4 * Windows NT Filesystem Driver Developer Kit
6 * This file is part of the w32api package.
9 * Created by Bo Brantén <bosse@acc.umu.se>
11 * THIS SOFTWARE IS NOT COPYRIGHTED
13 * This source code is offered for use in the public domain. You may
14 * use, modify or distribute it freely.
16 * This code is distributed in the hope that it will be useful but
17 * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
18 * DISCLAIMED. This includes but is not limited to warranties of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
28 #pragma GCC system_header
40 #define VER_PRODUCTBUILD 10000
47 #define NTKERNELAPI DECLSPEC_IMPORT
50 typedef struct _SE_EXPORTS
*PSE_EXPORTS
;
53 extern PUCHAR FsRtlLegalAnsiCharacterArray
;
55 extern DECLSPEC_IMPORT PUCHAR FsRtlLegalAnsiCharacterArray
;
57 extern PSE_EXPORTS SeExports
;
58 extern PACL SePublicDefaultDacl
;
59 extern PACL SeSystemDefaultDacl
;
61 extern KSPIN_LOCK IoStatisticsLock
;
62 extern ULONG IoReadOperationCount
;
63 extern ULONG IoWriteOperationCount
;
64 extern ULONG IoOtherOperationCount
;
65 extern LARGE_INTEGER IoReadTransferCount
;
66 extern LARGE_INTEGER IoWriteTransferCount
;
67 extern LARGE_INTEGER IoOtherTransferCount
;
69 #define ANSI_DOS_STAR ('<')
70 #define ANSI_DOS_QM ('>')
71 #define ANSI_DOS_DOT ('"')
73 #define DOS_STAR (L'<')
75 #define DOS_DOT (L'"')
78 #define ACCESS_MIN_MS_ACE_TYPE (0x0)
79 #define ACCESS_ALLOWED_ACE_TYPE (0x0)
80 #define ACCESS_DENIED_ACE_TYPE (0x1)
81 #define SYSTEM_AUDIT_ACE_TYPE (0x2)
82 #define SYSTEM_ALARM_ACE_TYPE (0x3)
83 #define ACCESS_MAX_MS_V2_ACE_TYPE (0x3)
84 #define ACCESS_ALLOWED_COMPOUND_ACE_TYPE (0x4)
85 #define ACCESS_MAX_MS_V3_ACE_TYPE (0x4)
86 #define ACCESS_MIN_MS_OBJECT_ACE_TYPE (0x5)
87 #define ACCESS_ALLOWED_OBJECT_ACE_TYPE (0x5)
88 #define ACCESS_DENIED_OBJECT_ACE_TYPE (0x6)
89 #define SYSTEM_AUDIT_OBJECT_ACE_TYPE (0x7)
90 #define SYSTEM_ALARM_OBJECT_ACE_TYPE (0x8)
91 #define ACCESS_MAX_MS_OBJECT_ACE_TYPE (0x8)
92 #define ACCESS_MAX_MS_V4_ACE_TYPE (0x8)
93 #define ACCESS_MAX_MS_ACE_TYPE (0x8)
94 #define ACCESS_ALLOWED_CALLBACK_ACE_TYPE (0x9)
95 #define ACCESS_DENIED_CALLBACK_ACE_TYPE (0xA)
96 #define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE (0xB)
97 #define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE (0xC)
98 #define SYSTEM_AUDIT_CALLBACK_ACE_TYPE (0xD)
99 #define SYSTEM_ALARM_CALLBACK_ACE_TYPE (0xE)
100 #define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE (0xF)
101 #define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE (0x10)
102 #define ACCESS_MAX_MS_V5_ACE_TYPE (0x10)
104 #define COMPRESSION_FORMAT_NONE (0x0000)
105 #define COMPRESSION_FORMAT_DEFAULT (0x0001)
106 #define COMPRESSION_FORMAT_LZNT1 (0x0002)
107 #define COMPRESSION_ENGINE_STANDARD (0x0000)
108 #define COMPRESSION_ENGINE_MAXIMUM (0x0100)
109 #define COMPRESSION_ENGINE_HIBER (0x0200)
111 #define FILE_ACTION_ADDED 0x00000001
112 #define FILE_ACTION_REMOVED 0x00000002
113 #define FILE_ACTION_MODIFIED 0x00000003
114 #define FILE_ACTION_RENAMED_OLD_NAME 0x00000004
115 #define FILE_ACTION_RENAMED_NEW_NAME 0x00000005
116 #define FILE_ACTION_ADDED_STREAM 0x00000006
117 #define FILE_ACTION_REMOVED_STREAM 0x00000007
118 #define FILE_ACTION_MODIFIED_STREAM 0x00000008
119 #define FILE_ACTION_REMOVED_BY_DELETE 0x00000009
120 #define FILE_ACTION_ID_NOT_TUNNELLED 0x0000000A
121 #define FILE_ACTION_TUNNELLED_ID_COLLISION 0x0000000B
124 #define FILE_EA_TYPE_BINARY 0xfffe
125 #define FILE_EA_TYPE_ASCII 0xfffd
126 #define FILE_EA_TYPE_BITMAP 0xfffb
127 #define FILE_EA_TYPE_METAFILE 0xfffa
128 #define FILE_EA_TYPE_ICON 0xfff9
129 #define FILE_EA_TYPE_EA 0xffee
130 #define FILE_EA_TYPE_MVMT 0xffdf
131 #define FILE_EA_TYPE_MVST 0xffde
132 #define FILE_EA_TYPE_ASN1 0xffdd
133 #define FILE_EA_TYPE_FAMILY_IDS 0xff01
135 #define FILE_NEED_EA 0x00000080
137 /* also in winnt.h */
138 #define FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001
139 #define FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002
140 #define FILE_NOTIFY_CHANGE_NAME 0x00000003
141 #define FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004
142 #define FILE_NOTIFY_CHANGE_SIZE 0x00000008
143 #define FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010
144 #define FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020
145 #define FILE_NOTIFY_CHANGE_CREATION 0x00000040
146 #define FILE_NOTIFY_CHANGE_EA 0x00000080
147 #define FILE_NOTIFY_CHANGE_SECURITY 0x00000100
148 #define FILE_NOTIFY_CHANGE_STREAM_NAME 0x00000200
149 #define FILE_NOTIFY_CHANGE_STREAM_SIZE 0x00000400
150 #define FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800
151 #define FILE_NOTIFY_VALID_MASK 0x00000fff
154 #define FILE_OPLOCK_BROKEN_TO_LEVEL_2 0x00000007
155 #define FILE_OPLOCK_BROKEN_TO_NONE 0x00000008
157 #define FILE_OPBATCH_BREAK_UNDERWAY 0x00000009
159 #define FILE_CASE_SENSITIVE_SEARCH 0x00000001
160 #define FILE_CASE_PRESERVED_NAMES 0x00000002
161 #define FILE_UNICODE_ON_DISK 0x00000004
162 #define FILE_PERSISTENT_ACLS 0x00000008
163 #define FILE_FILE_COMPRESSION 0x00000010
164 #define FILE_VOLUME_QUOTAS 0x00000020
165 #define FILE_SUPPORTS_SPARSE_FILES 0x00000040
166 #define FILE_SUPPORTS_REPARSE_POINTS 0x00000080
167 #define FILE_SUPPORTS_REMOTE_STORAGE 0x00000100
168 #define FS_LFN_APIS 0x00004000
169 #define FILE_VOLUME_IS_COMPRESSED 0x00008000
170 #define FILE_SUPPORTS_OBJECT_IDS 0x00010000
171 #define FILE_SUPPORTS_ENCRYPTION 0x00020000
172 #define FILE_NAMED_STREAMS 0x00040000
174 #define FILE_PIPE_BYTE_STREAM_TYPE 0x00000000
175 #define FILE_PIPE_MESSAGE_TYPE 0x00000001
177 #define FILE_PIPE_BYTE_STREAM_MODE 0x00000000
178 #define FILE_PIPE_MESSAGE_MODE 0x00000001
180 #define FILE_PIPE_QUEUE_OPERATION 0x00000000
181 #define FILE_PIPE_COMPLETE_OPERATION 0x00000001
183 #define FILE_PIPE_INBOUND 0x00000000
184 #define FILE_PIPE_OUTBOUND 0x00000001
185 #define FILE_PIPE_FULL_DUPLEX 0x00000002
187 #define FILE_PIPE_DISCONNECTED_STATE 0x00000001
188 #define FILE_PIPE_LISTENING_STATE 0x00000002
189 #define FILE_PIPE_CONNECTED_STATE 0x00000003
190 #define FILE_PIPE_CLOSING_STATE 0x00000004
192 #define FILE_PIPE_CLIENT_END 0x00000000
193 #define FILE_PIPE_SERVER_END 0x00000001
195 #define FILE_PIPE_READ_DATA 0x00000000
196 #define FILE_PIPE_WRITE_SPACE 0x00000001
198 #define FILE_STORAGE_TYPE_SPECIFIED 0x00000041 /* FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE */
199 #define FILE_STORAGE_TYPE_DEFAULT (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT)
200 #define FILE_STORAGE_TYPE_DIRECTORY (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT)
201 #define FILE_STORAGE_TYPE_FILE (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT)
202 #define FILE_STORAGE_TYPE_DOCFILE (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT)
203 #define FILE_STORAGE_TYPE_JUNCTION_POINT (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT)
204 #define FILE_STORAGE_TYPE_CATALOG (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT)
205 #define FILE_STORAGE_TYPE_STRUCTURED_STORAGE (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT)
206 #define FILE_STORAGE_TYPE_EMBEDDING (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT)
207 #define FILE_STORAGE_TYPE_STREAM (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT)
208 #define FILE_MINIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_DEFAULT
209 #define FILE_MAXIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_STREAM
210 #define FILE_STORAGE_TYPE_MASK 0x000f0000
211 #define FILE_STORAGE_TYPE_SHIFT 16
213 #define FILE_VC_QUOTA_NONE 0x00000000
214 #define FILE_VC_QUOTA_TRACK 0x00000001
215 #define FILE_VC_QUOTA_ENFORCE 0x00000002
216 #define FILE_VC_QUOTA_MASK 0x00000003
218 #define FILE_VC_QUOTAS_LOG_VIOLATIONS 0x00000004
219 #define FILE_VC_CONTENT_INDEX_DISABLED 0x00000008
221 #define FILE_VC_LOG_QUOTA_THRESHOLD 0x00000010
222 #define FILE_VC_LOG_QUOTA_LIMIT 0x00000020
223 #define FILE_VC_LOG_VOLUME_THRESHOLD 0x00000040
224 #define FILE_VC_LOG_VOLUME_LIMIT 0x00000080
226 #define FILE_VC_QUOTAS_INCOMPLETE 0x00000100
227 #define FILE_VC_QUOTAS_REBUILDING 0x00000200
229 #define FILE_VC_VALID_MASK 0x000003ff
231 #define FSRTL_FLAG_FILE_MODIFIED (0x01)
232 #define FSRTL_FLAG_FILE_LENGTH_CHANGED (0x02)
233 #define FSRTL_FLAG_LIMIT_MODIFIED_PAGES (0x04)
234 #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_EX (0x08)
235 #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_SH (0x10)
236 #define FSRTL_FLAG_USER_MAPPED_FILE (0x20)
237 #define FSRTL_FLAG_EOF_ADVANCE_ACTIVE (0x80)
239 #define FSRTL_FLAG2_DO_MODIFIED_WRITE (0x01)
241 #define FSRTL_FSP_TOP_LEVEL_IRP (0x01)
242 #define FSRTL_CACHE_TOP_LEVEL_IRP (0x02)
243 #define FSRTL_MOD_WRITE_TOP_LEVEL_IRP (0x03)
244 #define FSRTL_FAST_IO_TOP_LEVEL_IRP (0x04)
245 #define FSRTL_MAX_TOP_LEVEL_IRP_FLAG (0x04)
247 #define FSRTL_VOLUME_DISMOUNT 1
248 #define FSRTL_VOLUME_DISMOUNT_FAILED 2
249 #define FSRTL_VOLUME_LOCK 3
250 #define FSRTL_VOLUME_LOCK_FAILED 4
251 #define FSRTL_VOLUME_UNLOCK 5
252 #define FSRTL_VOLUME_MOUNT 6
254 #define FSRTL_WILD_CHARACTER 0x08
256 #define FSRTL_FAT_LEGAL 0x01
257 #define FSRTL_HPFS_LEGAL 0x02
258 #define FSRTL_NTFS_LEGAL 0x04
259 #define FSRTL_WILD_CHARACTER 0x08
260 #define FSRTL_OLE_LEGAL 0x10
261 #define FSRTL_NTFS_STREAM_LEGAL 0x14
264 #define HARDWARE_PTE HARDWARE_PTE_X86
265 #define PHARDWARE_PTE PHARDWARE_PTE_X86
267 #define HARDWARE_PTE ULONG
268 #define PHARDWARE_PTE PULONG
271 #define IO_CHECK_CREATE_PARAMETERS 0x0200
272 #define IO_ATTACH_DEVICE 0x0400
274 #define IO_ATTACH_DEVICE_API 0x80000000
275 /* also in winnt.h */
276 #define IO_COMPLETION_QUERY_STATE 0x0001
277 #define IO_COMPLETION_MODIFY_STATE 0x0002
278 #define IO_COMPLETION_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|0x3)
280 #define IO_FILE_OBJECT_NON_PAGED_POOL_CHARGE 64
281 #define IO_FILE_OBJECT_PAGED_POOL_CHARGE 1024
283 #define IO_TYPE_APC 18
284 #define IO_TYPE_DPC 19
285 #define IO_TYPE_DEVICE_QUEUE 20
286 #define IO_TYPE_EVENT_PAIR 21
287 #define IO_TYPE_INTERRUPT 22
288 #define IO_TYPE_PROFILE 23
290 #define IRP_BEING_VERIFIED 0x10
292 #define MAILSLOT_CLASS_FIRSTCLASS 1
293 #define MAILSLOT_CLASS_SECONDCLASS 2
295 #define MAILSLOT_SIZE_AUTO 0
297 #define MAP_PROCESS 1L
298 #define MAP_SYSTEM 2L
299 #define MEM_DOS_LIM 0x40000000
300 /* also in winnt.h */
301 #define MEM_IMAGE SEC_IMAGE
303 #define OB_TYPE_TYPE 1
304 #define OB_TYPE_DIRECTORY 2
305 #define OB_TYPE_SYMBOLIC_LINK 3
306 #define OB_TYPE_TOKEN 4
307 #define OB_TYPE_PROCESS 5
308 #define OB_TYPE_THREAD 6
309 #define OB_TYPE_EVENT 7
310 #define OB_TYPE_EVENT_PAIR 8
311 #define OB_TYPE_MUTANT 9
312 #define OB_TYPE_SEMAPHORE 10
313 #define OB_TYPE_TIMER 11
314 #define OB_TYPE_PROFILE 12
315 #define OB_TYPE_WINDOW_STATION 13
316 #define OB_TYPE_DESKTOP 14
317 #define OB_TYPE_SECTION 15
318 #define OB_TYPE_KEY 16
319 #define OB_TYPE_PORT 17
320 #define OB_TYPE_ADAPTER 18
321 #define OB_TYPE_CONTROLLER 19
322 #define OB_TYPE_DEVICE 20
323 #define OB_TYPE_DRIVER 21
324 #define OB_TYPE_IO_COMPLETION 22
325 #define OB_TYPE_FILE 23
328 #define PIN_EXCLUSIVE (2)
329 #define PIN_NO_READ (4)
330 #define PIN_IF_BCB (8)
332 #define RTL_DUPLICATE_UNICODE_STRING_NULL_TERMINATE 1
333 #define RTL_DUPLICATE_UNICODE_STRING_ALLOCATE_NULL_STRING 2
335 /* also in winnt.h */
336 #define SEC_BASED 0x00200000
337 #define SEC_NO_CHANGE 0x00400000
338 #define SEC_FILE 0x00800000
339 #define SEC_IMAGE 0x01000000
340 #define SEC_VLM 0x02000000
341 #define SEC_RESERVE 0x04000000
342 #define SEC_COMMIT 0x08000000
343 #define SEC_NOCACHE 0x10000000
345 #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
346 #define SECURITY_WORLD_RID (0x00000000L)
348 #define SID_REVISION 1
349 #define SID_MAX_SUB_AUTHORITIES 15
350 #define SID_RECOMMENDED_SUB_AUTHORITIES 1
352 #define TOKEN_ASSIGN_PRIMARY (0x0001)
353 #define TOKEN_DUPLICATE (0x0002)
354 #define TOKEN_IMPERSONATE (0x0004)
355 #define TOKEN_QUERY (0x0008)
356 #define TOKEN_QUERY_SOURCE (0x0010)
357 #define TOKEN_ADJUST_PRIVILEGES (0x0020)
358 #define TOKEN_ADJUST_GROUPS (0x0040)
359 #define TOKEN_ADJUST_DEFAULT (0x0080)
