[DDK/XDK/NTOSKRNL/DRIVERS]
[reactos.git] / reactos / include / ddk / ntifs.h
1 /*
2 * ntifs.h
3 *
4 * Windows NT Filesystem Driver Developer Kit
5 *
6 * This file is part of the ReactOS DDK package.
7 *
8 * Contributors:
9 * Amine Khaldi
10 * Timo Kreuzer (timo.kreuzer@reactos.org)
11 *
12 * THIS SOFTWARE IS NOT COPYRIGHTED
13 *
14 * This source code is offered for use in the public domain. You may
15 * use, modify or distribute it freely.
16 *
17 * This code is distributed in the hope that it will be useful but
18 * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
19 * DISCLAIMED. This includes but is not limited to warranties of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
21 *
22 */
23
24 #pragma once
25
26 #define _NTIFS_INCLUDED_
27 #define _GNU_NTIFS_
28
29 #ifdef __cplusplus
30 extern "C" {
31 #endif
32
33 /* Dependencies */
34 #include <ntddk.h>
35 #include <excpt.h>
36 #include <ntdef.h>
37 #include <ntnls.h>
38 #include <ntstatus.h>
39 #include <bugcodes.h>
40 #include <ntiologc.h>
41
42
43 #ifndef FlagOn
44 #define FlagOn(_F,_SF) ((_F) & (_SF))
45 #endif
46
47 #ifndef BooleanFlagOn
48 #define BooleanFlagOn(F,SF) ((BOOLEAN)(((F) & (SF)) != 0))
49 #endif
50
51 #ifndef SetFlag
52 #define SetFlag(_F,_SF) ((_F) |= (_SF))
53 #endif
54
55 #ifndef ClearFlag
56 #define ClearFlag(_F,_SF) ((_F) &= ~(_SF))
57 #endif
58
59 typedef UNICODE_STRING LSA_UNICODE_STRING, *PLSA_UNICODE_STRING;
60 typedef STRING LSA_STRING, *PLSA_STRING;
61 typedef OBJECT_ATTRIBUTES LSA_OBJECT_ATTRIBUTES, *PLSA_OBJECT_ATTRIBUTES;
62
63 /******************************************************************************
64 * Security Manager Types *
65 ******************************************************************************/
66 #ifndef SID_IDENTIFIER_AUTHORITY_DEFINED
67 #define SID_IDENTIFIER_AUTHORITY_DEFINED
68 typedef struct _SID_IDENTIFIER_AUTHORITY {
69 UCHAR Value[6];
70 } SID_IDENTIFIER_AUTHORITY,*PSID_IDENTIFIER_AUTHORITY,*LPSID_IDENTIFIER_AUTHORITY;
71 #endif
72
73 #ifndef SID_DEFINED
74 #define SID_DEFINED
75 typedef struct _SID {
76 UCHAR Revision;
77 UCHAR SubAuthorityCount;
78 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
79 #ifdef MIDL_PASS
80 [size_is(SubAuthorityCount)] ULONG SubAuthority[*];
81 #else
82 ULONG SubAuthority[ANYSIZE_ARRAY];
83 #endif
84 } SID, *PISID;
85 #endif
86
87 #define SID_REVISION 1
88 #define SID_MAX_SUB_AUTHORITIES 15
89 #define SID_RECOMMENDED_SUB_AUTHORITIES 1
90
91 #ifndef MIDL_PASS
92 #define SECURITY_MAX_SID_SIZE (sizeof(SID) - sizeof(ULONG) + (SID_MAX_SUB_AUTHORITIES * sizeof(ULONG)))
93 #endif
94
95 typedef enum _SID_NAME_USE {
96 SidTypeUser = 1,
97 SidTypeGroup,
98 SidTypeDomain,
99 SidTypeAlias,
100 SidTypeWellKnownGroup,
101 SidTypeDeletedAccount,
102 SidTypeInvalid,
103 SidTypeUnknown,
104 SidTypeComputer,
105 SidTypeLabel
106 } SID_NAME_USE, *PSID_NAME_USE;
107
108 typedef struct _SID_AND_ATTRIBUTES {
109 #ifdef MIDL_PASS
110 PISID Sid;
111 #else
112 PSID Sid;
113 #endif
114 ULONG Attributes;
115 } SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES;
116 typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
117 typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY;
118
119 #define SID_HASH_SIZE 32
120 typedef ULONG_PTR SID_HASH_ENTRY, *PSID_HASH_ENTRY;
121
122 typedef struct _SID_AND_ATTRIBUTES_HASH {
123 ULONG SidCount;
124 PSID_AND_ATTRIBUTES SidAttr;
125 SID_HASH_ENTRY Hash[SID_HASH_SIZE];
126 } SID_AND_ATTRIBUTES_HASH, *PSID_AND_ATTRIBUTES_HASH;
127
128 /* Universal well-known SIDs */
129
130 #define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0}
131 #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
132 #define SECURITY_LOCAL_SID_AUTHORITY {0,0,0,0,0,2}
133 #define SECURITY_CREATOR_SID_AUTHORITY {0,0,0,0,0,3}
134 #define SECURITY_NON_UNIQUE_AUTHORITY {0,0,0,0,0,4}
135 #define SECURITY_RESOURCE_MANAGER_AUTHORITY {0,0,0,0,0,9}
136
137 #define SECURITY_NULL_RID (0x00000000L)
138 #define SECURITY_WORLD_RID (0x00000000L)
139 #define SECURITY_LOCAL_RID (0x00000000L)
140 #define SECURITY_LOCAL_LOGON_RID (0x00000001L)
141
142 #define SECURITY_CREATOR_OWNER_RID (0x00000000L)
143 #define SECURITY_CREATOR_GROUP_RID (0x00000001L)
144 #define SECURITY_CREATOR_OWNER_SERVER_RID (0x00000002L)
145 #define SECURITY_CREATOR_GROUP_SERVER_RID (0x00000003L)
146 #define SECURITY_CREATOR_OWNER_RIGHTS_RID (0x00000004L)
147
148 /* NT well-known SIDs */
149
150 #define SECURITY_NT_AUTHORITY {0,0,0,0,0,5}
151
152 #define SECURITY_DIALUP_RID (0x00000001L)
153 #define SECURITY_NETWORK_RID (0x00000002L)
154 #define SECURITY_BATCH_RID (0x00000003L)
155 #define SECURITY_INTERACTIVE_RID (0x00000004L)
156 #define SECURITY_LOGON_IDS_RID (0x00000005L)
157 #define SECURITY_LOGON_IDS_RID_COUNT (3L)
158 #define SECURITY_SERVICE_RID (0x00000006L)
159 #define SECURITY_ANONYMOUS_LOGON_RID (0x00000007L)
160 #define SECURITY_PROXY_RID (0x00000008L)
161 #define SECURITY_ENTERPRISE_CONTROLLERS_RID (0x00000009L)
162 #define SECURITY_SERVER_LOGON_RID SECURITY_ENTERPRISE_CONTROLLERS_RID
163 #define SECURITY_PRINCIPAL_SELF_RID (0x0000000AL)
164 #define SECURITY_AUTHENTICATED_USER_RID (0x0000000BL)
165 #define SECURITY_RESTRICTED_CODE_RID (0x0000000CL)
166 #define SECURITY_TERMINAL_SERVER_RID (0x0000000DL)
167 #define SECURITY_REMOTE_LOGON_RID (0x0000000EL)
168 #define SECURITY_THIS_ORGANIZATION_RID (0x0000000FL)
169 #define SECURITY_IUSER_RID (0x00000011L)
170 #define SECURITY_LOCAL_SYSTEM_RID (0x00000012L)
171 #define SECURITY_LOCAL_SERVICE_RID (0x00000013L)
172 #define SECURITY_NETWORK_SERVICE_RID (0x00000014L)
173 #define SECURITY_NT_NON_UNIQUE (0x00000015L)
174 #define SECURITY_NT_NON_UNIQUE_SUB_AUTH_COUNT (3L)
175 #define SECURITY_ENTERPRISE_READONLY_CONTROLLERS_RID (0x00000016L)
176
177 #define SECURITY_BUILTIN_DOMAIN_RID (0x00000020L)
178 #define SECURITY_WRITE_RESTRICTED_CODE_RID (0x00000021L)
179
180
181 #define SECURITY_PACKAGE_BASE_RID (0x00000040L)
182 #define SECURITY_PACKAGE_RID_COUNT (2L)
183 #define SECURITY_PACKAGE_NTLM_RID (0x0000000AL)
184 #define SECURITY_PACKAGE_SCHANNEL_RID (0x0000000EL)
185 #define SECURITY_PACKAGE_DIGEST_RID (0x00000015L)
186
187 #define SECURITY_CRED_TYPE_BASE_RID (0x00000041L)
188 #define SECURITY_CRED_TYPE_RID_COUNT (2L)
189 #define SECURITY_CRED_TYPE_THIS_ORG_CERT_RID (0x00000001L)
190
191 #define SECURITY_MIN_BASE_RID (0x00000050L)
192 #define SECURITY_SERVICE_ID_BASE_RID (0x00000050L)
193 #define SECURITY_SERVICE_ID_RID_COUNT (6L)
194 #define SECURITY_RESERVED_ID_BASE_RID (0x00000051L)
195 #define SECURITY_APPPOOL_ID_BASE_RID (0x00000052L)
196 #define SECURITY_APPPOOL_ID_RID_COUNT (6L)
197 #define SECURITY_VIRTUALSERVER_ID_BASE_RID (0x00000053L)
198 #define SECURITY_VIRTUALSERVER_ID_RID_COUNT (6L)
199 #define SECURITY_USERMODEDRIVERHOST_ID_BASE_RID (0x00000054L)
200 #define SECURITY_USERMODEDRIVERHOST_ID_RID_COUNT (6L)
201 #define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_BASE_RID (0x00000055L)
202 #define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_RID_COUNT (6L)
203 #define SECURITY_WMIHOST_ID_BASE_RID (0x00000056L)
204 #define SECURITY_WMIHOST_ID_RID_COUNT (6L)
205 #define SECURITY_TASK_ID_BASE_RID (0x00000057L)
206 #define SECURITY_NFS_ID_BASE_RID (0x00000058L)
207 #define SECURITY_COM_ID_BASE_RID (0x00000059L)
208 #define SECURITY_VIRTUALACCOUNT_ID_RID_COUNT (6L)
209
210 #define SECURITY_MAX_BASE_RID (0x0000006FL)
211
212 #define SECURITY_MAX_ALWAYS_FILTERED (0x000003E7L)
213 #define SECURITY_MIN_NEVER_FILTERED (0x000003E8L)
214
215 #define SECURITY_OTHER_ORGANIZATION_RID (0x000003E8L)
216
217 #define SECURITY_WINDOWSMOBILE_ID_BASE_RID (0x00000070L)
218
219 /* Well-known domain relative sub-authority values (RIDs) */
220
221 #define DOMAIN_GROUP_RID_ENTERPRISE_READONLY_DOMAIN_CONTROLLERS (0x000001F2L)
222
223 #define FOREST_USER_RID_MAX (0x000001F3L)
224
225 /* Well-known users */
226
227 #define DOMAIN_USER_RID_ADMIN (0x000001F4L)
228 #define DOMAIN_USER_RID_GUEST (0x000001F5L)
229 #define DOMAIN_USER_RID_KRBTGT (0x000001F6L)
230
231 #define DOMAIN_USER_RID_MAX (0x000003E7L)
232
233 /* Well-known groups */
234
235 #define DOMAIN_GROUP_RID_ADMINS (0x00000200L)
236 #define DOMAIN_GROUP_RID_USERS (0x00000201L)
237 #define DOMAIN_GROUP_RID_GUESTS (0x00000202L)
238 #define DOMAIN_GROUP_RID_COMPUTERS (0x00000203L)
239 #define DOMAIN_GROUP_RID_CONTROLLERS (0x00000204L)
240 #define DOMAIN_GROUP_RID_CERT_ADMINS (0x00000205L)
241 #define DOMAIN_GROUP_RID_SCHEMA_ADMINS (0x00000206L)
242 #define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS (0x00000207L)
243 #define DOMAIN_GROUP_RID_POLICY_ADMINS (0x00000208L)
244 #define DOMAIN_GROUP_RID_READONLY_CONTROLLERS (0x00000209L)
245
246 /* Well-known aliases */
247
248 #define DOMAIN_ALIAS_RID_ADMINS (0x00000220L)
249 #define DOMAIN_ALIAS_RID_USERS (0x00000221L)
250 #define DOMAIN_ALIAS_RID_GUESTS (0x00000222L)
251 #define DOMAIN_ALIAS_RID_POWER_USERS (0x00000223L)
252
253 #define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L)
254 #define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x00000225L)
255 #define DOMAIN_ALIAS_RID_PRINT_OPS (0x00000226L)
256 #define DOMAIN_ALIAS_RID_BACKUP_OPS (0x00000227L)
257
258 #define DOMAIN_ALIAS_RID_REPLICATOR (0x00000228L)
259 #define DOMAIN_ALIAS_RID_RAS_SERVERS (0x00000229L)
260 #define DOMAIN_ALIAS_RID_PREW2KCOMPACCESS (0x0000022AL)
261 #define DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS (0x0000022BL)
262 #define DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS (0x0000022CL)
263 #define DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS (0x0000022DL)
264
265 #define DOMAIN_ALIAS_RID_MONITORING_USERS (0x0000022EL)
266 #define DOMAIN_ALIAS_RID_LOGGING_USERS (0x0000022FL)
267 #define DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS (0x00000230L)
268 #define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS (0x00000231L)
269 #define DOMAIN_ALIAS_RID_DCOM_USERS (0x00000232L)
270 #define DOMAIN_ALIAS_RID_IUSERS (0x00000238L)
271 #define DOMAIN_ALIAS_RID_CRYPTO_OPERATORS (0x00000239L)
272 #define DOMAIN_ALIAS_RID_CACHEABLE_PRINCIPALS_GROUP (0x0000023BL)
273 #define DOMAIN_ALIAS_RID_NON_CACHEABLE_PRINCIPALS_GROUP (0x0000023CL)
274 #define DOMAIN_ALIAS_RID_EVENT_LOG_READERS_GROUP (0x0000023DL)
275 #define DOMAIN_ALIAS_RID_CERTSVC_DCOM_ACCESS_GROUP (0x0000023EL)
276
277 #define SECURITY_MANDATORY_LABEL_AUTHORITY {0,0,0,0,0,16}
278 #define SECURITY_MANDATORY_UNTRUSTED_RID (0x00000000L)
279 #define SECURITY_MANDATORY_LOW_RID (0x00001000L)
280 #define SECURITY_MANDATORY_MEDIUM_RID (0x00002000L)
281 #define SECURITY_MANDATORY_HIGH_RID (0x00003000L)
282 #define SECURITY_MANDATORY_SYSTEM_RID (0x00004000L)
283 #define SECURITY_MANDATORY_PROTECTED_PROCESS_RID (0x00005000L)
284
285 /* SECURITY_MANDATORY_MAXIMUM_USER_RID is the highest RID that
286 can be set by a usermode caller.*/
287
288 #define SECURITY_MANDATORY_MAXIMUM_USER_RID SECURITY_MANDATORY_SYSTEM_RID
289
290 #define MANDATORY_LEVEL_TO_MANDATORY_RID(IL) (IL * 0x1000)
291
292 /* Allocate the System Luid. The first 1000 LUIDs are reserved.
293 Use #999 here (0x3e7 = 999) */
294
295 #define SYSTEM_LUID {0x3e7, 0x0}
296 #define ANONYMOUS_LOGON_LUID {0x3e6, 0x0}
297 #define LOCALSERVICE_LUID {0x3e5, 0x0}
298 #define NETWORKSERVICE_LUID {0x3e4, 0x0}
299 #define IUSER_LUID {0x3e3, 0x0}
300
301 typedef struct _ACE_HEADER {
302 UCHAR AceType;
303 UCHAR AceFlags;
304 USHORT AceSize;
305 } ACE_HEADER, *PACE_HEADER;
306
307 /* also in winnt.h */
308 #define ACCESS_MIN_MS_ACE_TYPE (0x0)
309 #define ACCESS_ALLOWED_ACE_TYPE (0x0)
310 #define ACCESS_DENIED_ACE_TYPE (0x1)
311 #define SYSTEM_AUDIT_ACE_TYPE (0x2)
312 #define SYSTEM_ALARM_ACE_TYPE (0x3)
313 #define ACCESS_MAX_MS_V2_ACE_TYPE (0x3)
314 #define ACCESS_ALLOWED_COMPOUND_ACE_TYPE (0x4)
315 #define ACCESS_MAX_MS_V3_ACE_TYPE (0x4)
316 #define ACCESS_MIN_MS_OBJECT_ACE_TYPE (0x5)
317 #define ACCESS_ALLOWED_OBJECT_ACE_TYPE (0x5)
318 #define ACCESS_DENIED_OBJECT_ACE_TYPE (0x6)
319 #define SYSTEM_AUDIT_OBJECT_ACE_TYPE (0x7)
320 #define SYSTEM_ALARM_OBJECT_ACE_TYPE (0x8)
321 #define ACCESS_MAX_MS_OBJECT_ACE_TYPE (0x8)
322 #define ACCESS_MAX_MS_V4_ACE_TYPE (0x8)
323 #define ACCESS_MAX_MS_ACE_TYPE (0x8)
324 #define ACCESS_ALLOWED_CALLBACK_ACE_TYPE (0x9)
325 #define ACCESS_DENIED_CALLBACK_ACE_TYPE (0xA)
326 #define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE (0xB)
327 #define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE (0xC)
328 #define SYSTEM_AUDIT_CALLBACK_ACE_TYPE (0xD)
329 #define SYSTEM_ALARM_CALLBACK_ACE_TYPE (0xE)
330 #define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE (0xF)
331 #define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE (0x10)
332 #define ACCESS_MAX_MS_V5_ACE_TYPE (0x11)
333 #define SYSTEM_MANDATORY_LABEL_ACE_TYPE (0x11)
334
335 /* The following are the inherit flags that go into the AceFlags field
336 of an Ace header. */
337
338 #define OBJECT_INHERIT_ACE (0x1)
339 #define CONTAINER_INHERIT_ACE (0x2)
340 #define NO_PROPAGATE_INHERIT_ACE (0x4)
341 #define INHERIT_ONLY_ACE (0x8)
342 #define INHERITED_ACE (0x10)
343 #define VALID_INHERIT_FLAGS (0x1F)
344
345 #define SUCCESSFUL_ACCESS_ACE_FLAG (0x40)
346 #define FAILED_ACCESS_ACE_FLAG (0x80)
347
348 typedef struct _ACCESS_ALLOWED_ACE {
349 ACE_HEADER Header;
350 ACCESS_MASK Mask;
351 ULONG SidStart;
352 } ACCESS_ALLOWED_ACE, *PACCESS_ALLOWED_ACE;
353
354 typedef struct _ACCESS_DENIED_ACE {
355 ACE_HEADER Header;
356 ACCESS_MASK Mask;
357 ULONG SidStart;
358 } ACCESS_DENIED_ACE, *PACCESS_DENIED_ACE;
359
360 typedef struct _SYSTEM_AUDIT_ACE {
361 ACE_HEADER Header;
362 ACCESS_MASK Mask;
363 ULONG SidStart;
364 } SYSTEM_AUDIT_ACE, *PSYSTEM_AUDIT_ACE;
365
366 typedef struct _SYSTEM_ALARM_ACE {
367 ACE_HEADER Header;
368 ACCESS_MASK Mask;
369 ULONG SidStart;
370 } SYSTEM_ALARM_ACE, *PSYSTEM_ALARM_ACE;
371
372 typedef struct _SYSTEM_MANDATORY_LABEL_ACE {
373 ACE_HEADER Header;
374 ACCESS_MASK Mask;
375 ULONG SidStart;
376 } SYSTEM_MANDATORY_LABEL_ACE, *PSYSTEM_MANDATORY_LABEL_ACE;
377
378 #define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP 0x1
379 #define SYSTEM_MANDATORY_LABEL_NO_READ_UP 0x2
380 #define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP 0x4
381 #define SYSTEM_MANDATORY_LABEL_VALID_MASK (SYSTEM_MANDATORY_LABEL_NO_WRITE_UP | \
382 SYSTEM_MANDATORY_LABEL_NO_READ_UP | \
383 SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP)
384
385 #define SECURITY_DESCRIPTOR_MIN_LENGTH (sizeof(SECURITY_DESCRIPTOR))
386
387 typedef USHORT SECURITY_DESCRIPTOR_CONTROL,*PSECURITY_DESCRIPTOR_CONTROL;
388
389 #define SE_OWNER_DEFAULTED 0x0001
390 #define SE_GROUP_DEFAULTED 0x0002
391 #define SE_DACL_PRESENT 0x0004
392 #define SE_DACL_DEFAULTED 0x0008
393 #define SE_SACL_PRESENT 0x0010
394 #define SE_SACL_DEFAULTED 0x0020
395 #define SE_DACL_UNTRUSTED 0x0040
396 #define SE_SERVER_SECURITY 0x0080
397 #define SE_DACL_AUTO_INHERIT_REQ 0x0100
398 #define SE_SACL_AUTO_INHERIT_REQ 0x0200
399 #define SE_DACL_AUTO_INHERITED 0x0400
400 #define SE_SACL_AUTO_INHERITED 0x0800
401 #define SE_DACL_PROTECTED 0x1000
402 #define SE_SACL_PROTECTED 0x2000
403 #define SE_RM_CONTROL_VALID 0x4000
404 #define SE_SELF_RELATIVE 0x8000
405
406 typedef struct _SECURITY_DESCRIPTOR_RELATIVE {
407 UCHAR Revision;
408 UCHAR Sbz1;
409 SECURITY_DESCRIPTOR_CONTROL Control;
410 ULONG Owner;
411 ULONG Group;
412 ULONG Sacl;
413 ULONG Dacl;
414 } SECURITY_DESCRIPTOR_RELATIVE, *PISECURITY_DESCRIPTOR_RELATIVE;
415
416 typedef struct _SECURITY_DESCRIPTOR {
417 UCHAR Revision;
418 UCHAR Sbz1;
419 SECURITY_DESCRIPTOR_CONTROL Control;
420 PSID Owner;
421 PSID Group;
422 PACL Sacl;
423 PACL Dacl;
424 } SECURITY_DESCRIPTOR, *PISECURITY_DESCRIPTOR;
425
426 typedef struct _OBJECT_TYPE_LIST {
427 USHORT Level;
428 USHORT Sbz;
429 GUID *ObjectType;
430 } OBJECT_TYPE_LIST, *POBJECT_TYPE_LIST;
431
432 #define ACCESS_OBJECT_GUID 0
433 #define ACCESS_PROPERTY_SET_GUID 1
434 #define ACCESS_PROPERTY_GUID 2
435 #define ACCESS_MAX_LEVEL 4
436
437 typedef enum _AUDIT_EVENT_TYPE {
438 AuditEventObjectAccess,
439 AuditEventDirectoryServiceAccess
440 } AUDIT_EVENT_TYPE, *PAUDIT_EVENT_TYPE;
441
442 #define AUDIT_ALLOW_NO_PRIVILEGE 0x1
443
444 #define ACCESS_DS_SOURCE_A "DS"
445 #define ACCESS_DS_SOURCE_W L"DS"
