projects / reactos.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
- Fix the way NlsOemLeadByteInfo is exported.
[reactos.git] / reactos / include / ddk / ntifs.h
1 /*
2 * ntifs.h
3 *
4 * Windows NT Filesystem Driver Developer Kit
5 *
6 * This file is part of the w32api package.
7 *
8 * Contributors:
9 * Created by Bo Brantén <bosse@acc.umu.se>
10 *
11 * THIS SOFTWARE IS NOT COPYRIGHTED
12 *
13 * This source code is offered for use in the public domain. You may
14 * use, modify or distribute it freely.
15 *
16 * This code is distributed in the hope that it will be useful but
17 * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
18 * DISCLAIMED. This includes but is not limited to warranties of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
20 *
21 */
22
23 #ifndef _NTIFS_
24 #define _NTIFS_
25 #define _GNU_NTIFS_
26
27 #if __GNUC__ >= 3
28 #pragma GCC system_header
29 #endif
30
31 #ifdef _NTOSKRNL_
32 /* HACKHACKHACK!!! We shouldn't include this header from ntoskrnl! */
33 #define NTKERNELAPI
34 #else
35 #define NTKERNELAPI DECLSPEC_IMPORT
36 #endif
37
38 #include "ntddk.h"
39
40 #define _NTIFS_INCLUDED_
41 #ifdef __cplusplus
42 extern "C" {
43 #endif
44
45 #pragma pack(push,4)
46
47 #ifndef VER_PRODUCTBUILD
48 #define VER_PRODUCTBUILD 10000
49 #endif
50
51 #ifndef NTSYSAPI
52 #define NTSYSAPI
53 #endif
54
55 #define EX_PUSH_LOCK ULONG_PTR
56 #define PEX_PUSH_LOCK PULONG_PTR
57
58
59 #ifndef FlagOn
60 #define FlagOn(_F,_SF) ((_F) & (_SF))
61 #endif
62
63 #ifndef BooleanFlagOn
64 #define BooleanFlagOn(F,SF) ((BOOLEAN)(((F) & (SF)) != 0))
65 #endif
66
67 #ifndef SetFlag
68 #define SetFlag(_F,_SF) ((_F) |= (_SF))
69 #endif
70
71 #ifndef ClearFlag
72 #define ClearFlag(_F,_SF) ((_F) &= ~(_SF))
73 #endif
74
75 #include "csq.h"
76
77 typedef struct _SE_EXPORTS *PSE_EXPORTS;
78
79 #ifdef _NTOSKRNL_
80 extern PUCHAR FsRtlLegalAnsiCharacterArray;
81 #else
82 extern DECLSPEC_IMPORT PUCHAR FsRtlLegalAnsiCharacterArray;
83 #endif
84 extern PSE_EXPORTS SeExports;
85 extern PACL SePublicDefaultDacl;
86 extern PACL SeSystemDefaultDacl;
87
88 extern KSPIN_LOCK IoStatisticsLock;
89 extern ULONG IoReadOperationCount;
90 extern ULONG IoWriteOperationCount;
91 extern ULONG IoOtherOperationCount;
92 extern LARGE_INTEGER IoReadTransferCount;
93 extern LARGE_INTEGER IoWriteTransferCount;
94 extern LARGE_INTEGER IoOtherTransferCount;
95
96 typedef STRING LSA_STRING, *PLSA_STRING;
97 typedef ULONG LSA_OPERATIONAL_MODE, *PLSA_OPERATIONAL_MODE;
98
99 typedef enum _SECURITY_LOGON_TYPE
100 {
101 UndefinedLogonType = 0,
102 Interactive = 2,
103 Network,
104 Batch,
105 Service,
106 Proxy,
107 Unlock,
108 NetworkCleartext,
109 NewCredentials,
110 #if (_WIN32_WINNT >= 0x0501)
111 RemoteInteractive,
112 CachedInteractive,
113 #endif
114 #if (_WIN32_WINNT >= 0x0502)
115 CachedRemoteInteractive,
116 CachedUnlock
117 #endif
118 } SECURITY_LOGON_TYPE, *PSECURITY_LOGON_TYPE;
119
120 #define ANSI_DOS_STAR ('<')
121 #define ANSI_DOS_QM ('>')
122 #define ANSI_DOS_DOT ('"')
123
124 #define DOS_STAR (L'<')
125 #define DOS_QM (L'>')
126 #define DOS_DOT (L'"')
127
128 /* also in winnt.h */
129 #define ACCESS_MIN_MS_ACE_TYPE (0x0)
130 #define ACCESS_ALLOWED_ACE_TYPE (0x0)
131 #define ACCESS_DENIED_ACE_TYPE (0x1)
132 #define SYSTEM_AUDIT_ACE_TYPE (0x2)
133 #define SYSTEM_ALARM_ACE_TYPE (0x3)
134 #define ACCESS_MAX_MS_V2_ACE_TYPE (0x3)
135 #define ACCESS_ALLOWED_COMPOUND_ACE_TYPE (0x4)
136 #define ACCESS_MAX_MS_V3_ACE_TYPE (0x4)
137 #define ACCESS_MIN_MS_OBJECT_ACE_TYPE (0x5)
138 #define ACCESS_ALLOWED_OBJECT_ACE_TYPE (0x5)
139 #define ACCESS_DENIED_OBJECT_ACE_TYPE (0x6)
140 #define SYSTEM_AUDIT_OBJECT_ACE_TYPE (0x7)
141 #define SYSTEM_ALARM_OBJECT_ACE_TYPE (0x8)
142 #define ACCESS_MAX_MS_OBJECT_ACE_TYPE (0x8)
143 #define ACCESS_MAX_MS_V4_ACE_TYPE (0x8)
144 #define ACCESS_MAX_MS_ACE_TYPE (0x8)
145 #define ACCESS_ALLOWED_CALLBACK_ACE_TYPE (0x9)
146 #define ACCESS_DENIED_CALLBACK_ACE_TYPE (0xA)
147 #define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE (0xB)
148 #define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE (0xC)
149 #define SYSTEM_AUDIT_CALLBACK_ACE_TYPE (0xD)
150 #define SYSTEM_ALARM_CALLBACK_ACE_TYPE (0xE)
151 #define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE (0xF)
152 #define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE (0x10)
153 #define ACCESS_MAX_MS_V5_ACE_TYPE (0x10)
154
155 #define COMPRESSION_FORMAT_NONE (0x0000)
156 #define COMPRESSION_FORMAT_DEFAULT (0x0001)
157 #define COMPRESSION_FORMAT_LZNT1 (0x0002)
158 #define COMPRESSION_ENGINE_STANDARD (0x0000)
159 #define COMPRESSION_ENGINE_MAXIMUM (0x0100)
160 #define COMPRESSION_ENGINE_HIBER (0x0200)
161
162 #define FILE_ACTION_ADDED 0x00000001
163 #define FILE_ACTION_REMOVED 0x00000002
164 #define FILE_ACTION_MODIFIED 0x00000003
165 #define FILE_ACTION_RENAMED_OLD_NAME 0x00000004
166 #define FILE_ACTION_RENAMED_NEW_NAME 0x00000005
167 #define FILE_ACTION_ADDED_STREAM 0x00000006
168 #define FILE_ACTION_REMOVED_STREAM 0x00000007
169 #define FILE_ACTION_MODIFIED_STREAM 0x00000008
170 #define FILE_ACTION_REMOVED_BY_DELETE 0x00000009
171 #define FILE_ACTION_ID_NOT_TUNNELLED 0x0000000A
172 #define FILE_ACTION_TUNNELLED_ID_COLLISION 0x0000000B
173 /* end winnt.h */
174
175 #define FILE_EA_TYPE_BINARY 0xfffe
176 #define FILE_EA_TYPE_ASCII 0xfffd
177 #define FILE_EA_TYPE_BITMAP 0xfffb
178 #define FILE_EA_TYPE_METAFILE 0xfffa
179 #define FILE_EA_TYPE_ICON 0xfff9
180 #define FILE_EA_TYPE_EA 0xffee
181 #define FILE_EA_TYPE_MVMT 0xffdf
182 #define FILE_EA_TYPE_MVST 0xffde
183 #define FILE_EA_TYPE_ASN1 0xffdd
184 #define FILE_EA_TYPE_FAMILY_IDS 0xff01
185
186 #define FILE_NEED_EA 0x00000080
187
188 /* also in winnt.h */
189 #define FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001
190 #define FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002
191 #define FILE_NOTIFY_CHANGE_NAME 0x00000003
192 #define FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004
193 #define FILE_NOTIFY_CHANGE_SIZE 0x00000008
194 #define FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010
195 #define FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020
196 #define FILE_NOTIFY_CHANGE_CREATION 0x00000040
197 #define FILE_NOTIFY_CHANGE_EA 0x00000080
198 #define FILE_NOTIFY_CHANGE_SECURITY 0x00000100
199 #define FILE_NOTIFY_CHANGE_STREAM_NAME 0x00000200
200 #define FILE_NOTIFY_CHANGE_STREAM_SIZE 0x00000400
201 #define FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800
202 #define FILE_NOTIFY_VALID_MASK 0x00000fff
203 /* end winnt.h */
204
205 #define FILE_OPLOCK_BROKEN_TO_LEVEL_2 0x00000007
206 #define FILE_OPLOCK_BROKEN_TO_NONE 0x00000008
207
208 #define FILE_OPBATCH_BREAK_UNDERWAY 0x00000009
209
210 #define FILE_CASE_SENSITIVE_SEARCH 0x00000001
211 #define FILE_CASE_PRESERVED_NAMES 0x00000002
212 #define FILE_UNICODE_ON_DISK 0x00000004
213 #define FILE_PERSISTENT_ACLS 0x00000008
214 #define FILE_FILE_COMPRESSION 0x00000010
215 #define FILE_VOLUME_QUOTAS 0x00000020
216 #define FILE_SUPPORTS_SPARSE_FILES 0x00000040
217 #define FILE_SUPPORTS_REPARSE_POINTS 0x00000080
218 #define FILE_SUPPORTS_REMOTE_STORAGE 0x00000100
219 #define FS_LFN_APIS 0x00004000
220 #define FILE_VOLUME_IS_COMPRESSED 0x00008000
221 #define FILE_SUPPORTS_OBJECT_IDS 0x00010000
222 #define FILE_SUPPORTS_ENCRYPTION 0x00020000
223 #define FILE_NAMED_STREAMS 0x00040000
224 #define FILE_READ_ONLY_VOLUME 0x00080000
225 #define FILE_SEQUENTIAL_WRITE_ONCE 0x00100000
226 #define FILE_SUPPORTS_TRANSACTIONS 0x00200000
227
228 #define FILE_PIPE_BYTE_STREAM_TYPE 0x00000000
229 #define FILE_PIPE_MESSAGE_TYPE 0x00000001
230
231 #define FILE_PIPE_BYTE_STREAM_MODE 0x00000000
232 #define FILE_PIPE_MESSAGE_MODE 0x00000001
233
234 #define FILE_PIPE_QUEUE_OPERATION 0x00000000
235 #define FILE_PIPE_COMPLETE_OPERATION 0x00000001
236
237 #define FILE_PIPE_INBOUND 0x00000000
238 #define FILE_PIPE_OUTBOUND 0x00000001
239 #define FILE_PIPE_FULL_DUPLEX 0x00000002
240
241 #define FILE_PIPE_DISCONNECTED_STATE 0x00000001
242 #define FILE_PIPE_LISTENING_STATE 0x00000002
243 #define FILE_PIPE_CONNECTED_STATE 0x00000003
244 #define FILE_PIPE_CLOSING_STATE 0x00000004
245
246 #define FILE_PIPE_CLIENT_END 0x00000000
247 #define FILE_PIPE_SERVER_END 0x00000001
248
249 #define FILE_PIPE_READ_DATA 0x00000000
250 #define FILE_PIPE_WRITE_SPACE 0x00000001
251
252 #define FILE_STORAGE_TYPE_SPECIFIED 0x00000041 /* FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE */
253 #define FILE_STORAGE_TYPE_DEFAULT (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT)
254 #define FILE_STORAGE_TYPE_DIRECTORY (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT)
255 #define FILE_STORAGE_TYPE_FILE (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT)
256 #define FILE_STORAGE_TYPE_DOCFILE (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT)
257 #define FILE_STORAGE_TYPE_JUNCTION_POINT (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT)
258 #define FILE_STORAGE_TYPE_CATALOG (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT)
259 #define FILE_STORAGE_TYPE_STRUCTURED_STORAGE (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT)
260 #define FILE_STORAGE_TYPE_EMBEDDING (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT)
261 #define FILE_STORAGE_TYPE_STREAM (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT)
262 #define FILE_MINIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_DEFAULT
263 #define FILE_MAXIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_STREAM
264 #define FILE_STORAGE_TYPE_MASK 0x000f0000
265 #define FILE_STORAGE_TYPE_SHIFT 16
266
267 #define FILE_VC_QUOTA_NONE 0x00000000
268 #define FILE_VC_QUOTA_TRACK 0x00000001
269 #define FILE_VC_QUOTA_ENFORCE 0x00000002
270 #define FILE_VC_QUOTA_MASK 0x00000003
271
272 #define FILE_VC_QUOTAS_LOG_VIOLATIONS 0x00000004
273 #define FILE_VC_CONTENT_INDEX_DISABLED 0x00000008
274
275 #define FILE_VC_LOG_QUOTA_THRESHOLD 0x00000010
276 #define FILE_VC_LOG_QUOTA_LIMIT 0x00000020
277 #define FILE_VC_LOG_VOLUME_THRESHOLD 0x00000040
278 #define FILE_VC_LOG_VOLUME_LIMIT 0x00000080
279
280 #define FILE_VC_QUOTAS_INCOMPLETE 0x00000100
281 #define FILE_VC_QUOTAS_REBUILDING 0x00000200
282
283 #define FILE_VC_VALID_MASK 0x000003ff
284
285 #define FSRTL_FLAG_FILE_MODIFIED (0x01)
286 #define FSRTL_FLAG_FILE_LENGTH_CHANGED (0x02)
287 #define FSRTL_FLAG_LIMIT_MODIFIED_PAGES (0x04)
288 #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_EX (0x08)
289 #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_SH (0x10)
290 #define FSRTL_FLAG_USER_MAPPED_FILE (0x20)
291 #define FSRTL_FLAG_ADVANCED_HEADER (0x40)
292 #define FSRTL_FLAG_EOF_ADVANCE_ACTIVE (0x80)
293
294 #define FSRTL_FLAG2_DO_MODIFIED_WRITE (0x01)
295 #define FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS (0x02)
296 #define FSRTL_FLAG2_PURGE_WHEN_MAPPED (0x04)
297 #define FSRTL_FLAG2_IS_PAGING_FILE (0x08)
298
299 #define FSRTL_FSP_TOP_LEVEL_IRP (0x01)
300 #define FSRTL_CACHE_TOP_LEVEL_IRP (0x02)
301 #define FSRTL_MOD_WRITE_TOP_LEVEL_IRP (0x03)
302 #define FSRTL_FAST_IO_TOP_LEVEL_IRP (0x04)
303 #define FSRTL_MAX_TOP_LEVEL_IRP_FLAG (0x04)
304
305 #define FSRTL_VOLUME_DISMOUNT 1
306 #define FSRTL_VOLUME_DISMOUNT_FAILED 2
307 #define FSRTL_VOLUME_LOCK 3
308 #define FSRTL_VOLUME_LOCK_FAILED 4
309 #define FSRTL_VOLUME_UNLOCK 5
310 #define FSRTL_VOLUME_MOUNT 6
311
312 #define FSRTL_WILD_CHARACTER 0x08
313
314 #define FSRTL_FAT_LEGAL 0x01
315 #define FSRTL_HPFS_LEGAL 0x02
316 #define FSRTL_NTFS_LEGAL 0x04
317 #define FSRTL_WILD_CHARACTER 0x08
318 #define FSRTL_OLE_LEGAL 0x10
319 #define FSRTL_NTFS_STREAM_LEGAL 0x14
320
321 #ifdef _X86_
322 #define HARDWARE_PTE HARDWARE_PTE_X86
323 #define PHARDWARE_PTE PHARDWARE_PTE_X86
324 #endif
325
326 #define IO_CHECK_CREATE_PARAMETERS 0x0200
327 #define IO_ATTACH_DEVICE 0x0400
328
329 #define IO_ATTACH_DEVICE_API 0x80000000
330
331 #define IO_FILE_OBJECT_NON_PAGED_POOL_CHARGE 64
332 #define IO_FILE_OBJECT_PAGED_POOL_CHARGE 1024
333
334 #define IO_TYPE_APC 18
335 #define IO_TYPE_DPC 19
336 #define IO_TYPE_DEVICE_QUEUE 20
337 #define IO_TYPE_EVENT_PAIR 21
338 #define IO_TYPE_INTERRUPT 22
339 #define IO_TYPE_PROFILE 23
340
341 #define IRP_BEING_VERIFIED 0x10
342
343 #define MAILSLOT_CLASS_FIRSTCLASS 1
344 #define MAILSLOT_CLASS_SECONDCLASS 2
345
346 #define MAILSLOT_SIZE_AUTO 0
347
348 #define MAP_PROCESS 1L
349 #define MAP_SYSTEM 2L
350 #define MEM_DOS_LIM 0x40000000
351
352 #define OB_TYPE_TYPE 1
353 #define OB_TYPE_DIRECTORY 2
354 #define OB_TYPE_SYMBOLIC_LINK 3
355 #define OB_TYPE_TOKEN 4
356 #define OB_TYPE_PROCESS 5
357 #define OB_TYPE_THREAD 6
358 #define OB_TYPE_EVENT 7
359 #define OB_TYPE_EVENT_PAIR 8
360 #define OB_TYPE_MUTANT 9
361 #define OB_TYPE_SEMAPHORE 10
362 #define OB_TYPE_TIMER 11
363 #define OB_TYPE_PROFILE 12
364 #define OB_TYPE_WINDOW_STATION 13
365 #define OB_TYPE_DESKTOP 14
366 #define OB_TYPE_SECTION 15
367 #define OB_TYPE_KEY 16
368 #define OB_TYPE_PORT 17
369 #define OB_TYPE_ADAPTER 18
370 #define OB_TYPE_CONTROLLER 19
371 #define OB_TYPE_DEVICE 20
372 #define OB_TYPE_DRIVER 21
373 #define OB_TYPE_IO_COMPLETION 22
374 #define OB_TYPE_FILE 23
375
376 #define PIN_WAIT (1)
377 #define PIN_EXCLUSIVE (2)
378 #define PIN_NO_READ (4)
379 #define PIN_IF_BCB (8)
380
381 #define RTL_DUPLICATE_UNICODE_STRING_NULL_TERMINATE 1
382 #define RTL_DUPLICATE_UNICODE_STRING_ALLOCATE_NULL_STRING 2
383
384 #define SEC_BASED 0x00200000
385
386 #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
387 #define SECURITY_WORLD_RID (0x00000000L)
388
389 #define SID_REVISION 1
390 #define SID_MAX_SUB_AUTHORITIES 15
391 #define SID_RECOMMENDED_SUB_AUTHORITIES 1
392
393 #define TOKEN_ASSIGN_PRIMARY (0x0001)
394 #define TOKEN_DUPLICATE (0x0002)
395 #define TOKEN_IMPERSONATE (0x0004)
396 #define TOKEN_QUERY (0x0008)
397 #define TOKEN_QUERY_SOURCE (0x0010)
398 #define TOKEN_ADJUST_PRIVILEGES (0x0020)
399 #define TOKEN_ADJUST_GROUPS (0x0040)
400 #define TOKEN_ADJUST_DEFAULT (0x0080)
401 #define TOKEN_ADJUST_SESSIONID (0x0100)
402
403 #define TOKEN_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED |\
404 TOKEN_ASSIGN_PRIMARY |\
405 TOKEN_DUPLICATE |\
406 TOKEN_IMPERSONATE |\
407 TOKEN_QUERY |\
408 TOKEN_QUERY_SOURCE |\
409 TOKEN_ADJUST_PRIVILEGES |\
410 TOKEN_ADJUST_GROUPS |\
411 TOKEN_ADJUST_DEFAULT |\
412 TOKEN_ADJUST_SESSIONID)
413
414 #define TOKEN_READ (STANDARD_RIGHTS_READ |\
415 TOKEN_QUERY)
416
417 #define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\
418 TOKEN_ADJUST_PRIVILEGES |\
419 TOKEN_ADJUST_GROUPS |\
420 TOKEN_ADJUST_DEFAULT)
421
422 #define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE)
423
424 #define TOKEN_SOURCE_LENGTH 8
425 /* end winnt.h */
426
427 #define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x01
428 #define TOKEN_HAS_BACKUP_PRIVILEGE 0x02
429 #define TOKEN_HAS_RESTORE_PRIVILEGE 0x04
430 #define TOKEN_HAS_ADMIN_GROUP 0x08
431 #define TOKEN_WRITE_RESTRICTED 0x08
432 #define TOKEN_IS_RESTRICTED 0x10
433 #define SE_BACKUP_PRIVILEGES_CHECKED 0x0100
434
435 #define VACB_MAPPING_GRANULARITY (0x40000)
436 #define VACB_OFFSET_SHIFT (18)
437
438 #define SE_OWNER_DEFAULTED 0x0001
439 #define SE_GROUP_DEFAULTED 0x0002
440 #define SE_DACL_PRESENT 0x0004
441 #define SE_DACL_DEFAULTED 0x0008
442 #define SE_SACL_PRESENT 0x0010
443 #define SE_SACL_DEFAULTED 0x0020
444 #define SE_DACL_UNTRUSTED 0x0040
445 #define SE_SERVER_SECURITY 0x0080
446 #define SE_DACL_AUTO_INHERIT_REQ 0x0100
447 #define SE_SACL_AUTO_INHERIT_REQ 0x0200
448 #define SE_DACL_AUTO_INHERITED 0x0400
449 #define SE_SACL_AUTO_INHERITED 0x0800
450 #define SE_DACL_PROTECTED 0x1000
451 #define SE_SACL_PROTECTED 0x2000
452 #define SE_RM_CONTROL_VALID 0x4000
453 #define SE_SELF_RELATIVE 0x8000
454
455 #ifndef _WINNT_H
456 #define _AUDIT_EVENT_TYPE_HACK 0
457 #endif
458 #if (_AUDIT_EVENT_TYPE_HACK == 1)
459
460 #else
461 typedef enum _AUDIT_EVENT_TYPE
462 {
463 AuditEventObjectAccess,
464 AuditEventDirectoryServiceAccess
465 } AUDIT_EVENT_TYPE, *PAUDIT_EVENT_TYPE;
466 #endif
467
468 #define AUDIT_ALLOW_NO_PRIVILEGE 0x1
469
470 #define FSCTL_REQUEST_OPLOCK_LEVEL_1 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
471 #define FSCTL_REQUEST_OPLOCK_LEVEL_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
472 #define FSCTL_REQUEST_BATCH_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
473 #define FSCTL_OPLOCK_BREAK_ACKNOWLEDGE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 3, METHOD_BUFFERED, FILE_ANY_ACCESS)
474 #define FSCTL_OPBATCH_ACK_CLOSE_PENDING CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
475 #define FSCTL_OPLOCK_BREAK_NOTIFY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 5, METHOD_BUFFERED, FILE_ANY_ACCESS)
476 #define FSCTL_LOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
477 #define FSCTL_UNLOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
478 #define FSCTL_DISMOUNT_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
479
480 #define FSCTL_IS_VOLUME_MOUNTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 10, METHOD_BUFFERED, FILE_ANY_ACCESS)
481 #define FSCTL_IS_PATHNAME_VALID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 11, METHOD_BUFFERED, FILE_ANY_ACCESS)
482 #define FSCTL_MARK_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 12, METHOD_BUFFERED, FILE_ANY_ACCESS)
483
484 #define FSCTL_QUERY_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 14, METHOD_NEITHER, FILE_ANY_ACCESS)
485 #define FSCTL_GET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 15, METHOD_BUFFERED, FILE_ANY_ACCESS)
486 #define FSCTL_SET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 16, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
487
488
489 #define FSCTL_MARK_AS_SYSTEM_HIVE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 19, METHOD_NEITHER, FILE_ANY_ACCESS)
490 #define FSCTL_OPLOCK_BREAK_ACK_NO_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 20, METHOD_BUFFERED, FILE_ANY_ACCESS)
491 #define FSCTL_INVALIDATE_VOLUMES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 21, METHOD_BUFFERED, FILE_ANY_ACCESS)
