projects / reactos.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
[REISERFS] Import ReiserFS file system driver for Windows. It will be enabled later...
[reactos.git] / reactos / drivers / filesystems / reiserfs / inc / gplntifs.h
1 /*
2 This is a free version of the file ntifs.h, release 58.
3 The purpose of this include file is to build file system and
4 file system filter drivers for Windows.
5 Copyright (C) 1999-2015 Bo Brantén.
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17
18 The GNU General Public License is also available from:
19 http://www.gnu.org/copyleft/gpl.html
20
21 Windows and Windows NT are either registered trademarks or trademarks of
22 Microsoft Corporation in the United States and/or other countries.
23
24 DISCLAIMER: I do not encourage anyone to use this include file to build
25 drivers used in production. Some of the information in this file may not
26 be available in other publications intended for similar use. Some of the
27 information in this file may have different names than in other
28 publications even though they describe the same thing.
29
30 NOTE: This file should be used with the Microsoft® Windows® Driver
31 Development Kit (DDK) while the file wdkundoc.h is a subset of this
32 file that should be used with the Microsoft Windows Driver Kit (WDK).
33
34 Please send comments, corrections and contributions to bosse@acc.umu.se.
35
36 The most recent version of this file is available from:
37 http://www.acc.umu.se/~bosse/ntifs.h
38
39 The most recent version of the file wdkundoc.h is available from:
40 http://www.acc.umu.se/~bosse/wdkundoc.h
41
42 Thanks to:
43 Andrey Shedel, Luigi Mori, Louis Joubert, Itai Shaham, David Welch,
44 Emanuele Aliberti, Anton Altaparmakov, Dan Partelly, Mamaich, Yossi
45 Yaffe, Gunnar André Dalsnes, Vadim V Vorobev, Ashot Oganesyan K,
46 Oleg Nikityenko, Matt Wu, Tomas Olsson, Raaf, Anthony Choi, Alexey
47 Logachyov, Marc-Antoine Ruel, Vyacheslav I. Levtchenko, Yuri Polyakov,
48 Bruno Milot, Alex Vlasov, Dan Fulger, Petr Semerad, Sobame La Garompa,
49 Jérôme Hodé and Darja Isaksson.
50
51 Revision history:
52
53 58. 2015-06-11
54 Added:
55 Externals:
56 PsInitialSystemProcess
57 HalPrivateDispatchTable
58 KeLoaderBlock
59 KeI386MachineType
60 KiBugCheckData
61 InitSafeBootMode
62 KiEnableTimerWatchdog
63 KdComPortInUse
64 KdEnteredDebugger
65 MmBadPointer
66 NlsLeadByteInfo
67 NlsOemLeadByteInfo
68 NlsMbCodePageTag
69 NlsMbOemCodePageTag
70 NlsAnsiCodePage
71 NlsOemCodePage
72 IoStatisticsLock
73 IoReadOperationCount
74 IoWriteOperationCount
75 IoReadTransferCount
76 IoWriteTransferCount
77 KeDcacheFlushCount
78 KeIcacheFlushCount
79 CcFastMdlReadWait
80 CcFastReadNotPossible
81 CcFastReadWait
82 IoAdapterObjectType
83 IoDeviceObjectType
84 MmSectionObjectType
85 PsProcessType
86 PsThreadType
87 ExDesktopObjectType
88 ExWindowStationObjectType
89 IoDeviceHandlerObjectType
90 LpcPortObjectType
91 PsJobType
92 SeTokenObjectType
93 TmEnlistmentObjectType
94 TmResourceManagerObjectType
95 TmTransactionManagerObjectType
96 TmTransactionObjectType
97 CmKeyObjectType
98 IoDeviceHandlerObjectSize
99 POGOBuffer
100 psMUITest
101 PsUILanguageComitted
102
103 57. 2015-03-23
104 Corrected:
105 ObGetObjectPointerCount
106 Added:
107 Function prototypes:
108 FsRtlTeardownPerFileContexts
109 FsRtlTeardownPerStreamContexts
110
111 56. 2008-07-31
112 Corrected:
113 FSCTL_SET_SPARSE
114 FSRTL_COMMON_FCB_HEADER
115 Added:
116 Defines:
117 FSRTL_XXX
118 IO_REPARSE_TAG_XXX
119 Data types:
120 FSRTL_ADVANCED_FCB_HEADER
121 Function prototypes:
122 FsRtlSetupAdvancedHeader
123
124 55. 2006-05-15
125 Corrected:
126 TOKEN_OBJECT
127 Added:
128 Data types:
129 SEP_AUDIT_POLICY_VISTA
130 SID_AND_ATTRIBUTES_HASH
131
132 54. 2006-05-14
133 Corrected:
134 EXTENDED_IO_STACK_LOCATION
135
136 53. 2005-11-06
137 Added:
138 Function prototypes:
139 RtlRandom
140 RtlRandomEx
141 RtlSecondsSince1980ToTime
142 RtlTimeToSecondsSince1980
143
144 52. 2005-11-05
145 Corrected:
146 OBJECT_NAME
147 TOKEN_OBJECT
148
149 51. 2005-10-16
150 Corrected:
151 ETHREAD
152 GDI_TEB_BATCH
153 MMADDRESS_NODE
154 TEB
155
156 50. 2005-10-15
157 Added:
158 Data types:
159 READ_LIST
160 Function prototypes:
161 IoAttachDeviceToDeviceStackSafe
162 IoCheckQuerySetFileInformation
163 IoCheckQuerySetVolumeInformation
164 IoCreateFileSpecifyDeviceObjectHint
165 IoCreateStreamFileObjectEx
166 IoEnumerateDeviceObjectList
167 IoGetDeviceAttachmentBaseRef
168 IoGetDiskDeviceObject
169 IoGetLowerDeviceObject
170 IoIsFileOriginRemote
171 IoQueryFileDosDeviceName
172 IoQueueThreadIrp
173 IoSetFileOrigin
174 KeAcquireQueuedSpinLock
175 KeInitializeMutant
176 KeReadStateMutant
177 KeReleaseMutant
178 KeReleaseQueuedSpinLock
179 KeSetIdealProcessorThread
180 KeSetKernelStackSwapEnable
181 KeTryToAcquireQueuedSpinLock
182 MmPrefetchPages
183 ObDereferenceSecurityDescriptor
184 ObLogSecurityDescriptor
185 ObReferenceSecurityDescriptor
186 PoQueueShutdownWorkItem
187 RtlxUnicodeStringToAnsiSize
188 SeAuditHardLinkCreation
189 SeAuditingHardLinkEvents
190 SeFilterToken
191
192 49. 2005-10-09
193 Corrected:
194 EPROCESS
195 KTHREAD
196 MMSUPPORT_FLAGS
197 MMSUPPORT
198 OBJECT_HEADER
199 OBJECT_TYPE_INITIALIZER
200 OBJECT_TYPE
201 TEB
202 KeInsertQueueApc
203 Added:
204 Defines:
205 OB_FLAG_XXX
206 OB_SECURITY_CHARGE
207 Data types:
208 ACTIVATION_CONTEXT_STACK
209 GDI_TEB_BATCH
210 HANDLE_INFO
211 KGUARDED_MUTEX
212 MMADDRESS_NODE
213 MM_AVL_TABLE
214 OBJECT_CREATE_INFORMATION
215 OBJECT_CREATOR_INFO
216 OBJECT_DIRECTORY
217 OBJECT_DIRECTORY_ITEM
218 OBJECT_HANDLE_DB
219 OBJECT_HANDLE_DB_LIST
220 OBJECT_HEADER_FLAGS
221 OBJECT_NAME
222 OBJECT_QUOTA_CHARGES
223 OBJECT_QUOTA_INFO
224 QUOTA_BLOCK
225 RTL_ACTIVATION_CONTEXT_STACK_FRAME
226 TEB_ACTIVE_FRAME
227 TEB_ACTIVE_FRAME_CONTEXT
228 Wx86ThreadState
229 Function prototypes:
230 FsRtlAcquireFileExclusive
231 FsRtlBalanceReads
232 FsRtlDissectDbcs
233 FsRtlDoesDbcsContainWildCards
234 FsRtlIsDbcsInExpression
235 FsRtlIsFatDbcsLegal
236 FsRtlIsHpfsDbcsLegal
237 FsRtlIsPagingFile
238 FsRtlIsTotalDeviceFailure
239 FsRtlMdlReadDev
240 FsRtlPostPagingFileStackOverflow
241 FsRtlPostStackOverflow
242 FsRtlPrepareMdlWriteDev
243 FsRtlReleaseFile
244
245 48. 2005-04-16
246 Added:
247 Data types:
248 THREAD_BASIC_INFORMATION
249 Function prototypes:
250 ZwQueryInformationThread
251
252 47. 2005-03-08
253 Corrected:
254 SYSTEM_PROCESSES_INFORMATION
255 TOKEN_OBJECT
256 KeInsertQueueApc
257
258 46. 2004-06-08
259 Added:
260 Data types:
261 TOKEN_OBJECT
262
263 45. 2004-06-06
264 Corrected:
265 SERVICE_DESCRIPTOR_TABLE
266 Added:
267 Defines:
268 TOKEN_SESSION_NOT_REFERENCED
269 TOKEN_SANDBOX_INERT
270 TOKEN_HAS_IMPERSONATE_PRIVILEGE
271 Function prototypes:
272 FsRtlDissectName
273 RtlOemStringToCountedUnicodeSize
274 RtlOemStringToUnicodeSize
275 RtlOemStringToUnicodeString
276 RtlUnicodeStringToOemSize
277 RtlUnicodeStringToOemString
278 RtlxOemStringToUnicodeSize
279 RtlxUnicodeStringToOemSize
280
281 44. 2003-05-06
282 Added:
283 Function prototypes:
284 InbvAcquireDisplayOwnership
285 InbvCheckDisplayOwnership
286 InbvDisplayString
287 InbvEnableBootDriver
288 InbvEnableDisplayString
289 InbvInstallDisplayStringFilter
290 InbvIsBootDriverInstalled
291 InbvNotifyDisplayOwnershipLost
292 InbvResetDisplay
293 InbvSetScrollRegion
294 InbvSetTextColor
295 InbvSolidColorFill
296
297 43. 2003-04-07
298 Added:
299 Data types:
300 MCB
301 Function prototypes:
302 FsRtlAddMcbEntry
303 FsRtlInitializeMcb
304 FsRtlLookupLastMcbEntry
305 FsRtlLookupMcbEntry
306 FsRtlNotifyFilterChangeDirectory
307 FsRtlNotifyFilterReportChange
308 FsRtlNumberOfRunsInMcb
309 FsRtlRemoveMcbEntry
310 FsRtlTruncateMcb
311 FsRtlUninitializeMcb
312
313 42. 2003-03-30
314 Corrected:
315 SYSTEM_CACHE_INFORMATION
316 SYSTEM_INFORMATION_CLASS
317 Added:
318 Data types:
319 SYSTEM_XXX_INFORMATION
320 THREAD_STATE
321
322 41. 2003-01-03
323 Corrected:
324 CcMapData
325 PsDereferenceImpersonationToken
326 PsDereferencePrimaryToken
327 PsGetProcessExitTime
328 PsReferencePrimaryToken
329 Added:
330 Defines:
331 MAP_XXX
332 Function prototypes:
333 CcMdlWriteAbort
334 PsAssignImpersonationToken
335 PsChargeProcessNonPagedPoolQuota
336 PsChargeProcessPagedPoolQuota
337 PsChargeProcessPoolQuota
338 PsDisableImpersonation
339 PsImpersonateClient
340 PsIsSystemThread
341 PsRestoreImpersonation
342 SeDeleteAccessState
343 ZwOpenProcessTokenEx
344 ZwOpenThreadTokenEx
345
346 40. 2002-10-02
347 Corrected:
348 HANDLE_TABLE_ENTRY
349 Added:
350 Defines:
351 FSRTL_FLAG_ADVANCED_HEADER
352 FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS
353 FSRTL_FLAG2_PURGE_WHEN_MAPPED
354 Data types:
355 FILE_ID_BOTH_DIR_INFORMATION
356 FILE_ID_FULL_DIR_INFORMATION
357
358 39. 2002-08-04
359 Added:
360 Data types:
361 LARGE_MCB
362 Function prototypes:
363 FsRtlAddLargeMcbEntry
364 FsRtlGetNextLargeMcbEntry
365 FsRtlInitializeLargeMcb
366 FsRtlLookupLargeMcbEntry
367 FsRtlLookupLastLargeMcbEntry
368 FsRtlLookupLastLargeMcbEntryAndIndex
369 FsRtlNumberOfRunsInLargeMcb
370 FsRtlRemoveLargeMcbEntry
371 FsRtlResetLargeMcb
372 FsRtlSplitLargeMcb
373 FsRtlTruncateLargeMcb
374 FsRtlUninitializeLargeMcb
375
376 38. 2002-06-30
377 Added:
378 Defines:
379 FILE_READ_ONLY_VOLUME
380 Function prototypes:
381 FsRtlAllocateResource
382 FsRtlIncrementCcFastReadNotPossible
383 FsRtlIncrementCcFastReadNoWait
384 FsRtlIncrementCcFastReadResourceMiss
385 FsRtlIncrementCcFastReadWait
386 KeIsAttachedProcess
387 KeIsExecutingDpc
388 KeRevertToUserAffinityThread
389 KeUpdateSystemTime
390 PsGetCurrentProcessSessionId
391 PsGetCurrentThreadPreviousMode
392 PsGetCurrentThreadStackBase
393 PsGetCurrentThreadStackLimit
394 RtlGetNtGlobalFlags
395
396 37. 2002-05-18
397 Uppdated for Windows XP:
398 EPROCESS
399 ETHREAD
400 KPROCESS
401 KTHREAD
402 MMSUPPORT_FLAGS
403 MMSUPPORT
404 PRIVATE_CACHE_MAP_FLAGS
405 PRIVATE_CACHE_MAP
406 SHARED_CACHE_MAP
407 Corrected:
408 VACB
409 Added:
410 Data types:
411 EPROCESS_QUOTA_ENTRY
412 EPROCESS_QUOTA_BLOCK
413 EX_FAST_REF
414 EX_PUSH_LOCK
415 EX_RUNDOWN_REF
416 PAGEFAULT_HISTORY
417 SE_AUDIT_PROCESS_CREATION_INFO
418 SECTION_OBJECT
419 TERMINATION_PORT
420
421 36. 2002-05-14
422 Corrected:
423 FILE_FS_FULL_SIZE_INFORMATION
424
425 35. 2002-03-23
426 Added:
427 Defines:
428 COMPRESSION_XXX
429 Data types:
430 COMPRESSED_DATA_INFO
431 OBJECT_HEADER
432 VAD_HEADER
433 Function prototypes:
434 CcWaitForCurrentLazyWriterActivity
435 FsRtlCheckOplock
436 FsRtlCurrentBatchOplock
437 FsRtlDeregisterUncProvider
438 FsRtlInitializeOplock
439 FsRtlOplockFsctrl
440 FsRtlOplockIsFastIoPossible
441 FsRtlRegisterUncProvider
442 FsRtlUninitializeOplock
443 RtlCompressBuffer
444 RtlCompressChunks
445 RtlDecompressBuffer
446 RtlDecompressChunks
447 RtlDecompressFragment
448 RtlDescribeChunk
449 RtlGetCompressionWorkSpaceSize
450 RtlReserveChunk
451
452 34. 2002-02-14
453 Corrected:
454 HARDWARE_PTE
455 Changed the use of _WIN32_WINNT to VER_PRODUCTBUILD since _WIN32_WINNT
456 is incorrectly defined in the Windows 2000 build environment included
457 in the Windows XP DDK.
458
459 33. 2002-01-20
460 Added:
461 Function prototypes:
462 PsDereferenceImpersonationToken
463 PsDereferencePrimaryToken
464
465 32. 2002-01-18
466 Corrected:
467 ObReferenceObjectByName
468 FILE_FS_OBJECT_ID_INFORMATION
469 FILE_OBJECTID_INFORMATION
470 Added:
471 Externals:
472 IoDriverObjectType
473 SeExports
474 Defines:
475 FILE_ACTION_XXX
476 FSCTL_XXX
477 IO_FILE_OBJECT_XXX
478 IRP_BEING_VERIFIED
479 TOKEN_XXX
480 Data types:
481 DEVICE_MAP
482 FILE_TRACKING_INFORMATION
483 SE_EXPORTS
484 Function prototypes:
485 SeEnableAccessToExports
486
487 31. 2001-12-23
488 Corrected:
489 QueryQuota in EXTENDED_IO_STACK_LOCATION
490 FILE_LOCK
491 CcPinMappedData
492 CcPinRead
493 CcPreparePinWrite
494 FsRtlFastUnlockAll
495 FsRtlFastUnlockAllByKey
496 FsRtlFastUnlockSingle
497 FsRtlInitializeFileLock
498 FsRtlPrivateLock
499 FsRtlProcessFileLock
500 MmForceSectionClosed
501 MmIsRecursiveIoFault
502 SeImpersonateClient
503 SeImpersonateClientEx
504 Added:
505 Defines:
506 More FSRTL_FLAG_XXX
507 PIN_XXX
508 VACB_XXX
509 Data types:
510 REPARSE_DATA_BUFFER
511 Function prototypes:
512 CcCopyWriteWontFlush
513 CcGetFileSizePointer
514 CcGetFlushedValidData
515 CcIsFileCached
516 CcRemapBcb
517 ExDisableResourceBoostLite
518 ExQueryPoolBlockSize
519 FsRtlAllocateFileLock
520 FsRtlAreThereCurrentFileLocks
521 FsRtlFastLock
522 FsRtlFreeFileLock
523 IoCheckDesiredAccess
524 IoCheckEaBufferValidity
525 IoCheckFunctionAccess
526 IoCheckQuotaBufferValidity
527 IoCreateStreamFileObjectLite
528 IoFastQueryNetworkAttributes
529 IoGetRequestorProcessId
530 IoIsFileOpenedExclusively
531 IoIsSystemThread
532 IoIsValidNameGraftingBuffer
533 IoSynchronousPageWrite
534 IoThreadToProcess
535 KeInitializeQueue
536 KeInsertHeadQueue
537 KeInsertQueue
538 KeReadStateQueue
539 KeRemoveQueue
540 KeRundownQueue
541 MmSetAddressRangeModified
542 ObGetObjectPointerCount
543 ObMakeTemporaryObject
544 ObQueryObjectAuditingByHandle
545 PsChargePoolQuota
546 PsReturnPoolQuota
547 SeAppendPrivileges
548 SeAuditingFileEvents
549 SeAuditingFileOrGlobalEvents
550 SeCreateClientSecurity
551 SeCreateClientSecurityFromSubjectContext
552 SeDeleteClientSecurity
553 SeDeleteObjectAuditAlarm
554 SeFreePrivileges
555 SeLockSubjectContext
556 SeOpenObjectAuditAlarm
557 SeOpenObjectForDeleteAuditAlarm
558 SePrivilegeCheck
559 SeQueryAuthenticationIdToken
560 SeQuerySecurityDescriptorInfo
561 SeQuerySessionIdToken
562 SeSetAccessStateGenericMapping
563 SeSetSecurityDescriptorInfo
564 SeSetSecurityDescriptorInfoEx
565 SeTokenIsAdmin
566 SeTokenIsRestricted
567 SeTokenType
568 SeUnlockSubjectContext
569
570 30. 2001-10-24
571 Corrected:
572 KINTERRUPT
573 OBJECT_TYPE
574 Added:
575 Defines:
576 More FSCTL_XXX
577 Data types:
578 BITMAP_RANGE
579 CreateMailslot in EXTENDED_IO_STACK_LOCATION
580 CreatePipe in EXTENDED_IO_STACK_LOCATION
581 QueryQuota in EXTENDED_IO_STACK_LOCATION
582 MAILSLOT_CREATE_PARAMETERS
583 MBCB
584 NAMED_PIPE_CREATE_PARAMETERS
585 PRIVATE_CACHE_MAP_FLAGS
586 PRIVATE_CACHE_MAP
587 SECURITY_CLIENT_CONTEXT
588 SHARED_CACHE_MAP
589 VACB
590 Function prototypes:
591 HalQueryRealTimeClock
592 HalSetRealTimeClock
593 PsGetProcessExitTime
594 PsIsThreadTerminating
595 PsLookupProcessThreadByCid
596 PsLookupThreadByThreadId
597 SeQueryAuthenticationIdToken
598 Externals:
599 KeServiceDescriptorTable
600 SePublicDefaultDacl
601 SeSystemDefaultDacl
602
603 29. 2001-10-06
604 Added:
605 Defines:
606 FSRTL_VOLUME_XXX
607 Function prototypes:
608 FsRtlNotifyChangeDirectory
609 FsRtlNotifyReportChange
610 FsRtlNotifyVolumeEvent
611
612 28. 2001-09-16
613 Added:
614 Function prototypes:
615 FsRtlNotifyInitializeSync
616 FsRtlNotifyUninitializeSync
617 SeImpersonateClientEx
618 SeReleaseSubjectContext
619
620 27. 2001-08-25
621 Corrected:
622 KPROCESS
623 FILE_LOCK_ANCHOR
624 FsRtlNormalizeNtstatus
625 RtlSecondsSince1970ToTime
626 RtlTimeToSecondsSince1970
627 SeQueryInformationToken
628 Added:
629 Defines:
630 FS_LFN_APIS
631 Data types:
632 FILE_LOCK_ENTRY
633 FILE_SHARED_LOCK_ENTRY
634 FILE_EXCLUSIVE_LOCK_ENTRY
635 Function prototypes:
636 FsRtlCheckLockForReadAccess
637 FsRtlCheckLockForWriteAccess
638 FsRtlFastUnlockAll
639 FsRtlFastUnlockAllByKey
640 FsRtlFastUnlockSingle
641 FsRtlGetFileSize
642 FsRtlGetNextFileLock
643 FsRtlInitializeFileLock
644 FsRtlPrivateLock
645 FsRtlProcessFileLock
646 FsRtlUninitializeFileLock
647 IoUnregisterFsRegistrationChange
648 PsLookupProcessByProcessId
649 SeQuerySubjectContextToken
650
651 26. 2001-04-28
652 Added:
653 Defines:
654 FSCTL_XXX
655 Data types:
656 RTL_SPLAY_LINKS
657 TUNNEL
658 Function prototypes:
659 FsRtlAddToTunnelCache
660 FsRtlDeleteKeyFromTunnelCache
661 FsRtlDeleteTunnelCache
662 FsRtlFindInTunnelCache
663 FsRtlInitializeTunnelCache
664 IoSetDeviceToVerify
665 KeInitializeApc
666 KeInsertQueueApc
667 SeQueryInformationToken
668
669 25. 2001-04-05
670 Corrected:
671 RtlImageNtHeader
672 LPC_XXX
673 OBJECT_BASIC_INFO
674 Added:
675 Defines:
676 SID_REVISION
677 Data types:
678 DIRECTORY_BASIC_INFORMATION
679 KINTERRUPT
680 OBJECT_HANDLE_ATTRIBUTE_INFO
681 PROCESS_PRIORITY_CLASS
682 SECTION_BASIC_INFORMATION
683 SECTION_IMAGE_INFORMATION
684 SECTION_INFORMATION_CLASS
685 Function prototypes:
686 RtlSecondsSince1970ToTime
687 RtlTimeToSecondsSince1970
688 ZwAdjustPrivilegesToken
689 ZwAlertThread
690 ZwAccessCheckAndAuditAlarm
691 ZwClearEvent
692 ZwCloseObjectAuditAlarm
693 ZwCreateSection
694 ZwCreateSymbolicLinkObject
695 ZwDuplicateToken
696 ZwFlushInstructionCache
697 ZwFlushVirtualMemory
698 ZwInitiatePowerAction
699 ZwLoadKey
700 ZwNotifyChangeKey
701 ZwOpenThread
702 ZwPowerInformation
703 ZwPulseEvent
704 ZwQueryDefaultLocale
705 ZwQueryDefaultUILanguage
706 ZwQueryInformationProcess
707 ZwQueryInstallUILanguage
708 ZwQuerySection
709 ZwReplaceKey
710 ZwResetEvent
711 ZwRestoreKey
712 ZwSaveKey
713 ZwSetDefaultLocale
714 ZwSetDefaultUILanguage
715 ZwSetEvent
716 ZwSetInformationObject
717 ZwSetInformationProcess
718 ZwSetSecurityObject
719 ZwSetSystemTime
720 ZwTerminateProcess
721 ZwUnloadKey
722 ZwWaitForSingleObject
723 ZwWaitForMultipleObjects
724 ZwYieldExecution
725 Removed functions that is not exported in kernel mode:
726 CcZeroEndOfLastPage
727 RtlAllocateAndInitializeSid
728 ZwAcceptConnectPort
729 ZwCompleteConnectPort
730 ZwCreatePort
731 ZwCreateProcess
732 ZwCreateThread
733 ZwFlushBuffersFile
734 ZwGetContextThread
735 ZwImpersonateClientOfPort
736 ZwListenPort
737 ZwLockFile
738 ZwNotifyChangeDirectoryFile
739 ZwQueryInformationPort
740 ZwReadRequestData
741 ZwReplyPort
742 ZwReplyWaitReceivePort
743 ZwReplyWaitReplyPort
744 ZwRequestPort
745 ZwUnlockFile
746 ZwWriteRequestData
747
748 24. 2001-03-08
749 Corrected:
750 EPROCESS
751 ETHREAD
752 FAST_IO_POSSIBLE
753 QueryEa in EXTENDED_IO_STACK_LOCATION
754 Added:
755 Defines:
756 Some more flags for FileSystemAttributes
757 Data types:
758 EXCEPTION_REGISTRATION_RECORD
759 FILE_FS_FULL_SIZE_INFORMATION
760 FILE_FS_OBJECT_ID_INFORMATION
761 HANDLE_TABLE_ENTRY
762 IO_CLIENT_EXTENSION
763 PS_IMPERSONATION_INFORMATION
764 SetEa and SetQuota in EXTENDED_IO_STACK_LOCATION
765 Function prototypes:
766 IoPageRead
767 KeStackAttachProcess
768 KeUnstackDetachProcess
769 MmMapViewOfSection
770 RtlSelfRelativeToAbsoluteSD
771 SeCreateAccessState
772
773 23. 2001-01-29
774 Corrected:
775 FSCTL_GET_VOLUME_INFORMATION
776 FSCTL_READ_MFT_RECORD
777 HARDWARE_PTE
778 EPROCESS
779 ETHREAD
780 KAPC_STATE
781 KPROCESS
782 KTHREAD
783 MMSUPPORT
784 Added:
785 Data types:
786 KGDTENTRY
787 KIDTENTRY
788 MMSUPPORT_FLAGS
789
790 22. 2000-12-23
791 Corrected:
792 EPROCESS
793 KPROCESS
794 Added:
795 Data types:
796 HARDWARE_PTE
797 MMSUPPORT
798
799 21. 2000-12-12
800 Added:
801 Defines:
802 IO_TYPE_XXX
803 OB_TYPE_XXX
804 THREAD_STATE_XXX
805 Data types:
806 EPROCESS
807 ETHREAD
808 KAPC_STATE
809 KEVENT_PAIR
810 KPROCESS
811 KTHREAD
812 KQUEUE
813 SERVICE_DESCRIPTOR_TABLE
814 TEB
815
816 20. 2000-12-03
817 Added:
818 Data types:
819 OBJECT_TYPE
820 Function prototypes:
821 ObCreateObject
822 ObInsertObject
823 ObReferenceObjectByName
824
825 19. 2000-11-25
826 Removed a name from credits since the person want to be anonymous.
827
828 18. 2000-10-13
829 Corrected:
830 PsReferenceImpersonationToken
831 Added:
832 Defines:
833 FILE_PIPE_XXX
834 LPC_XXX
835 MAILSLOT_XXX
836 PORT_XXX
837 FSCTL_GET_VOLUME_INFORMATION
838 FSCTL_READ_MFT_RECORD
839 FSCTL_MAILSLOT_PEEK
840 FSCTL_PIPE_XXX
841 Data types:
842 PORT_INFORMATION_CLASS
843 BITMAP_DESCRIPTOR
844 FILE_MAILSLOT_XXX
845 FILE_PIPE_XXX
846 MAPPING_PAIR
847 GET_RETRIEVAL_DESCRIPTOR
848 LPC_XXX
849 MOVEFILE_DESCRIPTOR
850 Function prototypes:
851 InitializeMessageHeader
852 MmForceSectionClosed
853 ZwAcceptConnectPort
854 ZwCompleteConnectPort
855 ZwConnectPort
856 ZwCreateEvent
857 ZwCreatePort
858 ZwImpersonateClientOfPort
859 ZwListenPort
860 ZwQueryInformationPort
861 ZwReadRequestData
862 ZwReplyPort
863 ZwReplyWaitReceivePort
864 ZwReplyWaitReplyPort
865 ZwRequestPort
866 ZwRequestWaitReplyPort
867 ZwWriteRequestData
868
869 17. 2000-05-21
870 Added:
871 Function prototypes:
872 PsRevertToSelf
873 SeCreateClientSecurity
874 SeImpersonateClient
875 ZwDuplicateObject
876
877 16. 2000-03-28
878 Added:
879 Defines:
880 FILE_STORAGE_TYPE_XXX
881 FILE_VC_XXX
882 IO_CHECK_CREATE_PARAMETERS
883 IO_ATTACH_DEVICE
884 IO_ATTACH_DEVICE_API
885 IO_COMPLETION_XXX
886 Data types:
887 IO_COMPLETION_INFORMATION_CLASS
888 OBJECT_INFO_CLASS
889 SYSTEM_INFORMATION_CLASS
890 FILE_LOCK_ANCHOR
891 IO_COMPLETION_BASIC_INFORMATION
892 OBJECT_BASIC_INFO
893 OBJECT_NAME_INFO
894 OBJECT_PROTECTION_INFO
895 OBJECT_TYPE_INFO
896 OBJECT_ALL_TYPES_INFO
897 SYSTEM_CACHE_INFORMATION
898 Function prototypes:
899 FsRtlAllocatePool
900 FsRtlAllocatePoolWithQuota
901 FsRtlAllocatePoolWithQuotaTag
902 FsRtlAllocatePoolWithTag
903 FsRtlAreNamesEqual
904 FsRtlFastCheckLockForRead
905 FsRtlFastCheckLockForWrite
906 FsRtlMdlReadComplete
907 FsRtlMdlWriteComplete
908 FsRtlNormalizeNtstatus
909 RtlAllocateHeap
910 RtlCreateHeap
911 RtlDestroyHeap
912 RtlFreeHeap
913 RtlImageNtHeader
914 ZwQueryObject
915 ZwQuerySystemInformation
916 ZwSetSystemInformation
917
918 15. 2000-03-15
919 Corrected:
920 Renamed IoQueryFileVolumeInformation to IoQueryVolumeInformation
921 Comment on:
922 CcZeroEndOfLastPage
923
924 14. 2000-03-12
925 Corrected:
926 IoCreateFile
927 Added:
928 #if (_WIN32_WINNT < 0x0500)/#endif around stuff that is included in
929 the Windows 2000 DDK but is missing in the Windows NT 4.0 DDK.
930 ZwOpenEvent
931
932 13. 2000-02-08
933 Corrected:
934 PsReferenceImpersonationToken
935 Comment on:
936 RtlAllocateAndInitializeSid
937
938 12. 1999-10-18
939 Corrected:
940 FILE_COMPRESSION_INFORMATION
941 Added:
942 Defines:
943 ACCESS_ALLOWED_ACE_TYPE
944 ACCESS_DENIED_ACE_TYPE
945 SYSTEM_AUDIT_ACE_TYPE
946 SYSTEM_ALARM_ACE_TYPE
947 ANSI_DOS_STAR/QM/DOT
948 DOS_STAR/QM/DOT
949 FILE_EA_TYPE_XXX
950 FILE_NEED_EA
951 FILE_OPBATCH_BREAK_UNDERWAY
952 SECURITY_WORLD_SID_AUTHORITY
953 SECURITY_WORLD_RID
954 Data types:
955 POBJECT
956 FILE_STORAGE_TYPE
957 FILE_COMPLETION_INFORMATION
958 FILE_COPY_ON_WRITE_INFORMATION
959 FILE_FS_CONTROL_INFORMATION
960 FILE_GET_EA_INFORMATION
961 FILE_GET_QUOTA_INFORMATION
962 FILE_OBJECTID_INFORMATION
963 FILE_OLE_CLASSID_INFORMATION
964 FILE_OLE_ALL_INFORMATION
965 FILE_OLE_DIR_INFORMATION
966 FILE_OLE_INFORMATION
967 FILE_OLE_STATE_BITS_INFORMATION
968 FILE_QUOTA_INFORMATION
969 Function prototypes:
970 HalDisplayString
971 HalMakeBeep
972 IoGetRequestorProcess
973 ObQueryNameString
974 ProbeForWrite
975 RtlAbsoluteToSelfRelativeSD
976 RtlGetDaclSecurityDescriptor
977 RtlGetGroupSecurityDescriptor
978 RtlGetOwnerSecurityDescriptor
979 RtlInitializeSid
980 RtlSetGroupSecurityDescriptor
981 RtlSetOwnerSecurityDescriptor
982 RtlSetSaclSecurityDescriptor
983 ZwDeleteValueKey
984 ZwDisplayString
985 ZwQueryDirectoryObject
986
987 11. 1999-10-13
988 Corrected:
989 ZwOpenProcessToken
990 ZwOpenThreadToken
991 Added:
992 Function prototypes:
993 RtlAllocateAndInitializeSid
994 RtlCopySid
995 RtlEqualSid
996 RtlFillMemoryUlong
997 RtlIsNameLegalDOS8Dot3
998 RtlLengthRequiredSid
999 RtlLengthSid
1000 RtlNtStatusToDosError
1001 RtlSubAuthorityCountSid
1002 RtlSubAuthoritySid
1003 RtlValidSid
1004
1005 10. 1999-07-15
1006 Corrected:
1007 RtlConvertSidToUnicodeString
1008 Added:
1009 Externals:
1010 FsRtlLegalAnsiCharacterArray
1011 NtBuildNumber
1012 Defines:
1013 FSRTL_WILD_CHARACTER
1014 FlagOn
1015 FsRtlIsUnicodeCharacterWild
1016 Structures:
1017 FILE_ACCESS_INFORMATION
1018 FILE_MODE_INFORMATION
1019 GENERATE_NAME_CONTEXT
1020 Function prototypes:
1021 FsRtlDoesNameContainWildCards
1022 FsRtlIsNameInExpression
1023 IoSetInformation
1024 RtlGenerate8dot3Name
1025 ZwQuerySecurityObject
1026
1027 9. 1999-07-12
1028 Corrected:
1029 EXTENDED_IO_STACK_LOCATION
1030 QueryDirectory in EXTENDED_IO_STACK_LOCATION
1031 ZwCreateThread
1032 Added:
1033 Structures:
1034 INITIAL_TEB
1035 Function prototypes:
1036 ZwQuerySymbolicLinkObject
1037
1038 8. 1999-06-07
1039 Corrected:
1040 ZwOpenProcessToken
1041 ZwOpenThreadToken
1042 Added:
1043 Defines:
1044 FILE_OPLOCK_BROKEN_TO_LEVEL_2
1045 FILE_OPLOCK_BROKEN_TO_NONE
1046 FILE_CASE_SENSITIVE_SEARCH
1047 FILE_CASE_PRESERVED_NAMES
1048 FILE_UNICODE_ON_DISK
1049 FILE_PERSISTENT_ACLS
1050 FILE_FILE_COMPRESSION
1051 FILE_VOLUME_IS_COMPRESSED
1052 FSRTL_FLAG_ACQUIRE_MAIN_RSRC_EX
1053 FSRTL_FLAG_ACQUIRE_MAIN_RSRC_SH
1054 IOCTL_REDIR_QUERY_PATH
1055 Structures:
1056 FILE_FS_LABEL_INFORMATION
1057 PATHNAME_BUFFER
1058 In IO_STACK_LOCATION:
1059 FileSystemControl
1060 LockControl
1061 SetVolume
1062 Function prototypes:
1063 FsRtlCopyRead
1064 FsRtlCopyWrite
1065 IoVerifyVolume
1066
1067 7. 1999-06-05
1068 Added:
1069 defines for TOKEN_XXX
1070 SID_NAME_USE
1071 TOKEN_INFORMATION_CLASS
1072 TOKEN_TYPE
1073 FILE_FS_ATTRIBUTE_INFORMATION
1074 FILE_FS_SIZE_INFORMATION
1075 SID_IDENTIFIER_AUTHORITY
1076 SID
1077 SID_AND_ATTRIBUTES
1078 TOKEN_CONTROL
1079 TOKEN_DEFAULT_DACL
1080 TOKEN_GROUPS
1081 TOKEN_OWNER
1082 TOKEN_PRIMARY_GROUP
1083 TOKEN_PRIVILEGES
1084 TOKEN_SOURCE
1085 TOKEN_STATISTICS
1086 TOKEN_USER
1087 IoCreateFile
1088 IoGetAttachedDevice
1089 IoGetBaseFileSystemDeviceObject
1090 PsReferenceImpersonationToken
1091 PsReferencePrimaryToken
1092 RtlConvertSidToUnicodeString
1093 SeCaptureSubjectContext
1094 SeMarkLogonSessionForTerminationNotification
1095 SeRegisterLogonSessionTerminatedRoutine
1096 SeUnregisterLogonSessionTerminatedRoutine
1097 ZwOpenProcessToken
1098 ZwOpenThreadToken
1099 ZwQueryInformationToken
1100
1101 6. 1999-05-10
1102 Corrected declarations of Zw functions.
1103 Added:
1104 ZwCancelIoFile
1105 ZwDeleteFile
1106 ZwFlushBuffersFile
1107 ZwFsControlFile
1108 ZwLockFile
1109 ZwNotifyChangeDirectoryFile
1110 ZwOpenFile
1111 ZwQueryEaFile
1112 ZwSetEaFile
1113 ZwSetVolumeInformationFile
1114 ZwUnlockFile
1115
1116 5. 1999-05-09
1117 Added:
1118 defines for FILE_ACTION_XXX and FILE_NOTIFY_XXX
1119 FILE_FS_VOLUME_INFORMATION
1120 RETRIEVAL_POINTERS_BUFFER
1121 STARTING_VCN_INPUT_BUFFER
1122 FsRtlNotifyFullReportChange
1123
1124 4. 1999-04-11
1125 Corrected:
1126 ZwCreateThread
1127 Added:
1128 define _GNU_NTIFS_
1129
1130 3. 1999-03-30
1131 Added:
1132 defines for MAP_XXX, MEM_XXX and SEC_XXX
1133 FILE_BOTH_DIR_INFORMATION
1134 FILE_DIRECTORY_INFORMATION
1135 FILE_FULL_DIR_INFORMATION
1136 FILE_NAMES_INFORMATION
1137 FILE_NOTIFY_INFORMATION
1138 FsRtlNotifyCleanup
1139 KeAttachProcess
1140 KeDetachProcess
1141 MmCreateSection
1142 ZwCreateProcess
1143 ZwCreateThread
1144 ZwDeviceIoControlFile
1145 ZwGetContextThread
1146 ZwLoadDriver
1147 ZwOpenDirectoryObject
1148 ZwOpenProcess
1149 ZwOpenSymbolicLinkObject
1150 ZwQueryDirectoryFile
1151 ZwUnloadDriver
1152
1153 2. 1999-03-15
1154 Added:
1155 FILE_COMPRESSION_INFORMATION
1156 FILE_STREAM_INFORMATION
1157 FILE_LINK_INFORMATION
1158 FILE_RENAME_INFORMATION
1159 EXTENDED_IO_STACK_LOCATION
1160 IoQueryFileInformation
1161 IoQueryFileVolumeInformation
1162 ZwQueryVolumeInformationFile
1163 Moved include of ntddk.h to inside extern "C" block.
1164
1165 1. 1999-03-11
1166 Initial release.
1167 */
1168
1169 #ifndef _NTIFS_
1170 #define _NTIFS_
1171 #define _GNU_NTIFS_
1172
1173 #ifdef __cplusplus
1174 extern "C" {
1175 #endif
1176
1177 #include <ntddk.h>
1178 #include <ntverp.h>
1179
1180 // Available in Windows NT 3.1 and later versions.
1181 // Documented in the WDK.
1182 extern PEPROCESS PsInitialSystemProcess;
1183
1184 // Available in Windows NT 3.5 and later versions.
1185 typedef struct _HAL_PRIVATE_DISPATCH *PHAL_PRIVATE_DISPATCH;
1186 extern PHAL_PRIVATE_DISPATCH HalPrivateDispatchTable;
1187
1188 // Available in Windows NT 3.5 and later versions.
1189 typedef struct _LOADER_PARAMETER_BLOCK *PLOADER_PARAMETER_BLOCK;
1190 extern PLOADER_PARAMETER_BLOCK KeLoaderBlock;
1191
1192 // Available in Windows NT 3.5 and later versions.
1193 typedef struct _SERVICE_DESCRIPTOR_TABLE *PSERVICE_DESCRIPTOR_TABLE;
1194 extern PSERVICE_DESCRIPTOR_TABLE KeServiceDescriptorTable;
1195
1196 // Available in Windows NT 3.5 and later versions.
1197 extern PSHORT NtBuildNumber;
1198 extern PULONG KeI386MachineType;
1199
1200 // Available in Windows NT 4.0 and later versions.
1201 extern ULONG KiBugCheckData[5];
1202
1203 // Available in Windows 2000 and later versions.
1204 extern PULONG InitSafeBootMode;
1205
1206 // Available from Windows 2000 untill Windows Server 2003.
1207 extern PULONG KiEnableTimerWatchdog;
1208
1209 // Available in Windows NT 3.5 and later versions.
1210 //
1211 // Set by the kernel debugger on the target system to the address of the
1212 // serial port used to communicate with the host.
1213 //
1214 extern PUCHAR *KdComPortInUse;
1215
1216 // Available in Windows 2000 and later versions.
1217 extern PULONG KdEnteredDebugger;
1218
1219 // Available in Windows Vista and later versions.
1220 // Documented in the WDK.
1221 extern PVOID MmBadPointer;
1222
1223 // Available in Windows NT 3.5 and later versions.
1224 // Documented in the WDK.
1225 extern PUCHAR *FsRtlLegalAnsiCharacterArray;
1226
1227 // Available in Windows NT 3.5 and later versions.
1228 extern PUSHORT *NlsLeadByteInfo;
1229 extern PUSHORT *NlsOemLeadByteInfo;
1230 extern PBOOLEAN NlsMbCodePageTag;
1231 extern PBOOLEAN NlsMbOemCodePageTag;
1232
1233 // Available in Windows NT 4.0 and later versions.
1234 extern PUSHORT NlsAnsiCodePage;
1235
1236 // Available in Windows 2000 and later versions.
1237 extern PUSHORT NlsOemCodePage;
1238
1239 // Available in Windows NT 3.5 and later versions.
1240 // SeExports is documented in the WDK.
1241 typedef struct _SE_EXPORTS *PSE_EXPORTS;
1242 extern PSE_EXPORTS SeExports;
1243 extern PACL SePublicDefaultDacl;
1244 extern PACL SeSystemDefaultDacl;
1245
1246 // Available in Windows NT 3.5 and later versions.
1247 // Documented in the WDK.
1248 extern KSPIN_LOCK IoStatisticsLock;
1249 extern ULONG IoReadOperationCount;
1250 extern ULONG IoWriteOperationCount;
1251 extern LARGE_INTEGER IoReadTransferCount;
1252 extern LARGE_INTEGER IoWriteTransferCount;
1253
1254 // Available from Windows NT 3.5 untill Windows XP.
1255 extern ULONG KeDcacheFlushCount;
1256 extern ULONG KeIcacheFlushCount;
1257
1258 // Available in Windows NT 4.0 and later versions.
1259 // Documented in the WDK.
1260 extern ULONG CcFastMdlReadWait;
1261 // Available from Windows NT 4.0 untill Windows Server 2003.
1262 extern ULONG CcFastReadNotPossible;
1263 extern ULONG CcFastReadWait;
1264
1265 // The ExEventObjectType, ExSemaphoreObjectType and IoFileObjectType is
1266 // documented in the DDK and the WDK.
1267 //
1268 // The CmKeyObjectType, SeTokenObjectType, PsProcessType, PsThreadType,
1269 // TmEnlistmentObjectType, TmResourceManagerObjectType,
1270 // TmTransactionManagerObjectType and TmTransactionObjectType
1271 // is documented in the WDK.
1272 //
1273 // Available in Windows NT 3.5 and later versions.
1274 extern POBJECT_TYPE *IoAdapterObjectType;
1275 extern POBJECT_TYPE *IoDeviceObjectType;
1276 extern POBJECT_TYPE *IoDriverObjectType;
1277 extern POBJECT_TYPE *MmSectionObjectType;
1278 extern POBJECT_TYPE *PsProcessType;
1279 extern POBJECT_TYPE *PsThreadType;
1280 // Available in Windows NT 4.0 and later versions.
1281 extern POBJECT_TYPE *ExDesktopObjectType;
1282 extern POBJECT_TYPE *ExWindowStationObjectType;
1283 extern POBJECT_TYPE *IoDeviceHandlerObjectType;
1284 // Available in Windows 2000 and later versions.
1285 extern POBJECT_TYPE *LpcPortObjectType;
1286 extern POBJECT_TYPE *PsJobType;
1287 // Available in Windows XP and later versions.
1288 extern POBJECT_TYPE *SeTokenObjectType;
1289 // Available in Windows Vista and later versions.
1290 extern POBJECT_TYPE *TmEnlistmentObjectType;
1291 extern POBJECT_TYPE *TmResourceManagerObjectType;
1292 extern POBJECT_TYPE *TmTransactionManagerObjectType;
1293 extern POBJECT_TYPE *TmTransactionObjectType;
1294 // Available in Windows 7 and later versions.
1295 extern POBJECT_TYPE *CmKeyObjectType;
1296
1297 // Available in Windows NT 4.0 and later versions.
1298 extern PULONG IoDeviceHandlerObjectSize;
1299
1300 // Available in Windows Vista and later versions.
