4 * Windows NT Filesystem Driver Developer Kit
6 * This file is part of the w32api package.
9 * Created by Bo Brantén <bosse@acc.umu.se>
11 * THIS SOFTWARE IS NOT COPYRIGHTED
13 * This source code is offered for use in the public domain. You may
14 * use, modify or distribute it freely.
16 * This code is distributed in the hope that it will be useful but
17 * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
18 * DISCLAIMED. This includes but is not limited to warranties of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
28 #pragma GCC system_header
40 #define VER_PRODUCTBUILD 10000
47 #define NTKERNELAPI STDCALL
50 typedef struct _SE_EXPORTS
*PSE_EXPORTS
;
52 extern PUCHAR
*FsRtlLegalAnsiCharacterArray
;
53 extern PSE_EXPORTS SeExports
;
54 extern PACL SePublicDefaultDacl
;
55 extern PACL SeSystemDefaultDacl
;
57 #define ANSI_DOS_STAR ('<')
58 #define ANSI_DOS_QM ('>')
59 #define ANSI_DOS_DOT ('"')
61 #define DOS_STAR (L'<')
63 #define DOS_DOT (L'"')
66 #define ACCESS_ALLOWED_ACE_TYPE (0x0)
67 #define ACCESS_DENIED_ACE_TYPE (0x1)
68 #define SYSTEM_AUDIT_ACE_TYPE (0x2)
69 #define SYSTEM_ALARM_ACE_TYPE (0x3)
71 #define COMPRESSION_FORMAT_NONE (0x0000)
72 #define COMPRESSION_FORMAT_DEFAULT (0x0001)
73 #define COMPRESSION_FORMAT_LZNT1 (0x0002)
74 #define COMPRESSION_ENGINE_STANDARD (0x0000)
75 #define COMPRESSION_ENGINE_MAXIMUM (0x0100)
76 #define COMPRESSION_ENGINE_HIBER (0x0200)
78 #define FILE_ACTION_ADDED 0x00000001
79 #define FILE_ACTION_REMOVED 0x00000002
80 #define FILE_ACTION_MODIFIED 0x00000003
81 #define FILE_ACTION_RENAMED_OLD_NAME 0x00000004
82 #define FILE_ACTION_RENAMED_NEW_NAME 0x00000005
83 #define FILE_ACTION_ADDED_STREAM 0x00000006
84 #define FILE_ACTION_REMOVED_STREAM 0x00000007
85 #define FILE_ACTION_MODIFIED_STREAM 0x00000008
86 #define FILE_ACTION_REMOVED_BY_DELETE 0x00000009
87 #define FILE_ACTION_ID_NOT_TUNNELLED 0x0000000A
88 #define FILE_ACTION_TUNNELLED_ID_COLLISION 0x0000000B
91 #define FILE_EA_TYPE_BINARY 0xfffe
92 #define FILE_EA_TYPE_ASCII 0xfffd
93 #define FILE_EA_TYPE_BITMAP 0xfffb
94 #define FILE_EA_TYPE_METAFILE 0xfffa
95 #define FILE_EA_TYPE_ICON 0xfff9
96 #define FILE_EA_TYPE_EA 0xffee
97 #define FILE_EA_TYPE_MVMT 0xffdf
98 #define FILE_EA_TYPE_MVST 0xffde
99 #define FILE_EA_TYPE_ASN1 0xffdd
100 #define FILE_EA_TYPE_FAMILY_IDS 0xff01
102 #define FILE_NEED_EA 0x00000080
104 /* also in winnt.h */
105 #define FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001
106 #define FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002
107 #define FILE_NOTIFY_CHANGE_NAME 0x00000003
108 #define FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004
109 #define FILE_NOTIFY_CHANGE_SIZE 0x00000008
110 #define FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010
111 #define FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020
112 #define FILE_NOTIFY_CHANGE_CREATION 0x00000040
113 #define FILE_NOTIFY_CHANGE_EA 0x00000080
114 #define FILE_NOTIFY_CHANGE_SECURITY 0x00000100
115 #define FILE_NOTIFY_CHANGE_STREAM_NAME 0x00000200
116 #define FILE_NOTIFY_CHANGE_STREAM_SIZE 0x00000400
117 #define FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800
118 #define FILE_NOTIFY_VALID_MASK 0x00000fff
121 #define FILE_OPLOCK_BROKEN_TO_LEVEL_2 0x00000007
122 #define FILE_OPLOCK_BROKEN_TO_NONE 0x00000008
124 #define FILE_OPBATCH_BREAK_UNDERWAY 0x00000009
126 #define FILE_CASE_SENSITIVE_SEARCH 0x00000001
127 #define FILE_CASE_PRESERVED_NAMES 0x00000002
128 #define FILE_UNICODE_ON_DISK 0x00000004
129 #define FILE_PERSISTENT_ACLS 0x00000008
130 #define FILE_FILE_COMPRESSION 0x00000010
131 #define FILE_VOLUME_QUOTAS 0x00000020
132 #define FILE_SUPPORTS_SPARSE_FILES 0x00000040
133 #define FILE_SUPPORTS_REPARSE_POINTS 0x00000080
134 #define FILE_SUPPORTS_REMOTE_STORAGE 0x00000100
135 #define FS_LFN_APIS 0x00004000
136 #define FILE_VOLUME_IS_COMPRESSED 0x00008000
137 #define FILE_SUPPORTS_OBJECT_IDS 0x00010000
138 #define FILE_SUPPORTS_ENCRYPTION 0x00020000
139 #define FILE_NAMED_STREAMS 0x00040000
141 #define FILE_PIPE_BYTE_STREAM_TYPE 0x00000000
142 #define FILE_PIPE_MESSAGE_TYPE 0x00000001
144 #define FILE_PIPE_BYTE_STREAM_MODE 0x00000000
145 #define FILE_PIPE_MESSAGE_MODE 0x00000001
147 #define FILE_PIPE_QUEUE_OPERATION 0x00000000
148 #define FILE_PIPE_COMPLETE_OPERATION 0x00000001
150 #define FILE_PIPE_INBOUND 0x00000000
151 #define FILE_PIPE_OUTBOUND 0x00000001
152 #define FILE_PIPE_FULL_DUPLEX 0x00000002
154 #define FILE_PIPE_DISCONNECTED_STATE 0x00000001
155 #define FILE_PIPE_LISTENING_STATE 0x00000002
156 #define FILE_PIPE_CONNECTED_STATE 0x00000003
157 #define FILE_PIPE_CLOSING_STATE 0x00000004
159 #define FILE_PIPE_CLIENT_END 0x00000000
160 #define FILE_PIPE_SERVER_END 0x00000001
162 #define FILE_PIPE_READ_DATA 0x00000000
163 #define FILE_PIPE_WRITE_SPACE 0x00000001
165 #define FILE_STORAGE_TYPE_SPECIFIED 0x00000041 /* FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE */
166 #define FILE_STORAGE_TYPE_DEFAULT (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT)
167 #define FILE_STORAGE_TYPE_DIRECTORY (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT)
168 #define FILE_STORAGE_TYPE_FILE (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT)
169 #define FILE_STORAGE_TYPE_DOCFILE (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT)
170 #define FILE_STORAGE_TYPE_JUNCTION_POINT (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT)
171 #define FILE_STORAGE_TYPE_CATALOG (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT)
172 #define FILE_STORAGE_TYPE_STRUCTURED_STORAGE (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT)
173 #define FILE_STORAGE_TYPE_EMBEDDING (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT)
174 #define FILE_STORAGE_TYPE_STREAM (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT)
175 #define FILE_MINIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_DEFAULT
176 #define FILE_MAXIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_STREAM
177 #define FILE_STORAGE_TYPE_MASK 0x000f0000
178 #define FILE_STORAGE_TYPE_SHIFT 16
180 #define FILE_VC_QUOTA_NONE 0x00000000
181 #define FILE_VC_QUOTA_TRACK 0x00000001
182 #define FILE_VC_QUOTA_ENFORCE 0x00000002
183 #define FILE_VC_QUOTA_MASK 0x00000003
185 #define FILE_VC_QUOTAS_LOG_VIOLATIONS 0x00000004
186 #define FILE_VC_CONTENT_INDEX_DISABLED 0x00000008
188 #define FILE_VC_LOG_QUOTA_THRESHOLD 0x00000010
189 #define FILE_VC_LOG_QUOTA_LIMIT 0x00000020
190 #define FILE_VC_LOG_VOLUME_THRESHOLD 0x00000040
191 #define FILE_VC_LOG_VOLUME_LIMIT 0x00000080
193 #define FILE_VC_QUOTAS_INCOMPLETE 0x00000100
194 #define FILE_VC_QUOTAS_REBUILDING 0x00000200
196 #define FILE_VC_VALID_MASK 0x000003ff
198 #define FSRTL_FLAG_FILE_MODIFIED (0x01)
199 #define FSRTL_FLAG_FILE_LENGTH_CHANGED (0x02)
200 #define FSRTL_FLAG_LIMIT_MODIFIED_PAGES (0x04)
201 #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_EX (0x08)
202 #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_SH (0x10)
203 #define FSRTL_FLAG_USER_MAPPED_FILE (0x20)
204 #define FSRTL_FLAG_EOF_ADVANCE_ACTIVE (0x80)
206 #define FSRTL_FLAG2_DO_MODIFIED_WRITE (0x01)
208 #define FSRTL_FSP_TOP_LEVEL_IRP (0x01)
209 #define FSRTL_CACHE_TOP_LEVEL_IRP (0x02)
210 #define FSRTL_MOD_WRITE_TOP_LEVEL_IRP (0x03)
211 #define FSRTL_FAST_IO_TOP_LEVEL_IRP (0x04)
212 #define FSRTL_MAX_TOP_LEVEL_IRP_FLAG (0x04)
214 #define FSRTL_VOLUME_DISMOUNT 1
215 #define FSRTL_VOLUME_DISMOUNT_FAILED 2
216 #define FSRTL_VOLUME_LOCK 3
217 #define FSRTL_VOLUME_LOCK_FAILED 4
218 #define FSRTL_VOLUME_UNLOCK 5
219 #define FSRTL_VOLUME_MOUNT 6
221 #define FSRTL_WILD_CHARACTER 0x08
224 #define HARDWARE_PTE HARDWARE_PTE_X86
225 #define PHARDWARE_PTE PHARDWARE_PTE_X86
227 #define HARDWARE_PTE ULONG
228 #define PHARDWARE_PTE PULONG
231 #define IO_CHECK_CREATE_PARAMETERS 0x0200
232 #define IO_ATTACH_DEVICE 0x0400
234 #define IO_ATTACH_DEVICE_API 0x80000000
235 /* also in winnt.h */
236 #define IO_COMPLETION_QUERY_STATE 0x0001
237 #define IO_COMPLETION_MODIFY_STATE 0x0002
238 #define IO_COMPLETION_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|0x3)
240 #define IO_FILE_OBJECT_NON_PAGED_POOL_CHARGE 64
241 #define IO_FILE_OBJECT_PAGED_POOL_CHARGE 1024
243 #define IO_TYPE_APC 18
244 #define IO_TYPE_DPC 19
245 #define IO_TYPE_DEVICE_QUEUE 20
246 #define IO_TYPE_EVENT_PAIR 21
247 #define IO_TYPE_INTERRUPT 22
248 #define IO_TYPE_PROFILE 23
250 #define IRP_BEING_VERIFIED 0x10
252 #define MAILSLOT_CLASS_FIRSTCLASS 1
253 #define MAILSLOT_CLASS_SECONDCLASS 2
255 #define MAILSLOT_SIZE_AUTO 0
257 #define MAP_PROCESS 1L
258 #define MAP_SYSTEM 2L
259 #define MEM_DOS_LIM 0x40000000
260 /* also in winnt.h */
261 #define MEM_IMAGE SEC_IMAGE
263 #define OB_TYPE_TYPE 1
264 #define OB_TYPE_DIRECTORY 2
265 #define OB_TYPE_SYMBOLIC_LINK 3
266 #define OB_TYPE_TOKEN 4
267 #define OB_TYPE_PROCESS 5
268 #define OB_TYPE_THREAD 6
269 #define OB_TYPE_EVENT 7
270 #define OB_TYPE_EVENT_PAIR 8
271 #define OB_TYPE_MUTANT 9
272 #define OB_TYPE_SEMAPHORE 10
273 #define OB_TYPE_TIMER 11
274 #define OB_TYPE_PROFILE 12
275 #define OB_TYPE_WINDOW_STATION 13
276 #define OB_TYPE_DESKTOP 14
277 #define OB_TYPE_SECTION 15
278 #define OB_TYPE_KEY 16
279 #define OB_TYPE_PORT 17
280 #define OB_TYPE_ADAPTER 18
281 #define OB_TYPE_CONTROLLER 19
282 #define OB_TYPE_DEVICE 20
283 #define OB_TYPE_DRIVER 21
284 #define OB_TYPE_IO_COMPLETION 22
285 #define OB_TYPE_FILE 23
288 #define PIN_EXCLUSIVE (2)
289 #define PIN_NO_READ (4)
290 #define PIN_IF_BCB (8)
292 #define PORT_CONNECT 0x0001
293 #define PORT_ALL_ACCESS (STANDARD_RIGHTS_ALL |\
295 /* also in winnt.h */
296 #define SEC_BASED 0x00200000
297 #define SEC_NO_CHANGE 0x00400000
298 #define SEC_FILE 0x00800000
299 #define SEC_IMAGE 0x01000000
300 #define SEC_VLM 0x02000000
301 #define SEC_RESERVE 0x04000000
302 #define SEC_COMMIT 0x08000000
303 #define SEC_NOCACHE 0x10000000
305 #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
306 #define SECURITY_WORLD_RID (0x00000000L)
308 #define SID_REVISION 1
310 #define TOKEN_ASSIGN_PRIMARY (0x0001)
311 #define TOKEN_DUPLICATE (0x0002)
312 #define TOKEN_IMPERSONATE (0x0004)
313 #define TOKEN_QUERY (0x0008)
314 #define TOKEN_QUERY_SOURCE (0x0010)
315 #define TOKEN_ADJUST_PRIVILEGES (0x0020)
316 #define TOKEN_ADJUST_GROUPS (0x0040)
317 #define TOKEN_ADJUST_DEFAULT (0x0080)
319 #define TOKEN_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED |\
320 TOKEN_ASSIGN_PRIMARY |\
324 TOKEN_QUERY_SOURCE |\
325 TOKEN_ADJUST_PRIVILEGES |\
326 TOKEN_ADJUST_GROUPS |\
327 TOKEN_ADJUST_DEFAULT)
329 #define TOKEN_READ (STANDARD_RIGHTS_READ |\
332 #define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\
333 TOKEN_ADJUST_PRIVILEGES |\
334 TOKEN_ADJUST_GROUPS |\
335 TOKEN_ADJUST_DEFAULT)
337 #define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE)
339 #define TOKEN_SOURCE_LENGTH 8
342 #define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x01
343 #define TOKEN_HAS_BACKUP_PRIVILEGE 0x02
344 #define TOKEN_HAS_RESTORE_PRIVILEGE 0x04
345 #define TOKEN_HAS_ADMIN_GROUP 0x08
346 #define TOKEN_IS_RESTRICTED 0x10
348 #define VACB_MAPPING_GRANULARITY (0x40000)
349 #define VACB_OFFSET_SHIFT (18)
351 #define FSCTL_REQUEST_OPLOCK_LEVEL_1 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
352 #define FSCTL_REQUEST_OPLOCK_LEVEL_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
