projects / reactos.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
- Add CcFastMdlReadWait extern to ntifs.h
[reactos.git] / reactos / include / ddk / ntifs.h
1 /*
2 * ntifs.h
3 *
4 * Windows NT Filesystem Driver Developer Kit
5 *
6 * This file is part of the w32api package.
7 *
8 * Contributors:
9 * Created by Bo Brantén <bosse@acc.umu.se>
10 *
11 * THIS SOFTWARE IS NOT COPYRIGHTED
12 *
13 * This source code is offered for use in the public domain. You may
14 * use, modify or distribute it freely.
15 *
16 * This code is distributed in the hope that it will be useful but
17 * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
18 * DISCLAIMED. This includes but is not limited to warranties of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
20 *
21 */
22
23 #ifndef _NTIFS_
24 #define _NTIFS_
25 #define _GNU_NTIFS_
26
27 #if __GNUC__ >= 3
28 #pragma GCC system_header
29 #endif
30
31 #ifdef _NTOSKRNL_
32 /* HACKHACKHACK!!! We shouldn't include this header from ntoskrnl! */
33 #define NTKERNELAPI
34 #else
35 #define NTKERNELAPI DECLSPEC_IMPORT
36 #endif
37
38 #include "ntddk.h"
39
40 #define _NTIFS_INCLUDED_
41 #ifdef __cplusplus
42 extern "C" {
43 #endif
44
45 #pragma pack(push,4)
46
47 #define VER_PRODUCTBUILD 10000
48
49 #ifndef NTSYSAPI
50 #define NTSYSAPI
51 #endif
52
53 #include "csq.h"
54
55 typedef struct _SE_EXPORTS *PSE_EXPORTS;
56
57 #ifdef _NTOSKRNL_
58 extern PUCHAR FsRtlLegalAnsiCharacterArray;
59 #else
60 extern DECLSPEC_IMPORT PUCHAR FsRtlLegalAnsiCharacterArray;
61 #endif
62 extern PSE_EXPORTS SeExports;
63 extern PACL SePublicDefaultDacl;
64 extern PACL SeSystemDefaultDacl;
65
66 extern KSPIN_LOCK IoStatisticsLock;
67 extern ULONG IoReadOperationCount;
68 extern ULONG IoWriteOperationCount;
69 extern ULONG IoOtherOperationCount;
70 extern LARGE_INTEGER IoReadTransferCount;
71 extern LARGE_INTEGER IoWriteTransferCount;
72 extern LARGE_INTEGER IoOtherTransferCount;
73
74 typedef STRING LSA_STRING, *PLSA_STRING;
75 typedef ULONG LSA_OPERATIONAL_MODE, *PLSA_OPERATIONAL_MODE;
76
77 typedef enum _SECURITY_LOGON_TYPE
78 {
79 UndefinedLogonType = 0,
80 Interactive = 2,
81 Network,
82 Batch,
83 Service,
84 Proxy,
85 Unlock,
86 NetworkCleartext,
87 NewCredentials,
88 #if (_WIN32_WINNT >= 0x0501)
89 RemoteInteractive,
90 CachedInteractive,
91 #endif
92 #if (_WIN32_WINNT >= 0x0502)
93 CachedRemoteInteractive,
94 CachedUnlock
95 #endif
96 } SECURITY_LOGON_TYPE, *PSECURITY_LOGON_TYPE;
97
98 #define ANSI_DOS_STAR ('<')
99 #define ANSI_DOS_QM ('>')
100 #define ANSI_DOS_DOT ('"')
101
102 #define DOS_STAR (L'<')
103 #define DOS_QM (L'>')
104 #define DOS_DOT (L'"')
105
106 /* also in winnt.h */
107 #define ACCESS_MIN_MS_ACE_TYPE (0x0)
108 #define ACCESS_ALLOWED_ACE_TYPE (0x0)
109 #define ACCESS_DENIED_ACE_TYPE (0x1)
110 #define SYSTEM_AUDIT_ACE_TYPE (0x2)
111 #define SYSTEM_ALARM_ACE_TYPE (0x3)
112 #define ACCESS_MAX_MS_V2_ACE_TYPE (0x3)
113 #define ACCESS_ALLOWED_COMPOUND_ACE_TYPE (0x4)
114 #define ACCESS_MAX_MS_V3_ACE_TYPE (0x4)
115 #define ACCESS_MIN_MS_OBJECT_ACE_TYPE (0x5)
116 #define ACCESS_ALLOWED_OBJECT_ACE_TYPE (0x5)
117 #define ACCESS_DENIED_OBJECT_ACE_TYPE (0x6)
118 #define SYSTEM_AUDIT_OBJECT_ACE_TYPE (0x7)
119 #define SYSTEM_ALARM_OBJECT_ACE_TYPE (0x8)
120 #define ACCESS_MAX_MS_OBJECT_ACE_TYPE (0x8)
121 #define ACCESS_MAX_MS_V4_ACE_TYPE (0x8)
122 #define ACCESS_MAX_MS_ACE_TYPE (0x8)
123 #define ACCESS_ALLOWED_CALLBACK_ACE_TYPE (0x9)
124 #define ACCESS_DENIED_CALLBACK_ACE_TYPE (0xA)
125 #define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE (0xB)
126 #define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE (0xC)
127 #define SYSTEM_AUDIT_CALLBACK_ACE_TYPE (0xD)
128 #define SYSTEM_ALARM_CALLBACK_ACE_TYPE (0xE)
129 #define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE (0xF)
130 #define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE (0x10)
131 #define ACCESS_MAX_MS_V5_ACE_TYPE (0x10)
132
133 #define COMPRESSION_FORMAT_NONE (0x0000)
134 #define COMPRESSION_FORMAT_DEFAULT (0x0001)
135 #define COMPRESSION_FORMAT_LZNT1 (0x0002)
136 #define COMPRESSION_ENGINE_STANDARD (0x0000)
137 #define COMPRESSION_ENGINE_MAXIMUM (0x0100)
138 #define COMPRESSION_ENGINE_HIBER (0x0200)
139
140 #define FILE_ACTION_ADDED 0x00000001
141 #define FILE_ACTION_REMOVED 0x00000002
142 #define FILE_ACTION_MODIFIED 0x00000003
143 #define FILE_ACTION_RENAMED_OLD_NAME 0x00000004
144 #define FILE_ACTION_RENAMED_NEW_NAME 0x00000005
145 #define FILE_ACTION_ADDED_STREAM 0x00000006
146 #define FILE_ACTION_REMOVED_STREAM 0x00000007
147 #define FILE_ACTION_MODIFIED_STREAM 0x00000008
148 #define FILE_ACTION_REMOVED_BY_DELETE 0x00000009
149 #define FILE_ACTION_ID_NOT_TUNNELLED 0x0000000A
150 #define FILE_ACTION_TUNNELLED_ID_COLLISION 0x0000000B
151 /* end winnt.h */
152
153 #define FILE_EA_TYPE_BINARY 0xfffe
154 #define FILE_EA_TYPE_ASCII 0xfffd
155 #define FILE_EA_TYPE_BITMAP 0xfffb
156 #define FILE_EA_TYPE_METAFILE 0xfffa
157 #define FILE_EA_TYPE_ICON 0xfff9
158 #define FILE_EA_TYPE_EA 0xffee
159 #define FILE_EA_TYPE_MVMT 0xffdf
160 #define FILE_EA_TYPE_MVST 0xffde
161 #define FILE_EA_TYPE_ASN1 0xffdd
162 #define FILE_EA_TYPE_FAMILY_IDS 0xff01
163
164 #define FILE_NEED_EA 0x00000080
165
166 /* also in winnt.h */
167 #define FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001
168 #define FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002
169 #define FILE_NOTIFY_CHANGE_NAME 0x00000003
170 #define FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004
171 #define FILE_NOTIFY_CHANGE_SIZE 0x00000008
172 #define FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010
173 #define FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020
174 #define FILE_NOTIFY_CHANGE_CREATION 0x00000040
175 #define FILE_NOTIFY_CHANGE_EA 0x00000080
176 #define FILE_NOTIFY_CHANGE_SECURITY 0x00000100
177 #define FILE_NOTIFY_CHANGE_STREAM_NAME 0x00000200
178 #define FILE_NOTIFY_CHANGE_STREAM_SIZE 0x00000400
179 #define FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800
180 #define FILE_NOTIFY_VALID_MASK 0x00000fff
181 /* end winnt.h */
182
183 #define FILE_OPLOCK_BROKEN_TO_LEVEL_2 0x00000007
184 #define FILE_OPLOCK_BROKEN_TO_NONE 0x00000008
185
186 #define FILE_OPBATCH_BREAK_UNDERWAY 0x00000009
187
188 #define FILE_CASE_SENSITIVE_SEARCH 0x00000001
189 #define FILE_CASE_PRESERVED_NAMES 0x00000002
190 #define FILE_UNICODE_ON_DISK 0x00000004
191 #define FILE_PERSISTENT_ACLS 0x00000008
192 #define FILE_FILE_COMPRESSION 0x00000010
193 #define FILE_VOLUME_QUOTAS 0x00000020
194 #define FILE_SUPPORTS_SPARSE_FILES 0x00000040
195 #define FILE_SUPPORTS_REPARSE_POINTS 0x00000080
196 #define FILE_SUPPORTS_REMOTE_STORAGE 0x00000100
197 #define FS_LFN_APIS 0x00004000
198 #define FILE_VOLUME_IS_COMPRESSED 0x00008000
199 #define FILE_SUPPORTS_OBJECT_IDS 0x00010000
200 #define FILE_SUPPORTS_ENCRYPTION 0x00020000
201 #define FILE_NAMED_STREAMS 0x00040000
202
203 #define FILE_PIPE_BYTE_STREAM_TYPE 0x00000000
204 #define FILE_PIPE_MESSAGE_TYPE 0x00000001
205
206 #define FILE_PIPE_BYTE_STREAM_MODE 0x00000000
207 #define FILE_PIPE_MESSAGE_MODE 0x00000001
208
209 #define FILE_PIPE_QUEUE_OPERATION 0x00000000
210 #define FILE_PIPE_COMPLETE_OPERATION 0x00000001
211
212 #define FILE_PIPE_INBOUND 0x00000000
213 #define FILE_PIPE_OUTBOUND 0x00000001
214 #define FILE_PIPE_FULL_DUPLEX 0x00000002
215
216 #define FILE_PIPE_DISCONNECTED_STATE 0x00000001
217 #define FILE_PIPE_LISTENING_STATE 0x00000002
218 #define FILE_PIPE_CONNECTED_STATE 0x00000003
219 #define FILE_PIPE_CLOSING_STATE 0x00000004
220
221 #define FILE_PIPE_CLIENT_END 0x00000000
222 #define FILE_PIPE_SERVER_END 0x00000001
223
224 #define FILE_PIPE_READ_DATA 0x00000000
225 #define FILE_PIPE_WRITE_SPACE 0x00000001
226
227 #define FILE_STORAGE_TYPE_SPECIFIED 0x00000041 /* FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE */
228 #define FILE_STORAGE_TYPE_DEFAULT (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT)
229 #define FILE_STORAGE_TYPE_DIRECTORY (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT)
230 #define FILE_STORAGE_TYPE_FILE (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT)
231 #define FILE_STORAGE_TYPE_DOCFILE (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT)
232 #define FILE_STORAGE_TYPE_JUNCTION_POINT (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT)
233 #define FILE_STORAGE_TYPE_CATALOG (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT)
234 #define FILE_STORAGE_TYPE_STRUCTURED_STORAGE (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT)
235 #define FILE_STORAGE_TYPE_EMBEDDING (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT)
236 #define FILE_STORAGE_TYPE_STREAM (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT)
237 #define FILE_MINIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_DEFAULT
238 #define FILE_MAXIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_STREAM
239 #define FILE_STORAGE_TYPE_MASK 0x000f0000
240 #define FILE_STORAGE_TYPE_SHIFT 16
241
242 #define FILE_VC_QUOTA_NONE 0x00000000
243 #define FILE_VC_QUOTA_TRACK 0x00000001
244 #define FILE_VC_QUOTA_ENFORCE 0x00000002
245 #define FILE_VC_QUOTA_MASK 0x00000003
246
247 #define FILE_VC_QUOTAS_LOG_VIOLATIONS 0x00000004
248 #define FILE_VC_CONTENT_INDEX_DISABLED 0x00000008
249
250 #define FILE_VC_LOG_QUOTA_THRESHOLD 0x00000010
251 #define FILE_VC_LOG_QUOTA_LIMIT 0x00000020
252 #define FILE_VC_LOG_VOLUME_THRESHOLD 0x00000040
253 #define FILE_VC_LOG_VOLUME_LIMIT 0x00000080
254
255 #define FILE_VC_QUOTAS_INCOMPLETE 0x00000100
256 #define FILE_VC_QUOTAS_REBUILDING 0x00000200
257
258 #define FILE_VC_VALID_MASK 0x000003ff
259
260 #define FSRTL_FLAG_FILE_MODIFIED (0x01)
261 #define FSRTL_FLAG_FILE_LENGTH_CHANGED (0x02)
262 #define FSRTL_FLAG_LIMIT_MODIFIED_PAGES (0x04)
263 #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_EX (0x08)
264 #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_SH (0x10)
265 #define FSRTL_FLAG_USER_MAPPED_FILE (0x20)
266 #define FSRTL_FLAG_EOF_ADVANCE_ACTIVE (0x80)
267
268 #define FSRTL_FLAG2_DO_MODIFIED_WRITE (0x01)
269
270 #define FSRTL_FSP_TOP_LEVEL_IRP (0x01)
271 #define FSRTL_CACHE_TOP_LEVEL_IRP (0x02)
272 #define FSRTL_MOD_WRITE_TOP_LEVEL_IRP (0x03)
273 #define FSRTL_FAST_IO_TOP_LEVEL_IRP (0x04)
274 #define FSRTL_MAX_TOP_LEVEL_IRP_FLAG (0x04)
275
276 #define FSRTL_VOLUME_DISMOUNT 1
277 #define FSRTL_VOLUME_DISMOUNT_FAILED 2
278 #define FSRTL_VOLUME_LOCK 3
279 #define FSRTL_VOLUME_LOCK_FAILED 4
280 #define FSRTL_VOLUME_UNLOCK 5
281 #define FSRTL_VOLUME_MOUNT 6
282
283 #define FSRTL_WILD_CHARACTER 0x08
284
285 #define FSRTL_FAT_LEGAL 0x01
286 #define FSRTL_HPFS_LEGAL 0x02
287 #define FSRTL_NTFS_LEGAL 0x04
288 #define FSRTL_WILD_CHARACTER 0x08
289 #define FSRTL_OLE_LEGAL 0x10
290 #define FSRTL_NTFS_STREAM_LEGAL 0x14
291
292 #ifdef _X86_
293 #define HARDWARE_PTE HARDWARE_PTE_X86
294 #define PHARDWARE_PTE PHARDWARE_PTE_X86
295 #else
296 #define HARDWARE_PTE ULONG
297 #define PHARDWARE_PTE PULONG
298 #endif
299
300 #define IO_CHECK_CREATE_PARAMETERS 0x0200
301 #define IO_ATTACH_DEVICE 0x0400
302
303 #define IO_ATTACH_DEVICE_API 0x80000000
304
305 #define IO_FILE_OBJECT_NON_PAGED_POOL_CHARGE 64
306 #define IO_FILE_OBJECT_PAGED_POOL_CHARGE 1024
307
308 #define IO_TYPE_APC 18
309 #define IO_TYPE_DPC 19
310 #define IO_TYPE_DEVICE_QUEUE 20
311 #define IO_TYPE_EVENT_PAIR 21
312 #define IO_TYPE_INTERRUPT 22
313 #define IO_TYPE_PROFILE 23
314
315 #define IRP_BEING_VERIFIED 0x10
316
317 #define MAILSLOT_CLASS_FIRSTCLASS 1
318 #define MAILSLOT_CLASS_SECONDCLASS 2
319
320 #define MAILSLOT_SIZE_AUTO 0
321
322 #define MAP_PROCESS 1L
323 #define MAP_SYSTEM 2L
324 #define MEM_DOS_LIM 0x40000000
325
326 #define OB_TYPE_TYPE 1
327 #define OB_TYPE_DIRECTORY 2
328 #define OB_TYPE_SYMBOLIC_LINK 3
329 #define OB_TYPE_TOKEN 4
330 #define OB_TYPE_PROCESS 5
331 #define OB_TYPE_THREAD 6
332 #define OB_TYPE_EVENT 7
333 #define OB_TYPE_EVENT_PAIR 8
334 #define OB_TYPE_MUTANT 9
335 #define OB_TYPE_SEMAPHORE 10
336 #define OB_TYPE_TIMER 11
337 #define OB_TYPE_PROFILE 12
338 #define OB_TYPE_WINDOW_STATION 13
339 #define OB_TYPE_DESKTOP 14
340 #define OB_TYPE_SECTION 15
341 #define OB_TYPE_KEY 16
342 #define OB_TYPE_PORT 17
343 #define OB_TYPE_ADAPTER 18
344 #define OB_TYPE_CONTROLLER 19
345 #define OB_TYPE_DEVICE 20
346 #define OB_TYPE_DRIVER 21
347 #define OB_TYPE_IO_COMPLETION 22
348 #define OB_TYPE_FILE 23
349
350 #define PIN_WAIT (1)
351 #define PIN_EXCLUSIVE (2)
352 #define PIN_NO_READ (4)
353 #define PIN_IF_BCB (8)
354
355 #define RTL_DUPLICATE_UNICODE_STRING_NULL_TERMINATE 1
356 #define RTL_DUPLICATE_UNICODE_STRING_ALLOCATE_NULL_STRING 2
357
358 #define SEC_BASED 0x00200000
359
360 #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
361 #define SECURITY_WORLD_RID (0x00000000L)
362
363 #define SID_REVISION 1
364 #define SID_MAX_SUB_AUTHORITIES 15
365 #define SID_RECOMMENDED_SUB_AUTHORITIES 1
366
367 #define TOKEN_ASSIGN_PRIMARY (0x0001)
368 #define TOKEN_DUPLICATE (0x0002)
369 #define TOKEN_IMPERSONATE (0x0004)
370 #define TOKEN_QUERY (0x0008)
371 #define TOKEN_QUERY_SOURCE (0x0010)
372 #define TOKEN_ADJUST_PRIVILEGES (0x0020)
373 #define TOKEN_ADJUST_GROUPS (0x0040)
374 #define TOKEN_ADJUST_DEFAULT (0x0080)
375 #define TOKEN_ADJUST_SESSIONID (0x0100)
376
377 #define TOKEN_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED |\
378 TOKEN_ASSIGN_PRIMARY |\
379 TOKEN_DUPLICATE |\
380 TOKEN_IMPERSONATE |\
381 TOKEN_QUERY |\
382 TOKEN_QUERY_SOURCE |\
383 TOKEN_ADJUST_PRIVILEGES |\
384 TOKEN_ADJUST_GROUPS |\
385 TOKEN_ADJUST_DEFAULT |\
386 TOKEN_ADJUST_SESSIONID)
387
388 #define TOKEN_READ (STANDARD_RIGHTS_READ |\
389 TOKEN_QUERY)
390
391 #define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\
392 TOKEN_ADJUST_PRIVILEGES |\
393 TOKEN_ADJUST_GROUPS |\
394 TOKEN_ADJUST_DEFAULT)
395
396 #define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE)
397
398 #define TOKEN_SOURCE_LENGTH 8
399 /* end winnt.h */
400
401 #define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x01
402 #define TOKEN_HAS_BACKUP_PRIVILEGE 0x02
403 #define TOKEN_HAS_RESTORE_PRIVILEGE 0x04
404 #define TOKEN_HAS_ADMIN_GROUP 0x08
405 #define TOKEN_WRITE_RESTRICTED 0x08
406 #define TOKEN_IS_RESTRICTED 0x10
407
408 #define VACB_MAPPING_GRANULARITY (0x40000)
409 #define VACB_OFFSET_SHIFT (18)
410
411 #define SE_OWNER_DEFAULTED 0x0001
412 #define SE_GROUP_DEFAULTED 0x0002
413 #define SE_DACL_PRESENT 0x0004
414 #define SE_DACL_DEFAULTED 0x0008
415 #define SE_SACL_PRESENT 0x0010
416 #define SE_SACL_DEFAULTED 0x0020
417 #define SE_DACL_UNTRUSTED 0x0040
418 #define SE_SERVER_SECURITY 0x0080
419 #define SE_DACL_AUTO_INHERIT_REQ 0x0100
420 #define SE_SACL_AUTO_INHERIT_REQ 0x0200
421 #define SE_DACL_AUTO_INHERITED 0x0400
422 #define SE_SACL_AUTO_INHERITED 0x0800
423 #define SE_DACL_PROTECTED 0x1000
424 #define SE_SACL_PROTECTED 0x2000
425 #define SE_RM_CONTROL_VALID 0x4000
426 #define SE_SELF_RELATIVE 0x8000
427
428 #ifndef _WINNT_H
429 #define _AUDIT_EVENT_TYPE_HACK 0
430 #endif
431 #if (_AUDIT_EVENT_TYPE_HACK == 1)
432
433 #else
434 typedef enum _AUDIT_EVENT_TYPE
435 {
436 AuditEventObjectAccess,
437 AuditEventDirectoryServiceAccess
438 } AUDIT_EVENT_TYPE, *PAUDIT_EVENT_TYPE;
439 #endif
440
441 #define AUDIT_ALLOW_NO_PRIVILEGE 0x1
442
443 #define FSCTL_REQUEST_OPLOCK_LEVEL_1 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
444 #define FSCTL_REQUEST_OPLOCK_LEVEL_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
445 #define FSCTL_REQUEST_BATCH_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
446 #define FSCTL_OPLOCK_BREAK_ACKNOWLEDGE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 3, METHOD_BUFFERED, FILE_ANY_ACCESS)
447 #define FSCTL_OPBATCH_ACK_CLOSE_PENDING CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
448 #define FSCTL_OPLOCK_BREAK_NOTIFY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 5, METHOD_BUFFERED, FILE_ANY_ACCESS)
449 #define FSCTL_LOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
450 #define FSCTL_UNLOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
451 #define FSCTL_DISMOUNT_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
452
453 #define FSCTL_IS_VOLUME_MOUNTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 10, METHOD_BUFFERED, FILE_ANY_ACCESS)
454 #define FSCTL_IS_PATHNAME_VALID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 11, METHOD_BUFFERED, FILE_ANY_ACCESS)
455 #define FSCTL_MARK_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 12, METHOD_BUFFERED, FILE_ANY_ACCESS)
456
457 #define FSCTL_QUERY_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 14, METHOD_NEITHER, FILE_ANY_ACCESS)
458 #define FSCTL_GET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 15, METHOD_BUFFERED, FILE_ANY_ACCESS)
459 #define FSCTL_SET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 16, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
460
461
462 #define FSCTL_MARK_AS_SYSTEM_HIVE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 19, METHOD_NEITHER, FILE_ANY_ACCESS)
463 #define FSCTL_OPLOCK_BREAK_ACK_NO_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 20, METHOD_BUFFERED, FILE_ANY_ACCESS)
464 #define FSCTL_INVALIDATE_VOLUMES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 21, METHOD_BUFFERED, FILE_ANY_ACCESS)
465 #define FSCTL_QUERY_FAT_BPB CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 22, METHOD_BUFFERED, FILE_ANY_ACCESS)
466 #define FSCTL_REQUEST_FILTER_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 23, METHOD_BUFFERED, FILE_ANY_ACCESS)
467 #define FSCTL_FILESYSTEM_GET_STATISTICS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 24, METHOD_BUFFERED, FILE_ANY_ACCESS)
468
469 #if (VER_PRODUCTBUILD >= 1381)
470
471 #define FSCTL_GET_NTFS_VOLUME_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 25, METHOD_BUFFERED, FILE_ANY_ACCESS)