1301 extern PVOID POGOBuffer;
1302 extern PVOID psMUITest;
1303 extern PVOID PsUILanguageComitted;
1304
1305 #define ACCESS_ALLOWED_ACE_TYPE (0x0)
1306 #define ACCESS_DENIED_ACE_TYPE (0x1)
1307 #define SYSTEM_AUDIT_ACE_TYPE (0x2)
1308 #define SYSTEM_ALARM_ACE_TYPE (0x3)
1309
1310 #define ANSI_DOS_STAR ('<')
1311 #define ANSI_DOS_QM ('>')
1312 #define ANSI_DOS_DOT ('"')
1313
1314 #define DOS_STAR (L'<')
1315 #define DOS_QM (L'>')
1316 #define DOS_DOT (L'"')
1317
1318 #define COMPRESSION_FORMAT_NONE (0x0000)
1319 #define COMPRESSION_FORMAT_DEFAULT (0x0001)
1320 #define COMPRESSION_FORMAT_LZNT1 (0x0002)
1321 #define COMPRESSION_ENGINE_STANDARD (0x0000)
1322 #define COMPRESSION_ENGINE_MAXIMUM (0x0100)
1323 #define COMPRESSION_ENGINE_HIBER (0x0200)
1324
1325 #define FILE_ACTION_ADDED 0x00000001
1326 #define FILE_ACTION_REMOVED 0x00000002
1327 #define FILE_ACTION_MODIFIED 0x00000003
1328 #define FILE_ACTION_RENAMED_OLD_NAME 0x00000004
1329 #define FILE_ACTION_RENAMED_NEW_NAME 0x00000005
1330 #define FILE_ACTION_ADDED_STREAM 0x00000006
1331 #define FILE_ACTION_REMOVED_STREAM 0x00000007
1332 #define FILE_ACTION_MODIFIED_STREAM 0x00000008
1333 #define FILE_ACTION_REMOVED_BY_DELETE 0x00000009
1334 #define FILE_ACTION_ID_NOT_TUNNELLED 0x0000000A
1335 #define FILE_ACTION_TUNNELLED_ID_COLLISION 0x0000000B
1336
1337 #define FILE_EA_TYPE_BINARY 0xfffe
1338 #define FILE_EA_TYPE_ASCII 0xfffd
1339 #define FILE_EA_TYPE_BITMAP 0xfffb
1340 #define FILE_EA_TYPE_METAFILE 0xfffa
1341 #define FILE_EA_TYPE_ICON 0xfff9
1342 #define FILE_EA_TYPE_EA 0xffee
1343 #define FILE_EA_TYPE_MVMT 0xffdf
1344 #define FILE_EA_TYPE_MVST 0xffde
1345 #define FILE_EA_TYPE_ASN1 0xffdd
1346 #define FILE_EA_TYPE_FAMILY_IDS 0xff01
1347
1348 #define FILE_NEED_EA 0x00000080
1349
1350 #define FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001
1351 #define FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002
1352 #define FILE_NOTIFY_CHANGE_NAME 0x00000003
1353 #define FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004
1354 #define FILE_NOTIFY_CHANGE_SIZE 0x00000008
1355 #define FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010
1356 #define FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020
1357 #define FILE_NOTIFY_CHANGE_CREATION 0x00000040
1358 #define FILE_NOTIFY_CHANGE_EA 0x00000080
1359 #define FILE_NOTIFY_CHANGE_SECURITY 0x00000100
1360 #define FILE_NOTIFY_CHANGE_STREAM_NAME 0x00000200
1361 #define FILE_NOTIFY_CHANGE_STREAM_SIZE 0x00000400
1362 #define FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800
1363 #define FILE_NOTIFY_VALID_MASK 0x00000fff
1364
1365 #define FILE_OPLOCK_BROKEN_TO_LEVEL_2 0x00000007
1366 #define FILE_OPLOCK_BROKEN_TO_NONE 0x00000008
1367
1368 #define FILE_OPBATCH_BREAK_UNDERWAY 0x00000009
1369
1370 #define FILE_CASE_SENSITIVE_SEARCH 0x00000001
1371 #define FILE_CASE_PRESERVED_NAMES 0x00000002
1372 #define FILE_UNICODE_ON_DISK 0x00000004
1373 #define FILE_PERSISTENT_ACLS 0x00000008
1374 #define FILE_FILE_COMPRESSION 0x00000010
1375 #define FILE_VOLUME_QUOTAS 0x00000020
1376 #define FILE_SUPPORTS_SPARSE_FILES 0x00000040
1377 #define FILE_SUPPORTS_REPARSE_POINTS 0x00000080
1378 #define FILE_SUPPORTS_REMOTE_STORAGE 0x00000100
1379 #define FS_LFN_APIS 0x00004000
1380 #define FILE_VOLUME_IS_COMPRESSED 0x00008000
1381 #define FILE_SUPPORTS_OBJECT_IDS 0x00010000
1382 #define FILE_SUPPORTS_ENCRYPTION 0x00020000
1383 #define FILE_NAMED_STREAMS 0x00040000
1384 #define FILE_READ_ONLY_VOLUME 0x00080000
1385
1386 #define FILE_PIPE_BYTE_STREAM_TYPE 0x00000000
1387 #define FILE_PIPE_MESSAGE_TYPE 0x00000001
1388
1389 #define FILE_PIPE_BYTE_STREAM_MODE 0x00000000
1390 #define FILE_PIPE_MESSAGE_MODE 0x00000001
1391
1392 #define FILE_PIPE_QUEUE_OPERATION 0x00000000
1393 #define FILE_PIPE_COMPLETE_OPERATION 0x00000001
1394
1395 #define FILE_PIPE_INBOUND 0x00000000
1396 #define FILE_PIPE_OUTBOUND 0x00000001
1397 #define FILE_PIPE_FULL_DUPLEX 0x00000002
1398
1399 #define FILE_PIPE_DISCONNECTED_STATE 0x00000001
1400 #define FILE_PIPE_LISTENING_STATE 0x00000002
1401 #define FILE_PIPE_CONNECTED_STATE 0x00000003
1402 #define FILE_PIPE_CLOSING_STATE 0x00000004
1403
1404 #define FILE_PIPE_CLIENT_END 0x00000000
1405 #define FILE_PIPE_SERVER_END 0x00000001
1406
1407 #define FILE_PIPE_READ_DATA 0x00000000
1408 #define FILE_PIPE_WRITE_SPACE 0x00000001
1409
1410 #define FILE_STORAGE_TYPE_SPECIFIED 0x00000041 // FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE
1411 #define FILE_STORAGE_TYPE_DEFAULT (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT)
1412 #define FILE_STORAGE_TYPE_DIRECTORY (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT)
1413 #define FILE_STORAGE_TYPE_FILE (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT)
1414 #define FILE_STORAGE_TYPE_DOCFILE (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT)
1415 #define FILE_STORAGE_TYPE_JUNCTION_POINT (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT)
1416 #define FILE_STORAGE_TYPE_CATALOG (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT)
1417 #define FILE_STORAGE_TYPE_STRUCTURED_STORAGE (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT)
1418 #define FILE_STORAGE_TYPE_EMBEDDING (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT)
1419 #define FILE_STORAGE_TYPE_STREAM (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT)
1420 #define FILE_MINIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_DEFAULT
1421 #define FILE_MAXIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_STREAM
1422 #define FILE_STORAGE_TYPE_MASK 0x000f0000
1423 #define FILE_STORAGE_TYPE_SHIFT 16
1424
1425 #define FILE_VC_QUOTA_NONE 0x00000000
1426 #define FILE_VC_QUOTA_TRACK 0x00000001
1427 #define FILE_VC_QUOTA_ENFORCE 0x00000002
1428 #define FILE_VC_QUOTA_MASK 0x00000003
1429
1430 #define FILE_VC_QUOTAS_LOG_VIOLATIONS 0x00000004
1431 #define FILE_VC_CONTENT_INDEX_DISABLED 0x00000008
1432
1433 #define FILE_VC_LOG_QUOTA_THRESHOLD 0x00000010
1434 #define FILE_VC_LOG_QUOTA_LIMIT 0x00000020
1435 #define FILE_VC_LOG_VOLUME_THRESHOLD 0x00000040
1436 #define FILE_VC_LOG_VOLUME_LIMIT 0x00000080
1437
1438 #define FILE_VC_QUOTAS_INCOMPLETE 0x00000100
1439 #define FILE_VC_QUOTAS_REBUILDING 0x00000200
1440
1441 #define FILE_VC_VALID_MASK 0x000003ff
1442
1443 #define FSRTL_FCB_HEADER_V0 (0x00)
1444 #define FSRTL_FCB_HEADER_V1 (0x01)
1445
1446 #define FSRTL_FLAG_FILE_MODIFIED (0x01)
1447 #define FSRTL_FLAG_FILE_LENGTH_CHANGED (0x02)
1448 #define FSRTL_FLAG_LIMIT_MODIFIED_PAGES (0x04)
1449 #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_EX (0x08)
1450 #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_SH (0x10)
1451 #define FSRTL_FLAG_USER_MAPPED_FILE (0x20)
1452 #define FSRTL_FLAG_ADVANCED_HEADER (0x40)
1453 #define FSRTL_FLAG_EOF_ADVANCE_ACTIVE (0x80)
1454
1455 #define FSRTL_FLAG2_DO_MODIFIED_WRITE (0x01)
1456 #define FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS (0x02)
1457 #define FSRTL_FLAG2_PURGE_WHEN_MAPPED (0x04)
1458 #define FSRTL_FLAG2_IS_PAGING_FILE (0x08)
1459
1460 #define FSRTL_FSP_TOP_LEVEL_IRP (0x01)
1461 #define FSRTL_CACHE_TOP_LEVEL_IRP (0x02)
1462 #define FSRTL_MOD_WRITE_TOP_LEVEL_IRP (0x03)
1463 #define FSRTL_FAST_IO_TOP_LEVEL_IRP (0x04)
1464 #define FSRTL_MAX_TOP_LEVEL_IRP_FLAG (0x04)
1465
1466 #define FSRTL_VOLUME_DISMOUNT 1
1467 #define FSRTL_VOLUME_DISMOUNT_FAILED 2
1468 #define FSRTL_VOLUME_LOCK 3
1469 #define FSRTL_VOLUME_LOCK_FAILED 4
1470 #define FSRTL_VOLUME_UNLOCK 5
1471 #define FSRTL_VOLUME_MOUNT 6
1472
1473 #define FSRTL_WILD_CHARACTER 0x08
1474
1475 #ifdef _X86_
1476 #define HARDWARE_PTE HARDWARE_PTE_X86
1477 #define PHARDWARE_PTE PHARDWARE_PTE_X86
1478 #else
1479 #define HARDWARE_PTE ULONG
1480 #define PHARDWARE_PTE PULONG
1481 #endif
1482
1483 #define IO_CHECK_CREATE_PARAMETERS 0x0200
1484 #define IO_ATTACH_DEVICE 0x0400
1485
1486 #define IO_ATTACH_DEVICE_API 0x80000000
1487
1488 #define IO_COMPLETION_QUERY_STATE 0x0001
1489 #define IO_COMPLETION_MODIFY_STATE 0x0002
1490 #define IO_COMPLETION_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|0x3)
1491
1492 #define IO_FILE_OBJECT_NON_PAGED_POOL_CHARGE 64
1493 #define IO_FILE_OBJECT_PAGED_POOL_CHARGE 1024
1494
1495 #define IO_REPARSE_TAG_RESERVED_ZERO (0)
1496 #define IO_REPARSE_TAG_RESERVED_ONE (1)
1497
1498 #define IO_TYPE_APC 18
1499 #define IO_TYPE_DPC 19
1500 #define IO_TYPE_DEVICE_QUEUE 20
1501 #define IO_TYPE_EVENT_PAIR 21
1502 #define IO_TYPE_INTERRUPT 22
1503 #define IO_TYPE_PROFILE 23
1504
1505 #define IRP_BEING_VERIFIED 0x10
1506
1507 #define MAILSLOT_CLASS_FIRSTCLASS 1
1508 #define MAILSLOT_CLASS_SECONDCLASS 2
1509
1510 #define MAILSLOT_SIZE_AUTO 0
1511
1512 #define MAP_PROCESS 1L
1513 #define MAP_SYSTEM 2L
1514
1515 #define MEM_DOS_LIM 0x40000000
1516 #define MEM_IMAGE SEC_IMAGE
1517
1518 #define OB_FLAG_CREATE_INFO 0x01 /* Object header has OBJECT_CREATE_INFO */
1519 #define OB_FLAG_KERNEL_MODE 0x02 /* Created by kernel */
1520 #define OB_FLAG_CREATOR_INFO 0x04 /* Object header has OBJECT_CREATOR_INFO */
1521 #define OB_FLAG_EXCLUSIVE 0x08 /* OBJ_EXCLUSIVE */
1522 #define OB_FLAG_PERMAMENT 0x10 /* OBJ_PERMAMENT */
1523 #define OB_FLAG_SECURITY 0x20 /* Object header has SecurityDescriptor != NULL */
1524 #define OB_FLAG_SINGLE_PROCESS 0x40 /* absent HandleDBList */
1525
1526 #define OB_SECURITY_CHARGE 0x00000800
1527
1528 #define OB_TYPE_TYPE 1
1529 #define OB_TYPE_DIRECTORY 2
1530 #define OB_TYPE_SYMBOLIC_LINK 3
1531 #define OB_TYPE_TOKEN 4
1532 #define OB_TYPE_PROCESS 5
1533 #define OB_TYPE_THREAD 6
1534 #define OB_TYPE_EVENT 7
1535 #define OB_TYPE_EVENT_PAIR 8
1536 #define OB_TYPE_MUTANT 9
1537 #define OB_TYPE_SEMAPHORE 10
1538 #define OB_TYPE_TIMER 11
1539 #define OB_TYPE_PROFILE 12
1540 #define OB_TYPE_WINDOW_STATION 13
1541 #define OB_TYPE_DESKTOP 14
1542 #define OB_TYPE_SECTION 15
1543 #define OB_TYPE_KEY 16
1544 #define OB_TYPE_PORT 17
1545 #define OB_TYPE_ADAPTER 18
1546 #define OB_TYPE_CONTROLLER 19
1547 #define OB_TYPE_DEVICE 20
1548 #define OB_TYPE_DRIVER 21
1549 #define OB_TYPE_IO_COMPLETION 22
1550 #define OB_TYPE_FILE 23
1551
1552 #define PIN_WAIT (1)
1553 #define PIN_EXCLUSIVE (2)
1554 #define PIN_NO_READ (4)
1555 #define PIN_IF_BCB (8)
1556
1557 #define MAP_WAIT (1)
1558 #define MAP_NO_READ (16)
1559
1560 #define PORT_CONNECT 0x0001
1561 #define PORT_ALL_ACCESS (STANDARD_RIGHTS_ALL |\
1562 PORT_CONNECT)
1563
1564 #define SEC_BASED 0x00200000
1565 #define SEC_NO_CHANGE 0x00400000
1566 #define SEC_FILE 0x00800000
1567 #define SEC_IMAGE 0x01000000
1568 #define SEC_COMMIT 0x08000000
1569 #define SEC_NOCACHE 0x10000000
1570
1571 #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
1572 #define SECURITY_WORLD_RID (0x00000000L)
1573
1574 #define SID_REVISION 1
1575
1576 #define THREAD_STATE_INITIALIZED 0
1577 #define THREAD_STATE_READY 1
1578 #define THREAD_STATE_RUNNING 2
1579 #define THREAD_STATE_STANDBY 3
1580 #define THREAD_STATE_TERMINATED 4
1581 #define THREAD_STATE_WAIT 5
1582 #define THREAD_STATE_TRANSITION 6
1583 #define THREAD_STATE_UNKNOWN 7
1584
1585 #define TOKEN_ASSIGN_PRIMARY (0x0001)
1586 #define TOKEN_DUPLICATE (0x0002)
1587 #define TOKEN_IMPERSONATE (0x0004)
1588 #define TOKEN_QUERY (0x0008)
1589 #define TOKEN_QUERY_SOURCE (0x0010)
1590 #define TOKEN_ADJUST_PRIVILEGES (0x0020)
1591 #define TOKEN_ADJUST_GROUPS (0x0040)
1592 #define TOKEN_ADJUST_DEFAULT (0x0080)
1593
1594 #define TOKEN_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED |\
1595 TOKEN_ASSIGN_PRIMARY |\
1596 TOKEN_DUPLICATE |\
1597 TOKEN_IMPERSONATE |\
1598 TOKEN_QUERY |\
1599 TOKEN_QUERY_SOURCE |\
1600 TOKEN_ADJUST_PRIVILEGES |\
1601 TOKEN_ADJUST_GROUPS |\
1602 TOKEN_ADJUST_DEFAULT)
1603
1604 #define TOKEN_READ (STANDARD_RIGHTS_READ |\
1605 TOKEN_QUERY)
1606
1607 #define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\
1608 TOKEN_ADJUST_PRIVILEGES |\
1609 TOKEN_ADJUST_GROUPS |\
1610 TOKEN_ADJUST_DEFAULT)
1611
1612 #define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE)
1613
1614 #define TOKEN_SOURCE_LENGTH 8
1615
1616 #define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x01
1617 #define TOKEN_HAS_BACKUP_PRIVILEGE 0x02
1618 #define TOKEN_HAS_RESTORE_PRIVILEGE 0x04
1619 #define TOKEN_HAS_ADMIN_GROUP 0x08
1620 #define TOKEN_IS_RESTRICTED 0x10
1621 #define TOKEN_SESSION_NOT_REFERENCED 0x20
1622 #define TOKEN_SANDBOX_INERT 0x40
1623 #define TOKEN_HAS_IMPERSONATE_PRIVILEGE 0x80
1624
1625 #define VACB_MAPPING_GRANULARITY (0x40000)
1626 #define VACB_OFFSET_SHIFT (18)
1627
1628 #define FSCTL_REQUEST_OPLOCK_LEVEL_1 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
1629 #define FSCTL_REQUEST_OPLOCK_LEVEL_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
1630 #define FSCTL_REQUEST_BATCH_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
1631 #define FSCTL_OPLOCK_BREAK_ACKNOWLEDGE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 3, METHOD_BUFFERED, FILE_ANY_ACCESS)
1632 #define FSCTL_OPBATCH_ACK_CLOSE_PENDING CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
1633 #define FSCTL_OPLOCK_BREAK_NOTIFY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 5, METHOD_BUFFERED, FILE_ANY_ACCESS)
1634 #define FSCTL_LOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
1635 #define FSCTL_UNLOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
1636 #define FSCTL_DISMOUNT_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
1637
1638 #define FSCTL_IS_VOLUME_MOUNTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 10, METHOD_BUFFERED, FILE_ANY_ACCESS)
1639 #define FSCTL_IS_PATHNAME_VALID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 11, METHOD_BUFFERED, FILE_ANY_ACCESS)
1640 #define FSCTL_MARK_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 12, METHOD_BUFFERED, FILE_ANY_ACCESS)
1641
1642 #define FSCTL_QUERY_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 14, METHOD_NEITHER, FILE_ANY_ACCESS)
1643 #define FSCTL_GET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 15, METHOD_BUFFERED, FILE_ANY_ACCESS)
1644 #define FSCTL_SET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 16, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
1645
1646
1647 #define FSCTL_MARK_AS_SYSTEM_HIVE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 19, METHOD_NEITHER, FILE_ANY_ACCESS)
1648 #define FSCTL_OPLOCK_BREAK_ACK_NO_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 20, METHOD_BUFFERED, FILE_ANY_ACCESS)
1649 #define FSCTL_INVALIDATE_VOLUMES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 21, METHOD_BUFFERED, FILE_ANY_ACCESS)
1650 #define FSCTL_QUERY_FAT_BPB CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 22, METHOD_BUFFERED, FILE_ANY_ACCESS)
1651 #define FSCTL_REQUEST_FILTER_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 23, METHOD_BUFFERED, FILE_ANY_ACCESS)
1652 #define FSCTL_FILESYSTEM_GET_STATISTICS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 24, METHOD_BUFFERED, FILE_ANY_ACCESS)
1653
1654 #if (VER_PRODUCTBUILD >= 1381)
1655
1656 #define FSCTL_GET_NTFS_VOLUME_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 25, METHOD_BUFFERED, FILE_ANY_ACCESS)
1657 #define FSCTL_GET_NTFS_FILE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 26, METHOD_BUFFERED, FILE_ANY_ACCESS)
1658 #define FSCTL_GET_VOLUME_BITMAP CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 27, METHOD_NEITHER, FILE_ANY_ACCESS)
1659 #define FSCTL_GET_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 28, METHOD_NEITHER, FILE_ANY_ACCESS)
1660 #define FSCTL_MOVE_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 29, METHOD_BUFFERED, FILE_ANY_ACCESS)
1661 #define FSCTL_IS_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 30, METHOD_BUFFERED, FILE_ANY_ACCESS)
1662 #define FSCTL_GET_HFS_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS)
1663 #define FSCTL_ALLOW_EXTENDED_DASD_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 32, METHOD_NEITHER, FILE_ANY_ACCESS)
1664
1665 #endif // (VER_PRODUCTBUILD >= 1381)
1666
1667 #if (VER_PRODUCTBUILD >= 2195)
1668
1669 #define FSCTL_READ_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS)
1670 #define FSCTL_WRITE_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS)
1671 #define FSCTL_FIND_FILES_BY_SID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 35, METHOD_NEITHER, FILE_ANY_ACCESS)
1672
1673 #define FSCTL_DUMP_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS)
1674 #define FSCTL_SET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 38, METHOD_BUFFERED, FILE_WRITE_DATA)
1675 #define FSCTL_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 39, METHOD_BUFFERED, FILE_ANY_ACCESS)
1676 #define FSCTL_DELETE_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 40, METHOD_BUFFERED, FILE_WRITE_DATA)
1677 #define FSCTL_SET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 41, METHOD_BUFFERED, FILE_WRITE_DATA)
1678 #define FSCTL_GET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 42, METHOD_BUFFERED, FILE_ANY_ACCESS)
1679 #define FSCTL_DELETE_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 43, METHOD_BUFFERED, FILE_WRITE_DATA)
1680 #define FSCTL_ENUM_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 44, METHOD_NEITHER, FILE_READ_DATA)
1681 #define FSCTL_SECURITY_ID_CHECK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 45, METHOD_NEITHER, FILE_READ_DATA)
1682 #define FSCTL_READ_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 46, METHOD_NEITHER, FILE_READ_DATA)
1683 #define FSCTL_SET_OBJECT_ID_EXTENDED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 47, METHOD_BUFFERED, FILE_WRITE_DATA)
1684 #define FSCTL_CREATE_OR_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 48, METHOD_BUFFERED, FILE_ANY_ACCESS)
1685 #define FSCTL_SET_SPARSE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 49, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
1686 #define FSCTL_SET_ZERO_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 50, METHOD_BUFFERED, FILE_WRITE_DATA)
1687 #define FSCTL_QUERY_ALLOCATED_RANGES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 51, METHOD_NEITHER, FILE_READ_DATA)
1688 #define FSCTL_ENABLE_UPGRADE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 52, METHOD_BUFFERED, FILE_WRITE_DATA)
1689 #define FSCTL_SET_ENCRYPTION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 53, METHOD_BUFFERED, FILE_ANY_ACCESS)
1690 #define FSCTL_ENCRYPTION_FSCTL_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 54, METHOD_NEITHER, FILE_ANY_ACCESS)
1691 #define FSCTL_WRITE_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 55, METHOD_NEITHER, FILE_ANY_ACCESS)
1692 #define FSCTL_READ_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 56, METHOD_NEITHER, FILE_ANY_ACCESS)
1693 #define FSCTL_CREATE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 57, METHOD_NEITHER, FILE_READ_DATA)
1694 #define FSCTL_READ_FILE_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 58, METHOD_NEITHER, FILE_READ_DATA)
1695 #define FSCTL_WRITE_USN_CLOSE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 59, METHOD_NEITHER, FILE_READ_DATA)
1696 #define FSCTL_EXTEND_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 60, METHOD_BUFFERED, FILE_ANY_ACCESS)
1697 #define FSCTL_QUERY_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 61, METHOD_BUFFERED, FILE_ANY_ACCESS)
1698 #define FSCTL_DELETE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 62, METHOD_BUFFERED, FILE_ANY_ACCESS)
1699 #define FSCTL_MARK_HANDLE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 63, METHOD_BUFFERED, FILE_ANY_ACCESS)
1700 #define FSCTL_SIS_COPYFILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 64, METHOD_BUFFERED, FILE_ANY_ACCESS)
1701 #define FSCTL_SIS_LINK_FILES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 65, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
1702 #define FSCTL_HSM_MSG CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
1703 #define FSCTL_NSS_CONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 67, METHOD_BUFFERED, FILE_WRITE_DATA)
1704 #define FSCTL_HSM_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
1705 #define FSCTL_RECALL_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 69, METHOD_NEITHER, FILE_ANY_ACCESS)
1706 #define FSCTL_NSS_RCONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 70, METHOD_BUFFERED, FILE_READ_DATA)
1707 #define FSCTL_READ_FROM_PLEX CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 71, METHOD_OUT_DIRECT, FILE_READ_DATA)
1708 #define FSCTL_FILE_PREFETCH CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 72, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
1709
1710 #endif // (VER_PRODUCTBUILD >= 2195)
1711
1712 #define FSCTL_MAILSLOT_PEEK CTL_CODE(FILE_DEVICE_MAILSLOT, 0, METHOD_NEITHER, FILE_READ_DATA)
1713
1714 #define FSCTL_NETWORK_SET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
1715 #define FSCTL_NETWORK_GET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
1716 #define FSCTL_NETWORK_GET_CONNECTION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS)
1717 #define FSCTL_NETWORK_ENUMERATE_CONNECTIONS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS)
1718 #define FSCTL_NETWORK_DELETE_CONNECTION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS)
1719 #define FSCTL_NETWORK_GET_STATISTICS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 116, METHOD_BUFFERED, FILE_ANY_ACCESS)
1720 #define FSCTL_NETWORK_SET_DOMAIN_NAME CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS)
1721 #define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS)
1722
1723 #define FSCTL_PIPE_ASSIGN_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
1724 #define FSCTL_PIPE_DISCONNECT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
1725 #define FSCTL_PIPE_LISTEN CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
1726 #define FSCTL_PIPE_PEEK CTL_CODE(FILE_DEVICE_NAMED_PIPE, 3, METHOD_BUFFERED, FILE_READ_DATA)
1727 #define FSCTL_PIPE_QUERY_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
1728 #define FSCTL_PIPE_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 5, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
1729 #define FSCTL_PIPE_WAIT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
1730 #define FSCTL_PIPE_IMPERSONATE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
1731 #define FSCTL_PIPE_SET_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
1732 #define FSCTL_PIPE_QUERY_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 9, METHOD_BUFFERED, FILE_ANY_ACCESS)
1733 #define FSCTL_PIPE_INTERNAL_READ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2045, METHOD_BUFFERED, FILE_READ_DATA)
1734 #define FSCTL_PIPE_INTERNAL_WRITE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2046, METHOD_BUFFERED, FILE_WRITE_DATA)
1735 #define FSCTL_PIPE_INTERNAL_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2047, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
1736 #define FSCTL_PIPE_INTERNAL_READ_OVFLOW CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2048, METHOD_BUFFERED, FILE_READ_DATA)
1737
1738 #define IOCTL_REDIR_QUERY_PATH CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS)
1739
1740 typedef PVOID PEJOB;
1741 typedef PVOID PNOTIFY_SYNC;
1742 typedef PVOID OPLOCK, *POPLOCK;
1743 typedef PVOID PWOW64_PROCESS;
1744
1745 typedef ULONG LBN;
1746 typedef LBN *PLBN;
1747
1748 typedef ULONG VBN;
1749 typedef VBN *PVBN;
1750
1751 typedef struct _CACHE_MANAGER_CALLBACKS *PCACHE_MANAGER_CALLBACKS;
1752 typedef struct _EPROCESS_QUOTA_BLOCK *PEPROCESS_QUOTA_BLOCK;
1753 typedef struct _FILE_GET_QUOTA_INFORMATION *PFILE_GET_QUOTA_INFORMATION;
1754 typedef struct _HANDLE_TABLE *PHANDLE_TABLE;
1755 typedef struct _KEVENT_PAIR *PKEVENT_PAIR;
1756 typedef struct _KPROCESS *PKPROCESS;
1757 typedef struct _KQUEUE *PKQUEUE;
1758 typedef struct _KTRAP_FRAME *PKTRAP_FRAME;
1759 typedef struct _LPC_MESSAGE *PLPC_MESSAGE;
1760 typedef struct _MAILSLOT_CREATE_PARAMETERS *PMAILSLOT_CREATE_PARAMETERS;
1761 typedef struct _MMWSL *PMMWSL;
1762 typedef struct _NAMED_PIPE_CREATE_PARAMETERS *PNAMED_PIPE_CREATE_PARAMETERS;
1763 typedef struct _OBJECT_DIRECTORY *POBJECT_DIRECTORY;
1764 typedef struct _PAGEFAULT_HISTORY *PPAGEFAULT_HISTORY;
1765 typedef struct _PEB *PPEB;
1766 typedef struct _PS_IMPERSONATION_INFORMATION *PPS_IMPERSONATION_INFORMATION;
1767 typedef struct _SECTION_OBJECT *PSECTION_OBJECT;
1768 typedef struct _SERVICE_DESCRIPTOR_TABLE *PSERVICE_DESCRIPTOR_TABLE;
1769 typedef struct _SHARED_CACHE_MAP *PSHARED_CACHE_MAP;
1770 typedef struct _TERMINATION_PORT *PTERMINATION_PORT;
1771 typedef struct _VACB *PVACB;
1772 typedef struct _VAD_HEADER *PVAD_HEADER;
1773
1774 #if (VER_PRODUCTBUILD < 2195)
1775 typedef ULONG SIZE_T, *PSIZE_T;
1776 #endif
1777
1778 typedef enum _FAST_IO_POSSIBLE {
1779 FastIoIsNotPossible,
1780 FastIoIsPossible,
1781 FastIoIsQuestionable
1782 } FAST_IO_POSSIBLE;
1783
1784 typedef enum _FILE_STORAGE_TYPE {
1785 StorageTypeDefault = 1,
1786 StorageTypeDirectory,
1787 StorageTypeFile,
1788 StorageTypeJunctionPoint,
1789 StorageTypeCatalog,
1790 StorageTypeStructuredStorage,
1791 StorageTypeEmbedding,
1792 StorageTypeStream
1793 } FILE_STORAGE_TYPE;
1794
1795 typedef enum _IO_COMPLETION_INFORMATION_CLASS {
1796 IoCompletionBasicInformation
1797 } IO_COMPLETION_INFORMATION_CLASS;
1798
1799 #if (VER_PRODUCTBUILD == 2195)
1800
1801 typedef enum _KSPIN_LOCK_QUEUE_NUMBER {
1802 LockQueueDispatcherLock,
1803 LockQueueContextSwapLock,
1804 LockQueuePfnLock,
1805 LockQueueSystemSpaceLock,
1806 LockQueueVacbLock,
1807 LockQueueMasterLock,
1808 LockQueueNonPagedPoolLock,
1809 LockQueueIoCancelLock,
1810 LockQueueWorkQueueLock,
1811 LockQueueIoVpbLock,
1812 LockQueueIoDatabaseLock,
1813 LockQueueIoCompletionLock,
1814 LockQueueNtfsStructLock,
1815 LockQueueAfdWorkQueueLock,
1816 LockQueueBcbLock,
1817 LockQueueMaximumLock
1818 } KSPIN_LOCK_QUEUE_NUMBER;
1819
1820 #endif // (VER_PRODUCTBUILD == 2195)
1821
1822 typedef enum _LPC_TYPE {
1823 LPC_NEW_MESSAGE,
1824 LPC_REQUEST,
1825 LPC_REPLY,
1826 LPC_DATAGRAM,
1827 LPC_LOST_REPLY,
1828 LPC_PORT_CLOSED,
1829 LPC_CLIENT_DIED,
1830 LPC_EXCEPTION,
1831 LPC_DEBUG_EVENT,
1832 LPC_ERROR_EVENT,
1833 LPC_CONNECTION_REQUEST
1834 } LPC_TYPE;
1835
1836 typedef enum _MMFLUSH_TYPE {
1837 MmFlushForDelete,
1838 MmFlushForWrite
1839 } MMFLUSH_TYPE;
1840
1841 typedef enum _OBJECT_INFO_CLASS {
1842 ObjectBasicInfo,
1843 ObjectNameInfo,
1844 ObjectTypeInfo,
1845 ObjectAllTypesInfo,
1846 ObjectProtectionInfo
1847 } OBJECT_INFO_CLASS;
1848
1849 typedef enum _PORT_INFORMATION_CLASS {
1850 PortNoInformation
1851 } PORT_INFORMATION_CLASS;
1852
1853 typedef enum _SECTION_INFORMATION_CLASS {
1854 SectionBasicInformation,
1855 SectionImageInformation
1856 } SECTION_INFORMATION_CLASS;
1857
1858 typedef enum _SID_NAME_USE {
1859 SidTypeUser = 1,
1860 SidTypeGroup,
1861 SidTypeDomain,
1862 SidTypeAlias,
1863 SidTypeWellKnownGroup,
1864 SidTypeDeletedAccount,
1865 SidTypeInvalid,
1866 SidTypeUnknown
1867 } SID_NAME_USE;
1868
1869 typedef enum _SYSTEM_INFORMATION_CLASS {
1870 SystemBasicInformation,
1871 SystemProcessorInformation,
1872 SystemPerformanceInformation,
1873 SystemTimeOfDayInformation,
1874 SystemNotImplemented1,
1875 SystemProcessesAndThreadsInformation,
1876 SystemCallCounts,
1877 SystemConfigurationInformation,
1878 SystemProcessorTimes,
1879 SystemGlobalFlag,
1880 SystemNotImplemented2,
1881 SystemModuleInformation,
1882 SystemLockInformation,
1883 SystemNotImplemented3,
1884 SystemNotImplemented4,
1885 SystemNotImplemented5,
1886 SystemHandleInformation,
1887 SystemObjectInformation,
1888 SystemPagefileInformation,
1889 SystemInstructionEmulationCounts,
1890 SystemInvalidInfoClass1,
1891 SystemCacheInformation,
1892 SystemPoolTagInformation,
1893 SystemProcessorStatistics,
1894 SystemDpcInformation,
1895 SystemNotImplemented6,
1896 SystemLoadImage,
1897 SystemUnloadImage,
1898 SystemTimeAdjustment,
1899 SystemNotImplemented7,
1900 SystemNotImplemented8,
1901 SystemNotImplemented9,
1902 SystemCrashDumpInformation,
1903 SystemExceptionInformation,
1904 SystemCrashDumpStateInformation,
1905 SystemKernelDebuggerInformation,
1906 SystemContextSwitchInformation,
1907 SystemRegistryQuotaInformation,
1908 SystemLoadAndCallImage,
1909 SystemPrioritySeparation,
1910 SystemNotImplemented10,
1911 SystemNotImplemented11,
1912 SystemInvalidInfoClass2,
1913 SystemInvalidInfoClass3,
1914 SystemTimeZoneInformation,
1915 SystemLookasideInformation,
1916 SystemSetTimeSlipEvent,
1917 SystemCreateSession,
1918 SystemDeleteSession,
1919 SystemInvalidInfoClass4,
1920 SystemRangeStartInformation,
1921 SystemVerifierInformation,
1922 SystemAddVerifier,
1923 SystemSessionProcessesInformation
1924 } SYSTEM_INFORMATION_CLASS;
1925
1926 typedef enum _THREAD_STATE {
1927 StateInitialized,
1928 StateReady,
1929 StateRunning,
1930 StateStandby,
1931 StateTerminated,
1932 StateWait,
1933 StateTransition,
1934 StateUnknown
1935 } THREAD_STATE;
1936
1937 typedef enum _TOKEN_INFORMATION_CLASS {
1938 TokenUser = 1,
1939 TokenGroups,
1940 TokenPrivileges,
1941 TokenOwner,
1942 TokenPrimaryGroup,
1943 TokenDefaultDacl,
1944 TokenSource,
1945 TokenType,
1946 TokenImpersonationLevel,
1947 TokenStatistics,
1948 TokenRestrictedSids
1949 } TOKEN_INFORMATION_CLASS;
1950
1951 typedef enum _TOKEN_TYPE {
1952 TokenPrimary = 1,
1953 TokenImpersonation
1954 } TOKEN_TYPE;
1955
1956 typedef struct _HARDWARE_PTE_X86 {
1957 ULONG Valid : 1;
1958 ULONG Write : 1;
1959 ULONG Owner : 1;
1960 ULONG WriteThrough : 1;
1961 ULONG CacheDisable : 1;
1962 ULONG Accessed : 1;
1963 ULONG Dirty : 1;
1964 ULONG LargePage : 1;
1965 ULONG Global : 1;
1966 ULONG CopyOnWrite : 1;
1967 ULONG Prototype : 1;
1968 ULONG reserved : 1;
1969 ULONG PageFrameNumber : 20;
1970 } HARDWARE_PTE_X86, *PHARDWARE_PTE_X86;
1971
1972 typedef struct _KAPC_STATE {
1973 LIST_ENTRY ApcListHead[2];
1974 PKPROCESS Process;
1975 BOOLEAN KernelApcInProgress;
1976 BOOLEAN KernelApcPending;
1977 BOOLEAN UserApcPending;
1978 } KAPC_STATE, *PKAPC_STATE;
1979
1980 typedef struct _KGDTENTRY {
1981 USHORT LimitLow;
1982 USHORT BaseLow;
1983 union {
1984 struct {
1985 UCHAR BaseMid;
1986 UCHAR Flags1;
1987 UCHAR Flags2;
1988 UCHAR BaseHi;
1989 } Bytes;
1990 struct {
1991 ULONG BaseMid : 8;
1992 ULONG Type : 5;
1993 ULONG Dpl : 2;
1994 ULONG Pres : 1;
1995 ULONG LimitHi : 4;
1996 ULONG Sys : 1;
1997 ULONG Reserved_0 : 1;
1998 ULONG Default_Big : 1;
1999 ULONG Granularity : 1;
2000 ULONG BaseHi : 8;
2001 } Bits;
2002 } HighWord;
2003 } KGDTENTRY, *PKGDTENTRY;
2004
2005 typedef struct _KIDTENTRY {
2006 USHORT Offset;
2007 USHORT Selector;
2008 USHORT Access;
2009 USHORT ExtendedOffset;
2010 } KIDTENTRY, *PKIDTENTRY;
2011
2012 #if (VER_PRODUCTBUILD >= 2600)
2013
2014 typedef struct _KPROCESS {
2015 DISPATCHER_HEADER Header;
2016 LIST_ENTRY ProfileListHead;
2017 ULONG DirectoryTableBase[2];
2018 KGDTENTRY LdtDescriptor;
2019 KIDTENTRY Int21Descriptor;
2020 USHORT IopmOffset;
2021 UCHAR Iopl;
2022 UCHAR Unused;
2023 ULONG ActiveProcessors;
2024 ULONG KernelTime;
2025 ULONG UserTime;
2026 LIST_ENTRY ReadyListHead;
2027 SINGLE_LIST_ENTRY SwapListEntry;
2028 PVOID VdmTrapcHandler;
2029 LIST_ENTRY ThreadListHead;
2030 KSPIN_LOCK ProcessLock;
2031 KAFFINITY Affinity;
2032 USHORT StackCount;
2033 CHAR BasePriority;
2034 CHAR ThreadQuantum;
2035 BOOLEAN AutoAlignment;
2036 UCHAR State;
2037 UCHAR ThreadSeed;
2038 BOOLEAN DisableBoost;
2039 UCHAR PowerState;
2040 BOOLEAN DisableQuantum;
2041 UCHAR IdealNode;
2042 UCHAR Spare;
2043 } KPROCESS, *PKPROCESS;
2044
2045 #else
2046
2047 typedef struct _KPROCESS {
2048 DISPATCHER_HEADER Header;
2049 LIST_ENTRY ProfileListHead;
2050 ULONG DirectoryTableBase[2];
2051 KGDTENTRY LdtDescriptor;
2052 KIDTENTRY Int21Descriptor;
2053 USHORT IopmOffset;
2054 UCHAR Iopl;
2055 UCHAR VdmFlag;
2056 ULONG ActiveProcessors;
2057 ULONG KernelTime;
2058 ULONG UserTime;
2059 LIST_ENTRY ReadyListHead;
2060 SINGLE_LIST_ENTRY SwapListEntry;
2061 PVOID Reserved1;
2062 LIST_ENTRY ThreadListHead;
2063 KSPIN_LOCK ProcessLock;
2064 KAFFINITY Affinity;
2065 USHORT StackCount;
2066 UCHAR BasePriority;
2067 UCHAR ThreadQuantum;
2068 BOOLEAN AutoAlignment;
2069 UCHAR State;
2070 UCHAR ThreadSeed;
2071 BOOLEAN DisableBoost;
2072 #if (VER_PRODUCTBUILD >= 2195)
2073 UCHAR PowerState;
2074 BOOLEAN DisableQuantum;
2075 UCHAR IdealNode;
2076 UCHAR Spare;
2077 #endif // (VER_PRODUCTBUILD >= 2195)
2078 } KPROCESS, *PKPROCESS;
2079
2080 #endif
2081
2082 #if (VER_PRODUCTBUILD >= 3790)
2083
2084 typedef struct _KTHREAD {
2085 DISPATCHER_HEADER Header;
2086 LIST_ENTRY MutantListHead; // 0x10
2087 PVOID InitialStack; // 0x18
2088 PVOID StackLimit; // 0x1c
2089 PVOID KernelStack; // 0x20
2090 ULONG ThreadLock; // 0x24
2091 ULONG ContextSwitches; // 0x28
2092 UCHAR State; // 0x2c
2093 UCHAR NpxState; // 0x2d
2094 UCHAR WaitIrql; // 0x2e
2095 CHAR WaitMode; // 0x2f
2096 struct _TEB *Teb; // 0x30
2097 KAPC_STATE ApcState; // 0x34
2098 KSPIN_LOCK ApcQueueLock; // 0x4c