492 #define FSCTL_QUERY_FAT_BPB CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 22, METHOD_BUFFERED, FILE_ANY_ACCESS)
493 #define FSCTL_REQUEST_FILTER_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 23, METHOD_BUFFERED, FILE_ANY_ACCESS)
494 #define FSCTL_FILESYSTEM_GET_STATISTICS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 24, METHOD_BUFFERED, FILE_ANY_ACCESS)
495
496 #if (VER_PRODUCTBUILD >= 1381)
497
498 #define FSCTL_GET_NTFS_VOLUME_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 25, METHOD_BUFFERED, FILE_ANY_ACCESS)
499 #define FSCTL_GET_NTFS_FILE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 26, METHOD_BUFFERED, FILE_ANY_ACCESS)
500 #define FSCTL_GET_VOLUME_BITMAP CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 27, METHOD_NEITHER, FILE_ANY_ACCESS)
501 #define FSCTL_GET_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 28, METHOD_NEITHER, FILE_ANY_ACCESS)
502 #define FSCTL_MOVE_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 29, METHOD_BUFFERED, FILE_ANY_ACCESS)
503 #define FSCTL_IS_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 30, METHOD_BUFFERED, FILE_ANY_ACCESS)
504 #define FSCTL_GET_HFS_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS)
505 #define FSCTL_ALLOW_EXTENDED_DASD_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 32, METHOD_NEITHER, FILE_ANY_ACCESS)
506
507 #endif /* (VER_PRODUCTBUILD >= 1381) */
508
509 #if (VER_PRODUCTBUILD >= 2195)
510
511 #define FSCTL_READ_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS)
512 #define FSCTL_WRITE_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS)
513 #define FSCTL_FIND_FILES_BY_SID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 35, METHOD_NEITHER, FILE_ANY_ACCESS)
514
515 #define FSCTL_DUMP_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS)
516 #define FSCTL_SET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 38, METHOD_BUFFERED, FILE_WRITE_DATA)
517 #define FSCTL_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 39, METHOD_BUFFERED, FILE_ANY_ACCESS)
518 #define FSCTL_DELETE_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 40, METHOD_BUFFERED, FILE_WRITE_DATA)
519 #define FSCTL_SET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 41, METHOD_BUFFERED, FILE_WRITE_DATA)
520 #define FSCTL_GET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 42, METHOD_BUFFERED, FILE_ANY_ACCESS)
521 #define FSCTL_DELETE_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 43, METHOD_BUFFERED, FILE_WRITE_DATA)
522 #define FSCTL_ENUM_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 44, METHOD_NEITHER, FILE_READ_DATA)
523 #define FSCTL_SECURITY_ID_CHECK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 45, METHOD_NEITHER, FILE_READ_DATA)
524 #define FSCTL_READ_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 46, METHOD_NEITHER, FILE_READ_DATA)
525 #define FSCTL_SET_OBJECT_ID_EXTENDED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 47, METHOD_BUFFERED, FILE_WRITE_DATA)
526 #define FSCTL_CREATE_OR_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 48, METHOD_BUFFERED, FILE_ANY_ACCESS)
527 #define FSCTL_SET_SPARSE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 49, METHOD_BUFFERED, FILE_WRITE_DATA)
528 #define FSCTL_SET_ZERO_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 50, METHOD_BUFFERED, FILE_WRITE_DATA)
529 #define FSCTL_QUERY_ALLOCATED_RANGES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 51, METHOD_NEITHER, FILE_READ_DATA)
530 #define FSCTL_ENABLE_UPGRADE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 52, METHOD_BUFFERED, FILE_WRITE_DATA)
531 #define FSCTL_SET_ENCRYPTION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 53, METHOD_BUFFERED, FILE_ANY_ACCESS)
532 #define FSCTL_ENCRYPTION_FSCTL_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 54, METHOD_NEITHER, FILE_ANY_ACCESS)
533 #define FSCTL_WRITE_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 55, METHOD_NEITHER, FILE_ANY_ACCESS)
534 #define FSCTL_READ_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 56, METHOD_NEITHER, FILE_ANY_ACCESS)
535 #define FSCTL_CREATE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 57, METHOD_NEITHER, FILE_READ_DATA)
536 #define FSCTL_READ_FILE_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 58, METHOD_NEITHER, FILE_READ_DATA)
537 #define FSCTL_WRITE_USN_CLOSE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 59, METHOD_NEITHER, FILE_READ_DATA)
538 #define FSCTL_EXTEND_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 60, METHOD_BUFFERED, FILE_ANY_ACCESS)
539 #define FSCTL_QUERY_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 61, METHOD_BUFFERED, FILE_ANY_ACCESS)
540 #define FSCTL_DELETE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 62, METHOD_BUFFERED, FILE_ANY_ACCESS)
541 #define FSCTL_MARK_HANDLE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 63, METHOD_BUFFERED, FILE_ANY_ACCESS)
542 #define FSCTL_SIS_COPYFILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 64, METHOD_BUFFERED, FILE_ANY_ACCESS)
543 #define FSCTL_SIS_LINK_FILES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 65, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
544 #define FSCTL_HSM_MSG CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
545 #define FSCTL_NSS_CONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 67, METHOD_BUFFERED, FILE_WRITE_DATA)
546 #define FSCTL_HSM_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
547 #define FSCTL_RECALL_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 69, METHOD_NEITHER, FILE_ANY_ACCESS)
548 #define FSCTL_NSS_RCONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 70, METHOD_BUFFERED, FILE_READ_DATA)
549 #define FSCTL_READ_FROM_PLEX CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 71, METHOD_OUT_DIRECT, FILE_READ_DATA)
550 #define FSCTL_FILE_PREFETCH CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 72, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
551
552 #endif /* (VER_PRODUCTBUILD >= 2195) */
553
554 #define FSCTL_MAILSLOT_PEEK CTL_CODE(FILE_DEVICE_MAILSLOT, 0, METHOD_NEITHER, FILE_READ_DATA)
555
556 #define FSCTL_NETWORK_SET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
557 #define FSCTL_NETWORK_GET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
558 #define FSCTL_NETWORK_GET_CONNECTION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS)
559 #define FSCTL_NETWORK_ENUMERATE_CONNECTIONS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS)
560 #define FSCTL_NETWORK_DELETE_CONNECTION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS)
561 #define FSCTL_NETWORK_GET_STATISTICS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 116, METHOD_BUFFERED, FILE_ANY_ACCESS)
562 #define FSCTL_NETWORK_SET_DOMAIN_NAME CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS)
563 #define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS)
564
565 #define FSCTL_PIPE_ASSIGN_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
566 #define FSCTL_PIPE_DISCONNECT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
567 #define FSCTL_PIPE_LISTEN CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
568 #define FSCTL_PIPE_PEEK CTL_CODE(FILE_DEVICE_NAMED_PIPE, 3, METHOD_BUFFERED, FILE_READ_DATA)
569 #define FSCTL_PIPE_QUERY_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
570 #define FSCTL_PIPE_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 5, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
571 #define FSCTL_PIPE_WAIT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
572 #define FSCTL_PIPE_IMPERSONATE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
573 #define FSCTL_PIPE_SET_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
574 #define FSCTL_PIPE_QUERY_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 9, METHOD_BUFFERED, FILE_ANY_ACCESS)
575 #define FSCTL_PIPE_INTERNAL_READ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2045, METHOD_BUFFERED, FILE_READ_DATA)
576 #define FSCTL_PIPE_INTERNAL_WRITE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2046, METHOD_BUFFERED, FILE_WRITE_DATA)
577 #define FSCTL_PIPE_INTERNAL_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2047, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
578 #define FSCTL_PIPE_INTERNAL_READ_OVFLOW CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2048, METHOD_BUFFERED, FILE_READ_DATA)
579
580 #define IOCTL_REDIR_QUERY_PATH CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS)
581
582 typedef PVOID OPLOCK, *POPLOCK;
583
584 typedef struct _CACHE_MANAGER_CALLBACKS *PCACHE_MANAGER_CALLBACKS;
585 typedef struct _FILE_GET_QUOTA_INFORMATION *PFILE_GET_QUOTA_INFORMATION;
586 typedef struct _HANDLE_TABLE *PHANDLE_TABLE;
587 typedef struct _KPROCESS *PKPROCESS;
588 typedef struct _KQUEUE *PKQUEUE;
589 typedef struct _KTRAP_FRAME *PKTRAP_FRAME;
590 typedef struct _OBJECT_DIRECTORY *POBJECT_DIRECTORY;
591 typedef struct _SHARED_CACHE_MAP *PSHARED_CACHE_MAP;
592 typedef struct _VACB *PVACB;
593 typedef struct _VAD_HEADER *PVAD_HEADER;
594
595 typedef ULONG LBN;
596 typedef LBN *PLBN;
597
598 typedef ULONG VBN;
599 typedef VBN *PVBN;
600
601 typedef struct _NOTIFY_SYNC
602 {
603 ULONG Unknown0;
604 ULONG Unknown1;
605 ULONG Unknown2;
606 USHORT Unknown3;
607 USHORT Unknown4;
608 ULONG Unknown5;
609 ULONG Unknown6;
610 ULONG Unknown7;
611 ULONG Unknown8;
612 ULONG Unknown9;
613 ULONG Unknown10;
614 } NOTIFY_SYNC, * PNOTIFY_SYNC;
615
616 typedef enum _FAST_IO_POSSIBLE {
617 FastIoIsNotPossible,
618 FastIoIsPossible,
619 FastIoIsQuestionable
620 } FAST_IO_POSSIBLE;
621
622 typedef enum _FILE_STORAGE_TYPE {
623 StorageTypeDefault = 1,
624 StorageTypeDirectory,
625 StorageTypeFile,
626 StorageTypeJunctionPoint,
627 StorageTypeCatalog,
628 StorageTypeStructuredStorage,
629 StorageTypeEmbedding,
630 StorageTypeStream
631 } FILE_STORAGE_TYPE;
632
633 typedef enum _OBJECT_INFORMATION_CLASS
634 {
635 ObjectBasicInformation,
636 ObjectNameInformation,
637 ObjectTypeInformation,
638 ObjectTypesInformation,
639 ObjectHandleFlagInformation,
640 ObjectSessionInformation,
641 MaxObjectInfoClass
642 } OBJECT_INFORMATION_CLASS;
643
644 typedef struct _OBJECT_BASIC_INFORMATION
645 {
646 ULONG Attributes;
647 ACCESS_MASK GrantedAccess;
648 ULONG HandleCount;
649 ULONG PointerCount;
650 ULONG PagedPoolCharge;
651 ULONG NonPagedPoolCharge;
652 ULONG Reserved[ 3 ];
653 ULONG NameInfoSize;
654 ULONG TypeInfoSize;
655 ULONG SecurityDescriptorSize;
656 LARGE_INTEGER CreationTime;
657 } OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION;
658
659 typedef struct _KAPC_STATE {
660 LIST_ENTRY ApcListHead[2];
661 PKPROCESS Process;
662 BOOLEAN KernelApcInProgress;
663 BOOLEAN KernelApcPending;
664 BOOLEAN UserApcPending;
665 } KAPC_STATE, *PKAPC_STATE, *RESTRICTED_POINTER PRKAPC_STATE;
666 #define KAPC_STATE_ACTUAL_LENGTH (FIELD_OFFSET(KAPC_STATE, UserApcPending) + sizeof(BOOLEAN))
667
668 typedef struct _BITMAP_RANGE {
669 LIST_ENTRY Links;
670 LONGLONG BasePage;
671 ULONG FirstDirtyPage;
672 ULONG LastDirtyPage;
673 ULONG DirtyPages;
674 PULONG Bitmap;
675 } BITMAP_RANGE, *PBITMAP_RANGE;
676
677 typedef struct _CACHE_UNINITIALIZE_EVENT {
678 struct _CACHE_UNINITIALIZE_EVENT *Next;
679 KEVENT Event;
680 } CACHE_UNINITIALIZE_EVENT, *PCACHE_UNINITIALIZE_EVENT;
681
682 typedef struct _CC_FILE_SIZES {
683 LARGE_INTEGER AllocationSize;
684 LARGE_INTEGER FileSize;
685 LARGE_INTEGER ValidDataLength;
686 } CC_FILE_SIZES, *PCC_FILE_SIZES;
687
688 typedef struct _COMPRESSED_DATA_INFO {
689 USHORT CompressionFormatAndEngine;
690 UCHAR CompressionUnitShift;
691 UCHAR ChunkShift;
692 UCHAR ClusterShift;
693 UCHAR Reserved;
694 USHORT NumberOfChunks;
695 ULONG CompressedChunkSizes[ANYSIZE_ARRAY];
696 } COMPRESSED_DATA_INFO, *PCOMPRESSED_DATA_INFO;
697
698 typedef struct _SID_IDENTIFIER_AUTHORITY {
699 BYTE Value[6];
700 } SID_IDENTIFIER_AUTHORITY,*PSID_IDENTIFIER_AUTHORITY,*LPSID_IDENTIFIER_AUTHORITY;
701 typedef PVOID PSID;
702 typedef struct _SID {
703 BYTE Revision;
704 BYTE SubAuthorityCount;
705 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
706 DWORD SubAuthority[ANYSIZE_ARRAY];
707 } SID, *PISID;
708 typedef struct _SID_AND_ATTRIBUTES {
709 PSID Sid;
710 DWORD Attributes;
711 } SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES;
712 typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
713 typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY;
714 typedef struct _TOKEN_SOURCE {
715 CHAR SourceName[TOKEN_SOURCE_LENGTH];
716 LUID SourceIdentifier;
717 } TOKEN_SOURCE,*PTOKEN_SOURCE;
718 typedef struct _TOKEN_CONTROL {
719 LUID TokenId;
720 LUID AuthenticationId;
721 LUID ModifiedId;
722 TOKEN_SOURCE TokenSource;
723 } TOKEN_CONTROL,*PTOKEN_CONTROL;
724 typedef struct _TOKEN_DEFAULT_DACL {
725 PACL DefaultDacl;
726 } TOKEN_DEFAULT_DACL,*PTOKEN_DEFAULT_DACL;
727 typedef struct _TOKEN_GROUPS {
728 DWORD GroupCount;
729 SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
730 } TOKEN_GROUPS,*PTOKEN_GROUPS,*LPTOKEN_GROUPS;
731 typedef struct _TOKEN_GROUPS_AND_PRIVILEGES {
732 ULONG SidCount;
733 ULONG SidLength;
734 PSID_AND_ATTRIBUTES Sids;
735 ULONG RestrictedSidCount;
736 ULONG RestrictedSidLength;
737 PSID_AND_ATTRIBUTES RestrictedSids;
738 ULONG PrivilegeCount;
739 ULONG PrivilegeLength;
740 PLUID_AND_ATTRIBUTES Privileges;
741 LUID AuthenticationId;
742 } TOKEN_GROUPS_AND_PRIVILEGES, *PTOKEN_GROUPS_AND_PRIVILEGES;
743 typedef struct _TOKEN_ORIGIN {
744 LUID OriginatingLogonSession;
745 } TOKEN_ORIGIN, *PTOKEN_ORIGIN;
746 typedef struct _TOKEN_OWNER {
747 PSID Owner;
748 } TOKEN_OWNER,*PTOKEN_OWNER;
749 typedef struct _TOKEN_PRIMARY_GROUP {
750 PSID PrimaryGroup;
751 } TOKEN_PRIMARY_GROUP,*PTOKEN_PRIMARY_GROUP;
752 typedef struct _TOKEN_PRIVILEGES {
753 DWORD PrivilegeCount;
754 LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
755 } TOKEN_PRIVILEGES,*PTOKEN_PRIVILEGES,*LPTOKEN_PRIVILEGES;
756 typedef enum tagTOKEN_TYPE {
757 TokenPrimary = 1,
758 TokenImpersonation
759 } TOKEN_TYPE,*PTOKEN_TYPE;
760 typedef struct _TOKEN_STATISTICS {
761 LUID TokenId;
762 LUID AuthenticationId;
763 LARGE_INTEGER ExpirationTime;
764 TOKEN_TYPE TokenType;
765 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
766 DWORD DynamicCharged;
767 DWORD DynamicAvailable;
768 DWORD GroupCount;
769 DWORD PrivilegeCount;
770 LUID ModifiedId;
771 } TOKEN_STATISTICS, *PTOKEN_STATISTICS;
772 typedef struct _TOKEN_USER {
773 SID_AND_ATTRIBUTES User;
774 } TOKEN_USER, *PTOKEN_USER;
775 typedef DWORD SECURITY_INFORMATION,*PSECURITY_INFORMATION;
776 typedef WORD SECURITY_DESCRIPTOR_CONTROL,*PSECURITY_DESCRIPTOR_CONTROL;
777 typedef struct _SECURITY_DESCRIPTOR {
778 BYTE Revision;
779 BYTE Sbz1;
780 SECURITY_DESCRIPTOR_CONTROL Control;
781 PSID Owner;
782 PSID Group;
783 PACL Sacl;
784 PACL Dacl;
785 } SECURITY_DESCRIPTOR, *PISECURITY_DESCRIPTOR;
786 typedef struct _SECURITY_DESCRIPTOR_RELATIVE {
787 BYTE Revision;
788 BYTE Sbz1;
789 SECURITY_DESCRIPTOR_CONTROL Control;
790 DWORD Owner;
791 DWORD Group;
792 DWORD Sacl;
793 DWORD Dacl;
794 } SECURITY_DESCRIPTOR_RELATIVE, *PISECURITY_DESCRIPTOR_RELATIVE;
795 typedef enum _TOKEN_INFORMATION_CLASS {
796 TokenUser=1,TokenGroups,TokenPrivileges,TokenOwner,
797 TokenPrimaryGroup,TokenDefaultDacl,TokenSource,TokenType,
798 TokenImpersonationLevel,TokenStatistics,TokenRestrictedSids,
799 TokenSessionId,TokenGroupsAndPrivileges,TokenSessionReference,
800 TokenSandBoxInert,TokenAuditPolicy,TokenOrigin,
801 } TOKEN_INFORMATION_CLASS;
802
803 #define SYMLINK_FLAG_RELATIVE 1
804
805 typedef struct _REPARSE_DATA_BUFFER {
806 ULONG ReparseTag;
807 USHORT ReparseDataLength;
808 USHORT Reserved;
809 union {
810 struct {
811 USHORT SubstituteNameOffset;
812 USHORT SubstituteNameLength;
813 USHORT PrintNameOffset;
814 USHORT PrintNameLength;
815 ULONG Flags;
816 WCHAR PathBuffer[1];
817 } SymbolicLinkReparseBuffer;
818 struct {
819 USHORT SubstituteNameOffset;
820 USHORT SubstituteNameLength;
821 USHORT PrintNameOffset;
822 USHORT PrintNameLength;
823 WCHAR PathBuffer[1];
824 } MountPointReparseBuffer;
825 struct {
826 UCHAR DataBuffer[1];
827 } GenericReparseBuffer;
828 };
829 } REPARSE_DATA_BUFFER, *PREPARSE_DATA_BUFFER;
830
831 #define REPARSE_DATA_BUFFER_HEADER_SIZE FIELD_OFFSET(REPARSE_DATA_BUFFER, GenericReparseBuffer)
832
833 typedef struct _FILE_ACCESS_INFORMATION {
834 ACCESS_MASK AccessFlags;
835 } FILE_ACCESS_INFORMATION, *PFILE_ACCESS_INFORMATION;
836
837 typedef struct _FILE_ALLOCATION_INFORMATION {
838 LARGE_INTEGER AllocationSize;
839 } FILE_ALLOCATION_INFORMATION, *PFILE_ALLOCATION_INFORMATION;
840
841 typedef struct _FILE_BOTH_DIR_INFORMATION {
842 ULONG NextEntryOffset;
843 ULONG FileIndex;
844 LARGE_INTEGER CreationTime;
845 LARGE_INTEGER LastAccessTime;
846 LARGE_INTEGER LastWriteTime;
847 LARGE_INTEGER ChangeTime;
848 LARGE_INTEGER EndOfFile;
849 LARGE_INTEGER AllocationSize;
850 ULONG FileAttributes;
851 ULONG FileNameLength;
852 ULONG EaSize;
853 CCHAR ShortNameLength;
854 WCHAR ShortName[12];
855 WCHAR FileName[1];
856 } FILE_BOTH_DIR_INFORMATION, *PFILE_BOTH_DIR_INFORMATION;
857
858 typedef struct _FILE_COMPLETION_INFORMATION {
859 HANDLE Port;
860 PVOID Key;
861 } FILE_COMPLETION_INFORMATION, *PFILE_COMPLETION_INFORMATION;
862
863 typedef struct _FILE_COMPRESSION_INFORMATION {
864 LARGE_INTEGER CompressedFileSize;
865 USHORT CompressionFormat;
866 UCHAR CompressionUnitShift;
867 UCHAR ChunkShift;
868 UCHAR ClusterShift;
869 UCHAR Reserved[3];
870 } FILE_COMPRESSION_INFORMATION, *PFILE_COMPRESSION_INFORMATION;
871
872 typedef struct _FILE_COPY_ON_WRITE_INFORMATION {
873 BOOLEAN ReplaceIfExists;
874 HANDLE RootDirectory;
875 ULONG FileNameLength;
876 WCHAR FileName[1];
877 } FILE_COPY_ON_WRITE_INFORMATION, *PFILE_COPY_ON_WRITE_INFORMATION;
878
879 typedef struct _FILE_DIRECTORY_INFORMATION {
880 ULONG NextEntryOffset;
881 ULONG FileIndex;
882 LARGE_INTEGER CreationTime;
883 LARGE_INTEGER LastAccessTime;
884 LARGE_INTEGER LastWriteTime;
885 LARGE_INTEGER ChangeTime;
886 LARGE_INTEGER EndOfFile;