472 #define FSCTL_GET_NTFS_FILE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 26, METHOD_BUFFERED, FILE_ANY_ACCESS)
473 #define FSCTL_GET_VOLUME_BITMAP CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 27, METHOD_NEITHER, FILE_ANY_ACCESS)
474 #define FSCTL_GET_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 28, METHOD_NEITHER, FILE_ANY_ACCESS)
475 #define FSCTL_MOVE_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 29, METHOD_BUFFERED, FILE_ANY_ACCESS)
476 #define FSCTL_IS_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 30, METHOD_BUFFERED, FILE_ANY_ACCESS)
477 #define FSCTL_GET_HFS_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS)
478 #define FSCTL_ALLOW_EXTENDED_DASD_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 32, METHOD_NEITHER, FILE_ANY_ACCESS)
479
480 #endif /* (VER_PRODUCTBUILD >= 1381) */
481
482 #if (VER_PRODUCTBUILD >= 2195)
483
484 #define FSCTL_READ_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS)
485 #define FSCTL_WRITE_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS)
486 #define FSCTL_FIND_FILES_BY_SID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 35, METHOD_NEITHER, FILE_ANY_ACCESS)
487
488 #define FSCTL_DUMP_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS)
489 #define FSCTL_SET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 38, METHOD_BUFFERED, FILE_WRITE_DATA)
490 #define FSCTL_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 39, METHOD_BUFFERED, FILE_ANY_ACCESS)
491 #define FSCTL_DELETE_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 40, METHOD_BUFFERED, FILE_WRITE_DATA)
492 #define FSCTL_SET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 41, METHOD_BUFFERED, FILE_WRITE_DATA)
493 #define FSCTL_GET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 42, METHOD_BUFFERED, FILE_ANY_ACCESS)
494 #define FSCTL_DELETE_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 43, METHOD_BUFFERED, FILE_WRITE_DATA)
495 #define FSCTL_ENUM_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 44, METHOD_NEITHER, FILE_READ_DATA)
496 #define FSCTL_SECURITY_ID_CHECK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 45, METHOD_NEITHER, FILE_READ_DATA)
497 #define FSCTL_READ_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 46, METHOD_NEITHER, FILE_READ_DATA)
498 #define FSCTL_SET_OBJECT_ID_EXTENDED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 47, METHOD_BUFFERED, FILE_WRITE_DATA)
499 #define FSCTL_CREATE_OR_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 48, METHOD_BUFFERED, FILE_ANY_ACCESS)
500 #define FSCTL_SET_SPARSE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 49, METHOD_BUFFERED, FILE_WRITE_DATA)
501 #define FSCTL_SET_ZERO_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 50, METHOD_BUFFERED, FILE_WRITE_DATA)
502 #define FSCTL_QUERY_ALLOCATED_RANGES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 51, METHOD_NEITHER, FILE_READ_DATA)
503 #define FSCTL_ENABLE_UPGRADE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 52, METHOD_BUFFERED, FILE_WRITE_DATA)
504 #define FSCTL_SET_ENCRYPTION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 53, METHOD_BUFFERED, FILE_ANY_ACCESS)
505 #define FSCTL_ENCRYPTION_FSCTL_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 54, METHOD_NEITHER, FILE_ANY_ACCESS)
506 #define FSCTL_WRITE_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 55, METHOD_NEITHER, FILE_ANY_ACCESS)
507 #define FSCTL_READ_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 56, METHOD_NEITHER, FILE_ANY_ACCESS)
508 #define FSCTL_CREATE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 57, METHOD_NEITHER, FILE_READ_DATA)
509 #define FSCTL_READ_FILE_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 58, METHOD_NEITHER, FILE_READ_DATA)
510 #define FSCTL_WRITE_USN_CLOSE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 59, METHOD_NEITHER, FILE_READ_DATA)
511 #define FSCTL_EXTEND_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 60, METHOD_BUFFERED, FILE_ANY_ACCESS)
512 #define FSCTL_QUERY_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 61, METHOD_BUFFERED, FILE_ANY_ACCESS)
513 #define FSCTL_DELETE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 62, METHOD_BUFFERED, FILE_ANY_ACCESS)
514 #define FSCTL_MARK_HANDLE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 63, METHOD_BUFFERED, FILE_ANY_ACCESS)
515 #define FSCTL_SIS_COPYFILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 64, METHOD_BUFFERED, FILE_ANY_ACCESS)
516 #define FSCTL_SIS_LINK_FILES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 65, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
517 #define FSCTL_HSM_MSG CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
518 #define FSCTL_NSS_CONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 67, METHOD_BUFFERED, FILE_WRITE_DATA)
519 #define FSCTL_HSM_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
520 #define FSCTL_RECALL_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 69, METHOD_NEITHER, FILE_ANY_ACCESS)
521 #define FSCTL_NSS_RCONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 70, METHOD_BUFFERED, FILE_READ_DATA)
522 #define FSCTL_READ_FROM_PLEX CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 71, METHOD_OUT_DIRECT, FILE_READ_DATA)
523 #define FSCTL_FILE_PREFETCH CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 72, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
524
525 #endif /* (VER_PRODUCTBUILD >= 2195) */
526
527 #define FSCTL_MAILSLOT_PEEK CTL_CODE(FILE_DEVICE_MAILSLOT, 0, METHOD_NEITHER, FILE_READ_DATA)
528
529 #define FSCTL_NETWORK_SET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
530 #define FSCTL_NETWORK_GET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
531 #define FSCTL_NETWORK_GET_CONNECTION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS)
532 #define FSCTL_NETWORK_ENUMERATE_CONNECTIONS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS)
533 #define FSCTL_NETWORK_DELETE_CONNECTION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS)
534 #define FSCTL_NETWORK_GET_STATISTICS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 116, METHOD_BUFFERED, FILE_ANY_ACCESS)
535 #define FSCTL_NETWORK_SET_DOMAIN_NAME CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS)
536 #define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS)
537
538 #define FSCTL_PIPE_ASSIGN_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
539 #define FSCTL_PIPE_DISCONNECT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
540 #define FSCTL_PIPE_LISTEN CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
541 #define FSCTL_PIPE_PEEK CTL_CODE(FILE_DEVICE_NAMED_PIPE, 3, METHOD_BUFFERED, FILE_READ_DATA)
542 #define FSCTL_PIPE_QUERY_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
543 #define FSCTL_PIPE_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 5, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
544 #define FSCTL_PIPE_WAIT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
545 #define FSCTL_PIPE_IMPERSONATE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
546 #define FSCTL_PIPE_SET_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
547 #define FSCTL_PIPE_QUERY_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 9, METHOD_BUFFERED, FILE_ANY_ACCESS)
548 #define FSCTL_PIPE_INTERNAL_READ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2045, METHOD_BUFFERED, FILE_READ_DATA)
549 #define FSCTL_PIPE_INTERNAL_WRITE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2046, METHOD_BUFFERED, FILE_WRITE_DATA)
550 #define FSCTL_PIPE_INTERNAL_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2047, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
551 #define FSCTL_PIPE_INTERNAL_READ_OVFLOW CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2048, METHOD_BUFFERED, FILE_READ_DATA)
552
553 #define IOCTL_REDIR_QUERY_PATH CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS)
554
555 typedef PVOID OPLOCK, *POPLOCK;
556
557 typedef struct _CACHE_MANAGER_CALLBACKS *PCACHE_MANAGER_CALLBACKS;
558 typedef struct _FILE_GET_QUOTA_INFORMATION *PFILE_GET_QUOTA_INFORMATION;
559 typedef struct _HANDLE_TABLE *PHANDLE_TABLE;
560 typedef struct _KPROCESS *PKPROCESS;
561 typedef struct _KQUEUE *PKQUEUE;
562 typedef struct _KTRAP_FRAME *PKTRAP_FRAME;
563 typedef struct _OBJECT_DIRECTORY *POBJECT_DIRECTORY;
564 typedef struct _SHARED_CACHE_MAP *PSHARED_CACHE_MAP;
565 typedef struct _VACB *PVACB;
566 typedef struct _VAD_HEADER *PVAD_HEADER;
567
568 typedef ULONG LBN;
569 typedef LBN *PLBN;
570
571 typedef ULONG VBN;
572 typedef VBN *PVBN;
573
574 typedef struct _NOTIFY_SYNC
575 {
576 ULONG Unknown0;
577 ULONG Unknown1;
578 ULONG Unknown2;
579 USHORT Unknown3;
580 USHORT Unknown4;
581 ULONG Unknown5;
582 ULONG Unknown6;
583 ULONG Unknown7;
584 ULONG Unknown8;
585 ULONG Unknown9;
586 ULONG Unknown10;
587 } NOTIFY_SYNC, * PNOTIFY_SYNC;
588
589 typedef enum _FAST_IO_POSSIBLE {
590 FastIoIsNotPossible,
591 FastIoIsPossible,
592 FastIoIsQuestionable
593 } FAST_IO_POSSIBLE;
594
595 typedef enum _FILE_STORAGE_TYPE {
596 StorageTypeDefault = 1,
597 StorageTypeDirectory,
598 StorageTypeFile,
599 StorageTypeJunctionPoint,
600 StorageTypeCatalog,
601 StorageTypeStructuredStorage,
602 StorageTypeEmbedding,
603 StorageTypeStream
604 } FILE_STORAGE_TYPE;
605
606 typedef enum _OBJECT_INFO_CLASS {
607 ObjectBasicInfo,
608 ObjectNameInfo,
609 ObjectTypeInfo,
610 ObjectAllTypesInfo,
611 ObjectProtectionInfo
612 } OBJECT_INFO_CLASS;
613
614 typedef struct _KAPC_STATE {
615 LIST_ENTRY ApcListHead[2];
616 PKPROCESS Process;
617 BOOLEAN KernelApcInProgress;
618 BOOLEAN KernelApcPending;
619 BOOLEAN UserApcPending;
620 } KAPC_STATE, *PKAPC_STATE, *RESTRICTED_POINTER PRKAPC_STATE;
621
622 typedef struct _BITMAP_RANGE {
623 LIST_ENTRY Links;
624 LARGE_INTEGER BasePage;
625 ULONG FirstDirtyPage;
626 ULONG LastDirtyPage;
627 ULONG DirtyPages;
628 PULONG Bitmap;
629 } BITMAP_RANGE, *PBITMAP_RANGE;
630
631 typedef struct _CACHE_UNINITIALIZE_EVENT {
632 struct _CACHE_UNINITIALIZE_EVENT *Next;
633 KEVENT Event;
634 } CACHE_UNINITIALIZE_EVENT, *PCACHE_UNINITIALIZE_EVENT;
635
636 typedef struct _CC_FILE_SIZES {
637 LARGE_INTEGER AllocationSize;
638 LARGE_INTEGER FileSize;
639 LARGE_INTEGER ValidDataLength;
640 } CC_FILE_SIZES, *PCC_FILE_SIZES;
641
642 typedef struct _COMPRESSED_DATA_INFO {
643 USHORT CompressionFormatAndEngine;
644 UCHAR CompressionUnitShift;
645 UCHAR ChunkShift;
646 UCHAR ClusterShift;
647 UCHAR Reserved;
648 USHORT NumberOfChunks;
649 ULONG CompressedChunkSizes[ANYSIZE_ARRAY];
650 } COMPRESSED_DATA_INFO, *PCOMPRESSED_DATA_INFO;
651
652 typedef struct _SID_IDENTIFIER_AUTHORITY {
653 BYTE Value[6];
654 } SID_IDENTIFIER_AUTHORITY,*PSID_IDENTIFIER_AUTHORITY,*LPSID_IDENTIFIER_AUTHORITY;
655 typedef PVOID PSID;
656 typedef struct _SID {
657 BYTE Revision;
658 BYTE SubAuthorityCount;
659 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
660 DWORD SubAuthority[ANYSIZE_ARRAY];
661 } SID, *PISID;
662 typedef struct _SID_AND_ATTRIBUTES {
663 PSID Sid;
664 DWORD Attributes;
665 } SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES;
666 typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
667 typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY;
668 typedef struct _TOKEN_SOURCE {
669 CHAR SourceName[TOKEN_SOURCE_LENGTH];
670 LUID SourceIdentifier;
671 } TOKEN_SOURCE,*PTOKEN_SOURCE;
672 typedef struct _TOKEN_CONTROL {
673 LUID TokenId;
674 LUID AuthenticationId;
675 LUID ModifiedId;
676 TOKEN_SOURCE TokenSource;
677 } TOKEN_CONTROL,*PTOKEN_CONTROL;
678 typedef struct _TOKEN_DEFAULT_DACL {
679 PACL DefaultDacl;
680 } TOKEN_DEFAULT_DACL,*PTOKEN_DEFAULT_DACL;
681 typedef struct _TOKEN_GROUPS {
682 DWORD GroupCount;
683 SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
684 } TOKEN_GROUPS,*PTOKEN_GROUPS,*LPTOKEN_GROUPS;
685 typedef struct _TOKEN_GROUPS_AND_PRIVILEGES {
686 ULONG SidCount;
687 ULONG SidLength;
688 PSID_AND_ATTRIBUTES Sids;
689 ULONG RestrictedSidCount;
690 ULONG RestrictedSidLength;
691 PSID_AND_ATTRIBUTES RestrictedSids;
692 ULONG PrivilegeCount;
693 ULONG PrivilegeLength;
694 PLUID_AND_ATTRIBUTES Privileges;
695 LUID AuthenticationId;
696 } TOKEN_GROUPS_AND_PRIVILEGES, *PTOKEN_GROUPS_AND_PRIVILEGES;
697 typedef struct _TOKEN_ORIGIN {
698 LUID OriginatingLogonSession;
699 } TOKEN_ORIGIN, *PTOKEN_ORIGIN;
700 typedef struct _TOKEN_OWNER {
701 PSID Owner;
702 } TOKEN_OWNER,*PTOKEN_OWNER;
703 typedef struct _TOKEN_PRIMARY_GROUP {
704 PSID PrimaryGroup;
705 } TOKEN_PRIMARY_GROUP,*PTOKEN_PRIMARY_GROUP;
706 typedef struct _TOKEN_PRIVILEGES {
707 DWORD PrivilegeCount;
708 LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
709 } TOKEN_PRIVILEGES,*PTOKEN_PRIVILEGES,*LPTOKEN_PRIVILEGES;
710 typedef enum tagTOKEN_TYPE {
711 TokenPrimary = 1,
712 TokenImpersonation
713 } TOKEN_TYPE,*PTOKEN_TYPE;
714 typedef struct _TOKEN_STATISTICS {
715 LUID TokenId;
716 LUID AuthenticationId;
717 LARGE_INTEGER ExpirationTime;
718 TOKEN_TYPE TokenType;
719 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
720 DWORD DynamicCharged;
721 DWORD DynamicAvailable;
722 DWORD GroupCount;
723 DWORD PrivilegeCount;
724 LUID ModifiedId;
725 } TOKEN_STATISTICS, *PTOKEN_STATISTICS;
726 typedef struct _TOKEN_USER {
727 SID_AND_ATTRIBUTES User;
728 } TOKEN_USER, *PTOKEN_USER;
729 typedef DWORD SECURITY_INFORMATION,*PSECURITY_INFORMATION;
730 typedef WORD SECURITY_DESCRIPTOR_CONTROL,*PSECURITY_DESCRIPTOR_CONTROL;
731 typedef struct _SECURITY_DESCRIPTOR {
732 BYTE Revision;
733 BYTE Sbz1;
734 SECURITY_DESCRIPTOR_CONTROL Control;
735 PSID Owner;
736 PSID Group;
737 PACL Sacl;
738 PACL Dacl;
739 } SECURITY_DESCRIPTOR, *PISECURITY_DESCRIPTOR;
740 typedef struct _SECURITY_DESCRIPTOR_RELATIVE {
741 BYTE Revision;
742 BYTE Sbz1;
743 SECURITY_DESCRIPTOR_CONTROL Control;
744 DWORD Owner;
745 DWORD Group;
746 DWORD Sacl;
747 DWORD Dacl;
748 } SECURITY_DESCRIPTOR_RELATIVE, *PISECURITY_DESCRIPTOR_RELATIVE;
749 typedef enum _TOKEN_INFORMATION_CLASS {
750 TokenUser=1,TokenGroups,TokenPrivileges,TokenOwner,
751 TokenPrimaryGroup,TokenDefaultDacl,TokenSource,TokenType,
752 TokenImpersonationLevel,TokenStatistics,TokenRestrictedSids,
753 TokenSessionId,TokenGroupsAndPrivileges,TokenSessionReference,
754 TokenSandBoxInert,TokenAuditPolicy,TokenOrigin,
755 } TOKEN_INFORMATION_CLASS;
756
757 typedef struct _FILE_ACCESS_INFORMATION {
758 ACCESS_MASK AccessFlags;
759 } FILE_ACCESS_INFORMATION, *PFILE_ACCESS_INFORMATION;
760
761 typedef struct _FILE_ALLOCATION_INFORMATION {
762 LARGE_INTEGER AllocationSize;
763 } FILE_ALLOCATION_INFORMATION, *PFILE_ALLOCATION_INFORMATION;
764
765 typedef struct _FILE_BOTH_DIR_INFORMATION {
766 ULONG NextEntryOffset;
767 ULONG FileIndex;
768 LARGE_INTEGER CreationTime;
769 LARGE_INTEGER LastAccessTime;
770 LARGE_INTEGER LastWriteTime;
771 LARGE_INTEGER ChangeTime;
772 LARGE_INTEGER EndOfFile;
773 LARGE_INTEGER AllocationSize;
774 ULONG FileAttributes;
775 ULONG FileNameLength;
776 ULONG EaSize;
777 CCHAR ShortNameLength;
778 WCHAR ShortName[12];
779 WCHAR FileName[1];
780 } FILE_BOTH_DIR_INFORMATION, *PFILE_BOTH_DIR_INFORMATION;
781
782 typedef struct _FILE_COMPLETION_INFORMATION {
783 HANDLE Port;
784 PVOID Key;
785 } FILE_COMPLETION_INFORMATION, *PFILE_COMPLETION_INFORMATION;
786
787 typedef struct _FILE_COMPRESSION_INFORMATION {
788 LARGE_INTEGER CompressedFileSize;
789 USHORT CompressionFormat;
790 UCHAR CompressionUnitShift;
791 UCHAR ChunkShift;
792 UCHAR ClusterShift;
793 UCHAR Reserved[3];
794 } FILE_COMPRESSION_INFORMATION, *PFILE_COMPRESSION_INFORMATION;
795
796 typedef struct _FILE_COPY_ON_WRITE_INFORMATION {
797 BOOLEAN ReplaceIfExists;
798 HANDLE RootDirectory;
799 ULONG FileNameLength;
800 WCHAR FileName[1];
801 } FILE_COPY_ON_WRITE_INFORMATION, *PFILE_COPY_ON_WRITE_INFORMATION;
802
803 typedef struct _FILE_DIRECTORY_INFORMATION {
804 ULONG NextEntryOffset;
805 ULONG FileIndex;
806 LARGE_INTEGER CreationTime;
807 LARGE_INTEGER LastAccessTime;
808 LARGE_INTEGER LastWriteTime;
809 LARGE_INTEGER ChangeTime;
810 LARGE_INTEGER EndOfFile;
811 LARGE_INTEGER AllocationSize;
812 ULONG FileAttributes;
813 ULONG FileNameLength;
814 WCHAR FileName[1];
815 } FILE_DIRECTORY_INFORMATION, *PFILE_DIRECTORY_INFORMATION;
816
817 typedef struct _FILE_FULL_DIRECTORY_INFORMATION {
818 ULONG NextEntryOffset;
819 ULONG FileIndex;
820 LARGE_INTEGER CreationTime;
821 LARGE_INTEGER LastAccessTime;
822 LARGE_INTEGER LastWriteTime;
823 LARGE_INTEGER ChangeTime;
824 LARGE_INTEGER EndOfFile;
825 LARGE_INTEGER AllocationSize;
826 ULONG FileAttributes;
827 ULONG FileNameLength;
828 ULONG EaSize;
829 WCHAR FileName[0];
830 } FILE_FULL_DIRECTORY_INFORMATION, *PFILE_FULL_DIRECTORY_INFORMATION;
831
832 typedef struct _FILE_BOTH_DIRECTORY_INFORMATION {
833 ULONG NextEntryOffset;
834 ULONG FileIndex;
835 LARGE_INTEGER CreationTime;
836 LARGE_INTEGER LastAccessTime;
837 LARGE_INTEGER LastWriteTime;
838 LARGE_INTEGER ChangeTime;
839 LARGE_INTEGER EndOfFile;
840 LARGE_INTEGER AllocationSize;
841 ULONG FileAttributes;
842 ULONG FileNameLength;
843 ULONG EaSize;
844 CHAR ShortNameLength;
845 WCHAR ShortName[12];
846 WCHAR FileName[0];
847 } FILE_BOTH_DIRECTORY_INFORMATION, *PFILE_BOTH_DIRECTORY_INFORMATION;
848
849 typedef struct _FILE_EA_INFORMATION {
850 ULONG EaSize;
851 } FILE_EA_INFORMATION, *PFILE_EA_INFORMATION;
852
853 typedef struct _FILE_FS_ATTRIBUTE_INFORMATION {
854 ULONG FileSystemAttributes;
855 ULONG MaximumComponentNameLength;
856 ULONG FileSystemNameLength;
857 WCHAR FileSystemName[1];
858 } FILE_FS_ATTRIBUTE_INFORMATION, *PFILE_FS_ATTRIBUTE_INFORMATION;
859
860 typedef struct _FILE_FS_CONTROL_INFORMATION {
861 LARGE_INTEGER FreeSpaceStartFiltering;
