projects / reactos.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
sync to trunk revision 36700
[reactos.git] / reactos / include / ddk / ntifs.h
1 /*
2 * ntifs.h
3 *
4 * Windows NT Filesystem Driver Developer Kit
5 *
6 * This file is part of the w32api package.
7 *
8 * Contributors:
9 * Created by Bo Brantén <bosse@acc.umu.se>
10 *
11 * THIS SOFTWARE IS NOT COPYRIGHTED
12 *
13 * This source code is offered for use in the public domain. You may
14 * use, modify or distribute it freely.
15 *
16 * This code is distributed in the hope that it will be useful but
17 * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
18 * DISCLAIMED. This includes but is not limited to warranties of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
20 *
21 */
22
23 #ifndef _NTIFS_
24 #define _NTIFS_
25 #define _GNU_NTIFS_
26
27 #if __GNUC__ >= 3
28 #pragma GCC system_header
29 #endif
30
31 #ifdef _NTOSKRNL_
32 /* HACKHACKHACK!!! We shouldn't include this header from ntoskrnl! */
33 #define NTKERNELAPI
34 #else
35 #define NTKERNELAPI DECLSPEC_IMPORT
36 #endif
37
38 #include "ntddk.h"
39
40 #define _NTIFS_INCLUDED_
41 #ifdef __cplusplus
42 extern "C" {
43 #endif
44
45 #pragma pack(push,4)
46
47 #ifndef VER_PRODUCTBUILD
48 #define VER_PRODUCTBUILD 10000
49 #endif
50
51 #ifndef NTSYSAPI
52 #define NTSYSAPI
53 #endif
54
55 #define EX_PUSH_LOCK ULONG_PTR
56 #define PEX_PUSH_LOCK PULONG_PTR
57
58
59 #ifndef FlagOn
60 #define FlagOn(_F,_SF) ((_F) & (_SF))
61 #endif
62
63 #ifndef BooleanFlagOn
64 #define BooleanFlagOn(F,SF) ((BOOLEAN)(((F) & (SF)) != 0))
65 #endif
66
67 #ifndef SetFlag
68 #define SetFlag(_F,_SF) ((_F) |= (_SF))
69 #endif
70
71 #ifndef ClearFlag
72 #define ClearFlag(_F,_SF) ((_F) &= ~(_SF))
73 #endif
74
75 #include "csq.h"
76
77 typedef struct _SE_EXPORTS *PSE_EXPORTS;
78
79 #ifdef _NTOSKRNL_
80 extern PUCHAR FsRtlLegalAnsiCharacterArray;
81 #else
82 extern DECLSPEC_IMPORT PUCHAR FsRtlLegalAnsiCharacterArray;
83 #endif
84 extern PSE_EXPORTS SeExports;
85 extern PACL SePublicDefaultDacl;
86 extern PACL SeSystemDefaultDacl;
87
88 extern KSPIN_LOCK IoStatisticsLock;
89 extern ULONG IoReadOperationCount;
90 extern ULONG IoWriteOperationCount;
91 extern ULONG IoOtherOperationCount;
92 extern LARGE_INTEGER IoReadTransferCount;
93 extern LARGE_INTEGER IoWriteTransferCount;
94 extern LARGE_INTEGER IoOtherTransferCount;
95
96 typedef STRING LSA_STRING, *PLSA_STRING;
97 typedef ULONG LSA_OPERATIONAL_MODE, *PLSA_OPERATIONAL_MODE;
98
99 typedef enum _SECURITY_LOGON_TYPE
100 {
101 UndefinedLogonType = 0,
102 Interactive = 2,
103 Network,
104 Batch,
105 Service,
106 Proxy,
107 Unlock,
108 NetworkCleartext,
109 NewCredentials,
110 #if (_WIN32_WINNT >= 0x0501)
111 RemoteInteractive,
112 CachedInteractive,
113 #endif
114 #if (_WIN32_WINNT >= 0x0502)
115 CachedRemoteInteractive,
116 CachedUnlock
117 #endif
118 } SECURITY_LOGON_TYPE, *PSECURITY_LOGON_TYPE;
119
120 #define ANSI_DOS_STAR ('<')
121 #define ANSI_DOS_QM ('>')
122 #define ANSI_DOS_DOT ('"')
123
124 #define DOS_STAR (L'<')
125 #define DOS_QM (L'>')
126 #define DOS_DOT (L'"')
127
128 /* also in winnt.h */
129 #define ACCESS_MIN_MS_ACE_TYPE (0x0)
130 #define ACCESS_ALLOWED_ACE_TYPE (0x0)
131 #define ACCESS_DENIED_ACE_TYPE (0x1)
132 #define SYSTEM_AUDIT_ACE_TYPE (0x2)
133 #define SYSTEM_ALARM_ACE_TYPE (0x3)
134 #define ACCESS_MAX_MS_V2_ACE_TYPE (0x3)
135 #define ACCESS_ALLOWED_COMPOUND_ACE_TYPE (0x4)
136 #define ACCESS_MAX_MS_V3_ACE_TYPE (0x4)
137 #define ACCESS_MIN_MS_OBJECT_ACE_TYPE (0x5)
138 #define ACCESS_ALLOWED_OBJECT_ACE_TYPE (0x5)
139 #define ACCESS_DENIED_OBJECT_ACE_TYPE (0x6)
140 #define SYSTEM_AUDIT_OBJECT_ACE_TYPE (0x7)
141 #define SYSTEM_ALARM_OBJECT_ACE_TYPE (0x8)
142 #define ACCESS_MAX_MS_OBJECT_ACE_TYPE (0x8)
143 #define ACCESS_MAX_MS_V4_ACE_TYPE (0x8)
144 #define ACCESS_MAX_MS_ACE_TYPE (0x8)
145 #define ACCESS_ALLOWED_CALLBACK_ACE_TYPE (0x9)
146 #define ACCESS_DENIED_CALLBACK_ACE_TYPE (0xA)
147 #define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE (0xB)
148 #define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE (0xC)
149 #define SYSTEM_AUDIT_CALLBACK_ACE_TYPE (0xD)
150 #define SYSTEM_ALARM_CALLBACK_ACE_TYPE (0xE)
151 #define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE (0xF)
152 #define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE (0x10)
153 #define ACCESS_MAX_MS_V5_ACE_TYPE (0x10)
154
155 #define COMPRESSION_FORMAT_NONE (0x0000)
156 #define COMPRESSION_FORMAT_DEFAULT (0x0001)
157 #define COMPRESSION_FORMAT_LZNT1 (0x0002)
158 #define COMPRESSION_ENGINE_STANDARD (0x0000)
159 #define COMPRESSION_ENGINE_MAXIMUM (0x0100)
160 #define COMPRESSION_ENGINE_HIBER (0x0200)
161
162 #define FILE_ACTION_ADDED 0x00000001
163 #define FILE_ACTION_REMOVED 0x00000002
164 #define FILE_ACTION_MODIFIED 0x00000003
165 #define FILE_ACTION_RENAMED_OLD_NAME 0x00000004
166 #define FILE_ACTION_RENAMED_NEW_NAME 0x00000005
167 #define FILE_ACTION_ADDED_STREAM 0x00000006
168 #define FILE_ACTION_REMOVED_STREAM 0x00000007
169 #define FILE_ACTION_MODIFIED_STREAM 0x00000008
170 #define FILE_ACTION_REMOVED_BY_DELETE 0x00000009
171 #define FILE_ACTION_ID_NOT_TUNNELLED 0x0000000A
172 #define FILE_ACTION_TUNNELLED_ID_COLLISION 0x0000000B
173 /* end winnt.h */
174
175 #define FILE_EA_TYPE_BINARY 0xfffe
176 #define FILE_EA_TYPE_ASCII 0xfffd
177 #define FILE_EA_TYPE_BITMAP 0xfffb
178 #define FILE_EA_TYPE_METAFILE 0xfffa
179 #define FILE_EA_TYPE_ICON 0xfff9
180 #define FILE_EA_TYPE_EA 0xffee
181 #define FILE_EA_TYPE_MVMT 0xffdf
182 #define FILE_EA_TYPE_MVST 0xffde
183 #define FILE_EA_TYPE_ASN1 0xffdd
184 #define FILE_EA_TYPE_FAMILY_IDS 0xff01
185
186 #define FILE_NEED_EA 0x00000080
187
188 /* also in winnt.h */
189 #define FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001
190 #define FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002
191 #define FILE_NOTIFY_CHANGE_NAME 0x00000003
192 #define FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004
193 #define FILE_NOTIFY_CHANGE_SIZE 0x00000008
194 #define FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010
195 #define FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020
196 #define FILE_NOTIFY_CHANGE_CREATION 0x00000040
197 #define FILE_NOTIFY_CHANGE_EA 0x00000080
198 #define FILE_NOTIFY_CHANGE_SECURITY 0x00000100
199 #define FILE_NOTIFY_CHANGE_STREAM_NAME 0x00000200
200 #define FILE_NOTIFY_CHANGE_STREAM_SIZE 0x00000400
201 #define FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800
202 #define FILE_NOTIFY_VALID_MASK 0x00000fff
203 /* end winnt.h */
204
205 #define FILE_OPLOCK_BROKEN_TO_LEVEL_2 0x00000007
206 #define FILE_OPLOCK_BROKEN_TO_NONE 0x00000008
207
208 #define FILE_OPBATCH_BREAK_UNDERWAY 0x00000009
209
210 #define FILE_CASE_SENSITIVE_SEARCH 0x00000001
211 #define FILE_CASE_PRESERVED_NAMES 0x00000002
212 #define FILE_UNICODE_ON_DISK 0x00000004
213 #define FILE_PERSISTENT_ACLS 0x00000008
214 #define FILE_FILE_COMPRESSION 0x00000010
215 #define FILE_VOLUME_QUOTAS 0x00000020
216 #define FILE_SUPPORTS_SPARSE_FILES 0x00000040
217 #define FILE_SUPPORTS_REPARSE_POINTS 0x00000080
218 #define FILE_SUPPORTS_REMOTE_STORAGE 0x00000100
219 #define FS_LFN_APIS 0x00004000
220 #define FILE_VOLUME_IS_COMPRESSED 0x00008000
221 #define FILE_SUPPORTS_OBJECT_IDS 0x00010000
222 #define FILE_SUPPORTS_ENCRYPTION 0x00020000
223 #define FILE_NAMED_STREAMS 0x00040000
224 #define FILE_READ_ONLY_VOLUME 0x00080000
225 #define FILE_SEQUENTIAL_WRITE_ONCE 0x00100000
226 #define FILE_SUPPORTS_TRANSACTIONS 0x00200000
227
228 #define FILE_PIPE_BYTE_STREAM_TYPE 0x00000000
229 #define FILE_PIPE_MESSAGE_TYPE 0x00000001
230
231 #define FILE_PIPE_BYTE_STREAM_MODE 0x00000000
232 #define FILE_PIPE_MESSAGE_MODE 0x00000001
233
234 #define FILE_PIPE_QUEUE_OPERATION 0x00000000
235 #define FILE_PIPE_COMPLETE_OPERATION 0x00000001
236
237 #define FILE_PIPE_INBOUND 0x00000000
238 #define FILE_PIPE_OUTBOUND 0x00000001
239 #define FILE_PIPE_FULL_DUPLEX 0x00000002
240
241 #define FILE_PIPE_DISCONNECTED_STATE 0x00000001
242 #define FILE_PIPE_LISTENING_STATE 0x00000002
243 #define FILE_PIPE_CONNECTED_STATE 0x00000003
244 #define FILE_PIPE_CLOSING_STATE 0x00000004
245
246 #define FILE_PIPE_CLIENT_END 0x00000000
247 #define FILE_PIPE_SERVER_END 0x00000001
248
249 #define FILE_PIPE_READ_DATA 0x00000000
250 #define FILE_PIPE_WRITE_SPACE 0x00000001
251
252 #define FILE_STORAGE_TYPE_SPECIFIED 0x00000041 /* FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE */
253 #define FILE_STORAGE_TYPE_DEFAULT (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT)
254 #define FILE_STORAGE_TYPE_DIRECTORY (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT)
255 #define FILE_STORAGE_TYPE_FILE (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT)
256 #define FILE_STORAGE_TYPE_DOCFILE (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT)
257 #define FILE_STORAGE_TYPE_JUNCTION_POINT (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT)
258 #define FILE_STORAGE_TYPE_CATALOG (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT)
259 #define FILE_STORAGE_TYPE_STRUCTURED_STORAGE (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT)
260 #define FILE_STORAGE_TYPE_EMBEDDING (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT)
261 #define FILE_STORAGE_TYPE_STREAM (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT)
262 #define FILE_MINIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_DEFAULT
263 #define FILE_MAXIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_STREAM
264 #define FILE_STORAGE_TYPE_MASK 0x000f0000
265 #define FILE_STORAGE_TYPE_SHIFT 16
266
267 #define FILE_VC_QUOTA_NONE 0x00000000
268 #define FILE_VC_QUOTA_TRACK 0x00000001
269 #define FILE_VC_QUOTA_ENFORCE 0x00000002
270 #define FILE_VC_QUOTA_MASK 0x00000003
271
272 #define FILE_VC_QUOTAS_LOG_VIOLATIONS 0x00000004
273 #define FILE_VC_CONTENT_INDEX_DISABLED 0x00000008
274
275 #define FILE_VC_LOG_QUOTA_THRESHOLD 0x00000010
276 #define FILE_VC_LOG_QUOTA_LIMIT 0x00000020
277 #define FILE_VC_LOG_VOLUME_THRESHOLD 0x00000040
278 #define FILE_VC_LOG_VOLUME_LIMIT 0x00000080
279
280 #define FILE_VC_QUOTAS_INCOMPLETE 0x00000100
281 #define FILE_VC_QUOTAS_REBUILDING 0x00000200
282
283 #define FILE_VC_VALID_MASK 0x000003ff
284
285 #define FSRTL_FLAG_FILE_MODIFIED (0x01)
286 #define FSRTL_FLAG_FILE_LENGTH_CHANGED (0x02)
287 #define FSRTL_FLAG_LIMIT_MODIFIED_PAGES (0x04)
288 #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_EX (0x08)
289 #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_SH (0x10)
290 #define FSRTL_FLAG_USER_MAPPED_FILE (0x20)
291 #define FSRTL_FLAG_ADVANCED_HEADER (0x40)
292 #define FSRTL_FLAG_EOF_ADVANCE_ACTIVE (0x80)
293
294 #define FSRTL_FLAG2_DO_MODIFIED_WRITE (0x01)
295 #define FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS (0x02)
296 #define FSRTL_FLAG2_PURGE_WHEN_MAPPED (0x04)
297 #define FSRTL_FLAG2_IS_PAGING_FILE (0x08)
298
299 #define FSRTL_FSP_TOP_LEVEL_IRP (0x01)
300 #define FSRTL_CACHE_TOP_LEVEL_IRP (0x02)
301 #define FSRTL_MOD_WRITE_TOP_LEVEL_IRP (0x03)
302 #define FSRTL_FAST_IO_TOP_LEVEL_IRP (0x04)
303 #define FSRTL_MAX_TOP_LEVEL_IRP_FLAG (0x04)
304
305 #define FSRTL_VOLUME_DISMOUNT 1
306 #define FSRTL_VOLUME_DISMOUNT_FAILED 2
307 #define FSRTL_VOLUME_LOCK 3
308 #define FSRTL_VOLUME_LOCK_FAILED 4
309 #define FSRTL_VOLUME_UNLOCK 5
310 #define FSRTL_VOLUME_MOUNT 6
311
312 #define FSRTL_WILD_CHARACTER 0x08
313
314 #define FSRTL_FAT_LEGAL 0x01
315 #define FSRTL_HPFS_LEGAL 0x02
316 #define FSRTL_NTFS_LEGAL 0x04
317 #define FSRTL_WILD_CHARACTER 0x08
318 #define FSRTL_OLE_LEGAL 0x10
319 #define FSRTL_NTFS_STREAM_LEGAL 0x14
320
321 #ifdef _X86_
322 #define HARDWARE_PTE HARDWARE_PTE_X86
323 #define PHARDWARE_PTE PHARDWARE_PTE_X86
324 #endif
325
326 #define IO_CHECK_CREATE_PARAMETERS 0x0200
327 #define IO_ATTACH_DEVICE 0x0400
328
329 #define IO_ATTACH_DEVICE_API 0x80000000
330
331 #define IO_FILE_OBJECT_NON_PAGED_POOL_CHARGE 64
332 #define IO_FILE_OBJECT_PAGED_POOL_CHARGE 1024
333
334 #define IO_TYPE_APC 18
335 #define IO_TYPE_DPC 19
336 #define IO_TYPE_DEVICE_QUEUE 20
337 #define IO_TYPE_EVENT_PAIR 21
338 #define IO_TYPE_INTERRUPT 22
339 #define IO_TYPE_PROFILE 23
340
341 #define IRP_BEING_VERIFIED 0x10
342
343 #define MAILSLOT_CLASS_FIRSTCLASS 1
344 #define MAILSLOT_CLASS_SECONDCLASS 2
345
346 #define MAILSLOT_SIZE_AUTO 0
347
348 #define MAP_PROCESS 1L
349 #define MAP_SYSTEM 2L
350 #define MEM_DOS_LIM 0x40000000
351
352 #define OB_TYPE_TYPE 1
353 #define OB_TYPE_DIRECTORY 2
354 #define OB_TYPE_SYMBOLIC_LINK 3
355 #define OB_TYPE_TOKEN 4
356 #define OB_TYPE_PROCESS 5
357 #define OB_TYPE_THREAD 6
358 #define OB_TYPE_EVENT 7
359 #define OB_TYPE_EVENT_PAIR 8
360 #define OB_TYPE_MUTANT 9
361 #define OB_TYPE_SEMAPHORE 10
362 #define OB_TYPE_TIMER 11
363 #define OB_TYPE_PROFILE 12
364 #define OB_TYPE_WINDOW_STATION 13
365 #define OB_TYPE_DESKTOP 14
366 #define OB_TYPE_SECTION 15
367 #define OB_TYPE_KEY 16
368 #define OB_TYPE_PORT 17
369 #define OB_TYPE_ADAPTER 18
370 #define OB_TYPE_CONTROLLER 19
371 #define OB_TYPE_DEVICE 20
372 #define OB_TYPE_DRIVER 21
373 #define OB_TYPE_IO_COMPLETION 22
374 #define OB_TYPE_FILE 23
375
376 #define PIN_WAIT (1)
377 #define PIN_EXCLUSIVE (2)
378 #define PIN_NO_READ (4)
379 #define PIN_IF_BCB (8)
380
381 #define RTL_DUPLICATE_UNICODE_STRING_NULL_TERMINATE 1
382 #define RTL_DUPLICATE_UNICODE_STRING_ALLOCATE_NULL_STRING 2
383
384 #define SEC_BASED 0x00200000
385
386 #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
387 #define SECURITY_WORLD_RID (0x00000000L)
388
389 #define SID_REVISION 1
390 #define SID_MAX_SUB_AUTHORITIES 15
391 #define SID_RECOMMENDED_SUB_AUTHORITIES 1
392
393 #define TOKEN_ASSIGN_PRIMARY (0x0001)
394 #define TOKEN_DUPLICATE (0x0002)
395 #define TOKEN_IMPERSONATE (0x0004)
396 #define TOKEN_QUERY (0x0008)
397 #define TOKEN_QUERY_SOURCE (0x0010)
398 #define TOKEN_ADJUST_PRIVILEGES (0x0020)
399 #define TOKEN_ADJUST_GROUPS (0x0040)
400 #define TOKEN_ADJUST_DEFAULT (0x0080)
401 #define TOKEN_ADJUST_SESSIONID (0x0100)
402
403 #define TOKEN_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED |\
404 TOKEN_ASSIGN_PRIMARY |\
405 TOKEN_DUPLICATE |\
406 TOKEN_IMPERSONATE |\
407 TOKEN_QUERY |\
408 TOKEN_QUERY_SOURCE |\
409 TOKEN_ADJUST_PRIVILEGES |\
410 TOKEN_ADJUST_GROUPS |\
411 TOKEN_ADJUST_DEFAULT |\
412 TOKEN_ADJUST_SESSIONID)
413
414 #define TOKEN_READ (STANDARD_RIGHTS_READ |\
415 TOKEN_QUERY)
416
417 #define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\
418 TOKEN_ADJUST_PRIVILEGES |\
419 TOKEN_ADJUST_GROUPS |\
420 TOKEN_ADJUST_DEFAULT)
421
422 #define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE)
423
424 #define TOKEN_SOURCE_LENGTH 8
425 /* end winnt.h */
426
427 #define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x01
428 #define TOKEN_HAS_BACKUP_PRIVILEGE 0x02
429 #define TOKEN_HAS_RESTORE_PRIVILEGE 0x04
430 #define TOKEN_HAS_ADMIN_GROUP 0x08
431 #define TOKEN_WRITE_RESTRICTED 0x08
432 #define TOKEN_IS_RESTRICTED 0x10
433 #define SE_BACKUP_PRIVILEGES_CHECKED 0x0100
434
435 #define VACB_MAPPING_GRANULARITY (0x40000)
436 #define VACB_OFFSET_SHIFT (18)
437
438 #define SE_OWNER_DEFAULTED 0x0001
439 #define SE_GROUP_DEFAULTED 0x0002
440 #define SE_DACL_PRESENT 0x0004
441 #define SE_DACL_DEFAULTED 0x0008
442 #define SE_SACL_PRESENT 0x0010
443 #define SE_SACL_DEFAULTED 0x0020
444 #define SE_DACL_UNTRUSTED 0x0040
445 #define SE_SERVER_SECURITY 0x0080
446 #define SE_DACL_AUTO_INHERIT_REQ 0x0100
447 #define SE_SACL_AUTO_INHERIT_REQ 0x0200
448 #define SE_DACL_AUTO_INHERITED 0x0400
449 #define SE_SACL_AUTO_INHERITED 0x0800
450 #define SE_DACL_PROTECTED 0x1000
451 #define SE_SACL_PROTECTED 0x2000
452 #define SE_RM_CONTROL_VALID 0x4000
453 #define SE_SELF_RELATIVE 0x8000
454
455 #ifndef _WINNT_H
456 #define _AUDIT_EVENT_TYPE_HACK 0
457 #endif
458 #if (_AUDIT_EVENT_TYPE_HACK == 1)
459
460 #else
461 typedef enum _AUDIT_EVENT_TYPE
462 {
463 AuditEventObjectAccess,
464 AuditEventDirectoryServiceAccess
465 } AUDIT_EVENT_TYPE, *PAUDIT_EVENT_TYPE;
466 #endif
467
468 #define AUDIT_ALLOW_NO_PRIVILEGE 0x1
469
470 #define FSCTL_REQUEST_OPLOCK_LEVEL_1 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
471 #define FSCTL_REQUEST_OPLOCK_LEVEL_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
472 #define FSCTL_REQUEST_BATCH_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
473 #define FSCTL_OPLOCK_BREAK_ACKNOWLEDGE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 3, METHOD_BUFFERED, FILE_ANY_ACCESS)
474 #define FSCTL_OPBATCH_ACK_CLOSE_PENDING CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
475 #define FSCTL_OPLOCK_BREAK_NOTIFY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 5, METHOD_BUFFERED, FILE_ANY_ACCESS)
476 #define FSCTL_LOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
477 #define FSCTL_UNLOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
478 #define FSCTL_DISMOUNT_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
479
480 #define FSCTL_IS_VOLUME_MOUNTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 10, METHOD_BUFFERED, FILE_ANY_ACCESS)
481 #define FSCTL_IS_PATHNAME_VALID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 11, METHOD_BUFFERED, FILE_ANY_ACCESS)
482 #define FSCTL_MARK_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 12, METHOD_BUFFERED, FILE_ANY_ACCESS)
483
484 #define FSCTL_QUERY_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 14, METHOD_NEITHER, FILE_ANY_ACCESS)
485 #define FSCTL_GET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 15, METHOD_BUFFERED, FILE_ANY_ACCESS)
486 #define FSCTL_SET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 16, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
487
488
489 #define FSCTL_MARK_AS_SYSTEM_HIVE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 19, METHOD_NEITHER, FILE_ANY_ACCESS)
490 #define FSCTL_OPLOCK_BREAK_ACK_NO_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 20, METHOD_BUFFERED, FILE_ANY_ACCESS)
491 #define FSCTL_INVALIDATE_VOLUMES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 21, METHOD_BUFFERED, FILE_ANY_ACCESS)
492 #define FSCTL_QUERY_FAT_BPB CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 22, METHOD_BUFFERED, FILE_ANY_ACCESS)
493 #define FSCTL_REQUEST_FILTER_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 23, METHOD_BUFFERED, FILE_ANY_ACCESS)
494 #define FSCTL_FILESYSTEM_GET_STATISTICS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 24, METHOD_BUFFERED, FILE_ANY_ACCESS)
495
496 #if (VER_PRODUCTBUILD >= 1381)
497
498 #define FSCTL_GET_NTFS_VOLUME_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 25, METHOD_BUFFERED, FILE_ANY_ACCESS)
499 #define FSCTL_GET_NTFS_FILE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 26, METHOD_BUFFERED, FILE_ANY_ACCESS)
500 #define FSCTL_GET_VOLUME_BITMAP CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 27, METHOD_NEITHER, FILE_ANY_ACCESS)
501 #define FSCTL_GET_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 28, METHOD_NEITHER, FILE_ANY_ACCESS)
502 #define FSCTL_MOVE_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 29, METHOD_BUFFERED, FILE_ANY_ACCESS)
503 #define FSCTL_IS_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 30, METHOD_BUFFERED, FILE_ANY_ACCESS)
504 #define FSCTL_GET_HFS_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS)
