4 * Windows NT Filesystem Driver Developer Kit
6 * This file is part of the w32api package.
9 * Created by Bo Brantén <bosse@acc.umu.se>
11 * THIS SOFTWARE IS NOT COPYRIGHTED
13 * This source code is offered for use in the public domain. You may
14 * use, modify or distribute it freely.
16 * This code is distributed in the hope that it will be useful but
17 * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
18 * DISCLAIMED. This includes but is not limited to warranties of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
28 #pragma GCC system_header
32 /* HACKHACKHACK!!! We shouldn't include this header from ntoskrnl! */
35 #define NTKERNELAPI DECLSPEC_IMPORT
40 #define _NTIFS_INCLUDED_
47 #ifndef VER_PRODUCTBUILD
48 #define VER_PRODUCTBUILD 10000
55 #define EX_PUSH_LOCK ULONG_PTR
56 #define PEX_PUSH_LOCK PULONG_PTR
60 #define FlagOn(_F,_SF) ((_F) & (_SF))
64 #define BooleanFlagOn(F,SF) ((BOOLEAN)(((F) & (SF)) != 0))
68 #define SetFlag(_F,_SF) ((_F) |= (_SF))
72 #define ClearFlag(_F,_SF) ((_F) &= ~(_SF))
77 typedef struct _SE_EXPORTS
*PSE_EXPORTS
;
80 extern PUCHAR FsRtlLegalAnsiCharacterArray
;
82 extern DECLSPEC_IMPORT PUCHAR FsRtlLegalAnsiCharacterArray
;
84 extern PSE_EXPORTS SeExports
;
85 extern PACL SePublicDefaultDacl
;
86 extern PACL SeSystemDefaultDacl
;
88 extern KSPIN_LOCK IoStatisticsLock
;
89 extern ULONG IoReadOperationCount
;
90 extern ULONG IoWriteOperationCount
;
91 extern ULONG IoOtherOperationCount
;
92 extern LARGE_INTEGER IoReadTransferCount
;
93 extern LARGE_INTEGER IoWriteTransferCount
;
94 extern LARGE_INTEGER IoOtherTransferCount
;
96 typedef STRING LSA_STRING
, *PLSA_STRING
;
97 typedef ULONG LSA_OPERATIONAL_MODE
, *PLSA_OPERATIONAL_MODE
;
99 typedef enum _SECURITY_LOGON_TYPE
101 UndefinedLogonType
= 0,
110 #if (_WIN32_WINNT >= 0x0501)
114 #if (_WIN32_WINNT >= 0x0502)
115 CachedRemoteInteractive
,
118 } SECURITY_LOGON_TYPE
, *PSECURITY_LOGON_TYPE
;
120 #define ANSI_DOS_STAR ('<')
121 #define ANSI_DOS_QM ('>')
122 #define ANSI_DOS_DOT ('"')
124 #define DOS_STAR (L'<')
125 #define DOS_QM (L'>')
126 #define DOS_DOT (L'"')
128 /* also in winnt.h */
129 #define ACCESS_MIN_MS_ACE_TYPE (0x0)
130 #define ACCESS_ALLOWED_ACE_TYPE (0x0)
131 #define ACCESS_DENIED_ACE_TYPE (0x1)
132 #define SYSTEM_AUDIT_ACE_TYPE (0x2)
133 #define SYSTEM_ALARM_ACE_TYPE (0x3)
134 #define ACCESS_MAX_MS_V2_ACE_TYPE (0x3)
135 #define ACCESS_ALLOWED_COMPOUND_ACE_TYPE (0x4)
136 #define ACCESS_MAX_MS_V3_ACE_TYPE (0x4)
137 #define ACCESS_MIN_MS_OBJECT_ACE_TYPE (0x5)
138 #define ACCESS_ALLOWED_OBJECT_ACE_TYPE (0x5)
139 #define ACCESS_DENIED_OBJECT_ACE_TYPE (0x6)
140 #define SYSTEM_AUDIT_OBJECT_ACE_TYPE (0x7)
141 #define SYSTEM_ALARM_OBJECT_ACE_TYPE (0x8)
142 #define ACCESS_MAX_MS_OBJECT_ACE_TYPE (0x8)
143 #define ACCESS_MAX_MS_V4_ACE_TYPE (0x8)
144 #define ACCESS_MAX_MS_ACE_TYPE (0x8)
145 #define ACCESS_ALLOWED_CALLBACK_ACE_TYPE (0x9)
146 #define ACCESS_DENIED_CALLBACK_ACE_TYPE (0xA)
147 #define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE (0xB)
148 #define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE (0xC)
149 #define SYSTEM_AUDIT_CALLBACK_ACE_TYPE (0xD)
150 #define SYSTEM_ALARM_CALLBACK_ACE_TYPE (0xE)
151 #define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE (0xF)
152 #define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE (0x10)
153 #define ACCESS_MAX_MS_V5_ACE_TYPE (0x10)
155 #define COMPRESSION_FORMAT_NONE (0x0000)
156 #define COMPRESSION_FORMAT_DEFAULT (0x0001)
157 #define COMPRESSION_FORMAT_LZNT1 (0x0002)
158 #define COMPRESSION_ENGINE_STANDARD (0x0000)
159 #define COMPRESSION_ENGINE_MAXIMUM (0x0100)
160 #define COMPRESSION_ENGINE_HIBER (0x0200)
162 #define FILE_ACTION_ADDED 0x00000001
163 #define FILE_ACTION_REMOVED 0x00000002
164 #define FILE_ACTION_MODIFIED 0x00000003
165 #define FILE_ACTION_RENAMED_OLD_NAME 0x00000004
166 #define FILE_ACTION_RENAMED_NEW_NAME 0x00000005
167 #define FILE_ACTION_ADDED_STREAM 0x00000006
168 #define FILE_ACTION_REMOVED_STREAM 0x00000007
169 #define FILE_ACTION_MODIFIED_STREAM 0x00000008
170 #define FILE_ACTION_REMOVED_BY_DELETE 0x00000009
171 #define FILE_ACTION_ID_NOT_TUNNELLED 0x0000000A
172 #define FILE_ACTION_TUNNELLED_ID_COLLISION 0x0000000B
175 #define FILE_EA_TYPE_BINARY 0xfffe
176 #define FILE_EA_TYPE_ASCII 0xfffd
177 #define FILE_EA_TYPE_BITMAP 0xfffb
178 #define FILE_EA_TYPE_METAFILE 0xfffa
179 #define FILE_EA_TYPE_ICON 0xfff9
180 #define FILE_EA_TYPE_EA 0xffee
181 #define FILE_EA_TYPE_MVMT 0xffdf
182 #define FILE_EA_TYPE_MVST 0xffde
183 #define FILE_EA_TYPE_ASN1 0xffdd
184 #define FILE_EA_TYPE_FAMILY_IDS 0xff01
186 #define FILE_NEED_EA 0x00000080
188 /* also in winnt.h */
189 #define FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001
190 #define FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002
191 #define FILE_NOTIFY_CHANGE_NAME 0x00000003
192 #define FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004
193 #define FILE_NOTIFY_CHANGE_SIZE 0x00000008
194 #define FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010
195 #define FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020
196 #define FILE_NOTIFY_CHANGE_CREATION 0x00000040
197 #define FILE_NOTIFY_CHANGE_EA 0x00000080
198 #define FILE_NOTIFY_CHANGE_SECURITY 0x00000100
199 #define FILE_NOTIFY_CHANGE_STREAM_NAME 0x00000200
200 #define FILE_NOTIFY_CHANGE_STREAM_SIZE 0x00000400
201 #define FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800
202 #define FILE_NOTIFY_VALID_MASK 0x00000fff
205 #define FILE_OPLOCK_BROKEN_TO_LEVEL_2 0x00000007
206 #define FILE_OPLOCK_BROKEN_TO_NONE 0x00000008
208 #define FILE_OPBATCH_BREAK_UNDERWAY 0x00000009
210 #define FILE_CASE_SENSITIVE_SEARCH 0x00000001
211 #define FILE_CASE_PRESERVED_NAMES 0x00000002
212 #define FILE_UNICODE_ON_DISK 0x00000004
213 #define FILE_PERSISTENT_ACLS 0x00000008
214 #define FILE_FILE_COMPRESSION 0x00000010
215 #define FILE_VOLUME_QUOTAS 0x00000020
216 #define FILE_SUPPORTS_SPARSE_FILES 0x00000040
217 #define FILE_SUPPORTS_REPARSE_POINTS 0x00000080
218 #define FILE_SUPPORTS_REMOTE_STORAGE 0x00000100
219 #define FS_LFN_APIS 0x00004000
220 #define FILE_VOLUME_IS_COMPRESSED 0x00008000
221 #define FILE_SUPPORTS_OBJECT_IDS 0x00010000
222 #define FILE_SUPPORTS_ENCRYPTION 0x00020000
223 #define FILE_NAMED_STREAMS 0x00040000
224 #define FILE_READ_ONLY_VOLUME 0x00080000
225 #define FILE_SEQUENTIAL_WRITE_ONCE 0x00100000
226 #define FILE_SUPPORTS_TRANSACTIONS 0x00200000
228 #define FILE_PIPE_BYTE_STREAM_TYPE 0x00000000
229 #define FILE_PIPE_MESSAGE_TYPE 0x00000001
231 #define FILE_PIPE_BYTE_STREAM_MODE 0x00000000
232 #define FILE_PIPE_MESSAGE_MODE 0x00000001
234 #define FILE_PIPE_QUEUE_OPERATION 0x00000000
235 #define FILE_PIPE_COMPLETE_OPERATION 0x00000001
237 #define FILE_PIPE_INBOUND 0x00000000
238 #define FILE_PIPE_OUTBOUND 0x00000001
239 #define FILE_PIPE_FULL_DUPLEX 0x00000002
241 #define FILE_PIPE_DISCONNECTED_STATE 0x00000001
242 #define FILE_PIPE_LISTENING_STATE 0x00000002
243 #define FILE_PIPE_CONNECTED_STATE 0x00000003
244 #define FILE_PIPE_CLOSING_STATE 0x00000004
246 #define FILE_PIPE_CLIENT_END 0x00000000
247 #define FILE_PIPE_SERVER_END 0x00000001
249 #define FILE_PIPE_READ_DATA 0x00000000
250 #define FILE_PIPE_WRITE_SPACE 0x00000001
252 #define FILE_STORAGE_TYPE_SPECIFIED 0x00000041 /* FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE */
253 #define FILE_STORAGE_TYPE_DEFAULT (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT)
254 #define FILE_STORAGE_TYPE_DIRECTORY (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT)
255 #define FILE_STORAGE_TYPE_FILE (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT)
256 #define FILE_STORAGE_TYPE_DOCFILE (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT)
257 #define FILE_STORAGE_TYPE_JUNCTION_POINT (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT)
258 #define FILE_STORAGE_TYPE_CATALOG (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT)
259 #define FILE_STORAGE_TYPE_STRUCTURED_STORAGE (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT)
260 #define FILE_STORAGE_TYPE_EMBEDDING (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT)
261 #define FILE_STORAGE_TYPE_STREAM (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT)
262 #define FILE_MINIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_DEFAULT
263 #define FILE_MAXIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_STREAM
264 #define FILE_STORAGE_TYPE_MASK 0x000f0000
265 #define FILE_STORAGE_TYPE_SHIFT 16
267 #define FILE_VC_QUOTA_NONE 0x00000000
268 #define FILE_VC_QUOTA_TRACK 0x00000001
269 #define FILE_VC_QUOTA_ENFORCE 0x00000002
270 #define FILE_VC_QUOTA_MASK 0x00000003
272 #define FILE_VC_QUOTAS_LOG_VIOLATIONS 0x00000004
273 #define FILE_VC_CONTENT_INDEX_DISABLED 0x00000008
275 #define FILE_VC_LOG_QUOTA_THRESHOLD 0x00000010
276 #define FILE_VC_LOG_QUOTA_LIMIT 0x00000020
277 #define FILE_VC_LOG_VOLUME_THRESHOLD 0x00000040
278 #define FILE_VC_LOG_VOLUME_LIMIT 0x00000080
280 #define FILE_VC_QUOTAS_INCOMPLETE 0x00000100
281 #define FILE_VC_QUOTAS_REBUILDING 0x00000200
283 #define FILE_VC_VALID_MASK 0x000003ff
285 #define FSRTL_FLAG_FILE_MODIFIED (0x01)
286 #define FSRTL_FLAG_FILE_LENGTH_CHANGED (0x02)
287 #define FSRTL_FLAG_LIMIT_MODIFIED_PAGES (0x04)
288 #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_EX (0x08)
289 #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_SH (0x10)
290 #define FSRTL_FLAG_USER_MAPPED_FILE (0x20)
291 #define FSRTL_FLAG_ADVANCED_HEADER (0x40)
292 #define FSRTL_FLAG_EOF_ADVANCE_ACTIVE (0x80)
294 #define FSRTL_FLAG2_DO_MODIFIED_WRITE (0x01)
295 #define FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS (0x02)
296 #define FSRTL_FLAG2_PURGE_WHEN_MAPPED (0x04)
297 #define FSRTL_FLAG2_IS_PAGING_FILE (0x08)
299 #define FSRTL_FSP_TOP_LEVEL_IRP (0x01)
300 #define FSRTL_CACHE_TOP_LEVEL_IRP (0x02)
301 #define FSRTL_MOD_WRITE_TOP_LEVEL_IRP (0x03)
302 #define FSRTL_FAST_IO_TOP_LEVEL_IRP (0x04)
303 #define FSRTL_MAX_TOP_LEVEL_IRP_FLAG (0x04)
305 #define FSRTL_VOLUME_DISMOUNT 1
306 #define FSRTL_VOLUME_DISMOUNT_FAILED 2
307 #define FSRTL_VOLUME_LOCK 3
308 #define FSRTL_VOLUME_LOCK_FAILED 4
309 #define FSRTL_VOLUME_UNLOCK 5
310 #define FSRTL_VOLUME_MOUNT 6
312 #define FSRTL_WILD_CHARACTER 0x08
314 #define FSRTL_FAT_LEGAL 0x01
315 #define FSRTL_HPFS_LEGAL 0x02
316 #define FSRTL_NTFS_LEGAL 0x04
317 #define FSRTL_WILD_CHARACTER 0x08
318 #define FSRTL_OLE_LEGAL 0x10
319 #define FSRTL_NTFS_STREAM_LEGAL 0x14
322 #define HARDWARE_PTE HARDWARE_PTE_X86
323 #define PHARDWARE_PTE PHARDWARE_PTE_X86
326 #define IO_CHECK_CREATE_PARAMETERS 0x0200
327 #define IO_ATTACH_DEVICE 0x0400
329 #define IO_ATTACH_DEVICE_API 0x80000000
331 #define IO_FILE_OBJECT_NON_PAGED_POOL_CHARGE 64
332 #define IO_FILE_OBJECT_PAGED_POOL_CHARGE 1024
334 #define IO_TYPE_APC 18
335 #define IO_TYPE_DPC 19
336 #define IO_TYPE_DEVICE_QUEUE 20
337 #define IO_TYPE_EVENT_PAIR 21
338 #define IO_TYPE_INTERRUPT 22
339 #define IO_TYPE_PROFILE 23
341 #define IRP_BEING_VERIFIED 0x10
343 #define MAILSLOT_CLASS_FIRSTCLASS 1
344 #define MAILSLOT_CLASS_SECONDCLASS 2
346 #define MAILSLOT_SIZE_AUTO 0
348 #define MAP_PROCESS 1L
349 #define MAP_SYSTEM 2L
350 #define MEM_DOS_LIM 0x40000000
352 #define OB_TYPE_TYPE 1
353 #define OB_TYPE_DIRECTORY 2
354 #define OB_TYPE_SYMBOLIC_LINK 3
355 #define OB_TYPE_TOKEN 4
356 #define OB_TYPE_PROCESS 5
357 #define OB_TYPE_THREAD 6
358 #define OB_TYPE_EVENT 7
359 #define OB_TYPE_EVENT_PAIR 8
360 #define OB_TYPE_MUTANT 9
361 #define OB_TYPE_SEMAPHORE 10
362 #define OB_TYPE_TIMER 11
363 #define OB_TYPE_PROFILE 12
364 #define OB_TYPE_WINDOW_STATION 13
365 #define OB_TYPE_DESKTOP 14
366 #define OB_TYPE_SECTION 15
367 #define OB_TYPE_KEY 16
368 #define OB_TYPE_PORT 17
369 #define OB_TYPE_ADAPTER 18
370 #define OB_TYPE_CONTROLLER 19
371 #define OB_TYPE_DEVICE 20
372 #define OB_TYPE_DRIVER 21
373 #define OB_TYPE_IO_COMPLETION 22
374 #define OB_TYPE_FILE 23
377 #define PIN_EXCLUSIVE (2)
378 #define PIN_NO_READ (4)
379 #define PIN_IF_BCB (8)
381 #define RTL_DUPLICATE_UNICODE_STRING_NULL_TERMINATE 1
382 #define RTL_DUPLICATE_UNICODE_STRING_ALLOCATE_NULL_STRING 2
384 #define SEC_BASED 0x00200000
386 #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
387 #define SECURITY_WORLD_RID (0x00000000L)
389 #define SID_REVISION 1
390 #define SID_MAX_SUB_AUTHORITIES 15
391 #define SID_RECOMMENDED_SUB_AUTHORITIES 1
393 #define TOKEN_ASSIGN_PRIMARY (0x0001)
394 #define TOKEN_DUPLICATE (0x0002)
395 #define TOKEN_IMPERSONATE (0x0004)
396 #define TOKEN_QUERY (0x0008)
397 #define TOKEN_QUERY_SOURCE (0x0010)
398 #define TOKEN_ADJUST_PRIVILEGES (0x0020)
399 #define TOKEN_ADJUST_GROUPS (0x0040)
400 #define TOKEN_ADJUST_DEFAULT (0x0080)
401 #define TOKEN_ADJUST_SESSIONID (0x0100)
403 #define TOKEN_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED |\
404 TOKEN_ASSIGN_PRIMARY |\
408 TOKEN_QUERY_SOURCE |\
409 TOKEN_ADJUST_PRIVILEGES |\
410 TOKEN_ADJUST_GROUPS |\
411 TOKEN_ADJUST_DEFAULT |\
412 TOKEN_ADJUST_SESSIONID)
414 #define TOKEN_READ (STANDARD_RIGHTS_READ |\
417 #define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\
418 TOKEN_ADJUST_PRIVILEGES |\
419 TOKEN_ADJUST_GROUPS |\
420 TOKEN_ADJUST_DEFAULT)
422 #define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE)
424 #define TOKEN_SOURCE_LENGTH 8
427 #define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x01
428 #define TOKEN_HAS_BACKUP_PRIVILEGE 0x02
429 #define TOKEN_HAS_RESTORE_PRIVILEGE 0x04
430 #define TOKEN_HAS_ADMIN_GROUP 0x08
431 #define TOKEN_WRITE_RESTRICTED 0x08
432 #define TOKEN_IS_RESTRICTED 0x10
433 #define SE_BACKUP_PRIVILEGES_CHECKED 0x0100
435 #define VACB_MAPPING_GRANULARITY (0x40000)
436 #define VACB_OFFSET_SHIFT (18)
438 #define SE_OWNER_DEFAULTED 0x0001
439 #define SE_GROUP_DEFAULTED 0x0002
440 #define SE_DACL_PRESENT 0x0004
441 #define SE_DACL_DEFAULTED 0x0008
442 #define SE_SACL_PRESENT 0x0010
443 #define SE_SACL_DEFAULTED 0x0020
444 #define SE_DACL_UNTRUSTED 0x0040
