4 * Windows NT Filesystem Driver Developer Kit
6 * This file is part of the w32api package.
9 * Created by Bo Brantén <bosse@acc.umu.se>
11 * THIS SOFTWARE IS NOT COPYRIGHTED
13 * This source code is offered for use in the public domain. You may
14 * use, modify or distribute it freely.
16 * This code is distributed in the hope that it will be useful but
17 * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
18 * DISCLAIMED. This includes but is not limited to warranties of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
27 #define NTKERNELAPI DECLSPEC_IMPORT
31 #define _NTIFS_INCLUDED_
38 #ifndef VER_PRODUCTBUILD
39 #define VER_PRODUCTBUILD 10000
42 #define EX_PUSH_LOCK ULONG_PTR
43 #define PEX_PUSH_LOCK PULONG_PTR
47 #define FlagOn(_F,_SF) ((_F) & (_SF))
51 #define BooleanFlagOn(F,SF) ((BOOLEAN)(((F) & (SF)) != 0))
55 #define SetFlag(_F,_SF) ((_F) |= (_SF))
59 #define ClearFlag(_F,_SF) ((_F) &= ~(_SF))
65 extern PUCHAR FsRtlLegalAnsiCharacterArray
;
67 extern DECLSPEC_IMPORT PUCHAR FsRtlLegalAnsiCharacterArray
;
69 extern PACL SePublicDefaultDacl
;
70 extern PACL SeSystemDefaultDacl
;
72 extern KSPIN_LOCK IoStatisticsLock
;
73 extern ULONG IoReadOperationCount
;
74 extern ULONG IoWriteOperationCount
;
75 extern ULONG IoOtherOperationCount
;
76 extern LARGE_INTEGER IoReadTransferCount
;
77 extern LARGE_INTEGER IoWriteTransferCount
;
78 extern LARGE_INTEGER IoOtherTransferCount
;
80 typedef STRING LSA_STRING
, *PLSA_STRING
;
81 typedef ULONG LSA_OPERATIONAL_MODE
, *PLSA_OPERATIONAL_MODE
;
83 typedef enum _SECURITY_LOGON_TYPE
85 UndefinedLogonType
= 0,
94 #if (_WIN32_WINNT >= 0x0501)
98 #if (_WIN32_WINNT >= 0x0502)
99 CachedRemoteInteractive
,
102 } SECURITY_LOGON_TYPE
, *PSECURITY_LOGON_TYPE
;
104 #define ANSI_DOS_STAR ('<')
105 #define ANSI_DOS_QM ('>')
106 #define ANSI_DOS_DOT ('"')
108 #define DOS_STAR (L'<')
109 #define DOS_QM (L'>')
110 #define DOS_DOT (L'"')
112 /* also in winnt.h */
113 #define ACCESS_MIN_MS_ACE_TYPE (0x0)
114 #define ACCESS_ALLOWED_ACE_TYPE (0x0)
115 #define ACCESS_DENIED_ACE_TYPE (0x1)
116 #define SYSTEM_AUDIT_ACE_TYPE (0x2)
117 #define SYSTEM_ALARM_ACE_TYPE (0x3)
118 #define ACCESS_MAX_MS_V2_ACE_TYPE (0x3)
119 #define ACCESS_ALLOWED_COMPOUND_ACE_TYPE (0x4)
120 #define ACCESS_MAX_MS_V3_ACE_TYPE (0x4)
121 #define ACCESS_MIN_MS_OBJECT_ACE_TYPE (0x5)
122 #define ACCESS_ALLOWED_OBJECT_ACE_TYPE (0x5)
123 #define ACCESS_DENIED_OBJECT_ACE_TYPE (0x6)
124 #define SYSTEM_AUDIT_OBJECT_ACE_TYPE (0x7)
125 #define SYSTEM_ALARM_OBJECT_ACE_TYPE (0x8)
126 #define ACCESS_MAX_MS_OBJECT_ACE_TYPE (0x8)
127 #define ACCESS_MAX_MS_V4_ACE_TYPE (0x8)
128 #define ACCESS_MAX_MS_ACE_TYPE (0x8)
129 #define ACCESS_ALLOWED_CALLBACK_ACE_TYPE (0x9)
130 #define ACCESS_DENIED_CALLBACK_ACE_TYPE (0xA)
131 #define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE (0xB)
132 #define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE (0xC)
133 #define SYSTEM_AUDIT_CALLBACK_ACE_TYPE (0xD)
134 #define SYSTEM_ALARM_CALLBACK_ACE_TYPE (0xE)
135 #define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE (0xF)
136 #define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE (0x10)
137 #define ACCESS_MAX_MS_V5_ACE_TYPE (0x10)
139 #define COMPRESSION_FORMAT_NONE (0x0000)
140 #define COMPRESSION_FORMAT_DEFAULT (0x0001)
141 #define COMPRESSION_FORMAT_LZNT1 (0x0002)
142 #define COMPRESSION_ENGINE_STANDARD (0x0000)
143 #define COMPRESSION_ENGINE_MAXIMUM (0x0100)
144 #define COMPRESSION_ENGINE_HIBER (0x0200)
146 #define FILE_ACTION_ADDED 0x00000001
147 #define FILE_ACTION_REMOVED 0x00000002
148 #define FILE_ACTION_MODIFIED 0x00000003
149 #define FILE_ACTION_RENAMED_OLD_NAME 0x00000004
150 #define FILE_ACTION_RENAMED_NEW_NAME 0x00000005
151 #define FILE_ACTION_ADDED_STREAM 0x00000006
152 #define FILE_ACTION_REMOVED_STREAM 0x00000007
153 #define FILE_ACTION_MODIFIED_STREAM 0x00000008
154 #define FILE_ACTION_REMOVED_BY_DELETE 0x00000009
155 #define FILE_ACTION_ID_NOT_TUNNELLED 0x0000000A
156 #define FILE_ACTION_TUNNELLED_ID_COLLISION 0x0000000B
159 #define FILE_EA_TYPE_BINARY 0xfffe
160 #define FILE_EA_TYPE_ASCII 0xfffd
161 #define FILE_EA_TYPE_BITMAP 0xfffb
162 #define FILE_EA_TYPE_METAFILE 0xfffa
163 #define FILE_EA_TYPE_ICON 0xfff9
164 #define FILE_EA_TYPE_EA 0xffee
165 #define FILE_EA_TYPE_MVMT 0xffdf
166 #define FILE_EA_TYPE_MVST 0xffde
167 #define FILE_EA_TYPE_ASN1 0xffdd
168 #define FILE_EA_TYPE_FAMILY_IDS 0xff01
170 #define FILE_NEED_EA 0x00000080
172 /* also in winnt.h */
173 #define FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001
174 #define FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002
175 #define FILE_NOTIFY_CHANGE_NAME 0x00000003
176 #define FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004
177 #define FILE_NOTIFY_CHANGE_SIZE 0x00000008
178 #define FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010
179 #define FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020
180 #define FILE_NOTIFY_CHANGE_CREATION 0x00000040
181 #define FILE_NOTIFY_CHANGE_EA 0x00000080
182 #define FILE_NOTIFY_CHANGE_SECURITY 0x00000100
183 #define FILE_NOTIFY_CHANGE_STREAM_NAME 0x00000200
184 #define FILE_NOTIFY_CHANGE_STREAM_SIZE 0x00000400
185 #define FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800
186 #define FILE_NOTIFY_VALID_MASK 0x00000fff
189 #define FILE_OPLOCK_BROKEN_TO_LEVEL_2 0x00000007
190 #define FILE_OPLOCK_BROKEN_TO_NONE 0x00000008
192 #define FILE_OPBATCH_BREAK_UNDERWAY 0x00000009
194 #define FILE_CASE_SENSITIVE_SEARCH 0x00000001
195 #define FILE_CASE_PRESERVED_NAMES 0x00000002
196 #define FILE_UNICODE_ON_DISK 0x00000004
197 #define FILE_PERSISTENT_ACLS 0x00000008
198 #define FILE_FILE_COMPRESSION 0x00000010
199 #define FILE_VOLUME_QUOTAS 0x00000020
200 #define FILE_SUPPORTS_SPARSE_FILES 0x00000040
201 #define FILE_SUPPORTS_REPARSE_POINTS 0x00000080
202 #define FILE_SUPPORTS_REMOTE_STORAGE 0x00000100
203 #define FS_LFN_APIS 0x00004000
204 #define FILE_VOLUME_IS_COMPRESSED 0x00008000
205 #define FILE_SUPPORTS_OBJECT_IDS 0x00010000
206 #define FILE_SUPPORTS_ENCRYPTION 0x00020000
207 #define FILE_NAMED_STREAMS 0x00040000
208 #define FILE_READ_ONLY_VOLUME 0x00080000
209 #define FILE_SEQUENTIAL_WRITE_ONCE 0x00100000
210 #define FILE_SUPPORTS_TRANSACTIONS 0x00200000
212 #define FILE_PIPE_BYTE_STREAM_TYPE 0x00000000
213 #define FILE_PIPE_MESSAGE_TYPE 0x00000001
215 #define FILE_PIPE_BYTE_STREAM_MODE 0x00000000
216 #define FILE_PIPE_MESSAGE_MODE 0x00000001
218 #define FILE_PIPE_QUEUE_OPERATION 0x00000000
219 #define FILE_PIPE_COMPLETE_OPERATION 0x00000001
221 #define FILE_PIPE_INBOUND 0x00000000
222 #define FILE_PIPE_OUTBOUND 0x00000001
223 #define FILE_PIPE_FULL_DUPLEX 0x00000002
225 #define FILE_PIPE_DISCONNECTED_STATE 0x00000001
226 #define FILE_PIPE_LISTENING_STATE 0x00000002
227 #define FILE_PIPE_CONNECTED_STATE 0x00000003
228 #define FILE_PIPE_CLOSING_STATE 0x00000004
230 #define FILE_PIPE_CLIENT_END 0x00000000
231 #define FILE_PIPE_SERVER_END 0x00000001
233 #define FILE_PIPE_READ_DATA 0x00000000
234 #define FILE_PIPE_WRITE_SPACE 0x00000001
236 #define FILE_STORAGE_TYPE_SPECIFIED 0x00000041 /* FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE */
237 #define FILE_STORAGE_TYPE_DEFAULT (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT)
238 #define FILE_STORAGE_TYPE_DIRECTORY (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT)
239 #define FILE_STORAGE_TYPE_FILE (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT)
240 #define FILE_STORAGE_TYPE_DOCFILE (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT)
241 #define FILE_STORAGE_TYPE_JUNCTION_POINT (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT)
242 #define FILE_STORAGE_TYPE_CATALOG (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT)
243 #define FILE_STORAGE_TYPE_STRUCTURED_STORAGE (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT)
244 #define FILE_STORAGE_TYPE_EMBEDDING (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT)
245 #define FILE_STORAGE_TYPE_STREAM (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT)
246 #define FILE_MINIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_DEFAULT
247 #define FILE_MAXIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_STREAM
248 #define FILE_STORAGE_TYPE_MASK 0x000f0000
249 #define FILE_STORAGE_TYPE_SHIFT 16
251 #define FILE_VC_QUOTA_NONE 0x00000000
252 #define FILE_VC_QUOTA_TRACK 0x00000001
253 #define FILE_VC_QUOTA_ENFORCE 0x00000002
254 #define FILE_VC_QUOTA_MASK 0x00000003
256 #define FILE_VC_QUOTAS_LOG_VIOLATIONS 0x00000004
257 #define FILE_VC_CONTENT_INDEX_DISABLED 0x00000008
259 #define FILE_VC_LOG_QUOTA_THRESHOLD 0x00000010
260 #define FILE_VC_LOG_QUOTA_LIMIT 0x00000020
261 #define FILE_VC_LOG_VOLUME_THRESHOLD 0x00000040
262 #define FILE_VC_LOG_VOLUME_LIMIT 0x00000080
264 #define FILE_VC_QUOTAS_INCOMPLETE 0x00000100
265 #define FILE_VC_QUOTAS_REBUILDING 0x00000200
267 #define FILE_VC_VALID_MASK 0x000003ff
269 #define FSRTL_FLAG_FILE_MODIFIED (0x01)
270 #define FSRTL_FLAG_FILE_LENGTH_CHANGED (0x02)
271 #define FSRTL_FLAG_LIMIT_MODIFIED_PAGES (0x04)
272 #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_EX (0x08)
273 #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_SH (0x10)
274 #define FSRTL_FLAG_USER_MAPPED_FILE (0x20)
275 #define FSRTL_FLAG_ADVANCED_HEADER (0x40)
276 #define FSRTL_FLAG_EOF_ADVANCE_ACTIVE (0x80)
278 #define FSRTL_FLAG2_DO_MODIFIED_WRITE (0x01)
279 #define FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS (0x02)
280 #define FSRTL_FLAG2_PURGE_WHEN_MAPPED (0x04)
281 #define FSRTL_FLAG2_IS_PAGING_FILE (0x08)
283 #define FSRTL_FSP_TOP_LEVEL_IRP (0x01)
284 #define FSRTL_CACHE_TOP_LEVEL_IRP (0x02)
285 #define FSRTL_MOD_WRITE_TOP_LEVEL_IRP (0x03)
286 #define FSRTL_FAST_IO_TOP_LEVEL_IRP (0x04)
287 #define FSRTL_MAX_TOP_LEVEL_IRP_FLAG (0x04)
289 #define FSRTL_VOLUME_DISMOUNT 1
290 #define FSRTL_VOLUME_DISMOUNT_FAILED 2
291 #define FSRTL_VOLUME_LOCK 3
292 #define FSRTL_VOLUME_LOCK_FAILED 4
293 #define FSRTL_VOLUME_UNLOCK 5
294 #define FSRTL_VOLUME_MOUNT 6
296 #define FSRTL_WILD_CHARACTER 0x08
298 #define FSRTL_FAT_LEGAL 0x01
299 #define FSRTL_HPFS_LEGAL 0x02
300 #define FSRTL_NTFS_LEGAL 0x04
301 #define FSRTL_WILD_CHARACTER 0x08
302 #define FSRTL_OLE_LEGAL 0x10
303 #define FSRTL_NTFS_STREAM_LEGAL 0x14
306 #define HARDWARE_PTE HARDWARE_PTE_X86
307 #define PHARDWARE_PTE PHARDWARE_PTE_X86
310 #define IO_CHECK_CREATE_PARAMETERS 0x0200
311 #define IO_ATTACH_DEVICE 0x0400
313 #define IO_ATTACH_DEVICE_API 0x80000000
315 #define IO_FILE_OBJECT_NON_PAGED_POOL_CHARGE 64
316 #define IO_FILE_OBJECT_PAGED_POOL_CHARGE 1024
318 #define IO_TYPE_APC 18
319 #define IO_TYPE_DPC 19
320 #define IO_TYPE_DEVICE_QUEUE 20
321 #define IO_TYPE_EVENT_PAIR 21
322 #define IO_TYPE_INTERRUPT 22
323 #define IO_TYPE_PROFILE 23
325 #define IRP_BEING_VERIFIED 0x10
327 #define MAILSLOT_CLASS_FIRSTCLASS 1
328 #define MAILSLOT_CLASS_SECONDCLASS 2
330 #define MAILSLOT_SIZE_AUTO 0
332 #define MEM_DOS_LIM 0x40000000
334 #define MCB_FLAG_RAISE_ON_ALLOCATION_FAILURE 1
336 #define OB_TYPE_TYPE 1
337 #define OB_TYPE_DIRECTORY 2
338 #define OB_TYPE_SYMBOLIC_LINK 3
339 #define OB_TYPE_TOKEN 4
340 #define OB_TYPE_PROCESS 5
341 #define OB_TYPE_THREAD 6
342 #define OB_TYPE_EVENT 7
343 #define OB_TYPE_EVENT_PAIR 8
344 #define OB_TYPE_MUTANT 9
345 #define OB_TYPE_SEMAPHORE 10
346 #define OB_TYPE_TIMER 11
347 #define OB_TYPE_PROFILE 12
348 #define OB_TYPE_WINDOW_STATION 13
349 #define OB_TYPE_DESKTOP 14
350 #define OB_TYPE_SECTION 15
351 #define OB_TYPE_KEY 16
352 #define OB_TYPE_PORT 17
353 #define OB_TYPE_ADAPTER 18
354 #define OB_TYPE_CONTROLLER 19
355 #define OB_TYPE_DEVICE 20
356 #define OB_TYPE_DRIVER 21
357 #define OB_TYPE_IO_COMPLETION 22
358 #define OB_TYPE_FILE 23
361 #define PIN_EXCLUSIVE (2)
362 #define PIN_NO_READ (4)
363 #define PIN_IF_BCB (8)
365 #define RTL_DUPLICATE_UNICODE_STRING_NULL_TERMINATE 1
366 #define RTL_DUPLICATE_UNICODE_STRING_ALLOCATE_NULL_STRING 2
368 #define SEC_BASED 0x00200000
370 #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
371 #define SECURITY_WORLD_RID (0x00000000L)
373 #define SID_REVISION 1
374 #define SID_MAX_SUB_AUTHORITIES 15
375 #define SID_RECOMMENDED_SUB_AUTHORITIES 1
377 #define TOKEN_ASSIGN_PRIMARY (0x0001)
378 #define TOKEN_DUPLICATE (0x0002)
379 #define TOKEN_IMPERSONATE (0x0004)
380 #define TOKEN_QUERY (0x0008)
381 #define TOKEN_QUERY_SOURCE (0x0010)
382 #define TOKEN_ADJUST_PRIVILEGES (0x0020)
383 #define TOKEN_ADJUST_GROUPS (0x0040)
384 #define TOKEN_ADJUST_DEFAULT (0x0080)
385 #define TOKEN_ADJUST_SESSIONID (0x0100)
387 #define TOKEN_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED |\
388 TOKEN_ASSIGN_PRIMARY |\
392 TOKEN_QUERY_SOURCE |\
393 TOKEN_ADJUST_PRIVILEGES |\
394 TOKEN_ADJUST_GROUPS |\
395 TOKEN_ADJUST_DEFAULT |\
396 TOKEN_ADJUST_SESSIONID)
398 #define TOKEN_READ (STANDARD_RIGHTS_READ |\
401 #define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\
402 TOKEN_ADJUST_PRIVILEGES |\
403 TOKEN_ADJUST_GROUPS |\
404 TOKEN_ADJUST_DEFAULT)
406 #define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE)
408 #define TOKEN_SOURCE_LENGTH 8
411 #define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x01
412 #define TOKEN_HAS_BACKUP_PRIVILEGE 0x02
413 #define TOKEN_HAS_RESTORE_PRIVILEGE 0x04
414 #define TOKEN_HAS_ADMIN_GROUP 0x08
415 #define TOKEN_WRITE_RESTRICTED 0x08
416 #define TOKEN_IS_RESTRICTED 0x10
417 #define SE_BACKUP_PRIVILEGES_CHECKED 0x0100
419 #define VACB_MAPPING_GRANULARITY (0x40000)
420 #define VACB_OFFSET_SHIFT (18)
422 #define SE_OWNER_DEFAULTED 0x0001
423 #define SE_GROUP_DEFAULTED 0x0002
424 #define SE_DACL_PRESENT 0x0004
425 #define SE_DACL_DEFAULTED 0x0008
426 #define SE_SACL_PRESENT 0x0010
427 #define SE_SACL_DEFAULTED 0x0020
428 #define SE_DACL_UNTRUSTED 0x0040
429 #define SE_SERVER_SECURITY 0x0080
430 #define SE_DACL_AUTO_INHERIT_REQ 0x0100
431 #define SE_SACL_AUTO_INHERIT_REQ 0x0200
432 #define SE_DACL_AUTO_INHERITED 0x0400
433 #define SE_SACL_AUTO_INHERITED 0x0800
434 #define SE_DACL_PROTECTED 0x1000
435 #define SE_SACL_PROTECTED 0x2000
436 #define SE_RM_CONTROL_VALID 0x4000
437 #define SE_SELF_RELATIVE 0x8000
440 #define _AUDIT_EVENT_TYPE_HACK 0
442 #if (_AUDIT_EVENT_TYPE_HACK == 1)
445 typedef enum _AUDIT_EVENT_TYPE
447 AuditEventObjectAccess
,
448 AuditEventDirectoryServiceAccess
449 } AUDIT_EVENT_TYPE
, *PAUDIT_EVENT_TYPE
;
452 #define AUDIT_ALLOW_NO_PRIVILEGE 0x1
454 #define FSCTL_REQUEST_OPLOCK_LEVEL_1 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
455 #define FSCTL_REQUEST_OPLOCK_LEVEL_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
456 #define FSCTL_REQUEST_BATCH_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
457 #define FSCTL_OPLOCK_BREAK_ACKNOWLEDGE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 3, METHOD_BUFFERED, FILE_ANY_ACCESS)
458 #define FSCTL_OPBATCH_ACK_CLOSE_PENDING CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
459 #define FSCTL_OPLOCK_BREAK_NOTIFY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 5, METHOD_BUFFERED, FILE_ANY_ACCESS)
460 #define FSCTL_LOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
461 #define FSCTL_UNLOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
462 #define FSCTL_DISMOUNT_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
464 #define FSCTL_IS_VOLUME_MOUNTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 10, METHOD_BUFFERED, FILE_ANY_ACCESS)
465 #define FSCTL_IS_PATHNAME_VALID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 11, METHOD_BUFFERED, FILE_ANY_ACCESS)
466 #define FSCTL_MARK_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 12, METHOD_BUFFERED, FILE_ANY_ACCESS)
468 #define FSCTL_QUERY_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 14, METHOD_NEITHER, FILE_ANY_ACCESS)
469 #define FSCTL_GET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 15, METHOD_BUFFERED, FILE_ANY_ACCESS)
470 #define FSCTL_SET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 16, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
473 #define FSCTL_MARK_AS_SYSTEM_HIVE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 19, METHOD_NEITHER, FILE_ANY_ACCESS)
474 #define FSCTL_OPLOCK_BREAK_ACK_NO_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 20, METHOD_BUFFERED, FILE_ANY_ACCESS)
475 #define FSCTL_INVALIDATE_VOLUMES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 21, METHOD_BUFFERED, FILE_ANY_ACCESS)
476 #define FSCTL_QUERY_FAT_BPB CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 22, METHOD_BUFFERED, FILE_ANY_ACCESS)
477 #define FSCTL_REQUEST_FILTER_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 23, METHOD_BUFFERED, FILE_ANY_ACCESS)
478 #define FSCTL_FILESYSTEM_GET_STATISTICS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 24, METHOD_BUFFERED, FILE_ANY_ACCESS)
480 #if (VER_PRODUCTBUILD >= 1381)
482 #define FSCTL_GET_NTFS_VOLUME_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 25, METHOD_BUFFERED, FILE_ANY_ACCESS)