446 #define ACCESS_DS_OBJECT_TYPE_NAME_A "Directory Service Object"
447 #define ACCESS_DS_OBJECT_TYPE_NAME_W L"Directory Service Object"
448
449 #define ACCESS_REASON_TYPE_MASK 0xffff0000
450 #define ACCESS_REASON_DATA_MASK 0x0000ffff
451
452 typedef enum _ACCESS_REASON_TYPE {
453 AccessReasonNone = 0x00000000,
454 AccessReasonAllowedAce = 0x00010000,
455 AccessReasonDeniedAce = 0x00020000,
456 AccessReasonAllowedParentAce = 0x00030000,
457 AccessReasonDeniedParentAce = 0x00040000,
458 AccessReasonMissingPrivilege = 0x00100000,
459 AccessReasonFromPrivilege = 0x00200000,
460 AccessReasonIntegrityLevel = 0x00300000,
461 AccessReasonOwnership = 0x00400000,
462 AccessReasonNullDacl = 0x00500000,
463 AccessReasonEmptyDacl = 0x00600000,
464 AccessReasonNoSD = 0x00700000,
465 AccessReasonNoGrant = 0x00800000
466 } ACCESS_REASON_TYPE;
467
468 typedef ULONG ACCESS_REASON;
469
470 typedef struct _ACCESS_REASONS {
471 ACCESS_REASON Data[32];
472 } ACCESS_REASONS, *PACCESS_REASONS;
473
474 #define SE_SECURITY_DESCRIPTOR_FLAG_NO_OWNER_ACE 0x00000001
475 #define SE_SECURITY_DESCRIPTOR_FLAG_NO_LABEL_ACE 0x00000002
476 #define SE_SECURITY_DESCRIPTOR_VALID_FLAGS 0x00000003
477
478 typedef struct _SE_SECURITY_DESCRIPTOR {
479 ULONG Size;
480 ULONG Flags;
481 PSECURITY_DESCRIPTOR SecurityDescriptor;
482 } SE_SECURITY_DESCRIPTOR, *PSE_SECURITY_DESCRIPTOR;
483
484 typedef struct _SE_ACCESS_REQUEST {
485 ULONG Size;
486 PSE_SECURITY_DESCRIPTOR SeSecurityDescriptor;
487 ACCESS_MASK DesiredAccess;
488 ACCESS_MASK PreviouslyGrantedAccess;
489 PSID PrincipalSelfSid;
490 PGENERIC_MAPPING GenericMapping;
491 ULONG ObjectTypeListCount;
492 POBJECT_TYPE_LIST ObjectTypeList;
493 } SE_ACCESS_REQUEST, *PSE_ACCESS_REQUEST;
494
495 typedef struct _SE_ACCESS_REPLY {
496 ULONG Size;
497 ULONG ResultListCount;
498 PACCESS_MASK GrantedAccess;
499 PNTSTATUS AccessStatus;
500 PACCESS_REASONS AccessReason;
501 PPRIVILEGE_SET* Privileges;
502 } SE_ACCESS_REPLY, *PSE_ACCESS_REPLY;
503
504 typedef enum _SE_AUDIT_OPERATION {
505 AuditPrivilegeObject,
506 AuditPrivilegeService,
507 AuditAccessCheck,
508 AuditOpenObject,
509 AuditOpenObjectWithTransaction,
510 AuditCloseObject,
511 AuditDeleteObject,
512 AuditOpenObjectForDelete,
513 AuditOpenObjectForDeleteWithTransaction,
514 AuditCloseNonObject,
515 AuditOpenNonObject,
516 AuditObjectReference,
517 AuditHandleCreation,
518 } SE_AUDIT_OPERATION, *PSE_AUDIT_OPERATION;
519
520 typedef struct _SE_AUDIT_INFO {
521 ULONG Size;
522 AUDIT_EVENT_TYPE AuditType;
523 SE_AUDIT_OPERATION AuditOperation;
524 ULONG AuditFlags;
525 UNICODE_STRING SubsystemName;
526 UNICODE_STRING ObjectTypeName;
527 UNICODE_STRING ObjectName;
528 PVOID HandleId;
529 GUID* TransactionId;
530 LUID* OperationId;
531 BOOLEAN ObjectCreation;
532 BOOLEAN GenerateOnClose;
533 } SE_AUDIT_INFO, *PSE_AUDIT_INFO;
534
535 #define TOKEN_ASSIGN_PRIMARY (0x0001)
536 #define TOKEN_DUPLICATE (0x0002)
537 #define TOKEN_IMPERSONATE (0x0004)
538 #define TOKEN_QUERY (0x0008)
539 #define TOKEN_QUERY_SOURCE (0x0010)
540 #define TOKEN_ADJUST_PRIVILEGES (0x0020)
541 #define TOKEN_ADJUST_GROUPS (0x0040)
542 #define TOKEN_ADJUST_DEFAULT (0x0080)
543 #define TOKEN_ADJUST_SESSIONID (0x0100)
544
545 #define TOKEN_ALL_ACCESS_P (STANDARD_RIGHTS_REQUIRED |\
546 TOKEN_ASSIGN_PRIMARY |\
547 TOKEN_DUPLICATE |\
548 TOKEN_IMPERSONATE |\
549 TOKEN_QUERY |\
550 TOKEN_QUERY_SOURCE |\
551 TOKEN_ADJUST_PRIVILEGES |\
552 TOKEN_ADJUST_GROUPS |\
553 TOKEN_ADJUST_DEFAULT )
554
555 #if ((defined(_WIN32_WINNT) && (_WIN32_WINNT > 0x0400)) || (!defined(_WIN32_WINNT)))
556 #define TOKEN_ALL_ACCESS (TOKEN_ALL_ACCESS_P |\
557 TOKEN_ADJUST_SESSIONID )
558 #else
559 #define TOKEN_ALL_ACCESS (TOKEN_ALL_ACCESS_P)
560 #endif
561
562 #define TOKEN_READ (STANDARD_RIGHTS_READ |\
563 TOKEN_QUERY)
564
565 #define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\
566 TOKEN_ADJUST_PRIVILEGES |\
567 TOKEN_ADJUST_GROUPS |\
568 TOKEN_ADJUST_DEFAULT)
569
570 #define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE)
571
572 typedef enum _TOKEN_TYPE {
573 TokenPrimary = 1,
574 TokenImpersonation
575 } TOKEN_TYPE,*PTOKEN_TYPE;
576
577 typedef enum _TOKEN_INFORMATION_CLASS {
578 TokenUser = 1,
579 TokenGroups,
580 TokenPrivileges,
581 TokenOwner,
582 TokenPrimaryGroup,
583 TokenDefaultDacl,
584 TokenSource,
585 TokenType,
586 TokenImpersonationLevel,
587 TokenStatistics,
588 TokenRestrictedSids,
589 TokenSessionId,
590 TokenGroupsAndPrivileges,
591 TokenSessionReference,
592 TokenSandBoxInert,
593 TokenAuditPolicy,
594 TokenOrigin,
595 TokenElevationType,
596 TokenLinkedToken,
597 TokenElevation,
598 TokenHasRestrictions,
599 TokenAccessInformation,
600 TokenVirtualizationAllowed,
601 TokenVirtualizationEnabled,
602 TokenIntegrityLevel,
603 TokenUIAccess,
604 TokenMandatoryPolicy,
605 TokenLogonSid,
606 MaxTokenInfoClass
607 } TOKEN_INFORMATION_CLASS, *PTOKEN_INFORMATION_CLASS;
608
609 typedef struct _TOKEN_USER {
610 SID_AND_ATTRIBUTES User;
611 } TOKEN_USER, *PTOKEN_USER;
612
613 typedef struct _TOKEN_GROUPS {
614 ULONG GroupCount;
615 #ifdef MIDL_PASS
616 [size_is(GroupCount)] SID_AND_ATTRIBUTES Groups[*];
617 #else
618 SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
619 #endif
620 } TOKEN_GROUPS,*PTOKEN_GROUPS,*LPTOKEN_GROUPS;
621
622 typedef struct _TOKEN_PRIVILEGES {
623 ULONG PrivilegeCount;
624 LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
625 } TOKEN_PRIVILEGES,*PTOKEN_PRIVILEGES,*LPTOKEN_PRIVILEGES;
626
627 typedef struct _TOKEN_OWNER {
628 PSID Owner;
629 } TOKEN_OWNER,*PTOKEN_OWNER;
630
631 typedef struct _TOKEN_PRIMARY_GROUP {
632 PSID PrimaryGroup;
633 } TOKEN_PRIMARY_GROUP,*PTOKEN_PRIMARY_GROUP;
634
635 typedef struct _TOKEN_DEFAULT_DACL {
636 PACL DefaultDacl;
637 } TOKEN_DEFAULT_DACL,*PTOKEN_DEFAULT_DACL;
638
639 typedef struct _TOKEN_GROUPS_AND_PRIVILEGES {
640 ULONG SidCount;
641 ULONG SidLength;
642 PSID_AND_ATTRIBUTES Sids;
643 ULONG RestrictedSidCount;
644 ULONG RestrictedSidLength;
645 PSID_AND_ATTRIBUTES RestrictedSids;
646 ULONG PrivilegeCount;
647 ULONG PrivilegeLength;
648 PLUID_AND_ATTRIBUTES Privileges;
649 LUID AuthenticationId;
650 } TOKEN_GROUPS_AND_PRIVILEGES, *PTOKEN_GROUPS_AND_PRIVILEGES;
651
652 typedef struct _TOKEN_LINKED_TOKEN {
653 HANDLE LinkedToken;
654 } TOKEN_LINKED_TOKEN, *PTOKEN_LINKED_TOKEN;
655
656 typedef struct _TOKEN_ELEVATION {
657 ULONG TokenIsElevated;
658 } TOKEN_ELEVATION, *PTOKEN_ELEVATION;
659
660 typedef struct _TOKEN_MANDATORY_LABEL {
661 SID_AND_ATTRIBUTES Label;
662 } TOKEN_MANDATORY_LABEL, *PTOKEN_MANDATORY_LABEL;
663
664 #define TOKEN_MANDATORY_POLICY_OFF 0x0
665 #define TOKEN_MANDATORY_POLICY_NO_WRITE_UP 0x1
666 #define TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN 0x2
667
668 #define TOKEN_MANDATORY_POLICY_VALID_MASK (TOKEN_MANDATORY_POLICY_NO_WRITE_UP | \
669 TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN)
670
671 typedef struct _TOKEN_MANDATORY_POLICY {
672 ULONG Policy;
673 } TOKEN_MANDATORY_POLICY, *PTOKEN_MANDATORY_POLICY;
674
675 typedef struct _TOKEN_ACCESS_INFORMATION {
676 PSID_AND_ATTRIBUTES_HASH SidHash;
677 PSID_AND_ATTRIBUTES_HASH RestrictedSidHash;
678 PTOKEN_PRIVILEGES Privileges;
679 LUID AuthenticationId;
680 TOKEN_TYPE TokenType;
681 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
682 TOKEN_MANDATORY_POLICY MandatoryPolicy;
683 ULONG Flags;
684 } TOKEN_ACCESS_INFORMATION, *PTOKEN_ACCESS_INFORMATION;
685
686 #define POLICY_AUDIT_SUBCATEGORY_COUNT (53)
687
688 typedef struct _TOKEN_AUDIT_POLICY {
689 UCHAR PerUserPolicy[((POLICY_AUDIT_SUBCATEGORY_COUNT) >> 1) + 1];
690 } TOKEN_AUDIT_POLICY, *PTOKEN_AUDIT_POLICY;
691
692 #define TOKEN_SOURCE_LENGTH 8
693
694 typedef struct _TOKEN_SOURCE {
695 CHAR SourceName[TOKEN_SOURCE_LENGTH];
696 LUID SourceIdentifier;
697 } TOKEN_SOURCE,*PTOKEN_SOURCE;
698
699 typedef struct _TOKEN_STATISTICS {
700 LUID TokenId;
701 LUID AuthenticationId;
702 LARGE_INTEGER ExpirationTime;
703 TOKEN_TYPE TokenType;
704 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
705 ULONG DynamicCharged;
706 ULONG DynamicAvailable;
707 ULONG GroupCount;
708 ULONG PrivilegeCount;
709 LUID ModifiedId;
710 } TOKEN_STATISTICS, *PTOKEN_STATISTICS;
711
712 typedef struct _TOKEN_CONTROL {
713 LUID TokenId;
714 LUID AuthenticationId;
715 LUID ModifiedId;
716 TOKEN_SOURCE TokenSource;
717 } TOKEN_CONTROL,*PTOKEN_CONTROL;
718
719 typedef struct _TOKEN_ORIGIN {
720 LUID OriginatingLogonSession;
721 } TOKEN_ORIGIN, *PTOKEN_ORIGIN;
722
723 typedef enum _MANDATORY_LEVEL {
724 MandatoryLevelUntrusted = 0,
725 MandatoryLevelLow,
726 MandatoryLevelMedium,
727 MandatoryLevelHigh,
728 MandatoryLevelSystem,
729 MandatoryLevelSecureProcess,
730 MandatoryLevelCount
731 } MANDATORY_LEVEL, *PMANDATORY_LEVEL;
732
733 #define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x0001
734 #define TOKEN_HAS_BACKUP_PRIVILEGE 0x0002
735 #define TOKEN_HAS_RESTORE_PRIVILEGE 0x0004
736 #define TOKEN_WRITE_RESTRICTED 0x0008
737 #define TOKEN_IS_RESTRICTED 0x0010
738 #define TOKEN_SESSION_NOT_REFERENCED 0x0020
739 #define TOKEN_SANDBOX_INERT 0x0040
740 #define TOKEN_HAS_IMPERSONATE_PRIVILEGE 0x0080
741 #define SE_BACKUP_PRIVILEGES_CHECKED 0x0100
742 #define TOKEN_VIRTUALIZE_ALLOWED 0x0200
743 #define TOKEN_VIRTUALIZE_ENABLED 0x0400
744 #define TOKEN_IS_FILTERED 0x0800
745 #define TOKEN_UIACCESS 0x1000
746 #define TOKEN_NOT_LOW 0x2000
747
748 typedef struct _SE_EXPORTS {
749 LUID SeCreateTokenPrivilege;
750 LUID SeAssignPrimaryTokenPrivilege;
751 LUID SeLockMemoryPrivilege;
752 LUID SeIncreaseQuotaPrivilege;
753 LUID SeUnsolicitedInputPrivilege;
754 LUID SeTcbPrivilege;
755 LUID SeSecurityPrivilege;
756 LUID SeTakeOwnershipPrivilege;
757 LUID SeLoadDriverPrivilege;
758 LUID SeCreatePagefilePrivilege;
759 LUID SeIncreaseBasePriorityPrivilege;
760 LUID SeSystemProfilePrivilege;
761 LUID SeSystemtimePrivilege;
762 LUID SeProfileSingleProcessPrivilege;
763 LUID SeCreatePermanentPrivilege;
764 LUID SeBackupPrivilege;
765 LUID SeRestorePrivilege;
766 LUID SeShutdownPrivilege;
767 LUID SeDebugPrivilege;
768 LUID SeAuditPrivilege;
769 LUID SeSystemEnvironmentPrivilege;
770 LUID SeChangeNotifyPrivilege;
771 LUID SeRemoteShutdownPrivilege;
772 PSID SeNullSid;
773 PSID SeWorldSid;
774 PSID SeLocalSid;
775 PSID SeCreatorOwnerSid;
776 PSID SeCreatorGroupSid;
777 PSID SeNtAuthoritySid;
778 PSID SeDialupSid;
779 PSID SeNetworkSid;
780 PSID SeBatchSid;
781 PSID SeInteractiveSid;
782 PSID SeLocalSystemSid;
783 PSID SeAliasAdminsSid;
784 PSID SeAliasUsersSid;
785 PSID SeAliasGuestsSid;
786 PSID SeAliasPowerUsersSid;
787 PSID SeAliasAccountOpsSid;
788 PSID SeAliasSystemOpsSid;
789 PSID SeAliasPrintOpsSid;
790 PSID SeAliasBackupOpsSid;
791 PSID SeAuthenticatedUsersSid;
792 PSID SeRestrictedSid;
793 PSID SeAnonymousLogonSid;
794 LUID SeUndockPrivilege;
795 LUID SeSyncAgentPrivilege;
796 LUID SeEnableDelegationPrivilege;
797 PSID SeLocalServiceSid;
798 PSID SeNetworkServiceSid;
799 LUID SeManageVolumePrivilege;
800 LUID SeImpersonatePrivilege;
801 LUID SeCreateGlobalPrivilege;
802 LUID SeTrustedCredManAccessPrivilege;
803 LUID SeRelabelPrivilege;
804 LUID SeIncreaseWorkingSetPrivilege;
805 LUID SeTimeZonePrivilege;
806 LUID SeCreateSymbolicLinkPrivilege;
807 PSID SeIUserSid;
808 PSID SeUntrustedMandatorySid;
809 PSID SeLowMandatorySid;
810 PSID SeMediumMandatorySid;
811 PSID SeHighMandatorySid;
812 PSID SeSystemMandatorySid;
813 PSID SeOwnerRightsSid;
814 } SE_EXPORTS, *PSE_EXPORTS;
815
816 typedef NTSTATUS
817 (NTAPI *PSE_LOGON_SESSION_TERMINATED_ROUTINE)(
818 IN PLUID LogonId);
819
820 typedef struct _SECURITY_CLIENT_CONTEXT {
821 SECURITY_QUALITY_OF_SERVICE SecurityQos;
822 PACCESS_TOKEN ClientToken;
823 BOOLEAN DirectlyAccessClientToken;
824 BOOLEAN DirectAccessEffectiveOnly;
825 BOOLEAN ServerIsRemote;
826 TOKEN_CONTROL ClientTokenControl;
827 } SECURITY_CLIENT_CONTEXT, *PSECURITY_CLIENT_CONTEXT;
828
829 /******************************************************************************
830 * Object Manager Types *
831 ******************************************************************************/
832
833 typedef enum _OBJECT_INFORMATION_CLASS {
834 ObjectBasicInformation = 0,
835 ObjectTypeInformation = 2,
836 /* Not for public use */
837 ObjectNameInformation = 1,
838 ObjectTypesInformation = 3,
839 ObjectHandleFlagInformation = 4,
840 ObjectSessionInformation = 5,
841 MaxObjectInfoClass
842 } OBJECT_INFORMATION_CLASS;
843
844
845 /******************************************************************************
846 * Runtime Library Types *
847 ******************************************************************************/
848
849
850 #define RTL_SYSTEM_VOLUME_INFORMATION_FOLDER L"System Volume Information"
851
852 _Function_class_(RTL_ALLOCATE_STRING_ROUTINE)
853 _IRQL_requires_max_(PASSIVE_LEVEL)
854 __drv_allocatesMem(Mem)
855 typedef PVOID
856 (NTAPI *PRTL_ALLOCATE_STRING_ROUTINE)(
857 _In_ SIZE_T NumberOfBytes);
858
859 #if _WIN32_WINNT >= 0x0600
860 _Function_class_(RTL_REALLOCATE_STRING_ROUTINE)
861 _IRQL_requires_max_(PASSIVE_LEVEL)
862 __drv_allocatesMem(Mem)
863 typedef PVOID
864 (NTAPI *PRTL_REALLOCATE_STRING_ROUTINE)(
865 _In_ SIZE_T NumberOfBytes,
866 IN PVOID Buffer);
867 #endif
868
869 typedef VOID
870 (NTAPI *PRTL_FREE_STRING_ROUTINE)(
871 _In_ __drv_freesMem(Mem) _Post_invalid_ PVOID Buffer);
872
873 extern NTKERNELAPI const PRTL_ALLOCATE_STRING_ROUTINE RtlAllocateStringRoutine;
874 extern NTKERNELAPI const PRTL_FREE_STRING_ROUTINE RtlFreeStringRoutine;
875
876 #if _WIN32_WINNT >= 0x0600
877 extern NTKERNELAPI const PRTL_REALLOCATE_STRING_ROUTINE RtlReallocateStringRoutine;
878 #endif
879
880 _Function_class_(RTL_HEAP_COMMIT_ROUTINE)
881 _IRQL_requires_same_
882 typedef NTSTATUS
883 (NTAPI *PRTL_HEAP_COMMIT_ROUTINE) (
884 _In_ PVOID Base,
885 _Inout_ PVOID *CommitAddress,
886 _Inout_ PSIZE_T CommitSize);
887
888 typedef struct _RTL_HEAP_PARAMETERS {
889 ULONG Length;
890 SIZE_T SegmentReserve;
891 SIZE_T SegmentCommit;
892 SIZE_T DeCommitFreeBlockThreshold;
893 SIZE_T DeCommitTotalFreeThreshold;
894 SIZE_T MaximumAllocationSize;
895 SIZE_T VirtualMemoryThreshold;
896 SIZE_T InitialCommit;
897 SIZE_T InitialReserve;
898 PRTL_HEAP_COMMIT_ROUTINE CommitRoutine;
899 SIZE_T Reserved[2];
900 } RTL_HEAP_PARAMETERS, *PRTL_HEAP_PARAMETERS;
901
902 #if (NTDDI_VERSION >= NTDDI_WIN2K)
903
904 typedef struct _GENERATE_NAME_CONTEXT {
905 USHORT Checksum;
906 BOOLEAN CheckSumInserted;
907 _Field_range_(<=, 8) UCHAR NameLength;
908 WCHAR NameBuffer[8];
909 _Field_range_(<=, 4) ULONG ExtensionLength;
910 WCHAR ExtensionBuffer[4];
911 ULONG LastIndexValue;
912 } GENERATE_NAME_CONTEXT, *PGENERATE_NAME_CONTEXT;
913
914 typedef struct _PREFIX_TABLE_ENTRY {
915 CSHORT NodeTypeCode;
916 CSHORT NameLength;
917 struct _PREFIX_TABLE_ENTRY *NextPrefixTree;
918 RTL_SPLAY_LINKS Links;
919 PSTRING Prefix;
920 } PREFIX_TABLE_ENTRY, *PPREFIX_TABLE_ENTRY;
921
922 typedef struct _PREFIX_TABLE {
923 CSHORT NodeTypeCode;
924 CSHORT NameLength;
925 PPREFIX_TABLE_ENTRY NextPrefixTree;
926 } PREFIX_TABLE, *PPREFIX_TABLE;
927
928 typedef struct _UNICODE_PREFIX_TABLE_ENTRY {
929 CSHORT NodeTypeCode;
930 CSHORT NameLength;
931 struct _UNICODE_PREFIX_TABLE_ENTRY *NextPrefixTree;
932 struct _UNICODE_PREFIX_TABLE_ENTRY *CaseMatch;
933 RTL_SPLAY_LINKS Links;
934 PUNICODE_STRING Prefix;
935 } UNICODE_PREFIX_TABLE_ENTRY, *PUNICODE_PREFIX_TABLE_ENTRY;
936
937 typedef struct _UNICODE_PREFIX_TABLE {
938 CSHORT NodeTypeCode;
939 CSHORT NameLength;
940 PUNICODE_PREFIX_TABLE_ENTRY NextPrefixTree;
941 PUNICODE_PREFIX_TABLE_ENTRY LastNextEntry;
942 } UNICODE_PREFIX_TABLE, *PUNICODE_PREFIX_TABLE;
943
944 #endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */
945
946 #if (NTDDI_VERSION >= NTDDI_WINXP)
947 typedef struct _COMPRESSED_DATA_INFO {
948 USHORT CompressionFormatAndEngine;
949 UCHAR CompressionUnitShift;
950 UCHAR ChunkShift;
951 UCHAR ClusterShift;
952 UCHAR Reserved;
953 USHORT NumberOfChunks;
954 ULONG CompressedChunkSizes[ANYSIZE_ARRAY];
955 } COMPRESSED_DATA_INFO, *PCOMPRESSED_DATA_INFO;
956 #endif
957 /******************************************************************************
958 * Runtime Library Functions *
959 ******************************************************************************/
960
961
