4 * Windows NT Filesystem Driver Developer Kit
6 * This file is part of the w32api package.
9 * Created by Bo Brantén <bosse@acc.umu.se>
11 * THIS SOFTWARE IS NOT COPYRIGHTED
13 * This source code is offered for use in the public domain. You may
14 * use, modify or distribute it freely.
16 * This code is distributed in the hope that it will be useful but
17 * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
18 * DISCLAIMED. This includes but is not limited to warranties of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
28 #pragma GCC system_header
40 #define VER_PRODUCTBUILD 10000
47 #define NTKERNELAPI STDCALL
50 typedef struct _SE_EXPORTS
*PSE_EXPORTS
;
52 extern PUCHAR
*FsRtlLegalAnsiCharacterArray
;
53 extern PSE_EXPORTS SeExports
;
54 extern PACL SePublicDefaultDacl
;
55 extern PACL SeSystemDefaultDacl
;
57 #define ANSI_DOS_STAR ('<')
58 #define ANSI_DOS_QM ('>')
59 #define ANSI_DOS_DOT ('"')
61 #define DOS_STAR (L'<')
63 #define DOS_DOT (L'"')
66 #define ACCESS_ALLOWED_ACE_TYPE (0x0)
67 #define ACCESS_DENIED_ACE_TYPE (0x1)
68 #define SYSTEM_AUDIT_ACE_TYPE (0x2)
69 #define SYSTEM_ALARM_ACE_TYPE (0x3)
71 #define COMPRESSION_FORMAT_NONE (0x0000)
72 #define COMPRESSION_FORMAT_DEFAULT (0x0001)
73 #define COMPRESSION_FORMAT_LZNT1 (0x0002)
74 #define COMPRESSION_ENGINE_STANDARD (0x0000)
75 #define COMPRESSION_ENGINE_MAXIMUM (0x0100)
76 #define COMPRESSION_ENGINE_HIBER (0x0200)
78 #define FILE_ACTION_ADDED 0x00000001
79 #define FILE_ACTION_REMOVED 0x00000002
80 #define FILE_ACTION_MODIFIED 0x00000003
81 #define FILE_ACTION_RENAMED_OLD_NAME 0x00000004
82 #define FILE_ACTION_RENAMED_NEW_NAME 0x00000005
83 #define FILE_ACTION_ADDED_STREAM 0x00000006
84 #define FILE_ACTION_REMOVED_STREAM 0x00000007
85 #define FILE_ACTION_MODIFIED_STREAM 0x00000008
86 #define FILE_ACTION_REMOVED_BY_DELETE 0x00000009
87 #define FILE_ACTION_ID_NOT_TUNNELLED 0x0000000A
88 #define FILE_ACTION_TUNNELLED_ID_COLLISION 0x0000000B
91 #define FILE_EA_TYPE_BINARY 0xfffe
92 #define FILE_EA_TYPE_ASCII 0xfffd
93 #define FILE_EA_TYPE_BITMAP 0xfffb
94 #define FILE_EA_TYPE_METAFILE 0xfffa
95 #define FILE_EA_TYPE_ICON 0xfff9
96 #define FILE_EA_TYPE_EA 0xffee
97 #define FILE_EA_TYPE_MVMT 0xffdf
98 #define FILE_EA_TYPE_MVST 0xffde
99 #define FILE_EA_TYPE_ASN1 0xffdd
100 #define FILE_EA_TYPE_FAMILY_IDS 0xff01
102 #define FILE_NEED_EA 0x00000080
104 /* also in winnt.h */
105 #define FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001
106 #define FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002
107 #define FILE_NOTIFY_CHANGE_NAME 0x00000003
108 #define FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004
109 #define FILE_NOTIFY_CHANGE_SIZE 0x00000008
110 #define FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010
111 #define FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020
112 #define FILE_NOTIFY_CHANGE_CREATION 0x00000040
113 #define FILE_NOTIFY_CHANGE_EA 0x00000080
114 #define FILE_NOTIFY_CHANGE_SECURITY 0x00000100
115 #define FILE_NOTIFY_CHANGE_STREAM_NAME 0x00000200
116 #define FILE_NOTIFY_CHANGE_STREAM_SIZE 0x00000400
117 #define FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800
118 #define FILE_NOTIFY_VALID_MASK 0x00000fff
121 #define FILE_OPLOCK_BROKEN_TO_LEVEL_2 0x00000007
122 #define FILE_OPLOCK_BROKEN_TO_NONE 0x00000008
124 #define FILE_OPBATCH_BREAK_UNDERWAY 0x00000009
126 #define FILE_CASE_SENSITIVE_SEARCH 0x00000001
127 #define FILE_CASE_PRESERVED_NAMES 0x00000002
128 #define FILE_UNICODE_ON_DISK 0x00000004
129 #define FILE_PERSISTENT_ACLS 0x00000008
130 #define FILE_FILE_COMPRESSION 0x00000010
131 #define FILE_VOLUME_QUOTAS 0x00000020
132 #define FILE_SUPPORTS_SPARSE_FILES 0x00000040
133 #define FILE_SUPPORTS_REPARSE_POINTS 0x00000080
134 #define FILE_SUPPORTS_REMOTE_STORAGE 0x00000100
135 #define FS_LFN_APIS 0x00004000
136 #define FILE_VOLUME_IS_COMPRESSED 0x00008000
137 #define FILE_SUPPORTS_OBJECT_IDS 0x00010000
138 #define FILE_SUPPORTS_ENCRYPTION 0x00020000
139 #define FILE_NAMED_STREAMS 0x00040000
141 #define FILE_PIPE_BYTE_STREAM_TYPE 0x00000000
142 #define FILE_PIPE_MESSAGE_TYPE 0x00000001
144 #define FILE_PIPE_BYTE_STREAM_MODE 0x00000000
145 #define FILE_PIPE_MESSAGE_MODE 0x00000001
147 #define FILE_PIPE_QUEUE_OPERATION 0x00000000
148 #define FILE_PIPE_COMPLETE_OPERATION 0x00000001
150 #define FILE_PIPE_INBOUND 0x00000000
151 #define FILE_PIPE_OUTBOUND 0x00000001
152 #define FILE_PIPE_FULL_DUPLEX 0x00000002
154 #define FILE_PIPE_DISCONNECTED_STATE 0x00000001
155 #define FILE_PIPE_LISTENING_STATE 0x00000002
156 #define FILE_PIPE_CONNECTED_STATE 0x00000003
157 #define FILE_PIPE_CLOSING_STATE 0x00000004
159 #define FILE_PIPE_CLIENT_END 0x00000000
160 #define FILE_PIPE_SERVER_END 0x00000001
162 #define FILE_PIPE_READ_DATA 0x00000000
163 #define FILE_PIPE_WRITE_SPACE 0x00000001
165 #define FILE_STORAGE_TYPE_SPECIFIED 0x00000041 /* FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE */
166 #define FILE_STORAGE_TYPE_DEFAULT (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT)
167 #define FILE_STORAGE_TYPE_DIRECTORY (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT)
168 #define FILE_STORAGE_TYPE_FILE (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT)
169 #define FILE_STORAGE_TYPE_DOCFILE (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT)
170 #define FILE_STORAGE_TYPE_JUNCTION_POINT (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT)
171 #define FILE_STORAGE_TYPE_CATALOG (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT)
172 #define FILE_STORAGE_TYPE_STRUCTURED_STORAGE (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT)
173 #define FILE_STORAGE_TYPE_EMBEDDING (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT)
174 #define FILE_STORAGE_TYPE_STREAM (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT)
175 #define FILE_MINIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_DEFAULT
176 #define FILE_MAXIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_STREAM
177 #define FILE_STORAGE_TYPE_MASK 0x000f0000
178 #define FILE_STORAGE_TYPE_SHIFT 16
180 #define FILE_VC_QUOTA_NONE 0x00000000
181 #define FILE_VC_QUOTA_TRACK 0x00000001
182 #define FILE_VC_QUOTA_ENFORCE 0x00000002
183 #define FILE_VC_QUOTA_MASK 0x00000003
185 #define FILE_VC_QUOTAS_LOG_VIOLATIONS 0x00000004
186 #define FILE_VC_CONTENT_INDEX_DISABLED 0x00000008
188 #define FILE_VC_LOG_QUOTA_THRESHOLD 0x00000010
189 #define FILE_VC_LOG_QUOTA_LIMIT 0x00000020
190 #define FILE_VC_LOG_VOLUME_THRESHOLD 0x00000040
191 #define FILE_VC_LOG_VOLUME_LIMIT 0x00000080
193 #define FILE_VC_QUOTAS_INCOMPLETE 0x00000100
194 #define FILE_VC_QUOTAS_REBUILDING 0x00000200
196 #define FILE_VC_VALID_MASK 0x000003ff
198 #define FSRTL_FLAG_FILE_MODIFIED (0x01)
199 #define FSRTL_FLAG_FILE_LENGTH_CHANGED (0x02)
200 #define FSRTL_FLAG_LIMIT_MODIFIED_PAGES (0x04)
201 #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_EX (0x08)
202 #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_SH (0x10)
203 #define FSRTL_FLAG_USER_MAPPED_FILE (0x20)
204 #define FSRTL_FLAG_EOF_ADVANCE_ACTIVE (0x80)
206 #define FSRTL_FLAG2_DO_MODIFIED_WRITE (0x01)
208 #define FSRTL_FSP_TOP_LEVEL_IRP (0x01)
209 #define FSRTL_CACHE_TOP_LEVEL_IRP (0x02)
210 #define FSRTL_MOD_WRITE_TOP_LEVEL_IRP (0x03)
211 #define FSRTL_FAST_IO_TOP_LEVEL_IRP (0x04)
212 #define FSRTL_MAX_TOP_LEVEL_IRP_FLAG (0x04)
214 #define FSRTL_VOLUME_DISMOUNT 1
215 #define FSRTL_VOLUME_DISMOUNT_FAILED 2
216 #define FSRTL_VOLUME_LOCK 3
217 #define FSRTL_VOLUME_LOCK_FAILED 4
218 #define FSRTL_VOLUME_UNLOCK 5
219 #define FSRTL_VOLUME_MOUNT 6
221 #define FSRTL_WILD_CHARACTER 0x08
224 #define HARDWARE_PTE HARDWARE_PTE_X86
225 #define PHARDWARE_PTE PHARDWARE_PTE_X86
227 #define HARDWARE_PTE ULONG
228 #define PHARDWARE_PTE PULONG
231 #define IO_CHECK_CREATE_PARAMETERS 0x0200
232 #define IO_ATTACH_DEVICE 0x0400
234 #define IO_ATTACH_DEVICE_API 0x80000000
235 /* also in winnt.h */
236 #define IO_COMPLETION_QUERY_STATE 0x0001
237 #define IO_COMPLETION_MODIFY_STATE 0x0002
238 #define IO_COMPLETION_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|0x3)
240 #define IO_FILE_OBJECT_NON_PAGED_POOL_CHARGE 64
241 #define IO_FILE_OBJECT_PAGED_POOL_CHARGE 1024
243 #define IO_TYPE_APC 18
244 #define IO_TYPE_DPC 19
245 #define IO_TYPE_DEVICE_QUEUE 20
246 #define IO_TYPE_EVENT_PAIR 21
247 #define IO_TYPE_INTERRUPT 22
248 #define IO_TYPE_PROFILE 23
250 #define IRP_BEING_VERIFIED 0x10
252 #define MAILSLOT_CLASS_FIRSTCLASS 1
253 #define MAILSLOT_CLASS_SECONDCLASS 2
255 #define MAILSLOT_SIZE_AUTO 0
257 #define MAP_PROCESS 1L
258 #define MAP_SYSTEM 2L
259 #define MEM_DOS_LIM 0x40000000
260 /* also in winnt.h */
261 #define MEM_IMAGE SEC_IMAGE
263 #define OB_TYPE_TYPE 1
264 #define OB_TYPE_DIRECTORY 2
265 #define OB_TYPE_SYMBOLIC_LINK 3
266 #define OB_TYPE_TOKEN 4
267 #define OB_TYPE_PROCESS 5
268 #define OB_TYPE_THREAD 6
269 #define OB_TYPE_EVENT 7
270 #define OB_TYPE_EVENT_PAIR 8
271 #define OB_TYPE_MUTANT 9
272 #define OB_TYPE_SEMAPHORE 10
273 #define OB_TYPE_TIMER 11
274 #define OB_TYPE_PROFILE 12
275 #define OB_TYPE_WINDOW_STATION 13
276 #define OB_TYPE_DESKTOP 14
277 #define OB_TYPE_SECTION 15
278 #define OB_TYPE_KEY 16
279 #define OB_TYPE_PORT 17
280 #define OB_TYPE_ADAPTER 18
281 #define OB_TYPE_CONTROLLER 19
282 #define OB_TYPE_DEVICE 20
283 #define OB_TYPE_DRIVER 21
284 #define OB_TYPE_IO_COMPLETION 22
285 #define OB_TYPE_FILE 23
288 #define PIN_EXCLUSIVE (2)
289 #define PIN_NO_READ (4)
290 #define PIN_IF_BCB (8)
292 #define PORT_CONNECT 0x0001
293 #define PORT_ALL_ACCESS (STANDARD_RIGHTS_ALL |\
295 /* also in winnt.h */
296 #define SEC_BASED 0x00200000
297 #define SEC_NO_CHANGE 0x00400000
298 #define SEC_FILE 0x00800000
299 #define SEC_IMAGE 0x01000000
300 #define SEC_VLM 0x02000000
301 #define SEC_RESERVE 0x04000000
302 #define SEC_COMMIT 0x08000000
303 #define SEC_NOCACHE 0x10000000
305 #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
306 #define SECURITY_WORLD_RID (0x00000000L)
308 #define SID_REVISION 1
310 #define TOKEN_ASSIGN_PRIMARY (0x0001)
311 #define TOKEN_DUPLICATE (0x0002)
312 #define TOKEN_IMPERSONATE (0x0004)
313 #define TOKEN_QUERY (0x0008)
314 #define TOKEN_QUERY_SOURCE (0x0010)
315 #define TOKEN_ADJUST_PRIVILEGES (0x0020)
316 #define TOKEN_ADJUST_GROUPS (0x0040)
317 #define TOKEN_ADJUST_DEFAULT (0x0080)
319 #define TOKEN_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED |\
320 TOKEN_ASSIGN_PRIMARY |\
324 TOKEN_QUERY_SOURCE |\
325 TOKEN_ADJUST_PRIVILEGES |\
326 TOKEN_ADJUST_GROUPS |\
327 TOKEN_ADJUST_DEFAULT)
329 #define TOKEN_READ (STANDARD_RIGHTS_READ |\
332 #define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\
333 TOKEN_ADJUST_PRIVILEGES |\
334 TOKEN_ADJUST_GROUPS |\
335 TOKEN_ADJUST_DEFAULT)
337 #define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE)
339 #define TOKEN_SOURCE_LENGTH 8
342 #define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x01
343 #define TOKEN_HAS_BACKUP_PRIVILEGE 0x02
344 #define TOKEN_HAS_RESTORE_PRIVILEGE 0x04
345 #define TOKEN_HAS_ADMIN_GROUP 0x08
346 #define TOKEN_IS_RESTRICTED 0x10
348 #define VACB_MAPPING_GRANULARITY (0x40000)
349 #define VACB_OFFSET_SHIFT (18)
351 #define FSCTL_REQUEST_OPLOCK_LEVEL_1 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