483 #define FSCTL_GET_NTFS_FILE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 26, METHOD_BUFFERED, FILE_ANY_ACCESS)
484 #define FSCTL_GET_VOLUME_BITMAP CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 27, METHOD_NEITHER, FILE_ANY_ACCESS)
485 #define FSCTL_GET_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 28, METHOD_NEITHER, FILE_ANY_ACCESS)
486 #define FSCTL_MOVE_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 29, METHOD_BUFFERED, FILE_ANY_ACCESS)
487 #define FSCTL_IS_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 30, METHOD_BUFFERED, FILE_ANY_ACCESS)
488 #define FSCTL_GET_HFS_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS)
489 #define FSCTL_ALLOW_EXTENDED_DASD_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 32, METHOD_NEITHER, FILE_ANY_ACCESS)
491 #endif /* (VER_PRODUCTBUILD >= 1381) */
493 #if (VER_PRODUCTBUILD >= 2195)
495 #define FSCTL_READ_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS)
496 #define FSCTL_WRITE_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS)
497 #define FSCTL_FIND_FILES_BY_SID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 35, METHOD_NEITHER, FILE_ANY_ACCESS)
499 #define FSCTL_DUMP_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS)
500 #define FSCTL_SET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 38, METHOD_BUFFERED, FILE_WRITE_DATA)
501 #define FSCTL_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 39, METHOD_BUFFERED, FILE_ANY_ACCESS)
502 #define FSCTL_DELETE_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 40, METHOD_BUFFERED, FILE_WRITE_DATA)
503 #define FSCTL_SET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 41, METHOD_BUFFERED, FILE_WRITE_DATA)
504 #define FSCTL_GET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 42, METHOD_BUFFERED, FILE_ANY_ACCESS)
505 #define FSCTL_DELETE_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 43, METHOD_BUFFERED, FILE_WRITE_DATA)
506 #define FSCTL_ENUM_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 44, METHOD_NEITHER, FILE_READ_DATA)
507 #define FSCTL_SECURITY_ID_CHECK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 45, METHOD_NEITHER, FILE_READ_DATA)
508 #define FSCTL_READ_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 46, METHOD_NEITHER, FILE_READ_DATA)
509 #define FSCTL_SET_OBJECT_ID_EXTENDED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 47, METHOD_BUFFERED, FILE_WRITE_DATA)
510 #define FSCTL_CREATE_OR_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 48, METHOD_BUFFERED, FILE_ANY_ACCESS)
511 #define FSCTL_SET_SPARSE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 49, METHOD_BUFFERED, FILE_WRITE_DATA)
512 #define FSCTL_SET_ZERO_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 50, METHOD_BUFFERED, FILE_WRITE_DATA)
513 #define FSCTL_QUERY_ALLOCATED_RANGES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 51, METHOD_NEITHER, FILE_READ_DATA)
514 #define FSCTL_ENABLE_UPGRADE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 52, METHOD_BUFFERED, FILE_WRITE_DATA)
515 #define FSCTL_SET_ENCRYPTION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 53, METHOD_BUFFERED, FILE_ANY_ACCESS)
516 #define FSCTL_ENCRYPTION_FSCTL_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 54, METHOD_NEITHER, FILE_ANY_ACCESS)
517 #define FSCTL_WRITE_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 55, METHOD_NEITHER, FILE_ANY_ACCESS)
518 #define FSCTL_READ_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 56, METHOD_NEITHER, FILE_ANY_ACCESS)
519 #define FSCTL_CREATE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 57, METHOD_NEITHER, FILE_READ_DATA)
520 #define FSCTL_READ_FILE_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 58, METHOD_NEITHER, FILE_READ_DATA)
521 #define FSCTL_WRITE_USN_CLOSE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 59, METHOD_NEITHER, FILE_READ_DATA)
522 #define FSCTL_EXTEND_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 60, METHOD_BUFFERED, FILE_ANY_ACCESS)
523 #define FSCTL_QUERY_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 61, METHOD_BUFFERED, FILE_ANY_ACCESS)
524 #define FSCTL_DELETE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 62, METHOD_BUFFERED, FILE_ANY_ACCESS)
525 #define FSCTL_MARK_HANDLE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 63, METHOD_BUFFERED, FILE_ANY_ACCESS)
526 #define FSCTL_SIS_COPYFILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 64, METHOD_BUFFERED, FILE_ANY_ACCESS)
527 #define FSCTL_SIS_LINK_FILES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 65, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
528 #define FSCTL_HSM_MSG CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
529 #define FSCTL_NSS_CONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 67, METHOD_BUFFERED, FILE_WRITE_DATA)
530 #define FSCTL_HSM_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
531 #define FSCTL_RECALL_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 69, METHOD_NEITHER, FILE_ANY_ACCESS)
532 #define FSCTL_NSS_RCONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 70, METHOD_BUFFERED, FILE_READ_DATA)
533 #define FSCTL_READ_FROM_PLEX CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 71, METHOD_OUT_DIRECT, FILE_READ_DATA)
534 #define FSCTL_FILE_PREFETCH CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 72, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
536 #endif /* (VER_PRODUCTBUILD >= 2195) */
538 #define FSCTL_MAILSLOT_PEEK CTL_CODE(FILE_DEVICE_MAILSLOT, 0, METHOD_NEITHER, FILE_READ_DATA)
540 #define FSCTL_NETWORK_SET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
541 #define FSCTL_NETWORK_GET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
542 #define FSCTL_NETWORK_GET_CONNECTION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS)
543 #define FSCTL_NETWORK_ENUMERATE_CONNECTIONS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS)
544 #define FSCTL_NETWORK_DELETE_CONNECTION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS)
545 #define FSCTL_NETWORK_GET_STATISTICS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 116, METHOD_BUFFERED, FILE_ANY_ACCESS)
546 #define FSCTL_NETWORK_SET_DOMAIN_NAME CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS)
547 #define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS)
549 #define FSCTL_PIPE_ASSIGN_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
550 #define FSCTL_PIPE_DISCONNECT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
551 #define FSCTL_PIPE_LISTEN CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
552 #define FSCTL_PIPE_PEEK CTL_CODE(FILE_DEVICE_NAMED_PIPE, 3, METHOD_BUFFERED, FILE_READ_DATA)
553 #define FSCTL_PIPE_QUERY_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
554 #define FSCTL_PIPE_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 5, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
555 #define FSCTL_PIPE_WAIT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
556 #define FSCTL_PIPE_IMPERSONATE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
557 #define FSCTL_PIPE_SET_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
558 #define FSCTL_PIPE_QUERY_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 9, METHOD_BUFFERED, FILE_ANY_ACCESS)
559 #define FSCTL_PIPE_INTERNAL_READ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2045, METHOD_BUFFERED, FILE_READ_DATA)
560 #define FSCTL_PIPE_INTERNAL_WRITE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2046, METHOD_BUFFERED, FILE_WRITE_DATA)
561 #define FSCTL_PIPE_INTERNAL_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2047, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
562 #define FSCTL_PIPE_INTERNAL_READ_OVFLOW CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2048, METHOD_BUFFERED, FILE_READ_DATA)
564 #define IOCTL_REDIR_QUERY_PATH CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS)
566 typedef PVOID OPLOCK
, *POPLOCK
;
571 struct _RTL_AVL_TABLE
;
572 struct _RTL_GENERIC_TABLE
;
580 typedef PVOID PNOTIFY_SYNC
;
582 typedef enum _FAST_IO_POSSIBLE
{
588 typedef enum _FILE_STORAGE_TYPE
{
589 StorageTypeDefault
= 1,
590 StorageTypeDirectory
,
592 StorageTypeJunctionPoint
,
594 StorageTypeStructuredStorage
,
595 StorageTypeEmbedding
,
599 typedef enum _OBJECT_INFORMATION_CLASS
601 ObjectBasicInformation
,
602 ObjectNameInformation
,
603 ObjectTypeInformation
,
604 ObjectTypesInformation
,
605 ObjectHandleFlagInformation
,
606 ObjectSessionInformation
,
608 } OBJECT_INFORMATION_CLASS
;
610 typedef struct _OBJECT_BASIC_INFORMATION
613 ACCESS_MASK GrantedAccess
;
616 ULONG PagedPoolCharge
;
617 ULONG NonPagedPoolCharge
;
621 ULONG SecurityDescriptorSize
;
622 LARGE_INTEGER CreationTime
;
623 } OBJECT_BASIC_INFORMATION
, *POBJECT_BASIC_INFORMATION
;
625 typedef struct _KAPC_STATE
{
626 LIST_ENTRY ApcListHead
[2];
628 BOOLEAN KernelApcInProgress
;
629 BOOLEAN KernelApcPending
;
630 BOOLEAN UserApcPending
;
631 } KAPC_STATE
, *PKAPC_STATE
, *RESTRICTED_POINTER PRKAPC_STATE
;
632 #define KAPC_STATE_ACTUAL_LENGTH (FIELD_OFFSET(KAPC_STATE, UserApcPending) + sizeof(BOOLEAN))
634 typedef struct _BITMAP_RANGE
{
637 ULONG FirstDirtyPage
;
641 } BITMAP_RANGE
, *PBITMAP_RANGE
;
643 typedef struct _CACHE_UNINITIALIZE_EVENT
{
644 struct _CACHE_UNINITIALIZE_EVENT
*Next
;
646 } CACHE_UNINITIALIZE_EVENT
, *PCACHE_UNINITIALIZE_EVENT
;
648 typedef struct _CC_FILE_SIZES
{
649 LARGE_INTEGER AllocationSize
;
650 LARGE_INTEGER FileSize
;
651 LARGE_INTEGER ValidDataLength
;
652 } CC_FILE_SIZES
, *PCC_FILE_SIZES
;
654 typedef struct _COMPRESSED_DATA_INFO
{
655 USHORT CompressionFormatAndEngine
;
656 UCHAR CompressionUnitShift
;
660 USHORT NumberOfChunks
;
661 ULONG CompressedChunkSizes
[ANYSIZE_ARRAY
];
662 } COMPRESSED_DATA_INFO
, *PCOMPRESSED_DATA_INFO
;
664 typedef struct _SID_IDENTIFIER_AUTHORITY
{
666 } SID_IDENTIFIER_AUTHORITY
,*PSID_IDENTIFIER_AUTHORITY
,*LPSID_IDENTIFIER_AUTHORITY
;
668 typedef struct _SID
{
670 UCHAR SubAuthorityCount
;
671 SID_IDENTIFIER_AUTHORITY IdentifierAuthority
;
672 ULONG SubAuthority
[ANYSIZE_ARRAY
];
674 typedef struct _SID_AND_ATTRIBUTES
{
677 } SID_AND_ATTRIBUTES
, *PSID_AND_ATTRIBUTES
;
678 typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY
[ANYSIZE_ARRAY
];
679 typedef SID_AND_ATTRIBUTES_ARRAY
*PSID_AND_ATTRIBUTES_ARRAY
;
684 // Universal well-known SIDs
686 #define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0}
687 #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
688 #define SECURITY_LOCAL_SID_AUTHORITY {0,0,0,0,0,2}
689 #define SECURITY_CREATOR_SID_AUTHORITY {0,0,0,0,0,3}
690 #define SECURITY_NON_UNIQUE_AUTHORITY {0,0,0,0,0,4}
691 #define SECURITY_RESOURCE_MANAGER_AUTHORITY {0,0,0,0,0,9}
693 #define SECURITY_NULL_RID (0x00000000L)
694 #define SECURITY_WORLD_RID (0x00000000L)
695 #define SECURITY_LOCAL_RID (0x00000000L)
697 #define SECURITY_CREATOR_OWNER_RID (0x00000000L)
698 #define SECURITY_CREATOR_GROUP_RID (0x00000001L)
700 #define SECURITY_CREATOR_OWNER_SERVER_RID (0x00000002L)
701 #define SECURITY_CREATOR_GROUP_SERVER_RID (0x00000003L)
703 #define SECURITY_CREATOR_OWNER_RIGHTS_RID (0x00000004L)
708 // NT well-known SIDs
710 #define SECURITY_NT_AUTHORITY {0,0,0,0,0,5}
712 #define SECURITY_DIALUP_RID (0x00000001L)
713 #define SECURITY_NETWORK_RID (0x00000002L)
714 #define SECURITY_BATCH_RID (0x00000003L)
715 #define SECURITY_INTERACTIVE_RID (0x00000004L)
716 #define SECURITY_LOGON_IDS_RID (0x00000005L)
717 #define SECURITY_LOGON_IDS_RID_COUNT (3L)
718 #define SECURITY_SERVICE_RID (0x00000006L)
719 #define SECURITY_ANONYMOUS_LOGON_RID (0x00000007L)
720 #define SECURITY_PROXY_RID (0x00000008L)
721 #define SECURITY_ENTERPRISE_CONTROLLERS_RID (0x00000009L)
722 #define SECURITY_SERVER_LOGON_RID SECURITY_ENTERPRISE_CONTROLLERS_RID
723 #define SECURITY_PRINCIPAL_SELF_RID (0x0000000AL)
724 #define SECURITY_AUTHENTICATED_USER_RID (0x0000000BL)
725 #define SECURITY_RESTRICTED_CODE_RID (0x0000000CL)
726 #define SECURITY_TERMINAL_SERVER_RID (0x0000000DL)
727 #define SECURITY_REMOTE_LOGON_RID (0x0000000EL)
728 #define SECURITY_THIS_ORGANIZATION_RID (0x0000000FL)
729 #define SECURITY_IUSER_RID (0x00000011L)
730 #define SECURITY_LOCAL_SYSTEM_RID (0x00000012L)
731 #define SECURITY_LOCAL_SERVICE_RID (0x00000013L)
732 #define SECURITY_NETWORK_SERVICE_RID (0x00000014L)
734 #define SECURITY_NT_NON_UNIQUE (0x00000015L)
735 #define SECURITY_NT_NON_UNIQUE_SUB_AUTH_COUNT (3L)
737 #define SECURITY_ENTERPRISE_READONLY_CONTROLLERS_RID (0x00000016L)
739 #define SECURITY_BUILTIN_DOMAIN_RID (0x00000020L)
740 #define SECURITY_WRITE_RESTRICTED_CODE_RID (0x00000021L)
743 #define SECURITY_PACKAGE_BASE_RID (0x00000040L)
744 #define SECURITY_PACKAGE_RID_COUNT (2L)
745 #define SECURITY_PACKAGE_NTLM_RID (0x0000000AL)
746 #define SECURITY_PACKAGE_SCHANNEL_RID (0x0000000EL)
747 #define SECURITY_PACKAGE_DIGEST_RID (0x00000015L)
749 #define SECURITY_MIN_BASE_RID (0x00000050L)
751 #define SECURITY_SERVICE_ID_BASE_RID (0x00000050L)
752 #define SECURITY_SERVICE_ID_RID_COUNT (6L)
754 #define SECURITY_RESERVED_ID_BASE_RID (0x00000051L)
756 #define SECURITY_APPPOOL_ID_BASE_RID (0x00000052L)
757 #define SECURITY_APPPOOL_ID_RID_COUNT (6L)
759 #define SECURITY_VIRTUALSERVER_ID_BASE_RID (0x00000053L)
760 #define SECURITY_VIRTUALSERVER_ID_RID_COUNT (6L)
762 #define SECURITY_MAX_BASE_RID (0x0000006FL)
764 #define SECURITY_MAX_ALWAYS_FILTERED (0x000003E7L)
765 #define SECURITY_MIN_NEVER_FILTERED (0x000003E8L)
767 #define SECURITY_OTHER_ORGANIZATION_RID (0x000003E8L)
772 // Well-known domain relative sub-authority values (RIDs)
774 #define DOMAIN_GROUP_RID_ENTERPRISE_READONLY_DOMAIN_CONTROLLERS (0x000001F2L)
776 #define FOREST_USER_RID_MAX (0x000001F3L)
781 #define DOMAIN_USER_RID_ADMIN (0x000001F4L)
782 #define DOMAIN_USER_RID_GUEST (0x000001F5L)
783 #define DOMAIN_USER_RID_KRBTGT (0x000001F6L)
785 #define DOMAIN_USER_RID_MAX (0x000003E7L)
790 #define DOMAIN_GROUP_RID_ADMINS (0x00000200L)
791 #define DOMAIN_GROUP_RID_USERS (0x00000201L)
792 #define DOMAIN_GROUP_RID_GUESTS (0x00000202L)
793 #define DOMAIN_GROUP_RID_COMPUTERS (0x00000203L)
794 #define DOMAIN_GROUP_RID_CONTROLLERS (0x00000204L)
795 #define DOMAIN_GROUP_RID_CERT_ADMINS (0x00000205L)
796 #define DOMAIN_GROUP_RID_SCHEMA_ADMINS (0x00000206L)
797 #define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS (0x00000207L)
798 #define DOMAIN_GROUP_RID_POLICY_ADMINS (0x00000208L)
799 #define DOMAIN_GROUP_RID_READONLY_CONTROLLERS (0x00000209L)
802 // Well-known aliases
804 #define DOMAIN_ALIAS_RID_ADMINS (0x00000220L)
805 #define DOMAIN_ALIAS_RID_USERS (0x00000221L)
806 #define DOMAIN_ALIAS_RID_GUESTS (0x00000222L)
807 #define DOMAIN_ALIAS_RID_POWER_USERS (0x00000223L)
809 #define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L)
810 #define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x00000225L)
811 #define DOMAIN_ALIAS_RID_PRINT_OPS (0x00000226L)
812 #define DOMAIN_ALIAS_RID_BACKUP_OPS (0x00000227L)
814 #define DOMAIN_ALIAS_RID_REPLICATOR (0x00000228L)
815 #define DOMAIN_ALIAS_RID_RAS_SERVERS (0x00000229L)
816 #define DOMAIN_ALIAS_RID_PREW2KCOMPACCESS (0x0000022AL)
817 #define DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS (0x0000022BL)
818 #define DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS (0x0000022CL)
819 #define DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS (0x0000022DL)
821 #define DOMAIN_ALIAS_RID_MONITORING_USERS (0x0000022EL)
822 #define DOMAIN_ALIAS_RID_LOGGING_USERS (0x0000022FL)
823 #define DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS (0x00000230L)
824 #define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS (0x00000231L)
825 #define DOMAIN_ALIAS_RID_DCOM_USERS (0x00000232L)
826 #define DOMAIN_ALIAS_RID_IUSERS (0x00000238L)
827 #define DOMAIN_ALIAS_RID_CRYPTO_OPERATORS (0x00000239L)
828 #define DOMAIN_ALIAS_RID_CACHEABLE_PRINCIPALS_GROUP (0x0000023BL)
829 #define DOMAIN_ALIAS_RID_NON_CACHEABLE_PRINCIPALS_GROUP (0x0000023CL)
830 #define DOMAIN_ALIAS_RID_EVENT_LOG_READERS_GROUP (0x0000023DL)
831 #define DOMAIN_ALIAS_RID_CERTSVC_DCOM_ACCESS_GROUP (0x0000023EL)
834 #define SECURITY_MANDATORY_LABEL_AUTHORITY {0,0,0,0,0,16}
835 #define SECURITY_MANDATORY_UNTRUSTED_RID (0x00000000L)
836 #define SECURITY_MANDATORY_LOW_RID (0x00001000L)
837 #define SECURITY_MANDATORY_MEDIUM_RID (0x00002000L)
838 #define SECURITY_MANDATORY_HIGH_RID (0x00003000L)
839 #define SECURITY_MANDATORY_SYSTEM_RID (0x00004000L)
840 #define SECURITY_MANDATORY_PROTECTED_PROCESS_RID (0x00005000L)
843 // SECURITY_MANDATORY_MAXIMUM_USER_RID is the highest RID that
844 // can be set by a usermode caller.
846 #define SECURITY_MANDATORY_MAXIMUM_USER_RID SECURITY_MANDATORY_SYSTEM_RID
848 #define MANDATORY_LEVEL_TO_MANDATORY_RID(IL) (IL * 0x1000)
851 // Allocate the System Luid. The first 1000 LUIDs are reserved.
