4 * Windows NT Filesystem Driver Developer Kit
6 * This file is part of the w32api package.
9 * Created by Bo Brantén <bosse@acc.umu.se>
11 * THIS SOFTWARE IS NOT COPYRIGHTED
13 * This source code is offered for use in the public domain. You may
14 * use, modify or distribute it freely.
16 * This code is distributed in the hope that it will be useful but
17 * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
18 * DISCLAIMED. This includes but is not limited to warranties of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
28 #pragma GCC system_header
40 #define VER_PRODUCTBUILD 10000
47 #define NTKERNELAPI STDCALL
50 typedef struct _SE_EXPORTS
*PSE_EXPORTS
;
52 extern PUCHAR
*FsRtlLegalAnsiCharacterArray
;
53 extern PSE_EXPORTS SeExports
;
54 extern PACL SePublicDefaultDacl
;
55 extern PACL SeSystemDefaultDacl
;
57 #define ANSI_DOS_STAR ('<')
58 #define ANSI_DOS_QM ('>')
59 #define ANSI_DOS_DOT ('"')
61 #define DOS_STAR (L'<')
63 #define DOS_DOT (L'"')
66 #define ACCESS_MIN_MS_ACE_TYPE (0x0)
67 #define ACCESS_ALLOWED_ACE_TYPE (0x0)
68 #define ACCESS_DENIED_ACE_TYPE (0x1)
69 #define SYSTEM_AUDIT_ACE_TYPE (0x2)
70 #define SYSTEM_ALARM_ACE_TYPE (0x3)
71 #define ACCESS_MAX_MS_V2_ACE_TYPE (0x3)
72 #define ACCESS_ALLOWED_COMPOUND_ACE_TYPE (0x4)
73 #define ACCESS_MAX_MS_V3_ACE_TYPE (0x4)
74 #define ACCESS_MIN_MS_OBJECT_ACE_TYPE (0x5)
75 #define ACCESS_ALLOWED_OBJECT_ACE_TYPE (0x5)
76 #define ACCESS_DENIED_OBJECT_ACE_TYPE (0x6)
77 #define SYSTEM_AUDIT_OBJECT_ACE_TYPE (0x7)
78 #define SYSTEM_ALARM_OBJECT_ACE_TYPE (0x8)
79 #define ACCESS_MAX_MS_OBJECT_ACE_TYPE (0x8)
80 #define ACCESS_MAX_MS_V4_ACE_TYPE (0x8)
81 #define ACCESS_MAX_MS_ACE_TYPE (0x8)
82 #define ACCESS_ALLOWED_CALLBACK_ACE_TYPE (0x9)
83 #define ACCESS_DENIED_CALLBACK_ACE_TYPE (0xA)
84 #define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE (0xB)
85 #define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE (0xC)
86 #define SYSTEM_AUDIT_CALLBACK_ACE_TYPE (0xD)
87 #define SYSTEM_ALARM_CALLBACK_ACE_TYPE (0xE)
88 #define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE (0xF)
89 #define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE (0x10)
90 #define ACCESS_MAX_MS_V5_ACE_TYPE (0x10)
92 #define COMPRESSION_FORMAT_NONE (0x0000)
93 #define COMPRESSION_FORMAT_DEFAULT (0x0001)
94 #define COMPRESSION_FORMAT_LZNT1 (0x0002)
95 #define COMPRESSION_ENGINE_STANDARD (0x0000)
96 #define COMPRESSION_ENGINE_MAXIMUM (0x0100)
97 #define COMPRESSION_ENGINE_HIBER (0x0200)
99 #define FILE_ACTION_ADDED 0x00000001
100 #define FILE_ACTION_REMOVED 0x00000002
101 #define FILE_ACTION_MODIFIED 0x00000003
102 #define FILE_ACTION_RENAMED_OLD_NAME 0x00000004
103 #define FILE_ACTION_RENAMED_NEW_NAME 0x00000005
104 #define FILE_ACTION_ADDED_STREAM 0x00000006
105 #define FILE_ACTION_REMOVED_STREAM 0x00000007
106 #define FILE_ACTION_MODIFIED_STREAM 0x00000008
107 #define FILE_ACTION_REMOVED_BY_DELETE 0x00000009
108 #define FILE_ACTION_ID_NOT_TUNNELLED 0x0000000A
109 #define FILE_ACTION_TUNNELLED_ID_COLLISION 0x0000000B
112 #define FILE_EA_TYPE_BINARY 0xfffe
113 #define FILE_EA_TYPE_ASCII 0xfffd
114 #define FILE_EA_TYPE_BITMAP 0xfffb
115 #define FILE_EA_TYPE_METAFILE 0xfffa
116 #define FILE_EA_TYPE_ICON 0xfff9
117 #define FILE_EA_TYPE_EA 0xffee
118 #define FILE_EA_TYPE_MVMT 0xffdf
119 #define FILE_EA_TYPE_MVST 0xffde
120 #define FILE_EA_TYPE_ASN1 0xffdd
121 #define FILE_EA_TYPE_FAMILY_IDS 0xff01
123 #define FILE_NEED_EA 0x00000080
125 /* also in winnt.h */
126 #define FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001
127 #define FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002
128 #define FILE_NOTIFY_CHANGE_NAME 0x00000003
129 #define FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004
130 #define FILE_NOTIFY_CHANGE_SIZE 0x00000008
131 #define FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010
132 #define FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020
133 #define FILE_NOTIFY_CHANGE_CREATION 0x00000040
134 #define FILE_NOTIFY_CHANGE_EA 0x00000080
135 #define FILE_NOTIFY_CHANGE_SECURITY 0x00000100
136 #define FILE_NOTIFY_CHANGE_STREAM_NAME 0x00000200
137 #define FILE_NOTIFY_CHANGE_STREAM_SIZE 0x00000400
138 #define FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800
139 #define FILE_NOTIFY_VALID_MASK 0x00000fff
142 #define FILE_OPLOCK_BROKEN_TO_LEVEL_2 0x00000007
143 #define FILE_OPLOCK_BROKEN_TO_NONE 0x00000008
145 #define FILE_OPBATCH_BREAK_UNDERWAY 0x00000009
147 #define FILE_CASE_SENSITIVE_SEARCH 0x00000001
148 #define FILE_CASE_PRESERVED_NAMES 0x00000002
149 #define FILE_UNICODE_ON_DISK 0x00000004
150 #define FILE_PERSISTENT_ACLS 0x00000008
151 #define FILE_FILE_COMPRESSION 0x00000010
152 #define FILE_VOLUME_QUOTAS 0x00000020
153 #define FILE_SUPPORTS_SPARSE_FILES 0x00000040
154 #define FILE_SUPPORTS_REPARSE_POINTS 0x00000080
155 #define FILE_SUPPORTS_REMOTE_STORAGE 0x00000100
156 #define FS_LFN_APIS 0x00004000
157 #define FILE_VOLUME_IS_COMPRESSED 0x00008000
158 #define FILE_SUPPORTS_OBJECT_IDS 0x00010000
159 #define FILE_SUPPORTS_ENCRYPTION 0x00020000
160 #define FILE_NAMED_STREAMS 0x00040000
162 #define FILE_PIPE_BYTE_STREAM_TYPE 0x00000000
163 #define FILE_PIPE_MESSAGE_TYPE 0x00000001
165 #define FILE_PIPE_BYTE_STREAM_MODE 0x00000000
166 #define FILE_PIPE_MESSAGE_MODE 0x00000001
168 #define FILE_PIPE_QUEUE_OPERATION 0x00000000
169 #define FILE_PIPE_COMPLETE_OPERATION 0x00000001
171 #define FILE_PIPE_INBOUND 0x00000000
172 #define FILE_PIPE_OUTBOUND 0x00000001
173 #define FILE_PIPE_FULL_DUPLEX 0x00000002
175 #define FILE_PIPE_DISCONNECTED_STATE 0x00000001
176 #define FILE_PIPE_LISTENING_STATE 0x00000002
177 #define FILE_PIPE_CONNECTED_STATE 0x00000003
178 #define FILE_PIPE_CLOSING_STATE 0x00000004
180 #define FILE_PIPE_CLIENT_END 0x00000000
181 #define FILE_PIPE_SERVER_END 0x00000001
183 #define FILE_PIPE_READ_DATA 0x00000000
184 #define FILE_PIPE_WRITE_SPACE 0x00000001
186 #define FILE_STORAGE_TYPE_SPECIFIED 0x00000041 /* FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE */
187 #define FILE_STORAGE_TYPE_DEFAULT (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT)
188 #define FILE_STORAGE_TYPE_DIRECTORY (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT)
189 #define FILE_STORAGE_TYPE_FILE (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT)
190 #define FILE_STORAGE_TYPE_DOCFILE (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT)
191 #define FILE_STORAGE_TYPE_JUNCTION_POINT (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT)
192 #define FILE_STORAGE_TYPE_CATALOG (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT)
193 #define FILE_STORAGE_TYPE_STRUCTURED_STORAGE (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT)
194 #define FILE_STORAGE_TYPE_EMBEDDING (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT)
195 #define FILE_STORAGE_TYPE_STREAM (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT)
196 #define FILE_MINIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_DEFAULT
197 #define FILE_MAXIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_STREAM
198 #define FILE_STORAGE_TYPE_MASK 0x000f0000
199 #define FILE_STORAGE_TYPE_SHIFT 16
201 #define FILE_VC_QUOTA_NONE 0x00000000
202 #define FILE_VC_QUOTA_TRACK 0x00000001
203 #define FILE_VC_QUOTA_ENFORCE 0x00000002
204 #define FILE_VC_QUOTA_MASK 0x00000003
206 #define FILE_VC_QUOTAS_LOG_VIOLATIONS 0x00000004
207 #define FILE_VC_CONTENT_INDEX_DISABLED 0x00000008
209 #define FILE_VC_LOG_QUOTA_THRESHOLD 0x00000010
210 #define FILE_VC_LOG_QUOTA_LIMIT 0x00000020
211 #define FILE_VC_LOG_VOLUME_THRESHOLD 0x00000040
212 #define FILE_VC_LOG_VOLUME_LIMIT 0x00000080
214 #define FILE_VC_QUOTAS_INCOMPLETE 0x00000100
215 #define FILE_VC_QUOTAS_REBUILDING 0x00000200
217 #define FILE_VC_VALID_MASK 0x000003ff
219 #define FSRTL_FLAG_FILE_MODIFIED (0x01)
220 #define FSRTL_FLAG_FILE_LENGTH_CHANGED (0x02)
221 #define FSRTL_FLAG_LIMIT_MODIFIED_PAGES (0x04)
222 #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_EX (0x08)
223 #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_SH (0x10)
224 #define FSRTL_FLAG_USER_MAPPED_FILE (0x20)
225 #define FSRTL_FLAG_EOF_ADVANCE_ACTIVE (0x80)
227 #define FSRTL_FLAG2_DO_MODIFIED_WRITE (0x01)
229 #define FSRTL_FSP_TOP_LEVEL_IRP (0x01)
230 #define FSRTL_CACHE_TOP_LEVEL_IRP (0x02)
231 #define FSRTL_MOD_WRITE_TOP_LEVEL_IRP (0x03)
232 #define FSRTL_FAST_IO_TOP_LEVEL_IRP (0x04)
233 #define FSRTL_MAX_TOP_LEVEL_IRP_FLAG (0x04)
235 #define FSRTL_VOLUME_DISMOUNT 1
236 #define FSRTL_VOLUME_DISMOUNT_FAILED 2
237 #define FSRTL_VOLUME_LOCK 3
238 #define FSRTL_VOLUME_LOCK_FAILED 4
239 #define FSRTL_VOLUME_UNLOCK 5
240 #define FSRTL_VOLUME_MOUNT 6
242 #define FSRTL_WILD_CHARACTER 0x08
245 #define HARDWARE_PTE HARDWARE_PTE_X86
246 #define PHARDWARE_PTE PHARDWARE_PTE_X86
248 #define HARDWARE_PTE ULONG
249 #define PHARDWARE_PTE PULONG
252 #define IO_CHECK_CREATE_PARAMETERS 0x0200
253 #define IO_ATTACH_DEVICE 0x0400
255 #define IO_ATTACH_DEVICE_API 0x80000000
256 /* also in winnt.h */
257 #define IO_COMPLETION_QUERY_STATE 0x0001
258 #define IO_COMPLETION_MODIFY_STATE 0x0002
259 #define IO_COMPLETION_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|0x3)
261 #define IO_FILE_OBJECT_NON_PAGED_POOL_CHARGE 64
262 #define IO_FILE_OBJECT_PAGED_POOL_CHARGE 1024
264 #define IO_TYPE_APC 18
265 #define IO_TYPE_DPC 19
266 #define IO_TYPE_DEVICE_QUEUE 20
267 #define IO_TYPE_EVENT_PAIR 21
268 #define IO_TYPE_INTERRUPT 22
269 #define IO_TYPE_PROFILE 23
271 #define IRP_BEING_VERIFIED 0x10
273 #define MAILSLOT_CLASS_FIRSTCLASS 1
274 #define MAILSLOT_CLASS_SECONDCLASS 2
276 #define MAILSLOT_SIZE_AUTO 0
278 #define MAP_PROCESS 1L
279 #define MAP_SYSTEM 2L
280 #define MEM_DOS_LIM 0x40000000
281 /* also in winnt.h */
282 #define MEM_IMAGE SEC_IMAGE
284 #define OB_TYPE_TYPE 1
285 #define OB_TYPE_DIRECTORY 2
286 #define OB_TYPE_SYMBOLIC_LINK 3
287 #define OB_TYPE_TOKEN 4
288 #define OB_TYPE_PROCESS 5
289 #define OB_TYPE_THREAD 6
290 #define OB_TYPE_EVENT 7
291 #define OB_TYPE_EVENT_PAIR 8
292 #define OB_TYPE_MUTANT 9
293 #define OB_TYPE_SEMAPHORE 10
294 #define OB_TYPE_TIMER 11
295 #define OB_TYPE_PROFILE 12
296 #define OB_TYPE_WINDOW_STATION 13
297 #define OB_TYPE_DESKTOP 14
298 #define OB_TYPE_SECTION 15
299 #define OB_TYPE_KEY 16
300 #define OB_TYPE_PORT 17
301 #define OB_TYPE_ADAPTER 18
302 #define OB_TYPE_CONTROLLER 19
303 #define OB_TYPE_DEVICE 20
304 #define OB_TYPE_DRIVER 21
305 #define OB_TYPE_IO_COMPLETION 22
306 #define OB_TYPE_FILE 23
309 #define PIN_EXCLUSIVE (2)
310 #define PIN_NO_READ (4)
311 #define PIN_IF_BCB (8)
313 #define PORT_CONNECT 0x0001
314 #define PORT_ALL_ACCESS (STANDARD_RIGHTS_ALL |\
316 /* also in winnt.h */
317 #define SEC_BASED 0x00200000
318 #define SEC_NO_CHANGE 0x00400000
319 #define SEC_FILE 0x00800000
320 #define SEC_IMAGE 0x01000000
321 #define SEC_VLM 0x02000000
322 #define SEC_RESERVE 0x04000000
323 #define SEC_COMMIT 0x08000000
324 #define SEC_NOCACHE 0x10000000
326 #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
327 #define SECURITY_WORLD_RID (0x00000000L)
329 #define SID_REVISION 1
330 #define SID_MAX_SUB_AUTHORITIES 15
331 #define SID_RECOMMENDED_SUB_AUTHORITIES 1
333 #define TOKEN_ASSIGN_PRIMARY (0x0001)
334 #define TOKEN_DUPLICATE (0x0002)
335 #define TOKEN_IMPERSONATE (0x0004)
336 #define TOKEN_QUERY (0x0008)
337 #define TOKEN_QUERY_SOURCE (0x0010)
338 #define TOKEN_ADJUST_PRIVILEGES (0x0020)
339 #define TOKEN_ADJUST_GROUPS (0x0040)