353 #define FSCTL_REQUEST_BATCH_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
354 #define FSCTL_OPLOCK_BREAK_ACKNOWLEDGE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 3, METHOD_BUFFERED, FILE_ANY_ACCESS)
355 #define FSCTL_OPBATCH_ACK_CLOSE_PENDING CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
356 #define FSCTL_OPLOCK_BREAK_NOTIFY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 5, METHOD_BUFFERED, FILE_ANY_ACCESS)
357 #define FSCTL_LOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
358 #define FSCTL_UNLOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
359 #define FSCTL_DISMOUNT_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
361 #define FSCTL_IS_VOLUME_MOUNTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 10, METHOD_BUFFERED, FILE_ANY_ACCESS)
362 #define FSCTL_IS_PATHNAME_VALID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 11, METHOD_BUFFERED, FILE_ANY_ACCESS)
363 #define FSCTL_MARK_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 12, METHOD_BUFFERED, FILE_ANY_ACCESS)
365 #define FSCTL_QUERY_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 14, METHOD_NEITHER, FILE_ANY_ACCESS)
366 #define FSCTL_GET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 15, METHOD_BUFFERED, FILE_ANY_ACCESS)
367 #define FSCTL_SET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 16, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
370 #define FSCTL_MARK_AS_SYSTEM_HIVE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 19, METHOD_NEITHER, FILE_ANY_ACCESS)
371 #define FSCTL_OPLOCK_BREAK_ACK_NO_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 20, METHOD_BUFFERED, FILE_ANY_ACCESS)
372 #define FSCTL_INVALIDATE_VOLUMES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 21, METHOD_BUFFERED, FILE_ANY_ACCESS)
373 #define FSCTL_QUERY_FAT_BPB CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 22, METHOD_BUFFERED, FILE_ANY_ACCESS)
374 #define FSCTL_REQUEST_FILTER_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 23, METHOD_BUFFERED, FILE_ANY_ACCESS)
375 #define FSCTL_FILESYSTEM_GET_STATISTICS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 24, METHOD_BUFFERED, FILE_ANY_ACCESS)
377 #if (VER_PRODUCTBUILD >= 1381)
379 #define FSCTL_GET_NTFS_VOLUME_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 25, METHOD_BUFFERED, FILE_ANY_ACCESS)
380 #define FSCTL_GET_NTFS_FILE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 26, METHOD_BUFFERED, FILE_ANY_ACCESS)
381 #define FSCTL_GET_VOLUME_BITMAP CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 27, METHOD_NEITHER, FILE_ANY_ACCESS)
382 #define FSCTL_GET_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 28, METHOD_NEITHER, FILE_ANY_ACCESS)
383 #define FSCTL_MOVE_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 29, METHOD_BUFFERED, FILE_ANY_ACCESS)
384 #define FSCTL_IS_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 30, METHOD_BUFFERED, FILE_ANY_ACCESS)
385 #define FSCTL_GET_HFS_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS)
386 #define FSCTL_ALLOW_EXTENDED_DASD_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 32, METHOD_NEITHER, FILE_ANY_ACCESS)
388 #endif /* (VER_PRODUCTBUILD >= 1381) */
390 #if (VER_PRODUCTBUILD >= 2195)
392 #define FSCTL_READ_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS)
393 #define FSCTL_WRITE_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS)
394 #define FSCTL_FIND_FILES_BY_SID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 35, METHOD_NEITHER, FILE_ANY_ACCESS)
396 #define FSCTL_DUMP_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS)
397 #define FSCTL_SET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 38, METHOD_BUFFERED, FILE_WRITE_DATA)
398 #define FSCTL_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 39, METHOD_BUFFERED, FILE_ANY_ACCESS)
399 #define FSCTL_DELETE_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 40, METHOD_BUFFERED, FILE_WRITE_DATA)
400 #define FSCTL_SET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 41, METHOD_BUFFERED, FILE_WRITE_DATA)
401 #define FSCTL_GET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 42, METHOD_BUFFERED, FILE_ANY_ACCESS)
402 #define FSCTL_DELETE_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 43, METHOD_BUFFERED, FILE_WRITE_DATA)
403 #define FSCTL_ENUM_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 44, METHOD_NEITHER, FILE_READ_DATA)
404 #define FSCTL_SECURITY_ID_CHECK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 45, METHOD_NEITHER, FILE_READ_DATA)
405 #define FSCTL_READ_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 46, METHOD_NEITHER, FILE_READ_DATA)
406 #define FSCTL_SET_OBJECT_ID_EXTENDED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 47, METHOD_BUFFERED, FILE_WRITE_DATA)
407 #define FSCTL_CREATE_OR_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 48, METHOD_BUFFERED, FILE_ANY_ACCESS)
408 #define FSCTL_SET_SPARSE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 49, METHOD_BUFFERED, FILE_WRITE_DATA)
409 #define FSCTL_SET_ZERO_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 50, METHOD_BUFFERED, FILE_WRITE_DATA)
410 #define FSCTL_QUERY_ALLOCATED_RANGES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 51, METHOD_NEITHER, FILE_READ_DATA)
411 #define FSCTL_ENABLE_UPGRADE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 52, METHOD_BUFFERED, FILE_WRITE_DATA)
412 #define FSCTL_SET_ENCRYPTION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 53, METHOD_BUFFERED, FILE_ANY_ACCESS)
413 #define FSCTL_ENCRYPTION_FSCTL_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 54, METHOD_NEITHER, FILE_ANY_ACCESS)
414 #define FSCTL_WRITE_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 55, METHOD_NEITHER, FILE_ANY_ACCESS)
415 #define FSCTL_READ_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 56, METHOD_NEITHER, FILE_ANY_ACCESS)
416 #define FSCTL_CREATE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 57, METHOD_NEITHER, FILE_READ_DATA)
417 #define FSCTL_READ_FILE_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 58, METHOD_NEITHER, FILE_READ_DATA)
418 #define FSCTL_WRITE_USN_CLOSE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 59, METHOD_NEITHER, FILE_READ_DATA)
419 #define FSCTL_EXTEND_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 60, METHOD_BUFFERED, FILE_ANY_ACCESS)
420 #define FSCTL_QUERY_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 61, METHOD_BUFFERED, FILE_ANY_ACCESS)
421 #define FSCTL_DELETE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 62, METHOD_BUFFERED, FILE_ANY_ACCESS)
422 #define FSCTL_MARK_HANDLE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 63, METHOD_BUFFERED, FILE_ANY_ACCESS)
423 #define FSCTL_SIS_COPYFILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 64, METHOD_BUFFERED, FILE_ANY_ACCESS)
424 #define FSCTL_SIS_LINK_FILES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 65, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
425 #define FSCTL_HSM_MSG CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
426 #define FSCTL_NSS_CONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 67, METHOD_BUFFERED, FILE_WRITE_DATA)
427 #define FSCTL_HSM_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
428 #define FSCTL_RECALL_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 69, METHOD_NEITHER, FILE_ANY_ACCESS)
429 #define FSCTL_NSS_RCONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 70, METHOD_BUFFERED, FILE_READ_DATA)
430 #define FSCTL_READ_FROM_PLEX CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 71, METHOD_OUT_DIRECT, FILE_READ_DATA)
431 #define FSCTL_FILE_PREFETCH CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 72, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
433 #endif /* (VER_PRODUCTBUILD >= 2195) */
435 #define FSCTL_MAILSLOT_PEEK CTL_CODE(FILE_DEVICE_MAILSLOT, 0, METHOD_NEITHER, FILE_READ_DATA)
437 #define FSCTL_NETWORK_SET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
438 #define FSCTL_NETWORK_GET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
439 #define FSCTL_NETWORK_GET_CONNECTION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS)
440 #define FSCTL_NETWORK_ENUMERATE_CONNECTIONS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS)
441 #define FSCTL_NETWORK_DELETE_CONNECTION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS)
442 #define FSCTL_NETWORK_GET_STATISTICS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 116, METHOD_BUFFERED, FILE_ANY_ACCESS)
443 #define FSCTL_NETWORK_SET_DOMAIN_NAME CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS)
444 #define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS)
446 #define FSCTL_PIPE_ASSIGN_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
447 #define FSCTL_PIPE_DISCONNECT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
448 #define FSCTL_PIPE_LISTEN CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
449 #define FSCTL_PIPE_PEEK CTL_CODE(FILE_DEVICE_NAMED_PIPE, 3, METHOD_BUFFERED, FILE_READ_DATA)
450 #define FSCTL_PIPE_QUERY_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
451 #define FSCTL_PIPE_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 5, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
452 #define FSCTL_PIPE_WAIT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
453 #define FSCTL_PIPE_IMPERSONATE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
454 #define FSCTL_PIPE_SET_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
455 #define FSCTL_PIPE_QUERY_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 9, METHOD_BUFFERED, FILE_ANY_ACCESS)
456 #define FSCTL_PIPE_INTERNAL_READ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2045, METHOD_BUFFERED, FILE_READ_DATA)
457 #define FSCTL_PIPE_INTERNAL_WRITE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2046, METHOD_BUFFERED, FILE_WRITE_DATA)
458 #define FSCTL_PIPE_INTERNAL_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2047, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
459 #define FSCTL_PIPE_INTERNAL_READ_OVFLOW CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2048, METHOD_BUFFERED, FILE_READ_DATA)
461 #define IOCTL_REDIR_QUERY_PATH CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS)
464 typedef PVOID OPLOCK
, *POPLOCK
;
465 typedef PVOID PWOW64_PROCESS
;
467 typedef struct _CACHE_MANAGER_CALLBACKS
*PCACHE_MANAGER_CALLBACKS
;
468 typedef struct _EPROCESS_QUOTA_BLOCK
*PEPROCESS_QUOTA_BLOCK
;
469 typedef struct _FILE_GET_QUOTA_INFORMATION
*PFILE_GET_QUOTA_INFORMATION
;
470 typedef struct _HANDLE_TABLE
*PHANDLE_TABLE
;
471 typedef struct _KEVENT_PAIR
*PKEVENT_PAIR
;
472 typedef struct _KPROCESS
*PKPROCESS
;
473 typedef struct _KQUEUE
*PKQUEUE
;
474 typedef struct _KTRAP_FRAME
*PKTRAP_FRAME
;
475 typedef struct _MAILSLOT_CREATE_PARAMETERS
*PMAILSLOT_CREATE_PARAMETERS
;
476 typedef struct _MMWSL
*PMMWSL
;
477 typedef struct _NAMED_PIPE_CREATE_PARAMETERS
*PNAMED_PIPE_CREATE_PARAMETERS
;
478 typedef struct _OBJECT_DIRECTORY
*POBJECT_DIRECTORY
;
479 typedef struct _PAGEFAULT_HISTORY
*PPAGEFAULT_HISTORY
;
480 typedef struct _PS_IMPERSONATION_INFORMATION
*PPS_IMPERSONATION_INFORMATION
;
481 typedef struct _SECTION_OBJECT
*PSECTION_OBJECT
;
482 typedef struct _SHARED_CACHE_MAP
*PSHARED_CACHE_MAP
;
483 typedef struct _TERMINATION_PORT
