4 * Windows NT Filesystem Driver Developer Kit
6 * This file is part of the w32api package.
9 * Created by Bo Brantén <bosse@acc.umu.se>
11 * THIS SOFTWARE IS NOT COPYRIGHTED
13 * This source code is offered for use in the public domain. You may
14 * use, modify or distribute it freely.
16 * This code is distributed in the hope that it will be useful but
17 * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
18 * DISCLAIMED. This includes but is not limited to warranties of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
28 #pragma GCC system_header
40 #define VER_PRODUCTBUILD 10000
47 #define NTKERNELAPI STDCALL
50 typedef struct _SE_EXPORTS
*PSE_EXPORTS
;
52 extern PUCHAR
*FsRtlLegalAnsiCharacterArray
;
53 extern PSE_EXPORTS SeExports
;
54 extern PACL SePublicDefaultDacl
;
55 extern PACL SeSystemDefaultDacl
;
57 #define ANSI_DOS_STAR ('<')
58 #define ANSI_DOS_QM ('>')
59 #define ANSI_DOS_DOT ('"')
61 #define DOS_STAR (L'<')
63 #define DOS_DOT (L'"')
66 #define ACCESS_ALLOWED_ACE_TYPE (0x0)
67 #define ACCESS_DENIED_ACE_TYPE (0x1)
68 #define SYSTEM_AUDIT_ACE_TYPE (0x2)
69 #define SYSTEM_ALARM_ACE_TYPE (0x3)
71 #define COMPRESSION_FORMAT_NONE (0x0000)
72 #define COMPRESSION_FORMAT_DEFAULT (0x0001)
73 #define COMPRESSION_FORMAT_LZNT1 (0x0002)
74 #define COMPRESSION_ENGINE_STANDARD (0x0000)
75 #define COMPRESSION_ENGINE_MAXIMUM (0x0100)
76 #define COMPRESSION_ENGINE_HIBER (0x0200)
78 #define FILE_ACTION_ADDED 0x00000001
79 #define FILE_ACTION_REMOVED 0x00000002
80 #define FILE_ACTION_MODIFIED 0x00000003
81 #define FILE_ACTION_RENAMED_OLD_NAME 0x00000004
82 #define FILE_ACTION_RENAMED_NEW_NAME 0x00000005
83 #define FILE_ACTION_ADDED_STREAM 0x00000006
84 #define FILE_ACTION_REMOVED_STREAM 0x00000007
85 #define FILE_ACTION_MODIFIED_STREAM 0x00000008
86 #define FILE_ACTION_REMOVED_BY_DELETE 0x00000009
87 #define FILE_ACTION_ID_NOT_TUNNELLED 0x0000000A
88 #define FILE_ACTION_TUNNELLED_ID_COLLISION 0x0000000B
91 #define FILE_EA_TYPE_BINARY 0xfffe
92 #define FILE_EA_TYPE_ASCII 0xfffd
93 #define FILE_EA_TYPE_BITMAP 0xfffb
94 #define FILE_EA_TYPE_METAFILE 0xfffa
95 #define FILE_EA_TYPE_ICON 0xfff9
96 #define FILE_EA_TYPE_EA 0xffee
97 #define FILE_EA_TYPE_MVMT 0xffdf
98 #define FILE_EA_TYPE_MVST 0xffde
99 #define FILE_EA_TYPE_ASN1 0xffdd
100 #define FILE_EA_TYPE_FAMILY_IDS 0xff01
102 #define FILE_NEED_EA 0x00000080
104 /* also in winnt.h */
105 #define FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001
106 #define FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002
107 #define FILE_NOTIFY_CHANGE_NAME 0x00000003
108 #define FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004
109 #define FILE_NOTIFY_CHANGE_SIZE 0x00000008
110 #define FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010
111 #define FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020
112 #define FILE_NOTIFY_CHANGE_CREATION 0x00000040
113 #define FILE_NOTIFY_CHANGE_EA 0x00000080
114 #define FILE_NOTIFY_CHANGE_SECURITY 0x00000100
115 #define FILE_NOTIFY_CHANGE_STREAM_NAME 0x00000200
116 #define FILE_NOTIFY_CHANGE_STREAM_SIZE 0x00000400
117 #define FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800
118 #define FILE_NOTIFY_VALID_MASK 0x00000fff
121 #define FILE_OPLOCK_BROKEN_TO_LEVEL_2 0x00000007
122 #define FILE_OPLOCK_BROKEN_TO_NONE 0x00000008
124 #define FILE_OPBATCH_BREAK_UNDERWAY 0x00000009
126 #define FILE_CASE_SENSITIVE_SEARCH 0x00000001
127 #define FILE_CASE_PRESERVED_NAMES 0x00000002
128 #define FILE_UNICODE_ON_DISK 0x00000004
129 #define FILE_PERSISTENT_ACLS 0x00000008
130 #define FILE_FILE_COMPRESSION 0x00000010
131 #define FILE_VOLUME_QUOTAS 0x00000020
132 #define FILE_SUPPORTS_SPARSE_FILES 0x00000040
133 #define FILE_SUPPORTS_REPARSE_POINTS 0x00000080
134 #define FILE_SUPPORTS_REMOTE_STORAGE 0x00000100
135 #define FS_LFN_APIS 0x00004000
136 #define FILE_VOLUME_IS_COMPRESSED 0x00008000
137 #define FILE_SUPPORTS_OBJECT_IDS 0x00010000
138 #define FILE_SUPPORTS_ENCRYPTION 0x00020000
139 #define FILE_NAMED_STREAMS 0x00040000
141 #define FILE_PIPE_BYTE_STREAM_TYPE 0x00000000
142 #define FILE_PIPE_MESSAGE_TYPE 0x00000001
144 #define FILE_PIPE_BYTE_STREAM_MODE 0x00000000
145 #define FILE_PIPE_MESSAGE_MODE 0x00000001
147 #define FILE_PIPE_QUEUE_OPERATION 0x00000000
148 #define FILE_PIPE_COMPLETE_OPERATION 0x00000001
150 #define FILE_PIPE_INBOUND 0x00000000
151 #define FILE_PIPE_OUTBOUND 0x00000001
152 #define FILE_PIPE_FULL_DUPLEX 0x00000002
154 #define FILE_PIPE_DISCONNECTED_STATE 0x00000001
155 #define FILE_PIPE_LISTENING_STATE 0x00000002
156 #define FILE_PIPE_CONNECTED_STATE 0x00000003
157 #define FILE_PIPE_CLOSING_STATE 0x00000004
159 #define FILE_PIPE_CLIENT_END 0x00000000
160 #define FILE_PIPE_SERVER_END 0x00000001
162 #define FILE_PIPE_READ_DATA 0x00000000
163 #define FILE_PIPE_WRITE_SPACE 0x00000001
165 #define FILE_STORAGE_TYPE_SPECIFIED 0x00000041 /* FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE */
166 #define FILE_STORAGE_TYPE_DEFAULT (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT)
167 #define FILE_STORAGE_TYPE_DIRECTORY (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT)
168 #define FILE_STORAGE_TYPE_FILE (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT)
169 #define FILE_STORAGE_TYPE_DOCFILE (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT)
170 #define FILE_STORAGE_TYPE_JUNCTION_POINT (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT)
171 #define FILE_STORAGE_TYPE_CATALOG (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT)
172 #define FILE_STORAGE_TYPE_STRUCTURED_STORAGE (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT)
173 #define FILE_STORAGE_TYPE_EMBEDDING (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT)
174 #define FILE_STORAGE_TYPE_STREAM (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT)
175 #define FILE_MINIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_DEFAULT
176 #define FILE_MAXIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_STREAM
177 #define FILE_STORAGE_TYPE_MASK 0x000f0000
178 #define FILE_STORAGE_TYPE_SHIFT 16
180 #define FILE_VC_QUOTA_NONE 0x00000000
181 #define FILE_VC_QUOTA_TRACK 0x00000001
182 #define FILE_VC_QUOTA_ENFORCE 0x00000002
183 #define FILE_VC_QUOTA_MASK 0x00000003
185 #define FILE_VC_QUOTAS_LOG_VIOLATIONS 0x00000004
186 #define FILE_VC_CONTENT_INDEX_DISABLED 0x00000008
188 #define FILE_VC_LOG_QUOTA_THRESHOLD 0x00000010
189 #define FILE_VC_LOG_QUOTA_LIMIT 0x00000020
190 #define FILE_VC_LOG_VOLUME_THRESHOLD 0x00000040
191 #define FILE_VC_LOG_VOLUME_LIMIT 0x00000080
193 #define FILE_VC_QUOTAS_INCOMPLETE 0x00000100
194 #define FILE_VC_QUOTAS_REBUILDING 0x00000200
196 #define FILE_VC_VALID_MASK 0x000003ff
198 #define FSRTL_FLAG_FILE_MODIFIED (0x01)
199 #define FSRTL_FLAG_FILE_LENGTH_CHANGED (0x02)
200 #define FSRTL_FLAG_LIMIT_MODIFIED_PAGES (0x04)
201 #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_EX (0x08)
202 #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_SH (0x10)
203 #define FSRTL_FLAG_USER_MAPPED_FILE (0x20)
204 #define FSRTL_FLAG_EOF_ADVANCE_ACTIVE (0x80)
206 #define FSRTL_FLAG2_DO_MODIFIED_WRITE (0x01)
208 #define FSRTL_FSP_TOP_LEVEL_IRP (0x01)
209 #define FSRTL_CACHE_TOP_LEVEL_IRP (0x02)
210 #define FSRTL_MOD_WRITE_TOP_LEVEL_IRP (0x03)
211 #define FSRTL_FAST_IO_TOP_LEVEL_IRP (0x04)
212 #define FSRTL_MAX_TOP_LEVEL_IRP_FLAG (0x04)
214 #define FSRTL_VOLUME_DISMOUNT 1
215 #define FSRTL_VOLUME_DISMOUNT_FAILED 2
216 #define FSRTL_VOLUME_LOCK 3
217 #define FSRTL_VOLUME_LOCK_FAILED 4
218 #define FSRTL_VOLUME_UNLOCK 5
219 #define FSRTL_VOLUME_MOUNT 6
221 #define FSRTL_WILD_CHARACTER 0x08
224 #define HARDWARE_PTE HARDWARE_PTE_X86
225 #define PHARDWARE_PTE PHARDWARE_PTE_X86
227 #define HARDWARE_PTE ULONG
228 #define PHARDWARE_PTE PULONG
231 #define IO_CHECK_CREATE_PARAMETERS 0x0200
232 #define IO_ATTACH_DEVICE 0x0400
234 #define IO_ATTACH_DEVICE_API 0x80000000
235 /* also in winnt.h */
236 #define IO_COMPLETION_QUERY_STATE 0x0001
237 #define IO_COMPLETION_MODIFY_STATE 0x0002
238 #define IO_COMPLETION_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|0x3)
240 #define IO_FILE_OBJECT_NON_PAGED_POOL_CHARGE 64
241 #define IO_FILE_OBJECT_PAGED_POOL_CHARGE 1024
243 #define IO_TYPE_APC 18
244 #define IO_TYPE_DPC 19
245 #define IO_TYPE_DEVICE_QUEUE 20
246 #define IO_TYPE_EVENT_PAIR 21
247 #define IO_TYPE_INTERRUPT 22
248 #define IO_TYPE_PROFILE 23
250 #define IRP_BEING_VERIFIED 0x10
252 #define MAILSLOT_CLASS_FIRSTCLASS 1
253 #define MAILSLOT_CLASS_SECONDCLASS 2
255 #define MAILSLOT_SIZE_AUTO 0
257 #define MAP_PROCESS 1L
258 #define MAP_SYSTEM 2L
259 #define MEM_DOS_LIM 0x40000000
260 /* also in winnt.h */
261 #define MEM_IMAGE SEC_IMAGE
263 #define OB_TYPE_TYPE 1
264 #define OB_TYPE_DIRECTORY 2
265 #define OB_TYPE_SYMBOLIC_LINK 3
266 #define OB_TYPE_TOKEN 4
267 #define OB_TYPE_PROCESS 5
268 #define OB_TYPE_THREAD 6
269 #define OB_TYPE_EVENT 7
270 #define OB_TYPE_EVENT_PAIR 8
271 #define OB_TYPE_MUTANT 9
272 #define OB_TYPE_SEMAPHORE 10
273 #define OB_TYPE_TIMER 11
274 #define OB_TYPE_PROFILE 12
275 #define OB_TYPE_WINDOW_STATION 13
276 #define OB_TYPE_DESKTOP 14
277 #define OB_TYPE_SECTION 15
278 #define OB_TYPE_KEY 16
279 #define OB_TYPE_PORT 17
280 #define OB_TYPE_ADAPTER 18
281 #define OB_TYPE_CONTROLLER 19
282 #define OB_TYPE_DEVICE 20
283 #define OB_TYPE_DRIVER 21
284 #define OB_TYPE_IO_COMPLETION 22
285 #define OB_TYPE_FILE 23
288 #define PIN_EXCLUSIVE (2)
289 #define PIN_NO_READ (4)
290 #define PIN_IF_BCB (8)
292 #define PORT_CONNECT 0x0001
293 #define PORT_ALL_ACCESS (STANDARD_RIGHTS_ALL |\
295 /* also in winnt.h */
296 #define SEC_BASED 0x00200000
297 #define SEC_NO_CHANGE 0x00400000
298 #define SEC_FILE 0x00800000
299 #define SEC_IMAGE 0x01000000
300 #define SEC_VLM 0x02000000
301 #define SEC_RESERVE 0x04000000
302 #define SEC_COMMIT 0x08000000
303 #define SEC_NOCACHE 0x10000000
305 #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
306 #define SECURITY_WORLD_RID (0x00000000L)
308 #define SID_REVISION 1
310 #define TOKEN_ASSIGN_PRIMARY (0x0001)
311 #define TOKEN_DUPLICATE (0x0002)
312 #define TOKEN_IMPERSONATE (0x0004)
313 #define TOKEN_QUERY (0x0008)
314 #define TOKEN_QUERY_SOURCE (0x0010)
315 #define TOKEN_ADJUST_PRIVILEGES (0x0020)
316 #define TOKEN_ADJUST_GROUPS (0x0040)
317 #define TOKEN_ADJUST_DEFAULT (0x0080)
319 #define TOKEN_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED |\
320 TOKEN_ASSIGN_PRIMARY |\
324 TOKEN_QUERY_SOURCE |\
325 TOKEN_ADJUST_PRIVILEGES |\
326 TOKEN_ADJUST_GROUPS |\
327 TOKEN_ADJUST_DEFAULT)
329 #define TOKEN_READ (STANDARD_RIGHTS_READ |\
332 #define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\
333 TOKEN_ADJUST_PRIVILEGES |\
334 TOKEN_ADJUST_GROUPS |\
335 TOKEN_ADJUST_DEFAULT)
337 #define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE)
339 #define TOKEN_SOURCE_LENGTH 8
342 #define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x01
343 #define TOKEN_HAS_BACKUP_PRIVILEGE 0x02
344 #define TOKEN_HAS_RESTORE_PRIVILEGE 0x04
345 #define TOKEN_HAS_ADMIN_GROUP 0x08
346 #define TOKEN_IS_RESTRICTED 0x10
348 #define VACB_MAPPING_GRANULARITY (0x40000)
349 #define VACB_OFFSET_SHIFT (18)
351 #define FSCTL_REQUEST_OPLOCK_LEVEL_1 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