862 LARGE_INTEGER FreeSpaceThreshold;
863 LARGE_INTEGER FreeSpaceStopFiltering;
864 LARGE_INTEGER DefaultQuotaThreshold;
865 LARGE_INTEGER DefaultQuotaLimit;
866 ULONG FileSystemControlFlags;
867 } FILE_FS_CONTROL_INFORMATION, *PFILE_FS_CONTROL_INFORMATION;
868
869 typedef struct _FILE_FS_FULL_SIZE_INFORMATION {
870 LARGE_INTEGER TotalAllocationUnits;
871 LARGE_INTEGER CallerAvailableAllocationUnits;
872 LARGE_INTEGER ActualAvailableAllocationUnits;
873 ULONG SectorsPerAllocationUnit;
874 ULONG BytesPerSector;
875 } FILE_FS_FULL_SIZE_INFORMATION, *PFILE_FS_FULL_SIZE_INFORMATION;
876
877 typedef struct _FILE_FS_LABEL_INFORMATION {
878 ULONG VolumeLabelLength;
879 WCHAR VolumeLabel[1];
880 } FILE_FS_LABEL_INFORMATION, *PFILE_FS_LABEL_INFORMATION;
881
882 #if (VER_PRODUCTBUILD >= 2195)
883
884 typedef struct _FILE_FS_OBJECT_ID_INFORMATION {
885 UCHAR ObjectId[16];
886 UCHAR ExtendedInfo[48];
887 } FILE_FS_OBJECT_ID_INFORMATION, *PFILE_FS_OBJECT_ID_INFORMATION;
888
889 #endif /* (VER_PRODUCTBUILD >= 2195) */
890
891 typedef struct _FILE_FS_SIZE_INFORMATION {
892 LARGE_INTEGER TotalAllocationUnits;
893 LARGE_INTEGER AvailableAllocationUnits;
894 ULONG SectorsPerAllocationUnit;
895 ULONG BytesPerSector;
896 } FILE_FS_SIZE_INFORMATION, *PFILE_FS_SIZE_INFORMATION;
897
898 typedef struct _FILE_FS_VOLUME_INFORMATION {
899 LARGE_INTEGER VolumeCreationTime;
900 ULONG VolumeSerialNumber;
901 ULONG VolumeLabelLength;
902 BOOLEAN SupportsObjects;
903 WCHAR VolumeLabel[1];
904 } FILE_FS_VOLUME_INFORMATION, *PFILE_FS_VOLUME_INFORMATION;
905
906 typedef struct _FILE_FULL_DIR_INFORMATION {
907 ULONG NextEntryOffset;
908 ULONG FileIndex;
909 LARGE_INTEGER CreationTime;
910 LARGE_INTEGER LastAccessTime;
911 LARGE_INTEGER LastWriteTime;
912 LARGE_INTEGER ChangeTime;
913 LARGE_INTEGER EndOfFile;
914 LARGE_INTEGER AllocationSize;
915 ULONG FileAttributes;
916 ULONG FileNameLength;
917 ULONG EaSize;
918 WCHAR FileName[1];
919 } FILE_FULL_DIR_INFORMATION, *PFILE_FULL_DIR_INFORMATION;
920
921 typedef struct _FILE_GET_EA_INFORMATION {
922 ULONG NextEntryOffset;
923 UCHAR EaNameLength;
924 CHAR EaName[1];
925 } FILE_GET_EA_INFORMATION, *PFILE_GET_EA_INFORMATION;
926
927 typedef struct _FILE_GET_QUOTA_INFORMATION {
928 ULONG NextEntryOffset;
929 ULONG SidLength;
930 SID Sid;
931 } FILE_GET_QUOTA_INFORMATION, *PFILE_GET_QUOTA_INFORMATION;
932
933 typedef struct _FILE_QUOTA_INFORMATION
934 {
935 ULONG NextEntryOffset;
936 ULONG SidLength;
937 LARGE_INTEGER ChangeTime;
938 LARGE_INTEGER QuotaUsed;
939 LARGE_INTEGER QuotaThreshold;
940 LARGE_INTEGER QuotaLimit;
941 SID Sid;
942 } FILE_QUOTA_INFORMATION, *PFILE_QUOTA_INFORMATION;
943
944 typedef struct _FILE_INTERNAL_INFORMATION {
945 LARGE_INTEGER IndexNumber;
946 } FILE_INTERNAL_INFORMATION, *PFILE_INTERNAL_INFORMATION;
947
948 typedef struct _FILE_LINK_INFORMATION {
949 BOOLEAN ReplaceIfExists;
950 HANDLE RootDirectory;
951 ULONG FileNameLength;
952 WCHAR FileName[1];
953 } FILE_LINK_INFORMATION, *PFILE_LINK_INFORMATION;
954
955 typedef struct _FILE_LOCK_INFO
956 {
957 LARGE_INTEGER StartingByte;
958 LARGE_INTEGER Length;
959 BOOLEAN ExclusiveLock;
960 ULONG Key;
961 PFILE_OBJECT FileObject;
962 PVOID ProcessId;
963 LARGE_INTEGER EndingByte;
964 } FILE_LOCK_INFO, *PFILE_LOCK_INFO;
965
966 /* raw internal file lock struct returned from FsRtlGetNextFileLock */
967 typedef struct _FILE_SHARED_LOCK_ENTRY {
968 PVOID Unknown1;
969 PVOID Unknown2;
970 FILE_LOCK_INFO FileLock;
971 } FILE_SHARED_LOCK_ENTRY, *PFILE_SHARED_LOCK_ENTRY;
972
973 /* raw internal file lock struct returned from FsRtlGetNextFileLock */
974 typedef struct _FILE_EXCLUSIVE_LOCK_ENTRY {
975 LIST_ENTRY ListEntry;
976 PVOID Unknown1;
977 PVOID Unknown2;
978 FILE_LOCK_INFO FileLock;
979 } FILE_EXCLUSIVE_LOCK_ENTRY, *PFILE_EXCLUSIVE_LOCK_ENTRY;
980
981 typedef NTSTATUS (*PCOMPLETE_LOCK_IRP_ROUTINE) (
982 IN PVOID Context,
983 IN PIRP Irp
984 );
985
986 typedef VOID (NTAPI *PUNLOCK_ROUTINE) (
987 IN PVOID Context,
988 IN PFILE_LOCK_INFO FileLockInfo
989 );
990
991 typedef struct _FILE_LOCK {
992 PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine;
993 PUNLOCK_ROUTINE UnlockRoutine;
994 BOOLEAN FastIoIsQuestionable;
995 BOOLEAN Pad[3];
996 PVOID LockInformation;
997 FILE_LOCK_INFO LastReturnedLockInfo;
998 PVOID LastReturnedLock;
999 } FILE_LOCK, *PFILE_LOCK;
1000
1001 typedef struct _FILE_MAILSLOT_PEEK_BUFFER {
1002 ULONG ReadDataAvailable;
1003 ULONG NumberOfMessages;
1004 ULONG MessageLength;
1005 } FILE_MAILSLOT_PEEK_BUFFER, *PFILE_MAILSLOT_PEEK_BUFFER;
1006
1007 typedef struct _FILE_MAILSLOT_QUERY_INFORMATION {
1008 ULONG MaximumMessageSize;
1009 ULONG MailslotQuota;
1010 ULONG NextMessageSize;
1011 ULONG MessagesAvailable;
1012 LARGE_INTEGER ReadTimeout;
1013 } FILE_MAILSLOT_QUERY_INFORMATION, *PFILE_MAILSLOT_QUERY_INFORMATION;
1014
1015 typedef struct _FILE_MAILSLOT_SET_INFORMATION {
1016 PLARGE_INTEGER ReadTimeout;
1017 } FILE_MAILSLOT_SET_INFORMATION, *PFILE_MAILSLOT_SET_INFORMATION;
1018
1019 typedef struct _FILE_MODE_INFORMATION {
1020 ULONG Mode;
1021 } FILE_MODE_INFORMATION, *PFILE_MODE_INFORMATION;
1022
1023 typedef struct _FILE_ALL_INFORMATION {
1024 FILE_BASIC_INFORMATION BasicInformation;
1025 FILE_STANDARD_INFORMATION StandardInformation;
1026 FILE_INTERNAL_INFORMATION InternalInformation;
1027 FILE_EA_INFORMATION EaInformation;
1028 FILE_ACCESS_INFORMATION AccessInformation;
1029 FILE_POSITION_INFORMATION PositionInformation;
1030 FILE_MODE_INFORMATION ModeInformation;
1031 FILE_ALIGNMENT_INFORMATION AlignmentInformation;
1032 FILE_NAME_INFORMATION NameInformation;
1033 } FILE_ALL_INFORMATION, *PFILE_ALL_INFORMATION;
1034
1035 typedef struct _FILE_NAMES_INFORMATION {
1036 ULONG NextEntryOffset;
1037 ULONG FileIndex;
1038 ULONG FileNameLength;
1039 WCHAR FileName[1];
1040 } FILE_NAMES_INFORMATION, *PFILE_NAMES_INFORMATION;
1041
1042 typedef struct _FILE_OBJECTID_INFORMATION {
1043 LONGLONG FileReference;
1044 UCHAR ObjectId[16];
1045 _ANONYMOUS_UNION union {
1046 struct {
1047 UCHAR BirthVolumeId[16];
1048 UCHAR BirthObjectId[16];
1049 UCHAR DomainId[16];
1050 } ;
1051 UCHAR ExtendedInfo[48];
1052 } DUMMYUNIONNAME;
1053 } FILE_OBJECTID_INFORMATION, *PFILE_OBJECTID_INFORMATION;
1054
1055 typedef struct _FILE_OLE_CLASSID_INFORMATION {
1056 GUID ClassId;
1057 } FILE_OLE_CLASSID_INFORMATION, *PFILE_OLE_CLASSID_INFORMATION;
1058
1059 typedef struct _FILE_OLE_ALL_INFORMATION {
1060 FILE_BASIC_INFORMATION BasicInformation;
1061 FILE_STANDARD_INFORMATION StandardInformation;
1062 FILE_INTERNAL_INFORMATION InternalInformation;
1063 FILE_EA_INFORMATION EaInformation;
1064 FILE_ACCESS_INFORMATION AccessInformation;
1065 FILE_POSITION_INFORMATION PositionInformation;
1066 FILE_MODE_INFORMATION ModeInformation;
1067 FILE_ALIGNMENT_INFORMATION AlignmentInformation;
1068 USN LastChangeUsn;
1069 USN ReplicationUsn;
1070 LARGE_INTEGER SecurityChangeTime;
1071 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation;
1072 FILE_OBJECTID_INFORMATION ObjectIdInformation;
1073 FILE_STORAGE_TYPE StorageType;
1074 ULONG OleStateBits;
1075 ULONG OleId;
1076 ULONG NumberOfStreamReferences;
1077 ULONG StreamIndex;
1078 ULONG SecurityId;
1079 BOOLEAN ContentIndexDisable;
1080 BOOLEAN InheritContentIndexDisable;
1081 FILE_NAME_INFORMATION NameInformation;
1082 } FILE_OLE_ALL_INFORMATION, *PFILE_OLE_ALL_INFORMATION;
1083
1084 typedef struct _FILE_OLE_DIR_INFORMATION {
1085 ULONG NextEntryOffset;
1086 ULONG FileIndex;
1087 LARGE_INTEGER CreationTime;
1088 LARGE_INTEGER LastAccessTime;
1089 LARGE_INTEGER LastWriteTime;
1090 LARGE_INTEGER ChangeTime;
1091 LARGE_INTEGER EndOfFile;
1092 LARGE_INTEGER AllocationSize;
1093 ULONG FileAttributes;
1094 ULONG FileNameLength;
1095 FILE_STORAGE_TYPE StorageType;
1096 GUID OleClassId;
1097 ULONG OleStateBits;
1098 BOOLEAN ContentIndexDisable;
1099 BOOLEAN InheritContentIndexDisable;
1100 WCHAR FileName[1];
1101 } FILE_OLE_DIR_INFORMATION, *PFILE_OLE_DIR_INFORMATION;
1102
1103 typedef struct _FILE_OLE_INFORMATION {
1104 LARGE_INTEGER SecurityChangeTime;
1105 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation;
1106 FILE_OBJECTID_INFORMATION ObjectIdInformation;
1107 FILE_STORAGE_TYPE StorageType;
1108 ULONG OleStateBits;
1109 BOOLEAN ContentIndexDisable;
1110 BOOLEAN InheritContentIndexDisable;
1111 } FILE_OLE_INFORMATION, *PFILE_OLE_INFORMATION;
1112
1113 typedef struct _FILE_OLE_STATE_BITS_INFORMATION {
1114 ULONG StateBits;
1115 ULONG StateBitsMask;
1116 } FILE_OLE_STATE_BITS_INFORMATION, *PFILE_OLE_STATE_BITS_INFORMATION;
1117
1118 typedef struct _FILE_PIPE_ASSIGN_EVENT_BUFFER {
1119 HANDLE EventHandle;
1120 ULONG KeyValue;
1121 } FILE_PIPE_ASSIGN_EVENT_BUFFER, *PFILE_PIPE_ASSIGN_EVENT_BUFFER;
1122
1123 typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER {
1124 PVOID ClientSession;
1125 PVOID ClientProcess;
1126 } FILE_PIPE_CLIENT_PROCESS_BUFFER, *PFILE_PIPE_CLIENT_PROCESS_BUFFER;
1127
1128 typedef struct _FILE_PIPE_EVENT_BUFFER {
1129 ULONG NamedPipeState;
1130 ULONG EntryType;
1131 ULONG ByteCount;
1132 ULONG KeyValue;
1133 ULONG NumberRequests;
1134 } FILE_PIPE_EVENT_BUFFER, *PFILE_PIPE_EVENT_BUFFER;
1135
1136 typedef struct _FILE_PIPE_PEEK_BUFFER
1137 {
1138 ULONG NamedPipeState;
1139 ULONG ReadDataAvailable;
1140 ULONG NumberOfMessages;
1141 ULONG MessageLength;
1142 CHAR Data[1];
1143 } FILE_PIPE_PEEK_BUFFER, *PFILE_PIPE_PEEK_BUFFER;
1144
1145 typedef struct _FILE_PIPE_INFORMATION {
1146 ULONG ReadMode;
1147 ULONG CompletionMode;
1148 } FILE_PIPE_INFORMATION, *PFILE_PIPE_INFORMATION;
1149
1150 typedef struct _FILE_PIPE_LOCAL_INFORMATION {
1151 ULONG NamedPipeType;
1152 ULONG NamedPipeConfiguration;
1153 ULONG MaximumInstances;
1154 ULONG CurrentInstances;
1155 ULONG InboundQuota;
1156 ULONG ReadDataAvailable;
1157 ULONG OutboundQuota;
1158 ULONG WriteQuotaAvailable;
1159 ULONG NamedPipeState;
1160 ULONG NamedPipeEnd;
1161 } FILE_PIPE_LOCAL_INFORMATION, *PFILE_PIPE_LOCAL_INFORMATION;
1162
1163 typedef struct _FILE_PIPE_REMOTE_INFORMATION {
1164 LARGE_INTEGER CollectDataTime;
1165 ULONG MaximumCollectionCount;
1166 } FILE_PIPE_REMOTE_INFORMATION, *PFILE_PIPE_REMOTE_INFORMATION;
1167
1168 typedef struct _FILE_PIPE_WAIT_FOR_BUFFER {
1169 LARGE_INTEGER Timeout;
1170 ULONG NameLength;
1171 BOOLEAN TimeoutSpecified;
1172 WCHAR Name[1];
1173 } FILE_PIPE_WAIT_FOR_BUFFER, *PFILE_PIPE_WAIT_FOR_BUFFER;
1174
1175 typedef struct _FILE_RENAME_INFORMATION {
1176 BOOLEAN ReplaceIfExists;
1177 HANDLE RootDirectory;
1178 ULONG FileNameLength;
1179 WCHAR FileName[1];
1180 } FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION;
1181
1182 typedef struct _FILE_STREAM_INFORMATION {
1183 ULONG NextEntryOffset;
1184 ULONG StreamNameLength;
1185 LARGE_INTEGER StreamSize;
1186 LARGE_INTEGER StreamAllocationSize;
1187 WCHAR StreamName[1];
1188 } FILE_STREAM_INFORMATION, *PFILE_STREAM_INFORMATION;
1189
1190 typedef struct _FILE_TRACKING_INFORMATION {
1191 HANDLE DestinationFile;
1192 ULONG ObjectInformationLength;
1193 CHAR ObjectInformation[1];
1194 } FILE_TRACKING_INFORMATION, *PFILE_TRACKING_INFORMATION;
1195
1196 #if (VER_PRODUCTBUILD >= 2195)
1197 typedef struct _FILE_ZERO_DATA_INFORMATION {
1198 LARGE_INTEGER FileOffset;
1199 LARGE_INTEGER BeyondFinalZero;
1200 } FILE_ZERO_DATA_INFORMATION, *PFILE_ZERO_DATA_INFORMATION;
1201
1202 typedef struct FILE_ALLOCATED_RANGE_BUFFER {
1203 LARGE_INTEGER FileOffset;
1204 LARGE_INTEGER Length;
1205 } FILE_ALLOCATED_RANGE_BUFFER, *PFILE_ALLOCATED_RANGE_BUFFER;
1206 #endif /* (VER_PRODUCTBUILD >= 2195) */
1207
1208 typedef struct _FSRTL_COMMON_FCB_HEADER {
1209 CSHORT NodeTypeCode;
1210 CSHORT NodeByteSize;
1211 UCHAR Flags;
1212 UCHAR IsFastIoPossible;
1213 #if (VER_PRODUCTBUILD >= 1381)
1214 UCHAR Flags2;
1215 UCHAR Reserved;
1216 #endif /* (VER_PRODUCTBUILD >= 1381) */
1217 PERESOURCE Resource;
1218 PERESOURCE PagingIoResource;
1219 LARGE_INTEGER AllocationSize;
1220 LARGE_INTEGER FileSize;
1221 LARGE_INTEGER ValidDataLength;
1222 } FSRTL_COMMON_FCB_HEADER, *PFSRTL_COMMON_FCB_HEADER;
1223
1224 #if (VER_PRODUCTBUILD >= 2600)
1225
1226 typedef struct _FSRTL_ADVANCED_FCB_HEADER {
1227 CSHORT NodeTypeCode;
1228 CSHORT NodeByteSize;
1229 UCHAR Flags;
1230 UCHAR IsFastIoPossible;
1231 UCHAR Flags2;
1232 UCHAR Reserved;
1233 PERESOURCE Resource;
1234 PERESOURCE PagingIoResource;
1235 LARGE_INTEGER AllocationSize;
1236 LARGE_INTEGER FileSize;
1237 LARGE_INTEGER ValidDataLength;
1238 PFAST_MUTEX FastMutex;
1239 LIST_ENTRY FilterContexts;
1240 } FSRTL_ADVANCED_FCB_HEADER, *PFSRTL_ADVANCED_FCB_HEADER;
1241
1242 typedef struct _FSRTL_PER_STREAM_CONTEXT {
1243 LIST_ENTRY Links;
1244 PVOID OwnerId;
1245 PVOID InstanceId;
1246 PFREE_FUNCTION FreeCallback;
1247 } FSRTL_PER_STREAM_CONTEXT, *PFSRTL_PER_STREAM_CONTEXT;
1248
1249 typedef struct _FSRTL_PER_FILEOBJECT_CONTEXT
1250 {
1251 LIST_ENTRY Links;
1252 PVOID OwnerId;
1253 PVOID InstanceId;
1254 } FSRTL_PER_FILEOBJECT_CONTEXT, *PFSRTL_PER_FILEOBJECT_CONTEXT;
1255
1256 #endif /* (VER_PRODUCTBUILD >= 2600) */
1257
1258 typedef struct _BASE_MCB
1259 {
1260 ULONG MaximumPairCount;
1261 ULONG PairCount;
1262 USHORT PoolType;
1263 USHORT Flags;
1264 PVOID Mapping;
1265 } BASE_MCB, *PBASE_MCB;
1266
1267 typedef struct _LARGE_MCB
1268 {
1269 PKGUARDED_MUTEX GuardedMutex;
1270 BASE_MCB BaseMcb;
1271 } LARGE_MCB, *PLARGE_MCB;
1272
1273 typedef struct _MCB
1274 {
1275 LARGE_MCB DummyFieldThatSizesThisStructureCorrectly;
1276 } MCB, *PMCB;
1277
1278 typedef struct _GENERATE_NAME_CONTEXT {
1279 USHORT Checksum;
1280 BOOLEAN CheckSumInserted;
1281 UCHAR NameLength;
1282 WCHAR NameBuffer[8];
1283 ULONG ExtensionLength;
1284 WCHAR ExtensionBuffer[4];
1285 ULONG LastIndexValue;
1286 } GENERATE_NAME_CONTEXT, *PGENERATE_NAME_CONTEXT;
1287
1288 typedef struct _MAPPING_PAIR {
1289 ULONGLONG Vcn;
1290 ULONGLONG Lcn;
1291 } MAPPING_PAIR, *PMAPPING_PAIR;
1292
1293 typedef struct _GET_RETRIEVAL_DESCRIPTOR {
1294 ULONG NumberOfPairs;
1295 ULONGLONG StartVcn;
1296 MAPPING_PAIR Pair[1];
1297 } GET_RETRIEVAL_DESCRIPTOR, *PGET_RETRIEVAL_DESCRIPTOR;
1298
1299 typedef struct _KQUEUE {
1300 DISPATCHER_HEADER Header;
1301 LIST_ENTRY EntryListHead;
1302 ULONG CurrentCount;
1303 ULONG MaximumCount;
1304 LIST_ENTRY ThreadListHead;
1305 } KQUEUE, *PKQUEUE, *RESTRICTED_POINTER PRKQUEUE;
1306
1307 #define ASSERT_QUEUE(Q) ASSERT(((Q)->Header.Type & KOBJECT_TYPE_MASK) == QueueObject);
1308
1309 typedef struct _MBCB {
1310 CSHORT NodeTypeCode;
1311 CSHORT NodeIsInZone;
1312 ULONG PagesToWrite;
1313 ULONG DirtyPages;
1314 ULONG Reserved;
1315 LIST_ENTRY BitmapRanges;
1316 LONGLONG ResumeWritePage;
1317 BITMAP_RANGE BitmapRange1;
1318 BITMAP_RANGE BitmapRange2;
1319 BITMAP_RANGE BitmapRange3;
1320 } MBCB, *PMBCB;
1321
1322 typedef struct _MOVEFILE_DESCRIPTOR {
1323 HANDLE FileHandle;
1324 ULONG Reserved;
1325 LARGE_INTEGER StartVcn;
1326 LARGE_INTEGER TargetLcn;
1327 ULONG NumVcns;
1328 ULONG Reserved1;
1329 } MOVEFILE_DESCRIPTOR, *PMOVEFILE_DESCRIPTOR;
1330
1331 typedef struct _OBJECT_BASIC_INFO {
1332 ULONG Attributes;
1333 ACCESS_MASK GrantedAccess;
1334 ULONG HandleCount;
1335 ULONG ReferenceCount;
1336 ULONG PagedPoolUsage;
1337 ULONG NonPagedPoolUsage;
1338 ULONG Reserved[3];
1339 ULONG NameInformationLength;
1340 ULONG TypeInformationLength;
1341 ULONG SecurityDescriptorLength;
1342 LARGE_INTEGER CreateTime;
1343 } OBJECT_BASIC_INFO, *POBJECT_BASIC_INFO;
1344
1345 typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFO {
1346 BOOLEAN Inherit;
1347 BOOLEAN ProtectFromClose;
1348 } OBJECT_HANDLE_ATTRIBUTE_INFO, *POBJECT_HANDLE_ATTRIBUTE_INFO;
1349
1350 typedef struct _OBJECT_NAME_INFO {
1351 UNICODE_STRING ObjectName;
1352 WCHAR ObjectNameBuffer[1];
1353 } OBJECT_NAME_INFO, *POBJECT_NAME_INFO;
1354
1355 typedef struct _OBJECT_PROTECTION_INFO {
1356 BOOLEAN Inherit;
1357 BOOLEAN ProtectHandle;
1358 } OBJECT_PROTECTION_INFO, *POBJECT_PROTECTION_INFO;
1359
1360 typedef struct _OBJECT_TYPE_INFO {
1361 UNICODE_STRING ObjectTypeName;
1362 UCHAR Unknown[0x58];
1363 WCHAR ObjectTypeNameBuffer[1];
1364 } OBJECT_TYPE_INFO, *POBJECT_TYPE_INFO;
1365
1366 typedef struct _OBJECT_ALL_TYPES_INFO {
1367 ULONG NumberOfObjectTypes;
1368 OBJECT_TYPE_INFO ObjectsTypeInfo[1];
1369 } OBJECT_ALL_TYPES_INFO, *POBJECT_ALL_TYPES_INFO;
1370
1371
1372 typedef struct _PATHNAME_BUFFER {
1373 ULONG PathNameLength;
1374 WCHAR Name[1];
1375 } PATHNAME_BUFFER, *PPATHNAME_BUFFER;
1376
1377 #if (VER_PRODUCTBUILD >= 2600)
1378
1379 typedef struct _PRIVATE_CACHE_MAP_FLAGS {
1380 ULONG DontUse : 16;
1381 ULONG ReadAheadActive : 1;
1382 ULONG ReadAheadEnabled : 1;
1383 ULONG Available : 14;
1384 } PRIVATE_CACHE_MAP_FLAGS, *PPRIVATE_CACHE_MAP_FLAGS;
1385
1386 typedef struct _PRIVATE_CACHE_MAP {
1387 _ANONYMOUS_UNION union {
1388 CSHORT NodeTypeCode;
1389 PRIVATE_CACHE_MAP_FLAGS Flags;
1390 ULONG UlongFlags;
1391 } DUMMYUNIONNAME;
1392 ULONG ReadAheadMask;
1393 PFILE_OBJECT FileObject;
1394 LARGE_INTEGER FileOffset1;
1395 LARGE_INTEGER BeyondLastByte1;
1396 LARGE_INTEGER FileOffset2;
1397 LARGE_INTEGER BeyondLastByte2;
1398 LARGE_INTEGER ReadAheadOffset[2];
1399 ULONG ReadAheadLength[2];
1400 KSPIN_LOCK ReadAheadSpinLock;
1401 LIST_ENTRY PrivateLinks;
1402 } PRIVATE_CACHE_MAP, *PPRIVATE_CACHE_MAP;
1403
1404 #endif
1405
1406 typedef enum _RTL_GENERIC_COMPARE_RESULTS
1407 {
1408 GenericLessThan,
1409 GenericGreaterThan,
1410 GenericEqual
1411 } RTL_GENERIC_COMPARE_RESULTS;
1412
1413 typedef enum _TABLE_SEARCH_RESULT
1414 {
1415 TableEmptyTree,
1416 TableFoundNode,
1417 TableInsertAsLeft,
1418 TableInsertAsRight
1419 } TABLE_SEARCH_RESULT;
1420
1421 typedef NTSTATUS
1422 (NTAPI *PRTL_AVL_MATCH_FUNCTION)(
1423 struct _RTL_AVL_TABLE *Table,
1424 PVOID UserData,
1425 PVOID MatchData
1426 );
1427