887 LARGE_INTEGER AllocationSize;
888 ULONG FileAttributes;
889 ULONG FileNameLength;
890 WCHAR FileName[1];
891 } FILE_DIRECTORY_INFORMATION, *PFILE_DIRECTORY_INFORMATION;
892
893 typedef struct _FILE_FULL_DIRECTORY_INFORMATION {
894 ULONG NextEntryOffset;
895 ULONG FileIndex;
896 LARGE_INTEGER CreationTime;
897 LARGE_INTEGER LastAccessTime;
898 LARGE_INTEGER LastWriteTime;
899 LARGE_INTEGER ChangeTime;
900 LARGE_INTEGER EndOfFile;
901 LARGE_INTEGER AllocationSize;
902 ULONG FileAttributes;
903 ULONG FileNameLength;
904 ULONG EaSize;
905 WCHAR FileName[0];
906 } FILE_FULL_DIRECTORY_INFORMATION, *PFILE_FULL_DIRECTORY_INFORMATION;
907
908 typedef struct _FILE_ID_FULL_DIR_INFORMATION {
909 ULONG NextEntryOffset;
910 ULONG FileIndex;
911 LARGE_INTEGER CreationTime;
912 LARGE_INTEGER LastAccessTime;
913 LARGE_INTEGER LastWriteTime;
914 LARGE_INTEGER ChangeTime;
915 LARGE_INTEGER EndOfFile;
916 LARGE_INTEGER AllocationSize;
917 ULONG FileAttributes;
918 ULONG FileNameLength;
919 ULONG EaSize;
920 LARGE_INTEGER FileId;
921 WCHAR FileName[1];
922 } FILE_ID_FULL_DIR_INFORMATION, *PFILE_ID_FULL_DIR_INFORMATION;
923
924 typedef struct _FILE_BOTH_DIRECTORY_INFORMATION {
925 ULONG NextEntryOffset;
926 ULONG FileIndex;
927 LARGE_INTEGER CreationTime;
928 LARGE_INTEGER LastAccessTime;
929 LARGE_INTEGER LastWriteTime;
930 LARGE_INTEGER ChangeTime;
931 LARGE_INTEGER EndOfFile;
932 LARGE_INTEGER AllocationSize;
933 ULONG FileAttributes;
934 ULONG FileNameLength;
935 ULONG EaSize;
936 CHAR ShortNameLength;
937 WCHAR ShortName[12];
938 WCHAR FileName[0];
939 } FILE_BOTH_DIRECTORY_INFORMATION, *PFILE_BOTH_DIRECTORY_INFORMATION;
940
941 typedef struct _FILE_ID_BOTH_DIR_INFORMATION {
942 ULONG NextEntryOffset;
943 ULONG FileIndex;
944 LARGE_INTEGER CreationTime;
945 LARGE_INTEGER LastAccessTime;
946 LARGE_INTEGER LastWriteTime;
947 LARGE_INTEGER ChangeTime;
948 LARGE_INTEGER EndOfFile;
949 LARGE_INTEGER AllocationSize;
950 ULONG FileAttributes;
951 ULONG FileNameLength;
952 ULONG EaSize;
953 CCHAR ShortNameLength;
954 WCHAR ShortName[12];
955 LARGE_INTEGER FileId;
956 WCHAR FileName[1];
957 } FILE_ID_BOTH_DIR_INFORMATION, *PFILE_ID_BOTH_DIR_INFORMATION;
958
959 typedef struct _FILE_EA_INFORMATION {
960 ULONG EaSize;
961 } FILE_EA_INFORMATION, *PFILE_EA_INFORMATION;
962
963 typedef struct _FILE_FS_ATTRIBUTE_INFORMATION {
964 ULONG FileSystemAttributes;
965 ULONG MaximumComponentNameLength;
966 ULONG FileSystemNameLength;
967 WCHAR FileSystemName[1];
968 } FILE_FS_ATTRIBUTE_INFORMATION, *PFILE_FS_ATTRIBUTE_INFORMATION;
969
970 typedef struct _FILE_FS_CONTROL_INFORMATION {
971 LARGE_INTEGER FreeSpaceStartFiltering;
972 LARGE_INTEGER FreeSpaceThreshold;
973 LARGE_INTEGER FreeSpaceStopFiltering;
974 LARGE_INTEGER DefaultQuotaThreshold;
975 LARGE_INTEGER DefaultQuotaLimit;
976 ULONG FileSystemControlFlags;
977 } FILE_FS_CONTROL_INFORMATION, *PFILE_FS_CONTROL_INFORMATION;
978
979 typedef struct _FILE_FS_FULL_SIZE_INFORMATION {
980 LARGE_INTEGER TotalAllocationUnits;
981 LARGE_INTEGER CallerAvailableAllocationUnits;
982 LARGE_INTEGER ActualAvailableAllocationUnits;
983 ULONG SectorsPerAllocationUnit;
984 ULONG BytesPerSector;
985 } FILE_FS_FULL_SIZE_INFORMATION, *PFILE_FS_FULL_SIZE_INFORMATION;
986
987 typedef struct _FILE_FS_LABEL_INFORMATION {
988 ULONG VolumeLabelLength;
989 WCHAR VolumeLabel[1];
990 } FILE_FS_LABEL_INFORMATION, *PFILE_FS_LABEL_INFORMATION;
991
992 #if (VER_PRODUCTBUILD >= 2195)
993
994 typedef struct _FILE_FS_OBJECT_ID_INFORMATION {
995 UCHAR ObjectId[16];
996 UCHAR ExtendedInfo[48];
997 } FILE_FS_OBJECT_ID_INFORMATION, *PFILE_FS_OBJECT_ID_INFORMATION;
998
999 #endif /* (VER_PRODUCTBUILD >= 2195) */
1000
1001 typedef struct _FILE_FS_SIZE_INFORMATION {
1002 LARGE_INTEGER TotalAllocationUnits;
1003 LARGE_INTEGER AvailableAllocationUnits;
1004 ULONG SectorsPerAllocationUnit;
1005 ULONG BytesPerSector;
1006 } FILE_FS_SIZE_INFORMATION, *PFILE_FS_SIZE_INFORMATION;
1007
1008 typedef struct _FILE_FS_VOLUME_INFORMATION {
1009 LARGE_INTEGER VolumeCreationTime;
1010 ULONG VolumeSerialNumber;
1011 ULONG VolumeLabelLength;
1012 BOOLEAN SupportsObjects;
1013 WCHAR VolumeLabel[1];
1014 } FILE_FS_VOLUME_INFORMATION, *PFILE_FS_VOLUME_INFORMATION;
1015
1016 typedef struct _FILE_FS_OBJECTID_INFORMATION
1017 {
1018 UCHAR ObjectId[16];
1019 UCHAR ExtendedInfo[48];
1020 } FILE_FS_OBJECTID_INFORMATION, *PFILE_FS_OBJECTID_INFORMATION;
1021
1022 typedef struct _FILE_FS_DRIVER_PATH_INFORMATION
1023 {
1024 BOOLEAN DriverInPath;
1025 ULONG DriverNameLength;
1026 WCHAR DriverName[1];
1027 } FILE_FS_DRIVER_PATH_INFORMATION, *PFILE_FS_DRIVER_PATH_INFORMATION;
1028
1029 typedef struct _FILE_FULL_DIR_INFORMATION {
1030 ULONG NextEntryOffset;
1031 ULONG FileIndex;
1032 LARGE_INTEGER CreationTime;
1033 LARGE_INTEGER LastAccessTime;
1034 LARGE_INTEGER LastWriteTime;
1035 LARGE_INTEGER ChangeTime;
1036 LARGE_INTEGER EndOfFile;
1037 LARGE_INTEGER AllocationSize;
1038 ULONG FileAttributes;
1039 ULONG FileNameLength;
1040 ULONG EaSize;
1041 WCHAR FileName[1];
1042 } FILE_FULL_DIR_INFORMATION, *PFILE_FULL_DIR_INFORMATION;
1043
1044 typedef struct _FILE_GET_EA_INFORMATION {
1045 ULONG NextEntryOffset;
1046 UCHAR EaNameLength;
1047 CHAR EaName[1];
1048 } FILE_GET_EA_INFORMATION, *PFILE_GET_EA_INFORMATION;
1049
1050 typedef struct _FILE_GET_QUOTA_INFORMATION {
1051 ULONG NextEntryOffset;
1052 ULONG SidLength;
1053 SID Sid;
1054 } FILE_GET_QUOTA_INFORMATION, *PFILE_GET_QUOTA_INFORMATION;
1055
1056 typedef struct _FILE_QUOTA_INFORMATION
1057 {
1058 ULONG NextEntryOffset;
1059 ULONG SidLength;
1060 LARGE_INTEGER ChangeTime;
1061 LARGE_INTEGER QuotaUsed;
1062 LARGE_INTEGER QuotaThreshold;
1063 LARGE_INTEGER QuotaLimit;
1064 SID Sid;
1065 } FILE_QUOTA_INFORMATION, *PFILE_QUOTA_INFORMATION;
1066
1067 typedef struct _FILE_INTERNAL_INFORMATION {
1068 LARGE_INTEGER IndexNumber;
1069 } FILE_INTERNAL_INFORMATION, *PFILE_INTERNAL_INFORMATION;
1070
1071 typedef struct _FILE_LINK_INFORMATION {
1072 BOOLEAN ReplaceIfExists;
1073 HANDLE RootDirectory;
1074 ULONG FileNameLength;
1075 WCHAR FileName[1];
1076 } FILE_LINK_INFORMATION, *PFILE_LINK_INFORMATION;
1077
1078 typedef struct _FILE_LOCK_INFO
1079 {
1080 LARGE_INTEGER StartingByte;
1081 LARGE_INTEGER Length;
1082 BOOLEAN ExclusiveLock;
1083 ULONG Key;
1084 PFILE_OBJECT FileObject;
1085 PVOID ProcessId;
1086 LARGE_INTEGER EndingByte;
1087 } FILE_LOCK_INFO, *PFILE_LOCK_INFO;
1088
1089 typedef struct _FILE_REPARSE_POINT_INFORMATION
1090 {
1091 LONGLONG FileReference;
1092 ULONG Tag;
1093 } FILE_REPARSE_POINT_INFORMATION, *PFILE_REPARSE_POINT_INFORMATION;
1094
1095 typedef struct _FILE_MOVE_CLUSTER_INFORMATION
1096 {
1097 ULONG ClusterCount;
1098 HANDLE RootDirectory;
1099 ULONG FileNameLength;
1100 WCHAR FileName[1];
1101 } FILE_MOVE_CLUSTER_INFORMATION, *PFILE_MOVE_CLUSTER_INFORMATION;
1102
1103 /* raw internal file lock struct returned from FsRtlGetNextFileLock */
1104 typedef struct _FILE_SHARED_LOCK_ENTRY {
1105 PVOID Unknown1;
1106 PVOID Unknown2;
1107 FILE_LOCK_INFO FileLock;
1108 } FILE_SHARED_LOCK_ENTRY, *PFILE_SHARED_LOCK_ENTRY;
1109
1110 /* raw internal file lock struct returned from FsRtlGetNextFileLock */
1111 typedef struct _FILE_EXCLUSIVE_LOCK_ENTRY {
1112 LIST_ENTRY ListEntry;
1113 PVOID Unknown1;
1114 PVOID Unknown2;
1115 FILE_LOCK_INFO FileLock;
1116 } FILE_EXCLUSIVE_LOCK_ENTRY, *PFILE_EXCLUSIVE_LOCK_ENTRY;
1117
1118 typedef NTSTATUS (NTAPI *PCOMPLETE_LOCK_IRP_ROUTINE) (
1119 IN PVOID Context,
1120 IN PIRP Irp
1121 );
1122
1123 typedef VOID (NTAPI *PUNLOCK_ROUTINE) (
1124 IN PVOID Context,
1125 IN PFILE_LOCK_INFO FileLockInfo
1126 );
1127
1128 typedef struct _FILE_LOCK {
1129 PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine;
1130 PUNLOCK_ROUTINE UnlockRoutine;
1131 BOOLEAN FastIoIsQuestionable;
1132 BOOLEAN Pad[3];
1133 PVOID LockInformation;
1134 FILE_LOCK_INFO LastReturnedLockInfo;
1135 PVOID LastReturnedLock;
1136 } FILE_LOCK, *PFILE_LOCK;
1137
1138 typedef struct _FILE_MAILSLOT_PEEK_BUFFER {
1139 ULONG ReadDataAvailable;
1140 ULONG NumberOfMessages;
1141 ULONG MessageLength;
1142 } FILE_MAILSLOT_PEEK_BUFFER, *PFILE_MAILSLOT_PEEK_BUFFER;
1143
1144 typedef struct _FILE_MAILSLOT_QUERY_INFORMATION {
1145 ULONG MaximumMessageSize;
1146 ULONG MailslotQuota;
1147 ULONG NextMessageSize;
1148 ULONG MessagesAvailable;
1149 LARGE_INTEGER ReadTimeout;
1150 } FILE_MAILSLOT_QUERY_INFORMATION, *PFILE_MAILSLOT_QUERY_INFORMATION;
1151
1152 typedef struct _FILE_MAILSLOT_SET_INFORMATION {
1153 PLARGE_INTEGER ReadTimeout;
1154 } FILE_MAILSLOT_SET_INFORMATION, *PFILE_MAILSLOT_SET_INFORMATION;
1155
1156 typedef struct _FILE_MODE_INFORMATION {
1157 ULONG Mode;
1158 } FILE_MODE_INFORMATION, *PFILE_MODE_INFORMATION;
1159
1160 typedef struct _FILE_ALL_INFORMATION {
1161 FILE_BASIC_INFORMATION BasicInformation;
1162 FILE_STANDARD_INFORMATION StandardInformation;
1163 FILE_INTERNAL_INFORMATION InternalInformation;
1164 FILE_EA_INFORMATION EaInformation;
1165 FILE_ACCESS_INFORMATION AccessInformation;
1166 FILE_POSITION_INFORMATION PositionInformation;
1167 FILE_MODE_INFORMATION ModeInformation;
1168 FILE_ALIGNMENT_INFORMATION AlignmentInformation;
1169 FILE_NAME_INFORMATION NameInformation;
1170 } FILE_ALL_INFORMATION, *PFILE_ALL_INFORMATION;
1171
1172 typedef struct _FILE_NAMES_INFORMATION {
1173 ULONG NextEntryOffset;
1174 ULONG FileIndex;
1175 ULONG FileNameLength;
1176 WCHAR FileName[1];
1177 } FILE_NAMES_INFORMATION, *PFILE_NAMES_INFORMATION;
1178
1179 typedef struct _FILE_OBJECTID_INFORMATION {
1180 LONGLONG FileReference;
1181 UCHAR ObjectId[16];
1182 _ANONYMOUS_UNION union {
1183 struct {
1184 UCHAR BirthVolumeId[16];
1185 UCHAR BirthObjectId[16];
1186 UCHAR DomainId[16];
1187 } ;
1188 UCHAR ExtendedInfo[48];
1189 } DUMMYUNIONNAME;
1190 } FILE_OBJECTID_INFORMATION, *PFILE_OBJECTID_INFORMATION;
1191
1192 typedef struct _FILE_OLE_CLASSID_INFORMATION {
1193 GUID ClassId;
1194 } FILE_OLE_CLASSID_INFORMATION, *PFILE_OLE_CLASSID_INFORMATION;
1195
1196 typedef struct _FILE_OLE_ALL_INFORMATION {
1197 FILE_BASIC_INFORMATION BasicInformation;
1198 FILE_STANDARD_INFORMATION StandardInformation;
1199 FILE_INTERNAL_INFORMATION InternalInformation;
1200 FILE_EA_INFORMATION EaInformation;
1201 FILE_ACCESS_INFORMATION AccessInformation;
1202 FILE_POSITION_INFORMATION PositionInformation;
1203 FILE_MODE_INFORMATION ModeInformation;
1204 FILE_ALIGNMENT_INFORMATION AlignmentInformation;
1205 USN LastChangeUsn;
1206 USN ReplicationUsn;
1207 LARGE_INTEGER SecurityChangeTime;
1208 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation;
1209 FILE_OBJECTID_INFORMATION ObjectIdInformation;
1210 FILE_STORAGE_TYPE StorageType;
1211 ULONG OleStateBits;
1212 ULONG OleId;
1213 ULONG NumberOfStreamReferences;
1214 ULONG StreamIndex;
1215 ULONG SecurityId;
1216 BOOLEAN ContentIndexDisable;
1217 BOOLEAN InheritContentIndexDisable;
1218 FILE_NAME_INFORMATION NameInformation;
1219 } FILE_OLE_ALL_INFORMATION, *PFILE_OLE_ALL_INFORMATION;
1220
1221 typedef struct _FILE_OLE_DIR_INFORMATION {
1222 ULONG NextEntryOffset;
1223 ULONG FileIndex;
1224 LARGE_INTEGER CreationTime;
1225 LARGE_INTEGER LastAccessTime;
1226 LARGE_INTEGER LastWriteTime;
1227 LARGE_INTEGER ChangeTime;
1228 LARGE_INTEGER EndOfFile;
1229 LARGE_INTEGER AllocationSize;
1230 ULONG FileAttributes;
1231 ULONG FileNameLength;
1232 FILE_STORAGE_TYPE StorageType;
1233 GUID OleClassId;
1234 ULONG OleStateBits;
1235 BOOLEAN ContentIndexDisable;
1236 BOOLEAN InheritContentIndexDisable;
1237 WCHAR FileName[1];
1238 } FILE_OLE_DIR_INFORMATION, *PFILE_OLE_DIR_INFORMATION;
1239
1240 typedef struct _FILE_OLE_INFORMATION {
1241 LARGE_INTEGER SecurityChangeTime;
1242 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation;
1243 FILE_OBJECTID_INFORMATION ObjectIdInformation;
1244 FILE_STORAGE_TYPE StorageType;
1245 ULONG OleStateBits;
1246 BOOLEAN ContentIndexDisable;
1247 BOOLEAN InheritContentIndexDisable;
1248 } FILE_OLE_INFORMATION, *PFILE_OLE_INFORMATION;
1249
1250 typedef struct _FILE_OLE_STATE_BITS_INFORMATION {
1251 ULONG StateBits;
1252 ULONG StateBitsMask;
1253 } FILE_OLE_STATE_BITS_INFORMATION, *PFILE_OLE_STATE_BITS_INFORMATION;
1254
1255 typedef struct _FILE_PIPE_ASSIGN_EVENT_BUFFER {
1256 HANDLE EventHandle;
1257 ULONG KeyValue;
1258 } FILE_PIPE_ASSIGN_EVENT_BUFFER, *PFILE_PIPE_ASSIGN_EVENT_BUFFER;
1259
1260 typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER {
1261 PVOID ClientSession;
1262 PVOID ClientProcess;
1263 } FILE_PIPE_CLIENT_PROCESS_BUFFER, *PFILE_PIPE_CLIENT_PROCESS_BUFFER;
1264
1265 typedef struct _FILE_PIPE_EVENT_BUFFER {
1266 ULONG NamedPipeState;
1267 ULONG EntryType;
1268 ULONG ByteCount;
1269 ULONG KeyValue;
1270 ULONG NumberRequests;
1271 } FILE_PIPE_EVENT_BUFFER, *PFILE_PIPE_EVENT_BUFFER;
1272
1273 typedef struct _FILE_PIPE_PEEK_BUFFER
1274 {
1275 ULONG NamedPipeState;
1276 ULONG ReadDataAvailable;
1277 ULONG NumberOfMessages;
1278 ULONG MessageLength;
1279 CHAR Data[1];
1280 } FILE_PIPE_PEEK_BUFFER, *PFILE_PIPE_PEEK_BUFFER;
1281
1282 typedef struct _FILE_PIPE_INFORMATION {
1283 ULONG ReadMode;
1284 ULONG CompletionMode;
1285 } FILE_PIPE_INFORMATION, *PFILE_PIPE_INFORMATION;
1286
1287 typedef struct _FILE_PIPE_LOCAL_INFORMATION {
1288 ULONG NamedPipeType;
1289 ULONG NamedPipeConfiguration;
1290 ULONG MaximumInstances;
1291 ULONG CurrentInstances;
1292 ULONG InboundQuota;
1293 ULONG ReadDataAvailable;
1294 ULONG OutboundQuota;
1295 ULONG WriteQuotaAvailable;
1296 ULONG NamedPipeState;
1297 ULONG NamedPipeEnd;
1298 } FILE_PIPE_LOCAL_INFORMATION, *PFILE_PIPE_LOCAL_INFORMATION;
1299
1300 typedef struct _FILE_PIPE_REMOTE_INFORMATION {
1301 LARGE_INTEGER CollectDataTime;
1302 ULONG MaximumCollectionCount;
1303 } FILE_PIPE_REMOTE_INFORMATION, *PFILE_PIPE_REMOTE_INFORMATION;
1304
1305 typedef struct _FILE_PIPE_WAIT_FOR_BUFFER {
1306 LARGE_INTEGER Timeout;
1307 ULONG NameLength;
1308 BOOLEAN TimeoutSpecified;
1309 WCHAR Name[1];
1310 } FILE_PIPE_WAIT_FOR_BUFFER, *PFILE_PIPE_WAIT_FOR_BUFFER;
1311
1312 typedef struct _FILE_RENAME_INFORMATION {
1313 BOOLEAN ReplaceIfExists;
1314 HANDLE RootDirectory;
1315 ULONG FileNameLength;
1316 WCHAR FileName[1];
1317 } FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION;
1318
1319 typedef struct _FILE_STREAM_INFORMATION {
1320 ULONG NextEntryOffset;
1321 ULONG StreamNameLength;
1322 LARGE_INTEGER StreamSize;
1323 LARGE_INTEGER StreamAllocationSize;
1324 WCHAR StreamName[1];
1325 } FILE_STREAM_INFORMATION, *PFILE_STREAM_INFORMATION;
1326
1327 typedef struct _FILE_TRACKING_INFORMATION {
1328 HANDLE DestinationFile;
1329 ULONG ObjectInformationLength;
1330 CHAR ObjectInformation[1];
1331 } FILE_TRACKING_INFORMATION, *PFILE_TRACKING_INFORMATION;
1332
1333 #if (VER_PRODUCTBUILD >= 2195)
1334 typedef struct _FILE_ZERO_DATA_INFORMATION {
1335 LARGE_INTEGER FileOffset;
1336 LARGE_INTEGER BeyondFinalZero;
1337 } FILE_ZERO_DATA_INFORMATION, *PFILE_ZERO_DATA_INFORMATION;
1338
1339 typedef struct FILE_ALLOCATED_RANGE_BUFFER {
1340 LARGE_INTEGER FileOffset;
1341 LARGE_INTEGER Length;
1342 } FILE_ALLOCATED_RANGE_BUFFER, *PFILE_ALLOCATED_RANGE_BUFFER;
1343 #endif /* (VER_PRODUCTBUILD >= 2195) */
1344
1345 #define FSRTL_FCB_HEADER_V0 (0x00)
1346 #define FSRTL_FCB_HEADER_V1 (0x01)
1347
1348
1349 typedef struct _FSRTL_COMMON_FCB_HEADER {
1350 CSHORT NodeTypeCode;
1351 CSHORT NodeByteSize;
1352 UCHAR Flags;
1353 UCHAR IsFastIoPossible;
1354 #if (VER_PRODUCTBUILD >= 1381)
1355 UCHAR Flags2;
1356 UCHAR Reserved;
1357 #endif /* (VER_PRODUCTBUILD >= 1381) */
1358 PERESOURCE Resource;
1359 PERESOURCE PagingIoResource;
1360 LARGE_INTEGER AllocationSize;
1361 LARGE_INTEGER FileSize;
1362 LARGE_INTEGER ValidDataLength;
1363 } FSRTL_COMMON_FCB_HEADER, *PFSRTL_COMMON_FCB_HEADER;
1364
1365 typedef enum _FSRTL_COMPARISON_RESULT
1366 {
1367 LessThan = -1,
1368 EqualTo = 0,
1369 GreaterThan = 1
1370 } FSRTL_COMPARISON_RESULT;
1371
1372 #if (VER_PRODUCTBUILD >= 2600)
1373
1374 typedef struct _FSRTL_ADVANCED_FCB_HEADER {
1375 CSHORT NodeTypeCode;
1376 CSHORT NodeByteSize;
1377 UCHAR Flags;
1378 UCHAR IsFastIoPossible;
1379 UCHAR Flags2;
1380 UCHAR Reserved: 4;
1381 UCHAR Version: 4;
1382 PERESOURCE Resource;
1383 PERESOURCE PagingIoResource;
1384 LARGE_INTEGER AllocationSize;
1385 LARGE_INTEGER FileSize;
1386 LARGE_INTEGER ValidDataLength;
1387 PFAST_MUTEX FastMutex;
1388 LIST_ENTRY FilterContexts;
1389 EX_PUSH_LOCK PushLock;
1390 PVOID *FileContextSupportPointer;
1391 } FSRTL_ADVANCED_FCB_HEADER, *PFSRTL_ADVANCED_FCB_HEADER;
1392
1393 typedef struct _FSRTL_PER_STREAM_CONTEXT {
1394 LIST_ENTRY Links;
1395 PVOID OwnerId;
1396 PVOID InstanceId;
1397 PFREE_FUNCTION FreeCallback;
1398 } FSRTL_PER_STREAM_CONTEXT, *PFSRTL_PER_STREAM_CONTEXT;
1399
1400 typedef struct _FSRTL_PER_FILEOBJECT_CONTEXT
1401 {
1402 LIST_ENTRY Links;
1403 PVOID OwnerId;
1404 PVOID InstanceId;
1405 } FSRTL_PER_FILEOBJECT_CONTEXT, *PFSRTL_PER_FILEOBJECT_CONTEXT;
1406
1407 #endif /* (VER_PRODUCTBUILD >= 2600) */
1408
1409 typedef struct _BASE_MCB
1410 {
1411 ULONG MaximumPairCount;
1412 ULONG PairCount;
1413 USHORT PoolType;
1414 USHORT Flags;
1415 PVOID Mapping;
1416 } BASE_MCB, *PBASE_MCB;
1417
1418 typedef struct _LARGE_MCB
1419 {
1420 PKGUARDED_MUTEX GuardedMutex;
1421 BASE_MCB BaseMcb;
1422 } LARGE_MCB, *PLARGE_MCB;
1423
1424 typedef struct _MCB
1425 {
1426 LARGE_MCB DummyFieldThatSizesThisStructureCorrectly;
1427 } MCB, *PMCB;
1428
1429 typedef struct _GENERATE_NAME_CONTEXT {
1430 USHORT Checksum;
1431 BOOLEAN CheckSumInserted;
1432 UCHAR NameLength;
1433 WCHAR NameBuffer[8];
1434 ULONG ExtensionLength;
1435 WCHAR ExtensionBuffer[4];
1436 ULONG LastIndexValue;
1437 } GENERATE_NAME_CONTEXT, *PGENERATE_NAME_CONTEXT;
1438
1439 typedef struct _MAPPING_PAIR {
1440 ULONGLONG Vcn;
1441 ULONGLONG Lcn;
1442 } MAPPING_PAIR, *PMAPPING_PAIR;
1443
1444 typedef struct _GET_RETRIEVAL_DESCRIPTOR {
1445 ULONG NumberOfPairs;
1446 ULONGLONG StartVcn;
1447 MAPPING_PAIR Pair[1];
1448 } GET_RETRIEVAL_DESCRIPTOR, *PGET_RETRIEVAL_DESCRIPTOR;
1449
1450 typedef struct _KQUEUE {
1451 DISPATCHER_HEADER Header;