352 #define FSCTL_REQUEST_OPLOCK_LEVEL_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
353 #define FSCTL_REQUEST_BATCH_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
354 #define FSCTL_OPLOCK_BREAK_ACKNOWLEDGE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 3, METHOD_BUFFERED, FILE_ANY_ACCESS)
355 #define FSCTL_OPBATCH_ACK_CLOSE_PENDING CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
356 #define FSCTL_OPLOCK_BREAK_NOTIFY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 5, METHOD_BUFFERED, FILE_ANY_ACCESS)
357 #define FSCTL_LOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
358 #define FSCTL_UNLOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
359 #define FSCTL_DISMOUNT_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
361 #define FSCTL_IS_VOLUME_MOUNTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 10, METHOD_BUFFERED, FILE_ANY_ACCESS)
362 #define FSCTL_IS_PATHNAME_VALID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 11, METHOD_BUFFERED, FILE_ANY_ACCESS)
363 #define FSCTL_MARK_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 12, METHOD_BUFFERED, FILE_ANY_ACCESS)
365 #define FSCTL_QUERY_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 14, METHOD_NEITHER, FILE_ANY_ACCESS)
366 #define FSCTL_GET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 15, METHOD_BUFFERED, FILE_ANY_ACCESS)
367 #define FSCTL_SET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 16, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
370 #define FSCTL_MARK_AS_SYSTEM_HIVE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 19, METHOD_NEITHER, FILE_ANY_ACCESS)
371 #define FSCTL_OPLOCK_BREAK_ACK_NO_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 20, METHOD_BUFFERED, FILE_ANY_ACCESS)
372 #define FSCTL_INVALIDATE_VOLUMES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 21, METHOD_BUFFERED, FILE_ANY_ACCESS)
373 #define FSCTL_QUERY_FAT_BPB CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 22, METHOD_BUFFERED, FILE_ANY_ACCESS)
374 #define FSCTL_REQUEST_FILTER_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 23, METHOD_BUFFERED, FILE_ANY_ACCESS)
375 #define FSCTL_FILESYSTEM_GET_STATISTICS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 24, METHOD_BUFFERED, FILE_ANY_ACCESS)
377 #if (VER_PRODUCTBUILD >= 1381)
379 #define FSCTL_GET_NTFS_VOLUME_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 25, METHOD_BUFFERED, FILE_ANY_ACCESS)
380 #define FSCTL_GET_NTFS_FILE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 26, METHOD_BUFFERED, FILE_ANY_ACCESS)
381 #define FSCTL_GET_VOLUME_BITMAP CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 27, METHOD_NEITHER, FILE_ANY_ACCESS)
382 #define FSCTL_GET_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 28, METHOD_NEITHER, FILE_ANY_ACCESS)
383 #define FSCTL_MOVE_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 29, METHOD_BUFFERED, FILE_ANY_ACCESS)
384 #define FSCTL_IS_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 30, METHOD_BUFFERED, FILE_ANY_ACCESS)
385 #define FSCTL_GET_HFS_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS)
386 #define FSCTL_ALLOW_EXTENDED_DASD_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 32, METHOD_NEITHER, FILE_ANY_ACCESS)
388 #endif /* (VER_PRODUCTBUILD >= 1381) */
390 #if (VER_PRODUCTBUILD >= 2195)
392 #define FSCTL_READ_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS)
393 #define FSCTL_WRITE_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS)
394 #define FSCTL_FIND_FILES_BY_SID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 35, METHOD_NEITHER, FILE_ANY_ACCESS)
396 #define FSCTL_DUMP_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS)
397 #define FSCTL_SET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 38, METHOD_BUFFERED, FILE_WRITE_DATA)
398 #define FSCTL_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 39, METHOD_BUFFERED, FILE_ANY_ACCESS)
399 #define FSCTL_DELETE_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 40, METHOD_BUFFERED, FILE_WRITE_DATA)
400 #define FSCTL_SET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 41, METHOD_BUFFERED, FILE_WRITE_DATA)
401 #define FSCTL_GET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 42, METHOD_BUFFERED, FILE_ANY_ACCESS)
402 #define FSCTL_DELETE_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 43, METHOD_BUFFERED, FILE_WRITE_DATA)
403 #define FSCTL_ENUM_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 44, METHOD_NEITHER, FILE_READ_DATA)
404 #define FSCTL_SECURITY_ID_CHECK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 45, METHOD_NEITHER, FILE_READ_DATA)
405 #define FSCTL_READ_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 46, METHOD_NEITHER, FILE_READ_DATA)
406 #define FSCTL_SET_OBJECT_ID_EXTENDED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 47, METHOD_BUFFERED, FILE_WRITE_DATA)
407 #define FSCTL_CREATE_OR_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 48, METHOD_BUFFERED, FILE_ANY_ACCESS)
408 #define FSCTL_SET_SPARSE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 49, METHOD_BUFFERED, FILE_WRITE_DATA)
409 #define FSCTL_SET_ZERO_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 50, METHOD_BUFFERED, FILE_WRITE_DATA)
410 #define FSCTL_QUERY_ALLOCATED_RANGES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 51, METHOD_NEITHER, FILE_READ_DATA)
411 #define FSCTL_ENABLE_UPGRADE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 52, METHOD_BUFFERED, FILE_WRITE_DATA)
412 #define FSCTL_SET_ENCRYPTION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 53, METHOD_BUFFERED, FILE_ANY_ACCESS)
413 #define FSCTL_ENCRYPTION_FSCTL_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 54, METHOD_NEITHER, FILE_ANY_ACCESS)
414 #define FSCTL_WRITE_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 55, METHOD_NEITHER, FILE_ANY_ACCESS)
415 #define FSCTL_READ_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 56, METHOD_NEITHER, FILE_ANY_ACCESS)
416 #define FSCTL_CREATE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 57, METHOD_NEITHER, FILE_READ_DATA)
417 #define FSCTL_READ_FILE_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 58, METHOD_NEITHER, FILE_READ_DATA)
418 #define FSCTL_WRITE_USN_CLOSE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 59, METHOD_NEITHER, FILE_READ_DATA)
419 #define FSCTL_EXTEND_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 60, METHOD_BUFFERED, FILE_ANY_ACCESS)
420 #define FSCTL_QUERY_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 61, METHOD_BUFFERED, FILE_ANY_ACCESS)
421 #define FSCTL_DELETE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 62, METHOD_BUFFERED, FILE_ANY_ACCESS)
422 #define FSCTL_MARK_HANDLE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 63, METHOD_BUFFERED, FILE_ANY_ACCESS)
423 #define FSCTL_SIS_COPYFILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 64, METHOD_BUFFERED, FILE_ANY_ACCESS)
424 #define FSCTL_SIS_LINK_FILES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 65, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
425 #define FSCTL_HSM_MSG CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
426 #define FSCTL_NSS_CONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 67, METHOD_BUFFERED, FILE_WRITE_DATA)
427 #define FSCTL_HSM_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
428 #define FSCTL_RECALL_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 69, METHOD_NEITHER, FILE_ANY_ACCESS)
429 #define FSCTL_NSS_RCONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 70, METHOD_BUFFERED, FILE_READ_DATA)
430 #define FSCTL_READ_FROM_PLEX CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 71, METHOD_OUT_DIRECT, FILE_READ_DATA)
431 #define FSCTL_FILE_PREFETCH CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 72, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
433 #endif /* (VER_PRODUCTBUILD >= 2195) */
435 #define FSCTL_MAILSLOT_PEEK CTL_CODE(FILE_DEVICE_MAILSLOT, 0, METHOD_NEITHER, FILE_READ_DATA)
437 #define FSCTL_NETWORK_SET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
438 #define FSCTL_NETWORK_GET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
439 #define FSCTL_NETWORK_GET_CONNECTION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS)
440 #define FSCTL_NETWORK_ENUMERATE_CONNECTIONS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS)
441 #define FSCTL_NETWORK_DELETE_CONNECTION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS)
442 #define FSCTL_NETWORK_GET_STATISTICS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 116, METHOD_BUFFERED, FILE_ANY_ACCESS)
443 #define FSCTL_NETWORK_SET_DOMAIN_NAME CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS)
444 #define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS)
446 #define FSCTL_PIPE_ASSIGN_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
447 #define FSCTL_PIPE_DISCONNECT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
448 #define FSCTL_PIPE_LISTEN CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
449 #define FSCTL_PIPE_PEEK CTL_CODE(FILE_DEVICE_NAMED_PIPE, 3, METHOD_BUFFERED, FILE_READ_DATA)
450 #define FSCTL_PIPE_QUERY_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
451 #define FSCTL_PIPE_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 5, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
452 #define FSCTL_PIPE_WAIT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
453 #define FSCTL_PIPE_IMPERSONATE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
454 #define FSCTL_PIPE_SET_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
455 #define FSCTL_PIPE_QUERY_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 9, METHOD_BUFFERED, FILE_ANY_ACCESS)
456 #define FSCTL_PIPE_INTERNAL_READ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2045, METHOD_BUFFERED, FILE_READ_DATA)
457 #define FSCTL_PIPE_INTERNAL_WRITE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2046, METHOD_BUFFERED, FILE_WRITE_DATA)
458 #define FSCTL_PIPE_INTERNAL_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2047, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
459 #define FSCTL_PIPE_INTERNAL_READ_OVFLOW CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2048, METHOD_BUFFERED, FILE_READ_DATA)
461 #define IOCTL_REDIR_QUERY_PATH CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS)
464 typedef PVOID OPLOCK
, *POPLOCK
;
465 typedef PVOID PWOW64_PROCESS
;
467 typedef struct _CACHE_MANAGER_CALLBACKS
*PCACHE_MANAGER_CALLBACKS
;
468 typedef struct _EPROCESS_QUOTA_BLOCK
*PEPROCESS_QUOTA_BLOCK
;
469 typedef struct _FILE_GET_QUOTA_INFORMATION
*PFILE_GET_QUOTA_INFORMATION
;
470 typedef struct _HANDLE_TABLE
*PHANDLE_TABLE
;
471 typedef struct _KEVENT_PAIR
*PKEVENT_PAIR
;
472 typedef struct _KPROCESS
*PKPROCESS
;
473 typedef struct _KQUEUE
*PKQUEUE
;
474 typedef struct _KTRAP_FRAME
*PKTRAP_FRAME
;
475 typedef struct _MAILSLOT_CREATE_PARAMETERS
*PMAILSLOT_CREATE_PARAMETERS
;
476 typedef struct _MMWSL
*PMMWSL
;
477 typedef struct _NAMED_PIPE_CREATE_PARAMETERS
*PNAMED_PIPE_CREATE_PARAMETERS
;
478 typedef struct _OBJECT_DIRECTORY
*POBJECT_DIRECTORY
;
479 typedef struct _PAGEFAULT_HISTORY
*PPAGEFAULT_HISTORY
;
480 typedef struct _PS_IMPERSONATION_INFORMATION