1428 typedef RTL_GENERIC_COMPARE_RESULTS
1429 (NTAPI *PRTL_AVL_COMPARE_ROUTINE) (
1430 struct _RTL_AVL_TABLE *Table,
1431 PVOID FirstStruct,
1432 PVOID SecondStruct
1433 );
1434
1435 typedef RTL_GENERIC_COMPARE_RESULTS
1436 (NTAPI *PRTL_GENERIC_COMPARE_ROUTINE) (
1437 struct _RTL_GENERIC_TABLE *Table,
1438 PVOID FirstStruct,
1439 PVOID SecondStruct
1440 );
1441
1442 typedef PVOID
1443 (NTAPI *PRTL_GENERIC_ALLOCATE_ROUTINE) (
1444 struct _RTL_GENERIC_TABLE *Table,
1445 CLONG ByteSize
1446 );
1447
1448 typedef VOID
1449 (NTAPI *PRTL_GENERIC_FREE_ROUTINE) (
1450 struct _RTL_GENERIC_TABLE *Table,
1451 PVOID Buffer
1452 );
1453
1454 typedef PVOID
1455 (NTAPI *PRTL_AVL_ALLOCATE_ROUTINE) (
1456 struct _RTL_AVL_TABLE *Table,
1457 CLONG ByteSize
1458 );
1459
1460 typedef VOID
1461 (NTAPI *PRTL_AVL_FREE_ROUTINE) (
1462 struct _RTL_AVL_TABLE *Table,
1463 PVOID Buffer
1464 );
1465
1466 typedef struct _PUBLIC_BCB {
1467 CSHORT NodeTypeCode;
1468 CSHORT NodeByteSize;
1469 ULONG MappedLength;
1470 LARGE_INTEGER MappedFileOffset;
1471 } PUBLIC_BCB, *PPUBLIC_BCB;
1472
1473 typedef struct _QUERY_PATH_REQUEST {
1474 ULONG PathNameLength;
1475 PIO_SECURITY_CONTEXT SecurityContext;
1476 WCHAR FilePathName[1];
1477 } QUERY_PATH_REQUEST, *PQUERY_PATH_REQUEST;
1478
1479 typedef struct _QUERY_PATH_RESPONSE {
1480 ULONG LengthAccepted;
1481 } QUERY_PATH_RESPONSE, *PQUERY_PATH_RESPONSE;
1482
1483 typedef struct _RETRIEVAL_POINTERS_BUFFER {
1484 ULONG ExtentCount;
1485 LARGE_INTEGER StartingVcn;
1486 struct {
1487 LARGE_INTEGER NextVcn;
1488 LARGE_INTEGER Lcn;
1489 } Extents[1];
1490 } RETRIEVAL_POINTERS_BUFFER, *PRETRIEVAL_POINTERS_BUFFER;
1491
1492 typedef struct _RTL_SPLAY_LINKS {
1493 struct _RTL_SPLAY_LINKS *Parent;
1494 struct _RTL_SPLAY_LINKS *LeftChild;
1495 struct _RTL_SPLAY_LINKS *RightChild;
1496 } RTL_SPLAY_LINKS, *PRTL_SPLAY_LINKS;
1497
1498 typedef struct _RTL_BALANCED_LINKS
1499 {
1500 struct _RTL_BALANCED_LINKS *Parent;
1501 struct _RTL_BALANCED_LINKS *LeftChild;
1502 struct _RTL_BALANCED_LINKS *RightChild;
1503 CHAR Balance;
1504 UCHAR Reserved[3];
1505 } RTL_BALANCED_LINKS, *PRTL_BALANCED_LINKS;
1506
1507 typedef struct _RTL_GENERIC_TABLE
1508 {
1509 PRTL_SPLAY_LINKS TableRoot;
1510 LIST_ENTRY InsertOrderList;
1511 PLIST_ENTRY OrderedPointer;
1512 ULONG WhichOrderedElement;
1513 ULONG NumberGenericTableElements;
1514 PRTL_GENERIC_COMPARE_ROUTINE CompareRoutine;
1515 PRTL_GENERIC_ALLOCATE_ROUTINE AllocateRoutine;
1516 PRTL_GENERIC_FREE_ROUTINE FreeRoutine;
1517 PVOID TableContext;
1518 } RTL_GENERIC_TABLE, *PRTL_GENERIC_TABLE;
1519
1520 typedef struct _RTL_AVL_TABLE
1521 {
1522 RTL_BALANCED_LINKS BalancedRoot;
1523 PVOID OrderedPointer;
1524 ULONG WhichOrderedElement;
1525 ULONG NumberGenericTableElements;
1526 ULONG DepthOfTree;
1527 PRTL_BALANCED_LINKS RestartKey;
1528 ULONG DeleteCount;
1529 PRTL_AVL_COMPARE_ROUTINE CompareRoutine;
1530 PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine;
1531 PRTL_AVL_FREE_ROUTINE FreeRoutine;
1532 PVOID TableContext;
1533 } RTL_AVL_TABLE, *PRTL_AVL_TABLE;
1534
1535
1536 #if defined(USE_LPC6432)
1537 #define LPC_CLIENT_ID CLIENT_ID64
1538 #define LPC_SIZE_T ULONGLONG
1539 #define LPC_PVOID ULONGLONG
1540 #define LPC_HANDLE ULONGLONG
1541 #else
1542 #define LPC_CLIENT_ID CLIENT_ID
1543 #define LPC_SIZE_T SIZE_T
1544 #define LPC_PVOID PVOID
1545 #define LPC_HANDLE HANDLE
1546 #endif
1547
1548 typedef struct _PORT_MESSAGE
1549 {
1550 union
1551 {
1552 struct
1553 {
1554 CSHORT DataLength;
1555 CSHORT TotalLength;
1556 } s1;
1557 ULONG Length;
1558 } u1;
1559 union
1560 {
1561 struct
1562 {
1563 CSHORT Type;
1564 CSHORT DataInfoOffset;
1565 } s2;
1566 ULONG ZeroInit;
1567 } u2;
1568 union
1569 {
1570 LPC_CLIENT_ID ClientId;
1571 double DoNotUseThisField;
1572 };
1573 ULONG MessageId;
1574 union
1575 {
1576 LPC_SIZE_T ClientViewSize;
1577 ULONG CallbackId;
1578 };
1579 } PORT_MESSAGE, *PPORT_MESSAGE;
1580
1581 #define LPC_KERNELMODE_MESSAGE (CSHORT)((USHORT)0x8000)
1582
1583 typedef struct _PORT_VIEW
1584 {
1585 ULONG Length;
1586 LPC_HANDLE SectionHandle;
1587 ULONG SectionOffset;
1588 LPC_SIZE_T ViewSize;
1589 LPC_PVOID ViewBase;
1590 LPC_PVOID ViewRemoteBase;
1591 } PORT_VIEW, *PPORT_VIEW;
1592
1593 typedef struct _REMOTE_PORT_VIEW
1594 {
1595 ULONG Length;
1596 LPC_SIZE_T ViewSize;
1597 LPC_PVOID ViewBase;
1598 } REMOTE_PORT_VIEW, *PREMOTE_PORT_VIEW;
1599
1600 typedef struct _SE_EXPORTS {
1601
1602 LUID SeCreateTokenPrivilege;
1603 LUID SeAssignPrimaryTokenPrivilege;
1604 LUID SeLockMemoryPrivilege;
1605 LUID SeIncreaseQuotaPrivilege;
1606 LUID SeUnsolicitedInputPrivilege;
1607 LUID SeTcbPrivilege;
1608 LUID SeSecurityPrivilege;
1609 LUID SeTakeOwnershipPrivilege;
1610 LUID SeLoadDriverPrivilege;
1611 LUID SeCreatePagefilePrivilege;
1612 LUID SeIncreaseBasePriorityPrivilege;
1613 LUID SeSystemProfilePrivilege;
1614 LUID SeSystemtimePrivilege;
1615 LUID SeProfileSingleProcessPrivilege;
1616 LUID SeCreatePermanentPrivilege;
1617 LUID SeBackupPrivilege;
1618 LUID SeRestorePrivilege;
1619 LUID SeShutdownPrivilege;
1620 LUID SeDebugPrivilege;
1621 LUID SeAuditPrivilege;
1622 LUID SeSystemEnvironmentPrivilege;
1623 LUID SeChangeNotifyPrivilege;
1624 LUID SeRemoteShutdownPrivilege;
1625
1626 PSID SeNullSid;
1627 PSID SeWorldSid;
1628 PSID SeLocalSid;
1629 PSID SeCreatorOwnerSid;
1630 PSID SeCreatorGroupSid;
1631
1632 PSID SeNtAuthoritySid;
1633 PSID SeDialupSid;
1634 PSID SeNetworkSid;
1635 PSID SeBatchSid;
1636 PSID SeInteractiveSid;
1637 PSID SeLocalSystemSid;
1638 PSID SeAliasAdminsSid;
1639 PSID SeAliasUsersSid;
1640 PSID SeAliasGuestsSid;
1641 PSID SeAliasPowerUsersSid;
1642 PSID SeAliasAccountOpsSid;
1643 PSID SeAliasSystemOpsSid;
1644 PSID SeAliasPrintOpsSid;
1645 PSID SeAliasBackupOpsSid;
1646
1647 PSID SeAuthenticatedUsersSid;
1648
1649 PSID SeRestrictedSid;
1650 PSID SeAnonymousLogonSid;
1651
1652 LUID SeUndockPrivilege;
1653 LUID SeSyncAgentPrivilege;
1654 LUID SeEnableDelegationPrivilege;
1655
1656 } SE_EXPORTS, *PSE_EXPORTS;
1657
1658 typedef struct
1659 {
1660 LARGE_INTEGER StartingLcn;
1661 } STARTING_LCN_INPUT_BUFFER, *PSTARTING_LCN_INPUT_BUFFER;
1662
1663 typedef struct _STARTING_VCN_INPUT_BUFFER {
1664 LARGE_INTEGER StartingVcn;
1665 } STARTING_VCN_INPUT_BUFFER, *PSTARTING_VCN_INPUT_BUFFER;
1666
1667 typedef struct _SECURITY_CLIENT_CONTEXT {
1668 SECURITY_QUALITY_OF_SERVICE SecurityQos;
1669 PACCESS_TOKEN ClientToken;
1670 BOOLEAN DirectlyAccessClientToken;
1671 BOOLEAN DirectAccessEffectiveOnly;
1672 BOOLEAN ServerIsRemote;
1673 TOKEN_CONTROL ClientTokenControl;
1674 } SECURITY_CLIENT_CONTEXT, *PSECURITY_CLIENT_CONTEXT;
1675
1676 typedef struct _ACE_HEADER
1677 {
1678 UCHAR AceType;
1679 UCHAR AceFlags;
1680 USHORT AceSize;
1681 } ACE_HEADER, *PACE_HEADER;
1682
1683 typedef struct _TUNNEL {
1684 FAST_MUTEX Mutex;
1685 PRTL_SPLAY_LINKS Cache;
1686 LIST_ENTRY TimerQueue;
1687 USHORT NumEntries;
1688 } TUNNEL, *PTUNNEL;
1689
1690 typedef struct _VACB {
1691 PVOID BaseAddress;
1692 PSHARED_CACHE_MAP SharedCacheMap;
1693 union {
1694 LARGE_INTEGER FileOffset;
1695 USHORT ActiveCount;
1696 } Overlay;
1697 LIST_ENTRY LruList;
1698 } VACB, *PVACB;
1699
1700 typedef struct _VAD_HEADER {
1701 PVOID StartVPN;
1702 PVOID EndVPN;
1703 PVAD_HEADER ParentLink;
1704 PVAD_HEADER LeftLink;
1705 PVAD_HEADER RightLink;
1706 ULONG Flags; /* LSB = CommitCharge */
1707 PVOID ControlArea;
1708 PVOID FirstProtoPte;
1709 PVOID LastPTE;
1710 ULONG Unknown;
1711 LIST_ENTRY Secured;
1712 } VAD_HEADER, *PVAD_HEADER;
1713
1714 typedef struct
1715 {
1716 LARGE_INTEGER StartingLcn;
1717 LARGE_INTEGER BitmapSize;
1718 UCHAR Buffer[1];
1719 } VOLUME_BITMAP_BUFFER, *PVOLUME_BITMAP_BUFFER;
1720
1721 #if (VER_PRODUCTBUILD >= 2600)
1722
1723 typedef BOOLEAN
1724 (NTAPI *PFILTER_REPORT_CHANGE) (
1725 IN PVOID NotifyContext,
1726 IN PVOID FilterContext
1727 );
1728
1729 typedef enum _FS_FILTER_SECTION_SYNC_TYPE {
1730 SyncTypeOther = 0,
1731 SyncTypeCreateSection
1732 } FS_FILTER_SECTION_SYNC_TYPE, *PFS_FILTER_SECTION_SYNC_TYPE;
1733
1734 typedef union _FS_FILTER_PARAMETERS {
1735 struct {
1736 PLARGE_INTEGER EndingOffset;
1737 } AcquireForModifiedPageWriter;
1738
1739 struct {
1740 PERESOURCE ResourceToRelease;
1741 } ReleaseForModifiedPageWriter;
1742
1743 struct {
1744 FS_FILTER_SECTION_SYNC_TYPE SyncType;
1745 ULONG PageProtection;
1746 } AcquireForSectionSynchronization;
1747
1748 struct {
1749 PVOID Argument1;
1750 PVOID Argument2;
1751 PVOID Argument3;
1752 PVOID Argument4;
1753 PVOID Argument5;
1754 } Others;
1755 } FS_FILTER_PARAMETERS, *PFS_FILTER_PARAMETERS;
1756
1757 typedef struct _FS_FILTER_CALLBACK_DATA {
1758 ULONG SizeOfFsFilterCallbackData;
1759 UCHAR Operation;
1760 UCHAR Reserved;
1761 struct _DEVICE_OBJECT *DeviceObject;
1762 struct _FILE_OBJECT *FileObject;
1763 FS_FILTER_PARAMETERS Parameters;
1764 } FS_FILTER_CALLBACK_DATA, *PFS_FILTER_CALLBACK_DATA;
1765
1766 typedef NTSTATUS
1767 (NTAPI *PFS_FILTER_CALLBACK) (
1768 IN PFS_FILTER_CALLBACK_DATA Data,
1769 OUT PVOID *CompletionContext
1770 );
1771
1772 typedef VOID
1773 (NTAPI *PFS_FILTER_COMPLETION_CALLBACK) (
1774 IN PFS_FILTER_CALLBACK_DATA Data,
1775 IN NTSTATUS OperationStatus,
1776 IN PVOID CompletionContext
1777 );
1778
1779 typedef struct _FS_FILTER_CALLBACKS {
1780 ULONG SizeOfFsFilterCallbacks;
1781 ULONG Reserved;
1782 PFS_FILTER_CALLBACK PreAcquireForSectionSynchronization;
1783 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForSectionSynchronization;
1784 PFS_FILTER_CALLBACK PreReleaseForSectionSynchronization;
1785 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForSectionSynchronization;
1786 PFS_FILTER_CALLBACK PreAcquireForCcFlush;
1787 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForCcFlush;
1788 PFS_FILTER_CALLBACK PreReleaseForCcFlush;
1789 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForCcFlush;
1790 PFS_FILTER_CALLBACK PreAcquireForModifiedPageWriter;
1791 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForModifiedPageWriter;
1792 PFS_FILTER_CALLBACK PreReleaseForModifiedPageWriter;
1793 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForModifiedPageWriter;
1794 } FS_FILTER_CALLBACKS, *PFS_FILTER_CALLBACKS;
1795
1796 typedef struct _READ_LIST {
1797 PFILE_OBJECT FileObject;
1798 ULONG NumberOfEntries;
1799 LOGICAL IsImage;
1800 FILE_SEGMENT_ELEMENT List[ANYSIZE_ARRAY];
1801 } READ_LIST, *PREAD_LIST;
1802
1803 #endif
1804
1805 typedef NTSTATUS
1806 (NTAPI * PRTL_HEAP_COMMIT_ROUTINE) (
1807 IN PVOID Base,
1808 IN OUT PVOID *CommitAddress,
1809 IN OUT PSIZE_T CommitSize
1810 );
1811
1812 typedef struct _RTL_HEAP_PARAMETERS {
1813 ULONG Length;
1814 SIZE_T SegmentReserve;
1815 SIZE_T SegmentCommit;
1816 SIZE_T DeCommitFreeBlockThreshold;
1817 SIZE_T DeCommitTotalFreeThreshold;
1818 SIZE_T MaximumAllocationSize;
1819 SIZE_T VirtualMemoryThreshold;
1820 SIZE_T InitialCommit;
1821 SIZE_T InitialReserve;
1822 PRTL_HEAP_COMMIT_ROUTINE CommitRoutine;
1823 SIZE_T Reserved[2];
1824 } RTL_HEAP_PARAMETERS, *PRTL_HEAP_PARAMETERS;
1825
1826 NTKERNELAPI
1827 BOOLEAN
1828 NTAPI
1829 CcCanIWrite (
1830 IN PFILE_OBJECT FileObject,
1831 IN ULONG BytesToWrite,
1832 IN BOOLEAN Wait,
1833 IN BOOLEAN Retrying
1834 );
1835
1836 NTKERNELAPI
1837 BOOLEAN
1838 NTAPI
1839 CcCopyRead (
1840 IN PFILE_OBJECT FileObject,
1841 IN PLARGE_INTEGER FileOffset,
1842 IN ULONG Length,
1843 IN BOOLEAN Wait,
1844 OUT PVOID Buffer,
1845 OUT PIO_STATUS_BLOCK IoStatus
1846 );
1847
1848 NTKERNELAPI
1849 BOOLEAN
1850 NTAPI
1851 CcCopyWrite (
1852 IN PFILE_OBJECT FileObject,
1853 IN PLARGE_INTEGER FileOffset,
1854 IN ULONG Length,
1855 IN BOOLEAN Wait,
1856 IN PVOID Buffer
1857 );
1858
1859 #define CcCopyWriteWontFlush(FO, FOFF, LEN) ((LEN) <= 0x10000)
1860
1861 typedef VOID (NTAPI *PCC_POST_DEFERRED_WRITE) (
1862 IN PVOID Context1,
1863 IN PVOID Context2
1864 );
1865
1866 NTKERNELAPI
1867 VOID
1868 NTAPI
1869 CcDeferWrite (
1870 IN PFILE_OBJECT FileObject,
1871 IN PCC_POST_DEFERRED_WRITE PostRoutine,
1872 IN PVOID Context1,
1873 IN PVOID Context2,
1874 IN ULONG BytesToWrite,
1875 IN BOOLEAN Retrying
1876 );
1877
1878 NTKERNELAPI
1879 VOID
1880 NTAPI
1881 CcFastCopyRead (
1882 IN PFILE_OBJECT FileObject,
1883 IN ULONG FileOffset,
1884 IN ULONG Length,
1885 IN ULONG PageCount,
1886 OUT PVOID Buffer,
1887 OUT PIO_STATUS_BLOCK IoStatus
1888 );
1889
1890 NTKERNELAPI
1891 VOID
1892 NTAPI
1893 CcFastCopyWrite (
1894 IN PFILE_OBJECT FileObject,
1895 IN ULONG FileOffset,
1896 IN ULONG Length,
1897 IN PVOID Buffer
1898 );
1899
1900 NTKERNELAPI
1901 VOID
1902 NTAPI
1903 CcFlushCache (
1904 IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
1905 IN PLARGE_INTEGER FileOffset OPTIONAL,
1906 IN ULONG Length,
1907 OUT PIO_STATUS_BLOCK IoStatus OPTIONAL
1908 );
1909
1910 typedef VOID (*PDIRTY_PAGE_ROUTINE) (
1911 IN PFILE_OBJECT FileObject,
1912 IN PLARGE_INTEGER FileOffset,
1913 IN ULONG Length,
1914 IN PLARGE_INTEGER OldestLsn,
1915 IN PLARGE_INTEGER NewestLsn,
1916 IN PVOID Context1,
1917 IN PVOID Context2
1918 );
1919
1920 NTKERNELAPI
1921 LARGE_INTEGER
1922 NTAPI
1923 CcGetDirtyPages (
1924 IN PVOID LogHandle,
1925 IN PDIRTY_PAGE_ROUTINE DirtyPageRoutine,
1926 IN PVOID Context1,
1927 IN PVOID Context2
1928 );
1929
1930 NTKERNELAPI
1931 PFILE_OBJECT
1932 NTAPI
1933 CcGetFileObjectFromBcb (
1934 IN PVOID Bcb
1935 );
1936
1937 NTKERNELAPI
1938 PFILE_OBJECT
1939 NTAPI
1940 CcGetFileObjectFromSectionPtrs (
1941 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
1942 );
1943
1944 #define CcGetFileSizePointer(FO) ( \
1945 ((PLARGE_INTEGER)((FO)->SectionObjectPointer->SharedCacheMap) + 1) \
1946 )
1947
1948 #if (VER_PRODUCTBUILD >= 2195)
1949
1950 NTKERNELAPI
1951 LARGE_INTEGER
1952 NTAPI
1953 CcGetFlushedValidData (
1954 IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
1955 IN BOOLEAN BcbListHeld
1956 );
1957
1958 #endif /* (VER_PRODUCTBUILD >= 2195) */
1959
1960 NTKERNELAPI
1961 LARGE_INTEGER
1962 NTAPI
1963 CcGetLsnForFileObject (
1964 IN PFILE_OBJECT FileObject,
1965 OUT PLARGE_INTEGER OldestLsn OPTIONAL
1966 );
1967
1968 typedef BOOLEAN (NTAPI *PACQUIRE_FOR_LAZY_WRITE) (
1969 IN PVOID Context,
1970 IN BOOLEAN Wait
1971 );
1972
1973 typedef VOID (NTAPI *PRELEASE_FROM_LAZY_WRITE) (
1974 IN PVOID Context
1975 );
1976
1977 typedef BOOLEAN (NTAPI *PACQUIRE_FOR_READ_AHEAD) (
1978 IN PVOID Context,
1979 IN BOOLEAN Wait
1980 );
1981
1982 typedef VOID (NTAPI *PRELEASE_FROM_READ_AHEAD) (
1983 IN PVOID Context
1984 );
1985
1986 typedef struct _CACHE_MANAGER_CALLBACKS {
1987 PACQUIRE_FOR_LAZY_WRITE AcquireForLazyWrite;
1988 PRELEASE_FROM_LAZY_WRITE ReleaseFromLazyWrite;
1989 PACQUIRE_FOR_READ_AHEAD AcquireForReadAhead;
1990 PRELEASE_FROM_READ_AHEAD ReleaseFromReadAhead;
1991 } CACHE_MANAGER_CALLBACKS, *PCACHE_MANAGER_CALLBACKS;
1992
1993 NTKERNELAPI
1994 VOID
1995 NTAPI
1996 CcInitializeCacheMap (
1997 IN PFILE_OBJECT FileObject,
1998 IN PCC_FILE_SIZES FileSizes,
1999 IN BOOLEAN PinAccess,
2000 IN PCACHE_MANAGER_CALLBACKS Callbacks,
2001 IN PVOID LazyWriteContext
2002 );
2003
2004 #define CcIsFileCached(FO) ( \
2005 ((FO)->SectionObjectPointer != NULL) && \
2006 (((PSECTION_OBJECT_POINTERS)(FO)->SectionObjectPointer)->SharedCacheMap != NULL) \
2007 )
2008
2009 extern ULONG CcFastMdlReadWait;
2010
2011 NTKERNELAPI
2012 BOOLEAN
2013 NTAPI
2014 CcIsThereDirtyData (
2015 IN PVPB Vpb
2016 );
2017
2018 NTKERNELAPI
2019 BOOLEAN
2020 NTAPI
2021 CcMapData (
2022 IN PFILE_OBJECT FileObject,
2023 IN PLARGE_INTEGER FileOffset,
2024 IN ULONG Length,
2025 IN ULONG Flags,
2026 OUT PVOID *Bcb,
2027 OUT PVOID *Buffer
2028 );
2029
2030 NTKERNELAPI
2031 VOID
2032 NTAPI
2033 CcMdlRead (
2034 IN PFILE_OBJECT FileObject,
2035 IN PLARGE_INTEGER FileOffset,
2036 IN ULONG Length,
2037 OUT PMDL *MdlChain,
2038 OUT PIO_STATUS_BLOCK IoStatus
2039 );
2040
2041 NTKERNELAPI
2042 VOID
2043 NTAPI
2044 CcMdlReadComplete (
2045 IN PFILE_OBJECT FileObject,
2046 IN PMDL MdlChain
2047 );
2048
2049 NTKERNELAPI
2050 VOID
2051 NTAPI
2052 CcMdlWriteComplete (
2053 IN PFILE_OBJECT FileObject,
2054 IN PLARGE_INTEGER FileOffset,
2055 IN PMDL MdlChain
2056 );
2057
2058 #define MAP_WAIT 1
2059
2060 NTKERNELAPI
2061 BOOLEAN
2062 NTAPI
2063 CcPinMappedData (
2064 IN PFILE_OBJECT FileObject,
2065 IN PLARGE_INTEGER FileOffset,
2066 IN ULONG Length,
2067 IN ULONG Flags,
2068 IN OUT PVOID *Bcb
2069 );
2070
2071 NTKERNELAPI
2072 BOOLEAN
2073 NTAPI
2074 CcPinRead (
2075 IN PFILE_OBJECT FileObject,
2076 IN PLARGE_INTEGER FileOffset,
2077 IN ULONG Length,
2078 IN ULONG Flags,
2079 OUT PVOID *Bcb,
2080 OUT PVOID *Buffer
2081 );
2082
2083 NTKERNELAPI
2084 VOID
2085 NTAPI
2086 CcPrepareMdlWrite (
2087 IN PFILE_OBJECT FileObject,
2088 IN PLARGE_INTEGER FileOffset,
2089 IN ULONG Length,
2090 OUT PMDL *MdlChain,
2091 OUT PIO_STATUS_BLOCK IoStatus
2092 );
2093
2094 NTKERNELAPI
2095 BOOLEAN
2096 NTAPI
2097 CcPreparePinWrite (
2098 IN PFILE_OBJECT FileObject,
2099 IN PLARGE_INTEGER FileOffset,
2100 IN ULONG Length,
2101 IN BOOLEAN Zero,
2102 IN ULONG Flags,
2103 OUT PVOID *Bcb,
2104 OUT PVOID *Buffer
2105 );
2106
2107 NTKERNELAPI
2108 BOOLEAN
2109 NTAPI
2110 CcPurgeCacheSection (
2111 IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
2112 IN PLARGE_INTEGER FileOffset OPTIONAL,
2113 IN ULONG Length,
2114 IN BOOLEAN UninitializeCacheMaps
2115 );
2116
2117 #define CcReadAhead(FO, FOFF, LEN) ( \
2118 if ((LEN) >= 256) { \
2119 CcScheduleReadAhead((FO), (FOFF), (LEN)); \
2120 } \
2121 )
2122
2123 #if (VER_PRODUCTBUILD >= 2195)
2124
2125 NTKERNELAPI
2126 PVOID
2127 NTAPI
2128 CcRemapBcb (
2129 IN PVOID Bcb
2130 );
2131
2132 #endif /* (VER_PRODUCTBUILD >= 2195) */
2133
2134 NTKERNELAPI
2135 VOID
2136 NTAPI
2137 CcRepinBcb (
2138 IN PVOID Bcb
2139 );
2140
2141 NTKERNELAPI
2142 VOID
2143 NTAPI
2144 CcScheduleReadAhead (