*PTERMINATION_PORT
;
484 typedef struct _VACB
*PVACB
;
485 typedef struct _VAD_HEADER
*PVAD_HEADER
;
487 typedef struct _NOTIFY_SYNC
500 } NOTIFY_SYNC
, * PNOTIFY_SYNC
;
502 typedef enum _FAST_IO_POSSIBLE
{
508 typedef enum _FILE_STORAGE_TYPE
{
509 StorageTypeDefault
= 1,
510 StorageTypeDirectory
,
512 StorageTypeJunctionPoint
,
514 StorageTypeStructuredStorage
,
515 StorageTypeEmbedding
,
519 typedef enum _IO_COMPLETION_INFORMATION_CLASS
{
520 IoCompletionBasicInformation
521 } IO_COMPLETION_INFORMATION_CLASS
;
523 typedef enum _OBJECT_INFO_CLASS
{
531 typedef struct _HARDWARE_PTE_X86
{
535 ULONG WriteThrough
: 1;
536 ULONG CacheDisable
: 1;
541 ULONG CopyOnWrite
: 1;
544 ULONG PageFrameNumber
: 20;
545 } HARDWARE_PTE_X86
, *PHARDWARE_PTE_X86
;
547 typedef struct _KAPC_STATE
{
548 LIST_ENTRY ApcListHead
[2];
550 BOOLEAN KernelApcInProgress
;
551 BOOLEAN KernelApcPending
;
552 BOOLEAN UserApcPending
;
553 } KAPC_STATE
, *PKAPC_STATE
;
555 typedef struct _KGDTENTRY
{
572 ULONG Reserved_0
: 1;
573 ULONG Default_Big
: 1;
574 ULONG Granularity
: 1;
578 } KGDTENTRY
, *PKGDTENTRY
;
580 typedef struct _KIDTENTRY
{
584 USHORT ExtendedOffset
;
585 } KIDTENTRY
, *PKIDTENTRY
;
587 #if (VER_PRODUCTBUILD >= 2600)
589 typedef struct _MMSUPPORT_FLAGS
{
590 ULONG SessionSpace
: 1;
591 ULONG BeingTrimmed
: 1;
592 ULONG SessionLeader
: 1;
594 ULONG WorkingSetHard
: 1;
595 ULONG AddressSpaceBeingDeleted
: 1;
596 ULONG Available
: 10;
597 ULONG AllowWorkingSetAdjustment
: 8;
598 ULONG MemoryPriority
: 8;
599 } MMSUPPORT_FLAGS
, *PMMSUPPORT_FLAGS
;
603 typedef struct _MMSUPPORT_FLAGS
{
604 ULONG SessionSpace
: 1;
605 ULONG BeingTrimmed
: 1;
606 ULONG ProcessInSession
: 1;
607 ULONG SessionLeader
: 1;
609 ULONG WorkingSetHard
: 1;
610 ULONG WriteWatch
: 1;
612 } MMSUPPORT_FLAGS
, *PMMSUPPORT_FLAGS
;
616 #if (VER_PRODUCTBUILD >= 2600)
618 typedef struct _MMSUPPORT
{
619 LARGE_INTEGER LastTrimTime
;
620 MMSUPPORT_FLAGS Flags
;
621 ULONG PageFaultCount
;
622 ULONG PeakWorkingSetSize
;
623 ULONG WorkingSetSize
;
624 ULONG MinimumWorkingSetSize
;
625 ULONG MaximumWorkingSetSize
;
626 PMMWSL VmWorkingSetList
;
627 LIST_ENTRY WorkingSetExpansionLinks
;
629 ULONG NextEstimationSlot
;
631 ULONG EstimatedAvailable
;
632 ULONG GrowthSinceLastEstimate
;
633 } MMSUPPORT
, *PMMSUPPORT
;
637 typedef struct _MMSUPPORT
{
638 LARGE_INTEGER LastTrimTime
;
639 ULONG LastTrimFaultCount
;
640 ULONG PageFaultCount
;
641 ULONG PeakWorkingSetSize
;
642 ULONG WorkingSetSize
;
643 ULONG MinimumWorkingSetSize
;
644 ULONG MaximumWorkingSetSize
;
645 PMMWSL VmWorkingSetList
;
646 LIST_ENTRY WorkingSetExpansionLinks
;
647 BOOLEAN AllowWorkingSetAdjustment
;
648 BOOLEAN AddressSpaceBeingDeleted
;
649 UCHAR ForegroundSwitchCount
;
650 UCHAR MemoryPriority
;
651 #if (VER_PRODUCTBUILD >= 2195)
654 MMSUPPORT_FLAGS Flags
;
657 ULONG NextEstimationSlot
;
659 ULONG EstimatedAvailable
;
660 ULONG GrowthSinceLastEstimate
;
661 #endif /* (VER_PRODUCTBUILD >= 2195) */
662 } MMSUPPORT
, *PMMSUPPORT
;
666 typedef struct _SE_AUDIT_PROCESS_CREATION_INFO
{
667 POBJECT_NAME_INFORMATION ImageFileName
;
668 } SE_AUDIT_PROCESS_CREATION_INFO
, *PSE_AUDIT_PROCESS_CREATION_INFO
;
670 typedef struct _BITMAP_RANGE
{
672 LARGE_INTEGER BasePage
;
673 ULONG FirstDirtyPage
;
677 } BITMAP_RANGE
, *PBITMAP_RANGE
;
679 typedef struct _CACHE_UNINITIALIZE_EVENT
{
680 struct _CACHE_UNINITIALIZE_EVENT
*Next
;
682 } CACHE_UNINITIALIZE_EVENT
, *PCACHE_UNINITIALIZE_EVENT
;
684 typedef struct _CC_FILE_SIZES
{
685 LARGE_INTEGER AllocationSize
;
686 LARGE_INTEGER FileSize
;
687 LARGE_INTEGER ValidDataLength
;
688 } CC_FILE_SIZES
, *PCC_FILE_SIZES
;
690 typedef struct _COMPRESSED_DATA_INFO
{
691 USHORT CompressionFormatAndEngine
;
692 UCHAR CompressionUnitShift
;
696 USHORT NumberOfChunks
;
697 ULONG CompressedChunkSizes
[ANYSIZE_ARRAY
];
698 } COMPRESSED_DATA_INFO
, *PCOMPRESSED_DATA_INFO
;
700 typedef struct _DEVICE_MAP
{
701 POBJECT_DIRECTORY DosDevicesDirectory
;
702 POBJECT_DIRECTORY GlobalDosDevicesDirectory
;
703 ULONG ReferenceCount
;
706 } DEVICE_MAP
, *PDEVICE_MAP
;
708 #if (VER_PRODUCTBUILD >= 2600)
710 typedef struct _EX_FAST_REF
{
711 _ANONYMOUS_UNION
union {
716 } EX_FAST_REF
, *PEX_FAST_REF
;
718 typedef struct _EX_PUSH_LOCK
{
719 _ANONYMOUS_UNION
union {
720 _ANONYMOUS_STRUCT
struct {
728 } EX_PUSH_LOCK
, *PEX_PUSH_LOCK
;
730 typedef struct _EX_RUNDOWN_REF
{
731 _ANONYMOUS_UNION
union {
735 } EX_RUNDOWN_REF
, *PEX_RUNDOWN_REF
;
739 typedef struct _EPROCESS_QUOTA_ENTRY
{
744 } EPROCESS_QUOTA_ENTRY
, *PEPROCESS_QUOTA_ENTRY
;
746 typedef struct _EPROCESS_QUOTA_BLOCK
{
747 EPROCESS_QUOTA_ENTRY QuotaEntry
[3];
748 LIST_ENTRY QuotaList
;
749 ULONG ReferenceCount
;
751 } EPROCESS_QUOTA_BLOCK
, *PEPROCESS_QUOTA_BLOCK
;
754 * When needing these parameters cast your PIO_STACK_LOCATION to
755 * PEXTENDED_IO_STACK_LOCATION
757 #if !defined(_ALPHA_)
758 #include <pshpack4.h>
760 typedef struct _EXTENDED_IO_STACK_LOCATION
{
762 /* Included for padding */
771 PIO_SECURITY_CONTEXT SecurityContext
;
775 PMAILSLOT_CREATE_PARAMETERS Parameters
;
779 PIO_SECURITY_CONTEXT SecurityContext
;
783 PNAMED_PIPE_CREATE_PARAMETERS Parameters
;
787 ULONG OutputBufferLength
;
788 ULONG InputBufferLength
;
790 PVOID Type3InputBuffer
;
794 PLARGE_INTEGER Length
;
796 LARGE_INTEGER ByteOffset
;
801 ULONG CompletionFilter
;
806 PUNICODE_STRING FileName
;
807 FILE_INFORMATION_CLASS FileInformationClass
;
821 PFILE_GET_QUOTA_INFORMATION SidList
;
835 FS_INFORMATION_CLASS FsInformationClass
;
839 PDEVICE_OBJECT DeviceObject
;
840 PFILE_OBJECT FileObject
;
841 PIO_COMPLETION_ROUTINE CompletionRoutine
;
844 } EXTENDED_IO_STACK_LOCATION
, *PEXTENDED_IO_STACK_LOCATION
;
845 #if !defined(_ALPHA_)
849 typedef struct _FILE_ACCESS_INFORMATION
{
850 ACCESS_MASK AccessFlags
;
851 } FILE_ACCESS_INFORMATION
, *PFILE_ACCESS_INFORMATION
;
853 typedef struct _FILE_ALLOCATION_INFORMATION
{
854 LARGE_INTEGER AllocationSize
;
855 } FILE_ALLOCATION_INFORMATION
, *PFILE_ALLOCATION_INFORMATION
;
857 typedef struct _FILE_BOTH_DIR_INFORMATION
{
858 ULONG NextEntryOffset
;
860 LARGE_INTEGER CreationTime
;
861 LARGE_INTEGER LastAccessTime
;
862 LARGE_INTEGER LastWriteTime
;
863 LARGE_INTEGER ChangeTime
;
864 LARGE_INTEGER EndOfFile
;
865 LARGE_INTEGER AllocationSize
;
866 ULONG FileAttributes
;
867 ULONG FileNameLength
;
869 CCHAR ShortNameLength
;
872 } FILE_BOTH_DIR_INFORMATION
, *PFILE_BOTH_DIR_INFORMATION
;
874 typedef struct _FILE_COMPLETION_INFORMATION
{
877 } FILE_COMPLETION_INFORMATION
, *PFILE_COMPLETION_INFORMATION
;
879 typedef struct _FILE_COMPRESSION_INFORMATION
{
880 LARGE_INTEGER CompressedFileSize
;
881 USHORT CompressionFormat
;
882 UCHAR CompressionUnitShift
;
886 } FILE_COMPRESSION_INFORMATION
, *PFILE_COMPRESSION_INFORMATION
;
888 typedef struct _FILE_COPY_ON_WRITE_INFORMATION
{
889 BOOLEAN ReplaceIfExists
;
890 HANDLE RootDirectory
;
891 ULONG FileNameLength
;
893 } FILE_COPY_ON_WRITE_INFORMATION
, *PFILE_COPY_ON_WRITE_INFORMATION
;
895 typedef struct _FILE_DIRECTORY_INFORMATION
{
896 ULONG NextEntryOffset
;
898 LARGE_INTEGER CreationTime
;
899 LARGE_INTEGER LastAccessTime
;
900 LARGE_INTEGER LastWriteTime
;
901 LARGE_INTEGER ChangeTime
;
902 LARGE_INTEGER EndOfFile
;
903 LARGE_INTEGER AllocationSize
;
904 ULONG FileAttributes
;
905 ULONG FileNameLength
;
907 } FILE_DIRECTORY_INFORMATION
, *PFILE_DIRECTORY_INFORMATION
;
909 typedef struct _FILE_FULL_DIRECTORY_INFORMATION
{
910 ULONG NextEntryOffset
;
912 LARGE_INTEGER CreationTime
;
913 LARGE_INTEGER LastAccessTime
;
914 LARGE_INTEGER LastWriteTime
;
915 LARGE_INTEGER ChangeTime
;
916 LARGE_INTEGER EndOfFile
;
917 LARGE_INTEGER AllocationSize
;
918 ULONG FileAttributes
;
919 ULONG FileNameLength
;
922 } FILE_FULL_DIRECTORY_INFORMATION
, *PFILE_FULL_DIRECTORY_INFORMATION
;
924 typedef struct _FILE_BOTH_DIRECTORY_INFORMATION
{
925 ULONG NextEntryOffset
;
927 LARGE_INTEGER CreationTime
;
928 LARGE_INTEGER LastAccessTime
;
929 LARGE_INTEGER LastWriteTime
;
930 LARGE_INTEGER ChangeTime
;
931 LARGE_INTEGER EndOfFile
;
932 LARGE_INTEGER AllocationSize
;
933 ULONG FileAttributes
;
934 ULONG FileNameLength
;
936 CHAR ShortNameLength
;
939 } FILE_BOTH_DIRECTORY_INFORMATION
, *PFILE_BOTH_DIRECTORY_INFORMATION
;
941 typedef struct _FILE_EA_INFORMATION
{
943 } FILE_EA_INFORMATION
, *PFILE_EA_INFORMATION
;
945 typedef struct _FILE_FS_ATTRIBUTE_INFORMATION
{
946 ULONG FileSystemAttributes
;
947 ULONG MaximumComponentNameLength
;
948 ULONG FileSystemNameLength
;
949 WCHAR FileSystemName
[1];
950 } FILE_FS_ATTRIBUTE_INFORMATION
, *PFILE_FS_ATTRIBUTE_INFORMATION
;
952 typedef struct _FILE_FS_CONTROL_INFORMATION
{
953 LARGE_INTEGER FreeSpaceStartFiltering
;
954 LARGE_INTEGER FreeSpaceThreshold
;
955 LARGE_INTEGER FreeSpaceStopFiltering
;
956 LARGE_INTEGER DefaultQuotaThreshold
;
957 LARGE_INTEGER DefaultQuotaLimit
;
958 ULONG FileSystemControlFlags
;
959 } FILE_FS_CONTROL_INFORMATION
, *PFILE_FS_CONTROL_INFORMATION
;
961 typedef struct _FILE_FS_FULL_SIZE_INFORMATION
{
962 LARGE_INTEGER TotalAllocationUnits
;
963 LARGE_INTEGER CallerAvailableAllocationUnits
;
964 LARGE_INTEGER ActualAvailableAllocationUnits
;
965 ULONG SectorsPerAllocationUnit
;
966 ULONG BytesPerSector
;
967 } FILE_FS_FULL_SIZE_INFORMATION
, *PFILE_FS_FULL_SIZE_INFORMATION
;
969 typedef struct _FILE_FS_LABEL_INFORMATION
{
970 ULONG VolumeLabelLength
;
971 WCHAR VolumeLabel
[1];
972 } FILE_FS_LABEL_INFORMATION
, *PFILE_FS_LABEL_INFORMATION
;
974 #if (VER_PRODUCTBUILD >= 2195)
976 typedef struct _FILE_FS_OBJECT_ID_INFORMATION
{
978 UCHAR ExtendedInfo
[48];
979 } FILE_FS_OBJECT_ID_INFORMATION
, *PFILE_FS_OBJECT_ID_INFORMATION
;
981 #endif /* (VER_PRODUCTBUILD >= 2195) */
983 typedef struct _FILE_FS_SIZE_INFORMATION
{
984 LARGE_INTEGER TotalAllocationUnits
;
985 LARGE_INTEGER AvailableAllocationUnits
;
986 ULONG SectorsPerAllocationUnit
;
987 ULONG BytesPerSector
;
988 } FILE_FS_SIZE_INFORMATION
, *PFILE_FS_SIZE_INFORMATION
;
990 typedef struct _FILE_FS_VOLUME_INFORMATION
{
991 LARGE_INTEGER VolumeCreationTime
;
992 ULONG VolumeSerialNumber
;
993 ULONG VolumeLabelLength
;
994 BOOLEAN SupportsObjects
;
995 WCHAR VolumeLabel
[1];
996 } FILE_FS_VOLUME_INFORMATION
, *PFILE_FS_VOLUME_INFORMATION
;
998 typedef struct _FILE_FULL_DIR_INFORMATION
{
999 ULONG NextEntryOffset
;
1001 LARGE_INTEGER CreationTime
;
1002 LARGE_INTEGER LastAccessTime
;
1003 LARGE_INTEGER LastWriteTime
;
1004 LARGE_INTEGER ChangeTime
;
1005 LARGE_INTEGER EndOfFile
;
1006 LARGE_INTEGER AllocationSize
;
1007 ULONG FileAttributes
;
1008 ULONG FileNameLength
;
1011 } FILE_FULL_DIR_INFORMATION
, *PFILE_FULL_DIR_INFORMATION
;
1013 typedef struct _FILE_GET_EA_INFORMATION
{
1014 ULONG NextEntryOffset
;
1017 } FILE_GET_EA_INFORMATION
, *PFILE_GET_EA_INFORMATION
;
1019 typedef struct _FILE_GET_QUOTA_INFORMATION
{
1020 ULONG NextEntryOffset
;
1023 } FILE_GET_QUOTA_INFORMATION
, *PFILE_GET_QUOTA_INFORMATION
;
1025 typedef struct _FILE_INTERNAL_INFORMATION
{
1026 LARGE_INTEGER IndexNumber
;
1027 } FILE_INTERNAL_INFORMATION
, *PFILE_INTERNAL_INFORMATION
;
1029 typedef struct _FILE_LINK_INFORMATION
{
1030 BOOLEAN ReplaceIfExists
;
1031 HANDLE RootDirectory
;
1032 ULONG FileNameLength
;
1034 } FILE_LINK_INFORMATION
, *PFILE_LINK_INFORMATION
;
1036 typedef struct _FILE_LOCK_INFO
{
1037 LARGE_INTEGER StartingByte
;
