4 * Windows NT Filesystem Driver Developer Kit
6 * This file is part of the w32api package.
9 * Created by Bo Brantén <bosse@acc.umu.se>
11 * THIS SOFTWARE IS NOT COPYRIGHTED
13 * This source code is offered for use in the public domain. You may
14 * use, modify or distribute it freely.
16 * This code is distributed in the hope that it will be useful but
17 * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
18 * DISCLAIMED. This includes but is not limited to warranties of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
28 /* HACKHACKHACK!!! We shouldn't include this header from ntoskrnl! */
31 #define NTKERNELAPI DECLSPEC_IMPORT
36 #define _NTIFS_INCLUDED_
43 #ifndef VER_PRODUCTBUILD
44 #define VER_PRODUCTBUILD 10000
51 #define EX_PUSH_LOCK ULONG_PTR
52 #define PEX_PUSH_LOCK PULONG_PTR
56 #define FlagOn(_F,_SF) ((_F) & (_SF))
60 #define BooleanFlagOn(F,SF) ((BOOLEAN)(((F) & (SF)) != 0))
64 #define SetFlag(_F,_SF) ((_F) |= (_SF))
68 #define ClearFlag(_F,_SF) ((_F) &= ~(_SF))
74 extern PUCHAR FsRtlLegalAnsiCharacterArray
;
76 extern DECLSPEC_IMPORT PUCHAR FsRtlLegalAnsiCharacterArray
;
78 extern PACL SePublicDefaultDacl
;
79 extern PACL SeSystemDefaultDacl
;
81 extern KSPIN_LOCK IoStatisticsLock
;
82 extern ULONG IoReadOperationCount
;
83 extern ULONG IoWriteOperationCount
;
84 extern ULONG IoOtherOperationCount
;
85 extern LARGE_INTEGER IoReadTransferCount
;
86 extern LARGE_INTEGER IoWriteTransferCount
;
87 extern LARGE_INTEGER IoOtherTransferCount
;
89 typedef STRING LSA_STRING
, *PLSA_STRING
;
90 typedef ULONG LSA_OPERATIONAL_MODE
, *PLSA_OPERATIONAL_MODE
;
92 typedef enum _SECURITY_LOGON_TYPE
94 UndefinedLogonType
= 0,
103 #if (_WIN32_WINNT >= 0x0501)
107 #if (_WIN32_WINNT >= 0x0502)
108 CachedRemoteInteractive
,
111 } SECURITY_LOGON_TYPE
, *PSECURITY_LOGON_TYPE
;
113 #define ANSI_DOS_STAR ('<')
114 #define ANSI_DOS_QM ('>')
115 #define ANSI_DOS_DOT ('"')
117 #define DOS_STAR (L'<')
118 #define DOS_QM (L'>')
119 #define DOS_DOT (L'"')
121 /* also in winnt.h */
122 #define ACCESS_MIN_MS_ACE_TYPE (0x0)
123 #define ACCESS_ALLOWED_ACE_TYPE (0x0)
124 #define ACCESS_DENIED_ACE_TYPE (0x1)
125 #define SYSTEM_AUDIT_ACE_TYPE (0x2)
126 #define SYSTEM_ALARM_ACE_TYPE (0x3)
127 #define ACCESS_MAX_MS_V2_ACE_TYPE (0x3)
128 #define ACCESS_ALLOWED_COMPOUND_ACE_TYPE (0x4)
129 #define ACCESS_MAX_MS_V3_ACE_TYPE (0x4)
130 #define ACCESS_MIN_MS_OBJECT_ACE_TYPE (0x5)
131 #define ACCESS_ALLOWED_OBJECT_ACE_TYPE (0x5)
132 #define ACCESS_DENIED_OBJECT_ACE_TYPE (0x6)
133 #define SYSTEM_AUDIT_OBJECT_ACE_TYPE (0x7)
134 #define SYSTEM_ALARM_OBJECT_ACE_TYPE (0x8)
135 #define ACCESS_MAX_MS_OBJECT_ACE_TYPE (0x8)
136 #define ACCESS_MAX_MS_V4_ACE_TYPE (0x8)
137 #define ACCESS_MAX_MS_ACE_TYPE (0x8)
138 #define ACCESS_ALLOWED_CALLBACK_ACE_TYPE (0x9)
139 #define ACCESS_DENIED_CALLBACK_ACE_TYPE (0xA)
140 #define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE (0xB)
141 #define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE (0xC)
142 #define SYSTEM_AUDIT_CALLBACK_ACE_TYPE (0xD)
143 #define SYSTEM_ALARM_CALLBACK_ACE_TYPE (0xE)
144 #define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE (0xF)
145 #define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE (0x10)
146 #define ACCESS_MAX_MS_V5_ACE_TYPE (0x10)
148 #define COMPRESSION_FORMAT_NONE (0x0000)
149 #define COMPRESSION_FORMAT_DEFAULT (0x0001)
150 #define COMPRESSION_FORMAT_LZNT1 (0x0002)
151 #define COMPRESSION_ENGINE_STANDARD (0x0000)
152 #define COMPRESSION_ENGINE_MAXIMUM (0x0100)
153 #define COMPRESSION_ENGINE_HIBER (0x0200)
155 #define FILE_ACTION_ADDED 0x00000001
156 #define FILE_ACTION_REMOVED 0x00000002
157 #define FILE_ACTION_MODIFIED 0x00000003
158 #define FILE_ACTION_RENAMED_OLD_NAME 0x00000004
159 #define FILE_ACTION_RENAMED_NEW_NAME 0x00000005
160 #define FILE_ACTION_ADDED_STREAM 0x00000006
161 #define FILE_ACTION_REMOVED_STREAM 0x00000007
162 #define FILE_ACTION_MODIFIED_STREAM 0x00000008
163 #define FILE_ACTION_REMOVED_BY_DELETE 0x00000009
164 #define FILE_ACTION_ID_NOT_TUNNELLED 0x0000000A
165 #define FILE_ACTION_TUNNELLED_ID_COLLISION 0x0000000B
168 #define FILE_EA_TYPE_BINARY 0xfffe
169 #define FILE_EA_TYPE_ASCII 0xfffd
170 #define FILE_EA_TYPE_BITMAP 0xfffb
171 #define FILE_EA_TYPE_METAFILE 0xfffa
172 #define FILE_EA_TYPE_ICON 0xfff9
173 #define FILE_EA_TYPE_EA 0xffee
174 #define FILE_EA_TYPE_MVMT 0xffdf
175 #define FILE_EA_TYPE_MVST 0xffde
176 #define FILE_EA_TYPE_ASN1 0xffdd
177 #define FILE_EA_TYPE_FAMILY_IDS 0xff01
179 #define FILE_NEED_EA 0x00000080
181 /* also in winnt.h */
182 #define FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001
183 #define FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002
184 #define FILE_NOTIFY_CHANGE_NAME 0x00000003
185 #define FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004
186 #define FILE_NOTIFY_CHANGE_SIZE 0x00000008
187 #define FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010
188 #define FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020
189 #define FILE_NOTIFY_CHANGE_CREATION 0x00000040
190 #define FILE_NOTIFY_CHANGE_EA 0x00000080
191 #define FILE_NOTIFY_CHANGE_SECURITY 0x00000100
192 #define FILE_NOTIFY_CHANGE_STREAM_NAME 0x00000200
193 #define FILE_NOTIFY_CHANGE_STREAM_SIZE 0x00000400
194 #define FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800
195 #define FILE_NOTIFY_VALID_MASK 0x00000fff
198 #define FILE_OPLOCK_BROKEN_TO_LEVEL_2 0x00000007
199 #define FILE_OPLOCK_BROKEN_TO_NONE 0x00000008
201 #define FILE_OPBATCH_BREAK_UNDERWAY 0x00000009
203 #define FILE_CASE_SENSITIVE_SEARCH 0x00000001
204 #define FILE_CASE_PRESERVED_NAMES 0x00000002
205 #define FILE_UNICODE_ON_DISK 0x00000004
206 #define FILE_PERSISTENT_ACLS 0x00000008
207 #define FILE_FILE_COMPRESSION 0x00000010
208 #define FILE_VOLUME_QUOTAS 0x00000020
209 #define FILE_SUPPORTS_SPARSE_FILES 0x00000040
210 #define FILE_SUPPORTS_REPARSE_POINTS 0x00000080
211 #define FILE_SUPPORTS_REMOTE_STORAGE 0x00000100
212 #define FS_LFN_APIS 0x00004000
213 #define FILE_VOLUME_IS_COMPRESSED 0x00008000
214 #define FILE_SUPPORTS_OBJECT_IDS 0x00010000
215 #define FILE_SUPPORTS_ENCRYPTION 0x00020000
216 #define FILE_NAMED_STREAMS 0x00040000
217 #define FILE_READ_ONLY_VOLUME 0x00080000
218 #define FILE_SEQUENTIAL_WRITE_ONCE 0x00100000
219 #define FILE_SUPPORTS_TRANSACTIONS 0x00200000
221 #define FILE_PIPE_BYTE_STREAM_TYPE 0x00000000
222 #define FILE_PIPE_MESSAGE_TYPE 0x00000001
224 #define FILE_PIPE_BYTE_STREAM_MODE 0x00000000
225 #define FILE_PIPE_MESSAGE_MODE 0x00000001
227 #define FILE_PIPE_QUEUE_OPERATION 0x00000000
228 #define FILE_PIPE_COMPLETE_OPERATION 0x00000001
230 #define FILE_PIPE_INBOUND 0x00000000
231 #define FILE_PIPE_OUTBOUND 0x00000001
232 #define FILE_PIPE_FULL_DUPLEX 0x00000002
234 #define FILE_PIPE_DISCONNECTED_STATE 0x00000001
235 #define FILE_PIPE_LISTENING_STATE 0x00000002
236 #define FILE_PIPE_CONNECTED_STATE 0x00000003
237 #define FILE_PIPE_CLOSING_STATE 0x00000004
239 #define FILE_PIPE_CLIENT_END 0x00000000
240 #define FILE_PIPE_SERVER_END 0x00000001
242 #define FILE_PIPE_READ_DATA 0x00000000
243 #define FILE_PIPE_WRITE_SPACE 0x00000001
245 #define FILE_STORAGE_TYPE_SPECIFIED 0x00000041 /* FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE */
246 #define FILE_STORAGE_TYPE_DEFAULT (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT)
247 #define FILE_STORAGE_TYPE_DIRECTORY (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT)
248 #define FILE_STORAGE_TYPE_FILE (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT)
249 #define FILE_STORAGE_TYPE_DOCFILE (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT)
250 #define FILE_STORAGE_TYPE_JUNCTION_POINT (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT)
251 #define FILE_STORAGE_TYPE_CATALOG (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT)
252 #define FILE_STORAGE_TYPE_STRUCTURED_STORAGE (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT)
253 #define FILE_STORAGE_TYPE_EMBEDDING (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT)
254 #define FILE_STORAGE_TYPE_STREAM (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT)
255 #define FILE_MINIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_DEFAULT
256 #define FILE_MAXIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_STREAM
257 #define FILE_STORAGE_TYPE_MASK 0x000f0000
258 #define FILE_STORAGE_TYPE_SHIFT 16
260 #define FILE_VC_QUOTA_NONE 0x00000000
261 #define FILE_VC_QUOTA_TRACK 0x00000001
262 #define FILE_VC_QUOTA_ENFORCE 0x00000002
263 #define FILE_VC_QUOTA_MASK 0x00000003
265 #define FILE_VC_QUOTAS_LOG_VIOLATIONS 0x00000004
266 #define FILE_VC_CONTENT_INDEX_DISABLED 0x00000008
268 #define FILE_VC_LOG_QUOTA_THRESHOLD 0x00000010
269 #define FILE_VC_LOG_QUOTA_LIMIT 0x00000020
270 #define FILE_VC_LOG_VOLUME_THRESHOLD 0x00000040
271 #define FILE_VC_LOG_VOLUME_LIMIT 0x00000080
273 #define FILE_VC_QUOTAS_INCOMPLETE 0x00000100
274 #define FILE_VC_QUOTAS_REBUILDING 0x00000200
276 #define FILE_VC_VALID_MASK 0x000003ff
278 #define FSRTL_FLAG_FILE_MODIFIED (0x01)
279 #define FSRTL_FLAG_FILE_LENGTH_CHANGED (0x02)
280 #define FSRTL_FLAG_LIMIT_MODIFIED_PAGES (0x04)
281 #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_EX (0x08)
282 #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_SH (0x10)
283 #define FSRTL_FLAG_USER_MAPPED_FILE (0x20)
284 #define FSRTL_FLAG_ADVANCED_HEADER (0x40)
285 #define FSRTL_FLAG_EOF_ADVANCE_ACTIVE (0x80)
287 #define FSRTL_FLAG2_DO_MODIFIED_WRITE (0x01)
288 #define FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS (0x02)
289 #define FSRTL_FLAG2_PURGE_WHEN_MAPPED (0x04)
290 #define FSRTL_FLAG2_IS_PAGING_FILE (0x08)
292 #define FSRTL_FSP_TOP_LEVEL_IRP (0x01)
293 #define FSRTL_CACHE_TOP_LEVEL_IRP (0x02)
294 #define FSRTL_MOD_WRITE_TOP_LEVEL_IRP (0x03)
295 #define FSRTL_FAST_IO_TOP_LEVEL_IRP (0x04)
296 #define FSRTL_MAX_TOP_LEVEL_IRP_FLAG (0x04)
298 #define FSRTL_VOLUME_DISMOUNT 1
299 #define FSRTL_VOLUME_DISMOUNT_FAILED 2
300 #define FSRTL_VOLUME_LOCK 3
301 #define FSRTL_VOLUME_LOCK_FAILED 4
302 #define FSRTL_VOLUME_UNLOCK 5
303 #define FSRTL_VOLUME_MOUNT 6
305 #define FSRTL_WILD_CHARACTER 0x08
307 #define FSRTL_FAT_LEGAL 0x01
308 #define FSRTL_HPFS_LEGAL 0x02
309 #define FSRTL_NTFS_LEGAL 0x04
310 #define FSRTL_WILD_CHARACTER 0x08
311 #define FSRTL_OLE_LEGAL 0x10
312 #define FSRTL_NTFS_STREAM_LEGAL 0x14
315 #define HARDWARE_PTE HARDWARE_PTE_X86
316 #define PHARDWARE_PTE PHARDWARE_PTE_X86
319 #define IO_CHECK_CREATE_PARAMETERS 0x0200
320 #define IO_ATTACH_DEVICE 0x0400
322 #define IO_ATTACH_DEVICE_API 0x80000000
324 #define IO_FILE_OBJECT_NON_PAGED_POOL_CHARGE 64
325 #define IO_FILE_OBJECT_PAGED_POOL_CHARGE 1024
327 #define IO_TYPE_APC 18
328 #define IO_TYPE_DPC 19
329 #define IO_TYPE_DEVICE_QUEUE 20
330 #define IO_TYPE_EVENT_PAIR 21
331 #define IO_TYPE_INTERRUPT 22
332 #define IO_TYPE_PROFILE 23
334 #define IRP_BEING_VERIFIED 0x10
336 #define MAILSLOT_CLASS_FIRSTCLASS 1
337 #define MAILSLOT_CLASS_SECONDCLASS 2
339 #define MAILSLOT_SIZE_AUTO 0
341 #define MAP_PROCESS 1L
342 #define MAP_SYSTEM 2L
343 #define MEM_DOS_LIM 0x40000000
345 #define MCB_FLAG_RAISE_ON_ALLOCATION_FAILURE 1
347 #define OB_TYPE_TYPE 1
348 #define OB_TYPE_DIRECTORY 2
349 #define OB_TYPE_SYMBOLIC_LINK 3
350 #define OB_TYPE_TOKEN 4
351 #define OB_TYPE_PROCESS 5
352 #define OB_TYPE_THREAD 6
353 #define OB_TYPE_EVENT 7
354 #define OB_TYPE_EVENT_PAIR 8
355 #define OB_TYPE_MUTANT 9
356 #define OB_TYPE_SEMAPHORE 10
357 #define OB_TYPE_TIMER 11
358 #define OB_TYPE_PROFILE 12
359 #define OB_TYPE_WINDOW_STATION 13
360 #define OB_TYPE_DESKTOP 14
361 #define OB_TYPE_SECTION 15
362 #define OB_TYPE_KEY 16
363 #define OB_TYPE_PORT 17
364 #define OB_TYPE_ADAPTER 18
365 #define OB_TYPE_CONTROLLER 19
366 #define OB_TYPE_DEVICE 20
367 #define OB_TYPE_DRIVER 21
368 #define OB_TYPE_IO_COMPLETION 22
369 #define OB_TYPE_FILE 23
372 #define PIN_EXCLUSIVE (2)
373 #define PIN_NO_READ (4)
374 #define PIN_IF_BCB (8)
376 #define RTL_DUPLICATE_UNICODE_STRING_NULL_TERMINATE 1
377 #define RTL_DUPLICATE_UNICODE_STRING_ALLOCATE_NULL_STRING 2
379 #define SEC_BASED 0x00200000
381 #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
382 #define SECURITY_WORLD_RID (0x00000000L)
384 #define SID_REVISION 1
385 #define SID_MAX_SUB_AUTHORITIES 15
386 #define SID_RECOMMENDED_SUB_AUTHORITIES 1
388 #define TOKEN_ASSIGN_PRIMARY (0x0001)
389 #define TOKEN_DUPLICATE (0x0002)
390 #define TOKEN_IMPERSONATE (0x0004)
391 #define TOKEN_QUERY (0x0008)
392 #define TOKEN_QUERY_SOURCE (0x0010)
393 #define TOKEN_ADJUST_PRIVILEGES (0x0020)
394 #define TOKEN_ADJUST_GROUPS (0x0040)
395 #define TOKEN_ADJUST_DEFAULT (0x0080)
396 #define TOKEN_ADJUST_SESSIONID (0x0100)
398 #define TOKEN_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED |\
399 TOKEN_ASSIGN_PRIMARY |\
403 TOKEN_QUERY_SOURCE |\
404 TOKEN_ADJUST_PRIVILEGES |\
405 TOKEN_ADJUST_GROUPS |\
406 TOKEN_ADJUST_DEFAULT |\
407 TOKEN_ADJUST_SESSIONID)
409 #define TOKEN_READ (STANDARD_RIGHTS_READ |\
412 #define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\
413 TOKEN_ADJUST_PRIVILEGES |\
414 TOKEN_ADJUST_GROUPS |\
415 TOKEN_ADJUST_DEFAULT)
417 #define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE)
419 #define TOKEN_SOURCE_LENGTH 8
422 #define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x01
423 #define TOKEN_HAS_BACKUP_PRIVILEGE 0x02
424 #define TOKEN_HAS_RESTORE_PRIVILEGE 0x04
425 #define TOKEN_HAS_ADMIN_GROUP 0x08
426 #define TOKEN_WRITE_RESTRICTED 0x08
427 #define TOKEN_IS_RESTRICTED 0x10
428 #define SE_BACKUP_PRIVILEGES_CHECKED 0x0100
430 #define VACB_MAPPING_GRANULARITY (0x40000)
431 #define VACB_OFFSET_SHIFT (18)
433 #define SE_OWNER_DEFAULTED 0x0001
434 #define SE_GROUP_DEFAULTED 0x0002
435 #define SE_DACL_PRESENT 0x0004
436 #define SE_DACL_DEFAULTED 0x0008
437 #define SE_SACL_PRESENT 0x0010
438 #define SE_SACL_DEFAULTED 0x0020
439 #define SE_DACL_UNTRUSTED 0x0040
440 #define SE_SERVER_SECURITY 0x0080
441 #define SE_DACL_AUTO_INHERIT_REQ 0x0100
442 #define SE_SACL_AUTO_INHERIT_REQ 0x0200
443 #define SE_DACL_AUTO_INHERITED 0x0400
444 #define SE_SACL_AUTO_INHERITED 0x0800
445 #define SE_DACL_PROTECTED 0x1000
446 #define SE_SACL_PROTECTED 0x2000
447 #define SE_RM_CONTROL_VALID 0x4000
448 #define SE_SELF_RELATIVE 0x8000
451 #define _AUDIT_EVENT_TYPE_HACK 0
453 #if (_AUDIT_EVENT_TYPE_HACK == 1)
456 typedef enum _AUDIT_EVENT_TYPE
458 AuditEventObjectAccess
,
459 AuditEventDirectoryServiceAccess
460 } AUDIT_EVENT_TYPE
, *PAUDIT_EVENT_TYPE
;
463 #define AUDIT_ALLOW_NO_PRIVILEGE 0x1
465 #define FSCTL_REQUEST_OPLOCK_LEVEL_1 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
466 #define FSCTL_REQUEST_OPLOCK_LEVEL_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
467 #define FSCTL_REQUEST_BATCH_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
468 #define FSCTL_OPLOCK_BREAK_ACKNOWLEDGE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 3, METHOD_BUFFERED, FILE_ANY_ACCESS)
469 #define FSCTL_OPBATCH_ACK_CLOSE_PENDING CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
470 #define FSCTL_OPLOCK_BREAK_NOTIFY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 5, METHOD_BUFFERED, FILE_ANY_ACCESS)
471 #define FSCTL_LOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
472 #define FSCTL_UNLOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
473 #define FSCTL_DISMOUNT_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
475 #define FSCTL_IS_VOLUME_MOUNTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 10, METHOD_BUFFERED, FILE_ANY_ACCESS)
476 #define FSCTL_IS_PATHNAME_VALID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 11, METHOD_BUFFERED, FILE_ANY_ACCESS)
477 #define FSCTL_MARK_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 12, METHOD_BUFFERED, FILE_ANY_ACCESS)
479 #define FSCTL_QUERY_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 14, METHOD_NEITHER, FILE_ANY_ACCESS)
480 #define FSCTL_GET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 15, METHOD_BUFFERED, FILE_ANY_ACCESS)
481 #define FSCTL_SET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 16, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
484 #define FSCTL_MARK_AS_SYSTEM_HIVE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 19, METHOD_NEITHER, FILE_ANY_ACCESS)
485 #define FSCTL_OPLOCK_BREAK_ACK_NO_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 20, METHOD_BUFFERED, FILE_ANY_ACCESS)
486 #define FSCTL_INVALIDATE_VOLUMES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 21, METHOD_BUFFERED, FILE_ANY_ACCESS)
487 #define FSCTL_QUERY_FAT_BPB CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 22, METHOD_BUFFERED, FILE_ANY_ACCESS)
488 #define FSCTL_REQUEST_FILTER_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 23, METHOD_BUFFERED, FILE_ANY_ACCESS)
489 #define FSCTL_FILESYSTEM_GET_STATISTICS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 24, METHOD_BUFFERED, FILE_ANY_ACCESS)
491 #if (VER_PRODUCTBUILD >= 1381)