852 // Use #999 here (0x3e7 = 999)
854 #define SYSTEM_LUID { 0x3e7, 0x0 }
855 #define ANONYMOUS_LOGON_LUID { 0x3e6, 0x0 }
856 #define LOCALSERVICE_LUID { 0x3e5, 0x0 }
857 #define NETWORKSERVICE_LUID { 0x3e4, 0x0 }
858 #define IUSER_LUID { 0x3e3, 0x0 }
862 typedef struct _TOKEN_SOURCE
{
863 CHAR SourceName
[TOKEN_SOURCE_LENGTH
];
864 LUID SourceIdentifier
;
865 } TOKEN_SOURCE
,*PTOKEN_SOURCE
;
866 typedef struct _TOKEN_CONTROL
{
868 LUID AuthenticationId
;
870 TOKEN_SOURCE TokenSource
;
871 } TOKEN_CONTROL
,*PTOKEN_CONTROL
;
872 typedef struct _TOKEN_DEFAULT_DACL
{
874 } TOKEN_DEFAULT_DACL
,*PTOKEN_DEFAULT_DACL
;
875 typedef struct _TOKEN_GROUPS
{
877 SID_AND_ATTRIBUTES Groups
[ANYSIZE_ARRAY
];
878 } TOKEN_GROUPS
,*PTOKEN_GROUPS
,*LPTOKEN_GROUPS
;
879 typedef struct _TOKEN_GROUPS_AND_PRIVILEGES
{
882 PSID_AND_ATTRIBUTES Sids
;
883 ULONG RestrictedSidCount
;
884 ULONG RestrictedSidLength
;
885 PSID_AND_ATTRIBUTES RestrictedSids
;
886 ULONG PrivilegeCount
;
887 ULONG PrivilegeLength
;
888 PLUID_AND_ATTRIBUTES Privileges
;
889 LUID AuthenticationId
;
890 } TOKEN_GROUPS_AND_PRIVILEGES
, *PTOKEN_GROUPS_AND_PRIVILEGES
;
891 typedef struct _TOKEN_ORIGIN
{
892 LUID OriginatingLogonSession
;
893 } TOKEN_ORIGIN
, *PTOKEN_ORIGIN
;
894 typedef struct _TOKEN_OWNER
{
896 } TOKEN_OWNER
,*PTOKEN_OWNER
;
897 typedef struct _TOKEN_PRIMARY_GROUP
{
899 } TOKEN_PRIMARY_GROUP
,*PTOKEN_PRIMARY_GROUP
;
900 typedef struct _TOKEN_PRIVILEGES
{
901 ULONG PrivilegeCount
;
902 LUID_AND_ATTRIBUTES Privileges
[ANYSIZE_ARRAY
];
903 } TOKEN_PRIVILEGES
,*PTOKEN_PRIVILEGES
,*LPTOKEN_PRIVILEGES
;
904 typedef enum tagTOKEN_TYPE
{
907 } TOKEN_TYPE
,*PTOKEN_TYPE
;
908 typedef struct _TOKEN_STATISTICS
{
910 LUID AuthenticationId
;
911 LARGE_INTEGER ExpirationTime
;
912 TOKEN_TYPE TokenType
;
913 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
;
914 ULONG DynamicCharged
;
915 ULONG DynamicAvailable
;
917 ULONG PrivilegeCount
;
919 } TOKEN_STATISTICS
, *PTOKEN_STATISTICS
;
920 typedef struct _TOKEN_USER
{
921 SID_AND_ATTRIBUTES User
;
922 } TOKEN_USER
, *PTOKEN_USER
;
923 typedef USHORT SECURITY_DESCRIPTOR_CONTROL
,*PSECURITY_DESCRIPTOR_CONTROL
;
924 typedef struct _SECURITY_DESCRIPTOR
{
927 SECURITY_DESCRIPTOR_CONTROL Control
;
932 } SECURITY_DESCRIPTOR
, *PISECURITY_DESCRIPTOR
;
934 #define SECURITY_DESCRIPTOR_MIN_LENGTH (sizeof(SECURITY_DESCRIPTOR))
936 typedef struct _OBJECT_TYPE_LIST
{
940 } OBJECT_TYPE_LIST
, *POBJECT_TYPE_LIST
;
942 typedef struct _SECURITY_DESCRIPTOR_RELATIVE
{
945 SECURITY_DESCRIPTOR_CONTROL Control
;
950 } SECURITY_DESCRIPTOR_RELATIVE
, *PISECURITY_DESCRIPTOR_RELATIVE
;
951 typedef enum _TOKEN_INFORMATION_CLASS
{
952 TokenUser
=1,TokenGroups
,TokenPrivileges
,TokenOwner
,
953 TokenPrimaryGroup
,TokenDefaultDacl
,TokenSource
,TokenType
,
954 TokenImpersonationLevel
,TokenStatistics
,TokenRestrictedSids
,
955 TokenSessionId
,TokenGroupsAndPrivileges
,TokenSessionReference
,
956 TokenSandBoxInert
,TokenAuditPolicy
,TokenOrigin
,
957 } TOKEN_INFORMATION_CLASS
;
959 #define SYMLINK_FLAG_RELATIVE 1
961 typedef struct _REPARSE_DATA_BUFFER
{
963 USHORT ReparseDataLength
;
967 USHORT SubstituteNameOffset
;
968 USHORT SubstituteNameLength
;
969 USHORT PrintNameOffset
;
970 USHORT PrintNameLength
;
973 } SymbolicLinkReparseBuffer
;
975 USHORT SubstituteNameOffset
;
976 USHORT SubstituteNameLength
;
977 USHORT PrintNameOffset
;
978 USHORT PrintNameLength
;
980 } MountPointReparseBuffer
;
983 } GenericReparseBuffer
;
985 } REPARSE_DATA_BUFFER
, *PREPARSE_DATA_BUFFER
;
990 // MicroSoft reparse point tags
992 #define IO_REPARSE_TAG_MOUNT_POINT (0xA0000003L)
993 #define IO_REPARSE_TAG_HSM (0xC0000004L)
994 #define IO_REPARSE_TAG_DRIVE_EXTENDER (0x80000005L)
995 #define IO_REPARSE_TAG_HSM2 (0x80000006L)
996 #define IO_REPARSE_TAG_SIS (0x80000007L)
997 #define IO_REPARSE_TAG_DFS (0x8000000AL)
998 #define IO_REPARSE_TAG_FILTER_MANAGER (0x8000000BL)
999 #define IO_REPARSE_TAG_SYMLINK (0xA000000CL)
1000 #define IO_REPARSE_TAG_IIS_CACHE (0xA0000010L)
1001 #define IO_REPARSE_TAG_DFSR (0x80000012L)
1004 // Reserved reparse tags
1006 #define IO_REPARSE_TAG_RESERVED_ZERO (0)
1007 #define IO_REPARSE_TAG_RESERVED_ONE (1)
1008 #define IO_REPARSE_TAG_RESERVED_RANGE IO_REPARSE_TAG_RESERVED_ONE
1011 #define REPARSE_DATA_BUFFER_HEADER_SIZE FIELD_OFFSET(REPARSE_DATA_BUFFER, GenericReparseBuffer)
1013 typedef struct _FILE_ACCESS_INFORMATION
{
1014 ACCESS_MASK AccessFlags
;
1015 } FILE_ACCESS_INFORMATION
, *PFILE_ACCESS_INFORMATION
;
1017 typedef struct _FILE_ALLOCATION_INFORMATION
{
1018 LARGE_INTEGER AllocationSize
;
1019 } FILE_ALLOCATION_INFORMATION
, *PFILE_ALLOCATION_INFORMATION
;
1021 typedef struct _FILE_BOTH_DIR_INFORMATION
{
1022 ULONG NextEntryOffset
;
1024 LARGE_INTEGER CreationTime
;
1025 LARGE_INTEGER LastAccessTime
;
1026 LARGE_INTEGER LastWriteTime
;
1027 LARGE_INTEGER ChangeTime
;
1028 LARGE_INTEGER EndOfFile
;
1029 LARGE_INTEGER AllocationSize
;
1030 ULONG FileAttributes
;
1031 ULONG FileNameLength
;
1033 CCHAR ShortNameLength
;
1034 WCHAR ShortName
[12];
1036 } FILE_BOTH_DIR_INFORMATION
, *PFILE_BOTH_DIR_INFORMATION
;
1038 typedef struct _FILE_COMPLETION_INFORMATION
{
1041 } FILE_COMPLETION_INFORMATION
, *PFILE_COMPLETION_INFORMATION
;
1043 typedef struct _FILE_COMPRESSION_INFORMATION
{
1044 LARGE_INTEGER CompressedFileSize
;
1045 USHORT CompressionFormat
;
1046 UCHAR CompressionUnitShift
;
1050 } FILE_COMPRESSION_INFORMATION
, *PFILE_COMPRESSION_INFORMATION
;
1052 typedef struct _FILE_COPY_ON_WRITE_INFORMATION
{
1053 BOOLEAN ReplaceIfExists
;
1054 HANDLE RootDirectory
;
1055 ULONG FileNameLength
;
1057 } FILE_COPY_ON_WRITE_INFORMATION
, *PFILE_COPY_ON_WRITE_INFORMATION
;
1059 typedef struct _FILE_DIRECTORY_INFORMATION
{
1060 ULONG NextEntryOffset
;
1062 LARGE_INTEGER CreationTime
;
1063 LARGE_INTEGER LastAccessTime
;
1064 LARGE_INTEGER LastWriteTime
;
1065 LARGE_INTEGER ChangeTime
;
1066 LARGE_INTEGER EndOfFile
;
1067 LARGE_INTEGER AllocationSize
;
1068 ULONG FileAttributes
;
1069 ULONG FileNameLength
;
1071 } FILE_DIRECTORY_INFORMATION
, *PFILE_DIRECTORY_INFORMATION
;
1073 typedef struct _FILE_FULL_DIRECTORY_INFORMATION
{
1074 ULONG NextEntryOffset
;
1076 LARGE_INTEGER CreationTime
;
1077 LARGE_INTEGER LastAccessTime
;
1078 LARGE_INTEGER LastWriteTime
;
1079 LARGE_INTEGER ChangeTime
;
1080 LARGE_INTEGER EndOfFile
;
1081 LARGE_INTEGER AllocationSize
;
1082 ULONG FileAttributes
;
1083 ULONG FileNameLength
;
1085 WCHAR FileName
[ANYSIZE_ARRAY
];
1086 } FILE_FULL_DIRECTORY_INFORMATION
, *PFILE_FULL_DIRECTORY_INFORMATION
;
1088 typedef struct _FILE_ID_FULL_DIR_INFORMATION
{
1089 ULONG NextEntryOffset
;
1091 LARGE_INTEGER CreationTime
;
1092 LARGE_INTEGER LastAccessTime
;
1093 LARGE_INTEGER LastWriteTime
;
1094 LARGE_INTEGER ChangeTime
;
1095 LARGE_INTEGER EndOfFile
;
1096 LARGE_INTEGER AllocationSize
;
1097 ULONG FileAttributes
;
1098 ULONG FileNameLength
;
1100 LARGE_INTEGER FileId
;
1102 } FILE_ID_FULL_DIR_INFORMATION
, *PFILE_ID_FULL_DIR_INFORMATION
;
1104 typedef struct _FILE_ID_BOTH_DIR_INFORMATION
{
1105 ULONG NextEntryOffset
;
1107 LARGE_INTEGER CreationTime
;
1108 LARGE_INTEGER LastAccessTime
;
1109 LARGE_INTEGER LastWriteTime
;
1110 LARGE_INTEGER ChangeTime
;
1111 LARGE_INTEGER EndOfFile
;
1112 LARGE_INTEGER AllocationSize
;
1113 ULONG FileAttributes
;
1114 ULONG FileNameLength
;
1116 CCHAR ShortNameLength
;
1117 WCHAR ShortName
[12];
1118 LARGE_INTEGER FileId
;
1120 } FILE_ID_BOTH_DIR_INFORMATION
, *PFILE_ID_BOTH_DIR_INFORMATION
;
1122 typedef struct _FILE_EA_INFORMATION
{
1124 } FILE_EA_INFORMATION
, *PFILE_EA_INFORMATION
;
1126 typedef struct _FILE_FS_ATTRIBUTE_INFORMATION
{
1127 ULONG FileSystemAttributes
;
1128 ULONG MaximumComponentNameLength
;
1129 ULONG FileSystemNameLength
;
1130 WCHAR FileSystemName
[1];
1131 } FILE_FS_ATTRIBUTE_INFORMATION
, *PFILE_FS_ATTRIBUTE_INFORMATION
;
1133 typedef struct _FILE_FS_CONTROL_INFORMATION
{
1134 LARGE_INTEGER FreeSpaceStartFiltering
;
1135 LARGE_INTEGER FreeSpaceThreshold
;
1136 LARGE_INTEGER FreeSpaceStopFiltering
;
1137 LARGE_INTEGER DefaultQuotaThreshold
;
1138 LARGE_INTEGER DefaultQuotaLimit
;
1139 ULONG FileSystemControlFlags
;
1140 } FILE_FS_CONTROL_INFORMATION
, *PFILE_FS_CONTROL_INFORMATION
;
1142 typedef struct _FILE_FS_FULL_SIZE_INFORMATION
{
1143 LARGE_INTEGER TotalAllocationUnits
;
1144 LARGE_INTEGER CallerAvailableAllocationUnits
;
1145 LARGE_INTEGER ActualAvailableAllocationUnits
;
1146 ULONG SectorsPerAllocationUnit
;
1147 ULONG BytesPerSector
;
1148 } FILE_FS_FULL_SIZE_INFORMATION
, *PFILE_FS_FULL_SIZE_INFORMATION
;
1150 typedef struct _FILE_FS_LABEL_INFORMATION
{
1151 ULONG VolumeLabelLength
;
1152 WCHAR VolumeLabel
[1];
1153 } FILE_FS_LABEL_INFORMATION
, *PFILE_FS_LABEL_INFORMATION
;
1155 #if (VER_PRODUCTBUILD >= 2195)
1157 typedef struct _FILE_FS_OBJECT_ID_INFORMATION
{
1159 UCHAR ExtendedInfo
[48];
1160 } FILE_FS_OBJECT_ID_INFORMATION
, *PFILE_FS_OBJECT_ID_INFORMATION
;
1162 #endif /* (VER_PRODUCTBUILD >= 2195) */
1164 typedef struct _FILE_FS_SIZE_INFORMATION
{
1165 LARGE_INTEGER TotalAllocationUnits
;
1166 LARGE_INTEGER AvailableAllocationUnits
;
1167 ULONG SectorsPerAllocationUnit
;
1168 ULONG BytesPerSector
;
1169 } FILE_FS_SIZE_INFORMATION
, *PFILE_FS_SIZE_INFORMATION
;
1171 typedef struct _FILE_FS_VOLUME_INFORMATION
{
1172 LARGE_INTEGER VolumeCreationTime
;
1173 ULONG VolumeSerialNumber
;
1174 ULONG VolumeLabelLength
;
1175 BOOLEAN SupportsObjects
;
1176 WCHAR VolumeLabel
[1];
1177 } FILE_FS_VOLUME_INFORMATION
, *PFILE_FS_VOLUME_INFORMATION
;
1179 typedef struct _FILE_FS_OBJECTID_INFORMATION
1182 UCHAR ExtendedInfo
[48];
1183 } FILE_FS_OBJECTID_INFORMATION
, *PFILE_FS_OBJECTID_INFORMATION
;
1185 typedef struct _FILE_FS_DRIVER_PATH_INFORMATION
1187 BOOLEAN DriverInPath
;
1188 ULONG DriverNameLength
;
1189 WCHAR DriverName
[1];
1190 } FILE_FS_DRIVER_PATH_INFORMATION
, *PFILE_FS_DRIVER_PATH_INFORMATION
;
1192 typedef struct _FILE_FULL_DIR_INFORMATION
{
1193 ULONG NextEntryOffset
;
1195 LARGE_INTEGER CreationTime
;
1196 LARGE_INTEGER LastAccessTime
;
1197 LARGE_INTEGER LastWriteTime
;
1198 LARGE_INTEGER ChangeTime
;
1199 LARGE_INTEGER EndOfFile
;
1200 LARGE_INTEGER AllocationSize
;
1201 ULONG FileAttributes
;
1202 ULONG FileNameLength
;
1205 } FILE_FULL_DIR_INFORMATION
, *PFILE_FULL_DIR_INFORMATION
;
1207 typedef struct _FILE_GET_EA_INFORMATION
{
1208 ULONG NextEntryOffset
;
1211 } FILE_GET_EA_INFORMATION
, *PFILE_GET_EA_INFORMATION
;
1213 typedef struct _FILE_GET_QUOTA_INFORMATION
{
1214 ULONG NextEntryOffset
;
1217 } FILE_GET_QUOTA_INFORMATION
, *PFILE_GET_QUOTA_INFORMATION
;
1219 typedef struct _FILE_QUOTA_INFORMATION
1221 ULONG NextEntryOffset
;
1223 LARGE_INTEGER ChangeTime
;
1224 LARGE_INTEGER QuotaUsed
;
1225 LARGE_INTEGER QuotaThreshold
;
1226 LARGE_INTEGER QuotaLimit
;
1228 } FILE_QUOTA_INFORMATION
, *PFILE_QUOTA_INFORMATION
;
1230 typedef struct _FILE_INTERNAL_INFORMATION
{
1231 LARGE_INTEGER IndexNumber
;
1232 } FILE_INTERNAL_INFORMATION
, *PFILE_INTERNAL_INFORMATION
;
1234 typedef struct _FILE_LINK_INFORMATION
{
1235 BOOLEAN ReplaceIfExists
;
1236 HANDLE RootDirectory
;
1237 ULONG FileNameLength
;
1239 } FILE_LINK_INFORMATION
, *PFILE_LINK_INFORMATION
;
1241 typedef struct _FILE_LOCK_INFO
1243 LARGE_INTEGER StartingByte
;
1244 LARGE_INTEGER Length
;
1245 BOOLEAN ExclusiveLock
;
1247 PFILE_OBJECT FileObject
;
1249 LARGE_INTEGER EndingByte
;
1250 } FILE_LOCK_INFO
, *PFILE_LOCK_INFO
;
1252 typedef struct _FILE_REPARSE_POINT_INFORMATION
1254 LONGLONG FileReference
;
1256 } FILE_REPARSE_POINT_INFORMATION
, *PFILE_REPARSE_POINT_INFORMATION
;
1258 typedef struct _FILE_MOVE_CLUSTER_INFORMATION
1261 HANDLE RootDirectory
;
1262 ULONG FileNameLength
;
1264 } FILE_MOVE_CLUSTER_INFORMATION
, *PFILE_MOVE_CLUSTER_INFORMATION
;
1266 typedef struct _FILE_NOTIFY_INFORMATION
1268 ULONG NextEntryOffset
;
1270 ULONG FileNameLength
;
1272 } FILE_NOTIFY_INFORMATION
, *PFILE_NOTIFY_INFORMATION
;
1274 /* raw internal file lock struct returned from FsRtlGetNextFileLock */
1275 typedef struct _FILE_SHARED_LOCK_ENTRY
{
1278 FILE_LOCK_INFO FileLock
;
1279 } FILE_SHARED_LOCK_ENTRY
, *PFILE_SHARED_LOCK_ENTRY
;
1281 /* raw internal file lock struct returned from FsRtlGetNextFileLock */
1282 typedef struct _FILE_EXCLUSIVE_LOCK_ENTRY
{
1283 LIST_ENTRY ListEntry
;
1286 FILE_LOCK_INFO FileLock
;
1287 } FILE_EXCLUSIVE_LOCK_ENTRY
, *PFILE_EXCLUSIVE_LOCK_ENTRY
;
1289 typedef NTSTATUS (NTAPI
*PCOMPLETE_LOCK_IRP_ROUTINE
) (
1294 typedef VOID (NTAPI
*PUNLOCK_ROUTINE
) (
1296 IN PFILE_LOCK_INFO FileLockInfo
1299 typedef struct _FILE_LOCK
{
1300 PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine
;
1301 PUNLOCK_ROUTINE UnlockRoutine
;
1302 BOOLEAN FastIoIsQuestionable
;
1304 PVOID LockInformation
;
1305 FILE_LOCK_INFO LastReturnedLockInfo
;
1306 PVOID LastReturnedLock
;
1307 } FILE_LOCK
, *PFILE_LOCK
;
1309 typedef struct _FILE_MAILSLOT_PEEK_BUFFER
{
1310 ULONG ReadDataAvailable
;
1311 ULONG NumberOfMessages
;
1312 ULONG MessageLength
;
1313 } FILE_MAILSLOT_PEEK_BUFFER
, *PFILE_MAILSLOT_PEEK_BUFFER
;
1315 typedef struct _FILE_MAILSLOT_QUERY_INFORMATION
{
1316 ULONG MaximumMessageSize
;
1317 ULONG MailslotQuota
;
1318 ULONG NextMessageSize
;
1319 ULONG MessagesAvailable
;
1320 LARGE_INTEGER ReadTimeout
;
1321 } FILE_MAILSLOT_QUERY_INFORMATION
, *PFILE_MAILSLOT_QUERY_INFORMATION
;
1323 typedef struct _FILE_MAILSLOT_SET_INFORMATION
{
1324 PLARGE_INTEGER ReadTimeout
;
1325 } FILE_MAILSLOT_SET_INFORMATION
, *PFILE_MAILSLOT_SET_INFORMATION
;
1327 typedef struct _FILE_MODE_INFORMATION
{
1329 } FILE_MODE_INFORMATION
, *PFILE_MODE_INFORMATION
;
1331 typedef struct _FILE_ALL_INFORMATION
{
1332 FILE_BASIC_INFORMATION BasicInformation
;
1333 FILE_STANDARD_INFORMATION StandardInformation
;
1334 FILE_INTERNAL_INFORMATION InternalInformation
;
1335 FILE_EA_INFORMATION EaInformation
;
1336 FILE_ACCESS_INFORMATION AccessInformation
;
1337 FILE_POSITION_INFORMATION PositionInformation
;
1338 FILE_MODE_INFORMATION ModeInformation
;
1339 FILE_ALIGNMENT_INFORMATION AlignmentInformation
;
1340 FILE_NAME_INFORMATION NameInformation
;
1341 } FILE_ALL_INFORMATION
, *PFILE_ALL_INFORMATION
;
1343 typedef struct _FILE_NAMES_INFORMATION
{
1344 ULONG NextEntryOffset
;
1346 ULONG FileNameLength
;
1348 } FILE_NAMES_INFORMATION
, *PFILE_NAMES_INFORMATION
;
1350 typedef struct _FILE_OBJECTID_INFORMATION
{
1351 LONGLONG FileReference
;
1353 _ANONYMOUS_UNION
union {
1355 UCHAR BirthVolumeId
[16];
1356 UCHAR BirthObjectId
[16];
1359 UCHAR ExtendedInfo
[48];
1361 } FILE_OBJECTID_INFORMATION
, *PFILE_OBJECTID_INFORMATION
;
1363 typedef struct _FILE_OLE_CLASSID_INFORMATION
{
1365 } FILE_OLE_CLASSID_INFORMATION
, *PFILE_OLE_CLASSID_INFORMATION
;
1367 typedef struct _FILE_OLE_ALL_INFORMATION
{
1368 FILE_BASIC_INFORMATION BasicInformation
;
1369 FILE_STANDARD_INFORMATION StandardInformation
;
1370 FILE_INTERNAL_INFORMATION InternalInformation
;
1371 FILE_EA_INFORMATION EaInformation
;
1372 FILE_ACCESS_INFORMATION AccessInformation
;
1373 FILE_POSITION_INFORMATION PositionInformation
;
1374 FILE_MODE_INFORMATION ModeInformation
;
1375 FILE_ALIGNMENT_INFORMATION AlignmentInformation
;
1378 LARGE_INTEGER SecurityChangeTime
;
1379 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation
;
1380 FILE_OBJECTID_INFORMATION ObjectIdInformation
;
1381 FILE_STORAGE_TYPE StorageType
;
1384 ULONG NumberOfStreamReferences
;
1387 BOOLEAN ContentIndexDisable
;
1388 BOOLEAN InheritContentIndexDisable
;
1389 FILE_NAME_INFORMATION NameInformation
;
1390 } FILE_OLE_ALL_INFORMATION
, *PFILE_OLE_ALL_INFORMATION
;
1392 typedef struct _FILE_OLE_DIR_INFORMATION
{
1393 ULONG NextEntryOffset
;
1395 LARGE_INTEGER CreationTime
;
1396 LARGE_INTEGER LastAccessTime
;
1397 LARGE_INTEGER LastWriteTime
;
1398 LARGE_INTEGER ChangeTime
;
1399 LARGE_INTEGER EndOfFile
;
1400 LARGE_INTEGER AllocationSize
;
1401 ULONG FileAttributes
;
1402 ULONG FileNameLength
;
1403 FILE_STORAGE_TYPE StorageType
;
1406 BOOLEAN ContentIndexDisable
;
1407 BOOLEAN InheritContentIndexDisable
;
1409 } FILE_OLE_DIR_INFORMATION
, *PFILE_OLE_DIR_INFORMATION
;
1411 typedef struct _FILE_OLE_INFORMATION
{
1412 LARGE_INTEGER SecurityChangeTime