1038 LARGE_INTEGER Length
;
1039 BOOLEAN ExclusiveLock
;
1041 PFILE_OBJECT FileObject
;
1043 LARGE_INTEGER EndingByte
;
1044 } FILE_LOCK_INFO
, *PFILE_LOCK_INFO
;
1046 /* raw internal file lock struct returned from FsRtlGetNextFileLock */
1047 typedef struct _FILE_SHARED_LOCK_ENTRY
{
1050 FILE_LOCK_INFO FileLock
;
1051 } FILE_SHARED_LOCK_ENTRY
, *PFILE_SHARED_LOCK_ENTRY
;
1053 /* raw internal file lock struct returned from FsRtlGetNextFileLock */
1054 typedef struct _FILE_EXCLUSIVE_LOCK_ENTRY
{
1055 LIST_ENTRY ListEntry
;
1058 FILE_LOCK_INFO FileLock
;
1059 } FILE_EXCLUSIVE_LOCK_ENTRY
, *PFILE_EXCLUSIVE_LOCK_ENTRY
;
1061 typedef NTSTATUS (*PCOMPLETE_LOCK_IRP_ROUTINE
) (
1066 typedef VOID (NTAPI
*PUNLOCK_ROUTINE
) (
1068 IN PFILE_LOCK_INFO FileLockInfo
1071 typedef struct _FILE_LOCK
{
1072 PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine
;
1073 PUNLOCK_ROUTINE UnlockRoutine
;
1074 BOOLEAN FastIoIsQuestionable
;
1076 PVOID LockInformation
;
1077 FILE_LOCK_INFO LastReturnedLockInfo
;
1078 PVOID LastReturnedLock
;
1079 } FILE_LOCK
, *PFILE_LOCK
;
1081 typedef struct _FILE_MAILSLOT_PEEK_BUFFER
{
1082 ULONG ReadDataAvailable
;
1083 ULONG NumberOfMessages
;
1084 ULONG MessageLength
;
1085 } FILE_MAILSLOT_PEEK_BUFFER
, *PFILE_MAILSLOT_PEEK_BUFFER
;
1087 typedef struct _FILE_MAILSLOT_QUERY_INFORMATION
{
1088 ULONG MaximumMessageSize
;
1089 ULONG MailslotQuota
;
1090 ULONG NextMessageSize
;
1091 ULONG MessagesAvailable
;
1092 LARGE_INTEGER ReadTimeout
;
1093 } FILE_MAILSLOT_QUERY_INFORMATION
, *PFILE_MAILSLOT_QUERY_INFORMATION
;
1095 typedef struct _FILE_MAILSLOT_SET_INFORMATION
{
1096 LARGE_INTEGER ReadTimeout
;
1097 } FILE_MAILSLOT_SET_INFORMATION
, *PFILE_MAILSLOT_SET_INFORMATION
;
1099 typedef struct _FILE_MODE_INFORMATION
{
1101 } FILE_MODE_INFORMATION
, *PFILE_MODE_INFORMATION
;
1103 typedef struct _FILE_ALL_INFORMATION
{
1104 FILE_BASIC_INFORMATION BasicInformation
;
1105 FILE_STANDARD_INFORMATION StandardInformation
;
1106 FILE_INTERNAL_INFORMATION InternalInformation
;
1107 FILE_EA_INFORMATION EaInformation
;
1108 FILE_ACCESS_INFORMATION AccessInformation
;
1109 FILE_POSITION_INFORMATION PositionInformation
;
1110 FILE_MODE_INFORMATION ModeInformation
;
1111 FILE_ALIGNMENT_INFORMATION AlignmentInformation
;
1112 FILE_NAME_INFORMATION NameInformation
;
1113 } FILE_ALL_INFORMATION
, *PFILE_ALL_INFORMATION
;
1115 typedef struct _FILE_NAMES_INFORMATION
{
1116 ULONG NextEntryOffset
;
1118 ULONG FileNameLength
;
1120 } FILE_NAMES_INFORMATION
, *PFILE_NAMES_INFORMATION
;
1122 typedef struct _FILE_OBJECTID_INFORMATION
{
1123 LONGLONG FileReference
;
1125 _ANONYMOUS_UNION
union {
1127 UCHAR BirthVolumeId
[16];
1128 UCHAR BirthObjectId
[16];
1131 UCHAR ExtendedInfo
[48];
1133 } FILE_OBJECTID_INFORMATION
, *PFILE_OBJECTID_INFORMATION
;
1135 typedef struct _FILE_OLE_CLASSID_INFORMATION
{
1137 } FILE_OLE_CLASSID_INFORMATION
, *PFILE_OLE_CLASSID_INFORMATION
;
1139 typedef struct _FILE_OLE_ALL_INFORMATION
{
1140 FILE_BASIC_INFORMATION BasicInformation
;
1141 FILE_STANDARD_INFORMATION StandardInformation
;
1142 FILE_INTERNAL_INFORMATION InternalInformation
;
1143 FILE_EA_INFORMATION EaInformation
;
1144 FILE_ACCESS_INFORMATION AccessInformation
;
1145 FILE_POSITION_INFORMATION PositionInformation
;
1146 FILE_MODE_INFORMATION ModeInformation
;
1147 FILE_ALIGNMENT_INFORMATION AlignmentInformation
;
1150 LARGE_INTEGER SecurityChangeTime
;
1151 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation
;
1152 FILE_OBJECTID_INFORMATION ObjectIdInformation
;
1153 FILE_STORAGE_TYPE StorageType
;
1156 ULONG NumberOfStreamReferences
;
1159 BOOLEAN ContentIndexDisable
;
1160 BOOLEAN InheritContentIndexDisable
;
1161 FILE_NAME_INFORMATION NameInformation
;
1162 } FILE_OLE_ALL_INFORMATION
, *PFILE_OLE_ALL_INFORMATION
;
1164 typedef struct _FILE_OLE_DIR_INFORMATION
{
1165 ULONG NextEntryOffset
;
1167 LARGE_INTEGER CreationTime
;
1168 LARGE_INTEGER LastAccessTime
;
1169 LARGE_INTEGER LastWriteTime
;
1170 LARGE_INTEGER ChangeTime
;
1171 LARGE_INTEGER EndOfFile
;
1172 LARGE_INTEGER AllocationSize
;
1173 ULONG FileAttributes
;
1174 ULONG FileNameLength
;
1175 FILE_STORAGE_TYPE StorageType
;
1178 BOOLEAN ContentIndexDisable
;
1179 BOOLEAN InheritContentIndexDisable
;
1181 } FILE_OLE_DIR_INFORMATION
, *PFILE_OLE_DIR_INFORMATION
;
1183 typedef struct _FILE_OLE_INFORMATION
{
1184 LARGE_INTEGER SecurityChangeTime
;
1185 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation
;
1186 FILE_OBJECTID_INFORMATION ObjectIdInformation
;
1187 FILE_STORAGE_TYPE StorageType
;
1189 BOOLEAN ContentIndexDisable
;
1190 BOOLEAN InheritContentIndexDisable
;
1191 } FILE_OLE_INFORMATION
, *PFILE_OLE_INFORMATION
;
1193 typedef struct _FILE_OLE_STATE_BITS_INFORMATION
{
1195 ULONG StateBitsMask
;
1196 } FILE_OLE_STATE_BITS_INFORMATION
, *PFILE_OLE_STATE_BITS_INFORMATION
;
1198 typedef struct _FILE_PIPE_ASSIGN_EVENT_BUFFER
{
1201 } FILE_PIPE_ASSIGN_EVENT_BUFFER
, *PFILE_PIPE_ASSIGN_EVENT_BUFFER
;
1203 typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER
{
1204 PVOID ClientSession
;
1205 PVOID ClientProcess
;
1206 } FILE_PIPE_CLIENT_PROCESS_BUFFER
, *PFILE_PIPE_CLIENT_PROCESS_BUFFER
;
1208 typedef struct _FILE_PIPE_EVENT_BUFFER
{
1209 ULONG NamedPipeState
;
1213 ULONG NumberRequests
;
1214 } FILE_PIPE_EVENT_BUFFER
, *PFILE_PIPE_EVENT_BUFFER
;
1216 typedef struct _FILE_PIPE_INFORMATION
{
1218 ULONG CompletionMode
;
1219 } FILE_PIPE_INFORMATION
, *PFILE_PIPE_INFORMATION
;
1221 typedef struct _FILE_PIPE_LOCAL_INFORMATION
{
1222 ULONG NamedPipeType
;
1223 ULONG NamedPipeConfiguration
;
1224 ULONG MaximumInstances
;
1225 ULONG CurrentInstances
;
1227 ULONG ReadDataAvailable
;
1228 ULONG OutboundQuota
;
1229 ULONG WriteQuotaAvailable
;
1230 ULONG NamedPipeState
;
1232 } FILE_PIPE_LOCAL_INFORMATION
, *PFILE_PIPE_LOCAL_INFORMATION
;
1234 typedef struct _FILE_PIPE_REMOTE_INFORMATION
{
1235 LARGE_INTEGER CollectDataTime
;
1236 ULONG MaximumCollectionCount
;
1237 } FILE_PIPE_REMOTE_INFORMATION
, *PFILE_PIPE_REMOTE_INFORMATION
;
1239 typedef struct _FILE_PIPE_WAIT_FOR_BUFFER
{
1240 LARGE_INTEGER Timeout
;
1242 BOOLEAN TimeoutSpecified
;
1244 } FILE_PIPE_WAIT_FOR_BUFFER
, *PFILE_PIPE_WAIT_FOR_BUFFER
;
1246 typedef struct _FILE_QUOTA_INFORMATION
{
1247 ULONG NextEntryOffset
;
1249 LARGE_INTEGER ChangeTime
;
1250 LARGE_INTEGER QuotaUsed
;
1251 LARGE_INTEGER QuotaThreshold
;
1252 LARGE_INTEGER QuotaLimit
;
1254 } FILE_QUOTA_INFORMATION
, *PFILE_QUOTA_INFORMATION
;
1256 typedef struct _FILE_RENAME_INFORMATION
{
1257 BOOLEAN ReplaceIfExists
;
1258 HANDLE RootDirectory
;
1259 ULONG FileNameLength
;
1261 } FILE_RENAME_INFORMATION
, *PFILE_RENAME_INFORMATION
;
1263 typedef struct _FILE_STREAM_INFORMATION
{
1264 ULONG NextEntryOffset
;
1265 ULONG StreamNameLength
;
1266 LARGE_INTEGER StreamSize
;
1267 LARGE_INTEGER StreamAllocationSize
;
1268 WCHAR StreamName
[1];
1269 } FILE_STREAM_INFORMATION
, *PFILE_STREAM_INFORMATION
;
1271 typedef struct _FILE_TRACKING_INFORMATION
{
1272 HANDLE DestinationFile
;
1273 ULONG ObjectInformationLength
;
1274 CHAR ObjectInformation
[1];
1275 } FILE_TRACKING_INFORMATION
, *PFILE_TRACKING_INFORMATION
;
1277 typedef struct _FSRTL_COMMON_FCB_HEADER
{
1278 CSHORT NodeTypeCode
;
1279 CSHORT NodeByteSize
;
1281 UCHAR IsFastIoPossible
;
1282 #if (VER_PRODUCTBUILD >= 1381)
1285 #endif /* (VER_PRODUCTBUILD >= 1381) */
1286 PERESOURCE Resource
;
1287 PERESOURCE PagingIoResource
;
1288 LARGE_INTEGER AllocationSize
;
1289 LARGE_INTEGER FileSize
;
1290 LARGE_INTEGER ValidDataLength
;
1291 } FSRTL_COMMON_FCB_HEADER
, *PFSRTL_COMMON_FCB_HEADER
;
1293 typedef struct _GENERATE_NAME_CONTEXT
{
1295 BOOLEAN CheckSumInserted
;
1297 WCHAR NameBuffer
[8];
1298 ULONG ExtensionLength
;
1299 WCHAR ExtensionBuffer
[4];
1300 ULONG LastIndexValue
;
1301 } GENERATE_NAME_CONTEXT
, *PGENERATE_NAME_CONTEXT
;
1303 typedef struct _HANDLE_TABLE_ENTRY
{
1305 ULONG ObjectAttributes
;
1306 ULONG GrantedAccess
;
1307 USHORT GrantedAccessIndex
;
1308 USHORT CreatorBackTraceIndex
;
1309 ULONG NextFreeTableEntry
;
1310 } HANDLE_TABLE_ENTRY
, *PHANDLE_TABLE_ENTRY
;
1312 typedef struct _MAPPING_PAIR
{
1315 } MAPPING_PAIR
, *PMAPPING_PAIR
;
1317 typedef struct _GET_RETRIEVAL_DESCRIPTOR
{
1318 ULONG NumberOfPairs
;
1320 MAPPING_PAIR Pair
[1];
1321 } GET_RETRIEVAL_DESCRIPTOR
, *PGET_RETRIEVAL_DESCRIPTOR
;
1323 typedef struct _IO_CLIENT_EXTENSION
{
1324 struct _IO_CLIENT_EXTENSION
*NextExtension
;
1325 PVOID ClientIdentificationAddress
;
1326 } IO_CLIENT_EXTENSION
, *PIO_CLIENT_EXTENSION
;
1328 typedef struct _IO_COMPLETION_BASIC_INFORMATION
{
1330 } IO_COMPLETION_BASIC_INFORMATION
, *PIO_COMPLETION_BASIC_INFORMATION
;
1332 typedef struct _KEVENT_PAIR
{
1337 } KEVENT_PAIR
, *PKEVENT_PAIR
;
1339 typedef struct _KQUEUE
{
1340 DISPATCHER_HEADER Header
;
1341 LIST_ENTRY EntryListHead
;
1344 LIST_ENTRY ThreadListHead
;
1345 } KQUEUE
, *PKQUEUE
, *RESTRICTED_POINTER PRKQUEUE
;
1347 typedef struct _MAILSLOT_CREATE_PARAMETERS
{
1348 ULONG MailslotQuota
;
1349 ULONG MaximumMessageSize
;
1350 LARGE_INTEGER ReadTimeout
;
1351 BOOLEAN TimeoutSpecified
;
1352 } MAILSLOT_CREATE_PARAMETERS
, *PMAILSLOT_CREATE_PARAMETERS
;
1354 typedef struct _MBCB
{
1355 CSHORT NodeTypeCode
;
1356 CSHORT NodeIsInZone
;
1360 LIST_ENTRY BitmapRanges
;
1361 LONGLONG ResumeWritePage
;
1362 BITMAP_RANGE BitmapRange1
;
1363 BITMAP_RANGE BitmapRange2
;
1364 BITMAP_RANGE BitmapRange3
;
1367 typedef struct _MOVEFILE_DESCRIPTOR
{
1370 LARGE_INTEGER StartVcn
;
1371 LARGE_INTEGER TargetLcn
;
1374 } MOVEFILE_DESCRIPTOR
, *PMOVEFILE_DESCRIPTOR
;
1376 typedef struct _NAMED_PIPE_CREATE_PARAMETERS
{
1377 ULONG NamedPipeType
;
1379 ULONG CompletionMode
;
1380 ULONG MaximumInstances
;
1382 ULONG OutboundQuota
;
1383 LARGE_INTEGER DefaultTimeout
;
1384 BOOLEAN TimeoutSpecified
;
1385 } NAMED_PIPE_CREATE_PARAMETERS
, *PNAMED_PIPE_CREATE_PARAMETERS
;
1387 typedef struct _OBJECT_BASIC_INFO
{
1389 ACCESS_MASK GrantedAccess
;
1391 ULONG ReferenceCount
;
1392 ULONG PagedPoolUsage
;
1393 ULONG NonPagedPoolUsage
;
1395 ULONG NameInformationLength
;
1396 ULONG TypeInformationLength
;
1397 ULONG SecurityDescriptorLength
;
1398 LARGE_INTEGER CreateTime
;
1399 } OBJECT_BASIC_INFO
, *POBJECT_BASIC_INFO
;
1401 typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFO
{
1403 BOOLEAN ProtectFromClose
;
1404 } OBJECT_HANDLE_ATTRIBUTE_INFO
, *POBJECT_HANDLE_ATTRIBUTE_INFO
;
1406 typedef struct _OBJECT_NAME_INFO
{
1407 UNICODE_STRING ObjectName
;
1408 WCHAR ObjectNameBuffer
[1];
1409 } OBJECT_NAME_INFO
, *POBJECT_NAME_INFO
;
1411 typedef struct _OBJECT_PROTECTION_INFO
{
1413 BOOLEAN ProtectHandle
;
1414 } OBJECT_PROTECTION_INFO
, *POBJECT_PROTECTION_INFO
;
1416 typedef struct _OBJECT_TYPE_INFO
{
1417 UNICODE_STRING ObjectTypeName
;
1418 UCHAR Unknown
[0x58];
1419 WCHAR ObjectTypeNameBuffer
[1];
1420 } OBJECT_TYPE_INFO
, *POBJECT_TYPE_INFO
;
1422 typedef struct _OBJECT_ALL_TYPES_INFO
{
1423 ULONG NumberOfObjectTypes
;
1424 OBJECT_TYPE_INFO ObjectsTypeInfo
[1];
1425 } OBJECT_ALL_TYPES_INFO
, *POBJECT_ALL_TYPES_INFO
;
1427 typedef struct _PAGEFAULT_HISTORY
{
1430 KSPIN_LOCK SpinLock
;
1432 PROCESS_WS_WATCH_INFORMATION WatchInfo
[1];
1433 } PAGEFAULT_HISTORY
, *PPAGEFAULT_HISTORY
;
1435 typedef struct _PATHNAME_BUFFER
{
1436 ULONG PathNameLength
;
1438 } PATHNAME_BUFFER
, *PPATHNAME_BUFFER
;