493 #define FSCTL_GET_NTFS_VOLUME_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 25, METHOD_BUFFERED, FILE_ANY_ACCESS)
494 #define FSCTL_GET_NTFS_FILE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 26, METHOD_BUFFERED, FILE_ANY_ACCESS)
495 #define FSCTL_GET_VOLUME_BITMAP CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 27, METHOD_NEITHER, FILE_ANY_ACCESS)
496 #define FSCTL_GET_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 28, METHOD_NEITHER, FILE_ANY_ACCESS)
497 #define FSCTL_MOVE_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 29, METHOD_BUFFERED, FILE_ANY_ACCESS)
498 #define FSCTL_IS_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 30, METHOD_BUFFERED, FILE_ANY_ACCESS)
499 #define FSCTL_GET_HFS_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS)
500 #define FSCTL_ALLOW_EXTENDED_DASD_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 32, METHOD_NEITHER, FILE_ANY_ACCESS)
502 #endif /* (VER_PRODUCTBUILD >= 1381) */
504 #if (VER_PRODUCTBUILD >= 2195)
506 #define FSCTL_READ_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS)
507 #define FSCTL_WRITE_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS)
508 #define FSCTL_FIND_FILES_BY_SID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 35, METHOD_NEITHER, FILE_ANY_ACCESS)
510 #define FSCTL_DUMP_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS)
511 #define FSCTL_SET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 38, METHOD_BUFFERED, FILE_WRITE_DATA)
512 #define FSCTL_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 39, METHOD_BUFFERED, FILE_ANY_ACCESS)
513 #define FSCTL_DELETE_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 40, METHOD_BUFFERED, FILE_WRITE_DATA)
514 #define FSCTL_SET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 41, METHOD_BUFFERED, FILE_WRITE_DATA)
515 #define FSCTL_GET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 42, METHOD_BUFFERED, FILE_ANY_ACCESS)
516 #define FSCTL_DELETE_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 43, METHOD_BUFFERED, FILE_WRITE_DATA)
517 #define FSCTL_ENUM_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 44, METHOD_NEITHER, FILE_READ_DATA)
518 #define FSCTL_SECURITY_ID_CHECK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 45, METHOD_NEITHER, FILE_READ_DATA)
519 #define FSCTL_READ_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 46, METHOD_NEITHER, FILE_READ_DATA)
520 #define FSCTL_SET_OBJECT_ID_EXTENDED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 47, METHOD_BUFFERED, FILE_WRITE_DATA)
521 #define FSCTL_CREATE_OR_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 48, METHOD_BUFFERED, FILE_ANY_ACCESS)
522 #define FSCTL_SET_SPARSE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 49, METHOD_BUFFERED, FILE_WRITE_DATA)
523 #define FSCTL_SET_ZERO_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 50, METHOD_BUFFERED, FILE_WRITE_DATA)
524 #define FSCTL_QUERY_ALLOCATED_RANGES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 51, METHOD_NEITHER, FILE_READ_DATA)
525 #define FSCTL_ENABLE_UPGRADE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 52, METHOD_BUFFERED, FILE_WRITE_DATA)
526 #define FSCTL_SET_ENCRYPTION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 53, METHOD_BUFFERED, FILE_ANY_ACCESS)
527 #define FSCTL_ENCRYPTION_FSCTL_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 54, METHOD_NEITHER, FILE_ANY_ACCESS)
528 #define FSCTL_WRITE_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 55, METHOD_NEITHER, FILE_ANY_ACCESS)
529 #define FSCTL_READ_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 56, METHOD_NEITHER, FILE_ANY_ACCESS)
530 #define FSCTL_CREATE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 57, METHOD_NEITHER, FILE_READ_DATA)
531 #define FSCTL_READ_FILE_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 58, METHOD_NEITHER, FILE_READ_DATA)
532 #define FSCTL_WRITE_USN_CLOSE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 59, METHOD_NEITHER, FILE_READ_DATA)
533 #define FSCTL_EXTEND_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 60, METHOD_BUFFERED, FILE_ANY_ACCESS)
534 #define FSCTL_QUERY_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 61, METHOD_BUFFERED, FILE_ANY_ACCESS)
535 #define FSCTL_DELETE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 62, METHOD_BUFFERED, FILE_ANY_ACCESS)
536 #define FSCTL_MARK_HANDLE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 63, METHOD_BUFFERED, FILE_ANY_ACCESS)
537 #define FSCTL_SIS_COPYFILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 64, METHOD_BUFFERED, FILE_ANY_ACCESS)
538 #define FSCTL_SIS_LINK_FILES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 65, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
539 #define FSCTL_HSM_MSG CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
540 #define FSCTL_NSS_CONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 67, METHOD_BUFFERED, FILE_WRITE_DATA)
541 #define FSCTL_HSM_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
542 #define FSCTL_RECALL_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 69, METHOD_NEITHER, FILE_ANY_ACCESS)
543 #define FSCTL_NSS_RCONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 70, METHOD_BUFFERED, FILE_READ_DATA)
544 #define FSCTL_READ_FROM_PLEX CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 71, METHOD_OUT_DIRECT, FILE_READ_DATA)
545 #define FSCTL_FILE_PREFETCH CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 72, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
547 #endif /* (VER_PRODUCTBUILD >= 2195) */
549 #define FSCTL_MAILSLOT_PEEK CTL_CODE(FILE_DEVICE_MAILSLOT, 0, METHOD_NEITHER, FILE_READ_DATA)
551 #define FSCTL_NETWORK_SET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
552 #define FSCTL_NETWORK_GET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
553 #define FSCTL_NETWORK_GET_CONNECTION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS)
554 #define FSCTL_NETWORK_ENUMERATE_CONNECTIONS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS)
555 #define FSCTL_NETWORK_DELETE_CONNECTION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS)
556 #define FSCTL_NETWORK_GET_STATISTICS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 116, METHOD_BUFFERED, FILE_ANY_ACCESS)
557 #define FSCTL_NETWORK_SET_DOMAIN_NAME CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS)
558 #define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS)
560 #define FSCTL_PIPE_ASSIGN_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
561 #define FSCTL_PIPE_DISCONNECT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
562 #define FSCTL_PIPE_LISTEN CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
563 #define FSCTL_PIPE_PEEK CTL_CODE(FILE_DEVICE_NAMED_PIPE, 3, METHOD_BUFFERED, FILE_READ_DATA)
564 #define FSCTL_PIPE_QUERY_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
565 #define FSCTL_PIPE_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 5, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
566 #define FSCTL_PIPE_WAIT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
567 #define FSCTL_PIPE_IMPERSONATE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
568 #define FSCTL_PIPE_SET_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
569 #define FSCTL_PIPE_QUERY_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 9, METHOD_BUFFERED, FILE_ANY_ACCESS)
570 #define FSCTL_PIPE_INTERNAL_READ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2045, METHOD_BUFFERED, FILE_READ_DATA)
571 #define FSCTL_PIPE_INTERNAL_WRITE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2046, METHOD_BUFFERED, FILE_WRITE_DATA)
572 #define FSCTL_PIPE_INTERNAL_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2047, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
573 #define FSCTL_PIPE_INTERNAL_READ_OVFLOW CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2048, METHOD_BUFFERED, FILE_READ_DATA)
575 #define IOCTL_REDIR_QUERY_PATH CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS)
577 typedef PVOID OPLOCK
, *POPLOCK
;
582 struct _RTL_AVL_TABLE
;
583 struct _RTL_GENERIC_TABLE
;
591 typedef PVOID PNOTIFY_SYNC
;
593 typedef enum _FAST_IO_POSSIBLE
{
599 typedef enum _FILE_STORAGE_TYPE
{
600 StorageTypeDefault
= 1,
601 StorageTypeDirectory
,
603 StorageTypeJunctionPoint
,
605 StorageTypeStructuredStorage
,
606 StorageTypeEmbedding
,
610 typedef enum _OBJECT_INFORMATION_CLASS
612 ObjectBasicInformation
,
613 ObjectNameInformation
,
614 ObjectTypeInformation
,
615 ObjectTypesInformation
,
616 ObjectHandleFlagInformation
,
617 ObjectSessionInformation
,
619 } OBJECT_INFORMATION_CLASS
;
621 typedef struct _OBJECT_BASIC_INFORMATION
624 ACCESS_MASK GrantedAccess
;
627 ULONG PagedPoolCharge
;
628 ULONG NonPagedPoolCharge
;
632 ULONG SecurityDescriptorSize
;
633 LARGE_INTEGER CreationTime
;
634 } OBJECT_BASIC_INFORMATION
, *POBJECT_BASIC_INFORMATION
;
636 typedef struct _KAPC_STATE
{
637 LIST_ENTRY ApcListHead
[2];
639 BOOLEAN KernelApcInProgress
;
640 BOOLEAN KernelApcPending
;
641 BOOLEAN UserApcPending
;
642 } KAPC_STATE
, *PKAPC_STATE
, *RESTRICTED_POINTER PRKAPC_STATE
;
643 #define KAPC_STATE_ACTUAL_LENGTH (FIELD_OFFSET(KAPC_STATE, UserApcPending) + sizeof(BOOLEAN))
645 typedef struct _BITMAP_RANGE
{
648 ULONG FirstDirtyPage
;
652 } BITMAP_RANGE
, *PBITMAP_RANGE
;
654 typedef struct _CACHE_UNINITIALIZE_EVENT
{
655 struct _CACHE_UNINITIALIZE_EVENT
*Next
;
657 } CACHE_UNINITIALIZE_EVENT
, *PCACHE_UNINITIALIZE_EVENT
;
659 typedef struct _CC_FILE_SIZES
{
660 LARGE_INTEGER AllocationSize
;
661 LARGE_INTEGER FileSize
;
662 LARGE_INTEGER ValidDataLength
;
663 } CC_FILE_SIZES
, *PCC_FILE_SIZES
;
665 typedef struct _COMPRESSED_DATA_INFO
{
666 USHORT CompressionFormatAndEngine
;
667 UCHAR CompressionUnitShift
;
671 USHORT NumberOfChunks
;
672 ULONG CompressedChunkSizes
[ANYSIZE_ARRAY
];
673 } COMPRESSED_DATA_INFO
, *PCOMPRESSED_DATA_INFO
;
675 typedef struct _SID_IDENTIFIER_AUTHORITY
{
677 } SID_IDENTIFIER_AUTHORITY
,*PSID_IDENTIFIER_AUTHORITY
,*LPSID_IDENTIFIER_AUTHORITY
;
679 typedef struct _SID
{
681 UCHAR SubAuthorityCount
;
682 SID_IDENTIFIER_AUTHORITY IdentifierAuthority
;
683 ULONG SubAuthority
[ANYSIZE_ARRAY
];
685 typedef struct _SID_AND_ATTRIBUTES
{
688 } SID_AND_ATTRIBUTES
, *PSID_AND_ATTRIBUTES
;
689 typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY
[ANYSIZE_ARRAY
];
690 typedef SID_AND_ATTRIBUTES_ARRAY
*PSID_AND_ATTRIBUTES_ARRAY
;
695 // Universal well-known SIDs
697 #define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0}
698 #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
699 #define SECURITY_LOCAL_SID_AUTHORITY {0,0,0,0,0,2}
700 #define SECURITY_CREATOR_SID_AUTHORITY {0,0,0,0,0,3}
701 #define SECURITY_NON_UNIQUE_AUTHORITY {0,0,0,0,0,4}
702 #define SECURITY_RESOURCE_MANAGER_AUTHORITY {0,0,0,0,0,9}
704 #define SECURITY_NULL_RID (0x00000000L)
705 #define SECURITY_WORLD_RID (0x00000000L)
706 #define SECURITY_LOCAL_RID (0x00000000L)
708 #define SECURITY_CREATOR_OWNER_RID (0x00000000L)
709 #define SECURITY_CREATOR_GROUP_RID (0x00000001L)
711 #define SECURITY_CREATOR_OWNER_SERVER_RID (0x00000002L)
712 #define SECURITY_CREATOR_GROUP_SERVER_RID (0x00000003L)
714 #define SECURITY_CREATOR_OWNER_RIGHTS_RID (0x00000004L)
719 // NT well-known SIDs
721 #define SECURITY_NT_AUTHORITY {0,0,0,0,0,5}
723 #define SECURITY_DIALUP_RID (0x00000001L)
724 #define SECURITY_NETWORK_RID (0x00000002L)
725 #define SECURITY_BATCH_RID (0x00000003L)
726 #define SECURITY_INTERACTIVE_RID (0x00000004L)
727 #define SECURITY_LOGON_IDS_RID (0x00000005L)
728 #define SECURITY_LOGON_IDS_RID_COUNT (3L)
729 #define SECURITY_SERVICE_RID (0x00000006L)
730 #define SECURITY_ANONYMOUS_LOGON_RID (0x00000007L)
731 #define SECURITY_PROXY_RID (0x00000008L)
732 #define SECURITY_ENTERPRISE_CONTROLLERS_RID (0x00000009L)
733 #define SECURITY_SERVER_LOGON_RID SECURITY_ENTERPRISE_CONTROLLERS_RID
734 #define SECURITY_PRINCIPAL_SELF_RID (0x0000000AL)
735 #define SECURITY_AUTHENTICATED_USER_RID (0x0000000BL)
736 #define SECURITY_RESTRICTED_CODE_RID (0x0000000CL)
737 #define SECURITY_TERMINAL_SERVER_RID (0x0000000DL)
738 #define SECURITY_REMOTE_LOGON_RID (0x0000000EL)
739 #define SECURITY_THIS_ORGANIZATION_RID (0x0000000FL)
740 #define SECURITY_IUSER_RID (0x00000011L)
741 #define SECURITY_LOCAL_SYSTEM_RID (0x00000012L)
742 #define SECURITY_LOCAL_SERVICE_RID (0x00000013L)
743 #define SECURITY_NETWORK_SERVICE_RID (0x00000014L)
745 #define SECURITY_NT_NON_UNIQUE (0x00000015L)
746 #define SECURITY_NT_NON_UNIQUE_SUB_AUTH_COUNT (3L)
748 #define SECURITY_ENTERPRISE_READONLY_CONTROLLERS_RID (0x00000016L)
750 #define SECURITY_BUILTIN_DOMAIN_RID (0x00000020L)
751 #define SECURITY_WRITE_RESTRICTED_CODE_RID (0x00000021L)
754 #define SECURITY_PACKAGE_BASE_RID (0x00000040L)
755 #define SECURITY_PACKAGE_RID_COUNT (2L)
756 #define SECURITY_PACKAGE_NTLM_RID (0x0000000AL)
757 #define SECURITY_PACKAGE_SCHANNEL_RID (0x0000000EL)
758 #define SECURITY_PACKAGE_DIGEST_RID (0x00000015L)
760 #define SECURITY_MIN_BASE_RID (0x00000050L)
762 #define SECURITY_SERVICE_ID_BASE_RID (0x00000050L)
763 #define SECURITY_SERVICE_ID_RID_COUNT (6L)
765 #define SECURITY_RESERVED_ID_BASE_RID (0x00000051L)
767 #define SECURITY_APPPOOL_ID_BASE_RID (0x00000052L)
768 #define SECURITY_APPPOOL_ID_RID_COUNT (6L)
770 #define SECURITY_VIRTUALSERVER_ID_BASE_RID (0x00000053L)
771 #define SECURITY_VIRTUALSERVER_ID_RID_COUNT (6L)
773 #define SECURITY_MAX_BASE_RID (0x0000006FL)
775 #define SECURITY_MAX_ALWAYS_FILTERED (0x000003E7L)
776 #define SECURITY_MIN_NEVER_FILTERED (0x000003E8L)
778 #define SECURITY_OTHER_ORGANIZATION_RID (0x000003E8L)
783 // Well-known domain relative sub-authority values (RIDs)
785 #define DOMAIN_GROUP_RID_ENTERPRISE_READONLY_DOMAIN_CONTROLLERS (0x000001F2L)
787 #define FOREST_USER_RID_MAX (0x000001F3L)
792 #define DOMAIN_USER_RID_ADMIN (0x000001F4L)
793 #define DOMAIN_USER_RID_GUEST (0x000001F5L)
794 #define DOMAIN_USER_RID_KRBTGT (0x000001F6L)
796 #define DOMAIN_USER_RID_MAX (0x000003E7L)
801 #define DOMAIN_GROUP_RID_ADMINS (0x00000200L)
802 #define DOMAIN_GROUP_RID_USERS (0x00000201L)
803 #define DOMAIN_GROUP_RID_GUESTS (0x00000202L)
804 #define DOMAIN_GROUP_RID_COMPUTERS (0x00000203L)
805 #define DOMAIN_GROUP_RID_CONTROLLERS (0x00000204L)
806 #define DOMAIN_GROUP_RID_CERT_ADMINS (0x00000205L)
807 #define DOMAIN_GROUP_RID_SCHEMA_ADMINS (0x00000206L)
808 #define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS (0x00000207L)
809 #define DOMAIN_GROUP_RID_POLICY_ADMINS (0x00000208L)
810 #define DOMAIN_GROUP_RID_READONLY_CONTROLLERS (0x00000209L)
813 // Well-known aliases
815 #define DOMAIN_ALIAS_RID_ADMINS (0x00000220L)
816 #define DOMAIN_ALIAS_RID_USERS (0x00000221L)
817 #define DOMAIN_ALIAS_RID_GUESTS (0x00000222L)
818 #define DOMAIN_ALIAS_RID_POWER_USERS (0x00000223L)
820 #define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L)
821 #define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x00000225L)
822 #define DOMAIN_ALIAS_RID_PRINT_OPS (0x00000226L)
823 #define DOMAIN_ALIAS_RID_BACKUP_OPS (0x00000227L)
825 #define DOMAIN_ALIAS_RID_REPLICATOR (0x00000228L)
826 #define DOMAIN_ALIAS_RID_RAS_SERVERS (0x00000229L)
827 #define DOMAIN_ALIAS_RID_PREW2KCOMPACCESS (0x0000022AL)
828 #define DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS (0x0000022BL)
829 #define DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS (0x0000022CL)
830 #define DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS (0x0000022DL)
832 #define DOMAIN_ALIAS_RID_MONITORING_USERS (0x0000022EL)
833 #define DOMAIN_ALIAS_RID_LOGGING_USERS (0x0000022FL)
834 #define DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS (0x00000230L)
835 #define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS (0x00000231L)
836 #define DOMAIN_ALIAS_RID_DCOM_USERS (0x00000232L)
837 #define DOMAIN_ALIAS_RID_IUSERS (0x00000238L)
838 #define DOMAIN_ALIAS_RID_CRYPTO_OPERATORS (0x00000239L)
839 #define DOMAIN_ALIAS_RID_CACHEABLE_PRINCIPALS_GROUP (0x0000023BL)
840 #define DOMAIN_ALIAS_RID_NON_CACHEABLE_PRINCIPALS_GROUP (0x0000023CL)
841 #define DOMAIN_ALIAS_RID_EVENT_LOG_READERS_GROUP (0x0000023DL)
842 #define DOMAIN_ALIAS_RID_CERTSVC_DCOM_ACCESS_GROUP (0x0000023EL)
845 #define SECURITY_MANDATORY_LABEL_AUTHORITY {0,0,0,0,0,16}
846 #define SECURITY_MANDATORY_UNTRUSTED_RID (0x00000000L)
847 #define SECURITY_MANDATORY_LOW_RID (0x00001000L)
848 #define SECURITY_MANDATORY_MEDIUM_RID (0x00002000L)
849 #define SECURITY_MANDATORY_HIGH_RID (0x00003000L)
850 #define SECURITY_MANDATORY_SYSTEM_RID (0x00004000L)
851 #define SECURITY_MANDATORY_PROTECTED_PROCESS_RID (0x00005000L)
854 // SECURITY_MANDATORY_MAXIMUM_USER_RID is the highest RID that
855 // can be set by a usermode caller.
857 #define SECURITY_MANDATORY_MAXIMUM_USER_RID SECURITY_MANDATORY_SYSTEM_RID
859 #define MANDATORY_LEVEL_TO_MANDATORY_RID(IL) (IL * 0x1000)
862 // Allocate the System Luid. The first 1000 LUIDs are reserved.