962 #if (NTDDI_VERSION >= NTDDI_WIN2K)
963
964
965 _Must_inspect_result_
966 _Ret_maybenull_
967 _Post_writable_byte_size_(Size)
968 NTSYSAPI
969 PVOID
970 NTAPI
971 RtlAllocateHeap(
972 _In_ HANDLE HeapHandle,
973 _In_opt_ ULONG Flags,
974 _In_ SIZE_T Size);
975
976 _Success_(return != 0)
977 NTSYSAPI
978 BOOLEAN
979 NTAPI
980 RtlFreeHeap(
981 _In_ PVOID HeapHandle,
982 _In_opt_ ULONG Flags,
983 _In_ _Post_invalid_ PVOID BaseAddress);
984
985 NTSYSAPI
986 VOID
987 NTAPI
988 RtlCaptureContext(
989 _Out_ PCONTEXT ContextRecord);
990
991 _Ret_range_(<, MAXLONG)
992 NTSYSAPI
993 ULONG
994 NTAPI
995 RtlRandom(
996 _Inout_ PULONG Seed);
997
998 _IRQL_requires_max_(APC_LEVEL)
999 _Success_(return != 0)
1000 _Must_inspect_result_
1001 NTSYSAPI
1002 BOOLEAN
1003 NTAPI
1004 RtlCreateUnicodeString(
1005 _Out_ _At_(DestinationString->Buffer, __drv_allocatesMem(Mem))
1006 PUNICODE_STRING DestinationString,
1007 _In_z_ PCWSTR SourceString);
1008
1009 _IRQL_requires_max_(PASSIVE_LEVEL)
1010 _Must_inspect_result_
1011 NTSYSAPI
1012 BOOLEAN
1013 NTAPI
1014 RtlPrefixString(
1015 _In_ const STRING *String1,
1016 _In_ const STRING *String2,
1017 _In_ BOOLEAN CaseInsensitive);
1018
1019 _IRQL_requires_max_(APC_LEVEL)
1020 NTSYSAPI
1021 NTSTATUS
1022 NTAPI
1023 RtlAppendStringToString(
1024 _Inout_ PSTRING Destination,
1025 _In_ const STRING *Source);
1026
1027 _IRQL_requires_max_(PASSIVE_LEVEL)
1028 _Must_inspect_result_
1029 NTSYSAPI
1030 NTSTATUS
1031 NTAPI
1032 RtlOemStringToUnicodeString(
1033 _When_(AllocateDestinationString, _Out_ _At_(DestinationString->Buffer, __drv_allocatesMem(Mem)))
1034 _When_(!AllocateDestinationString, _Inout_)
1035 PUNICODE_STRING DestinationString,
1036 _In_ PCOEM_STRING SourceString,
1037 _In_ BOOLEAN AllocateDestinationString);
1038
1039 _IRQL_requires_max_(PASSIVE_LEVEL)
1040 _Must_inspect_result_
1041 NTSYSAPI
1042 NTSTATUS
1043 NTAPI
1044 RtlUnicodeStringToOemString(
1045 _When_(AllocateDestinationString, _Out_ _At_(DestinationString->Buffer, __drv_allocatesMem(Mem)))
1046 _When_(!AllocateDestinationString, _Inout_)
1047 POEM_STRING DestinationString,
1048 _In_ PCUNICODE_STRING SourceString,
1049 _In_ BOOLEAN AllocateDestinationString);
1050
1051 _IRQL_requires_max_(PASSIVE_LEVEL)
1052 _Must_inspect_result_
1053 NTSYSAPI
1054 NTSTATUS
1055 NTAPI
1056 RtlUpcaseUnicodeStringToOemString(
1057 _When_(AllocateDestinationString, _Out_ _At_(DestinationString->Buffer, __drv_allocatesMem(Mem)))
1058 _When_(!AllocateDestinationString, _Inout_)
1059 POEM_STRING DestinationString,
1060 _In_ PCUNICODE_STRING SourceString,
1061 _In_ BOOLEAN AllocateDestinationString);
1062
1063 _IRQL_requires_max_(PASSIVE_LEVEL)
1064 _Must_inspect_result_
1065 NTSYSAPI
1066 NTSTATUS
1067 NTAPI
1068 RtlOemStringToCountedUnicodeString(
1069 _When_(AllocateDestinationString, _Out_ _At_(DestinationString->Buffer, __drv_allocatesMem(Mem)))
1070 _When_(!AllocateDestinationString, _Inout_)
1071 PUNICODE_STRING DestinationString,
1072 _In_ PCOEM_STRING SourceString,
1073 _In_ BOOLEAN AllocateDestinationString);
1074
1075 _IRQL_requires_max_(PASSIVE_LEVEL)
1076 _Must_inspect_result_
1077 NTSYSAPI
1078 NTSTATUS
1079 NTAPI
1080 RtlUnicodeStringToCountedOemString(
1081 _When_(AllocateDestinationString, _Out_ _At_(DestinationString->Buffer, __drv_allocatesMem(Mem)))
1082 _When_(!AllocateDestinationString, _Inout_)
1083 POEM_STRING DestinationString,
1084 _In_ PCUNICODE_STRING SourceString,
1085 _In_ BOOLEAN AllocateDestinationString);
1086
1087 _IRQL_requires_max_(PASSIVE_LEVEL)
1088 _Must_inspect_result_
1089 NTSYSAPI
1090 NTSTATUS
1091 NTAPI
1092 RtlUpcaseUnicodeStringToCountedOemString(
1093 _When_(AllocateDestinationString, _Out_ _At_(DestinationString->Buffer, __drv_allocatesMem(Mem)))
1094 _When_(!AllocateDestinationString, _Inout_)
1095 POEM_STRING DestinationString,
1096 _In_ PCUNICODE_STRING SourceString,
1097 _In_ BOOLEAN AllocateDestinationString);
1098
1099 _IRQL_requires_max_(PASSIVE_LEVEL)
1100 _When_(AllocateDestinationString, _Must_inspect_result_)
1101 NTSYSAPI
1102 NTSTATUS
1103 NTAPI
1104 RtlDowncaseUnicodeString(
1105 _When_(AllocateDestinationString, _Out_ _At_(UniDest->Buffer, __drv_allocatesMem(Mem)))
1106 _When_(!AllocateDestinationString, _Inout_)
1107 PUNICODE_STRING UniDest,
1108 _In_ PCUNICODE_STRING UniSource,
1109 _In_ BOOLEAN AllocateDestinationString);
1110
1111 _IRQL_requires_max_(PASSIVE_LEVEL)
1112 NTSYSAPI
1113 VOID
1114 NTAPI
1115 RtlFreeOemString(
1116 _Inout_ _At_(OemString->Buffer, __drv_freesMem(Mem)) POEM_STRING OemString);
1117
1118 _IRQL_requires_max_(PASSIVE_LEVEL)
1119 NTSYSAPI
1120 ULONG
1121 NTAPI
1122 RtlxUnicodeStringToOemSize(
1123 _In_ PCUNICODE_STRING UnicodeString);
1124
1125 _IRQL_requires_max_(PASSIVE_LEVEL)
1126 NTSYSAPI
1127 ULONG
1128 NTAPI
1129 RtlxOemStringToUnicodeSize(
1130 _In_ PCOEM_STRING OemString);
1131
1132 _IRQL_requires_max_(PASSIVE_LEVEL)
1133 NTSYSAPI
1134 NTSTATUS
1135 NTAPI
1136 RtlMultiByteToUnicodeN(
1137 _Out_writes_bytes_to_(MaxBytesInUnicodeString, *BytesInUnicodeString) PWCH UnicodeString,
1138 _In_ ULONG MaxBytesInUnicodeString,
1139 _Out_opt_ PULONG BytesInUnicodeString,
1140 _In_reads_bytes_(BytesInMultiByteString) const CHAR *MultiByteString,
1141 _In_ ULONG BytesInMultiByteString);
1142
1143 _IRQL_requires_max_(PASSIVE_LEVEL)
1144 NTSYSAPI
1145 NTSTATUS
1146 NTAPI
1147 RtlMultiByteToUnicodeSize(
1148 _Out_ PULONG BytesInUnicodeString,
1149 _In_reads_bytes_(BytesInMultiByteString) const CHAR *MultiByteString,
1150 _In_ ULONG BytesInMultiByteString);
1151
1152 _IRQL_requires_max_(PASSIVE_LEVEL)
1153 NTSYSAPI
1154 NTSTATUS
1155 NTAPI
1156 RtlUnicodeToMultiByteSize(
1157 _Out_ PULONG BytesInMultiByteString,
1158 _In_reads_bytes_(BytesInUnicodeString) PCWCH UnicodeString,
1159 _In_ ULONG BytesInUnicodeString);
1160
1161 _IRQL_requires_max_(PASSIVE_LEVEL)
1162 NTSYSAPI
1163 NTSTATUS
1164 NTAPI
1165 RtlUnicodeToMultiByteN(
1166 _Out_writes_bytes_to_(MaxBytesInMultiByteString, *BytesInMultiByteString) PCHAR MultiByteString,
1167 _In_ ULONG MaxBytesInMultiByteString,
1168 _Out_opt_ PULONG BytesInMultiByteString,
1169 _In_reads_bytes_(BytesInUnicodeString) PCWCH UnicodeString,
1170 _In_ ULONG BytesInUnicodeString);
1171
1172 _IRQL_requires_max_(PASSIVE_LEVEL)
1173 NTSYSAPI
1174 NTSTATUS
1175 NTAPI
1176 RtlUpcaseUnicodeToMultiByteN(
1177 _Out_writes_bytes_to_(MaxBytesInMultiByteString, *BytesInMultiByteString) PCHAR MultiByteString,
1178 _In_ ULONG MaxBytesInMultiByteString,
1179 _Out_opt_ PULONG BytesInMultiByteString,
1180 _In_reads_bytes_(BytesInUnicodeString) PCWCH UnicodeString,
1181 _In_ ULONG BytesInUnicodeString);
1182
1183 _IRQL_requires_max_(PASSIVE_LEVEL)
1184 NTSYSAPI
1185 NTSTATUS
1186 NTAPI
1187 RtlOemToUnicodeN(
1188 _Out_writes_bytes_to_(MaxBytesInUnicodeString, *BytesInUnicodeString) PWSTR UnicodeString,
1189 _In_ ULONG MaxBytesInUnicodeString,
1190 _Out_opt_ PULONG BytesInUnicodeString,
1191 _In_reads_bytes_(BytesInOemString) PCCH OemString,
1192 _In_ ULONG BytesInOemString);
1193
1194 _IRQL_requires_max_(PASSIVE_LEVEL)
1195 NTSYSAPI
1196 NTSTATUS
1197 NTAPI
1198 RtlUnicodeToOemN(
1199 _Out_writes_bytes_to_(MaxBytesInOemString, *BytesInOemString) PCHAR OemString,
1200 _In_ ULONG MaxBytesInOemString,
1201 _Out_opt_ PULONG BytesInOemString,
1202 _In_reads_bytes_(BytesInUnicodeString) PCWCH UnicodeString,
1203 _In_ ULONG BytesInUnicodeString);
1204
1205 _IRQL_requires_max_(PASSIVE_LEVEL)
1206 NTSYSAPI
1207 NTSTATUS
1208 NTAPI
1209 RtlUpcaseUnicodeToOemN(
1210 _Out_writes_bytes_to_(MaxBytesInOemString, *BytesInOemString) PCHAR OemString,
1211 _In_ ULONG MaxBytesInOemString,
1212 _Out_opt_ PULONG BytesInOemString,
1213 _In_reads_bytes_(BytesInUnicodeString) PCWCH UnicodeString,
1214 _In_ ULONG BytesInUnicodeString);
1215
1216 #if (NTDDI_VERSION >= NTDDI_VISTASP1)
1217 _IRQL_requires_max_(PASSIVE_LEVEL)
1218 NTSYSAPI
1219 NTSTATUS
1220 NTAPI
1221 RtlGenerate8dot3Name(
1222 _In_ PCUNICODE_STRING Name,
1223 _In_ BOOLEAN AllowExtendedCharacters,
1224 _Inout_ PGENERATE_NAME_CONTEXT Context,
1225 _Inout_ PUNICODE_STRING Name8dot3);
1226 #else
1227 _IRQL_requires_max_(PASSIVE_LEVEL)
1228 NTSYSAPI
1229 VOID
1230 NTAPI
1231 RtlGenerate8dot3Name(
1232 _In_ PCUNICODE_STRING Name,
1233 _In_ BOOLEAN AllowExtendedCharacters,
1234 _Inout_ PGENERATE_NAME_CONTEXT Context,
1235 _Inout_ PUNICODE_STRING Name8dot3);
1236 #endif
1237
1238 _IRQL_requires_max_(PASSIVE_LEVEL)
1239 _Must_inspect_result_
1240 NTSYSAPI
1241 BOOLEAN
1242 NTAPI
1243 RtlIsNameLegalDOS8Dot3(
1244 _In_ PCUNICODE_STRING Name,
1245 _Inout_opt_ POEM_STRING OemName,
1246 _Out_opt_ PBOOLEAN NameContainsSpaces);
1247
1248 _IRQL_requires_max_(PASSIVE_LEVEL)
1249 _Must_inspect_result_
1250 NTSYSAPI
1251 BOOLEAN
1252 NTAPI
1253 RtlIsValidOemCharacter(
1254 _Inout_ PWCHAR Char);
1255
1256 _IRQL_requires_max_(PASSIVE_LEVEL)
1257 NTSYSAPI
1258 VOID
1259 NTAPI
1260 PfxInitialize(
1261 _Out_ PPREFIX_TABLE PrefixTable);
1262
1263 _IRQL_requires_max_(PASSIVE_LEVEL)
1264 NTSYSAPI
1265 BOOLEAN
1266 NTAPI
1267 PfxInsertPrefix(
1268 _In_ PPREFIX_TABLE PrefixTable,
1269 _In_ __drv_aliasesMem PSTRING Prefix,
1270 _Out_ PPREFIX_TABLE_ENTRY PrefixTableEntry);
1271
1272 _IRQL_requires_max_(PASSIVE_LEVEL)
1273 NTSYSAPI
1274 VOID
1275 NTAPI
1276 PfxRemovePrefix(
1277 _In_ PPREFIX_TABLE PrefixTable,
1278 _In_ PPREFIX_TABLE_ENTRY PrefixTableEntry);
1279
1280 _IRQL_requires_max_(PASSIVE_LEVEL)
1281 _Must_inspect_result_
1282 NTSYSAPI
1283 PPREFIX_TABLE_ENTRY
1284 NTAPI
1285 PfxFindPrefix(
1286 _In_ PPREFIX_TABLE PrefixTable,
1287 _In_ PSTRING FullName);
1288
1289 _IRQL_requires_max_(PASSIVE_LEVEL)
1290 NTSYSAPI
1291 VOID
1292 NTAPI
1293 RtlInitializeUnicodePrefix(
1294 _Out_ PUNICODE_PREFIX_TABLE PrefixTable);
1295
1296 _IRQL_requires_max_(PASSIVE_LEVEL)
1297 NTSYSAPI
1298 BOOLEAN
1299 NTAPI
1300 RtlInsertUnicodePrefix(
1301 _In_ PUNICODE_PREFIX_TABLE PrefixTable,
1302 _In_ __drv_aliasesMem PUNICODE_STRING Prefix,
1303 _Out_ PUNICODE_PREFIX_TABLE_ENTRY PrefixTableEntry);
1304
1305 _IRQL_requires_max_(PASSIVE_LEVEL)
1306 NTSYSAPI
1307 VOID
1308 NTAPI
1309 RtlRemoveUnicodePrefix(
1310 _In_ PUNICODE_PREFIX_TABLE PrefixTable,
1311 _In_ PUNICODE_PREFIX_TABLE_ENTRY PrefixTableEntry);
1312
1313 _IRQL_requires_max_(PASSIVE_LEVEL)
1314 _Must_inspect_result_
1315 NTSYSAPI
1316 PUNICODE_PREFIX_TABLE_ENTRY
1317 NTAPI
1318 RtlFindUnicodePrefix(
1319 _In_ PUNICODE_PREFIX_TABLE PrefixTable,
1320 _In_ PUNICODE_STRING FullName,
1321 _In_ ULONG CaseInsensitiveIndex);
1322
1323 _IRQL_requires_max_(PASSIVE_LEVEL)
1324 _Must_inspect_result_
1325 NTSYSAPI
1326 PUNICODE_PREFIX_TABLE_ENTRY
1327 NTAPI
1328 RtlNextUnicodePrefix(
1329 _In_ PUNICODE_PREFIX_TABLE PrefixTable,
1330 _In_ BOOLEAN Restart);
1331
1332 _Must_inspect_result_
1333 NTSYSAPI
1334 SIZE_T
1335 NTAPI
1336 RtlCompareMemoryUlong(
1337 _In_reads_bytes_(Length) PVOID Source,
1338 _In_ SIZE_T Length,
1339 _In_ ULONG Pattern);
1340
1341 _Success_(return != 0)
1342 NTSYSAPI
1343 BOOLEAN
1344 NTAPI
1345 RtlTimeToSecondsSince1980(
1346 _In_ PLARGE_INTEGER Time,
1347 _Out_ PULONG ElapsedSeconds);
1348
1349 NTSYSAPI
1350 VOID
1351 NTAPI
1352 RtlSecondsSince1980ToTime(
1353 _In_ ULONG ElapsedSeconds,
1354 _Out_ PLARGE_INTEGER Time);
1355
1356 _Success_(return != 0)
1357 _Must_inspect_result_
1358 NTSYSAPI
1359 BOOLEAN
1360 NTAPI
1361 RtlTimeToSecondsSince1970(
1362 _In_ PLARGE_INTEGER Time,
1363 _Out_ PULONG ElapsedSeconds);
1364
1365 NTSYSAPI
1366 VOID
1367 NTAPI
1368 RtlSecondsSince1970ToTime(
1369 _In_ ULONG ElapsedSeconds,
1370 _Out_ PLARGE_INTEGER Time);
1371
1372 _IRQL_requires_max_(APC_LEVEL)
1373 _Must_inspect_result_
1374 NTSYSAPI
1375 BOOLEAN
1376 NTAPI
1377 RtlValidSid(
1378 _In_ PSID Sid);
1379
1380 _Must_inspect_result_
1381 NTSYSAPI
1382 BOOLEAN
1383 NTAPI
1384 RtlEqualSid(
1385 _In_ PSID Sid1,
1386 _In_ PSID Sid2);
1387
1388 _IRQL_requires_max_(APC_LEVEL)
1389 _Must_inspect_result_
1390 NTSYSAPI
1391 BOOLEAN
1392 NTAPI
1393 RtlEqualPrefixSid(
1394 _In_ PSID Sid1,
1395 _In_ PSID Sid2);
1396
1397 _IRQL_requires_max_(APC_LEVEL)
1398 NTSYSAPI
1399 ULONG
1400 NTAPI
1401 RtlLengthRequiredSid(
1402 _In_ ULONG SubAuthorityCount);
1403
1404 NTSYSAPI
1405 PVOID
1406 NTAPI
1407 RtlFreeSid(
1408 _In_ _Post_invalid_ PSID Sid);
1409
1410 _Must_inspect_result_
1411 NTSYSAPI
1412 NTSTATUS
1413 NTAPI
1414 RtlAllocateAndInitializeSid(
1415 _In_ PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
1416 _In_ UCHAR SubAuthorityCount,
1417 _In_ ULONG SubAuthority0,
1418 _In_ ULONG SubAuthority1,
1419 _In_ ULONG SubAuthority2,
1420 _In_ ULONG SubAuthority3,
1421 _In_ ULONG SubAuthority4,
1422 _In_ ULONG SubAuthority5,
1423 _In_ ULONG SubAuthority6,
1424 _In_ ULONG SubAuthority7,
1425 _Outptr_ PSID *Sid);
1426
1427 _IRQL_requires_max_(APC_LEVEL)
1428 NTSYSAPI
1429 NTSTATUS
1430 NTAPI
1431 RtlInitializeSid(
1432 _Out_ PSID Sid,
1433 _In_ PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
1434 _In_ UCHAR SubAuthorityCount);
1435
1436 NTSYSAPI
1437 PULONG
1438 NTAPI
1439 RtlSubAuthoritySid(
1440 _In_ PSID Sid,
1441 _In_ ULONG SubAuthority);
1442
1443 _Post_satisfies_(return >= 8 && return <= SECURITY_MAX_SID_SIZE)
1444 NTSYSAPI
1445 ULONG
1446 NTAPI
1447 RtlLengthSid(
1448 _In_ PSID Sid);
1449
1450 _IRQL_requires_max_(APC_LEVEL)
1451 NTSYSAPI
1452 NTSTATUS
1453 NTAPI
1454 RtlCopySid(
1455 _In_ ULONG DestinationSidLength,
1456 _Out_writes_bytes_(DestinationSidLength) PSID DestinationSid,
1457 _In_ PSID SourceSid);
1458
1459 _IRQL_requires_max_(APC_LEVEL)
1460 NTSYSAPI
1461 NTSTATUS
1462 NTAPI
1463 RtlConvertSidToUnicodeString(
1464 _Inout_ PUNICODE_STRING UnicodeString,
1465 _In_ PSID Sid,
1466 _In_ BOOLEAN AllocateDestinationString);
1467
1468 _IRQL_requires_max_(APC_LEVEL)
1469 NTSYSAPI
1470 VOID
1471 NTAPI
1472 RtlCopyLuid(
1473 _Out_ PLUID DestinationLuid,
1474 _In_ PLUID SourceLuid);
1475
1476 _IRQL_requires_max_(APC_LEVEL)
1477 NTSYSAPI
1478 NTSTATUS
1479 NTAPI
1480 RtlCreateAcl(
1481 _Out_writes_bytes_(AclLength) PACL Acl,
1482 _In_ ULONG AclLength,
1483 _In_ ULONG AclRevision);
1484
1485 _IRQL_requires_max_(APC_LEVEL)
1486 NTSYSAPI
1487 NTSTATUS
1488 NTAPI
1489 RtlAddAce(
1490 _Inout_ PACL Acl,
1491 _In_ ULONG AceRevision,
1492 _In_ ULONG StartingAceIndex,
1493 _In_reads_bytes_(AceListLength) PVOID AceList,
1494 _In_ ULONG AceListLength);
1495
1496 _IRQL_requires_max_(APC_LEVEL)
1497 NTSYSAPI
1498 NTSTATUS
1499 NTAPI
1500 RtlDeleteAce(
1501 _Inout_ PACL Acl,
1502 _In_ ULONG AceIndex);
1503
1504 NTSYSAPI
1505 NTSTATUS
1506 NTAPI
1507 RtlGetAce(
1508 _In_ PACL Acl,
1509 _In_ ULONG AceIndex,
1510 _Outptr_ PVOID *Ace);
1511
1512 _IRQL_requires_max_(APC_LEVEL)
1513 NTSYSAPI
1514 NTSTATUS
1515 NTAPI
1516 RtlAddAccessAllowedAce(
1517 _Inout_ PACL Acl,
1518 _In_ ULONG AceRevision,
1519 _In_ ACCESS_MASK AccessMask,
1520 _In_ PSID Sid);
1521
1522 _IRQL_requires_max_(APC_LEVEL)
1523 NTSYSAPI
1524 NTSTATUS
1525 NTAPI
1526 RtlAddAccessAllowedAceEx(
1527 _Inout_ PACL Acl,
1528 _In_ ULONG AceRevision,
1529 _In_ ULONG AceFlags,
1530 _In_ ACCESS_MASK AccessMask,
1531 _In_ PSID Sid);
1532
1533 _IRQL_requires_max_(APC_LEVEL)
1534 NTSYSAPI
1535 NTSTATUS
1536 NTAPI
1537 RtlCreateSecurityDescriptorRelative(
1538 _Out_ PISECURITY_DESCRIPTOR_RELATIVE SecurityDescriptor,
1539 _In_ ULONG Revision);
1540
1541 NTSYSAPI
1542 NTSTATUS
1543 NTAPI
1544 RtlGetDaclSecurityDescriptor(
1545 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
1546 _Out_ PBOOLEAN DaclPresent,
1547 _Out_ PACL *Dacl,
1548 _Out_ PBOOLEAN DaclDefaulted);
1549
1550 _IRQL_requires_max_(APC_LEVEL)
1551 NTSYSAPI
1552 NTSTATUS
1553 NTAPI
1554 RtlSetOwnerSecurityDescriptor(
1555 _Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor,
1556 _In_opt_ PSID Owner,
1557 _In_opt_ BOOLEAN OwnerDefaulted);
1558
1559 _IRQL_requires_max_(APC_LEVEL)
1560 NTSYSAPI
1561 NTSTATUS
1562 NTAPI
1563 RtlGetOwnerSecurityDescriptor(
1564 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
1565 _Out_ PSID *Owner,
1566 _Out_ PBOOLEAN OwnerDefaulted);
1567
1568 _IRQL_requires_max_(APC_LEVEL)
1569 _When_(Status < 0, _Out_range_(>, 0))
1570 _When_(Status >= 0, _Out_range_(==, 0))
1571 NTSYSAPI
1572 ULONG
1573 NTAPI
1574 RtlNtStatusToDosError(
1575 _In_ NTSTATUS Status);
1576
1577 _IRQL_requires_max_(PASSIVE_LEVEL)
1578 NTSYSAPI
1579 NTSTATUS
1580 NTAPI