352 #define FSCTL_REQUEST_OPLOCK_LEVEL_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
353 #define FSCTL_REQUEST_BATCH_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
354 #define FSCTL_OPLOCK_BREAK_ACKNOWLEDGE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 3, METHOD_BUFFERED, FILE_ANY_ACCESS)
355 #define FSCTL_OPBATCH_ACK_CLOSE_PENDING CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
356 #define FSCTL_OPLOCK_BREAK_NOTIFY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 5, METHOD_BUFFERED, FILE_ANY_ACCESS)
357 #define FSCTL_LOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
358 #define FSCTL_UNLOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
359 #define FSCTL_DISMOUNT_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
361 #define FSCTL_IS_VOLUME_MOUNTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 10, METHOD_BUFFERED, FILE_ANY_ACCESS)
362 #define FSCTL_IS_PATHNAME_VALID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 11, METHOD_BUFFERED, FILE_ANY_ACCESS)
363 #define FSCTL_MARK_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 12, METHOD_BUFFERED, FILE_ANY_ACCESS)
365 #define FSCTL_QUERY_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 14, METHOD_NEITHER, FILE_ANY_ACCESS)
366 #define FSCTL_GET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 15, METHOD_BUFFERED, FILE_ANY_ACCESS)
367 #define FSCTL_SET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 16, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
370 #define FSCTL_MARK_AS_SYSTEM_HIVE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 19, METHOD_NEITHER, FILE_ANY_ACCESS)
371 #define FSCTL_OPLOCK_BREAK_ACK_NO_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 20, METHOD_BUFFERED, FILE_ANY_ACCESS)
372 #define FSCTL_INVALIDATE_VOLUMES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 21, METHOD_BUFFERED, FILE_ANY_ACCESS)
373 #define FSCTL_QUERY_FAT_BPB CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 22, METHOD_BUFFERED, FILE_ANY_ACCESS)
374 #define FSCTL_REQUEST_FILTER_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 23, METHOD_BUFFERED, FILE_ANY_ACCESS)
375 #define FSCTL_FILESYSTEM_GET_STATISTICS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 24, METHOD_BUFFERED, FILE_ANY_ACCESS)
377 #if (VER_PRODUCTBUILD >= 1381)
379 #define FSCTL_GET_NTFS_VOLUME_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 25, METHOD_BUFFERED, FILE_ANY_ACCESS)
380 #define FSCTL_GET_NTFS_FILE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 26, METHOD_BUFFERED, FILE_ANY_ACCESS)
381 #define FSCTL_GET_VOLUME_BITMAP CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 27, METHOD_NEITHER, FILE_ANY_ACCESS)
382 #define FSCTL_GET_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 28, METHOD_NEITHER, FILE_ANY_ACCESS)
383 #define FSCTL_MOVE_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 29, METHOD_BUFFERED, FILE_ANY_ACCESS)
384 #define FSCTL_IS_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 30, METHOD_BUFFERED, FILE_ANY_ACCESS)
385 #define FSCTL_GET_HFS_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS)
386 #define FSCTL_ALLOW_EXTENDED_DASD_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 32, METHOD_NEITHER, FILE_ANY_ACCESS)
388 #endif /* (VER_PRODUCTBUILD >= 1381) */
390 #if (VER_PRODUCTBUILD >= 2195)
392 #define FSCTL_READ_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS)
393 #define FSCTL_WRITE_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS)
394 #define FSCTL_FIND_FILES_BY_SID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 35, METHOD_NEITHER, FILE_ANY_ACCESS)
396 #define FSCTL_DUMP_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS)
397 #define FSCTL_SET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 38, METHOD_BUFFERED, FILE_WRITE_DATA)
398 #define FSCTL_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 39, METHOD_BUFFERED, FILE_ANY_ACCESS)
399 #define FSCTL_DELETE_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 40, METHOD_BUFFERED, FILE_WRITE_DATA)
400 #define FSCTL_SET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 41, METHOD_BUFFERED, FILE_WRITE_DATA)
401 #define FSCTL_GET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 42, METHOD_BUFFERED, FILE_ANY_ACCESS)
402 #define FSCTL_DELETE_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 43, METHOD_BUFFERED, FILE_WRITE_DATA)
403 #define FSCTL_ENUM_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 44, METHOD_NEITHER, FILE_READ_DATA)
404 #define FSCTL_SECURITY_ID_CHECK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 45, METHOD_NEITHER, FILE_READ_DATA)
405 #define FSCTL_READ_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 46, METHOD_NEITHER, FILE_READ_DATA)
406 #define FSCTL_SET_OBJECT_ID_EXTENDED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 47, METHOD_BUFFERED, FILE_WRITE_DATA)
407 #define FSCTL_CREATE_OR_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 48, METHOD_BUFFERED, FILE_ANY_ACCESS)
408 #define FSCTL_SET_SPARSE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 49, METHOD_BUFFERED, FILE_WRITE_DATA)
409 #define FSCTL_SET_ZERO_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 50, METHOD_BUFFERED, FILE_WRITE_DATA)
410 #define FSCTL_QUERY_ALLOCATED_RANGES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 51, METHOD_NEITHER, FILE_READ_DATA)
411 #define FSCTL_ENABLE_UPGRADE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 52, METHOD_BUFFERED, FILE_WRITE_DATA)
412 #define FSCTL_SET_ENCRYPTION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 53, METHOD_BUFFERED, FILE_ANY_ACCESS)
413 #define FSCTL_ENCRYPTION_FSCTL_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 54, METHOD_NEITHER, FILE_ANY_ACCESS)
414 #define FSCTL_WRITE_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 55, METHOD_NEITHER, FILE_ANY_ACCESS)
415 #define FSCTL_READ_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 56, METHOD_NEITHER, FILE_ANY_ACCESS)
416 #define FSCTL_CREATE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 57, METHOD_NEITHER, FILE_READ_DATA)
417 #define FSCTL_READ_FILE_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 58, METHOD_NEITHER, FILE_READ_DATA)
418 #define FSCTL_WRITE_USN_CLOSE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 59, METHOD_NEITHER, FILE_READ_DATA)
419 #define FSCTL_EXTEND_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 60, METHOD_BUFFERED, FILE_ANY_ACCESS)
420 #define FSCTL_QUERY_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 61, METHOD_BUFFERED, FILE_ANY_ACCESS)
421 #define FSCTL_DELETE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 62, METHOD_BUFFERED, FILE_ANY_ACCESS)
422 #define FSCTL_MARK_HANDLE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 63, METHOD_BUFFERED, FILE_ANY_ACCESS)
423 #define FSCTL_SIS_COPYFILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 64, METHOD_BUFFERED, FILE_ANY_ACCESS)
424 #define FSCTL_SIS_LINK_FILES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 65, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
425 #define FSCTL_HSM_MSG CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
426 #define FSCTL_NSS_CONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 67, METHOD_BUFFERED, FILE_WRITE_DATA)
427 #define FSCTL_HSM_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
428 #define FSCTL_RECALL_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 69, METHOD_NEITHER, FILE_ANY_ACCESS)
429 #define FSCTL_NSS_RCONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 70, METHOD_BUFFERED, FILE_READ_DATA)
430 #define FSCTL_READ_FROM_PLEX CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 71, METHOD_OUT_DIRECT, FILE_READ_DATA)
431 #define FSCTL_FILE_PREFETCH CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 72, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
433 #endif /* (VER_PRODUCTBUILD >= 2195) */
435 #define FSCTL_MAILSLOT_PEEK CTL_CODE(FILE_DEVICE_MAILSLOT, 0, METHOD_NEITHER, FILE_READ_DATA)
437 #define FSCTL_NETWORK_SET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
438 #define FSCTL_NETWORK_GET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
439 #define FSCTL_NETWORK_GET_CONNECTION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS)
440 #define FSCTL_NETWORK_ENUMERATE_CONNECTIONS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS)
441 #define FSCTL_NETWORK_DELETE_CONNECTION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS)
442 #define FSCTL_NETWORK_GET_STATISTICS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 116, METHOD_BUFFERED, FILE_ANY_ACCESS)
443 #define FSCTL_NETWORK_SET_DOMAIN_NAME CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS)
444 #define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS)
446 #define FSCTL_PIPE_ASSIGN_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
447 #define FSCTL_PIPE_DISCONNECT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
448 #define FSCTL_PIPE_LISTEN CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
449 #define FSCTL_PIPE_PEEK CTL_CODE(FILE_DEVICE_NAMED_PIPE, 3, METHOD_BUFFERED, FILE_READ_DATA)
450 #define FSCTL_PIPE_QUERY_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
451 #define FSCTL_PIPE_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 5, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
452 #define FSCTL_PIPE_WAIT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
453 #define FSCTL_PIPE_IMPERSONATE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
454 #define FSCTL_PIPE_SET_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
455 #define FSCTL_PIPE_QUERY_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 9, METHOD_BUFFERED, FILE_ANY_ACCESS)
456 #define FSCTL_PIPE_INTERNAL_READ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2045, METHOD_BUFFERED, FILE_READ_DATA)
457 #define FSCTL_PIPE_INTERNAL_WRITE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2046, METHOD_BUFFERED, FILE_WRITE_DATA)
458 #define FSCTL_PIPE_INTERNAL_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2047, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
459 #define FSCTL_PIPE_INTERNAL_READ_OVFLOW CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2048, METHOD_BUFFERED, FILE_READ_DATA)
461 #define IOCTL_REDIR_QUERY_PATH CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS)
464 typedef PVOID OPLOCK
, *POPLOCK
;
465 typedef PVOID PWOW64_PROCESS
;
467 typedef struct _CACHE_MANAGER_CALLBACKS
*PCACHE_MANAGER_CALLBACKS
;
468 typedef struct _EPROCESS_QUOTA_BLOCK
*PEPROCESS_QUOTA_BLOCK
;
469 typedef struct _FILE_GET_QUOTA_INFORMATION
*PFILE_GET_QUOTA_INFORMATION
;
470 typedef struct _HANDLE_TABLE
*PHANDLE_TABLE
;
471 typedef struct _KEVENT_PAIR
*PKEVENT_PAIR
;
472 typedef struct _KPROCESS
*PKPROCESS
;
473 typedef struct _KQUEUE
*PKQUEUE
;
474 typedef struct _KTRAP_FRAME
*PKTRAP_FRAME
;
475 typedef struct _MAILSLOT_CREATE_PARAMETERS
*PMAILSLOT_CREATE_PARAMETERS
;
476 typedef struct _MMWSL
*PMMWSL
;
477 typedef struct _NAMED_PIPE_CREATE_PARAMETERS
*PNAMED_PIPE_CREATE_PARAMETERS
;
478 typedef struct _OBJECT_DIRECTORY
*POBJECT_DIRECTORY
;
479 typedef struct _PAGEFAULT_HISTORY
*PPAGEFAULT_HISTORY
;