863 // Use #999 here (0x3e7 = 999)
865 #define SYSTEM_LUID { 0x3e7, 0x0 }
866 #define ANONYMOUS_LOGON_LUID { 0x3e6, 0x0 }
867 #define LOCALSERVICE_LUID { 0x3e5, 0x0 }
868 #define NETWORKSERVICE_LUID { 0x3e4, 0x0 }
869 #define IUSER_LUID { 0x3e3, 0x0 }
873 typedef struct _TOKEN_SOURCE
{
874 CHAR SourceName
[TOKEN_SOURCE_LENGTH
];
875 LUID SourceIdentifier
;
876 } TOKEN_SOURCE
,*PTOKEN_SOURCE
;
877 typedef struct _TOKEN_CONTROL
{
879 LUID AuthenticationId
;
881 TOKEN_SOURCE TokenSource
;
882 } TOKEN_CONTROL
,*PTOKEN_CONTROL
;
883 typedef struct _TOKEN_DEFAULT_DACL
{
885 } TOKEN_DEFAULT_DACL
,*PTOKEN_DEFAULT_DACL
;
886 typedef struct _TOKEN_GROUPS
{
888 SID_AND_ATTRIBUTES Groups
[ANYSIZE_ARRAY
];
889 } TOKEN_GROUPS
,*PTOKEN_GROUPS
,*LPTOKEN_GROUPS
;
890 typedef struct _TOKEN_GROUPS_AND_PRIVILEGES
{
893 PSID_AND_ATTRIBUTES Sids
;
894 ULONG RestrictedSidCount
;
895 ULONG RestrictedSidLength
;
896 PSID_AND_ATTRIBUTES RestrictedSids
;
897 ULONG PrivilegeCount
;
898 ULONG PrivilegeLength
;
899 PLUID_AND_ATTRIBUTES Privileges
;
900 LUID AuthenticationId
;
901 } TOKEN_GROUPS_AND_PRIVILEGES
, *PTOKEN_GROUPS_AND_PRIVILEGES
;
902 typedef struct _TOKEN_ORIGIN
{
903 LUID OriginatingLogonSession
;
904 } TOKEN_ORIGIN
, *PTOKEN_ORIGIN
;
905 typedef struct _TOKEN_OWNER
{
907 } TOKEN_OWNER
,*PTOKEN_OWNER
;
908 typedef struct _TOKEN_PRIMARY_GROUP
{
910 } TOKEN_PRIMARY_GROUP
,*PTOKEN_PRIMARY_GROUP
;
911 typedef struct _TOKEN_PRIVILEGES
{
912 ULONG PrivilegeCount
;
913 LUID_AND_ATTRIBUTES Privileges
[ANYSIZE_ARRAY
];
914 } TOKEN_PRIVILEGES
,*PTOKEN_PRIVILEGES
,*LPTOKEN_PRIVILEGES
;
915 typedef enum tagTOKEN_TYPE
{
918 } TOKEN_TYPE
,*PTOKEN_TYPE
;
919 typedef struct _TOKEN_STATISTICS
{
921 LUID AuthenticationId
;
922 LARGE_INTEGER ExpirationTime
;
923 TOKEN_TYPE TokenType
;
924 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
;
925 ULONG DynamicCharged
;
926 ULONG DynamicAvailable
;
928 ULONG PrivilegeCount
;
930 } TOKEN_STATISTICS
, *PTOKEN_STATISTICS
;
931 typedef struct _TOKEN_USER
{
932 SID_AND_ATTRIBUTES User
;
933 } TOKEN_USER
, *PTOKEN_USER
;
934 typedef USHORT SECURITY_DESCRIPTOR_CONTROL
,*PSECURITY_DESCRIPTOR_CONTROL
;
935 typedef struct _SECURITY_DESCRIPTOR
{
938 SECURITY_DESCRIPTOR_CONTROL Control
;
943 } SECURITY_DESCRIPTOR
, *PISECURITY_DESCRIPTOR
;
945 #define SECURITY_DESCRIPTOR_MIN_LENGTH (sizeof(SECURITY_DESCRIPTOR))
947 typedef struct _OBJECT_TYPE_LIST
{
951 } OBJECT_TYPE_LIST
, *POBJECT_TYPE_LIST
;
953 typedef struct _SECURITY_DESCRIPTOR_RELATIVE
{
956 SECURITY_DESCRIPTOR_CONTROL Control
;
961 } SECURITY_DESCRIPTOR_RELATIVE
, *PISECURITY_DESCRIPTOR_RELATIVE
;
962 typedef enum _TOKEN_INFORMATION_CLASS
{
963 TokenUser
=1,TokenGroups
,TokenPrivileges
,TokenOwner
,
964 TokenPrimaryGroup
,TokenDefaultDacl
,TokenSource
,TokenType
,
965 TokenImpersonationLevel
,TokenStatistics
,TokenRestrictedSids
,
966 TokenSessionId
,TokenGroupsAndPrivileges
,TokenSessionReference
,
967 TokenSandBoxInert
,TokenAuditPolicy
,TokenOrigin
,
968 } TOKEN_INFORMATION_CLASS
;
970 #define SYMLINK_FLAG_RELATIVE 1
972 typedef struct _REPARSE_DATA_BUFFER
{
974 USHORT ReparseDataLength
;
978 USHORT SubstituteNameOffset
;
979 USHORT SubstituteNameLength
;
980 USHORT PrintNameOffset
;
981 USHORT PrintNameLength
;
984 } SymbolicLinkReparseBuffer
;
986 USHORT SubstituteNameOffset
;
987 USHORT SubstituteNameLength
;
988 USHORT PrintNameOffset
;
989 USHORT PrintNameLength
;
991 } MountPointReparseBuffer
;
994 } GenericReparseBuffer
;
996 } REPARSE_DATA_BUFFER
, *PREPARSE_DATA_BUFFER
;
1001 // MicroSoft reparse point tags
1003 #define IO_REPARSE_TAG_MOUNT_POINT (0xA0000003L)
1004 #define IO_REPARSE_TAG_HSM (0xC0000004L)
1005 #define IO_REPARSE_TAG_DRIVE_EXTENDER (0x80000005L)
1006 #define IO_REPARSE_TAG_HSM2 (0x80000006L)
1007 #define IO_REPARSE_TAG_SIS (0x80000007L)
1008 #define IO_REPARSE_TAG_DFS (0x8000000AL)
1009 #define IO_REPARSE_TAG_FILTER_MANAGER (0x8000000BL)
1010 #define IO_REPARSE_TAG_SYMLINK (0xA000000CL)
1011 #define IO_REPARSE_TAG_IIS_CACHE (0xA0000010L)
1012 #define IO_REPARSE_TAG_DFSR (0x80000012L)
1015 // Reserved reparse tags
1017 #define IO_REPARSE_TAG_RESERVED_ZERO (0)
1018 #define IO_REPARSE_TAG_RESERVED_ONE (1)
1019 #define IO_REPARSE_TAG_RESERVED_RANGE IO_REPARSE_TAG_RESERVED_ONE
1022 #define REPARSE_DATA_BUFFER_HEADER_SIZE FIELD_OFFSET(REPARSE_DATA_BUFFER, GenericReparseBuffer)
1024 typedef struct _FILE_ACCESS_INFORMATION
{
1025 ACCESS_MASK AccessFlags
;
1026 } FILE_ACCESS_INFORMATION
, *PFILE_ACCESS_INFORMATION
;
1028 typedef struct _FILE_ALLOCATION_INFORMATION
{
1029 LARGE_INTEGER AllocationSize
;
1030 } FILE_ALLOCATION_INFORMATION
, *PFILE_ALLOCATION_INFORMATION
;
1032 typedef struct _FILE_BOTH_DIR_INFORMATION
{
1033 ULONG NextEntryOffset
;
1035 LARGE_INTEGER CreationTime
;
1036 LARGE_INTEGER LastAccessTime
;
1037 LARGE_INTEGER LastWriteTime
;
1038 LARGE_INTEGER ChangeTime
;
1039 LARGE_INTEGER EndOfFile
;
1040 LARGE_INTEGER AllocationSize
;
1041 ULONG FileAttributes
;
1042 ULONG FileNameLength
;
1044 CCHAR ShortNameLength
;
1045 WCHAR ShortName
[12];
1047 } FILE_BOTH_DIR_INFORMATION
, *PFILE_BOTH_DIR_INFORMATION
;
1049 typedef struct _FILE_COMPLETION_INFORMATION
{
1052 } FILE_COMPLETION_INFORMATION
, *PFILE_COMPLETION_INFORMATION
;
1054 typedef struct _FILE_COMPRESSION_INFORMATION
{
1055 LARGE_INTEGER CompressedFileSize
;
1056 USHORT CompressionFormat
;
1057 UCHAR CompressionUnitShift
;
1061 } FILE_COMPRESSION_INFORMATION
, *PFILE_COMPRESSION_INFORMATION
;
1063 typedef struct _FILE_COPY_ON_WRITE_INFORMATION
{
1064 BOOLEAN ReplaceIfExists
;
1065 HANDLE RootDirectory
;
1066 ULONG FileNameLength
;
1068 } FILE_COPY_ON_WRITE_INFORMATION
, *PFILE_COPY_ON_WRITE_INFORMATION
;
1070 typedef struct _FILE_DIRECTORY_INFORMATION
{
1071 ULONG NextEntryOffset
;
1073 LARGE_INTEGER CreationTime
;
1074 LARGE_INTEGER LastAccessTime
;
1075 LARGE_INTEGER LastWriteTime
;
1076 LARGE_INTEGER ChangeTime
;
1077 LARGE_INTEGER EndOfFile
;
1078 LARGE_INTEGER AllocationSize
;
1079 ULONG FileAttributes
;
1080 ULONG FileNameLength
;
1082 } FILE_DIRECTORY_INFORMATION
, *PFILE_DIRECTORY_INFORMATION
;
1084 typedef struct _FILE_FULL_DIRECTORY_INFORMATION
{
1085 ULONG NextEntryOffset
;
1087 LARGE_INTEGER CreationTime
;
1088 LARGE_INTEGER LastAccessTime
;
1089 LARGE_INTEGER LastWriteTime
;
1090 LARGE_INTEGER ChangeTime
;
1091 LARGE_INTEGER EndOfFile
;
1092 LARGE_INTEGER AllocationSize
;
1093 ULONG FileAttributes
;
1094 ULONG FileNameLength
;
1097 } FILE_FULL_DIRECTORY_INFORMATION
, *PFILE_FULL_DIRECTORY_INFORMATION
;
1099 typedef struct _FILE_ID_FULL_DIR_INFORMATION
{
1100 ULONG NextEntryOffset
;
1102 LARGE_INTEGER CreationTime
;
1103 LARGE_INTEGER LastAccessTime
;
1104 LARGE_INTEGER LastWriteTime
;
1105 LARGE_INTEGER ChangeTime
;
1106 LARGE_INTEGER EndOfFile
;
1107 LARGE_INTEGER AllocationSize
;
1108 ULONG FileAttributes
;
1109 ULONG FileNameLength
;
1111 LARGE_INTEGER FileId
;
1113 } FILE_ID_FULL_DIR_INFORMATION
, *PFILE_ID_FULL_DIR_INFORMATION
;
1115 typedef struct _FILE_ID_BOTH_DIR_INFORMATION
{
1116 ULONG NextEntryOffset
;
1118 LARGE_INTEGER CreationTime
;
1119 LARGE_INTEGER LastAccessTime
;
1120 LARGE_INTEGER LastWriteTime
;
1121 LARGE_INTEGER ChangeTime
;
1122 LARGE_INTEGER EndOfFile
;
1123 LARGE_INTEGER AllocationSize
;
1124 ULONG FileAttributes
;
1125 ULONG FileNameLength
;
1127 CCHAR ShortNameLength
;
1128 WCHAR ShortName
[12];
1129 LARGE_INTEGER FileId
;
1131 } FILE_ID_BOTH_DIR_INFORMATION
, *PFILE_ID_BOTH_DIR_INFORMATION
;
1133 typedef struct _FILE_EA_INFORMATION
{
1135 } FILE_EA_INFORMATION
, *PFILE_EA_INFORMATION
;
1137 typedef struct _FILE_FS_ATTRIBUTE_INFORMATION
{
1138 ULONG FileSystemAttributes
;
1139 ULONG MaximumComponentNameLength
;
1140 ULONG FileSystemNameLength
;
1141 WCHAR FileSystemName
[1];
1142 } FILE_FS_ATTRIBUTE_INFORMATION
, *PFILE_FS_ATTRIBUTE_INFORMATION
;
1144 typedef struct _FILE_FS_CONTROL_INFORMATION
{
1145 LARGE_INTEGER FreeSpaceStartFiltering
;
1146 LARGE_INTEGER FreeSpaceThreshold
;
1147 LARGE_INTEGER FreeSpaceStopFiltering
;
1148 LARGE_INTEGER DefaultQuotaThreshold
;
1149 LARGE_INTEGER DefaultQuotaLimit
;
1150 ULONG FileSystemControlFlags
;
1151 } FILE_FS_CONTROL_INFORMATION
, *PFILE_FS_CONTROL_INFORMATION
;
1153 typedef struct _FILE_FS_FULL_SIZE_INFORMATION
{
1154 LARGE_INTEGER TotalAllocationUnits
;
1155 LARGE_INTEGER CallerAvailableAllocationUnits
;
1156 LARGE_INTEGER ActualAvailableAllocationUnits
;
1157 ULONG SectorsPerAllocationUnit
;
1158 ULONG BytesPerSector
;
1159 } FILE_FS_FULL_SIZE_INFORMATION
, *PFILE_FS_FULL_SIZE_INFORMATION
;
1161 typedef struct _FILE_FS_LABEL_INFORMATION
{
1162 ULONG VolumeLabelLength
;
1163 WCHAR VolumeLabel
[1];
1164 } FILE_FS_LABEL_INFORMATION
, *PFILE_FS_LABEL_INFORMATION
;
1166 #if (VER_PRODUCTBUILD >= 2195)
1168 typedef struct _FILE_FS_OBJECT_ID_INFORMATION
{
1170 UCHAR ExtendedInfo
[48];
1171 } FILE_FS_OBJECT_ID_INFORMATION
, *PFILE_FS_OBJECT_ID_INFORMATION
;
1173 #endif /* (VER_PRODUCTBUILD >= 2195) */
1175 typedef struct _FILE_FS_SIZE_INFORMATION
{
1176 LARGE_INTEGER TotalAllocationUnits
;
1177 LARGE_INTEGER AvailableAllocationUnits
;
1178 ULONG SectorsPerAllocationUnit
;
1179 ULONG BytesPerSector
;
1180 } FILE_FS_SIZE_INFORMATION
, *PFILE_FS_SIZE_INFORMATION
;
1182 typedef struct _FILE_FS_VOLUME_INFORMATION
{
1183 LARGE_INTEGER VolumeCreationTime
;
1184 ULONG VolumeSerialNumber
;
1185 ULONG VolumeLabelLength
;
1186 BOOLEAN SupportsObjects
;
1187 WCHAR VolumeLabel
[1];
1188 } FILE_FS_VOLUME_INFORMATION
, *PFILE_FS_VOLUME_INFORMATION
;
1190 typedef struct _FILE_FS_OBJECTID_INFORMATION
1193 UCHAR ExtendedInfo
[48];
1194 } FILE_FS_OBJECTID_INFORMATION
, *PFILE_FS_OBJECTID_INFORMATION
;
1196 typedef struct _FILE_FS_DRIVER_PATH_INFORMATION
1198 BOOLEAN DriverInPath
;
1199 ULONG DriverNameLength
;
1200 WCHAR DriverName
[1];
1201 } FILE_FS_DRIVER_PATH_INFORMATION
, *PFILE_FS_DRIVER_PATH_INFORMATION
;
1203 typedef struct _FILE_FULL_DIR_INFORMATION
{
1204 ULONG NextEntryOffset
;
1206 LARGE_INTEGER CreationTime
;
1207 LARGE_INTEGER LastAccessTime
;
1208 LARGE_INTEGER LastWriteTime
;
1209 LARGE_INTEGER ChangeTime
;
1210 LARGE_INTEGER EndOfFile
;
1211 LARGE_INTEGER AllocationSize
;
1212 ULONG FileAttributes
;
1213 ULONG FileNameLength
;
1216 } FILE_FULL_DIR_INFORMATION
, *PFILE_FULL_DIR_INFORMATION
;
1218 typedef struct _FILE_GET_EA_INFORMATION
{
1219 ULONG NextEntryOffset
;
1222 } FILE_GET_EA_INFORMATION
, *PFILE_GET_EA_INFORMATION
;
1224 typedef struct _FILE_GET_QUOTA_INFORMATION
{
1225 ULONG NextEntryOffset
;
1228 } FILE_GET_QUOTA_INFORMATION
, *PFILE_GET_QUOTA_INFORMATION
;
1230 typedef struct _FILE_QUOTA_INFORMATION
1232 ULONG NextEntryOffset
;
1234 LARGE_INTEGER ChangeTime
;
1235 LARGE_INTEGER QuotaUsed
;
1236 LARGE_INTEGER QuotaThreshold
;
1237 LARGE_INTEGER QuotaLimit
;
1239 } FILE_QUOTA_INFORMATION
, *PFILE_QUOTA_INFORMATION
;
1241 typedef struct _FILE_INTERNAL_INFORMATION
{
1242 LARGE_INTEGER IndexNumber
;
1243 } FILE_INTERNAL_INFORMATION
, *PFILE_INTERNAL_INFORMATION
;
1245 typedef struct _FILE_LINK_INFORMATION
{
1246 BOOLEAN ReplaceIfExists
;
1247 HANDLE RootDirectory
;
1248 ULONG FileNameLength
;
1250 } FILE_LINK_INFORMATION
, *PFILE_LINK_INFORMATION
;
1252 typedef struct _FILE_LOCK_INFO
1254 LARGE_INTEGER StartingByte
;
1255 LARGE_INTEGER Length
;
1256 BOOLEAN ExclusiveLock
;
1258 PFILE_OBJECT FileObject
;
1260 LARGE_INTEGER EndingByte
;
1261 } FILE_LOCK_INFO
, *PFILE_LOCK_INFO
;
1263 typedef struct _FILE_REPARSE_POINT_INFORMATION
1265 LONGLONG FileReference
;
1267 } FILE_REPARSE_POINT_INFORMATION
, *PFILE_REPARSE_POINT_INFORMATION
;
1269 typedef struct _FILE_MOVE_CLUSTER_INFORMATION
1272 HANDLE RootDirectory
;
1273 ULONG FileNameLength
;
1275 } FILE_MOVE_CLUSTER_INFORMATION
, *PFILE_MOVE_CLUSTER_INFORMATION
;
1277 /* raw internal file lock struct returned from FsRtlGetNextFileLock */
1278 typedef struct _FILE_SHARED_LOCK_ENTRY
{
1281 FILE_LOCK_INFO FileLock
;
1282 } FILE_SHARED_LOCK_ENTRY
, *PFILE_SHARED_LOCK_ENTRY
;
1284 /* raw internal file lock struct returned from FsRtlGetNextFileLock */
1285 typedef struct _FILE_EXCLUSIVE_LOCK_ENTRY
{
1286 LIST_ENTRY ListEntry
;
1289 FILE_LOCK_INFO FileLock
;
1290 } FILE_EXCLUSIVE_LOCK_ENTRY
, *PFILE_EXCLUSIVE_LOCK_ENTRY
;
1292 typedef NTSTATUS (NTAPI
*PCOMPLETE_LOCK_IRP_ROUTINE
) (
1297 typedef VOID (NTAPI
*PUNLOCK_ROUTINE
) (
1299 IN PFILE_LOCK_INFO FileLockInfo
1302 typedef struct _FILE_LOCK
{
1303 PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine
;
1304 PUNLOCK_ROUTINE UnlockRoutine
;
1305 BOOLEAN FastIoIsQuestionable
;
1307 PVOID LockInformation
;
1308 FILE_LOCK_INFO LastReturnedLockInfo
;
1309 PVOID LastReturnedLock
;
1310 } FILE_LOCK
, *PFILE_LOCK
;
1312 typedef struct _FILE_MAILSLOT_PEEK_BUFFER
{
1313 ULONG ReadDataAvailable
;
1314 ULONG NumberOfMessages
;
1315 ULONG MessageLength
;
1316 } FILE_MAILSLOT_PEEK_BUFFER
, *PFILE_MAILSLOT_PEEK_BUFFER
;
1318 typedef struct _FILE_MAILSLOT_QUERY_INFORMATION
{
1319 ULONG MaximumMessageSize
;
1320 ULONG MailslotQuota
;
1321 ULONG NextMessageSize
;
1322 ULONG MessagesAvailable
;
1323 LARGE_INTEGER ReadTimeout
;
1324 } FILE_MAILSLOT_QUERY_INFORMATION
, *PFILE_MAILSLOT_QUERY_INFORMATION
;
1326 typedef struct _FILE_MAILSLOT_SET_INFORMATION
{
1327 PLARGE_INTEGER ReadTimeout
;
1328 } FILE_MAILSLOT_SET_INFORMATION
, *PFILE_MAILSLOT_SET_INFORMATION
;
1330 typedef struct _FILE_MODE_INFORMATION
{
1332 } FILE_MODE_INFORMATION
, *PFILE_MODE_INFORMATION
;
1334 typedef struct _FILE_ALL_INFORMATION
{
1335 FILE_BASIC_INFORMATION BasicInformation
;
1336 FILE_STANDARD_INFORMATION StandardInformation
;
1337 FILE_INTERNAL_INFORMATION InternalInformation
;
1338 FILE_EA_INFORMATION EaInformation
;
1339 FILE_ACCESS_INFORMATION AccessInformation
;
1340 FILE_POSITION_INFORMATION PositionInformation
;
1341 FILE_MODE_INFORMATION ModeInformation
;
1342 FILE_ALIGNMENT_INFORMATION AlignmentInformation
;
1343 FILE_NAME_INFORMATION NameInformation
;
1344 } FILE_ALL_INFORMATION
, *PFILE_ALL_INFORMATION
;
1346 typedef struct _FILE_NAMES_INFORMATION
{
1347 ULONG NextEntryOffset
;
1349 ULONG FileNameLength
;
1351 } FILE_NAMES_INFORMATION
, *PFILE_NAMES_INFORMATION
;
1353 typedef struct _FILE_OBJECTID_INFORMATION
{
1354 LONGLONG FileReference
;
1356 _ANONYMOUS_UNION
union {
1358 UCHAR BirthVolumeId
[16];
1359 UCHAR BirthObjectId
[16];
1362 UCHAR ExtendedInfo
[48];
1364 } FILE_OBJECTID_INFORMATION
, *PFILE_OBJECTID_INFORMATION
;
1366 typedef struct _FILE_OLE_CLASSID_INFORMATION
{
1368 } FILE_OLE_CLASSID_INFORMATION
, *PFILE_OLE_CLASSID_INFORMATION
;
1370 typedef struct _FILE_OLE_ALL_INFORMATION
{
1371 FILE_BASIC_INFORMATION BasicInformation
;
1372 FILE_STANDARD_INFORMATION StandardInformation
;
1373 FILE_INTERNAL_INFORMATION InternalInformation
;
1374 FILE_EA_INFORMATION EaInformation
;
1375 FILE_ACCESS_INFORMATION AccessInformation
;
1376 FILE_POSITION_INFORMATION PositionInformation
;
1377 FILE_MODE_INFORMATION ModeInformation
;
1378 FILE_ALIGNMENT_INFORMATION AlignmentInformation
;
1381 LARGE_INTEGER SecurityChangeTime
;
1382 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation
;
1383 FILE_OBJECTID_INFORMATION ObjectIdInformation
;
1384 FILE_STORAGE_TYPE StorageType
;
1387 ULONG NumberOfStreamReferences
;
1390 BOOLEAN ContentIndexDisable
;
1391 BOOLEAN InheritContentIndexDisable
;
1392 FILE_NAME_INFORMATION NameInformation
;
1393 } FILE_OLE_ALL_INFORMATION
, *PFILE_OLE_ALL_INFORMATION
;
1395 typedef struct _FILE_OLE_DIR_INFORMATION
{
1396 ULONG NextEntryOffset
;
1398 LARGE_INTEGER CreationTime
;
1399 LARGE_INTEGER LastAccessTime
;
1400 LARGE_INTEGER LastWriteTime
;
1401 LARGE_INTEGER ChangeTime
;
1402 LARGE_INTEGER EndOfFile
;
1403 LARGE_INTEGER AllocationSize
;
1404 ULONG FileAttributes
;
1405 ULONG FileNameLength
;
1406 FILE_STORAGE_TYPE StorageType
;
1409 BOOLEAN ContentIndexDisable
;
1410 BOOLEAN InheritContentIndexDisable
;
1412 } FILE_OLE_DIR_INFORMATION
, *PFILE_OLE_DIR_INFORMATION
;
1414 typedef struct _FILE_OLE_INFORMATION
{
1415 LARGE_INTEGER SecurityChangeTime
;
1416 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation
;
