 1
2526 #define FSRTL_VOLUME_DISMOUNT_FAILED 2
2527 #define FSRTL_VOLUME_LOCK 3
2528 #define FSRTL_VOLUME_LOCK_FAILED 4
2529 #define FSRTL_VOLUME_UNLOCK 5
2530 #define FSRTL_VOLUME_MOUNT 6
2532 #define FSRTL_WILD_CHARACTER 0x08
2534 #define FSRTL_FAT_LEGAL 0x01
2535 #define FSRTL_HPFS_LEGAL 0x02
2536 #define FSRTL_NTFS_LEGAL 0x04
2537 #define FSRTL_WILD_CHARACTER 0x08
2538 #define FSRTL_OLE_LEGAL 0x10
2539 #define FSRTL_NTFS_STREAM_LEGAL 0x14
2542 #define HARDWARE_PTE HARDWARE_PTE_X86
2543 #define PHARDWARE_PTE PHARDWARE_PTE_X86
2546 #define IO_CHECK_CREATE_PARAMETERS 0x0200
2547 #define IO_ATTACH_DEVICE 0x0400
2549 #define IO_ATTACH_DEVICE_API 0x80000000
2551 #define IO_FILE_OBJECT_NON_PAGED_POOL_CHARGE 64
2552 #define IO_FILE_OBJECT_PAGED_POOL_CHARGE 1024
2554 #define IO_TYPE_APC 18
2555 #define IO_TYPE_DPC 19
2556 #define IO_TYPE_DEVICE_QUEUE 20
2557 #define IO_TYPE_EVENT_PAIR 21
2558 #define IO_TYPE_INTERRUPT 22
2559 #define IO_TYPE_PROFILE 23
2561 #define IRP_BEING_VERIFIED 0x10
2563 #define MAILSLOT_CLASS_FIRSTCLASS 1
2564 #define MAILSLOT_CLASS_SECONDCLASS 2
2566 #define MAILSLOT_SIZE_AUTO 0
2568 #define MEM_DOS_LIM 0x40000000
2570 #define MCB_FLAG_RAISE_ON_ALLOCATION_FAILURE 1
2572 #define OB_TYPE_TYPE 1
2573 #define OB_TYPE_DIRECTORY 2
2574 #define OB_TYPE_SYMBOLIC_LINK 3
2575 #define OB_TYPE_TOKEN 4
2576 #define OB_TYPE_PROCESS 5
2577 #define OB_TYPE_THREAD 6
2578 #define OB_TYPE_EVENT 7
2579 #define OB_TYPE_EVENT_PAIR 8
2580 #define OB_TYPE_MUTANT 9
2581 #define OB_TYPE_SEMAPHORE 10
2582 #define OB_TYPE_TIMER 11
2583 #define OB_TYPE_PROFILE 12
2584 #define OB_TYPE_WINDOW_STATION 13
2585 #define OB_TYPE_DESKTOP 14
2586 #define OB_TYPE_SECTION 15
2587 #define OB_TYPE_KEY 16
2588 #define OB_TYPE_PORT 17
2589 #define OB_TYPE_ADAPTER 18
2590 #define OB_TYPE_CONTROLLER 19
2591 #define OB_TYPE_DEVICE 20
2592 #define OB_TYPE_DRIVER 21
2593 #define OB_TYPE_IO_COMPLETION 22
2594 #define OB_TYPE_FILE 23
2596 #define PIN_WAIT (1)
2597 #define PIN_EXCLUSIVE (2)
2598 #define PIN_NO_READ (4)
2599 #define PIN_IF_BCB (8)
2601 #define SEC_BASED 0x00200000
2603 #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
2604 #define SECURITY_WORLD_RID (0x00000000L)
2608 #define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x01
2609 #define TOKEN_HAS_BACKUP_PRIVILEGE 0x02
2610 #define TOKEN_HAS_RESTORE_PRIVILEGE 0x04
2611 #define TOKEN_HAS_ADMIN_GROUP 0x08
2612 #define TOKEN_WRITE_RESTRICTED 0x08
2613 #define TOKEN_IS_RESTRICTED 0x10
2614 #define SE_BACKUP_PRIVILEGES_CHECKED 0x0100
2616 #define VACB_MAPPING_GRANULARITY (0x40000)
2617 #define VACB_OFFSET_SHIFT (18)
2619 #define FSCTL_REQUEST_OPLOCK_LEVEL_1 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
2620 #define FSCTL_REQUEST_OPLOCK_LEVEL_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
2621 #define FSCTL_REQUEST_BATCH_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
2622 #define FSCTL_OPLOCK_BREAK_ACKNOWLEDGE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 3, METHOD_BUFFERED, FILE_ANY_ACCESS)
2623 #define FSCTL_OPBATCH_ACK_CLOSE_PENDING CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
2624 #define FSCTL_OPLOCK_BREAK_NOTIFY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 5, METHOD_BUFFERED, FILE_ANY_ACCESS)
2625 #define FSCTL_LOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
2626 #define FSCTL_UNLOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
2627 #define FSCTL_DISMOUNT_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
2629 #define FSCTL_IS_VOLUME_MOUNTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 10, METHOD_BUFFERED, FILE_ANY_ACCESS)
2630 #define FSCTL_IS_PATHNAME_VALID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 11, METHOD_BUFFERED, FILE_ANY_ACCESS)
2631 #define FSCTL_MARK_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 12, METHOD_BUFFERED, FILE_ANY_ACCESS)
2633 #define FSCTL_QUERY_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 14, METHOD_NEITHER, FILE_ANY_ACCESS)
2634 #define FSCTL_GET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 15, METHOD_BUFFERED, FILE_ANY_ACCESS)
2635 #define FSCTL_SET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 16, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
2638 #define FSCTL_MARK_AS_SYSTEM_HIVE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 19, METHOD_NEITHER, FILE_ANY_ACCESS)
2639 #define FSCTL_OPLOCK_BREAK_ACK_NO_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 20, METHOD_BUFFERED, FILE_ANY_ACCESS)
2640 #define FSCTL_INVALIDATE_VOLUMES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 21, METHOD_BUFFERED, FILE_ANY_ACCESS)
2641 #define FSCTL_QUERY_FAT_BPB CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 22, METHOD_BUFFERED, FILE_ANY_ACCESS)
2642 #define FSCTL_REQUEST_FILTER_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 23, METHOD_BUFFERED, FILE_ANY_ACCESS)
2643 #define FSCTL_FILESYSTEM_GET_STATISTICS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 24, METHOD_BUFFERED, FILE_ANY_ACCESS)
2645 #if (VER_PRODUCTBUILD >= 1381)
2647 #define FSCTL_GET_NTFS_VOLUME_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 25, METHOD_BUFFERED, FILE_ANY_ACCESS)
2648 #define FSCTL_GET_NTFS_FILE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 26, METHOD_BUFFERED, FILE_ANY_ACCESS)
2649 #define FSCTL_GET_VOLUME_BITMAP CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 27, METHOD_NEITHER, FILE_ANY_ACCESS)
2650 #define FSCTL_GET_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 28, METHOD_NEITHER, FILE_ANY_ACCESS)
2651 #define FSCTL_MOVE_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 29, METHOD_BUFFERED, FILE_ANY_ACCESS)
2652 #define FSCTL_IS_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 30, METHOD_BUFFERED, FILE_ANY_ACCESS)
2653 #define FSCTL_GET_HFS_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS)
2654 #define FSCTL_ALLOW_EXTENDED_DASD_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 32, METHOD_NEITHER, FILE_ANY_ACCESS)
2656 #endif /* (VER_PRODUCTBUILD >= 1381) */
2658 #if (VER_PRODUCTBUILD >= 2195)
2660 #define FSCTL_READ_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS)
2661 #define FSCTL_WRITE_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS)
2662 #define FSCTL_FIND_FILES_BY_SID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 35, METHOD_NEITHER, FILE_ANY_ACCESS)
2664 #define FSCTL_DUMP_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS)
2665 #define FSCTL_SET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 38, METHOD_BUFFERED, FILE_WRITE_DATA)
2666 #define FSCTL_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 39, METHOD_BUFFERED, FILE_ANY_ACCESS)
2667 #define FSCTL_DELETE_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 40, METHOD_BUFFERED, FILE_WRITE_DATA)
2668 #define FSCTL_SET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 41, METHOD_BUFFERED, FILE_WRITE_DATA)
2669 #define FSCTL_GET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 42, METHOD_BUFFERED, FILE_ANY_ACCESS)
2670 #define FSCTL_DELETE_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 43, METHOD_BUFFERED, FILE_WRITE_DATA)
2671 #define FSCTL_ENUM_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 44, METHOD_NEITHER, FILE_READ_DATA)
2672 #define FSCTL_SECURITY_ID_CHECK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 45, METHOD_NEITHER, FILE_READ_DATA)
2673 #define FSCTL_READ_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 46, METHOD_NEITHER, FILE_READ_DATA)
2674 #define FSCTL_SET_OBJECT_ID_EXTENDED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 47, METHOD_BUFFERED, FILE_WRITE_DATA)
2675 #define FSCTL_CREATE_OR_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 48, METHOD_BUFFERED, FILE_ANY_ACCESS)
2676 #define FSCTL_SET_SPARSE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 49, METHOD_BUFFERED, FILE_WRITE_DATA)
2677 #define FSCTL_SET_ZERO_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 50, METHOD_BUFFERED, FILE_WRITE_DATA)
2678 #define FSCTL_QUERY_ALLOCATED_RANGES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 51, METHOD_NEITHER, FILE_READ_DATA)
2679 #define FSCTL_ENABLE_UPGRADE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 52, METHOD_BUFFERED, FILE_WRITE_DATA)
2680 #define FSCTL_SET_ENCRYPTION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 53, METHOD_BUFFERED, FILE_ANY_ACCESS)
2681 #define FSCTL_ENCRYPTION_FSCTL_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 54, METHOD_NEITHER, FILE_ANY_ACCESS)
2682 #define FSCTL_WRITE_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 55, METHOD_NEITHER, FILE_ANY_ACCESS)
2683 #define FSCTL_READ_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 56, METHOD_NEITHER, FILE_ANY_ACCESS)
2684 #define FSCTL_CREATE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 57, METHOD_NEITHER, FILE_READ_DATA)
2685 #define FSCTL_READ_FILE_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 58, METHOD_NEITHER, FILE_READ_DATA)
2686 #define FSCTL_WRITE_USN_CLOSE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 59, METHOD_NEITHER, FILE_READ_DATA)
2687 #define FSCTL_EXTEND_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 60, METHOD_BUFFERED, FILE_ANY_ACCESS)
2688 #define FSCTL_QUERY_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 61, METHOD_BUFFERED, FILE_ANY_ACCESS)
2689 #define FSCTL_DELETE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 62, METHOD_BUFFERED, FILE_ANY_ACCESS)
2690 #define FSCTL_MARK_HANDLE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 63, METHOD_BUFFERED, FILE_ANY_ACCESS)
2691 #define FSCTL_SIS_COPYFILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 64, METHOD_BUFFERED, FILE_ANY_ACCESS)
2692 #define FSCTL_SIS_LINK_FILES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 65, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
2693 #define FSCTL_HSM_MSG CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
2694 #define FSCTL_NSS_CONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 67, METHOD_BUFFERED, FILE_WRITE_DATA)
2695 #define FSCTL_HSM_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
2696 #define FSCTL_RECALL_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 69, METHOD_NEITHER, FILE_ANY_ACCESS)
2697 #define FSCTL_NSS_RCONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 70, METHOD_BUFFERED, FILE_READ_DATA)
2698 #define FSCTL_READ_FROM_PLEX CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 71, METHOD_OUT_DIRECT, FILE_READ_DATA)
2699 #define FSCTL_FILE_PREFETCH CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 72, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
2701 #endif /* (VER_PRODUCTBUILD >= 2195) */
2703 #define FSCTL_MAILSLOT_PEEK CTL_CODE(FILE_DEVICE_MAILSLOT, 0, METHOD_NEITHER, FILE_READ_DATA)
2705 #define FSCTL_NETWORK_SET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
2706 #define FSCTL_NETWORK_GET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
2707 #define FSCTL_NETWORK_GET_CONNECTION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS)
2708 #define FSCTL_NETWORK_ENUMERATE_CONNECTIONS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS)
2709 #define FSCTL_NETWORK_DELETE_CONNECTION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS)
2710 #define FSCTL_NETWORK_GET_STATISTICS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 116, METHOD_BUFFERED, FILE_ANY_ACCESS)
2711 #define FSCTL_NETWORK_SET_DOMAIN_NAME CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS)