1581 RtlCustomCPToUnicodeN(
1582 _In_ PCPTABLEINFO CustomCP,
1583 _Out_writes_bytes_to_(MaxBytesInUnicodeString, *BytesInUnicodeString) PWCH UnicodeString,
1584 _In_ ULONG MaxBytesInUnicodeString,
1585 _Out_opt_ PULONG BytesInUnicodeString,
1586 _In_reads_bytes_(BytesInCustomCPString) PCH CustomCPString,
1587 _In_ ULONG BytesInCustomCPString);
1588
1589 _IRQL_requires_max_(PASSIVE_LEVEL)
1590 NTSYSAPI
1591 NTSTATUS
1592 NTAPI
1593 RtlUnicodeToCustomCPN(
1594 _In_ PCPTABLEINFO CustomCP,
1595 _Out_writes_bytes_to_(MaxBytesInCustomCPString, *BytesInCustomCPString) PCH CustomCPString,
1596 _In_ ULONG MaxBytesInCustomCPString,
1597 _Out_opt_ PULONG BytesInCustomCPString,
1598 _In_reads_bytes_(BytesInUnicodeString) PWCH UnicodeString,
1599 _In_ ULONG BytesInUnicodeString);
1600
1601 _IRQL_requires_max_(PASSIVE_LEVEL)
1602 NTSYSAPI
1603 NTSTATUS
1604 NTAPI
1605 RtlUpcaseUnicodeToCustomCPN(
1606 _In_ PCPTABLEINFO CustomCP,
1607 _Out_writes_bytes_to_(MaxBytesInCustomCPString, *BytesInCustomCPString) PCH CustomCPString,
1608 _In_ ULONG MaxBytesInCustomCPString,
1609 _Out_opt_ PULONG BytesInCustomCPString,
1610 _In_reads_bytes_(BytesInUnicodeString) PWCH UnicodeString,
1611 _In_ ULONG BytesInUnicodeString);
1612
1613 _IRQL_requires_max_(PASSIVE_LEVEL)
1614 NTSYSAPI
1615 VOID
1616 NTAPI
1617 RtlInitCodePageTable(
1618 _In_ PUSHORT TableBase,
1619 _Out_ PCPTABLEINFO CodePageTable);
1620
1621
1622 #endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */
1623
1624
1625 #if (NTDDI_VERSION >= NTDDI_WINXP)
1626
1627
1628
1629 _Must_inspect_result_
1630 NTSYSAPI
1631 PVOID
1632 NTAPI
1633 RtlCreateHeap(
1634 _In_ ULONG Flags,
1635 _In_opt_ PVOID HeapBase,
1636 _In_opt_ SIZE_T ReserveSize,
1637 _In_opt_ SIZE_T CommitSize,
1638 _In_opt_ PVOID Lock,
1639 _In_opt_ PRTL_HEAP_PARAMETERS Parameters);
1640
1641 NTSYSAPI
1642 PVOID
1643 NTAPI
1644 RtlDestroyHeap(
1645 _In_ _Post_invalid_ PVOID HeapHandle);
1646
1647 NTSYSAPI
1648 USHORT
1649 NTAPI
1650 RtlCaptureStackBackTrace(
1651 _In_ ULONG FramesToSkip,
1652 _In_ ULONG FramesToCapture,
1653 _Out_writes_to_(FramesToCapture, return) PVOID *BackTrace,
1654 _Out_opt_ PULONG BackTraceHash);
1655
1656 _Ret_range_(<, MAXLONG)
1657 NTSYSAPI
1658 ULONG
1659 NTAPI
1660 RtlRandomEx(
1661 _Inout_ PULONG Seed);
1662
1663 _IRQL_requires_max_(DISPATCH_LEVEL)
1664 NTSYSAPI
1665 NTSTATUS
1666 NTAPI
1667 RtlInitUnicodeStringEx(
1668 _Out_ PUNICODE_STRING DestinationString,
1669 _In_opt_z_ __drv_aliasesMem PCWSTR SourceString);
1670
1671 _Must_inspect_result_
1672 NTSYSAPI
1673 NTSTATUS
1674 NTAPI
1675 RtlValidateUnicodeString(
1676 _In_ ULONG Flags,
1677 _In_ PCUNICODE_STRING String);
1678
1679 _IRQL_requires_max_(PASSIVE_LEVEL)
1680 _Must_inspect_result_
1681 NTSYSAPI
1682 NTSTATUS
1683 NTAPI
1684 RtlDuplicateUnicodeString(
1685 _In_ ULONG Flags,
1686 _In_ PCUNICODE_STRING SourceString,
1687 _Out_ _At_(DestinationString->Buffer, __drv_allocatesMem(Mem)) PUNICODE_STRING DestinationString);
1688
1689 NTSYSAPI
1690 NTSTATUS
1691 NTAPI
1692 RtlGetCompressionWorkSpaceSize(
1693 _In_ USHORT CompressionFormatAndEngine,
1694 _Out_ PULONG CompressBufferWorkSpaceSize,
1695 _Out_ PULONG CompressFragmentWorkSpaceSize);
1696
1697 NTSYSAPI
1698 NTSTATUS
1699 NTAPI
1700 RtlCompressBuffer(
1701 _In_ USHORT CompressionFormatAndEngine,
1702 _In_reads_bytes_(UncompressedBufferSize) PUCHAR UncompressedBuffer,
1703 _In_ ULONG UncompressedBufferSize,
1704 _Out_writes_bytes_to_(CompressedBufferSize, *FinalCompressedSize) PUCHAR CompressedBuffer,
1705 _In_ ULONG CompressedBufferSize,
1706 _In_ ULONG UncompressedChunkSize,
1707 _Out_ PULONG FinalCompressedSize,
1708 _In_ PVOID WorkSpace);
1709
1710 _IRQL_requires_max_(APC_LEVEL)
1711 NTSYSAPI
1712 NTSTATUS
1713 NTAPI
1714 RtlDecompressBuffer(
1715 _In_ USHORT CompressionFormat,
1716 _Out_writes_bytes_to_(UncompressedBufferSize, *FinalUncompressedSize) PUCHAR UncompressedBuffer,
1717 _In_ ULONG UncompressedBufferSize,
1718 _In_reads_bytes_(CompressedBufferSize) PUCHAR CompressedBuffer,
1719 _In_ ULONG CompressedBufferSize,
1720 _Out_ PULONG FinalUncompressedSize);
1721
1722 _IRQL_requires_max_(APC_LEVEL)
1723 NTSYSAPI
1724 NTSTATUS
1725 NTAPI
1726 RtlDecompressFragment(
1727 _In_ USHORT CompressionFormat,
1728 _Out_writes_bytes_to_(UncompressedFragmentSize, *FinalUncompressedSize) PUCHAR UncompressedFragment,
1729 _In_ ULONG UncompressedFragmentSize,
1730 _In_reads_bytes_(CompressedBufferSize) PUCHAR CompressedBuffer,
1731 _In_ ULONG CompressedBufferSize,
1732 _In_range_(<, CompressedBufferSize) ULONG FragmentOffset,
1733 _Out_ PULONG FinalUncompressedSize,
1734 _In_ PVOID WorkSpace);
1735
1736 _IRQL_requires_max_(APC_LEVEL)
1737 NTSYSAPI
1738 NTSTATUS
1739 NTAPI
1740 RtlDescribeChunk(
1741 _In_ USHORT CompressionFormat,
1742 _Inout_ PUCHAR *CompressedBuffer,
1743 _In_ PUCHAR EndOfCompressedBufferPlus1,
1744 _Out_ PUCHAR *ChunkBuffer,
1745 _Out_ PULONG ChunkSize);
1746
1747 _IRQL_requires_max_(APC_LEVEL)
1748 NTSYSAPI
1749 NTSTATUS
1750 NTAPI
1751 RtlReserveChunk(
1752 _In_ USHORT CompressionFormat,
1753 _Inout_ PUCHAR *CompressedBuffer,
1754 _In_ PUCHAR EndOfCompressedBufferPlus1,
1755 _Out_ PUCHAR *ChunkBuffer,
1756 _In_ ULONG ChunkSize);
1757
1758 _IRQL_requires_max_(APC_LEVEL)
1759 NTSYSAPI
1760 NTSTATUS
1761 NTAPI
1762 RtlDecompressChunks(
1763 _Out_writes_bytes_(UncompressedBufferSize) PUCHAR UncompressedBuffer,
1764 _In_ ULONG UncompressedBufferSize,
1765 _In_reads_bytes_(CompressedBufferSize) PUCHAR CompressedBuffer,
1766 _In_ ULONG CompressedBufferSize,
1767 _In_reads_bytes_(CompressedTailSize) PUCHAR CompressedTail,
1768 _In_ ULONG CompressedTailSize,
1769 _In_ PCOMPRESSED_DATA_INFO CompressedDataInfo);
1770
1771 _IRQL_requires_max_(APC_LEVEL)
1772 NTSYSAPI
1773 NTSTATUS
1774 NTAPI
1775 RtlCompressChunks(
1776 _In_reads_bytes_(UncompressedBufferSize) PUCHAR UncompressedBuffer,
1777 _In_ ULONG UncompressedBufferSize,
1778 _Out_writes_bytes_(CompressedBufferSize) PUCHAR CompressedBuffer,
1779 _In_range_(>=, (UncompressedBufferSize - (UncompressedBufferSize / 16))) ULONG CompressedBufferSize,
1780 _Inout_updates_bytes_(CompressedDataInfoLength) PCOMPRESSED_DATA_INFO CompressedDataInfo,
1781 _In_range_(>, sizeof(COMPRESSED_DATA_INFO)) ULONG CompressedDataInfoLength,
1782 _In_ PVOID WorkSpace);
1783
1784 _IRQL_requires_max_(APC_LEVEL)
1785 NTSYSAPI
1786 PSID_IDENTIFIER_AUTHORITY
1787 NTAPI
1788 RtlIdentifierAuthoritySid(
1789 _In_ PSID Sid);
1790
1791 NTSYSAPI
1792 PUCHAR
1793 NTAPI
1794 RtlSubAuthorityCountSid(
1795 _In_ PSID Sid);
1796
1797 _When_(Status < 0, _Out_range_(>, 0))
1798 _When_(Status >= 0, _Out_range_(==, 0))
1799 NTSYSAPI
1800 ULONG
1801 NTAPI
1802 RtlNtStatusToDosErrorNoTeb(
1803 _In_ NTSTATUS Status);
1804
1805 _IRQL_requires_max_(PASSIVE_LEVEL)
1806 NTSYSAPI
1807 NTSTATUS
1808 NTAPI
1809 RtlCreateSystemVolumeInformationFolder(
1810 _In_ PCUNICODE_STRING VolumeRootPath);
1811
1812 #if defined(_M_AMD64)
1813
1814 FORCEINLINE
1815 VOID
1816 RtlFillMemoryUlong(
1817 _Out_writes_bytes_all_(Length) PVOID Destination,
1818 _In_ SIZE_T Length,
1819 _In_ ULONG Pattern)
1820 {
1821 PULONG Address = (PULONG)Destination;
1822 if ((Length /= 4) != 0) {
1823 if (((ULONG64)Address & 4) != 0) {
1824 *Address = Pattern;
1825 if ((Length -= 1) == 0) {
1826 return;
1827 }
1828 Address += 1;
1829 }
1830 __stosq((PULONG64)(Address), Pattern | ((ULONG64)Pattern << 32), Length / 2);
1831 if ((Length & 1) != 0) Address[Length - 1] = Pattern;
1832 }
1833 return;
1834 }
1835
1836 #define RtlFillMemoryUlonglong(Destination, Length, Pattern) \
1837 __stosq((PULONG64)(Destination), Pattern, (Length) / 8)
1838
1839 #else
1840
1841 NTSYSAPI
1842 VOID
1843 NTAPI
1844 RtlFillMemoryUlong(
1845 OUT PVOID Destination,
1846 IN SIZE_T Length,
1847 IN ULONG Pattern);
1848
1849 NTSYSAPI
1850 VOID
1851 NTAPI
1852 RtlFillMemoryUlonglong(
1853 _Out_writes_bytes_all_(Length) PVOID Destination,
1854 _In_ SIZE_T Length,
1855 _In_ ULONGLONG Pattern);
1856
1857 #endif /* defined(_M_AMD64) */
1858
1859 #endif /* (NTDDI_VERSION >= NTDDI_WINXP) */
1860
1861 #if (NTDDI_VERSION >= NTDDI_WS03)
1862 _IRQL_requires_max_(DISPATCH_LEVEL)
1863 NTSYSAPI
1864 NTSTATUS
1865 NTAPI
1866 RtlInitAnsiStringEx(
1867 _Out_ PANSI_STRING DestinationString,
1868 _In_opt_z_ __drv_aliasesMem PCSZ SourceString);
1869 #endif
1870
1871 #if (NTDDI_VERSION >= NTDDI_WS03SP1)
1872
1873 _IRQL_requires_max_(APC_LEVEL)
1874 NTSYSAPI
1875 NTSTATUS
1876 NTAPI
1877 RtlGetSaclSecurityDescriptor(
1878 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
1879 _Out_ PBOOLEAN SaclPresent,
1880 _Out_ PACL *Sacl,
1881 _Out_ PBOOLEAN SaclDefaulted);
1882
1883 _IRQL_requires_max_(APC_LEVEL)
1884 NTSYSAPI
1885 NTSTATUS
1886 NTAPI
1887 RtlSetGroupSecurityDescriptor(
1888 _Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor,
1889 _In_opt_ PSID Group,
1890 _In_opt_ BOOLEAN GroupDefaulted);
1891
1892 _IRQL_requires_max_(APC_LEVEL)
1893 NTSYSAPI
1894 NTSTATUS
1895 NTAPI
1896 RtlGetGroupSecurityDescriptor(
1897 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
1898 _Out_ PSID *Group,
1899 _Out_ PBOOLEAN GroupDefaulted);
1900
1901 _IRQL_requires_max_(APC_LEVEL)
1902 NTSYSAPI
1903 NTSTATUS
1904 NTAPI
1905 RtlAbsoluteToSelfRelativeSD(
1906 _In_ PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor,
1907 _Out_writes_bytes_to_opt_(*BufferLength, *BufferLength) PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor,
1908 _Inout_ PULONG BufferLength);
1909
1910 _IRQL_requires_max_(APC_LEVEL)
1911 NTSYSAPI
1912 NTSTATUS
1913 NTAPI
1914 RtlSelfRelativeToAbsoluteSD(
1915 _In_ PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor,
1916 _Out_writes_bytes_to_opt_(*AbsoluteSecurityDescriptorSize, *AbsoluteSecurityDescriptorSize) PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor,
1917 _Inout_ PULONG AbsoluteSecurityDescriptorSize,
1918 _Out_writes_bytes_to_opt_(*DaclSize, *DaclSize) PACL Dacl,
1919 _Inout_ PULONG DaclSize,
1920 _Out_writes_bytes_to_opt_(*SaclSize, *SaclSize) PACL Sacl,
1921 _Inout_ PULONG SaclSize,
1922 _Out_writes_bytes_to_opt_(*OwnerSize, *OwnerSize) PSID Owner,
1923 _Inout_ PULONG OwnerSize,
1924 _Out_writes_bytes_to_opt_(*PrimaryGroupSize, *PrimaryGroupSize) PSID PrimaryGroup,
1925 _Inout_ PULONG PrimaryGroupSize);
1926
1927 #endif /* (NTDDI_VERSION >= NTDDI_WS03SP1) */
1928
1929 #if (NTDDI_VERSION >= NTDDI_VISTA)
1930
1931 NTSYSAPI
1932 NTSTATUS
1933 NTAPI
1934 RtlNormalizeString(
1935 _In_ ULONG NormForm,
1936 _In_ PCWSTR SourceString,
1937 _In_ LONG SourceStringLength,
1938 _Out_writes_to_(*DestinationStringLength, *DestinationStringLength) PWSTR DestinationString,
1939 _Inout_ PLONG DestinationStringLength);
1940
1941 NTSYSAPI
1942 NTSTATUS
1943 NTAPI
1944 RtlIsNormalizedString(
1945 _In_ ULONG NormForm,
1946 _In_ PCWSTR SourceString,
1947 _In_ LONG SourceStringLength,
1948 _Out_ PBOOLEAN Normalized);
1949
1950 NTSYSAPI
1951 NTSTATUS
1952 NTAPI
1953 RtlIdnToAscii(
1954 _In_ ULONG Flags,
1955 _In_ PCWSTR SourceString,
1956 _In_ LONG SourceStringLength,
1957 _Out_writes_to_(*DestinationStringLength, *DestinationStringLength) PWSTR DestinationString,
1958 _Inout_ PLONG DestinationStringLength);
1959
1960 NTSYSAPI
1961 NTSTATUS
1962 NTAPI
1963 RtlIdnToUnicode(
1964 IN ULONG Flags,
1965 IN PCWSTR SourceString,
1966 IN LONG SourceStringLength,
1967 OUT PWSTR DestinationString,
1968 IN OUT PLONG DestinationStringLength);
1969
1970 NTSYSAPI
1971 NTSTATUS
1972 NTAPI
1973 RtlIdnToNameprepUnicode(
1974 _In_ ULONG Flags,
1975 _In_ PCWSTR SourceString,
1976 _In_ LONG SourceStringLength,
1977 _Out_writes_to_(*DestinationStringLength, *DestinationStringLength) PWSTR DestinationString,
1978 _Inout_ PLONG DestinationStringLength);
1979
1980 NTSYSAPI
1981 NTSTATUS
1982 NTAPI
1983 RtlCreateServiceSid(
1984 _In_ PUNICODE_STRING ServiceName,
1985 _Out_writes_bytes_opt_(*ServiceSidLength) PSID ServiceSid,
1986 _Inout_ PULONG ServiceSidLength);
1987
1988 NTSYSAPI
1989 LONG
1990 NTAPI
1991 RtlCompareAltitudes(
1992 _In_ PCUNICODE_STRING Altitude1,
1993 _In_ PCUNICODE_STRING Altitude2);
1994
1995
1996 #endif /* (NTDDI_VERSION >= NTDDI_VISTA) */
1997
1998 #if (NTDDI_VERSION >= NTDDI_WIN7)
1999
2000 _IRQL_requires_max_(PASSIVE_LEVEL)
2001 _Must_inspect_result_
2002 NTSYSAPI
2003 NTSTATUS
2004 NTAPI
2005 RtlUnicodeToUTF8N(
2006 _Out_writes_bytes_to_(UTF8StringMaxByteCount, *UTF8StringActualByteCount) PCHAR UTF8StringDestination,
2007 _In_ ULONG UTF8StringMaxByteCount,
2008 _Out_ PULONG UTF8StringActualByteCount,
2009 _In_reads_bytes_(UnicodeStringByteCount) PCWCH UnicodeStringSource,
2010 _In_ ULONG UnicodeStringByteCount);
2011
2012 _IRQL_requires_max_(PASSIVE_LEVEL)
2013 _Must_inspect_result_
2014 NTSYSAPI
2015 NTSTATUS
2016 NTAPI
2017 RtlUTF8ToUnicodeN(
2018 _Out_writes_bytes_to_(UnicodeStringMaxByteCount, *UnicodeStringActualByteCount) PWSTR UnicodeStringDestination,
2019 _In_ ULONG UnicodeStringMaxByteCount,
2020 _Out_ PULONG UnicodeStringActualByteCount,
2021 _In_reads_bytes_(UTF8StringByteCount) PCCH UTF8StringSource,
2022 _In_ ULONG UTF8StringByteCount);
2023
2024 _IRQL_requires_max_(APC_LEVEL)
2025 NTSYSAPI
2026 NTSTATUS
2027 NTAPI
2028 RtlReplaceSidInSd(
2029 _Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor,
2030 _In_ PSID OldSid,
2031 _In_ PSID NewSid,
2032 _Out_ ULONG *NumChanges);
2033
2034 NTSYSAPI
2035 NTSTATUS
2036 NTAPI
2037 RtlCreateVirtualAccountSid(
2038 _In_ PCUNICODE_STRING Name,
2039 _In_ ULONG BaseSubAuthority,
2040 _Out_writes_bytes_(*SidLength) PSID Sid,
2041 _Inout_ PULONG SidLength);
2042
2043 #endif /* (NTDDI_VERSION >= NTDDI_WIN7) */
2044
2045
2046 #if defined(_AMD64_) || defined(_IA64_)
2047
2048
2049
2050 #endif /* defined(_AMD64_) || defined(_IA64_) */
2051
2052
2053
2054 #define RTL_DUPLICATE_UNICODE_STRING_NULL_TERMINATE 1
2055 #define RTL_DUPLICATE_UNICODE_STRING_ALLOCATE_NULL_STRING 2
2056
2057 #define RtlUnicodeStringToOemSize(STRING) (NLS_MB_OEM_CODE_PAGE_TAG ? \
2058 RtlxUnicodeStringToOemSize(STRING) : \
2059 ((STRING)->Length + sizeof(UNICODE_NULL)) / sizeof(WCHAR) \
2060 )
2061
2062 #define RtlOemStringToUnicodeSize(STRING) ( \
2063 NLS_MB_OEM_CODE_PAGE_TAG ? \
2064 RtlxOemStringToUnicodeSize(STRING) : \
2065 ((STRING)->Length + sizeof(ANSI_NULL)) * sizeof(WCHAR) \
2066 )
2067
2068 #define RtlOemStringToCountedUnicodeSize(STRING) ( \
2069 (ULONG)(RtlOemStringToUnicodeSize(STRING) - sizeof(UNICODE_NULL)) \
2070 )
2071
2072 #define RtlOffsetToPointer(B,O) ((PCHAR)(((PCHAR)(B)) + ((ULONG_PTR)(O))))
2073 #define RtlPointerToOffset(B,P) ((ULONG)(((PCHAR)(P)) - ((PCHAR)(B))))
2074
2075 _IRQL_requires_max_(PASSIVE_LEVEL)
2076 __kernel_entry
2077 NTSYSCALLAPI
2078 NTSTATUS
2079 NTAPI
2080 NtQueryObject(
2081 _In_opt_ HANDLE Handle,
2082 _In_ OBJECT_INFORMATION_CLASS ObjectInformationClass,
2083 _Out_writes_bytes_opt_(ObjectInformationLength) PVOID ObjectInformation,
2084 _In_ ULONG ObjectInformationLength,
2085 _Out_opt_ PULONG ReturnLength);
2086
2087 #if (NTDDI_VERSION >= NTDDI_WIN2K)
2088
2089 _Must_inspect_result_
2090 __kernel_entry
2091 NTSYSCALLAPI
2092 NTSTATUS
2093 NTAPI
2094 NtOpenThreadToken(
2095 _In_ HANDLE ThreadHandle,
2096 _In_ ACCESS_MASK DesiredAccess,
2097 _In_ BOOLEAN OpenAsSelf,
2098 _Out_ PHANDLE TokenHandle);
2099
2100 _Must_inspect_result_
2101 __kernel_entry
2102 NTSYSCALLAPI
2103 NTSTATUS
2104 NTAPI
2105 NtOpenProcessToken(
2106 _In_ HANDLE ProcessHandle,
2107 _In_ ACCESS_MASK DesiredAccess,
2108 _Out_ PHANDLE TokenHandle);
2109
2110 _When_(TokenInformationClass == TokenAccessInformation,
2111 _At_(TokenInformationLength,
2112 _In_range_(>=, sizeof(TOKEN_ACCESS_INFORMATION))))
2113 _Must_inspect_result_
2114 __kernel_entry
2115 NTSYSCALLAPI
2116 NTSTATUS
2117 NTAPI
2118 NtQueryInformationToken(
2119 _In_ HANDLE TokenHandle,
2120 _In_ TOKEN_INFORMATION_CLASS TokenInformationClass,
2121 _Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation,
2122 _In_ ULONG TokenInformationLength,
2123 _Out_ PULONG ReturnLength);
2124
2125 _Must_inspect_result_
2126 __kernel_entry
2127 NTSYSCALLAPI
2128 NTSTATUS
2129 NTAPI
2130 NtAdjustPrivilegesToken(
2131 _In_ HANDLE TokenHandle,
2132 _In_ BOOLEAN DisableAllPrivileges,
2133 _In_opt_ PTOKEN_PRIVILEGES NewState,
2134 _In_ ULONG BufferLength,
2135 _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState,