1417 FILE_OBJECTID_INFORMATION ObjectIdInformation
;
1418 FILE_STORAGE_TYPE StorageType
;
1420 BOOLEAN ContentIndexDisable
;
1421 BOOLEAN InheritContentIndexDisable
;
1422 } FILE_OLE_INFORMATION
, *PFILE_OLE_INFORMATION
;
1424 typedef struct _FILE_OLE_STATE_BITS_INFORMATION
{
1426 ULONG StateBitsMask
;
1427 } FILE_OLE_STATE_BITS_INFORMATION
, *PFILE_OLE_STATE_BITS_INFORMATION
;
1429 typedef struct _FILE_PIPE_ASSIGN_EVENT_BUFFER
{
1432 } FILE_PIPE_ASSIGN_EVENT_BUFFER
, *PFILE_PIPE_ASSIGN_EVENT_BUFFER
;
1434 typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER
{
1435 PVOID ClientSession
;
1436 PVOID ClientProcess
;
1437 } FILE_PIPE_CLIENT_PROCESS_BUFFER
, *PFILE_PIPE_CLIENT_PROCESS_BUFFER
;
1439 typedef struct _FILE_PIPE_EVENT_BUFFER
{
1440 ULONG NamedPipeState
;
1444 ULONG NumberRequests
;
1445 } FILE_PIPE_EVENT_BUFFER
, *PFILE_PIPE_EVENT_BUFFER
;
1447 typedef struct _FILE_PIPE_PEEK_BUFFER
1449 ULONG NamedPipeState
;
1450 ULONG ReadDataAvailable
;
1451 ULONG NumberOfMessages
;
1452 ULONG MessageLength
;
1454 } FILE_PIPE_PEEK_BUFFER
, *PFILE_PIPE_PEEK_BUFFER
;
1456 typedef struct _FILE_PIPE_INFORMATION
{
1458 ULONG CompletionMode
;
1459 } FILE_PIPE_INFORMATION
, *PFILE_PIPE_INFORMATION
;
1461 typedef struct _FILE_PIPE_LOCAL_INFORMATION
{
1462 ULONG NamedPipeType
;
1463 ULONG NamedPipeConfiguration
;
1464 ULONG MaximumInstances
;
1465 ULONG CurrentInstances
;
1467 ULONG ReadDataAvailable
;
1468 ULONG OutboundQuota
;
1469 ULONG WriteQuotaAvailable
;
1470 ULONG NamedPipeState
;
1472 } FILE_PIPE_LOCAL_INFORMATION
, *PFILE_PIPE_LOCAL_INFORMATION
;
1474 typedef struct _FILE_PIPE_REMOTE_INFORMATION
{
1475 LARGE_INTEGER CollectDataTime
;
1476 ULONG MaximumCollectionCount
;
1477 } FILE_PIPE_REMOTE_INFORMATION
, *PFILE_PIPE_REMOTE_INFORMATION
;
1479 typedef struct _FILE_PIPE_WAIT_FOR_BUFFER
{
1480 LARGE_INTEGER Timeout
;
1482 BOOLEAN TimeoutSpecified
;
1484 } FILE_PIPE_WAIT_FOR_BUFFER
, *PFILE_PIPE_WAIT_FOR_BUFFER
;
1486 typedef struct _FILE_RENAME_INFORMATION
{
1487 BOOLEAN ReplaceIfExists
;
1488 HANDLE RootDirectory
;
1489 ULONG FileNameLength
;
1491 } FILE_RENAME_INFORMATION
, *PFILE_RENAME_INFORMATION
;
1493 typedef struct _FILE_STREAM_INFORMATION
{
1494 ULONG NextEntryOffset
;
1495 ULONG StreamNameLength
;
1496 LARGE_INTEGER StreamSize
;
1497 LARGE_INTEGER StreamAllocationSize
;
1498 WCHAR StreamName
[1];
1499 } FILE_STREAM_INFORMATION
, *PFILE_STREAM_INFORMATION
;
1501 typedef struct _FILE_TRACKING_INFORMATION
{
1502 HANDLE DestinationFile
;
1503 ULONG ObjectInformationLength
;
1504 CHAR ObjectInformation
[1];
1505 } FILE_TRACKING_INFORMATION
, *PFILE_TRACKING_INFORMATION
;
1507 #if (VER_PRODUCTBUILD >= 2195)
1508 typedef struct _FILE_ZERO_DATA_INFORMATION
{
1509 LARGE_INTEGER FileOffset
;
1510 LARGE_INTEGER BeyondFinalZero
;
1511 } FILE_ZERO_DATA_INFORMATION
, *PFILE_ZERO_DATA_INFORMATION
;
1513 typedef struct FILE_ALLOCATED_RANGE_BUFFER
{
1514 LARGE_INTEGER FileOffset
;
1515 LARGE_INTEGER Length
;
1516 } FILE_ALLOCATED_RANGE_BUFFER
, *PFILE_ALLOCATED_RANGE_BUFFER
;
1517 #endif /* (VER_PRODUCTBUILD >= 2195) */
1519 #define FSRTL_FCB_HEADER_V0 (0x00)
1520 #define FSRTL_FCB_HEADER_V1 (0x01)
1523 typedef struct _FSRTL_COMMON_FCB_HEADER
{
1524 CSHORT NodeTypeCode
;
1525 CSHORT NodeByteSize
;
1527 UCHAR IsFastIoPossible
;
1528 #if (VER_PRODUCTBUILD >= 1381)
1531 #endif /* (VER_PRODUCTBUILD >= 1381) */
1532 PERESOURCE Resource
;
1533 PERESOURCE PagingIoResource
;
1534 LARGE_INTEGER AllocationSize
;
1535 LARGE_INTEGER FileSize
;
1536 LARGE_INTEGER ValidDataLength
;
1537 } FSRTL_COMMON_FCB_HEADER
, *PFSRTL_COMMON_FCB_HEADER
;
1539 typedef enum _FSRTL_COMPARISON_RESULT
1544 } FSRTL_COMPARISON_RESULT
;
1546 #if (VER_PRODUCTBUILD >= 2600)
1548 typedef struct _FSRTL_ADVANCED_FCB_HEADER
{
1549 CSHORT NodeTypeCode
;
1550 CSHORT NodeByteSize
;
1552 UCHAR IsFastIoPossible
;
1556 PERESOURCE Resource
;
1557 PERESOURCE PagingIoResource
;
1558 LARGE_INTEGER AllocationSize
;
1559 LARGE_INTEGER FileSize
;
1560 LARGE_INTEGER ValidDataLength
;
1561 PFAST_MUTEX FastMutex
;
1562 LIST_ENTRY FilterContexts
;
1563 EX_PUSH_LOCK PushLock
;
1564 PVOID
*FileContextSupportPointer
;
1565 } FSRTL_ADVANCED_FCB_HEADER
, *PFSRTL_ADVANCED_FCB_HEADER
;
1567 typedef struct _FSRTL_PER_STREAM_CONTEXT
{
1571 PFREE_FUNCTION FreeCallback
;
1572 } FSRTL_PER_STREAM_CONTEXT
, *PFSRTL_PER_STREAM_CONTEXT
;
1574 typedef struct _FSRTL_PER_FILEOBJECT_CONTEXT
1579 } FSRTL_PER_FILEOBJECT_CONTEXT
, *PFSRTL_PER_FILEOBJECT_CONTEXT
;
1581 #endif /* (VER_PRODUCTBUILD >= 2600) */
1583 typedef struct _BASE_MCB
1585 ULONG MaximumPairCount
;
1590 } BASE_MCB
, *PBASE_MCB
;
1592 typedef struct _LARGE_MCB
1594 PKGUARDED_MUTEX GuardedMutex
;
1596 } LARGE_MCB
, *PLARGE_MCB
;
1600 LARGE_MCB DummyFieldThatSizesThisStructureCorrectly
;
1603 typedef struct _GENERATE_NAME_CONTEXT
{
1605 BOOLEAN CheckSumInserted
;
1607 WCHAR NameBuffer
[8];
1608 ULONG ExtensionLength
;
1609 WCHAR ExtensionBuffer
[4];
1610 ULONG LastIndexValue
;
1611 } GENERATE_NAME_CONTEXT
, *PGENERATE_NAME_CONTEXT
;
1613 typedef struct _MAPPING_PAIR
{
1616 } MAPPING_PAIR
, *PMAPPING_PAIR
;
1618 typedef struct _GET_RETRIEVAL_DESCRIPTOR
{
1619 ULONG NumberOfPairs
;
1621 MAPPING_PAIR Pair
[1];
1622 } GET_RETRIEVAL_DESCRIPTOR
, *PGET_RETRIEVAL_DESCRIPTOR
;
1624 typedef struct _KQUEUE
{
1625 DISPATCHER_HEADER Header
;
1626 LIST_ENTRY EntryListHead
;
1629 LIST_ENTRY ThreadListHead
;
1630 } KQUEUE
, *PKQUEUE
, *RESTRICTED_POINTER PRKQUEUE
;
1632 #define ASSERT_QUEUE(Q) ASSERT(((Q)->Header.Type & KOBJECT_TYPE_MASK) == QueueObject);
1634 typedef struct _MBCB
{
1635 CSHORT NodeTypeCode
;
1636 CSHORT NodeIsInZone
;
1640 LIST_ENTRY BitmapRanges
;
1641 LONGLONG ResumeWritePage
;
1642 BITMAP_RANGE BitmapRange1
;
1643 BITMAP_RANGE BitmapRange2
;
1644 BITMAP_RANGE BitmapRange3
;
1647 typedef struct _MOVEFILE_DESCRIPTOR
{
1650 LARGE_INTEGER StartVcn
;
1651 LARGE_INTEGER TargetLcn
;
1654 } MOVEFILE_DESCRIPTOR
, *PMOVEFILE_DESCRIPTOR
;
1656 typedef struct _OBJECT_BASIC_INFO
{
1658 ACCESS_MASK GrantedAccess
;
1660 ULONG ReferenceCount
;
1661 ULONG PagedPoolUsage
;
1662 ULONG NonPagedPoolUsage
;
1664 ULONG NameInformationLength
;
1665 ULONG TypeInformationLength
;
1666 ULONG SecurityDescriptorLength
;
1667 LARGE_INTEGER CreateTime
;
1668 } OBJECT_BASIC_INFO
, *POBJECT_BASIC_INFO
;
1670 typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFO
{
1672 BOOLEAN ProtectFromClose
;
1673 } OBJECT_HANDLE_ATTRIBUTE_INFO
, *POBJECT_HANDLE_ATTRIBUTE_INFO
;
1675 typedef struct _OBJECT_NAME_INFO
{
1676 UNICODE_STRING ObjectName
;
1677 WCHAR ObjectNameBuffer
[1];
1678 } OBJECT_NAME_INFO
, *POBJECT_NAME_INFO
;
1680 typedef struct _OBJECT_PROTECTION_INFO
{
1682 BOOLEAN ProtectHandle
;
1683 } OBJECT_PROTECTION_INFO
, *POBJECT_PROTECTION_INFO
;
1685 typedef struct _OBJECT_TYPE_INFO
{
1686 UNICODE_STRING ObjectTypeName
;
1687 UCHAR Unknown
[0x58];
1688 WCHAR ObjectTypeNameBuffer
[1];
1689 } OBJECT_TYPE_INFO
, *POBJECT_TYPE_INFO
;
1691 typedef struct _OBJECT_ALL_TYPES_INFO
{
1692 ULONG NumberOfObjectTypes
;
1693 OBJECT_TYPE_INFO ObjectsTypeInfo
[1];
1694 } OBJECT_ALL_TYPES_INFO
, *POBJECT_ALL_TYPES_INFO
;
1697 typedef struct _PATHNAME_BUFFER
{
1698 ULONG PathNameLength
;
1700 } PATHNAME_BUFFER
, *PPATHNAME_BUFFER
;
1702 typedef enum _RTL_GENERIC_COMPARE_RESULTS
1707 } RTL_GENERIC_COMPARE_RESULTS
;
1709 typedef enum _TABLE_SEARCH_RESULT
1715 } TABLE_SEARCH_RESULT
;
1718 (NTAPI
*PRTL_AVL_MATCH_FUNCTION
)(
1719 struct _RTL_AVL_TABLE
*Table
,
1724 typedef RTL_GENERIC_COMPARE_RESULTS
1725 (NTAPI
*PRTL_AVL_COMPARE_ROUTINE
) (
1726 struct _RTL_AVL_TABLE
*Table
,
1731 typedef RTL_GENERIC_COMPARE_RESULTS
1732 (NTAPI
*PRTL_GENERIC_COMPARE_ROUTINE
) (
1733 struct _RTL_GENERIC_TABLE
*Table
,
1739 (NTAPI
*PRTL_GENERIC_ALLOCATE_ROUTINE
) (
1740 struct _RTL_GENERIC_TABLE
*Table
,
1745 (NTAPI
*PRTL_GENERIC_FREE_ROUTINE
) (
1746 struct _RTL_GENERIC_TABLE
*Table
,
1751 (NTAPI
*PRTL_AVL_ALLOCATE_ROUTINE
) (
1752 struct _RTL_AVL_TABLE
*Table
,
1757 (NTAPI
*PRTL_AVL_FREE_ROUTINE
) (
1758 struct _RTL_AVL_TABLE
*Table
,
1762 typedef struct _PUBLIC_BCB
{
1763 CSHORT NodeTypeCode
;
1764 CSHORT NodeByteSize
;
1766 LARGE_INTEGER MappedFileOffset
;
1767 } PUBLIC_BCB
, *PPUBLIC_BCB
;
1769 typedef struct _QUERY_PATH_REQUEST
{
1770 ULONG PathNameLength
;
1771 PIO_SECURITY_CONTEXT SecurityContext
;
1772 WCHAR FilePathName
[1];
1773 } QUERY_PATH_REQUEST
, *PQUERY_PATH_REQUEST
;
1775 typedef struct _QUERY_PATH_RESPONSE
{
1776 ULONG LengthAccepted
;
1777 } QUERY_PATH_RESPONSE
, *PQUERY_PATH_RESPONSE
;
1779 typedef struct _RETRIEVAL_POINTERS_BUFFER
{
1781 LARGE_INTEGER StartingVcn
;
1783 LARGE_INTEGER NextVcn
;
1786 } RETRIEVAL_POINTERS_BUFFER
, *PRETRIEVAL_POINTERS_BUFFER
;
1788 typedef struct _RTL_SPLAY_LINKS
{
1789 struct _RTL_SPLAY_LINKS
*Parent
;
1790 struct _RTL_SPLAY_LINKS
*LeftChild
;
1791 struct _RTL_SPLAY_LINKS
*RightChild
;
1792 } RTL_SPLAY_LINKS
, *PRTL_SPLAY_LINKS
;
1794 typedef struct _RTL_BALANCED_LINKS
1796 struct _RTL_BALANCED_LINKS
*Parent
;
1797 struct _RTL_BALANCED_LINKS
*LeftChild
;
1798 struct _RTL_BALANCED_LINKS
*RightChild
;
1801 } RTL_BALANCED_LINKS
, *PRTL_BALANCED_LINKS
;
1803 typedef struct _RTL_GENERIC_TABLE
1805 PRTL_SPLAY_LINKS TableRoot
;
1806 LIST_ENTRY InsertOrderList
;
1807 PLIST_ENTRY OrderedPointer
;
1808 ULONG WhichOrderedElement
;
1809 ULONG NumberGenericTableElements
;
1810 PRTL_GENERIC_COMPARE_ROUTINE CompareRoutine
;
1811 PRTL_GENERIC_ALLOCATE_ROUTINE AllocateRoutine
;
1812 PRTL_GENERIC_FREE_ROUTINE FreeRoutine
;
1814 } RTL_GENERIC_TABLE
, *PRTL_GENERIC_TABLE
;
1816 typedef struct _UNICODE_PREFIX_TABLE_ENTRY
1818 CSHORT NodeTypeCode
;
1820 struct _UNICODE_PREFIX_TABLE_ENTRY
*NextPrefixTree
;
1821 struct _UNICODE_PREFIX_TABLE_ENTRY
*CaseMatch
;
1822 RTL_SPLAY_LINKS Links
;
1823 PUNICODE_STRING Prefix
;
1824 } UNICODE_PREFIX_TABLE_ENTRY
, *PUNICODE_PREFIX_TABLE_ENTRY
;
1826 typedef struct _UNICODE_PREFIX_TABLE
1828 CSHORT NodeTypeCode
;
1830 PUNICODE_PREFIX_TABLE_ENTRY NextPrefixTree
;
1831 PUNICODE_PREFIX_TABLE_ENTRY LastNextEntry
;
1832 } UNICODE_PREFIX_TABLE
, *PUNICODE_PREFIX_TABLE
;
1837 RtlInitializeUnicodePrefix (
1838 IN PUNICODE_PREFIX_TABLE PrefixTable
1844 RtlInsertUnicodePrefix (
1845 IN PUNICODE_PREFIX_TABLE PrefixTable
,
1846 IN PUNICODE_STRING Prefix
,
1847 IN PUNICODE_PREFIX_TABLE_ENTRY PrefixTableEntry
1853 RtlRemoveUnicodePrefix (
1854 IN PUNICODE_PREFIX_TABLE PrefixTable
,
1855 IN PUNICODE_PREFIX_TABLE_ENTRY PrefixTableEntry
1859 PUNICODE_PREFIX_TABLE_ENTRY
1861 RtlFindUnicodePrefix (
1862 IN PUNICODE_PREFIX_TABLE PrefixTable
,
1863 IN PUNICODE_STRING FullName
,
1864 IN ULONG CaseInsensitiveIndex
1868 PUNICODE_PREFIX_TABLE_ENTRY
1870 RtlNextUnicodePrefix (
1871 IN PUNICODE_PREFIX_TABLE PrefixTable
,
1875 #undef PRTL_GENERIC_COMPARE_ROUTINE
1876 #undef PRTL_GENERIC_ALLOCATE_ROUTINE
1877 #undef PRTL_GENERIC_FREE_ROUTINE
1878 #undef RTL_GENERIC_TABLE
1879 #undef PRTL_GENERIC_TABLE
1881 #define PRTL_GENERIC_COMPARE_ROUTINE PRTL_AVL_COMPARE_ROUTINE
1882 #define PRTL_GENERIC_ALLOCATE_ROUTINE PRTL_AVL_ALLOCATE_ROUTINE
1883 #define PRTL_GENERIC_FREE_ROUTINE PRTL_AVL_FREE_ROUTINE
1884 #define RTL_GENERIC_TABLE RTL_AVL_TABLE
1885 #define PRTL_GENERIC_TABLE PRTL_AVL_TABLE
1887 #define RtlInitializeGenericTable RtlInitializeGenericTableAvl
1888 #define RtlInsertElementGenericTable RtlInsertElementGenericTableAvl
1889 #define RtlInsertElementGenericTableFull RtlInsertElementGenericTableFullAvl
1890 #define RtlDeleteElementGenericTable RtlDeleteElementGenericTableAvl
1891 #define RtlLookupElementGenericTable RtlLookupElementGenericTableAvl
1892 #define RtlLookupElementGenericTableFull RtlLookupElementGenericTableFullAvl
1893 #define RtlEnumerateGenericTable RtlEnumerateGenericTableAvl
1894 #define RtlEnumerateGenericTableWithoutSplaying RtlEnumerateGenericTableWithoutSplayingAvl
1895 #define RtlGetElementGenericTable RtlGetElementGenericTableAvl
1896 #define RtlNumberGenericTableElements RtlNumberGenericTableElementsAvl
1897 #define RtlIsGenericTableEmpty RtlIsGenericTableEmptyAvl
1899 typedef struct _RTL_AVL_TABLE
1901 RTL_BALANCED_LINKS BalancedRoot
;
1902 PVOID OrderedPointer
;
1903 ULONG WhichOrderedElement
;
1904 ULONG NumberGenericTableElements
;
1906 PRTL_BALANCED_LINKS RestartKey
;
1908 PRTL_AVL_COMPARE_ROUTINE CompareRoutine
;
1909 PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine
;
1910 PRTL_AVL_FREE_ROUTINE FreeRoutine
;
1912 } RTL_AVL_TABLE
, *PRTL_AVL_TABLE
;
1917 RtlInitializeGenericTableAvl(
1918 PRTL_AVL_TABLE Table
,
1919 PRTL_AVL_COMPARE_ROUTINE CompareRoutine
,
1920 PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine
,
1921 PRTL_AVL_FREE_ROUTINE FreeRoutine
,
1928 RtlInsertElementGenericTableAvl (
1929 PRTL_AVL_TABLE Table
,
1932 PBOOLEAN NewElement OPTIONAL
1938 RtlDeleteElementGenericTableAvl (
1939 PRTL_AVL_TABLE Table
,
1946 RtlLookupElementGenericTableAvl (
1947 PRTL_AVL_TABLE Table
,
1954 RtlEnumerateGenericTableWithoutSplayingAvl (
1955 PRTL_AVL_TABLE Table
,
1959 #if defined(USE_LPC6432)
1960 #define LPC_CLIENT_ID CLIENT_ID64
1961 #define LPC_SIZE_T ULONGLONG
1962 #define LPC_PVOID ULONGLONG
1963 #define LPC_HANDLE ULONGLONG
1965 #define LPC_CLIENT_ID CLIENT_ID
1966 #define LPC_SIZE_T SIZE_T
1967 #define LPC_PVOID PVOID
1968 #define LPC_HANDLE HANDLE
1971 typedef struct _PORT_MESSAGE
1987 CSHORT DataInfoOffset
;
1993 LPC_CLIENT_ID ClientId
;
1994 double DoNotUseThisField
;
1999 LPC_SIZE_T ClientViewSize
;
2002 } PORT_MESSAGE
, *PPORT_MESSAGE
;
2004 #define LPC_KERNELMODE_MESSAGE (CSHORT)((USHORT)0x8000)
2006 typedef struct _PORT_VIEW
2009 LPC_HANDLE SectionHandle
;
2010 ULONG SectionOffset
;
2011 LPC_SIZE_T ViewSize
;
2013 LPC_PVOID ViewRemoteBase
;
2014 } PORT_VIEW
, *PPORT_VIEW
;
2016 typedef struct _REMOTE_PORT_VIEW
2019 LPC_SIZE_T ViewSize
;
2021 } REMOTE_PORT_VIEW
, *PREMOTE_PORT_VIEW
;
2023 typedef struct _SE_EXPORTS
{
2025 LUID SeCreateTokenPrivilege
;
2026 LUID SeAssignPrimaryTokenPrivilege
;
2027 LUID SeLockMemoryPrivilege
;
2028 LUID SeIncreaseQuotaPrivilege
;
2029 LUID SeUnsolicitedInputPrivilege
;
2030 LUID SeTcbPrivilege
;
2031 LUID SeSecurityPrivilege
;
2032 LUID SeTakeOwnershipPrivilege
;
2033 LUID SeLoadDriverPrivilege
;
2034 LUID SeCreatePagefilePrivilege
;
2035 LUID SeIncreaseBasePriorityPrivilege
;
2036 LUID SeSystemProfilePrivilege
;
2037 LUID SeSystemtimePrivilege
;
2038 LUID SeProfileSingleProcessPrivilege
;
2039 LUID SeCreatePermanentPrivilege
;
2040 LUID SeBackupPrivilege
;
2041 LUID SeRestorePrivilege
;
2042 LUID SeShutdownPrivilege
;
2043 LUID SeDebugPrivilege
;
2044 LUID SeAuditPrivilege
;
2045 LUID SeSystemEnvironmentPrivilege
;
2046 LUID SeChangeNotifyPrivilege
;
2047 LUID SeRemoteShutdownPrivilege
;
2052 PSID SeCreatorOwnerSid
;
2053 PSID SeCreatorGroupSid
;
2055 PSID SeNtAuthoritySid
;
2059 PSID SeInteractiveSid
;
2060 PSID SeLocalSystemSid
;
2061 PSID SeAliasAdminsSid
;
2062 PSID SeAliasUsersSid
;
2063 PSID SeAliasGuestsSid
;
2064 PSID SeAliasPowerUsersSid
;
2065 PSID SeAliasAccountOpsSid
;
2066 PSID SeAliasSystemOpsSid
;
2067 PSID SeAliasPrintOpsSid
;
2068 PSID SeAliasBackupOpsSid
;
2070 PSID SeAuthenticatedUsersSid
;
2072 PSID SeRestrictedSid
;
2073 PSID SeAnonymousLogonSid
;
2075 LUID SeUndockPrivilege
;
2076 LUID SeSyncAgentPrivilege
;
2077 LUID SeEnableDelegationPrivilege
;
2079 } SE_EXPORTS
, *PSE_EXPORTS
;
2081 extern PSE_EXPORTS SeExports
;
2085 LARGE_INTEGER StartingLcn
;
2086 } STARTING_LCN_INPUT_BUFFER
, *PSTARTING_LCN_INPUT_BUFFER
;
2088 typedef struct _STARTING_VCN_INPUT_BUFFER
{
2089 LARGE_INTEGER StartingVcn
;
2090 } STARTING_VCN_INPUT_BUFFER
, *PSTARTING_VCN_INPUT_BUFFER
;
2092 typedef struct _SECURITY_CLIENT_CONTEXT
{
2093 SECURITY_QUALITY_OF_SERVICE SecurityQos
;
2094 PACCESS_TOKEN ClientToken
;
2095 BOOLEAN DirectlyAccessClientToken
;
2096 BOOLEAN DirectAccessEffectiveOnly
;
2097 BOOLEAN ServerIsRemote
;
2098 TOKEN_CONTROL ClientTokenControl
;
2099 } SECURITY_CLIENT_CONTEXT
, *PSECURITY_CLIENT_CONTEXT
;
2102 // The following are the inherit flags that go into the AceFlags field
2103 // of an Ace header.