2145 IN PFILE_OBJECT FileObject,
2146 IN PLARGE_INTEGER FileOffset,
2147 IN ULONG Length
2148 );
2149
2150 NTKERNELAPI
2151 VOID
2152 NTAPI
2153 CcSetAdditionalCacheAttributes (
2154 IN PFILE_OBJECT FileObject,
2155 IN BOOLEAN DisableReadAhead,
2156 IN BOOLEAN DisableWriteBehind
2157 );
2158
2159 NTKERNELAPI
2160 VOID
2161 NTAPI
2162 CcSetBcbOwnerPointer (
2163 IN PVOID Bcb,
2164 IN PVOID OwnerPointer
2165 );
2166
2167 NTKERNELAPI
2168 VOID
2169 NTAPI
2170 CcSetDirtyPageThreshold (
2171 IN PFILE_OBJECT FileObject,
2172 IN ULONG DirtyPageThreshold
2173 );
2174
2175 NTKERNELAPI
2176 VOID
2177 NTAPI
2178 CcSetDirtyPinnedData (
2179 IN PVOID BcbVoid,
2180 IN PLARGE_INTEGER Lsn OPTIONAL
2181 );
2182
2183 NTKERNELAPI
2184 VOID
2185 NTAPI
2186 CcSetFileSizes (
2187 IN PFILE_OBJECT FileObject,
2188 IN PCC_FILE_SIZES FileSizes
2189 );
2190
2191 typedef VOID (NTAPI *PFLUSH_TO_LSN) (
2192 IN PVOID LogHandle,
2193 IN PLARGE_INTEGER Lsn
2194 );
2195
2196 NTKERNELAPI
2197 VOID
2198 NTAPI
2199 CcSetLogHandleForFile (
2200 IN PFILE_OBJECT FileObject,
2201 IN PVOID LogHandle,
2202 IN PFLUSH_TO_LSN FlushToLsnRoutine
2203 );
2204
2205 NTKERNELAPI
2206 VOID
2207 NTAPI
2208 CcSetReadAheadGranularity (
2209 IN PFILE_OBJECT FileObject,
2210 IN ULONG Granularity /* default: PAGE_SIZE */
2211 /* allowed: 2^n * PAGE_SIZE */
2212 );
2213
2214 NTKERNELAPI
2215 BOOLEAN
2216 NTAPI
2217 CcUninitializeCacheMap (
2218 IN PFILE_OBJECT FileObject,
2219 IN PLARGE_INTEGER TruncateSize OPTIONAL,
2220 IN PCACHE_UNINITIALIZE_EVENT UninitializeCompleteEvent OPTIONAL
2221 );
2222
2223 NTKERNELAPI
2224 VOID
2225 NTAPI
2226 CcUnpinData (
2227 IN PVOID Bcb
2228 );
2229
2230 NTKERNELAPI
2231 VOID
2232 NTAPI
2233 CcUnpinDataForThread (
2234 IN PVOID Bcb,
2235 IN ERESOURCE_THREAD ResourceThreadId
2236 );
2237
2238 NTKERNELAPI
2239 VOID
2240 NTAPI
2241 CcUnpinRepinnedBcb (
2242 IN PVOID Bcb,
2243 IN BOOLEAN WriteThrough,
2244 OUT PIO_STATUS_BLOCK IoStatus
2245 );
2246
2247 #if (VER_PRODUCTBUILD >= 2195)
2248
2249 NTKERNELAPI
2250 NTSTATUS
2251 NTAPI
2252 CcWaitForCurrentLazyWriterActivity (
2253 VOID
2254 );
2255
2256 #endif /* (VER_PRODUCTBUILD >= 2195) */
2257
2258 NTKERNELAPI
2259 BOOLEAN
2260 NTAPI
2261 CcZeroData (
2262 IN PFILE_OBJECT FileObject,
2263 IN PLARGE_INTEGER StartOffset,
2264 IN PLARGE_INTEGER EndOffset,
2265 IN BOOLEAN Wait
2266 );
2267
2268 NTKERNELAPI
2269 VOID
2270 NTAPI
2271 ExDisableResourceBoostLite (
2272 IN PERESOURCE Resource
2273 );
2274
2275 NTKERNELAPI
2276 ULONG
2277 NTAPI
2278 ExQueryPoolBlockSize (
2279 IN PVOID PoolBlock,
2280 OUT PBOOLEAN QuotaCharged
2281 );
2282
2283 #if (VER_PRODUCTBUILD >= 2600)
2284
2285 #ifndef __NTOSKRNL__
2286 NTKERNELAPI
2287 VOID
2288 FASTCALL
2289 ExInitializeRundownProtection (
2290 IN PEX_RUNDOWN_REF RunRef
2291 );
2292
2293 NTKERNELAPI
2294 VOID
2295 FASTCALL
2296 ExReInitializeRundownProtection (
2297 IN PEX_RUNDOWN_REF RunRef
2298 );
2299
2300 NTKERNELAPI
2301 BOOLEAN
2302 FASTCALL
2303 ExAcquireRundownProtection (
2304 IN PEX_RUNDOWN_REF RunRef
2305 );
2306
2307 NTKERNELAPI
2308 BOOLEAN
2309 FASTCALL
2310 ExAcquireRundownProtectionEx (
2311 IN PEX_RUNDOWN_REF RunRef,
2312 IN ULONG Count
2313 );
2314
2315 NTKERNELAPI
2316 VOID
2317 FASTCALL
2318 ExReleaseRundownProtection (
2319 IN PEX_RUNDOWN_REF RunRef
2320 );
2321
2322 NTKERNELAPI
2323 VOID
2324 FASTCALL
2325 ExReleaseRundownProtectionEx (
2326 IN PEX_RUNDOWN_REF RunRef,
2327 IN ULONG Count
2328 );
2329
2330 NTKERNELAPI
2331 VOID
2332 FASTCALL
2333 ExRundownCompleted (
2334 IN PEX_RUNDOWN_REF RunRef
2335 );
2336
2337 NTKERNELAPI
2338 VOID
2339 FASTCALL
2340 ExWaitForRundownProtectionRelease (
2341 IN PEX_RUNDOWN_REF RunRef
2342 );
2343
2344 #endif
2345 #endif /* (VER_PRODUCTBUILD >= 2600) */
2346
2347 #define FlagOn(x, f) ((x) & (f))
2348
2349 NTKERNELAPI
2350 VOID
2351 NTAPI
2352 FsRtlAddToTunnelCache (
2353 IN PTUNNEL Cache,
2354 IN ULONGLONG DirectoryKey,
2355 IN PUNICODE_STRING ShortName,
2356 IN PUNICODE_STRING LongName,
2357 IN BOOLEAN KeyByShortName,
2358 IN ULONG DataLength,
2359 IN PVOID Data
2360 );
2361
2362 #if (VER_PRODUCTBUILD >= 2195)
2363
2364 PFILE_LOCK
2365 NTAPI
2366 FsRtlAllocateFileLock (
2367 IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL,
2368 IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL
2369 );
2370
2371 #endif /* (VER_PRODUCTBUILD >= 2195) */
2372
2373 NTKERNELAPI
2374 PVOID
2375 NTAPI
2376 FsRtlAllocatePool (
2377 IN POOL_TYPE PoolType,
2378 IN ULONG NumberOfBytes
2379 );
2380
2381 NTKERNELAPI
2382 PVOID
2383 NTAPI
2384 FsRtlAllocatePoolWithQuota (
2385 IN POOL_TYPE PoolType,
2386 IN ULONG NumberOfBytes
2387 );
2388
2389 NTKERNELAPI
2390 PVOID
2391 NTAPI
2392 FsRtlAllocatePoolWithQuotaTag (
2393 IN POOL_TYPE PoolType,
2394 IN ULONG NumberOfBytes,
2395 IN ULONG Tag
2396 );
2397
2398 NTKERNELAPI
2399 PVOID
2400 NTAPI
2401 FsRtlAllocatePoolWithTag (
2402 IN POOL_TYPE PoolType,
2403 IN ULONG NumberOfBytes,
2404 IN ULONG Tag
2405 );
2406
2407 NTKERNELAPI
2408 BOOLEAN
2409 NTAPI
2410 FsRtlAreNamesEqual (
2411 IN PCUNICODE_STRING Name1,
2412 IN PCUNICODE_STRING Name2,
2413 IN BOOLEAN IgnoreCase,
2414 IN PCWCH UpcaseTable OPTIONAL
2415 );
2416
2417 #define FsRtlAreThereCurrentFileLocks(FL) ( \
2418 ((FL)->FastIoIsQuestionable) \
2419 )
2420
2421 /*
2422 FsRtlCheckLockForReadAccess:
2423
2424 All this really does is pick out the lock parameters from the irp (io stack
2425 location?), get IoGetRequestorProcess, and pass values on to
2426 FsRtlFastCheckLockForRead.
2427 */
2428 NTKERNELAPI
2429 BOOLEAN
2430 NTAPI
2431 FsRtlCheckLockForReadAccess (
2432 IN PFILE_LOCK FileLock,
2433 IN PIRP Irp
2434 );
2435
2436 /*
2437 FsRtlCheckLockForWriteAccess:
2438
2439 All this really does is pick out the lock parameters from the irp (io stack
2440 location?), get IoGetRequestorProcess, and pass values on to
2441 FsRtlFastCheckLockForWrite.
2442 */
2443 NTKERNELAPI
2444 BOOLEAN
2445 NTAPI
2446 FsRtlCheckLockForWriteAccess (
2447 IN PFILE_LOCK FileLock,
2448 IN PIRP Irp
2449 );
2450
2451 typedef
2452 VOID
2453 (NTAPI*POPLOCK_WAIT_COMPLETE_ROUTINE) (
2454 IN PVOID Context,
2455 IN PIRP Irp
2456 );
2457
2458 typedef
2459 VOID
2460 (NTAPI*POPLOCK_FS_PREPOST_IRP) (
2461 IN PVOID Context,
2462 IN PIRP Irp
2463 );
2464
2465 NTKERNELAPI
2466 NTSTATUS
2467 NTAPI
2468 FsRtlCheckOplock (
2469 IN POPLOCK Oplock,
2470 IN PIRP Irp,
2471 IN PVOID Context,
2472 IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL,
2473 IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL
2474 );
2475
2476 NTKERNELAPI
2477 BOOLEAN
2478 NTAPI
2479 FsRtlCopyRead (
2480 IN PFILE_OBJECT FileObject,
2481 IN PLARGE_INTEGER FileOffset,
2482 IN ULONG Length,
2483 IN BOOLEAN Wait,
2484 IN ULONG LockKey,
2485 OUT PVOID Buffer,
2486 OUT PIO_STATUS_BLOCK IoStatus,
2487 IN PDEVICE_OBJECT DeviceObject
2488 );
2489
2490 NTKERNELAPI
2491 BOOLEAN
2492 NTAPI
2493 FsRtlCopyWrite (
2494 IN PFILE_OBJECT FileObject,
2495 IN PLARGE_INTEGER FileOffset,
2496 IN ULONG Length,
2497 IN BOOLEAN Wait,
2498 IN ULONG LockKey,
2499 IN PVOID Buffer,
2500 OUT PIO_STATUS_BLOCK IoStatus,
2501 IN PDEVICE_OBJECT DeviceObject
2502 );
2503
2504 NTSYSAPI
2505 PVOID
2506 NTAPI
2507 RtlCreateHeap (
2508 IN ULONG Flags,
2509 IN PVOID HeapBase OPTIONAL,
2510 IN SIZE_T ReserveSize OPTIONAL,
2511 IN SIZE_T CommitSize OPTIONAL,
2512 IN PVOID Lock OPTIONAL,
2513 IN PRTL_HEAP_PARAMETERS Parameters OPTIONAL
2514 );
2515
2516 NTKERNELAPI
2517 BOOLEAN
2518 NTAPI
2519 FsRtlCurrentBatchOplock (
2520 IN POPLOCK Oplock
2521 );
2522
2523 NTKERNELAPI
2524 VOID
2525 NTAPI
2526 FsRtlDeleteKeyFromTunnelCache (
2527 IN PTUNNEL Cache,
2528 IN ULONGLONG DirectoryKey
2529 );
2530
2531 NTKERNELAPI
2532 VOID
2533 NTAPI
2534 FsRtlDeleteTunnelCache (
2535 IN PTUNNEL Cache
2536 );
2537
2538 NTKERNELAPI
2539 VOID
2540 NTAPI
2541 FsRtlDeregisterUncProvider (
2542 IN HANDLE Handle
2543 );
2544
2545 NTSYSAPI
2546 PVOID
2547 NTAPI
2548 RtlDestroyHeap(
2549 IN PVOID HeapHandle
2550 );
2551
2552 NTKERNELAPI
2553 VOID
2554 NTAPI
2555 FsRtlDissectDbcs (
2556 IN ANSI_STRING Name,
2557 OUT PANSI_STRING FirstPart,
2558 OUT PANSI_STRING RemainingPart
2559 );
2560
2561 NTKERNELAPI
2562 VOID
2563 NTAPI
2564 FsRtlDissectName (
2565 IN UNICODE_STRING Name,
2566 OUT PUNICODE_STRING FirstPart,
2567 OUT PUNICODE_STRING RemainingPart
2568 );
2569
2570 NTKERNELAPI
2571 BOOLEAN
2572 NTAPI
2573 FsRtlDoesDbcsContainWildCards (
2574 IN PANSI_STRING Name
2575 );
2576
2577 NTKERNELAPI
2578 BOOLEAN
2579 NTAPI
2580 FsRtlDoesNameContainWildCards (
2581 IN PUNICODE_STRING Name
2582 );
2583
2584 #define FsRtlCompleteRequest(IRP,STATUS) { \
2585 (IRP)->IoStatus.Status = (STATUS); \
2586 IoCompleteRequest( (IRP), IO_DISK_INCREMENT ); \
2587 }
2588
2589 #define FsRtlEnterFileSystem KeEnterCriticalRegion
2590
2591 #define FsRtlExitFileSystem KeLeaveCriticalRegion
2592
2593 NTKERNELAPI
2594 BOOLEAN
2595 NTAPI
2596 FsRtlFastCheckLockForRead (
2597 IN PFILE_LOCK FileLock,
2598 IN PLARGE_INTEGER FileOffset,
2599 IN PLARGE_INTEGER Length,
2600 IN ULONG Key,
2601 IN PFILE_OBJECT FileObject,
2602 IN PEPROCESS Process
2603 );
2604
2605 NTKERNELAPI
2606 BOOLEAN
2607 NTAPI
2608 FsRtlFastCheckLockForWrite (
2609 IN PFILE_LOCK FileLock,
2610 IN PLARGE_INTEGER FileOffset,
2611 IN PLARGE_INTEGER Length,
2612 IN ULONG Key,
2613 IN PFILE_OBJECT FileObject,
2614 IN PEPROCESS Process
2615 );
2616
2617 #define FsRtlFastLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, A10, A11) ( \
2618 FsRtlPrivateLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, NULL, A10, A11) \
2619 )
2620
2621 NTKERNELAPI
2622 NTSTATUS
2623 NTAPI
2624 FsRtlFastUnlockAll (
2625 IN PFILE_LOCK FileLock,
2626 IN PFILE_OBJECT FileObject,
2627 IN PEPROCESS Process,
2628 IN PVOID Context OPTIONAL
2629 );
2630 /* ret: STATUS_RANGE_NOT_LOCKED */
2631
2632 NTKERNELAPI
2633 NTSTATUS
2634 NTAPI
2635 FsRtlFastUnlockAllByKey (
2636 IN PFILE_LOCK FileLock,
2637 IN PFILE_OBJECT FileObject,
2638 IN PEPROCESS Process,
2639 IN ULONG Key,
2640 IN PVOID Context OPTIONAL
2641 );
2642 /* ret: STATUS_RANGE_NOT_LOCKED */
2643
2644 NTKERNELAPI
2645 NTSTATUS
2646 NTAPI
2647 FsRtlFastUnlockSingle (
2648 IN PFILE_LOCK FileLock,
2649 IN PFILE_OBJECT FileObject,
2650 IN PLARGE_INTEGER FileOffset,
2651 IN PLARGE_INTEGER Length,
2652 IN PEPROCESS Process,
2653 IN ULONG Key,
2654 IN PVOID Context OPTIONAL,
2655 IN BOOLEAN AlreadySynchronized
2656 );
2657 /* ret: STATUS_RANGE_NOT_LOCKED */
2658
2659 NTKERNELAPI
2660 BOOLEAN
2661 NTAPI
2662 FsRtlFindInTunnelCache (
2663 IN PTUNNEL Cache,
2664 IN ULONGLONG DirectoryKey,
2665 IN PUNICODE_STRING Name,
2666 OUT PUNICODE_STRING ShortName,
2667 OUT PUNICODE_STRING LongName,
2668 IN OUT PULONG DataLength,
2669 OUT PVOID Data
2670 );
2671
2672 #if (VER_PRODUCTBUILD >= 2195)
2673
2674 NTKERNELAPI
2675 VOID
2676 NTAPI
2677 FsRtlFreeFileLock (
2678 IN PFILE_LOCK FileLock
2679 );
2680
2681 #endif /* (VER_PRODUCTBUILD >= 2195) */
2682
2683 NTKERNELAPI
2684 NTSTATUS
2685 NTAPI
2686 FsRtlGetFileSize (
2687 IN PFILE_OBJECT FileObject,
2688 IN OUT PLARGE_INTEGER FileSize
2689 );
2690
2691 /*
2692 FsRtlGetNextFileLock:
2693
2694 ret: NULL if no more locks
2695
2696 Internals:
2697 FsRtlGetNextFileLock uses FileLock->LastReturnedLockInfo and
2698 FileLock->LastReturnedLock as storage.
2699 LastReturnedLock is a pointer to the 'raw' lock inkl. double linked
2700 list, and FsRtlGetNextFileLock needs this to get next lock on subsequent
2701 calls with Restart = FALSE.
2702 */
2703 NTKERNELAPI
2704 PFILE_LOCK_INFO
2705 NTAPI
2706 FsRtlGetNextFileLock (
2707 IN PFILE_LOCK FileLock,
2708 IN BOOLEAN Restart
2709 );
2710
2711 NTKERNELAPI
2712 VOID
2713 NTAPI
2714 FsRtlInitializeFileLock (
2715 IN PFILE_LOCK FileLock,
2716 IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL,
2717 IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL
2718 );
2719
2720 NTKERNELAPI
2721 VOID
2722 NTAPI
2723 FsRtlInitializeOplock (
2724 IN OUT POPLOCK Oplock
2725 );
2726
2727 NTKERNELAPI
2728 VOID
2729 NTAPI
2730 FsRtlInitializeTunnelCache (
2731 IN PTUNNEL Cache
2732 );
2733
2734 NTKERNELAPI
2735 BOOLEAN
2736 NTAPI
2737 FsRtlIsNameInExpression (
2738 IN PUNICODE_STRING Expression,
2739 IN PUNICODE_STRING Name,
2740 IN BOOLEAN IgnoreCase,
2741 IN PWCHAR UpcaseTable OPTIONAL
2742 );
2743
2744 NTKERNELAPI
2745 BOOLEAN
2746 NTAPI
2747 FsRtlIsNtstatusExpected (
2748 IN NTSTATUS Ntstatus
2749 );
2750
2751 #define NLS_OEM_LEAD_BYTE_INFO NlsOemLeadByteInfo
2752
2753 extern PUSHORT NlsOemLeadByteInfo;
2754
2755 #define FsRtlIsLeadDbcsCharacter(DBCS_CHAR) ( \
2756 (BOOLEAN)((UCHAR)(DBCS_CHAR) < 0x80 ? FALSE : \
2757 (NLS_MB_CODE_PAGE_TAG && \
2758 (NLS_OEM_LEAD_BYTE_INFO[(UCHAR)(DBCS_CHAR)] != 0))) \
2759 )
2760
2761 #define FsRtlIsAnsiCharacterWild(C) ( \
2762 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], FSRTL_WILD_CHARACTER ) \
2763 )
2764
2765 #define FsRtlIsUnicodeCharacterWild(C) ( \
2766 (((C) >= 0x40) ? \
2767 FALSE : \
2768 FlagOn(FsRtlLegalAnsiCharacterArray[(C)], FSRTL_WILD_CHARACTER )) \
2769 )
2770
2771 NTKERNELAPI
2772 BOOLEAN
2773 NTAPI
2774 FsRtlMdlReadDev (
2775 IN PFILE_OBJECT FileObject,
2776 IN PLARGE_INTEGER FileOffset,
2777 IN ULONG Length,
2778 IN ULONG LockKey,
2779 OUT PMDL *MdlChain,
2780 OUT PIO_STATUS_BLOCK IoStatus,
2781 IN PDEVICE_OBJECT DeviceObject
2782 );
2783
2784 NTKERNELAPI
2785 BOOLEAN
2786 NTAPI
2787 FsRtlMdlReadComplete (
2788 IN PFILE_OBJECT FileObject,
2789 IN PMDL MdlChain
2790 );
2791
2792 NTKERNELAPI
2793 BOOLEAN
2794 NTAPI
2795 FsRtlMdlReadCompleteDev (
2796 IN PFILE_OBJECT FileObject,
2797 IN PMDL MdlChain,
2798 IN PDEVICE_OBJECT DeviceObject
2799 );
2800
2801 NTKERNELAPI
2802 BOOLEAN
2803 NTAPI
2804 FsRtlPrepareMdlWriteDev (
2805 IN PFILE_OBJECT FileObject,
2806 IN PLARGE_INTEGER FileOffset,
2807 IN ULONG Length,
2808 IN ULONG LockKey,
2809 OUT PMDL *MdlChain,
2810 OUT PIO_STATUS_BLOCK IoStatus,
2811 IN PDEVICE_OBJECT DeviceObject
2812 );
2813
2814 NTKERNELAPI
2815 BOOLEAN
2816 NTAPI
2817 FsRtlMdlWriteComplete (
2818 IN PFILE_OBJECT FileObject,
2819 IN PLARGE_INTEGER FileOffset,
2820 IN PMDL MdlChain
2821 );
2822
2823 NTKERNELAPI
2824 BOOLEAN
2825 NTAPI
2826 FsRtlMdlWriteCompleteDev (
2827 IN PFILE_OBJECT FileObject,
2828 IN PLARGE_INTEGER FileOffset,
2829 IN PMDL MdlChain,
2830 IN PDEVICE_OBJECT DeviceObject
2831 );
2832
2833 NTKERNELAPI
2834 NTSTATUS
2835 NTAPI
2836 FsRtlNormalizeNtstatus (
2837 IN NTSTATUS Exception,
2838 IN NTSTATUS GenericException
2839 );
2840
2841 NTKERNELAPI
2842 VOID
2843 NTAPI
2844 FsRtlNotifyChangeDirectory (
2845 IN PNOTIFY_SYNC NotifySync,
2846 IN PVOID FsContext,
2847 IN PSTRING FullDirectoryName,
2848 IN PLIST_ENTRY NotifyList,
2849 IN BOOLEAN WatchTree,
2850 IN ULONG CompletionFilter,
2851 IN PIRP NotifyIrp
2852 );
2853
2854 NTKERNELAPI
2855 VOID
2856 NTAPI
2857 FsRtlNotifyCleanup (
2858 IN PNOTIFY_SYNC NotifySync,
2859 IN PLIST_ENTRY NotifyList,
2860 IN PVOID FsContext
2861 );
2862
2863 typedef BOOLEAN (*PCHECK_FOR_TRAVERSE_ACCESS) (
2864 IN PVOID NotifyContext,
2865 IN PVOID TargetContext,
2866 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
2867 );
2868
2869 NTKERNELAPI
2870 VOID
2871 NTAPI
2872 FsRtlNotifyFullChangeDirectory (
2873 IN PNOTIFY_SYNC NotifySync,
2874 IN PLIST_ENTRY NotifyList,
2875 IN PVOID FsContext,
2876 IN PSTRING FullDirectoryName,
2877 IN BOOLEAN WatchTree,
2878 IN BOOLEAN IgnoreBuffer,
2879 IN ULONG CompletionFilter,
2880 IN PIRP NotifyIrp,
2881 IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL,
2882 IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL
2883 );
2884
2885 NTKERNELAPI
2886 VOID
2887 NTAPI
2888 FsRtlNotifyFullReportChange (
2889 IN PNOTIFY_SYNC NotifySync,
2890 IN PLIST_ENTRY NotifyList,
2891 IN PSTRING FullTargetName,
2892 IN USHORT TargetNameOffset,
2893 IN PSTRING StreamName OPTIONAL,
2894 IN PSTRING NormalizedParentName OPTIONAL,
2895 IN ULONG FilterMatch,
2896 IN ULONG Action,
2897 IN PVOID TargetContext
2898 );
2899
2900 NTKERNELAPI
2901 VOID
2902 NTAPI
2903 FsRtlNotifyInitializeSync (
2904 IN PNOTIFY_SYNC *NotifySync
2905 );
2906
2907 NTKERNELAPI
2908 VOID
2909 NTAPI
2910 FsRtlNotifyReportChange (
2911 IN PNOTIFY_SYNC NotifySync,
2912 IN PLIST_ENTRY NotifyList,
2913 IN PSTRING FullTargetName,
2914 IN PUSHORT FileNamePartLength,
2915 IN ULONG FilterMatch
2916 );
2917
2918 NTKERNELAPI
2919 VOID
2920 NTAPI
2921 FsRtlNotifyUninitializeSync (
2922 IN PNOTIFY_SYNC *NotifySync
2923 );
2924
2925 #if (VER_PRODUCTBUILD >= 2195)
2926
2927 NTKERNELAPI
2928 NTSTATUS
2929 NTAPI
2930 FsRtlNotifyVolumeEvent (
2931 IN PFILE_OBJECT FileObject,
2932 IN ULONG EventCode
2933 );
2934
2935 #endif /* (VER_PRODUCTBUILD >= 2195) */
2936
2937 NTKERNELAPI
2938 NTSTATUS
2939 NTAPI
2940 FsRtlOplockFsctrl (
2941 IN POPLOCK Oplock,
2942 IN PIRP Irp,
2943 IN ULONG OpenCount
2944 );
2945
2946 NTKERNELAPI
2947 BOOLEAN
2948 NTAPI
2949 FsRtlOplockIsFastIoPossible (
2950 IN POPLOCK Oplock
2951 );
2952
2953 /*
2954 FsRtlPrivateLock:
2955
2956 ret: IoStatus->Status: STATUS_PENDING, STATUS_LOCK_NOT_GRANTED
2957
2958 Internals:
2959 -Calls IoCompleteRequest if Irp
2960 -Uses exception handling / ExRaiseStatus with STATUS_INSUFFICIENT_RESOURCES
2961 */
2962 NTKERNELAPI
2963 BOOLEAN
2964 NTAPI
2965 FsRtlPrivateLock (
2966 IN PFILE_LOCK FileLock,
2967 IN PFILE_OBJECT FileObject,
2968 IN PLARGE_INTEGER FileOffset,
2969 IN PLARGE_INTEGER Length,
2970 IN PEPROCESS Process,
2971 IN ULONG Key,
2972 IN BOOLEAN FailImmediately,
2973 IN BOOLEAN ExclusiveLock,
2974 OUT PIO_STATUS_BLOCK IoStatus,
2975 IN PIRP Irp OPTIONAL,
2976 IN PVOID Context,
2977 IN BOOLEAN AlreadySynchronized
2978 );
2979
2980 /*
2981 FsRtlProcessFileLock:
2982
2983 ret:
2984 -STATUS_INVALID_DEVICE_REQUEST
2985 -STATUS_RANGE_NOT_LOCKED from unlock routines.
