4 * Windows NT Filesystem Driver Developer Kit
6 * This file is part of the w32api package.
9 * Created by Bo Brantén <bosse@acc.umu.se>
11 * THIS SOFTWARE IS NOT COPYRIGHTED
13 * This source code is offered for use in the public domain. You may
14 * use, modify or distribute it freely.
16 * This code is distributed in the hope that it will be useful but
17 * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
18 * DISCLAIMED. This includes but is not limited to warranties of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
28 #pragma GCC system_header
39 #define VER_PRODUCTBUILD 10000
46 #if defined(_NTDRIVER_) || defined(_NTDDK_) || defined (_NTIFS_) || defined(_NTHAL_)
47 #define NTKERNELAPI DECLSPEC_IMPORT
55 typedef struct _SE_EXPORTS
*PSE_EXPORTS
;
58 extern PUCHAR FsRtlLegalAnsiCharacterArray
;
60 extern DECLSPEC_IMPORT PUCHAR FsRtlLegalAnsiCharacterArray
;
62 extern PSE_EXPORTS SeExports
;
63 extern PACL SePublicDefaultDacl
;
64 extern PACL SeSystemDefaultDacl
;
66 extern KSPIN_LOCK IoStatisticsLock
;
67 extern ULONG IoReadOperationCount
;
68 extern ULONG IoWriteOperationCount
;
69 extern ULONG IoOtherOperationCount
;
70 extern LARGE_INTEGER IoReadTransferCount
;
71 extern LARGE_INTEGER IoWriteTransferCount
;
72 extern LARGE_INTEGER IoOtherTransferCount
;
74 #define ANSI_DOS_STAR ('<')
75 #define ANSI_DOS_QM ('>')
76 #define ANSI_DOS_DOT ('"')
78 #define DOS_STAR (L'<')
80 #define DOS_DOT (L'"')
83 #define ACCESS_MIN_MS_ACE_TYPE (0x0)
84 #define ACCESS_ALLOWED_ACE_TYPE (0x0)
85 #define ACCESS_DENIED_ACE_TYPE (0x1)
86 #define SYSTEM_AUDIT_ACE_TYPE (0x2)
87 #define SYSTEM_ALARM_ACE_TYPE (0x3)
88 #define ACCESS_MAX_MS_V2_ACE_TYPE (0x3)
89 #define ACCESS_ALLOWED_COMPOUND_ACE_TYPE (0x4)
90 #define ACCESS_MAX_MS_V3_ACE_TYPE (0x4)
91 #define ACCESS_MIN_MS_OBJECT_ACE_TYPE (0x5)
92 #define ACCESS_ALLOWED_OBJECT_ACE_TYPE (0x5)
93 #define ACCESS_DENIED_OBJECT_ACE_TYPE (0x6)
94 #define SYSTEM_AUDIT_OBJECT_ACE_TYPE (0x7)
95 #define SYSTEM_ALARM_OBJECT_ACE_TYPE (0x8)
96 #define ACCESS_MAX_MS_OBJECT_ACE_TYPE (0x8)
97 #define ACCESS_MAX_MS_V4_ACE_TYPE (0x8)
98 #define ACCESS_MAX_MS_ACE_TYPE (0x8)
99 #define ACCESS_ALLOWED_CALLBACK_ACE_TYPE (0x9)
100 #define ACCESS_DENIED_CALLBACK_ACE_TYPE (0xA)
101 #define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE (0xB)
102 #define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE (0xC)
103 #define SYSTEM_AUDIT_CALLBACK_ACE_TYPE (0xD)
104 #define SYSTEM_ALARM_CALLBACK_ACE_TYPE (0xE)
105 #define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE (0xF)
106 #define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE (0x10)
107 #define ACCESS_MAX_MS_V5_ACE_TYPE (0x10)
109 #define COMPRESSION_FORMAT_NONE (0x0000)
110 #define COMPRESSION_FORMAT_DEFAULT (0x0001)
111 #define COMPRESSION_FORMAT_LZNT1 (0x0002)
112 #define COMPRESSION_ENGINE_STANDARD (0x0000)
113 #define COMPRESSION_ENGINE_MAXIMUM (0x0100)
114 #define COMPRESSION_ENGINE_HIBER (0x0200)
116 #define FILE_ACTION_ADDED 0x00000001
117 #define FILE_ACTION_REMOVED 0x00000002
118 #define FILE_ACTION_MODIFIED 0x00000003
119 #define FILE_ACTION_RENAMED_OLD_NAME 0x00000004
120 #define FILE_ACTION_RENAMED_NEW_NAME 0x00000005
121 #define FILE_ACTION_ADDED_STREAM 0x00000006
122 #define FILE_ACTION_REMOVED_STREAM 0x00000007
123 #define FILE_ACTION_MODIFIED_STREAM 0x00000008
124 #define FILE_ACTION_REMOVED_BY_DELETE 0x00000009
125 #define FILE_ACTION_ID_NOT_TUNNELLED 0x0000000A
126 #define FILE_ACTION_TUNNELLED_ID_COLLISION 0x0000000B
129 #define FILE_EA_TYPE_BINARY 0xfffe
130 #define FILE_EA_TYPE_ASCII 0xfffd
131 #define FILE_EA_TYPE_BITMAP 0xfffb
132 #define FILE_EA_TYPE_METAFILE 0xfffa
133 #define FILE_EA_TYPE_ICON 0xfff9
134 #define FILE_EA_TYPE_EA 0xffee
135 #define FILE_EA_TYPE_MVMT 0xffdf
136 #define FILE_EA_TYPE_MVST 0xffde
137 #define FILE_EA_TYPE_ASN1 0xffdd
138 #define FILE_EA_TYPE_FAMILY_IDS 0xff01
140 #define FILE_NEED_EA 0x00000080
142 /* also in winnt.h */
143 #define FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001
144 #define FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002
145 #define FILE_NOTIFY_CHANGE_NAME 0x00000003
146 #define FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004
147 #define FILE_NOTIFY_CHANGE_SIZE 0x00000008
148 #define FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010
149 #define FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020
150 #define FILE_NOTIFY_CHANGE_CREATION 0x00000040
151 #define FILE_NOTIFY_CHANGE_EA 0x00000080
152 #define FILE_NOTIFY_CHANGE_SECURITY 0x00000100
153 #define FILE_NOTIFY_CHANGE_STREAM_NAME 0x00000200
154 #define FILE_NOTIFY_CHANGE_STREAM_SIZE 0x00000400
155 #define FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800
156 #define FILE_NOTIFY_VALID_MASK 0x00000fff
159 #define FILE_OPLOCK_BROKEN_TO_LEVEL_2 0x00000007
160 #define FILE_OPLOCK_BROKEN_TO_NONE 0x00000008
162 #define FILE_OPBATCH_BREAK_UNDERWAY 0x00000009
164 #define FILE_CASE_SENSITIVE_SEARCH 0x00000001
165 #define FILE_CASE_PRESERVED_NAMES 0x00000002
166 #define FILE_UNICODE_ON_DISK 0x00000004
167 #define FILE_PERSISTENT_ACLS 0x00000008
168 #define FILE_FILE_COMPRESSION 0x00000010
169 #define FILE_VOLUME_QUOTAS 0x00000020
170 #define FILE_SUPPORTS_SPARSE_FILES 0x00000040
171 #define FILE_SUPPORTS_REPARSE_POINTS 0x00000080
172 #define FILE_SUPPORTS_REMOTE_STORAGE 0x00000100
173 #define FS_LFN_APIS 0x00004000
174 #define FILE_VOLUME_IS_COMPRESSED 0x00008000
175 #define FILE_SUPPORTS_OBJECT_IDS 0x00010000
176 #define FILE_SUPPORTS_ENCRYPTION 0x00020000
177 #define FILE_NAMED_STREAMS 0x00040000
179 #define FILE_PIPE_BYTE_STREAM_TYPE 0x00000000
180 #define FILE_PIPE_MESSAGE_TYPE 0x00000001
182 #define FILE_PIPE_BYTE_STREAM_MODE 0x00000000
183 #define FILE_PIPE_MESSAGE_MODE 0x00000001
185 #define FILE_PIPE_QUEUE_OPERATION 0x00000000
186 #define FILE_PIPE_COMPLETE_OPERATION 0x00000001
188 #define FILE_PIPE_INBOUND 0x00000000
189 #define FILE_PIPE_OUTBOUND 0x00000001
190 #define FILE_PIPE_FULL_DUPLEX 0x00000002
192 #define FILE_PIPE_DISCONNECTED_STATE 0x00000001
193 #define FILE_PIPE_LISTENING_STATE 0x00000002
194 #define FILE_PIPE_CONNECTED_STATE 0x00000003
195 #define FILE_PIPE_CLOSING_STATE 0x00000004
197 #define FILE_PIPE_CLIENT_END 0x00000000
198 #define FILE_PIPE_SERVER_END 0x00000001
200 #define FILE_PIPE_READ_DATA 0x00000000
201 #define FILE_PIPE_WRITE_SPACE 0x00000001
203 #define FILE_STORAGE_TYPE_SPECIFIED 0x00000041 /* FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE */
204 #define FILE_STORAGE_TYPE_DEFAULT (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT)
205 #define FILE_STORAGE_TYPE_DIRECTORY (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT)
206 #define FILE_STORAGE_TYPE_FILE (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT)
207 #define FILE_STORAGE_TYPE_DOCFILE (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT)
208 #define FILE_STORAGE_TYPE_JUNCTION_POINT (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT)
209 #define FILE_STORAGE_TYPE_CATALOG (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT)
210 #define FILE_STORAGE_TYPE_STRUCTURED_STORAGE (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT)
211 #define FILE_STORAGE_TYPE_EMBEDDING (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT)
212 #define FILE_STORAGE_TYPE_STREAM (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT)
213 #define FILE_MINIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_DEFAULT
214 #define FILE_MAXIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_STREAM
215 #define FILE_STORAGE_TYPE_MASK 0x000f0000
216 #define FILE_STORAGE_TYPE_SHIFT 16
218 #define FILE_VC_QUOTA_NONE 0x00000000
219 #define FILE_VC_QUOTA_TRACK 0x00000001
220 #define FILE_VC_QUOTA_ENFORCE 0x00000002
221 #define FILE_VC_QUOTA_MASK 0x00000003
223 #define FILE_VC_QUOTAS_LOG_VIOLATIONS 0x00000004
224 #define FILE_VC_CONTENT_INDEX_DISABLED 0x00000008
226 #define FILE_VC_LOG_QUOTA_THRESHOLD 0x00000010
227 #define FILE_VC_LOG_QUOTA_LIMIT 0x00000020
228 #define FILE_VC_LOG_VOLUME_THRESHOLD 0x00000040
229 #define FILE_VC_LOG_VOLUME_LIMIT 0x00000080
231 #define FILE_VC_QUOTAS_INCOMPLETE 0x00000100
232 #define FILE_VC_QUOTAS_REBUILDING 0x00000200
234 #define FILE_VC_VALID_MASK 0x000003ff
236 #define FSRTL_FLAG_FILE_MODIFIED (0x01)
237 #define FSRTL_FLAG_FILE_LENGTH_CHANGED (0x02)
238 #define FSRTL_FLAG_LIMIT_MODIFIED_PAGES (0x04)
239 #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_EX (0x08)
240 #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_SH (0x10)
241 #define FSRTL_FLAG_USER_MAPPED_FILE (0x20)
242 #define FSRTL_FLAG_EOF_ADVANCE_ACTIVE (0x80)
244 #define FSRTL_FLAG2_DO_MODIFIED_WRITE (0x01)
246 #define FSRTL_FSP_TOP_LEVEL_IRP (0x01)
247 #define FSRTL_CACHE_TOP_LEVEL_IRP (0x02)
248 #define FSRTL_MOD_WRITE_TOP_LEVEL_IRP (0x03)
249 #define FSRTL_FAST_IO_TOP_LEVEL_IRP (0x04)
250 #define FSRTL_MAX_TOP_LEVEL_IRP_FLAG (0x04)
252 #define FSRTL_VOLUME_DISMOUNT 1
253 #define FSRTL_VOLUME_DISMOUNT_FAILED 2
254 #define FSRTL_VOLUME_LOCK 3
255 #define FSRTL_VOLUME_LOCK_FAILED 4
256 #define FSRTL_VOLUME_UNLOCK 5
257 #define FSRTL_VOLUME_MOUNT 6
259 #define FSRTL_WILD_CHARACTER 0x08
261 #define FSRTL_FAT_LEGAL 0x01
262 #define FSRTL_HPFS_LEGAL 0x02
263 #define FSRTL_NTFS_LEGAL 0x04
264 #define FSRTL_WILD_CHARACTER 0x08
265 #define FSRTL_OLE_LEGAL 0x10
266 #define FSRTL_NTFS_STREAM_LEGAL 0x14
269 #define HARDWARE_PTE HARDWARE_PTE_X86
270 #define PHARDWARE_PTE PHARDWARE_PTE_X86
272 #define HARDWARE_PTE ULONG
273 #define PHARDWARE_PTE PULONG
276 #define IO_CHECK_CREATE_PARAMETERS 0x0200
277 #define IO_ATTACH_DEVICE 0x0400
279 #define IO_ATTACH_DEVICE_API 0x80000000
280 /* also in winnt.h */
281 #define IO_COMPLETION_QUERY_STATE 0x0001
282 #define IO_COMPLETION_MODIFY_STATE 0x0002
283 #define IO_COMPLETION_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|0x3)
285 #define IO_FILE_OBJECT_NON_PAGED_POOL_CHARGE 64
286 #define IO_FILE_OBJECT_PAGED_POOL_CHARGE 1024
288 #define IO_TYPE_APC 18
289 #define IO_TYPE_DPC 19
290 #define IO_TYPE_DEVICE_QUEUE 20
291 #define IO_TYPE_EVENT_PAIR 21
292 #define IO_TYPE_INTERRUPT 22
293 #define IO_TYPE_PROFILE 23
295 #define IRP_BEING_VERIFIED 0x10
297 #define MAILSLOT_CLASS_FIRSTCLASS 1
298 #define MAILSLOT_CLASS_SECONDCLASS 2
300 #define MAILSLOT_SIZE_AUTO 0
302 #define MAP_PROCESS 1L
303 #define MAP_SYSTEM 2L
304 #define MEM_DOS_LIM 0x40000000
305 /* also in winnt.h */
306 #define MEM_IMAGE SEC_IMAGE
308 #define OB_TYPE_TYPE 1
309 #define OB_TYPE_DIRECTORY 2
310 #define OB_TYPE_SYMBOLIC_LINK 3
311 #define OB_TYPE_TOKEN 4
312 #define OB_TYPE_PROCESS 5
313 #define OB_TYPE_THREAD 6
314 #define OB_TYPE_EVENT 7
315 #define OB_TYPE_EVENT_PAIR 8
316 #define OB_TYPE_MUTANT 9
317 #define OB_TYPE_SEMAPHORE 10
318 #define OB_TYPE_TIMER 11
319 #define OB_TYPE_PROFILE 12
320 #define OB_TYPE_WINDOW_STATION 13
321 #define OB_TYPE_DESKTOP 14
322 #define OB_TYPE_SECTION 15
323 #define OB_TYPE_KEY 16
324 #define OB_TYPE_PORT 17
325 #define OB_TYPE_ADAPTER 18
326 #define OB_TYPE_CONTROLLER 19
327 #define OB_TYPE_DEVICE 20
328 #define OB_TYPE_DRIVER 21
329 #define OB_TYPE_IO_COMPLETION 22
330 #define OB_TYPE_FILE 23
333 #define PIN_EXCLUSIVE (2)
334 #define PIN_NO_READ (4)
335 #define PIN_IF_BCB (8)
337 #define RTL_DUPLICATE_UNICODE_STRING_NULL_TERMINATE 1
338 #define RTL_DUPLICATE_UNICODE_STRING_ALLOCATE_NULL_STRING 2
340 /* also in winnt.h */
341 #define SEC_BASED 0x00200000
342 #define SEC_NO_CHANGE 0x00400000
343 #define SEC_FILE 0x00800000
344 #define SEC_IMAGE 0x01000000
345 #define SEC_VLM 0x02000000
346 #define SEC_RESERVE 0x04000000
347 #define SEC_COMMIT 0x08000000
348 #define SEC_NOCACHE 0x10000000
350 #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
351 #define SECURITY_WORLD_RID (0x00000000L)
353 #define SID_REVISION 1
354 #define SID_MAX_SUB_AUTHORITIES 15
355 #define SID_RECOMMENDED_SUB_AUTHORITIES 1
357 #define TOKEN_ASSIGN_PRIMARY (0x0001)
358 #define TOKEN_DUPLICATE (0x0002)
359 #define TOKEN_IMPERSONATE (0x0004)
360 #define TOKEN_QUERY (0x0008)
361 #define TOKEN_QUERY_SOURCE (0x0010)
362 #define TOKEN_ADJUST_PRIVILEGES (0x0020)