445 #define SE_SERVER_SECURITY 0x0080
446 #define SE_DACL_AUTO_INHERIT_REQ 0x0100
447 #define SE_SACL_AUTO_INHERIT_REQ 0x0200
448 #define SE_DACL_AUTO_INHERITED 0x0400
449 #define SE_SACL_AUTO_INHERITED 0x0800
450 #define SE_DACL_PROTECTED 0x1000
451 #define SE_SACL_PROTECTED 0x2000
452 #define SE_RM_CONTROL_VALID 0x4000
453 #define SE_SELF_RELATIVE 0x8000
456 #define _AUDIT_EVENT_TYPE_HACK 0
458 #if (_AUDIT_EVENT_TYPE_HACK == 1)
461 typedef enum _AUDIT_EVENT_TYPE
463 AuditEventObjectAccess
,
464 AuditEventDirectoryServiceAccess
465 } AUDIT_EVENT_TYPE
, *PAUDIT_EVENT_TYPE
;
468 #define AUDIT_ALLOW_NO_PRIVILEGE 0x1
470 #define FSCTL_REQUEST_OPLOCK_LEVEL_1 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
471 #define FSCTL_REQUEST_OPLOCK_LEVEL_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
472 #define FSCTL_REQUEST_BATCH_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
473 #define FSCTL_OPLOCK_BREAK_ACKNOWLEDGE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 3, METHOD_BUFFERED, FILE_ANY_ACCESS)
474 #define FSCTL_OPBATCH_ACK_CLOSE_PENDING CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
475 #define FSCTL_OPLOCK_BREAK_NOTIFY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 5, METHOD_BUFFERED, FILE_ANY_ACCESS)
476 #define FSCTL_LOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
477 #define FSCTL_UNLOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
478 #define FSCTL_DISMOUNT_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
480 #define FSCTL_IS_VOLUME_MOUNTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 10, METHOD_BUFFERED, FILE_ANY_ACCESS)
481 #define FSCTL_IS_PATHNAME_VALID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 11, METHOD_BUFFERED, FILE_ANY_ACCESS)
482 #define FSCTL_MARK_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 12, METHOD_BUFFERED, FILE_ANY_ACCESS)
484 #define FSCTL_QUERY_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 14, METHOD_NEITHER, FILE_ANY_ACCESS)
485 #define FSCTL_GET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 15, METHOD_BUFFERED, FILE_ANY_ACCESS)
486 #define FSCTL_SET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 16, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
489 #define FSCTL_MARK_AS_SYSTEM_HIVE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 19, METHOD_NEITHER, FILE_ANY_ACCESS)
490 #define FSCTL_OPLOCK_BREAK_ACK_NO_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 20, METHOD_BUFFERED, FILE_ANY_ACCESS)
491 #define FSCTL_INVALIDATE_VOLUMES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 21, METHOD_BUFFERED, FILE_ANY_ACCESS)
492 #define FSCTL_QUERY_FAT_BPB CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 22, METHOD_BUFFERED, FILE_ANY_ACCESS)
493 #define FSCTL_REQUEST_FILTER_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 23, METHOD_BUFFERED, FILE_ANY_ACCESS)
494 #define FSCTL_FILESYSTEM_GET_STATISTICS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 24, METHOD_BUFFERED, FILE_ANY_ACCESS)
496 #if (VER_PRODUCTBUILD >= 1381)
498 #define FSCTL_GET_NTFS_VOLUME_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 25, METHOD_BUFFERED, FILE_ANY_ACCESS)
499 #define FSCTL_GET_NTFS_FILE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 26, METHOD_BUFFERED, FILE_ANY_ACCESS)
500 #define FSCTL_GET_VOLUME_BITMAP CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 27, METHOD_NEITHER, FILE_ANY_ACCESS)
501 #define FSCTL_GET_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 28, METHOD_NEITHER, FILE_ANY_ACCESS)
502 #define FSCTL_MOVE_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 29, METHOD_BUFFERED, FILE_ANY_ACCESS)
503 #define FSCTL_IS_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 30, METHOD_BUFFERED, FILE_ANY_ACCESS)
504 #define FSCTL_GET_HFS_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS)
505 #define FSCTL_ALLOW_EXTENDED_DASD_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 32, METHOD_NEITHER, FILE_ANY_ACCESS)
507 #endif /* (VER_PRODUCTBUILD >= 1381) */
509 #if (VER_PRODUCTBUILD >= 2195)
511 #define FSCTL_READ_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS)
512 #define FSCTL_WRITE_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS)
513 #define FSCTL_FIND_FILES_BY_SID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 35, METHOD_NEITHER, FILE_ANY_ACCESS)
515 #define FSCTL_DUMP_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS)
516 #define FSCTL_SET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 38, METHOD_BUFFERED, FILE_WRITE_DATA)
517 #define FSCTL_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 39, METHOD_BUFFERED, FILE_ANY_ACCESS)
518 #define FSCTL_DELETE_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 40, METHOD_BUFFERED, FILE_WRITE_DATA)
519 #define FSCTL_SET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 41, METHOD_BUFFERED, FILE_WRITE_DATA)
520 #define FSCTL_GET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 42, METHOD_BUFFERED, FILE_ANY_ACCESS)
521 #define FSCTL_DELETE_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 43, METHOD_BUFFERED, FILE_WRITE_DATA)
522 #define FSCTL_ENUM_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 44, METHOD_NEITHER, FILE_READ_DATA)
523 #define FSCTL_SECURITY_ID_CHECK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 45, METHOD_NEITHER, FILE_READ_DATA)
524 #define FSCTL_READ_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 46, METHOD_NEITHER, FILE_READ_DATA)
525 #define FSCTL_SET_OBJECT_ID_EXTENDED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 47, METHOD_BUFFERED, FILE_WRITE_DATA)
526 #define FSCTL_CREATE_OR_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 48, METHOD_BUFFERED, FILE_ANY_ACCESS)
527 #define FSCTL_SET_SPARSE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 49, METHOD_BUFFERED, FILE_WRITE_DATA)
528 #define FSCTL_SET_ZERO_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 50, METHOD_BUFFERED, FILE_WRITE_DATA)
529 #define FSCTL_QUERY_ALLOCATED_RANGES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 51, METHOD_NEITHER, FILE_READ_DATA)
530 #define FSCTL_ENABLE_UPGRADE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 52, METHOD_BUFFERED, FILE_WRITE_DATA)
531 #define FSCTL_SET_ENCRYPTION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 53, METHOD_BUFFERED, FILE_ANY_ACCESS)
532 #define FSCTL_ENCRYPTION_FSCTL_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 54, METHOD_NEITHER, FILE_ANY_ACCESS)
533 #define FSCTL_WRITE_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 55, METHOD_NEITHER, FILE_ANY_ACCESS)
534 #define FSCTL_READ_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 56, METHOD_NEITHER, FILE_ANY_ACCESS)
535 #define FSCTL_CREATE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 57, METHOD_NEITHER, FILE_READ_DATA)
536 #define FSCTL_READ_FILE_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 58, METHOD_NEITHER, FILE_READ_DATA)
537 #define FSCTL_WRITE_USN_CLOSE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 59, METHOD_NEITHER, FILE_READ_DATA)
538 #define FSCTL_EXTEND_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 60, METHOD_BUFFERED, FILE_ANY_ACCESS)
539 #define FSCTL_QUERY_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 61, METHOD_BUFFERED, FILE_ANY_ACCESS)
540 #define FSCTL_DELETE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 62, METHOD_BUFFERED, FILE_ANY_ACCESS)
541 #define FSCTL_MARK_HANDLE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 63, METHOD_BUFFERED, FILE_ANY_ACCESS)
542 #define FSCTL_SIS_COPYFILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 64, METHOD_BUFFERED, FILE_ANY_ACCESS)
543 #define FSCTL_SIS_LINK_FILES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 65, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
544 #define FSCTL_HSM_MSG CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
545 #define FSCTL_NSS_CONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 67, METHOD_BUFFERED, FILE_WRITE_DATA)
546 #define FSCTL_HSM_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
547 #define FSCTL_RECALL_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 69, METHOD_NEITHER, FILE_ANY_ACCESS)
548 #define FSCTL_NSS_RCONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 70, METHOD_BUFFERED, FILE_READ_DATA)
549 #define FSCTL_READ_FROM_PLEX CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 71, METHOD_OUT_DIRECT, FILE_READ_DATA)
550 #define FSCTL_FILE_PREFETCH CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 72, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
552 #endif /* (VER_PRODUCTBUILD >= 2195) */
554 #define FSCTL_MAILSLOT_PEEK CTL_CODE(FILE_DEVICE_MAILSLOT, 0, METHOD_NEITHER, FILE_READ_DATA)
556 #define FSCTL_NETWORK_SET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
557 #define FSCTL_NETWORK_GET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
558 #define FSCTL_NETWORK_GET_CONNECTION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS)
559 #define FSCTL_NETWORK_ENUMERATE_CONNECTIONS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS)
560 #define FSCTL_NETWORK_DELETE_CONNECTION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS)
561 #define FSCTL_NETWORK_GET_STATISTICS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 116, METHOD_BUFFERED, FILE_ANY_ACCESS)
562 #define FSCTL_NETWORK_SET_DOMAIN_NAME CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS)
563 #define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS)
565 #define FSCTL_PIPE_ASSIGN_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
566 #define FSCTL_PIPE_DISCONNECT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
567 #define FSCTL_PIPE_LISTEN CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
568 #define FSCTL_PIPE_PEEK CTL_CODE(FILE_DEVICE_NAMED_PIPE, 3, METHOD_BUFFERED, FILE_READ_DATA)
569 #define FSCTL_PIPE_QUERY_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
570 #define FSCTL_PIPE_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 5, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
571 #define FSCTL_PIPE_WAIT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
572 #define FSCTL_PIPE_IMPERSONATE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
573 #define FSCTL_PIPE_SET_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
574 #define FSCTL_PIPE_QUERY_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 9, METHOD_BUFFERED, FILE_ANY_ACCESS)
575 #define FSCTL_PIPE_INTERNAL_READ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2045, METHOD_BUFFERED, FILE_READ_DATA)
576 #define FSCTL_PIPE_INTERNAL_WRITE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2046, METHOD_BUFFERED, FILE_WRITE_DATA)
577 #define FSCTL_PIPE_INTERNAL_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2047, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
578 #define FSCTL_PIPE_INTERNAL_READ_OVFLOW CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2048, METHOD_BUFFERED, FILE_READ_DATA)
580 #define IOCTL_REDIR_QUERY_PATH CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS)
582 typedef PVOID OPLOCK
, *POPLOCK
;
584 typedef struct _CACHE_MANAGER_CALLBACKS
*PCACHE_MANAGER_CALLBACKS
;
585 typedef struct _FILE_GET_QUOTA_INFORMATION
*PFILE_GET_QUOTA_INFORMATION
;
586 typedef struct _HANDLE_TABLE
*PHANDLE_TABLE
;
587 typedef struct _KPROCESS
*PKPROCESS
;
588 typedef struct _KQUEUE
*PKQUEUE
;
589 typedef struct _KTRAP_FRAME
*PKTRAP_FRAME
;
590 typedef struct _OBJECT_DIRECTORY
*POBJECT_DIRECTORY
;
591 typedef struct _SHARED_CACHE_MAP
*PSHARED_CACHE_MAP
;
592 typedef struct _VACB
*PVACB
;
593 typedef struct _VAD_HEADER
*PVAD_HEADER
;
601 typedef struct _NOTIFY_SYNC
614 } NOTIFY_SYNC
, * PNOTIFY_SYNC
;
616 typedef enum _FAST_IO_POSSIBLE
{
622 typedef enum _FILE_STORAGE_TYPE
{
623 StorageTypeDefault
= 1,
624 StorageTypeDirectory
,
626 StorageTypeJunctionPoint
,
628 StorageTypeStructuredStorage
,
629 StorageTypeEmbedding
,
633 typedef enum _OBJECT_INFORMATION_CLASS
635 ObjectBasicInformation
,
636 ObjectNameInformation
,
637 ObjectTypeInformation
,
638 ObjectTypesInformation
,
639 ObjectHandleFlagInformation
,
640 ObjectSessionInformation
,
642 } OBJECT_INFORMATION_CLASS
;
644 typedef struct _OBJECT_BASIC_INFORMATION
647 ACCESS_MASK GrantedAccess
;
650 ULONG PagedPoolCharge
;
651 ULONG NonPagedPoolCharge
;
655 ULONG SecurityDescriptorSize
;
656 LARGE_INTEGER CreationTime
;
657 } OBJECT_BASIC_INFORMATION
, *POBJECT_BASIC_INFORMATION
;
659 typedef struct _KAPC_STATE
{
660 LIST_ENTRY ApcListHead
[2];
662 BOOLEAN KernelApcInProgress
;
663 BOOLEAN KernelApcPending
;
664 BOOLEAN UserApcPending
;
665 } KAPC_STATE
, *PKAPC_STATE
, *RESTRICTED_POINTER PRKAPC_STATE
;
666 #define KAPC_STATE_ACTUAL_LENGTH (FIELD_OFFSET(KAPC_STATE, UserApcPending) + sizeof(BOOLEAN))
668 typedef struct _BITMAP_RANGE
{
671 ULONG FirstDirtyPage
;
675 } BITMAP_RANGE
, *PBITMAP_RANGE
;
677 typedef struct _CACHE_UNINITIALIZE_EVENT
{
678 struct _CACHE_UNINITIALIZE_EVENT
*Next
;
680 } CACHE_UNINITIALIZE_EVENT
, *PCACHE_UNINITIALIZE_EVENT
;
682 typedef struct _CC_FILE_SIZES
{
683 LARGE_INTEGER AllocationSize
;
684 LARGE_INTEGER FileSize
;
685 LARGE_INTEGER ValidDataLength
;
686 } CC_FILE_SIZES
, *PCC_FILE_SIZES
;
688 typedef struct _COMPRESSED_DATA_INFO
{
689 USHORT CompressionFormatAndEngine
;
690 UCHAR CompressionUnitShift
;
694 USHORT NumberOfChunks
;
695 ULONG CompressedChunkSizes
[ANYSIZE_ARRAY
];
696 } COMPRESSED_DATA_INFO
, *PCOMPRESSED_DATA_INFO
;
698 typedef struct _SID_IDENTIFIER_AUTHORITY
{
700 } SID_IDENTIFIER_AUTHORITY
,*PSID_IDENTIFIER_AUTHORITY
,*LPSID_IDENTIFIER_AUTHORITY
;
702 typedef struct _SID
{
704 BYTE SubAuthorityCount
;
705 SID_IDENTIFIER_AUTHORITY IdentifierAuthority
;
706 DWORD SubAuthority
[ANYSIZE_ARRAY
];
708 typedef struct _SID_AND_ATTRIBUTES
{
711 } SID_AND_ATTRIBUTES
, *PSID_AND_ATTRIBUTES
;
712 typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY
[ANYSIZE_ARRAY
];
713 typedef SID_AND_ATTRIBUTES_ARRAY
*PSID_AND_ATTRIBUTES_ARRAY
;