2712 #define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS)
2714 #define FSCTL_PIPE_ASSIGN_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
2715 #define FSCTL_PIPE_DISCONNECT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
2716 #define FSCTL_PIPE_LISTEN CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
2717 #define FSCTL_PIPE_PEEK CTL_CODE(FILE_DEVICE_NAMED_PIPE, 3, METHOD_BUFFERED, FILE_READ_DATA)
2718 #define FSCTL_PIPE_QUERY_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
2719 #define FSCTL_PIPE_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 5, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
2720 #define FSCTL_PIPE_WAIT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
2721 #define FSCTL_PIPE_IMPERSONATE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
2722 #define FSCTL_PIPE_SET_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
2723 #define FSCTL_PIPE_QUERY_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 9, METHOD_BUFFERED, FILE_ANY_ACCESS)
2724 #define FSCTL_PIPE_INTERNAL_READ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2045, METHOD_BUFFERED, FILE_READ_DATA)
2725 #define FSCTL_PIPE_INTERNAL_WRITE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2046, METHOD_BUFFERED, FILE_WRITE_DATA)
2726 #define FSCTL_PIPE_INTERNAL_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2047, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
2727 #define FSCTL_PIPE_INTERNAL_READ_OVFLOW CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2048, METHOD_BUFFERED, FILE_READ_DATA)
2729 #define IOCTL_REDIR_QUERY_PATH CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS)
2731 typedef PVOID OPLOCK
, *POPLOCK
;
2736 struct _RTL_AVL_TABLE
;
2737 struct _RTL_GENERIC_TABLE
;
2745 typedef PVOID PNOTIFY_SYNC
;
2747 typedef enum _FAST_IO_POSSIBLE
{
2748 FastIoIsNotPossible
,
2750 FastIoIsQuestionable
2753 typedef enum _FILE_STORAGE_TYPE
{
2754 StorageTypeDefault
= 1,
2755 StorageTypeDirectory
,
2757 StorageTypeJunctionPoint
,
2759 StorageTypeStructuredStorage
,
2760 StorageTypeEmbedding
,
2762 } FILE_STORAGE_TYPE
;
2764 typedef enum _OBJECT_INFORMATION_CLASS
2766 ObjectBasicInformation
,
2767 ObjectNameInformation
,
2768 ObjectTypeInformation
,
2769 ObjectTypesInformation
,
2770 ObjectHandleFlagInformation
,
2771 ObjectSessionInformation
,
2773 } OBJECT_INFORMATION_CLASS
;
2775 typedef struct _OBJECT_BASIC_INFORMATION
2778 ACCESS_MASK GrantedAccess
;
2781 ULONG PagedPoolCharge
;
2782 ULONG NonPagedPoolCharge
;
2783 ULONG Reserved
[ 3 ];
2786 ULONG SecurityDescriptorSize
;
2787 LARGE_INTEGER CreationTime
;
2788 } OBJECT_BASIC_INFORMATION
, *POBJECT_BASIC_INFORMATION
;
2790 typedef struct _KAPC_STATE
{
2791 LIST_ENTRY ApcListHead
[2];
2793 BOOLEAN KernelApcInProgress
;
2794 BOOLEAN KernelApcPending
;
2795 BOOLEAN UserApcPending
;
2796 } KAPC_STATE
, *PKAPC_STATE
, *RESTRICTED_POINTER PRKAPC_STATE
;
2797 #define KAPC_STATE_ACTUAL_LENGTH (FIELD_OFFSET(KAPC_STATE, UserApcPending) + sizeof(BOOLEAN))
2799 typedef struct _BITMAP_RANGE
{
2802 ULONG FirstDirtyPage
;
2803 ULONG LastDirtyPage
;
2806 } BITMAP_RANGE
, *PBITMAP_RANGE
;
2808 typedef struct _CACHE_UNINITIALIZE_EVENT
{
2809 struct _CACHE_UNINITIALIZE_EVENT
*Next
;
2811 } CACHE_UNINITIALIZE_EVENT
, *PCACHE_UNINITIALIZE_EVENT
;
2813 typedef struct _CC_FILE_SIZES
{
2814 LARGE_INTEGER AllocationSize
;
2815 LARGE_INTEGER FileSize
;
2816 LARGE_INTEGER ValidDataLength
;
2817 } CC_FILE_SIZES
, *PCC_FILE_SIZES
;
2819 #define SYMLINK_FLAG_RELATIVE 1
2821 typedef struct _REPARSE_DATA_BUFFER
{
2823 USHORT ReparseDataLength
;
2825 __GNU_EXTENSION
union {
2827 USHORT SubstituteNameOffset
;
2828 USHORT SubstituteNameLength
;
2829 USHORT PrintNameOffset
;
2830 USHORT PrintNameLength
;
2832 WCHAR PathBuffer
[1];
2833 } SymbolicLinkReparseBuffer
;
2835 USHORT SubstituteNameOffset
;
2836 USHORT SubstituteNameLength
;
2837 USHORT PrintNameOffset
;
2838 USHORT PrintNameLength
;
2839 WCHAR PathBuffer
[1];
2840 } MountPointReparseBuffer
;
2842 UCHAR DataBuffer
[1];
2843 } GenericReparseBuffer
;
2845 } REPARSE_DATA_BUFFER
, *PREPARSE_DATA_BUFFER
;
2850 // MicroSoft reparse point tags
2852 #define IO_REPARSE_TAG_MOUNT_POINT (0xA0000003L)
2853 #define IO_REPARSE_TAG_HSM (0xC0000004L)
2854 #define IO_REPARSE_TAG_DRIVE_EXTENDER (0x80000005L)
2855 #define IO_REPARSE_TAG_HSM2 (0x80000006L)
2856 #define IO_REPARSE_TAG_SIS (0x80000007L)
2857 #define IO_REPARSE_TAG_DFS (0x8000000AL)
2858 #define IO_REPARSE_TAG_FILTER_MANAGER (0x8000000BL)
2859 #define IO_REPARSE_TAG_SYMLINK (0xA000000CL)
2860 #define IO_REPARSE_TAG_IIS_CACHE (0xA0000010L)
2861 #define IO_REPARSE_TAG_DFSR (0x80000012L)
2864 // Reserved reparse tags
2866 #define IO_REPARSE_TAG_RESERVED_ZERO (0)
2867 #define IO_REPARSE_TAG_RESERVED_ONE (1)
2868 #define IO_REPARSE_TAG_RESERVED_RANGE IO_REPARSE_TAG_RESERVED_ONE
2871 #define REPARSE_DATA_BUFFER_HEADER_SIZE FIELD_OFFSET(REPARSE_DATA_BUFFER, GenericReparseBuffer)
2873 typedef struct _FILE_ACCESS_INFORMATION
{
2874 ACCESS_MASK AccessFlags
;
2875 } FILE_ACCESS_INFORMATION
, *PFILE_ACCESS_INFORMATION
;
2877 typedef struct _FILE_ALLOCATION_INFORMATION
{
2878 LARGE_INTEGER AllocationSize
;
2879 } FILE_ALLOCATION_INFORMATION
, *PFILE_ALLOCATION_INFORMATION
;
2881 typedef struct _FILE_BOTH_DIR_INFORMATION
{
2882 ULONG NextEntryOffset
;
2884 LARGE_INTEGER CreationTime
;
2885 LARGE_INTEGER LastAccessTime
;
2886 LARGE_INTEGER LastWriteTime
;
2887 LARGE_INTEGER ChangeTime
;
2888 LARGE_INTEGER EndOfFile
;
2889 LARGE_INTEGER AllocationSize
;
2890 ULONG FileAttributes
;
2891 ULONG FileNameLength
;
2893 CCHAR ShortNameLength
;
2894 WCHAR ShortName
[12];
2896 } FILE_BOTH_DIR_INFORMATION
, *PFILE_BOTH_DIR_INFORMATION
;
2898 typedef struct _FILE_COMPLETION_INFORMATION
{
2901 } FILE_COMPLETION_INFORMATION
, *PFILE_COMPLETION_INFORMATION
;
2903 typedef struct _FILE_COMPRESSION_INFORMATION
{
2904 LARGE_INTEGER CompressedFileSize
;
2905 USHORT CompressionFormat
;
2906 UCHAR CompressionUnitShift
;
2910 } FILE_COMPRESSION_INFORMATION
, *PFILE_COMPRESSION_INFORMATION
;
2912 typedef struct _FILE_COPY_ON_WRITE_INFORMATION
{
2913 BOOLEAN ReplaceIfExists
;
2914 HANDLE RootDirectory
;
2915 ULONG FileNameLength
;
2917 } FILE_COPY_ON_WRITE_INFORMATION
, *PFILE_COPY_ON_WRITE_INFORMATION
;
2919 typedef struct _FILE_DIRECTORY_INFORMATION
{
2920 ULONG NextEntryOffset
;
2922 LARGE_INTEGER CreationTime
;
2923 LARGE_INTEGER LastAccessTime
;
2924 LARGE_INTEGER LastWriteTime
;
2925 LARGE_INTEGER ChangeTime
;
2926 LARGE_INTEGER EndOfFile
;
2927 LARGE_INTEGER AllocationSize
;
2928 ULONG FileAttributes
;
2929 ULONG FileNameLength
;
2931 } FILE_DIRECTORY_INFORMATION
, *PFILE_DIRECTORY_INFORMATION
;
2933 typedef struct _FILE_FULL_DIRECTORY_INFORMATION
{
2934 ULONG NextEntryOffset
;
2936 LARGE_INTEGER CreationTime
;
2937 LARGE_INTEGER LastAccessTime
;
2938 LARGE_INTEGER LastWriteTime
;
2939 LARGE_INTEGER ChangeTime
;
2940 LARGE_INTEGER EndOfFile
;
2941 LARGE_INTEGER AllocationSize
;
2942 ULONG FileAttributes
;
2943 ULONG FileNameLength
;
2945 WCHAR FileName
[ANYSIZE_ARRAY
];
2946 } FILE_FULL_DIRECTORY_INFORMATION
, *PFILE_FULL_DIRECTORY_INFORMATION
;
2948 typedef struct _FILE_ID_FULL_DIR_INFORMATION
{
2949 ULONG NextEntryOffset
;
2951 LARGE_INTEGER CreationTime
;
2952 LARGE_INTEGER LastAccessTime
;
2953 LARGE_INTEGER LastWriteTime
;
2954 LARGE_INTEGER ChangeTime
;
2955 LARGE_INTEGER EndOfFile
;
2956 LARGE_INTEGER AllocationSize
;
2957 ULONG FileAttributes
;
2958 ULONG FileNameLength
;
2960 LARGE_INTEGER FileId
;
2962 } FILE_ID_FULL_DIR_INFORMATION
, *PFILE_ID_FULL_DIR_INFORMATION
;
2964 typedef struct _FILE_ID_BOTH_DIR_INFORMATION
{
2965 ULONG NextEntryOffset
;
2967 LARGE_INTEGER CreationTime
;
2968 LARGE_INTEGER LastAccessTime
;
2969 LARGE_INTEGER LastWriteTime
;
2970 LARGE_INTEGER ChangeTime
;
2971 LARGE_INTEGER EndOfFile
;
2972 LARGE_INTEGER AllocationSize
;
2973 ULONG FileAttributes
;
2974 ULONG FileNameLength
;
2976 CCHAR ShortNameLength
;
2977 WCHAR ShortName
[12];
2978 LARGE_INTEGER FileId
;
2980 } FILE_ID_BOTH_DIR_INFORMATION
, *PFILE_ID_BOTH_DIR_INFORMATION
;
2982 typedef struct _FILE_EA_INFORMATION
{
2984 } FILE_EA_INFORMATION
, *PFILE_EA_INFORMATION
;
2986 typedef struct _FILE_FS_ATTRIBUTE_INFORMATION
{
2987 ULONG FileSystemAttributes
;
2988 ULONG MaximumComponentNameLength
;
2989 ULONG FileSystemNameLength
;
2990 WCHAR FileSystemName
[1];
2991 } FILE_FS_ATTRIBUTE_INFORMATION
, *PFILE_FS_ATTRIBUTE_INFORMATION
;
2993 typedef struct _FILE_FS_CONTROL_INFORMATION
{
2994 LARGE_INTEGER FreeSpaceStartFiltering
;
2995 LARGE_INTEGER FreeSpaceThreshold
;
2996 LARGE_INTEGER FreeSpaceStopFiltering
;
2997 LARGE_INTEGER DefaultQuotaThreshold
;
2998 LARGE_INTEGER DefaultQuotaLimit
;
2999 ULONG FileSystemControlFlags
;
3000 } FILE_FS_CONTROL_INFORMATION
, *PFILE_FS_CONTROL_INFORMATION
;
3002 typedef struct _FILE_FS_FULL_SIZE_INFORMATION
{
3003 LARGE_INTEGER TotalAllocationUnits
;
3004 LARGE_INTEGER CallerAvailableAllocationUnits
;
3005 LARGE_INTEGER ActualAvailableAllocationUnits
;
3006 ULONG SectorsPerAllocationUnit
;
3007 ULONG BytesPerSector
;
3008 } FILE_FS_FULL_SIZE_INFORMATION
, *PFILE_FS_FULL_SIZE_INFORMATION
;
3010 typedef struct _FILE_FS_LABEL_INFORMATION
{
3011 ULONG VolumeLabelLength
;
3012 WCHAR VolumeLabel
[1];
3013 } FILE_FS_LABEL_INFORMATION
, *PFILE_FS_LABEL_INFORMATION
;
3015 #if (VER_PRODUCTBUILD >= 2195)
3017 typedef struct _FILE_FS_OBJECT_ID_INFORMATION
{
3019 UCHAR ExtendedInfo
[48];
3020 } FILE_FS_OBJECT_ID_INFORMATION
, *PFILE_FS_OBJECT_ID_INFORMATION
;
3022 #endif /* (VER_PRODUCTBUILD >= 2195) */
3024 typedef struct _FILE_FS_SIZE_INFORMATION
{
3025 LARGE_INTEGER TotalAllocationUnits
;
3026 LARGE_INTEGER AvailableAllocationUnits
;
3027 ULONG SectorsPerAllocationUnit
;
3028 ULONG BytesPerSector
;
3029 } FILE_FS_SIZE_INFORMATION
, *PFILE_FS_SIZE_INFORMATION
;
3031 typedef struct _FILE_FS_VOLUME_INFORMATION
{
3032 LARGE_INTEGER VolumeCreationTime
;
3033 ULONG VolumeSerialNumber
;
3034 ULONG VolumeLabelLength
;
3035 BOOLEAN SupportsObjects
;
3036 WCHAR VolumeLabel
[1];
3037 } FILE_FS_VOLUME_INFORMATION
, *PFILE_FS_VOLUME_INFORMATION
;
3039 typedef struct _FILE_FS_OBJECTID_INFORMATION
3042 UCHAR ExtendedInfo
[48];
3043 } FILE_FS_OBJECTID_INFORMATION
, *PFILE_FS_OBJECTID_INFORMATION
;
3045 typedef struct _FILE_FS_DRIVER_PATH_INFORMATION
3047 BOOLEAN DriverInPath
;
3048 ULONG DriverNameLength
;
3049 WCHAR DriverName
[1];
3050 } FILE_FS_DRIVER_PATH_INFORMATION
, *PFILE_FS_DRIVER_PATH_INFORMATION
;
3052 typedef struct _FILE_FULL_DIR_INFORMATION
{
3053 ULONG NextEntryOffset
;
3055 LARGE_INTEGER CreationTime
;
3056 LARGE_INTEGER LastAccessTime
;
3057 LARGE_INTEGER LastWriteTime
;
3058 LARGE_INTEGER ChangeTime
;
3059 LARGE_INTEGER EndOfFile
;
3060 LARGE_INTEGER AllocationSize
;
3061 ULONG FileAttributes
;
3062 ULONG FileNameLength
;
3065 } FILE_FULL_DIR_INFORMATION
, *PFILE_FULL_DIR_INFORMATION
;
3067 typedef struct _FILE_GET_EA_INFORMATION
{
3068 ULONG NextEntryOffset
;
3071 } FILE_GET_EA_INFORMATION
, *PFILE_GET_EA_INFORMATION
;
3073 typedef struct _FILE_GET_QUOTA_INFORMATION
{
3074 ULONG NextEntryOffset
;
3077 } FILE_GET_QUOTA_INFORMATION
, *PFILE_GET_QUOTA_INFORMATION
;
3079 typedef struct _FILE_QUOTA_INFORMATION
3081 ULONG NextEntryOffset
;
3083 LARGE_INTEGER ChangeTime
;
3084 LARGE_INTEGER QuotaUsed
;
3085 LARGE_INTEGER QuotaThreshold
;
3086 LARGE_INTEGER QuotaLimit
;
3088 } FILE_QUOTA_INFORMATION
, *PFILE_QUOTA_INFORMATION
;
3090 typedef struct _FILE_INTERNAL_INFORMATION
{
3091 LARGE_INTEGER IndexNumber
;