2105 #define OBJECT_INHERIT_ACE (0x1)
2106 #define CONTAINER_INHERIT_ACE (0x2)
2107 #define NO_PROPAGATE_INHERIT_ACE (0x4)
2108 #define INHERIT_ONLY_ACE (0x8)
2109 #define INHERITED_ACE (0x10)
2110 #define VALID_INHERIT_FLAGS (0x1F)
2112 typedef struct _ACE_HEADER
2117 } ACE_HEADER
, *PACE_HEADER
;
2119 typedef struct _ACCESS_ALLOWED_ACE
2124 } ACCESS_ALLOWED_ACE
, *PACCESS_ALLOWED_ACE
;
2126 typedef struct _ACCESS_DENIED_ACE
2131 } ACCESS_DENIED_ACE
, *PACCESS_DENIED_ACE
;
2133 typedef struct _SYSTEM_AUDIT_ACE
2138 } SYSTEM_AUDIT_ACE
, *PSYSTEM_AUDIT_ACE
;
2140 typedef struct _SYSTEM_ALARM_ACE
2145 } SYSTEM_ALARM_ACE
, *PSYSTEM_ALARM_ACE
;
2147 typedef struct _SYSTEM_MANDATORY_LABEL_ACE
2152 } SYSTEM_MANDATORY_LABEL_ACE
, *PSYSTEM_MANDATORY_LABEL_ACE
;
2154 typedef struct _TUNNEL
{
2156 PRTL_SPLAY_LINKS Cache
;
2157 LIST_ENTRY TimerQueue
;
2161 typedef struct _VAD_HEADER
{
2164 struct _VAD_HEADER
* ParentLink
;
2165 struct _VAD_HEADER
* LeftLink
;
2166 struct _VAD_HEADER
* RightLink
;
2167 ULONG Flags
; /* LSB = CommitCharge */
2169 PVOID FirstProtoPte
;
2173 } VAD_HEADER
, *PVAD_HEADER
;
2177 LARGE_INTEGER StartingLcn
;
2178 LARGE_INTEGER BitmapSize
;
2180 } VOLUME_BITMAP_BUFFER
, *PVOLUME_BITMAP_BUFFER
;
2182 #if (VER_PRODUCTBUILD >= 2600)
2185 (NTAPI
*PFILTER_REPORT_CHANGE
) (
2186 IN PVOID NotifyContext
,
2187 IN PVOID FilterContext
2190 typedef enum _FS_FILTER_SECTION_SYNC_TYPE
{
2192 SyncTypeCreateSection
2193 } FS_FILTER_SECTION_SYNC_TYPE
, *PFS_FILTER_SECTION_SYNC_TYPE
;
2195 typedef enum _FS_FILTER_STREAM_FO_NOTIFICATION_TYPE
{
2196 NotifyTypeCreate
= 0,
2198 } FS_FILTER_STREAM_FO_NOTIFICATION_TYPE
, *PFS_FILTER_STREAM_FO_NOTIFICATION_TYPE
;
2200 typedef union _FS_FILTER_PARAMETERS
{
2202 PLARGE_INTEGER EndingOffset
;
2203 PERESOURCE
*ResourceToRelease
;
2204 } AcquireForModifiedPageWriter
;
2207 PERESOURCE ResourceToRelease
;
2208 } ReleaseForModifiedPageWriter
;
2211 FS_FILTER_SECTION_SYNC_TYPE SyncType
;
2212 ULONG PageProtection
;
2213 } AcquireForSectionSynchronization
;
2216 FS_FILTER_STREAM_FO_NOTIFICATION_TYPE NotificationType
;
2217 BOOLEAN POINTER_ALIGNMENT SafeToRecurse
;
2218 } NotifyStreamFileObject
;
2227 } FS_FILTER_PARAMETERS
, *PFS_FILTER_PARAMETERS
;
2229 typedef struct _FS_FILTER_CALLBACK_DATA
{
2230 ULONG SizeOfFsFilterCallbackData
;
2233 struct _DEVICE_OBJECT
*DeviceObject
;
2234 struct _FILE_OBJECT
*FileObject
;
2235 FS_FILTER_PARAMETERS Parameters
;
2236 } FS_FILTER_CALLBACK_DATA
, *PFS_FILTER_CALLBACK_DATA
;
2239 (NTAPI
*PFS_FILTER_CALLBACK
) (
2240 IN PFS_FILTER_CALLBACK_DATA Data
,
2241 OUT PVOID
*CompletionContext
2245 (NTAPI
*PFS_FILTER_COMPLETION_CALLBACK
) (
2246 IN PFS_FILTER_CALLBACK_DATA Data
,
2247 IN NTSTATUS OperationStatus
,
2248 IN PVOID CompletionContext
2251 typedef struct _FS_FILTER_CALLBACKS
{
2252 ULONG SizeOfFsFilterCallbacks
;
2254 PFS_FILTER_CALLBACK PreAcquireForSectionSynchronization
;
2255 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForSectionSynchronization
;
2256 PFS_FILTER_CALLBACK PreReleaseForSectionSynchronization
;
2257 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForSectionSynchronization
;
2258 PFS_FILTER_CALLBACK PreAcquireForCcFlush
;
2259 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForCcFlush
;
2260 PFS_FILTER_CALLBACK PreReleaseForCcFlush
;
2261 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForCcFlush
;
2262 PFS_FILTER_CALLBACK PreAcquireForModifiedPageWriter
;
2263 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForModifiedPageWriter
;
2264 PFS_FILTER_CALLBACK PreReleaseForModifiedPageWriter
;
2265 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForModifiedPageWriter
;
2266 } FS_FILTER_CALLBACKS
, *PFS_FILTER_CALLBACKS
;
2268 typedef struct _READ_LIST
{
2269 PFILE_OBJECT FileObject
;
2270 ULONG NumberOfEntries
;
2272 FILE_SEGMENT_ELEMENT List
[ANYSIZE_ARRAY
];
2273 } READ_LIST
, *PREAD_LIST
;
2278 (NTAPI
* PRTL_HEAP_COMMIT_ROUTINE
) (
2280 IN OUT PVOID
*CommitAddress
,
2281 IN OUT PSIZE_T CommitSize
2284 typedef struct _RTL_HEAP_PARAMETERS
{
2286 SIZE_T SegmentReserve
;
2287 SIZE_T SegmentCommit
;
2288 SIZE_T DeCommitFreeBlockThreshold
;
2289 SIZE_T DeCommitTotalFreeThreshold
;
2290 SIZE_T MaximumAllocationSize
;
2291 SIZE_T VirtualMemoryThreshold
;
2292 SIZE_T InitialCommit
;
2293 SIZE_T InitialReserve
;
2294 PRTL_HEAP_COMMIT_ROUTINE CommitRoutine
;
2296 } RTL_HEAP_PARAMETERS
, *PRTL_HEAP_PARAMETERS
;
2302 IN PFILE_OBJECT FileObject
,
2303 IN ULONG BytesToWrite
,
2312 IN PFILE_OBJECT FileObject
,
2313 IN PLARGE_INTEGER FileOffset
,
2317 OUT PIO_STATUS_BLOCK IoStatus
2324 IN PFILE_OBJECT FileObject
,
2325 IN PLARGE_INTEGER FileOffset
,
2331 #define CcCopyWriteWontFlush(FO, FOFF, LEN) ((LEN) <= 0x10000)
2333 typedef VOID (NTAPI
*PCC_POST_DEFERRED_WRITE
) (
2342 IN PFILE_OBJECT FileObject
,
2343 IN PCC_POST_DEFERRED_WRITE PostRoutine
,
2346 IN ULONG BytesToWrite
,
2354 IN PFILE_OBJECT FileObject
,
2355 IN ULONG FileOffset
,
2359 OUT PIO_STATUS_BLOCK IoStatus
2366 IN PFILE_OBJECT FileObject
,
2367 IN ULONG FileOffset
,
2376 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
2377 IN PLARGE_INTEGER FileOffset OPTIONAL
,
2379 OUT PIO_STATUS_BLOCK IoStatus OPTIONAL
2382 typedef VOID (*PDIRTY_PAGE_ROUTINE
) (
2383 IN PFILE_OBJECT FileObject
,
2384 IN PLARGE_INTEGER FileOffset
,
2386 IN PLARGE_INTEGER OldestLsn
,
2387 IN PLARGE_INTEGER NewestLsn
,
2397 IN PDIRTY_PAGE_ROUTINE DirtyPageRoutine
,
2405 CcGetFileObjectFromBcb (
2412 CcGetFileObjectFromSectionPtrs (
2413 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
2416 #define CcGetFileSizePointer(FO) ( \
2417 ((PLARGE_INTEGER)((FO)->SectionObjectPointer->SharedCacheMap) + 1) \
2420 #if (VER_PRODUCTBUILD >= 2195)
2425 CcGetFlushedValidData (
2426 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
2427 IN BOOLEAN BcbListHeld
2430 #endif /* (VER_PRODUCTBUILD >= 2195) */
2435 CcGetLsnForFileObject (
2436 IN PFILE_OBJECT FileObject
,
2437 OUT PLARGE_INTEGER OldestLsn OPTIONAL
2440 typedef BOOLEAN (NTAPI
*PACQUIRE_FOR_LAZY_WRITE
) (
2445 typedef VOID (NTAPI
*PRELEASE_FROM_LAZY_WRITE
) (
2449 typedef BOOLEAN (NTAPI
*PACQUIRE_FOR_READ_AHEAD
) (
2454 typedef VOID (NTAPI
*PRELEASE_FROM_READ_AHEAD
) (
2458 typedef struct _CACHE_MANAGER_CALLBACKS
{
2459 PACQUIRE_FOR_LAZY_WRITE AcquireForLazyWrite
;
2460 PRELEASE_FROM_LAZY_WRITE ReleaseFromLazyWrite
;
2461 PACQUIRE_FOR_READ_AHEAD AcquireForReadAhead
;
2462 PRELEASE_FROM_READ_AHEAD ReleaseFromReadAhead
;
2463 } CACHE_MANAGER_CALLBACKS
, *PCACHE_MANAGER_CALLBACKS
;
2468 CcInitializeCacheMap (
2469 IN PFILE_OBJECT FileObject
,
2470 IN PCC_FILE_SIZES FileSizes
,
2471 IN BOOLEAN PinAccess
,
2472 IN PCACHE_MANAGER_CALLBACKS Callbacks
,
2473 IN PVOID LazyWriteContext
2476 #define CcIsFileCached(FO) ( \
2477 ((FO)->SectionObjectPointer != NULL) && \
2478 (((PSECTION_OBJECT_POINTERS)(FO)->SectionObjectPointer)->SharedCacheMap != NULL) \
2481 extern ULONG CcFastMdlReadWait
;
2486 CcIsThereDirtyData (
2494 IN PFILE_OBJECT FileObject
,
2495 IN PLARGE_INTEGER FileOffset
,
2506 IN PFILE_OBJECT FileObject
,
2507 IN PLARGE_INTEGER FileOffset
,
2510 OUT PIO_STATUS_BLOCK IoStatus
2517 IN PFILE_OBJECT FileObject
,
2524 CcMdlWriteComplete (
2525 IN PFILE_OBJECT FileObject
,
2526 IN PLARGE_INTEGER FileOffset
,
2536 IN PFILE_OBJECT FileObject
,
2537 IN PLARGE_INTEGER FileOffset
,
2547 IN PFILE_OBJECT FileObject
,
2548 IN PLARGE_INTEGER FileOffset
,
2559 IN PFILE_OBJECT FileObject
,
2560 IN PLARGE_INTEGER FileOffset
,
2563 OUT PIO_STATUS_BLOCK IoStatus
2570 IN PFILE_OBJECT FileObject
,
2571 IN PLARGE_INTEGER FileOffset
,
2582 CcPurgeCacheSection (
2583 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
2584 IN PLARGE_INTEGER FileOffset OPTIONAL
,
2586 IN BOOLEAN UninitializeCacheMaps
2589 #define CcReadAhead(FO, FOFF, LEN) ( \
2590 if ((LEN) >= 256) { \
2591 CcScheduleReadAhead((FO), (FOFF), (LEN)); \
2595 #if (VER_PRODUCTBUILD >= 2195)
2604 #endif /* (VER_PRODUCTBUILD >= 2195) */
2616 CcScheduleReadAhead (
2617 IN PFILE_OBJECT FileObject
,
2618 IN PLARGE_INTEGER FileOffset
,
2625 CcSetAdditionalCacheAttributes (
2626 IN PFILE_OBJECT FileObject
,
2627 IN BOOLEAN DisableReadAhead
,
2628 IN BOOLEAN DisableWriteBehind
2634 CcSetBcbOwnerPointer (
2636 IN PVOID OwnerPointer
2642 CcSetDirtyPageThreshold (
2643 IN PFILE_OBJECT FileObject
,
2644 IN ULONG DirtyPageThreshold
2650 CcSetDirtyPinnedData (
2652 IN PLARGE_INTEGER Lsn OPTIONAL
2659 IN PFILE_OBJECT FileObject
,
2660 IN PCC_FILE_SIZES FileSizes
2663 typedef VOID (NTAPI
*PFLUSH_TO_LSN
) (
2665 IN LARGE_INTEGER Lsn
2671 CcSetLogHandleForFile (
2672 IN PFILE_OBJECT FileObject
,
2674 IN PFLUSH_TO_LSN FlushToLsnRoutine
2680 CcSetReadAheadGranularity (
2681 IN PFILE_OBJECT FileObject
,
2682 IN ULONG Granularity
/* default: PAGE_SIZE */
2683 /* allowed: 2^n * PAGE_SIZE */
2689 CcUninitializeCacheMap (
2690 IN PFILE_OBJECT FileObject
,
2691 IN PLARGE_INTEGER TruncateSize OPTIONAL
,
2692 IN PCACHE_UNINITIALIZE_EVENT UninitializeCompleteEvent OPTIONAL
2705 CcUnpinDataForThread (
2707 IN ERESOURCE_THREAD ResourceThreadId
2713 CcUnpinRepinnedBcb (
2715 IN BOOLEAN WriteThrough
,
2716 OUT PIO_STATUS_BLOCK IoStatus
2719 #if (VER_PRODUCTBUILD >= 2195)
2724 CcWaitForCurrentLazyWriterActivity (
2728 #endif /* (VER_PRODUCTBUILD >= 2195) */
2734 IN PFILE_OBJECT FileObject
,
2735 IN PLARGE_INTEGER StartOffset
,
2736 IN PLARGE_INTEGER EndOffset
,
2743 ExDisableResourceBoostLite (
2744 IN PERESOURCE Resource
2750 ExQueryPoolBlockSize (
2752 OUT PBOOLEAN QuotaCharged
2755 #if (VER_PRODUCTBUILD >= 2600)
2757 #ifndef __NTOSKRNL__
2761 ExInitializeRundownProtection (
2762 IN PEX_RUNDOWN_REF RunRef
2768 ExReInitializeRundownProtection (
2769 IN PEX_RUNDOWN_REF RunRef
2775 ExAcquireRundownProtection (
2776 IN PEX_RUNDOWN_REF RunRef
2782 ExAcquireRundownProtectionEx (
2783 IN PEX_RUNDOWN_REF RunRef
,
2790 ExReleaseRundownProtection (
2791 IN PEX_RUNDOWN_REF RunRef
2797 ExReleaseRundownProtectionEx (
2798 IN PEX_RUNDOWN_REF RunRef
,
2805 ExRundownCompleted (
2806 IN PEX_RUNDOWN_REF RunRef
2812 ExWaitForRundownProtectionRelease (
2813 IN PEX_RUNDOWN_REF RunRef
2817 #endif /* (VER_PRODUCTBUILD >= 2600) */
2820 #define FsRtlSetupAdvancedHeader( _advhdr, _fmutx ) \
2822 SetFlag( (_advhdr)->Flags, FSRTL_FLAG_ADVANCED_HEADER ); \
2823 SetFlag( (_advhdr)->Flags2, FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS ); \
2824 (_advhdr)->Version = FSRTL_FCB_HEADER_V1; \
2825 InitializeListHead( &(_advhdr)->FilterContexts ); \
2826 if ((_fmutx) != NULL) { \
2827 (_advhdr)->FastMutex = (_fmutx); \
2829 *((PULONG_PTR)(&(_advhdr)->PushLock)) = 0; \
2830 /*ExInitializePushLock( &(_advhdr)->PushLock ); API Not avaliable downlevel*/\
2831 (_advhdr)->FileContextSupportPointer = NULL; \
2837 FsRtlAddBaseMcbEntry (
2841 IN LONGLONG SectorCount
2847 FsRtlAddLargeMcbEntry (
2851 IN LONGLONG SectorCount
2861 IN ULONG SectorCount
2867 FsRtlAddToTunnelCache (
2869 IN ULONGLONG DirectoryKey
,
2870 IN PUNICODE_STRING ShortName
,
2871 IN PUNICODE_STRING LongName
,
2872 IN BOOLEAN KeyByShortName
,
2873 IN ULONG DataLength
,
2877 #if (VER_PRODUCTBUILD >= 2195)