;
1413 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation
;
1414 FILE_OBJECTID_INFORMATION ObjectIdInformation
;
1415 FILE_STORAGE_TYPE StorageType
;
1417 BOOLEAN ContentIndexDisable
;
1418 BOOLEAN InheritContentIndexDisable
;
1419 } FILE_OLE_INFORMATION
, *PFILE_OLE_INFORMATION
;
1421 typedef struct _FILE_OLE_STATE_BITS_INFORMATION
{
1423 ULONG StateBitsMask
;
1424 } FILE_OLE_STATE_BITS_INFORMATION
, *PFILE_OLE_STATE_BITS_INFORMATION
;
1426 typedef struct _FILE_PIPE_ASSIGN_EVENT_BUFFER
{
1429 } FILE_PIPE_ASSIGN_EVENT_BUFFER
, *PFILE_PIPE_ASSIGN_EVENT_BUFFER
;
1431 typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER
{
1432 PVOID ClientSession
;
1433 PVOID ClientProcess
;
1434 } FILE_PIPE_CLIENT_PROCESS_BUFFER
, *PFILE_PIPE_CLIENT_PROCESS_BUFFER
;
1436 typedef struct _FILE_PIPE_EVENT_BUFFER
{
1437 ULONG NamedPipeState
;
1441 ULONG NumberRequests
;
1442 } FILE_PIPE_EVENT_BUFFER
, *PFILE_PIPE_EVENT_BUFFER
;
1444 typedef struct _FILE_PIPE_PEEK_BUFFER
1446 ULONG NamedPipeState
;
1447 ULONG ReadDataAvailable
;
1448 ULONG NumberOfMessages
;
1449 ULONG MessageLength
;
1451 } FILE_PIPE_PEEK_BUFFER
, *PFILE_PIPE_PEEK_BUFFER
;
1453 typedef struct _FILE_PIPE_INFORMATION
{
1455 ULONG CompletionMode
;
1456 } FILE_PIPE_INFORMATION
, *PFILE_PIPE_INFORMATION
;
1458 typedef struct _FILE_PIPE_LOCAL_INFORMATION
{
1459 ULONG NamedPipeType
;
1460 ULONG NamedPipeConfiguration
;
1461 ULONG MaximumInstances
;
1462 ULONG CurrentInstances
;
1464 ULONG ReadDataAvailable
;
1465 ULONG OutboundQuota
;
1466 ULONG WriteQuotaAvailable
;
1467 ULONG NamedPipeState
;
1469 } FILE_PIPE_LOCAL_INFORMATION
, *PFILE_PIPE_LOCAL_INFORMATION
;
1471 typedef struct _FILE_PIPE_REMOTE_INFORMATION
{
1472 LARGE_INTEGER CollectDataTime
;
1473 ULONG MaximumCollectionCount
;
1474 } FILE_PIPE_REMOTE_INFORMATION
, *PFILE_PIPE_REMOTE_INFORMATION
;
1476 typedef struct _FILE_PIPE_WAIT_FOR_BUFFER
{
1477 LARGE_INTEGER Timeout
;
1479 BOOLEAN TimeoutSpecified
;
1481 } FILE_PIPE_WAIT_FOR_BUFFER
, *PFILE_PIPE_WAIT_FOR_BUFFER
;
1483 typedef struct _FILE_RENAME_INFORMATION
{
1484 BOOLEAN ReplaceIfExists
;
1485 HANDLE RootDirectory
;
1486 ULONG FileNameLength
;
1488 } FILE_RENAME_INFORMATION
, *PFILE_RENAME_INFORMATION
;
1490 typedef struct _FILE_STREAM_INFORMATION
{
1491 ULONG NextEntryOffset
;
1492 ULONG StreamNameLength
;
1493 LARGE_INTEGER StreamSize
;
1494 LARGE_INTEGER StreamAllocationSize
;
1495 WCHAR StreamName
[1];
1496 } FILE_STREAM_INFORMATION
, *PFILE_STREAM_INFORMATION
;
1498 typedef struct _FILE_TRACKING_INFORMATION
{
1499 HANDLE DestinationFile
;
1500 ULONG ObjectInformationLength
;
1501 CHAR ObjectInformation
[1];
1502 } FILE_TRACKING_INFORMATION
, *PFILE_TRACKING_INFORMATION
;
1504 #if (VER_PRODUCTBUILD >= 2195)
1505 typedef struct _FILE_ZERO_DATA_INFORMATION
{
1506 LARGE_INTEGER FileOffset
;
1507 LARGE_INTEGER BeyondFinalZero
;
1508 } FILE_ZERO_DATA_INFORMATION
, *PFILE_ZERO_DATA_INFORMATION
;
1510 typedef struct FILE_ALLOCATED_RANGE_BUFFER
{
1511 LARGE_INTEGER FileOffset
;
1512 LARGE_INTEGER Length
;
1513 } FILE_ALLOCATED_RANGE_BUFFER
, *PFILE_ALLOCATED_RANGE_BUFFER
;
1514 #endif /* (VER_PRODUCTBUILD >= 2195) */
1516 #define FSRTL_FCB_HEADER_V0 (0x00)
1517 #define FSRTL_FCB_HEADER_V1 (0x01)
1520 typedef struct _FSRTL_COMMON_FCB_HEADER
{
1521 CSHORT NodeTypeCode
;
1522 CSHORT NodeByteSize
;
1524 UCHAR IsFastIoPossible
;
1525 #if (VER_PRODUCTBUILD >= 1381)
1528 #endif /* (VER_PRODUCTBUILD >= 1381) */
1529 PERESOURCE Resource
;
1530 PERESOURCE PagingIoResource
;
1531 LARGE_INTEGER AllocationSize
;
1532 LARGE_INTEGER FileSize
;
1533 LARGE_INTEGER ValidDataLength
;
1534 } FSRTL_COMMON_FCB_HEADER
, *PFSRTL_COMMON_FCB_HEADER
;
1536 typedef enum _FSRTL_COMPARISON_RESULT
1541 } FSRTL_COMPARISON_RESULT
;
1543 #if (VER_PRODUCTBUILD >= 2600)
1545 typedef struct _FSRTL_ADVANCED_FCB_HEADER
{
1546 CSHORT NodeTypeCode
;
1547 CSHORT NodeByteSize
;
1549 UCHAR IsFastIoPossible
;
1553 PERESOURCE Resource
;
1554 PERESOURCE PagingIoResource
;
1555 LARGE_INTEGER AllocationSize
;
1556 LARGE_INTEGER FileSize
;
1557 LARGE_INTEGER ValidDataLength
;
1558 PFAST_MUTEX FastMutex
;
1559 LIST_ENTRY FilterContexts
;
1560 EX_PUSH_LOCK PushLock
;
1561 PVOID
*FileContextSupportPointer
;
1562 } FSRTL_ADVANCED_FCB_HEADER
, *PFSRTL_ADVANCED_FCB_HEADER
;
1564 typedef struct _FSRTL_PER_STREAM_CONTEXT
{
1568 PFREE_FUNCTION FreeCallback
;
1569 } FSRTL_PER_STREAM_CONTEXT
, *PFSRTL_PER_STREAM_CONTEXT
;
1571 typedef struct _FSRTL_PER_FILEOBJECT_CONTEXT
1576 } FSRTL_PER_FILEOBJECT_CONTEXT
, *PFSRTL_PER_FILEOBJECT_CONTEXT
;
1578 #endif /* (VER_PRODUCTBUILD >= 2600) */
1580 typedef struct _BASE_MCB
1582 ULONG MaximumPairCount
;
1587 } BASE_MCB
, *PBASE_MCB
;
1589 typedef struct _LARGE_MCB
1591 PKGUARDED_MUTEX GuardedMutex
;
1593 } LARGE_MCB
, *PLARGE_MCB
;
1597 LARGE_MCB DummyFieldThatSizesThisStructureCorrectly
;
1600 typedef struct _GENERATE_NAME_CONTEXT
{
1602 BOOLEAN CheckSumInserted
;
1604 WCHAR NameBuffer
[8];
1605 ULONG ExtensionLength
;
1606 WCHAR ExtensionBuffer
[4];
1607 ULONG LastIndexValue
;
1608 } GENERATE_NAME_CONTEXT
, *PGENERATE_NAME_CONTEXT
;
1610 typedef struct _MAPPING_PAIR
{
1613 } MAPPING_PAIR
, *PMAPPING_PAIR
;
1615 typedef struct _GET_RETRIEVAL_DESCRIPTOR
{
1616 ULONG NumberOfPairs
;
1618 MAPPING_PAIR Pair
[1];
1619 } GET_RETRIEVAL_DESCRIPTOR
, *PGET_RETRIEVAL_DESCRIPTOR
;
1621 typedef struct _KQUEUE
{
1622 DISPATCHER_HEADER Header
;
1623 LIST_ENTRY EntryListHead
;
1626 LIST_ENTRY ThreadListHead
;
1627 } KQUEUE
, *PKQUEUE
, *RESTRICTED_POINTER PRKQUEUE
;
1629 #define ASSERT_QUEUE(Q) ASSERT(((Q)->Header.Type & KOBJECT_TYPE_MASK) == QueueObject);
1631 typedef struct _MBCB
{
1632 CSHORT NodeTypeCode
;
1633 CSHORT NodeIsInZone
;
1637 LIST_ENTRY BitmapRanges
;
1638 LONGLONG ResumeWritePage
;
1639 BITMAP_RANGE BitmapRange1
;
1640 BITMAP_RANGE BitmapRange2
;
1641 BITMAP_RANGE BitmapRange3
;
1644 typedef struct _MOVEFILE_DESCRIPTOR
{
1647 LARGE_INTEGER StartVcn
;
1648 LARGE_INTEGER TargetLcn
;
1651 } MOVEFILE_DESCRIPTOR
, *PMOVEFILE_DESCRIPTOR
;
1653 typedef struct _OBJECT_BASIC_INFO
{
1655 ACCESS_MASK GrantedAccess
;
1657 ULONG ReferenceCount
;
1658 ULONG PagedPoolUsage
;
1659 ULONG NonPagedPoolUsage
;
1661 ULONG NameInformationLength
;
1662 ULONG TypeInformationLength
;
1663 ULONG SecurityDescriptorLength
;
1664 LARGE_INTEGER CreateTime
;
1665 } OBJECT_BASIC_INFO
, *POBJECT_BASIC_INFO
;
1667 typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFO
{
1669 BOOLEAN ProtectFromClose
;
1670 } OBJECT_HANDLE_ATTRIBUTE_INFO
, *POBJECT_HANDLE_ATTRIBUTE_INFO
;
1672 typedef struct _OBJECT_NAME_INFO
{
1673 UNICODE_STRING ObjectName
;
1674 WCHAR ObjectNameBuffer
[1];
1675 } OBJECT_NAME_INFO
, *POBJECT_NAME_INFO
;
1677 typedef struct _OBJECT_PROTECTION_INFO
{
1679 BOOLEAN ProtectHandle
;
1680 } OBJECT_PROTECTION_INFO
, *POBJECT_PROTECTION_INFO
;
1682 typedef struct _OBJECT_TYPE_INFO
{
1683 UNICODE_STRING ObjectTypeName
;
1684 UCHAR Unknown
[0x58];
1685 WCHAR ObjectTypeNameBuffer
[1];
1686 } OBJECT_TYPE_INFO
, *POBJECT_TYPE_INFO
;
1688 typedef struct _OBJECT_ALL_TYPES_INFO
{
1689 ULONG NumberOfObjectTypes
;
1690 OBJECT_TYPE_INFO ObjectsTypeInfo
[1];
1691 } OBJECT_ALL_TYPES_INFO
, *POBJECT_ALL_TYPES_INFO
;
1694 typedef struct _PATHNAME_BUFFER
{
1695 ULONG PathNameLength
;
1697 } PATHNAME_BUFFER
, *PPATHNAME_BUFFER
;
1699 typedef enum _RTL_GENERIC_COMPARE_RESULTS
1704 } RTL_GENERIC_COMPARE_RESULTS
;
1706 typedef enum _TABLE_SEARCH_RESULT
1712 } TABLE_SEARCH_RESULT
;
1715 (NTAPI
*PRTL_AVL_MATCH_FUNCTION
)(
1716 struct _RTL_AVL_TABLE
*Table
,
1721 typedef RTL_GENERIC_COMPARE_RESULTS
1722 (NTAPI
*PRTL_AVL_COMPARE_ROUTINE
) (
1723 struct _RTL_AVL_TABLE
*Table
,
1728 typedef RTL_GENERIC_COMPARE_RESULTS
1729 (NTAPI
*PRTL_GENERIC_COMPARE_ROUTINE
) (
1730 struct _RTL_GENERIC_TABLE
*Table
,
1736 (NTAPI
*PRTL_GENERIC_ALLOCATE_ROUTINE
) (
1737 struct _RTL_GENERIC_TABLE
*Table
,
1742 (NTAPI
*PRTL_GENERIC_FREE_ROUTINE
) (
1743 struct _RTL_GENERIC_TABLE
*Table
,
1748 (NTAPI
*PRTL_AVL_ALLOCATE_ROUTINE
) (
1749 struct _RTL_AVL_TABLE
*Table
,
1754 (NTAPI
*PRTL_AVL_FREE_ROUTINE
) (
1755 struct _RTL_AVL_TABLE
*Table
,
1759 typedef struct _PUBLIC_BCB
{
1760 CSHORT NodeTypeCode
;
1761 CSHORT NodeByteSize
;
1763 LARGE_INTEGER MappedFileOffset
;
1764 } PUBLIC_BCB
, *PPUBLIC_BCB
;
1766 typedef struct _QUERY_PATH_REQUEST
{
1767 ULONG PathNameLength
;
1768 PIO_SECURITY_CONTEXT SecurityContext
;
1769 WCHAR FilePathName
[1];
1770 } QUERY_PATH_REQUEST
, *PQUERY_PATH_REQUEST
;
1772 typedef struct _QUERY_PATH_RESPONSE
{
1773 ULONG LengthAccepted
;
1774 } QUERY_PATH_RESPONSE
, *PQUERY_PATH_RESPONSE
;
1776 typedef struct _RETRIEVAL_POINTERS_BUFFER
{
1778 LARGE_INTEGER StartingVcn
;
1780 LARGE_INTEGER NextVcn
;
1783 } RETRIEVAL_POINTERS_BUFFER
, *PRETRIEVAL_POINTERS_BUFFER
;
1785 typedef struct _RTL_SPLAY_LINKS
{
1786 struct _RTL_SPLAY_LINKS
*Parent
;
1787 struct _RTL_SPLAY_LINKS
*LeftChild
;
1788 struct _RTL_SPLAY_LINKS
*RightChild
;
1789 } RTL_SPLAY_LINKS
, *PRTL_SPLAY_LINKS
;
1791 typedef struct _RTL_BALANCED_LINKS
1793 struct _RTL_BALANCED_LINKS
*Parent
;
1794 struct _RTL_BALANCED_LINKS
*LeftChild
;
1795 struct _RTL_BALANCED_LINKS
*RightChild
;
1798 } RTL_BALANCED_LINKS
, *PRTL_BALANCED_LINKS
;
1800 typedef struct _RTL_GENERIC_TABLE
1802 PRTL_SPLAY_LINKS TableRoot
;
1803 LIST_ENTRY InsertOrderList
;
1804 PLIST_ENTRY OrderedPointer
;
1805 ULONG WhichOrderedElement
;
1806 ULONG NumberGenericTableElements
;
1807 PRTL_GENERIC_COMPARE_ROUTINE CompareRoutine
;
1808 PRTL_GENERIC_ALLOCATE_ROUTINE AllocateRoutine
;
1809 PRTL_GENERIC_FREE_ROUTINE FreeRoutine
;
1811 } RTL_GENERIC_TABLE
, *PRTL_GENERIC_TABLE
;
1813 typedef struct _UNICODE_PREFIX_TABLE_ENTRY
1815 CSHORT NodeTypeCode
;
1817 struct _UNICODE_PREFIX_TABLE_ENTRY
*NextPrefixTree
;
1818 struct _UNICODE_PREFIX_TABLE_ENTRY
*CaseMatch
;
1819 RTL_SPLAY_LINKS Links
;
1820 PUNICODE_STRING Prefix
;
1821 } UNICODE_PREFIX_TABLE_ENTRY
, *PUNICODE_PREFIX_TABLE_ENTRY
;
1823 typedef struct _UNICODE_PREFIX_TABLE
1825 CSHORT NodeTypeCode
;
1827 PUNICODE_PREFIX_TABLE_ENTRY NextPrefixTree
;
1828 PUNICODE_PREFIX_TABLE_ENTRY LastNextEntry
;
1829 } UNICODE_PREFIX_TABLE
, *PUNICODE_PREFIX_TABLE
;
1834 RtlInitializeUnicodePrefix (
1835 IN PUNICODE_PREFIX_TABLE PrefixTable
1841 RtlInsertUnicodePrefix (
1842 IN PUNICODE_PREFIX_TABLE PrefixTable
,
1843 IN PUNICODE_STRING Prefix
,
1844 IN PUNICODE_PREFIX_TABLE_ENTRY PrefixTableEntry
1850 RtlRemoveUnicodePrefix (
1851 IN PUNICODE_PREFIX_TABLE PrefixTable
,
1852 IN PUNICODE_PREFIX_TABLE_ENTRY PrefixTableEntry
1856 PUNICODE_PREFIX_TABLE_ENTRY
1858 RtlFindUnicodePrefix (
1859 IN PUNICODE_PREFIX_TABLE PrefixTable
,
1860 IN PUNICODE_STRING FullName
,
1861 IN ULONG CaseInsensitiveIndex
1865 PUNICODE_PREFIX_TABLE_ENTRY
1867 RtlNextUnicodePrefix (
1868 IN PUNICODE_PREFIX_TABLE PrefixTable
,
1872 #undef PRTL_GENERIC_COMPARE_ROUTINE
1873 #undef PRTL_GENERIC_ALLOCATE_ROUTINE
1874 #undef PRTL_GENERIC_FREE_ROUTINE
1875 #undef RTL_GENERIC_TABLE
1876 #undef PRTL_GENERIC_TABLE
1878 #define PRTL_GENERIC_COMPARE_ROUTINE PRTL_AVL_COMPARE_ROUTINE
1879 #define PRTL_GENERIC_ALLOCATE_ROUTINE PRTL_AVL_ALLOCATE_ROUTINE
1880 #define PRTL_GENERIC_FREE_ROUTINE PRTL_AVL_FREE_ROUTINE
1881 #define RTL_GENERIC_TABLE RTL_AVL_TABLE
1882 #define PRTL_GENERIC_TABLE PRTL_AVL_TABLE
1884 #define RtlInitializeGenericTable RtlInitializeGenericTableAvl
1885 #define RtlInsertElementGenericTable RtlInsertElementGenericTableAvl
1886 #define RtlInsertElementGenericTableFull RtlInsertElementGenericTableFullAvl
1887 #define RtlDeleteElementGenericTable RtlDeleteElementGenericTableAvl
1888 #define RtlLookupElementGenericTable RtlLookupElementGenericTableAvl
1889 #define RtlLookupElementGenericTableFull RtlLookupElementGenericTableFullAvl
1890 #define RtlEnumerateGenericTable RtlEnumerateGenericTableAvl
1891 #define RtlEnumerateGenericTableWithoutSplaying RtlEnumerateGenericTableWithoutSplayingAvl
1892 #define RtlGetElementGenericTable RtlGetElementGenericTableAvl
1893 #define RtlNumberGenericTableElements RtlNumberGenericTableElementsAvl
1894 #define RtlIsGenericTableEmpty RtlIsGenericTableEmptyAvl
1896 typedef struct _RTL_AVL_TABLE
1898 RTL_BALANCED_LINKS BalancedRoot
;
1899 PVOID OrderedPointer
;
1900 ULONG WhichOrderedElement
;
1901 ULONG NumberGenericTableElements
;
1903 PRTL_BALANCED_LINKS RestartKey
;
1905 PRTL_AVL_COMPARE_ROUTINE CompareRoutine
;
1906 PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine
;
1907 PRTL_AVL_FREE_ROUTINE FreeRoutine
;
1909 } RTL_AVL_TABLE
, *PRTL_AVL_TABLE
;
1914 RtlInitializeGenericTableAvl(
1915 PRTL_AVL_TABLE Table
,
1916 PRTL_AVL_COMPARE_ROUTINE CompareRoutine
,
1917 PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine
,
1918 PRTL_AVL_FREE_ROUTINE FreeRoutine
,
1925 RtlInsertElementGenericTableAvl (
1926 PRTL_AVL_TABLE Table
,
1929 PBOOLEAN NewElement OPTIONAL
1935 RtlDeleteElementGenericTableAvl (
1936 PRTL_AVL_TABLE Table
,
1943 RtlLookupElementGenericTableAvl (
1944 PRTL_AVL_TABLE Table
,
1951 RtlEnumerateGenericTableWithoutSplayingAvl (
1952 PRTL_AVL_TABLE Table
,
1956 #if defined(USE_LPC6432)
1957 #define LPC_CLIENT_ID CLIENT_ID64
1958 #define LPC_SIZE_T ULONGLONG
1959 #define LPC_PVOID ULONGLONG
1960 #define LPC_HANDLE ULONGLONG
1962 #define LPC_CLIENT_ID CLIENT_ID
1963 #define LPC_SIZE_T SIZE_T
1964 #define LPC_PVOID PVOID
1965 #define LPC_HANDLE HANDLE
1968 typedef struct _PORT_MESSAGE
1984 CSHORT DataInfoOffset
;
1990 LPC_CLIENT_ID ClientId
;
1991 double DoNotUseThisField
;
1996 LPC_SIZE_T ClientViewSize
;
1999 } PORT_MESSAGE
, *PPORT_MESSAGE
;
2001 #define LPC_KERNELMODE_MESSAGE (CSHORT)((USHORT)0x8000)
2003 typedef struct _PORT_VIEW
2006 LPC_HANDLE SectionHandle
;
2007 ULONG SectionOffset
;
2008 LPC_SIZE_T ViewSize
;
2010 LPC_PVOID ViewRemoteBase
;
2011 } PORT_VIEW
, *PPORT_VIEW
;
2013 typedef struct _REMOTE_PORT_VIEW
2016 LPC_SIZE_T ViewSize
;
2018 } REMOTE_PORT_VIEW
, *PREMOTE_PORT_VIEW
;
2020 typedef struct _SE_EXPORTS
{
2022 LUID SeCreateTokenPrivilege
;
2023 LUID SeAssignPrimaryTokenPrivilege
;
2024 LUID SeLockMemoryPrivilege
;
2025 LUID SeIncreaseQuotaPrivilege
;
2026 LUID SeUnsolicitedInputPrivilege
;
2027 LUID SeTcbPrivilege
;
2028 LUID SeSecurityPrivilege
;
2029 LUID SeTakeOwnershipPrivilege
;
2030 LUID SeLoadDriverPrivilege
;
2031 LUID SeCreatePagefilePrivilege
;
2032 LUID SeIncreaseBasePriorityPrivilege
;
2033 LUID SeSystemProfilePrivilege
;
2034 LUID SeSystemtimePrivilege
;
2035 LUID SeProfileSingleProcessPrivilege
;
2036 LUID SeCreatePermanentPrivilege
;
2037 LUID SeBackupPrivilege
;
2038 LUID SeRestorePrivilege
;
2039 LUID SeShutdownPrivilege
;
2040 LUID SeDebugPrivilege
;
2041 LUID SeAuditPrivilege
;
2042 LUID SeSystemEnvironmentPrivilege
;
2043 LUID SeChangeNotifyPrivilege
;
2044 LUID SeRemoteShutdownPrivilege
;
2049 PSID SeCreatorOwnerSid
;
2050 PSID SeCreatorGroupSid
;
2052 PSID SeNtAuthoritySid
;
2056 PSID SeInteractiveSid
;
2057 PSID SeLocalSystemSid
;
2058 PSID SeAliasAdminsSid
;
2059 PSID SeAliasUsersSid
;
2060 PSID SeAliasGuestsSid
;
2061 PSID SeAliasPowerUsersSid
;
2062 PSID SeAliasAccountOpsSid
;
2063 PSID SeAliasSystemOpsSid
;
2064 PSID SeAliasPrintOpsSid
;
2065 PSID SeAliasBackupOpsSid
;
2067 PSID SeAuthenticatedUsersSid
;
2069 PSID SeRestrictedSid
;
2070 PSID SeAnonymousLogonSid
;
2072 LUID SeUndockPrivilege
;
2073 LUID SeSyncAgentPrivilege
;
2074 LUID SeEnableDelegationPrivilege
;
2076 } SE_EXPORTS
, *PSE_EXPORTS
;
2078 extern PSE_EXPORTS SeExports
;
2082 LARGE_INTEGER StartingLcn
;
2083 } STARTING_LCN_INPUT_BUFFER
, *PSTARTING_LCN_INPUT_BUFFER
;
2085 typedef struct _STARTING_VCN_INPUT_BUFFER
{
2086 LARGE_INTEGER StartingVcn
;
2087 } STARTING_VCN_INPUT_BUFFER
, *PSTARTING_VCN_INPUT_BUFFER
;
2089 typedef struct _SECURITY_CLIENT_CONTEXT
{
2090 SECURITY_QUALITY_OF_SERVICE SecurityQos
;
2091 PACCESS_TOKEN ClientToken
;
2092 BOOLEAN DirectlyAccessClientToken
;
2093 BOOLEAN DirectAccessEffectiveOnly
;
2094 BOOLEAN ServerIsRemote
;
2095 TOKEN_CONTROL ClientTokenControl
;
2096 } SECURITY_CLIENT_CONTEXT
, *PSECURITY_CLIENT_CONTEXT
;
2099 // The following are the inherit flags that go into the AceFlags field
2100 // of an Ace header.