714 typedef struct _TOKEN_SOURCE
{
715 CHAR SourceName
[TOKEN_SOURCE_LENGTH
];
716 LUID SourceIdentifier
;
717 } TOKEN_SOURCE
,*PTOKEN_SOURCE
;
718 typedef struct _TOKEN_CONTROL
{
720 LUID AuthenticationId
;
722 TOKEN_SOURCE TokenSource
;
723 } TOKEN_CONTROL
,*PTOKEN_CONTROL
;
724 typedef struct _TOKEN_DEFAULT_DACL
{
726 } TOKEN_DEFAULT_DACL
,*PTOKEN_DEFAULT_DACL
;
727 typedef struct _TOKEN_GROUPS
{
729 SID_AND_ATTRIBUTES Groups
[ANYSIZE_ARRAY
];
730 } TOKEN_GROUPS
,*PTOKEN_GROUPS
,*LPTOKEN_GROUPS
;
731 typedef struct _TOKEN_GROUPS_AND_PRIVILEGES
{
734 PSID_AND_ATTRIBUTES Sids
;
735 ULONG RestrictedSidCount
;
736 ULONG RestrictedSidLength
;
737 PSID_AND_ATTRIBUTES RestrictedSids
;
738 ULONG PrivilegeCount
;
739 ULONG PrivilegeLength
;
740 PLUID_AND_ATTRIBUTES Privileges
;
741 LUID AuthenticationId
;
742 } TOKEN_GROUPS_AND_PRIVILEGES
, *PTOKEN_GROUPS_AND_PRIVILEGES
;
743 typedef struct _TOKEN_ORIGIN
{
744 LUID OriginatingLogonSession
;
745 } TOKEN_ORIGIN
, *PTOKEN_ORIGIN
;
746 typedef struct _TOKEN_OWNER
{
748 } TOKEN_OWNER
,*PTOKEN_OWNER
;
749 typedef struct _TOKEN_PRIMARY_GROUP
{
751 } TOKEN_PRIMARY_GROUP
,*PTOKEN_PRIMARY_GROUP
;
752 typedef struct _TOKEN_PRIVILEGES
{
753 DWORD PrivilegeCount
;
754 LUID_AND_ATTRIBUTES Privileges
[ANYSIZE_ARRAY
];
755 } TOKEN_PRIVILEGES
,*PTOKEN_PRIVILEGES
,*LPTOKEN_PRIVILEGES
;
756 typedef enum tagTOKEN_TYPE
{
759 } TOKEN_TYPE
,*PTOKEN_TYPE
;
760 typedef struct _TOKEN_STATISTICS
{
762 LUID AuthenticationId
;
763 LARGE_INTEGER ExpirationTime
;
764 TOKEN_TYPE TokenType
;
765 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
;
766 DWORD DynamicCharged
;
767 DWORD DynamicAvailable
;
769 DWORD PrivilegeCount
;
771 } TOKEN_STATISTICS
, *PTOKEN_STATISTICS
;
772 typedef struct _TOKEN_USER
{
773 SID_AND_ATTRIBUTES User
;
774 } TOKEN_USER
, *PTOKEN_USER
;
775 typedef DWORD SECURITY_INFORMATION
,*PSECURITY_INFORMATION
;
776 typedef WORD SECURITY_DESCRIPTOR_CONTROL
,*PSECURITY_DESCRIPTOR_CONTROL
;
777 typedef struct _SECURITY_DESCRIPTOR
{
780 SECURITY_DESCRIPTOR_CONTROL Control
;
785 } SECURITY_DESCRIPTOR
, *PISECURITY_DESCRIPTOR
;
786 typedef struct _SECURITY_DESCRIPTOR_RELATIVE
{
789 SECURITY_DESCRIPTOR_CONTROL Control
;
794 } SECURITY_DESCRIPTOR_RELATIVE
, *PISECURITY_DESCRIPTOR_RELATIVE
;
795 typedef enum _TOKEN_INFORMATION_CLASS
{
796 TokenUser
=1,TokenGroups
,TokenPrivileges
,TokenOwner
,
797 TokenPrimaryGroup
,TokenDefaultDacl
,TokenSource
,TokenType
,
798 TokenImpersonationLevel
,TokenStatistics
,TokenRestrictedSids
,
799 TokenSessionId
,TokenGroupsAndPrivileges
,TokenSessionReference
,
800 TokenSandBoxInert
,TokenAuditPolicy
,TokenOrigin
,
801 } TOKEN_INFORMATION_CLASS
;
803 #define SYMLINK_FLAG_RELATIVE 1
805 typedef struct _REPARSE_DATA_BUFFER
{
807 USHORT ReparseDataLength
;
811 USHORT SubstituteNameOffset
;
812 USHORT SubstituteNameLength
;
813 USHORT PrintNameOffset
;
814 USHORT PrintNameLength
;
817 } SymbolicLinkReparseBuffer
;
819 USHORT SubstituteNameOffset
;
820 USHORT SubstituteNameLength
;
821 USHORT PrintNameOffset
;
822 USHORT PrintNameLength
;
824 } MountPointReparseBuffer
;
827 } GenericReparseBuffer
;
829 } REPARSE_DATA_BUFFER
, *PREPARSE_DATA_BUFFER
;
831 #define REPARSE_DATA_BUFFER_HEADER_SIZE FIELD_OFFSET(REPARSE_DATA_BUFFER, GenericReparseBuffer)
833 typedef struct _FILE_ACCESS_INFORMATION
{
834 ACCESS_MASK AccessFlags
;
835 } FILE_ACCESS_INFORMATION
, *PFILE_ACCESS_INFORMATION
;
837 typedef struct _FILE_ALLOCATION_INFORMATION
{
838 LARGE_INTEGER AllocationSize
;
839 } FILE_ALLOCATION_INFORMATION
, *PFILE_ALLOCATION_INFORMATION
;
841 typedef struct _FILE_BOTH_DIR_INFORMATION
{
842 ULONG NextEntryOffset
;
844 LARGE_INTEGER CreationTime
;
845 LARGE_INTEGER LastAccessTime
;
846 LARGE_INTEGER LastWriteTime
;
847 LARGE_INTEGER ChangeTime
;
848 LARGE_INTEGER EndOfFile
;
849 LARGE_INTEGER AllocationSize
;
850 ULONG FileAttributes
;
851 ULONG FileNameLength
;
853 CCHAR ShortNameLength
;
856 } FILE_BOTH_DIR_INFORMATION
, *PFILE_BOTH_DIR_INFORMATION
;
858 typedef struct _FILE_COMPLETION_INFORMATION
{
861 } FILE_COMPLETION_INFORMATION
, *PFILE_COMPLETION_INFORMATION
;
863 typedef struct _FILE_COMPRESSION_INFORMATION
{
864 LARGE_INTEGER CompressedFileSize
;
865 USHORT CompressionFormat
;
866 UCHAR CompressionUnitShift
;
870 } FILE_COMPRESSION_INFORMATION
, *PFILE_COMPRESSION_INFORMATION
;
872 typedef struct _FILE_COPY_ON_WRITE_INFORMATION
{
873 BOOLEAN ReplaceIfExists
;
874 HANDLE RootDirectory
;
875 ULONG FileNameLength
;
877 } FILE_COPY_ON_WRITE_INFORMATION
, *PFILE_COPY_ON_WRITE_INFORMATION
;
879 typedef struct _FILE_DIRECTORY_INFORMATION
{
880 ULONG NextEntryOffset
;
882 LARGE_INTEGER CreationTime
;
883 LARGE_INTEGER LastAccessTime
;
884 LARGE_INTEGER LastWriteTime
;
885 LARGE_INTEGER ChangeTime
;
886 LARGE_INTEGER EndOfFile
;
887 LARGE_INTEGER AllocationSize
;
888 ULONG FileAttributes
;
889 ULONG FileNameLength
;
891 } FILE_DIRECTORY_INFORMATION
, *PFILE_DIRECTORY_INFORMATION
;
893 typedef struct _FILE_FULL_DIRECTORY_INFORMATION
{
894 ULONG NextEntryOffset
;
896 LARGE_INTEGER CreationTime
;
897 LARGE_INTEGER LastAccessTime
;
898 LARGE_INTEGER LastWriteTime
;
899 LARGE_INTEGER ChangeTime
;
900 LARGE_INTEGER EndOfFile
;
901 LARGE_INTEGER AllocationSize
;
902 ULONG FileAttributes
;
903 ULONG FileNameLength
;
906 } FILE_FULL_DIRECTORY_INFORMATION
, *PFILE_FULL_DIRECTORY_INFORMATION
;
908 typedef struct _FILE_ID_FULL_DIR_INFORMATION
{
909 ULONG NextEntryOffset
;
911 LARGE_INTEGER CreationTime
;
912 LARGE_INTEGER LastAccessTime
;
913 LARGE_INTEGER LastWriteTime
;
914 LARGE_INTEGER ChangeTime
;
915 LARGE_INTEGER EndOfFile
;
916 LARGE_INTEGER AllocationSize
;
917 ULONG FileAttributes
;
918 ULONG FileNameLength
;
920 LARGE_INTEGER FileId
;
922 } FILE_ID_FULL_DIR_INFORMATION
, *PFILE_ID_FULL_DIR_INFORMATION
;
924 typedef struct _FILE_BOTH_DIRECTORY_INFORMATION
{
925 ULONG NextEntryOffset
;
927 LARGE_INTEGER CreationTime
;
928 LARGE_INTEGER LastAccessTime
;
929 LARGE_INTEGER LastWriteTime
;
930 LARGE_INTEGER ChangeTime
;
931 LARGE_INTEGER EndOfFile
;
932 LARGE_INTEGER AllocationSize
;
933 ULONG FileAttributes
;
934 ULONG FileNameLength
;
936 CHAR ShortNameLength
;
939 } FILE_BOTH_DIRECTORY_INFORMATION
, *PFILE_BOTH_DIRECTORY_INFORMATION
;
941 typedef struct _FILE_ID_BOTH_DIR_INFORMATION
{
942 ULONG NextEntryOffset
;
944 LARGE_INTEGER CreationTime
;
945 LARGE_INTEGER LastAccessTime
;
946 LARGE_INTEGER LastWriteTime
;
947 LARGE_INTEGER ChangeTime
;
948 LARGE_INTEGER EndOfFile
;
949 LARGE_INTEGER AllocationSize
;
950 ULONG FileAttributes
;
951 ULONG FileNameLength
;
953 CCHAR ShortNameLength
;
955 LARGE_INTEGER FileId
;
957 } FILE_ID_BOTH_DIR_INFORMATION
, *PFILE_ID_BOTH_DIR_INFORMATION
;
959 typedef struct _FILE_EA_INFORMATION
{
961 } FILE_EA_INFORMATION
, *PFILE_EA_INFORMATION
;
963 typedef struct _FILE_FS_ATTRIBUTE_INFORMATION
{
964 ULONG FileSystemAttributes
;
965 ULONG MaximumComponentNameLength
;
966 ULONG FileSystemNameLength
;
967 WCHAR FileSystemName
[1];
968 } FILE_FS_ATTRIBUTE_INFORMATION
, *PFILE_FS_ATTRIBUTE_INFORMATION
;
970 typedef struct _FILE_FS_CONTROL_INFORMATION
{
971 LARGE_INTEGER FreeSpaceStartFiltering
;
972 LARGE_INTEGER FreeSpaceThreshold
;
973 LARGE_INTEGER FreeSpaceStopFiltering
;
974 LARGE_INTEGER DefaultQuotaThreshold
;
975 LARGE_INTEGER DefaultQuotaLimit
;
976 ULONG FileSystemControlFlags
;
977 } FILE_FS_CONTROL_INFORMATION
, *PFILE_FS_CONTROL_INFORMATION
;
979 typedef struct _FILE_FS_FULL_SIZE_INFORMATION
{
980 LARGE_INTEGER TotalAllocationUnits
;
981 LARGE_INTEGER CallerAvailableAllocationUnits
;
982 LARGE_INTEGER ActualAvailableAllocationUnits
;
983 ULONG SectorsPerAllocationUnit
;
984 ULONG BytesPerSector
;
985 } FILE_FS_FULL_SIZE_INFORMATION
, *PFILE_FS_FULL_SIZE_INFORMATION
;
987 typedef struct _FILE_FS_LABEL_INFORMATION
{
988 ULONG VolumeLabelLength
;
989 WCHAR VolumeLabel
[1];
990 } FILE_FS_LABEL_INFORMATION
, *PFILE_FS_LABEL_INFORMATION
;
992 #if (VER_PRODUCTBUILD >= 2195)
994 typedef struct _FILE_FS_OBJECT_ID_INFORMATION
{
996 UCHAR ExtendedInfo
[48];
997 } FILE_FS_OBJECT_ID_INFORMATION
, *PFILE_FS_OBJECT_ID_INFORMATION
;
999 #endif /* (VER_PRODUCTBUILD >= 2195) */
1001 typedef struct _FILE_FS_SIZE_INFORMATION
{
1002 LARGE_INTEGER TotalAllocationUnits
;
1003 LARGE_INTEGER AvailableAllocationUnits
;
1004 ULONG SectorsPerAllocationUnit
;
1005 ULONG BytesPerSector
;
1006 } FILE_FS_SIZE_INFORMATION
, *PFILE_FS_SIZE_INFORMATION
;
1008 typedef struct _FILE_FS_VOLUME_INFORMATION
{
1009 LARGE_INTEGER VolumeCreationTime
;
1010 ULONG VolumeSerialNumber
;
1011 ULONG VolumeLabelLength
;
1012 BOOLEAN SupportsObjects
;
1013 WCHAR VolumeLabel
[1];
1014 } FILE_FS_VOLUME_INFORMATION
, *PFILE_FS_VOLUME_INFORMATION
;
1016 typedef struct _FILE_FS_OBJECTID_INFORMATION
1019 UCHAR ExtendedInfo
[48];
1020 } FILE_FS_OBJECTID_INFORMATION
, *PFILE_FS_OBJECTID_INFORMATION
;
1022 typedef struct _FILE_FS_DRIVER_PATH_INFORMATION
1024 BOOLEAN DriverInPath
;
1025 ULONG DriverNameLength
;
1026 WCHAR DriverName
[1];
1027 } FILE_FS_DRIVER_PATH_INFORMATION
, *PFILE_FS_DRIVER_PATH_INFORMATION
;
1029 typedef struct _FILE_FULL_DIR_INFORMATION
{
1030 ULONG NextEntryOffset
;
1032 LARGE_INTEGER CreationTime
;
1033 LARGE_INTEGER LastAccessTime
;
1034 LARGE_INTEGER LastWriteTime
;
1035 LARGE_INTEGER ChangeTime
;
1036 LARGE_INTEGER EndOfFile
;
1037 LARGE_INTEGER AllocationSize
;
1038 ULONG FileAttributes
;
1039 ULONG FileNameLength
;
1042 } FILE_FULL_DIR_INFORMATION
, *PFILE_FULL_DIR_INFORMATION
;
1044 typedef struct _FILE_GET_EA_INFORMATION
{
1045 ULONG NextEntryOffset
;
1048 } FILE_GET_EA_INFORMATION
, *PFILE_GET_EA_INFORMATION
;
1050 typedef struct _FILE_GET_QUOTA_INFORMATION
{
1051 ULONG NextEntryOffset
;
1054 } FILE_GET_QUOTA_INFORMATION
, *PFILE_GET_QUOTA_INFORMATION
;
1056 typedef struct _FILE_QUOTA_INFORMATION
1058 ULONG NextEntryOffset
;
1060 LARGE_INTEGER ChangeTime
;
1061 LARGE_INTEGER QuotaUsed
;
1062 LARGE_INTEGER QuotaThreshold
;
1063 LARGE_INTEGER QuotaLimit
;
1065 } FILE_QUOTA_INFORMATION
, *PFILE_QUOTA_INFORMATION
;
1067 typedef struct _FILE_INTERNAL_INFORMATION
{
1068 LARGE_INTEGER IndexNumber
;
1069 } FILE_INTERNAL_INFORMATION
, *PFILE_INTERNAL_INFORMATION
;
1071 typedef struct _FILE_LINK_INFORMATION
{
1072 BOOLEAN ReplaceIfExists
;
1073 HANDLE RootDirectory
;
1074 ULONG FileNameLength
;
1076 } FILE_LINK_INFORMATION
, *PFILE_LINK_INFORMATION
;
1078 typedef struct _FILE_LOCK_INFO
1080 LARGE_INTEGER StartingByte
;
1081 LARGE_INTEGER Length
;
1082 BOOLEAN ExclusiveLock
;
1084 PFILE_OBJECT FileObject
;
1086 LARGE_INTEGER EndingByte
;
1087 } FILE_LOCK_INFO
, *PFILE_LOCK_INFO
;
1089 typedef struct _FILE_REPARSE_POINT_INFORMATION
1091 LONGLONG FileReference
;
1093 } FILE_REPARSE_POINT_INFORMATION
, *PFILE_REPARSE_POINT_INFORMATION
;
1095 typedef struct _FILE_MOVE_CLUSTER_INFORMATION
1098 HANDLE RootDirectory
;
1099 ULONG FileNameLength
;
1101 } FILE_MOVE_CLUSTER_INFORMATION
, *PFILE_MOVE_CLUSTER_INFORMATION
;
1103 /* raw internal file lock struct returned from FsRtlGetNextFileLock */
1104 typedef struct _FILE_SHARED_LOCK_ENTRY
{
1107 FILE_LOCK_INFO FileLock
;
1108 } FILE_SHARED_LOCK_ENTRY
, *PFILE_SHARED_LOCK_ENTRY
;
1110 /* raw internal file lock struct returned from FsRtlGetNextFileLock */
1111 typedef struct _FILE_EXCLUSIVE_LOCK_ENTRY
{
1112 LIST_ENTRY ListEntry
;
1115 FILE_LOCK_INFO FileLock
;
1116 } FILE_EXCLUSIVE_LOCK_ENTRY
, *PFILE_EXCLUSIVE_LOCK_ENTRY
;
1118 typedef NTSTATUS (NTAPI
*PCOMPLETE_LOCK_IRP_ROUTINE
) (
1123 typedef VOID (NTAPI
*PUNLOCK_ROUTINE
) (
1125 IN PFILE_LOCK_INFO FileLockInfo
1128 typedef struct _FILE_LOCK
{
1129 PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine
;
1130 PUNLOCK_ROUTINE UnlockRoutine
;
1131 BOOLEAN FastIoIsQuestionable
;
1133 PVOID LockInformation
;
1134 FILE_LOCK_INFO LastReturnedLockInfo
;
1135 PVOID LastReturnedLock
;
1136 } FILE_LOCK
, *PFILE_LOCK
;
1138 typedef struct _FILE_MAILSLOT_PEEK_BUFFER
{
1139 ULONG ReadDataAvailable
;
1140 ULONG NumberOfMessages
;
1141 ULONG MessageLength
;
1142 } FILE_MAILSLOT_PEEK_BUFFER
, *PFILE_MAILSLOT_PEEK_BUFFER
;
1144 typedef struct _FILE_MAILSLOT_QUERY_INFORMATION
{
1145 ULONG MaximumMessageSize
;
1146 ULONG MailslotQuota
;
1147 ULONG NextMessageSize
;
1148 ULONG MessagesAvailable
;
1149 LARGE_INTEGER ReadTimeout
;
1150 } FILE_MAILSLOT_QUERY_INFORMATION
, *PFILE_MAILSLOT_QUERY_INFORMATION
;
1152 typedef struct _FILE_MAILSLOT_SET_INFORMATION
{
1153 PLARGE_INTEGER ReadTimeout
;
1154 } FILE_MAILSLOT_SET_INFORMATION
, *PFILE_MAILSLOT_SET_INFORMATION
;
1156 typedef struct _FILE_MODE_INFORMATION
{
1158 } FILE_MODE_INFORMATION
, *PFILE_MODE_INFORMATION
;
1160 typedef struct _FILE_ALL_INFORMATION
{
1161 FILE_BASIC_INFORMATION BasicInformation
;
1162 FILE_STANDARD_INFORMATION StandardInformation
;
1163 FILE_INTERNAL_INFORMATION InternalInformation
;
1164 FILE_EA_INFORMATION EaInformation
;
1165 FILE_ACCESS_INFORMATION AccessInformation
;
1166 FILE_POSITION_INFORMATION PositionInformation
;
1167 FILE_MODE_INFORMATION ModeInformation
;
1168 FILE_ALIGNMENT_INFORMATION AlignmentInformation
;
1169 FILE_NAME_INFORMATION NameInformation
;
1170 } FILE_ALL_INFORMATION
, *PFILE_ALL_INFORMATION
;
1172 typedef struct _FILE_NAMES_INFORMATION
{
1173 ULONG NextEntryOffset
;
1175 ULONG FileNameLength
;
1177 } FILE_NAMES_INFORMATION
, *PFILE_NAMES_INFORMATION
;
1179 typedef struct _FILE_OBJECTID_INFORMATION
{
1180 LONGLONG FileReference
;
1182 _ANONYMOUS_UNION
union {
1184 UCHAR BirthVolumeId
[16];
1185 UCHAR BirthObjectId
[16];
1188 UCHAR ExtendedInfo
[48];
1190 } FILE_OBJECTID_INFORMATION
, *PFILE_OBJECTID_INFORMATION
;
1192 typedef struct _FILE_OLE_CLASSID_INFORMATION
{
1194 } FILE_OLE_CLASSID_INFORMATION
, *PFILE_OLE_CLASSID_INFORMATION
;
1196 typedef struct _FILE_OLE_ALL_INFORMATION
{
1197 FILE_BASIC_INFORMATION BasicInformation
;
1198 FILE_STANDARD_INFORMATION StandardInformation
;
1199 FILE_INTERNAL_INFORMATION InternalInformation
;
1200 FILE_EA_INFORMATION EaInformation
;
1201 FILE_ACCESS_INFORMATION AccessInformation