505 #define FSCTL_ALLOW_EXTENDED_DASD_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 32, METHOD_NEITHER, FILE_ANY_ACCESS)
506
507 #endif /* (VER_PRODUCTBUILD >= 1381) */
508
509 #if (VER_PRODUCTBUILD >= 2195)
510
511 #define FSCTL_READ_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS)
512 #define FSCTL_WRITE_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS)
513 #define FSCTL_FIND_FILES_BY_SID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 35, METHOD_NEITHER, FILE_ANY_ACCESS)
514
515 #define FSCTL_DUMP_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS)
516 #define FSCTL_SET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 38, METHOD_BUFFERED, FILE_WRITE_DATA)
517 #define FSCTL_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 39, METHOD_BUFFERED, FILE_ANY_ACCESS)
518 #define FSCTL_DELETE_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 40, METHOD_BUFFERED, FILE_WRITE_DATA)
519 #define FSCTL_SET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 41, METHOD_BUFFERED, FILE_WRITE_DATA)
520 #define FSCTL_GET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 42, METHOD_BUFFERED, FILE_ANY_ACCESS)
521 #define FSCTL_DELETE_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 43, METHOD_BUFFERED, FILE_WRITE_DATA)
522 #define FSCTL_ENUM_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 44, METHOD_NEITHER, FILE_READ_DATA)
523 #define FSCTL_SECURITY_ID_CHECK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 45, METHOD_NEITHER, FILE_READ_DATA)
524 #define FSCTL_READ_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 46, METHOD_NEITHER, FILE_READ_DATA)
525 #define FSCTL_SET_OBJECT_ID_EXTENDED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 47, METHOD_BUFFERED, FILE_WRITE_DATA)
526 #define FSCTL_CREATE_OR_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 48, METHOD_BUFFERED, FILE_ANY_ACCESS)
527 #define FSCTL_SET_SPARSE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 49, METHOD_BUFFERED, FILE_WRITE_DATA)
528 #define FSCTL_SET_ZERO_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 50, METHOD_BUFFERED, FILE_WRITE_DATA)
529 #define FSCTL_QUERY_ALLOCATED_RANGES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 51, METHOD_NEITHER, FILE_READ_DATA)
530 #define FSCTL_ENABLE_UPGRADE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 52, METHOD_BUFFERED, FILE_WRITE_DATA)
531 #define FSCTL_SET_ENCRYPTION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 53, METHOD_BUFFERED, FILE_ANY_ACCESS)
532 #define FSCTL_ENCRYPTION_FSCTL_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 54, METHOD_NEITHER, FILE_ANY_ACCESS)
533 #define FSCTL_WRITE_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 55, METHOD_NEITHER, FILE_ANY_ACCESS)
534 #define FSCTL_READ_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 56, METHOD_NEITHER, FILE_ANY_ACCESS)
535 #define FSCTL_CREATE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 57, METHOD_NEITHER, FILE_READ_DATA)
536 #define FSCTL_READ_FILE_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 58, METHOD_NEITHER, FILE_READ_DATA)
537 #define FSCTL_WRITE_USN_CLOSE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 59, METHOD_NEITHER, FILE_READ_DATA)
538 #define FSCTL_EXTEND_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 60, METHOD_BUFFERED, FILE_ANY_ACCESS)
539 #define FSCTL_QUERY_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 61, METHOD_BUFFERED, FILE_ANY_ACCESS)
540 #define FSCTL_DELETE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 62, METHOD_BUFFERED, FILE_ANY_ACCESS)
541 #define FSCTL_MARK_HANDLE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 63, METHOD_BUFFERED, FILE_ANY_ACCESS)
542 #define FSCTL_SIS_COPYFILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 64, METHOD_BUFFERED, FILE_ANY_ACCESS)
543 #define FSCTL_SIS_LINK_FILES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 65, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
544 #define FSCTL_HSM_MSG CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
545 #define FSCTL_NSS_CONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 67, METHOD_BUFFERED, FILE_WRITE_DATA)
546 #define FSCTL_HSM_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
547 #define FSCTL_RECALL_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 69, METHOD_NEITHER, FILE_ANY_ACCESS)
548 #define FSCTL_NSS_RCONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 70, METHOD_BUFFERED, FILE_READ_DATA)
549 #define FSCTL_READ_FROM_PLEX CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 71, METHOD_OUT_DIRECT, FILE_READ_DATA)
550 #define FSCTL_FILE_PREFETCH CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 72, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
551
552 #endif /* (VER_PRODUCTBUILD >= 2195) */
553
554 #define FSCTL_MAILSLOT_PEEK CTL_CODE(FILE_DEVICE_MAILSLOT, 0, METHOD_NEITHER, FILE_READ_DATA)
555
556 #define FSCTL_NETWORK_SET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
557 #define FSCTL_NETWORK_GET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
558 #define FSCTL_NETWORK_GET_CONNECTION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS)
559 #define FSCTL_NETWORK_ENUMERATE_CONNECTIONS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS)
560 #define FSCTL_NETWORK_DELETE_CONNECTION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS)
561 #define FSCTL_NETWORK_GET_STATISTICS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 116, METHOD_BUFFERED, FILE_ANY_ACCESS)
562 #define FSCTL_NETWORK_SET_DOMAIN_NAME CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS)
563 #define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS)
564
565 #define FSCTL_PIPE_ASSIGN_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
566 #define FSCTL_PIPE_DISCONNECT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
567 #define FSCTL_PIPE_LISTEN CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
568 #define FSCTL_PIPE_PEEK CTL_CODE(FILE_DEVICE_NAMED_PIPE, 3, METHOD_BUFFERED, FILE_READ_DATA)
569 #define FSCTL_PIPE_QUERY_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
570 #define FSCTL_PIPE_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 5, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
571 #define FSCTL_PIPE_WAIT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
572 #define FSCTL_PIPE_IMPERSONATE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
573 #define FSCTL_PIPE_SET_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
574 #define FSCTL_PIPE_QUERY_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 9, METHOD_BUFFERED, FILE_ANY_ACCESS)
575 #define FSCTL_PIPE_INTERNAL_READ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2045, METHOD_BUFFERED, FILE_READ_DATA)
576 #define FSCTL_PIPE_INTERNAL_WRITE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2046, METHOD_BUFFERED, FILE_WRITE_DATA)
577 #define FSCTL_PIPE_INTERNAL_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2047, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
578 #define FSCTL_PIPE_INTERNAL_READ_OVFLOW CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2048, METHOD_BUFFERED, FILE_READ_DATA)
579
580 #define IOCTL_REDIR_QUERY_PATH CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS)
581
582 typedef PVOID OPLOCK, *POPLOCK;
583
584 typedef struct _CACHE_MANAGER_CALLBACKS *PCACHE_MANAGER_CALLBACKS;
585 typedef struct _FILE_GET_QUOTA_INFORMATION *PFILE_GET_QUOTA_INFORMATION;
586 typedef struct _HANDLE_TABLE *PHANDLE_TABLE;
587 typedef struct _KPROCESS *PKPROCESS;
588 typedef struct _KQUEUE *PKQUEUE;
589 typedef struct _KTRAP_FRAME *PKTRAP_FRAME;
590 typedef struct _OBJECT_DIRECTORY *POBJECT_DIRECTORY;
591 typedef struct _SHARED_CACHE_MAP *PSHARED_CACHE_MAP;
592 typedef struct _VACB *PVACB;
593 typedef struct _VAD_HEADER *PVAD_HEADER;
594
595 typedef ULONG LBN;
596 typedef LBN *PLBN;
597
598 typedef ULONG VBN;
599 typedef VBN *PVBN;
600
601 typedef struct _NOTIFY_SYNC
602 {
603 ULONG Unknown0;
604 ULONG Unknown1;
605 ULONG Unknown2;
606 USHORT Unknown3;
607 USHORT Unknown4;
608 ULONG Unknown5;
609 ULONG Unknown6;
610 ULONG Unknown7;
611 ULONG Unknown8;
612 ULONG Unknown9;
613 ULONG Unknown10;
614 } NOTIFY_SYNC, * PNOTIFY_SYNC;
615
616 typedef enum _FAST_IO_POSSIBLE {
617 FastIoIsNotPossible,
618 FastIoIsPossible,
619 FastIoIsQuestionable
620 } FAST_IO_POSSIBLE;
621
622 typedef enum _FILE_STORAGE_TYPE {
623 StorageTypeDefault = 1,
624 StorageTypeDirectory,
625 StorageTypeFile,
626 StorageTypeJunctionPoint,
627 StorageTypeCatalog,
628 StorageTypeStructuredStorage,
629 StorageTypeEmbedding,
630 StorageTypeStream
631 } FILE_STORAGE_TYPE;
632
633 typedef enum _OBJECT_INFORMATION_CLASS
634 {
635 ObjectBasicInformation,
636 ObjectNameInformation,
637 ObjectTypeInformation,
638 ObjectTypesInformation,
639 ObjectHandleFlagInformation,
640 ObjectSessionInformation,
641 MaxObjectInfoClass
642 } OBJECT_INFORMATION_CLASS;
643
644 typedef struct _OBJECT_BASIC_INFORMATION
645 {
646 ULONG Attributes;
647 ACCESS_MASK GrantedAccess;
648 ULONG HandleCount;
649 ULONG PointerCount;
650 ULONG PagedPoolCharge;
651 ULONG NonPagedPoolCharge;
652 ULONG Reserved[ 3 ];
653 ULONG NameInfoSize;
654 ULONG TypeInfoSize;
655 ULONG SecurityDescriptorSize;
656 LARGE_INTEGER CreationTime;
657 } OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION;
658
659 typedef struct _KAPC_STATE {
660 LIST_ENTRY ApcListHead[2];
661 PKPROCESS Process;
662 BOOLEAN KernelApcInProgress;
663 BOOLEAN KernelApcPending;
664 BOOLEAN UserApcPending;
665 } KAPC_STATE, *PKAPC_STATE, *RESTRICTED_POINTER PRKAPC_STATE;
666 #define KAPC_STATE_ACTUAL_LENGTH (FIELD_OFFSET(KAPC_STATE, UserApcPending) + sizeof(BOOLEAN))
667
668 typedef struct _BITMAP_RANGE {
669 LIST_ENTRY Links;
670 LONGLONG BasePage;
671 ULONG FirstDirtyPage;
672 ULONG LastDirtyPage;
673 ULONG DirtyPages;
674 PULONG Bitmap;
675 } BITMAP_RANGE, *PBITMAP_RANGE;
676
677 typedef struct _CACHE_UNINITIALIZE_EVENT {
678 struct _CACHE_UNINITIALIZE_EVENT *Next;
679 KEVENT Event;
680 } CACHE_UNINITIALIZE_EVENT, *PCACHE_UNINITIALIZE_EVENT;
681
682 typedef struct _CC_FILE_SIZES {
683 LARGE_INTEGER AllocationSize;
684 LARGE_INTEGER FileSize;
685 LARGE_INTEGER ValidDataLength;
686 } CC_FILE_SIZES, *PCC_FILE_SIZES;
687
688 typedef struct _COMPRESSED_DATA_INFO {
689 USHORT CompressionFormatAndEngine;
690 UCHAR CompressionUnitShift;
691 UCHAR ChunkShift;
692 UCHAR ClusterShift;
693 UCHAR Reserved;
694 USHORT NumberOfChunks;
695 ULONG CompressedChunkSizes[ANYSIZE_ARRAY];
696 } COMPRESSED_DATA_INFO, *PCOMPRESSED_DATA_INFO;
697
698 typedef struct _SID_IDENTIFIER_AUTHORITY {
699 BYTE Value[6];
700 } SID_IDENTIFIER_AUTHORITY,*PSID_IDENTIFIER_AUTHORITY,*LPSID_IDENTIFIER_AUTHORITY;
701 typedef PVOID PSID;
702 typedef struct _SID {
703 BYTE Revision;
704 BYTE SubAuthorityCount;
705 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
706 DWORD SubAuthority[ANYSIZE_ARRAY];
707 } SID, *PISID;
708 typedef struct _SID_AND_ATTRIBUTES {
709 PSID Sid;
710 DWORD Attributes;
711 } SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES;
712 typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
713 typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY;
714 typedef struct _TOKEN_SOURCE {
715 CHAR SourceName[TOKEN_SOURCE_LENGTH];
716 LUID SourceIdentifier;
717 } TOKEN_SOURCE,*PTOKEN_SOURCE;
718 typedef struct _TOKEN_CONTROL {
719 LUID TokenId;
720 LUID AuthenticationId;
721 LUID ModifiedId;
722 TOKEN_SOURCE TokenSource;
723 } TOKEN_CONTROL,*PTOKEN_CONTROL;
724 typedef struct _TOKEN_DEFAULT_DACL {
725 PACL DefaultDacl;
726 } TOKEN_DEFAULT_DACL,*PTOKEN_DEFAULT_DACL;
727 typedef struct _TOKEN_GROUPS {
728 DWORD GroupCount;
729 SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
730 } TOKEN_GROUPS,*PTOKEN_GROUPS,*LPTOKEN_GROUPS;
731 typedef struct _TOKEN_GROUPS_AND_PRIVILEGES {
732 ULONG SidCount;
733 ULONG SidLength;
734 PSID_AND_ATTRIBUTES Sids;
735 ULONG RestrictedSidCount;
736 ULONG RestrictedSidLength;
737 PSID_AND_ATTRIBUTES RestrictedSids;
738 ULONG PrivilegeCount;
739 ULONG PrivilegeLength;
740 PLUID_AND_ATTRIBUTES Privileges;
741 LUID AuthenticationId;
742 } TOKEN_GROUPS_AND_PRIVILEGES, *PTOKEN_GROUPS_AND_PRIVILEGES;
743 typedef struct _TOKEN_ORIGIN {
744 LUID OriginatingLogonSession;
745 } TOKEN_ORIGIN, *PTOKEN_ORIGIN;
746 typedef struct _TOKEN_OWNER {
747 PSID Owner;
748 } TOKEN_OWNER,*PTOKEN_OWNER;
749 typedef struct _TOKEN_PRIMARY_GROUP {
750 PSID PrimaryGroup;
751 } TOKEN_PRIMARY_GROUP,*PTOKEN_PRIMARY_GROUP;
752 typedef struct _TOKEN_PRIVILEGES {
753 DWORD PrivilegeCount;
754 LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
755 } TOKEN_PRIVILEGES,*PTOKEN_PRIVILEGES,*LPTOKEN_PRIVILEGES;
756 typedef enum tagTOKEN_TYPE {
757 TokenPrimary = 1,
758 TokenImpersonation
759 } TOKEN_TYPE,*PTOKEN_TYPE;
760 typedef struct _TOKEN_STATISTICS {
761 LUID TokenId;
762 LUID AuthenticationId;
763 LARGE_INTEGER ExpirationTime;
764 TOKEN_TYPE TokenType;
765 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
766 DWORD DynamicCharged;
767 DWORD DynamicAvailable;
768 DWORD GroupCount;
769 DWORD PrivilegeCount;
770 LUID ModifiedId;
771 } TOKEN_STATISTICS, *PTOKEN_STATISTICS;
772 typedef struct _TOKEN_USER {
773 SID_AND_ATTRIBUTES User;
774 } TOKEN_USER, *PTOKEN_USER;
775 typedef DWORD SECURITY_INFORMATION,*PSECURITY_INFORMATION;
776 typedef WORD SECURITY_DESCRIPTOR_CONTROL,*PSECURITY_DESCRIPTOR_CONTROL;
777 typedef struct _SECURITY_DESCRIPTOR {
778 BYTE Revision;
779 BYTE Sbz1;
780 SECURITY_DESCRIPTOR_CONTROL Control;
781 PSID Owner;
782 PSID Group;
783 PACL Sacl;
784 PACL Dacl;
785 } SECURITY_DESCRIPTOR, *PISECURITY_DESCRIPTOR;
786 typedef struct _SECURITY_DESCRIPTOR_RELATIVE {
787 BYTE Revision;
788 BYTE Sbz1;
789 SECURITY_DESCRIPTOR_CONTROL Control;
790 DWORD_PTR Owner;
791 DWORD_PTR Group;
792 DWORD_PTR Sacl;
793 DWORD_PTR Dacl;
794 } SECURITY_DESCRIPTOR_RELATIVE, *PISECURITY_DESCRIPTOR_RELATIVE;
795 typedef enum _TOKEN_INFORMATION_CLASS {
796 TokenUser=1,TokenGroups,TokenPrivileges,TokenOwner,
797 TokenPrimaryGroup,TokenDefaultDacl,TokenSource,TokenType,
798 TokenImpersonationLevel,TokenStatistics,TokenRestrictedSids,
799 TokenSessionId,TokenGroupsAndPrivileges,TokenSessionReference,
800 TokenSandBoxInert,TokenAuditPolicy,TokenOrigin,
801 } TOKEN_INFORMATION_CLASS;
802
803 #define SYMLINK_FLAG_RELATIVE 1
804
805 typedef struct _REPARSE_DATA_BUFFER {
806 ULONG ReparseTag;
807 USHORT ReparseDataLength;
808 USHORT Reserved;
809 union {
810 struct {
811 USHORT SubstituteNameOffset;
812 USHORT SubstituteNameLength;
813 USHORT PrintNameOffset;
814 USHORT PrintNameLength;
815 ULONG Flags;
816 WCHAR PathBuffer[1];
817 } SymbolicLinkReparseBuffer;
818 struct {
819 USHORT SubstituteNameOffset;
820 USHORT SubstituteNameLength;
821 USHORT PrintNameOffset;
822 USHORT PrintNameLength;
823 WCHAR PathBuffer[1];
824 } MountPointReparseBuffer;
825 struct {
826 UCHAR DataBuffer[1];
827 } GenericReparseBuffer;
828 };
829 } REPARSE_DATA_BUFFER, *PREPARSE_DATA_BUFFER;
830
831 #define REPARSE_DATA_BUFFER_HEADER_SIZE FIELD_OFFSET(REPARSE_DATA_BUFFER, GenericReparseBuffer)
832
833 typedef struct _FILE_ACCESS_INFORMATION {
834 ACCESS_MASK AccessFlags;
835 } FILE_ACCESS_INFORMATION, *PFILE_ACCESS_INFORMATION;
836
837 typedef struct _FILE_ALLOCATION_INFORMATION {
838 LARGE_INTEGER AllocationSize;
839 } FILE_ALLOCATION_INFORMATION, *PFILE_ALLOCATION_INFORMATION;
840
841 typedef struct _FILE_BOTH_DIR_INFORMATION {
842 ULONG NextEntryOffset;
843 ULONG FileIndex;
844 LARGE_INTEGER CreationTime;
845 LARGE_INTEGER LastAccessTime;
846 LARGE_INTEGER LastWriteTime;
847 LARGE_INTEGER ChangeTime;
848 LARGE_INTEGER EndOfFile;
849 LARGE_INTEGER AllocationSize;
850 ULONG FileAttributes;
851 ULONG FileNameLength;
852 ULONG EaSize;
853 CCHAR ShortNameLength;
854 WCHAR ShortName[12];
855 WCHAR FileName[1];
856 } FILE_BOTH_DIR_INFORMATION, *PFILE_BOTH_DIR_INFORMATION;
857
858 typedef struct _FILE_COMPLETION_INFORMATION {
859 HANDLE Port;
860 PVOID Key;
861 } FILE_COMPLETION_INFORMATION, *PFILE_COMPLETION_INFORMATION;
862
863 typedef struct _FILE_COMPRESSION_INFORMATION {
864 LARGE_INTEGER CompressedFileSize;
865 USHORT CompressionFormat;
866 UCHAR CompressionUnitShift;
867 UCHAR ChunkShift;
868 UCHAR ClusterShift;
869 UCHAR Reserved[3];
870 } FILE_COMPRESSION_INFORMATION, *PFILE_COMPRESSION_INFORMATION;
871
872 typedef struct _FILE_COPY_ON_WRITE_INFORMATION {
873 BOOLEAN ReplaceIfExists;
874 HANDLE RootDirectory;
875 ULONG FileNameLength;
876 WCHAR FileName[1];
877 } FILE_COPY_ON_WRITE_INFORMATION, *PFILE_COPY_ON_WRITE_INFORMATION;
878
879 typedef struct _FILE_DIRECTORY_INFORMATION {
880 ULONG NextEntryOffset;
881 ULONG FileIndex;
882 LARGE_INTEGER CreationTime;
883 LARGE_INTEGER LastAccessTime;
884 LARGE_INTEGER LastWriteTime;
885 LARGE_INTEGER ChangeTime;
886 LARGE_INTEGER EndOfFile;
887 LARGE_INTEGER AllocationSize;
888 ULONG FileAttributes;
889 ULONG FileNameLength;
890 WCHAR FileName[1];
891 } FILE_DIRECTORY_INFORMATION, *PFILE_DIRECTORY_INFORMATION;
892
893 typedef struct _FILE_FULL_DIRECTORY_INFORMATION {
894 ULONG NextEntryOffset;
895 ULONG FileIndex;
896 LARGE_INTEGER CreationTime;
897 LARGE_INTEGER LastAccessTime;
898 LARGE_INTEGER LastWriteTime;
899 LARGE_INTEGER ChangeTime;
900 LARGE_INTEGER EndOfFile;
901 LARGE_INTEGER AllocationSize;
902 ULONG FileAttributes;
903 ULONG FileNameLength;
904 ULONG EaSize;
905 WCHAR FileName[0];
906 } FILE_FULL_DIRECTORY_INFORMATION, *PFILE_FULL_DIRECTORY_INFORMATION;
907
908 typedef struct _FILE_ID_FULL_DIR_INFORMATION {
909 ULONG NextEntryOffset;
910 ULONG FileIndex;
911 LARGE_INTEGER CreationTime;
912 LARGE_INTEGER LastAccessTime;
913 LARGE_INTEGER LastWriteTime;
914 LARGE_INTEGER ChangeTime;
915 LARGE_INTEGER EndOfFile;
916 LARGE_INTEGER AllocationSize;
917 ULONG FileAttributes;
918 ULONG FileNameLength;
919 ULONG EaSize;
920 LARGE_INTEGER FileId;
921 WCHAR FileName[1];
922 } FILE_ID_FULL_DIR_INFORMATION, *PFILE_ID_FULL_DIR_INFORMATION;
923
924 typedef struct _FILE_BOTH_DIRECTORY_INFORMATION {
925 ULONG NextEntryOffset;
926 ULONG FileIndex;
927 LARGE_INTEGER CreationTime;
928 LARGE_INTEGER LastAccessTime;
929 LARGE_INTEGER LastWriteTime;
930 LARGE_INTEGER ChangeTime;
931 LARGE_INTEGER EndOfFile;
932 LARGE_INTEGER AllocationSize;
933 ULONG FileAttributes;
934 ULONG FileNameLength;
935 ULONG EaSize;
936 CHAR ShortNameLength;
937 WCHAR ShortName[12];
938 WCHAR FileName[0];
939 } FILE_BOTH_DIRECTORY_INFORMATION, *PFILE_BOTH_DIRECTORY_INFORMATION;
940
941 typedef struct _FILE_ID_BOTH_DIR_INFORMATION {
942 ULONG NextEntryOffset;
943 ULONG FileIndex;
944 LARGE_INTEGER CreationTime;
945 LARGE_INTEGER LastAccessTime;
946 LARGE_INTEGER LastWriteTime;
947 LARGE_INTEGER ChangeTime;
948 LARGE_INTEGER EndOfFile;
949 LARGE_INTEGER AllocationSize;
950 ULONG FileAttributes;
951 ULONG FileNameLength;
952 ULONG EaSize;
953 CCHAR ShortNameLength;
954 WCHAR ShortName[12];
955 LARGE_INTEGER FileId;
956 WCHAR FileName[1];
957 } FILE_ID_BOTH_DIR_INFORMATION, *PFILE_ID_BOTH_DIR_INFORMATION;
958
959 typedef struct _FILE_EA_INFORMATION {
960 ULONG EaSize;
961 } FILE_EA_INFORMATION, *PFILE_EA_INFORMATION;
962
963 typedef struct _FILE_FS_ATTRIBUTE_INFORMATION {
964 ULONG FileSystemAttributes;
965 ULONG MaximumComponentNameLength;
966 ULONG FileSystemNameLength;
967 WCHAR FileSystemName[1];