363 #define TOKEN_ADJUST_GROUPS (0x0040)
364 #define TOKEN_ADJUST_DEFAULT (0x0080)
365 #define TOKEN_ADJUST_SESSIONID (0x0100)
367 #define TOKEN_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED |\
368 TOKEN_ASSIGN_PRIMARY |\
372 TOKEN_QUERY_SOURCE |\
373 TOKEN_ADJUST_PRIVILEGES |\
374 TOKEN_ADJUST_GROUPS |\
375 TOKEN_ADJUST_DEFAULT |\
376 TOKEN_ADJUST_SESSIONID)
378 #define TOKEN_READ (STANDARD_RIGHTS_READ |\
381 #define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\
382 TOKEN_ADJUST_PRIVILEGES |\
383 TOKEN_ADJUST_GROUPS |\
384 TOKEN_ADJUST_DEFAULT)
386 #define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE)
388 #define TOKEN_SOURCE_LENGTH 8
391 #define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x01
392 #define TOKEN_HAS_BACKUP_PRIVILEGE 0x02
393 #define TOKEN_HAS_RESTORE_PRIVILEGE 0x04
394 #define TOKEN_HAS_ADMIN_GROUP 0x08
395 #define TOKEN_IS_RESTRICTED 0x10
397 #define VACB_MAPPING_GRANULARITY (0x40000)
398 #define VACB_OFFSET_SHIFT (18)
400 #define SE_OWNER_DEFAULTED 0x0001
401 #define SE_GROUP_DEFAULTED 0x0002
402 #define SE_DACL_PRESENT 0x0004
403 #define SE_DACL_DEFAULTED 0x0008
404 #define SE_SACL_PRESENT 0x0010
405 #define SE_SACL_DEFAULTED 0x0020
406 #define SE_DACL_UNTRUSTED 0x0040
407 #define SE_SERVER_SECURITY 0x0080
408 #define SE_DACL_AUTO_INHERIT_REQ 0x0100
409 #define SE_SACL_AUTO_INHERIT_REQ 0x0200
410 #define SE_DACL_AUTO_INHERITED 0x0400
411 #define SE_SACL_AUTO_INHERITED 0x0800
412 #define SE_DACL_PROTECTED 0x1000
413 #define SE_SACL_PROTECTED 0x2000
414 #define SE_RM_CONTROL_VALID 0x4000
415 #define SE_SELF_RELATIVE 0x8000
417 #define FSCTL_REQUEST_OPLOCK_LEVEL_1 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
418 #define FSCTL_REQUEST_OPLOCK_LEVEL_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
419 #define FSCTL_REQUEST_BATCH_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
420 #define FSCTL_OPLOCK_BREAK_ACKNOWLEDGE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 3, METHOD_BUFFERED, FILE_ANY_ACCESS)
421 #define FSCTL_OPBATCH_ACK_CLOSE_PENDING CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
422 #define FSCTL_OPLOCK_BREAK_NOTIFY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 5, METHOD_BUFFERED, FILE_ANY_ACCESS)
423 #define FSCTL_LOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
424 #define FSCTL_UNLOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
425 #define FSCTL_DISMOUNT_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
427 #define FSCTL_IS_VOLUME_MOUNTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 10, METHOD_BUFFERED, FILE_ANY_ACCESS)
428 #define FSCTL_IS_PATHNAME_VALID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 11, METHOD_BUFFERED, FILE_ANY_ACCESS)
429 #define FSCTL_MARK_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 12, METHOD_BUFFERED, FILE_ANY_ACCESS)
431 #define FSCTL_QUERY_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 14, METHOD_NEITHER, FILE_ANY_ACCESS)
432 #define FSCTL_GET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 15, METHOD_BUFFERED, FILE_ANY_ACCESS)
433 #define FSCTL_SET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 16, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
436 #define FSCTL_MARK_AS_SYSTEM_HIVE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 19, METHOD_NEITHER, FILE_ANY_ACCESS)
437 #define FSCTL_OPLOCK_BREAK_ACK_NO_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 20, METHOD_BUFFERED, FILE_ANY_ACCESS)
438 #define FSCTL_INVALIDATE_VOLUMES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 21, METHOD_BUFFERED, FILE_ANY_ACCESS)
439 #define FSCTL_QUERY_FAT_BPB CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 22, METHOD_BUFFERED, FILE_ANY_ACCESS)
440 #define FSCTL_REQUEST_FILTER_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 23, METHOD_BUFFERED, FILE_ANY_ACCESS)
441 #define FSCTL_FILESYSTEM_GET_STATISTICS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 24, METHOD_BUFFERED, FILE_ANY_ACCESS)
443 #if (VER_PRODUCTBUILD >= 1381)
445 #define FSCTL_GET_NTFS_VOLUME_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 25, METHOD_BUFFERED, FILE_ANY_ACCESS)
446 #define FSCTL_GET_NTFS_FILE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 26, METHOD_BUFFERED, FILE_ANY_ACCESS)
447 #define FSCTL_GET_VOLUME_BITMAP CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 27, METHOD_NEITHER, FILE_ANY_ACCESS)
448 #define FSCTL_GET_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 28, METHOD_NEITHER, FILE_ANY_ACCESS)
449 #define FSCTL_MOVE_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 29, METHOD_BUFFERED, FILE_ANY_ACCESS)
450 #define FSCTL_IS_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 30, METHOD_BUFFERED, FILE_ANY_ACCESS)
451 #define FSCTL_GET_HFS_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS)
452 #define FSCTL_ALLOW_EXTENDED_DASD_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 32, METHOD_NEITHER, FILE_ANY_ACCESS)
454 #endif /* (VER_PRODUCTBUILD >= 1381) */
456 #if (VER_PRODUCTBUILD >= 2195)
458 #define FSCTL_READ_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS)
459 #define FSCTL_WRITE_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS)
460 #define FSCTL_FIND_FILES_BY_SID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 35, METHOD_NEITHER, FILE_ANY_ACCESS)
462 #define FSCTL_DUMP_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS)
463 #define FSCTL_SET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 38, METHOD_BUFFERED, FILE_WRITE_DATA)
464 #define FSCTL_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 39, METHOD_BUFFERED, FILE_ANY_ACCESS)
465 #define FSCTL_DELETE_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 40, METHOD_BUFFERED, FILE_WRITE_DATA)
466 #define FSCTL_SET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 41, METHOD_BUFFERED, FILE_WRITE_DATA)
467 #define FSCTL_GET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 42, METHOD_BUFFERED, FILE_ANY_ACCESS)
468 #define FSCTL_DELETE_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 43, METHOD_BUFFERED, FILE_WRITE_DATA)
469 #define FSCTL_ENUM_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 44, METHOD_NEITHER, FILE_READ_DATA)
470 #define FSCTL_SECURITY_ID_CHECK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 45, METHOD_NEITHER, FILE_READ_DATA)
471 #define FSCTL_READ_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 46, METHOD_NEITHER, FILE_READ_DATA)
472 #define FSCTL_SET_OBJECT_ID_EXTENDED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 47, METHOD_BUFFERED, FILE_WRITE_DATA)
473 #define FSCTL_CREATE_OR_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 48, METHOD_BUFFERED, FILE_ANY_ACCESS)
474 #define FSCTL_SET_SPARSE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 49, METHOD_BUFFERED, FILE_WRITE_DATA)
475 #define FSCTL_SET_ZERO_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 50, METHOD_BUFFERED, FILE_WRITE_DATA)
476 #define FSCTL_QUERY_ALLOCATED_RANGES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 51, METHOD_NEITHER, FILE_READ_DATA)
477 #define FSCTL_ENABLE_UPGRADE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 52, METHOD_BUFFERED, FILE_WRITE_DATA)
478 #define FSCTL_SET_ENCRYPTION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 53, METHOD_BUFFERED, FILE_ANY_ACCESS)
479 #define FSCTL_ENCRYPTION_FSCTL_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 54, METHOD_NEITHER, FILE_ANY_ACCESS)
480 #define FSCTL_WRITE_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 55, METHOD_NEITHER, FILE_ANY_ACCESS)
481 #define FSCTL_READ_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 56, METHOD_NEITHER, FILE_ANY_ACCESS)
482 #define FSCTL_CREATE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 57, METHOD_NEITHER, FILE_READ_DATA)
483 #define FSCTL_READ_FILE_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 58, METHOD_NEITHER, FILE_READ_DATA)
484 #define FSCTL_WRITE_USN_CLOSE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 59, METHOD_NEITHER, FILE_READ_DATA)
485 #define FSCTL_EXTEND_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 60, METHOD_BUFFERED, FILE_ANY_ACCESS)
486 #define FSCTL_QUERY_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 61, METHOD_BUFFERED, FILE_ANY_ACCESS)
487 #define FSCTL_DELETE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 62, METHOD_BUFFERED, FILE_ANY_ACCESS)
488 #define FSCTL_MARK_HANDLE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 63, METHOD_BUFFERED, FILE_ANY_ACCESS)
489 #define FSCTL_SIS_COPYFILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 64, METHOD_BUFFERED, FILE_ANY_ACCESS)
490 #define FSCTL_SIS_LINK_FILES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 65, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
491 #define FSCTL_HSM_MSG CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
492 #define FSCTL_NSS_CONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 67, METHOD_BUFFERED, FILE_WRITE_DATA)
493 #define FSCTL_HSM_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
494 #define FSCTL_RECALL_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 69, METHOD_NEITHER, FILE_ANY_ACCESS)
495 #define FSCTL_NSS_RCONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 70, METHOD_BUFFERED, FILE_READ_DATA)
496 #define FSCTL_READ_FROM_PLEX CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 71, METHOD_OUT_DIRECT, FILE_READ_DATA)
497 #define FSCTL_FILE_PREFETCH CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 72, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
499 #endif /* (VER_PRODUCTBUILD >= 2195) */
501 #define FSCTL_MAILSLOT_PEEK CTL_CODE(FILE_DEVICE_MAILSLOT, 0, METHOD_NEITHER, FILE_READ_DATA)
503 #define FSCTL_NETWORK_SET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
504 #define FSCTL_NETWORK_GET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
505 #define FSCTL_NETWORK_GET_CONNECTION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS)
506 #define FSCTL_NETWORK_ENUMERATE_CONNECTIONS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS)
507 #define FSCTL_NETWORK_DELETE_CONNECTION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS)
508 #define FSCTL_NETWORK_GET_STATISTICS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 116, METHOD_BUFFERED, FILE_ANY_ACCESS)
509 #define FSCTL_NETWORK_SET_DOMAIN_NAME CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS)
510 #define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS)
512 #define FSCTL_PIPE_ASSIGN_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
513 #define FSCTL_PIPE_DISCONNECT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
514 #define FSCTL_PIPE_LISTEN CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
515 #define FSCTL_PIPE_PEEK CTL_CODE(FILE_DEVICE_NAMED_PIPE, 3, METHOD_BUFFERED, FILE_READ_DATA)
516 #define FSCTL_PIPE_QUERY_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
517 #define FSCTL_PIPE_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 5, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
518 #define FSCTL_PIPE_WAIT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
519 #define FSCTL_PIPE_IMPERSONATE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
520 #define FSCTL_PIPE_SET_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
521 #define FSCTL_PIPE_QUERY_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 9, METHOD_BUFFERED, FILE_ANY_ACCESS)
522 #define FSCTL_PIPE_INTERNAL_READ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2045, METHOD_BUFFERED, FILE_READ_DATA)
523 #define FSCTL_PIPE_INTERNAL_WRITE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2046, METHOD_BUFFERED, FILE_WRITE_DATA)
524 #define FSCTL_PIPE_INTERNAL_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2047, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
525 #define FSCTL_PIPE_INTERNAL_READ_OVFLOW CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2048, METHOD_BUFFERED, FILE_READ_DATA)
527 #define IOCTL_REDIR_QUERY_PATH CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS)
529 typedef PVOID OPLOCK
, *POPLOCK
;
531 typedef struct _CACHE_MANAGER_CALLBACKS