*PPS_IMPERSONATION_INFORMATION
;
481 typedef struct _SECTION_OBJECT
*PSECTION_OBJECT
;
482 typedef struct _SHARED_CACHE_MAP
*PSHARED_CACHE_MAP
;
483 typedef struct _TERMINATION_PORT
*PTERMINATION_PORT
;
484 typedef struct _VACB
*PVACB
;
485 typedef struct _VAD_HEADER
*PVAD_HEADER
;
487 typedef struct _NOTIFY_SYNC
500 } NOTIFY_SYNC
, * PNOTIFY_SYNC
;
502 typedef enum _FAST_IO_POSSIBLE
{
508 typedef enum _FILE_STORAGE_TYPE
{
509 StorageTypeDefault
= 1,
510 StorageTypeDirectory
,
512 StorageTypeJunctionPoint
,
514 StorageTypeStructuredStorage
,
515 StorageTypeEmbedding
,
519 typedef enum _IO_COMPLETION_INFORMATION_CLASS
{
520 IoCompletionBasicInformation
521 } IO_COMPLETION_INFORMATION_CLASS
;
523 typedef enum _OBJECT_INFO_CLASS
{
531 typedef struct _HARDWARE_PTE_X86
{
535 ULONG WriteThrough
: 1;
536 ULONG CacheDisable
: 1;
541 ULONG CopyOnWrite
: 1;
544 ULONG PageFrameNumber
: 20;
545 } HARDWARE_PTE_X86
, *PHARDWARE_PTE_X86
;
547 typedef struct _KAPC_STATE
{
548 LIST_ENTRY ApcListHead
[2];
550 BOOLEAN KernelApcInProgress
;
551 BOOLEAN KernelApcPending
;
552 BOOLEAN UserApcPending
;
553 } KAPC_STATE
, *PKAPC_STATE
, *__restrict PRKAPC_STATE
;
555 typedef struct _KGDTENTRY
{
572 ULONG Reserved_0
: 1;
573 ULONG Default_Big
: 1;
574 ULONG Granularity
: 1;
578 } KGDTENTRY
, *PKGDTENTRY
;
580 typedef struct _KIDTENTRY
{
584 USHORT ExtendedOffset
;
585 } KIDTENTRY
, *PKIDTENTRY
;
587 #if (VER_PRODUCTBUILD >= 2600)
589 typedef struct _MMSUPPORT_FLAGS
{
590 ULONG SessionSpace
: 1;
591 ULONG BeingTrimmed
: 1;
592 ULONG SessionLeader
: 1;
594 ULONG WorkingSetHard
: 1;
595 ULONG AddressSpaceBeingDeleted
: 1;
596 ULONG Available
: 10;
597 ULONG AllowWorkingSetAdjustment
: 8;
598 ULONG MemoryPriority
: 8;
599 } MMSUPPORT_FLAGS
, *PMMSUPPORT_FLAGS
;
603 typedef struct _MMSUPPORT_FLAGS
{
604 ULONG SessionSpace
: 1;
605 ULONG BeingTrimmed
: 1;
606 ULONG ProcessInSession
: 1;
607 ULONG SessionLeader
: 1;
609 ULONG WorkingSetHard
: 1;
610 ULONG WriteWatch
: 1;
612 } MMSUPPORT_FLAGS
, *PMMSUPPORT_FLAGS
;
616 #if (VER_PRODUCTBUILD >= 2600)
618 typedef struct _MMSUPPORT
{
619 LARGE_INTEGER LastTrimTime
;
620 MMSUPPORT_FLAGS Flags
;
621 ULONG PageFaultCount
;
622 ULONG PeakWorkingSetSize
;
623 ULONG WorkingSetSize
;
624 ULONG MinimumWorkingSetSize
;
625 ULONG MaximumWorkingSetSize
;
626 PMMWSL VmWorkingSetList
;
627 LIST_ENTRY WorkingSetExpansionLinks
;
629 ULONG NextEstimationSlot
;
631 ULONG EstimatedAvailable
;
632 ULONG GrowthSinceLastEstimate
;
633 } MMSUPPORT
, *PMMSUPPORT
;
637 typedef struct _MMSUPPORT
{
638 LARGE_INTEGER LastTrimTime
;
639 ULONG LastTrimFaultCount
;
640 ULONG PageFaultCount
;
641 ULONG PeakWorkingSetSize
;
642 ULONG WorkingSetSize
;
643 ULONG MinimumWorkingSetSize
;
644 ULONG MaximumWorkingSetSize
;
645 PMMWSL VmWorkingSetList
;
646 LIST_ENTRY WorkingSetExpansionLinks
;
647 BOOLEAN AllowWorkingSetAdjustment
;
648 BOOLEAN AddressSpaceBeingDeleted
;
649 UCHAR ForegroundSwitchCount
;
650 UCHAR MemoryPriority
;
651 #if (VER_PRODUCTBUILD >= 2195)
654 MMSUPPORT_FLAGS Flags
;
657 ULONG NextEstimationSlot
;
659 ULONG EstimatedAvailable
;
660 ULONG GrowthSinceLastEstimate
;
661 #endif /* (VER_PRODUCTBUILD >= 2195) */
662 } MMSUPPORT
, *PMMSUPPORT
;
666 typedef struct _SE_AUDIT_PROCESS_CREATION_INFO
{
667 POBJECT_NAME_INFORMATION ImageFileName
;
668 } SE_AUDIT_PROCESS_CREATION_INFO
, *PSE_AUDIT_PROCESS_CREATION_INFO
;
670 typedef struct _BITMAP_RANGE
{
672 LARGE_INTEGER BasePage
;
673 ULONG FirstDirtyPage
;
677 } BITMAP_RANGE
, *PBITMAP_RANGE
;
679 typedef struct _CACHE_UNINITIALIZE_EVENT
{
680 struct _CACHE_UNINITIALIZE_EVENT
*Next
;
682 } CACHE_UNINITIALIZE_EVENT
, *PCACHE_UNINITIALIZE_EVENT
;
684 typedef struct _CC_FILE_SIZES
{
685 LARGE_INTEGER AllocationSize
;
686 LARGE_INTEGER FileSize
;
687 LARGE_INTEGER ValidDataLength
;
688 } CC_FILE_SIZES
, *PCC_FILE_SIZES
;
690 typedef struct _COMPRESSED_DATA_INFO
{
691 USHORT CompressionFormatAndEngine
;
692 UCHAR CompressionUnitShift
;
696 USHORT NumberOfChunks
;
697 ULONG CompressedChunkSizes
[ANYSIZE_ARRAY
];
698 } COMPRESSED_DATA_INFO
, *PCOMPRESSED_DATA_INFO
;
700 typedef struct _DEVICE_MAP
{
701 POBJECT_DIRECTORY DosDevicesDirectory
;
702 POBJECT_DIRECTORY GlobalDosDevicesDirectory
;
703 ULONG ReferenceCount
;
706 } DEVICE_MAP
, *PDEVICE_MAP
;
708 #if (VER_PRODUCTBUILD >= 2600)
710 typedef struct _EX_FAST_REF
{
711 _ANONYMOUS_UNION
union {
716 } EX_FAST_REF
, *PEX_FAST_REF
;
718 typedef struct _EX_PUSH_LOCK
{
719 _ANONYMOUS_UNION
union {
720 _ANONYMOUS_STRUCT
struct {
728 } EX_PUSH_LOCK
, *PEX_PUSH_LOCK
;
730 typedef struct _EX_RUNDOWN_REF
{
731 _ANONYMOUS_UNION
union {
735 } EX_RUNDOWN_REF
, *PEX_RUNDOWN_REF
;
739 typedef struct _EPROCESS_QUOTA_ENTRY
{
744 } EPROCESS_QUOTA_ENTRY
, *PEPROCESS_QUOTA_ENTRY
;
746 typedef struct _EPROCESS_QUOTA_BLOCK
{
747 EPROCESS_QUOTA_ENTRY QuotaEntry
[3];
748 LIST_ENTRY QuotaList
;
749 ULONG ReferenceCount
;
751 } EPROCESS_QUOTA_BLOCK
, *PEPROCESS_QUOTA_BLOCK
;
753 typedef struct _FILE_ACCESS_INFORMATION
{
754 ACCESS_MASK AccessFlags
;
755 } FILE_ACCESS_INFORMATION
, *PFILE_ACCESS_INFORMATION
;
757 typedef struct _FILE_ALLOCATION_INFORMATION
{
758 LARGE_INTEGER AllocationSize
;
759 } FILE_ALLOCATION_INFORMATION
, *PFILE_ALLOCATION_INFORMATION
;
761 typedef struct _FILE_BOTH_DIR_INFORMATION
{
762 ULONG NextEntryOffset
;
764 LARGE_INTEGER CreationTime
;
765 LARGE_INTEGER LastAccessTime
;
766 LARGE_INTEGER LastWriteTime
;
767 LARGE_INTEGER ChangeTime
;
768 LARGE_INTEGER EndOfFile
;
769 LARGE_INTEGER AllocationSize
;
770 ULONG FileAttributes
;
771 ULONG FileNameLength
;
773 CCHAR ShortNameLength
;
776 } FILE_BOTH_DIR_INFORMATION
, *PFILE_BOTH_DIR_INFORMATION
;
778 typedef struct _FILE_COMPLETION_INFORMATION
{
781 } FILE_COMPLETION_INFORMATION
, *PFILE_COMPLETION_INFORMATION
;
783 typedef struct _FILE_COMPRESSION_INFORMATION
{
784 LARGE_INTEGER CompressedFileSize
;
785 USHORT CompressionFormat
;
786 UCHAR CompressionUnitShift
;
790 } FILE_COMPRESSION_INFORMATION
, *PFILE_COMPRESSION_INFORMATION
;
792 typedef struct _FILE_COPY_ON_WRITE_INFORMATION
{
793 BOOLEAN ReplaceIfExists
;
794 HANDLE RootDirectory
;
795 ULONG FileNameLength
;
797 } FILE_COPY_ON_WRITE_INFORMATION
, *PFILE_COPY_ON_WRITE_INFORMATION
;
799 typedef struct _FILE_DIRECTORY_INFORMATION
{
800 ULONG NextEntryOffset
;
802 LARGE_INTEGER CreationTime
;
803 LARGE_INTEGER LastAccessTime
;
804 LARGE_INTEGER LastWriteTime
;
805 LARGE_INTEGER ChangeTime
;
806 LARGE_INTEGER EndOfFile
;
807 LARGE_INTEGER AllocationSize
;
808 ULONG FileAttributes
;
809 ULONG FileNameLength
;
811 } FILE_DIRECTORY_INFORMATION
, *PFILE_DIRECTORY_INFORMATION
;
813 typedef struct _FILE_FULL_DIRECTORY_INFORMATION
{
814 ULONG NextEntryOffset
;
816 LARGE_INTEGER CreationTime
;
817 LARGE_INTEGER LastAccessTime
;
818 LARGE_INTEGER LastWriteTime
;
819 LARGE_INTEGER ChangeTime
;
820 LARGE_INTEGER EndOfFile
;
821 LARGE_INTEGER AllocationSize
;
822 ULONG FileAttributes
;
823 ULONG FileNameLength
;
826 } FILE_FULL_DIRECTORY_INFORMATION
, *PFILE_FULL_DIRECTORY_INFORMATION
;
828 typedef struct _FILE_BOTH_DIRECTORY_INFORMATION
{
829 ULONG NextEntryOffset
;
831 LARGE_INTEGER CreationTime
;
832 LARGE_INTEGER LastAccessTime
;
833 LARGE_INTEGER LastWriteTime
;
834 LARGE_INTEGER ChangeTime
;
835 LARGE_INTEGER EndOfFile
;
836 LARGE_INTEGER AllocationSize
;
837 ULONG FileAttributes
;
838 ULONG FileNameLength
;
840 CHAR ShortNameLength
;
843 } FILE_BOTH_DIRECTORY_INFORMATION
, *PFILE_BOTH_DIRECTORY_INFORMATION
;
845 typedef struct _FILE_EA_INFORMATION
{
847 } FILE_EA_INFORMATION
, *PFILE_EA_INFORMATION
;
849 typedef struct _FILE_FS_ATTRIBUTE_INFORMATION
{
850 ULONG FileSystemAttributes
;
851 ULONG MaximumComponentNameLength
;
852 ULONG FileSystemNameLength
;
853 WCHAR FileSystemName
[1];
854 } FILE_FS_ATTRIBUTE_INFORMATION
, *PFILE_FS_ATTRIBUTE_INFORMATION
;
856 typedef struct _FILE_FS_CONTROL_INFORMATION
{
857 LARGE_INTEGER FreeSpaceStartFiltering
;
858 LARGE_INTEGER FreeSpaceThreshold
;
859 LARGE_INTEGER FreeSpaceStopFiltering
;
860 LARGE_INTEGER DefaultQuotaThreshold
;
861 LARGE_INTEGER DefaultQuotaLimit
;
862 ULONG FileSystemControlFlags
;
863 } FILE_FS_CONTROL_INFORMATION
, *PFILE_FS_CONTROL_INFORMATION
;
865 typedef struct _FILE_FS_FULL_SIZE_INFORMATION
{
866 LARGE_INTEGER TotalAllocationUnits
;
867 LARGE_INTEGER CallerAvailableAllocationUnits
;
868 LARGE_INTEGER ActualAvailableAllocationUnits
;
869 ULONG SectorsPerAllocationUnit
;
870 ULONG BytesPerSector
;
871 } FILE_FS_FULL_SIZE_INFORMATION
, *PFILE_FS_FULL_SIZE_INFORMATION
;
873 typedef struct _FILE_FS_LABEL_INFORMATION
{
874 ULONG VolumeLabelLength
;
875 WCHAR VolumeLabel
[1];
876 } FILE_FS_LABEL_INFORMATION
, *PFILE_FS_LABEL_INFORMATION
;
878 #if (VER_PRODUCTBUILD >= 2195)
880 typedef struct _FILE_FS_OBJECT_ID_INFORMATION
{
882 UCHAR ExtendedInfo
[48];
883 } FILE_FS_OBJECT_ID_INFORMATION
, *PFILE_FS_OBJECT_ID_INFORMATION
;
885 #endif /* (VER_PRODUCTBUILD >= 2195) */
887 typedef struct _FILE_FS_SIZE_INFORMATION
{
888 LARGE_INTEGER TotalAllocationUnits
;
889 LARGE_INTEGER AvailableAllocationUnits
;
890 ULONG SectorsPerAllocationUnit
;
891 ULONG BytesPerSector
;
892 } FILE_FS_SIZE_INFORMATION
, *PFILE_FS_SIZE_INFORMATION
;
894 typedef struct _FILE_FS_VOLUME_INFORMATION
{
895 LARGE_INTEGER VolumeCreationTime
;
896 ULONG VolumeSerialNumber
;
897 ULONG VolumeLabelLength
;
898 BOOLEAN SupportsObjects
;
899 WCHAR VolumeLabel
[1];
900 } FILE_FS_VOLUME_INFORMATION
, *PFILE_FS_VOLUME_INFORMATION
;
902 typedef struct _FILE_FULL_DIR_INFORMATION
{
903 ULONG NextEntryOffset
;
905 LARGE_INTEGER CreationTime
;
906 LARGE_INTEGER LastAccessTime
;
907 LARGE_INTEGER LastWriteTime
;
908 LARGE_INTEGER ChangeTime
;
909 LARGE_INTEGER EndOfFile
;
910 LARGE_INTEGER AllocationSize
;
911 ULONG FileAttributes
;
912 ULONG FileNameLength
;
915 } FILE_FULL_DIR_INFORMATION
, *PFILE_FULL_DIR_INFORMATION
;
917 typedef struct _FILE_GET_EA_INFORMATION
{
918 ULONG NextEntryOffset
;
921 } FILE_GET_EA_INFORMATION
, *PFILE_GET_EA_INFORMATION
;
923 typedef struct _FILE_GET_QUOTA_INFORMATION
{
924 ULONG NextEntryOffset
;
927 } FILE_GET_QUOTA_INFORMATION
, *PFILE_GET_QUOTA_INFORMATION
;
929 typedef struct _FILE_INTERNAL_INFORMATION
{
930 LARGE_INTEGER IndexNumber
;
931 } FILE_INTERNAL_INFORMATION
, *PFILE_INTERNAL_INFORMATION
;
933 typedef struct _FILE_LINK_INFORMATION
{
934 BOOLEAN ReplaceIfExists
;
935 HANDLE RootDirectory
;
936 ULONG FileNameLength
;
938 } FILE_LINK_INFORMATION
, *PFILE_LINK_INFORMATION
;
940 typedef struct _FILE_LOCK_INFO
{
941 LARGE_INTEGER StartingByte
;
942 LARGE_INTEGER Length
;
943 BOOLEAN ExclusiveLock
;
945 PFILE_OBJECT FileObject
;
947 LARGE_INTEGER EndingByte
;
948 } FILE_LOCK_INFO
, *PFILE_LOCK_INFO
;
950 /* raw internal file lock struct returned from FsRtlGetNextFileLock */
951 typedef struct _FILE_SHARED_LOCK_ENTRY
{
954 FILE_LOCK_INFO FileLock
;
955 } FILE_SHARED_LOCK_ENTRY
, *PFILE_SHARED_LOCK_ENTRY
;
957 /* raw internal file lock struct returned from FsRtlGetNextFileLock */
958 typedef struct _FILE_EXCLUSIVE_LOCK_ENTRY
{
959 LIST_ENTRY ListEntry
;
962 FILE_LOCK_INFO FileLock
;
963 } FILE_EXCLUSIVE_LOCK_ENTRY
, *PFILE_EXCLUSIVE_LOCK_ENTRY
;
965 typedef NTSTATUS (*PCOMPLETE_LOCK_IRP_ROUTINE