2136 _When_(PreviousState != NULL, _Out_) PULONG ReturnLength);
2137
2138 __kernel_entry
2139 NTSYSCALLAPI
2140 NTSTATUS
2141 NTAPI
2142 NtCreateFile(
2143 _Out_ PHANDLE FileHandle,
2144 _In_ ACCESS_MASK DesiredAccess,
2145 _In_ POBJECT_ATTRIBUTES ObjectAttributes,
2146 _Out_ PIO_STATUS_BLOCK IoStatusBlock,
2147 _In_opt_ PLARGE_INTEGER AllocationSize,
2148 _In_ ULONG FileAttributes,
2149 _In_ ULONG ShareAccess,
2150 _In_ ULONG CreateDisposition,
2151 _In_ ULONG CreateOptions,
2152 _In_reads_bytes_opt_(EaLength) PVOID EaBuffer,
2153 _In_ ULONG EaLength);
2154
2155 __kernel_entry
2156 NTSYSCALLAPI
2157 NTSTATUS
2158 NTAPI
2159 NtDeviceIoControlFile(
2160 _In_ HANDLE FileHandle,
2161 _In_opt_ HANDLE Event,
2162 _In_opt_ PIO_APC_ROUTINE ApcRoutine,
2163 _In_opt_ PVOID ApcContext,
2164 _Out_ PIO_STATUS_BLOCK IoStatusBlock,
2165 _In_ ULONG IoControlCode,
2166 _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer,
2167 _In_ ULONG InputBufferLength,
2168 _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer,
2169 _In_ ULONG OutputBufferLength);
2170
2171 __kernel_entry
2172 NTSYSCALLAPI
2173 NTSTATUS
2174 NTAPI
2175 NtFsControlFile(
2176 _In_ HANDLE FileHandle,
2177 _In_opt_ HANDLE Event,
2178 _In_opt_ PIO_APC_ROUTINE ApcRoutine,
2179 _In_opt_ PVOID ApcContext,
2180 _Out_ PIO_STATUS_BLOCK IoStatusBlock,
2181 _In_ ULONG FsControlCode,
2182 _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer,
2183 _In_ ULONG InputBufferLength,
2184 _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer,
2185 _In_ ULONG OutputBufferLength);
2186
2187 __kernel_entry
2188 NTSYSCALLAPI
2189 NTSTATUS
2190 NTAPI
2191 NtLockFile(
2192 _In_ HANDLE FileHandle,
2193 _In_opt_ HANDLE Event,
2194 _In_opt_ PIO_APC_ROUTINE ApcRoutine,
2195 _In_opt_ PVOID ApcContext,
2196 _Out_ PIO_STATUS_BLOCK IoStatusBlock,
2197 _In_ PLARGE_INTEGER ByteOffset,
2198 _In_ PLARGE_INTEGER Length,
2199 _In_ ULONG Key,
2200 _In_ BOOLEAN FailImmediately,
2201 _In_ BOOLEAN ExclusiveLock);
2202
2203 __kernel_entry
2204 NTSYSCALLAPI
2205 NTSTATUS
2206 NTAPI
2207 NtOpenFile(
2208 _Out_ PHANDLE FileHandle,
2209 _In_ ACCESS_MASK DesiredAccess,
2210 _In_ POBJECT_ATTRIBUTES ObjectAttributes,
2211 _Out_ PIO_STATUS_BLOCK IoStatusBlock,
2212 _In_ ULONG ShareAccess,
2213 _In_ ULONG OpenOptions);
2214
2215 __kernel_entry
2216 NTSYSCALLAPI
2217 NTSTATUS
2218 NTAPI
2219 NtQueryDirectoryFile(
2220 _In_ HANDLE FileHandle,
2221 _In_opt_ HANDLE Event,
2222 _In_opt_ PIO_APC_ROUTINE ApcRoutine,
2223 _In_opt_ PVOID ApcContext,
2224 _Out_ PIO_STATUS_BLOCK IoStatusBlock,
2225 _Out_writes_bytes_(Length) PVOID FileInformation,
2226 _In_ ULONG Length,
2227 _In_ FILE_INFORMATION_CLASS FileInformationClass,
2228 _In_ BOOLEAN ReturnSingleEntry,
2229 _In_opt_ PUNICODE_STRING FileName,
2230 _In_ BOOLEAN RestartScan);
2231
2232 __kernel_entry
2233 NTSYSCALLAPI
2234 NTSTATUS
2235 NTAPI
2236 NtQueryInformationFile(
2237 _In_ HANDLE FileHandle,
2238 _Out_ PIO_STATUS_BLOCK IoStatusBlock,
2239 _Out_writes_bytes_(Length) PVOID FileInformation,
2240 _In_ ULONG Length,
2241 _In_ FILE_INFORMATION_CLASS FileInformationClass);
2242
2243 __kernel_entry
2244 NTSYSCALLAPI
2245 NTSTATUS
2246 NTAPI
2247 NtQueryQuotaInformationFile(
2248 _In_ HANDLE FileHandle,
2249 _Out_ PIO_STATUS_BLOCK IoStatusBlock,
2250 _Out_writes_bytes_(Length) PVOID Buffer,
2251 _In_ ULONG Length,
2252 _In_ BOOLEAN ReturnSingleEntry,
2253 _In_reads_bytes_opt_(SidListLength) PVOID SidList,
2254 _In_ ULONG SidListLength,
2255 _In_reads_bytes_opt_((8 + (4 * ((SID *)StartSid)->SubAuthorityCount))) PSID StartSid,
2256 _In_ BOOLEAN RestartScan);
2257
2258 __kernel_entry
2259 NTSYSCALLAPI
2260 NTSTATUS
2261 NTAPI
2262 NtQueryVolumeInformationFile(
2263 _In_ HANDLE FileHandle,
2264 _Out_ PIO_STATUS_BLOCK IoStatusBlock,
2265 _Out_writes_bytes_(Length) PVOID FsInformation,
2266 _In_ ULONG Length,
2267 _In_ FS_INFORMATION_CLASS FsInformationClass);
2268
2269 __kernel_entry
2270 NTSYSCALLAPI
2271 NTSTATUS
2272 NTAPI
2273 NtReadFile(
2274 _In_ HANDLE FileHandle,
2275 _In_opt_ HANDLE Event,
2276 _In_opt_ PIO_APC_ROUTINE ApcRoutine,
2277 _In_opt_ PVOID ApcContext,
2278 _Out_ PIO_STATUS_BLOCK IoStatusBlock,
2279 _Out_writes_bytes_(Length) PVOID Buffer,
2280 _In_ ULONG Length,
2281 _In_opt_ PLARGE_INTEGER ByteOffset,
2282 _In_opt_ PULONG Key);
2283
2284 __kernel_entry
2285 NTSYSCALLAPI
2286 NTSTATUS
2287 NTAPI
2288 NtSetInformationFile(
2289 _In_ HANDLE FileHandle,
2290 _Out_ PIO_STATUS_BLOCK IoStatusBlock,
2291 _In_reads_bytes_(Length) PVOID FileInformation,
2292 _In_ ULONG Length,
2293 _In_ FILE_INFORMATION_CLASS FileInformationClass);
2294
2295 __kernel_entry
2296 NTSYSCALLAPI
2297 NTSTATUS
2298 NTAPI
2299 NtSetQuotaInformationFile(
2300 _In_ HANDLE FileHandle,
2301 _Out_ PIO_STATUS_BLOCK IoStatusBlock,
2302 _In_reads_bytes_(Length) PVOID Buffer,
2303 _In_ ULONG Length);
2304
2305 __kernel_entry
2306 NTSYSCALLAPI
2307 NTSTATUS
2308 NTAPI
2309 NtSetVolumeInformationFile(
2310 _In_ HANDLE FileHandle,
2311 _Out_ PIO_STATUS_BLOCK IoStatusBlock,
2312 _In_reads_bytes_(Length) PVOID FsInformation,
2313 _In_ ULONG Length,
2314 _In_ FS_INFORMATION_CLASS FsInformationClass);
2315
2316 __kernel_entry
2317 NTSYSCALLAPI
2318 NTSTATUS
2319 NTAPI
2320 NtWriteFile(
2321 _In_ HANDLE FileHandle,
2322 _In_opt_ HANDLE Event,
2323 _In_opt_ PIO_APC_ROUTINE ApcRoutine,
2324 _In_opt_ PVOID ApcContext,
2325 _Out_ PIO_STATUS_BLOCK IoStatusBlock,
2326 _In_reads_bytes_(Length) PVOID Buffer,
2327 _In_ ULONG Length,
2328 _In_opt_ PLARGE_INTEGER ByteOffset,
2329 _In_opt_ PULONG Key);
2330
2331 __kernel_entry
2332 NTSYSCALLAPI
2333 NTSTATUS
2334 NTAPI
2335 NtUnlockFile(
2336 _In_ HANDLE FileHandle,
2337 _Out_ PIO_STATUS_BLOCK IoStatusBlock,
2338 _In_ PLARGE_INTEGER ByteOffset,
2339 _In_ PLARGE_INTEGER Length,
2340 _In_ ULONG Key);
2341
2342 _IRQL_requires_max_(PASSIVE_LEVEL)
2343 __kernel_entry
2344 NTSYSCALLAPI
2345 NTSTATUS
2346 NTAPI
2347 NtSetSecurityObject(
2348 _In_ HANDLE Handle,
2349 _In_ SECURITY_INFORMATION SecurityInformation,
2350 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor);
2351
2352 _IRQL_requires_max_(PASSIVE_LEVEL)
2353 __kernel_entry
2354 NTSYSCALLAPI
2355 NTSTATUS
2356 NTAPI
2357 NtQuerySecurityObject(
2358 _In_ HANDLE Handle,
2359 _In_ SECURITY_INFORMATION SecurityInformation,
2360 _Out_writes_bytes_opt_(Length) PSECURITY_DESCRIPTOR SecurityDescriptor,
2361 _In_ ULONG Length,
2362 _Out_ PULONG LengthNeeded);
2363
2364 _IRQL_requires_max_(PASSIVE_LEVEL)
2365 __kernel_entry
2366 NTSYSCALLAPI
2367 NTSTATUS
2368 NTAPI
2369 NtClose(
2370 _In_ HANDLE Handle);
2371
2372 #endif
2373
2374 #if (NTDDI_VERSION >= NTDDI_WINXP)
2375
2376 _Must_inspect_result_
2377 __kernel_entry
2378 NTSYSCALLAPI
2379 NTSTATUS
2380 NTAPI
2381 NtOpenThreadTokenEx(
2382 _In_ HANDLE ThreadHandle,
2383 _In_ ACCESS_MASK DesiredAccess,
2384 _In_ BOOLEAN OpenAsSelf,
2385 _In_ ULONG HandleAttributes,
2386 _Out_ PHANDLE TokenHandle);
2387
2388 _Must_inspect_result_
2389 __kernel_entry
2390 NTSYSCALLAPI
2391 NTSTATUS
2392 NTAPI
2393 NtOpenProcessTokenEx(
2394 _In_ HANDLE ProcessHandle,
2395 _In_ ACCESS_MASK DesiredAccess,
2396 _In_ ULONG HandleAttributes,
2397 _Out_ PHANDLE TokenHandle);
2398
2399 _Must_inspect_result_
2400 NTSYSAPI
2401 NTSTATUS
2402 NTAPI
2403 NtOpenJobObjectToken(
2404 _In_ HANDLE JobHandle,
2405 _In_ ACCESS_MASK DesiredAccess,
2406 _Out_ PHANDLE TokenHandle);
2407
2408 _Must_inspect_result_
2409 __kernel_entry
2410 NTSYSCALLAPI
2411 NTSTATUS
2412 NTAPI
2413 NtDuplicateToken(
2414 _In_ HANDLE ExistingTokenHandle,
2415 _In_ ACCESS_MASK DesiredAccess,
2416 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
2417 _In_ BOOLEAN EffectiveOnly,
2418 _In_ TOKEN_TYPE TokenType,
2419 _Out_ PHANDLE NewTokenHandle);
2420
2421 _Must_inspect_result_
2422 __kernel_entry
2423 NTSYSCALLAPI
2424 NTSTATUS
2425 NTAPI
2426 NtFilterToken(
2427 _In_ HANDLE ExistingTokenHandle,
2428 _In_ ULONG Flags,
2429 _In_opt_ PTOKEN_GROUPS SidsToDisable,
2430 _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete,
2431 _In_opt_ PTOKEN_GROUPS RestrictedSids,
2432 _Out_ PHANDLE NewTokenHandle);
2433
2434 _Must_inspect_result_
2435 __kernel_entry
2436 NTSYSCALLAPI
2437 NTSTATUS
2438 NTAPI
2439 NtImpersonateAnonymousToken(
2440 _In_ HANDLE ThreadHandle);
2441
2442 _Must_inspect_result_
2443 __kernel_entry
2444 NTSYSCALLAPI
2445 NTSTATUS
2446 NTAPI
2447 NtSetInformationToken(
2448 _In_ HANDLE TokenHandle,
2449 _In_ TOKEN_INFORMATION_CLASS TokenInformationClass,
2450 _In_reads_bytes_(TokenInformationLength) PVOID TokenInformation,
2451 _In_ ULONG TokenInformationLength);
2452
2453 _Must_inspect_result_
2454 __kernel_entry
2455 NTSYSCALLAPI
2456 NTSTATUS
2457 NTAPI
2458 NtAdjustGroupsToken(
2459 _In_ HANDLE TokenHandle,
2460 _In_ BOOLEAN ResetToDefault,
2461 _In_opt_ PTOKEN_GROUPS NewState,
2462 _In_opt_ ULONG BufferLength,
2463 _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS PreviousState,
2464 _Out_ PULONG ReturnLength);
2465
2466 _Must_inspect_result_
2467 __kernel_entry
2468 NTSYSCALLAPI
2469 NTSTATUS
2470 NTAPI
2471 NtPrivilegeCheck(
2472 _In_ HANDLE ClientToken,
2473 _Inout_ PPRIVILEGE_SET RequiredPrivileges,
2474 _Out_ PBOOLEAN Result);
2475
2476 _Must_inspect_result_
2477 __kernel_entry
2478 NTSYSCALLAPI
2479 NTSTATUS
2480 NTAPI
2481 NtAccessCheckAndAuditAlarm(
2482 _In_ PUNICODE_STRING SubsystemName,
2483 _In_opt_ PVOID HandleId,
2484 _In_ PUNICODE_STRING ObjectTypeName,
2485 _In_ PUNICODE_STRING ObjectName,
2486 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
2487 _In_ ACCESS_MASK DesiredAccess,
2488 _In_ PGENERIC_MAPPING GenericMapping,
2489 _In_ BOOLEAN ObjectCreation,
2490 _Out_ PACCESS_MASK GrantedAccess,
2491 _Out_ PNTSTATUS AccessStatus,
2492 _Out_ PBOOLEAN GenerateOnClose);
2493
2494 _Must_inspect_result_
2495 __kernel_entry
2496 NTSYSCALLAPI
2497 NTSTATUS
2498 NTAPI
2499 NtAccessCheckByTypeAndAuditAlarm(
2500 _In_ PUNICODE_STRING SubsystemName,
2501 _In_opt_ PVOID HandleId,
2502 _In_ PUNICODE_STRING ObjectTypeName,
2503 _In_ PUNICODE_STRING ObjectName,
2504 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
2505 _In_opt_ PSID PrincipalSelfSid,
2506 _In_ ACCESS_MASK DesiredAccess,
2507 _In_ AUDIT_EVENT_TYPE AuditType,
2508 _In_ ULONG Flags,
2509 _In_reads_opt_(ObjectTypeLength) POBJECT_TYPE_LIST ObjectTypeList,
2510 _In_ ULONG ObjectTypeLength,
2511 _In_ PGENERIC_MAPPING GenericMapping,
2512 _In_ BOOLEAN ObjectCreation,
2513 _Out_ PACCESS_MASK GrantedAccess,
2514 _Out_ PNTSTATUS AccessStatus,
2515 _Out_ PBOOLEAN GenerateOnClose);
2516
2517 _Must_inspect_result_
2518 __kernel_entry
2519 NTSYSCALLAPI
2520 NTSTATUS
2521 NTAPI
2522 NtAccessCheckByTypeResultListAndAuditAlarm(
2523 _In_ PUNICODE_STRING SubsystemName,
2524 _In_opt_ PVOID HandleId,
2525 _In_ PUNICODE_STRING ObjectTypeName,
2526 _In_ PUNICODE_STRING ObjectName,
2527 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
2528 _In_opt_ PSID PrincipalSelfSid,
2529 _In_ ACCESS_MASK DesiredAccess,
2530 _In_ AUDIT_EVENT_TYPE AuditType,
2531 _In_ ULONG Flags,
2532 _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList,
2533 _In_ ULONG ObjectTypeListLength,
2534 _In_ PGENERIC_MAPPING GenericMapping,
2535 _In_ BOOLEAN ObjectCreation,
2536 _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess,
2537 _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus,
2538 _Out_ PBOOLEAN GenerateOnClose);
2539
2540 _Must_inspect_result_
2541 __kernel_entry
2542 NTSYSCALLAPI
2543 NTSTATUS
2544 NTAPI
2545 NtAccessCheckByTypeResultListAndAuditAlarmByHandle(
2546 _In_ PUNICODE_STRING SubsystemName,
2547 _In_opt_ PVOID HandleId,
2548 _In_ HANDLE ClientToken,
2549 _In_ PUNICODE_STRING ObjectTypeName,
2550 _In_ PUNICODE_STRING ObjectName,
2551 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
2552 _In_opt_ PSID PrincipalSelfSid,
2553 _In_ ACCESS_MASK DesiredAccess,
2554 _In_ AUDIT_EVENT_TYPE AuditType,
2555 _In_ ULONG Flags,
2556 _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList,
2557 _In_ ULONG ObjectTypeListLength,
2558 _In_ PGENERIC_MAPPING GenericMapping,
2559 _In_ BOOLEAN ObjectCreation,
2560 _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess,
2561 _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus,
2562 _Out_ PBOOLEAN GenerateOnClose);
2563
2564 __kernel_entry
2565 NTSYSCALLAPI
2566 NTSTATUS
2567 NTAPI
2568 NtOpenObjectAuditAlarm(
2569 _In_ PUNICODE_STRING SubsystemName,
2570 _In_opt_ PVOID HandleId,
2571 _In_ PUNICODE_STRING ObjectTypeName,
2572 _In_ PUNICODE_STRING ObjectName,
2573 _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor,
2574 _In_ HANDLE ClientToken,
2575 _In_ ACCESS_MASK DesiredAccess,
2576 _In_ ACCESS_MASK GrantedAccess,
2577 _In_opt_ PPRIVILEGE_SET Privileges,
2578 _In_ BOOLEAN ObjectCreation,
2579 _In_ BOOLEAN AccessGranted,
2580 _Out_ PBOOLEAN GenerateOnClose);
2581
2582 __kernel_entry
2583 NTSYSCALLAPI
2584 NTSTATUS
2585 NTAPI
2586 NtPrivilegeObjectAuditAlarm(
2587 _In_ PUNICODE_STRING SubsystemName,
2588 _In_opt_ PVOID HandleId,
2589 _In_ HANDLE ClientToken,
2590 _In_ ACCESS_MASK DesiredAccess,
2591 _In_ PPRIVILEGE_SET Privileges,
2592 _In_ BOOLEAN AccessGranted);
2593
2594 __kernel_entry
2595 NTSYSCALLAPI
2596 NTSTATUS
2597 NTAPI
2598 NtCloseObjectAuditAlarm(
2599 _In_ PUNICODE_STRING SubsystemName,
2600 _In_opt_ PVOID HandleId,
2601 _In_ BOOLEAN GenerateOnClose);
2602
2603 __kernel_entry
2604 NTSYSCALLAPI
2605 NTSTATUS
2606 NTAPI
2607 NtDeleteObjectAuditAlarm(
2608 _In_ PUNICODE_STRING SubsystemName,
2609 _In_opt_ PVOID HandleId,
2610 _In_ BOOLEAN GenerateOnClose);
2611
2612 __kernel_entry
2613 NTSYSCALLAPI
2614 NTSTATUS
2615 NTAPI
2616 NtPrivilegedServiceAuditAlarm(
2617 _In_ PUNICODE_STRING SubsystemName,
2618 _In_ PUNICODE_STRING ServiceName,
2619 _In_ HANDLE ClientToken,
2620 _In_ PPRIVILEGE_SET Privileges,
2621 _In_ BOOLEAN AccessGranted);
2622
2623 __kernel_entry
2624 NTSYSCALLAPI
2625 NTSTATUS
2626 NTAPI
2627 NtSetInformationThread(
2628 _In_ HANDLE ThreadHandle,
2629 _In_ THREADINFOCLASS ThreadInformationClass,
2630 _In_reads_bytes_(ThreadInformationLength) PVOID ThreadInformation,
2631 _In_ ULONG ThreadInformationLength);
2632
2633 _Must_inspect_result_
2634 __kernel_entry
2635 NTSYSCALLAPI
2636 NTSTATUS
2637 NTAPI
2638 NtCreateSection(
2639 _Out_ PHANDLE SectionHandle,
2640 _In_ ACCESS_MASK DesiredAccess,
2641 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
2642 _In_opt_ PLARGE_INTEGER MaximumSize,
2643 _In_ ULONG SectionPageProtection,
2644 _In_ ULONG AllocationAttributes,
2645 _In_opt_ HANDLE FileHandle);
2646
2647 #endif
2648
2649 #define COMPRESSION_FORMAT_NONE (0x0000)
2650 #define COMPRESSION_FORMAT_DEFAULT (0x0001)
2651 #define COMPRESSION_FORMAT_LZNT1 (0x0002)
2652 #define COMPRESSION_ENGINE_STANDARD (0x0000)
2653 #define COMPRESSION_ENGINE_MAXIMUM (0x0100)
2654 #define COMPRESSION_ENGINE_HIBER (0x0200)
2655
2656 #define MAX_UNICODE_STACK_BUFFER_LENGTH 256
2657
2658 #define METHOD_FROM_CTL_CODE(ctrlCode) ((ULONG)(ctrlCode & 3))
2659
2660 #define METHOD_DIRECT_TO_HARDWARE METHOD_IN_DIRECT
2661 #define METHOD_DIRECT_FROM_HARDWARE METHOD_OUT_DIRECT
2662
2663 typedef ULONG LSA_OPERATIONAL_MODE, *PLSA_OPERATIONAL_MODE;
2664
2665 typedef enum _SECURITY_LOGON_TYPE {
2666 UndefinedLogonType = 0,
2667 Interactive = 2,
2668 Network,
2669 Batch,
2670 Service,
2671 Proxy,
2672 Unlock,
2673 NetworkCleartext,
2674 NewCredentials,
2675 #if (_WIN32_WINNT >= 0x0501)
2676 RemoteInteractive,
2677 CachedInteractive,
2678 #endif
2679 #if (_WIN32_WINNT >= 0x0502)
2680 CachedRemoteInteractive,
2681 CachedUnlock
2682 #endif
2683 } SECURITY_LOGON_TYPE, *PSECURITY_LOGON_TYPE;
2684
2685 #ifndef _NTLSA_AUDIT_
2686 #define _NTLSA_AUDIT_
2687
2688 #ifndef GUID_DEFINED
2689 #include <guiddef.h>
2690 #endif
2691
2692 #endif /* _NTLSA_AUDIT_ */
2693
2694 _IRQL_requires_same_
2695 _IRQL_requires_max_(PASSIVE_LEVEL)
2696 NTSTATUS
2697 NTAPI
2698 LsaRegisterLogonProcess(
2699 _In_ PLSA_STRING LogonProcessName,
2700 _Out_ PHANDLE LsaHandle,
2701 _Out_ PLSA_OPERATIONAL_MODE SecurityMode);
2702
2703 _IRQL_requires_same_
2704 _IRQL_requires_max_(PASSIVE_LEVEL)
2705 NTSTATUS
2706 NTAPI
2707 LsaLogonUser(
2708 _In_ HANDLE LsaHandle,
2709 _In_ PLSA_STRING OriginName,
2710 _In_ SECURITY_LOGON_TYPE LogonType,
2711 _In_ ULONG AuthenticationPackage,