2881 FsRtlAllocateFileLock (
2882 IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL
,
2883 IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL
2886 #endif /* (VER_PRODUCTBUILD >= 2195) */
2892 IN POOL_TYPE PoolType
,
2893 IN ULONG NumberOfBytes
2899 FsRtlAllocatePoolWithQuota (
2900 IN POOL_TYPE PoolType
,
2901 IN ULONG NumberOfBytes
2907 FsRtlAllocatePoolWithQuotaTag (
2908 IN POOL_TYPE PoolType
,
2909 IN ULONG NumberOfBytes
,
2916 FsRtlAllocatePoolWithTag (
2917 IN POOL_TYPE PoolType
,
2918 IN ULONG NumberOfBytes
,
2925 FsRtlAreNamesEqual (
2926 IN PCUNICODE_STRING Name1
,
2927 IN PCUNICODE_STRING Name2
,
2928 IN BOOLEAN IgnoreCase
,
2929 IN PCWCH UpcaseTable OPTIONAL
2932 #define FsRtlAreThereCurrentFileLocks(FL) ( \
2933 ((FL)->FastIoIsQuestionable) \
2937 FsRtlCheckLockForReadAccess:
2939 All this really does is pick out the lock parameters from the irp (io stack
2940 location?), get IoGetRequestorProcess, and pass values on to
2941 FsRtlFastCheckLockForRead.
2946 FsRtlCheckLockForReadAccess (
2947 IN PFILE_LOCK FileLock
,
2952 FsRtlCheckLockForWriteAccess:
2954 All this really does is pick out the lock parameters from the irp (io stack
2955 location?), get IoGetRequestorProcess, and pass values on to
2956 FsRtlFastCheckLockForWrite.
2961 FsRtlCheckLockForWriteAccess (
2962 IN PFILE_LOCK FileLock
,
2968 (NTAPI
*POPLOCK_WAIT_COMPLETE_ROUTINE
) (
2975 (NTAPI
*POPLOCK_FS_PREPOST_IRP
) (
2987 IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL
,
2988 IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL
2995 IN PFILE_OBJECT FileObject
,
2996 IN PLARGE_INTEGER FileOffset
,
3001 OUT PIO_STATUS_BLOCK IoStatus
,
3002 IN PDEVICE_OBJECT DeviceObject
3009 IN PFILE_OBJECT FileObject
,
3010 IN PLARGE_INTEGER FileOffset
,
3015 OUT PIO_STATUS_BLOCK IoStatus
,
3016 IN PDEVICE_OBJECT DeviceObject
3019 #define HEAP_NO_SERIALIZE 0x00000001
3020 #define HEAP_GROWABLE 0x00000002
3021 #define HEAP_GENERATE_EXCEPTIONS 0x00000004
3022 #define HEAP_ZERO_MEMORY 0x00000008
3023 #define HEAP_REALLOC_IN_PLACE_ONLY 0x00000010
3024 #define HEAP_TAIL_CHECKING_ENABLED 0x00000020
3025 #define HEAP_FREE_CHECKING_ENABLED 0x00000040
3026 #define HEAP_DISABLE_COALESCE_ON_FREE 0x00000080
3028 #define HEAP_CREATE_ALIGN_16 0x00010000
3029 #define HEAP_CREATE_ENABLE_TRACING 0x00020000
3030 #define HEAP_CREATE_ENABLE_EXECUTE 0x00040000
3037 IN PVOID HeapBase OPTIONAL
,
3038 IN SIZE_T ReserveSize OPTIONAL
,
3039 IN SIZE_T CommitSize OPTIONAL
,
3040 IN PVOID Lock OPTIONAL
,
3041 IN PRTL_HEAP_PARAMETERS Parameters OPTIONAL
3047 FsRtlCurrentBatchOplock (
3054 FsRtlDeleteKeyFromTunnelCache (
3056 IN ULONGLONG DirectoryKey
3062 FsRtlDeleteTunnelCache (
3069 FsRtlDeregisterUncProvider (
3084 IN ANSI_STRING Name
,
3085 OUT PANSI_STRING FirstPart
,
3086 OUT PANSI_STRING RemainingPart
3093 IN UNICODE_STRING Name
,
3094 OUT PUNICODE_STRING FirstPart
,
3095 OUT PUNICODE_STRING RemainingPart
3101 FsRtlDoesDbcsContainWildCards (
3102 IN PANSI_STRING Name
3108 FsRtlDoesNameContainWildCards (
3109 IN PUNICODE_STRING Name
3115 FsRtlIsFatDbcsLegal (
3116 IN ANSI_STRING DbcsName
,
3117 IN BOOLEAN WildCardsPermissible
,
3118 IN BOOLEAN PathNamePermissible
,
3119 IN BOOLEAN LeadingBackslashPermissible
3123 #define FsRtlCompleteRequest(IRP,STATUS) { \
3124 (IRP)->IoStatus.Status = (STATUS); \
3125 IoCompleteRequest( (IRP), IO_DISK_INCREMENT ); \
3128 #define FsRtlEnterFileSystem KeEnterCriticalRegion
3130 #define FsRtlExitFileSystem KeLeaveCriticalRegion
3135 FsRtlFastCheckLockForRead (
3136 IN PFILE_LOCK FileLock
,
3137 IN PLARGE_INTEGER FileOffset
,
3138 IN PLARGE_INTEGER Length
,
3140 IN PFILE_OBJECT FileObject
,
3147 FsRtlFastCheckLockForWrite (
3148 IN PFILE_LOCK FileLock
,
3149 IN PLARGE_INTEGER FileOffset
,
3150 IN PLARGE_INTEGER Length
,
3152 IN PFILE_OBJECT FileObject
,
3156 #define FsRtlFastLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, A10, A11) ( \
3157 FsRtlPrivateLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, NULL, A10, A11) \
3163 FsRtlFastUnlockAll (
3164 IN PFILE_LOCK FileLock
,
3165 IN PFILE_OBJECT FileObject
,
3166 IN PEPROCESS Process
,
3167 IN PVOID Context OPTIONAL
3169 /* ret: STATUS_RANGE_NOT_LOCKED */
3174 FsRtlFastUnlockAllByKey (
3175 IN PFILE_LOCK FileLock
,
3176 IN PFILE_OBJECT FileObject
,
3177 IN PEPROCESS Process
,
3179 IN PVOID Context OPTIONAL
3181 /* ret: STATUS_RANGE_NOT_LOCKED */
3186 FsRtlFastUnlockSingle (
3187 IN PFILE_LOCK FileLock
,
3188 IN PFILE_OBJECT FileObject
,
3189 IN PLARGE_INTEGER FileOffset
,
3190 IN PLARGE_INTEGER Length
,
3191 IN PEPROCESS Process
,
3193 IN PVOID Context OPTIONAL
,
3194 IN BOOLEAN AlreadySynchronized
3196 /* ret: STATUS_RANGE_NOT_LOCKED */
3201 FsRtlFindInTunnelCache (
3203 IN ULONGLONG DirectoryKey
,
3204 IN PUNICODE_STRING Name
,
3205 OUT PUNICODE_STRING ShortName
,
3206 OUT PUNICODE_STRING LongName
,
3207 IN OUT PULONG DataLength
,
3211 #if (VER_PRODUCTBUILD >= 2195)
3217 IN PFILE_LOCK FileLock
3220 #endif /* (VER_PRODUCTBUILD >= 2195) */
3226 IN PFILE_OBJECT FileObject
,
3227 IN OUT PLARGE_INTEGER FileSize
3233 FsRtlGetNextBaseMcbEntry (
3238 OUT PLONGLONG SectorCount
3242 FsRtlGetNextFileLock:
3244 ret: NULL if no more locks
3247 FsRtlGetNextFileLock uses FileLock->LastReturnedLockInfo and
3248 FileLock->LastReturnedLock as storage.
3249 LastReturnedLock is a pointer to the 'raw' lock inkl. double linked
3250 list, and FsRtlGetNextFileLock needs this to get next lock on subsequent
3251 calls with Restart = FALSE.
3256 FsRtlGetNextFileLock (
3257 IN PFILE_LOCK FileLock
,
3264 FsRtlGetNextLargeMcbEntry (
3269 OUT PLONGLONG SectorCount
3275 FsRtlGetNextMcbEntry (
3280 OUT PULONG SectorCount
3283 #define FsRtlGetPerStreamContextPointer(FO) ( \
3284 (PFSRTL_ADVANCED_FCB_HEADER)(FO)->FsContext \
3290 FsRtlInitializeBaseMcb (
3292 IN POOL_TYPE PoolType
3298 FsRtlInitializeFileLock (
3299 IN PFILE_LOCK FileLock
,
3300 IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL
,
3301 IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL
3307 FsRtlInitializeLargeMcb (
3309 IN POOL_TYPE PoolType
3315 FsRtlInitializeMcb (
3317 IN POOL_TYPE PoolType
3323 FsRtlInitializeOplock (
3324 IN OUT POPLOCK Oplock
3330 FsRtlInitializeTunnelCache (
3334 #define FsRtlInitPerStreamContext(PSC, O, I, FC) ( \
3335 (PSC)->OwnerId = (O), \
3336 (PSC)->InstanceId = (I), \
3337 (PSC)->FreeCallback = (FC) \
3343 FsRtlInsertPerStreamContext (
3344 IN PFSRTL_ADVANCED_FCB_HEADER PerStreamContext
,
3345 IN PFSRTL_PER_STREAM_CONTEXT Ptr
3348 #define FsRtlIsAnsiCharacterLegalFat(C, WILD) ( \
3349 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_FAT_LEGAL) | \
3350 ((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \
3353 #define FsRtlIsAnsiCharacterLegalHpfs(C, WILD) ( \
3354 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_HPFS_LEGAL) | \
3355 ((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \
3358 #define FsRtlIsAnsiCharacterLegalNtfs(C, WILD) ( \
3359 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_NTFS_LEGAL) | \
3360 ((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \
3363 #define FsRtlIsAnsiCharacterWild(C) ( \
3364 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], FSRTL_WILD_CHARACTER ) \
3370 FsRtlIsFatDbcsLegal (
3371 IN ANSI_STRING DbcsName
,
3372 IN BOOLEAN WildCardsPermissible
,
3373 IN BOOLEAN PathNamePermissible
,
3374 IN BOOLEAN LeadingBackslashPermissible
3380 FsRtlIsHpfsDbcsLegal (
3381 IN ANSI_STRING DbcsName
,
3382 IN BOOLEAN WildCardsPermissible
,
3383 IN BOOLEAN PathNamePermissible
,
3384 IN BOOLEAN LeadingBackslashPermissible
3390 FsRtlIsNameInExpression (
3391 IN PUNICODE_STRING Expression
,
3392 IN PUNICODE_STRING Name
,
3393 IN BOOLEAN IgnoreCase
,
3394 IN PWCHAR UpcaseTable OPTIONAL
3400 FsRtlIsNtstatusExpected (
3401 IN NTSTATUS Ntstatus
3404 #define NLS_OEM_LEAD_BYTE_INFO NlsOemLeadByteInfo
3406 extern PUSHORT NlsOemLeadByteInfo
;
3408 #define FsRtlIsLeadDbcsCharacter(DBCS_CHAR) ( \
3409 (BOOLEAN)((UCHAR)(DBCS_CHAR) < 0x80 ? FALSE : \
3410 (NLS_MB_CODE_PAGE_TAG && \
3411 (NLS_OEM_LEAD_BYTE_INFO[(UCHAR)(DBCS_CHAR)] != 0))) \
3414 #define FsRtlIsUnicodeCharacterWild(C) ( \
3417 FlagOn(FsRtlLegalAnsiCharacterArray[(C)], FSRTL_WILD_CHARACTER )) \
3423 FsRtlLookupBaseMcbEntry (
3426 OUT PLONGLONG Lbn OPTIONAL
,
3427 OUT PLONGLONG SectorCountFromLbn OPTIONAL
,
3428 OUT PLONGLONG StartingLbn OPTIONAL
,
3429 OUT PLONGLONG SectorCountFromStartingLbn OPTIONAL
,
3430 OUT PULONG Index OPTIONAL
3436 FsRtlLookupLargeMcbEntry (
3439 OUT PLONGLONG Lbn OPTIONAL
,
3440 OUT PLONGLONG SectorCountFromLbn OPTIONAL
,
3441 OUT PLONGLONG StartingLbn OPTIONAL
,
3442 OUT PLONGLONG SectorCountFromStartingLbn OPTIONAL
,
3443 OUT PULONG Index OPTIONAL
3449 FsRtlLookupLastBaseMcbEntry (
3458 FsRtlLookupLastLargeMcbEntry (
3467 FsRtlLookupLastMcbEntry (
3476 FsRtlLookupLastBaseMcbEntryAndIndex (
3477 IN PBASE_MCB OpaqueMcb
,
3478 IN OUT PLONGLONG LargeVbn
,
3479 IN OUT PLONGLONG LargeLbn
,
3486 FsRtlLookupLastLargeMcbEntryAndIndex (
3487 IN PLARGE_MCB OpaqueMcb
,
3488 OUT PLONGLONG LargeVbn
,
3489 OUT PLONGLONG LargeLbn
,
3496 FsRtlLookupMcbEntry (
3500 OUT PULONG SectorCount OPTIONAL
,
3505 PFSRTL_PER_STREAM_CONTEXT
3507 FsRtlLookupPerStreamContextInternal (
3508 IN PFSRTL_ADVANCED_FCB_HEADER StreamContext
,
3509 IN PVOID OwnerId OPTIONAL
,
3510 IN PVOID InstanceId OPTIONAL
3517 IN PFILE_OBJECT FileObject
,
3518 IN PLARGE_INTEGER FileOffset
,
3522 OUT PIO_STATUS_BLOCK IoStatus
,
3523 IN PDEVICE_OBJECT DeviceObject
3529 FsRtlMdlReadComplete (
3530 IN PFILE_OBJECT FileObject
,
3537 FsRtlMdlReadCompleteDev (
3538 IN PFILE_OBJECT FileObject
,
3540 IN PDEVICE_OBJECT DeviceObject
3546 FsRtlPrepareMdlWriteDev (
3547 IN PFILE_OBJECT FileObject
,
3548 IN PLARGE_INTEGER FileOffset
,
3552 OUT PIO_STATUS_BLOCK IoStatus
,
3553 IN PDEVICE_OBJECT DeviceObject
3559 FsRtlMdlWriteComplete (
3560 IN PFILE_OBJECT FileObject
,
3561 IN PLARGE_INTEGER FileOffset
,
3568 FsRtlMdlWriteCompleteDev (
3569 IN PFILE_OBJECT FileObject
,
3570 IN PLARGE_INTEGER FileOffset
,
3572 IN PDEVICE_OBJECT DeviceObject
3578 FsRtlNormalizeNtstatus (
3579 IN NTSTATUS Exception
,
3580 IN NTSTATUS GenericException
3586 FsRtlNotifyChangeDirectory (
3587 IN PNOTIFY_SYNC NotifySync
,
3589 IN PSTRING FullDirectoryName
,
3590 IN PLIST_ENTRY NotifyList
,
3591 IN BOOLEAN WatchTree
,
3592 IN ULONG CompletionFilter
,
3599 FsRtlNotifyCleanup (
3600 IN PNOTIFY_SYNC NotifySync
,
3601 IN PLIST_ENTRY NotifyList
,
3605 typedef BOOLEAN (*PCHECK_FOR_TRAVERSE_ACCESS
) (
3606 IN PVOID NotifyContext
,
3607 IN PVOID TargetContext
,
3608 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
3614 FsRtlNotifyFilterChangeDirectory (
3615 IN PNOTIFY_SYNC NotifySync
,
3616 IN PLIST_ENTRY NotifyList
,
3618 IN PSTRING FullDirectoryName
,
3619 IN BOOLEAN WatchTree
,
3620 IN BOOLEAN IgnoreBuffer
,
3621 IN ULONG CompletionFilter
,
3623 IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL
,
3624 IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL
,
3625 IN PFILTER_REPORT_CHANGE FilterCallback OPTIONAL
);
3630 FsRtlNotifyFilterReportChange (
3631 IN PNOTIFY_SYNC NotifySync
,
3632 IN PLIST_ENTRY NotifyList
,
3633 IN PSTRING FullTargetName
,
3634 IN USHORT TargetNameOffset
,
3635 IN PSTRING StreamName OPTIONAL
,
3636 IN PSTRING NormalizedParentName OPTIONAL
,
3637 IN ULONG FilterMatch
,
3639 IN PVOID TargetContext
,
3640 IN PVOID FilterContext
);
3645 FsRtlNotifyFullChangeDirectory (
3646 IN PNOTIFY_SYNC NotifySync
,
3647 IN PLIST_ENTRY NotifyList
,
3649 IN PSTRING FullDirectoryName
,
3650 IN BOOLEAN WatchTree
,
3651 IN BOOLEAN IgnoreBuffer
,
3652 IN ULONG CompletionFilter
,
3654 IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL
,
3655 IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL
3661 FsRtlNotifyFullReportChange (
3662 IN PNOTIFY_SYNC NotifySync
,
3663 IN PLIST_ENTRY NotifyList
,
3664 IN PSTRING FullTargetName
,
3665 IN USHORT TargetNameOffset
,
3666 IN PSTRING StreamName OPTIONAL
,
3667 IN PSTRING NormalizedParentName OPTIONAL
,
3668 IN ULONG FilterMatch
,
3670 IN PVOID TargetContext
3676 FsRtlNotifyInitializeSync (
3677 IN PNOTIFY_SYNC
*NotifySync
3683 FsRtlNotifyReportChange (
3684 IN PNOTIFY_SYNC NotifySync
,
3685 IN PLIST_ENTRY NotifyList
,
3686 IN PSTRING FullTargetName
,
3687 IN PUSHORT FileNamePartLength
,
3688 IN ULONG FilterMatch
3694 FsRtlNotifyUninitializeSync (
3695 IN PNOTIFY_SYNC
*NotifySync
3698 #if (VER_PRODUCTBUILD >= 2195)
3703 FsRtlNotifyVolumeEvent (
3704 IN PFILE_OBJECT FileObject
,
3708 #endif /* (VER_PRODUCTBUILD >= 2195) */
3713 FsRtlNumberOfRunsInBaseMcb (
3720 FsRtlNumberOfRunsInLargeMcb (
3727 FsRtlNumberOfRunsInMcb (
3743 FsRtlOplockIsFastIoPossible (
3748 (NTAPI
*PFSRTL_STACK_OVERFLOW_ROUTINE
) (
3756 FsRtlPostPagingFileStackOverflow (
3759 IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine
3765 FsRtlPostStackOverflow (
3768 IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine
3774 ret: IoStatus->Status: STATUS_PENDING, STATUS_LOCK_NOT_GRANTED
3777 -Calls IoCompleteRequest if Irp
3778 -Uses exception handling / ExRaiseStatus with STATUS_INSUFFICIENT_RESOURCES
3784 IN PFILE_LOCK FileLock
,
3785 IN PFILE_OBJECT FileObject
,
3786 IN PLARGE_INTEGER FileOffset
,
3787 IN PLARGE_INTEGER Length
,
3788 IN PEPROCESS Process
,
3790 IN BOOLEAN FailImmediately
,
3791 IN BOOLEAN ExclusiveLock
,
3792 OUT PIO_STATUS_BLOCK IoStatus
,
3793 IN PIRP Irp OPTIONAL
,
3795 IN BOOLEAN AlreadySynchronized
3799 FsRtlProcessFileLock:
3802 -STATUS_INVALID_DEVICE_REQUEST
3803 -STATUS_RANGE_NOT_LOCKED from unlock routines.
3804 -STATUS_PENDING, STATUS_LOCK_NOT_GRANTED from FsRtlPrivateLock
3805 (redirected IoStatus->Status).
3808 -switch ( Irp->CurrentStackLocation->MinorFunction )
3809 lock: return FsRtlPrivateLock;
3810 unlocksingle: return FsRtlFastUnlockSingle;
3811 unlockall: return FsRtlFastUnlockAll;
3812 unlockallbykey: return FsRtlFastUnlockAllByKey;
3813 default: IofCompleteRequest with STATUS_INVALID_DEVICE_REQUEST;
3814 return STATUS_INVALID_DEVICE_REQUEST;
3816 -'AllwaysZero' is passed thru as 'AllwaysZero' to lock / unlock routines.
3817 -'Irp' is passet thru as 'Irp' to FsRtlPrivateLock.