340 #define TOKEN_ADJUST_DEFAULT (0x0080)
341 #define TOKEN_ADJUST_SESSIONID (0x0100)
343 #define TOKEN_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED |\
344 TOKEN_ASSIGN_PRIMARY |\
348 TOKEN_QUERY_SOURCE |\
349 TOKEN_ADJUST_PRIVILEGES |\
350 TOKEN_ADJUST_GROUPS |\
351 TOKEN_ADJUST_DEFAULT |\
352 TOKEN_ADJUST_SESSIONID)
354 #define TOKEN_READ (STANDARD_RIGHTS_READ |\
357 #define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\
358 TOKEN_ADJUST_PRIVILEGES |\
359 TOKEN_ADJUST_GROUPS |\
360 TOKEN_ADJUST_DEFAULT)
362 #define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE)
364 #define TOKEN_SOURCE_LENGTH 8
367 #define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x01
368 #define TOKEN_HAS_BACKUP_PRIVILEGE 0x02
369 #define TOKEN_HAS_RESTORE_PRIVILEGE 0x04
370 #define TOKEN_HAS_ADMIN_GROUP 0x08
371 #define TOKEN_IS_RESTRICTED 0x10
373 #define VACB_MAPPING_GRANULARITY (0x40000)
374 #define VACB_OFFSET_SHIFT (18)
376 #define SE_OWNER_DEFAULTED 0x0001
377 #define SE_GROUP_DEFAULTED 0x0002
378 #define SE_DACL_PRESENT 0x0004
379 #define SE_DACL_DEFAULTED 0x0008
380 #define SE_SACL_PRESENT 0x0010
381 #define SE_SACL_DEFAULTED 0x0020
382 #define SE_DACL_UNTRUSTED 0x0040
383 #define SE_SERVER_SECURITY 0x0080
384 #define SE_DACL_AUTO_INHERIT_REQ 0x0100
385 #define SE_SACL_AUTO_INHERIT_REQ 0x0200
386 #define SE_DACL_AUTO_INHERITED 0x0400
387 #define SE_SACL_AUTO_INHERITED 0x0800
388 #define SE_DACL_PROTECTED 0x1000
389 #define SE_SACL_PROTECTED 0x2000
390 #define SE_RM_CONTROL_VALID 0x4000
391 #define SE_SELF_RELATIVE 0x8000
393 #define FSCTL_REQUEST_OPLOCK_LEVEL_1 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
394 #define FSCTL_REQUEST_OPLOCK_LEVEL_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
395 #define FSCTL_REQUEST_BATCH_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
396 #define FSCTL_OPLOCK_BREAK_ACKNOWLEDGE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 3, METHOD_BUFFERED, FILE_ANY_ACCESS)
397 #define FSCTL_OPBATCH_ACK_CLOSE_PENDING CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
398 #define FSCTL_OPLOCK_BREAK_NOTIFY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 5, METHOD_BUFFERED, FILE_ANY_ACCESS)
399 #define FSCTL_LOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
400 #define FSCTL_UNLOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
401 #define FSCTL_DISMOUNT_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
403 #define FSCTL_IS_VOLUME_MOUNTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 10, METHOD_BUFFERED, FILE_ANY_ACCESS)
404 #define FSCTL_IS_PATHNAME_VALID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 11, METHOD_BUFFERED, FILE_ANY_ACCESS)
405 #define FSCTL_MARK_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 12, METHOD_BUFFERED, FILE_ANY_ACCESS)
407 #define FSCTL_QUERY_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 14, METHOD_NEITHER, FILE_ANY_ACCESS)
408 #define FSCTL_GET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 15, METHOD_BUFFERED, FILE_ANY_ACCESS)
409 #define FSCTL_SET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 16, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
412 #define FSCTL_MARK_AS_SYSTEM_HIVE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 19, METHOD_NEITHER, FILE_ANY_ACCESS)
413 #define FSCTL_OPLOCK_BREAK_ACK_NO_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 20, METHOD_BUFFERED, FILE_ANY_ACCESS)
414 #define FSCTL_INVALIDATE_VOLUMES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 21, METHOD_BUFFERED, FILE_ANY_ACCESS)
415 #define FSCTL_QUERY_FAT_BPB CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 22, METHOD_BUFFERED, FILE_ANY_ACCESS)
416 #define FSCTL_REQUEST_FILTER_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 23, METHOD_BUFFERED, FILE_ANY_ACCESS)
417 #define FSCTL_FILESYSTEM_GET_STATISTICS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 24, METHOD_BUFFERED, FILE_ANY_ACCESS)
419 #if (VER_PRODUCTBUILD >= 1381)
421 #define FSCTL_GET_NTFS_VOLUME_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 25, METHOD_BUFFERED, FILE_ANY_ACCESS)
422 #define FSCTL_GET_NTFS_FILE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 26, METHOD_BUFFERED, FILE_ANY_ACCESS)
423 #define FSCTL_GET_VOLUME_BITMAP CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 27, METHOD_NEITHER, FILE_ANY_ACCESS)
424 #define FSCTL_GET_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 28, METHOD_NEITHER, FILE_ANY_ACCESS)
425 #define FSCTL_MOVE_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 29, METHOD_BUFFERED, FILE_ANY_ACCESS)
426 #define FSCTL_IS_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 30, METHOD_BUFFERED, FILE_ANY_ACCESS)
427 #define FSCTL_GET_HFS_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS)
428 #define FSCTL_ALLOW_EXTENDED_DASD_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 32, METHOD_NEITHER, FILE_ANY_ACCESS)
430 #endif /* (VER_PRODUCTBUILD >= 1381) */
432 #if (VER_PRODUCTBUILD >= 2195)
434 #define FSCTL_READ_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS)
435 #define FSCTL_WRITE_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS)
436 #define FSCTL_FIND_FILES_BY_SID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 35, METHOD_NEITHER, FILE_ANY_ACCESS)
438 #define FSCTL_DUMP_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS)
439 #define FSCTL_SET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 38, METHOD_BUFFERED, FILE_WRITE_DATA)
440 #define FSCTL_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 39, METHOD_BUFFERED, FILE_ANY_ACCESS)
441 #define FSCTL_DELETE_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 40, METHOD_BUFFERED, FILE_WRITE_DATA)
442 #define FSCTL_SET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 41, METHOD_BUFFERED, FILE_WRITE_DATA)
443 #define FSCTL_GET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 42, METHOD_BUFFERED, FILE_ANY_ACCESS)
444 #define FSCTL_DELETE_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 43, METHOD_BUFFERED, FILE_WRITE_DATA)
445 #define FSCTL_ENUM_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 44, METHOD_NEITHER, FILE_READ_DATA)
446 #define FSCTL_SECURITY_ID_CHECK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 45, METHOD_NEITHER, FILE_READ_DATA)
447 #define FSCTL_READ_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 46, METHOD_NEITHER, FILE_READ_DATA)
448 #define FSCTL_SET_OBJECT_ID_EXTENDED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 47, METHOD_BUFFERED, FILE_WRITE_DATA)
449 #define FSCTL_CREATE_OR_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 48, METHOD_BUFFERED, FILE_ANY_ACCESS)
450 #define FSCTL_SET_SPARSE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 49, METHOD_BUFFERED, FILE_WRITE_DATA)
451 #define FSCTL_SET_ZERO_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 50, METHOD_BUFFERED, FILE_WRITE_DATA)
452 #define FSCTL_QUERY_ALLOCATED_RANGES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 51, METHOD_NEITHER, FILE_READ_DATA)
453 #define FSCTL_ENABLE_UPGRADE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 52, METHOD_BUFFERED, FILE_WRITE_DATA)
454 #define FSCTL_SET_ENCRYPTION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 53, METHOD_BUFFERED, FILE_ANY_ACCESS)
455 #define FSCTL_ENCRYPTION_FSCTL_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 54, METHOD_NEITHER, FILE_ANY_ACCESS)
456 #define FSCTL_WRITE_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 55, METHOD_NEITHER, FILE_ANY_ACCESS)
457 #define FSCTL_READ_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 56, METHOD_NEITHER, FILE_ANY_ACCESS)
458 #define FSCTL_CREATE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 57, METHOD_NEITHER, FILE_READ_DATA)
459 #define FSCTL_READ_FILE_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 58, METHOD_NEITHER, FILE_READ_DATA)
460 #define FSCTL_WRITE_USN_CLOSE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 59, METHOD_NEITHER, FILE_READ_DATA)
461 #define FSCTL_EXTEND_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 60, METHOD_BUFFERED, FILE_ANY_ACCESS)
462 #define FSCTL_QUERY_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 61, METHOD_BUFFERED, FILE_ANY_ACCESS)
463 #define FSCTL_DELETE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 62, METHOD_BUFFERED, FILE_ANY_ACCESS)
464 #define FSCTL_MARK_HANDLE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 63, METHOD_BUFFERED, FILE_ANY_ACCESS)
465 #define FSCTL_SIS_COPYFILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 64, METHOD_BUFFERED, FILE_ANY_ACCESS)
466 #define FSCTL_SIS_LINK_FILES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 65, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
467 #define FSCTL_HSM_MSG CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
468 #define FSCTL_NSS_CONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 67, METHOD_BUFFERED, FILE_WRITE_DATA)
469 #define FSCTL_HSM_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
470 #define FSCTL_RECALL_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 69, METHOD_NEITHER, FILE_ANY_ACCESS)
471 #define FSCTL_NSS_RCONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 70, METHOD_BUFFERED, FILE_READ_DATA)
472 #define FSCTL_READ_FROM_PLEX CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 71, METHOD_OUT_DIRECT, FILE_READ_DATA)
473 #define FSCTL_FILE_PREFETCH CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 72, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
475 #endif /* (VER_PRODUCTBUILD >= 2195) */
477 #define FSCTL_MAILSLOT_PEEK CTL_CODE(FILE_DEVICE_MAILSLOT, 0, METHOD_NEITHER, FILE_READ_DATA)
479 #define FSCTL_NETWORK_SET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
480 #define FSCTL_NETWORK_GET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
481 #define FSCTL_NETWORK_GET_CONNECTION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS)
482 #define FSCTL_NETWORK_ENUMERATE_CONNECTIONS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS)
483 #define FSCTL_NETWORK_DELETE_CONNECTION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS)
484 #define FSCTL_NETWORK_GET_STATISTICS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 116, METHOD_BUFFERED, FILE_ANY_ACCESS)
485 #define FSCTL_NETWORK_SET_DOMAIN_NAME CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS)
486 #define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS)
488 #define FSCTL_PIPE_ASSIGN_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
489 #define FSCTL_PIPE_DISCONNECT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
490 #define FSCTL_PIPE_LISTEN CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
491 #define FSCTL_PIPE_PEEK CTL_CODE(FILE_DEVICE_NAMED_PIPE, 3, METHOD_BUFFERED, FILE_READ_DATA)
492 #define FSCTL_PIPE_QUERY_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
493 #define FSCTL_PIPE_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 5, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
494 #define FSCTL_PIPE_WAIT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
495 #define FSCTL_PIPE_IMPERSONATE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
496 #define FSCTL_PIPE_SET_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
497 #define FSCTL_PIPE_QUERY_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 9, METHOD_BUFFERED, FILE_ANY_ACCESS)
498 #define FSCTL_PIPE_INTERNAL_READ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2045, METHOD_BUFFERED, FILE_READ_DATA)