2102 #define OBJECT_INHERIT_ACE (0x1)
2103 #define CONTAINER_INHERIT_ACE (0x2)
2104 #define NO_PROPAGATE_INHERIT_ACE (0x4)
2105 #define INHERIT_ONLY_ACE (0x8)
2106 #define INHERITED_ACE (0x10)
2107 #define VALID_INHERIT_FLAGS (0x1F)
2109 typedef struct _ACE_HEADER
2114 } ACE_HEADER
, *PACE_HEADER
;
2116 typedef struct _ACCESS_ALLOWED_ACE
2121 } ACCESS_ALLOWED_ACE
, *PACCESS_ALLOWED_ACE
;
2123 typedef struct _ACCESS_DENIED_ACE
2128 } ACCESS_DENIED_ACE
, *PACCESS_DENIED_ACE
;
2130 typedef struct _SYSTEM_AUDIT_ACE
2135 } SYSTEM_AUDIT_ACE
, *PSYSTEM_AUDIT_ACE
;
2137 typedef struct _SYSTEM_ALARM_ACE
2142 } SYSTEM_ALARM_ACE
, *PSYSTEM_ALARM_ACE
;
2144 typedef struct _SYSTEM_MANDATORY_LABEL_ACE
2149 } SYSTEM_MANDATORY_LABEL_ACE
, *PSYSTEM_MANDATORY_LABEL_ACE
;
2151 typedef struct _TUNNEL
{
2153 PRTL_SPLAY_LINKS Cache
;
2154 LIST_ENTRY TimerQueue
;
2158 typedef struct _VAD_HEADER
{
2161 struct _VAD_HEADER
* ParentLink
;
2162 struct _VAD_HEADER
* LeftLink
;
2163 struct _VAD_HEADER
* RightLink
;
2164 ULONG Flags
; /* LSB = CommitCharge */
2166 PVOID FirstProtoPte
;
2170 } VAD_HEADER
, *PVAD_HEADER
;
2174 LARGE_INTEGER StartingLcn
;
2175 LARGE_INTEGER BitmapSize
;
2177 } VOLUME_BITMAP_BUFFER
, *PVOLUME_BITMAP_BUFFER
;
2179 #if (VER_PRODUCTBUILD >= 2600)
2182 (NTAPI
*PFILTER_REPORT_CHANGE
) (
2183 IN PVOID NotifyContext
,
2184 IN PVOID FilterContext
2187 typedef enum _FS_FILTER_SECTION_SYNC_TYPE
{
2189 SyncTypeCreateSection
2190 } FS_FILTER_SECTION_SYNC_TYPE
, *PFS_FILTER_SECTION_SYNC_TYPE
;
2192 typedef enum _FS_FILTER_STREAM_FO_NOTIFICATION_TYPE
{
2193 NotifyTypeCreate
= 0,
2195 } FS_FILTER_STREAM_FO_NOTIFICATION_TYPE
, *PFS_FILTER_STREAM_FO_NOTIFICATION_TYPE
;
2197 typedef union _FS_FILTER_PARAMETERS
{
2199 PLARGE_INTEGER EndingOffset
;
2200 PERESOURCE
*ResourceToRelease
;
2201 } AcquireForModifiedPageWriter
;
2204 PERESOURCE ResourceToRelease
;
2205 } ReleaseForModifiedPageWriter
;
2208 FS_FILTER_SECTION_SYNC_TYPE SyncType
;
2209 ULONG PageProtection
;
2210 } AcquireForSectionSynchronization
;
2213 FS_FILTER_STREAM_FO_NOTIFICATION_TYPE NotificationType
;
2214 BOOLEAN POINTER_ALIGNMENT SafeToRecurse
;
2215 } NotifyStreamFileObject
;
2224 } FS_FILTER_PARAMETERS
, *PFS_FILTER_PARAMETERS
;
2226 typedef struct _FS_FILTER_CALLBACK_DATA
{
2227 ULONG SizeOfFsFilterCallbackData
;
2230 struct _DEVICE_OBJECT
*DeviceObject
;
2231 struct _FILE_OBJECT
*FileObject
;
2232 FS_FILTER_PARAMETERS Parameters
;
2233 } FS_FILTER_CALLBACK_DATA
, *PFS_FILTER_CALLBACK_DATA
;
2236 (NTAPI
*PFS_FILTER_CALLBACK
) (
2237 IN PFS_FILTER_CALLBACK_DATA Data
,
2238 OUT PVOID
*CompletionContext
2242 (NTAPI
*PFS_FILTER_COMPLETION_CALLBACK
) (
2243 IN PFS_FILTER_CALLBACK_DATA Data
,
2244 IN NTSTATUS OperationStatus
,
2245 IN PVOID CompletionContext
2248 typedef struct _FS_FILTER_CALLBACKS
{
2249 ULONG SizeOfFsFilterCallbacks
;
2251 PFS_FILTER_CALLBACK PreAcquireForSectionSynchronization
;
2252 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForSectionSynchronization
;
2253 PFS_FILTER_CALLBACK PreReleaseForSectionSynchronization
;
2254 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForSectionSynchronization
;
2255 PFS_FILTER_CALLBACK PreAcquireForCcFlush
;
2256 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForCcFlush
;
2257 PFS_FILTER_CALLBACK PreReleaseForCcFlush
;
2258 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForCcFlush
;
2259 PFS_FILTER_CALLBACK PreAcquireForModifiedPageWriter
;
2260 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForModifiedPageWriter
;
2261 PFS_FILTER_CALLBACK PreReleaseForModifiedPageWriter
;
2262 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForModifiedPageWriter
;
2263 } FS_FILTER_CALLBACKS
, *PFS_FILTER_CALLBACKS
;
2265 typedef struct _READ_LIST
{
2266 PFILE_OBJECT FileObject
;
2267 ULONG NumberOfEntries
;
2269 FILE_SEGMENT_ELEMENT List
[ANYSIZE_ARRAY
];
2270 } READ_LIST
, *PREAD_LIST
;
2275 (NTAPI
* PRTL_HEAP_COMMIT_ROUTINE
) (
2277 IN OUT PVOID
*CommitAddress
,
2278 IN OUT PSIZE_T CommitSize
2281 typedef struct _RTL_HEAP_PARAMETERS
{
2283 SIZE_T SegmentReserve
;
2284 SIZE_T SegmentCommit
;
2285 SIZE_T DeCommitFreeBlockThreshold
;
2286 SIZE_T DeCommitTotalFreeThreshold
;
2287 SIZE_T MaximumAllocationSize
;
2288 SIZE_T VirtualMemoryThreshold
;
2289 SIZE_T InitialCommit
;
2290 SIZE_T InitialReserve
;
2291 PRTL_HEAP_COMMIT_ROUTINE CommitRoutine
;
2293 } RTL_HEAP_PARAMETERS
, *PRTL_HEAP_PARAMETERS
;
2299 IN PFILE_OBJECT FileObject
,
2300 IN ULONG BytesToWrite
,
2309 IN PFILE_OBJECT FileObject
,
2310 IN PLARGE_INTEGER FileOffset
,
2314 OUT PIO_STATUS_BLOCK IoStatus
2321 IN PFILE_OBJECT FileObject
,
2322 IN PLARGE_INTEGER FileOffset
,
2328 #define CcCopyWriteWontFlush(FO, FOFF, LEN) ((LEN) <= 0x10000)
2330 typedef VOID (NTAPI
*PCC_POST_DEFERRED_WRITE
) (
2339 IN PFILE_OBJECT FileObject
,
2340 IN PCC_POST_DEFERRED_WRITE PostRoutine
,
2343 IN ULONG BytesToWrite
,
2351 IN PFILE_OBJECT FileObject
,
2352 IN ULONG FileOffset
,
2356 OUT PIO_STATUS_BLOCK IoStatus
2363 IN PFILE_OBJECT FileObject
,
2364 IN ULONG FileOffset
,
2373 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
2374 IN PLARGE_INTEGER FileOffset OPTIONAL
,
2376 OUT PIO_STATUS_BLOCK IoStatus OPTIONAL
2379 typedef VOID (NTAPI
*PDIRTY_PAGE_ROUTINE
) (
2380 IN PFILE_OBJECT FileObject
,
2381 IN PLARGE_INTEGER FileOffset
,
2383 IN PLARGE_INTEGER OldestLsn
,
2384 IN PLARGE_INTEGER NewestLsn
,
2394 IN PDIRTY_PAGE_ROUTINE DirtyPageRoutine
,
2402 CcGetFileObjectFromBcb (
2409 CcGetFileObjectFromSectionPtrs (
2410 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
2413 #define CcGetFileSizePointer(FO) ( \
2414 ((PLARGE_INTEGER)((FO)->SectionObjectPointer->SharedCacheMap) + 1) \
2417 #if (VER_PRODUCTBUILD >= 2195)
2422 CcGetFlushedValidData (
2423 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
2424 IN BOOLEAN BcbListHeld
2427 #endif /* (VER_PRODUCTBUILD >= 2195) */
2432 CcGetLsnForFileObject (
2433 IN PFILE_OBJECT FileObject
,
2434 OUT PLARGE_INTEGER OldestLsn OPTIONAL
2437 typedef BOOLEAN (NTAPI
*PACQUIRE_FOR_LAZY_WRITE
) (
2442 typedef VOID (NTAPI
*PRELEASE_FROM_LAZY_WRITE
) (
2446 typedef BOOLEAN (NTAPI
*PACQUIRE_FOR_READ_AHEAD
) (
2451 typedef VOID (NTAPI
*PRELEASE_FROM_READ_AHEAD
) (
2455 typedef struct _CACHE_MANAGER_CALLBACKS
{
2456 PACQUIRE_FOR_LAZY_WRITE AcquireForLazyWrite
;
2457 PRELEASE_FROM_LAZY_WRITE ReleaseFromLazyWrite
;
2458 PACQUIRE_FOR_READ_AHEAD AcquireForReadAhead
;
2459 PRELEASE_FROM_READ_AHEAD ReleaseFromReadAhead
;
2460 } CACHE_MANAGER_CALLBACKS
, *PCACHE_MANAGER_CALLBACKS
;
2465 CcInitializeCacheMap (
2466 IN PFILE_OBJECT FileObject
,
2467 IN PCC_FILE_SIZES FileSizes
,
2468 IN BOOLEAN PinAccess
,
2469 IN PCACHE_MANAGER_CALLBACKS Callbacks
,
2470 IN PVOID LazyWriteContext
2473 #define CcIsFileCached(FO) ( \
2474 ((FO)->SectionObjectPointer != NULL) && \
2475 (((PSECTION_OBJECT_POINTERS)(FO)->SectionObjectPointer)->SharedCacheMap != NULL) \
2478 extern ULONG CcFastMdlReadWait
;
2483 CcIsThereDirtyData (
2491 IN PFILE_OBJECT FileObject
,
2492 IN PLARGE_INTEGER FileOffset
,
2503 IN PFILE_OBJECT FileObject
,
2504 IN PLARGE_INTEGER FileOffset
,
2507 OUT PIO_STATUS_BLOCK IoStatus
2514 IN PFILE_OBJECT FileObject
,
2521 CcMdlWriteComplete (
2522 IN PFILE_OBJECT FileObject
,
2523 IN PLARGE_INTEGER FileOffset
,
2533 IN PFILE_OBJECT FileObject
,
2534 IN PLARGE_INTEGER FileOffset
,
2544 IN PFILE_OBJECT FileObject
,
2545 IN PLARGE_INTEGER FileOffset
,
2556 IN PFILE_OBJECT FileObject
,
2557 IN PLARGE_INTEGER FileOffset
,
2560 OUT PIO_STATUS_BLOCK IoStatus
2567 IN PFILE_OBJECT FileObject
,
2568 IN PLARGE_INTEGER FileOffset
,
2579 CcPurgeCacheSection (
2580 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
2581 IN PLARGE_INTEGER FileOffset OPTIONAL
,
2583 IN BOOLEAN UninitializeCacheMaps
2586 #define CcReadAhead(FO, FOFF, LEN) ( \
2587 if ((LEN) >= 256) { \
2588 CcScheduleReadAhead((FO), (FOFF), (LEN)); \
2592 #if (VER_PRODUCTBUILD >= 2195)
2601 #endif /* (VER_PRODUCTBUILD >= 2195) */
2613 CcScheduleReadAhead (
2614 IN PFILE_OBJECT FileObject
,
2615 IN PLARGE_INTEGER FileOffset
,
2622 CcSetAdditionalCacheAttributes (
2623 IN PFILE_OBJECT FileObject
,
2624 IN BOOLEAN DisableReadAhead
,
2625 IN BOOLEAN DisableWriteBehind
2631 CcSetBcbOwnerPointer (
2633 IN PVOID OwnerPointer
2639 CcSetDirtyPageThreshold (
2640 IN PFILE_OBJECT FileObject
,
2641 IN ULONG DirtyPageThreshold
2647 CcSetDirtyPinnedData (
2649 IN PLARGE_INTEGER Lsn OPTIONAL
2656 IN PFILE_OBJECT FileObject
,
2657 IN PCC_FILE_SIZES FileSizes
2660 typedef VOID (NTAPI
*PFLUSH_TO_LSN
) (
2662 IN LARGE_INTEGER Lsn
2668 CcSetLogHandleForFile (
2669 IN PFILE_OBJECT FileObject
,
2671 IN PFLUSH_TO_LSN FlushToLsnRoutine
2677 CcSetReadAheadGranularity (
2678 IN PFILE_OBJECT FileObject
,
2679 IN ULONG Granularity
/* default: PAGE_SIZE */
2680 /* allowed: 2^n * PAGE_SIZE */
2686 CcUninitializeCacheMap (
2687 IN PFILE_OBJECT FileObject
,
2688 IN PLARGE_INTEGER TruncateSize OPTIONAL
,
2689 IN PCACHE_UNINITIALIZE_EVENT UninitializeCompleteEvent OPTIONAL
2702 CcUnpinDataForThread (
2704 IN ERESOURCE_THREAD ResourceThreadId
2710 CcUnpinRepinnedBcb (
2712 IN BOOLEAN WriteThrough
,
2713 OUT PIO_STATUS_BLOCK IoStatus
2716 #if (VER_PRODUCTBUILD >= 2195)
2721 CcWaitForCurrentLazyWriterActivity (
2725 #endif /* (VER_PRODUCTBUILD >= 2195) */
2731 IN PFILE_OBJECT FileObject
,
2732 IN PLARGE_INTEGER StartOffset
,
2733 IN PLARGE_INTEGER EndOffset
,
2740 ExDisableResourceBoostLite (
2741 IN PERESOURCE Resource
2747 ExQueryPoolBlockSize (
2749 OUT PBOOLEAN QuotaCharged
2752 #if (VER_PRODUCTBUILD >= 2600)
2754 #ifndef __NTOSKRNL__
2758 ExInitializeRundownProtection (
2759 IN PEX_RUNDOWN_REF RunRef
2765 ExReInitializeRundownProtection (
2766 IN PEX_RUNDOWN_REF RunRef
2772 ExAcquireRundownProtection (
2773 IN PEX_RUNDOWN_REF RunRef
2779 ExAcquireRundownProtectionEx (
2780 IN PEX_RUNDOWN_REF RunRef
,
2787 ExReleaseRundownProtection (
2788 IN PEX_RUNDOWN_REF RunRef
2794 ExReleaseRundownProtectionEx (
2795 IN PEX_RUNDOWN_REF RunRef
,
2802 ExRundownCompleted (
2803 IN PEX_RUNDOWN_REF RunRef
2809 ExWaitForRundownProtectionRelease (
2810 IN PEX_RUNDOWN_REF RunRef
2814 #endif /* (VER_PRODUCTBUILD >= 2600) */
2817 #define FsRtlSetupAdvancedHeader( _advhdr, _fmutx ) \
2819 SetFlag( (_advhdr)->Flags, FSRTL_FLAG_ADVANCED_HEADER ); \
2820 SetFlag( (_advhdr)->Flags2, FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS ); \
2821 (_advhdr)->Version = FSRTL_FCB_HEADER_V1; \
2822 InitializeListHead( &(_advhdr)->FilterContexts ); \
2823 if ((_fmutx) != NULL) { \
2824 (_advhdr)->FastMutex = (_fmutx); \
2826 *((PULONG_PTR)(&(_advhdr)->PushLock)) = 0; \
2827 /*ExInitializePushLock( &(_advhdr)->PushLock ); API Not avaliable downlevel*/\
2828 (_advhdr)->FileContextSupportPointer = NULL; \
2834 FsRtlAddBaseMcbEntry (
2838 IN LONGLONG SectorCount
2844 FsRtlAddLargeMcbEntry (
2848 IN LONGLONG SectorCount
2858 IN ULONG SectorCount
2864 FsRtlAddToTunnelCache (
2866 IN ULONGLONG DirectoryKey
,
2867 IN PUNICODE_STRING ShortName
,
2868 IN PUNICODE_STRING LongName
,
2869 IN BOOLEAN KeyByShortName
,
2870 IN ULONG DataLength
,
2874 #if (VER_PRODUCTBUILD >= 2195)