1440 #if (VER_PRODUCTBUILD >= 2600)
1442 typedef struct _PRIVATE_CACHE_MAP_FLAGS
{
1444 ULONG ReadAheadActive
: 1;
1445 ULONG ReadAheadEnabled
: 1;
1446 ULONG Available
: 14;
1447 } PRIVATE_CACHE_MAP_FLAGS
, *PPRIVATE_CACHE_MAP_FLAGS
;
1449 typedef struct _PRIVATE_CACHE_MAP
{
1450 _ANONYMOUS_UNION
union {
1451 CSHORT NodeTypeCode
;
1452 PRIVATE_CACHE_MAP_FLAGS Flags
;
1455 ULONG ReadAheadMask
;
1456 PFILE_OBJECT FileObject
;
1457 LARGE_INTEGER FileOffset1
;
1458 LARGE_INTEGER BeyondLastByte1
;
1459 LARGE_INTEGER FileOffset2
;
1460 LARGE_INTEGER BeyondLastByte2
;
1461 LARGE_INTEGER ReadAheadOffset
[2];
1462 ULONG ReadAheadLength
[2];
1463 KSPIN_LOCK ReadAheadSpinLock
;
1464 LIST_ENTRY PrivateLinks
;
1465 } PRIVATE_CACHE_MAP
, *PPRIVATE_CACHE_MAP
;
1469 typedef struct _PS_IMPERSONATION_INFORMATION
{
1470 PACCESS_TOKEN Token
;
1472 BOOLEAN EffectiveOnly
;
1473 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
;
1474 } PS_IMPERSONATION_INFORMATION
, *PPS_IMPERSONATION_INFORMATION
;
1476 typedef struct _PUBLIC_BCB
{
1477 CSHORT NodeTypeCode
;
1478 CSHORT NodeByteSize
;
1480 LARGE_INTEGER MappedFileOffset
;
1481 } PUBLIC_BCB
, *PPUBLIC_BCB
;
1483 typedef struct _QUERY_PATH_REQUEST
{
1484 ULONG PathNameLength
;
1485 PIO_SECURITY_CONTEXT SecurityContext
;
1486 WCHAR FilePathName
[1];
1487 } QUERY_PATH_REQUEST
, *PQUERY_PATH_REQUEST
;
1489 typedef struct _QUERY_PATH_RESPONSE
{
1490 ULONG LengthAccepted
;
1491 } QUERY_PATH_RESPONSE
, *PQUERY_PATH_RESPONSE
;
1493 typedef struct _RETRIEVAL_POINTERS_BUFFER
{
1495 LARGE_INTEGER StartingVcn
;
1497 LARGE_INTEGER NextVcn
;
1500 } RETRIEVAL_POINTERS_BUFFER
, *PRETRIEVAL_POINTERS_BUFFER
;
1502 typedef struct _RTL_SPLAY_LINKS
{
1503 struct _RTL_SPLAY_LINKS
*Parent
;
1504 struct _RTL_SPLAY_LINKS
*LeftChild
;
1505 struct _RTL_SPLAY_LINKS
*RightChild
;
1506 } RTL_SPLAY_LINKS
, *PRTL_SPLAY_LINKS
;
1508 typedef struct _SE_EXPORTS
{
1510 LUID SeCreateTokenPrivilege
;
1511 LUID SeAssignPrimaryTokenPrivilege
;
1512 LUID SeLockMemoryPrivilege
;
1513 LUID SeIncreaseQuotaPrivilege
;
1514 LUID SeUnsolicitedInputPrivilege
;
1515 LUID SeTcbPrivilege
;
1516 LUID SeSecurityPrivilege
;
1517 LUID SeTakeOwnershipPrivilege
;
1518 LUID SeLoadDriverPrivilege
;
1519 LUID SeCreatePagefilePrivilege
;
1520 LUID SeIncreaseBasePriorityPrivilege
;
1521 LUID SeSystemProfilePrivilege
;
1522 LUID SeSystemtimePrivilege
;
1523 LUID SeProfileSingleProcessPrivilege
;
1524 LUID SeCreatePermanentPrivilege
;
1525 LUID SeBackupPrivilege
;
1526 LUID SeRestorePrivilege
;
1527 LUID SeShutdownPrivilege
;
1528 LUID SeDebugPrivilege
;
1529 LUID SeAuditPrivilege
;
1530 LUID SeSystemEnvironmentPrivilege
;
1531 LUID SeChangeNotifyPrivilege
;
1532 LUID SeRemoteShutdownPrivilege
;
1537 PSID SeCreatorOwnerSid
;
1538 PSID SeCreatorGroupSid
;
1540 PSID SeNtAuthoritySid
;
1544 PSID SeInteractiveSid
;
1545 PSID SeLocalSystemSid
;
1546 PSID SeAliasAdminsSid
;
1547 PSID SeAliasUsersSid
;
1548 PSID SeAliasGuestsSid
;
1549 PSID SeAliasPowerUsersSid
;
1550 PSID SeAliasAccountOpsSid
;
1551 PSID SeAliasSystemOpsSid
;
1552 PSID SeAliasPrintOpsSid
;
1553 PSID SeAliasBackupOpsSid
;
1555 PSID SeAuthenticatedUsersSid
;
1557 PSID SeRestrictedSid
;
1558 PSID SeAnonymousLogonSid
;
1560 LUID SeUndockPrivilege
;
1561 LUID SeSyncAgentPrivilege
;
1562 LUID SeEnableDelegationPrivilege
;
1564 } SE_EXPORTS
, *PSE_EXPORTS
;
1566 typedef struct _SECTION_BASIC_INFORMATION
{
1570 } SECTION_BASIC_INFORMATION
, *PSECTION_BASIC_INFORMATION
;
1572 typedef struct _SECTION_IMAGE_INFORMATION
{
1578 USHORT MinorSubsystemVersion
;
1579 USHORT MajorSubsystemVersion
;
1581 ULONG Characteristics
;
1586 } SECTION_IMAGE_INFORMATION
, *PSECTION_IMAGE_INFORMATION
;
1588 #if (VER_PRODUCTBUILD >= 2600)
1590 typedef struct _SHARED_CACHE_MAP
{
1591 CSHORT NodeTypeCode
;
1592 CSHORT NodeByteSize
;
1594 LARGE_INTEGER FileSize
;
1596 LARGE_INTEGER SectionSize
;
1597 LARGE_INTEGER ValidDataLength
;
1598 LARGE_INTEGER ValidDataGoal
;
1599 PVACB InitialVacbs
[4];
1601 PFILE_OBJECT FileObject
;
1605 ULONG NeedToZeroPage
;
1606 KSPIN_LOCK ActiveVacbSpinLock
;
1607 ULONG VacbActiveCount
;
1609 LIST_ENTRY SharedCacheMapLinks
;
1614 PKEVENT CreateEvent
;
1615 PKEVENT WaitOnActiveCount
;
1617 LONGLONG BeyondLastFlush
;
1618 PCACHE_MANAGER_CALLBACKS Callbacks
;
1619 PVOID LazyWriteContext
;
1620 LIST_ENTRY PrivateList
;
1622 PVOID FlushToLsnRoutine
;
1623 ULONG DirtyPageThreshold
;
1624 ULONG LazyWritePassCount
;
1625 PCACHE_UNINITIALIZE_EVENT UninitializeEvent
;
1626 PVACB NeedToZeroVacb
;
1627 KSPIN_LOCK BcbSpinLock
;
1630 EX_PUSH_LOCK VacbPushLock
;
1631 PRIVATE_CACHE_MAP PrivateCacheMap
;
1632 } SHARED_CACHE_MAP
, *PSHARED_CACHE_MAP
;
1636 typedef struct _STARTING_VCN_INPUT_BUFFER
{
1637 LARGE_INTEGER StartingVcn
;
1638 } STARTING_VCN_INPUT_BUFFER
, *PSTARTING_VCN_INPUT_BUFFER
;
1640 typedef struct _SYSTEM_CACHE_INFORMATION
{
1643 ULONG PageFaultCount
;
1644 ULONG MinimumWorkingSet
;
1645 ULONG MaximumWorkingSet
;
1647 } SYSTEM_CACHE_INFORMATION
, *PSYSTEM_CACHE_INFORMATION
;
1649 typedef struct _TERMINATION_PORT
{
1650 struct _TERMINATION_PORT
* Next
;
1652 } TERMINATION_PORT
, *PTERMINATION_PORT
;
1654 typedef struct _SECURITY_CLIENT_CONTEXT
{
1655 SECURITY_QUALITY_OF_SERVICE SecurityQos
;
1656 PACCESS_TOKEN ClientToken
;
1657 BOOLEAN DirectlyAccessClientToken
;
1658 BOOLEAN DirectAccessEffectiveOnly
;
1659 BOOLEAN ServerIsRemote
;
1660 TOKEN_CONTROL ClientTokenControl
;
1661 } SECURITY_CLIENT_CONTEXT
, *PSECURITY_CLIENT_CONTEXT
;
1663 typedef struct _TUNNEL
{
1665 PRTL_SPLAY_LINKS Cache
;
1666 LIST_ENTRY TimerQueue
;
1670 typedef struct _VACB
{
1672 PSHARED_CACHE_MAP SharedCacheMap
;
1674 LARGE_INTEGER FileOffset
;
1680 typedef struct _VAD_HEADER
{
1683 PVAD_HEADER ParentLink
;
1684 PVAD_HEADER LeftLink
;
1685 PVAD_HEADER RightLink
;
1686 ULONG Flags
; /* LSB = CommitCharge */
1688 PVOID FirstProtoPte
;
1692 } VAD_HEADER
, *PVAD_HEADER
;
1698 IN PFILE_OBJECT FileObject
,
1699 IN ULONG BytesToWrite
,
1708 IN PFILE_OBJECT FileObject
,
1709 IN PLARGE_INTEGER FileOffset
,
1713 OUT PIO_STATUS_BLOCK IoStatus
1720 IN PFILE_OBJECT FileObject
,
1721 IN PLARGE_INTEGER FileOffset
,
1727 #define CcCopyWriteWontFlush(FO, FOFF, LEN) ((LEN) <= 0x10000)
1729 typedef VOID (NTAPI
*PCC_POST_DEFERRED_WRITE
) (
1738 IN PFILE_OBJECT FileObject
,
1739 IN PCC_POST_DEFERRED_WRITE PostRoutine
,
1742 IN ULONG BytesToWrite
,
1750 IN PFILE_OBJECT FileObject
,
1751 IN ULONG FileOffset
,
1755 OUT PIO_STATUS_BLOCK IoStatus
1762 IN PFILE_OBJECT FileObject
,
1763 IN ULONG FileOffset
,
1772 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
1773 IN PLARGE_INTEGER FileOffset OPTIONAL
,
1775 OUT PIO_STATUS_BLOCK IoStatus OPTIONAL
1778 typedef VOID (*PDIRTY_PAGE_ROUTINE
) (
1779 IN PFILE_OBJECT FileObject
,
1780 IN PLARGE_INTEGER FileOffset
,
1782 IN PLARGE_INTEGER OldestLsn
,
1783 IN PLARGE_INTEGER NewestLsn
,
1793 IN PDIRTY_PAGE_ROUTINE DirtyPageRoutine
,
1801 CcGetFileObjectFromBcb (
1808 CcGetFileObjectFromSectionPtrs (
1809 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
1812 #define CcGetFileSizePointer(FO) ( \
1813 ((PLARGE_INTEGER)((FO)->SectionObjectPointer->SharedCacheMap) + 1) \
1816 #if (VER_PRODUCTBUILD >= 2195)
1821 CcGetFlushedValidData (
1822 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
1823 IN BOOLEAN BcbListHeld
1826 #endif /* (VER_PRODUCTBUILD >= 2195) */
1830 CcGetLsnForFileObject (
1831 IN PFILE_OBJECT FileObject
,
1832 OUT PLARGE_INTEGER OldestLsn OPTIONAL
1835 typedef BOOLEAN (NTAPI
*PACQUIRE_FOR_LAZY_WRITE
) (
1840 typedef VOID (NTAPI
*PRELEASE_FROM_LAZY_WRITE
) (
1844 typedef BOOLEAN (NTAPI
*PACQUIRE_FOR_READ_AHEAD
) (
1849 typedef VOID (NTAPI
*PRELEASE_FROM_READ_AHEAD
) (
1853 typedef struct _CACHE_MANAGER_CALLBACKS
{
1854 PACQUIRE_FOR_LAZY_WRITE AcquireForLazyWrite
;
1855 PRELEASE_FROM_LAZY_WRITE ReleaseFromLazyWrite
;
1856 PACQUIRE_FOR_READ_AHEAD AcquireForReadAhead
;
1857 PRELEASE_FROM_READ_AHEAD ReleaseFromReadAhead
;
1858 } CACHE_MANAGER_CALLBACKS
, *PCACHE_MANAGER_CALLBACKS
;
1863 CcInitializeCacheMap (
1864 IN PFILE_OBJECT FileObject
,
1865 IN PCC_FILE_SIZES FileSizes
,
1866 IN BOOLEAN PinAccess
,
1867 IN PCACHE_MANAGER_CALLBACKS Callbacks
,
1868 IN PVOID LazyWriteContext
1871 #define CcIsFileCached(FO) ( \
1872 ((FO)->SectionObjectPointer != NULL) && \
1873 (((PSECTION_OBJECT_POINTERS)(FO)->SectionObjectPointer)->SharedCacheMap != NULL) \
1879 CcIsThereDirtyData (
1887 IN PFILE_OBJECT FileObject
,
1888 IN PLARGE_INTEGER FileOffset
,
1899 IN PFILE_OBJECT FileObject
,
1900 IN PLARGE_INTEGER FileOffset
,
1903 OUT PIO_STATUS_BLOCK IoStatus
1910 IN PFILE_OBJECT FileObject
,
1917 CcMdlWriteComplete (
1918 IN PFILE_OBJECT FileObject
,
1919 IN PLARGE_INTEGER FileOffset
,
1927 IN PFILE_OBJECT FileObject
,
1928 IN PLARGE_INTEGER FileOffset
,
1930 #if (VER_PRODUCTBUILD >= 2195)
1942 IN PFILE_OBJECT FileObject
,
1943 IN PLARGE_INTEGER FileOffset
,
1945 #if (VER_PRODUCTBUILD >= 2195)
1958 IN PFILE_OBJECT FileObject
,
1959 IN PLARGE_INTEGER FileOffset
,
1962 OUT PIO_STATUS_BLOCK IoStatus
1969 IN PFILE_OBJECT FileObject
,
1970 IN PLARGE_INTEGER FileOffset
,
1973 #if (VER_PRODUCTBUILD >= 2195)
1985 CcPurgeCacheSection (
1986 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
1987 IN PLARGE_INTEGER FileOffset OPTIONAL
,
1989 IN BOOLEAN UninitializeCacheMaps
1992 #define CcReadAhead(FO, FOFF, LEN) ( \
1993 if ((LEN) >= 256) { \
1994 CcScheduleReadAhead((FO), (FOFF), (LEN)); \
1998 #if (VER_PRODUCTBUILD >= 2195)
2007 #endif /* (VER_PRODUCTBUILD >= 2195) */
2019 CcScheduleReadAhead (
2020 IN PFILE_OBJECT FileObject
,
2021 IN PLARGE_INTEGER FileOffset
,
2028 CcSetAdditionalCacheAttributes (
2029 IN PFILE_OBJECT FileObject
,
2030 IN BOOLEAN DisableReadAhead
,
2031 IN BOOLEAN DisableWriteBehind
2037 CcSetBcbOwnerPointer (
2039 IN PVOID OwnerPointer
2045 CcSetDirtyPageThreshold (
2046 IN PFILE_OBJECT FileObject
,
2047 IN ULONG DirtyPageThreshold
2053 CcSetDirtyPinnedData (
2055 IN PLARGE_INTEGER Lsn OPTIONAL
2062 IN PFILE_OBJECT FileObject
,
2063 IN PCC_FILE_SIZES FileSizes
2066 typedef VOID (NTAPI
*PFLUSH_TO_LSN
) (
2068 IN PLARGE_INTEGER Lsn
2074 CcSetLogHandleForFile (
2075 IN PFILE_OBJECT FileObject
,
2077 IN PFLUSH_TO_LSN FlushToLsnRoutine
2083 CcSetReadAheadGranularity (
2084 IN PFILE_OBJECT FileObject
,
2085 IN ULONG Granularity
/* default: PAGE_SIZE */
2086 /* allowed: 2^n * PAGE_SIZE */
2092 CcUninitializeCacheMap (
2093 IN PFILE_OBJECT FileObject
,
2094 IN PLARGE_INTEGER TruncateSize OPTIONAL
,
2095 IN PCACHE_UNINITIALIZE_EVENT UninitializeCompleteEvent OPTIONAL
2108 CcUnpinDataForThread (
2110 IN ERESOURCE_THREAD ResourceThreadId
2116 CcUnpinRepinnedBcb (
2118 IN BOOLEAN WriteThrough
,
2119 OUT PIO_STATUS_BLOCK IoStatus
2122 #if (VER_PRODUCTBUILD >= 2195)
2127 CcWaitForCurrentLazyWriterActivity (
2131 #endif /* (VER_PRODUCTBUILD >= 2195) */
2137 IN PFILE_OBJECT FileObject
,
2138 IN PLARGE_INTEGER StartOffset
,
2139 IN PLARGE_INTEGER EndOffset
,
2146 ExDisableResourceBoostLite (
2147 IN PERESOURCE Resource
2153 ExQueryPoolBlockSize (
2155 OUT PBOOLEAN QuotaCharged
2158 #define FlagOn(x, f) ((x) & (f))
2163 FsRtlAddToTunnelCache (
2165 IN ULONGLONG DirectoryKey
,
2166 IN PUNICODE_STRING ShortName
,
2167 IN PUNICODE_STRING LongName
,
2168 IN BOOLEAN KeyByShortName
,
2169 IN ULONG DataLength
,
2173 #if (VER_PRODUCTBUILD >= 2195)