360 #define TOKEN_ADJUST_SESSIONID (0x0100)
362 #define TOKEN_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED |\
363 TOKEN_ASSIGN_PRIMARY |\
367 TOKEN_QUERY_SOURCE |\
368 TOKEN_ADJUST_PRIVILEGES |\
369 TOKEN_ADJUST_GROUPS |\
370 TOKEN_ADJUST_DEFAULT |\
371 TOKEN_ADJUST_SESSIONID)
373 #define TOKEN_READ (STANDARD_RIGHTS_READ |\
376 #define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\
377 TOKEN_ADJUST_PRIVILEGES |\
378 TOKEN_ADJUST_GROUPS |\
379 TOKEN_ADJUST_DEFAULT)
381 #define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE)
383 #define TOKEN_SOURCE_LENGTH 8
386 #define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x01
387 #define TOKEN_HAS_BACKUP_PRIVILEGE 0x02
388 #define TOKEN_HAS_RESTORE_PRIVILEGE 0x04
389 #define TOKEN_HAS_ADMIN_GROUP 0x08
390 #define TOKEN_IS_RESTRICTED 0x10
392 #define VACB_MAPPING_GRANULARITY (0x40000)
393 #define VACB_OFFSET_SHIFT (18)
395 #define SE_OWNER_DEFAULTED 0x0001
396 #define SE_GROUP_DEFAULTED 0x0002
397 #define SE_DACL_PRESENT 0x0004
398 #define SE_DACL_DEFAULTED 0x0008
399 #define SE_SACL_PRESENT 0x0010
400 #define SE_SACL_DEFAULTED 0x0020
401 #define SE_DACL_UNTRUSTED 0x0040
402 #define SE_SERVER_SECURITY 0x0080
403 #define SE_DACL_AUTO_INHERIT_REQ 0x0100
404 #define SE_SACL_AUTO_INHERIT_REQ 0x0200
405 #define SE_DACL_AUTO_INHERITED 0x0400
406 #define SE_SACL_AUTO_INHERITED 0x0800
407 #define SE_DACL_PROTECTED 0x1000
408 #define SE_SACL_PROTECTED 0x2000
409 #define SE_RM_CONTROL_VALID 0x4000
410 #define SE_SELF_RELATIVE 0x8000
412 #define FSCTL_REQUEST_OPLOCK_LEVEL_1 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
413 #define FSCTL_REQUEST_OPLOCK_LEVEL_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
414 #define FSCTL_REQUEST_BATCH_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
415 #define FSCTL_OPLOCK_BREAK_ACKNOWLEDGE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 3, METHOD_BUFFERED, FILE_ANY_ACCESS)
416 #define FSCTL_OPBATCH_ACK_CLOSE_PENDING CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
417 #define FSCTL_OPLOCK_BREAK_NOTIFY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 5, METHOD_BUFFERED, FILE_ANY_ACCESS)
418 #define FSCTL_LOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
419 #define FSCTL_UNLOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
420 #define FSCTL_DISMOUNT_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
422 #define FSCTL_IS_VOLUME_MOUNTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 10, METHOD_BUFFERED, FILE_ANY_ACCESS)
423 #define FSCTL_IS_PATHNAME_VALID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 11, METHOD_BUFFERED, FILE_ANY_ACCESS)
424 #define FSCTL_MARK_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 12, METHOD_BUFFERED, FILE_ANY_ACCESS)
426 #define FSCTL_QUERY_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 14, METHOD_NEITHER, FILE_ANY_ACCESS)
427 #define FSCTL_GET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 15, METHOD_BUFFERED, FILE_ANY_ACCESS)
428 #define FSCTL_SET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 16, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
431 #define FSCTL_MARK_AS_SYSTEM_HIVE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 19, METHOD_NEITHER, FILE_ANY_ACCESS)
432 #define FSCTL_OPLOCK_BREAK_ACK_NO_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 20, METHOD_BUFFERED, FILE_ANY_ACCESS)
433 #define FSCTL_INVALIDATE_VOLUMES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 21, METHOD_BUFFERED, FILE_ANY_ACCESS)
434 #define FSCTL_QUERY_FAT_BPB CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 22, METHOD_BUFFERED, FILE_ANY_ACCESS)
435 #define FSCTL_REQUEST_FILTER_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 23, METHOD_BUFFERED, FILE_ANY_ACCESS)
436 #define FSCTL_FILESYSTEM_GET_STATISTICS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 24, METHOD_BUFFERED, FILE_ANY_ACCESS)
438 #if (VER_PRODUCTBUILD >= 1381)
440 #define FSCTL_GET_NTFS_VOLUME_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 25, METHOD_BUFFERED, FILE_ANY_ACCESS)
441 #define FSCTL_GET_NTFS_FILE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 26, METHOD_BUFFERED, FILE_ANY_ACCESS)
442 #define FSCTL_GET_VOLUME_BITMAP CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 27, METHOD_NEITHER, FILE_ANY_ACCESS)
443 #define FSCTL_GET_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 28, METHOD_NEITHER, FILE_ANY_ACCESS)
444 #define FSCTL_MOVE_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 29, METHOD_BUFFERED, FILE_ANY_ACCESS)
445 #define FSCTL_IS_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 30, METHOD_BUFFERED, FILE_ANY_ACCESS)
446 #define FSCTL_GET_HFS_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS)
447 #define FSCTL_ALLOW_EXTENDED_DASD_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 32, METHOD_NEITHER, FILE_ANY_ACCESS)
449 #endif /* (VER_PRODUCTBUILD >= 1381) */
451 #if (VER_PRODUCTBUILD >= 2195)
453 #define FSCTL_READ_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS)
454 #define FSCTL_WRITE_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS)
455 #define FSCTL_FIND_FILES_BY_SID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 35, METHOD_NEITHER, FILE_ANY_ACCESS)
457 #define FSCTL_DUMP_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS)
458 #define FSCTL_SET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 38, METHOD_BUFFERED, FILE_WRITE_DATA)
459 #define FSCTL_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 39, METHOD_BUFFERED, FILE_ANY_ACCESS)
460 #define FSCTL_DELETE_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 40, METHOD_BUFFERED, FILE_WRITE_DATA)
461 #define FSCTL_SET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 41, METHOD_BUFFERED, FILE_WRITE_DATA)
462 #define FSCTL_GET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 42, METHOD_BUFFERED, FILE_ANY_ACCESS)
463 #define FSCTL_DELETE_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 43, METHOD_BUFFERED, FILE_WRITE_DATA)
464 #define FSCTL_ENUM_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 44, METHOD_NEITHER, FILE_READ_DATA)
465 #define FSCTL_SECURITY_ID_CHECK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 45, METHOD_NEITHER, FILE_READ_DATA)
466 #define FSCTL_READ_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 46, METHOD_NEITHER, FILE_READ_DATA)
467 #define FSCTL_SET_OBJECT_ID_EXTENDED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 47, METHOD_BUFFERED, FILE_WRITE_DATA)
468 #define FSCTL_CREATE_OR_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 48, METHOD_BUFFERED, FILE_ANY_ACCESS)
469 #define FSCTL_SET_SPARSE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 49, METHOD_BUFFERED, FILE_WRITE_DATA)
470 #define FSCTL_SET_ZERO_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 50, METHOD_BUFFERED, FILE_WRITE_DATA)
471 #define FSCTL_QUERY_ALLOCATED_RANGES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 51, METHOD_NEITHER, FILE_READ_DATA)
472 #define FSCTL_ENABLE_UPGRADE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 52, METHOD_BUFFERED, FILE_WRITE_DATA)
473 #define FSCTL_SET_ENCRYPTION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 53, METHOD_BUFFERED, FILE_ANY_ACCESS)
474 #define FSCTL_ENCRYPTION_FSCTL_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 54, METHOD_NEITHER, FILE_ANY_ACCESS)
475 #define FSCTL_WRITE_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 55, METHOD_NEITHER, FILE_ANY_ACCESS)
476 #define FSCTL_READ_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 56, METHOD_NEITHER, FILE_ANY_ACCESS)
477 #define FSCTL_CREATE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 57, METHOD_NEITHER, FILE_READ_DATA)
478 #define FSCTL_READ_FILE_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 58, METHOD_NEITHER, FILE_READ_DATA)
479 #define FSCTL_WRITE_USN_CLOSE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 59, METHOD_NEITHER, FILE_READ_DATA)
480 #define FSCTL_EXTEND_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 60, METHOD_BUFFERED, FILE_ANY_ACCESS)
481 #define FSCTL_QUERY_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 61, METHOD_BUFFERED, FILE_ANY_ACCESS)
482 #define FSCTL_DELETE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 62, METHOD_BUFFERED, FILE_ANY_ACCESS)
483 #define FSCTL_MARK_HANDLE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 63, METHOD_BUFFERED, FILE_ANY_ACCESS)
484 #define FSCTL_SIS_COPYFILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 64, METHOD_BUFFERED, FILE_ANY_ACCESS)
485 #define FSCTL_SIS_LINK_FILES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 65, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
486 #define FSCTL_HSM_MSG CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
487 #define FSCTL_NSS_CONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 67, METHOD_BUFFERED, FILE_WRITE_DATA)
488 #define FSCTL_HSM_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
489 #define FSCTL_RECALL_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 69, METHOD_NEITHER, FILE_ANY_ACCESS)
490 #define FSCTL_NSS_RCONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 70, METHOD_BUFFERED, FILE_READ_DATA)
491 #define FSCTL_READ_FROM_PLEX CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 71, METHOD_OUT_DIRECT, FILE_READ_DATA)
492 #define FSCTL_FILE_PREFETCH CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 72, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
494 #endif /* (VER_PRODUCTBUILD >= 2195) */
496 #define FSCTL_MAILSLOT_PEEK CTL_CODE(FILE_DEVICE_MAILSLOT, 0, METHOD_NEITHER, FILE_READ_DATA)
498 #define FSCTL_NETWORK_SET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
499 #define FSCTL_NETWORK_GET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
500 #define FSCTL_NETWORK_GET_CONNECTION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS)
501 #define FSCTL_NETWORK_ENUMERATE_CONNECTIONS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS)
502 #define FSCTL_NETWORK_DELETE_CONNECTION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS)
503 #define FSCTL_NETWORK_GET_STATISTICS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 116, METHOD_BUFFERED, FILE_ANY_ACCESS)
504 #define FSCTL_NETWORK_SET_DOMAIN_NAME CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS)
505 #define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS)
507 #define FSCTL_PIPE_ASSIGN_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
508 #define FSCTL_PIPE_DISCONNECT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
509 #define FSCTL_PIPE_LISTEN CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
510 #define FSCTL_PIPE_PEEK CTL_CODE(FILE_DEVICE_NAMED_PIPE, 3, METHOD_BUFFERED, FILE_READ_DATA)
511 #define FSCTL_PIPE_QUERY_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
512 #define FSCTL_PIPE_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 5, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
513 #define FSCTL_PIPE_WAIT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
514 #define FSCTL_PIPE_IMPERSONATE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
515 #define FSCTL_PIPE_SET_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
516 #define FSCTL_PIPE_QUERY_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 9, METHOD_BUFFERED, FILE_ANY_ACCESS)
517 #define FSCTL_PIPE_INTERNAL_READ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2045, METHOD_BUFFERED, FILE_READ_DATA)
518 #define FSCTL_PIPE_INTERNAL_WRITE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2046, METHOD_BUFFERED, FILE_WRITE_DATA)
519 #define FSCTL_PIPE_INTERNAL_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2047, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
520 #define FSCTL_PIPE_INTERNAL_READ_OVFLOW CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2048, METHOD_BUFFERED, FILE_READ_DATA)
522 #define IOCTL_REDIR_QUERY_PATH CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS)
524 typedef PVOID OPLOCK
, *POPLOCK
;
526 typedef struct _CACHE_MANAGER_CALLBACKS
*PCACHE_MANAGER_CALLBACKS
;
527 typedef struct _FILE_GET_QUOTA_INFORMATION