*PCACHE_MANAGER_CALLBACKS
;
532 typedef struct _FILE_GET_QUOTA_INFORMATION
*PFILE_GET_QUOTA_INFORMATION
;
533 typedef struct _HANDLE_TABLE
*PHANDLE_TABLE
;
534 typedef struct _KPROCESS
*PKPROCESS
;
535 typedef struct _KQUEUE
*PKQUEUE
;
536 typedef struct _KTRAP_FRAME
*PKTRAP_FRAME
;
537 typedef struct _OBJECT_DIRECTORY
*POBJECT_DIRECTORY
;
538 typedef struct _SHARED_CACHE_MAP
*PSHARED_CACHE_MAP
;
539 typedef struct _VACB
*PVACB
;
540 typedef struct _VAD_HEADER
*PVAD_HEADER
;
548 typedef struct _NOTIFY_SYNC
561 } NOTIFY_SYNC
, * PNOTIFY_SYNC
;
563 typedef enum _FAST_IO_POSSIBLE
{
569 typedef enum _FILE_STORAGE_TYPE
{
570 StorageTypeDefault
= 1,
571 StorageTypeDirectory
,
573 StorageTypeJunctionPoint
,
575 StorageTypeStructuredStorage
,
576 StorageTypeEmbedding
,
580 typedef enum _OBJECT_INFO_CLASS
{
588 typedef struct _KAPC_STATE
{
589 LIST_ENTRY ApcListHead
[2];
591 BOOLEAN KernelApcInProgress
;
592 BOOLEAN KernelApcPending
;
593 BOOLEAN UserApcPending
;
594 } KAPC_STATE
, *PKAPC_STATE
, *RESTRICTED_POINTER PRKAPC_STATE
;
596 typedef struct _BITMAP_RANGE
{
598 LARGE_INTEGER BasePage
;
599 ULONG FirstDirtyPage
;
603 } BITMAP_RANGE
, *PBITMAP_RANGE
;
605 typedef struct _CACHE_UNINITIALIZE_EVENT
{
606 struct _CACHE_UNINITIALIZE_EVENT
*Next
;
608 } CACHE_UNINITIALIZE_EVENT
, *PCACHE_UNINITIALIZE_EVENT
;
610 typedef struct _CC_FILE_SIZES
{
611 LARGE_INTEGER AllocationSize
;
612 LARGE_INTEGER FileSize
;
613 LARGE_INTEGER ValidDataLength
;
614 } CC_FILE_SIZES
, *PCC_FILE_SIZES
;
616 typedef struct _COMPRESSED_DATA_INFO
{
617 USHORT CompressionFormatAndEngine
;
618 UCHAR CompressionUnitShift
;
622 USHORT NumberOfChunks
;
623 ULONG CompressedChunkSizes
[ANYSIZE_ARRAY
];
624 } COMPRESSED_DATA_INFO
, *PCOMPRESSED_DATA_INFO
;
626 typedef struct _SID_IDENTIFIER_AUTHORITY
{
628 } SID_IDENTIFIER_AUTHORITY
,*PSID_IDENTIFIER_AUTHORITY
,*LPSID_IDENTIFIER_AUTHORITY
;
630 typedef struct _SID
{
632 BYTE SubAuthorityCount
;
633 SID_IDENTIFIER_AUTHORITY IdentifierAuthority
;
634 DWORD SubAuthority
[ANYSIZE_ARRAY
];
636 typedef struct _SID_AND_ATTRIBUTES
{
639 } SID_AND_ATTRIBUTES
, *PSID_AND_ATTRIBUTES
;
640 typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY
[ANYSIZE_ARRAY
];
641 typedef SID_AND_ATTRIBUTES_ARRAY
*PSID_AND_ATTRIBUTES_ARRAY
;
642 typedef struct _TOKEN_SOURCE
{
643 CHAR SourceName
[TOKEN_SOURCE_LENGTH
];
644 LUID SourceIdentifier
;
645 } TOKEN_SOURCE
,*PTOKEN_SOURCE
;
646 typedef struct _TOKEN_CONTROL
{
648 LUID AuthenticationId
;
650 TOKEN_SOURCE TokenSource
;
651 } TOKEN_CONTROL
,*PTOKEN_CONTROL
;
652 typedef struct _TOKEN_DEFAULT_DACL
{
654 } TOKEN_DEFAULT_DACL
,*PTOKEN_DEFAULT_DACL
;
655 typedef struct _TOKEN_GROUPS
{
657 SID_AND_ATTRIBUTES Groups
[ANYSIZE_ARRAY
];
658 } TOKEN_GROUPS
,*PTOKEN_GROUPS
,*LPTOKEN_GROUPS
;
659 typedef struct _TOKEN_GROUPS_AND_PRIVILEGES
{
662 PSID_AND_ATTRIBUTES Sids
;
663 ULONG RestrictedSidCount
;
664 ULONG RestrictedSidLength
;
665 PSID_AND_ATTRIBUTES RestrictedSids
;
666 ULONG PrivilegeCount
;
667 ULONG PrivilegeLength
;
668 PLUID_AND_ATTRIBUTES Privileges
;
669 LUID AuthenticationId
;
670 } TOKEN_GROUPS_AND_PRIVILEGES
, *PTOKEN_GROUPS_AND_PRIVILEGES
;
671 typedef struct _TOKEN_ORIGIN
{
672 LUID OriginatingLogonSession
;
673 } TOKEN_ORIGIN
, *PTOKEN_ORIGIN
;
674 typedef struct _TOKEN_OWNER
{
676 } TOKEN_OWNER
,*PTOKEN_OWNER
;
677 typedef struct _TOKEN_PRIMARY_GROUP
{
679 } TOKEN_PRIMARY_GROUP
,*PTOKEN_PRIMARY_GROUP
;
680 typedef struct _TOKEN_PRIVILEGES
{
681 DWORD PrivilegeCount
;
682 LUID_AND_ATTRIBUTES Privileges
[ANYSIZE_ARRAY
];
683 } TOKEN_PRIVILEGES
,*PTOKEN_PRIVILEGES
,*LPTOKEN_PRIVILEGES
;
684 typedef enum tagTOKEN_TYPE
{
687 } TOKEN_TYPE
,*PTOKEN_TYPE
;
688 typedef struct _TOKEN_STATISTICS
{
690 LUID AuthenticationId
;
691 LARGE_INTEGER ExpirationTime
;
692 TOKEN_TYPE TokenType
;
693 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
;
694 DWORD DynamicCharged
;
695 DWORD DynamicAvailable
;
697 DWORD PrivilegeCount
;
699 } TOKEN_STATISTICS
, *PTOKEN_STATISTICS
;
700 typedef struct _TOKEN_USER
{
701 SID_AND_ATTRIBUTES User
;
702 } TOKEN_USER
, *PTOKEN_USER
;
703 typedef DWORD SECURITY_INFORMATION
,*PSECURITY_INFORMATION
;
704 typedef WORD SECURITY_DESCRIPTOR_CONTROL
,*PSECURITY_DESCRIPTOR_CONTROL
;
705 typedef struct _SECURITY_DESCRIPTOR
{
708 SECURITY_DESCRIPTOR_CONTROL Control
;
713 } SECURITY_DESCRIPTOR
, *PISECURITY_DESCRIPTOR
;
714 typedef struct _SECURITY_DESCRIPTOR_RELATIVE
{
717 SECURITY_DESCRIPTOR_CONTROL Control
;
722 } SECURITY_DESCRIPTOR_RELATIVE
, *PISECURITY_DESCRIPTOR_RELATIVE
;
723 typedef enum _TOKEN_INFORMATION_CLASS
{
724 TokenUser
=1,TokenGroups
,TokenPrivileges
,TokenOwner
,
725 TokenPrimaryGroup
,TokenDefaultDacl
,TokenSource
,TokenType
,
726 TokenImpersonationLevel
,TokenStatistics
,TokenRestrictedSids
,
727 TokenSessionId
,TokenGroupsAndPrivileges
,TokenSessionReference
,
728 TokenSandBoxInert
,TokenAuditPolicy
,TokenOrigin
,
729 } TOKEN_INFORMATION_CLASS
;
731 typedef struct _FILE_ACCESS_INFORMATION
{
732 ACCESS_MASK AccessFlags
;
733 } FILE_ACCESS_INFORMATION
, *PFILE_ACCESS_INFORMATION
;
735 typedef struct _FILE_ALLOCATION_INFORMATION
{
736 LARGE_INTEGER AllocationSize
;
737 } FILE_ALLOCATION_INFORMATION
, *PFILE_ALLOCATION_INFORMATION
;
739 typedef struct _FILE_BOTH_DIR_INFORMATION
{
740 ULONG NextEntryOffset
;
742 LARGE_INTEGER CreationTime
;
743 LARGE_INTEGER LastAccessTime
;
744 LARGE_INTEGER LastWriteTime
;
745 LARGE_INTEGER ChangeTime
;
746 LARGE_INTEGER EndOfFile
;
747 LARGE_INTEGER AllocationSize
;
748 ULONG FileAttributes
;
749 ULONG FileNameLength
;
751 CCHAR ShortNameLength
;
754 } FILE_BOTH_DIR_INFORMATION
, *PFILE_BOTH_DIR_INFORMATION
;
756 typedef struct _FILE_COMPLETION_INFORMATION
{
759 } FILE_COMPLETION_INFORMATION
, *PFILE_COMPLETION_INFORMATION
;
761 typedef struct _FILE_COMPRESSION_INFORMATION
{
762 LARGE_INTEGER CompressedFileSize
;
763 USHORT CompressionFormat
;
764 UCHAR CompressionUnitShift
;
768 } FILE_COMPRESSION_INFORMATION
, *PFILE_COMPRESSION_INFORMATION
;
770 typedef struct _FILE_COPY_ON_WRITE_INFORMATION
{
771 BOOLEAN ReplaceIfExists
;
772 HANDLE RootDirectory
;
773 ULONG FileNameLength
;
775 } FILE_COPY_ON_WRITE_INFORMATION
, *PFILE_COPY_ON_WRITE_INFORMATION
;
777 typedef struct _FILE_DIRECTORY_INFORMATION
{
778 ULONG NextEntryOffset
;
780 LARGE_INTEGER CreationTime
;
781 LARGE_INTEGER LastAccessTime
;
782 LARGE_INTEGER LastWriteTime
;
783 LARGE_INTEGER ChangeTime
;
784 LARGE_INTEGER EndOfFile
;
785 LARGE_INTEGER AllocationSize
;
786 ULONG FileAttributes
;
787 ULONG FileNameLength
;
789 } FILE_DIRECTORY_INFORMATION
, *PFILE_DIRECTORY_INFORMATION
;
791 typedef struct _FILE_FULL_DIRECTORY_INFORMATION
{
792 ULONG NextEntryOffset
;
794 LARGE_INTEGER CreationTime
;
795 LARGE_INTEGER LastAccessTime
;
796 LARGE_INTEGER LastWriteTime
;
797 LARGE_INTEGER ChangeTime
;
798 LARGE_INTEGER EndOfFile
;
799 LARGE_INTEGER AllocationSize
;
800 ULONG FileAttributes
;
801 ULONG FileNameLength
;
804 } FILE_FULL_DIRECTORY_INFORMATION
, *PFILE_FULL_DIRECTORY_INFORMATION
;
806 typedef struct _FILE_BOTH_DIRECTORY_INFORMATION
{
807 ULONG NextEntryOffset
;
809 LARGE_INTEGER CreationTime
;
810 LARGE_INTEGER LastAccessTime
;
811 LARGE_INTEGER LastWriteTime
;
812 LARGE_INTEGER ChangeTime
;
813 LARGE_INTEGER EndOfFile
;
814 LARGE_INTEGER AllocationSize
;
815 ULONG FileAttributes
;
816 ULONG FileNameLength
;
818 CHAR ShortNameLength
;
821 } FILE_BOTH_DIRECTORY_INFORMATION
, *PFILE_BOTH_DIRECTORY_INFORMATION
;
823 typedef struct _FILE_EA_INFORMATION
{
825 } FILE_EA_INFORMATION
, *PFILE_EA_INFORMATION
;
827 typedef struct _FILE_FS_ATTRIBUTE_INFORMATION
{
828 ULONG FileSystemAttributes
;
829 ULONG MaximumComponentNameLength
;
830 ULONG FileSystemNameLength
;
831 WCHAR FileSystemName
[1];
832 } FILE_FS_ATTRIBUTE_INFORMATION
, *PFILE_FS_ATTRIBUTE_INFORMATION
;
834 typedef struct _FILE_FS_CONTROL_INFORMATION
{
835 LARGE_INTEGER FreeSpaceStartFiltering
;
836 LARGE_INTEGER FreeSpaceThreshold
;
837 LARGE_INTEGER FreeSpaceStopFiltering
;
838 LARGE_INTEGER DefaultQuotaThreshold
;
839 LARGE_INTEGER DefaultQuotaLimit
;
840 ULONG FileSystemControlFlags
;
841 } FILE_FS_CONTROL_INFORMATION
, *PFILE_FS_CONTROL_INFORMATION
;
843 typedef struct _FILE_FS_FULL_SIZE_INFORMATION
{
844 LARGE_INTEGER TotalAllocationUnits
;
845 LARGE_INTEGER CallerAvailableAllocationUnits
;
846 LARGE_INTEGER ActualAvailableAllocationUnits
;
847 ULONG SectorsPerAllocationUnit
;
848 ULONG BytesPerSector
;
849 } FILE_FS_FULL_SIZE_INFORMATION
, *PFILE_FS_FULL_SIZE_INFORMATION
;
851 typedef struct _FILE_FS_LABEL_INFORMATION
{
852 ULONG VolumeLabelLength
;
853 WCHAR VolumeLabel
[1];
854 } FILE_FS_LABEL_INFORMATION
, *PFILE_FS_LABEL_INFORMATION
;
856 #if (VER_PRODUCTBUILD >= 2195)
858 typedef struct _FILE_FS_OBJECT_ID_INFORMATION
{
860 UCHAR ExtendedInfo
[48];
861 } FILE_FS_OBJECT_ID_INFORMATION
, *PFILE_FS_OBJECT_ID_INFORMATION
;
863 #endif /* (VER_PRODUCTBUILD >= 2195) */
865 typedef struct _FILE_FS_SIZE_INFORMATION
{
866 LARGE_INTEGER TotalAllocationUnits
;
867 LARGE_INTEGER AvailableAllocationUnits
;
868 ULONG SectorsPerAllocationUnit
;
869 ULONG BytesPerSector
;
870 } FILE_FS_SIZE_INFORMATION
, *PFILE_FS_SIZE_INFORMATION
;
872 typedef struct _FILE_FS_VOLUME_INFORMATION
{
873 LARGE_INTEGER VolumeCreationTime
;
874 ULONG VolumeSerialNumber
;
875 ULONG VolumeLabelLength
;
876 BOOLEAN SupportsObjects
;
877 WCHAR VolumeLabel
[1];
878 } FILE_FS_VOLUME_INFORMATION
, *PFILE_FS_VOLUME_INFORMATION
;
880 typedef struct _FILE_FULL_DIR_INFORMATION
{
881 ULONG NextEntryOffset
;
883 LARGE_INTEGER CreationTime
;
884 LARGE_INTEGER LastAccessTime
;
885 LARGE_INTEGER LastWriteTime
;
886 LARGE_INTEGER ChangeTime
;
887 LARGE_INTEGER EndOfFile
;
888 LARGE_INTEGER AllocationSize
;
889 ULONG FileAttributes
;
890 ULONG FileNameLength
;
893 } FILE_FULL_DIR_INFORMATION
, *PFILE_FULL_DIR_INFORMATION
;
895 typedef struct _FILE_GET_EA_INFORMATION
{
896 ULONG NextEntryOffset
;
899 } FILE_GET_EA_INFORMATION
, *PFILE_GET_EA_INFORMATION
;
901 typedef struct _FILE_GET_QUOTA_INFORMATION
{
902 ULONG NextEntryOffset
;
905 } FILE_GET_QUOTA_INFORMATION
, *PFILE_GET_QUOTA_INFORMATION
;
907 typedef struct _FILE_QUOTA_INFORMATION
909 ULONG NextEntryOffset
;
911 LARGE_INTEGER ChangeTime
;
912 LARGE_INTEGER QuotaUsed
;
913 LARGE_INTEGER QuotaThreshold
;
914 LARGE_INTEGER QuotaLimit
;
916 } FILE_QUOTA_INFORMATION
, *PFILE_QUOTA_INFORMATION
;
918 typedef struct _FILE_INTERNAL_INFORMATION
{
919 LARGE_INTEGER IndexNumber
;
920 } FILE_INTERNAL_INFORMATION
, *PFILE_INTERNAL_INFORMATION
;
922 typedef struct _FILE_LINK_INFORMATION
{
923 BOOLEAN ReplaceIfExists
;
924 HANDLE RootDirectory
;
925 ULONG FileNameLength
;
927 } FILE_LINK_INFORMATION
, *PFILE_LINK_INFORMATION
;
929 typedef struct _FILE_LOCK_INFO
{
930 LARGE_INTEGER StartingByte
;
931 LARGE_INTEGER Length
;
932 BOOLEAN ExclusiveLock
;
934 PFILE_OBJECT FileObject
;
936 LARGE_INTEGER EndingByte
;
937 } FILE_LOCK_INFO
, *PFILE_LOCK_INFO
;
939 /* raw internal file lock struct returned from FsRtlGetNextFileLock */
940 typedef struct _FILE_SHARED_LOCK_ENTRY
{
943 FILE_LOCK_INFO FileLock
;
944 } FILE_SHARED_LOCK_ENTRY
, *PFILE_SHARED_LOCK_ENTRY
;
946 /* raw internal file lock struct returned from FsRtlGetNextFileLock */
947 typedef struct _FILE_EXCLUSIVE_LOCK_ENTRY
{
948 LIST_ENTRY ListEntry
;
951 FILE_LOCK_INFO FileLock
;
952 } FILE_EXCLUSIVE_LOCK_ENTRY
, *PFILE_EXCLUSIVE_LOCK_ENTRY
;
954 typedef NTSTATUS (*PCOMPLETE_LOCK_IRP_ROUTINE
) (
959 typedef VOID (NTAPI
*PUNLOCK_ROUTINE
) (
961 IN PFILE_LOCK_INFO FileLockInfo
964 typedef struct _FILE_LOCK
{
965 PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine
;
966 PUNLOCK_ROUTINE UnlockRoutine
;
967 BOOLEAN FastIoIsQuestionable
;
969 PVOID LockInformation
;
970 FILE_LOCK_INFO LastReturnedLockInfo
;
971 PVOID LastReturnedLock
;
972 } FILE_LOCK
, *PFILE_LOCK
;
974 typedef struct _FILE_MAILSLOT_PEEK_BUFFER
{
975 ULONG ReadDataAvailable
;
976 ULONG NumberOfMessages
;
978 } FILE_MAILSLOT_PEEK_BUFFER
, *PFILE_MAILSLOT_PEEK_BUFFER
;
980 typedef struct _FILE_MAILSLOT_QUERY_INFORMATION
{
981 ULONG MaximumMessageSize
;
983 ULONG NextMessageSize
;
984 ULONG MessagesAvailable