2712 _In_reads_bytes_(AuthenticationInformationLength) PVOID AuthenticationInformation,
2713 _In_ ULONG AuthenticationInformationLength,
2714 _In_opt_ PTOKEN_GROUPS LocalGroups,
2715 _In_ PTOKEN_SOURCE SourceContext,
2716 _Out_ PVOID *ProfileBuffer,
2717 _Out_ PULONG ProfileBufferLength,
2718 _Inout_ PLUID LogonId,
2719 _Out_ PHANDLE Token,
2720 _Out_ PQUOTA_LIMITS Quotas,
2721 _Out_ PNTSTATUS SubStatus);
2722
2723 _IRQL_requires_same_
2724 NTSTATUS
2725 NTAPI
2726 LsaFreeReturnBuffer(
2727 _In_ PVOID Buffer);
2728
2729 #ifndef _NTLSA_IFS_
2730 #define _NTLSA_IFS_
2731 #endif
2732
2733 #define MSV1_0_PACKAGE_NAME "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"
2734 #define MSV1_0_PACKAGE_NAMEW L"MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"
2735 #define MSV1_0_PACKAGE_NAMEW_LENGTH sizeof(MSV1_0_PACKAGE_NAMEW) - sizeof(WCHAR)
2736
2737 #define MSV1_0_SUBAUTHENTICATION_KEY "SYSTEM\\CurrentControlSet\\Control\\Lsa\\MSV1_0"
2738 #define MSV1_0_SUBAUTHENTICATION_VALUE "Auth"
2739
2740 #define MSV1_0_CHALLENGE_LENGTH 8
2741 #define MSV1_0_USER_SESSION_KEY_LENGTH 16
2742 #define MSV1_0_LANMAN_SESSION_KEY_LENGTH 8
2743
2744 #define MSV1_0_CLEARTEXT_PASSWORD_ALLOWED 0x02
2745 #define MSV1_0_UPDATE_LOGON_STATISTICS 0x04
2746 #define MSV1_0_RETURN_USER_PARAMETERS 0x08
2747 #define MSV1_0_DONT_TRY_GUEST_ACCOUNT 0x10
2748 #define MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT 0x20
2749 #define MSV1_0_RETURN_PASSWORD_EXPIRY 0x40
2750 #define MSV1_0_USE_CLIENT_CHALLENGE 0x80
2751 #define MSV1_0_TRY_GUEST_ACCOUNT_ONLY 0x100
2752 #define MSV1_0_RETURN_PROFILE_PATH 0x200
2753 #define MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY 0x400
2754 #define MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT 0x800
2755
2756 #define MSV1_0_DISABLE_PERSONAL_FALLBACK 0x00001000
2757 #define MSV1_0_ALLOW_FORCE_GUEST 0x00002000
2758
2759 #if (_WIN32_WINNT >= 0x0502)
2760 #define MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED 0x00004000
2761 #define MSV1_0_USE_DOMAIN_FOR_ROUTING_ONLY 0x00008000
2762 #endif
2763
2764 #define MSV1_0_SUBAUTHENTICATION_DLL_EX 0x00100000
2765 #define MSV1_0_ALLOW_MSVCHAPV2 0x00010000
2766
2767 #if (_WIN32_WINNT >= 0x0600)
2768 #define MSV1_0_S4U2SELF 0x00020000
2769 #define MSV1_0_CHECK_LOGONHOURS_FOR_S4U 0x00040000
2770 #endif
2771
2772 #define MSV1_0_SUBAUTHENTICATION_DLL 0xFF000000
2773 #define MSV1_0_SUBAUTHENTICATION_DLL_SHIFT 24
2774 #define MSV1_0_MNS_LOGON 0x01000000
2775
2776 #define MSV1_0_SUBAUTHENTICATION_DLL_RAS 2
2777 #define MSV1_0_SUBAUTHENTICATION_DLL_IIS 132
2778
2779 #define LOGON_GUEST 0x01
2780 #define LOGON_NOENCRYPTION 0x02
2781 #define LOGON_CACHED_ACCOUNT 0x04
2782 #define LOGON_USED_LM_PASSWORD 0x08
2783 #define LOGON_EXTRA_SIDS 0x20
2784 #define LOGON_SUBAUTH_SESSION_KEY 0x40
2785 #define LOGON_SERVER_TRUST_ACCOUNT 0x80
2786 #define LOGON_NTLMV2_ENABLED 0x100
2787 #define LOGON_RESOURCE_GROUPS 0x200
2788 #define LOGON_PROFILE_PATH_RETURNED 0x400
2789 #define LOGON_NT_V2 0x800
2790 #define LOGON_LM_V2 0x1000
2791 #define LOGON_NTLM_V2 0x2000
2792
2793 #if (_WIN32_WINNT >= 0x0600)
2794
2795 #define LOGON_OPTIMIZED 0x4000
2796 #define LOGON_WINLOGON 0x8000
2797 #define LOGON_PKINIT 0x10000
2798 #define LOGON_NO_OPTIMIZED 0x20000
2799
2800 #endif
2801
2802 #define MSV1_0_SUBAUTHENTICATION_FLAGS 0xFF000000
2803
2804 #define LOGON_GRACE_LOGON 0x01000000
2805
2806 #define MSV1_0_OWF_PASSWORD_LENGTH 16
2807 #define MSV1_0_CRED_LM_PRESENT 0x1
2808 #define MSV1_0_CRED_NT_PRESENT 0x2
2809 #define MSV1_0_CRED_VERSION 0
2810
2811 #define MSV1_0_NTLM3_RESPONSE_LENGTH 16
2812 #define MSV1_0_NTLM3_OWF_LENGTH 16
2813
2814 #if (_WIN32_WINNT == 0x0500)
2815 #define MSV1_0_MAX_NTLM3_LIFE 1800
2816 #else
2817 #define MSV1_0_MAX_NTLM3_LIFE 129600
2818 #endif
2819 #define MSV1_0_MAX_AVL_SIZE 64000
2820
2821 #if (_WIN32_WINNT >= 0x0501)
2822
2823 #define MSV1_0_AV_FLAG_FORCE_GUEST 0x00000001
2824
2825 #if (_WIN32_WINNT >= 0x0600)
2826 #define MSV1_0_AV_FLAG_MIC_HANDSHAKE_MESSAGES 0x00000002
2827 #endif
2828
2829 #endif
2830
2831 #define MSV1_0_NTLM3_INPUT_LENGTH (sizeof(MSV1_0_NTLM3_RESPONSE) - MSV1_0_NTLM3_RESPONSE_LENGTH)
2832
2833 #if(_WIN32_WINNT >= 0x0502)
2834 #define MSV1_0_NTLM3_MIN_NT_RESPONSE_LENGTH RTL_SIZEOF_THROUGH_FIELD(MSV1_0_NTLM3_RESPONSE, AvPairsOff)
2835 #endif
2836
2837 #define USE_PRIMARY_PASSWORD 0x01
2838 #define RETURN_PRIMARY_USERNAME 0x02
2839 #define RETURN_PRIMARY_LOGON_DOMAINNAME 0x04
2840 #define RETURN_NON_NT_USER_SESSION_KEY 0x08
2841 #define GENERATE_CLIENT_CHALLENGE 0x10
2842 #define GCR_NTLM3_PARMS 0x20
2843 #define GCR_TARGET_INFO 0x40
2844 #define RETURN_RESERVED_PARAMETER 0x80
2845 #define GCR_ALLOW_NTLM 0x100
2846 #define GCR_USE_OEM_SET 0x200
2847 #define GCR_MACHINE_CREDENTIAL 0x400
2848 #define GCR_USE_OWF_PASSWORD 0x800
2849 #define GCR_ALLOW_LM 0x1000
2850 #define GCR_ALLOW_NO_TARGET 0x2000
2851
2852 typedef enum _MSV1_0_LOGON_SUBMIT_TYPE {
2853 MsV1_0InteractiveLogon = 2,
2854 MsV1_0Lm20Logon,
2855 MsV1_0NetworkLogon,
2856 MsV1_0SubAuthLogon,
2857 MsV1_0WorkstationUnlockLogon = 7,
2858 MsV1_0S4ULogon = 12,
2859 MsV1_0VirtualLogon = 82
2860 } MSV1_0_LOGON_SUBMIT_TYPE, *PMSV1_0_LOGON_SUBMIT_TYPE;
2861
2862 typedef enum _MSV1_0_PROFILE_BUFFER_TYPE {
2863 MsV1_0InteractiveProfile = 2,
2864 MsV1_0Lm20LogonProfile,
2865 MsV1_0SmartCardProfile
2866 } MSV1_0_PROFILE_BUFFER_TYPE, *PMSV1_0_PROFILE_BUFFER_TYPE;
2867
2868 typedef struct _MSV1_0_INTERACTIVE_LOGON {
2869 MSV1_0_LOGON_SUBMIT_TYPE MessageType;
2870 UNICODE_STRING LogonDomainName;
2871 UNICODE_STRING UserName;
2872 UNICODE_STRING Password;
2873 } MSV1_0_INTERACTIVE_LOGON, *PMSV1_0_INTERACTIVE_LOGON;
2874
2875 typedef struct _MSV1_0_INTERACTIVE_PROFILE {
2876 MSV1_0_PROFILE_BUFFER_TYPE MessageType;
2877 USHORT LogonCount;
2878 USHORT BadPasswordCount;
2879 LARGE_INTEGER LogonTime;
2880 LARGE_INTEGER LogoffTime;
2881 LARGE_INTEGER KickOffTime;
2882 LARGE_INTEGER PasswordLastSet;
2883 LARGE_INTEGER PasswordCanChange;
2884 LARGE_INTEGER PasswordMustChange;
2885 UNICODE_STRING LogonScript;
2886 UNICODE_STRING HomeDirectory;
2887 UNICODE_STRING FullName;
2888 UNICODE_STRING ProfilePath;
2889 UNICODE_STRING HomeDirectoryDrive;
2890 UNICODE_STRING LogonServer;
2891 ULONG UserFlags;
2892 } MSV1_0_INTERACTIVE_PROFILE, *PMSV1_0_INTERACTIVE_PROFILE;
2893
2894 typedef struct _MSV1_0_LM20_LOGON {
2895 MSV1_0_LOGON_SUBMIT_TYPE MessageType;
2896 UNICODE_STRING LogonDomainName;
2897 UNICODE_STRING UserName;
2898 UNICODE_STRING Workstation;
2899 UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH];
2900 STRING CaseSensitiveChallengeResponse;
2901 STRING CaseInsensitiveChallengeResponse;
2902 ULONG ParameterControl;
2903 } MSV1_0_LM20_LOGON, * PMSV1_0_LM20_LOGON;
2904
2905 typedef struct _MSV1_0_SUBAUTH_LOGON {
2906 MSV1_0_LOGON_SUBMIT_TYPE MessageType;
2907 UNICODE_STRING LogonDomainName;
2908 UNICODE_STRING UserName;
2909 UNICODE_STRING Workstation;
2910 UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH];
2911 STRING AuthenticationInfo1;
2912 STRING AuthenticationInfo2;
2913 ULONG ParameterControl;
2914 ULONG SubAuthPackageId;
2915 } MSV1_0_SUBAUTH_LOGON, * PMSV1_0_SUBAUTH_LOGON;
2916
2917 #if (_WIN32_WINNT >= 0x0600)
2918
2919 #define MSV1_0_S4U_LOGON_FLAG_CHECK_LOGONHOURS 0x2
2920
2921 typedef struct _MSV1_0_S4U_LOGON {
2922 MSV1_0_LOGON_SUBMIT_TYPE MessageType;
2923 ULONG Flags;
2924 UNICODE_STRING UserPrincipalName;
2925 UNICODE_STRING DomainName;
2926 } MSV1_0_S4U_LOGON, *PMSV1_0_S4U_LOGON;
2927
2928 #endif
2929
2930 typedef struct _MSV1_0_LM20_LOGON_PROFILE {
2931 MSV1_0_PROFILE_BUFFER_TYPE MessageType;
2932 LARGE_INTEGER KickOffTime;
2933 LARGE_INTEGER LogoffTime;
2934 ULONG UserFlags;
2935 UCHAR UserSessionKey[MSV1_0_USER_SESSION_KEY_LENGTH];
2936 UNICODE_STRING LogonDomainName;
2937 UCHAR LanmanSessionKey[MSV1_0_LANMAN_SESSION_KEY_LENGTH];
2938 UNICODE_STRING LogonServer;
2939 UNICODE_STRING UserParameters;
2940 } MSV1_0_LM20_LOGON_PROFILE, * PMSV1_0_LM20_LOGON_PROFILE;
2941
2942 typedef struct _MSV1_0_SUPPLEMENTAL_CREDENTIAL {
2943 ULONG Version;
2944 ULONG Flags;
2945 UCHAR LmPassword[MSV1_0_OWF_PASSWORD_LENGTH];
2946 UCHAR NtPassword[MSV1_0_OWF_PASSWORD_LENGTH];
2947 } MSV1_0_SUPPLEMENTAL_CREDENTIAL, *PMSV1_0_SUPPLEMENTAL_CREDENTIAL;
2948
2949 typedef struct _MSV1_0_NTLM3_RESPONSE {
2950 UCHAR Response[MSV1_0_NTLM3_RESPONSE_LENGTH];
2951 UCHAR RespType;
2952 UCHAR HiRespType;
2953 USHORT Flags;
2954 ULONG MsgWord;
2955 ULONGLONG TimeStamp;
2956 UCHAR ChallengeFromClient[MSV1_0_CHALLENGE_LENGTH];
2957 ULONG AvPairsOff;
2958 UCHAR Buffer[1];
2959 } MSV1_0_NTLM3_RESPONSE, *PMSV1_0_NTLM3_RESPONSE;
2960
2961 typedef enum _MSV1_0_AVID {
2962 MsvAvEOL,
2963 MsvAvNbComputerName,
2964 MsvAvNbDomainName,
2965 MsvAvDnsComputerName,
2966 MsvAvDnsDomainName,
2967 #if (_WIN32_WINNT >= 0x0501)
2968 MsvAvDnsTreeName,
2969 MsvAvFlags,
2970 #if (_WIN32_WINNT >= 0x0600)
2971 MsvAvTimestamp,
2972 MsvAvRestrictions,
2973 MsvAvTargetName,
2974 MsvAvChannelBindings,
2975 #endif
2976 #endif
2977 } MSV1_0_AVID;
2978
2979 typedef struct _MSV1_0_AV_PAIR {
2980 USHORT AvId;
2981 USHORT AvLen;
2982 } MSV1_0_AV_PAIR, *PMSV1_0_AV_PAIR;
2983
2984 typedef enum _MSV1_0_PROTOCOL_MESSAGE_TYPE {
2985 MsV1_0Lm20ChallengeRequest = 0,
2986 MsV1_0Lm20GetChallengeResponse,
2987 MsV1_0EnumerateUsers,
2988 MsV1_0GetUserInfo,
2989 MsV1_0ReLogonUsers,
2990 MsV1_0ChangePassword,
2991 MsV1_0ChangeCachedPassword,
2992 MsV1_0GenericPassthrough,
2993 MsV1_0CacheLogon,
2994 MsV1_0SubAuth,
2995 MsV1_0DeriveCredential,
2996 MsV1_0CacheLookup,
2997 #if (_WIN32_WINNT >= 0x0501)
2998 MsV1_0SetProcessOption,
2999 #endif
3000 #if (_WIN32_WINNT >= 0x0600)
3001 MsV1_0ConfigLocalAliases,
3002 MsV1_0ClearCachedCredentials,
3003 #endif
3004 } MSV1_0_PROTOCOL_MESSAGE_TYPE, *PMSV1_0_PROTOCOL_MESSAGE_TYPE;
3005
3006 typedef struct _MSV1_0_LM20_CHALLENGE_REQUEST {
3007 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
3008 } MSV1_0_LM20_CHALLENGE_REQUEST, *PMSV1_0_LM20_CHALLENGE_REQUEST;
3009
3010 typedef struct _MSV1_0_LM20_CHALLENGE_RESPONSE {
3011 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
3012 UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH];
3013 } MSV1_0_LM20_CHALLENGE_RESPONSE, *PMSV1_0_LM20_CHALLENGE_RESPONSE;
3014
3015 typedef struct _MSV1_0_GETCHALLENRESP_REQUEST_V1 {
3016 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
3017 ULONG ParameterControl;
3018 LUID LogonId;
3019 UNICODE_STRING Password;
3020 UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH];
3021 } MSV1_0_GETCHALLENRESP_REQUEST_V1, *PMSV1_0_GETCHALLENRESP_REQUEST_V1;
3022
3023 typedef struct _MSV1_0_GETCHALLENRESP_REQUEST {
3024 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
3025 ULONG ParameterControl;
3026 LUID LogonId;
3027 UNICODE_STRING Password;
3028 UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH];
3029 UNICODE_STRING UserName;
3030 UNICODE_STRING LogonDomainName;
3031 UNICODE_STRING ServerName;
3032 } MSV1_0_GETCHALLENRESP_REQUEST, *PMSV1_0_GETCHALLENRESP_REQUEST;
3033
3034 typedef struct _MSV1_0_GETCHALLENRESP_RESPONSE {
3035 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
3036 STRING CaseSensitiveChallengeResponse;
3037 STRING CaseInsensitiveChallengeResponse;
3038 UNICODE_STRING UserName;
3039 UNICODE_STRING LogonDomainName;
3040 UCHAR UserSessionKey[MSV1_0_USER_SESSION_KEY_LENGTH];
3041 UCHAR LanmanSessionKey[MSV1_0_LANMAN_SESSION_KEY_LENGTH];
3042 } MSV1_0_GETCHALLENRESP_RESPONSE, *PMSV1_0_GETCHALLENRESP_RESPONSE;
3043
3044 typedef struct _MSV1_0_ENUMUSERS_REQUEST {
3045 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
3046 } MSV1_0_ENUMUSERS_REQUEST, *PMSV1_0_ENUMUSERS_REQUEST;
3047
3048 typedef struct _MSV1_0_ENUMUSERS_RESPONSE {
3049 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
3050 ULONG NumberOfLoggedOnUsers;
3051 PLUID LogonIds;
3052 PULONG EnumHandles;
3053 } MSV1_0_ENUMUSERS_RESPONSE, *PMSV1_0_ENUMUSERS_RESPONSE;
3054
3055 typedef struct _MSV1_0_GETUSERINFO_REQUEST {
3056 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
3057 LUID LogonId;
3058 } MSV1_0_GETUSERINFO_REQUEST, *PMSV1_0_GETUSERINFO_REQUEST;
3059
3060 typedef struct _MSV1_0_GETUSERINFO_RESPONSE {
3061 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
3062 PSID UserSid;
3063 UNICODE_STRING UserName;
3064 UNICODE_STRING LogonDomainName;
3065 UNICODE_STRING LogonServer;
3066 SECURITY_LOGON_TYPE LogonType;
3067 } MSV1_0_GETUSERINFO_RESPONSE, *PMSV1_0_GETUSERINFO_RESPONSE;
3068
3069
3070
3071 #define FILE_OPLOCK_BROKEN_TO_LEVEL_2 0x00000007
3072 #define FILE_OPLOCK_BROKEN_TO_NONE 0x00000008
3073 #define FILE_OPBATCH_BREAK_UNDERWAY 0x00000009
3074
3075 /* also in winnt.h */
3076 #define FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001
3077 #define FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002
3078 #define FILE_NOTIFY_CHANGE_NAME 0x00000003
3079 #define FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004
3080 #define FILE_NOTIFY_CHANGE_SIZE 0x00000008
3081 #define FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010
3082 #define FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020
3083 #define FILE_NOTIFY_CHANGE_CREATION 0x00000040
3084 #define FILE_NOTIFY_CHANGE_EA 0x00000080
3085 #define FILE_NOTIFY_CHANGE_SECURITY 0x00000100
3086 #define FILE_NOTIFY_CHANGE_STREAM_NAME 0x00000200
3087 #define FILE_NOTIFY_CHANGE_STREAM_SIZE 0x00000400
3088 #define FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800
3089 #define FILE_NOTIFY_VALID_MASK 0x00000fff
3090
3091 #define FILE_ACTION_ADDED 0x00000001
3092 #define FILE_ACTION_REMOVED 0x00000002
3093 #define FILE_ACTION_MODIFIED 0x00000003
3094 #define FILE_ACTION_RENAMED_OLD_NAME 0x00000004
3095 #define FILE_ACTION_RENAMED_NEW_NAME 0x00000005
3096 #define FILE_ACTION_ADDED_STREAM 0x00000006
3097 #define FILE_ACTION_REMOVED_STREAM 0x00000007
3098 #define FILE_ACTION_MODIFIED_STREAM 0x00000008
3099 #define FILE_ACTION_REMOVED_BY_DELETE 0x00000009
3100 #define FILE_ACTION_ID_NOT_TUNNELLED 0x0000000A
3101 #define FILE_ACTION_TUNNELLED_ID_COLLISION 0x0000000B
3102 /* end winnt.h */
3103
3104 #define FILE_PIPE_BYTE_STREAM_TYPE 0x00000000
3105 #define FILE_PIPE_MESSAGE_TYPE 0x00000001
3106
3107 #define FILE_PIPE_ACCEPT_REMOTE_CLIENTS 0x00000000
3108 #define FILE_PIPE_REJECT_REMOTE_CLIENTS 0x00000002
3109
3110 #define FILE_PIPE_ACCEPT_REMOTE_CLIENTS 0x00000000
3111 #define FILE_PIPE_REJECT_REMOTE_CLIENTS 0x00000002
3112 #define FILE_PIPE_TYPE_VALID_MASK 0x00000003
3113
3114 #define FILE_PIPE_BYTE_STREAM_MODE 0x00000000
3115 #define FILE_PIPE_MESSAGE_MODE 0x00000001
3116
3117 #define FILE_PIPE_QUEUE_OPERATION 0x00000000
3118 #define FILE_PIPE_COMPLETE_OPERATION 0x00000001
3119
3120 #define FILE_PIPE_INBOUND 0x00000000
3121 #define FILE_PIPE_OUTBOUND 0x00000001
3122 #define FILE_PIPE_FULL_DUPLEX 0x00000002
3123
3124 #define FILE_PIPE_DISCONNECTED_STATE 0x00000001
3125 #define FILE_PIPE_LISTENING_STATE 0x00000002
3126 #define FILE_PIPE_CONNECTED_STATE 0x00000003
3127 #define FILE_PIPE_CLOSING_STATE 0x00000004
3128
3129 #define FILE_PIPE_CLIENT_END 0x00000000
3130 #define FILE_PIPE_SERVER_END 0x00000001
3131
3132 #define FILE_CASE_SENSITIVE_SEARCH 0x00000001
3133 #define FILE_CASE_PRESERVED_NAMES 0x00000002
3134 #define FILE_UNICODE_ON_DISK 0x00000004
3135 #define FILE_PERSISTENT_ACLS 0x00000008
3136 #define FILE_FILE_COMPRESSION 0x00000010
3137 #define FILE_VOLUME_QUOTAS 0x00000020
3138 #define FILE_SUPPORTS_SPARSE_FILES 0x00000040
3139 #define FILE_SUPPORTS_REPARSE_POINTS 0x00000080
3140 #define FILE_SUPPORTS_REMOTE_STORAGE 0x00000100
3141 #define FILE_VOLUME_IS_COMPRESSED 0x00008000
3142 #define FILE_SUPPORTS_OBJECT_IDS 0x00010000
3143 #define FILE_SUPPORTS_ENCRYPTION 0x00020000
3144 #define FILE_NAMED_STREAMS 0x00040000
3145 #define FILE_READ_ONLY_VOLUME 0x00080000
3146 #define FILE_SEQUENTIAL_WRITE_ONCE 0x00100000
3147 #define FILE_SUPPORTS_TRANSACTIONS 0x00200000
3148 #define FILE_SUPPORTS_HARD_LINKS 0x00400000
3149 #define FILE_SUPPORTS_EXTENDED_ATTRIBUTES 0x00800000
3150 #define FILE_SUPPORTS_OPEN_BY_FILE_ID 0x01000000
3151 #define FILE_SUPPORTS_USN_JOURNAL 0x02000000
3152
3153 #define FILE_NEED_EA 0x00000080
3154
3155 #define FILE_EA_TYPE_BINARY 0xfffe
3156 #define FILE_EA_TYPE_ASCII 0xfffd