;
1202 FILE_POSITION_INFORMATION PositionInformation
;
1203 FILE_MODE_INFORMATION ModeInformation
;
1204 FILE_ALIGNMENT_INFORMATION AlignmentInformation
;
1207 LARGE_INTEGER SecurityChangeTime
;
1208 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation
;
1209 FILE_OBJECTID_INFORMATION ObjectIdInformation
;
1210 FILE_STORAGE_TYPE StorageType
;
1213 ULONG NumberOfStreamReferences
;
1216 BOOLEAN ContentIndexDisable
;
1217 BOOLEAN InheritContentIndexDisable
;
1218 FILE_NAME_INFORMATION NameInformation
;
1219 } FILE_OLE_ALL_INFORMATION
, *PFILE_OLE_ALL_INFORMATION
;
1221 typedef struct _FILE_OLE_DIR_INFORMATION
{
1222 ULONG NextEntryOffset
;
1224 LARGE_INTEGER CreationTime
;
1225 LARGE_INTEGER LastAccessTime
;
1226 LARGE_INTEGER LastWriteTime
;
1227 LARGE_INTEGER ChangeTime
;
1228 LARGE_INTEGER EndOfFile
;
1229 LARGE_INTEGER AllocationSize
;
1230 ULONG FileAttributes
;
1231 ULONG FileNameLength
;
1232 FILE_STORAGE_TYPE StorageType
;
1235 BOOLEAN ContentIndexDisable
;
1236 BOOLEAN InheritContentIndexDisable
;
1238 } FILE_OLE_DIR_INFORMATION
, *PFILE_OLE_DIR_INFORMATION
;
1240 typedef struct _FILE_OLE_INFORMATION
{
1241 LARGE_INTEGER SecurityChangeTime
;
1242 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation
;
1243 FILE_OBJECTID_INFORMATION ObjectIdInformation
;
1244 FILE_STORAGE_TYPE StorageType
;
1246 BOOLEAN ContentIndexDisable
;
1247 BOOLEAN InheritContentIndexDisable
;
1248 } FILE_OLE_INFORMATION
, *PFILE_OLE_INFORMATION
;
1250 typedef struct _FILE_OLE_STATE_BITS_INFORMATION
{
1252 ULONG StateBitsMask
;
1253 } FILE_OLE_STATE_BITS_INFORMATION
, *PFILE_OLE_STATE_BITS_INFORMATION
;
1255 typedef struct _FILE_PIPE_ASSIGN_EVENT_BUFFER
{
1258 } FILE_PIPE_ASSIGN_EVENT_BUFFER
, *PFILE_PIPE_ASSIGN_EVENT_BUFFER
;
1260 typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER
{
1261 PVOID ClientSession
;
1262 PVOID ClientProcess
;
1263 } FILE_PIPE_CLIENT_PROCESS_BUFFER
, *PFILE_PIPE_CLIENT_PROCESS_BUFFER
;
1265 typedef struct _FILE_PIPE_EVENT_BUFFER
{
1266 ULONG NamedPipeState
;
1270 ULONG NumberRequests
;
1271 } FILE_PIPE_EVENT_BUFFER
, *PFILE_PIPE_EVENT_BUFFER
;
1273 typedef struct _FILE_PIPE_PEEK_BUFFER
1275 ULONG NamedPipeState
;
1276 ULONG ReadDataAvailable
;
1277 ULONG NumberOfMessages
;
1278 ULONG MessageLength
;
1280 } FILE_PIPE_PEEK_BUFFER
, *PFILE_PIPE_PEEK_BUFFER
;
1282 typedef struct _FILE_PIPE_INFORMATION
{
1284 ULONG CompletionMode
;
1285 } FILE_PIPE_INFORMATION
, *PFILE_PIPE_INFORMATION
;
1287 typedef struct _FILE_PIPE_LOCAL_INFORMATION
{
1288 ULONG NamedPipeType
;
1289 ULONG NamedPipeConfiguration
;
1290 ULONG MaximumInstances
;
1291 ULONG CurrentInstances
;
1293 ULONG ReadDataAvailable
;
1294 ULONG OutboundQuota
;
1295 ULONG WriteQuotaAvailable
;
1296 ULONG NamedPipeState
;
1298 } FILE_PIPE_LOCAL_INFORMATION
, *PFILE_PIPE_LOCAL_INFORMATION
;
1300 typedef struct _FILE_PIPE_REMOTE_INFORMATION
{
1301 LARGE_INTEGER CollectDataTime
;
1302 ULONG MaximumCollectionCount
;
1303 } FILE_PIPE_REMOTE_INFORMATION
, *PFILE_PIPE_REMOTE_INFORMATION
;
1305 typedef struct _FILE_PIPE_WAIT_FOR_BUFFER
{
1306 LARGE_INTEGER Timeout
;
1308 BOOLEAN TimeoutSpecified
;
1310 } FILE_PIPE_WAIT_FOR_BUFFER
, *PFILE_PIPE_WAIT_FOR_BUFFER
;
1312 typedef struct _FILE_RENAME_INFORMATION
{
1313 BOOLEAN ReplaceIfExists
;
1314 HANDLE RootDirectory
;
1315 ULONG FileNameLength
;
1317 } FILE_RENAME_INFORMATION
, *PFILE_RENAME_INFORMATION
;
1319 typedef struct _FILE_STREAM_INFORMATION
{
1320 ULONG NextEntryOffset
;
1321 ULONG StreamNameLength
;
1322 LARGE_INTEGER StreamSize
;
1323 LARGE_INTEGER StreamAllocationSize
;
1324 WCHAR StreamName
[1];
1325 } FILE_STREAM_INFORMATION
, *PFILE_STREAM_INFORMATION
;
1327 typedef struct _FILE_TRACKING_INFORMATION
{
1328 HANDLE DestinationFile
;
1329 ULONG ObjectInformationLength
;
1330 CHAR ObjectInformation
[1];
1331 } FILE_TRACKING_INFORMATION
, *PFILE_TRACKING_INFORMATION
;
1333 #if (VER_PRODUCTBUILD >= 2195)
1334 typedef struct _FILE_ZERO_DATA_INFORMATION
{
1335 LARGE_INTEGER FileOffset
;
1336 LARGE_INTEGER BeyondFinalZero
;
1337 } FILE_ZERO_DATA_INFORMATION
, *PFILE_ZERO_DATA_INFORMATION
;
1339 typedef struct FILE_ALLOCATED_RANGE_BUFFER
{
1340 LARGE_INTEGER FileOffset
;
1341 LARGE_INTEGER Length
;
1342 } FILE_ALLOCATED_RANGE_BUFFER
, *PFILE_ALLOCATED_RANGE_BUFFER
;
1343 #endif /* (VER_PRODUCTBUILD >= 2195) */
1345 #define FSRTL_FCB_HEADER_V0 (0x00)
1346 #define FSRTL_FCB_HEADER_V1 (0x01)
1349 typedef struct _FSRTL_COMMON_FCB_HEADER
{
1350 CSHORT NodeTypeCode
;
1351 CSHORT NodeByteSize
;
1353 UCHAR IsFastIoPossible
;
1354 #if (VER_PRODUCTBUILD >= 1381)
1357 #endif /* (VER_PRODUCTBUILD >= 1381) */
1358 PERESOURCE Resource
;
1359 PERESOURCE PagingIoResource
;
1360 LARGE_INTEGER AllocationSize
;
1361 LARGE_INTEGER FileSize
;
1362 LARGE_INTEGER ValidDataLength
;
1363 } FSRTL_COMMON_FCB_HEADER
, *PFSRTL_COMMON_FCB_HEADER
;
1365 typedef enum _FSRTL_COMPARISON_RESULT
1370 } FSRTL_COMPARISON_RESULT
;
1372 #if (VER_PRODUCTBUILD >= 2600)
1374 typedef struct _FSRTL_ADVANCED_FCB_HEADER
{
1375 CSHORT NodeTypeCode
;
1376 CSHORT NodeByteSize
;
1378 UCHAR IsFastIoPossible
;
1382 PERESOURCE Resource
;
1383 PERESOURCE PagingIoResource
;
1384 LARGE_INTEGER AllocationSize
;
1385 LARGE_INTEGER FileSize
;
1386 LARGE_INTEGER ValidDataLength
;
1387 PFAST_MUTEX FastMutex
;
1388 LIST_ENTRY FilterContexts
;
1389 EX_PUSH_LOCK PushLock
;
1390 PVOID
*FileContextSupportPointer
;
1391 } FSRTL_ADVANCED_FCB_HEADER
, *PFSRTL_ADVANCED_FCB_HEADER
;
1393 typedef struct _FSRTL_PER_STREAM_CONTEXT
{
1397 PFREE_FUNCTION FreeCallback
;
1398 } FSRTL_PER_STREAM_CONTEXT
, *PFSRTL_PER_STREAM_CONTEXT
;
1400 typedef struct _FSRTL_PER_FILEOBJECT_CONTEXT
1405 } FSRTL_PER_FILEOBJECT_CONTEXT
, *PFSRTL_PER_FILEOBJECT_CONTEXT
;
1407 #endif /* (VER_PRODUCTBUILD >= 2600) */
1409 typedef struct _BASE_MCB
1411 ULONG MaximumPairCount
;
1416 } BASE_MCB
, *PBASE_MCB
;
1418 typedef struct _LARGE_MCB
1420 PKGUARDED_MUTEX GuardedMutex
;
1422 } LARGE_MCB
, *PLARGE_MCB
;
1426 LARGE_MCB DummyFieldThatSizesThisStructureCorrectly
;
1429 typedef struct _GENERATE_NAME_CONTEXT
{
1431 BOOLEAN CheckSumInserted
;
1433 WCHAR NameBuffer
[8];
1434 ULONG ExtensionLength
;
1435 WCHAR ExtensionBuffer
[4];
1436 ULONG LastIndexValue
;
1437 } GENERATE_NAME_CONTEXT
, *PGENERATE_NAME_CONTEXT
;
1439 typedef struct _MAPPING_PAIR
{
1442 } MAPPING_PAIR
, *PMAPPING_PAIR
;
1444 typedef struct _GET_RETRIEVAL_DESCRIPTOR
{
1445 ULONG NumberOfPairs
;
1447 MAPPING_PAIR Pair
[1];
1448 } GET_RETRIEVAL_DESCRIPTOR
, *PGET_RETRIEVAL_DESCRIPTOR
;
1450 typedef struct _KQUEUE
{
1451 DISPATCHER_HEADER Header
;
1452 LIST_ENTRY EntryListHead
;
1455 LIST_ENTRY ThreadListHead
;
1456 } KQUEUE
, *PKQUEUE
, *RESTRICTED_POINTER PRKQUEUE
;
1458 #define ASSERT_QUEUE(Q) ASSERT(((Q)->Header.Type & KOBJECT_TYPE_MASK) == QueueObject);
1460 typedef struct _MBCB
{
1461 CSHORT NodeTypeCode
;
1462 CSHORT NodeIsInZone
;
1466 LIST_ENTRY BitmapRanges
;
1467 LONGLONG ResumeWritePage
;
1468 BITMAP_RANGE BitmapRange1
;
1469 BITMAP_RANGE BitmapRange2
;
1470 BITMAP_RANGE BitmapRange3
;
1473 typedef struct _MOVEFILE_DESCRIPTOR
{
1476 LARGE_INTEGER StartVcn
;
1477 LARGE_INTEGER TargetLcn
;
1480 } MOVEFILE_DESCRIPTOR
, *PMOVEFILE_DESCRIPTOR
;
1482 typedef struct _OBJECT_BASIC_INFO
{
1484 ACCESS_MASK GrantedAccess
;
1486 ULONG ReferenceCount
;
1487 ULONG PagedPoolUsage
;
1488 ULONG NonPagedPoolUsage
;
1490 ULONG NameInformationLength
;
1491 ULONG TypeInformationLength
;
1492 ULONG SecurityDescriptorLength
;
1493 LARGE_INTEGER CreateTime
;
1494 } OBJECT_BASIC_INFO
, *POBJECT_BASIC_INFO
;
1496 typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFO
{
1498 BOOLEAN ProtectFromClose
;
1499 } OBJECT_HANDLE_ATTRIBUTE_INFO
, *POBJECT_HANDLE_ATTRIBUTE_INFO
;
1501 typedef struct _OBJECT_NAME_INFO
{
1502 UNICODE_STRING ObjectName
;
1503 WCHAR ObjectNameBuffer
[1];
1504 } OBJECT_NAME_INFO
, *POBJECT_NAME_INFO
;
1506 typedef struct _OBJECT_PROTECTION_INFO
{
1508 BOOLEAN ProtectHandle
;
1509 } OBJECT_PROTECTION_INFO
, *POBJECT_PROTECTION_INFO
;
1511 typedef struct _OBJECT_TYPE_INFO
{
1512 UNICODE_STRING ObjectTypeName
;
1513 UCHAR Unknown
[0x58];
1514 WCHAR ObjectTypeNameBuffer
[1];
1515 } OBJECT_TYPE_INFO
, *POBJECT_TYPE_INFO
;
1517 typedef struct _OBJECT_ALL_TYPES_INFO
{
1518 ULONG NumberOfObjectTypes
;
1519 OBJECT_TYPE_INFO ObjectsTypeInfo
[1];
1520 } OBJECT_ALL_TYPES_INFO
, *POBJECT_ALL_TYPES_INFO
;
1523 typedef struct _PATHNAME_BUFFER
{
1524 ULONG PathNameLength
;
1526 } PATHNAME_BUFFER
, *PPATHNAME_BUFFER
;
1528 typedef enum _RTL_GENERIC_COMPARE_RESULTS
1533 } RTL_GENERIC_COMPARE_RESULTS
;
1535 typedef enum _TABLE_SEARCH_RESULT
1541 } TABLE_SEARCH_RESULT
;
1544 (NTAPI
*PRTL_AVL_MATCH_FUNCTION
)(
1545 struct _RTL_AVL_TABLE
*Table
,
1550 typedef RTL_GENERIC_COMPARE_RESULTS
1551 (NTAPI
*PRTL_AVL_COMPARE_ROUTINE
) (
1552 struct _RTL_AVL_TABLE
*Table
,
1557 typedef RTL_GENERIC_COMPARE_RESULTS
1558 (NTAPI
*PRTL_GENERIC_COMPARE_ROUTINE
) (
1559 struct _RTL_GENERIC_TABLE
*Table
,
1565 (NTAPI
*PRTL_GENERIC_ALLOCATE_ROUTINE
) (
1566 struct _RTL_GENERIC_TABLE
*Table
,
1571 (NTAPI
*PRTL_GENERIC_FREE_ROUTINE
) (
1572 struct _RTL_GENERIC_TABLE
*Table
,
1577 (NTAPI
*PRTL_AVL_ALLOCATE_ROUTINE
) (
1578 struct _RTL_AVL_TABLE
*Table
,
1583 (NTAPI
*PRTL_AVL_FREE_ROUTINE
) (
1584 struct _RTL_AVL_TABLE
*Table
,
1588 typedef struct _PUBLIC_BCB
{
1589 CSHORT NodeTypeCode
;
1590 CSHORT NodeByteSize
;
1592 LARGE_INTEGER MappedFileOffset
;
1593 } PUBLIC_BCB
, *PPUBLIC_BCB
;
1595 typedef struct _QUERY_PATH_REQUEST
{
1596 ULONG PathNameLength
;
1597 PIO_SECURITY_CONTEXT SecurityContext
;
1598 WCHAR FilePathName
[1];
1599 } QUERY_PATH_REQUEST
, *PQUERY_PATH_REQUEST
;
1601 typedef struct _QUERY_PATH_RESPONSE
{
1602 ULONG LengthAccepted
;
1603 } QUERY_PATH_RESPONSE
, *PQUERY_PATH_RESPONSE
;
1605 typedef struct _RETRIEVAL_POINTERS_BUFFER
{
1607 LARGE_INTEGER StartingVcn
;
1609 LARGE_INTEGER NextVcn
;
1612 } RETRIEVAL_POINTERS_BUFFER
, *PRETRIEVAL_POINTERS_BUFFER
;
1614 typedef struct _RTL_SPLAY_LINKS
{
1615 struct _RTL_SPLAY_LINKS
*Parent
;
1616 struct _RTL_SPLAY_LINKS
*LeftChild
;
1617 struct _RTL_SPLAY_LINKS
*RightChild
;
1618 } RTL_SPLAY_LINKS
, *PRTL_SPLAY_LINKS
;
1620 typedef struct _RTL_BALANCED_LINKS
1622 struct _RTL_BALANCED_LINKS
*Parent
;
1623 struct _RTL_BALANCED_LINKS
*LeftChild
;
1624 struct _RTL_BALANCED_LINKS
*RightChild
;
1627 } RTL_BALANCED_LINKS
, *PRTL_BALANCED_LINKS
;
1629 typedef struct _RTL_GENERIC_TABLE
1631 PRTL_SPLAY_LINKS TableRoot
;
1632 LIST_ENTRY InsertOrderList
;
1633 PLIST_ENTRY OrderedPointer
;
1634 ULONG WhichOrderedElement
;
1635 ULONG NumberGenericTableElements
;
1636 PRTL_GENERIC_COMPARE_ROUTINE CompareRoutine
;
1637 PRTL_GENERIC_ALLOCATE_ROUTINE AllocateRoutine
;
1638 PRTL_GENERIC_FREE_ROUTINE FreeRoutine
;
1640 } RTL_GENERIC_TABLE
, *PRTL_GENERIC_TABLE
;
1642 typedef struct _UNICODE_PREFIX_TABLE_ENTRY
1644 CSHORT NodeTypeCode
;
1646 struct _UNICODE_PREFIX_TABLE_ENTRY
*NextPrefixTree
;
1647 struct _UNICODE_PREFIX_TABLE_ENTRY
*CaseMatch
;
1648 RTL_SPLAY_LINKS Links
;
1649 PUNICODE_STRING Prefix
;
1650 } UNICODE_PREFIX_TABLE_ENTRY
, *PUNICODE_PREFIX_TABLE_ENTRY
;
1652 typedef struct _UNICODE_PREFIX_TABLE
1654 CSHORT NodeTypeCode
;
1656 PUNICODE_PREFIX_TABLE_ENTRY NextPrefixTree
;
1657 PUNICODE_PREFIX_TABLE_ENTRY LastNextEntry
;
1658 } UNICODE_PREFIX_TABLE
, *PUNICODE_PREFIX_TABLE
;
1663 RtlInitializeUnicodePrefix (
1664 IN PUNICODE_PREFIX_TABLE PrefixTable
1670 RtlInsertUnicodePrefix (
1671 IN PUNICODE_PREFIX_TABLE PrefixTable
,
1672 IN PUNICODE_STRING Prefix
,
1673 IN PUNICODE_PREFIX_TABLE_ENTRY PrefixTableEntry
1679 RtlRemoveUnicodePrefix (
1680 IN PUNICODE_PREFIX_TABLE PrefixTable
,
1681 IN PUNICODE_PREFIX_TABLE_ENTRY PrefixTableEntry
1685 PUNICODE_PREFIX_TABLE_ENTRY
1687 RtlFindUnicodePrefix (
1688 IN PUNICODE_PREFIX_TABLE PrefixTable
,
1689 IN PUNICODE_STRING FullName
,
1690 IN ULONG CaseInsensitiveIndex
1694 PUNICODE_PREFIX_TABLE_ENTRY
1696 RtlNextUnicodePrefix (
1697 IN PUNICODE_PREFIX_TABLE PrefixTable
,
1701 #undef PRTL_GENERIC_COMPARE_ROUTINE
1702 #undef PRTL_GENERIC_ALLOCATE_ROUTINE
1703 #undef PRTL_GENERIC_FREE_ROUTINE
1704 #undef RTL_GENERIC_TABLE
1705 #undef PRTL_GENERIC_TABLE
1707 #define PRTL_GENERIC_COMPARE_ROUTINE PRTL_AVL_COMPARE_ROUTINE
1708 #define PRTL_GENERIC_ALLOCATE_ROUTINE PRTL_AVL_ALLOCATE_ROUTINE
1709 #define PRTL_GENERIC_FREE_ROUTINE PRTL_AVL_FREE_ROUTINE
1710 #define RTL_GENERIC_TABLE RTL_AVL_TABLE
1711 #define PRTL_GENERIC_TABLE PRTL_AVL_TABLE
1713 #define RtlInitializeGenericTable RtlInitializeGenericTableAvl
1714 #define RtlInsertElementGenericTable RtlInsertElementGenericTableAvl
1715 #define RtlInsertElementGenericTableFull RtlInsertElementGenericTableFullAvl
1716 #define RtlDeleteElementGenericTable RtlDeleteElementGenericTableAvl
1717 #define RtlLookupElementGenericTable RtlLookupElementGenericTableAvl
1718 #define RtlLookupElementGenericTableFull RtlLookupElementGenericTableFullAvl
1719 #define RtlEnumerateGenericTable RtlEnumerateGenericTableAvl
1720 #define RtlEnumerateGenericTableWithoutSplaying RtlEnumerateGenericTableWithoutSplayingAvl
1721 #define RtlGetElementGenericTable RtlGetElementGenericTableAvl
1722 #define RtlNumberGenericTableElements RtlNumberGenericTableElementsAvl
1723 #define RtlIsGenericTableEmpty RtlIsGenericTableEmptyAvl
1725 typedef struct _RTL_AVL_TABLE
1727 RTL_BALANCED_LINKS BalancedRoot
;
1728 PVOID OrderedPointer
;
1729 ULONG WhichOrderedElement
;
1730 ULONG NumberGenericTableElements
;
1732 PRTL_BALANCED_LINKS RestartKey
;
1734 PRTL_AVL_COMPARE_ROUTINE CompareRoutine
;
1735 PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine
;
1736 PRTL_AVL_FREE_ROUTINE FreeRoutine
;
1738 } RTL_AVL_TABLE
, *PRTL_AVL_TABLE
;
1743 RtlInitializeGenericTableAvl(
1744 PRTL_AVL_TABLE Table
,
1745 PRTL_AVL_COMPARE_ROUTINE CompareRoutine
,
1746 PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine
,
1747 PRTL_AVL_FREE_ROUTINE FreeRoutine
,
1754 RtlInsertElementGenericTableAvl (