499 #define FSCTL_PIPE_INTERNAL_WRITE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2046, METHOD_BUFFERED, FILE_WRITE_DATA)
500 #define FSCTL_PIPE_INTERNAL_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2047, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
501 #define FSCTL_PIPE_INTERNAL_READ_OVFLOW CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2048, METHOD_BUFFERED, FILE_READ_DATA)
503 #define IOCTL_REDIR_QUERY_PATH CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS)
506 typedef PVOID OPLOCK
, *POPLOCK
;
508 typedef struct _CACHE_MANAGER_CALLBACKS
*PCACHE_MANAGER_CALLBACKS
;
509 typedef struct _EPROCESS_QUOTA_BLOCK
*PEPROCESS_QUOTA_BLOCK
;
510 typedef struct _FILE_GET_QUOTA_INFORMATION
*PFILE_GET_QUOTA_INFORMATION
;
511 typedef struct _HANDLE_TABLE
*PHANDLE_TABLE
;
512 typedef struct _KPROCESS
*PKPROCESS
;
513 typedef struct _KQUEUE
*PKQUEUE
;
514 typedef struct _KTRAP_FRAME
*PKTRAP_FRAME
;
515 typedef struct _MAILSLOT_CREATE_PARAMETERS
*PMAILSLOT_CREATE_PARAMETERS
;
516 typedef struct _MMWSL
*PMMWSL
;
517 typedef struct _NAMED_PIPE_CREATE_PARAMETERS
*PNAMED_PIPE_CREATE_PARAMETERS
;
518 typedef struct _OBJECT_DIRECTORY
*POBJECT_DIRECTORY
;
519 typedef struct _PAGEFAULT_HISTORY
*PPAGEFAULT_HISTORY
;
520 typedef struct _PS_IMPERSONATION_INFORMATION
*PPS_IMPERSONATION_INFORMATION
;
521 typedef struct _SECTION_OBJECT
*PSECTION_OBJECT
;
522 typedef struct _SHARED_CACHE_MAP
*PSHARED_CACHE_MAP
;
523 typedef struct _VACB
*PVACB
;
524 typedef struct _VAD_HEADER
*PVAD_HEADER
;
526 typedef struct _NOTIFY_SYNC
539 } NOTIFY_SYNC
, * PNOTIFY_SYNC
;
541 typedef enum _FAST_IO_POSSIBLE
{
547 typedef enum _FILE_STORAGE_TYPE
{
548 StorageTypeDefault
= 1,
549 StorageTypeDirectory
,
551 StorageTypeJunctionPoint
,
553 StorageTypeStructuredStorage
,
554 StorageTypeEmbedding
,
558 typedef enum _IO_COMPLETION_INFORMATION_CLASS
{
559 IoCompletionBasicInformation
560 } IO_COMPLETION_INFORMATION_CLASS
;
562 typedef enum _OBJECT_INFO_CLASS
{
570 typedef struct _KAPC_STATE
{
571 LIST_ENTRY ApcListHead
[2];
573 BOOLEAN KernelApcInProgress
;
574 BOOLEAN KernelApcPending
;
575 BOOLEAN UserApcPending
;
576 } KAPC_STATE
, *PKAPC_STATE
, *__restrict PRKAPC_STATE
;
578 #if (VER_PRODUCTBUILD >= 2600)
580 typedef struct _MMSUPPORT_FLAGS
{
581 ULONG SessionSpace
: 1;
582 ULONG BeingTrimmed
: 1;
583 ULONG SessionLeader
: 1;
585 ULONG WorkingSetHard
: 1;
586 ULONG AddressSpaceBeingDeleted
: 1;
587 ULONG Available
: 10;
588 ULONG AllowWorkingSetAdjustment
: 8;
589 ULONG MemoryPriority
: 8;
590 } MMSUPPORT_FLAGS
, *PMMSUPPORT_FLAGS
;
594 typedef struct _MMSUPPORT_FLAGS
{
595 ULONG SessionSpace
: 1;
596 ULONG BeingTrimmed
: 1;
597 ULONG ProcessInSession
: 1;
598 ULONG SessionLeader
: 1;
600 ULONG WorkingSetHard
: 1;
601 ULONG WriteWatch
: 1;
603 } MMSUPPORT_FLAGS
, *PMMSUPPORT_FLAGS
;
607 #if (VER_PRODUCTBUILD >= 2600)
609 typedef struct _MMSUPPORT
{
610 LARGE_INTEGER LastTrimTime
;
611 MMSUPPORT_FLAGS Flags
;
612 ULONG PageFaultCount
;
613 ULONG PeakWorkingSetSize
;
614 ULONG WorkingSetSize
;
615 ULONG MinimumWorkingSetSize
;
616 ULONG MaximumWorkingSetSize
;
617 PMMWSL VmWorkingSetList
;
618 LIST_ENTRY WorkingSetExpansionLinks
;
620 ULONG NextEstimationSlot
;
622 ULONG EstimatedAvailable
;
623 ULONG GrowthSinceLastEstimate
;
624 } MMSUPPORT
, *PMMSUPPORT
;
628 typedef struct _MMSUPPORT
{
629 LARGE_INTEGER LastTrimTime
;
630 ULONG LastTrimFaultCount
;
631 ULONG PageFaultCount
;
632 ULONG PeakWorkingSetSize
;
633 ULONG WorkingSetSize
;
634 ULONG MinimumWorkingSetSize
;
635 ULONG MaximumWorkingSetSize
;
636 PMMWSL VmWorkingSetList
;
637 LIST_ENTRY WorkingSetExpansionLinks
;
638 BOOLEAN AllowWorkingSetAdjustment
;
639 BOOLEAN AddressSpaceBeingDeleted
;
640 UCHAR ForegroundSwitchCount
;
641 UCHAR MemoryPriority
;
642 #if (VER_PRODUCTBUILD >= 2195)
645 MMSUPPORT_FLAGS Flags
;
648 ULONG NextEstimationSlot
;
650 ULONG EstimatedAvailable
;
651 ULONG GrowthSinceLastEstimate
;
652 #endif /* (VER_PRODUCTBUILD >= 2195) */
653 } MMSUPPORT
, *PMMSUPPORT
;
657 typedef struct _SE_AUDIT_PROCESS_CREATION_INFO
{
658 POBJECT_NAME_INFORMATION ImageFileName
;
659 } SE_AUDIT_PROCESS_CREATION_INFO
, *PSE_AUDIT_PROCESS_CREATION_INFO
;
661 typedef struct _BITMAP_RANGE
{
663 LARGE_INTEGER BasePage
;
664 ULONG FirstDirtyPage
;
668 } BITMAP_RANGE
, *PBITMAP_RANGE
;
670 typedef struct _CACHE_UNINITIALIZE_EVENT
{
671 struct _CACHE_UNINITIALIZE_EVENT
*Next
;
673 } CACHE_UNINITIALIZE_EVENT
, *PCACHE_UNINITIALIZE_EVENT
;
675 typedef struct _CC_FILE_SIZES
{
676 LARGE_INTEGER AllocationSize
;
677 LARGE_INTEGER FileSize
;
678 LARGE_INTEGER ValidDataLength
;
679 } CC_FILE_SIZES
, *PCC_FILE_SIZES
;
681 typedef struct _COMPRESSED_DATA_INFO
{
682 USHORT CompressionFormatAndEngine
;
683 UCHAR CompressionUnitShift
;
687 USHORT NumberOfChunks
;
688 ULONG CompressedChunkSizes
[ANYSIZE_ARRAY
];
689 } COMPRESSED_DATA_INFO
, *PCOMPRESSED_DATA_INFO
;
691 typedef struct _DEVICE_MAP
{
692 POBJECT_DIRECTORY DosDevicesDirectory
;
693 POBJECT_DIRECTORY GlobalDosDevicesDirectory
;
694 ULONG ReferenceCount
;
697 } DEVICE_MAP
, *PDEVICE_MAP
;
699 #if (VER_PRODUCTBUILD >= 2600)
701 typedef struct _EX_FAST_REF
{
702 _ANONYMOUS_UNION
union {
707 } EX_FAST_REF
, *PEX_FAST_REF
;
709 typedef struct _EX_PUSH_LOCK
{
710 _ANONYMOUS_UNION
union {
711 _ANONYMOUS_STRUCT
struct {
719 } EX_PUSH_LOCK
, *PEX_PUSH_LOCK
;
721 typedef struct _EX_RUNDOWN_REF
{
722 _ANONYMOUS_UNION
union {
726 } EX_RUNDOWN_REF
, *PEX_RUNDOWN_REF
;
730 typedef struct _EPROCESS_QUOTA_ENTRY
{
735 } EPROCESS_QUOTA_ENTRY
, *PEPROCESS_QUOTA_ENTRY
;
737 typedef struct _EPROCESS_QUOTA_BLOCK
{
738 EPROCESS_QUOTA_ENTRY QuotaEntry
[3];
739 LIST_ENTRY QuotaList
;
740 ULONG ReferenceCount
;
742 } EPROCESS_QUOTA_BLOCK
, *PEPROCESS_QUOTA_BLOCK
;
744 typedef struct _FILE_ACCESS_INFORMATION
{
745 ACCESS_MASK AccessFlags
;
746 } FILE_ACCESS_INFORMATION
, *PFILE_ACCESS_INFORMATION
;
748 typedef struct _FILE_ALLOCATION_INFORMATION
{
749 LARGE_INTEGER AllocationSize
;
750 } FILE_ALLOCATION_INFORMATION
, *PFILE_ALLOCATION_INFORMATION
;
752 typedef struct _FILE_BOTH_DIR_INFORMATION
{
753 ULONG NextEntryOffset
;
755 LARGE_INTEGER CreationTime
;
756 LARGE_INTEGER LastAccessTime
;
757 LARGE_INTEGER LastWriteTime
;
758 LARGE_INTEGER ChangeTime
;
759 LARGE_INTEGER EndOfFile
;
760 LARGE_INTEGER AllocationSize
;
761 ULONG FileAttributes
;
762 ULONG FileNameLength
;
764 CCHAR ShortNameLength
;
767 } FILE_BOTH_DIR_INFORMATION
, *PFILE_BOTH_DIR_INFORMATION
;
769 typedef struct _FILE_COMPLETION_INFORMATION
{
772 } FILE_COMPLETION_INFORMATION
, *PFILE_COMPLETION_INFORMATION
;
774 typedef struct _FILE_COMPRESSION_INFORMATION
{
775 LARGE_INTEGER CompressedFileSize
;
776 USHORT CompressionFormat
;
777 UCHAR CompressionUnitShift
;
781 } FILE_COMPRESSION_INFORMATION
, *PFILE_COMPRESSION_INFORMATION
;
783 typedef struct _FILE_COPY_ON_WRITE_INFORMATION
{
784 BOOLEAN ReplaceIfExists
;
785 HANDLE RootDirectory
;
786 ULONG FileNameLength
;
788 } FILE_COPY_ON_WRITE_INFORMATION
, *PFILE_COPY_ON_WRITE_INFORMATION
;
790 typedef struct _FILE_DIRECTORY_INFORMATION
{
791 ULONG NextEntryOffset
;
793 LARGE_INTEGER CreationTime
;
794 LARGE_INTEGER LastAccessTime
;
795 LARGE_INTEGER LastWriteTime
;
796 LARGE_INTEGER ChangeTime
;
797 LARGE_INTEGER EndOfFile
;
798 LARGE_INTEGER AllocationSize
;
799 ULONG FileAttributes
;
800 ULONG FileNameLength
;
802 } FILE_DIRECTORY_INFORMATION
, *PFILE_DIRECTORY_INFORMATION
;
804 typedef struct _FILE_FULL_DIRECTORY_INFORMATION
{
805 ULONG NextEntryOffset
;
807 LARGE_INTEGER CreationTime
;
808 LARGE_INTEGER LastAccessTime
;
809 LARGE_INTEGER LastWriteTime
;
810 LARGE_INTEGER ChangeTime
;
811 LARGE_INTEGER EndOfFile
;
812 LARGE_INTEGER AllocationSize
;
813 ULONG FileAttributes
;
814 ULONG FileNameLength
;
817 } FILE_FULL_DIRECTORY_INFORMATION
, *PFILE_FULL_DIRECTORY_INFORMATION
;
819 typedef struct _FILE_BOTH_DIRECTORY_INFORMATION
{
820 ULONG NextEntryOffset
;
822 LARGE_INTEGER CreationTime
;
823 LARGE_INTEGER LastAccessTime
;
824 LARGE_INTEGER LastWriteTime
;
825 LARGE_INTEGER ChangeTime
;
826 LARGE_INTEGER EndOfFile
;
827 LARGE_INTEGER AllocationSize
;
828 ULONG FileAttributes
;
829 ULONG FileNameLength
;
831 CHAR ShortNameLength
;
834 } FILE_BOTH_DIRECTORY_INFORMATION
, *PFILE_BOTH_DIRECTORY_INFORMATION
;
836 typedef struct _FILE_EA_INFORMATION
{
838 } FILE_EA_INFORMATION
, *PFILE_EA_INFORMATION
;
840 typedef struct _FILE_FS_ATTRIBUTE_INFORMATION
{
841 ULONG FileSystemAttributes
;
842 ULONG MaximumComponentNameLength
;
843 ULONG FileSystemNameLength
;
844 WCHAR FileSystemName
[1];
845 } FILE_FS_ATTRIBUTE_INFORMATION
, *PFILE_FS_ATTRIBUTE_INFORMATION
;
847 typedef struct _FILE_FS_CONTROL_INFORMATION
{
848 LARGE_INTEGER FreeSpaceStartFiltering
;
849 LARGE_INTEGER FreeSpaceThreshold
;
850 LARGE_INTEGER FreeSpaceStopFiltering
;
851 LARGE_INTEGER DefaultQuotaThreshold
;
852 LARGE_INTEGER DefaultQuotaLimit
;
853 ULONG FileSystemControlFlags
;
854 } FILE_FS_CONTROL_INFORMATION
, *PFILE_FS_CONTROL_INFORMATION
;
856 typedef struct _FILE_FS_FULL_SIZE_INFORMATION
{
857 LARGE_INTEGER TotalAllocationUnits
;
858 LARGE_INTEGER CallerAvailableAllocationUnits
;
859 LARGE_INTEGER ActualAvailableAllocationUnits
;
860 ULONG SectorsPerAllocationUnit
;
861 ULONG BytesPerSector
;
862 } FILE_FS_FULL_SIZE_INFORMATION
, *PFILE_FS_FULL_SIZE_INFORMATION
;
864 typedef struct _FILE_FS_LABEL_INFORMATION
{
865 ULONG VolumeLabelLength
;
866 WCHAR VolumeLabel
[1];
867 } FILE_FS_LABEL_INFORMATION
, *PFILE_FS_LABEL_INFORMATION
;
869 #if (VER_PRODUCTBUILD >= 2195)
871 typedef struct _FILE_FS_OBJECT_ID_INFORMATION
{
873 UCHAR ExtendedInfo
[48];
874 } FILE_FS_OBJECT_ID_INFORMATION
, *PFILE_FS_OBJECT_ID_INFORMATION
;
876 #endif /* (VER_PRODUCTBUILD >= 2195) */
878 typedef struct _FILE_FS_SIZE_INFORMATION
{
879 LARGE_INTEGER TotalAllocationUnits
;
880 LARGE_INTEGER AvailableAllocationUnits
;
881 ULONG SectorsPerAllocationUnit
;
882 ULONG BytesPerSector
;
883 } FILE_FS_SIZE_INFORMATION
, *PFILE_FS_SIZE_INFORMATION
;
885 typedef struct _FILE_FS_VOLUME_INFORMATION
{
886 LARGE_INTEGER VolumeCreationTime
;
887 ULONG VolumeSerialNumber
;
888 ULONG VolumeLabelLength
;
889 BOOLEAN SupportsObjects
;
890 WCHAR VolumeLabel
[1];
891 } FILE_FS_VOLUME_INFORMATION
, *PFILE_FS_VOLUME_INFORMATION
;
893 typedef struct _FILE_FULL_DIR_INFORMATION
{
894 ULONG NextEntryOffset
;
896 LARGE_INTEGER CreationTime
;
897 LARGE_INTEGER LastAccessTime
;
898 LARGE_INTEGER LastWriteTime
;
899 LARGE_INTEGER ChangeTime
;
900 LARGE_INTEGER EndOfFile
;
901 LARGE_INTEGER AllocationSize
;
902 ULONG FileAttributes
;
903 ULONG FileNameLength
;
906 } FILE_FULL_DIR_INFORMATION
, *PFILE_FULL_DIR_INFORMATION
;
908 typedef struct _FILE_GET_EA_INFORMATION
{
909 ULONG NextEntryOffset
;
912 } FILE_GET_EA_INFORMATION
, *PFILE_GET_EA_INFORMATION
;
914 typedef struct _FILE_GET_QUOTA_INFORMATION
{
915 ULONG NextEntryOffset
;
918 } FILE_GET_QUOTA_INFORMATION
, *PFILE_GET_QUOTA_INFORMATION
;
920 typedef struct _FILE_INTERNAL_INFORMATION
{
921 LARGE_INTEGER IndexNumber
;
922 } FILE_INTERNAL_INFORMATION
, *PFILE_INTERNAL_INFORMATION
;
924 typedef struct _FILE_LINK_INFORMATION
{
925 BOOLEAN ReplaceIfExists
;
926 HANDLE RootDirectory
;
927 ULONG FileNameLength
;
929 } FILE_LINK_INFORMATION
, *PFILE_LINK_INFORMATION
;
931 typedef struct _FILE_LOCK_INFO
{
932 LARGE_INTEGER StartingByte
;
933 LARGE_INTEGER Length
;
934 BOOLEAN ExclusiveLock
;
936 PFILE_OBJECT FileObject
;