480 typedef struct _PS_IMPERSONATION_INFORMATION
*PPS_IMPERSONATION_INFORMATION
;
481 typedef struct _SECTION_OBJECT
*PSECTION_OBJECT
;
482 typedef struct _SHARED_CACHE_MAP
*PSHARED_CACHE_MAP
;
483 typedef struct _TERMINATION_PORT
*PTERMINATION_PORT
;
484 typedef struct _VACB
*PVACB
;
485 typedef struct _VAD_HEADER
*PVAD_HEADER
;
487 typedef struct _NOTIFY_SYNC
500 } NOTIFY_SYNC
, * PNOTIFY_SYNC
;
502 typedef enum _FAST_IO_POSSIBLE
{
508 typedef enum _FILE_STORAGE_TYPE
{
509 StorageTypeDefault
= 1,
510 StorageTypeDirectory
,
512 StorageTypeJunctionPoint
,
514 StorageTypeStructuredStorage
,
515 StorageTypeEmbedding
,
519 typedef enum _IO_COMPLETION_INFORMATION_CLASS
{
520 IoCompletionBasicInformation
521 } IO_COMPLETION_INFORMATION_CLASS
;
523 typedef enum _OBJECT_INFO_CLASS
{
531 typedef struct _HARDWARE_PTE_X86
{
535 ULONG WriteThrough
: 1;
536 ULONG CacheDisable
: 1;
541 ULONG CopyOnWrite
: 1;
544 ULONG PageFrameNumber
: 20;
545 } HARDWARE_PTE_X86
, *PHARDWARE_PTE_X86
;
547 typedef struct _KAPC_STATE
{
548 LIST_ENTRY ApcListHead
[2];
550 BOOLEAN KernelApcInProgress
;
551 BOOLEAN KernelApcPending
;
552 BOOLEAN UserApcPending
;
553 } KAPC_STATE
, *PKAPC_STATE
, *__restrict PRKAPC_STATE
;
555 typedef struct _KGDTENTRY
{
572 ULONG Reserved_0
: 1;
573 ULONG Default_Big
: 1;
574 ULONG Granularity
: 1;
578 } KGDTENTRY
, *PKGDTENTRY
;
580 typedef struct _KIDTENTRY
{
584 USHORT ExtendedOffset
;
585 } KIDTENTRY
, *PKIDTENTRY
;
587 #if (VER_PRODUCTBUILD >= 2600)
589 typedef struct _MMSUPPORT_FLAGS
{
590 ULONG SessionSpace
: 1;
591 ULONG BeingTrimmed
: 1;
592 ULONG SessionLeader
: 1;
594 ULONG WorkingSetHard
: 1;
595 ULONG AddressSpaceBeingDeleted
: 1;
596 ULONG Available
: 10;
597 ULONG AllowWorkingSetAdjustment
: 8;
598 ULONG MemoryPriority
: 8;
599 } MMSUPPORT_FLAGS
, *PMMSUPPORT_FLAGS
;
603 typedef struct _MMSUPPORT_FLAGS
{
604 ULONG SessionSpace
: 1;
605 ULONG BeingTrimmed
: 1;
606 ULONG ProcessInSession
: 1;
607 ULONG SessionLeader
: 1;
609 ULONG WorkingSetHard
: 1;
610 ULONG WriteWatch
: 1;
612 } MMSUPPORT_FLAGS
, *PMMSUPPORT_FLAGS
;
616 #if (VER_PRODUCTBUILD >= 2600)
618 typedef struct _MMSUPPORT
{
619 LARGE_INTEGER LastTrimTime
;
620 MMSUPPORT_FLAGS Flags
;
621 ULONG PageFaultCount
;
622 ULONG PeakWorkingSetSize
;
623 ULONG WorkingSetSize
;
624 ULONG MinimumWorkingSetSize
;
625 ULONG MaximumWorkingSetSize
;
626 PMMWSL VmWorkingSetList
;
627 LIST_ENTRY WorkingSetExpansionLinks
;
629 ULONG NextEstimationSlot
;
631 ULONG EstimatedAvailable
;
632 ULONG GrowthSinceLastEstimate
;
633 } MMSUPPORT
, *PMMSUPPORT
;
637 typedef struct _MMSUPPORT
{
638 LARGE_INTEGER LastTrimTime
;
639 ULONG LastTrimFaultCount
;
640 ULONG PageFaultCount
;
641 ULONG PeakWorkingSetSize
;
642 ULONG WorkingSetSize
;
643 ULONG MinimumWorkingSetSize
;
644 ULONG MaximumWorkingSetSize
;
645 PMMWSL VmWorkingSetList
;
646 LIST_ENTRY WorkingSetExpansionLinks
;
647 BOOLEAN AllowWorkingSetAdjustment
;
648 BOOLEAN AddressSpaceBeingDeleted
;
649 UCHAR ForegroundSwitchCount
;
650 UCHAR MemoryPriority
;
651 #if (VER_PRODUCTBUILD >= 2195)
654 MMSUPPORT_FLAGS Flags
;
657 ULONG NextEstimationSlot
;
659 ULONG EstimatedAvailable
;
660 ULONG GrowthSinceLastEstimate
;
661 #endif /* (VER_PRODUCTBUILD >= 2195) */
662 } MMSUPPORT
, *PMMSUPPORT
;
666 typedef struct _SE_AUDIT_PROCESS_CREATION_INFO
{
667 POBJECT_NAME_INFORMATION ImageFileName
;
668 } SE_AUDIT_PROCESS_CREATION_INFO
, *PSE_AUDIT_PROCESS_CREATION_INFO
;
670 typedef struct _BITMAP_RANGE
{
672 LARGE_INTEGER BasePage
;
673 ULONG FirstDirtyPage
;
677 } BITMAP_RANGE
, *PBITMAP_RANGE
;
679 typedef struct _CACHE_UNINITIALIZE_EVENT
{
680 struct _CACHE_UNINITIALIZE_EVENT
*Next
;
682 } CACHE_UNINITIALIZE_EVENT
, *PCACHE_UNINITIALIZE_EVENT
;
684 typedef struct _CC_FILE_SIZES
{
685 LARGE_INTEGER AllocationSize
;
686 LARGE_INTEGER FileSize
;
687 LARGE_INTEGER ValidDataLength
;
688 } CC_FILE_SIZES
, *PCC_FILE_SIZES
;
690 typedef struct _COMPRESSED_DATA_INFO
{
691 USHORT CompressionFormatAndEngine
;
692 UCHAR CompressionUnitShift
;
696 USHORT NumberOfChunks
;
697 ULONG CompressedChunkSizes
[ANYSIZE_ARRAY
];
698 } COMPRESSED_DATA_INFO
, *PCOMPRESSED_DATA_INFO
;
700 typedef struct _DEVICE_MAP
{
701 POBJECT_DIRECTORY DosDevicesDirectory
;
702 POBJECT_DIRECTORY GlobalDosDevicesDirectory
;
703 ULONG ReferenceCount
;
706 } DEVICE_MAP
, *PDEVICE_MAP
;
708 #if (VER_PRODUCTBUILD >= 2600)
710 typedef struct _EX_FAST_REF
{
711 _ANONYMOUS_UNION
union {
716 } EX_FAST_REF
, *PEX_FAST_REF
;
718 typedef struct _EX_PUSH_LOCK
{
719 _ANONYMOUS_UNION
union {
720 _ANONYMOUS_STRUCT
struct {
728 } EX_PUSH_LOCK
, *PEX_PUSH_LOCK
;
730 typedef struct _EX_RUNDOWN_REF
{
731 _ANONYMOUS_UNION
union {
735 } EX_RUNDOWN_REF
, *PEX_RUNDOWN_REF
;
739 typedef struct _EPROCESS_QUOTA_ENTRY
{
744 } EPROCESS_QUOTA_ENTRY
, *PEPROCESS_QUOTA_ENTRY
;
746 typedef struct _EPROCESS_QUOTA_BLOCK
{
747 EPROCESS_QUOTA_ENTRY QuotaEntry
[3];
748 LIST_ENTRY QuotaList
;
749 ULONG ReferenceCount
;
751 } EPROCESS_QUOTA_BLOCK
, *PEPROCESS_QUOTA_BLOCK
;
753 typedef struct _FILE_ACCESS_INFORMATION
{
754 ACCESS_MASK AccessFlags
;
755 } FILE_ACCESS_INFORMATION
, *PFILE_ACCESS_INFORMATION
;
757 typedef struct _FILE_ALLOCATION_INFORMATION
{
758 LARGE_INTEGER AllocationSize
;
759 } FILE_ALLOCATION_INFORMATION
, *PFILE_ALLOCATION_INFORMATION
;
761 typedef struct _FILE_BOTH_DIR_INFORMATION
{
762 ULONG NextEntryOffset
;
764 LARGE_INTEGER CreationTime
;
765 LARGE_INTEGER LastAccessTime
;
766 LARGE_INTEGER LastWriteTime
;
767 LARGE_INTEGER ChangeTime
;
768 LARGE_INTEGER EndOfFile
;
769 LARGE_INTEGER AllocationSize
;
770 ULONG FileAttributes
;
771 ULONG FileNameLength
;
773 CCHAR ShortNameLength
;
776 } FILE_BOTH_DIR_INFORMATION
, *PFILE_BOTH_DIR_INFORMATION
;
778 typedef struct _FILE_COMPLETION_INFORMATION
{
781 } FILE_COMPLETION_INFORMATION
, *PFILE_COMPLETION_INFORMATION
;
783 typedef struct _FILE_COMPRESSION_INFORMATION
{
784 LARGE_INTEGER CompressedFileSize
;
785 USHORT CompressionFormat
;
786 UCHAR CompressionUnitShift
;
790 } FILE_COMPRESSION_INFORMATION
, *PFILE_COMPRESSION_INFORMATION
;
792 typedef struct _FILE_COPY_ON_WRITE_INFORMATION
{
793 BOOLEAN ReplaceIfExists
;
794 HANDLE RootDirectory
;
795 ULONG FileNameLength
;
797 } FILE_COPY_ON_WRITE_INFORMATION
, *PFILE_COPY_ON_WRITE_INFORMATION
;
799 typedef struct _FILE_DIRECTORY_INFORMATION
{
800 ULONG NextEntryOffset
;
802 LARGE_INTEGER CreationTime
;
803 LARGE_INTEGER LastAccessTime
;
804 LARGE_INTEGER LastWriteTime
;
805 LARGE_INTEGER ChangeTime
;
806 LARGE_INTEGER EndOfFile
;
807 LARGE_INTEGER AllocationSize
;
808 ULONG FileAttributes
;
809 ULONG FileNameLength
;
811 } FILE_DIRECTORY_INFORMATION
, *PFILE_DIRECTORY_INFORMATION
;
813 typedef struct _FILE_FULL_DIRECTORY_INFORMATION
{
814 ULONG NextEntryOffset
;
816 LARGE_INTEGER CreationTime
;
817 LARGE_INTEGER LastAccessTime
;
818 LARGE_INTEGER LastWriteTime
;
819 LARGE_INTEGER ChangeTime
;
820 LARGE_INTEGER EndOfFile
;
821 LARGE_INTEGER AllocationSize
;
822 ULONG FileAttributes
;
823 ULONG FileNameLength
;
826 } FILE_FULL_DIRECTORY_INFORMATION
, *PFILE_FULL_DIRECTORY_INFORMATION
;
828 typedef struct _FILE_BOTH_DIRECTORY_INFORMATION
{
829 ULONG NextEntryOffset
;
831 LARGE_INTEGER CreationTime
;
832 LARGE_INTEGER LastAccessTime
;
833 LARGE_INTEGER LastWriteTime
;
834 LARGE_INTEGER ChangeTime
;
835 LARGE_INTEGER EndOfFile
;
836 LARGE_INTEGER AllocationSize
;
837 ULONG FileAttributes
;
838 ULONG FileNameLength
;
840 CHAR ShortNameLength
;
843 } FILE_BOTH_DIRECTORY_INFORMATION
, *PFILE_BOTH_DIRECTORY_INFORMATION
;
845 typedef struct _FILE_EA_INFORMATION
{
847 } FILE_EA_INFORMATION
, *PFILE_EA_INFORMATION
;
849 typedef struct _FILE_FS_ATTRIBUTE_INFORMATION
{
850 ULONG FileSystemAttributes
;
851 ULONG MaximumComponentNameLength
;
852 ULONG FileSystemNameLength
;
853 WCHAR FileSystemName
[1];
854 } FILE_FS_ATTRIBUTE_INFORMATION
, *PFILE_FS_ATTRIBUTE_INFORMATION
;
856 typedef struct _FILE_FS_CONTROL_INFORMATION
{
857 LARGE_INTEGER FreeSpaceStartFiltering
;
858 LARGE_INTEGER FreeSpaceThreshold
;
859 LARGE_INTEGER FreeSpaceStopFiltering
;
860 LARGE_INTEGER DefaultQuotaThreshold
;
861 LARGE_INTEGER DefaultQuotaLimit
;
862 ULONG FileSystemControlFlags
;
863 } FILE_FS_CONTROL_INFORMATION
, *PFILE_FS_CONTROL_INFORMATION
;
865 typedef struct _FILE_FS_FULL_SIZE_INFORMATION
{
866 LARGE_INTEGER TotalAllocationUnits
;
867 LARGE_INTEGER CallerAvailableAllocationUnits
;
868 LARGE_INTEGER ActualAvailableAllocationUnits
;
869 ULONG SectorsPerAllocationUnit
;
870 ULONG BytesPerSector
;
871 } FILE_FS_FULL_SIZE_INFORMATION
, *PFILE_FS_FULL_SIZE_INFORMATION
;
873 typedef struct _FILE_FS_LABEL_INFORMATION
{
874 ULONG VolumeLabelLength
;
875 WCHAR VolumeLabel
[1];
876 } FILE_FS_LABEL_INFORMATION
, *PFILE_FS_LABEL_INFORMATION
;
878 #if (VER_PRODUCTBUILD >= 2195)
880 typedef struct _FILE_FS_OBJECT_ID_INFORMATION
{
882 UCHAR ExtendedInfo
[48];
883 } FILE_FS_OBJECT_ID_INFORMATION
, *PFILE_FS_OBJECT_ID_INFORMATION
;
885 #endif /* (VER_PRODUCTBUILD >= 2195) */
887 typedef struct _FILE_FS_SIZE_INFORMATION
{
888 LARGE_INTEGER TotalAllocationUnits
;
889 LARGE_INTEGER AvailableAllocationUnits
;
890 ULONG SectorsPerAllocationUnit
;
891 ULONG BytesPerSector
;
892 } FILE_FS_SIZE_INFORMATION
, *PFILE_FS_SIZE_INFORMATION
;
894 typedef struct _FILE_FS_VOLUME_INFORMATION
{
895 LARGE_INTEGER VolumeCreationTime
;
896 ULONG VolumeSerialNumber
;
897 ULONG VolumeLabelLength
;
898 BOOLEAN SupportsObjects
;
899 WCHAR VolumeLabel
[1];
900 } FILE_FS_VOLUME_INFORMATION
, *PFILE_FS_VOLUME_INFORMATION
;
902 typedef struct _FILE_FULL_DIR_INFORMATION
{
903 ULONG NextEntryOffset
;
905 LARGE_INTEGER CreationTime
;
906 LARGE_INTEGER LastAccessTime
;
907 LARGE_INTEGER LastWriteTime
;
908 LARGE_INTEGER ChangeTime
;
909 LARGE_INTEGER EndOfFile
;
910 LARGE_INTEGER AllocationSize
;
911 ULONG FileAttributes
;
912 ULONG FileNameLength
;
915 } FILE_FULL_DIR_INFORMATION
, *PFILE_FULL_DIR_INFORMATION
;
917 typedef struct _FILE_GET_EA_INFORMATION
{
918 ULONG NextEntryOffset
;
921 } FILE_GET_EA_INFORMATION
, *PFILE_GET_EA_INFORMATION
;
923 typedef struct _FILE_GET_QUOTA_INFORMATION
{
924 ULONG NextEntryOffset
;
927 } FILE_GET_QUOTA_INFORMATION
, *PFILE_GET_QUOTA_INFORMATION
;
929 typedef struct _FILE_INTERNAL_INFORMATION
{
930 LARGE_INTEGER IndexNumber
;
931 } FILE_INTERNAL_INFORMATION
, *PFILE_INTERNAL_INFORMATION
;
933 typedef struct _FILE_LINK_INFORMATION
{
934 BOOLEAN ReplaceIfExists
;
935 HANDLE RootDirectory
;
936 ULONG FileNameLength
;
938 } FILE_LINK_INFORMATION
, *PFILE_LINK_INFORMATION
;
940 typedef struct _FILE_LOCK_INFO
{
941 LARGE_INTEGER StartingByte
;
942 LARGE_INTEGER Length
;
943 BOOLEAN ExclusiveLock
;
945 PFILE_OBJECT FileObject
;
947 LARGE_INTEGER EndingByte
;
948 } FILE_LOCK_INFO
, *PFILE_LOCK_INFO
;
950 /* raw internal file lock struct returned from FsRtlGetNextFileLock */
951 typedef struct _FILE_SHARED_LOCK_ENTRY
{
954 FILE_LOCK_INFO FileLock
;
955 } FILE_SHARED_LOCK_ENTRY
, *PFILE_SHARED_LOCK_ENTRY
;
957 /* raw internal file lock struct returned from FsRtlGetNextFileLock */
958 typedef struct _FILE_EXCLUSIVE_LOCK_ENTRY
{
959 LIST_ENTRY ListEntry
;
962 FILE_LOCK_INFO FileLock
;
963 } FILE_EXCLUSIVE_LOCK_ENTRY
, *PFILE_EXCLUSIVE_LOCK_ENTRY
;
965 typedef NTSTATUS (*PCOMPLETE_LOCK_IRP_ROUTINE