3092 } FILE_INTERNAL_INFORMATION
, *PFILE_INTERNAL_INFORMATION
;
3094 typedef struct _FILE_LINK_INFORMATION
{
3095 BOOLEAN ReplaceIfExists
;
3096 HANDLE RootDirectory
;
3097 ULONG FileNameLength
;
3099 } FILE_LINK_INFORMATION
, *PFILE_LINK_INFORMATION
;
3101 typedef struct _FILE_LOCK_INFO
3103 LARGE_INTEGER StartingByte
;
3104 LARGE_INTEGER Length
;
3105 BOOLEAN ExclusiveLock
;
3107 PFILE_OBJECT FileObject
;
3109 LARGE_INTEGER EndingByte
;
3110 } FILE_LOCK_INFO
, *PFILE_LOCK_INFO
;
3112 typedef struct _FILE_REPARSE_POINT_INFORMATION
3114 LONGLONG FileReference
;
3116 } FILE_REPARSE_POINT_INFORMATION
, *PFILE_REPARSE_POINT_INFORMATION
;
3118 typedef struct _FILE_MOVE_CLUSTER_INFORMATION
3121 HANDLE RootDirectory
;
3122 ULONG FileNameLength
;
3124 } FILE_MOVE_CLUSTER_INFORMATION
, *PFILE_MOVE_CLUSTER_INFORMATION
;
3126 typedef struct _FILE_NOTIFY_INFORMATION
3128 ULONG NextEntryOffset
;
3130 ULONG FileNameLength
;
3132 } FILE_NOTIFY_INFORMATION
, *PFILE_NOTIFY_INFORMATION
;
3134 /* raw internal file lock struct returned from FsRtlGetNextFileLock */
3135 typedef struct _FILE_SHARED_LOCK_ENTRY
{
3138 FILE_LOCK_INFO FileLock
;
3139 } FILE_SHARED_LOCK_ENTRY
, *PFILE_SHARED_LOCK_ENTRY
;
3141 /* raw internal file lock struct returned from FsRtlGetNextFileLock */
3142 typedef struct _FILE_EXCLUSIVE_LOCK_ENTRY
{
3143 LIST_ENTRY ListEntry
;
3146 FILE_LOCK_INFO FileLock
;
3147 } FILE_EXCLUSIVE_LOCK_ENTRY
, *PFILE_EXCLUSIVE_LOCK_ENTRY
;
3149 typedef NTSTATUS (NTAPI
*PCOMPLETE_LOCK_IRP_ROUTINE
) (
3154 typedef VOID (NTAPI
*PUNLOCK_ROUTINE
) (
3156 IN PFILE_LOCK_INFO FileLockInfo
3159 typedef struct _FILE_LOCK
{
3160 PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine
;
3161 PUNLOCK_ROUTINE UnlockRoutine
;
3162 BOOLEAN FastIoIsQuestionable
;
3164 PVOID LockInformation
;
3165 FILE_LOCK_INFO LastReturnedLockInfo
;
3166 PVOID LastReturnedLock
;
3167 } FILE_LOCK
, *PFILE_LOCK
;
3169 typedef struct _FILE_MAILSLOT_PEEK_BUFFER
{
3170 ULONG ReadDataAvailable
;
3171 ULONG NumberOfMessages
;
3172 ULONG MessageLength
;
3173 } FILE_MAILSLOT_PEEK_BUFFER
, *PFILE_MAILSLOT_PEEK_BUFFER
;
3175 typedef struct _FILE_MAILSLOT_QUERY_INFORMATION
{
3176 ULONG MaximumMessageSize
;
3177 ULONG MailslotQuota
;
3178 ULONG NextMessageSize
;
3179 ULONG MessagesAvailable
;
3180 LARGE_INTEGER ReadTimeout
;
3181 } FILE_MAILSLOT_QUERY_INFORMATION
, *PFILE_MAILSLOT_QUERY_INFORMATION
;
3183 typedef struct _FILE_MAILSLOT_SET_INFORMATION
{
3184 PLARGE_INTEGER ReadTimeout
;
3185 } FILE_MAILSLOT_SET_INFORMATION
, *PFILE_MAILSLOT_SET_INFORMATION
;
3187 typedef struct _FILE_MODE_INFORMATION
{
3189 } FILE_MODE_INFORMATION
, *PFILE_MODE_INFORMATION
;
3191 typedef struct _FILE_ALL_INFORMATION
{
3192 FILE_BASIC_INFORMATION BasicInformation
;
3193 FILE_STANDARD_INFORMATION StandardInformation
;
3194 FILE_INTERNAL_INFORMATION InternalInformation
;
3195 FILE_EA_INFORMATION EaInformation
;
3196 FILE_ACCESS_INFORMATION AccessInformation
;
3197 FILE_POSITION_INFORMATION PositionInformation
;
3198 FILE_MODE_INFORMATION ModeInformation
;
3199 FILE_ALIGNMENT_INFORMATION AlignmentInformation
;
3200 FILE_NAME_INFORMATION NameInformation
;
3201 } FILE_ALL_INFORMATION
, *PFILE_ALL_INFORMATION
;
3203 typedef struct _FILE_NAMES_INFORMATION
{
3204 ULONG NextEntryOffset
;
3206 ULONG FileNameLength
;
3208 } FILE_NAMES_INFORMATION
, *PFILE_NAMES_INFORMATION
;
3210 typedef struct _FILE_OBJECTID_INFORMATION
{
3211 LONGLONG FileReference
;
3213 _ANONYMOUS_UNION
union {
3214 __GNU_EXTENSION
struct {
3215 UCHAR BirthVolumeId
[16];
3216 UCHAR BirthObjectId
[16];
3219 UCHAR ExtendedInfo
[48];
3221 } FILE_OBJECTID_INFORMATION
, *PFILE_OBJECTID_INFORMATION
;
3223 typedef struct _FILE_OLE_CLASSID_INFORMATION
{
3225 } FILE_OLE_CLASSID_INFORMATION
, *PFILE_OLE_CLASSID_INFORMATION
;
3227 typedef struct _FILE_OLE_ALL_INFORMATION
{
3228 FILE_BASIC_INFORMATION BasicInformation
;
3229 FILE_STANDARD_INFORMATION StandardInformation
;
3230 FILE_INTERNAL_INFORMATION InternalInformation
;
3231 FILE_EA_INFORMATION EaInformation
;
3232 FILE_ACCESS_INFORMATION AccessInformation
;
3233 FILE_POSITION_INFORMATION PositionInformation
;
3234 FILE_MODE_INFORMATION ModeInformation
;
3235 FILE_ALIGNMENT_INFORMATION AlignmentInformation
;
3238 LARGE_INTEGER SecurityChangeTime
;
3239 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation
;
3240 FILE_OBJECTID_INFORMATION ObjectIdInformation
;
3241 FILE_STORAGE_TYPE StorageType
;
3244 ULONG NumberOfStreamReferences
;
3247 BOOLEAN ContentIndexDisable
;
3248 BOOLEAN InheritContentIndexDisable
;
3249 FILE_NAME_INFORMATION NameInformation
;
3250 } FILE_OLE_ALL_INFORMATION
, *PFILE_OLE_ALL_INFORMATION
;
3252 typedef struct _FILE_OLE_DIR_INFORMATION
{
3253 ULONG NextEntryOffset
;
3255 LARGE_INTEGER CreationTime
;
3256 LARGE_INTEGER LastAccessTime
;
3257 LARGE_INTEGER LastWriteTime
;
3258 LARGE_INTEGER ChangeTime
;
3259 LARGE_INTEGER EndOfFile
;
3260 LARGE_INTEGER AllocationSize
;
3261 ULONG FileAttributes
;
3262 ULONG FileNameLength
;
3263 FILE_STORAGE_TYPE StorageType
;
3266 BOOLEAN ContentIndexDisable
;
3267 BOOLEAN InheritContentIndexDisable
;
3269 } FILE_OLE_DIR_INFORMATION
, *PFILE_OLE_DIR_INFORMATION
;
3271 typedef struct _FILE_OLE_INFORMATION
{
3272 LARGE_INTEGER SecurityChangeTime
;
3273 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation
;
3274 FILE_OBJECTID_INFORMATION ObjectIdInformation
;
3275 FILE_STORAGE_TYPE StorageType
;
3277 BOOLEAN ContentIndexDisable
;
3278 BOOLEAN InheritContentIndexDisable
;
3279 } FILE_OLE_INFORMATION
, *PFILE_OLE_INFORMATION
;
3281 typedef struct _FILE_OLE_STATE_BITS_INFORMATION
{
3283 ULONG StateBitsMask
;
3284 } FILE_OLE_STATE_BITS_INFORMATION
, *PFILE_OLE_STATE_BITS_INFORMATION
;
3286 typedef struct _FILE_PIPE_ASSIGN_EVENT_BUFFER
{
3289 } FILE_PIPE_ASSIGN_EVENT_BUFFER
, *PFILE_PIPE_ASSIGN_EVENT_BUFFER
;
3291 typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER
{
3292 PVOID ClientSession
;
3293 PVOID ClientProcess
;
3294 } FILE_PIPE_CLIENT_PROCESS_BUFFER
, *PFILE_PIPE_CLIENT_PROCESS_BUFFER
;
3296 typedef struct _FILE_PIPE_EVENT_BUFFER
{
3297 ULONG NamedPipeState
;
3301 ULONG NumberRequests
;
3302 } FILE_PIPE_EVENT_BUFFER
, *PFILE_PIPE_EVENT_BUFFER
;
3304 typedef struct _FILE_PIPE_PEEK_BUFFER
3306 ULONG NamedPipeState
;
3307 ULONG ReadDataAvailable
;
3308 ULONG NumberOfMessages
;
3309 ULONG MessageLength
;
3311 } FILE_PIPE_PEEK_BUFFER
, *PFILE_PIPE_PEEK_BUFFER
;
3313 typedef struct _FILE_PIPE_INFORMATION
{
3315 ULONG CompletionMode
;
3316 } FILE_PIPE_INFORMATION
, *PFILE_PIPE_INFORMATION
;
3318 typedef struct _FILE_PIPE_LOCAL_INFORMATION
{
3319 ULONG NamedPipeType
;
3320 ULONG NamedPipeConfiguration
;
3321 ULONG MaximumInstances
;
3322 ULONG CurrentInstances
;
3324 ULONG ReadDataAvailable
;
3325 ULONG OutboundQuota
;
3326 ULONG WriteQuotaAvailable
;
3327 ULONG NamedPipeState
;
3329 } FILE_PIPE_LOCAL_INFORMATION
, *PFILE_PIPE_LOCAL_INFORMATION
;
3331 typedef struct _FILE_PIPE_REMOTE_INFORMATION
{
3332 LARGE_INTEGER CollectDataTime
;
3333 ULONG MaximumCollectionCount
;
3334 } FILE_PIPE_REMOTE_INFORMATION
, *PFILE_PIPE_REMOTE_INFORMATION
;
3336 typedef struct _FILE_PIPE_WAIT_FOR_BUFFER
{
3337 LARGE_INTEGER Timeout
;
3339 BOOLEAN TimeoutSpecified
;
3341 } FILE_PIPE_WAIT_FOR_BUFFER
, *PFILE_PIPE_WAIT_FOR_BUFFER
;
3343 typedef struct _FILE_RENAME_INFORMATION
{
3344 BOOLEAN ReplaceIfExists
;
3345 HANDLE RootDirectory
;
3346 ULONG FileNameLength
;
3348 } FILE_RENAME_INFORMATION
, *PFILE_RENAME_INFORMATION
;
3350 typedef struct _FILE_STREAM_INFORMATION
{
3351 ULONG NextEntryOffset
;
3352 ULONG StreamNameLength
;
3353 LARGE_INTEGER StreamSize
;
3354 LARGE_INTEGER StreamAllocationSize
;
3355 WCHAR StreamName
[1];
3356 } FILE_STREAM_INFORMATION
, *PFILE_STREAM_INFORMATION
;
3358 typedef struct _FILE_TRACKING_INFORMATION
{
3359 HANDLE DestinationFile
;
3360 ULONG ObjectInformationLength
;
3361 CHAR ObjectInformation
[1];
3362 } FILE_TRACKING_INFORMATION
, *PFILE_TRACKING_INFORMATION
;
3364 #if (VER_PRODUCTBUILD >= 2195)
3365 typedef struct _FILE_ZERO_DATA_INFORMATION
{
3366 LARGE_INTEGER FileOffset
;
3367 LARGE_INTEGER BeyondFinalZero
;
3368 } FILE_ZERO_DATA_INFORMATION
, *PFILE_ZERO_DATA_INFORMATION
;
3370 typedef struct FILE_ALLOCATED_RANGE_BUFFER
{
3371 LARGE_INTEGER FileOffset
;
3372 LARGE_INTEGER Length
;
3373 } FILE_ALLOCATED_RANGE_BUFFER
, *PFILE_ALLOCATED_RANGE_BUFFER
;
3374 #endif /* (VER_PRODUCTBUILD >= 2195) */
3376 #define FSRTL_FCB_HEADER_V0 (0x00)
3377 #define FSRTL_FCB_HEADER_V1 (0x01)
3380 typedef struct _FSRTL_COMMON_FCB_HEADER
{
3381 CSHORT NodeTypeCode
;
3382 CSHORT NodeByteSize
;
3384 UCHAR IsFastIoPossible
;
3385 #if (VER_PRODUCTBUILD >= 1381)
3388 #endif /* (VER_PRODUCTBUILD >= 1381) */
3389 PERESOURCE Resource
;
3390 PERESOURCE PagingIoResource
;
3391 LARGE_INTEGER AllocationSize
;
3392 LARGE_INTEGER FileSize
;
3393 LARGE_INTEGER ValidDataLength
;
3394 } FSRTL_COMMON_FCB_HEADER
, *PFSRTL_COMMON_FCB_HEADER
;
3396 typedef enum _FSRTL_COMPARISON_RESULT
3401 } FSRTL_COMPARISON_RESULT
;
3403 #if (VER_PRODUCTBUILD >= 2600)
3405 typedef struct _FSRTL_ADVANCED_FCB_HEADER
{
3406 CSHORT NodeTypeCode
;
3407 CSHORT NodeByteSize
;
3409 UCHAR IsFastIoPossible
;
3413 PERESOURCE Resource
;
3414 PERESOURCE PagingIoResource
;
3415 LARGE_INTEGER AllocationSize
;
3416 LARGE_INTEGER FileSize
;
3417 LARGE_INTEGER ValidDataLength
;
3418 PFAST_MUTEX FastMutex
;
3419 LIST_ENTRY FilterContexts
;
3420 EX_PUSH_LOCK PushLock
;
3421 PVOID
*FileContextSupportPointer
;
3422 } FSRTL_ADVANCED_FCB_HEADER
, *PFSRTL_ADVANCED_FCB_HEADER
;
3424 typedef struct _FSRTL_PER_STREAM_CONTEXT
{
3428 PFREE_FUNCTION FreeCallback
;
3429 } FSRTL_PER_STREAM_CONTEXT
, *PFSRTL_PER_STREAM_CONTEXT
;
3431 typedef struct _FSRTL_PER_FILEOBJECT_CONTEXT
3436 } FSRTL_PER_FILEOBJECT_CONTEXT
, *PFSRTL_PER_FILEOBJECT_CONTEXT
;
3438 #endif /* (VER_PRODUCTBUILD >= 2600) */
3440 typedef struct _BASE_MCB
3442 ULONG MaximumPairCount
;
3447 } BASE_MCB
, *PBASE_MCB
;
3449 typedef struct _LARGE_MCB
3451 PKGUARDED_MUTEX GuardedMutex
;
3453 } LARGE_MCB
, *PLARGE_MCB
;
3457 LARGE_MCB DummyFieldThatSizesThisStructureCorrectly
;
3460 typedef struct _MAPPING_PAIR
{
3463 } MAPPING_PAIR
, *PMAPPING_PAIR
;
3465 typedef struct _GET_RETRIEVAL_DESCRIPTOR
{
3466 ULONG NumberOfPairs
;
3468 MAPPING_PAIR Pair
[1];
3469 } GET_RETRIEVAL_DESCRIPTOR
, *PGET_RETRIEVAL_DESCRIPTOR
;
3471 typedef struct _KQUEUE
{
3472 DISPATCHER_HEADER Header
;
3473 LIST_ENTRY EntryListHead
;
3476 LIST_ENTRY ThreadListHead
;
3477 } KQUEUE
, *PKQUEUE
, *RESTRICTED_POINTER PRKQUEUE
;
3479 #define ASSERT_QUEUE(Q) ASSERT(((Q)->Header.Type & KOBJECT_TYPE_MASK) == QueueObject);
3481 typedef struct _MBCB
{
3482 CSHORT NodeTypeCode
;
3483 CSHORT NodeIsInZone
;
3487 LIST_ENTRY BitmapRanges
;
3488 LONGLONG ResumeWritePage
;
3489 BITMAP_RANGE BitmapRange1
;
3490 BITMAP_RANGE BitmapRange2
;
3491 BITMAP_RANGE BitmapRange3
;
3494 typedef enum _MMFLUSH_TYPE
{
3499 typedef struct _MOVEFILE_DESCRIPTOR
{
3502 LARGE_INTEGER StartVcn
;
3503 LARGE_INTEGER TargetLcn
;
3506 } MOVEFILE_DESCRIPTOR
, *PMOVEFILE_DESCRIPTOR
;
3508 typedef struct _OBJECT_BASIC_INFO
{
3510 ACCESS_MASK GrantedAccess
;
3512 ULONG ReferenceCount
;
3513 ULONG PagedPoolUsage
;
3514 ULONG NonPagedPoolUsage
;
3516 ULONG NameInformationLength
;
3517 ULONG TypeInformationLength
;
3518 ULONG SecurityDescriptorLength
;
3519 LARGE_INTEGER CreateTime
;
3520 } OBJECT_BASIC_INFO
, *POBJECT_BASIC_INFO
;
3522 typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFO
{
3524 BOOLEAN ProtectFromClose
;