*PFILE_GET_QUOTA_INFORMATION
;
528 typedef struct _HANDLE_TABLE
*PHANDLE_TABLE
;
529 typedef struct _KPROCESS
*PKPROCESS
;
530 typedef struct _KQUEUE
*PKQUEUE
;
531 typedef struct _KTRAP_FRAME
*PKTRAP_FRAME
;
532 typedef struct _OBJECT_DIRECTORY
*POBJECT_DIRECTORY
;
533 typedef struct _SECTION_OBJECT
*PSECTION_OBJECT
;
534 typedef struct _SHARED_CACHE_MAP
*PSHARED_CACHE_MAP
;
535 typedef struct _VACB
*PVACB
;
536 typedef struct _VAD_HEADER
*PVAD_HEADER
;
544 typedef struct _NOTIFY_SYNC
557 } NOTIFY_SYNC
, * PNOTIFY_SYNC
;
559 typedef enum _FAST_IO_POSSIBLE
{
565 typedef enum _FILE_STORAGE_TYPE
{
566 StorageTypeDefault
= 1,
567 StorageTypeDirectory
,
569 StorageTypeJunctionPoint
,
571 StorageTypeStructuredStorage
,
572 StorageTypeEmbedding
,
576 typedef enum _OBJECT_INFO_CLASS
{
584 typedef struct _KAPC_STATE
{
585 LIST_ENTRY ApcListHead
[2];
587 BOOLEAN KernelApcInProgress
;
588 BOOLEAN KernelApcPending
;
589 BOOLEAN UserApcPending
;
590 } KAPC_STATE
, *PKAPC_STATE
, *RESTRICTED_POINTER PRKAPC_STATE
;
592 typedef struct _BITMAP_RANGE
{
594 LARGE_INTEGER BasePage
;
595 ULONG FirstDirtyPage
;
599 } BITMAP_RANGE
, *PBITMAP_RANGE
;
601 typedef struct _CACHE_UNINITIALIZE_EVENT
{
602 struct _CACHE_UNINITIALIZE_EVENT
*Next
;
604 } CACHE_UNINITIALIZE_EVENT
, *PCACHE_UNINITIALIZE_EVENT
;
606 typedef struct _CC_FILE_SIZES
{
607 LARGE_INTEGER AllocationSize
;
608 LARGE_INTEGER FileSize
;
609 LARGE_INTEGER ValidDataLength
;
610 } CC_FILE_SIZES
, *PCC_FILE_SIZES
;
612 typedef struct _COMPRESSED_DATA_INFO
{
613 USHORT CompressionFormatAndEngine
;
614 UCHAR CompressionUnitShift
;
618 USHORT NumberOfChunks
;
619 ULONG CompressedChunkSizes
[ANYSIZE_ARRAY
];
620 } COMPRESSED_DATA_INFO
, *PCOMPRESSED_DATA_INFO
;
622 typedef struct _SID_IDENTIFIER_AUTHORITY
{
624 } SID_IDENTIFIER_AUTHORITY
,*PSID_IDENTIFIER_AUTHORITY
,*LPSID_IDENTIFIER_AUTHORITY
;
626 typedef struct _SID
{
628 BYTE SubAuthorityCount
;
629 SID_IDENTIFIER_AUTHORITY IdentifierAuthority
;
630 DWORD SubAuthority
[ANYSIZE_ARRAY
];
632 typedef struct _SID_AND_ATTRIBUTES
{
635 } SID_AND_ATTRIBUTES
, *PSID_AND_ATTRIBUTES
;
636 typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY
[ANYSIZE_ARRAY
];
637 typedef SID_AND_ATTRIBUTES_ARRAY
*PSID_AND_ATTRIBUTES_ARRAY
;
638 typedef struct _TOKEN_SOURCE
{
639 CHAR SourceName
[TOKEN_SOURCE_LENGTH
];
640 LUID SourceIdentifier
;
641 } TOKEN_SOURCE
,*PTOKEN_SOURCE
;
642 typedef struct _TOKEN_CONTROL
{
644 LUID AuthenticationId
;
646 TOKEN_SOURCE TokenSource
;
647 } TOKEN_CONTROL
,*PTOKEN_CONTROL
;
648 typedef struct _TOKEN_DEFAULT_DACL
{
650 } TOKEN_DEFAULT_DACL
,*PTOKEN_DEFAULT_DACL
;
651 typedef struct _TOKEN_GROUPS
{
653 SID_AND_ATTRIBUTES Groups
[ANYSIZE_ARRAY
];
654 } TOKEN_GROUPS
,*PTOKEN_GROUPS
,*LPTOKEN_GROUPS
;
655 typedef struct _TOKEN_GROUPS_AND_PRIVILEGES
{
658 PSID_AND_ATTRIBUTES Sids
;
659 ULONG RestrictedSidCount
;
660 ULONG RestrictedSidLength
;
661 PSID_AND_ATTRIBUTES RestrictedSids
;
662 ULONG PrivilegeCount
;
663 ULONG PrivilegeLength
;
664 PLUID_AND_ATTRIBUTES Privileges
;
665 LUID AuthenticationId
;
666 } TOKEN_GROUPS_AND_PRIVILEGES
, *PTOKEN_GROUPS_AND_PRIVILEGES
;
667 typedef struct _TOKEN_ORIGIN
{
668 LUID OriginatingLogonSession
;
669 } TOKEN_ORIGIN
, *PTOKEN_ORIGIN
;
670 typedef struct _TOKEN_OWNER
{
672 } TOKEN_OWNER
,*PTOKEN_OWNER
;
673 typedef struct _TOKEN_PRIMARY_GROUP
{
675 } TOKEN_PRIMARY_GROUP
,*PTOKEN_PRIMARY_GROUP
;
676 typedef struct _TOKEN_PRIVILEGES
{
677 DWORD PrivilegeCount
;
678 LUID_AND_ATTRIBUTES Privileges
[ANYSIZE_ARRAY
];
679 } TOKEN_PRIVILEGES
,*PTOKEN_PRIVILEGES
,*LPTOKEN_PRIVILEGES
;
680 typedef enum tagTOKEN_TYPE
{
683 } TOKEN_TYPE
,*PTOKEN_TYPE
;
684 typedef struct _TOKEN_STATISTICS
{
686 LUID AuthenticationId
;
687 LARGE_INTEGER ExpirationTime
;
688 TOKEN_TYPE TokenType
;
689 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
;
690 DWORD DynamicCharged
;
691 DWORD DynamicAvailable
;
693 DWORD PrivilegeCount
;
695 } TOKEN_STATISTICS
, *PTOKEN_STATISTICS
;
696 typedef struct _TOKEN_USER
{
697 SID_AND_ATTRIBUTES User
;
698 } TOKEN_USER
, *PTOKEN_USER
;
699 typedef DWORD SECURITY_INFORMATION
,*PSECURITY_INFORMATION
;
700 typedef WORD SECURITY_DESCRIPTOR_CONTROL
,*PSECURITY_DESCRIPTOR_CONTROL
;
701 typedef struct _SECURITY_DESCRIPTOR
{
704 SECURITY_DESCRIPTOR_CONTROL Control
;
709 } SECURITY_DESCRIPTOR
, *PISECURITY_DESCRIPTOR
;
710 typedef struct _SECURITY_DESCRIPTOR_RELATIVE
{
713 SECURITY_DESCRIPTOR_CONTROL Control
;
718 } SECURITY_DESCRIPTOR_RELATIVE
, *PISECURITY_DESCRIPTOR_RELATIVE
;
719 typedef enum _TOKEN_INFORMATION_CLASS
{
720 TokenUser
=1,TokenGroups
,TokenPrivileges
,TokenOwner
,
721 TokenPrimaryGroup
,TokenDefaultDacl
,TokenSource
,TokenType
,
722 TokenImpersonationLevel
,TokenStatistics
,TokenRestrictedSids
,
723 TokenSessionId
,TokenGroupsAndPrivileges
,TokenSessionReference
,
724 TokenSandBoxInert
,TokenAuditPolicy
,TokenOrigin
,
725 } TOKEN_INFORMATION_CLASS
;
727 typedef struct _FILE_ACCESS_INFORMATION
{
728 ACCESS_MASK AccessFlags
;
729 } FILE_ACCESS_INFORMATION
, *PFILE_ACCESS_INFORMATION
;
731 typedef struct _FILE_ALLOCATION_INFORMATION
{
732 LARGE_INTEGER AllocationSize
;
733 } FILE_ALLOCATION_INFORMATION
, *PFILE_ALLOCATION_INFORMATION
;
735 typedef struct _FILE_BOTH_DIR_INFORMATION
{
736 ULONG NextEntryOffset
;
738 LARGE_INTEGER CreationTime
;
739 LARGE_INTEGER LastAccessTime
;
740 LARGE_INTEGER LastWriteTime
;
741 LARGE_INTEGER ChangeTime
;
742 LARGE_INTEGER EndOfFile
;
743 LARGE_INTEGER AllocationSize
;
744 ULONG FileAttributes
;
745 ULONG FileNameLength
;
747 CCHAR ShortNameLength
;
750 } FILE_BOTH_DIR_INFORMATION
, *PFILE_BOTH_DIR_INFORMATION
;
752 typedef struct _FILE_COMPLETION_INFORMATION
{
755 } FILE_COMPLETION_INFORMATION
, *PFILE_COMPLETION_INFORMATION
;
757 typedef struct _FILE_COMPRESSION_INFORMATION
{
758 LARGE_INTEGER CompressedFileSize
;
759 USHORT CompressionFormat
;
760 UCHAR CompressionUnitShift
;
764 } FILE_COMPRESSION_INFORMATION
, *PFILE_COMPRESSION_INFORMATION
;
766 typedef struct _FILE_COPY_ON_WRITE_INFORMATION
{
767 BOOLEAN ReplaceIfExists
;
768 HANDLE RootDirectory
;
769 ULONG FileNameLength
;
771 } FILE_COPY_ON_WRITE_INFORMATION
, *PFILE_COPY_ON_WRITE_INFORMATION
;
773 typedef struct _FILE_DIRECTORY_INFORMATION
{
774 ULONG NextEntryOffset
;
776 LARGE_INTEGER CreationTime
;
777 LARGE_INTEGER LastAccessTime
;
778 LARGE_INTEGER LastWriteTime
;
779 LARGE_INTEGER ChangeTime
;
780 LARGE_INTEGER EndOfFile
;
781 LARGE_INTEGER AllocationSize
;
782 ULONG FileAttributes
;
783 ULONG FileNameLength
;
785 } FILE_DIRECTORY_INFORMATION
, *PFILE_DIRECTORY_INFORMATION
;
787 typedef struct _FILE_FULL_DIRECTORY_INFORMATION
{
788 ULONG NextEntryOffset
;
790 LARGE_INTEGER CreationTime
;
791 LARGE_INTEGER LastAccessTime
;
792 LARGE_INTEGER LastWriteTime
;
793 LARGE_INTEGER ChangeTime
;
794 LARGE_INTEGER EndOfFile
;
795 LARGE_INTEGER AllocationSize
;
796 ULONG FileAttributes
;
797 ULONG FileNameLength
;
800 } FILE_FULL_DIRECTORY_INFORMATION
, *PFILE_FULL_DIRECTORY_INFORMATION
;
802 typedef struct _FILE_BOTH_DIRECTORY_INFORMATION
{
803 ULONG NextEntryOffset
;
805 LARGE_INTEGER CreationTime
;
806 LARGE_INTEGER LastAccessTime
;
807 LARGE_INTEGER LastWriteTime
;
808 LARGE_INTEGER ChangeTime
;
809 LARGE_INTEGER EndOfFile
;
810 LARGE_INTEGER AllocationSize
;
811 ULONG FileAttributes
;
812 ULONG FileNameLength
;
814 CHAR ShortNameLength
;
817 } FILE_BOTH_DIRECTORY_INFORMATION
, *PFILE_BOTH_DIRECTORY_INFORMATION
;
819 typedef struct _FILE_EA_INFORMATION
{
821 } FILE_EA_INFORMATION
, *PFILE_EA_INFORMATION
;
823 typedef struct _FILE_FS_ATTRIBUTE_INFORMATION
{
824 ULONG FileSystemAttributes
;
825 ULONG MaximumComponentNameLength
;
826 ULONG FileSystemNameLength
;
827 WCHAR FileSystemName
[1];
828 } FILE_FS_ATTRIBUTE_INFORMATION
, *PFILE_FS_ATTRIBUTE_INFORMATION
;
830 typedef struct _FILE_FS_CONTROL_INFORMATION
{
831 LARGE_INTEGER FreeSpaceStartFiltering
;
832 LARGE_INTEGER FreeSpaceThreshold
;
833 LARGE_INTEGER FreeSpaceStopFiltering
;
834 LARGE_INTEGER DefaultQuotaThreshold
;
835 LARGE_INTEGER DefaultQuotaLimit
;
836 ULONG FileSystemControlFlags
;
837 } FILE_FS_CONTROL_INFORMATION
, *PFILE_FS_CONTROL_INFORMATION
;
839 typedef struct _FILE_FS_FULL_SIZE_INFORMATION
{
840 LARGE_INTEGER TotalAllocationUnits
;
841 LARGE_INTEGER CallerAvailableAllocationUnits
;
842 LARGE_INTEGER ActualAvailableAllocationUnits
;
843 ULONG SectorsPerAllocationUnit
;
844 ULONG BytesPerSector
;
845 } FILE_FS_FULL_SIZE_INFORMATION
, *PFILE_FS_FULL_SIZE_INFORMATION
;
847 typedef struct _FILE_FS_LABEL_INFORMATION
{
848 ULONG VolumeLabelLength
;
849 WCHAR VolumeLabel
[1];
850 } FILE_FS_LABEL_INFORMATION
, *PFILE_FS_LABEL_INFORMATION
;
852 #if (VER_PRODUCTBUILD >= 2195)
854 typedef struct _FILE_FS_OBJECT_ID_INFORMATION
{
856 UCHAR ExtendedInfo
[48];
857 } FILE_FS_OBJECT_ID_INFORMATION
, *PFILE_FS_OBJECT_ID_INFORMATION
;
859 #endif /* (VER_PRODUCTBUILD >= 2195) */
861 typedef struct _FILE_FS_SIZE_INFORMATION
{
862 LARGE_INTEGER TotalAllocationUnits
;
863 LARGE_INTEGER AvailableAllocationUnits
;
864 ULONG SectorsPerAllocationUnit
;
865 ULONG BytesPerSector
;
866 } FILE_FS_SIZE_INFORMATION
, *PFILE_FS_SIZE_INFORMATION
;
868 typedef struct _FILE_FS_VOLUME_INFORMATION
{
869 LARGE_INTEGER VolumeCreationTime
;
870 ULONG VolumeSerialNumber
;
871 ULONG VolumeLabelLength
;
872 BOOLEAN SupportsObjects
;
873 WCHAR VolumeLabel
[1];
874 } FILE_FS_VOLUME_INFORMATION
, *PFILE_FS_VOLUME_INFORMATION
;
876 typedef struct _FILE_FULL_DIR_INFORMATION
{
877 ULONG NextEntryOffset
;
879 LARGE_INTEGER CreationTime
;
880 LARGE_INTEGER LastAccessTime
;
881 LARGE_INTEGER LastWriteTime
;
882 LARGE_INTEGER ChangeTime
;
883 LARGE_INTEGER EndOfFile
;
884 LARGE_INTEGER AllocationSize
;
885 ULONG FileAttributes
;
886 ULONG FileNameLength
;
889 } FILE_FULL_DIR_INFORMATION
, *PFILE_FULL_DIR_INFORMATION
;
891 typedef struct _FILE_GET_EA_INFORMATION
{
892 ULONG NextEntryOffset
;
895 } FILE_GET_EA_INFORMATION
, *PFILE_GET_EA_INFORMATION
;
897 typedef struct _FILE_GET_QUOTA_INFORMATION
{
898 ULONG NextEntryOffset
;
901 } FILE_GET_QUOTA_INFORMATION
, *PFILE_GET_QUOTA_INFORMATION
;
903 typedef struct _FILE_QUOTA_INFORMATION
905 ULONG NextEntryOffset
;
907 LARGE_INTEGER ChangeTime
;
908 LARGE_INTEGER QuotaUsed
;
909 LARGE_INTEGER QuotaThreshold
;
910 LARGE_INTEGER QuotaLimit
;
912 } FILE_QUOTA_INFORMATION
, *PFILE_QUOTA_INFORMATION
;
914 typedef struct _FILE_INTERNAL_INFORMATION
{
915 LARGE_INTEGER IndexNumber
;
916 } FILE_INTERNAL_INFORMATION
, *PFILE_INTERNAL_INFORMATION
;
918 typedef struct _FILE_LINK_INFORMATION
{
919 BOOLEAN ReplaceIfExists
;
920 HANDLE RootDirectory
;
921 ULONG FileNameLength
;
923 } FILE_LINK_INFORMATION
, *PFILE_LINK_INFORMATION
;
925 typedef struct _FILE_LOCK_INFO
{
926 LARGE_INTEGER StartingByte
;
927 LARGE_INTEGER Length
;
928 BOOLEAN ExclusiveLock
;
930 PFILE_OBJECT FileObject
;
932 LARGE_INTEGER EndingByte
;
933 } FILE_LOCK_INFO
, *PFILE_LOCK_INFO
;
935 /* raw internal file lock struct returned from FsRtlGetNextFileLock */
936 typedef struct _FILE_SHARED_LOCK_ENTRY
{
939 FILE_LOCK_INFO FileLock
;
940 } FILE_SHARED_LOCK_ENTRY
, *PFILE_SHARED_LOCK_ENTRY
;
942 /* raw internal file lock struct returned from FsRtlGetNextFileLock */
943 typedef struct _FILE_EXCLUSIVE_LOCK_ENTRY
{
944 LIST_ENTRY ListEntry
;
947 FILE_LOCK_INFO FileLock
;
948 } FILE_EXCLUSIVE_LOCK_ENTRY
, *PFILE_EXCLUSIVE_LOCK_ENTRY
;
950 typedef NTSTATUS (*PCOMPLETE_LOCK_IRP_ROUTINE
) (
955 typedef VOID (NTAPI
*PUNLOCK_ROUTINE
) (
957 IN PFILE_LOCK_INFO FileLockInfo
960 typedef struct _FILE_LOCK
{
961 PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine
;
962 PUNLOCK_ROUTINE UnlockRoutine
;
963 BOOLEAN FastIoIsQuestionable
;
965 PVOID LockInformation
;
966 FILE_LOCK_INFO LastReturnedLockInfo
;
967 PVOID LastReturnedLock
;
968 } FILE_LOCK
, *PFILE_LOCK
;
970 typedef struct _FILE_MAILSLOT_PEEK_BUFFER
{
971 ULONG ReadDataAvailable
;
972 ULONG NumberOfMessages
;
974 } FILE_MAILSLOT_PEEK_BUFFER
, *PFILE_MAILSLOT_PEEK_BUFFER
;
976 typedef struct _FILE_MAILSLOT_QUERY_INFORMATION
{
977 ULONG MaximumMessageSize
;
979 ULONG NextMessageSize
;
980 ULONG MessagesAvailable