2099 NTSTATUS WaitStatus; // 0x50
2100 PKWAIT_BLOCK WaitBlockList; // 0x54
2101 BOOLEAN Alertable; // 0x58
2102 UCHAR WaitNext; // 0x59
2103 UCHAR WaitReason; // 0x5a
2104 CHAR Priority; // 0x5b
2105 BOOLEAN EnableStackSwap; // 0x5c
2106 BOOLEAN SwapBusy; // 0x5d
2107 UCHAR Alerted[2]; // 0x5e
2108 union {
2109 LIST_ENTRY WaitListEntry; // 0x60
2110 SINGLE_LIST_ENTRY SwapListEntry; // 0x60
2111 };
2112 PKQUEUE Queue; // 0x68
2113 ULONG WaitTime; // 0x6c
2114 union {
2115 struct {
2116 USHORT KernelApcDisable; // 0x70
2117 USHORT SpecialApcDisable; // 0x72
2118 };
2119 USHORT CombinedApcDisable; // 0x70
2120 };
2121 KTIMER Timer; // 0x78
2122 KWAIT_BLOCK WaitBlock[4]; // 0xa0
2123 LIST_ENTRY QueueListEntry; // 0x100
2124 UCHAR ApcStateIndex; // 0x108
2125 BOOLEAN ApcQueueable; // 0x109
2126 BOOLEAN Preempted; // 0x10a
2127 BOOLEAN ProcessReadyQueue; // 0x10b
2128 BOOLEAN KernelStackResident; // 0x10c
2129 CHAR Saturation; // 0x10d
2130 UCHAR IdealProcessor; // 0x10e
2131 UCHAR NextProcessor; // 0x10f
2132 CHAR BasePriority; // 0x110
2133 UCHAR Spare4; // 0x111
2134 CHAR PriorityDecrement; // 0x112
2135 CHAR Quantum; // 0x113
2136 BOOLEAN SystemAffinityActive; // 0x114
2137 CHAR PreviousMode; // 0x115
2138 UCHAR ResourceIndex; // 0x116
2139 BOOLEAN DisableBoost; // 0x117
2140 ULONG UserAffinity; // 0x118
2141 PKPROCESS Process; // 0x11c
2142 ULONG Affinity; // 0x120
2143 PSERVICE_DESCRIPTOR_TABLE ServiceTable; // 0x124
2144 PKAPC_STATE ApcStatePointer[2]; // 0x128
2145 KAPC_STATE SavedApcState; // 0x130
2146 PVOID CallbackStack; // 0x148
2147 PVOID Win32Thread; // 0x14c
2148 PKTRAP_FRAME TrapFrame; // 0x150
2149 ULONG KernelTime; // 0x154
2150 ULONG UserTime; // 0x158
2151 PVOID StackBase; // 0x15c
2152 KAPC SuspendApc; // 0x160
2153 KSEMAPHORE SuspendSemaphore; // 0x190
2154 PVOID TlsArray; // 0x1a4
2155 PVOID LegoData; // 0x1a8
2156 LIST_ENTRY ThreadListEntry; // 0x1ac
2157 BOOLEAN LargeStack; // 0x1b4
2158 UCHAR PowerState; // 0x1b5
2159 UCHAR NpxIrql; // 0x1b6
2160 UCHAR Spare5; // 0x1b7
2161 BOOLEAN AutoAlignment; // 0x1b8
2162 UCHAR Iopl; // 0x1b9
2163 CHAR FreezeCount; // 0x1ba
2164 CHAR SuspendCount; // 0x1bb
2165 UCHAR Spare0[1]; // 0x1bc
2166 UCHAR UserIdealProcessor; // 0x1bd
2167 UCHAR DeferredProcessor; // 0x1be
2168 UCHAR AdjustReason; // 0x1bf
2169 CHAR AdjustIncrement; // 0x1c0
2170 UCHAR Spare2[3]; // 0x1c1
2171 } KTHREAD, *PKTHREAD;
2172
2173 #elif (VER_PRODUCTBUILD >= 2600)
2174
2175 typedef struct _KTHREAD {
2176 DISPATCHER_HEADER Header;
2177 LIST_ENTRY MutantListHead;
2178 PVOID InitialStack;
2179 PVOID StackLimit;
2180 struct _TEB *Teb;
2181 PVOID TlsArray;
2182 PVOID KernelStack;
2183 BOOLEAN DebugActive;
2184 UCHAR State;
2185 UCHAR Alerted[2];
2186 UCHAR Iopl;
2187 UCHAR NpxState;
2188 CHAR Saturation;
2189 CHAR Priority;
2190 KAPC_STATE ApcState;
2191 ULONG ContextSwitches;
2192 UCHAR IdleSwapBlock;
2193 UCHAR Spare0[3];
2194 NTSTATUS WaitStatus;
2195 UCHAR WaitIrql;
2196 CHAR WaitMode;
2197 UCHAR WaitNext;
2198 UCHAR WaitReason;
2199 PKWAIT_BLOCK WaitBlockList;
2200 union {
2201 LIST_ENTRY WaitListEntry;
2202 SINGLE_LIST_ENTRY SwapListEntry;
2203 };
2204 ULONG WaitTime;
2205 CHAR BasePriority;
2206 UCHAR DecrementCount;
2207 CHAR PriorityDecrement;
2208 CHAR Quantum;
2209 KWAIT_BLOCK WaitBlock[4];
2210 PVOID LegoData;
2211 ULONG KernelApcDisable;
2212 ULONG UserAffinity;
2213 BOOLEAN SystemAffinityActive;
2214 UCHAR PowerState;
2215 UCHAR NpxIrql;
2216 UCHAR InitialNode;
2217 PSERVICE_DESCRIPTOR_TABLE ServiceTable;
2218 PKQUEUE Queue;
2219 KSPIN_LOCK ApcQueueLock;
2220 KTIMER Timer;
2221 LIST_ENTRY QueueListEntry;
2222 ULONG SoftAffinity;
2223 ULONG Affinity;
2224 BOOLEAN Preempted;
2225 BOOLEAN ProcessReadyQueue;
2226 BOOLEAN KernelStackResident;
2227 UCHAR NextProcessor;
2228 PVOID CallbackStack;
2229 PVOID Win32Thread;
2230 PKTRAP_FRAME TrapFrame;
2231 PKAPC_STATE ApcStatePointer[2];
2232 CHAR PreviousMode;
2233 BOOLEAN EnableStackSwap;
2234 BOOLEAN LargeStack;
2235 UCHAR ResourceIndex;
2236 ULONG KernelTime;
2237 ULONG UserTime;
2238 KAPC_STATE SavedApcState;
2239 BOOLEAN Alertable;
2240 UCHAR ApcStateIndex;
2241 BOOLEAN ApcQueueable;
2242 BOOLEAN AutoAlignment;
2243 PVOID StackBase;
2244 KAPC SuspendApc;
2245 KSEMAPHORE SuspendSemaphore;
2246 LIST_ENTRY ThreadListEntry;
2247 CHAR FreezeCount;
2248 CHAR SuspendCount;
2249 UCHAR IdealProcessor;
2250 BOOLEAN DisableBoost;
2251 } KTHREAD, *PKTHREAD;
2252
2253 #else
2254
2255 typedef struct _KTHREAD {
2256 DISPATCHER_HEADER Header;
2257 LIST_ENTRY MutantListHead;
2258 PVOID InitialStack;
2259 PVOID StackLimit;
2260 struct _TEB *Teb;
2261 PVOID TlsArray;
2262 PVOID KernelStack;
2263 BOOLEAN DebugActive;
2264 UCHAR State;
2265 USHORT Alerted;
2266 UCHAR Iopl;
2267 UCHAR NpxState;
2268 UCHAR Saturation;
2269 UCHAR Priority;
2270 KAPC_STATE ApcState;
2271 ULONG ContextSwitches;
2272 NTSTATUS WaitStatus;
2273 UCHAR WaitIrql;
2274 UCHAR WaitMode;
2275 UCHAR WaitNext;
2276 UCHAR WaitReason;
2277 PKWAIT_BLOCK WaitBlockList;
2278 LIST_ENTRY WaitListEntry;
2279 ULONG WaitTime;
2280 UCHAR BasePriority;
2281 UCHAR DecrementCount;
2282 UCHAR PriorityDecrement;
2283 UCHAR Quantum;
2284 KWAIT_BLOCK WaitBlock[4];
2285 ULONG LegoData;
2286 ULONG KernelApcDisable;
2287 ULONG UserAffinity;
2288 BOOLEAN SystemAffinityActive;
2289 #if (VER_PRODUCTBUILD < 2195)
2290 UCHAR Pad[3];
2291 #else // (VER_PRODUCTBUILD >= 2195)
2292 UCHAR PowerState;
2293 UCHAR NpxIrql;
2294 UCHAR Pad[1];
2295 #endif // (VER_PRODUCTBUILD >= 2195)
2296 PSERVICE_DESCRIPTOR_TABLE ServiceDescriptorTable;
2297 PKQUEUE Queue;
2298 KSPIN_LOCK ApcQueueLock;
2299 KTIMER Timer;
2300 LIST_ENTRY QueueListEntry;
2301 ULONG Affinity;
2302 BOOLEAN Preempted;
2303 BOOLEAN ProcessReadyQueue;
2304 BOOLEAN KernelStackResident;
2305 UCHAR NextProcessor;
2306 PVOID CallbackStack;
2307 PVOID Win32Thread;
2308 PKTRAP_FRAME TrapFrame;
2309 PKAPC_STATE ApcStatePointer[2];
2310 #if (VER_PRODUCTBUILD >= 2195)
2311 UCHAR PreviousMode;
2312 #endif // (VER_PRODUCTBUILD >= 2195)
2313 BOOLEAN EnableStackSwap;
2314 BOOLEAN LargeStack;
2315 UCHAR ResourceIndex;
2316 #if (VER_PRODUCTBUILD < 2195)
2317 UCHAR PreviousMode;
2318 #endif // (VER_PRODUCTBUILD < 2195)
2319 ULONG KernelTime;
2320 ULONG UserTime;
2321 KAPC_STATE SavedApcState;
2322 BOOLEAN Alertable;
2323 UCHAR ApcStateIndex;
2324 BOOLEAN ApcQueueable;
2325 BOOLEAN AutoAlignment;
2326 PVOID StackBase;
2327 KAPC SuspendApc;
2328 KSEMAPHORE SuspendSemaphore;
2329 LIST_ENTRY ThreadListEntry;
2330 UCHAR FreezeCount;
2331 UCHAR SuspendCount;
2332 UCHAR IdealProcessor;
2333 BOOLEAN DisableBoost;
2334 } KTHREAD, *PKTHREAD;
2335
2336 #endif
2337
2338 #if (VER_PRODUCTBUILD >= 3790)
2339
2340 typedef struct _MMSUPPORT_FLAGS {
2341 ULONG SessionSpace : 1;
2342 ULONG BeingTrimmed : 1;
2343 ULONG SessionLeader : 1;
2344 ULONG TrimHard : 1;
2345 ULONG MaximumWorkingSetHard : 1;
2346 ULONG ForceTrim : 1;
2347 ULONG MinimumWorkingSetHard : 1;
2348 ULONG Available0 : 1;
2349 ULONG MemoryPriority : 8;
2350 ULONG GrowWsleHash : 1;
2351 ULONG AcquiredUnsafe : 1;
2352 ULONG Available : 14;
2353 } MMSUPPORT_FLAGS, *PMMSUPPORT_FLAGS;
2354
2355 #elif (VER_PRODUCTBUILD >= 2600)
2356
2357 typedef struct _MMSUPPORT_FLAGS {
2358 ULONG SessionSpace : 1;
2359 ULONG BeingTrimmed : 1;
2360 ULONG SessionLeader : 1;
2361 ULONG TrimHard : 1;
2362 ULONG WorkingSetHard : 1;
2363 ULONG AddressSpaceBeingDeleted : 1;
2364 ULONG Available : 10;
2365 ULONG AllowWorkingSetAdjustment : 8;
2366 ULONG MemoryPriority : 8;
2367 } MMSUPPORT_FLAGS, *PMMSUPPORT_FLAGS;
2368
2369 #else
2370
2371 typedef struct _MMSUPPORT_FLAGS {
2372 ULONG SessionSpace : 1;
2373 ULONG BeingTrimmed : 1;
2374 ULONG ProcessInSession : 1;
2375 ULONG SessionLeader : 1;
2376 ULONG TrimHard : 1;
2377 ULONG WorkingSetHard : 1;
2378 ULONG WriteWatch : 1;
2379 ULONG Filler : 25;
2380 } MMSUPPORT_FLAGS, *PMMSUPPORT_FLAGS;
2381
2382 #endif
2383
2384 #if (VER_PRODUCTBUILD >= 3790)
2385 /*
2386 typedef struct _KGUARDED_MUTEX {
2387 LONG Count;
2388 PKTHREAD Owner; // 0x4
2389 ULONG Contention; // 0x8
2390 KEVENT Event; // 0xc
2391 union {
2392 struct {
2393 USHORT KernelApcDisable; // 0x1c
2394 USHORT SpecialApcDisable; // 0x1e
2395 };
2396 USHORT CombinedApcDisable; // 0x1c
2397 };
2398 } KGUARDED_MUTEX, *PKGUARDED_MUTEX;
2399 */
2400 typedef struct _MMSUPPORT {
2401 LIST_ENTRY WorkingSetExpansionLinks;
2402 LARGE_INTEGER LastTrimTime; // 0x8
2403 MMSUPPORT_FLAGS Flags; // 0x10
2404 ULONG PageFaultCount; // 0x14
2405 ULONG PeakWorkingSetSize; // 0x18
2406 ULONG GrowthSinceLastEstimate; // 0x1c
2407 ULONG MinimumWorkingSetSize; // 0x20
2408 ULONG MaximumWorkingSetSize; // 0x24
2409 PMMWSL VmWorkingSetList; // 0x28
2410 ULONG Claim; // 0x2c
2411 ULONG NextEstimationSlot; // 0x30
2412 ULONG NextAgingSlot; // 0x34
2413 ULONG EstimatedAvailable; // 0x38
2414 ULONG WorkingSetSize; //0x3c
2415 KGUARDED_MUTEX Mutex; // 0x40
2416 } MMSUPPORT, *PMMSUPPORT;
2417
2418 #elif (VER_PRODUCTBUILD >= 2600)
2419
2420 typedef struct _MMSUPPORT {
2421 LARGE_INTEGER LastTrimTime;
2422 MMSUPPORT_FLAGS Flags;
2423 ULONG PageFaultCount;
2424 ULONG PeakWorkingSetSize;
2425 ULONG WorkingSetSize;
2426 ULONG MinimumWorkingSetSize;
2427 ULONG MaximumWorkingSetSize;
2428 PMMWSL VmWorkingSetList;
2429 LIST_ENTRY WorkingSetExpansionLinks;
2430 ULONG Claim;
2431 ULONG NextEstimationSlot;
2432 ULONG NextAgingSlot;
2433 ULONG EstimatedAvailable;
2434 ULONG GrowthSinceLastEstimate;
2435 } MMSUPPORT, *PMMSUPPORT;
2436
2437 #else
2438
2439 typedef struct _MMSUPPORT {
2440 LARGE_INTEGER LastTrimTime;
2441 ULONG LastTrimFaultCount;
2442 ULONG PageFaultCount;
2443 ULONG PeakWorkingSetSize;
2444 ULONG WorkingSetSize;
2445 ULONG MinimumWorkingSetSize;
2446 ULONG MaximumWorkingSetSize;
2447 PMMWSL VmWorkingSetList;
2448 LIST_ENTRY WorkingSetExpansionLinks;
2449 BOOLEAN AllowWorkingSetAdjustment;
2450 BOOLEAN AddressSpaceBeingDeleted;
2451 UCHAR ForegroundSwitchCount;
2452 UCHAR MemoryPriority;
2453 #if (VER_PRODUCTBUILD >= 2195)
2454 union {
2455 ULONG LongFlags;
2456 MMSUPPORT_FLAGS Flags;
2457 } u;
2458 ULONG Claim;
2459 ULONG NextEstimationSlot;
2460 ULONG NextAgingSlot;
2461 ULONG EstimatedAvailable;
2462 ULONG GrowthSinceLastEstimate;
2463 #endif // (VER_PRODUCTBUILD >= 2195)
2464 } MMSUPPORT, *PMMSUPPORT;
2465
2466 #endif
2467
2468 typedef struct _SE_AUDIT_PROCESS_CREATION_INFO {
2469 POBJECT_NAME_INFORMATION ImageFileName;
2470 } SE_AUDIT_PROCESS_CREATION_INFO, *PSE_AUDIT_PROCESS_CREATION_INFO;
2471
2472 typedef struct _SID_IDENTIFIER_AUTHORITY {
2473 UCHAR Value[6];
2474 } SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
2475
2476 typedef struct _SID {
2477 UCHAR Revision;
2478 UCHAR SubAuthorityCount;
2479 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
2480 ULONG SubAuthority[1];
2481 } SID, *PREAL_SID;
2482
2483 typedef struct _BITMAP_DESCRIPTOR {
2484 ULONGLONG StartLcn;
2485 ULONGLONG ClustersToEndOfVol;
2486 UCHAR Map[1];
2487 } BITMAP_DESCRIPTOR, *PBITMAP_DESCRIPTOR;
2488
2489 typedef struct _BITMAP_RANGE {
2490 LIST_ENTRY Links;
2491 LARGE_INTEGER BasePage;
2492 ULONG FirstDirtyPage;
2493 ULONG LastDirtyPage;
2494 ULONG DirtyPages;
2495 PULONG Bitmap;
2496 } BITMAP_RANGE, *PBITMAP_RANGE;
2497
2498 typedef struct _CACHE_UNINITIALIZE_EVENT {
2499 struct _CACHE_UNINITIALIZE_EVENT *Next;
2500 KEVENT Event;
2501 } CACHE_UNINITIALIZE_EVENT, *PCACHE_UNINITIALIZE_EVENT;
2502
2503 typedef struct _CC_FILE_SIZES {
2504 LARGE_INTEGER AllocationSize;
2505 LARGE_INTEGER FileSize;
2506 LARGE_INTEGER ValidDataLength;
2507 } CC_FILE_SIZES, *PCC_FILE_SIZES;
2508
2509 typedef struct _COMPRESSED_DATA_INFO {
2510 USHORT CompressionFormatAndEngine;
2511 UCHAR CompressionUnitShift;
2512 UCHAR ChunkShift;
2513 UCHAR ClusterShift;
2514 UCHAR Reserved;
2515 USHORT NumberOfChunks;
2516 ULONG CompressedChunkSizes[ANYSIZE_ARRAY];
2517 } COMPRESSED_DATA_INFO, *PCOMPRESSED_DATA_INFO;
2518
2519 typedef struct _DEVICE_MAP {
2520 POBJECT_DIRECTORY DosDevicesDirectory;
2521 POBJECT_DIRECTORY GlobalDosDevicesDirectory;
2522 ULONG ReferenceCount;
2523 ULONG DriveMap;
2524 UCHAR DriveType[32];
2525 } DEVICE_MAP, *PDEVICE_MAP;
2526
2527 typedef struct _DIRECTORY_BASIC_INFORMATION {
2528 UNICODE_STRING ObjectName;
2529 UNICODE_STRING ObjectTypeName;
2530 } DIRECTORY_BASIC_INFORMATION, *PDIRECTORY_BASIC_INFORMATION;
2531
2532 #if (VER_PRODUCTBUILD >= 2600)
2533
2534 typedef struct _EX_FAST_REF {
2535 union {
2536 PVOID Object;
2537 ULONG RefCnt : 3;
2538 ULONG Value;
2539 };
2540 } EX_FAST_REF, *PEX_FAST_REF;
2541
2542 typedef struct _EX_PUSH_LOCK {
2543 union {
2544 struct {
2545 ULONG Waiting : 1;
2546 ULONG Exclusive : 1;
2547 ULONG Shared : 30;
2548 };
2549 ULONG Value;
2550 PVOID Ptr;
2551 };
2552 } EX_PUSH_LOCK, *PEX_PUSH_LOCK;
2553
2554 #endif // (VER_PRODUCTBUILD >= 2600)
2555
2556 #if (VER_PRODUCTBUILD == 2600)
2557
2558 typedef struct _EX_RUNDOWN_REF {
2559 union {
2560 ULONG Count;
2561 PVOID Ptr;
2562 };
2563 } EX_RUNDOWN_REF, *PEX_RUNDOWN_REF;
2564
2565 #endif // (VER_PRODUCTBUILD == 2600)
2566
2567 #if (VER_PRODUCTBUILD >= 3790)
2568
2569 typedef struct _MM_ADDRESS_NODE {
2570 union {
2571 ULONG Balance : 2;
2572 struct _MM_ADDRESS_NODE *Parent; // lower 2 bits of Parent are Balance and must be zeroed to obtain Parent
2573 };
2574 struct _MM_ADDRESS_NODE *LeftChild;
2575 struct _MM_ADDRESS_NODE *RightChild;
2576 ULONG_PTR StartingVpn;
2577 ULONG_PTR EndingVpn;
2578 } MMADDRESS_NODE, *PMMADDRESS_NODE;
2579
2580 typedef struct _MM_AVL_TABLE {
2581 MMADDRESS_NODE BalancedRoot; // Vadroot; incorrectly represents the NULL pages (EndingVpn should be 0xf, etc.)
2582 ULONG DepthOfTree : 5; // 0x14
2583 ULONG Unused : 3;
2584 ULONG NumberGenericTableElements : 24; // total number of nodes
2585 PVOID NodeHint; // 0x18 (0x270 in _EPROCESS)
2586 PVOID NodeFreeHint; // 0x1c
2587 } MM_AVL_TABLE, *PMM_AVL_TABLE;
2588
2589 typedef struct _EPROCESS {
2590 KPROCESS Pcb; // +0x000
2591 EX_PUSH_LOCK ProcessLock; // +0x06c
2592 LARGE_INTEGER CreateTime; // +0x070
2593 LARGE_INTEGER ExitTime; // +0x078
2594 EX_RUNDOWN_REF RundownProtect; // +0x080
2595 ULONG UniqueProcessId; // +0x084
2596 LIST_ENTRY ActiveProcessLinks; // +0x088
2597 ULONG QuotaUsage[3]; // +0x090
2598 ULONG QuotaPeak[3]; // +0x09c
2599 ULONG CommitCharge; // +0x0a8
2600 ULONG PeakVirtualSize; // +0x0ac
2601 ULONG VirtualSize; // +0x0b0
2602 LIST_ENTRY SessionProcessLinks; // +0x0b4
2603 PVOID DebugPort; // +0x0bc
2604 PVOID ExceptionPort; // +0x0c0
2605 PHANDLE_TABLE ObjectTable; // +0x0c4
2606 EX_FAST_REF Token; // +0x0c8
2607 ULONG WorkingSetPage; // +0x0cc
2608 KGUARDED_MUTEX AddressCreationLock; // +0x0d0
2609 ULONG HyperSpaceLock; // +0x0f0
2610 PETHREAD ForkInProgress; // +0x0f4
2611 ULONG HardwareTrigger; // +0x0f8
2612 PMM_AVL_TABLE PhysicalVadRoot; // +0x0fc
2613 PVOID CloneRoot; // +0x100
2614 ULONG NumberOfPrivatePages; // +0x104
2615 ULONG NumberOfLockedPages; // +0x108
2616 PVOID Win32Process; // +0x10c
2617 PEJOB Job; // +0x110
2618 PVOID SectionObject; // +0x114
2619 PVOID SectionBaseAddress; // +0x118
2620 PEPROCESS_QUOTA_BLOCK QuotaBlock; // +0x11c
2621 PPAGEFAULT_HISTORY WorkingSetWatch; // +0x120
2622 PVOID Win32WindowStation; // +0x124
2623 ULONG InheritedFromUniqueProcessId; // +0x128
2624 PVOID LdtInformation; // +0x12c
2625 PVOID VadFreeHint; // +0x130
2626 PVOID VdmObjects; // +0x134
2627 PVOID DeviceMap; // +0x138
2628 PVOID Spare0[3]; // +0x13c
2629 union {
2630 HARDWARE_PTE PageDirectoryPte; // +0x148
2631 UINT64 Filler; // +0x148
2632 };
2633 PVOID Session; // +0x150
2634 UCHAR ImageFileName[16]; // +0x154
2635 LIST_ENTRY JobLinks; // +0x164
2636 PVOID LockedPagesList; // +0x16c
2637 LIST_ENTRY ThreadListHead; // +0x170
2638 PVOID SecurityPort; // +0x178
2639 PVOID PaeTop; // +0x17c
2640 ULONG ActiveThreads; // +0x180
2641 ULONG GrantedAccess; // +0x184
2642 ULONG DefaultHardErrorProcessing; // +0x188
2643 SHORT LastThreadExitStatus; // +0x18c
2644 PPEB Peb; // +0x190
2645 EX_FAST_REF PrefetchTrace; // +0x194
2646 LARGE_INTEGER ReadOperationCount; // +0x198
2647 LARGE_INTEGER WriteOperationCount; // +0x1a0
2648 LARGE_INTEGER OtherOperationCount; // +0x1a8
2649 LARGE_INTEGER ReadTransferCount; // +0x1b0
2650 LARGE_INTEGER WriteTransferCount; // +0x1b8
2651 LARGE_INTEGER OtherTransferCount; // +0x1c0
2652 ULONG CommitChargeLimit; // +0x1c8
2653 ULONG CommitChargePeak; // +0x1cc
2654 PVOID AweInfo; // +0x1d0
2655 SE_AUDIT_PROCESS_CREATION_INFO SeAuditProcessCreationInfo; // +0x1d4
2656 MMSUPPORT Vm; // +0x1d8
2657 LIST_ENTRY MmProcessLinks; // +0x238
2658 ULONG ModifiedPageCount; // +0x240
2659 ULONG JobStatus; // +0x244
2660 union {
2661 ULONG Flags; // 0x248
2662 struct {
2663 ULONG CreateReported : 1;
2664 ULONG NoDebugInherit : 1;
2665 ULONG ProcessExiting : 1;
2666 ULONG ProcessDelete : 1;
2667 ULONG Wow64SplitPages : 1;
2668 ULONG VmDeleted : 1;
2669 ULONG OutswapEnabled : 1;
2670 ULONG Outswapped : 1;
2671 ULONG ForkFailed : 1;
2672 ULONG Wow64VaSpace4Gb : 1;
2673 ULONG AddressSpaceInitialized : 2;
2674 ULONG SetTimerResolution : 1;
2675 ULONG BreakOnTermination : 1;
2676 ULONG SessionCreationUnderway : 1;
2677 ULONG WriteWatch : 1;
2678 ULONG ProcessInSession : 1;
2679 ULONG OverrideAddressSpace : 1;
2680 ULONG HasAddressSpace : 1;
2681 ULONG LaunchPrefetched : 1;
2682 ULONG InjectInpageErrors : 1;
2683 ULONG VmTopDown : 1;
2684 ULONG ImageNotifyDone : 1;
2685 ULONG PdeUpdateNeeded : 1;
2686 ULONG VdmAllowed : 1;
2687 ULONG Unused : 7;
2688 };
2689 };
2690 NTSTATUS ExitStatus; // +0x24c
2691 USHORT NextPageColor; // +0x250
2692 union {
2693 struct {
2694 UCHAR SubSystemMinorVersion; // +0x252
2695 UCHAR SubSystemMajorVersion; // +0x253
2696 };
2697 USHORT SubSystemVersion; // +0x252
2698 };
2699 UCHAR PriorityClass; // +0x254
2700 MM_AVL_TABLE VadRoot; // +0x258
2701 } EPROCESS, *PEPROCESS; // 0x278 in total
2702
2703 #elif (VER_PRODUCTBUILD >= 2600)
2704
2705 typedef struct _EPROCESS {
2706 KPROCESS Pcb;
2707 EX_PUSH_LOCK ProcessLock;
2708 LARGE_INTEGER CreateTime;
2709 LARGE_INTEGER ExitTime;
2710 EX_RUNDOWN_REF RundownProtect;
2711 ULONG UniqueProcessId;
2712 LIST_ENTRY ActiveProcessLinks;
2713 ULONG QuotaUsage[3];
2714 ULONG QuotaPeak[3];
2715 ULONG CommitCharge;
2716 ULONG PeakVirtualSize;
2717 ULONG VirtualSize;
2718 LIST_ENTRY SessionProcessLinks;
2719 PVOID DebugPort;
2720 PVOID ExceptionPort;
2721 PHANDLE_TABLE ObjectTable;
2722 EX_FAST_REF Token;
2723 FAST_MUTEX WorkingSetLock;
2724 ULONG WorkingSetPage;
2725 FAST_MUTEX AddressCreationLock;
2726 KSPIN_LOCK HyperSpaceLock;
2727 PETHREAD ForkInProgress;
2728 ULONG HardwareTrigger;
2729 PVOID VadRoot;
2730 PVOID VadHint;
2731 PVOID CloneRoot;
2732 ULONG NumberOfPrivatePages;
2733 ULONG NumberOfLockedPages;
2734 PVOID Win32Process;
2735 PEJOB Job;
2736 PSECTION_OBJECT SectionObject;
2737 PVOID SectionBaseAddress;
2738 PEPROCESS_QUOTA_BLOCK QuotaBlock;
2739 PPAGEFAULT_HISTORY WorkingSetWatch;
2740 PVOID Win32WindowStation;
2741 PVOID InheritedFromUniqueProcessId;
2742 PVOID LdtInformation;
2743 PVOID VadFreeHint;
2744 PVOID VdmObjects;
2745 PDEVICE_MAP DeviceMap;
2746 LIST_ENTRY PhysicalVadList;
2747 union {
2748 HARDWARE_PTE PageDirectoryPte;
2749 ULONGLONG Filler;
2750 };
2751 PVOID Session;
2752 UCHAR ImageFileName[16];
2753 LIST_ENTRY JobLinks;
2754 PVOID LockedPageList;
2755 LIST_ENTRY ThreadListHead;
2756 PVOID SecurityPort;
2757 PVOID PaeTop;
2758 ULONG ActiveThreads;
2759 ULONG GrantedAccess;
2760 ULONG DefaultHardErrorProcessing;
2761 NTSTATUS LastThreadExitStatus;
2762 PPEB Peb;
2763 EX_FAST_REF PrefetchTrace;
2764 LARGE_INTEGER ReadOperationCount;
2765 LARGE_INTEGER WriteOperationCount;
2766 LARGE_INTEGER OtherOperationCount;
2767 LARGE_INTEGER ReadTransferCount;
2768 LARGE_INTEGER WriteTransferCount;
2769 LARGE_INTEGER OtherTransferCount;
2770 ULONG CommitChargeLimit;
2771 ULONG CommitChargePeek;
2772 PVOID AweInfo;
2773 SE_AUDIT_PROCESS_CREATION_INFO SeAuditProcessCreationInfo;
2774 MMSUPPORT Vm;
2775 ULONG LastFaultCount;
2776 ULONG ModifiedPageCount;
2777 ULONG NumberOfVads;
2778 ULONG JobStatus;
2779 union {
2780 ULONG Flags;
2781 struct {
2782 ULONG CreateReported : 1;
2783 ULONG NoDebugInherit : 1;
2784 ULONG ProcessExiting : 1;
2785 ULONG ProcessDelete : 1;
2786 ULONG Wow64SplitPages : 1;
2787 ULONG VmDeleted : 1;
2788 ULONG OutswapEnabled : 1;
2789 ULONG Outswapped : 1;
2790 ULONG ForkFailed : 1;
2791 ULONG HasPhysicalVad : 1;
2792 ULONG AddressSpaceInitialized : 2;
2793 ULONG SetTimerResolution : 1;
2794 ULONG BreakOnTermination : 1;
2795 ULONG SessionCreationUnderway : 1;
2796 ULONG WriteWatch : 1;
2797 ULONG ProcessInSession : 1;
2798 ULONG OverrideAddressSpace : 1;
2799 ULONG HasAddressSpace : 1;
2800 ULONG LaunchPrefetched : 1;
2801 ULONG InjectInpageErrors : 1;
2802 ULONG Unused : 11;
2803 };
2804 };
2805 NTSTATUS ExitStatus;
2806 USHORT NextPageColor;
2807 union {
2808 struct {
2809 UCHAR SubSystemMinorVersion;
2810 UCHAR SubSystemMajorVersion;
2811 };
2812 USHORT SubSystemVersion;
2813 };
2814 UCHAR PriorityClass;
2815 BOOLEAN WorkingSetAcquiredUnsafe;
2816 } EPROCESS, *PEPROCESS;
2817
2818 #else
2819
2820 typedef struct _EPROCESS {
2821 KPROCESS Pcb;
2822 NTSTATUS ExitStatus;
2823 KEVENT LockEvent;
2824 ULONG LockCount;
2825 LARGE_INTEGER CreateTime;
2826 LARGE_INTEGER ExitTime;
2827 PKTHREAD LockOwner;
2828 ULONG UniqueProcessId;
2829 LIST_ENTRY ActiveProcessLinks;
2830 ULONGLONG QuotaPeakPoolUsage;
2831 ULONGLONG QuotaPoolUsage;
2832 ULONG PagefileUsage;
2833 ULONG CommitCharge;
2834 ULONG PeakPagefileUsage;
2835 ULONG PeakVirtualSize;
2836 ULONGLONG VirtualSize;
2837 MMSUPPORT Vm;
2838 #if (VER_PRODUCTBUILD < 2195)
2839 ULONG LastProtoPteFault;
2840 #else // (VER_PRODUCTBUILD >= 2195)
2841 LIST_ENTRY SessionProcessLinks;
2842 #endif // (VER_PRODUCTBUILD >= 2195)
2843 ULONG DebugPort;
2844 ULONG ExceptionPort;
2845 PHANDLE_TABLE ObjectTable;
2846 PACCESS_TOKEN Token;
2847 FAST_MUTEX WorkingSetLock;
2848 ULONG WorkingSetPage;
2849 BOOLEAN ProcessOutswapEnabled;
2850 BOOLEAN ProcessOutswapped;
2851 BOOLEAN AddressSpaceInitialized;
2852 BOOLEAN AddressSpaceDeleted;
2853 FAST_MUTEX AddressCreationLock;
2854 KSPIN_LOCK HyperSpaceLock;
2855 PETHREAD ForkInProgress;
2856 USHORT VmOperation;
2857 BOOLEAN ForkWasSuccessful;
2858 UCHAR MmAgressiveWsTrimMask;
2859 PKEVENT VmOperationEvent;
2860 #if (VER_PRODUCTBUILD < 2195)
2861 HARDWARE_PTE PageDirectoryPte;
2862 #else // (VER_PRODUCTBUILD >= 2195)
2863 PVOID PaeTop;
2864 #endif // (VER_PRODUCTBUILD >= 2195)
2865 ULONG LastFaultCount;
2866 ULONG ModifiedPageCount;
2867 PVOID VadRoot;
2868 PVOID VadHint;
2869 ULONG CloneRoot;
2870 ULONG NumberOfPrivatePages;
2871 ULONG NumberOfLockedPages;
2872 USHORT NextPageColor;
2873 BOOLEAN ExitProcessCalled;
2874 BOOLEAN CreateProcessReported;
2875 HANDLE SectionHandle;
2876 PPEB Peb;
2877 PVOID SectionBaseAddress;
2878 PEPROCESS_QUOTA_BLOCK QuotaBlock;
2879 NTSTATUS LastThreadExitStatus;
2880 PPROCESS_WS_WATCH_INFORMATION WorkingSetWatch;
2881 HANDLE Win32WindowStation;
2882 HANDLE InheritedFromUniqueProcessId;
2883 ACCESS_MASK GrantedAccess;
2884 ULONG DefaultHardErrorProcessing;
2885 PVOID LdtInformation;
2886 PVOID VadFreeHint;
2887 PVOID VdmObjects;
2888 #if (VER_PRODUCTBUILD < 2195)
2889 KMUTANT ProcessMutant;
2890 #else // (VER_PRODUCTBUILD >= 2195)
2891 PDEVICE_MAP DeviceMap;
2892 ULONG SessionId;
2893 LIST_ENTRY PhysicalVadList;
2894 HARDWARE_PTE PageDirectoryPte;
2895 ULONG Filler;
2896 ULONG PaePageDirectoryPage;
2897 #endif // (VER_PRODUCTBUILD >= 2195)
2898 UCHAR ImageFileName[16];
2899 ULONG VmTrimFaultValue;
2900 UCHAR SetTimerResolution;
2901 UCHAR PriorityClass;
2902 union {
2903 struct {
2904 UCHAR SubSystemMinorVersion;
2905 UCHAR SubSystemMajorVersion;
2906 };
2907 USHORT SubSystemVersion;
2908 };
2909 PVOID Win32Process;
2910 #if (VER_PRODUCTBUILD >= 2195)
2911 PEJOB Job;
2912 ULONG JobStatus;
2913 LIST_ENTRY JobLinks;
2914 PVOID LockedPageList;
2915 PVOID SecurityPort;
2916 PWOW64_PROCESS Wow64Process;
2917 LARGE_INTEGER ReadOperationCount;
2918 LARGE_INTEGER WriteOperationCount;
2919 LARGE_INTEGER OtherOperationCount;
2920 LARGE_INTEGER ReadTransferCount;
2921 LARGE_INTEGER WriteTransferCount;
2922 LARGE_INTEGER OtherTransferCount;
2923 ULONG CommitChargeLimit;
2924 ULONG CommitChargePeek;
2925 LIST_ENTRY ThreadListHead;
2926 PRTL_BITMAP VadPhysicalPagesBitMap;
2927 ULONG VadPhysicalPages;
2928 ULONG AweLock;
2929 #endif // (VER_PRODUCTBUILD >= 2195)
2930 } EPROCESS, *PEPROCESS;
2931
2932 #endif
2933
2934 #if (VER_PRODUCTBUILD >= 2600)
2935
2936 typedef struct _ETHREAD {
2937 KTHREAD Tcb;
2938 union {
2939 LARGE_INTEGER CreateTime;
2940 struct {
2941 ULONG NestedFaultCount : 2;
2942 ULONG ApcNeeded : 1;
2943 };
2944 };
2945 union {
2946 LARGE_INTEGER ExitTime;
2947 LIST_ENTRY LpcReplyChain;
2948 LIST_ENTRY KeyedWaitChain;
2949 };
2950 union {
2951 NTSTATUS ExitStatus;
2952 PVOID OfsChain;
2953 };
2954 LIST_ENTRY PostBlockList;
2955 union {
2956 PTERMINATION_PORT TerminationPort;
2957 PETHREAD ReaperLink;
2958 PVOID KeyedWaitValue;
2959 };
2960 KSPIN_LOCK ActiveTimerListLock;
2961 LIST_ENTRY ActiveTimerListHead;
2962 CLIENT_ID Cid;
2963 union {
2964 KSEMAPHORE LpcReplySemaphore;
2965 KSEMAPHORE KeyedWaitSemaphore;
2966 };
2967 union {
2968 PLPC_MESSAGE LpcReplyMessage;
2969 PVOID LpcWaitingOnPort;
2970 };
2971 PPS_IMPERSONATION_INFORMATION ImpersonationInfo;
2972 LIST_ENTRY IrpList;
2973 ULONG TopLevelIrp;
2974 PDEVICE_OBJECT DeviceToVerify;
2975 PEPROCESS ThreadsProcess;
2976 PKSTART_ROUTINE StartAddress;
2977 union {
2978 PVOID Win32StartAddress;
2979 ULONG LpcReceivedMessageId;
2980 };
2981 LIST_ENTRY ThreadListEntry;
2982 EX_RUNDOWN_REF RundownProtect;
2983 EX_PUSH_LOCK ThreadLock;
2984 ULONG LpcReplyMessageId;
2985 ULONG ReadClusterSize;
2986 ACCESS_MASK GrantedAccess;
2987 union {
2988 ULONG CrossThreadFlags;
2989 struct {
2990 ULONG Terminated : 1;
2991 ULONG DeadThread : 1;
2992 ULONG HideFromDebugger : 1;
2993 ULONG ActiveImpersonationInfo : 1;
2994 ULONG SystemThread : 1;
2995 ULONG HardErrorsAreDisabled : 1;
2996 ULONG BreakOnTermination : 1;
2997 ULONG SkipCreationMsg : 1;
2998 ULONG SkipTerminationMsg : 1;
2999 };
3000 };
3001 union {
3002 ULONG SameThreadPassiveFlags;
3003 struct {
3004 ULONG ActiveExWorker : 1;
3005 ULONG ExWorkerCanWaitUser : 1;
3006 ULONG MemoryMaker : 1;
3007 ULONG KeyedEventInUse : 1;
3008 };
3009 };
3010 union {
3011 ULONG SameThreadApcFlags;
3012 struct {
3013 BOOLEAN LpcReceivedMsgIdValid : 1;
3014 BOOLEAN LpcExitThreadCalled : 1;
3015 BOOLEAN AddressSpaceOwner : 1;
3016 };
3017 };
3018 BOOLEAN ForwardClusterOnly;
3019 BOOLEAN DisablePageFaultClustering;
3020 } ETHREAD, *PETHREAD;
3021
3022 #else
3023
3024 typedef struct _ETHREAD {
3025 KTHREAD Tcb;
3026 LARGE_INTEGER CreateTime;
3027 union {
3028 LARGE_INTEGER ExitTime;
3029 LIST_ENTRY LpcReplyChain;
3030 };
3031 union {
3032 NTSTATUS ExitStatus;
3033 PVOID OfsChain;
3034 };
3035 LIST_ENTRY PostBlockList;
3036 LIST_ENTRY TerminationPortList;
3037 KSPIN_LOCK ActiveTimerListLock;
3038 LIST_ENTRY ActiveTimerListHead;
3039 CLIENT_ID Cid;
3040 KSEMAPHORE LpcReplySemaphore;
3041 PLPC_MESSAGE LpcReplyMessage;
3042 ULONG LpcReplyMessageId;
3043 ULONG PerformanceCountLow;
3044 PPS_IMPERSONATION_INFORMATION ImpersonationInfo;
3045 LIST_ENTRY IrpList;
3046 PVOID TopLevelIrp;
3047 PDEVICE_OBJECT DeviceToVerify;
3048 ULONG ReadClusterSize;
3049 BOOLEAN ForwardClusterOnly;
3050 BOOLEAN DisablePageFaultClustering;
3051 BOOLEAN DeadThread;
3052 #if (VER_PRODUCTBUILD >= 2195)
3053 BOOLEAN HideFromDebugger;
3054 #endif // (VER_PRODUCTBUILD >= 2195)
3055 #if (VER_PRODUCTBUILD < 2195)
3056 BOOLEAN HasTerminated;
3057 #else // (VER_PRODUCTBUILD >= 2195)
3058 ULONG HasTerminated;
3059 #endif // (VER_PRODUCTBUILD >= 2195)
3060 #if (VER_PRODUCTBUILD < 2195)
3061 PKEVENT_PAIR EventPair;
3062 #endif // (VER_PRODUCTBUILD < 2195)
3063 ACCESS_MASK GrantedAccess;
3064 PEPROCESS ThreadsProcess;
3065 PKSTART_ROUTINE StartAddress;
3066 union {
3067 PVOID Win32StartAddress;
3068 ULONG LpcReceivedMessageId;
3069 };
3070 BOOLEAN LpcExitThreadCalled;
3071 BOOLEAN HardErrorsAreDisabled;
3072 BOOLEAN LpcReceivedMsgIdValid;
3073 BOOLEAN ActiveImpersonationInfo;
3074 ULONG PerformanceCountHigh;
3075 #if (VER_PRODUCTBUILD >= 2195)
3076 LIST_ENTRY ThreadListEntry;
3077 #endif // (VER_PRODUCTBUILD >= 2195)
3078 } ETHREAD, *PETHREAD;
3079
3080 #endif
3081
3082 typedef struct _EPROCESS_QUOTA_ENTRY {
3083 ULONG Usage;
3084 ULONG Limit;
3085 ULONG Peak;
3086 ULONG Return;
3087 } EPROCESS_QUOTA_ENTRY, *PEPROCESS_QUOTA_ENTRY;
3088
3089 typedef struct _EPROCESS_QUOTA_BLOCK {
3090 EPROCESS_QUOTA_ENTRY QuotaEntry[3];
3091 LIST_ENTRY QuotaList;
3092 ULONG ReferenceCount;
3093 ULONG ProcessCount;
3094 } EPROCESS_QUOTA_BLOCK, *PEPROCESS_QUOTA_BLOCK;
3095
3096 typedef struct _EXCEPTION_REGISTRATION_RECORD {
3097 struct _EXCEPTION_REGISTRATION_RECORD *Next;
3098 PVOID Handler;
3099 } EXCEPTION_REGISTRATION_RECORD, *PEXCEPTION_REGISTRATION_RECORD;
3100
3101 /*
3102 * When needing these parameters cast your PIO_STACK_LOCATION to
3103 * PEXTENDED_IO_STACK_LOCATION
3104 */
3105 #if !defined(_ALPHA_) && !defined(_AMD64_) && !defined(_IA64_)
3106 #include <pshpack4.h>
3107 #endif
3108 typedef struct _EXTENDED_IO_STACK_LOCATION {
3109
3110 /* Included for padding */
3111 UCHAR MajorFunction;
3112 UCHAR MinorFunction;
3113 UCHAR Flags;
3114 UCHAR Control;
3115
3116 union {
3117
3118 struct {
3119 PIO_SECURITY_CONTEXT SecurityContext;
3120 ULONG Options;
3121 USHORT Reserved;
3122 USHORT ShareAccess;
3123 PMAILSLOT_CREATE_PARAMETERS Parameters;
3124 } CreateMailslot;
3125
3126 struct {
3127 PIO_SECURITY_CONTEXT SecurityContext;
3128 ULONG Options;
3129 USHORT Reserved;
3130 USHORT ShareAccess;
3131 PNAMED_PIPE_CREATE_PARAMETERS Parameters;
3132 } CreatePipe;
3133
3134 struct {
3135 ULONG OutputBufferLength;
3136 ULONG InputBufferLength;
3137 ULONG FsControlCode;
3138 PVOID Type3InputBuffer;
3139 } FileSystemControl;
3140
3141 struct {
3142 PLARGE_INTEGER Length;
3143 ULONG Key;
3144 LARGE_INTEGER ByteOffset;
3145 } LockControl;
3146
3147 struct {
3148 ULONG Length;
3149 ULONG CompletionFilter;
3150 } NotifyDirectory;
3151
3152 struct {
3153 ULONG Length;
3154 PUNICODE_STRING FileName;
3155 FILE_INFORMATION_CLASS FileInformationClass;
3156 ULONG FileIndex;
3157 } QueryDirectory;
3158
3159 struct {
3160 ULONG Length;
3161 PVOID EaList;
3162 ULONG EaListLength;
3163 ULONG EaIndex;
3164 } QueryEa;
3165
3166 struct {
3167 ULONG Length;
3168 PSID StartSid;
3169 PFILE_GET_QUOTA_INFORMATION SidList;
3170 ULONG SidListLength;
3171 } QueryQuota;
3172
3173 struct {
3174 ULONG Length;
3175 } SetEa;
3176
3177 struct {
3178 ULONG Length;
3179 } SetQuota;
3180
3181 struct {
3182 ULONG Length;
3183 FS_INFORMATION_CLASS FsInformationClass;
3184 } SetVolume;
3185
3186 } Parameters;
3187
3188 } EXTENDED_IO_STACK_LOCATION, *PEXTENDED_IO_STACK_LOCATION;
3189 #if !defined(_ALPHA_) && !defined(_AMD64_) && !defined(_IA64_)
3190 #include <poppack.h>
3191 #endif
3192
3193 typedef struct _FILE_ACCESS_INFORMATION {
3194 ACCESS_MASK AccessFlags;
3195 } FILE_ACCESS_INFORMATION, *PFILE_ACCESS_INFORMATION;
3196
3197 typedef struct _FILE_ALLOCATION_INFORMATION {
3198 LARGE_INTEGER AllocationSize;
3199 } FILE_ALLOCATION_INFORMATION, *PFILE_ALLOCATION_INFORMATION;
3200
3201 typedef struct _FILE_BOTH_DIR_INFORMATION {
3202 ULONG NextEntryOffset;
3203 ULONG FileIndex;
3204 LARGE_INTEGER CreationTime;
3205 LARGE_INTEGER LastAccessTime;
3206 LARGE_INTEGER LastWriteTime;
3207 LARGE_INTEGER ChangeTime;
3208 LARGE_INTEGER EndOfFile;
3209 LARGE_INTEGER AllocationSize;
3210 ULONG FileAttributes;
3211 ULONG FileNameLength;
3212 ULONG EaSize;
3213 CCHAR ShortNameLength;
3214 WCHAR ShortName[12];
3215 WCHAR FileName[1];
3216 } FILE_BOTH_DIR_INFORMATION, *PFILE_BOTH_DIR_INFORMATION;
3217
3218 typedef struct _FILE_COMPLETION_INFORMATION {
3219 HANDLE Port;
3220 ULONG Key;
3221 } FILE_COMPLETION_INFORMATION, *PFILE_COMPLETION_INFORMATION;
3222
3223 typedef struct _FILE_COMPRESSION_INFORMATION {
3224 LARGE_INTEGER CompressedFileSize;
3225 USHORT CompressionFormat;
3226 UCHAR CompressionUnitShift;
3227 UCHAR ChunkShift;
3228 UCHAR ClusterShift;
3229 UCHAR Reserved[3];
3230 } FILE_COMPRESSION_INFORMATION, *PFILE_COMPRESSION_INFORMATION;
3231
3232 typedef struct _FILE_COPY_ON_WRITE_INFORMATION {
3233 BOOLEAN ReplaceIfExists;
3234 HANDLE RootDirectory;
3235 ULONG FileNameLength;
3236 WCHAR FileName[1];
3237 } FILE_COPY_ON_WRITE_INFORMATION, *PFILE_COPY_ON_WRITE_INFORMATION;
3238
3239 typedef struct _FILE_DIRECTORY_INFORMATION {
3240 ULONG NextEntryOffset;
3241 ULONG FileIndex;
3242 LARGE_INTEGER CreationTime;
3243 LARGE_INTEGER LastAccessTime;
3244 LARGE_INTEGER LastWriteTime;
3245 LARGE_INTEGER ChangeTime;
3246 LARGE_INTEGER EndOfFile;
3247 LARGE_INTEGER AllocationSize;
3248 ULONG FileAttributes;
3249 ULONG FileNameLength;