3525 } OBJECT_HANDLE_ATTRIBUTE_INFO
, *POBJECT_HANDLE_ATTRIBUTE_INFO
;
3527 typedef struct _OBJECT_NAME_INFO
{
3528 UNICODE_STRING ObjectName
;
3529 WCHAR ObjectNameBuffer
[1];
3530 } OBJECT_NAME_INFO
, *POBJECT_NAME_INFO
;
3532 typedef struct _OBJECT_PROTECTION_INFO
{
3534 BOOLEAN ProtectHandle
;
3535 } OBJECT_PROTECTION_INFO
, *POBJECT_PROTECTION_INFO
;
3537 typedef struct _OBJECT_TYPE_INFO
{
3538 UNICODE_STRING ObjectTypeName
;
3539 UCHAR Unknown
[0x58];
3540 WCHAR ObjectTypeNameBuffer
[1];
3541 } OBJECT_TYPE_INFO
, *POBJECT_TYPE_INFO
;
3543 typedef struct _OBJECT_ALL_TYPES_INFO
{
3544 ULONG NumberOfObjectTypes
;
3545 OBJECT_TYPE_INFO ObjectsTypeInfo
[1];
3546 } OBJECT_ALL_TYPES_INFO
, *POBJECT_ALL_TYPES_INFO
;
3548 typedef struct _PATHNAME_BUFFER
{
3549 ULONG PathNameLength
;
3551 } PATHNAME_BUFFER
, *PPATHNAME_BUFFER
;
3553 typedef enum _RTL_GENERIC_COMPARE_RESULTS
3558 } RTL_GENERIC_COMPARE_RESULTS
;
3560 typedef enum _TABLE_SEARCH_RESULT
3566 } TABLE_SEARCH_RESULT
;
3569 (NTAPI
*PRTL_AVL_MATCH_FUNCTION
)(
3570 struct _RTL_AVL_TABLE
*Table
,
3575 typedef RTL_GENERIC_COMPARE_RESULTS
3576 (NTAPI
*PRTL_AVL_COMPARE_ROUTINE
) (
3577 struct _RTL_AVL_TABLE
*Table
,
3582 typedef RTL_GENERIC_COMPARE_RESULTS
3583 (NTAPI
*PRTL_GENERIC_COMPARE_ROUTINE
) (
3584 struct _RTL_GENERIC_TABLE
*Table
,
3590 (NTAPI
*PRTL_GENERIC_ALLOCATE_ROUTINE
) (
3591 struct _RTL_GENERIC_TABLE
*Table
,
3596 (NTAPI
*PRTL_GENERIC_FREE_ROUTINE
) (
3597 struct _RTL_GENERIC_TABLE
*Table
,
3602 (NTAPI
*PRTL_AVL_ALLOCATE_ROUTINE
) (
3603 struct _RTL_AVL_TABLE
*Table
,
3608 (NTAPI
*PRTL_AVL_FREE_ROUTINE
) (
3609 struct _RTL_AVL_TABLE
*Table
,
3613 typedef struct _PUBLIC_BCB
{
3614 CSHORT NodeTypeCode
;
3615 CSHORT NodeByteSize
;
3617 LARGE_INTEGER MappedFileOffset
;
3618 } PUBLIC_BCB
, *PPUBLIC_BCB
;
3620 typedef struct _QUERY_PATH_REQUEST
{
3621 ULONG PathNameLength
;
3622 PIO_SECURITY_CONTEXT SecurityContext
;
3623 WCHAR FilePathName
[1];
3624 } QUERY_PATH_REQUEST
, *PQUERY_PATH_REQUEST
;
3626 typedef struct _QUERY_PATH_RESPONSE
{
3627 ULONG LengthAccepted
;
3628 } QUERY_PATH_RESPONSE
, *PQUERY_PATH_RESPONSE
;
3630 typedef struct _RETRIEVAL_POINTERS_BUFFER
{
3632 LARGE_INTEGER StartingVcn
;
3634 LARGE_INTEGER NextVcn
;
3637 } RETRIEVAL_POINTERS_BUFFER
, *PRETRIEVAL_POINTERS_BUFFER
;
3639 typedef struct _RTL_SPLAY_LINKS
{
3640 struct _RTL_SPLAY_LINKS
*Parent
;
3641 struct _RTL_SPLAY_LINKS
*LeftChild
;
3642 struct _RTL_SPLAY_LINKS
*RightChild
;
3643 } RTL_SPLAY_LINKS
, *PRTL_SPLAY_LINKS
;
3645 typedef struct _RTL_BALANCED_LINKS
3647 struct _RTL_BALANCED_LINKS
*Parent
;
3648 struct _RTL_BALANCED_LINKS
*LeftChild
;
3649 struct _RTL_BALANCED_LINKS
*RightChild
;
3652 } RTL_BALANCED_LINKS
, *PRTL_BALANCED_LINKS
;
3654 typedef struct _RTL_GENERIC_TABLE
3656 PRTL_SPLAY_LINKS TableRoot
;
3657 LIST_ENTRY InsertOrderList
;
3658 PLIST_ENTRY OrderedPointer
;
3659 ULONG WhichOrderedElement
;
3660 ULONG NumberGenericTableElements
;
3661 PRTL_GENERIC_COMPARE_ROUTINE CompareRoutine
;
3662 PRTL_GENERIC_ALLOCATE_ROUTINE AllocateRoutine
;
3663 PRTL_GENERIC_FREE_ROUTINE FreeRoutine
;
3665 } RTL_GENERIC_TABLE
, *PRTL_GENERIC_TABLE
;
3667 #undef PRTL_GENERIC_COMPARE_ROUTINE
3668 #undef PRTL_GENERIC_ALLOCATE_ROUTINE
3669 #undef PRTL_GENERIC_FREE_ROUTINE
3670 #undef RTL_GENERIC_TABLE
3671 #undef PRTL_GENERIC_TABLE
3673 #define PRTL_GENERIC_COMPARE_ROUTINE PRTL_AVL_COMPARE_ROUTINE
3674 #define PRTL_GENERIC_ALLOCATE_ROUTINE PRTL_AVL_ALLOCATE_ROUTINE
3675 #define PRTL_GENERIC_FREE_ROUTINE PRTL_AVL_FREE_ROUTINE
3676 #define RTL_GENERIC_TABLE RTL_AVL_TABLE
3677 #define PRTL_GENERIC_TABLE PRTL_AVL_TABLE
3679 #define RtlInitializeGenericTable RtlInitializeGenericTableAvl
3680 #define RtlInsertElementGenericTable RtlInsertElementGenericTableAvl
3681 #define RtlInsertElementGenericTableFull RtlInsertElementGenericTableFullAvl
3682 #define RtlDeleteElementGenericTable RtlDeleteElementGenericTableAvl
3683 #define RtlLookupElementGenericTable RtlLookupElementGenericTableAvl
3684 #define RtlLookupElementGenericTableFull RtlLookupElementGenericTableFullAvl
3685 #define RtlEnumerateGenericTable RtlEnumerateGenericTableAvl
3686 #define RtlEnumerateGenericTableWithoutSplaying RtlEnumerateGenericTableWithoutSplayingAvl
3687 #define RtlGetElementGenericTable RtlGetElementGenericTableAvl
3688 #define RtlNumberGenericTableElements RtlNumberGenericTableElementsAvl
3689 #define RtlIsGenericTableEmpty RtlIsGenericTableEmptyAvl
3691 typedef struct _RTL_AVL_TABLE
3693 RTL_BALANCED_LINKS BalancedRoot
;
3694 PVOID OrderedPointer
;
3695 ULONG WhichOrderedElement
;
3696 ULONG NumberGenericTableElements
;
3698 PRTL_BALANCED_LINKS RestartKey
;
3700 PRTL_AVL_COMPARE_ROUTINE CompareRoutine
;
3701 PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine
;
3702 PRTL_AVL_FREE_ROUTINE FreeRoutine
;
3704 } RTL_AVL_TABLE
, *PRTL_AVL_TABLE
;
3709 RtlInitializeGenericTableAvl(
3710 PRTL_AVL_TABLE Table
,
3711 PRTL_AVL_COMPARE_ROUTINE CompareRoutine
,
3712 PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine
,
3713 PRTL_AVL_FREE_ROUTINE FreeRoutine
,
3720 RtlInsertElementGenericTableAvl (
3721 PRTL_AVL_TABLE Table
,
3724 PBOOLEAN NewElement OPTIONAL
3730 RtlDeleteElementGenericTableAvl (
3731 PRTL_AVL_TABLE Table
,
3738 RtlLookupElementGenericTableAvl (
3739 PRTL_AVL_TABLE Table
,
3746 RtlEnumerateGenericTableWithoutSplayingAvl (
3747 PRTL_AVL_TABLE Table
,
3751 #if defined(USE_LPC6432)
3752 #define LPC_CLIENT_ID CLIENT_ID64
3753 #define LPC_SIZE_T ULONGLONG
3754 #define LPC_PVOID ULONGLONG
3755 #define LPC_HANDLE ULONGLONG
3757 #define LPC_CLIENT_ID CLIENT_ID
3758 #define LPC_SIZE_T SIZE_T
3759 #define LPC_PVOID PVOID
3760 #define LPC_HANDLE HANDLE
3763 typedef struct _PORT_MESSAGE
3779 CSHORT DataInfoOffset
;
3783 __GNU_EXTENSION
union
3785 LPC_CLIENT_ID ClientId
;
3786 double DoNotUseThisField
;
3789 __GNU_EXTENSION
union
3791 LPC_SIZE_T ClientViewSize
;
3794 } PORT_MESSAGE
, *PPORT_MESSAGE
;
3796 #define LPC_KERNELMODE_MESSAGE (CSHORT)((USHORT)0x8000)
3798 typedef struct _PORT_VIEW
3801 LPC_HANDLE SectionHandle
;
3802 ULONG SectionOffset
;
3803 LPC_SIZE_T ViewSize
;
3805 LPC_PVOID ViewRemoteBase
;
3806 } PORT_VIEW
, *PPORT_VIEW
;
3808 typedef struct _REMOTE_PORT_VIEW
3811 LPC_SIZE_T ViewSize
;
3813 } REMOTE_PORT_VIEW
, *PREMOTE_PORT_VIEW
;
3815 typedef struct _SE_EXPORTS
{
3817 LUID SeCreateTokenPrivilege
;
3818 LUID SeAssignPrimaryTokenPrivilege
;
3819 LUID SeLockMemoryPrivilege
;
3820 LUID SeIncreaseQuotaPrivilege
;
3821 LUID SeUnsolicitedInputPrivilege
;
3822 LUID SeTcbPrivilege
;
3823 LUID SeSecurityPrivilege
;
3824 LUID SeTakeOwnershipPrivilege
;
3825 LUID SeLoadDriverPrivilege
;
3826 LUID SeCreatePagefilePrivilege
;
3827 LUID SeIncreaseBasePriorityPrivilege
;
3828 LUID SeSystemProfilePrivilege
;
3829 LUID SeSystemtimePrivilege
;
3830 LUID SeProfileSingleProcessPrivilege
;
3831 LUID SeCreatePermanentPrivilege
;
3832 LUID SeBackupPrivilege
;
3833 LUID SeRestorePrivilege
;
3834 LUID SeShutdownPrivilege
;
3835 LUID SeDebugPrivilege
;
3836 LUID SeAuditPrivilege
;
3837 LUID SeSystemEnvironmentPrivilege
;
3838 LUID SeChangeNotifyPrivilege
;
3839 LUID SeRemoteShutdownPrivilege
;
3844 PSID SeCreatorOwnerSid
;
3845 PSID SeCreatorGroupSid
;
3847 PSID SeNtAuthoritySid
;
3851 PSID SeInteractiveSid
;
3852 PSID SeLocalSystemSid
;
3853 PSID SeAliasAdminsSid
;
3854 PSID SeAliasUsersSid
;
3855 PSID SeAliasGuestsSid
;
3856 PSID SeAliasPowerUsersSid
;
3857 PSID SeAliasAccountOpsSid
;
3858 PSID SeAliasSystemOpsSid
;
3859 PSID SeAliasPrintOpsSid
;
3860 PSID SeAliasBackupOpsSid
;
3862 PSID SeAuthenticatedUsersSid
;
3864 PSID SeRestrictedSid
;
3865 PSID SeAnonymousLogonSid
;
3867 LUID SeUndockPrivilege
;
3868 LUID SeSyncAgentPrivilege
;
3869 LUID SeEnableDelegationPrivilege
;
3871 } SE_EXPORTS
, *PSE_EXPORTS
;
3873 extern PSE_EXPORTS SeExports
;
3877 LARGE_INTEGER StartingLcn
;
3878 } STARTING_LCN_INPUT_BUFFER
, *PSTARTING_LCN_INPUT_BUFFER
;
3880 typedef struct _STARTING_VCN_INPUT_BUFFER
{
3881 LARGE_INTEGER StartingVcn
;
3882 } STARTING_VCN_INPUT_BUFFER
, *PSTARTING_VCN_INPUT_BUFFER
;
3884 typedef struct _SECURITY_CLIENT_CONTEXT
{
3885 SECURITY_QUALITY_OF_SERVICE SecurityQos
;
3886 PACCESS_TOKEN ClientToken
;
3887 BOOLEAN DirectlyAccessClientToken
;
3888 BOOLEAN DirectAccessEffectiveOnly
;
3889 BOOLEAN ServerIsRemote
;
3890 TOKEN_CONTROL ClientTokenControl
;
3891 } SECURITY_CLIENT_CONTEXT
, *PSECURITY_CLIENT_CONTEXT
;
3893 typedef struct _TUNNEL
{
3895 PRTL_SPLAY_LINKS Cache
;
3896 LIST_ENTRY TimerQueue
;
3900 typedef struct _VAD_HEADER
{
3903 struct _VAD_HEADER
* ParentLink
;
3904 struct _VAD_HEADER
* LeftLink
;
3905 struct _VAD_HEADER
* RightLink
;
3906 ULONG Flags
; /* LSB = CommitCharge */
3908 PVOID FirstProtoPte
;
3912 } VAD_HEADER
, *PVAD_HEADER
;
3916 LARGE_INTEGER StartingLcn
;
3917 LARGE_INTEGER BitmapSize
;
3919 } VOLUME_BITMAP_BUFFER
, *PVOLUME_BITMAP_BUFFER
;
3921 #if (VER_PRODUCTBUILD >= 2600)
3924 (NTAPI
*PFILTER_REPORT_CHANGE
) (
3925 IN PVOID NotifyContext
,
3926 IN PVOID FilterContext
3929 typedef enum _FS_FILTER_SECTION_SYNC_TYPE
{
3931 SyncTypeCreateSection
3932 } FS_FILTER_SECTION_SYNC_TYPE
, *PFS_FILTER_SECTION_SYNC_TYPE
;
3934 typedef enum _FS_FILTER_STREAM_FO_NOTIFICATION_TYPE
{
3935 NotifyTypeCreate
= 0,
3937 } FS_FILTER_STREAM_FO_NOTIFICATION_TYPE
, *PFS_FILTER_STREAM_FO_NOTIFICATION_TYPE
;
3939 typedef union _FS_FILTER_PARAMETERS
{
3941 PLARGE_INTEGER EndingOffset
;
3942 PERESOURCE
*ResourceToRelease
;
3943 } AcquireForModifiedPageWriter
;
3946 PERESOURCE ResourceToRelease
;
3947 } ReleaseForModifiedPageWriter
;
3950 FS_FILTER_SECTION_SYNC_TYPE SyncType
;
3951 ULONG PageProtection
;
3952 } AcquireForSectionSynchronization
;
3955 FS_FILTER_STREAM_FO_NOTIFICATION_TYPE NotificationType
;
3956 BOOLEAN POINTER_ALIGNMENT SafeToRecurse
;
3957 } NotifyStreamFileObject
;
3966 } FS_FILTER_PARAMETERS
, *PFS_FILTER_PARAMETERS
;
3968 typedef struct _FS_FILTER_CALLBACK_DATA
{
3969 ULONG SizeOfFsFilterCallbackData
;
3972 struct _DEVICE_OBJECT
*DeviceObject
;
3973 struct _FILE_OBJECT
*FileObject
;
3974 FS_FILTER_PARAMETERS Parameters
;
3975 } FS_FILTER_CALLBACK_DATA
, *PFS_FILTER_CALLBACK_DATA
;
3978 (NTAPI
*PFS_FILTER_CALLBACK
) (
3979 IN PFS_FILTER_CALLBACK_DATA Data
,
3980 OUT PVOID
*CompletionContext
3984 (NTAPI
*PFS_FILTER_COMPLETION_CALLBACK
) (
3985 IN PFS_FILTER_CALLBACK_DATA Data
,
3986 IN NTSTATUS OperationStatus
,
3987 IN PVOID CompletionContext
3990 typedef struct _FS_FILTER_CALLBACKS
{
3991 ULONG SizeOfFsFilterCallbacks
;
3993 PFS_FILTER_CALLBACK PreAcquireForSectionSynchronization
;
3994 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForSectionSynchronization
;
3995 PFS_FILTER_CALLBACK PreReleaseForSectionSynchronization
;
3996 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForSectionSynchronization
;
3997 PFS_FILTER_CALLBACK PreAcquireForCcFlush
;
3998 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForCcFlush
;
3999 PFS_FILTER_CALLBACK PreReleaseForCcFlush
;
4000 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForCcFlush
;
4001 PFS_FILTER_CALLBACK PreAcquireForModifiedPageWriter
;
4002 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForModifiedPageWriter
;
4003 PFS_FILTER_CALLBACK PreReleaseForModifiedPageWriter
;
4004 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForModifiedPageWriter
;
4005 } FS_FILTER_CALLBACKS
, *PFS_FILTER_CALLBACKS
;
4007 typedef struct _READ_LIST
{
4008 PFILE_OBJECT FileObject
;
4009 ULONG NumberOfEntries
;
4011 FILE_SEGMENT_ELEMENT List
[ANYSIZE_ARRAY