;
981 LARGE_INTEGER ReadTimeout
;
982 } FILE_MAILSLOT_QUERY_INFORMATION
, *PFILE_MAILSLOT_QUERY_INFORMATION
;
984 typedef struct _FILE_MAILSLOT_SET_INFORMATION
{
985 PLARGE_INTEGER ReadTimeout
;
986 } FILE_MAILSLOT_SET_INFORMATION
, *PFILE_MAILSLOT_SET_INFORMATION
;
988 typedef struct _FILE_MODE_INFORMATION
{
990 } FILE_MODE_INFORMATION
, *PFILE_MODE_INFORMATION
;
992 typedef struct _FILE_ALL_INFORMATION
{
993 FILE_BASIC_INFORMATION BasicInformation
;
994 FILE_STANDARD_INFORMATION StandardInformation
;
995 FILE_INTERNAL_INFORMATION InternalInformation
;
996 FILE_EA_INFORMATION EaInformation
;
997 FILE_ACCESS_INFORMATION AccessInformation
;
998 FILE_POSITION_INFORMATION PositionInformation
;
999 FILE_MODE_INFORMATION ModeInformation
;
1000 FILE_ALIGNMENT_INFORMATION AlignmentInformation
;
1001 FILE_NAME_INFORMATION NameInformation
;
1002 } FILE_ALL_INFORMATION
, *PFILE_ALL_INFORMATION
;
1004 typedef struct _FILE_NAMES_INFORMATION
{
1005 ULONG NextEntryOffset
;
1007 ULONG FileNameLength
;
1009 } FILE_NAMES_INFORMATION
, *PFILE_NAMES_INFORMATION
;
1011 typedef struct _FILE_OBJECTID_INFORMATION
{
1012 LONGLONG FileReference
;
1014 _ANONYMOUS_UNION
union {
1016 UCHAR BirthVolumeId
[16];
1017 UCHAR BirthObjectId
[16];
1020 UCHAR ExtendedInfo
[48];
1022 } FILE_OBJECTID_INFORMATION
, *PFILE_OBJECTID_INFORMATION
;
1024 typedef struct _FILE_OLE_CLASSID_INFORMATION
{
1026 } FILE_OLE_CLASSID_INFORMATION
, *PFILE_OLE_CLASSID_INFORMATION
;
1028 typedef struct _FILE_OLE_ALL_INFORMATION
{
1029 FILE_BASIC_INFORMATION BasicInformation
;
1030 FILE_STANDARD_INFORMATION StandardInformation
;
1031 FILE_INTERNAL_INFORMATION InternalInformation
;
1032 FILE_EA_INFORMATION EaInformation
;
1033 FILE_ACCESS_INFORMATION AccessInformation
;
1034 FILE_POSITION_INFORMATION PositionInformation
;
1035 FILE_MODE_INFORMATION ModeInformation
;
1036 FILE_ALIGNMENT_INFORMATION AlignmentInformation
;
1039 LARGE_INTEGER SecurityChangeTime
;
1040 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation
;
1041 FILE_OBJECTID_INFORMATION ObjectIdInformation
;
1042 FILE_STORAGE_TYPE StorageType
;
1045 ULONG NumberOfStreamReferences
;
1048 BOOLEAN ContentIndexDisable
;
1049 BOOLEAN InheritContentIndexDisable
;
1050 FILE_NAME_INFORMATION NameInformation
;
1051 } FILE_OLE_ALL_INFORMATION
, *PFILE_OLE_ALL_INFORMATION
;
1053 typedef struct _FILE_OLE_DIR_INFORMATION
{
1054 ULONG NextEntryOffset
;
1056 LARGE_INTEGER CreationTime
;
1057 LARGE_INTEGER LastAccessTime
;
1058 LARGE_INTEGER LastWriteTime
;
1059 LARGE_INTEGER ChangeTime
;
1060 LARGE_INTEGER EndOfFile
;
1061 LARGE_INTEGER AllocationSize
;
1062 ULONG FileAttributes
;
1063 ULONG FileNameLength
;
1064 FILE_STORAGE_TYPE StorageType
;
1067 BOOLEAN ContentIndexDisable
;
1068 BOOLEAN InheritContentIndexDisable
;
1070 } FILE_OLE_DIR_INFORMATION
, *PFILE_OLE_DIR_INFORMATION
;
1072 typedef struct _FILE_OLE_INFORMATION
{
1073 LARGE_INTEGER SecurityChangeTime
;
1074 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation
;
1075 FILE_OBJECTID_INFORMATION ObjectIdInformation
;
1076 FILE_STORAGE_TYPE StorageType
;
1078 BOOLEAN ContentIndexDisable
;
1079 BOOLEAN InheritContentIndexDisable
;
1080 } FILE_OLE_INFORMATION
, *PFILE_OLE_INFORMATION
;
1082 typedef struct _FILE_OLE_STATE_BITS_INFORMATION
{
1084 ULONG StateBitsMask
;
1085 } FILE_OLE_STATE_BITS_INFORMATION
, *PFILE_OLE_STATE_BITS_INFORMATION
;
1087 typedef struct _FILE_PIPE_ASSIGN_EVENT_BUFFER
{
1090 } FILE_PIPE_ASSIGN_EVENT_BUFFER
, *PFILE_PIPE_ASSIGN_EVENT_BUFFER
;
1092 typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER
{
1093 PVOID ClientSession
;
1094 PVOID ClientProcess
;
1095 } FILE_PIPE_CLIENT_PROCESS_BUFFER
, *PFILE_PIPE_CLIENT_PROCESS_BUFFER
;
1097 typedef struct _FILE_PIPE_EVENT_BUFFER
{
1098 ULONG NamedPipeState
;
1102 ULONG NumberRequests
;
1103 } FILE_PIPE_EVENT_BUFFER
, *PFILE_PIPE_EVENT_BUFFER
;
1105 typedef struct _FILE_PIPE_PEEK_BUFFER
1107 ULONG NamedPipeState
;
1108 ULONG ReadDataAvailable
;
1109 ULONG NumberOfMessages
;
1110 ULONG MessageLength
;
1112 } FILE_PIPE_PEEK_BUFFER
, *PFILE_PIPE_PEEK_BUFFER
;
1114 typedef struct _FILE_PIPE_INFORMATION
{
1116 ULONG CompletionMode
;
1117 } FILE_PIPE_INFORMATION
, *PFILE_PIPE_INFORMATION
;
1119 typedef struct _FILE_PIPE_LOCAL_INFORMATION
{
1120 ULONG NamedPipeType
;
1121 ULONG NamedPipeConfiguration
;
1122 ULONG MaximumInstances
;
1123 ULONG CurrentInstances
;
1125 ULONG ReadDataAvailable
;
1126 ULONG OutboundQuota
;
1127 ULONG WriteQuotaAvailable
;
1128 ULONG NamedPipeState
;
1130 } FILE_PIPE_LOCAL_INFORMATION
, *PFILE_PIPE_LOCAL_INFORMATION
;
1132 typedef struct _FILE_PIPE_REMOTE_INFORMATION
{
1133 LARGE_INTEGER CollectDataTime
;
1134 ULONG MaximumCollectionCount
;
1135 } FILE_PIPE_REMOTE_INFORMATION
, *PFILE_PIPE_REMOTE_INFORMATION
;
1137 typedef struct _FILE_PIPE_WAIT_FOR_BUFFER
{
1138 LARGE_INTEGER Timeout
;
1140 BOOLEAN TimeoutSpecified
;
1142 } FILE_PIPE_WAIT_FOR_BUFFER
, *PFILE_PIPE_WAIT_FOR_BUFFER
;
1144 typedef struct _FILE_RENAME_INFORMATION
{
1145 BOOLEAN ReplaceIfExists
;
1146 HANDLE RootDirectory
;
1147 ULONG FileNameLength
;
1149 } FILE_RENAME_INFORMATION
, *PFILE_RENAME_INFORMATION
;
1151 typedef struct _FILE_STREAM_INFORMATION
{
1152 ULONG NextEntryOffset
;
1153 ULONG StreamNameLength
;
1154 LARGE_INTEGER StreamSize
;
1155 LARGE_INTEGER StreamAllocationSize
;
1156 WCHAR StreamName
[1];
1157 } FILE_STREAM_INFORMATION
, *PFILE_STREAM_INFORMATION
;
1159 typedef struct _FILE_TRACKING_INFORMATION
{
1160 HANDLE DestinationFile
;
1161 ULONG ObjectInformationLength
;
1162 CHAR ObjectInformation
[1];
1163 } FILE_TRACKING_INFORMATION
, *PFILE_TRACKING_INFORMATION
;
1165 #if (VER_PRODUCTBUILD >= 2195)
1166 typedef struct _FILE_ZERO_DATA_INFORMATION
{
1167 LARGE_INTEGER FileOffset
;
1168 LARGE_INTEGER BeyondFinalZero
;
1169 } FILE_ZERO_DATA_INFORMATION
, *PFILE_ZERO_DATA_INFORMATION
;
1171 typedef struct FILE_ALLOCATED_RANGE_BUFFER
{
1172 LARGE_INTEGER FileOffset
;
1173 LARGE_INTEGER Length
;
1174 } FILE_ALLOCATED_RANGE_BUFFER
, *PFILE_ALLOCATED_RANGE_BUFFER
;
1175 #endif /* (VER_PRODUCTBUILD >= 2195) */
1177 typedef struct _FSRTL_COMMON_FCB_HEADER
{
1178 CSHORT NodeTypeCode
;
1179 CSHORT NodeByteSize
;
1181 UCHAR IsFastIoPossible
;
1182 #if (VER_PRODUCTBUILD >= 1381)
1185 #endif /* (VER_PRODUCTBUILD >= 1381) */
1186 PERESOURCE Resource
;
1187 PERESOURCE PagingIoResource
;
1188 LARGE_INTEGER AllocationSize
;
1189 LARGE_INTEGER FileSize
;
1190 LARGE_INTEGER ValidDataLength
;
1191 } FSRTL_COMMON_FCB_HEADER
, *PFSRTL_COMMON_FCB_HEADER
;
1193 #if (VER_PRODUCTBUILD >= 2600)
1195 typedef struct _FSRTL_ADVANCED_FCB_HEADER
{
1196 CSHORT NodeTypeCode
;
1197 CSHORT NodeByteSize
;
1199 UCHAR IsFastIoPossible
;
1202 PERESOURCE Resource
;
1203 PERESOURCE PagingIoResource
;
1204 LARGE_INTEGER AllocationSize
;
1205 LARGE_INTEGER FileSize
;
1206 LARGE_INTEGER ValidDataLength
;
1207 PFAST_MUTEX FastMutex
;
1208 LIST_ENTRY FilterContexts
;
1209 } FSRTL_ADVANCED_FCB_HEADER
, *PFSRTL_ADVANCED_FCB_HEADER
;
1211 typedef struct _FSRTL_PER_STREAM_CONTEXT
{
1215 PFREE_FUNCTION FreeCallback
;
1216 } FSRTL_PER_STREAM_CONTEXT
, *PFSRTL_PER_STREAM_CONTEXT
;
1218 #endif /* (VER_PRODUCTBUILD >= 2600) */
1220 typedef struct _BASE_MCB
1222 ULONG MaximumPairCount
;
1227 typedef BASE_MCB
*PBASE_MCB
;
1229 typedef struct _LARGE_MCB
1231 PFAST_MUTEX FastMutex
;
1234 typedef LARGE_MCB
*PLARGE_MCB
;
1238 LARGE_MCB DummyFieldThatSizesThisStructureCorrectly
;
1242 typedef struct _GENERATE_NAME_CONTEXT
{
1244 BOOLEAN CheckSumInserted
;
1246 WCHAR NameBuffer
[8];
1247 ULONG ExtensionLength
;
1248 WCHAR ExtensionBuffer
[4];
1249 ULONG LastIndexValue
;
1250 } GENERATE_NAME_CONTEXT
, *PGENERATE_NAME_CONTEXT
;
1252 typedef struct _MAPPING_PAIR
{
1255 } MAPPING_PAIR
, *PMAPPING_PAIR
;
1257 typedef struct _GET_RETRIEVAL_DESCRIPTOR
{
1258 ULONG NumberOfPairs
;
1260 MAPPING_PAIR Pair
[1];
1261 } GET_RETRIEVAL_DESCRIPTOR
, *PGET_RETRIEVAL_DESCRIPTOR
;
1263 typedef struct _IO_CLIENT_EXTENSION
{
1264 struct _IO_CLIENT_EXTENSION
*NextExtension
;
1265 PVOID ClientIdentificationAddress
;
1266 } IO_CLIENT_EXTENSION
, *PIO_CLIENT_EXTENSION
;
1268 typedef struct _IO_COMPLETION_BASIC_INFORMATION
{
1270 } IO_COMPLETION_BASIC_INFORMATION
, *PIO_COMPLETION_BASIC_INFORMATION
;
1272 typedef struct _KQUEUE
{
1273 DISPATCHER_HEADER Header
;
1274 LIST_ENTRY EntryListHead
;
1277 LIST_ENTRY ThreadListHead
;
1278 } KQUEUE
, *PKQUEUE
, *RESTRICTED_POINTER PRKQUEUE
;
1280 typedef struct _MBCB
{
1281 CSHORT NodeTypeCode
;
1282 CSHORT NodeIsInZone
;
1286 LIST_ENTRY BitmapRanges
;
1287 LONGLONG ResumeWritePage
;
1288 BITMAP_RANGE BitmapRange1
;
1289 BITMAP_RANGE BitmapRange2
;
1290 BITMAP_RANGE BitmapRange3
;
1293 typedef struct _MOVEFILE_DESCRIPTOR
{
1296 LARGE_INTEGER StartVcn
;
1297 LARGE_INTEGER TargetLcn
;
1300 } MOVEFILE_DESCRIPTOR
, *PMOVEFILE_DESCRIPTOR
;
1302 typedef struct _OBJECT_BASIC_INFO
{
1304 ACCESS_MASK GrantedAccess
;
1306 ULONG ReferenceCount
;
1307 ULONG PagedPoolUsage
;
1308 ULONG NonPagedPoolUsage
;
1310 ULONG NameInformationLength
;
1311 ULONG TypeInformationLength
;
1312 ULONG SecurityDescriptorLength
;
1313 LARGE_INTEGER CreateTime
;
1314 } OBJECT_BASIC_INFO
, *POBJECT_BASIC_INFO
;
1316 typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFO
{
1318 BOOLEAN ProtectFromClose
;
1319 } OBJECT_HANDLE_ATTRIBUTE_INFO
, *POBJECT_HANDLE_ATTRIBUTE_INFO
;
1321 typedef struct _OBJECT_NAME_INFO
{
1322 UNICODE_STRING ObjectName
;
1323 WCHAR ObjectNameBuffer
[1];
1324 } OBJECT_NAME_INFO
, *POBJECT_NAME_INFO
;
1326 typedef struct _OBJECT_PROTECTION_INFO
{
1328 BOOLEAN ProtectHandle
;
1329 } OBJECT_PROTECTION_INFO
, *POBJECT_PROTECTION_INFO
;
1331 typedef struct _OBJECT_TYPE_INFO
{
1332 UNICODE_STRING ObjectTypeName
;
1333 UCHAR Unknown
[0x58];
1334 WCHAR ObjectTypeNameBuffer
[1];
1335 } OBJECT_TYPE_INFO
, *POBJECT_TYPE_INFO
;
1337 typedef struct _OBJECT_ALL_TYPES_INFO
{
1338 ULONG NumberOfObjectTypes
;
1339 OBJECT_TYPE_INFO ObjectsTypeInfo
[1];
1340 } OBJECT_ALL_TYPES_INFO
, *POBJECT_ALL_TYPES_INFO
;
1343 typedef struct _PATHNAME_BUFFER
{
1344 ULONG PathNameLength
;
1346 } PATHNAME_BUFFER
, *PPATHNAME_BUFFER
;
1348 #if (VER_PRODUCTBUILD >= 2600)
1350 typedef struct _PRIVATE_CACHE_MAP_FLAGS
{
1352 ULONG ReadAheadActive
: 1;
1353 ULONG ReadAheadEnabled
: 1;
1354 ULONG Available
: 14;
1355 } PRIVATE_CACHE_MAP_FLAGS
, *PPRIVATE_CACHE_MAP_FLAGS
;
1357 typedef struct _PRIVATE_CACHE_MAP
{
1358 _ANONYMOUS_UNION
union {
1359 CSHORT NodeTypeCode
;
1360 PRIVATE_CACHE_MAP_FLAGS Flags
;
1363 ULONG ReadAheadMask
;
1364 PFILE_OBJECT FileObject
;
1365 LARGE_INTEGER FileOffset1
;
1366 LARGE_INTEGER BeyondLastByte1
;
1367 LARGE_INTEGER FileOffset2
;
1368 LARGE_INTEGER BeyondLastByte2
;
1369 LARGE_INTEGER ReadAheadOffset
[2];
1370 ULONG ReadAheadLength
[2];
1371 KSPIN_LOCK ReadAheadSpinLock
;
1372 LIST_ENTRY PrivateLinks
;
1373 } PRIVATE_CACHE_MAP
, *PPRIVATE_CACHE_MAP
;
1377 typedef struct _PUBLIC_BCB
{
1378 CSHORT NodeTypeCode
;
1379 CSHORT NodeByteSize
;
1381 LARGE_INTEGER MappedFileOffset
;
1382 } PUBLIC_BCB
, *PPUBLIC_BCB
;
1384 typedef struct _QUERY_PATH_REQUEST
{
1385 ULONG PathNameLength
;
1386 PIO_SECURITY_CONTEXT SecurityContext
;
1387 WCHAR FilePathName
[1];
1388 } QUERY_PATH_REQUEST
, *PQUERY_PATH_REQUEST
;
1390 typedef struct _QUERY_PATH_RESPONSE
{
1391 ULONG LengthAccepted
;
1392 } QUERY_PATH_RESPONSE
, *PQUERY_PATH_RESPONSE
;
1394 typedef struct _RETRIEVAL_POINTERS_BUFFER
{
1396 LARGE_INTEGER StartingVcn
;
1398 LARGE_INTEGER NextVcn
;
1401 } RETRIEVAL_POINTERS_BUFFER
, *PRETRIEVAL_POINTERS_BUFFER
;
1403 typedef struct _RTL_SPLAY_LINKS
{
1404 struct _RTL_SPLAY_LINKS
*Parent
;
1405 struct _RTL_SPLAY_LINKS
*LeftChild
;
1406 struct _RTL_SPLAY_LINKS
*RightChild
;
1407 } RTL_SPLAY_LINKS
, *PRTL_SPLAY_LINKS
;
1409 typedef enum _RTL_GENERIC_COMPARE_RESULTS
1414 } RTL_GENERIC_COMPARE_RESULTS
;
1416 #if defined(USE_LPC6432)
1417 #define LPC_CLIENT_ID CLIENT_ID64
1418 #define LPC_SIZE_T ULONGLONG
1419 #define LPC_PVOID ULONGLONG
1420 #define LPC_HANDLE ULONGLONG
1422 #define LPC_CLIENT_ID CLIENT_ID
1423 #define LPC_SIZE_T SIZE_T
1424 #define LPC_PVOID PVOID