968 } FILE_FS_ATTRIBUTE_INFORMATION, *PFILE_FS_ATTRIBUTE_INFORMATION;
969
970 typedef struct _FILE_FS_CONTROL_INFORMATION {
971 LARGE_INTEGER FreeSpaceStartFiltering;
972 LARGE_INTEGER FreeSpaceThreshold;
973 LARGE_INTEGER FreeSpaceStopFiltering;
974 LARGE_INTEGER DefaultQuotaThreshold;
975 LARGE_INTEGER DefaultQuotaLimit;
976 ULONG FileSystemControlFlags;
977 } FILE_FS_CONTROL_INFORMATION, *PFILE_FS_CONTROL_INFORMATION;
978
979 typedef struct _FILE_FS_FULL_SIZE_INFORMATION {
980 LARGE_INTEGER TotalAllocationUnits;
981 LARGE_INTEGER CallerAvailableAllocationUnits;
982 LARGE_INTEGER ActualAvailableAllocationUnits;
983 ULONG SectorsPerAllocationUnit;
984 ULONG BytesPerSector;
985 } FILE_FS_FULL_SIZE_INFORMATION, *PFILE_FS_FULL_SIZE_INFORMATION;
986
987 typedef struct _FILE_FS_LABEL_INFORMATION {
988 ULONG VolumeLabelLength;
989 WCHAR VolumeLabel[1];
990 } FILE_FS_LABEL_INFORMATION, *PFILE_FS_LABEL_INFORMATION;
991
992 #if (VER_PRODUCTBUILD >= 2195)
993
994 typedef struct _FILE_FS_OBJECT_ID_INFORMATION {
995 UCHAR ObjectId[16];
996 UCHAR ExtendedInfo[48];
997 } FILE_FS_OBJECT_ID_INFORMATION, *PFILE_FS_OBJECT_ID_INFORMATION;
998
999 #endif /* (VER_PRODUCTBUILD >= 2195) */
1000
1001 typedef struct _FILE_FS_SIZE_INFORMATION {
1002 LARGE_INTEGER TotalAllocationUnits;
1003 LARGE_INTEGER AvailableAllocationUnits;
1004 ULONG SectorsPerAllocationUnit;
1005 ULONG BytesPerSector;
1006 } FILE_FS_SIZE_INFORMATION, *PFILE_FS_SIZE_INFORMATION;
1007
1008 typedef struct _FILE_FS_VOLUME_INFORMATION {
1009 LARGE_INTEGER VolumeCreationTime;
1010 ULONG VolumeSerialNumber;
1011 ULONG VolumeLabelLength;
1012 BOOLEAN SupportsObjects;
1013 WCHAR VolumeLabel[1];
1014 } FILE_FS_VOLUME_INFORMATION, *PFILE_FS_VOLUME_INFORMATION;
1015
1016 typedef struct _FILE_FS_OBJECTID_INFORMATION
1017 {
1018 UCHAR ObjectId[16];
1019 UCHAR ExtendedInfo[48];
1020 } FILE_FS_OBJECTID_INFORMATION, *PFILE_FS_OBJECTID_INFORMATION;
1021
1022 typedef struct _FILE_FS_DRIVER_PATH_INFORMATION
1023 {
1024 BOOLEAN DriverInPath;
1025 ULONG DriverNameLength;
1026 WCHAR DriverName[1];
1027 } FILE_FS_DRIVER_PATH_INFORMATION, *PFILE_FS_DRIVER_PATH_INFORMATION;
1028
1029 typedef struct _FILE_FULL_DIR_INFORMATION {
1030 ULONG NextEntryOffset;
1031 ULONG FileIndex;
1032 LARGE_INTEGER CreationTime;
1033 LARGE_INTEGER LastAccessTime;
1034 LARGE_INTEGER LastWriteTime;
1035 LARGE_INTEGER ChangeTime;
1036 LARGE_INTEGER EndOfFile;
1037 LARGE_INTEGER AllocationSize;
1038 ULONG FileAttributes;
1039 ULONG FileNameLength;
1040 ULONG EaSize;
1041 WCHAR FileName[1];
1042 } FILE_FULL_DIR_INFORMATION, *PFILE_FULL_DIR_INFORMATION;
1043
1044 typedef struct _FILE_GET_EA_INFORMATION {
1045 ULONG NextEntryOffset;
1046 UCHAR EaNameLength;
1047 CHAR EaName[1];
1048 } FILE_GET_EA_INFORMATION, *PFILE_GET_EA_INFORMATION;
1049
1050 typedef struct _FILE_GET_QUOTA_INFORMATION {
1051 ULONG NextEntryOffset;
1052 ULONG SidLength;
1053 SID Sid;
1054 } FILE_GET_QUOTA_INFORMATION, *PFILE_GET_QUOTA_INFORMATION;
1055
1056 typedef struct _FILE_QUOTA_INFORMATION
1057 {
1058 ULONG NextEntryOffset;
1059 ULONG SidLength;
1060 LARGE_INTEGER ChangeTime;
1061 LARGE_INTEGER QuotaUsed;
1062 LARGE_INTEGER QuotaThreshold;
1063 LARGE_INTEGER QuotaLimit;
1064 SID Sid;
1065 } FILE_QUOTA_INFORMATION, *PFILE_QUOTA_INFORMATION;
1066
1067 typedef struct _FILE_INTERNAL_INFORMATION {
1068 LARGE_INTEGER IndexNumber;
1069 } FILE_INTERNAL_INFORMATION, *PFILE_INTERNAL_INFORMATION;
1070
1071 typedef struct _FILE_LINK_INFORMATION {
1072 BOOLEAN ReplaceIfExists;
1073 HANDLE RootDirectory;
1074 ULONG FileNameLength;
1075 WCHAR FileName[1];
1076 } FILE_LINK_INFORMATION, *PFILE_LINK_INFORMATION;
1077
1078 typedef struct _FILE_LOCK_INFO
1079 {
1080 LARGE_INTEGER StartingByte;
1081 LARGE_INTEGER Length;
1082 BOOLEAN ExclusiveLock;
1083 ULONG Key;
1084 PFILE_OBJECT FileObject;
1085 PVOID ProcessId;
1086 LARGE_INTEGER EndingByte;
1087 } FILE_LOCK_INFO, *PFILE_LOCK_INFO;
1088
1089 typedef struct _FILE_REPARSE_POINT_INFORMATION
1090 {
1091 LONGLONG FileReference;
1092 ULONG Tag;
1093 } FILE_REPARSE_POINT_INFORMATION, *PFILE_REPARSE_POINT_INFORMATION;
1094
1095 typedef struct _FILE_MOVE_CLUSTER_INFORMATION
1096 {
1097 ULONG ClusterCount;
1098 HANDLE RootDirectory;
1099 ULONG FileNameLength;
1100 WCHAR FileName[1];
1101 } FILE_MOVE_CLUSTER_INFORMATION, *PFILE_MOVE_CLUSTER_INFORMATION;
1102
1103 /* raw internal file lock struct returned from FsRtlGetNextFileLock */
1104 typedef struct _FILE_SHARED_LOCK_ENTRY {
1105 PVOID Unknown1;
1106 PVOID Unknown2;
1107 FILE_LOCK_INFO FileLock;
1108 } FILE_SHARED_LOCK_ENTRY, *PFILE_SHARED_LOCK_ENTRY;
1109
1110 /* raw internal file lock struct returned from FsRtlGetNextFileLock */
1111 typedef struct _FILE_EXCLUSIVE_LOCK_ENTRY {
1112 LIST_ENTRY ListEntry;
1113 PVOID Unknown1;
1114 PVOID Unknown2;
1115 FILE_LOCK_INFO FileLock;
1116 } FILE_EXCLUSIVE_LOCK_ENTRY, *PFILE_EXCLUSIVE_LOCK_ENTRY;
1117
1118 typedef NTSTATUS (NTAPI *PCOMPLETE_LOCK_IRP_ROUTINE) (
1119 IN PVOID Context,
1120 IN PIRP Irp
1121 );
1122
1123 typedef VOID (NTAPI *PUNLOCK_ROUTINE) (
1124 IN PVOID Context,
1125 IN PFILE_LOCK_INFO FileLockInfo
1126 );
1127
1128 typedef struct _FILE_LOCK {
1129 PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine;
1130 PUNLOCK_ROUTINE UnlockRoutine;
1131 BOOLEAN FastIoIsQuestionable;
1132 BOOLEAN Pad[3];
1133 PVOID LockInformation;
1134 FILE_LOCK_INFO LastReturnedLockInfo;
1135 PVOID LastReturnedLock;
1136 } FILE_LOCK, *PFILE_LOCK;
1137
1138 typedef struct _FILE_MAILSLOT_PEEK_BUFFER {
1139 ULONG ReadDataAvailable;
1140 ULONG NumberOfMessages;
1141 ULONG MessageLength;
1142 } FILE_MAILSLOT_PEEK_BUFFER, *PFILE_MAILSLOT_PEEK_BUFFER;
1143
1144 typedef struct _FILE_MAILSLOT_QUERY_INFORMATION {
1145 ULONG MaximumMessageSize;
1146 ULONG MailslotQuota;
1147 ULONG NextMessageSize;
1148 ULONG MessagesAvailable;
1149 LARGE_INTEGER ReadTimeout;
1150 } FILE_MAILSLOT_QUERY_INFORMATION, *PFILE_MAILSLOT_QUERY_INFORMATION;
1151
1152 typedef struct _FILE_MAILSLOT_SET_INFORMATION {
1153 PLARGE_INTEGER ReadTimeout;
1154 } FILE_MAILSLOT_SET_INFORMATION, *PFILE_MAILSLOT_SET_INFORMATION;
1155
1156 typedef struct _FILE_MODE_INFORMATION {
1157 ULONG Mode;
1158 } FILE_MODE_INFORMATION, *PFILE_MODE_INFORMATION;
1159
1160 typedef struct _FILE_ALL_INFORMATION {
1161 FILE_BASIC_INFORMATION BasicInformation;
1162 FILE_STANDARD_INFORMATION StandardInformation;
1163 FILE_INTERNAL_INFORMATION InternalInformation;
1164 FILE_EA_INFORMATION EaInformation;
1165 FILE_ACCESS_INFORMATION AccessInformation;
1166 FILE_POSITION_INFORMATION PositionInformation;
1167 FILE_MODE_INFORMATION ModeInformation;
1168 FILE_ALIGNMENT_INFORMATION AlignmentInformation;
1169 FILE_NAME_INFORMATION NameInformation;
1170 } FILE_ALL_INFORMATION, *PFILE_ALL_INFORMATION;
1171
1172 typedef struct _FILE_NAMES_INFORMATION {
1173 ULONG NextEntryOffset;
1174 ULONG FileIndex;
1175 ULONG FileNameLength;
1176 WCHAR FileName[1];
1177 } FILE_NAMES_INFORMATION, *PFILE_NAMES_INFORMATION;
1178
1179 typedef struct _FILE_OBJECTID_INFORMATION {
1180 LONGLONG FileReference;
1181 UCHAR ObjectId[16];
1182 _ANONYMOUS_UNION union {
1183 struct {
1184 UCHAR BirthVolumeId[16];
1185 UCHAR BirthObjectId[16];
1186 UCHAR DomainId[16];
1187 } ;
1188 UCHAR ExtendedInfo[48];
1189 } DUMMYUNIONNAME;
1190 } FILE_OBJECTID_INFORMATION, *PFILE_OBJECTID_INFORMATION;
1191
1192 typedef struct _FILE_OLE_CLASSID_INFORMATION {
1193 GUID ClassId;
1194 } FILE_OLE_CLASSID_INFORMATION, *PFILE_OLE_CLASSID_INFORMATION;
1195
1196 typedef struct _FILE_OLE_ALL_INFORMATION {
1197 FILE_BASIC_INFORMATION BasicInformation;
1198 FILE_STANDARD_INFORMATION StandardInformation;
1199 FILE_INTERNAL_INFORMATION InternalInformation;
1200 FILE_EA_INFORMATION EaInformation;
1201 FILE_ACCESS_INFORMATION AccessInformation;
1202 FILE_POSITION_INFORMATION PositionInformation;
1203 FILE_MODE_INFORMATION ModeInformation;
1204 FILE_ALIGNMENT_INFORMATION AlignmentInformation;
1205 USN LastChangeUsn;
1206 USN ReplicationUsn;
1207 LARGE_INTEGER SecurityChangeTime;
1208 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation;
1209 FILE_OBJECTID_INFORMATION ObjectIdInformation;
1210 FILE_STORAGE_TYPE StorageType;
1211 ULONG OleStateBits;
1212 ULONG OleId;
1213 ULONG NumberOfStreamReferences;
1214 ULONG StreamIndex;
1215 ULONG SecurityId;
1216 BOOLEAN ContentIndexDisable;
1217 BOOLEAN InheritContentIndexDisable;
1218 FILE_NAME_INFORMATION NameInformation;
1219 } FILE_OLE_ALL_INFORMATION, *PFILE_OLE_ALL_INFORMATION;
1220
1221 typedef struct _FILE_OLE_DIR_INFORMATION {
1222 ULONG NextEntryOffset;
1223 ULONG FileIndex;
1224 LARGE_INTEGER CreationTime;
1225 LARGE_INTEGER LastAccessTime;
1226 LARGE_INTEGER LastWriteTime;
1227 LARGE_INTEGER ChangeTime;
1228 LARGE_INTEGER EndOfFile;
1229 LARGE_INTEGER AllocationSize;
1230 ULONG FileAttributes;
1231 ULONG FileNameLength;
1232 FILE_STORAGE_TYPE StorageType;
1233 GUID OleClassId;
1234 ULONG OleStateBits;
1235 BOOLEAN ContentIndexDisable;
1236 BOOLEAN InheritContentIndexDisable;
1237 WCHAR FileName[1];
1238 } FILE_OLE_DIR_INFORMATION, *PFILE_OLE_DIR_INFORMATION;
1239
1240 typedef struct _FILE_OLE_INFORMATION {
1241 LARGE_INTEGER SecurityChangeTime;
1242 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation;
1243 FILE_OBJECTID_INFORMATION ObjectIdInformation;
1244 FILE_STORAGE_TYPE StorageType;
1245 ULONG OleStateBits;
1246 BOOLEAN ContentIndexDisable;
1247 BOOLEAN InheritContentIndexDisable;
1248 } FILE_OLE_INFORMATION, *PFILE_OLE_INFORMATION;
1249
1250 typedef struct _FILE_OLE_STATE_BITS_INFORMATION {
1251 ULONG StateBits;
1252 ULONG StateBitsMask;
1253 } FILE_OLE_STATE_BITS_INFORMATION, *PFILE_OLE_STATE_BITS_INFORMATION;
1254
1255 typedef struct _FILE_PIPE_ASSIGN_EVENT_BUFFER {
1256 HANDLE EventHandle;
1257 ULONG KeyValue;
1258 } FILE_PIPE_ASSIGN_EVENT_BUFFER, *PFILE_PIPE_ASSIGN_EVENT_BUFFER;
1259
1260 typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER {
1261 PVOID ClientSession;
1262 PVOID ClientProcess;
1263 } FILE_PIPE_CLIENT_PROCESS_BUFFER, *PFILE_PIPE_CLIENT_PROCESS_BUFFER;
1264
1265 typedef struct _FILE_PIPE_EVENT_BUFFER {
1266 ULONG NamedPipeState;
1267 ULONG EntryType;
1268 ULONG ByteCount;
1269 ULONG KeyValue;
1270 ULONG NumberRequests;
1271 } FILE_PIPE_EVENT_BUFFER, *PFILE_PIPE_EVENT_BUFFER;
1272
1273 typedef struct _FILE_PIPE_PEEK_BUFFER
1274 {
1275 ULONG NamedPipeState;
1276 ULONG ReadDataAvailable;
1277 ULONG NumberOfMessages;
1278 ULONG MessageLength;
1279 CHAR Data[1];
1280 } FILE_PIPE_PEEK_BUFFER, *PFILE_PIPE_PEEK_BUFFER;
1281
1282 typedef struct _FILE_PIPE_INFORMATION {
1283 ULONG ReadMode;
1284 ULONG CompletionMode;
1285 } FILE_PIPE_INFORMATION, *PFILE_PIPE_INFORMATION;
1286
1287 typedef struct _FILE_PIPE_LOCAL_INFORMATION {
1288 ULONG NamedPipeType;
1289 ULONG NamedPipeConfiguration;
1290 ULONG MaximumInstances;
1291 ULONG CurrentInstances;
1292 ULONG InboundQuota;
1293 ULONG ReadDataAvailable;
1294 ULONG OutboundQuota;
1295 ULONG WriteQuotaAvailable;
1296 ULONG NamedPipeState;
1297 ULONG NamedPipeEnd;
1298 } FILE_PIPE_LOCAL_INFORMATION, *PFILE_PIPE_LOCAL_INFORMATION;
1299
1300 typedef struct _FILE_PIPE_REMOTE_INFORMATION {
1301 LARGE_INTEGER CollectDataTime;
1302 ULONG MaximumCollectionCount;
1303 } FILE_PIPE_REMOTE_INFORMATION, *PFILE_PIPE_REMOTE_INFORMATION;
1304
1305 typedef struct _FILE_PIPE_WAIT_FOR_BUFFER {
1306 LARGE_INTEGER Timeout;
1307 ULONG NameLength;
1308 BOOLEAN TimeoutSpecified;
1309 WCHAR Name[1];
1310 } FILE_PIPE_WAIT_FOR_BUFFER, *PFILE_PIPE_WAIT_FOR_BUFFER;
1311
1312 typedef struct _FILE_RENAME_INFORMATION {
1313 BOOLEAN ReplaceIfExists;
1314 HANDLE RootDirectory;
1315 ULONG FileNameLength;
1316 WCHAR FileName[1];
1317 } FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION;
1318
1319 typedef struct _FILE_STREAM_INFORMATION {
1320 ULONG NextEntryOffset;
1321 ULONG StreamNameLength;
1322 LARGE_INTEGER StreamSize;
1323 LARGE_INTEGER StreamAllocationSize;
1324 WCHAR StreamName[1];
1325 } FILE_STREAM_INFORMATION, *PFILE_STREAM_INFORMATION;
1326
1327 typedef struct _FILE_TRACKING_INFORMATION {
1328 HANDLE DestinationFile;
1329 ULONG ObjectInformationLength;
1330 CHAR ObjectInformation[1];
1331 } FILE_TRACKING_INFORMATION, *PFILE_TRACKING_INFORMATION;
1332
1333 #if (VER_PRODUCTBUILD >= 2195)
1334 typedef struct _FILE_ZERO_DATA_INFORMATION {
1335 LARGE_INTEGER FileOffset;
1336 LARGE_INTEGER BeyondFinalZero;
1337 } FILE_ZERO_DATA_INFORMATION, *PFILE_ZERO_DATA_INFORMATION;
1338
1339 typedef struct FILE_ALLOCATED_RANGE_BUFFER {
1340 LARGE_INTEGER FileOffset;
1341 LARGE_INTEGER Length;
1342 } FILE_ALLOCATED_RANGE_BUFFER, *PFILE_ALLOCATED_RANGE_BUFFER;
1343 #endif /* (VER_PRODUCTBUILD >= 2195) */
1344
1345 #define FSRTL_FCB_HEADER_V0 (0x00)
1346 #define FSRTL_FCB_HEADER_V1 (0x01)
1347
1348
1349 typedef struct _FSRTL_COMMON_FCB_HEADER {
1350 CSHORT NodeTypeCode;
1351 CSHORT NodeByteSize;
1352 UCHAR Flags;
1353 UCHAR IsFastIoPossible;
1354 #if (VER_PRODUCTBUILD >= 1381)
1355 UCHAR Flags2;
1356 UCHAR Reserved;
1357 #endif /* (VER_PRODUCTBUILD >= 1381) */
1358 PERESOURCE Resource;
1359 PERESOURCE PagingIoResource;
1360 LARGE_INTEGER AllocationSize;
1361 LARGE_INTEGER FileSize;
1362 LARGE_INTEGER ValidDataLength;
1363 } FSRTL_COMMON_FCB_HEADER, *PFSRTL_COMMON_FCB_HEADER;
1364
1365 typedef enum _FSRTL_COMPARISON_RESULT
1366 {
1367 LessThan = -1,
1368 EqualTo = 0,
1369 GreaterThan = 1
1370 } FSRTL_COMPARISON_RESULT;
1371
1372 #if (VER_PRODUCTBUILD >= 2600)
1373
1374 typedef struct _FSRTL_ADVANCED_FCB_HEADER {
1375 CSHORT NodeTypeCode;
1376 CSHORT NodeByteSize;
1377 UCHAR Flags;
1378 UCHAR IsFastIoPossible;
1379 UCHAR Flags2;
1380 UCHAR Reserved: 4;
1381 UCHAR Version: 4;
1382 PERESOURCE Resource;
1383 PERESOURCE PagingIoResource;
1384 LARGE_INTEGER AllocationSize;
1385 LARGE_INTEGER FileSize;
1386 LARGE_INTEGER ValidDataLength;
1387 PFAST_MUTEX FastMutex;
1388 LIST_ENTRY FilterContexts;
1389 EX_PUSH_LOCK PushLock;
1390 PVOID *FileContextSupportPointer;
1391 } FSRTL_ADVANCED_FCB_HEADER, *PFSRTL_ADVANCED_FCB_HEADER;
1392
1393 typedef struct _FSRTL_PER_STREAM_CONTEXT {
1394 LIST_ENTRY Links;
1395 PVOID OwnerId;
1396 PVOID InstanceId;
1397 PFREE_FUNCTION FreeCallback;
1398 } FSRTL_PER_STREAM_CONTEXT, *PFSRTL_PER_STREAM_CONTEXT;
1399
1400 typedef struct _FSRTL_PER_FILEOBJECT_CONTEXT
1401 {
1402 LIST_ENTRY Links;
1403 PVOID OwnerId;
1404 PVOID InstanceId;
1405 } FSRTL_PER_FILEOBJECT_CONTEXT, *PFSRTL_PER_FILEOBJECT_CONTEXT;
1406
1407 #endif /* (VER_PRODUCTBUILD >= 2600) */
1408
1409 typedef struct _BASE_MCB
1410 {
1411 ULONG MaximumPairCount;
1412 ULONG PairCount;
1413 USHORT PoolType;
1414 USHORT Flags;
1415 PVOID Mapping;
1416 } BASE_MCB, *PBASE_MCB;
1417
1418 typedef struct _LARGE_MCB
1419 {
1420 PKGUARDED_MUTEX GuardedMutex;
1421 BASE_MCB BaseMcb;
1422 } LARGE_MCB, *PLARGE_MCB;
1423
1424 typedef struct _MCB
1425 {
1426 LARGE_MCB DummyFieldThatSizesThisStructureCorrectly;
1427 } MCB, *PMCB;
1428
1429 typedef struct _GENERATE_NAME_CONTEXT {
1430 USHORT Checksum;
1431 BOOLEAN CheckSumInserted;
1432 UCHAR NameLength;
1433 WCHAR NameBuffer[8];
1434 ULONG ExtensionLength;
1435 WCHAR ExtensionBuffer[4];
1436 ULONG LastIndexValue;
1437 } GENERATE_NAME_CONTEXT, *PGENERATE_NAME_CONTEXT;
1438
1439 typedef struct _MAPPING_PAIR {
1440 ULONGLONG Vcn;
1441 ULONGLONG Lcn;
1442 } MAPPING_PAIR, *PMAPPING_PAIR;
1443
1444 typedef struct _GET_RETRIEVAL_DESCRIPTOR {
1445 ULONG NumberOfPairs;
1446 ULONGLONG StartVcn;
1447 MAPPING_PAIR Pair[1];
1448 } GET_RETRIEVAL_DESCRIPTOR, *PGET_RETRIEVAL_DESCRIPTOR;
1449
1450 typedef struct _KQUEUE {
1451 DISPATCHER_HEADER Header;
1452 LIST_ENTRY EntryListHead;
1453 ULONG CurrentCount;
1454 ULONG MaximumCount;
1455 LIST_ENTRY ThreadListHead;
1456 } KQUEUE, *PKQUEUE, *RESTRICTED_POINTER PRKQUEUE;
1457
1458 #define ASSERT_QUEUE(Q) ASSERT(((Q)->Header.Type & KOBJECT_TYPE_MASK) == QueueObject);
1459
1460 typedef struct _MBCB {
1461 CSHORT NodeTypeCode;
1462 CSHORT NodeIsInZone;
1463 ULONG PagesToWrite;
1464 ULONG DirtyPages;
1465 ULONG Reserved;
1466 LIST_ENTRY BitmapRanges;
1467 LONGLONG ResumeWritePage;
1468 BITMAP_RANGE BitmapRange1;
1469 BITMAP_RANGE BitmapRange2;
1470 BITMAP_RANGE BitmapRange3;
1471 } MBCB, *PMBCB;
1472
1473 typedef struct _MOVEFILE_DESCRIPTOR {
1474 HANDLE FileHandle;
1475 ULONG Reserved;
1476 LARGE_INTEGER StartVcn;
1477 LARGE_INTEGER TargetLcn;
1478 ULONG NumVcns;
1479 ULONG Reserved1;
1480 } MOVEFILE_DESCRIPTOR, *PMOVEFILE_DESCRIPTOR;
1481
1482 typedef struct _OBJECT_BASIC_INFO {
1483 ULONG Attributes;
1484 ACCESS_MASK GrantedAccess;
1485 ULONG HandleCount;
1486 ULONG ReferenceCount;
1487 ULONG PagedPoolUsage;
1488 ULONG NonPagedPoolUsage;
1489 ULONG Reserved[3];
1490 ULONG NameInformationLength;
1491 ULONG TypeInformationLength;
1492 ULONG SecurityDescriptorLength;
1493 LARGE_INTEGER CreateTime;
1494 } OBJECT_BASIC_INFO, *POBJECT_BASIC_INFO;
1495
1496 typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFO {
1497 BOOLEAN Inherit;
1498 BOOLEAN ProtectFromClose;
1499 } OBJECT_HANDLE_ATTRIBUTE_INFO, *POBJECT_HANDLE_ATTRIBUTE_INFO;
1500
1501 typedef struct _OBJECT_NAME_INFO {
1502 UNICODE_STRING ObjectName;
1503 WCHAR ObjectNameBuffer[1];
1504 } OBJECT_NAME_INFO, *POBJECT_NAME_INFO;
1505
1506 typedef struct _OBJECT_PROTECTION_INFO {
1507 BOOLEAN Inherit;
1508 BOOLEAN ProtectHandle;
1509 } OBJECT_PROTECTION_INFO, *POBJECT_PROTECTION_INFO;
1510
1511 typedef struct _OBJECT_TYPE_INFO {
1512 UNICODE_STRING ObjectTypeName;
1513 UCHAR Unknown[0x58];
1514 WCHAR ObjectTypeNameBuffer[1];
1515 } OBJECT_TYPE_INFO, *POBJECT_TYPE_INFO;
1516
1517 typedef struct _OBJECT_ALL_TYPES_INFO {
1518 ULONG NumberOfObjectTypes;
1519 OBJECT_TYPE_INFO ObjectsTypeInfo[1];
1520 } OBJECT_ALL_TYPES_INFO, *POBJECT_ALL_TYPES_INFO;
1521
1522
1523 typedef struct _PATHNAME_BUFFER {
1524 ULONG PathNameLength;
1525 WCHAR Name[1];
1526 } PATHNAME_BUFFER, *PPATHNAME_BUFFER;
1527
1528 typedef enum _RTL_GENERIC_COMPARE_RESULTS
1529 {
1530 GenericLessThan,
1531 GenericGreaterThan,
1532 GenericEqual
1533 } RTL_GENERIC_COMPARE_RESULTS;
1534
1535 typedef enum _TABLE_SEARCH_RESULT
1536 {
1537 TableEmptyTree,
1538 TableFoundNode,
1539 TableInsertAsLeft,
1540 TableInsertAsRight
1541 } TABLE_SEARCH_RESULT;
1542
1543 typedef NTSTATUS
1544 (NTAPI *PRTL_AVL_MATCH_FUNCTION)(
1545 struct _RTL_AVL_TABLE *Table,
1546 PVOID UserData,
1547 PVOID MatchData
1548 );
1549
1550 typedef RTL_GENERIC_COMPARE_RESULTS
1551 (NTAPI *PRTL_AVL_COMPARE_ROUTINE) (
1552 struct _RTL_AVL_TABLE *Table,
1553 PVOID FirstStruct,
1554 PVOID SecondStruct
1555 );
1556
1557 typedef RTL_GENERIC_COMPARE_RESULTS
1558 (NTAPI *PRTL_GENERIC_COMPARE_ROUTINE) (
1559 struct _RTL_GENERIC_TABLE *Table,
1560 PVOID FirstStruct,
1561 PVOID SecondStruct
1562 );
1563
1564 typedef PVOID
1565 (NTAPI *PRTL_GENERIC_ALLOCATE_ROUTINE) (
1566 struct _RTL_GENERIC_TABLE *Table,
1567 CLONG ByteSize
1568 );
1569
1570 typedef VOID
1571 (NTAPI *PRTL_GENERIC_FREE_ROUTINE) (
1572 struct _RTL_GENERIC_TABLE *Table,
1573 PVOID Buffer
1574 );
1575
1576 typedef PVOID
1577 (NTAPI *PRTL_AVL_ALLOCATE_ROUTINE) (
1578 struct _RTL_AVL_TABLE *Table,
1579 CLONG ByteSize
1580 );
1581
1582 typedef VOID
1583 (NTAPI *PRTL_AVL_FREE_ROUTINE) (
1584 struct _RTL_AVL_TABLE *Table,
1585 PVOID Buffer
1586 );
1587
1588 typedef struct _PUBLIC_BCB {
1589 CSHORT NodeTypeCode;
1590 CSHORT NodeByteSize;
1591 ULONG MappedLength;