2177 FsRtlAllocateFileLock (
2178 IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL
,
2179 IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL
2182 #endif /* (VER_PRODUCTBUILD >= 2195) */
2188 IN POOL_TYPE PoolType
,
2189 IN ULONG NumberOfBytes
2195 FsRtlAllocatePoolWithQuota (
2196 IN POOL_TYPE PoolType
,
2197 IN ULONG NumberOfBytes
2203 FsRtlAllocatePoolWithQuotaTag (
2204 IN POOL_TYPE PoolType
,
2205 IN ULONG NumberOfBytes
,
2212 FsRtlAllocatePoolWithTag (
2213 IN POOL_TYPE PoolType
,
2214 IN ULONG NumberOfBytes
,
2221 FsRtlAreNamesEqual (
2222 IN PUNICODE_STRING Name1
,
2223 IN PUNICODE_STRING Name2
,
2224 IN BOOLEAN IgnoreCase
,
2225 IN PWCHAR UpcaseTable OPTIONAL
2228 #define FsRtlAreThereCurrentFileLocks(FL) ( \
2229 ((FL)->FastIoIsQuestionable) \
2233 FsRtlCheckLockForReadAccess:
2235 All this really does is pick out the lock parameters from the irp (io stack
2236 location?), get IoGetRequestorProcess, and pass values on to
2237 FsRtlFastCheckLockForRead.
2242 FsRtlCheckLockForReadAccess (
2243 IN PFILE_LOCK FileLock
,
2248 FsRtlCheckLockForWriteAccess:
2250 All this really does is pick out the lock parameters from the irp (io stack
2251 location?), get IoGetRequestorProcess, and pass values on to
2252 FsRtlFastCheckLockForWrite.
2257 FsRtlCheckLockForWriteAccess (
2258 IN PFILE_LOCK FileLock
,
2264 (*POPLOCK_WAIT_COMPLETE_ROUTINE
) (
2271 (*POPLOCK_FS_PREPOST_IRP
) (
2283 IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL
,
2284 IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL
2291 IN PFILE_OBJECT FileObject
,
2292 IN PLARGE_INTEGER FileOffset
,
2297 OUT PIO_STATUS_BLOCK IoStatus
,
2298 IN PDEVICE_OBJECT DeviceObject
2305 IN PFILE_OBJECT FileObject
,
2306 IN PLARGE_INTEGER FileOffset
,
2311 OUT PIO_STATUS_BLOCK IoStatus
,
2312 IN PDEVICE_OBJECT DeviceObject
2318 FsRtlCurrentBatchOplock (
2325 FsRtlDeleteKeyFromTunnelCache (
2327 IN ULONGLONG DirectoryKey
2333 FsRtlDeleteTunnelCache (
2340 FsRtlDeregisterUncProvider (
2347 FsRtlDoesNameContainWildCards (
2348 IN PUNICODE_STRING Name
2351 #define FsRtlEnterFileSystem KeEnterCriticalRegion
2353 #define FsRtlExitFileSystem KeLeaveCriticalRegion
2358 FsRtlFastCheckLockForRead (
2359 IN PFILE_LOCK FileLock
,
2360 IN PLARGE_INTEGER FileOffset
,
2361 IN PLARGE_INTEGER Length
,
2363 IN PFILE_OBJECT FileObject
,
2364 IN PEPROCESS Process
2370 FsRtlFastCheckLockForWrite (
2371 IN PFILE_LOCK FileLock
,
2372 IN PLARGE_INTEGER FileOffset
,
2373 IN PLARGE_INTEGER Length
,
2375 IN PFILE_OBJECT FileObject
,
2376 IN PEPROCESS Process
2379 #define FsRtlFastLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, A10, A11) ( \
2380 FsRtlPrivateLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, NULL, A10, A11) \
2386 FsRtlFastUnlockAll (
2387 IN PFILE_LOCK FileLock
,
2388 IN PFILE_OBJECT FileObject
,
2389 IN PEPROCESS Process
,
2390 IN PVOID Context OPTIONAL
2392 /* ret: STATUS_RANGE_NOT_LOCKED */
2397 FsRtlFastUnlockAllByKey (
2398 IN PFILE_LOCK FileLock
,
2399 IN PFILE_OBJECT FileObject
,
2400 IN PEPROCESS Process
,
2402 IN PVOID Context OPTIONAL
2404 /* ret: STATUS_RANGE_NOT_LOCKED */
2409 FsRtlFastUnlockSingle (
2410 IN PFILE_LOCK FileLock
,
2411 IN PFILE_OBJECT FileObject
,
2412 IN PLARGE_INTEGER FileOffset
,
2413 IN PLARGE_INTEGER Length
,
2414 IN PEPROCESS Process
,
2416 IN PVOID Context OPTIONAL
,
2417 IN BOOLEAN AlreadySynchronized
2419 /* ret: STATUS_RANGE_NOT_LOCKED */
2424 FsRtlFindInTunnelCache (
2426 IN ULONGLONG DirectoryKey
,
2427 IN PUNICODE_STRING Name
,
2428 OUT PUNICODE_STRING ShortName
,
2429 OUT PUNICODE_STRING LongName
,
2430 IN OUT PULONG DataLength
,
2434 #if (VER_PRODUCTBUILD >= 2195)
2440 IN PFILE_LOCK FileLock
2443 #endif /* (VER_PRODUCTBUILD >= 2195) */
2449 IN PFILE_OBJECT FileObject
,
2450 IN OUT PLARGE_INTEGER FileSize
2454 FsRtlGetNextFileLock:
2456 ret: NULL if no more locks
2459 FsRtlGetNextFileLock uses FileLock->LastReturnedLockInfo and
2460 FileLock->LastReturnedLock as storage.
2461 LastReturnedLock is a pointer to the 'raw' lock inkl. double linked
2462 list, and FsRtlGetNextFileLock needs this to get next lock on subsequent
2463 calls with Restart = FALSE.
2468 FsRtlGetNextFileLock (
2469 IN PFILE_LOCK FileLock
,
2476 FsRtlInitializeFileLock (
2477 IN PFILE_LOCK FileLock
,
2478 IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL
,
2479 IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL
2485 FsRtlInitializeOplock (
2486 IN OUT POPLOCK Oplock
2492 FsRtlInitializeTunnelCache (
2499 FsRtlIsNameInExpression (
2500 IN PUNICODE_STRING Expression
,
2501 IN PUNICODE_STRING Name
,
2502 IN BOOLEAN IgnoreCase
,
2503 IN PWCHAR UpcaseTable OPTIONAL
2509 FsRtlIsNtstatusExpected (
2510 IN NTSTATUS Ntstatus
2513 #define FsRtlIsUnicodeCharacterWild(C) ( \
2516 FlagOn((*FsRtlLegalAnsiCharacterArray)[(C)], FSRTL_WILD_CHARACTER )) \
2522 FsRtlMdlReadComplete (
2523 IN PFILE_OBJECT FileObject
,
2530 FsRtlMdlReadCompleteDev (
2531 IN PFILE_OBJECT FileObject
,
2533 IN PDEVICE_OBJECT DeviceObject
2539 FsRtlMdlWriteComplete (
2540 IN PFILE_OBJECT FileObject
,
2541 IN PLARGE_INTEGER FileOffset
,
2548 FsRtlMdlWriteCompleteDev (
2549 IN PFILE_OBJECT FileObject
,
2550 IN PLARGE_INTEGER FileOffset
,
2552 IN PDEVICE_OBJECT DeviceObject
2558 FsRtlNormalizeNtstatus (
2559 IN NTSTATUS Exception
,
2560 IN NTSTATUS GenericException
2566 FsRtlNotifyChangeDirectory (
2567 IN PNOTIFY_SYNC NotifySync
,
2569 IN PSTRING FullDirectoryName
,
2570 IN PLIST_ENTRY NotifyList
,
2571 IN BOOLEAN WatchTree
,
2572 IN ULONG CompletionFilter
,
2579 FsRtlNotifyCleanup (
2580 IN PNOTIFY_SYNC NotifySync
,
2581 IN PLIST_ENTRY NotifyList
,
2585 typedef BOOLEAN (*PCHECK_FOR_TRAVERSE_ACCESS
) (
2586 IN PVOID NotifyContext
,
2587 IN PVOID TargetContext
,
2588 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
2594 FsRtlNotifyFullChangeDirectory (
2595 IN PNOTIFY_SYNC NotifySync
,
2596 IN PLIST_ENTRY NotifyList
,
2598 IN PSTRING FullDirectoryName
,
2599 IN BOOLEAN WatchTree
,
2600 IN BOOLEAN IgnoreBuffer
,
2601 IN ULONG CompletionFilter
,
2603 IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL
,
2604 IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL
2610 FsRtlNotifyFullReportChange (
2611 IN PNOTIFY_SYNC NotifySync
,
2612 IN PLIST_ENTRY NotifyList
,
2613 IN PSTRING FullTargetName
,
2614 IN USHORT TargetNameOffset
,
2615 IN PSTRING StreamName OPTIONAL
,
2616 IN PSTRING NormalizedParentName OPTIONAL
,
2617 IN ULONG FilterMatch
,
2619 IN PVOID TargetContext
2625 FsRtlNotifyInitializeSync (
2626 IN PNOTIFY_SYNC NotifySync
2632 FsRtlNotifyReportChange (
2633 IN PNOTIFY_SYNC NotifySync
,
2634 IN PLIST_ENTRY NotifyList
,
2635 IN PSTRING FullTargetName
,
2636 IN PUSHORT FileNamePartLength
,
2637 IN ULONG FilterMatch
2643 FsRtlNotifyUninitializeSync (
2644 IN PNOTIFY_SYNC NotifySync
2647 #if (VER_PRODUCTBUILD >= 2195)
2652 FsRtlNotifyVolumeEvent (
2653 IN PFILE_OBJECT FileObject
,
2657 #endif /* (VER_PRODUCTBUILD >= 2195) */
2671 FsRtlOplockIsFastIoPossible (
2678 ret: IoStatus->Status: STATUS_PENDING, STATUS_LOCK_NOT_GRANTED
2681 -Calls IoCompleteRequest if Irp
2682 -Uses exception handling / ExRaiseStatus with STATUS_INSUFFICIENT_RESOURCES
2688 IN PFILE_LOCK FileLock
,
2689 IN PFILE_OBJECT FileObject
,
2690 IN PLARGE_INTEGER FileOffset
,
2691 IN PLARGE_INTEGER Length
,
2692 IN PEPROCESS Process
,
2694 IN BOOLEAN FailImmediately
,
2695 IN BOOLEAN ExclusiveLock
,
2696 OUT PIO_STATUS_BLOCK IoStatus
,
2697 IN PIRP Irp OPTIONAL
,
2699 IN BOOLEAN AlreadySynchronized
2703 FsRtlProcessFileLock:
2706 -STATUS_INVALID_DEVICE_REQUEST
2707 -STATUS_RANGE_NOT_LOCKED from unlock routines.
2708 -STATUS_PENDING, STATUS_LOCK_NOT_GRANTED from FsRtlPrivateLock
2709 (redirected IoStatus->Status).
2712 -switch ( Irp->CurrentStackLocation->MinorFunction )
2713 lock: return FsRtlPrivateLock;
2714 unlocksingle: return FsRtlFastUnlockSingle;
2715 unlockall: return FsRtlFastUnlockAll;
2716 unlockallbykey: return FsRtlFastUnlockAllByKey;
2717 default: IofCompleteRequest with STATUS_INVALID_DEVICE_REQUEST;
2718 return STATUS_INVALID_DEVICE_REQUEST;
2720 -'AllwaysZero' is passed thru as 'AllwaysZero' to lock / unlock routines.
2721 -'Irp' is passet thru as 'Irp' to FsRtlPrivateLock.
2726 FsRtlProcessFileLock (
2727 IN PFILE_LOCK FileLock
,
2729 IN PVOID Context OPTIONAL
2735 FsRtlRegisterUncProvider (
2736 IN OUT PHANDLE MupHandle
,
2737 IN PUNICODE_STRING RedirectorDeviceName
,
2738 IN BOOLEAN MailslotsSupported
2744 FsRtlUninitializeFileLock (
2745 IN PFILE_LOCK FileLock
2751 FsRtlUninitializeOplock (
2752 IN OUT POPLOCK Oplock
2765 HalQueryRealTimeClock (
2766 IN OUT PTIME_FIELDS TimeFields
2772 HalSetRealTimeClock (
2773 IN PTIME_FIELDS TimeFields
2776 #define InitializeMessageHeader(m, l, t) { \
2777 (m)->Length = (USHORT)(l); \
2778 (m)->DataLength = (USHORT)(l - sizeof( LPC_MESSAGE )); \
2779 (m)->MessageType = (USHORT)(t); \
2780 (m)->DataInfoOffset = 0; \
2786 IoAcquireVpbSpinLock (
2793 IoCheckDesiredAccess (
2794 IN OUT PACCESS_MASK DesiredAccess
,
2795 IN ACCESS_MASK GrantedAccess
2801 IoCheckEaBufferValidity (
2802 IN PFILE_FULL_EA_INFORMATION EaBuffer
,
2804 OUT PULONG ErrorOffset
2810 IoCheckFunctionAccess (
2811 IN ACCESS_MASK GrantedAccess
,
2812 IN UCHAR MajorFunction
,
2813 IN UCHAR MinorFunction
,
2814 IN ULONG IoControlCode
,
2815 IN PFILE_INFORMATION_CLASS FileInformationClass OPTIONAL
,
2816 IN PFS_INFORMATION_CLASS FsInformationClass OPTIONAL
2819 #if (VER_PRODUCTBUILD >= 2195)
2824 IoCheckQuotaBufferValidity (
2825 IN PFILE_QUOTA_INFORMATION QuotaBuffer
,
2826 IN ULONG QuotaLength
,
2827 OUT PULONG ErrorOffset
2830 #endif /* (VER_PRODUCTBUILD >= 2195) */
2835 IoCreateStreamFileObject (
2836 IN PFILE_OBJECT FileObject OPTIONAL
,
2837 IN PDEVICE_OBJECT DeviceObject OPTIONAL
2840 #if (VER_PRODUCTBUILD >= 2195)
2845 IoCreateStreamFileObjectLite (
2846 IN PFILE_OBJECT FileObject OPTIONAL
,
2847 IN PDEVICE_OBJECT DeviceObject OPTIONAL
2850 #endif /* (VER_PRODUCTBUILD >= 2195) */
2855 IoFastQueryNetworkAttributes (
2856 IN POBJECT_ATTRIBUTES ObjectAttributes
,
2857 IN ACCESS_MASK DesiredAccess
,
2858 IN ULONG OpenOptions
,
2859 OUT PIO_STATUS_BLOCK IoStatus
,
2860 OUT PFILE_NETWORK_OPEN_INFORMATION Buffer
2866 IoGetAttachedDevice (
2867 IN PDEVICE_OBJECT DeviceObject
2873 IoGetBaseFileSystemDeviceObject (
2874 IN PFILE_OBJECT FileObject
2880 IoGetRequestorProcess (
2884 #if (VER_PRODUCTBUILD >= 2195)
2889 IoGetRequestorProcessId (
2893 #endif /* (VER_PRODUCTBUILD >= 2195) */
2902 #define IoIsFileOpenedExclusively(FileObject) ( \
2904 (FileObject)->SharedRead || \
2905 (FileObject)->SharedWrite || \
2906 (FileObject)->SharedDelete \
2913 IoIsOperationSynchronous (
2924 #if (VER_PRODUCTBUILD >= 2195)
2929 IoIsValidNameGraftingBuffer (
2931 IN PREPARSE_DATA_BUFFER ReparseBuffer
2934 #endif /* (VER_PRODUCTBUILD >= 2195) */
2940 IN PFILE_OBJECT FileObject
,
2942 IN PLARGE_INTEGER Offset
,
2944 OUT PIO_STATUS_BLOCK IoStatusBlock
2950 IoQueryFileInformation (
2951 IN PFILE_OBJECT FileObject
,
2952 IN FILE_INFORMATION_CLASS FileInformationClass
,
2954 OUT PVOID FileInformation
,
2955 OUT PULONG ReturnedLength
2961 IoQueryVolumeInformation (
2962 IN PFILE_OBJECT FileObject
,
2963 IN FS_INFORMATION_CLASS FsInformationClass
,
2965 OUT PVOID FsInformation
,
2966 OUT PULONG ReturnedLength
2972 IoRegisterFileSystem (
2973 IN OUT PDEVICE_OBJECT DeviceObject
2976 #if (VER_PRODUCTBUILD >= 1381)
2978 typedef VOID (NTAPI
*PDRIVER_FS_NOTIFICATION
) (
2979 IN PDEVICE_OBJECT DeviceObject
,
2980 IN BOOLEAN DriverActive
2986 IoRegisterFsRegistrationChange (
2987 IN PDRIVER_OBJECT DriverObject
,
2988 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
2991 #endif /* (VER_PRODUCTBUILD >= 1381) */
2996 IoReleaseVpbSpinLock (
3003 IoSetDeviceToVerify (
3005 IN PDEVICE_OBJECT DeviceObject
3012 IN PFILE_OBJECT FileObject