1425 #define LPC_HANDLE HANDLE
1428 typedef struct _PORT_MESSAGE
1444 CSHORT DataInfoOffset
;
1450 LPC_CLIENT_ID ClientId
;
1451 double DoNotUseThisField
;
1456 LPC_SIZE_T ClientViewSize
;
1459 } PORT_MESSAGE
, *PPORT_MESSAGE
;
1461 typedef struct _PORT_VIEW
1464 LPC_HANDLE SectionHandle
;
1465 ULONG SectionOffset
;
1466 LPC_SIZE_T ViewSize
;
1468 LPC_PVOID ViewRemoteBase
;
1469 } PORT_VIEW
, *PPORT_VIEW
;
1471 typedef struct _REMOTE_PORT_VIEW
1474 LPC_SIZE_T ViewSize
;
1476 } REMOTE_PORT_VIEW
, *PREMOTE_PORT_VIEW
;
1478 typedef struct _SE_EXPORTS
{
1480 LUID SeCreateTokenPrivilege
;
1481 LUID SeAssignPrimaryTokenPrivilege
;
1482 LUID SeLockMemoryPrivilege
;
1483 LUID SeIncreaseQuotaPrivilege
;
1484 LUID SeUnsolicitedInputPrivilege
;
1485 LUID SeTcbPrivilege
;
1486 LUID SeSecurityPrivilege
;
1487 LUID SeTakeOwnershipPrivilege
;
1488 LUID SeLoadDriverPrivilege
;
1489 LUID SeCreatePagefilePrivilege
;
1490 LUID SeIncreaseBasePriorityPrivilege
;
1491 LUID SeSystemProfilePrivilege
;
1492 LUID SeSystemtimePrivilege
;
1493 LUID SeProfileSingleProcessPrivilege
;
1494 LUID SeCreatePermanentPrivilege
;
1495 LUID SeBackupPrivilege
;
1496 LUID SeRestorePrivilege
;
1497 LUID SeShutdownPrivilege
;
1498 LUID SeDebugPrivilege
;
1499 LUID SeAuditPrivilege
;
1500 LUID SeSystemEnvironmentPrivilege
;
1501 LUID SeChangeNotifyPrivilege
;
1502 LUID SeRemoteShutdownPrivilege
;
1507 PSID SeCreatorOwnerSid
;
1508 PSID SeCreatorGroupSid
;
1510 PSID SeNtAuthoritySid
;
1514 PSID SeInteractiveSid
;
1515 PSID SeLocalSystemSid
;
1516 PSID SeAliasAdminsSid
;
1517 PSID SeAliasUsersSid
;
1518 PSID SeAliasGuestsSid
;
1519 PSID SeAliasPowerUsersSid
;
1520 PSID SeAliasAccountOpsSid
;
1521 PSID SeAliasSystemOpsSid
;
1522 PSID SeAliasPrintOpsSid
;
1523 PSID SeAliasBackupOpsSid
;
1525 PSID SeAuthenticatedUsersSid
;
1527 PSID SeRestrictedSid
;
1528 PSID SeAnonymousLogonSid
;
1530 LUID SeUndockPrivilege
;
1531 LUID SeSyncAgentPrivilege
;
1532 LUID SeEnableDelegationPrivilege
;
1534 } SE_EXPORTS
, *PSE_EXPORTS
;
1538 LARGE_INTEGER StartingLcn
;
1539 } STARTING_LCN_INPUT_BUFFER
, *PSTARTING_LCN_INPUT_BUFFER
;
1541 typedef struct _STARTING_VCN_INPUT_BUFFER
{
1542 LARGE_INTEGER StartingVcn
;
1543 } STARTING_VCN_INPUT_BUFFER
, *PSTARTING_VCN_INPUT_BUFFER
;
1545 typedef struct _SECURITY_CLIENT_CONTEXT
{
1546 SECURITY_QUALITY_OF_SERVICE SecurityQos
;
1547 PACCESS_TOKEN ClientToken
;
1548 BOOLEAN DirectlyAccessClientToken
;
1549 BOOLEAN DirectAccessEffectiveOnly
;
1550 BOOLEAN ServerIsRemote
;
1551 TOKEN_CONTROL ClientTokenControl
;
1552 } SECURITY_CLIENT_CONTEXT
, *PSECURITY_CLIENT_CONTEXT
;
1554 typedef struct _ACE_HEADER
1559 } ACE_HEADER
, *PACE_HEADER
;
1561 typedef struct _TUNNEL
{
1563 PRTL_SPLAY_LINKS Cache
;
1564 LIST_ENTRY TimerQueue
;
1568 typedef struct _VACB
{
1570 PSHARED_CACHE_MAP SharedCacheMap
;
1572 LARGE_INTEGER FileOffset
;
1578 typedef struct _VAD_HEADER
{
1581 PVAD_HEADER ParentLink
;
1582 PVAD_HEADER LeftLink
;
1583 PVAD_HEADER RightLink
;
1584 ULONG Flags
; /* LSB = CommitCharge */
1586 PVOID FirstProtoPte
;
1590 } VAD_HEADER
, *PVAD_HEADER
;
1594 LARGE_INTEGER StartingLcn
;
1595 LARGE_INTEGER BitmapSize
;
1597 } VOLUME_BITMAP_BUFFER
, *PVOLUME_BITMAP_BUFFER
;
1599 #if (VER_PRODUCTBUILD >= 2600)
1602 (NTAPI
*PFILTER_REPORT_CHANGE
) (
1603 IN PVOID NotifyContext
,
1604 IN PVOID FilterContext
1607 typedef enum _FS_FILTER_SECTION_SYNC_TYPE
{
1609 SyncTypeCreateSection
1610 } FS_FILTER_SECTION_SYNC_TYPE
, *PFS_FILTER_SECTION_SYNC_TYPE
;
1612 typedef union _FS_FILTER_PARAMETERS
{
1614 PLARGE_INTEGER EndingOffset
;
1615 } AcquireForModifiedPageWriter
;
1618 PERESOURCE ResourceToRelease
;
1619 } ReleaseForModifiedPageWriter
;
1622 FS_FILTER_SECTION_SYNC_TYPE SyncType
;
1623 ULONG PageProtection
;
1624 } AcquireForSectionSynchronization
;
1633 } FS_FILTER_PARAMETERS
, *PFS_FILTER_PARAMETERS
;
1635 typedef struct _FS_FILTER_CALLBACK_DATA
{
1636 ULONG SizeOfFsFilterCallbackData
;
1639 struct _DEVICE_OBJECT
*DeviceObject
;
1640 struct _FILE_OBJECT
*FileObject
;
1641 FS_FILTER_PARAMETERS Parameters
;
1642 } FS_FILTER_CALLBACK_DATA
, *PFS_FILTER_CALLBACK_DATA
;
1645 (NTAPI
*PFS_FILTER_CALLBACK
) (
1646 IN PFS_FILTER_CALLBACK_DATA Data
,
1647 OUT PVOID
*CompletionContext
1651 (NTAPI
*PFS_FILTER_COMPLETION_CALLBACK
) (
1652 IN PFS_FILTER_CALLBACK_DATA Data
,
1653 IN NTSTATUS OperationStatus
,
1654 IN PVOID CompletionContext
1657 typedef struct _FS_FILTER_CALLBACKS
{
1658 ULONG SizeOfFsFilterCallbacks
;
1660 PFS_FILTER_CALLBACK PreAcquireForSectionSynchronization
;
1661 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForSectionSynchronization
;
1662 PFS_FILTER_CALLBACK PreReleaseForSectionSynchronization
;
1663 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForSectionSynchronization
;
1664 PFS_FILTER_CALLBACK PreAcquireForCcFlush
;
1665 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForCcFlush
;
1666 PFS_FILTER_CALLBACK PreReleaseForCcFlush
;
1667 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForCcFlush
;
1668 PFS_FILTER_CALLBACK PreAcquireForModifiedPageWriter
;
1669 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForModifiedPageWriter
;
1670 PFS_FILTER_CALLBACK PreReleaseForModifiedPageWriter
;
1671 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForModifiedPageWriter
;
1672 } FS_FILTER_CALLBACKS
, *PFS_FILTER_CALLBACKS
;
1674 typedef struct _READ_LIST
{
1675 PFILE_OBJECT FileObject
;
1676 ULONG NumberOfEntries
;
1678 FILE_SEGMENT_ELEMENT List
[ANYSIZE_ARRAY
];
1679 } READ_LIST
, *PREAD_LIST
;
1684 (NTAPI
* PRTL_HEAP_COMMIT_ROUTINE
) (
1686 IN OUT PVOID
*CommitAddress
,
1687 IN OUT PSIZE_T CommitSize
1690 typedef struct _RTL_HEAP_PARAMETERS
{
1692 SIZE_T SegmentReserve
;
1693 SIZE_T SegmentCommit
;
1694 SIZE_T DeCommitFreeBlockThreshold
;
1695 SIZE_T DeCommitTotalFreeThreshold
;
1696 SIZE_T MaximumAllocationSize
;
1697 SIZE_T VirtualMemoryThreshold
;
1698 SIZE_T InitialCommit
;
1699 SIZE_T InitialReserve
;
1700 PRTL_HEAP_COMMIT_ROUTINE CommitRoutine
;
1702 } RTL_HEAP_PARAMETERS
, *PRTL_HEAP_PARAMETERS
;
1708 IN PFILE_OBJECT FileObject
,
1709 IN ULONG BytesToWrite
,
1718 IN PFILE_OBJECT FileObject
,
1719 IN PLARGE_INTEGER FileOffset
,
1723 OUT PIO_STATUS_BLOCK IoStatus
1730 IN PFILE_OBJECT FileObject
,
1731 IN PLARGE_INTEGER FileOffset
,
1737 #define CcCopyWriteWontFlush(FO, FOFF, LEN) ((LEN) <= 0x10000)
1739 typedef VOID (NTAPI
*PCC_POST_DEFERRED_WRITE
) (
1748 IN PFILE_OBJECT FileObject
,
1749 IN PCC_POST_DEFERRED_WRITE PostRoutine
,
1752 IN ULONG BytesToWrite
,
1760 IN PFILE_OBJECT FileObject
,
1761 IN ULONG FileOffset
,
1765 OUT PIO_STATUS_BLOCK IoStatus
1772 IN PFILE_OBJECT FileObject
,
1773 IN ULONG FileOffset
,
1782 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
1783 IN PLARGE_INTEGER FileOffset OPTIONAL
,
1785 OUT PIO_STATUS_BLOCK IoStatus OPTIONAL
1788 typedef VOID (*PDIRTY_PAGE_ROUTINE
) (
1789 IN PFILE_OBJECT FileObject
,
1790 IN PLARGE_INTEGER FileOffset
,
1792 IN PLARGE_INTEGER OldestLsn
,
1793 IN PLARGE_INTEGER NewestLsn
,
1803 IN PDIRTY_PAGE_ROUTINE DirtyPageRoutine
,
1811 CcGetFileObjectFromBcb (
1818 CcGetFileObjectFromSectionPtrs (
1819 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
1822 #define CcGetFileSizePointer(FO) ( \
1823 ((PLARGE_INTEGER)((FO)->SectionObjectPointer->SharedCacheMap) + 1) \
1826 #if (VER_PRODUCTBUILD >= 2195)
1831 CcGetFlushedValidData (
1832 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
1833 IN BOOLEAN BcbListHeld
1836 #endif /* (VER_PRODUCTBUILD >= 2195) */
1841 CcGetLsnForFileObject (
1842 IN PFILE_OBJECT FileObject
,
1843 OUT PLARGE_INTEGER OldestLsn OPTIONAL
1846 typedef BOOLEAN (NTAPI
*PACQUIRE_FOR_LAZY_WRITE
) (
1851 typedef VOID (NTAPI
*PRELEASE_FROM_LAZY_WRITE
) (
1855 typedef BOOLEAN (NTAPI
*PACQUIRE_FOR_READ_AHEAD
) (
1860 typedef VOID (NTAPI
*PRELEASE_FROM_READ_AHEAD
) (
1864 typedef struct _CACHE_MANAGER_CALLBACKS
{
1865 PACQUIRE_FOR_LAZY_WRITE AcquireForLazyWrite
;
1866 PRELEASE_FROM_LAZY_WRITE ReleaseFromLazyWrite
;
1867 PACQUIRE_FOR_READ_AHEAD AcquireForReadAhead
;
1868 PRELEASE_FROM_READ_AHEAD ReleaseFromReadAhead
;
1869 } CACHE_MANAGER_CALLBACKS
, *PCACHE_MANAGER_CALLBACKS
;
1874 CcInitializeCacheMap (
1875 IN PFILE_OBJECT FileObject
,
1876 IN PCC_FILE_SIZES FileSizes
,
1877 IN BOOLEAN PinAccess
,
1878 IN PCACHE_MANAGER_CALLBACKS Callbacks
,
1879 IN PVOID LazyWriteContext
1882 #define CcIsFileCached(FO) ( \
1883 ((FO)->SectionObjectPointer != NULL) && \
1884 (((PSECTION_OBJECT_POINTERS)(FO)->SectionObjectPointer)->SharedCacheMap != NULL) \
1890 CcIsThereDirtyData (
1898 IN PFILE_OBJECT FileObject
,
1899 IN PLARGE_INTEGER FileOffset
,
1910 IN PFILE_OBJECT FileObject
,
1911 IN PLARGE_INTEGER FileOffset
,
1914 OUT PIO_STATUS_BLOCK IoStatus
1921 IN PFILE_OBJECT FileObject
,
1928 CcMdlWriteComplete (
1929 IN PFILE_OBJECT FileObject
,
1930 IN PLARGE_INTEGER FileOffset
,
1938 IN PFILE_OBJECT FileObject
,
1939 IN PLARGE_INTEGER FileOffset
,
1941 #if (VER_PRODUCTBUILD >= 2195)
1953 IN PFILE_OBJECT FileObject
,
1954 IN PLARGE_INTEGER FileOffset
,
1956 #if (VER_PRODUCTBUILD >= 2195)
1969 IN PFILE_OBJECT FileObject
,
1970 IN PLARGE_INTEGER FileOffset
,
1973 OUT PIO_STATUS_BLOCK IoStatus
1980 IN PFILE_OBJECT FileObject
,
1981 IN PLARGE_INTEGER FileOffset
,
1984 #if (VER_PRODUCTBUILD >= 2195)
1996 CcPurgeCacheSection (
1997 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
1998 IN PLARGE_INTEGER FileOffset OPTIONAL
,
2000 IN BOOLEAN UninitializeCacheMaps
2003 #define CcReadAhead(FO, FOFF, LEN) ( \
2004 if ((LEN) >= 256) { \
2005 CcScheduleReadAhead((FO), (FOFF), (LEN)); \
2009 #if (VER_PRODUCTBUILD >= 2195)
2018 #endif /* (VER_PRODUCTBUILD >= 2195) */
2030 CcScheduleReadAhead (
2031 IN PFILE_OBJECT FileObject
,
2032 IN PLARGE_INTEGER FileOffset
,
2039 CcSetAdditionalCacheAttributes (
2040 IN PFILE_OBJECT FileObject
,
2041 IN BOOLEAN DisableReadAhead
,
2042 IN BOOLEAN DisableWriteBehind
2048 CcSetBcbOwnerPointer (
2050 IN PVOID OwnerPointer
2056 CcSetDirtyPageThreshold (
2057 IN PFILE_OBJECT FileObject
,
2058 IN ULONG DirtyPageThreshold
2064 CcSetDirtyPinnedData (
2066 IN PLARGE_INTEGER Lsn OPTIONAL
2073 IN PFILE_OBJECT FileObject
,
2074 IN PCC_FILE_SIZES FileSizes
2077 typedef VOID (NTAPI
*PFLUSH_TO_LSN
) (
2079 IN PLARGE_INTEGER Lsn
2085 CcSetLogHandleForFile (
2086 IN PFILE_OBJECT FileObject
,
2088 IN PFLUSH_TO_LSN FlushToLsnRoutine
2094 CcSetReadAheadGranularity (
2095 IN PFILE_OBJECT FileObject
,
2096 IN ULONG Granularity
/* default: PAGE_SIZE */
2097 /* allowed: 2^n * PAGE_SIZE */
2103 CcUninitializeCacheMap (
2104 IN PFILE_OBJECT FileObject
,
2105 IN PLARGE_INTEGER TruncateSize OPTIONAL
,
2106 IN PCACHE_UNINITIALIZE_EVENT UninitializeCompleteEvent OPTIONAL
2119 CcUnpinDataForThread (
2121 IN ERESOURCE_THREAD ResourceThreadId
2127 CcUnpinRepinnedBcb (
2129 IN BOOLEAN WriteThrough
,
2130 OUT PIO_STATUS_BLOCK IoStatus
2133 #if (VER_PRODUCTBUILD >= 2195)
2138 CcWaitForCurrentLazyWriterActivity (
2142 #endif /* (VER_PRODUCTBUILD >= 2195) */
2148 IN PFILE_OBJECT FileObject
,
2149 IN PLARGE_INTEGER StartOffset
,
2150 IN PLARGE_INTEGER EndOffset
,
2157 ExDisableResourceBoostLite (
2158 IN PERESOURCE Resource
2164 ExQueryPoolBlockSize (
2166 OUT PBOOLEAN QuotaCharged
2169 #if (VER_PRODUCTBUILD >= 2600)
2171 #ifndef __NTOSKRNL__
2175 ExInitializeRundownProtection (
2176 IN PEX_RUNDOWN_REF RunRef
2182 ExReInitializeRundownProtection (
2183 IN PEX_RUNDOWN_REF RunRef
2189 ExAcquireRundownProtection (
2190 IN PEX_RUNDOWN_REF RunRef
2196 ExAcquireRundownProtectionEx (
2197 IN PEX_RUNDOWN_REF RunRef
,
2204 ExReleaseRundownProtection (
2205 IN PEX_RUNDOWN_REF RunRef
2211 ExReleaseRundownProtectionEx (
2212 IN PEX_RUNDOWN_REF RunRef
,
2219 ExRundownCompleted (
2220 IN PEX_RUNDOWN_REF RunRef
2226 ExWaitForRundownProtectionRelease (
2227 IN PEX_RUNDOWN_REF RunRef
2231 #endif /* (VER_PRODUCTBUILD >= 2600) */
2233 #define FlagOn(x, f) ((x) & (f))
2238 FsRtlAddToTunnelCache (
2240 IN ULONGLONG DirectoryKey
,
2241 IN PUNICODE_STRING ShortName
,
2242 IN PUNICODE_STRING LongName
,
2243 IN BOOLEAN KeyByShortName
,
2244 IN ULONG DataLength
,
2248 #if (VER_PRODUCTBUILD >= 2195)