1592 LARGE_INTEGER MappedFileOffset;
1593 } PUBLIC_BCB, *PPUBLIC_BCB;
1594
1595 typedef struct _QUERY_PATH_REQUEST {
1596 ULONG PathNameLength;
1597 PIO_SECURITY_CONTEXT SecurityContext;
1598 WCHAR FilePathName[1];
1599 } QUERY_PATH_REQUEST, *PQUERY_PATH_REQUEST;
1600
1601 typedef struct _QUERY_PATH_RESPONSE {
1602 ULONG LengthAccepted;
1603 } QUERY_PATH_RESPONSE, *PQUERY_PATH_RESPONSE;
1604
1605 typedef struct _RETRIEVAL_POINTERS_BUFFER {
1606 ULONG ExtentCount;
1607 LARGE_INTEGER StartingVcn;
1608 struct {
1609 LARGE_INTEGER NextVcn;
1610 LARGE_INTEGER Lcn;
1611 } Extents[1];
1612 } RETRIEVAL_POINTERS_BUFFER, *PRETRIEVAL_POINTERS_BUFFER;
1613
1614 typedef struct _RTL_SPLAY_LINKS {
1615 struct _RTL_SPLAY_LINKS *Parent;
1616 struct _RTL_SPLAY_LINKS *LeftChild;
1617 struct _RTL_SPLAY_LINKS *RightChild;
1618 } RTL_SPLAY_LINKS, *PRTL_SPLAY_LINKS;
1619
1620 typedef struct _RTL_BALANCED_LINKS
1621 {
1622 struct _RTL_BALANCED_LINKS *Parent;
1623 struct _RTL_BALANCED_LINKS *LeftChild;
1624 struct _RTL_BALANCED_LINKS *RightChild;
1625 CHAR Balance;
1626 UCHAR Reserved[3];
1627 } RTL_BALANCED_LINKS, *PRTL_BALANCED_LINKS;
1628
1629 typedef struct _RTL_GENERIC_TABLE
1630 {
1631 PRTL_SPLAY_LINKS TableRoot;
1632 LIST_ENTRY InsertOrderList;
1633 PLIST_ENTRY OrderedPointer;
1634 ULONG WhichOrderedElement;
1635 ULONG NumberGenericTableElements;
1636 PRTL_GENERIC_COMPARE_ROUTINE CompareRoutine;
1637 PRTL_GENERIC_ALLOCATE_ROUTINE AllocateRoutine;
1638 PRTL_GENERIC_FREE_ROUTINE FreeRoutine;
1639 PVOID TableContext;
1640 } RTL_GENERIC_TABLE, *PRTL_GENERIC_TABLE;
1641
1642 #undef PRTL_GENERIC_COMPARE_ROUTINE
1643 #undef PRTL_GENERIC_ALLOCATE_ROUTINE
1644 #undef PRTL_GENERIC_FREE_ROUTINE
1645 #undef RTL_GENERIC_TABLE
1646 #undef PRTL_GENERIC_TABLE
1647
1648 #define PRTL_GENERIC_COMPARE_ROUTINE PRTL_AVL_COMPARE_ROUTINE
1649 #define PRTL_GENERIC_ALLOCATE_ROUTINE PRTL_AVL_ALLOCATE_ROUTINE
1650 #define PRTL_GENERIC_FREE_ROUTINE PRTL_AVL_FREE_ROUTINE
1651 #define RTL_GENERIC_TABLE RTL_AVL_TABLE
1652 #define PRTL_GENERIC_TABLE PRTL_AVL_TABLE
1653
1654 #define RtlInitializeGenericTable RtlInitializeGenericTableAvl
1655 #define RtlInsertElementGenericTable RtlInsertElementGenericTableAvl
1656 #define RtlInsertElementGenericTableFull RtlInsertElementGenericTableFullAvl
1657 #define RtlDeleteElementGenericTable RtlDeleteElementGenericTableAvl
1658 #define RtlLookupElementGenericTable RtlLookupElementGenericTableAvl
1659 #define RtlLookupElementGenericTableFull RtlLookupElementGenericTableFullAvl
1660 #define RtlEnumerateGenericTable RtlEnumerateGenericTableAvl
1661 #define RtlEnumerateGenericTableWithoutSplaying RtlEnumerateGenericTableWithoutSplayingAvl
1662 #define RtlGetElementGenericTable RtlGetElementGenericTableAvl
1663 #define RtlNumberGenericTableElements RtlNumberGenericTableElementsAvl
1664 #define RtlIsGenericTableEmpty RtlIsGenericTableEmptyAvl
1665
1666 typedef struct _RTL_AVL_TABLE
1667 {
1668 RTL_BALANCED_LINKS BalancedRoot;
1669 PVOID OrderedPointer;
1670 ULONG WhichOrderedElement;
1671 ULONG NumberGenericTableElements;
1672 ULONG DepthOfTree;
1673 PRTL_BALANCED_LINKS RestartKey;
1674 ULONG DeleteCount;
1675 PRTL_AVL_COMPARE_ROUTINE CompareRoutine;
1676 PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine;
1677 PRTL_AVL_FREE_ROUTINE FreeRoutine;
1678 PVOID TableContext;
1679 } RTL_AVL_TABLE, *PRTL_AVL_TABLE;
1680
1681 NTSYSAPI
1682 VOID
1683 NTAPI
1684 RtlInitializeGenericTableAvl(
1685 PRTL_AVL_TABLE Table,
1686 PRTL_AVL_COMPARE_ROUTINE CompareRoutine,
1687 PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine,
1688 PRTL_AVL_FREE_ROUTINE FreeRoutine,
1689 PVOID TableContext
1690 );
1691
1692 NTSYSAPI
1693 PVOID
1694 NTAPI
1695 RtlInsertElementGenericTableAvl (
1696 PRTL_AVL_TABLE Table,
1697 PVOID Buffer,
1698 CLONG BufferSize,
1699 PBOOLEAN NewElement OPTIONAL
1700 );
1701
1702 NTSYSAPI
1703 BOOLEAN
1704 NTAPI
1705 RtlDeleteElementGenericTableAvl (
1706 PRTL_AVL_TABLE Table,
1707 PVOID Buffer
1708 );
1709
1710 NTSYSAPI
1711 PVOID
1712 NTAPI
1713 RtlLookupElementGenericTableAvl (
1714 PRTL_AVL_TABLE Table,
1715 PVOID Buffer
1716 );
1717
1718 NTSYSAPI
1719 PVOID
1720 NTAPI
1721 RtlEnumerateGenericTableWithoutSplayingAvl (
1722 PRTL_AVL_TABLE Table,
1723 PVOID *RestartKey
1724 );
1725
1726 #if defined(USE_LPC6432)
1727 #define LPC_CLIENT_ID CLIENT_ID64
1728 #define LPC_SIZE_T ULONGLONG
1729 #define LPC_PVOID ULONGLONG
1730 #define LPC_HANDLE ULONGLONG
1731 #else
1732 #define LPC_CLIENT_ID CLIENT_ID
1733 #define LPC_SIZE_T SIZE_T
1734 #define LPC_PVOID PVOID
1735 #define LPC_HANDLE HANDLE
1736 #endif
1737
1738 typedef struct _PORT_MESSAGE
1739 {
1740 union
1741 {
1742 struct
1743 {
1744 CSHORT DataLength;
1745 CSHORT TotalLength;
1746 } s1;
1747 ULONG Length;
1748 } u1;
1749 union
1750 {
1751 struct
1752 {
1753 CSHORT Type;
1754 CSHORT DataInfoOffset;
1755 } s2;
1756 ULONG ZeroInit;
1757 } u2;
1758 union
1759 {
1760 LPC_CLIENT_ID ClientId;
1761 double DoNotUseThisField;
1762 };
1763 ULONG MessageId;
1764 union
1765 {
1766 LPC_SIZE_T ClientViewSize;
1767 ULONG CallbackId;
1768 };
1769 } PORT_MESSAGE, *PPORT_MESSAGE;
1770
1771 #define LPC_KERNELMODE_MESSAGE (CSHORT)((USHORT)0x8000)
1772
1773 typedef struct _PORT_VIEW
1774 {
1775 ULONG Length;
1776 LPC_HANDLE SectionHandle;
1777 ULONG SectionOffset;
1778 LPC_SIZE_T ViewSize;
1779 LPC_PVOID ViewBase;
1780 LPC_PVOID ViewRemoteBase;
1781 } PORT_VIEW, *PPORT_VIEW;
1782
1783 typedef struct _REMOTE_PORT_VIEW
1784 {
1785 ULONG Length;
1786 LPC_SIZE_T ViewSize;
1787 LPC_PVOID ViewBase;
1788 } REMOTE_PORT_VIEW, *PREMOTE_PORT_VIEW;
1789
1790 typedef struct _SE_EXPORTS {
1791
1792 LUID SeCreateTokenPrivilege;
1793 LUID SeAssignPrimaryTokenPrivilege;
1794 LUID SeLockMemoryPrivilege;
1795 LUID SeIncreaseQuotaPrivilege;
1796 LUID SeUnsolicitedInputPrivilege;
1797 LUID SeTcbPrivilege;
1798 LUID SeSecurityPrivilege;
1799 LUID SeTakeOwnershipPrivilege;
1800 LUID SeLoadDriverPrivilege;
1801 LUID SeCreatePagefilePrivilege;
1802 LUID SeIncreaseBasePriorityPrivilege;
1803 LUID SeSystemProfilePrivilege;
1804 LUID SeSystemtimePrivilege;
1805 LUID SeProfileSingleProcessPrivilege;
1806 LUID SeCreatePermanentPrivilege;
1807 LUID SeBackupPrivilege;
1808 LUID SeRestorePrivilege;
1809 LUID SeShutdownPrivilege;
1810 LUID SeDebugPrivilege;
1811 LUID SeAuditPrivilege;
1812 LUID SeSystemEnvironmentPrivilege;
1813 LUID SeChangeNotifyPrivilege;
1814 LUID SeRemoteShutdownPrivilege;
1815
1816 PSID SeNullSid;
1817 PSID SeWorldSid;
1818 PSID SeLocalSid;
1819 PSID SeCreatorOwnerSid;
1820 PSID SeCreatorGroupSid;
1821
1822 PSID SeNtAuthoritySid;
1823 PSID SeDialupSid;
1824 PSID SeNetworkSid;
1825 PSID SeBatchSid;
1826 PSID SeInteractiveSid;
1827 PSID SeLocalSystemSid;
1828 PSID SeAliasAdminsSid;
1829 PSID SeAliasUsersSid;
1830 PSID SeAliasGuestsSid;
1831 PSID SeAliasPowerUsersSid;
1832 PSID SeAliasAccountOpsSid;
1833 PSID SeAliasSystemOpsSid;
1834 PSID SeAliasPrintOpsSid;
1835 PSID SeAliasBackupOpsSid;
1836
1837 PSID SeAuthenticatedUsersSid;
1838
1839 PSID SeRestrictedSid;
1840 PSID SeAnonymousLogonSid;
1841
1842 LUID SeUndockPrivilege;
1843 LUID SeSyncAgentPrivilege;
1844 LUID SeEnableDelegationPrivilege;
1845
1846 } SE_EXPORTS, *PSE_EXPORTS;
1847
1848 typedef struct
1849 {
1850 LARGE_INTEGER StartingLcn;
1851 } STARTING_LCN_INPUT_BUFFER, *PSTARTING_LCN_INPUT_BUFFER;
1852
1853 typedef struct _STARTING_VCN_INPUT_BUFFER {
1854 LARGE_INTEGER StartingVcn;
1855 } STARTING_VCN_INPUT_BUFFER, *PSTARTING_VCN_INPUT_BUFFER;
1856
1857 typedef struct _SECURITY_CLIENT_CONTEXT {
1858 SECURITY_QUALITY_OF_SERVICE SecurityQos;
1859 PACCESS_TOKEN ClientToken;
1860 BOOLEAN DirectlyAccessClientToken;
1861 BOOLEAN DirectAccessEffectiveOnly;
1862 BOOLEAN ServerIsRemote;
1863 TOKEN_CONTROL ClientTokenControl;
1864 } SECURITY_CLIENT_CONTEXT, *PSECURITY_CLIENT_CONTEXT;
1865
1866 typedef struct _ACE_HEADER
1867 {
1868 UCHAR AceType;
1869 UCHAR AceFlags;
1870 USHORT AceSize;
1871 } ACE_HEADER, *PACE_HEADER;
1872
1873 typedef struct _ACCESS_ALLOWED_ACE
1874 {
1875 ACE_HEADER Header;
1876 ACCESS_MASK Mask;
1877 ULONG SidStart;
1878 } ACCESS_ALLOWED_ACE, *PACCESS_ALLOWED_ACE;
1879
1880 typedef struct _ACCESS_DENIED_ACE
1881 {
1882 ACE_HEADER Header;
1883 ACCESS_MASK Mask;
1884 ULONG SidStart;
1885 } ACCESS_DENIED_ACE, *PACCESS_DENIED_ACE;
1886
1887 typedef struct _SYSTEM_AUDIT_ACE
1888 {
1889 ACE_HEADER Header;
1890 ACCESS_MASK Mask;
1891 ULONG SidStart;
1892 } SYSTEM_AUDIT_ACE, *PSYSTEM_AUDIT_ACE;
1893
1894 typedef struct _SYSTEM_ALARM_ACE
1895 {
1896 ACE_HEADER Header;
1897 ACCESS_MASK Mask;
1898 ULONG SidStart;
1899 } SYSTEM_ALARM_ACE, *PSYSTEM_ALARM_ACE;
1900
1901 typedef struct _SYSTEM_MANDATORY_LABEL_ACE
1902 {
1903 ACE_HEADER Header;
1904 ACCESS_MASK Mask;
1905 ULONG SidStart;
1906 } SYSTEM_MANDATORY_LABEL_ACE, *PSYSTEM_MANDATORY_LABEL_ACE;
1907
1908 typedef struct _TUNNEL {
1909 FAST_MUTEX Mutex;
1910 PRTL_SPLAY_LINKS Cache;
1911 LIST_ENTRY TimerQueue;
1912 USHORT NumEntries;
1913 } TUNNEL, *PTUNNEL;
1914
1915 typedef struct _VAD_HEADER {
1916 PVOID StartVPN;
1917 PVOID EndVPN;
1918 PVAD_HEADER ParentLink;
1919 PVAD_HEADER LeftLink;
1920 PVAD_HEADER RightLink;
1921 ULONG Flags; /* LSB = CommitCharge */
1922 PVOID ControlArea;
1923 PVOID FirstProtoPte;
1924 PVOID LastPTE;
1925 ULONG Unknown;
1926 LIST_ENTRY Secured;
1927 } VAD_HEADER, *PVAD_HEADER;
1928
1929 typedef struct
1930 {
1931 LARGE_INTEGER StartingLcn;
1932 LARGE_INTEGER BitmapSize;
1933 UCHAR Buffer[1];
1934 } VOLUME_BITMAP_BUFFER, *PVOLUME_BITMAP_BUFFER;
1935
1936 #if (VER_PRODUCTBUILD >= 2600)
1937
1938 typedef BOOLEAN
1939 (NTAPI *PFILTER_REPORT_CHANGE) (
1940 IN PVOID NotifyContext,
1941 IN PVOID FilterContext
1942 );
1943
1944 typedef enum _FS_FILTER_SECTION_SYNC_TYPE {
1945 SyncTypeOther = 0,
1946 SyncTypeCreateSection
1947 } FS_FILTER_SECTION_SYNC_TYPE, *PFS_FILTER_SECTION_SYNC_TYPE;
1948
1949 typedef enum _FS_FILTER_STREAM_FO_NOTIFICATION_TYPE {
1950 NotifyTypeCreate = 0,
1951 NotifyTypeRetired
1952 } FS_FILTER_STREAM_FO_NOTIFICATION_TYPE, *PFS_FILTER_STREAM_FO_NOTIFICATION_TYPE;
1953
1954 typedef union _FS_FILTER_PARAMETERS {
1955 struct {
1956 PLARGE_INTEGER EndingOffset;
1957 PERESOURCE *ResourceToRelease;
1958 } AcquireForModifiedPageWriter;
1959
1960 struct {
1961 PERESOURCE ResourceToRelease;
1962 } ReleaseForModifiedPageWriter;
1963
1964 struct {
1965 FS_FILTER_SECTION_SYNC_TYPE SyncType;
1966 ULONG PageProtection;
1967 } AcquireForSectionSynchronization;
1968
1969 struct {
1970 FS_FILTER_STREAM_FO_NOTIFICATION_TYPE NotificationType;
1971 BOOLEAN POINTER_ALIGNMENT SafeToRecurse;
1972 } NotifyStreamFileObject;
1973
1974 struct {
1975 PVOID Argument1;
1976 PVOID Argument2;
1977 PVOID Argument3;
1978 PVOID Argument4;
1979 PVOID Argument5;
1980 } Others;
1981 } FS_FILTER_PARAMETERS, *PFS_FILTER_PARAMETERS;
1982
1983 typedef struct _FS_FILTER_CALLBACK_DATA {
1984 ULONG SizeOfFsFilterCallbackData;
1985 UCHAR Operation;
1986 UCHAR Reserved;
1987 struct _DEVICE_OBJECT *DeviceObject;
1988 struct _FILE_OBJECT *FileObject;
1989 FS_FILTER_PARAMETERS Parameters;
1990 } FS_FILTER_CALLBACK_DATA, *PFS_FILTER_CALLBACK_DATA;
1991
1992 typedef NTSTATUS
1993 (NTAPI *PFS_FILTER_CALLBACK) (
1994 IN PFS_FILTER_CALLBACK_DATA Data,
1995 OUT PVOID *CompletionContext
1996 );
1997
1998 typedef VOID
1999 (NTAPI *PFS_FILTER_COMPLETION_CALLBACK) (
2000 IN PFS_FILTER_CALLBACK_DATA Data,
2001 IN NTSTATUS OperationStatus,
2002 IN PVOID CompletionContext
2003 );
2004
2005 typedef struct _FS_FILTER_CALLBACKS {
2006 ULONG SizeOfFsFilterCallbacks;
2007 ULONG Reserved;
2008 PFS_FILTER_CALLBACK PreAcquireForSectionSynchronization;
2009 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForSectionSynchronization;
2010 PFS_FILTER_CALLBACK PreReleaseForSectionSynchronization;
2011 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForSectionSynchronization;
2012 PFS_FILTER_CALLBACK PreAcquireForCcFlush;
2013 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForCcFlush;
2014 PFS_FILTER_CALLBACK PreReleaseForCcFlush;
2015 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForCcFlush;
2016 PFS_FILTER_CALLBACK PreAcquireForModifiedPageWriter;
2017 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForModifiedPageWriter;
2018 PFS_FILTER_CALLBACK PreReleaseForModifiedPageWriter;
2019 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForModifiedPageWriter;
2020 } FS_FILTER_CALLBACKS, *PFS_FILTER_CALLBACKS;
2021
2022 typedef struct _READ_LIST {
2023 PFILE_OBJECT FileObject;
2024 ULONG NumberOfEntries;
2025 LOGICAL IsImage;
2026 FILE_SEGMENT_ELEMENT List[ANYSIZE_ARRAY];
2027 } READ_LIST, *PREAD_LIST;
2028
2029 #endif
2030
2031 typedef NTSTATUS
2032 (NTAPI * PRTL_HEAP_COMMIT_ROUTINE) (
2033 IN PVOID Base,
2034 IN OUT PVOID *CommitAddress,
2035 IN OUT PSIZE_T CommitSize
2036 );
2037
2038 typedef struct _RTL_HEAP_PARAMETERS {
2039 ULONG Length;
2040 SIZE_T SegmentReserve;
2041 SIZE_T SegmentCommit;
2042 SIZE_T DeCommitFreeBlockThreshold;
2043 SIZE_T DeCommitTotalFreeThreshold;
2044 SIZE_T MaximumAllocationSize;
2045 SIZE_T VirtualMemoryThreshold;
2046 SIZE_T InitialCommit;
2047 SIZE_T InitialReserve;
2048 PRTL_HEAP_COMMIT_ROUTINE CommitRoutine;
2049 SIZE_T Reserved[2];
2050 } RTL_HEAP_PARAMETERS, *PRTL_HEAP_PARAMETERS;
2051
2052 NTKERNELAPI
2053 BOOLEAN
2054 NTAPI
2055 CcCanIWrite (
2056 IN PFILE_OBJECT FileObject,
2057 IN ULONG BytesToWrite,
2058 IN BOOLEAN Wait,
2059 IN BOOLEAN Retrying
2060 );
2061
2062 NTKERNELAPI
2063 BOOLEAN
2064 NTAPI
2065 CcCopyRead (
2066 IN PFILE_OBJECT FileObject,
2067 IN PLARGE_INTEGER FileOffset,
2068 IN ULONG Length,
2069 IN BOOLEAN Wait,
2070 OUT PVOID Buffer,
2071 OUT PIO_STATUS_BLOCK IoStatus
2072 );
2073
2074 NTKERNELAPI
2075 BOOLEAN
2076 NTAPI
2077 CcCopyWrite (
2078 IN PFILE_OBJECT FileObject,
2079 IN PLARGE_INTEGER FileOffset,
2080 IN ULONG Length,
2081 IN BOOLEAN Wait,
2082 IN PVOID Buffer
2083 );
2084
2085 #define CcCopyWriteWontFlush(FO, FOFF, LEN) ((LEN) <= 0x10000)
2086
2087 typedef VOID (NTAPI *PCC_POST_DEFERRED_WRITE) (
2088 IN PVOID Context1,
2089 IN PVOID Context2
2090 );
2091
2092 NTKERNELAPI
2093 VOID
2094 NTAPI
2095 CcDeferWrite (
2096 IN PFILE_OBJECT FileObject,
2097 IN PCC_POST_DEFERRED_WRITE PostRoutine,
2098 IN PVOID Context1,
2099 IN PVOID Context2,
2100 IN ULONG BytesToWrite,
2101 IN BOOLEAN Retrying
2102 );
2103
2104 NTKERNELAPI
2105 VOID
2106 NTAPI
2107 CcFastCopyRead (
2108 IN PFILE_OBJECT FileObject,
2109 IN ULONG FileOffset,
2110 IN ULONG Length,
2111 IN ULONG PageCount,
2112 OUT PVOID Buffer,
2113 OUT PIO_STATUS_BLOCK IoStatus
2114 );
2115
2116 NTKERNELAPI
2117 VOID
2118 NTAPI
2119 CcFastCopyWrite (
2120 IN PFILE_OBJECT FileObject,
2121 IN ULONG FileOffset,
2122 IN ULONG Length,
2123 IN PVOID Buffer
2124 );
2125
2126 NTKERNELAPI
2127 VOID
2128 NTAPI
2129 CcFlushCache (
2130 IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
2131 IN PLARGE_INTEGER FileOffset OPTIONAL,
2132 IN ULONG Length,
2133 OUT PIO_STATUS_BLOCK IoStatus OPTIONAL
2134 );
2135
2136 typedef VOID (*PDIRTY_PAGE_ROUTINE) (
2137 IN PFILE_OBJECT FileObject,
2138 IN PLARGE_INTEGER FileOffset,
2139 IN ULONG Length,
2140 IN PLARGE_INTEGER OldestLsn,
2141 IN PLARGE_INTEGER NewestLsn,
2142 IN PVOID Context1,
2143 IN PVOID Context2
2144 );
2145
2146 NTKERNELAPI
2147 LARGE_INTEGER
2148 NTAPI
2149 CcGetDirtyPages (
2150 IN PVOID LogHandle,
2151 IN PDIRTY_PAGE_ROUTINE DirtyPageRoutine,
2152 IN PVOID Context1,
2153 IN PVOID Context2
2154 );
2155
2156 NTKERNELAPI
2157 PFILE_OBJECT
2158 NTAPI
2159 CcGetFileObjectFromBcb (
2160 IN PVOID Bcb
2161 );
2162
2163 NTKERNELAPI
2164 PFILE_OBJECT
2165 NTAPI
2166 CcGetFileObjectFromSectionPtrs (
2167 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
2168 );
2169
2170 #define CcGetFileSizePointer(FO) ( \
2171 ((PLARGE_INTEGER)((FO)->SectionObjectPointer->SharedCacheMap) + 1) \
2172 )
2173
2174 #if (VER_PRODUCTBUILD >= 2195)
2175
2176 NTKERNELAPI
2177 LARGE_INTEGER
2178 NTAPI
2179 CcGetFlushedValidData (
2180 IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
2181 IN BOOLEAN BcbListHeld
2182 );
2183
2184 #endif /* (VER_PRODUCTBUILD >= 2195) */
2185
2186 NTKERNELAPI
2187 LARGE_INTEGER
2188 NTAPI
2189 CcGetLsnForFileObject (
2190 IN PFILE_OBJECT FileObject,
2191 OUT PLARGE_INTEGER OldestLsn OPTIONAL
2192 );
2193
2194 typedef BOOLEAN (NTAPI *PACQUIRE_FOR_LAZY_WRITE) (
2195 IN PVOID Context,
2196 IN BOOLEAN Wait
2197 );
2198
2199 typedef VOID (NTAPI *PRELEASE_FROM_LAZY_WRITE) (
2200 IN PVOID Context
2201 );
2202
2203 typedef BOOLEAN (NTAPI *PACQUIRE_FOR_READ_AHEAD) (
2204 IN PVOID Context,
2205 IN BOOLEAN Wait
2206 );
2207
2208 typedef VOID (NTAPI *PRELEASE_FROM_READ_AHEAD) (
2209 IN PVOID Context
2210 );
2211
2212 typedef struct _CACHE_MANAGER_CALLBACKS {
2213 PACQUIRE_FOR_LAZY_WRITE AcquireForLazyWrite;
2214 PRELEASE_FROM_LAZY_WRITE ReleaseFromLazyWrite;
2215 PACQUIRE_FOR_READ_AHEAD AcquireForReadAhead;
2216 PRELEASE_FROM_READ_AHEAD ReleaseFromReadAhead;
2217 } CACHE_MANAGER_CALLBACKS, *PCACHE_MANAGER_CALLBACKS;
2218
2219 NTKERNELAPI
2220 VOID
2221 NTAPI
2222 CcInitializeCacheMap (
2223 IN PFILE_OBJECT FileObject,
2224 IN PCC_FILE_SIZES FileSizes,
2225 IN BOOLEAN PinAccess,
2226 IN PCACHE_MANAGER_CALLBACKS Callbacks,
2227 IN PVOID LazyWriteContext
2228 );
2229
2230 #define CcIsFileCached(FO) ( \
2231 ((FO)->SectionObjectPointer != NULL) && \
2232 (((PSECTION_OBJECT_POINTERS)(FO)->SectionObjectPointer)->SharedCacheMap != NULL) \
2233 )
2234
2235 extern ULONG CcFastMdlReadWait;
2236
2237 NTKERNELAPI
2238 BOOLEAN
2239 NTAPI
2240 CcIsThereDirtyData (
2241 IN PVPB Vpb
2242 );
2243
2244 NTKERNELAPI
2245 BOOLEAN
2246 NTAPI
2247 CcMapData (
2248 IN PFILE_OBJECT FileObject,
2249 IN PLARGE_INTEGER FileOffset,
2250 IN ULONG Length,
2251 IN ULONG Flags,
2252 OUT PVOID *Bcb,
2253 OUT PVOID *Buffer
2254 );
2255
2256 NTKERNELAPI
2257 VOID
2258 NTAPI
2259 CcMdlRead (
2260 IN PFILE_OBJECT FileObject,
2261 IN PLARGE_INTEGER FileOffset,
2262 IN ULONG Length,
2263 OUT PMDL *MdlChain,
2264 OUT PIO_STATUS_BLOCK IoStatus
2265 );
2266
2267 NTKERNELAPI
2268 VOID
2269 NTAPI
2270 CcMdlReadComplete (
2271 IN PFILE_OBJECT FileObject,
2272 IN PMDL MdlChain
2273 );
2274
2275 NTKERNELAPI
2276 VOID
2277 NTAPI
2278 CcMdlWriteComplete (
2279 IN PFILE_OBJECT FileObject,
2280 IN PLARGE_INTEGER FileOffset,
2281 IN PMDL MdlChain
2282 );
2283
2284 #define MAP_WAIT 1
2285
2286 NTKERNELAPI
2287 BOOLEAN
2288 NTAPI
2289 CcPinMappedData (
2290 IN PFILE_OBJECT FileObject,
2291 IN PLARGE_INTEGER FileOffset,
2292 IN ULONG Length,
2293 IN ULONG Flags,
2294 IN OUT PVOID *Bcb
2295 );
2296
2297 NTKERNELAPI
2298 BOOLEAN
2299 NTAPI
2300 CcPinRead (
2301 IN PFILE_OBJECT FileObject,
2302 IN PLARGE_INTEGER FileOffset,
2303 IN ULONG Length,
2304 IN ULONG Flags,
2305 OUT PVOID *Bcb,
2306 OUT PVOID *Buffer
2307 );
2308
2309 NTKERNELAPI
2310 VOID
2311 NTAPI
2312 CcPrepareMdlWrite (
2313 IN PFILE_OBJECT FileObject,
2314 IN PLARGE_INTEGER FileOffset,
2315 IN ULONG Length,
2316 OUT PMDL *MdlChain,
2317 OUT PIO_STATUS_BLOCK IoStatus
2318 );
2319
2320 NTKERNELAPI
2321 BOOLEAN
2322 NTAPI
2323 CcPreparePinWrite (
2324 IN PFILE_OBJECT FileObject,
2325 IN PLARGE_INTEGER FileOffset,
2326 IN ULONG Length,
2327 IN BOOLEAN Zero,
2328 IN ULONG Flags,
2329 OUT PVOID *Bcb,
2330 OUT PVOID *Buffer
2331 );
2332
2333 NTKERNELAPI