) (
970 typedef VOID (NTAPI
*PUNLOCK_ROUTINE
) (
972 IN PFILE_LOCK_INFO FileLockInfo
975 typedef struct _FILE_LOCK
{
976 PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine
;
977 PUNLOCK_ROUTINE UnlockRoutine
;
978 BOOLEAN FastIoIsQuestionable
;
980 PVOID LockInformation
;
981 FILE_LOCK_INFO LastReturnedLockInfo
;
982 PVOID LastReturnedLock
;
983 } FILE_LOCK
, *PFILE_LOCK
;
985 typedef struct _FILE_MAILSLOT_PEEK_BUFFER
{
986 ULONG ReadDataAvailable
;
987 ULONG NumberOfMessages
;
989 } FILE_MAILSLOT_PEEK_BUFFER
, *PFILE_MAILSLOT_PEEK_BUFFER
;
991 typedef struct _FILE_MAILSLOT_QUERY_INFORMATION
{
992 ULONG MaximumMessageSize
;
994 ULONG NextMessageSize
;
995 ULONG MessagesAvailable
;
996 LARGE_INTEGER ReadTimeout
;
997 } FILE_MAILSLOT_QUERY_INFORMATION
, *PFILE_MAILSLOT_QUERY_INFORMATION
;
999 typedef struct _FILE_MAILSLOT_SET_INFORMATION
{
1000 LARGE_INTEGER ReadTimeout
;
1001 } FILE_MAILSLOT_SET_INFORMATION
, *PFILE_MAILSLOT_SET_INFORMATION
;
1003 typedef struct _FILE_MODE_INFORMATION
{
1005 } FILE_MODE_INFORMATION
, *PFILE_MODE_INFORMATION
;
1007 typedef struct _FILE_ALL_INFORMATION
{
1008 FILE_BASIC_INFORMATION BasicInformation
;
1009 FILE_STANDARD_INFORMATION StandardInformation
;
1010 FILE_INTERNAL_INFORMATION InternalInformation
;
1011 FILE_EA_INFORMATION EaInformation
;
1012 FILE_ACCESS_INFORMATION AccessInformation
;
1013 FILE_POSITION_INFORMATION PositionInformation
;
1014 FILE_MODE_INFORMATION ModeInformation
;
1015 FILE_ALIGNMENT_INFORMATION AlignmentInformation
;
1016 FILE_NAME_INFORMATION NameInformation
;
1017 } FILE_ALL_INFORMATION
, *PFILE_ALL_INFORMATION
;
1019 typedef struct _FILE_NAMES_INFORMATION
{
1020 ULONG NextEntryOffset
;
1022 ULONG FileNameLength
;
1024 } FILE_NAMES_INFORMATION
, *PFILE_NAMES_INFORMATION
;
1026 typedef struct _FILE_OBJECTID_INFORMATION
{
1027 LONGLONG FileReference
;
1029 _ANONYMOUS_UNION
union {
1031 UCHAR BirthVolumeId
[16];
1032 UCHAR BirthObjectId
[16];
1035 UCHAR ExtendedInfo
[48];
1037 } FILE_OBJECTID_INFORMATION
, *PFILE_OBJECTID_INFORMATION
;
1039 typedef struct _FILE_OLE_CLASSID_INFORMATION
{
1041 } FILE_OLE_CLASSID_INFORMATION
, *PFILE_OLE_CLASSID_INFORMATION
;
1043 typedef struct _FILE_OLE_ALL_INFORMATION
{
1044 FILE_BASIC_INFORMATION BasicInformation
;
1045 FILE_STANDARD_INFORMATION StandardInformation
;
1046 FILE_INTERNAL_INFORMATION InternalInformation
;
1047 FILE_EA_INFORMATION EaInformation
;
1048 FILE_ACCESS_INFORMATION AccessInformation
;
1049 FILE_POSITION_INFORMATION PositionInformation
;
1050 FILE_MODE_INFORMATION ModeInformation
;
1051 FILE_ALIGNMENT_INFORMATION AlignmentInformation
;
1054 LARGE_INTEGER SecurityChangeTime
;
1055 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation
;
1056 FILE_OBJECTID_INFORMATION ObjectIdInformation
;
1057 FILE_STORAGE_TYPE StorageType
;
1060 ULONG NumberOfStreamReferences
;
1063 BOOLEAN ContentIndexDisable
;
1064 BOOLEAN InheritContentIndexDisable
;
1065 FILE_NAME_INFORMATION NameInformation
;
1066 } FILE_OLE_ALL_INFORMATION
, *PFILE_OLE_ALL_INFORMATION
;
1068 typedef struct _FILE_OLE_DIR_INFORMATION
{
1069 ULONG NextEntryOffset
;
1071 LARGE_INTEGER CreationTime
;
1072 LARGE_INTEGER LastAccessTime
;
1073 LARGE_INTEGER LastWriteTime
;
1074 LARGE_INTEGER ChangeTime
;
1075 LARGE_INTEGER EndOfFile
;
1076 LARGE_INTEGER AllocationSize
;
1077 ULONG FileAttributes
;
1078 ULONG FileNameLength
;
1079 FILE_STORAGE_TYPE StorageType
;
1082 BOOLEAN ContentIndexDisable
;
1083 BOOLEAN InheritContentIndexDisable
;
1085 } FILE_OLE_DIR_INFORMATION
, *PFILE_OLE_DIR_INFORMATION
;
1087 typedef struct _FILE_OLE_INFORMATION
{
1088 LARGE_INTEGER SecurityChangeTime
;
1089 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation
;
1090 FILE_OBJECTID_INFORMATION ObjectIdInformation
;
1091 FILE_STORAGE_TYPE StorageType
;
1093 BOOLEAN ContentIndexDisable
;
1094 BOOLEAN InheritContentIndexDisable
;
1095 } FILE_OLE_INFORMATION
, *PFILE_OLE_INFORMATION
;
1097 typedef struct _FILE_OLE_STATE_BITS_INFORMATION
{
1099 ULONG StateBitsMask
;
1100 } FILE_OLE_STATE_BITS_INFORMATION
, *PFILE_OLE_STATE_BITS_INFORMATION
;
1102 typedef struct _FILE_PIPE_ASSIGN_EVENT_BUFFER
{
1105 } FILE_PIPE_ASSIGN_EVENT_BUFFER
, *PFILE_PIPE_ASSIGN_EVENT_BUFFER
;
1107 typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER
{
1108 PVOID ClientSession
;
1109 PVOID ClientProcess
;
1110 } FILE_PIPE_CLIENT_PROCESS_BUFFER
, *PFILE_PIPE_CLIENT_PROCESS_BUFFER
;
1112 typedef struct _FILE_PIPE_EVENT_BUFFER
{
1113 ULONG NamedPipeState
;
1117 ULONG NumberRequests
;
1118 } FILE_PIPE_EVENT_BUFFER
, *PFILE_PIPE_EVENT_BUFFER
;
1120 typedef struct _FILE_PIPE_INFORMATION
{
1122 ULONG CompletionMode
;
1123 } FILE_PIPE_INFORMATION
, *PFILE_PIPE_INFORMATION
;
1125 typedef struct _FILE_PIPE_LOCAL_INFORMATION
{
1126 ULONG NamedPipeType
;
1127 ULONG NamedPipeConfiguration
;
1128 ULONG MaximumInstances
;
1129 ULONG CurrentInstances
;
1131 ULONG ReadDataAvailable
;
1132 ULONG OutboundQuota
;
1133 ULONG WriteQuotaAvailable
;
1134 ULONG NamedPipeState
;
1136 } FILE_PIPE_LOCAL_INFORMATION
, *PFILE_PIPE_LOCAL_INFORMATION
;
1138 typedef struct _FILE_PIPE_REMOTE_INFORMATION
{
1139 LARGE_INTEGER CollectDataTime
;
1140 ULONG MaximumCollectionCount
;
1141 } FILE_PIPE_REMOTE_INFORMATION
, *PFILE_PIPE_REMOTE_INFORMATION
;
1143 typedef struct _FILE_PIPE_WAIT_FOR_BUFFER
{
1144 LARGE_INTEGER Timeout
;
1146 BOOLEAN TimeoutSpecified
;
1148 } FILE_PIPE_WAIT_FOR_BUFFER
, *PFILE_PIPE_WAIT_FOR_BUFFER
;
1150 typedef struct _FILE_QUOTA_INFORMATION
{
1151 ULONG NextEntryOffset
;
1153 LARGE_INTEGER ChangeTime
;
1154 LARGE_INTEGER QuotaUsed
;
1155 LARGE_INTEGER QuotaThreshold
;
1156 LARGE_INTEGER QuotaLimit
;
1158 } FILE_QUOTA_INFORMATION
, *PFILE_QUOTA_INFORMATION
;
1160 typedef struct _FILE_RENAME_INFORMATION
{
1161 BOOLEAN ReplaceIfExists
;
1162 HANDLE RootDirectory
;
1163 ULONG FileNameLength
;
1165 } FILE_RENAME_INFORMATION
, *PFILE_RENAME_INFORMATION
;
1167 typedef struct _FILE_STREAM_INFORMATION
{
1168 ULONG NextEntryOffset
;
1169 ULONG StreamNameLength
;
1170 LARGE_INTEGER StreamSize
;
1171 LARGE_INTEGER StreamAllocationSize
;
1172 WCHAR StreamName
[1];
1173 } FILE_STREAM_INFORMATION
, *PFILE_STREAM_INFORMATION
;
1175 typedef struct _FILE_TRACKING_INFORMATION
{
1176 HANDLE DestinationFile
;
1177 ULONG ObjectInformationLength
;
1178 CHAR ObjectInformation
[1];
1179 } FILE_TRACKING_INFORMATION
, *PFILE_TRACKING_INFORMATION
;
1181 #if (VER_PRODUCTBUILD >= 2195)
1182 typedef struct _FILE_ZERO_DATA_INFORMATION
{
1183 LARGE_INTEGER FileOffset
;
1184 LARGE_INTEGER BeyondFinalZero
;
1185 } FILE_ZERO_DATA_INFORMATION
, *PFILE_ZERO_DATA_INFORMATION
;
1187 typedef struct FILE_ALLOCATED_RANGE_BUFFER
{
1188 LARGE_INTEGER FileOffset
;
1189 LARGE_INTEGER Length
;
1190 } FILE_ALLOCATED_RANGE_BUFFER
, *PFILE_ALLOCATED_RANGE_BUFFER
;
1191 #endif /* (VER_PRODUCTBUILD >= 2195) */
1193 typedef struct _FSRTL_COMMON_FCB_HEADER
{
1194 CSHORT NodeTypeCode
;
1195 CSHORT NodeByteSize
;
1197 UCHAR IsFastIoPossible
;
1198 #if (VER_PRODUCTBUILD >= 1381)
1201 #endif /* (VER_PRODUCTBUILD >= 1381) */
1202 PERESOURCE Resource
;
1203 PERESOURCE PagingIoResource
;
1204 LARGE_INTEGER AllocationSize
;
1205 LARGE_INTEGER FileSize
;
1206 LARGE_INTEGER ValidDataLength
;
1207 } FSRTL_COMMON_FCB_HEADER
, *PFSRTL_COMMON_FCB_HEADER
;
1209 typedef struct _GENERATE_NAME_CONTEXT
{
1211 BOOLEAN CheckSumInserted
;
1213 WCHAR NameBuffer
[8];
1214 ULONG ExtensionLength
;
1215 WCHAR ExtensionBuffer
[4];
1216 ULONG LastIndexValue
;
1217 } GENERATE_NAME_CONTEXT
, *PGENERATE_NAME_CONTEXT
;
1219 typedef struct _HANDLE_TABLE_ENTRY
{
1221 ULONG ObjectAttributes
;
1222 ULONG GrantedAccess
;
1223 USHORT GrantedAccessIndex
;
1224 USHORT CreatorBackTraceIndex
;
1225 ULONG NextFreeTableEntry
;
1226 } HANDLE_TABLE_ENTRY
, *PHANDLE_TABLE_ENTRY
;
1228 typedef struct _MAPPING_PAIR
{
1231 } MAPPING_PAIR
, *PMAPPING_PAIR
;
1233 typedef struct _GET_RETRIEVAL_DESCRIPTOR
{
1234 ULONG NumberOfPairs
;
1236 MAPPING_PAIR Pair
[1];
1237 } GET_RETRIEVAL_DESCRIPTOR
, *PGET_RETRIEVAL_DESCRIPTOR
;
1239 typedef struct _IO_CLIENT_EXTENSION
{
1240 struct _IO_CLIENT_EXTENSION
*NextExtension
;
1241 PVOID ClientIdentificationAddress
;
1242 } IO_CLIENT_EXTENSION
, *PIO_CLIENT_EXTENSION
;
1244 typedef struct _IO_COMPLETION_BASIC_INFORMATION
{
1246 } IO_COMPLETION_BASIC_INFORMATION
, *PIO_COMPLETION_BASIC_INFORMATION
;
1248 typedef struct _KEVENT_PAIR
{
1253 } KEVENT_PAIR
, *PKEVENT_PAIR
;
1255 typedef struct _KQUEUE
{
1256 DISPATCHER_HEADER Header
;
1257 LIST_ENTRY EntryListHead
;
1260 LIST_ENTRY ThreadListHead
;
1261 } KQUEUE
, *PKQUEUE
, *RESTRICTED_POINTER PRKQUEUE
;
1263 typedef struct _MAILSLOT_CREATE_PARAMETERS
{
1264 ULONG MailslotQuota
;
1265 ULONG MaximumMessageSize
;
1266 LARGE_INTEGER ReadTimeout
;
1267 BOOLEAN TimeoutSpecified
;
1268 } MAILSLOT_CREATE_PARAMETERS
, *PMAILSLOT_CREATE_PARAMETERS
;
1270 typedef struct _MBCB
{
1271 CSHORT NodeTypeCode
;
1272 CSHORT NodeIsInZone
;
1276 LIST_ENTRY BitmapRanges
;
1277 LONGLONG ResumeWritePage
;
1278 BITMAP_RANGE BitmapRange1
;
1279 BITMAP_RANGE BitmapRange2
;
1280 BITMAP_RANGE BitmapRange3
;
1283 typedef struct _MOVEFILE_DESCRIPTOR
{
1286 LARGE_INTEGER StartVcn
;
1287 LARGE_INTEGER TargetLcn
;
1290 } MOVEFILE_DESCRIPTOR
, *PMOVEFILE_DESCRIPTOR
;
1292 typedef struct _NAMED_PIPE_CREATE_PARAMETERS
{
1293 ULONG NamedPipeType
;
1295 ULONG CompletionMode
;
1296 ULONG MaximumInstances
;
1298 ULONG OutboundQuota
;
1299 LARGE_INTEGER DefaultTimeout
;
1300 BOOLEAN TimeoutSpecified
;
1301 } NAMED_PIPE_CREATE_PARAMETERS
, *PNAMED_PIPE_CREATE_PARAMETERS
;
1303 typedef struct _OBJECT_BASIC_INFO
{
1305 ACCESS_MASK GrantedAccess
;
1307 ULONG ReferenceCount
;
1308 ULONG PagedPoolUsage
;
1309 ULONG NonPagedPoolUsage
;
1311 ULONG NameInformationLength
;
1312 ULONG TypeInformationLength
;
1313 ULONG SecurityDescriptorLength
;
1314 LARGE_INTEGER CreateTime
;
1315 } OBJECT_BASIC_INFO
, *POBJECT_BASIC_INFO
;
1317 typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFO
{
1319 BOOLEAN ProtectFromClose
;
1320 } OBJECT_HANDLE_ATTRIBUTE_INFO
, *POBJECT_HANDLE_ATTRIBUTE_INFO
;
1322 typedef struct _OBJECT_NAME_INFO
{
1323 UNICODE_STRING ObjectName
;
1324 WCHAR ObjectNameBuffer
[1];
1325 } OBJECT_NAME_INFO
, *POBJECT_NAME_INFO
;
1327 typedef struct _OBJECT_PROTECTION_INFO
{
1329 BOOLEAN ProtectHandle
;
1330 } OBJECT_PROTECTION_INFO
, *POBJECT_PROTECTION_INFO
;
1332 typedef struct _OBJECT_TYPE_INFO
{
1333 UNICODE_STRING ObjectTypeName
;
1334 UCHAR Unknown
[0x58];
1335 WCHAR ObjectTypeNameBuffer
[1];
1336 } OBJECT_TYPE_INFO
, *POBJECT_TYPE_INFO
;
1338 typedef struct _OBJECT_ALL_TYPES_INFO
{
1339 ULONG NumberOfObjectTypes
;
1340 OBJECT_TYPE_INFO ObjectsTypeInfo
[1];
1341 } OBJECT_ALL_TYPES_INFO
, *POBJECT_ALL_TYPES_INFO
;
1343 typedef struct _PAGEFAULT_HISTORY
{
1346 KSPIN_LOCK SpinLock
;
1348 PROCESS_WS_WATCH_INFORMATION WatchInfo
[1];
1349 } PAGEFAULT_HISTORY
, *PPAGEFAULT_HISTORY
;
1351 typedef struct _PATHNAME_BUFFER
{
1352 ULONG PathNameLength
;
1354 } PATHNAME_BUFFER
, *PPATHNAME_BUFFER
;
1356 #if (VER_PRODUCTBUILD >= 2600)
1358 typedef struct _PRIVATE_CACHE_MAP_FLAGS
{
1360 ULONG ReadAheadActive
: 1;
1361 ULONG ReadAheadEnabled
: 1;
1362 ULONG Available
: 14;
1363 } PRIVATE_CACHE_MAP_FLAGS