1755 PRTL_AVL_TABLE Table
,
1758 PBOOLEAN NewElement OPTIONAL
1764 RtlDeleteElementGenericTableAvl (
1765 PRTL_AVL_TABLE Table
,
1772 RtlLookupElementGenericTableAvl (
1773 PRTL_AVL_TABLE Table
,
1780 RtlEnumerateGenericTableWithoutSplayingAvl (
1781 PRTL_AVL_TABLE Table
,
1785 #if defined(USE_LPC6432)
1786 #define LPC_CLIENT_ID CLIENT_ID64
1787 #define LPC_SIZE_T ULONGLONG
1788 #define LPC_PVOID ULONGLONG
1789 #define LPC_HANDLE ULONGLONG
1791 #define LPC_CLIENT_ID CLIENT_ID
1792 #define LPC_SIZE_T SIZE_T
1793 #define LPC_PVOID PVOID
1794 #define LPC_HANDLE HANDLE
1797 typedef struct _PORT_MESSAGE
1813 CSHORT DataInfoOffset
;
1819 LPC_CLIENT_ID ClientId
;
1820 double DoNotUseThisField
;
1825 LPC_SIZE_T ClientViewSize
;
1828 } PORT_MESSAGE
, *PPORT_MESSAGE
;
1830 #define LPC_KERNELMODE_MESSAGE (CSHORT)((USHORT)0x8000)
1832 typedef struct _PORT_VIEW
1835 LPC_HANDLE SectionHandle
;
1836 ULONG SectionOffset
;
1837 LPC_SIZE_T ViewSize
;
1839 LPC_PVOID ViewRemoteBase
;
1840 } PORT_VIEW
, *PPORT_VIEW
;
1842 typedef struct _REMOTE_PORT_VIEW
1845 LPC_SIZE_T ViewSize
;
1847 } REMOTE_PORT_VIEW
, *PREMOTE_PORT_VIEW
;
1849 typedef struct _SE_EXPORTS
{
1851 LUID SeCreateTokenPrivilege
;
1852 LUID SeAssignPrimaryTokenPrivilege
;
1853 LUID SeLockMemoryPrivilege
;
1854 LUID SeIncreaseQuotaPrivilege
;
1855 LUID SeUnsolicitedInputPrivilege
;
1856 LUID SeTcbPrivilege
;
1857 LUID SeSecurityPrivilege
;
1858 LUID SeTakeOwnershipPrivilege
;
1859 LUID SeLoadDriverPrivilege
;
1860 LUID SeCreatePagefilePrivilege
;
1861 LUID SeIncreaseBasePriorityPrivilege
;
1862 LUID SeSystemProfilePrivilege
;
1863 LUID SeSystemtimePrivilege
;
1864 LUID SeProfileSingleProcessPrivilege
;
1865 LUID SeCreatePermanentPrivilege
;
1866 LUID SeBackupPrivilege
;
1867 LUID SeRestorePrivilege
;
1868 LUID SeShutdownPrivilege
;
1869 LUID SeDebugPrivilege
;
1870 LUID SeAuditPrivilege
;
1871 LUID SeSystemEnvironmentPrivilege
;
1872 LUID SeChangeNotifyPrivilege
;
1873 LUID SeRemoteShutdownPrivilege
;
1878 PSID SeCreatorOwnerSid
;
1879 PSID SeCreatorGroupSid
;
1881 PSID SeNtAuthoritySid
;
1885 PSID SeInteractiveSid
;
1886 PSID SeLocalSystemSid
;
1887 PSID SeAliasAdminsSid
;
1888 PSID SeAliasUsersSid
;
1889 PSID SeAliasGuestsSid
;
1890 PSID SeAliasPowerUsersSid
;
1891 PSID SeAliasAccountOpsSid
;
1892 PSID SeAliasSystemOpsSid
;
1893 PSID SeAliasPrintOpsSid
;
1894 PSID SeAliasBackupOpsSid
;
1896 PSID SeAuthenticatedUsersSid
;
1898 PSID SeRestrictedSid
;
1899 PSID SeAnonymousLogonSid
;
1901 LUID SeUndockPrivilege
;
1902 LUID SeSyncAgentPrivilege
;
1903 LUID SeEnableDelegationPrivilege
;
1905 } SE_EXPORTS
, *PSE_EXPORTS
;
1909 LARGE_INTEGER StartingLcn
;
1910 } STARTING_LCN_INPUT_BUFFER
, *PSTARTING_LCN_INPUT_BUFFER
;
1912 typedef struct _STARTING_VCN_INPUT_BUFFER
{
1913 LARGE_INTEGER StartingVcn
;
1914 } STARTING_VCN_INPUT_BUFFER
, *PSTARTING_VCN_INPUT_BUFFER
;
1916 typedef struct _SECURITY_CLIENT_CONTEXT
{
1917 SECURITY_QUALITY_OF_SERVICE SecurityQos
;
1918 PACCESS_TOKEN ClientToken
;
1919 BOOLEAN DirectlyAccessClientToken
;
1920 BOOLEAN DirectAccessEffectiveOnly
;
1921 BOOLEAN ServerIsRemote
;
1922 TOKEN_CONTROL ClientTokenControl
;
1923 } SECURITY_CLIENT_CONTEXT
, *PSECURITY_CLIENT_CONTEXT
;
1925 typedef struct _ACE_HEADER
1930 } ACE_HEADER
, *PACE_HEADER
;
1932 typedef struct _ACCESS_ALLOWED_ACE
1937 } ACCESS_ALLOWED_ACE
, *PACCESS_ALLOWED_ACE
;
1939 typedef struct _ACCESS_DENIED_ACE
1944 } ACCESS_DENIED_ACE
, *PACCESS_DENIED_ACE
;
1946 typedef struct _SYSTEM_AUDIT_ACE
1951 } SYSTEM_AUDIT_ACE
, *PSYSTEM_AUDIT_ACE
;
1953 typedef struct _SYSTEM_ALARM_ACE
1958 } SYSTEM_ALARM_ACE
, *PSYSTEM_ALARM_ACE
;
1960 typedef struct _SYSTEM_MANDATORY_LABEL_ACE
1965 } SYSTEM_MANDATORY_LABEL_ACE
, *PSYSTEM_MANDATORY_LABEL_ACE
;
1967 typedef struct _TUNNEL
{
1969 PRTL_SPLAY_LINKS Cache
;
1970 LIST_ENTRY TimerQueue
;
1974 typedef struct _VAD_HEADER
{
1977 PVAD_HEADER ParentLink
;
1978 PVAD_HEADER LeftLink
;
1979 PVAD_HEADER RightLink
;
1980 ULONG Flags
; /* LSB = CommitCharge */
1982 PVOID FirstProtoPte
;
1986 } VAD_HEADER
, *PVAD_HEADER
;
1990 LARGE_INTEGER StartingLcn
;
1991 LARGE_INTEGER BitmapSize
;
1993 } VOLUME_BITMAP_BUFFER
, *PVOLUME_BITMAP_BUFFER
;
1995 #if (VER_PRODUCTBUILD >= 2600)
1998 (NTAPI
*PFILTER_REPORT_CHANGE
) (
1999 IN PVOID NotifyContext
,
2000 IN PVOID FilterContext
2003 typedef enum _FS_FILTER_SECTION_SYNC_TYPE
{
2005 SyncTypeCreateSection
2006 } FS_FILTER_SECTION_SYNC_TYPE
, *PFS_FILTER_SECTION_SYNC_TYPE
;
2008 typedef enum _FS_FILTER_STREAM_FO_NOTIFICATION_TYPE
{
2009 NotifyTypeCreate
= 0,
2011 } FS_FILTER_STREAM_FO_NOTIFICATION_TYPE
, *PFS_FILTER_STREAM_FO_NOTIFICATION_TYPE
;
2013 typedef union _FS_FILTER_PARAMETERS
{
2015 PLARGE_INTEGER EndingOffset
;
2016 PERESOURCE
*ResourceToRelease
;
2017 } AcquireForModifiedPageWriter
;
2020 PERESOURCE ResourceToRelease
;
2021 } ReleaseForModifiedPageWriter
;
2024 FS_FILTER_SECTION_SYNC_TYPE SyncType
;
2025 ULONG PageProtection
;
2026 } AcquireForSectionSynchronization
;
2029 FS_FILTER_STREAM_FO_NOTIFICATION_TYPE NotificationType
;
2030 BOOLEAN POINTER_ALIGNMENT SafeToRecurse
;
2031 } NotifyStreamFileObject
;
2040 } FS_FILTER_PARAMETERS
, *PFS_FILTER_PARAMETERS
;
2042 typedef struct _FS_FILTER_CALLBACK_DATA
{
2043 ULONG SizeOfFsFilterCallbackData
;
2046 struct _DEVICE_OBJECT
*DeviceObject
;
2047 struct _FILE_OBJECT
*FileObject
;
2048 FS_FILTER_PARAMETERS Parameters
;
2049 } FS_FILTER_CALLBACK_DATA
, *PFS_FILTER_CALLBACK_DATA
;
2052 (NTAPI
*PFS_FILTER_CALLBACK
) (
2053 IN PFS_FILTER_CALLBACK_DATA Data
,
2054 OUT PVOID
*CompletionContext
2058 (NTAPI
*PFS_FILTER_COMPLETION_CALLBACK
) (
2059 IN PFS_FILTER_CALLBACK_DATA Data
,
2060 IN NTSTATUS OperationStatus
,
2061 IN PVOID CompletionContext
2064 typedef struct _FS_FILTER_CALLBACKS
{
2065 ULONG SizeOfFsFilterCallbacks
;
2067 PFS_FILTER_CALLBACK PreAcquireForSectionSynchronization
;
2068 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForSectionSynchronization
;
2069 PFS_FILTER_CALLBACK PreReleaseForSectionSynchronization
;
2070 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForSectionSynchronization
;
2071 PFS_FILTER_CALLBACK PreAcquireForCcFlush
;
2072 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForCcFlush
;
2073 PFS_FILTER_CALLBACK PreReleaseForCcFlush
;
2074 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForCcFlush
;
2075 PFS_FILTER_CALLBACK PreAcquireForModifiedPageWriter
;
2076 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForModifiedPageWriter
;
2077 PFS_FILTER_CALLBACK PreReleaseForModifiedPageWriter
;
2078 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForModifiedPageWriter
;
2079 } FS_FILTER_CALLBACKS
, *PFS_FILTER_CALLBACKS
;
2081 typedef struct _READ_LIST
{
2082 PFILE_OBJECT FileObject
;
2083 ULONG NumberOfEntries
;
2085 FILE_SEGMENT_ELEMENT List
[ANYSIZE_ARRAY
];
2086 } READ_LIST
, *PREAD_LIST
;
2091 (NTAPI
* PRTL_HEAP_COMMIT_ROUTINE
) (
2093 IN OUT PVOID
*CommitAddress
,
2094 IN OUT PSIZE_T CommitSize
2097 typedef struct _RTL_HEAP_PARAMETERS
{
2099 SIZE_T SegmentReserve
;
2100 SIZE_T SegmentCommit
;
2101 SIZE_T DeCommitFreeBlockThreshold
;
2102 SIZE_T DeCommitTotalFreeThreshold
;
2103 SIZE_T MaximumAllocationSize
;
2104 SIZE_T VirtualMemoryThreshold
;
2105 SIZE_T InitialCommit
;
2106 SIZE_T InitialReserve
;
2107 PRTL_HEAP_COMMIT_ROUTINE CommitRoutine
;
2109 } RTL_HEAP_PARAMETERS
, *PRTL_HEAP_PARAMETERS
;
2115 IN PFILE_OBJECT FileObject
,
2116 IN ULONG BytesToWrite
,
2125 IN PFILE_OBJECT FileObject
,
2126 IN PLARGE_INTEGER FileOffset
,
2130 OUT PIO_STATUS_BLOCK IoStatus
2137 IN PFILE_OBJECT FileObject
,
2138 IN PLARGE_INTEGER FileOffset
,
2144 #define CcCopyWriteWontFlush(FO, FOFF, LEN) ((LEN) <= 0x10000)
2146 typedef VOID (NTAPI
*PCC_POST_DEFERRED_WRITE
) (
2155 IN PFILE_OBJECT FileObject
,
2156 IN PCC_POST_DEFERRED_WRITE PostRoutine
,
2159 IN ULONG BytesToWrite
,
2167 IN PFILE_OBJECT FileObject
,
2168 IN ULONG FileOffset
,
2172 OUT PIO_STATUS_BLOCK IoStatus
2179 IN PFILE_OBJECT FileObject
,
2180 IN ULONG FileOffset
,
2189 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
2190 IN PLARGE_INTEGER FileOffset OPTIONAL
,
2192 OUT PIO_STATUS_BLOCK IoStatus OPTIONAL
2195 typedef VOID (*PDIRTY_PAGE_ROUTINE
) (
2196 IN PFILE_OBJECT FileObject
,
2197 IN PLARGE_INTEGER FileOffset
,
2199 IN PLARGE_INTEGER OldestLsn
,
2200 IN PLARGE_INTEGER NewestLsn
,
2210 IN PDIRTY_PAGE_ROUTINE DirtyPageRoutine
,
2218 CcGetFileObjectFromBcb (
2225 CcGetFileObjectFromSectionPtrs (
2226 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
2229 #define CcGetFileSizePointer(FO) ( \
2230 ((PLARGE_INTEGER)((FO)->SectionObjectPointer->SharedCacheMap) + 1) \
2233 #if (VER_PRODUCTBUILD >= 2195)
2238 CcGetFlushedValidData (
2239 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
2240 IN BOOLEAN BcbListHeld
2243 #endif /* (VER_PRODUCTBUILD >= 2195) */
2248 CcGetLsnForFileObject (
2249 IN PFILE_OBJECT FileObject
,
2250 OUT PLARGE_INTEGER OldestLsn OPTIONAL
2253 typedef BOOLEAN (NTAPI
*PACQUIRE_FOR_LAZY_WRITE
) (
2258 typedef VOID (NTAPI
*PRELEASE_FROM_LAZY_WRITE
) (
2262 typedef BOOLEAN (NTAPI
*PACQUIRE_FOR_READ_AHEAD
) (
2267 typedef VOID (NTAPI
*PRELEASE_FROM_READ_AHEAD
) (
2271 typedef struct _CACHE_MANAGER_CALLBACKS
{
2272 PACQUIRE_FOR_LAZY_WRITE AcquireForLazyWrite
;
2273 PRELEASE_FROM_LAZY_WRITE ReleaseFromLazyWrite
;
2274 PACQUIRE_FOR_READ_AHEAD AcquireForReadAhead
;
2275 PRELEASE_FROM_READ_AHEAD ReleaseFromReadAhead
;
2276 } CACHE_MANAGER_CALLBACKS
, *PCACHE_MANAGER_CALLBACKS
;
2281 CcInitializeCacheMap (
2282 IN PFILE_OBJECT FileObject
,
2283 IN PCC_FILE_SIZES FileSizes
,
2284 IN BOOLEAN PinAccess
,
2285 IN PCACHE_MANAGER_CALLBACKS Callbacks
,
2286 IN PVOID LazyWriteContext
2289 #define CcIsFileCached(FO) ( \
2290 ((FO)->SectionObjectPointer != NULL) && \
2291 (((PSECTION_OBJECT_POINTERS)(FO)->SectionObjectPointer)->SharedCacheMap != NULL) \
2294 extern ULONG CcFastMdlReadWait
;
2299 CcIsThereDirtyData (
2307 IN PFILE_OBJECT FileObject
,
2308 IN PLARGE_INTEGER FileOffset
,
2319 IN PFILE_OBJECT FileObject
,
2320 IN PLARGE_INTEGER FileOffset
,
2323 OUT PIO_STATUS_BLOCK IoStatus
2330 IN PFILE_OBJECT FileObject
,
2337 CcMdlWriteComplete (
2338 IN PFILE_OBJECT FileObject
,
2339 IN PLARGE_INTEGER FileOffset
,
2349 IN PFILE_OBJECT FileObject
,
2350 IN PLARGE_INTEGER FileOffset
,
2360 IN PFILE_OBJECT FileObject
,
2361 IN PLARGE_INTEGER FileOffset
,
2372 IN PFILE_OBJECT FileObject
,
2373 IN PLARGE_INTEGER FileOffset
,
2376 OUT PIO_STATUS_BLOCK IoStatus
2383 IN PFILE_OBJECT FileObject
,
2384 IN PLARGE_INTEGER FileOffset
,
2395 CcPurgeCacheSection (
2396 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
2397 IN PLARGE_INTEGER FileOffset OPTIONAL
,
2399 IN BOOLEAN UninitializeCacheMaps
2402 #define CcReadAhead(FO, FOFF, LEN) ( \
2403 if ((LEN) >= 256) { \
2404 CcScheduleReadAhead((FO), (FOFF), (LEN)); \
2408 #if (VER_PRODUCTBUILD >= 2195)
2417 #endif /* (VER_PRODUCTBUILD >= 2195) */
2429 CcScheduleReadAhead (
2430 IN PFILE_OBJECT FileObject
,
2431 IN PLARGE_INTEGER FileOffset
,
2438 CcSetAdditionalCacheAttributes (
2439 IN PFILE_OBJECT FileObject
,
2440 IN BOOLEAN DisableReadAhead
,
2441 IN BOOLEAN DisableWriteBehind
2447 CcSetBcbOwnerPointer (
2449 IN PVOID OwnerPointer
2455 CcSetDirtyPageThreshold (
2456 IN PFILE_OBJECT FileObject
,
2457 IN ULONG DirtyPageThreshold
2463 CcSetDirtyPinnedData (
2465 IN PLARGE_INTEGER Lsn OPTIONAL
2472 IN PFILE_OBJECT FileObject
,
2473 IN PCC_FILE_SIZES FileSizes
2476 typedef VOID (NTAPI
*PFLUSH_TO_LSN
) (
2478 IN LARGE_INTEGER Lsn
2484 CcSetLogHandleForFile (
2485 IN PFILE_OBJECT FileObject
,
2487 IN PFLUSH_TO_LSN FlushToLsnRoutine
2493 CcSetReadAheadGranularity (
2494 IN PFILE_OBJECT FileObject
,
2495 IN ULONG Granularity
/* default: PAGE_SIZE */
2496 /* allowed: 2^n * PAGE_SIZE */
2502 CcUninitializeCacheMap (
2503 IN PFILE_OBJECT FileObject
,
2504 IN PLARGE_INTEGER TruncateSize OPTIONAL
,
2505 IN PCACHE_UNINITIALIZE_EVENT UninitializeCompleteEvent OPTIONAL
2518 CcUnpinDataForThread (
2520 IN ERESOURCE_THREAD ResourceThreadId
2526 CcUnpinRepinnedBcb (
2528 IN BOOLEAN WriteThrough
,
2529 OUT PIO_STATUS_BLOCK IoStatus
2532 #if (VER_PRODUCTBUILD >= 2195)
2537 CcWaitForCurrentLazyWriterActivity (
2541 #endif /* (VER_PRODUCTBUILD >= 2195) */
2547 IN PFILE_OBJECT FileObject
,
2548 IN PLARGE_INTEGER StartOffset
,
2549 IN PLARGE_INTEGER EndOffset
,
2556 ExDisableResourceBoostLite (
2557 IN PERESOURCE Resource
2563 ExQueryPoolBlockSize (
2565 OUT PBOOLEAN QuotaCharged
2568 #if (VER_PRODUCTBUILD >= 2600)
2570 #ifndef __NTOSKRNL__
2574 ExInitializeRundownProtection (
2575 IN PEX_RUNDOWN_REF RunRef
2581 ExReInitializeRundownProtection (
2582 IN PEX_RUNDOWN_REF RunRef
2588 ExAcquireRundownProtection (
2589 IN PEX_RUNDOWN_REF RunRef
2595 ExAcquireRundownProtectionEx (
2596 IN PEX_RUNDOWN_REF RunRef
,
2603 ExReleaseRundownProtection (
2604 IN PEX_RUNDOWN_REF RunRef
2610 ExReleaseRundownProtectionEx (
2611 IN PEX_RUNDOWN_REF RunRef
,
2618 ExRundownCompleted (
2619 IN PEX_RUNDOWN_REF RunRef
2625 ExWaitForRundownProtectionRelease (
2626 IN PEX_RUNDOWN_REF RunRef
2630 #endif /* (VER_PRODUCTBUILD >= 2600) */
2633 #define FsRtlSetupAdvancedHeader( _advhdr, _fmutx ) \
2635 SetFlag( (_advhdr)->Flags, FSRTL_FLAG_ADVANCED_HEADER ); \
2636 SetFlag( (_advhdr)->Flags2, FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS ); \
2637 (_advhdr)->Version = FSRTL_FCB_HEADER_V1; \
2638 InitializeListHead( &(_advhdr)->FilterContexts ); \
2639 if ((_fmutx) != NULL) { \
2640 (_advhdr)->FastMutex = (_fmutx); \
2642 *((PULONG_PTR)(&(_advhdr)->PushLock)) = 0; \
2643 /*ExInitializePushLock( &(_advhdr)->PushLock ); API Not avaliable downlevel*/\
2644 (_advhdr)->FileContextSupportPointer = NULL; \
2647 #define FlagOn(x, f) ((x) & (f))
2652 FsRtlAddToTunnelCache (
2654 IN ULONGLONG DirectoryKey
,
2655 IN PUNICODE_STRING ShortName
,
2656 IN PUNICODE_STRING LongName
,
2657 IN BOOLEAN KeyByShortName
,
2658 IN ULONG DataLength
,
2662 #if (VER_PRODUCTBUILD >= 2195)