2878 FsRtlAllocateFileLock (
2879 IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL
,
2880 IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL
2883 #endif /* (VER_PRODUCTBUILD >= 2195) */
2889 IN POOL_TYPE PoolType
,
2890 IN ULONG NumberOfBytes
2896 FsRtlAllocatePoolWithQuota (
2897 IN POOL_TYPE PoolType
,
2898 IN ULONG NumberOfBytes
2904 FsRtlAllocatePoolWithQuotaTag (
2905 IN POOL_TYPE PoolType
,
2906 IN ULONG NumberOfBytes
,
2913 FsRtlAllocatePoolWithTag (
2914 IN POOL_TYPE PoolType
,
2915 IN ULONG NumberOfBytes
,
2922 FsRtlAreNamesEqual (
2923 IN PCUNICODE_STRING Name1
,
2924 IN PCUNICODE_STRING Name2
,
2925 IN BOOLEAN IgnoreCase
,
2926 IN PCWCH UpcaseTable OPTIONAL
2929 #define FsRtlAreThereCurrentFileLocks(FL) ( \
2930 ((FL)->FastIoIsQuestionable) \
2934 FsRtlCheckLockForReadAccess:
2936 All this really does is pick out the lock parameters from the irp (io stack
2937 location?), get IoGetRequestorProcess, and pass values on to
2938 FsRtlFastCheckLockForRead.
2943 FsRtlCheckLockForReadAccess (
2944 IN PFILE_LOCK FileLock
,
2949 FsRtlCheckLockForWriteAccess:
2951 All this really does is pick out the lock parameters from the irp (io stack
2952 location?), get IoGetRequestorProcess, and pass values on to
2953 FsRtlFastCheckLockForWrite.
2958 FsRtlCheckLockForWriteAccess (
2959 IN PFILE_LOCK FileLock
,
2965 (NTAPI
*POPLOCK_WAIT_COMPLETE_ROUTINE
) (
2972 (NTAPI
*POPLOCK_FS_PREPOST_IRP
) (
2984 IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL
,
2985 IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL
2992 IN PFILE_OBJECT FileObject
,
2993 IN PLARGE_INTEGER FileOffset
,
2998 OUT PIO_STATUS_BLOCK IoStatus
,
2999 IN PDEVICE_OBJECT DeviceObject
3006 IN PFILE_OBJECT FileObject
,
3007 IN PLARGE_INTEGER FileOffset
,
3012 OUT PIO_STATUS_BLOCK IoStatus
,
3013 IN PDEVICE_OBJECT DeviceObject
3016 #define HEAP_NO_SERIALIZE 0x00000001
3017 #define HEAP_GROWABLE 0x00000002
3018 #define HEAP_GENERATE_EXCEPTIONS 0x00000004
3019 #define HEAP_ZERO_MEMORY 0x00000008
3020 #define HEAP_REALLOC_IN_PLACE_ONLY 0x00000010
3021 #define HEAP_TAIL_CHECKING_ENABLED 0x00000020
3022 #define HEAP_FREE_CHECKING_ENABLED 0x00000040
3023 #define HEAP_DISABLE_COALESCE_ON_FREE 0x00000080
3025 #define HEAP_CREATE_ALIGN_16 0x00010000
3026 #define HEAP_CREATE_ENABLE_TRACING 0x00020000
3027 #define HEAP_CREATE_ENABLE_EXECUTE 0x00040000
3034 IN PVOID HeapBase OPTIONAL
,
3035 IN SIZE_T ReserveSize OPTIONAL
,
3036 IN SIZE_T CommitSize OPTIONAL
,
3037 IN PVOID Lock OPTIONAL
,
3038 IN PRTL_HEAP_PARAMETERS Parameters OPTIONAL
3044 FsRtlCurrentBatchOplock (
3051 FsRtlDeleteKeyFromTunnelCache (
3053 IN ULONGLONG DirectoryKey
3059 FsRtlDeleteTunnelCache (
3066 FsRtlDeregisterUncProvider (
3081 IN ANSI_STRING Name
,
3082 OUT PANSI_STRING FirstPart
,
3083 OUT PANSI_STRING RemainingPart
3090 IN UNICODE_STRING Name
,
3091 OUT PUNICODE_STRING FirstPart
,
3092 OUT PUNICODE_STRING RemainingPart
3098 FsRtlDoesDbcsContainWildCards (
3099 IN PANSI_STRING Name
3105 FsRtlDoesNameContainWildCards (
3106 IN PUNICODE_STRING Name
3112 FsRtlIsFatDbcsLegal (
3113 IN ANSI_STRING DbcsName
,
3114 IN BOOLEAN WildCardsPermissible
,
3115 IN BOOLEAN PathNamePermissible
,
3116 IN BOOLEAN LeadingBackslashPermissible
3120 #define FsRtlCompleteRequest(IRP,STATUS) { \
3121 (IRP)->IoStatus.Status = (STATUS); \
3122 IoCompleteRequest( (IRP), IO_DISK_INCREMENT ); \
3125 #define FsRtlEnterFileSystem KeEnterCriticalRegion
3127 #define FsRtlExitFileSystem KeLeaveCriticalRegion
3132 FsRtlFastCheckLockForRead (
3133 IN PFILE_LOCK FileLock
,
3134 IN PLARGE_INTEGER FileOffset
,
3135 IN PLARGE_INTEGER Length
,
3137 IN PFILE_OBJECT FileObject
,
3144 FsRtlFastCheckLockForWrite (
3145 IN PFILE_LOCK FileLock
,
3146 IN PLARGE_INTEGER FileOffset
,
3147 IN PLARGE_INTEGER Length
,
3149 IN PFILE_OBJECT FileObject
,
3153 #define FsRtlFastLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, A10, A11) ( \
3154 FsRtlPrivateLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, NULL, A10, A11) \
3160 FsRtlFastUnlockAll (
3161 IN PFILE_LOCK FileLock
,
3162 IN PFILE_OBJECT FileObject
,
3163 IN PEPROCESS Process
,
3164 IN PVOID Context OPTIONAL
3166 /* ret: STATUS_RANGE_NOT_LOCKED */
3171 FsRtlFastUnlockAllByKey (
3172 IN PFILE_LOCK FileLock
,
3173 IN PFILE_OBJECT FileObject
,
3174 IN PEPROCESS Process
,
3176 IN PVOID Context OPTIONAL
3178 /* ret: STATUS_RANGE_NOT_LOCKED */
3183 FsRtlFastUnlockSingle (
3184 IN PFILE_LOCK FileLock
,
3185 IN PFILE_OBJECT FileObject
,
3186 IN PLARGE_INTEGER FileOffset
,
3187 IN PLARGE_INTEGER Length
,
3188 IN PEPROCESS Process
,
3190 IN PVOID Context OPTIONAL
,
3191 IN BOOLEAN AlreadySynchronized
3193 /* ret: STATUS_RANGE_NOT_LOCKED */
3198 FsRtlFindInTunnelCache (
3200 IN ULONGLONG DirectoryKey
,
3201 IN PUNICODE_STRING Name
,
3202 OUT PUNICODE_STRING ShortName
,
3203 OUT PUNICODE_STRING LongName
,
3204 IN OUT PULONG DataLength
,
3208 #if (VER_PRODUCTBUILD >= 2195)
3214 IN PFILE_LOCK FileLock
3217 #endif /* (VER_PRODUCTBUILD >= 2195) */
3223 IN PFILE_OBJECT FileObject
,
3224 IN OUT PLARGE_INTEGER FileSize
3230 FsRtlGetNextBaseMcbEntry (
3235 OUT PLONGLONG SectorCount
3239 FsRtlGetNextFileLock:
3241 ret: NULL if no more locks
3244 FsRtlGetNextFileLock uses FileLock->LastReturnedLockInfo and
3245 FileLock->LastReturnedLock as storage.
3246 LastReturnedLock is a pointer to the 'raw' lock inkl. double linked
3247 list, and FsRtlGetNextFileLock needs this to get next lock on subsequent
3248 calls with Restart = FALSE.
3253 FsRtlGetNextFileLock (
3254 IN PFILE_LOCK FileLock
,
3261 FsRtlGetNextLargeMcbEntry (
3266 OUT PLONGLONG SectorCount
3272 FsRtlGetNextMcbEntry (
3277 OUT PULONG SectorCount
3280 #define FsRtlGetPerStreamContextPointer(FO) ( \
3281 (PFSRTL_ADVANCED_FCB_HEADER)(FO)->FsContext \
3287 FsRtlInitializeBaseMcb (
3289 IN POOL_TYPE PoolType
3295 FsRtlInitializeFileLock (
3296 IN PFILE_LOCK FileLock
,
3297 IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL
,
3298 IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL
3304 FsRtlInitializeLargeMcb (
3306 IN POOL_TYPE PoolType
3312 FsRtlInitializeMcb (
3314 IN POOL_TYPE PoolType
3320 FsRtlInitializeOplock (
3321 IN OUT POPLOCK Oplock
3327 FsRtlInitializeTunnelCache (
3331 #define FsRtlInitPerStreamContext(PSC, O, I, FC) ( \
3332 (PSC)->OwnerId = (O), \
3333 (PSC)->InstanceId = (I), \
3334 (PSC)->FreeCallback = (FC) \
3340 FsRtlInsertPerStreamContext (
3341 IN PFSRTL_ADVANCED_FCB_HEADER PerStreamContext
,
3342 IN PFSRTL_PER_STREAM_CONTEXT Ptr
3345 #define FsRtlIsAnsiCharacterLegalFat(C, WILD) ( \
3346 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_FAT_LEGAL) | \
3347 ((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \
3350 #define FsRtlIsAnsiCharacterLegalHpfs(C, WILD) ( \
3351 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_HPFS_LEGAL) | \
3352 ((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \
3355 #define FsRtlIsAnsiCharacterLegalNtfs(C, WILD) ( \
3356 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_NTFS_LEGAL) | \
3357 ((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \
3360 #define FsRtlIsAnsiCharacterWild(C) ( \
3361 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], FSRTL_WILD_CHARACTER ) \
3367 FsRtlIsFatDbcsLegal (
3368 IN ANSI_STRING DbcsName
,
3369 IN BOOLEAN WildCardsPermissible
,
3370 IN BOOLEAN PathNamePermissible
,
3371 IN BOOLEAN LeadingBackslashPermissible
3377 FsRtlIsHpfsDbcsLegal (
3378 IN ANSI_STRING DbcsName
,
3379 IN BOOLEAN WildCardsPermissible
,
3380 IN BOOLEAN PathNamePermissible
,
3381 IN BOOLEAN LeadingBackslashPermissible
3387 FsRtlIsNameInExpression (
3388 IN PUNICODE_STRING Expression
,
3389 IN PUNICODE_STRING Name
,
3390 IN BOOLEAN IgnoreCase
,
3391 IN PWCHAR UpcaseTable OPTIONAL
3397 FsRtlIsNtstatusExpected (
3398 IN NTSTATUS Ntstatus
3401 #define NLS_OEM_LEAD_BYTE_INFO NlsOemLeadByteInfo
3403 extern PUSHORT NlsOemLeadByteInfo
;
3405 #define FsRtlIsLeadDbcsCharacter(DBCS_CHAR) ( \
3406 (BOOLEAN)((UCHAR)(DBCS_CHAR) < 0x80 ? FALSE : \
3407 (NLS_MB_CODE_PAGE_TAG && \
3408 (NLS_OEM_LEAD_BYTE_INFO[(UCHAR)(DBCS_CHAR)] != 0))) \
3411 #define FsRtlIsUnicodeCharacterWild(C) ( \
3414 FlagOn(FsRtlLegalAnsiCharacterArray[(C)], FSRTL_WILD_CHARACTER )) \
3420 FsRtlLookupBaseMcbEntry (
3423 OUT PLONGLONG Lbn OPTIONAL
,
3424 OUT PLONGLONG SectorCountFromLbn OPTIONAL
,
3425 OUT PLONGLONG StartingLbn OPTIONAL
,
3426 OUT PLONGLONG SectorCountFromStartingLbn OPTIONAL
,
3427 OUT PULONG Index OPTIONAL
3433 FsRtlLookupLargeMcbEntry (
3436 OUT PLONGLONG Lbn OPTIONAL
,
3437 OUT PLONGLONG SectorCountFromLbn OPTIONAL
,
3438 OUT PLONGLONG StartingLbn OPTIONAL
,
3439 OUT PLONGLONG SectorCountFromStartingLbn OPTIONAL
,
3440 OUT PULONG Index OPTIONAL
3446 FsRtlLookupLastBaseMcbEntry (
3455 FsRtlLookupLastLargeMcbEntry (
3464 FsRtlLookupLastMcbEntry (
3473 FsRtlLookupLastBaseMcbEntryAndIndex (
3474 IN PBASE_MCB OpaqueMcb
,
3475 IN OUT PLONGLONG LargeVbn
,
3476 IN OUT PLONGLONG LargeLbn
,
3483 FsRtlLookupLastLargeMcbEntryAndIndex (
3484 IN PLARGE_MCB OpaqueMcb
,
3485 OUT PLONGLONG LargeVbn
,
3486 OUT PLONGLONG LargeLbn
,
3493 FsRtlLookupMcbEntry (
3497 OUT PULONG SectorCount OPTIONAL
,
3502 PFSRTL_PER_STREAM_CONTEXT
3504 FsRtlLookupPerStreamContextInternal (
3505 IN PFSRTL_ADVANCED_FCB_HEADER StreamContext
,
3506 IN PVOID OwnerId OPTIONAL
,
3507 IN PVOID InstanceId OPTIONAL
3514 IN PFILE_OBJECT FileObject
,
3515 IN PLARGE_INTEGER FileOffset
,
3519 OUT PIO_STATUS_BLOCK IoStatus
,
3520 IN PDEVICE_OBJECT DeviceObject
3526 FsRtlMdlReadComplete (
3527 IN PFILE_OBJECT FileObject
,
3534 FsRtlMdlReadCompleteDev (
3535 IN PFILE_OBJECT FileObject
,
3537 IN PDEVICE_OBJECT DeviceObject
3543 FsRtlPrepareMdlWriteDev (
3544 IN PFILE_OBJECT FileObject
,
3545 IN PLARGE_INTEGER FileOffset
,
3549 OUT PIO_STATUS_BLOCK IoStatus
,
3550 IN PDEVICE_OBJECT DeviceObject
3556 FsRtlMdlWriteComplete (
3557 IN PFILE_OBJECT FileObject
,
3558 IN PLARGE_INTEGER FileOffset
,
3565 FsRtlMdlWriteCompleteDev (
3566 IN PFILE_OBJECT FileObject
,
3567 IN PLARGE_INTEGER FileOffset
,
3569 IN PDEVICE_OBJECT DeviceObject
3575 FsRtlNormalizeNtstatus (
3576 IN NTSTATUS Exception
,
3577 IN NTSTATUS GenericException
3583 FsRtlNotifyChangeDirectory (
3584 IN PNOTIFY_SYNC NotifySync
,
3586 IN PSTRING FullDirectoryName
,
3587 IN PLIST_ENTRY NotifyList
,
3588 IN BOOLEAN WatchTree
,
3589 IN ULONG CompletionFilter
,
3596 FsRtlNotifyCleanup (
3597 IN PNOTIFY_SYNC NotifySync
,
3598 IN PLIST_ENTRY NotifyList
,
3602 typedef BOOLEAN (NTAPI
*PCHECK_FOR_TRAVERSE_ACCESS
) (
3603 IN PVOID NotifyContext
,
3604 IN PVOID TargetContext
,
3605 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
3611 FsRtlNotifyFilterChangeDirectory (
3612 IN PNOTIFY_SYNC NotifySync
,
3613 IN PLIST_ENTRY NotifyList
,
3615 IN PSTRING FullDirectoryName
,
3616 IN BOOLEAN WatchTree
,
3617 IN BOOLEAN IgnoreBuffer
,
3618 IN ULONG CompletionFilter
,
3620 IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL
,
3621 IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL
,
3622 IN PFILTER_REPORT_CHANGE FilterCallback OPTIONAL
);
3627 FsRtlNotifyFilterReportChange (
3628 IN PNOTIFY_SYNC NotifySync
,
3629 IN PLIST_ENTRY NotifyList
,
3630 IN PSTRING FullTargetName
,
3631 IN USHORT TargetNameOffset
,
3632 IN PSTRING StreamName OPTIONAL
,
3633 IN PSTRING NormalizedParentName OPTIONAL
,
3634 IN ULONG FilterMatch
,
3636 IN PVOID TargetContext
,
3637 IN PVOID FilterContext
);
3642 FsRtlNotifyFullChangeDirectory (
3643 IN PNOTIFY_SYNC NotifySync
,
3644 IN PLIST_ENTRY NotifyList
,
3646 IN PSTRING FullDirectoryName
,
3647 IN BOOLEAN WatchTree
,
3648 IN BOOLEAN IgnoreBuffer
,
3649 IN ULONG CompletionFilter
,
3651 IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL
,
3652 IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL
3658 FsRtlNotifyFullReportChange (
3659 IN PNOTIFY_SYNC NotifySync
,
3660 IN PLIST_ENTRY NotifyList
,
3661 IN PSTRING FullTargetName
,
3662 IN USHORT TargetNameOffset
,
3663 IN PSTRING StreamName OPTIONAL
,
3664 IN PSTRING NormalizedParentName OPTIONAL
,
3665 IN ULONG FilterMatch
,
3667 IN PVOID TargetContext
3673 FsRtlNotifyInitializeSync (
3674 IN PNOTIFY_SYNC
*NotifySync
3680 FsRtlNotifyUninitializeSync (
3681 IN PNOTIFY_SYNC
*NotifySync
3684 #if (VER_PRODUCTBUILD >= 2195)
3689 FsRtlNotifyVolumeEvent (
3690 IN PFILE_OBJECT FileObject
,
3694 #endif /* (VER_PRODUCTBUILD >= 2195) */
3699 FsRtlNumberOfRunsInBaseMcb (
3706 FsRtlNumberOfRunsInLargeMcb (
3713 FsRtlNumberOfRunsInMcb (
3729 FsRtlOplockIsFastIoPossible (
3734 (NTAPI
*PFSRTL_STACK_OVERFLOW_ROUTINE
) (
3742 FsRtlPostPagingFileStackOverflow (
3745 IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine
3751 FsRtlPostStackOverflow (
3754 IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine
3760 ret: IoStatus->Status: STATUS_PENDING, STATUS_LOCK_NOT_GRANTED
3763 -Calls IoCompleteRequest if Irp
3764 -Uses exception handling / ExRaiseStatus with STATUS_INSUFFICIENT_RESOURCES
3770 IN PFILE_LOCK FileLock
,
3771 IN PFILE_OBJECT FileObject
,
3772 IN PLARGE_INTEGER FileOffset
,
3773 IN PLARGE_INTEGER Length
,
3774 IN PEPROCESS Process
,
3776 IN BOOLEAN FailImmediately
,
3777 IN BOOLEAN ExclusiveLock
,
3778 OUT PIO_STATUS_BLOCK IoStatus
,
3779 IN PIRP Irp OPTIONAL
,
3781 IN BOOLEAN AlreadySynchronized
3785 FsRtlProcessFileLock:
3788 -STATUS_INVALID_DEVICE_REQUEST
3789 -STATUS_RANGE_NOT_LOCKED from unlock routines.
3790 -STATUS_PENDING, STATUS_LOCK_NOT_GRANTED from FsRtlPrivateLock
3791 (redirected IoStatus->Status).
3794 -switch ( Irp->CurrentStackLocation->MinorFunction )
3795 lock: return FsRtlPrivateLock;
3796 unlocksingle: return FsRtlFastUnlockSingle;
3797 unlockall: return FsRtlFastUnlockAll;
3798 unlockallbykey: return FsRtlFastUnlockAllByKey;
3799 default: IofCompleteRequest with STATUS_INVALID_DEVICE_REQUEST;
3800 return STATUS_INVALID_DEVICE_REQUEST;
3802 -'AllwaysZero' is passed thru as 'AllwaysZero' to lock / unlock routines.
3803 -'Irp' is passet thru as 'Irp' to FsRtlPrivateLock.