) (
970 typedef VOID (NTAPI
*PUNLOCK_ROUTINE
) (
972 IN PFILE_LOCK_INFO FileLockInfo
975 typedef struct _FILE_LOCK
{
976 PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine
;
977 PUNLOCK_ROUTINE UnlockRoutine
;
978 BOOLEAN FastIoIsQuestionable
;
980 PVOID LockInformation
;
981 FILE_LOCK_INFO LastReturnedLockInfo
;
982 PVOID LastReturnedLock
;
983 } FILE_LOCK
, *PFILE_LOCK
;
985 typedef struct _FILE_MAILSLOT_PEEK_BUFFER
{
986 ULONG ReadDataAvailable
;
987 ULONG NumberOfMessages
;
989 } FILE_MAILSLOT_PEEK_BUFFER
, *PFILE_MAILSLOT_PEEK_BUFFER
;
991 typedef struct _FILE_MAILSLOT_QUERY_INFORMATION
{
992 ULONG MaximumMessageSize
;
994 ULONG NextMessageSize
;
995 ULONG MessagesAvailable
;
996 LARGE_INTEGER ReadTimeout
;
997 } FILE_MAILSLOT_QUERY_INFORMATION
, *PFILE_MAILSLOT_QUERY_INFORMATION
;
999 typedef struct _FILE_MAILSLOT_SET_INFORMATION
{
1000 LARGE_INTEGER ReadTimeout
;
1001 } FILE_MAILSLOT_SET_INFORMATION
, *PFILE_MAILSLOT_SET_INFORMATION
;
1003 typedef struct _FILE_MODE_INFORMATION
{
1005 } FILE_MODE_INFORMATION
, *PFILE_MODE_INFORMATION
;
1007 typedef struct _FILE_ALL_INFORMATION
{
1008 FILE_BASIC_INFORMATION BasicInformation
;
1009 FILE_STANDARD_INFORMATION StandardInformation
;
1010 FILE_INTERNAL_INFORMATION InternalInformation
;
1011 FILE_EA_INFORMATION EaInformation
;
1012 FILE_ACCESS_INFORMATION AccessInformation
;
1013 FILE_POSITION_INFORMATION PositionInformation
;
1014 FILE_MODE_INFORMATION ModeInformation
;
1015 FILE_ALIGNMENT_INFORMATION AlignmentInformation
;
1016 FILE_NAME_INFORMATION NameInformation
;
1017 } FILE_ALL_INFORMATION
, *PFILE_ALL_INFORMATION
;
1019 typedef struct _FILE_NAMES_INFORMATION
{
1020 ULONG NextEntryOffset
;
1022 ULONG FileNameLength
;
1024 } FILE_NAMES_INFORMATION
, *PFILE_NAMES_INFORMATION
;
1026 typedef struct _FILE_OBJECTID_INFORMATION
{
1027 LONGLONG FileReference
;
1029 _ANONYMOUS_UNION
union {
1031 UCHAR BirthVolumeId
[16];
1032 UCHAR BirthObjectId
[16];
1035 UCHAR ExtendedInfo
[48];
1037 } FILE_OBJECTID_INFORMATION
, *PFILE_OBJECTID_INFORMATION
;
1039 typedef struct _FILE_OLE_CLASSID_INFORMATION
{
1041 } FILE_OLE_CLASSID_INFORMATION
, *PFILE_OLE_CLASSID_INFORMATION
;
1043 typedef struct _FILE_OLE_ALL_INFORMATION
{
1044 FILE_BASIC_INFORMATION BasicInformation
;
1045 FILE_STANDARD_INFORMATION StandardInformation
;
1046 FILE_INTERNAL_INFORMATION InternalInformation
;
1047 FILE_EA_INFORMATION EaInformation
;
1048 FILE_ACCESS_INFORMATION AccessInformation
;
1049 FILE_POSITION_INFORMATION PositionInformation
;
1050 FILE_MODE_INFORMATION ModeInformation
;
1051 FILE_ALIGNMENT_INFORMATION AlignmentInformation
;
1054 LARGE_INTEGER SecurityChangeTime
;
1055 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation
;
1056 FILE_OBJECTID_INFORMATION ObjectIdInformation
;
1057 FILE_STORAGE_TYPE StorageType
;
1060 ULONG NumberOfStreamReferences
;
1063 BOOLEAN ContentIndexDisable
;
1064 BOOLEAN InheritContentIndexDisable
;
1065 FILE_NAME_INFORMATION NameInformation
;
1066 } FILE_OLE_ALL_INFORMATION
, *PFILE_OLE_ALL_INFORMATION
;
1068 typedef struct _FILE_OLE_DIR_INFORMATION
{
1069 ULONG NextEntryOffset
;
1071 LARGE_INTEGER CreationTime
;
1072 LARGE_INTEGER LastAccessTime
;
1073 LARGE_INTEGER LastWriteTime
;
1074 LARGE_INTEGER ChangeTime
;
1075 LARGE_INTEGER EndOfFile
;
1076 LARGE_INTEGER AllocationSize
;
1077 ULONG FileAttributes
;
1078 ULONG FileNameLength
;
1079 FILE_STORAGE_TYPE StorageType
;
1082 BOOLEAN ContentIndexDisable
;
1083 BOOLEAN InheritContentIndexDisable
;
1085 } FILE_OLE_DIR_INFORMATION
, *PFILE_OLE_DIR_INFORMATION
;
1087 typedef struct _FILE_OLE_INFORMATION
{
1088 LARGE_INTEGER SecurityChangeTime
;
1089 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation
;
1090 FILE_OBJECTID_INFORMATION ObjectIdInformation
;
1091 FILE_STORAGE_TYPE StorageType
;
1093 BOOLEAN ContentIndexDisable
;
1094 BOOLEAN InheritContentIndexDisable
;
1095 } FILE_OLE_INFORMATION
, *PFILE_OLE_INFORMATION
;
1097 typedef struct _FILE_OLE_STATE_BITS_INFORMATION
{
1099 ULONG StateBitsMask
;
1100 } FILE_OLE_STATE_BITS_INFORMATION
, *PFILE_OLE_STATE_BITS_INFORMATION
;
1102 typedef struct _FILE_PIPE_ASSIGN_EVENT_BUFFER
{
1105 } FILE_PIPE_ASSIGN_EVENT_BUFFER
, *PFILE_PIPE_ASSIGN_EVENT_BUFFER
;
1107 typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER
{
1108 PVOID ClientSession
;
1109 PVOID ClientProcess
;
1110 } FILE_PIPE_CLIENT_PROCESS_BUFFER
, *PFILE_PIPE_CLIENT_PROCESS_BUFFER
;
1112 typedef struct _FILE_PIPE_EVENT_BUFFER
{
1113 ULONG NamedPipeState
;
1117 ULONG NumberRequests
;
1118 } FILE_PIPE_EVENT_BUFFER
, *PFILE_PIPE_EVENT_BUFFER
;
1120 typedef struct _FILE_PIPE_INFORMATION
{
1122 ULONG CompletionMode
;
1123 } FILE_PIPE_INFORMATION
, *PFILE_PIPE_INFORMATION
;
1125 typedef struct _FILE_PIPE_LOCAL_INFORMATION
{
1126 ULONG NamedPipeType
;
1127 ULONG NamedPipeConfiguration
;
1128 ULONG MaximumInstances
;
1129 ULONG CurrentInstances
;
1131 ULONG ReadDataAvailable
;
1132 ULONG OutboundQuota
;
1133 ULONG WriteQuotaAvailable
;
1134 ULONG NamedPipeState
;
1136 } FILE_PIPE_LOCAL_INFORMATION
, *PFILE_PIPE_LOCAL_INFORMATION
;
1138 typedef struct _FILE_PIPE_REMOTE_INFORMATION
{
1139 LARGE_INTEGER CollectDataTime
;
1140 ULONG MaximumCollectionCount
;
1141 } FILE_PIPE_REMOTE_INFORMATION
, *PFILE_PIPE_REMOTE_INFORMATION
;
1143 typedef struct _FILE_PIPE_WAIT_FOR_BUFFER
{
1144 LARGE_INTEGER Timeout
;
1146 BOOLEAN TimeoutSpecified
;
1148 } FILE_PIPE_WAIT_FOR_BUFFER
, *PFILE_PIPE_WAIT_FOR_BUFFER
;
1150 typedef struct _FILE_QUOTA_INFORMATION
{
1151 ULONG NextEntryOffset
;
1153 LARGE_INTEGER ChangeTime
;
1154 LARGE_INTEGER QuotaUsed
;
1155 LARGE_INTEGER QuotaThreshold
;
1156 LARGE_INTEGER QuotaLimit
;
1158 } FILE_QUOTA_INFORMATION
, *PFILE_QUOTA_INFORMATION
;
1160 typedef struct _FILE_RENAME_INFORMATION
{
1161 BOOLEAN ReplaceIfExists
;
1162 HANDLE RootDirectory
;
1163 ULONG FileNameLength
;
1165 } FILE_RENAME_INFORMATION
, *PFILE_RENAME_INFORMATION
;
1167 typedef struct _FILE_STREAM_INFORMATION
{
1168 ULONG NextEntryOffset
;
1169 ULONG StreamNameLength
;
1170 LARGE_INTEGER StreamSize
;
1171 LARGE_INTEGER StreamAllocationSize
;
1172 WCHAR StreamName
[1];
1173 } FILE_STREAM_INFORMATION
, *PFILE_STREAM_INFORMATION
;
1175 typedef struct _FILE_TRACKING_INFORMATION
{
1176 HANDLE DestinationFile
;
1177 ULONG ObjectInformationLength
;
1178 CHAR ObjectInformation
[1];
1179 } FILE_TRACKING_INFORMATION
, *PFILE_TRACKING_INFORMATION
;
1181 #if (VER_PRODUCTBUILD >= 2195)
1182 typedef struct _FILE_ZERO_DATA_INFORMATION
{
1183 LARGE_INTEGER FileOffset
;
1184 LARGE_INTEGER BeyondFinalZero
;
1185 } FILE_ZERO_DATA_INFORMATION
, *PFILE_ZERO_DATA_INFORMATION
;
1187 typedef struct FILE_ALLOCATED_RANGE_BUFFER
{
1188 LARGE_INTEGER FileOffset
;
1189 LARGE_INTEGER Length
;
1190 } FILE_ALLOCATED_RANGE_BUFFER
, *PFILE_ALLOCATED_RANGE_BUFFER
;
1191 #endif /* (VER_PRODUCTBUILD >= 2195) */
1193 typedef struct _FSRTL_COMMON_FCB_HEADER
{
1194 CSHORT NodeTypeCode
;
1195 CSHORT NodeByteSize
;
1197 UCHAR IsFastIoPossible
;
1198 #if (VER_PRODUCTBUILD >= 1381)
1201 #endif /* (VER_PRODUCTBUILD >= 1381) */
1202 PERESOURCE Resource
;
1203 PERESOURCE PagingIoResource
;
1204 LARGE_INTEGER AllocationSize
;
1205 LARGE_INTEGER FileSize
;
1206 LARGE_INTEGER ValidDataLength
;
1207 } FSRTL_COMMON_FCB_HEADER
, *PFSRTL_COMMON_FCB_HEADER
;
1209 typedef struct _GENERATE_NAME_CONTEXT
{
1211 BOOLEAN CheckSumInserted
;
1213 WCHAR NameBuffer
[8];
1214 ULONG ExtensionLength
;
1215 WCHAR ExtensionBuffer
[4];
1216 ULONG LastIndexValue
;
1217 } GENERATE_NAME_CONTEXT
, *PGENERATE_NAME_CONTEXT
;
1219 typedef struct _HANDLE_TABLE_ENTRY
{
1221 ULONG ObjectAttributes
;
1222 ULONG GrantedAccess
;
1223 USHORT GrantedAccessIndex
;
1224 USHORT CreatorBackTraceIndex
;
1225 ULONG NextFreeTableEntry
;
1226 } HANDLE_TABLE_ENTRY
, *PHANDLE_TABLE_ENTRY
;
1228 typedef struct _MAPPING_PAIR
{
1231 } MAPPING_PAIR
, *PMAPPING_PAIR
;
1233 typedef struct _GET_RETRIEVAL_DESCRIPTOR
{
1234 ULONG NumberOfPairs
;
1236 MAPPING_PAIR Pair
[1];
1237 } GET_RETRIEVAL_DESCRIPTOR
, *PGET_RETRIEVAL_DESCRIPTOR
;
1239 typedef struct _IO_CLIENT_EXTENSION
{
1240 struct _IO_CLIENT_EXTENSION
*NextExtension
;
1241 PVOID ClientIdentificationAddress
;
1242 } IO_CLIENT_EXTENSION
, *PIO_CLIENT_EXTENSION
;
1244 typedef struct _IO_COMPLETION_BASIC_INFORMATION
{
1246 } IO_COMPLETION_BASIC_INFORMATION
, *PIO_COMPLETION_BASIC_INFORMATION
;
1248 typedef struct _KEVENT_PAIR
{
1253 } KEVENT_PAIR
, *PKEVENT_PAIR
;
1255 typedef struct _KQUEUE
{
1256 DISPATCHER_HEADER Header
;
1257 LIST_ENTRY EntryListHead
;
1260 LIST_ENTRY ThreadListHead
;
1261 } KQUEUE
, *PKQUEUE
, *RESTRICTED_POINTER PRKQUEUE
;
1263 typedef struct _MAILSLOT_CREATE_PARAMETERS
{
1264 ULONG MailslotQuota
;
1265 ULONG MaximumMessageSize
;
1266 LARGE_INTEGER ReadTimeout
;
1267 BOOLEAN TimeoutSpecified
;
1268 } MAILSLOT_CREATE_PARAMETERS
, *PMAILSLOT_CREATE_PARAMETERS
;
1270 typedef struct _MBCB
{
1271 CSHORT NodeTypeCode
;
1272 CSHORT NodeIsInZone
;
1276 LIST_ENTRY BitmapRanges
;
1277 LONGLONG ResumeWritePage
;
1278 BITMAP_RANGE BitmapRange1
;
1279 BITMAP_RANGE BitmapRange2
;
1280 BITMAP_RANGE BitmapRange3
;
1283 typedef struct _MOVEFILE_DESCRIPTOR
{
1286 LARGE_INTEGER StartVcn
;
1287 LARGE_INTEGER TargetLcn
;
1290 } MOVEFILE_DESCRIPTOR
, *PMOVEFILE_DESCRIPTOR
;
1292 typedef struct _NAMED_PIPE_CREATE_PARAMETERS
{
1293 ULONG NamedPipeType
;
1295 ULONG CompletionMode
;
1296 ULONG MaximumInstances
;
1298 ULONG OutboundQuota
;
1299 LARGE_INTEGER DefaultTimeout
;
1300 BOOLEAN TimeoutSpecified
;
1301 } NAMED_PIPE_CREATE_PARAMETERS
, *PNAMED_PIPE_CREATE_PARAMETERS
;
1303 typedef struct _OBJECT_BASIC_INFO
{
1305 ACCESS_MASK GrantedAccess
;
1307 ULONG ReferenceCount
;
1308 ULONG PagedPoolUsage
;
1309 ULONG NonPagedPoolUsage
;
1311 ULONG NameInformationLength
;
1312 ULONG TypeInformationLength
;
1313 ULONG SecurityDescriptorLength
;
1314 LARGE_INTEGER CreateTime
;
1315 } OBJECT_BASIC_INFO
, *POBJECT_BASIC_INFO
;
1317 typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFO
{
1319 BOOLEAN ProtectFromClose
;
1320 } OBJECT_HANDLE_ATTRIBUTE_INFO
, *POBJECT_HANDLE_ATTRIBUTE_INFO
;
1322 typedef struct _OBJECT_NAME_INFO
{
1323 UNICODE_STRING ObjectName
;
1324 WCHAR ObjectNameBuffer
[1];
1325 } OBJECT_NAME_INFO
, *POBJECT_NAME_INFO
;
1327 typedef struct _OBJECT_PROTECTION_INFO
{
1329 BOOLEAN ProtectHandle
;
1330 } OBJECT_PROTECTION_INFO
, *POBJECT_PROTECTION_INFO
;
1332 typedef struct _OBJECT_TYPE_INFO
{
1333 UNICODE_STRING ObjectTypeName
;
1334 UCHAR Unknown
[0x58];
1335 WCHAR ObjectTypeNameBuffer
[1];
1336 } OBJECT_TYPE_INFO
, *POBJECT_TYPE_INFO
;
1338 typedef struct _OBJECT_ALL_TYPES_INFO
{
1339 ULONG NumberOfObjectTypes
;
1340 OBJECT_TYPE_INFO ObjectsTypeInfo
[1];
1341 } OBJECT_ALL_TYPES_INFO
, *POBJECT_ALL_TYPES_INFO
;
1343 typedef struct _PAGEFAULT_HISTORY
{
1346 KSPIN_LOCK SpinLock
;
1348 PROCESS_WS_WATCH_INFORMATION WatchInfo
[1];
1349 } PAGEFAULT_HISTORY
, *PPAGEFAULT_HISTORY
;
1351 typedef struct _PATHNAME_BUFFER
{
1352 ULONG PathNameLength
;
1354 } PATHNAME_BUFFER
, *PPATHNAME_BUFFER
;
1356 #if (VER_PRODUCTBUILD >= 2600)
1358 typedef struct _PRIVATE_CACHE_MAP_FLAGS
{
1360 ULONG ReadAheadActive
: 1;
1361 ULONG ReadAheadEnabled
: 1;
1362 ULONG Available
: 14;