2334 BOOLEAN
2335 NTAPI
2336 CcPurgeCacheSection (
2337 IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
2338 IN PLARGE_INTEGER FileOffset OPTIONAL,
2339 IN ULONG Length,
2340 IN BOOLEAN UninitializeCacheMaps
2341 );
2342
2343 #define CcReadAhead(FO, FOFF, LEN) ( \
2344 if ((LEN) >= 256) { \
2345 CcScheduleReadAhead((FO), (FOFF), (LEN)); \
2346 } \
2347 )
2348
2349 #if (VER_PRODUCTBUILD >= 2195)
2350
2351 NTKERNELAPI
2352 PVOID
2353 NTAPI
2354 CcRemapBcb (
2355 IN PVOID Bcb
2356 );
2357
2358 #endif /* (VER_PRODUCTBUILD >= 2195) */
2359
2360 NTKERNELAPI
2361 VOID
2362 NTAPI
2363 CcRepinBcb (
2364 IN PVOID Bcb
2365 );
2366
2367 NTKERNELAPI
2368 VOID
2369 NTAPI
2370 CcScheduleReadAhead (
2371 IN PFILE_OBJECT FileObject,
2372 IN PLARGE_INTEGER FileOffset,
2373 IN ULONG Length
2374 );
2375
2376 NTKERNELAPI
2377 VOID
2378 NTAPI
2379 CcSetAdditionalCacheAttributes (
2380 IN PFILE_OBJECT FileObject,
2381 IN BOOLEAN DisableReadAhead,
2382 IN BOOLEAN DisableWriteBehind
2383 );
2384
2385 NTKERNELAPI
2386 VOID
2387 NTAPI
2388 CcSetBcbOwnerPointer (
2389 IN PVOID Bcb,
2390 IN PVOID OwnerPointer
2391 );
2392
2393 NTKERNELAPI
2394 VOID
2395 NTAPI
2396 CcSetDirtyPageThreshold (
2397 IN PFILE_OBJECT FileObject,
2398 IN ULONG DirtyPageThreshold
2399 );
2400
2401 NTKERNELAPI
2402 VOID
2403 NTAPI
2404 CcSetDirtyPinnedData (
2405 IN PVOID BcbVoid,
2406 IN PLARGE_INTEGER Lsn OPTIONAL
2407 );
2408
2409 NTKERNELAPI
2410 VOID
2411 NTAPI
2412 CcSetFileSizes (
2413 IN PFILE_OBJECT FileObject,
2414 IN PCC_FILE_SIZES FileSizes
2415 );
2416
2417 typedef VOID (NTAPI *PFLUSH_TO_LSN) (
2418 IN PVOID LogHandle,
2419 IN LARGE_INTEGER Lsn
2420 );
2421
2422 NTKERNELAPI
2423 VOID
2424 NTAPI
2425 CcSetLogHandleForFile (
2426 IN PFILE_OBJECT FileObject,
2427 IN PVOID LogHandle,
2428 IN PFLUSH_TO_LSN FlushToLsnRoutine
2429 );
2430
2431 NTKERNELAPI
2432 VOID
2433 NTAPI
2434 CcSetReadAheadGranularity (
2435 IN PFILE_OBJECT FileObject,
2436 IN ULONG Granularity /* default: PAGE_SIZE */
2437 /* allowed: 2^n * PAGE_SIZE */
2438 );
2439
2440 NTKERNELAPI
2441 BOOLEAN
2442 NTAPI
2443 CcUninitializeCacheMap (
2444 IN PFILE_OBJECT FileObject,
2445 IN PLARGE_INTEGER TruncateSize OPTIONAL,
2446 IN PCACHE_UNINITIALIZE_EVENT UninitializeCompleteEvent OPTIONAL
2447 );
2448
2449 NTKERNELAPI
2450 VOID
2451 NTAPI
2452 CcUnpinData (
2453 IN PVOID Bcb
2454 );
2455
2456 NTKERNELAPI
2457 VOID
2458 NTAPI
2459 CcUnpinDataForThread (
2460 IN PVOID Bcb,
2461 IN ERESOURCE_THREAD ResourceThreadId
2462 );
2463
2464 NTKERNELAPI
2465 VOID
2466 NTAPI
2467 CcUnpinRepinnedBcb (
2468 IN PVOID Bcb,
2469 IN BOOLEAN WriteThrough,
2470 OUT PIO_STATUS_BLOCK IoStatus
2471 );
2472
2473 #if (VER_PRODUCTBUILD >= 2195)
2474
2475 NTKERNELAPI
2476 NTSTATUS
2477 NTAPI
2478 CcWaitForCurrentLazyWriterActivity (
2479 VOID
2480 );
2481
2482 #endif /* (VER_PRODUCTBUILD >= 2195) */
2483
2484 NTKERNELAPI
2485 BOOLEAN
2486 NTAPI
2487 CcZeroData (
2488 IN PFILE_OBJECT FileObject,
2489 IN PLARGE_INTEGER StartOffset,
2490 IN PLARGE_INTEGER EndOffset,
2491 IN BOOLEAN Wait
2492 );
2493
2494 NTKERNELAPI
2495 VOID
2496 NTAPI
2497 ExDisableResourceBoostLite (
2498 IN PERESOURCE Resource
2499 );
2500
2501 NTKERNELAPI
2502 SIZE_T
2503 NTAPI
2504 ExQueryPoolBlockSize (
2505 IN PVOID PoolBlock,
2506 OUT PBOOLEAN QuotaCharged
2507 );
2508
2509 #if (VER_PRODUCTBUILD >= 2600)
2510
2511 #ifndef __NTOSKRNL__
2512 NTKERNELAPI
2513 VOID
2514 FASTCALL
2515 ExInitializeRundownProtection (
2516 IN PEX_RUNDOWN_REF RunRef
2517 );
2518
2519 NTKERNELAPI
2520 VOID
2521 FASTCALL
2522 ExReInitializeRundownProtection (
2523 IN PEX_RUNDOWN_REF RunRef
2524 );
2525
2526 NTKERNELAPI
2527 BOOLEAN
2528 FASTCALL
2529 ExAcquireRundownProtection (
2530 IN PEX_RUNDOWN_REF RunRef
2531 );
2532
2533 NTKERNELAPI
2534 BOOLEAN
2535 FASTCALL
2536 ExAcquireRundownProtectionEx (
2537 IN PEX_RUNDOWN_REF RunRef,
2538 IN ULONG Count
2539 );
2540
2541 NTKERNELAPI
2542 VOID
2543 FASTCALL
2544 ExReleaseRundownProtection (
2545 IN PEX_RUNDOWN_REF RunRef
2546 );
2547
2548 NTKERNELAPI
2549 VOID
2550 FASTCALL
2551 ExReleaseRundownProtectionEx (
2552 IN PEX_RUNDOWN_REF RunRef,
2553 IN ULONG Count
2554 );
2555
2556 NTKERNELAPI
2557 VOID
2558 FASTCALL
2559 ExRundownCompleted (
2560 IN PEX_RUNDOWN_REF RunRef
2561 );
2562
2563 NTKERNELAPI
2564 VOID
2565 FASTCALL
2566 ExWaitForRundownProtectionRelease (
2567 IN PEX_RUNDOWN_REF RunRef
2568 );
2569
2570 #endif
2571 #endif /* (VER_PRODUCTBUILD >= 2600) */
2572
2573
2574 #define FsRtlSetupAdvancedHeader( _advhdr, _fmutx ) \
2575 { \
2576 SetFlag( (_advhdr)->Flags, FSRTL_FLAG_ADVANCED_HEADER ); \
2577 SetFlag( (_advhdr)->Flags2, FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS ); \
2578 (_advhdr)->Version = FSRTL_FCB_HEADER_V1; \
2579 InitializeListHead( &(_advhdr)->FilterContexts ); \
2580 if ((_fmutx) != NULL) { \
2581 (_advhdr)->FastMutex = (_fmutx); \
2582 } \
2583 *((PULONG_PTR)(&(_advhdr)->PushLock)) = 0; \
2584 /*ExInitializePushLock( &(_advhdr)->PushLock ); API Not avaliable downlevel*/\
2585 (_advhdr)->FileContextSupportPointer = NULL; \
2586 }
2587
2588 #define FlagOn(x, f) ((x) & (f))
2589
2590 NTKERNELAPI
2591 VOID
2592 NTAPI
2593 FsRtlAddToTunnelCache (
2594 IN PTUNNEL Cache,
2595 IN ULONGLONG DirectoryKey,
2596 IN PUNICODE_STRING ShortName,
2597 IN PUNICODE_STRING LongName,
2598 IN BOOLEAN KeyByShortName,
2599 IN ULONG DataLength,
2600 IN PVOID Data
2601 );
2602
2603 #if (VER_PRODUCTBUILD >= 2195)
2604
2605 PFILE_LOCK
2606 NTAPI
2607 FsRtlAllocateFileLock (
2608 IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL,
2609 IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL
2610 );
2611
2612 #endif /* (VER_PRODUCTBUILD >= 2195) */
2613
2614 NTKERNELAPI
2615 PVOID
2616 NTAPI
2617 FsRtlAllocatePool (
2618 IN POOL_TYPE PoolType,
2619 IN ULONG NumberOfBytes
2620 );
2621
2622 NTKERNELAPI
2623 PVOID
2624 NTAPI
2625 FsRtlAllocatePoolWithQuota (
2626 IN POOL_TYPE PoolType,
2627 IN ULONG NumberOfBytes
2628 );
2629
2630 NTKERNELAPI
2631 PVOID
2632 NTAPI
2633 FsRtlAllocatePoolWithQuotaTag (
2634 IN POOL_TYPE PoolType,
2635 IN ULONG NumberOfBytes,
2636 IN ULONG Tag
2637 );
2638
2639 NTKERNELAPI
2640 PVOID
2641 NTAPI
2642 FsRtlAllocatePoolWithTag (
2643 IN POOL_TYPE PoolType,
2644 IN ULONG NumberOfBytes,
2645 IN ULONG Tag
2646 );
2647
2648 NTKERNELAPI
2649 BOOLEAN
2650 NTAPI
2651 FsRtlAreNamesEqual (
2652 IN PCUNICODE_STRING Name1,
2653 IN PCUNICODE_STRING Name2,
2654 IN BOOLEAN IgnoreCase,
2655 IN PCWCH UpcaseTable OPTIONAL
2656 );
2657
2658 #define FsRtlAreThereCurrentFileLocks(FL) ( \
2659 ((FL)->FastIoIsQuestionable) \
2660 )
2661
2662 /*
2663 FsRtlCheckLockForReadAccess:
2664
2665 All this really does is pick out the lock parameters from the irp (io stack
2666 location?), get IoGetRequestorProcess, and pass values on to
2667 FsRtlFastCheckLockForRead.
2668 */
2669 NTKERNELAPI
2670 BOOLEAN
2671 NTAPI
2672 FsRtlCheckLockForReadAccess (
2673 IN PFILE_LOCK FileLock,
2674 IN PIRP Irp
2675 );
2676
2677 /*
2678 FsRtlCheckLockForWriteAccess:
2679
2680 All this really does is pick out the lock parameters from the irp (io stack
2681 location?), get IoGetRequestorProcess, and pass values on to
2682 FsRtlFastCheckLockForWrite.
2683 */
2684 NTKERNELAPI
2685 BOOLEAN
2686 NTAPI
2687 FsRtlCheckLockForWriteAccess (
2688 IN PFILE_LOCK FileLock,
2689 IN PIRP Irp
2690 );
2691
2692 typedef
2693 VOID
2694 (NTAPI*POPLOCK_WAIT_COMPLETE_ROUTINE) (
2695 IN PVOID Context,
2696 IN PIRP Irp
2697 );
2698
2699 typedef
2700 VOID
2701 (NTAPI*POPLOCK_FS_PREPOST_IRP) (
2702 IN PVOID Context,
2703 IN PIRP Irp
2704 );
2705
2706 NTKERNELAPI
2707 NTSTATUS
2708 NTAPI
2709 FsRtlCheckOplock (
2710 IN POPLOCK Oplock,
2711 IN PIRP Irp,
2712 IN PVOID Context,
2713 IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL,
2714 IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL
2715 );
2716
2717 NTKERNELAPI
2718 BOOLEAN
2719 NTAPI
2720 FsRtlCopyRead (
2721 IN PFILE_OBJECT FileObject,
2722 IN PLARGE_INTEGER FileOffset,
2723 IN ULONG Length,
2724 IN BOOLEAN Wait,
2725 IN ULONG LockKey,
2726 OUT PVOID Buffer,
2727 OUT PIO_STATUS_BLOCK IoStatus,
2728 IN PDEVICE_OBJECT DeviceObject
2729 );
2730
2731 NTKERNELAPI
2732 BOOLEAN
2733 NTAPI
2734 FsRtlCopyWrite (
2735 IN PFILE_OBJECT FileObject,
2736 IN PLARGE_INTEGER FileOffset,
2737 IN ULONG Length,
2738 IN BOOLEAN Wait,
2739 IN ULONG LockKey,
2740 IN PVOID Buffer,
2741 OUT PIO_STATUS_BLOCK IoStatus,
2742 IN PDEVICE_OBJECT DeviceObject
2743 );
2744
2745 NTSYSAPI
2746 PVOID
2747 NTAPI
2748 RtlCreateHeap (
2749 IN ULONG Flags,
2750 IN PVOID HeapBase OPTIONAL,
2751 IN SIZE_T ReserveSize OPTIONAL,
2752 IN SIZE_T CommitSize OPTIONAL,
2753 IN PVOID Lock OPTIONAL,
2754 IN PRTL_HEAP_PARAMETERS Parameters OPTIONAL
2755 );
2756
2757 NTKERNELAPI
2758 BOOLEAN
2759 NTAPI
2760 FsRtlCurrentBatchOplock (
2761 IN POPLOCK Oplock
2762 );
2763
2764 NTKERNELAPI
2765 VOID
2766 NTAPI
2767 FsRtlDeleteKeyFromTunnelCache (
2768 IN PTUNNEL Cache,
2769 IN ULONGLONG DirectoryKey
2770 );
2771
2772 NTKERNELAPI
2773 VOID
2774 NTAPI
2775 FsRtlDeleteTunnelCache (
2776 IN PTUNNEL Cache
2777 );
2778
2779 NTKERNELAPI
2780 VOID
2781 NTAPI
2782 FsRtlDeregisterUncProvider (
2783 IN HANDLE Handle
2784 );
2785
2786 NTSYSAPI
2787 PVOID
2788 NTAPI
2789 RtlDestroyHeap(
2790 IN PVOID HeapHandle
2791 );
2792
2793 NTKERNELAPI
2794 VOID
2795 NTAPI
2796 FsRtlDissectDbcs (
2797 IN ANSI_STRING Name,
2798 OUT PANSI_STRING FirstPart,
2799 OUT PANSI_STRING RemainingPart
2800 );
2801
2802 NTKERNELAPI
2803 VOID
2804 NTAPI
2805 FsRtlDissectName (
2806 IN UNICODE_STRING Name,
2807 OUT PUNICODE_STRING FirstPart,
2808 OUT PUNICODE_STRING RemainingPart
2809 );
2810
2811 NTKERNELAPI
2812 BOOLEAN
2813 NTAPI
2814 FsRtlDoesDbcsContainWildCards (
2815 IN PANSI_STRING Name
2816 );
2817
2818 NTKERNELAPI
2819 BOOLEAN
2820 NTAPI
2821 FsRtlDoesNameContainWildCards (
2822 IN PUNICODE_STRING Name
2823 );
2824
2825 NTKERNELAPI
2826 BOOLEAN
2827 NTAPI
2828 FsRtlIsFatDbcsLegal (
2829 IN ANSI_STRING DbcsName,
2830 IN BOOLEAN WildCardsPermissible,
2831 IN BOOLEAN PathNamePermissible,
2832 IN BOOLEAN LeadingBackslashPermissible
2833 );
2834
2835
2836 #define FsRtlCompleteRequest(IRP,STATUS) { \
2837 (IRP)->IoStatus.Status = (STATUS); \
2838 IoCompleteRequest( (IRP), IO_DISK_INCREMENT ); \
2839 }
2840
2841 #define FsRtlEnterFileSystem KeEnterCriticalRegion
2842
2843 #define FsRtlExitFileSystem KeLeaveCriticalRegion
2844
2845 NTKERNELAPI
2846 BOOLEAN
2847 NTAPI
2848 FsRtlFastCheckLockForRead (
2849 IN PFILE_LOCK FileLock,
2850 IN PLARGE_INTEGER FileOffset,
2851 IN PLARGE_INTEGER Length,
2852 IN ULONG Key,
2853 IN PFILE_OBJECT FileObject,
2854 IN PEPROCESS Process
2855 );
2856
2857 NTKERNELAPI
2858 BOOLEAN
2859 NTAPI
2860 FsRtlFastCheckLockForWrite (
2861 IN PFILE_LOCK FileLock,
2862 IN PLARGE_INTEGER FileOffset,
2863 IN PLARGE_INTEGER Length,
2864 IN ULONG Key,
2865 IN PFILE_OBJECT FileObject,
2866 IN PEPROCESS Process
2867 );
2868
2869 #define FsRtlFastLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, A10, A11) ( \
2870 FsRtlPrivateLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, NULL, A10, A11) \
2871 )
2872
2873 NTKERNELAPI
2874 NTSTATUS
2875 NTAPI
2876 FsRtlFastUnlockAll (
2877 IN PFILE_LOCK FileLock,
2878 IN PFILE_OBJECT FileObject,
2879 IN PEPROCESS Process,
2880 IN PVOID Context OPTIONAL
2881 );
2882 /* ret: STATUS_RANGE_NOT_LOCKED */
2883
2884 NTKERNELAPI
2885 NTSTATUS
2886 NTAPI
2887 FsRtlFastUnlockAllByKey (
2888 IN PFILE_LOCK FileLock,
2889 IN PFILE_OBJECT FileObject,
2890 IN PEPROCESS Process,
2891 IN ULONG Key,
2892 IN PVOID Context OPTIONAL
2893 );
2894 /* ret: STATUS_RANGE_NOT_LOCKED */
2895
2896 NTKERNELAPI
2897 NTSTATUS
2898 NTAPI
2899 FsRtlFastUnlockSingle (
2900 IN PFILE_LOCK FileLock,
2901 IN PFILE_OBJECT FileObject,
2902 IN PLARGE_INTEGER FileOffset,
2903 IN PLARGE_INTEGER Length,
2904 IN PEPROCESS Process,
2905 IN ULONG Key,
2906 IN PVOID Context OPTIONAL,
2907 IN BOOLEAN AlreadySynchronized
2908 );
2909 /* ret: STATUS_RANGE_NOT_LOCKED */
2910
2911 NTKERNELAPI
2912 BOOLEAN
2913 NTAPI
2914 FsRtlFindInTunnelCache (
2915 IN PTUNNEL Cache,
2916 IN ULONGLONG DirectoryKey,
2917 IN PUNICODE_STRING Name,
2918 OUT PUNICODE_STRING ShortName,
2919 OUT PUNICODE_STRING LongName,
2920 IN OUT PULONG DataLength,
2921 OUT PVOID Data
2922 );
2923
2924 #if (VER_PRODUCTBUILD >= 2195)
2925
2926 NTKERNELAPI
2927 VOID
2928 NTAPI
2929 FsRtlFreeFileLock (
2930 IN PFILE_LOCK FileLock
2931 );
2932
2933 #endif /* (VER_PRODUCTBUILD >= 2195) */
2934
2935 NTKERNELAPI
2936 NTSTATUS
2937 NTAPI
2938 FsRtlGetFileSize (
2939 IN PFILE_OBJECT FileObject,
2940 IN OUT PLARGE_INTEGER FileSize
2941 );
2942
2943 /*
2944 FsRtlGetNextFileLock:
2945
2946 ret: NULL if no more locks
2947
2948 Internals:
2949 FsRtlGetNextFileLock uses FileLock->LastReturnedLockInfo and
2950 FileLock->LastReturnedLock as storage.
2951 LastReturnedLock is a pointer to the 'raw' lock inkl. double linked
2952 list, and FsRtlGetNextFileLock needs this to get next lock on subsequent
2953 calls with Restart = FALSE.
2954 */
2955 NTKERNELAPI
2956 PFILE_LOCK_INFO
2957 NTAPI
2958 FsRtlGetNextFileLock (
2959 IN PFILE_LOCK FileLock,
2960 IN BOOLEAN Restart
2961 );
2962
2963 NTKERNELAPI
2964 VOID
2965 NTAPI
2966 FsRtlInitializeFileLock (
2967 IN PFILE_LOCK FileLock,
2968 IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL,
2969 IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL
2970 );
2971
2972 NTKERNELAPI
2973 VOID
2974 NTAPI
2975 FsRtlInitializeOplock (
2976 IN OUT POPLOCK Oplock
2977 );
2978
2979 NTKERNELAPI
2980 VOID
2981 NTAPI
2982 FsRtlInitializeTunnelCache (
2983 IN PTUNNEL Cache
2984 );
2985
2986 NTKERNELAPI
2987 BOOLEAN
2988 NTAPI
2989 FsRtlIsNameInExpression (
2990 IN PUNICODE_STRING Expression,
2991 IN PUNICODE_STRING Name,
2992 IN BOOLEAN IgnoreCase,
2993 IN PWCHAR UpcaseTable OPTIONAL
2994 );
2995
2996 NTKERNELAPI
2997 BOOLEAN
2998 NTAPI
2999 FsRtlIsNtstatusExpected (
3000 IN NTSTATUS Ntstatus
3001 );
3002
3003 #define NLS_OEM_LEAD_BYTE_INFO NlsOemLeadByteInfo
3004
3005 extern PUSHORT NlsOemLeadByteInfo;
3006
3007 #define FsRtlIsLeadDbcsCharacter(DBCS_CHAR) ( \
3008 (BOOLEAN)((UCHAR)(DBCS_CHAR) < 0x80 ? FALSE : \
3009 (NLS_MB_CODE_PAGE_TAG && \
3010 (NLS_OEM_LEAD_BYTE_INFO[(UCHAR)(DBCS_CHAR)] != 0))) \
3011 )
3012
3013 #define FsRtlIsAnsiCharacterWild(C) ( \
3014 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], FSRTL_WILD_CHARACTER ) \
3015 )
3016
3017 #define FsRtlIsUnicodeCharacterWild(C) ( \
3018 (((C) >= 0x40) ? \
3019 FALSE : \
3020 FlagOn(FsRtlLegalAnsiCharacterArray[(C)], FSRTL_WILD_CHARACTER )) \
3021 )
3022
3023 NTKERNELAPI
3024 BOOLEAN
3025 NTAPI
3026 FsRtlMdlReadDev (
3027 IN PFILE_OBJECT FileObject,
3028 IN PLARGE_INTEGER FileOffset,
3029 IN ULONG Length,
3030 IN ULONG LockKey,
3031 OUT PMDL *MdlChain,
3032 OUT PIO_STATUS_BLOCK IoStatus,
3033 IN PDEVICE_OBJECT DeviceObject
3034 );
3035
3036 NTKERNELAPI
3037 BOOLEAN
3038 NTAPI
3039 FsRtlMdlReadComplete (
3040 IN PFILE_OBJECT FileObject,
3041 IN PMDL MdlChain
3042 );
3043
3044 NTKERNELAPI
3045 BOOLEAN
3046 NTAPI
3047 FsRtlMdlReadCompleteDev (
3048 IN PFILE_OBJECT FileObject,
3049 IN PMDL MdlChain,
3050 IN PDEVICE_OBJECT DeviceObject
3051 );
3052
3053 NTKERNELAPI
3054 BOOLEAN
3055 NTAPI
3056 FsRtlPrepareMdlWriteDev (
3057 IN PFILE_OBJECT FileObject,
3058 IN PLARGE_INTEGER FileOffset,
3059 IN ULONG Length,
3060 IN ULONG LockKey,
3061 OUT PMDL *MdlChain,
3062 OUT PIO_STATUS_BLOCK IoStatus,
3063 IN PDEVICE_OBJECT DeviceObject
3064 );
3065
3066 NTKERNELAPI
3067 BOOLEAN
3068 NTAPI
3069 FsRtlMdlWriteComplete (
3070 IN PFILE_OBJECT FileObject,
3071 IN PLARGE_INTEGER FileOffset,
3072 IN PMDL MdlChain
3073 );
3074
3075 NTKERNELAPI
3076 BOOLEAN
3077 NTAPI
3078 FsRtlMdlWriteCompleteDev (
3079 IN PFILE_OBJECT FileObject,
3080 IN PLARGE_INTEGER FileOffset,
3081 IN PMDL MdlChain,
3082 IN PDEVICE_OBJECT DeviceObject
3083 );
3084
3085 NTKERNELAPI
3086 NTSTATUS
3087 NTAPI
3088 FsRtlNormalizeNtstatus (
3089 IN NTSTATUS Exception,
3090 IN NTSTATUS GenericException
3091 );
3092
3093 NTKERNELAPI
3094 VOID
3095 NTAPI
3096 FsRtlNotifyChangeDirectory (
3097 IN PNOTIFY_SYNC NotifySync,
3098 IN PVOID FsContext,
3099 IN PSTRING FullDirectoryName,
3100 IN PLIST_ENTRY NotifyList,
3101 IN BOOLEAN WatchTree,
3102 IN ULONG CompletionFilter,
3103 IN PIRP NotifyIrp
3104 );
3105
3106 NTKERNELAPI
3107 VOID
3108 NTAPI
3109 FsRtlNotifyCleanup (
3110 IN PNOTIFY_SYNC NotifySync,
3111 IN PLIST_ENTRY NotifyList,
3112 IN PVOID FsContext
3113 );
3114
3115 typedef BOOLEAN (*PCHECK_FOR_TRAVERSE_ACCESS) (
3116 IN PVOID NotifyContext,
3117 IN PVOID TargetContext,
3118 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
3119 );
3120
3121 NTKERNELAPI
3122 VOID
3123 NTAPI
3124 FsRtlNotifyFullChangeDirectory (
3125 IN PNOTIFY_SYNC NotifySync,
3126 IN PLIST_ENTRY NotifyList,
3127 IN PVOID FsContext,
3128 IN PSTRING FullDirectoryName,
3129 IN BOOLEAN WatchTree,
3130 IN BOOLEAN IgnoreBuffer,
3131 IN ULONG CompletionFilter,
3132 IN PIRP NotifyIrp,
3133 IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL,
3134 IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL
3135 );
3136
3137 NTKERNELAPI
3138 VOID
3139 NTAPI
3140 FsRtlNotifyFullReportChange (
3141 IN PNOTIFY_SYNC NotifySync,
3142 IN PLIST_ENTRY NotifyList,
3143 IN PSTRING FullTargetName,
3144 IN USHORT TargetNameOffset,
3145 IN PSTRING StreamName OPTIONAL,
3146 IN PSTRING NormalizedParentName OPTIONAL,
3147 IN ULONG FilterMatch,
3148 IN ULONG Action,
3149 IN PVOID TargetContext
3150 );
3151
3152 NTKERNELAPI
3153 VOID
3154 NTAPI
3155 FsRtlNotifyInitializeSync (
3156 IN PNOTIFY_SYNC *NotifySync
3157 );
3158
3159 NTKERNELAPI
3160 VOID
3161 NTAPI
3162 FsRtlNotifyReportChange (
3163 IN PNOTIFY_SYNC NotifySync,
3164 IN PLIST_ENTRY NotifyList,
3165 IN PSTRING FullTargetName,
3166 IN PUSHORT FileNamePartLength,
3167 IN ULONG FilterMatch
3168 );
3169
3170 NTKERNELAPI
3171 VOID
3172 NTAPI
3173 FsRtlNotifyUninitializeSync (
3174 IN PNOTIFY_SYNC *NotifySync
3175 );
3176
3177 #if (VER_PRODUCTBUILD >= 2195)
3178
3179 NTKERNELAPI
3180 NTSTATUS
3181 NTAPI
3182 FsRtlNotifyVolumeEvent (
3183 IN PFILE_OBJECT FileObject,
3184 IN ULONG EventCode
3185 );
3186
3187 #endif /* (VER_PRODUCTBUILD >= 2195) */
3188
3189 NTKERNELAPI
3190 NTSTATUS
3191 NTAPI
3192 FsRtlOplockFsctrl (
3193 IN POPLOCK Oplock,
3194 IN PIRP Irp,
3195 IN ULONG OpenCount
3196 );
3197
3198 NTKERNELAPI
3199 BOOLEAN
3200 NTAPI
3201 FsRtlOplockIsFastIoPossible (
3202 IN POPLOCK Oplock
3203 );
3204
3205 /*
3206 FsRtlPrivateLock:
3207
3208 ret: IoStatus->Status: STATUS_PENDING, STATUS_LOCK_NOT_GRANTED
3209
3210 Internals:
3211 -Calls IoCompleteRequest if Irp
3212 -Uses exception handling / ExRaiseStatus with STATUS_INSUFFICIENT_RESOURCES
3213 */
3214 NTKERNELAPI
3215 BOOLEAN
3216 NTAPI
3217 FsRtlPrivateLock (
3218 IN PFILE_LOCK FileLock,
3219 IN PFILE_OBJECT FileObject,
3220 IN PLARGE_INTEGER FileOffset,
3221 IN PLARGE_INTEGER Length,
3222 IN PEPROCESS Process,
3223 IN ULONG Key,
3224 IN BOOLEAN FailImmediately,
3225 IN BOOLEAN ExclusiveLock,
3226 OUT PIO_STATUS_BLOCK IoStatus,
3227 IN PIRP Irp OPTIONAL,
3228 IN PVOID Context,
3229 IN BOOLEAN AlreadySynchronized
3230 );
3231
3232 /*
3233 FsRtlProcessFileLock:
3234
3235 ret:
3236 -STATUS_INVALID_DEVICE_REQUEST
3237 -STATUS_RANGE_NOT_LOCKED from unlock routines.