938 LARGE_INTEGER EndingByte
;
939 } FILE_LOCK_INFO
, *PFILE_LOCK_INFO
;
941 /* raw internal file lock struct returned from FsRtlGetNextFileLock */
942 typedef struct _FILE_SHARED_LOCK_ENTRY
{
945 FILE_LOCK_INFO FileLock
;
946 } FILE_SHARED_LOCK_ENTRY
, *PFILE_SHARED_LOCK_ENTRY
;
948 /* raw internal file lock struct returned from FsRtlGetNextFileLock */
949 typedef struct _FILE_EXCLUSIVE_LOCK_ENTRY
{
950 LIST_ENTRY ListEntry
;
953 FILE_LOCK_INFO FileLock
;
954 } FILE_EXCLUSIVE_LOCK_ENTRY
, *PFILE_EXCLUSIVE_LOCK_ENTRY
;
956 typedef NTSTATUS (*PCOMPLETE_LOCK_IRP_ROUTINE
) (
961 typedef VOID (NTAPI
*PUNLOCK_ROUTINE
) (
963 IN PFILE_LOCK_INFO FileLockInfo
966 typedef struct _FILE_LOCK
{
967 PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine
;
968 PUNLOCK_ROUTINE UnlockRoutine
;
969 BOOLEAN FastIoIsQuestionable
;
971 PVOID LockInformation
;
972 FILE_LOCK_INFO LastReturnedLockInfo
;
973 PVOID LastReturnedLock
;
974 } FILE_LOCK
, *PFILE_LOCK
;
976 typedef struct _FILE_MAILSLOT_PEEK_BUFFER
{
977 ULONG ReadDataAvailable
;
978 ULONG NumberOfMessages
;
980 } FILE_MAILSLOT_PEEK_BUFFER
, *PFILE_MAILSLOT_PEEK_BUFFER
;
982 typedef struct _FILE_MAILSLOT_QUERY_INFORMATION
{
983 ULONG MaximumMessageSize
;
985 ULONG NextMessageSize
;
986 ULONG MessagesAvailable
;
987 LARGE_INTEGER ReadTimeout
;
988 } FILE_MAILSLOT_QUERY_INFORMATION
, *PFILE_MAILSLOT_QUERY_INFORMATION
;
990 typedef struct _FILE_MAILSLOT_SET_INFORMATION
{
991 LARGE_INTEGER ReadTimeout
;
992 } FILE_MAILSLOT_SET_INFORMATION
, *PFILE_MAILSLOT_SET_INFORMATION
;
994 typedef struct _FILE_MODE_INFORMATION
{
996 } FILE_MODE_INFORMATION
, *PFILE_MODE_INFORMATION
;
998 typedef struct _FILE_ALL_INFORMATION
{
999 FILE_BASIC_INFORMATION BasicInformation
;
1000 FILE_STANDARD_INFORMATION StandardInformation
;
1001 FILE_INTERNAL_INFORMATION InternalInformation
;
1002 FILE_EA_INFORMATION EaInformation
;
1003 FILE_ACCESS_INFORMATION AccessInformation
;
1004 FILE_POSITION_INFORMATION PositionInformation
;
1005 FILE_MODE_INFORMATION ModeInformation
;
1006 FILE_ALIGNMENT_INFORMATION AlignmentInformation
;
1007 FILE_NAME_INFORMATION NameInformation
;
1008 } FILE_ALL_INFORMATION
, *PFILE_ALL_INFORMATION
;
1010 typedef struct _FILE_NAMES_INFORMATION
{
1011 ULONG NextEntryOffset
;
1013 ULONG FileNameLength
;
1015 } FILE_NAMES_INFORMATION
, *PFILE_NAMES_INFORMATION
;
1017 typedef struct _FILE_OBJECTID_INFORMATION
{
1018 LONGLONG FileReference
;
1020 _ANONYMOUS_UNION
union {
1022 UCHAR BirthVolumeId
[16];
1023 UCHAR BirthObjectId
[16];
1026 UCHAR ExtendedInfo
[48];
1028 } FILE_OBJECTID_INFORMATION
, *PFILE_OBJECTID_INFORMATION
;
1030 typedef struct _FILE_OLE_CLASSID_INFORMATION
{
1032 } FILE_OLE_CLASSID_INFORMATION
, *PFILE_OLE_CLASSID_INFORMATION
;
1034 typedef struct _FILE_OLE_ALL_INFORMATION
{
1035 FILE_BASIC_INFORMATION BasicInformation
;
1036 FILE_STANDARD_INFORMATION StandardInformation
;
1037 FILE_INTERNAL_INFORMATION InternalInformation
;
1038 FILE_EA_INFORMATION EaInformation
;
1039 FILE_ACCESS_INFORMATION AccessInformation
;
1040 FILE_POSITION_INFORMATION PositionInformation
;
1041 FILE_MODE_INFORMATION ModeInformation
;
1042 FILE_ALIGNMENT_INFORMATION AlignmentInformation
;
1045 LARGE_INTEGER SecurityChangeTime
;
1046 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation
;
1047 FILE_OBJECTID_INFORMATION ObjectIdInformation
;
1048 FILE_STORAGE_TYPE StorageType
;
1051 ULONG NumberOfStreamReferences
;
1054 BOOLEAN ContentIndexDisable
;
1055 BOOLEAN InheritContentIndexDisable
;
1056 FILE_NAME_INFORMATION NameInformation
;
1057 } FILE_OLE_ALL_INFORMATION
, *PFILE_OLE_ALL_INFORMATION
;
1059 typedef struct _FILE_OLE_DIR_INFORMATION
{
1060 ULONG NextEntryOffset
;
1062 LARGE_INTEGER CreationTime
;
1063 LARGE_INTEGER LastAccessTime
;
1064 LARGE_INTEGER LastWriteTime
;
1065 LARGE_INTEGER ChangeTime
;
1066 LARGE_INTEGER EndOfFile
;
1067 LARGE_INTEGER AllocationSize
;
1068 ULONG FileAttributes
;
1069 ULONG FileNameLength
;
1070 FILE_STORAGE_TYPE StorageType
;
1073 BOOLEAN ContentIndexDisable
;
1074 BOOLEAN InheritContentIndexDisable
;
1076 } FILE_OLE_DIR_INFORMATION
, *PFILE_OLE_DIR_INFORMATION
;
1078 typedef struct _FILE_OLE_INFORMATION
{
1079 LARGE_INTEGER SecurityChangeTime
;
1080 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation
;
1081 FILE_OBJECTID_INFORMATION ObjectIdInformation
;
1082 FILE_STORAGE_TYPE StorageType
;
1084 BOOLEAN ContentIndexDisable
;
1085 BOOLEAN InheritContentIndexDisable
;
1086 } FILE_OLE_INFORMATION
, *PFILE_OLE_INFORMATION
;
1088 typedef struct _FILE_OLE_STATE_BITS_INFORMATION
{
1090 ULONG StateBitsMask
;
1091 } FILE_OLE_STATE_BITS_INFORMATION
, *PFILE_OLE_STATE_BITS_INFORMATION
;
1093 typedef struct _FILE_PIPE_ASSIGN_EVENT_BUFFER
{
1096 } FILE_PIPE_ASSIGN_EVENT_BUFFER
, *PFILE_PIPE_ASSIGN_EVENT_BUFFER
;
1098 typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER
{
1099 PVOID ClientSession
;
1100 PVOID ClientProcess
;
1101 } FILE_PIPE_CLIENT_PROCESS_BUFFER
, *PFILE_PIPE_CLIENT_PROCESS_BUFFER
;
1103 typedef struct _FILE_PIPE_EVENT_BUFFER
{
1104 ULONG NamedPipeState
;
1108 ULONG NumberRequests
;
1109 } FILE_PIPE_EVENT_BUFFER
, *PFILE_PIPE_EVENT_BUFFER
;
1111 typedef struct _FILE_PIPE_INFORMATION
{
1113 ULONG CompletionMode
;
1114 } FILE_PIPE_INFORMATION
, *PFILE_PIPE_INFORMATION
;
1116 typedef struct _FILE_PIPE_LOCAL_INFORMATION
{
1117 ULONG NamedPipeType
;
1118 ULONG NamedPipeConfiguration
;
1119 ULONG MaximumInstances
;
1120 ULONG CurrentInstances
;
1122 ULONG ReadDataAvailable
;
1123 ULONG OutboundQuota
;
1124 ULONG WriteQuotaAvailable
;
1125 ULONG NamedPipeState
;
1127 } FILE_PIPE_LOCAL_INFORMATION
, *PFILE_PIPE_LOCAL_INFORMATION
;
1129 typedef struct _FILE_PIPE_REMOTE_INFORMATION
{
1130 LARGE_INTEGER CollectDataTime
;
1131 ULONG MaximumCollectionCount
;
1132 } FILE_PIPE_REMOTE_INFORMATION
, *PFILE_PIPE_REMOTE_INFORMATION
;
1134 typedef struct _FILE_PIPE_WAIT_FOR_BUFFER
{
1135 LARGE_INTEGER Timeout
;
1137 BOOLEAN TimeoutSpecified
;
1139 } FILE_PIPE_WAIT_FOR_BUFFER
, *PFILE_PIPE_WAIT_FOR_BUFFER
;
1141 typedef struct _FILE_QUOTA_INFORMATION
{
1142 ULONG NextEntryOffset
;
1144 LARGE_INTEGER ChangeTime
;
1145 LARGE_INTEGER QuotaUsed
;
1146 LARGE_INTEGER QuotaThreshold
;
1147 LARGE_INTEGER QuotaLimit
;
1149 } FILE_QUOTA_INFORMATION
, *PFILE_QUOTA_INFORMATION
;
1151 typedef struct _FILE_RENAME_INFORMATION
{
1152 BOOLEAN ReplaceIfExists
;
1153 HANDLE RootDirectory
;
1154 ULONG FileNameLength
;
1156 } FILE_RENAME_INFORMATION
, *PFILE_RENAME_INFORMATION
;
1158 typedef struct _FILE_STREAM_INFORMATION
{
1159 ULONG NextEntryOffset
;
1160 ULONG StreamNameLength
;
1161 LARGE_INTEGER StreamSize
;
1162 LARGE_INTEGER StreamAllocationSize
;
1163 WCHAR StreamName
[1];
1164 } FILE_STREAM_INFORMATION
, *PFILE_STREAM_INFORMATION
;
1166 typedef struct _FILE_TRACKING_INFORMATION
{
1167 HANDLE DestinationFile
;
1168 ULONG ObjectInformationLength
;
1169 CHAR ObjectInformation
[1];
1170 } FILE_TRACKING_INFORMATION
, *PFILE_TRACKING_INFORMATION
;
1172 #if (VER_PRODUCTBUILD >= 2195)
1173 typedef struct _FILE_ZERO_DATA_INFORMATION
{
1174 LARGE_INTEGER FileOffset
;
1175 LARGE_INTEGER BeyondFinalZero
;
1176 } FILE_ZERO_DATA_INFORMATION
, *PFILE_ZERO_DATA_INFORMATION
;
1178 typedef struct FILE_ALLOCATED_RANGE_BUFFER
{
1179 LARGE_INTEGER FileOffset
;
1180 LARGE_INTEGER Length
;
1181 } FILE_ALLOCATED_RANGE_BUFFER
, *PFILE_ALLOCATED_RANGE_BUFFER
;
1182 #endif /* (VER_PRODUCTBUILD >= 2195) */
1184 typedef struct _FSRTL_COMMON_FCB_HEADER
{
1185 CSHORT NodeTypeCode
;
1186 CSHORT NodeByteSize
;
1188 UCHAR IsFastIoPossible
;
1189 #if (VER_PRODUCTBUILD >= 1381)
1192 #endif /* (VER_PRODUCTBUILD >= 1381) */
1193 PERESOURCE Resource
;
1194 PERESOURCE PagingIoResource
;
1195 LARGE_INTEGER AllocationSize
;
1196 LARGE_INTEGER FileSize
;
1197 LARGE_INTEGER ValidDataLength
;
1198 } FSRTL_COMMON_FCB_HEADER
, *PFSRTL_COMMON_FCB_HEADER
;
1200 typedef struct _GENERATE_NAME_CONTEXT
{
1202 BOOLEAN CheckSumInserted
;
1204 WCHAR NameBuffer
[8];
1205 ULONG ExtensionLength
;
1206 WCHAR ExtensionBuffer
[4];
1207 ULONG LastIndexValue
;
1208 } GENERATE_NAME_CONTEXT
, *PGENERATE_NAME_CONTEXT
;
1210 typedef struct _HANDLE_TABLE_ENTRY_INFO
{
1212 } HANDLE_TABLE_ENTRY_INFO
, *PHANDLE_TABLE_ENTRY_INFO
;
1214 typedef struct _HANDLE_TABLE_ENTRY
{
1218 PHANDLE_TABLE_ENTRY_INFO InfoTable
;
1222 ULONG GrantedAccess
;
1223 USHORT GrantedAccessIndex
;
1224 LONG NextFreeTableEntry
;
1226 USHORT CreatorBackTraceIndex
;
1227 } HANDLE_TABLE_ENTRY
, *PHANDLE_TABLE_ENTRY
;
1229 typedef struct _MAPPING_PAIR
{
1232 } MAPPING_PAIR
, *PMAPPING_PAIR
;
1234 typedef struct _GET_RETRIEVAL_DESCRIPTOR
{
1235 ULONG NumberOfPairs
;
1237 MAPPING_PAIR Pair
[1];
1238 } GET_RETRIEVAL_DESCRIPTOR
, *PGET_RETRIEVAL_DESCRIPTOR
;
1240 typedef struct _IO_CLIENT_EXTENSION
{
1241 struct _IO_CLIENT_EXTENSION
*NextExtension
;
1242 PVOID ClientIdentificationAddress
;
1243 } IO_CLIENT_EXTENSION
, *PIO_CLIENT_EXTENSION
;
1245 typedef struct _IO_COMPLETION_BASIC_INFORMATION
{
1247 } IO_COMPLETION_BASIC_INFORMATION
, *PIO_COMPLETION_BASIC_INFORMATION
;
1249 typedef struct _KQUEUE
{
1250 DISPATCHER_HEADER Header
;
1251 LIST_ENTRY EntryListHead
;
1254 LIST_ENTRY ThreadListHead
;
1255 } KQUEUE
, *PKQUEUE
, *RESTRICTED_POINTER PRKQUEUE
;
1257 typedef struct _MAILSLOT_CREATE_PARAMETERS
{
1258 ULONG MailslotQuota
;
1259 ULONG MaximumMessageSize
;
1260 LARGE_INTEGER ReadTimeout
;
1261 BOOLEAN TimeoutSpecified
;
1262 } MAILSLOT_CREATE_PARAMETERS
, *PMAILSLOT_CREATE_PARAMETERS
;
1264 typedef struct _MBCB
{
1265 CSHORT NodeTypeCode
;
1266 CSHORT NodeIsInZone
;
1270 LIST_ENTRY BitmapRanges
;
1271 LONGLONG ResumeWritePage
;
1272 BITMAP_RANGE BitmapRange1
;
1273 BITMAP_RANGE BitmapRange2
;
1274 BITMAP_RANGE BitmapRange3
;
1277 typedef struct _MOVEFILE_DESCRIPTOR
{
1280 LARGE_INTEGER StartVcn
;
1281 LARGE_INTEGER TargetLcn
;
1284 } MOVEFILE_DESCRIPTOR
, *PMOVEFILE_DESCRIPTOR
;
1286 typedef struct _NAMED_PIPE_CREATE_PARAMETERS
{
1287 ULONG NamedPipeType
;
1289 ULONG CompletionMode
;
1290 ULONG MaximumInstances
;
1292 ULONG OutboundQuota
;
1293 LARGE_INTEGER DefaultTimeout
;
1294 BOOLEAN TimeoutSpecified
;
1295 } NAMED_PIPE_CREATE_PARAMETERS
, *PNAMED_PIPE_CREATE_PARAMETERS
;
1297 typedef struct _OBJECT_BASIC_INFO
{
1299 ACCESS_MASK GrantedAccess
;
1301 ULONG ReferenceCount
;
1302 ULONG PagedPoolUsage
;
1303 ULONG NonPagedPoolUsage
;
1305 ULONG NameInformationLength
;
1306 ULONG TypeInformationLength
;
1307 ULONG SecurityDescriptorLength
;
1308 LARGE_INTEGER CreateTime
;
1309 } OBJECT_BASIC_INFO
, *POBJECT_BASIC_INFO
;
1311 typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFO
{
1313 BOOLEAN ProtectFromClose
;
1314 } OBJECT_HANDLE_ATTRIBUTE_INFO
, *POBJECT_HANDLE_ATTRIBUTE_INFO
;
1316 typedef struct _OBJECT_NAME_INFO
{
1317 UNICODE_STRING ObjectName
;
1318 WCHAR ObjectNameBuffer
[1];
1319 } OBJECT_NAME_INFO
, *POBJECT_NAME_INFO
;
1321 typedef struct _OBJECT_PROTECTION_INFO
{
1323 BOOLEAN ProtectHandle
;
1324 } OBJECT_PROTECTION_INFO
, *POBJECT_PROTECTION_INFO
;
1326 typedef struct _OBJECT_TYPE_INFO
{
1327 UNICODE_STRING ObjectTypeName
;
1328 UCHAR Unknown
[0x58];
1329 WCHAR ObjectTypeNameBuffer
[1];
1330 } OBJECT_TYPE_INFO
, *POBJECT_TYPE_INFO
;
1332 typedef struct _OBJECT_ALL_TYPES_INFO
{
1333 ULONG NumberOfObjectTypes
;
1334 OBJECT_TYPE_INFO ObjectsTypeInfo
[1];
1335 } OBJECT_ALL_TYPES_INFO
, *POBJECT_ALL_TYPES_INFO
;
1337 typedef struct _PAGEFAULT_HISTORY
{
1340 KSPIN_LOCK SpinLock
;
1342 PROCESS_WS_WATCH_INFORMATION WatchInfo
[1];