;
985 LARGE_INTEGER ReadTimeout
;
986 } FILE_MAILSLOT_QUERY_INFORMATION
, *PFILE_MAILSLOT_QUERY_INFORMATION
;
988 typedef struct _FILE_MAILSLOT_SET_INFORMATION
{
989 PLARGE_INTEGER ReadTimeout
;
990 } FILE_MAILSLOT_SET_INFORMATION
, *PFILE_MAILSLOT_SET_INFORMATION
;
992 typedef struct _FILE_MODE_INFORMATION
{
994 } FILE_MODE_INFORMATION
, *PFILE_MODE_INFORMATION
;
996 typedef struct _FILE_ALL_INFORMATION
{
997 FILE_BASIC_INFORMATION BasicInformation
;
998 FILE_STANDARD_INFORMATION StandardInformation
;
999 FILE_INTERNAL_INFORMATION InternalInformation
;
1000 FILE_EA_INFORMATION EaInformation
;
1001 FILE_ACCESS_INFORMATION AccessInformation
;
1002 FILE_POSITION_INFORMATION PositionInformation
;
1003 FILE_MODE_INFORMATION ModeInformation
;
1004 FILE_ALIGNMENT_INFORMATION AlignmentInformation
;
1005 FILE_NAME_INFORMATION NameInformation
;
1006 } FILE_ALL_INFORMATION
, *PFILE_ALL_INFORMATION
;
1008 typedef struct _FILE_NAMES_INFORMATION
{
1009 ULONG NextEntryOffset
;
1011 ULONG FileNameLength
;
1013 } FILE_NAMES_INFORMATION
, *PFILE_NAMES_INFORMATION
;
1015 typedef struct _FILE_OBJECTID_INFORMATION
{
1016 LONGLONG FileReference
;
1018 _ANONYMOUS_UNION
union {
1020 UCHAR BirthVolumeId
[16];
1021 UCHAR BirthObjectId
[16];
1024 UCHAR ExtendedInfo
[48];
1026 } FILE_OBJECTID_INFORMATION
, *PFILE_OBJECTID_INFORMATION
;
1028 typedef struct _FILE_OLE_CLASSID_INFORMATION
{
1030 } FILE_OLE_CLASSID_INFORMATION
, *PFILE_OLE_CLASSID_INFORMATION
;
1032 typedef struct _FILE_OLE_ALL_INFORMATION
{
1033 FILE_BASIC_INFORMATION BasicInformation
;
1034 FILE_STANDARD_INFORMATION StandardInformation
;
1035 FILE_INTERNAL_INFORMATION InternalInformation
;
1036 FILE_EA_INFORMATION EaInformation
;
1037 FILE_ACCESS_INFORMATION AccessInformation
;
1038 FILE_POSITION_INFORMATION PositionInformation
;
1039 FILE_MODE_INFORMATION ModeInformation
;
1040 FILE_ALIGNMENT_INFORMATION AlignmentInformation
;
1043 LARGE_INTEGER SecurityChangeTime
;
1044 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation
;
1045 FILE_OBJECTID_INFORMATION ObjectIdInformation
;
1046 FILE_STORAGE_TYPE StorageType
;
1049 ULONG NumberOfStreamReferences
;
1052 BOOLEAN ContentIndexDisable
;
1053 BOOLEAN InheritContentIndexDisable
;
1054 FILE_NAME_INFORMATION NameInformation
;
1055 } FILE_OLE_ALL_INFORMATION
, *PFILE_OLE_ALL_INFORMATION
;
1057 typedef struct _FILE_OLE_DIR_INFORMATION
{
1058 ULONG NextEntryOffset
;
1060 LARGE_INTEGER CreationTime
;
1061 LARGE_INTEGER LastAccessTime
;
1062 LARGE_INTEGER LastWriteTime
;
1063 LARGE_INTEGER ChangeTime
;
1064 LARGE_INTEGER EndOfFile
;
1065 LARGE_INTEGER AllocationSize
;
1066 ULONG FileAttributes
;
1067 ULONG FileNameLength
;
1068 FILE_STORAGE_TYPE StorageType
;
1071 BOOLEAN ContentIndexDisable
;
1072 BOOLEAN InheritContentIndexDisable
;
1074 } FILE_OLE_DIR_INFORMATION
, *PFILE_OLE_DIR_INFORMATION
;
1076 typedef struct _FILE_OLE_INFORMATION
{
1077 LARGE_INTEGER SecurityChangeTime
;
1078 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation
;
1079 FILE_OBJECTID_INFORMATION ObjectIdInformation
;
1080 FILE_STORAGE_TYPE StorageType
;
1082 BOOLEAN ContentIndexDisable
;
1083 BOOLEAN InheritContentIndexDisable
;
1084 } FILE_OLE_INFORMATION
, *PFILE_OLE_INFORMATION
;
1086 typedef struct _FILE_OLE_STATE_BITS_INFORMATION
{
1088 ULONG StateBitsMask
;
1089 } FILE_OLE_STATE_BITS_INFORMATION
, *PFILE_OLE_STATE_BITS_INFORMATION
;
1091 typedef struct _FILE_PIPE_ASSIGN_EVENT_BUFFER
{
1094 } FILE_PIPE_ASSIGN_EVENT_BUFFER
, *PFILE_PIPE_ASSIGN_EVENT_BUFFER
;
1096 typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER
{
1097 PVOID ClientSession
;
1098 PVOID ClientProcess
;
1099 } FILE_PIPE_CLIENT_PROCESS_BUFFER
, *PFILE_PIPE_CLIENT_PROCESS_BUFFER
;
1101 typedef struct _FILE_PIPE_EVENT_BUFFER
{
1102 ULONG NamedPipeState
;
1106 ULONG NumberRequests
;
1107 } FILE_PIPE_EVENT_BUFFER
, *PFILE_PIPE_EVENT_BUFFER
;
1109 typedef struct _FILE_PIPE_PEEK_BUFFER
1111 ULONG NamedPipeState
;
1112 ULONG ReadDataAvailable
;
1113 ULONG NumberOfMessages
;
1114 ULONG MessageLength
;
1116 } FILE_PIPE_PEEK_BUFFER
, *PFILE_PIPE_PEEK_BUFFER
;
1118 typedef struct _FILE_PIPE_INFORMATION
{
1120 ULONG CompletionMode
;
1121 } FILE_PIPE_INFORMATION
, *PFILE_PIPE_INFORMATION
;
1123 typedef struct _FILE_PIPE_LOCAL_INFORMATION
{
1124 ULONG NamedPipeType
;
1125 ULONG NamedPipeConfiguration
;
1126 ULONG MaximumInstances
;
1127 ULONG CurrentInstances
;
1129 ULONG ReadDataAvailable
;
1130 ULONG OutboundQuota
;
1131 ULONG WriteQuotaAvailable
;
1132 ULONG NamedPipeState
;
1134 } FILE_PIPE_LOCAL_INFORMATION
, *PFILE_PIPE_LOCAL_INFORMATION
;
1136 typedef struct _FILE_PIPE_REMOTE_INFORMATION
{
1137 LARGE_INTEGER CollectDataTime
;
1138 ULONG MaximumCollectionCount
;
1139 } FILE_PIPE_REMOTE_INFORMATION
, *PFILE_PIPE_REMOTE_INFORMATION
;
1141 typedef struct _FILE_PIPE_WAIT_FOR_BUFFER
{
1142 LARGE_INTEGER Timeout
;
1144 BOOLEAN TimeoutSpecified
;
1146 } FILE_PIPE_WAIT_FOR_BUFFER
, *PFILE_PIPE_WAIT_FOR_BUFFER
;
1148 typedef struct _FILE_RENAME_INFORMATION
{
1149 BOOLEAN ReplaceIfExists
;
1150 HANDLE RootDirectory
;
1151 ULONG FileNameLength
;
1153 } FILE_RENAME_INFORMATION
, *PFILE_RENAME_INFORMATION
;
1155 typedef struct _FILE_STREAM_INFORMATION
{
1156 ULONG NextEntryOffset
;
1157 ULONG StreamNameLength
;
1158 LARGE_INTEGER StreamSize
;
1159 LARGE_INTEGER StreamAllocationSize
;
1160 WCHAR StreamName
[1];
1161 } FILE_STREAM_INFORMATION
, *PFILE_STREAM_INFORMATION
;
1163 typedef struct _FILE_TRACKING_INFORMATION
{
1164 HANDLE DestinationFile
;
1165 ULONG ObjectInformationLength
;
1166 CHAR ObjectInformation
[1];
1167 } FILE_TRACKING_INFORMATION
, *PFILE_TRACKING_INFORMATION
;
1169 #if (VER_PRODUCTBUILD >= 2195)
1170 typedef struct _FILE_ZERO_DATA_INFORMATION
{
1171 LARGE_INTEGER FileOffset
;
1172 LARGE_INTEGER BeyondFinalZero
;
1173 } FILE_ZERO_DATA_INFORMATION
, *PFILE_ZERO_DATA_INFORMATION
;
1175 typedef struct FILE_ALLOCATED_RANGE_BUFFER
{
1176 LARGE_INTEGER FileOffset
;
1177 LARGE_INTEGER Length
;
1178 } FILE_ALLOCATED_RANGE_BUFFER
, *PFILE_ALLOCATED_RANGE_BUFFER
;
1179 #endif /* (VER_PRODUCTBUILD >= 2195) */
1181 typedef struct _FSRTL_COMMON_FCB_HEADER
{
1182 CSHORT NodeTypeCode
;
1183 CSHORT NodeByteSize
;
1185 UCHAR IsFastIoPossible
;
1186 #if (VER_PRODUCTBUILD >= 1381)
1189 #endif /* (VER_PRODUCTBUILD >= 1381) */
1190 PERESOURCE Resource
;
1191 PERESOURCE PagingIoResource
;
1192 LARGE_INTEGER AllocationSize
;
1193 LARGE_INTEGER FileSize
;
1194 LARGE_INTEGER ValidDataLength
;
1195 } FSRTL_COMMON_FCB_HEADER
, *PFSRTL_COMMON_FCB_HEADER
;
1197 #if (VER_PRODUCTBUILD >= 2600)
1199 typedef struct _FSRTL_ADVANCED_FCB_HEADER
{
1200 CSHORT NodeTypeCode
;
1201 CSHORT NodeByteSize
;
1203 UCHAR IsFastIoPossible
;
1206 PERESOURCE Resource
;
1207 PERESOURCE PagingIoResource
;
1208 LARGE_INTEGER AllocationSize
;
1209 LARGE_INTEGER FileSize
;
1210 LARGE_INTEGER ValidDataLength
;
1211 PFAST_MUTEX FastMutex
;
1212 LIST_ENTRY FilterContexts
;
1213 } FSRTL_ADVANCED_FCB_HEADER
, *PFSRTL_ADVANCED_FCB_HEADER
;
1215 typedef struct _FSRTL_PER_STREAM_CONTEXT
{
1219 PFREE_FUNCTION FreeCallback
;
1220 } FSRTL_PER_STREAM_CONTEXT
, *PFSRTL_PER_STREAM_CONTEXT
;
1222 #endif /* (VER_PRODUCTBUILD >= 2600) */
1224 typedef struct _BASE_MCB
1226 ULONG MaximumPairCount
;
1231 typedef BASE_MCB
*PBASE_MCB
;
1233 typedef struct _LARGE_MCB
{
1234 PFAST_MUTEX FastMutex
;
1235 ULONG MaximumPairCount
;
1240 typedef LARGE_MCB
*PLARGE_MCB
;
1244 LARGE_MCB DummyFieldThatSizesThisStructureCorrectly
;
1248 typedef struct _GENERATE_NAME_CONTEXT
{
1250 BOOLEAN CheckSumInserted
;
1252 WCHAR NameBuffer
[8];
1253 ULONG ExtensionLength
;
1254 WCHAR ExtensionBuffer
[4];
1255 ULONG LastIndexValue
;
1256 } GENERATE_NAME_CONTEXT
, *PGENERATE_NAME_CONTEXT
;
1258 typedef struct _MAPPING_PAIR
{
1261 } MAPPING_PAIR
, *PMAPPING_PAIR
;
1263 typedef struct _GET_RETRIEVAL_DESCRIPTOR
{
1264 ULONG NumberOfPairs
;
1266 MAPPING_PAIR Pair
[1];
1267 } GET_RETRIEVAL_DESCRIPTOR
, *PGET_RETRIEVAL_DESCRIPTOR
;
1269 typedef struct _IO_CLIENT_EXTENSION
{
1270 struct _IO_CLIENT_EXTENSION
*NextExtension
;
1271 PVOID ClientIdentificationAddress
;
1272 } IO_CLIENT_EXTENSION
, *PIO_CLIENT_EXTENSION
;
1274 typedef struct _IO_COMPLETION_BASIC_INFORMATION
{
1276 } IO_COMPLETION_BASIC_INFORMATION
, *PIO_COMPLETION_BASIC_INFORMATION
;
1278 typedef struct _KQUEUE
{
1279 DISPATCHER_HEADER Header
;
1280 LIST_ENTRY EntryListHead
;
1283 LIST_ENTRY ThreadListHead
;
1284 } KQUEUE
, *PKQUEUE
, *RESTRICTED_POINTER PRKQUEUE
;
1286 typedef struct _MBCB
{
1287 CSHORT NodeTypeCode
;
1288 CSHORT NodeIsInZone
;
1292 LIST_ENTRY BitmapRanges
;
1293 LONGLONG ResumeWritePage
;
1294 BITMAP_RANGE BitmapRange1
;
1295 BITMAP_RANGE BitmapRange2
;
1296 BITMAP_RANGE BitmapRange3
;
1299 typedef struct _MOVEFILE_DESCRIPTOR
{
1302 LARGE_INTEGER StartVcn
;
1303 LARGE_INTEGER TargetLcn
;
1306 } MOVEFILE_DESCRIPTOR
, *PMOVEFILE_DESCRIPTOR
;
1308 typedef struct _OBJECT_BASIC_INFO
{
1310 ACCESS_MASK GrantedAccess
;
1312 ULONG ReferenceCount
;
1313 ULONG PagedPoolUsage
;
1314 ULONG NonPagedPoolUsage
;
1316 ULONG NameInformationLength
;
1317 ULONG TypeInformationLength
;
1318 ULONG SecurityDescriptorLength
;
1319 LARGE_INTEGER CreateTime
;
1320 } OBJECT_BASIC_INFO
, *POBJECT_BASIC_INFO
;
1322 typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFO
{
1324 BOOLEAN ProtectFromClose
;
1325 } OBJECT_HANDLE_ATTRIBUTE_INFO
, *POBJECT_HANDLE_ATTRIBUTE_INFO
;
1327 typedef struct _OBJECT_NAME_INFO
{
1328 UNICODE_STRING ObjectName
;
1329 WCHAR ObjectNameBuffer
[1];
1330 } OBJECT_NAME_INFO
, *POBJECT_NAME_INFO
;
1332 typedef struct _OBJECT_PROTECTION_INFO
{
1334 BOOLEAN ProtectHandle
;
1335 } OBJECT_PROTECTION_INFO
, *POBJECT_PROTECTION_INFO
;
1337 typedef struct _OBJECT_TYPE_INFO
{
1338 UNICODE_STRING ObjectTypeName
;
1339 UCHAR Unknown
[0x58];
1340 WCHAR ObjectTypeNameBuffer
[1];
1341 } OBJECT_TYPE_INFO
, *POBJECT_TYPE_INFO
;
1343 typedef struct _OBJECT_ALL_TYPES_INFO
{
1344 ULONG NumberOfObjectTypes
;
1345 OBJECT_TYPE_INFO ObjectsTypeInfo
[1];
1346 } OBJECT_ALL_TYPES_INFO
, *POBJECT_ALL_TYPES_INFO
;
1349 typedef struct _PATHNAME_BUFFER
{
1350 ULONG PathNameLength
;
1352 } PATHNAME_BUFFER
, *PPATHNAME_BUFFER
;
1354 #if (VER_PRODUCTBUILD >= 2600)
1356 typedef struct _PRIVATE_CACHE_MAP_FLAGS
{
1358 ULONG ReadAheadActive
: 1;
1359 ULONG ReadAheadEnabled
: 1;
1360 ULONG Available
: 14;
1361 } PRIVATE_CACHE_MAP_FLAGS
, *PPRIVATE_CACHE_MAP_FLAGS
;
1363 typedef struct _PRIVATE_CACHE_MAP
{
1364 _ANONYMOUS_UNION
union {
1365 CSHORT NodeTypeCode
;
1366 PRIVATE_CACHE_MAP_FLAGS Flags
;
1369 ULONG ReadAheadMask
;
1370 PFILE_OBJECT FileObject
;
1371 LARGE_INTEGER FileOffset1
;
1372 LARGE_INTEGER BeyondLastByte1
;
1373 LARGE_INTEGER FileOffset2
;
1374 LARGE_INTEGER BeyondLastByte2
;
1375 LARGE_INTEGER ReadAheadOffset
[2];
1376 ULONG ReadAheadLength
[2];
1377 KSPIN_LOCK ReadAheadSpinLock
;
1378 LIST_ENTRY PrivateLinks
;
1379 } PRIVATE_CACHE_MAP
, *PPRIVATE_CACHE_MAP
;
1383 typedef struct _PUBLIC_BCB
{
1384 CSHORT NodeTypeCode
;
1385 CSHORT NodeByteSize
;
1387 LARGE_INTEGER MappedFileOffset
;
1388 } PUBLIC_BCB
, *PPUBLIC_BCB
;
1390 typedef struct _QUERY_PATH_REQUEST
{
1391 ULONG PathNameLength
;
1392 PIO_SECURITY_CONTEXT SecurityContext
;
1393 WCHAR FilePathName
[1];
1394 } QUERY_PATH_REQUEST
, *PQUERY_PATH_REQUEST
;
1396 typedef struct _QUERY_PATH_RESPONSE
{
1397 ULONG LengthAccepted
;
1398 } QUERY_PATH_RESPONSE
, *PQUERY_PATH_RESPONSE
;
1400 typedef struct _RETRIEVAL_POINTERS_BUFFER
{
1402 LARGE_INTEGER StartingVcn
;
1404 LARGE_INTEGER NextVcn
;
1407 } RETRIEVAL_POINTERS_BUFFER
, *PRETRIEVAL_POINTERS_BUFFER
;
1409 typedef struct _RTL_SPLAY_LINKS
{
1410 struct _RTL_SPLAY_LINKS
*Parent
;
1411 struct _RTL_SPLAY_LINKS
*LeftChild
;
1412 struct _RTL_SPLAY_LINKS
*RightChild
;
1413 } RTL_SPLAY_LINKS
, *PRTL_SPLAY_LINKS
;
1415 typedef enum _RTL_GENERIC_COMPARE_RESULTS
1420 } RTL_GENERIC_COMPARE_RESULTS
;
1422 #if defined(USE_LPC6432)
1423 #define LPC_CLIENT_ID CLIENT_ID64
1424 #define LPC_SIZE_T ULONGLONG
1425 #define LPC_PVOID ULONGLONG
1426 #define LPC_HANDLE ULONGLONG
1428 #define LPC_CLIENT_ID CLIENT_ID
1429 #define LPC_SIZE_T SIZE_T
1430 #define LPC_PVOID PVOID