1363 } PRIVATE_CACHE_MAP_FLAGS
, *PPRIVATE_CACHE_MAP_FLAGS
;
1365 typedef struct _PRIVATE_CACHE_MAP
{
1366 _ANONYMOUS_UNION
union {
1367 CSHORT NodeTypeCode
;
1368 PRIVATE_CACHE_MAP_FLAGS Flags
;
1371 ULONG ReadAheadMask
;
1372 PFILE_OBJECT FileObject
;
1373 LARGE_INTEGER FileOffset1
;
1374 LARGE_INTEGER BeyondLastByte1
;
1375 LARGE_INTEGER FileOffset2
;
1376 LARGE_INTEGER BeyondLastByte2
;
1377 LARGE_INTEGER ReadAheadOffset
[2];
1378 ULONG ReadAheadLength
[2];
1379 KSPIN_LOCK ReadAheadSpinLock
;
1380 LIST_ENTRY PrivateLinks
;
1381 } PRIVATE_CACHE_MAP
, *PPRIVATE_CACHE_MAP
;
1385 typedef struct _PS_IMPERSONATION_INFORMATION
{
1386 PACCESS_TOKEN Token
;
1388 BOOLEAN EffectiveOnly
;
1389 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
;
1390 } PS_IMPERSONATION_INFORMATION
, *PPS_IMPERSONATION_INFORMATION
;
1392 typedef struct _PUBLIC_BCB
{
1393 CSHORT NodeTypeCode
;
1394 CSHORT NodeByteSize
;
1396 LARGE_INTEGER MappedFileOffset
;
1397 } PUBLIC_BCB
, *PPUBLIC_BCB
;
1399 typedef struct _QUERY_PATH_REQUEST
{
1400 ULONG PathNameLength
;
1401 PIO_SECURITY_CONTEXT SecurityContext
;
1402 WCHAR FilePathName
[1];
1403 } QUERY_PATH_REQUEST
, *PQUERY_PATH_REQUEST
;
1405 typedef struct _QUERY_PATH_RESPONSE
{
1406 ULONG LengthAccepted
;
1407 } QUERY_PATH_RESPONSE
, *PQUERY_PATH_RESPONSE
;
1409 typedef struct _RETRIEVAL_POINTERS_BUFFER
{
1411 LARGE_INTEGER StartingVcn
;
1413 LARGE_INTEGER NextVcn
;
1416 } RETRIEVAL_POINTERS_BUFFER
, *PRETRIEVAL_POINTERS_BUFFER
;
1418 typedef struct _RTL_SPLAY_LINKS
{
1419 struct _RTL_SPLAY_LINKS
*Parent
;
1420 struct _RTL_SPLAY_LINKS
*LeftChild
;
1421 struct _RTL_SPLAY_LINKS
*RightChild
;
1422 } RTL_SPLAY_LINKS
, *PRTL_SPLAY_LINKS
;
1424 typedef struct _SE_EXPORTS
{
1426 LUID SeCreateTokenPrivilege
;
1427 LUID SeAssignPrimaryTokenPrivilege
;
1428 LUID SeLockMemoryPrivilege
;
1429 LUID SeIncreaseQuotaPrivilege
;
1430 LUID SeUnsolicitedInputPrivilege
;
1431 LUID SeTcbPrivilege
;
1432 LUID SeSecurityPrivilege
;
1433 LUID SeTakeOwnershipPrivilege
;
1434 LUID SeLoadDriverPrivilege
;
1435 LUID SeCreatePagefilePrivilege
;
1436 LUID SeIncreaseBasePriorityPrivilege
;
1437 LUID SeSystemProfilePrivilege
;
1438 LUID SeSystemtimePrivilege
;
1439 LUID SeProfileSingleProcessPrivilege
;
1440 LUID SeCreatePermanentPrivilege
;
1441 LUID SeBackupPrivilege
;
1442 LUID SeRestorePrivilege
;
1443 LUID SeShutdownPrivilege
;
1444 LUID SeDebugPrivilege
;
1445 LUID SeAuditPrivilege
;
1446 LUID SeSystemEnvironmentPrivilege
;
1447 LUID SeChangeNotifyPrivilege
;
1448 LUID SeRemoteShutdownPrivilege
;
1453 PSID SeCreatorOwnerSid
;
1454 PSID SeCreatorGroupSid
;
1456 PSID SeNtAuthoritySid
;
1460 PSID SeInteractiveSid
;
1461 PSID SeLocalSystemSid
;
1462 PSID SeAliasAdminsSid
;
1463 PSID SeAliasUsersSid
;
1464 PSID SeAliasGuestsSid
;
1465 PSID SeAliasPowerUsersSid
;
1466 PSID SeAliasAccountOpsSid
;
1467 PSID SeAliasSystemOpsSid
;
1468 PSID SeAliasPrintOpsSid
;
1469 PSID SeAliasBackupOpsSid
;
1471 PSID SeAuthenticatedUsersSid
;
1473 PSID SeRestrictedSid
;
1474 PSID SeAnonymousLogonSid
;
1476 LUID SeUndockPrivilege
;
1477 LUID SeSyncAgentPrivilege
;
1478 LUID SeEnableDelegationPrivilege
;
1480 } SE_EXPORTS
, *PSE_EXPORTS
;
1482 typedef struct _SECTION_BASIC_INFORMATION
{
1486 } SECTION_BASIC_INFORMATION
, *PSECTION_BASIC_INFORMATION
;
1488 typedef struct _SECTION_IMAGE_INFORMATION
{
1491 ULONG_PTR StackReserve
;
1492 ULONG_PTR StackCommit
;
1494 USHORT MinorSubsystemVersion
;
1495 USHORT MajorSubsystemVersion
;
1497 ULONG Characteristics
;
1502 } SECTION_IMAGE_INFORMATION
, *PSECTION_IMAGE_INFORMATION
;
1504 #if (VER_PRODUCTBUILD >= 2600)
1506 typedef struct _SHARED_CACHE_MAP
{
1507 CSHORT NodeTypeCode
;
1508 CSHORT NodeByteSize
;
1510 LARGE_INTEGER FileSize
;
1512 LARGE_INTEGER SectionSize
;
1513 LARGE_INTEGER ValidDataLength
;
1514 LARGE_INTEGER ValidDataGoal
;
1515 PVACB InitialVacbs
[4];
1517 PFILE_OBJECT FileObject
;
1521 ULONG NeedToZeroPage
;
1522 KSPIN_LOCK ActiveVacbSpinLock
;
1523 ULONG VacbActiveCount
;
1525 LIST_ENTRY SharedCacheMapLinks
;
1530 PKEVENT CreateEvent
;
1531 PKEVENT WaitOnActiveCount
;
1533 LONGLONG BeyondLastFlush
;
1534 PCACHE_MANAGER_CALLBACKS Callbacks
;
1535 PVOID LazyWriteContext
;
1536 LIST_ENTRY PrivateList
;
1538 PVOID FlushToLsnRoutine
;
1539 ULONG DirtyPageThreshold
;
1540 ULONG LazyWritePassCount
;
1541 PCACHE_UNINITIALIZE_EVENT UninitializeEvent
;
1542 PVACB NeedToZeroVacb
;
1543 KSPIN_LOCK BcbSpinLock
;
1546 EX_PUSH_LOCK VacbPushLock
;
1547 PRIVATE_CACHE_MAP PrivateCacheMap
;
1548 } SHARED_CACHE_MAP
, *PSHARED_CACHE_MAP
;
1552 typedef struct _STARTING_VCN_INPUT_BUFFER
{
1553 LARGE_INTEGER StartingVcn
;
1554 } STARTING_VCN_INPUT_BUFFER
, *PSTARTING_VCN_INPUT_BUFFER
;
1556 typedef struct _SYSTEM_CACHE_INFORMATION
{
1559 ULONG PageFaultCount
;
1560 ULONG MinimumWorkingSet
;
1561 ULONG MaximumWorkingSet
;
1563 } SYSTEM_CACHE_INFORMATION
, *PSYSTEM_CACHE_INFORMATION
;
1565 typedef struct _TERMINATION_PORT
{
1566 struct _TERMINATION_PORT
* Next
;
1568 } TERMINATION_PORT
, *PTERMINATION_PORT
;
1570 typedef struct _SECURITY_CLIENT_CONTEXT
{
1571 SECURITY_QUALITY_OF_SERVICE SecurityQos
;
1572 PACCESS_TOKEN ClientToken
;
1573 BOOLEAN DirectlyAccessClientToken
;
1574 BOOLEAN DirectAccessEffectiveOnly
;
1575 BOOLEAN ServerIsRemote
;
1576 TOKEN_CONTROL ClientTokenControl
;
1577 } SECURITY_CLIENT_CONTEXT
, *PSECURITY_CLIENT_CONTEXT
;
1579 typedef struct _TUNNEL
{
1581 PRTL_SPLAY_LINKS Cache
;
1582 LIST_ENTRY TimerQueue
;
1586 typedef struct _VACB
{
1588 PSHARED_CACHE_MAP SharedCacheMap
;
1590 LARGE_INTEGER FileOffset
;
1596 typedef struct _VAD_HEADER
{
1599 PVAD_HEADER ParentLink
;
1600 PVAD_HEADER LeftLink
;
1601 PVAD_HEADER RightLink
;
1602 ULONG Flags
; /* LSB = CommitCharge */
1604 PVOID FirstProtoPte
;
1608 } VAD_HEADER
, *PVAD_HEADER
;
1614 IN PFILE_OBJECT FileObject
,
1615 IN ULONG BytesToWrite
,
1624 IN PFILE_OBJECT FileObject
,
1625 IN PLARGE_INTEGER FileOffset
,
1629 OUT PIO_STATUS_BLOCK IoStatus
1636 IN PFILE_OBJECT FileObject
,
1637 IN PLARGE_INTEGER FileOffset
,
1643 #define CcCopyWriteWontFlush(FO, FOFF, LEN) ((LEN) <= 0x10000)
1645 typedef VOID (NTAPI
*PCC_POST_DEFERRED_WRITE
) (
1654 IN PFILE_OBJECT FileObject
,
1655 IN PCC_POST_DEFERRED_WRITE PostRoutine
,
1658 IN ULONG BytesToWrite
,
1666 IN PFILE_OBJECT FileObject
,
1667 IN ULONG FileOffset
,
1671 OUT PIO_STATUS_BLOCK IoStatus
1678 IN PFILE_OBJECT FileObject
,
1679 IN ULONG FileOffset
,
1688 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
1689 IN PLARGE_INTEGER FileOffset OPTIONAL
,
1691 OUT PIO_STATUS_BLOCK IoStatus OPTIONAL
1694 typedef VOID (*PDIRTY_PAGE_ROUTINE
) (
1695 IN PFILE_OBJECT FileObject
,
1696 IN PLARGE_INTEGER FileOffset
,
1698 IN PLARGE_INTEGER OldestLsn
,
1699 IN PLARGE_INTEGER NewestLsn
,
1709 IN PDIRTY_PAGE_ROUTINE DirtyPageRoutine
,
1717 CcGetFileObjectFromBcb (
1724 CcGetFileObjectFromSectionPtrs (
1725 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
1728 #define CcGetFileSizePointer(FO) ( \
1729 ((PLARGE_INTEGER)((FO)->SectionObjectPointer->SharedCacheMap) + 1) \
1732 #if (VER_PRODUCTBUILD >= 2195)
1737 CcGetFlushedValidData (
1738 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
1739 IN BOOLEAN BcbListHeld
1742 #endif /* (VER_PRODUCTBUILD >= 2195) */
1746 CcGetLsnForFileObject (
1747 IN PFILE_OBJECT FileObject
,
1748 OUT PLARGE_INTEGER OldestLsn OPTIONAL
1751 typedef BOOLEAN (NTAPI
*PACQUIRE_FOR_LAZY_WRITE
) (
1756 typedef VOID (NTAPI
*PRELEASE_FROM_LAZY_WRITE
) (
1760 typedef BOOLEAN (NTAPI
*PACQUIRE_FOR_READ_AHEAD
) (
1765 typedef VOID (NTAPI
*PRELEASE_FROM_READ_AHEAD
) (
1769 typedef struct _CACHE_MANAGER_CALLBACKS
{
1770 PACQUIRE_FOR_LAZY_WRITE AcquireForLazyWrite
;
1771 PRELEASE_FROM_LAZY_WRITE ReleaseFromLazyWrite
;
1772 PACQUIRE_FOR_READ_AHEAD AcquireForReadAhead
;
1773 PRELEASE_FROM_READ_AHEAD ReleaseFromReadAhead
;
1774 } CACHE_MANAGER_CALLBACKS
, *PCACHE_MANAGER_CALLBACKS
;
1779 CcInitializeCacheMap (
1780 IN PFILE_OBJECT FileObject
,
1781 IN PCC_FILE_SIZES FileSizes
,
1782 IN BOOLEAN PinAccess
,
1783 IN PCACHE_MANAGER_CALLBACKS Callbacks
,
1784 IN PVOID LazyWriteContext
1787 #define CcIsFileCached(FO) ( \
1788 ((FO)->SectionObjectPointer != NULL) && \
1789 (((PSECTION_OBJECT_POINTERS)(FO)->SectionObjectPointer)->SharedCacheMap != NULL) \
1795 CcIsThereDirtyData (
1803 IN PFILE_OBJECT FileObject
,
1804 IN PLARGE_INTEGER FileOffset
,
1815 IN PFILE_OBJECT FileObject
,
1816 IN PLARGE_INTEGER FileOffset
,
1819 OUT PIO_STATUS_BLOCK IoStatus
1826 IN PFILE_OBJECT FileObject
,
1833 CcMdlWriteComplete (
1834 IN PFILE_OBJECT FileObject
,
1835 IN PLARGE_INTEGER FileOffset
,
1843 IN PFILE_OBJECT FileObject
,
1844 IN PLARGE_INTEGER FileOffset
,
1846 #if (VER_PRODUCTBUILD >= 2195)
1858 IN PFILE_OBJECT FileObject
,
1859 IN PLARGE_INTEGER FileOffset
,
1861 #if (VER_PRODUCTBUILD >= 2195)
1874 IN PFILE_OBJECT FileObject
,
1875 IN PLARGE_INTEGER FileOffset
,
1878 OUT PIO_STATUS_BLOCK IoStatus
1885 IN PFILE_OBJECT FileObject
,
1886 IN PLARGE_INTEGER FileOffset
,
1889 #if (VER_PRODUCTBUILD >= 2195)
1901 CcPurgeCacheSection (
1902 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
1903 IN PLARGE_INTEGER FileOffset OPTIONAL
,
1905 IN BOOLEAN UninitializeCacheMaps
1908 #define CcReadAhead(FO, FOFF, LEN) ( \
1909 if ((LEN) >= 256) { \
1910 CcScheduleReadAhead((FO), (FOFF), (LEN)); \
1914 #if (VER_PRODUCTBUILD >= 2195)
1923 #endif /* (VER_PRODUCTBUILD >= 2195) */
1935 CcScheduleReadAhead (
1936 IN PFILE_OBJECT FileObject
,
1937 IN PLARGE_INTEGER FileOffset
,
1944 CcSetAdditionalCacheAttributes (
1945 IN PFILE_OBJECT FileObject
,
1946 IN BOOLEAN DisableReadAhead
,
1947 IN BOOLEAN DisableWriteBehind
1953 CcSetBcbOwnerPointer (
1955 IN PVOID OwnerPointer
1961 CcSetDirtyPageThreshold (
1962 IN PFILE_OBJECT FileObject
,
1963 IN ULONG DirtyPageThreshold
1969 CcSetDirtyPinnedData (
1971 IN PLARGE_INTEGER Lsn OPTIONAL
1978 IN PFILE_OBJECT FileObject
,
1979 IN PCC_FILE_SIZES FileSizes
1982 typedef VOID (NTAPI
*PFLUSH_TO_LSN
) (
1984 IN PLARGE_INTEGER Lsn
1990 CcSetLogHandleForFile (
1991 IN PFILE_OBJECT FileObject
,
1993 IN PFLUSH_TO_LSN FlushToLsnRoutine
1999 CcSetReadAheadGranularity (
2000 IN PFILE_OBJECT FileObject
,
2001 IN ULONG Granularity
/* default: PAGE_SIZE */
2002 /* allowed: 2^n * PAGE_SIZE */
2008 CcUninitializeCacheMap (
2009 IN PFILE_OBJECT FileObject
,
2010 IN PLARGE_INTEGER TruncateSize OPTIONAL
,
2011 IN PCACHE_UNINITIALIZE_EVENT UninitializeCompleteEvent OPTIONAL
2024 CcUnpinDataForThread (
2026 IN ERESOURCE_THREAD ResourceThreadId
2032 CcUnpinRepinnedBcb (
2034 IN BOOLEAN WriteThrough
,
2035 OUT PIO_STATUS_BLOCK IoStatus
2038 #if (VER_PRODUCTBUILD >= 2195)
2043 CcWaitForCurrentLazyWriterActivity (
2047 #endif /* (VER_PRODUCTBUILD >= 2195) */
2053 IN PFILE_OBJECT FileObject
,
2054 IN PLARGE_INTEGER StartOffset
,
2055 IN PLARGE_INTEGER EndOffset
,
2062 ExDisableResourceBoostLite (
2063 IN PERESOURCE Resource
2069 ExQueryPoolBlockSize (
2071 OUT PBOOLEAN QuotaCharged
2074 #define FlagOn(x, f) ((x) & (f))
2079 FsRtlAddToTunnelCache (
2081 IN ULONGLONG DirectoryKey
,
2082 IN PUNICODE_STRING ShortName
,
2083 IN PUNICODE_STRING LongName
,
2084 IN BOOLEAN KeyByShortName
,
2085 IN ULONG DataLength
,
2089 #if (VER_PRODUCTBUILD >= 2195)