2986 -STATUS_PENDING, STATUS_LOCK_NOT_GRANTED from FsRtlPrivateLock
2987 (redirected IoStatus->Status).
2988
2989 Internals:
2990 -switch ( Irp->CurrentStackLocation->MinorFunction )
2991 lock: return FsRtlPrivateLock;
2992 unlocksingle: return FsRtlFastUnlockSingle;
2993 unlockall: return FsRtlFastUnlockAll;
2994 unlockallbykey: return FsRtlFastUnlockAllByKey;
2995 default: IofCompleteRequest with STATUS_INVALID_DEVICE_REQUEST;
2996 return STATUS_INVALID_DEVICE_REQUEST;
2997
2998 -'AllwaysZero' is passed thru as 'AllwaysZero' to lock / unlock routines.
2999 -'Irp' is passet thru as 'Irp' to FsRtlPrivateLock.
3000 */
3001 NTKERNELAPI
3002 NTSTATUS
3003 NTAPI
3004 FsRtlProcessFileLock (
3005 IN PFILE_LOCK FileLock,
3006 IN PIRP Irp,
3007 IN PVOID Context OPTIONAL
3008 );
3009
3010 NTKERNELAPI
3011 NTSTATUS
3012 NTAPI
3013 FsRtlRegisterUncProvider (
3014 IN OUT PHANDLE MupHandle,
3015 IN PUNICODE_STRING RedirectorDeviceName,
3016 IN BOOLEAN MailslotsSupported
3017 );
3018
3019 typedef VOID
3020 (NTAPI *PFSRTL_STACK_OVERFLOW_ROUTINE) (
3021 IN PVOID Context,
3022 IN PKEVENT Event
3023 );
3024
3025 NTKERNELAPI
3026 VOID
3027 NTAPI
3028 FsRtlPostStackOverflow (
3029 IN PVOID Context,
3030 IN PKEVENT Event,
3031 IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine
3032 );
3033
3034 NTKERNELAPI
3035 VOID
3036 NTAPI
3037 FsRtlPostPagingFileStackOverflow (
3038 IN PVOID Context,
3039 IN PKEVENT Event,
3040 IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine
3041 );
3042
3043 NTKERNELAPI
3044 VOID
3045 NTAPI
3046 FsRtlUninitializeFileLock (
3047 IN PFILE_LOCK FileLock
3048 );
3049
3050 NTKERNELAPI
3051 VOID
3052 NTAPI
3053 FsRtlUninitializeOplock (
3054 IN OUT POPLOCK Oplock
3055 );
3056
3057 NTHALAPI
3058 VOID
3059 NTAPI
3060 HalDisplayString (
3061 IN PCHAR String
3062 );
3063
3064 NTHALAPI
3065 VOID
3066 NTAPI
3067 HalSetRealTimeClock (
3068 IN PTIME_FIELDS TimeFields
3069 );
3070
3071 NTKERNELAPI
3072 NTSTATUS
3073 NTAPI
3074 IoAttachDeviceToDeviceStackSafe(
3075 IN PDEVICE_OBJECT SourceDevice,
3076 IN PDEVICE_OBJECT TargetDevice,
3077 OUT PDEVICE_OBJECT *AttachedToDeviceObject
3078 );
3079
3080 NTKERNELAPI
3081 VOID
3082 NTAPI
3083 IoAcquireVpbSpinLock (
3084 OUT PKIRQL Irql
3085 );
3086
3087 NTKERNELAPI
3088 NTSTATUS
3089 NTAPI
3090 IoCheckDesiredAccess (
3091 IN OUT PACCESS_MASK DesiredAccess,
3092 IN ACCESS_MASK GrantedAccess
3093 );
3094
3095 NTKERNELAPI
3096 NTSTATUS
3097 NTAPI
3098 IoCheckEaBufferValidity (
3099 IN PFILE_FULL_EA_INFORMATION EaBuffer,
3100 IN ULONG EaLength,
3101 OUT PULONG ErrorOffset
3102 );
3103
3104 NTKERNELAPI
3105 NTSTATUS
3106 NTAPI
3107 IoCheckFunctionAccess (
3108 IN ACCESS_MASK GrantedAccess,
3109 IN UCHAR MajorFunction,
3110 IN UCHAR MinorFunction,
3111 IN ULONG IoControlCode,
3112 IN PVOID Argument1 OPTIONAL,
3113 IN PVOID Argument2 OPTIONAL
3114 );
3115
3116 #if (VER_PRODUCTBUILD >= 2195)
3117
3118 NTKERNELAPI
3119 NTSTATUS
3120 NTAPI
3121 IoCheckQuotaBufferValidity (
3122 IN PFILE_QUOTA_INFORMATION QuotaBuffer,
3123 IN ULONG QuotaLength,
3124 OUT PULONG ErrorOffset
3125 );
3126
3127 #endif /* (VER_PRODUCTBUILD >= 2195) */
3128
3129 NTKERNELAPI
3130 PFILE_OBJECT
3131 NTAPI
3132 IoCreateStreamFileObject (
3133 IN PFILE_OBJECT FileObject OPTIONAL,
3134 IN PDEVICE_OBJECT DeviceObject OPTIONAL
3135 );
3136
3137 #if (VER_PRODUCTBUILD >= 2195)
3138
3139 NTKERNELAPI
3140 PFILE_OBJECT
3141 NTAPI
3142 IoCreateStreamFileObjectLite (
3143 IN PFILE_OBJECT FileObject OPTIONAL,
3144 IN PDEVICE_OBJECT DeviceObject OPTIONAL
3145 );
3146
3147 #endif /* (VER_PRODUCTBUILD >= 2195) */
3148
3149 NTKERNELAPI
3150 BOOLEAN
3151 NTAPI
3152 IoFastQueryNetworkAttributes (
3153 IN POBJECT_ATTRIBUTES ObjectAttributes,
3154 IN ACCESS_MASK DesiredAccess,
3155 IN ULONG OpenOptions,
3156 OUT PIO_STATUS_BLOCK IoStatus,
3157 OUT PFILE_NETWORK_OPEN_INFORMATION Buffer
3158 );
3159
3160 NTKERNELAPI
3161 PDEVICE_OBJECT
3162 NTAPI
3163 IoGetAttachedDevice (
3164 IN PDEVICE_OBJECT DeviceObject
3165 );
3166
3167 NTKERNELAPI
3168 PDEVICE_OBJECT
3169 NTAPI
3170 IoGetBaseFileSystemDeviceObject (
3171 IN PFILE_OBJECT FileObject
3172 );
3173
3174 NTKERNELAPI
3175 PEPROCESS
3176 NTAPI
3177 IoGetRequestorProcess (
3178 IN PIRP Irp
3179 );
3180
3181 #if (VER_PRODUCTBUILD >= 2195)
3182
3183 NTKERNELAPI
3184 ULONG
3185 NTAPI
3186 IoGetRequestorProcessId (
3187 IN PIRP Irp
3188 );
3189
3190 #endif /* (VER_PRODUCTBUILD >= 2195) */
3191
3192 NTKERNELAPI
3193 PIRP
3194 NTAPI
3195 IoGetTopLevelIrp (
3196 VOID
3197 );
3198
3199 #define IoIsFileOpenedExclusively(FileObject) ( \
3200 (BOOLEAN) !( \
3201 (FileObject)->SharedRead || \
3202 (FileObject)->SharedWrite || \
3203 (FileObject)->SharedDelete \
3204 ) \
3205 )
3206
3207 NTKERNELAPI
3208 BOOLEAN
3209 NTAPI
3210 IoIsOperationSynchronous (
3211 IN PIRP Irp
3212 );
3213
3214 NTKERNELAPI
3215 BOOLEAN
3216 NTAPI
3217 IoIsSystemThread (
3218 IN PETHREAD Thread
3219 );
3220
3221 #if (VER_PRODUCTBUILD >= 2195)
3222
3223 NTKERNELAPI
3224 BOOLEAN
3225 NTAPI
3226 IoIsValidNameGraftingBuffer (
3227 IN PIRP Irp,
3228 IN PREPARSE_DATA_BUFFER ReparseBuffer
3229 );
3230
3231 #endif /* (VER_PRODUCTBUILD >= 2195) */
3232
3233 NTKERNELAPI
3234 NTSTATUS
3235 NTAPI
3236 IoPageRead (
3237 IN PFILE_OBJECT FileObject,
3238 IN PMDL Mdl,
3239 IN PLARGE_INTEGER Offset,
3240 IN PKEVENT Event,
3241 OUT PIO_STATUS_BLOCK IoStatusBlock
3242 );
3243
3244 NTKERNELAPI
3245 NTSTATUS
3246 NTAPI
3247 IoQueryFileInformation (
3248 IN PFILE_OBJECT FileObject,
3249 IN FILE_INFORMATION_CLASS FileInformationClass,
3250 IN ULONG Length,
3251 OUT PVOID FileInformation,
3252 OUT PULONG ReturnedLength
3253 );
3254
3255 NTKERNELAPI
3256 NTSTATUS
3257 NTAPI
3258 IoQueryVolumeInformation (
3259 IN PFILE_OBJECT FileObject,
3260 IN FS_INFORMATION_CLASS FsInformationClass,
3261 IN ULONG Length,
3262 OUT PVOID FsInformation,
3263 OUT PULONG ReturnedLength
3264 );
3265
3266 NTKERNELAPI
3267 VOID
3268 NTAPI
3269 IoQueueThreadIrp(
3270 IN PIRP Irp
3271 );
3272
3273 NTKERNELAPI
3274 VOID
3275 NTAPI
3276 IoRegisterFileSystem (
3277 IN OUT PDEVICE_OBJECT DeviceObject
3278 );
3279
3280 #if (VER_PRODUCTBUILD >= 1381)
3281
3282 typedef VOID (NTAPI *PDRIVER_FS_NOTIFICATION) (
3283 IN PDEVICE_OBJECT DeviceObject,
3284 IN BOOLEAN DriverActive
3285 );
3286
3287 NTKERNELAPI
3288 NTSTATUS
3289 NTAPI
3290 IoRegisterFsRegistrationChange (
3291 IN PDRIVER_OBJECT DriverObject,
3292 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
3293 );
3294
3295 #endif /* (VER_PRODUCTBUILD >= 1381) */
3296
3297 NTKERNELAPI
3298 VOID
3299 NTAPI
3300 IoReleaseVpbSpinLock (
3301 IN KIRQL Irql
3302 );
3303
3304 NTKERNELAPI
3305 VOID
3306 NTAPI
3307 IoSetDeviceToVerify (
3308 IN PETHREAD Thread,
3309 IN PDEVICE_OBJECT DeviceObject
3310 );
3311
3312 NTKERNELAPI
3313 NTSTATUS
3314 NTAPI
3315 IoSetInformation (
3316 IN PFILE_OBJECT FileObject,
3317 IN FILE_INFORMATION_CLASS FileInformationClass,
3318 IN ULONG Length,
3319 IN PVOID FileInformation
3320 );
3321
3322 NTKERNELAPI
3323 VOID
3324 NTAPI
3325 IoSetTopLevelIrp (
3326 IN PIRP Irp
3327 );
3328
3329 NTKERNELAPI
3330 NTSTATUS
3331 NTAPI
3332 IoSynchronousPageWrite (
3333 IN PFILE_OBJECT FileObject,
3334 IN PMDL Mdl,
3335 IN PLARGE_INTEGER FileOffset,
3336 IN PKEVENT Event,
3337 OUT PIO_STATUS_BLOCK IoStatusBlock
3338 );
3339
3340 NTKERNELAPI
3341 PEPROCESS
3342 NTAPI
3343 IoThreadToProcess (
3344 IN PETHREAD Thread
3345 );
3346
3347 NTKERNELAPI
3348 VOID
3349 NTAPI
3350 IoUnregisterFileSystem (
3351 IN OUT PDEVICE_OBJECT DeviceObject
3352 );
3353
3354 #if (VER_PRODUCTBUILD >= 1381)
3355
3356 NTKERNELAPI
3357 VOID
3358 NTAPI
3359 IoUnregisterFsRegistrationChange (
3360 IN PDRIVER_OBJECT DriverObject,
3361 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
3362 );
3363
3364 #endif /* (VER_PRODUCTBUILD >= 1381) */
3365
3366 NTKERNELAPI
3367 NTSTATUS
3368 NTAPI
3369 IoVerifyVolume (
3370 IN PDEVICE_OBJECT DeviceObject,
3371 IN BOOLEAN AllowRawMount
3372 );
3373
3374 NTKERNELAPI
3375 VOID
3376 NTAPI
3377 KeAttachProcess (
3378 IN PKPROCESS Process
3379 );
3380
3381 NTKERNELAPI
3382 VOID
3383 NTAPI
3384 KeDetachProcess (
3385 VOID
3386 );
3387
3388 NTKERNELAPI
3389 VOID
3390 NTAPI
3391 KeInitializeQueue (
3392 IN PRKQUEUE Queue,
3393 IN ULONG Count OPTIONAL
3394 );
3395
3396 NTKERNELAPI
3397 LONG
3398 NTAPI
3399 KeInsertHeadQueue (
3400 IN PRKQUEUE Queue,
3401 IN PLIST_ENTRY Entry
3402 );
3403
3404 NTKERNELAPI
3405 LONG
3406 NTAPI
3407 KeInsertQueue (
3408 IN PRKQUEUE Queue,
3409 IN PLIST_ENTRY Entry
3410 );
3411
3412 NTKERNELAPI
3413 LONG
3414 NTAPI
3415 KeReadStateQueue (
3416 IN PRKQUEUE Queue
3417 );
3418
3419 NTKERNELAPI
3420 PLIST_ENTRY
3421 NTAPI
3422 KeRemoveQueue (
3423 IN PRKQUEUE Queue,
3424 IN KPROCESSOR_MODE WaitMode,
3425 IN PLARGE_INTEGER Timeout OPTIONAL
3426 );
3427
3428 NTKERNELAPI
3429 PLIST_ENTRY
3430 NTAPI
3431 KeRundownQueue (
3432 IN PRKQUEUE Queue
3433 );
3434
3435 NTKERNELAPI
3436 VOID
3437 NTAPI
3438 KeInitializeMutant (
3439 IN PRKMUTANT Mutant,
3440 IN BOOLEAN InitialOwner
3441 );
3442
3443 NTKERNELAPI
3444 LONG
3445 NTAPI
3446 KeReadStateMutant (
3447 IN PRKMUTANT Mutant
3448 );
3449
3450 NTKERNELAPI
3451 LONG
3452 NTAPI
3453 KeReleaseMutant (
3454 IN PRKMUTANT Mutant,
3455 IN KPRIORITY Increment,
3456 IN BOOLEAN Abandoned,
3457 IN BOOLEAN Wait
3458 );
3459
3460 #if (VER_PRODUCTBUILD >= 2195)
3461
3462 NTKERNELAPI
3463 VOID
3464 NTAPI
3465 KeStackAttachProcess (
3466 IN PKPROCESS Process,
3467 OUT PKAPC_STATE ApcState
3468 );
3469
3470 NTKERNELAPI
3471 VOID
3472 NTAPI
3473 KeUnstackDetachProcess (
3474 IN PKAPC_STATE ApcState
3475 );
3476
3477 #endif /* (VER_PRODUCTBUILD >= 2195) */
3478
3479 NTKERNELAPI
3480 BOOLEAN
3481 NTAPI
3482 KeSetKernelStackSwapEnable(
3483 IN BOOLEAN Enable
3484 );
3485
3486 NTKERNELAPI
3487 BOOLEAN
3488 NTAPI
3489 MmCanFileBeTruncated (
3490 IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
3491 IN PLARGE_INTEGER NewFileSize
3492 );
3493
3494 NTKERNELAPI
3495 BOOLEAN
3496 NTAPI
3497 MmFlushImageSection (
3498 IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
3499 IN MMFLUSH_TYPE FlushType
3500 );
3501
3502 NTKERNELAPI
3503 BOOLEAN
3504 NTAPI
3505 MmForceSectionClosed (
3506 IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
3507 IN BOOLEAN DelayClose
3508 );
3509
3510 #if (VER_PRODUCTBUILD >= 1381)
3511
3512 NTKERNELAPI
3513 BOOLEAN
3514 NTAPI
3515 MmIsRecursiveIoFault (
3516 VOID
3517 );
3518
3519 #else
3520
3521 #define MmIsRecursiveIoFault() ( \
3522 (PsGetCurrentThread()->DisablePageFaultClustering) | \
3523 (PsGetCurrentThread()->ForwardClusterOnly) \
3524 )
3525
3526 #endif
3527
3528
3529 NTKERNELAPI
3530 BOOLEAN
3531 NTAPI
3532 MmSetAddressRangeModified (
3533 IN PVOID Address,
3534 IN ULONG Length
3535 );
3536
3537 NTKERNELAPI
3538 NTSTATUS
3539 NTAPI
3540 ObCreateObject (
3541 IN KPROCESSOR_MODE ObjectAttributesAccessMode OPTIONAL,
3542 IN POBJECT_TYPE ObjectType,
3543 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
3544 IN KPROCESSOR_MODE AccessMode,
3545 IN OUT PVOID ParseContext OPTIONAL,
3546 IN ULONG ObjectSize,
3547 IN ULONG PagedPoolCharge OPTIONAL,
3548 IN ULONG NonPagedPoolCharge OPTIONAL,
3549 OUT PVOID *Object
3550 );
3551
3552 NTKERNELAPI
3553 ULONG
3554 NTAPI
3555 ObGetObjectPointerCount (
3556 IN PVOID Object
3557 );
3558
3559 NTKERNELAPI
3560 NTSTATUS
3561 NTAPI
3562 ObInsertObject (
3563 IN PVOID Object,
3564 IN PACCESS_STATE PassedAccessState OPTIONAL,
3565 IN ACCESS_MASK DesiredAccess,
3566 IN ULONG AdditionalReferences,
3567 OUT PVOID *ReferencedObject OPTIONAL,
3568 OUT PHANDLE Handle
3569 );
3570
3571 NTKERNELAPI
3572 VOID
3573 NTAPI
3574 ObMakeTemporaryObject (
3575 IN PVOID Object
3576 );
3577
3578 NTKERNELAPI
3579 NTSTATUS
3580 NTAPI
3581 ObOpenObjectByPointer (
3582 IN PVOID Object,
3583 IN ULONG HandleAttributes,
3584 IN PACCESS_STATE PassedAccessState OPTIONAL,
3585 IN ACCESS_MASK DesiredAccess OPTIONAL,
3586 IN POBJECT_TYPE ObjectType OPTIONAL,
3587 IN KPROCESSOR_MODE AccessMode,
3588 OUT PHANDLE Handle
3589 );
3590
3591 NTKERNELAPI
3592 NTSTATUS
3593 NTAPI
3594 ObQueryNameString (
3595 IN PVOID Object,
3596 OUT POBJECT_NAME_INFORMATION ObjectNameInfo,
3597 IN ULONG Length,
3598 OUT PULONG ReturnLength
3599 );
3600
3601 NTKERNELAPI
3602 NTSTATUS
3603 NTAPI
3604 ObQueryObjectAuditingByHandle (
3605 IN HANDLE Handle,
3606 OUT PBOOLEAN GenerateOnClose
3607 );
3608
3609 NTKERNELAPI
3610 NTSTATUS
3611 NTAPI
3612 ObReferenceObjectByName (
3613 IN PUNICODE_STRING ObjectName,
3614 IN ULONG Attributes,
3615 IN PACCESS_STATE PassedAccessState OPTIONAL,
3616 IN ACCESS_MASK DesiredAccess OPTIONAL,
3617 IN POBJECT_TYPE ObjectType,
3618 IN KPROCESSOR_MODE AccessMode,
3619 IN OUT PVOID ParseContext OPTIONAL,
3620 OUT PVOID *Object
3621 );
3622
3623 NTKERNELAPI
3624 NTSTATUS
3625 NTAPI
3626 PsAssignImpersonationToken (
3627 IN PETHREAD Thread,
3628 IN HANDLE Token
3629 );
3630
3631 NTKERNELAPI
3632 VOID
3633 NTAPI
3634 PsChargePoolQuota (
3635 IN PEPROCESS Process,
3636 IN POOL_TYPE PoolType,
3637 IN ULONG Amount
3638 );
3639
3640 NTKERNELAPI
3641 NTSTATUS
3642 NTAPI
3643 PsChargeProcessPoolQuota (
3644 IN PEPROCESS Process,
3645 IN POOL_TYPE PoolType,
3646 IN ULONG_PTR Amount
3647 );
3648
3649 #define PsDereferenceImpersonationToken(T) \
3650 {if (ARGUMENT_PRESENT(T)) { \
3651 (ObDereferenceObject((T))); \
3652 } else { \
3653 ; \
3654 } \
3655 }
3656
3657 #define PsDereferencePrimaryToken(T) (ObDereferenceObject((T)))
3658
3659 NTKERNELAPI
3660 BOOLEAN
3661 NTAPI
3662 PsDisableImpersonation(
3663 IN PETHREAD Thread,
3664 IN PSE_IMPERSONATION_STATE ImpersonationState
3665 );
3666
3667 NTKERNELAPI
3668 LARGE_INTEGER
3669 NTAPI
3670 PsGetProcessExitTime (
3671 VOID
3672 );
3673
3674 NTKERNELAPI
3675 NTSTATUS
3676 NTAPI
3677 PsImpersonateClient(
3678 IN PETHREAD Thread,
3679 IN PACCESS_TOKEN Token,
3680 IN BOOLEAN CopyOnOpen,
3681 IN BOOLEAN EffectiveOnly,
3682 IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
3683 );
3684
3685 NTKERNELAPI
3686 BOOLEAN
3687 NTAPI
3688 PsIsSystemThread(
3689 IN PETHREAD Thread
3690 );
3691
3692 NTKERNELAPI
3693 BOOLEAN
3694 NTAPI
3695 PsIsThreadTerminating (
3696 IN PETHREAD Thread
3697 );
3698
3699 NTKERNELAPI
3700 NTSTATUS
3701 NTAPI
3702 PsLookupProcessByProcessId (
3703 IN HANDLE ProcessId,
3704 OUT PEPROCESS *Process
3705 );
3706
3707 NTKERNELAPI
3708 NTSTATUS
3709 NTAPI
3710 PsLookupProcessThreadByCid (
3711 IN PCLIENT_ID Cid,
3712 OUT PEPROCESS *Process OPTIONAL,
3713 OUT PETHREAD *Thread
3714 );
3715
3716 NTKERNELAPI
3717 NTSTATUS
3718 NTAPI
3719 PsLookupThreadByThreadId (
3720 IN HANDLE UniqueThreadId,
3721 OUT PETHREAD *Thread
3722 );
3723
3724 NTKERNELAPI
3725 PACCESS_TOKEN
3726 NTAPI
3727 PsReferenceImpersonationToken (
3728 IN PETHREAD Thread,
3729 OUT PBOOLEAN CopyOnUse,
3730 OUT PBOOLEAN EffectiveOnly,
3731 OUT PSECURITY_IMPERSONATION_LEVEL Level
3732 );
3733
3734 NTKERNELAPI
3735 HANDLE
3736 NTAPI
3737 PsReferencePrimaryToken (
3738 IN PEPROCESS Process
3739 );
3740
3741 NTKERNELAPI
3742 VOID
3743 NTAPI
3744 PsRestoreImpersonation(
3745 IN PETHREAD Thread,
3746 IN PSE_IMPERSONATION_STATE ImpersonationState
3747 );
3748
3749 NTKERNELAPI
3750 VOID
3751 NTAPI
3752 PsReturnPoolQuota (
3753 IN PEPROCESS Process,
3754 IN POOL_TYPE PoolType,
3755 IN ULONG Amount
3756 );
3757
3758 NTKERNELAPI
3759 VOID
3760 NTAPI
3761 PsRevertToSelf (
3762 VOID
3763 );
3764
3765 NTSYSAPI
3766 NTSTATUS
3767 NTAPI
3768 RtlAbsoluteToSelfRelativeSD (
3769 IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor,
3770 IN OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor,
3771 IN PULONG BufferLength
3772 );
3773
3774 NTSYSAPI
3775 PVOID
3776 NTAPI
3777 RtlAllocateHeap (
3778 IN HANDLE HeapHandle,
3779 IN ULONG Flags,
3780 IN ULONG Size
3781 );
3782
3783 NTSYSAPI
3784 USHORT
3785 NTAPI
3786 RtlCaptureStackBackTrace (
3787 IN ULONG FramesToSkip,
3788 IN ULONG FramesToCapture,
3789 OUT PVOID *BackTrace,
3790 OUT PULONG BackTraceHash OPTIONAL
3791 );
3792
3793 NTSYSAPI
3794 NTSTATUS
3795 NTAPI
3796 RtlCompressBuffer (
3797 IN USHORT CompressionFormatAndEngine,
3798 IN PUCHAR UncompressedBuffer,