1343 } PAGEFAULT_HISTORY
, *PPAGEFAULT_HISTORY
;
1345 typedef struct _PATHNAME_BUFFER
{
1346 ULONG PathNameLength
;
1348 } PATHNAME_BUFFER
, *PPATHNAME_BUFFER
;
1350 #if (VER_PRODUCTBUILD >= 2600)
1352 typedef struct _PRIVATE_CACHE_MAP_FLAGS
{
1354 ULONG ReadAheadActive
: 1;
1355 ULONG ReadAheadEnabled
: 1;
1356 ULONG Available
: 14;
1357 } PRIVATE_CACHE_MAP_FLAGS
, *PPRIVATE_CACHE_MAP_FLAGS
;
1359 typedef struct _PRIVATE_CACHE_MAP
{
1360 _ANONYMOUS_UNION
union {
1361 CSHORT NodeTypeCode
;
1362 PRIVATE_CACHE_MAP_FLAGS Flags
;
1365 ULONG ReadAheadMask
;
1366 PFILE_OBJECT FileObject
;
1367 LARGE_INTEGER FileOffset1
;
1368 LARGE_INTEGER BeyondLastByte1
;
1369 LARGE_INTEGER FileOffset2
;
1370 LARGE_INTEGER BeyondLastByte2
;
1371 LARGE_INTEGER ReadAheadOffset
[2];
1372 ULONG ReadAheadLength
[2];
1373 KSPIN_LOCK ReadAheadSpinLock
;
1374 LIST_ENTRY PrivateLinks
;
1375 } PRIVATE_CACHE_MAP
, *PPRIVATE_CACHE_MAP
;
1379 typedef struct _PS_IMPERSONATION_INFORMATION
{
1380 PACCESS_TOKEN Token
;
1382 BOOLEAN EffectiveOnly
;
1383 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
;
1384 } PS_IMPERSONATION_INFORMATION
, *PPS_IMPERSONATION_INFORMATION
;
1386 typedef struct _PUBLIC_BCB
{
1387 CSHORT NodeTypeCode
;
1388 CSHORT NodeByteSize
;
1390 LARGE_INTEGER MappedFileOffset
;
1391 } PUBLIC_BCB
, *PPUBLIC_BCB
;
1393 typedef struct _QUERY_PATH_REQUEST
{
1394 ULONG PathNameLength
;
1395 PIO_SECURITY_CONTEXT SecurityContext
;
1396 WCHAR FilePathName
[1];
1397 } QUERY_PATH_REQUEST
, *PQUERY_PATH_REQUEST
;
1399 typedef struct _QUERY_PATH_RESPONSE
{
1400 ULONG LengthAccepted
;
1401 } QUERY_PATH_RESPONSE
, *PQUERY_PATH_RESPONSE
;
1403 #pragma pack(push,8)
1404 typedef struct _RETRIEVAL_POINTERS_BUFFER
{
1406 LARGE_INTEGER StartingVcn
;
1408 LARGE_INTEGER NextVcn
;
1411 } RETRIEVAL_POINTERS_BUFFER
, *PRETRIEVAL_POINTERS_BUFFER
;
1414 typedef struct _RTL_SPLAY_LINKS
{
1415 struct _RTL_SPLAY_LINKS
*Parent
;
1416 struct _RTL_SPLAY_LINKS
*LeftChild
;
1417 struct _RTL_SPLAY_LINKS
*RightChild
;
1418 } RTL_SPLAY_LINKS
, *PRTL_SPLAY_LINKS
;
1420 typedef struct _SE_EXPORTS
{
1422 LUID SeCreateTokenPrivilege
;
1423 LUID SeAssignPrimaryTokenPrivilege
;
1424 LUID SeLockMemoryPrivilege
;
1425 LUID SeIncreaseQuotaPrivilege
;
1426 LUID SeUnsolicitedInputPrivilege
;
1427 LUID SeTcbPrivilege
;
1428 LUID SeSecurityPrivilege
;
1429 LUID SeTakeOwnershipPrivilege
;
1430 LUID SeLoadDriverPrivilege
;
1431 LUID SeCreatePagefilePrivilege
;
1432 LUID SeIncreaseBasePriorityPrivilege
;
1433 LUID SeSystemProfilePrivilege
;
1434 LUID SeSystemtimePrivilege
;
1435 LUID SeProfileSingleProcessPrivilege
;
1436 LUID SeCreatePermanentPrivilege
;
1437 LUID SeBackupPrivilege
;
1438 LUID SeRestorePrivilege
;
1439 LUID SeShutdownPrivilege
;
1440 LUID SeDebugPrivilege
;
1441 LUID SeAuditPrivilege
;
1442 LUID SeSystemEnvironmentPrivilege
;
1443 LUID SeChangeNotifyPrivilege
;
1444 LUID SeRemoteShutdownPrivilege
;
1449 PSID SeCreatorOwnerSid
;
1450 PSID SeCreatorGroupSid
;
1452 PSID SeNtAuthoritySid
;
1456 PSID SeInteractiveSid
;
1457 PSID SeLocalSystemSid
;
1458 PSID SeAliasAdminsSid
;
1459 PSID SeAliasUsersSid
;
1460 PSID SeAliasGuestsSid
;
1461 PSID SeAliasPowerUsersSid
;
1462 PSID SeAliasAccountOpsSid
;
1463 PSID SeAliasSystemOpsSid
;
1464 PSID SeAliasPrintOpsSid
;
1465 PSID SeAliasBackupOpsSid
;
1467 PSID SeAuthenticatedUsersSid
;
1469 PSID SeRestrictedSid
;
1470 PSID SeAnonymousLogonSid
;
1472 LUID SeUndockPrivilege
;
1473 LUID SeSyncAgentPrivilege
;
1474 LUID SeEnableDelegationPrivilege
;
1476 } SE_EXPORTS
, *PSE_EXPORTS
;
1478 typedef struct _SECTION_BASIC_INFORMATION
{
1482 } SECTION_BASIC_INFORMATION
, *PSECTION_BASIC_INFORMATION
;
1484 typedef struct _SECTION_IMAGE_INFORMATION
{
1487 ULONG_PTR StackReserve
;
1488 ULONG_PTR StackCommit
;
1490 USHORT MinorSubsystemVersion
;
1491 USHORT MajorSubsystemVersion
;
1493 ULONG Characteristics
;
1498 } SECTION_IMAGE_INFORMATION
, *PSECTION_IMAGE_INFORMATION
;
1500 #if (VER_PRODUCTBUILD >= 2600)
1502 typedef struct _SHARED_CACHE_MAP
{
1503 CSHORT NodeTypeCode
;
1504 CSHORT NodeByteSize
;
1506 LARGE_INTEGER FileSize
;
1508 LARGE_INTEGER SectionSize
;
1509 LARGE_INTEGER ValidDataLength
;
1510 LARGE_INTEGER ValidDataGoal
;
1511 PVACB InitialVacbs
[4];
1513 PFILE_OBJECT FileObject
;
1517 ULONG NeedToZeroPage
;
1518 KSPIN_LOCK ActiveVacbSpinLock
;
1519 ULONG VacbActiveCount
;
1521 LIST_ENTRY SharedCacheMapLinks
;
1526 PKEVENT CreateEvent
;
1527 PKEVENT WaitOnActiveCount
;
1529 LONGLONG BeyondLastFlush
;
1530 PCACHE_MANAGER_CALLBACKS Callbacks
;
1531 PVOID LazyWriteContext
;
1532 LIST_ENTRY PrivateList
;
1534 PVOID FlushToLsnRoutine
;
1535 ULONG DirtyPageThreshold
;
1536 ULONG LazyWritePassCount
;
1537 PCACHE_UNINITIALIZE_EVENT UninitializeEvent
;
1538 PVACB NeedToZeroVacb
;
1539 KSPIN_LOCK BcbSpinLock
;
1542 EX_PUSH_LOCK VacbPushLock
;
1543 PRIVATE_CACHE_MAP PrivateCacheMap
;
1544 } SHARED_CACHE_MAP
, *PSHARED_CACHE_MAP
;
1548 typedef struct _STARTING_VCN_INPUT_BUFFER
{
1549 LARGE_INTEGER StartingVcn
;
1550 } STARTING_VCN_INPUT_BUFFER
, *PSTARTING_VCN_INPUT_BUFFER
;
1552 typedef struct _SYSTEM_CACHE_INFORMATION
{
1555 ULONG PageFaultCount
;
1556 ULONG MinimumWorkingSet
;
1557 ULONG MaximumWorkingSet
;
1559 } SYSTEM_CACHE_INFORMATION
, *PSYSTEM_CACHE_INFORMATION
;
1561 typedef struct _SECURITY_CLIENT_CONTEXT
{
1562 SECURITY_QUALITY_OF_SERVICE SecurityQos
;
1563 PACCESS_TOKEN ClientToken
;
1564 BOOLEAN DirectlyAccessClientToken
;
1565 BOOLEAN DirectAccessEffectiveOnly
;
1566 BOOLEAN ServerIsRemote
;
1567 TOKEN_CONTROL ClientTokenControl
;
1568 } SECURITY_CLIENT_CONTEXT
, *PSECURITY_CLIENT_CONTEXT
;
1570 typedef struct _TUNNEL
{
1572 PRTL_SPLAY_LINKS Cache
;
1573 LIST_ENTRY TimerQueue
;
1577 typedef struct _VACB
{
1579 PSHARED_CACHE_MAP SharedCacheMap
;
1581 LARGE_INTEGER FileOffset
;
1587 typedef struct _VAD_HEADER
{
1590 PVAD_HEADER ParentLink
;
1591 PVAD_HEADER LeftLink
;
1592 PVAD_HEADER RightLink
;
1593 ULONG Flags
; /* LSB = CommitCharge */
1595 PVOID FirstProtoPte
;
1599 } VAD_HEADER
, *PVAD_HEADER
;
1605 IN PFILE_OBJECT FileObject
,
1606 IN ULONG BytesToWrite
,
1615 IN PFILE_OBJECT FileObject
,
1616 IN PLARGE_INTEGER FileOffset
,
1620 OUT PIO_STATUS_BLOCK IoStatus
1627 IN PFILE_OBJECT FileObject
,
1628 IN PLARGE_INTEGER FileOffset
,
1634 #define CcCopyWriteWontFlush(FO, FOFF, LEN) ((LEN) <= 0x10000)
1636 typedef VOID (NTAPI
*PCC_POST_DEFERRED_WRITE
) (
1645 IN PFILE_OBJECT FileObject
,
1646 IN PCC_POST_DEFERRED_WRITE PostRoutine
,
1649 IN ULONG BytesToWrite
,
1657 IN PFILE_OBJECT FileObject
,
1658 IN ULONG FileOffset
,
1662 OUT PIO_STATUS_BLOCK IoStatus
1669 IN PFILE_OBJECT FileObject
,
1670 IN ULONG FileOffset
,
1679 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
1680 IN PLARGE_INTEGER FileOffset OPTIONAL
,
1682 OUT PIO_STATUS_BLOCK IoStatus OPTIONAL
1685 typedef VOID (*PDIRTY_PAGE_ROUTINE
) (
1686 IN PFILE_OBJECT FileObject
,
1687 IN PLARGE_INTEGER FileOffset
,
1689 IN PLARGE_INTEGER OldestLsn
,
1690 IN PLARGE_INTEGER NewestLsn
,
1700 IN PDIRTY_PAGE_ROUTINE DirtyPageRoutine
,
1708 CcGetFileObjectFromBcb (
1715 CcGetFileObjectFromSectionPtrs (
1716 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
1719 #define CcGetFileSizePointer(FO) ( \
1720 ((PLARGE_INTEGER)((FO)->SectionObjectPointer->SharedCacheMap) + 1) \
1723 #if (VER_PRODUCTBUILD >= 2195)
1728 CcGetFlushedValidData (
1729 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
1730 IN BOOLEAN BcbListHeld
1733 #endif /* (VER_PRODUCTBUILD >= 2195) */
1737 CcGetLsnForFileObject (
1738 IN PFILE_OBJECT FileObject
,
1739 OUT PLARGE_INTEGER OldestLsn OPTIONAL
1742 typedef BOOLEAN (NTAPI
*PACQUIRE_FOR_LAZY_WRITE
) (
1747 typedef VOID (NTAPI
*PRELEASE_FROM_LAZY_WRITE
) (
1751 typedef BOOLEAN (NTAPI
*PACQUIRE_FOR_READ_AHEAD
) (
1756 typedef VOID (NTAPI
*PRELEASE_FROM_READ_AHEAD
) (
1760 typedef struct _CACHE_MANAGER_CALLBACKS
{
1761 PACQUIRE_FOR_LAZY_WRITE AcquireForLazyWrite
;
1762 PRELEASE_FROM_LAZY_WRITE ReleaseFromLazyWrite
;
1763 PACQUIRE_FOR_READ_AHEAD AcquireForReadAhead
;
1764 PRELEASE_FROM_READ_AHEAD ReleaseFromReadAhead
;
1765 } CACHE_MANAGER_CALLBACKS
, *PCACHE_MANAGER_CALLBACKS
;
1770 CcInitializeCacheMap (
1771 IN PFILE_OBJECT FileObject
,
1772 IN PCC_FILE_SIZES FileSizes
,
1773 IN BOOLEAN PinAccess
,
1774 IN PCACHE_MANAGER_CALLBACKS Callbacks
,
1775 IN PVOID LazyWriteContext
1778 #define CcIsFileCached(FO) ( \
1779 ((FO)->SectionObjectPointer != NULL) && \
1780 (((PSECTION_OBJECT_POINTERS)(FO)->SectionObjectPointer)->SharedCacheMap != NULL) \
1786 CcIsThereDirtyData (
1794 IN PFILE_OBJECT FileObject
,
1795 IN PLARGE_INTEGER FileOffset
,
1806 IN PFILE_OBJECT FileObject
,
1807 IN PLARGE_INTEGER FileOffset
,
1810 OUT PIO_STATUS_BLOCK IoStatus
1817 IN PFILE_OBJECT FileObject
,
1824 CcMdlWriteComplete (
1825 IN PFILE_OBJECT FileObject
,
1826 IN PLARGE_INTEGER FileOffset
,
1834 IN PFILE_OBJECT FileObject
,
1835 IN PLARGE_INTEGER FileOffset
,
1837 #if (VER_PRODUCTBUILD >= 2195)
1849 IN PFILE_OBJECT FileObject
,
1850 IN PLARGE_INTEGER FileOffset
,
1852 #if (VER_PRODUCTBUILD >= 2195)
1865 IN PFILE_OBJECT FileObject
,
1866 IN PLARGE_INTEGER FileOffset
,
1869 OUT PIO_STATUS_BLOCK IoStatus
1876 IN PFILE_OBJECT FileObject
,
1877 IN PLARGE_INTEGER FileOffset
,
1880 #if (VER_PRODUCTBUILD >= 2195)
1892 CcPurgeCacheSection (
1893 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
1894 IN PLARGE_INTEGER FileOffset OPTIONAL
,
1896 IN BOOLEAN UninitializeCacheMaps
1899 #define CcReadAhead(FO, FOFF, LEN) ( \
1900 if ((LEN) >= 256) { \
1901 CcScheduleReadAhead((FO), (FOFF), (LEN)); \
1905 #if (VER_PRODUCTBUILD >= 2195)
1914 #endif /* (VER_PRODUCTBUILD >= 2195) */
1926 CcScheduleReadAhead (
1927 IN PFILE_OBJECT FileObject
,
1928 IN PLARGE_INTEGER FileOffset
,
1935 CcSetAdditionalCacheAttributes (
1936 IN PFILE_OBJECT FileObject
,
1937 IN BOOLEAN DisableReadAhead
,
1938 IN BOOLEAN DisableWriteBehind
1944 CcSetBcbOwnerPointer (
1946 IN PVOID OwnerPointer
1952 CcSetDirtyPageThreshold (
1953 IN PFILE_OBJECT FileObject
,
1954 IN ULONG DirtyPageThreshold
1960 CcSetDirtyPinnedData (
1962 IN PLARGE_INTEGER Lsn OPTIONAL
1969 IN PFILE_OBJECT FileObject
,
1970 IN PCC_FILE_SIZES FileSizes
1973 typedef VOID (NTAPI
*PFLUSH_TO_LSN
) (
1975 IN PLARGE_INTEGER Lsn
1981 CcSetLogHandleForFile (
1982 IN PFILE_OBJECT FileObject
,
1984 IN PFLUSH_TO_LSN FlushToLsnRoutine
1990 CcSetReadAheadGranularity (
1991 IN PFILE_OBJECT FileObject
,
1992 IN ULONG Granularity
/* default: PAGE_SIZE */
1993 /* allowed: 2^n * PAGE_SIZE */
1999 CcUninitializeCacheMap (
2000 IN PFILE_OBJECT FileObject
,
2001 IN PLARGE_INTEGER TruncateSize OPTIONAL
,
2002 IN PCACHE_UNINITIALIZE_EVENT UninitializeCompleteEvent OPTIONAL
2015 CcUnpinDataForThread (
2017 IN ERESOURCE_THREAD ResourceThreadId
2023 CcUnpinRepinnedBcb (
2025 IN BOOLEAN WriteThrough
,
2026 OUT PIO_STATUS_BLOCK IoStatus
2029 #if (VER_PRODUCTBUILD >= 2195)
2034 CcWaitForCurrentLazyWriterActivity (
2038 #endif /* (VER_PRODUCTBUILD >= 2195) */
2044 IN PFILE_OBJECT FileObject
,
2045 IN PLARGE_INTEGER StartOffset
,
2046 IN PLARGE_INTEGER EndOffset
,
2053 ExDisableResourceBoostLite (
2054 IN PERESOURCE Resource
2060 ExQueryPoolBlockSize (
2062 OUT PBOOLEAN QuotaCharged
2065 #define FlagOn(x, f) ((x) & (f))
2070 FsRtlAddToTunnelCache (
2072 IN ULONGLONG DirectoryKey
,
2073 IN PUNICODE_STRING ShortName
,
2074 IN PUNICODE_STRING LongName
,
2075 IN BOOLEAN KeyByShortName
,
2076 IN ULONG DataLength
,
2080 #if (VER_PRODUCTBUILD >= 2195)