1452 LIST_ENTRY EntryListHead;
1453 ULONG CurrentCount;
1454 ULONG MaximumCount;
1455 LIST_ENTRY ThreadListHead;
1456 } KQUEUE, *PKQUEUE, *RESTRICTED_POINTER PRKQUEUE;
1457
1458 #define ASSERT_QUEUE(Q) ASSERT(((Q)->Header.Type & KOBJECT_TYPE_MASK) == QueueObject);
1459
1460 typedef struct _MBCB {
1461 CSHORT NodeTypeCode;
1462 CSHORT NodeIsInZone;
1463 ULONG PagesToWrite;
1464 ULONG DirtyPages;
1465 ULONG Reserved;
1466 LIST_ENTRY BitmapRanges;
1467 LONGLONG ResumeWritePage;
1468 BITMAP_RANGE BitmapRange1;
1469 BITMAP_RANGE BitmapRange2;
1470 BITMAP_RANGE BitmapRange3;
1471 } MBCB, *PMBCB;
1472
1473 typedef struct _MOVEFILE_DESCRIPTOR {
1474 HANDLE FileHandle;
1475 ULONG Reserved;
1476 LARGE_INTEGER StartVcn;
1477 LARGE_INTEGER TargetLcn;
1478 ULONG NumVcns;
1479 ULONG Reserved1;
1480 } MOVEFILE_DESCRIPTOR, *PMOVEFILE_DESCRIPTOR;
1481
1482 typedef struct _OBJECT_BASIC_INFO {
1483 ULONG Attributes;
1484 ACCESS_MASK GrantedAccess;
1485 ULONG HandleCount;
1486 ULONG ReferenceCount;
1487 ULONG PagedPoolUsage;
1488 ULONG NonPagedPoolUsage;
1489 ULONG Reserved[3];
1490 ULONG NameInformationLength;
1491 ULONG TypeInformationLength;
1492 ULONG SecurityDescriptorLength;
1493 LARGE_INTEGER CreateTime;
1494 } OBJECT_BASIC_INFO, *POBJECT_BASIC_INFO;
1495
1496 typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFO {
1497 BOOLEAN Inherit;
1498 BOOLEAN ProtectFromClose;
1499 } OBJECT_HANDLE_ATTRIBUTE_INFO, *POBJECT_HANDLE_ATTRIBUTE_INFO;
1500
1501 typedef struct _OBJECT_NAME_INFO {
1502 UNICODE_STRING ObjectName;
1503 WCHAR ObjectNameBuffer[1];
1504 } OBJECT_NAME_INFO, *POBJECT_NAME_INFO;
1505
1506 typedef struct _OBJECT_PROTECTION_INFO {
1507 BOOLEAN Inherit;
1508 BOOLEAN ProtectHandle;
1509 } OBJECT_PROTECTION_INFO, *POBJECT_PROTECTION_INFO;
1510
1511 typedef struct _OBJECT_TYPE_INFO {
1512 UNICODE_STRING ObjectTypeName;
1513 UCHAR Unknown[0x58];
1514 WCHAR ObjectTypeNameBuffer[1];
1515 } OBJECT_TYPE_INFO, *POBJECT_TYPE_INFO;
1516
1517 typedef struct _OBJECT_ALL_TYPES_INFO {
1518 ULONG NumberOfObjectTypes;
1519 OBJECT_TYPE_INFO ObjectsTypeInfo[1];
1520 } OBJECT_ALL_TYPES_INFO, *POBJECT_ALL_TYPES_INFO;
1521
1522
1523 typedef struct _PATHNAME_BUFFER {
1524 ULONG PathNameLength;
1525 WCHAR Name[1];
1526 } PATHNAME_BUFFER, *PPATHNAME_BUFFER;
1527
1528 typedef enum _RTL_GENERIC_COMPARE_RESULTS
1529 {
1530 GenericLessThan,
1531 GenericGreaterThan,
1532 GenericEqual
1533 } RTL_GENERIC_COMPARE_RESULTS;
1534
1535 typedef enum _TABLE_SEARCH_RESULT
1536 {
1537 TableEmptyTree,
1538 TableFoundNode,
1539 TableInsertAsLeft,
1540 TableInsertAsRight
1541 } TABLE_SEARCH_RESULT;
1542
1543 typedef NTSTATUS
1544 (NTAPI *PRTL_AVL_MATCH_FUNCTION)(
1545 struct _RTL_AVL_TABLE *Table,
1546 PVOID UserData,
1547 PVOID MatchData
1548 );
1549
1550 typedef RTL_GENERIC_COMPARE_RESULTS
1551 (NTAPI *PRTL_AVL_COMPARE_ROUTINE) (
1552 struct _RTL_AVL_TABLE *Table,
1553 PVOID FirstStruct,
1554 PVOID SecondStruct
1555 );
1556
1557 typedef RTL_GENERIC_COMPARE_RESULTS
1558 (NTAPI *PRTL_GENERIC_COMPARE_ROUTINE) (
1559 struct _RTL_GENERIC_TABLE *Table,
1560 PVOID FirstStruct,
1561 PVOID SecondStruct
1562 );
1563
1564 typedef PVOID
1565 (NTAPI *PRTL_GENERIC_ALLOCATE_ROUTINE) (
1566 struct _RTL_GENERIC_TABLE *Table,
1567 CLONG ByteSize
1568 );
1569
1570 typedef VOID
1571 (NTAPI *PRTL_GENERIC_FREE_ROUTINE) (
1572 struct _RTL_GENERIC_TABLE *Table,
1573 PVOID Buffer
1574 );
1575
1576 typedef PVOID
1577 (NTAPI *PRTL_AVL_ALLOCATE_ROUTINE) (
1578 struct _RTL_AVL_TABLE *Table,
1579 CLONG ByteSize
1580 );
1581
1582 typedef VOID
1583 (NTAPI *PRTL_AVL_FREE_ROUTINE) (
1584 struct _RTL_AVL_TABLE *Table,
1585 PVOID Buffer
1586 );
1587
1588 typedef struct _PUBLIC_BCB {
1589 CSHORT NodeTypeCode;
1590 CSHORT NodeByteSize;
1591 ULONG MappedLength;
1592 LARGE_INTEGER MappedFileOffset;
1593 } PUBLIC_BCB, *PPUBLIC_BCB;
1594
1595 typedef struct _QUERY_PATH_REQUEST {
1596 ULONG PathNameLength;
1597 PIO_SECURITY_CONTEXT SecurityContext;
1598 WCHAR FilePathName[1];
1599 } QUERY_PATH_REQUEST, *PQUERY_PATH_REQUEST;
1600
1601 typedef struct _QUERY_PATH_RESPONSE {
1602 ULONG LengthAccepted;
1603 } QUERY_PATH_RESPONSE, *PQUERY_PATH_RESPONSE;
1604
1605 typedef struct _RETRIEVAL_POINTERS_BUFFER {
1606 ULONG ExtentCount;
1607 LARGE_INTEGER StartingVcn;
1608 struct {
1609 LARGE_INTEGER NextVcn;
1610 LARGE_INTEGER Lcn;
1611 } Extents[1];
1612 } RETRIEVAL_POINTERS_BUFFER, *PRETRIEVAL_POINTERS_BUFFER;
1613
1614 typedef struct _RTL_SPLAY_LINKS {
1615 struct _RTL_SPLAY_LINKS *Parent;
1616 struct _RTL_SPLAY_LINKS *LeftChild;
1617 struct _RTL_SPLAY_LINKS *RightChild;
1618 } RTL_SPLAY_LINKS, *PRTL_SPLAY_LINKS;
1619
1620 typedef struct _RTL_BALANCED_LINKS
1621 {
1622 struct _RTL_BALANCED_LINKS *Parent;
1623 struct _RTL_BALANCED_LINKS *LeftChild;
1624 struct _RTL_BALANCED_LINKS *RightChild;
1625 CHAR Balance;
1626 UCHAR Reserved[3];
1627 } RTL_BALANCED_LINKS, *PRTL_BALANCED_LINKS;
1628
1629 typedef struct _RTL_GENERIC_TABLE
1630 {
1631 PRTL_SPLAY_LINKS TableRoot;
1632 LIST_ENTRY InsertOrderList;
1633 PLIST_ENTRY OrderedPointer;
1634 ULONG WhichOrderedElement;
1635 ULONG NumberGenericTableElements;
1636 PRTL_GENERIC_COMPARE_ROUTINE CompareRoutine;
1637 PRTL_GENERIC_ALLOCATE_ROUTINE AllocateRoutine;
1638 PRTL_GENERIC_FREE_ROUTINE FreeRoutine;
1639 PVOID TableContext;
1640 } RTL_GENERIC_TABLE, *PRTL_GENERIC_TABLE;
1641
1642 #undef PRTL_GENERIC_COMPARE_ROUTINE
1643 #undef PRTL_GENERIC_ALLOCATE_ROUTINE
1644 #undef PRTL_GENERIC_FREE_ROUTINE
1645 #undef RTL_GENERIC_TABLE
1646 #undef PRTL_GENERIC_TABLE
1647
1648 #define PRTL_GENERIC_COMPARE_ROUTINE PRTL_AVL_COMPARE_ROUTINE
1649 #define PRTL_GENERIC_ALLOCATE_ROUTINE PRTL_AVL_ALLOCATE_ROUTINE
1650 #define PRTL_GENERIC_FREE_ROUTINE PRTL_AVL_FREE_ROUTINE
1651 #define RTL_GENERIC_TABLE RTL_AVL_TABLE
1652 #define PRTL_GENERIC_TABLE PRTL_AVL_TABLE
1653
1654 #define RtlInitializeGenericTable RtlInitializeGenericTableAvl
1655 #define RtlInsertElementGenericTable RtlInsertElementGenericTableAvl
1656 #define RtlInsertElementGenericTableFull RtlInsertElementGenericTableFullAvl
1657 #define RtlDeleteElementGenericTable RtlDeleteElementGenericTableAvl
1658 #define RtlLookupElementGenericTable RtlLookupElementGenericTableAvl
1659 #define RtlLookupElementGenericTableFull RtlLookupElementGenericTableFullAvl
1660 #define RtlEnumerateGenericTable RtlEnumerateGenericTableAvl
1661 #define RtlEnumerateGenericTableWithoutSplaying RtlEnumerateGenericTableWithoutSplayingAvl
1662 #define RtlGetElementGenericTable RtlGetElementGenericTableAvl
1663 #define RtlNumberGenericTableElements RtlNumberGenericTableElementsAvl
1664 #define RtlIsGenericTableEmpty RtlIsGenericTableEmptyAvl
1665
1666 typedef struct _RTL_AVL_TABLE
1667 {
1668 RTL_BALANCED_LINKS BalancedRoot;
1669 PVOID OrderedPointer;
1670 ULONG WhichOrderedElement;
1671 ULONG NumberGenericTableElements;
1672 ULONG DepthOfTree;
1673 PRTL_BALANCED_LINKS RestartKey;
1674 ULONG DeleteCount;
1675 PRTL_AVL_COMPARE_ROUTINE CompareRoutine;
1676 PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine;
1677 PRTL_AVL_FREE_ROUTINE FreeRoutine;
1678 PVOID TableContext;
1679 } RTL_AVL_TABLE, *PRTL_AVL_TABLE;
1680
1681 NTSYSAPI
1682 VOID
1683 NTAPI
1684 RtlInitializeGenericTableAvl(
1685 PRTL_AVL_TABLE Table,
1686 PRTL_AVL_COMPARE_ROUTINE CompareRoutine,
1687 PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine,
1688 PRTL_AVL_FREE_ROUTINE FreeRoutine,
1689 PVOID TableContext
1690 );
1691
1692 NTSYSAPI
1693 PVOID
1694 NTAPI
1695 RtlInsertElementGenericTableAvl (
1696 PRTL_AVL_TABLE Table,
1697 PVOID Buffer,
1698 CLONG BufferSize,
1699 PBOOLEAN NewElement OPTIONAL
1700 );
1701
1702 NTSYSAPI
1703 BOOLEAN
1704 NTAPI
1705 RtlDeleteElementGenericTableAvl (
1706 PRTL_AVL_TABLE Table,
1707 PVOID Buffer
1708 );
1709
1710 NTSYSAPI
1711 PVOID
1712 NTAPI
1713 RtlLookupElementGenericTableAvl (
1714 PRTL_AVL_TABLE Table,
1715 PVOID Buffer
1716 );
1717
1718 NTSYSAPI
1719 PVOID
1720 NTAPI
1721 RtlEnumerateGenericTableWithoutSplayingAvl (
1722 PRTL_AVL_TABLE Table,
1723 PVOID *RestartKey
1724 );
1725
1726 #if defined(USE_LPC6432)
1727 #define LPC_CLIENT_ID CLIENT_ID64
1728 #define LPC_SIZE_T ULONGLONG
1729 #define LPC_PVOID ULONGLONG
1730 #define LPC_HANDLE ULONGLONG
1731 #else
1732 #define LPC_CLIENT_ID CLIENT_ID
1733 #define LPC_SIZE_T SIZE_T
1734 #define LPC_PVOID PVOID
1735 #define LPC_HANDLE HANDLE
1736 #endif
1737
1738 typedef struct _PORT_MESSAGE
1739 {
1740 union
1741 {
1742 struct
1743 {
1744 CSHORT DataLength;
1745 CSHORT TotalLength;
1746 } s1;
1747 ULONG Length;
1748 } u1;
1749 union
1750 {
1751 struct
1752 {
1753 CSHORT Type;
1754 CSHORT DataInfoOffset;
1755 } s2;
1756 ULONG ZeroInit;
1757 } u2;
1758 union
1759 {
1760 LPC_CLIENT_ID ClientId;
1761 double DoNotUseThisField;
1762 };
1763 ULONG MessageId;
1764 union
1765 {
1766 LPC_SIZE_T ClientViewSize;
1767 ULONG CallbackId;
1768 };
1769 } PORT_MESSAGE, *PPORT_MESSAGE;
1770
1771 #define LPC_KERNELMODE_MESSAGE (CSHORT)((USHORT)0x8000)
1772
1773 typedef struct _PORT_VIEW
1774 {
1775 ULONG Length;
1776 LPC_HANDLE SectionHandle;
1777 ULONG SectionOffset;
1778 LPC_SIZE_T ViewSize;
1779 LPC_PVOID ViewBase;
1780 LPC_PVOID ViewRemoteBase;
1781 } PORT_VIEW, *PPORT_VIEW;
1782
1783 typedef struct _REMOTE_PORT_VIEW
1784 {
1785 ULONG Length;
1786 LPC_SIZE_T ViewSize;
1787 LPC_PVOID ViewBase;
1788 } REMOTE_PORT_VIEW, *PREMOTE_PORT_VIEW;
1789
1790 typedef struct _SE_EXPORTS {
1791
1792 LUID SeCreateTokenPrivilege;
1793 LUID SeAssignPrimaryTokenPrivilege;
1794 LUID SeLockMemoryPrivilege;
1795 LUID SeIncreaseQuotaPrivilege;
1796 LUID SeUnsolicitedInputPrivilege;
1797 LUID SeTcbPrivilege;
1798 LUID SeSecurityPrivilege;
1799 LUID SeTakeOwnershipPrivilege;
1800 LUID SeLoadDriverPrivilege;
1801 LUID SeCreatePagefilePrivilege;
1802 LUID SeIncreaseBasePriorityPrivilege;
1803 LUID SeSystemProfilePrivilege;
1804 LUID SeSystemtimePrivilege;
1805 LUID SeProfileSingleProcessPrivilege;
1806 LUID SeCreatePermanentPrivilege;
1807 LUID SeBackupPrivilege;
1808 LUID SeRestorePrivilege;
1809 LUID SeShutdownPrivilege;
1810 LUID SeDebugPrivilege;
1811 LUID SeAuditPrivilege;
1812 LUID SeSystemEnvironmentPrivilege;
1813 LUID SeChangeNotifyPrivilege;
1814 LUID SeRemoteShutdownPrivilege;
1815
1816 PSID SeNullSid;
1817 PSID SeWorldSid;
1818 PSID SeLocalSid;
1819 PSID SeCreatorOwnerSid;
1820 PSID SeCreatorGroupSid;
1821
1822 PSID SeNtAuthoritySid;
1823 PSID SeDialupSid;
1824 PSID SeNetworkSid;
1825 PSID SeBatchSid;
1826 PSID SeInteractiveSid;
1827 PSID SeLocalSystemSid;
1828 PSID SeAliasAdminsSid;
1829 PSID SeAliasUsersSid;
1830 PSID SeAliasGuestsSid;
1831 PSID SeAliasPowerUsersSid;
1832 PSID SeAliasAccountOpsSid;
1833 PSID SeAliasSystemOpsSid;
1834 PSID SeAliasPrintOpsSid;
1835 PSID SeAliasBackupOpsSid;
1836
1837 PSID SeAuthenticatedUsersSid;
1838
1839 PSID SeRestrictedSid;
1840 PSID SeAnonymousLogonSid;
1841
1842 LUID SeUndockPrivilege;
1843 LUID SeSyncAgentPrivilege;
1844 LUID SeEnableDelegationPrivilege;
1845
1846 } SE_EXPORTS, *PSE_EXPORTS;
1847
1848 typedef struct
1849 {
1850 LARGE_INTEGER StartingLcn;
1851 } STARTING_LCN_INPUT_BUFFER, *PSTARTING_LCN_INPUT_BUFFER;
1852
1853 typedef struct _STARTING_VCN_INPUT_BUFFER {
1854 LARGE_INTEGER StartingVcn;
1855 } STARTING_VCN_INPUT_BUFFER, *PSTARTING_VCN_INPUT_BUFFER;
1856
1857 typedef struct _SECURITY_CLIENT_CONTEXT {
1858 SECURITY_QUALITY_OF_SERVICE SecurityQos;
1859 PACCESS_TOKEN ClientToken;
1860 BOOLEAN DirectlyAccessClientToken;
1861 BOOLEAN DirectAccessEffectiveOnly;
1862 BOOLEAN ServerIsRemote;
1863 TOKEN_CONTROL ClientTokenControl;
1864 } SECURITY_CLIENT_CONTEXT, *PSECURITY_CLIENT_CONTEXT;
1865
1866 typedef struct _ACE_HEADER
1867 {
1868 UCHAR AceType;
1869 UCHAR AceFlags;
1870 USHORT AceSize;
1871 } ACE_HEADER, *PACE_HEADER;
1872
1873 typedef struct _ACCESS_ALLOWED_ACE
1874 {
1875 ACE_HEADER Header;
1876 ACCESS_MASK Mask;
1877 ULONG SidStart;
1878 } ACCESS_ALLOWED_ACE, *PACCESS_ALLOWED_ACE;
1879
1880 typedef struct _ACCESS_DENIED_ACE
1881 {
1882 ACE_HEADER Header;
1883 ACCESS_MASK Mask;
1884 ULONG SidStart;
1885 } ACCESS_DENIED_ACE, *PACCESS_DENIED_ACE;
1886
1887 typedef struct _SYSTEM_AUDIT_ACE
1888 {
1889 ACE_HEADER Header;
1890 ACCESS_MASK Mask;
1891 ULONG SidStart;
1892 } SYSTEM_AUDIT_ACE, *PSYSTEM_AUDIT_ACE;
1893
1894 typedef struct _SYSTEM_ALARM_ACE
1895 {
1896 ACE_HEADER Header;
1897 ACCESS_MASK Mask;
1898 ULONG SidStart;
1899 } SYSTEM_ALARM_ACE, *PSYSTEM_ALARM_ACE;
1900
1901 typedef struct _SYSTEM_MANDATORY_LABEL_ACE
1902 {
1903 ACE_HEADER Header;
1904 ACCESS_MASK Mask;
1905 ULONG SidStart;
1906 } SYSTEM_MANDATORY_LABEL_ACE, *PSYSTEM_MANDATORY_LABEL_ACE;
1907
1908 typedef struct _TUNNEL {
1909 FAST_MUTEX Mutex;
1910 PRTL_SPLAY_LINKS Cache;
1911 LIST_ENTRY TimerQueue;
1912 USHORT NumEntries;
1913 } TUNNEL, *PTUNNEL;
1914
1915 typedef struct _VAD_HEADER {
1916 PVOID StartVPN;
1917 PVOID EndVPN;
1918 PVAD_HEADER ParentLink;
1919 PVAD_HEADER LeftLink;
1920 PVAD_HEADER RightLink;
1921 ULONG Flags; /* LSB = CommitCharge */
1922 PVOID ControlArea;
1923 PVOID FirstProtoPte;
1924 PVOID LastPTE;
1925 ULONG Unknown;
1926 LIST_ENTRY Secured;
1927 } VAD_HEADER, *PVAD_HEADER;
1928
1929 typedef struct
1930 {
1931 LARGE_INTEGER StartingLcn;
1932 LARGE_INTEGER BitmapSize;
1933 UCHAR Buffer[1];
1934 } VOLUME_BITMAP_BUFFER, *PVOLUME_BITMAP_BUFFER;
1935
1936 #if (VER_PRODUCTBUILD >= 2600)
1937
1938 typedef BOOLEAN
1939 (NTAPI *PFILTER_REPORT_CHANGE) (
1940 IN PVOID NotifyContext,
1941 IN PVOID FilterContext
1942 );
1943
1944 typedef enum _FS_FILTER_SECTION_SYNC_TYPE {
1945 SyncTypeOther = 0,
1946 SyncTypeCreateSection
1947 } FS_FILTER_SECTION_SYNC_TYPE, *PFS_FILTER_SECTION_SYNC_TYPE;
1948
1949 typedef enum _FS_FILTER_STREAM_FO_NOTIFICATION_TYPE {
1950 NotifyTypeCreate = 0,
1951 NotifyTypeRetired
1952 } FS_FILTER_STREAM_FO_NOTIFICATION_TYPE, *PFS_FILTER_STREAM_FO_NOTIFICATION_TYPE;
1953
1954 typedef union _FS_FILTER_PARAMETERS {
1955 struct {
1956 PLARGE_INTEGER EndingOffset;
1957 PERESOURCE *ResourceToRelease;
1958 } AcquireForModifiedPageWriter;
1959
1960 struct {
1961 PERESOURCE ResourceToRelease;
1962 } ReleaseForModifiedPageWriter;
1963
1964 struct {
1965 FS_FILTER_SECTION_SYNC_TYPE SyncType;
1966 ULONG PageProtection;
1967 } AcquireForSectionSynchronization;
1968
1969 struct {
1970 FS_FILTER_STREAM_FO_NOTIFICATION_TYPE NotificationType;
1971 BOOLEAN POINTER_ALIGNMENT SafeToRecurse;
1972 } NotifyStreamFileObject;
1973
1974 struct {
1975 PVOID Argument1;
1976 PVOID Argument2;
1977 PVOID Argument3;
1978 PVOID Argument4;
1979 PVOID Argument5;
1980 } Others;
1981 } FS_FILTER_PARAMETERS, *PFS_FILTER_PARAMETERS;
1982
1983 typedef struct _FS_FILTER_CALLBACK_DATA {
1984 ULONG SizeOfFsFilterCallbackData;
1985 UCHAR Operation;
1986 UCHAR Reserved;
1987 struct _DEVICE_OBJECT *DeviceObject;
1988 struct _FILE_OBJECT *FileObject;
1989 FS_FILTER_PARAMETERS Parameters;
1990 } FS_FILTER_CALLBACK_DATA, *PFS_FILTER_CALLBACK_DATA;
1991
1992 typedef NTSTATUS
1993 (NTAPI *PFS_FILTER_CALLBACK) (
1994 IN PFS_FILTER_CALLBACK_DATA Data,
1995 OUT PVOID *CompletionContext
1996 );
1997
1998 typedef VOID
1999 (NTAPI *PFS_FILTER_COMPLETION_CALLBACK) (
2000 IN PFS_FILTER_CALLBACK_DATA Data,
2001 IN NTSTATUS OperationStatus,
2002 IN PVOID CompletionContext
2003 );
2004
2005 typedef struct _FS_FILTER_CALLBACKS {
2006 ULONG SizeOfFsFilterCallbacks;
2007 ULONG Reserved;
2008 PFS_FILTER_CALLBACK PreAcquireForSectionSynchronization;
2009 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForSectionSynchronization;
2010 PFS_FILTER_CALLBACK PreReleaseForSectionSynchronization;
2011 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForSectionSynchronization;
2012 PFS_FILTER_CALLBACK PreAcquireForCcFlush;
2013 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForCcFlush;
2014 PFS_FILTER_CALLBACK PreReleaseForCcFlush;
2015 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForCcFlush;
2016 PFS_FILTER_CALLBACK PreAcquireForModifiedPageWriter;
2017 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForModifiedPageWriter;
2018 PFS_FILTER_CALLBACK PreReleaseForModifiedPageWriter;
2019 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForModifiedPageWriter;
2020 } FS_FILTER_CALLBACKS, *PFS_FILTER_CALLBACKS;
2021
2022 typedef struct _READ_LIST {
2023 PFILE_OBJECT FileObject;
2024 ULONG NumberOfEntries;
2025 LOGICAL IsImage;
2026 FILE_SEGMENT_ELEMENT List[ANYSIZE_ARRAY];
2027 } READ_LIST, *PREAD_LIST;
2028
2029 #endif
2030
2031 typedef NTSTATUS
2032 (NTAPI * PRTL_HEAP_COMMIT_ROUTINE) (
2033 IN PVOID Base,
2034 IN OUT PVOID *CommitAddress,
2035 IN OUT PSIZE_T CommitSize
2036 );
2037
2038 typedef struct _RTL_HEAP_PARAMETERS {
2039 ULONG Length;
2040 SIZE_T SegmentReserve;
2041 SIZE_T SegmentCommit;
2042 SIZE_T DeCommitFreeBlockThreshold;
2043 SIZE_T DeCommitTotalFreeThreshold;
2044 SIZE_T MaximumAllocationSize;
2045 SIZE_T VirtualMemoryThreshold;
2046 SIZE_T InitialCommit;
2047 SIZE_T InitialReserve;
2048 PRTL_HEAP_COMMIT_ROUTINE CommitRoutine;
2049 SIZE_T Reserved[2];
2050 } RTL_HEAP_PARAMETERS, *PRTL_HEAP_PARAMETERS;
2051
2052 NTKERNELAPI
2053 BOOLEAN
2054 NTAPI
2055 CcCanIWrite (
2056 IN PFILE_OBJECT FileObject,
2057 IN ULONG BytesToWrite,
2058 IN BOOLEAN Wait,
2059 IN BOOLEAN Retrying
2060 );
2061
2062 NTKERNELAPI
2063 BOOLEAN
2064 NTAPI
2065 CcCopyRead (
2066 IN PFILE_OBJECT FileObject,
2067 IN PLARGE_INTEGER FileOffset,
2068 IN ULONG Length,
2069 IN BOOLEAN Wait,
2070 OUT PVOID Buffer,
2071 OUT PIO_STATUS_BLOCK IoStatus
2072 );
2073
2074 NTKERNELAPI
2075 BOOLEAN
2076 NTAPI
2077 CcCopyWrite (
2078 IN PFILE_OBJECT FileObject,
2079 IN PLARGE_INTEGER FileOffset,
2080 IN ULONG Length,
2081 IN BOOLEAN Wait,
2082 IN PVOID Buffer
2083 );
2084
2085 #define CcCopyWriteWontFlush(FO, FOFF, LEN) ((LEN) <= 0x10000)
2086
2087 typedef VOID (NTAPI *PCC_POST_DEFERRED_WRITE) (
2088 IN PVOID Context1,
2089 IN PVOID Context2
2090 );
2091
2092 NTKERNELAPI
2093 VOID
2094 NTAPI
2095 CcDeferWrite (
2096 IN PFILE_OBJECT FileObject,
2097 IN PCC_POST_DEFERRED_WRITE PostRoutine,
2098 IN PVOID Context1,
2099 IN PVOID Context2,