];
4012 } READ_LIST
, *PREAD_LIST
;
4020 IN PFILE_OBJECT FileObject
,
4021 IN ULONG BytesToWrite
,
4030 IN PFILE_OBJECT FileObject
,
4031 IN PLARGE_INTEGER FileOffset
,
4035 OUT PIO_STATUS_BLOCK IoStatus
4042 IN PFILE_OBJECT FileObject
,
4043 IN PLARGE_INTEGER FileOffset
,
4049 #define CcCopyWriteWontFlush(FO, FOFF, LEN) ((LEN) <= 0x10000)
4051 typedef VOID (NTAPI
*PCC_POST_DEFERRED_WRITE
) (
4060 IN PFILE_OBJECT FileObject
,
4061 IN PCC_POST_DEFERRED_WRITE PostRoutine
,
4064 IN ULONG BytesToWrite
,
4072 IN PFILE_OBJECT FileObject
,
4073 IN ULONG FileOffset
,
4077 OUT PIO_STATUS_BLOCK IoStatus
4084 IN PFILE_OBJECT FileObject
,
4085 IN ULONG FileOffset
,
4094 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
4095 IN PLARGE_INTEGER FileOffset OPTIONAL
,
4097 OUT PIO_STATUS_BLOCK IoStatus OPTIONAL
4100 typedef VOID (NTAPI
*PDIRTY_PAGE_ROUTINE
) (
4101 IN PFILE_OBJECT FileObject
,
4102 IN PLARGE_INTEGER FileOffset
,
4104 IN PLARGE_INTEGER OldestLsn
,
4105 IN PLARGE_INTEGER NewestLsn
,
4115 IN PDIRTY_PAGE_ROUTINE DirtyPageRoutine
,
4123 CcGetFileObjectFromBcb (
4130 CcGetFileObjectFromSectionPtrs (
4131 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
4134 #define CcGetFileSizePointer(FO) ( \
4135 ((PLARGE_INTEGER)((FO)->SectionObjectPointer->SharedCacheMap) + 1) \
4138 #if (VER_PRODUCTBUILD >= 2195)
4143 CcGetFlushedValidData (
4144 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
4145 IN BOOLEAN BcbListHeld
4148 #endif /* (VER_PRODUCTBUILD >= 2195) */
4153 CcGetLsnForFileObject (
4154 IN PFILE_OBJECT FileObject
,
4155 OUT PLARGE_INTEGER OldestLsn OPTIONAL
4158 typedef BOOLEAN (NTAPI
*PACQUIRE_FOR_LAZY_WRITE
) (
4163 typedef VOID (NTAPI
*PRELEASE_FROM_LAZY_WRITE
) (
4167 typedef BOOLEAN (NTAPI
*PACQUIRE_FOR_READ_AHEAD
) (
4172 typedef VOID (NTAPI
*PRELEASE_FROM_READ_AHEAD
) (
4176 typedef struct _CACHE_MANAGER_CALLBACKS
{
4177 PACQUIRE_FOR_LAZY_WRITE AcquireForLazyWrite
;
4178 PRELEASE_FROM_LAZY_WRITE ReleaseFromLazyWrite
;
4179 PACQUIRE_FOR_READ_AHEAD AcquireForReadAhead
;
4180 PRELEASE_FROM_READ_AHEAD ReleaseFromReadAhead
;
4181 } CACHE_MANAGER_CALLBACKS
, *PCACHE_MANAGER_CALLBACKS
;
4186 CcInitializeCacheMap (
4187 IN PFILE_OBJECT FileObject
,
4188 IN PCC_FILE_SIZES FileSizes
,
4189 IN BOOLEAN PinAccess
,
4190 IN PCACHE_MANAGER_CALLBACKS Callbacks
,
4191 IN PVOID LazyWriteContext
4194 #define CcIsFileCached(FO) ( \
4195 ((FO)->SectionObjectPointer != NULL) && \
4196 (((PSECTION_OBJECT_POINTERS)(FO)->SectionObjectPointer)->SharedCacheMap != NULL) \
4199 extern ULONG CcFastMdlReadWait
;
4204 CcIsThereDirtyData (
4212 IN PFILE_OBJECT FileObject
,
4213 IN PLARGE_INTEGER FileOffset
,
4224 IN PFILE_OBJECT FileObject
,
4225 IN PLARGE_INTEGER FileOffset
,
4228 OUT PIO_STATUS_BLOCK IoStatus
4235 IN PFILE_OBJECT FileObject
,
4242 CcMdlWriteComplete (
4243 IN PFILE_OBJECT FileObject
,
4244 IN PLARGE_INTEGER FileOffset
,
4254 IN PFILE_OBJECT FileObject
,
4255 IN PLARGE_INTEGER FileOffset
,
4265 IN PFILE_OBJECT FileObject
,
4266 IN PLARGE_INTEGER FileOffset
,
4277 IN PFILE_OBJECT FileObject
,
4278 IN PLARGE_INTEGER FileOffset
,
4281 OUT PIO_STATUS_BLOCK IoStatus
4288 IN PFILE_OBJECT FileObject
,
4289 IN PLARGE_INTEGER FileOffset
,
4300 CcPurgeCacheSection (
4301 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
4302 IN PLARGE_INTEGER FileOffset OPTIONAL
,
4304 IN BOOLEAN UninitializeCacheMaps
4307 #define CcReadAhead(FO, FOFF, LEN) ( \
4308 if ((LEN) >= 256) { \
4309 CcScheduleReadAhead((FO), (FOFF), (LEN)); \
4313 #if (VER_PRODUCTBUILD >= 2195)
4322 #endif /* (VER_PRODUCTBUILD >= 2195) */
4334 CcScheduleReadAhead (
4335 IN PFILE_OBJECT FileObject
,
4336 IN PLARGE_INTEGER FileOffset
,
4343 CcSetAdditionalCacheAttributes (
4344 IN PFILE_OBJECT FileObject
,
4345 IN BOOLEAN DisableReadAhead
,
4346 IN BOOLEAN DisableWriteBehind
4352 CcSetBcbOwnerPointer (
4354 IN PVOID OwnerPointer
4360 CcSetDirtyPageThreshold (
4361 IN PFILE_OBJECT FileObject
,
4362 IN ULONG DirtyPageThreshold
4368 CcSetDirtyPinnedData (
4370 IN PLARGE_INTEGER Lsn OPTIONAL
4377 IN PFILE_OBJECT FileObject
,
4378 IN PCC_FILE_SIZES FileSizes
4381 typedef VOID (NTAPI
*PFLUSH_TO_LSN
) (
4383 IN LARGE_INTEGER Lsn
4389 CcSetLogHandleForFile (
4390 IN PFILE_OBJECT FileObject
,
4392 IN PFLUSH_TO_LSN FlushToLsnRoutine
4398 CcSetReadAheadGranularity (
4399 IN PFILE_OBJECT FileObject
,
4400 IN ULONG Granularity
/* default: PAGE_SIZE */
4401 /* allowed: 2^n * PAGE_SIZE */
4407 CcUninitializeCacheMap (
4408 IN PFILE_OBJECT FileObject
,
4409 IN PLARGE_INTEGER TruncateSize OPTIONAL
,
4410 IN PCACHE_UNINITIALIZE_EVENT UninitializeCompleteEvent OPTIONAL
4423 CcUnpinDataForThread (
4425 IN ERESOURCE_THREAD ResourceThreadId
4431 CcUnpinRepinnedBcb (
4433 IN BOOLEAN WriteThrough
,
4434 OUT PIO_STATUS_BLOCK IoStatus
4437 #if (VER_PRODUCTBUILD >= 2195)
4442 CcWaitForCurrentLazyWriterActivity (
4446 #endif /* (VER_PRODUCTBUILD >= 2195) */
4452 IN PFILE_OBJECT FileObject
,
4453 IN PLARGE_INTEGER StartOffset
,
4454 IN PLARGE_INTEGER EndOffset
,
4461 ExDisableResourceBoostLite (
4462 IN PERESOURCE Resource
4468 ExQueryPoolBlockSize (
4470 OUT PBOOLEAN QuotaCharged
4473 #if (VER_PRODUCTBUILD >= 2600)
4475 #ifndef __NTOSKRNL__
4479 ExInitializeRundownProtection (
4480 IN PEX_RUNDOWN_REF RunRef
4486 ExReInitializeRundownProtection (
4487 IN PEX_RUNDOWN_REF RunRef
4493 ExAcquireRundownProtection (
4494 IN PEX_RUNDOWN_REF RunRef
4500 ExAcquireRundownProtectionEx (
4501 IN PEX_RUNDOWN_REF RunRef
,
4508 ExReleaseRundownProtection (
4509 IN PEX_RUNDOWN_REF RunRef
4515 ExReleaseRundownProtectionEx (
4516 IN PEX_RUNDOWN_REF RunRef
,
4523 ExRundownCompleted (
4524 IN PEX_RUNDOWN_REF RunRef
4530 ExWaitForRundownProtectionRelease (
4531 IN PEX_RUNDOWN_REF RunRef
4535 #endif /* (VER_PRODUCTBUILD >= 2600) */
4538 #define FsRtlSetupAdvancedHeader( _advhdr, _fmutx ) \
4540 SetFlag( (_advhdr)->Flags, FSRTL_FLAG_ADVANCED_HEADER ); \
4541 SetFlag( (_advhdr)->Flags2, FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS ); \
4542 (_advhdr)->Version = FSRTL_FCB_HEADER_V1; \
4543 InitializeListHead( &(_advhdr)->FilterContexts ); \
4544 if ((_fmutx) != NULL) { \
4545 (_advhdr)->FastMutex = (_fmutx); \
4547 *((PULONG_PTR)(&(_advhdr)->PushLock)) = 0; \
4548 /*ExInitializePushLock( &(_advhdr)->PushLock ); API Not avaliable downlevel*/\
4549 (_advhdr)->FileContextSupportPointer = NULL; \
4555 FsRtlAddBaseMcbEntry (
4559 IN LONGLONG SectorCount
4565 FsRtlAddLargeMcbEntry (
4569 IN LONGLONG SectorCount
4579 IN ULONG SectorCount
4585 FsRtlAddToTunnelCache (
4587 IN ULONGLONG DirectoryKey
,
4588 IN PUNICODE_STRING ShortName
,
4589 IN PUNICODE_STRING LongName
,
4590 IN BOOLEAN KeyByShortName
,
4591 IN ULONG DataLength
,
4595 #if (VER_PRODUCTBUILD >= 2195)
4599 FsRtlAllocateFileLock (
4600 IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL
,
4601 IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL
4604 #endif /* (VER_PRODUCTBUILD >= 2195) */
4610 IN POOL_TYPE PoolType
,
4611 IN ULONG NumberOfBytes
4617 FsRtlAllocatePoolWithQuota (
4618 IN POOL_TYPE PoolType
,
4619 IN ULONG NumberOfBytes
4625 FsRtlAllocatePoolWithQuotaTag (
4626 IN POOL_TYPE PoolType
,
4627 IN ULONG NumberOfBytes
,
4634 FsRtlAllocatePoolWithTag (
4635 IN POOL_TYPE PoolType
,
4636 IN ULONG NumberOfBytes
,
4643 FsRtlAreNamesEqual (
4644 IN PCUNICODE_STRING Name1
,
4645 IN PCUNICODE_STRING Name2
,
4646 IN BOOLEAN IgnoreCase
,
4647 IN PCWCH UpcaseTable OPTIONAL
4650 #define FsRtlAreThereCurrentFileLocks(FL) ( \
4651 ((FL)->FastIoIsQuestionable) \
4655 FsRtlCheckLockForReadAccess:
4657 All this really does is pick out the lock parameters from the irp (io stack
4658 location?), get IoGetRequestorProcess, and pass values on to
4659 FsRtlFastCheckLockForRead.
4664 FsRtlCheckLockForReadAccess (
4665 IN PFILE_LOCK FileLock
,
4670 FsRtlCheckLockForWriteAccess:
4672 All this really does is pick out the lock parameters from the irp (io stack
4673 location?), get IoGetRequestorProcess, and pass values on to
4674 FsRtlFastCheckLockForWrite.
4679 FsRtlCheckLockForWriteAccess (
4680 IN PFILE_LOCK FileLock
,
4686 (NTAPI
*POPLOCK_WAIT_COMPLETE_ROUTINE
) (
4693 (NTAPI
*POPLOCK_FS_PREPOST_IRP
) (
4705 IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL
,
4706 IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL
4713 IN PFILE_OBJECT FileObject
,
4714 IN PLARGE_INTEGER FileOffset
,
4719 OUT PIO_STATUS_BLOCK IoStatus
,
4720 IN PDEVICE_OBJECT DeviceObject
4727 IN PFILE_OBJECT FileObject
,
4728 IN PLARGE_INTEGER FileOffset
,
4733 OUT PIO_STATUS_BLOCK IoStatus
,
4734 IN PDEVICE_OBJECT DeviceObject
4740 FsRtlCurrentBatchOplock (
4747 FsRtlDeleteKeyFromTunnelCache (
4749 IN ULONGLONG DirectoryKey
4755 FsRtlDeleteTunnelCache (
4762 FsRtlDeregisterUncProvider (
4770 IN ANSI_STRING Name
,
4771 OUT PANSI_STRING FirstPart
,
4772 OUT PANSI_STRING RemainingPart
4779 IN UNICODE_STRING Name
,
4780 OUT PUNICODE_STRING FirstPart
,
4781 OUT PUNICODE_STRING RemainingPart
4787 FsRtlDoesDbcsContainWildCards (
4788 IN PANSI_STRING Name
4794 FsRtlDoesNameContainWildCards (
4795 IN PUNICODE_STRING Name
4801 FsRtlIsFatDbcsLegal (
4802 IN ANSI_STRING DbcsName
,
4803 IN BOOLEAN WildCardsPermissible
,
4804 IN BOOLEAN PathNamePermissible
,
4805 IN BOOLEAN LeadingBackslashPermissible
4809 #define FsRtlCompleteRequest(IRP,STATUS) { \
4810 (IRP)->IoStatus.Status = (STATUS); \
4811 IoCompleteRequest( (IRP), IO_DISK_INCREMENT ); \
4814 #define FsRtlEnterFileSystem KeEnterCriticalRegion
4816 #define FsRtlExitFileSystem KeLeaveCriticalRegion
4821 FsRtlFastCheckLockForRead (
4822 IN PFILE_LOCK FileLock
,
4823 IN PLARGE_INTEGER FileOffset
,
4824 IN PLARGE_INTEGER Length
,
4826 IN PFILE_OBJECT FileObject
,
4833 FsRtlFastCheckLockForWrite (
4834 IN PFILE_LOCK FileLock
,
4835 IN PLARGE_INTEGER FileOffset
,
4836 IN PLARGE_INTEGER Length
,
4838 IN PFILE_OBJECT FileObject
,
4842 #define FsRtlFastLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, A10, A11) ( \
4843 FsRtlPrivateLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, NULL, A10, A11) \
4849 FsRtlFastUnlockAll (
4850 IN PFILE_LOCK FileLock
,
4851 IN PFILE_OBJECT FileObject
,
4852 IN PEPROCESS Process
,
4853 IN PVOID Context OPTIONAL
4855 /* ret: STATUS_RANGE_NOT_LOCKED */
4860 FsRtlFastUnlockAllByKey (
4861 IN PFILE_LOCK FileLock
,
4862 IN PFILE_OBJECT FileObject
,
4863 IN PEPROCESS Process
,
4865 IN PVOID Context OPTIONAL
4867 /* ret: STATUS_RANGE_NOT_LOCKED */
4872 FsRtlFastUnlockSingle (
4873 IN PFILE_LOCK FileLock
,
4874 IN PFILE_OBJECT FileObject
,
4875 IN PLARGE_INTEGER FileOffset
,
4876 IN PLARGE_INTEGER Length
,
4877 IN PEPROCESS Process
,
4879 IN PVOID Context OPTIONAL
,
4880 IN BOOLEAN AlreadySynchronized
4882 /* ret: STATUS_RANGE_NOT_LOCKED */
4887 FsRtlFindInTunnelCache (
4889 IN ULONGLONG DirectoryKey
,
4890 IN PUNICODE_STRING Name
,
4891 OUT PUNICODE_STRING ShortName
,
4892 OUT PUNICODE_STRING LongName
,
4893 IN OUT PULONG DataLength
,
4897 #if (VER_PRODUCTBUILD >= 2195)
4903 IN PFILE_LOCK FileLock
4906 #endif /* (VER_PRODUCTBUILD >= 2195) */
4912 IN PFILE_OBJECT FileObject
,
4913 IN OUT PLARGE_INTEGER FileSize
4919 FsRtlGetNextBaseMcbEntry (
4924 OUT PLONGLONG SectorCount
4928 FsRtlGetNextFileLock:
4930 ret: NULL if no more locks
4933 FsRtlGetNextFileLock uses FileLock->LastReturnedLockInfo and
4934 FileLock->LastReturnedLock as storage.
4935 LastReturnedLock is a pointer to the 'raw' lock inkl. double linked
4936 list, and FsRtlGetNextFileLock needs this to get next lock on subsequent
4937 calls with Restart = FALSE.