3808 FsRtlProcessFileLock (
3809 IN PFILE_LOCK FileLock
,
3811 IN PVOID Context OPTIONAL
3817 FsRtlRegisterUncProvider (
3818 IN OUT PHANDLE MupHandle
,
3819 IN PUNICODE_STRING RedirectorDeviceName
,
3820 IN BOOLEAN MailslotsSupported
3826 FsRtlRemoveBaseMcbEntry (
3829 IN LONGLONG SectorCount
3835 FsRtlRemoveLargeMcbEntry (
3838 IN LONGLONG SectorCount
3844 FsRtlRemoveMcbEntry (
3847 IN ULONG SectorCount
3851 PFSRTL_PER_STREAM_CONTEXT
3853 FsRtlRemovePerStreamContext (
3854 IN PFSRTL_ADVANCED_FCB_HEADER StreamContext
,
3855 IN PVOID OwnerId OPTIONAL
,
3856 IN PVOID InstanceId OPTIONAL
3869 FsRtlResetLargeMcb (
3871 IN BOOLEAN SelfSynchronized
3886 FsRtlSplitLargeMcb (
3892 #define FsRtlSupportsPerStreamContexts(FO) ( \
3893 (BOOLEAN)((NULL != FsRtlGetPerStreamContextPointer(FO) && \
3894 FlagOn(FsRtlGetPerStreamContextPointer(FO)->Flags2, \
3895 FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS)) \
3901 FsRtlTruncateBaseMcb (
3909 FsRtlTruncateLargeMcb (
3925 FsRtlUninitializeBaseMcb (
3932 FsRtlUninitializeFileLock (
3933 IN PFILE_LOCK FileLock
3939 FsRtlUninitializeLargeMcb (
3946 FsRtlUninitializeMcb (
3953 FsRtlUninitializeOplock (
3954 IN OUT POPLOCK Oplock
3960 KeSetIdealProcessorThread(
3961 IN OUT PKTHREAD Thread
,
3968 IoAttachDeviceToDeviceStackSafe(
3969 IN PDEVICE_OBJECT SourceDevice
,
3970 IN PDEVICE_OBJECT TargetDevice
,
3971 OUT PDEVICE_OBJECT
*AttachedToDeviceObject
3977 IoAcquireVpbSpinLock (
3984 IoCheckDesiredAccess (
3985 IN OUT PACCESS_MASK DesiredAccess
,
3986 IN ACCESS_MASK GrantedAccess
3992 IoCheckEaBufferValidity (
3993 IN PFILE_FULL_EA_INFORMATION EaBuffer
,
3995 OUT PULONG ErrorOffset
4001 IoCheckFunctionAccess (
4002 IN ACCESS_MASK GrantedAccess
,
4003 IN UCHAR MajorFunction
,
4004 IN UCHAR MinorFunction
,
4005 IN ULONG IoControlCode
,
4006 IN PVOID Argument1 OPTIONAL
,
4007 IN PVOID Argument2 OPTIONAL
4010 #if (VER_PRODUCTBUILD >= 2195)
4015 IoCheckQuotaBufferValidity (
4016 IN PFILE_QUOTA_INFORMATION QuotaBuffer
,
4017 IN ULONG QuotaLength
,
4018 OUT PULONG ErrorOffset
4021 #endif /* (VER_PRODUCTBUILD >= 2195) */
4026 IoCreateStreamFileObject (
4027 IN PFILE_OBJECT FileObject OPTIONAL
,
4028 IN PDEVICE_OBJECT DeviceObject OPTIONAL
4031 #if (VER_PRODUCTBUILD >= 2195)
4036 IoCreateStreamFileObjectLite (
4037 IN PFILE_OBJECT FileObject OPTIONAL
,
4038 IN PDEVICE_OBJECT DeviceObject OPTIONAL
4041 #endif /* (VER_PRODUCTBUILD >= 2195) */
4046 IoFastQueryNetworkAttributes (
4047 IN POBJECT_ATTRIBUTES ObjectAttributes
,
4048 IN ACCESS_MASK DesiredAccess
,
4049 IN ULONG OpenOptions
,
4050 OUT PIO_STATUS_BLOCK IoStatus
,
4051 OUT PFILE_NETWORK_OPEN_INFORMATION Buffer
4057 IoGetAttachedDevice (
4058 IN PDEVICE_OBJECT DeviceObject
4064 IoGetBaseFileSystemDeviceObject (
4065 IN PFILE_OBJECT FileObject
4068 #if (VER_PRODUCTBUILD >= 2600)
4073 IoGetDeviceAttachmentBaseRef (
4074 IN PDEVICE_OBJECT DeviceObject
4080 IoGetDiskDeviceObject (
4081 IN PDEVICE_OBJECT FileSystemDeviceObject
,
4082 OUT PDEVICE_OBJECT
*DiskDeviceObject
4088 IoGetLowerDeviceObject (
4089 IN PDEVICE_OBJECT DeviceObject
4092 #endif /* (VER_PRODUCTBUILD >= 2600) */
4097 IoGetRequestorProcess (
4101 #if (VER_PRODUCTBUILD >= 2195)
4106 IoGetRequestorProcessId (
4110 #endif /* (VER_PRODUCTBUILD >= 2195) */
4119 #define IoIsFileOpenedExclusively(FileObject) ( \
4121 (FileObject)->SharedRead || \
4122 (FileObject)->SharedWrite || \
4123 (FileObject)->SharedDelete \
4130 IoIsOperationSynchronous (
4141 #if (VER_PRODUCTBUILD >= 2195)
4146 IoIsValidNameGraftingBuffer (
4148 IN PREPARSE_DATA_BUFFER ReparseBuffer
4151 #endif /* (VER_PRODUCTBUILD >= 2195) */
4157 IN PFILE_OBJECT FileObject
,
4159 IN PLARGE_INTEGER Offset
,
4161 OUT PIO_STATUS_BLOCK IoStatusBlock
4167 IoQueryFileInformation (
4168 IN PFILE_OBJECT FileObject
,
4169 IN FILE_INFORMATION_CLASS FileInformationClass
,
4171 OUT PVOID FileInformation
,
4172 OUT PULONG ReturnedLength
4178 IoQueryVolumeInformation (
4179 IN PFILE_OBJECT FileObject
,
4180 IN FS_INFORMATION_CLASS FsInformationClass
,
4182 OUT PVOID FsInformation
,
4183 OUT PULONG ReturnedLength
4196 IoRegisterFileSystem (
4197 IN OUT PDEVICE_OBJECT DeviceObject
4200 #if (VER_PRODUCTBUILD >= 1381)
4202 typedef VOID (NTAPI
*PDRIVER_FS_NOTIFICATION
) (
4203 IN PDEVICE_OBJECT DeviceObject
,
4204 IN BOOLEAN DriverActive
4210 IoRegisterFsRegistrationChange (
4211 IN PDRIVER_OBJECT DriverObject
,
4212 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
4215 #endif /* (VER_PRODUCTBUILD >= 1381) */
4220 IoReleaseVpbSpinLock (
4227 IoSetDeviceToVerify (
4229 IN PDEVICE_OBJECT DeviceObject
4236 IN PFILE_OBJECT FileObject
,
4237 IN FILE_INFORMATION_CLASS FileInformationClass
,
4239 IN PVOID FileInformation
4252 IoSynchronousPageWrite (
4253 IN PFILE_OBJECT FileObject
,
4255 IN PLARGE_INTEGER FileOffset
,
4257 OUT PIO_STATUS_BLOCK IoStatusBlock
4270 IoUnregisterFileSystem (
4271 IN OUT PDEVICE_OBJECT DeviceObject
4274 #if (VER_PRODUCTBUILD >= 1381)
4279 IoUnregisterFsRegistrationChange (
4280 IN PDRIVER_OBJECT DriverObject
,
4281 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
4284 #endif /* (VER_PRODUCTBUILD >= 1381) */
4290 IN PDEVICE_OBJECT DeviceObject
,
4291 IN BOOLEAN AllowRawMount
4294 #if !defined (_M_AMD64)
4299 KeAcquireQueuedSpinLock (
4300 IN KSPIN_LOCK_QUEUE_NUMBER Number
4306 KeReleaseQueuedSpinLock (
4307 IN KSPIN_LOCK_QUEUE_NUMBER Number
,
4314 KeAcquireSpinLockRaiseToSynch(
4315 IN OUT PKSPIN_LOCK SpinLock
4321 KeTryToAcquireQueuedSpinLock(
4322 KSPIN_LOCK_QUEUE_NUMBER Number
,
4330 KeAcquireQueuedSpinLock (
4331 IN KSPIN_LOCK_QUEUE_NUMBER Number
4337 KeReleaseQueuedSpinLock (
4338 IN KSPIN_LOCK_QUEUE_NUMBER Number
,
4344 KeAcquireSpinLockRaiseToSynch(
4345 IN OUT PKSPIN_LOCK SpinLock
4350 KeTryToAcquireQueuedSpinLock(
4351 KSPIN_LOCK_QUEUE_NUMBER Number
,
4360 IN PKPROCESS Process
4375 IN ULONG Count OPTIONAL
4383 IN PLIST_ENTRY Entry
4391 IN PLIST_ENTRY Entry
4406 IN KPROCESSOR_MODE WaitMode
,
4407 IN PLARGE_INTEGER Timeout OPTIONAL
4420 KeInitializeMutant (
4421 IN PRKMUTANT Mutant
,
4422 IN BOOLEAN InitialOwner
4436 IN PRKMUTANT Mutant
,
4437 IN KPRIORITY Increment
,
4438 IN BOOLEAN Abandoned
,
4442 #if (VER_PRODUCTBUILD >= 2195)
4447 KeStackAttachProcess (
4448 IN PKPROCESS Process
,
4449 OUT PKAPC_STATE ApcState
4455 KeUnstackDetachProcess (
4456 IN PKAPC_STATE ApcState
4459 #endif /* (VER_PRODUCTBUILD >= 2195) */
4464 KeSetKernelStackSwapEnable(
4471 MmCanFileBeTruncated (
4472 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
4473 IN PLARGE_INTEGER NewFileSize
4479 MmFlushImageSection (
4480 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
4481 IN MMFLUSH_TYPE FlushType
4487 MmForceSectionClosed (
4488 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
4489 IN BOOLEAN DelayClose
4492 #if (VER_PRODUCTBUILD >= 1381)
4497 MmIsRecursiveIoFault (
4503 #define MmIsRecursiveIoFault() ( \
4504 (PsGetCurrentThread()->DisablePageFaultClustering) | \
4505 (PsGetCurrentThread()->ForwardClusterOnly) \
4514 MmSetAddressRangeModified (
4523 IN KPROCESSOR_MODE ObjectAttributesAccessMode OPTIONAL
,
4524 IN POBJECT_TYPE ObjectType
,
4525 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
4526 IN KPROCESSOR_MODE AccessMode
,
4527 IN OUT PVOID ParseContext OPTIONAL
,
4528 IN ULONG ObjectSize
,
4529 IN ULONG PagedPoolCharge OPTIONAL
,
4530 IN ULONG NonPagedPoolCharge OPTIONAL
,
4537 ObGetObjectPointerCount (
4546 IN PACCESS_STATE PassedAccessState OPTIONAL
,
4547 IN ACCESS_MASK DesiredAccess
,
4548 IN ULONG AdditionalReferences
,
4549 OUT PVOID
*ReferencedObject OPTIONAL
,
4556 ObMakeTemporaryObject (
4563 ObOpenObjectByPointer (
4565 IN ULONG HandleAttributes
,
4566 IN PACCESS_STATE PassedAccessState OPTIONAL
,
4567 IN ACCESS_MASK DesiredAccess OPTIONAL
,
4568 IN POBJECT_TYPE ObjectType OPTIONAL
,
4569 IN KPROCESSOR_MODE AccessMode
,
4578 OUT POBJECT_NAME_INFORMATION ObjectNameInfo
,
4580 OUT PULONG ReturnLength
4586 ObQueryObjectAuditingByHandle (
4588 OUT PBOOLEAN GenerateOnClose
4594 ObReferenceObjectByName (
4595 IN PUNICODE_STRING ObjectName
,
4596 IN ULONG Attributes
,
4597 IN PACCESS_STATE PassedAccessState OPTIONAL
,
4598 IN ACCESS_MASK DesiredAccess OPTIONAL
,
4599 IN POBJECT_TYPE ObjectType
,
4600 IN KPROCESSOR_MODE AccessMode
,
4601 IN OUT PVOID ParseContext OPTIONAL
,
4608 PsAssignImpersonationToken (
4617 IN PEPROCESS Process
,
4618 IN POOL_TYPE PoolType
,
4625 PsChargeProcessPoolQuota (
4626 IN PEPROCESS Process
,
4627 IN POOL_TYPE PoolType
,
4631 #define PsDereferenceImpersonationToken(T) \
4632 {if (ARGUMENT_PRESENT(T)) { \
4633 (ObDereferenceObject((T))); \
4639 #define PsDereferencePrimaryToken(T) (ObDereferenceObject((T)))
4644 PsDisableImpersonation(
4646 IN PSE_IMPERSONATION_STATE ImpersonationState
4652 PsGetProcessExitTime (
4659 PsImpersonateClient(
4661 IN PACCESS_TOKEN Token
,
4662 IN BOOLEAN CopyOnOpen
,
4663 IN BOOLEAN EffectiveOnly
,
4664 IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
4677 PsIsThreadTerminating (
4684 PsLookupProcessByProcessId (
4685 IN HANDLE ProcessId
,
4686 OUT PEPROCESS
*Process
4692 PsLookupProcessThreadByCid (
4694 OUT PEPROCESS
*Process OPTIONAL
,
4695 OUT PETHREAD
*Thread
4701 PsLookupThreadByThreadId (
4702 IN HANDLE UniqueThreadId
,
4703 OUT PETHREAD
*Thread
4709 PsReferenceImpersonationToken (
4711 OUT PBOOLEAN CopyOnUse
,
4712 OUT PBOOLEAN EffectiveOnly
,
4713 OUT PSECURITY_IMPERSONATION_LEVEL Level
4719 PsReferencePrimaryToken (
4720 IN PEPROCESS Process
4726 PsRestoreImpersonation(
4728 IN PSE_IMPERSONATION_STATE ImpersonationState
4735 IN PEPROCESS Process
,
4736 IN POOL_TYPE PoolType
,
4750 RtlAbsoluteToSelfRelativeSD (
4751 IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor
,
4752 IN OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor
,
4753 IN PULONG BufferLength
4760 IN HANDLE HeapHandle
,
4768 RtlAppendStringToString(
4769 PSTRING Destination
,
4770 const STRING
*Source
4776 RtlCaptureStackBackTrace (
4777 IN ULONG FramesToSkip
,
4778 IN ULONG FramesToCapture
,
4779 OUT PVOID
*BackTrace
,
4780 OUT PULONG BackTraceHash OPTIONAL
4786 RtlCompareMemoryUlong (
4796 IN USHORT CompressionFormatAndEngine
,
4797 IN PUCHAR UncompressedBuffer
,
4798 IN ULONG UncompressedBufferSize
,
4799 OUT PUCHAR CompressedBuffer
,
4800 IN ULONG CompressedBufferSize
,
4801 IN ULONG UncompressedChunkSize
,
4802 OUT PULONG FinalCompressedSize
,
4810 IN PUCHAR UncompressedBuffer
,
4811 IN ULONG UncompressedBufferSize
,
4812 OUT PUCHAR CompressedBuffer
,
4813 IN ULONG CompressedBufferSize
,
4814 IN OUT PCOMPRESSED_DATA_INFO CompressedDataInfo
,
4815 IN ULONG CompressedDataInfoLength
,
4822 RtlConvertSidToUnicodeString (
4823 OUT PUNICODE_STRING DestinationString
,
4825 IN BOOLEAN AllocateDestinationString
4833 IN PSID Destination
,
4840 RtlCreateUnicodeString(
4841 PUNICODE_STRING DestinationString
,
4848 RtlDecompressBuffer (
4849 IN USHORT CompressionFormat
,
4850 OUT PUCHAR UncompressedBuffer
,
4851 IN ULONG UncompressedBufferSize
,
4852 IN PUCHAR CompressedBuffer
,
4853 IN ULONG CompressedBufferSize
,
4854 OUT PULONG FinalUncompressedSize
4860 RtlDecompressChunks (
4861 OUT PUCHAR UncompressedBuffer
,
4862 IN ULONG UncompressedBufferSize
,
4863 IN PUCHAR CompressedBuffer
,
4864 IN ULONG CompressedBufferSize
,
4865 IN PUCHAR CompressedTail
,
4866 IN ULONG CompressedTailSize
,
4867 IN PCOMPRESSED_DATA_INFO CompressedDataInfo
4873 RtlDecompressFragment (
4874 IN USHORT CompressionFormat
,
4875 OUT PUCHAR UncompressedFragment
,
4876 IN ULONG UncompressedFragmentSize
,
4877 IN PUCHAR CompressedBuffer
,
4878 IN ULONG CompressedBufferSize
,
4879 IN ULONG FragmentOffset
,
4880 OUT PULONG FinalUncompressedSize
,
4888 IN USHORT CompressionFormat
,
4889 IN OUT PUCHAR
*CompressedBuffer
,
4890 IN PUCHAR EndOfCompressedBufferPlus1
,
4891 OUT PUCHAR
*ChunkBuffer
,
4892 OUT PULONG ChunkSize
4898 RtlDowncaseUnicodeString(
4899 IN OUT PUNICODE_STRING UniDest
,
4900 IN PCUNICODE_STRING UniSource
,
4901 IN BOOLEAN AllocateDestinationString
4907 RtlDuplicateUnicodeString(
4909 IN PCUNICODE_STRING SourceString
,
4910 OUT PUNICODE_STRING DestinationString
4924 RtlFillMemoryUlong (
4925 IN PVOID Destination
,
4934 IN HANDLE HeapHandle
,
4943 IN POEM_STRING OemString
4949 RtlGenerate8dot3Name (
4950 IN PUNICODE_STRING Name
,
4951 IN BOOLEAN AllowExtendedCharacters
,
4952 IN OUT PGENERATE_NAME_CONTEXT Context
,
4953 OUT PUNICODE_STRING Name8dot3
4959 RtlGetCompressionWorkSpaceSize (
4960 IN USHORT CompressionFormatAndEngine
,
4961 OUT PULONG CompressBufferWorkSpaceSize
,
4962 OUT PULONG CompressFragmentWorkSpaceSize
4968 RtlGetDaclSecurityDescriptor (
4969 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
4970 OUT PBOOLEAN DaclPresent
,
4972 OUT PBOOLEAN DaclDefaulted
4978 RtlGetGroupSecurityDescriptor (
4979 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
4981 OUT PBOOLEAN GroupDefaulted
4987 RtlGetOwnerSecurityDescriptor (
4988 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
4990 OUT PBOOLEAN OwnerDefaulted
4998 IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority
,
4999 IN UCHAR SubAuthorityCount
5005 RtlIsNameLegalDOS8Dot3(
5006 IN PCUNICODE_STRING Name
,
5007 IN OUT POEM_STRING OemName OPTIONAL
,
5008 IN OUT PBOOLEAN NameContainsSpaces OPTIONAL
5014 RtlLengthRequiredSid (
5015 IN ULONG SubAuthorityCount
5028 RtlNtStatusToDosError (
5035 RtlxUnicodeStringToOemSize(
5036 PCUNICODE_STRING UnicodeString
5042 RtlxOemStringToUnicodeSize(
5043 PCOEM_STRING OemString
5046 #define RtlOemStringToUnicodeSize(STRING) ( \
5047 NLS_MB_OEM_CODE_PAGE_TAG ? \
5048 RtlxOemStringToUnicodeSize(STRING) : \
5049 ((STRING)->Length + sizeof(ANSI_NULL)) * sizeof(WCHAR) \
5052 #define RtlOemStringToCountedUnicodeSize(STRING) ( \
5053 (ULONG)(RtlOemStringToUnicodeSize(STRING) - sizeof(UNICODE_NULL)) \
5060 RtlOemStringToUnicodeString(
5061 IN OUT PUNICODE_STRING DestinationString
,
5062 IN PCOEM_STRING SourceString
,
5063 IN BOOLEAN AllocateDestinationString
5069 RtlUnicodeStringToOemString(
5070 IN OUT POEM_STRING DestinationString
,
5071 IN PCUNICODE_STRING SourceString
,
5072 IN BOOLEAN AllocateDestinationString
5078 RtlOemStringToCountedUnicodeString(
5079 IN OUT PUNICODE_STRING DestinationString
,
5080 IN PCOEM_STRING SourceString
,
5081 IN BOOLEAN AllocateDestinationString
5087 RtlUnicodeStringToCountedOemString(
5088 IN OUT POEM_STRING DestinationString
,
5089 IN PCUNICODE_STRING SourceString
,
5090 IN BOOLEAN AllocateDestinationString
5097 IN USHORT CompressionFormat
,
5098 IN OUT PUCHAR
*CompressedBuffer
,
5099 IN PUCHAR EndOfCompressedBufferPlus1
,
5100 OUT PUCHAR
*ChunkBuffer
,
5107 RtlSecondsSince1970ToTime (
5108 IN ULONG SecondsSince1970
,
5109 OUT PLARGE_INTEGER Time
5115 RtlSetGroupSecurityDescriptor (
5116 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
5118 IN BOOLEAN GroupDefaulted
5124 RtlSetOwnerSecurityDescriptor (
5125 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
5127 IN BOOLEAN OwnerDefaulted
5133 RtlSetSaclSecurityDescriptor (
5134 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
5135 IN BOOLEAN SaclPresent
,
5137 IN BOOLEAN SaclDefaulted
5143 RtlSubAuthorityCountSid (
5150 RtlSubAuthoritySid (
5152 IN ULONG SubAuthority
5158 RtlUnicodeStringToCountedOemString (
5159 IN OUT POEM_STRING DestinationString
,
5160 IN PCUNICODE_STRING SourceString
,
5161 IN BOOLEAN AllocateDestinationString
5167 RtlUnicodeToMultiByteN(
5168 OUT PCHAR MultiByteString
,
5169 IN ULONG MaxBytesInMultiByteString
,
5170 OUT PULONG BytesInMultiByteString OPTIONAL
,
5171 IN PWCH UnicodeString
,
5172 IN ULONG BytesInUnicodeString
5179 OUT PWSTR UnicodeString
,
5180 IN ULONG MaxBytesInUnicodeString
,
5181 OUT PULONG BytesInUnicodeString OPTIONAL
,
5183 IN ULONG BytesInOemString
5186 /* RTL Splay Tree Functions */
5190 RtlSplay(PRTL_SPLAY_LINKS Links
);
5195 RtlDelete(PRTL_SPLAY_LINKS Links
);
5201 PRTL_SPLAY_LINKS Links
,
5202 PRTL_SPLAY_LINKS
*Root
5208 RtlSubtreeSuccessor(PRTL_SPLAY_LINKS Links
);
5213 RtlSubtreePredecessor(PRTL_SPLAY_LINKS Links
);
5218 RtlRealSuccessor(PRTL_SPLAY_LINKS Links
);
5223 RtlRealPredecessor(PRTL_SPLAY_LINKS Links
);
5225 #define RtlIsLeftChild(Links) \
5226 (RtlLeftChild(RtlParent(Links)) == (PRTL_SPLAY_LINKS)(Links))
5228 #define RtlIsRightChild(Links) \
5229 (RtlRightChild(RtlParent(Links)) == (PRTL_SPLAY_LINKS)(Links))
5231 #define RtlRightChild(Links) \
5232 ((PRTL_SPLAY_LINKS)(Links))->RightChild
5234 #define RtlIsRoot(Links) \
5235 (RtlParent(Links) == (PRTL_SPLAY_LINKS)(Links))
5237 #define RtlLeftChild(Links) \
5238 ((PRTL_SPLAY_LINKS)(Links))->LeftChild
5240 #define RtlParent(Links) \
5241 ((PRTL_SPLAY_LINKS)(Links))->Parent
5243 #define RtlInitializeSplayLinks(Links) \
5245 PRTL_SPLAY_LINKS _SplayLinks; \
5246 _SplayLinks = (PRTL_SPLAY_LINKS)(Links); \
5247 _SplayLinks->Parent = _SplayLinks; \
5248 _SplayLinks->LeftChild = NULL; \
5249 _SplayLinks->RightChild = NULL; \
5252 #define RtlInsertAsLeftChild(ParentLinks,ChildLinks) \
5254 PRTL_SPLAY_LINKS _SplayParent; \
5255 PRTL_SPLAY_LINKS _SplayChild; \
5256 _SplayParent = (PRTL_SPLAY_LINKS)(ParentLinks); \
5257 _SplayChild = (PRTL_SPLAY_LINKS)(ChildLinks); \
5258 _SplayParent->LeftChild = _SplayChild; \
5259 _SplayChild->Parent = _SplayParent; \
5262 #define RtlInsertAsRightChild(ParentLinks,ChildLinks) \