3822 FsRtlProcessFileLock (
3823 IN PFILE_LOCK FileLock
,
3825 IN PVOID Context OPTIONAL
3831 FsRtlRegisterUncProvider (
3832 IN OUT PHANDLE MupHandle
,
3833 IN PUNICODE_STRING RedirectorDeviceName
,
3834 IN BOOLEAN MailslotsSupported
3840 FsRtlRemoveBaseMcbEntry (
3843 IN LONGLONG SectorCount
3849 FsRtlRemoveLargeMcbEntry (
3852 IN LONGLONG SectorCount
3858 FsRtlRemoveMcbEntry (
3861 IN ULONG SectorCount
3865 PFSRTL_PER_STREAM_CONTEXT
3867 FsRtlRemovePerStreamContext (
3868 IN PFSRTL_ADVANCED_FCB_HEADER StreamContext
,
3869 IN PVOID OwnerId OPTIONAL
,
3870 IN PVOID InstanceId OPTIONAL
3883 FsRtlResetLargeMcb (
3885 IN BOOLEAN SelfSynchronized
3900 FsRtlSplitLargeMcb (
3906 #define FsRtlSupportsPerStreamContexts(FO) ( \
3907 (BOOLEAN)((NULL != FsRtlGetPerStreamContextPointer(FO) && \
3908 FlagOn(FsRtlGetPerStreamContextPointer(FO)->Flags2, \
3909 FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS)) \
3915 FsRtlTruncateBaseMcb (
3923 FsRtlTruncateLargeMcb (
3939 FsRtlUninitializeBaseMcb (
3946 FsRtlUninitializeFileLock (
3947 IN PFILE_LOCK FileLock
3953 FsRtlUninitializeLargeMcb (
3960 FsRtlUninitializeMcb (
3967 FsRtlUninitializeOplock (
3968 IN OUT POPLOCK Oplock
3981 KeSetIdealProcessorThread(
3982 IN OUT PKTHREAD Thread
,
3989 IoAttachDeviceToDeviceStackSafe(
3990 IN PDEVICE_OBJECT SourceDevice
,
3991 IN PDEVICE_OBJECT TargetDevice
,
3992 OUT PDEVICE_OBJECT
*AttachedToDeviceObject
3998 IoAcquireVpbSpinLock (
4005 IoCheckDesiredAccess (
4006 IN OUT PACCESS_MASK DesiredAccess
,
4007 IN ACCESS_MASK GrantedAccess
4013 IoCheckEaBufferValidity (
4014 IN PFILE_FULL_EA_INFORMATION EaBuffer
,
4016 OUT PULONG ErrorOffset
4022 IoCheckFunctionAccess (
4023 IN ACCESS_MASK GrantedAccess
,
4024 IN UCHAR MajorFunction
,
4025 IN UCHAR MinorFunction
,
4026 IN ULONG IoControlCode
,
4027 IN PVOID Argument1 OPTIONAL
,
4028 IN PVOID Argument2 OPTIONAL
4031 #if (VER_PRODUCTBUILD >= 2195)
4036 IoCheckQuotaBufferValidity (
4037 IN PFILE_QUOTA_INFORMATION QuotaBuffer
,
4038 IN ULONG QuotaLength
,
4039 OUT PULONG ErrorOffset
4042 #endif /* (VER_PRODUCTBUILD >= 2195) */
4047 IoCreateStreamFileObject (
4048 IN PFILE_OBJECT FileObject OPTIONAL
,
4049 IN PDEVICE_OBJECT DeviceObject OPTIONAL
4052 #if (VER_PRODUCTBUILD >= 2195)
4057 IoCreateStreamFileObjectLite (
4058 IN PFILE_OBJECT FileObject OPTIONAL
,
4059 IN PDEVICE_OBJECT DeviceObject OPTIONAL
4062 #endif /* (VER_PRODUCTBUILD >= 2195) */
4067 IoFastQueryNetworkAttributes (
4068 IN POBJECT_ATTRIBUTES ObjectAttributes
,
4069 IN ACCESS_MASK DesiredAccess
,
4070 IN ULONG OpenOptions
,
4071 OUT PIO_STATUS_BLOCK IoStatus
,
4072 OUT PFILE_NETWORK_OPEN_INFORMATION Buffer
4078 IoGetAttachedDevice (
4079 IN PDEVICE_OBJECT DeviceObject
4085 IoGetBaseFileSystemDeviceObject (
4086 IN PFILE_OBJECT FileObject
4092 IoGetRequestorProcess (
4096 #if (VER_PRODUCTBUILD >= 2195)
4101 IoGetRequestorProcessId (
4105 #endif /* (VER_PRODUCTBUILD >= 2195) */
4114 #define IoIsFileOpenedExclusively(FileObject) ( \
4116 (FileObject)->SharedRead || \
4117 (FileObject)->SharedWrite || \
4118 (FileObject)->SharedDelete \
4125 IoIsOperationSynchronous (
4136 #if (VER_PRODUCTBUILD >= 2195)
4141 IoIsValidNameGraftingBuffer (
4143 IN PREPARSE_DATA_BUFFER ReparseBuffer
4146 #endif /* (VER_PRODUCTBUILD >= 2195) */
4152 IN PFILE_OBJECT FileObject
,
4154 IN PLARGE_INTEGER Offset
,
4156 OUT PIO_STATUS_BLOCK IoStatusBlock
4162 IoQueryFileInformation (
4163 IN PFILE_OBJECT FileObject
,
4164 IN FILE_INFORMATION_CLASS FileInformationClass
,
4166 OUT PVOID FileInformation
,
4167 OUT PULONG ReturnedLength
4173 IoQueryVolumeInformation (
4174 IN PFILE_OBJECT FileObject
,
4175 IN FS_INFORMATION_CLASS FsInformationClass
,
4177 OUT PVOID FsInformation
,
4178 OUT PULONG ReturnedLength
4191 IoRegisterFileSystem (
4192 IN OUT PDEVICE_OBJECT DeviceObject
4195 #if (VER_PRODUCTBUILD >= 1381)
4197 typedef VOID (NTAPI
*PDRIVER_FS_NOTIFICATION
) (
4198 IN PDEVICE_OBJECT DeviceObject
,
4199 IN BOOLEAN DriverActive
4205 IoRegisterFsRegistrationChange (
4206 IN PDRIVER_OBJECT DriverObject
,
4207 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
4210 #endif /* (VER_PRODUCTBUILD >= 1381) */
4215 IoReleaseVpbSpinLock (
4222 IoSetDeviceToVerify (
4224 IN PDEVICE_OBJECT DeviceObject
4231 IN PFILE_OBJECT FileObject
,
4232 IN FILE_INFORMATION_CLASS FileInformationClass
,
4234 IN PVOID FileInformation
4247 IoSynchronousPageWrite (
4248 IN PFILE_OBJECT FileObject
,
4250 IN PLARGE_INTEGER FileOffset
,
4252 OUT PIO_STATUS_BLOCK IoStatusBlock
4265 IoUnregisterFileSystem (
4266 IN OUT PDEVICE_OBJECT DeviceObject
4269 #if (VER_PRODUCTBUILD >= 1381)
4274 IoUnregisterFsRegistrationChange (
4275 IN PDRIVER_OBJECT DriverObject
,
4276 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
4279 #endif /* (VER_PRODUCTBUILD >= 1381) */
4285 IN PDEVICE_OBJECT DeviceObject
,
4286 IN BOOLEAN AllowRawMount
4289 #if !defined (_M_AMD64)
4294 KeAcquireQueuedSpinLock (
4295 IN KSPIN_LOCK_QUEUE_NUMBER Number
4301 KeReleaseQueuedSpinLock (
4302 IN KSPIN_LOCK_QUEUE_NUMBER Number
,
4309 KeAcquireSpinLockRaiseToSynch(
4310 IN OUT PKSPIN_LOCK SpinLock
4316 KeTryToAcquireQueuedSpinLock(
4317 KSPIN_LOCK_QUEUE_NUMBER Number
,
4325 KeAcquireQueuedSpinLock (
4326 IN KSPIN_LOCK_QUEUE_NUMBER Number
4332 KeReleaseQueuedSpinLock (
4333 IN KSPIN_LOCK_QUEUE_NUMBER Number
,
4339 KeAcquireSpinLockRaiseToSynch(
4340 IN OUT PKSPIN_LOCK SpinLock
4345 KeTryToAcquireQueuedSpinLock(
4346 KSPIN_LOCK_QUEUE_NUMBER Number
,
4355 IN PKPROCESS Process
4370 IN ULONG Count OPTIONAL
4378 IN PLIST_ENTRY Entry
4386 IN PLIST_ENTRY Entry
4401 IN KPROCESSOR_MODE WaitMode
,
4402 IN PLARGE_INTEGER Timeout OPTIONAL
4415 KeInitializeMutant (
4416 IN PRKMUTANT Mutant
,
4417 IN BOOLEAN InitialOwner
4431 IN PRKMUTANT Mutant
,
4432 IN KPRIORITY Increment
,
4433 IN BOOLEAN Abandoned
,
4437 #if (VER_PRODUCTBUILD >= 2195)
4442 KeStackAttachProcess (
4443 IN PKPROCESS Process
,
4444 OUT PKAPC_STATE ApcState
4450 KeUnstackDetachProcess (
4451 IN PKAPC_STATE ApcState
4454 #endif /* (VER_PRODUCTBUILD >= 2195) */
4459 KeSetKernelStackSwapEnable(
4466 MmCanFileBeTruncated (
4467 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
4468 IN PLARGE_INTEGER NewFileSize
4474 MmFlushImageSection (
4475 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
4476 IN MMFLUSH_TYPE FlushType
4482 MmForceSectionClosed (
4483 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
4484 IN BOOLEAN DelayClose
4487 #if (VER_PRODUCTBUILD >= 1381)
4492 MmIsRecursiveIoFault (
4498 #define MmIsRecursiveIoFault() ( \
4499 (PsGetCurrentThread()->DisablePageFaultClustering) | \
4500 (PsGetCurrentThread()->ForwardClusterOnly) \
4509 MmSetAddressRangeModified (
4518 IN KPROCESSOR_MODE ObjectAttributesAccessMode OPTIONAL
,
4519 IN POBJECT_TYPE ObjectType
,
4520 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
4521 IN KPROCESSOR_MODE AccessMode
,
4522 IN OUT PVOID ParseContext OPTIONAL
,
4523 IN ULONG ObjectSize
,
4524 IN ULONG PagedPoolCharge OPTIONAL
,
4525 IN ULONG NonPagedPoolCharge OPTIONAL
,
4532 ObGetObjectPointerCount (
4541 IN PACCESS_STATE PassedAccessState OPTIONAL
,
4542 IN ACCESS_MASK DesiredAccess
,
4543 IN ULONG AdditionalReferences
,
4544 OUT PVOID
*ReferencedObject OPTIONAL
,
4551 ObMakeTemporaryObject (
4558 ObOpenObjectByPointer (
4560 IN ULONG HandleAttributes
,
4561 IN PACCESS_STATE PassedAccessState OPTIONAL
,
4562 IN ACCESS_MASK DesiredAccess OPTIONAL
,
4563 IN POBJECT_TYPE ObjectType OPTIONAL
,
4564 IN KPROCESSOR_MODE AccessMode
,
4573 OUT POBJECT_NAME_INFORMATION ObjectNameInfo
,
4575 OUT PULONG ReturnLength
4581 ObQueryObjectAuditingByHandle (
4583 OUT PBOOLEAN GenerateOnClose
4589 ObReferenceObjectByName (
4590 IN PUNICODE_STRING ObjectName
,
4591 IN ULONG Attributes
,
4592 IN PACCESS_STATE PassedAccessState OPTIONAL
,
4593 IN ACCESS_MASK DesiredAccess OPTIONAL
,
4594 IN POBJECT_TYPE ObjectType
,
4595 IN KPROCESSOR_MODE AccessMode
,
4596 IN OUT PVOID ParseContext OPTIONAL
,
4603 PsAssignImpersonationToken (
4612 IN PEPROCESS Process
,
4613 IN POOL_TYPE PoolType
,
4620 PsChargeProcessPoolQuota (
4621 IN PEPROCESS Process
,
4622 IN POOL_TYPE PoolType
,
4626 #define PsDereferenceImpersonationToken(T) \
4627 {if (ARGUMENT_PRESENT(T)) { \
4628 (ObDereferenceObject((T))); \
4634 #define PsDereferencePrimaryToken(T) (ObDereferenceObject((T)))
4639 PsDisableImpersonation(
4641 IN PSE_IMPERSONATION_STATE ImpersonationState
4647 PsGetProcessExitTime (
4654 PsImpersonateClient(
4656 IN PACCESS_TOKEN Token
,
4657 IN BOOLEAN CopyOnOpen
,
4658 IN BOOLEAN EffectiveOnly
,
4659 IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
4672 PsIsThreadTerminating (
4679 PsLookupProcessByProcessId (
4680 IN HANDLE ProcessId
,
4681 OUT PEPROCESS
*Process
4687 PsLookupProcessThreadByCid (
4689 OUT PEPROCESS
*Process OPTIONAL
,
4690 OUT PETHREAD
*Thread
4696 PsLookupThreadByThreadId (
4697 IN HANDLE UniqueThreadId
,
4698 OUT PETHREAD
*Thread
4704 PsReferenceImpersonationToken (
4706 OUT PBOOLEAN CopyOnUse
,
4707 OUT PBOOLEAN EffectiveOnly
,
4708 OUT PSECURITY_IMPERSONATION_LEVEL Level
4714 PsReferencePrimaryToken (
4715 IN PEPROCESS Process
4721 PsRestoreImpersonation(
4723 IN PSE_IMPERSONATION_STATE ImpersonationState
4730 IN PEPROCESS Process
,
4731 IN POOL_TYPE PoolType
,
4745 RtlAbsoluteToSelfRelativeSD (
4746 IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor
,
4747 IN OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor
,
4748 IN PULONG BufferLength
4755 IN HANDLE HeapHandle
,
4763 RtlAppendStringToString(
4764 PSTRING Destination
,
4765 const STRING
*Source
4771 RtlCaptureStackBackTrace (
4772 IN ULONG FramesToSkip
,
4773 IN ULONG FramesToCapture
,
4774 OUT PVOID
*BackTrace
,
4775 OUT PULONG BackTraceHash OPTIONAL
4781 RtlCompareMemoryUlong (
4791 IN USHORT CompressionFormatAndEngine
,
4792 IN PUCHAR UncompressedBuffer
,
4793 IN ULONG UncompressedBufferSize
,
4794 OUT PUCHAR CompressedBuffer
,
4795 IN ULONG CompressedBufferSize
,
4796 IN ULONG UncompressedChunkSize
,
4797 OUT PULONG FinalCompressedSize
,
4805 IN PUCHAR UncompressedBuffer
,
4806 IN ULONG UncompressedBufferSize
,
4807 OUT PUCHAR CompressedBuffer
,
4808 IN ULONG CompressedBufferSize
,
4809 IN OUT PCOMPRESSED_DATA_INFO CompressedDataInfo
,
4810 IN ULONG CompressedDataInfoLength
,
4817 RtlConvertSidToUnicodeString (
4818 OUT PUNICODE_STRING DestinationString
,
4820 IN BOOLEAN AllocateDestinationString
4828 IN PSID Destination
,
4835 RtlCreateUnicodeString(
4836 PUNICODE_STRING DestinationString
,
4843 RtlDecompressBuffer (
4844 IN USHORT CompressionFormat
,
4845 OUT PUCHAR UncompressedBuffer
,
4846 IN ULONG UncompressedBufferSize
,
4847 IN PUCHAR CompressedBuffer
,
4848 IN ULONG CompressedBufferSize
,
4849 OUT PULONG FinalUncompressedSize
4855 RtlDecompressChunks (
4856 OUT PUCHAR UncompressedBuffer
,
4857 IN ULONG UncompressedBufferSize
,
4858 IN PUCHAR CompressedBuffer
,
4859 IN ULONG CompressedBufferSize
,
4860 IN PUCHAR CompressedTail
,
4861 IN ULONG CompressedTailSize
,
4862 IN PCOMPRESSED_DATA_INFO CompressedDataInfo
4868 RtlDecompressFragment (
4869 IN USHORT CompressionFormat
,
4870 OUT PUCHAR UncompressedFragment
,
4871 IN ULONG UncompressedFragmentSize
,
4872 IN PUCHAR CompressedBuffer
,
4873 IN ULONG CompressedBufferSize
,
4874 IN ULONG FragmentOffset
,
4875 OUT PULONG FinalUncompressedSize
,
4883 IN USHORT CompressionFormat
,
4884 IN OUT PUCHAR
*CompressedBuffer
,
4885 IN PUCHAR EndOfCompressedBufferPlus1
,
4886 OUT PUCHAR
*ChunkBuffer
,
4887 OUT PULONG ChunkSize
4893 RtlDowncaseUnicodeString(
4894 IN OUT PUNICODE_STRING UniDest
,
4895 IN PCUNICODE_STRING UniSource
,
4896 IN BOOLEAN AllocateDestinationString
4902 RtlDuplicateUnicodeString(
4904 IN PCUNICODE_STRING SourceString
,
4905 OUT PUNICODE_STRING DestinationString
4919 RtlFillMemoryUlong (
4920 IN PVOID Destination
,
4929 IN HANDLE HeapHandle
,
4938 IN POEM_STRING OemString
4944 RtlGenerate8dot3Name (
4945 IN PUNICODE_STRING Name
,
4946 IN BOOLEAN AllowExtendedCharacters
,
4947 IN OUT PGENERATE_NAME_CONTEXT Context
,
4948 OUT PUNICODE_STRING Name8dot3
4954 RtlGetCompressionWorkSpaceSize (
4955 IN USHORT CompressionFormatAndEngine
,
4956 OUT PULONG CompressBufferWorkSpaceSize
,
4957 OUT PULONG CompressFragmentWorkSpaceSize
4963 RtlGetDaclSecurityDescriptor (
4964 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
4965 OUT PBOOLEAN DaclPresent
,
4967 OUT PBOOLEAN DaclDefaulted
4973 RtlGetGroupSecurityDescriptor (
4974 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
4976 OUT PBOOLEAN GroupDefaulted
4982 RtlGetOwnerSecurityDescriptor (
4983 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
4985 OUT PBOOLEAN OwnerDefaulted
4993 IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority
,
4994 IN UCHAR SubAuthorityCount
5000 RtlIsNameLegalDOS8Dot3(
5001 IN PCUNICODE_STRING Name
,
5002 IN OUT POEM_STRING OemName OPTIONAL
,
5003 IN OUT PBOOLEAN NameContainsSpaces OPTIONAL
5009 RtlLengthRequiredSid (
5010 IN ULONG SubAuthorityCount
5023 RtlNtStatusToDosError (
5030 RtlxUnicodeStringToOemSize(
5031 PCUNICODE_STRING UnicodeString
5037 RtlxOemStringToUnicodeSize(
5038 PCOEM_STRING OemString
5041 #define RtlOemStringToUnicodeSize(STRING) ( \
5042 NLS_MB_OEM_CODE_PAGE_TAG ? \
5043 RtlxOemStringToUnicodeSize(STRING) : \
5044 ((STRING)->Length + sizeof(ANSI_NULL)) * sizeof(WCHAR) \
5047 #define RtlOemStringToCountedUnicodeSize(STRING) ( \
5048 (ULONG)(RtlOemStringToUnicodeSize(STRING) - sizeof(UNICODE_NULL)) \
5055 RtlOemStringToUnicodeString(
5056 IN OUT PUNICODE_STRING DestinationString
,
5057 IN PCOEM_STRING SourceString
,
5058 IN BOOLEAN AllocateDestinationString
5064 RtlUnicodeStringToOemString(
5065 IN OUT POEM_STRING DestinationString
,
5066 IN PCUNICODE_STRING SourceString
,
5067 IN BOOLEAN AllocateDestinationString
5073 RtlOemStringToCountedUnicodeString(
5074 IN OUT PUNICODE_STRING DestinationString
,
5075 IN PCOEM_STRING SourceString
,
5076 IN BOOLEAN AllocateDestinationString
5082 RtlUnicodeStringToCountedOemString(
5083 IN OUT POEM_STRING DestinationString
,
5084 IN PCUNICODE_STRING SourceString
,
5085 IN BOOLEAN AllocateDestinationString
5092 IN USHORT CompressionFormat
,
5093 IN OUT PUCHAR
*CompressedBuffer
,
5094 IN PUCHAR EndOfCompressedBufferPlus1
,
5095 OUT PUCHAR
*ChunkBuffer
,
5102 RtlSecondsSince1970ToTime (
5103 IN ULONG SecondsSince1970
,
5104 OUT PLARGE_INTEGER Time
5110 RtlSetGroupSecurityDescriptor (
5111 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
5113 IN BOOLEAN GroupDefaulted
5119 RtlSetOwnerSecurityDescriptor (
5120 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
5122 IN BOOLEAN OwnerDefaulted
5128 RtlSetSaclSecurityDescriptor (
5129 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
5130 IN BOOLEAN SaclPresent
,
5132 IN BOOLEAN SaclDefaulted
5138 RtlSubAuthorityCountSid (
5145 RtlSubAuthoritySid (
5147 IN ULONG SubAuthority
5153 RtlUnicodeStringToCountedOemString (
5154 IN OUT POEM_STRING DestinationString
,
5155 IN PCUNICODE_STRING SourceString
,
5156 IN BOOLEAN AllocateDestinationString
5162 RtlUnicodeToMultiByteN(
5163 OUT PCHAR MultiByteString
,
5164 IN ULONG MaxBytesInMultiByteString
,
5165 OUT PULONG BytesInMultiByteString OPTIONAL
,
5166 IN PWCH UnicodeString
,
5167 IN ULONG BytesInUnicodeString
5174 OUT PWSTR UnicodeString
,
5175 IN ULONG MaxBytesInUnicodeString
,
5176 OUT PULONG BytesInUnicodeString OPTIONAL
,
5178 IN ULONG BytesInOemString
5181 /* RTL Splay Tree Functions */
5185 RtlSplay(PRTL_SPLAY_LINKS Links
);
5190 RtlDelete(PRTL_SPLAY_LINKS Links
);
5196 PRTL_SPLAY_LINKS Links
,
5197 PRTL_SPLAY_LINKS
*Root
5203 RtlSubtreeSuccessor(PRTL_SPLAY_LINKS Links
);
5208 RtlSubtreePredecessor(PRTL_SPLAY_LINKS Links
);
5213 RtlRealSuccessor(PRTL_SPLAY_LINKS Links
);
5218 RtlRealPredecessor(PRTL_SPLAY_LINKS Links
);
5220 #define RtlIsLeftChild(Links) \
5221 (RtlLeftChild(RtlParent(Links)) == (PRTL_SPLAY_LINKS)(Links))
5223 #define RtlIsRightChild(Links) \
5224 (RtlRightChild(RtlParent(Links)) == (PRTL_SPLAY_LINKS)(Links))
5226 #define RtlRightChild(Links) \
5227 ((PRTL_SPLAY_LINKS)(Links))->RightChild
5229 #define RtlIsRoot(Links) \
5230 (RtlParent(Links) == (PRTL_SPLAY_LINKS)(Links))
5232 #define RtlLeftChild(Links) \
5233 ((PRTL_SPLAY_LINKS)(Links))->LeftChild
5235 #define RtlParent(Links) \
5236 ((PRTL_SPLAY_LINKS)(Links))->Parent
5238 #define RtlInitializeSplayLinks(Links) \
5240 PRTL_SPLAY_LINKS _SplayLinks; \
5241 _SplayLinks = (PRTL_SPLAY_LINKS)(Links); \
5242 _SplayLinks->Parent = _SplayLinks; \
5243 _SplayLinks->LeftChild = NULL; \
5244 _SplayLinks->RightChild = NULL; \
5247 #define RtlInsertAsLeftChild(ParentLinks,ChildLinks) \
5249 PRTL_SPLAY_LINKS _SplayParent; \
5250 PRTL_SPLAY_LINKS _SplayChild; \
5251 _SplayParent = (PRTL_SPLAY_LINKS)(ParentLinks); \
5252 _SplayChild = (PRTL_SPLAY_LINKS)(ChildLinks); \
5253 _SplayParent->LeftChild = _SplayChild; \
5254 _SplayChild->Parent = _SplayParent; \
5257 #define RtlInsertAsRightChild(ParentLinks,ChildLinks) \
5259 PRTL_SPLAY_LINKS _SplayParent; \
5260 PRTL_SPLAY_LINKS _SplayChild; \
5261 _SplayParent = (PRTL_SPLAY_LINKS)(ParentLinks); \