, *PPRIVATE_CACHE_MAP_FLAGS
;
1365 typedef struct _PRIVATE_CACHE_MAP
{
1366 _ANONYMOUS_UNION
union {
1367 CSHORT NodeTypeCode
;
1368 PRIVATE_CACHE_MAP_FLAGS Flags
;
1371 ULONG ReadAheadMask
;
1372 PFILE_OBJECT FileObject
;
1373 LARGE_INTEGER FileOffset1
;
1374 LARGE_INTEGER BeyondLastByte1
;
1375 LARGE_INTEGER FileOffset2
;
1376 LARGE_INTEGER BeyondLastByte2
;
1377 LARGE_INTEGER ReadAheadOffset
[2];
1378 ULONG ReadAheadLength
[2];
1379 KSPIN_LOCK ReadAheadSpinLock
;
1380 LIST_ENTRY PrivateLinks
;
1381 } PRIVATE_CACHE_MAP
, *PPRIVATE_CACHE_MAP
;
1385 typedef struct _PS_IMPERSONATION_INFORMATION
{
1386 PACCESS_TOKEN Token
;
1388 BOOLEAN EffectiveOnly
;
1389 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
;
1390 } PS_IMPERSONATION_INFORMATION
, *PPS_IMPERSONATION_INFORMATION
;
1392 typedef struct _PUBLIC_BCB
{
1393 CSHORT NodeTypeCode
;
1394 CSHORT NodeByteSize
;
1396 LARGE_INTEGER MappedFileOffset
;
1397 } PUBLIC_BCB
, *PPUBLIC_BCB
;
1399 typedef struct _QUERY_PATH_REQUEST
{
1400 ULONG PathNameLength
;
1401 PIO_SECURITY_CONTEXT SecurityContext
;
1402 WCHAR FilePathName
[1];
1403 } QUERY_PATH_REQUEST
, *PQUERY_PATH_REQUEST
;
1405 typedef struct _QUERY_PATH_RESPONSE
{
1406 ULONG LengthAccepted
;
1407 } QUERY_PATH_RESPONSE
, *PQUERY_PATH_RESPONSE
;
1409 #pragma pack(push,8)
1410 typedef struct _RETRIEVAL_POINTERS_BUFFER
{
1412 LARGE_INTEGER StartingVcn
;
1414 LARGE_INTEGER NextVcn
;
1417 } RETRIEVAL_POINTERS_BUFFER
, *PRETRIEVAL_POINTERS_BUFFER
;
1420 typedef struct _RTL_SPLAY_LINKS
{
1421 struct _RTL_SPLAY_LINKS
*Parent
;
1422 struct _RTL_SPLAY_LINKS
*LeftChild
;
1423 struct _RTL_SPLAY_LINKS
*RightChild
;
1424 } RTL_SPLAY_LINKS
, *PRTL_SPLAY_LINKS
;
1426 typedef struct _SE_EXPORTS
{
1428 LUID SeCreateTokenPrivilege
;
1429 LUID SeAssignPrimaryTokenPrivilege
;
1430 LUID SeLockMemoryPrivilege
;
1431 LUID SeIncreaseQuotaPrivilege
;
1432 LUID SeUnsolicitedInputPrivilege
;
1433 LUID SeTcbPrivilege
;
1434 LUID SeSecurityPrivilege
;
1435 LUID SeTakeOwnershipPrivilege
;
1436 LUID SeLoadDriverPrivilege
;
1437 LUID SeCreatePagefilePrivilege
;
1438 LUID SeIncreaseBasePriorityPrivilege
;
1439 LUID SeSystemProfilePrivilege
;
1440 LUID SeSystemtimePrivilege
;
1441 LUID SeProfileSingleProcessPrivilege
;
1442 LUID SeCreatePermanentPrivilege
;
1443 LUID SeBackupPrivilege
;
1444 LUID SeRestorePrivilege
;
1445 LUID SeShutdownPrivilege
;
1446 LUID SeDebugPrivilege
;
1447 LUID SeAuditPrivilege
;
1448 LUID SeSystemEnvironmentPrivilege
;
1449 LUID SeChangeNotifyPrivilege
;
1450 LUID SeRemoteShutdownPrivilege
;
1455 PSID SeCreatorOwnerSid
;
1456 PSID SeCreatorGroupSid
;
1458 PSID SeNtAuthoritySid
;
1462 PSID SeInteractiveSid
;
1463 PSID SeLocalSystemSid
;
1464 PSID SeAliasAdminsSid
;
1465 PSID SeAliasUsersSid
;
1466 PSID SeAliasGuestsSid
;
1467 PSID SeAliasPowerUsersSid
;
1468 PSID SeAliasAccountOpsSid
;
1469 PSID SeAliasSystemOpsSid
;
1470 PSID SeAliasPrintOpsSid
;
1471 PSID SeAliasBackupOpsSid
;
1473 PSID SeAuthenticatedUsersSid
;
1475 PSID SeRestrictedSid
;
1476 PSID SeAnonymousLogonSid
;
1478 LUID SeUndockPrivilege
;
1479 LUID SeSyncAgentPrivilege
;
1480 LUID SeEnableDelegationPrivilege
;
1482 } SE_EXPORTS
, *PSE_EXPORTS
;
1484 typedef struct _SECTION_BASIC_INFORMATION
{
1488 } SECTION_BASIC_INFORMATION
, *PSECTION_BASIC_INFORMATION
;
1490 typedef struct _SECTION_IMAGE_INFORMATION
{
1493 ULONG_PTR StackReserve
;
1494 ULONG_PTR StackCommit
;
1496 USHORT MinorSubsystemVersion
;
1497 USHORT MajorSubsystemVersion
;
1499 ULONG Characteristics
;
1504 } SECTION_IMAGE_INFORMATION
, *PSECTION_IMAGE_INFORMATION
;
1506 #if (VER_PRODUCTBUILD >= 2600)
1508 typedef struct _SHARED_CACHE_MAP
{
1509 CSHORT NodeTypeCode
;
1510 CSHORT NodeByteSize
;
1512 LARGE_INTEGER FileSize
;
1514 LARGE_INTEGER SectionSize
;
1515 LARGE_INTEGER ValidDataLength
;
1516 LARGE_INTEGER ValidDataGoal
;
1517 PVACB InitialVacbs
[4];
1519 PFILE_OBJECT FileObject
;
1523 ULONG NeedToZeroPage
;
1524 KSPIN_LOCK ActiveVacbSpinLock
;
1525 ULONG VacbActiveCount
;
1527 LIST_ENTRY SharedCacheMapLinks
;
1532 PKEVENT CreateEvent
;
1533 PKEVENT WaitOnActiveCount
;
1535 LONGLONG BeyondLastFlush
;
1536 PCACHE_MANAGER_CALLBACKS Callbacks
;
1537 PVOID LazyWriteContext
;
1538 LIST_ENTRY PrivateList
;
1540 PVOID FlushToLsnRoutine
;
1541 ULONG DirtyPageThreshold
;
1542 ULONG LazyWritePassCount
;
1543 PCACHE_UNINITIALIZE_EVENT UninitializeEvent
;
1544 PVACB NeedToZeroVacb
;
1545 KSPIN_LOCK BcbSpinLock
;
1548 EX_PUSH_LOCK VacbPushLock
;
1549 PRIVATE_CACHE_MAP PrivateCacheMap
;
1550 } SHARED_CACHE_MAP
, *PSHARED_CACHE_MAP
;
1554 typedef struct _STARTING_VCN_INPUT_BUFFER
{
1555 LARGE_INTEGER StartingVcn
;
1556 } STARTING_VCN_INPUT_BUFFER
, *PSTARTING_VCN_INPUT_BUFFER
;
1558 typedef struct _SYSTEM_CACHE_INFORMATION
{
1561 ULONG PageFaultCount
;
1562 ULONG MinimumWorkingSet
;
1563 ULONG MaximumWorkingSet
;
1565 } SYSTEM_CACHE_INFORMATION
, *PSYSTEM_CACHE_INFORMATION
;
1567 typedef struct _TERMINATION_PORT
{
1568 struct _TERMINATION_PORT
* Next
;
1570 } TERMINATION_PORT
, *PTERMINATION_PORT
;
1572 typedef struct _SECURITY_CLIENT_CONTEXT
{
1573 SECURITY_QUALITY_OF_SERVICE SecurityQos
;
1574 PACCESS_TOKEN ClientToken
;
1575 BOOLEAN DirectlyAccessClientToken
;
1576 BOOLEAN DirectAccessEffectiveOnly
;
1577 BOOLEAN ServerIsRemote
;
1578 TOKEN_CONTROL ClientTokenControl
;
1579 } SECURITY_CLIENT_CONTEXT
, *PSECURITY_CLIENT_CONTEXT
;
1581 typedef struct _TUNNEL
{
1583 PRTL_SPLAY_LINKS Cache
;
1584 LIST_ENTRY TimerQueue
;
1588 typedef struct _VACB
{
1590 PSHARED_CACHE_MAP SharedCacheMap
;
1592 LARGE_INTEGER FileOffset
;
1598 typedef struct _VAD_HEADER
{
1601 PVAD_HEADER ParentLink
;
1602 PVAD_HEADER LeftLink
;
1603 PVAD_HEADER RightLink
;
1604 ULONG Flags
; /* LSB = CommitCharge */
1606 PVOID FirstProtoPte
;
1610 } VAD_HEADER
, *PVAD_HEADER
;
1616 IN PFILE_OBJECT FileObject
,
1617 IN ULONG BytesToWrite
,
1626 IN PFILE_OBJECT FileObject
,
1627 IN PLARGE_INTEGER FileOffset
,
1631 OUT PIO_STATUS_BLOCK IoStatus
1638 IN PFILE_OBJECT FileObject
,
1639 IN PLARGE_INTEGER FileOffset
,
1645 #define CcCopyWriteWontFlush(FO, FOFF, LEN) ((LEN) <= 0x10000)
1647 typedef VOID (NTAPI
*PCC_POST_DEFERRED_WRITE
) (
1656 IN PFILE_OBJECT FileObject
,
1657 IN PCC_POST_DEFERRED_WRITE PostRoutine
,
1660 IN ULONG BytesToWrite
,
1668 IN PFILE_OBJECT FileObject
,
1669 IN ULONG FileOffset
,
1673 OUT PIO_STATUS_BLOCK IoStatus
1680 IN PFILE_OBJECT FileObject
,
1681 IN ULONG FileOffset
,
1690 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
1691 IN PLARGE_INTEGER FileOffset OPTIONAL
,
1693 OUT PIO_STATUS_BLOCK IoStatus OPTIONAL
1696 typedef VOID (*PDIRTY_PAGE_ROUTINE
) (
1697 IN PFILE_OBJECT FileObject
,
1698 IN PLARGE_INTEGER FileOffset
,
1700 IN PLARGE_INTEGER OldestLsn
,
1701 IN PLARGE_INTEGER NewestLsn
,
1711 IN PDIRTY_PAGE_ROUTINE DirtyPageRoutine
,
1719 CcGetFileObjectFromBcb (
1726 CcGetFileObjectFromSectionPtrs (
1727 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
1730 #define CcGetFileSizePointer(FO) ( \
1731 ((PLARGE_INTEGER)((FO)->SectionObjectPointer->SharedCacheMap) + 1) \
1734 #if (VER_PRODUCTBUILD >= 2195)
1739 CcGetFlushedValidData (
1740 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
1741 IN BOOLEAN BcbListHeld
1744 #endif /* (VER_PRODUCTBUILD >= 2195) */
1748 CcGetLsnForFileObject (
1749 IN PFILE_OBJECT FileObject
,
1750 OUT PLARGE_INTEGER OldestLsn OPTIONAL
1753 typedef BOOLEAN (NTAPI
*PACQUIRE_FOR_LAZY_WRITE
) (
1758 typedef VOID (NTAPI
*PRELEASE_FROM_LAZY_WRITE
) (
1762 typedef BOOLEAN (NTAPI
*PACQUIRE_FOR_READ_AHEAD
) (
1767 typedef VOID (NTAPI
*PRELEASE_FROM_READ_AHEAD
) (
1771 typedef struct _CACHE_MANAGER_CALLBACKS
{
1772 PACQUIRE_FOR_LAZY_WRITE AcquireForLazyWrite
;
1773 PRELEASE_FROM_LAZY_WRITE ReleaseFromLazyWrite
;
1774 PACQUIRE_FOR_READ_AHEAD AcquireForReadAhead
;
1775 PRELEASE_FROM_READ_AHEAD ReleaseFromReadAhead
;
1776 } CACHE_MANAGER_CALLBACKS
, *PCACHE_MANAGER_CALLBACKS
;
1781 CcInitializeCacheMap (
1782 IN PFILE_OBJECT FileObject
,
1783 IN PCC_FILE_SIZES FileSizes
,
1784 IN BOOLEAN PinAccess
,
1785 IN PCACHE_MANAGER_CALLBACKS Callbacks
,
1786 IN PVOID LazyWriteContext
1789 #define CcIsFileCached(FO) ( \
1790 ((FO)->SectionObjectPointer != NULL) && \
1791 (((PSECTION_OBJECT_POINTERS)(FO)->SectionObjectPointer)->SharedCacheMap != NULL) \
1797 CcIsThereDirtyData (
1805 IN PFILE_OBJECT FileObject
,
1806 IN PLARGE_INTEGER FileOffset
,
1817 IN PFILE_OBJECT FileObject
,
1818 IN PLARGE_INTEGER FileOffset
,
1821 OUT PIO_STATUS_BLOCK IoStatus
1828 IN PFILE_OBJECT FileObject
,
1835 CcMdlWriteComplete (
1836 IN PFILE_OBJECT FileObject
,
1837 IN PLARGE_INTEGER FileOffset
,
1845 IN PFILE_OBJECT FileObject
,
1846 IN PLARGE_INTEGER FileOffset
,
1848 #if (VER_PRODUCTBUILD >= 2195)
1860 IN PFILE_OBJECT FileObject
,
1861 IN PLARGE_INTEGER FileOffset
,
1863 #if (VER_PRODUCTBUILD >= 2195)
1876 IN PFILE_OBJECT FileObject
,
1877 IN PLARGE_INTEGER FileOffset
,
1880 OUT PIO_STATUS_BLOCK IoStatus
1887 IN PFILE_OBJECT FileObject
,
1888 IN PLARGE_INTEGER FileOffset
,
1891 #if (VER_PRODUCTBUILD >= 2195)
1903 CcPurgeCacheSection (
1904 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
1905 IN PLARGE_INTEGER FileOffset OPTIONAL
,
1907 IN BOOLEAN UninitializeCacheMaps
1910 #define CcReadAhead(FO, FOFF, LEN) ( \
1911 if ((LEN) >= 256) { \
1912 CcScheduleReadAhead((FO), (FOFF), (LEN)); \
1916 #if (VER_PRODUCTBUILD >= 2195)
1925 #endif /* (VER_PRODUCTBUILD >= 2195) */
1937 CcScheduleReadAhead (
1938 IN PFILE_OBJECT FileObject
,
1939 IN PLARGE_INTEGER FileOffset
,
1946 CcSetAdditionalCacheAttributes (
1947 IN PFILE_OBJECT FileObject
,
1948 IN BOOLEAN DisableReadAhead
,
1949 IN BOOLEAN DisableWriteBehind
1955 CcSetBcbOwnerPointer (
1957 IN PVOID OwnerPointer
1963 CcSetDirtyPageThreshold (
1964 IN PFILE_OBJECT FileObject
,
1965 IN ULONG DirtyPageThreshold
1971 CcSetDirtyPinnedData (
1973 IN PLARGE_INTEGER Lsn OPTIONAL
1980 IN PFILE_OBJECT FileObject
,
1981 IN PCC_FILE_SIZES FileSizes
1984 typedef VOID (NTAPI
*PFLUSH_TO_LSN
) (
1986 IN PLARGE_INTEGER Lsn
1992 CcSetLogHandleForFile (
1993 IN PFILE_OBJECT FileObject
,
1995 IN PFLUSH_TO_LSN FlushToLsnRoutine
2001 CcSetReadAheadGranularity (
2002 IN PFILE_OBJECT FileObject
,
2003 IN ULONG Granularity
/* default: PAGE_SIZE */
2004 /* allowed: 2^n * PAGE_SIZE */
2010 CcUninitializeCacheMap (
2011 IN PFILE_OBJECT FileObject
,
2012 IN PLARGE_INTEGER TruncateSize OPTIONAL
,
2013 IN PCACHE_UNINITIALIZE_EVENT UninitializeCompleteEvent OPTIONAL
2026 CcUnpinDataForThread (
2028 IN ERESOURCE_THREAD ResourceThreadId
2034 CcUnpinRepinnedBcb (
2036 IN BOOLEAN WriteThrough
,
2037 OUT PIO_STATUS_BLOCK IoStatus
2040 #if (VER_PRODUCTBUILD >= 2195)
2045 CcWaitForCurrentLazyWriterActivity (
2049 #endif /* (VER_PRODUCTBUILD >= 2195) */
2055 IN PFILE_OBJECT FileObject
,
2056 IN PLARGE_INTEGER StartOffset
,
2057 IN PLARGE_INTEGER EndOffset
,
2064 ExDisableResourceBoostLite (
2065 IN PERESOURCE Resource
2071 ExQueryPoolBlockSize (
2073 OUT PBOOLEAN QuotaCharged
2076 #define FlagOn(x, f) ((x) & (f))
2081 FsRtlAddToTunnelCache (
2083 IN ULONGLONG DirectoryKey
,
2084 IN PUNICODE_STRING ShortName
,
2085 IN PUNICODE_STRING LongName
,
2086 IN BOOLEAN KeyByShortName
,
2087 IN ULONG DataLength
,
2091 #if (VER_PRODUCTBUILD >= 2195)