2100 IN ULONG BytesToWrite,
2101 IN BOOLEAN Retrying
2102 );
2103
2104 NTKERNELAPI
2105 VOID
2106 NTAPI
2107 CcFastCopyRead (
2108 IN PFILE_OBJECT FileObject,
2109 IN ULONG FileOffset,
2110 IN ULONG Length,
2111 IN ULONG PageCount,
2112 OUT PVOID Buffer,
2113 OUT PIO_STATUS_BLOCK IoStatus
2114 );
2115
2116 NTKERNELAPI
2117 VOID
2118 NTAPI
2119 CcFastCopyWrite (
2120 IN PFILE_OBJECT FileObject,
2121 IN ULONG FileOffset,
2122 IN ULONG Length,
2123 IN PVOID Buffer
2124 );
2125
2126 NTKERNELAPI
2127 VOID
2128 NTAPI
2129 CcFlushCache (
2130 IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
2131 IN PLARGE_INTEGER FileOffset OPTIONAL,
2132 IN ULONG Length,
2133 OUT PIO_STATUS_BLOCK IoStatus OPTIONAL
2134 );
2135
2136 typedef VOID (*PDIRTY_PAGE_ROUTINE) (
2137 IN PFILE_OBJECT FileObject,
2138 IN PLARGE_INTEGER FileOffset,
2139 IN ULONG Length,
2140 IN PLARGE_INTEGER OldestLsn,
2141 IN PLARGE_INTEGER NewestLsn,
2142 IN PVOID Context1,
2143 IN PVOID Context2
2144 );
2145
2146 NTKERNELAPI
2147 LARGE_INTEGER
2148 NTAPI
2149 CcGetDirtyPages (
2150 IN PVOID LogHandle,
2151 IN PDIRTY_PAGE_ROUTINE DirtyPageRoutine,
2152 IN PVOID Context1,
2153 IN PVOID Context2
2154 );
2155
2156 NTKERNELAPI
2157 PFILE_OBJECT
2158 NTAPI
2159 CcGetFileObjectFromBcb (
2160 IN PVOID Bcb
2161 );
2162
2163 NTKERNELAPI
2164 PFILE_OBJECT
2165 NTAPI
2166 CcGetFileObjectFromSectionPtrs (
2167 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
2168 );
2169
2170 #define CcGetFileSizePointer(FO) ( \
2171 ((PLARGE_INTEGER)((FO)->SectionObjectPointer->SharedCacheMap) + 1) \
2172 )
2173
2174 #if (VER_PRODUCTBUILD >= 2195)
2175
2176 NTKERNELAPI
2177 LARGE_INTEGER
2178 NTAPI
2179 CcGetFlushedValidData (
2180 IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
2181 IN BOOLEAN BcbListHeld
2182 );
2183
2184 #endif /* (VER_PRODUCTBUILD >= 2195) */
2185
2186 NTKERNELAPI
2187 LARGE_INTEGER
2188 NTAPI
2189 CcGetLsnForFileObject (
2190 IN PFILE_OBJECT FileObject,
2191 OUT PLARGE_INTEGER OldestLsn OPTIONAL
2192 );
2193
2194 typedef BOOLEAN (NTAPI *PACQUIRE_FOR_LAZY_WRITE) (
2195 IN PVOID Context,
2196 IN BOOLEAN Wait
2197 );
2198
2199 typedef VOID (NTAPI *PRELEASE_FROM_LAZY_WRITE) (
2200 IN PVOID Context
2201 );
2202
2203 typedef BOOLEAN (NTAPI *PACQUIRE_FOR_READ_AHEAD) (
2204 IN PVOID Context,
2205 IN BOOLEAN Wait
2206 );
2207
2208 typedef VOID (NTAPI *PRELEASE_FROM_READ_AHEAD) (
2209 IN PVOID Context
2210 );
2211
2212 typedef struct _CACHE_MANAGER_CALLBACKS {
2213 PACQUIRE_FOR_LAZY_WRITE AcquireForLazyWrite;
2214 PRELEASE_FROM_LAZY_WRITE ReleaseFromLazyWrite;
2215 PACQUIRE_FOR_READ_AHEAD AcquireForReadAhead;
2216 PRELEASE_FROM_READ_AHEAD ReleaseFromReadAhead;
2217 } CACHE_MANAGER_CALLBACKS, *PCACHE_MANAGER_CALLBACKS;
2218
2219 NTKERNELAPI
2220 VOID
2221 NTAPI
2222 CcInitializeCacheMap (
2223 IN PFILE_OBJECT FileObject,
2224 IN PCC_FILE_SIZES FileSizes,
2225 IN BOOLEAN PinAccess,
2226 IN PCACHE_MANAGER_CALLBACKS Callbacks,
2227 IN PVOID LazyWriteContext
2228 );
2229
2230 #define CcIsFileCached(FO) ( \
2231 ((FO)->SectionObjectPointer != NULL) && \
2232 (((PSECTION_OBJECT_POINTERS)(FO)->SectionObjectPointer)->SharedCacheMap != NULL) \
2233 )
2234
2235 extern ULONG CcFastMdlReadWait;
2236
2237 NTKERNELAPI
2238 BOOLEAN
2239 NTAPI
2240 CcIsThereDirtyData (
2241 IN PVPB Vpb
2242 );
2243
2244 NTKERNELAPI
2245 BOOLEAN
2246 NTAPI
2247 CcMapData (
2248 IN PFILE_OBJECT FileObject,
2249 IN PLARGE_INTEGER FileOffset,
2250 IN ULONG Length,
2251 IN ULONG Flags,
2252 OUT PVOID *Bcb,
2253 OUT PVOID *Buffer
2254 );
2255
2256 NTKERNELAPI
2257 VOID
2258 NTAPI
2259 CcMdlRead (
2260 IN PFILE_OBJECT FileObject,
2261 IN PLARGE_INTEGER FileOffset,
2262 IN ULONG Length,
2263 OUT PMDL *MdlChain,
2264 OUT PIO_STATUS_BLOCK IoStatus
2265 );
2266
2267 NTKERNELAPI
2268 VOID
2269 NTAPI
2270 CcMdlReadComplete (
2271 IN PFILE_OBJECT FileObject,
2272 IN PMDL MdlChain
2273 );
2274
2275 NTKERNELAPI
2276 VOID
2277 NTAPI
2278 CcMdlWriteComplete (
2279 IN PFILE_OBJECT FileObject,
2280 IN PLARGE_INTEGER FileOffset,
2281 IN PMDL MdlChain
2282 );
2283
2284 #define MAP_WAIT 1
2285
2286 NTKERNELAPI
2287 BOOLEAN
2288 NTAPI
2289 CcPinMappedData (
2290 IN PFILE_OBJECT FileObject,
2291 IN PLARGE_INTEGER FileOffset,
2292 IN ULONG Length,
2293 IN ULONG Flags,
2294 IN OUT PVOID *Bcb
2295 );
2296
2297 NTKERNELAPI
2298 BOOLEAN
2299 NTAPI
2300 CcPinRead (
2301 IN PFILE_OBJECT FileObject,
2302 IN PLARGE_INTEGER FileOffset,
2303 IN ULONG Length,
2304 IN ULONG Flags,
2305 OUT PVOID *Bcb,
2306 OUT PVOID *Buffer
2307 );
2308
2309 NTKERNELAPI
2310 VOID
2311 NTAPI
2312 CcPrepareMdlWrite (
2313 IN PFILE_OBJECT FileObject,
2314 IN PLARGE_INTEGER FileOffset,
2315 IN ULONG Length,
2316 OUT PMDL *MdlChain,
2317 OUT PIO_STATUS_BLOCK IoStatus
2318 );
2319
2320 NTKERNELAPI
2321 BOOLEAN
2322 NTAPI
2323 CcPreparePinWrite (
2324 IN PFILE_OBJECT FileObject,
2325 IN PLARGE_INTEGER FileOffset,
2326 IN ULONG Length,
2327 IN BOOLEAN Zero,
2328 IN ULONG Flags,
2329 OUT PVOID *Bcb,
2330 OUT PVOID *Buffer
2331 );
2332
2333 NTKERNELAPI
2334 BOOLEAN
2335 NTAPI
2336 CcPurgeCacheSection (
2337 IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
2338 IN PLARGE_INTEGER FileOffset OPTIONAL,
2339 IN ULONG Length,
2340 IN BOOLEAN UninitializeCacheMaps
2341 );
2342
2343 #define CcReadAhead(FO, FOFF, LEN) ( \
2344 if ((LEN) >= 256) { \
2345 CcScheduleReadAhead((FO), (FOFF), (LEN)); \
2346 } \
2347 )
2348
2349 #if (VER_PRODUCTBUILD >= 2195)
2350
2351 NTKERNELAPI
2352 PVOID
2353 NTAPI
2354 CcRemapBcb (
2355 IN PVOID Bcb
2356 );
2357
2358 #endif /* (VER_PRODUCTBUILD >= 2195) */
2359
2360 NTKERNELAPI
2361 VOID
2362 NTAPI
2363 CcRepinBcb (
2364 IN PVOID Bcb
2365 );
2366
2367 NTKERNELAPI
2368 VOID
2369 NTAPI
2370 CcScheduleReadAhead (
2371 IN PFILE_OBJECT FileObject,
2372 IN PLARGE_INTEGER FileOffset,
2373 IN ULONG Length
2374 );
2375
2376 NTKERNELAPI
2377 VOID
2378 NTAPI
2379 CcSetAdditionalCacheAttributes (
2380 IN PFILE_OBJECT FileObject,
2381 IN BOOLEAN DisableReadAhead,
2382 IN BOOLEAN DisableWriteBehind
2383 );
2384
2385 NTKERNELAPI
2386 VOID
2387 NTAPI
2388 CcSetBcbOwnerPointer (
2389 IN PVOID Bcb,
2390 IN PVOID OwnerPointer
2391 );
2392
2393 NTKERNELAPI
2394 VOID
2395 NTAPI
2396 CcSetDirtyPageThreshold (
2397 IN PFILE_OBJECT FileObject,
2398 IN ULONG DirtyPageThreshold
2399 );
2400
2401 NTKERNELAPI
2402 VOID
2403 NTAPI
2404 CcSetDirtyPinnedData (
2405 IN PVOID BcbVoid,
2406 IN PLARGE_INTEGER Lsn OPTIONAL
2407 );
2408
2409 NTKERNELAPI
2410 VOID
2411 NTAPI
2412 CcSetFileSizes (
2413 IN PFILE_OBJECT FileObject,
2414 IN PCC_FILE_SIZES FileSizes
2415 );
2416
2417 typedef VOID (NTAPI *PFLUSH_TO_LSN) (
2418 IN PVOID LogHandle,
2419 IN LARGE_INTEGER Lsn
2420 );
2421
2422 NTKERNELAPI
2423 VOID
2424 NTAPI
2425 CcSetLogHandleForFile (
2426 IN PFILE_OBJECT FileObject,
2427 IN PVOID LogHandle,
2428 IN PFLUSH_TO_LSN FlushToLsnRoutine
2429 );
2430
2431 NTKERNELAPI
2432 VOID
2433 NTAPI
2434 CcSetReadAheadGranularity (
2435 IN PFILE_OBJECT FileObject,
2436 IN ULONG Granularity /* default: PAGE_SIZE */
2437 /* allowed: 2^n * PAGE_SIZE */
2438 );
2439
2440 NTKERNELAPI
2441 BOOLEAN
2442 NTAPI
2443 CcUninitializeCacheMap (
2444 IN PFILE_OBJECT FileObject,
2445 IN PLARGE_INTEGER TruncateSize OPTIONAL,
2446 IN PCACHE_UNINITIALIZE_EVENT UninitializeCompleteEvent OPTIONAL
2447 );
2448
2449 NTKERNELAPI
2450 VOID
2451 NTAPI
2452 CcUnpinData (
2453 IN PVOID Bcb
2454 );
2455
2456 NTKERNELAPI
2457 VOID
2458 NTAPI
2459 CcUnpinDataForThread (
2460 IN PVOID Bcb,
2461 IN ERESOURCE_THREAD ResourceThreadId
2462 );
2463
2464 NTKERNELAPI
2465 VOID
2466 NTAPI
2467 CcUnpinRepinnedBcb (
2468 IN PVOID Bcb,
2469 IN BOOLEAN WriteThrough,
2470 OUT PIO_STATUS_BLOCK IoStatus
2471 );
2472
2473 #if (VER_PRODUCTBUILD >= 2195)
2474
2475 NTKERNELAPI
2476 NTSTATUS
2477 NTAPI
2478 CcWaitForCurrentLazyWriterActivity (
2479 VOID
2480 );
2481
2482 #endif /* (VER_PRODUCTBUILD >= 2195) */
2483
2484 NTKERNELAPI
2485 BOOLEAN
2486 NTAPI
2487 CcZeroData (
2488 IN PFILE_OBJECT FileObject,
2489 IN PLARGE_INTEGER StartOffset,
2490 IN PLARGE_INTEGER EndOffset,
2491 IN BOOLEAN Wait
2492 );
2493
2494 NTKERNELAPI
2495 VOID
2496 NTAPI
2497 ExDisableResourceBoostLite (
2498 IN PERESOURCE Resource
2499 );
2500
2501 NTKERNELAPI
2502 ULONG
2503 NTAPI
2504 ExQueryPoolBlockSize (
2505 IN PVOID PoolBlock,
2506 OUT PBOOLEAN QuotaCharged
2507 );
2508
2509 #if (VER_PRODUCTBUILD >= 2600)
2510
2511 #ifndef __NTOSKRNL__
2512 NTKERNELAPI
2513 VOID
2514 FASTCALL
2515 ExInitializeRundownProtection (
2516 IN PEX_RUNDOWN_REF RunRef
2517 );
2518
2519 NTKERNELAPI
2520 VOID
2521 FASTCALL
2522 ExReInitializeRundownProtection (
2523 IN PEX_RUNDOWN_REF RunRef
2524 );
2525
2526 NTKERNELAPI
2527 BOOLEAN
2528 FASTCALL
2529 ExAcquireRundownProtection (
2530 IN PEX_RUNDOWN_REF RunRef
2531 );
2532
2533 NTKERNELAPI
2534 BOOLEAN
2535 FASTCALL
2536 ExAcquireRundownProtectionEx (
2537 IN PEX_RUNDOWN_REF RunRef,
2538 IN ULONG Count
2539 );
2540
2541 NTKERNELAPI
2542 VOID
2543 FASTCALL
2544 ExReleaseRundownProtection (
2545 IN PEX_RUNDOWN_REF RunRef
2546 );
2547
2548 NTKERNELAPI
2549 VOID
2550 FASTCALL
2551 ExReleaseRundownProtectionEx (
2552 IN PEX_RUNDOWN_REF RunRef,
2553 IN ULONG Count
2554 );
2555
2556 NTKERNELAPI
2557 VOID
2558 FASTCALL
2559 ExRundownCompleted (
2560 IN PEX_RUNDOWN_REF RunRef
2561 );
2562
2563 NTKERNELAPI
2564 VOID
2565 FASTCALL
2566 ExWaitForRundownProtectionRelease (
2567 IN PEX_RUNDOWN_REF RunRef
2568 );
2569
2570 #endif
2571 #endif /* (VER_PRODUCTBUILD >= 2600) */
2572
2573
2574 #define FsRtlSetupAdvancedHeader( _advhdr, _fmutx ) \
2575 { \
2576 SetFlag( (_advhdr)->Flags, FSRTL_FLAG_ADVANCED_HEADER ); \
2577 SetFlag( (_advhdr)->Flags2, FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS ); \
2578 (_advhdr)->Version = FSRTL_FCB_HEADER_V1; \
2579 InitializeListHead( &(_advhdr)->FilterContexts ); \
2580 if ((_fmutx) != NULL) { \
2581 (_advhdr)->FastMutex = (_fmutx); \
2582 } \
2583 *((PULONG_PTR)(&(_advhdr)->PushLock)) = 0; \
2584 /*ExInitializePushLock( &(_advhdr)->PushLock ); API Not avaliable downlevel*/\
2585 (_advhdr)->FileContextSupportPointer = NULL; \
2586 }
2587
2588 #define FlagOn(x, f) ((x) & (f))
2589
2590 NTKERNELAPI
2591 VOID
2592 NTAPI
2593 FsRtlAddToTunnelCache (
2594 IN PTUNNEL Cache,
2595 IN ULONGLONG DirectoryKey,
2596 IN PUNICODE_STRING ShortName,
2597 IN PUNICODE_STRING LongName,
2598 IN BOOLEAN KeyByShortName,
2599 IN ULONG DataLength,
2600 IN PVOID Data
2601 );
2602
2603 #if (VER_PRODUCTBUILD >= 2195)
2604
2605 PFILE_LOCK
2606 NTAPI
2607 FsRtlAllocateFileLock (
2608 IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL,
2609 IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL
2610 );
2611
2612 #endif /* (VER_PRODUCTBUILD >= 2195) */
2613
2614 NTKERNELAPI
2615 PVOID
2616 NTAPI
2617 FsRtlAllocatePool (
2618 IN POOL_TYPE PoolType,
2619 IN ULONG NumberOfBytes
2620 );
2621
2622 NTKERNELAPI
2623 PVOID
2624 NTAPI
2625 FsRtlAllocatePoolWithQuota (
2626 IN POOL_TYPE PoolType,
2627 IN ULONG NumberOfBytes
2628 );
2629
2630 NTKERNELAPI
2631 PVOID
2632 NTAPI
2633 FsRtlAllocatePoolWithQuotaTag (
2634 IN POOL_TYPE PoolType,
2635 IN ULONG NumberOfBytes,
2636 IN ULONG Tag
2637 );
2638
2639 NTKERNELAPI
2640 PVOID
2641 NTAPI
2642 FsRtlAllocatePoolWithTag (
2643 IN POOL_TYPE PoolType,
2644 IN ULONG NumberOfBytes,
2645 IN ULONG Tag
2646 );
2647
2648 NTKERNELAPI
2649 BOOLEAN
2650 NTAPI
2651 FsRtlAreNamesEqual (
2652 IN PCUNICODE_STRING Name1,
2653 IN PCUNICODE_STRING Name2,
2654 IN BOOLEAN IgnoreCase,
2655 IN PCWCH UpcaseTable OPTIONAL
2656 );
2657
2658 #define FsRtlAreThereCurrentFileLocks(FL) ( \
2659 ((FL)->FastIoIsQuestionable) \
2660 )
2661
2662 /*
2663 FsRtlCheckLockForReadAccess:
2664
2665 All this really does is pick out the lock parameters from the irp (io stack
2666 location?), get IoGetRequestorProcess, and pass values on to
2667 FsRtlFastCheckLockForRead.
2668 */
2669 NTKERNELAPI
2670 BOOLEAN
2671 NTAPI
2672 FsRtlCheckLockForReadAccess (
2673 IN PFILE_LOCK FileLock,
2674 IN PIRP Irp
2675 );
2676
2677 /*
2678 FsRtlCheckLockForWriteAccess:
2679
2680 All this really does is pick out the lock parameters from the irp (io stack
2681 location?), get IoGetRequestorProcess, and pass values on to
2682 FsRtlFastCheckLockForWrite.
2683 */
2684 NTKERNELAPI
2685 BOOLEAN
2686 NTAPI
2687 FsRtlCheckLockForWriteAccess (
2688 IN PFILE_LOCK FileLock,
2689 IN PIRP Irp
2690 );
2691
2692 typedef
2693 VOID
2694 (NTAPI*POPLOCK_WAIT_COMPLETE_ROUTINE) (
2695 IN PVOID Context,
2696 IN PIRP Irp
2697 );
2698
2699 typedef
2700 VOID
2701 (NTAPI*POPLOCK_FS_PREPOST_IRP) (
2702 IN PVOID Context,
2703 IN PIRP Irp
2704 );
2705
2706 NTKERNELAPI
2707 NTSTATUS
2708 NTAPI
2709 FsRtlCheckOplock (
2710 IN POPLOCK Oplock,
2711 IN PIRP Irp,
2712 IN PVOID Context,
2713 IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL,
2714 IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL
2715 );
2716
2717 NTKERNELAPI
2718 BOOLEAN
2719 NTAPI
2720 FsRtlCopyRead (
2721 IN PFILE_OBJECT FileObject,
2722 IN PLARGE_INTEGER FileOffset,
2723 IN ULONG Length,
2724 IN BOOLEAN Wait,
2725 IN ULONG LockKey,
2726 OUT PVOID Buffer,
2727 OUT PIO_STATUS_BLOCK IoStatus,
2728 IN PDEVICE_OBJECT DeviceObject
2729 );
2730
2731 NTKERNELAPI
2732 BOOLEAN
2733 NTAPI
2734 FsRtlCopyWrite (
2735 IN PFILE_OBJECT FileObject,
2736 IN PLARGE_INTEGER FileOffset,
2737 IN ULONG Length,
2738 IN BOOLEAN Wait,
2739 IN ULONG LockKey,
2740 IN PVOID Buffer,
2741 OUT PIO_STATUS_BLOCK IoStatus,
2742 IN PDEVICE_OBJECT DeviceObject
2743 );
2744
2745 NTSYSAPI
2746 PVOID
2747 NTAPI
2748 RtlCreateHeap (
2749 IN ULONG Flags,
2750 IN PVOID HeapBase OPTIONAL,
2751 IN SIZE_T ReserveSize OPTIONAL,
2752 IN SIZE_T CommitSize OPTIONAL,
2753 IN PVOID Lock OPTIONAL,
2754 IN PRTL_HEAP_PARAMETERS Parameters OPTIONAL
2755 );
2756
2757 NTKERNELAPI
2758 BOOLEAN
2759 NTAPI
2760 FsRtlCurrentBatchOplock (
2761 IN POPLOCK Oplock
2762 );
2763
2764 NTKERNELAPI
2765 VOID
2766 NTAPI
2767 FsRtlDeleteKeyFromTunnelCache (
2768 IN PTUNNEL Cache,
2769 IN ULONGLONG DirectoryKey
2770 );
2771
2772 NTKERNELAPI
2773 VOID
2774 NTAPI
2775 FsRtlDeleteTunnelCache (
2776 IN PTUNNEL Cache
2777 );
2778
2779 NTKERNELAPI
2780 VOID
2781 NTAPI
2782 FsRtlDeregisterUncProvider (
2783 IN HANDLE Handle
2784 );
2785
2786 NTSYSAPI
2787 PVOID
2788 NTAPI
2789 RtlDestroyHeap(
2790 IN PVOID HeapHandle
2791 );
2792
2793 NTKERNELAPI
2794 VOID
2795 NTAPI
2796 FsRtlDissectDbcs (
2797 IN ANSI_STRING Name,
2798 OUT PANSI_STRING FirstPart,
2799 OUT PANSI_STRING RemainingPart
2800 );
2801
2802 NTKERNELAPI
2803 VOID
2804 NTAPI
2805 FsRtlDissectName (
2806 IN UNICODE_STRING Name,
2807 OUT PUNICODE_STRING FirstPart,
2808 OUT PUNICODE_STRING RemainingPart
2809 );
2810
2811 NTKERNELAPI
2812 BOOLEAN
2813 NTAPI
2814 FsRtlDoesDbcsContainWildCards (
2815 IN PANSI_STRING Name
2816 );
2817
2818 NTKERNELAPI
2819 BOOLEAN
2820 NTAPI
2821 FsRtlDoesNameContainWildCards (
2822 IN PUNICODE_STRING Name
2823 );
2824
2825 NTKERNELAPI
2826 BOOLEAN
2827 NTAPI
2828 FsRtlIsFatDbcsLegal (
2829 IN ANSI_STRING DbcsName,
2830 IN BOOLEAN WildCardsPermissible,
2831 IN BOOLEAN PathNamePermissible,
2832 IN BOOLEAN LeadingBackslashPermissible
2833 );
2834
2835
2836 #define FsRtlCompleteRequest(IRP,STATUS) { \
2837 (IRP)->IoStatus.Status = (STATUS); \
2838 IoCompleteRequest( (IRP), IO_DISK_INCREMENT ); \
2839 }
2840
2841 #define FsRtlEnterFileSystem KeEnterCriticalRegion
2842
2843 #define FsRtlExitFileSystem KeLeaveCriticalRegion
2844
2845 NTKERNELAPI
2846 BOOLEAN
2847 NTAPI
2848 FsRtlFastCheckLockForRead (
2849 IN PFILE_LOCK FileLock,
2850 IN PLARGE_INTEGER FileOffset,
2851 IN PLARGE_INTEGER Length,
2852 IN ULONG Key,
2853 IN PFILE_OBJECT FileObject,
2854 IN PEPROCESS Process
2855 );
2856
2857 NTKERNELAPI
2858 BOOLEAN
2859 NTAPI
2860 FsRtlFastCheckLockForWrite (
2861 IN PFILE_LOCK FileLock,
2862 IN PLARGE_INTEGER FileOffset,
2863 IN PLARGE_INTEGER Length,
2864 IN ULONG Key,
2865 IN PFILE_OBJECT FileObject,
2866 IN PEPROCESS Process
2867 );
2868
2869 #define FsRtlFastLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, A10, A11) ( \
2870 FsRtlPrivateLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, NULL, A10, A11) \
2871 )
2872
2873 NTKERNELAPI
2874 NTSTATUS
2875 NTAPI
2876 FsRtlFastUnlockAll (
2877 IN PFILE_LOCK FileLock,
2878 IN PFILE_OBJECT FileObject,
2879 IN PEPROCESS Process,
2880 IN PVOID Context OPTIONAL
2881 );
2882 /* ret: STATUS_RANGE_NOT_LOCKED */
2883
2884 NTKERNELAPI
2885 NTSTATUS
2886 NTAPI
2887 FsRtlFastUnlockAllByKey (
2888 IN PFILE_LOCK FileLock,
2889 IN PFILE_OBJECT FileObject,
2890 IN PEPROCESS Process,
2891 IN ULONG Key,
2892 IN PVOID Context OPTIONAL
2893 );
2894 /* ret: STATUS_RANGE_NOT_LOCKED */
2895
2896 NTKERNELAPI
2897 NTSTATUS
2898 NTAPI
2899 FsRtlFastUnlockSingle (
2900 IN PFILE_LOCK FileLock,
2901 IN PFILE_OBJECT FileObject,
2902 IN PLARGE_INTEGER FileOffset,
2903 IN PLARGE_INTEGER Length,
2904 IN PEPROCESS Process,
2905 IN ULONG Key,
2906 IN PVOID Context OPTIONAL,
2907 IN BOOLEAN AlreadySynchronized
2908 );
2909 /* ret: STATUS_RANGE_NOT_LOCKED */
2910
2911 NTKERNELAPI
2912 BOOLEAN
2913 NTAPI
2914 FsRtlFindInTunnelCache (
2915 IN PTUNNEL Cache,
2916 IN ULONGLONG DirectoryKey,
2917 IN PUNICODE_STRING Name,
2918 OUT PUNICODE_STRING ShortName,
2919 OUT PUNICODE_STRING LongName,
2920 IN OUT PULONG DataLength,
2921 OUT PVOID Data
2922 );
2923
2924 #if (VER_PRODUCTBUILD >= 2195)
2925
2926 NTKERNELAPI
2927 VOID
2928 NTAPI
2929 FsRtlFreeFileLock (
2930 IN PFILE_LOCK FileLock
2931 );
2932
2933 #endif /* (VER_PRODUCTBUILD >= 2195) */
2934
2935 NTKERNELAPI
2936 NTSTATUS
2937 NTAPI
2938 FsRtlGetFileSize (
2939 IN PFILE_OBJECT FileObject,
2940 IN OUT PLARGE_INTEGER FileSize
2941 );
2942
2943 /*
2944 FsRtlGetNextFileLock:
2945
2946 ret: NULL if no more locks
2947
2948 Internals:
2949 FsRtlGetNextFileLock uses FileLock->LastReturnedLockInfo and
2950 FileLock->LastReturnedLock as storage.
2951 LastReturnedLock is a pointer to the 'raw' lock inkl. double linked
2952 list, and FsRtlGetNextFileLock needs this to get next lock on subsequent
2953 calls with Restart = FALSE.