3250 WCHAR FileName[1];
3251 } FILE_DIRECTORY_INFORMATION, *PFILE_DIRECTORY_INFORMATION;
3252
3253 typedef struct _FILE_EA_INFORMATION {
3254 ULONG EaSize;
3255 } FILE_EA_INFORMATION, *PFILE_EA_INFORMATION;
3256
3257 typedef struct _FILE_FS_ATTRIBUTE_INFORMATION {
3258 ULONG FileSystemAttributes;
3259 ULONG MaximumComponentNameLength;
3260 ULONG FileSystemNameLength;
3261 WCHAR FileSystemName[1];
3262 } FILE_FS_ATTRIBUTE_INFORMATION, *PFILE_FS_ATTRIBUTE_INFORMATION;
3263
3264 typedef struct _FILE_FS_CONTROL_INFORMATION {
3265 LARGE_INTEGER FreeSpaceStartFiltering;
3266 LARGE_INTEGER FreeSpaceThreshold;
3267 LARGE_INTEGER FreeSpaceStopFiltering;
3268 LARGE_INTEGER DefaultQuotaThreshold;
3269 LARGE_INTEGER DefaultQuotaLimit;
3270 ULONG FileSystemControlFlags;
3271 } FILE_FS_CONTROL_INFORMATION, *PFILE_FS_CONTROL_INFORMATION;
3272
3273 typedef struct _FILE_FS_FULL_SIZE_INFORMATION {
3274 LARGE_INTEGER TotalAllocationUnits;
3275 LARGE_INTEGER CallerAvailableAllocationUnits;
3276 LARGE_INTEGER ActualAvailableAllocationUnits;
3277 ULONG SectorsPerAllocationUnit;
3278 ULONG BytesPerSector;
3279 } FILE_FS_FULL_SIZE_INFORMATION, *PFILE_FS_FULL_SIZE_INFORMATION;
3280
3281 typedef struct _FILE_FS_LABEL_INFORMATION {
3282 ULONG VolumeLabelLength;
3283 WCHAR VolumeLabel[1];
3284 } FILE_FS_LABEL_INFORMATION, *PFILE_FS_LABEL_INFORMATION;
3285
3286 #if (VER_PRODUCTBUILD >= 2195)
3287
3288 typedef struct _FILE_FS_OBJECT_ID_INFORMATION {
3289 UCHAR ObjectId[16];
3290 UCHAR ExtendedInfo[48];
3291 } FILE_FS_OBJECT_ID_INFORMATION, *PFILE_FS_OBJECT_ID_INFORMATION;
3292
3293 #endif // (VER_PRODUCTBUILD >= 2195)
3294
3295 typedef struct _FILE_FS_SIZE_INFORMATION {
3296 LARGE_INTEGER TotalAllocationUnits;
3297 LARGE_INTEGER AvailableAllocationUnits;
3298 ULONG SectorsPerAllocationUnit;
3299 ULONG BytesPerSector;
3300 } FILE_FS_SIZE_INFORMATION, *PFILE_FS_SIZE_INFORMATION;
3301
3302 typedef struct _FILE_FS_VOLUME_INFORMATION {
3303 LARGE_INTEGER VolumeCreationTime;
3304 ULONG VolumeSerialNumber;
3305 ULONG VolumeLabelLength;
3306 BOOLEAN SupportsObjects;
3307 WCHAR VolumeLabel[1];
3308 } FILE_FS_VOLUME_INFORMATION, *PFILE_FS_VOLUME_INFORMATION;
3309
3310 typedef struct _FILE_FULL_DIR_INFORMATION {
3311 ULONG NextEntryOffset;
3312 ULONG FileIndex;
3313 LARGE_INTEGER CreationTime;
3314 LARGE_INTEGER LastAccessTime;
3315 LARGE_INTEGER LastWriteTime;
3316 LARGE_INTEGER ChangeTime;
3317 LARGE_INTEGER EndOfFile;
3318 LARGE_INTEGER AllocationSize;
3319 ULONG FileAttributes;
3320 ULONG FileNameLength;
3321 ULONG EaSize;
3322 WCHAR FileName[1];
3323 } FILE_FULL_DIR_INFORMATION, *PFILE_FULL_DIR_INFORMATION;
3324
3325 typedef struct _FILE_GET_EA_INFORMATION {
3326 ULONG NextEntryOffset;
3327 UCHAR EaNameLength;
3328 CHAR EaName[1];
3329 } FILE_GET_EA_INFORMATION, *PFILE_GET_EA_INFORMATION;
3330
3331 typedef struct _FILE_GET_QUOTA_INFORMATION {
3332 ULONG NextEntryOffset;
3333 ULONG SidLength;
3334 SID Sid;
3335 } FILE_GET_QUOTA_INFORMATION, *PFILE_GET_QUOTA_INFORMATION;
3336
3337 typedef struct _FILE_ID_BOTH_DIR_INFORMATION {
3338 ULONG NextEntryOffset;
3339 ULONG FileIndex;
3340 LARGE_INTEGER CreationTime;
3341 LARGE_INTEGER LastAccessTime;
3342 LARGE_INTEGER LastWriteTime;
3343 LARGE_INTEGER ChangeTime;
3344 LARGE_INTEGER EndOfFile;
3345 LARGE_INTEGER AllocationSize;
3346 ULONG FileAttributes;
3347 ULONG FileNameLength;
3348 ULONG EaSize;
3349 CCHAR ShortNameLength;
3350 WCHAR ShortName[12];
3351 LARGE_INTEGER FileId;
3352 WCHAR FileName[1];
3353 } FILE_ID_BOTH_DIR_INFORMATION, *PFILE_ID_BOTH_DIR_INFORMATION;
3354
3355 typedef struct _FILE_ID_FULL_DIR_INFORMATION {
3356 ULONG NextEntryOffset;
3357 ULONG FileIndex;
3358 LARGE_INTEGER CreationTime;
3359 LARGE_INTEGER LastAccessTime;
3360 LARGE_INTEGER LastWriteTime;
3361 LARGE_INTEGER ChangeTime;
3362 LARGE_INTEGER EndOfFile;
3363 LARGE_INTEGER AllocationSize;
3364 ULONG FileAttributes;
3365 ULONG FileNameLength;
3366 ULONG EaSize;
3367 LARGE_INTEGER FileId;
3368 WCHAR FileName[1];
3369 } FILE_ID_FULL_DIR_INFORMATION, *PFILE_ID_FULL_DIR_INFORMATION;
3370
3371 typedef struct _FILE_INTERNAL_INFORMATION {
3372 LARGE_INTEGER IndexNumber;
3373 } FILE_INTERNAL_INFORMATION, *PFILE_INTERNAL_INFORMATION;
3374
3375 typedef struct _FILE_LINK_INFORMATION {
3376 BOOLEAN ReplaceIfExists;
3377 HANDLE RootDirectory;
3378 ULONG FileNameLength;
3379 WCHAR FileName[1];
3380 } FILE_LINK_INFORMATION, *PFILE_LINK_INFORMATION;
3381
3382 typedef struct _FILE_LOCK_INFO {
3383 LARGE_INTEGER StartingByte;
3384 LARGE_INTEGER Length;
3385 BOOLEAN ExclusiveLock;
3386 ULONG Key;
3387 PFILE_OBJECT FileObject;
3388 PEPROCESS Process;
3389 LARGE_INTEGER EndingByte;
3390 } FILE_LOCK_INFO, *PFILE_LOCK_INFO;
3391
3392 // raw internal file lock struct returned from FsRtlGetNextFileLock
3393 typedef struct _FILE_SHARED_LOCK_ENTRY {
3394 PVOID Unknown1;
3395 PVOID Unknown2;
3396 FILE_LOCK_INFO FileLock;
3397 } FILE_SHARED_LOCK_ENTRY, *PFILE_SHARED_LOCK_ENTRY;
3398
3399 // raw internal file lock struct returned from FsRtlGetNextFileLock
3400 typedef struct _FILE_EXCLUSIVE_LOCK_ENTRY {
3401 LIST_ENTRY ListEntry;
3402 PVOID Unknown1;
3403 PVOID Unknown2;
3404 FILE_LOCK_INFO FileLock;
3405 } FILE_EXCLUSIVE_LOCK_ENTRY, *PFILE_EXCLUSIVE_LOCK_ENTRY;
3406
3407 typedef NTSTATUS (*PCOMPLETE_LOCK_IRP_ROUTINE) (
3408 IN PVOID Context,
3409 IN PIRP Irp
3410 );
3411
3412 typedef VOID (*PUNLOCK_ROUTINE) (
3413 IN PVOID Context,
3414 IN PFILE_LOCK_INFO FileLockInfo
3415 );
3416
3417 typedef struct _FILE_LOCK {
3418 PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine;
3419 PUNLOCK_ROUTINE UnlockRoutine;
3420 BOOLEAN FastIoIsQuestionable;
3421 BOOLEAN Pad[3];
3422 PVOID LockInformation;
3423 FILE_LOCK_INFO LastReturnedLockInfo;
3424 PVOID LastReturnedLock;
3425 } FILE_LOCK, *PFILE_LOCK;
3426
3427 typedef struct _FILE_MAILSLOT_PEEK_BUFFER {
3428 ULONG ReadDataAvailable;
3429 ULONG NumberOfMessages;
3430 ULONG MessageLength;
3431 } FILE_MAILSLOT_PEEK_BUFFER, *PFILE_MAILSLOT_PEEK_BUFFER;
3432
3433 typedef struct _FILE_MAILSLOT_QUERY_INFORMATION {
3434 ULONG MaximumMessageSize;
3435 ULONG MailslotQuota;
3436 ULONG NextMessageSize;
3437 ULONG MessagesAvailable;
3438 LARGE_INTEGER ReadTimeout;
3439 } FILE_MAILSLOT_QUERY_INFORMATION, *PFILE_MAILSLOT_QUERY_INFORMATION;
3440
3441 typedef struct _FILE_MAILSLOT_SET_INFORMATION {
3442 PLARGE_INTEGER ReadTimeout;
3443 } FILE_MAILSLOT_SET_INFORMATION, *PFILE_MAILSLOT_SET_INFORMATION;
3444
3445 typedef struct _FILE_MODE_INFORMATION {
3446 ULONG Mode;
3447 } FILE_MODE_INFORMATION, *PFILE_MODE_INFORMATION;
3448
3449 // This structure is included in the Windows 2000 DDK but is missing in the
3450 // Windows NT 4.0 DDK
3451 #if (VER_PRODUCTBUILD < 2195)
3452 typedef struct _FILE_NAME_INFORMATION {
3453 ULONG FileNameLength;
3454 WCHAR FileName[1];
3455 } FILE_NAME_INFORMATION, *PFILE_NAME_INFORMATION;
3456 #endif // (VER_PRODUCTBUILD < 2195)
3457
3458 typedef struct _FILE_ALL_INFORMATION {
3459 FILE_BASIC_INFORMATION BasicInformation;
3460 FILE_STANDARD_INFORMATION StandardInformation;
3461 FILE_INTERNAL_INFORMATION InternalInformation;
3462 FILE_EA_INFORMATION EaInformation;
3463 FILE_ACCESS_INFORMATION AccessInformation;
3464 FILE_POSITION_INFORMATION PositionInformation;
3465 FILE_MODE_INFORMATION ModeInformation;
3466 FILE_ALIGNMENT_INFORMATION AlignmentInformation;
3467 FILE_NAME_INFORMATION NameInformation;
3468 } FILE_ALL_INFORMATION, *PFILE_ALL_INFORMATION;
3469
3470 typedef struct _FILE_NAMES_INFORMATION {
3471 ULONG NextEntryOffset;
3472 ULONG FileIndex;
3473 ULONG FileNameLength;
3474 WCHAR FileName[1];
3475 } FILE_NAMES_INFORMATION, *PFILE_NAMES_INFORMATION;
3476
3477 typedef struct _FILE_NOTIFY_INFORMATION {
3478 ULONG NextEntryOffset;
3479 ULONG Action;
3480 ULONG FileNameLength;
3481 WCHAR FileName[1];
3482 } FILE_NOTIFY_INFORMATION, *PFILE_NOTIFY_INFORMATION;
3483
3484 typedef struct _FILE_OBJECTID_INFORMATION {
3485 LONGLONG FileReference;
3486 UCHAR ObjectId[16];
3487 union {
3488 struct {
3489 UCHAR BirthVolumeId[16];
3490 UCHAR BirthObjectId[16];
3491 UCHAR DomainId[16];
3492 } ;
3493 UCHAR ExtendedInfo[48];
3494 };
3495 } FILE_OBJECTID_INFORMATION, *PFILE_OBJECTID_INFORMATION;
3496
3497 typedef struct _FILE_OLE_CLASSID_INFORMATION {
3498 GUID ClassId;
3499 } FILE_OLE_CLASSID_INFORMATION, *PFILE_OLE_CLASSID_INFORMATION;
3500
3501 typedef struct _FILE_OLE_ALL_INFORMATION {
3502 FILE_BASIC_INFORMATION BasicInformation;
3503 FILE_STANDARD_INFORMATION StandardInformation;
3504 FILE_INTERNAL_INFORMATION InternalInformation;
3505 FILE_EA_INFORMATION EaInformation;
3506 FILE_ACCESS_INFORMATION AccessInformation;
3507 FILE_POSITION_INFORMATION PositionInformation;
3508 FILE_MODE_INFORMATION ModeInformation;
3509 FILE_ALIGNMENT_INFORMATION AlignmentInformation;
3510 USN LastChangeUsn;
3511 USN ReplicationUsn;
3512 LARGE_INTEGER SecurityChangeTime;
3513 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation;
3514 FILE_OBJECTID_INFORMATION ObjectIdInformation;
3515 FILE_STORAGE_TYPE StorageType;
3516 ULONG OleStateBits;
3517 ULONG OleId;
3518 ULONG NumberOfStreamReferences;
3519 ULONG StreamIndex;
3520 ULONG SecurityId;
3521 BOOLEAN ContentIndexDisable;
3522 BOOLEAN InheritContentIndexDisable;
3523 FILE_NAME_INFORMATION NameInformation;
3524 } FILE_OLE_ALL_INFORMATION, *PFILE_OLE_ALL_INFORMATION;
3525
3526 typedef struct _FILE_OLE_DIR_INFORMATION {
3527 ULONG NextEntryOffset;
3528 ULONG FileIndex;
3529 LARGE_INTEGER CreationTime;
3530 LARGE_INTEGER LastAccessTime;
3531 LARGE_INTEGER LastWriteTime;
3532 LARGE_INTEGER ChangeTime;
3533 LARGE_INTEGER EndOfFile;
3534 LARGE_INTEGER AllocationSize;
3535 ULONG FileAttributes;
3536 ULONG FileNameLength;
3537 FILE_STORAGE_TYPE StorageType;
3538 GUID OleClassId;
3539 ULONG OleStateBits;
3540 BOOLEAN ContentIndexDisable;
3541 BOOLEAN InheritContentIndexDisable;
3542 WCHAR FileName[1];
3543 } FILE_OLE_DIR_INFORMATION, *PFILE_OLE_DIR_INFORMATION;
3544
3545 typedef struct _FILE_OLE_INFORMATION {
3546 LARGE_INTEGER SecurityChangeTime;
3547 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation;
3548 FILE_OBJECTID_INFORMATION ObjectIdInformation;
3549 FILE_STORAGE_TYPE StorageType;
3550 ULONG OleStateBits;
3551 BOOLEAN ContentIndexDisable;
3552 BOOLEAN InheritContentIndexDisable;
3553 } FILE_OLE_INFORMATION, *PFILE_OLE_INFORMATION;
3554
3555 typedef struct _FILE_OLE_STATE_BITS_INFORMATION {
3556 ULONG StateBits;
3557 ULONG StateBitsMask;
3558 } FILE_OLE_STATE_BITS_INFORMATION, *PFILE_OLE_STATE_BITS_INFORMATION;
3559
3560 typedef struct _FILE_PIPE_ASSIGN_EVENT_BUFFER {
3561 HANDLE EventHandle;
3562 ULONG KeyValue;
3563 } FILE_PIPE_ASSIGN_EVENT_BUFFER, *PFILE_PIPE_ASSIGN_EVENT_BUFFER;
3564
3565 typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER {
3566 PVOID ClientSession;
3567 PVOID ClientProcess;
3568 } FILE_PIPE_CLIENT_PROCESS_BUFFER, *PFILE_PIPE_CLIENT_PROCESS_BUFFER;
3569
3570 typedef struct _FILE_PIPE_EVENT_BUFFER {
3571 ULONG NamedPipeState;
3572 ULONG EntryType;
3573 ULONG ByteCount;
3574 ULONG KeyValue;
3575 ULONG NumberRequests;
3576 } FILE_PIPE_EVENT_BUFFER, *PFILE_PIPE_EVENT_BUFFER;
3577
3578 typedef struct _FILE_PIPE_INFORMATION {
3579 ULONG ReadMode;
3580 ULONG CompletionMode;
3581 } FILE_PIPE_INFORMATION, *PFILE_PIPE_INFORMATION;
3582
3583 typedef struct _FILE_PIPE_LOCAL_INFORMATION {
3584 ULONG NamedPipeType;
3585 ULONG NamedPipeConfiguration;
3586 ULONG MaximumInstances;
3587 ULONG CurrentInstances;
3588 ULONG InboundQuota;
3589 ULONG ReadDataAvailable;
3590 ULONG OutboundQuota;
3591 ULONG WriteQuotaAvailable;
3592 ULONG NamedPipeState;
3593 ULONG NamedPipeEnd;
3594 } FILE_PIPE_LOCAL_INFORMATION, *PFILE_PIPE_LOCAL_INFORMATION;
3595
3596 typedef struct _FILE_PIPE_PEEK_BUFFER {
3597 ULONG NamedPipeState;
3598 ULONG ReadDataAvailable;
3599 ULONG NumberOfMessages;
3600 ULONG MessageLength;
3601 CHAR Data[1];
3602 } FILE_PIPE_PEEK_BUFFER, *PFILE_PIPE_PEEK_BUFFER;
3603
3604 typedef struct _FILE_PIPE_REMOTE_INFORMATION {
3605 LARGE_INTEGER CollectDataTime;
3606 ULONG MaximumCollectionCount;
3607 } FILE_PIPE_REMOTE_INFORMATION, *PFILE_PIPE_REMOTE_INFORMATION;
3608
3609 typedef struct _FILE_PIPE_WAIT_FOR_BUFFER {
3610 LARGE_INTEGER Timeout;
3611 ULONG NameLength;
3612 BOOLEAN TimeoutSpecified;
3613 WCHAR Name[1];
3614 } FILE_PIPE_WAIT_FOR_BUFFER, *PFILE_PIPE_WAIT_FOR_BUFFER;
3615
3616 typedef struct _FILE_QUOTA_INFORMATION {
3617 ULONG NextEntryOffset;
3618 ULONG SidLength;
3619 LARGE_INTEGER ChangeTime;
3620 LARGE_INTEGER QuotaUsed;
3621 LARGE_INTEGER QuotaThreshold;
3622 LARGE_INTEGER QuotaLimit;
3623 SID Sid;
3624 } FILE_QUOTA_INFORMATION, *PFILE_QUOTA_INFORMATION;
3625
3626 typedef struct _FILE_RENAME_INFORMATION {
3627 BOOLEAN ReplaceIfExists;
3628 HANDLE RootDirectory;
3629 ULONG FileNameLength;
3630 WCHAR FileName[1];
3631 } FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION;
3632
3633 typedef struct _FILE_STREAM_INFORMATION {
3634 ULONG NextEntryOffset;
3635 ULONG StreamNameLength;
3636 LARGE_INTEGER StreamSize;
3637 LARGE_INTEGER StreamAllocationSize;
3638 WCHAR StreamName[1];
3639 } FILE_STREAM_INFORMATION, *PFILE_STREAM_INFORMATION;
3640
3641 typedef struct _FILE_TRACKING_INFORMATION {
3642 HANDLE DestinationFile;
3643 ULONG ObjectInformationLength;
3644 CHAR ObjectInformation[1];
3645 } FILE_TRACKING_INFORMATION, *PFILE_TRACKING_INFORMATION;
3646
3647 typedef struct _FSRTL_COMMON_FCB_HEADER {
3648 CSHORT NodeTypeCode;
3649 CSHORT NodeByteSize;
3650 UCHAR Flags;
3651 UCHAR IsFastIoPossible;
3652 #if (VER_PRODUCTBUILD >= 1381)
3653 UCHAR Flags2;
3654 UCHAR Reserved : 4;
3655 UCHAR Version : 4;
3656 #endif // (VER_PRODUCTBUILD >= 1381)
3657 PERESOURCE Resource;
3658 PERESOURCE PagingIoResource;
3659 LARGE_INTEGER AllocationSize;
3660 LARGE_INTEGER FileSize;
3661 LARGE_INTEGER ValidDataLength;
3662 } FSRTL_COMMON_FCB_HEADER, *PFSRTL_COMMON_FCB_HEADER;
3663
3664 #if (VER_PRODUCTBUILD >= 2600)
3665
3666 #ifdef __cplusplus
3667 typedef struct _FSRTL_ADVANCED_FCB_HEADER:FSRTL_COMMON_FCB_HEADER {
3668 #else // __cplusplus
3669 typedef struct _FSRTL_ADVANCED_FCB_HEADER {
3670 FSRTL_COMMON_FCB_HEADER;
3671 #endif // __cplusplus
3672 PFAST_MUTEX FastMutex;
3673 LIST_ENTRY FilterContexts;
3674 EX_PUSH_LOCK PushLock;
3675 PVOID *FileContextSupportPointer;
3676 } FSRTL_ADVANCED_FCB_HEADER, *PFSRTL_ADVANCED_FCB_HEADER;
3677
3678 #endif // (VER_PRODUCTBUILD >= 2600)
3679
3680 typedef struct _GENERATE_NAME_CONTEXT {
3681 USHORT Checksum;
3682 BOOLEAN CheckSumInserted;
3683 UCHAR NameLength;
3684 WCHAR NameBuffer[8];
3685 ULONG ExtensionLength;
3686 WCHAR ExtensionBuffer[4];
3687 ULONG LastIndexValue;
3688 } GENERATE_NAME_CONTEXT, *PGENERATE_NAME_CONTEXT;
3689
3690 typedef struct _HANDLE_INFO { // Information about open handles
3691 union {
3692 PEPROCESS Process; // Pointer to PEPROCESS owning the Handle
3693 ULONG Count; // Count of HANDLE_INFO structures following this structure
3694 } HandleInfo;
3695 USHORT HandleCount;
3696 } HANDLE_INFO, *PHANDLE_INFO;
3697
3698 typedef struct _HANDLE_TABLE_ENTRY_INFO {
3699 ULONG AuditMask;
3700 } HANDLE_TABLE_ENTRY_INFO, *PHANDLE_TABLE_ENTRY_INFO;
3701
3702 typedef struct _HANDLE_TABLE_ENTRY {
3703 union {
3704 PVOID Object;
3705 ULONG ObAttributes;
3706 PHANDLE_TABLE_ENTRY_INFO InfoTable;
3707 ULONG Value;
3708 };
3709 union {
3710 ULONG GrantedAccess;
3711 USHORT GrantedAccessIndex;
3712 LONG NextFreeTableEntry;
3713 };
3714 USHORT CreatorBackTraceIndex;
3715 } HANDLE_TABLE_ENTRY, *PHANDLE_TABLE_ENTRY;
3716
3717 typedef struct _MAPPING_PAIR {
3718 ULONGLONG Vcn;
3719 ULONGLONG Lcn;
3720 } MAPPING_PAIR, *PMAPPING_PAIR;
3721
3722 typedef struct _GET_RETRIEVAL_DESCRIPTOR {
3723 ULONG NumberOfPairs;
3724 ULONGLONG StartVcn;
3725 MAPPING_PAIR Pair[1];
3726 } GET_RETRIEVAL_DESCRIPTOR, *PGET_RETRIEVAL_DESCRIPTOR;
3727
3728 typedef struct _INITIAL_TEB {
3729 ULONG Unknown_1;
3730 ULONG Unknown_2;
3731 PVOID StackTop;
3732 PVOID StackBase;
3733 PVOID Unknown_3;
3734 } INITIAL_TEB, *PINITIAL_TEB;
3735
3736 typedef struct _IO_CLIENT_EXTENSION {
3737 struct _IO_CLIENT_EXTENSION *NextExtension;
3738 PVOID ClientIdentificationAddress;
3739 } IO_CLIENT_EXTENSION, *PIO_CLIENT_EXTENSION;
3740
3741 typedef struct _IO_COMPLETION_BASIC_INFORMATION {
3742 LONG Depth;
3743 } IO_COMPLETION_BASIC_INFORMATION, *PIO_COMPLETION_BASIC_INFORMATION;
3744
3745 typedef struct _KEVENT_PAIR {
3746 USHORT Type;
3747 USHORT Size;
3748 KEVENT Event1;
3749 KEVENT Event2;
3750 } KEVENT_PAIR, *PKEVENT_PAIR;
3751
3752 typedef struct _KINTERRUPT {
3753 CSHORT Type;
3754 CSHORT Size;
3755 LIST_ENTRY InterruptListEntry;
3756 PKSERVICE_ROUTINE ServiceRoutine;
3757 PVOID ServiceContext;
3758 KSPIN_LOCK SpinLock;
3759 ULONG TickCount;
3760 PKSPIN_LOCK ActualLock;
3761 PVOID DispatchAddress;
3762 ULONG Vector;
3763 KIRQL Irql;
3764 KIRQL SynchronizeIrql;
3765 BOOLEAN FloatingSave;
3766 BOOLEAN Connected;
3767 CHAR Number;
3768 UCHAR ShareVector;
3769 KINTERRUPT_MODE Mode;
3770 ULONG ServiceCount;
3771 ULONG DispatchCount;
3772 ULONG DispatchCode[106];
3773 } KINTERRUPT, *PKINTERRUPT;
3774
3775 typedef struct _KQUEUE {
3776 DISPATCHER_HEADER Header;
3777 LIST_ENTRY EntryListHead;
3778 ULONG CurrentCount;
3779 ULONG MaximumCount;
3780 LIST_ENTRY ThreadListHead;
3781 } KQUEUE, *PKQUEUE, *RESTRICTED_POINTER PRKQUEUE;
3782
3783 typedef struct _LARGE_MCB {
3784 PFAST_MUTEX FastMutex;
3785 ULONG MaximumPairCount;
3786 ULONG PairCount;
3787 POOL_TYPE PoolType;
3788 PVOID Mapping;
3789 } LARGE_MCB, *PLARGE_MCB;
3790
3791 typedef struct _LPC_MESSAGE {
3792 USHORT DataSize;
3793 USHORT MessageSize;
3794 USHORT MessageType;
3795 USHORT VirtualRangesOffset;
3796 CLIENT_ID ClientId;
3797 ULONG MessageId;
3798 ULONG SectionSize;
3799 UCHAR Data[1];
3800 } LPC_MESSAGE, *PLPC_MESSAGE;
3801
3802 typedef struct _LPC_SECTION_READ {
3803 ULONG Length;
3804 ULONG ViewSize;
3805 PVOID ViewBase;
3806 } LPC_SECTION_READ, *PLPC_SECTION_READ;
3807
3808 typedef struct _LPC_SECTION_WRITE {
3809 ULONG Length;
3810 HANDLE SectionHandle;
3811 ULONG SectionOffset;
3812 ULONG ViewSize;
3813 PVOID ViewBase;
3814 PVOID TargetViewBase;
3815 } LPC_SECTION_WRITE, *PLPC_SECTION_WRITE;
3816
3817 typedef struct _MAILSLOT_CREATE_PARAMETERS {
3818 ULONG MailslotQuota;
3819 ULONG MaximumMessageSize;
3820 LARGE_INTEGER ReadTimeout;
3821 BOOLEAN TimeoutSpecified;
3822 } MAILSLOT_CREATE_PARAMETERS, *PMAILSLOT_CREATE_PARAMETERS;
3823
3824 typedef struct _MBCB {
3825 CSHORT NodeTypeCode;
3826 CSHORT NodeIsInZone;
3827 ULONG PagesToWrite;
3828 ULONG DirtyPages;
3829 ULONG Reserved;
3830 LIST_ENTRY BitmapRanges;
3831 LONGLONG ResumeWritePage;
3832 BITMAP_RANGE BitmapRange1;
3833 BITMAP_RANGE BitmapRange2;
3834 BITMAP_RANGE BitmapRange3;
3835 } MBCB, *PMBCB;
3836
3837 typedef struct _MCB {
3838 LARGE_MCB LargeMcb;
3839 } MCB, *PMCB;
3840
3841 typedef struct _MOVEFILE_DESCRIPTOR {
3842 HANDLE FileHandle;
3843 ULONG Reserved;
3844 LARGE_INTEGER StartVcn;
3845 LARGE_INTEGER TargetLcn;
3846 ULONG NumVcns;
3847 ULONG Reserved1;
3848 } MOVEFILE_DESCRIPTOR, *PMOVEFILE_DESCRIPTOR;
3849
3850 typedef struct _NAMED_PIPE_CREATE_PARAMETERS {
3851 ULONG NamedPipeType;
3852 ULONG ReadMode;
3853 ULONG CompletionMode;
3854 ULONG MaximumInstances;
3855 ULONG InboundQuota;
3856 ULONG OutboundQuota;
3857 LARGE_INTEGER DefaultTimeout;
3858 BOOLEAN TimeoutSpecified;
3859 } NAMED_PIPE_CREATE_PARAMETERS, *PNAMED_PIPE_CREATE_PARAMETERS;
3860
3861 typedef struct _QUOTA_BLOCK {
3862 KSPIN_LOCK QuotaLock;
3863 ULONG ReferenceCount; // Number of processes using this block
3864 ULONG PeakNonPagedPoolUsage;
3865 ULONG PeakPagedPoolUsage;
3866 ULONG NonPagedpoolUsage;
3867 ULONG PagedPoolUsage;
3868 ULONG NonPagedPoolLimit;
3869 ULONG PagedPoolLimit;
3870 ULONG PeakPagefileUsage;
3871 ULONG PagefileUsage;
3872 ULONG PageFileLimit;
3873 } QUOTA_BLOCK, *PQUOTA_BLOCK;
3874
3875 typedef struct _OBJECT_BASIC_INFO {
3876 ULONG Attributes;
3877 ACCESS_MASK GrantedAccess;
3878 ULONG HandleCount;
3879 ULONG ReferenceCount;
3880 ULONG PagedPoolUsage;
3881 ULONG NonPagedPoolUsage;
3882 ULONG Reserved[3];
3883 ULONG NameInformationLength;
3884 ULONG TypeInformationLength;
3885 ULONG SecurityDescriptorLength;
3886 LARGE_INTEGER CreateTime;
3887 } OBJECT_BASIC_INFO, *POBJECT_BASIC_INFO;
3888
3889 typedef struct _OBJECT_CREATE_INFORMATION {
3890 ULONG Attributes;
3891 HANDLE RootDirectory; // 0x4
3892 PVOID ParseContext; // 0x8
3893 KPROCESSOR_MODE ProbeMode; // 0xc
3894 ULONG PagedPoolCharge; // 0x10
3895 ULONG NonPagedPoolCharge; // 0x14
3896 ULONG SecurityDescriptorCharge; // 0x18
3897 PSECURITY_DESCRIPTOR SecurityDescriptor; // 0x1c
3898 PSECURITY_QUALITY_OF_SERVICE SecurityQos; // 0x20
3899 SECURITY_QUALITY_OF_SERVICE SecurityQualityOfService; // 0x24
3900 } OBJECT_CREATE_INFORMATION, *POBJECT_CREATE_INFORMATION;
3901
3902 typedef struct _OBJECT_CREATOR_INFO {
3903 LIST_ENTRY Creator;
3904 ULONG UniqueProcessId; // Creator's Process ID
3905 ULONG Reserved; // Alignment
3906 } OBJECT_CREATOR_INFO, *POBJECT_CREATOR_INFO;
3907
3908 typedef struct _OBJECT_DIRECTORY_ITEM {
3909 struct _OBJECT_DIRECTORY_ITEM *Next;
3910 PVOID Object;
3911 } OBJECT_DIRECTORY_ITEM, *POBJECT_DIRECTORY_ITEM;
3912
3913 typedef struct _OBJECT_DIRECTORY {
3914 POBJECT_DIRECTORY_ITEM HashEntries[0x25];
3915 POBJECT_DIRECTORY_ITEM LastHashAccess;
3916 ULONG LastHashResult;
3917 } OBJECT_DIRECTORY, *POBJECT_DIRECTORY;
3918
3919 typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFO {
3920 BOOLEAN Inherit;
3921 BOOLEAN ProtectFromClose;
3922 } OBJECT_HANDLE_ATTRIBUTE_INFO, *POBJECT_HANDLE_ATTRIBUTE_INFO;
3923
3924 typedef struct _OBJECT_HANDLE_DB {
3925 union {
3926 struct _EPROCESS *Process;
3927 struct _OBJECT_HANDLE_DB_LIST *HandleDBList;
3928 };
3929 ULONG HandleCount;
3930 } OBJECT_HANDLE_DB, *POBJECT_HANDLE_DB;
3931
3932 typedef struct _OBJECT_HANDLE_DB_LIST {
3933 ULONG Count;
3934 OBJECT_HANDLE_DB Entries[1];
3935 } OBJECT_HANDLE_DB_LIST, *POBJECT_HANDLE_DB_LIST;
3936
3937 typedef struct _OBJECT_HEADER_FLAGS {
3938 ULONG NameInfoOffset : 8;
3939 ULONG HandleInfoOffset : 8;
3940 ULONG QuotaInfoOffset : 8;
3941 ULONG QuotaBlock : 1; // QuotaBlock/ObjectInfo
3942 ULONG KernelMode : 1; // UserMode/KernelMode
3943 ULONG CreatorInfo : 1;
3944 ULONG Exclusive : 1;
3945 ULONG Permanent : 1;
3946 ULONG SecurityDescriptor : 1;
3947 ULONG HandleInfo : 1;
3948 ULONG Reserved : 1;
3949 } OBJECT_HEADER_FLAGS, *POBJECT_HEADER_FLAGS;
3950
3951 typedef struct _OBJECT_HEADER {
3952 ULONG ReferenceCount;
3953 union {
3954 ULONG HandleCount;
3955 PSINGLE_LIST_ENTRY NextToFree;
3956 }; // 0x4
3957 POBJECT_TYPE ObjectType; // 0x8
3958 OBJECT_HEADER_FLAGS Flags; // 0xc
3959 union {
3960 POBJECT_CREATE_INFORMATION ObjectCreateInfo;
3961 PQUOTA_BLOCK QuotaBlock;
3962 }; // 0x10
3963 PSECURITY_DESCRIPTOR SecurityDescriptor; // 0x14
3964 QUAD Body; // 0x18
3965 } OBJECT_HEADER, *POBJECT_HEADER;
3966
3967 typedef struct _OBJECT_NAME {
3968 POBJECT_DIRECTORY Directory;
3969 UNICODE_STRING ObjectName;
3970 ULONG Reserved;
3971 } OBJECT_NAME, *POBJECT_NAME;
3972
3973 typedef struct _OBJECT_NAME_INFO {
3974 UNICODE_STRING ObjectName;
3975 WCHAR ObjectNameBuffer[1];
3976 } OBJECT_NAME_INFO, *POBJECT_NAME_INFO;
3977
3978 typedef struct _OBJECT_PROTECTION_INFO {
3979 BOOLEAN Inherit;
3980 BOOLEAN ProtectHandle;
3981 } OBJECT_PROTECTION_INFO, *POBJECT_PROTECTION_INFO;
3982
3983 typedef struct _OBJECT_QUOTA_CHARGES {
3984 ULONG PagedPoolCharge;
3985 ULONG NonPagedPoolCharge;
3986 ULONG SecurityCharge;
3987 ULONG Reserved;
3988 } OBJECT_QUOTA_CHARGES, *POBJECT_QUOTA_CHARGES;
3989
3990 typedef struct _OBJECT_QUOTA_INFO {
3991 ULONG PagedPoolQuota;
3992 ULONG NonPagedPoolQuota;
3993 ULONG QuotaInformationSize;
3994 PEPROCESS Process; // Owning process
3995 } OBJECT_QUOTA_INFO, *POBJECT_QUOTA_INFO;
3996
3997 typedef struct _OBJECT_TYPE_INITIALIZER {
3998 USHORT Length;
3999 BOOLEAN UseDefaultObject;
4000 BOOLEAN Reserved1;
4001 ULONG InvalidAttributes;
4002 GENERIC_MAPPING GenericMapping;
4003 ACCESS_MASK ValidAccessMask;
4004 BOOLEAN SecurityRequired;
4005 BOOLEAN MaintainHandleCount; /* OBJECT_HANDLE_DB */
4006 BOOLEAN MaintainTypeList; /* OBJECT_CREATOR_INFO */
4007 UCHAR Reserved2;
4008 BOOLEAN PagedPool;
4009 ULONG DefaultPagedPoolCharge;
4010 ULONG DefaultNonPagedPoolCharge;
4011 PVOID DumpProcedure;
4012 PVOID OpenProcedure;
4013 PVOID CloseProcedure;
4014 PVOID DeleteProcedure;
4015 PVOID ParseProcedure;
4016 PVOID SecurityProcedure; /* SeDefaultObjectMethod */
4017 PVOID QueryNameProcedure;
4018 PVOID OkayToCloseProcedure;
4019 } OBJECT_TYPE_INITIALIZER, *POBJECT_TYPE_INITIALIZER;
4020
4021 typedef struct _OBJECT_TYPE {
4022 ERESOURCE Lock;
4023 LIST_ENTRY ObjectListHead; /* OBJECT_CREATOR_INFO */
4024 UNICODE_STRING ObjectTypeName;
4025 union {
4026 PVOID DefaultObject; /* ObpDefaultObject */
4027 ULONG Code; /* File: 5C, WaitablePort: A0 */
4028 };
4029 ULONG ObjectTypeIndex; /* OB_TYPE_INDEX_* */
4030 ULONG ObjectCount;
4031 ULONG HandleCount;
4032 ULONG PeakObjectCount;
4033 ULONG PeakHandleCount;
4034 OBJECT_TYPE_INITIALIZER TypeInfo;
4035 ULONG ObjectTypeTag; /* OB_TYPE_TAG_* */
4036 } OBJECT_TYPE, *POBJECT_TYPE;
4037
4038 typedef struct _OBJECT_TYPE_INFO {
4039 UNICODE_STRING ObjectTypeName;
4040 UCHAR Unknown[0x58];
4041 WCHAR ObjectTypeNameBuffer[1];
4042 } OBJECT_TYPE_INFO, *POBJECT_TYPE_INFO;
4043
4044 typedef struct _OBJECT_ALL_TYPES_INFO {
4045 ULONG NumberOfObjectTypes;
4046 OBJECT_TYPE_INFO ObjectsTypeInfo[1];
4047 } OBJECT_ALL_TYPES_INFO, *POBJECT_ALL_TYPES_INFO;
4048
4049 typedef struct _PAGEFAULT_HISTORY {
4050 ULONG CurrentIndex;
4051 ULONG MaxIndex;
4052 KSPIN_LOCK SpinLock;
4053 PVOID Reserved;
4054 PROCESS_WS_WATCH_INFORMATION WatchInfo[1];
4055 } PAGEFAULT_HISTORY, *PPAGEFAULT_HISTORY;
4056
4057 typedef struct _PATHNAME_BUFFER {
4058 ULONG PathNameLength;
4059 WCHAR Name[1];
4060 } PATHNAME_BUFFER, *PPATHNAME_BUFFER;
4061
4062 #if (VER_PRODUCTBUILD >= 2600)
4063
4064 typedef struct _PRIVATE_CACHE_MAP_FLAGS {
4065 ULONG DontUse : 16;
4066 ULONG ReadAheadActive : 1;
4067 ULONG ReadAheadEnabled : 1;
4068 ULONG Available : 14;
4069 } PRIVATE_CACHE_MAP_FLAGS, *PPRIVATE_CACHE_MAP_FLAGS;
4070
4071 typedef struct _PRIVATE_CACHE_MAP {
4072 union {
4073 CSHORT NodeTypeCode;
4074 PRIVATE_CACHE_MAP_FLAGS Flags;
4075 ULONG UlongFlags;
4076 };
4077 ULONG ReadAheadMask;
4078 PFILE_OBJECT FileObject;
4079 LARGE_INTEGER FileOffset1;
4080 LARGE_INTEGER BeyondLastByte1;
4081 LARGE_INTEGER FileOffset2;
4082 LARGE_INTEGER BeyondLastByte2;
4083 LARGE_INTEGER ReadAheadOffset[2];
4084 ULONG ReadAheadLength[2];
4085 KSPIN_LOCK ReadAheadSpinLock;
4086 LIST_ENTRY PrivateLinks;
4087 } PRIVATE_CACHE_MAP, *PPRIVATE_CACHE_MAP;
4088
4089 #endif
4090
4091 typedef struct _PROCESS_PRIORITY_CLASS {
4092 BOOLEAN Foreground;
4093 UCHAR PriorityClass;
4094 } PROCESS_PRIORITY_CLASS, *PPROCESS_PRIORITY_CLASS;
4095
4096 typedef struct _PS_IMPERSONATION_INFORMATION {
4097 PACCESS_TOKEN Token;
4098 BOOLEAN CopyOnOpen;
4099 BOOLEAN EffectiveOnly;
4100 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
4101 } PS_IMPERSONATION_INFORMATION, *PPS_IMPERSONATION_INFORMATION;
4102
4103 typedef struct _PUBLIC_BCB {
4104 CSHORT NodeTypeCode;
4105 CSHORT NodeByteSize;
4106 ULONG MappedLength;
4107 LARGE_INTEGER MappedFileOffset;
4108 } PUBLIC_BCB, *PPUBLIC_BCB;
4109
4110 typedef struct _QUERY_PATH_REQUEST {
4111 ULONG PathNameLength;
4112 PIO_SECURITY_CONTEXT SecurityContext;
4113 WCHAR FilePathName[1];
4114 } QUERY_PATH_REQUEST, *PQUERY_PATH_REQUEST;
4115
4116 typedef struct _QUERY_PATH_RESPONSE {
4117 ULONG LengthAccepted;
4118 } QUERY_PATH_RESPONSE, *PQUERY_PATH_RESPONSE;
4119
4120 #if (VER_PRODUCTBUILD >= 2600)
4121
4122 typedef struct _READ_LIST {
4123 PFILE_OBJECT FileObject;
4124 ULONG NumberOfEntries;
4125 LOGICAL IsImage;
4126 FILE_SEGMENT_ELEMENT List[ANYSIZE_ARRAY];
4127 } READ_LIST, *PREAD_LIST;
4128
4129 #endif // (VER_PRODUCTBUILD >= 2600)
4130
4131 typedef struct _REPARSE_DATA_BUFFER {
4132
4133 ULONG ReparseTag;
4134 USHORT ReparseDataLength;
4135 USHORT Reserved;
4136
4137 union {
4138
4139 struct {
4140 USHORT SubstituteNameOffset;
4141 USHORT SubstituteNameLength;
4142 USHORT PrintNameOffset;
4143 USHORT PrintNameLength;
4144 WCHAR PathBuffer[1];
4145 } SymbolicLinkReparseBuffer;
4146
4147 struct {
4148 USHORT SubstituteNameOffset;
4149 USHORT SubstituteNameLength;
4150 USHORT PrintNameOffset;
4151 USHORT PrintNameLength;
4152 WCHAR PathBuffer[1];
4153 } MountPointReparseBuffer;
4154
4155 struct {
4156 UCHAR DataBuffer[1];
4157 } GenericReparseBuffer;
4158 };
4159
4160 } REPARSE_DATA_BUFFER, *PREPARSE_DATA_BUFFER;
4161
4162 typedef struct _RETRIEVAL_POINTERS_BUFFER {
4163 ULONG ExtentCount;
4164 LARGE_INTEGER StartingVcn;
4165 struct {
4166 LARGE_INTEGER NextVcn;
4167 LARGE_INTEGER Lcn;
4168 } Extents[1];
4169 } RETRIEVAL_POINTERS_BUFFER, *PRETRIEVAL_POINTERS_BUFFER;
4170
4171 typedef struct _RTL_SPLAY_LINKS {
4172 struct _RTL_SPLAY_LINKS *Parent;
4173 struct _RTL_SPLAY_LINKS *LeftChild;
4174 struct _RTL_SPLAY_LINKS *RightChild;
4175 } RTL_SPLAY_LINKS, *PRTL_SPLAY_LINKS;
4176
4177 typedef struct _SE_EXPORTS {
4178
4179 LUID SeCreateTokenPrivilege;
4180 LUID SeAssignPrimaryTokenPrivilege;
4181 LUID SeLockMemoryPrivilege;
4182 LUID SeIncreaseQuotaPrivilege;
4183 LUID SeUnsolicitedInputPrivilege;
4184 LUID SeTcbPrivilege;
4185 LUID SeSecurityPrivilege;
4186 LUID SeTakeOwnershipPrivilege;
4187 LUID SeLoadDriverPrivilege;
4188 LUID SeCreatePagefilePrivilege;
4189 LUID SeIncreaseBasePriorityPrivilege;
4190 LUID SeSystemProfilePrivilege;
4191 LUID SeSystemtimePrivilege;
4192 LUID SeProfileSingleProcessPrivilege;
4193 LUID SeCreatePermanentPrivilege;
4194 LUID SeBackupPrivilege;
4195 LUID SeRestorePrivilege;
4196 LUID SeShutdownPrivilege;
4197 LUID SeDebugPrivilege;
4198 LUID SeAuditPrivilege;
4199 LUID SeSystemEnvironmentPrivilege;
4200 LUID SeChangeNotifyPrivilege;
4201 LUID SeRemoteShutdownPrivilege;
4202
4203 PSID SeNullSid;
4204 PSID SeWorldSid;
4205 PSID SeLocalSid;
4206 PSID SeCreatorOwnerSid;
4207 PSID SeCreatorGroupSid;
4208
4209 PSID SeNtAuthoritySid;
4210 PSID SeDialupSid;
4211 PSID SeNetworkSid;
4212 PSID SeBatchSid;
4213 PSID SeInteractiveSid;
4214 PSID SeLocalSystemSid;
4215 PSID SeAliasAdminsSid;
4216 PSID SeAliasUsersSid;
4217 PSID SeAliasGuestsSid;
4218 PSID SeAliasPowerUsersSid;
4219 PSID SeAliasAccountOpsSid;
4220 PSID SeAliasSystemOpsSid;
4221 PSID SeAliasPrintOpsSid;
4222 PSID SeAliasBackupOpsSid;
4223
4224 PSID SeAuthenticatedUsersSid;
4225
4226 PSID SeRestrictedSid;
4227 PSID SeAnonymousLogonSid;
4228
4229 LUID SeUndockPrivilege;
4230 LUID SeSyncAgentPrivilege;
4231 LUID SeEnableDelegationPrivilege;
4232
4233 } SE_EXPORTS, *PSE_EXPORTS;
4234
4235 typedef struct _SECTION_BASIC_INFORMATION {
4236 PVOID BaseAddress;
4237 ULONG Attributes;
4238 LARGE_INTEGER Size;
4239 } SECTION_BASIC_INFORMATION, *PSECTION_BASIC_INFORMATION;
4240
4241 typedef struct _SECTION_IMAGE_INFORMATION {
4242 PVOID EntryPoint;
4243 ULONG Unknown1;
4244 ULONG StackReserve;
4245 ULONG StackCommit;
4246 ULONG Subsystem;
4247 USHORT MinorSubsystemVersion;
4248 USHORT MajorSubsystemVersion;
4249 ULONG Unknown2;
4250 ULONG Characteristics;
4251 USHORT ImageNumber;
4252 BOOLEAN Executable;
4253 UCHAR Unknown3;
4254 ULONG Unknown4[3];
4255 } SECTION_IMAGE_INFORMATION, *PSECTION_IMAGE_INFORMATION;
4256
4257 typedef struct _SECTION_OBJECT {
4258 PVOID StartingVa;
4259 PVOID EndingVa;
4260 struct _SECTION_OBJECT *Parent;
4261 struct _SECTION_OBJECT *LeftChild;
4262 struct _SECTION_OBJECT *RightChild;
4263 PVOID Segment;
4264 } SECTION_OBJECT, *PSECTION_OBJECT;
4265
4266 typedef struct _SEP_AUDIT_POLICY {
4267 // _SEP_AUDIT_POLICY_CATEGORIES
4268 ULONGLONG System : 4;
4269 ULONGLONG Logon : 4;
4270 ULONGLONG ObjectAccess : 4;
4271 ULONGLONG PrivilegeUse : 4;
4272 ULONGLONG DetailedTracking : 4;
4273 ULONGLONG PolicyChange : 4;
4274 ULONGLONG AccountManagement : 4;
4275 ULONGLONG DirectoryServiceAccess : 4;
4276 ULONGLONG AccountLogon : 4;
4277 // _SEP_AUDIT_POLICY_OVERLAY
4278 ULONGLONG SetBit : 1;
4279 } SEP_AUDIT_POLICY, *PSEP_AUDIT_POLICY;
4280
4281 /* size 0x1C */
4282 typedef struct _SEP_AUDIT_POLICY_VISTA {
4283 UCHAR PerUserPolicy[25]; /* +0x000 */
4284 UCHAR PolicySetStatus; /* +0x019 */
4285 USHORT Alignment; /* +0x01A */
4286 } SEP_AUDIT_POLICY_VISTA, *PSEP_AUDIT_POLICY_VISTA;
4287
4288 typedef struct _SERVICE_DESCRIPTOR_TABLE {
4289 /*
4290 * Table containing cServices elements of pointers to service handler
4291 * functions, indexed by service ID.
4292 */
4293 PVOID *ServiceTable;
4294 /*
4295 * Table that counts how many times each service is used. This table
4296 * is only updated in checked builds.
4297 */
4298 PULONG CounterTable;
4299 /*
4300 * Number of services contained in this table.
4301 */
4302 ULONG TableSize;
4303 /*
4304 * Table containing the number of bytes of parameters the handler
4305 * function takes.