2095 FsRtlAllocateFileLock (
2096 IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL
,
2097 IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL
2100 #endif /* (VER_PRODUCTBUILD >= 2195) */
2106 IN POOL_TYPE PoolType
,
2107 IN ULONG NumberOfBytes
2113 FsRtlAllocatePoolWithQuota (
2114 IN POOL_TYPE PoolType
,
2115 IN ULONG NumberOfBytes
2121 FsRtlAllocatePoolWithQuotaTag (
2122 IN POOL_TYPE PoolType
,
2123 IN ULONG NumberOfBytes
,
2130 FsRtlAllocatePoolWithTag (
2131 IN POOL_TYPE PoolType
,
2132 IN ULONG NumberOfBytes
,
2139 FsRtlAreNamesEqual (
2140 IN PUNICODE_STRING Name1
,
2141 IN PUNICODE_STRING Name2
,
2142 IN BOOLEAN IgnoreCase
,
2143 IN PWCHAR UpcaseTable OPTIONAL
2146 #define FsRtlAreThereCurrentFileLocks(FL) ( \
2147 ((FL)->FastIoIsQuestionable) \
2151 FsRtlCheckLockForReadAccess:
2153 All this really does is pick out the lock parameters from the irp (io stack
2154 location?), get IoGetRequestorProcess, and pass values on to
2155 FsRtlFastCheckLockForRead.
2160 FsRtlCheckLockForReadAccess (
2161 IN PFILE_LOCK FileLock
,
2166 FsRtlCheckLockForWriteAccess:
2168 All this really does is pick out the lock parameters from the irp (io stack
2169 location?), get IoGetRequestorProcess, and pass values on to
2170 FsRtlFastCheckLockForWrite.
2175 FsRtlCheckLockForWriteAccess (
2176 IN PFILE_LOCK FileLock
,
2182 (*POPLOCK_WAIT_COMPLETE_ROUTINE
) (
2189 (*POPLOCK_FS_PREPOST_IRP
) (
2201 IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL
,
2202 IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL
2209 IN PFILE_OBJECT FileObject
,
2210 IN PLARGE_INTEGER FileOffset
,
2215 OUT PIO_STATUS_BLOCK IoStatus
,
2216 IN PDEVICE_OBJECT DeviceObject
2223 IN PFILE_OBJECT FileObject
,
2224 IN PLARGE_INTEGER FileOffset
,
2229 OUT PIO_STATUS_BLOCK IoStatus
,
2230 IN PDEVICE_OBJECT DeviceObject
2236 FsRtlCurrentBatchOplock (
2243 FsRtlDeleteKeyFromTunnelCache (
2245 IN ULONGLONG DirectoryKey
2251 FsRtlDeleteTunnelCache (
2258 FsRtlDeregisterUncProvider (
2266 IN ANSI_STRING Name
,
2267 OUT PANSI_STRING FirstPart
,
2268 OUT PANSI_STRING RemainingPart
2275 IN UNICODE_STRING Name
,
2276 OUT PUNICODE_STRING FirstPart
,
2277 OUT PUNICODE_STRING RemainingPart
2283 FsRtlDoesDbcsContainWildCards (
2284 IN PANSI_STRING Name
2290 FsRtlDoesNameContainWildCards (
2291 IN PUNICODE_STRING Name
2294 #define FsRtlEnterFileSystem KeEnterCriticalRegion
2296 #define FsRtlExitFileSystem KeLeaveCriticalRegion
2301 FsRtlFastCheckLockForRead (
2302 IN PFILE_LOCK FileLock
,
2303 IN PLARGE_INTEGER FileOffset
,
2304 IN PLARGE_INTEGER Length
,
2306 IN PFILE_OBJECT FileObject
,
2307 IN PEPROCESS Process
2313 FsRtlFastCheckLockForWrite (
2314 IN PFILE_LOCK FileLock
,
2315 IN PLARGE_INTEGER FileOffset
,
2316 IN PLARGE_INTEGER Length
,
2318 IN PFILE_OBJECT FileObject
,
2319 IN PEPROCESS Process
2322 #define FsRtlFastLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, A10, A11) ( \
2323 FsRtlPrivateLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, NULL, A10, A11) \
2329 FsRtlFastUnlockAll (
2330 IN PFILE_LOCK FileLock
,
2331 IN PFILE_OBJECT FileObject
,
2332 IN PEPROCESS Process
,
2333 IN PVOID Context OPTIONAL
2335 /* ret: STATUS_RANGE_NOT_LOCKED */
2340 FsRtlFastUnlockAllByKey (
2341 IN PFILE_LOCK FileLock
,
2342 IN PFILE_OBJECT FileObject
,
2343 IN PEPROCESS Process
,
2345 IN PVOID Context OPTIONAL
2347 /* ret: STATUS_RANGE_NOT_LOCKED */
2352 FsRtlFastUnlockSingle (
2353 IN PFILE_LOCK FileLock
,
2354 IN PFILE_OBJECT FileObject
,
2355 IN PLARGE_INTEGER FileOffset
,
2356 IN PLARGE_INTEGER Length
,
2357 IN PEPROCESS Process
,
2359 IN PVOID Context OPTIONAL
,
2360 IN BOOLEAN AlreadySynchronized
2362 /* ret: STATUS_RANGE_NOT_LOCKED */
2367 FsRtlFindInTunnelCache (
2369 IN ULONGLONG DirectoryKey
,
2370 IN PUNICODE_STRING Name
,
2371 OUT PUNICODE_STRING ShortName
,
2372 OUT PUNICODE_STRING LongName
,
2373 IN OUT PULONG DataLength
,
2377 #if (VER_PRODUCTBUILD >= 2195)
2383 IN PFILE_LOCK FileLock
2386 #endif /* (VER_PRODUCTBUILD >= 2195) */
2392 IN PFILE_OBJECT FileObject
,
2393 IN OUT PLARGE_INTEGER FileSize
2397 FsRtlGetNextFileLock:
2399 ret: NULL if no more locks
2402 FsRtlGetNextFileLock uses FileLock->LastReturnedLockInfo and
2403 FileLock->LastReturnedLock as storage.
2404 LastReturnedLock is a pointer to the 'raw' lock inkl. double linked
2405 list, and FsRtlGetNextFileLock needs this to get next lock on subsequent
2406 calls with Restart = FALSE.
2411 FsRtlGetNextFileLock (
2412 IN PFILE_LOCK FileLock
,
2419 FsRtlInitializeFileLock (
2420 IN PFILE_LOCK FileLock
,
2421 IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL
,
2422 IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL
2428 FsRtlInitializeOplock (
2429 IN OUT POPLOCK Oplock
2435 FsRtlInitializeTunnelCache (
2442 FsRtlIsNameInExpression (
2443 IN PUNICODE_STRING Expression
,
2444 IN PUNICODE_STRING Name
,
2445 IN BOOLEAN IgnoreCase
,
2446 IN PWCHAR UpcaseTable OPTIONAL
2452 FsRtlIsNtstatusExpected (
2453 IN NTSTATUS Ntstatus
2456 #define FsRtlIsUnicodeCharacterWild(C) ( \
2459 FlagOn((*FsRtlLegalAnsiCharacterArray)[(C)], FSRTL_WILD_CHARACTER )) \
2465 FsRtlMdlReadComplete (
2466 IN PFILE_OBJECT FileObject
,
2473 FsRtlMdlReadCompleteDev (
2474 IN PFILE_OBJECT FileObject
,
2476 IN PDEVICE_OBJECT DeviceObject
2482 FsRtlMdlWriteComplete (
2483 IN PFILE_OBJECT FileObject
,
2484 IN PLARGE_INTEGER FileOffset
,
2491 FsRtlMdlWriteCompleteDev (
2492 IN PFILE_OBJECT FileObject
,
2493 IN PLARGE_INTEGER FileOffset
,
2495 IN PDEVICE_OBJECT DeviceObject
2501 FsRtlNormalizeNtstatus (
2502 IN NTSTATUS Exception
,
2503 IN NTSTATUS GenericException
2509 FsRtlNotifyChangeDirectory (
2510 IN PNOTIFY_SYNC NotifySync
,
2512 IN PSTRING FullDirectoryName
,
2513 IN PLIST_ENTRY NotifyList
,
2514 IN BOOLEAN WatchTree
,
2515 IN ULONG CompletionFilter
,
2522 FsRtlNotifyCleanup (
2523 IN PNOTIFY_SYNC NotifySync
,
2524 IN PLIST_ENTRY NotifyList
,
2528 typedef BOOLEAN (*PCHECK_FOR_TRAVERSE_ACCESS
) (
2529 IN PVOID NotifyContext
,
2530 IN PVOID TargetContext
,
2531 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
2537 FsRtlNotifyFullChangeDirectory (
2538 IN PNOTIFY_SYNC NotifySync
,
2539 IN PLIST_ENTRY NotifyList
,
2541 IN PSTRING FullDirectoryName
,
2542 IN BOOLEAN WatchTree
,
2543 IN BOOLEAN IgnoreBuffer
,
2544 IN ULONG CompletionFilter
,
2546 IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL
,
2547 IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL
2553 FsRtlNotifyFullReportChange (
2554 IN PNOTIFY_SYNC NotifySync
,
2555 IN PLIST_ENTRY NotifyList
,
2556 IN PSTRING FullTargetName
,
2557 IN USHORT TargetNameOffset
,
2558 IN PSTRING StreamName OPTIONAL
,
2559 IN PSTRING NormalizedParentName OPTIONAL
,
2560 IN ULONG FilterMatch
,
2562 IN PVOID TargetContext
2568 FsRtlNotifyInitializeSync (
2569 IN PNOTIFY_SYNC NotifySync
2575 FsRtlNotifyReportChange (
2576 IN PNOTIFY_SYNC NotifySync
,
2577 IN PLIST_ENTRY NotifyList
,
2578 IN PSTRING FullTargetName
,
2579 IN PUSHORT FileNamePartLength
,
2580 IN ULONG FilterMatch
2586 FsRtlNotifyUninitializeSync (
2587 IN PNOTIFY_SYNC NotifySync
2590 #if (VER_PRODUCTBUILD >= 2195)
2595 FsRtlNotifyVolumeEvent (
2596 IN PFILE_OBJECT FileObject
,
2600 #endif /* (VER_PRODUCTBUILD >= 2195) */
2614 FsRtlOplockIsFastIoPossible (
2621 ret: IoStatus->Status: STATUS_PENDING, STATUS_LOCK_NOT_GRANTED
2624 -Calls IoCompleteRequest if Irp
2625 -Uses exception handling / ExRaiseStatus with STATUS_INSUFFICIENT_RESOURCES
2631 IN PFILE_LOCK FileLock
,
2632 IN PFILE_OBJECT FileObject
,
2633 IN PLARGE_INTEGER FileOffset
,
2634 IN PLARGE_INTEGER Length
,
2635 IN PEPROCESS Process
,
2637 IN BOOLEAN FailImmediately
,
2638 IN BOOLEAN ExclusiveLock
,
2639 OUT PIO_STATUS_BLOCK IoStatus
,
2640 IN PIRP Irp OPTIONAL
,
2642 IN BOOLEAN AlreadySynchronized
2646 FsRtlProcessFileLock:
2649 -STATUS_INVALID_DEVICE_REQUEST
2650 -STATUS_RANGE_NOT_LOCKED from unlock routines.
2651 -STATUS_PENDING, STATUS_LOCK_NOT_GRANTED from FsRtlPrivateLock
2652 (redirected IoStatus->Status).
2655 -switch ( Irp->CurrentStackLocation->MinorFunction )
2656 lock: return FsRtlPrivateLock;
2657 unlocksingle: return FsRtlFastUnlockSingle;
2658 unlockall: return FsRtlFastUnlockAll;
2659 unlockallbykey: return FsRtlFastUnlockAllByKey;
2660 default: IofCompleteRequest with STATUS_INVALID_DEVICE_REQUEST;
2661 return STATUS_INVALID_DEVICE_REQUEST;
2663 -'AllwaysZero' is passed thru as 'AllwaysZero' to lock / unlock routines.
2664 -'Irp' is passet thru as 'Irp' to FsRtlPrivateLock.
2669 FsRtlProcessFileLock (
2670 IN PFILE_LOCK FileLock
,
2672 IN PVOID Context OPTIONAL
2678 FsRtlRegisterUncProvider (
2679 IN OUT PHANDLE MupHandle
,
2680 IN PUNICODE_STRING RedirectorDeviceName
,
2681 IN BOOLEAN MailslotsSupported
2687 FsRtlUninitializeFileLock (
2688 IN PFILE_LOCK FileLock
2694 FsRtlUninitializeOplock (
2695 IN OUT POPLOCK Oplock
2708 HalQueryRealTimeClock (
2709 IN OUT PTIME_FIELDS TimeFields
2715 HalSetRealTimeClock (
2716 IN PTIME_FIELDS TimeFields
2719 #define InitializeMessageHeader(m, l, t) { \
2720 (m)->Length = (USHORT)(l); \
2721 (m)->DataLength = (USHORT)(l - sizeof( LPC_MESSAGE )); \
2722 (m)->MessageType = (USHORT)(t); \
2723 (m)->DataInfoOffset = 0; \
2729 IoAcquireVpbSpinLock (
2736 IoCheckDesiredAccess (
2737 IN OUT PACCESS_MASK DesiredAccess
,
2738 IN ACCESS_MASK GrantedAccess
2744 IoCheckEaBufferValidity (
2745 IN PFILE_FULL_EA_INFORMATION EaBuffer
,
2747 OUT PULONG ErrorOffset
2753 IoCheckFunctionAccess (
2754 IN ACCESS_MASK GrantedAccess
,
2755 IN UCHAR MajorFunction
,
2756 IN UCHAR MinorFunction
,
2757 IN ULONG IoControlCode
,
2758 IN PFILE_INFORMATION_CLASS FileInformationClass OPTIONAL
,
2759 IN PFS_INFORMATION_CLASS FsInformationClass OPTIONAL
2762 #if (VER_PRODUCTBUILD >= 2195)
2767 IoCheckQuotaBufferValidity (
2768 IN PFILE_QUOTA_INFORMATION QuotaBuffer
,
2769 IN ULONG QuotaLength
,
2770 OUT PULONG ErrorOffset
2773 #endif /* (VER_PRODUCTBUILD >= 2195) */
2778 IoCreateStreamFileObject (
2779 IN PFILE_OBJECT FileObject OPTIONAL
,
2780 IN PDEVICE_OBJECT DeviceObject OPTIONAL
2783 #if (VER_PRODUCTBUILD >= 2195)
2788 IoCreateStreamFileObjectLite (
2789 IN PFILE_OBJECT FileObject OPTIONAL
,
2790 IN PDEVICE_OBJECT DeviceObject OPTIONAL
2793 #endif /* (VER_PRODUCTBUILD >= 2195) */
2798 IoFastQueryNetworkAttributes (
2799 IN POBJECT_ATTRIBUTES ObjectAttributes
,
2800 IN ACCESS_MASK DesiredAccess
,
2801 IN ULONG OpenOptions
,
2802 OUT PIO_STATUS_BLOCK IoStatus
,
2803 OUT PFILE_NETWORK_OPEN_INFORMATION Buffer
2809 IoGetAttachedDevice (
2810 IN PDEVICE_OBJECT DeviceObject
2816 IoGetBaseFileSystemDeviceObject (
2817 IN PFILE_OBJECT FileObject
2823 IoGetRequestorProcess (
2827 #if (VER_PRODUCTBUILD >= 2195)
2832 IoGetRequestorProcessId (
2836 #endif /* (VER_PRODUCTBUILD >= 2195) */
2845 #define IoIsFileOpenedExclusively(FileObject) ( \
2847 (FileObject)->SharedRead || \
2848 (FileObject)->SharedWrite || \
2849 (FileObject)->SharedDelete \
2856 IoIsOperationSynchronous (
2867 #if (VER_PRODUCTBUILD >= 2195)
2872 IoIsValidNameGraftingBuffer (
2874 IN PREPARSE_DATA_BUFFER ReparseBuffer
2877 #endif /* (VER_PRODUCTBUILD >= 2195) */
2883 IN PFILE_OBJECT FileObject
,
2885 IN PLARGE_INTEGER Offset
,
2887 OUT PIO_STATUS_BLOCK IoStatusBlock
2893 IoQueryFileInformation (
2894 IN PFILE_OBJECT FileObject
,
2895 IN FILE_INFORMATION_CLASS FileInformationClass
,
2897 OUT PVOID FileInformation
,
2898 OUT PULONG ReturnedLength
2904 IoQueryVolumeInformation (
2905 IN PFILE_OBJECT FileObject
,
2906 IN FS_INFORMATION_CLASS FsInformationClass
,
2908 OUT PVOID FsInformation
,
2909 OUT PULONG ReturnedLength
2915 IoRegisterFileSystem (
2916 IN OUT PDEVICE_OBJECT DeviceObject
2919 #if (VER_PRODUCTBUILD >= 1381)
2921 typedef VOID (NTAPI
*PDRIVER_FS_NOTIFICATION
) (
2922 IN PDEVICE_OBJECT DeviceObject
,
2923 IN BOOLEAN DriverActive
2929 IoRegisterFsRegistrationChange (
2930 IN PDRIVER_OBJECT DriverObject
,
2931 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