4942 FsRtlGetNextFileLock (
4943 IN PFILE_LOCK FileLock
,
4950 FsRtlGetNextLargeMcbEntry (
4955 OUT PLONGLONG SectorCount
4961 FsRtlGetNextMcbEntry (
4966 OUT PULONG SectorCount
4969 #define FsRtlGetPerStreamContextPointer(FO) ( \
4970 (PFSRTL_ADVANCED_FCB_HEADER)(FO)->FsContext \
4976 FsRtlInitializeBaseMcb (
4978 IN POOL_TYPE PoolType
4984 FsRtlInitializeFileLock (
4985 IN PFILE_LOCK FileLock
,
4986 IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL
,
4987 IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL
4993 FsRtlInitializeLargeMcb (
4995 IN POOL_TYPE PoolType
5001 FsRtlInitializeMcb (
5003 IN POOL_TYPE PoolType
5009 FsRtlInitializeOplock (
5010 IN OUT POPLOCK Oplock
5016 FsRtlInitializeTunnelCache (
5020 #define FsRtlInitPerStreamContext(PSC, O, I, FC) ( \
5021 (PSC)->OwnerId = (O), \
5022 (PSC)->InstanceId = (I), \
5023 (PSC)->FreeCallback = (FC) \
5029 FsRtlInsertPerStreamContext (
5030 IN PFSRTL_ADVANCED_FCB_HEADER PerStreamContext
,
5031 IN PFSRTL_PER_STREAM_CONTEXT Ptr
5034 #define FsRtlIsAnsiCharacterLegalFat(C, WILD) ( \
5035 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_FAT_LEGAL) | \
5036 ((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \
5039 #define FsRtlIsAnsiCharacterLegalHpfs(C, WILD) ( \
5040 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_HPFS_LEGAL) | \
5041 ((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \
5044 #define FsRtlIsAnsiCharacterLegalNtfs(C, WILD) ( \
5045 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_NTFS_LEGAL) | \
5046 ((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \
5049 #define FsRtlIsAnsiCharacterWild(C) ( \
5050 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], FSRTL_WILD_CHARACTER ) \
5056 FsRtlIsFatDbcsLegal (
5057 IN ANSI_STRING DbcsName
,
5058 IN BOOLEAN WildCardsPermissible
,
5059 IN BOOLEAN PathNamePermissible
,
5060 IN BOOLEAN LeadingBackslashPermissible
5066 FsRtlIsHpfsDbcsLegal (
5067 IN ANSI_STRING DbcsName
,
5068 IN BOOLEAN WildCardsPermissible
,
5069 IN BOOLEAN PathNamePermissible
,
5070 IN BOOLEAN LeadingBackslashPermissible
5076 FsRtlIsNameInExpression (
5077 IN PUNICODE_STRING Expression
,
5078 IN PUNICODE_STRING Name
,
5079 IN BOOLEAN IgnoreCase
,
5080 IN PWCHAR UpcaseTable OPTIONAL
5086 FsRtlIsNtstatusExpected (
5087 IN NTSTATUS Ntstatus
5090 #define NLS_OEM_LEAD_BYTE_INFO NlsOemLeadByteInfo
5092 extern PUSHORT NlsOemLeadByteInfo
;
5094 #define FsRtlIsLeadDbcsCharacter(DBCS_CHAR) ( \
5095 (BOOLEAN)((UCHAR)(DBCS_CHAR) < 0x80 ? FALSE : \
5096 (NLS_MB_CODE_PAGE_TAG && \
5097 (NLS_OEM_LEAD_BYTE_INFO[(UCHAR)(DBCS_CHAR)] != 0))) \
5100 #define FsRtlIsUnicodeCharacterWild(C) ( \
5103 FlagOn(FsRtlLegalAnsiCharacterArray[(C)], FSRTL_WILD_CHARACTER )) \
5109 FsRtlLookupBaseMcbEntry (
5112 OUT PLONGLONG Lbn OPTIONAL
,
5113 OUT PLONGLONG SectorCountFromLbn OPTIONAL
,
5114 OUT PLONGLONG StartingLbn OPTIONAL
,
5115 OUT PLONGLONG SectorCountFromStartingLbn OPTIONAL
,
5116 OUT PULONG Index OPTIONAL
5122 FsRtlLookupLargeMcbEntry (
5125 OUT PLONGLONG Lbn OPTIONAL
,
5126 OUT PLONGLONG SectorCountFromLbn OPTIONAL
,
5127 OUT PLONGLONG StartingLbn OPTIONAL
,
5128 OUT PLONGLONG SectorCountFromStartingLbn OPTIONAL
,
5129 OUT PULONG Index OPTIONAL
5135 FsRtlLookupLastBaseMcbEntry (
5144 FsRtlLookupLastLargeMcbEntry (
5153 FsRtlLookupLastMcbEntry (
5162 FsRtlLookupLastBaseMcbEntryAndIndex (
5163 IN PBASE_MCB OpaqueMcb
,
5164 IN OUT PLONGLONG LargeVbn
,
5165 IN OUT PLONGLONG LargeLbn
,
5172 FsRtlLookupLastLargeMcbEntryAndIndex (
5173 IN PLARGE_MCB OpaqueMcb
,
5174 OUT PLONGLONG LargeVbn
,
5175 OUT PLONGLONG LargeLbn
,
5182 FsRtlLookupMcbEntry (
5186 OUT PULONG SectorCount OPTIONAL
,
5191 PFSRTL_PER_STREAM_CONTEXT
5193 FsRtlLookupPerStreamContextInternal (
5194 IN PFSRTL_ADVANCED_FCB_HEADER StreamContext
,
5195 IN PVOID OwnerId OPTIONAL
,
5196 IN PVOID InstanceId OPTIONAL
5203 IN PFILE_OBJECT FileObject
,
5204 IN PLARGE_INTEGER FileOffset
,
5208 OUT PIO_STATUS_BLOCK IoStatus
,
5209 IN PDEVICE_OBJECT DeviceObject
5215 FsRtlMdlReadComplete (
5216 IN PFILE_OBJECT FileObject
,
5223 FsRtlMdlReadCompleteDev (
5224 IN PFILE_OBJECT FileObject
,
5226 IN PDEVICE_OBJECT DeviceObject
5232 FsRtlPrepareMdlWriteDev (
5233 IN PFILE_OBJECT FileObject
,
5234 IN PLARGE_INTEGER FileOffset
,
5238 OUT PIO_STATUS_BLOCK IoStatus
,
5239 IN PDEVICE_OBJECT DeviceObject
5245 FsRtlMdlWriteComplete (
5246 IN PFILE_OBJECT FileObject
,
5247 IN PLARGE_INTEGER FileOffset
,
5254 FsRtlMdlWriteCompleteDev (
5255 IN PFILE_OBJECT FileObject
,
5256 IN PLARGE_INTEGER FileOffset
,
5258 IN PDEVICE_OBJECT DeviceObject
5264 FsRtlNormalizeNtstatus (
5265 IN NTSTATUS Exception
,
5266 IN NTSTATUS GenericException
5272 FsRtlNotifyChangeDirectory (
5273 IN PNOTIFY_SYNC NotifySync
,
5275 IN PSTRING FullDirectoryName
,
5276 IN PLIST_ENTRY NotifyList
,
5277 IN BOOLEAN WatchTree
,
5278 IN ULONG CompletionFilter
,
5285 FsRtlNotifyCleanup (
5286 IN PNOTIFY_SYNC NotifySync
,
5287 IN PLIST_ENTRY NotifyList
,
5291 typedef BOOLEAN (NTAPI
*PCHECK_FOR_TRAVERSE_ACCESS
) (
5292 IN PVOID NotifyContext
,
5293 IN PVOID TargetContext
,
5294 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
5300 FsRtlNotifyFilterChangeDirectory (
5301 IN PNOTIFY_SYNC NotifySync
,
5302 IN PLIST_ENTRY NotifyList
,
5304 IN PSTRING FullDirectoryName
,
5305 IN BOOLEAN WatchTree
,
5306 IN BOOLEAN IgnoreBuffer
,
5307 IN ULONG CompletionFilter
,
5309 IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL
,
5310 IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL
,
5311 IN PFILTER_REPORT_CHANGE FilterCallback OPTIONAL
);
5316 FsRtlNotifyFilterReportChange (
5317 IN PNOTIFY_SYNC NotifySync
,
5318 IN PLIST_ENTRY NotifyList
,
5319 IN PSTRING FullTargetName
,
5320 IN USHORT TargetNameOffset
,
5321 IN PSTRING StreamName OPTIONAL
,
5322 IN PSTRING NormalizedParentName OPTIONAL
,
5323 IN ULONG FilterMatch
,
5325 IN PVOID TargetContext
,
5326 IN PVOID FilterContext
);
5331 FsRtlNotifyFullChangeDirectory (
5332 IN PNOTIFY_SYNC NotifySync
,
5333 IN PLIST_ENTRY NotifyList
,
5335 IN PSTRING FullDirectoryName
,
5336 IN BOOLEAN WatchTree
,
5337 IN BOOLEAN IgnoreBuffer
,
5338 IN ULONG CompletionFilter
,
5340 IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL
,
5341 IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL
5347 FsRtlNotifyFullReportChange (
5348 IN PNOTIFY_SYNC NotifySync
,
5349 IN PLIST_ENTRY NotifyList
,
5350 IN PSTRING FullTargetName
,
5351 IN USHORT TargetNameOffset
,
5352 IN PSTRING StreamName OPTIONAL
,
5353 IN PSTRING NormalizedParentName OPTIONAL
,
5354 IN ULONG FilterMatch
,
5356 IN PVOID TargetContext
5362 FsRtlNotifyInitializeSync (
5363 IN PNOTIFY_SYNC
*NotifySync
5369 FsRtlNotifyUninitializeSync (
5370 IN PNOTIFY_SYNC
*NotifySync
5373 #if (VER_PRODUCTBUILD >= 2195)
5378 FsRtlNotifyVolumeEvent (
5379 IN PFILE_OBJECT FileObject
,
5383 #endif /* (VER_PRODUCTBUILD >= 2195) */
5388 FsRtlNumberOfRunsInBaseMcb (
5395 FsRtlNumberOfRunsInLargeMcb (
5402 FsRtlNumberOfRunsInMcb (
5418 FsRtlOplockIsFastIoPossible (
5423 (NTAPI
*PFSRTL_STACK_OVERFLOW_ROUTINE
) (
5431 FsRtlPostPagingFileStackOverflow (
5434 IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine
5440 FsRtlPostStackOverflow (
5443 IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine
5449 ret: IoStatus->Status: STATUS_PENDING, STATUS_LOCK_NOT_GRANTED
5452 -Calls IoCompleteRequest if Irp
5453 -Uses exception handling / ExRaiseStatus with STATUS_INSUFFICIENT_RESOURCES
5459 IN PFILE_LOCK FileLock
,
5460 IN PFILE_OBJECT FileObject
,
5461 IN PLARGE_INTEGER FileOffset
,
5462 IN PLARGE_INTEGER Length
,
5463 IN PEPROCESS Process
,
5465 IN BOOLEAN FailImmediately
,
5466 IN BOOLEAN ExclusiveLock
,
5467 OUT PIO_STATUS_BLOCK IoStatus
,
5468 IN PIRP Irp OPTIONAL
,
5470 IN BOOLEAN AlreadySynchronized
5474 FsRtlProcessFileLock:
5477 -STATUS_INVALID_DEVICE_REQUEST
5478 -STATUS_RANGE_NOT_LOCKED from unlock routines.
5479 -STATUS_PENDING, STATUS_LOCK_NOT_GRANTED from FsRtlPrivateLock
5480 (redirected IoStatus->Status).
5483 -switch ( Irp->CurrentStackLocation->MinorFunction )
5484 lock: return FsRtlPrivateLock;
5485 unlocksingle: return FsRtlFastUnlockSingle;
5486 unlockall: return FsRtlFastUnlockAll;
5487 unlockallbykey: return FsRtlFastUnlockAllByKey;
5488 default: IofCompleteRequest with STATUS_INVALID_DEVICE_REQUEST;
5489 return STATUS_INVALID_DEVICE_REQUEST;
5491 -'AllwaysZero' is passed thru as 'AllwaysZero' to lock / unlock routines.
5492 -'Irp' is passet thru as 'Irp' to FsRtlPrivateLock.
5497 FsRtlProcessFileLock (
5498 IN PFILE_LOCK FileLock
,
5500 IN PVOID Context OPTIONAL
5506 FsRtlRegisterUncProvider (
5507 IN OUT PHANDLE MupHandle
,
5508 IN PUNICODE_STRING RedirectorDeviceName
,
5509 IN BOOLEAN MailslotsSupported
5515 FsRtlRemoveBaseMcbEntry (
5518 IN LONGLONG SectorCount
5524 FsRtlRemoveLargeMcbEntry (
5527 IN LONGLONG SectorCount
5533 FsRtlRemoveMcbEntry (
5536 IN ULONG SectorCount
5540 PFSRTL_PER_STREAM_CONTEXT
5542 FsRtlRemovePerStreamContext (
5543 IN PFSRTL_ADVANCED_FCB_HEADER StreamContext
,
5544 IN PVOID OwnerId OPTIONAL
,
5545 IN PVOID InstanceId OPTIONAL
5558 FsRtlResetLargeMcb (
5560 IN BOOLEAN SelfSynchronized
5575 FsRtlSplitLargeMcb (
5581 #define FsRtlSupportsPerStreamContexts(FO) ( \
5582 (BOOLEAN)((NULL != FsRtlGetPerStreamContextPointer(FO) && \
5583 FlagOn(FsRtlGetPerStreamContextPointer(FO)->Flags2, \
5584 FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS)) \
5590 FsRtlTruncateBaseMcb (
5598 FsRtlTruncateLargeMcb (
5614 FsRtlUninitializeBaseMcb (
5621 FsRtlUninitializeFileLock (
5622 IN PFILE_LOCK FileLock
5628 FsRtlUninitializeLargeMcb (
5635 FsRtlUninitializeMcb (
5642 FsRtlUninitializeOplock (
5643 IN OUT POPLOCK Oplock
5649 KeSetIdealProcessorThread(
5650 IN OUT PKTHREAD Thread
,
5657 IoAttachDeviceToDeviceStackSafe(
5658 IN PDEVICE_OBJECT SourceDevice
,
5659 IN PDEVICE_OBJECT TargetDevice
,
5660 OUT PDEVICE_OBJECT
*AttachedToDeviceObject
5666 IoAcquireVpbSpinLock (
5673 IoCheckDesiredAccess (
5674 IN OUT PACCESS_MASK DesiredAccess
,
5675 IN ACCESS_MASK GrantedAccess
5681 IoCheckEaBufferValidity (
5682 IN PFILE_FULL_EA_INFORMATION EaBuffer
,
5684 OUT PULONG ErrorOffset
5690 IoCheckFunctionAccess (
5691 IN ACCESS_MASK GrantedAccess
,
5692 IN UCHAR MajorFunction
,
5693 IN UCHAR MinorFunction
,
5694 IN ULONG IoControlCode
,
5695 IN PVOID Argument1 OPTIONAL
,
5696 IN PVOID Argument2 OPTIONAL
5699 #if (VER_PRODUCTBUILD >= 2195)
5704 IoCheckQuotaBufferValidity (
5705 IN PFILE_QUOTA_INFORMATION QuotaBuffer
,
5706 IN ULONG QuotaLength
,
5707 OUT PULONG ErrorOffset
5710 #endif /* (VER_PRODUCTBUILD >= 2195) */
5715 IoCreateStreamFileObject (
5716 IN PFILE_OBJECT FileObject OPTIONAL
,
5717 IN PDEVICE_OBJECT DeviceObject OPTIONAL
5720 #if (VER_PRODUCTBUILD >= 2195)
5725 IoCreateStreamFileObjectLite (
5726 IN PFILE_OBJECT FileObject OPTIONAL
,
5727 IN PDEVICE_OBJECT DeviceObject OPTIONAL
5730 #endif /* (VER_PRODUCTBUILD >= 2195) */
5735 IoFastQueryNetworkAttributes (
5736 IN POBJECT_ATTRIBUTES ObjectAttributes
,
5737 IN ACCESS_MASK DesiredAccess
,
5738 IN ULONG OpenOptions
,
5739 OUT PIO_STATUS_BLOCK IoStatus
,
5740 OUT PFILE_NETWORK_OPEN_INFORMATION Buffer
5746 IoGetAttachedDevice (
5747 IN PDEVICE_OBJECT DeviceObject
5753 IoGetBaseFileSystemDeviceObject (
5754 IN PFILE_OBJECT FileObject
5757 #if (VER_PRODUCTBUILD >= 2600)
5762 IoGetDeviceAttachmentBaseRef (
5763 IN PDEVICE_OBJECT DeviceObject
5769 IoGetDiskDeviceObject (
5770 IN PDEVICE_OBJECT FileSystemDeviceObject
,
5771 OUT PDEVICE_OBJECT
*DiskDeviceObject
5777 IoGetLowerDeviceObject (
5778 IN PDEVICE_OBJECT DeviceObject
5781 #endif /* (VER_PRODUCTBUILD >= 2600) */
5786 IoGetRequestorProcess (
5790 #if (VER_PRODUCTBUILD >= 2195)
5795 IoGetRequestorProcessId (
5799 #endif /* (VER_PRODUCTBUILD >= 2195) */
5808 #define IoIsFileOpenedExclusively(FileObject) ( \