2093 FsRtlAllocateFileLock (
2094 IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL
,
2095 IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL
2098 #endif /* (VER_PRODUCTBUILD >= 2195) */
2104 IN POOL_TYPE PoolType
,
2105 IN ULONG NumberOfBytes
2111 FsRtlAllocatePoolWithQuota (
2112 IN POOL_TYPE PoolType
,
2113 IN ULONG NumberOfBytes
2119 FsRtlAllocatePoolWithQuotaTag (
2120 IN POOL_TYPE PoolType
,
2121 IN ULONG NumberOfBytes
,
2128 FsRtlAllocatePoolWithTag (
2129 IN POOL_TYPE PoolType
,
2130 IN ULONG NumberOfBytes
,
2137 FsRtlAreNamesEqual (
2138 IN PUNICODE_STRING Name1
,
2139 IN PUNICODE_STRING Name2
,
2140 IN BOOLEAN IgnoreCase
,
2141 IN PWCHAR UpcaseTable OPTIONAL
2144 #define FsRtlAreThereCurrentFileLocks(FL) ( \
2145 ((FL)->FastIoIsQuestionable) \
2149 FsRtlCheckLockForReadAccess:
2151 All this really does is pick out the lock parameters from the irp (io stack
2152 location?), get IoGetRequestorProcess, and pass values on to
2153 FsRtlFastCheckLockForRead.
2158 FsRtlCheckLockForReadAccess (
2159 IN PFILE_LOCK FileLock
,
2164 FsRtlCheckLockForWriteAccess:
2166 All this really does is pick out the lock parameters from the irp (io stack
2167 location?), get IoGetRequestorProcess, and pass values on to
2168 FsRtlFastCheckLockForWrite.
2173 FsRtlCheckLockForWriteAccess (
2174 IN PFILE_LOCK FileLock
,
2180 (*POPLOCK_WAIT_COMPLETE_ROUTINE
) (
2187 (*POPLOCK_FS_PREPOST_IRP
) (
2199 IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL
,
2200 IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL
2207 IN PFILE_OBJECT FileObject
,
2208 IN PLARGE_INTEGER FileOffset
,
2213 OUT PIO_STATUS_BLOCK IoStatus
,
2214 IN PDEVICE_OBJECT DeviceObject
2221 IN PFILE_OBJECT FileObject
,
2222 IN PLARGE_INTEGER FileOffset
,
2227 OUT PIO_STATUS_BLOCK IoStatus
,
2228 IN PDEVICE_OBJECT DeviceObject
2234 FsRtlCurrentBatchOplock (
2241 FsRtlDeleteKeyFromTunnelCache (
2243 IN ULONGLONG DirectoryKey
2249 FsRtlDeleteTunnelCache (
2256 FsRtlDeregisterUncProvider (
2264 IN ANSI_STRING Name
,
2265 OUT PANSI_STRING FirstPart
,
2266 OUT PANSI_STRING RemainingPart
2273 IN UNICODE_STRING Name
,
2274 OUT PUNICODE_STRING FirstPart
,
2275 OUT PUNICODE_STRING RemainingPart
2281 FsRtlDoesDbcsContainWildCards (
2282 IN PANSI_STRING Name
2288 FsRtlDoesNameContainWildCards (
2289 IN PUNICODE_STRING Name
2292 #define FsRtlEnterFileSystem KeEnterCriticalRegion
2294 #define FsRtlExitFileSystem KeLeaveCriticalRegion
2299 FsRtlFastCheckLockForRead (
2300 IN PFILE_LOCK FileLock
,
2301 IN PLARGE_INTEGER FileOffset
,
2302 IN PLARGE_INTEGER Length
,
2304 IN PFILE_OBJECT FileObject
,
2305 IN PEPROCESS Process
2311 FsRtlFastCheckLockForWrite (
2312 IN PFILE_LOCK FileLock
,
2313 IN PLARGE_INTEGER FileOffset
,
2314 IN PLARGE_INTEGER Length
,
2316 IN PFILE_OBJECT FileObject
,
2317 IN PEPROCESS Process
2320 #define FsRtlFastLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, A10, A11) ( \
2321 FsRtlPrivateLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, NULL, A10, A11) \
2327 FsRtlFastUnlockAll (
2328 IN PFILE_LOCK FileLock
,
2329 IN PFILE_OBJECT FileObject
,
2330 IN PEPROCESS Process
,
2331 IN PVOID Context OPTIONAL
2333 /* ret: STATUS_RANGE_NOT_LOCKED */
2338 FsRtlFastUnlockAllByKey (
2339 IN PFILE_LOCK FileLock
,
2340 IN PFILE_OBJECT FileObject
,
2341 IN PEPROCESS Process
,
2343 IN PVOID Context OPTIONAL
2345 /* ret: STATUS_RANGE_NOT_LOCKED */
2350 FsRtlFastUnlockSingle (
2351 IN PFILE_LOCK FileLock
,
2352 IN PFILE_OBJECT FileObject
,
2353 IN PLARGE_INTEGER FileOffset
,
2354 IN PLARGE_INTEGER Length
,
2355 IN PEPROCESS Process
,
2357 IN PVOID Context OPTIONAL
,
2358 IN BOOLEAN AlreadySynchronized
2360 /* ret: STATUS_RANGE_NOT_LOCKED */
2365 FsRtlFindInTunnelCache (
2367 IN ULONGLONG DirectoryKey
,
2368 IN PUNICODE_STRING Name
,
2369 OUT PUNICODE_STRING ShortName
,
2370 OUT PUNICODE_STRING LongName
,
2371 IN OUT PULONG DataLength
,
2375 #if (VER_PRODUCTBUILD >= 2195)
2381 IN PFILE_LOCK FileLock
2384 #endif /* (VER_PRODUCTBUILD >= 2195) */
2390 IN PFILE_OBJECT FileObject
,
2391 IN OUT PLARGE_INTEGER FileSize
2395 FsRtlGetNextFileLock:
2397 ret: NULL if no more locks
2400 FsRtlGetNextFileLock uses FileLock->LastReturnedLockInfo and
2401 FileLock->LastReturnedLock as storage.
2402 LastReturnedLock is a pointer to the 'raw' lock inkl. double linked
2403 list, and FsRtlGetNextFileLock needs this to get next lock on subsequent
2404 calls with Restart = FALSE.
2409 FsRtlGetNextFileLock (
2410 IN PFILE_LOCK FileLock
,
2417 FsRtlInitializeFileLock (
2418 IN PFILE_LOCK FileLock
,
2419 IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL
,
2420 IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL
2426 FsRtlInitializeOplock (
2427 IN OUT POPLOCK Oplock
2433 FsRtlInitializeTunnelCache (
2440 FsRtlIsNameInExpression (
2441 IN PUNICODE_STRING Expression
,
2442 IN PUNICODE_STRING Name
,
2443 IN BOOLEAN IgnoreCase
,
2444 IN PWCHAR UpcaseTable OPTIONAL
2450 FsRtlIsNtstatusExpected (
2451 IN NTSTATUS Ntstatus
2454 #define FsRtlIsUnicodeCharacterWild(C) ( \
2457 FlagOn((*FsRtlLegalAnsiCharacterArray)[(C)], FSRTL_WILD_CHARACTER )) \
2463 FsRtlMdlReadComplete (
2464 IN PFILE_OBJECT FileObject
,
2471 FsRtlMdlReadCompleteDev (
2472 IN PFILE_OBJECT FileObject
,
2474 IN PDEVICE_OBJECT DeviceObject
2480 FsRtlMdlWriteComplete (
2481 IN PFILE_OBJECT FileObject
,
2482 IN PLARGE_INTEGER FileOffset
,
2489 FsRtlMdlWriteCompleteDev (
2490 IN PFILE_OBJECT FileObject
,
2491 IN PLARGE_INTEGER FileOffset
,
2493 IN PDEVICE_OBJECT DeviceObject
2499 FsRtlNormalizeNtstatus (
2500 IN NTSTATUS Exception
,
2501 IN NTSTATUS GenericException
2507 FsRtlNotifyChangeDirectory (
2508 IN PNOTIFY_SYNC NotifySync
,
2510 IN PSTRING FullDirectoryName
,
2511 IN PLIST_ENTRY NotifyList
,
2512 IN BOOLEAN WatchTree
,
2513 IN ULONG CompletionFilter
,
2520 FsRtlNotifyCleanup (
2521 IN PNOTIFY_SYNC NotifySync
,
2522 IN PLIST_ENTRY NotifyList
,
2526 typedef BOOLEAN (*PCHECK_FOR_TRAVERSE_ACCESS
) (
2527 IN PVOID NotifyContext
,
2528 IN PVOID TargetContext
,
2529 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
2535 FsRtlNotifyFullChangeDirectory (
2536 IN PNOTIFY_SYNC NotifySync
,
2537 IN PLIST_ENTRY NotifyList
,
2539 IN PSTRING FullDirectoryName
,
2540 IN BOOLEAN WatchTree
,
2541 IN BOOLEAN IgnoreBuffer
,
2542 IN ULONG CompletionFilter
,
2544 IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL
,
2545 IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL
2551 FsRtlNotifyFullReportChange (
2552 IN PNOTIFY_SYNC NotifySync
,
2553 IN PLIST_ENTRY NotifyList
,
2554 IN PSTRING FullTargetName
,
2555 IN USHORT TargetNameOffset
,
2556 IN PSTRING StreamName OPTIONAL
,
2557 IN PSTRING NormalizedParentName OPTIONAL
,
2558 IN ULONG FilterMatch
,
2560 IN PVOID TargetContext
2566 FsRtlNotifyInitializeSync (
2567 IN PNOTIFY_SYNC NotifySync
2573 FsRtlNotifyReportChange (
2574 IN PNOTIFY_SYNC NotifySync
,
2575 IN PLIST_ENTRY NotifyList
,
2576 IN PSTRING FullTargetName
,
2577 IN PUSHORT FileNamePartLength
,
2578 IN ULONG FilterMatch
2584 FsRtlNotifyUninitializeSync (
2585 IN PNOTIFY_SYNC NotifySync
2588 #if (VER_PRODUCTBUILD >= 2195)
2593 FsRtlNotifyVolumeEvent (
2594 IN PFILE_OBJECT FileObject
,
2598 #endif /* (VER_PRODUCTBUILD >= 2195) */
2612 FsRtlOplockIsFastIoPossible (
2619 ret: IoStatus->Status: STATUS_PENDING, STATUS_LOCK_NOT_GRANTED
2622 -Calls IoCompleteRequest if Irp
2623 -Uses exception handling / ExRaiseStatus with STATUS_INSUFFICIENT_RESOURCES
2629 IN PFILE_LOCK FileLock
,
2630 IN PFILE_OBJECT FileObject
,
2631 IN PLARGE_INTEGER FileOffset
,
2632 IN PLARGE_INTEGER Length
,
2633 IN PEPROCESS Process
,
2635 IN BOOLEAN FailImmediately
,
2636 IN BOOLEAN ExclusiveLock
,
2637 OUT PIO_STATUS_BLOCK IoStatus
,
2638 IN PIRP Irp OPTIONAL
,
2640 IN BOOLEAN AlreadySynchronized
2644 FsRtlProcessFileLock:
2647 -STATUS_INVALID_DEVICE_REQUEST
2648 -STATUS_RANGE_NOT_LOCKED from unlock routines.
2649 -STATUS_PENDING, STATUS_LOCK_NOT_GRANTED from FsRtlPrivateLock
2650 (redirected IoStatus->Status).
2653 -switch ( Irp->CurrentStackLocation->MinorFunction )
2654 lock: return FsRtlPrivateLock;
2655 unlocksingle: return FsRtlFastUnlockSingle;
2656 unlockall: return FsRtlFastUnlockAll;
2657 unlockallbykey: return FsRtlFastUnlockAllByKey;
2658 default: IofCompleteRequest with STATUS_INVALID_DEVICE_REQUEST;
2659 return STATUS_INVALID_DEVICE_REQUEST;
2661 -'AllwaysZero' is passed thru as 'AllwaysZero' to lock / unlock routines.
2662 -'Irp' is passet thru as 'Irp' to FsRtlPrivateLock.
2667 FsRtlProcessFileLock (
2668 IN PFILE_LOCK FileLock
,
2670 IN PVOID Context OPTIONAL
2676 FsRtlRegisterUncProvider (
2677 IN OUT PHANDLE MupHandle
,
2678 IN PUNICODE_STRING RedirectorDeviceName
,
2679 IN BOOLEAN MailslotsSupported
2685 FsRtlUninitializeFileLock (
2686 IN PFILE_LOCK FileLock
2692 FsRtlUninitializeOplock (
2693 IN OUT POPLOCK Oplock
2706 HalQueryRealTimeClock (
2707 IN OUT PTIME_FIELDS TimeFields
2713 HalSetRealTimeClock (
2714 IN PTIME_FIELDS TimeFields
2717 #define InitializeMessageHeader(m, l, t) { \
2718 (m)->Length = (USHORT)(l); \
2719 (m)->DataLength = (USHORT)(l - sizeof( LPC_MESSAGE )); \
2720 (m)->MessageType = (USHORT)(t); \
2721 (m)->DataInfoOffset = 0; \
2727 IoAcquireVpbSpinLock (
2734 IoCheckDesiredAccess (
2735 IN OUT PACCESS_MASK DesiredAccess
,
2736 IN ACCESS_MASK GrantedAccess
2742 IoCheckEaBufferValidity (
2743 IN PFILE_FULL_EA_INFORMATION EaBuffer
,
2745 OUT PULONG ErrorOffset
2751 IoCheckFunctionAccess (
2752 IN ACCESS_MASK GrantedAccess
,
2753 IN UCHAR MajorFunction
,
2754 IN UCHAR MinorFunction
,
2755 IN ULONG IoControlCode
,
2756 IN PFILE_INFORMATION_CLASS FileInformationClass OPTIONAL
,
2757 IN PFS_INFORMATION_CLASS FsInformationClass OPTIONAL
2760 #if (VER_PRODUCTBUILD >= 2195)
2765 IoCheckQuotaBufferValidity (
2766 IN PFILE_QUOTA_INFORMATION QuotaBuffer
,
2767 IN ULONG QuotaLength
,
2768 OUT PULONG ErrorOffset
2771 #endif /* (VER_PRODUCTBUILD >= 2195) */
2776 IoCreateStreamFileObject (
2777 IN PFILE_OBJECT FileObject OPTIONAL
,
2778 IN PDEVICE_OBJECT DeviceObject OPTIONAL
2781 #if (VER_PRODUCTBUILD >= 2195)
2786 IoCreateStreamFileObjectLite (
2787 IN PFILE_OBJECT FileObject OPTIONAL
,
2788 IN PDEVICE_OBJECT DeviceObject OPTIONAL
2791 #endif /* (VER_PRODUCTBUILD >= 2195) */
2796 IoFastQueryNetworkAttributes (
2797 IN POBJECT_ATTRIBUTES ObjectAttributes
,
2798 IN ACCESS_MASK DesiredAccess
,
2799 IN ULONG OpenOptions
,
2800 OUT PIO_STATUS_BLOCK IoStatus
,
2801 OUT PFILE_NETWORK_OPEN_INFORMATION Buffer
2807 IoGetAttachedDevice (
2808 IN PDEVICE_OBJECT DeviceObject
2814 IoGetBaseFileSystemDeviceObject (
2815 IN PFILE_OBJECT FileObject
2821 IoGetRequestorProcess (
2825 #if (VER_PRODUCTBUILD >= 2195)
2830 IoGetRequestorProcessId (
2834 #endif /* (VER_PRODUCTBUILD >= 2195) */
2843 #define IoIsFileOpenedExclusively(FileObject) ( \
2845 (FileObject)->SharedRead || \
2846 (FileObject)->SharedWrite || \
2847 (FileObject)->SharedDelete \
2854 IoIsOperationSynchronous (
2865 #if (VER_PRODUCTBUILD >= 2195)
2870 IoIsValidNameGraftingBuffer (
2872 IN PREPARSE_DATA_BUFFER ReparseBuffer
2875 #endif /* (VER_PRODUCTBUILD >= 2195) */
2881 IN PFILE_OBJECT FileObject
,
2883 IN PLARGE_INTEGER Offset
,
2885 OUT PIO_STATUS_BLOCK IoStatusBlock
2891 IoQueryFileInformation (
2892 IN PFILE_OBJECT FileObject
,
2893 IN FILE_INFORMATION_CLASS FileInformationClass
,
2895 OUT PVOID FileInformation
,
2896 OUT PULONG ReturnedLength
2902 IoQueryVolumeInformation (
2903 IN PFILE_OBJECT FileObject
,
2904 IN FS_INFORMATION_CLASS FsInformationClass
,
2906 OUT PVOID FsInformation
,
2907 OUT PULONG ReturnedLength
2913 IoRegisterFileSystem (
2914 IN OUT PDEVICE_OBJECT DeviceObject
2917 #if (VER_PRODUCTBUILD >= 1381)
2919 typedef VOID (NTAPI
*PDRIVER_FS_NOTIFICATION
) (
2920 IN PDEVICE_OBJECT DeviceObject
,
2921 IN BOOLEAN DriverActive
2927 IoRegisterFsRegistrationChange (
2928 IN PDRIVER_OBJECT DriverObject
,
2929 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