2954 */
2955 NTKERNELAPI
2956 PFILE_LOCK_INFO
2957 NTAPI
2958 FsRtlGetNextFileLock (
2959 IN PFILE_LOCK FileLock,
2960 IN BOOLEAN Restart
2961 );
2962
2963 NTKERNELAPI
2964 VOID
2965 NTAPI
2966 FsRtlInitializeFileLock (
2967 IN PFILE_LOCK FileLock,
2968 IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL,
2969 IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL
2970 );
2971
2972 NTKERNELAPI
2973 VOID
2974 NTAPI
2975 FsRtlInitializeOplock (
2976 IN OUT POPLOCK Oplock
2977 );
2978
2979 NTKERNELAPI
2980 VOID
2981 NTAPI
2982 FsRtlInitializeTunnelCache (
2983 IN PTUNNEL Cache
2984 );
2985
2986 NTKERNELAPI
2987 BOOLEAN
2988 NTAPI
2989 FsRtlIsNameInExpression (
2990 IN PUNICODE_STRING Expression,
2991 IN PUNICODE_STRING Name,
2992 IN BOOLEAN IgnoreCase,
2993 IN PWCHAR UpcaseTable OPTIONAL
2994 );
2995
2996 NTKERNELAPI
2997 BOOLEAN
2998 NTAPI
2999 FsRtlIsNtstatusExpected (
3000 IN NTSTATUS Ntstatus
3001 );
3002
3003 #define NLS_OEM_LEAD_BYTE_INFO NlsOemLeadByteInfo
3004
3005 extern PUSHORT NlsOemLeadByteInfo;
3006
3007 #define FsRtlIsLeadDbcsCharacter(DBCS_CHAR) ( \
3008 (BOOLEAN)((UCHAR)(DBCS_CHAR) < 0x80 ? FALSE : \
3009 (NLS_MB_CODE_PAGE_TAG && \
3010 (NLS_OEM_LEAD_BYTE_INFO[(UCHAR)(DBCS_CHAR)] != 0))) \
3011 )
3012
3013 #define FsRtlIsAnsiCharacterWild(C) ( \
3014 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], FSRTL_WILD_CHARACTER ) \
3015 )
3016
3017 #define FsRtlIsUnicodeCharacterWild(C) ( \
3018 (((C) >= 0x40) ? \
3019 FALSE : \
3020 FlagOn(FsRtlLegalAnsiCharacterArray[(C)], FSRTL_WILD_CHARACTER )) \
3021 )
3022
3023 NTKERNELAPI
3024 BOOLEAN
3025 NTAPI
3026 FsRtlMdlReadDev (
3027 IN PFILE_OBJECT FileObject,
3028 IN PLARGE_INTEGER FileOffset,
3029 IN ULONG Length,
3030 IN ULONG LockKey,
3031 OUT PMDL *MdlChain,
3032 OUT PIO_STATUS_BLOCK IoStatus,
3033 IN PDEVICE_OBJECT DeviceObject
3034 );
3035
3036 NTKERNELAPI
3037 BOOLEAN
3038 NTAPI
3039 FsRtlMdlReadComplete (
3040 IN PFILE_OBJECT FileObject,
3041 IN PMDL MdlChain
3042 );
3043
3044 NTKERNELAPI
3045 BOOLEAN
3046 NTAPI
3047 FsRtlMdlReadCompleteDev (
3048 IN PFILE_OBJECT FileObject,
3049 IN PMDL MdlChain,
3050 IN PDEVICE_OBJECT DeviceObject
3051 );
3052
3053 NTKERNELAPI
3054 BOOLEAN
3055 NTAPI
3056 FsRtlPrepareMdlWriteDev (
3057 IN PFILE_OBJECT FileObject,
3058 IN PLARGE_INTEGER FileOffset,
3059 IN ULONG Length,
3060 IN ULONG LockKey,
3061 OUT PMDL *MdlChain,
3062 OUT PIO_STATUS_BLOCK IoStatus,
3063 IN PDEVICE_OBJECT DeviceObject
3064 );
3065
3066 NTKERNELAPI
3067 BOOLEAN
3068 NTAPI
3069 FsRtlMdlWriteComplete (
3070 IN PFILE_OBJECT FileObject,
3071 IN PLARGE_INTEGER FileOffset,
3072 IN PMDL MdlChain
3073 );
3074
3075 NTKERNELAPI
3076 BOOLEAN
3077 NTAPI
3078 FsRtlMdlWriteCompleteDev (
3079 IN PFILE_OBJECT FileObject,
3080 IN PLARGE_INTEGER FileOffset,
3081 IN PMDL MdlChain,
3082 IN PDEVICE_OBJECT DeviceObject
3083 );
3084
3085 NTKERNELAPI
3086 NTSTATUS
3087 NTAPI
3088 FsRtlNormalizeNtstatus (
3089 IN NTSTATUS Exception,
3090 IN NTSTATUS GenericException
3091 );
3092
3093 NTKERNELAPI
3094 VOID
3095 NTAPI
3096 FsRtlNotifyChangeDirectory (
3097 IN PNOTIFY_SYNC NotifySync,
3098 IN PVOID FsContext,
3099 IN PSTRING FullDirectoryName,
3100 IN PLIST_ENTRY NotifyList,
3101 IN BOOLEAN WatchTree,
3102 IN ULONG CompletionFilter,
3103 IN PIRP NotifyIrp
3104 );
3105
3106 NTKERNELAPI
3107 VOID
3108 NTAPI
3109 FsRtlNotifyCleanup (
3110 IN PNOTIFY_SYNC NotifySync,
3111 IN PLIST_ENTRY NotifyList,
3112 IN PVOID FsContext
3113 );
3114
3115 typedef BOOLEAN (*PCHECK_FOR_TRAVERSE_ACCESS) (
3116 IN PVOID NotifyContext,
3117 IN PVOID TargetContext,
3118 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
3119 );
3120
3121 NTKERNELAPI
3122 VOID
3123 NTAPI
3124 FsRtlNotifyFullChangeDirectory (
3125 IN PNOTIFY_SYNC NotifySync,
3126 IN PLIST_ENTRY NotifyList,
3127 IN PVOID FsContext,
3128 IN PSTRING FullDirectoryName,
3129 IN BOOLEAN WatchTree,
3130 IN BOOLEAN IgnoreBuffer,
3131 IN ULONG CompletionFilter,
3132 IN PIRP NotifyIrp,
3133 IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL,
3134 IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL
3135 );
3136
3137 NTKERNELAPI
3138 VOID
3139 NTAPI
3140 FsRtlNotifyFullReportChange (
3141 IN PNOTIFY_SYNC NotifySync,
3142 IN PLIST_ENTRY NotifyList,
3143 IN PSTRING FullTargetName,
3144 IN USHORT TargetNameOffset,
3145 IN PSTRING StreamName OPTIONAL,
3146 IN PSTRING NormalizedParentName OPTIONAL,
3147 IN ULONG FilterMatch,
3148 IN ULONG Action,
3149 IN PVOID TargetContext
3150 );
3151
3152 NTKERNELAPI
3153 VOID
3154 NTAPI
3155 FsRtlNotifyInitializeSync (
3156 IN PNOTIFY_SYNC *NotifySync
3157 );
3158
3159 NTKERNELAPI
3160 VOID
3161 NTAPI
3162 FsRtlNotifyReportChange (
3163 IN PNOTIFY_SYNC NotifySync,
3164 IN PLIST_ENTRY NotifyList,
3165 IN PSTRING FullTargetName,
3166 IN PUSHORT FileNamePartLength,
3167 IN ULONG FilterMatch
3168 );
3169
3170 NTKERNELAPI
3171 VOID
3172 NTAPI
3173 FsRtlNotifyUninitializeSync (
3174 IN PNOTIFY_SYNC *NotifySync
3175 );
3176
3177 #if (VER_PRODUCTBUILD >= 2195)
3178
3179 NTKERNELAPI
3180 NTSTATUS
3181 NTAPI
3182 FsRtlNotifyVolumeEvent (
3183 IN PFILE_OBJECT FileObject,
3184 IN ULONG EventCode
3185 );
3186
3187 #endif /* (VER_PRODUCTBUILD >= 2195) */
3188
3189 NTKERNELAPI
3190 NTSTATUS
3191 NTAPI
3192 FsRtlOplockFsctrl (
3193 IN POPLOCK Oplock,
3194 IN PIRP Irp,
3195 IN ULONG OpenCount
3196 );
3197
3198 NTKERNELAPI
3199 BOOLEAN
3200 NTAPI
3201 FsRtlOplockIsFastIoPossible (
3202 IN POPLOCK Oplock
3203 );
3204
3205 /*
3206 FsRtlPrivateLock:
3207
3208 ret: IoStatus->Status: STATUS_PENDING, STATUS_LOCK_NOT_GRANTED
3209
3210 Internals:
3211 -Calls IoCompleteRequest if Irp
3212 -Uses exception handling / ExRaiseStatus with STATUS_INSUFFICIENT_RESOURCES
3213 */
3214 NTKERNELAPI
3215 BOOLEAN
3216 NTAPI
3217 FsRtlPrivateLock (
3218 IN PFILE_LOCK FileLock,
3219 IN PFILE_OBJECT FileObject,
3220 IN PLARGE_INTEGER FileOffset,
3221 IN PLARGE_INTEGER Length,
3222 IN PEPROCESS Process,
3223 IN ULONG Key,
3224 IN BOOLEAN FailImmediately,
3225 IN BOOLEAN ExclusiveLock,
3226 OUT PIO_STATUS_BLOCK IoStatus,
3227 IN PIRP Irp OPTIONAL,
3228 IN PVOID Context,
3229 IN BOOLEAN AlreadySynchronized
3230 );
3231
3232 /*
3233 FsRtlProcessFileLock:
3234
3235 ret:
3236 -STATUS_INVALID_DEVICE_REQUEST
3237 -STATUS_RANGE_NOT_LOCKED from unlock routines.
3238 -STATUS_PENDING, STATUS_LOCK_NOT_GRANTED from FsRtlPrivateLock
3239 (redirected IoStatus->Status).
3240
3241 Internals:
3242 -switch ( Irp->CurrentStackLocation->MinorFunction )
3243 lock: return FsRtlPrivateLock;
3244 unlocksingle: return FsRtlFastUnlockSingle;
3245 unlockall: return FsRtlFastUnlockAll;
3246 unlockallbykey: return FsRtlFastUnlockAllByKey;
3247 default: IofCompleteRequest with STATUS_INVALID_DEVICE_REQUEST;
3248 return STATUS_INVALID_DEVICE_REQUEST;
3249
3250 -'AllwaysZero' is passed thru as 'AllwaysZero' to lock / unlock routines.
3251 -'Irp' is passet thru as 'Irp' to FsRtlPrivateLock.
3252 */
3253 NTKERNELAPI
3254 NTSTATUS
3255 NTAPI
3256 FsRtlProcessFileLock (
3257 IN PFILE_LOCK FileLock,
3258 IN PIRP Irp,
3259 IN PVOID Context OPTIONAL
3260 );
3261
3262 NTKERNELAPI
3263 NTSTATUS
3264 NTAPI
3265 FsRtlRegisterUncProvider (
3266 IN OUT PHANDLE MupHandle,
3267 IN PUNICODE_STRING RedirectorDeviceName,
3268 IN BOOLEAN MailslotsSupported
3269 );
3270
3271 typedef VOID
3272 (NTAPI *PFSRTL_STACK_OVERFLOW_ROUTINE) (
3273 IN PVOID Context,
3274 IN PKEVENT Event
3275 );
3276
3277 NTKERNELAPI
3278 VOID
3279 NTAPI
3280 FsRtlPostStackOverflow (
3281 IN PVOID Context,
3282 IN PKEVENT Event,
3283 IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine
3284 );
3285
3286 NTKERNELAPI
3287 VOID
3288 NTAPI
3289 FsRtlPostPagingFileStackOverflow (
3290 IN PVOID Context,
3291 IN PKEVENT Event,
3292 IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine
3293 );
3294
3295 NTKERNELAPI
3296 VOID
3297 NTAPI
3298 FsRtlTeardownPerStreamContexts (
3299 IN PFSRTL_ADVANCED_FCB_HEADER AdvancedHeader
3300 );
3301
3302 NTKERNELAPI
3303 VOID
3304 NTAPI
3305 FsRtlUninitializeFileLock (
3306 IN PFILE_LOCK FileLock
3307 );
3308
3309 NTKERNELAPI
3310 VOID
3311 NTAPI
3312 FsRtlUninitializeOplock (
3313 IN OUT POPLOCK Oplock
3314 );
3315
3316 NTHALAPI
3317 VOID
3318 NTAPI
3319 HalDisplayString (
3320 IN PCHAR String
3321 );
3322
3323 NTKERNELAPI
3324 UCHAR
3325 NTAPI
3326 KeSetIdealProcessorThread(
3327 IN OUT PKTHREAD Thread,
3328 IN UCHAR Processor
3329 );
3330
3331 NTKERNELAPI
3332 NTSTATUS
3333 NTAPI
3334 IoAttachDeviceToDeviceStackSafe(
3335 IN PDEVICE_OBJECT SourceDevice,
3336 IN PDEVICE_OBJECT TargetDevice,
3337 OUT PDEVICE_OBJECT *AttachedToDeviceObject
3338 );
3339
3340 NTKERNELAPI
3341 VOID
3342 NTAPI
3343 IoAcquireVpbSpinLock (
3344 OUT PKIRQL Irql
3345 );
3346
3347 NTKERNELAPI
3348 NTSTATUS
3349 NTAPI
3350 IoCheckDesiredAccess (
3351 IN OUT PACCESS_MASK DesiredAccess,
3352 IN ACCESS_MASK GrantedAccess
3353 );
3354
3355 NTKERNELAPI
3356 NTSTATUS
3357 NTAPI
3358 IoCheckEaBufferValidity (
3359 IN PFILE_FULL_EA_INFORMATION EaBuffer,
3360 IN ULONG EaLength,
3361 OUT PULONG ErrorOffset
3362 );
3363
3364 NTKERNELAPI
3365 NTSTATUS
3366 NTAPI
3367 IoCheckFunctionAccess (
3368 IN ACCESS_MASK GrantedAccess,
3369 IN UCHAR MajorFunction,
3370 IN UCHAR MinorFunction,
3371 IN ULONG IoControlCode,
3372 IN PVOID Argument1 OPTIONAL,
3373 IN PVOID Argument2 OPTIONAL
3374 );
3375
3376 #if (VER_PRODUCTBUILD >= 2195)
3377
3378 NTKERNELAPI
3379 NTSTATUS
3380 NTAPI
3381 IoCheckQuotaBufferValidity (
3382 IN PFILE_QUOTA_INFORMATION QuotaBuffer,
3383 IN ULONG QuotaLength,
3384 OUT PULONG ErrorOffset
3385 );
3386
3387 #endif /* (VER_PRODUCTBUILD >= 2195) */
3388
3389 NTKERNELAPI
3390 PFILE_OBJECT
3391 NTAPI
3392 IoCreateStreamFileObject (
3393 IN PFILE_OBJECT FileObject OPTIONAL,
3394 IN PDEVICE_OBJECT DeviceObject OPTIONAL
3395 );
3396
3397 #if (VER_PRODUCTBUILD >= 2195)
3398
3399 NTKERNELAPI
3400 PFILE_OBJECT
3401 NTAPI
3402 IoCreateStreamFileObjectLite (
3403 IN PFILE_OBJECT FileObject OPTIONAL,
3404 IN PDEVICE_OBJECT DeviceObject OPTIONAL
3405 );
3406
3407 #endif /* (VER_PRODUCTBUILD >= 2195) */
3408
3409 NTKERNELAPI
3410 BOOLEAN
3411 NTAPI
3412 IoFastQueryNetworkAttributes (
3413 IN POBJECT_ATTRIBUTES ObjectAttributes,
3414 IN ACCESS_MASK DesiredAccess,
3415 IN ULONG OpenOptions,
3416 OUT PIO_STATUS_BLOCK IoStatus,
3417 OUT PFILE_NETWORK_OPEN_INFORMATION Buffer
3418 );
3419
3420 NTKERNELAPI
3421 PDEVICE_OBJECT
3422 NTAPI
3423 IoGetAttachedDevice (
3424 IN PDEVICE_OBJECT DeviceObject
3425 );
3426
3427 NTKERNELAPI
3428 PDEVICE_OBJECT
3429 NTAPI
3430 IoGetBaseFileSystemDeviceObject (
3431 IN PFILE_OBJECT FileObject
3432 );
3433
3434 NTKERNELAPI
3435 PEPROCESS
3436 NTAPI
3437 IoGetRequestorProcess (
3438 IN PIRP Irp
3439 );
3440
3441 #if (VER_PRODUCTBUILD >= 2195)
3442
3443 NTKERNELAPI
3444 ULONG
3445 NTAPI
3446 IoGetRequestorProcessId (
3447 IN PIRP Irp
3448 );
3449
3450 #endif /* (VER_PRODUCTBUILD >= 2195) */
3451
3452 NTKERNELAPI
3453 PIRP
3454 NTAPI
3455 IoGetTopLevelIrp (
3456 VOID
3457 );
3458
3459 #define IoIsFileOpenedExclusively(FileObject) ( \
3460 (BOOLEAN) !( \
3461 (FileObject)->SharedRead || \
3462 (FileObject)->SharedWrite || \
3463 (FileObject)->SharedDelete \
3464 ) \
3465 )
3466
3467 NTKERNELAPI
3468 BOOLEAN
3469 NTAPI
3470 IoIsOperationSynchronous (
3471 IN PIRP Irp
3472 );
3473
3474 NTKERNELAPI
3475 BOOLEAN
3476 NTAPI
3477 IoIsSystemThread (
3478 IN PETHREAD Thread
3479 );
3480
3481 #if (VER_PRODUCTBUILD >= 2195)
3482
3483 NTKERNELAPI
3484 BOOLEAN
3485 NTAPI
3486 IoIsValidNameGraftingBuffer (
3487 IN PIRP Irp,
3488 IN PREPARSE_DATA_BUFFER ReparseBuffer
3489 );
3490
3491 #endif /* (VER_PRODUCTBUILD >= 2195) */
3492
3493 NTKERNELAPI
3494 NTSTATUS
3495 NTAPI
3496 IoPageRead (
3497 IN PFILE_OBJECT FileObject,
3498 IN PMDL Mdl,
3499 IN PLARGE_INTEGER Offset,
3500 IN PKEVENT Event,
3501 OUT PIO_STATUS_BLOCK IoStatusBlock
3502 );
3503
3504 NTKERNELAPI
3505 NTSTATUS
3506 NTAPI
3507 IoQueryFileInformation (
3508 IN PFILE_OBJECT FileObject,
3509 IN FILE_INFORMATION_CLASS FileInformationClass,
3510 IN ULONG Length,
3511 OUT PVOID FileInformation,
3512 OUT PULONG ReturnedLength
3513 );
3514
3515 NTKERNELAPI
3516 NTSTATUS
3517 NTAPI
3518 IoQueryVolumeInformation (
3519 IN PFILE_OBJECT FileObject,
3520 IN FS_INFORMATION_CLASS FsInformationClass,
3521 IN ULONG Length,
3522 OUT PVOID FsInformation,
3523 OUT PULONG ReturnedLength
3524 );
3525
3526 NTKERNELAPI
3527 VOID
3528 NTAPI
3529 IoQueueThreadIrp(
3530 IN PIRP Irp
3531 );
3532
3533 NTKERNELAPI
3534 VOID
3535 NTAPI
3536 IoRegisterFileSystem (
3537 IN OUT PDEVICE_OBJECT DeviceObject
3538 );
3539
3540 #if (VER_PRODUCTBUILD >= 1381)
3541
3542 typedef VOID (NTAPI *PDRIVER_FS_NOTIFICATION) (
3543 IN PDEVICE_OBJECT DeviceObject,
3544 IN BOOLEAN DriverActive
3545 );
3546
3547 NTKERNELAPI
3548 NTSTATUS
3549 NTAPI
3550 IoRegisterFsRegistrationChange (
3551 IN PDRIVER_OBJECT DriverObject,
3552 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
3553 );
3554
3555 #endif /* (VER_PRODUCTBUILD >= 1381) */
3556
3557 NTKERNELAPI
3558 VOID
3559 NTAPI
3560 IoReleaseVpbSpinLock (
3561 IN KIRQL Irql
3562 );
3563
3564 NTKERNELAPI
3565 VOID
3566 NTAPI
3567 IoSetDeviceToVerify (
3568 IN PETHREAD Thread,
3569 IN PDEVICE_OBJECT DeviceObject
3570 );
3571
3572 NTKERNELAPI
3573 NTSTATUS
3574 NTAPI
3575 IoSetInformation (
3576 IN PFILE_OBJECT FileObject,
3577 IN FILE_INFORMATION_CLASS FileInformationClass,
3578 IN ULONG Length,
3579 IN PVOID FileInformation
3580 );
3581
3582 NTKERNELAPI
3583 VOID
3584 NTAPI
3585 IoSetTopLevelIrp (
3586 IN PIRP Irp
3587 );
3588
3589 NTKERNELAPI
3590 NTSTATUS
3591 NTAPI
3592 IoSynchronousPageWrite (
3593 IN PFILE_OBJECT FileObject,
3594 IN PMDL Mdl,
3595 IN PLARGE_INTEGER FileOffset,
3596 IN PKEVENT Event,
3597 OUT PIO_STATUS_BLOCK IoStatusBlock
3598 );
3599
3600 NTKERNELAPI
3601 PEPROCESS
3602 NTAPI
3603 IoThreadToProcess (
3604 IN PETHREAD Thread
3605 );
3606
3607 NTKERNELAPI
3608 VOID
3609 NTAPI
3610 IoUnregisterFileSystem (
3611 IN OUT PDEVICE_OBJECT DeviceObject
3612 );
3613
3614 #if (VER_PRODUCTBUILD >= 1381)
3615
3616 NTKERNELAPI
3617 VOID
3618 NTAPI
3619 IoUnregisterFsRegistrationChange (
3620 IN PDRIVER_OBJECT DriverObject,
3621 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
3622 );
3623
3624 #endif /* (VER_PRODUCTBUILD >= 1381) */
3625
3626 NTKERNELAPI
3627 NTSTATUS
3628 NTAPI
3629 IoVerifyVolume (
3630 IN PDEVICE_OBJECT DeviceObject,
3631 IN BOOLEAN AllowRawMount
3632 );
3633
3634 NTHALAPI
3635 KIRQL
3636 FASTCALL
3637 KeAcquireQueuedSpinLock (
3638 IN KSPIN_LOCK_QUEUE_NUMBER Number
3639 );
3640
3641 NTHALAPI
3642 VOID
3643 FASTCALL
3644 KeReleaseQueuedSpinLock (
3645 IN KSPIN_LOCK_QUEUE_NUMBER Number,
3646 IN KIRQL OldIrql
3647 );
3648
3649 NTKERNELAPI
3650 VOID
3651 NTAPI
3652 KeAttachProcess (
3653 IN PKPROCESS Process
3654 );
3655
3656 NTKERNELAPI
3657 VOID
3658 NTAPI
3659 KeDetachProcess (
3660 VOID
3661 );
3662
3663 NTKERNELAPI
3664 VOID
3665 NTAPI
3666 KeInitializeQueue (
3667 IN PRKQUEUE Queue,
3668 IN ULONG Count OPTIONAL
3669 );
3670
3671 NTKERNELAPI
3672 LONG
3673 NTAPI
3674 KeInsertHeadQueue (
3675 IN PRKQUEUE Queue,
3676 IN PLIST_ENTRY Entry
3677 );
3678
3679 NTKERNELAPI
3680 LONG
3681 NTAPI
3682 KeInsertQueue (
3683 IN PRKQUEUE Queue,
3684 IN PLIST_ENTRY Entry
3685 );
3686
3687 NTKERNELAPI
3688 LONG
3689 NTAPI
3690 KeReadStateQueue (
3691 IN PRKQUEUE Queue
3692 );
3693
3694 NTKERNELAPI
3695 PLIST_ENTRY
3696 NTAPI
3697 KeRemoveQueue (
3698 IN PRKQUEUE Queue,
3699 IN KPROCESSOR_MODE WaitMode,
3700 IN PLARGE_INTEGER Timeout OPTIONAL
3701 );
3702
3703 NTKERNELAPI
3704 PLIST_ENTRY
3705 NTAPI
3706 KeRundownQueue (
3707 IN PRKQUEUE Queue
3708 );
3709
3710 NTKERNELAPI
3711 VOID
3712 NTAPI
3713 KeInitializeMutant (
3714 IN PRKMUTANT Mutant,
3715 IN BOOLEAN InitialOwner
3716 );
3717
3718 NTKERNELAPI
3719 LONG
3720 NTAPI
3721 KeReadStateMutant (
3722 IN PRKMUTANT Mutant
3723 );
3724
3725 NTKERNELAPI
3726 LONG
3727 NTAPI
3728 KeReleaseMutant (
3729 IN PRKMUTANT Mutant,
3730 IN KPRIORITY Increment,
3731 IN BOOLEAN Abandoned,
3732 IN BOOLEAN Wait
3733 );
3734
3735 #if (VER_PRODUCTBUILD >= 2195)
3736
3737 NTKERNELAPI
3738 VOID
3739 NTAPI
3740 KeStackAttachProcess (
3741 IN PKPROCESS Process,
3742 OUT PKAPC_STATE ApcState
3743 );
3744
3745 NTKERNELAPI
3746 VOID
3747 NTAPI
3748 KeUnstackDetachProcess (
3749 IN PKAPC_STATE ApcState
3750 );
3751
3752 #endif /* (VER_PRODUCTBUILD >= 2195) */
3753
3754 NTKERNELAPI
3755 BOOLEAN
3756 NTAPI
3757 KeSetKernelStackSwapEnable(
3758 IN BOOLEAN Enable
3759 );
3760
3761 NTKERNELAPI
3762 BOOLEAN
3763 NTAPI
3764 MmCanFileBeTruncated (
3765 IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
3766 IN PLARGE_INTEGER NewFileSize
3767 );
3768
3769 NTKERNELAPI
3770 BOOLEAN
3771 NTAPI
3772 MmFlushImageSection (
3773 IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
3774 IN MMFLUSH_TYPE FlushType
3775 );
3776
3777 NTKERNELAPI
3778 BOOLEAN
3779 NTAPI
3780 MmForceSectionClosed (
3781 IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
3782 IN BOOLEAN DelayClose
3783 );
3784
3785 #if (VER_PRODUCTBUILD >= 1381)
3786
3787 NTKERNELAPI
3788 BOOLEAN
3789 NTAPI
3790 MmIsRecursiveIoFault (
3791 VOID
3792 );
3793
3794 #else
3795
3796 #define MmIsRecursiveIoFault() ( \
3797 (PsGetCurrentThread()->DisablePageFaultClustering) | \
3798 (PsGetCurrentThread()->ForwardClusterOnly) \
3799 )
3800
3801 #endif
3802
3803
3804 NTKERNELAPI
3805 BOOLEAN
3806 NTAPI
3807 MmSetAddressRangeModified (
3808 IN PVOID Address,
3809 IN ULONG Length
3810 );
3811
3812 NTKERNELAPI
3813 NTSTATUS
3814 NTAPI
3815 ObCreateObject (
3816 IN KPROCESSOR_MODE ObjectAttributesAccessMode OPTIONAL,
3817 IN POBJECT_TYPE ObjectType,
3818 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
3819 IN KPROCESSOR_MODE AccessMode,
3820 IN OUT PVOID ParseContext OPTIONAL,
3821 IN ULONG ObjectSize,
3822 IN ULONG PagedPoolCharge OPTIONAL,
3823 IN ULONG NonPagedPoolCharge OPTIONAL,
3824 OUT PVOID *Object
3825 );
3826
3827 NTKERNELAPI
3828 ULONG
3829 NTAPI
3830 ObGetObjectPointerCount (
3831 IN PVOID Object
3832 );
3833
3834 NTKERNELAPI
3835 NTSTATUS
3836 NTAPI
3837 ObInsertObject (
3838 IN PVOID Object,
3839 IN PACCESS_STATE PassedAccessState OPTIONAL,
3840 IN ACCESS_MASK DesiredAccess,
3841 IN ULONG AdditionalReferences,
3842 OUT PVOID *ReferencedObject OPTIONAL,
3843 OUT PHANDLE Handle
3844 );
3845
3846 NTKERNELAPI
3847 VOID
3848 NTAPI
3849 ObMakeTemporaryObject (
3850 IN PVOID Object
3851 );
3852
3853 NTKERNELAPI
3854 NTSTATUS
3855 NTAPI
3856 ObOpenObjectByPointer (
3857 IN PVOID Object,
3858 IN ULONG HandleAttributes,
3859 IN PACCESS_STATE PassedAccessState OPTIONAL,
3860 IN ACCESS_MASK DesiredAccess OPTIONAL,
3861 IN POBJECT_TYPE ObjectType OPTIONAL,
3862 IN KPROCESSOR_MODE AccessMode,
3863 OUT PHANDLE Handle
3864 );
3865