3157 #define FILE_EA_TYPE_BITMAP 0xfffb
3158 #define FILE_EA_TYPE_METAFILE 0xfffa
3159 #define FILE_EA_TYPE_ICON 0xfff9
3160 #define FILE_EA_TYPE_EA 0xffee
3161 #define FILE_EA_TYPE_MVMT 0xffdf
3162 #define FILE_EA_TYPE_MVST 0xffde
3163 #define FILE_EA_TYPE_ASN1 0xffdd
3164 #define FILE_EA_TYPE_FAMILY_IDS 0xff01
3165
3166 typedef struct _FILE_NOTIFY_INFORMATION {
3167 ULONG NextEntryOffset;
3168 ULONG Action;
3169 ULONG FileNameLength;
3170 WCHAR FileName[1];
3171 } FILE_NOTIFY_INFORMATION, *PFILE_NOTIFY_INFORMATION;
3172
3173 typedef struct _FILE_DIRECTORY_INFORMATION {
3174 ULONG NextEntryOffset;
3175 ULONG FileIndex;
3176 LARGE_INTEGER CreationTime;
3177 LARGE_INTEGER LastAccessTime;
3178 LARGE_INTEGER LastWriteTime;
3179 LARGE_INTEGER ChangeTime;
3180 LARGE_INTEGER EndOfFile;
3181 LARGE_INTEGER AllocationSize;
3182 ULONG FileAttributes;
3183 ULONG FileNameLength;
3184 WCHAR FileName[1];
3185 } FILE_DIRECTORY_INFORMATION, *PFILE_DIRECTORY_INFORMATION;
3186
3187 typedef struct _FILE_FULL_DIR_INFORMATION {
3188 ULONG NextEntryOffset;
3189 ULONG FileIndex;
3190 LARGE_INTEGER CreationTime;
3191 LARGE_INTEGER LastAccessTime;
3192 LARGE_INTEGER LastWriteTime;
3193 LARGE_INTEGER ChangeTime;
3194 LARGE_INTEGER EndOfFile;
3195 LARGE_INTEGER AllocationSize;
3196 ULONG FileAttributes;
3197 ULONG FileNameLength;
3198 ULONG EaSize;
3199 WCHAR FileName[1];
3200 } FILE_FULL_DIR_INFORMATION, *PFILE_FULL_DIR_INFORMATION;
3201
3202 typedef struct _FILE_ID_FULL_DIR_INFORMATION {
3203 ULONG NextEntryOffset;
3204 ULONG FileIndex;
3205 LARGE_INTEGER CreationTime;
3206 LARGE_INTEGER LastAccessTime;
3207 LARGE_INTEGER LastWriteTime;
3208 LARGE_INTEGER ChangeTime;
3209 LARGE_INTEGER EndOfFile;
3210 LARGE_INTEGER AllocationSize;
3211 ULONG FileAttributes;
3212 ULONG FileNameLength;
3213 ULONG EaSize;
3214 LARGE_INTEGER FileId;
3215 WCHAR FileName[1];
3216 } FILE_ID_FULL_DIR_INFORMATION, *PFILE_ID_FULL_DIR_INFORMATION;
3217
3218 typedef struct _FILE_BOTH_DIR_INFORMATION {
3219 ULONG NextEntryOffset;
3220 ULONG FileIndex;
3221 LARGE_INTEGER CreationTime;
3222 LARGE_INTEGER LastAccessTime;
3223 LARGE_INTEGER LastWriteTime;
3224 LARGE_INTEGER ChangeTime;
3225 LARGE_INTEGER EndOfFile;
3226 LARGE_INTEGER AllocationSize;
3227 ULONG FileAttributes;
3228 ULONG FileNameLength;
3229 ULONG EaSize;
3230 CCHAR ShortNameLength;
3231 WCHAR ShortName[12];
3232 WCHAR FileName[1];
3233 } FILE_BOTH_DIR_INFORMATION, *PFILE_BOTH_DIR_INFORMATION;
3234
3235 typedef struct _FILE_ID_BOTH_DIR_INFORMATION {
3236 ULONG NextEntryOffset;
3237 ULONG FileIndex;
3238 LARGE_INTEGER CreationTime;
3239 LARGE_INTEGER LastAccessTime;
3240 LARGE_INTEGER LastWriteTime;
3241 LARGE_INTEGER ChangeTime;
3242 LARGE_INTEGER EndOfFile;
3243 LARGE_INTEGER AllocationSize;
3244 ULONG FileAttributes;
3245 ULONG FileNameLength;
3246 ULONG EaSize;
3247 CCHAR ShortNameLength;
3248 WCHAR ShortName[12];
3249 LARGE_INTEGER FileId;
3250 WCHAR FileName[1];
3251 } FILE_ID_BOTH_DIR_INFORMATION, *PFILE_ID_BOTH_DIR_INFORMATION;
3252
3253 typedef struct _FILE_NAMES_INFORMATION {
3254 ULONG NextEntryOffset;
3255 ULONG FileIndex;
3256 ULONG FileNameLength;
3257 WCHAR FileName[1];
3258 } FILE_NAMES_INFORMATION, *PFILE_NAMES_INFORMATION;
3259
3260 typedef struct _FILE_ID_GLOBAL_TX_DIR_INFORMATION {
3261 ULONG NextEntryOffset;
3262 ULONG FileIndex;
3263 LARGE_INTEGER CreationTime;
3264 LARGE_INTEGER LastAccessTime;
3265 LARGE_INTEGER LastWriteTime;
3266 LARGE_INTEGER ChangeTime;
3267 LARGE_INTEGER EndOfFile;
3268 LARGE_INTEGER AllocationSize;
3269 ULONG FileAttributes;
3270 ULONG FileNameLength;
3271 LARGE_INTEGER FileId;
3272 GUID LockingTransactionId;
3273 ULONG TxInfoFlags;
3274 WCHAR FileName[1];
3275 } FILE_ID_GLOBAL_TX_DIR_INFORMATION, *PFILE_ID_GLOBAL_TX_DIR_INFORMATION;
3276
3277 #define FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_WRITELOCKED 0x00000001
3278 #define FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_VISIBLE_TO_TX 0x00000002
3279 #define FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_VISIBLE_OUTSIDE_TX 0x00000004
3280
3281 typedef struct _FILE_OBJECTID_INFORMATION {
3282 LONGLONG FileReference;
3283 UCHAR ObjectId[16];
3284 _ANONYMOUS_UNION union {
3285 _ANONYMOUS_STRUCT struct {
3286 UCHAR BirthVolumeId[16];
3287 UCHAR BirthObjectId[16];
3288 UCHAR DomainId[16];
3289 } DUMMYSTRUCTNAME;
3290 UCHAR ExtendedInfo[48];
3291 } DUMMYUNIONNAME;
3292 } FILE_OBJECTID_INFORMATION, *PFILE_OBJECTID_INFORMATION;
3293
3294 #define ANSI_DOS_STAR ('<')
3295 #define ANSI_DOS_QM ('>')
3296 #define ANSI_DOS_DOT ('"')
3297
3298 #define DOS_STAR (L'<')
3299 #define DOS_QM (L'>')
3300 #define DOS_DOT (L'"')
3301
3302 typedef struct _FILE_INTERNAL_INFORMATION {
3303 LARGE_INTEGER IndexNumber;
3304 } FILE_INTERNAL_INFORMATION, *PFILE_INTERNAL_INFORMATION;
3305
3306 typedef struct _FILE_EA_INFORMATION {
3307 ULONG EaSize;
3308 } FILE_EA_INFORMATION, *PFILE_EA_INFORMATION;
3309
3310 typedef struct _FILE_ACCESS_INFORMATION {
3311 ACCESS_MASK AccessFlags;
3312 } FILE_ACCESS_INFORMATION, *PFILE_ACCESS_INFORMATION;
3313
3314 typedef struct _FILE_MODE_INFORMATION {
3315 ULONG Mode;
3316 } FILE_MODE_INFORMATION, *PFILE_MODE_INFORMATION;
3317
3318 typedef struct _FILE_ALL_INFORMATION {
3319 FILE_BASIC_INFORMATION BasicInformation;
3320 FILE_STANDARD_INFORMATION StandardInformation;
3321 FILE_INTERNAL_INFORMATION InternalInformation;
3322 FILE_EA_INFORMATION EaInformation;
3323 FILE_ACCESS_INFORMATION AccessInformation;
3324 FILE_POSITION_INFORMATION PositionInformation;
3325 FILE_MODE_INFORMATION ModeInformation;
3326 FILE_ALIGNMENT_INFORMATION AlignmentInformation;
3327 FILE_NAME_INFORMATION NameInformation;
3328 } FILE_ALL_INFORMATION, *PFILE_ALL_INFORMATION;
3329
3330 typedef struct _FILE_ALLOCATION_INFORMATION {
3331 LARGE_INTEGER AllocationSize;
3332 } FILE_ALLOCATION_INFORMATION, *PFILE_ALLOCATION_INFORMATION;
3333
3334 typedef struct _FILE_COMPRESSION_INFORMATION {
3335 LARGE_INTEGER CompressedFileSize;
3336 USHORT CompressionFormat;
3337 UCHAR CompressionUnitShift;
3338 UCHAR ChunkShift;
3339 UCHAR ClusterShift;
3340 UCHAR Reserved[3];
3341 } FILE_COMPRESSION_INFORMATION, *PFILE_COMPRESSION_INFORMATION;
3342
3343 typedef struct _FILE_LINK_INFORMATION {
3344 BOOLEAN ReplaceIfExists;
3345 HANDLE RootDirectory;
3346 ULONG FileNameLength;
3347 WCHAR FileName[1];
3348 } FILE_LINK_INFORMATION, *PFILE_LINK_INFORMATION;
3349
3350 typedef struct _FILE_MOVE_CLUSTER_INFORMATION {
3351 ULONG ClusterCount;
3352 HANDLE RootDirectory;
3353 ULONG FileNameLength;
3354 WCHAR FileName[1];
3355 } FILE_MOVE_CLUSTER_INFORMATION, *PFILE_MOVE_CLUSTER_INFORMATION;
3356
3357 typedef struct _FILE_RENAME_INFORMATION {
3358 BOOLEAN ReplaceIfExists;
3359 HANDLE RootDirectory;
3360 ULONG FileNameLength;
3361 WCHAR FileName[1];
3362 } FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION;
3363
3364 typedef struct _FILE_STREAM_INFORMATION {
3365 ULONG NextEntryOffset;
3366 ULONG StreamNameLength;
3367 LARGE_INTEGER StreamSize;
3368 LARGE_INTEGER StreamAllocationSize;
3369 WCHAR StreamName[1];
3370 } FILE_STREAM_INFORMATION, *PFILE_STREAM_INFORMATION;
3371
3372 typedef struct _FILE_TRACKING_INFORMATION {
3373 HANDLE DestinationFile;
3374 ULONG ObjectInformationLength;
3375 CHAR ObjectInformation[1];
3376 } FILE_TRACKING_INFORMATION, *PFILE_TRACKING_INFORMATION;
3377
3378 typedef struct _FILE_COMPLETION_INFORMATION {
3379 HANDLE Port;
3380 PVOID Key;
3381 } FILE_COMPLETION_INFORMATION, *PFILE_COMPLETION_INFORMATION;
3382
3383 typedef struct _FILE_PIPE_INFORMATION {
3384 ULONG ReadMode;
3385 ULONG CompletionMode;
3386 } FILE_PIPE_INFORMATION, *PFILE_PIPE_INFORMATION;
3387
3388 typedef struct _FILE_PIPE_LOCAL_INFORMATION {
3389 ULONG NamedPipeType;
3390 ULONG NamedPipeConfiguration;
3391 ULONG MaximumInstances;
3392 ULONG CurrentInstances;
3393 ULONG InboundQuota;
3394 ULONG ReadDataAvailable;
3395 ULONG OutboundQuota;
3396 ULONG WriteQuotaAvailable;
3397 ULONG NamedPipeState;
3398 ULONG NamedPipeEnd;
3399 } FILE_PIPE_LOCAL_INFORMATION, *PFILE_PIPE_LOCAL_INFORMATION;
3400
3401 typedef struct _FILE_PIPE_REMOTE_INFORMATION {
3402 LARGE_INTEGER CollectDataTime;
3403 ULONG MaximumCollectionCount;
3404 } FILE_PIPE_REMOTE_INFORMATION, *PFILE_PIPE_REMOTE_INFORMATION;
3405
3406 typedef struct _FILE_MAILSLOT_QUERY_INFORMATION {
3407 ULONG MaximumMessageSize;
3408 ULONG MailslotQuota;
3409 ULONG NextMessageSize;
3410 ULONG MessagesAvailable;
3411 LARGE_INTEGER ReadTimeout;
3412 } FILE_MAILSLOT_QUERY_INFORMATION, *PFILE_MAILSLOT_QUERY_INFORMATION;
3413
3414 typedef struct _FILE_MAILSLOT_SET_INFORMATION {
3415 PLARGE_INTEGER ReadTimeout;
3416 } FILE_MAILSLOT_SET_INFORMATION, *PFILE_MAILSLOT_SET_INFORMATION;
3417
3418 typedef struct _FILE_REPARSE_POINT_INFORMATION {
3419 LONGLONG FileReference;
3420 ULONG Tag;
3421 } FILE_REPARSE_POINT_INFORMATION, *PFILE_REPARSE_POINT_INFORMATION;
3422
3423 typedef struct _FILE_LINK_ENTRY_INFORMATION {
3424 ULONG NextEntryOffset;
3425 LONGLONG ParentFileId;
3426 ULONG FileNameLength;
3427 WCHAR FileName[1];
3428 } FILE_LINK_ENTRY_INFORMATION, *PFILE_LINK_ENTRY_INFORMATION;
3429
3430 typedef struct _FILE_LINKS_INFORMATION {
3431 ULONG BytesNeeded;
3432 ULONG EntriesReturned;
3433 FILE_LINK_ENTRY_INFORMATION Entry;
3434 } FILE_LINKS_INFORMATION, *PFILE_LINKS_INFORMATION;
3435
3436 typedef struct _FILE_NETWORK_PHYSICAL_NAME_INFORMATION {
3437 ULONG FileNameLength;
3438 WCHAR FileName[1];
3439 } FILE_NETWORK_PHYSICAL_NAME_INFORMATION, *PFILE_NETWORK_PHYSICAL_NAME_INFORMATION;
3440
3441 typedef struct _FILE_STANDARD_LINK_INFORMATION {
3442 ULONG NumberOfAccessibleLinks;
3443 ULONG TotalNumberOfLinks;
3444 BOOLEAN DeletePending;
3445 BOOLEAN Directory;
3446 } FILE_STANDARD_LINK_INFORMATION, *PFILE_STANDARD_LINK_INFORMATION;
3447
3448 typedef struct _FILE_GET_EA_INFORMATION {
3449 ULONG NextEntryOffset;
3450 UCHAR EaNameLength;
3451 CHAR EaName[1];
3452 } FILE_GET_EA_INFORMATION, *PFILE_GET_EA_INFORMATION;
3453
3454 #define REMOTE_PROTOCOL_FLAG_LOOPBACK 0x00000001
3455 #define REMOTE_PROTOCOL_FLAG_OFFLINE 0x00000002
3456
3457 typedef struct _FILE_REMOTE_PROTOCOL_INFORMATION {
3458 USHORT StructureVersion;
3459 USHORT StructureSize;
3460 ULONG Protocol;
3461 USHORT ProtocolMajorVersion;
3462 USHORT ProtocolMinorVersion;
3463 USHORT ProtocolRevision;
3464 USHORT Reserved;
3465 ULONG Flags;
3466 struct {
3467 ULONG Reserved[8];
3468 } GenericReserved;
3469 struct {
3470 ULONG Reserved[16];
3471 } ProtocolSpecificReserved;
3472 } FILE_REMOTE_PROTOCOL_INFORMATION, *PFILE_REMOTE_PROTOCOL_INFORMATION;
3473
3474 typedef struct _FILE_GET_QUOTA_INFORMATION {
3475 ULONG NextEntryOffset;
3476 ULONG SidLength;
3477 SID Sid;
3478 } FILE_GET_QUOTA_INFORMATION, *PFILE_GET_QUOTA_INFORMATION;
3479
3480 typedef struct _FILE_QUOTA_INFORMATION {
3481 ULONG NextEntryOffset;
3482 ULONG SidLength;
3483 LARGE_INTEGER ChangeTime;
3484 LARGE_INTEGER QuotaUsed;
3485 LARGE_INTEGER QuotaThreshold;
3486 LARGE_INTEGER QuotaLimit;
3487 SID Sid;
3488 } FILE_QUOTA_INFORMATION, *PFILE_QUOTA_INFORMATION;
3489
3490 typedef struct _FILE_FS_ATTRIBUTE_INFORMATION {
3491 ULONG FileSystemAttributes;
3492 ULONG MaximumComponentNameLength;
3493 ULONG FileSystemNameLength;
3494 WCHAR FileSystemName[1];
3495 } FILE_FS_ATTRIBUTE_INFORMATION, *PFILE_FS_ATTRIBUTE_INFORMATION;
3496
3497 typedef struct _FILE_FS_DRIVER_PATH_INFORMATION {
3498 BOOLEAN DriverInPath;
3499 ULONG DriverNameLength;
3500 WCHAR DriverName[1];
3501 } FILE_FS_DRIVER_PATH_INFORMATION, *PFILE_FS_DRIVER_PATH_INFORMATION;
3502
3503 typedef struct _FILE_FS_VOLUME_FLAGS_INFORMATION {
3504 ULONG Flags;
3505 } FILE_FS_VOLUME_FLAGS_INFORMATION, *PFILE_FS_VOLUME_FLAGS_INFORMATION;
3506
3507 #define FILE_VC_QUOTA_NONE 0x00000000
3508 #define FILE_VC_QUOTA_TRACK 0x00000001
3509 #define FILE_VC_QUOTA_ENFORCE 0x00000002
3510 #define FILE_VC_QUOTA_MASK 0x00000003
3511 #define FILE_VC_CONTENT_INDEX_DISABLED 0x00000008
3512 #define FILE_VC_LOG_QUOTA_THRESHOLD 0x00000010
3513 #define FILE_VC_LOG_QUOTA_LIMIT 0x00000020
3514 #define FILE_VC_LOG_VOLUME_THRESHOLD 0x00000040
3515 #define FILE_VC_LOG_VOLUME_LIMIT 0x00000080
3516 #define FILE_VC_QUOTAS_INCOMPLETE 0x00000100
3517 #define FILE_VC_QUOTAS_REBUILDING 0x00000200
3518 #define FILE_VC_VALID_MASK 0x000003ff
3519
3520 typedef struct _FILE_FS_CONTROL_INFORMATION {
3521 LARGE_INTEGER FreeSpaceStartFiltering;
3522 LARGE_INTEGER FreeSpaceThreshold;
3523 LARGE_INTEGER FreeSpaceStopFiltering;
3524 LARGE_INTEGER DefaultQuotaThreshold;
3525 LARGE_INTEGER DefaultQuotaLimit;
3526 ULONG FileSystemControlFlags;
3527 } FILE_FS_CONTROL_INFORMATION, *PFILE_FS_CONTROL_INFORMATION;
3528
3529 #ifndef _FILESYSTEMFSCTL_
3530 #define _FILESYSTEMFSCTL_
3531
3532 #define FSCTL_REQUEST_OPLOCK_LEVEL_1 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
3533 #define FSCTL_REQUEST_OPLOCK_LEVEL_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
3534 #define FSCTL_REQUEST_BATCH_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
3535 #define FSCTL_OPLOCK_BREAK_ACKNOWLEDGE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 3, METHOD_BUFFERED, FILE_ANY_ACCESS)
3536 #define FSCTL_OPBATCH_ACK_CLOSE_PENDING CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
3537 #define FSCTL_OPLOCK_BREAK_NOTIFY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 5, METHOD_BUFFERED, FILE_ANY_ACCESS)
3538 #define FSCTL_LOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
3539 #define FSCTL_UNLOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
3540 #define FSCTL_DISMOUNT_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
3541 #define FSCTL_IS_VOLUME_MOUNTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 10, METHOD_BUFFERED, FILE_ANY_ACCESS)
3542 #define FSCTL_IS_PATHNAME_VALID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 11, METHOD_BUFFERED, FILE_ANY_ACCESS)
3543 #define FSCTL_MARK_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 12, METHOD_BUFFERED, FILE_ANY_ACCESS)
3544 #define FSCTL_QUERY_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 14, METHOD_NEITHER, FILE_ANY_ACCESS)
3545 #define FSCTL_GET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 15, METHOD_BUFFERED, FILE_ANY_ACCESS)
3546 #define FSCTL_SET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 16, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
3547 #define FSCTL_SET_BOOTLOADER_ACCESSED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 19, METHOD_NEITHER, FILE_ANY_ACCESS)
3548
3549 #define FSCTL_OPLOCK_BREAK_ACK_NO_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 20, METHOD_BUFFERED, FILE_ANY_ACCESS)
3550 #define FSCTL_INVALIDATE_VOLUMES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 21, METHOD_BUFFERED, FILE_ANY_ACCESS)
3551 #define FSCTL_QUERY_FAT_BPB CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 22, METHOD_BUFFERED, FILE_ANY_ACCESS)
3552 #define FSCTL_REQUEST_FILTER_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 23, METHOD_BUFFERED, FILE_ANY_ACCESS)
3553 #define FSCTL_FILESYSTEM_GET_STATISTICS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 24, METHOD_BUFFERED, FILE_ANY_ACCESS)
3554
3555 #if (_WIN32_WINNT >= 0x0400)
3556
3557 #define FSCTL_GET_NTFS_VOLUME_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 25, METHOD_BUFFERED, FILE_ANY_ACCESS)
3558 #define FSCTL_GET_NTFS_FILE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 26, METHOD_BUFFERED, FILE_ANY_ACCESS)
3559 #define FSCTL_GET_VOLUME_BITMAP CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 27, METHOD_NEITHER, FILE_ANY_ACCESS)
3560 #define FSCTL_GET_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 28, METHOD_NEITHER, FILE_ANY_ACCESS)
3561 #define FSCTL_MOVE_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 29, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
3562 #define FSCTL_IS_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 30, METHOD_BUFFERED, FILE_ANY_ACCESS)
3563 #define FSCTL_ALLOW_EXTENDED_DASD_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 32, METHOD_NEITHER, FILE_ANY_ACCESS)
3564
3565 #endif
3566
3567 #if (_WIN32_WINNT >= 0x0500)
3568
3569 #define FSCTL_FIND_FILES_BY_SID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 35, METHOD_NEITHER, FILE_ANY_ACCESS)