3238 -STATUS_PENDING, STATUS_LOCK_NOT_GRANTED from FsRtlPrivateLock
3239 (redirected IoStatus->Status).
3240
3241 Internals:
3242 -switch ( Irp->CurrentStackLocation->MinorFunction )
3243 lock: return FsRtlPrivateLock;
3244 unlocksingle: return FsRtlFastUnlockSingle;
3245 unlockall: return FsRtlFastUnlockAll;
3246 unlockallbykey: return FsRtlFastUnlockAllByKey;
3247 default: IofCompleteRequest with STATUS_INVALID_DEVICE_REQUEST;
3248 return STATUS_INVALID_DEVICE_REQUEST;
3249
3250 -'AllwaysZero' is passed thru as 'AllwaysZero' to lock / unlock routines.
3251 -'Irp' is passet thru as 'Irp' to FsRtlPrivateLock.
3252 */
3253 NTKERNELAPI
3254 NTSTATUS
3255 NTAPI
3256 FsRtlProcessFileLock (
3257 IN PFILE_LOCK FileLock,
3258 IN PIRP Irp,
3259 IN PVOID Context OPTIONAL
3260 );
3261
3262 NTKERNELAPI
3263 NTSTATUS
3264 NTAPI
3265 FsRtlRegisterUncProvider (
3266 IN OUT PHANDLE MupHandle,
3267 IN PUNICODE_STRING RedirectorDeviceName,
3268 IN BOOLEAN MailslotsSupported
3269 );
3270
3271 typedef VOID
3272 (NTAPI *PFSRTL_STACK_OVERFLOW_ROUTINE) (
3273 IN PVOID Context,
3274 IN PKEVENT Event
3275 );
3276
3277 NTKERNELAPI
3278 VOID
3279 NTAPI
3280 FsRtlPostStackOverflow (
3281 IN PVOID Context,
3282 IN PKEVENT Event,
3283 IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine
3284 );
3285
3286 NTKERNELAPI
3287 VOID
3288 NTAPI
3289 FsRtlPostPagingFileStackOverflow (
3290 IN PVOID Context,
3291 IN PKEVENT Event,
3292 IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine
3293 );
3294
3295 NTKERNELAPI
3296 VOID
3297 NTAPI
3298 FsRtlTeardownPerStreamContexts (
3299 IN PFSRTL_ADVANCED_FCB_HEADER AdvancedHeader
3300 );
3301
3302 NTKERNELAPI
3303 VOID
3304 NTAPI
3305 FsRtlUninitializeFileLock (
3306 IN PFILE_LOCK FileLock
3307 );
3308
3309 NTKERNELAPI
3310 VOID
3311 NTAPI
3312 FsRtlUninitializeOplock (
3313 IN OUT POPLOCK Oplock
3314 );
3315
3316 NTHALAPI
3317 VOID
3318 NTAPI
3319 HalDisplayString (
3320 IN PCHAR String
3321 );
3322
3323 NTKERNELAPI
3324 UCHAR
3325 NTAPI
3326 KeSetIdealProcessorThread(
3327 IN OUT PKTHREAD Thread,
3328 IN UCHAR Processor
3329 );
3330
3331 NTKERNELAPI
3332 NTSTATUS
3333 NTAPI
3334 IoAttachDeviceToDeviceStackSafe(
3335 IN PDEVICE_OBJECT SourceDevice,
3336 IN PDEVICE_OBJECT TargetDevice,
3337 OUT PDEVICE_OBJECT *AttachedToDeviceObject
3338 );
3339
3340 NTKERNELAPI
3341 VOID
3342 NTAPI
3343 IoAcquireVpbSpinLock (
3344 OUT PKIRQL Irql
3345 );
3346
3347 NTKERNELAPI
3348 NTSTATUS
3349 NTAPI
3350 IoCheckDesiredAccess (
3351 IN OUT PACCESS_MASK DesiredAccess,
3352 IN ACCESS_MASK GrantedAccess
3353 );
3354
3355 NTKERNELAPI
3356 NTSTATUS
3357 NTAPI
3358 IoCheckEaBufferValidity (
3359 IN PFILE_FULL_EA_INFORMATION EaBuffer,
3360 IN ULONG EaLength,
3361 OUT PULONG ErrorOffset
3362 );
3363
3364 NTKERNELAPI
3365 NTSTATUS
3366 NTAPI
3367 IoCheckFunctionAccess (
3368 IN ACCESS_MASK GrantedAccess,
3369 IN UCHAR MajorFunction,
3370 IN UCHAR MinorFunction,
3371 IN ULONG IoControlCode,
3372 IN PVOID Argument1 OPTIONAL,
3373 IN PVOID Argument2 OPTIONAL
3374 );
3375
3376 #if (VER_PRODUCTBUILD >= 2195)
3377
3378 NTKERNELAPI
3379 NTSTATUS
3380 NTAPI
3381 IoCheckQuotaBufferValidity (
3382 IN PFILE_QUOTA_INFORMATION QuotaBuffer,
3383 IN ULONG QuotaLength,
3384 OUT PULONG ErrorOffset
3385 );
3386
3387 #endif /* (VER_PRODUCTBUILD >= 2195) */
3388
3389 NTKERNELAPI
3390 PFILE_OBJECT
3391 NTAPI
3392 IoCreateStreamFileObject (
3393 IN PFILE_OBJECT FileObject OPTIONAL,
3394 IN PDEVICE_OBJECT DeviceObject OPTIONAL
3395 );
3396
3397 #if (VER_PRODUCTBUILD >= 2195)
3398
3399 NTKERNELAPI
3400 PFILE_OBJECT
3401 NTAPI
3402 IoCreateStreamFileObjectLite (
3403 IN PFILE_OBJECT FileObject OPTIONAL,
3404 IN PDEVICE_OBJECT DeviceObject OPTIONAL
3405 );
3406
3407 #endif /* (VER_PRODUCTBUILD >= 2195) */
3408
3409 NTKERNELAPI
3410 BOOLEAN
3411 NTAPI
3412 IoFastQueryNetworkAttributes (
3413 IN POBJECT_ATTRIBUTES ObjectAttributes,
3414 IN ACCESS_MASK DesiredAccess,
3415 IN ULONG OpenOptions,
3416 OUT PIO_STATUS_BLOCK IoStatus,
3417 OUT PFILE_NETWORK_OPEN_INFORMATION Buffer
3418 );
3419
3420 NTKERNELAPI
3421 PDEVICE_OBJECT
3422 NTAPI
3423 IoGetAttachedDevice (
3424 IN PDEVICE_OBJECT DeviceObject
3425 );
3426
3427 NTKERNELAPI
3428 PDEVICE_OBJECT
3429 NTAPI
3430 IoGetBaseFileSystemDeviceObject (
3431 IN PFILE_OBJECT FileObject
3432 );
3433
3434 NTKERNELAPI
3435 PEPROCESS
3436 NTAPI
3437 IoGetRequestorProcess (
3438 IN PIRP Irp
3439 );
3440
3441 #if (VER_PRODUCTBUILD >= 2195)
3442
3443 NTKERNELAPI
3444 ULONG
3445 NTAPI
3446 IoGetRequestorProcessId (
3447 IN PIRP Irp
3448 );
3449
3450 #endif /* (VER_PRODUCTBUILD >= 2195) */
3451
3452 NTKERNELAPI
3453 PIRP
3454 NTAPI
3455 IoGetTopLevelIrp (
3456 VOID
3457 );
3458
3459 #define IoIsFileOpenedExclusively(FileObject) ( \
3460 (BOOLEAN) !( \
3461 (FileObject)->SharedRead || \
3462 (FileObject)->SharedWrite || \
3463 (FileObject)->SharedDelete \
3464 ) \
3465 )
3466
3467 NTKERNELAPI
3468 BOOLEAN
3469 NTAPI
3470 IoIsOperationSynchronous (
3471 IN PIRP Irp
3472 );
3473
3474 NTKERNELAPI
3475 BOOLEAN
3476 NTAPI
3477 IoIsSystemThread (
3478 IN PETHREAD Thread
3479 );
3480
3481 #if (VER_PRODUCTBUILD >= 2195)
3482
3483 NTKERNELAPI
3484 BOOLEAN
3485 NTAPI
3486 IoIsValidNameGraftingBuffer (
3487 IN PIRP Irp,
3488 IN PREPARSE_DATA_BUFFER ReparseBuffer
3489 );
3490
3491 #endif /* (VER_PRODUCTBUILD >= 2195) */
3492
3493 NTKERNELAPI
3494 NTSTATUS
3495 NTAPI
3496 IoPageRead (
3497 IN PFILE_OBJECT FileObject,
3498 IN PMDL Mdl,
3499 IN PLARGE_INTEGER Offset,
3500 IN PKEVENT Event,
3501 OUT PIO_STATUS_BLOCK IoStatusBlock
3502 );
3503
3504 NTKERNELAPI
3505 NTSTATUS
3506 NTAPI
3507 IoQueryFileInformation (
3508 IN PFILE_OBJECT FileObject,
3509 IN FILE_INFORMATION_CLASS FileInformationClass,
3510 IN ULONG Length,
3511 OUT PVOID FileInformation,
3512 OUT PULONG ReturnedLength
3513 );
3514
3515 NTKERNELAPI
3516 NTSTATUS
3517 NTAPI
3518 IoQueryVolumeInformation (
3519 IN PFILE_OBJECT FileObject,
3520 IN FS_INFORMATION_CLASS FsInformationClass,
3521 IN ULONG Length,
3522 OUT PVOID FsInformation,
3523 OUT PULONG ReturnedLength
3524 );
3525
3526 NTKERNELAPI
3527 VOID
3528 NTAPI
3529 IoQueueThreadIrp(
3530 IN PIRP Irp
3531 );
3532
3533 NTKERNELAPI
3534 VOID
3535 NTAPI
3536 IoRegisterFileSystem (
3537 IN OUT PDEVICE_OBJECT DeviceObject
3538 );
3539
3540 #if (VER_PRODUCTBUILD >= 1381)
3541
3542 typedef VOID (NTAPI *PDRIVER_FS_NOTIFICATION) (
3543 IN PDEVICE_OBJECT DeviceObject,
3544 IN BOOLEAN DriverActive
3545 );
3546
3547 NTKERNELAPI
3548 NTSTATUS
3549 NTAPI
3550 IoRegisterFsRegistrationChange (
3551 IN PDRIVER_OBJECT DriverObject,
3552 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
3553 );
3554
3555 #endif /* (VER_PRODUCTBUILD >= 1381) */
3556
3557 NTKERNELAPI
3558 VOID
3559 NTAPI
3560 IoReleaseVpbSpinLock (
3561 IN KIRQL Irql
3562 );
3563
3564 NTKERNELAPI
3565 VOID
3566 NTAPI
3567 IoSetDeviceToVerify (
3568 IN PETHREAD Thread,
3569 IN PDEVICE_OBJECT DeviceObject
3570 );
3571
3572 NTKERNELAPI
3573 NTSTATUS
3574 NTAPI
3575 IoSetInformation (
3576 IN PFILE_OBJECT FileObject,
3577 IN FILE_INFORMATION_CLASS FileInformationClass,
3578 IN ULONG Length,
3579 IN PVOID FileInformation
3580 );
3581
3582 NTKERNELAPI
3583 VOID
3584 NTAPI
3585 IoSetTopLevelIrp (
3586 IN PIRP Irp
3587 );
3588
3589 NTKERNELAPI
3590 NTSTATUS
3591 NTAPI
3592 IoSynchronousPageWrite (
3593 IN PFILE_OBJECT FileObject,
3594 IN PMDL Mdl,
3595 IN PLARGE_INTEGER FileOffset,
3596 IN PKEVENT Event,
3597 OUT PIO_STATUS_BLOCK IoStatusBlock
3598 );
3599
3600 NTKERNELAPI
3601 PEPROCESS
3602 NTAPI
3603 IoThreadToProcess (
3604 IN PETHREAD Thread
3605 );
3606
3607 NTKERNELAPI
3608 VOID
3609 NTAPI
3610 IoUnregisterFileSystem (
3611 IN OUT PDEVICE_OBJECT DeviceObject
3612 );
3613
3614 #if (VER_PRODUCTBUILD >= 1381)
3615
3616 NTKERNELAPI
3617 VOID
3618 NTAPI
3619 IoUnregisterFsRegistrationChange (
3620 IN PDRIVER_OBJECT DriverObject,
3621 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
3622 );
3623
3624 #endif /* (VER_PRODUCTBUILD >= 1381) */
3625
3626 NTKERNELAPI
3627 NTSTATUS
3628 NTAPI
3629 IoVerifyVolume (
3630 IN PDEVICE_OBJECT DeviceObject,
3631 IN BOOLEAN AllowRawMount
3632 );
3633
3634 #if !defined (_M_AMD64)
3635
3636 NTHALAPI
3637 KIRQL
3638 FASTCALL
3639 KeAcquireQueuedSpinLock (
3640 IN KSPIN_LOCK_QUEUE_NUMBER Number
3641 );
3642
3643 NTHALAPI
3644 VOID
3645 FASTCALL
3646 KeReleaseQueuedSpinLock (
3647 IN KSPIN_LOCK_QUEUE_NUMBER Number,
3648 IN KIRQL OldIrql
3649 );
3650
3651 NTHALAPI
3652 KIRQL
3653 FASTCALL
3654 KeAcquireSpinLockRaiseToSynch(
3655 IN OUT PKSPIN_LOCK SpinLock
3656 );
3657
3658 NTHALAPI
3659 LOGICAL
3660 FASTCALL
3661 KeTryToAcquireQueuedSpinLock(
3662 KSPIN_LOCK_QUEUE_NUMBER Number,
3663 PKIRQL OldIrql);
3664
3665 #else
3666
3667 NTKERNELAPI
3668 KIRQL
3669 FASTCALL
3670 KeAcquireQueuedSpinLock (
3671 IN KSPIN_LOCK_QUEUE_NUMBER Number
3672 );
3673
3674 NTKERNELAPI
3675 VOID
3676 FASTCALL
3677 KeReleaseQueuedSpinLock (
3678 IN KSPIN_LOCK_QUEUE_NUMBER Number,
3679 IN KIRQL OldIrql
3680 );
3681
3682 NTKERNELAPI
3683 KIRQL
3684 KeAcquireSpinLockRaiseToSynch(
3685 IN OUT PKSPIN_LOCK SpinLock
3686 );
3687
3688 NTKERNELAPI
3689 LOGICAL
3690 KeTryToAcquireQueuedSpinLock(
3691 KSPIN_LOCK_QUEUE_NUMBER Number,
3692 PKIRQL OldIrql);
3693
3694 #endif
3695
3696 NTKERNELAPI
3697 VOID
3698 NTAPI
3699 KeAttachProcess (
3700 IN PKPROCESS Process
3701 );
3702
3703 NTKERNELAPI
3704 VOID
3705 NTAPI
3706 KeDetachProcess (
3707 VOID
3708 );
3709
3710 NTKERNELAPI
3711 VOID
3712 NTAPI
3713 KeInitializeQueue (
3714 IN PRKQUEUE Queue,
3715 IN ULONG Count OPTIONAL
3716 );
3717
3718 NTKERNELAPI
3719 LONG
3720 NTAPI
3721 KeInsertHeadQueue (
3722 IN PRKQUEUE Queue,
3723 IN PLIST_ENTRY Entry
3724 );
3725
3726 NTKERNELAPI
3727 LONG
3728 NTAPI
3729 KeInsertQueue (
3730 IN PRKQUEUE Queue,
3731 IN PLIST_ENTRY Entry
3732 );
3733
3734 NTKERNELAPI
3735 LONG
3736 NTAPI
3737 KeReadStateQueue (
3738 IN PRKQUEUE Queue
3739 );
3740
3741 NTKERNELAPI
3742 PLIST_ENTRY
3743 NTAPI
3744 KeRemoveQueue (
3745 IN PRKQUEUE Queue,
3746 IN KPROCESSOR_MODE WaitMode,
3747 IN PLARGE_INTEGER Timeout OPTIONAL
3748 );
3749
3750 NTKERNELAPI
3751 PLIST_ENTRY
3752 NTAPI
3753 KeRundownQueue (
3754 IN PRKQUEUE Queue
3755 );
3756
3757 NTKERNELAPI
3758 VOID
3759 NTAPI
3760 KeInitializeMutant (
3761 IN PRKMUTANT Mutant,
3762 IN BOOLEAN InitialOwner
3763 );
3764
3765 NTKERNELAPI
3766 LONG
3767 NTAPI
3768 KeReadStateMutant (
3769 IN PRKMUTANT Mutant
3770 );
3771
3772 NTKERNELAPI
3773 LONG
3774 NTAPI
3775 KeReleaseMutant (
3776 IN PRKMUTANT Mutant,
3777 IN KPRIORITY Increment,
3778 IN BOOLEAN Abandoned,
3779 IN BOOLEAN Wait
3780 );
3781
3782 #if (VER_PRODUCTBUILD >= 2195)
3783
3784 NTKERNELAPI
3785 VOID
3786 NTAPI
3787 KeStackAttachProcess (
3788 IN PKPROCESS Process,
3789 OUT PKAPC_STATE ApcState
3790 );
3791
3792 NTKERNELAPI
3793 VOID
3794 NTAPI
3795 KeUnstackDetachProcess (
3796 IN PKAPC_STATE ApcState
3797 );
3798
3799 #endif /* (VER_PRODUCTBUILD >= 2195) */
3800
3801 NTKERNELAPI
3802 BOOLEAN
3803 NTAPI
3804 KeSetKernelStackSwapEnable(
3805 IN BOOLEAN Enable
3806 );
3807
3808 NTKERNELAPI
3809 BOOLEAN
3810 NTAPI
3811 MmCanFileBeTruncated (
3812 IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
3813 IN PLARGE_INTEGER NewFileSize
3814 );
3815
3816 NTKERNELAPI
3817 BOOLEAN
3818 NTAPI
3819 MmFlushImageSection (
3820 IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
3821 IN MMFLUSH_TYPE FlushType
3822 );
3823
3824 NTKERNELAPI
3825 BOOLEAN
3826 NTAPI
3827 MmForceSectionClosed (
3828 IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
3829 IN BOOLEAN DelayClose
3830 );
3831
3832 #if (VER_PRODUCTBUILD >= 1381)
3833
3834 NTKERNELAPI
3835 BOOLEAN
3836 NTAPI
3837 MmIsRecursiveIoFault (
3838 VOID
3839 );
3840
3841 #else
3842
3843 #define MmIsRecursiveIoFault() ( \
3844 (PsGetCurrentThread()->DisablePageFaultClustering) | \
3845 (PsGetCurrentThread()->ForwardClusterOnly) \
3846 )
3847
3848 #endif
3849
3850
3851 NTKERNELAPI
3852 BOOLEAN
3853 NTAPI
3854 MmSetAddressRangeModified (
3855 IN PVOID Address,
3856 IN ULONG Length
3857 );
3858
3859 NTKERNELAPI
3860 NTSTATUS
3861 NTAPI
3862 ObCreateObject (
3863 IN KPROCESSOR_MODE ObjectAttributesAccessMode OPTIONAL,
3864 IN POBJECT_TYPE ObjectType,
3865 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
3866 IN KPROCESSOR_MODE AccessMode,
3867 IN OUT PVOID ParseContext OPTIONAL,
3868 IN ULONG ObjectSize,
3869 IN ULONG PagedPoolCharge OPTIONAL,
3870 IN ULONG NonPagedPoolCharge OPTIONAL,
3871 OUT PVOID *Object
3872 );
3873
3874 NTKERNELAPI
3875 ULONG
3876 NTAPI
3877 ObGetObjectPointerCount (
3878 IN PVOID Object
3879 );
3880
3881 NTKERNELAPI
3882 NTSTATUS
3883 NTAPI
3884 ObInsertObject (
3885 IN PVOID Object,
3886 IN PACCESS_STATE PassedAccessState OPTIONAL,
3887 IN ACCESS_MASK DesiredAccess,
3888 IN ULONG AdditionalReferences,
3889 OUT PVOID *ReferencedObject OPTIONAL,
3890 OUT PHANDLE Handle
3891 );
3892
3893 NTKERNELAPI
3894 VOID
3895 NTAPI
3896 ObMakeTemporaryObject (
3897 IN PVOID Object
3898 );
3899
3900 NTKERNELAPI
3901 NTSTATUS
3902 NTAPI
3903 ObOpenObjectByPointer (
3904 IN PVOID Object,
3905 IN ULONG HandleAttributes,
3906 IN PACCESS_STATE PassedAccessState OPTIONAL,
3907 IN ACCESS_MASK DesiredAccess OPTIONAL,
3908 IN POBJECT_TYPE ObjectType OPTIONAL,
3909 IN KPROCESSOR_MODE AccessMode,
3910 OUT PHANDLE Handle
3911 );
3912
3913 NTKERNELAPI
3914 NTSTATUS
3915 NTAPI
3916 ObQueryNameString (
3917 IN PVOID Object,
3918 OUT POBJECT_NAME_INFORMATION ObjectNameInfo,
3919 IN ULONG Length,
3920 OUT PULONG ReturnLength
3921 );
3922
3923 NTKERNELAPI
3924 NTSTATUS
3925 NTAPI
3926 ObQueryObjectAuditingByHandle (
3927 IN HANDLE Handle,
3928 OUT PBOOLEAN GenerateOnClose
3929 );
3930
3931 NTKERNELAPI
3932 NTSTATUS
3933 NTAPI
3934 ObReferenceObjectByName (
3935 IN PUNICODE_STRING ObjectName,
3936 IN ULONG Attributes,
3937 IN PACCESS_STATE PassedAccessState OPTIONAL,
3938 IN ACCESS_MASK DesiredAccess OPTIONAL,
3939 IN POBJECT_TYPE ObjectType,
3940 IN KPROCESSOR_MODE AccessMode,
3941 IN OUT PVOID ParseContext OPTIONAL,
3942 OUT PVOID *Object
3943 );
3944
3945 NTKERNELAPI
3946 NTSTATUS
3947 NTAPI
3948 PsAssignImpersonationToken (
3949 IN PETHREAD Thread,
3950 IN HANDLE Token
3951 );
3952
3953 NTKERNELAPI
3954 VOID
3955 NTAPI
3956 PsChargePoolQuota (
3957 IN PEPROCESS Process,
3958 IN POOL_TYPE PoolType,
3959 IN SIZE_T Amount
3960 );
3961
3962 NTKERNELAPI
3963 NTSTATUS
3964 NTAPI
3965 PsChargeProcessPoolQuota (
3966 IN PEPROCESS Process,
3967 IN POOL_TYPE PoolType,
3968 IN SIZE_T Amount
3969 );
3970
3971 #define PsDereferenceImpersonationToken(T) \
3972 {if (ARGUMENT_PRESENT(T)) { \
3973 (ObDereferenceObject((T))); \
3974 } else { \
3975 ; \
3976 } \
3977 }
3978
3979 #define PsDereferencePrimaryToken(T) (ObDereferenceObject((T)))
3980
3981 NTKERNELAPI
3982 BOOLEAN
3983 NTAPI
3984 PsDisableImpersonation(
3985 IN PETHREAD Thread,
3986 IN PSE_IMPERSONATION_STATE ImpersonationState
3987 );
3988
3989 NTKERNELAPI
3990 LARGE_INTEGER
3991 NTAPI
3992 PsGetProcessExitTime (
3993 VOID
3994 );
3995
3996 NTKERNELAPI
3997 NTSTATUS
3998 NTAPI
3999 PsImpersonateClient(
4000 IN PETHREAD Thread,
4001 IN PACCESS_TOKEN Token,
4002 IN BOOLEAN CopyOnOpen,
4003 IN BOOLEAN EffectiveOnly,
4004 IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
4005 );
4006
4007 NTKERNELAPI
4008 BOOLEAN
4009 NTAPI
4010 PsIsSystemThread(
4011 IN PETHREAD Thread
4012 );
4013
4014 NTKERNELAPI
4015 BOOLEAN
4016 NTAPI
4017 PsIsThreadTerminating (
4018 IN PETHREAD Thread
4019 );
4020
4021 NTKERNELAPI
4022 NTSTATUS
4023 NTAPI
4024 PsLookupProcessByProcessId (
4025 IN HANDLE ProcessId,
4026 OUT PEPROCESS *Process
4027 );
4028
4029 NTKERNELAPI
4030 NTSTATUS
4031 NTAPI
4032 PsLookupProcessThreadByCid (
4033 IN PCLIENT_ID Cid,
4034 OUT PEPROCESS *Process OPTIONAL,
4035 OUT PETHREAD *Thread
4036 );
4037
4038 NTKERNELAPI
4039 NTSTATUS
4040 NTAPI
4041 PsLookupThreadByThreadId (
4042 IN HANDLE UniqueThreadId,
4043 OUT PETHREAD *Thread
4044 );
4045
4046 NTKERNELAPI
4047 PACCESS_TOKEN
4048 NTAPI
4049 PsReferenceImpersonationToken (
4050 IN PETHREAD Thread,
4051 OUT PBOOLEAN CopyOnUse,
4052 OUT PBOOLEAN EffectiveOnly,
4053 OUT PSECURITY_IMPERSONATION_LEVEL Level
4054 );
4055
4056 NTKERNELAPI
4057 HANDLE
4058 NTAPI
4059 PsReferencePrimaryToken (
4060 IN PEPROCESS Process
4061 );
4062
4063 NTKERNELAPI
4064 VOID
4065 NTAPI
4066 PsRestoreImpersonation(
4067 IN PETHREAD Thread,
4068 IN PSE_IMPERSONATION_STATE ImpersonationState
4069 );
4070
4071 NTKERNELAPI
4072 VOID
4073 NTAPI
4074 PsReturnPoolQuota (
4075 IN PEPROCESS Process,
4076 IN POOL_TYPE PoolType,
4077 IN SIZE_T Amount
4078 );
4079
4080 NTKERNELAPI
4081 VOID
4082 NTAPI
4083 PsRevertToSelf (
4084 VOID
4085 );
4086
4087 NTSYSAPI
4088 NTSTATUS
4089 NTAPI
4090 RtlAbsoluteToSelfRelativeSD (
4091 IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor,
4092 IN OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor,
4093 IN PULONG BufferLength
4094 );
4095
4096 NTSYSAPI
4097 PVOID