2084 FsRtlAllocateFileLock (
2085 IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL
,
2086 IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL
2089 #endif /* (VER_PRODUCTBUILD >= 2195) */
2095 IN POOL_TYPE PoolType
,
2096 IN ULONG NumberOfBytes
2102 FsRtlAllocatePoolWithQuota (
2103 IN POOL_TYPE PoolType
,
2104 IN ULONG NumberOfBytes
2110 FsRtlAllocatePoolWithQuotaTag (
2111 IN POOL_TYPE PoolType
,
2112 IN ULONG NumberOfBytes
,
2119 FsRtlAllocatePoolWithTag (
2120 IN POOL_TYPE PoolType
,
2121 IN ULONG NumberOfBytes
,
2128 FsRtlAreNamesEqual (
2129 IN PUNICODE_STRING Name1
,
2130 IN PUNICODE_STRING Name2
,
2131 IN BOOLEAN IgnoreCase
,
2132 IN PWCHAR UpcaseTable OPTIONAL
2135 #define FsRtlAreThereCurrentFileLocks(FL) ( \
2136 ((FL)->FastIoIsQuestionable) \
2140 FsRtlCheckLockForReadAccess:
2142 All this really does is pick out the lock parameters from the irp (io stack
2143 location?), get IoGetRequestorProcess, and pass values on to
2144 FsRtlFastCheckLockForRead.
2149 FsRtlCheckLockForReadAccess (
2150 IN PFILE_LOCK FileLock
,
2155 FsRtlCheckLockForWriteAccess:
2157 All this really does is pick out the lock parameters from the irp (io stack
2158 location?), get IoGetRequestorProcess, and pass values on to
2159 FsRtlFastCheckLockForWrite.
2164 FsRtlCheckLockForWriteAccess (
2165 IN PFILE_LOCK FileLock
,
2171 (*POPLOCK_WAIT_COMPLETE_ROUTINE
) (
2178 (*POPLOCK_FS_PREPOST_IRP
) (
2190 IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL
,
2191 IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL
2198 IN PFILE_OBJECT FileObject
,
2199 IN PLARGE_INTEGER FileOffset
,
2204 OUT PIO_STATUS_BLOCK IoStatus
,
2205 IN PDEVICE_OBJECT DeviceObject
2212 IN PFILE_OBJECT FileObject
,
2213 IN PLARGE_INTEGER FileOffset
,
2218 OUT PIO_STATUS_BLOCK IoStatus
,
2219 IN PDEVICE_OBJECT DeviceObject
2225 FsRtlCurrentBatchOplock (
2232 FsRtlDeleteKeyFromTunnelCache (
2234 IN ULONGLONG DirectoryKey
2240 FsRtlDeleteTunnelCache (
2247 FsRtlDeregisterUncProvider (
2255 IN ANSI_STRING Name
,
2256 OUT PANSI_STRING FirstPart
,
2257 OUT PANSI_STRING RemainingPart
2264 IN UNICODE_STRING Name
,
2265 OUT PUNICODE_STRING FirstPart
,
2266 OUT PUNICODE_STRING RemainingPart
2272 FsRtlDoesDbcsContainWildCards (
2273 IN PANSI_STRING Name
2279 FsRtlDoesNameContainWildCards (
2280 IN PUNICODE_STRING Name
2283 #define FsRtlEnterFileSystem KeEnterCriticalRegion
2285 #define FsRtlExitFileSystem KeLeaveCriticalRegion
2290 FsRtlFastCheckLockForRead (
2291 IN PFILE_LOCK FileLock
,
2292 IN PLARGE_INTEGER FileOffset
,
2293 IN PLARGE_INTEGER Length
,
2295 IN PFILE_OBJECT FileObject
,
2296 IN PEPROCESS Process
2302 FsRtlFastCheckLockForWrite (
2303 IN PFILE_LOCK FileLock
,
2304 IN PLARGE_INTEGER FileOffset
,
2305 IN PLARGE_INTEGER Length
,
2307 IN PFILE_OBJECT FileObject
,
2308 IN PEPROCESS Process
2311 #define FsRtlFastLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, A10, A11) ( \
2312 FsRtlPrivateLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, NULL, A10, A11) \
2318 FsRtlFastUnlockAll (
2319 IN PFILE_LOCK FileLock
,
2320 IN PFILE_OBJECT FileObject
,
2321 IN PEPROCESS Process
,
2322 IN PVOID Context OPTIONAL
2324 /* ret: STATUS_RANGE_NOT_LOCKED */
2329 FsRtlFastUnlockAllByKey (
2330 IN PFILE_LOCK FileLock
,
2331 IN PFILE_OBJECT FileObject
,
2332 IN PEPROCESS Process
,
2334 IN PVOID Context OPTIONAL
2336 /* ret: STATUS_RANGE_NOT_LOCKED */
2341 FsRtlFastUnlockSingle (
2342 IN PFILE_LOCK FileLock
,
2343 IN PFILE_OBJECT FileObject
,
2344 IN PLARGE_INTEGER FileOffset
,
2345 IN PLARGE_INTEGER Length
,
2346 IN PEPROCESS Process
,
2348 IN PVOID Context OPTIONAL
,
2349 IN BOOLEAN AlreadySynchronized
2351 /* ret: STATUS_RANGE_NOT_LOCKED */
2356 FsRtlFindInTunnelCache (
2358 IN ULONGLONG DirectoryKey
,
2359 IN PUNICODE_STRING Name
,
2360 OUT PUNICODE_STRING ShortName
,
2361 OUT PUNICODE_STRING LongName
,
2362 IN OUT PULONG DataLength
,
2366 #if (VER_PRODUCTBUILD >= 2195)
2372 IN PFILE_LOCK FileLock
2375 #endif /* (VER_PRODUCTBUILD >= 2195) */
2381 IN PFILE_OBJECT FileObject
,
2382 IN OUT PLARGE_INTEGER FileSize
2386 FsRtlGetNextFileLock:
2388 ret: NULL if no more locks
2391 FsRtlGetNextFileLock uses FileLock->LastReturnedLockInfo and
2392 FileLock->LastReturnedLock as storage.
2393 LastReturnedLock is a pointer to the 'raw' lock inkl. double linked
2394 list, and FsRtlGetNextFileLock needs this to get next lock on subsequent
2395 calls with Restart = FALSE.
2400 FsRtlGetNextFileLock (
2401 IN PFILE_LOCK FileLock
,
2408 FsRtlInitializeFileLock (
2409 IN PFILE_LOCK FileLock
,
2410 IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL
,
2411 IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL
2417 FsRtlInitializeOplock (
2418 IN OUT POPLOCK Oplock
2424 FsRtlInitializeTunnelCache (
2431 FsRtlIsNameInExpression (
2432 IN PUNICODE_STRING Expression
,
2433 IN PUNICODE_STRING Name
,
2434 IN BOOLEAN IgnoreCase
,
2435 IN PWCHAR UpcaseTable OPTIONAL
2441 FsRtlIsNtstatusExpected (
2442 IN NTSTATUS Ntstatus
2445 #define FsRtlIsUnicodeCharacterWild(C) ( \
2448 FlagOn((*FsRtlLegalAnsiCharacterArray)[(C)], FSRTL_WILD_CHARACTER )) \
2454 FsRtlMdlReadComplete (
2455 IN PFILE_OBJECT FileObject
,
2462 FsRtlMdlReadCompleteDev (
2463 IN PFILE_OBJECT FileObject
,
2465 IN PDEVICE_OBJECT DeviceObject
2471 FsRtlMdlWriteComplete (
2472 IN PFILE_OBJECT FileObject
,
2473 IN PLARGE_INTEGER FileOffset
,
2480 FsRtlMdlWriteCompleteDev (
2481 IN PFILE_OBJECT FileObject
,
2482 IN PLARGE_INTEGER FileOffset
,
2484 IN PDEVICE_OBJECT DeviceObject
2490 FsRtlNormalizeNtstatus (
2491 IN NTSTATUS Exception
,
2492 IN NTSTATUS GenericException
2498 FsRtlNotifyChangeDirectory (
2499 IN PNOTIFY_SYNC NotifySync
,
2501 IN PSTRING FullDirectoryName
,
2502 IN PLIST_ENTRY NotifyList
,
2503 IN BOOLEAN WatchTree
,
2504 IN ULONG CompletionFilter
,
2511 FsRtlNotifyCleanup (
2512 IN PNOTIFY_SYNC NotifySync
,
2513 IN PLIST_ENTRY NotifyList
,
2517 typedef BOOLEAN (*PCHECK_FOR_TRAVERSE_ACCESS
) (
2518 IN PVOID NotifyContext
,
2519 IN PVOID TargetContext
,
2520 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
2526 FsRtlNotifyFullChangeDirectory (
2527 IN PNOTIFY_SYNC NotifySync
,
2528 IN PLIST_ENTRY NotifyList
,
2530 IN PSTRING FullDirectoryName
,
2531 IN BOOLEAN WatchTree
,
2532 IN BOOLEAN IgnoreBuffer
,
2533 IN ULONG CompletionFilter
,
2535 IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL
,
2536 IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL
2542 FsRtlNotifyFullReportChange (
2543 IN PNOTIFY_SYNC NotifySync
,
2544 IN PLIST_ENTRY NotifyList
,
2545 IN PSTRING FullTargetName
,
2546 IN USHORT TargetNameOffset
,
2547 IN PSTRING StreamName OPTIONAL
,
2548 IN PSTRING NormalizedParentName OPTIONAL
,
2549 IN ULONG FilterMatch
,
2551 IN PVOID TargetContext
2557 FsRtlNotifyInitializeSync (
2558 IN PNOTIFY_SYNC NotifySync
2564 FsRtlNotifyReportChange (
2565 IN PNOTIFY_SYNC NotifySync
,
2566 IN PLIST_ENTRY NotifyList
,
2567 IN PSTRING FullTargetName
,
2568 IN PUSHORT FileNamePartLength
,
2569 IN ULONG FilterMatch
2575 FsRtlNotifyUninitializeSync (
2576 IN PNOTIFY_SYNC NotifySync
2579 #if (VER_PRODUCTBUILD >= 2195)
2584 FsRtlNotifyVolumeEvent (
2585 IN PFILE_OBJECT FileObject
,
2589 #endif /* (VER_PRODUCTBUILD >= 2195) */
2603 FsRtlOplockIsFastIoPossible (
2610 ret: IoStatus->Status: STATUS_PENDING, STATUS_LOCK_NOT_GRANTED
2613 -Calls IoCompleteRequest if Irp
2614 -Uses exception handling / ExRaiseStatus with STATUS_INSUFFICIENT_RESOURCES
2620 IN PFILE_LOCK FileLock
,
2621 IN PFILE_OBJECT FileObject
,
2622 IN PLARGE_INTEGER FileOffset
,
2623 IN PLARGE_INTEGER Length
,
2624 IN PEPROCESS Process
,
2626 IN BOOLEAN FailImmediately
,
2627 IN BOOLEAN ExclusiveLock
,
2628 OUT PIO_STATUS_BLOCK IoStatus
,
2629 IN PIRP Irp OPTIONAL
,
2631 IN BOOLEAN AlreadySynchronized
2635 FsRtlProcessFileLock:
2638 -STATUS_INVALID_DEVICE_REQUEST
2639 -STATUS_RANGE_NOT_LOCKED from unlock routines.
2640 -STATUS_PENDING, STATUS_LOCK_NOT_GRANTED from FsRtlPrivateLock
2641 (redirected IoStatus->Status).
2644 -switch ( Irp->CurrentStackLocation->MinorFunction )
2645 lock: return FsRtlPrivateLock;
2646 unlocksingle: return FsRtlFastUnlockSingle;
2647 unlockall: return FsRtlFastUnlockAll;
2648 unlockallbykey: return FsRtlFastUnlockAllByKey;
2649 default: IofCompleteRequest with STATUS_INVALID_DEVICE_REQUEST;
2650 return STATUS_INVALID_DEVICE_REQUEST;
2652 -'AllwaysZero' is passed thru as 'AllwaysZero' to lock / unlock routines.
2653 -'Irp' is passet thru as 'Irp' to FsRtlPrivateLock.