2934 #endif /* (VER_PRODUCTBUILD >= 1381) */
2939 IoReleaseVpbSpinLock (
2946 IoSetDeviceToVerify (
2948 IN PDEVICE_OBJECT DeviceObject
2955 IN PFILE_OBJECT FileObject
,
2956 IN FILE_INFORMATION_CLASS FileInformationClass
,
2958 IN PVOID FileInformation
2971 IoSynchronousPageWrite (
2972 IN PFILE_OBJECT FileObject
,
2974 IN PLARGE_INTEGER FileOffset
,
2976 OUT PIO_STATUS_BLOCK IoStatusBlock
2989 IoUnregisterFileSystem (
2990 IN OUT PDEVICE_OBJECT DeviceObject
2993 #if (VER_PRODUCTBUILD >= 1381)
2998 IoUnregisterFsRegistrationChange (
2999 IN PDRIVER_OBJECT DriverObject
,
3000 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
3003 #endif /* (VER_PRODUCTBUILD >= 1381) */
3009 IN PDEVICE_OBJECT DeviceObject
,
3010 IN BOOLEAN AllowRawMount
3017 IN PEPROCESS Process
3032 IN ULONG Count OPTIONAL
3040 IN PLIST_ENTRY Entry
3048 IN PLIST_ENTRY Entry
3056 IN PVOID SystemArgument1
,
3057 IN PVOID SystemArgument2
,
3058 IN KPRIORITY PriorityBoost
3073 IN KPROCESSOR_MODE WaitMode
,
3074 IN PLARGE_INTEGER Timeout OPTIONAL
3084 #if (VER_PRODUCTBUILD >= 2195)
3089 KeStackAttachProcess (
3090 IN PKPROCESS Process
,
3091 OUT PKAPC_STATE ApcState
3097 KeUnstackDetachProcess (
3098 IN PKAPC_STATE ApcState
3101 #endif /* (VER_PRODUCTBUILD >= 2195) */
3106 MmCanFileBeTruncated (
3107 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
3108 IN PLARGE_INTEGER NewFileSize
3114 MmFlushImageSection (
3115 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
3116 IN MMFLUSH_TYPE FlushType
3122 MmForceSectionClosed (
3123 IN PSECTION_OBJECT_POINTERS SectionObjectPointer
,
3124 IN BOOLEAN DelayClose
3127 #if (VER_PRODUCTBUILD >= 1381)
3132 MmIsRecursiveIoFault (
3138 #define MmIsRecursiveIoFault() ( \
3139 (PsGetCurrentThread()->DisablePageFaultClustering) | \
3140 (PsGetCurrentThread()->ForwardClusterOnly) \
3148 MmMapViewOfSection (
3149 IN PVOID SectionObject
,
3150 IN PEPROCESS Process
,
3151 IN OUT PVOID
*BaseAddress
,
3153 IN ULONG CommitSize
,
3154 IN OUT PLARGE_INTEGER SectionOffset OPTIONAL
,
3155 IN OUT PULONG ViewSize
,
3156 IN SECTION_INHERIT InheritDisposition
,
3157 IN ULONG AllocationType
,
3164 MmSetAddressRangeModified (
3173 IN KPROCESSOR_MODE ObjectAttributesAccessMode OPTIONAL
,
3174 IN POBJECT_TYPE ObjectType
,
3175 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
3176 IN KPROCESSOR_MODE AccessMode
,
3177 IN OUT PVOID ParseContext OPTIONAL
,
3178 IN ULONG ObjectSize
,
3179 IN ULONG PagedPoolCharge OPTIONAL
,
3180 IN ULONG NonPagedPoolCharge OPTIONAL
,
3187 ObGetObjectPointerCount (
3196 IN PACCESS_STATE PassedAccessState OPTIONAL
,
3197 IN ACCESS_MASK DesiredAccess
,
3198 IN ULONG AdditionalReferences
,
3199 OUT PVOID
*ReferencedObject OPTIONAL
,
3206 ObMakeTemporaryObject (
3213 ObOpenObjectByPointer (
3215 IN ULONG HandleAttributes
,
3216 IN PACCESS_STATE PassedAccessState OPTIONAL
,
3217 IN ACCESS_MASK DesiredAccess OPTIONAL
,
3218 IN POBJECT_TYPE ObjectType OPTIONAL
,
3219 IN KPROCESSOR_MODE AccessMode
,
3228 OUT POBJECT_NAME_INFORMATION ObjectNameInfo
,
3230 OUT PULONG ReturnLength
3236 ObQueryObjectAuditingByHandle (
3238 OUT PBOOLEAN GenerateOnClose
3244 ObReferenceObjectByName (
3245 IN PUNICODE_STRING ObjectName
,
3246 IN ULONG Attributes
,
3247 IN PACCESS_STATE PassedAccessState OPTIONAL
,
3248 IN ACCESS_MASK DesiredAccess OPTIONAL
,
3249 IN POBJECT_TYPE ObjectType
,
3250 IN KPROCESSOR_MODE AccessMode
,
3251 IN OUT PVOID ParseContext OPTIONAL
,
3259 IN PEPROCESS Process
,
3260 IN POOL_TYPE PoolType
,
3264 #define PsDereferenceImpersonationToken(T) \
3265 {if (ARGUMENT_PRESENT(T)) { \
3266 (ObDereferenceObject((T))); \
3272 #define PsDereferencePrimaryToken(T) (ObDereferenceObject((T)))
3277 PsGetProcessExitTime (
3284 PsIsThreadTerminating (
3291 PsLookupProcessByProcessId (
3292 IN HANDLE ProcessId
,
3293 OUT PEPROCESS
*Process
3299 PsLookupProcessThreadByCid (
3301 OUT PEPROCESS
*Process OPTIONAL
,
3302 OUT PETHREAD
*Thread
3308 PsLookupThreadByThreadId (
3309 IN HANDLE UniqueThreadId
,
3310 OUT PETHREAD
*Thread
3316 PsReferenceImpersonationToken (
3318 OUT PBOOLEAN CopyOnUse
,
3319 OUT PBOOLEAN EffectiveOnly
,
3320 OUT PSECURITY_IMPERSONATION_LEVEL Level
3326 PsReferencePrimaryToken (
3327 IN PEPROCESS Process
3334 IN PEPROCESS Process
,
3335 IN POOL_TYPE PoolType
,
3349 RtlAbsoluteToSelfRelativeSD (
3350 IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor
,
3351 IN OUT PSECURITY_DESCRIPTOR_RELATIVE SelfRelativeSecurityDescriptor
,
3352 IN PULONG BufferLength
3359 IN HANDLE HeapHandle
,
3368 IN USHORT CompressionFormatAndEngine
,
3369 IN PUCHAR UncompressedBuffer
,
3370 IN ULONG UncompressedBufferSize
,
3371 OUT PUCHAR CompressedBuffer
,
3372 IN ULONG CompressedBufferSize
,
3373 IN ULONG UncompressedChunkSize
,
3374 OUT PULONG FinalCompressedSize
,
3382 IN PUCHAR UncompressedBuffer
,
3383 IN ULONG UncompressedBufferSize
,
3384 OUT PUCHAR CompressedBuffer
,
3385 IN ULONG CompressedBufferSize
,
3386 IN OUT PCOMPRESSED_DATA_INFO CompressedDataInfo
,
3387 IN ULONG CompressedDataInfoLength
,
3394 RtlConvertSidToUnicodeString (
3395 OUT PUNICODE_STRING DestinationString
,
3397 IN BOOLEAN AllocateDestinationString
3405 IN PSID Destination
,
3412 RtlDecompressBuffer (
3413 IN USHORT CompressionFormat
,
3414 OUT PUCHAR UncompressedBuffer
,
3415 IN ULONG UncompressedBufferSize
,
3416 IN PUCHAR CompressedBuffer
,
3417 IN ULONG CompressedBufferSize
,
3418 OUT PULONG FinalUncompressedSize
3424 RtlDecompressChunks (
3425 OUT PUCHAR UncompressedBuffer
,
3426 IN ULONG UncompressedBufferSize
,
3427 IN PUCHAR CompressedBuffer
,
3428 IN ULONG CompressedBufferSize
,
3429 IN PUCHAR CompressedTail
,
3430 IN ULONG CompressedTailSize
,
3431 IN PCOMPRESSED_DATA_INFO CompressedDataInfo
3437 RtlDecompressFragment (
3438 IN USHORT CompressionFormat
,
3439 OUT PUCHAR UncompressedFragment
,
3440 IN ULONG UncompressedFragmentSize
,
3441 IN PUCHAR CompressedBuffer
,
3442 IN ULONG CompressedBufferSize
,
3443 IN ULONG FragmentOffset
,
3444 OUT PULONG FinalUncompressedSize
,
3452 IN USHORT CompressionFormat
,
3453 IN OUT PUCHAR
*CompressedBuffer
,
3454 IN PUCHAR EndOfCompressedBufferPlus1
,
3455 OUT PUCHAR
*ChunkBuffer
,
3456 OUT PULONG ChunkSize
3470 RtlFillMemoryUlong (
3471 IN PVOID Destination
,
3480 IN HANDLE HeapHandle
,
3488 RtlGenerate8dot3Name (
3489 IN PUNICODE_STRING Name
,
3490 IN BOOLEAN AllowExtendedCharacters
,
3491 IN OUT PGENERATE_NAME_CONTEXT Context
,
3492 OUT PUNICODE_STRING Name8dot3
3498 RtlGetCompressionWorkSpaceSize (
3499 IN USHORT CompressionFormatAndEngine
,
3500 OUT PULONG CompressBufferWorkSpaceSize
,
3501 OUT PULONG CompressFragmentWorkSpaceSize
3507 RtlGetDaclSecurityDescriptor (
3508 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
3509 OUT PBOOLEAN DaclPresent
,
3511 OUT PBOOLEAN DaclDefaulted
3517 RtlGetGroupSecurityDescriptor (
3518 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
3520 OUT PBOOLEAN GroupDefaulted
3526 RtlGetOwnerSecurityDescriptor (
3527 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
3529 OUT PBOOLEAN OwnerDefaulted
3537 IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority
,
3538 IN UCHAR SubAuthorityCount
3544 RtlIsNameLegalDOS8Dot3 (
3545 IN PUNICODE_STRING UnicodeName
,
3546 IN PANSI_STRING AnsiName
,
3553 RtlLengthRequiredSid (
3554 IN UCHAR SubAuthorityCount
3567 RtlNtStatusToDosError (
3575 IN USHORT CompressionFormat
,
3576 IN OUT PUCHAR
*CompressedBuffer
,
3577 IN PUCHAR EndOfCompressedBufferPlus1
,
3578 OUT PUCHAR
*ChunkBuffer
,
3585 RtlSecondsSince1970ToTime (
3586 IN ULONG SecondsSince1970
,
3587 OUT PLARGE_INTEGER Time
3590 #if (VER_PRODUCTBUILD >= 2195)
3595 RtlSelfRelativeToAbsoluteSD (
3596 IN PSECURITY_DESCRIPTOR_RELATIVE SelfRelativeSD
,
3597 OUT PSECURITY_DESCRIPTOR AbsoluteSD
,
3598 IN PULONG AbsoluteSDSize
,
3604 IN PULONG OwnerSize
,
3605 IN PSID PrimaryGroup
,
3606 IN PULONG PrimaryGroupSize
3609 #endif /* (VER_PRODUCTBUILD >= 2195) */
3614 RtlSetGroupSecurityDescriptor (
3615 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
3617 IN BOOLEAN GroupDefaulted
3623 RtlSetOwnerSecurityDescriptor (
3624 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
3626 IN BOOLEAN OwnerDefaulted
3632 RtlSetSaclSecurityDescriptor (
3633 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
3634 IN BOOLEAN SaclPresent
,
3636 IN BOOLEAN SaclDefaulted
3642 RtlSubAuthorityCountSid (
3649 RtlSubAuthoritySid (
3651 IN ULONG SubAuthority
3664 SeAppendPrivileges (
3665 PACCESS_STATE AccessState
,
3666 PPRIVILEGE_SET Privileges
3672 SeAuditingFileEvents (
3673 IN BOOLEAN AccessGranted
,
3674 IN PSECURITY_DESCRIPTOR SecurityDescriptor
3680 SeAuditingFileOrGlobalEvents (
3681 IN BOOLEAN AccessGranted
,
3682 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
3683 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
3689 SeCaptureSubjectContext (
3690 OUT PSECURITY_SUBJECT_CONTEXT SubjectContext
3696 SeCreateAccessState (
3697 OUT PACCESS_STATE AccessState
,
3699 IN ACCESS_MASK AccessMask
,
3700 IN PGENERIC_MAPPING Mapping
3706 SeCreateClientSecurity (
3708 IN PSECURITY_QUALITY_OF_SERVICE QualityOfService
,
3709 IN BOOLEAN RemoteClient
,
3710 OUT PSECURITY_CLIENT_CONTEXT ClientContext
3713 #if (VER_PRODUCTBUILD >= 2195)
3718 SeCreateClientSecurityFromSubjectContext (
3719 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
,
3720 IN PSECURITY_QUALITY_OF_SERVICE QualityOfService
,
3721 IN BOOLEAN ServerIsRemote
,
3722 OUT PSECURITY_CLIENT_CONTEXT ClientContext
3725 #endif /* (VER_PRODUCTBUILD >= 2195) */
3727 #define SeDeleteClientSecurity(C) { \
3728 if (SeTokenType((C)->ClientToken) == TokenPrimary) { \
3729 PsDereferencePrimaryToken( (C)->ClientToken ); \
3731 PsDereferenceImpersonationToken( (C)->ClientToken ); \
3738 SeDeleteObjectAuditAlarm (
3743 #define SeEnableAccessToExports() SeExports = *(PSE_EXPORTS *)SeExports;
3749 IN PPRIVILEGE_SET Privileges
3755 SeImpersonateClient (
3756 IN PSECURITY_CLIENT_CONTEXT ClientContext
,
3757 IN PETHREAD ServerThread OPTIONAL
3760 #if (VER_PRODUCTBUILD >= 2195)
3765 SeImpersonateClientEx (
3766 IN PSECURITY_CLIENT_CONTEXT ClientContext
,
3767 IN PETHREAD ServerThread OPTIONAL
3770 #endif /* (VER_PRODUCTBUILD >= 2195) */
3775 SeLockSubjectContext (
3776 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
3782 SeMarkLogonSessionForTerminationNotification (
3789 SeOpenObjectAuditAlarm (
3790 IN PUNICODE_STRING ObjectTypeName
,
3791 IN PVOID Object OPTIONAL
,
3792 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL
,
3793 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
3794 IN PACCESS_STATE AccessState
,
3795 IN BOOLEAN ObjectCreated
,
3796 IN BOOLEAN AccessGranted
,
3797 IN KPROCESSOR_MODE AccessMode
,
3798 OUT PBOOLEAN GenerateOnClose
3804 SeOpenObjectForDeleteAuditAlarm (
3805 IN PUNICODE_STRING ObjectTypeName
,
3806 IN PVOID Object OPTIONAL
,
3807 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL
,
3808 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
3809 IN PACCESS_STATE AccessState
,
3810 IN BOOLEAN ObjectCreated
,
3811 IN BOOLEAN AccessGranted
,
3812 IN KPROCESSOR_MODE AccessMode
,
3813 OUT PBOOLEAN GenerateOnClose
3820 IN OUT PPRIVILEGE_SET RequiredPrivileges
,
3821 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
,
3822 IN KPROCESSOR_MODE AccessMode
3828 SeQueryAuthenticationIdToken (
3829 IN PACCESS_TOKEN Token
,
3833 #if (VER_PRODUCTBUILD >= 2195)
3838 SeQueryInformationToken (
3839 IN PACCESS_TOKEN Token
,
3840 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
3841 OUT PVOID
*TokenInformation
3844 #endif /* (VER_PRODUCTBUILD >= 2195) */
3849 SeQuerySecurityDescriptorInfo (
3850 IN PSECURITY_INFORMATION SecurityInformation
,
3851 OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
3852 IN OUT PULONG Length
,
3853 IN PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
3856 #if (VER_PRODUCTBUILD >= 2195)
3861 SeQuerySessionIdToken (
3862 IN PACCESS_TOKEN Token
,