5262 _SplayChild = (PRTL_SPLAY_LINKS)(ChildLinks); \
5263 _SplayParent->RightChild = _SplayChild; \
5264 _SplayChild->Parent = _SplayParent; \
5275 // RTL time functions
5281 RtlTimeToSecondsSince1980 (
5282 PLARGE_INTEGER Time
,
5283 PULONG ElapsedSeconds
5289 RtlSecondsSince1980ToTime (
5290 ULONG ElapsedSeconds
,
5297 RtlTimeToSecondsSince1970 (
5298 PLARGE_INTEGER Time
,
5299 PULONG ElapsedSeconds
5305 RtlSecondsSince1970ToTime (
5306 ULONG ElapsedSeconds
,
5313 SeAppendPrivileges (
5314 PACCESS_STATE AccessState
,
5315 PPRIVILEGE_SET Privileges
5321 SeAuditingFileEvents (
5322 IN BOOLEAN AccessGranted
,
5323 IN PSECURITY_DESCRIPTOR SecurityDescriptor
5329 SeAuditingFileOrGlobalEvents (
5330 IN BOOLEAN AccessGranted
,
5331 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5332 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
5338 SeCaptureSubjectContext (
5339 OUT PSECURITY_SUBJECT_CONTEXT SubjectContext
5345 SeCreateClientSecurity (
5347 IN PSECURITY_QUALITY_OF_SERVICE QualityOfService
,
5348 IN BOOLEAN RemoteClient
,
5349 OUT PSECURITY_CLIENT_CONTEXT ClientContext
5352 #if (VER_PRODUCTBUILD >= 2195)
5357 SeCreateClientSecurityFromSubjectContext (
5358 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
,
5359 IN PSECURITY_QUALITY_OF_SERVICE QualityOfService
,
5360 IN BOOLEAN ServerIsRemote
,
5361 OUT PSECURITY_CLIENT_CONTEXT ClientContext
5364 #endif /* (VER_PRODUCTBUILD >= 2195) */
5367 #define SeLengthSid( Sid ) \
5368 (8 + (4 * ((SID *)Sid)->SubAuthorityCount))
5370 #define SeDeleteClientSecurity(C) { \
5371 if (SeTokenType((C)->ClientToken) == TokenPrimary) { \
5372 PsDereferencePrimaryToken( (C)->ClientToken ); \
5374 PsDereferenceImpersonationToken( (C)->ClientToken ); \
5381 SeDeleteObjectAuditAlarm (
5386 #define SeEnableAccessToExports() SeExports = *(PSE_EXPORTS *)SeExports;
5392 IN PPRIVILEGE_SET Privileges
5398 SeImpersonateClient (
5399 IN PSECURITY_CLIENT_CONTEXT ClientContext
,
5400 IN PETHREAD ServerThread OPTIONAL
5403 #if (VER_PRODUCTBUILD >= 2195)
5408 SeImpersonateClientEx (
5409 IN PSECURITY_CLIENT_CONTEXT ClientContext
,
5410 IN PETHREAD ServerThread OPTIONAL
5413 #endif /* (VER_PRODUCTBUILD >= 2195) */
5418 SeLockSubjectContext (
5419 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
5425 SeMarkLogonSessionForTerminationNotification (
5432 SeOpenObjectAuditAlarm (
5433 IN PUNICODE_STRING ObjectTypeName
,
5434 IN PVOID Object OPTIONAL
,
5435 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL
,
5436 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5437 IN PACCESS_STATE AccessState
,
5438 IN BOOLEAN ObjectCreated
,
5439 IN BOOLEAN AccessGranted
,
5440 IN KPROCESSOR_MODE AccessMode
,
5441 OUT PBOOLEAN GenerateOnClose
5447 SeOpenObjectForDeleteAuditAlarm (
5448 IN PUNICODE_STRING ObjectTypeName
,
5449 IN PVOID Object OPTIONAL
,
5450 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL
,
5451 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5452 IN PACCESS_STATE AccessState
,
5453 IN BOOLEAN ObjectCreated
,
5454 IN BOOLEAN AccessGranted
,
5455 IN KPROCESSOR_MODE AccessMode
,
5456 OUT PBOOLEAN GenerateOnClose
5463 IN OUT PPRIVILEGE_SET RequiredPrivileges
,
5464 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
,
5465 IN KPROCESSOR_MODE AccessMode
5471 SeQueryAuthenticationIdToken (
5472 IN PACCESS_TOKEN Token
,
5476 #if (VER_PRODUCTBUILD >= 2195)
5481 SeQueryInformationToken (
5482 IN PACCESS_TOKEN Token
,
5483 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
5484 OUT PVOID
*TokenInformation
5487 #endif /* (VER_PRODUCTBUILD >= 2195) */
5492 SeQuerySecurityDescriptorInfo (
5493 IN PSECURITY_INFORMATION SecurityInformation
,
5494 OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
5495 IN OUT PULONG Length
,
5496 IN PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
5499 #if (VER_PRODUCTBUILD >= 2195)
5504 SeQuerySessionIdToken (
5505 IN PACCESS_TOKEN Token
,
5509 #endif /* (VER_PRODUCTBUILD >= 2195) */
5511 #define SeQuerySubjectContextToken( SubjectContext ) \
5512 ( ARGUMENT_PRESENT( \
5513 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken \
5515 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken : \
5516 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->PrimaryToken )
5518 typedef NTSTATUS (*PSE_LOGON_SESSION_TERMINATED_ROUTINE
) (
5525 SeRegisterLogonSessionTerminatedRoutine (
5526 IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
5532 SeReleaseSubjectContext (
5533 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
5539 SeSetAccessStateGenericMapping (
5540 PACCESS_STATE AccessState
,
5541 PGENERIC_MAPPING GenericMapping
5547 SeSetSecurityDescriptorInfo (
5548 IN PVOID Object OPTIONAL
,
5549 IN PSECURITY_INFORMATION SecurityInformation
,
5550 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5551 IN OUT PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
,
5552 IN POOL_TYPE PoolType
,
5553 IN PGENERIC_MAPPING GenericMapping
5556 #if (VER_PRODUCTBUILD >= 2195)
5561 SeSetSecurityDescriptorInfoEx (
5562 IN PVOID Object OPTIONAL
,
5563 IN PSECURITY_INFORMATION SecurityInformation
,
5564 IN PSECURITY_DESCRIPTOR ModificationDescriptor
,
5565 IN OUT PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
,
5566 IN ULONG AutoInheritFlags
,
5567 IN POOL_TYPE PoolType
,
5568 IN PGENERIC_MAPPING GenericMapping
5575 IN PACCESS_TOKEN Token
5581 SeTokenIsRestricted (
5582 IN PACCESS_TOKEN Token
5588 SeLocateProcessImageName(
5589 IN PEPROCESS Process
,
5590 OUT PUNICODE_STRING
*pImageFileName
5593 #endif /* (VER_PRODUCTBUILD >= 2195) */
5599 IN PACCESS_TOKEN Token
5605 SeUnlockSubjectContext (
5606 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
5612 SeUnregisterLogonSessionTerminatedRoutine (
5613 IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
5616 #if (VER_PRODUCTBUILD >= 2195)
5621 ZwAdjustPrivilegesToken (
5622 IN HANDLE TokenHandle
,
5623 IN BOOLEAN DisableAllPrivileges
,
5624 IN PTOKEN_PRIVILEGES NewState
,
5625 IN ULONG BufferLength
,
5626 OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL
,
5627 OUT PULONG ReturnLength
5630 #endif /* (VER_PRODUCTBUILD >= 2195) */
5636 IN HANDLE ThreadHandle
5642 ZwAllocateVirtualMemory (
5643 IN HANDLE ProcessHandle
,
5644 IN OUT PVOID
*BaseAddress
,
5645 IN ULONG_PTR ZeroBits
,
5646 IN OUT PSIZE_T RegionSize
,
5647 IN ULONG AllocationType
,
5653 NtAccessCheckByTypeAndAuditAlarm(
5654 IN PUNICODE_STRING SubsystemName
,
5656 IN PUNICODE_STRING ObjectTypeName
,
5657 IN PUNICODE_STRING ObjectName
,
5658 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5659 IN PSID PrincipalSelfSid
,
5660 IN ACCESS_MASK DesiredAccess
,
5661 IN AUDIT_EVENT_TYPE AuditType
,
5663 IN POBJECT_TYPE_LIST ObjectTypeList
,
5664 IN ULONG ObjectTypeLength
,
5665 IN PGENERIC_MAPPING GenericMapping
,
5666 IN BOOLEAN ObjectCreation
,
5667 OUT PACCESS_MASK GrantedAccess
,
5668 OUT PNTSTATUS AccessStatus
,
5669 OUT PBOOLEAN GenerateOnClose
5674 NtAccessCheckByTypeResultListAndAuditAlarm(
5675 IN PUNICODE_STRING SubsystemName
,
5677 IN PUNICODE_STRING ObjectTypeName
,
5678 IN PUNICODE_STRING ObjectName
,
5679 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5680 IN PSID PrincipalSelfSid
,
5681 IN ACCESS_MASK DesiredAccess
,
5682 IN AUDIT_EVENT_TYPE AuditType
,
5684 IN POBJECT_TYPE_LIST ObjectTypeList
,
5685 IN ULONG ObjectTypeLength
,
5686 IN PGENERIC_MAPPING GenericMapping
,
5687 IN BOOLEAN ObjectCreation
,
5688 OUT PACCESS_MASK GrantedAccess
,
5689 OUT PNTSTATUS AccessStatus
,
5690 OUT PBOOLEAN GenerateOnClose
5695 NtAccessCheckByTypeResultListAndAuditAlarmByHandle(
5696 IN PUNICODE_STRING SubsystemName
,
5698 IN HANDLE ClientToken
,
5699 IN PUNICODE_STRING ObjectTypeName
,
5700 IN PUNICODE_STRING ObjectName
,
5701 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5702 IN PSID PrincipalSelfSid
,
5703 IN ACCESS_MASK DesiredAccess
,
5704 IN AUDIT_EVENT_TYPE AuditType
,
5706 IN POBJECT_TYPE_LIST ObjectTypeList
,
5707 IN ULONG ObjectTypeLength
,
5708 IN PGENERIC_MAPPING GenericMapping
,
5709 IN BOOLEAN ObjectCreation
,
5710 OUT PACCESS_MASK GrantedAccess
,
5711 OUT PNTSTATUS AccessStatus
,
5712 OUT PBOOLEAN GenerateOnClose
5718 ZwAccessCheckAndAuditAlarm (
5719 IN PUNICODE_STRING SubsystemName
,
5721 IN PUNICODE_STRING ObjectTypeName
,
5722 IN PUNICODE_STRING ObjectName
,
5723 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5724 IN ACCESS_MASK DesiredAccess
,
5725 IN PGENERIC_MAPPING GenericMapping
,
5726 IN BOOLEAN ObjectCreation
,
5727 OUT PACCESS_MASK GrantedAccess
,
5728 OUT PBOOLEAN AccessStatus
,
5729 OUT PBOOLEAN GenerateOnClose
5732 #if (VER_PRODUCTBUILD >= 2195)
5738 IN HANDLE FileHandle
,
5739 OUT PIO_STATUS_BLOCK IoStatusBlock
5742 #endif /* (VER_PRODUCTBUILD >= 2195) */
5748 IN HANDLE EventHandle
5754 ZwCloseObjectAuditAlarm (
5755 IN PUNICODE_STRING SubsystemName
,
5757 IN BOOLEAN GenerateOnClose
5764 OUT PHANDLE SectionHandle
,
5765 IN ACCESS_MASK DesiredAccess
,
5766 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
5767 IN PLARGE_INTEGER MaximumSize OPTIONAL
,
5768 IN ULONG SectionPageProtection
,
5769 IN ULONG AllocationAttributes
,
5770 IN HANDLE FileHandle OPTIONAL
5776 ZwCreateSymbolicLinkObject (
5777 OUT PHANDLE SymbolicLinkHandle
,
5778 IN ACCESS_MASK DesiredAccess
,
5779 IN POBJECT_ATTRIBUTES ObjectAttributes
,
5780 IN PUNICODE_STRING TargetName
5787 IN POBJECT_ATTRIBUTES ObjectAttributes
5795 IN PUNICODE_STRING Name
5801 ZwDeviceIoControlFile (
5802 IN HANDLE FileHandle
,
5803 IN HANDLE Event OPTIONAL
,
5804 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
5805 IN PVOID ApcContext OPTIONAL
,
5806 OUT PIO_STATUS_BLOCK IoStatusBlock
,
5807 IN ULONG IoControlCode
,
5808 IN PVOID InputBuffer OPTIONAL
,
5809 IN ULONG InputBufferLength
,
5810 OUT PVOID OutputBuffer OPTIONAL
,
5811 IN ULONG OutputBufferLength
5818 IN PUNICODE_STRING String
5825 IN HANDLE SourceProcessHandle
,
5826 IN HANDLE SourceHandle
,
5827 IN HANDLE TargetProcessHandle OPTIONAL
,
5828 OUT PHANDLE TargetHandle OPTIONAL
,
5829 IN ACCESS_MASK DesiredAccess
,
5830 IN ULONG HandleAttributes
,
5838 IN HANDLE ExistingTokenHandle
,
5839 IN ACCESS_MASK DesiredAccess
,
5840 IN POBJECT_ATTRIBUTES ObjectAttributes
,
5841 IN BOOLEAN EffectiveOnly
,
5842 IN TOKEN_TYPE TokenType
,
5843 OUT PHANDLE NewTokenHandle
5849 IN HANDLE ExistingTokenHandle
,
5851 IN PTOKEN_GROUPS SidsToDisable OPTIONAL
,
5852 IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL
,
5853 IN PTOKEN_GROUPS RestrictedSids OPTIONAL
,
5854 OUT PHANDLE NewTokenHandle
5860 ZwFlushInstructionCache (
5861 IN HANDLE ProcessHandle
,
5862 IN PVOID BaseAddress OPTIONAL
,
5870 IN HANDLE FileHandle
,
5871 OUT PIO_STATUS_BLOCK IoStatusBlock
5874 #if (VER_PRODUCTBUILD >= 2195)
5879 ZwFlushVirtualMemory (
5880 IN HANDLE ProcessHandle
,
5881 IN OUT PVOID
*BaseAddress
,
5882 IN OUT PULONG FlushSize
,
5883 OUT PIO_STATUS_BLOCK IoStatusBlock
5886 #endif /* (VER_PRODUCTBUILD >= 2195) */
5891 ZwFreeVirtualMemory (
5892 IN HANDLE ProcessHandle
,
5893 IN OUT PVOID
*BaseAddress
,
5894 IN OUT PSIZE_T RegionSize
,
5902 IN HANDLE FileHandle
,
5903 IN HANDLE Event OPTIONAL
,
5904 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
5905 IN PVOID ApcContext OPTIONAL
,
5906 OUT PIO_STATUS_BLOCK IoStatusBlock
,
5907 IN ULONG FsControlCode
,
5908 IN PVOID InputBuffer OPTIONAL
,
5909 IN ULONG InputBufferLength
,
5910 OUT PVOID OutputBuffer OPTIONAL
,
5911 IN ULONG OutputBufferLength
5914 #if (VER_PRODUCTBUILD >= 2195)
5919 ZwInitiatePowerAction (
5920 IN POWER_ACTION SystemAction
,
5921 IN SYSTEM_POWER_STATE MinSystemState
,
5923 IN BOOLEAN Asynchronous
5926 #endif /* (VER_PRODUCTBUILD >= 2195) */
5932 /* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" */
5933 IN PUNICODE_STRING RegistryPath
5940 IN POBJECT_ATTRIBUTES KeyObjectAttributes
,
5941 IN POBJECT_ATTRIBUTES FileObjectAttributes
5948 IN HANDLE KeyHandle
,
5949 IN HANDLE EventHandle OPTIONAL
,
5950 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
5951 IN PVOID ApcContext OPTIONAL
,
5952 OUT PIO_STATUS_BLOCK IoStatusBlock
,
5953 IN ULONG NotifyFilter
,
5954 IN BOOLEAN WatchSubtree
,
5956 IN ULONG BufferLength
,
5957 IN BOOLEAN Asynchronous
5963 ZwOpenDirectoryObject (
5964 OUT PHANDLE DirectoryHandle
,
5965 IN ACCESS_MASK DesiredAccess
,
5966 IN POBJECT_ATTRIBUTES ObjectAttributes
5973 OUT PHANDLE EventHandle
,
5974 IN ACCESS_MASK DesiredAccess
,
5975 IN POBJECT_ATTRIBUTES ObjectAttributes
5982 OUT PHANDLE ProcessHandle
,
5983 IN ACCESS_MASK DesiredAccess
,
5984 IN POBJECT_ATTRIBUTES ObjectAttributes
,
5985 IN PCLIENT_ID ClientId OPTIONAL
5991 ZwOpenProcessToken (
5992 IN HANDLE ProcessHandle
,
5993 IN ACCESS_MASK DesiredAccess
,
5994 OUT PHANDLE TokenHandle
6001 OUT PHANDLE ThreadHandle
,
6002 IN ACCESS_MASK DesiredAccess
,
6003 IN POBJECT_ATTRIBUTES ObjectAttributes
,
6004 IN PCLIENT_ID ClientId
6011 IN HANDLE ThreadHandle
,
6012 IN ACCESS_MASK DesiredAccess
,
6013 IN BOOLEAN OpenAsSelf
,
6014 OUT PHANDLE TokenHandle
6017 #if (VER_PRODUCTBUILD >= 2195)
6022 ZwPowerInformation (
6023 IN POWER_INFORMATION_LEVEL PowerInformationLevel
,
6024 IN PVOID InputBuffer OPTIONAL
,
6025 IN ULONG InputBufferLength
,
6026 OUT PVOID OutputBuffer OPTIONAL
,
6027 IN ULONG OutputBufferLength
6030 #endif /* (VER_PRODUCTBUILD >= 2195) */
6036 IN HANDLE EventHandle
,
6037 OUT PLONG PreviousState OPTIONAL
6043 ZwQueryDefaultLocale (
6044 IN BOOLEAN ThreadOrSystem
,
6051 ZwQueryDirectoryFile (
6052 IN HANDLE FileHandle
,
6053 IN HANDLE Event OPTIONAL
,
6054 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
6055 IN PVOID ApcContext OPTIONAL
,
6056 OUT PIO_STATUS_BLOCK IoStatusBlock
,
6057 OUT PVOID FileInformation
,
6059 IN FILE_INFORMATION_CLASS FileInformationClass
,
6060 IN BOOLEAN ReturnSingleEntry
,
6061 IN PUNICODE_STRING FileName OPTIONAL
,
6062 IN BOOLEAN RestartScan
6065 #if (VER_PRODUCTBUILD >= 2195)
6070 ZwQueryDirectoryObject (
6071 IN HANDLE DirectoryHandle
,
6074 IN BOOLEAN ReturnSingleEntry
,
6075 IN BOOLEAN RestartScan
,
6076 IN OUT PULONG Context
,
6077 OUT PULONG ReturnLength OPTIONAL
6084 IN HANDLE FileHandle
,
6085 OUT PIO_STATUS_BLOCK IoStatusBlock
,
6088 IN BOOLEAN ReturnSingleEntry
,
6089 IN PVOID EaList OPTIONAL
,
6090 IN ULONG EaListLength
,
6091 IN PULONG EaIndex OPTIONAL
,
6092 IN BOOLEAN RestartScan
6095 #endif /* (VER_PRODUCTBUILD >= 2195) */
6100 ZwQueryInformationProcess (
6101 IN HANDLE ProcessHandle
,
6102 IN PROCESSINFOCLASS ProcessInformationClass
,
6103 OUT PVOID ProcessInformation
,
6104 IN ULONG ProcessInformationLength
,
6105 OUT PULONG ReturnLength OPTIONAL
6111 ZwQueryInformationToken (
6112 IN HANDLE TokenHandle
,
6113 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
6114 OUT PVOID TokenInformation
,
6116 OUT PULONG ResultLength
6122 ZwQuerySecurityObject (
6123 IN HANDLE FileHandle
,
6124 IN SECURITY_INFORMATION SecurityInformation
,
6125 OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
6127 OUT PULONG ResultLength
6133 ZwQueryVolumeInformationFile (
6134 IN HANDLE FileHandle
,
6135 OUT PIO_STATUS_BLOCK IoStatusBlock
,
6136 OUT PVOID FsInformation
,
6138 IN FS_INFORMATION_CLASS FsInformationClass
6145 IN POBJECT_ATTRIBUTES NewFileObjectAttributes
,
6146 IN HANDLE KeyHandle
,
6147 IN POBJECT_ATTRIBUTES OldFileObjectAttributes
6154 IN HANDLE EventHandle
,
6155 OUT PLONG PreviousState OPTIONAL
6158 #if (VER_PRODUCTBUILD >= 2195)
6164 IN HANDLE KeyHandle
,
6165 IN HANDLE FileHandle
,
6169 #endif /* (VER_PRODUCTBUILD >= 2195) */
6175 IN HANDLE KeyHandle
,
6176 IN HANDLE FileHandle
6182 ZwSetDefaultLocale (
6183 IN BOOLEAN ThreadOrSystem
,
6187 #if (VER_PRODUCTBUILD >= 2195)
6192 ZwSetDefaultUILanguage (
6193 IN LANGID LanguageId
6200 IN HANDLE FileHandle
,
6201 OUT PIO_STATUS_BLOCK IoStatusBlock
,
6206 #endif /* (VER_PRODUCTBUILD >= 2195) */
6212 IN HANDLE EventHandle
,
6213 OUT PLONG PreviousState OPTIONAL
6219 ZwSetInformationProcess (
6220 IN HANDLE ProcessHandle
,
6221 IN PROCESSINFOCLASS ProcessInformationClass
,
6222 IN PVOID ProcessInformation
,
6223 IN ULONG ProcessInformationLength
6226 #if (VER_PRODUCTBUILD >= 2195)
6231 ZwSetSecurityObject (
6233 IN SECURITY_INFORMATION SecurityInformation
,
6234 IN PSECURITY_DESCRIPTOR SecurityDescriptor
6237 #endif /* (VER_PRODUCTBUILD >= 2195) */
6243 IN PLARGE_INTEGER NewTime
,
6244 OUT PLARGE_INTEGER OldTime OPTIONAL
6247 #if (VER_PRODUCTBUILD >= 2195)
6252 ZwSetVolumeInformationFile (
6253 IN HANDLE FileHandle
,
6254 OUT PIO_STATUS_BLOCK IoStatusBlock
,
6255 IN PVOID FsInformation
,
6257 IN FS_INFORMATION_CLASS FsInformationClass
6260 #endif /* (VER_PRODUCTBUILD >= 2195) */
6265 ZwTerminateProcess (
6266 IN HANDLE ProcessHandle OPTIONAL
,
6267 IN NTSTATUS ExitStatus
6274 /* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" */
6275 IN PUNICODE_STRING RegistryPath
6282 IN POBJECT_ATTRIBUTES KeyObjectAttributes
6288 ZwWaitForSingleObject (
6290 IN BOOLEAN Alertable
,
6291 IN PLARGE_INTEGER Timeout OPTIONAL
6297 ZwWaitForMultipleObjects (
6298 IN ULONG HandleCount
,
6300 IN WAIT_TYPE WaitType
,
6301 IN BOOLEAN Alertable
,
6302 IN PLARGE_INTEGER Timeout OPTIONAL
6318 #endif /* _NTIFS_ */
projects / reactos.git / blob