1431 #define LPC_HANDLE HANDLE
1434 typedef struct _PORT_MESSAGE
1450 CSHORT DataInfoOffset
;
1456 LPC_CLIENT_ID ClientId
;
1457 double DoNotUseThisField
;
1462 LPC_SIZE_T ClientViewSize
;
1465 } PORT_MESSAGE
, *PPORT_MESSAGE
;
1467 typedef struct _PORT_VIEW
1470 LPC_HANDLE SectionHandle
;
1471 ULONG SectionOffset
;
1472 LPC_SIZE_T ViewSize
;
1474 LPC_PVOID ViewRemoteBase
;
1475 } PORT_VIEW
, *PPORT_VIEW
;
1477 typedef struct _REMOTE_PORT_VIEW
1480 LPC_SIZE_T ViewSize
;
1482 } REMOTE_PORT_VIEW
, *PREMOTE_PORT_VIEW
;
1484 typedef struct _SE_EXPORTS
{
1486 LUID SeCreateTokenPrivilege
;
1487 LUID SeAssignPrimaryTokenPrivilege
;
1488 LUID SeLockMemoryPrivilege
;
1489 LUID SeIncreaseQuotaPrivilege
;
1490 LUID SeUnsolicitedInputPrivilege
;
1491 LUID SeTcbPrivilege
;
1492 LUID SeSecurityPrivilege
;
1493 LUID SeTakeOwnershipPrivilege
;
1494 LUID SeLoadDriverPrivilege
;
1495 LUID SeCreatePagefilePrivilege
;
1496 LUID SeIncreaseBasePriorityPrivilege
;
1497 LUID SeSystemProfilePrivilege
;
1498 LUID SeSystemtimePrivilege
;
1499 LUID SeProfileSingleProcessPrivilege
;
1500 LUID SeCreatePermanentPrivilege
;
1501 LUID SeBackupPrivilege
;
1502 LUID SeRestorePrivilege
;
1503 LUID SeShutdownPrivilege
;
1504 LUID SeDebugPrivilege
;
1505 LUID SeAuditPrivilege
;
1506 LUID SeSystemEnvironmentPrivilege
;
1507 LUID SeChangeNotifyPrivilege
;
1508 LUID SeRemoteShutdownPrivilege
;
1513 PSID SeCreatorOwnerSid
;
1514 PSID SeCreatorGroupSid
;
1516 PSID SeNtAuthoritySid
;
1520 PSID SeInteractiveSid
;
1521 PSID SeLocalSystemSid
;
1522 PSID SeAliasAdminsSid
;
1523 PSID SeAliasUsersSid
;
1524 PSID SeAliasGuestsSid
;
1525 PSID SeAliasPowerUsersSid
;
1526 PSID SeAliasAccountOpsSid
;
1527 PSID SeAliasSystemOpsSid
;
1528 PSID SeAliasPrintOpsSid
;
1529 PSID SeAliasBackupOpsSid
;
1531 PSID SeAuthenticatedUsersSid
;
1533 PSID SeRestrictedSid
;
1534 PSID SeAnonymousLogonSid
;
1536 LUID SeUndockPrivilege
;
1537 LUID SeSyncAgentPrivilege
;
1538 LUID SeEnableDelegationPrivilege
;
1540 } SE_EXPORTS
, *PSE_EXPORTS
;
1544 LARGE_INTEGER StartingLcn
;
1545 } STARTING_LCN_INPUT_BUFFER
, *PSTARTING_LCN_INPUT_BUFFER
;
1547 typedef struct _STARTING_VCN_INPUT_BUFFER
{
1548 LARGE_INTEGER StartingVcn
;
1549 } STARTING_VCN_INPUT_BUFFER
, *PSTARTING_VCN_INPUT_BUFFER
;
1551 typedef struct _SECURITY_CLIENT_CONTEXT
{
1552 SECURITY_QUALITY_OF_SERVICE SecurityQos
;
1553 PACCESS_TOKEN ClientToken
;
1554 BOOLEAN DirectlyAccessClientToken
;
1555 BOOLEAN DirectAccessEffectiveOnly
;
1556 BOOLEAN ServerIsRemote
;
1557 TOKEN_CONTROL ClientTokenControl
;
1558 } SECURITY_CLIENT_CONTEXT
, *PSECURITY_CLIENT_CONTEXT
;
1560 typedef struct _ACE_HEADER
1565 } ACE_HEADER
, *PACE_HEADER
;
1567 typedef struct _TUNNEL
{
1569 PRTL_SPLAY_LINKS Cache
;
1570 LIST_ENTRY TimerQueue
;
1574 typedef struct _VACB
{
1576 PSHARED_CACHE_MAP SharedCacheMap
;
1578 LARGE_INTEGER FileOffset
;
1584 typedef struct _VAD_HEADER
{
1587 PVAD_HEADER ParentLink
;
1588 PVAD_HEADER LeftLink
;
1589 PVAD_HEADER RightLink
;
1590 ULONG Flags
; /* LSB = CommitCharge */
1592 PVOID FirstProtoPte
;
1596 } VAD_HEADER
, *PVAD_HEADER
;
1600 LARGE_INTEGER StartingLcn
;
1601 LARGE_INTEGER BitmapSize
;
1603 } VOLUME_BITMAP_BUFFER
, *PVOLUME_BITMAP_BUFFER
;
1605 #if (VER_PRODUCTBUILD >= 2600)
1608 (NTAPI
*PFILTER_REPORT_CHANGE
) (
1609 IN PVOID NotifyContext
,
1610 IN PVOID FilterContext
1613 typedef enum _FS_FILTER_SECTION_SYNC_TYPE
{
1615 SyncTypeCreateSection
1616 } FS_FILTER_SECTION_SYNC_TYPE
, *PFS_FILTER_SECTION_SYNC_TYPE
;
1618 typedef union _FS_FILTER_PARAMETERS
{
1620 PLARGE_INTEGER EndingOffset
;
1621 } AcquireForModifiedPageWriter
;
1624 PERESOURCE ResourceToRelease
;
1625 } ReleaseForModifiedPageWriter
;
1628 FS_FILTER_SECTION_SYNC_TYPE SyncType
;
1629 ULONG PageProtection
;
1630 } AcquireForSectionSynchronization
;
1639 } FS_FILTER_PARAMETERS
, *PFS_FILTER_PARAMETERS
;
1641 typedef struct _FS_FILTER_CALLBACK_DATA
{
1642 ULONG SizeOfFsFilterCallbackData
;
1645 struct _DEVICE_OBJECT
*DeviceObject
;
1646 struct _FILE_OBJECT
*FileObject
;
1647 FS_FILTER_PARAMETERS Parameters
;
1648 } FS_FILTER_CALLBACK_DATA
, *PFS_FILTER_CALLBACK_DATA
;
1651 (NTAPI
*PFS_FILTER_CALLBACK
) (
1652 IN PFS_FILTER_CALLBACK_DATA Data
,
1653 OUT PVOID
*CompletionContext
1657 (NTAPI
*PFS_FILTER_COMPLETION_CALLBACK
) (
1658 IN PFS_FILTER_CALLBACK_DATA Data
,
1659 IN NTSTATUS OperationStatus
,
1660 IN PVOID CompletionContext
1663 typedef struct _FS_FILTER_CALLBACKS
{
1664 ULONG SizeOfFsFilterCallbacks
;
1666 PFS_FILTER_CALLBACK PreAcquireForSectionSynchronization
;
1667 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForSectionSynchronization
;
1668 PFS_FILTER_CALLBACK PreReleaseForSectionSynchronization
;
1669 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForSectionSynchronization
;
1670 PFS_FILTER_CALLBACK PreAcquireForCcFlush
;
1671 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForCcFlush
;
1672 PFS_FILTER_CALLBACK PreReleaseForCcFlush
;
1673 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForCcFlush
;
1674 PFS_FILTER_CALLBACK PreAcquireForModifiedPageWriter
;
1675 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForModifiedPageWriter
;
1676 PFS_FILTER_CALLBACK PreReleaseForModifiedPageWriter
;
1677 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForModifiedPageWriter
;
1678 } FS_FILTER_CALLBACKS
, *PFS_FILTER_CALLBACKS
;
1680 typedef struct _READ_LIST
{
1681 PFILE_OBJECT FileObject
;
1682 ULONG NumberOfEntries
;
1684 FILE_SEGMENT_ELEMENT List
[ANYSIZE_ARRAY
];
1685 } READ_LIST
, *PREAD_LIST
;
1690 (NTAPI
* PRTL_HEAP_COMMIT_ROUTINE
) (
1692 IN OUT PVOID
*CommitAddress
,
1693 IN OUT PSIZE_T CommitSize
1696 typedef struct _RTL_HEAP_PARAMETERS
{
1698 SIZE_T SegmentReserve
;
1699 SIZE_T SegmentCommit
;
1700 SIZE_T DeCommitFreeBlockThreshold
;
1701 SIZE_T DeCommitTotalFreeThreshold
;
1702 SIZE_T MaximumAllocationSize
;
1703 SIZE_T VirtualMemoryThreshold
;
1704 SIZE_T InitialCommit
;
1705 SIZE_T InitialReserve
;
1706 PRTL_HEAP_COMMIT_ROUTINE CommitRoutine
;
1708 } RTL_HEAP_PARAMETERS
, *PRTL_HEAP_PARAMETERS
;
1714 IN PFILE_OBJECT FileObject
,
1715 IN ULONG BytesToWrite
,
1724 IN PFILE_OBJECT FileObject
,
1725 IN PLARGE_INTEGER FileOffset
,
1729 OUT PIO_STATUS_BLOCK IoStatus
1736 IN PFILE_OBJECT FileObject
,
1737 IN PLARGE_INTEGER FileOffset
,
1743 #define CcCopyWriteWontFlush(FO, FOFF, LEN) ((LEN) <= 0x10000)
1745 typedef VOID (NTAPI
*PCC_POST_DEFERRED_WRITE
) (
1754 IN PFILE_OBJECT FileObject
,
1755 IN PCC_POST_DEFERRED_WRITE PostRoutine
,
1758 IN ULONG BytesToWrite
,
1766 IN PFILE_OBJECT FileObject
,
1767 IN ULONG FileOffset
,
1771 OUT PIO_STATUS_BLOCK IoStatus
1778 IN PFILE_OBJECT FileObject
,
1779 IN ULONG FileOffset
,
1788 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
1789 IN PLARGE_INTEGER FileOffset OPTIONAL
,
1791 OUT PIO_STATUS_BLOCK IoStatus OPTIONAL
1794 typedef VOID (*PDIRTY_PAGE_ROUTINE
) (
1795 IN PFILE_OBJECT FileObject
,
1796 IN PLARGE_INTEGER FileOffset
,
1798 IN PLARGE_INTEGER OldestLsn
,
1799 IN PLARGE_INTEGER NewestLsn
,
1809 IN PDIRTY_PAGE_ROUTINE DirtyPageRoutine
,
1817 CcGetFileObjectFromBcb (
1824 CcGetFileObjectFromSectionPtrs (
1825 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
1828 #define CcGetFileSizePointer(FO) ( \
1829 ((PLARGE_INTEGER)((FO)->SectionObjectPointer->SharedCacheMap) + 1) \
1832 #if (VER_PRODUCTBUILD >= 2195)
1837 CcGetFlushedValidData (
1838 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
1839 IN BOOLEAN BcbListHeld
1842 #endif /* (VER_PRODUCTBUILD >= 2195) */
1847 CcGetLsnForFileObject (
1848 IN PFILE_OBJECT FileObject
,
1849 OUT PLARGE_INTEGER OldestLsn OPTIONAL
1852 typedef BOOLEAN (NTAPI
*PACQUIRE_FOR_LAZY_WRITE
) (
1857 typedef VOID (NTAPI
*PRELEASE_FROM_LAZY_WRITE
) (
1861 typedef BOOLEAN (NTAPI
*PACQUIRE_FOR_READ_AHEAD
) (
1866 typedef VOID (NTAPI
*PRELEASE_FROM_READ_AHEAD
) (
1870 typedef struct _CACHE_MANAGER_CALLBACKS
{
1871 PACQUIRE_FOR_LAZY_WRITE AcquireForLazyWrite
;
1872 PRELEASE_FROM_LAZY_WRITE ReleaseFromLazyWrite
;
1873 PACQUIRE_FOR_READ_AHEAD AcquireForReadAhead
;
1874 PRELEASE_FROM_READ_AHEAD ReleaseFromReadAhead
;
1875 } CACHE_MANAGER_CALLBACKS
, *PCACHE_MANAGER_CALLBACKS
;
1880 CcInitializeCacheMap (
1881 IN PFILE_OBJECT FileObject
,
1882 IN PCC_FILE_SIZES FileSizes
,
1883 IN BOOLEAN PinAccess
,
1884 IN PCACHE_MANAGER_CALLBACKS Callbacks
,
1885 IN PVOID LazyWriteContext
1888 #define CcIsFileCached(FO) ( \
1889 ((FO)->SectionObjectPointer != NULL) && \
1890 (((PSECTION_OBJECT_POINTERS)(FO)->SectionObjectPointer)->SharedCacheMap != NULL) \
1896 CcIsThereDirtyData (
1904 IN PFILE_OBJECT FileObject
,
1905 IN PLARGE_INTEGER FileOffset
,
1916 IN PFILE_OBJECT FileObject
,
1917 IN PLARGE_INTEGER FileOffset
,
1920 OUT PIO_STATUS_BLOCK IoStatus
1927 IN PFILE_OBJECT FileObject
,
1934 CcMdlWriteComplete (
1935 IN PFILE_OBJECT FileObject
,
1936 IN PLARGE_INTEGER FileOffset
,
1944 IN PFILE_OBJECT FileObject
,
1945 IN PLARGE_INTEGER FileOffset
,
1947 #if (VER_PRODUCTBUILD >= 2195)
1959 IN PFILE_OBJECT FileObject
,
1960 IN PLARGE_INTEGER FileOffset
,
1962 #if (VER_PRODUCTBUILD >= 2195)
1975 IN PFILE_OBJECT FileObject
,
1976 IN PLARGE_INTEGER FileOffset
,
1979 OUT PIO_STATUS_BLOCK IoStatus
1986 IN PFILE_OBJECT FileObject
,
1987 IN PLARGE_INTEGER FileOffset
,
1990 #if (VER_PRODUCTBUILD >= 2195)
2002 CcPurgeCacheSection (
2003 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
2004 IN PLARGE_INTEGER FileOffset OPTIONAL
,
2006 IN BOOLEAN UninitializeCacheMaps
2009 #define CcReadAhead(FO, FOFF, LEN) ( \
2010 if ((LEN) >= 256) { \
2011 CcScheduleReadAhead((FO), (FOFF), (LEN)); \
2015 #if (VER_PRODUCTBUILD >= 2195)
2024 #endif /* (VER_PRODUCTBUILD >= 2195) */
2036 CcScheduleReadAhead (
2037 IN PFILE_OBJECT FileObject
,
2038 IN PLARGE_INTEGER FileOffset
,
2045 CcSetAdditionalCacheAttributes (
2046 IN PFILE_OBJECT FileObject
,
2047 IN BOOLEAN DisableReadAhead
,
2048 IN BOOLEAN DisableWriteBehind
2054 CcSetBcbOwnerPointer (
2056 IN PVOID OwnerPointer
2062 CcSetDirtyPageThreshold (
2063 IN PFILE_OBJECT FileObject
,
2064 IN ULONG DirtyPageThreshold
2070 CcSetDirtyPinnedData (
2072 IN PLARGE_INTEGER Lsn OPTIONAL
2079 IN PFILE_OBJECT FileObject
,
2080 IN PCC_FILE_SIZES FileSizes
2083 typedef VOID (NTAPI
*PFLUSH_TO_LSN
) (
2085 IN PLARGE_INTEGER Lsn
2091 CcSetLogHandleForFile (
2092 IN PFILE_OBJECT FileObject
,
2094 IN PFLUSH_TO_LSN FlushToLsnRoutine
2100 CcSetReadAheadGranularity (
2101 IN PFILE_OBJECT FileObject
,
2102 IN ULONG Granularity
/* default: PAGE_SIZE */
2103 /* allowed: 2^n * PAGE_SIZE */
2109 CcUninitializeCacheMap (
2110 IN PFILE_OBJECT FileObject
,
2111 IN PLARGE_INTEGER TruncateSize OPTIONAL
,
2112 IN PCACHE_UNINITIALIZE_EVENT UninitializeCompleteEvent OPTIONAL
2125 CcUnpinDataForThread (
2127 IN ERESOURCE_THREAD ResourceThreadId
2133 CcUnpinRepinnedBcb (
2135 IN BOOLEAN WriteThrough
,
2136 OUT PIO_STATUS_BLOCK IoStatus
2139 #if (VER_PRODUCTBUILD >= 2195)
2144 CcWaitForCurrentLazyWriterActivity (
2148 #endif /* (VER_PRODUCTBUILD >= 2195) */
2154 IN PFILE_OBJECT FileObject
,
2155 IN PLARGE_INTEGER StartOffset
,
2156 IN PLARGE_INTEGER EndOffset
,
2163 ExDisableResourceBoostLite (
2164 IN PERESOURCE Resource
2170 ExQueryPoolBlockSize (
2172 OUT PBOOLEAN QuotaCharged
2175 #if (VER_PRODUCTBUILD >= 2600)
2177 #ifndef __NTOSKRNL__
2181 ExInitializeRundownProtection (
2182 IN PEX_RUNDOWN_REF RunRef
2188 ExReInitializeRundownProtection (
2189 IN PEX_RUNDOWN_REF RunRef
2195 ExAcquireRundownProtection (
2196 IN PEX_RUNDOWN_REF RunRef
2202 ExAcquireRundownProtectionEx (
2203 IN PEX_RUNDOWN_REF RunRef
,
2210 ExReleaseRundownProtection (
2211 IN PEX_RUNDOWN_REF RunRef
2217 ExReleaseRundownProtectionEx (
2218 IN PEX_RUNDOWN_REF RunRef
,
2225 ExRundownCompleted (
2226 IN PEX_RUNDOWN_REF RunRef
2232 ExWaitForRundownProtectionRelease (
2233 IN PEX_RUNDOWN_REF RunRef
2237 #endif /* (VER_PRODUCTBUILD >= 2600) */
2239 #define FlagOn(x, f) ((x) & (f))
2244 FsRtlAddToTunnelCache (
2246 IN ULONGLONG DirectoryKey
,
2247 IN PUNICODE_STRING ShortName
,
2248 IN PUNICODE_STRING LongName
,
2249 IN BOOLEAN KeyByShortName
,
2250 IN ULONG DataLength
,
2254 #if (VER_PRODUCTBUILD >= 2195)