2666 FsRtlAllocateFileLock (
2667 IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL
,
2668 IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL
2671 #endif /* (VER_PRODUCTBUILD >= 2195) */
2677 IN POOL_TYPE PoolType
,
2678 IN ULONG NumberOfBytes
2684 FsRtlAllocatePoolWithQuota (
2685 IN POOL_TYPE PoolType
,
2686 IN ULONG NumberOfBytes
2692 FsRtlAllocatePoolWithQuotaTag (
2693 IN POOL_TYPE PoolType
,
2694 IN ULONG NumberOfBytes
,
2701 FsRtlAllocatePoolWithTag (
2702 IN POOL_TYPE PoolType
,
2703 IN ULONG NumberOfBytes
,
2710 FsRtlAreNamesEqual (
2711 IN PCUNICODE_STRING Name1
,
2712 IN PCUNICODE_STRING Name2
,
2713 IN BOOLEAN IgnoreCase
,
2714 IN PCWCH UpcaseTable OPTIONAL
2717 #define FsRtlAreThereCurrentFileLocks(FL) ( \
2718 ((FL)->FastIoIsQuestionable) \
2722 FsRtlCheckLockForReadAccess:
2724 All this really does is pick out the lock parameters from the irp (io stack
2725 location?), get IoGetRequestorProcess, and pass values on to
2726 FsRtlFastCheckLockForRead.
2731 FsRtlCheckLockForReadAccess (
2732 IN PFILE_LOCK FileLock
,
2737 FsRtlCheckLockForWriteAccess:
2739 All this really does is pick out the lock parameters from the irp (io stack
2740 location?), get IoGetRequestorProcess, and pass values on to
2741 FsRtlFastCheckLockForWrite.
2746 FsRtlCheckLockForWriteAccess (
2747 IN PFILE_LOCK FileLock
,
2753 (NTAPI
*POPLOCK_WAIT_COMPLETE_ROUTINE
) (
2760 (NTAPI
*POPLOCK_FS_PREPOST_IRP
) (
2772 IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL
,
2773 IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL
2780 IN PFILE_OBJECT FileObject
,
2781 IN PLARGE_INTEGER FileOffset
,
2786 OUT PIO_STATUS_BLOCK IoStatus
,
2787 IN PDEVICE_OBJECT DeviceObject
2794 IN PFILE_OBJECT FileObject
,
2795 IN PLARGE_INTEGER FileOffset
,
2800 OUT PIO_STATUS_BLOCK IoStatus
,
2801 IN PDEVICE_OBJECT DeviceObject
2809 IN PVOID HeapBase OPTIONAL
,
2810 IN SIZE_T ReserveSize OPTIONAL
,
2811 IN SIZE_T CommitSize OPTIONAL
,
2812 IN PVOID Lock OPTIONAL
,
2813 IN PRTL_HEAP_PARAMETERS Parameters OPTIONAL
2819 FsRtlCurrentBatchOplock (
2826 FsRtlDeleteKeyFromTunnelCache (
2828 IN ULONGLONG DirectoryKey
2834 FsRtlDeleteTunnelCache (
2841 FsRtlDeregisterUncProvider (
2856 IN ANSI_STRING Name
,
2857 OUT PANSI_STRING FirstPart
,
2858 OUT PANSI_STRING RemainingPart
2865 IN UNICODE_STRING Name
,
2866 OUT PUNICODE_STRING FirstPart
,
2867 OUT PUNICODE_STRING RemainingPart
2873 FsRtlDoesDbcsContainWildCards (
2874 IN PANSI_STRING Name
2880 FsRtlDoesNameContainWildCards (
2881 IN PUNICODE_STRING Name
2887 FsRtlIsFatDbcsLegal (
2888 IN ANSI_STRING DbcsName
,
2889 IN BOOLEAN WildCardsPermissible
,
2890 IN BOOLEAN PathNamePermissible
,
2891 IN BOOLEAN LeadingBackslashPermissible
2895 #define FsRtlCompleteRequest(IRP,STATUS) { \
2896 (IRP)->IoStatus.Status = (STATUS); \
2897 IoCompleteRequest( (IRP), IO_DISK_INCREMENT ); \
2900 #define FsRtlEnterFileSystem KeEnterCriticalRegion
2902 #define FsRtlExitFileSystem KeLeaveCriticalRegion
2907 FsRtlFastCheckLockForRead (
2908 IN PFILE_LOCK FileLock
,
2909 IN PLARGE_INTEGER FileOffset
,
2910 IN PLARGE_INTEGER Length
,
2912 IN PFILE_OBJECT FileObject
,
2913 IN PEPROCESS Process
2919 FsRtlFastCheckLockForWrite (
2920 IN PFILE_LOCK FileLock
,
2921 IN PLARGE_INTEGER FileOffset
,
2922 IN PLARGE_INTEGER Length
,
2924 IN PFILE_OBJECT FileObject
,
2925 IN PEPROCESS Process
2928 #define FsRtlFastLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, A10, A11) ( \
2929 FsRtlPrivateLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, NULL, A10, A11) \
2935 FsRtlFastUnlockAll (
2936 IN PFILE_LOCK FileLock
,
2937 IN PFILE_OBJECT FileObject
,
2938 IN PEPROCESS Process
,
2939 IN PVOID Context OPTIONAL
2941 /* ret: STATUS_RANGE_NOT_LOCKED */
2946 FsRtlFastUnlockAllByKey (
2947 IN PFILE_LOCK FileLock
,
2948 IN PFILE_OBJECT FileObject
,
2949 IN PEPROCESS Process
,
2951 IN PVOID Context OPTIONAL
2953 /* ret: STATUS_RANGE_NOT_LOCKED */
2958 FsRtlFastUnlockSingle (
2959 IN PFILE_LOCK FileLock
,
2960 IN PFILE_OBJECT FileObject
,
2961 IN PLARGE_INTEGER FileOffset
,
2962 IN PLARGE_INTEGER Length
,
2963 IN PEPROCESS Process
,
2965 IN PVOID Context OPTIONAL
,
2966 IN BOOLEAN AlreadySynchronized
2968 /* ret: STATUS_RANGE_NOT_LOCKED */
2973 FsRtlFindInTunnelCache (
2975 IN ULONGLONG DirectoryKey
,
2976 IN PUNICODE_STRING Name
,
2977 OUT PUNICODE_STRING ShortName
,
2978 OUT PUNICODE_STRING LongName
,
2979 IN OUT PULONG DataLength
,
2983 #if (VER_PRODUCTBUILD >= 2195)
2989 IN PFILE_LOCK FileLock
2992 #endif /* (VER_PRODUCTBUILD >= 2195) */
2998 IN PFILE_OBJECT FileObject
,
2999 IN OUT PLARGE_INTEGER FileSize
3003 FsRtlGetNextFileLock:
3005 ret: NULL if no more locks
3008 FsRtlGetNextFileLock uses FileLock->LastReturnedLockInfo and
3009 FileLock->LastReturnedLock as storage.
3010 LastReturnedLock is a pointer to the 'raw' lock inkl. double linked
3011 list, and FsRtlGetNextFileLock needs this to get next lock on subsequent
3012 calls with Restart = FALSE.
3017 FsRtlGetNextFileLock (
3018 IN PFILE_LOCK FileLock
,
3025 FsRtlInitializeFileLock (
3026 IN PFILE_LOCK FileLock
,
3027 IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL
,
3028 IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL
3034 FsRtlInitializeOplock (
3035 IN OUT POPLOCK Oplock
3041 FsRtlInitializeTunnelCache (
3048 FsRtlIsNameInExpression (
3049 IN PUNICODE_STRING Expression
,
3050 IN PUNICODE_STRING Name
,
3051 IN BOOLEAN IgnoreCase
,
3052 IN PWCHAR UpcaseTable OPTIONAL
3058 FsRtlIsNtstatusExpected (
3059 IN NTSTATUS Ntstatus
3062 #define NLS_OEM_LEAD_BYTE_INFO NlsOemLeadByteInfo
3064 extern PUSHORT NlsOemLeadByteInfo
;
3066 #define FsRtlIsLeadDbcsCharacter(DBCS_CHAR) ( \
3067 (BOOLEAN)((UCHAR)(DBCS_CHAR) < 0x80 ? FALSE : \
3068 (NLS_MB_CODE_PAGE_TAG && \
3069 (NLS_OEM_LEAD_BYTE_INFO[(UCHAR)(DBCS_CHAR)] != 0))) \
3072 #define FsRtlIsAnsiCharacterWild(C) ( \
3073 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], FSRTL_WILD_CHARACTER ) \
3076 #define FsRtlIsUnicodeCharacterWild(C) ( \
3079 FlagOn(FsRtlLegalAnsiCharacterArray[(C)], FSRTL_WILD_CHARACTER )) \
3086 IN PFILE_OBJECT FileObject
,
3087 IN PLARGE_INTEGER FileOffset
,
3091 OUT PIO_STATUS_BLOCK IoStatus
,
3092 IN PDEVICE_OBJECT DeviceObject
3098 FsRtlMdlReadComplete (
3099 IN PFILE_OBJECT FileObject
,
3106 FsRtlMdlReadCompleteDev (
3107 IN PFILE_OBJECT FileObject
,
3109 IN PDEVICE_OBJECT DeviceObject
3115 FsRtlPrepareMdlWriteDev (
3116 IN PFILE_OBJECT FileObject
,
3117 IN PLARGE_INTEGER FileOffset
,
3121 OUT PIO_STATUS_BLOCK IoStatus
,
3122 IN PDEVICE_OBJECT DeviceObject
3128 FsRtlMdlWriteComplete (
3129 IN PFILE_OBJECT FileObject
,
3130 IN PLARGE_INTEGER FileOffset
,
3137 FsRtlMdlWriteCompleteDev (
3138 IN PFILE_OBJECT FileObject
,
3139 IN PLARGE_INTEGER FileOffset
,
3141 IN PDEVICE_OBJECT DeviceObject
3147 FsRtlNormalizeNtstatus (
3148 IN NTSTATUS Exception
,
3149 IN NTSTATUS GenericException
3155 FsRtlNotifyChangeDirectory (
3156 IN PNOTIFY_SYNC NotifySync
,
3158 IN PSTRING FullDirectoryName
,
3159 IN PLIST_ENTRY NotifyList
,
3160 IN BOOLEAN WatchTree
,
3161 IN ULONG CompletionFilter
,
3168 FsRtlNotifyCleanup (
3169 IN PNOTIFY_SYNC NotifySync
,
3170 IN PLIST_ENTRY NotifyList
,
3174 typedef BOOLEAN (*PCHECK_FOR_TRAVERSE_ACCESS
) (
3175 IN PVOID NotifyContext
,
3176 IN PVOID TargetContext
,
3177 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
3183 FsRtlNotifyFullChangeDirectory (
3184 IN PNOTIFY_SYNC NotifySync
,
3185 IN PLIST_ENTRY NotifyList
,
3187 IN PSTRING FullDirectoryName
,
3188 IN BOOLEAN WatchTree
,
3189 IN BOOLEAN IgnoreBuffer
,
3190 IN ULONG CompletionFilter
,
3192 IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL
,
3193 IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL
3199 FsRtlNotifyFullReportChange (
3200 IN PNOTIFY_SYNC NotifySync
,
3201 IN PLIST_ENTRY NotifyList
,
3202 IN PSTRING FullTargetName
,
3203 IN USHORT TargetNameOffset
,
3204 IN PSTRING StreamName OPTIONAL
,
3205 IN PSTRING NormalizedParentName OPTIONAL
,
3206 IN ULONG FilterMatch
,
3208 IN PVOID TargetContext
3214 FsRtlNotifyInitializeSync (
3215 IN PNOTIFY_SYNC
*NotifySync
3221 FsRtlNotifyReportChange (
3222 IN PNOTIFY_SYNC NotifySync
,
3223 IN PLIST_ENTRY NotifyList
,
3224 IN PSTRING FullTargetName
,
3225 IN PUSHORT FileNamePartLength
,
3226 IN ULONG FilterMatch
3232 FsRtlNotifyUninitializeSync (
3233 IN PNOTIFY_SYNC
*NotifySync
3236 #if (VER_PRODUCTBUILD >= 2195)
3241 FsRtlNotifyVolumeEvent (
3242 IN PFILE_OBJECT FileObject
,
3246 #endif /* (VER_PRODUCTBUILD >= 2195) */
3260 FsRtlOplockIsFastIoPossible (
3267 ret: IoStatus->Status: STATUS_PENDING, STATUS_LOCK_NOT_GRANTED
3270 -Calls IoCompleteRequest if Irp
3271 -Uses exception handling / ExRaiseStatus with STATUS_INSUFFICIENT_RESOURCES
3277 IN PFILE_LOCK FileLock
,
3278 IN PFILE_OBJECT FileObject
,
3279 IN PLARGE_INTEGER FileOffset
,
3280 IN PLARGE_INTEGER Length
,
3281 IN PEPROCESS Process
,
3283 IN BOOLEAN FailImmediately
,
3284 IN BOOLEAN ExclusiveLock
,
3285 OUT PIO_STATUS_BLOCK IoStatus
,
3286 IN PIRP Irp OPTIONAL
,
3288 IN BOOLEAN AlreadySynchronized
3292 FsRtlProcessFileLock:
3295 -STATUS_INVALID_DEVICE_REQUEST
3296 -STATUS_RANGE_NOT_LOCKED from unlock routines.
3297 -STATUS_PENDING, STATUS_LOCK_NOT_GRANTED from FsRtlPrivateLock
3298 (redirected IoStatus->Status).
3301 -switch ( Irp->CurrentStackLocation->MinorFunction )
3302 lock: return FsRtlPrivateLock;
3303 unlocksingle: return FsRtlFastUnlockSingle;
3304 unlockall: return FsRtlFastUnlockAll;
3305 unlockallbykey: return FsRtlFastUnlockAllByKey;
3306 default: IofCompleteRequest with STATUS_INVALID_DEVICE_REQUEST;
3307 return STATUS_INVALID_DEVICE_REQUEST;
3309 -'AllwaysZero' is passed thru as 'AllwaysZero' to lock / unlock routines.
3310 -'Irp' is passet thru as 'Irp' to FsRtlPrivateLock.