2658 FsRtlProcessFileLock (
2659 IN PFILE_LOCK FileLock
,
2661 IN PVOID Context OPTIONAL
2667 FsRtlRegisterUncProvider (
2668 IN OUT PHANDLE MupHandle
,
2669 IN PUNICODE_STRING RedirectorDeviceName
,
2670 IN BOOLEAN MailslotsSupported
2676 FsRtlUninitializeFileLock (
2677 IN PFILE_LOCK FileLock
2683 FsRtlUninitializeOplock (
2684 IN OUT POPLOCK Oplock
2697 HalQueryRealTimeClock (
2698 IN OUT PTIME_FIELDS TimeFields
2704 HalSetRealTimeClock (
2705 IN PTIME_FIELDS TimeFields
2708 #define InitializeMessageHeader(m, l, t) { \
2709 (m)->Length = (USHORT)(l); \
2710 (m)->DataLength = (USHORT)(l - sizeof( LPC_MESSAGE )); \
2711 (m)->MessageType = (USHORT)(t); \
2712 (m)->DataInfoOffset = 0; \
2718 IoAcquireVpbSpinLock (
2725 IoCheckDesiredAccess (
2726 IN OUT PACCESS_MASK DesiredAccess
,
2727 IN ACCESS_MASK GrantedAccess
2733 IoCheckEaBufferValidity (
2734 IN PFILE_FULL_EA_INFORMATION EaBuffer
,
2736 OUT PULONG ErrorOffset
2742 IoCheckFunctionAccess (
2743 IN ACCESS_MASK GrantedAccess
,
2744 IN UCHAR MajorFunction
,
2745 IN UCHAR MinorFunction
,
2746 IN ULONG IoControlCode
,
2747 IN PFILE_INFORMATION_CLASS FileInformationClass OPTIONAL
,
2748 IN PFS_INFORMATION_CLASS FsInformationClass OPTIONAL
2751 #if (VER_PRODUCTBUILD >= 2195)
2756 IoCheckQuotaBufferValidity (
2757 IN PFILE_QUOTA_INFORMATION QuotaBuffer
,
2758 IN ULONG QuotaLength
,
2759 OUT PULONG ErrorOffset
2762 #endif /* (VER_PRODUCTBUILD >= 2195) */
2767 IoCreateStreamFileObject (
2768 IN PFILE_OBJECT FileObject OPTIONAL
,
2769 IN PDEVICE_OBJECT DeviceObject OPTIONAL
2772 #if (VER_PRODUCTBUILD >= 2195)
2777 IoCreateStreamFileObjectLite (
2778 IN PFILE_OBJECT FileObject OPTIONAL
,
2779 IN PDEVICE_OBJECT DeviceObject OPTIONAL
2782 #endif /* (VER_PRODUCTBUILD >= 2195) */
2787 IoFastQueryNetworkAttributes (
2788 IN POBJECT_ATTRIBUTES ObjectAttributes
,
2789 IN ACCESS_MASK DesiredAccess
,
2790 IN ULONG OpenOptions
,
2791 OUT PIO_STATUS_BLOCK IoStatus
,
2792 OUT PFILE_NETWORK_OPEN_INFORMATION Buffer
2798 IoGetAttachedDevice (
2799 IN PDEVICE_OBJECT DeviceObject
2805 IoGetBaseFileSystemDeviceObject (
2806 IN PFILE_OBJECT FileObject
2812 IoGetRequestorProcess (
2816 #if (VER_PRODUCTBUILD >= 2195)
2821 IoGetRequestorProcessId (
2825 #endif /* (VER_PRODUCTBUILD >= 2195) */
2834 #define IoIsFileOpenedExclusively(FileObject) ( \
2836 (FileObject)->SharedRead || \
2837 (FileObject)->SharedWrite || \
2838 (FileObject)->SharedDelete \
2845 IoIsOperationSynchronous (
2856 #if (VER_PRODUCTBUILD >= 2195)
2861 IoIsValidNameGraftingBuffer (
2863 IN PREPARSE_DATA_BUFFER ReparseBuffer
2866 #endif /* (VER_PRODUCTBUILD >= 2195) */
2872 IN PFILE_OBJECT FileObject
,
2874 IN PLARGE_INTEGER Offset
,
2876 OUT PIO_STATUS_BLOCK IoStatusBlock
2882 IoQueryFileInformation (
2883 IN PFILE_OBJECT FileObject
,
2884 IN FILE_INFORMATION_CLASS FileInformationClass
,
2886 OUT PVOID FileInformation
,
2887 OUT PULONG ReturnedLength
2893 IoQueryVolumeInformation (
2894 IN PFILE_OBJECT FileObject
,
2895 IN FS_INFORMATION_CLASS FsInformationClass
,
2897 OUT PVOID FsInformation
,
2898 OUT PULONG ReturnedLength
2904 IoRegisterFileSystem (
2905 IN OUT PDEVICE_OBJECT DeviceObject
2908 #if (VER_PRODUCTBUILD >= 1381)
2910 typedef VOID (NTAPI
*PDRIVER_FS_NOTIFICATION
) (
2911 IN PDEVICE_OBJECT DeviceObject
,
2912 IN BOOLEAN DriverActive
2918 IoRegisterFsRegistrationChange (
2919 IN PDRIVER_OBJECT DriverObject
,
2920 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
2923 #endif /* (VER_PRODUCTBUILD >= 1381) */
2928 IoReleaseVpbSpinLock (
2935 IoSetDeviceToVerify (
2937 IN PDEVICE_OBJECT DeviceObject
2944 IN PFILE_OBJECT FileObject
,
2945 IN FILE_INFORMATION_CLASS FileInformationClass
,
2947 IN PVOID FileInformation
2960 IoSynchronousPageWrite (
2961 IN PFILE_OBJECT FileObject
,
2963 IN PLARGE_INTEGER FileOffset
,
2965 OUT PIO_STATUS_BLOCK IoStatusBlock
2978 IoUnregisterFileSystem (
2979 IN OUT PDEVICE_OBJECT DeviceObject
2982 #if (VER_PRODUCTBUILD >= 1381)
2987 IoUnregisterFsRegistrationChange (
2988 IN PDRIVER_OBJECT DriverObject
,
2989 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
2992 #endif /* (VER_PRODUCTBUILD >= 1381) */
2998 IN PDEVICE_OBJECT DeviceObject
,
2999 IN BOOLEAN AllowRawMount
3006 IN PKPROCESS Process
3021 IN ULONG Count OPTIONAL
3029 IN PLIST_ENTRY Entry
3037 IN PLIST_ENTRY Entry
3045 IN PVOID SystemArgument1
,
3046 IN PVOID SystemArgument2
,
3047 IN KPRIORITY PriorityBoost
3062 IN KPROCESSOR_MODE WaitMode
,
3063 IN PLARGE_INTEGER Timeout OPTIONAL
3073 #if (VER_PRODUCTBUILD >= 2195)
3078 KeStackAttachProcess (
3079 IN PKPROCESS Process
,
3080 OUT PKAPC_STATE ApcState
3086 KeUnstackDetachProcess (
3087 IN PKAPC_STATE ApcState
3090 #endif /* (VER_PRODUCTBUILD >= 2195) */
3095 MmCanFileBeTruncated (
3096 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
3097 IN PLARGE_INTEGER NewFileSize
3103 MmFlushImageSection (
3104 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
3105 IN MMFLUSH_TYPE FlushType
3111 MmForceSectionClosed (
3112 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
3113 IN BOOLEAN DelayClose
3116 #if (VER_PRODUCTBUILD >= 1381)
3121 MmIsRecursiveIoFault (
3127 #define MmIsRecursiveIoFault() ( \
3128 (PsGetCurrentThread()->DisablePageFaultClustering) | \
3129 (PsGetCurrentThread()->ForwardClusterOnly) \
3137 MmMapViewOfSection (
3138 IN PVOID SectionObject
,
3139 IN PEPROCESS Process
,
3140 IN OUT PVOID
*BaseAddress
,
3142 IN ULONG CommitSize
,
3143 IN OUT PLARGE_INTEGER SectionOffset OPTIONAL
,
3144 IN OUT PULONG ViewSize
,
3145 IN SECTION_INHERIT InheritDisposition
,
3146 IN ULONG AllocationType
,
3153 MmSetAddressRangeModified (
3162 IN KPROCESSOR_MODE ObjectAttributesAccessMode OPTIONAL
,
3163 IN POBJECT_TYPE ObjectType
,
3164 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
3165 IN KPROCESSOR_MODE AccessMode
,
3166 IN OUT PVOID ParseContext OPTIONAL
,
3167 IN ULONG ObjectSize
,
3168 IN ULONG PagedPoolCharge OPTIONAL
,
3169 IN ULONG NonPagedPoolCharge OPTIONAL
,
3176 ObGetObjectPointerCount (
3185 IN PACCESS_STATE PassedAccessState OPTIONAL
,
3186 IN ACCESS_MASK DesiredAccess
,
3187 IN ULONG AdditionalReferences
,
3188 OUT PVOID
*ReferencedObject OPTIONAL
,
3195 ObMakeTemporaryObject (
3202 ObOpenObjectByPointer (
3204 IN ULONG HandleAttributes
,
3205 IN PACCESS_STATE PassedAccessState OPTIONAL
,
3206 IN ACCESS_MASK DesiredAccess OPTIONAL
,
3207 IN POBJECT_TYPE ObjectType OPTIONAL
,
3208 IN KPROCESSOR_MODE AccessMode
,
3217 OUT POBJECT_NAME_INFORMATION ObjectNameInfo
,
3219 OUT PULONG ReturnLength
3225 ObQueryObjectAuditingByHandle (
3227 OUT PBOOLEAN GenerateOnClose
3233 ObReferenceObjectByName (
3234 IN PUNICODE_STRING ObjectName
,
3235 IN ULONG Attributes
,
3236 IN PACCESS_STATE PassedAccessState OPTIONAL
,
3237 IN ACCESS_MASK DesiredAccess OPTIONAL
,
3238 IN POBJECT_TYPE ObjectType
,
3239 IN KPROCESSOR_MODE AccessMode
,
3240 IN OUT PVOID ParseContext OPTIONAL
,
3248 IN PEPROCESS Process
,
3249 IN POOL_TYPE PoolType
,
3253 #define PsDereferenceImpersonationToken(T) \
3254 {if (ARGUMENT_PRESENT(T)) { \
3255 (ObDereferenceObject((T))); \
3261 #define PsDereferencePrimaryToken(T) (ObDereferenceObject((T)))
3266 PsGetProcessExitTime (
3273 PsIsThreadTerminating (
3280 PsLookupProcessByProcessId (
3281 IN HANDLE ProcessId
,
3282 OUT PEPROCESS
*Process
3288 PsLookupProcessThreadByCid (
3290 OUT PEPROCESS
*Process OPTIONAL
,
3291 OUT PETHREAD
*Thread
3297 PsLookupThreadByThreadId (
3298 IN HANDLE UniqueThreadId
,
3299 OUT PETHREAD
*Thread
3305 PsReferenceImpersonationToken (
3307 OUT PBOOLEAN CopyOnUse
,
3308 OUT PBOOLEAN EffectiveOnly
,
3309 OUT PSECURITY_IMPERSONATION_LEVEL Level
3315 PsReferencePrimaryToken (
3316 IN PEPROCESS Process
3323 IN PEPROCESS Process
,
3324 IN POOL_TYPE PoolType
,
3338 RtlAbsoluteToSelfRelativeSD (
3339 IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor
,
3340 IN OUT PSECURITY_DESCRIPTOR_RELATIVE SelfRelativeSecurityDescriptor
,
3341 IN PULONG BufferLength
3348 IN HANDLE HeapHandle
,
3357 IN USHORT CompressionFormatAndEngine
,
3358 IN PUCHAR UncompressedBuffer
,
3359 IN ULONG UncompressedBufferSize
,
3360 OUT PUCHAR CompressedBuffer
,
3361 IN ULONG CompressedBufferSize
,
3362 IN ULONG UncompressedChunkSize
,
3363 OUT PULONG FinalCompressedSize
,
3371 IN PUCHAR UncompressedBuffer
,
3372 IN ULONG UncompressedBufferSize
,
3373 OUT PUCHAR CompressedBuffer
,
3374 IN ULONG CompressedBufferSize
,
3375 IN OUT PCOMPRESSED_DATA_INFO CompressedDataInfo
,
3376 IN ULONG CompressedDataInfoLength
,
3383 RtlConvertSidToUnicodeString (
3384 OUT PUNICODE_STRING DestinationString
,
3386 IN BOOLEAN AllocateDestinationString
3394 IN PSID Destination
,
3401 RtlDecompressBuffer (
3402 IN USHORT CompressionFormat
,
3403 OUT PUCHAR UncompressedBuffer
,
3404 IN ULONG UncompressedBufferSize
,
3405 IN PUCHAR CompressedBuffer
,
3406 IN ULONG CompressedBufferSize
,
3407 OUT PULONG FinalUncompressedSize
3413 RtlDecompressChunks (
3414 OUT PUCHAR UncompressedBuffer
,
3415 IN ULONG UncompressedBufferSize
,
3416 IN PUCHAR CompressedBuffer
,
3417 IN ULONG CompressedBufferSize
,
3418 IN PUCHAR CompressedTail
,
3419 IN ULONG CompressedTailSize
,
3420 IN PCOMPRESSED_DATA_INFO CompressedDataInfo
3426 RtlDecompressFragment (
3427 IN USHORT CompressionFormat
,
3428 OUT PUCHAR UncompressedFragment
,
3429 IN ULONG UncompressedFragmentSize
,
3430 IN PUCHAR CompressedBuffer
,
3431 IN ULONG CompressedBufferSize
,
3432 IN ULONG FragmentOffset
,
3433 OUT PULONG FinalUncompressedSize
,
3441 IN USHORT CompressionFormat
,
3442 IN OUT PUCHAR
*CompressedBuffer
,
3443 IN PUCHAR EndOfCompressedBufferPlus1
,
3444 OUT PUCHAR
*ChunkBuffer
,
3445 OUT PULONG ChunkSize
3459 RtlFillMemoryUlong (
3460 IN PVOID Destination
,
3469 IN HANDLE HeapHandle
,
3477 RtlGenerate8dot3Name (
3478 IN PUNICODE_STRING Name
,
3479 IN BOOLEAN AllowExtendedCharacters
,
3480 IN OUT PGENERATE_NAME_CONTEXT Context
,
3481 OUT PUNICODE_STRING Name8dot3
3487 RtlGetCompressionWorkSpaceSize (
3488 IN USHORT CompressionFormatAndEngine
,
3489 OUT PULONG CompressBufferWorkSpaceSize
,
3490 OUT PULONG CompressFragmentWorkSpaceSize
3496 RtlGetDaclSecurityDescriptor (
3497 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
3498 OUT PBOOLEAN DaclPresent
,
3500 OUT PBOOLEAN DaclDefaulted
3506 RtlGetGroupSecurityDescriptor (
3507 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
3509 OUT PBOOLEAN GroupDefaulted
3515 RtlGetOwnerSecurityDescriptor (
3516 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
3518 OUT PBOOLEAN OwnerDefaulted
3526 IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority
,
3527 IN UCHAR SubAuthorityCount
3533 RtlIsNameLegalDOS8Dot3 (
3534 IN PUNICODE_STRING UnicodeName
,
3535 IN PANSI_STRING AnsiName
,
3542 RtlLengthRequiredSid (
3543 IN UCHAR SubAuthorityCount
3556 RtlNtStatusToDosError (
3564 IN USHORT CompressionFormat
,
3565 IN OUT PUCHAR
*CompressedBuffer
,
3566 IN PUCHAR EndOfCompressedBufferPlus1
,
3567 OUT PUCHAR
*ChunkBuffer
,
3574 RtlSecondsSince1970ToTime (
3575 IN ULONG SecondsSince1970
,
3576 OUT PLARGE_INTEGER Time
3579 #if (VER_PRODUCTBUILD >= 2195)
3584 RtlSelfRelativeToAbsoluteSD (
3585 IN PSECURITY_DESCRIPTOR_RELATIVE SelfRelativeSD
,
3586 OUT PSECURITY_DESCRIPTOR AbsoluteSD
,
3587 IN PULONG AbsoluteSDSize
,
3593 IN PULONG OwnerSize
,
3594 IN PSID PrimaryGroup
,
3595 IN PULONG PrimaryGroupSize
3598 #endif /* (VER_PRODUCTBUILD >= 2195) */
3603 RtlSetGroupSecurityDescriptor (
3604 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
3606 IN BOOLEAN GroupDefaulted
3612 RtlSetOwnerSecurityDescriptor (
3613 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
3615 IN BOOLEAN OwnerDefaulted
3621 RtlSetSaclSecurityDescriptor (
3622 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
3623 IN BOOLEAN SaclPresent
,
3625 IN BOOLEAN SaclDefaulted
3631 RtlSubAuthorityCountSid (
3638 RtlSubAuthoritySid (
3640 IN ULONG SubAuthority
3653 SeAppendPrivileges (
3654 PACCESS_STATE AccessState
,
3655 PPRIVILEGE_SET Privileges
3661 SeAuditingFileEvents (
3662 IN BOOLEAN AccessGranted
,
3663 IN PSECURITY_DESCRIPTOR SecurityDescriptor
3669 SeAuditingFileOrGlobalEvents (
3670 IN BOOLEAN AccessGranted
,
3671 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
3672 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
3678 SeCaptureSubjectContext (
3679 OUT PSECURITY_SUBJECT_CONTEXT SubjectContext
3685 SeCreateAccessState (
3686 OUT PACCESS_STATE AccessState
,
3688 IN ACCESS_MASK AccessMask
,
3689 IN PGENERIC_MAPPING Mapping
3695 SeCreateClientSecurity (
3697 IN PSECURITY_QUALITY_OF_SERVICE QualityOfService
,
3698 IN BOOLEAN RemoteClient
,
3699 OUT PSECURITY_CLIENT_CONTEXT ClientContext
3702 #if (VER_PRODUCTBUILD >= 2195)
3707 SeCreateClientSecurityFromSubjectContext (
3708 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
,
3709 IN PSECURITY_QUALITY_OF_SERVICE QualityOfService
,
3710 IN BOOLEAN ServerIsRemote
,
3711 OUT PSECURITY_CLIENT_CONTEXT ClientContext
3714 #endif /* (VER_PRODUCTBUILD >= 2195) */
3716 #define SeDeleteClientSecurity(C) { \
3717 if (SeTokenType((C)->ClientToken) == TokenPrimary) { \
3718 PsDereferencePrimaryToken( (C)->ClientToken ); \
3720 PsDereferenceImpersonationToken( (C)->ClientToken ); \
3727 SeDeleteObjectAuditAlarm (
3732 #define SeEnableAccessToExports() SeExports = *(PSE_EXPORTS *)SeExports;
3738 IN PPRIVILEGE_SET Privileges
3744 SeImpersonateClient (
3745 IN PSECURITY_CLIENT_CONTEXT ClientContext
,
3746 IN PETHREAD ServerThread OPTIONAL
3749 #if (VER_PRODUCTBUILD >= 2195)
3754 SeImpersonateClientEx (
3755 IN PSECURITY_CLIENT_CONTEXT ClientContext
,
3756 IN PETHREAD ServerThread OPTIONAL
3759 #endif /* (VER_PRODUCTBUILD >= 2195) */
3764 SeLockSubjectContext (