5810 (FileObject)->SharedRead || \
5811 (FileObject)->SharedWrite || \
5812 (FileObject)->SharedDelete \
5819 IoIsOperationSynchronous (
5830 #if (VER_PRODUCTBUILD >= 2195)
5835 IoIsValidNameGraftingBuffer (
5837 IN PREPARSE_DATA_BUFFER ReparseBuffer
5840 #endif /* (VER_PRODUCTBUILD >= 2195) */
5846 IN PFILE_OBJECT FileObject
,
5848 IN PLARGE_INTEGER Offset
,
5850 OUT PIO_STATUS_BLOCK IoStatusBlock
5856 IoQueryFileInformation (
5857 IN PFILE_OBJECT FileObject
,
5858 IN FILE_INFORMATION_CLASS FileInformationClass
,
5860 OUT PVOID FileInformation
,
5861 OUT PULONG ReturnedLength
5867 IoQueryVolumeInformation (
5868 IN PFILE_OBJECT FileObject
,
5869 IN FS_INFORMATION_CLASS FsInformationClass
,
5871 OUT PVOID FsInformation
,
5872 OUT PULONG ReturnedLength
5885 IoRegisterFileSystem (
5886 IN OUT PDEVICE_OBJECT DeviceObject
5889 #if (VER_PRODUCTBUILD >= 1381)
5891 typedef VOID (NTAPI
*PDRIVER_FS_NOTIFICATION
) (
5892 IN PDEVICE_OBJECT DeviceObject
,
5893 IN BOOLEAN DriverActive
5899 IoRegisterFsRegistrationChange (
5900 IN PDRIVER_OBJECT DriverObject
,
5901 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
5904 #endif /* (VER_PRODUCTBUILD >= 1381) */
5909 IoReleaseVpbSpinLock (
5916 IoSetDeviceToVerify (
5918 IN PDEVICE_OBJECT DeviceObject
5925 IN PFILE_OBJECT FileObject
,
5926 IN FILE_INFORMATION_CLASS FileInformationClass
,
5928 IN PVOID FileInformation
5941 IoSynchronousPageWrite (
5942 IN PFILE_OBJECT FileObject
,
5944 IN PLARGE_INTEGER FileOffset
,
5946 OUT PIO_STATUS_BLOCK IoStatusBlock
5959 IoUnregisterFileSystem (
5960 IN OUT PDEVICE_OBJECT DeviceObject
5963 #if (VER_PRODUCTBUILD >= 1381)
5968 IoUnregisterFsRegistrationChange (
5969 IN PDRIVER_OBJECT DriverObject
,
5970 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
5973 #endif /* (VER_PRODUCTBUILD >= 1381) */
5979 IN PDEVICE_OBJECT DeviceObject
,
5980 IN BOOLEAN AllowRawMount
5983 #if !defined (_M_AMD64)
5988 KeAcquireQueuedSpinLock (
5989 IN KSPIN_LOCK_QUEUE_NUMBER Number
5995 KeReleaseQueuedSpinLock (
5996 IN KSPIN_LOCK_QUEUE_NUMBER Number
,
6003 KeAcquireSpinLockRaiseToSynch(
6004 IN OUT PKSPIN_LOCK SpinLock
6010 KeTryToAcquireQueuedSpinLock(
6011 KSPIN_LOCK_QUEUE_NUMBER Number
,
6019 KeAcquireQueuedSpinLock (
6020 IN KSPIN_LOCK_QUEUE_NUMBER Number
6026 KeReleaseQueuedSpinLock (
6027 IN KSPIN_LOCK_QUEUE_NUMBER Number
,
6033 KeAcquireSpinLockRaiseToSynch(
6034 IN OUT PKSPIN_LOCK SpinLock
6039 KeTryToAcquireQueuedSpinLock(
6040 KSPIN_LOCK_QUEUE_NUMBER Number
,
6049 IN PKPROCESS Process
6064 IN ULONG Count OPTIONAL
6072 IN PLIST_ENTRY Entry
6080 IN PLIST_ENTRY Entry
6095 IN KPROCESSOR_MODE WaitMode
,
6096 IN PLARGE_INTEGER Timeout OPTIONAL
6109 KeInitializeMutant (
6110 IN PRKMUTANT Mutant
,
6111 IN BOOLEAN InitialOwner
6125 IN PRKMUTANT Mutant
,
6126 IN KPRIORITY Increment
,
6127 IN BOOLEAN Abandoned
,
6131 #if (VER_PRODUCTBUILD >= 2195)
6136 KeStackAttachProcess (
6137 IN PKPROCESS Process
,
6138 OUT PKAPC_STATE ApcState
6144 KeUnstackDetachProcess (
6145 IN PKAPC_STATE ApcState
6148 #endif /* (VER_PRODUCTBUILD >= 2195) */
6153 KeSetKernelStackSwapEnable(
6160 MmCanFileBeTruncated (
6161 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
6162 IN PLARGE_INTEGER NewFileSize
6168 MmFlushImageSection (
6169 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
6170 IN MMFLUSH_TYPE FlushType
6176 MmForceSectionClosed (
6177 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
6178 IN BOOLEAN DelayClose
6181 #if (VER_PRODUCTBUILD >= 1381)
6186 MmIsRecursiveIoFault (
6192 #define MmIsRecursiveIoFault() ( \
6193 (PsGetCurrentThread()->DisablePageFaultClustering) | \
6194 (PsGetCurrentThread()->ForwardClusterOnly) \
6203 MmSetAddressRangeModified (
6212 IN KPROCESSOR_MODE ObjectAttributesAccessMode OPTIONAL
,
6213 IN POBJECT_TYPE ObjectType
,
6214 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
6215 IN KPROCESSOR_MODE AccessMode
,
6216 IN OUT PVOID ParseContext OPTIONAL
,
6217 IN ULONG ObjectSize
,
6218 IN ULONG PagedPoolCharge OPTIONAL
,
6219 IN ULONG NonPagedPoolCharge OPTIONAL
,
6226 ObGetObjectPointerCount (
6230 #if (NTDDI_VERSION >= NTDDI_WIN2K)
6237 IN PACCESS_STATE PassedAccessState OPTIONAL
,
6238 IN ACCESS_MASK DesiredAccess OPTIONAL
,
6239 IN ULONG ObjectPointerBias
,
6240 OUT PVOID
*NewObject OPTIONAL
,
6241 OUT PHANDLE Handle OPTIONAL
);
6246 ObOpenObjectByPointer (
6248 IN ULONG HandleAttributes
,
6249 IN PACCESS_STATE PassedAccessState OPTIONAL
,
6250 IN ACCESS_MASK DesiredAccess OPTIONAL
,
6251 IN POBJECT_TYPE ObjectType OPTIONAL
,
6252 IN KPROCESSOR_MODE AccessMode
,
6253 OUT PHANDLE Handle
);
6258 ObMakeTemporaryObject (
6264 ObQueryObjectAuditingByHandle (
6266 OUT PBOOLEAN GenerateOnClose
);
6275 OUT POBJECT_NAME_INFORMATION ObjectNameInfo
,
6277 OUT PULONG ReturnLength
6283 ObReferenceObjectByName (
6284 IN PUNICODE_STRING ObjectName
,
6285 IN ULONG Attributes
,
6286 IN PACCESS_STATE PassedAccessState OPTIONAL
,
6287 IN ACCESS_MASK DesiredAccess OPTIONAL
,
6288 IN POBJECT_TYPE ObjectType
,
6289 IN KPROCESSOR_MODE AccessMode
,
6290 IN OUT PVOID ParseContext OPTIONAL
,
6297 PsAssignImpersonationToken (
6306 IN PEPROCESS Process
,
6307 IN POOL_TYPE PoolType
,
6314 PsChargeProcessPoolQuota (
6315 IN PEPROCESS Process
,
6316 IN POOL_TYPE PoolType
,
6320 #define PsDereferenceImpersonationToken(T) \
6321 {if (ARGUMENT_PRESENT(T)) { \
6322 (ObDereferenceObject((T))); \
6328 #define PsDereferencePrimaryToken(T) (ObDereferenceObject((T)))
6333 PsDisableImpersonation(
6335 IN PSE_IMPERSONATION_STATE ImpersonationState
6341 PsGetProcessExitTime (
6348 PsImpersonateClient(
6350 IN PACCESS_TOKEN Token
,
6351 IN BOOLEAN CopyOnOpen
,
6352 IN BOOLEAN EffectiveOnly
,
6353 IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
6366 PsIsThreadTerminating (
6373 PsLookupProcessByProcessId (
6374 IN HANDLE ProcessId
,
6375 OUT PEPROCESS
*Process
6381 PsLookupProcessThreadByCid (
6383 OUT PEPROCESS
*Process OPTIONAL
,
6384 OUT PETHREAD
*Thread
6390 PsLookupThreadByThreadId (
6391 IN HANDLE UniqueThreadId
,
6392 OUT PETHREAD
*Thread
6398 PsReferenceImpersonationToken (
6400 OUT PBOOLEAN CopyOnUse
,
6401 OUT PBOOLEAN EffectiveOnly
,
6402 OUT PSECURITY_IMPERSONATION_LEVEL Level
6408 PsReferencePrimaryToken (
6409 IN PEPROCESS Process
6415 PsRestoreImpersonation(
6417 IN PSE_IMPERSONATION_STATE ImpersonationState
6424 IN PEPROCESS Process
,
6425 IN POOL_TYPE PoolType
,
6439 RtlGenerate8dot3Name (
6440 IN PUNICODE_STRING Name
,
6441 IN BOOLEAN AllowExtendedCharacters
,
6442 IN OUT PGENERATE_NAME_CONTEXT Context
,
6443 OUT PUNICODE_STRING Name8dot3
6449 RtlSecondsSince1970ToTime (
6450 IN ULONG SecondsSince1970
,
6451 OUT PLARGE_INTEGER Time
6457 RtlSetSaclSecurityDescriptor (
6458 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
6459 IN BOOLEAN SaclPresent
,
6461 IN BOOLEAN SaclDefaulted
6467 RtlUnicodeStringToCountedOemString (
6468 IN OUT POEM_STRING DestinationString
,
6469 IN PCUNICODE_STRING SourceString
,
6470 IN BOOLEAN AllocateDestinationString
6473 /* RTL Splay Tree Functions */
6477 RtlSplay(PRTL_SPLAY_LINKS Links
);
6482 RtlDelete(PRTL_SPLAY_LINKS Links
);
6488 PRTL_SPLAY_LINKS Links
,
6489 PRTL_SPLAY_LINKS
*Root
6495 RtlSubtreeSuccessor(PRTL_SPLAY_LINKS Links
);
6500 RtlSubtreePredecessor(PRTL_SPLAY_LINKS Links
);
6505 RtlRealSuccessor(PRTL_SPLAY_LINKS Links
);
6510 RtlRealPredecessor(PRTL_SPLAY_LINKS Links
);
6512 #define RtlIsLeftChild(Links) \
6513 (RtlLeftChild(RtlParent(Links)) == (PRTL_SPLAY_LINKS)(Links))
6515 #define RtlIsRightChild(Links) \
6516 (RtlRightChild(RtlParent(Links)) == (PRTL_SPLAY_LINKS)(Links))
6518 #define RtlRightChild(Links) \
6519 ((PRTL_SPLAY_LINKS)(Links))->RightChild
6521 #define RtlIsRoot(Links) \
6522 (RtlParent(Links) == (PRTL_SPLAY_LINKS)(Links))
6524 #define RtlLeftChild(Links) \
6525 ((PRTL_SPLAY_LINKS)(Links))->LeftChild
6527 #define RtlParent(Links) \
6528 ((PRTL_SPLAY_LINKS)(Links))->Parent
6530 #define RtlInitializeSplayLinks(Links) \
6532 PRTL_SPLAY_LINKS _SplayLinks; \
6533 _SplayLinks = (PRTL_SPLAY_LINKS)(Links); \
6534 _SplayLinks->Parent = _SplayLinks; \
6535 _SplayLinks->LeftChild = NULL; \
6536 _SplayLinks->RightChild = NULL; \
6539 #define RtlInsertAsLeftChild(ParentLinks,ChildLinks) \
6541 PRTL_SPLAY_LINKS _SplayParent; \
6542 PRTL_SPLAY_LINKS _SplayChild; \
6543 _SplayParent = (PRTL_SPLAY_LINKS)(ParentLinks); \
6544 _SplayChild = (PRTL_SPLAY_LINKS)(ChildLinks); \
6545 _SplayParent->LeftChild = _SplayChild; \
6546 _SplayChild->Parent = _SplayParent; \
6549 #define RtlInsertAsRightChild(ParentLinks,ChildLinks) \
6551 PRTL_SPLAY_LINKS _SplayParent; \
6552 PRTL_SPLAY_LINKS _SplayChild; \
6553 _SplayParent = (PRTL_SPLAY_LINKS)(ParentLinks); \
6554 _SplayChild = (PRTL_SPLAY_LINKS)(ChildLinks); \
6555 _SplayParent->RightChild = _SplayChild; \
6556 _SplayChild->Parent = _SplayParent; \
6560 // RTL time functions
6566 SeAppendPrivileges (
6567 PACCESS_STATE AccessState
,
6568 PPRIVILEGE_SET Privileges
6574 SeAuditingFileEvents (
6575 IN BOOLEAN AccessGranted
,
6576 IN PSECURITY_DESCRIPTOR SecurityDescriptor
6582 SeAuditingFileOrGlobalEvents (
6583 IN BOOLEAN AccessGranted
,
6584 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
6585 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
6591 SeCaptureSubjectContext (
6592 OUT PSECURITY_SUBJECT_CONTEXT SubjectContext
6598 SeCreateClientSecurity (
6600 IN PSECURITY_QUALITY_OF_SERVICE QualityOfService
,
6601 IN BOOLEAN RemoteClient
,
6602 OUT PSECURITY_CLIENT_CONTEXT ClientContext
6605 #if (VER_PRODUCTBUILD >= 2195)
6610 SeCreateClientSecurityFromSubjectContext (
6611 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
,
6612 IN PSECURITY_QUALITY_OF_SERVICE QualityOfService
,
6613 IN BOOLEAN ServerIsRemote
,
6614 OUT PSECURITY_CLIENT_CONTEXT ClientContext
6617 #endif /* (VER_PRODUCTBUILD >= 2195) */
6620 #define SeLengthSid( Sid ) \
6621 (8 + (4 * ((SID *)Sid)->SubAuthorityCount))
6623 #define SeDeleteClientSecurity(C) { \
6624 if (SeTokenType((C)->ClientToken) == TokenPrimary) { \
6625 PsDereferencePrimaryToken( (C)->ClientToken ); \
6627 PsDereferenceImpersonationToken( (C)->ClientToken ); \
6634 SeDeleteObjectAuditAlarm (
6639 #define SeEnableAccessToExports() SeExports = *(PSE_EXPORTS *)SeExports;
6645 IN PPRIVILEGE_SET Privileges
6651 SeImpersonateClient (
6652 IN PSECURITY_CLIENT_CONTEXT ClientContext
,
6653 IN PETHREAD ServerThread OPTIONAL
6656 #if (VER_PRODUCTBUILD >= 2195)
6661 SeImpersonateClientEx (
6662 IN PSECURITY_CLIENT_CONTEXT ClientContext
,
6663 IN PETHREAD ServerThread OPTIONAL
6666 #endif /* (VER_PRODUCTBUILD >= 2195) */
6671 SeLockSubjectContext (
6672 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
6678 SeMarkLogonSessionForTerminationNotification (
6685 SeOpenObjectAuditAlarm (
6686 IN PUNICODE_STRING ObjectTypeName
,
6687 IN PVOID Object OPTIONAL
,
6688 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL
,
6689 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
6690 IN PACCESS_STATE AccessState
,
6691 IN BOOLEAN ObjectCreated
,
6692 IN BOOLEAN AccessGranted
,
6693 IN KPROCESSOR_MODE AccessMode
,
6694 OUT PBOOLEAN GenerateOnClose
6700 SeOpenObjectForDeleteAuditAlarm (
6701 IN PUNICODE_STRING ObjectTypeName
,
6702 IN PVOID Object OPTIONAL
,
6703 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL
,
6704 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
6705 IN PACCESS_STATE AccessState
,
6706 IN BOOLEAN ObjectCreated
,
6707 IN BOOLEAN AccessGranted
,
6708 IN KPROCESSOR_MODE AccessMode
,
6709 OUT PBOOLEAN GenerateOnClose
6716 IN OUT PPRIVILEGE_SET RequiredPrivileges
,
6717 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
,
6718 IN KPROCESSOR_MODE AccessMode
6724 SeQueryAuthenticationIdToken (
6725 IN PACCESS_TOKEN Token
,
6729 #if (VER_PRODUCTBUILD >= 2195)