2252 FsRtlAllocateFileLock (
2253 IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL
,
2254 IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL
2257 #endif /* (VER_PRODUCTBUILD >= 2195) */
2263 IN POOL_TYPE PoolType
,
2264 IN ULONG NumberOfBytes
2270 FsRtlAllocatePoolWithQuota (
2271 IN POOL_TYPE PoolType
,
2272 IN ULONG NumberOfBytes
2278 FsRtlAllocatePoolWithQuotaTag (
2279 IN POOL_TYPE PoolType
,
2280 IN ULONG NumberOfBytes
,
2287 FsRtlAllocatePoolWithTag (
2288 IN POOL_TYPE PoolType
,
2289 IN ULONG NumberOfBytes
,
2296 FsRtlAreNamesEqual (
2297 IN PUNICODE_STRING Name1
,
2298 IN PUNICODE_STRING Name2
,
2299 IN BOOLEAN IgnoreCase
,
2300 IN PWCHAR UpcaseTable OPTIONAL
2303 #define FsRtlAreThereCurrentFileLocks(FL) ( \
2304 ((FL)->FastIoIsQuestionable) \
2308 FsRtlCheckLockForReadAccess:
2310 All this really does is pick out the lock parameters from the irp (io stack
2311 location?), get IoGetRequestorProcess, and pass values on to
2312 FsRtlFastCheckLockForRead.
2317 FsRtlCheckLockForReadAccess (
2318 IN PFILE_LOCK FileLock
,
2323 FsRtlCheckLockForWriteAccess:
2325 All this really does is pick out the lock parameters from the irp (io stack
2326 location?), get IoGetRequestorProcess, and pass values on to
2327 FsRtlFastCheckLockForWrite.
2332 FsRtlCheckLockForWriteAccess (
2333 IN PFILE_LOCK FileLock
,
2339 (NTAPI
*POPLOCK_WAIT_COMPLETE_ROUTINE
) (
2346 (NTAPI
*POPLOCK_FS_PREPOST_IRP
) (
2358 IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL
,
2359 IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL
2366 IN PFILE_OBJECT FileObject
,
2367 IN PLARGE_INTEGER FileOffset
,
2372 OUT PIO_STATUS_BLOCK IoStatus
,
2373 IN PDEVICE_OBJECT DeviceObject
2380 IN PFILE_OBJECT FileObject
,
2381 IN PLARGE_INTEGER FileOffset
,
2386 OUT PIO_STATUS_BLOCK IoStatus
,
2387 IN PDEVICE_OBJECT DeviceObject
2395 IN PVOID HeapBase OPTIONAL
,
2396 IN SIZE_T ReserveSize OPTIONAL
,
2397 IN SIZE_T CommitSize OPTIONAL
,
2398 IN PVOID Lock OPTIONAL
,
2399 IN PRTL_HEAP_PARAMETERS Parameters OPTIONAL
2405 FsRtlCurrentBatchOplock (
2412 FsRtlDeleteKeyFromTunnelCache (
2414 IN ULONGLONG DirectoryKey
2420 FsRtlDeleteTunnelCache (
2427 FsRtlDeregisterUncProvider (
2442 IN ANSI_STRING Name
,
2443 OUT PANSI_STRING FirstPart
,
2444 OUT PANSI_STRING RemainingPart
2451 IN UNICODE_STRING Name
,
2452 OUT PUNICODE_STRING FirstPart
,
2453 OUT PUNICODE_STRING RemainingPart
2459 FsRtlDoesDbcsContainWildCards (
2460 IN PANSI_STRING Name
2466 FsRtlDoesNameContainWildCards (
2467 IN PUNICODE_STRING Name
2470 #define FsRtlEnterFileSystem KeEnterCriticalRegion
2472 #define FsRtlExitFileSystem KeLeaveCriticalRegion
2477 FsRtlFastCheckLockForRead (
2478 IN PFILE_LOCK FileLock
,
2479 IN PLARGE_INTEGER FileOffset
,
2480 IN PLARGE_INTEGER Length
,
2482 IN PFILE_OBJECT FileObject
,
2483 IN PEPROCESS Process
2489 FsRtlFastCheckLockForWrite (
2490 IN PFILE_LOCK FileLock
,
2491 IN PLARGE_INTEGER FileOffset
,
2492 IN PLARGE_INTEGER Length
,
2494 IN PFILE_OBJECT FileObject
,
2495 IN PEPROCESS Process
2498 #define FsRtlFastLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, A10, A11) ( \
2499 FsRtlPrivateLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, NULL, A10, A11) \
2505 FsRtlFastUnlockAll (
2506 IN PFILE_LOCK FileLock
,
2507 IN PFILE_OBJECT FileObject
,
2508 IN PEPROCESS Process
,
2509 IN PVOID Context OPTIONAL
2511 /* ret: STATUS_RANGE_NOT_LOCKED */
2516 FsRtlFastUnlockAllByKey (
2517 IN PFILE_LOCK FileLock
,
2518 IN PFILE_OBJECT FileObject
,
2519 IN PEPROCESS Process
,
2521 IN PVOID Context OPTIONAL
2523 /* ret: STATUS_RANGE_NOT_LOCKED */
2528 FsRtlFastUnlockSingle (
2529 IN PFILE_LOCK FileLock
,
2530 IN PFILE_OBJECT FileObject
,
2531 IN PLARGE_INTEGER FileOffset
,
2532 IN PLARGE_INTEGER Length
,
2533 IN PEPROCESS Process
,
2535 IN PVOID Context OPTIONAL
,
2536 IN BOOLEAN AlreadySynchronized
2538 /* ret: STATUS_RANGE_NOT_LOCKED */
2543 FsRtlFindInTunnelCache (
2545 IN ULONGLONG DirectoryKey
,
2546 IN PUNICODE_STRING Name
,
2547 OUT PUNICODE_STRING ShortName
,
2548 OUT PUNICODE_STRING LongName
,
2549 IN OUT PULONG DataLength
,
2553 #if (VER_PRODUCTBUILD >= 2195)
2559 IN PFILE_LOCK FileLock
2562 #endif /* (VER_PRODUCTBUILD >= 2195) */
2568 IN PFILE_OBJECT FileObject
,
2569 IN OUT PLARGE_INTEGER FileSize
2573 FsRtlGetNextFileLock:
2575 ret: NULL if no more locks
2578 FsRtlGetNextFileLock uses FileLock->LastReturnedLockInfo and
2579 FileLock->LastReturnedLock as storage.
2580 LastReturnedLock is a pointer to the 'raw' lock inkl. double linked
2581 list, and FsRtlGetNextFileLock needs this to get next lock on subsequent
2582 calls with Restart = FALSE.
2587 FsRtlGetNextFileLock (
2588 IN PFILE_LOCK FileLock
,
2595 FsRtlInitializeFileLock (
2596 IN PFILE_LOCK FileLock
,
2597 IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL
,
2598 IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL
2604 FsRtlInitializeOplock (
2605 IN OUT POPLOCK Oplock
2611 FsRtlInitializeTunnelCache (
2618 FsRtlIsNameInExpression (
2619 IN PUNICODE_STRING Expression
,
2620 IN PUNICODE_STRING Name
,
2621 IN BOOLEAN IgnoreCase
,
2622 IN PWCHAR UpcaseTable OPTIONAL
2628 FsRtlIsNtstatusExpected (
2629 IN NTSTATUS Ntstatus
2632 #define NLS_OEM_LEAD_BYTE_INFO NlsOemLeadByteInfo
2634 extern PUSHORT NlsOemLeadByteInfo
;
2636 #define FsRtlIsLeadDbcsCharacter(DBCS_CHAR) ( \
2637 (BOOLEAN)((UCHAR)(DBCS_CHAR) < 0x80 ? FALSE : \
2638 (NLS_MB_CODE_PAGE_TAG && \
2639 (NLS_OEM_LEAD_BYTE_INFO[(UCHAR)(DBCS_CHAR)] != 0))) \
2642 #define FsRtlIsAnsiCharacterWild(C) ( \
2643 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], FSRTL_WILD_CHARACTER ) \
2646 #define FsRtlIsUnicodeCharacterWild(C) ( \
2649 FlagOn(FsRtlLegalAnsiCharacterArray[(C)], FSRTL_WILD_CHARACTER )) \
2656 IN PFILE_OBJECT FileObject
,
2657 IN PLARGE_INTEGER FileOffset
,
2661 OUT PIO_STATUS_BLOCK IoStatus
,
2662 IN PDEVICE_OBJECT DeviceObject
2668 FsRtlMdlReadComplete (
2669 IN PFILE_OBJECT FileObject
,
2676 FsRtlMdlReadCompleteDev (
2677 IN PFILE_OBJECT FileObject
,
2679 IN PDEVICE_OBJECT DeviceObject
2685 FsRtlPrepareMdlWriteDev (
2686 IN PFILE_OBJECT FileObject
,
2687 IN PLARGE_INTEGER FileOffset
,
2691 OUT PIO_STATUS_BLOCK IoStatus
,
2692 IN PDEVICE_OBJECT DeviceObject
2698 FsRtlMdlWriteComplete (
2699 IN PFILE_OBJECT FileObject
,
2700 IN PLARGE_INTEGER FileOffset
,
2707 FsRtlMdlWriteCompleteDev (
2708 IN PFILE_OBJECT FileObject
,
2709 IN PLARGE_INTEGER FileOffset
,
2711 IN PDEVICE_OBJECT DeviceObject
2717 FsRtlNormalizeNtstatus (
2718 IN NTSTATUS Exception
,
2719 IN NTSTATUS GenericException
2725 FsRtlNotifyChangeDirectory (
2726 IN PNOTIFY_SYNC NotifySync
,
2728 IN PSTRING FullDirectoryName
,
2729 IN PLIST_ENTRY NotifyList
,
2730 IN BOOLEAN WatchTree
,
2731 IN ULONG CompletionFilter
,
2738 FsRtlNotifyCleanup (
2739 IN PNOTIFY_SYNC NotifySync
,
2740 IN PLIST_ENTRY NotifyList
,
2744 typedef BOOLEAN (*PCHECK_FOR_TRAVERSE_ACCESS
) (
2745 IN PVOID NotifyContext
,
2746 IN PVOID TargetContext
,
2747 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
2753 FsRtlNotifyFullChangeDirectory (
2754 IN PNOTIFY_SYNC NotifySync
,
2755 IN PLIST_ENTRY NotifyList
,
2757 IN PSTRING FullDirectoryName
,
2758 IN BOOLEAN WatchTree
,
2759 IN BOOLEAN IgnoreBuffer
,
2760 IN ULONG CompletionFilter
,
2762 IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL
,
2763 IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL
2769 FsRtlNotifyFullReportChange (
2770 IN PNOTIFY_SYNC NotifySync
,
2771 IN PLIST_ENTRY NotifyList
,
2772 IN PSTRING FullTargetName
,
2773 IN USHORT TargetNameOffset
,
2774 IN PSTRING StreamName OPTIONAL
,
2775 IN PSTRING NormalizedParentName OPTIONAL
,
2776 IN ULONG FilterMatch
,
2778 IN PVOID TargetContext
2784 FsRtlNotifyInitializeSync (
2785 IN PNOTIFY_SYNC
*NotifySync
2791 FsRtlNotifyReportChange (
2792 IN PNOTIFY_SYNC NotifySync
,
2793 IN PLIST_ENTRY NotifyList
,
2794 IN PSTRING FullTargetName
,
2795 IN PUSHORT FileNamePartLength
,
2796 IN ULONG FilterMatch
2802 FsRtlNotifyUninitializeSync (
2803 IN PNOTIFY_SYNC
*NotifySync
2806 #if (VER_PRODUCTBUILD >= 2195)
2811 FsRtlNotifyVolumeEvent (
2812 IN PFILE_OBJECT FileObject
,
2816 #endif /* (VER_PRODUCTBUILD >= 2195) */
2830 FsRtlOplockIsFastIoPossible (
2837 ret: IoStatus->Status: STATUS_PENDING, STATUS_LOCK_NOT_GRANTED
2840 -Calls IoCompleteRequest if Irp
2841 -Uses exception handling / ExRaiseStatus with STATUS_INSUFFICIENT_RESOURCES
2847 IN PFILE_LOCK FileLock
,
2848 IN PFILE_OBJECT FileObject
,
2849 IN PLARGE_INTEGER FileOffset
,
2850 IN PLARGE_INTEGER Length
,
2851 IN PEPROCESS Process
,
2853 IN BOOLEAN FailImmediately
,
2854 IN BOOLEAN ExclusiveLock
,
2855 OUT PIO_STATUS_BLOCK IoStatus
,
2856 IN PIRP Irp OPTIONAL
,
2858 IN BOOLEAN AlreadySynchronized
2862 FsRtlProcessFileLock:
2865 -STATUS_INVALID_DEVICE_REQUEST
2866 -STATUS_RANGE_NOT_LOCKED from unlock routines.
2867 -STATUS_PENDING, STATUS_LOCK_NOT_GRANTED from FsRtlPrivateLock
2868 (redirected IoStatus->Status).
2871 -switch ( Irp->CurrentStackLocation->MinorFunction )
2872 lock: return FsRtlPrivateLock;
2873 unlocksingle: return FsRtlFastUnlockSingle;
2874 unlockall: return FsRtlFastUnlockAll;
2875 unlockallbykey: return FsRtlFastUnlockAllByKey;
2876 default: IofCompleteRequest with STATUS_INVALID_DEVICE_REQUEST;
2877 return STATUS_INVALID_DEVICE_REQUEST;
2879 -'AllwaysZero' is passed thru as 'AllwaysZero' to lock / unlock routines.
2880 -'Irp' is passet thru as 'Irp' to FsRtlPrivateLock.