4098 NTAPI
4099 RtlAllocateHeap (
4100 IN HANDLE HeapHandle,
4101 IN ULONG Flags,
4102 IN ULONG Size
4103 );
4104
4105 NTSYSAPI
4106 NTSTATUS
4107 NTAPI
4108 RtlAppendStringToString(
4109 PSTRING Destination,
4110 const STRING *Source
4111 );
4112
4113 NTSYSAPI
4114 USHORT
4115 NTAPI
4116 RtlCaptureStackBackTrace (
4117 IN ULONG FramesToSkip,
4118 IN ULONG FramesToCapture,
4119 OUT PVOID *BackTrace,
4120 OUT PULONG BackTraceHash OPTIONAL
4121 );
4122
4123 NTSYSAPI
4124 SIZE_T
4125 NTAPI
4126 RtlCompareMemoryUlong (
4127 PVOID Source,
4128 SIZE_T Length,
4129 ULONG Pattern
4130 );
4131
4132 NTSYSAPI
4133 NTSTATUS
4134 NTAPI
4135 RtlCompressBuffer (
4136 IN USHORT CompressionFormatAndEngine,
4137 IN PUCHAR UncompressedBuffer,
4138 IN ULONG UncompressedBufferSize,
4139 OUT PUCHAR CompressedBuffer,
4140 IN ULONG CompressedBufferSize,
4141 IN ULONG UncompressedChunkSize,
4142 OUT PULONG FinalCompressedSize,
4143 IN PVOID WorkSpace
4144 );
4145
4146 NTSYSAPI
4147 NTSTATUS
4148 NTAPI
4149 RtlCompressChunks (
4150 IN PUCHAR UncompressedBuffer,
4151 IN ULONG UncompressedBufferSize,
4152 OUT PUCHAR CompressedBuffer,
4153 IN ULONG CompressedBufferSize,
4154 IN OUT PCOMPRESSED_DATA_INFO CompressedDataInfo,
4155 IN ULONG CompressedDataInfoLength,
4156 IN PVOID WorkSpace
4157 );
4158
4159 NTSYSAPI
4160 NTSTATUS
4161 NTAPI
4162 RtlConvertSidToUnicodeString (
4163 OUT PUNICODE_STRING DestinationString,
4164 IN PSID Sid,
4165 IN BOOLEAN AllocateDestinationString
4166 );
4167
4168 NTSYSAPI
4169 NTSTATUS
4170 NTAPI
4171 RtlCopySid (
4172 IN ULONG Length,
4173 IN PSID Destination,
4174 IN PSID Source
4175 );
4176
4177 NTSYSAPI
4178 BOOLEAN
4179 NTAPI
4180 RtlCreateUnicodeString(
4181 PUNICODE_STRING DestinationString,
4182 PCWSTR SourceString
4183 );
4184
4185 NTSYSAPI
4186 NTSTATUS
4187 NTAPI
4188 RtlDecompressBuffer (
4189 IN USHORT CompressionFormat,
4190 OUT PUCHAR UncompressedBuffer,
4191 IN ULONG UncompressedBufferSize,
4192 IN PUCHAR CompressedBuffer,
4193 IN ULONG CompressedBufferSize,
4194 OUT PULONG FinalUncompressedSize
4195 );
4196
4197 NTSYSAPI
4198 NTSTATUS
4199 NTAPI
4200 RtlDecompressChunks (
4201 OUT PUCHAR UncompressedBuffer,
4202 IN ULONG UncompressedBufferSize,
4203 IN PUCHAR CompressedBuffer,
4204 IN ULONG CompressedBufferSize,
4205 IN PUCHAR CompressedTail,
4206 IN ULONG CompressedTailSize,
4207 IN PCOMPRESSED_DATA_INFO CompressedDataInfo
4208 );
4209
4210 NTSYSAPI
4211 NTSTATUS
4212 NTAPI
4213 RtlDecompressFragment (
4214 IN USHORT CompressionFormat,
4215 OUT PUCHAR UncompressedFragment,
4216 IN ULONG UncompressedFragmentSize,
4217 IN PUCHAR CompressedBuffer,
4218 IN ULONG CompressedBufferSize,
4219 IN ULONG FragmentOffset,
4220 OUT PULONG FinalUncompressedSize,
4221 IN PVOID WorkSpace
4222 );
4223
4224 NTSYSAPI
4225 NTSTATUS
4226 NTAPI
4227 RtlDescribeChunk (
4228 IN USHORT CompressionFormat,
4229 IN OUT PUCHAR *CompressedBuffer,
4230 IN PUCHAR EndOfCompressedBufferPlus1,
4231 OUT PUCHAR *ChunkBuffer,
4232 OUT PULONG ChunkSize
4233 );
4234
4235 NTSYSAPI
4236 NTSTATUS
4237 NTAPI
4238 RtlDowncaseUnicodeString(
4239 IN OUT PUNICODE_STRING UniDest,
4240 IN PCUNICODE_STRING UniSource,
4241 IN BOOLEAN AllocateDestinationString
4242 );
4243
4244 NTSYSAPI
4245 NTSTATUS
4246 NTAPI
4247 RtlDuplicateUnicodeString(
4248 IN ULONG Flags,
4249 IN PCUNICODE_STRING SourceString,
4250 OUT PUNICODE_STRING DestinationString
4251 );
4252
4253 NTSYSAPI
4254 BOOLEAN
4255 NTAPI
4256 RtlEqualSid (
4257 IN PSID Sid1,
4258 IN PSID Sid2
4259 );
4260
4261 NTSYSAPI
4262 VOID
4263 NTAPI
4264 RtlFillMemoryUlong (
4265 IN PVOID Destination,
4266 IN ULONG Length,
4267 IN ULONG Fill
4268 );
4269
4270 NTSYSAPI
4271 BOOLEAN
4272 NTAPI
4273 RtlFreeHeap (
4274 IN HANDLE HeapHandle,
4275 IN ULONG Flags,
4276 IN PVOID P
4277 );
4278
4279 NTSYSAPI
4280 VOID
4281 NTAPI
4282 RtlFreeOemString(
4283 IN OUT POEM_STRING OemString
4284 );
4285
4286 NTSYSAPI
4287 VOID
4288 NTAPI
4289 RtlGenerate8dot3Name (
4290 IN PUNICODE_STRING Name,
4291 IN BOOLEAN AllowExtendedCharacters,
4292 IN OUT PGENERATE_NAME_CONTEXT Context,
4293 OUT PUNICODE_STRING Name8dot3
4294 );
4295
4296 NTSYSAPI
4297 NTSTATUS
4298 NTAPI
4299 RtlGetCompressionWorkSpaceSize (
4300 IN USHORT CompressionFormatAndEngine,
4301 OUT PULONG CompressBufferWorkSpaceSize,
4302 OUT PULONG CompressFragmentWorkSpaceSize
4303 );
4304
4305 NTSYSAPI
4306 NTSTATUS
4307 NTAPI
4308 RtlGetDaclSecurityDescriptor (
4309 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
4310 OUT PBOOLEAN DaclPresent,
4311 OUT PACL *Dacl,
4312 OUT PBOOLEAN DaclDefaulted
4313 );
4314
4315 NTSYSAPI
4316 NTSTATUS
4317 NTAPI
4318 RtlGetGroupSecurityDescriptor (
4319 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
4320 OUT PSID *Group,
4321 OUT PBOOLEAN GroupDefaulted
4322 );
4323
4324 NTSYSAPI
4325 NTSTATUS
4326 NTAPI
4327 RtlGetOwnerSecurityDescriptor (
4328 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
4329 OUT PSID *Owner,
4330 OUT PBOOLEAN OwnerDefaulted
4331 );
4332
4333 NTSYSAPI
4334 NTSTATUS
4335 NTAPI
4336 RtlInitializeSid (
4337 IN OUT PSID Sid,
4338 IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
4339 IN UCHAR SubAuthorityCount
4340 );
4341
4342 NTSYSAPI
4343 BOOLEAN
4344 NTAPI
4345 RtlIsNameLegalDOS8Dot3(
4346 IN PCUNICODE_STRING Name,
4347 IN OUT POEM_STRING OemName OPTIONAL,
4348 IN OUT PBOOLEAN NameContainsSpaces OPTIONAL
4349 );
4350
4351 NTSYSAPI
4352 ULONG
4353 NTAPI
4354 RtlLengthRequiredSid (
4355 IN ULONG SubAuthorityCount
4356 );
4357
4358 NTSYSAPI
4359 ULONG
4360 NTAPI
4361 RtlLengthSid (
4362 IN PSID Sid
4363 );
4364
4365 NTSYSAPI
4366 ULONG
4367 NTAPI
4368 RtlNtStatusToDosError (
4369 IN NTSTATUS Status
4370 );
4371
4372 NTSYSAPI
4373 NTSTATUS
4374 NTAPI
4375 RtlOemStringToUnicodeString(
4376 IN OUT PUNICODE_STRING DestinationString,
4377 IN PCOEM_STRING SourceString,
4378 IN BOOLEAN AllocateDestinationString
4379 );
4380
4381 NTSYSAPI
4382 NTSTATUS
4383 NTAPI
4384 RtlUnicodeStringToOemString(
4385 IN OUT POEM_STRING DestinationString,
4386 IN PCUNICODE_STRING SourceString,
4387 IN BOOLEAN AllocateDestinationString
4388 );
4389
4390 NTSYSAPI
4391 NTSTATUS
4392 NTAPI
4393 RtlOemStringToCountedUnicodeString(
4394 IN OUT PUNICODE_STRING DestinationString,
4395 IN PCOEM_STRING SourceString,
4396 IN BOOLEAN AllocateDestinationString
4397 );
4398
4399 NTSYSAPI
4400 NTSTATUS
4401 NTAPI
4402 RtlUnicodeStringToCountedOemString(
4403 IN OUT POEM_STRING DestinationString,
4404 IN PCUNICODE_STRING SourceString,
4405 IN BOOLEAN AllocateDestinationString
4406 );
4407
4408 NTSYSAPI
4409 NTSTATUS
4410 NTAPI
4411 RtlReserveChunk (
4412 IN USHORT CompressionFormat,
4413 IN OUT PUCHAR *CompressedBuffer,
4414 IN PUCHAR EndOfCompressedBufferPlus1,
4415 OUT PUCHAR *ChunkBuffer,
4416 IN ULONG ChunkSize
4417 );
4418
4419 NTSYSAPI
4420 VOID
4421 NTAPI
4422 RtlSecondsSince1970ToTime (
4423 IN ULONG SecondsSince1970,
4424 OUT PLARGE_INTEGER Time
4425 );
4426
4427 NTSYSAPI
4428 NTSTATUS
4429 NTAPI
4430 RtlSetGroupSecurityDescriptor (
4431 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
4432 IN PSID Group,
4433 IN BOOLEAN GroupDefaulted
4434 );
4435
4436 NTSYSAPI
4437 NTSTATUS
4438 NTAPI
4439 RtlSetOwnerSecurityDescriptor (
4440 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
4441 IN PSID Owner,
4442 IN BOOLEAN OwnerDefaulted
4443 );
4444
4445 NTSYSAPI
4446 NTSTATUS
4447 NTAPI
4448 RtlSetSaclSecurityDescriptor (
4449 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
4450 IN BOOLEAN SaclPresent,
4451 IN PACL Sacl,
4452 IN BOOLEAN SaclDefaulted
4453 );
4454
4455 NTSYSAPI
4456 PUCHAR
4457 NTAPI
4458 RtlSubAuthorityCountSid (
4459 IN PSID Sid
4460 );
4461
4462 NTSYSAPI
4463 PULONG
4464 NTAPI
4465 RtlSubAuthoritySid (
4466 IN PSID Sid,
4467 IN ULONG SubAuthority
4468 );
4469
4470 NTSYSAPI
4471 NTSTATUS
4472 NTAPI
4473 RtlUnicodeToMultiByteN(
4474 OUT PCHAR MultiByteString,
4475 IN ULONG MaxBytesInMultiByteString,
4476 OUT PULONG BytesInMultiByteString OPTIONAL,
4477 IN PWCH UnicodeString,
4478 IN ULONG BytesInUnicodeString
4479 );
4480
4481 NTSYSAPI
4482 NTSTATUS
4483 NTAPI
4484 RtlOemToUnicodeN(
4485 OUT PWSTR UnicodeString,
4486 IN ULONG MaxBytesInUnicodeString,
4487 OUT PULONG BytesInUnicodeString OPTIONAL,
4488 IN PCH OemString,
4489 IN ULONG BytesInOemString
4490 );
4491
4492 /* RTL Splay Tree Functions */
4493 NTSYSAPI
4494 PRTL_SPLAY_LINKS
4495 NTAPI
4496 RtlSplay(PRTL_SPLAY_LINKS Links);
4497
4498 NTSYSAPI
4499 PRTL_SPLAY_LINKS
4500 NTAPI
4501 RtlDelete(PRTL_SPLAY_LINKS Links);
4502
4503 NTSYSAPI
4504 VOID
4505 NTAPI
4506 RtlDeleteNoSplay(
4507 PRTL_SPLAY_LINKS Links,
4508 PRTL_SPLAY_LINKS *Root
4509 );
4510
4511 NTSYSAPI
4512 PRTL_SPLAY_LINKS
4513 NTAPI
4514 RtlSubtreeSuccessor(PRTL_SPLAY_LINKS Links);
4515
4516 NTSYSAPI
4517 PRTL_SPLAY_LINKS
4518 NTAPI
4519 RtlSubtreePredecessor(PRTL_SPLAY_LINKS Links);
4520
4521 NTSYSAPI
4522 PRTL_SPLAY_LINKS
4523 NTAPI
4524 RtlRealSuccessor(PRTL_SPLAY_LINKS Links);
4525
4526 NTSYSAPI
4527 PRTL_SPLAY_LINKS
4528 NTAPI
4529 RtlRealPredecessor(PRTL_SPLAY_LINKS Links);
4530
4531 #define RtlIsLeftChild(Links) \
4532 (RtlLeftChild(RtlParent(Links)) == (PRTL_SPLAY_LINKS)(Links))
4533
4534 #define RtlIsRightChild(Links) \
4535 (RtlRightChild(RtlParent(Links)) == (PRTL_SPLAY_LINKS)(Links))
4536
4537 #define RtlRightChild(Links) \
4538 ((PRTL_SPLAY_LINKS)(Links))->RightChild
4539
4540 #define RtlIsRoot(Links) \
4541 (RtlParent(Links) == (PRTL_SPLAY_LINKS)(Links))
4542
4543 #define RtlLeftChild(Links) \
4544 ((PRTL_SPLAY_LINKS)(Links))->LeftChild
4545
4546 #define RtlParent(Links) \
4547 ((PRTL_SPLAY_LINKS)(Links))->Parent
4548
4549 #define RtlInitializeSplayLinks(Links) \
4550 { \
4551 PRTL_SPLAY_LINKS _SplayLinks; \
4552 _SplayLinks = (PRTL_SPLAY_LINKS)(Links); \
4553 _SplayLinks->Parent = _SplayLinks; \
4554 _SplayLinks->LeftChild = NULL; \
4555 _SplayLinks->RightChild = NULL; \
4556 }
4557
4558 #define RtlInsertAsLeftChild(ParentLinks,ChildLinks) \
4559 { \
4560 PRTL_SPLAY_LINKS _SplayParent; \
4561 PRTL_SPLAY_LINKS _SplayChild; \
4562 _SplayParent = (PRTL_SPLAY_LINKS)(ParentLinks); \
4563 _SplayChild = (PRTL_SPLAY_LINKS)(ChildLinks); \
4564 _SplayParent->LeftChild = _SplayChild; \
4565 _SplayChild->Parent = _SplayParent; \
4566 }
4567
4568 #define RtlInsertAsRightChild(ParentLinks,ChildLinks) \
4569 { \
4570 PRTL_SPLAY_LINKS _SplayParent; \
4571 PRTL_SPLAY_LINKS _SplayChild; \
4572 _SplayParent = (PRTL_SPLAY_LINKS)(ParentLinks); \
4573 _SplayChild = (PRTL_SPLAY_LINKS)(ChildLinks); \
4574 _SplayParent->RightChild = _SplayChild; \
4575 _SplayChild->Parent = _SplayParent; \
4576 }
4577
4578 NTSYSAPI
4579 BOOLEAN
4580 NTAPI
4581 RtlValidSid (
4582 IN PSID Sid
4583 );
4584
4585 NTKERNELAPI
4586 NTSTATUS
4587 NTAPI
4588 SeAppendPrivileges (
4589 PACCESS_STATE AccessState,
4590 PPRIVILEGE_SET Privileges
4591 );
4592
4593 NTKERNELAPI
4594 BOOLEAN
4595 NTAPI
4596 SeAuditingFileEvents (
4597 IN BOOLEAN AccessGranted,
4598 IN PSECURITY_DESCRIPTOR SecurityDescriptor
4599 );
4600
4601 NTKERNELAPI
4602 BOOLEAN
4603 NTAPI
4604 SeAuditingFileOrGlobalEvents (
4605 IN BOOLEAN AccessGranted,
4606 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
4607 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
4608 );
4609
4610 NTKERNELAPI
4611 VOID
4612 NTAPI
4613 SeCaptureSubjectContext (
4614 OUT PSECURITY_SUBJECT_CONTEXT SubjectContext
4615 );
4616
4617 NTKERNELAPI
4618 NTSTATUS
4619 NTAPI
4620 SeCreateClientSecurity (
4621 IN PETHREAD Thread,
4622 IN PSECURITY_QUALITY_OF_SERVICE QualityOfService,
4623 IN BOOLEAN RemoteClient,
4624 OUT PSECURITY_CLIENT_CONTEXT ClientContext
4625 );
4626
4627 #if (VER_PRODUCTBUILD >= 2195)
4628
4629 NTKERNELAPI
4630 NTSTATUS
4631 NTAPI
4632 SeCreateClientSecurityFromSubjectContext (
4633 IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
4634 IN PSECURITY_QUALITY_OF_SERVICE QualityOfService,
4635 IN BOOLEAN ServerIsRemote,
4636 OUT PSECURITY_CLIENT_CONTEXT ClientContext
4637 );
4638
4639 #endif /* (VER_PRODUCTBUILD >= 2195) */
4640
4641
4642 #define SeLengthSid( Sid ) \
4643 (8 + (4 * ((SID *)Sid)->SubAuthorityCount))
4644
4645 #define SeDeleteClientSecurity(C) { \
4646 if (SeTokenType((C)->ClientToken) == TokenPrimary) { \
4647 PsDereferencePrimaryToken( (C)->ClientToken ); \
4648 } else { \
4649 PsDereferenceImpersonationToken( (C)->ClientToken ); \
4650 } \
4651 }
4652
4653 NTKERNELAPI
4654 VOID
4655 NTAPI
4656 SeDeleteObjectAuditAlarm (
4657 IN PVOID Object,
4658 IN HANDLE Handle
4659 );
4660
4661 #define SeEnableAccessToExports() SeExports = *(PSE_EXPORTS *)SeExports;
4662
4663 NTKERNELAPI
4664 VOID
4665 NTAPI
4666 SeFreePrivileges (
4667 IN PPRIVILEGE_SET Privileges
4668 );
4669
4670 NTKERNELAPI
4671 VOID
4672 NTAPI
4673 SeImpersonateClient (
4674 IN PSECURITY_CLIENT_CONTEXT ClientContext,
4675 IN PETHREAD ServerThread OPTIONAL
4676 );
4677
4678 #if (VER_PRODUCTBUILD >= 2195)
4679
4680 NTKERNELAPI
4681 NTSTATUS
4682 NTAPI
4683 SeImpersonateClientEx (
4684 IN PSECURITY_CLIENT_CONTEXT ClientContext,
4685 IN PETHREAD ServerThread OPTIONAL
4686 );
4687
4688 #endif /* (VER_PRODUCTBUILD >= 2195) */
4689
4690 NTKERNELAPI
4691 VOID
4692 NTAPI
4693 SeLockSubjectContext (
4694 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
4695 );
4696
4697 NTKERNELAPI
4698 NTSTATUS
4699 NTAPI
4700 SeMarkLogonSessionForTerminationNotification (
4701 IN PLUID LogonId
4702 );
4703
4704 NTKERNELAPI
4705 VOID
4706 NTAPI
4707 SeOpenObjectAuditAlarm (
4708 IN PUNICODE_STRING ObjectTypeName,
4709 IN PVOID Object OPTIONAL,
4710 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
4711 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
4712 IN PACCESS_STATE AccessState,
4713 IN BOOLEAN ObjectCreated,
4714 IN BOOLEAN AccessGranted,
4715 IN KPROCESSOR_MODE AccessMode,
4716 OUT PBOOLEAN GenerateOnClose
4717 );
4718
4719 NTKERNELAPI
4720 VOID
4721 NTAPI
4722 SeOpenObjectForDeleteAuditAlarm (
4723 IN PUNICODE_STRING ObjectTypeName,
4724 IN PVOID Object OPTIONAL,
4725 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
4726 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
4727 IN PACCESS_STATE AccessState,
4728 IN BOOLEAN ObjectCreated,
4729 IN BOOLEAN AccessGranted,
4730 IN KPROCESSOR_MODE AccessMode,
4731 OUT PBOOLEAN GenerateOnClose
4732 );
4733
4734 NTKERNELAPI
4735 BOOLEAN
4736 NTAPI
4737 SePrivilegeCheck (
4738 IN OUT PPRIVILEGE_SET RequiredPrivileges,
4739 IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
4740 IN KPROCESSOR_MODE AccessMode
4741 );
4742
4743 NTKERNELAPI
4744 NTSTATUS
4745 NTAPI
4746 SeQueryAuthenticationIdToken (
4747 IN PACCESS_TOKEN Token,
4748 OUT PLUID LogonId
4749 );
4750
4751 #if (VER_PRODUCTBUILD >= 2195)
4752
4753 NTKERNELAPI
4754 NTSTATUS
4755 NTAPI
4756 SeQueryInformationToken (
4757 IN PACCESS_TOKEN Token,
4758 IN TOKEN_INFORMATION_CLASS TokenInformationClass,
4759 OUT PVOID *TokenInformation
4760 );
4761
4762 #endif /* (VER_PRODUCTBUILD >= 2195) */
4763
4764 NTKERNELAPI
4765 NTSTATUS
4766 NTAPI
4767 SeQuerySecurityDescriptorInfo (
4768 IN PSECURITY_INFORMATION SecurityInformation,
4769 OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
4770 IN OUT PULONG Length,
4771 IN PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor
4772 );
4773
4774 #if (VER_PRODUCTBUILD >= 2195)
4775
4776 NTKERNELAPI
4777 NTSTATUS
4778 NTAPI
4779 SeQuerySessionIdToken (
4780 IN PACCESS_TOKEN Token,
4781 IN PULONG SessionId
4782 );
4783
4784 #endif /* (VER_PRODUCTBUILD >= 2195) */
4785
4786 #define SeQuerySubjectContextToken( SubjectContext ) \
4787 ( ARGUMENT_PRESENT( \
4788 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken \
4789 ) ? \
4790 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken : \
4791 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->PrimaryToken )
4792
4793 typedef NTSTATUS (*PSE_LOGON_SESSION_TERMINATED_ROUTINE) (
4794 IN PLUID LogonId
4795 );
4796
4797 NTKERNELAPI
4798 NTSTATUS
4799 NTAPI
4800 SeRegisterLogonSessionTerminatedRoutine (
4801 IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
4802 );
4803
4804 NTKERNELAPI
4805 VOID
4806 NTAPI
4807 SeReleaseSubjectContext (
4808 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
4809 );
4810
4811 NTKERNELAPI
4812 VOID
4813 NTAPI
4814 SeSetAccessStateGenericMapping (
4815 PACCESS_STATE AccessState,
4816 PGENERIC_MAPPING GenericMapping
4817 );
4818
4819 NTKERNELAPI
4820 NTSTATUS
4821 NTAPI
4822 SeSetSecurityDescriptorInfo (
4823 IN PVOID Object OPTIONAL,
4824 IN PSECURITY_INFORMATION SecurityInformation,
4825 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
4826 IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
4827 IN POOL_TYPE PoolType,
4828 IN PGENERIC_MAPPING GenericMapping
4829 );
4830
4831 #if (VER_PRODUCTBUILD >= 2195)
4832
4833 NTKERNELAPI
4834 NTSTATUS
4835 NTAPI
4836 SeSetSecurityDescriptorInfoEx (
4837 IN PVOID Object OPTIONAL,
4838 IN PSECURITY_INFORMATION SecurityInformation,
4839 IN PSECURITY_DESCRIPTOR ModificationDescriptor,