3315 FsRtlProcessFileLock (
3316 IN PFILE_LOCK FileLock
,
3318 IN PVOID Context OPTIONAL
3324 FsRtlRegisterUncProvider (
3325 IN OUT PHANDLE MupHandle
,
3326 IN PUNICODE_STRING RedirectorDeviceName
,
3327 IN BOOLEAN MailslotsSupported
3331 (NTAPI
*PFSRTL_STACK_OVERFLOW_ROUTINE
) (
3339 FsRtlPostStackOverflow (
3342 IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine
3348 FsRtlPostPagingFileStackOverflow (
3351 IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine
3357 FsRtlTeardownPerStreamContexts (
3358 IN PFSRTL_ADVANCED_FCB_HEADER AdvancedHeader
3364 FsRtlUninitializeFileLock (
3365 IN PFILE_LOCK FileLock
3371 FsRtlUninitializeOplock (
3372 IN OUT POPLOCK Oplock
3385 KeSetIdealProcessorThread(
3386 IN OUT PKTHREAD Thread
,
3393 IoAttachDeviceToDeviceStackSafe(
3394 IN PDEVICE_OBJECT SourceDevice
,
3395 IN PDEVICE_OBJECT TargetDevice
,
3396 OUT PDEVICE_OBJECT
*AttachedToDeviceObject
3402 IoAcquireVpbSpinLock (
3409 IoCheckDesiredAccess (
3410 IN OUT PACCESS_MASK DesiredAccess
,
3411 IN ACCESS_MASK GrantedAccess
3417 IoCheckEaBufferValidity (
3418 IN PFILE_FULL_EA_INFORMATION EaBuffer
,
3420 OUT PULONG ErrorOffset
3426 IoCheckFunctionAccess (
3427 IN ACCESS_MASK GrantedAccess
,
3428 IN UCHAR MajorFunction
,
3429 IN UCHAR MinorFunction
,
3430 IN ULONG IoControlCode
,
3431 IN PVOID Argument1 OPTIONAL
,
3432 IN PVOID Argument2 OPTIONAL
3435 #if (VER_PRODUCTBUILD >= 2195)
3440 IoCheckQuotaBufferValidity (
3441 IN PFILE_QUOTA_INFORMATION QuotaBuffer
,
3442 IN ULONG QuotaLength
,
3443 OUT PULONG ErrorOffset
3446 #endif /* (VER_PRODUCTBUILD >= 2195) */
3451 IoCreateStreamFileObject (
3452 IN PFILE_OBJECT FileObject OPTIONAL
,
3453 IN PDEVICE_OBJECT DeviceObject OPTIONAL
3456 #if (VER_PRODUCTBUILD >= 2195)
3461 IoCreateStreamFileObjectLite (
3462 IN PFILE_OBJECT FileObject OPTIONAL
,
3463 IN PDEVICE_OBJECT DeviceObject OPTIONAL
3466 #endif /* (VER_PRODUCTBUILD >= 2195) */
3471 IoFastQueryNetworkAttributes (
3472 IN POBJECT_ATTRIBUTES ObjectAttributes
,
3473 IN ACCESS_MASK DesiredAccess
,
3474 IN ULONG OpenOptions
,
3475 OUT PIO_STATUS_BLOCK IoStatus
,
3476 OUT PFILE_NETWORK_OPEN_INFORMATION Buffer
3482 IoGetAttachedDevice (
3483 IN PDEVICE_OBJECT DeviceObject
3489 IoGetBaseFileSystemDeviceObject (
3490 IN PFILE_OBJECT FileObject
3496 IoGetRequestorProcess (
3500 #if (VER_PRODUCTBUILD >= 2195)
3505 IoGetRequestorProcessId (
3509 #endif /* (VER_PRODUCTBUILD >= 2195) */
3518 #define IoIsFileOpenedExclusively(FileObject) ( \
3520 (FileObject)->SharedRead || \
3521 (FileObject)->SharedWrite || \
3522 (FileObject)->SharedDelete \
3529 IoIsOperationSynchronous (
3540 #if (VER_PRODUCTBUILD >= 2195)
3545 IoIsValidNameGraftingBuffer (
3547 IN PREPARSE_DATA_BUFFER ReparseBuffer
3550 #endif /* (VER_PRODUCTBUILD >= 2195) */
3556 IN PFILE_OBJECT FileObject
,
3558 IN PLARGE_INTEGER Offset
,
3560 OUT PIO_STATUS_BLOCK IoStatusBlock
3566 IoQueryFileInformation (
3567 IN PFILE_OBJECT FileObject
,
3568 IN FILE_INFORMATION_CLASS FileInformationClass
,
3570 OUT PVOID FileInformation
,
3571 OUT PULONG ReturnedLength
3577 IoQueryVolumeInformation (
3578 IN PFILE_OBJECT FileObject
,
3579 IN FS_INFORMATION_CLASS FsInformationClass
,
3581 OUT PVOID FsInformation
,
3582 OUT PULONG ReturnedLength
3595 IoRegisterFileSystem (
3596 IN OUT PDEVICE_OBJECT DeviceObject
3599 #if (VER_PRODUCTBUILD >= 1381)
3601 typedef VOID (NTAPI
*PDRIVER_FS_NOTIFICATION
) (
3602 IN PDEVICE_OBJECT DeviceObject
,
3603 IN BOOLEAN DriverActive
3609 IoRegisterFsRegistrationChange (
3610 IN PDRIVER_OBJECT DriverObject
,
3611 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
3614 #endif /* (VER_PRODUCTBUILD >= 1381) */
3619 IoReleaseVpbSpinLock (
3626 IoSetDeviceToVerify (
3628 IN PDEVICE_OBJECT DeviceObject
3635 IN PFILE_OBJECT FileObject
,
3636 IN FILE_INFORMATION_CLASS FileInformationClass
,
3638 IN PVOID FileInformation
3651 IoSynchronousPageWrite (
3652 IN PFILE_OBJECT FileObject
,
3654 IN PLARGE_INTEGER FileOffset
,
3656 OUT PIO_STATUS_BLOCK IoStatusBlock
3669 IoUnregisterFileSystem (
3670 IN OUT PDEVICE_OBJECT DeviceObject
3673 #if (VER_PRODUCTBUILD >= 1381)
3678 IoUnregisterFsRegistrationChange (
3679 IN PDRIVER_OBJECT DriverObject
,
3680 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
3683 #endif /* (VER_PRODUCTBUILD >= 1381) */
3689 IN PDEVICE_OBJECT DeviceObject
,
3690 IN BOOLEAN AllowRawMount
3693 #if !defined (_M_AMD64)
3698 KeAcquireQueuedSpinLock (
3699 IN KSPIN_LOCK_QUEUE_NUMBER Number
3705 KeReleaseQueuedSpinLock (
3706 IN KSPIN_LOCK_QUEUE_NUMBER Number
,
3713 KeAcquireSpinLockRaiseToSynch(
3714 IN OUT PKSPIN_LOCK SpinLock
3720 KeTryToAcquireQueuedSpinLock(
3721 KSPIN_LOCK_QUEUE_NUMBER Number
,
3729 KeAcquireQueuedSpinLock (
3730 IN KSPIN_LOCK_QUEUE_NUMBER Number
3736 KeReleaseQueuedSpinLock (
3737 IN KSPIN_LOCK_QUEUE_NUMBER Number
,
3743 KeAcquireSpinLockRaiseToSynch(
3744 IN OUT PKSPIN_LOCK SpinLock
3749 KeTryToAcquireQueuedSpinLock(
3750 KSPIN_LOCK_QUEUE_NUMBER Number
,
3759 IN PKPROCESS Process
3774 IN ULONG Count OPTIONAL
3782 IN PLIST_ENTRY Entry
3790 IN PLIST_ENTRY Entry
3805 IN KPROCESSOR_MODE WaitMode
,
3806 IN PLARGE_INTEGER Timeout OPTIONAL
3819 KeInitializeMutant (
3820 IN PRKMUTANT Mutant
,
3821 IN BOOLEAN InitialOwner
3835 IN PRKMUTANT Mutant
,
3836 IN KPRIORITY Increment
,
3837 IN BOOLEAN Abandoned
,
3841 #if (VER_PRODUCTBUILD >= 2195)
3846 KeStackAttachProcess (
3847 IN PKPROCESS Process
,
3848 OUT PKAPC_STATE ApcState
3854 KeUnstackDetachProcess (
3855 IN PKAPC_STATE ApcState
3858 #endif /* (VER_PRODUCTBUILD >= 2195) */
3863 KeSetKernelStackSwapEnable(
3870 MmCanFileBeTruncated (
3871 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
3872 IN PLARGE_INTEGER NewFileSize
3878 MmFlushImageSection (
3879 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
3880 IN MMFLUSH_TYPE FlushType
3886 MmForceSectionClosed (
3887 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
3888 IN BOOLEAN DelayClose
3891 #if (VER_PRODUCTBUILD >= 1381)
3896 MmIsRecursiveIoFault (
3902 #define MmIsRecursiveIoFault() ( \
3903 (PsGetCurrentThread()->DisablePageFaultClustering) | \
3904 (PsGetCurrentThread()->ForwardClusterOnly) \
3913 MmSetAddressRangeModified (
3922 IN KPROCESSOR_MODE ObjectAttributesAccessMode OPTIONAL
,
3923 IN POBJECT_TYPE ObjectType
,
3924 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
3925 IN KPROCESSOR_MODE AccessMode
,
3926 IN OUT PVOID ParseContext OPTIONAL
,
3927 IN ULONG ObjectSize
,
3928 IN ULONG PagedPoolCharge OPTIONAL
,
3929 IN ULONG NonPagedPoolCharge OPTIONAL
,
3936 ObGetObjectPointerCount (
3945 IN PACCESS_STATE PassedAccessState OPTIONAL
,
3946 IN ACCESS_MASK DesiredAccess
,
3947 IN ULONG AdditionalReferences
,
3948 OUT PVOID
*ReferencedObject OPTIONAL
,
3955 ObMakeTemporaryObject (
3962 ObOpenObjectByPointer (
3964 IN ULONG HandleAttributes
,
3965 IN PACCESS_STATE PassedAccessState OPTIONAL
,
3966 IN ACCESS_MASK DesiredAccess OPTIONAL
,
3967 IN POBJECT_TYPE ObjectType OPTIONAL
,
3968 IN KPROCESSOR_MODE AccessMode
,
3977 OUT POBJECT_NAME_INFORMATION ObjectNameInfo
,
3979 OUT PULONG ReturnLength
3985 ObQueryObjectAuditingByHandle (
3987 OUT PBOOLEAN GenerateOnClose
3993 ObReferenceObjectByName (
3994 IN PUNICODE_STRING ObjectName
,
3995 IN ULONG Attributes
,
3996 IN PACCESS_STATE PassedAccessState OPTIONAL
,
3997 IN ACCESS_MASK DesiredAccess OPTIONAL
,
3998 IN POBJECT_TYPE ObjectType
,
3999 IN KPROCESSOR_MODE AccessMode
,
4000 IN OUT PVOID ParseContext OPTIONAL
,
4007 PsAssignImpersonationToken (
4016 IN PEPROCESS Process
,
4017 IN POOL_TYPE PoolType
,
4024 PsChargeProcessPoolQuota (
4025 IN PEPROCESS Process
,
4026 IN POOL_TYPE PoolType
,
4030 #define PsDereferenceImpersonationToken(T) \
4031 {if (ARGUMENT_PRESENT(T)) { \
4032 (ObDereferenceObject((T))); \
4038 #define PsDereferencePrimaryToken(T) (ObDereferenceObject((T)))
4043 PsDisableImpersonation(
4045 IN PSE_IMPERSONATION_STATE ImpersonationState
4051 PsGetProcessExitTime (
4058 PsImpersonateClient(
4060 IN PACCESS_TOKEN Token
,
4061 IN BOOLEAN CopyOnOpen
,
4062 IN BOOLEAN EffectiveOnly
,
4063 IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
4076 PsIsThreadTerminating (
4083 PsLookupProcessByProcessId (
4084 IN HANDLE ProcessId
,
4085 OUT PEPROCESS
*Process
4091 PsLookupProcessThreadByCid (
4093 OUT PEPROCESS
*Process OPTIONAL
,
4094 OUT PETHREAD
*Thread
4100 PsLookupThreadByThreadId (
4101 IN HANDLE UniqueThreadId
,
4102 OUT PETHREAD
*Thread
4108 PsReferenceImpersonationToken (
4110 OUT PBOOLEAN CopyOnUse
,
4111 OUT PBOOLEAN EffectiveOnly
,
4112 OUT PSECURITY_IMPERSONATION_LEVEL Level
4118 PsReferencePrimaryToken (
4119 IN PEPROCESS Process
4125 PsRestoreImpersonation(
4127 IN PSE_IMPERSONATION_STATE ImpersonationState
4134 IN PEPROCESS Process
,
4135 IN POOL_TYPE PoolType
,
4149 RtlAbsoluteToSelfRelativeSD (
4150 IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor
,
4151 IN OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor
,
4152 IN PULONG BufferLength
4159 IN HANDLE HeapHandle
,
4167 RtlAppendStringToString(
4168 PSTRING Destination
,
4169 const STRING
*Source
4175 RtlCaptureStackBackTrace (
4176 IN ULONG FramesToSkip
,
4177 IN ULONG FramesToCapture
,
4178 OUT PVOID
*BackTrace
,
4179 OUT PULONG BackTraceHash OPTIONAL
4185 RtlCompareMemoryUlong (
4195 IN USHORT CompressionFormatAndEngine
,
4196 IN PUCHAR UncompressedBuffer
,
4197 IN ULONG UncompressedBufferSize
,
4198 OUT PUCHAR CompressedBuffer
,
4199 IN ULONG CompressedBufferSize
,
4200 IN ULONG UncompressedChunkSize
,
4201 OUT PULONG FinalCompressedSize
,
4209 IN PUCHAR UncompressedBuffer
,
4210 IN ULONG UncompressedBufferSize
,
4211 OUT PUCHAR CompressedBuffer
,
4212 IN ULONG CompressedBufferSize
,
4213 IN OUT PCOMPRESSED_DATA_INFO CompressedDataInfo
,
4214 IN ULONG CompressedDataInfoLength
,
4221 RtlConvertSidToUnicodeString (
4222 OUT PUNICODE_STRING DestinationString
,
4224 IN BOOLEAN AllocateDestinationString
4232 IN PSID Destination
,
4239 RtlCreateUnicodeString(
4240 PUNICODE_STRING DestinationString
,
4247 RtlDecompressBuffer (
4248 IN USHORT CompressionFormat
,
4249 OUT PUCHAR UncompressedBuffer
,
4250 IN ULONG UncompressedBufferSize
,
4251 IN PUCHAR CompressedBuffer
,
4252 IN ULONG CompressedBufferSize
,
4253 OUT PULONG FinalUncompressedSize
4259 RtlDecompressChunks (
4260 OUT PUCHAR UncompressedBuffer
,
4261 IN ULONG UncompressedBufferSize
,
4262 IN PUCHAR CompressedBuffer
,
4263 IN ULONG CompressedBufferSize
,
4264 IN PUCHAR CompressedTail
,
4265 IN ULONG CompressedTailSize
,
4266 IN PCOMPRESSED_DATA_INFO CompressedDataInfo
4272 RtlDecompressFragment (
4273 IN USHORT CompressionFormat
,
4274 OUT PUCHAR UncompressedFragment
,
4275 IN ULONG UncompressedFragmentSize
,
4276 IN PUCHAR CompressedBuffer
,
4277 IN ULONG CompressedBufferSize
,
4278 IN ULONG FragmentOffset
,
4279 OUT PULONG FinalUncompressedSize
,
4287 IN USHORT CompressionFormat
,
4288 IN OUT PUCHAR
*CompressedBuffer
,
4289 IN PUCHAR EndOfCompressedBufferPlus1
,
4290 OUT PUCHAR
*ChunkBuffer
,
4291 OUT PULONG ChunkSize
4297 RtlDowncaseUnicodeString(
4298 IN OUT PUNICODE_STRING UniDest
,
4299 IN PCUNICODE_STRING UniSource
,
4300 IN BOOLEAN AllocateDestinationString
4306 RtlDuplicateUnicodeString(
4308 IN PCUNICODE_STRING SourceString
,
4309 OUT PUNICODE_STRING DestinationString
4323 RtlFillMemoryUlong (
4324 IN PVOID Destination
,
4333 IN HANDLE HeapHandle
,
4342 IN OUT POEM_STRING OemString
4348 RtlGenerate8dot3Name (
4349 IN PUNICODE_STRING Name
,
4350 IN BOOLEAN AllowExtendedCharacters
,
4351 IN OUT PGENERATE_NAME_CONTEXT Context
,
4352 OUT PUNICODE_STRING Name8dot3
4358 RtlGetCompressionWorkSpaceSize (
4359 IN USHORT CompressionFormatAndEngine
,
4360 OUT PULONG CompressBufferWorkSpaceSize
,
4361 OUT PULONG CompressFragmentWorkSpaceSize
4367 RtlGetDaclSecurityDescriptor (
4368 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
4369 OUT PBOOLEAN DaclPresent
,
4371 OUT PBOOLEAN DaclDefaulted
4377 RtlGetGroupSecurityDescriptor (
4378 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
4380 OUT PBOOLEAN GroupDefaulted
4386 RtlGetOwnerSecurityDescriptor (
4387 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
4389 OUT PBOOLEAN OwnerDefaulted
4397 IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority
,
4398 IN UCHAR SubAuthorityCount
4404 RtlIsNameLegalDOS8Dot3(
4405 IN PCUNICODE_STRING Name
,
4406 IN OUT POEM_STRING OemName OPTIONAL
,
4407 IN OUT PBOOLEAN NameContainsSpaces OPTIONAL
4413 RtlLengthRequiredSid (
4414 IN ULONG SubAuthorityCount
4427 RtlNtStatusToDosError (
4434 RtlOemStringToUnicodeString(
4435 IN OUT PUNICODE_STRING DestinationString
,
4436 IN PCOEM_STRING SourceString
,
4437 IN BOOLEAN AllocateDestinationString
4443 RtlUnicodeStringToOemString(
4444 IN OUT POEM_STRING DestinationString
,
4445 IN PCUNICODE_STRING SourceString
,
4446 IN BOOLEAN AllocateDestinationString
4452 RtlOemStringToCountedUnicodeString(
4453 IN OUT PUNICODE_STRING DestinationString
,
4454 IN PCOEM_STRING SourceString
,
4455 IN BOOLEAN AllocateDestinationString
4461 RtlUnicodeStringToCountedOemString(
4462 IN OUT POEM_STRING DestinationString
,
4463 IN PCUNICODE_STRING SourceString
,
4464 IN BOOLEAN AllocateDestinationString
4471 IN USHORT CompressionFormat
,
4472 IN OUT PUCHAR
*CompressedBuffer
,
4473 IN PUCHAR EndOfCompressedBufferPlus1
,
4474 OUT PUCHAR
*ChunkBuffer
,
4481 RtlSecondsSince1970ToTime (
4482 IN ULONG SecondsSince1970
,
4483 OUT PLARGE_INTEGER Time
4489 RtlSetGroupSecurityDescriptor (
4490 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
4492 IN BOOLEAN GroupDefaulted
4498 RtlSetOwnerSecurityDescriptor (
4499 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
4501 IN BOOLEAN OwnerDefaulted
4507 RtlSetSaclSecurityDescriptor (
4508 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
4509 IN BOOLEAN SaclPresent
,
4511 IN BOOLEAN SaclDefaulted
4517 RtlSubAuthorityCountSid (
4524 RtlSubAuthoritySid (
4526 IN ULONG SubAuthority
4532 RtlUnicodeToMultiByteN(
4533 OUT PCHAR MultiByteString
,
4534 IN ULONG MaxBytesInMultiByteString
,
4535 OUT PULONG BytesInMultiByteString OPTIONAL
,
4536 IN PWCH UnicodeString
,
4537 IN ULONG BytesInUnicodeString
4544 OUT PWSTR UnicodeString
,
4545 IN ULONG MaxBytesInUnicodeString
,
4546 OUT PULONG BytesInUnicodeString OPTIONAL
,
4548 IN ULONG BytesInOemString
4551 /* RTL Splay Tree Functions */
4555 RtlSplay(PRTL_SPLAY_LINKS Links
);
4560 RtlDelete(PRTL_SPLAY_LINKS Links
);
4566 PRTL_SPLAY_LINKS Links
,
4567 PRTL_SPLAY_LINKS
*Root
4573 RtlSubtreeSuccessor(PRTL_SPLAY_LINKS Links
);
4578 RtlSubtreePredecessor(PRTL_SPLAY_LINKS Links
);
4583 RtlRealSuccessor(PRTL_SPLAY_LINKS Links
);
4588 RtlRealPredecessor(PRTL_SPLAY_LINKS Links
);
4590 #define RtlIsLeftChild(Links) \
4591 (RtlLeftChild(RtlParent(Links)) == (PRTL_SPLAY_LINKS)(Links))
4593 #define RtlIsRightChild(Links) \
4594 (RtlRightChild(RtlParent(Links)) == (PRTL_SPLAY_LINKS)(Links))
4596 #define RtlRightChild(Links) \
4597 ((PRTL_SPLAY_LINKS)(Links))->RightChild
4599 #define RtlIsRoot(Links) \
4600 (RtlParent(Links) == (PRTL_SPLAY_LINKS)(Links))
4602 #define RtlLeftChild(Links) \
4603 ((PRTL_SPLAY_LINKS)(Links))->LeftChild
4605 #define RtlParent(Links) \
4606 ((PRTL_SPLAY_LINKS)(Links))->Parent
4608 #define RtlInitializeSplayLinks(Links) \
4610 PRTL_SPLAY_LINKS _SplayLinks; \
4611 _SplayLinks = (PRTL_SPLAY_LINKS)(Links); \
4612 _SplayLinks->Parent = _SplayLinks; \
4613 _SplayLinks->LeftChild = NULL; \
4614 _SplayLinks->RightChild = NULL; \
4617 #define RtlInsertAsLeftChild(ParentLinks,ChildLinks) \
4619 PRTL_SPLAY_LINKS _SplayParent; \
4620 PRTL_SPLAY_LINKS _SplayChild; \
4621 _SplayParent = (PRTL_SPLAY_LINKS)(ParentLinks); \
4622 _SplayChild = (PRTL_SPLAY_LINKS)(ChildLinks); \
4623 _SplayParent->LeftChild = _SplayChild; \
4624 _SplayChild->Parent = _SplayParent; \
4627 #define RtlInsertAsRightChild(ParentLinks,ChildLinks) \
4629 PRTL_SPLAY_LINKS _SplayParent; \
4630 PRTL_SPLAY_LINKS _SplayChild; \
4631 _SplayParent = (PRTL_SPLAY_LINKS)(ParentLinks); \
4632 _SplayChild = (PRTL_SPLAY_LINKS)(ChildLinks); \
4633 _SplayParent->RightChild = _SplayChild; \
4634 _SplayChild->Parent = _SplayParent; \
4647 SeAppendPrivileges (
4648 PACCESS_STATE AccessState
,
4649 PPRIVILEGE_SET Privileges
4655 SeAuditingFileEvents (
4656 IN BOOLEAN AccessGranted
,
4657 IN PSECURITY_DESCRIPTOR SecurityDescriptor
4663 SeAuditingFileOrGlobalEvents (
4664 IN BOOLEAN AccessGranted
,