2885 FsRtlProcessFileLock (
2886 IN PFILE_LOCK FileLock
,
2888 IN PVOID Context OPTIONAL
2894 FsRtlRegisterUncProvider (
2895 IN OUT PHANDLE MupHandle
,
2896 IN PUNICODE_STRING RedirectorDeviceName
,
2897 IN BOOLEAN MailslotsSupported
2901 (NTAPI
*PFSRTL_STACK_OVERFLOW_ROUTINE
) (
2909 FsRtlPostStackOverflow (
2912 IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine
2918 FsRtlPostPagingFileStackOverflow (
2921 IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine
2927 FsRtlUninitializeFileLock (
2928 IN PFILE_LOCK FileLock
2934 FsRtlUninitializeOplock (
2935 IN OUT POPLOCK Oplock
2948 HalQueryRealTimeClock (
2949 IN OUT PTIME_FIELDS TimeFields
2955 HalSetRealTimeClock (
2956 IN PTIME_FIELDS TimeFields
2962 IoAttachDeviceToDeviceStackSafe(
2963 IN PDEVICE_OBJECT SourceDevice
,
2964 IN PDEVICE_OBJECT TargetDevice
,
2965 OUT PDEVICE_OBJECT
*AttachedToDeviceObject
2971 IoAcquireVpbSpinLock (
2978 IoCheckDesiredAccess (
2979 IN OUT PACCESS_MASK DesiredAccess
,
2980 IN ACCESS_MASK GrantedAccess
2986 IoCheckEaBufferValidity (
2987 IN PFILE_FULL_EA_INFORMATION EaBuffer
,
2989 OUT PULONG ErrorOffset
2995 IoCheckFunctionAccess (
2996 IN ACCESS_MASK GrantedAccess
,
2997 IN UCHAR MajorFunction
,
2998 IN UCHAR MinorFunction
,
2999 IN ULONG IoControlCode
,
3000 IN PVOID Argument1 OPTIONAL
,
3001 IN PVOID Argument2 OPTIONAL
3004 #if (VER_PRODUCTBUILD >= 2195)
3009 IoCheckQuotaBufferValidity (
3010 IN PFILE_QUOTA_INFORMATION QuotaBuffer
,
3011 IN ULONG QuotaLength
,
3012 OUT PULONG ErrorOffset
3015 #endif /* (VER_PRODUCTBUILD >= 2195) */
3020 IoCreateStreamFileObject (
3021 IN PFILE_OBJECT FileObject OPTIONAL
,
3022 IN PDEVICE_OBJECT DeviceObject OPTIONAL
3025 #if (VER_PRODUCTBUILD >= 2195)
3030 IoCreateStreamFileObjectLite (
3031 IN PFILE_OBJECT FileObject OPTIONAL
,
3032 IN PDEVICE_OBJECT DeviceObject OPTIONAL
3035 #endif /* (VER_PRODUCTBUILD >= 2195) */
3040 IoFastQueryNetworkAttributes (
3041 IN POBJECT_ATTRIBUTES ObjectAttributes
,
3042 IN ACCESS_MASK DesiredAccess
,
3043 IN ULONG OpenOptions
,
3044 OUT PIO_STATUS_BLOCK IoStatus
,
3045 OUT PFILE_NETWORK_OPEN_INFORMATION Buffer
3051 IoGetAttachedDevice (
3052 IN PDEVICE_OBJECT DeviceObject
3058 IoGetBaseFileSystemDeviceObject (
3059 IN PFILE_OBJECT FileObject
3065 IoGetRequestorProcess (
3069 #if (VER_PRODUCTBUILD >= 2195)
3074 IoGetRequestorProcessId (
3078 #endif /* (VER_PRODUCTBUILD >= 2195) */
3087 #define IoIsFileOpenedExclusively(FileObject) ( \
3089 (FileObject)->SharedRead || \
3090 (FileObject)->SharedWrite || \
3091 (FileObject)->SharedDelete \
3098 IoIsOperationSynchronous (
3109 #if (VER_PRODUCTBUILD >= 2195)
3114 IoIsValidNameGraftingBuffer (
3116 IN PREPARSE_DATA_BUFFER ReparseBuffer
3119 #endif /* (VER_PRODUCTBUILD >= 2195) */
3125 IN PFILE_OBJECT FileObject
,
3127 IN PLARGE_INTEGER Offset
,
3129 OUT PIO_STATUS_BLOCK IoStatusBlock
3135 IoQueryFileInformation (
3136 IN PFILE_OBJECT FileObject
,
3137 IN FILE_INFORMATION_CLASS FileInformationClass
,
3139 OUT PVOID FileInformation
,
3140 OUT PULONG ReturnedLength
3146 IoQueryVolumeInformation (
3147 IN PFILE_OBJECT FileObject
,
3148 IN FS_INFORMATION_CLASS FsInformationClass
,
3150 OUT PVOID FsInformation
,
3151 OUT PULONG ReturnedLength
3164 IoRegisterFileSystem (
3165 IN OUT PDEVICE_OBJECT DeviceObject
3168 #if (VER_PRODUCTBUILD >= 1381)
3170 typedef VOID (NTAPI
*PDRIVER_FS_NOTIFICATION
) (
3171 IN PDEVICE_OBJECT DeviceObject
,
3172 IN BOOLEAN DriverActive
3178 IoRegisterFsRegistrationChange (
3179 IN PDRIVER_OBJECT DriverObject
,
3180 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
3183 #endif /* (VER_PRODUCTBUILD >= 1381) */
3188 IoReleaseVpbSpinLock (
3195 IoSetDeviceToVerify (
3197 IN PDEVICE_OBJECT DeviceObject
3204 IN PFILE_OBJECT FileObject
,
3205 IN FILE_INFORMATION_CLASS FileInformationClass
,
3207 IN PVOID FileInformation
3220 IoSynchronousPageWrite (
3221 IN PFILE_OBJECT FileObject
,
3223 IN PLARGE_INTEGER FileOffset
,
3225 OUT PIO_STATUS_BLOCK IoStatusBlock
3238 IoUnregisterFileSystem (
3239 IN OUT PDEVICE_OBJECT DeviceObject
3242 #if (VER_PRODUCTBUILD >= 1381)
3247 IoUnregisterFsRegistrationChange (
3248 IN PDRIVER_OBJECT DriverObject
,
3249 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
3252 #endif /* (VER_PRODUCTBUILD >= 1381) */
3258 IN PDEVICE_OBJECT DeviceObject
,
3259 IN BOOLEAN AllowRawMount
3266 IN PKPROCESS Process
3281 IN ULONG Count OPTIONAL
3289 IN PLIST_ENTRY Entry
3297 IN PLIST_ENTRY Entry
3305 IN PVOID SystemArgument1
,
3306 IN PVOID SystemArgument2
,
3307 IN KPRIORITY PriorityBoost
3322 IN KPROCESSOR_MODE WaitMode
,
3323 IN PLARGE_INTEGER Timeout OPTIONAL
3336 KeInitializeMutant (
3337 IN PRKMUTANT Mutant
,
3338 IN BOOLEAN InitialOwner
3352 IN PRKMUTANT Mutant
,
3353 IN KPRIORITY Increment
,
3354 IN BOOLEAN Abandoned
,
3358 #if (VER_PRODUCTBUILD >= 2195)
3363 KeStackAttachProcess (
3364 IN PKPROCESS Process
,
3365 OUT PKAPC_STATE ApcState
3371 KeUnstackDetachProcess (
3372 IN PKAPC_STATE ApcState
3375 #endif /* (VER_PRODUCTBUILD >= 2195) */
3380 KeSetKernelStackSwapEnable(
3387 MmCanFileBeTruncated (
3388 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
3389 IN PLARGE_INTEGER NewFileSize
3395 MmFlushImageSection (
3396 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
3397 IN MMFLUSH_TYPE FlushType
3403 MmForceSectionClosed (
3404 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
3405 IN BOOLEAN DelayClose
3408 #if (VER_PRODUCTBUILD >= 1381)
3413 MmIsRecursiveIoFault (
3419 #define MmIsRecursiveIoFault() ( \
3420 (PsGetCurrentThread()->DisablePageFaultClustering) | \
3421 (PsGetCurrentThread()->ForwardClusterOnly) \
3429 MmMapViewOfSection (
3430 IN PVOID SectionObject
,
3431 IN PEPROCESS Process
,
3432 IN OUT PVOID
*BaseAddress
,
3434 IN ULONG CommitSize
,
3435 IN OUT PLARGE_INTEGER SectionOffset OPTIONAL
,
3436 IN OUT PULONG ViewSize
,
3437 IN SECTION_INHERIT InheritDisposition
,
3438 IN ULONG AllocationType
,
3445 MmSetAddressRangeModified (
3454 IN KPROCESSOR_MODE ObjectAttributesAccessMode OPTIONAL
,
3455 IN POBJECT_TYPE ObjectType
,
3456 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
3457 IN KPROCESSOR_MODE AccessMode
,
3458 IN OUT PVOID ParseContext OPTIONAL
,
3459 IN ULONG ObjectSize
,
3460 IN ULONG PagedPoolCharge OPTIONAL
,
3461 IN ULONG NonPagedPoolCharge OPTIONAL
,
3468 ObGetObjectPointerCount (
3477 IN PACCESS_STATE PassedAccessState OPTIONAL
,
3478 IN ACCESS_MASK DesiredAccess
,
3479 IN ULONG AdditionalReferences
,
3480 OUT PVOID
*ReferencedObject OPTIONAL
,
3487 ObMakeTemporaryObject (
3494 ObOpenObjectByPointer (
3496 IN ULONG HandleAttributes
,
3497 IN PACCESS_STATE PassedAccessState OPTIONAL
,
3498 IN ACCESS_MASK DesiredAccess OPTIONAL
,
3499 IN POBJECT_TYPE ObjectType OPTIONAL
,
3500 IN KPROCESSOR_MODE AccessMode
,
3509 OUT POBJECT_NAME_INFORMATION ObjectNameInfo
,
3511 OUT PULONG ReturnLength
3517 ObQueryObjectAuditingByHandle (
3519 OUT PBOOLEAN GenerateOnClose
3525 ObReferenceObjectByName (
3526 IN PUNICODE_STRING ObjectName
,
3527 IN ULONG Attributes
,
3528 IN PACCESS_STATE PassedAccessState OPTIONAL
,
3529 IN ACCESS_MASK DesiredAccess OPTIONAL
,
3530 IN POBJECT_TYPE ObjectType
,
3531 IN KPROCESSOR_MODE AccessMode
,
3532 IN OUT PVOID ParseContext OPTIONAL
,
3539 PsAssignImpersonationToken (
3548 IN PEPROCESS Process
,
3549 IN POOL_TYPE PoolType
,
3556 PsChargeProcessPoolQuota (
3557 IN PEPROCESS Process
,
3558 IN POOL_TYPE PoolType
,
3562 #define PsDereferenceImpersonationToken(T) \
3563 {if (ARGUMENT_PRESENT(T)) { \
3564 (ObDereferenceObject((T))); \
3570 #define PsDereferencePrimaryToken(T) (ObDereferenceObject((T)))
3575 PsDisableImpersonation(
3577 IN PSE_IMPERSONATION_STATE ImpersonationState
3583 PsGetProcessExitTime (
3590 PsImpersonateClient(
3592 IN PACCESS_TOKEN Token
,
3593 IN BOOLEAN CopyOnOpen
,
3594 IN BOOLEAN EffectiveOnly
,
3595 IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
3608 PsIsThreadTerminating (
3615 PsLookupProcessByProcessId (
3616 IN HANDLE ProcessId
,
3617 OUT PEPROCESS
*Process
3623 PsLookupProcessThreadByCid (
3625 OUT PEPROCESS
*Process OPTIONAL
,
3626 OUT PETHREAD
*Thread
3632 PsLookupThreadByThreadId (
3633 IN HANDLE UniqueThreadId
,
3634 OUT PETHREAD
*Thread
3640 PsReferenceImpersonationToken (
3642 OUT PBOOLEAN CopyOnUse
,
3643 OUT PBOOLEAN EffectiveOnly
,
3644 OUT PSECURITY_IMPERSONATION_LEVEL Level
3650 PsReferencePrimaryToken (
3651 IN PEPROCESS Process
3657 PsRestoreImpersonation(
3659 IN PSE_IMPERSONATION_STATE ImpersonationState
3666 IN PEPROCESS Process
,
3667 IN POOL_TYPE PoolType
,
3681 RtlAbsoluteToSelfRelativeSD (
3682 IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor
,
3683 IN OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor
,
3684 IN PULONG BufferLength
3691 IN HANDLE HeapHandle
,
3700 IN USHORT CompressionFormatAndEngine
,
3701 IN PUCHAR UncompressedBuffer
,
3702 IN ULONG UncompressedBufferSize
,
3703 OUT PUCHAR CompressedBuffer
,
3704 IN ULONG CompressedBufferSize
,
3705 IN ULONG UncompressedChunkSize
,
3706 OUT PULONG FinalCompressedSize
,
3714 IN PUCHAR UncompressedBuffer
,
3715 IN ULONG UncompressedBufferSize
,
3716 OUT PUCHAR CompressedBuffer
,
3717 IN ULONG CompressedBufferSize
,
3718 IN OUT PCOMPRESSED_DATA_INFO CompressedDataInfo
,
3719 IN ULONG CompressedDataInfoLength
,
3726 RtlConvertSidToUnicodeString (
3727 OUT PUNICODE_STRING DestinationString
,
3729 IN BOOLEAN AllocateDestinationString
3737 IN PSID Destination
,
3744 RtlCreateUnicodeString(
3745 PUNICODE_STRING DestinationString
,
3752 RtlDecompressBuffer (
3753 IN USHORT CompressionFormat
,
3754 OUT PUCHAR UncompressedBuffer
,
3755 IN ULONG UncompressedBufferSize
,
3756 IN PUCHAR CompressedBuffer
,
3757 IN ULONG CompressedBufferSize
,
3758 OUT PULONG FinalUncompressedSize
3764 RtlDecompressChunks (
3765 OUT PUCHAR UncompressedBuffer
,
3766 IN ULONG UncompressedBufferSize
,
3767 IN PUCHAR CompressedBuffer
,
3768 IN ULONG CompressedBufferSize
,
3769 IN PUCHAR CompressedTail
,
3770 IN ULONG CompressedTailSize
,
3771 IN PCOMPRESSED_DATA_INFO CompressedDataInfo
3777 RtlDecompressFragment (
3778 IN USHORT CompressionFormat
,
3779 OUT PUCHAR UncompressedFragment
,
3780 IN ULONG UncompressedFragmentSize
,
3781 IN PUCHAR CompressedBuffer
,
3782 IN ULONG CompressedBufferSize
,
3783 IN ULONG FragmentOffset
,
3784 OUT PULONG FinalUncompressedSize
,
3792 IN USHORT CompressionFormat
,
3793 IN OUT PUCHAR
*CompressedBuffer
,
3794 IN PUCHAR EndOfCompressedBufferPlus1
,
3795 OUT PUCHAR
*ChunkBuffer
,
3796 OUT PULONG ChunkSize
3802 RtlDowncaseUnicodeString(
3803 IN OUT PUNICODE_STRING UniDest
,
3804 IN PCUNICODE_STRING UniSource
,
3805 IN BOOLEAN AllocateDestinationString
3811 RtlDuplicateUnicodeString(
3813 IN PCUNICODE_STRING SourceString
,
3814 OUT PUNICODE_STRING DestinationString
3828 RtlFillMemoryUlong (
3829 IN PVOID Destination
,
3838 IN HANDLE HeapHandle
,
3846 RtlGenerate8dot3Name (
3847 IN PUNICODE_STRING Name
,
3848 IN BOOLEAN AllowExtendedCharacters
,
3849 IN OUT PGENERATE_NAME_CONTEXT Context
,
3850 OUT PUNICODE_STRING Name8dot3
3856 RtlGetCompressionWorkSpaceSize (
3857 IN USHORT CompressionFormatAndEngine
,
3858 OUT PULONG CompressBufferWorkSpaceSize
,
3859 OUT PULONG CompressFragmentWorkSpaceSize
3865 RtlGetDaclSecurityDescriptor (
3866 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
3867 OUT PBOOLEAN DaclPresent
,
3869 OUT PBOOLEAN DaclDefaulted
3875 RtlGetGroupSecurityDescriptor (
3876 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
3878 OUT PBOOLEAN GroupDefaulted
3884 RtlGetOwnerSecurityDescriptor (
3885 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
3887 OUT PBOOLEAN OwnerDefaulted
3895 IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority
,
3896 IN UCHAR SubAuthorityCount
3902 RtlIsNameLegalDOS8Dot3(
3903 IN PCUNICODE_STRING Name
,
3904 IN OUT POEM_STRING OemName OPTIONAL
,
3905 IN OUT PBOOLEAN NameContainsSpaces OPTIONAL
3911 RtlLengthRequiredSid (
3912 IN ULONG SubAuthorityCount
3925 RtlNtStatusToDosError (
3933 IN USHORT CompressionFormat
,
3934 IN OUT PUCHAR
*CompressedBuffer
,
3935 IN PUCHAR EndOfCompressedBufferPlus1
,
3936 OUT PUCHAR
*ChunkBuffer
,
3943 RtlSecondsSince1970ToTime (
3944 IN ULONG SecondsSince1970
,
3945 OUT PLARGE_INTEGER Time
3951 RtlSetGroupSecurityDescriptor (
3952 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
3954 IN BOOLEAN GroupDefaulted
3960 RtlSetOwnerSecurityDescriptor (
3961 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
3963 IN BOOLEAN OwnerDefaulted
3969 RtlSetSaclSecurityDescriptor (
3970 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
3971 IN BOOLEAN SaclPresent
,
3973 IN BOOLEAN SaclDefaulted
3979 RtlSubAuthorityCountSid (
3986 RtlSubAuthoritySid (
3988 IN ULONG SubAuthority
3991 /* RTL Splay Tree Functions */
3995 RtlSplay(PRTL_SPLAY_LINKS Links
);
4000 RtlDelete(PRTL_SPLAY_LINKS Links
);
4006 PRTL_SPLAY_LINKS Links
,
4007 PRTL_SPLAY_LINKS
*Root
4013 RtlSubtreeSuccessor(PRTL_SPLAY_LINKS Links
);
4018 RtlSubtreePredecessor(PRTL_SPLAY_LINKS Links
);
4023 RtlRealSuccessor(PRTL_SPLAY_LINKS Links
);
4028 RtlRealPredecessor(PRTL_SPLAY_LINKS Links
);
4030 #define RtlIsLeftChild(Links) \
4031 (RtlLeftChild(RtlParent(Links)) == (PRTL_SPLAY_LINKS)(Links))
4033 #define RtlIsRightChild(Links) \
4034 (RtlRightChild(RtlParent(Links)) == (PRTL_SPLAY_LINKS)(Links))
4036 #define RtlRightChild(Links) \
4037 ((PRTL_SPLAY_LINKS)(Links))->RightChild
4039 #define RtlIsRoot(Links) \
4040 (RtlParent(Links) == (PRTL_SPLAY_LINKS)(Links))
4042 #define RtlLeftChild(Links) \
4043 ((PRTL_SPLAY_LINKS)(Links))->LeftChild
4045 #define RtlParent(Links) \
4046 ((PRTL_SPLAY_LINKS)(Links))->Parent
4048 #define RtlInitializeSplayLinks(Links) \
4050 PRTL_SPLAY_LINKS _SplayLinks; \
4051 _SplayLinks = (PRTL_SPLAY_LINKS)(Links); \
4052 _SplayLinks->Parent = _SplayLinks; \
4053 _SplayLinks->LeftChild = NULL; \
4054 _SplayLinks->RightChild = NULL; \
4057 #define RtlInsertAsLeftChild(ParentLinks,ChildLinks) \
4059 PRTL_SPLAY_LINKS _SplayParent; \
4060 PRTL_SPLAY_LINKS _SplayChild; \
4061 _SplayParent = (PRTL_SPLAY_LINKS)(ParentLinks); \
4062 _SplayChild = (PRTL_SPLAY_LINKS)(ChildLinks); \
4063 _SplayParent->LeftChild = _SplayChild; \
4064 _SplayChild->Parent = _SplayParent; \
4067 #define RtlInsertAsRightChild(ParentLinks,ChildLinks) \
4069 PRTL_SPLAY_LINKS _SplayParent; \
4070 PRTL_SPLAY_LINKS _SplayChild; \
4071 _SplayParent = (PRTL_SPLAY_LINKS)(ParentLinks); \
4072 _SplayChild = (PRTL_SPLAY_LINKS)(ChildLinks); \
4073 _SplayParent->RightChild = _SplayChild; \
4074 _SplayChild->Parent = _SplayParent; \