3765 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
3771 SeMarkLogonSessionForTerminationNotification (
3778 SeOpenObjectAuditAlarm (
3779 IN PUNICODE_STRING ObjectTypeName
,
3780 IN PVOID Object OPTIONAL
,
3781 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL
,
3782 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
3783 IN PACCESS_STATE AccessState
,
3784 IN BOOLEAN ObjectCreated
,
3785 IN BOOLEAN AccessGranted
,
3786 IN KPROCESSOR_MODE AccessMode
,
3787 OUT PBOOLEAN GenerateOnClose
3793 SeOpenObjectForDeleteAuditAlarm (
3794 IN PUNICODE_STRING ObjectTypeName
,
3795 IN PVOID Object OPTIONAL
,
3796 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL
,
3797 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
3798 IN PACCESS_STATE AccessState
,
3799 IN BOOLEAN ObjectCreated
,
3800 IN BOOLEAN AccessGranted
,
3801 IN KPROCESSOR_MODE AccessMode
,
3802 OUT PBOOLEAN GenerateOnClose
3809 IN OUT PPRIVILEGE_SET RequiredPrivileges
,
3810 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
,
3811 IN KPROCESSOR_MODE AccessMode
3817 SeQueryAuthenticationIdToken (
3818 IN PACCESS_TOKEN Token
,
3822 #if (VER_PRODUCTBUILD >= 2195)
3827 SeQueryInformationToken (
3828 IN PACCESS_TOKEN Token
,
3829 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
3830 OUT PVOID
*TokenInformation
3833 #endif /* (VER_PRODUCTBUILD >= 2195) */
3838 SeQuerySecurityDescriptorInfo (
3839 IN PSECURITY_INFORMATION SecurityInformation
,
3840 OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
3841 IN OUT PULONG Length
,
3842 IN PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
3845 #if (VER_PRODUCTBUILD >= 2195)
3850 SeQuerySessionIdToken (
3851 IN PACCESS_TOKEN Token
,
3855 #endif /* (VER_PRODUCTBUILD >= 2195) */
3857 #define SeQuerySubjectContextToken( SubjectContext ) \
3858 ( ARGUMENT_PRESENT( \
3859 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken \
3861 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken : \
3862 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->PrimaryToken )
3864 typedef NTSTATUS (*PSE_LOGON_SESSION_TERMINATED_ROUTINE
) (
3871 SeRegisterLogonSessionTerminatedRoutine (
3872 IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
3878 SeReleaseSubjectContext (
3879 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
3885 SeSetAccessStateGenericMapping (
3886 PACCESS_STATE AccessState
,
3887 PGENERIC_MAPPING GenericMapping
3893 SeSetSecurityDescriptorInfo (
3894 IN PVOID Object OPTIONAL
,
3895 IN PSECURITY_INFORMATION SecurityInformation
,
3896 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
3897 IN OUT PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
,
3898 IN POOL_TYPE PoolType
,
3899 IN PGENERIC_MAPPING GenericMapping
3902 #if (VER_PRODUCTBUILD >= 2195)
3907 SeSetSecurityDescriptorInfoEx (
3908 IN PVOID Object OPTIONAL
,
3909 IN PSECURITY_INFORMATION SecurityInformation
,
3910 IN PSECURITY_DESCRIPTOR ModificationDescriptor
,
3911 IN OUT PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
,
3912 IN ULONG AutoInheritFlags
,
3913 IN POOL_TYPE PoolType
,
3914 IN PGENERIC_MAPPING GenericMapping
3921 IN PACCESS_TOKEN Token
3927 SeTokenIsRestricted (
3928 IN PACCESS_TOKEN Token
3931 #endif /* (VER_PRODUCTBUILD >= 2195) */
3937 IN PACCESS_TOKEN Token
3943 SeUnlockSubjectContext (
3944 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
3949 SeUnregisterLogonSessionTerminatedRoutine (
3950 IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
3953 #if (VER_PRODUCTBUILD >= 2195)
3958 ZwAdjustPrivilegesToken (
3959 IN HANDLE TokenHandle
,
3960 IN BOOLEAN DisableAllPrivileges
,
3961 IN PTOKEN_PRIVILEGES NewState
,
3962 IN ULONG BufferLength
,
3963 OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL
,
3964 OUT PULONG ReturnLength
3967 #endif /* (VER_PRODUCTBUILD >= 2195) */
3973 IN HANDLE ThreadHandle
3979 ZwAllocateVirtualMemory (
3980 IN HANDLE ProcessHandle
,
3981 IN OUT PVOID
*BaseAddress
,
3983 IN OUT PULONG RegionSize
,
3984 IN ULONG AllocationType
,
3991 ZwAccessCheckAndAuditAlarm (
3992 IN PUNICODE_STRING SubsystemName
,
3994 IN PUNICODE_STRING ObjectTypeName
,
3995 IN PUNICODE_STRING ObjectName
,
3996 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
3997 IN ACCESS_MASK DesiredAccess
,
3998 IN PGENERIC_MAPPING GenericMapping
,
3999 IN BOOLEAN ObjectCreation
,
4000 OUT PACCESS_MASK GrantedAccess
,
4001 OUT PBOOLEAN AccessStatus
,
4002 OUT PBOOLEAN GenerateOnClose
4005 #if (VER_PRODUCTBUILD >= 2195)
4011 IN HANDLE FileHandle
,
4012 OUT PIO_STATUS_BLOCK IoStatusBlock
4015 #endif /* (VER_PRODUCTBUILD >= 2195) */
4021 IN HANDLE EventHandle
4027 ZwCloseObjectAuditAlarm (
4028 IN PUNICODE_STRING SubsystemName
,
4030 IN BOOLEAN GenerateOnClose
4037 OUT PHANDLE SectionHandle
,
4038 IN ACCESS_MASK DesiredAccess
,
4039 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
4040 IN PLARGE_INTEGER MaximumSize OPTIONAL
,
4041 IN ULONG SectionPageProtection
,
4042 IN ULONG AllocationAttributes
,
4043 IN HANDLE FileHandle OPTIONAL
4049 ZwCreateSymbolicLinkObject (
4050 OUT PHANDLE SymbolicLinkHandle
,
4051 IN ACCESS_MASK DesiredAccess
,
4052 IN POBJECT_ATTRIBUTES ObjectAttributes
,
4053 IN PUNICODE_STRING TargetName
4060 IN POBJECT_ATTRIBUTES ObjectAttributes
4068 IN PUNICODE_STRING Name
4074 ZwDeviceIoControlFile (
4075 IN HANDLE FileHandle
,
4076 IN HANDLE Event OPTIONAL
,
4077 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
4078 IN PVOID ApcContext OPTIONAL
,
4079 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4080 IN ULONG IoControlCode
,
4081 IN PVOID InputBuffer OPTIONAL
,
4082 IN ULONG InputBufferLength
,
4083 OUT PVOID OutputBuffer OPTIONAL
,
4084 IN ULONG OutputBufferLength
4091 IN PUNICODE_STRING String
4098 IN HANDLE SourceProcessHandle
,
4099 IN HANDLE SourceHandle
,
4100 IN HANDLE TargetProcessHandle OPTIONAL
,
4101 OUT PHANDLE TargetHandle OPTIONAL
,
4102 IN ACCESS_MASK DesiredAccess
,
4103 IN ULONG HandleAttributes
,
4111 IN HANDLE ExistingTokenHandle
,
4112 IN ACCESS_MASK DesiredAccess
,
4113 IN POBJECT_ATTRIBUTES ObjectAttributes
,
4114 IN BOOLEAN EffectiveOnly
,
4115 IN TOKEN_TYPE TokenType
,
4116 OUT PHANDLE NewTokenHandle
4122 ZwFlushInstructionCache (
4123 IN HANDLE ProcessHandle
,
4124 IN PVOID BaseAddress OPTIONAL
,
4128 #if (VER_PRODUCTBUILD >= 2195)
4133 ZwFlushVirtualMemory (
4134 IN HANDLE ProcessHandle
,
4135 IN OUT PVOID
*BaseAddress
,
4136 IN OUT PULONG FlushSize
,
4137 OUT PIO_STATUS_BLOCK IoStatusBlock
4140 #endif /* (VER_PRODUCTBUILD >= 2195) */
4145 ZwFreeVirtualMemory (
4146 IN HANDLE ProcessHandle
,
4147 IN OUT PVOID
*BaseAddress
,
4148 IN OUT PULONG RegionSize
,
4156 IN HANDLE FileHandle
,
4157 IN HANDLE Event OPTIONAL
,
4158 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
4159 IN PVOID ApcContext OPTIONAL
,
4160 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4161 IN ULONG FsControlCode
,
4162 IN PVOID InputBuffer OPTIONAL
,
4163 IN ULONG InputBufferLength
,
4164 OUT PVOID OutputBuffer OPTIONAL
,
4165 IN ULONG OutputBufferLength
4168 #if (VER_PRODUCTBUILD >= 2195)
4173 ZwInitiatePowerAction (
4174 IN POWER_ACTION SystemAction
,
4175 IN SYSTEM_POWER_STATE MinSystemState
,
4177 IN BOOLEAN Asynchronous
4180 #endif /* (VER_PRODUCTBUILD >= 2195) */
4186 /* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" */
4187 IN PUNICODE_STRING RegistryPath
4194 IN POBJECT_ATTRIBUTES KeyObjectAttributes
,
4195 IN POBJECT_ATTRIBUTES FileObjectAttributes
4202 IN HANDLE KeyHandle
,
4203 IN HANDLE EventHandle OPTIONAL
,
4204 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
4205 IN PVOID ApcContext OPTIONAL
,
4206 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4207 IN ULONG NotifyFilter
,
4208 IN BOOLEAN WatchSubtree
,
4210 IN ULONG BufferLength
,
4211 IN BOOLEAN Asynchronous
4217 ZwOpenDirectoryObject (
4218 OUT PHANDLE DirectoryHandle
,
4219 IN ACCESS_MASK DesiredAccess
,
4220 IN POBJECT_ATTRIBUTES ObjectAttributes
4227 OUT PHANDLE EventHandle
,
4228 IN ACCESS_MASK DesiredAccess
,
4229 IN POBJECT_ATTRIBUTES ObjectAttributes
4236 OUT PHANDLE ProcessHandle
,
4237 IN ACCESS_MASK DesiredAccess
,
4238 IN POBJECT_ATTRIBUTES ObjectAttributes
,
4239 IN PCLIENT_ID ClientId OPTIONAL
4245 ZwOpenProcessToken (
4246 IN HANDLE ProcessHandle
,
4247 IN ACCESS_MASK DesiredAccess
,
4248 OUT PHANDLE TokenHandle
4255 OUT PHANDLE ThreadHandle
,
4256 IN ACCESS_MASK DesiredAccess
,
4257 IN POBJECT_ATTRIBUTES ObjectAttributes
,
4258 IN PCLIENT_ID ClientId
4265 IN HANDLE ThreadHandle
,
4266 IN ACCESS_MASK DesiredAccess
,
4267 IN BOOLEAN OpenAsSelf
,
4268 OUT PHANDLE TokenHandle
4271 #if (VER_PRODUCTBUILD >= 2195)
4276 ZwPowerInformation (
4277 IN POWER_INFORMATION_LEVEL PowerInformationLevel
,
4278 IN PVOID InputBuffer OPTIONAL
,
4279 IN ULONG InputBufferLength
,
4280 OUT PVOID OutputBuffer OPTIONAL
,
4281 IN ULONG OutputBufferLength
4284 #endif /* (VER_PRODUCTBUILD >= 2195) */
4290 IN HANDLE EventHandle
,
4291 OUT PLONG PreviousState OPTIONAL
4297 ZwQueryDefaultLocale (
4298 IN BOOLEAN ThreadOrSystem
,
4305 ZwQueryDirectoryFile (
4306 IN HANDLE FileHandle
,
4307 IN HANDLE Event OPTIONAL
,
4308 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
4309 IN PVOID ApcContext OPTIONAL
,
4310 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4311 OUT PVOID FileInformation
,
4313 IN FILE_INFORMATION_CLASS FileInformationClass
,
4314 IN BOOLEAN ReturnSingleEntry
,
4315 IN PUNICODE_STRING FileName OPTIONAL
,
4316 IN BOOLEAN RestartScan
4319 #if (VER_PRODUCTBUILD >= 2195)
4324 ZwQueryDirectoryObject (
4325 IN HANDLE DirectoryHandle
,
4328 IN BOOLEAN ReturnSingleEntry
,
4329 IN BOOLEAN RestartScan
,
4330 IN OUT PULONG Context
,
4331 OUT PULONG ReturnLength OPTIONAL
4338 IN HANDLE FileHandle
,
4339 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4342 IN BOOLEAN ReturnSingleEntry
,
4343 IN PVOID EaList OPTIONAL
,
4344 IN ULONG EaListLength
,
4345 IN PULONG EaIndex OPTIONAL
,
4346 IN BOOLEAN RestartScan
4349 #endif /* (VER_PRODUCTBUILD >= 2195) */
4354 ZwQueryInformationProcess (
4355 IN HANDLE ProcessHandle
,
4356 IN PROCESSINFOCLASS ProcessInformationClass
,
4357 OUT PVOID ProcessInformation
,
4358 IN ULONG ProcessInformationLength
,
4359 OUT PULONG ReturnLength OPTIONAL
4365 ZwQueryInformationToken (
4366 IN HANDLE TokenHandle
,
4367 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
4368 OUT PVOID TokenInformation
,
4370 OUT PULONG ResultLength
4377 IN HANDLE ObjectHandle
,
4378 IN OBJECT_INFORMATION_CLASS ObjectInformationClass
,
4379 OUT PVOID ObjectInformation
,
4381 OUT PULONG ResultLength
4388 IN HANDLE SectionHandle
,
4389 IN SECTION_INFORMATION_CLASS SectionInformationClass
,
4390 OUT PVOID SectionInformation
,
4391 IN ULONG SectionInformationLength
,
4392 OUT PULONG ResultLength OPTIONAL
4398 ZwQuerySecurityObject (
4399 IN HANDLE FileHandle
,
4400 IN SECURITY_INFORMATION SecurityInformation
,
4401 OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
4403 OUT PULONG ResultLength
4409 ZwQuerySystemInformation (
4410 IN SYSTEM_INFORMATION_CLASS SystemInformationClass
,
4411 OUT PVOID SystemInformation
,
4413 OUT PULONG ReturnLength
4419 ZwQueryVolumeInformationFile (
4420 IN HANDLE FileHandle
,
4421 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4422 OUT PVOID FsInformation
,
4424 IN FS_INFORMATION_CLASS FsInformationClass
4431 IN POBJECT_ATTRIBUTES NewFileObjectAttributes
,
4432 IN HANDLE KeyHandle
,
4433 IN POBJECT_ATTRIBUTES OldFileObjectAttributes
4440 IN HANDLE EventHandle
,
4441 OUT PLONG PreviousState OPTIONAL
4444 #if (VER_PRODUCTBUILD >= 2195)
4450 IN HANDLE KeyHandle
,
4451 IN HANDLE FileHandle
,
4455 #endif /* (VER_PRODUCTBUILD >= 2195) */
4461 IN HANDLE KeyHandle
,
4462 IN HANDLE FileHandle
4468 ZwSetDefaultLocale (
4469 IN BOOLEAN ThreadOrSystem
,
4473 #if (VER_PRODUCTBUILD >= 2195)
4478 ZwSetDefaultUILanguage (
4479 IN LANGID LanguageId
4486 IN HANDLE FileHandle
,
4487 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4492 #endif /* (VER_PRODUCTBUILD >= 2195) */
4498 IN HANDLE EventHandle
,
4499 OUT PLONG PreviousState OPTIONAL
4505 ZwSetInformationObject (
4506 IN HANDLE ObjectHandle
,
4507 IN OBJECT_INFORMATION_CLASS ObjectInformationClass
,
4508 IN PVOID ObjectInformation
,
4509 IN ULONG ObjectInformationLength
4515 ZwSetInformationProcess (
4516 IN HANDLE ProcessHandle
,
4517 IN PROCESSINFOCLASS ProcessInformationClass
,
4518 IN PVOID ProcessInformation
,
4519 IN ULONG ProcessInformationLength
4522 #if (VER_PRODUCTBUILD >= 2195)
4527 ZwSetSecurityObject (
4529 IN SECURITY_INFORMATION SecurityInformation
,
4530 IN PSECURITY_DESCRIPTOR SecurityDescriptor
4533 #endif /* (VER_PRODUCTBUILD >= 2195) */
4538 ZwSetSystemInformation (
4539 IN SYSTEM_INFORMATION_CLASS SystemInformationClass
,
4540 IN PVOID SystemInformation
,
4548 IN PLARGE_INTEGER NewTime
,
4549 OUT PLARGE_INTEGER OldTime OPTIONAL
4552 #if (VER_PRODUCTBUILD >= 2195)
4557 ZwSetVolumeInformationFile (
4558 IN HANDLE FileHandle
,
4559 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4560 IN PVOID FsInformation
,
4562 IN FS_INFORMATION_CLASS FsInformationClass
4565 #endif /* (VER_PRODUCTBUILD >= 2195) */
4570 ZwTerminateProcess (
4571 IN HANDLE ProcessHandle OPTIONAL
,
4572 IN NTSTATUS ExitStatus
4579 /* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" */
4580 IN PUNICODE_STRING RegistryPath
4587 IN POBJECT_ATTRIBUTES KeyObjectAttributes
4593 ZwWaitForSingleObject (
4595 IN BOOLEAN Alertable
,
4596 IN PLARGE_INTEGER Timeout OPTIONAL
4602 ZwWaitForMultipleObjects (
4603 IN ULONG HandleCount
,
4605 IN WAIT_TYPE WaitType
,
4606 IN BOOLEAN Alertable
,
4607 IN PLARGE_INTEGER Timeout OPTIONAL
4623 #endif /* _NTIFS_ */
projects / reactos.git / blob