,
3013 IN FILE_INFORMATION_CLASS FileInformationClass
,
3015 IN PVOID FileInformation
3028 IoSynchronousPageWrite (
3029 IN PFILE_OBJECT FileObject
,
3031 IN PLARGE_INTEGER FileOffset
,
3033 OUT PIO_STATUS_BLOCK IoStatusBlock
3046 IoUnregisterFileSystem (
3047 IN OUT PDEVICE_OBJECT DeviceObject
3050 #if (VER_PRODUCTBUILD >= 1381)
3055 IoUnregisterFsRegistrationChange (
3056 IN PDRIVER_OBJECT DriverObject
,
3057 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
3060 #endif /* (VER_PRODUCTBUILD >= 1381) */
3066 IN PDEVICE_OBJECT DeviceObject
,
3067 IN BOOLEAN AllowRawMount
3074 IN PEPROCESS Process
3089 IN ULONG Count OPTIONAL
3097 IN PLIST_ENTRY Entry
3105 IN PLIST_ENTRY Entry
3113 IN PVOID SystemArgument1
,
3114 IN PVOID SystemArgument2
,
3115 IN KPRIORITY PriorityBoost
3130 IN KPROCESSOR_MODE WaitMode
,
3131 IN PLARGE_INTEGER Timeout OPTIONAL
3141 #if (VER_PRODUCTBUILD >= 2195)
3146 KeStackAttachProcess (
3147 IN PKPROCESS Process
,
3148 OUT PKAPC_STATE ApcState
3154 KeUnstackDetachProcess (
3155 IN PKAPC_STATE ApcState
3158 #endif /* (VER_PRODUCTBUILD >= 2195) */
3163 MmCanFileBeTruncated (
3164 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
3165 IN PLARGE_INTEGER NewFileSize
3171 MmFlushImageSection (
3172 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
3173 IN MMFLUSH_TYPE FlushType
3179 MmForceSectionClosed (
3180 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
3181 IN BOOLEAN DelayClose
3184 #if (VER_PRODUCTBUILD >= 1381)
3189 MmIsRecursiveIoFault (
3195 #define MmIsRecursiveIoFault() ( \
3196 (PsGetCurrentThread()->DisablePageFaultClustering) | \
3197 (PsGetCurrentThread()->ForwardClusterOnly) \
3205 MmMapViewOfSection (
3206 IN PVOID SectionObject
,
3207 IN PEPROCESS Process
,
3208 IN OUT PVOID
*BaseAddress
,
3210 IN ULONG CommitSize
,
3211 IN OUT PLARGE_INTEGER SectionOffset OPTIONAL
,
3212 IN OUT PULONG ViewSize
,
3213 IN SECTION_INHERIT InheritDisposition
,
3214 IN ULONG AllocationType
,
3221 MmSetAddressRangeModified (
3230 IN KPROCESSOR_MODE ObjectAttributesAccessMode OPTIONAL
,
3231 IN POBJECT_TYPE ObjectType
,
3232 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
3233 IN KPROCESSOR_MODE AccessMode
,
3234 IN OUT PVOID ParseContext OPTIONAL
,
3235 IN ULONG ObjectSize
,
3236 IN ULONG PagedPoolCharge OPTIONAL
,
3237 IN ULONG NonPagedPoolCharge OPTIONAL
,
3244 ObGetObjectPointerCount (
3253 IN PACCESS_STATE PassedAccessState OPTIONAL
,
3254 IN ACCESS_MASK DesiredAccess
,
3255 IN ULONG AdditionalReferences
,
3256 OUT PVOID
*ReferencedObject OPTIONAL
,
3263 ObMakeTemporaryObject (
3270 ObOpenObjectByPointer (
3272 IN ULONG HandleAttributes
,
3273 IN PACCESS_STATE PassedAccessState OPTIONAL
,
3274 IN ACCESS_MASK DesiredAccess OPTIONAL
,
3275 IN POBJECT_TYPE ObjectType OPTIONAL
,
3276 IN KPROCESSOR_MODE AccessMode
,
3285 OUT POBJECT_NAME_INFORMATION ObjectNameInfo
,
3287 OUT PULONG ReturnLength
3293 ObQueryObjectAuditingByHandle (
3295 OUT PBOOLEAN GenerateOnClose
3301 ObReferenceObjectByName (
3302 IN PUNICODE_STRING ObjectName
,
3303 IN ULONG Attributes
,
3304 IN PACCESS_STATE PassedAccessState OPTIONAL
,
3305 IN ACCESS_MASK DesiredAccess OPTIONAL
,
3306 IN POBJECT_TYPE ObjectType
,
3307 IN KPROCESSOR_MODE AccessMode
,
3308 IN OUT PVOID ParseContext OPTIONAL
,
3316 IN PEPROCESS Process
,
3317 IN POOL_TYPE PoolType
,
3321 #define PsDereferenceImpersonationToken(T) \
3322 {if (ARGUMENT_PRESENT(T)) { \
3323 (ObDereferenceObject((T))); \
3329 #define PsDereferencePrimaryToken(T) (ObDereferenceObject((T)))
3334 PsGetProcessExitTime (
3341 PsIsThreadTerminating (
3348 PsLookupProcessByProcessId (
3350 OUT PEPROCESS
*Process
3356 PsLookupProcessThreadByCid (
3358 OUT PEPROCESS
*Process OPTIONAL
,
3359 OUT PETHREAD
*Thread
3365 PsLookupThreadByThreadId (
3366 IN PVOID UniqueThreadId
,
3367 OUT PETHREAD
*Thread
3373 PsReferenceImpersonationToken (
3375 OUT PBOOLEAN CopyOnUse
,
3376 OUT PBOOLEAN EffectiveOnly
,
3377 OUT PSECURITY_IMPERSONATION_LEVEL Level
3383 PsReferencePrimaryToken (
3384 IN PEPROCESS Process
3391 IN PEPROCESS Process
,
3392 IN POOL_TYPE PoolType
,
3406 RtlAbsoluteToSelfRelativeSD (
3407 IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor
,
3408 IN OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor
,
3409 IN PULONG BufferLength
3416 IN HANDLE HeapHandle
,
3425 IN USHORT CompressionFormatAndEngine
,
3426 IN PUCHAR UncompressedBuffer
,
3427 IN ULONG UncompressedBufferSize
,
3428 OUT PUCHAR CompressedBuffer
,
3429 IN ULONG CompressedBufferSize
,
3430 IN ULONG UncompressedChunkSize
,
3431 OUT PULONG FinalCompressedSize
,
3439 IN PUCHAR UncompressedBuffer
,
3440 IN ULONG UncompressedBufferSize
,
3441 OUT PUCHAR CompressedBuffer
,
3442 IN ULONG CompressedBufferSize
,
3443 IN OUT PCOMPRESSED_DATA_INFO CompressedDataInfo
,
3444 IN ULONG CompressedDataInfoLength
,
3451 RtlConvertSidToUnicodeString (
3452 OUT PUNICODE_STRING DestinationString
,
3454 IN BOOLEAN AllocateDestinationString
3462 IN PSID Destination
,
3469 RtlDecompressBuffer (
3470 IN USHORT CompressionFormat
,
3471 OUT PUCHAR UncompressedBuffer
,
3472 IN ULONG UncompressedBufferSize
,
3473 IN PUCHAR CompressedBuffer
,
3474 IN ULONG CompressedBufferSize
,
3475 OUT PULONG FinalUncompressedSize
3481 RtlDecompressChunks (
3482 OUT PUCHAR UncompressedBuffer
,
3483 IN ULONG UncompressedBufferSize
,
3484 IN PUCHAR CompressedBuffer
,
3485 IN ULONG CompressedBufferSize
,
3486 IN PUCHAR CompressedTail
,
3487 IN ULONG CompressedTailSize
,
3488 IN PCOMPRESSED_DATA_INFO CompressedDataInfo
3494 RtlDecompressFragment (
3495 IN USHORT CompressionFormat
,
3496 OUT PUCHAR UncompressedFragment
,
3497 IN ULONG UncompressedFragmentSize
,
3498 IN PUCHAR CompressedBuffer
,
3499 IN ULONG CompressedBufferSize
,
3500 IN ULONG FragmentOffset
,
3501 OUT PULONG FinalUncompressedSize
,
3509 IN USHORT CompressionFormat
,
3510 IN OUT PUCHAR
*CompressedBuffer
,
3511 IN PUCHAR EndOfCompressedBufferPlus1
,
3512 OUT PUCHAR
*ChunkBuffer
,
3513 OUT PULONG ChunkSize
3527 RtlFillMemoryUlong (
3528 IN PVOID Destination
,
3537 IN HANDLE HeapHandle
,
3545 RtlGenerate8dot3Name (
3546 IN PUNICODE_STRING Name
,
3547 IN BOOLEAN AllowExtendedCharacters
,
3548 IN OUT PGENERATE_NAME_CONTEXT Context
,
3549 OUT PUNICODE_STRING Name8dot3
3555 RtlGetCompressionWorkSpaceSize (
3556 IN USHORT CompressionFormatAndEngine
,
3557 OUT PULONG CompressBufferWorkSpaceSize
,
3558 OUT PULONG CompressFragmentWorkSpaceSize
3564 RtlGetDaclSecurityDescriptor (
3565 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
3566 OUT PBOOLEAN DaclPresent
,
3568 OUT PBOOLEAN DaclDefaulted
3574 RtlGetGroupSecurityDescriptor (
3575 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
3577 OUT PBOOLEAN GroupDefaulted
3583 RtlGetOwnerSecurityDescriptor (
3584 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
3586 OUT PBOOLEAN OwnerDefaulted
3594 IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority
,
3595 IN UCHAR SubAuthorityCount
3601 RtlIsNameLegalDOS8Dot3 (
3602 IN PUNICODE_STRING UnicodeName
,
3603 IN PANSI_STRING AnsiName
,
3610 RtlLengthRequiredSid (
3611 IN UCHAR SubAuthorityCount
3624 RtlNtStatusToDosError (
3632 IN USHORT CompressionFormat
,
3633 IN OUT PUCHAR
*CompressedBuffer
,
3634 IN PUCHAR EndOfCompressedBufferPlus1
,
3635 OUT PUCHAR
*ChunkBuffer
,
3642 RtlSecondsSince1970ToTime (
3643 IN ULONG SecondsSince1970
,
3644 OUT PLARGE_INTEGER Time
3647 #if (VER_PRODUCTBUILD >= 2195)
3652 RtlSelfRelativeToAbsoluteSD (
3653 IN PSECURITY_DESCRIPTOR SelfRelativeSD
,
3654 OUT PSECURITY_DESCRIPTOR AbsoluteSD
,
3655 IN PULONG AbsoluteSDSize
,
3661 IN PULONG OwnerSize
,
3662 IN PSID PrimaryGroup
,
3663 IN PULONG PrimaryGroupSize
3666 #endif /* (VER_PRODUCTBUILD >= 2195) */
3671 RtlSetGroupSecurityDescriptor (
3672 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
3674 IN BOOLEAN GroupDefaulted
3680 RtlSetOwnerSecurityDescriptor (
3681 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
3683 IN BOOLEAN OwnerDefaulted
3689 RtlSetSaclSecurityDescriptor (
3690 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
3691 IN BOOLEAN SaclPresent
,
3693 IN BOOLEAN SaclDefaulted
3699 RtlSubAuthorityCountSid (
3706 RtlSubAuthoritySid (
3708 IN ULONG SubAuthority
3721 SeAppendPrivileges (
3722 PACCESS_STATE AccessState
,
3723 PPRIVILEGE_SET Privileges
3729 SeAuditingFileEvents (
3730 IN BOOLEAN AccessGranted
,
3731 IN PSECURITY_DESCRIPTOR SecurityDescriptor
3737 SeAuditingFileOrGlobalEvents (
3738 IN BOOLEAN AccessGranted
,
3739 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
3740 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
3746 SeCaptureSubjectContext (
3747 OUT PSECURITY_SUBJECT_CONTEXT SubjectContext
3753 SeCreateAccessState (
3754 OUT PACCESS_STATE AccessState
,
3756 IN ACCESS_MASK AccessMask
,
3757 IN PGENERIC_MAPPING Mapping
3763 SeCreateClientSecurity (
3765 IN PSECURITY_QUALITY_OF_SERVICE QualityOfService
,
3766 IN BOOLEAN RemoteClient
,
3767 OUT PSECURITY_CLIENT_CONTEXT ClientContext
3770 #if (VER_PRODUCTBUILD >= 2195)
3775 SeCreateClientSecurityFromSubjectContext (
3776 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
,
3777 IN PSECURITY_QUALITY_OF_SERVICE QualityOfService
,
3778 IN BOOLEAN ServerIsRemote
,
3779 OUT PSECURITY_CLIENT_CONTEXT ClientContext
3782 #endif /* (VER_PRODUCTBUILD >= 2195) */
3784 #define SeDeleteClientSecurity(C) { \
3785 if (SeTokenType((C)->ClientToken) == TokenPrimary) { \
3786 PsDereferencePrimaryToken( (C)->ClientToken ); \
3788 PsDereferenceImpersonationToken( (C)->ClientToken ); \
3795 SeDeleteObjectAuditAlarm (
3800 #define SeEnableAccessToExports() SeExports = *(PSE_EXPORTS *)SeExports;
3806 IN PPRIVILEGE_SET Privileges
3812 SeImpersonateClient (
3813 IN PSECURITY_CLIENT_CONTEXT ClientContext
,
3814 IN PETHREAD ServerThread OPTIONAL
3817 #if (VER_PRODUCTBUILD >= 2195)
3822 SeImpersonateClientEx (
3823 IN PSECURITY_CLIENT_CONTEXT ClientContext
,
3824 IN PETHREAD ServerThread OPTIONAL
3827 #endif /* (VER_PRODUCTBUILD >= 2195) */
3832 SeLockSubjectContext (
3833 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
3839 SeMarkLogonSessionForTerminationNotification (
3846 SeOpenObjectAuditAlarm (
3847 IN PUNICODE_STRING ObjectTypeName
,
3848 IN PVOID Object OPTIONAL
,
3849 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL
,
3850 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
3851 IN PACCESS_STATE AccessState
,
3852 IN BOOLEAN ObjectCreated
,
3853 IN BOOLEAN AccessGranted
,
3854 IN KPROCESSOR_MODE AccessMode
,
3855 OUT PBOOLEAN GenerateOnClose
3861 SeOpenObjectForDeleteAuditAlarm (
3862 IN PUNICODE_STRING ObjectTypeName
,
3863 IN PVOID Object OPTIONAL
,
3864 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL
,
3865 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
3866 IN PACCESS_STATE AccessState
,
3867 IN BOOLEAN ObjectCreated
,
3868 IN BOOLEAN AccessGranted
,
3869 IN KPROCESSOR_MODE AccessMode
,
3870 OUT PBOOLEAN GenerateOnClose
3877 IN OUT PPRIVILEGE_SET RequiredPrivileges
,
3878 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
,
3879 IN KPROCESSOR_MODE AccessMode
3885 SeQueryAuthenticationIdToken (
3886 IN PACCESS_TOKEN Token
,
3890 #if (VER_PRODUCTBUILD >= 2195)
3895 SeQueryInformationToken (
3896 IN PACCESS_TOKEN Token
,
3897 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
3898 OUT PVOID
*TokenInformation
3901 #endif /* (VER_PRODUCTBUILD >= 2195) */
3906 SeQuerySecurityDescriptorInfo (
3907 IN PSECURITY_INFORMATION SecurityInformation
,
3908 OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
3909 IN OUT PULONG Length
,
3910 IN PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
3913 #if (VER_PRODUCTBUILD >= 2195)
3918 SeQuerySessionIdToken (
3919 IN PACCESS_TOKEN Token
,
3923 #endif /* (VER_PRODUCTBUILD >= 2195) */
3925 #define SeQuerySubjectContextToken( SubjectContext ) \
3926 ( ARGUMENT_PRESENT( \