4087 SeAppendPrivileges (
4088 PACCESS_STATE AccessState
,
4089 PPRIVILEGE_SET Privileges
4095 SeAuditingFileEvents (
4096 IN BOOLEAN AccessGranted
,
4097 IN PSECURITY_DESCRIPTOR SecurityDescriptor
4103 SeAuditingFileOrGlobalEvents (
4104 IN BOOLEAN AccessGranted
,
4105 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
4106 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
4112 SeCaptureSubjectContext (
4113 OUT PSECURITY_SUBJECT_CONTEXT SubjectContext
4119 SeCreateClientSecurity (
4121 IN PSECURITY_QUALITY_OF_SERVICE QualityOfService
,
4122 IN BOOLEAN RemoteClient
,
4123 OUT PSECURITY_CLIENT_CONTEXT ClientContext
4126 #if (VER_PRODUCTBUILD >= 2195)
4131 SeCreateClientSecurityFromSubjectContext (
4132 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
,
4133 IN PSECURITY_QUALITY_OF_SERVICE QualityOfService
,
4134 IN BOOLEAN ServerIsRemote
,
4135 OUT PSECURITY_CLIENT_CONTEXT ClientContext
4138 #endif /* (VER_PRODUCTBUILD >= 2195) */
4140 #define SeDeleteClientSecurity(C) { \
4141 if (SeTokenType((C)->ClientToken) == TokenPrimary) { \
4142 PsDereferencePrimaryToken( (C)->ClientToken ); \
4144 PsDereferenceImpersonationToken( (C)->ClientToken ); \
4151 SeDeleteObjectAuditAlarm (
4156 #define SeEnableAccessToExports() SeExports = *(PSE_EXPORTS *)SeExports;
4162 IN PPRIVILEGE_SET Privileges
4168 SeImpersonateClient (
4169 IN PSECURITY_CLIENT_CONTEXT ClientContext
,
4170 IN PETHREAD ServerThread OPTIONAL
4173 #if (VER_PRODUCTBUILD >= 2195)
4178 SeImpersonateClientEx (
4179 IN PSECURITY_CLIENT_CONTEXT ClientContext
,
4180 IN PETHREAD ServerThread OPTIONAL
4183 #endif /* (VER_PRODUCTBUILD >= 2195) */
4188 SeLockSubjectContext (
4189 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
4195 SeMarkLogonSessionForTerminationNotification (
4202 SeOpenObjectAuditAlarm (
4203 IN PUNICODE_STRING ObjectTypeName
,
4204 IN PVOID Object OPTIONAL
,
4205 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL
,
4206 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
4207 IN PACCESS_STATE AccessState
,
4208 IN BOOLEAN ObjectCreated
,
4209 IN BOOLEAN AccessGranted
,
4210 IN KPROCESSOR_MODE AccessMode
,
4211 OUT PBOOLEAN GenerateOnClose
4217 SeOpenObjectForDeleteAuditAlarm (
4218 IN PUNICODE_STRING ObjectTypeName
,
4219 IN PVOID Object OPTIONAL
,
4220 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL
,
4221 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
4222 IN PACCESS_STATE AccessState
,
4223 IN BOOLEAN ObjectCreated
,
4224 IN BOOLEAN AccessGranted
,
4225 IN KPROCESSOR_MODE AccessMode
,
4226 OUT PBOOLEAN GenerateOnClose
4233 IN OUT PPRIVILEGE_SET RequiredPrivileges
,
4234 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
,
4235 IN KPROCESSOR_MODE AccessMode
4241 SeQueryAuthenticationIdToken (
4242 IN PACCESS_TOKEN Token
,
4246 #if (VER_PRODUCTBUILD >= 2195)
4251 SeQueryInformationToken (
4252 IN PACCESS_TOKEN Token
,
4253 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
4254 OUT PVOID
*TokenInformation
4257 #endif /* (VER_PRODUCTBUILD >= 2195) */
4262 SeQuerySecurityDescriptorInfo (
4263 IN PSECURITY_INFORMATION SecurityInformation
,
4264 OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
4265 IN OUT PULONG Length
,
4266 IN PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
4269 #if (VER_PRODUCTBUILD >= 2195)
4274 SeQuerySessionIdToken (
4275 IN PACCESS_TOKEN Token
,
4279 #endif /* (VER_PRODUCTBUILD >= 2195) */
4281 #define SeQuerySubjectContextToken( SubjectContext ) \
4282 ( ARGUMENT_PRESENT( \
4283 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken \
4285 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken : \
4286 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->PrimaryToken )
4288 typedef NTSTATUS (*PSE_LOGON_SESSION_TERMINATED_ROUTINE
) (
4295 SeRegisterLogonSessionTerminatedRoutine (
4296 IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
4302 SeReleaseSubjectContext (
4303 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
4309 SeSetAccessStateGenericMapping (
4310 PACCESS_STATE AccessState
,
4311 PGENERIC_MAPPING GenericMapping
4317 SeSetSecurityDescriptorInfo (
4318 IN PVOID Object OPTIONAL
,
4319 IN PSECURITY_INFORMATION SecurityInformation
,
4320 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
4321 IN OUT PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
,
4322 IN POOL_TYPE PoolType
,
4323 IN PGENERIC_MAPPING GenericMapping
4326 #if (VER_PRODUCTBUILD >= 2195)
4331 SeSetSecurityDescriptorInfoEx (
4332 IN PVOID Object OPTIONAL
,
4333 IN PSECURITY_INFORMATION SecurityInformation
,
4334 IN PSECURITY_DESCRIPTOR ModificationDescriptor
,
4335 IN OUT PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
,
4336 IN ULONG AutoInheritFlags
,
4337 IN POOL_TYPE PoolType
,
4338 IN PGENERIC_MAPPING GenericMapping
4345 IN PACCESS_TOKEN Token
4351 SeTokenIsRestricted (
4352 IN PACCESS_TOKEN Token
4355 #endif /* (VER_PRODUCTBUILD >= 2195) */
4361 IN PACCESS_TOKEN Token
4367 SeUnlockSubjectContext (
4368 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
4374 SeUnregisterLogonSessionTerminatedRoutine (
4375 IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
4378 #if (VER_PRODUCTBUILD >= 2195)
4383 ZwAdjustPrivilegesToken (
4384 IN HANDLE TokenHandle
,
4385 IN BOOLEAN DisableAllPrivileges
,
4386 IN PTOKEN_PRIVILEGES NewState
,
4387 IN ULONG BufferLength
,
4388 OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL
,
4389 OUT PULONG ReturnLength
4392 #endif /* (VER_PRODUCTBUILD >= 2195) */
4398 IN HANDLE ThreadHandle
4404 ZwAllocateVirtualMemory (
4405 IN HANDLE ProcessHandle
,
4406 IN OUT PVOID
*BaseAddress
,
4408 IN OUT PULONG RegionSize
,
4409 IN ULONG AllocationType
,
4416 ZwAccessCheckAndAuditAlarm (
4417 IN PUNICODE_STRING SubsystemName
,
4419 IN PUNICODE_STRING ObjectTypeName
,
4420 IN PUNICODE_STRING ObjectName
,
4421 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
4422 IN ACCESS_MASK DesiredAccess
,
4423 IN PGENERIC_MAPPING GenericMapping
,
4424 IN BOOLEAN ObjectCreation
,
4425 OUT PACCESS_MASK GrantedAccess
,
4426 OUT PBOOLEAN AccessStatus
,
4427 OUT PBOOLEAN GenerateOnClose
4430 #if (VER_PRODUCTBUILD >= 2195)
4436 IN HANDLE FileHandle
,
4437 OUT PIO_STATUS_BLOCK IoStatusBlock
4440 #endif /* (VER_PRODUCTBUILD >= 2195) */
4446 IN HANDLE EventHandle
4452 ZwCloseObjectAuditAlarm (
4453 IN PUNICODE_STRING SubsystemName
,
4455 IN BOOLEAN GenerateOnClose
4462 OUT PHANDLE SectionHandle
,
4463 IN ACCESS_MASK DesiredAccess
,
4464 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
4465 IN PLARGE_INTEGER MaximumSize OPTIONAL
,
4466 IN ULONG SectionPageProtection
,
4467 IN ULONG AllocationAttributes
,
4468 IN HANDLE FileHandle OPTIONAL
4474 ZwCreateSymbolicLinkObject (
4475 OUT PHANDLE SymbolicLinkHandle
,
4476 IN ACCESS_MASK DesiredAccess
,
4477 IN POBJECT_ATTRIBUTES ObjectAttributes
,
4478 IN PUNICODE_STRING TargetName
4485 IN POBJECT_ATTRIBUTES ObjectAttributes
4493 IN PUNICODE_STRING Name
4499 ZwDeviceIoControlFile (
4500 IN HANDLE FileHandle
,
4501 IN HANDLE Event OPTIONAL
,
4502 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
4503 IN PVOID ApcContext OPTIONAL
,
4504 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4505 IN ULONG IoControlCode
,
4506 IN PVOID InputBuffer OPTIONAL
,
4507 IN ULONG InputBufferLength
,
4508 OUT PVOID OutputBuffer OPTIONAL
,
4509 IN ULONG OutputBufferLength
4516 IN PUNICODE_STRING String
4523 IN HANDLE SourceProcessHandle
,
4524 IN HANDLE SourceHandle
,
4525 IN HANDLE TargetProcessHandle OPTIONAL
,
4526 OUT PHANDLE TargetHandle OPTIONAL
,
4527 IN ACCESS_MASK DesiredAccess
,
4528 IN ULONG HandleAttributes
,
4536 IN HANDLE ExistingTokenHandle
,
4537 IN ACCESS_MASK DesiredAccess
,
4538 IN POBJECT_ATTRIBUTES ObjectAttributes
,
4539 IN BOOLEAN EffectiveOnly
,
4540 IN TOKEN_TYPE TokenType
,
4541 OUT PHANDLE NewTokenHandle
4547 ZwFlushInstructionCache (
4548 IN HANDLE ProcessHandle
,
4549 IN PVOID BaseAddress OPTIONAL
,
4557 IN HANDLE FileHandle
,
4558 OUT PIO_STATUS_BLOCK IoStatusBlock
4561 #if (VER_PRODUCTBUILD >= 2195)
4566 ZwFlushVirtualMemory (
4567 IN HANDLE ProcessHandle
,
4568 IN OUT PVOID
*BaseAddress
,
4569 IN OUT PULONG FlushSize
,
4570 OUT PIO_STATUS_BLOCK IoStatusBlock
4573 #endif /* (VER_PRODUCTBUILD >= 2195) */
4578 ZwFreeVirtualMemory (
4579 IN HANDLE ProcessHandle
,
4580 IN OUT PVOID
*BaseAddress
,
4581 IN OUT PULONG RegionSize
,
4589 IN HANDLE FileHandle
,
4590 IN HANDLE Event OPTIONAL
,
4591 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
4592 IN PVOID ApcContext OPTIONAL
,
4593 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4594 IN ULONG FsControlCode
,
4595 IN PVOID InputBuffer OPTIONAL
,
4596 IN ULONG InputBufferLength
,
4597 OUT PVOID OutputBuffer OPTIONAL
,
4598 IN ULONG OutputBufferLength
4601 #if (VER_PRODUCTBUILD >= 2195)
4606 ZwInitiatePowerAction (
4607 IN POWER_ACTION SystemAction
,
4608 IN SYSTEM_POWER_STATE MinSystemState
,
4610 IN BOOLEAN Asynchronous
4613 #endif /* (VER_PRODUCTBUILD >= 2195) */
4619 /* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" */
4620 IN PUNICODE_STRING RegistryPath
4627 IN POBJECT_ATTRIBUTES KeyObjectAttributes
,
4628 IN POBJECT_ATTRIBUTES FileObjectAttributes
4635 IN HANDLE KeyHandle
,
4636 IN HANDLE EventHandle OPTIONAL
,
4637 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
4638 IN PVOID ApcContext OPTIONAL
,
4639 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4640 IN ULONG NotifyFilter
,
4641 IN BOOLEAN WatchSubtree
,
4643 IN ULONG BufferLength
,
4644 IN BOOLEAN Asynchronous
4650 ZwOpenDirectoryObject (
4651 OUT PHANDLE DirectoryHandle
,
4652 IN ACCESS_MASK DesiredAccess
,
4653 IN POBJECT_ATTRIBUTES ObjectAttributes
4660 OUT PHANDLE EventHandle
,
4661 IN ACCESS_MASK DesiredAccess
,
4662 IN POBJECT_ATTRIBUTES ObjectAttributes
4669 OUT PHANDLE ProcessHandle
,
4670 IN ACCESS_MASK DesiredAccess
,
4671 IN POBJECT_ATTRIBUTES ObjectAttributes
,
4672 IN PCLIENT_ID ClientId OPTIONAL
4678 ZwOpenProcessToken (
4679 IN HANDLE ProcessHandle
,
4680 IN ACCESS_MASK DesiredAccess
,
4681 OUT PHANDLE TokenHandle
4688 OUT PHANDLE ThreadHandle
,
4689 IN ACCESS_MASK DesiredAccess
,
4690 IN POBJECT_ATTRIBUTES ObjectAttributes
,
4691 IN PCLIENT_ID ClientId
4698 IN HANDLE ThreadHandle
,
4699 IN ACCESS_MASK DesiredAccess
,
4700 IN BOOLEAN OpenAsSelf
,
4701 OUT PHANDLE TokenHandle
4704 #if (VER_PRODUCTBUILD >= 2195)
4709 ZwPowerInformation (
4710 IN POWER_INFORMATION_LEVEL PowerInformationLevel
,
4711 IN PVOID InputBuffer OPTIONAL
,
4712 IN ULONG InputBufferLength
,
4713 OUT PVOID OutputBuffer OPTIONAL
,
4714 IN ULONG OutputBufferLength
4717 #endif /* (VER_PRODUCTBUILD >= 2195) */
4723 IN HANDLE EventHandle
,
4724 OUT PLONG PreviousState OPTIONAL
4730 ZwQueryDefaultLocale (
4731 IN BOOLEAN ThreadOrSystem
,
4738 ZwQueryDirectoryFile (
4739 IN HANDLE FileHandle
,
4740 IN HANDLE Event OPTIONAL
,
4741 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
4742 IN PVOID ApcContext OPTIONAL
,
4743 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4744 OUT PVOID FileInformation
,
4746 IN FILE_INFORMATION_CLASS FileInformationClass
,
4747 IN BOOLEAN ReturnSingleEntry
,
4748 IN PUNICODE_STRING FileName OPTIONAL
,
4749 IN BOOLEAN RestartScan
4752 #if (VER_PRODUCTBUILD >= 2195)
4757 ZwQueryDirectoryObject (
4758 IN HANDLE DirectoryHandle
,
4761 IN BOOLEAN ReturnSingleEntry
,
4762 IN BOOLEAN RestartScan
,
4763 IN OUT PULONG Context
,
4764 OUT PULONG ReturnLength OPTIONAL
4771 IN HANDLE FileHandle
,
4772 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4775 IN BOOLEAN ReturnSingleEntry
,
4776 IN PVOID EaList OPTIONAL
,
4777 IN ULONG EaListLength
,
4778 IN PULONG EaIndex OPTIONAL
,
4779 IN BOOLEAN RestartScan
4782 #endif /* (VER_PRODUCTBUILD >= 2195) */
4787 ZwQueryInformationProcess (
4788 IN HANDLE ProcessHandle
,
4789 IN PROCESSINFOCLASS ProcessInformationClass
,
4790 OUT PVOID ProcessInformation
,
4791 IN ULONG ProcessInformationLength
,
4792 OUT PULONG ReturnLength OPTIONAL
4798 ZwQueryInformationToken (
4799 IN HANDLE TokenHandle
,
4800 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
4801 OUT PVOID TokenInformation
,
4803 OUT PULONG ResultLength
4809 ZwQuerySecurityObject (
4810 IN HANDLE FileHandle
,
4811 IN SECURITY_INFORMATION SecurityInformation
,
4812 OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
4814 OUT PULONG ResultLength
4820 ZwQueryVolumeInformationFile (
4821 IN HANDLE FileHandle
,
4822 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4823 OUT PVOID FsInformation
,
4825 IN FS_INFORMATION_CLASS FsInformationClass
4832 IN POBJECT_ATTRIBUTES NewFileObjectAttributes
,
4833 IN HANDLE KeyHandle
,
4834 IN POBJECT_ATTRIBUTES OldFileObjectAttributes
4841 IN HANDLE EventHandle
,
4842 OUT PLONG PreviousState OPTIONAL
4845 #if (VER_PRODUCTBUILD >= 2195)
4851 IN HANDLE KeyHandle
,
4852 IN HANDLE FileHandle
,
4856 #endif /* (VER_PRODUCTBUILD >= 2195) */
4862 IN HANDLE KeyHandle
,
4863 IN HANDLE FileHandle
4869 ZwSetDefaultLocale (
4870 IN BOOLEAN ThreadOrSystem
,
4874 #if (VER_PRODUCTBUILD >= 2195)
4879 ZwSetDefaultUILanguage (
4880 IN LANGID LanguageId
4887 IN HANDLE FileHandle
,
4888 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4893 #endif /* (VER_PRODUCTBUILD >= 2195) */
4899 IN HANDLE EventHandle
,
4900 OUT PLONG PreviousState OPTIONAL
4906 ZwSetInformationProcess (
4907 IN HANDLE ProcessHandle
,
4908 IN PROCESSINFOCLASS ProcessInformationClass
,
4909 IN PVOID ProcessInformation
,
4910 IN ULONG ProcessInformationLength
4913 #if (VER_PRODUCTBUILD >= 2195)
4918 ZwSetSecurityObject (
4920 IN SECURITY_INFORMATION SecurityInformation
,
4921 IN PSECURITY_DESCRIPTOR SecurityDescriptor
4924 #endif /* (VER_PRODUCTBUILD >= 2195) */
4930 IN PLARGE_INTEGER NewTime
,
4931 OUT PLARGE_INTEGER OldTime OPTIONAL
4934 #if (VER_PRODUCTBUILD >= 2195)
4939 ZwSetVolumeInformationFile (
4940 IN HANDLE FileHandle
,
4941 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4942 IN PVOID FsInformation
,
4944 IN FS_INFORMATION_CLASS FsInformationClass
4947 #endif /* (VER_PRODUCTBUILD >= 2195) */
4952 ZwTerminateProcess (
4953 IN HANDLE ProcessHandle OPTIONAL
,
4954 IN NTSTATUS ExitStatus
4961 /* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" */
4962 IN PUNICODE_STRING RegistryPath
4969 IN POBJECT_ATTRIBUTES KeyObjectAttributes
4975 ZwWaitForSingleObject (
4977 IN BOOLEAN Alertable
,
4978 IN PLARGE_INTEGER Timeout OPTIONAL
4984 ZwWaitForMultipleObjects (
4985 IN ULONG HandleCount
,
4987 IN WAIT_TYPE WaitType
,
4988 IN BOOLEAN Alertable
,
4989 IN PLARGE_INTEGER Timeout OPTIONAL
5005 #endif /* _NTIFS_ */