4306 */
4307 PUCHAR ArgumentTable;
4308 } SERVICE_DESCRIPTOR_TABLE, *PSERVICE_DESCRIPTOR_TABLE;
4309
4310 #if (VER_PRODUCTBUILD >= 2600)
4311
4312 typedef struct _SHARED_CACHE_MAP {
4313 CSHORT NodeTypeCode;
4314 CSHORT NodeByteSize;
4315 ULONG OpenCount;
4316 LARGE_INTEGER FileSize;
4317 LIST_ENTRY BcbList;
4318 LARGE_INTEGER SectionSize;
4319 LARGE_INTEGER ValidDataLength;
4320 LARGE_INTEGER ValidDataGoal;
4321 PVACB InitialVacbs[4];
4322 PVACB *Vacbs;
4323 PFILE_OBJECT FileObject;
4324 PVACB ActiveVacb;
4325 PVOID NeedToZero;
4326 ULONG ActivePage;
4327 ULONG NeedToZeroPage;
4328 KSPIN_LOCK ActiveVacbSpinLock;
4329 ULONG VacbActiveCount;
4330 ULONG DirtyPages;
4331 LIST_ENTRY SharedCacheMapLinks;
4332 ULONG Flags;
4333 NTSTATUS Status;
4334 PMBCB Mbcb;
4335 PVOID Section;
4336 PKEVENT CreateEvent;
4337 PKEVENT WaitOnActiveCount;
4338 ULONG PagesToWrite;
4339 LONGLONG BeyondLastFlush;
4340 PCACHE_MANAGER_CALLBACKS Callbacks;
4341 PVOID LazyWriteContext;
4342 LIST_ENTRY PrivateList;
4343 PVOID LogHandle;
4344 PVOID FlushToLsnRoutine;
4345 ULONG DirtyPageThreshold;
4346 ULONG LazyWritePassCount;
4347 PCACHE_UNINITIALIZE_EVENT UninitializeEvent;
4348 PVACB NeedToZeroVacb;
4349 KSPIN_LOCK BcbSpinLock;
4350 PVOID Reserved;
4351 KEVENT Event;
4352 EX_PUSH_LOCK VacbPushLock;
4353 PRIVATE_CACHE_MAP PrivateCacheMap;
4354 } SHARED_CACHE_MAP, *PSHARED_CACHE_MAP;
4355
4356 #endif
4357
4358 typedef struct _SID_AND_ATTRIBUTES {
4359 PSID Sid;
4360 ULONG Attributes;
4361 } SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES;
4362
4363 typedef struct _SID_AND_ATTRIBUTES_HASH {
4364 ULONG SidCount; /* +0x000 */
4365 PSID_AND_ATTRIBUTES SidAttr; /* +0x004 */
4366 ULONG Hash[32]; /* +0x008 */
4367 } SID_AND_ATTRIBUTES_HASH, *PSID_AND_ATTRIBUTES_HASH;
4368
4369 typedef struct _STARTING_VCN_INPUT_BUFFER {
4370 LARGE_INTEGER StartingVcn;
4371 } STARTING_VCN_INPUT_BUFFER, *PSTARTING_VCN_INPUT_BUFFER;
4372
4373 // SystemBasicInformation
4374 typedef struct _SYSTEM_BASIC_INFORMATION {
4375 ULONG Unknown;
4376 ULONG MaximumIncrement;
4377 ULONG PhysicalPageSize;
4378 ULONG NumberOfPhysicalPages;
4379 ULONG LowestPhysicalPage;
4380 ULONG HighestPhysicalPage;
4381 ULONG AllocationGranularity;
4382 ULONG LowestUserAddress;
4383 ULONG HighestUserAddress;
4384 ULONG ActiveProcessors;
4385 UCHAR NumberProcessors;
4386 } SYSTEM_BASIC_INFORMATION, *PSYSTEM_BASIC_INFORMATION;
4387
4388 // SystemProcessorInformation
4389 typedef struct _SYSTEM_PROCESSOR_INFORMATION {
4390 USHORT ProcessorArchitecture;
4391 USHORT ProcessorLevel;
4392 USHORT ProcessorRevision;
4393 USHORT Unknown;
4394 ULONG FeatureBits;
4395 } SYSTEM_PROCESSOR_INFORMATION, *PSYSTEM_PROCESSOR_INFORMATION;
4396
4397 // SystemPerformanceInformation
4398 typedef struct _SYSTEM_PERFORMANCE_INFORMATION {
4399 LARGE_INTEGER IdleTime;
4400 LARGE_INTEGER ReadTransferCount;
4401 LARGE_INTEGER WriteTransferCount;
4402 LARGE_INTEGER OtherTransferCount;
4403 ULONG ReadOperationCount;
4404 ULONG WriteOperationCount;
4405 ULONG OtherOperationCount;
4406 ULONG AvailablePages;
4407 ULONG TotalCommittedPages;
4408 ULONG TotalCommitLimit;
4409 ULONG PeakCommitment;
4410 ULONG PageFaults;
4411 ULONG WriteCopyFaults;
4412 ULONG TransistionFaults;
4413 ULONG Reserved1;
4414 ULONG DemandZeroFaults;
4415 ULONG PagesRead;
4416 ULONG PageReadIos;
4417 ULONG Reserved2[2];
4418 ULONG PagefilePagesWritten;
4419 ULONG PagefilePageWriteIos;
4420 ULONG MappedFilePagesWritten;
4421 ULONG MappedFilePageWriteIos;
4422 ULONG PagedPoolUsage;
4423 ULONG NonPagedPoolUsage;
4424 ULONG PagedPoolAllocs;
4425 ULONG PagedPoolFrees;
4426 ULONG NonPagedPoolAllocs;
4427 ULONG NonPagedPoolFrees;
4428 ULONG TotalFreeSystemPtes;
4429 ULONG SystemCodePage;
4430 ULONG TotalSystemDriverPages;
4431 ULONG TotalSystemCodePages;
4432 ULONG SmallNonPagedLookasideListAllocateHits;
4433 ULONG SmallPagedLookasideListAllocateHits;
4434 ULONG Reserved3;
4435 ULONG MmSystemCachePage;
4436 ULONG PagedPoolPage;
4437 ULONG SystemDriverPage;
4438 ULONG FastReadNoWait;
4439 ULONG FastReadWait;
4440 ULONG FastReadResourceMiss;
4441 ULONG FastReadNotPossible;
4442 ULONG FastMdlReadNoWait;
4443 ULONG FastMdlReadWait;
4444 ULONG FastMdlReadResourceMiss;
4445 ULONG FastMdlReadNotPossible;
4446 ULONG MapDataNoWait;
4447 ULONG MapDataWait;
4448 ULONG MapDataNoWaitMiss;
4449 ULONG MapDataWaitMiss;
4450 ULONG PinMappedDataCount;
4451 ULONG PinReadNoWait;
4452 ULONG PinReadWait;
4453 ULONG PinReadNoWaitMiss;
4454 ULONG PinReadWaitMiss;
4455 ULONG CopyReadNoWait;
4456 ULONG CopyReadWait;
4457 ULONG CopyReadNoWaitMiss;
4458 ULONG CopyReadWaitMiss;
4459 ULONG MdlReadNoWait;
4460 ULONG MdlReadWait;
4461 ULONG MdlReadNoWaitMiss;
4462 ULONG MdlReadWaitMiss;
4463 ULONG ReadAheadIos;
4464 ULONG LazyWriteIos;
4465 ULONG LazyWritePages;
4466 ULONG DataFlushes;
4467 ULONG DataPages;
4468 ULONG ContextSwitches;
4469 ULONG FirstLevelTbFills;
4470 ULONG SecondLevelTbFills;
4471 ULONG SystemCalls;
4472 } SYSTEM_PERFORMANCE_INFORMATION, *PSYSTEM_PERFORMANCE_INFORMATION;
4473
4474 // SystemTimeOfDayInformation
4475 typedef struct _SYSTEM_TIME_OF_DAY_INFORMATION {
4476 LARGE_INTEGER BootTime;
4477 LARGE_INTEGER CurrentTime;
4478 LARGE_INTEGER TimeZoneBias;
4479 ULONG CurrentTimeZoneId;
4480 } SYSTEM_TIME_OF_DAY_INFORMATION, *PSYSTEM_TIME_OF_DAY_INFORMATION;
4481
4482 typedef struct _SYSTEM_THREADS_INFORMATION {
4483 LARGE_INTEGER KernelTime;
4484 LARGE_INTEGER UserTime;
4485 LARGE_INTEGER CreateTime;
4486 ULONG WaitTime;
4487 PVOID StartAddress;
4488 CLIENT_ID ClientId;
4489 KPRIORITY Priority;
4490 KPRIORITY BasePriority;
4491 ULONG ContextSwitchCount;
4492 THREAD_STATE State;
4493 KWAIT_REASON WaitReason;
4494 } SYSTEM_THREADS_INFORMATION, *PSYSTEM_THREADS_INFORMATION;
4495
4496 // SystemProcessesAndThreadsInformation
4497 typedef struct _SYSTEM_PROCESSES_INFORMATION {
4498 ULONG NextEntryDelta;
4499 ULONG ThreadCount;
4500 ULONG Reserved1[6];
4501 LARGE_INTEGER CreateTime;
4502 LARGE_INTEGER UserTime;
4503 LARGE_INTEGER KernelTime;
4504 UNICODE_STRING ProcessName;
4505 KPRIORITY BasePriority;
4506 ULONG ProcessId;
4507 ULONG InheritedFromProcessId;
4508 ULONG HandleCount;
4509 ULONG SessionId;
4510 ULONG Reserved2;
4511 VM_COUNTERS VmCounters;
4512 #if (VER_PRODUCTBUILD >= 2195)
4513 IO_COUNTERS IoCounters;
4514 #endif // (VER_PRODUCTBUILD >= 2195)
4515 SYSTEM_THREADS_INFORMATION Threads[1];
4516 } SYSTEM_PROCESSES_INFORMATION, *PSYSTEM_PROCESSES_INFORMATION;
4517
4518 // SystemCallCounts
4519 typedef struct _SYSTEM_CALL_COUNTS {
4520 ULONG Size;
4521 ULONG NumberOfDescriptorTables;
4522 ULONG NumberOfRoutinesInTable[1];
4523 // On checked build this is followed by a ULONG CallCounts[1] variable length array.
4524 } SYSTEM_CALL_COUNTS, *PSYSTEM_CALL_COUNTS;
4525
4526 // SystemConfigurationInformation
4527 typedef struct _SYSTEM_CONFIGURATION_INFORMATION {
4528 ULONG DiskCount;
4529 ULONG FloppyCount;
4530 ULONG CdRomCount;
4531 ULONG TapeCount;
4532 ULONG SerialCount;
4533 ULONG ParallelCount;
4534 } SYSTEM_CONFIGURATION_INFORMATION, *PSYSTEM_CONFIGURATION_INFORMATION;
4535
4536 // SystemProcessorTimes
4537 typedef struct _SYSTEM_PROCESSOR_TIMES {
4538 LARGE_INTEGER IdleTime;
4539 LARGE_INTEGER KernelTime;
4540 LARGE_INTEGER UserTime;
4541 LARGE_INTEGER DpcTime;
4542 LARGE_INTEGER InterruptTime;
4543 ULONG InterruptCount;
4544 } SYSTEM_PROCESSOR_TIMES, *PSYSTEM_PROCESSOR_TIMES;
4545
4546 // SystemGlobalFlag
4547 typedef struct _SYSTEM_GLOBAL_FLAG {
4548 ULONG GlobalFlag;
4549 } SYSTEM_GLOBAL_FLAG, *PSYSTEM_GLOBAL_FLAG;
4550
4551 // SystemModuleInformation
4552 typedef struct _SYSTEM_MODULE_INFORMATION {
4553 ULONG Reserved[2];
4554 PVOID Base;
4555 ULONG Size;
4556 ULONG Flags;
4557 USHORT Index;
4558 USHORT Unknown;
4559 USHORT LoadCount;
4560 USHORT ModuleNameOffset;
4561 CHAR ImageName[256];
4562 } SYSTEM_MODULE_INFORMATION, *PSYSTEM_MODULE_INFORMATION;
4563
4564 // SystemLockInformation
4565 typedef struct _SYSTEM_LOCK_INFORMATION {
4566 PVOID Address;
4567 USHORT Type;
4568 USHORT Reserved1;
4569 ULONG ExclusiveOwnerThreadId;
4570 ULONG ActiveCount;
4571 ULONG ContentionCount;
4572 ULONG Reserved2[2];
4573 ULONG NumberOfSharedWaiters;
4574 ULONG NumberOfExclusiveWaiters;
4575 } SYSTEM_LOCK_INFORMATION, *PSYSTEM_LOCK_INFORMATION;
4576
4577 // SystemHandleInformation
4578 typedef struct _SYSTEM_HANDLE_INFORMATION {
4579 ULONG ProcessId;
4580 UCHAR ObjectTypeNumber;
4581 UCHAR Flags;
4582 USHORT Handle;
4583 PVOID Object;
4584 ACCESS_MASK GrantedAccess;
4585 } SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;
4586
4587 // SystemObjectInformation
4588 typedef struct _SYSTEM_OBJECT_TYPE_INFORMATION {
4589 ULONG NextEntryOffset;
4590 ULONG ObjectCount;
4591 ULONG HandleCount;
4592 ULONG TypeNumber;
4593 ULONG InvalidAttributes;
4594 GENERIC_MAPPING GenericMapping;
4595 ACCESS_MASK ValidAccessMask;
4596 POOL_TYPE PoolType;
4597 UCHAR Unknown;
4598 UNICODE_STRING Name;
4599 } SYSTEM_OBJECT_TYPE_INFORMATION, *PSYSTEM_OBJECT_TYPE_INFORMATION;
4600
4601 typedef struct _SYSTEM_OBJECT_INFORMATION {
4602 ULONG NextEntryOffset;
4603 PVOID Object;
4604 ULONG CreatorProcessId;
4605 USHORT Unknown;
4606 USHORT Flags;
4607 ULONG PointerCount;
4608 ULONG HandleCount;
4609 ULONG PagedPoolUsage;
4610 ULONG NonPagedPoolUsage;
4611 ULONG ExclusiveProcessId;
4612 PSECURITY_DESCRIPTOR SecurityDescriptor;
4613 UNICODE_STRING Name;
4614 } SYSTEM_OBJECT_INFORMATION, *PSYSTEM_OBJECT_INFORMATION;
4615
4616 // SystemPagefileInformation
4617 typedef struct _SYSTEM_PAGEFILE_INFORMATION {
4618 ULONG NextEntryOffset;
4619 ULONG CurrentSize;
4620 ULONG TotalUsed;
4621 ULONG PeakUsed;
4622 UNICODE_STRING FileName;
4623 } SYSTEM_PAGEFILE_INFORMATION, *PSYSTEM_PAGEFILE_INFORMATION;
4624
4625 // SystemInstructionEmulationCounts
4626 typedef struct _SYSTEM_INSTRUCTION_EMULATION_COUNTS {
4627 ULONG GenericInvalidOpcode;
4628 ULONG TwoByteOpcode;
4629 ULONG ESprefix;
4630 ULONG CSprefix;
4631 ULONG SSprefix;
4632 ULONG DSprefix;
4633 ULONG FSPrefix;
4634 ULONG GSprefix;
4635 ULONG OPER32prefix;
4636 ULONG ADDR32prefix;
4637 ULONG INSB;
4638 ULONG INSW;
4639 ULONG OUTSB;
4640 ULONG OUTSW;
4641 ULONG PUSHFD;
4642 ULONG POPFD;
4643 ULONG INTnn;
4644 ULONG INTO;
4645 ULONG IRETD;
4646 ULONG FloatingPointOpcode;
4647 ULONG INBimm;
4648 ULONG INWimm;
4649 ULONG OUTBimm;
4650 ULONG OUTWimm;
4651 ULONG INB;
4652 ULONG INW;
4653 ULONG OUTB;
4654 ULONG OUTW;
4655 ULONG LOCKprefix;
4656 ULONG REPNEprefix;
4657 ULONG REPprefix;
4658 ULONG CLI;
4659 ULONG STI;
4660 ULONG HLT;
4661 } SYSTEM_INSTRUCTION_EMULATION_COUNTS, *PSYSTEM_INSTRUCTION_EMULATION_COUNTS;
4662
4663 // SystemCacheInformation
4664 typedef struct _SYSTEM_CACHE_INFORMATION {
4665 ULONG SystemCacheWsSize;
4666 ULONG SystemCacheWsPeakSize;
4667 ULONG SystemCacheWsFaults;
4668 ULONG SystemCacheWsMinimum;
4669 ULONG SystemCacheWsMaximum;
4670 ULONG TransitionSharedPages;
4671 ULONG TransitionSharedPagesPeak;
4672 ULONG Reserved[2];
4673 } SYSTEM_CACHE_INFORMATION, *PSYSTEM_CACHE_INFORMATION;
4674
4675 // SystemPoolTagInformation
4676 typedef struct _SYSTEM_POOL_TAG_INFORMATION {
4677 CHAR Tag[4];
4678 ULONG PagedPoolAllocs;
4679 ULONG PagedPoolFrees;
4680 ULONG PagedPoolUsage;
4681 ULONG NonPagedPoolAllocs;
4682 ULONG NonPagedPoolFrees;
4683 ULONG NonPagedPoolUsage;
4684 } SYSTEM_POOL_TAG_INFORMATION, *PSYSTEM_POOL_TAG_INFORMATION;
4685
4686 // SystemProcessorStatistics
4687 typedef struct _SYSTEM_PROCESSOR_STATISTICS {
4688 ULONG ContextSwitches;
4689 ULONG DpcCount;
4690 ULONG DpcRequestRate;
4691 ULONG TimeIncrement;
4692 ULONG DpcBypassCount;
4693 ULONG ApcBypassCount;
4694 } SYSTEM_PROCESSOR_STATISTICS, *PSYSTEM_PROCESSOR_STATISTICS;
4695
4696 // SystemDpcInformation
4697 typedef struct _SYSTEM_DPC_INFORMATION {
4698 ULONG Reserved;
4699 ULONG MaximumDpcQueueDepth;
4700 ULONG MinimumDpcRate;
4701 ULONG AdjustDpcThreshold;
4702 ULONG IdealDpcRate;
4703 } SYSTEM_DPC_INFORMATION, *PSYSTEM_DPC_INFORMATION;
4704
4705 // SystemLoadImage
4706 typedef struct _SYSTEM_LOAD_IMAGE {
4707 UNICODE_STRING ModuleName;
4708 PVOID ModuleBase;
4709 PVOID Unknown;
4710 PVOID EntryPoint;
4711 PVOID ExportDirectory;
4712 } SYSTEM_LOAD_IMAGE, *PSYSTEM_LOAD_IMAGE;
4713
4714 // SystemUnloadImage
4715 typedef struct _SYSTEM_UNLOAD_IMAGE {
4716 PVOID ModuleBase;
4717 } SYSTEM_UNLOAD_IMAGE, *PSYSTEM_UNLOAD_IMAGE;
4718
4719 // SystemTimeAdjustment
4720 typedef struct _SYSTEM_QUERY_TIME_ADJUSTMENT {
4721 ULONG TimeAdjustment;
4722 ULONG MaximumIncrement;
4723 BOOLEAN TimeSynchronization;
4724 } SYSTEM_QUERY_TIME_ADJUSTMENT, *PSYSTEM_QUERY_TIME_ADJUSTMENT;
4725
4726 // SystemTimeAdjustment
4727 typedef struct _SYSTEM_SET_TIME_ADJUSTMENT {
4728 ULONG TimeAdjustment;
4729 BOOLEAN TimeSynchronization;
4730 } SYSTEM_SET_TIME_ADJUSTMENT, *PSYSTEM_SET_TIME_ADJUSTMENT;
4731
4732 // SystemCrashDumpInformation
4733 typedef struct _SYSTEM_CRASH_DUMP_INFORMATION {
4734 HANDLE CrashDumpSectionHandle;
4735 #if (VER_PRODUCTBUILD >= 2195)
4736 HANDLE Unknown;
4737 #endif // (VER_PRODUCTBUILD >= 2195)
4738 } SYSTEM_CRASH_DUMP_INFORMATION, *PSYSTEM_CRASH_DUMP_INFORMATION;
4739
4740 // SystemExceptionInformation
4741 typedef struct _SYSTEM_EXCEPTION_INFORMATION {
4742 ULONG AlignmentFixupCount;
4743 ULONG ExceptionDispatchCount;
4744 ULONG FloatingEmulationCount;
4745 ULONG Reserved;
4746 } SYSTEM_EXCEPTION_INFORMATION, *PSYSTEM_EXCEPTION_INFORMATION;
4747
4748 // SystemCrashDumpStateInformation
4749 typedef struct _SYSTEM_CRASH_DUMP_STATE_INFORMATION {
4750 ULONG ValidCrashDump;
4751 #if (VER_PRODUCTBUILD >= 2195)
4752 ULONG Unknown;
4753 #endif // (VER_PRODUCTBUILD >= 2195)
4754 } SYSTEM_CRASH_DUMP_STATE_INFORMATION, *PSYSTEM_CRASH_DUMP_STATE_INFORMATION;
4755
4756 // SystemKernelDebuggerInformation
4757 typedef struct _SYSTEM_KERNEL_DEBUGGER_INFORMATION {
4758 BOOLEAN DebuggerEnabled;
4759 BOOLEAN DebuggerNotPresent;
4760 } SYSTEM_KERNEL_DEBUGGER_INFORMATION, *PSYSTEM_KERNEL_DEBUGGER_INFORMATION;
4761
4762 // SystemContextSwitchInformation
4763 typedef struct _SYSTEM_CONTEXT_SWITCH_INFORMATION {
4764 ULONG ContextSwitches;
4765 ULONG ContextSwitchCounters[11];
4766 } SYSTEM_CONTEXT_SWITCH_INFORMATION, *PSYSTEM_CONTEXT_SWITCH_INFORMATION;
4767
4768 // SystemRegistryQuotaInformation
4769 typedef struct _SYSTEM_REGISTRY_QUOTA_INFORMATION {
4770 ULONG RegistryQuota;
4771 ULONG RegistryQuotaInUse;
4772 ULONG PagedPoolSize;
4773 } SYSTEM_REGISTRY_QUOTA_INFORMATION, *PSYSTEM_REGISTRY_QUOTA_INFORMATION;
4774
4775 // SystemLoadAndCallImage
4776 typedef struct _SYSTEM_LOAD_AND_CALL_IMAGE {
4777 UNICODE_STRING ModuleName;
4778 } SYSTEM_LOAD_AND_CALL_IMAGE, *PSYSTEM_LOAD_AND_CALL_IMAGE;
4779
4780 // SystemPrioritySeparation
4781 typedef struct _SYSTEM_PRIORITY_SEPARATION {
4782 ULONG PrioritySeparation;
4783 } SYSTEM_PRIORITY_SEPARATION, *PSYSTEM_PRIORITY_SEPARATION;
4784
4785 // SystemTimeZoneInformation
4786 typedef struct _SYSTEM_TIME_ZONE_INFORMATION {
4787 LONG Bias;
4788 WCHAR StandardName[32];
4789 TIME_FIELDS StandardDate;
4790 LONG StandardBias;
4791 WCHAR DaylightName[32];
4792 TIME_FIELDS DaylightDate;
4793 LONG DaylightBias;
4794 } SYSTEM_TIME_ZONE_INFORMATION, *PSYSTEM_TIME_ZONE_INFORMATION;
4795
4796 // SystemLookasideInformation
4797 typedef struct _SYSTEM_LOOKASIDE_INFORMATION {
4798 USHORT Depth;
4799 USHORT MaximumDepth;
4800 ULONG TotalAllocates;
4801 ULONG AllocateMisses;
4802 ULONG TotalFrees;
4803 ULONG FreeMisses;
4804 POOL_TYPE Type;
4805 ULONG Tag;
4806 ULONG Size;
4807 } SYSTEM_LOOKASIDE_INFORMATION, *PSYSTEM_LOOKASIDE_INFORMATION;
4808
4809 // SystemSetTimeSlipEvent
4810 typedef struct _SYSTEM_SET_TIME_SLIP_EVENT {
4811 HANDLE TimeSlipEvent;
4812 } SYSTEM_SET_TIME_SLIP_EVENT, *PSYSTEM_SET_TIME_SLIP_EVENT;
4813
4814 // SystemCreateSession
4815 typedef struct _SYSTEM_CREATE_SESSION {
4816 ULONG Session;
4817 } SYSTEM_CREATE_SESSION, *PSYSTEM_CREATE_SESSION;
4818
4819 // SystemDeleteSession
4820 typedef struct _SYSTEM_DELETE_SESSION {
4821 ULONG Session;
4822 } SYSTEM_DELETE_SESSION, *PSYSTEM_DELETE_SESSION;
4823
4824 // SystemRangeStartInformation
4825 typedef struct _SYSTEM_RANGE_START_INFORMATION {
4826 PVOID SystemRangeStart;
4827 } SYSTEM_RANGE_START_INFORMATION, *PSYSTEM_RANGE_START_INFORMATION;
4828
4829 // SystemSessionProcessesInformation
4830 typedef struct _SYSTEM_SESSION_PROCESS_INFORMATION {
4831 ULONG SessionId;
4832 ULONG BufferSize;
4833 PVOID Buffer;
4834 } SYSTEM_SESSION_PROCESS_INFORMATION, *PSYSTEM_SESSION_PROCESS_INFORMATION;
4835
4836 typedef struct _GDI_TEB_BATCH {
4837 ULONG Offset;
4838 ULONG HDC;
4839 ULONG Buffer[(VER_PRODUCTBUILD >= 2195) ? 0x133 : 0x136];
4840 } GDI_TEB_BATCH, *PGDI_TEB_BATCH;
4841
4842 #if (VER_PRODUCTBUILD >= 2600)
4843
4844 typedef struct _RTL_ACTIVATION_CONTEXT_STACK_FRAME {
4845 struct _RTL_ACTIVATION_CONTEXT_STACK_FRAME* Previous;
4846 struct _ACTIVATION_CONTEXT* ActivationContext; // 0x4
4847 ULONG Flags; // 0x8
4848 } RTL_ACTIVATION_CONTEXT_STACK_FRAME, *PRTL_ACTIVATION_CONTEXT_STACK_FRAME;
4849
4850 typedef struct _ACTIVATION_CONTEXT_STACK {
4851 ULONG Flags;
4852 ULONG NextCookieSequenceNumber;
4853 PRTL_ACTIVATION_CONTEXT_STACK_FRAME ActiveFrame; // 0x8
4854 LIST_ENTRY FrameListCache; // 0xc
4855 } ACTIVATION_CONTEXT_STACK, *PACTIVATION_CONTEXT_STACK;
4856
4857 #endif // (VER_PRODUCTBUILD >= 2600)
4858
4859 typedef struct _Wx86ThreadState {
4860 PULONG CallBx86Eip;
4861 PVOID DeallocationCpu;
4862 UCHAR UseKnownWx86Dll; // 0x8
4863 UCHAR OleStubInvoked; // 0x9
4864 } Wx86ThreadState, *PWx86ThreadState;
4865
4866 typedef struct _TEB_ACTIVE_FRAME_CONTEXT {
4867 ULONG Flags;
4868 PCHAR FrameName;
4869 } TEB_ACTIVE_FRAME_CONTEXT, *PTEB_ACTIVE_FRAME_CONTEXT;
4870
4871 typedef struct _TEB_ACTIVE_FRAME {
4872 ULONG Flags;
4873 struct _TEB_ACTIVE_FRAME *Previous;
4874 PTEB_ACTIVE_FRAME_CONTEXT Context;
4875 } TEB_ACTIVE_FRAME, *PTEB_ACTIVE_FRAME;
4876
4877 typedef struct _TEB // from Reactos, Native API; checked and corrected for 2003 and nt 4.0
4878 // should also work on XP and 2000
4879 // the reactos version was probably from NT 3.51 SP3
4880 {
4881 NT_TIB Tib; /* 00h */
4882 PVOID EnvironmentPointer; /* 1Ch */
4883 CLIENT_ID Cid; /* 20h */
4884 HANDLE RpcHandle; /* 28h */
4885 PVOID *ThreadLocalStorage; /* 2Ch */
4886 PPEB Peb; /* 30h */
4887 ULONG LastErrorValue; /* 34h */
4888 ULONG CountOfOwnedCriticalSections; /* 38h */
4889 PVOID CsrClientThread; /* 3Ch */
4890 struct _W32THREAD* Win32ThreadInfo; /* 40h */
4891 ULONG User32Reserved[26]; /* 44h */
4892 ULONG UserReserved[5]; /* ACh */
4893 PVOID WOW32Reserved; /* C0h */
4894 LCID CurrentLocale; /* C4h */
4895 ULONG FpSoftwareStatusRegister; /* C8h */
4896 PVOID SystemReserved1[0x36]; /* CCh */
4897 #if (VER_PRODUCTBUILD <= 1381)
4898 PVOID Spare1; /* 1A4h */
4899 #endif
4900 LONG ExceptionCode; /* 1A4h */
4901 #if (VER_PRODUCTBUILD >= 2600)
4902 ACTIVATION_CONTEXT_STACK
4903 ActivationContextStack; /* 1A8h */
4904 UCHAR SpareBytes1[24]; /* 1BCh */
4905 #elif (VER_PRODUCTBUILD >= 2195)
4906 UCHAR SpareBytes1[0x2c]; /* 1A8h */
4907 #else /* nt 4.0 */
4908 ULONG SpareBytes1[0x14]; /* 1ACh */
4909 #endif
4910 GDI_TEB_BATCH GdiTebBatch; /* 1D4h */ /* 1FC for nt 4.0 */
4911 ULONG gdiRgn; /* 6A8h */ /* 6DCh for nt 4.0 */
4912 ULONG gdiPen; /* 6ACh */
4913 ULONG gdiBrush; /* 6B0h */
4914 CLIENT_ID RealClientId; /* 6B4h */ /* 6E8h for nt 4.0 */
4915 PVOID GdiCachedProcessHandle; /* 6BCh */
4916 ULONG GdiClientPID; /* 6C0h */
4917 ULONG GdiClientTID; /* 6C4h */
4918 PVOID GdiThreadLocaleInfo; /* 6C8h */
4919 #if (VER_PRODUCTBUILD == 1381)
4920 PVOID Win32ClientInfo[5]; /* 700h */
4921 PVOID glDispatchTable[0x118]; /* 714h */
4922 ULONG glReserved1[0x1a]; /* B74h */
4923 #else
4924 PVOID Win32ClientInfo[0x3e]; /* 6CCh */
4925 PVOID glDispatchTable[0xe9]; /* 7C4h */
4926 ULONG glReserved1[0x1d]; /* B68h */
4927 #endif
4928 PVOID glReserved2; /* BDCh */
4929 PVOID glSectionInfo; /* BE0h */
4930 PVOID glSection; /* BE4h */
4931 PVOID glTable; /* BE8h */
4932 PVOID glCurrentRC; /* BECh */
4933 PVOID glContext; /* BF0h */
4934 NTSTATUS LastStatusValue; /* BF4h */
4935 UNICODE_STRING StaticUnicodeString; /* BF8h */
4936 WCHAR StaticUnicodeBuffer[0x105]; /* C00h */
4937 PVOID DeallocationStack; /* E0Ch */
4938 PVOID TlsSlots[0x40]; /* E10h */
4939 LIST_ENTRY TlsLinks; /* F10h */
4940 PVOID Vdm; /* F18h */
4941 PVOID ReservedForNtRpc; /* F1Ch */
4942 PVOID DbgSsReserved[0x2]; /* F20h */
4943 ULONG HardErrorDisabled; /* F28h */
4944 PVOID Instrumentation[0x10]; /* F2Ch */
4945 PVOID WinSockData; /* F6Ch */
4946 ULONG GdiBatchCount; /* F70h */
4947 BOOLEAN InDbgPrint; /* F74h */
4948 BOOLEAN FreeStackOnTermination; /* F75h */
4949 BOOLEAN HasFiberData; /* F76h */
4950 UCHAR IdealProcessor; /* F77h */
4951 ULONG Spare3; /* F78h */
4952 ULONG ReservedForPerf; /* F7Ch */
4953 PVOID ReservedForOle; /* F80h */
4954 ULONG WaitingOnLoaderLock; /* F84h */
4955 #if (VER_PRODUCTBUILD >= 2195)
4956 Wx86ThreadState Wx86Thread; /* F88h */
4957 PVOID* TlsExpansionSlots; /* F94h */
4958 ULONG ImpersonationLocale; /* F98h */
4959 ULONG IsImpersonating; /* F9Ch */
4960 PVOID NlsCache; /* FA0h */
4961 PVOID pShimData; /* FA4h */
4962 ULONG HeapVirtualAffinity; /* FA8h */
4963 PVOID CurrentTransactionHandle; /* FACh */
4964 PTEB_ACTIVE_FRAME ActiveFrame; /* FB0h*/
4965 PVOID FlsSlots; /* FB4h */
4966 #endif
4967 } TEB, *PTEB;
4968
4969 typedef struct _TERMINATION_PORT {
4970 struct _TERMINATION_PORT* Next;
4971 PVOID Port;
4972 } TERMINATION_PORT, *PTERMINATION_PORT;
4973
4974 typedef struct _THREAD_BASIC_INFORMATION {
4975 NTSTATUS ExitStatus;
4976 PVOID TebBaseAddress;
4977 ULONG UniqueProcessId;
4978 ULONG UniqueThreadId;
4979 KAFFINITY AffinityMask;
4980 KPRIORITY BasePriority;
4981 ULONG DiffProcessPriority;
4982 } THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION;
4983
4984 typedef struct _TOKEN_SOURCE {
4985 CCHAR SourceName[TOKEN_SOURCE_LENGTH];
4986 LUID SourceIdentifier;
4987 } TOKEN_SOURCE, *PTOKEN_SOURCE;
4988
4989 typedef struct _TOKEN_CONTROL {
4990 LUID TokenId;
4991 LUID AuthenticationId;
4992 LUID ModifiedId;
4993 TOKEN_SOURCE TokenSource;
4994 } TOKEN_CONTROL, *PTOKEN_CONTROL;
4995
4996 typedef struct _TOKEN_DEFAULT_DACL {
4997 PACL DefaultDacl;
4998 } TOKEN_DEFAULT_DACL, *PTOKEN_DEFAULT_DACL;
4999
5000 typedef struct _TOKEN_GROUPS {
5001 ULONG GroupCount;
5002 SID_AND_ATTRIBUTES Groups[1];
5003 } TOKEN_GROUPS, *PTOKEN_GROUPS;
5004
5005 /* XP SP2 has same TOKEN_OBJECT structure as Windows Server 2003 (stucture K23 in union). */
5006 #include <pshpack1.h>
5007 typedef union
5008 {
5009 struct
5010 {
5011 TOKEN_SOURCE TokenSource; /* 0x0: CHAR SourceName[8] = "*SYSTEM*" | "User32 " + LUID SourceIdentifier = 0x10, *SYSTEM* id == 0 */
5012 LUID TokenId; /* 0x10: */
5013 LUID AuthenticationId; /* 0x18: */
5014 LARGE_INTEGER ExpirationTime; /* 0x20: -1 no expired. *SYSTEM* has expired? */
5015 LUID ModifiedId; /* 0x28: */
5016 ULONG UserAndGroupCount; /* 0x30: 3 */
5017 ULONG PrivilegeCount; /* 0x34: 14 */
5018 ULONG VariableLength; /* 0x38: 0x37C */
5019 ULONG DynamicCharged; /* 0x3C: 0x1F4 */
5020 ULONG DynamicAvailable; /* 0x40: 0x1A4 */
5021 ULONG DefaultOwnerIndex; /* 0x44: 1 */
5022 PSID_AND_ATTRIBUTES UserAndGroups;/* 0x48: TOKEN_USER Owners [UserAndGroupCount] DefaultOwnerIndex */
5023 PSID PrimaryGroup; /* 0x4C: */
5024 PLUID_AND_ATTRIBUTES Privileges;/* 0x50: */
5025 PULONG DynamicPart; /* 0x54: */
5026 PACL DefaultDacl; /* 0x58: */
5027 TOKEN_TYPE TokenType; /* 0x5C: TokenPrimary | TokenImpersonation */
5028 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;/* 0x60: 0 */
5029 UCHAR TokenFlags; /* 0x64: 1 */
5030 BOOLEAN TokenInUse; /* 0x65: 1 */
5031 USHORT Alignment; /* 0x66: 0 */
5032 PVOID ProxyData; /* 0x68: 0 */
5033 PVOID AuditData; /* 0x6C: 0 */
5034 ULONG VariablePart; /* 0x70: */
5035 } NT;
5036 struct
5037 {
5038 TOKEN_SOURCE TokenSource; /* 0x0: CHAR SourceName[8] = "*SYSTEM*" | "User32 " + LUID SourceIdentifier = 0x10 */
5039 LUID TokenId; /* 0x10: */
5040 LUID AuthenticationId; /* 0x18: */
5041 LUID ParentTokenId; /* 0x20: 0 */
5042 LARGE_INTEGER ExpirationTime; /* 0x28: -1 no expired */
5043 LUID ModifiedId; /* 0x30: */
5044 ULONG SessionId; /* 0x38: 0 */
5045 ULONG UserAndGroupCount; /* 0x3C: 9 */
5046 ULONG RestrictedSidCount; /*+0x40: 0 */
5047 ULONG PrivilegeCount; /* 0x44: 11 */
5048 ULONG VariableLength; /* 0x48: 0x1F0 */
5049 ULONG DynamicCharged; /* 0x4C: 0x1F4 */
5050 ULONG DynamicAvailable; /* 0x50: 0x1A4 */
5051 ULONG DefaultOwnerIndex; /* 0x54: 3 */
5052 PSID_AND_ATTRIBUTES UserAndGroups; /* 0x58: TOKEN_USER Owners [UserAndGroupCount] DefaultOwnerIndex */
5053 PSID_AND_ATTRIBUTES RestrictedSids;/* 0x5C: 0 */
5054 PSID PrimaryGroup; /* 0x60: */
5055 PLUID_AND_ATTRIBUTES Privileges;/* 0x64: */
5056 PULONG DynamicPart; /* 0x68: */
5057 PACL DefaultDacl; /* 0x6C: */
5058 TOKEN_TYPE TokenType; /* 0x70: TokenPrimary | TokenImpersonation */
5059 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;/* 0x74: 0 */
5060 UCHAR TokenFlags; /* 0x78: 9 */
5061 BOOLEAN TokenInUse; /* 0x79: 1 */
5062 USHORT Alignment; /* 0x7A: 0 */
5063 PVOID ProxyData; /* 0x7C: 0 */
5064 PVOID AuditData; /* 0x80: 0 */
5065 ULONG VariablePart; /* 0x84: */
5066 } K2;
5067 struct
5068 {
5069 TOKEN_SOURCE TokenSource; /* 0x0: CHAR SourceName[8] = "*SYSTEM*" | "User32 " + LUID SourceIdentifier = 0x10 */
5070 LUID TokenId; /* 0x10: 0x6F68 */
5071 LUID AuthenticationId; /* 0x18: */
5072 LUID ParentTokenId; /* 0x20: 0 */
5073 LARGE_INTEGER ExpirationTime; /* 0x28: -1 no expired */
5074 PERESOURCE TokenLock; /*+0x30: 0x8xxxxxxxx */
5075 LUID ModifiedId; /* 0x34: */
5076 ULONG SessionId; /* 0x3C: 0x6F6A */
5077 ULONG UserAndGroupCount; /* 0x40: 4 */
5078 ULONG RestrictedSidCount; /*+0x44: 0 */
5079 ULONG VariableLength; /* 0x48: 0x160 */
5080 ULONG DynamicCharged; /* 0x4C: 0x164 */
5081 ULONG DynamicAvailable; /* 0x50: 0x1F4 */
5082 ULONG PrivilegeCount; /* 0x54: 0 */
5083 ULONG DefaultOwnerIndex; /* 0x58: 1 */
5084 PSID_AND_ATTRIBUTES UserAndGroups; /* 0x5C: TOKEN_USER Owners [UserAndGroupCount] DefaultOwnerIndex */
5085 PSID_AND_ATTRIBUTES RestrictedSids;/* 0x60: 0 */
5086 PSID PrimaryGroup; /* 0x64: */
5087 PLUID_AND_ATTRIBUTES Privileges;/* 0x68: */
5088 PULONG DynamicPart; /* 0x6C: */
5089 PACL DefaultDacl; /* 0x70: */
5090 TOKEN_TYPE TokenType; /* 0x74: TokenPrimary | TokenImpersonation */
5091 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;/* 0x78: 0 */
5092 UCHAR TokenFlags; /* 0x7C: 9 */
5093 BOOLEAN TokenInUse; /* 0x7D: 1 */
5094 USHORT Alignment; /* 0x7E: 4BB4 */
5095 PVOID ProxyData; /* 0x80: 0 */
5096 PVOID AuditData; /* 0x84: 0 */
5097 ULONG VariablePart; /* 0x88: */
5098 } XP;
5099 struct
5100 {
5101 TOKEN_SOURCE TokenSource; /* 0x0: CHAR SourceName[8] = "*SYSTEM*" | "User32 " + LUID SourceIdentifier = 0x10 */
5102 LUID TokenId; /* 0x10: 0x6F68 */
5103 LUID AuthenticationId; /* 0x18: */
5104 LUID ParentTokenId; /* 0x20: 0 */
5105 LARGE_INTEGER ExpirationTime; /* 0x28: -1 no expired */
5106 PERESOURCE TokenLock; /*+0x30: 0x8xxxxxxxx */
5107 ULONG Padding64; /*+0x34: 0xXxxxxxxxx */
5108 SEP_AUDIT_POLICY AuditPolicy; /*+0x38: */
5109 LUID ModifiedId; /*+0x040: 0x6F6A */
5110 ULONG SessionId; /*+0x048: */
5111 ULONG UserAndGroupCount; /* 0x4C: 4 */
5112 ULONG RestrictedSidCount; /*+0x50: 0 */
5113 ULONG VariableLength; /* 0x54: 0x18 */
5114 ULONG DynamicCharged; /* 0x58: 0x17C */
5115 ULONG DynamicAvailable; /* 0x5C: 0x1F4 */
5116 ULONG PrivilegeCount; /* 0x60: 0 */
5117 ULONG DefaultOwnerIndex; /* 0x64: 1 */
5118 PSID_AND_ATTRIBUTES UserAndGroups; /* 0x68: TOKEN_USER Owners [UserAndGroupCount] DefaultOwnerIndex */
5119 PSID_AND_ATTRIBUTES RestrictedSids;/* 0x6C: 0 */
5120 PSID PrimaryGroup; /* 0x70: */
5121 PLUID_AND_ATTRIBUTES Privileges;/* 0x74: */
5122 PULONG DynamicPart; /* 0x78: */
5123 PACL DefaultDacl; /* 0x7C: */
5124 TOKEN_TYPE TokenType; /* 0x80: TokenPrimary | TokenImpersonation */
5125 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;/* 0x84: 0 */
5126 UCHAR TokenFlags; /* 0x88: 9 */
5127 BOOLEAN TokenInUse; /* 0x89: 1 */
5128 USHORT Alignment; /* 0x8A: 4BB4 */
5129 PVOID ProxyData; /* 0x8C: 0x8xxxxxxxx */
5130 PVOID AuditData; /* 0x90: 0 */
5131 ULONG VariablePart; /* 0x94: */
5132 } K23;
5133 struct
5134 {
5135 TOKEN_SOURCE TokenSource; /* +0x0: CHAR SourceName[8] = "*SYSTEM*" | "User32 " + LUID SourceIdentifier = 0x10 */
5136 LUID TokenId; /* +0x10: 0x6F68 */
5137 LUID AuthenticationId; /* +0x18: */
5138 LUID ParentTokenId; /* +0x20: 0 */
5139 LARGE_INTEGER ExpirationTime; /* +0x28: -1 no expired */
5140 PERESOURCE TokenLock; /* +0x30: 0x8xxxxxxxx */
5141 ULONG Padding64; /* +0x34: 0xXxxxxxxxx */
5142 SEP_AUDIT_POLICY AuditPolicy; /* +0x38: */
5143 LUID ModifiedId; /* +0x040: 0x6F6A */
5144 ULONG SessionId; /* +0x048: */
5145 ULONG UserAndGroupCount; /* +0x04c: 4 */
5146 ULONG RestrictedSidCount; /* +0x050: 0 */
5147 ULONG PrivilegeCount; /* +0x054: 0x18 */
5148 ULONG VariableLength; /* +0x058: 0x17C */
5149 ULONG DynamicCharged; /* +0x05c: 0x1F4 */
5150 ULONG DynamicAvailable; /* +0x060: 0 */
5151 ULONG DefaultOwnerIndex; /* +0x064: 1 */
5152 PSID_AND_ATTRIBUTES UserAndGroups; /* +0x68: TOKEN_USER Owners [UserAndGroupCount] DefaultOwnerIndex */
5153 PSID_AND_ATTRIBUTES RestrictedSids; /* +0x6C: 0 */
5154 PSID PrimaryGroup; /* +0x70: */
5155 PLUID_AND_ATTRIBUTES Privileges; /* +0x74: */
5156 PULONG DynamicPart; /* +0x78: */
5157 PACL DefaultDacl; /* +0x7C: */
5158 TOKEN_TYPE TokenType; /* +0x80: TokenPrimary | TokenImpersonation */
5159 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;/* +0x84: 0 */
5160 UCHAR TokenFlags; /* +0x88: 9 */
5161 BOOLEAN TokenInUse; /* +0x89: 1 */
5162 USHORT Alignment; /* +0x8A: 4BB4 */
5163 PVOID ProxyData; /* +0x8C: 0x8xxxxxxxx */
5164 PVOID AuditData; /* +0x90: 0 */
5165 PVOID LogonSession; /* +0x94: */
5166 LUID OriginatingLogonSession;/* +0x98: */
5167 ULONG VariablePart; /* +0xa0: */
5168 } K23SP1;
5169 struct
5170 {
5171 TOKEN_SOURCE TokenSource; /* +0x000 */
5172 LUID TokenId; /* +0x010 */
5173 LUID AuthenticationId; /* +0x018 */
5174 LUID ParentTokenId; /* +0x020 */
5175 LARGE_INTEGER ExpirationTime; /* +0x028 */
5176 PERESOURCE TokenLock; /* +0x030 */
5177 LUID ModifiedId; /* +0x034 */
5178 SEP_AUDIT_POLICY_VISTA AuditPolicy; /* +0x03c */
5179 ULONG SessionId; /* +0x058 */
5180 ULONG UserAndGroupCount; /* +0x05c */
5181 ULONG RestrictedSidCount; /* +0x060 */
5182 ULONG PrivilegeCount; /* +0x064 */
5183 ULONG VariableLength; /* +0x068 */
5184 ULONG DynamicCharged; /* +0x06c */
5185 ULONG DynamicAvailable; /* +0x070 */
5186 ULONG DefaultOwnerIndex; /* +0x074 */
5187 PSID_AND_ATTRIBUTES UserAndGroups; /* +0x078 */
5188 PSID_AND_ATTRIBUTES RestrictedSids; /* +0x07c */
5189 PSID PrimaryGroup; /* +0x080 */
5190 PLUID_AND_ATTRIBUTES Privileges; /* +0x084 */
5191 PULONG DynamicPart; /* +0x088 */
5192 PACL DefaultDacl; /* +0x08c */
5193 TOKEN_TYPE TokenType; /* +0x090 */
5194 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;/* +0x094 */
5195 ULONG TokenFlags; /* +0x098 */
5196 BOOLEAN TokenInUse; /* +0x09c */
5197 BOOLEAN WriterPresent; /* +0x09d */
5198 USHORT Alignment; /* +0x09e */
5199 ULONG IntegrityLevelIndex; /* +0x0a0 */