6734 SeQueryInformationToken (
6735 IN PACCESS_TOKEN Token
,
6736 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
6737 OUT PVOID
*TokenInformation
6740 #endif /* (VER_PRODUCTBUILD >= 2195) */
6745 SeQuerySecurityDescriptorInfo (
6746 IN PSECURITY_INFORMATION SecurityInformation
,
6747 OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
6748 IN OUT PULONG Length
,
6749 IN PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
6752 #if (VER_PRODUCTBUILD >= 2195)
6757 SeQuerySessionIdToken (
6758 IN PACCESS_TOKEN Token
,
6762 #endif /* (VER_PRODUCTBUILD >= 2195) */
6764 #define SeQuerySubjectContextToken( SubjectContext ) \
6765 ( ARGUMENT_PRESENT( \
6766 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken \
6768 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken : \
6769 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->PrimaryToken )
6771 typedef NTSTATUS (NTAPI
*PSE_LOGON_SESSION_TERMINATED_ROUTINE
) (
6778 SeRegisterLogonSessionTerminatedRoutine (
6779 IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
6785 SeReleaseSubjectContext (
6786 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
6792 SeSetAccessStateGenericMapping (
6793 PACCESS_STATE AccessState
,
6794 PGENERIC_MAPPING GenericMapping
6800 SeSetSecurityDescriptorInfo (
6801 IN PVOID Object OPTIONAL
,
6802 IN PSECURITY_INFORMATION SecurityInformation
,
6803 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
6804 IN OUT PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
,
6805 IN POOL_TYPE PoolType
,
6806 IN PGENERIC_MAPPING GenericMapping
6809 #if (VER_PRODUCTBUILD >= 2195)
6814 SeSetSecurityDescriptorInfoEx (
6815 IN PVOID Object OPTIONAL
,
6816 IN PSECURITY_INFORMATION SecurityInformation
,
6817 IN PSECURITY_DESCRIPTOR ModificationDescriptor
,
6818 IN OUT PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
,
6819 IN ULONG AutoInheritFlags
,
6820 IN POOL_TYPE PoolType
,
6821 IN PGENERIC_MAPPING GenericMapping
6828 IN PACCESS_TOKEN Token
6834 SeTokenIsRestricted (
6835 IN PACCESS_TOKEN Token
6841 SeLocateProcessImageName(
6842 IN PEPROCESS Process
,
6843 OUT PUNICODE_STRING
*pImageFileName
6846 #endif /* (VER_PRODUCTBUILD >= 2195) */
6852 IN PACCESS_TOKEN Token
6858 SeUnlockSubjectContext (
6859 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
6865 SeUnregisterLogonSessionTerminatedRoutine (
6866 IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
6869 #if (VER_PRODUCTBUILD >= 2195)
6874 ZwAdjustPrivilegesToken (
6875 IN HANDLE TokenHandle
,
6876 IN BOOLEAN DisableAllPrivileges
,
6877 IN PTOKEN_PRIVILEGES NewState
,
6878 IN ULONG BufferLength
,
6879 OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL
,
6880 OUT PULONG ReturnLength
6883 #endif /* (VER_PRODUCTBUILD >= 2195) */
6889 IN HANDLE ThreadHandle
6895 ZwAllocateVirtualMemory (
6896 IN HANDLE ProcessHandle
,
6897 IN OUT PVOID
*BaseAddress
,
6898 IN ULONG_PTR ZeroBits
,
6899 IN OUT PSIZE_T RegionSize
,
6900 IN ULONG AllocationType
,
6907 ZwAccessCheckAndAuditAlarm (
6908 IN PUNICODE_STRING SubsystemName
,
6910 IN PUNICODE_STRING ObjectTypeName
,
6911 IN PUNICODE_STRING ObjectName
,
6912 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
6913 IN ACCESS_MASK DesiredAccess
,
6914 IN PGENERIC_MAPPING GenericMapping
,
6915 IN BOOLEAN ObjectCreation
,
6916 OUT PACCESS_MASK GrantedAccess
,
6917 OUT PBOOLEAN AccessStatus
,
6918 OUT PBOOLEAN GenerateOnClose
6921 #if (VER_PRODUCTBUILD >= 2195)
6927 IN HANDLE FileHandle
,
6928 OUT PIO_STATUS_BLOCK IoStatusBlock
6931 #endif /* (VER_PRODUCTBUILD >= 2195) */
6937 IN HANDLE EventHandle
6943 ZwCloseObjectAuditAlarm (
6944 IN PUNICODE_STRING SubsystemName
,
6946 IN BOOLEAN GenerateOnClose
6953 OUT PHANDLE SectionHandle
,
6954 IN ACCESS_MASK DesiredAccess
,
6955 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
6956 IN PLARGE_INTEGER MaximumSize OPTIONAL
,
6957 IN ULONG SectionPageProtection
,
6958 IN ULONG AllocationAttributes
,
6959 IN HANDLE FileHandle OPTIONAL
6965 ZwCreateSymbolicLinkObject (
6966 OUT PHANDLE SymbolicLinkHandle
,
6967 IN ACCESS_MASK DesiredAccess
,
6968 IN POBJECT_ATTRIBUTES ObjectAttributes
,
6969 IN PUNICODE_STRING TargetName
6976 IN POBJECT_ATTRIBUTES ObjectAttributes
6984 IN PUNICODE_STRING Name
6988 #if (NTDDI_VERSION >= NTDDI_WIN2K)
6992 ZwDeviceIoControlFile (
6993 IN HANDLE FileHandle
,
6994 IN HANDLE Event OPTIONAL
,
6995 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
6996 IN PVOID ApcContext OPTIONAL
,
6997 OUT PIO_STATUS_BLOCK IoStatusBlock
,
6998 IN ULONG IoControlCode
,
6999 IN PVOID InputBuffer OPTIONAL
,
7000 IN ULONG InputBufferLength
,
7001 OUT PVOID OutputBuffer OPTIONAL
,
7002 IN ULONG OutputBufferLength
);
7009 IN PUNICODE_STRING String
7016 IN HANDLE SourceProcessHandle
,
7017 IN HANDLE SourceHandle
,
7018 IN HANDLE TargetProcessHandle OPTIONAL
,
7019 OUT PHANDLE TargetHandle OPTIONAL
,
7020 IN ACCESS_MASK DesiredAccess
,
7021 IN ULONG HandleAttributes
,
7029 IN HANDLE ExistingTokenHandle
,
7030 IN ACCESS_MASK DesiredAccess
,
7031 IN POBJECT_ATTRIBUTES ObjectAttributes
,
7032 IN BOOLEAN EffectiveOnly
,
7033 IN TOKEN_TYPE TokenType
,
7034 OUT PHANDLE NewTokenHandle
7040 ZwFlushInstructionCache (
7041 IN HANDLE ProcessHandle
,
7042 IN PVOID BaseAddress OPTIONAL
,
7050 IN HANDLE FileHandle
,
7051 OUT PIO_STATUS_BLOCK IoStatusBlock
7054 #if (VER_PRODUCTBUILD >= 2195)
7059 ZwFlushVirtualMemory (
7060 IN HANDLE ProcessHandle
,
7061 IN OUT PVOID
*BaseAddress
,
7062 IN OUT PULONG FlushSize
,
7063 OUT PIO_STATUS_BLOCK IoStatusBlock
7066 #endif /* (VER_PRODUCTBUILD >= 2195) */
7071 ZwFreeVirtualMemory (
7072 IN HANDLE ProcessHandle
,
7073 IN OUT PVOID
*BaseAddress
,
7074 IN OUT PSIZE_T RegionSize
,
7082 IN HANDLE FileHandle
,
7083 IN HANDLE Event OPTIONAL
,
7084 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
7085 IN PVOID ApcContext OPTIONAL
,
7086 OUT PIO_STATUS_BLOCK IoStatusBlock
,
7087 IN ULONG FsControlCode
,
7088 IN PVOID InputBuffer OPTIONAL
,
7089 IN ULONG InputBufferLength
,
7090 OUT PVOID OutputBuffer OPTIONAL
,
7091 IN ULONG OutputBufferLength
7094 #if (VER_PRODUCTBUILD >= 2195)
7099 ZwInitiatePowerAction (
7100 IN POWER_ACTION SystemAction
,
7101 IN SYSTEM_POWER_STATE MinSystemState
,
7103 IN BOOLEAN Asynchronous
7106 #endif /* (VER_PRODUCTBUILD >= 2195) */
7112 /* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" */
7113 IN PUNICODE_STRING RegistryPath
7120 IN POBJECT_ATTRIBUTES KeyObjectAttributes
,
7121 IN POBJECT_ATTRIBUTES FileObjectAttributes
7128 IN HANDLE KeyHandle
,
7129 IN HANDLE EventHandle OPTIONAL
,
7130 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
7131 IN PVOID ApcContext OPTIONAL
,
7132 OUT PIO_STATUS_BLOCK IoStatusBlock
,
7133 IN ULONG NotifyFilter
,
7134 IN BOOLEAN WatchSubtree
,
7136 IN ULONG BufferLength
,
7137 IN BOOLEAN Asynchronous
7143 ZwOpenDirectoryObject (
7144 OUT PHANDLE DirectoryHandle
,
7145 IN ACCESS_MASK DesiredAccess
,
7146 IN POBJECT_ATTRIBUTES ObjectAttributes
7153 OUT PHANDLE EventHandle
,
7154 IN ACCESS_MASK DesiredAccess
,
7155 IN POBJECT_ATTRIBUTES ObjectAttributes
7162 OUT PHANDLE ProcessHandle
,
7163 IN ACCESS_MASK DesiredAccess
,
7164 IN POBJECT_ATTRIBUTES ObjectAttributes
,
7165 IN PCLIENT_ID ClientId OPTIONAL
7171 ZwOpenProcessToken (
7172 IN HANDLE ProcessHandle
,
7173 IN ACCESS_MASK DesiredAccess
,
7174 OUT PHANDLE TokenHandle
7181 OUT PHANDLE ThreadHandle
,
7182 IN ACCESS_MASK DesiredAccess
,
7183 IN POBJECT_ATTRIBUTES ObjectAttributes
,
7184 IN PCLIENT_ID ClientId
7191 IN HANDLE ThreadHandle
,
7192 IN ACCESS_MASK DesiredAccess
,
7193 IN BOOLEAN OpenAsSelf
,
7194 OUT PHANDLE TokenHandle
7197 #if (VER_PRODUCTBUILD >= 2195)
7202 ZwPowerInformation (
7203 IN POWER_INFORMATION_LEVEL PowerInformationLevel
,
7204 IN PVOID InputBuffer OPTIONAL
,
7205 IN ULONG InputBufferLength
,
7206 OUT PVOID OutputBuffer OPTIONAL
,
7207 IN ULONG OutputBufferLength
7210 #endif /* (VER_PRODUCTBUILD >= 2195) */
7216 IN HANDLE EventHandle
,
7217 OUT PLONG PreviousState OPTIONAL
7223 ZwQueryDefaultLocale (
7224 IN BOOLEAN ThreadOrSystem
,
7231 ZwQueryDirectoryFile (
7232 IN HANDLE FileHandle
,
7233 IN HANDLE Event OPTIONAL
,
7234 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
7235 IN PVOID ApcContext OPTIONAL
,
7236 OUT PIO_STATUS_BLOCK IoStatusBlock
,
7237 OUT PVOID FileInformation
,
7239 IN FILE_INFORMATION_CLASS FileInformationClass
,
7240 IN BOOLEAN ReturnSingleEntry
,
7241 IN PUNICODE_STRING FileName OPTIONAL
,
7242 IN BOOLEAN RestartScan
7245 #if (VER_PRODUCTBUILD >= 2195)
7250 ZwQueryDirectoryObject (
7251 IN HANDLE DirectoryHandle
,
7254 IN BOOLEAN ReturnSingleEntry
,
7255 IN BOOLEAN RestartScan
,
7256 IN OUT PULONG Context
,
7257 OUT PULONG ReturnLength OPTIONAL
7264 IN HANDLE FileHandle
,
7265 OUT PIO_STATUS_BLOCK IoStatusBlock
,
7268 IN BOOLEAN ReturnSingleEntry
,
7269 IN PVOID EaList OPTIONAL
,
7270 IN ULONG EaListLength
,
7271 IN PULONG EaIndex OPTIONAL
,
7272 IN BOOLEAN RestartScan
7275 #endif /* (VER_PRODUCTBUILD >= 2195) */
7280 ZwQueryInformationProcess (
7281 IN HANDLE ProcessHandle
,
7282 IN PROCESSINFOCLASS ProcessInformationClass
,
7283 OUT PVOID ProcessInformation
,
7284 IN ULONG ProcessInformationLength
,
7285 OUT PULONG ReturnLength OPTIONAL
7291 ZwQueryInformationToken (
7292 IN HANDLE TokenHandle
,
7293 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
7294 OUT PVOID TokenInformation
,
7296 OUT PULONG ResultLength
7302 ZwQuerySecurityObject (
7303 IN HANDLE FileHandle
,
7304 IN SECURITY_INFORMATION SecurityInformation
,
7305 OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
7307 OUT PULONG ResultLength
7313 ZwQueryVolumeInformationFile (
7314 IN HANDLE FileHandle
,
7315 OUT PIO_STATUS_BLOCK IoStatusBlock
,
7316 OUT PVOID FsInformation
,
7318 IN FS_INFORMATION_CLASS FsInformationClass
7325 IN POBJECT_ATTRIBUTES NewFileObjectAttributes
,
7326 IN HANDLE KeyHandle
,
7327 IN POBJECT_ATTRIBUTES OldFileObjectAttributes
7334 IN HANDLE EventHandle
,
7335 OUT PLONG PreviousState OPTIONAL
7338 #if (VER_PRODUCTBUILD >= 2195)
7344 IN HANDLE KeyHandle
,
7345 IN HANDLE FileHandle
,
7349 #endif /* (VER_PRODUCTBUILD >= 2195) */
7355 IN HANDLE KeyHandle
,
7356 IN HANDLE FileHandle
7362 ZwSetDefaultLocale (
7363 IN BOOLEAN ThreadOrSystem
,
7367 #if (VER_PRODUCTBUILD >= 2195)
7372 ZwSetDefaultUILanguage (
7373 IN LANGID LanguageId
7380 IN HANDLE FileHandle
,
7381 OUT PIO_STATUS_BLOCK IoStatusBlock
,
7386 #endif /* (VER_PRODUCTBUILD >= 2195) */
7392 IN HANDLE EventHandle
,
7393 OUT PLONG PreviousState OPTIONAL
7399 ZwSetInformationProcess (
7400 IN HANDLE ProcessHandle
,
7401 IN PROCESSINFOCLASS ProcessInformationClass
,
7402 IN PVOID ProcessInformation
,
7403 IN ULONG ProcessInformationLength
7406 #if (VER_PRODUCTBUILD >= 2195)
7411 ZwSetSecurityObject (
7413 IN SECURITY_INFORMATION SecurityInformation
,
7414 IN PSECURITY_DESCRIPTOR SecurityDescriptor
7417 #endif /* (VER_PRODUCTBUILD >= 2195) */
7423 IN PLARGE_INTEGER NewTime
,
7424 OUT PLARGE_INTEGER OldTime OPTIONAL
7427 #if (VER_PRODUCTBUILD >= 2195)
7432 ZwSetVolumeInformationFile (
7433 IN HANDLE FileHandle
,
7434 OUT PIO_STATUS_BLOCK IoStatusBlock
,
7435 IN PVOID FsInformation
,
7437 IN FS_INFORMATION_CLASS FsInformationClass
7440 #endif /* (VER_PRODUCTBUILD >= 2195) */
7445 ZwTerminateProcess (
7446 IN HANDLE ProcessHandle OPTIONAL
,
7447 IN NTSTATUS ExitStatus
7454 /* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" */
7455 IN PUNICODE_STRING RegistryPath
7462 IN POBJECT_ATTRIBUTES KeyObjectAttributes
7465 #if (NTDDI_VERSION >= NTDDI_WIN2K)
7469 ZwWaitForSingleObject (
7471 IN BOOLEAN Alertable
,
7472 IN PLARGE_INTEGER Timeout OPTIONAL
);
7478 ZwWaitForMultipleObjects (
7479 IN ULONG HandleCount
,
7481 IN WAIT_TYPE WaitType
,
7482 IN BOOLEAN Alertable
,
7483 IN PLARGE_INTEGER Timeout OPTIONAL