3866 #endif /* (VER_PRODUCTBUILD >= 2195) */
3868 #define SeQuerySubjectContextToken( SubjectContext ) \
3869 ( ARGUMENT_PRESENT( \
3870 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken \
3872 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken : \
3873 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->PrimaryToken )
3875 typedef NTSTATUS (*PSE_LOGON_SESSION_TERMINATED_ROUTINE
) (
3882 SeRegisterLogonSessionTerminatedRoutine (
3883 IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
3889 SeReleaseSubjectContext (
3890 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
3896 SeSetAccessStateGenericMapping (
3897 PACCESS_STATE AccessState
,
3898 PGENERIC_MAPPING GenericMapping
3904 SeSetSecurityDescriptorInfo (
3905 IN PVOID Object OPTIONAL
,
3906 IN PSECURITY_INFORMATION SecurityInformation
,
3907 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
3908 IN OUT PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
,
3909 IN POOL_TYPE PoolType
,
3910 IN PGENERIC_MAPPING GenericMapping
3913 #if (VER_PRODUCTBUILD >= 2195)
3918 SeSetSecurityDescriptorInfoEx (
3919 IN PVOID Object OPTIONAL
,
3920 IN PSECURITY_INFORMATION SecurityInformation
,
3921 IN PSECURITY_DESCRIPTOR ModificationDescriptor
,
3922 IN OUT PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
,
3923 IN ULONG AutoInheritFlags
,
3924 IN POOL_TYPE PoolType
,
3925 IN PGENERIC_MAPPING GenericMapping
3932 IN PACCESS_TOKEN Token
3938 SeTokenIsRestricted (
3939 IN PACCESS_TOKEN Token
3942 #endif /* (VER_PRODUCTBUILD >= 2195) */
3948 IN PACCESS_TOKEN Token
3954 SeUnlockSubjectContext (
3955 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
3960 SeUnregisterLogonSessionTerminatedRoutine (
3961 IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
3964 #if (VER_PRODUCTBUILD >= 2195)
3969 ZwAdjustPrivilegesToken (
3970 IN HANDLE TokenHandle
,
3971 IN BOOLEAN DisableAllPrivileges
,
3972 IN PTOKEN_PRIVILEGES NewState
,
3973 IN ULONG BufferLength
,
3974 OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL
,
3975 OUT PULONG ReturnLength
3978 #endif /* (VER_PRODUCTBUILD >= 2195) */
3984 IN HANDLE ThreadHandle
3990 ZwAllocateVirtualMemory (
3991 IN HANDLE ProcessHandle
,
3992 IN OUT PVOID
*BaseAddress
,
3994 IN OUT PULONG RegionSize
,
3995 IN ULONG AllocationType
,
4002 ZwAccessCheckAndAuditAlarm (
4003 IN PUNICODE_STRING SubsystemName
,
4005 IN PUNICODE_STRING ObjectTypeName
,
4006 IN PUNICODE_STRING ObjectName
,
4007 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
4008 IN ACCESS_MASK DesiredAccess
,
4009 IN PGENERIC_MAPPING GenericMapping
,
4010 IN BOOLEAN ObjectCreation
,
4011 OUT PACCESS_MASK GrantedAccess
,
4012 OUT PBOOLEAN AccessStatus
,
4013 OUT PBOOLEAN GenerateOnClose
4016 #if (VER_PRODUCTBUILD >= 2195)
4022 IN HANDLE FileHandle
,
4023 OUT PIO_STATUS_BLOCK IoStatusBlock
4026 #endif /* (VER_PRODUCTBUILD >= 2195) */
4032 IN HANDLE EventHandle
4038 ZwCloseObjectAuditAlarm (
4039 IN PUNICODE_STRING SubsystemName
,
4041 IN BOOLEAN GenerateOnClose
4048 OUT PHANDLE SectionHandle
,
4049 IN ACCESS_MASK DesiredAccess
,
4050 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
4051 IN PLARGE_INTEGER MaximumSize OPTIONAL
,
4052 IN ULONG SectionPageProtection
,
4053 IN ULONG AllocationAttributes
,
4054 IN HANDLE FileHandle OPTIONAL
4060 ZwCreateSymbolicLinkObject (
4061 OUT PHANDLE SymbolicLinkHandle
,
4062 IN ACCESS_MASK DesiredAccess
,
4063 IN POBJECT_ATTRIBUTES ObjectAttributes
,
4064 IN PUNICODE_STRING TargetName
4071 IN POBJECT_ATTRIBUTES ObjectAttributes
4079 IN PUNICODE_STRING Name
4085 ZwDeviceIoControlFile (
4086 IN HANDLE FileHandle
,
4087 IN HANDLE Event OPTIONAL
,
4088 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
4089 IN PVOID ApcContext OPTIONAL
,
4090 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4091 IN ULONG IoControlCode
,
4092 IN PVOID InputBuffer OPTIONAL
,
4093 IN ULONG InputBufferLength
,
4094 OUT PVOID OutputBuffer OPTIONAL
,
4095 IN ULONG OutputBufferLength
4102 IN PUNICODE_STRING String
4109 IN HANDLE SourceProcessHandle
,
4110 IN HANDLE SourceHandle
,
4111 IN HANDLE TargetProcessHandle OPTIONAL
,
4112 OUT PHANDLE TargetHandle OPTIONAL
,
4113 IN ACCESS_MASK DesiredAccess
,
4114 IN ULONG HandleAttributes
,
4122 IN HANDLE ExistingTokenHandle
,
4123 IN ACCESS_MASK DesiredAccess
,
4124 IN POBJECT_ATTRIBUTES ObjectAttributes
,
4125 IN BOOLEAN EffectiveOnly
,
4126 IN TOKEN_TYPE TokenType
,
4127 OUT PHANDLE NewTokenHandle
4133 ZwFlushInstructionCache (
4134 IN HANDLE ProcessHandle
,
4135 IN PVOID BaseAddress OPTIONAL
,
4139 #if (VER_PRODUCTBUILD >= 2195)
4144 ZwFlushVirtualMemory (
4145 IN HANDLE ProcessHandle
,
4146 IN OUT PVOID
*BaseAddress
,
4147 IN OUT PULONG FlushSize
,
4148 OUT PIO_STATUS_BLOCK IoStatusBlock
4151 #endif /* (VER_PRODUCTBUILD >= 2195) */
4156 ZwFreeVirtualMemory (
4157 IN HANDLE ProcessHandle
,
4158 IN OUT PVOID
*BaseAddress
,
4159 IN OUT PULONG RegionSize
,
4167 IN HANDLE FileHandle
,
4168 IN HANDLE Event OPTIONAL
,
4169 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
4170 IN PVOID ApcContext OPTIONAL
,
4171 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4172 IN ULONG FsControlCode
,
4173 IN PVOID InputBuffer OPTIONAL
,
4174 IN ULONG InputBufferLength
,
4175 OUT PVOID OutputBuffer OPTIONAL
,
4176 IN ULONG OutputBufferLength
4179 #if (VER_PRODUCTBUILD >= 2195)
4184 ZwInitiatePowerAction (
4185 IN POWER_ACTION SystemAction
,
4186 IN SYSTEM_POWER_STATE MinSystemState
,
4188 IN BOOLEAN Asynchronous
4191 #endif /* (VER_PRODUCTBUILD >= 2195) */
4197 /* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" */
4198 IN PUNICODE_STRING RegistryPath
4205 IN POBJECT_ATTRIBUTES KeyObjectAttributes
,
4206 IN POBJECT_ATTRIBUTES FileObjectAttributes
4213 IN HANDLE KeyHandle
,
4214 IN HANDLE EventHandle OPTIONAL
,
4215 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
4216 IN PVOID ApcContext OPTIONAL
,
4217 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4218 IN ULONG NotifyFilter
,
4219 IN BOOLEAN WatchSubtree
,
4221 IN ULONG BufferLength
,
4222 IN BOOLEAN Asynchronous
4228 ZwOpenDirectoryObject (
4229 OUT PHANDLE DirectoryHandle
,
4230 IN ACCESS_MASK DesiredAccess
,
4231 IN POBJECT_ATTRIBUTES ObjectAttributes
4238 OUT PHANDLE EventHandle
,
4239 IN ACCESS_MASK DesiredAccess
,
4240 IN POBJECT_ATTRIBUTES ObjectAttributes
4247 OUT PHANDLE ProcessHandle
,
4248 IN ACCESS_MASK DesiredAccess
,
4249 IN POBJECT_ATTRIBUTES ObjectAttributes
,
4250 IN PCLIENT_ID ClientId OPTIONAL
4256 ZwOpenProcessToken (
4257 IN HANDLE ProcessHandle
,
4258 IN ACCESS_MASK DesiredAccess
,
4259 OUT PHANDLE TokenHandle
4266 OUT PHANDLE ThreadHandle
,
4267 IN ACCESS_MASK DesiredAccess
,
4268 IN POBJECT_ATTRIBUTES ObjectAttributes
,
4269 IN PCLIENT_ID ClientId
4276 IN HANDLE ThreadHandle
,
4277 IN ACCESS_MASK DesiredAccess
,
4278 IN BOOLEAN OpenAsSelf
,
4279 OUT PHANDLE TokenHandle
4282 #if (VER_PRODUCTBUILD >= 2195)
4287 ZwPowerInformation (
4288 IN POWER_INFORMATION_LEVEL PowerInformationLevel
,
4289 IN PVOID InputBuffer OPTIONAL
,
4290 IN ULONG InputBufferLength
,
4291 OUT PVOID OutputBuffer OPTIONAL
,
4292 IN ULONG OutputBufferLength
4295 #endif /* (VER_PRODUCTBUILD >= 2195) */
4301 IN HANDLE EventHandle
,
4302 OUT PLONG PreviousState OPTIONAL
4308 ZwQueryDefaultLocale (
4309 IN BOOLEAN ThreadOrSystem
,
4316 ZwQueryDirectoryFile (
4317 IN HANDLE FileHandle
,
4318 IN HANDLE Event OPTIONAL
,
4319 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL
,
4320 IN PVOID ApcContext OPTIONAL
,
4321 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4322 OUT PVOID FileInformation
,
4324 IN FILE_INFORMATION_CLASS FileInformationClass
,
4325 IN BOOLEAN ReturnSingleEntry
,
4326 IN PUNICODE_STRING FileName OPTIONAL
,
4327 IN BOOLEAN RestartScan
4330 #if (VER_PRODUCTBUILD >= 2195)
4335 ZwQueryDirectoryObject (
4336 IN HANDLE DirectoryHandle
,
4339 IN BOOLEAN ReturnSingleEntry
,
4340 IN BOOLEAN RestartScan
,
4341 IN OUT PULONG Context
,
4342 OUT PULONG ReturnLength OPTIONAL
4349 IN HANDLE FileHandle
,
4350 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4353 IN BOOLEAN ReturnSingleEntry
,
4354 IN PVOID EaList OPTIONAL
,
4355 IN ULONG EaListLength
,
4356 IN PULONG EaIndex OPTIONAL
,
4357 IN BOOLEAN RestartScan
4360 #endif /* (VER_PRODUCTBUILD >= 2195) */
4365 ZwQueryInformationProcess (
4366 IN HANDLE ProcessHandle
,
4367 IN PROCESSINFOCLASS ProcessInformationClass
,
4368 OUT PVOID ProcessInformation
,
4369 IN ULONG ProcessInformationLength
,
4370 OUT PULONG ReturnLength OPTIONAL
4376 ZwQueryInformationToken (
4377 IN HANDLE TokenHandle
,
4378 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
4379 OUT PVOID TokenInformation
,
4381 OUT PULONG ResultLength
4388 IN HANDLE ObjectHandle
,
4389 IN OBJECT_INFORMATION_CLASS ObjectInformationClass
,
4390 OUT PVOID ObjectInformation
,
4392 OUT PULONG ResultLength
4399 IN HANDLE SectionHandle
,
4400 IN SECTION_INFORMATION_CLASS SectionInformationClass
,
4401 OUT PVOID SectionInformation
,
4402 IN ULONG SectionInformationLength
,
4403 OUT PULONG ResultLength OPTIONAL
4409 ZwQuerySecurityObject (
4410 IN HANDLE FileHandle
,
4411 IN SECURITY_INFORMATION SecurityInformation
,
4412 OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
4414 OUT PULONG ResultLength
4420 ZwQuerySystemInformation (
4421 IN SYSTEM_INFORMATION_CLASS SystemInformationClass
,
4422 OUT PVOID SystemInformation
,
4424 OUT PULONG ReturnLength
4430 ZwQueryVolumeInformationFile (
4431 IN HANDLE FileHandle
,
4432 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4433 OUT PVOID FsInformation
,
4435 IN FS_INFORMATION_CLASS FsInformationClass
4442 IN POBJECT_ATTRIBUTES NewFileObjectAttributes
,
4443 IN HANDLE KeyHandle
,
4444 IN POBJECT_ATTRIBUTES OldFileObjectAttributes
4451 IN HANDLE EventHandle
,
4452 OUT PLONG PreviousState OPTIONAL
4455 #if (VER_PRODUCTBUILD >= 2195)
4461 IN HANDLE KeyHandle
,
4462 IN HANDLE FileHandle
,
4466 #endif /* (VER_PRODUCTBUILD >= 2195) */
4472 IN HANDLE KeyHandle
,
4473 IN HANDLE FileHandle
4479 ZwSetDefaultLocale (
4480 IN BOOLEAN ThreadOrSystem
,
4484 #if (VER_PRODUCTBUILD >= 2195)
4489 ZwSetDefaultUILanguage (
4490 IN LANGID LanguageId
4497 IN HANDLE FileHandle
,
4498 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4503 #endif /* (VER_PRODUCTBUILD >= 2195) */
4509 IN HANDLE EventHandle
,
4510 OUT PLONG PreviousState OPTIONAL
4516 ZwSetInformationObject (
4517 IN HANDLE ObjectHandle
,
4518 IN OBJECT_INFORMATION_CLASS ObjectInformationClass
,
4519 IN PVOID ObjectInformation
,
4520 IN ULONG ObjectInformationLength
4526 ZwSetInformationProcess (
4527 IN HANDLE ProcessHandle
,
4528 IN PROCESSINFOCLASS ProcessInformationClass
,
4529 IN PVOID ProcessInformation
,
4530 IN ULONG ProcessInformationLength
4533 #if (VER_PRODUCTBUILD >= 2195)
4538 ZwSetSecurityObject (
4540 IN SECURITY_INFORMATION SecurityInformation
,
4541 IN PSECURITY_DESCRIPTOR SecurityDescriptor
4544 #endif /* (VER_PRODUCTBUILD >= 2195) */
4549 ZwSetSystemInformation (
4550 IN SYSTEM_INFORMATION_CLASS SystemInformationClass
,
4551 IN PVOID SystemInformation
,
4559 IN PLARGE_INTEGER NewTime
,
4560 OUT PLARGE_INTEGER OldTime OPTIONAL
4563 #if (VER_PRODUCTBUILD >= 2195)
4568 ZwSetVolumeInformationFile (
4569 IN HANDLE FileHandle
,
4570 OUT PIO_STATUS_BLOCK IoStatusBlock
,
4571 IN PVOID FsInformation
,
4573 IN FS_INFORMATION_CLASS FsInformationClass
4576 #endif /* (VER_PRODUCTBUILD >= 2195) */
4581 ZwTerminateProcess (
4582 IN HANDLE ProcessHandle OPTIONAL
,
4583 IN NTSTATUS ExitStatus
4590 /* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" */
4591 IN PUNICODE_STRING RegistryPath
4598 IN POBJECT_ATTRIBUTES KeyObjectAttributes
4604 ZwWaitForSingleObject (
4606 IN BOOLEAN Alertable
,
4607 IN PLARGE_INTEGER Timeout OPTIONAL
4613 ZwWaitForMultipleObjects (
4614 IN ULONG HandleCount
,
4616 IN WAIT_TYPE WaitType
,
4617 IN BOOLEAN Alertable
,
4618 IN PLARGE_INTEGER Timeout OPTIONAL
4634 #endif /* _NTIFS_ */
projects / reactos.git / blob