5200 ULONG DesktopIntegrityLevelIndex;/* +0x0a4 */
5201 ULONG MandatoryPolicy; /* +0x0a8 */
5202 PVOID ProxyData; /* +0x0ac */
5203 PVOID AuditData; /* +0x0b0 */
5204 PVOID LogonSession; /* +0x0b4 */
5205 LUID OriginatingLogonSession;/* +0x0b8 */
5206 SID_AND_ATTRIBUTES_HASH SidHash; /* +0x0c0 */
5207 SID_AND_ATTRIBUTES_HASH RestrictedSidHash;/* +0x148 */
5208 ULONG VariablePart; /* +0x1d0 */
5209 } VISTA;
5210 struct
5211 {
5212 TOKEN_SOURCE TokenSource; /* +0x000 */
5213 LUID TokenId; /* +0x010 */
5214 LUID AuthenticationId; /* +0x018 */
5215 LUID ParentTokenId; /* +0x020 */
5216 LARGE_INTEGER ExpirationTime; /* +0x028 */
5217 PERESOURCE TokenLock; /* +0x030 */
5218 SEP_AUDIT_POLICY AuditPolicy; /* +0x038 */
5219 LUID ModifiedId; /* +0x040 */
5220 ULONG SessionId; /* +0x048 */
5221 ULONG UserAndGroupCount; /* +0x04c */
5222 ULONG RestrictedSidCount; /* +0x050 */
5223 ULONG PrivilegeCount; /* +0x054 */
5224 ULONG VariableLength; /* +0x058 */
5225 ULONG DynamicCharged; /* +0x05c */
5226 ULONG DynamicAvailable; /* +0x060 */
5227 ULONG DefaultOwnerIndex; /* +0x064 */
5228 PSID_AND_ATTRIBUTES UserAndGroups; /* +0x068 */
5229 PSID_AND_ATTRIBUTES RestrictedSids; /* +0x070 */
5230 PSID PrimaryGroup; /* +0x078 */
5231 PLUID_AND_ATTRIBUTES Privileges; /* +0x080 */
5232 PULONG DynamicPart; /* +0x088 */
5233 PACL DefaultDacl; /* +0x090 */
5234 TOKEN_TYPE TokenType; /* +0x098 */
5235 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; /* +0x09c */
5236 UCHAR TokenFlags; /* +0x0a0 */
5237 BOOLEAN TokenInUse; /* +0x0a1 */
5238 UCHAR Padding64 [6]; /* +0x0a2 */
5239 PVOID ProxyData; /* +0x0a8 */
5240 PVOID AuditData; /* +0x0b0 */
5241 PVOID LogonSession; /* +0x0b8 */
5242 LUID OriginatingLogonSession;/* +0x0c0 */
5243 ULONG VariablePart; /* +0x0c8 */
5244 } XP64; /* equial 2K3SP1x64 */
5245 /* VariablePart */
5246 } TOKEN_OBJECT, *PTOKEN_OBJECT;
5247 #include <poppack.h>
5248
5249 typedef struct _TOKEN_OWNER {
5250 PSID Owner;
5251 } TOKEN_OWNER, *PTOKEN_OWNER;
5252
5253 typedef struct _TOKEN_PRIMARY_GROUP {
5254 PSID PrimaryGroup;
5255 } TOKEN_PRIMARY_GROUP, *PTOKEN_PRIMARY_GROUP;
5256
5257 typedef struct _TOKEN_PRIVILEGES {
5258 ULONG PrivilegeCount;
5259 LUID_AND_ATTRIBUTES Privileges[1];
5260 } TOKEN_PRIVILEGES, *PTOKEN_PRIVILEGES;
5261
5262 typedef struct _TOKEN_STATISTICS {
5263 LUID TokenId;
5264 LUID AuthenticationId;
5265 LARGE_INTEGER ExpirationTime;
5266 TOKEN_TYPE TokenType;
5267 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
5268 ULONG DynamicCharged;
5269 ULONG DynamicAvailable;
5270 ULONG GroupCount;
5271 ULONG PrivilegeCount;
5272 LUID ModifiedId;
5273 } TOKEN_STATISTICS, *PTOKEN_STATISTICS;
5274
5275 typedef struct _TOKEN_USER {
5276 SID_AND_ATTRIBUTES User;
5277 } TOKEN_USER, *PTOKEN_USER;
5278
5279 typedef struct _SECURITY_CLIENT_CONTEXT {
5280 SECURITY_QUALITY_OF_SERVICE SecurityQos;
5281 PACCESS_TOKEN ClientToken;
5282 BOOLEAN DirectlyAccessClientToken;
5283 BOOLEAN DirectAccessEffectiveOnly;
5284 BOOLEAN ServerIsRemote;
5285 TOKEN_CONTROL ClientTokenControl;
5286 } SECURITY_CLIENT_CONTEXT, *PSECURITY_CLIENT_CONTEXT;
5287
5288 typedef struct _TUNNEL {
5289 FAST_MUTEX Mutex;
5290 PRTL_SPLAY_LINKS Cache;
5291 LIST_ENTRY TimerQueue;
5292 USHORT NumEntries;
5293 } TUNNEL, *PTUNNEL;
5294
5295 typedef struct _VACB {
5296 PVOID BaseAddress;
5297 PSHARED_CACHE_MAP SharedCacheMap;
5298 union {
5299 LARGE_INTEGER FileOffset;
5300 USHORT ActiveCount;
5301 } Overlay;
5302 LIST_ENTRY LruList;
5303 } VACB, *PVACB;
5304
5305 typedef struct _VAD_HEADER {
5306 PVOID StartVPN;
5307 PVOID EndVPN;
5308 PVAD_HEADER ParentLink;
5309 PVAD_HEADER LeftLink;
5310 PVAD_HEADER RightLink;
5311 ULONG Flags; // LSB = CommitCharge
5312 PVOID ControlArea;
5313 PVOID FirstProtoPte;
5314 PVOID LastPTE;
5315 ULONG Unknown;
5316 LIST_ENTRY Secured;
5317 } VAD_HEADER, *PVAD_HEADER;
5318
5319 NTKERNELAPI
5320 BOOLEAN
5321 CcCanIWrite (
5322 IN PFILE_OBJECT FileObject,
5323 IN ULONG BytesToWrite,
5324 IN BOOLEAN Wait,
5325 IN BOOLEAN Retrying
5326 );
5327
5328 NTKERNELAPI
5329 BOOLEAN
5330 CcCopyRead (
5331 IN PFILE_OBJECT FileObject,
5332 IN PLARGE_INTEGER FileOffset,
5333 IN ULONG Length,
5334 IN BOOLEAN Wait,
5335 OUT PVOID Buffer,
5336 OUT PIO_STATUS_BLOCK IoStatus
5337 );
5338
5339 NTKERNELAPI
5340 BOOLEAN
5341 CcCopyWrite (
5342 IN PFILE_OBJECT FileObject,
5343 IN PLARGE_INTEGER FileOffset,
5344 IN ULONG Length,
5345 IN BOOLEAN Wait,
5346 IN PVOID Buffer
5347 );
5348
5349 #define CcCopyWriteWontFlush(FO, FOFF, LEN) ((LEN) <= 0x10000)
5350
5351 typedef VOID (*PCC_POST_DEFERRED_WRITE) (
5352 IN PVOID Context1,
5353 IN PVOID Context2
5354 );
5355
5356 NTKERNELAPI
5357 VOID
5358 CcDeferWrite (
5359 IN PFILE_OBJECT FileObject,
5360 IN PCC_POST_DEFERRED_WRITE PostRoutine,
5361 IN PVOID Context1,
5362 IN PVOID Context2,
5363 IN ULONG BytesToWrite,
5364 IN BOOLEAN Retrying
5365 );
5366
5367 NTKERNELAPI
5368 VOID
5369 CcFastCopyRead (
5370 IN PFILE_OBJECT FileObject,
5371 IN ULONG FileOffset,
5372 IN ULONG Length,
5373 IN ULONG PageCount,
5374 OUT PVOID Buffer,
5375 OUT PIO_STATUS_BLOCK IoStatus
5376 );
5377
5378 NTKERNELAPI
5379 VOID
5380 CcFastCopyWrite (
5381 IN PFILE_OBJECT FileObject,
5382 IN ULONG FileOffset,
5383 IN ULONG Length,
5384 IN PVOID Buffer
5385 );
5386
5387 NTKERNELAPI
5388 VOID
5389 CcFlushCache (
5390 IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
5391 IN PLARGE_INTEGER FileOffset OPTIONAL,
5392 IN ULONG Length,
5393 OUT PIO_STATUS_BLOCK IoStatus OPTIONAL
5394 );
5395
5396 typedef VOID (*PDIRTY_PAGE_ROUTINE) (
5397 IN PFILE_OBJECT FileObject,
5398 IN PLARGE_INTEGER FileOffset,
5399 IN ULONG Length,
5400 IN PLARGE_INTEGER OldestLsn,
5401 IN PLARGE_INTEGER NewestLsn,
5402 IN PVOID Context1,
5403 IN PVOID Context2
5404 );
5405
5406 NTKERNELAPI
5407 LARGE_INTEGER
5408 CcGetDirtyPages (
5409 IN PVOID LogHandle,
5410 IN PDIRTY_PAGE_ROUTINE DirtyPageRoutine,
5411 IN PVOID Context1,
5412 IN PVOID Context2
5413 );
5414
5415 NTKERNELAPI
5416 PFILE_OBJECT
5417 CcGetFileObjectFromBcb (
5418 IN PVOID Bcb
5419 );
5420
5421 NTKERNELAPI
5422 PFILE_OBJECT
5423 CcGetFileObjectFromSectionPtrs (
5424 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
5425 );
5426
5427 #define CcGetFileSizePointer(FO) ( \
5428 ((PLARGE_INTEGER)((FO)->SectionObjectPointer->SharedCacheMap) + 1) \
5429 )
5430
5431 #if (VER_PRODUCTBUILD >= 2195)
5432
5433 NTKERNELAPI
5434 LARGE_INTEGER
5435 CcGetFlushedValidData (
5436 IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
5437 IN BOOLEAN BcbListHeld
5438 );
5439
5440 #endif // (VER_PRODUCTBUILD >= 2195)
5441
5442 NTKERNELAPI
5443 LARGE_INTEGER
5444 CcGetLsnForFileObject (
5445 IN PFILE_OBJECT FileObject,
5446 OUT PLARGE_INTEGER OldestLsn OPTIONAL
5447 );
5448
5449 typedef BOOLEAN (*PACQUIRE_FOR_LAZY_WRITE) (
5450 IN PVOID Context,
5451 IN BOOLEAN Wait
5452 );
5453
5454 typedef VOID (*PRELEASE_FROM_LAZY_WRITE) (
5455 IN PVOID Context
5456 );
5457
5458 typedef BOOLEAN (*PACQUIRE_FOR_READ_AHEAD) (
5459 IN PVOID Context,
5460 IN BOOLEAN Wait
5461 );
5462
5463 typedef VOID (*PRELEASE_FROM_READ_AHEAD) (
5464 IN PVOID Context
5465 );
5466
5467 typedef struct _CACHE_MANAGER_CALLBACKS {
5468 PACQUIRE_FOR_LAZY_WRITE AcquireForLazyWrite;
5469 PRELEASE_FROM_LAZY_WRITE ReleaseFromLazyWrite;
5470 PACQUIRE_FOR_READ_AHEAD AcquireForReadAhead;
5471 PRELEASE_FROM_READ_AHEAD ReleaseFromReadAhead;
5472 } CACHE_MANAGER_CALLBACKS, *PCACHE_MANAGER_CALLBACKS;
5473
5474 NTKERNELAPI
5475 VOID
5476 CcInitializeCacheMap (
5477 IN PFILE_OBJECT FileObject,
5478 IN PCC_FILE_SIZES FileSizes,
5479 IN BOOLEAN PinAccess,
5480 IN PCACHE_MANAGER_CALLBACKS Callbacks,
5481 IN PVOID LazyWriteContext
5482 );
5483
5484 #define CcIsFileCached(FO) ( \
5485 ((FO)->SectionObjectPointer != NULL) && \
5486 (((PSECTION_OBJECT_POINTERS)(FO)->SectionObjectPointer)->SharedCacheMap != NULL) \
5487 )
5488
5489 NTKERNELAPI
5490 BOOLEAN
5491 CcIsThereDirtyData (
5492 IN PVPB Vpb
5493 );
5494
5495 NTKERNELAPI
5496 BOOLEAN
5497 CcMapData (
5498 IN PFILE_OBJECT FileObject,
5499 IN PLARGE_INTEGER FileOffset,
5500 IN ULONG Length,
5501 #if (VER_PRODUCTBUILD >= 2600)
5502 IN ULONG Flags,
5503 #else
5504 IN BOOLEAN Wait,
5505 #endif
5506 OUT PVOID *Bcb,
5507 OUT PVOID *Buffer
5508 );
5509
5510 NTKERNELAPI
5511 VOID
5512 CcMdlRead (
5513 IN PFILE_OBJECT FileObject,
5514 IN PLARGE_INTEGER FileOffset,
5515 IN ULONG Length,
5516 OUT PMDL *MdlChain,
5517 OUT PIO_STATUS_BLOCK IoStatus
5518 );
5519
5520 NTKERNELAPI
5521 VOID
5522 CcMdlReadComplete (
5523 IN PFILE_OBJECT FileObject,
5524 IN PMDL MdlChain
5525 );
5526
5527 #if (VER_PRODUCTBUILD >= 2600)
5528
5529 NTKERNELAPI
5530 VOID
5531 CcMdlWriteAbort (
5532 IN PFILE_OBJECT FileObject,
5533 IN PMDL MdlChain
5534 );
5535
5536 #endif
5537
5538 NTKERNELAPI
5539 VOID
5540 CcMdlWriteComplete (
5541 IN PFILE_OBJECT FileObject,
5542 IN PLARGE_INTEGER FileOffset,
5543 IN PMDL MdlChain
5544 );
5545
5546 NTKERNELAPI
5547 BOOLEAN
5548 CcPinMappedData (
5549 IN PFILE_OBJECT FileObject,
5550 IN PLARGE_INTEGER FileOffset,
5551 IN ULONG Length,
5552 #if (VER_PRODUCTBUILD >= 2195)
5553 IN ULONG Flags,
5554 #else
5555 IN BOOLEAN Wait,
5556 #endif
5557 IN OUT PVOID *Bcb
5558 );
5559
5560 NTKERNELAPI
5561 BOOLEAN
5562 CcPinRead (
5563 IN PFILE_OBJECT FileObject,
5564 IN PLARGE_INTEGER FileOffset,
5565 IN ULONG Length,
5566 #if (VER_PRODUCTBUILD >= 2195)
5567 IN ULONG Flags,
5568 #else
5569 IN BOOLEAN Wait,
5570 #endif
5571 OUT PVOID *Bcb,
5572 OUT PVOID *Buffer
5573 );
5574
5575 NTKERNELAPI
5576 VOID
5577 CcPrepareMdlWrite (
5578 IN PFILE_OBJECT FileObject,
5579 IN PLARGE_INTEGER FileOffset,
5580 IN ULONG Length,
5581 OUT PMDL *MdlChain,
5582 OUT PIO_STATUS_BLOCK IoStatus
5583 );
5584
5585 NTKERNELAPI
5586 BOOLEAN
5587 CcPreparePinWrite (
5588 IN PFILE_OBJECT FileObject,
5589 IN PLARGE_INTEGER FileOffset,
5590 IN ULONG Length,
5591 IN BOOLEAN Zero,
5592 #if (VER_PRODUCTBUILD >= 2195)
5593 IN ULONG Flags,
5594 #else
5595 IN BOOLEAN Wait,
5596 #endif
5597 OUT PVOID *Bcb,
5598 OUT PVOID *Buffer
5599 );
5600
5601 NTKERNELAPI
5602 BOOLEAN
5603 CcPurgeCacheSection (
5604 IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
5605 IN PLARGE_INTEGER FileOffset OPTIONAL,
5606 IN ULONG Length,
5607 IN BOOLEAN UninitializeCacheMaps
5608 );
5609
5610 #define CcReadAhead(FO, FOFF, LEN) ( \
5611 if ((LEN) >= 256) { \
5612 CcScheduleReadAhead((FO), (FOFF), (LEN)); \
5613 } \
5614 )
5615
5616 #if (VER_PRODUCTBUILD >= 2195)
5617
5618 NTKERNELAPI
5619 PVOID
5620 CcRemapBcb (
5621 IN PVOID Bcb
5622 );
5623
5624 #endif // (VER_PRODUCTBUILD >= 2195)
5625
5626 NTKERNELAPI
5627 VOID
5628 CcRepinBcb (
5629 IN PVOID Bcb
5630 );
5631
5632 NTKERNELAPI
5633 VOID
5634 CcScheduleReadAhead (
5635 IN PFILE_OBJECT FileObject,
5636 IN PLARGE_INTEGER FileOffset,
5637 IN ULONG Length
5638 );
5639
5640 NTKERNELAPI
5641 VOID
5642 CcSetAdditionalCacheAttributes (
5643 IN PFILE_OBJECT FileObject,
5644 IN BOOLEAN DisableReadAhead,
5645 IN BOOLEAN DisableWriteBehind
5646 );
5647
5648 NTKERNELAPI
5649 VOID
5650 CcSetBcbOwnerPointer (
5651 IN PVOID Bcb,
5652 IN PVOID OwnerPointer
5653 );
5654
5655 NTKERNELAPI
5656 VOID
5657 CcSetDirtyPageThreshold (
5658 IN PFILE_OBJECT FileObject,
5659 IN ULONG DirtyPageThreshold
5660 );
5661
5662 NTKERNELAPI
5663 VOID
5664 CcSetDirtyPinnedData (
5665 IN PVOID BcbVoid,
5666 IN PLARGE_INTEGER Lsn OPTIONAL
5667 );
5668
5669 NTKERNELAPI
5670 VOID
5671 CcSetFileSizes (
5672 IN PFILE_OBJECT FileObject,
5673 IN PCC_FILE_SIZES FileSizes
5674 );
5675
5676 typedef VOID (*PFLUSH_TO_LSN) (
5677 IN PVOID LogHandle,
5678 IN PLARGE_INTEGER Lsn
5679 );
5680
5681 NTKERNELAPI
5682 VOID
5683 CcSetLogHandleForFile (
5684 IN PFILE_OBJECT FileObject,
5685 IN PVOID LogHandle,
5686 IN PFLUSH_TO_LSN FlushToLsnRoutine
5687 );
5688
5689 NTKERNELAPI
5690 VOID
5691 CcSetReadAheadGranularity (
5692 IN PFILE_OBJECT FileObject,
5693 IN ULONG Granularity // default: PAGE_SIZE
5694 // allowed: 2^n * PAGE_SIZE
5695 );
5696
5697 NTKERNELAPI
5698 BOOLEAN
5699 CcUninitializeCacheMap (
5700 IN PFILE_OBJECT FileObject,
5701 IN PLARGE_INTEGER TruncateSize OPTIONAL,
5702 IN PCACHE_UNINITIALIZE_EVENT UninitializeCompleteEvent OPTIONAL
5703 );
5704
5705 NTKERNELAPI
5706 VOID
5707 CcUnpinData (
5708 IN PVOID Bcb
5709 );
5710
5711 NTKERNELAPI
5712 VOID
5713 CcUnpinDataForThread (
5714 IN PVOID Bcb,
5715 IN ERESOURCE_THREAD ResourceThreadId
5716 );
5717
5718 NTKERNELAPI
5719 VOID
5720 CcUnpinRepinnedBcb (
5721 IN PVOID Bcb,
5722 IN BOOLEAN WriteThrough,
5723 OUT PIO_STATUS_BLOCK IoStatus
5724 );
5725
5726 #if (VER_PRODUCTBUILD >= 2195)
5727
5728 NTKERNELAPI
5729 NTSTATUS
5730 CcWaitForCurrentLazyWriterActivity (
5731 VOID
5732 );
5733
5734 #endif // (VER_PRODUCTBUILD >= 2195)
5735
5736 NTKERNELAPI
5737 BOOLEAN
5738 CcZeroData (
5739 IN PFILE_OBJECT FileObject,
5740 IN PLARGE_INTEGER StartOffset,
5741 IN PLARGE_INTEGER EndOffset,
5742 IN BOOLEAN Wait
5743 );
5744
5745 NTKERNELAPI
5746 VOID
5747 ExDisableResourceBoostLite (
5748 IN PERESOURCE Resource
5749 );
5750
5751 NTKERNELAPI
5752 ULONG
5753 ExQueryPoolBlockSize (
5754 IN PVOID PoolBlock,
5755 OUT PBOOLEAN QuotaCharged
5756 );
5757
5758 #define FlagOn(x, f) ((x) & (f))
5759
5760 #if (VER_PRODUCTBUILD >= 2195)
5761
5762 NTKERNELAPI
5763 VOID
5764 FsRtlAcquireFileExclusive (
5765 IN PFILE_OBJECT FileObject
5766 );
5767
5768 #endif // (VER_PRODUCTBUILD >= 2195)
5769
5770 NTKERNELAPI
5771 BOOLEAN
5772 FsRtlAddLargeMcbEntry (
5773 IN PLARGE_MCB Mcb,
5774 IN LONGLONG Vbn,
5775 IN LONGLONG Lbn,
5776 IN LONGLONG SectorCount
5777 );
5778
5779 NTKERNELAPI
5780 BOOLEAN
5781 FsRtlAddMcbEntry (
5782 IN PMCB Mcb,
5783 IN VBN Vbn,
5784 IN LBN Lbn,
5785 IN ULONG SectorCount
5786 );
5787
5788 NTKERNELAPI
5789 VOID
5790 FsRtlAddToTunnelCache (
5791 IN PTUNNEL Cache,
5792 IN ULONGLONG DirectoryKey,
5793 IN PUNICODE_STRING ShortName,
5794 IN PUNICODE_STRING LongName,
5795 IN BOOLEAN KeyByShortName,
5796 IN ULONG DataLength,
5797 IN PVOID Data
5798 );
5799
5800 #if (VER_PRODUCTBUILD >= 2195)
5801
5802 PFILE_LOCK
5803 FsRtlAllocateFileLock (
5804 IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL,
5805 IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL
5806 );
5807
5808 #endif // (VER_PRODUCTBUILD >= 2195)
5809
5810 NTKERNELAPI
5811 PVOID
5812 FsRtlAllocatePool (
5813 IN POOL_TYPE PoolType,
5814 IN ULONG NumberOfBytes
5815 );
5816
5817 NTKERNELAPI
5818 PVOID
5819 FsRtlAllocatePoolWithQuota (
5820 IN POOL_TYPE PoolType,
5821 IN ULONG NumberOfBytes
5822 );
5823
5824 NTKERNELAPI
5825 PVOID
5826 FsRtlAllocatePoolWithQuotaTag (
5827 IN POOL_TYPE PoolType,
5828 IN ULONG NumberOfBytes,
5829 IN ULONG Tag
5830 );
5831
5832 NTKERNELAPI
5833 PVOID
5834 FsRtlAllocatePoolWithTag (
5835 IN POOL_TYPE PoolType,
5836 IN ULONG NumberOfBytes,
5837 IN ULONG Tag
5838 );
5839
5840 NTKERNELAPI
5841 PVOID
5842 FsRtlAllocateResource (
5843 VOID
5844 );
5845
5846 NTKERNELAPI
5847 BOOLEAN
5848 FsRtlAreNamesEqual (
5849 IN PUNICODE_STRING Name1,
5850 IN PUNICODE_STRING Name2,
5851 IN BOOLEAN IgnoreCase,
5852 IN PWCHAR UpcaseTable OPTIONAL
5853 );
5854
5855 #define FsRtlAreThereCurrentFileLocks(FL) ( \
5856 ((FL)->FastIoIsQuestionable) \
5857 )
5858
5859 NTKERNELAPI
5860 NTSTATUS
5861 FsRtlBalanceReads (
5862 IN PDEVICE_OBJECT TargetDevice
5863 );
5864
5865 /*
5866 FsRtlCheckLockForReadAccess:
5867
5868 All this really does is pick out the lock parameters from the irp (io stack
5869 location?), get IoGetRequestorProcess, and pass values on to
5870 FsRtlFastCheckLockForRead.
5871 */
5872 NTKERNELAPI
5873 BOOLEAN
5874 FsRtlCheckLockForReadAccess (
5875 IN PFILE_LOCK FileLock,
5876 IN PIRP Irp
5877 );
5878
5879 /*
5880 FsRtlCheckLockForWriteAccess:
5881
5882 All this really does is pick out the lock parameters from the irp (io stack
5883 location?), get IoGetRequestorProcess, and pass values on to
5884 FsRtlFastCheckLockForWrite.
5885 */
5886 NTKERNELAPI
5887 BOOLEAN
5888 FsRtlCheckLockForWriteAccess (
5889 IN PFILE_LOCK FileLock,
5890 IN PIRP Irp
5891 );
5892
5893 typedef
5894 VOID
5895 (*POPLOCK_WAIT_COMPLETE_ROUTINE) (
5896 IN PVOID Context,
5897 IN PIRP Irp
5898 );
5899
5900 typedef
5901 VOID
5902 (*POPLOCK_FS_PREPOST_IRP) (
5903 IN PVOID Context,
5904 IN PIRP Irp
5905 );
5906
5907 NTKERNELAPI
5908 NTSTATUS
5909 FsRtlCheckOplock (
5910 IN POPLOCK Oplock,
5911 IN PIRP Irp,
5912 IN PVOID Context,
5913 IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL,
5914 IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL
5915 );
5916
5917 NTKERNELAPI
5918 BOOLEAN
5919 FsRtlCopyRead (
5920 IN PFILE_OBJECT FileObject,
5921 IN PLARGE_INTEGER FileOffset,
5922 IN ULONG Length,
5923 IN BOOLEAN Wait,
5924 IN ULONG LockKey,
5925 OUT PVOID Buffer,
5926 OUT PIO_STATUS_BLOCK IoStatus,
5927 IN PDEVICE_OBJECT DeviceObject
5928 );
5929
5930 NTKERNELAPI
5931 BOOLEAN
5932 FsRtlCopyWrite (
5933 IN PFILE_OBJECT FileObject,
5934 IN PLARGE_INTEGER FileOffset,
5935 IN ULONG Length,
5936 IN BOOLEAN Wait,
5937 IN ULONG LockKey,
5938 IN PVOID Buffer,
5939 OUT PIO_STATUS_BLOCK IoStatus,
5940 IN PDEVICE_OBJECT DeviceObject
5941 );
5942
5943 NTKERNELAPI
5944 BOOLEAN
5945 FsRtlCurrentBatchOplock (
5946 IN POPLOCK Oplock
5947 );
5948
5949 NTKERNELAPI
5950 VOID
5951 FsRtlDeleteKeyFromTunnelCache (
5952 IN PTUNNEL Cache,
5953 IN ULONGLONG DirectoryKey
5954 );
5955
5956 NTKERNELAPI
5957 VOID
5958 FsRtlDeleteTunnelCache (
5959 IN PTUNNEL Cache
5960 );
5961
5962 NTKERNELAPI
5963 VOID
5964 FsRtlDeregisterUncProvider (
5965 IN HANDLE Handle
5966 );
5967
5968 NTKERNELAPI
5969 VOID
5970 FsRtlDissectDbcs (
5971 IN ANSI_STRING InputName,
5972 OUT PANSI_STRING FirstPart,
5973 OUT PANSI_STRING RemainingPart
5974 );
5975
5976 NTKERNELAPI
5977 VOID
5978 FsRtlDissectName (
5979 IN UNICODE_STRING Path,
5980 OUT PUNICODE_STRING FirstName,
5981 OUT PUNICODE_STRING RemainingName
5982 );
5983
5984 NTKERNELAPI
5985 BOOLEAN
5986 FsRtlDoesDbcsContainWildCards (
5987 IN PANSI_STRING Name
5988 );
5989
5990 NTKERNELAPI
5991 BOOLEAN
5992 FsRtlDoesNameContainWildCards (
5993 IN PUNICODE_STRING Name
5994 );
5995
5996 #define FsRtlEnterFileSystem KeEnterCriticalRegion
5997
5998 #define FsRtlExitFileSystem KeLeaveCriticalRegion
5999
6000 NTKERNELAPI
6001 BOOLEAN
6002 FsRtlFastCheckLockForRead (
6003 IN PFILE_LOCK FileLock,
6004 IN PLARGE_INTEGER FileOffset,
6005 IN PLARGE_INTEGER Length,
6006 IN ULONG Key,
6007 IN PFILE_OBJECT FileObject,
6008 IN PEPROCESS Process
6009 );
6010
6011 NTKERNELAPI
6012 BOOLEAN
6013 FsRtlFastCheckLockForWrite (
6014 IN PFILE_LOCK FileLock,
6015 IN PLARGE_INTEGER FileOffset,
6016 IN PLARGE_INTEGER Length,
6017 IN ULONG Key,
6018 IN PFILE_OBJECT FileObject,
6019 IN PEPROCESS Process
6020 );
6021
6022 #define FsRtlFastLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, A10, A11) ( \
6023 FsRtlPrivateLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, NULL, A10, A11) \
6024 )
6025
6026 NTKERNELAPI
6027 NTSTATUS
6028 FsRtlFastUnlockAll (
6029 IN PFILE_LOCK FileLock,
6030 IN PFILE_OBJECT FileObject,
6031 IN PEPROCESS Process,
6032 IN PVOID Context OPTIONAL
6033 );
6034 //ret: STATUS_RANGE_NOT_LOCKED
6035
6036 NTKERNELAPI
6037 NTSTATUS
6038 FsRtlFastUnlockAllByKey (
6039 IN PFILE_LOCK FileLock,
6040 IN PFILE_OBJECT FileObject,
6041 IN PEPROCESS Process,
6042 IN ULONG Key,
6043 IN PVOID Context OPTIONAL
6044 );
6045 //ret: STATUS_RANGE_NOT_LOCKED
6046
6047 NTKERNELAPI
6048 NTSTATUS
6049 FsRtlFastUnlockSingle (
6050 IN PFILE_LOCK FileLock,
6051 IN PFILE_OBJECT FileObject,
6052 IN PLARGE_INTEGER FileOffset,
6053 IN PLARGE_INTEGER Length,
6054 IN PEPROCESS Process,
6055 IN ULONG Key,
6056 IN PVOID Context OPTIONAL,
6057 IN BOOLEAN AlreadySynchronized
6058 );
6059 //ret: STATUS_RANGE_NOT_LOCKED
6060
6061 NTKERNELAPI
6062 BOOLEAN
6063 FsRtlFindInTunnelCache (
6064 IN PTUNNEL Cache,
6065 IN ULONGLONG DirectoryKey,
6066 IN PUNICODE_STRING Name,
6067 OUT PUNICODE_STRING ShortName,
6068 OUT PUNICODE_STRING LongName,
6069 IN OUT PULONG DataLength,
6070 OUT PVOID Data
6071 );
6072
6073 #if (VER_PRODUCTBUILD >= 2195)
6074
6075 VOID
6076 FsRtlFreeFileLock (
6077 IN PFILE_LOCK FileLock
6078 );
6079
6080 #endif // (VER_PRODUCTBUILD >= 2195)
6081
6082 NTKERNELAPI
6083 NTSTATUS
6084 FsRtlGetFileSize (
6085 IN PFILE_OBJECT FileObject,
6086 IN OUT PLARGE_INTEGER FileSize
6087 );
6088
6089 /*
6090 FsRtlGetNextFileLock:
6091
6092 ret: NULL if no more locks
6093
6094 Internals:
6095 FsRtlGetNextFileLock uses FileLock->LastReturnedLockInfo and
6096 FileLock->LastReturnedLock as storage.
6097 LastReturnedLock is a pointer to the 'raw' lock inkl. double linked
6098 list, and FsRtlGetNextFileLock needs this to get next lock on subsequent
6099 calls with Restart = FALSE.
6100 */
6101 NTKERNELAPI
6102 PFILE_LOCK_INFO
6103 FsRtlGetNextFileLock (
6104 IN PFILE_LOCK FileLock,
6105 IN BOOLEAN Restart
6106 );
6107
6108 NTKERNELAPI
6109 BOOLEAN
6110 FsRtlGetNextLargeMcbEntry (
6111 IN PLARGE_MCB Mcb,
6112 IN ULONG RunIndex,
6113 OUT PLONGLONG Vbn,
6114 OUT PLONGLONG Lbn,
6115 OUT PLONGLONG SectorCount
6116 );
6117
6118 NTKERNELAPI
6119 BOOLEAN
6120 FsRtlGetNextMcbEntry (
6121 IN PMCB Mcb,
6122 IN ULONG RunIndex,
6123 OUT PVBN Vbn,
6124 OUT PLBN Lbn,
6125 OUT PULONG SectorCount
6126 );
6127
6128 #if (VER_PRODUCTBUILD >= 2600)
6129
6130 NTKERNELAPI
6131 VOID
6132 FsRtlIncrementCcFastReadNotPossible (
6133 VOID
6134 );
6135
6136 NTKERNELAPI
6137 VOID
6138 FsRtlIncrementCcFastReadNoWait (
6139 VOID
6140 );
6141
6142 NTKERNELAPI
6143 VOID
6144 FsRtlIncrementCcFastReadResourceMiss (
6145 VOID
6146 );
6147
6148 NTKERNELAPI
6149 VOID
6150 FsRtlIncrementCcFastReadWait (
6151 VOID
6152 );
6153
6154 #endif // (VER_PRODUCTBUILD >= 2600)
6155
6156 NTKERNELAPI
6157 VOID
6158 FsRtlInitializeFileLock (
6159 IN PFILE_LOCK FileLock,
6160 IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL,
6161 IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL
6162 );
6163
6164 NTKERNELAPI
6165 VOID
6166 FsRtlInitializeLargeMcb (
6167 IN PLARGE_MCB Mcb,
6168 IN POOL_TYPE PoolType
6169 );
6170
6171 NTKERNELAPI
6172 VOID
6173 FsRtlInitializeMcb (
6174 IN PMCB Mcb,
6175 IN POOL_TYPE PoolType
6176 );
6177
6178 NTKERNELAPI
6179 VOID
6180 FsRtlInitializeOplock (
6181 IN OUT POPLOCK Oplock
6182 );
6183
6184 NTKERNELAPI
6185 VOID
6186 FsRtlInitializeTunnelCache (
6187 IN PTUNNEL Cache
6188 );
6189
6190 NTKERNELAPI
6191 BOOLEAN
6192 FsRtlIsDbcsInExpression (
6193 IN PANSI_STRING Expression,
6194 IN PANSI_STRING Name
6195 );
6196
6197 NTKERNELAPI
6198 BOOLEAN
6199 FsRtlIsFatDbcsLegal (
6200 IN ANSI_STRING DbcsName,
6201 IN BOOLEAN WildCardsPermissible,
6202 IN BOOLEAN PathNamePermissible,
6203 IN BOOLEAN LeadingBackslashPermissible
6204 );
6205
6206 NTKERNELAPI
6207 BOOLEAN
6208 FsRtlIsHpfsDbcsLegal (
6209 IN ANSI_STRING DbcsName,
6210 IN BOOLEAN WildCardsPermissible,
6211 IN BOOLEAN PathNamePermissible,
6212 IN BOOLEAN LeadingBackslashPermissible
6213 );
6214
6215 NTKERNELAPI
6216 BOOLEAN
6217 FsRtlIsNameInExpression (
6218 IN PUNICODE_STRING Expression,
6219 IN PUNICODE_STRING Name,
6220 IN BOOLEAN IgnoreCase,
6221 IN PWCHAR UpcaseTable OPTIONAL
6222 );
6223
6224 NTKERNELAPI
6225 BOOLEAN
6226 FsRtlIsNtstatusExpected (
6227 IN NTSTATUS Ntstatus
6228 );
6229
6230 #if (VER_PRODUCTBUILD >= 2600)
6231
6232 NTKERNELAPI
6233 BOOLEAN
6234 FsRtlIsPagingFile (
6235 IN PFILE_OBJECT FileObject
6236 );
6237
6238 #endif // (VER_PRODUCTBUILD >= 2600)
6239
6240 NTKERNELAPI
6241 BOOLEAN
6242 FsRtlIsTotalDeviceFailure (
6243 IN NTSTATUS Status
6244 );
6245
6246 #define FsRtlIsUnicodeCharacterWild(C) ( \
6247 (((C) >= 0x40) ? \
6248 FALSE : \
6249 FlagOn((*FsRtlLegalAnsiCharacterArray)[(C)], FSRTL_WILD_CHARACTER )) \
6250 )
6251
6252 NTKERNELAPI
6253 BOOLEAN
6254 FsRtlLookupLargeMcbEntry (
6255 IN PLARGE_MCB Mcb,
6256 IN LONGLONG Vbn,
6257 OUT PLONGLONG Lbn OPTIONAL,
6258 OUT PLONGLONG SectorCountFromLbn OPTIONAL,
6259 OUT PLONGLONG StartingLbn OPTIONAL,
6260 OUT PLONGLONG SectorCountFromStartingLbn OPTIONAL,
6261 OUT PULONG Index OPTIONAL
6262 );
6263
6264 NTKERNELAPI
6265 BOOLEAN
6266 FsRtlLookupLastLargeMcbEntry (
6267 IN PLARGE_MCB Mcb,
6268 OUT PLONGLONG Vbn,
6269 OUT PLONGLONG Lbn
6270 );
6271
6272 #if (VER_PRODUCTBUILD >= 2195)
6273
6274 NTKERNELAPI
6275 BOOLEAN
6276 FsRtlLookupLastLargeMcbEntryAndIndex (
6277 IN PLARGE_MCB OpaqueMcb,
6278 OUT PLONGLONG LargeVbn,
6279 OUT PLONGLONG LargeLbn,
6280 OUT PULONG Index
6281 );
6282
6283 #endif // (VER_PRODUCTBUILD >= 2195)
6284
6285 NTKERNELAPI
6286 BOOLEAN
6287 FsRtlLookupLastMcbEntry (
6288 IN PMCB Mcb,
6289 OUT PVBN Vbn,
6290 OUT PLBN Lbn
6291 );
6292
6293 NTKERNELAPI
6294 BOOLEAN
6295 FsRtlLookupMcbEntry (
6296 IN PMCB Mcb,
6297 IN VBN Vbn,
6298 OUT PLBN Lbn,
6299 OUT PULONG SectorCount OPTIONAL,
6300 OUT PULONG Index
6301 );
6302
6303 NTKERNELAPI
6304 BOOLEAN
6305 FsRtlMdlReadComplete (
6306 IN PFILE_OBJECT FileObject,
6307 IN PMDL MdlChain
6308 );
6309
6310 NTKERNELAPI
6311 BOOLEAN
6312 FsRtlMdlReadCompleteDev (
6313 IN PFILE_OBJECT FileObject,
6314 IN PMDL MdlChain,
6315 IN PDEVICE_OBJECT DeviceObject
6316 );
6317
6318 #if (VER_PRODUCTBUILD >= 1381)
6319
6320 NTKERNELAPI
6321 BOOLEAN
6322 FsRtlMdlReadDev (
6323 IN PFILE_OBJECT FileObject,
6324 IN PLARGE_INTEGER FileOffset,
6325 IN ULONG Length,
6326 IN ULONG LockKey,
6327 OUT PMDL *MdlChain,
6328 OUT PIO_STATUS_BLOCK IoStatus,
6329 IN PDEVICE_OBJECT DeviceObject
6330 );
6331
6332 #endif // (VER_PRODUCTBUILD >= 1381)
6333
6334 NTKERNELAPI
6335 BOOLEAN
6336 FsRtlMdlWriteComplete (
6337 IN PFILE_OBJECT FileObject,
6338 IN PLARGE_INTEGER FileOffset,
6339 IN PMDL MdlChain
6340 );
6341
6342 NTKERNELAPI
6343 BOOLEAN
6344 FsRtlMdlWriteCompleteDev (
6345 IN PFILE_OBJECT FileObject,
6346 IN PLARGE_INTEGER FileOffset,
6347 IN PMDL MdlChain,
6348 IN PDEVICE_OBJECT DeviceObject
6349 );
6350
6351 NTKERNELAPI
6352 NTSTATUS
6353 FsRtlNormalizeNtstatus (
6354 IN NTSTATUS Exception,
6355 IN NTSTATUS GenericException
6356 );
6357
6358 NTKERNELAPI
6359 VOID
6360 FsRtlNotifyChangeDirectory (
6361 IN PNOTIFY_SYNC NotifySync,
6362 IN PVOID FsContext,
6363 IN PSTRING FullDirectoryName,
6364 IN PLIST_ENTRY NotifyList,
6365 IN BOOLEAN WatchTree,
6366 IN ULONG CompletionFilter,
6367 IN PIRP NotifyIrp
6368 );
6369
6370 NTKERNELAPI
6371 VOID
6372 FsRtlNotifyCleanup (
6373 IN PNOTIFY_SYNC NotifySync,
6374 IN PLIST_ENTRY NotifyList,
6375 IN PVOID FsContext
6376 );
6377
6378 typedef BOOLEAN (*PCHECK_FOR_TRAVERSE_ACCESS) (
6379 IN PVOID NotifyContext,
6380 IN PVOID TargetContext,
6381 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
6382 );
6383
6384 #if (VER_PRODUCTBUILD >= 2600)
6385
6386 typedef BOOLEAN (*PFILTER_REPORT_CHANGE) (
6387 IN PVOID NotifyContext,
6388 IN PVOID FilterContext
6389 );
6390
6391 NTKERNELAPI
6392 VOID
6393 FsRtlNotifyFilterChangeDirectory (
6394 IN PNOTIFY_SYNC NotifySync,
6395 IN PLIST_ENTRY NotifyList,
6396 IN PVOID FsContext,
6397 IN PSTRING FullDirectoryName,
6398 IN BOOLEAN WatchTree,
6399 IN BOOLEAN IgnoreBuffer,
6400 IN ULONG CompletionFilter,
6401 IN PIRP NotifyIrp,
6402 IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL,
6403 IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL,
6404 IN PFILTER_REPORT_CHANGE FilterCallback OPTIONAL
6405 );
6406
6407 NTKERNELAPI
6408 VOID
6409 FsRtlNotifyFilterReportChange (
6410 IN PNOTIFY_SYNC NotifySync,
6411 IN PLIST_ENTRY NotifyList,
6412 IN PSTRING FullTargetName,
6413 IN USHORT TargetNameOffset,
6414 IN PSTRING StreamName OPTIONAL,
6415 IN PSTRING NormalizedParentName OPTIONAL,
6416 IN ULONG FilterMatch,
6417 IN ULONG Action,
6418 IN PVOID TargetContext,
6419 IN PVOID FilterContext
6420 );
6421
6422 #endif // (VER_PRODUCTBUILD >= 2600)
6423
6424 NTKERNELAPI
6425 VOID
6426 FsRtlNotifyFullChangeDirectory (
6427 IN PNOTIFY_SYNC NotifySync,
6428 IN PLIST_ENTRY NotifyList,
6429 IN PVOID FsContext,
6430 IN PSTRING FullDirectoryName,
6431 IN BOOLEAN WatchTree,
6432 IN BOOLEAN IgnoreBuffer,
6433 IN ULONG CompletionFilter,
6434 IN PIRP NotifyIrp,
6435 IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL,
6436 IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL
6437 );
6438
6439 NTKERNELAPI
6440 VOID
6441 FsRtlNotifyFullReportChange (
6442 IN PNOTIFY_SYNC NotifySync,
6443 IN PLIST_ENTRY NotifyList,
6444 IN PSTRING FullTargetName,
6445 IN USHORT TargetNameOffset,
6446 IN PSTRING StreamName OPTIONAL,
6447 IN PSTRING NormalizedParentName OPTIONAL,
6448 IN ULONG FilterMatch,
6449 IN ULONG Action,
6450 IN PVOID TargetContext
6451 );
6452
6453 NTKERNELAPI
6454 VOID
6455 FsRtlNotifyInitializeSync (
6456 IN PNOTIFY_SYNC *NotifySync
6457 );
6458
6459 NTKERNELAPI
6460 VOID
6461 FsRtlNotifyReportChange (
6462 IN PNOTIFY_SYNC NotifySync,
6463 IN PLIST_ENTRY NotifyList,
6464 IN PSTRING FullTargetName,
6465 IN PUSHORT FileNamePartLength,
6466 IN ULONG FilterMatch
6467 );
6468
6469 NTKERNELAPI
6470 VOID
6471 FsRtlNotifyUninitializeSync (
6472 IN PNOTIFY_SYNC *NotifySync
6473 );
6474
6475 #if (VER_PRODUCTBUILD >= 2195)
6476
6477 NTKERNELAPI
6478 NTSTATUS
6479 FsRtlNotifyVolumeEvent (
6480 IN PFILE_OBJECT FileObject,
6481 IN ULONG EventCode
6482 );
6483
6484 #endif // (VER_PRODUCTBUILD >= 2195)
6485
6486 NTKERNELAPI
6487 ULONG
6488 FsRtlNumberOfRunsInLargeMcb (
6489 IN PLARGE_MCB Mcb
6490 );
6491
6492 NTKERNELAPI
6493 ULONG
6494 FsRtlNumberOfRunsInMcb (
6495 IN PMCB Mcb
6496 );
6497
6498 NTKERNELAPI
6499 NTSTATUS
6500 FsRtlOplockFsctrl (
6501 IN POPLOCK Oplock,
6502 IN PIRP Irp,
6503 IN ULONG OpenCount
6504 );
6505
6506 NTKERNELAPI
6507 BOOLEAN
6508 FsRtlOplockIsFastIoPossible (
6509 IN POPLOCK Oplock
6510 );
6511
6512 typedef
6513 VOID
6514 (*PFSRTL_STACK_OVERFLOW_ROUTINE) (
6515 IN PVOID Context,
6516 IN PKEVENT Event
6517 );
6518
6519 NTKERNELAPI
6520 VOID
6521 FsRtlPostPagingFileStackOverflow (
6522 IN PVOID Context,
6523 IN PKEVENT Event,
6524 IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine
6525 );
6526
6527 NTKERNELAPI
6528 VOID
6529 FsRtlPostStackOverflow (
6530 IN PVOID Context,
6531 IN PKEVENT Event,
6532 IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine
6533 );
6534
6535 #if (VER_PRODUCTBUILD >= 1381)
6536
6537 NTKERNELAPI
6538 BOOLEAN
6539 FsRtlPrepareMdlWriteDev (
6540 IN PFILE_OBJECT FileObject,
6541 IN PLARGE_INTEGER FileOffset,
6542 IN ULONG Length,
6543 IN ULONG LockKey,
6544 OUT PMDL *MdlChain,
6545 OUT PIO_STATUS_BLOCK IoStatus,
6546 IN PDEVICE_OBJECT DeviceObject
6547 );
6548
6549 #endif // (VER_PRODUCTBUILD >= 1381)
6550
6551 /*
6552 FsRtlPrivateLock:
6553
6554 ret: IoStatus->Status: STATUS_PENDING, STATUS_LOCK_NOT_GRANTED
6555
6556 Internals:
6557 -Calls IoCompleteRequest if Irp
6558 -Uses exception handling / ExRaiseStatus with STATUS_INSUFFICIENT_RESOURCES
6559 */
6560 NTKERNELAPI
6561 BOOLEAN
6562 FsRtlPrivateLock (
6563 IN PFILE_LOCK FileLock,
6564 IN PFILE_OBJECT FileObject,
6565 IN PLARGE_INTEGER FileOffset,
6566 IN PLARGE_INTEGER Length,
6567 IN PEPROCESS Process,
6568 IN ULONG Key,
6569 IN BOOLEAN FailImmediately,
6570 IN BOOLEAN ExclusiveLock,
6571 OUT PIO_STATUS_BLOCK IoStatus,
6572 IN PIRP Irp OPTIONAL,
6573 IN PVOID Context,
6574 IN BOOLEAN AlreadySynchronized
6575 );
6576
6577 /*
6578 FsRtlProcessFileLock:
6579
6580 ret:
6581 -STATUS_INVALID_DEVICE_REQUEST
6582 -STATUS_RANGE_NOT_LOCKED from unlock routines.