3799 IN ULONG UncompressedBufferSize,
3800 OUT PUCHAR CompressedBuffer,
3801 IN ULONG CompressedBufferSize,
3802 IN ULONG UncompressedChunkSize,
3803 OUT PULONG FinalCompressedSize,
3804 IN PVOID WorkSpace
3805 );
3806
3807 NTSYSAPI
3808 NTSTATUS
3809 NTAPI
3810 RtlCompressChunks (
3811 IN PUCHAR UncompressedBuffer,
3812 IN ULONG UncompressedBufferSize,
3813 OUT PUCHAR CompressedBuffer,
3814 IN ULONG CompressedBufferSize,
3815 IN OUT PCOMPRESSED_DATA_INFO CompressedDataInfo,
3816 IN ULONG CompressedDataInfoLength,
3817 IN PVOID WorkSpace
3818 );
3819
3820 NTSYSAPI
3821 NTSTATUS
3822 NTAPI
3823 RtlConvertSidToUnicodeString (
3824 OUT PUNICODE_STRING DestinationString,
3825 IN PSID Sid,
3826 IN BOOLEAN AllocateDestinationString
3827 );
3828
3829 NTSYSAPI
3830 NTSTATUS
3831 NTAPI
3832 RtlCopySid (
3833 IN ULONG Length,
3834 IN PSID Destination,
3835 IN PSID Source
3836 );
3837
3838 NTSYSAPI
3839 BOOLEAN
3840 NTAPI
3841 RtlCreateUnicodeString(
3842 PUNICODE_STRING DestinationString,
3843 PCWSTR SourceString
3844 );
3845
3846 NTSYSAPI
3847 NTSTATUS
3848 NTAPI
3849 RtlDecompressBuffer (
3850 IN USHORT CompressionFormat,
3851 OUT PUCHAR UncompressedBuffer,
3852 IN ULONG UncompressedBufferSize,
3853 IN PUCHAR CompressedBuffer,
3854 IN ULONG CompressedBufferSize,
3855 OUT PULONG FinalUncompressedSize
3856 );
3857
3858 NTSYSAPI
3859 NTSTATUS
3860 NTAPI
3861 RtlDecompressChunks (
3862 OUT PUCHAR UncompressedBuffer,
3863 IN ULONG UncompressedBufferSize,
3864 IN PUCHAR CompressedBuffer,
3865 IN ULONG CompressedBufferSize,
3866 IN PUCHAR CompressedTail,
3867 IN ULONG CompressedTailSize,
3868 IN PCOMPRESSED_DATA_INFO CompressedDataInfo
3869 );
3870
3871 NTSYSAPI
3872 NTSTATUS
3873 NTAPI
3874 RtlDecompressFragment (
3875 IN USHORT CompressionFormat,
3876 OUT PUCHAR UncompressedFragment,
3877 IN ULONG UncompressedFragmentSize,
3878 IN PUCHAR CompressedBuffer,
3879 IN ULONG CompressedBufferSize,
3880 IN ULONG FragmentOffset,
3881 OUT PULONG FinalUncompressedSize,
3882 IN PVOID WorkSpace
3883 );
3884
3885 NTSYSAPI
3886 NTSTATUS
3887 NTAPI
3888 RtlDescribeChunk (
3889 IN USHORT CompressionFormat,
3890 IN OUT PUCHAR *CompressedBuffer,
3891 IN PUCHAR EndOfCompressedBufferPlus1,
3892 OUT PUCHAR *ChunkBuffer,
3893 OUT PULONG ChunkSize
3894 );
3895
3896 NTSYSAPI
3897 NTSTATUS
3898 NTAPI
3899 RtlDowncaseUnicodeString(
3900 IN OUT PUNICODE_STRING UniDest,
3901 IN PCUNICODE_STRING UniSource,
3902 IN BOOLEAN AllocateDestinationString
3903 );
3904
3905 NTSYSAPI
3906 NTSTATUS
3907 NTAPI
3908 RtlDuplicateUnicodeString(
3909 IN ULONG Flags,
3910 IN PCUNICODE_STRING SourceString,
3911 OUT PUNICODE_STRING DestinationString
3912 );
3913
3914 NTSYSAPI
3915 BOOLEAN
3916 NTAPI
3917 RtlEqualSid (
3918 IN PSID Sid1,
3919 IN PSID Sid2
3920 );
3921
3922 NTSYSAPI
3923 VOID
3924 NTAPI
3925 RtlFillMemoryUlong (
3926 IN PVOID Destination,
3927 IN ULONG Length,
3928 IN ULONG Fill
3929 );
3930
3931 NTSYSAPI
3932 BOOLEAN
3933 NTAPI
3934 RtlFreeHeap (
3935 IN HANDLE HeapHandle,
3936 IN ULONG Flags,
3937 IN PVOID P
3938 );
3939
3940 NTSYSAPI
3941 VOID
3942 NTAPI
3943 RtlGenerate8dot3Name (
3944 IN PUNICODE_STRING Name,
3945 IN BOOLEAN AllowExtendedCharacters,
3946 IN OUT PGENERATE_NAME_CONTEXT Context,
3947 OUT PUNICODE_STRING Name8dot3
3948 );
3949
3950 NTSYSAPI
3951 NTSTATUS
3952 NTAPI
3953 RtlGetCompressionWorkSpaceSize (
3954 IN USHORT CompressionFormatAndEngine,
3955 OUT PULONG CompressBufferWorkSpaceSize,
3956 OUT PULONG CompressFragmentWorkSpaceSize
3957 );
3958
3959 NTSYSAPI
3960 NTSTATUS
3961 NTAPI
3962 RtlGetDaclSecurityDescriptor (
3963 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
3964 OUT PBOOLEAN DaclPresent,
3965 OUT PACL *Dacl,
3966 OUT PBOOLEAN DaclDefaulted
3967 );
3968
3969 NTSYSAPI
3970 NTSTATUS
3971 NTAPI
3972 RtlGetGroupSecurityDescriptor (
3973 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
3974 OUT PSID *Group,
3975 OUT PBOOLEAN GroupDefaulted
3976 );
3977
3978 NTSYSAPI
3979 NTSTATUS
3980 NTAPI
3981 RtlGetOwnerSecurityDescriptor (
3982 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
3983 OUT PSID *Owner,
3984 OUT PBOOLEAN OwnerDefaulted
3985 );
3986
3987 NTSYSAPI
3988 NTSTATUS
3989 NTAPI
3990 RtlInitializeSid (
3991 IN OUT PSID Sid,
3992 IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
3993 IN UCHAR SubAuthorityCount
3994 );
3995
3996 NTSYSAPI
3997 BOOLEAN
3998 NTAPI
3999 RtlIsNameLegalDOS8Dot3(
4000 IN PCUNICODE_STRING Name,
4001 IN OUT POEM_STRING OemName OPTIONAL,
4002 IN OUT PBOOLEAN NameContainsSpaces OPTIONAL
4003 );
4004
4005 NTSYSAPI
4006 ULONG
4007 NTAPI
4008 RtlLengthRequiredSid (
4009 IN ULONG SubAuthorityCount
4010 );
4011
4012 NTSYSAPI
4013 ULONG
4014 NTAPI
4015 RtlLengthSid (
4016 IN PSID Sid
4017 );
4018
4019 NTSYSAPI
4020 ULONG
4021 NTAPI
4022 RtlNtStatusToDosError (
4023 IN NTSTATUS Status
4024 );
4025
4026 NTSYSAPI
4027 NTSTATUS
4028 NTAPI
4029 RtlOemStringToUnicodeString(
4030 IN OUT PUNICODE_STRING DestinationString,
4031 IN PCOEM_STRING SourceString,
4032 IN BOOLEAN AllocateDestinationString
4033 );
4034
4035 NTSYSAPI
4036 NTSTATUS
4037 NTAPI
4038 RtlUnicodeStringToOemString(
4039 IN OUT POEM_STRING DestinationString,
4040 IN PCUNICODE_STRING SourceString,
4041 IN BOOLEAN AllocateDestinationString
4042 );
4043
4044 NTSYSAPI
4045 NTSTATUS
4046 NTAPI
4047 RtlReserveChunk (
4048 IN USHORT CompressionFormat,
4049 IN OUT PUCHAR *CompressedBuffer,
4050 IN PUCHAR EndOfCompressedBufferPlus1,
4051 OUT PUCHAR *ChunkBuffer,
4052 IN ULONG ChunkSize
4053 );
4054
4055 NTSYSAPI
4056 VOID
4057 NTAPI
4058 RtlSecondsSince1970ToTime (
4059 IN ULONG SecondsSince1970,
4060 OUT PLARGE_INTEGER Time
4061 );
4062
4063 NTSYSAPI
4064 NTSTATUS
4065 NTAPI
4066 RtlSetGroupSecurityDescriptor (
4067 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
4068 IN PSID Group,
4069 IN BOOLEAN GroupDefaulted
4070 );
4071
4072 NTSYSAPI
4073 NTSTATUS
4074 NTAPI
4075 RtlSetOwnerSecurityDescriptor (
4076 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
4077 IN PSID Owner,
4078 IN BOOLEAN OwnerDefaulted
4079 );
4080
4081 NTSYSAPI
4082 NTSTATUS
4083 NTAPI
4084 RtlSetSaclSecurityDescriptor (
4085 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
4086 IN BOOLEAN SaclPresent,
4087 IN PACL Sacl,
4088 IN BOOLEAN SaclDefaulted
4089 );
4090
4091 NTSYSAPI
4092 PUCHAR
4093 NTAPI
4094 RtlSubAuthorityCountSid (
4095 IN PSID Sid
4096 );
4097
4098 NTSYSAPI
4099 PULONG
4100 NTAPI
4101 RtlSubAuthoritySid (
4102 IN PSID Sid,
4103 IN ULONG SubAuthority
4104 );
4105
4106 NTSYSAPI
4107 NTSTATUS
4108 NTAPI
4109 RtlUnicodeToMultiByteN(
4110 OUT PCHAR MultiByteString,
4111 IN ULONG MaxBytesInMultiByteString,
4112 OUT PULONG BytesInMultiByteString OPTIONAL,
4113 IN PWCH UnicodeString,
4114 IN ULONG BytesInUnicodeString
4115 );
4116
4117 /* RTL Splay Tree Functions */
4118 NTSYSAPI
4119 PRTL_SPLAY_LINKS
4120 NTAPI
4121 RtlSplay(PRTL_SPLAY_LINKS Links);
4122
4123 NTSYSAPI
4124 PRTL_SPLAY_LINKS
4125 NTAPI
4126 RtlDelete(PRTL_SPLAY_LINKS Links);
4127
4128 NTSYSAPI
4129 VOID
4130 NTAPI
4131 RtlDeleteNoSplay(
4132 PRTL_SPLAY_LINKS Links,
4133 PRTL_SPLAY_LINKS *Root
4134 );
4135
4136 NTSYSAPI
4137 PRTL_SPLAY_LINKS
4138 NTAPI
4139 RtlSubtreeSuccessor(PRTL_SPLAY_LINKS Links);
4140
4141 NTSYSAPI
4142 PRTL_SPLAY_LINKS
4143 NTAPI
4144 RtlSubtreePredecessor(PRTL_SPLAY_LINKS Links);
4145
4146 NTSYSAPI
4147 PRTL_SPLAY_LINKS
4148 NTAPI
4149 RtlRealSuccessor(PRTL_SPLAY_LINKS Links);
4150
4151 NTSYSAPI
4152 PRTL_SPLAY_LINKS
4153 NTAPI
4154 RtlRealPredecessor(PRTL_SPLAY_LINKS Links);
4155
4156 #define RtlIsLeftChild(Links) \
4157 (RtlLeftChild(RtlParent(Links)) == (PRTL_SPLAY_LINKS)(Links))
4158
4159 #define RtlIsRightChild(Links) \
4160 (RtlRightChild(RtlParent(Links)) == (PRTL_SPLAY_LINKS)(Links))
4161
4162 #define RtlRightChild(Links) \
4163 ((PRTL_SPLAY_LINKS)(Links))->RightChild
4164
4165 #define RtlIsRoot(Links) \
4166 (RtlParent(Links) == (PRTL_SPLAY_LINKS)(Links))
4167
4168 #define RtlLeftChild(Links) \
4169 ((PRTL_SPLAY_LINKS)(Links))->LeftChild
4170
4171 #define RtlParent(Links) \
4172 ((PRTL_SPLAY_LINKS)(Links))->Parent
4173
4174 #define RtlInitializeSplayLinks(Links) \
4175 { \
4176 PRTL_SPLAY_LINKS _SplayLinks; \
4177 _SplayLinks = (PRTL_SPLAY_LINKS)(Links); \
4178 _SplayLinks->Parent = _SplayLinks; \
4179 _SplayLinks->LeftChild = NULL; \
4180 _SplayLinks->RightChild = NULL; \
4181 }
4182
4183 #define RtlInsertAsLeftChild(ParentLinks,ChildLinks) \
4184 { \
4185 PRTL_SPLAY_LINKS _SplayParent; \
4186 PRTL_SPLAY_LINKS _SplayChild; \
4187 _SplayParent = (PRTL_SPLAY_LINKS)(ParentLinks); \
4188 _SplayChild = (PRTL_SPLAY_LINKS)(ChildLinks); \
4189 _SplayParent->LeftChild = _SplayChild; \
4190 _SplayChild->Parent = _SplayParent; \
4191 }
4192
4193 #define RtlInsertAsRightChild(ParentLinks,ChildLinks) \
4194 { \
4195 PRTL_SPLAY_LINKS _SplayParent; \
4196 PRTL_SPLAY_LINKS _SplayChild; \
4197 _SplayParent = (PRTL_SPLAY_LINKS)(ParentLinks); \
4198 _SplayChild = (PRTL_SPLAY_LINKS)(ChildLinks); \
4199 _SplayParent->RightChild = _SplayChild; \
4200 _SplayChild->Parent = _SplayParent; \
4201 }
4202
4203 NTSYSAPI
4204 BOOLEAN
4205 NTAPI
4206 RtlValidSid (
4207 IN PSID Sid
4208 );
4209
4210 NTKERNELAPI
4211 NTSTATUS
4212 NTAPI
4213 SeAppendPrivileges (
4214 PACCESS_STATE AccessState,
4215 PPRIVILEGE_SET Privileges
4216 );
4217
4218 NTKERNELAPI
4219 BOOLEAN
4220 NTAPI
4221 SeAuditingFileEvents (
4222 IN BOOLEAN AccessGranted,
4223 IN PSECURITY_DESCRIPTOR SecurityDescriptor
4224 );
4225
4226 NTKERNELAPI
4227 BOOLEAN
4228 NTAPI
4229 SeAuditingFileOrGlobalEvents (
4230 IN BOOLEAN AccessGranted,
4231 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
4232 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
4233 );
4234
4235 NTKERNELAPI
4236 VOID
4237 NTAPI
4238 SeCaptureSubjectContext (
4239 OUT PSECURITY_SUBJECT_CONTEXT SubjectContext
4240 );
4241
4242 NTKERNELAPI
4243 NTSTATUS
4244 NTAPI
4245 SeCreateClientSecurity (
4246 IN PETHREAD Thread,
4247 IN PSECURITY_QUALITY_OF_SERVICE QualityOfService,
4248 IN BOOLEAN RemoteClient,
4249 OUT PSECURITY_CLIENT_CONTEXT ClientContext
4250 );
4251
4252 #if (VER_PRODUCTBUILD >= 2195)
4253
4254 NTKERNELAPI
4255 NTSTATUS
4256 NTAPI
4257 SeCreateClientSecurityFromSubjectContext (
4258 IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
4259 IN PSECURITY_QUALITY_OF_SERVICE QualityOfService,
4260 IN BOOLEAN ServerIsRemote,
4261 OUT PSECURITY_CLIENT_CONTEXT ClientContext
4262 );
4263
4264 #endif /* (VER_PRODUCTBUILD >= 2195) */
4265
4266 #define SeDeleteClientSecurity(C) { \
4267 if (SeTokenType((C)->ClientToken) == TokenPrimary) { \
4268 PsDereferencePrimaryToken( (C)->ClientToken ); \
4269 } else { \
4270 PsDereferenceImpersonationToken( (C)->ClientToken ); \
4271 } \
4272 }
4273
4274 NTKERNELAPI
4275 VOID
4276 NTAPI
4277 SeDeleteObjectAuditAlarm (
4278 IN PVOID Object,
4279 IN HANDLE Handle
4280 );
4281
4282 #define SeEnableAccessToExports() SeExports = *(PSE_EXPORTS *)SeExports;
4283
4284 NTKERNELAPI
4285 VOID
4286 NTAPI
4287 SeFreePrivileges (
4288 IN PPRIVILEGE_SET Privileges
4289 );
4290
4291 NTKERNELAPI
4292 VOID
4293 NTAPI
4294 SeImpersonateClient (
4295 IN PSECURITY_CLIENT_CONTEXT ClientContext,
4296 IN PETHREAD ServerThread OPTIONAL
4297 );
4298
4299 #if (VER_PRODUCTBUILD >= 2195)
4300
4301 NTKERNELAPI
4302 NTSTATUS
4303 NTAPI
4304 SeImpersonateClientEx (
4305 IN PSECURITY_CLIENT_CONTEXT ClientContext,
4306 IN PETHREAD ServerThread OPTIONAL
4307 );
4308
4309 #endif /* (VER_PRODUCTBUILD >= 2195) */
4310
4311 NTKERNELAPI
4312 VOID
4313 NTAPI
4314 SeLockSubjectContext (
4315 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
4316 );
4317
4318 NTKERNELAPI
4319 NTSTATUS
4320 NTAPI
4321 SeMarkLogonSessionForTerminationNotification (
4322 IN PLUID LogonId
4323 );
4324
4325 NTKERNELAPI
4326 VOID
4327 NTAPI
4328 SeOpenObjectAuditAlarm (
4329 IN PUNICODE_STRING ObjectTypeName,
4330 IN PVOID Object OPTIONAL,
4331 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
4332 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
4333 IN PACCESS_STATE AccessState,
4334 IN BOOLEAN ObjectCreated,
4335 IN BOOLEAN AccessGranted,
4336 IN KPROCESSOR_MODE AccessMode,
4337 OUT PBOOLEAN GenerateOnClose
4338 );
4339
4340 NTKERNELAPI
4341 VOID
4342 NTAPI
4343 SeOpenObjectForDeleteAuditAlarm (
4344 IN PUNICODE_STRING ObjectTypeName,
4345 IN PVOID Object OPTIONAL,
4346 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
4347 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
4348 IN PACCESS_STATE AccessState,
4349 IN BOOLEAN ObjectCreated,
4350 IN BOOLEAN AccessGranted,
4351 IN KPROCESSOR_MODE AccessMode,
4352 OUT PBOOLEAN GenerateOnClose
4353 );
4354
4355 NTKERNELAPI
4356 BOOLEAN
4357 NTAPI
4358 SePrivilegeCheck (
4359 IN OUT PPRIVILEGE_SET RequiredPrivileges,
4360 IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
4361 IN KPROCESSOR_MODE AccessMode
4362 );
4363
4364 NTKERNELAPI
4365 NTSTATUS
4366 NTAPI
4367 SeQueryAuthenticationIdToken (
4368 IN PACCESS_TOKEN Token,
4369 OUT PLUID LogonId
4370 );
4371
4372 #if (VER_PRODUCTBUILD >= 2195)
4373
4374 NTKERNELAPI
4375 NTSTATUS
4376 NTAPI
4377 SeQueryInformationToken (
4378 IN PACCESS_TOKEN Token,
4379 IN TOKEN_INFORMATION_CLASS TokenInformationClass,
4380 OUT PVOID *TokenInformation
4381 );
4382
4383 #endif /* (VER_PRODUCTBUILD >= 2195) */
4384
4385 NTKERNELAPI
4386 NTSTATUS
4387 NTAPI
4388 SeQuerySecurityDescriptorInfo (
4389 IN PSECURITY_INFORMATION SecurityInformation,
4390 OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
4391 IN OUT PULONG Length,
4392 IN PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor
4393 );
4394
4395 #if (VER_PRODUCTBUILD >= 2195)
4396
4397 NTKERNELAPI
4398 NTSTATUS
4399 NTAPI
4400 SeQuerySessionIdToken (
4401 IN PACCESS_TOKEN Token,
4402 IN PULONG SessionId
4403 );
4404
4405 #endif /* (VER_PRODUCTBUILD >= 2195) */
4406
4407 #define SeQuerySubjectContextToken( SubjectContext ) \
4408 ( ARGUMENT_PRESENT( \
4409 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken \
4410 ) ? \
4411 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken : \
4412 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->PrimaryToken )
4413
4414 typedef NTSTATUS (*PSE_LOGON_SESSION_TERMINATED_ROUTINE) (
4415 IN PLUID LogonId
4416 );
4417
4418 NTKERNELAPI
4419 NTSTATUS
4420 NTAPI
4421 SeRegisterLogonSessionTerminatedRoutine (
4422 IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
4423 );
4424
4425 NTKERNELAPI
4426 VOID
4427 NTAPI
4428 SeReleaseSubjectContext (
4429 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
4430 );
4431
4432 NTKERNELAPI
4433 VOID
4434 NTAPI
4435 SeSetAccessStateGenericMapping (
4436 PACCESS_STATE AccessState,
4437 PGENERIC_MAPPING GenericMapping
4438 );
4439
4440 NTKERNELAPI
4441 NTSTATUS
4442 NTAPI
4443 SeSetSecurityDescriptorInfo (
4444 IN PVOID Object OPTIONAL,
4445 IN PSECURITY_INFORMATION SecurityInformation,
4446 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
4447 IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
4448 IN POOL_TYPE PoolType,
4449 IN PGENERIC_MAPPING GenericMapping
4450 );
4451
4452 #if (VER_PRODUCTBUILD >= 2195)
4453
4454 NTKERNELAPI
4455 NTSTATUS
4456 NTAPI
4457 SeSetSecurityDescriptorInfoEx (
4458 IN PVOID Object OPTIONAL,
4459 IN PSECURITY_INFORMATION SecurityInformation,
4460 IN PSECURITY_DESCRIPTOR ModificationDescriptor,
4461 IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
4462 IN ULONG AutoInheritFlags,
4463 IN POOL_TYPE PoolType,
4464 IN PGENERIC_MAPPING GenericMapping
4465 );
4466
4467 NTKERNELAPI
4468 BOOLEAN
4469 NTAPI
4470 SeTokenIsAdmin (
4471 IN PACCESS_TOKEN Token
4472 );
4473
4474 NTKERNELAPI
4475 BOOLEAN
4476 NTAPI
4477 SeTokenIsRestricted (
4478 IN PACCESS_TOKEN Token
4479 );
4480
4481
4482 NTSTATUS
4483 NTAPI
4484 SeLocateProcessImageName(
4485 IN PEPROCESS Process,
4486 OUT PUNICODE_STRING *pImageFileName
4487 );
4488
4489 #endif /* (VER_PRODUCTBUILD >= 2195) */
4490
4491 NTKERNELAPI
4492 TOKEN_TYPE
4493 NTAPI
4494 SeTokenType (
4495 IN PACCESS_TOKEN Token
4496 );
4497
4498 NTKERNELAPI
4499 VOID
4500 NTAPI
4501 SeUnlockSubjectContext (
4502 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
4503 );