3866 NTKERNELAPI
3867 NTSTATUS
3868 NTAPI
3869 ObQueryNameString (
3870 IN PVOID Object,
3871 OUT POBJECT_NAME_INFORMATION ObjectNameInfo,
3872 IN ULONG Length,
3873 OUT PULONG ReturnLength
3874 );
3875
3876 NTKERNELAPI
3877 NTSTATUS
3878 NTAPI
3879 ObQueryObjectAuditingByHandle (
3880 IN HANDLE Handle,
3881 OUT PBOOLEAN GenerateOnClose
3882 );
3883
3884 NTKERNELAPI
3885 NTSTATUS
3886 NTAPI
3887 ObReferenceObjectByName (
3888 IN PUNICODE_STRING ObjectName,
3889 IN ULONG Attributes,
3890 IN PACCESS_STATE PassedAccessState OPTIONAL,
3891 IN ACCESS_MASK DesiredAccess OPTIONAL,
3892 IN POBJECT_TYPE ObjectType,
3893 IN KPROCESSOR_MODE AccessMode,
3894 IN OUT PVOID ParseContext OPTIONAL,
3895 OUT PVOID *Object
3896 );
3897
3898 NTKERNELAPI
3899 NTSTATUS
3900 NTAPI
3901 PsAssignImpersonationToken (
3902 IN PETHREAD Thread,
3903 IN HANDLE Token
3904 );
3905
3906 NTKERNELAPI
3907 VOID
3908 NTAPI
3909 PsChargePoolQuota (
3910 IN PEPROCESS Process,
3911 IN POOL_TYPE PoolType,
3912 IN SIZE_T Amount
3913 );
3914
3915 NTKERNELAPI
3916 NTSTATUS
3917 NTAPI
3918 PsChargeProcessPoolQuota (
3919 IN PEPROCESS Process,
3920 IN POOL_TYPE PoolType,
3921 IN SIZE_T Amount
3922 );
3923
3924 #define PsDereferenceImpersonationToken(T) \
3925 {if (ARGUMENT_PRESENT(T)) { \
3926 (ObDereferenceObject((T))); \
3927 } else { \
3928 ; \
3929 } \
3930 }
3931
3932 #define PsDereferencePrimaryToken(T) (ObDereferenceObject((T)))
3933
3934 NTKERNELAPI
3935 BOOLEAN
3936 NTAPI
3937 PsDisableImpersonation(
3938 IN PETHREAD Thread,
3939 IN PSE_IMPERSONATION_STATE ImpersonationState
3940 );
3941
3942 NTKERNELAPI
3943 LARGE_INTEGER
3944 NTAPI
3945 PsGetProcessExitTime (
3946 VOID
3947 );
3948
3949 NTKERNELAPI
3950 NTSTATUS
3951 NTAPI
3952 PsImpersonateClient(
3953 IN PETHREAD Thread,
3954 IN PACCESS_TOKEN Token,
3955 IN BOOLEAN CopyOnOpen,
3956 IN BOOLEAN EffectiveOnly,
3957 IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
3958 );
3959
3960 NTKERNELAPI
3961 BOOLEAN
3962 NTAPI
3963 PsIsSystemThread(
3964 IN PETHREAD Thread
3965 );
3966
3967 NTKERNELAPI
3968 BOOLEAN
3969 NTAPI
3970 PsIsThreadTerminating (
3971 IN PETHREAD Thread
3972 );
3973
3974 NTKERNELAPI
3975 NTSTATUS
3976 NTAPI
3977 PsLookupProcessByProcessId (
3978 IN HANDLE ProcessId,
3979 OUT PEPROCESS *Process
3980 );
3981
3982 NTKERNELAPI
3983 NTSTATUS
3984 NTAPI
3985 PsLookupProcessThreadByCid (
3986 IN PCLIENT_ID Cid,
3987 OUT PEPROCESS *Process OPTIONAL,
3988 OUT PETHREAD *Thread
3989 );
3990
3991 NTKERNELAPI
3992 NTSTATUS
3993 NTAPI
3994 PsLookupThreadByThreadId (
3995 IN HANDLE UniqueThreadId,
3996 OUT PETHREAD *Thread
3997 );
3998
3999 NTKERNELAPI
4000 PACCESS_TOKEN
4001 NTAPI
4002 PsReferenceImpersonationToken (
4003 IN PETHREAD Thread,
4004 OUT PBOOLEAN CopyOnUse,
4005 OUT PBOOLEAN EffectiveOnly,
4006 OUT PSECURITY_IMPERSONATION_LEVEL Level
4007 );
4008
4009 NTKERNELAPI
4010 HANDLE
4011 NTAPI
4012 PsReferencePrimaryToken (
4013 IN PEPROCESS Process
4014 );
4015
4016 NTKERNELAPI
4017 VOID
4018 NTAPI
4019 PsRestoreImpersonation(
4020 IN PETHREAD Thread,
4021 IN PSE_IMPERSONATION_STATE ImpersonationState
4022 );
4023
4024 NTKERNELAPI
4025 VOID
4026 NTAPI
4027 PsReturnPoolQuota (
4028 IN PEPROCESS Process,
4029 IN POOL_TYPE PoolType,
4030 IN SIZE_T Amount
4031 );
4032
4033 NTKERNELAPI
4034 VOID
4035 NTAPI
4036 PsRevertToSelf (
4037 VOID
4038 );
4039
4040 NTSYSAPI
4041 NTSTATUS
4042 NTAPI
4043 RtlAbsoluteToSelfRelativeSD (
4044 IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor,
4045 IN OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor,
4046 IN PULONG BufferLength
4047 );
4048
4049 NTSYSAPI
4050 PVOID
4051 NTAPI
4052 RtlAllocateHeap (
4053 IN HANDLE HeapHandle,
4054 IN ULONG Flags,
4055 IN ULONG Size
4056 );
4057
4058 NTSYSAPI
4059 NTSTATUS
4060 NTAPI
4061 RtlAppendStringToString(
4062 PSTRING Destination,
4063 const STRING *Source
4064 );
4065
4066 NTSYSAPI
4067 USHORT
4068 NTAPI
4069 RtlCaptureStackBackTrace (
4070 IN ULONG FramesToSkip,
4071 IN ULONG FramesToCapture,
4072 OUT PVOID *BackTrace,
4073 OUT PULONG BackTraceHash OPTIONAL
4074 );
4075
4076 NTSYSAPI
4077 SIZE_T
4078 NTAPI
4079 RtlCompareMemoryUlong (
4080 PVOID Source,
4081 SIZE_T Length,
4082 ULONG Pattern
4083 );
4084
4085 NTSYSAPI
4086 NTSTATUS
4087 NTAPI
4088 RtlCompressBuffer (
4089 IN USHORT CompressionFormatAndEngine,
4090 IN PUCHAR UncompressedBuffer,
4091 IN ULONG UncompressedBufferSize,
4092 OUT PUCHAR CompressedBuffer,
4093 IN ULONG CompressedBufferSize,
4094 IN ULONG UncompressedChunkSize,
4095 OUT PULONG FinalCompressedSize,
4096 IN PVOID WorkSpace
4097 );
4098
4099 NTSYSAPI
4100 NTSTATUS
4101 NTAPI
4102 RtlCompressChunks (
4103 IN PUCHAR UncompressedBuffer,
4104 IN ULONG UncompressedBufferSize,
4105 OUT PUCHAR CompressedBuffer,
4106 IN ULONG CompressedBufferSize,
4107 IN OUT PCOMPRESSED_DATA_INFO CompressedDataInfo,
4108 IN ULONG CompressedDataInfoLength,
4109 IN PVOID WorkSpace
4110 );
4111
4112 NTSYSAPI
4113 NTSTATUS
4114 NTAPI
4115 RtlConvertSidToUnicodeString (
4116 OUT PUNICODE_STRING DestinationString,
4117 IN PSID Sid,
4118 IN BOOLEAN AllocateDestinationString
4119 );
4120
4121 NTSYSAPI
4122 NTSTATUS
4123 NTAPI
4124 RtlCopySid (
4125 IN ULONG Length,
4126 IN PSID Destination,
4127 IN PSID Source
4128 );
4129
4130 NTSYSAPI
4131 BOOLEAN
4132 NTAPI
4133 RtlCreateUnicodeString(
4134 PUNICODE_STRING DestinationString,
4135 PCWSTR SourceString
4136 );
4137
4138 NTSYSAPI
4139 NTSTATUS
4140 NTAPI
4141 RtlDecompressBuffer (
4142 IN USHORT CompressionFormat,
4143 OUT PUCHAR UncompressedBuffer,
4144 IN ULONG UncompressedBufferSize,
4145 IN PUCHAR CompressedBuffer,
4146 IN ULONG CompressedBufferSize,
4147 OUT PULONG FinalUncompressedSize
4148 );
4149
4150 NTSYSAPI
4151 NTSTATUS
4152 NTAPI
4153 RtlDecompressChunks (
4154 OUT PUCHAR UncompressedBuffer,
4155 IN ULONG UncompressedBufferSize,
4156 IN PUCHAR CompressedBuffer,
4157 IN ULONG CompressedBufferSize,
4158 IN PUCHAR CompressedTail,
4159 IN ULONG CompressedTailSize,
4160 IN PCOMPRESSED_DATA_INFO CompressedDataInfo
4161 );
4162
4163 NTSYSAPI
4164 NTSTATUS
4165 NTAPI
4166 RtlDecompressFragment (
4167 IN USHORT CompressionFormat,
4168 OUT PUCHAR UncompressedFragment,
4169 IN ULONG UncompressedFragmentSize,
4170 IN PUCHAR CompressedBuffer,
4171 IN ULONG CompressedBufferSize,
4172 IN ULONG FragmentOffset,
4173 OUT PULONG FinalUncompressedSize,
4174 IN PVOID WorkSpace
4175 );
4176
4177 NTSYSAPI
4178 NTSTATUS
4179 NTAPI
4180 RtlDescribeChunk (
4181 IN USHORT CompressionFormat,
4182 IN OUT PUCHAR *CompressedBuffer,
4183 IN PUCHAR EndOfCompressedBufferPlus1,
4184 OUT PUCHAR *ChunkBuffer,
4185 OUT PULONG ChunkSize
4186 );
4187
4188 NTSYSAPI
4189 NTSTATUS
4190 NTAPI
4191 RtlDowncaseUnicodeString(
4192 IN OUT PUNICODE_STRING UniDest,
4193 IN PCUNICODE_STRING UniSource,
4194 IN BOOLEAN AllocateDestinationString
4195 );
4196
4197 NTSYSAPI
4198 NTSTATUS
4199 NTAPI
4200 RtlDuplicateUnicodeString(
4201 IN ULONG Flags,
4202 IN PCUNICODE_STRING SourceString,
4203 OUT PUNICODE_STRING DestinationString
4204 );
4205
4206 NTSYSAPI
4207 BOOLEAN
4208 NTAPI
4209 RtlEqualSid (
4210 IN PSID Sid1,
4211 IN PSID Sid2
4212 );
4213
4214 NTSYSAPI
4215 VOID
4216 NTAPI
4217 RtlFillMemoryUlong (
4218 IN PVOID Destination,
4219 IN ULONG Length,
4220 IN ULONG Fill
4221 );
4222
4223 NTSYSAPI
4224 BOOLEAN
4225 NTAPI
4226 RtlFreeHeap (
4227 IN HANDLE HeapHandle,
4228 IN ULONG Flags,
4229 IN PVOID P
4230 );
4231
4232 NTSYSAPI
4233 VOID
4234 NTAPI
4235 RtlFreeOemString(
4236 IN OUT POEM_STRING OemString
4237 );
4238
4239 NTSYSAPI
4240 VOID
4241 NTAPI
4242 RtlGenerate8dot3Name (
4243 IN PUNICODE_STRING Name,
4244 IN BOOLEAN AllowExtendedCharacters,
4245 IN OUT PGENERATE_NAME_CONTEXT Context,
4246 OUT PUNICODE_STRING Name8dot3
4247 );
4248
4249 NTSYSAPI
4250 NTSTATUS
4251 NTAPI
4252 RtlGetCompressionWorkSpaceSize (
4253 IN USHORT CompressionFormatAndEngine,
4254 OUT PULONG CompressBufferWorkSpaceSize,
4255 OUT PULONG CompressFragmentWorkSpaceSize
4256 );
4257
4258 NTSYSAPI
4259 NTSTATUS
4260 NTAPI
4261 RtlGetDaclSecurityDescriptor (
4262 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
4263 OUT PBOOLEAN DaclPresent,
4264 OUT PACL *Dacl,
4265 OUT PBOOLEAN DaclDefaulted
4266 );
4267
4268 NTSYSAPI
4269 NTSTATUS
4270 NTAPI
4271 RtlGetGroupSecurityDescriptor (
4272 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
4273 OUT PSID *Group,
4274 OUT PBOOLEAN GroupDefaulted
4275 );
4276
4277 NTSYSAPI
4278 NTSTATUS
4279 NTAPI
4280 RtlGetOwnerSecurityDescriptor (
4281 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
4282 OUT PSID *Owner,
4283 OUT PBOOLEAN OwnerDefaulted
4284 );
4285
4286 NTSYSAPI
4287 NTSTATUS
4288 NTAPI
4289 RtlInitializeSid (
4290 IN OUT PSID Sid,
4291 IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
4292 IN UCHAR SubAuthorityCount
4293 );
4294
4295 NTSYSAPI
4296 BOOLEAN
4297 NTAPI
4298 RtlIsNameLegalDOS8Dot3(
4299 IN PCUNICODE_STRING Name,
4300 IN OUT POEM_STRING OemName OPTIONAL,
4301 IN OUT PBOOLEAN NameContainsSpaces OPTIONAL
4302 );
4303
4304 NTSYSAPI
4305 ULONG
4306 NTAPI
4307 RtlLengthRequiredSid (
4308 IN ULONG SubAuthorityCount
4309 );
4310
4311 NTSYSAPI
4312 ULONG
4313 NTAPI
4314 RtlLengthSid (
4315 IN PSID Sid
4316 );
4317
4318 NTSYSAPI
4319 ULONG
4320 NTAPI
4321 RtlNtStatusToDosError (
4322 IN NTSTATUS Status
4323 );
4324
4325 NTSYSAPI
4326 NTSTATUS
4327 NTAPI
4328 RtlOemStringToUnicodeString(
4329 IN OUT PUNICODE_STRING DestinationString,
4330 IN PCOEM_STRING SourceString,
4331 IN BOOLEAN AllocateDestinationString
4332 );
4333
4334 NTSYSAPI
4335 NTSTATUS
4336 NTAPI
4337 RtlUnicodeStringToOemString(
4338 IN OUT POEM_STRING DestinationString,
4339 IN PCUNICODE_STRING SourceString,
4340 IN BOOLEAN AllocateDestinationString
4341 );
4342
4343 NTSYSAPI
4344 NTSTATUS
4345 NTAPI
4346 RtlOemStringToCountedUnicodeString(
4347 IN OUT PUNICODE_STRING DestinationString,
4348 IN PCOEM_STRING SourceString,
4349 IN BOOLEAN AllocateDestinationString
4350 );
4351
4352 NTSYSAPI
4353 NTSTATUS
4354 NTAPI
4355 RtlUnicodeStringToCountedOemString(
4356 IN OUT POEM_STRING DestinationString,
4357 IN PCUNICODE_STRING SourceString,
4358 IN BOOLEAN AllocateDestinationString
4359 );
4360
4361 NTSYSAPI
4362 NTSTATUS
4363 NTAPI
4364 RtlReserveChunk (
4365 IN USHORT CompressionFormat,
4366 IN OUT PUCHAR *CompressedBuffer,
4367 IN PUCHAR EndOfCompressedBufferPlus1,
4368 OUT PUCHAR *ChunkBuffer,
4369 IN ULONG ChunkSize
4370 );
4371
4372 NTSYSAPI
4373 VOID
4374 NTAPI
4375 RtlSecondsSince1970ToTime (
4376 IN ULONG SecondsSince1970,
4377 OUT PLARGE_INTEGER Time
4378 );
4379
4380 NTSYSAPI
4381 NTSTATUS
4382 NTAPI
4383 RtlSetGroupSecurityDescriptor (
4384 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
4385 IN PSID Group,
4386 IN BOOLEAN GroupDefaulted
4387 );
4388
4389 NTSYSAPI
4390 NTSTATUS
4391 NTAPI
4392 RtlSetOwnerSecurityDescriptor (
4393 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
4394 IN PSID Owner,
4395 IN BOOLEAN OwnerDefaulted
4396 );
4397
4398 NTSYSAPI
4399 NTSTATUS
4400 NTAPI
4401 RtlSetSaclSecurityDescriptor (
4402 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
4403 IN BOOLEAN SaclPresent,
4404 IN PACL Sacl,
4405 IN BOOLEAN SaclDefaulted
4406 );
4407
4408 NTSYSAPI
4409 PUCHAR
4410 NTAPI
4411 RtlSubAuthorityCountSid (
4412 IN PSID Sid
4413 );
4414
4415 NTSYSAPI
4416 PULONG
4417 NTAPI
4418 RtlSubAuthoritySid (
4419 IN PSID Sid,
4420 IN ULONG SubAuthority
4421 );
4422
4423 NTSYSAPI
4424 NTSTATUS
4425 NTAPI
4426 RtlUnicodeToMultiByteN(
4427 OUT PCHAR MultiByteString,
4428 IN ULONG MaxBytesInMultiByteString,
4429 OUT PULONG BytesInMultiByteString OPTIONAL,
4430 IN PWCH UnicodeString,
4431 IN ULONG BytesInUnicodeString
4432 );
4433
4434 NTSYSAPI
4435 NTSTATUS
4436 NTAPI
4437 RtlOemToUnicodeN(
4438 OUT PWSTR UnicodeString,
4439 IN ULONG MaxBytesInUnicodeString,
4440 OUT PULONG BytesInUnicodeString OPTIONAL,
4441 IN PCH OemString,
4442 IN ULONG BytesInOemString
4443 );
4444
4445 /* RTL Splay Tree Functions */
4446 NTSYSAPI
4447 PRTL_SPLAY_LINKS
4448 NTAPI
4449 RtlSplay(PRTL_SPLAY_LINKS Links);
4450
4451 NTSYSAPI
4452 PRTL_SPLAY_LINKS
4453 NTAPI
4454 RtlDelete(PRTL_SPLAY_LINKS Links);
4455
4456 NTSYSAPI
4457 VOID
4458 NTAPI
4459 RtlDeleteNoSplay(
4460 PRTL_SPLAY_LINKS Links,
4461 PRTL_SPLAY_LINKS *Root
4462 );
4463
4464 NTSYSAPI
4465 PRTL_SPLAY_LINKS
4466 NTAPI
4467 RtlSubtreeSuccessor(PRTL_SPLAY_LINKS Links);
4468
4469 NTSYSAPI
4470 PRTL_SPLAY_LINKS
4471 NTAPI
4472 RtlSubtreePredecessor(PRTL_SPLAY_LINKS Links);
4473
4474 NTSYSAPI
4475 PRTL_SPLAY_LINKS
4476 NTAPI
4477 RtlRealSuccessor(PRTL_SPLAY_LINKS Links);
4478
4479 NTSYSAPI
4480 PRTL_SPLAY_LINKS
4481 NTAPI
4482 RtlRealPredecessor(PRTL_SPLAY_LINKS Links);
4483
4484 #define RtlIsLeftChild(Links) \
4485 (RtlLeftChild(RtlParent(Links)) == (PRTL_SPLAY_LINKS)(Links))
4486
4487 #define RtlIsRightChild(Links) \
4488 (RtlRightChild(RtlParent(Links)) == (PRTL_SPLAY_LINKS)(Links))
4489
4490 #define RtlRightChild(Links) \
4491 ((PRTL_SPLAY_LINKS)(Links))->RightChild
4492
4493 #define RtlIsRoot(Links) \
4494 (RtlParent(Links) == (PRTL_SPLAY_LINKS)(Links))
4495
4496 #define RtlLeftChild(Links) \
4497 ((PRTL_SPLAY_LINKS)(Links))->LeftChild
4498
4499 #define RtlParent(Links) \
4500 ((PRTL_SPLAY_LINKS)(Links))->Parent
4501
4502 #define RtlInitializeSplayLinks(Links) \
4503 { \
4504 PRTL_SPLAY_LINKS _SplayLinks; \
4505 _SplayLinks = (PRTL_SPLAY_LINKS)(Links); \
4506 _SplayLinks->Parent = _SplayLinks; \
4507 _SplayLinks->LeftChild = NULL; \
4508 _SplayLinks->RightChild = NULL; \
4509 }
4510
4511 #define RtlInsertAsLeftChild(ParentLinks,ChildLinks) \
4512 { \
4513 PRTL_SPLAY_LINKS _SplayParent; \
4514 PRTL_SPLAY_LINKS _SplayChild; \
4515 _SplayParent = (PRTL_SPLAY_LINKS)(ParentLinks); \
4516 _SplayChild = (PRTL_SPLAY_LINKS)(ChildLinks); \
4517 _SplayParent->LeftChild = _SplayChild; \
4518 _SplayChild->Parent = _SplayParent; \
4519 }
4520
4521 #define RtlInsertAsRightChild(ParentLinks,ChildLinks) \
4522 { \
4523 PRTL_SPLAY_LINKS _SplayParent; \
4524 PRTL_SPLAY_LINKS _SplayChild; \
4525 _SplayParent = (PRTL_SPLAY_LINKS)(ParentLinks); \
4526 _SplayChild = (PRTL_SPLAY_LINKS)(ChildLinks); \
4527 _SplayParent->RightChild = _SplayChild; \
4528 _SplayChild->Parent = _SplayParent; \
4529 }
4530
4531 NTSYSAPI
4532 BOOLEAN
4533 NTAPI
4534 RtlValidSid (
4535 IN PSID Sid
4536 );
4537
4538 NTKERNELAPI
4539 NTSTATUS
4540 NTAPI
4541 SeAppendPrivileges (
4542 PACCESS_STATE AccessState,
4543 PPRIVILEGE_SET Privileges
4544 );
4545
4546 NTKERNELAPI
4547 BOOLEAN
4548 NTAPI
4549 SeAuditingFileEvents (
4550 IN BOOLEAN AccessGranted,
4551 IN PSECURITY_DESCRIPTOR SecurityDescriptor
4552 );
4553
4554 NTKERNELAPI
4555 BOOLEAN
4556 NTAPI
4557 SeAuditingFileOrGlobalEvents (
4558 IN BOOLEAN AccessGranted,
4559 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
4560 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
4561 );
4562
4563 NTKERNELAPI
4564 VOID
4565 NTAPI
4566 SeCaptureSubjectContext (
4567 OUT PSECURITY_SUBJECT_CONTEXT SubjectContext
4568 );
4569
4570 NTKERNELAPI
4571 NTSTATUS
4572 NTAPI
4573 SeCreateClientSecurity (
4574 IN PETHREAD Thread,
4575 IN PSECURITY_QUALITY_OF_SERVICE QualityOfService,
4576 IN BOOLEAN RemoteClient,
4577 OUT PSECURITY_CLIENT_CONTEXT ClientContext
4578 );
4579
4580 #if (VER_PRODUCTBUILD >= 2195)
4581
4582 NTKERNELAPI
4583 NTSTATUS
4584 NTAPI
4585 SeCreateClientSecurityFromSubjectContext (
4586 IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
4587 IN PSECURITY_QUALITY_OF_SERVICE QualityOfService,
4588 IN BOOLEAN ServerIsRemote,
4589 OUT PSECURITY_CLIENT_CONTEXT ClientContext
4590 );
4591
4592 #endif /* (VER_PRODUCTBUILD >= 2195) */
4593
4594
4595 #define SeLengthSid( Sid ) \
4596 (8 + (4 * ((SID *)Sid)->SubAuthorityCount))
4597
4598 #define SeDeleteClientSecurity(C) { \
4599 if (SeTokenType((C)->ClientToken) == TokenPrimary) { \
4600 PsDereferencePrimaryToken( (C)->ClientToken ); \
4601 } else { \
4602 PsDereferenceImpersonationToken( (C)->ClientToken ); \
4603 } \
4604 }
4605
4606 NTKERNELAPI
4607 VOID
4608 NTAPI
4609 SeDeleteObjectAuditAlarm (
4610 IN PVOID Object,
4611 IN HANDLE Handle
4612 );
4613
4614 #define SeEnableAccessToExports() SeExports = *(PSE_EXPORTS *)SeExports;
4615
4616 NTKERNELAPI
4617 VOID
4618 NTAPI
4619 SeFreePrivileges (
4620 IN PPRIVILEGE_SET Privileges
4621 );
4622
4623 NTKERNELAPI
4624 VOID
4625 NTAPI
4626 SeImpersonateClient (
4627 IN PSECURITY_CLIENT_CONTEXT ClientContext,
4628 IN PETHREAD ServerThread OPTIONAL
4629 );
4630
4631 #if (VER_PRODUCTBUILD >= 2195)
4632
4633 NTKERNELAPI
4634 NTSTATUS
4635 NTAPI
4636 SeImpersonateClientEx (
4637 IN PSECURITY_CLIENT_CONTEXT ClientContext,
4638 IN PETHREAD ServerThread OPTIONAL
4639 );
4640
4641 #endif /* (VER_PRODUCTBUILD >= 2195) */
4642
4643 NTKERNELAPI
4644 VOID
4645 NTAPI
4646 SeLockSubjectContext (
4647 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
4648 );
4649
4650 NTKERNELAPI
4651 NTSTATUS
4652 NTAPI
4653 SeMarkLogonSessionForTerminationNotification (
4654 IN PLUID LogonId
4655 );
4656
4657 NTKERNELAPI
4658 VOID
4659 NTAPI
4660 SeOpenObjectAuditAlarm (
4661 IN PUNICODE_STRING ObjectTypeName,
4662 IN PVOID Object OPTIONAL,
4663 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
4664 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
4665 IN PACCESS_STATE AccessState,
4666 IN BOOLEAN ObjectCreated,
4667 IN BOOLEAN AccessGranted,
4668 IN KPROCESSOR_MODE AccessMode,
4669 OUT PBOOLEAN GenerateOnClose
4670 );
4671
4672 NTKERNELAPI
4673 VOID
4674 NTAPI
4675 SeOpenObjectForDeleteAuditAlarm (
4676 IN PUNICODE_STRING ObjectTypeName,
4677 IN PVOID Object OPTIONAL,
4678 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
4679 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
4680 IN PACCESS_STATE AccessState,
4681 IN BOOLEAN ObjectCreated,
4682 IN BOOLEAN AccessGranted,
4683 IN KPROCESSOR_MODE AccessMode,
4684 OUT PBOOLEAN GenerateOnClose
4685 );
4686
4687 NTKERNELAPI
4688 BOOLEAN
4689 NTAPI
4690 SePrivilegeCheck (
4691 IN OUT PPRIVILEGE_SET RequiredPrivileges,
4692 IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
4693 IN KPROCESSOR_MODE AccessMode
4694 );
4695
4696 NTKERNELAPI
4697 NTSTATUS
4698 NTAPI
4699 SeQueryAuthenticationIdToken (
4700 IN PACCESS_TOKEN Token,
4701 OUT PLUID LogonId
4702 );
4703
4704 #if (VER_PRODUCTBUILD >= 2195)
4705
4706 NTKERNELAPI
4707 NTSTATUS
4708 NTAPI
4709 SeQueryInformationToken (
4710 IN PACCESS_TOKEN Token,
4711 IN TOKEN_INFORMATION_CLASS TokenInformationClass,
4712 OUT PVOID *TokenInformation
4713 );
4714
4715 #endif /* (VER_PRODUCTBUILD >= 2195) */
4716
4717 NTKERNELAPI
4718 NTSTATUS
4719 NTAPI
4720 SeQuerySecurityDescriptorInfo (
4721 IN PSECURITY_INFORMATION SecurityInformation,
4722 OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
4723 IN OUT PULONG Length,