6583 -STATUS_PENDING, STATUS_LOCK_NOT_GRANTED from FsRtlPrivateLock
6584 (redirected IoStatus->Status).
6585
6586 Internals:
6587 -switch ( Irp->CurrentStackLocation->MinorFunction )
6588 lock: return FsRtlPrivateLock;
6589 unlocksingle: return FsRtlFastUnlockSingle;
6590 unlockall: return FsRtlFastUnlockAll;
6591 unlockallbykey: return FsRtlFastUnlockAllByKey;
6592 default: IofCompleteRequest with STATUS_INVALID_DEVICE_REQUEST;
6593 return STATUS_INVALID_DEVICE_REQUEST;
6594
6595 -'AllwaysZero' is passed thru as 'AllwaysZero' to lock / unlock routines.
6596 -'Irp' is passet thru as 'Irp' to FsRtlPrivateLock.
6597 */
6598 NTKERNELAPI
6599 NTSTATUS
6600 FsRtlProcessFileLock (
6601 IN PFILE_LOCK FileLock,
6602 IN PIRP Irp,
6603 IN PVOID Context OPTIONAL
6604 );
6605
6606 NTKERNELAPI
6607 NTSTATUS
6608 FsRtlRegisterUncProvider (
6609 IN OUT PHANDLE MupHandle,
6610 IN PUNICODE_STRING RedirectorDeviceName,
6611 IN BOOLEAN MailslotsSupported
6612 );
6613
6614 #if (VER_PRODUCTBUILD >= 2195)
6615
6616 NTKERNELAPI
6617 VOID
6618 FsRtlReleaseFile (
6619 IN PFILE_OBJECT FileObject
6620 );
6621
6622 #endif // (VER_PRODUCTBUILD >= 2195)
6623
6624 NTKERNELAPI
6625 VOID
6626 FsRtlRemoveLargeMcbEntry (
6627 IN PLARGE_MCB Mcb,
6628 IN LONGLONG Vbn,
6629 IN LONGLONG SectorCount
6630 );
6631
6632 NTKERNELAPI
6633 VOID
6634 FsRtlRemoveMcbEntry (
6635 IN PMCB Mcb,
6636 IN VBN Vbn,
6637 IN ULONG SectorCount
6638 );
6639
6640 #if (VER_PRODUCTBUILD >= 2195)
6641
6642 NTKERNELAPI
6643 VOID
6644 FsRtlResetLargeMcb (
6645 IN PLARGE_MCB Mcb,
6646 IN BOOLEAN SelfSynchronized
6647 );
6648
6649 #endif // (VER_PRODUCTBUILD >= 2195)
6650
6651 #if (VER_PRODUCTBUILD >= 2600)
6652
6653 #define FsRtlSetupAdvancedHeader( _advhdr, _fmutx ) \
6654 { \
6655 SetFlag( (_advhdr)->Flags, FSRTL_FLAG_ADVANCED_HEADER ); \
6656 SetFlag( (_advhdr)->Flags2, FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS ); \
6657 (_advhdr)->Version = FSRTL_FCB_HEADER_V1; \
6658 InitializeListHead( &(_advhdr)->FilterContexts ); \
6659 if ((_fmutx) != NULL) { \
6660 (_advhdr)->FastMutex = (_fmutx); \
6661 } \
6662 *((PULONG_PTR)(&(_advhdr)->PushLock)) = 0; \
6663 (_advhdr)->FileContextSupportPointer = NULL; \
6664 }
6665
6666 #endif // (VER_PRODUCTBUILD >= 2600)
6667
6668 NTKERNELAPI
6669 BOOLEAN
6670 FsRtlSplitLargeMcb (
6671 IN PLARGE_MCB Mcb,
6672 IN LONGLONG Vbn,
6673 IN LONGLONG Amount
6674 );
6675
6676 #if (VER_PRODUCTBUILD >= 2600)
6677
6678 NTKERNELAPI
6679 VOID
6680 FsRtlTeardownPerFileContexts (
6681 IN PVOID *PerFileContextPointer
6682 );
6683
6684 NTKERNELAPI
6685 VOID
6686 FsRtlTeardownPerStreamContexts (
6687 IN PFSRTL_ADVANCED_FCB_HEADER AdvancedHeader
6688 );
6689
6690 #endif // (VER_PRODUCTBUILD >= 2600)
6691
6692 NTKERNELAPI
6693 VOID
6694 FsRtlTruncateLargeMcb (
6695 IN PLARGE_MCB Mcb,
6696 IN LONGLONG Vbn
6697 );
6698
6699 NTKERNELAPI
6700 VOID
6701 FsRtlTruncateMcb (
6702 IN PMCB Mcb,
6703 IN VBN Vbn
6704 );
6705
6706 NTKERNELAPI
6707 VOID
6708 FsRtlUninitializeFileLock (
6709 IN PFILE_LOCK FileLock
6710 );
6711
6712 NTKERNELAPI
6713 VOID
6714 FsRtlUninitializeLargeMcb (
6715 IN PLARGE_MCB Mcb
6716 );
6717
6718 NTKERNELAPI
6719 VOID
6720 FsRtlUninitializeMcb (
6721 IN PMCB Mcb
6722 );
6723
6724 NTKERNELAPI
6725 VOID
6726 FsRtlUninitializeOplock (
6727 IN OUT POPLOCK Oplock
6728 );
6729
6730 //
6731 // If using HalDisplayString during boot on Windows 2000 or later you must
6732 // first call InbvEnableDisplayString.
6733 //
6734 NTSYSAPI
6735 VOID
6736 NTAPI
6737 HalDisplayString (
6738 IN PCHAR String
6739 );
6740
6741 NTSYSAPI
6742 VOID
6743 NTAPI
6744 HalQueryRealTimeClock (
6745 IN OUT PTIME_FIELDS TimeFields
6746 );
6747
6748 NTSYSAPI
6749 VOID
6750 NTAPI
6751 HalSetRealTimeClock (
6752 IN PTIME_FIELDS TimeFields
6753 );
6754
6755 #if (VER_PRODUCTBUILD >= 2195)
6756
6757 NTKERNELAPI
6758 VOID
6759 InbvAcquireDisplayOwnership (
6760 VOID
6761 );
6762
6763 NTKERNELAPI
6764 BOOLEAN
6765 InbvCheckDisplayOwnership (
6766 VOID
6767 );
6768
6769 NTKERNELAPI
6770 BOOLEAN
6771 InbvDisplayString (
6772 IN PCHAR String
6773 );
6774
6775 NTKERNELAPI
6776 VOID
6777 InbvEnableBootDriver (
6778 IN BOOLEAN Enable
6779 );
6780
6781 NTKERNELAPI
6782 BOOLEAN
6783 InbvEnableDisplayString (
6784 IN BOOLEAN Enable
6785 );
6786
6787 NTKERNELAPI
6788 VOID
6789 InbvInstallDisplayStringFilter (
6790 IN PVOID Unknown
6791 );
6792
6793 NTKERNELAPI
6794 BOOLEAN
6795 InbvIsBootDriverInstalled (
6796 VOID
6797 );
6798
6799 NTKERNELAPI
6800 VOID
6801 InbvNotifyDisplayOwnershipLost (
6802 IN PVOID Callback
6803 );
6804
6805 NTKERNELAPI
6806 BOOLEAN
6807 InbvResetDisplay (
6808 VOID
6809 );
6810
6811 NTKERNELAPI
6812 VOID
6813 InbvSetScrollRegion (
6814 IN ULONG Left,
6815 IN ULONG Top,
6816 IN ULONG Width,
6817 IN ULONG Height
6818 );
6819
6820 NTKERNELAPI
6821 VOID
6822 InbvSetTextColor (
6823 IN ULONG Color
6824 );
6825
6826 NTKERNELAPI
6827 VOID
6828 InbvSolidColorFill (
6829 IN ULONG Left,
6830 IN ULONG Top,
6831 IN ULONG Width,
6832 IN ULONG Height,
6833 IN ULONG Color
6834 );
6835
6836 #endif // (VER_PRODUCTBUILD >= 2195)
6837
6838 #define InitializeMessageHeader(m, l, t) { \
6839 (m)->Length = (USHORT)(l); \
6840 (m)->DataLength = (USHORT)(l - sizeof( LPC_MESSAGE )); \
6841 (m)->MessageType = (USHORT)(t); \
6842 (m)->DataInfoOffset = 0; \
6843 }
6844
6845 NTKERNELAPI
6846 VOID
6847 IoAcquireVpbSpinLock (
6848 OUT PKIRQL Irql
6849 );
6850
6851 #if (VER_PRODUCTBUILD >= 2600)
6852
6853 NTKERNELAPI
6854 NTSTATUS
6855 IoAttachDeviceToDeviceStackSafe (
6856 IN PDEVICE_OBJECT SourceDevice,
6857 IN PDEVICE_OBJECT TargetDevice,
6858 OUT PDEVICE_OBJECT *AttachedToDeviceObject
6859 );
6860
6861 #endif // (VER_PRODUCTBUILD >= 2600)
6862
6863 NTKERNELAPI
6864 NTSTATUS
6865 IoCheckDesiredAccess (
6866 IN OUT PACCESS_MASK DesiredAccess,
6867 IN ACCESS_MASK GrantedAccess
6868 );
6869
6870 NTKERNELAPI
6871 NTSTATUS
6872 IoCheckEaBufferValidity (
6873 IN PFILE_FULL_EA_INFORMATION EaBuffer,
6874 IN ULONG EaLength,
6875 OUT PULONG ErrorOffset
6876 );
6877
6878 NTKERNELAPI
6879 NTSTATUS
6880 IoCheckFunctionAccess (
6881 IN ACCESS_MASK GrantedAccess,
6882 IN UCHAR MajorFunction,
6883 IN UCHAR MinorFunction,
6884 IN ULONG IoControlCode,
6885 IN PFILE_INFORMATION_CLASS FileInformationClass OPTIONAL,
6886 IN PFS_INFORMATION_CLASS FsInformationClass OPTIONAL
6887 );
6888
6889 #if (VER_PRODUCTBUILD >= 2195)
6890
6891 NTKERNELAPI
6892 NTSTATUS
6893 IoCheckQuerySetFileInformation (
6894 IN FILE_INFORMATION_CLASS FileInformationClass,
6895 IN ULONG Length,
6896 IN BOOLEAN SetOperation
6897 );
6898
6899 NTKERNELAPI
6900 NTSTATUS
6901 IoCheckQuerySetVolumeInformation (
6902 IN FS_INFORMATION_CLASS FsInformationClass,
6903 IN ULONG Length,
6904 IN BOOLEAN SetOperation
6905 );
6906
6907 NTKERNELAPI
6908 NTSTATUS
6909 IoCheckQuotaBufferValidity (
6910 IN PFILE_QUOTA_INFORMATION QuotaBuffer,
6911 IN ULONG QuotaLength,
6912 OUT PULONG ErrorOffset
6913 );
6914
6915 #endif // (VER_PRODUCTBUILD >= 2195)
6916
6917 #if (VER_PRODUCTBUILD >= 2600)
6918
6919 NTKERNELAPI
6920 NTSTATUS
6921 IoCreateFileSpecifyDeviceObjectHint (
6922 OUT PHANDLE FileHandle,
6923 IN ACCESS_MASK DesiredAccess,
6924 IN POBJECT_ATTRIBUTES ObjectAttributes,
6925 OUT PIO_STATUS_BLOCK IoStatusBlock,
6926 IN PLARGE_INTEGER AllocationSize OPTIONAL,
6927 IN ULONG FileAttributes,
6928 IN ULONG ShareAccess,
6929 IN ULONG Disposition,
6930 IN ULONG CreateOptions,
6931 IN PVOID EaBuffer OPTIONAL,
6932 IN ULONG EaLength,
6933 IN CREATE_FILE_TYPE CreateFileType,
6934 IN PVOID ExtraCreateParameters OPTIONAL,
6935 IN ULONG Options,
6936 IN PVOID DeviceObject
6937 );
6938
6939 #endif // (VER_PRODUCTBUILD >= 2600)
6940
6941 NTKERNELAPI
6942 PFILE_OBJECT
6943 IoCreateStreamFileObject (
6944 IN PFILE_OBJECT FileObject OPTIONAL,
6945 IN PDEVICE_OBJECT DeviceObject OPTIONAL
6946 );
6947
6948 #if (VER_PRODUCTBUILD >= 2600)
6949
6950 NTKERNELAPI
6951 PFILE_OBJECT
6952 IoCreateStreamFileObjectEx (
6953 IN PFILE_OBJECT FileObject OPTIONAL,
6954 IN PDEVICE_OBJECT DeviceObject OPTIONAL,
6955 OUT PHANDLE FileObjectHandle OPTIONAL
6956 );
6957
6958 #endif // (VER_PRODUCTBUILD >= 2600)
6959
6960 #if (VER_PRODUCTBUILD >= 2195)
6961
6962 NTKERNELAPI
6963 PFILE_OBJECT
6964 IoCreateStreamFileObjectLite (
6965 IN PFILE_OBJECT FileObject OPTIONAL,
6966 IN PDEVICE_OBJECT DeviceObject OPTIONAL
6967 );
6968
6969 #endif // (VER_PRODUCTBUILD >= 2195)
6970
6971 #if (VER_PRODUCTBUILD >= 2600)
6972
6973 NTKERNELAPI
6974 NTSTATUS
6975 IoEnumerateDeviceObjectList (
6976 IN PDRIVER_OBJECT DriverObject,
6977 IN PDEVICE_OBJECT *DeviceObjectList,
6978 IN ULONG DeviceObjectListSize,
6979 OUT PULONG ActualNumberDeviceObjects
6980 );
6981
6982 #endif // (VER_PRODUCTBUILD >= 2600)
6983
6984 NTKERNELAPI
6985 BOOLEAN
6986 IoFastQueryNetworkAttributes (
6987 IN POBJECT_ATTRIBUTES ObjectAttributes,
6988 IN ACCESS_MASK DesiredAccess,
6989 IN ULONG OpenOptions,
6990 OUT PIO_STATUS_BLOCK IoStatus,
6991 OUT PFILE_NETWORK_OPEN_INFORMATION Buffer
6992 );
6993
6994 NTKERNELAPI
6995 PDEVICE_OBJECT
6996 IoGetAttachedDevice (
6997 IN PDEVICE_OBJECT DeviceObject
6998 );
6999
7000 NTKERNELAPI
7001 PDEVICE_OBJECT
7002 IoGetBaseFileSystemDeviceObject (
7003 IN PFILE_OBJECT FileObject
7004 );
7005
7006 #if (VER_PRODUCTBUILD >= 2600)
7007
7008 NTKERNELAPI
7009 PDEVICE_OBJECT
7010 IoGetDeviceAttachmentBaseRef (
7011 IN PDEVICE_OBJECT DeviceObject
7012 );
7013
7014 NTKERNELAPI
7015 NTSTATUS
7016 IoGetDiskDeviceObject (
7017 IN PDEVICE_OBJECT FileSystemDeviceObject,
7018 OUT PDEVICE_OBJECT *DiskDeviceObject
7019 );
7020
7021 NTKERNELAPI
7022 PDEVICE_OBJECT
7023 IoGetLowerDeviceObject (
7024 IN PDEVICE_OBJECT DeviceObject
7025 );
7026
7027 #endif // (VER_PRODUCTBUILD >= 2600)
7028
7029 NTKERNELAPI
7030 PEPROCESS
7031 IoGetRequestorProcess (
7032 IN PIRP Irp
7033 );
7034
7035 #if (VER_PRODUCTBUILD >= 2195)
7036
7037 NTKERNELAPI
7038 ULONG
7039 IoGetRequestorProcessId (
7040 IN PIRP Irp
7041 );
7042
7043 #endif // (VER_PRODUCTBUILD >= 2195)
7044
7045 NTKERNELAPI
7046 PIRP
7047 IoGetTopLevelIrp (
7048 VOID
7049 );
7050
7051 #define IoIsFileOpenedExclusively(FileObject) ( \
7052 (BOOLEAN) !( \
7053 (FileObject)->SharedRead || \
7054 (FileObject)->SharedWrite || \
7055 (FileObject)->SharedDelete \
7056 ) \
7057 )
7058
7059 #if (VER_PRODUCTBUILD >= 2195)
7060
7061 NTKERNELAPI
7062 BOOLEAN
7063 IoIsFileOriginRemote (
7064 IN PFILE_OBJECT FileObject
7065 );
7066
7067 #endif // (VER_PRODUCTBUILD >= 2195)
7068
7069 NTKERNELAPI
7070 BOOLEAN
7071 IoIsOperationSynchronous (
7072 IN PIRP Irp
7073 );
7074
7075 NTKERNELAPI
7076 BOOLEAN
7077 IoIsSystemThread (
7078 IN PETHREAD Thread
7079 );
7080
7081 #if (VER_PRODUCTBUILD >= 2195)
7082
7083 NTKERNELAPI
7084 BOOLEAN
7085 IoIsValidNameGraftingBuffer (
7086 IN PIRP Irp,
7087 IN PREPARSE_DATA_BUFFER ReparseBuffer
7088 );
7089
7090 #endif // (VER_PRODUCTBUILD >= 2195)
7091
7092 NTKERNELAPI
7093 NTSTATUS
7094 IoPageRead (
7095 IN PFILE_OBJECT FileObject,
7096 IN PMDL Mdl,
7097 IN PLARGE_INTEGER Offset,
7098 IN PKEVENT Event,
7099 OUT PIO_STATUS_BLOCK IoStatusBlock
7100 );
7101
7102 #if (VER_PRODUCTBUILD >= 2600)
7103
7104 NTKERNELAPI
7105 NTSTATUS
7106 IoQueryFileDosDeviceName (
7107 IN PFILE_OBJECT FileObject,
7108 OUT POBJECT_NAME_INFORMATION *ObjectNameInformation
7109 );
7110
7111 #endif // (VER_PRODUCTBUILD >= 2600)
7112
7113 NTKERNELAPI
7114 NTSTATUS
7115 IoQueryFileInformation (
7116 IN PFILE_OBJECT FileObject,
7117 IN FILE_INFORMATION_CLASS FileInformationClass,
7118 IN ULONG Length,
7119 OUT PVOID FileInformation,
7120 OUT PULONG ReturnedLength
7121 );
7122
7123 NTKERNELAPI
7124 NTSTATUS
7125 IoQueryVolumeInformation (
7126 IN PFILE_OBJECT FileObject,
7127 IN FS_INFORMATION_CLASS FsInformationClass,
7128 IN ULONG Length,
7129 OUT PVOID FsInformation,
7130 OUT PULONG ReturnedLength
7131 );
7132
7133 #if (VER_PRODUCTBUILD >= 1381)
7134
7135 NTKERNELAPI
7136 VOID
7137 IoQueueThreadIrp (
7138 IN PIRP Irp
7139 );
7140
7141 #endif // (VER_PRODUCTBUILD >= 1381)
7142
7143 NTKERNELAPI
7144 VOID
7145 IoRegisterFileSystem (
7146 IN OUT PDEVICE_OBJECT DeviceObject
7147 );
7148
7149 #if (VER_PRODUCTBUILD >= 1381)
7150
7151 typedef VOID (*PDRIVER_FS_NOTIFICATION) (
7152 IN PDEVICE_OBJECT DeviceObject,
7153 IN BOOLEAN DriverActive
7154 );
7155
7156 NTKERNELAPI
7157 NTSTATUS
7158 IoRegisterFsRegistrationChange (
7159 IN PDRIVER_OBJECT DriverObject,
7160 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
7161 );
7162
7163 #endif // (VER_PRODUCTBUILD >= 1381)
7164
7165 NTKERNELAPI
7166 VOID
7167 IoReleaseVpbSpinLock (
7168 IN KIRQL Irql
7169 );
7170
7171 NTKERNELAPI
7172 VOID
7173 IoSetDeviceToVerify (
7174 IN PETHREAD Thread,
7175 IN PDEVICE_OBJECT DeviceObject
7176 );
7177
7178 #if (VER_PRODUCTBUILD >= 2195)
7179
7180 NTKERNELAPI
7181 NTSTATUS
7182 IoSetFileOrigin (
7183 IN PFILE_OBJECT FileObject,
7184 IN BOOLEAN Remote
7185 );
7186
7187 #endif // (VER_PRODUCTBUILD >= 2195)
7188
7189 NTKERNELAPI
7190 NTSTATUS
7191 IoSetInformation (
7192 IN PFILE_OBJECT FileObject,
7193 IN FILE_INFORMATION_CLASS FileInformationClass,
7194 IN ULONG Length,
7195 IN PVOID FileInformation
7196 );
7197
7198 NTKERNELAPI
7199 VOID
7200 IoSetTopLevelIrp (
7201 IN PIRP Irp
7202 );
7203
7204 NTKERNELAPI
7205 NTSTATUS
7206 IoSynchronousPageWrite (
7207 IN PFILE_OBJECT FileObject,
7208 IN PMDL Mdl,
7209 IN PLARGE_INTEGER FileOffset,
7210 IN PKEVENT Event,
7211 OUT PIO_STATUS_BLOCK IoStatusBlock
7212 );
7213
7214 NTKERNELAPI
7215 PEPROCESS
7216 IoThreadToProcess (
7217 IN PETHREAD Thread
7218 );
7219
7220 NTKERNELAPI
7221 VOID
7222 IoUnregisterFileSystem (
7223 IN OUT PDEVICE_OBJECT DeviceObject
7224 );
7225
7226 #if (VER_PRODUCTBUILD >= 1381)
7227
7228 NTKERNELAPI
7229 NTSTATUS
7230 IoUnregisterFsRegistrationChange (
7231 IN PDRIVER_OBJECT DriverObject,
7232 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
7233 );
7234
7235 #endif // (VER_PRODUCTBUILD >= 1381)
7236
7237 NTKERNELAPI
7238 NTSTATUS
7239 IoVerifyVolume (
7240 IN PDEVICE_OBJECT DeviceObject,
7241 IN BOOLEAN AllowRawMount
7242 );
7243
7244 #if (VER_PRODUCTBUILD >= 2195)
7245
7246 NTKERNELAPI
7247 KIRQL
7248 FASTCALL
7249 KeAcquireQueuedSpinLock (
7250 IN KSPIN_LOCK_QUEUE_NUMBER Number
7251 );
7252
7253 #endif // (VER_PRODUCTBUILD >= 2195)
7254
7255 NTKERNELAPI
7256 VOID
7257 KeAttachProcess (
7258 IN PEPROCESS Process
7259 );
7260
7261 NTKERNELAPI
7262 VOID
7263 KeDetachProcess (
7264 VOID
7265 );
7266
7267 NTKERNELAPI
7268 VOID
7269 KeInitializeApc (
7270 PKAPC Apc,
7271 PKTHREAD Thread,
7272 UCHAR StateIndex,
7273 PKKERNEL_ROUTINE KernelRoutine,
7274 PKRUNDOWN_ROUTINE RundownRoutine,
7275 PKNORMAL_ROUTINE NormalRoutine,
7276 KPROCESSOR_MODE ApcMode,
7277 PVOID NormalContext
7278 );
7279
7280 NTKERNELAPI
7281 VOID
7282 KeInitializeMutant (
7283 IN PRKMUTANT Mutant,
7284 IN BOOLEAN InitialOwner
7285 );
7286
7287 NTKERNELAPI
7288 VOID
7289 KeInitializeQueue (
7290 IN PRKQUEUE Queue,
7291 IN ULONG Count OPTIONAL
7292 );
7293
7294 NTKERNELAPI
7295 LONG
7296 KeInsertHeadQueue (
7297 IN PRKQUEUE Queue,
7298 IN PLIST_ENTRY Entry
7299 );
7300
7301 NTKERNELAPI
7302 LONG
7303 KeInsertQueue (
7304 IN PRKQUEUE Queue,
7305 IN PLIST_ENTRY Entry
7306 );
7307
7308 NTKERNELAPI
7309 BOOLEAN
7310 KeInsertQueueApc (
7311 IN PKAPC Apc,
7312 IN PVOID SystemArgument1,
7313 IN PVOID SystemArgument2,
7314 IN KPRIORITY Increment
7315 );
7316
7317 #if (VER_PRODUCTBUILD >= 2600)
7318
7319 NTKERNELAPI
7320 BOOLEAN
7321 KeIsAttachedProcess (
7322 VOID
7323 );
7324
7325 #endif // (VER_PRODUCTBUILD >= 2600)
7326
7327 NTKERNELAPI
7328 BOOLEAN
7329 KeIsExecutingDpc (
7330 VOID
7331 );
7332
7333 NTKERNELAPI
7334 LONG
7335 KeReadStateMutant (
7336 IN PRKMUTANT Mutant
7337 );
7338
7339 NTKERNELAPI
7340 LONG
7341 KeReadStateQueue (
7342 IN PRKQUEUE Queue
7343 );
7344
7345 NTKERNELAPI
7346 LONG
7347 KeReleaseMutant (
7348 IN PRKMUTANT Mutant,
7349 IN KPRIORITY Increment,
7350 IN BOOLEAN Abandoned,
7351 IN BOOLEAN Wait
7352 );
7353
7354 #if (VER_PRODUCTBUILD >= 2195)
7355
7356 NTKERNELAPI
7357 VOID
7358 FASTCALL
7359 KeReleaseQueuedSpinLock (
7360 IN KSPIN_LOCK_QUEUE_NUMBER Number,
7361 IN KIRQL OldIrql
7362 );
7363
7364 #endif // (VER_PRODUCTBUILD >= 2195)
7365
7366 NTKERNELAPI
7367 PLIST_ENTRY
7368 KeRemoveQueue (
7369 IN PRKQUEUE Queue,
7370 IN KPROCESSOR_MODE WaitMode,
7371 IN PLARGE_INTEGER Timeout OPTIONAL
7372 );
7373
7374 #if (VER_PRODUCTBUILD >= 2195)
7375
7376 NTKERNELAPI
7377 NTSTATUS
7378 KeRevertToUserAffinityThread (
7379 VOID
7380 );
7381
7382 #endif // (VER_PRODUCTBUILD >= 2195)
7383
7384 NTKERNELAPI
7385 PLIST_ENTRY
7386 KeRundownQueue (
7387 IN PRKQUEUE Queue
7388 );
7389
7390 #if (VER_PRODUCTBUILD >= 1381)
7391
7392 NTKERNELAPI
7393 CCHAR
7394 KeSetIdealProcessorThread (
7395 IN PKTHREAD Thread,
7396 IN CCHAR Processor
7397 );
7398
7399 NTKERNELAPI
7400 BOOLEAN
7401 KeSetKernelStackSwapEnable (
7402 IN BOOLEAN Enable
7403 );
7404
7405 #endif // (VER_PRODUCTBUILD >= 1381)
7406
7407 #if (VER_PRODUCTBUILD >= 2195)
7408
7409 NTKERNELAPI
7410 VOID
7411 KeStackAttachProcess (
7412 IN PKPROCESS Process,
7413 OUT PKAPC_STATE ApcState
7414 );
7415
7416 NTKERNELAPI
7417 LOGICAL
7418 FASTCALL
7419 KeTryToAcquireQueuedSpinLock (
7420 IN KSPIN_LOCK_QUEUE_NUMBER Number,
7421 IN PKIRQL OldIrql
7422 );
7423
7424 NTKERNELAPI
7425 VOID
7426 KeUnstackDetachProcess (
7427 IN PKAPC_STATE ApcState
7428 );
7429
7430 #endif // (VER_PRODUCTBUILD >= 2195)
7431
7432 NTKERNELAPI
7433 NTSTATUS
7434 KeUpdateSystemTime (
7435 VOID
7436 );
7437
7438 NTKERNELAPI
7439 BOOLEAN
7440 MmCanFileBeTruncated (
7441 IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
7442 IN PLARGE_INTEGER NewFileSize
7443 );
7444
7445 NTKERNELAPI
7446 NTSTATUS
7447 MmCreateSection (
7448 OUT PVOID *SectionObject,
7449 IN ACCESS_MASK DesiredAccess,
7450 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
7451 IN PLARGE_INTEGER MaximumSize,
7452 IN ULONG SectionPageProtection,
7453 IN ULONG AllocationAttributes,
7454 IN HANDLE FileHandle OPTIONAL,
7455 IN PFILE_OBJECT FileObject OPTIONAL
7456 );
7457
7458 NTKERNELAPI
7459 BOOLEAN
7460 MmFlushImageSection (
7461 IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
7462 IN MMFLUSH_TYPE FlushType
7463 );
7464
7465 NTKERNELAPI
7466 BOOLEAN
7467 MmForceSectionClosed (
7468 IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
7469 IN BOOLEAN DelayClose
7470 );
7471
7472 #if (VER_PRODUCTBUILD >= 1381)
7473
7474 NTKERNELAPI
7475 BOOLEAN
7476 MmIsRecursiveIoFault (
7477 VOID
7478 );
7479
7480 #else
7481
7482 #define MmIsRecursiveIoFault() ( \
7483 (PsGetCurrentThread()->DisablePageFaultClustering) | \
7484 (PsGetCurrentThread()->ForwardClusterOnly) \
7485 )
7486
7487 #endif
7488
7489 NTKERNELAPI
7490 NTSTATUS
7491 MmMapViewOfSection (
7492 IN PVOID SectionObject,
7493 IN PEPROCESS Process,
7494 IN OUT PVOID *BaseAddress,
7495 IN ULONG ZeroBits,
7496 IN ULONG CommitSize,
7497 IN OUT PLARGE_INTEGER SectionOffset OPTIONAL,
7498 IN OUT PULONG ViewSize,
7499 IN SECTION_INHERIT InheritDisposition,
7500 IN ULONG AllocationType,
7501 IN ULONG Protect
7502 );
7503
7504 #if (VER_PRODUCTBUILD >= 2600)
7505
7506 NTKERNELAPI
7507 NTSTATUS
7508 MmPrefetchPages (
7509 IN ULONG NumberOfLists,
7510 IN PREAD_LIST *ReadLists
7511 );
7512
7513 #endif // (VER_PRODUCTBUILD >= 2600)
7514
7515 NTKERNELAPI
7516 BOOLEAN
7517 MmSetAddressRangeModified (
7518 IN PVOID Address,
7519 IN SIZE_T Length
7520 );
7521
7522 NTKERNELAPI
7523 NTSTATUS
7524 ObCreateObject (
7525 IN KPROCESSOR_MODE ObjectAttributesAccessMode OPTIONAL,
7526 IN POBJECT_TYPE ObjectType,
7527 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
7528 IN KPROCESSOR_MODE AccessMode,
7529 IN OUT PVOID ParseContext OPTIONAL,
7530 IN ULONG ObjectSize,
7531 IN ULONG PagedPoolCharge OPTIONAL,
7532 IN ULONG NonPagedPoolCharge OPTIONAL,
7533 OUT PVOID *Object
7534 );
7535
7536 #if (VER_PRODUCTBUILD >= 2600)
7537
7538 NTKERNELAPI
7539 VOID
7540 ObDereferenceSecurityDescriptor (
7541 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
7542 IN ULONG Count
7543 );
7544
7545 #endif // (VER_PRODUCTBUILD >= 2600)
7546
7547 #if (VER_PRODUCTBUILD <= 2195)
7548
7549 NTKERNELAPI
7550 ULONG
7551 ObGetObjectPointerCount (
7552 IN PVOID Object
7553 );
7554
7555 #endif // (VER_PRODUCTBUILD <= 2195)
7556
7557 NTKERNELAPI
7558 NTSTATUS
7559 ObInsertObject (
7560 IN PVOID Object,
7561 IN PACCESS_STATE PassedAccessState OPTIONAL,
7562 IN ACCESS_MASK DesiredAccess,
7563 IN ULONG AdditionalReferences,
7564 OUT PVOID *ReferencedObject OPTIONAL,
7565 OUT PHANDLE Handle
7566 );
7567
7568 #if (VER_PRODUCTBUILD >= 2600)
7569
7570 NTKERNELAPI
7571 NTSTATUS
7572 ObLogSecurityDescriptor (
7573 IN PSECURITY_DESCRIPTOR InputSecurityDescriptor,
7574 OUT PSECURITY_DESCRIPTOR *OutputSecurityDescriptor,
7575 IN ULONG RefBias
7576 );
7577
7578 #endif // (VER_PRODUCTBUILD >= 2600)
7579
7580 NTKERNELAPI
7581 VOID
7582 ObMakeTemporaryObject (
7583 IN PVOID Object
7584 );
7585
7586 NTKERNELAPI
7587 NTSTATUS
7588 ObOpenObjectByPointer (
7589 IN PVOID Object,
7590 IN ULONG HandleAttributes,
7591 IN PACCESS_STATE PassedAccessState OPTIONAL,
7592 IN ACCESS_MASK DesiredAccess OPTIONAL,
7593 IN POBJECT_TYPE ObjectType OPTIONAL,
7594 IN KPROCESSOR_MODE AccessMode,
7595 OUT PHANDLE Handle
7596 );
7597
7598 NTKERNELAPI
7599 NTSTATUS
7600 ObQueryNameString (
7601 IN PVOID Object,
7602 OUT POBJECT_NAME_INFORMATION ObjectNameInfo,
7603 IN ULONG Length,
7604 OUT PULONG ReturnLength
7605 );
7606
7607 NTKERNELAPI
7608 NTSTATUS
7609 ObQueryObjectAuditingByHandle (
7610 IN HANDLE Handle,
7611 OUT PBOOLEAN GenerateOnClose
7612 );
7613
7614 NTKERNELAPI
7615 NTSTATUS
7616 ObReferenceObjectByName (
7617 IN PUNICODE_STRING ObjectName,
7618 IN ULONG Attributes,
7619 IN PACCESS_STATE PassedAccessState OPTIONAL,
7620 IN ACCESS_MASK DesiredAccess OPTIONAL,
7621 IN POBJECT_TYPE ObjectType,
7622 IN KPROCESSOR_MODE AccessMode,
7623 IN OUT PVOID ParseContext OPTIONAL,
7624 OUT PVOID *Object
7625 );
7626
7627 #if (VER_PRODUCTBUILD >= 2600)
7628
7629 NTKERNELAPI
7630 VOID
7631 ObReferenceSecurityDescriptor (
7632 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
7633 IN ULONG Count
7634 );
7635
7636 NTKERNELAPI
7637 NTSTATUS
7638 PoQueueShutdownWorkItem (
7639 IN PWORK_QUEUE_ITEM WorkItem
7640 );
7641
7642 #endif // (VER_PRODUCTBUILD >= 2600)
7643
7644 NTKERNELAPI
7645 NTSTATUS
7646 PsAssignImpersonationToken (
7647 IN PETHREAD Thread,
7648 IN HANDLE Token
7649 );
7650
7651 NTKERNELAPI
7652 VOID
7653 PsChargePoolQuota (
7654 IN PEPROCESS Process,
7655 IN POOL_TYPE PoolType,
7656 IN ULONG Amount
7657 );
7658
7659 #if (VER_PRODUCTBUILD >= 2600)
7660
7661 NTKERNELAPI
7662 NTSTATUS
7663 PsChargeProcessNonPagedPoolQuota (
7664 IN PEPROCESS Process,
7665 IN ULONG_PTR Amount
7666 );
7667
7668 NTKERNELAPI
7669 NTSTATUS
7670 PsChargeProcessPagedPoolQuota (
7671 IN PEPROCESS Process,
7672 IN ULONG_PTR Amount
7673 );
7674
7675 NTKERNELAPI
7676 NTSTATUS
7677 PsChargeProcessPoolQuota (
7678 IN PEPROCESS Process,
7679 IN POOL_TYPE PoolType,
7680 IN ULONG_PTR Amount
7681 );
7682
7683 #endif // (VER_PRODUCTBUILD >= 2600)
7684
7685 #if (VER_PRODUCTBUILD >= 2600)
7686
7687 NTKERNELAPI
7688 VOID
7689 PsDereferenceImpersonationToken (
7690 IN PACCESS_TOKEN ImpersonationToken
7691 );
7692
7693 NTKERNELAPI
7694 VOID
7695 PsDereferencePrimaryToken (
7696 IN PACCESS_TOKEN PrimaryToken
7697 );
7698
7699 #else
7700
7701 #define PsDereferenceImpersonationToken(T) \
7702 {if (ARGUMENT_PRESENT(T)) { \
7703 (ObDereferenceObject((T))); \
7704 } else { \
7705 ; \
7706 } \
7707 }
7708
7709 #define PsDereferencePrimaryToken(T) (ObDereferenceObject((T)))
7710
7711 #endif
7712
7713 #if (VER_PRODUCTBUILD >= 2195)
7714
7715 NTKERNELAPI
7716 BOOLEAN
7717 PsDisableImpersonation (
7718 IN PETHREAD Thread,
7719 IN PSE_IMPERSONATION_STATE ImpersonationState
7720 );
7721
7722 #endif // (VER_PRODUCTBUILD >= 2195)
7723
7724 #if (VER_PRODUCTBUILD >= 2600)
7725
7726 NTKERNELAPI
7727 ULONG
7728 PsGetCurrentProcessSessionId (
7729 VOID
7730 );
7731
7732 NTKERNELAPI
7733 KPROCESSOR_MODE
7734 PsGetCurrentThreadPreviousMode (
7735 VOID
7736 );
7737
7738 NTKERNELAPI
7739 PVOID
7740 PsGetCurrentThreadStackBase (
7741 VOID
7742 );
7743
7744 NTKERNELAPI
7745 PVOID
7746 PsGetCurrentThreadStackLimit (
7747 VOID
7748 );
7749
7750 #endif // (VER_PRODUCTBUILD >= 2600)
7751
7752 NTKERNELAPI
7753 LARGE_INTEGER
7754 PsGetProcessExitTime (
7755 VOID
7756 );
7757
7758 NTKERNELAPI
7759 NTSTATUS
7760 PsImpersonateClient (
7761 IN PETHREAD Thread,
7762 IN PACCESS_TOKEN Token,
7763 IN BOOLEAN CopyOnOpen,
7764 IN BOOLEAN EffectiveOnly,
7765 IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
7766 );
7767
7768 #if (VER_PRODUCTBUILD >= 2600)
7769
7770 NTKERNELAPI
7771 BOOLEAN
7772 PsIsSystemThread (
7773 IN PETHREAD Thread
7774 );
7775
7776 #endif // (VER_PRODUCTBUILD >= 2600)
7777
7778 NTKERNELAPI
7779 BOOLEAN
7780 PsIsThreadTerminating (
7781 IN PETHREAD Thread
7782 );
7783
7784 //
7785 // PsLookupProcessByProcessId returns a referenced pointer to the process
7786 // that should be dereferenced after use with a call to ObDereferenceObject.