2258 FsRtlAllocateFileLock (
2259 IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL
,
2260 IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL
2263 #endif /* (VER_PRODUCTBUILD >= 2195) */
2269 IN POOL_TYPE PoolType
,
2270 IN ULONG NumberOfBytes
2276 FsRtlAllocatePoolWithQuota (
2277 IN POOL_TYPE PoolType
,
2278 IN ULONG NumberOfBytes
2284 FsRtlAllocatePoolWithQuotaTag (
2285 IN POOL_TYPE PoolType
,
2286 IN ULONG NumberOfBytes
,
2293 FsRtlAllocatePoolWithTag (
2294 IN POOL_TYPE PoolType
,
2295 IN ULONG NumberOfBytes
,
2302 FsRtlAreNamesEqual (
2303 IN PUNICODE_STRING Name1
,
2304 IN PUNICODE_STRING Name2
,
2305 IN BOOLEAN IgnoreCase
,
2306 IN PWCHAR UpcaseTable OPTIONAL
2309 #define FsRtlAreThereCurrentFileLocks(FL) ( \
2310 ((FL)->FastIoIsQuestionable) \
2314 FsRtlCheckLockForReadAccess:
2316 All this really does is pick out the lock parameters from the irp (io stack
2317 location?), get IoGetRequestorProcess, and pass values on to
2318 FsRtlFastCheckLockForRead.
2323 FsRtlCheckLockForReadAccess (
2324 IN PFILE_LOCK FileLock
,
2329 FsRtlCheckLockForWriteAccess:
2331 All this really does is pick out the lock parameters from the irp (io stack
2332 location?), get IoGetRequestorProcess, and pass values on to
2333 FsRtlFastCheckLockForWrite.
2338 FsRtlCheckLockForWriteAccess (
2339 IN PFILE_LOCK FileLock
,
2345 (NTAPI
*POPLOCK_WAIT_COMPLETE_ROUTINE
) (
2352 (NTAPI
*POPLOCK_FS_PREPOST_IRP
) (
2364 IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL
,
2365 IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL
2372 IN PFILE_OBJECT FileObject
,
2373 IN PLARGE_INTEGER FileOffset
,
2378 OUT PIO_STATUS_BLOCK IoStatus
,
2379 IN PDEVICE_OBJECT DeviceObject
2386 IN PFILE_OBJECT FileObject
,
2387 IN PLARGE_INTEGER FileOffset
,
2392 OUT PIO_STATUS_BLOCK IoStatus
,
2393 IN PDEVICE_OBJECT DeviceObject
2401 IN PVOID HeapBase OPTIONAL
,
2402 IN SIZE_T ReserveSize OPTIONAL
,
2403 IN SIZE_T CommitSize OPTIONAL
,
2404 IN PVOID Lock OPTIONAL
,
2405 IN PRTL_HEAP_PARAMETERS Parameters OPTIONAL
2411 FsRtlCurrentBatchOplock (
2418 FsRtlDeleteKeyFromTunnelCache (
2420 IN ULONGLONG DirectoryKey
2426 FsRtlDeleteTunnelCache (
2433 FsRtlDeregisterUncProvider (
2448 IN ANSI_STRING Name
,
2449 OUT PANSI_STRING FirstPart
,
2450 OUT PANSI_STRING RemainingPart
2457 IN UNICODE_STRING Name
,
2458 OUT PUNICODE_STRING FirstPart
,
2459 OUT PUNICODE_STRING RemainingPart
2465 FsRtlDoesDbcsContainWildCards (
2466 IN PANSI_STRING Name
2472 FsRtlDoesNameContainWildCards (
2473 IN PUNICODE_STRING Name
2476 #define FsRtlEnterFileSystem KeEnterCriticalRegion
2478 #define FsRtlExitFileSystem KeLeaveCriticalRegion
2483 FsRtlFastCheckLockForRead (
2484 IN PFILE_LOCK FileLock
,
2485 IN PLARGE_INTEGER FileOffset
,
2486 IN PLARGE_INTEGER Length
,
2488 IN PFILE_OBJECT FileObject
,
2489 IN PEPROCESS Process
2495 FsRtlFastCheckLockForWrite (
2496 IN PFILE_LOCK FileLock
,
2497 IN PLARGE_INTEGER FileOffset
,
2498 IN PLARGE_INTEGER Length
,
2500 IN PFILE_OBJECT FileObject
,
2501 IN PEPROCESS Process
2504 #define FsRtlFastLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, A10, A11) ( \
2505 FsRtlPrivateLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, NULL, A10, A11) \
2511 FsRtlFastUnlockAll (
2512 IN PFILE_LOCK FileLock
,
2513 IN PFILE_OBJECT FileObject
,
2514 IN PEPROCESS Process
,
2515 IN PVOID Context OPTIONAL
2517 /* ret: STATUS_RANGE_NOT_LOCKED */
2522 FsRtlFastUnlockAllByKey (
2523 IN PFILE_LOCK FileLock
,
2524 IN PFILE_OBJECT FileObject
,
2525 IN PEPROCESS Process
,
2527 IN PVOID Context OPTIONAL
2529 /* ret: STATUS_RANGE_NOT_LOCKED */
2534 FsRtlFastUnlockSingle (
2535 IN PFILE_LOCK FileLock
,
2536 IN PFILE_OBJECT FileObject
,
2537 IN PLARGE_INTEGER FileOffset
,
2538 IN PLARGE_INTEGER Length
,
2539 IN PEPROCESS Process
,
2541 IN PVOID Context OPTIONAL
,
2542 IN BOOLEAN AlreadySynchronized
2544 /* ret: STATUS_RANGE_NOT_LOCKED */
2549 FsRtlFindInTunnelCache (
2551 IN ULONGLONG DirectoryKey
,
2552 IN PUNICODE_STRING Name
,
2553 OUT PUNICODE_STRING ShortName
,
2554 OUT PUNICODE_STRING LongName
,
2555 IN OUT PULONG DataLength
,
2559 #if (VER_PRODUCTBUILD >= 2195)
2565 IN PFILE_LOCK FileLock
2568 #endif /* (VER_PRODUCTBUILD >= 2195) */
2574 IN PFILE_OBJECT FileObject
,
2575 IN OUT PLARGE_INTEGER FileSize
2579 FsRtlGetNextFileLock:
2581 ret: NULL if no more locks
2584 FsRtlGetNextFileLock uses FileLock->LastReturnedLockInfo and
2585 FileLock->LastReturnedLock as storage.
2586 LastReturnedLock is a pointer to the 'raw' lock inkl. double linked
2587 list, and FsRtlGetNextFileLock needs this to get next lock on subsequent
2588 calls with Restart = FALSE.
2593 FsRtlGetNextFileLock (
2594 IN PFILE_LOCK FileLock
,
2601 FsRtlInitializeFileLock (
2602 IN PFILE_LOCK FileLock
,
2603 IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL
,
2604 IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL
2610 FsRtlInitializeOplock (
2611 IN OUT POPLOCK Oplock
2617 FsRtlInitializeTunnelCache (
2624 FsRtlIsNameInExpression (
2625 IN PUNICODE_STRING Expression
,
2626 IN PUNICODE_STRING Name
,
2627 IN BOOLEAN IgnoreCase
,
2628 IN PWCHAR UpcaseTable OPTIONAL
2634 FsRtlIsNtstatusExpected (
2635 IN NTSTATUS Ntstatus
2638 #define NLS_OEM_LEAD_BYTE_INFO NlsOemLeadByteInfo
2640 extern PUSHORT NlsOemLeadByteInfo
;
2642 #define FsRtlIsLeadDbcsCharacter(DBCS_CHAR) ( \
2643 (BOOLEAN)((UCHAR)(DBCS_CHAR) < 0x80 ? FALSE : \
2644 (NLS_MB_CODE_PAGE_TAG && \
2645 (NLS_OEM_LEAD_BYTE_INFO[(UCHAR)(DBCS_CHAR)] != 0))) \
2648 #define FsRtlIsAnsiCharacterWild(C) ( \
2649 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], FSRTL_WILD_CHARACTER ) \
2652 #define FsRtlIsUnicodeCharacterWild(C) ( \
2655 FlagOn(FsRtlLegalAnsiCharacterArray[(C)], FSRTL_WILD_CHARACTER )) \
2662 IN PFILE_OBJECT FileObject
,
2663 IN PLARGE_INTEGER FileOffset
,
2667 OUT PIO_STATUS_BLOCK IoStatus
,
2668 IN PDEVICE_OBJECT DeviceObject
2674 FsRtlMdlReadComplete (
2675 IN PFILE_OBJECT FileObject
,
2682 FsRtlMdlReadCompleteDev (
2683 IN PFILE_OBJECT FileObject
,
2685 IN PDEVICE_OBJECT DeviceObject
2691 FsRtlPrepareMdlWriteDev (
2692 IN PFILE_OBJECT FileObject
,
2693 IN PLARGE_INTEGER FileOffset
,
2697 OUT PIO_STATUS_BLOCK IoStatus
,
2698 IN PDEVICE_OBJECT DeviceObject
2704 FsRtlMdlWriteComplete (
2705 IN PFILE_OBJECT FileObject
,
2706 IN PLARGE_INTEGER FileOffset
,
2713 FsRtlMdlWriteCompleteDev (
2714 IN PFILE_OBJECT FileObject
,
2715 IN PLARGE_INTEGER FileOffset
,
2717 IN PDEVICE_OBJECT DeviceObject
2723 FsRtlNormalizeNtstatus (
2724 IN NTSTATUS Exception
,
2725 IN NTSTATUS GenericException
2731 FsRtlNotifyChangeDirectory (
2732 IN PNOTIFY_SYNC NotifySync
,
2734 IN PSTRING FullDirectoryName
,
2735 IN PLIST_ENTRY NotifyList
,
2736 IN BOOLEAN WatchTree
,
2737 IN ULONG CompletionFilter
,
2744 FsRtlNotifyCleanup (
2745 IN PNOTIFY_SYNC NotifySync
,
2746 IN PLIST_ENTRY NotifyList
,
2750 typedef BOOLEAN (*PCHECK_FOR_TRAVERSE_ACCESS
) (
2751 IN PVOID NotifyContext
,
2752 IN PVOID TargetContext
,
2753 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
2759 FsRtlNotifyFullChangeDirectory (
2760 IN PNOTIFY_SYNC NotifySync
,
2761 IN PLIST_ENTRY NotifyList
,
2763 IN PSTRING FullDirectoryName
,
2764 IN BOOLEAN WatchTree
,
2765 IN BOOLEAN IgnoreBuffer
,
2766 IN ULONG CompletionFilter
,
2768 IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL
,
2769 IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL
2775 FsRtlNotifyFullReportChange (
2776 IN PNOTIFY_SYNC NotifySync
,
2777 IN PLIST_ENTRY NotifyList
,
2778 IN PSTRING FullTargetName
,
2779 IN USHORT TargetNameOffset
,
2780 IN PSTRING StreamName OPTIONAL
,
2781 IN PSTRING NormalizedParentName OPTIONAL
,
2782 IN ULONG FilterMatch
,
2784 IN PVOID TargetContext
2790 FsRtlNotifyInitializeSync (
2791 IN PNOTIFY_SYNC
*NotifySync
2797 FsRtlNotifyReportChange (
2798 IN PNOTIFY_SYNC NotifySync
,
2799 IN PLIST_ENTRY NotifyList
,
2800 IN PSTRING FullTargetName
,
2801 IN PUSHORT FileNamePartLength
,
2802 IN ULONG FilterMatch
2808 FsRtlNotifyUninitializeSync (
2809 IN PNOTIFY_SYNC
*NotifySync
2812 #if (VER_PRODUCTBUILD >= 2195)
2817 FsRtlNotifyVolumeEvent (
2818 IN PFILE_OBJECT FileObject
,
2822 #endif /* (VER_PRODUCTBUILD >= 2195) */
2836 FsRtlOplockIsFastIoPossible (
2843 ret: IoStatus->Status: STATUS_PENDING, STATUS_LOCK_NOT_GRANTED
2846 -Calls IoCompleteRequest if Irp
2847 -Uses exception handling / ExRaiseStatus with STATUS_INSUFFICIENT_RESOURCES
2853 IN PFILE_LOCK FileLock
,
2854 IN PFILE_OBJECT FileObject
,
2855 IN PLARGE_INTEGER FileOffset
,
2856 IN PLARGE_INTEGER Length
,
2857 IN PEPROCESS Process
,
2859 IN BOOLEAN FailImmediately
,
2860 IN BOOLEAN ExclusiveLock
,
2861 OUT PIO_STATUS_BLOCK IoStatus
,
2862 IN PIRP Irp OPTIONAL
,
2864 IN BOOLEAN AlreadySynchronized
2868 FsRtlProcessFileLock:
2871 -STATUS_INVALID_DEVICE_REQUEST
2872 -STATUS_RANGE_NOT_LOCKED from unlock routines.
2873 -STATUS_PENDING, STATUS_LOCK_NOT_GRANTED from FsRtlPrivateLock
2874 (redirected IoStatus->Status).
2877 -switch ( Irp->CurrentStackLocation->MinorFunction )
2878 lock: return FsRtlPrivateLock;
2879 unlocksingle: return FsRtlFastUnlockSingle;
2880 unlockall: return FsRtlFastUnlockAll;
2881 unlockallbykey: return FsRtlFastUnlockAllByKey;
2882 default: IofCompleteRequest with STATUS_INVALID_DEVICE_REQUEST;
2883 return STATUS_INVALID_DEVICE_REQUEST;
2885 -'AllwaysZero' is passed thru as 'AllwaysZero' to lock / unlock routines.
2886 -'Irp' is passet thru as 'Irp' to FsRtlPrivateLock.