4724 IN PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor
4725 );
4726
4727 #if (VER_PRODUCTBUILD >= 2195)
4728
4729 NTKERNELAPI
4730 NTSTATUS
4731 NTAPI
4732 SeQuerySessionIdToken (
4733 IN PACCESS_TOKEN Token,
4734 IN PULONG SessionId
4735 );
4736
4737 #endif /* (VER_PRODUCTBUILD >= 2195) */
4738
4739 #define SeQuerySubjectContextToken( SubjectContext ) \
4740 ( ARGUMENT_PRESENT( \
4741 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken \
4742 ) ? \
4743 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken : \
4744 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->PrimaryToken )
4745
4746 typedef NTSTATUS (*PSE_LOGON_SESSION_TERMINATED_ROUTINE) (
4747 IN PLUID LogonId
4748 );
4749
4750 NTKERNELAPI
4751 NTSTATUS
4752 NTAPI
4753 SeRegisterLogonSessionTerminatedRoutine (
4754 IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
4755 );
4756
4757 NTKERNELAPI
4758 VOID
4759 NTAPI
4760 SeReleaseSubjectContext (
4761 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
4762 );
4763
4764 NTKERNELAPI
4765 VOID
4766 NTAPI
4767 SeSetAccessStateGenericMapping (
4768 PACCESS_STATE AccessState,
4769 PGENERIC_MAPPING GenericMapping
4770 );
4771
4772 NTKERNELAPI
4773 NTSTATUS
4774 NTAPI
4775 SeSetSecurityDescriptorInfo (
4776 IN PVOID Object OPTIONAL,
4777 IN PSECURITY_INFORMATION SecurityInformation,
4778 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
4779 IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
4780 IN POOL_TYPE PoolType,
4781 IN PGENERIC_MAPPING GenericMapping
4782 );
4783
4784 #if (VER_PRODUCTBUILD >= 2195)
4785
4786 NTKERNELAPI
4787 NTSTATUS
4788 NTAPI
4789 SeSetSecurityDescriptorInfoEx (
4790 IN PVOID Object OPTIONAL,
4791 IN PSECURITY_INFORMATION SecurityInformation,
4792 IN PSECURITY_DESCRIPTOR ModificationDescriptor,
4793 IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
4794 IN ULONG AutoInheritFlags,
4795 IN POOL_TYPE PoolType,
4796 IN PGENERIC_MAPPING GenericMapping
4797 );
4798
4799 NTKERNELAPI
4800 BOOLEAN
4801 NTAPI
4802 SeTokenIsAdmin (
4803 IN PACCESS_TOKEN Token
4804 );
4805
4806 NTKERNELAPI
4807 BOOLEAN
4808 NTAPI
4809 SeTokenIsRestricted (
4810 IN PACCESS_TOKEN Token
4811 );
4812
4813
4814 NTSTATUS
4815 NTAPI
4816 SeLocateProcessImageName(
4817 IN PEPROCESS Process,
4818 OUT PUNICODE_STRING *pImageFileName
4819 );
4820
4821 #endif /* (VER_PRODUCTBUILD >= 2195) */
4822
4823 NTKERNELAPI
4824 TOKEN_TYPE
4825 NTAPI
4826 SeTokenType (
4827 IN PACCESS_TOKEN Token
4828 );
4829
4830 NTKERNELAPI
4831 VOID
4832 NTAPI
4833 SeUnlockSubjectContext (
4834 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
4835 );
4836
4837 NTKERNELAPI
4838 NTSTATUS
4839 NTAPI
4840 SeUnregisterLogonSessionTerminatedRoutine (
4841 IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
4842 );
4843
4844 #if (VER_PRODUCTBUILD >= 2195)
4845
4846 NTSYSAPI
4847 NTSTATUS
4848 NTAPI
4849 ZwAdjustPrivilegesToken (
4850 IN HANDLE TokenHandle,
4851 IN BOOLEAN DisableAllPrivileges,
4852 IN PTOKEN_PRIVILEGES NewState,
4853 IN ULONG BufferLength,
4854 OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL,
4855 OUT PULONG ReturnLength
4856 );
4857
4858 #endif /* (VER_PRODUCTBUILD >= 2195) */
4859
4860 NTSYSAPI
4861 NTSTATUS
4862 NTAPI
4863 ZwAlertThread (
4864 IN HANDLE ThreadHandle
4865 );
4866
4867 NTSYSAPI
4868 NTSTATUS
4869 NTAPI
4870 ZwAllocateVirtualMemory (
4871 IN HANDLE ProcessHandle,
4872 IN OUT PVOID *BaseAddress,
4873 IN ULONG ZeroBits,
4874 IN OUT PSIZE_T RegionSize,
4875 IN ULONG AllocationType,
4876 IN ULONG Protect
4877 );
4878
4879 NTSTATUS
4880 NTAPI
4881 NtAccessCheckByTypeAndAuditAlarm(
4882 IN PUNICODE_STRING SubsystemName,
4883 IN HANDLE HandleId,
4884 IN PUNICODE_STRING ObjectTypeName,
4885 IN PUNICODE_STRING ObjectName,
4886 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
4887 IN PSID PrincipalSelfSid,
4888 IN ACCESS_MASK DesiredAccess,
4889 IN AUDIT_EVENT_TYPE AuditType,
4890 IN ULONG Flags,
4891 IN POBJECT_TYPE_LIST ObjectTypeList,
4892 IN ULONG ObjectTypeLength,
4893 IN PGENERIC_MAPPING GenericMapping,
4894 IN BOOLEAN ObjectCreation,
4895 OUT PACCESS_MASK GrantedAccess,
4896 OUT PNTSTATUS AccessStatus,
4897 OUT PBOOLEAN GenerateOnClose
4898 );
4899
4900 NTSTATUS
4901 NTAPI
4902 NtAccessCheckByTypeResultListAndAuditAlarm(
4903 IN PUNICODE_STRING SubsystemName,
4904 IN HANDLE HandleId,
4905 IN PUNICODE_STRING ObjectTypeName,
4906 IN PUNICODE_STRING ObjectName,
4907 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
4908 IN PSID PrincipalSelfSid,
4909 IN ACCESS_MASK DesiredAccess,
4910 IN AUDIT_EVENT_TYPE AuditType,
4911 IN ULONG Flags,
4912 IN POBJECT_TYPE_LIST ObjectTypeList,
4913 IN ULONG ObjectTypeLength,
4914 IN PGENERIC_MAPPING GenericMapping,
4915 IN BOOLEAN ObjectCreation,
4916 OUT PACCESS_MASK GrantedAccess,
4917 OUT PNTSTATUS AccessStatus,
4918 OUT PBOOLEAN GenerateOnClose
4919 );
4920
4921 NTSTATUS
4922 NTAPI
4923 NtAccessCheckByTypeResultListAndAuditAlarmByHandle(
4924 IN PUNICODE_STRING SubsystemName,
4925 IN HANDLE HandleId,
4926 IN HANDLE ClientToken,
4927 IN PUNICODE_STRING ObjectTypeName,
4928 IN PUNICODE_STRING ObjectName,
4929 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
4930 IN PSID PrincipalSelfSid,
4931 IN ACCESS_MASK DesiredAccess,
4932 IN AUDIT_EVENT_TYPE AuditType,
4933 IN ULONG Flags,
4934 IN POBJECT_TYPE_LIST ObjectTypeList,
4935 IN ULONG ObjectTypeLength,
4936 IN PGENERIC_MAPPING GenericMapping,
4937 IN BOOLEAN ObjectCreation,
4938 OUT PACCESS_MASK GrantedAccess,
4939 OUT PNTSTATUS AccessStatus,
4940 OUT PBOOLEAN GenerateOnClose
4941 );
4942
4943 NTSYSAPI
4944 NTSTATUS
4945 NTAPI
4946 ZwAccessCheckAndAuditAlarm (
4947 IN PUNICODE_STRING SubsystemName,
4948 IN PVOID HandleId,
4949 IN PUNICODE_STRING ObjectTypeName,
4950 IN PUNICODE_STRING ObjectName,
4951 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
4952 IN ACCESS_MASK DesiredAccess,
4953 IN PGENERIC_MAPPING GenericMapping,
4954 IN BOOLEAN ObjectCreation,
4955 OUT PACCESS_MASK GrantedAccess,
4956 OUT PBOOLEAN AccessStatus,
4957 OUT PBOOLEAN GenerateOnClose
4958 );
4959
4960 #if (VER_PRODUCTBUILD >= 2195)
4961
4962 NTSYSAPI
4963 NTSTATUS
4964 NTAPI
4965 ZwCancelIoFile (
4966 IN HANDLE FileHandle,
4967 OUT PIO_STATUS_BLOCK IoStatusBlock
4968 );
4969
4970 #endif /* (VER_PRODUCTBUILD >= 2195) */
4971
4972 NTSYSAPI
4973 NTSTATUS
4974 NTAPI
4975 ZwClearEvent (
4976 IN HANDLE EventHandle
4977 );
4978
4979 NTSYSAPI
4980 NTSTATUS
4981 NTAPI
4982 ZwCloseObjectAuditAlarm (
4983 IN PUNICODE_STRING SubsystemName,
4984 IN PVOID HandleId,
4985 IN BOOLEAN GenerateOnClose
4986 );
4987
4988 NTSYSAPI
4989 NTSTATUS
4990 NTAPI
4991 ZwCreateSection (
4992 OUT PHANDLE SectionHandle,
4993 IN ACCESS_MASK DesiredAccess,
4994 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
4995 IN PLARGE_INTEGER MaximumSize OPTIONAL,
4996 IN ULONG SectionPageProtection,
4997 IN ULONG AllocationAttributes,
4998 IN HANDLE FileHandle OPTIONAL
4999 );
5000
5001 NTSYSAPI
5002 NTSTATUS
5003 NTAPI
5004 ZwCreateSymbolicLinkObject (
5005 OUT PHANDLE SymbolicLinkHandle,
5006 IN ACCESS_MASK DesiredAccess,
5007 IN POBJECT_ATTRIBUTES ObjectAttributes,
5008 IN PUNICODE_STRING TargetName
5009 );
5010
5011 NTSYSAPI
5012 NTSTATUS
5013 NTAPI
5014 ZwDeleteFile (
5015 IN POBJECT_ATTRIBUTES ObjectAttributes
5016 );
5017
5018 NTSYSAPI
5019 NTSTATUS
5020 NTAPI
5021 ZwDeleteValueKey (
5022 IN HANDLE Handle,
5023 IN PUNICODE_STRING Name
5024 );
5025
5026 NTSYSAPI
5027 NTSTATUS
5028 NTAPI
5029 ZwDeviceIoControlFile (
5030 IN HANDLE FileHandle,
5031 IN HANDLE Event OPTIONAL,
5032 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
5033 IN PVOID ApcContext OPTIONAL,
5034 OUT PIO_STATUS_BLOCK IoStatusBlock,
5035 IN ULONG IoControlCode,
5036 IN PVOID InputBuffer OPTIONAL,
5037 IN ULONG InputBufferLength,
5038 OUT PVOID OutputBuffer OPTIONAL,
5039 IN ULONG OutputBufferLength
5040 );
5041
5042 NTSYSAPI
5043 NTSTATUS
5044 NTAPI
5045 ZwDisplayString (
5046 IN PUNICODE_STRING String
5047 );
5048
5049 NTSYSAPI
5050 NTSTATUS
5051 NTAPI
5052 ZwDuplicateObject (
5053 IN HANDLE SourceProcessHandle,
5054 IN HANDLE SourceHandle,
5055 IN HANDLE TargetProcessHandle OPTIONAL,
5056 OUT PHANDLE TargetHandle OPTIONAL,
5057 IN ACCESS_MASK DesiredAccess,
5058 IN ULONG HandleAttributes,
5059 IN ULONG Options
5060 );
5061
5062 NTSYSAPI
5063 NTSTATUS
5064 NTAPI
5065 ZwDuplicateToken (
5066 IN HANDLE ExistingTokenHandle,
5067 IN ACCESS_MASK DesiredAccess,
5068 IN POBJECT_ATTRIBUTES ObjectAttributes,
5069 IN BOOLEAN EffectiveOnly,
5070 IN TOKEN_TYPE TokenType,
5071 OUT PHANDLE NewTokenHandle
5072 );
5073
5074 NTSTATUS
5075 NTAPI
5076 NtFilterToken(
5077 IN HANDLE ExistingTokenHandle,
5078 IN ULONG Flags,
5079 IN PTOKEN_GROUPS SidsToDisable OPTIONAL,
5080 IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL,
5081 IN PTOKEN_GROUPS RestrictedSids OPTIONAL,
5082 OUT PHANDLE NewTokenHandle
5083 );
5084
5085 NTSYSAPI
5086 NTSTATUS
5087 NTAPI
5088 ZwFlushInstructionCache (
5089 IN HANDLE ProcessHandle,
5090 IN PVOID BaseAddress OPTIONAL,
5091 IN ULONG FlushSize
5092 );
5093
5094 NTSYSAPI
5095 NTSTATUS
5096 NTAPI
5097 ZwFlushBuffersFile(
5098 IN HANDLE FileHandle,
5099 OUT PIO_STATUS_BLOCK IoStatusBlock
5100 );
5101
5102 #if (VER_PRODUCTBUILD >= 2195)
5103
5104 NTSYSAPI
5105 NTSTATUS
5106 NTAPI
5107 ZwFlushVirtualMemory (
5108 IN HANDLE ProcessHandle,
5109 IN OUT PVOID *BaseAddress,
5110 IN OUT PULONG FlushSize,
5111 OUT PIO_STATUS_BLOCK IoStatusBlock
5112 );
5113
5114 #endif /* (VER_PRODUCTBUILD >= 2195) */
5115
5116 NTSYSAPI
5117 NTSTATUS
5118 NTAPI
5119 ZwFreeVirtualMemory (
5120 IN HANDLE ProcessHandle,
5121 IN OUT PVOID *BaseAddress,
5122 IN OUT PSIZE_T RegionSize,
5123 IN ULONG FreeType
5124 );
5125
5126 NTSYSAPI
5127 NTSTATUS
5128 NTAPI
5129 ZwFsControlFile (
5130 IN HANDLE FileHandle,
5131 IN HANDLE Event OPTIONAL,
5132 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
5133 IN PVOID ApcContext OPTIONAL,
5134 OUT PIO_STATUS_BLOCK IoStatusBlock,
5135 IN ULONG FsControlCode,
5136 IN PVOID InputBuffer OPTIONAL,
5137 IN ULONG InputBufferLength,
5138 OUT PVOID OutputBuffer OPTIONAL,
5139 IN ULONG OutputBufferLength
5140 );
5141
5142 #if (VER_PRODUCTBUILD >= 2195)
5143
5144 NTSYSAPI
5145 NTSTATUS
5146 NTAPI
5147 ZwInitiatePowerAction (
5148 IN POWER_ACTION SystemAction,
5149 IN SYSTEM_POWER_STATE MinSystemState,
5150 IN ULONG Flags,
5151 IN BOOLEAN Asynchronous
5152 );
5153
5154 #endif /* (VER_PRODUCTBUILD >= 2195) */
5155
5156 NTSYSAPI
5157 NTSTATUS
5158 NTAPI
5159 ZwLoadDriver (
5160 /* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" */
5161 IN PUNICODE_STRING RegistryPath
5162 );
5163
5164 NTSYSAPI
5165 NTSTATUS
5166 NTAPI
5167 ZwLoadKey (
5168 IN POBJECT_ATTRIBUTES KeyObjectAttributes,
5169 IN POBJECT_ATTRIBUTES FileObjectAttributes
5170 );
5171
5172 NTSYSAPI
5173 NTSTATUS
5174 NTAPI
5175 ZwNotifyChangeKey (
5176 IN HANDLE KeyHandle,
5177 IN HANDLE EventHandle OPTIONAL,
5178 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
5179 IN PVOID ApcContext OPTIONAL,
5180 OUT PIO_STATUS_BLOCK IoStatusBlock,
5181 IN ULONG NotifyFilter,
5182 IN BOOLEAN WatchSubtree,
5183 IN PVOID Buffer,
5184 IN ULONG BufferLength,
5185 IN BOOLEAN Asynchronous
5186 );
5187
5188 NTSYSAPI
5189 NTSTATUS
5190 NTAPI
5191 ZwOpenDirectoryObject (
5192 OUT PHANDLE DirectoryHandle,
5193 IN ACCESS_MASK DesiredAccess,
5194 IN POBJECT_ATTRIBUTES ObjectAttributes
5195 );
5196
5197 NTSYSAPI
5198 NTSTATUS
5199 NTAPI
5200 ZwOpenEvent (
5201 OUT PHANDLE EventHandle,
5202 IN ACCESS_MASK DesiredAccess,
5203 IN POBJECT_ATTRIBUTES ObjectAttributes
5204 );
5205
5206 NTSYSAPI
5207 NTSTATUS
5208 NTAPI
5209 ZwOpenProcess (
5210 OUT PHANDLE ProcessHandle,
5211 IN ACCESS_MASK DesiredAccess,
5212 IN POBJECT_ATTRIBUTES ObjectAttributes,
5213 IN PCLIENT_ID ClientId OPTIONAL
5214 );
5215
5216 NTSYSAPI
5217 NTSTATUS
5218 NTAPI
5219 ZwOpenProcessToken (
5220 IN HANDLE ProcessHandle,
5221 IN ACCESS_MASK DesiredAccess,
5222 OUT PHANDLE TokenHandle
5223 );
5224
5225 NTSYSAPI
5226 NTSTATUS
5227 NTAPI
5228 ZwOpenThread (
5229 OUT PHANDLE ThreadHandle,
5230 IN ACCESS_MASK DesiredAccess,
5231 IN POBJECT_ATTRIBUTES ObjectAttributes,
5232 IN PCLIENT_ID ClientId
5233 );
5234
5235 NTSYSAPI
5236 NTSTATUS
5237 NTAPI
5238 ZwOpenThreadToken (
5239 IN HANDLE ThreadHandle,
5240 IN ACCESS_MASK DesiredAccess,
5241 IN BOOLEAN OpenAsSelf,
5242 OUT PHANDLE TokenHandle
5243 );
5244
5245 #if (VER_PRODUCTBUILD >= 2195)
5246
5247 NTSYSAPI
5248 NTSTATUS
5249 NTAPI
5250 ZwPowerInformation (
5251 IN POWER_INFORMATION_LEVEL PowerInformationLevel,
5252 IN PVOID InputBuffer OPTIONAL,
5253 IN ULONG InputBufferLength,
5254 OUT PVOID OutputBuffer OPTIONAL,
5255 IN ULONG OutputBufferLength
5256 );
5257
5258 #endif /* (VER_PRODUCTBUILD >= 2195) */
5259
5260 NTSYSAPI
5261 NTSTATUS
5262 NTAPI
5263 ZwPulseEvent (
5264 IN HANDLE EventHandle,
5265 OUT PLONG PreviousState OPTIONAL
5266 );
5267
5268 NTSYSAPI
5269 NTSTATUS
5270 NTAPI
5271 ZwQueryDefaultLocale (
5272 IN BOOLEAN ThreadOrSystem,
5273 OUT PLCID Locale
5274 );
5275
5276 NTSYSAPI
5277 NTSTATUS
5278 NTAPI
5279 ZwQueryDirectoryFile (
5280 IN HANDLE FileHandle,
5281 IN HANDLE Event OPTIONAL,
5282 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
5283 IN PVOID ApcContext OPTIONAL,
5284 OUT PIO_STATUS_BLOCK IoStatusBlock,
5285 OUT PVOID FileInformation,
5286 IN ULONG Length,
5287 IN FILE_INFORMATION_CLASS FileInformationClass,
5288 IN BOOLEAN ReturnSingleEntry,
5289 IN PUNICODE_STRING FileName OPTIONAL,
5290 IN BOOLEAN RestartScan
5291 );
5292
5293 #if (VER_PRODUCTBUILD >= 2195)
5294
5295 NTSYSAPI
5296 NTSTATUS
5297 NTAPI
5298 ZwQueryDirectoryObject (
5299 IN HANDLE DirectoryHandle,
5300 OUT PVOID Buffer,
5301 IN ULONG Length,
5302 IN BOOLEAN ReturnSingleEntry,
5303 IN BOOLEAN RestartScan,
5304 IN OUT PULONG Context,
5305 OUT PULONG ReturnLength OPTIONAL
5306 );
5307
5308 NTSYSAPI
5309 NTSTATUS
5310 NTAPI
5311 ZwQueryEaFile (
5312 IN HANDLE FileHandle,
5313 OUT PIO_STATUS_BLOCK IoStatusBlock,
5314 OUT PVOID Buffer,
5315 IN ULONG Length,
5316 IN BOOLEAN ReturnSingleEntry,
5317 IN PVOID EaList OPTIONAL,
5318 IN ULONG EaListLength,
5319 IN PULONG EaIndex OPTIONAL,
5320 IN BOOLEAN RestartScan
5321 );
5322
5323 #endif /* (VER_PRODUCTBUILD >= 2195) */
5324
5325 NTSYSAPI
5326 NTSTATUS
5327 NTAPI
5328 ZwQueryInformationProcess (
5329 IN HANDLE ProcessHandle,
5330 IN PROCESSINFOCLASS ProcessInformationClass,
5331 OUT PVOID ProcessInformation,
5332 IN ULONG ProcessInformationLength,
5333 OUT PULONG ReturnLength OPTIONAL
5334 );
5335
5336 NTSYSAPI
5337 NTSTATUS
5338 NTAPI
5339 ZwQueryInformationToken (
5340 IN HANDLE TokenHandle,
5341 IN TOKEN_INFORMATION_CLASS TokenInformationClass,
5342 OUT PVOID TokenInformation,
5343 IN ULONG Length,
5344 OUT PULONG ResultLength
5345 );
5346
5347 NTSYSAPI
5348 NTSTATUS
5349 NTAPI
5350 ZwQuerySecurityObject (
5351 IN HANDLE FileHandle,
5352 IN SECURITY_INFORMATION SecurityInformation,
5353 OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
5354 IN ULONG Length,
5355 OUT PULONG ResultLength
5356 );
5357
5358 NTSYSAPI
5359 NTSTATUS
5360 NTAPI
5361 ZwQueryVolumeInformationFile (
5362 IN HANDLE FileHandle,
5363 OUT PIO_STATUS_BLOCK IoStatusBlock,
5364 OUT PVOID FsInformation,
5365 IN ULONG Length,
5366 IN FS_INFORMATION_CLASS FsInformationClass
5367 );
5368
5369 NTSYSAPI
5370 NTSTATUS
5371 NTAPI
5372 ZwReplaceKey (
5373 IN POBJECT_ATTRIBUTES NewFileObjectAttributes,
5374 IN HANDLE KeyHandle,
5375 IN POBJECT_ATTRIBUTES OldFileObjectAttributes
5376 );
5377
5378 NTSYSAPI
5379 NTSTATUS
5380 NTAPI
5381 ZwResetEvent (
5382 IN HANDLE EventHandle,
5383 OUT PLONG PreviousState OPTIONAL
5384 );
5385
5386 #if (VER_PRODUCTBUILD >= 2195)
5387
5388 NTSYSAPI
5389 NTSTATUS
5390 NTAPI
5391 ZwRestoreKey (
5392 IN HANDLE KeyHandle,
5393 IN HANDLE FileHandle,
5394 IN ULONG Flags
5395 );
5396
5397 #endif /* (VER_PRODUCTBUILD >= 2195) */
5398
5399 NTSYSAPI
5400 NTSTATUS
5401 NTAPI
5402 ZwSaveKey (
5403 IN HANDLE KeyHandle,
5404 IN HANDLE FileHandle
5405 );
5406
5407 NTSYSAPI
5408 NTSTATUS
5409 NTAPI
5410 ZwSetDefaultLocale (
5411 IN BOOLEAN ThreadOrSystem,
5412 IN LCID Locale
5413 );
5414
5415 #if (VER_PRODUCTBUILD >= 2195)
5416
5417 NTSYSAPI
5418 NTSTATUS
5419 NTAPI
5420 ZwSetDefaultUILanguage (
5421 IN LANGID LanguageId
5422 );
5423
5424 NTSYSAPI
5425 NTSTATUS
5426 NTAPI
5427 ZwSetEaFile (
5428 IN HANDLE FileHandle,
5429 OUT PIO_STATUS_BLOCK IoStatusBlock,
5430 OUT PVOID Buffer,
5431 IN ULONG Length
5432 );
5433
5434 #endif /* (VER_PRODUCTBUILD >= 2195) */
5435
5436 NTSYSAPI
5437 NTSTATUS
5438 NTAPI
5439 ZwSetEvent (
5440 IN HANDLE EventHandle,
5441 OUT PLONG PreviousState OPTIONAL
5442 );
5443
5444 NTSYSAPI
5445 NTSTATUS
5446 NTAPI
5447 ZwSetInformationProcess (
5448 IN HANDLE ProcessHandle,
5449 IN PROCESSINFOCLASS ProcessInformationClass,
5450 IN PVOID ProcessInformation,
5451 IN ULONG ProcessInformationLength
5452 );
5453
5454 #if (VER_PRODUCTBUILD >= 2195)
5455
5456 NTSYSAPI
5457 NTSTATUS
5458 NTAPI
5459 ZwSetSecurityObject (
5460 IN HANDLE Handle,
5461 IN SECURITY_INFORMATION SecurityInformation,
5462 IN PSECURITY_DESCRIPTOR SecurityDescriptor
5463 );
5464
5465 #endif /* (VER_PRODUCTBUILD >= 2195) */
5466
5467 NTSYSAPI
5468 NTSTATUS
5469 NTAPI
5470 ZwSetSystemTime (
5471 IN PLARGE_INTEGER NewTime,
5472 OUT PLARGE_INTEGER OldTime OPTIONAL
5473 );
5474
5475 #if (VER_PRODUCTBUILD >= 2195)
5476
5477 NTSYSAPI
5478 NTSTATUS
5479 NTAPI
5480 ZwSetVolumeInformationFile (
5481 IN HANDLE FileHandle,
5482 OUT PIO_STATUS_BLOCK IoStatusBlock,
5483 IN PVOID FsInformation,
5484 IN ULONG Length,
5485 IN FS_INFORMATION_CLASS FsInformationClass
5486 );
5487
5488 #endif /* (VER_PRODUCTBUILD >= 2195) */
5489
5490 NTSYSAPI
5491 NTSTATUS
5492 NTAPI
5493 ZwTerminateProcess (
5494 IN HANDLE ProcessHandle OPTIONAL,
5495 IN NTSTATUS ExitStatus
5496 );
5497
5498 NTSYSAPI
5499 NTSTATUS
5500 NTAPI
5501 ZwUnloadDriver (
5502 /* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" */
5503 IN PUNICODE_STRING RegistryPath
5504 );
5505
5506 NTSYSAPI
5507 NTSTATUS
5508 NTAPI
5509 ZwUnloadKey (
5510 IN POBJECT_ATTRIBUTES KeyObjectAttributes
5511 );
5512
5513 NTSYSAPI
5514 NTSTATUS
5515 NTAPI
5516 ZwWaitForSingleObject (
5517 IN HANDLE Handle,
5518 IN BOOLEAN Alertable,
5519 IN PLARGE_INTEGER Timeout OPTIONAL
5520 );
5521
5522 NTSYSAPI
5523 NTSTATUS
5524 NTAPI
5525 ZwWaitForMultipleObjects (
5526 IN ULONG HandleCount,
5527 IN PHANDLE Handles,
5528 IN WAIT_TYPE WaitType,
5529 IN BOOLEAN Alertable,
5530 IN PLARGE_INTEGER Timeout OPTIONAL
5531 );
5532
5533 NTSYSAPI
5534 NTSTATUS
5535 NTAPI
5536 ZwYieldExecution (
5537 VOID
5538 );
5539
5540 #pragma pack(pop)
5541
5542 #ifdef __cplusplus
5543 }
5544 #endif
5545
5546 #endif /* _NTIFS_ */
A free Windows-compatible Operating System