3927 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken \
3929 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken : \
3930 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->PrimaryToken )
3932 typedef NTSTATUS (*PSE_LOGON_SESSION_TERMINATED_ROUTINE
) (
3939 SeRegisterLogonSessionTerminatedRoutine (
3940 IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
3946 SeReleaseSubjectContext (
3947 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
3953 SeSetAccessStateGenericMapping (
3954 PACCESS_STATE AccessState
,
3955 PGENERIC_MAPPING GenericMapping
3961 SeSetSecurityDescriptorInfo (
3962 IN PVOID Object OPTIONAL
,
3963 IN PSECURITY_INFORMATION SecurityInformation
,
3964 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
3965 IN OUT PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
,
3966 IN POOL_TYPE PoolType
,
3967 IN PGENERIC_MAPPING GenericMapping
3970 #if (VER_PRODUCTBUILD >= 2195)
3975 SeSetSecurityDescriptorInfoEx (
3976 IN PVOID Object OPTIONAL
,
3977 IN PSECURITY_INFORMATION SecurityInformation
,
3978 IN PSECURITY_DESCRIPTOR ModificationDescriptor
,
3979 IN OUT PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
,
3980 IN ULONG AutoInheritFlags
,
3981 IN POOL_TYPE PoolType
,
3982 IN PGENERIC_MAPPING GenericMapping
3989 IN PACCESS_TOKEN Token
3995 SeTokenIsRestricted (
3996 IN PACCESS_TOKEN Token
3999 #endif /* (VER_PRODUCTBUILD >= 2195) */
4005 IN PACCESS_TOKEN Token
4011 SeUnlockSubjectContext (
4012 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
4017 SeUnregisterLogonSessionTerminatedRoutine (
4018 IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
4021 #if (VER_PRODUCTBUILD >= 2195)
4026 ZwAdjustPrivilegesToken (
4027 IN HANDLE TokenHandle
,
4028 IN BOOLEAN DisableAllPrivileges
,
4029 IN PTOKEN_PRIVILEGES NewState
,
4030 IN ULONG BufferLength
,
4031 OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL
,
4032 OUT PULONG ReturnLength
4035 #endif /* (VER_PRODUCTBUILD >= 2195) */
4041 IN HANDLE ThreadHandle
4047 ZwAllocateVirtualMemory (
4048 IN HANDLE ProcessHandle
,
4049 IN OUT PVOID
*BaseAddress
,
4051 IN OUT PULONG RegionSize
,
4052 IN ULONG AllocationType
,
4059 ZwAccessCheckAndAuditAlarm (
4060 IN PUNICODE_STRING SubsystemName
,
4062 IN PUNICODE_STRING ObjectTypeName
,
4063 IN PUNICODE_STRING ObjectName
,
4064 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
4065 IN ACCESS_MASK DesiredAccess
,
4066 IN PGENERIC_MAPPING GenericMapping
,
4067 IN BOOLEAN ObjectCreation
,
4068 OUT PACCESS_MASK GrantedAccess
,
4069 OUT PBOOLEAN AccessStatus
,
4070 OUT PBOOLEAN GenerateOnClose
4073 #if (VER_PRODUCTBUILD >= 2195)
4079 IN HANDLE FileHandle
,
4080 OUT PIO_STATUS_BLOCK IoStatusBlock
4083 #endif /* (VER_PRODUCTBUILD >= 2195) */
4089 IN HANDLE EventHandle
4095 ZwCloseObjectAuditAlarm (
4096 IN PUNICODE_STRING SubsystemName
,
4098 IN BOOLEAN GenerateOnClose
4105 OUT PHANDLE SectionHandle
,
4106 IN ACCESS_MASK DesiredAccess
,
4107 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
4108 IN PLARGE_INTEGER MaximumSize OPTIONAL
,
4109 IN ULONG SectionPageProtection
,
4110 IN ULONG AllocationAttributes
,
4111 IN HANDLE FileHandle OPTIONAL
4117 ZwCreateSymbolicLinkObject (
4118 OUT PHANDLE SymbolicLinkHandle
,
4119 IN ACCESS_MASK DesiredAccess
,
4120 IN POBJECT_ATTRIBUTES ObjectAttributes
,
4121 IN PUNICODE_STRING TargetName
4128 IN POBJECT_ATTRIBUTES ObjectAttributes
4136 IN PUNICODE_STRING Name
4142 ZwDeviceIoControlFile (
4143 IN HANDLE FileHandle
,
4144 IN HANDLE Event OPTIONAL
,
4145 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
4146 IN PVOID ApcContext OPTIONAL
,
4147 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4148 IN ULONG IoControlCode
,
4149 IN PVOID InputBuffer OPTIONAL
,
4150 IN ULONG InputBufferLength
,
4151 OUT PVOID OutputBuffer OPTIONAL
,
4152 IN ULONG OutputBufferLength
4159 IN PUNICODE_STRING String
4166 IN HANDLE SourceProcessHandle
,
4167 IN HANDLE SourceHandle
,
4168 IN HANDLE TargetProcessHandle OPTIONAL
,
4169 OUT PHANDLE TargetHandle OPTIONAL
,
4170 IN ACCESS_MASK DesiredAccess
,
4171 IN ULONG HandleAttributes
,
4179 IN HANDLE ExistingTokenHandle
,
4180 IN ACCESS_MASK DesiredAccess
,
4181 IN POBJECT_ATTRIBUTES ObjectAttributes
,
4182 IN BOOLEAN EffectiveOnly
,
4183 IN TOKEN_TYPE TokenType
,
4184 OUT PHANDLE NewTokenHandle
4190 ZwFlushInstructionCache (
4191 IN HANDLE ProcessHandle
,
4192 IN PVOID BaseAddress OPTIONAL
,
4196 #if (VER_PRODUCTBUILD >= 2195)
4201 ZwFlushVirtualMemory (
4202 IN HANDLE ProcessHandle
,
4203 IN OUT PVOID
*BaseAddress
,
4204 IN OUT PULONG FlushSize
,
4205 OUT PIO_STATUS_BLOCK IoStatusBlock
4208 #endif /* (VER_PRODUCTBUILD >= 2195) */
4213 ZwFreeVirtualMemory (
4214 IN HANDLE ProcessHandle
,
4215 IN OUT PVOID
*BaseAddress
,
4216 IN OUT PULONG RegionSize
,
4224 IN HANDLE FileHandle
,
4225 IN HANDLE Event OPTIONAL
,
4226 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
4227 IN PVOID ApcContext OPTIONAL
,
4228 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4229 IN ULONG FsControlCode
,
4230 IN PVOID InputBuffer OPTIONAL
,
4231 IN ULONG InputBufferLength
,
4232 OUT PVOID OutputBuffer OPTIONAL
,
4233 IN ULONG OutputBufferLength
4236 #if (VER_PRODUCTBUILD >= 2195)
4241 ZwInitiatePowerAction (
4242 IN POWER_ACTION SystemAction
,
4243 IN SYSTEM_POWER_STATE MinSystemState
,
4245 IN BOOLEAN Asynchronous
4248 #endif /* (VER_PRODUCTBUILD >= 2195) */
4254 /* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" */
4255 IN PUNICODE_STRING RegistryPath
4262 IN POBJECT_ATTRIBUTES KeyObjectAttributes
,
4263 IN POBJECT_ATTRIBUTES FileObjectAttributes
4270 IN HANDLE KeyHandle
,
4271 IN HANDLE EventHandle OPTIONAL
,
4272 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
4273 IN PVOID ApcContext OPTIONAL
,
4274 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4275 IN ULONG NotifyFilter
,
4276 IN BOOLEAN WatchSubtree
,
4278 IN ULONG BufferLength
,
4279 IN BOOLEAN Asynchronous
4285 ZwOpenDirectoryObject (
4286 OUT PHANDLE DirectoryHandle
,
4287 IN ACCESS_MASK DesiredAccess
,
4288 IN POBJECT_ATTRIBUTES ObjectAttributes
4295 OUT PHANDLE EventHandle
,
4296 IN ACCESS_MASK DesiredAccess
,
4297 IN POBJECT_ATTRIBUTES ObjectAttributes
4304 OUT PHANDLE ProcessHandle
,
4305 IN ACCESS_MASK DesiredAccess
,
4306 IN POBJECT_ATTRIBUTES ObjectAttributes
,
4307 IN PCLIENT_ID ClientId OPTIONAL
4313 ZwOpenProcessToken (
4314 IN HANDLE ProcessHandle
,
4315 IN ACCESS_MASK DesiredAccess
,
4316 OUT PHANDLE TokenHandle
4323 OUT PHANDLE ThreadHandle
,
4324 IN ACCESS_MASK DesiredAccess
,
4325 IN POBJECT_ATTRIBUTES ObjectAttributes
,
4326 IN PCLIENT_ID ClientId
4333 IN HANDLE ThreadHandle
,
4334 IN ACCESS_MASK DesiredAccess
,
4335 IN BOOLEAN OpenAsSelf
,
4336 OUT PHANDLE TokenHandle
4339 #if (VER_PRODUCTBUILD >= 2195)
4344 ZwPowerInformation (
4345 IN POWER_INFORMATION_LEVEL PowerInformationLevel
,
4346 IN PVOID InputBuffer OPTIONAL
,
4347 IN ULONG InputBufferLength
,
4348 OUT PVOID OutputBuffer OPTIONAL
,
4349 IN ULONG OutputBufferLength
4352 #endif /* (VER_PRODUCTBUILD >= 2195) */
4358 IN HANDLE EventHandle
,
4359 OUT PULONG PreviousState OPTIONAL
4365 ZwQueryDefaultLocale (
4366 IN BOOLEAN ThreadOrSystem
,
4373 ZwQueryDirectoryFile (
4374 IN HANDLE FileHandle
,
4375 IN HANDLE Event OPTIONAL
,
4376 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
4377 IN PVOID ApcContext OPTIONAL
,
4378 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4379 OUT PVOID FileInformation
,
4381 IN FILE_INFORMATION_CLASS FileInformationClass
,
4382 IN BOOLEAN ReturnSingleEntry
,
4383 IN PUNICODE_STRING FileName OPTIONAL
,
4384 IN BOOLEAN RestartScan
4387 #if (VER_PRODUCTBUILD >= 2195)
4392 ZwQueryDirectoryObject (
4393 IN HANDLE DirectoryHandle
,
4396 IN BOOLEAN ReturnSingleEntry
,
4397 IN BOOLEAN RestartScan
,
4398 IN OUT PULONG Context
,
4399 OUT PULONG ReturnLength OPTIONAL
4406 IN HANDLE FileHandle
,
4407 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4410 IN BOOLEAN ReturnSingleEntry
,
4411 IN PVOID EaList OPTIONAL
,
4412 IN ULONG EaListLength
,
4413 IN PULONG EaIndex OPTIONAL
,
4414 IN BOOLEAN RestartScan
4417 #endif /* (VER_PRODUCTBUILD >= 2195) */
4422 ZwQueryInformationProcess (
4423 IN HANDLE ProcessHandle
,
4424 IN PROCESSINFOCLASS ProcessInformationClass
,
4425 OUT PVOID ProcessInformation
,
4426 IN ULONG ProcessInformationLength
,
4427 OUT PULONG ReturnLength OPTIONAL
4433 ZwQueryInformationToken (
4434 IN HANDLE TokenHandle
,
4435 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
4436 OUT PVOID TokenInformation
,
4438 OUT PULONG ResultLength
4445 IN HANDLE ObjectHandle
,
4446 IN OBJECT_INFORMATION_CLASS ObjectInformationClass
,
4447 OUT PVOID ObjectInformation
,
4449 OUT PULONG ResultLength
4456 IN HANDLE SectionHandle
,
4457 IN SECTION_INFORMATION_CLASS SectionInformationClass
,
4458 OUT PVOID SectionInformation
,
4459 IN ULONG SectionInformationLength
,
4460 OUT PULONG ResultLength OPTIONAL
4466 ZwQuerySecurityObject (
4467 IN HANDLE FileHandle
,
4468 IN SECURITY_INFORMATION SecurityInformation
,
4469 OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
4471 OUT PULONG ResultLength
4477 ZwQuerySystemInformation (
4478 IN SYSTEM_INFORMATION_CLASS SystemInformationClass
,
4479 OUT PVOID SystemInformation
,
4481 OUT PULONG ReturnLength
4487 ZwQueryVolumeInformationFile (
4488 IN HANDLE FileHandle
,
4489 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4490 OUT PVOID FsInformation
,
4492 IN FS_INFORMATION_CLASS FsInformationClass
4499 IN POBJECT_ATTRIBUTES NewFileObjectAttributes
,
4500 IN HANDLE KeyHandle
,
4501 IN POBJECT_ATTRIBUTES OldFileObjectAttributes
4508 IN HANDLE EventHandle
,
4509 OUT PULONG PreviousState OPTIONAL
4512 #if (VER_PRODUCTBUILD >= 2195)
4518 IN HANDLE KeyHandle
,
4519 IN HANDLE FileHandle
,
4523 #endif /* (VER_PRODUCTBUILD >= 2195) */
4529 IN HANDLE KeyHandle
,
4530 IN HANDLE FileHandle
4536 ZwSetDefaultLocale (
4537 IN BOOLEAN ThreadOrSystem
,
4541 #if (VER_PRODUCTBUILD >= 2195)
4546 ZwSetDefaultUILanguage (
4547 IN LANGID LanguageId
4554 IN HANDLE FileHandle
,
4555 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4560 #endif /* (VER_PRODUCTBUILD >= 2195) */
4566 IN HANDLE EventHandle
,
4567 OUT PULONG PreviousState OPTIONAL
4573 ZwSetInformationObject (
4574 IN HANDLE ObjectHandle
,
4575 IN OBJECT_INFORMATION_CLASS ObjectInformationClass
,
4576 IN PVOID ObjectInformation
,
4577 IN ULONG ObjectInformationLength
4583 ZwSetInformationProcess (
4584 IN HANDLE ProcessHandle
,
4585 IN PROCESSINFOCLASS ProcessInformationClass
,
4586 IN PVOID ProcessInformation
,
4587 IN ULONG ProcessInformationLength
4590 #if (VER_PRODUCTBUILD >= 2195)
4595 ZwSetSecurityObject (
4597 IN SECURITY_INFORMATION SecurityInformation
,
4598 IN PSECURITY_DESCRIPTOR SecurityDescriptor
4601 #endif /* (VER_PRODUCTBUILD >= 2195) */
4606 ZwSetSystemInformation (
4607 IN SYSTEM_INFORMATION_CLASS SystemInformationClass
,
4608 IN PVOID SystemInformation
,
4616 IN PLARGE_INTEGER NewTime
,
4617 OUT PLARGE_INTEGER OldTime OPTIONAL
4620 #if (VER_PRODUCTBUILD >= 2195)
4625 ZwSetVolumeInformationFile (
4626 IN HANDLE FileHandle
,
4627 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4628 IN PVOID FsInformation
,
4630 IN FS_INFORMATION_CLASS FsInformationClass
4633 #endif /* (VER_PRODUCTBUILD >= 2195) */
4638 ZwTerminateProcess (
4639 IN HANDLE ProcessHandle OPTIONAL
,
4640 IN NTSTATUS ExitStatus
4647 /* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" */
4648 IN PUNICODE_STRING RegistryPath
4655 IN POBJECT_ATTRIBUTES KeyObjectAttributes
4661 ZwWaitForSingleObject (
4663 IN BOOLEAN Alertable
,
4664 IN PLARGE_INTEGER Timeout OPTIONAL
4670 ZwWaitForMultipleObjects (
4671 IN ULONG HandleCount
,
4673 IN WAIT_TYPE WaitType
,
4674 IN BOOLEAN Alertable
,
4675 IN PLARGE_INTEGER Timeout OPTIONAL
4691 #endif /* _NTIFS_ */
projects / reactos.git / blob