4504
4505 NTKERNELAPI
4506 NTSTATUS
4507 NTAPI
4508 SeUnregisterLogonSessionTerminatedRoutine (
4509 IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
4510 );
4511
4512 #if (VER_PRODUCTBUILD >= 2195)
4513
4514 NTSYSAPI
4515 NTSTATUS
4516 NTAPI
4517 ZwAdjustPrivilegesToken (
4518 IN HANDLE TokenHandle,
4519 IN BOOLEAN DisableAllPrivileges,
4520 IN PTOKEN_PRIVILEGES NewState,
4521 IN ULONG BufferLength,
4522 OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL,
4523 OUT PULONG ReturnLength
4524 );
4525
4526 #endif /* (VER_PRODUCTBUILD >= 2195) */
4527
4528 NTSYSAPI
4529 NTSTATUS
4530 NTAPI
4531 ZwAlertThread (
4532 IN HANDLE ThreadHandle
4533 );
4534
4535 NTSYSAPI
4536 NTSTATUS
4537 NTAPI
4538 ZwAllocateVirtualMemory (
4539 IN HANDLE ProcessHandle,
4540 IN OUT PVOID *BaseAddress,
4541 IN ULONG ZeroBits,
4542 IN OUT PULONG RegionSize,
4543 IN ULONG AllocationType,
4544 IN ULONG Protect
4545 );
4546
4547 NTSTATUS
4548 NTAPI
4549 NtAccessCheckByTypeAndAuditAlarm(
4550 IN PUNICODE_STRING SubsystemName,
4551 IN HANDLE HandleId,
4552 IN PUNICODE_STRING ObjectTypeName,
4553 IN PUNICODE_STRING ObjectName,
4554 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
4555 IN PSID PrincipalSelfSid,
4556 IN ACCESS_MASK DesiredAccess,
4557 IN AUDIT_EVENT_TYPE AuditType,
4558 IN ULONG Flags,
4559 IN POBJECT_TYPE_LIST ObjectTypeList,
4560 IN ULONG ObjectTypeLength,
4561 IN PGENERIC_MAPPING GenericMapping,
4562 IN BOOLEAN ObjectCreation,
4563 OUT PACCESS_MASK GrantedAccess,
4564 OUT PNTSTATUS AccessStatus,
4565 OUT PBOOLEAN GenerateOnClose
4566 );
4567
4568 NTSTATUS
4569 NTAPI
4570 NtAccessCheckByTypeResultListAndAuditAlarm(
4571 IN PUNICODE_STRING SubsystemName,
4572 IN HANDLE HandleId,
4573 IN PUNICODE_STRING ObjectTypeName,
4574 IN PUNICODE_STRING ObjectName,
4575 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
4576 IN PSID PrincipalSelfSid,
4577 IN ACCESS_MASK DesiredAccess,
4578 IN AUDIT_EVENT_TYPE AuditType,
4579 IN ULONG Flags,
4580 IN POBJECT_TYPE_LIST ObjectTypeList,
4581 IN ULONG ObjectTypeLength,
4582 IN PGENERIC_MAPPING GenericMapping,
4583 IN BOOLEAN ObjectCreation,
4584 OUT PACCESS_MASK GrantedAccess,
4585 OUT PNTSTATUS AccessStatus,
4586 OUT PBOOLEAN GenerateOnClose
4587 );
4588
4589 NTSTATUS
4590 NTAPI
4591 NtAccessCheckByTypeResultListAndAuditAlarmByHandle(
4592 IN PUNICODE_STRING SubsystemName,
4593 IN HANDLE HandleId,
4594 IN HANDLE ClientToken,
4595 IN PUNICODE_STRING ObjectTypeName,
4596 IN PUNICODE_STRING ObjectName,
4597 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
4598 IN PSID PrincipalSelfSid,
4599 IN ACCESS_MASK DesiredAccess,
4600 IN AUDIT_EVENT_TYPE AuditType,
4601 IN ULONG Flags,
4602 IN POBJECT_TYPE_LIST ObjectTypeList,
4603 IN ULONG ObjectTypeLength,
4604 IN PGENERIC_MAPPING GenericMapping,
4605 IN BOOLEAN ObjectCreation,
4606 OUT PACCESS_MASK GrantedAccess,
4607 OUT PNTSTATUS AccessStatus,
4608 OUT PBOOLEAN GenerateOnClose
4609 );
4610
4611 NTSYSAPI
4612 NTSTATUS
4613 NTAPI
4614 ZwAccessCheckAndAuditAlarm (
4615 IN PUNICODE_STRING SubsystemName,
4616 IN PVOID HandleId,
4617 IN PUNICODE_STRING ObjectTypeName,
4618 IN PUNICODE_STRING ObjectName,
4619 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
4620 IN ACCESS_MASK DesiredAccess,
4621 IN PGENERIC_MAPPING GenericMapping,
4622 IN BOOLEAN ObjectCreation,
4623 OUT PACCESS_MASK GrantedAccess,
4624 OUT PBOOLEAN AccessStatus,
4625 OUT PBOOLEAN GenerateOnClose
4626 );
4627
4628 #if (VER_PRODUCTBUILD >= 2195)
4629
4630 NTSYSAPI
4631 NTSTATUS
4632 NTAPI
4633 ZwCancelIoFile (
4634 IN HANDLE FileHandle,
4635 OUT PIO_STATUS_BLOCK IoStatusBlock
4636 );
4637
4638 #endif /* (VER_PRODUCTBUILD >= 2195) */
4639
4640 NTSYSAPI
4641 NTSTATUS
4642 NTAPI
4643 ZwClearEvent (
4644 IN HANDLE EventHandle
4645 );
4646
4647 NTSYSAPI
4648 NTSTATUS
4649 NTAPI
4650 ZwCloseObjectAuditAlarm (
4651 IN PUNICODE_STRING SubsystemName,
4652 IN PVOID HandleId,
4653 IN BOOLEAN GenerateOnClose
4654 );
4655
4656 NTSYSAPI
4657 NTSTATUS
4658 NTAPI
4659 ZwCreateSection (
4660 OUT PHANDLE SectionHandle,
4661 IN ACCESS_MASK DesiredAccess,
4662 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
4663 IN PLARGE_INTEGER MaximumSize OPTIONAL,
4664 IN ULONG SectionPageProtection,
4665 IN ULONG AllocationAttributes,
4666 IN HANDLE FileHandle OPTIONAL
4667 );
4668
4669 NTSYSAPI
4670 NTSTATUS
4671 NTAPI
4672 ZwCreateSymbolicLinkObject (
4673 OUT PHANDLE SymbolicLinkHandle,
4674 IN ACCESS_MASK DesiredAccess,
4675 IN POBJECT_ATTRIBUTES ObjectAttributes,
4676 IN PUNICODE_STRING TargetName
4677 );
4678
4679 NTSYSAPI
4680 NTSTATUS
4681 NTAPI
4682 ZwDeleteFile (
4683 IN POBJECT_ATTRIBUTES ObjectAttributes
4684 );
4685
4686 NTSYSAPI
4687 NTSTATUS
4688 NTAPI
4689 ZwDeleteValueKey (
4690 IN HANDLE Handle,
4691 IN PUNICODE_STRING Name
4692 );
4693
4694 NTSYSAPI
4695 NTSTATUS
4696 NTAPI
4697 ZwDeviceIoControlFile (
4698 IN HANDLE FileHandle,
4699 IN HANDLE Event OPTIONAL,
4700 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
4701 IN PVOID ApcContext OPTIONAL,
4702 OUT PIO_STATUS_BLOCK IoStatusBlock,
4703 IN ULONG IoControlCode,
4704 IN PVOID InputBuffer OPTIONAL,
4705 IN ULONG InputBufferLength,
4706 OUT PVOID OutputBuffer OPTIONAL,
4707 IN ULONG OutputBufferLength
4708 );
4709
4710 NTSYSAPI
4711 NTSTATUS
4712 NTAPI
4713 ZwDisplayString (
4714 IN PUNICODE_STRING String
4715 );
4716
4717 NTSYSAPI
4718 NTSTATUS
4719 NTAPI
4720 ZwDuplicateObject (
4721 IN HANDLE SourceProcessHandle,
4722 IN HANDLE SourceHandle,
4723 IN HANDLE TargetProcessHandle OPTIONAL,
4724 OUT PHANDLE TargetHandle OPTIONAL,
4725 IN ACCESS_MASK DesiredAccess,
4726 IN ULONG HandleAttributes,
4727 IN ULONG Options
4728 );
4729
4730 NTSYSAPI
4731 NTSTATUS
4732 NTAPI
4733 ZwDuplicateToken (
4734 IN HANDLE ExistingTokenHandle,
4735 IN ACCESS_MASK DesiredAccess,
4736 IN POBJECT_ATTRIBUTES ObjectAttributes,
4737 IN BOOLEAN EffectiveOnly,
4738 IN TOKEN_TYPE TokenType,
4739 OUT PHANDLE NewTokenHandle
4740 );
4741
4742 NTSTATUS
4743 NTAPI
4744 NtFilterToken(
4745 IN HANDLE ExistingTokenHandle,
4746 IN ULONG Flags,
4747 IN PTOKEN_GROUPS SidsToDisable OPTIONAL,
4748 IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL,
4749 IN PTOKEN_GROUPS RestrictedSids OPTIONAL,
4750 OUT PHANDLE NewTokenHandle
4751 );
4752
4753 NTSYSAPI
4754 NTSTATUS
4755 NTAPI
4756 ZwFlushInstructionCache (
4757 IN HANDLE ProcessHandle,
4758 IN PVOID BaseAddress OPTIONAL,
4759 IN ULONG FlushSize
4760 );
4761
4762 NTSYSAPI
4763 NTSTATUS
4764 NTAPI
4765 ZwFlushBuffersFile(
4766 IN HANDLE FileHandle,
4767 OUT PIO_STATUS_BLOCK IoStatusBlock
4768 );
4769
4770 #if (VER_PRODUCTBUILD >= 2195)
4771
4772 NTSYSAPI
4773 NTSTATUS
4774 NTAPI
4775 ZwFlushVirtualMemory (
4776 IN HANDLE ProcessHandle,
4777 IN OUT PVOID *BaseAddress,
4778 IN OUT PULONG FlushSize,
4779 OUT PIO_STATUS_BLOCK IoStatusBlock
4780 );
4781
4782 #endif /* (VER_PRODUCTBUILD >= 2195) */
4783
4784 NTSYSAPI
4785 NTSTATUS
4786 NTAPI
4787 ZwFreeVirtualMemory (
4788 IN HANDLE ProcessHandle,
4789 IN OUT PVOID *BaseAddress,
4790 IN OUT PULONG RegionSize,
4791 IN ULONG FreeType
4792 );
4793
4794 NTSYSAPI
4795 NTSTATUS
4796 NTAPI
4797 ZwFsControlFile (
4798 IN HANDLE FileHandle,
4799 IN HANDLE Event OPTIONAL,
4800 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
4801 IN PVOID ApcContext OPTIONAL,
4802 OUT PIO_STATUS_BLOCK IoStatusBlock,
4803 IN ULONG FsControlCode,
4804 IN PVOID InputBuffer OPTIONAL,
4805 IN ULONG InputBufferLength,
4806 OUT PVOID OutputBuffer OPTIONAL,
4807 IN ULONG OutputBufferLength
4808 );
4809
4810 #if (VER_PRODUCTBUILD >= 2195)
4811
4812 NTSYSAPI
4813 NTSTATUS
4814 NTAPI
4815 ZwInitiatePowerAction (
4816 IN POWER_ACTION SystemAction,
4817 IN SYSTEM_POWER_STATE MinSystemState,
4818 IN ULONG Flags,
4819 IN BOOLEAN Asynchronous
4820 );
4821
4822 #endif /* (VER_PRODUCTBUILD >= 2195) */
4823
4824 NTSYSAPI
4825 NTSTATUS
4826 NTAPI
4827 ZwLoadDriver (
4828 /* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" */
4829 IN PUNICODE_STRING RegistryPath
4830 );
4831
4832 NTSYSAPI
4833 NTSTATUS
4834 NTAPI
4835 ZwLoadKey (
4836 IN POBJECT_ATTRIBUTES KeyObjectAttributes,
4837 IN POBJECT_ATTRIBUTES FileObjectAttributes
4838 );
4839
4840 NTSYSAPI
4841 NTSTATUS
4842 NTAPI
4843 ZwNotifyChangeKey (
4844 IN HANDLE KeyHandle,
4845 IN HANDLE EventHandle OPTIONAL,
4846 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
4847 IN PVOID ApcContext OPTIONAL,
4848 OUT PIO_STATUS_BLOCK IoStatusBlock,
4849 IN ULONG NotifyFilter,
4850 IN BOOLEAN WatchSubtree,
4851 IN PVOID Buffer,
4852 IN ULONG BufferLength,
4853 IN BOOLEAN Asynchronous
4854 );
4855
4856 NTSYSAPI
4857 NTSTATUS
4858 NTAPI
4859 ZwOpenDirectoryObject (
4860 OUT PHANDLE DirectoryHandle,
4861 IN ACCESS_MASK DesiredAccess,
4862 IN POBJECT_ATTRIBUTES ObjectAttributes
4863 );
4864
4865 NTSYSAPI
4866 NTSTATUS
4867 NTAPI
4868 ZwOpenEvent (
4869 OUT PHANDLE EventHandle,
4870 IN ACCESS_MASK DesiredAccess,
4871 IN POBJECT_ATTRIBUTES ObjectAttributes
4872 );
4873
4874 NTSYSAPI
4875 NTSTATUS
4876 NTAPI
4877 ZwOpenProcess (
4878 OUT PHANDLE ProcessHandle,
4879 IN ACCESS_MASK DesiredAccess,
4880 IN POBJECT_ATTRIBUTES ObjectAttributes,
4881 IN PCLIENT_ID ClientId OPTIONAL
4882 );
4883
4884 NTSYSAPI
4885 NTSTATUS
4886 NTAPI
4887 ZwOpenProcessToken (
4888 IN HANDLE ProcessHandle,
4889 IN ACCESS_MASK DesiredAccess,
4890 OUT PHANDLE TokenHandle
4891 );
4892
4893 NTSYSAPI
4894 NTSTATUS
4895 NTAPI
4896 ZwOpenThread (
4897 OUT PHANDLE ThreadHandle,
4898 IN ACCESS_MASK DesiredAccess,
4899 IN POBJECT_ATTRIBUTES ObjectAttributes,
4900 IN PCLIENT_ID ClientId
4901 );
4902
4903 NTSYSAPI
4904 NTSTATUS
4905 NTAPI
4906 ZwOpenThreadToken (
4907 IN HANDLE ThreadHandle,
4908 IN ACCESS_MASK DesiredAccess,
4909 IN BOOLEAN OpenAsSelf,
4910 OUT PHANDLE TokenHandle
4911 );
4912
4913 #if (VER_PRODUCTBUILD >= 2195)
4914
4915 NTSYSAPI
4916 NTSTATUS
4917 NTAPI
4918 ZwPowerInformation (
4919 IN POWER_INFORMATION_LEVEL PowerInformationLevel,
4920 IN PVOID InputBuffer OPTIONAL,
4921 IN ULONG InputBufferLength,
4922 OUT PVOID OutputBuffer OPTIONAL,
4923 IN ULONG OutputBufferLength
4924 );
4925
4926 #endif /* (VER_PRODUCTBUILD >= 2195) */
4927
4928 NTSYSAPI
4929 NTSTATUS
4930 NTAPI
4931 ZwPulseEvent (
4932 IN HANDLE EventHandle,
4933 OUT PLONG PreviousState OPTIONAL
4934 );
4935
4936 NTSYSAPI
4937 NTSTATUS
4938 NTAPI
4939 ZwQueryDefaultLocale (
4940 IN BOOLEAN ThreadOrSystem,
4941 OUT PLCID Locale
4942 );
4943
4944 NTSYSAPI
4945 NTSTATUS
4946 NTAPI
4947 ZwQueryDirectoryFile (
4948 IN HANDLE FileHandle,
4949 IN HANDLE Event OPTIONAL,
4950 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
4951 IN PVOID ApcContext OPTIONAL,
4952 OUT PIO_STATUS_BLOCK IoStatusBlock,
4953 OUT PVOID FileInformation,
4954 IN ULONG Length,
4955 IN FILE_INFORMATION_CLASS FileInformationClass,
4956 IN BOOLEAN ReturnSingleEntry,
4957 IN PUNICODE_STRING FileName OPTIONAL,
4958 IN BOOLEAN RestartScan
4959 );
4960
4961 #if (VER_PRODUCTBUILD >= 2195)
4962
4963 NTSYSAPI
4964 NTSTATUS
4965 NTAPI
4966 ZwQueryDirectoryObject (
4967 IN HANDLE DirectoryHandle,
4968 OUT PVOID Buffer,
4969 IN ULONG Length,
4970 IN BOOLEAN ReturnSingleEntry,
4971 IN BOOLEAN RestartScan,
4972 IN OUT PULONG Context,
4973 OUT PULONG ReturnLength OPTIONAL
4974 );
4975
4976 NTSYSAPI
4977 NTSTATUS
4978 NTAPI
4979 ZwQueryEaFile (
4980 IN HANDLE FileHandle,
4981 OUT PIO_STATUS_BLOCK IoStatusBlock,
4982 OUT PVOID Buffer,
4983 IN ULONG Length,
4984 IN BOOLEAN ReturnSingleEntry,
4985 IN PVOID EaList OPTIONAL,
4986 IN ULONG EaListLength,
4987 IN PULONG EaIndex OPTIONAL,
4988 IN BOOLEAN RestartScan
4989 );
4990
4991 #endif /* (VER_PRODUCTBUILD >= 2195) */
4992
4993 NTSYSAPI
4994 NTSTATUS
4995 NTAPI
4996 ZwQueryInformationProcess (
4997 IN HANDLE ProcessHandle,
4998 IN PROCESSINFOCLASS ProcessInformationClass,
4999 OUT PVOID ProcessInformation,
5000 IN ULONG ProcessInformationLength,
5001 OUT PULONG ReturnLength OPTIONAL
5002 );
5003
5004 NTSYSAPI
5005 NTSTATUS
5006 NTAPI
5007 ZwQueryInformationToken (
5008 IN HANDLE TokenHandle,
5009 IN TOKEN_INFORMATION_CLASS TokenInformationClass,
5010 OUT PVOID TokenInformation,
5011 IN ULONG Length,
5012 OUT PULONG ResultLength
5013 );
5014
5015 NTSYSAPI
5016 NTSTATUS
5017 NTAPI
5018 ZwQuerySecurityObject (
5019 IN HANDLE FileHandle,
5020 IN SECURITY_INFORMATION SecurityInformation,
5021 OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
5022 IN ULONG Length,
5023 OUT PULONG ResultLength
5024 );
5025
5026 NTSYSAPI
5027 NTSTATUS
5028 NTAPI
5029 ZwQueryVolumeInformationFile (
5030 IN HANDLE FileHandle,
5031 OUT PIO_STATUS_BLOCK IoStatusBlock,
5032 OUT PVOID FsInformation,
5033 IN ULONG Length,
5034 IN FS_INFORMATION_CLASS FsInformationClass
5035 );
5036
5037 NTSYSAPI
5038 NTSTATUS
5039 NTAPI
5040 ZwReplaceKey (
5041 IN POBJECT_ATTRIBUTES NewFileObjectAttributes,
5042 IN HANDLE KeyHandle,
5043 IN POBJECT_ATTRIBUTES OldFileObjectAttributes
5044 );
5045
5046 NTSYSAPI
5047 NTSTATUS
5048 NTAPI
5049 ZwResetEvent (
5050 IN HANDLE EventHandle,
5051 OUT PLONG PreviousState OPTIONAL
5052 );
5053
5054 #if (VER_PRODUCTBUILD >= 2195)
5055
5056 NTSYSAPI
5057 NTSTATUS
5058 NTAPI
5059 ZwRestoreKey (
5060 IN HANDLE KeyHandle,
5061 IN HANDLE FileHandle,
5062 IN ULONG Flags
5063 );
5064
5065 #endif /* (VER_PRODUCTBUILD >= 2195) */
5066
5067 NTSYSAPI
5068 NTSTATUS
5069 NTAPI
5070 ZwSaveKey (
5071 IN HANDLE KeyHandle,
5072 IN HANDLE FileHandle
5073 );
5074
5075 NTSYSAPI
5076 NTSTATUS
5077 NTAPI
5078 ZwSetDefaultLocale (
5079 IN BOOLEAN ThreadOrSystem,
5080 IN LCID Locale
5081 );
5082
5083 #if (VER_PRODUCTBUILD >= 2195)
5084
5085 NTSYSAPI
5086 NTSTATUS
5087 NTAPI
5088 ZwSetDefaultUILanguage (
5089 IN LANGID LanguageId
5090 );
5091
5092 NTSYSAPI
5093 NTSTATUS
5094 NTAPI
5095 ZwSetEaFile (
5096 IN HANDLE FileHandle,
5097 OUT PIO_STATUS_BLOCK IoStatusBlock,
5098 OUT PVOID Buffer,
5099 IN ULONG Length
5100 );
5101
5102 #endif /* (VER_PRODUCTBUILD >= 2195) */
5103
5104 NTSYSAPI
5105 NTSTATUS
5106 NTAPI
5107 ZwSetEvent (
5108 IN HANDLE EventHandle,
5109 OUT PLONG PreviousState OPTIONAL
5110 );
5111
5112 NTSYSAPI
5113 NTSTATUS
5114 NTAPI
5115 ZwSetInformationProcess (
5116 IN HANDLE ProcessHandle,
5117 IN PROCESSINFOCLASS ProcessInformationClass,
5118 IN PVOID ProcessInformation,
5119 IN ULONG ProcessInformationLength
5120 );
5121
5122 #if (VER_PRODUCTBUILD >= 2195)
5123
5124 NTSYSAPI
5125 NTSTATUS
5126 NTAPI
5127 ZwSetSecurityObject (
5128 IN HANDLE Handle,
5129 IN SECURITY_INFORMATION SecurityInformation,
5130 IN PSECURITY_DESCRIPTOR SecurityDescriptor
5131 );
5132
5133 #endif /* (VER_PRODUCTBUILD >= 2195) */
5134
5135 NTSYSAPI
5136 NTSTATUS
5137 NTAPI
5138 ZwSetSystemTime (
5139 IN PLARGE_INTEGER NewTime,
5140 OUT PLARGE_INTEGER OldTime OPTIONAL
5141 );
5142
5143 #if (VER_PRODUCTBUILD >= 2195)
5144
5145 NTSYSAPI
5146 NTSTATUS
5147 NTAPI
5148 ZwSetVolumeInformationFile (
5149 IN HANDLE FileHandle,
5150 OUT PIO_STATUS_BLOCK IoStatusBlock,
5151 IN PVOID FsInformation,
5152 IN ULONG Length,
5153 IN FS_INFORMATION_CLASS FsInformationClass
5154 );
5155
5156 #endif /* (VER_PRODUCTBUILD >= 2195) */
5157
5158 NTSYSAPI
5159 NTSTATUS
5160 NTAPI
5161 ZwTerminateProcess (
5162 IN HANDLE ProcessHandle OPTIONAL,
5163 IN NTSTATUS ExitStatus
5164 );
5165
5166 NTSYSAPI
5167 NTSTATUS
5168 NTAPI
5169 ZwUnloadDriver (
5170 /* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" */
5171 IN PUNICODE_STRING RegistryPath
5172 );
5173
5174 NTSYSAPI
5175 NTSTATUS
5176 NTAPI
5177 ZwUnloadKey (
5178 IN POBJECT_ATTRIBUTES KeyObjectAttributes
5179 );
5180
5181 NTSYSAPI
5182 NTSTATUS
5183 NTAPI
5184 ZwWaitForSingleObject (
5185 IN HANDLE Handle,
5186 IN BOOLEAN Alertable,
5187 IN PLARGE_INTEGER Timeout OPTIONAL
5188 );
5189
5190 NTSYSAPI
5191 NTSTATUS
5192 NTAPI
5193 ZwWaitForMultipleObjects (
5194 IN ULONG HandleCount,
5195 IN PHANDLE Handles,
5196 IN WAIT_TYPE WaitType,
5197 IN BOOLEAN Alertable,
5198 IN PLARGE_INTEGER Timeout OPTIONAL
5199 );
5200
5201 NTSYSAPI
5202 NTSTATUS
5203 NTAPI
5204 ZwYieldExecution (
5205 VOID
5206 );
5207
5208 #pragma pack(pop)
5209
5210 #ifdef __cplusplus
5211 }
5212 #endif
5213
5214 #endif /* _NTIFS_ */
A free Windows-compatible Operating System