4840 IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
4841 IN ULONG AutoInheritFlags,
4842 IN POOL_TYPE PoolType,
4843 IN PGENERIC_MAPPING GenericMapping
4844 );
4845
4846 NTKERNELAPI
4847 BOOLEAN
4848 NTAPI
4849 SeTokenIsAdmin (
4850 IN PACCESS_TOKEN Token
4851 );
4852
4853 NTKERNELAPI
4854 BOOLEAN
4855 NTAPI
4856 SeTokenIsRestricted (
4857 IN PACCESS_TOKEN Token
4858 );
4859
4860
4861 NTSTATUS
4862 NTAPI
4863 SeLocateProcessImageName(
4864 IN PEPROCESS Process,
4865 OUT PUNICODE_STRING *pImageFileName
4866 );
4867
4868 #endif /* (VER_PRODUCTBUILD >= 2195) */
4869
4870 NTKERNELAPI
4871 TOKEN_TYPE
4872 NTAPI
4873 SeTokenType (
4874 IN PACCESS_TOKEN Token
4875 );
4876
4877 NTKERNELAPI
4878 VOID
4879 NTAPI
4880 SeUnlockSubjectContext (
4881 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
4882 );
4883
4884 NTKERNELAPI
4885 NTSTATUS
4886 NTAPI
4887 SeUnregisterLogonSessionTerminatedRoutine (
4888 IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
4889 );
4890
4891 #if (VER_PRODUCTBUILD >= 2195)
4892
4893 NTSYSAPI
4894 NTSTATUS
4895 NTAPI
4896 ZwAdjustPrivilegesToken (
4897 IN HANDLE TokenHandle,
4898 IN BOOLEAN DisableAllPrivileges,
4899 IN PTOKEN_PRIVILEGES NewState,
4900 IN ULONG BufferLength,
4901 OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL,
4902 OUT PULONG ReturnLength
4903 );
4904
4905 #endif /* (VER_PRODUCTBUILD >= 2195) */
4906
4907 NTSYSAPI
4908 NTSTATUS
4909 NTAPI
4910 ZwAlertThread (
4911 IN HANDLE ThreadHandle
4912 );
4913
4914 NTSYSAPI
4915 NTSTATUS
4916 NTAPI
4917 ZwAllocateVirtualMemory (
4918 IN HANDLE ProcessHandle,
4919 IN OUT PVOID *BaseAddress,
4920 IN ULONG_PTR ZeroBits,
4921 IN OUT PSIZE_T RegionSize,
4922 IN ULONG AllocationType,
4923 IN ULONG Protect
4924 );
4925
4926 NTSTATUS
4927 NTAPI
4928 NtAccessCheckByTypeAndAuditAlarm(
4929 IN PUNICODE_STRING SubsystemName,
4930 IN HANDLE HandleId,
4931 IN PUNICODE_STRING ObjectTypeName,
4932 IN PUNICODE_STRING ObjectName,
4933 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
4934 IN PSID PrincipalSelfSid,
4935 IN ACCESS_MASK DesiredAccess,
4936 IN AUDIT_EVENT_TYPE AuditType,
4937 IN ULONG Flags,
4938 IN POBJECT_TYPE_LIST ObjectTypeList,
4939 IN ULONG ObjectTypeLength,
4940 IN PGENERIC_MAPPING GenericMapping,
4941 IN BOOLEAN ObjectCreation,
4942 OUT PACCESS_MASK GrantedAccess,
4943 OUT PNTSTATUS AccessStatus,
4944 OUT PBOOLEAN GenerateOnClose
4945 );
4946
4947 NTSTATUS
4948 NTAPI
4949 NtAccessCheckByTypeResultListAndAuditAlarm(
4950 IN PUNICODE_STRING SubsystemName,
4951 IN HANDLE HandleId,
4952 IN PUNICODE_STRING ObjectTypeName,
4953 IN PUNICODE_STRING ObjectName,
4954 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
4955 IN PSID PrincipalSelfSid,
4956 IN ACCESS_MASK DesiredAccess,
4957 IN AUDIT_EVENT_TYPE AuditType,
4958 IN ULONG Flags,
4959 IN POBJECT_TYPE_LIST ObjectTypeList,
4960 IN ULONG ObjectTypeLength,
4961 IN PGENERIC_MAPPING GenericMapping,
4962 IN BOOLEAN ObjectCreation,
4963 OUT PACCESS_MASK GrantedAccess,
4964 OUT PNTSTATUS AccessStatus,
4965 OUT PBOOLEAN GenerateOnClose
4966 );
4967
4968 NTSTATUS
4969 NTAPI
4970 NtAccessCheckByTypeResultListAndAuditAlarmByHandle(
4971 IN PUNICODE_STRING SubsystemName,
4972 IN HANDLE HandleId,
4973 IN HANDLE ClientToken,
4974 IN PUNICODE_STRING ObjectTypeName,
4975 IN PUNICODE_STRING ObjectName,
4976 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
4977 IN PSID PrincipalSelfSid,
4978 IN ACCESS_MASK DesiredAccess,
4979 IN AUDIT_EVENT_TYPE AuditType,
4980 IN ULONG Flags,
4981 IN POBJECT_TYPE_LIST ObjectTypeList,
4982 IN ULONG ObjectTypeLength,
4983 IN PGENERIC_MAPPING GenericMapping,
4984 IN BOOLEAN ObjectCreation,
4985 OUT PACCESS_MASK GrantedAccess,
4986 OUT PNTSTATUS AccessStatus,
4987 OUT PBOOLEAN GenerateOnClose
4988 );
4989
4990 NTSYSAPI
4991 NTSTATUS
4992 NTAPI
4993 ZwAccessCheckAndAuditAlarm (
4994 IN PUNICODE_STRING SubsystemName,
4995 IN PVOID HandleId,
4996 IN PUNICODE_STRING ObjectTypeName,
4997 IN PUNICODE_STRING ObjectName,
4998 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
4999 IN ACCESS_MASK DesiredAccess,
5000 IN PGENERIC_MAPPING GenericMapping,
5001 IN BOOLEAN ObjectCreation,
5002 OUT PACCESS_MASK GrantedAccess,
5003 OUT PBOOLEAN AccessStatus,
5004 OUT PBOOLEAN GenerateOnClose
5005 );
5006
5007 #if (VER_PRODUCTBUILD >= 2195)
5008
5009 NTSYSAPI
5010 NTSTATUS
5011 NTAPI
5012 ZwCancelIoFile (
5013 IN HANDLE FileHandle,
5014 OUT PIO_STATUS_BLOCK IoStatusBlock
5015 );
5016
5017 #endif /* (VER_PRODUCTBUILD >= 2195) */
5018
5019 NTSYSAPI
5020 NTSTATUS
5021 NTAPI
5022 ZwClearEvent (
5023 IN HANDLE EventHandle
5024 );
5025
5026 NTSYSAPI
5027 NTSTATUS
5028 NTAPI
5029 ZwCloseObjectAuditAlarm (
5030 IN PUNICODE_STRING SubsystemName,
5031 IN PVOID HandleId,
5032 IN BOOLEAN GenerateOnClose
5033 );
5034
5035 NTSYSAPI
5036 NTSTATUS
5037 NTAPI
5038 ZwCreateSection (
5039 OUT PHANDLE SectionHandle,
5040 IN ACCESS_MASK DesiredAccess,
5041 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
5042 IN PLARGE_INTEGER MaximumSize OPTIONAL,
5043 IN ULONG SectionPageProtection,
5044 IN ULONG AllocationAttributes,
5045 IN HANDLE FileHandle OPTIONAL
5046 );
5047
5048 NTSYSAPI
5049 NTSTATUS
5050 NTAPI
5051 ZwCreateSymbolicLinkObject (
5052 OUT PHANDLE SymbolicLinkHandle,
5053 IN ACCESS_MASK DesiredAccess,
5054 IN POBJECT_ATTRIBUTES ObjectAttributes,
5055 IN PUNICODE_STRING TargetName
5056 );
5057
5058 NTSYSAPI
5059 NTSTATUS
5060 NTAPI
5061 ZwDeleteFile (
5062 IN POBJECT_ATTRIBUTES ObjectAttributes
5063 );
5064
5065 NTSYSAPI
5066 NTSTATUS
5067 NTAPI
5068 ZwDeleteValueKey (
5069 IN HANDLE Handle,
5070 IN PUNICODE_STRING Name
5071 );
5072
5073 NTSYSAPI
5074 NTSTATUS
5075 NTAPI
5076 ZwDeviceIoControlFile (
5077 IN HANDLE FileHandle,
5078 IN HANDLE Event OPTIONAL,
5079 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
5080 IN PVOID ApcContext OPTIONAL,
5081 OUT PIO_STATUS_BLOCK IoStatusBlock,
5082 IN ULONG IoControlCode,
5083 IN PVOID InputBuffer OPTIONAL,
5084 IN ULONG InputBufferLength,
5085 OUT PVOID OutputBuffer OPTIONAL,
5086 IN ULONG OutputBufferLength
5087 );
5088
5089 NTSYSAPI
5090 NTSTATUS
5091 NTAPI
5092 ZwDisplayString (
5093 IN PUNICODE_STRING String
5094 );
5095
5096 NTSYSAPI
5097 NTSTATUS
5098 NTAPI
5099 ZwDuplicateObject (
5100 IN HANDLE SourceProcessHandle,
5101 IN HANDLE SourceHandle,
5102 IN HANDLE TargetProcessHandle OPTIONAL,
5103 OUT PHANDLE TargetHandle OPTIONAL,
5104 IN ACCESS_MASK DesiredAccess,
5105 IN ULONG HandleAttributes,
5106 IN ULONG Options
5107 );
5108
5109 NTSYSAPI
5110 NTSTATUS
5111 NTAPI
5112 ZwDuplicateToken (
5113 IN HANDLE ExistingTokenHandle,
5114 IN ACCESS_MASK DesiredAccess,
5115 IN POBJECT_ATTRIBUTES ObjectAttributes,
5116 IN BOOLEAN EffectiveOnly,
5117 IN TOKEN_TYPE TokenType,
5118 OUT PHANDLE NewTokenHandle
5119 );
5120
5121 NTSTATUS
5122 NTAPI
5123 NtFilterToken(
5124 IN HANDLE ExistingTokenHandle,
5125 IN ULONG Flags,
5126 IN PTOKEN_GROUPS SidsToDisable OPTIONAL,
5127 IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL,
5128 IN PTOKEN_GROUPS RestrictedSids OPTIONAL,
5129 OUT PHANDLE NewTokenHandle
5130 );
5131
5132 NTSYSAPI
5133 NTSTATUS
5134 NTAPI
5135 ZwFlushInstructionCache (
5136 IN HANDLE ProcessHandle,
5137 IN PVOID BaseAddress OPTIONAL,
5138 IN ULONG FlushSize
5139 );
5140
5141 NTSYSAPI
5142 NTSTATUS
5143 NTAPI
5144 ZwFlushBuffersFile(
5145 IN HANDLE FileHandle,
5146 OUT PIO_STATUS_BLOCK IoStatusBlock
5147 );
5148
5149 #if (VER_PRODUCTBUILD >= 2195)
5150
5151 NTSYSAPI
5152 NTSTATUS
5153 NTAPI
5154 ZwFlushVirtualMemory (
5155 IN HANDLE ProcessHandle,
5156 IN OUT PVOID *BaseAddress,
5157 IN OUT PULONG FlushSize,
5158 OUT PIO_STATUS_BLOCK IoStatusBlock
5159 );
5160
5161 #endif /* (VER_PRODUCTBUILD >= 2195) */
5162
5163 NTSYSAPI
5164 NTSTATUS
5165 NTAPI
5166 ZwFreeVirtualMemory (
5167 IN HANDLE ProcessHandle,
5168 IN OUT PVOID *BaseAddress,
5169 IN OUT PSIZE_T RegionSize,
5170 IN ULONG FreeType
5171 );
5172
5173 NTSYSAPI
5174 NTSTATUS
5175 NTAPI
5176 ZwFsControlFile (
5177 IN HANDLE FileHandle,
5178 IN HANDLE Event OPTIONAL,
5179 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
5180 IN PVOID ApcContext OPTIONAL,
5181 OUT PIO_STATUS_BLOCK IoStatusBlock,
5182 IN ULONG FsControlCode,
5183 IN PVOID InputBuffer OPTIONAL,
5184 IN ULONG InputBufferLength,
5185 OUT PVOID OutputBuffer OPTIONAL,
5186 IN ULONG OutputBufferLength
5187 );
5188
5189 #if (VER_PRODUCTBUILD >= 2195)
5190
5191 NTSYSAPI
5192 NTSTATUS
5193 NTAPI
5194 ZwInitiatePowerAction (
5195 IN POWER_ACTION SystemAction,
5196 IN SYSTEM_POWER_STATE MinSystemState,
5197 IN ULONG Flags,
5198 IN BOOLEAN Asynchronous
5199 );
5200
5201 #endif /* (VER_PRODUCTBUILD >= 2195) */
5202
5203 NTSYSAPI
5204 NTSTATUS
5205 NTAPI
5206 ZwLoadDriver (
5207 /* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" */
5208 IN PUNICODE_STRING RegistryPath
5209 );
5210
5211 NTSYSAPI
5212 NTSTATUS
5213 NTAPI
5214 ZwLoadKey (
5215 IN POBJECT_ATTRIBUTES KeyObjectAttributes,
5216 IN POBJECT_ATTRIBUTES FileObjectAttributes
5217 );
5218
5219 NTSYSAPI
5220 NTSTATUS
5221 NTAPI
5222 ZwNotifyChangeKey (
5223 IN HANDLE KeyHandle,
5224 IN HANDLE EventHandle OPTIONAL,
5225 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
5226 IN PVOID ApcContext OPTIONAL,
5227 OUT PIO_STATUS_BLOCK IoStatusBlock,
5228 IN ULONG NotifyFilter,
5229 IN BOOLEAN WatchSubtree,
5230 IN PVOID Buffer,
5231 IN ULONG BufferLength,
5232 IN BOOLEAN Asynchronous
5233 );
5234
5235 NTSYSAPI
5236 NTSTATUS
5237 NTAPI
5238 ZwOpenDirectoryObject (
5239 OUT PHANDLE DirectoryHandle,
5240 IN ACCESS_MASK DesiredAccess,
5241 IN POBJECT_ATTRIBUTES ObjectAttributes
5242 );
5243
5244 NTSYSAPI
5245 NTSTATUS
5246 NTAPI
5247 ZwOpenEvent (
5248 OUT PHANDLE EventHandle,
5249 IN ACCESS_MASK DesiredAccess,
5250 IN POBJECT_ATTRIBUTES ObjectAttributes
5251 );
5252
5253 NTSYSAPI
5254 NTSTATUS
5255 NTAPI
5256 ZwOpenProcess (
5257 OUT PHANDLE ProcessHandle,
5258 IN ACCESS_MASK DesiredAccess,
5259 IN POBJECT_ATTRIBUTES ObjectAttributes,
5260 IN PCLIENT_ID ClientId OPTIONAL
5261 );
5262
5263 NTSYSAPI
5264 NTSTATUS
5265 NTAPI
5266 ZwOpenProcessToken (
5267 IN HANDLE ProcessHandle,
5268 IN ACCESS_MASK DesiredAccess,
5269 OUT PHANDLE TokenHandle
5270 );
5271
5272 NTSYSAPI
5273 NTSTATUS
5274 NTAPI
5275 ZwOpenThread (
5276 OUT PHANDLE ThreadHandle,
5277 IN ACCESS_MASK DesiredAccess,
5278 IN POBJECT_ATTRIBUTES ObjectAttributes,
5279 IN PCLIENT_ID ClientId
5280 );
5281
5282 NTSYSAPI
5283 NTSTATUS
5284 NTAPI
5285 ZwOpenThreadToken (
5286 IN HANDLE ThreadHandle,
5287 IN ACCESS_MASK DesiredAccess,
5288 IN BOOLEAN OpenAsSelf,
5289 OUT PHANDLE TokenHandle
5290 );
5291
5292 #if (VER_PRODUCTBUILD >= 2195)
5293
5294 NTSYSAPI
5295 NTSTATUS
5296 NTAPI
5297 ZwPowerInformation (
5298 IN POWER_INFORMATION_LEVEL PowerInformationLevel,
5299 IN PVOID InputBuffer OPTIONAL,
5300 IN ULONG InputBufferLength,
5301 OUT PVOID OutputBuffer OPTIONAL,
5302 IN ULONG OutputBufferLength
5303 );
5304
5305 #endif /* (VER_PRODUCTBUILD >= 2195) */
5306
5307 NTSYSAPI
5308 NTSTATUS
5309 NTAPI
5310 ZwPulseEvent (
5311 IN HANDLE EventHandle,
5312 OUT PLONG PreviousState OPTIONAL
5313 );
5314
5315 NTSYSAPI
5316 NTSTATUS
5317 NTAPI
5318 ZwQueryDefaultLocale (
5319 IN BOOLEAN ThreadOrSystem,
5320 OUT PLCID Locale
5321 );
5322
5323 NTSYSAPI
5324 NTSTATUS
5325 NTAPI
5326 ZwQueryDirectoryFile (
5327 IN HANDLE FileHandle,
5328 IN HANDLE Event OPTIONAL,
5329 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
5330 IN PVOID ApcContext OPTIONAL,
5331 OUT PIO_STATUS_BLOCK IoStatusBlock,
5332 OUT PVOID FileInformation,
5333 IN ULONG Length,
5334 IN FILE_INFORMATION_CLASS FileInformationClass,
5335 IN BOOLEAN ReturnSingleEntry,
5336 IN PUNICODE_STRING FileName OPTIONAL,
5337 IN BOOLEAN RestartScan
5338 );
5339
5340 #if (VER_PRODUCTBUILD >= 2195)
5341
5342 NTSYSAPI
5343 NTSTATUS
5344 NTAPI
5345 ZwQueryDirectoryObject (
5346 IN HANDLE DirectoryHandle,
5347 OUT PVOID Buffer,
5348 IN ULONG Length,
5349 IN BOOLEAN ReturnSingleEntry,
5350 IN BOOLEAN RestartScan,
5351 IN OUT PULONG Context,
5352 OUT PULONG ReturnLength OPTIONAL
5353 );
5354
5355 NTSYSAPI
5356 NTSTATUS
5357 NTAPI
5358 ZwQueryEaFile (
5359 IN HANDLE FileHandle,
5360 OUT PIO_STATUS_BLOCK IoStatusBlock,
5361 OUT PVOID Buffer,
5362 IN ULONG Length,
5363 IN BOOLEAN ReturnSingleEntry,
5364 IN PVOID EaList OPTIONAL,
5365 IN ULONG EaListLength,
5366 IN PULONG EaIndex OPTIONAL,
5367 IN BOOLEAN RestartScan
5368 );
5369
5370 #endif /* (VER_PRODUCTBUILD >= 2195) */
5371
5372 NTSYSAPI
5373 NTSTATUS
5374 NTAPI
5375 ZwQueryInformationProcess (
5376 IN HANDLE ProcessHandle,
5377 IN PROCESSINFOCLASS ProcessInformationClass,
5378 OUT PVOID ProcessInformation,
5379 IN ULONG ProcessInformationLength,
5380 OUT PULONG ReturnLength OPTIONAL
5381 );
5382
5383 NTSYSAPI
5384 NTSTATUS
5385 NTAPI
5386 ZwQueryInformationToken (
5387 IN HANDLE TokenHandle,
5388 IN TOKEN_INFORMATION_CLASS TokenInformationClass,
5389 OUT PVOID TokenInformation,
5390 IN ULONG Length,
5391 OUT PULONG ResultLength
5392 );
5393
5394 NTSYSAPI
5395 NTSTATUS
5396 NTAPI
5397 ZwQuerySecurityObject (
5398 IN HANDLE FileHandle,
5399 IN SECURITY_INFORMATION SecurityInformation,
5400 OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
5401 IN ULONG Length,
5402 OUT PULONG ResultLength
5403 );
5404
5405 NTSYSAPI
5406 NTSTATUS
5407 NTAPI
5408 ZwQueryVolumeInformationFile (
5409 IN HANDLE FileHandle,
5410 OUT PIO_STATUS_BLOCK IoStatusBlock,
5411 OUT PVOID FsInformation,
5412 IN ULONG Length,
5413 IN FS_INFORMATION_CLASS FsInformationClass
5414 );
5415
5416 NTSYSAPI
5417 NTSTATUS
5418 NTAPI
5419 ZwReplaceKey (
5420 IN POBJECT_ATTRIBUTES NewFileObjectAttributes,
5421 IN HANDLE KeyHandle,
5422 IN POBJECT_ATTRIBUTES OldFileObjectAttributes
5423 );
5424
5425 NTSYSAPI
5426 NTSTATUS
5427 NTAPI
5428 ZwResetEvent (
5429 IN HANDLE EventHandle,
5430 OUT PLONG PreviousState OPTIONAL
5431 );
5432
5433 #if (VER_PRODUCTBUILD >= 2195)
5434
5435 NTSYSAPI
5436 NTSTATUS
5437 NTAPI
5438 ZwRestoreKey (
5439 IN HANDLE KeyHandle,
5440 IN HANDLE FileHandle,
5441 IN ULONG Flags
5442 );
5443
5444 #endif /* (VER_PRODUCTBUILD >= 2195) */
5445
5446 NTSYSAPI
5447 NTSTATUS
5448 NTAPI
5449 ZwSaveKey (
5450 IN HANDLE KeyHandle,
5451 IN HANDLE FileHandle
5452 );
5453
5454 NTSYSAPI
5455 NTSTATUS
5456 NTAPI
5457 ZwSetDefaultLocale (
5458 IN BOOLEAN ThreadOrSystem,
5459 IN LCID Locale
5460 );
5461
5462 #if (VER_PRODUCTBUILD >= 2195)
5463
5464 NTSYSAPI
5465 NTSTATUS
5466 NTAPI
5467 ZwSetDefaultUILanguage (
5468 IN LANGID LanguageId
5469 );
5470
5471 NTSYSAPI
5472 NTSTATUS
5473 NTAPI
5474 ZwSetEaFile (
5475 IN HANDLE FileHandle,
5476 OUT PIO_STATUS_BLOCK IoStatusBlock,
5477 OUT PVOID Buffer,
5478 IN ULONG Length
5479 );
5480
5481 #endif /* (VER_PRODUCTBUILD >= 2195) */
5482
5483 NTSYSAPI
5484 NTSTATUS
5485 NTAPI
5486 ZwSetEvent (
5487 IN HANDLE EventHandle,
5488 OUT PLONG PreviousState OPTIONAL
5489 );
5490
5491 NTSYSAPI
5492 NTSTATUS
5493 NTAPI
5494 ZwSetInformationProcess (
5495 IN HANDLE ProcessHandle,
5496 IN PROCESSINFOCLASS ProcessInformationClass,
5497 IN PVOID ProcessInformation,
5498 IN ULONG ProcessInformationLength
5499 );
5500
5501 #if (VER_PRODUCTBUILD >= 2195)
5502
5503 NTSYSAPI
5504 NTSTATUS
5505 NTAPI
5506 ZwSetSecurityObject (
5507 IN HANDLE Handle,
5508 IN SECURITY_INFORMATION SecurityInformation,
5509 IN PSECURITY_DESCRIPTOR SecurityDescriptor
5510 );
5511
5512 #endif /* (VER_PRODUCTBUILD >= 2195) */
5513
5514 NTSYSAPI
5515 NTSTATUS
5516 NTAPI
5517 ZwSetSystemTime (
5518 IN PLARGE_INTEGER NewTime,
5519 OUT PLARGE_INTEGER OldTime OPTIONAL
5520 );
5521
5522 #if (VER_PRODUCTBUILD >= 2195)
5523
5524 NTSYSAPI
5525 NTSTATUS
5526 NTAPI
5527 ZwSetVolumeInformationFile (
5528 IN HANDLE FileHandle,
5529 OUT PIO_STATUS_BLOCK IoStatusBlock,
5530 IN PVOID FsInformation,
5531 IN ULONG Length,
5532 IN FS_INFORMATION_CLASS FsInformationClass
5533 );
5534
5535 #endif /* (VER_PRODUCTBUILD >= 2195) */
5536
5537 NTSYSAPI
5538 NTSTATUS
5539 NTAPI
5540 ZwTerminateProcess (
5541 IN HANDLE ProcessHandle OPTIONAL,
5542 IN NTSTATUS ExitStatus
5543 );
5544
5545 NTSYSAPI
5546 NTSTATUS
5547 NTAPI
5548 ZwUnloadDriver (
5549 /* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" */
5550 IN PUNICODE_STRING RegistryPath
5551 );
5552
5553 NTSYSAPI
5554 NTSTATUS
5555 NTAPI
5556 ZwUnloadKey (
5557 IN POBJECT_ATTRIBUTES KeyObjectAttributes
5558 );
5559
5560 NTSYSAPI
5561 NTSTATUS
5562 NTAPI
5563 ZwWaitForSingleObject (
5564 IN HANDLE Handle,
5565 IN BOOLEAN Alertable,
5566 IN PLARGE_INTEGER Timeout OPTIONAL
5567 );
5568
5569 NTSYSAPI
5570 NTSTATUS
5571 NTAPI
5572 ZwWaitForMultipleObjects (
5573 IN ULONG HandleCount,
5574 IN PHANDLE Handles,
5575 IN WAIT_TYPE WaitType,
5576 IN BOOLEAN Alertable,
5577 IN PLARGE_INTEGER Timeout OPTIONAL
5578 );
5579
5580 NTSYSAPI
5581 NTSTATUS
5582 NTAPI
5583 ZwYieldExecution (
5584 VOID
5585 );
5586
5587 #pragma pack(pop)
5588
5589 #ifdef __cplusplus
5590 }
5591 #endif
5592
5593 #endif /* _NTIFS_ */
A free Windows-compatible Operating System