2891 FsRtlProcessFileLock (
2892 IN PFILE_LOCK FileLock
,
2894 IN PVOID Context OPTIONAL
2900 FsRtlRegisterUncProvider (
2901 IN OUT PHANDLE MupHandle
,
2902 IN PUNICODE_STRING RedirectorDeviceName
,
2903 IN BOOLEAN MailslotsSupported
2907 (NTAPI
*PFSRTL_STACK_OVERFLOW_ROUTINE
) (
2915 FsRtlPostStackOverflow (
2918 IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine
2924 FsRtlPostPagingFileStackOverflow (
2927 IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine
2933 FsRtlUninitializeFileLock (
2934 IN PFILE_LOCK FileLock
2940 FsRtlUninitializeOplock (
2941 IN OUT POPLOCK Oplock
2954 HalQueryRealTimeClock (
2955 IN OUT PTIME_FIELDS TimeFields
2961 HalSetRealTimeClock (
2962 IN PTIME_FIELDS TimeFields
2968 IoAttachDeviceToDeviceStackSafe(
2969 IN PDEVICE_OBJECT SourceDevice
,
2970 IN PDEVICE_OBJECT TargetDevice
,
2971 OUT PDEVICE_OBJECT
*AttachedToDeviceObject
2977 IoAcquireVpbSpinLock (
2984 IoCheckDesiredAccess (
2985 IN OUT PACCESS_MASK DesiredAccess
,
2986 IN ACCESS_MASK GrantedAccess
2992 IoCheckEaBufferValidity (
2993 IN PFILE_FULL_EA_INFORMATION EaBuffer
,
2995 OUT PULONG ErrorOffset
3001 IoCheckFunctionAccess (
3002 IN ACCESS_MASK GrantedAccess
,
3003 IN UCHAR MajorFunction
,
3004 IN UCHAR MinorFunction
,
3005 IN ULONG IoControlCode
,
3006 IN PVOID Argument1 OPTIONAL
,
3007 IN PVOID Argument2 OPTIONAL
3010 #if (VER_PRODUCTBUILD >= 2195)
3015 IoCheckQuotaBufferValidity (
3016 IN PFILE_QUOTA_INFORMATION QuotaBuffer
,
3017 IN ULONG QuotaLength
,
3018 OUT PULONG ErrorOffset
3021 #endif /* (VER_PRODUCTBUILD >= 2195) */
3026 IoCreateStreamFileObject (
3027 IN PFILE_OBJECT FileObject OPTIONAL
,
3028 IN PDEVICE_OBJECT DeviceObject OPTIONAL
3031 #if (VER_PRODUCTBUILD >= 2195)
3036 IoCreateStreamFileObjectLite (
3037 IN PFILE_OBJECT FileObject OPTIONAL
,
3038 IN PDEVICE_OBJECT DeviceObject OPTIONAL
3041 #endif /* (VER_PRODUCTBUILD >= 2195) */
3046 IoFastQueryNetworkAttributes (
3047 IN POBJECT_ATTRIBUTES ObjectAttributes
,
3048 IN ACCESS_MASK DesiredAccess
,
3049 IN ULONG OpenOptions
,
3050 OUT PIO_STATUS_BLOCK IoStatus
,
3051 OUT PFILE_NETWORK_OPEN_INFORMATION Buffer
3057 IoGetAttachedDevice (
3058 IN PDEVICE_OBJECT DeviceObject
3064 IoGetBaseFileSystemDeviceObject (
3065 IN PFILE_OBJECT FileObject
3071 IoGetRequestorProcess (
3075 #if (VER_PRODUCTBUILD >= 2195)
3080 IoGetRequestorProcessId (
3084 #endif /* (VER_PRODUCTBUILD >= 2195) */
3093 #define IoIsFileOpenedExclusively(FileObject) ( \
3095 (FileObject)->SharedRead || \
3096 (FileObject)->SharedWrite || \
3097 (FileObject)->SharedDelete \
3104 IoIsOperationSynchronous (
3115 #if (VER_PRODUCTBUILD >= 2195)
3120 IoIsValidNameGraftingBuffer (
3122 IN PREPARSE_DATA_BUFFER ReparseBuffer
3125 #endif /* (VER_PRODUCTBUILD >= 2195) */
3131 IN PFILE_OBJECT FileObject
,
3133 IN PLARGE_INTEGER Offset
,
3135 OUT PIO_STATUS_BLOCK IoStatusBlock
3141 IoQueryFileInformation (
3142 IN PFILE_OBJECT FileObject
,
3143 IN FILE_INFORMATION_CLASS FileInformationClass
,
3145 OUT PVOID FileInformation
,
3146 OUT PULONG ReturnedLength
3152 IoQueryVolumeInformation (
3153 IN PFILE_OBJECT FileObject
,
3154 IN FS_INFORMATION_CLASS FsInformationClass
,
3156 OUT PVOID FsInformation
,
3157 OUT PULONG ReturnedLength
3170 IoRegisterFileSystem (
3171 IN OUT PDEVICE_OBJECT DeviceObject
3174 #if (VER_PRODUCTBUILD >= 1381)
3176 typedef VOID (NTAPI
*PDRIVER_FS_NOTIFICATION
) (
3177 IN PDEVICE_OBJECT DeviceObject
,
3178 IN BOOLEAN DriverActive
3184 IoRegisterFsRegistrationChange (
3185 IN PDRIVER_OBJECT DriverObject
,
3186 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
3189 #endif /* (VER_PRODUCTBUILD >= 1381) */
3194 IoReleaseVpbSpinLock (
3201 IoSetDeviceToVerify (
3203 IN PDEVICE_OBJECT DeviceObject
3210 IN PFILE_OBJECT FileObject
,
3211 IN FILE_INFORMATION_CLASS FileInformationClass
,
3213 IN PVOID FileInformation
3226 IoSynchronousPageWrite (
3227 IN PFILE_OBJECT FileObject
,
3229 IN PLARGE_INTEGER FileOffset
,
3231 OUT PIO_STATUS_BLOCK IoStatusBlock
3244 IoUnregisterFileSystem (
3245 IN OUT PDEVICE_OBJECT DeviceObject
3248 #if (VER_PRODUCTBUILD >= 1381)
3253 IoUnregisterFsRegistrationChange (
3254 IN PDRIVER_OBJECT DriverObject
,
3255 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
3258 #endif /* (VER_PRODUCTBUILD >= 1381) */
3264 IN PDEVICE_OBJECT DeviceObject
,
3265 IN BOOLEAN AllowRawMount
3272 IN PKPROCESS Process
3287 IN ULONG Count OPTIONAL
3295 IN PLIST_ENTRY Entry
3303 IN PLIST_ENTRY Entry
3311 IN PVOID SystemArgument1
,
3312 IN PVOID SystemArgument2
,
3313 IN KPRIORITY PriorityBoost
3328 IN KPROCESSOR_MODE WaitMode
,
3329 IN PLARGE_INTEGER Timeout OPTIONAL
3342 KeInitializeMutant (
3343 IN PRKMUTANT Mutant
,
3344 IN BOOLEAN InitialOwner
3358 IN PRKMUTANT Mutant
,
3359 IN KPRIORITY Increment
,
3360 IN BOOLEAN Abandoned
,
3364 #if (VER_PRODUCTBUILD >= 2195)
3369 KeStackAttachProcess (
3370 IN PKPROCESS Process
,
3371 OUT PKAPC_STATE ApcState
3377 KeUnstackDetachProcess (
3378 IN PKAPC_STATE ApcState
3381 #endif /* (VER_PRODUCTBUILD >= 2195) */
3386 KeSetKernelStackSwapEnable(
3393 MmCanFileBeTruncated (
3394 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
3395 IN PLARGE_INTEGER NewFileSize
3401 MmFlushImageSection (
3402 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
3403 IN MMFLUSH_TYPE FlushType
3409 MmForceSectionClosed (
3410 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
3411 IN BOOLEAN DelayClose
3414 #if (VER_PRODUCTBUILD >= 1381)
3419 MmIsRecursiveIoFault (
3425 #define MmIsRecursiveIoFault() ( \
3426 (PsGetCurrentThread()->DisablePageFaultClustering) | \
3427 (PsGetCurrentThread()->ForwardClusterOnly) \
3436 MmSetAddressRangeModified (
3445 IN KPROCESSOR_MODE ObjectAttributesAccessMode OPTIONAL
,
3446 IN POBJECT_TYPE ObjectType
,
3447 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
3448 IN KPROCESSOR_MODE AccessMode
,
3449 IN OUT PVOID ParseContext OPTIONAL
,
3450 IN ULONG ObjectSize
,
3451 IN ULONG PagedPoolCharge OPTIONAL
,
3452 IN ULONG NonPagedPoolCharge OPTIONAL
,
3459 ObGetObjectPointerCount (
3468 IN PACCESS_STATE PassedAccessState OPTIONAL
,
3469 IN ACCESS_MASK DesiredAccess
,
3470 IN ULONG AdditionalReferences
,
3471 OUT PVOID
*ReferencedObject OPTIONAL
,
3478 ObMakeTemporaryObject (
3485 ObOpenObjectByPointer (
3487 IN ULONG HandleAttributes
,
3488 IN PACCESS_STATE PassedAccessState OPTIONAL
,
3489 IN ACCESS_MASK DesiredAccess OPTIONAL
,
3490 IN POBJECT_TYPE ObjectType OPTIONAL
,
3491 IN KPROCESSOR_MODE AccessMode
,
3500 OUT POBJECT_NAME_INFORMATION ObjectNameInfo
,
3502 OUT PULONG ReturnLength
3508 ObQueryObjectAuditingByHandle (
3510 OUT PBOOLEAN GenerateOnClose
3516 ObReferenceObjectByName (
3517 IN PUNICODE_STRING ObjectName
,
3518 IN ULONG Attributes
,
3519 IN PACCESS_STATE PassedAccessState OPTIONAL
,
3520 IN ACCESS_MASK DesiredAccess OPTIONAL
,
3521 IN POBJECT_TYPE ObjectType
,
3522 IN KPROCESSOR_MODE AccessMode
,
3523 IN OUT PVOID ParseContext OPTIONAL
,
3530 PsAssignImpersonationToken (
3539 IN PEPROCESS Process
,
3540 IN POOL_TYPE PoolType
,
3547 PsChargeProcessPoolQuota (
3548 IN PEPROCESS Process
,
3549 IN POOL_TYPE PoolType
,
3553 #define PsDereferenceImpersonationToken(T) \
3554 {if (ARGUMENT_PRESENT(T)) { \
3555 (ObDereferenceObject((T))); \
3561 #define PsDereferencePrimaryToken(T) (ObDereferenceObject((T)))
3566 PsDisableImpersonation(
3568 IN PSE_IMPERSONATION_STATE ImpersonationState
3574 PsGetProcessExitTime (
3581 PsImpersonateClient(
3583 IN PACCESS_TOKEN Token
,
3584 IN BOOLEAN CopyOnOpen
,
3585 IN BOOLEAN EffectiveOnly
,
3586 IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
3599 PsIsThreadTerminating (
3606 PsLookupProcessByProcessId (
3607 IN HANDLE ProcessId
,
3608 OUT PEPROCESS
*Process
3614 PsLookupProcessThreadByCid (
3616 OUT PEPROCESS
*Process OPTIONAL
,
3617 OUT PETHREAD
*Thread
3623 PsLookupThreadByThreadId (
3624 IN HANDLE UniqueThreadId
,
3625 OUT PETHREAD
*Thread
3631 PsReferenceImpersonationToken (
3633 OUT PBOOLEAN CopyOnUse
,
3634 OUT PBOOLEAN EffectiveOnly
,
3635 OUT PSECURITY_IMPERSONATION_LEVEL Level
3641 PsReferencePrimaryToken (
3642 IN PEPROCESS Process
3648 PsRestoreImpersonation(
3650 IN PSE_IMPERSONATION_STATE ImpersonationState
3657 IN PEPROCESS Process
,
3658 IN POOL_TYPE PoolType
,
3672 RtlAbsoluteToSelfRelativeSD (
3673 IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor
,
3674 IN OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor
,
3675 IN PULONG BufferLength
3682 IN HANDLE HeapHandle
,
3691 IN USHORT CompressionFormatAndEngine
,
3692 IN PUCHAR UncompressedBuffer
,
3693 IN ULONG UncompressedBufferSize
,
3694 OUT PUCHAR CompressedBuffer
,
3695 IN ULONG CompressedBufferSize
,
3696 IN ULONG UncompressedChunkSize
,
3697 OUT PULONG FinalCompressedSize
,
3705 IN PUCHAR UncompressedBuffer
,
3706 IN ULONG UncompressedBufferSize
,
3707 OUT PUCHAR CompressedBuffer
,
3708 IN ULONG CompressedBufferSize
,
3709 IN OUT PCOMPRESSED_DATA_INFO CompressedDataInfo
,
3710 IN ULONG CompressedDataInfoLength
,
3717 RtlConvertSidToUnicodeString (
3718 OUT PUNICODE_STRING DestinationString
,
3720 IN BOOLEAN AllocateDestinationString
3728 IN PSID Destination
,
3735 RtlCreateUnicodeString(
3736 PUNICODE_STRING DestinationString
,
3743 RtlDecompressBuffer (
3744 IN USHORT CompressionFormat
,
3745 OUT PUCHAR UncompressedBuffer
,
3746 IN ULONG UncompressedBufferSize
,
3747 IN PUCHAR CompressedBuffer
,
3748 IN ULONG CompressedBufferSize
,
3749 OUT PULONG FinalUncompressedSize
3755 RtlDecompressChunks (
3756 OUT PUCHAR UncompressedBuffer
,
3757 IN ULONG UncompressedBufferSize
,
3758 IN PUCHAR CompressedBuffer
,
3759 IN ULONG CompressedBufferSize
,
3760 IN PUCHAR CompressedTail
,
3761 IN ULONG CompressedTailSize
,
3762 IN PCOMPRESSED_DATA_INFO CompressedDataInfo
3768 RtlDecompressFragment (
3769 IN USHORT CompressionFormat
,
3770 OUT PUCHAR UncompressedFragment
,
3771 IN ULONG UncompressedFragmentSize
,
3772 IN PUCHAR CompressedBuffer
,
3773 IN ULONG CompressedBufferSize
,
3774 IN ULONG FragmentOffset
,
3775 OUT PULONG FinalUncompressedSize
,
3783 IN USHORT CompressionFormat
,
3784 IN OUT PUCHAR
*CompressedBuffer
,
3785 IN PUCHAR EndOfCompressedBufferPlus1
,
3786 OUT PUCHAR
*ChunkBuffer
,
3787 OUT PULONG ChunkSize
3793 RtlDowncaseUnicodeString(
3794 IN OUT PUNICODE_STRING UniDest
,
3795 IN PCUNICODE_STRING UniSource
,
3796 IN BOOLEAN AllocateDestinationString
3802 RtlDuplicateUnicodeString(
3804 IN PCUNICODE_STRING SourceString
,
3805 OUT PUNICODE_STRING DestinationString
3819 RtlFillMemoryUlong (
3820 IN PVOID Destination
,
3829 IN HANDLE HeapHandle
,
3837 RtlGenerate8dot3Name (
3838 IN PUNICODE_STRING Name
,
3839 IN BOOLEAN AllowExtendedCharacters
,
3840 IN OUT PGENERATE_NAME_CONTEXT Context
,
3841 OUT PUNICODE_STRING Name8dot3
3847 RtlGetCompressionWorkSpaceSize (
3848 IN USHORT CompressionFormatAndEngine
,
3849 OUT PULONG CompressBufferWorkSpaceSize
,
3850 OUT PULONG CompressFragmentWorkSpaceSize
3856 RtlGetDaclSecurityDescriptor (
3857 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
3858 OUT PBOOLEAN DaclPresent
,
3860 OUT PBOOLEAN DaclDefaulted
3866 RtlGetGroupSecurityDescriptor (
3867 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
3869 OUT PBOOLEAN GroupDefaulted
3875 RtlGetOwnerSecurityDescriptor (
3876 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
3878 OUT PBOOLEAN OwnerDefaulted
3886 IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority
,
3887 IN UCHAR SubAuthorityCount
3893 RtlIsNameLegalDOS8Dot3(
3894 IN PCUNICODE_STRING Name
,
3895 IN OUT POEM_STRING OemName OPTIONAL
,
3896 IN OUT PBOOLEAN NameContainsSpaces OPTIONAL
3902 RtlLengthRequiredSid (
3903 IN ULONG SubAuthorityCount
3916 RtlNtStatusToDosError (
3923 RtlOemStringToUnicodeString(
3924 IN OUT PUNICODE_STRING DestinationString
,
3925 IN PCOEM_STRING SourceString
,
3926 IN BOOLEAN AllocateDestinationString
3932 RtlUnicodeStringToOemString(
3933 IN OUT POEM_STRING DestinationString
,
3934 IN PCUNICODE_STRING SourceString
,
3935 IN BOOLEAN AllocateDestinationString
3942 IN USHORT CompressionFormat
,
3943 IN OUT PUCHAR
*CompressedBuffer
,
3944 IN PUCHAR EndOfCompressedBufferPlus1
,
3945 OUT PUCHAR
*ChunkBuffer
,
3952 RtlSecondsSince1970ToTime (
3953 IN ULONG SecondsSince1970
,
3954 OUT PLARGE_INTEGER Time
3960 RtlSetGroupSecurityDescriptor (
3961 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
3963 IN BOOLEAN GroupDefaulted
3969 RtlSetOwnerSecurityDescriptor (
3970 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
3972 IN BOOLEAN OwnerDefaulted
3978 RtlSetSaclSecurityDescriptor (
3979 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
3980 IN BOOLEAN SaclPresent
,
3982 IN BOOLEAN SaclDefaulted
3988 RtlSubAuthorityCountSid (
3995 RtlSubAuthoritySid (
3997 IN ULONG SubAuthority
4003 RtlUnicodeToMultiByteN(
4004 OUT PCHAR MultiByteString
,
4005 IN ULONG MaxBytesInMultiByteString
,
4006 OUT PULONG BytesInMultiByteString OPTIONAL
,
4007 IN PWCH UnicodeString
,
4008 IN ULONG BytesInUnicodeString
4011 /* RTL Splay Tree Functions */
4015 RtlSplay(PRTL_SPLAY_LINKS Links
);
4020 RtlDelete(PRTL_SPLAY_LINKS Links
);
4026 PRTL_SPLAY_LINKS Links
,
4027 PRTL_SPLAY_LINKS
*Root
4033 RtlSubtreeSuccessor(PRTL_SPLAY_LINKS Links
);
4038 RtlSubtreePredecessor(PRTL_SPLAY_LINKS Links
);
4043 RtlRealSuccessor(PRTL_SPLAY_LINKS Links
);
4048 RtlRealPredecessor(PRTL_SPLAY_LINKS Links
);
4050 #define RtlIsLeftChild(Links) \
4051 (RtlLeftChild(RtlParent(Links)) == (PRTL_SPLAY_LINKS)(Links))
4053 #define RtlIsRightChild(Links) \
4054 (RtlRightChild(RtlParent(Links)) == (PRTL_SPLAY_LINKS)(Links))
4056 #define RtlRightChild(Links) \
4057 ((PRTL_SPLAY_LINKS)(Links))->RightChild
4059 #define RtlIsRoot(Links) \
4060 (RtlParent(Links) == (PRTL_SPLAY_LINKS)(Links))
4062 #define RtlLeftChild(Links) \
4063 ((PRTL_SPLAY_LINKS)(Links))->LeftChild
4065 #define RtlParent(Links) \
4066 ((PRTL_SPLAY_LINKS)(Links))->Parent
4068 #define RtlInitializeSplayLinks(Links) \
4070 PRTL_SPLAY_LINKS _SplayLinks; \
4071 _SplayLinks = (PRTL_SPLAY_LINKS)(Links); \
4072 _SplayLinks->Parent = _SplayLinks; \
4073 _SplayLinks->LeftChild = NULL; \
4074 _SplayLinks->RightChild = NULL; \
4077 #define RtlInsertAsLeftChild(ParentLinks,ChildLinks) \
4079 PRTL_SPLAY_LINKS _SplayParent; \
4080 PRTL_SPLAY_LINKS _SplayChild; \
4081 _SplayParent = (PRTL_SPLAY_LINKS)(ParentLinks); \
4082 _SplayChild = (PRTL_SPLAY_LINKS)(ChildLinks); \
4083 _SplayParent->LeftChild = _SplayChild; \
4084 _SplayChild->Parent = _SplayParent; \
4087 #define RtlInsertAsRightChild(ParentLinks,ChildLinks) \
4089 PRTL_SPLAY_LINKS _SplayParent; \
4090 PRTL_SPLAY_LINKS _SplayChild; \
4091 _SplayParent = (PRTL_SPLAY_LINKS)(ParentLinks); \