5264 PRTL_SPLAY_LINKS _SplayParent; \
5265 PRTL_SPLAY_LINKS _SplayChild; \
5266 _SplayParent = (PRTL_SPLAY_LINKS)(ParentLinks); \
5267 _SplayChild = (PRTL_SPLAY_LINKS)(ChildLinks); \
5268 _SplayParent->RightChild = _SplayChild; \
5269 _SplayChild->Parent = _SplayParent; \
5280 // RTL time functions
5286 RtlTimeToSecondsSince1980 (
5287 PLARGE_INTEGER Time
,
5288 PULONG ElapsedSeconds
5294 RtlSecondsSince1980ToTime (
5295 ULONG ElapsedSeconds
,
5302 RtlTimeToSecondsSince1970 (
5303 PLARGE_INTEGER Time
,
5304 PULONG ElapsedSeconds
5310 RtlSecondsSince1970ToTime (
5311 ULONG ElapsedSeconds
,
5318 SeAppendPrivileges (
5319 PACCESS_STATE AccessState
,
5320 PPRIVILEGE_SET Privileges
5326 SeAuditingFileEvents (
5327 IN BOOLEAN AccessGranted
,
5328 IN PSECURITY_DESCRIPTOR SecurityDescriptor
5334 SeAuditingFileOrGlobalEvents (
5335 IN BOOLEAN AccessGranted
,
5336 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5337 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
5343 SeCaptureSubjectContext (
5344 OUT PSECURITY_SUBJECT_CONTEXT SubjectContext
5350 SeCreateClientSecurity (
5352 IN PSECURITY_QUALITY_OF_SERVICE QualityOfService
,
5353 IN BOOLEAN RemoteClient
,
5354 OUT PSECURITY_CLIENT_CONTEXT ClientContext
5357 #if (VER_PRODUCTBUILD >= 2195)
5362 SeCreateClientSecurityFromSubjectContext (
5363 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
,
5364 IN PSECURITY_QUALITY_OF_SERVICE QualityOfService
,
5365 IN BOOLEAN ServerIsRemote
,
5366 OUT PSECURITY_CLIENT_CONTEXT ClientContext
5369 #endif /* (VER_PRODUCTBUILD >= 2195) */
5372 #define SeLengthSid( Sid ) \
5373 (8 + (4 * ((SID *)Sid)->SubAuthorityCount))
5375 #define SeDeleteClientSecurity(C) { \
5376 if (SeTokenType((C)->ClientToken) == TokenPrimary) { \
5377 PsDereferencePrimaryToken( (C)->ClientToken ); \
5379 PsDereferenceImpersonationToken( (C)->ClientToken ); \
5386 SeDeleteObjectAuditAlarm (
5391 #define SeEnableAccessToExports() SeExports = *(PSE_EXPORTS *)SeExports;
5397 IN PPRIVILEGE_SET Privileges
5403 SeImpersonateClient (
5404 IN PSECURITY_CLIENT_CONTEXT ClientContext
,
5405 IN PETHREAD ServerThread OPTIONAL
5408 #if (VER_PRODUCTBUILD >= 2195)
5413 SeImpersonateClientEx (
5414 IN PSECURITY_CLIENT_CONTEXT ClientContext
,
5415 IN PETHREAD ServerThread OPTIONAL
5418 #endif /* (VER_PRODUCTBUILD >= 2195) */
5423 SeLockSubjectContext (
5424 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
5430 SeMarkLogonSessionForTerminationNotification (
5437 SeOpenObjectAuditAlarm (
5438 IN PUNICODE_STRING ObjectTypeName
,
5439 IN PVOID Object OPTIONAL
,
5440 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL
,
5441 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5442 IN PACCESS_STATE AccessState
,
5443 IN BOOLEAN ObjectCreated
,
5444 IN BOOLEAN AccessGranted
,
5445 IN KPROCESSOR_MODE AccessMode
,
5446 OUT PBOOLEAN GenerateOnClose
5452 SeOpenObjectForDeleteAuditAlarm (
5453 IN PUNICODE_STRING ObjectTypeName
,
5454 IN PVOID Object OPTIONAL
,
5455 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL
,
5456 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5457 IN PACCESS_STATE AccessState
,
5458 IN BOOLEAN ObjectCreated
,
5459 IN BOOLEAN AccessGranted
,
5460 IN KPROCESSOR_MODE AccessMode
,
5461 OUT PBOOLEAN GenerateOnClose
5468 IN OUT PPRIVILEGE_SET RequiredPrivileges
,
5469 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
,
5470 IN KPROCESSOR_MODE AccessMode
5476 SeQueryAuthenticationIdToken (
5477 IN PACCESS_TOKEN Token
,
5481 #if (VER_PRODUCTBUILD >= 2195)
5486 SeQueryInformationToken (
5487 IN PACCESS_TOKEN Token
,
5488 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
5489 OUT PVOID
*TokenInformation
5492 #endif /* (VER_PRODUCTBUILD >= 2195) */
5497 SeQuerySecurityDescriptorInfo (
5498 IN PSECURITY_INFORMATION SecurityInformation
,
5499 OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
5500 IN OUT PULONG Length
,
5501 IN PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
5504 #if (VER_PRODUCTBUILD >= 2195)
5509 SeQuerySessionIdToken (
5510 IN PACCESS_TOKEN Token
,
5514 #endif /* (VER_PRODUCTBUILD >= 2195) */
5516 #define SeQuerySubjectContextToken( SubjectContext ) \
5517 ( ARGUMENT_PRESENT( \
5518 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken \
5520 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken : \
5521 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->PrimaryToken )
5523 typedef NTSTATUS (NTAPI
*PSE_LOGON_SESSION_TERMINATED_ROUTINE
) (
5530 SeRegisterLogonSessionTerminatedRoutine (
5531 IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
5537 SeReleaseSubjectContext (
5538 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
5544 SeSetAccessStateGenericMapping (
5545 PACCESS_STATE AccessState
,
5546 PGENERIC_MAPPING GenericMapping
5552 SeSetSecurityDescriptorInfo (
5553 IN PVOID Object OPTIONAL
,
5554 IN PSECURITY_INFORMATION SecurityInformation
,
5555 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5556 IN OUT PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
,
5557 IN POOL_TYPE PoolType
,
5558 IN PGENERIC_MAPPING GenericMapping
5561 #if (VER_PRODUCTBUILD >= 2195)
5566 SeSetSecurityDescriptorInfoEx (
5567 IN PVOID Object OPTIONAL
,
5568 IN PSECURITY_INFORMATION SecurityInformation
,
5569 IN PSECURITY_DESCRIPTOR ModificationDescriptor
,
5570 IN OUT PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
,
5571 IN ULONG AutoInheritFlags
,
5572 IN POOL_TYPE PoolType
,
5573 IN PGENERIC_MAPPING GenericMapping
5580 IN PACCESS_TOKEN Token
5586 SeTokenIsRestricted (
5587 IN PACCESS_TOKEN Token
5593 SeLocateProcessImageName(
5594 IN PEPROCESS Process
,
5595 OUT PUNICODE_STRING
*pImageFileName
5598 #endif /* (VER_PRODUCTBUILD >= 2195) */
5604 IN PACCESS_TOKEN Token
5610 SeUnlockSubjectContext (
5611 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
5617 SeUnregisterLogonSessionTerminatedRoutine (
5618 IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
5621 #if (VER_PRODUCTBUILD >= 2195)
5626 ZwAdjustPrivilegesToken (
5627 IN HANDLE TokenHandle
,
5628 IN BOOLEAN DisableAllPrivileges
,
5629 IN PTOKEN_PRIVILEGES NewState
,
5630 IN ULONG BufferLength
,
5631 OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL
,
5632 OUT PULONG ReturnLength
5635 #endif /* (VER_PRODUCTBUILD >= 2195) */
5641 IN HANDLE ThreadHandle
5647 ZwAllocateVirtualMemory (
5648 IN HANDLE ProcessHandle
,
5649 IN OUT PVOID
*BaseAddress
,
5650 IN ULONG_PTR ZeroBits
,
5651 IN OUT PSIZE_T RegionSize
,
5652 IN ULONG AllocationType
,
5658 NtAccessCheckByTypeAndAuditAlarm(
5659 IN PUNICODE_STRING SubsystemName
,
5661 IN PUNICODE_STRING ObjectTypeName
,
5662 IN PUNICODE_STRING ObjectName
,
5663 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5664 IN PSID PrincipalSelfSid
,
5665 IN ACCESS_MASK DesiredAccess
,
5666 IN AUDIT_EVENT_TYPE AuditType
,
5668 IN POBJECT_TYPE_LIST ObjectTypeList
,
5669 IN ULONG ObjectTypeLength
,
5670 IN PGENERIC_MAPPING GenericMapping
,
5671 IN BOOLEAN ObjectCreation
,
5672 OUT PACCESS_MASK GrantedAccess
,
5673 OUT PNTSTATUS AccessStatus
,
5674 OUT PBOOLEAN GenerateOnClose
5679 NtAccessCheckByTypeResultListAndAuditAlarm(
5680 IN PUNICODE_STRING SubsystemName
,
5682 IN PUNICODE_STRING ObjectTypeName
,
5683 IN PUNICODE_STRING ObjectName
,
5684 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5685 IN PSID PrincipalSelfSid
,
5686 IN ACCESS_MASK DesiredAccess
,
5687 IN AUDIT_EVENT_TYPE AuditType
,
5689 IN POBJECT_TYPE_LIST ObjectTypeList
,
5690 IN ULONG ObjectTypeLength
,
5691 IN PGENERIC_MAPPING GenericMapping
,
5692 IN BOOLEAN ObjectCreation
,
5693 OUT PACCESS_MASK GrantedAccess
,
5694 OUT PNTSTATUS AccessStatus
,
5695 OUT PBOOLEAN GenerateOnClose
5700 NtAccessCheckByTypeResultListAndAuditAlarmByHandle(
5701 IN PUNICODE_STRING SubsystemName
,
5703 IN HANDLE ClientToken
,
5704 IN PUNICODE_STRING ObjectTypeName
,
5705 IN PUNICODE_STRING ObjectName
,
5706 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5707 IN PSID PrincipalSelfSid
,
5708 IN ACCESS_MASK DesiredAccess
,
5709 IN AUDIT_EVENT_TYPE AuditType
,
5711 IN POBJECT_TYPE_LIST ObjectTypeList
,
5712 IN ULONG ObjectTypeLength
,
5713 IN PGENERIC_MAPPING GenericMapping
,
5714 IN BOOLEAN ObjectCreation
,
5715 OUT PACCESS_MASK GrantedAccess
,
5716 OUT PNTSTATUS AccessStatus
,
5717 OUT PBOOLEAN GenerateOnClose
5723 ZwAccessCheckAndAuditAlarm (
5724 IN PUNICODE_STRING SubsystemName
,
5726 IN PUNICODE_STRING ObjectTypeName
,
5727 IN PUNICODE_STRING ObjectName
,
5728 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
5729 IN ACCESS_MASK DesiredAccess
,
5730 IN PGENERIC_MAPPING GenericMapping
,
5731 IN BOOLEAN ObjectCreation
,
5732 OUT PACCESS_MASK GrantedAccess
,
5733 OUT PBOOLEAN AccessStatus
,
5734 OUT PBOOLEAN GenerateOnClose
5737 #if (VER_PRODUCTBUILD >= 2195)
5743 IN HANDLE FileHandle
,
5744 OUT PIO_STATUS_BLOCK IoStatusBlock
5747 #endif /* (VER_PRODUCTBUILD >= 2195) */
5753 IN HANDLE EventHandle
5759 ZwCloseObjectAuditAlarm (
5760 IN PUNICODE_STRING SubsystemName
,
5762 IN BOOLEAN GenerateOnClose
5769 OUT PHANDLE SectionHandle
,
5770 IN ACCESS_MASK DesiredAccess
,
5771 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
5772 IN PLARGE_INTEGER MaximumSize OPTIONAL
,
5773 IN ULONG SectionPageProtection
,
5774 IN ULONG AllocationAttributes
,
5775 IN HANDLE FileHandle OPTIONAL
5781 ZwCreateSymbolicLinkObject (
5782 OUT PHANDLE SymbolicLinkHandle
,
5783 IN ACCESS_MASK DesiredAccess
,
5784 IN POBJECT_ATTRIBUTES ObjectAttributes
,
5785 IN PUNICODE_STRING TargetName
5792 IN POBJECT_ATTRIBUTES ObjectAttributes
5800 IN PUNICODE_STRING Name
5806 ZwDeviceIoControlFile (
5807 IN HANDLE FileHandle
,
5808 IN HANDLE Event OPTIONAL
,
5809 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
5810 IN PVOID ApcContext OPTIONAL
,
5811 OUT PIO_STATUS_BLOCK IoStatusBlock
,
5812 IN ULONG IoControlCode
,
5813 IN PVOID InputBuffer OPTIONAL
,
5814 IN ULONG InputBufferLength
,
5815 OUT PVOID OutputBuffer OPTIONAL
,
5816 IN ULONG OutputBufferLength
5823 IN PUNICODE_STRING String
5830 IN HANDLE SourceProcessHandle
,
5831 IN HANDLE SourceHandle
,
5832 IN HANDLE TargetProcessHandle OPTIONAL
,
5833 OUT PHANDLE TargetHandle OPTIONAL
,
5834 IN ACCESS_MASK DesiredAccess
,
5835 IN ULONG HandleAttributes
,
5843 IN HANDLE ExistingTokenHandle
,
5844 IN ACCESS_MASK DesiredAccess
,
5845 IN POBJECT_ATTRIBUTES ObjectAttributes
,
5846 IN BOOLEAN EffectiveOnly
,
5847 IN TOKEN_TYPE TokenType
,
5848 OUT PHANDLE NewTokenHandle
5854 IN HANDLE ExistingTokenHandle
,
5856 IN PTOKEN_GROUPS SidsToDisable OPTIONAL
,
5857 IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL
,
5858 IN PTOKEN_GROUPS RestrictedSids OPTIONAL
,
5859 OUT PHANDLE NewTokenHandle
5865 ZwFlushInstructionCache (
5866 IN HANDLE ProcessHandle
,
5867 IN PVOID BaseAddress OPTIONAL
,
5875 IN HANDLE FileHandle
,
5876 OUT PIO_STATUS_BLOCK IoStatusBlock
5879 #if (VER_PRODUCTBUILD >= 2195)
5884 ZwFlushVirtualMemory (
5885 IN HANDLE ProcessHandle
,
5886 IN OUT PVOID
*BaseAddress
,
5887 IN OUT PULONG FlushSize
,
5888 OUT PIO_STATUS_BLOCK IoStatusBlock
5891 #endif /* (VER_PRODUCTBUILD >= 2195) */
5896 ZwFreeVirtualMemory (
5897 IN HANDLE ProcessHandle
,
5898 IN OUT PVOID
*BaseAddress
,
5899 IN OUT PSIZE_T RegionSize
,
5907 IN HANDLE FileHandle
,
5908 IN HANDLE Event OPTIONAL
,
5909 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
5910 IN PVOID ApcContext OPTIONAL
,
5911 OUT PIO_STATUS_BLOCK IoStatusBlock
,
5912 IN ULONG FsControlCode
,
5913 IN PVOID InputBuffer OPTIONAL
,
5914 IN ULONG InputBufferLength
,
5915 OUT PVOID OutputBuffer OPTIONAL
,
5916 IN ULONG OutputBufferLength
5919 #if (VER_PRODUCTBUILD >= 2195)
5924 ZwInitiatePowerAction (
5925 IN POWER_ACTION SystemAction
,
5926 IN SYSTEM_POWER_STATE MinSystemState
,
5928 IN BOOLEAN Asynchronous
5931 #endif /* (VER_PRODUCTBUILD >= 2195) */
5937 /* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" */
5938 IN PUNICODE_STRING RegistryPath
5945 IN POBJECT_ATTRIBUTES KeyObjectAttributes
,
5946 IN POBJECT_ATTRIBUTES FileObjectAttributes
5953 IN HANDLE KeyHandle
,
5954 IN HANDLE EventHandle OPTIONAL
,
5955 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
5956 IN PVOID ApcContext OPTIONAL
,
5957 OUT PIO_STATUS_BLOCK IoStatusBlock
,
5958 IN ULONG NotifyFilter
,
5959 IN BOOLEAN WatchSubtree
,
5961 IN ULONG BufferLength
,
5962 IN BOOLEAN Asynchronous
5968 ZwOpenDirectoryObject (
5969 OUT PHANDLE DirectoryHandle
,
5970 IN ACCESS_MASK DesiredAccess
,
5971 IN POBJECT_ATTRIBUTES ObjectAttributes
5978 OUT PHANDLE EventHandle
,
5979 IN ACCESS_MASK DesiredAccess
,
5980 IN POBJECT_ATTRIBUTES ObjectAttributes
5987 OUT PHANDLE ProcessHandle
,
5988 IN ACCESS_MASK DesiredAccess
,
5989 IN POBJECT_ATTRIBUTES ObjectAttributes
,
5990 IN PCLIENT_ID ClientId OPTIONAL
5996 ZwOpenProcessToken (
5997 IN HANDLE ProcessHandle
,
5998 IN ACCESS_MASK DesiredAccess
,
5999 OUT PHANDLE TokenHandle
6006 OUT PHANDLE ThreadHandle
,
6007 IN ACCESS_MASK DesiredAccess
,
6008 IN POBJECT_ATTRIBUTES ObjectAttributes
,
6009 IN PCLIENT_ID ClientId
6016 IN HANDLE ThreadHandle
,
6017 IN ACCESS_MASK DesiredAccess
,
6018 IN BOOLEAN OpenAsSelf
,
6019 OUT PHANDLE TokenHandle
6022 #if (VER_PRODUCTBUILD >= 2195)
6027 ZwPowerInformation (
6028 IN POWER_INFORMATION_LEVEL PowerInformationLevel
,
6029 IN PVOID InputBuffer OPTIONAL
,
6030 IN ULONG InputBufferLength
,
6031 OUT PVOID OutputBuffer OPTIONAL
,
6032 IN ULONG OutputBufferLength
6035 #endif /* (VER_PRODUCTBUILD >= 2195) */
6041 IN HANDLE EventHandle
,
6042 OUT PLONG PreviousState OPTIONAL
6048 ZwQueryDefaultLocale (
6049 IN BOOLEAN ThreadOrSystem
,
6056 ZwQueryDirectoryFile (
6057 IN HANDLE FileHandle
,
6058 IN HANDLE Event OPTIONAL
,
6059 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
6060 IN PVOID ApcContext OPTIONAL
,
6061 OUT PIO_STATUS_BLOCK IoStatusBlock
,
6062 OUT PVOID FileInformation
,
6064 IN FILE_INFORMATION_CLASS FileInformationClass
,
6065 IN BOOLEAN ReturnSingleEntry
,
6066 IN PUNICODE_STRING FileName OPTIONAL
,
6067 IN BOOLEAN RestartScan
6070 #if (VER_PRODUCTBUILD >= 2195)
6075 ZwQueryDirectoryObject (
6076 IN HANDLE DirectoryHandle
,
6079 IN BOOLEAN ReturnSingleEntry
,
6080 IN BOOLEAN RestartScan
,
6081 IN OUT PULONG Context
,
6082 OUT PULONG ReturnLength OPTIONAL
6089 IN HANDLE FileHandle
,
6090 OUT PIO_STATUS_BLOCK IoStatusBlock
,
6093 IN BOOLEAN ReturnSingleEntry
,
6094 IN PVOID EaList OPTIONAL
,
6095 IN ULONG EaListLength
,
6096 IN PULONG EaIndex OPTIONAL
,
6097 IN BOOLEAN RestartScan
6100 #endif /* (VER_PRODUCTBUILD >= 2195) */
6105 ZwQueryInformationProcess (
6106 IN HANDLE ProcessHandle
,
6107 IN PROCESSINFOCLASS ProcessInformationClass
,
6108 OUT PVOID ProcessInformation
,
6109 IN ULONG ProcessInformationLength
,
6110 OUT PULONG ReturnLength OPTIONAL
6116 ZwQueryInformationToken (
6117 IN HANDLE TokenHandle
,
6118 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
6119 OUT PVOID TokenInformation
,
6121 OUT PULONG ResultLength
6127 ZwQuerySecurityObject (
6128 IN HANDLE FileHandle
,
6129 IN SECURITY_INFORMATION SecurityInformation
,
6130 OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
6132 OUT PULONG ResultLength
6138 ZwQueryVolumeInformationFile (
6139 IN HANDLE FileHandle
,
6140 OUT PIO_STATUS_BLOCK IoStatusBlock
,
6141 OUT PVOID FsInformation
,
6143 IN FS_INFORMATION_CLASS FsInformationClass
6150 IN POBJECT_ATTRIBUTES NewFileObjectAttributes
,
6151 IN HANDLE KeyHandle
,
6152 IN POBJECT_ATTRIBUTES OldFileObjectAttributes
6159 IN HANDLE EventHandle
,
6160 OUT PLONG PreviousState OPTIONAL
6163 #if (VER_PRODUCTBUILD >= 2195)
6169 IN HANDLE KeyHandle
,
6170 IN HANDLE FileHandle
,
6174 #endif /* (VER_PRODUCTBUILD >= 2195) */
6180 IN HANDLE KeyHandle
,
6181 IN HANDLE FileHandle
6187 ZwSetDefaultLocale (
6188 IN BOOLEAN ThreadOrSystem
,
6192 #if (VER_PRODUCTBUILD >= 2195)
6197 ZwSetDefaultUILanguage (
6198 IN LANGID LanguageId
6205 IN HANDLE FileHandle
,
6206 OUT PIO_STATUS_BLOCK IoStatusBlock
,
6211 #endif /* (VER_PRODUCTBUILD >= 2195) */
6217 IN HANDLE EventHandle
,
6218 OUT PLONG PreviousState OPTIONAL
6224 ZwSetInformationProcess (
6225 IN HANDLE ProcessHandle
,
6226 IN PROCESSINFOCLASS ProcessInformationClass
,
6227 IN PVOID ProcessInformation
,
6228 IN ULONG ProcessInformationLength
6231 #if (VER_PRODUCTBUILD >= 2195)
6236 ZwSetSecurityObject (
6238 IN SECURITY_INFORMATION SecurityInformation
,
6239 IN PSECURITY_DESCRIPTOR SecurityDescriptor
6242 #endif /* (VER_PRODUCTBUILD >= 2195) */
6248 IN PLARGE_INTEGER NewTime
,
6249 OUT PLARGE_INTEGER OldTime OPTIONAL
6252 #if (VER_PRODUCTBUILD >= 2195)
6257 ZwSetVolumeInformationFile (
6258 IN HANDLE FileHandle
,
6259 OUT PIO_STATUS_BLOCK IoStatusBlock
,
6260 IN PVOID FsInformation
,
6262 IN FS_INFORMATION_CLASS FsInformationClass
6265 #endif /* (VER_PRODUCTBUILD >= 2195) */
6270 ZwTerminateProcess (
6271 IN HANDLE ProcessHandle OPTIONAL
,
6272 IN NTSTATUS ExitStatus
6279 /* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" */
6280 IN PUNICODE_STRING RegistryPath
6287 IN POBJECT_ATTRIBUTES KeyObjectAttributes
6293 ZwWaitForSingleObject (
6295 IN BOOLEAN Alertable
,
6296 IN PLARGE_INTEGER Timeout OPTIONAL
6302 ZwWaitForMultipleObjects (
6303 IN ULONG HandleCount
,
6305 IN WAIT_TYPE WaitType
,
6306 IN BOOLEAN Alertable
,
6307 IN PLARGE_INTEGER Timeout OPTIONAL
6323 #endif /* _NTIFS_ */
projects / reactos.git / blob