2932 #endif /* (VER_PRODUCTBUILD >= 1381) */
2937 IoReleaseVpbSpinLock (
2944 IoSetDeviceToVerify (
2946 IN PDEVICE_OBJECT DeviceObject
2953 IN PFILE_OBJECT FileObject
,
2954 IN FILE_INFORMATION_CLASS FileInformationClass
,
2956 IN PVOID FileInformation
2969 IoSynchronousPageWrite (
2970 IN PFILE_OBJECT FileObject
,
2972 IN PLARGE_INTEGER FileOffset
,
2974 OUT PIO_STATUS_BLOCK IoStatusBlock
2987 IoUnregisterFileSystem (
2988 IN OUT PDEVICE_OBJECT DeviceObject
2991 #if (VER_PRODUCTBUILD >= 1381)
2996 IoUnregisterFsRegistrationChange (
2997 IN PDRIVER_OBJECT DriverObject
,
2998 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
3001 #endif /* (VER_PRODUCTBUILD >= 1381) */
3007 IN PDEVICE_OBJECT DeviceObject
,
3008 IN BOOLEAN AllowRawMount
3015 IN PEPROCESS Process
3030 IN ULONG Count OPTIONAL
3038 IN PLIST_ENTRY Entry
3046 IN PLIST_ENTRY Entry
3054 IN PVOID SystemArgument1
,
3055 IN PVOID SystemArgument2
,
3056 IN KPRIORITY PriorityBoost
3071 IN KPROCESSOR_MODE WaitMode
,
3072 IN PLARGE_INTEGER Timeout OPTIONAL
3082 #if (VER_PRODUCTBUILD >= 2195)
3087 KeStackAttachProcess (
3088 IN PKPROCESS Process
,
3089 OUT PKAPC_STATE ApcState
3095 KeUnstackDetachProcess (
3096 IN PKAPC_STATE ApcState
3099 #endif /* (VER_PRODUCTBUILD >= 2195) */
3104 MmCanFileBeTruncated (
3105 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
3106 IN PLARGE_INTEGER NewFileSize
3112 MmFlushImageSection (
3113 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
3114 IN MMFLUSH_TYPE FlushType
3120 MmForceSectionClosed (
3121 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
3122 IN BOOLEAN DelayClose
3125 #if (VER_PRODUCTBUILD >= 1381)
3130 MmIsRecursiveIoFault (
3136 #define MmIsRecursiveIoFault() ( \
3137 (PsGetCurrentThread()->DisablePageFaultClustering) | \
3138 (PsGetCurrentThread()->ForwardClusterOnly) \
3146 MmMapViewOfSection (
3147 IN PVOID SectionObject
,
3148 IN PEPROCESS Process
,
3149 IN OUT PVOID
*BaseAddress
,
3151 IN ULONG CommitSize
,
3152 IN OUT PLARGE_INTEGER SectionOffset OPTIONAL
,
3153 IN OUT PULONG ViewSize
,
3154 IN SECTION_INHERIT InheritDisposition
,
3155 IN ULONG AllocationType
,
3162 MmSetAddressRangeModified (
3171 IN KPROCESSOR_MODE ObjectAttributesAccessMode OPTIONAL
,
3172 IN POBJECT_TYPE ObjectType
,
3173 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
3174 IN KPROCESSOR_MODE AccessMode
,
3175 IN OUT PVOID ParseContext OPTIONAL
,
3176 IN ULONG ObjectSize
,
3177 IN ULONG PagedPoolCharge OPTIONAL
,
3178 IN ULONG NonPagedPoolCharge OPTIONAL
,
3185 ObGetObjectPointerCount (
3194 IN PACCESS_STATE PassedAccessState OPTIONAL
,
3195 IN ACCESS_MASK DesiredAccess
,
3196 IN ULONG AdditionalReferences
,
3197 OUT PVOID
*ReferencedObject OPTIONAL
,
3204 ObMakeTemporaryObject (
3211 ObOpenObjectByPointer (
3213 IN ULONG HandleAttributes
,
3214 IN PACCESS_STATE PassedAccessState OPTIONAL
,
3215 IN ACCESS_MASK DesiredAccess OPTIONAL
,
3216 IN POBJECT_TYPE ObjectType OPTIONAL
,
3217 IN KPROCESSOR_MODE AccessMode
,
3226 OUT POBJECT_NAME_INFORMATION ObjectNameInfo
,
3228 OUT PULONG ReturnLength
3234 ObQueryObjectAuditingByHandle (
3236 OUT PBOOLEAN GenerateOnClose
3242 ObReferenceObjectByName (
3243 IN PUNICODE_STRING ObjectName
,
3244 IN ULONG Attributes
,
3245 IN PACCESS_STATE PassedAccessState OPTIONAL
,
3246 IN ACCESS_MASK DesiredAccess OPTIONAL
,
3247 IN POBJECT_TYPE ObjectType
,
3248 IN KPROCESSOR_MODE AccessMode
,
3249 IN OUT PVOID ParseContext OPTIONAL
,
3257 IN PEPROCESS Process
,
3258 IN POOL_TYPE PoolType
,
3262 #define PsDereferenceImpersonationToken(T) \
3263 {if (ARGUMENT_PRESENT(T)) { \
3264 (ObDereferenceObject((T))); \
3270 #define PsDereferencePrimaryToken(T) (ObDereferenceObject((T)))
3275 PsGetProcessExitTime (
3282 PsIsThreadTerminating (
3289 PsLookupProcessByProcessId (
3291 OUT PEPROCESS
*Process
3297 PsLookupProcessThreadByCid (
3299 OUT PEPROCESS
*Process OPTIONAL
,
3300 OUT PETHREAD
*Thread
3306 PsLookupThreadByThreadId (
3307 IN PVOID UniqueThreadId
,
3308 OUT PETHREAD
*Thread
3314 PsReferenceImpersonationToken (
3316 OUT PBOOLEAN CopyOnUse
,
3317 OUT PBOOLEAN EffectiveOnly
,
3318 OUT PSECURITY_IMPERSONATION_LEVEL Level
3324 PsReferencePrimaryToken (
3325 IN PEPROCESS Process
3332 IN PEPROCESS Process
,
3333 IN POOL_TYPE PoolType
,
3347 RtlAbsoluteToSelfRelativeSD (
3348 IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor
,
3349 IN OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor
,
3350 IN PULONG BufferLength
3357 IN HANDLE HeapHandle
,
3366 IN USHORT CompressionFormatAndEngine
,
3367 IN PUCHAR UncompressedBuffer
,
3368 IN ULONG UncompressedBufferSize
,
3369 OUT PUCHAR CompressedBuffer
,
3370 IN ULONG CompressedBufferSize
,
3371 IN ULONG UncompressedChunkSize
,
3372 OUT PULONG FinalCompressedSize
,
3380 IN PUCHAR UncompressedBuffer
,
3381 IN ULONG UncompressedBufferSize
,
3382 OUT PUCHAR CompressedBuffer
,
3383 IN ULONG CompressedBufferSize
,
3384 IN OUT PCOMPRESSED_DATA_INFO CompressedDataInfo
,
3385 IN ULONG CompressedDataInfoLength
,
3392 RtlConvertSidToUnicodeString (
3393 OUT PUNICODE_STRING DestinationString
,
3395 IN BOOLEAN AllocateDestinationString
3403 IN PSID Destination
,
3410 RtlDecompressBuffer (
3411 IN USHORT CompressionFormat
,
3412 OUT PUCHAR UncompressedBuffer
,
3413 IN ULONG UncompressedBufferSize
,
3414 IN PUCHAR CompressedBuffer
,
3415 IN ULONG CompressedBufferSize
,
3416 OUT PULONG FinalUncompressedSize
3422 RtlDecompressChunks (
3423 OUT PUCHAR UncompressedBuffer
,
3424 IN ULONG UncompressedBufferSize
,
3425 IN PUCHAR CompressedBuffer
,
3426 IN ULONG CompressedBufferSize
,
3427 IN PUCHAR CompressedTail
,
3428 IN ULONG CompressedTailSize
,
3429 IN PCOMPRESSED_DATA_INFO CompressedDataInfo
3435 RtlDecompressFragment (
3436 IN USHORT CompressionFormat
,
3437 OUT PUCHAR UncompressedFragment
,
3438 IN ULONG UncompressedFragmentSize
,
3439 IN PUCHAR CompressedBuffer
,
3440 IN ULONG CompressedBufferSize
,
3441 IN ULONG FragmentOffset
,
3442 OUT PULONG FinalUncompressedSize
,
3450 IN USHORT CompressionFormat
,
3451 IN OUT PUCHAR
*CompressedBuffer
,
3452 IN PUCHAR EndOfCompressedBufferPlus1
,
3453 OUT PUCHAR
*ChunkBuffer
,
3454 OUT PULONG ChunkSize
3468 RtlFillMemoryUlong (
3469 IN PVOID Destination
,
3478 IN HANDLE HeapHandle
,
3486 RtlGenerate8dot3Name (
3487 IN PUNICODE_STRING Name
,
3488 IN BOOLEAN AllowExtendedCharacters
,
3489 IN OUT PGENERATE_NAME_CONTEXT Context
,
3490 OUT PUNICODE_STRING Name8dot3
3496 RtlGetCompressionWorkSpaceSize (
3497 IN USHORT CompressionFormatAndEngine
,
3498 OUT PULONG CompressBufferWorkSpaceSize
,
3499 OUT PULONG CompressFragmentWorkSpaceSize
3505 RtlGetDaclSecurityDescriptor (
3506 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
3507 OUT PBOOLEAN DaclPresent
,
3509 OUT PBOOLEAN DaclDefaulted
3515 RtlGetGroupSecurityDescriptor (
3516 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
3518 OUT PBOOLEAN GroupDefaulted
3524 RtlGetOwnerSecurityDescriptor (
3525 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
3527 OUT PBOOLEAN OwnerDefaulted
3535 IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority
,
3536 IN UCHAR SubAuthorityCount
3542 RtlIsNameLegalDOS8Dot3 (
3543 IN PUNICODE_STRING UnicodeName
,
3544 IN PANSI_STRING AnsiName
,
3551 RtlLengthRequiredSid (
3552 IN UCHAR SubAuthorityCount
3565 RtlNtStatusToDosError (
3573 IN USHORT CompressionFormat
,
3574 IN OUT PUCHAR
*CompressedBuffer
,
3575 IN PUCHAR EndOfCompressedBufferPlus1
,
3576 OUT PUCHAR
*ChunkBuffer
,
3583 RtlSecondsSince1970ToTime (
3584 IN ULONG SecondsSince1970
,
3585 OUT PLARGE_INTEGER Time
3588 #if (VER_PRODUCTBUILD >= 2195)
3593 RtlSelfRelativeToAbsoluteSD (
3594 IN PSECURITY_DESCRIPTOR SelfRelativeSD
,
3595 OUT PSECURITY_DESCRIPTOR AbsoluteSD
,
3596 IN PULONG AbsoluteSDSize
,
3602 IN PULONG OwnerSize
,
3603 IN PSID PrimaryGroup
,
3604 IN PULONG PrimaryGroupSize
3607 #endif /* (VER_PRODUCTBUILD >= 2195) */
3612 RtlSetGroupSecurityDescriptor (
3613 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
3615 IN BOOLEAN GroupDefaulted
3621 RtlSetOwnerSecurityDescriptor (
3622 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
3624 IN BOOLEAN OwnerDefaulted
3630 RtlSetSaclSecurityDescriptor (
3631 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
3632 IN BOOLEAN SaclPresent
,
3634 IN BOOLEAN SaclDefaulted
3640 RtlSubAuthorityCountSid (
3647 RtlSubAuthoritySid (
3649 IN ULONG SubAuthority
3662 SeAppendPrivileges (
3663 PACCESS_STATE AccessState
,
3664 PPRIVILEGE_SET Privileges
3670 SeAuditingFileEvents (
3671 IN BOOLEAN AccessGranted
,
3672 IN PSECURITY_DESCRIPTOR SecurityDescriptor
3678 SeAuditingFileOrGlobalEvents (
3679 IN BOOLEAN AccessGranted
,
3680 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
3681 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
3687 SeCaptureSubjectContext (
3688 OUT PSECURITY_SUBJECT_CONTEXT SubjectContext
3694 SeCreateAccessState (
3695 OUT PACCESS_STATE AccessState
,
3697 IN ACCESS_MASK AccessMask
,
3698 IN PGENERIC_MAPPING Mapping
3704 SeCreateClientSecurity (
3706 IN PSECURITY_QUALITY_OF_SERVICE QualityOfService
,
3707 IN BOOLEAN RemoteClient
,
3708 OUT PSECURITY_CLIENT_CONTEXT ClientContext
3711 #if (VER_PRODUCTBUILD >= 2195)
3716 SeCreateClientSecurityFromSubjectContext (
3717 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
,
3718 IN PSECURITY_QUALITY_OF_SERVICE QualityOfService
,
3719 IN BOOLEAN ServerIsRemote
,
3720 OUT PSECURITY_CLIENT_CONTEXT ClientContext
3723 #endif /* (VER_PRODUCTBUILD >= 2195) */
3725 #define SeDeleteClientSecurity(C) { \
3726 if (SeTokenType((C)->ClientToken) == TokenPrimary) { \
3727 PsDereferencePrimaryToken( (C)->ClientToken ); \
3729 PsDereferenceImpersonationToken( (C)->ClientToken ); \
3736 SeDeleteObjectAuditAlarm (
3741 #define SeEnableAccessToExports() SeExports = *(PSE_EXPORTS *)SeExports;
3747 IN PPRIVILEGE_SET Privileges
3753 SeImpersonateClient (
3754 IN PSECURITY_CLIENT_CONTEXT ClientContext
,
3755 IN PETHREAD ServerThread OPTIONAL
3758 #if (VER_PRODUCTBUILD >= 2195)
3763 SeImpersonateClientEx (
3764 IN PSECURITY_CLIENT_CONTEXT ClientContext
,
3765 IN PETHREAD ServerThread OPTIONAL
3768 #endif /* (VER_PRODUCTBUILD >= 2195) */
3773 SeLockSubjectContext (
3774 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
3780 SeMarkLogonSessionForTerminationNotification (
3787 SeOpenObjectAuditAlarm (
3788 IN PUNICODE_STRING ObjectTypeName
,
3789 IN PVOID Object OPTIONAL
,
3790 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL
,
3791 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
3792 IN PACCESS_STATE AccessState
,
3793 IN BOOLEAN ObjectCreated
,
3794 IN BOOLEAN AccessGranted
,
3795 IN KPROCESSOR_MODE AccessMode
,
3796 OUT PBOOLEAN GenerateOnClose
3802 SeOpenObjectForDeleteAuditAlarm (
3803 IN PUNICODE_STRING ObjectTypeName
,
3804 IN PVOID Object OPTIONAL
,
3805 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL
,
3806 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
3807 IN PACCESS_STATE AccessState
,
3808 IN BOOLEAN ObjectCreated
,
3809 IN BOOLEAN AccessGranted
,
3810 IN KPROCESSOR_MODE AccessMode
,
3811 OUT PBOOLEAN GenerateOnClose
3818 IN OUT PPRIVILEGE_SET RequiredPrivileges
,
3819 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
,
3820 IN KPROCESSOR_MODE AccessMode
3826 SeQueryAuthenticationIdToken (
3827 IN PACCESS_TOKEN Token
,
3831 #if (VER_PRODUCTBUILD >= 2195)
3836 SeQueryInformationToken (
3837 IN PACCESS_TOKEN Token
,
3838 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
3839 OUT PVOID
*TokenInformation
3842 #endif /* (VER_PRODUCTBUILD >= 2195) */
3847 SeQuerySecurityDescriptorInfo (
3848 IN PSECURITY_INFORMATION SecurityInformation
,
3849 OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
3850 IN OUT PULONG Length
,
3851 IN PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
3854 #if (VER_PRODUCTBUILD >= 2195)
3859 SeQuerySessionIdToken (
3860 IN PACCESS_TOKEN Token
,