4092 _SplayChild = (PRTL_SPLAY_LINKS)(ChildLinks); \
4093 _SplayParent->RightChild = _SplayChild; \
4094 _SplayChild->Parent = _SplayParent; \
4107 SeAppendPrivileges (
4108 PACCESS_STATE AccessState
,
4109 PPRIVILEGE_SET Privileges
4115 SeAuditingFileEvents (
4116 IN BOOLEAN AccessGranted
,
4117 IN PSECURITY_DESCRIPTOR SecurityDescriptor
4123 SeAuditingFileOrGlobalEvents (
4124 IN BOOLEAN AccessGranted
,
4125 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
4126 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
4132 SeCaptureSubjectContext (
4133 OUT PSECURITY_SUBJECT_CONTEXT SubjectContext
4139 SeCreateClientSecurity (
4141 IN PSECURITY_QUALITY_OF_SERVICE QualityOfService
,
4142 IN BOOLEAN RemoteClient
,
4143 OUT PSECURITY_CLIENT_CONTEXT ClientContext
4146 #if (VER_PRODUCTBUILD >= 2195)
4151 SeCreateClientSecurityFromSubjectContext (
4152 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
,
4153 IN PSECURITY_QUALITY_OF_SERVICE QualityOfService
,
4154 IN BOOLEAN ServerIsRemote
,
4155 OUT PSECURITY_CLIENT_CONTEXT ClientContext
4158 #endif /* (VER_PRODUCTBUILD >= 2195) */
4160 #define SeDeleteClientSecurity(C) { \
4161 if (SeTokenType((C)->ClientToken) == TokenPrimary) { \
4162 PsDereferencePrimaryToken( (C)->ClientToken ); \
4164 PsDereferenceImpersonationToken( (C)->ClientToken ); \
4171 SeDeleteObjectAuditAlarm (
4176 #define SeEnableAccessToExports() SeExports = *(PSE_EXPORTS *)SeExports;
4182 IN PPRIVILEGE_SET Privileges
4188 SeImpersonateClient (
4189 IN PSECURITY_CLIENT_CONTEXT ClientContext
,
4190 IN PETHREAD ServerThread OPTIONAL
4193 #if (VER_PRODUCTBUILD >= 2195)
4198 SeImpersonateClientEx (
4199 IN PSECURITY_CLIENT_CONTEXT ClientContext
,
4200 IN PETHREAD ServerThread OPTIONAL
4203 #endif /* (VER_PRODUCTBUILD >= 2195) */
4208 SeLockSubjectContext (
4209 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
4215 SeMarkLogonSessionForTerminationNotification (
4222 SeOpenObjectAuditAlarm (
4223 IN PUNICODE_STRING ObjectTypeName
,
4224 IN PVOID Object OPTIONAL
,
4225 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL
,
4226 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
4227 IN PACCESS_STATE AccessState
,
4228 IN BOOLEAN ObjectCreated
,
4229 IN BOOLEAN AccessGranted
,
4230 IN KPROCESSOR_MODE AccessMode
,
4231 OUT PBOOLEAN GenerateOnClose
4237 SeOpenObjectForDeleteAuditAlarm (
4238 IN PUNICODE_STRING ObjectTypeName
,
4239 IN PVOID Object OPTIONAL
,
4240 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL
,
4241 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
4242 IN PACCESS_STATE AccessState
,
4243 IN BOOLEAN ObjectCreated
,
4244 IN BOOLEAN AccessGranted
,
4245 IN KPROCESSOR_MODE AccessMode
,
4246 OUT PBOOLEAN GenerateOnClose
4253 IN OUT PPRIVILEGE_SET RequiredPrivileges
,
4254 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
,
4255 IN KPROCESSOR_MODE AccessMode
4261 SeQueryAuthenticationIdToken (
4262 IN PACCESS_TOKEN Token
,
4266 #if (VER_PRODUCTBUILD >= 2195)
4271 SeQueryInformationToken (
4272 IN PACCESS_TOKEN Token
,
4273 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
4274 OUT PVOID
*TokenInformation
4277 #endif /* (VER_PRODUCTBUILD >= 2195) */
4282 SeQuerySecurityDescriptorInfo (
4283 IN PSECURITY_INFORMATION SecurityInformation
,
4284 OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
4285 IN OUT PULONG Length
,
4286 IN PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
4289 #if (VER_PRODUCTBUILD >= 2195)
4294 SeQuerySessionIdToken (
4295 IN PACCESS_TOKEN Token
,
4299 #endif /* (VER_PRODUCTBUILD >= 2195) */
4301 #define SeQuerySubjectContextToken( SubjectContext ) \
4302 ( ARGUMENT_PRESENT( \
4303 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken \
4305 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken : \
4306 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->PrimaryToken )
4308 typedef NTSTATUS (*PSE_LOGON_SESSION_TERMINATED_ROUTINE
) (
4315 SeRegisterLogonSessionTerminatedRoutine (
4316 IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
4322 SeReleaseSubjectContext (
4323 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
4329 SeSetAccessStateGenericMapping (
4330 PACCESS_STATE AccessState
,
4331 PGENERIC_MAPPING GenericMapping
4337 SeSetSecurityDescriptorInfo (
4338 IN PVOID Object OPTIONAL
,
4339 IN PSECURITY_INFORMATION SecurityInformation
,
4340 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
4341 IN OUT PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
,
4342 IN POOL_TYPE PoolType
,
4343 IN PGENERIC_MAPPING GenericMapping
4346 #if (VER_PRODUCTBUILD >= 2195)
4351 SeSetSecurityDescriptorInfoEx (
4352 IN PVOID Object OPTIONAL
,
4353 IN PSECURITY_INFORMATION SecurityInformation
,
4354 IN PSECURITY_DESCRIPTOR ModificationDescriptor
,
4355 IN OUT PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
,
4356 IN ULONG AutoInheritFlags
,
4357 IN POOL_TYPE PoolType
,
4358 IN PGENERIC_MAPPING GenericMapping
4365 IN PACCESS_TOKEN Token
4371 SeTokenIsRestricted (
4372 IN PACCESS_TOKEN Token
4375 #endif /* (VER_PRODUCTBUILD >= 2195) */
4381 IN PACCESS_TOKEN Token
4387 SeUnlockSubjectContext (
4388 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
4394 SeUnregisterLogonSessionTerminatedRoutine (
4395 IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
4398 #if (VER_PRODUCTBUILD >= 2195)
4403 ZwAdjustPrivilegesToken (
4404 IN HANDLE TokenHandle
,
4405 IN BOOLEAN DisableAllPrivileges
,
4406 IN PTOKEN_PRIVILEGES NewState
,
4407 IN ULONG BufferLength
,
4408 OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL
,
4409 OUT PULONG ReturnLength
4412 #endif /* (VER_PRODUCTBUILD >= 2195) */
4418 IN HANDLE ThreadHandle
4424 ZwAllocateVirtualMemory (
4425 IN HANDLE ProcessHandle
,
4426 IN OUT PVOID
*BaseAddress
,
4428 IN OUT PULONG RegionSize
,
4429 IN ULONG AllocationType
,
4436 ZwAccessCheckAndAuditAlarm (
4437 IN PUNICODE_STRING SubsystemName
,
4439 IN PUNICODE_STRING ObjectTypeName
,
4440 IN PUNICODE_STRING ObjectName
,
4441 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
4442 IN ACCESS_MASK DesiredAccess
,
4443 IN PGENERIC_MAPPING GenericMapping
,
4444 IN BOOLEAN ObjectCreation
,
4445 OUT PACCESS_MASK GrantedAccess
,
4446 OUT PBOOLEAN AccessStatus
,
4447 OUT PBOOLEAN GenerateOnClose
4450 #if (VER_PRODUCTBUILD >= 2195)
4456 IN HANDLE FileHandle
,
4457 OUT PIO_STATUS_BLOCK IoStatusBlock
4460 #endif /* (VER_PRODUCTBUILD >= 2195) */
4466 IN HANDLE EventHandle
4472 ZwCloseObjectAuditAlarm (
4473 IN PUNICODE_STRING SubsystemName
,
4475 IN BOOLEAN GenerateOnClose
4482 OUT PHANDLE SectionHandle
,
4483 IN ACCESS_MASK DesiredAccess
,
4484 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
4485 IN PLARGE_INTEGER MaximumSize OPTIONAL
,
4486 IN ULONG SectionPageProtection
,
4487 IN ULONG AllocationAttributes
,
4488 IN HANDLE FileHandle OPTIONAL
4494 ZwCreateSymbolicLinkObject (
4495 OUT PHANDLE SymbolicLinkHandle
,
4496 IN ACCESS_MASK DesiredAccess
,
4497 IN POBJECT_ATTRIBUTES ObjectAttributes
,
4498 IN PUNICODE_STRING TargetName
4505 IN POBJECT_ATTRIBUTES ObjectAttributes
4513 IN PUNICODE_STRING Name
4519 ZwDeviceIoControlFile (
4520 IN HANDLE FileHandle
,
4521 IN HANDLE Event OPTIONAL
,
4522 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
4523 IN PVOID ApcContext OPTIONAL
,
4524 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4525 IN ULONG IoControlCode
,
4526 IN PVOID InputBuffer OPTIONAL
,
4527 IN ULONG InputBufferLength
,
4528 OUT PVOID OutputBuffer OPTIONAL
,
4529 IN ULONG OutputBufferLength
4536 IN PUNICODE_STRING String
4543 IN HANDLE SourceProcessHandle
,
4544 IN HANDLE SourceHandle
,
4545 IN HANDLE TargetProcessHandle OPTIONAL
,
4546 OUT PHANDLE TargetHandle OPTIONAL
,
4547 IN ACCESS_MASK DesiredAccess
,
4548 IN ULONG HandleAttributes
,
4556 IN HANDLE ExistingTokenHandle
,
4557 IN ACCESS_MASK DesiredAccess
,
4558 IN POBJECT_ATTRIBUTES ObjectAttributes
,
4559 IN BOOLEAN EffectiveOnly
,
4560 IN TOKEN_TYPE TokenType
,
4561 OUT PHANDLE NewTokenHandle
4567 ZwFlushInstructionCache (
4568 IN HANDLE ProcessHandle
,
4569 IN PVOID BaseAddress OPTIONAL
,
4577 IN HANDLE FileHandle
,
4578 OUT PIO_STATUS_BLOCK IoStatusBlock
4581 #if (VER_PRODUCTBUILD >= 2195)
4586 ZwFlushVirtualMemory (
4587 IN HANDLE ProcessHandle
,
4588 IN OUT PVOID
*BaseAddress
,
4589 IN OUT PULONG FlushSize
,
4590 OUT PIO_STATUS_BLOCK IoStatusBlock
4593 #endif /* (VER_PRODUCTBUILD >= 2195) */
4598 ZwFreeVirtualMemory (
4599 IN HANDLE ProcessHandle
,
4600 IN OUT PVOID
*BaseAddress
,
4601 IN OUT PULONG RegionSize
,
4609 IN HANDLE FileHandle
,
4610 IN HANDLE Event OPTIONAL
,
4611 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
4612 IN PVOID ApcContext OPTIONAL
,
4613 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4614 IN ULONG FsControlCode
,
4615 IN PVOID InputBuffer OPTIONAL
,
4616 IN ULONG InputBufferLength
,
4617 OUT PVOID OutputBuffer OPTIONAL
,
4618 IN ULONG OutputBufferLength
4621 #if (VER_PRODUCTBUILD >= 2195)
4626 ZwInitiatePowerAction (
4627 IN POWER_ACTION SystemAction
,
4628 IN SYSTEM_POWER_STATE MinSystemState
,
4630 IN BOOLEAN Asynchronous
4633 #endif /* (VER_PRODUCTBUILD >= 2195) */
4639 /* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" */
4640 IN PUNICODE_STRING RegistryPath
4647 IN POBJECT_ATTRIBUTES KeyObjectAttributes
,
4648 IN POBJECT_ATTRIBUTES FileObjectAttributes
4655 IN HANDLE KeyHandle
,
4656 IN HANDLE EventHandle OPTIONAL
,
4657 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
4658 IN PVOID ApcContext OPTIONAL
,
4659 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4660 IN ULONG NotifyFilter
,
4661 IN BOOLEAN WatchSubtree
,
4663 IN ULONG BufferLength
,
4664 IN BOOLEAN Asynchronous
4670 ZwOpenDirectoryObject (
4671 OUT PHANDLE DirectoryHandle
,
4672 IN ACCESS_MASK DesiredAccess
,
4673 IN POBJECT_ATTRIBUTES ObjectAttributes
4680 OUT PHANDLE EventHandle
,
4681 IN ACCESS_MASK DesiredAccess
,
4682 IN POBJECT_ATTRIBUTES ObjectAttributes
4689 OUT PHANDLE ProcessHandle
,
4690 IN ACCESS_MASK DesiredAccess
,
4691 IN POBJECT_ATTRIBUTES ObjectAttributes
,
4692 IN PCLIENT_ID ClientId OPTIONAL
4698 ZwOpenProcessToken (
4699 IN HANDLE ProcessHandle
,
4700 IN ACCESS_MASK DesiredAccess
,
4701 OUT PHANDLE TokenHandle
4708 OUT PHANDLE ThreadHandle
,
4709 IN ACCESS_MASK DesiredAccess
,
4710 IN POBJECT_ATTRIBUTES ObjectAttributes
,
4711 IN PCLIENT_ID ClientId
4718 IN HANDLE ThreadHandle
,
4719 IN ACCESS_MASK DesiredAccess
,
4720 IN BOOLEAN OpenAsSelf
,
4721 OUT PHANDLE TokenHandle
4724 #if (VER_PRODUCTBUILD >= 2195)
4729 ZwPowerInformation (
4730 IN POWER_INFORMATION_LEVEL PowerInformationLevel
,
4731 IN PVOID InputBuffer OPTIONAL
,
4732 IN ULONG InputBufferLength
,
4733 OUT PVOID OutputBuffer OPTIONAL
,
4734 IN ULONG OutputBufferLength
4737 #endif /* (VER_PRODUCTBUILD >= 2195) */
4743 IN HANDLE EventHandle
,
4744 OUT PLONG PreviousState OPTIONAL
4750 ZwQueryDefaultLocale (
4751 IN BOOLEAN ThreadOrSystem
,
4758 ZwQueryDirectoryFile (
4759 IN HANDLE FileHandle
,
4760 IN HANDLE Event OPTIONAL
,
4761 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
4762 IN PVOID ApcContext OPTIONAL
,
4763 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4764 OUT PVOID FileInformation
,
4766 IN FILE_INFORMATION_CLASS FileInformationClass
,
4767 IN BOOLEAN ReturnSingleEntry
,
4768 IN PUNICODE_STRING FileName OPTIONAL
,
4769 IN BOOLEAN RestartScan
4772 #if (VER_PRODUCTBUILD >= 2195)
4777 ZwQueryDirectoryObject (
4778 IN HANDLE DirectoryHandle
,
4781 IN BOOLEAN ReturnSingleEntry
,
4782 IN BOOLEAN RestartScan
,
4783 IN OUT PULONG Context
,
4784 OUT PULONG ReturnLength OPTIONAL
4791 IN HANDLE FileHandle
,
4792 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4795 IN BOOLEAN ReturnSingleEntry
,
4796 IN PVOID EaList OPTIONAL
,
4797 IN ULONG EaListLength
,
4798 IN PULONG EaIndex OPTIONAL
,
4799 IN BOOLEAN RestartScan
4802 #endif /* (VER_PRODUCTBUILD >= 2195) */
4807 ZwQueryInformationProcess (
4808 IN HANDLE ProcessHandle
,
4809 IN PROCESSINFOCLASS ProcessInformationClass
,
4810 OUT PVOID ProcessInformation
,
4811 IN ULONG ProcessInformationLength
,
4812 OUT PULONG ReturnLength OPTIONAL
4818 ZwQueryInformationToken (
4819 IN HANDLE TokenHandle
,
4820 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
4821 OUT PVOID TokenInformation
,
4823 OUT PULONG ResultLength
4829 ZwQuerySecurityObject (
4830 IN HANDLE FileHandle
,
4831 IN SECURITY_INFORMATION SecurityInformation
,
4832 OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
4834 OUT PULONG ResultLength
4840 ZwQueryVolumeInformationFile (
4841 IN HANDLE FileHandle
,
4842 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4843 OUT PVOID FsInformation
,
4845 IN FS_INFORMATION_CLASS FsInformationClass
4852 IN POBJECT_ATTRIBUTES NewFileObjectAttributes
,
4853 IN HANDLE KeyHandle
,
4854 IN POBJECT_ATTRIBUTES OldFileObjectAttributes
4861 IN HANDLE EventHandle
,
4862 OUT PLONG PreviousState OPTIONAL
4865 #if (VER_PRODUCTBUILD >= 2195)
4871 IN HANDLE KeyHandle
,
4872 IN HANDLE FileHandle
,
4876 #endif /* (VER_PRODUCTBUILD >= 2195) */
4882 IN HANDLE KeyHandle
,
4883 IN HANDLE FileHandle
4889 ZwSetDefaultLocale (
4890 IN BOOLEAN ThreadOrSystem
,
4894 #if (VER_PRODUCTBUILD >= 2195)
4899 ZwSetDefaultUILanguage (
4900 IN LANGID LanguageId
4907 IN HANDLE FileHandle
,
4908 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4913 #endif /* (VER_PRODUCTBUILD >= 2195) */
4919 IN HANDLE EventHandle
,
4920 OUT PLONG PreviousState OPTIONAL
4926 ZwSetInformationProcess (
4927 IN HANDLE ProcessHandle
,
4928 IN PROCESSINFOCLASS ProcessInformationClass
,
4929 IN PVOID ProcessInformation
,
4930 IN ULONG ProcessInformationLength
4933 #if (VER_PRODUCTBUILD >= 2195)
4938 ZwSetSecurityObject (
4940 IN SECURITY_INFORMATION SecurityInformation
,
4941 IN PSECURITY_DESCRIPTOR SecurityDescriptor
4944 #endif /* (VER_PRODUCTBUILD >= 2195) */
4950 IN PLARGE_INTEGER NewTime
,
4951 OUT PLARGE_INTEGER OldTime OPTIONAL
4954 #if (VER_PRODUCTBUILD >= 2195)
4959 ZwSetVolumeInformationFile (
4960 IN HANDLE FileHandle
,
4961 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4962 IN PVOID FsInformation
,
4964 IN FS_INFORMATION_CLASS FsInformationClass
4967 #endif /* (VER_PRODUCTBUILD >= 2195) */
4972 ZwTerminateProcess (
4973 IN HANDLE ProcessHandle OPTIONAL
,
4974 IN NTSTATUS ExitStatus
4981 /* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" */
4982 IN PUNICODE_STRING RegistryPath
4989 IN POBJECT_ATTRIBUTES KeyObjectAttributes
4995 ZwWaitForSingleObject (
4997 IN BOOLEAN Alertable
,
4998 IN PLARGE_INTEGER Timeout OPTIONAL
5004 ZwWaitForMultipleObjects (
5005 IN ULONG HandleCount
,
5007 IN WAIT_TYPE WaitType
,
5008 IN BOOLEAN Alertable
,
5009 IN PLARGE_INTEGER Timeout OPTIONAL
5025 #endif /* _NTIFS_ */