3570 #define FSCTL_SET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 38, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
3571 #define FSCTL_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 39, METHOD_BUFFERED, FILE_ANY_ACCESS)
3572 #define FSCTL_DELETE_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 40, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
3573 #define FSCTL_SET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 41, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
3574 #define FSCTL_GET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 42, METHOD_BUFFERED, FILE_ANY_ACCESS)
3575 #define FSCTL_DELETE_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 43, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
3576 #define FSCTL_ENUM_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 44, METHOD_NEITHER, FILE_ANY_ACCESS)
3577 #define FSCTL_SECURITY_ID_CHECK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 45, METHOD_NEITHER, FILE_READ_DATA)
3578 #define FSCTL_READ_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 46, METHOD_NEITHER, FILE_ANY_ACCESS)
3579 #define FSCTL_SET_OBJECT_ID_EXTENDED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 47, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
3580 #define FSCTL_CREATE_OR_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 48, METHOD_BUFFERED, FILE_ANY_ACCESS)
3581 #define FSCTL_SET_SPARSE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 49, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
3582 #define FSCTL_SET_ZERO_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 50, METHOD_BUFFERED, FILE_WRITE_DATA)
3583 #define FSCTL_QUERY_ALLOCATED_RANGES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 51, METHOD_NEITHER, FILE_READ_DATA)
3584 #define FSCTL_ENABLE_UPGRADE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 52, METHOD_BUFFERED, FILE_WRITE_DATA)
3585 #define FSCTL_SET_ENCRYPTION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 53, METHOD_NEITHER, FILE_ANY_ACCESS)
3586 #define FSCTL_ENCRYPTION_FSCTL_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 54, METHOD_NEITHER, FILE_ANY_ACCESS)
3587 #define FSCTL_WRITE_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 55, METHOD_NEITHER, FILE_SPECIAL_ACCESS)
3588 #define FSCTL_READ_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 56, METHOD_NEITHER, FILE_SPECIAL_ACCESS)
3589 #define FSCTL_CREATE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 57, METHOD_NEITHER, FILE_ANY_ACCESS)
3590 #define FSCTL_READ_FILE_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 58, METHOD_NEITHER, FILE_ANY_ACCESS)
3591 #define FSCTL_WRITE_USN_CLOSE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 59, METHOD_NEITHER, FILE_ANY_ACCESS)
3592 #define FSCTL_EXTEND_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 60, METHOD_BUFFERED, FILE_ANY_ACCESS)
3593 #define FSCTL_QUERY_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 61, METHOD_BUFFERED, FILE_ANY_ACCESS)
3594 #define FSCTL_DELETE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 62, METHOD_BUFFERED, FILE_ANY_ACCESS)
3595 #define FSCTL_MARK_HANDLE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 63, METHOD_BUFFERED, FILE_ANY_ACCESS)
3596 #define FSCTL_SIS_COPYFILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 64, METHOD_BUFFERED, FILE_ANY_ACCESS)
3597 #define FSCTL_SIS_LINK_FILES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 65, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
3598 #define FSCTL_RECALL_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 69, METHOD_NEITHER, FILE_ANY_ACCESS)
3599 #define FSCTL_READ_FROM_PLEX CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 71, METHOD_OUT_DIRECT, FILE_READ_DATA)
3600 #define FSCTL_FILE_PREFETCH CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 72, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
3601
3602 #endif
3603
3604 #if (_WIN32_WINNT >= 0x0600)
3605
3606 #define FSCTL_MAKE_MEDIA_COMPATIBLE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 76, METHOD_BUFFERED, FILE_WRITE_DATA)
3607 #define FSCTL_SET_DEFECT_MANAGEMENT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 77, METHOD_BUFFERED, FILE_WRITE_DATA)
3608 #define FSCTL_QUERY_SPARING_INFO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 78, METHOD_BUFFERED, FILE_ANY_ACCESS)
3609 #define FSCTL_QUERY_ON_DISK_VOLUME_INFO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 79, METHOD_BUFFERED, FILE_ANY_ACCESS)
3610 #define FSCTL_SET_VOLUME_COMPRESSION_STATE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 80, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
3611 #define FSCTL_TXFS_MODIFY_RM CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 81, METHOD_BUFFERED, FILE_WRITE_DATA)
3612 #define FSCTL_TXFS_QUERY_RM_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 82, METHOD_BUFFERED, FILE_READ_DATA)
3613 #define FSCTL_TXFS_ROLLFORWARD_REDO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 84, METHOD_BUFFERED, FILE_WRITE_DATA)
3614 #define FSCTL_TXFS_ROLLFORWARD_UNDO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 85, METHOD_BUFFERED, FILE_WRITE_DATA)
3615 #define FSCTL_TXFS_START_RM CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 86, METHOD_BUFFERED, FILE_WRITE_DATA)
3616 #define FSCTL_TXFS_SHUTDOWN_RM CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 87, METHOD_BUFFERED, FILE_WRITE_DATA)
3617 #define FSCTL_TXFS_READ_BACKUP_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 88, METHOD_BUFFERED, FILE_READ_DATA)
3618 #define FSCTL_TXFS_WRITE_BACKUP_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 89, METHOD_BUFFERED, FILE_WRITE_DATA)
3619 #define FSCTL_TXFS_CREATE_SECONDARY_RM CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 90, METHOD_BUFFERED, FILE_WRITE_DATA)
3620 #define FSCTL_TXFS_GET_METADATA_INFO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 91, METHOD_BUFFERED, FILE_READ_DATA)
3621 #define FSCTL_TXFS_GET_TRANSACTED_VERSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 92, METHOD_BUFFERED, FILE_READ_DATA)
3622 #define FSCTL_TXFS_SAVEPOINT_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 94, METHOD_BUFFERED, FILE_WRITE_DATA)
3623 #define FSCTL_TXFS_CREATE_MINIVERSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 95, METHOD_BUFFERED, FILE_WRITE_DATA)
3624 #define FSCTL_TXFS_TRANSACTION_ACTIVE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 99, METHOD_BUFFERED, FILE_READ_DATA)
3625 #define FSCTL_SET_ZERO_ON_DEALLOCATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 101, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
3626 #define FSCTL_SET_REPAIR CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 102, METHOD_BUFFERED, FILE_ANY_ACCESS)
3627 #define FSCTL_GET_REPAIR CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 103, METHOD_BUFFERED, FILE_ANY_ACCESS)
3628 #define FSCTL_WAIT_FOR_REPAIR CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 104, METHOD_BUFFERED, FILE_ANY_ACCESS)
3629 #define FSCTL_INITIATE_REPAIR CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 106, METHOD_BUFFERED, FILE_ANY_ACCESS)
3630 #define FSCTL_CSC_INTERNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 107, METHOD_NEITHER, FILE_ANY_ACCESS)
3631 #define FSCTL_SHRINK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 108, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
3632 #define FSCTL_SET_SHORT_NAME_BEHAVIOR CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 109, METHOD_BUFFERED, FILE_ANY_ACCESS)
3633 #define FSCTL_DFSR_SET_GHOST_HANDLE_STATE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 110, METHOD_BUFFERED, FILE_ANY_ACCESS)
3634 #define FSCTL_TXFS_LIST_TRANSACTION_LOCKED_FILES \
3635 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_READ_DATA)
3636 #define FSCTL_TXFS_LIST_TRANSACTIONS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 121, METHOD_BUFFERED, FILE_READ_DATA)
3637 #define FSCTL_QUERY_PAGEFILE_ENCRYPTION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 122, METHOD_BUFFERED, FILE_ANY_ACCESS)
3638 #define FSCTL_RESET_VOLUME_ALLOCATION_HINTS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 123, METHOD_BUFFERED, FILE_ANY_ACCESS)
3639 #define FSCTL_TXFS_READ_BACKUP_INFORMATION2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 126, METHOD_BUFFERED, FILE_ANY_ACCESS)
3640
3641 #endif
3642
3643 #if (_WIN32_WINNT >= 0x0601)
3644
3645 #define FSCTL_QUERY_DEPENDENT_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 124, METHOD_BUFFERED, FILE_ANY_ACCESS)
3646 #define FSCTL_SD_GLOBAL_CHANGE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 125, METHOD_BUFFERED, FILE_ANY_ACCESS)
3647 #define FSCTL_LOOKUP_STREAM_FROM_CLUSTER CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 127, METHOD_BUFFERED, FILE_ANY_ACCESS)
3648 #define FSCTL_TXFS_WRITE_BACKUP_INFORMATION2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 128, METHOD_BUFFERED, FILE_ANY_ACCESS)
3649 #define FSCTL_FILE_TYPE_NOTIFICATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 129, METHOD_BUFFERED, FILE_ANY_ACCESS)
3650 #define FSCTL_GET_BOOT_AREA_INFO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 140, METHOD_BUFFERED, FILE_ANY_ACCESS)
3651 #define FSCTL_GET_RETRIEVAL_POINTER_BASE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 141, METHOD_BUFFERED, FILE_ANY_ACCESS)
3652 #define FSCTL_SET_PERSISTENT_VOLUME_STATE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 142, METHOD_BUFFERED, FILE_ANY_ACCESS)
3653 #define FSCTL_QUERY_PERSISTENT_VOLUME_STATE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 143, METHOD_BUFFERED, FILE_ANY_ACCESS)
3654 #define FSCTL_REQUEST_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 144, METHOD_BUFFERED, FILE_ANY_ACCESS)
3655 #define FSCTL_CSV_TUNNEL_REQUEST CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 145, METHOD_BUFFERED, FILE_ANY_ACCESS)
3656 #define FSCTL_IS_CSV_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 146, METHOD_BUFFERED, FILE_ANY_ACCESS)
3657 #define FSCTL_QUERY_FILE_SYSTEM_RECOGNITION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 147, METHOD_BUFFERED, FILE_ANY_ACCESS)
3658 #define FSCTL_CSV_GET_VOLUME_PATH_NAME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 148, METHOD_BUFFERED, FILE_ANY_ACCESS)
3659 #define FSCTL_CSV_GET_VOLUME_NAME_FOR_VOLUME_MOUNT_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 149, METHOD_BUFFERED, FILE_ANY_ACCESS)
3660 #define FSCTL_CSV_GET_VOLUME_PATH_NAMES_FOR_VOLUME_NAME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 150, METHOD_BUFFERED, FILE_ANY_ACCESS)
3661 #define FSCTL_IS_FILE_ON_CSV_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 151, METHOD_BUFFERED, FILE_ANY_ACCESS)
3662 #define FSCTL_CSV_INTERNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 155, METHOD_BUFFERED, FILE_ANY_ACCESS)
3663
3664 typedef struct _CSV_NAMESPACE_INFO {
3665 ULONG Version;
3666 ULONG DeviceNumber;
3667 LARGE_INTEGER StartingOffset;
3668 ULONG SectorSize;
3669 } CSV_NAMESPACE_INFO, *PCSV_NAMESPACE_INFO;
3670
3671 #define CSV_NAMESPACE_INFO_V1 (sizeof(CSV_NAMESPACE_INFO))
3672 #define CSV_INVALID_DEVICE_NUMBER 0xFFFFFFFF
3673
3674 #endif
3675
3676 #if (_WIN32_WINNT >= 0x0602)
3677
3678 #define FSCTL_FILE_LEVEL_TRIM CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 130, METHOD_BUFFERED, FILE_WRITE_DATA)
3679 #define FSCTL_CORRUPTION_HANDLING CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 152, METHOD_BUFFERED, FILE_ANY_ACCESS)
3680 #define FSCTL_OFFLOAD_READ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 153, METHOD_BUFFERED, FILE_READ_ACCESS)
3681 #define FSCTL_OFFLOAD_WRITE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 154, METHOD_BUFFERED, FILE_WRITE_ACCESS)
3682 #define FSCTL_SET_PURGE_FAILURE_MODE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 156, METHOD_BUFFERED, FILE_ANY_ACCESS)
3683 #define FSCTL_QUERY_FILE_LAYOUT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 157, METHOD_NEITHER, FILE_ANY_ACCESS)
3684 #define FSCTL_IS_VOLUME_OWNED_BYCSVFS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 158, METHOD_BUFFERED, FILE_ANY_ACCESS)
3685 #define FSCTL_GET_INTEGRITY_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 159, METHOD_BUFFERED, FILE_ANY_ACCESS)
3686 #define FSCTL_SET_INTEGRITY_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 160, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
3687 #define FSCTL_QUERY_FILE_REGIONS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 161, METHOD_BUFFERED, FILE_ANY_ACCESS)
3688 #define FSCTL_DEDUP_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 165, METHOD_BUFFERED, FILE_ANY_ACCESS)
3689 #define FSCTL_DEDUP_QUERY_FILE_HASHES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 166, METHOD_NEITHER, FILE_READ_DATA)
3690 #define FSCTL_RKF_INTERNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 171, METHOD_NEITHER, FILE_ANY_ACCESS)
3691 #define FSCTL_SCRUB_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 172, METHOD_BUFFERED, FILE_ANY_ACCESS)
3692 #define FSCTL_REPAIR_COPIES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 173, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
3693 #define FSCTL_DISABLE_LOCAL_BUFFERING CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 174, METHOD_BUFFERED, FILE_ANY_ACCESS)
3694 #define FSCTL_CSV_MGMT_LOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 175, METHOD_BUFFERED, FILE_ANY_ACCESS)
3695 #define FSCTL_CSV_QUERY_DOWN_LEVEL_FILE_SYSTEM_CHARACTERISTICS \
3696 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 176, METHOD_BUFFERED, FILE_ANY_ACCESS)
3697 #define FSCTL_ADVANCE_FILE_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 177, METHOD_BUFFERED, FILE_ANY_ACCESS)
3698 #define FSCTL_CSV_SYNC_TUNNEL_REQUEST CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 178, METHOD_BUFFERED, FILE_ANY_ACCESS)
3699 #define FSCTL_CSV_QUERY_VETO_FILE_DIRECT_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 179, METHOD_BUFFERED, FILE_ANY_ACCESS)
3700 #define FSCTL_WRITE_USN_REASON CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 180, METHOD_BUFFERED, FILE_ANY_ACCESS)
3701 #define FSCTL_CSV_CONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 181, METHOD_BUFFERED, FILE_ANY_ACCESS)
3702 #define FSCTL_GET_REFS_VOLUME_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 182, METHOD_BUFFERED, FILE_ANY_ACCESS)
3703
3704 #endif
3705
3706 #define FSCTL_MARK_AS_SYSTEM_HIVE FSCTL_SET_BOOTLOADER_ACCESSED
3707
3708 typedef struct _PATHNAME_BUFFER {
3709 ULONG PathNameLength;
3710 WCHAR Name[1];
3711 } PATHNAME_BUFFER, *PPATHNAME_BUFFER;
3712
3713 typedef struct _FSCTL_QUERY_FAT_BPB_BUFFER {
3714 UCHAR First0x24BytesOfBootSector[0x24];
3715 } FSCTL_QUERY_FAT_BPB_BUFFER, *PFSCTL_QUERY_FAT_BPB_BUFFER;
3716
3717 #if (_WIN32_WINNT >= 0x0400)
3718
3719 typedef struct _NTFS_VOLUME_DATA_BUFFER {
3720 LARGE_INTEGER VolumeSerialNumber;
3721 LARGE_INTEGER NumberSectors;
3722 LARGE_INTEGER TotalClusters;
3723 LARGE_INTEGER FreeClusters;
3724 LARGE_INTEGER TotalReserved;
3725 ULONG BytesPerSector;
3726 ULONG BytesPerCluster;
3727 ULONG BytesPerFileRecordSegment;
3728 ULONG ClustersPerFileRecordSegment;
3729 LARGE_INTEGER MftValidDataLength;
3730 LARGE_INTEGER MftStartLcn;
3731 LARGE_INTEGER Mft2StartLcn;
3732 LARGE_INTEGER MftZoneStart;
3733 LARGE_INTEGER MftZoneEnd;
3734 } NTFS_VOLUME_DATA_BUFFER, *PNTFS_VOLUME_DATA_BUFFER;
3735
3736 typedef struct _NTFS_EXTENDED_VOLUME_DATA {
3737 ULONG ByteCount;
3738 USHORT MajorVersion;
3739 USHORT MinorVersion;
3740 } NTFS_EXTENDED_VOLUME_DATA, *PNTFS_EXTENDED_VOLUME_DATA;
3741
3742 typedef struct _STARTING_LCN_INPUT_BUFFER {
3743 LARGE_INTEGER StartingLcn;
3744 } STARTING_LCN_INPUT_BUFFER, *PSTARTING_LCN_INPUT_BUFFER;
3745
3746 typedef struct _VOLUME_BITMAP_BUFFER {
3747 LARGE_INTEGER StartingLcn;
3748 LARGE_INTEGER BitmapSize;
3749 UCHAR Buffer[1];
3750 } VOLUME_BITMAP_BUFFER, *PVOLUME_BITMAP_BUFFER;
3751
3752 typedef struct _STARTING_VCN_INPUT_BUFFER {
3753 LARGE_INTEGER StartingVcn;
3754 } STARTING_VCN_INPUT_BUFFER, *PSTARTING_VCN_INPUT_BUFFER;
3755
3756 typedef struct _RETRIEVAL_POINTERS_BUFFER {
3757 ULONG ExtentCount;
3758 LARGE_INTEGER StartingVcn;
3759 struct {
3760 LARGE_INTEGER NextVcn;
3761 LARGE_INTEGER Lcn;