7787 //
7788 NTKERNELAPI
7789 NTSTATUS
7790 PsLookupProcessByProcessId (
7791 IN PVOID ProcessId,
7792 OUT PEPROCESS *Process
7793 );
7794
7795 NTKERNELAPI
7796 NTSTATUS
7797 PsLookupProcessThreadByCid (
7798 IN PCLIENT_ID Cid,
7799 OUT PEPROCESS *Process OPTIONAL,
7800 OUT PETHREAD *Thread
7801 );
7802
7803 NTKERNELAPI
7804 NTSTATUS
7805 PsLookupThreadByThreadId (
7806 IN PVOID UniqueThreadId,
7807 OUT PETHREAD *Thread
7808 );
7809
7810 NTKERNELAPI
7811 PACCESS_TOKEN
7812 PsReferenceImpersonationToken (
7813 IN PETHREAD Thread,
7814 OUT PBOOLEAN CopyOnOpen,
7815 OUT PBOOLEAN EffectiveOnly,
7816 OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
7817 );
7818
7819 NTKERNELAPI
7820 PACCESS_TOKEN
7821 PsReferencePrimaryToken (
7822 IN PEPROCESS Process
7823 );
7824
7825 #if (VER_PRODUCTBUILD >= 2195)
7826
7827 NTKERNELAPI
7828 VOID
7829 PsRestoreImpersonation (
7830 IN PETHREAD Thread,
7831 IN PSE_IMPERSONATION_STATE ImpersonationState
7832 );
7833
7834 #endif // (VER_PRODUCTBUILD >= 2195)
7835
7836 NTKERNELAPI
7837 VOID
7838 PsReturnPoolQuota (
7839 IN PEPROCESS Process,
7840 IN POOL_TYPE PoolType,
7841 IN ULONG Amount
7842 );
7843
7844 #if (VER_PRODUCTBUILD >= 1381)
7845
7846 NTKERNELAPI
7847 VOID
7848 PsRevertToSelf (
7849 VOID
7850 );
7851
7852 #endif // (VER_PRODUCTBUILD >= 1381)
7853
7854 NTSYSAPI
7855 NTSTATUS
7856 NTAPI
7857 RtlAbsoluteToSelfRelativeSD (
7858 IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor,
7859 IN OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor,
7860 IN PULONG BufferLength
7861 );
7862
7863 NTSYSAPI
7864 PVOID
7865 NTAPI
7866 RtlAllocateHeap (
7867 IN HANDLE HeapHandle,
7868 IN ULONG Flags,
7869 IN ULONG Size
7870 );
7871
7872 NTSYSAPI
7873 NTSTATUS
7874 NTAPI
7875 RtlCompressBuffer (
7876 IN USHORT CompressionFormatAndEngine,
7877 IN PUCHAR UncompressedBuffer,
7878 IN ULONG UncompressedBufferSize,
7879 OUT PUCHAR CompressedBuffer,
7880 IN ULONG CompressedBufferSize,
7881 IN ULONG UncompressedChunkSize,
7882 OUT PULONG FinalCompressedSize,
7883 IN PVOID WorkSpace
7884 );
7885
7886 NTSYSAPI
7887 NTSTATUS
7888 NTAPI
7889 RtlCompressChunks (
7890 IN PUCHAR UncompressedBuffer,
7891 IN ULONG UncompressedBufferSize,
7892 OUT PUCHAR CompressedBuffer,
7893 IN ULONG CompressedBufferSize,
7894 IN OUT PCOMPRESSED_DATA_INFO CompressedDataInfo,
7895 IN ULONG CompressedDataInfoLength,
7896 IN PVOID WorkSpace
7897 );
7898
7899 NTSYSAPI
7900 NTSTATUS
7901 NTAPI
7902 RtlConvertSidToUnicodeString (
7903 OUT PUNICODE_STRING DestinationString,
7904 IN PSID Sid,
7905 IN BOOLEAN AllocateDestinationString
7906 );
7907
7908 NTSYSAPI
7909 NTSTATUS
7910 NTAPI
7911 RtlCopySid (
7912 IN ULONG Length,
7913 IN PSID Destination,
7914 IN PSID Source
7915 );
7916
7917 NTSYSAPI
7918 HANDLE
7919 NTAPI
7920 RtlCreateHeap (
7921 IN ULONG Flags,
7922 IN PVOID Base,
7923 IN ULONG Reserve,
7924 IN ULONG Commit,
7925 IN ULONG Lock,
7926 IN PVOID RtlHeapParams
7927 );
7928
7929 NTSYSAPI
7930 NTSTATUS
7931 NTAPI
7932 RtlDecompressBuffer (
7933 IN USHORT CompressionFormat,
7934 OUT PUCHAR UncompressedBuffer,
7935 IN ULONG UncompressedBufferSize,
7936 IN PUCHAR CompressedBuffer,
7937 IN ULONG CompressedBufferSize,
7938 OUT PULONG FinalUncompressedSize
7939 );
7940
7941 NTSYSAPI
7942 NTSTATUS
7943 NTAPI
7944 RtlDecompressChunks (
7945 OUT PUCHAR UncompressedBuffer,
7946 IN ULONG UncompressedBufferSize,
7947 IN PUCHAR CompressedBuffer,
7948 IN ULONG CompressedBufferSize,
7949 IN PUCHAR CompressedTail,
7950 IN ULONG CompressedTailSize,
7951 IN PCOMPRESSED_DATA_INFO CompressedDataInfo
7952 );
7953
7954 NTSYSAPI
7955 NTSTATUS
7956 NTAPI
7957 RtlDecompressFragment (
7958 IN USHORT CompressionFormat,
7959 OUT PUCHAR UncompressedFragment,
7960 IN ULONG UncompressedFragmentSize,
7961 IN PUCHAR CompressedBuffer,
7962 IN ULONG CompressedBufferSize,
7963 IN ULONG FragmentOffset,
7964 OUT PULONG FinalUncompressedSize,
7965 IN PVOID WorkSpace
7966 );
7967
7968 NTSYSAPI
7969 NTSTATUS
7970 NTAPI
7971 RtlDescribeChunk (
7972 IN USHORT CompressionFormat,
7973 IN OUT PUCHAR *CompressedBuffer,
7974 IN PUCHAR EndOfCompressedBufferPlus1,
7975 OUT PUCHAR *ChunkBuffer,
7976 OUT PULONG ChunkSize
7977 );
7978
7979 NTSYSAPI
7980 NTSTATUS
7981 NTAPI
7982 RtlDestroyHeap (
7983 IN HANDLE HeapHandle
7984 );
7985
7986 NTSYSAPI
7987 BOOLEAN
7988 NTAPI
7989 RtlEqualSid (
7990 IN PSID Sid1,
7991 IN PSID Sid2
7992 );
7993
7994 NTSYSAPI
7995 VOID
7996 NTAPI
7997 RtlFillMemoryUlong (
7998 IN PVOID Destination,
7999 IN ULONG Length,
8000 IN ULONG Fill
8001 );
8002
8003 NTSYSAPI
8004 BOOLEAN
8005 NTAPI
8006 RtlFreeHeap (
8007 IN HANDLE HeapHandle,
8008 IN ULONG Flags,
8009 IN PVOID P
8010 );
8011
8012 NTSYSAPI
8013 VOID
8014 NTAPI
8015 RtlGenerate8dot3Name (
8016 IN PUNICODE_STRING Name,
8017 IN BOOLEAN AllowExtendedCharacters,
8018 IN OUT PGENERATE_NAME_CONTEXT Context,
8019 OUT PUNICODE_STRING Name8dot3
8020 );
8021
8022 NTSYSAPI
8023 NTSTATUS
8024 NTAPI
8025 RtlGetCompressionWorkSpaceSize (
8026 IN USHORT CompressionFormatAndEngine,
8027 OUT PULONG CompressBufferWorkSpaceSize,
8028 OUT PULONG CompressFragmentWorkSpaceSize
8029 );
8030
8031 NTSYSAPI
8032 NTSTATUS
8033 NTAPI
8034 RtlGetDaclSecurityDescriptor (
8035 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
8036 OUT PBOOLEAN DaclPresent,
8037 OUT PACL *Dacl,
8038 OUT PBOOLEAN DaclDefaulted
8039 );
8040
8041 NTSYSAPI
8042 NTSTATUS
8043 NTAPI
8044 RtlGetGroupSecurityDescriptor (
8045 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
8046 OUT PSID *Group,
8047 OUT PBOOLEAN GroupDefaulted
8048 );
8049
8050 #if (VER_PRODUCTBUILD >= 2195)
8051
8052 NTSYSAPI
8053 ULONG
8054 NTAPI
8055 RtlGetNtGlobalFlags (
8056 VOID
8057 );
8058
8059 #endif // (VER_PRODUCTBUILD >= 2195)
8060
8061 NTSYSAPI
8062 NTSTATUS
8063 NTAPI
8064 RtlGetOwnerSecurityDescriptor (
8065 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
8066 OUT PSID *Owner,
8067 OUT PBOOLEAN OwnerDefaulted
8068 );
8069
8070 //
8071 // This function returns a PIMAGE_NT_HEADERS,
8072 // see the standard include file winnt.h
8073 //
8074 NTSYSAPI
8075 PVOID
8076 NTAPI
8077 RtlImageNtHeader (
8078 IN PVOID BaseAddress
8079 );
8080
8081 NTSYSAPI
8082 NTSTATUS
8083 NTAPI
8084 RtlInitializeSid (
8085 IN OUT PSID Sid,
8086 IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
8087 IN UCHAR SubAuthorityCount
8088 );
8089
8090 NTSYSAPI
8091 BOOLEAN
8092 NTAPI
8093 RtlIsNameLegalDOS8Dot3 (
8094 IN PUNICODE_STRING UnicodeName,
8095 IN PANSI_STRING AnsiName,
8096 PBOOLEAN Unknown
8097 );
8098
8099 NTSYSAPI
8100 ULONG
8101 NTAPI
8102 RtlLengthRequiredSid (
8103 IN UCHAR SubAuthorityCount
8104 );
8105
8106 NTSYSAPI
8107 ULONG
8108 NTAPI
8109 RtlLengthSid (
8110 IN PSID Sid
8111 );
8112
8113 NTSYSAPI
8114 ULONG
8115 NTAPI
8116 RtlNtStatusToDosError (
8117 IN NTSTATUS Status
8118 );
8119
8120 #define RtlOemStringToCountedUnicodeSize(STRING) ( \
8121 (ULONG)(RtlOemStringToUnicodeSize(STRING) - sizeof(UNICODE_NULL)) \
8122 )
8123
8124 #define RtlOemStringToUnicodeSize(STRING) ( \
8125 NLS_MB_OEM_CODE_PAGE_TAG ? \
8126 RtlxOemStringToUnicodeSize(STRING) : \
8127 ((STRING)->Length + sizeof(ANSI_NULL)) * sizeof(WCHAR) \
8128 )
8129
8130 NTSYSAPI
8131 NTSTATUS
8132 NTAPI
8133 RtlOemStringToUnicodeString (
8134 OUT PUNICODE_STRING DestinationString,
8135 IN POEM_STRING SourceString,
8136 IN BOOLEAN AllocateDestinationString
8137 );
8138
8139 NTSYSAPI
8140 ULONG
8141 NTAPI
8142 RtlRandom (
8143 IN PULONG Seed
8144 );
8145
8146 #if (VER_PRODUCTBUILD >= 2600)
8147
8148 NTSYSAPI
8149 ULONG
8150 NTAPI
8151 RtlRandomEx (
8152 IN PULONG Seed
8153 );
8154
8155 #endif // (VER_PRODUCTBUILD >= 2600)
8156
8157 NTSYSAPI
8158 NTSTATUS
8159 NTAPI
8160 RtlReserveChunk (
8161 IN USHORT CompressionFormat,
8162 IN OUT PUCHAR *CompressedBuffer,
8163 IN PUCHAR EndOfCompressedBufferPlus1,
8164 OUT PUCHAR *ChunkBuffer,
8165 IN ULONG ChunkSize
8166 );
8167
8168 NTSYSAPI
8169 VOID
8170 NTAPI
8171 RtlSecondsSince1970ToTime (
8172 IN ULONG SecondsSince1970,
8173 OUT PLARGE_INTEGER Time
8174 );
8175
8176 NTSYSAPI
8177 VOID
8178 NTAPI
8179 RtlSecondsSince1980ToTime (
8180 IN ULONG SecondsSince1980,
8181 OUT PLARGE_INTEGER Time
8182 );
8183
8184 #if (VER_PRODUCTBUILD >= 2195)
8185
8186 NTSYSAPI
8187 NTSTATUS
8188 NTAPI
8189 RtlSelfRelativeToAbsoluteSD (
8190 IN PSECURITY_DESCRIPTOR SelfRelativeSD,
8191 OUT PSECURITY_DESCRIPTOR AbsoluteSD,
8192 IN PULONG AbsoluteSDSize,
8193 IN PACL Dacl,
8194 IN PULONG DaclSize,
8195 IN PACL Sacl,
8196 IN PULONG SaclSize,
8197 IN PSID Owner,
8198 IN PULONG OwnerSize,
8199 IN PSID PrimaryGroup,
8200 IN PULONG PrimaryGroupSize
8201 );
8202
8203 #endif // (VER_PRODUCTBUILD >= 2195)
8204
8205 NTSYSAPI
8206 NTSTATUS
8207 NTAPI
8208 RtlSetGroupSecurityDescriptor (
8209 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
8210 IN PSID Group,
8211 IN BOOLEAN GroupDefaulted
8212 );
8213
8214 NTSYSAPI
8215 NTSTATUS
8216 NTAPI
8217 RtlSetOwnerSecurityDescriptor (
8218 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
8219 IN PSID Owner,
8220 IN BOOLEAN OwnerDefaulted
8221 );
8222
8223 NTSYSAPI
8224 NTSTATUS
8225 NTAPI
8226 RtlSetSaclSecurityDescriptor (
8227 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
8228 IN BOOLEAN SaclPresent,
8229 IN PACL Sacl,
8230 IN BOOLEAN SaclDefaulted
8231 );
8232
8233 NTSYSAPI
8234 PUCHAR
8235 NTAPI
8236 RtlSubAuthorityCountSid (
8237 IN PSID Sid
8238 );
8239
8240 NTSYSAPI
8241 PULONG
8242 NTAPI
8243 RtlSubAuthoritySid (
8244 IN PSID Sid,
8245 IN ULONG SubAuthority
8246 );
8247
8248 NTSYSAPI
8249 BOOLEAN
8250 NTAPI
8251 RtlTimeToSecondsSince1970 (
8252 IN PLARGE_INTEGER Time,
8253 OUT PULONG SecondsSince1970
8254 );
8255
8256 NTSYSAPI
8257 BOOLEAN
8258 NTAPI
8259 RtlTimeToSecondsSince1980 (
8260 IN PLARGE_INTEGER Time,
8261 OUT PULONG SecondsSince1980
8262 );
8263
8264 #define RtlUnicodeStringToOemSize(STRING) ( \
8265 NLS_MB_OEM_CODE_PAGE_TAG ? \
8266 RtlxUnicodeStringToOemSize(STRING) : \
8267 ((STRING)->Length + sizeof(UNICODE_NULL)) / sizeof(WCHAR) \
8268 )
8269
8270 NTSYSAPI
8271 NTSTATUS
8272 NTAPI
8273 RtlUnicodeStringToOemString (
8274 OUT POEM_STRING DestinationString,
8275 IN PUNICODE_STRING SourceString,
8276 IN BOOLEAN AllocateDestinationString
8277 );
8278
8279 NTSYSAPI
8280 BOOLEAN
8281 NTAPI
8282 RtlValidSid (
8283 IN PSID Sid
8284 );
8285
8286 NTSYSAPI
8287 ULONG
8288 NTAPI
8289 RtlxOemStringToUnicodeSize (
8290 IN POEM_STRING OemString
8291 );
8292
8293 NTSYSAPI
8294 ULONG
8295 NTAPI
8296 RtlxUnicodeStringToAnsiSize (
8297 IN PUNICODE_STRING UnicodeString
8298 );
8299
8300 NTSYSAPI
8301 ULONG
8302 NTAPI
8303 RtlxUnicodeStringToOemSize (
8304 IN PUNICODE_STRING UnicodeString
8305 );
8306
8307 NTKERNELAPI
8308 NTSTATUS
8309 SeAppendPrivileges (
8310 PACCESS_STATE AccessState,
8311 PPRIVILEGE_SET Privileges
8312 );
8313
8314 #if (VER_PRODUCTBUILD >= 2195)
8315
8316 NTKERNELAPI
8317 VOID
8318 SeAuditHardLinkCreation (
8319 IN PUNICODE_STRING FileName,
8320 IN PUNICODE_STRING LinkName,
8321 IN BOOLEAN Success
8322 );
8323
8324 #endif // (VER_PRODUCTBUILD >= 2195)
8325
8326 NTKERNELAPI
8327 BOOLEAN
8328 SeAuditingFileEvents (
8329 IN BOOLEAN AccessGranted,
8330 IN PSECURITY_DESCRIPTOR SecurityDescriptor
8331 );
8332
8333 NTKERNELAPI
8334 BOOLEAN
8335 SeAuditingFileOrGlobalEvents (
8336 IN BOOLEAN AccessGranted,
8337 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
8338 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
8339 );
8340
8341 #if (VER_PRODUCTBUILD >= 2195)
8342
8343 NTKERNELAPI
8344 BOOLEAN
8345 SeAuditingHardLinkEvents (
8346 IN BOOLEAN AccessGranted,
8347 IN PSECURITY_DESCRIPTOR SecurityDescriptor
8348 );
8349
8350 #endif // (VER_PRODUCTBUILD >= 2195)
8351
8352 NTKERNELAPI
8353 VOID
8354 SeCaptureSubjectContext (
8355 OUT PSECURITY_SUBJECT_CONTEXT SubjectContext
8356 );
8357
8358 NTKERNELAPI
8359 NTSTATUS
8360 SeCreateAccessState (
8361 OUT PACCESS_STATE AccessState,
8362 IN PVOID AuxData,
8363 IN ACCESS_MASK AccessMask,
8364 IN PGENERIC_MAPPING Mapping
8365 );
8366
8367 NTKERNELAPI
8368 NTSTATUS
8369 SeCreateClientSecurity (
8370 IN PETHREAD Thread,
8371 IN PSECURITY_QUALITY_OF_SERVICE QualityOfService,
8372 IN BOOLEAN RemoteClient,
8373 OUT PSECURITY_CLIENT_CONTEXT ClientContext
8374 );
8375
8376 #if (VER_PRODUCTBUILD >= 2195)
8377
8378 NTKERNELAPI
8379 NTSTATUS
8380 SeCreateClientSecurityFromSubjectContext (
8381 IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
8382 IN PSECURITY_QUALITY_OF_SERVICE QualityOfService,
8383 IN BOOLEAN ServerIsRemote,
8384 OUT PSECURITY_CLIENT_CONTEXT ClientContext
8385 );
8386
8387 #endif // (VER_PRODUCTBUILD >= 2195)
8388
8389 NTKERNELAPI
8390 VOID
8391 SeDeleteAccessState (
8392 IN PACCESS_STATE AccessState
8393 );
8394
8395 #define SeDeleteClientSecurity(C) { \
8396 if (SeTokenType((C)->ClientToken) == TokenPrimary) { \
8397 PsDereferencePrimaryToken( (C)->ClientToken ); \
8398 } else { \
8399 PsDereferenceImpersonationToken( (C)->ClientToken ); \
8400 } \
8401 }
8402
8403 NTKERNELAPI
8404 VOID
8405 SeDeleteObjectAuditAlarm (
8406 IN PVOID Object,
8407 IN HANDLE Handle
8408 );
8409
8410 #define SeEnableAccessToExports() SeExports = *(PSE_EXPORTS *)SeExports;
8411
8412 #if (VER_PRODUCTBUILD >= 2600)
8413
8414 NTKERNELAPI
8415 NTSTATUS
8416 SeFilterToken (
8417 IN PACCESS_TOKEN ExistingToken,
8418 IN ULONG Flags,
8419 IN PTOKEN_GROUPS SidsToDisable OPTIONAL,
8420 IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL,
8421 IN PTOKEN_GROUPS RestrictedSids OPTIONAL,
8422 OUT PACCESS_TOKEN *FilteredToken
8423 );
8424
8425 #endif // (VER_PRODUCTBUILD >= 2600)
8426
8427 NTKERNELAPI
8428 VOID
8429 SeFreePrivileges (
8430 IN PPRIVILEGE_SET Privileges
8431 );
8432
8433 NTKERNELAPI
8434 VOID
8435 SeImpersonateClient (
8436 IN PSECURITY_CLIENT_CONTEXT ClientContext,
8437 IN PETHREAD ServerThread OPTIONAL
8438 );
8439
8440 #if (VER_PRODUCTBUILD >= 2195)
8441
8442 NTKERNELAPI
8443 NTSTATUS
8444 SeImpersonateClientEx (
8445 IN PSECURITY_CLIENT_CONTEXT ClientContext,
8446 IN PETHREAD ServerThread OPTIONAL
8447 );
8448
8449 #endif // (VER_PRODUCTBUILD >= 2195)
8450
8451 NTKERNELAPI
8452 VOID
8453 SeLockSubjectContext (
8454 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
8455 );
8456
8457 NTKERNELAPI
8458 NTSTATUS
8459 SeMarkLogonSessionForTerminationNotification (
8460 IN PLUID LogonId
8461 );
8462
8463 NTKERNELAPI
8464 VOID
8465 SeOpenObjectAuditAlarm (
8466 IN PUNICODE_STRING ObjectTypeName,
8467 IN PVOID Object OPTIONAL,
8468 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
8469 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
8470 IN PACCESS_STATE AccessState,
8471 IN BOOLEAN ObjectCreated,
8472 IN BOOLEAN AccessGranted,
8473 IN KPROCESSOR_MODE AccessMode,
8474 OUT PBOOLEAN GenerateOnClose
8475 );
8476
8477 NTKERNELAPI
8478 VOID
8479 SeOpenObjectForDeleteAuditAlarm (
8480 IN PUNICODE_STRING ObjectTypeName,
8481 IN PVOID Object OPTIONAL,
8482 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
8483 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
8484 IN PACCESS_STATE AccessState,
8485 IN BOOLEAN ObjectCreated,
8486 IN BOOLEAN AccessGranted,
8487 IN KPROCESSOR_MODE AccessMode,
8488 OUT PBOOLEAN GenerateOnClose
8489 );
8490
8491 NTKERNELAPI
8492 BOOLEAN
8493 SePrivilegeCheck (
8494 IN OUT PPRIVILEGE_SET RequiredPrivileges,
8495 IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
8496 IN KPROCESSOR_MODE AccessMode
8497 );
8498
8499 NTKERNELAPI
8500 NTSTATUS
8501 SeQueryAuthenticationIdToken (
8502 IN PACCESS_TOKEN Token,
8503 OUT PLUID LogonId
8504 );
8505
8506 #if (VER_PRODUCTBUILD >= 2195)
8507
8508 NTKERNELAPI
8509 NTSTATUS
8510 SeQueryInformationToken (
8511 IN PACCESS_TOKEN Token,
8512 IN TOKEN_INFORMATION_CLASS TokenInformationClass,
8513 OUT PVOID *TokenInformation
8514 );
8515
8516 #endif // (VER_PRODUCTBUILD >= 2195)
8517
8518 NTKERNELAPI
8519 NTSTATUS
8520 SeQuerySecurityDescriptorInfo (
8521 IN PSECURITY_INFORMATION SecurityInformation,
8522 OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
8523 IN OUT PULONG Length,
8524 IN PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor
8525 );
8526
8527 #if (VER_PRODUCTBUILD >= 2195)
8528
8529 NTKERNELAPI
8530 NTSTATUS
8531 SeQuerySessionIdToken (
8532 IN PACCESS_TOKEN Token,
8533 IN PULONG SessionId
8534 );
8535
8536 #endif // (VER_PRODUCTBUILD >= 2195)
8537
8538 #define SeQuerySubjectContextToken( SubjectContext ) \
8539 ( ARGUMENT_PRESENT( \
8540 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken \
8541 ) ? \
8542 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken : \
8543 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->PrimaryToken )
8544
8545 typedef NTSTATUS (*PSE_LOGON_SESSION_TERMINATED_ROUTINE) (
8546 IN PLUID LogonId
8547 );
8548
8549 NTKERNELAPI
8550 NTSTATUS
8551 SeRegisterLogonSessionTerminatedRoutine (
8552 IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
8553 );
8554
8555 NTKERNELAPI
8556 VOID
8557 SeReleaseSubjectContext (
8558 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
8559 );
8560
8561 NTKERNELAPI
8562 VOID
8563 SeSetAccessStateGenericMapping (
8564 PACCESS_STATE AccessState,
8565 PGENERIC_MAPPING GenericMapping
8566 );
8567
8568 NTKERNELAPI
8569 NTSTATUS
8570 SeSetSecurityDescriptorInfo (
8571 IN PVOID Object OPTIONAL,
8572 IN PSECURITY_INFORMATION SecurityInformation,
8573 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
8574 IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
8575 IN POOL_TYPE PoolType,
8576 IN PGENERIC_MAPPING GenericMapping
8577 );
8578
8579 #if (VER_PRODUCTBUILD >= 2195)
8580
8581 NTKERNELAPI
8582 NTSTATUS
8583 SeSetSecurityDescriptorInfoEx (
8584 IN PVOID Object OPTIONAL,
8585 IN PSECURITY_INFORMATION SecurityInformation,
8586 IN PSECURITY_DESCRIPTOR ModificationDescriptor,
8587 IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
8588 IN ULONG AutoInheritFlags,
8589 IN POOL_TYPE PoolType,
8590 IN PGENERIC_MAPPING GenericMapping
8591 );
8592
8593 NTKERNELAPI
8594 BOOLEAN
8595 SeTokenIsAdmin (
8596 IN PACCESS_TOKEN Token
8597 );
8598
8599 NTKERNELAPI
8600 BOOLEAN
8601 SeTokenIsRestricted (
8602 IN PACCESS_TOKEN Token
8603 );
8604
8605 #endif // (VER_PRODUCTBUILD >= 2195)
8606
8607 NTKERNELAPI
8608 TOKEN_TYPE
8609 SeTokenType (
8610 IN PACCESS_TOKEN Token
8611 );
8612
8613 NTKERNELAPI
8614 VOID
8615 SeUnlockSubjectContext (
8616 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
8617 );
8618
8619 NTKERNELAPI
8620 NTSTATUS
8621 SeUnregisterLogonSessionTerminatedRoutine (
8622 IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
8623 );
8624
8625 #if (VER_PRODUCTBUILD >= 2195)
8626
8627 NTSYSAPI
8628 NTSTATUS
8629 NTAPI
8630 ZwAdjustPrivilegesToken (
8631 IN HANDLE TokenHandle,
8632 IN BOOLEAN DisableAllPrivileges,
8633 IN PTOKEN_PRIVILEGES NewState,
8634 IN ULONG BufferLength,
8635 OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL,
8636 OUT PULONG ReturnLength
8637 );
8638
8639 #endif // (VER_PRODUCTBUILD >= 2195)
8640
8641 NTSYSAPI
8642 NTSTATUS
8643 NTAPI
8644 ZwAlertThread (
8645 IN HANDLE ThreadHandle
8646 );
8647
8648 NTSYSAPI
8649 NTSTATUS
8650 NTAPI
8651 ZwAllocateVirtualMemory (
8652 IN HANDLE ProcessHandle,
8653 IN OUT PVOID *BaseAddress,
8654 IN ULONG ZeroBits,
8655 IN OUT PSIZE_T RegionSize,
8656 IN ULONG AllocationType,
8657 IN ULONG Protect
8658 );
8659
8660 NTSYSAPI
8661 NTSTATUS
8662 NTAPI
8663 ZwAccessCheckAndAuditAlarm (
8664 IN PUNICODE_STRING SubsystemName,
8665 IN PVOID HandleId,
8666 IN PUNICODE_STRING ObjectTypeName,
8667 IN PUNICODE_STRING ObjectName,
8668 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
8669 IN ACCESS_MASK DesiredAccess,
8670 IN PGENERIC_MAPPING GenericMapping,
8671 IN BOOLEAN ObjectCreation,
8672 OUT PACCESS_MASK GrantedAccess,
8673 OUT PBOOLEAN AccessStatus,
8674 OUT PBOOLEAN GenerateOnClose
8675 );
8676
8677 #if (VER_PRODUCTBUILD >= 2195)
8678
8679 NTSYSAPI
8680 NTSTATUS
8681 NTAPI
8682 ZwCancelIoFile (
8683 IN HANDLE FileHandle,
8684 OUT PIO_STATUS_BLOCK IoStatusBlock
8685 );
8686
8687 #endif // (VER_PRODUCTBUILD >= 2195)
8688
8689 NTSYSAPI
8690 NTSTATUS
8691 NTAPI
8692 ZwClearEvent (
8693 IN HANDLE EventHandle
8694 );
8695
8696 NTSYSAPI
8697 NTSTATUS
8698 NTAPI
8699 ZwConnectPort (
8700 OUT PHANDLE ClientPortHandle,
8701 IN PUNICODE_STRING ServerPortName,
8702 IN PSECURITY_QUALITY_OF_SERVICE SecurityQos,
8703 IN OUT PLPC_SECTION_WRITE ClientSharedMemory OPTIONAL,
8704 IN OUT PLPC_SECTION_READ ServerSharedMemory OPTIONAL,
8705 OUT PULONG MaximumMessageLength OPTIONAL,
8706 IN OUT PVOID ConnectionInfo OPTIONAL,
8707 IN OUT PULONG ConnectionInfoLength OPTIONAL
8708 );
8709
8710 NTSYSAPI
8711 NTSTATUS
8712 NTAPI
8713 ZwCloseObjectAuditAlarm (
8714 IN PUNICODE_STRING SubsystemName,
8715 IN PVOID HandleId,
8716 IN BOOLEAN GenerateOnClose
8717 );
8718
8719 NTSYSAPI
8720 NTSTATUS
8721 NTAPI
8722 ZwCreateEvent (
8723 OUT PHANDLE EventHandle,
8724 IN ACCESS_MASK DesiredAccess,
8725 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
8726 IN EVENT_TYPE EventType,
8727 IN BOOLEAN InitialState
8728 );
8729
8730 NTSYSAPI
8731 NTSTATUS
8732 NTAPI
8733 ZwCreateSection (
8734 OUT PHANDLE SectionHandle,
8735 IN ACCESS_MASK DesiredAccess,
8736 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
8737 IN PLARGE_INTEGER MaximumSize OPTIONAL,
8738 IN ULONG SectionPageProtection,
8739 IN ULONG AllocationAttributes,
8740 IN HANDLE FileHandle OPTIONAL
8741 );
8742
8743 NTSYSAPI
8744 NTSTATUS
8745 NTAPI
8746 ZwCreateSymbolicLinkObject (
8747 OUT PHANDLE SymbolicLinkHandle,
8748 IN ACCESS_MASK DesiredAccess,
8749 IN POBJECT_ATTRIBUTES ObjectAttributes,
8750 IN PUNICODE_STRING TargetName
8751 );
8752
8753 NTSYSAPI
8754 NTSTATUS
8755 NTAPI
8756 ZwDeleteFile (
8757 IN POBJECT_ATTRIBUTES ObjectAttributes
8758 );
8759
8760 NTSYSAPI
8761 NTSTATUS
8762 NTAPI
8763 ZwDeleteValueKey (
8764 IN HANDLE Handle,
8765 IN PUNICODE_STRING Name
8766 );
8767
8768 NTSYSAPI
8769 NTSTATUS
8770 NTAPI
8771 ZwDeviceIoControlFile (
8772 IN HANDLE FileHandle,
8773 IN HANDLE Event OPTIONAL,
8774 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
8775 IN PVOID ApcContext OPTIONAL,
8776 OUT PIO_STATUS_BLOCK IoStatusBlock,
8777 IN ULONG IoControlCode,
8778 IN PVOID InputBuffer OPTIONAL,
8779 IN ULONG InputBufferLength,
8780 OUT PVOID OutputBuffer OPTIONAL,
8781 IN ULONG OutputBufferLength
8782 );
8783
8784 //
8785 // If using ZwDisplayString during boot on Windows 2000 or later you must
8786 // first call InbvEnableDisplayString.
8787 //
8788 NTSYSAPI
8789 NTSTATUS
8790 NTAPI
8791 ZwDisplayString (
8792 IN PUNICODE_STRING String
8793 );
8794
8795 NTSYSAPI
8796 NTSTATUS
8797 NTAPI
8798 ZwDuplicateObject (
8799 IN HANDLE SourceProcessHandle,
8800 IN HANDLE SourceHandle,
8801 IN HANDLE TargetProcessHandle OPTIONAL,
8802 OUT PHANDLE TargetHandle OPTIONAL,
8803 IN ACCESS_MASK DesiredAccess,
8804 IN ULONG HandleAttributes,
8805 IN ULONG Options
8806 );
8807
8808 NTSYSAPI
8809 NTSTATUS
8810 NTAPI
8811 ZwDuplicateToken (
8812 IN HANDLE ExistingTokenHandle,
8813 IN ACCESS_MASK DesiredAccess,
8814 IN POBJECT_ATTRIBUTES ObjectAttributes,
8815 IN BOOLEAN EffectiveOnly,
8816 IN TOKEN_TYPE TokenType,
8817 OUT PHANDLE NewTokenHandle
8818 );
8819
8820 NTSYSAPI
8821 NTSTATUS
8822 NTAPI
8823 ZwFlushInstructionCache (
8824 IN HANDLE ProcessHandle,
8825 IN PVOID BaseAddress OPTIONAL,
8826 IN ULONG FlushSize
8827 );
8828
8829 #if (VER_PRODUCTBUILD >= 2195)
8830
8831 NTSYSAPI
8832 NTSTATUS
8833 NTAPI
8834 ZwFlushVirtualMemory (
8835 IN HANDLE ProcessHandle,
8836 IN OUT PVOID *BaseAddress,
8837 IN OUT PSIZE_T RegionSize,
8838 OUT PIO_STATUS_BLOCK IoStatusBlock
8839 );
8840
8841 #endif // (VER_PRODUCTBUILD >= 2195)
8842
8843 NTSYSAPI
8844 NTSTATUS
8845 NTAPI
8846 ZwFreeVirtualMemory (
8847 IN HANDLE ProcessHandle,
8848 IN OUT PVOID *BaseAddress,
8849 IN OUT PSIZE_T RegionSize,
8850 IN ULONG FreeType
8851 );
8852
8853 NTSYSAPI
8854 NTSTATUS
8855 NTAPI
8856 ZwFsControlFile (
8857 IN HANDLE FileHandle,
8858 IN HANDLE Event OPTIONAL,
8859 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
8860 IN PVOID ApcContext OPTIONAL,
8861 OUT PIO_STATUS_BLOCK IoStatusBlock,
8862 IN ULONG FsControlCode,
8863 IN PVOID InputBuffer OPTIONAL,
8864 IN ULONG InputBufferLength,
8865 OUT PVOID OutputBuffer OPTIONAL,
8866 IN ULONG OutputBufferLength
8867 );
8868
8869 #if (VER_PRODUCTBUILD >= 2195)
8870
8871 NTSYSAPI
8872 NTSTATUS
8873 NTAPI
8874 ZwInitiatePowerAction (
8875 IN POWER_ACTION SystemAction,
8876 IN SYSTEM_POWER_STATE MinSystemState,
8877 IN ULONG Flags,
8878 IN BOOLEAN Asynchronous
8879 );
8880
8881 #endif // (VER_PRODUCTBUILD >= 2195)
8882
8883 NTSYSAPI
8884 NTSTATUS
8885 NTAPI
8886 ZwLoadDriver (
8887 // "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>"
8888 IN PUNICODE_STRING RegistryPath
8889 );
8890
8891 NTSYSAPI
8892 NTSTATUS
8893 NTAPI
8894 ZwLoadKey (
8895 IN POBJECT_ATTRIBUTES KeyObjectAttributes,
8896 IN POBJECT_ATTRIBUTES FileObjectAttributes
8897 );
8898
8899 NTSYSAPI
8900 NTSTATUS
8901 NTAPI
8902 ZwNotifyChangeKey (
8903 IN HANDLE KeyHandle,
8904 IN HANDLE EventHandle OPTIONAL,
8905 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
8906 IN PVOID ApcContext OPTIONAL,
8907 OUT PIO_STATUS_BLOCK IoStatusBlock,
8908 IN ULONG NotifyFilter,
8909 IN BOOLEAN WatchSubtree,
8910 IN PVOID Buffer,
8911 IN ULONG BufferLength,
8912 IN BOOLEAN Asynchronous
8913 );
8914
8915 NTSYSAPI
8916 NTSTATUS
8917 NTAPI
8918 ZwOpenDirectoryObject (
8919 OUT PHANDLE DirectoryHandle,
8920 IN ACCESS_MASK DesiredAccess,
8921 IN POBJECT_ATTRIBUTES ObjectAttributes
8922 );
8923
8924 NTSYSAPI
8925 NTSTATUS
8926 NTAPI
8927 ZwOpenEvent (
8928 OUT PHANDLE EventHandle,
8929 IN ACCESS_MASK DesiredAccess,
8930 IN POBJECT_ATTRIBUTES ObjectAttributes
8931 );
8932
8933 NTSYSAPI
8934 NTSTATUS
8935 NTAPI
8936 ZwOpenProcess (
8937 OUT PHANDLE ProcessHandle,
8938 IN ACCESS_MASK DesiredAccess,
8939 IN POBJECT_ATTRIBUTES ObjectAttributes,
8940 IN PCLIENT_ID ClientId OPTIONAL
8941 );
8942
8943 NTSYSAPI
8944 NTSTATUS
8945 NTAPI
8946 ZwOpenProcessToken (
8947 IN HANDLE ProcessHandle,
8948 IN ACCESS_MASK DesiredAccess,
8949 OUT PHANDLE TokenHandle
8950 );
8951
8952 #if (VER_PRODUCTBUILD >= 2600)
8953
8954 NTSYSAPI
8955 NTSTATUS
8956 NTAPI
8957 ZwOpenProcessTokenEx (
8958 IN HANDLE ProcessHandle,
8959 IN ACCESS_MASK DesiredAccess,
8960 IN ULONG HandleAttributes,
8961 OUT PHANDLE TokenHandle
8962 );
8963
8964 #endif // (VER_PRODUCTBUILD >= 2600)
8965
8966 NTSYSAPI
8967 NTSTATUS
8968 NTAPI
8969 ZwOpenThread (
8970 OUT PHANDLE ThreadHandle,
8971 IN ACCESS_MASK DesiredAccess,
8972 IN POBJECT_ATTRIBUTES ObjectAttributes,
8973 IN PCLIENT_ID ClientId
8974 );
8975
8976 NTSYSAPI
8977 NTSTATUS
8978 NTAPI
8979 ZwOpenThreadToken (
8980 IN HANDLE ThreadHandle,
8981 IN ACCESS_MASK DesiredAccess,
8982 IN BOOLEAN OpenAsSelf,
8983 OUT PHANDLE TokenHandle
8984 );
8985
8986 #if (VER_PRODUCTBUILD >= 2600)
8987
8988 NTSYSAPI
8989 NTSTATUS
8990 NTAPI
8991 ZwOpenThreadTokenEx (
8992 IN HANDLE ThreadHandle,
8993 IN ACCESS_MASK DesiredAccess,
8994 IN BOOLEAN OpenAsSelf,
8995 IN ULONG HandleAttributes,
8996 OUT PHANDLE TokenHandle
8997 );
8998
8999 #endif // (VER_PRODUCTBUILD >= 2600)
9000
9001 #if (VER_PRODUCTBUILD >= 2195)
9002
9003 NTSYSAPI
9004 NTSTATUS
9005 NTAPI
9006 ZwPowerInformation (
9007 IN POWER_INFORMATION_LEVEL PowerInformationLevel,
9008 IN PVOID InputBuffer OPTIONAL,
9009 IN ULONG InputBufferLength,
9010 OUT PVOID OutputBuffer OPTIONAL,
9011 IN ULONG OutputBufferLength
9012 );
9013
9014 #endif // (VER_PRODUCTBUILD >= 2195)
9015
9016 NTSYSAPI
9017 NTSTATUS
9018 NTAPI
9019 ZwPulseEvent (
9020 IN HANDLE EventHandle,
9021 OUT PULONG PreviousState OPTIONAL
9022 );
9023
9024 NTSYSAPI
9025 NTSTATUS
9026 NTAPI
9027 ZwQueryDefaultLocale (
9028 IN BOOLEAN ThreadOrSystem,
9029 OUT PLCID Locale
9030 );
9031
9032 #if (VER_PRODUCTBUILD >= 2195)
9033
9034 NTSYSAPI
9035 NTSTATUS
9036 NTAPI
9037 ZwQueryDefaultUILanguage (
9038 OUT LANGID *LanguageId
9039 );
9040
9041 #endif // (VER_PRODUCTBUILD >= 2195)
9042
9043 NTSYSAPI
9044 NTSTATUS
9045 NTAPI
9046 ZwQueryDirectoryFile (
9047 IN HANDLE FileHandle,
9048 IN HANDLE Event OPTIONAL,
9049 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
9050 IN PVOID ApcContext OPTIONAL,
9051 OUT PIO_STATUS_BLOCK IoStatusBlock,
9052 OUT PVOID FileInformation,
9053 IN ULONG Length,
9054 IN FILE_INFORMATION_CLASS FileInformationClass,
9055 IN BOOLEAN ReturnSingleEntry,
9056 IN PUNICODE_STRING FileName OPTIONAL,
9057 IN BOOLEAN RestartScan
9058 );
9059
9060 #if (VER_PRODUCTBUILD >= 2195)
9061
9062 NTSYSAPI
9063 NTSTATUS
9064 NTAPI
9065 ZwQueryDirectoryObject (
9066 IN HANDLE DirectoryHandle,
9067 OUT PVOID Buffer,
9068 IN ULONG Length,
9069 IN BOOLEAN ReturnSingleEntry,
9070 IN BOOLEAN RestartScan,
9071 IN OUT PULONG Context,
9072 OUT PULONG ReturnLength OPTIONAL
9073 );
9074
9075 NTSYSAPI
9076 NTSTATUS
9077 NTAPI
9078 ZwQueryEaFile (
9079 IN HANDLE FileHandle,
9080 OUT PIO_STATUS_BLOCK IoStatusBlock,
9081 OUT PVOID Buffer,
9082 IN ULONG Length,
9083 IN BOOLEAN ReturnSingleEntry,
9084 IN PVOID EaList OPTIONAL,
9085 IN ULONG EaListLength,
9086 IN PULONG EaIndex OPTIONAL,
9087 IN BOOLEAN RestartScan
9088 );
9089
9090 #endif // (VER_PRODUCTBUILD >= 2195)
9091
9092 NTSYSAPI
9093 NTSTATUS
9094 NTAPI
9095 ZwQueryInformationProcess (
9096 IN HANDLE ProcessHandle,
9097 IN PROCESSINFOCLASS ProcessInformationClass,
9098 OUT PVOID ProcessInformation,
9099 IN ULONG ProcessInformationLength,
9100 OUT PULONG ReturnLength OPTIONAL
9101 );
9102
9103 #if (VER_PRODUCTBUILD >= 2600)
9104
9105 NTSYSAPI
9106 NTSTATUS
9107 NTAPI
9108 ZwQueryInformationThread (
9109 IN HANDLE ThreadHandle,
9110 IN THREADINFOCLASS ThreadInformationClass,
9111 OUT PVOID ThreadInformation,
9112 IN ULONG ThreadInformationLength,
9113 OUT PULONG ReturnLength OPTIONAL
9114 );
9115
9116 #endif // (VER_PRODUCTBUILD >= 2600)
9117
9118 NTSYSAPI
9119 NTSTATUS
9120 NTAPI
9121 ZwQueryInformationToken (
9122 IN HANDLE TokenHandle,
9123 IN TOKEN_INFORMATION_CLASS TokenInformationClass,
9124 OUT PVOID TokenInformation,
9125 IN ULONG TokenInformationLength,
9126 OUT PULONG ReturnLength
9127 );
9128
9129 #if (VER_PRODUCTBUILD >= 2195)
9130
9131 NTSYSAPI
9132 NTSTATUS
9133 NTAPI
9134 ZwQueryInstallUILanguage (
9135 OUT LANGID *LanguageId
9136 );
9137
9138 #endif // (VER_PRODUCTBUILD >= 2195)
9139
9140 NTSYSAPI
9141 NTSTATUS
9142 NTAPI
9143 ZwQueryObject (
9144 IN HANDLE ObjectHandle,
9145 IN OBJECT_INFO_CLASS ObjectInformationClass,
9146 OUT PVOID ObjectInformation,
9147 IN ULONG Length,
9148 OUT PULONG ResultLength
9149 );
9150
9151 NTSYSAPI
9152 NTSTATUS
9153 NTAPI
9154 ZwQuerySection (
9155 IN HANDLE SectionHandle,
9156 IN SECTION_INFORMATION_CLASS SectionInformationClass,
9157 OUT PVOID SectionInformation,
9158 IN ULONG SectionInformationLength,
9159 OUT PULONG ResultLength OPTIONAL
9160 );
9161
9162 NTSYSAPI
9163 NTSTATUS
9164 NTAPI
9165 ZwQuerySecurityObject (
9166 IN HANDLE FileHandle,
9167 IN SECURITY_INFORMATION SecurityInformation,
9168 OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
9169 IN ULONG Length,
9170 OUT PULONG ResultLength
9171 );
9172
9173 NTSYSAPI
9174 NTSTATUS
9175 NTAPI
9176 ZwQuerySystemInformation (
9177 IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
9178 OUT PVOID SystemInformation,
9179 IN ULONG Length,
9180 OUT PULONG ReturnLength
9181 );
9182
9183 NTSYSAPI
9184 NTSTATUS
9185 NTAPI
9186 ZwQueryVolumeInformationFile (
9187 IN HANDLE FileHandle,
9188 OUT PIO_STATUS_BLOCK IoStatusBlock,
9189 OUT PVOID FsInformation,
9190 IN ULONG Length,
9191 IN FS_INFORMATION_CLASS FsInformationClass
9192 );
9193
9194 NTSYSAPI
9195 NTSTATUS
9196 NTAPI
9197 ZwReplaceKey (
9198 IN POBJECT_ATTRIBUTES NewFileObjectAttributes,
9199 IN HANDLE KeyHandle,
9200 IN POBJECT_ATTRIBUTES OldFileObjectAttributes
9201 );
9202
9203 NTSYSAPI
9204 NTSTATUS
9205 NTAPI
9206 ZwRequestWaitReplyPort (
9207 IN HANDLE PortHandle,
9208 IN PLPC_MESSAGE Request,
9209 OUT PLPC_MESSAGE Reply
9210 );
9211
9212 NTSYSAPI
9213 NTSTATUS
9214 NTAPI
9215 ZwResetEvent (
9216 IN HANDLE EventHandle,
9217 OUT PULONG PreviousState OPTIONAL
9218 );
9219
9220 #if (VER_PRODUCTBUILD >= 2195)
9221
9222 NTSYSAPI
9223 NTSTATUS
9224 NTAPI
9225 ZwRestoreKey (
9226 IN HANDLE KeyHandle,
9227 IN HANDLE FileHandle,
9228 IN ULONG Flags
9229 );
9230
9231 #endif // (VER_PRODUCTBUILD >= 2195)
9232
9233 NTSYSAPI
9234 NTSTATUS
9235 NTAPI
9236 ZwSaveKey (
9237 IN HANDLE KeyHandle,
9238 IN HANDLE FileHandle
9239 );
9240
9241 NTSYSAPI
9242 NTSTATUS
9243 NTAPI
9244 ZwSetDefaultLocale (
9245 IN BOOLEAN ThreadOrSystem,
9246 IN LCID Locale
9247 );
9248
9249 #if (VER_PRODUCTBUILD >= 2195)
9250
9251 NTSYSAPI
9252 NTSTATUS
9253 NTAPI
9254 ZwSetDefaultUILanguage (
9255 IN LANGID LanguageId
9256 );
9257
9258 NTSYSAPI
9259 NTSTATUS
9260 NTAPI
9261 ZwSetEaFile (
9262 IN HANDLE FileHandle,
9263 OUT PIO_STATUS_BLOCK IoStatusBlock,
9264 OUT PVOID Buffer,
9265 IN ULONG Length
9266 );
9267
9268 #endif // (VER_PRODUCTBUILD >= 2195)
9269
9270 NTSYSAPI
9271 NTSTATUS
9272 NTAPI
9273 ZwSetEvent (
9274 IN HANDLE EventHandle,
9275 OUT PULONG PreviousState OPTIONAL
9276 );
9277
9278 NTSYSAPI
9279 NTSTATUS
9280 NTAPI
9281 ZwSetInformationObject (
9282 IN HANDLE ObjectHandle,
9283 IN OBJECT_INFO_CLASS ObjectInformationClass,
9284 IN PVOID ObjectInformation,
9285 IN ULONG ObjectInformationLength
9286 );
9287
9288 NTSYSAPI
9289 NTSTATUS
9290 NTAPI
9291 ZwSetInformationProcess (
9292 IN HANDLE ProcessHandle,
9293 IN PROCESSINFOCLASS ProcessInformationClass,
9294 IN PVOID ProcessInformation,
9295 IN ULONG ProcessInformationLength
9296 );
9297
9298 #if (VER_PRODUCTBUILD >= 2195)
9299
9300 NTSYSAPI
9301 NTSTATUS
9302 NTAPI
9303 ZwSetSecurityObject (
9304 IN HANDLE Handle,
9305 IN SECURITY_INFORMATION SecurityInformation,
9306 IN PSECURITY_DESCRIPTOR SecurityDescriptor
9307 );
9308
9309 #endif // (VER_PRODUCTBUILD >= 2195)
9310
9311 NTSYSAPI
9312 NTSTATUS
9313 NTAPI
9314 ZwSetSystemInformation (
9315 IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
9316 IN PVOID SystemInformation,
9317 IN ULONG Length
9318 );
9319
9320 NTSYSAPI
9321 NTSTATUS
9322 NTAPI
9323 ZwSetSystemTime (
9324 IN PLARGE_INTEGER NewTime,
9325 OUT PLARGE_INTEGER OldTime OPTIONAL
9326 );
9327
9328 #if (VER_PRODUCTBUILD >= 2195)
9329
9330 NTSYSAPI
9331 NTSTATUS
9332 NTAPI
9333 ZwSetVolumeInformationFile (
9334 IN HANDLE FileHandle,
9335 OUT PIO_STATUS_BLOCK IoStatusBlock,
9336 IN PVOID FsInformation,
9337 IN ULONG Length,
9338 IN FS_INFORMATION_CLASS FsInformationClass
9339 );
9340
9341 #endif // (VER_PRODUCTBUILD >= 2195)
9342
9343 NTSYSAPI
9344 NTSTATUS
9345 NTAPI
9346 ZwTerminateProcess (
9347 IN HANDLE ProcessHandle OPTIONAL,
9348 IN NTSTATUS ExitStatus
9349 );
9350
9351 NTSYSAPI
9352 NTSTATUS
9353 NTAPI
9354 ZwUnloadDriver (
9355 // "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>"
9356 IN PUNICODE_STRING RegistryPath
9357 );
9358
9359 NTSYSAPI
9360 NTSTATUS
9361 NTAPI
9362 ZwUnloadKey (
9363 IN POBJECT_ATTRIBUTES KeyObjectAttributes
9364 );
9365
9366 NTSYSAPI
9367 NTSTATUS
9368 NTAPI
9369 ZwWaitForSingleObject (
9370 IN HANDLE Handle,
9371 IN BOOLEAN Alertable,
9372 IN PLARGE_INTEGER Timeout OPTIONAL
9373 );
9374
9375 NTSYSAPI
9376 NTSTATUS
9377 NTAPI
9378 ZwWaitForMultipleObjects (
9379 IN ULONG HandleCount,
9380 IN PHANDLE Handles,
9381 IN WAIT_TYPE WaitType,
9382 IN BOOLEAN Alertable,
9383 IN PLARGE_INTEGER Timeout OPTIONAL
9384 );
9385
9386 NTSYSAPI
9387 NTSTATUS
9388 NTAPI
9389 ZwYieldExecution (
9390 VOID
9391 );
9392
9393 //
9394 // Below is stuff that is included in the Windows 2000 DDK but is missing in
9395 // the Windows NT 4.0 DDK
9396 //
9397
9398 #if (VER_PRODUCTBUILD < 2195)
9399
9400 NTSYSAPI
9401 VOID
9402 NTAPI
9403 HalMakeBeep (
9404 IN ULONG Frequency
9405 );
9406
9407 #ifndef IoCopyCurrentIrpStackLocationToNext
9408 #define IoCopyCurrentIrpStackLocationToNext( Irp ) { \
9409 PIO_STACK_LOCATION irpSp; \
9410 PIO_STACK_LOCATION nextIrpSp; \
9411 irpSp = IoGetCurrentIrpStackLocation( (Irp) ); \
9412 nextIrpSp = IoGetNextIrpStackLocation( (Irp) ); \
9413 RtlCopyMemory( \
9414 nextIrpSp, \
9415 irpSp, \
9416 FIELD_OFFSET(IO_STACK_LOCATION, CompletionRoutine) \
9417 ); \
9418 nextIrpSp->Control = 0; }
9419 #endif
9420
9421 NTKERNELAPI
9422 NTSTATUS
9423 IoCreateFile (
9424 OUT PHANDLE FileHandle,
9425 IN ACCESS_MASK DesiredAccess,
9426 IN POBJECT_ATTRIBUTES ObjectAttributes,
9427 OUT PIO_STATUS_BLOCK IoStatusBlock,
9428 IN PLARGE_INTEGER AllocationSize OPTIONAL,
9429 IN ULONG FileAttributes,
9430 IN ULONG ShareAccess,
9431 IN ULONG CreateDisposition,
9432 IN ULONG CreateOptions,
9433 IN PVOID EaBuffer OPTIONAL,
9434 IN ULONG EaLength,
9435 IN CREATE_FILE_TYPE CreateFileType,
9436 IN PVOID ExtraCreateParameters,
9437 IN ULONG Options
9438 );
9439
9440 #ifndef IoSkipCurrentIrpStackLocation
9441 #define IoSkipCurrentIrpStackLocation( Irp ) \
9442 (Irp)->CurrentLocation++; \
9443 (Irp)->Tail.Overlay.CurrentStackLocation++;
9444 #endif
9445
9446 NTSYSAPI
9447 VOID
9448 NTAPI
9449 ProbeForWrite (
9450 IN PVOID Address,
9451 IN ULONG Length,
9452 IN ULONG Alignment
9453 );
9454
9455 NTSYSAPI
9456 NTSTATUS
9457 NTAPI
9458 ZwOpenFile (
9459 OUT PHANDLE FileHandle,
9460 IN ACCESS_MASK DesiredAccess,
9461 IN POBJECT_ATTRIBUTES ObjectAttributes,
9462 OUT PIO_STATUS_BLOCK IoStatusBlock,
9463 IN ULONG ShareAccess,
9464 IN ULONG OpenOptions
9465 );
9466
9467 NTSYSAPI
9468 NTSTATUS
9469 NTAPI
9470 ZwOpenSymbolicLinkObject (
9471 OUT PHANDLE SymbolicLinkHandle,
9472 IN ACCESS_MASK DesiredAccess,
9473 IN POBJECT_ATTRIBUTES ObjectAttributes
9474 );
9475
9476 NTSYSAPI
9477 NTSTATUS
9478 NTAPI
9479 ZwQuerySymbolicLinkObject (
9480 IN HANDLE LinkHandle,
9481 IN OUT PUNICODE_STRING LinkTarget,
9482 OUT PULONG ReturnedLength OPTIONAL
9483 );
9484
9485 #endif // (VER_PRODUCTBUILD < 2195)
9486
9487 #ifdef __cplusplus
9488 }
9489 #endif
9490
9491 #endif // _NTIFS_
A free Windows-compatible Operating System