4665 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
4666 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
4672 SeCaptureSubjectContext (
4673 OUT PSECURITY_SUBJECT_CONTEXT SubjectContext
4679 SeCreateClientSecurity (
4681 IN PSECURITY_QUALITY_OF_SERVICE QualityOfService
,
4682 IN BOOLEAN RemoteClient
,
4683 OUT PSECURITY_CLIENT_CONTEXT ClientContext
4686 #if (VER_PRODUCTBUILD >= 2195)
4691 SeCreateClientSecurityFromSubjectContext (
4692 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
,
4693 IN PSECURITY_QUALITY_OF_SERVICE QualityOfService
,
4694 IN BOOLEAN ServerIsRemote
,
4695 OUT PSECURITY_CLIENT_CONTEXT ClientContext
4698 #endif /* (VER_PRODUCTBUILD >= 2195) */
4701 #define SeLengthSid( Sid ) \
4702 (8 + (4 * ((SID *)Sid)->SubAuthorityCount))
4704 #define SeDeleteClientSecurity(C) { \
4705 if (SeTokenType((C)->ClientToken) == TokenPrimary) { \
4706 PsDereferencePrimaryToken( (C)->ClientToken ); \
4708 PsDereferenceImpersonationToken( (C)->ClientToken ); \
4715 SeDeleteObjectAuditAlarm (
4720 #define SeEnableAccessToExports() SeExports = *(PSE_EXPORTS *)SeExports;
4726 IN PPRIVILEGE_SET Privileges
4732 SeImpersonateClient (
4733 IN PSECURITY_CLIENT_CONTEXT ClientContext
,
4734 IN PETHREAD ServerThread OPTIONAL
4737 #if (VER_PRODUCTBUILD >= 2195)
4742 SeImpersonateClientEx (
4743 IN PSECURITY_CLIENT_CONTEXT ClientContext
,
4744 IN PETHREAD ServerThread OPTIONAL
4747 #endif /* (VER_PRODUCTBUILD >= 2195) */
4752 SeLockSubjectContext (
4753 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
4759 SeMarkLogonSessionForTerminationNotification (
4766 SeOpenObjectAuditAlarm (
4767 IN PUNICODE_STRING ObjectTypeName
,
4768 IN PVOID Object OPTIONAL
,
4769 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL
,
4770 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
4771 IN PACCESS_STATE AccessState
,
4772 IN BOOLEAN ObjectCreated
,
4773 IN BOOLEAN AccessGranted
,
4774 IN KPROCESSOR_MODE AccessMode
,
4775 OUT PBOOLEAN GenerateOnClose
4781 SeOpenObjectForDeleteAuditAlarm (
4782 IN PUNICODE_STRING ObjectTypeName
,
4783 IN PVOID Object OPTIONAL
,
4784 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL
,
4785 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
4786 IN PACCESS_STATE AccessState
,
4787 IN BOOLEAN ObjectCreated
,
4788 IN BOOLEAN AccessGranted
,
4789 IN KPROCESSOR_MODE AccessMode
,
4790 OUT PBOOLEAN GenerateOnClose
4797 IN OUT PPRIVILEGE_SET RequiredPrivileges
,
4798 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
,
4799 IN KPROCESSOR_MODE AccessMode
4805 SeQueryAuthenticationIdToken (
4806 IN PACCESS_TOKEN Token
,
4810 #if (VER_PRODUCTBUILD >= 2195)
4815 SeQueryInformationToken (
4816 IN PACCESS_TOKEN Token
,
4817 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
4818 OUT PVOID
*TokenInformation
4821 #endif /* (VER_PRODUCTBUILD >= 2195) */
4826 SeQuerySecurityDescriptorInfo (
4827 IN PSECURITY_INFORMATION SecurityInformation
,
4828 OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
4829 IN OUT PULONG Length
,
4830 IN PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
4833 #if (VER_PRODUCTBUILD >= 2195)
4838 SeQuerySessionIdToken (
4839 IN PACCESS_TOKEN Token
,
4843 #endif /* (VER_PRODUCTBUILD >= 2195) */
4845 #define SeQuerySubjectContextToken( SubjectContext ) \
4846 ( ARGUMENT_PRESENT( \
4847 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken \
4849 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken : \
4850 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->PrimaryToken )
4852 typedef NTSTATUS (*PSE_LOGON_SESSION_TERMINATED_ROUTINE
) (
4859 SeRegisterLogonSessionTerminatedRoutine (
4860 IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
4866 SeReleaseSubjectContext (
4867 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
4873 SeSetAccessStateGenericMapping (
4874 PACCESS_STATE AccessState
,
4875 PGENERIC_MAPPING GenericMapping
4881 SeSetSecurityDescriptorInfo (
4882 IN PVOID Object OPTIONAL
,
4883 IN PSECURITY_INFORMATION SecurityInformation
,
4884 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
4885 IN OUT PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
,
4886 IN POOL_TYPE PoolType
,
4887 IN PGENERIC_MAPPING GenericMapping
4890 #if (VER_PRODUCTBUILD >= 2195)
4895 SeSetSecurityDescriptorInfoEx (
4896 IN PVOID Object OPTIONAL
,
4897 IN PSECURITY_INFORMATION SecurityInformation
,
4898 IN PSECURITY_DESCRIPTOR ModificationDescriptor
,
4899 IN OUT PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
,
4900 IN ULONG AutoInheritFlags
,
4901 IN POOL_TYPE PoolType
,
4902 IN PGENERIC_MAPPING GenericMapping
4909 IN PACCESS_TOKEN Token
4915 SeTokenIsRestricted (
4916 IN PACCESS_TOKEN Token
4922 SeLocateProcessImageName(
4923 IN PEPROCESS Process
,
4924 OUT PUNICODE_STRING
*pImageFileName
4927 #endif /* (VER_PRODUCTBUILD >= 2195) */
4933 IN PACCESS_TOKEN Token
4939 SeUnlockSubjectContext (
4940 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
4946 SeUnregisterLogonSessionTerminatedRoutine (
4947 IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
4950 #if (VER_PRODUCTBUILD >= 2195)
4955 ZwAdjustPrivilegesToken (
4956 IN HANDLE TokenHandle
,
4957 IN BOOLEAN DisableAllPrivileges
,
4958 IN PTOKEN_PRIVILEGES NewState
,
4959 IN ULONG BufferLength
,
4960 OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL
,
4961 OUT PULONG ReturnLength
4964 #endif /* (VER_PRODUCTBUILD >= 2195) */
4970 IN HANDLE ThreadHandle
4976 ZwAllocateVirtualMemory (
4977 IN HANDLE ProcessHandle
,
4978 IN OUT PVOID
*BaseAddress
,
4979 IN ULONG_PTR ZeroBits
,
4980 IN OUT PSIZE_T RegionSize
,
4981 IN ULONG AllocationType
,
4987 NtAccessCheckByTypeAndAuditAlarm(
4988 IN PUNICODE_STRING SubsystemName
,
4990 IN PUNICODE_STRING ObjectTypeName
,
4991 IN PUNICODE_STRING ObjectName
,
4992 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
4993 IN PSID PrincipalSelfSid
,
4994 IN ACCESS_MASK DesiredAccess
,
4995 IN AUDIT_EVENT_TYPE AuditType
,
4997 IN POBJECT_TYPE_LIST ObjectTypeList
,
4998 IN ULONG ObjectTypeLength
,
4999 IN PGENERIC_MAPPING GenericMapping
,
5000 IN BOOLEAN ObjectCreation
,
5001 OUT PACCESS_MASK GrantedAccess
,
5002 OUT PNTSTATUS AccessStatus
,
5003 OUT PBOOLEAN GenerateOnClose
5008 NtAccessCheckByTypeResultListAndAuditAlarm(
5009 IN PUNICODE_STRING SubsystemName
,
5011 IN PUNICODE_STRING ObjectTypeName
,
5012 IN PUNICODE_STRING ObjectName
,
5013 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5014 IN PSID PrincipalSelfSid
,
5015 IN ACCESS_MASK DesiredAccess
,
5016 IN AUDIT_EVENT_TYPE AuditType
,
5018 IN POBJECT_TYPE_LIST ObjectTypeList
,
5019 IN ULONG ObjectTypeLength
,
5020 IN PGENERIC_MAPPING GenericMapping
,
5021 IN BOOLEAN ObjectCreation
,
5022 OUT PACCESS_MASK GrantedAccess
,
5023 OUT PNTSTATUS AccessStatus
,
5024 OUT PBOOLEAN GenerateOnClose
5029 NtAccessCheckByTypeResultListAndAuditAlarmByHandle(
5030 IN PUNICODE_STRING SubsystemName
,
5032 IN HANDLE ClientToken
,
5033 IN PUNICODE_STRING ObjectTypeName
,
5034 IN PUNICODE_STRING ObjectName
,
5035 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5036 IN PSID PrincipalSelfSid
,
5037 IN ACCESS_MASK DesiredAccess
,
5038 IN AUDIT_EVENT_TYPE AuditType
,
5040 IN POBJECT_TYPE_LIST ObjectTypeList
,
5041 IN ULONG ObjectTypeLength
,
5042 IN PGENERIC_MAPPING GenericMapping
,
5043 IN BOOLEAN ObjectCreation
,
5044 OUT PACCESS_MASK GrantedAccess
,
5045 OUT PNTSTATUS AccessStatus
,
5046 OUT PBOOLEAN GenerateOnClose
5052 ZwAccessCheckAndAuditAlarm (
5053 IN PUNICODE_STRING SubsystemName
,
5055 IN PUNICODE_STRING ObjectTypeName
,
5056 IN PUNICODE_STRING ObjectName
,
5057 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5058 IN ACCESS_MASK DesiredAccess
,
5059 IN PGENERIC_MAPPING GenericMapping
,
5060 IN BOOLEAN ObjectCreation
,
5061 OUT PACCESS_MASK GrantedAccess
,
5062 OUT PBOOLEAN AccessStatus
,
5063 OUT PBOOLEAN GenerateOnClose
5066 #if (VER_PRODUCTBUILD >= 2195)
5072 IN HANDLE FileHandle
,
5073 OUT PIO_STATUS_BLOCK IoStatusBlock
5076 #endif /* (VER_PRODUCTBUILD >= 2195) */
5082 IN HANDLE EventHandle
5088 ZwCloseObjectAuditAlarm (
5089 IN PUNICODE_STRING SubsystemName
,
5091 IN BOOLEAN GenerateOnClose
5098 OUT PHANDLE SectionHandle
,
5099 IN ACCESS_MASK DesiredAccess
,
5100 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
5101 IN PLARGE_INTEGER MaximumSize OPTIONAL
,
5102 IN ULONG SectionPageProtection
,
5103 IN ULONG AllocationAttributes
,
5104 IN HANDLE FileHandle OPTIONAL
5110 ZwCreateSymbolicLinkObject (
5111 OUT PHANDLE SymbolicLinkHandle
,
5112 IN ACCESS_MASK DesiredAccess
,
5113 IN POBJECT_ATTRIBUTES ObjectAttributes
,
5114 IN PUNICODE_STRING TargetName
5121 IN POBJECT_ATTRIBUTES ObjectAttributes
5129 IN PUNICODE_STRING Name
5135 ZwDeviceIoControlFile (
5136 IN HANDLE FileHandle
,
5137 IN HANDLE Event OPTIONAL
,
5138 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
5139 IN PVOID ApcContext OPTIONAL
,
5140 OUT PIO_STATUS_BLOCK IoStatusBlock
,
5141 IN ULONG IoControlCode
,
5142 IN PVOID InputBuffer OPTIONAL
,
5143 IN ULONG InputBufferLength
,
5144 OUT PVOID OutputBuffer OPTIONAL
,
5145 IN ULONG OutputBufferLength
5152 IN PUNICODE_STRING String
5159 IN HANDLE SourceProcessHandle
,
5160 IN HANDLE SourceHandle
,
5161 IN HANDLE TargetProcessHandle OPTIONAL
,
5162 OUT PHANDLE TargetHandle OPTIONAL
,
5163 IN ACCESS_MASK DesiredAccess
,
5164 IN ULONG HandleAttributes
,
5172 IN HANDLE ExistingTokenHandle
,
5173 IN ACCESS_MASK DesiredAccess
,
5174 IN POBJECT_ATTRIBUTES ObjectAttributes
,
5175 IN BOOLEAN EffectiveOnly
,
5176 IN TOKEN_TYPE TokenType
,
5177 OUT PHANDLE NewTokenHandle
5183 IN HANDLE ExistingTokenHandle
,
5185 IN PTOKEN_GROUPS SidsToDisable OPTIONAL
,
5186 IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL
,
5187 IN PTOKEN_GROUPS RestrictedSids OPTIONAL
,
5188 OUT PHANDLE NewTokenHandle
5194 ZwFlushInstructionCache (
5195 IN HANDLE ProcessHandle
,
5196 IN PVOID BaseAddress OPTIONAL
,
5204 IN HANDLE FileHandle
,
5205 OUT PIO_STATUS_BLOCK IoStatusBlock
5208 #if (VER_PRODUCTBUILD >= 2195)
5213 ZwFlushVirtualMemory (
5214 IN HANDLE ProcessHandle
,
5215 IN OUT PVOID
*BaseAddress
,
5216 IN OUT PULONG FlushSize
,
5217 OUT PIO_STATUS_BLOCK IoStatusBlock
5220 #endif /* (VER_PRODUCTBUILD >= 2195) */
5225 ZwFreeVirtualMemory (
5226 IN HANDLE ProcessHandle
,
5227 IN OUT PVOID
*BaseAddress
,
5228 IN OUT PSIZE_T RegionSize
,
5236 IN HANDLE FileHandle
,
5237 IN HANDLE Event OPTIONAL
,
5238 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
5239 IN PVOID ApcContext OPTIONAL
,
5240 OUT PIO_STATUS_BLOCK IoStatusBlock
,
5241 IN ULONG FsControlCode
,
5242 IN PVOID InputBuffer OPTIONAL
,
5243 IN ULONG InputBufferLength
,
5244 OUT PVOID OutputBuffer OPTIONAL
,
5245 IN ULONG OutputBufferLength
5248 #if (VER_PRODUCTBUILD >= 2195)
5253 ZwInitiatePowerAction (
5254 IN POWER_ACTION SystemAction
,
5255 IN SYSTEM_POWER_STATE MinSystemState
,
5257 IN BOOLEAN Asynchronous
5260 #endif /* (VER_PRODUCTBUILD >= 2195) */
5266 /* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" */
5267 IN PUNICODE_STRING RegistryPath
5274 IN POBJECT_ATTRIBUTES KeyObjectAttributes
,
5275 IN POBJECT_ATTRIBUTES FileObjectAttributes
5282 IN HANDLE KeyHandle
,
5283 IN HANDLE EventHandle OPTIONAL
,
5284 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
5285 IN PVOID ApcContext OPTIONAL
,
5286 OUT PIO_STATUS_BLOCK IoStatusBlock
,
5287 IN ULONG NotifyFilter
,
5288 IN BOOLEAN WatchSubtree
,
5290 IN ULONG BufferLength
,
5291 IN BOOLEAN Asynchronous
5297 ZwOpenDirectoryObject (
5298 OUT PHANDLE DirectoryHandle
,
5299 IN ACCESS_MASK DesiredAccess
,
5300 IN POBJECT_ATTRIBUTES ObjectAttributes
5307 OUT PHANDLE EventHandle
,
5308 IN ACCESS_MASK DesiredAccess
,
5309 IN POBJECT_ATTRIBUTES ObjectAttributes
5316 OUT PHANDLE ProcessHandle
,
5317 IN ACCESS_MASK DesiredAccess
,
5318 IN POBJECT_ATTRIBUTES ObjectAttributes
,
5319 IN PCLIENT_ID ClientId OPTIONAL
5325 ZwOpenProcessToken (
5326 IN HANDLE ProcessHandle
,
5327 IN ACCESS_MASK DesiredAccess
,
5328 OUT PHANDLE TokenHandle
5335 OUT PHANDLE ThreadHandle
,
5336 IN ACCESS_MASK DesiredAccess
,
5337 IN POBJECT_ATTRIBUTES ObjectAttributes
,
5338 IN PCLIENT_ID ClientId
5345 IN HANDLE ThreadHandle
,
5346 IN ACCESS_MASK DesiredAccess
,
5347 IN BOOLEAN OpenAsSelf
,
5348 OUT PHANDLE TokenHandle
5351 #if (VER_PRODUCTBUILD >= 2195)
5356 ZwPowerInformation (
5357 IN POWER_INFORMATION_LEVEL PowerInformationLevel
,
5358 IN PVOID InputBuffer OPTIONAL
,
5359 IN ULONG InputBufferLength
,
5360 OUT PVOID OutputBuffer OPTIONAL
,
5361 IN ULONG OutputBufferLength
5364 #endif /* (VER_PRODUCTBUILD >= 2195) */
5370 IN HANDLE EventHandle
,
5371 OUT PLONG PreviousState OPTIONAL
5377 ZwQueryDefaultLocale (
5378 IN BOOLEAN ThreadOrSystem
,
5385 ZwQueryDirectoryFile (
5386 IN HANDLE FileHandle
,
5387 IN HANDLE Event OPTIONAL
,
5388 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
5389 IN PVOID ApcContext OPTIONAL
,
5390 OUT PIO_STATUS_BLOCK IoStatusBlock
,
5391 OUT PVOID FileInformation
,
5393 IN FILE_INFORMATION_CLASS FileInformationClass
,
5394 IN BOOLEAN ReturnSingleEntry
,
5395 IN PUNICODE_STRING FileName OPTIONAL
,
5396 IN BOOLEAN RestartScan
5399 #if (VER_PRODUCTBUILD >= 2195)
5404 ZwQueryDirectoryObject (
5405 IN HANDLE DirectoryHandle
,
5408 IN BOOLEAN ReturnSingleEntry
,
5409 IN BOOLEAN RestartScan
,
5410 IN OUT PULONG Context
,
5411 OUT PULONG ReturnLength OPTIONAL
5418 IN HANDLE FileHandle
,
5419 OUT PIO_STATUS_BLOCK IoStatusBlock
,
5422 IN BOOLEAN ReturnSingleEntry
,
5423 IN PVOID EaList OPTIONAL
,
5424 IN ULONG EaListLength
,
5425 IN PULONG EaIndex OPTIONAL
,
5426 IN BOOLEAN RestartScan
5429 #endif /* (VER_PRODUCTBUILD >= 2195) */
5434 ZwQueryInformationProcess (
5435 IN HANDLE ProcessHandle
,
5436 IN PROCESSINFOCLASS ProcessInformationClass
,
5437 OUT PVOID ProcessInformation
,
5438 IN ULONG ProcessInformationLength
,
5439 OUT PULONG ReturnLength OPTIONAL
5445 ZwQueryInformationToken (
5446 IN HANDLE TokenHandle
,
5447 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
5448 OUT PVOID TokenInformation
,
5450 OUT PULONG ResultLength
5456 ZwQuerySecurityObject (
5457 IN HANDLE FileHandle
,
5458 IN SECURITY_INFORMATION SecurityInformation
,
5459 OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
5461 OUT PULONG ResultLength
5467 ZwQueryVolumeInformationFile (
5468 IN HANDLE FileHandle
,
5469 OUT PIO_STATUS_BLOCK IoStatusBlock
,
5470 OUT PVOID FsInformation
,
5472 IN FS_INFORMATION_CLASS FsInformationClass
5479 IN POBJECT_ATTRIBUTES NewFileObjectAttributes
,
5480 IN HANDLE KeyHandle
,
5481 IN POBJECT_ATTRIBUTES OldFileObjectAttributes
5488 IN HANDLE EventHandle
,
5489 OUT PLONG PreviousState OPTIONAL
5492 #if (VER_PRODUCTBUILD >= 2195)
5498 IN HANDLE KeyHandle
,
5499 IN HANDLE FileHandle
,
5503 #endif /* (VER_PRODUCTBUILD >= 2195) */
5509 IN HANDLE KeyHandle
,
5510 IN HANDLE FileHandle
5516 ZwSetDefaultLocale (
5517 IN BOOLEAN ThreadOrSystem
,
5521 #if (VER_PRODUCTBUILD >= 2195)
5526 ZwSetDefaultUILanguage (
5527 IN LANGID LanguageId
5534 IN HANDLE FileHandle
,
5535 OUT PIO_STATUS_BLOCK IoStatusBlock
,
5540 #endif /* (VER_PRODUCTBUILD >= 2195) */
5546 IN HANDLE EventHandle
,
5547 OUT PLONG PreviousState OPTIONAL
5553 ZwSetInformationProcess (
5554 IN HANDLE ProcessHandle
,
5555 IN PROCESSINFOCLASS ProcessInformationClass
,
5556 IN PVOID ProcessInformation
,
5557 IN ULONG ProcessInformationLength
5560 #if (VER_PRODUCTBUILD >= 2195)
5565 ZwSetSecurityObject (
5567 IN SECURITY_INFORMATION SecurityInformation
,
5568 IN PSECURITY_DESCRIPTOR SecurityDescriptor
5571 #endif /* (VER_PRODUCTBUILD >= 2195) */
5577 IN PLARGE_INTEGER NewTime
,
5578 OUT PLARGE_INTEGER OldTime OPTIONAL
5581 #if (VER_PRODUCTBUILD >= 2195)
5586 ZwSetVolumeInformationFile (
5587 IN HANDLE FileHandle
,
5588 OUT PIO_STATUS_BLOCK IoStatusBlock
,
5589 IN PVOID FsInformation
,
5591 IN FS_INFORMATION_CLASS FsInformationClass
5594 #endif /* (VER_PRODUCTBUILD >= 2195) */
5599 ZwTerminateProcess (
5600 IN HANDLE ProcessHandle OPTIONAL
,
5601 IN NTSTATUS ExitStatus
5608 /* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" */
5609 IN PUNICODE_STRING RegistryPath
5616 IN POBJECT_ATTRIBUTES KeyObjectAttributes
5622 ZwWaitForSingleObject (
5624 IN BOOLEAN Alertable
,
5625 IN PLARGE_INTEGER Timeout OPTIONAL
5631 ZwWaitForMultipleObjects (
5632 IN ULONG HandleCount
,
5634 IN WAIT_TYPE WaitType
,
5635 IN BOOLEAN Alertable
,
5636 IN PLARGE_INTEGER Timeout OPTIONAL
5652 #endif /* _NTIFS_ */
projects / reactos.git / blob