3864 #endif /* (VER_PRODUCTBUILD >= 2195) */
3866 #define SeQuerySubjectContextToken( SubjectContext ) \
3867 ( ARGUMENT_PRESENT( \
3868 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken \
3870 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken : \
3871 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->PrimaryToken )
3873 typedef NTSTATUS (*PSE_LOGON_SESSION_TERMINATED_ROUTINE
) (
3880 SeRegisterLogonSessionTerminatedRoutine (
3881 IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
3887 SeReleaseSubjectContext (
3888 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
3894 SeSetAccessStateGenericMapping (
3895 PACCESS_STATE AccessState
,
3896 PGENERIC_MAPPING GenericMapping
3902 SeSetSecurityDescriptorInfo (
3903 IN PVOID Object OPTIONAL
,
3904 IN PSECURITY_INFORMATION SecurityInformation
,
3905 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
3906 IN OUT PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
,
3907 IN POOL_TYPE PoolType
,
3908 IN PGENERIC_MAPPING GenericMapping
3911 #if (VER_PRODUCTBUILD >= 2195)
3916 SeSetSecurityDescriptorInfoEx (
3917 IN PVOID Object OPTIONAL
,
3918 IN PSECURITY_INFORMATION SecurityInformation
,
3919 IN PSECURITY_DESCRIPTOR ModificationDescriptor
,
3920 IN OUT PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
,
3921 IN ULONG AutoInheritFlags
,
3922 IN POOL_TYPE PoolType
,
3923 IN PGENERIC_MAPPING GenericMapping
3930 IN PACCESS_TOKEN Token
3936 SeTokenIsRestricted (
3937 IN PACCESS_TOKEN Token
3940 #endif /* (VER_PRODUCTBUILD >= 2195) */
3946 IN PACCESS_TOKEN Token
3952 SeUnlockSubjectContext (
3953 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
3958 SeUnregisterLogonSessionTerminatedRoutine (
3959 IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
3962 #if (VER_PRODUCTBUILD >= 2195)
3967 ZwAdjustPrivilegesToken (
3968 IN HANDLE TokenHandle
,
3969 IN BOOLEAN DisableAllPrivileges
,
3970 IN PTOKEN_PRIVILEGES NewState
,
3971 IN ULONG BufferLength
,
3972 OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL
,
3973 OUT PULONG ReturnLength
3976 #endif /* (VER_PRODUCTBUILD >= 2195) */
3982 IN HANDLE ThreadHandle
3988 ZwAllocateVirtualMemory (
3989 IN HANDLE ProcessHandle
,
3990 IN OUT PVOID
*BaseAddress
,
3992 IN OUT PULONG RegionSize
,
3993 IN ULONG AllocationType
,
4000 ZwAccessCheckAndAuditAlarm (
4001 IN PUNICODE_STRING SubsystemName
,
4003 IN PUNICODE_STRING ObjectTypeName
,
4004 IN PUNICODE_STRING ObjectName
,
4005 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
4006 IN ACCESS_MASK DesiredAccess
,
4007 IN PGENERIC_MAPPING GenericMapping
,
4008 IN BOOLEAN ObjectCreation
,
4009 OUT PACCESS_MASK GrantedAccess
,
4010 OUT PBOOLEAN AccessStatus
,
4011 OUT PBOOLEAN GenerateOnClose
4014 #if (VER_PRODUCTBUILD >= 2195)
4020 IN HANDLE FileHandle
,
4021 OUT PIO_STATUS_BLOCK IoStatusBlock
4024 #endif /* (VER_PRODUCTBUILD >= 2195) */
4030 IN HANDLE EventHandle
4036 ZwCloseObjectAuditAlarm (
4037 IN PUNICODE_STRING SubsystemName
,
4039 IN BOOLEAN GenerateOnClose
4046 OUT PHANDLE SectionHandle
,
4047 IN ACCESS_MASK DesiredAccess
,
4048 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
4049 IN PLARGE_INTEGER MaximumSize OPTIONAL
,
4050 IN ULONG SectionPageProtection
,
4051 IN ULONG AllocationAttributes
,
4052 IN HANDLE FileHandle OPTIONAL
4058 ZwCreateSymbolicLinkObject (
4059 OUT PHANDLE SymbolicLinkHandle
,
4060 IN ACCESS_MASK DesiredAccess
,
4061 IN POBJECT_ATTRIBUTES ObjectAttributes
,
4062 IN PUNICODE_STRING TargetName
4069 IN POBJECT_ATTRIBUTES ObjectAttributes
4077 IN PUNICODE_STRING Name
4083 ZwDeviceIoControlFile (
4084 IN HANDLE FileHandle
,
4085 IN HANDLE Event OPTIONAL
,
4086 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
4087 IN PVOID ApcContext OPTIONAL
,
4088 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4089 IN ULONG IoControlCode
,
4090 IN PVOID InputBuffer OPTIONAL
,
4091 IN ULONG InputBufferLength
,
4092 OUT PVOID OutputBuffer OPTIONAL
,
4093 IN ULONG OutputBufferLength
4100 IN PUNICODE_STRING String
4107 IN HANDLE SourceProcessHandle
,
4108 IN HANDLE SourceHandle
,
4109 IN HANDLE TargetProcessHandle OPTIONAL
,
4110 OUT PHANDLE TargetHandle OPTIONAL
,
4111 IN ACCESS_MASK DesiredAccess
,
4112 IN ULONG HandleAttributes
,
4120 IN HANDLE ExistingTokenHandle
,
4121 IN ACCESS_MASK DesiredAccess
,
4122 IN POBJECT_ATTRIBUTES ObjectAttributes
,
4123 IN BOOLEAN EffectiveOnly
,
4124 IN TOKEN_TYPE TokenType
,
4125 OUT PHANDLE NewTokenHandle
4131 ZwFlushInstructionCache (
4132 IN HANDLE ProcessHandle
,
4133 IN PVOID BaseAddress OPTIONAL
,
4137 #if (VER_PRODUCTBUILD >= 2195)
4142 ZwFlushVirtualMemory (
4143 IN HANDLE ProcessHandle
,
4144 IN OUT PVOID
*BaseAddress
,
4145 IN OUT PULONG FlushSize
,
4146 OUT PIO_STATUS_BLOCK IoStatusBlock
4149 #endif /* (VER_PRODUCTBUILD >= 2195) */
4154 ZwFreeVirtualMemory (
4155 IN HANDLE ProcessHandle
,
4156 IN OUT PVOID
*BaseAddress
,
4157 IN OUT PULONG RegionSize
,
4165 IN HANDLE FileHandle
,
4166 IN HANDLE Event OPTIONAL
,
4167 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
4168 IN PVOID ApcContext OPTIONAL
,
4169 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4170 IN ULONG FsControlCode
,
4171 IN PVOID InputBuffer OPTIONAL
,
4172 IN ULONG InputBufferLength
,
4173 OUT PVOID OutputBuffer OPTIONAL
,
4174 IN ULONG OutputBufferLength
4177 #if (VER_PRODUCTBUILD >= 2195)
4182 ZwInitiatePowerAction (
4183 IN POWER_ACTION SystemAction
,
4184 IN SYSTEM_POWER_STATE MinSystemState
,
4186 IN BOOLEAN Asynchronous
4189 #endif /* (VER_PRODUCTBUILD >= 2195) */
4195 /* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" */
4196 IN PUNICODE_STRING RegistryPath
4203 IN POBJECT_ATTRIBUTES KeyObjectAttributes
,
4204 IN POBJECT_ATTRIBUTES FileObjectAttributes
4211 IN HANDLE KeyHandle
,
4212 IN HANDLE EventHandle OPTIONAL
,
4213 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
4214 IN PVOID ApcContext OPTIONAL
,
4215 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4216 IN ULONG NotifyFilter
,
4217 IN BOOLEAN WatchSubtree
,
4219 IN ULONG BufferLength
,
4220 IN BOOLEAN Asynchronous
4226 ZwOpenDirectoryObject (
4227 OUT PHANDLE DirectoryHandle
,
4228 IN ACCESS_MASK DesiredAccess
,
4229 IN POBJECT_ATTRIBUTES ObjectAttributes
4236 OUT PHANDLE EventHandle
,
4237 IN ACCESS_MASK DesiredAccess
,
4238 IN POBJECT_ATTRIBUTES ObjectAttributes
4245 OUT PHANDLE ProcessHandle
,
4246 IN ACCESS_MASK DesiredAccess
,
4247 IN POBJECT_ATTRIBUTES ObjectAttributes
,
4248 IN PCLIENT_ID ClientId OPTIONAL
4254 ZwOpenProcessToken (
4255 IN HANDLE ProcessHandle
,
4256 IN ACCESS_MASK DesiredAccess
,
4257 OUT PHANDLE TokenHandle
4264 OUT PHANDLE ThreadHandle
,
4265 IN ACCESS_MASK DesiredAccess
,
4266 IN POBJECT_ATTRIBUTES ObjectAttributes
,
4267 IN PCLIENT_ID ClientId
4274 IN HANDLE ThreadHandle
,
4275 IN ACCESS_MASK DesiredAccess
,
4276 IN BOOLEAN OpenAsSelf
,
4277 OUT PHANDLE TokenHandle
4280 #if (VER_PRODUCTBUILD >= 2195)
4285 ZwPowerInformation (
4286 IN POWER_INFORMATION_LEVEL PowerInformationLevel
,
4287 IN PVOID InputBuffer OPTIONAL
,
4288 IN ULONG InputBufferLength
,
4289 OUT PVOID OutputBuffer OPTIONAL
,
4290 IN ULONG OutputBufferLength
4293 #endif /* (VER_PRODUCTBUILD >= 2195) */
4299 IN HANDLE EventHandle
,
4300 OUT PLONG PreviousState OPTIONAL
4306 ZwQueryDefaultLocale (
4307 IN BOOLEAN ThreadOrSystem
,
4314 ZwQueryDirectoryFile (
4315 IN HANDLE FileHandle
,
4316 IN HANDLE Event OPTIONAL
,
4317 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
4318 IN PVOID ApcContext OPTIONAL
,
4319 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4320 OUT PVOID FileInformation
,
4322 IN FILE_INFORMATION_CLASS FileInformationClass
,
4323 IN BOOLEAN ReturnSingleEntry
,
4324 IN PUNICODE_STRING FileName OPTIONAL
,
4325 IN BOOLEAN RestartScan
4328 #if (VER_PRODUCTBUILD >= 2195)
4333 ZwQueryDirectoryObject (
4334 IN HANDLE DirectoryHandle
,
4337 IN BOOLEAN ReturnSingleEntry
,
4338 IN BOOLEAN RestartScan
,
4339 IN OUT PULONG Context
,
4340 OUT PULONG ReturnLength OPTIONAL
4347 IN HANDLE FileHandle
,
4348 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4351 IN BOOLEAN ReturnSingleEntry
,
4352 IN PVOID EaList OPTIONAL
,
4353 IN ULONG EaListLength
,
4354 IN PULONG EaIndex OPTIONAL
,
4355 IN BOOLEAN RestartScan
4358 #endif /* (VER_PRODUCTBUILD >= 2195) */
4363 ZwQueryInformationProcess (
4364 IN HANDLE ProcessHandle
,
4365 IN PROCESSINFOCLASS ProcessInformationClass
,
4366 OUT PVOID ProcessInformation
,
4367 IN ULONG ProcessInformationLength
,
4368 OUT PULONG ReturnLength OPTIONAL
4374 ZwQueryInformationToken (
4375 IN HANDLE TokenHandle
,
4376 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
4377 OUT PVOID TokenInformation
,
4379 OUT PULONG ResultLength
4386 IN HANDLE ObjectHandle
,
4387 IN OBJECT_INFORMATION_CLASS ObjectInformationClass
,
4388 OUT PVOID ObjectInformation
,
4390 OUT PULONG ResultLength
4397 IN HANDLE SectionHandle
,
4398 IN SECTION_INFORMATION_CLASS SectionInformationClass
,
4399 OUT PVOID SectionInformation
,
4400 IN ULONG SectionInformationLength
,
4401 OUT PULONG ResultLength OPTIONAL
4407 ZwQuerySecurityObject (
4408 IN HANDLE FileHandle
,
4409 IN SECURITY_INFORMATION SecurityInformation
,
4410 OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
4412 OUT PULONG ResultLength
4418 ZwQuerySystemInformation (
4419 IN SYSTEM_INFORMATION_CLASS SystemInformationClass
,
4420 OUT PVOID SystemInformation
,
4422 OUT PULONG ReturnLength
4428 ZwQueryVolumeInformationFile (
4429 IN HANDLE FileHandle
,
4430 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4431 OUT PVOID FsInformation
,
4433 IN FS_INFORMATION_CLASS FsInformationClass
4440 IN POBJECT_ATTRIBUTES NewFileObjectAttributes
,
4441 IN HANDLE KeyHandle
,
4442 IN POBJECT_ATTRIBUTES OldFileObjectAttributes
4449 IN HANDLE EventHandle
,
4450 OUT PLONG PreviousState OPTIONAL
4453 #if (VER_PRODUCTBUILD >= 2195)
4459 IN HANDLE KeyHandle
,
4460 IN HANDLE FileHandle
,
4464 #endif /* (VER_PRODUCTBUILD >= 2195) */
4470 IN HANDLE KeyHandle
,
4471 IN HANDLE FileHandle
4477 ZwSetDefaultLocale (
4478 IN BOOLEAN ThreadOrSystem
,
4482 #if (VER_PRODUCTBUILD >= 2195)
4487 ZwSetDefaultUILanguage (
4488 IN LANGID LanguageId
4495 IN HANDLE FileHandle
,
4496 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4501 #endif /* (VER_PRODUCTBUILD >= 2195) */
4507 IN HANDLE EventHandle
,
4508 OUT PLONG PreviousState OPTIONAL
4514 ZwSetInformationObject (
4515 IN HANDLE ObjectHandle
,
4516 IN OBJECT_INFORMATION_CLASS ObjectInformationClass
,
4517 IN PVOID ObjectInformation
,
4518 IN ULONG ObjectInformationLength
4524 ZwSetInformationProcess (
4525 IN HANDLE ProcessHandle
,
4526 IN PROCESSINFOCLASS ProcessInformationClass
,
4527 IN PVOID ProcessInformation
,
4528 IN ULONG ProcessInformationLength
4531 #if (VER_PRODUCTBUILD >= 2195)
4536 ZwSetSecurityObject (
4538 IN SECURITY_INFORMATION SecurityInformation
,
4539 IN PSECURITY_DESCRIPTOR SecurityDescriptor
4542 #endif /* (VER_PRODUCTBUILD >= 2195) */
4547 ZwSetSystemInformation (
4548 IN SYSTEM_INFORMATION_CLASS SystemInformationClass
,
4549 IN PVOID SystemInformation
,
4557 IN PLARGE_INTEGER NewTime
,
4558 OUT PLARGE_INTEGER OldTime OPTIONAL
4561 #if (VER_PRODUCTBUILD >= 2195)
4566 ZwSetVolumeInformationFile (
4567 IN HANDLE FileHandle
,
4568 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4569 IN PVOID FsInformation
,
4571 IN FS_INFORMATION_CLASS FsInformationClass
4574 #endif /* (VER_PRODUCTBUILD >= 2195) */
4579 ZwTerminateProcess (
4580 IN HANDLE ProcessHandle OPTIONAL
,
4581 IN NTSTATUS ExitStatus
4588 /* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" */
4589 IN PUNICODE_STRING RegistryPath
4596 IN POBJECT_ATTRIBUTES KeyObjectAttributes
4602 ZwWaitForSingleObject (
4604 IN BOOLEAN Alertable
,
4605 IN PLARGE_INTEGER Timeout OPTIONAL
4611 ZwWaitForMultipleObjects (
4612 IN ULONG HandleCount
,
4614 IN WAIT_TYPE WaitType
,
4615 IN BOOLEAN Alertable
,
4616 IN PLARGE_INTEGER Timeout OPTIONAL
4632 #endif /* _NTIFS_ */